From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SCWha-0003S1-Vy for garchives@archives.gentoo.org; Tue, 27 Mar 2012 13:45:14 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1C801E0913; Tue, 27 Mar 2012 13:44:32 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 1FE26E0913 for ; Tue, 27 Mar 2012 13:44:29 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 38D6A1B4014 for ; Tue, 27 Mar 2012 13:44:27 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id CF8DAE5402 for ; Tue, 27 Mar 2012 13:44:25 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1332855840.f9485db814f9d879537995025ddb683fc02cea52.blueness@gentoo> Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.13/, 3.2.12/, 2.6.32/, 3.3.0/ X-VCS-Repository: proj/hardened-patchset X-VCS-Files: 2.6.32/0000_README 2.6.32/4420_grsecurity-2.9-2.6.32.59-201203221943.patch 2.6.32/4420_grsecurity-2.9-2.6.32.59-201203251921.patch 3.2.12/0000_README 3.2.12/4420_grsecurity-2.9-3.2.12-201203221944.patch 3.2.12/4430_grsec-remove-localversion-grsec.patch 3.2.12/4435_grsec-mute-warnings.patch 3.2.12/4440_grsec-remove-protected-paths.patch 3.2.12/4445_grsec-pax-without-grsec.patch 3.2.12/4450_grsec-kconfig-default-gids.patch 3.2.12/4455_grsec-kconfig-gentoo.patch 3.2.12/4460-grsec-kconfig-proc-user.patch 3.2.12/4465_selinux-avc_audit-log-curr_ip.patch 3.2.12/4470_disable-compat_vdso.patch 3.2.13/0000_README 3.2.13/1012_linux-3.2.13.patch 3.2.13/4420_grsecurity-2.9-3.2.13-201203251921.patch 3.2.13/4430_grsec-remove-localversion-grsec.patch 3.2.13/4435_grsec-mute-warnings.patch 3.2.13/4440_grsec-remove-protected-paths.patch 3.2.13/4445_grsec-pax-without-grsec.patch 3.2.13/4450_grsec-kconfig-default-gids.patch 3.2.13/4455_grsec-kconfig-gentoo.patch 3.2.13/4460-grsec-kco nfig-proc-user.patch 3.2.13/4465_selinux-avc_audit-log-curr_ip.patch 3.2.13/4470_disable-compat_vdso.patch 3.3.0/0000_README 3.3.0/4420_grsecurity-2.9-3.3.0-201203251922.patch 3.3.0/4430_grsec-remove-localversion-grsec.patch 3.3.0/4435_grsec-mute-warnings.patch 3.3.0/4440_grsec-remove-protected-paths.patch 3.3.0/4445_grsec-pax-without-grsec.patch 3.3.0/4450_grsec-kconfig-default-gids.patch 3.3.0/4455_grsec-kconfig-gentoo.patch 3.3.0/4460-grsec-kconfig-proc-user.patch 3.3.0/4465_selinux-avc_audit-log-curr_ip.patch 3.3.0/4470_disable-compat_vdso.patch X-VCS-Directories: 3.2.13/ 3.2.12/ 2.6.32/ 3.3.0/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: f9485db814f9d879537995025ddb683fc02cea52 X-VCS-Branch: master Date: Tue, 27 Mar 2012 13:44:25 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 45ab11c1-a908-45bb-ab4e-8b2934d31fa3 X-Archives-Hash: d94be101a3c71cb9862cbdb83f43da57 commit: f9485db814f9d879537995025ddb683fc02cea52 Author: Anthony G. Basile gentoo org> AuthorDate: Tue Mar 27 13:44:00 2012 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Tue Mar 27 13:44:00 2012 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-patc= hset.git;a=3Dcommit;h=3Df9485db8 Grsec/PaX: 2.9-{2.6.32.59,3.2.13,3.3.0}-201203251921 --- 2.6.32/0000_README | 2 +- ...20_grsecurity-2.9-2.6.32.59-201203251921.patch} | 256 +- {3.2.12 =3D> 3.2.13}/0000_README | 6 +- 3.2.13/1012_linux-3.2.13.patch | 433 + .../4420_grsecurity-2.9-3.2.13-201203251921.patch | 388 +- .../4430_grsec-remove-localversion-grsec.patch | 0 {3.2.12 =3D> 3.2.13}/4435_grsec-mute-warnings.patch | 0 .../4440_grsec-remove-protected-paths.patch | 0 .../4445_grsec-pax-without-grsec.patch | 0 .../4450_grsec-kconfig-default-gids.patch | 0 {3.2.12 =3D> 3.2.13}/4455_grsec-kconfig-gentoo.patch | 0 .../4460-grsec-kconfig-proc-user.patch | 0 .../4465_selinux-avc_audit-log-curr_ip.patch | 0 {3.2.12 =3D> 3.2.13}/4470_disable-compat_vdso.patch | 0 {3.2.12 =3D> 3.3.0}/0000_README | 2 +- .../4420_grsecurity-2.9-3.3.0-201203251922.patch |12422 ++++++--------= ------ .../4430_grsec-remove-localversion-grsec.patch | 0 {3.2.12 =3D> 3.3.0}/4435_grsec-mute-warnings.patch | 0 .../4440_grsec-remove-protected-paths.patch | 0 .../4445_grsec-pax-without-grsec.patch | 0 .../4450_grsec-kconfig-default-gids.patch | 0 {3.2.12 =3D> 3.3.0}/4455_grsec-kconfig-gentoo.patch | 0 .../4460-grsec-kconfig-proc-user.patch | 0 .../4465_selinux-avc_audit-log-curr_ip.patch | 0 {3.2.12 =3D> 3.3.0}/4470_disable-compat_vdso.patch | 2 +- 25 files changed, 4203 insertions(+), 9308 deletions(-) diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 9441d44..20e763f 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 =20 -Patch: 4420_grsecurity-2.9-2.6.32.59-201203221943.patch +Patch: 4420_grsecurity-2.9-2.6.32.59-201203251921.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity =20 diff --git a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203221943.patch b/2.= 6.32/4420_grsecurity-2.9-2.6.32.59-201203251921.patch similarity index 99% rename from 2.6.32/4420_grsecurity-2.9-2.6.32.59-201203221943.patch rename to 2.6.32/4420_grsecurity-2.9-2.6.32.59-201203251921.patch index 0302b86..efaa4c5 100644 --- a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203221943.patch +++ b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203251921.patch @@ -752,7 +752,7 @@ index b68faef..6dd1496 100644 select HAVE_KRETPROBES if (HAVE_KPROBES) select HAVE_FUNCTION_TRACER if (!XIP_KERNEL) diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic= .h -index d0daeab..ca7e10e 100644 +index d0daeab..99ab713 100644 --- a/arch/arm/include/asm/atomic.h +++ b/arch/arm/include/asm/atomic.h @@ -15,6 +15,10 @@ @@ -956,7 +956,35 @@ index d0daeab..ca7e10e 100644 static inline void atomic_clear_mask(unsigned long mask, unsigned long = *addr) { unsigned long tmp, tmp2; -@@ -207,6 +349,10 @@ static inline void atomic_clear_mask(unsigned long = mask, unsigned long *addr) +@@ -165,7 +307,9 @@ static inline int atomic_add_return(int i, atomic_t = *v) +=20 + return val; + } ++#define atomic_add_return_unchecked(i, v) atomic_add_return(i, v) + #define atomic_add(i, v) (void) atomic_add_return(i, v) ++#define atomic_add_unchecked(i, v) (void) atomic_add_return_unchecked(i= , v) +=20 + static inline int atomic_sub_return(int i, atomic_t *v) + { +@@ -179,7 +323,9 @@ static inline int atomic_sub_return(int i, atomic_t = *v) +=20 + return val; + } ++#define atomic_sub_return_unchecked(i, v) atomic_sub_return(i, v) + #define atomic_sub(i, v) (void) atomic_sub_return(i, v) ++#define atomic_sub_unchecked(i, v) (void) atomic_sub_return_unchecked(i= , v) +=20 + static inline int atomic_cmpxchg(atomic_t *v, int old, int new) + { +@@ -194,6 +340,7 @@ static inline int atomic_cmpxchg(atomic_t *v, int ol= d, int new) +=20 + return ret; + } ++#define atomic_cmpxchg_unchecked(v, o, n) atomic_cmpxchg(v, o, n) +=20 + static inline void atomic_clear_mask(unsigned long mask, unsigned long = *addr) + { +@@ -207,6 +354,10 @@ static inline void atomic_clear_mask(unsigned long = mask, unsigned long *addr) #endif /* __LINUX_ARM_ARCH__ */ =20 #define atomic_xchg(v, new) (xchg(&((v)->counter), new)) @@ -967,7 +995,7 @@ index d0daeab..ca7e10e 100644 =20 static inline int atomic_add_unless(atomic_t *v, int a, int u) { -@@ -220,11 +366,27 @@ static inline int atomic_add_unless(atomic_t *v, i= nt a, int u) +@@ -220,11 +371,27 @@ static inline int atomic_add_unless(atomic_t *v, i= nt a, int u) #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0) =20 #define atomic_inc(v) atomic_add(1, v) @@ -16127,10 +16155,23 @@ index 4c07cca..2c8427d 100644 ret ENDPROC(efi_call6) diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index c097e7d..c689cf4 100644 +index c097e7d..91be126 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S -@@ -185,13 +185,146 @@ +@@ -95,12 +95,6 @@ + #endif + .endm +=20 +-#ifdef CONFIG_VM86 +-#define resume_userspace_sig check_userspace +-#else +-#define resume_userspace_sig resume_userspace +-#endif +- + /* + * User gs save/restore + * +@@ -185,13 +179,146 @@ /*CFI_REL_OFFSET gs, PT_GS*/ .endm .macro SET_KERNEL_GS reg @@ -16278,7 +16319,7 @@ index c097e7d..c689cf4 100644 cld PUSH_GS pushl %fs -@@ -224,7 +357,7 @@ +@@ -224,7 +351,7 @@ pushl %ebx CFI_ADJUST_CFA_OFFSET 4 CFI_REL_OFFSET ebx, 0 @@ -16287,7 +16328,7 @@ index c097e7d..c689cf4 100644 movl %edx, %ds movl %edx, %es movl $(__KERNEL_PERCPU), %edx -@@ -232,6 +365,15 @@ +@@ -232,6 +359,15 @@ SET_KERNEL_GS %edx .endm =20 @@ -16303,7 +16344,7 @@ index c097e7d..c689cf4 100644 .macro RESTORE_INT_REGS popl %ebx CFI_ADJUST_CFA_OFFSET -4 -@@ -331,7 +473,7 @@ ENTRY(ret_from_fork) +@@ -331,7 +467,7 @@ ENTRY(ret_from_fork) CFI_ADJUST_CFA_OFFSET -4 jmp syscall_exit CFI_ENDPROC @@ -16312,9 +16353,24 @@ index c097e7d..c689cf4 100644 =20 /* * Return to user mode is not as complex as all this looks, -@@ -352,7 +494,15 @@ check_userspace: +@@ -347,12 +483,29 @@ ret_from_exception: + preempt_stop(CLBR_ANY) + ret_from_intr: + GET_THREAD_INFO(%ebp) +-check_userspace: ++resume_userspace_sig: ++#ifdef CONFIG_VM86 + movl PT_EFLAGS(%esp), %eax # mix EFLAGS and CS movb PT_CS(%esp), %al andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax ++#else ++ /* ++ * We can be coming here from a syscall done in the kernel space, ++ * e.g. a failed kernel_execve(). ++ */ ++ movl PT_CS(%esp), %eax ++ andl $SEGMENT_RPL_MASK, %eax ++#endif cmpl $USER_RPL, %eax + +#ifdef CONFIG_PAX_KERNEXEC @@ -16328,7 +16384,7 @@ index c097e7d..c689cf4 100644 =20 ENTRY(resume_userspace) LOCKDEP_SYS_EXIT -@@ -364,8 +514,8 @@ ENTRY(resume_userspace) +@@ -364,8 +517,8 @@ ENTRY(resume_userspace) andl $_TIF_WORK_MASK, %ecx # is there any work to be done on # int/exception return? jne work_pending @@ -16339,7 +16395,7 @@ index c097e7d..c689cf4 100644 =20 #ifdef CONFIG_PREEMPT ENTRY(resume_kernel) -@@ -380,7 +530,7 @@ need_resched: +@@ -380,7 +533,7 @@ need_resched: jz restore_all call preempt_schedule_irq jmp need_resched @@ -16348,7 +16404,7 @@ index c097e7d..c689cf4 100644 #endif CFI_ENDPROC =20 -@@ -414,25 +564,36 @@ sysenter_past_esp: +@@ -414,25 +567,36 @@ sysenter_past_esp: /*CFI_REL_OFFSET cs, 0*/ /* * Push current_thread_info()->sysenter_return to the stack. @@ -16388,7 +16444,7 @@ index c097e7d..c689cf4 100644 movl %ebp,PT_EBP(%esp) .section __ex_table,"a" .align 4 -@@ -455,12 +616,24 @@ sysenter_do_call: +@@ -455,12 +619,24 @@ sysenter_do_call: testl $_TIF_ALLWORK_MASK, %ecx jne sysexit_audit sysenter_exit: @@ -16413,7 +16469,7 @@ index c097e7d..c689cf4 100644 PTGS_TO_GS ENABLE_INTERRUPTS_SYSEXIT =20 -@@ -477,6 +650,9 @@ sysenter_audit: +@@ -477,6 +653,9 @@ sysenter_audit: movl %eax,%edx /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */ call audit_syscall_entry @@ -16423,7 +16479,7 @@ index c097e7d..c689cf4 100644 pushl %ebx CFI_ADJUST_CFA_OFFSET 4 movl PT_EAX(%esp),%eax /* reload syscall number */ -@@ -504,11 +680,17 @@ sysexit_audit: +@@ -504,11 +683,17 @@ sysexit_audit: =20 CFI_ENDPROC .pushsection .fixup,"ax" @@ -16443,7 +16499,7 @@ index c097e7d..c689cf4 100644 .popsection PTGS_TO_GS_EX ENDPROC(ia32_sysenter_target) -@@ -538,6 +720,15 @@ syscall_exit: +@@ -538,6 +723,15 @@ syscall_exit: testl $_TIF_ALLWORK_MASK, %ecx # current->work jne syscall_exit_work =20 @@ -16459,7 +16515,7 @@ index c097e7d..c689cf4 100644 restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -602,10 +793,29 @@ ldt_ss: +@@ -602,10 +796,29 @@ ldt_ss: mov PT_OLDESP(%esp), %eax /* load userspace esp */ mov %dx, %ax /* eax: new kernel esp */ sub %eax, %edx /* offset (low word is 0) */ @@ -16490,7 +16546,7 @@ index c097e7d..c689cf4 100644 pushl $__ESPFIX_SS CFI_ADJUST_CFA_OFFSET 4 push %eax /* new kernel esp */ -@@ -636,36 +846,30 @@ work_resched: +@@ -636,36 +849,30 @@ work_resched: movl TI_flags(%ebp), %ecx andl $_TIF_WORK_MASK, %ecx # is there any work to be done other # than syscall tracing? @@ -16532,7 +16588,7 @@ index c097e7d..c689cf4 100644 =20 # perform syscall exit tracing ALIGN -@@ -673,11 +877,14 @@ syscall_trace_entry: +@@ -673,11 +880,14 @@ syscall_trace_entry: movl $-ENOSYS,PT_EAX(%esp) movl %esp, %eax call syscall_trace_enter @@ -16548,7 +16604,7 @@ index c097e7d..c689cf4 100644 =20 # perform syscall exit tracing ALIGN -@@ -690,20 +897,24 @@ syscall_exit_work: +@@ -690,20 +900,24 @@ syscall_exit_work: movl %esp, %eax call syscall_trace_leave jmp resume_userspace @@ -16576,7 +16632,7 @@ index c097e7d..c689cf4 100644 CFI_ENDPROC =20 /* -@@ -726,6 +937,33 @@ PTREGSCALL(rt_sigreturn) +@@ -726,6 +940,33 @@ PTREGSCALL(rt_sigreturn) PTREGSCALL(vm86) PTREGSCALL(vm86old) =20 @@ -16610,7 +16666,7 @@ index c097e7d..c689cf4 100644 .macro FIXUP_ESPFIX_STACK /* * Switch back for ESPFIX stack to the normal zerobased stack -@@ -735,7 +973,13 @@ PTREGSCALL(vm86old) +@@ -735,7 +976,13 @@ PTREGSCALL(vm86old) * normal stack and adjusts ESP with the matching offset. */ /* fixup the stack */ @@ -16625,7 +16681,7 @@ index c097e7d..c689cf4 100644 mov GDT_ENTRY_ESPFIX_SS * 8 + 4(%ebx), %al /* bits 16..23 */ mov GDT_ENTRY_ESPFIX_SS * 8 + 7(%ebx), %ah /* bits 24..31 */ shl $16, %eax -@@ -793,7 +1037,7 @@ vector=3Dvector+1 +@@ -793,7 +1040,7 @@ vector=3Dvector+1 .endr 2: jmp common_interrupt .endr @@ -16634,7 +16690,7 @@ index c097e7d..c689cf4 100644 =20 .previous END(interrupt) -@@ -840,7 +1084,7 @@ ENTRY(coprocessor_error) +@@ -840,7 +1087,7 @@ ENTRY(coprocessor_error) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -16643,7 +16699,7 @@ index c097e7d..c689cf4 100644 =20 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -850,7 +1094,7 @@ ENTRY(simd_coprocessor_error) +@@ -850,7 +1097,7 @@ ENTRY(simd_coprocessor_error) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -16652,7 +16708,7 @@ index c097e7d..c689cf4 100644 =20 ENTRY(device_not_available) RING0_INT_FRAME -@@ -860,7 +1104,7 @@ ENTRY(device_not_available) +@@ -860,7 +1107,7 @@ ENTRY(device_not_available) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -16661,7 +16717,7 @@ index c097e7d..c689cf4 100644 =20 #ifdef CONFIG_PARAVIRT ENTRY(native_iret) -@@ -869,12 +1113,12 @@ ENTRY(native_iret) +@@ -869,12 +1116,12 @@ ENTRY(native_iret) .align 4 .long native_iret, iret_exc .previous @@ -16676,7 +16732,7 @@ index c097e7d..c689cf4 100644 #endif =20 ENTRY(overflow) -@@ -885,7 +1129,7 @@ ENTRY(overflow) +@@ -885,7 +1132,7 @@ ENTRY(overflow) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -16685,7 +16741,7 @@ index c097e7d..c689cf4 100644 =20 ENTRY(bounds) RING0_INT_FRAME -@@ -895,7 +1139,7 @@ ENTRY(bounds) +@@ -895,7 +1142,7 @@ ENTRY(bounds) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -16694,7 +16750,7 @@ index c097e7d..c689cf4 100644 =20 ENTRY(invalid_op) RING0_INT_FRAME -@@ -905,7 +1149,7 @@ ENTRY(invalid_op) +@@ -905,7 +1152,7 @@ ENTRY(invalid_op) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -16703,7 +16759,7 @@ index c097e7d..c689cf4 100644 =20 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -915,7 +1159,7 @@ ENTRY(coprocessor_segment_overrun) +@@ -915,7 +1162,7 @@ ENTRY(coprocessor_segment_overrun) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -16712,7 +16768,7 @@ index c097e7d..c689cf4 100644 =20 ENTRY(invalid_TSS) RING0_EC_FRAME -@@ -923,7 +1167,7 @@ ENTRY(invalid_TSS) +@@ -923,7 +1170,7 @@ ENTRY(invalid_TSS) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -16721,7 +16777,7 @@ index c097e7d..c689cf4 100644 =20 ENTRY(segment_not_present) RING0_EC_FRAME -@@ -931,7 +1175,7 @@ ENTRY(segment_not_present) +@@ -931,7 +1178,7 @@ ENTRY(segment_not_present) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -16730,7 +16786,7 @@ index c097e7d..c689cf4 100644 =20 ENTRY(stack_segment) RING0_EC_FRAME -@@ -939,7 +1183,7 @@ ENTRY(stack_segment) +@@ -939,7 +1186,7 @@ ENTRY(stack_segment) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -16739,7 +16795,7 @@ index c097e7d..c689cf4 100644 =20 ENTRY(alignment_check) RING0_EC_FRAME -@@ -947,7 +1191,7 @@ ENTRY(alignment_check) +@@ -947,7 +1194,7 @@ ENTRY(alignment_check) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -16748,7 +16804,7 @@ index c097e7d..c689cf4 100644 =20 ENTRY(divide_error) RING0_INT_FRAME -@@ -957,7 +1201,7 @@ ENTRY(divide_error) +@@ -957,7 +1204,7 @@ ENTRY(divide_error) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -16757,7 +16813,7 @@ index c097e7d..c689cf4 100644 =20 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -968,7 +1212,7 @@ ENTRY(machine_check) +@@ -968,7 +1215,7 @@ ENTRY(machine_check) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -16766,7 +16822,7 @@ index c097e7d..c689cf4 100644 #endif =20 ENTRY(spurious_interrupt_bug) -@@ -979,7 +1223,7 @@ ENTRY(spurious_interrupt_bug) +@@ -979,7 +1226,7 @@ ENTRY(spurious_interrupt_bug) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -16775,7 +16831,7 @@ index c097e7d..c689cf4 100644 =20 ENTRY(kernel_thread_helper) pushl $0 # fake return address for unwinder -@@ -1095,7 +1339,7 @@ ENDPROC(xen_failsafe_callback) +@@ -1095,7 +1342,7 @@ ENDPROC(xen_failsafe_callback) =20 ENTRY(mcount) ret @@ -16784,7 +16840,7 @@ index c097e7d..c689cf4 100644 =20 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1124,7 +1368,7 @@ ftrace_graph_call: +@@ -1124,7 +1371,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -16793,7 +16849,7 @@ index c097e7d..c689cf4 100644 =20 #else /* ! CONFIG_DYNAMIC_FTRACE */ =20 -@@ -1160,7 +1404,7 @@ trace: +@@ -1160,7 +1407,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -16802,7 +16858,7 @@ index c097e7d..c689cf4 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ =20 -@@ -1181,7 +1425,7 @@ ENTRY(ftrace_graph_caller) +@@ -1181,7 +1428,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -16811,7 +16867,7 @@ index c097e7d..c689cf4 100644 =20 .globl return_to_handler return_to_handler: -@@ -1198,7 +1442,6 @@ return_to_handler: +@@ -1198,7 +1445,6 @@ return_to_handler: ret #endif =20 @@ -16819,7 +16875,7 @@ index c097e7d..c689cf4 100644 #include "syscall_table_32.S" =20 syscall_table_size=3D(.-sys_call_table) -@@ -1255,15 +1498,18 @@ error_code: +@@ -1255,15 +1501,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -16840,7 +16896,7 @@ index c097e7d..c689cf4 100644 =20 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1309,7 +1555,7 @@ debug_stack_correct: +@@ -1309,7 +1558,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -16849,7 +16905,7 @@ index c097e7d..c689cf4 100644 =20 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1351,6 +1597,9 @@ nmi_stack_correct: +@@ -1351,6 +1600,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -16859,7 +16915,7 @@ index c097e7d..c689cf4 100644 jmp restore_all_notrace CFI_ENDPROC =20 -@@ -1391,12 +1640,15 @@ nmi_espfix_stack: +@@ -1391,12 +1643,15 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax =3D=3D %esp xorl %edx,%edx # zero error code call do_nmi @@ -16876,7 +16932,7 @@ index c097e7d..c689cf4 100644 =20 ENTRY(int3) RING0_INT_FRAME -@@ -1409,7 +1661,7 @@ ENTRY(int3) +@@ -1409,7 +1664,7 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -16885,7 +16941,7 @@ index c097e7d..c689cf4 100644 =20 ENTRY(general_protection) RING0_EC_FRAME -@@ -1417,7 +1669,7 @@ ENTRY(general_protection) +@@ -1417,7 +1672,7 @@ ENTRY(general_protection) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -34566,7 +34622,7 @@ index e2f70a5..c703e86 100644 /* kernel_context_switch isn't used by any of the x86 drm * modules but is required by the Sparc driver. diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810= _dma.c -index 7d1d88c..b9131b2 100644 +index 7d1d88cd..b9131b2 100644 --- a/drivers/gpu/drm/i810/i810_dma.c +++ b/drivers/gpu/drm/i810/i810_dma.c @@ -952,8 +952,8 @@ static int i810_dma_vertex(struct drm_device *dev, v= oid *data, @@ -53337,6 +53393,19 @@ index c1b3f09..97cd8c4 100644 } } else { if (netif_msg_link(lp)) +diff --git a/drivers/net/pppol2tp.c b/drivers/net/pppol2tp.c +index 9235901..d31e726 100644 +--- a/drivers/net/pppol2tp.c ++++ b/drivers/net/pppol2tp.c +@@ -1174,7 +1174,7 @@ static int pppol2tp_xmit(struct ppp_channel *chan,= struct sk_buff *skb) +=20 + /* Get routing info from the tunnel socket */ + skb_dst_drop(skb); +- skb_dst_set(skb, dst_clone(__sk_dst_get(sk_tun))); ++ skb_dst_set(skb, dst_clone(__sk_dst_check(sk_tun, 0))); + pppol2tp_skb_set_owner_w(skb, sk_tun); +=20 + /* Calculate UDP checksum if configured to do so */ diff --git a/drivers/net/sis190.c b/drivers/net/sis190.c index 7cc9898..6eb50d3 100644 --- a/drivers/net/sis190.c @@ -64903,7 +64972,7 @@ index 0133b5a..3710d09 100644 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index a64fde6..b6699eb 100644 +index a64fde6..4d6ea81 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -31,6 +31,7 @@ @@ -65546,19 +65615,7 @@ index a64fde6..b6699eb 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval =3D -EINVAL; -@@ -866,6 +1328,11 @@ static int load_elf_binary(struct linux_binprm *bp= rm, struct pt_regs *regs) - start_data +=3D load_bias; - end_data +=3D load_bias; -=20 -+#ifdef CONFIG_PAX_RANDMMAP -+ if (current->mm->pax_flags & MF_PAX_RANDMMAP) -+ elf_brk +=3D PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL= )) << 4); -+#endif -+ - /* Calling set_brk effectively mmaps the pages that we need - * for the bss and break sections. We must do this before - * mapping in the interpreter, to make sure it doesn't wind -@@ -877,9 +1344,11 @@ static int load_elf_binary(struct linux_binprm *bp= rm, struct pt_regs *regs) +@@ -877,11 +1339,35 @@ static int load_elf_binary(struct linux_binprm *b= prm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss !=3D elf_brk) && unlikely(padzero(elf_bss))) { @@ -65572,8 +65629,32 @@ index a64fde6..b6699eb 100644 + */ } =20 ++#ifdef CONFIG_PAX_RANDMMAP ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) { ++ unsigned long start, size; ++ ++ start =3D ELF_PAGEALIGN(elf_brk); ++ size =3D PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) <= < 4); ++ down_write(¤t->mm->mmap_sem); ++ retval =3D -ENOMEM; ++ if (!find_vma_intersection(current->mm, start, start + size + PAGE_SI= ZE)) { ++ start =3D do_mmap(NULL, start, size, PROT_NONE, MAP_ANONYMOUS | MAP_= FIXED | MAP_PRIVATE, 0); ++ retval =3D IS_ERR_VALUE(start) ? start : 0; ++ } ++ up_write(¤t->mm->mmap_sem); ++ if (retval =3D=3D 0) ++ retval =3D set_brk(start + size, start + size + PAGE_SIZE); ++ if (retval < 0) { ++ send_sig(SIGKILL, current, 0); ++ goto out_free_dentry; ++ } ++ } ++#endif ++ if (elf_interpreter) { -@@ -1112,8 +1581,10 @@ static int dump_seek(struct file *file, loff_t of= f) + unsigned long uninitialized_var(interp_map_addr); +=20 +@@ -1112,8 +1598,10 @@ static int dump_seek(struct file *file, loff_t of= f) unsigned long n =3D off; if (n > PAGE_SIZE) n =3D PAGE_SIZE; @@ -65585,7 +65666,7 @@ index a64fde6..b6699eb 100644 off -=3D n; } free_page((unsigned long)buf); -@@ -1125,7 +1596,7 @@ static int dump_seek(struct file *file, loff_t off= ) +@@ -1125,7 +1613,7 @@ static int dump_seek(struct file *file, loff_t off= ) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -65594,7 +65675,7 @@ index a64fde6..b6699eb 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) =20 -@@ -1159,7 +1630,7 @@ static unsigned long vma_dump_size(struct vm_area_= struct *vma, +@@ -1159,7 +1647,7 @@ static unsigned long vma_dump_size(struct vm_area_= struct *vma, if (vma->vm_file =3D=3D NULL) return 0; =20 @@ -65603,7 +65684,7 @@ index a64fde6..b6699eb 100644 goto whole; =20 /* -@@ -1255,8 +1726,11 @@ static int writenote(struct memelfnote *men, stru= ct file *file, +@@ -1255,8 +1743,11 @@ static int writenote(struct memelfnote *men, stru= ct file *file, #undef DUMP_WRITE =20 #define DUMP_WRITE(addr, nr) \ @@ -65616,7 +65697,7 @@ index a64fde6..b6699eb 100644 =20 static void fill_elf_header(struct elfhdr *elf, int segs, u16 machine, u32 flags, u8 osabi) -@@ -1385,9 +1859,9 @@ static void fill_auxv_note(struct memelfnote *note= , struct mm_struct *mm) +@@ -1385,9 +1876,9 @@ static void fill_auxv_note(struct memelfnote *note= , struct mm_struct *mm) { elf_addr_t *auxv =3D (elf_addr_t *) mm->saved_auxv; int i =3D 0; @@ -65628,7 +65709,7 @@ index a64fde6..b6699eb 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } =20 -@@ -1973,7 +2447,7 @@ static int elf_core_dump(long signr, struct pt_reg= s *regs, struct file *file, un +@@ -1973,7 +2464,7 @@ static int elf_core_dump(long signr, struct pt_reg= s *regs, struct file *file, un phdr.p_offset =3D offset; phdr.p_vaddr =3D vma->vm_start; phdr.p_paddr =3D 0; @@ -65637,7 +65718,7 @@ index a64fde6..b6699eb 100644 phdr.p_memsz =3D vma->vm_end - vma->vm_start; offset +=3D phdr.p_filesz; phdr.p_flags =3D vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2006,7 +2480,7 @@ static int elf_core_dump(long signr, struct pt_reg= s *regs, struct file *file, un +@@ -2006,7 +2497,7 @@ static int elf_core_dump(long signr, struct pt_reg= s *regs, struct file *file, un unsigned long addr; unsigned long end; =20 @@ -65646,7 +65727,7 @@ index a64fde6..b6699eb 100644 =20 for (addr =3D vma->vm_start; addr < end; addr +=3D PAGE_SIZE) { struct page *page; -@@ -2015,6 +2489,7 @@ static int elf_core_dump(long signr, struct pt_reg= s *regs, struct file *file, un +@@ -2015,6 +2506,7 @@ static int elf_core_dump(long signr, struct pt_reg= s *regs, struct file *file, un page =3D get_dump_page(addr); if (page) { void *kaddr =3D kmap(page); @@ -65654,7 +65735,7 @@ index a64fde6..b6699eb 100644 stop =3D ((size +=3D PAGE_SIZE) > limit) || !dump_write(file, kaddr, PAGE_SIZE); kunmap(page); -@@ -2042,6 +2517,97 @@ out: +@@ -2042,6 +2534,97 @@ out: =20 #endif /* USE_ELF_CORE_DUMP */ =20 @@ -65789,7 +65870,7 @@ index ca88c46..f155a60 100644 goto err; } diff --git a/fs/bio.c b/fs/bio.c -index e696713..83de133 100644 +index e696713..4b5969d 100644 --- a/fs/bio.c +++ b/fs/bio.c @@ -78,7 +78,7 @@ static struct kmem_cache *bio_find_or_create_slab(unsi= gned int extra_size) @@ -65801,6 +65882,15 @@ index e696713..83de133 100644 =20 if (!bslab->slab && entry =3D=3D -1) entry =3D i; +@@ -841,7 +841,7 @@ struct bio *bio_copy_user_iov(struct request_queue *= q, + /* + * Overflow, abort + */ +- if (end < start) ++ if (end < start || end - start > INT_MAX - nr_pages) + return ERR_PTR(-EINVAL); +=20 + nr_pages +=3D end - start; @@ -1236,7 +1236,7 @@ static void bio_copy_kern_endio(struct bio *bio, i= nt err) const int read =3D bio_data_dir(bio) =3D=3D READ; struct bio_map_data *bmd =3D bio->bi_private; @@ -66903,7 +66993,7 @@ index 8e48b52..f01ed91 100644 ino =3D next->s_dentry->d_inode->i_ino; else diff --git a/fs/dcache.c b/fs/dcache.c -index 44c0aea..2529092 100644 +index 44c0aea..a663f95 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -45,8 +45,6 @@ EXPORT_SYMBOL(dcache_lock); @@ -66915,6 +67005,22 @@ index 44c0aea..2529092 100644 /* * This is the single most critical data structure when it comes * to the dcache: the hashtable for lookups. Somebody should try +@@ -1108,11 +1106,11 @@ struct dentry * d_alloc_root(struct inode * root= _inode) + return res; + } +=20 +-static inline struct hlist_head *d_hash(struct dentry *parent, +- unsigned long hash) ++static inline struct hlist_head *d_hash(const struct dentry *parent, ++ unsigned int hash) + { +- hash +=3D ((unsigned long) parent ^ GOLDEN_RATIO_PRIME) / L1_CACHE_BYT= ES; +- hash =3D hash ^ ((hash ^ GOLDEN_RATIO_PRIME) >> D_HASHBITS); ++ hash +=3D (unsigned long) parent / L1_CACHE_BYTES; ++ hash =3D hash + (hash >> D_HASHBITS); + return dentry_hashtable + (hash & D_HASHMASK); + } +=20 @@ -2319,7 +2317,7 @@ void __init vfs_caches_init(unsigned long mempages= ) mempages -=3D reserve; =20 diff --git a/3.2.12/0000_README b/3.2.13/0000_README similarity index 93% copy from 3.2.12/0000_README copy to 3.2.13/0000_README index ff7242f..cdd48b2 100644 --- a/3.2.12/0000_README +++ b/3.2.13/0000_README @@ -2,7 +2,11 @@ README ------------------------------------------------------------------------= ----- Individual Patch Descriptions: ------------------------------------------------------------------------= ----- -Patch: 4420_grsecurity-2.9-3.2.12-201203221944.patch +Patch: 1012_linux-3.2.13.patch +From: http://www.kernel.org +Desc: Linux 3.2.13 + +Patch: 4420_grsecurity-2.9-3.2.13-201203251921.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity =20 diff --git a/3.2.13/1012_linux-3.2.13.patch b/3.2.13/1012_linux-3.2.13.pa= tch new file mode 100644 index 0000000..98feeb7 --- /dev/null +++ b/3.2.13/1012_linux-3.2.13.patch @@ -0,0 +1,433 @@ +diff --git a/arch/powerpc/platforms/powermac/smp.c b/arch/powerpc/platfo= rms/powermac/smp.c +index 9b6a820..3394254 100644 +--- a/arch/powerpc/platforms/powermac/smp.c ++++ b/arch/powerpc/platforms/powermac/smp.c +@@ -414,7 +414,7 @@ static struct irqaction psurge_irqaction =3D { +=20 + static void __init smp_psurge_setup_cpu(int cpu_nr) + { +- if (cpu_nr !=3D 0) ++ if (cpu_nr !=3D 0 || !psurge_start) + return; +=20 + /* reset the entry point so if we get another intr we won't +diff --git a/drivers/net/wireless/iwlegacy/iwl-3945.c b/drivers/net/wire= less/iwlegacy/iwl-3945.c +index f7c0a74..7d1aa7c 100644 +--- a/drivers/net/wireless/iwlegacy/iwl-3945.c ++++ b/drivers/net/wireless/iwlegacy/iwl-3945.c +@@ -1870,11 +1870,12 @@ static void iwl3945_bg_reg_txpower_periodic(stru= ct work_struct *work) + struct iwl_priv *priv =3D container_of(work, struct iwl_priv, + _3945.thermal_periodic.work); +=20 +- if (test_bit(STATUS_EXIT_PENDING, &priv->status)) +- return; +- + mutex_lock(&priv->mutex); ++ if (test_bit(STATUS_EXIT_PENDING, &priv->status) || priv->txq =3D=3D N= ULL) ++ goto out; ++ + iwl3945_reg_txpower_periodic(priv); ++out: + mutex_unlock(&priv->mutex); + } +=20 +diff --git a/drivers/net/wireless/iwlegacy/iwl3945-base.c b/drivers/net/= wireless/iwlegacy/iwl3945-base.c +index 05f2ad1..b3d9f3f 100644 +--- a/drivers/net/wireless/iwlegacy/iwl3945-base.c ++++ b/drivers/net/wireless/iwlegacy/iwl3945-base.c +@@ -2513,7 +2513,7 @@ static void iwl3945_bg_alive_start(struct work_str= uct *data) + container_of(data, struct iwl_priv, alive_start.work); +=20 + mutex_lock(&priv->mutex); +- if (test_bit(STATUS_EXIT_PENDING, &priv->status)) ++ if (test_bit(STATUS_EXIT_PENDING, &priv->status) || priv->txq =3D=3D N= ULL) + goto out; +=20 + iwl3945_alive_start(priv); +diff --git a/fs/afs/internal.h b/fs/afs/internal.h +index d2b0888..a306bb6 100644 +--- a/fs/afs/internal.h ++++ b/fs/afs/internal.h +@@ -109,7 +109,7 @@ struct afs_call { + unsigned reply_size; /* current size of reply */ + unsigned first_offset; /* offset into mapping[first] */ + unsigned last_to; /* amount of mapping[last] */ +- unsigned short offset; /* offset into received data store */ ++ unsigned offset; /* offset into received data store */ + unsigned char unmarshall; /* unmarshalling phase */ + bool incoming; /* T if incoming call */ + bool send_pages; /* T if data from mapping should be sent */ +diff --git a/fs/afs/rxrpc.c b/fs/afs/rxrpc.c +index e45a323..8ad8c2a 100644 +--- a/fs/afs/rxrpc.c ++++ b/fs/afs/rxrpc.c +@@ -314,6 +314,7 @@ int afs_make_call(struct in_addr *addr, struct afs_c= all *call, gfp_t gfp, + struct msghdr msg; + struct kvec iov[1]; + int ret; ++ struct sk_buff *skb; +=20 + _enter("%x,{%d},", addr->s_addr, ntohs(call->port)); +=20 +@@ -380,6 +381,8 @@ int afs_make_call(struct in_addr *addr, struct afs_c= all *call, gfp_t gfp, +=20 + error_do_abort: + rxrpc_kernel_abort_call(rxcall, RX_USER_ABORT); ++ while ((skb =3D skb_dequeue(&call->rx_queue))) ++ afs_free_skb(skb); + rxrpc_kernel_end_call(rxcall); + call->rxcall =3D NULL; + error_kill_call: +diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c +index d327140..35a8970 100644 +--- a/fs/nilfs2/the_nilfs.c ++++ b/fs/nilfs2/the_nilfs.c +@@ -515,6 +515,7 @@ static int nilfs_load_super_block(struct the_nilfs *= nilfs, + brelse(sbh[1]); + sbh[1] =3D NULL; + sbp[1] =3D NULL; ++ valid[1] =3D 0; + swp =3D 0; + } + if (!valid[swp]) { +diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c +index 90f6544..769c0e9 100644 +--- a/net/ipv4/syncookies.c ++++ b/net/ipv4/syncookies.c +@@ -278,6 +278,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct= sk_buff *skb, + struct rtable *rt; + __u8 rcv_wscale; + bool ecn_ok =3D false; ++ struct flowi4 fl4; +=20 + if (!sysctl_tcp_syncookies || !th->ack || th->rst) + goto out; +@@ -346,20 +347,16 @@ struct sock *cookie_v4_check(struct sock *sk, stru= ct sk_buff *skb, + * hasn't changed since we received the original syn, but I see + * no easy way to do this. + */ +- { +- struct flowi4 fl4; +- +- flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), +- RT_SCOPE_UNIVERSE, IPPROTO_TCP, +- inet_sk_flowi_flags(sk), +- (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, +- ireq->loc_addr, th->source, th->dest); +- security_req_classify_flow(req, flowi4_to_flowi(&fl4)); +- rt =3D ip_route_output_key(sock_net(sk), &fl4); +- if (IS_ERR(rt)) { +- reqsk_free(req); +- goto out; +- } ++ flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), ++ RT_SCOPE_UNIVERSE, IPPROTO_TCP, ++ inet_sk_flowi_flags(sk), ++ (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, ++ ireq->loc_addr, th->source, th->dest); ++ security_req_classify_flow(req, flowi4_to_flowi(&fl4)); ++ rt =3D ip_route_output_key(sock_net(sk), &fl4); ++ if (IS_ERR(rt)) { ++ reqsk_free(req); ++ goto out; + } +=20 + /* Try to redo what tcp_v4_send_synack did. */ +@@ -373,5 +370,10 @@ struct sock *cookie_v4_check(struct sock *sk, struc= t sk_buff *skb, + ireq->rcv_wscale =3D rcv_wscale; +=20 + ret =3D get_cookie_sock(sk, skb, req, &rt->dst); ++ /* ip_queue_xmit() depends on our flow being setup ++ * Normal sockets get it right from inet_csk_route_child_sock() ++ */ ++ if (ret) ++ inet_sk(ret)->cork.fl.u.ip4 =3D fl4; + out: return ret; + } +diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c +index eb90aa8..de69cec 100644 +--- a/net/ipv4/tcp_ipv4.c ++++ b/net/ipv4/tcp_ipv4.c +@@ -1465,9 +1465,13 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk= , struct sk_buff *skb, + inet_csk(newsk)->icsk_ext_hdr_len =3D inet_opt->opt.optlen; + newinet->inet_id =3D newtp->write_seq ^ jiffies; +=20 +- if (!dst && (dst =3D inet_csk_route_child_sock(sk, newsk, req)) =3D=3D= NULL) +- goto put_and_exit; +- ++ if (!dst) { ++ dst =3D inet_csk_route_child_sock(sk, newsk, req); ++ if (!dst) ++ goto put_and_exit; ++ } else { ++ /* syncookie case : see end of cookie_v4_check() */ ++ } + sk_setup_caps(newsk, dst); +=20 + tcp_mtup_init(newsk); +diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c +index ee7839f..2257366 100644 +--- a/net/ipv6/mcast.c ++++ b/net/ipv6/mcast.c +@@ -257,7 +257,6 @@ static struct inet6_dev *ip6_mc_find_dev_rcu(struct = net *net, +=20 + if (rt) { + dev =3D rt->rt6i_dev; +- dev_hold(dev); + dst_release(&rt->dst); + } + } else +diff --git a/tools/perf/arch/powerpc/util/header.c b/tools/perf/arch/pow= erpc/util/header.c +index eba80c2..2f7073d 100644 +--- a/tools/perf/arch/powerpc/util/header.c ++++ b/tools/perf/arch/powerpc/util/header.c +@@ -25,7 +25,7 @@ get_cpuid(char *buffer, size_t sz) +=20 + pvr =3D mfspr(SPRN_PVR); +=20 +- nb =3D snprintf(buffer, sz, "%lu,%lu$", PVR_VER(pvr), PVR_REV(pvr)); ++ nb =3D scnprintf(buffer, sz, "%lu,%lu$", PVR_VER(pvr), PVR_REV(pvr)); +=20 + /* look for end marker to ensure the entire data fit */ + if (strchr(buffer, '$')) { +diff --git a/tools/perf/arch/x86/util/header.c b/tools/perf/arch/x86/uti= l/header.c +index f940060..146d12a 100644 +--- a/tools/perf/arch/x86/util/header.c ++++ b/tools/perf/arch/x86/util/header.c +@@ -48,7 +48,7 @@ get_cpuid(char *buffer, size_t sz) + if (family >=3D 0x6) + model +=3D ((a >> 16) & 0xf) << 4; + } +- nb =3D snprintf(buffer, sz, "%s,%u,%u,%u$", vendor, family, model, ste= p); ++ nb =3D scnprintf(buffer, sz, "%s,%u,%u,%u$", vendor, family, model, st= ep); +=20 + /* look for end marker to ensure the entire data fit */ + if (strchr(buffer, '$')) { +diff --git a/tools/perf/util/color.c b/tools/perf/util/color.c +index 521c38a..11e46da1 100644 +--- a/tools/perf/util/color.c ++++ b/tools/perf/util/color.c +@@ -1,3 +1,4 @@ ++#include + #include "cache.h" + #include "color.h" +=20 +@@ -182,12 +183,12 @@ static int __color_vsnprintf(char *bf, size_t size= , const char *color, + } +=20 + if (perf_use_color_default && *color) +- r +=3D snprintf(bf, size, "%s", color); +- r +=3D vsnprintf(bf + r, size - r, fmt, args); ++ r +=3D scnprintf(bf, size, "%s", color); ++ r +=3D vscnprintf(bf + r, size - r, fmt, args); + if (perf_use_color_default && *color) +- r +=3D snprintf(bf + r, size - r, "%s", PERF_COLOR_RESET); ++ r +=3D scnprintf(bf + r, size - r, "%s", PERF_COLOR_RESET); + if (trail) +- r +=3D snprintf(bf + r, size - r, "%s", trail); ++ r +=3D scnprintf(bf + r, size - r, "%s", trail); + return r; + } +=20 +diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c +index 33c17a2..2cd88c1 100644 +--- a/tools/perf/util/header.c ++++ b/tools/perf/util/header.c +@@ -1227,7 +1227,7 @@ int build_id_cache__add_s(const char *sbuild_id, c= onst char *debugdir, + if (realname =3D=3D NULL || filename =3D=3D NULL || linkname =3D=3D NU= LL) + goto out_free; +=20 +- len =3D snprintf(filename, size, "%s%s%s", ++ len =3D scnprintf(filename, size, "%s%s%s", + debugdir, is_kallsyms ? "/" : "", realname); + if (mkdir_p(filename, 0755)) + goto out_free; +@@ -1242,7 +1242,7 @@ int build_id_cache__add_s(const char *sbuild_id, c= onst char *debugdir, + goto out_free; + } +=20 +- len =3D snprintf(linkname, size, "%s/.build-id/%.2s", ++ len =3D scnprintf(linkname, size, "%s/.build-id/%.2s", + debugdir, sbuild_id); +=20 + if (access(linkname, X_OK) && mkdir_p(linkname, 0755)) +diff --git a/tools/perf/util/hist.c b/tools/perf/util/hist.c +index abef270..216e33a 100644 +--- a/tools/perf/util/hist.c ++++ b/tools/perf/util/hist.c +@@ -767,7 +767,7 @@ static int hist_entry__pcnt_snprintf(struct hist_ent= ry *self, char *s, + sep ? "%.2f" : " %6.2f%%", + (period * 100.0) / total); + else +- ret =3D snprintf(s, size, sep ? "%.2f" : " %6.2f%%", ++ ret =3D scnprintf(s, size, sep ? "%.2f" : " %6.2f%%", + (period * 100.0) / total); + if (symbol_conf.show_cpu_utilization) { + ret +=3D percent_color_snprintf(s + ret, size - ret, +@@ -790,20 +790,20 @@ static int hist_entry__pcnt_snprintf(struct hist_e= ntry *self, char *s, + } + } + } else +- ret =3D snprintf(s, size, sep ? "%" PRIu64 : "%12" PRIu64 " ", period= ); ++ ret =3D scnprintf(s, size, sep ? "%" PRIu64 : "%12" PRIu64 " ", perio= d); +=20 + if (symbol_conf.show_nr_samples) { + if (sep) +- ret +=3D snprintf(s + ret, size - ret, "%c%" PRIu64, *sep, nr_events= ); ++ ret +=3D scnprintf(s + ret, size - ret, "%c%" PRIu64, *sep, nr_event= s); + else +- ret +=3D snprintf(s + ret, size - ret, "%11" PRIu64, nr_events); ++ ret +=3D scnprintf(s + ret, size - ret, "%11" PRIu64, nr_events); + } +=20 + if (symbol_conf.show_total_period) { + if (sep) +- ret +=3D snprintf(s + ret, size - ret, "%c%" PRIu64, *sep, period); ++ ret +=3D scnprintf(s + ret, size - ret, "%c%" PRIu64, *sep, period); + else +- ret +=3D snprintf(s + ret, size - ret, " %12" PRIu64, period); ++ ret +=3D scnprintf(s + ret, size - ret, " %12" PRIu64, period); + } +=20 + if (pair_hists) { +@@ -818,25 +818,25 @@ static int hist_entry__pcnt_snprintf(struct hist_e= ntry *self, char *s, + diff =3D new_percent - old_percent; +=20 + if (fabs(diff) >=3D 0.01) +- snprintf(bf, sizeof(bf), "%+4.2F%%", diff); ++ ret +=3D scnprintf(bf, sizeof(bf), "%+4.2F%%", diff); + else +- snprintf(bf, sizeof(bf), " "); ++ ret +=3D scnprintf(bf, sizeof(bf), " "); +=20 + if (sep) +- ret +=3D snprintf(s + ret, size - ret, "%c%s", *sep, bf); ++ ret +=3D scnprintf(s + ret, size - ret, "%c%s", *sep, bf); + else +- ret +=3D snprintf(s + ret, size - ret, "%11.11s", bf); ++ ret +=3D scnprintf(s + ret, size - ret, "%11.11s", bf); +=20 + if (show_displacement) { + if (displacement) +- snprintf(bf, sizeof(bf), "%+4ld", displacement); ++ ret +=3D scnprintf(bf, sizeof(bf), "%+4ld", displacement); + else +- snprintf(bf, sizeof(bf), " "); ++ ret +=3D scnprintf(bf, sizeof(bf), " "); +=20 + if (sep) +- ret +=3D snprintf(s + ret, size - ret, "%c%s", *sep, bf); ++ ret +=3D scnprintf(s + ret, size - ret, "%c%s", *sep, bf); + else +- ret +=3D snprintf(s + ret, size - ret, "%6.6s", bf); ++ ret +=3D scnprintf(s + ret, size - ret, "%6.6s", bf); + } + } +=20 +@@ -854,7 +854,7 @@ int hist_entry__snprintf(struct hist_entry *he, char= *s, size_t size, + if (se->elide) + continue; +=20 +- ret +=3D snprintf(s + ret, size - ret, "%s", sep ?: " "); ++ ret +=3D scnprintf(s + ret, size - ret, "%s", sep ?: " "); + ret +=3D se->se_snprintf(he, s + ret, size - ret, + hists__col_len(hists, se->se_width_idx)); + } +diff --git a/tools/perf/util/sort.c b/tools/perf/util/sort.c +index 16da30d..076c9d4 100644 +--- a/tools/perf/util/sort.c ++++ b/tools/perf/util/sort.c +@@ -33,6 +33,9 @@ static int repsep_snprintf(char *bf, size_t size, cons= t char *fmt, ...) + } + } + va_end(ap); ++ ++ if (n >=3D (int)size) ++ return size - 1; + return n; + } +=20 +diff --git a/tools/perf/util/strbuf.c b/tools/perf/util/strbuf.c +index 92e0685..2eeb51b 100644 +--- a/tools/perf/util/strbuf.c ++++ b/tools/perf/util/strbuf.c +@@ -1,4 +1,5 @@ + #include "cache.h" ++#include +=20 + int prefixcmp(const char *str, const char *prefix) + { +@@ -89,14 +90,14 @@ void strbuf_addf(struct strbuf *sb, const char *fmt,= ...) + if (!strbuf_avail(sb)) + strbuf_grow(sb, 64); + va_start(ap, fmt); +- len =3D vsnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap); ++ len =3D vscnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap); + va_end(ap); + if (len < 0) +- die("your vsnprintf is broken"); ++ die("your vscnprintf is broken"); + if (len > strbuf_avail(sb)) { + strbuf_grow(sb, len); + va_start(ap, fmt); +- len =3D vsnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap); ++ len =3D vscnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap); + va_end(ap); + if (len > strbuf_avail(sb)) { + die("this should not happen, your snprintf is broken"); +diff --git a/tools/perf/util/ui/browsers/hists.c b/tools/perf/util/ui/br= owsers/hists.c +index d0c94b4..81c9fa5 100644 +--- a/tools/perf/util/ui/browsers/hists.c ++++ b/tools/perf/util/ui/browsers/hists.c +@@ -839,15 +839,15 @@ static int hists__browser_title(struct hists *self= , char *bf, size_t size, + unsigned long nr_events =3D self->stats.nr_events[PERF_RECORD_SAMPLE]; +=20 + nr_events =3D convert_unit(nr_events, &unit); +- printed =3D snprintf(bf, size, "Events: %lu%c %s", nr_events, unit, ev= _name); ++ printed =3D scnprintf(bf, size, "Events: %lu%c %s", nr_events, unit, e= v_name); +=20 + if (thread) +- printed +=3D snprintf(bf + printed, size - printed, ++ printed +=3D scnprintf(bf + printed, size - printed, + ", Thread: %s(%d)", + (thread->comm_set ? thread->comm : ""), + thread->pid); + if (dso) +- printed +=3D snprintf(bf + printed, size - printed, ++ printed +=3D scnprintf(bf + printed, size - printed, + ", DSO: %s", dso->short_name); + return printed; + } +@@ -1097,7 +1097,7 @@ static void perf_evsel_menu__write(struct ui_brows= er *browser, + HE_COLORSET_NORMAL); +=20 + nr_events =3D convert_unit(nr_events, &unit); +- printed =3D snprintf(bf, sizeof(bf), "%lu%c%s%s", nr_events, ++ printed =3D scnprintf(bf, sizeof(bf), "%lu%c%s%s", nr_events, + unit, unit =3D=3D ' ' ? "" : " ", ev_name); + slsmg_printf("%s", bf); +=20 +@@ -1107,8 +1107,8 @@ static void perf_evsel_menu__write(struct ui_brows= er *browser, + if (!current_entry) + ui_browser__set_color(browser, HE_COLORSET_TOP); + nr_events =3D convert_unit(nr_events, &unit); +- snprintf(bf, sizeof(bf), ": %ld%c%schunks LOST!", nr_events, +- unit, unit =3D=3D ' ' ? "" : " "); ++ printed +=3D scnprintf(bf, sizeof(bf), ": %ld%c%schunks LOST!", ++ nr_events, unit, unit =3D=3D ' ' ? "" : " "); + warn =3D bf; + } +=20 +diff --git a/tools/perf/util/ui/helpline.c b/tools/perf/util/ui/helpline= .c +index 6ef3c56..f50f81c 100644 +--- a/tools/perf/util/ui/helpline.c ++++ b/tools/perf/util/ui/helpline.c +@@ -65,7 +65,7 @@ int ui_helpline__show_help(const char *format, va_list= ap) + static int backlog; +=20 + pthread_mutex_lock(&ui__lock); +- ret =3D vsnprintf(ui_helpline__last_msg + backlog, ++ ret =3D vscnprintf(ui_helpline__last_msg + backlog, + sizeof(ui_helpline__last_msg) - backlog, format, ap); + backlog +=3D ret; +=20 diff --git a/3.2.12/4420_grsecurity-2.9-3.2.12-201203221944.patch b/3.2.1= 3/4420_grsecurity-2.9-3.2.13-201203251921.patch similarity index 99% copy from 3.2.12/4420_grsecurity-2.9-3.2.12-201203221944.patch copy to 3.2.13/4420_grsecurity-2.9-3.2.13-201203251921.patch index 94d7e91..373d86b 100644 --- a/3.2.12/4420_grsecurity-2.9-3.2.12-201203221944.patch +++ b/3.2.13/4420_grsecurity-2.9-3.2.13-201203251921.patch @@ -195,7 +195,7 @@ index 81c287f..d456d02 100644 =20 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 15e80f1..4fb87db 100644 +index 172e041..4aede2e 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL :=3D $(shell if [ -x "$$BASH" ]; then e= cho $$BASH; \ @@ -685,7 +685,7 @@ index fadd5f8..904e73a 100644 /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic= .h -index 86976d0..683de93 100644 +index 86976d0..8e07f84 100644 --- a/arch/arm/include/asm/atomic.h +++ b/arch/arm/include/asm/atomic.h @@ -15,6 +15,10 @@ @@ -887,7 +887,35 @@ index 86976d0..683de93 100644 static inline void atomic_clear_mask(unsigned long mask, unsigned long = *addr) { unsigned long tmp, tmp2; -@@ -207,6 +349,10 @@ static inline void atomic_clear_mask(unsigned long = mask, unsigned long *addr) +@@ -165,7 +307,9 @@ static inline int atomic_add_return(int i, atomic_t = *v) +=20 + return val; + } ++#define atomic_add_return_unchecked(i, v) atomic_add_return(i, v) + #define atomic_add(i, v) (void) atomic_add_return(i, v) ++#define atomic_add_unchecked(i, v) (void) atomic_add_return_unchecked(i= , v) +=20 + static inline int atomic_sub_return(int i, atomic_t *v) + { +@@ -179,7 +323,9 @@ static inline int atomic_sub_return(int i, atomic_t = *v) +=20 + return val; + } ++#define atomic_sub_return_unchecked(i, v) atomic_sub_return(i, v) + #define atomic_sub(i, v) (void) atomic_sub_return(i, v) ++#define atomic_sub_unchecked(i, v) (void) atomic_sub_return_unchecked(i= , v) +=20 + static inline int atomic_cmpxchg(atomic_t *v, int old, int new) + { +@@ -194,6 +340,7 @@ static inline int atomic_cmpxchg(atomic_t *v, int ol= d, int new) +=20 + return ret; + } ++#define atomic_cmpxchg_unchecked(v, o, n) atomic_cmpxchg(v, o, n) +=20 + static inline void atomic_clear_mask(unsigned long mask, unsigned long = *addr) + { +@@ -207,6 +354,10 @@ static inline void atomic_clear_mask(unsigned long = mask, unsigned long *addr) #endif /* __LINUX_ARM_ARCH__ */ =20 #define atomic_xchg(v, new) (xchg(&((v)->counter), new)) @@ -898,7 +926,7 @@ index 86976d0..683de93 100644 =20 static inline int __atomic_add_unless(atomic_t *v, int a, int u) { -@@ -219,11 +365,27 @@ static inline int __atomic_add_unless(atomic_t *v,= int a, int u) +@@ -219,11 +370,27 @@ static inline int __atomic_add_unless(atomic_t *v,= int a, int u) } =20 #define atomic_inc(v) atomic_add(1, v) @@ -926,7 +954,7 @@ index 86976d0..683de93 100644 #define atomic_dec_return(v) (atomic_sub_return(1, v)) #define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) =3D=3D 0) =20 -@@ -239,6 +401,14 @@ typedef struct { +@@ -239,6 +406,14 @@ typedef struct { u64 __aligned(8) counter; } atomic64_t; =20 @@ -941,7 +969,7 @@ index 86976d0..683de93 100644 #define ATOMIC64_INIT(i) { (i) } =20 static inline u64 atomic64_read(atomic64_t *v) -@@ -254,6 +424,19 @@ static inline u64 atomic64_read(atomic64_t *v) +@@ -254,6 +429,19 @@ static inline u64 atomic64_read(atomic64_t *v) return result; } =20 @@ -961,7 +989,7 @@ index 86976d0..683de93 100644 static inline void atomic64_set(atomic64_t *v, u64 i) { u64 tmp; -@@ -268,6 +451,20 @@ static inline void atomic64_set(atomic64_t *v, u64 = i) +@@ -268,6 +456,20 @@ static inline void atomic64_set(atomic64_t *v, u64 = i) : "cc"); } =20 @@ -982,7 +1010,7 @@ index 86976d0..683de93 100644 static inline void atomic64_add(u64 i, atomic64_t *v) { u64 result; -@@ -276,6 +473,36 @@ static inline void atomic64_add(u64 i, atomic64_t *= v) +@@ -276,6 +478,36 @@ static inline void atomic64_add(u64 i, atomic64_t *= v) __asm__ __volatile__("@ atomic64_add\n" "1: ldrexd %0, %H0, [%3]\n" " adds %0, %0, %4\n" @@ -1019,7 +1047,7 @@ index 86976d0..683de93 100644 " adc %H0, %H0, %H4\n" " strexd %1, %0, %H0, [%3]\n" " teq %1, #0\n" -@@ -287,12 +514,49 @@ static inline void atomic64_add(u64 i, atomic64_t = *v) +@@ -287,12 +519,49 @@ static inline void atomic64_add(u64 i, atomic64_t = *v) =20 static inline u64 atomic64_add_return(u64 i, atomic64_t *v) { @@ -1071,7 +1099,7 @@ index 86976d0..683de93 100644 "1: ldrexd %0, %H0, [%3]\n" " adds %0, %0, %4\n" " adc %H0, %H0, %H4\n" -@@ -316,6 +580,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *= v) +@@ -316,6 +585,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *= v) __asm__ __volatile__("@ atomic64_sub\n" "1: ldrexd %0, %H0, [%3]\n" " subs %0, %0, %4\n" @@ -1108,7 +1136,7 @@ index 86976d0..683de93 100644 " sbc %H0, %H0, %H4\n" " strexd %1, %0, %H0, [%3]\n" " teq %1, #0\n" -@@ -327,18 +621,32 @@ static inline void atomic64_sub(u64 i, atomic64_t = *v) +@@ -327,18 +626,32 @@ static inline void atomic64_sub(u64 i, atomic64_t = *v) =20 static inline u64 atomic64_sub_return(u64 i, atomic64_t *v) { @@ -1146,7 +1174,7 @@ index 86976d0..683de93 100644 : "=3D&r" (result), "=3D&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (i) : "cc"); -@@ -372,6 +680,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr,= u64 old, u64 new) +@@ -372,6 +685,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr,= u64 old, u64 new) return oldval; } =20 @@ -1177,7 +1205,7 @@ index 86976d0..683de93 100644 static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new) { u64 result; -@@ -395,21 +727,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u= 64 new) +@@ -395,21 +732,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u= 64 new) =20 static inline u64 atomic64_dec_if_positive(atomic64_t *v) { @@ -1219,7 +1247,7 @@ index 86976d0..683de93 100644 : "=3D&r" (result), "=3D&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter) : "cc"); -@@ -432,13 +777,25 @@ static inline int atomic64_add_unless(atomic64_t *= v, u64 a, u64 u) +@@ -432,13 +782,25 @@ static inline int atomic64_add_unless(atomic64_t *= v, u64 a, u64 u) " teq %0, %5\n" " teqeq %H0, %H5\n" " moveq %1, #0\n" @@ -1247,7 +1275,7 @@ index 86976d0..683de93 100644 : "=3D&r" (val), "+r" (ret), "=3D&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (u), "r" (a) : "cc"); -@@ -451,10 +808,13 @@ static inline int atomic64_add_unless(atomic64_t *= v, u64 a, u64 u) +@@ -451,10 +813,13 @@ static inline int atomic64_add_unless(atomic64_t *= v, u64 a, u64 u) =20 #define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0) #define atomic64_inc(v) atomic64_add(1LL, (v)) @@ -14376,10 +14404,23 @@ index cd28a35..c72ed9a 100644 #include #include diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index f3f6f53..0841b66 100644 +index f3f6f53..b0cbdf9 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S -@@ -186,13 +186,146 @@ +@@ -99,12 +99,6 @@ + #endif + .endm +=20 +-#ifdef CONFIG_VM86 +-#define resume_userspace_sig check_userspace +-#else +-#define resume_userspace_sig resume_userspace +-#endif +- + /* + * User gs save/restore + * +@@ -186,13 +180,146 @@ /*CFI_REL_OFFSET gs, PT_GS*/ .endm .macro SET_KERNEL_GS reg @@ -14527,7 +14568,7 @@ index f3f6f53..0841b66 100644 cld PUSH_GS pushl_cfi %fs -@@ -215,7 +348,7 @@ +@@ -215,7 +342,7 @@ CFI_REL_OFFSET ecx, 0 pushl_cfi %ebx CFI_REL_OFFSET ebx, 0 @@ -14536,7 +14577,7 @@ index f3f6f53..0841b66 100644 movl %edx, %ds movl %edx, %es movl $(__KERNEL_PERCPU), %edx -@@ -223,6 +356,15 @@ +@@ -223,6 +350,15 @@ SET_KERNEL_GS %edx .endm =20 @@ -14552,7 +14593,7 @@ index f3f6f53..0841b66 100644 .macro RESTORE_INT_REGS popl_cfi %ebx CFI_RESTORE ebx -@@ -308,7 +450,7 @@ ENTRY(ret_from_fork) +@@ -308,7 +444,7 @@ ENTRY(ret_from_fork) popfl_cfi jmp syscall_exit CFI_ENDPROC @@ -14561,9 +14602,24 @@ index f3f6f53..0841b66 100644 =20 /* * Interrupt exit functions should be protected against kprobes -@@ -333,7 +475,15 @@ check_userspace: +@@ -328,12 +464,29 @@ ret_from_exception: + preempt_stop(CLBR_ANY) + ret_from_intr: + GET_THREAD_INFO(%ebp) +-check_userspace: ++resume_userspace_sig: ++#ifdef CONFIG_VM86 + movl PT_EFLAGS(%esp), %eax # mix EFLAGS and CS movb PT_CS(%esp), %al andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax ++#else ++ /* ++ * We can be coming here from a syscall done in the kernel space, ++ * e.g. a failed kernel_execve(). ++ */ ++ movl PT_CS(%esp), %eax ++ andl $SEGMENT_RPL_MASK, %eax ++#endif cmpl $USER_RPL, %eax + +#ifdef CONFIG_PAX_KERNEXEC @@ -14577,7 +14633,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(resume_userspace) LOCKDEP_SYS_EXIT -@@ -345,8 +495,8 @@ ENTRY(resume_userspace) +@@ -345,8 +498,8 @@ ENTRY(resume_userspace) andl $_TIF_WORK_MASK, %ecx # is there any work to be done on # int/exception return? jne work_pending @@ -14588,7 +14644,7 @@ index f3f6f53..0841b66 100644 =20 #ifdef CONFIG_PREEMPT ENTRY(resume_kernel) -@@ -361,7 +511,7 @@ need_resched: +@@ -361,7 +514,7 @@ need_resched: jz restore_all call preempt_schedule_irq jmp need_resched @@ -14597,7 +14653,7 @@ index f3f6f53..0841b66 100644 #endif CFI_ENDPROC /* -@@ -395,23 +545,34 @@ sysenter_past_esp: +@@ -395,23 +548,34 @@ sysenter_past_esp: /*CFI_REL_OFFSET cs, 0*/ /* * Push current_thread_info()->sysenter_return to the stack. @@ -14635,7 +14691,7 @@ index f3f6f53..0841b66 100644 movl %ebp,PT_EBP(%esp) .section __ex_table,"a" .align 4 -@@ -434,12 +595,24 @@ sysenter_do_call: +@@ -434,12 +598,24 @@ sysenter_do_call: testl $_TIF_ALLWORK_MASK, %ecx jne sysexit_audit sysenter_exit: @@ -14660,7 +14716,7 @@ index f3f6f53..0841b66 100644 PTGS_TO_GS ENABLE_INTERRUPTS_SYSEXIT =20 -@@ -456,6 +629,9 @@ sysenter_audit: +@@ -456,6 +632,9 @@ sysenter_audit: movl %eax,%edx /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */ call audit_syscall_entry @@ -14670,7 +14726,7 @@ index f3f6f53..0841b66 100644 pushl_cfi %ebx movl PT_EAX(%esp),%eax /* reload syscall number */ jmp sysenter_do_call -@@ -482,11 +658,17 @@ sysexit_audit: +@@ -482,11 +661,17 @@ sysexit_audit: =20 CFI_ENDPROC .pushsection .fixup,"ax" @@ -14690,7 +14746,7 @@ index f3f6f53..0841b66 100644 .popsection PTGS_TO_GS_EX ENDPROC(ia32_sysenter_target) -@@ -519,6 +701,15 @@ syscall_exit: +@@ -519,6 +704,15 @@ syscall_exit: testl $_TIF_ALLWORK_MASK, %ecx # current->work jne syscall_exit_work =20 @@ -14706,7 +14762,7 @@ index f3f6f53..0841b66 100644 restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -578,14 +769,34 @@ ldt_ss: +@@ -578,14 +772,34 @@ ldt_ss: * compensating for the offset by changing to the ESPFIX segment with * a base address that matches for the difference. */ @@ -14744,7 +14800,7 @@ index f3f6f53..0841b66 100644 pushl_cfi $__ESPFIX_SS pushl_cfi %eax /* new kernel esp */ /* Disable interrupts, but do not irqtrace this section: we -@@ -614,34 +825,28 @@ work_resched: +@@ -614,34 +828,28 @@ work_resched: movl TI_flags(%ebp), %ecx andl $_TIF_WORK_MASK, %ecx # is there any work to be done other # than syscall tracing? @@ -14784,7 +14840,7 @@ index f3f6f53..0841b66 100644 =20 # perform syscall exit tracing ALIGN -@@ -649,11 +854,14 @@ syscall_trace_entry: +@@ -649,11 +857,14 @@ syscall_trace_entry: movl $-ENOSYS,PT_EAX(%esp) movl %esp, %eax call syscall_trace_enter @@ -14800,7 +14856,7 @@ index f3f6f53..0841b66 100644 =20 # perform syscall exit tracing ALIGN -@@ -666,20 +874,24 @@ syscall_exit_work: +@@ -666,20 +877,24 @@ syscall_exit_work: movl %esp, %eax call syscall_trace_leave jmp resume_userspace @@ -14828,7 +14884,7 @@ index f3f6f53..0841b66 100644 CFI_ENDPROC /* * End of kprobes section -@@ -753,6 +965,36 @@ ptregs_clone: +@@ -753,6 +968,36 @@ ptregs_clone: CFI_ENDPROC ENDPROC(ptregs_clone) =20 @@ -14865,7 +14921,7 @@ index f3f6f53..0841b66 100644 .macro FIXUP_ESPFIX_STACK /* * Switch back for ESPFIX stack to the normal zerobased stack -@@ -762,8 +1004,15 @@ ENDPROC(ptregs_clone) +@@ -762,8 +1007,15 @@ ENDPROC(ptregs_clone) * normal stack and adjusts ESP with the matching offset. */ /* fixup the stack */ @@ -14883,7 +14939,7 @@ index f3f6f53..0841b66 100644 shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -816,7 +1065,7 @@ vector=3Dvector+1 +@@ -816,7 +1068,7 @@ vector=3Dvector+1 .endr 2: jmp common_interrupt .endr @@ -14892,7 +14948,7 @@ index f3f6f53..0841b66 100644 =20 .previous END(interrupt) -@@ -864,7 +1113,7 @@ ENTRY(coprocessor_error) +@@ -864,7 +1116,7 @@ ENTRY(coprocessor_error) pushl_cfi $do_coprocessor_error jmp error_code CFI_ENDPROC @@ -14901,7 +14957,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -885,7 +1134,7 @@ ENTRY(simd_coprocessor_error) +@@ -885,7 +1137,7 @@ ENTRY(simd_coprocessor_error) #endif jmp error_code CFI_ENDPROC @@ -14910,7 +14966,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(device_not_available) RING0_INT_FRAME -@@ -893,7 +1142,7 @@ ENTRY(device_not_available) +@@ -893,7 +1145,7 @@ ENTRY(device_not_available) pushl_cfi $do_device_not_available jmp error_code CFI_ENDPROC @@ -14919,7 +14975,7 @@ index f3f6f53..0841b66 100644 =20 #ifdef CONFIG_PARAVIRT ENTRY(native_iret) -@@ -902,12 +1151,12 @@ ENTRY(native_iret) +@@ -902,12 +1154,12 @@ ENTRY(native_iret) .align 4 .long native_iret, iret_exc .previous @@ -14934,7 +14990,7 @@ index f3f6f53..0841b66 100644 #endif =20 ENTRY(overflow) -@@ -916,7 +1165,7 @@ ENTRY(overflow) +@@ -916,7 +1168,7 @@ ENTRY(overflow) pushl_cfi $do_overflow jmp error_code CFI_ENDPROC @@ -14943,7 +14999,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(bounds) RING0_INT_FRAME -@@ -924,7 +1173,7 @@ ENTRY(bounds) +@@ -924,7 +1176,7 @@ ENTRY(bounds) pushl_cfi $do_bounds jmp error_code CFI_ENDPROC @@ -14952,7 +15008,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(invalid_op) RING0_INT_FRAME -@@ -932,7 +1181,7 @@ ENTRY(invalid_op) +@@ -932,7 +1184,7 @@ ENTRY(invalid_op) pushl_cfi $do_invalid_op jmp error_code CFI_ENDPROC @@ -14961,7 +15017,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -940,35 +1189,35 @@ ENTRY(coprocessor_segment_overrun) +@@ -940,35 +1192,35 @@ ENTRY(coprocessor_segment_overrun) pushl_cfi $do_coprocessor_segment_overrun jmp error_code CFI_ENDPROC @@ -15002,7 +15058,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(divide_error) RING0_INT_FRAME -@@ -976,7 +1225,7 @@ ENTRY(divide_error) +@@ -976,7 +1228,7 @@ ENTRY(divide_error) pushl_cfi $do_divide_error jmp error_code CFI_ENDPROC @@ -15011,7 +15067,7 @@ index f3f6f53..0841b66 100644 =20 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -985,7 +1234,7 @@ ENTRY(machine_check) +@@ -985,7 +1237,7 @@ ENTRY(machine_check) pushl_cfi machine_check_vector jmp error_code CFI_ENDPROC @@ -15020,7 +15076,7 @@ index f3f6f53..0841b66 100644 #endif =20 ENTRY(spurious_interrupt_bug) -@@ -994,7 +1243,7 @@ ENTRY(spurious_interrupt_bug) +@@ -994,7 +1246,7 @@ ENTRY(spurious_interrupt_bug) pushl_cfi $do_spurious_interrupt_bug jmp error_code CFI_ENDPROC @@ -15029,7 +15085,7 @@ index f3f6f53..0841b66 100644 /* * End of kprobes section */ -@@ -1109,7 +1358,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_= EVTCHN_CALLBACK, +@@ -1109,7 +1361,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_= EVTCHN_CALLBACK, =20 ENTRY(mcount) ret @@ -15038,7 +15094,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1138,7 +1387,7 @@ ftrace_graph_call: +@@ -1138,7 +1390,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -15047,7 +15103,7 @@ index f3f6f53..0841b66 100644 =20 #else /* ! CONFIG_DYNAMIC_FTRACE */ =20 -@@ -1174,7 +1423,7 @@ trace: +@@ -1174,7 +1426,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -15056,7 +15112,7 @@ index f3f6f53..0841b66 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ =20 -@@ -1195,7 +1444,7 @@ ENTRY(ftrace_graph_caller) +@@ -1195,7 +1447,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -15065,7 +15121,7 @@ index f3f6f53..0841b66 100644 =20 .globl return_to_handler return_to_handler: -@@ -1209,7 +1458,6 @@ return_to_handler: +@@ -1209,7 +1461,6 @@ return_to_handler: jmp *%ecx #endif =20 @@ -15073,7 +15129,7 @@ index f3f6f53..0841b66 100644 #include "syscall_table_32.S" =20 syscall_table_size=3D(.-sys_call_table) -@@ -1255,15 +1503,18 @@ error_code: +@@ -1255,15 +1506,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -15094,7 +15150,7 @@ index f3f6f53..0841b66 100644 =20 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1305,7 +1556,7 @@ debug_stack_correct: +@@ -1305,7 +1559,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -15103,7 +15159,7 @@ index f3f6f53..0841b66 100644 =20 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1342,6 +1593,9 @@ nmi_stack_correct: +@@ -1342,6 +1596,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -15113,7 +15169,7 @@ index f3f6f53..0841b66 100644 jmp restore_all_notrace CFI_ENDPROC =20 -@@ -1378,12 +1632,15 @@ nmi_espfix_stack: +@@ -1378,12 +1635,15 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax =3D=3D %esp xorl %edx,%edx # zero error code call do_nmi @@ -15130,7 +15186,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(int3) RING0_INT_FRAME -@@ -1395,14 +1652,14 @@ ENTRY(int3) +@@ -1395,14 +1655,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -15147,7 +15203,7 @@ index f3f6f53..0841b66 100644 =20 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1410,7 +1667,7 @@ ENTRY(async_page_fault) +@@ -1410,7 +1670,7 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -35741,7 +35797,7 @@ index bea8524..c677c06 100644 struct brcms_phy { struct brcms_phy_pub pubpi_ro; diff --git a/drivers/net/wireless/iwlegacy/iwl3945-base.c b/drivers/net/= wireless/iwlegacy/iwl3945-base.c -index 05f2ad1..ae00eea 100644 +index b3d9f3f..9931f58 100644 --- a/drivers/net/wireless/iwlegacy/iwl3945-base.c +++ b/drivers/net/wireless/iwlegacy/iwl3945-base.c @@ -3685,7 +3685,9 @@ static int iwl3945_pci_probe(struct pci_dev *pdev,= const struct pci_device_id *e @@ -42144,7 +42200,7 @@ index a6395bd..f1e376a 100644 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 6ff96c6..b5fb43a 100644 +index 6ff96c6..64d2dec 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -42778,19 +42834,7 @@ index 6ff96c6..b5fb43a 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval =3D -EINVAL; -@@ -870,6 +1328,11 @@ static int load_elf_binary(struct linux_binprm *bp= rm, struct pt_regs *regs) - start_data +=3D load_bias; - end_data +=3D load_bias; -=20 -+#ifdef CONFIG_PAX_RANDMMAP -+ if (current->mm->pax_flags & MF_PAX_RANDMMAP) -+ elf_brk +=3D PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL= )) << 4); -+#endif -+ - /* Calling set_brk effectively mmaps the pages that we need - * for the bss and break sections. We must do this before - * mapping in the interpreter, to make sure it doesn't wind -@@ -881,9 +1344,11 @@ static int load_elf_binary(struct linux_binprm *bp= rm, struct pt_regs *regs) +@@ -881,11 +1339,35 @@ static int load_elf_binary(struct linux_binprm *b= prm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss !=3D elf_brk) && unlikely(padzero(elf_bss))) { @@ -42804,8 +42848,32 @@ index 6ff96c6..b5fb43a 100644 + */ } =20 ++#ifdef CONFIG_PAX_RANDMMAP ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) { ++ unsigned long start, size; ++ ++ start =3D ELF_PAGEALIGN(elf_brk); ++ size =3D PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) <= < 4); ++ down_write(¤t->mm->mmap_sem); ++ retval =3D -ENOMEM; ++ if (!find_vma_intersection(current->mm, start, start + size + PAGE_SI= ZE)) { ++ start =3D do_mmap(NULL, start, size, PROT_NONE, MAP_ANONYMOUS | MAP_= FIXED | MAP_PRIVATE, 0); ++ retval =3D IS_ERR_VALUE(start) ? start : 0; ++ } ++ up_write(¤t->mm->mmap_sem); ++ if (retval =3D=3D 0) ++ retval =3D set_brk(start + size, start + size + PAGE_SIZE); ++ if (retval < 0) { ++ send_sig(SIGKILL, current, 0); ++ goto out_free_dentry; ++ } ++ } ++#endif ++ if (elf_interpreter) { -@@ -1098,7 +1563,7 @@ out: + unsigned long uninitialized_var(interp_map_addr); +=20 +@@ -1098,7 +1580,7 @@ out: * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -42814,7 +42882,7 @@ index 6ff96c6..b5fb43a 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) =20 -@@ -1132,7 +1597,7 @@ static unsigned long vma_dump_size(struct vm_area_= struct *vma, +@@ -1132,7 +1614,7 @@ static unsigned long vma_dump_size(struct vm_area_= struct *vma, if (vma->vm_file =3D=3D NULL) return 0; =20 @@ -42823,7 +42891,7 @@ index 6ff96c6..b5fb43a 100644 goto whole; =20 /* -@@ -1354,9 +1819,9 @@ static void fill_auxv_note(struct memelfnote *note= , struct mm_struct *mm) +@@ -1354,9 +1836,9 @@ static void fill_auxv_note(struct memelfnote *note= , struct mm_struct *mm) { elf_addr_t *auxv =3D (elf_addr_t *) mm->saved_auxv; int i =3D 0; @@ -42835,7 +42903,7 @@ index 6ff96c6..b5fb43a 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } =20 -@@ -1862,14 +2327,14 @@ static void fill_extnum_info(struct elfhdr *elf,= struct elf_shdr *shdr4extnum, +@@ -1862,14 +2344,14 @@ static void fill_extnum_info(struct elfhdr *elf,= struct elf_shdr *shdr4extnum, } =20 static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -42852,7 +42920,7 @@ index 6ff96c6..b5fb43a 100644 return size; } =20 -@@ -1963,7 +2428,7 @@ static int elf_core_dump(struct coredump_params *c= prm) +@@ -1963,7 +2445,7 @@ static int elf_core_dump(struct coredump_params *c= prm) =20 dataoff =3D offset =3D roundup(offset, ELF_EXEC_PAGESIZE); =20 @@ -42861,7 +42929,7 @@ index 6ff96c6..b5fb43a 100644 offset +=3D elf_core_extra_data_size(); e_shoff =3D offset; =20 -@@ -1977,10 +2442,12 @@ static int elf_core_dump(struct coredump_params = *cprm) +@@ -1977,10 +2459,12 @@ static int elf_core_dump(struct coredump_params = *cprm) offset =3D dataoff; =20 size +=3D sizeof(*elf); @@ -42874,7 +42942,7 @@ index 6ff96c6..b5fb43a 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -1994,7 +2461,7 @@ static int elf_core_dump(struct coredump_params *c= prm) +@@ -1994,7 +2478,7 @@ static int elf_core_dump(struct coredump_params *c= prm) phdr.p_offset =3D offset; phdr.p_vaddr =3D vma->vm_start; phdr.p_paddr =3D 0; @@ -42883,7 +42951,7 @@ index 6ff96c6..b5fb43a 100644 phdr.p_memsz =3D vma->vm_end - vma->vm_start; offset +=3D phdr.p_filesz; phdr.p_flags =3D vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2005,6 +2472,7 @@ static int elf_core_dump(struct coredump_params *c= prm) +@@ -2005,6 +2489,7 @@ static int elf_core_dump(struct coredump_params *c= prm) phdr.p_align =3D ELF_EXEC_PAGESIZE; =20 size +=3D sizeof(phdr); @@ -42891,7 +42959,7 @@ index 6ff96c6..b5fb43a 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2029,7 +2497,7 @@ static int elf_core_dump(struct coredump_params *c= prm) +@@ -2029,7 +2514,7 @@ static int elf_core_dump(struct coredump_params *c= prm) unsigned long addr; unsigned long end; =20 @@ -42900,7 +42968,7 @@ index 6ff96c6..b5fb43a 100644 =20 for (addr =3D vma->vm_start; addr < end; addr +=3D PAGE_SIZE) { struct page *page; -@@ -2038,6 +2506,7 @@ static int elf_core_dump(struct coredump_params *c= prm) +@@ -2038,6 +2523,7 @@ static int elf_core_dump(struct coredump_params *c= prm) page =3D get_dump_page(addr); if (page) { void *kaddr =3D kmap(page); @@ -42908,7 +42976,7 @@ index 6ff96c6..b5fb43a 100644 stop =3D ((size +=3D PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2055,6 +2524,7 @@ static int elf_core_dump(struct coredump_params *c= prm) +@@ -2055,6 +2541,7 @@ static int elf_core_dump(struct coredump_params *c= prm) =20 if (e_phnum =3D=3D PN_XNUM) { size +=3D sizeof(*shdr4extnum); @@ -42916,7 +42984,7 @@ index 6ff96c6..b5fb43a 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2075,6 +2545,97 @@ out: +@@ -2075,6 +2562,97 @@ out: =20 #endif /* CONFIG_ELF_CORE */ =20 @@ -43051,9 +43119,18 @@ index 1bffbe0..c8c283e 100644 goto err; } diff --git a/fs/bio.c b/fs/bio.c -index b1fe82c..84da0a9 100644 +index b1fe82c..08e2e2e 100644 --- a/fs/bio.c +++ b/fs/bio.c +@@ -837,7 +837,7 @@ struct bio *bio_copy_user_iov(struct request_queue *= q, + /* + * Overflow, abort + */ +- if (end < start) ++ if (end < start || end - start > INT_MAX - nr_pages) + return ERR_PTR(-EINVAL); +=20 + nr_pages +=3D end - start; @@ -1233,7 +1233,7 @@ static void bio_copy_kern_endio(struct bio *bio, i= nt err) const int read =3D bio_data_dir(bio) =3D=3D READ; struct bio_map_data *bmd =3D bio->bi_private; @@ -43896,9 +43973,25 @@ index 9a37a9b..35792b6 100644 /* * We'll have a dentry and an inode for diff --git a/fs/dcache.c b/fs/dcache.c -index f7908ae..920a680 100644 +index f7908ae..f0c2af2 100644 --- a/fs/dcache.c +++ b/fs/dcache.c +@@ -103,11 +103,11 @@ static unsigned int d_hash_shift __read_mostly; +=20 + static struct hlist_bl_head *dentry_hashtable __read_mostly; +=20 +-static inline struct hlist_bl_head *d_hash(struct dentry *parent, +- unsigned long hash) ++static inline struct hlist_bl_head *d_hash(const struct dentry *parent, ++ unsigned int hash) + { +- hash +=3D ((unsigned long) parent ^ GOLDEN_RATIO_PRIME) / L1_CACHE_BYT= ES; +- hash =3D hash ^ ((hash ^ GOLDEN_RATIO_PRIME) >> D_HASHBITS); ++ hash +=3D (unsigned long) parent / L1_CACHE_BYTES; ++ hash =3D hash + (hash >> D_HASHBITS); + return dentry_hashtable + (hash & D_HASHMASK); + } +=20 @@ -3042,7 +3042,7 @@ void __init vfs_caches_init(unsigned long mempages= ) mempages -=3D reserve; =20 @@ -47427,7 +47520,7 @@ index 7a2e442..8e544cc 100644 =20 if (host_err < 0) diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c -index d327140..501b7f8 100644 +index 35a8970..501b7f8 100644 --- a/fs/nilfs2/the_nilfs.c +++ b/fs/nilfs2/the_nilfs.c @@ -409,6 +409,12 @@ static int nilfs_store_disk_layout(struct the_nilfs= *nilfs, @@ -47443,14 +47536,6 @@ index d327140..501b7f8 100644 nilfs_set_nsegments(nilfs, le64_to_cpu(sbp->s_nsegments)); nilfs->ns_crc_seed =3D le32_to_cpu(sbp->s_crc_seed); return 0; -@@ -515,6 +521,7 @@ static int nilfs_load_super_block(struct the_nilfs *= nilfs, - brelse(sbh[1]); - sbh[1] =3D NULL; - sbp[1] =3D NULL; -+ valid[1] =3D 0; - swp =3D 0; - } - if (!valid[swp]) { diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fan= otify_user.c index 9fde1c0..14e8827 100644 --- a/fs/notify/fanotify/fanotify_user.c @@ -63112,7 +63197,7 @@ index 643b96c..ef55a9c 100644 struct ctl_table_header; struct ctl_table; diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h -index 800f113..e9ee2e3 100644 +index 800f113..12c82ec 100644 --- a/include/linux/ptrace.h +++ b/include/linux/ptrace.h @@ -129,10 +129,12 @@ extern void __ptrace_unlink(struct task_struct *ch= ild); @@ -63130,6 +63215,19 @@ index 800f113..e9ee2e3 100644 =20 static inline int ptrace_reparented(struct task_struct *child) { +@@ -197,9 +199,10 @@ static inline void ptrace_event(int event, unsigned= long message) + if (unlikely(ptrace_event_enabled(current, event))) { + current->ptrace_message =3D message; + ptrace_notify((event << 8) | SIGTRAP); +- } else if (event =3D=3D PTRACE_EVENT_EXEC && unlikely(current->ptrace)= ) { ++ } else if (event =3D=3D PTRACE_EVENT_EXEC) { + /* legacy EXEC report via SIGTRAP */ +- send_sig(SIGTRAP, current, 0); ++ if ((current->ptrace & (PT_PTRACED|PT_SEIZED)) =3D=3D PT_PTRACED) ++ send_sig(SIGTRAP, current, 0); + } + } +=20 diff --git a/include/linux/random.h b/include/linux/random.h index 8f74538..02a1012 100644 --- a/include/linux/random.h @@ -68418,6 +68516,19 @@ index 636af6d..8af70ab 100644 { __rcu_process_callbacks(&rcu_sched_ctrlblk); __rcu_process_callbacks(&rcu_bh_ctrlblk); +diff --git a/kernel/rcutiny_plugin.h b/kernel/rcutiny_plugin.h +index 2b0484a..07955ab 100644 +--- a/kernel/rcutiny_plugin.h ++++ b/kernel/rcutiny_plugin.h +@@ -907,7 +907,7 @@ static int rcu_kthread(void *arg) + have_rcu_kthread_work =3D morework; + local_irq_restore(flags); + if (work) +- rcu_process_callbacks(NULL); ++ rcu_process_callbacks(); + schedule_timeout_interruptible(1); /* Leave CPU for others. */ + } +=20 diff --git a/kernel/rcutorture.c b/kernel/rcutorture.c index 764825c..3aa6ac4 100644 --- a/kernel/rcutorture.c @@ -76058,62 +76169,8 @@ index 94cdbc5..0cb0063 100644 if (peer->tcp_ts_stamp) { ts =3D peer->tcp_ts; tsage =3D get_seconds() - peer->tcp_ts_stamp; -diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c -index 90f6544..769c0e9 100644 ---- a/net/ipv4/syncookies.c -+++ b/net/ipv4/syncookies.c -@@ -278,6 +278,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct= sk_buff *skb, - struct rtable *rt; - __u8 rcv_wscale; - bool ecn_ok =3D false; -+ struct flowi4 fl4; -=20 - if (!sysctl_tcp_syncookies || !th->ack || th->rst) - goto out; -@@ -346,20 +347,16 @@ struct sock *cookie_v4_check(struct sock *sk, stru= ct sk_buff *skb, - * hasn't changed since we received the original syn, but I see - * no easy way to do this. - */ -- { -- struct flowi4 fl4; -- -- flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), -- RT_SCOPE_UNIVERSE, IPPROTO_TCP, -- inet_sk_flowi_flags(sk), -- (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, -- ireq->loc_addr, th->source, th->dest); -- security_req_classify_flow(req, flowi4_to_flowi(&fl4)); -- rt =3D ip_route_output_key(sock_net(sk), &fl4); -- if (IS_ERR(rt)) { -- reqsk_free(req); -- goto out; -- } -+ flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), -+ RT_SCOPE_UNIVERSE, IPPROTO_TCP, -+ inet_sk_flowi_flags(sk), -+ (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, -+ ireq->loc_addr, th->source, th->dest); -+ security_req_classify_flow(req, flowi4_to_flowi(&fl4)); -+ rt =3D ip_route_output_key(sock_net(sk), &fl4); -+ if (IS_ERR(rt)) { -+ reqsk_free(req); -+ goto out; - } -=20 - /* Try to redo what tcp_v4_send_synack did. */ -@@ -373,5 +370,10 @@ struct sock *cookie_v4_check(struct sock *sk, struc= t sk_buff *skb, - ireq->rcv_wscale =3D rcv_wscale; -=20 - ret =3D get_cookie_sock(sk, skb, req, &rt->dst); -+ /* ip_queue_xmit() depends on our flow being setup -+ * Normal sockets get it right from inet_csk_route_child_sock() -+ */ -+ if (ret) -+ inet_sk(ret)->cork.fl.u.ip4 =3D fl4; - out: return ret; - } diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index eb90aa8..74908e1 100644 +index de69cec..74908e1 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -87,6 +87,9 @@ int sysctl_tcp_tw_reuse __read_mostly; @@ -76126,24 +76183,7 @@ index eb90aa8..74908e1 100644 =20 #ifdef CONFIG_TCP_MD5SIG static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, -@@ -1465,9 +1468,13 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk= , struct sk_buff *skb, - inet_csk(newsk)->icsk_ext_hdr_len =3D inet_opt->opt.optlen; - newinet->inet_id =3D newtp->write_seq ^ jiffies; -=20 -- if (!dst && (dst =3D inet_csk_route_child_sock(sk, newsk, req)) =3D=3D= NULL) -- goto put_and_exit; -- -+ if (!dst) { -+ dst =3D inet_csk_route_child_sock(sk, newsk, req); -+ if (!dst) -+ goto put_and_exit; -+ } else { -+ /* syncookie case : see end of cookie_v4_check() */ -+ } - sk_setup_caps(newsk, dst); -=20 - tcp_mtup_init(newsk); -@@ -1632,6 +1639,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff = *skb) +@@ -1636,6 +1639,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff = *skb) return 0; =20 reset: @@ -76153,7 +76193,7 @@ index eb90aa8..74908e1 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1694,12 +1704,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1698,12 +1704,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked =3D 0; =20 sk =3D __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -76176,7 +76216,7 @@ index eb90aa8..74908e1 100644 =20 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1749,6 +1766,10 @@ no_tcp_socket: +@@ -1753,6 +1766,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -76187,7 +76227,7 @@ index eb90aa8..74908e1 100644 tcp_v4_send_reset(NULL, skb); } =20 -@@ -2409,7 +2430,11 @@ static void get_openreq4(const struct sock *sk, c= onst struct request_sock *req, +@@ -2413,7 +2430,11 @@ static void get_openreq4(const struct sock *sk, c= onst struct request_sock *req, 0, /* non standard timer */ 0, /* open_requests have no inode */ atomic_read(&sk->sk_refcnt), @@ -76199,7 +76239,7 @@ index eb90aa8..74908e1 100644 len); } =20 -@@ -2459,7 +2484,12 @@ static void get_tcp4_sock(struct sock *sk, struct= seq_file *f, int i, int *len) +@@ -2463,7 +2484,12 @@ static void get_tcp4_sock(struct sock *sk, struct= seq_file *f, int i, int *len) sock_i_uid(sk), icsk->icsk_probes_out, sock_i_ino(sk), @@ -76213,7 +76253,7 @@ index eb90aa8..74908e1 100644 jiffies_to_clock_t(icsk->icsk_rto), jiffies_to_clock_t(icsk->icsk_ack.ato), (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong, -@@ -2487,7 +2517,13 @@ static void get_timewait4_sock(const struct inet_= timewait_sock *tw, +@@ -2491,7 +2517,13 @@ static void get_timewait4_sock(const struct inet_= timewait_sock *tw, " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK%n", i, src, srcp, dest, destp, tw->tw_substate, 0, 0, 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, diff --git a/3.2.12/4430_grsec-remove-localversion-grsec.patch b/3.2.13/4= 430_grsec-remove-localversion-grsec.patch similarity index 100% copy from 3.2.12/4430_grsec-remove-localversion-grsec.patch copy to 3.2.13/4430_grsec-remove-localversion-grsec.patch diff --git a/3.2.12/4435_grsec-mute-warnings.patch b/3.2.13/4435_grsec-mu= te-warnings.patch similarity index 100% copy from 3.2.12/4435_grsec-mute-warnings.patch copy to 3.2.13/4435_grsec-mute-warnings.patch diff --git a/3.2.12/4440_grsec-remove-protected-paths.patch b/3.2.13/4440= _grsec-remove-protected-paths.patch similarity index 100% copy from 3.2.12/4440_grsec-remove-protected-paths.patch copy to 3.2.13/4440_grsec-remove-protected-paths.patch diff --git a/3.2.12/4445_grsec-pax-without-grsec.patch b/3.2.13/4445_grse= c-pax-without-grsec.patch similarity index 100% copy from 3.2.12/4445_grsec-pax-without-grsec.patch copy to 3.2.13/4445_grsec-pax-without-grsec.patch diff --git a/3.2.12/4450_grsec-kconfig-default-gids.patch b/3.2.13/4450_g= rsec-kconfig-default-gids.patch similarity index 100% copy from 3.2.12/4450_grsec-kconfig-default-gids.patch copy to 3.2.13/4450_grsec-kconfig-default-gids.patch diff --git a/3.2.12/4455_grsec-kconfig-gentoo.patch b/3.2.13/4455_grsec-k= config-gentoo.patch similarity index 100% copy from 3.2.12/4455_grsec-kconfig-gentoo.patch copy to 3.2.13/4455_grsec-kconfig-gentoo.patch diff --git a/3.2.12/4460-grsec-kconfig-proc-user.patch b/3.2.13/4460-grse= c-kconfig-proc-user.patch similarity index 100% copy from 3.2.12/4460-grsec-kconfig-proc-user.patch copy to 3.2.13/4460-grsec-kconfig-proc-user.patch diff --git a/3.2.12/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.13/446= 5_selinux-avc_audit-log-curr_ip.patch similarity index 100% copy from 3.2.12/4465_selinux-avc_audit-log-curr_ip.patch copy to 3.2.13/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.2.12/4470_disable-compat_vdso.patch b/3.2.13/4470_disable-= compat_vdso.patch similarity index 100% copy from 3.2.12/4470_disable-compat_vdso.patch copy to 3.2.13/4470_disable-compat_vdso.patch diff --git a/3.2.12/0000_README b/3.3.0/0000_README similarity index 97% rename from 3.2.12/0000_README rename to 3.3.0/0000_README index ff7242f..a7990bb 100644 --- a/3.2.12/0000_README +++ b/3.3.0/0000_README @@ -2,7 +2,7 @@ README ------------------------------------------------------------------------= ----- Individual Patch Descriptions: ------------------------------------------------------------------------= ----- -Patch: 4420_grsecurity-2.9-3.2.12-201203221944.patch +Patch: 4420_grsecurity-2.9-3.3.0-201203251922.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity =20 diff --git a/3.2.12/4420_grsecurity-2.9-3.2.12-201203221944.patch b/3.3.0= /4420_grsecurity-2.9-3.3.0-201203251922.patch similarity index 88% rename from 3.2.12/4420_grsecurity-2.9-3.2.12-201203221944.patch rename to 3.3.0/4420_grsecurity-2.9-3.3.0-201203251922.patch index 94d7e91..9b345e8 100644 --- a/3.2.12/4420_grsecurity-2.9-3.2.12-201203221944.patch +++ b/3.3.0/4420_grsecurity-2.9-3.3.0-201203251922.patch @@ -1,12 +1,8 @@ diff --git a/Documentation/dontdiff b/Documentation/dontdiff -index dfa6fc6..df93044 100644 +index 0c083c5..9c2512a 100644 --- a/Documentation/dontdiff +++ b/Documentation/dontdiff -@@ -2,9 +2,11 @@ - *.aux - *.bin - *.bz2 -+*.c.[012]*.* +@@ -5,6 +5,7 @@ *.cis *.cpio *.csp @@ -14,7 +10,7 @@ index dfa6fc6..df93044 100644 *.dsp *.dvi *.elf -@@ -14,6 +16,7 @@ +@@ -14,6 +15,7 @@ *.gcov *.gen.S *.gif @@ -22,7 +18,7 @@ index dfa6fc6..df93044 100644 *.grep *.grp *.gz -@@ -48,9 +51,11 @@ +@@ -48,9 +50,11 @@ *.tab.h *.tex *.ver @@ -34,7 +30,7 @@ index dfa6fc6..df93044 100644 *_vga16.c *~ \#*# -@@ -70,6 +75,7 @@ Kerntypes +@@ -69,6 +73,7 @@ Image Module.markers Module.symvers PENDING @@ -42,7 +38,7 @@ index dfa6fc6..df93044 100644 SCCS System.map* TAGS -@@ -93,19 +99,24 @@ bounds.h +@@ -92,19 +97,24 @@ bounds.h bsetup btfixupprep build @@ -67,7 +63,7 @@ index dfa6fc6..df93044 100644 conmakehash consolemap_deftbl.c* cpustr.h -@@ -116,9 +127,11 @@ devlist.h* +@@ -115,9 +125,11 @@ devlist.h* dnotify_test docproc dslm @@ -79,7 +75,7 @@ index dfa6fc6..df93044 100644 fixdep flask.h fore200e_mkfirm -@@ -126,12 +139,15 @@ fore200e_pca_fw.c* +@@ -125,12 +137,15 @@ fore200e_pca_fw.c* gconf gconf.glade.h gen-devlist @@ -95,7 +91,7 @@ index dfa6fc6..df93044 100644 hpet_example hugepage-mmap hugepage-shm -@@ -146,7 +162,7 @@ int32.c +@@ -145,7 +160,7 @@ int32.c int4.c int8.c kallsyms @@ -104,7 +100,7 @@ index dfa6fc6..df93044 100644 keywords.c ksym.c* ksym.h* -@@ -154,7 +170,7 @@ kxgettext +@@ -153,7 +168,7 @@ kxgettext lkc_defs.h lex.c lex.*.c @@ -113,7 +109,7 @@ index dfa6fc6..df93044 100644 logo_*.c logo_*_clut224.c logo_*_mono.c -@@ -166,14 +182,15 @@ machtypes.h +@@ -165,14 +180,15 @@ machtypes.h map map_hugetlb maui_boot.h @@ -130,7 +126,7 @@ index dfa6fc6..df93044 100644 mkprep mkregtable mktables -@@ -209,6 +226,7 @@ r300_reg_safe.h +@@ -208,6 +224,7 @@ r300_reg_safe.h r420_reg_safe.h r600_reg_safe.h recordmcount @@ -138,7 +134,7 @@ index dfa6fc6..df93044 100644 relocs rlim_names.h rn50_reg_safe.h -@@ -219,6 +237,7 @@ setup +@@ -218,6 +235,7 @@ setup setup.bin setup.elf sImage @@ -146,7 +142,7 @@ index dfa6fc6..df93044 100644 sm_tbl* split-include syscalltab.h -@@ -229,6 +248,7 @@ tftpboot.img +@@ -228,6 +246,7 @@ tftpboot.img timeconst.h times.h* trix_boot.h @@ -154,7 +150,7 @@ index dfa6fc6..df93044 100644 utsrelease.h* vdso-syms.lds vdso.lds -@@ -246,7 +266,9 @@ vmlinux +@@ -245,7 +264,9 @@ vmlinux vmlinux-* vmlinux.aout vmlinux.bin.all @@ -164,7 +160,7 @@ index dfa6fc6..df93044 100644 vmlinuz voffset.h vsyscall.lds -@@ -254,9 +276,11 @@ vsyscall_32.lds +@@ -253,9 +274,11 @@ vsyscall_32.lds wanxlfw.inc uImage unifdef @@ -177,10 +173,10 @@ index dfa6fc6..df93044 100644 +zconf.lex.c zoffset.h diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-= parameters.txt -index 81c287f..d456d02 100644 +index d99fd9c..8689fef 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -1935,6 +1935,13 @@ bytes respectively. Such letter suffixes can also= be entirely omitted. +@@ -1977,6 +1977,13 @@ bytes respectively. Such letter suffixes can also= be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. =20 @@ -195,7 +191,7 @@ index 81c287f..d456d02 100644 =20 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 15e80f1..4fb87db 100644 +index 1932984..0204e68 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL :=3D $(shell if [ -x "$$BASH" ]; then e= cho $$BASH; \ @@ -221,7 +217,7 @@ index 15e80f1..4fb87db 100644 $(Q)$(MAKE) $(build)=3Dscripts/basic $(Q)rm -f .tmp_quiet_recordmcount =20 -@@ -564,6 +565,53 @@ else +@@ -564,6 +565,50 @@ else KBUILD_CFLAGS +=3D -O2 endif =20 @@ -248,13 +244,10 @@ index 15e80f1..4fb87db 100644 +endif +endif +COLORIZE_PLUGIN_CFLAGS :=3D -fplugin=3D$(objtree)/tools/gcc/colorize_pl= ugin.so -+ifdef CONFIG_PAX_SIZE_OVERFLOW -+SIZE_OVERFLOW_PLUGIN_CFLAGS :=3D -fplugin=3D$(objtree)/tools/gcc/size_o= verflow_plugin.so -DSIZE_OVERFLOW_PLUGIN -+endif +GCC_PLUGINS_CFLAGS :=3D $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CF= LAGS) $(KALLOCSTAT_PLUGIN_CFLAGS) -+GCC_PLUGINS_CFLAGS +=3D $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLA= GS) $(COLORIZE_PLUGIN_CFLAGS) $(SIZE_OVERFLOW_PLUGIN_CFLAGS) ++GCC_PLUGINS_CFLAGS +=3D $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLA= GS) $(COLORIZE_PLUGIN_CFLAGS) +GCC_PLUGINS_AFLAGS :=3D $(KERNEXEC_PLUGIN_AFLAGS) -+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN = SIZE_OVERFLOW_PLUGIN ++export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN +ifeq ($(KBUILD_EXTMOD),) +gcc-plugins: + $(Q)$(MAKE) $(build)=3Dtools/gcc @@ -275,7 +268,7 @@ index 15e80f1..4fb87db 100644 include $(srctree)/arch/$(SRCARCH)/Makefile =20 ifneq ($(CONFIG_FRAME_WARN),0) -@@ -708,7 +756,7 @@ export mod_strip_cmd +@@ -708,7 +753,7 @@ export mod_strip_cmd =20 =20 ifeq ($(KBUILD_EXTMOD),) @@ -284,7 +277,7 @@ index 15e80f1..4fb87db 100644 =20 vmlinux-dirs :=3D $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -932,6 +980,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -932,6 +977,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE =20 # The actual objects are generated when descending,=20 # make sure no implicit rule kicks in @@ -293,7 +286,7 @@ index 15e80f1..4fb87db 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs)= ; =20 # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -941,7 +991,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-ld= s): $(vmlinux-dirs) ; +@@ -941,7 +988,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-ld= s): $(vmlinux-dirs) ; # Error messages still appears in the original language =20 PHONY +=3D $(vmlinux-dirs) @@ -302,7 +295,7 @@ index 15e80f1..4fb87db 100644 $(Q)$(MAKE) $(build)=3D$@ =20 # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -985,6 +1035,7 @@ prepare0: archprepare FORCE +@@ -985,6 +1032,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=3D. =20 # All the preparing.. @@ -310,7 +303,7 @@ index 15e80f1..4fb87db 100644 prepare: prepare0 =20 # Generate some files -@@ -1086,6 +1137,8 @@ all: modules +@@ -1089,6 +1137,8 @@ all: modules # using awk while concatenating to the final file. =20 PHONY +=3D modules @@ -319,7 +312,7 @@ index 15e80f1..4fb87db 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builti= n $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=3D$(objtree)/%/modules.order) = > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1101,7 +1154,7 @@ modules.builtin: $(vmlinux-dirs:%=3D%/modules.buil= tin) +@@ -1104,7 +1154,7 @@ modules.builtin: $(vmlinux-dirs:%=3D%/modules.buil= tin) =20 # Target to prepare building external modules PHONY +=3D modules_prepare @@ -328,7 +321,7 @@ index 15e80f1..4fb87db 100644 =20 # Target to install modules PHONY +=3D modules_install -@@ -1198,6 +1251,7 @@ distclean: mrproper +@@ -1201,6 +1251,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -336,7 +329,7 @@ index 15e80f1..4fb87db 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f =20 -@@ -1358,6 +1412,8 @@ PHONY +=3D $(module-dirs) modules +@@ -1361,6 +1412,8 @@ PHONY +=3D $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=3D$(patsubst _module_%,%,$@) =20 @@ -345,7 +338,7 @@ index 15e80f1..4fb87db 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1484,17 +1540,21 @@ else +@@ -1487,17 +1540,21 @@ else target-dir =3D $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif =20 @@ -371,7 +364,7 @@ index 15e80f1..4fb87db 100644 $(Q)$(MAKE) $(build)=3D$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=3D$(build-dir) $(target-dir)$(notdir $@) -@@ -1504,11 +1564,15 @@ endif +@@ -1507,11 +1564,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=3D$(if $(CONFIG_MODULES),1) \ $(build)=3D$(build-dir) @@ -685,7 +678,7 @@ index fadd5f8..904e73a 100644 /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic= .h -index 86976d0..683de93 100644 +index 86976d0..8e07f84 100644 --- a/arch/arm/include/asm/atomic.h +++ b/arch/arm/include/asm/atomic.h @@ -15,6 +15,10 @@ @@ -887,7 +880,35 @@ index 86976d0..683de93 100644 static inline void atomic_clear_mask(unsigned long mask, unsigned long = *addr) { unsigned long tmp, tmp2; -@@ -207,6 +349,10 @@ static inline void atomic_clear_mask(unsigned long = mask, unsigned long *addr) +@@ -165,7 +307,9 @@ static inline int atomic_add_return(int i, atomic_t = *v) +=20 + return val; + } ++#define atomic_add_return_unchecked(i, v) atomic_add_return(i, v) + #define atomic_add(i, v) (void) atomic_add_return(i, v) ++#define atomic_add_unchecked(i, v) (void) atomic_add_return_unchecked(i= , v) +=20 + static inline int atomic_sub_return(int i, atomic_t *v) + { +@@ -179,7 +323,9 @@ static inline int atomic_sub_return(int i, atomic_t = *v) +=20 + return val; + } ++#define atomic_sub_return_unchecked(i, v) atomic_sub_return(i, v) + #define atomic_sub(i, v) (void) atomic_sub_return(i, v) ++#define atomic_sub_unchecked(i, v) (void) atomic_sub_return_unchecked(i= , v) +=20 + static inline int atomic_cmpxchg(atomic_t *v, int old, int new) + { +@@ -194,6 +340,7 @@ static inline int atomic_cmpxchg(atomic_t *v, int ol= d, int new) +=20 + return ret; + } ++#define atomic_cmpxchg_unchecked(v, o, n) atomic_cmpxchg(v, o, n) +=20 + static inline void atomic_clear_mask(unsigned long mask, unsigned long = *addr) + { +@@ -207,6 +354,10 @@ static inline void atomic_clear_mask(unsigned long = mask, unsigned long *addr) #endif /* __LINUX_ARM_ARCH__ */ =20 #define atomic_xchg(v, new) (xchg(&((v)->counter), new)) @@ -898,7 +919,7 @@ index 86976d0..683de93 100644 =20 static inline int __atomic_add_unless(atomic_t *v, int a, int u) { -@@ -219,11 +365,27 @@ static inline int __atomic_add_unless(atomic_t *v,= int a, int u) +@@ -219,11 +370,27 @@ static inline int __atomic_add_unless(atomic_t *v,= int a, int u) } =20 #define atomic_inc(v) atomic_add(1, v) @@ -926,7 +947,7 @@ index 86976d0..683de93 100644 #define atomic_dec_return(v) (atomic_sub_return(1, v)) #define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) =3D=3D 0) =20 -@@ -239,6 +401,14 @@ typedef struct { +@@ -239,6 +406,14 @@ typedef struct { u64 __aligned(8) counter; } atomic64_t; =20 @@ -941,7 +962,7 @@ index 86976d0..683de93 100644 #define ATOMIC64_INIT(i) { (i) } =20 static inline u64 atomic64_read(atomic64_t *v) -@@ -254,6 +424,19 @@ static inline u64 atomic64_read(atomic64_t *v) +@@ -254,6 +429,19 @@ static inline u64 atomic64_read(atomic64_t *v) return result; } =20 @@ -961,7 +982,7 @@ index 86976d0..683de93 100644 static inline void atomic64_set(atomic64_t *v, u64 i) { u64 tmp; -@@ -268,6 +451,20 @@ static inline void atomic64_set(atomic64_t *v, u64 = i) +@@ -268,6 +456,20 @@ static inline void atomic64_set(atomic64_t *v, u64 = i) : "cc"); } =20 @@ -982,7 +1003,7 @@ index 86976d0..683de93 100644 static inline void atomic64_add(u64 i, atomic64_t *v) { u64 result; -@@ -276,6 +473,36 @@ static inline void atomic64_add(u64 i, atomic64_t *= v) +@@ -276,6 +478,36 @@ static inline void atomic64_add(u64 i, atomic64_t *= v) __asm__ __volatile__("@ atomic64_add\n" "1: ldrexd %0, %H0, [%3]\n" " adds %0, %0, %4\n" @@ -1019,7 +1040,7 @@ index 86976d0..683de93 100644 " adc %H0, %H0, %H4\n" " strexd %1, %0, %H0, [%3]\n" " teq %1, #0\n" -@@ -287,12 +514,49 @@ static inline void atomic64_add(u64 i, atomic64_t = *v) +@@ -287,12 +519,49 @@ static inline void atomic64_add(u64 i, atomic64_t = *v) =20 static inline u64 atomic64_add_return(u64 i, atomic64_t *v) { @@ -1071,7 +1092,7 @@ index 86976d0..683de93 100644 "1: ldrexd %0, %H0, [%3]\n" " adds %0, %0, %4\n" " adc %H0, %H0, %H4\n" -@@ -316,6 +580,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *= v) +@@ -316,6 +585,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *= v) __asm__ __volatile__("@ atomic64_sub\n" "1: ldrexd %0, %H0, [%3]\n" " subs %0, %0, %4\n" @@ -1108,7 +1129,7 @@ index 86976d0..683de93 100644 " sbc %H0, %H0, %H4\n" " strexd %1, %0, %H0, [%3]\n" " teq %1, #0\n" -@@ -327,18 +621,32 @@ static inline void atomic64_sub(u64 i, atomic64_t = *v) +@@ -327,18 +626,32 @@ static inline void atomic64_sub(u64 i, atomic64_t = *v) =20 static inline u64 atomic64_sub_return(u64 i, atomic64_t *v) { @@ -1146,7 +1167,7 @@ index 86976d0..683de93 100644 : "=3D&r" (result), "=3D&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (i) : "cc"); -@@ -372,6 +680,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr,= u64 old, u64 new) +@@ -372,6 +685,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr,= u64 old, u64 new) return oldval; } =20 @@ -1177,7 +1198,7 @@ index 86976d0..683de93 100644 static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new) { u64 result; -@@ -395,21 +727,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u= 64 new) +@@ -395,21 +732,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u= 64 new) =20 static inline u64 atomic64_dec_if_positive(atomic64_t *v) { @@ -1219,7 +1240,7 @@ index 86976d0..683de93 100644 : "=3D&r" (result), "=3D&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter) : "cc"); -@@ -432,13 +777,25 @@ static inline int atomic64_add_unless(atomic64_t *= v, u64 a, u64 u) +@@ -432,13 +782,25 @@ static inline int atomic64_add_unless(atomic64_t *= v, u64 a, u64 u) " teq %0, %5\n" " teqeq %H0, %H5\n" " moveq %1, #0\n" @@ -1247,7 +1268,7 @@ index 86976d0..683de93 100644 : "=3D&r" (val), "+r" (ret), "=3D&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (u), "r" (a) : "cc"); -@@ -451,10 +808,13 @@ static inline int atomic64_add_unless(atomic64_t *= v, u64 a, u64 u) +@@ -451,10 +813,13 @@ static inline int atomic64_add_unless(atomic64_t *= v, u64 a, u64 u) =20 #define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0) #define atomic64_inc(v) atomic64_add(1LL, (v)) @@ -1347,7 +1368,7 @@ index 53426c6..c7baff3 100644 #ifdef CONFIG_OUTER_CACHE =20 diff --git a/arch/arm/include/asm/page.h b/arch/arm/include/asm/page.h -index ca94653..6ac0d56 100644 +index 97b440c..b7ff179 100644 --- a/arch/arm/include/asm/page.h +++ b/arch/arm/include/asm/page.h @@ -123,7 +123,7 @@ struct cpu_user_fns { @@ -1360,10 +1381,10 @@ index ca94653..6ac0d56 100644 #ifdef MULTI_USER extern struct cpu_user_fns cpu_user; diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system= .h -index 984014b..a6d914f 100644 +index e4c96cc..1145653 100644 --- a/arch/arm/include/asm/system.h +++ b/arch/arm/include/asm/system.h -@@ -90,6 +90,8 @@ void hook_ifault_code(int nr, int (*fn)(unsigned long,= unsigned int, +@@ -98,6 +98,8 @@ void hook_ifault_code(int nr, int (*fn)(unsigned long,= unsigned int, =20 #define xchg(ptr,x) \ ((__typeof__(*(ptr)))__xchg((unsigned long)(x),(ptr),sizeof(*(ptr)))) @@ -1372,16 +1393,7 @@ index 984014b..a6d914f 100644 =20 extern asmlinkage void c_backtrace(unsigned long fp, int pmode); =20 -@@ -101,7 +103,7 @@ extern int __pure cpu_architecture(void); - extern void cpu_init(void); -=20 - void arm_machine_restart(char mode, const char *cmd); --extern void (*arm_pm_restart)(char str, const char *cmd); -+extern void (*arm_pm_restart)(char str, const char *cmd) __noreturn; -=20 - #define UDBG_UNDEFINED (1 << 0) - #define UDBG_SYSCALL (1 << 1) -@@ -526,6 +528,13 @@ static inline unsigned long long __cmpxchg64_mb(vol= atile void *ptr, +@@ -534,6 +536,13 @@ static inline unsigned long long __cmpxchg64_mb(vol= atile void *ptr, =20 #endif /* __LINUX_ARM_ARCH__ >=3D 6 */ =20 @@ -1396,7 +1408,7 @@ index 984014b..a6d914f 100644 =20 #define arch_align_stack(x) (x) diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uacce= ss.h -index b293616..96310e5 100644 +index 2958976..12ccac4 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h @@ -22,6 +22,8 @@ @@ -1470,7 +1482,7 @@ index 5b0bce6..becd81c 100644 =20 EXPORT_SYMBOL(__get_user_1); diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c -index 3d0c6fb..9d326fa 100644 +index 971d65c..cc936fb 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -28,7 +28,6 @@ @@ -1481,33 +1493,19 @@ index 3d0c6fb..9d326fa 100644 #include #include =20 -@@ -92,7 +91,7 @@ static int __init hlt_setup(char *__unused) - __setup("nohlt", nohlt_setup); - __setup("hlt", hlt_setup); -=20 --void arm_machine_restart(char mode, const char *cmd) -+__noreturn void arm_machine_restart(char mode, const char *cmd) - { - /* Disable interrupts first */ - local_irq_disable(); -@@ -134,7 +133,7 @@ void arm_machine_restart(char mode, const char *cmd) - void (*pm_power_off)(void); - EXPORT_SYMBOL(pm_power_off); -=20 --void (*arm_pm_restart)(char str, const char *cmd) =3D arm_machine_resta= rt; -+void (*arm_pm_restart)(char str, const char *cmd) __noreturn =3D arm_ma= chine_restart; - EXPORT_SYMBOL_GPL(arm_pm_restart); -=20 - static void do_nothing(void *unused) -@@ -248,6 +247,7 @@ void machine_power_off(void) +@@ -273,9 +272,10 @@ void machine_power_off(void) machine_shutdown(); if (pm_power_off) pm_power_off(); + BUG(); } =20 - void machine_restart(char *cmd) -@@ -484,12 +484,6 @@ unsigned long get_wchan(struct task_struct *p) +-void machine_restart(char *cmd) ++__noreturn void machine_restart(char *cmd) + { + machine_shutdown(); +=20 +@@ -517,12 +517,6 @@ unsigned long get_wchan(struct task_struct *p) return 0; } =20 @@ -1521,10 +1519,10 @@ index 3d0c6fb..9d326fa 100644 /* * The vectors page is always readable from user space for the diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c -index 8fc2c8f..064c150 100644 +index a255c39..4a19b25 100644 --- a/arch/arm/kernel/setup.c +++ b/arch/arm/kernel/setup.c -@@ -108,13 +108,13 @@ struct processor processor __read_mostly; +@@ -109,13 +109,13 @@ struct processor processor __read_mostly; struct cpu_tlb_fns cpu_tlb __read_mostly; #endif #ifdef MULTI_USER @@ -1542,7 +1540,7 @@ index 8fc2c8f..064c150 100644 #endif =20 diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index 99a5727..a3d5bb1 100644 +index f84dfe6..13e94f7 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c @@ -259,6 +259,8 @@ static int __die(const char *str, int err, struct th= read_info *thread, struct pt @@ -1554,7 +1552,7 @@ index 99a5727..a3d5bb1 100644 /* * This function is protected against re-entrancy. */ -@@ -288,6 +290,9 @@ void die(const char *str, struct pt_regs *regs, int = err) +@@ -291,6 +293,9 @@ void die(const char *str, struct pt_regs *regs, int = err) panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); @@ -1631,7 +1629,7 @@ index d066df6..df28194 100644 =20 .pushsection .fixup,"ax" diff --git a/arch/arm/lib/uaccess.S b/arch/arm/lib/uaccess.S -index d0ece2a..5ae2f39 100644 +index 5c908b1..e712687 100644 --- a/arch/arm/lib/uaccess.S +++ b/arch/arm/lib/uaccess.S @@ -20,7 +20,7 @@ @@ -1643,7 +1641,7 @@ index d0ece2a..5ae2f39 100644 * Purpose : copy a block to user memory from kernel memory * Params : to - user memory * : from - kernel memory -@@ -40,7 +40,7 @@ USER( T(strgtb) r3, [r0], #1) @ May fault +@@ -40,7 +40,7 @@ USER( TUSER( strgtb) r3, [r0], #1) @ May fault sub r2, r2, ip b .Lc2u_dest_aligned =20 @@ -1652,9 +1650,9 @@ index d0ece2a..5ae2f39 100644 stmfd sp!, {r2, r4 - r7, lr} cmp r2, #4 blt .Lc2u_not_enough -@@ -278,14 +278,14 @@ USER( T(strgeb) r3, [r0], #1) @ May fault +@@ -278,14 +278,14 @@ USER( TUSER( strgeb) r3, [r0], #1) @ May fault ldrgtb r3, [r1], #0 - USER( T(strgtb) r3, [r0], #1) @ May fault + USER( TUSER( strgtb) r3, [r0], #1) @ May fault b .Lc2u_finished -ENDPROC(__copy_to_user) +ENDPROC(___copy_to_user) @@ -1669,7 +1667,7 @@ index d0ece2a..5ae2f39 100644 * Purpose : copy a block from user memory to kernel memory * Params : to - kernel memory * : from - user memory -@@ -304,7 +304,7 @@ USER( T(ldrgtb) r3, [r1], #1) @ May fault +@@ -304,7 +304,7 @@ USER( TUSER( ldrgtb) r3, [r1], #1) @ May fault sub r2, r2, ip b .Lcfu_dest_aligned =20 @@ -1678,8 +1676,8 @@ index d0ece2a..5ae2f39 100644 stmfd sp!, {r0, r2, r4 - r7, lr} cmp r2, #4 blt .Lcfu_not_enough -@@ -544,7 +544,7 @@ USER( T(ldrgeb) r3, [r1], #1) @ May fault - USER( T(ldrgtb) r3, [r1], #1) @ May fault +@@ -544,7 +544,7 @@ USER( TUSER( ldrgeb) r3, [r1], #1) @ May fault + USER( TUSER( ldrgtb) r3, [r1], #1) @ May fault strgtb r3, [r0], #1 b .Lcfu_finished -ENDPROC(__copy_from_user) @@ -1701,10 +1699,10 @@ index 025f742..8432b08 100644 /* * This test is stubbed out of the main function above to keep diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/boar= d-n8x0.c -index e9d5f4a..f099699 100644 +index 6722627..8f97548c 100644 --- a/arch/arm/mach-omap2/board-n8x0.c +++ b/arch/arm/mach-omap2/board-n8x0.c -@@ -593,7 +593,7 @@ static int n8x0_menelaus_late_init(struct device *de= v) +@@ -597,7 +597,7 @@ static int n8x0_menelaus_late_init(struct device *de= v) } #endif =20 @@ -1727,10 +1725,10 @@ index 2b2d51c..0127490 100644 static int mbox_show(struct seq_file *s, void *data) { diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c -index aa33949..d366075 100644 +index bb7eac3..3bade16 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c -@@ -183,6 +183,13 @@ __do_user_fault(struct task_struct *tsk, unsigned l= ong addr, +@@ -172,6 +172,13 @@ __do_user_fault(struct task_struct *tsk, unsigned l= ong addr, } #endif =20 @@ -1744,7 +1742,7 @@ index aa33949..d366075 100644 tsk->thread.address =3D addr; tsk->thread.error_code =3D fsr; tsk->thread.trap_no =3D 14; -@@ -384,6 +391,33 @@ do_page_fault(unsigned long addr, unsigned int fsr,= struct pt_regs *regs) +@@ -393,6 +400,33 @@ do_page_fault(unsigned long addr, unsigned int fsr,= struct pt_regs *regs) } #endif /* CONFIG_MMU */ =20 @@ -1778,7 +1776,7 @@ index aa33949..d366075 100644 /* * First Level Translation Fault Handler * -@@ -628,6 +662,20 @@ do_PrefetchAbort(unsigned long addr, unsigned int i= fsr, struct pt_regs *regs) +@@ -573,6 +607,20 @@ do_PrefetchAbort(unsigned long addr, unsigned int i= fsr, struct pt_regs *regs) const struct fsr_info *inf =3D ifsr_info + fsr_fs(ifsr); struct siginfo info; =20 @@ -1800,10 +1798,10 @@ index aa33949..d366075 100644 return; =20 diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c -index 44b628e..623ee2a 100644 +index ce8cb19..3ec539d 100644 --- a/arch/arm/mm/mmap.c +++ b/arch/arm/mm/mmap.c -@@ -54,6 +54,10 @@ arch_get_unmapped_area(struct file *filp, unsigned lo= ng addr, +@@ -93,6 +93,10 @@ arch_get_unmapped_area(struct file *filp, unsigned lo= ng addr, if (len > TASK_SIZE) return -ENOMEM; =20 @@ -1814,7 +1812,7 @@ index 44b628e..623ee2a 100644 if (addr) { if (do_align) addr =3D COLOUR_ALIGN(addr, pgoff); -@@ -61,15 +65,14 @@ arch_get_unmapped_area(struct file *filp, unsigned l= ong addr, +@@ -100,15 +104,14 @@ arch_get_unmapped_area(struct file *filp, unsigned= long addr, addr =3D PAGE_ALIGN(addr); =20 vma =3D find_vma(mm, addr); @@ -1827,14 +1825,14 @@ index 44b628e..623ee2a 100644 - start_addr =3D addr =3D mm->free_area_cache; + start_addr =3D addr =3D mm->free_area_cache; } else { -- start_addr =3D addr =3D TASK_UNMAPPED_BASE; +- start_addr =3D addr =3D mm->mmap_base; - mm->cached_hole_size =3D 0; + start_addr =3D addr =3D mm->mmap_base; + mm->cached_hole_size =3D 0; } - /* 8 bits of randomness in 20 address space bits */ - if ((current->flags & PF_RANDOMIZE) && -@@ -89,14 +92,14 @@ full_search: +=20 + full_search: +@@ -124,14 +127,14 @@ full_search: * Start a new search - just in case we missed * some holes. */ @@ -1852,11 +1850,34 @@ index 44b628e..623ee2a 100644 /* * Remember the place where we stopped the search: */ +@@ -266,10 +269,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +=20 + if (mmap_is_legacy()) { + mm->mmap_base =3D TASK_UNMAPPED_BASE + random_factor; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ mm->mmap_base +=3D mm->delta_mmap; ++#endif ++ + mm->get_unmapped_area =3D arch_get_unmapped_area; + mm->unmap_area =3D arch_unmap_area; + } else { + mm->mmap_base =3D mmap_base(random_factor); ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ mm->mmap_base -=3D mm->delta_mmap + mm->delta_stack; ++#endif ++ + mm->get_unmapped_area =3D arch_get_unmapped_area_topdown; + mm->unmap_area =3D arch_unmap_area_topdown; + } diff --git a/arch/arm/plat-samsung/include/plat/dma-ops.h b/arch/arm/pla= t-samsung/include/plat/dma-ops.h -index 4c1a363..df311d0 100644 +index 71a6827..e7fbc23 100644 --- a/arch/arm/plat-samsung/include/plat/dma-ops.h +++ b/arch/arm/plat-samsung/include/plat/dma-ops.h -@@ -41,7 +41,7 @@ struct samsung_dma_ops { +@@ -43,7 +43,7 @@ struct samsung_dma_ops { int (*started)(unsigned ch); int (*flush)(unsigned ch); int (*stop)(unsigned ch); @@ -2477,10 +2498,10 @@ index 5ca674b..e0e1b70 100644 addr =3D ALIGN(vmm->vm_end, HPAGE_SIZE); } diff --git a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c -index 00cb0e2..2ad8024 100644 +index 13df239d..cb52116 100644 --- a/arch/ia64/mm/init.c +++ b/arch/ia64/mm/init.c -@@ -120,6 +120,19 @@ ia64_init_addr_space (void) +@@ -121,6 +121,19 @@ ia64_init_addr_space (void) vma->vm_start =3D current->thread.rbs_bot & PAGE_MASK; vma->vm_end =3D vma->vm_start + PAGE_SIZE; vma->vm_flags =3D VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT; @@ -2650,10 +2671,10 @@ index 455c0ac..ad65fbe 100644 - #endif /* _ASM_ELF_H */ diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h -index e59cd1a..8e329d6 100644 +index da9bd7d..91aa7ab 100644 --- a/arch/mips/include/asm/page.h +++ b/arch/mips/include/asm/page.h -@@ -93,7 +93,7 @@ extern void copy_user_highpage(struct page *to, struct= page *from, +@@ -98,7 +98,7 @@ extern void copy_user_highpage(struct page *to, struct= page *from, #ifdef CONFIG_CPU_MIPS32 typedef struct { unsigned long pte_low, pte_high; } pte_t; #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_h= igh << 32)) @@ -2711,10 +2732,10 @@ index ff44823..97f8906 100644 =20 /* diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c -index c47f96e..661d418 100644 +index 7955409..ceaea7c 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c -@@ -481,15 +481,3 @@ unsigned long get_wchan(struct task_struct *task) +@@ -483,15 +483,3 @@ unsigned long get_wchan(struct task_struct *task) out: return pc; } @@ -2731,7 +2752,7 @@ index c47f96e..661d418 100644 - return sp & ALMASK; -} diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c -index 937cf33..adb39bb 100644 +index 69ebd58..e4bff83 100644 --- a/arch/mips/mm/fault.c +++ b/arch/mips/mm/fault.c @@ -28,6 +28,23 @@ @@ -3417,10 +3438,10 @@ index d4a7f64..451de1c 100644 return (vm_flags & VM_SAO) ? __pgprot(_PAGE_SAO) : __pgprot(0); } diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/= page.h -index dd9c4fd..a2ced87 100644 +index f072e97..b436dee 100644 --- a/arch/powerpc/include/asm/page.h +++ b/arch/powerpc/include/asm/page.h -@@ -141,8 +141,9 @@ extern phys_addr_t kernstart_addr; +@@ -220,8 +220,9 @@ extern long long virt_phys_offset; * and needs to be executable. This means the whole heap ends * up being executable. */ @@ -3432,7 +3453,7 @@ index dd9c4fd..a2ced87 100644 =20 #define VM_DATA_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \ VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) -@@ -170,6 +171,9 @@ extern phys_addr_t kernstart_addr; +@@ -249,6 +250,9 @@ extern long long virt_phys_offset; #define is_kernel_addr(x) ((x) >=3D PAGE_OFFSET) #endif =20 @@ -3443,10 +3464,10 @@ index dd9c4fd..a2ced87 100644 * Use the top bit of the higher-level page table entries to indicate w= hether * the entries we point to contain hugepages. This works because we kn= ow that diff --git a/arch/powerpc/include/asm/page_64.h b/arch/powerpc/include/a= sm/page_64.h -index fb40ede..d3ce956 100644 +index fed85e6..da5c71b 100644 --- a/arch/powerpc/include/asm/page_64.h +++ b/arch/powerpc/include/asm/page_64.h -@@ -144,15 +144,18 @@ do { \ +@@ -146,15 +146,18 @@ do { \ * stack by default, so in the absence of a PT_GNU_STACK program header * we turn execute permission off. */ @@ -3468,7 +3489,7 @@ index fb40ede..d3ce956 100644 #include =20 diff --git a/arch/powerpc/include/asm/pgtable.h b/arch/powerpc/include/a= sm/pgtable.h -index 88b0bd9..e32bc67 100644 +index 2e0e411..7899c68 100644 --- a/arch/powerpc/include/asm/pgtable.h +++ b/arch/powerpc/include/asm/pgtable.h @@ -2,6 +2,7 @@ @@ -3492,7 +3513,7 @@ index 4aad413..85d86bf 100644 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */ #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */ diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/r= eg.h -index 559da19..7e5835c 100644 +index 7fdc2c0..e47a9b02d3 100644 --- a/arch/powerpc/include/asm/reg.h +++ b/arch/powerpc/include/asm/reg.h @@ -212,6 +212,7 @@ @@ -3504,10 +3525,10 @@ index 559da19..7e5835c 100644 #define DSISR_ISSTORE 0x02000000 /* access was a store */ #define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */ diff --git a/arch/powerpc/include/asm/system.h b/arch/powerpc/include/as= m/system.h -index e30a13d..2b7d994 100644 +index c377457..3c69fbc 100644 --- a/arch/powerpc/include/asm/system.h +++ b/arch/powerpc/include/asm/system.h -@@ -530,7 +530,7 @@ __cmpxchg_local(volatile void *ptr, unsigned long ol= d, unsigned long new, +@@ -539,7 +539,7 @@ __cmpxchg_local(volatile void *ptr, unsigned long ol= d, unsigned long new, #define cmpxchg64_local(ptr, o, n) __cmpxchg64_local_generic((ptr), (o)= , (n)) #endif =20 @@ -3720,7 +3741,7 @@ index 429983c..7af363b 100644 ld r4,_DAR(r1) bl .bad_page_fault diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/= exceptions-64s.S -index cf9c69b..ebc9640 100644 +index 15c5a4f..22a4000 100644 --- a/arch/powerpc/kernel/exceptions-64s.S +++ b/arch/powerpc/kernel/exceptions-64s.S @@ -1004,10 +1004,10 @@ handle_page_fault: @@ -3736,10 +3757,10 @@ index cf9c69b..ebc9640 100644 addi r3,r1,STACK_FRAME_OVERHEAD lwz r4,_DAR(r1) diff --git a/arch/powerpc/kernel/irq.c b/arch/powerpc/kernel/irq.c -index 745c1e7..59d97a6 100644 +index 01e2877..a1ba360 100644 --- a/arch/powerpc/kernel/irq.c +++ b/arch/powerpc/kernel/irq.c -@@ -547,9 +547,6 @@ struct irq_host *irq_alloc_host(struct device_node *= of_node, +@@ -560,9 +560,6 @@ struct irq_host *irq_alloc_host(struct device_node *= of_node, host->ops =3D ops; host->of_node =3D of_node_get(of_node); =20 @@ -3749,7 +3770,7 @@ index 745c1e7..59d97a6 100644 raw_spin_lock_irqsave(&irq_big_lock, flags); =20 /* If it's a legacy controller, check for duplicates and -@@ -622,7 +619,12 @@ struct irq_host *irq_find_host(struct device_node *= node) +@@ -635,7 +632,12 @@ struct irq_host *irq_find_host(struct device_node *= node) */ raw_spin_lock_irqsave(&irq_big_lock, flags); list_for_each_entry(h, &irq_hosts, link) @@ -3797,10 +3818,10 @@ index 0b6d796..d760ddb 100644 /* Find this entry, or if that fails, the next avail. entry */ while (entry->jump[0]) { diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process= .c -index 6457574..08b28d3 100644 +index d817ab0..b23b18e 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c -@@ -660,8 +660,8 @@ void show_regs(struct pt_regs * regs) +@@ -676,8 +676,8 @@ void show_regs(struct pt_regs * regs) * Lookup NIP late so we have the best change of getting the * above info out without failing */ @@ -3811,7 +3832,7 @@ index 6457574..08b28d3 100644 #endif show_stack(current, (unsigned long *) regs->gpr[1]); if (!user_mode(regs)) -@@ -1165,10 +1165,10 @@ void show_stack(struct task_struct *tsk, unsigne= d long *stack) +@@ -1181,10 +1181,10 @@ void show_stack(struct task_struct *tsk, unsigne= d long *stack) newsp =3D stack[0]; ip =3D stack[STACK_FRAME_LR_SAVE]; if (!firstframe || ip !=3D lr) { @@ -3824,7 +3845,7 @@ index 6457574..08b28d3 100644 (void *)current->ret_stack[curr_frame].ret); curr_frame--; } -@@ -1188,7 +1188,7 @@ void show_stack(struct task_struct *tsk, unsigned = long *stack) +@@ -1204,7 +1204,7 @@ void show_stack(struct task_struct *tsk, unsigned = long *stack) struct pt_regs *regs =3D (struct pt_regs *) (sp + STACK_FRAME_OVERHEAD); lr =3D regs->link; @@ -3833,7 +3854,7 @@ index 6457574..08b28d3 100644 regs->trap, (void *)regs->nip, (void *)lr); firstframe =3D 1; } -@@ -1263,58 +1263,3 @@ void thread_info_cache_init(void) +@@ -1279,58 +1279,3 @@ void thread_info_cache_init(void) } =20 #endif /* THREAD_SHIFT < PAGE_SHIFT */ @@ -3919,26 +3940,27 @@ index a50b5ec..547078a 100644 } else { err |=3D setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]); diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c -index 5459d14..10f8070 100644 +index c091527..5592625 100644 --- a/arch/powerpc/kernel/traps.c +++ b/arch/powerpc/kernel/traps.c -@@ -98,6 +98,8 @@ static void pmac_backlight_unblank(void) - static inline void pmac_backlight_unblank(void) { } - #endif +@@ -131,6 +131,8 @@ static unsigned __kprobes long oops_begin(struct pt_= regs *regs) + return flags; + } =20 +extern void gr_handle_kernel_exploit(void); + - int die(const char *str, struct pt_regs *regs, long err) + static void __kprobes oops_end(unsigned long flags, struct pt_regs *reg= s, + int signr) { - static struct { -@@ -171,6 +173,8 @@ int die(const char *str, struct pt_regs *regs, long = err) +@@ -178,6 +180,9 @@ static void __kprobes oops_end(unsigned long flags, = struct pt_regs *regs, + panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); -=20 ++ + gr_handle_kernel_exploit(); + - oops_exit(); - do_exit(err); + do_exit(signr); + } =20 diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c index 7d14bb6..1305601 100644 @@ -4006,7 +4028,7 @@ index 5eea6f3..5d10396 100644 EXPORT_SYMBOL(copy_in_user); =20 diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c -index 5efe8c9..db9ceef 100644 +index 2f0d1b0..36fb5cc 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -32,6 +32,10 @@ @@ -4026,9 +4048,9 @@ index 5efe8c9..db9ceef 100644 #include +#include =20 - #ifdef CONFIG_KPROBES - static inline int notify_page_fault(struct pt_regs *regs) -@@ -66,6 +71,33 @@ static inline int notify_page_fault(struct pt_regs *r= egs) + #include "icswx.h" +=20 +@@ -68,6 +73,33 @@ static inline int notify_page_fault(struct pt_regs *r= egs) } #endif =20 @@ -4062,7 +4084,7 @@ index 5efe8c9..db9ceef 100644 /* * Check whether the instruction at regs->nip is a store using * an update addressing form which will update r1. -@@ -136,7 +168,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, un= signed long address, +@@ -138,7 +170,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, un= signed long address, * indicate errors in DSISR but can validly be set in SRR1. */ if (trap =3D=3D 0x400) @@ -4071,7 +4093,7 @@ index 5efe8c9..db9ceef 100644 else is_write =3D error_code & DSISR_ISSTORE; #else -@@ -259,7 +291,7 @@ good_area: +@@ -276,7 +308,7 @@ good_area: * "undefined". Of those that can be set, this is the only * one which seems bad. */ @@ -4080,7 +4102,7 @@ index 5efe8c9..db9ceef 100644 /* Guarded storage error. */ goto bad_area; #endif /* CONFIG_8xx */ -@@ -274,7 +306,7 @@ good_area: +@@ -291,7 +323,7 @@ good_area: * processors use the same I/D cache coherency mechanism * as embedded. */ @@ -4089,7 +4111,7 @@ index 5efe8c9..db9ceef 100644 goto bad_area; #endif /* CONFIG_PPC_STD_MMU */ =20 -@@ -343,6 +375,23 @@ bad_area: +@@ -360,6 +392,23 @@ bad_area: bad_area_nosemaphore: /* User mode accesses cause a SIGSEGV */ if (user_mode(regs)) { @@ -4114,10 +4136,10 @@ index 5efe8c9..db9ceef 100644 return 0; } diff --git a/arch/powerpc/mm/mmap_64.c b/arch/powerpc/mm/mmap_64.c -index 5a783d8..c23e14b 100644 +index 67a42ed..1c7210c 100644 --- a/arch/powerpc/mm/mmap_64.c +++ b/arch/powerpc/mm/mmap_64.c -@@ -99,10 +99,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -91,10 +91,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) */ if (mmap_is_legacy()) { mm->mmap_base =3D TASK_UNMAPPED_BASE; @@ -4277,10 +4299,10 @@ index 547f1a6..0b22b53 100644 - #endif diff --git a/arch/s390/include/asm/system.h b/arch/s390/include/asm/syst= em.h -index ef573c1..75a1ce6 100644 +index d73cc6b..1a296ad 100644 --- a/arch/s390/include/asm/system.h +++ b/arch/s390/include/asm/system.h -@@ -262,7 +262,7 @@ extern void (*_machine_restart)(char *command); +@@ -260,7 +260,7 @@ extern void (*_machine_restart)(char *command); extern void (*_machine_halt)(void); extern void (*_machine_power_off)(void); =20 @@ -4401,10 +4423,10 @@ index dfcb343..eda788a 100644 if (r_type =3D=3D R_390_GOTPC) *(unsigned int *) loc =3D val; diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c -index 53088e2..9f44a36 100644 +index e795933..b32563c 100644 --- a/arch/s390/kernel/process.c +++ b/arch/s390/kernel/process.c -@@ -320,39 +320,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -323,39 +323,3 @@ unsigned long get_wchan(struct task_struct *p) } return 0; } @@ -4630,18 +4652,6 @@ index afeb710..d1d1289 100644 =20 bottomup: /* -diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig -index f92602e..27060b2 100644 ---- a/arch/sparc/Kconfig -+++ b/arch/sparc/Kconfig -@@ -31,6 +31,7 @@ config SPARC -=20 - config SPARC32 - def_bool !64BIT -+ select GENERIC_ATOMIC64 -=20 - config SPARC64 - def_bool 64BIT diff --git a/arch/sparc/Makefile b/arch/sparc/Makefile index eddcfb3..b117d90 100644 --- a/arch/sparc/Makefile @@ -4655,19 +4665,6 @@ index eddcfb3..b117d90 100644 VMLINUX_MAIN +=3D $(patsubst %/, %/lib.a, $(libs-y)) $(libs-y) VMLINUX_MAIN +=3D $(drivers-y) $(net-y) =20 -diff --git a/arch/sparc/include/asm/atomic_32.h b/arch/sparc/include/asm= /atomic_32.h -index 5c3c8b6..ba822fa 100644 ---- a/arch/sparc/include/asm/atomic_32.h -+++ b/arch/sparc/include/asm/atomic_32.h -@@ -13,6 +13,8 @@ -=20 - #include -=20 -+#include -+ - #ifdef __KERNEL__ -=20 - #include diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm= /atomic_64.h index 9f421df..b81fc12 100644 --- a/arch/sparc/include/asm/atomic_64.h @@ -4912,19 +4909,6 @@ index 7df8b7f..4946269 100644 extern unsigned long sparc64_elf_hwcap; #define ELF_HWCAP sparc64_elf_hwcap =20 -diff --git a/arch/sparc/include/asm/page_32.h b/arch/sparc/include/asm/p= age_32.h -index 156707b..aefa786 100644 ---- a/arch/sparc/include/asm/page_32.h -+++ b/arch/sparc/include/asm/page_32.h -@@ -8,6 +8,8 @@ - #ifndef _SPARC_PAGE_H - #define _SPARC_PAGE_H -=20 -+#include -+ - #define PAGE_SHIFT 12 -=20 - #ifndef __ASSEMBLY__ diff --git a/arch/sparc/include/asm/pgtable_32.h b/arch/sparc/include/as= m/pgtable_32.h index a790cc6..091ed94 100644 --- a/arch/sparc/include/asm/pgtable_32.h @@ -5080,7 +5064,7 @@ index 9689176..63c18ea 100644 unsigned long mask, tmp1, tmp2, result; =20 diff --git a/arch/sparc/include/asm/thread_info_32.h b/arch/sparc/includ= e/asm/thread_info_32.h -index fa57532..e1a4c53 100644 +index c2a1080..21ed218 100644 --- a/arch/sparc/include/asm/thread_info_32.h +++ b/arch/sparc/include/asm/thread_info_32.h @@ -50,6 +50,8 @@ struct thread_info { @@ -5093,7 +5077,7 @@ index fa57532..e1a4c53 100644 =20 /* diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/includ= e/asm/thread_info_64.h -index 60d86be..952dea1 100644 +index 01d057f..0a02f7e 100644 --- a/arch/sparc/include/asm/thread_info_64.h +++ b/arch/sparc/include/asm/thread_info_64.h @@ -63,6 +63,8 @@ struct thread_info { @@ -5277,10 +5261,10 @@ index f793742..4d880af 100644 } while (++count < 16); printk("\n"); diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_= 64.c -index 3739a06..48b2ff0 100644 +index 39d8b05..d1a7d90 100644 --- a/arch/sparc/kernel/process_64.c +++ b/arch/sparc/kernel/process_64.c -@@ -180,14 +180,14 @@ static void show_regwindow(struct pt_regs *regs) +@@ -182,14 +182,14 @@ static void show_regwindow(struct pt_regs *regs) printk("i4: %016lx i5: %016lx i6: %016lx i7: %016lx\n", rwk->ins[4], rwk->ins[5], rwk->ins[6], rwk->ins[7]); if (regs->tstate & TSTATE_PRIV) @@ -5297,7 +5281,7 @@ index 3739a06..48b2ff0 100644 printk("g0: %016lx g1: %016lx g2: %016lx g3: %016lx\n", regs->u_regs[0], regs->u_regs[1], regs->u_regs[2], regs->u_regs[3]); -@@ -200,7 +200,7 @@ void show_regs(struct pt_regs *regs) +@@ -202,7 +202,7 @@ void show_regs(struct pt_regs *regs) printk("o4: %016lx o5: %016lx sp: %016lx ret_pc: %016lx\n", regs->u_regs[12], regs->u_regs[13], regs->u_regs[14], regs->u_regs[15]); @@ -5306,7 +5290,7 @@ index 3739a06..48b2ff0 100644 show_regwindow(regs); show_stack(current, (unsigned long *) regs->u_regs[UREG_FP]); } -@@ -285,7 +285,7 @@ void arch_trigger_all_cpu_backtrace(void) +@@ -287,7 +287,7 @@ void arch_trigger_all_cpu_backtrace(void) ((tp && tp->task) ? tp->task->pid : -1)); =20 if (gp->tstate & TSTATE_PRIV) { @@ -5338,7 +5322,7 @@ index 42b282f..28ce9f2 100644 addr =3D vmm->vm_end; if (flags & MAP_SHARED) diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sp= arc_64.c -index 441521a..b767073 100644 +index 232df99..cee1f9c 100644 --- a/arch/sparc/kernel/sys_sparc_64.c +++ b/arch/sparc/kernel/sys_sparc_64.c @@ -124,7 +124,7 @@ unsigned long arch_get_unmapped_area(struct file *fi= lp, unsigned long addr, unsi @@ -5927,10 +5911,10 @@ index 59186e0..f747d7a 100644 cmp %g1, %g7 bne,pn %xcc, BACKOFF_LABEL(2f, 1b) diff --git a/arch/sparc/lib/ksyms.c b/arch/sparc/lib/ksyms.c -index 1b30bb3..b4a16c7 100644 +index f73c224..662af10 100644 --- a/arch/sparc/lib/ksyms.c +++ b/arch/sparc/lib/ksyms.c -@@ -142,12 +142,18 @@ EXPORT_SYMBOL(__downgrade_write); +@@ -136,12 +136,18 @@ EXPORT_SYMBOL(__downgrade_write); =20 /* Atomic counter implementation. */ EXPORT_SYMBOL(atomic_add); @@ -6940,7 +6924,7 @@ index 392e533..536b092 100644 /* bytes per L2 cache line */ #define L2_CACHE_SHIFT CHIP_L2_LOG_LINE_SIZE() diff --git a/arch/um/Makefile b/arch/um/Makefile -index 7730af6..cce5b19 100644 +index 28688e6..4c0aa1c 100644 --- a/arch/um/Makefile +++ b/arch/um/Makefile @@ -61,6 +61,10 @@ USER_CFLAGS =3D $(patsubst $(KERNEL_DEFINES),,$(patsu= bst -D__KERNEL__,,\ @@ -7001,10 +6985,10 @@ index 7cfc3ce..cbd1a58 100644 =20 struct page; diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c -index c533835..84db18e 100644 +index 69f2490..2634831 100644 --- a/arch/um/kernel/process.c +++ b/arch/um/kernel/process.c -@@ -406,22 +406,6 @@ int singlestepping(void * t) +@@ -408,22 +408,6 @@ int singlestepping(void * t) return 2; } =20 @@ -7045,10 +7029,10 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index efb4294..61bc18c 100644 +index 5bed94e..fbcf200 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -235,7 +235,7 @@ config X86_HT +@@ -226,7 +226,7 @@ config X86_HT =20 config X86_32_LAZY_GS def_bool y @@ -7057,7 +7041,7 @@ index efb4294..61bc18c 100644 =20 config ARCH_HWEIGHT_CFLAGS string -@@ -1022,7 +1022,7 @@ choice +@@ -1058,7 +1058,7 @@ choice =20 config NOHIGHMEM bool "off" @@ -7066,7 +7050,7 @@ index efb4294..61bc18c 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1059,7 +1059,7 @@ config NOHIGHMEM +@@ -1095,7 +1095,7 @@ config NOHIGHMEM =20 config HIGHMEM4G bool "4GB" @@ -7075,7 +7059,7 @@ index efb4294..61bc18c 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1113,7 +1113,7 @@ config PAGE_OFFSET +@@ -1149,7 +1149,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -7084,7 +7068,7 @@ index efb4294..61bc18c 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1496,6 +1496,7 @@ config SECCOMP +@@ -1539,6 +1539,7 @@ config SECCOMP =20 config CC_STACKPROTECTOR bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL= )" @@ -7092,7 +7076,7 @@ index efb4294..61bc18c 100644 ---help--- This option turns on the -fstack-protector GCC feature. This feature puts, at the beginning of functions, a canary value on -@@ -1553,6 +1554,7 @@ config KEXEC_JUMP +@@ -1596,6 +1597,7 @@ config KEXEC_JUMP config PHYSICAL_START hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_= DUMP) default "0x1000000" @@ -7100,7 +7084,7 @@ index efb4294..61bc18c 100644 ---help--- This gives the physical address where the kernel is loaded. =20 -@@ -1616,6 +1618,7 @@ config X86_NEED_RELOCS +@@ -1659,6 +1661,7 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" if X86_32 default "0x1000000" @@ -7108,7 +7092,7 @@ index efb4294..61bc18c 100644 range 0x2000 0x1000000 ---help--- This value puts the alignment restrictions on physical address -@@ -1647,9 +1650,10 @@ config HOTPLUG_CPU +@@ -1690,9 +1693,10 @@ config HOTPLUG_CPU Say N if you want to disable CPU hotplug. =20 config COMPAT_VDSO @@ -7121,10 +7105,10 @@ index efb4294..61bc18c 100644 Map the 32-bit VDSO to the predictable old-style address too. =20 diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu -index e3ca7e0..b30b28a 100644 +index 3c57033..22d44aa 100644 --- a/arch/x86/Kconfig.cpu +++ b/arch/x86/Kconfig.cpu -@@ -341,7 +341,7 @@ config X86_PPRO_FENCE +@@ -335,7 +335,7 @@ config X86_PPRO_FENCE =20 config X86_F00F_BUG def_bool y @@ -7133,7 +7117,7 @@ index e3ca7e0..b30b28a 100644 =20 config X86_INVD_BUG def_bool y -@@ -365,7 +365,7 @@ config X86_POPAD_OK +@@ -359,7 +359,7 @@ config X86_POPAD_OK =20 config X86_ALIGNMENT_16 def_bool y @@ -7142,7 +7126,7 @@ index e3ca7e0..b30b28a 100644 =20 config X86_INTEL_USERCOPY def_bool y -@@ -411,7 +411,7 @@ config X86_CMPXCHG64 +@@ -405,7 +405,7 @@ config X86_CMPXCHG64 # generates cmov. config X86_CMOV def_bool y @@ -7152,10 +7136,10 @@ index e3ca7e0..b30b28a 100644 config X86_MINIMUM_CPU_FAMILY int diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug -index bf56e17..05f9891 100644 +index e46c214..7c72b55 100644 --- a/arch/x86/Kconfig.debug +++ b/arch/x86/Kconfig.debug -@@ -81,7 +81,7 @@ config X86_PTDUMP +@@ -84,7 +84,7 @@ config X86_PTDUMP config DEBUG_RODATA bool "Write protect kernel read-only data structures" default y @@ -7164,7 +7148,7 @@ index bf56e17..05f9891 100644 ---help--- Mark the kernel read-only data as write-protected in the pagetables, in order to catch accidental (and incorrect) writes to such const -@@ -99,7 +99,7 @@ config DEBUG_RODATA_TEST +@@ -102,7 +102,7 @@ config DEBUG_RODATA_TEST =20 config DEBUG_SET_MODULE_RONX bool "Set loadable kernel module data as NX and text as RO" @@ -7174,7 +7158,7 @@ index bf56e17..05f9891 100644 This option helps catch unintended modifications to loadable kernel module's text and read-only data. It also prevents execution diff --git a/arch/x86/Makefile b/arch/x86/Makefile -index b02e509..2631e48 100644 +index 209ba12..15140db 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -46,6 +46,7 @@ else @@ -7185,7 +7169,7 @@ index b02e509..2631e48 100644 KBUILD_AFLAGS +=3D -m64 KBUILD_CFLAGS +=3D -m64 =20 -@@ -195,3 +196,12 @@ define archhelp +@@ -201,3 +202,12 @@ define archhelp echo ' FDARGS=3D"..." arguments for the booted ker= nel' echo ' FDINITRD=3Dfile initrd for the booted kernel= ' endef @@ -7257,7 +7241,7 @@ index c7093bd..d4247ffe0 100644 return diff; } diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compresse= d/Makefile -index 09664ef..edc5d03 100644 +index b123b9a..2cf2f23 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -14,6 +14,9 @@ cflags-$(CONFIG_X86_64) :=3D -mcmodel=3Dsmall @@ -7271,10 +7255,10 @@ index 09664ef..edc5d03 100644 KBUILD_AFLAGS :=3D $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE :=3D n diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compress= ed/head_32.S -index 67a655a..b924059 100644 +index a055993..47e126c 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S -@@ -76,7 +76,7 @@ ENTRY(startup_32) +@@ -98,7 +98,7 @@ preferred_addr: notl %eax andl %eax, %ebx #else @@ -7283,7 +7267,7 @@ index 67a655a..b924059 100644 #endif =20 /* Target address to relocate to for decompression */ -@@ -162,7 +162,7 @@ relocated: +@@ -184,7 +184,7 @@ relocated: * and where it was actually loaded. */ movl %ebp, %ebx @@ -7292,7 +7276,7 @@ index 67a655a..b924059 100644 jz 2f /* Nothing to be done if loaded at compiled addr. */ /* * Process relocations. -@@ -170,8 +170,7 @@ relocated: +@@ -192,8 +192,7 @@ relocated: =20 1: subl $4, %edi movl (%edi), %ecx @@ -7303,7 +7287,7 @@ index 67a655a..b924059 100644 jmp 1b 2: diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compress= ed/head_64.S -index 35af09d..99c9676 100644 +index 558d76c..606aa24 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -91,7 +91,7 @@ ENTRY(startup_32) @@ -7315,7 +7299,7 @@ index 35af09d..99c9676 100644 #endif =20 /* Target address to relocate to for decompression */ -@@ -233,7 +233,7 @@ ENTRY(startup_64) +@@ -253,7 +253,7 @@ preferred_addr: notq %rax andq %rax, %rbp #else @@ -7325,7 +7309,7 @@ index 35af09d..99c9676 100644 =20 /* Target address to relocate to for decompression */ diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/= misc.c -index 3a19d04..7c1d55a 100644 +index 7116dcb..d9ae1d7 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -310,7 +310,7 @@ static void parse_elf(void *output) @@ -7337,7 +7321,7 @@ index 3a19d04..7c1d55a 100644 #else dest =3D (void *)(phdr->p_paddr); #endif -@@ -363,7 +363,7 @@ asmlinkage void decompress_kernel(void *rmode, mempt= r heap, +@@ -365,7 +365,7 @@ asmlinkage void decompress_kernel(void *rmode, mempt= r heap, error("Destination address too large"); #endif #ifndef CONFIG_RELOCATABLE @@ -7642,10 +7626,10 @@ index 4d3ff03..e4972ff 100644 err =3D check_flags(); } diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S -index bdb4d45..0476680 100644 +index f1bbeeb..aff09cb 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S -@@ -224,7 +224,7 @@ setup_data: .quad 0 # 64-bit physical pointer to +@@ -372,7 +372,7 @@ setup_data: .quad 0 # 64-bit physical pointer to # single linked list of # struct setup_data =20 @@ -7992,6 +7976,40 @@ index 6214a9b..1f4fc9a 100644 mov %rsi,%rdx + pax_force_retaddr ret +diff --git a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S b/arch/x86/cry= pto/serpent-sse2-x86_64-asm_64.S +index 7f24a15..9cd3ffe 100644 +--- a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S ++++ b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S +@@ -24,6 +24,8 @@ + * + */ +=20 ++#include ++ + .file "serpent-sse2-x86_64-asm_64.S" + .text +=20 +@@ -695,12 +697,14 @@ __serpent_enc_blk_8way: + write_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); + write_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); +=20 ++ pax_force_retaddr + ret; +=20 + __enc_xor8: + xor_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); + xor_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); +=20 ++ pax_force_retaddr + ret; +=20 + .align 8 +@@ -758,4 +762,5 @@ serpent_dec_blk_8way: + write_blocks(%rsi, RC1, RD1, RB1, RE1, RK0, RK1, RK2); + write_blocks(%rax, RC2, RD2, RB2, RE2, RK0, RK1, RK2); +=20 ++ pax_force_retaddr + ret; diff --git a/arch/x86/crypto/sha1_ssse3_asm.S b/arch/x86/crypto/sha1_sss= e3_asm.S index b2c2f57..8470cab 100644 --- a/arch/x86/crypto/sha1_ssse3_asm.S @@ -8076,7 +8094,7 @@ index 7bcf3fc..f53832f 100644 + pax_force_retaddr 0, 1 ret diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c -index fd84387..887aa7e 100644 +index 39e4909..887aa7e 100644 --- a/arch/x86/ia32/ia32_aout.c +++ b/arch/x86/ia32/ia32_aout.c @@ -162,6 +162,8 @@ static int aout_core_dump(long signr, struct pt_regs= *regs, struct file *file, @@ -8088,34 +8106,6 @@ index fd84387..887aa7e 100644 fs =3D get_fs(); set_fs(KERNEL_DS); has_dumped =3D 1; -@@ -315,6 +317,13 @@ static int load_aout_binary(struct linux_binprm *bp= rm, struct pt_regs *regs) - current->mm->free_area_cache =3D TASK_UNMAPPED_BASE; - current->mm->cached_hole_size =3D 0; -=20 -+ retval =3D setup_arg_pages(bprm, IA32_STACK_TOP, EXSTACK_DEFAULT); -+ if (retval < 0) { -+ /* Someone check-me: is this error path enough? */ -+ send_sig(SIGKILL, current, 0); -+ return retval; -+ } -+ - install_exec_creds(bprm); - current->flags &=3D ~PF_FORKNOEXEC; -=20 -@@ -410,13 +419,6 @@ beyond_if: -=20 - set_brk(current->mm->start_brk, current->mm->brk); -=20 -- retval =3D setup_arg_pages(bprm, IA32_STACK_TOP, EXSTACK_DEFAULT); -- if (retval < 0) { -- /* Someone check-me: is this error path enough? */ -- send_sig(SIGKILL, current, 0); -- return retval; -- } -- - current->mm->start_stack =3D - (unsigned long)create_aout_tables((char __user *)bprm->p, bprm); - /* start thread */ diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c index 6557769..ef6ae89 100644 --- a/arch/x86/ia32/ia32_signal.c @@ -8197,20 +8187,21 @@ index 6557769..ef6ae89 100644 =20 if (err) diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S -index a6253ec..4ad2120 100644 +index e3e7340..05ed805 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S -@@ -13,7 +13,9 @@ +@@ -13,8 +13,10 @@ #include =09 #include #include +#include #include + #include +#include =20 /* Avoid __ASSEMBLER__'ifying just for this. */ #include -@@ -95,6 +97,32 @@ ENTRY(native_irq_enable_sysexit) +@@ -94,6 +96,32 @@ ENTRY(native_irq_enable_sysexit) ENDPROC(native_irq_enable_sysexit) #endif =20 @@ -8243,7 +8234,7 @@ index a6253ec..4ad2120 100644 /* * 32bit SYSENTER instruction entry. * -@@ -121,12 +149,6 @@ ENTRY(ia32_sysenter_target) +@@ -120,12 +148,6 @@ ENTRY(ia32_sysenter_target) CFI_REGISTER rsp,rbp SWAPGS_UNSAFE_STACK movq PER_CPU_VAR(kernel_stack), %rsp @@ -8256,11 +8247,11 @@ index a6253ec..4ad2120 100644 movl %ebp,%ebp /* zero extension */ pushq_cfi $__USER32_DS /*CFI_REL_OFFSET ss,0*/ -@@ -134,25 +156,39 @@ ENTRY(ia32_sysenter_target) +@@ -133,24 +155,39 @@ ENTRY(ia32_sysenter_target) CFI_REL_OFFSET rsp,0 pushfq_cfi /*CFI_REL_OFFSET rflags,0*/ -- movl 8*3-THREAD_SIZE+TI_sysenter_return(%rsp), %r10d +- movl TI_sysenter_return+THREAD_INFO(%rsp,3*8-KERNEL_STACK_OFFSET),%r10= d - CFI_REGISTER rip,r10 + orl $X86_EFLAGS_IF,(%rsp) + GET_THREAD_INFO(%r11) @@ -8293,78 +8284,75 @@ index a6253ec..4ad2120 100644 .section __ex_table,"a" .quad 1b,ia32_badarg .previous=09 -- GET_THREAD_INFO(%r10) -- orl $TS_COMPAT,TI_status(%r10) -- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10) +- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) +- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFS= ET) + GET_THREAD_INFO(%r11) + orl $TS_COMPAT,TI_status(%r11) + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11) CFI_REMEMBER_STATE jnz sysenter_tracesys cmpq $(IA32_NR_syscalls-1),%rax -@@ -162,13 +198,15 @@ sysenter_do_call: +@@ -160,12 +197,15 @@ sysenter_do_call: sysenter_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) -- GET_THREAD_INFO(%r10) + GET_THREAD_INFO(%r11) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF -- testl $_TIF_ALLWORK_MASK,TI_flags(%r10) +- testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + testl $_TIF_ALLWORK_MASK,TI_flags(%r11) jnz sysexit_audit sysexit_from_sys_call: -- andl $~TS_COMPAT,TI_status(%r10) +- andl $~TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) + pax_exit_kernel_user + pax_erase_kstack + andl $~TS_COMPAT,TI_status(%r11) /* clear IF, that popfq doesn't enable interrupts early */ andl $~0x200,EFLAGS-R11(%rsp)=20 movl RIP-R11(%rsp),%edx /* User %eip */ -@@ -194,6 +232,9 @@ sysexit_from_sys_call: +@@ -191,6 +231,9 @@ sysexit_from_sys_call: movl %eax,%esi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */ - call audit_syscall_entry + call __audit_syscall_entry + + pax_erase_kstack + movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */ cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -205,7 +246,7 @@ sysexit_from_sys_call: +@@ -202,7 +245,7 @@ sysexit_from_sys_call: .endm =20 .macro auditsys_exit exit -- testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) +- testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(= %rsp,RIP-ARGOFFSET) + testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r11) jnz ia32_ret_from_sys_call TRACE_IRQS_ON sti -@@ -215,12 +256,12 @@ sysexit_from_sys_call: +@@ -213,11 +256,12 @@ sysexit_from_sys_call: + 1: setbe %al /* 1 if error, 0 if not */ movzbl %al,%edi /* zero-extend that into %edi */ - inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */ - call audit_syscall_exit -- GET_THREAD_INFO(%r10) + call __audit_syscall_exit + GET_THREAD_INFO(%r11) - movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall return value */ + movq RAX-ARGOFFSET(%rsp),%rax /* reload syscall return value */ movl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),%edi cli TRACE_IRQS_OFF -- testl %edi,TI_flags(%r10) +- testl %edi,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + testl %edi,TI_flags(%r11) jz \exit CLEAR_RREGS -ARGOFFSET jmp int_with_check -@@ -238,7 +279,7 @@ sysexit_audit: +@@ -235,7 +279,7 @@ sysexit_audit: =20 sysenter_tracesys: #ifdef CONFIG_AUDITSYSCALL -- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) +- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD= _INFO(%rsp,RIP-ARGOFFSET) + testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r11) jz sysenter_auditsys #endif SAVE_REST -@@ -246,6 +287,9 @@ sysenter_tracesys: +@@ -243,6 +287,9 @@ sysenter_tracesys: movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */ movq %rsp,%rdi /* &pt_regs -> arg1 */ call syscall_trace_enter @@ -8374,7 +8362,7 @@ index a6253ec..4ad2120 100644 LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace change= d it */ RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax -@@ -277,19 +321,20 @@ ENDPROC(ia32_sysenter_target) +@@ -274,19 +321,20 @@ ENDPROC(ia32_sysenter_target) ENTRY(ia32_cstar_target) CFI_STARTPROC32 simple CFI_SIGNAL_FRAME @@ -8397,7 +8385,7 @@ index a6253ec..4ad2120 100644 movl %eax,%eax /* zero extension */ movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) -@@ -305,13 +350,19 @@ ENTRY(ia32_cstar_target) +@@ -302,12 +350,19 @@ ENTRY(ia32_cstar_target) /* no need to do an access_ok check here because r8 has been 32bit zero extended */=20 /* hardware stack frame is complete now */=09 @@ -8411,44 +8399,42 @@ index a6253ec..4ad2120 100644 .section __ex_table,"a" .quad 1b,ia32_badarg .previous=09 -- GET_THREAD_INFO(%r10) -- orl $TS_COMPAT,TI_status(%r10) -- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10) +- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) +- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFS= ET) + GET_THREAD_INFO(%r11) + orl $TS_COMPAT,TI_status(%r11) + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11) CFI_REMEMBER_STATE jnz cstar_tracesys cmpq $IA32_NR_syscalls-1,%rax -@@ -321,13 +372,15 @@ cstar_do_call: +@@ -317,12 +372,15 @@ cstar_do_call: cstar_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) -- GET_THREAD_INFO(%r10) + GET_THREAD_INFO(%r11) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF -- testl $_TIF_ALLWORK_MASK,TI_flags(%r10) +- testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + testl $_TIF_ALLWORK_MASK,TI_flags(%r11) jnz sysretl_audit sysretl_from_sys_call: -- andl $~TS_COMPAT,TI_status(%r10) +- andl $~TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) + pax_exit_kernel_user + pax_erase_kstack + andl $~TS_COMPAT,TI_status(%r11) RESTORE_ARGS 0,-ARG_SKIP,0,0,0 movl RIP-ARGOFFSET(%rsp),%ecx CFI_REGISTER rip,rcx -@@ -355,7 +408,7 @@ sysretl_audit: +@@ -350,7 +408,7 @@ sysretl_audit: =20 cstar_tracesys: #ifdef CONFIG_AUDITSYSCALL -- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) +- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD= _INFO(%rsp,RIP-ARGOFFSET) + testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r11) jz cstar_auditsys #endif xchgl %r9d,%ebp -@@ -364,6 +417,9 @@ cstar_tracesys: +@@ -359,6 +417,9 @@ cstar_tracesys: movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ movq %rsp,%rdi /* &pt_regs -> arg1 */ call syscall_trace_enter @@ -8458,7 +8444,7 @@ index a6253ec..4ad2120 100644 LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace cha= nged it */ RESTORE_REST xchgl %ebp,%r9d -@@ -409,20 +465,21 @@ ENTRY(ia32_syscall) +@@ -404,19 +465,21 @@ ENTRY(ia32_syscall) CFI_REL_OFFSET rip,RIP-RIP PARAVIRT_ADJUST_EXCEPTION_FRAME SWAPGS @@ -8473,9 +8459,8 @@ index a6253ec..4ad2120 100644 /* note the registers are not zero extended to the sf. this could be a problem. */ SAVE_ARGS 0,1,0 -- GET_THREAD_INFO(%r10) -- orl $TS_COMPAT,TI_status(%r10) -- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10) +- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) +- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET= ) + pax_enter_kernel_user + /* + * No need to follow this irqs on/off section: the syscall @@ -8488,7 +8473,7 @@ index a6253ec..4ad2120 100644 jnz ia32_tracesys cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -441,6 +498,9 @@ ia32_tracesys: +@@ -435,6 +498,9 @@ ia32_tracesys: movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ movq %rsp,%rdi /* &pt_regs -> arg1 */ call syscall_trace_enter @@ -8498,14 +8483,6 @@ index a6253ec..4ad2120 100644 LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace change= d it */ RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax -@@ -455,6 +515,7 @@ ia32_badsys: -=20 - quiet_ni_syscall: - movq $-ENOSYS,%rax -+ pax_force_retaddr - ret - CFI_ENDPROC - =09 diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c index f6f5c53..b358b28 100644 --- a/arch/x86/ia32/sys_ia32.c @@ -8578,22 +8555,9 @@ index f6f5c53..b358b28 100644 set_fs(old_fs); =20 diff --git a/arch/x86/include/asm/alternative-asm.h b/arch/x86/include/a= sm/alternative-asm.h -index 091508b..7692c6f 100644 +index 952bd01..7692c6f 100644 --- a/arch/x86/include/asm/alternative-asm.h +++ b/arch/x86/include/asm/alternative-asm.h -@@ -4,10 +4,10 @@ -=20 - #ifdef CONFIG_SMP - .macro LOCK_PREFIX --1: lock -+672: lock - .section .smp_locks,"a" - .balign 4 -- .long 1b - . -+ .long 672b - . - .previous - .endm - #else @@ -15,6 +15,45 @@ .endm #endif @@ -8654,7 +8618,7 @@ index 37ad100..7d47faa 100644 ".previous" =20 diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h -index 1a6c09a..fec2432 100644 +index 3ab9bdd..238033e 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -45,7 +45,7 @@ static inline void generic_apic_probe(void) @@ -9098,7 +9062,7 @@ index 58cb6d4..ca9010d 100644 /* * atomic_dec_if_positive - decrement by 1 if old value positive diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/a= tomic64_32.h -index 24098aa..1e37723 100644 +index fa13f0e..27c2e08 100644 --- a/arch/x86/include/asm/atomic64_32.h +++ b/arch/x86/include/asm/atomic64_32.h @@ -12,6 +12,14 @@ typedef struct { @@ -9163,7 +9127,7 @@ index 24098aa..1e37723 100644 * atomic64_read - read atomic64 variable * @v: pointer to type atomic64_t * -@@ -93,6 +134,22 @@ static inline long long atomic64_read(atomic64_t *v) +@@ -93,6 +134,22 @@ static inline long long atomic64_read(const atomic64= _t *v) } =20 /** @@ -9562,7 +9526,7 @@ index 0e1cbfc..5623683 100644 =20 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops= .h -index 1775d6e..b65017f 100644 +index b97596e..9bd48b06 100644 --- a/arch/x86/include/asm/bitops.h +++ b/arch/x86/include/asm/bitops.h @@ -38,7 +38,7 @@ @@ -9666,28 +9630,32 @@ index 46fc474..b02b0f9 100644 =20 if (len) diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxc= hg.h -index 5d3acdf..6447a02 100644 +index b3b7332..3935f40 100644 --- a/arch/x86/include/asm/cmpxchg.h +++ b/arch/x86/include/asm/cmpxchg.h -@@ -14,6 +14,8 @@ extern void __cmpxchg_wrong_size(void) +@@ -14,8 +14,12 @@ extern void __cmpxchg_wrong_size(void) __compiletime_error("Bad argument size for cmpxchg"); extern void __xadd_wrong_size(void) __compiletime_error("Bad argument size for xadd"); +extern void __xadd_check_overflow_wrong_size(void) + __compiletime_error("Bad argument size for xadd_check_overflow"); + extern void __add_wrong_size(void) + __compiletime_error("Bad argument size for add"); ++extern void __add_check_overflow_wrong_size(void) ++ __compiletime_error("Bad argument size for add_check_overflow"); =20 /* * Constants for operation sizes. On 32-bit, the 64-bit size it set to -@@ -195,6 +197,34 @@ extern void __xadd_wrong_size(void) +@@ -67,6 +71,34 @@ extern void __add_wrong_size(void) __ret; \ }) =20 -+#define __xadd_check_overflow(ptr, inc, lock) \ ++#define __xchg_op_check_overflow(ptr, arg, op, lock) \ + ({ \ -+ __typeof__ (*(ptr)) __ret =3D (inc); \ ++ __typeof__ (*(ptr)) __ret =3D (arg); \ + switch (sizeof(*(ptr))) { \ + case __X86_CASE_L: \ -+ asm volatile (lock "xaddl %0, %1\n" \ ++ asm volatile (lock #op "l %0, %1\n" \ + "jno 0f\n" \ + "mov %0,%1\n" \ + "int $4\n0:\n" \ @@ -9696,7 +9664,7 @@ index 5d3acdf..6447a02 100644 + : : "memory", "cc"); \ + break; \ + case __X86_CASE_Q: \ -+ asm volatile (lock "xaddq %q0, %1\n" \ ++ asm volatile (lock #op "q %q0, %1\n" \ + "jno 0f\n" \ + "mov %0,%1\n" \ + "int $4\n0:\n" \ @@ -9705,26 +9673,29 @@ index 5d3acdf..6447a02 100644 + : : "memory", "cc"); \ + break; \ + default: \ -+ __xadd_check_overflow_wrong_size(); \ ++ __ ## op ## _check_overflow_wrong_size(); \ + } \ + __ret; \ + }) + /* - * xadd() adds "inc" to "*ptr" and atomically returns the previous - * value of "*ptr". -@@ -207,4 +237,6 @@ extern void __xadd_wrong_size(void) + * Note: no "lock" prefix even on SMP: xchg always implies lock anyway. + * Since this is generally used to protect other memory information, we +@@ -167,6 +199,9 @@ extern void __add_wrong_size(void) #define xadd_sync(ptr, inc) __xadd((ptr), (inc), "lock; ") #define xadd_local(ptr, inc) __xadd((ptr), (inc), "") =20 -+#define xadd_check_overflow(ptr, inc) __xadd_check_overflow((ptr), (inc= ), LOCK_PREFIX) ++#define __xadd_check_overflow(ptr, inc, lock) __xchg_op_check_overflow(= (ptr), (inc), xadd, lock) ++#define xadd_check_overflow(ptr, inc) __xadd_check_overflow((ptr), (in= c), LOCK_PREFIX) + - #endif /* ASM_X86_CMPXCHG_H */ + #define __add(ptr, inc, lock) \ + ({ \ + __typeof__ (*(ptr)) __ret =3D (inc); \ diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cp= ufeature.h -index f3444f7..051a196 100644 +index 8d67d42..183d0eb 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h -@@ -363,7 +363,7 @@ static __always_inline __pure bool __static_cpu_has(= u16 bit) +@@ -367,7 +367,7 @@ static __always_inline __pure bool __static_cpu_has(= u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ ".previous\n" @@ -9734,7 +9705,7 @@ index f3444f7..051a196 100644 "4:\n" ".previous\n" diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h -index 41935fa..3b40db8 100644 +index e95822d..a90010e 100644 --- a/arch/x86/include/asm/desc.h +++ b/arch/x86/include/asm/desc.h @@ -4,6 +4,7 @@ @@ -9753,11 +9724,13 @@ index 41935fa..3b40db8 100644 =20 desc->s =3D 1; desc->dpl =3D 0x3; -@@ -34,17 +36,12 @@ static inline void fill_ldt(struct desc_struct *desc= , const struct user_desc *in +@@ -34,19 +36,14 @@ static inline void fill_ldt(struct desc_struct *desc= , const struct user_desc *in } =20 extern struct desc_ptr idt_descr; -extern gate_desc idt_table[]; + extern struct desc_ptr nmi_idt_descr; +-extern gate_desc nmi_idt_table[]; - -struct gdt_page { - struct desc_struct gdt[GDT_ENTRIES]; @@ -9765,6 +9738,7 @@ index 41935fa..3b40db8 100644 - -DECLARE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page); +extern gate_desc idt_table[256]; ++extern gate_desc nmi_idt_table[256]; =20 +extern struct desc_struct cpu_gdt_table[NR_CPUS][PAGE_SIZE / sizeof(str= uct desc_struct)]; static inline struct desc_struct *get_cpu_gdt_table(unsigned int cpu) @@ -9774,7 +9748,7 @@ index 41935fa..3b40db8 100644 } =20 #ifdef CONFIG_X86_64 -@@ -69,8 +66,14 @@ static inline void pack_gate(gate_desc *gate, unsigne= d char type, +@@ -71,8 +68,14 @@ static inline void pack_gate(gate_desc *gate, unsigne= d char type, unsigned long base, unsigned dpl, unsigned flags, unsigned short seg) { @@ -9791,7 +9765,7 @@ index 41935fa..3b40db8 100644 } =20 #endif -@@ -115,12 +118,16 @@ static inline void paravirt_free_ldt(struct desc_s= truct *ldt, unsigned entries) +@@ -117,12 +120,16 @@ static inline void paravirt_free_ldt(struct desc_s= truct *ldt, unsigned entries) =20 static inline void native_write_idt_entry(gate_desc *idt, int entry, co= nst gate_desc *gate) { @@ -9808,7 +9782,7 @@ index 41935fa..3b40db8 100644 } =20 static inline void -@@ -134,7 +141,9 @@ native_write_gdt_entry(struct desc_struct *gdt, int = entry, const void *desc, int +@@ -136,7 +143,9 @@ native_write_gdt_entry(struct desc_struct *gdt, int = entry, const void *desc, int default: size =3D sizeof(*gdt); break; } =20 @@ -9818,7 +9792,7 @@ index 41935fa..3b40db8 100644 } =20 static inline void pack_descriptor(struct desc_struct *desc, unsigned l= ong base, -@@ -207,7 +216,9 @@ static inline void native_set_ldt(const void *addr, = unsigned int entries) +@@ -209,7 +218,9 @@ static inline void native_set_ldt(const void *addr, = unsigned int entries) =20 static inline void native_load_tr_desc(void) { @@ -9828,7 +9802,7 @@ index 41935fa..3b40db8 100644 } =20 static inline void native_load_gdt(const struct desc_ptr *dtr) -@@ -244,8 +255,10 @@ static inline void native_load_tls(struct thread_st= ruct *t, unsigned int cpu) +@@ -246,8 +257,10 @@ static inline void native_load_tls(struct thread_st= ruct *t, unsigned int cpu) struct desc_struct *gdt =3D get_cpu_gdt_table(cpu); unsigned int i; =20 @@ -9839,16 +9813,25 @@ index 41935fa..3b40db8 100644 } =20 #define _LDT_empty(info) \ -@@ -307,7 +320,7 @@ static inline void set_desc_limit(struct desc_struct= *desc, unsigned long limit) - desc->limit =3D (limit >> 16) & 0xf; +@@ -310,7 +323,7 @@ static inline void set_desc_limit(struct desc_struct= *desc, unsigned long limit) + } +=20 + #ifdef CONFIG_X86_64 +-static inline void set_nmi_gate(int gate, void *addr) ++static inline void set_nmi_gate(int gate, const void *addr) + { + gate_desc s; +=20 +@@ -319,7 +332,7 @@ static inline void set_nmi_gate(int gate, void *addr= ) } + #endif =20 -static inline void _set_gate(int gate, unsigned type, void *addr, +static inline void _set_gate(int gate, unsigned type, const void *addr, unsigned dpl, unsigned ist, unsigned seg) { gate_desc s; -@@ -326,7 +339,7 @@ static inline void _set_gate(int gate, unsigned type= , void *addr, +@@ -338,7 +351,7 @@ static inline void _set_gate(int gate, unsigned type= , void *addr, * Pentium F0 0F bugfix can have resulted in the mapped * IDT being write-protected. */ @@ -9857,7 +9840,7 @@ index 41935fa..3b40db8 100644 { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_INTERRUPT, addr, 0, 0, __KERNEL_CS); -@@ -356,19 +369,19 @@ static inline void alloc_intr_gate(unsigned int n,= void *addr) +@@ -368,19 +381,19 @@ static inline void alloc_intr_gate(unsigned int n,= void *addr) /* * This routine sets up an interrupt gate at directory privilege level = 3. */ @@ -9880,7 +9863,7 @@ index 41935fa..3b40db8 100644 { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS); -@@ -377,19 +390,31 @@ static inline void set_trap_gate(unsigned int n, v= oid *addr) +@@ -389,19 +402,31 @@ static inline void set_trap_gate(unsigned int n, v= oid *addr) static inline void set_task_gate(unsigned int n, unsigned int gdt_entry= ) { BUG_ON((unsigned)n > 0xFF); @@ -9933,7 +9916,7 @@ index 278441f..b95a174 100644 } __attribute__((packed)); =20 diff --git a/arch/x86/include/asm/e820.h b/arch/x86/include/asm/e820.h -index 908b969..a1f4eb4 100644 +index 3778256..c5d4fce 100644 --- a/arch/x86/include/asm/e820.h +++ b/arch/x86/include/asm/e820.h @@ -69,7 +69,7 @@ struct e820map { @@ -10017,18 +10000,6 @@ index cc70c1c..d96d011 100644 +extern void machine_emergency_restart(void) __noreturn; =20 #endif /* _ASM_X86_EMERGENCY_RESTART_H */ -diff --git a/arch/x86/include/asm/floppy.h b/arch/x86/include/asm/floppy= .h -index dbe82a5..c6d8a00 100644 ---- a/arch/x86/include/asm/floppy.h -+++ b/arch/x86/include/asm/floppy.h -@@ -157,6 +157,7 @@ static unsigned long dma_mem_alloc(unsigned long siz= e) - } -=20 -=20 -+static unsigned long vdma_mem_alloc(unsigned long size) __size_overflow= (1); - static unsigned long vdma_mem_alloc(unsigned long size) - { - return (unsigned long)vmalloc(size); diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h index d09bb03..4ea4194 100644 --- a/arch/x86/include/asm/futex.h @@ -10107,10 +10078,10 @@ index eb92a6e..b98b2f4 100644 /* EISA */ extern void eisa_set_level_irq(unsigned int irq); diff --git a/arch/x86/include/asm/i387.h b/arch/x86/include/asm/i387.h -index a850b4d..bae26dc 100644 +index 2479049..3fb9795 100644 --- a/arch/x86/include/asm/i387.h +++ b/arch/x86/include/asm/i387.h -@@ -92,6 +92,11 @@ static inline int fxrstor_checking(struct i387_fxsave= _struct *fx) +@@ -93,6 +93,11 @@ static inline int fxrstor_checking(struct i387_fxsave= _struct *fx) { int err; =20 @@ -10122,7 +10093,7 @@ index a850b4d..bae26dc 100644 /* See comment in fxsave() below. */ #ifdef CONFIG_AS_FXSAVEQ asm volatile("1: fxrstorq %[fx]\n\t" -@@ -121,6 +126,11 @@ static inline int fxsave_user(struct i387_fxsave_st= ruct __user *fx) +@@ -122,6 +127,11 @@ static inline int fxsave_user(struct i387_fxsave_st= ruct __user *fx) { int err; =20 @@ -10134,7 +10105,16 @@ index a850b4d..bae26dc 100644 /* * Clear the bytes not touched by the fxsave and reserved * for the SW usage. -@@ -424,7 +434,7 @@ static inline bool interrupted_kernel_fpu_idle(void) +@@ -278,7 +288,7 @@ static inline int restore_fpu_checking(struct task_s= truct *tsk) + "emms\n\t" /* clear stack tags */ + "fildl %P[addr]", /* set F?P to defined value */ + X86_FEATURE_FXSAVE_LEAK, +- [addr] "m" (tsk->thread.fpu.has_fpu)); ++ [addr] "m" (init_tss[smp_processor_id()].x86_tss.sp0)); +=20 + return fpu_restore_checking(&tsk->thread.fpu); + } +@@ -445,7 +455,7 @@ static inline bool interrupted_kernel_fpu_idle(void) static inline bool interrupted_user_mode(void) { struct pt_regs *regs =3D get_irq_regs(); @@ -10202,19 +10182,10 @@ index 5478825..839e88c 100644 #define flush_insn_slot(p) do { } while (0) =20 diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_= host.h -index b4973f4..a42170a 100644 +index 52d6640..a013b87 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h -@@ -459,7 +459,7 @@ struct kvm_arch { - unsigned int n_requested_mmu_pages; - unsigned int n_max_mmu_pages; - unsigned int indirect_shadow_pages; -- atomic_t invlpg_counter; -+ atomic_unchecked_t invlpg_counter; - struct hlist_head mmu_page_hash[KVM_NUM_MMU_PAGES]; - /* - * Hash table of struct kvm_mmu_page. -@@ -638,7 +638,7 @@ struct kvm_x86_ops { +@@ -663,7 +663,7 @@ struct kvm_x86_ops { int (*check_intercept)(struct kvm_vcpu *vcpu, struct x86_instruction_info *info, enum x86_intercept_stage stage); @@ -10223,36 +10194,6 @@ index b4973f4..a42170a 100644 =20 struct kvm_arch_async_pf { u32 token; -@@ -667,9 +667,9 @@ void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsig= ned int kvm_nr_mmu_pages); - int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned lo= ng cr3); -=20 - int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa, -- const void *val, int bytes); -+ const void *val, int bytes) __size_overflow(2); - int kvm_pv_mmu_op(struct kvm_vcpu *vcpu, unsigned long bytes, -- gpa_t addr, unsigned long *ret); -+ gpa_t addr, unsigned long *ret) __size_overflow(2,3); - u8 kvm_get_guest_memory_type(struct kvm_vcpu *vcpu, gfn_t gfn); -=20 - extern bool tdp_enabled; -@@ -730,7 +730,7 @@ void kvm_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int= *db, int *l); - int kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr); -=20 - int kvm_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata); --int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data); -+int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data) __size= _overflow(3); -=20 - unsigned long kvm_get_rflags(struct kvm_vcpu *vcpu); - void kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags); -@@ -755,7 +755,7 @@ int fx_init(struct kvm_vcpu *vcpu); - void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu); - void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, - const u8 *new, int bytes, -- bool guest_initiated); -+ bool guest_initiated) __size_overflow(2); - int kvm_mmu_unprotect_page_virt(struct kvm_vcpu *vcpu, gva_t gva); - void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu); - int kvm_mmu_load(struct kvm_vcpu *vcpu); diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h index 9cdae5d..300d20f 100644 --- a/arch/x86/include/asm/local.h @@ -10840,7 +10781,7 @@ index effff47..f9e4035 100644 =20 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtab= le.h -index 18601c8..3d716d1 100644 +index 49afb3f..ed14d07 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *= page); @@ -11276,10 +11217,10 @@ index 013286a..8b42f4f 100644 #define pgprot_writecombine pgprot_writecombine extern pgprot_t pgprot_writecombine(pgprot_t prot); diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/pro= cessor.h -index bb3ee36..781a6b8 100644 +index 58545c9..fe6fc38e 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h -@@ -268,7 +268,7 @@ struct tss_struct { +@@ -266,7 +266,7 @@ struct tss_struct { =20 } ____cacheline_aligned; =20 @@ -11288,7 +11229,7 @@ index bb3ee36..781a6b8 100644 =20 /* * Save the original ist values for checking stack pointers during debu= gging -@@ -861,11 +861,18 @@ static inline void spin_lock_prefetch(const void *= x) +@@ -860,11 +860,18 @@ static inline void spin_lock_prefetch(const void *= x) */ #define TASK_SIZE PAGE_OFFSET #define TASK_SIZE_MAX TASK_SIZE @@ -11309,7 +11250,7 @@ index bb3ee36..781a6b8 100644 .vm86_info =3D NULL, \ .sysenter_cs =3D __KERNEL_CS, \ .io_bitmap_ptr =3D NULL, \ -@@ -879,7 +886,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -878,7 +885,7 @@ static inline void spin_lock_prefetch(const void *x) */ #define INIT_TSS { \ .x86_tss =3D { \ @@ -11318,7 +11259,7 @@ index bb3ee36..781a6b8 100644 .ss0 =3D __KERNEL_DS, \ .ss1 =3D __KERNEL_CS, \ .io_bitmap_base =3D INVALID_IO_BITMAP_OFFSET, \ -@@ -890,11 +897,7 @@ static inline void spin_lock_prefetch(const void *x= ) +@@ -889,11 +896,7 @@ static inline void spin_lock_prefetch(const void *x= ) extern unsigned long thread_saved_pc(struct task_struct *tsk); =20 #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) @@ -11331,7 +11272,7 @@ index bb3ee36..781a6b8 100644 =20 /* * The below -8 is to reserve 8 bytes on top of the ring0 stack. -@@ -909,7 +912,7 @@ extern unsigned long thread_saved_pc(struct task_str= uct *tsk); +@@ -908,7 +911,7 @@ extern unsigned long thread_saved_pc(struct task_str= uct *tsk); #define task_pt_regs(task) = \ ({ = \ struct pt_regs *__regs__; = \ @@ -11340,7 +11281,7 @@ index bb3ee36..781a6b8 100644 __regs__ - 1; = \ }) =20 -@@ -919,13 +922,13 @@ extern unsigned long thread_saved_pc(struct task_s= truct *tsk); +@@ -918,13 +921,13 @@ extern unsigned long thread_saved_pc(struct task_s= truct *tsk); /* * User space process size. 47bits minus one guard page. */ @@ -11356,7 +11297,7 @@ index bb3ee36..781a6b8 100644 =20 #define TASK_SIZE (test_thread_flag(TIF_IA32) ? \ IA32_PAGE_OFFSET : TASK_SIZE_MAX) -@@ -936,11 +939,11 @@ extern unsigned long thread_saved_pc(struct task_s= truct *tsk); +@@ -935,11 +938,11 @@ extern unsigned long thread_saved_pc(struct task_s= truct *tsk); #define STACK_TOP_MAX TASK_SIZE_MAX =20 #define INIT_THREAD { \ @@ -11370,7 +11311,7 @@ index bb3ee36..781a6b8 100644 } =20 /* -@@ -962,6 +965,10 @@ extern void start_thread(struct pt_regs *regs, unsi= gned long new_ip, +@@ -961,6 +964,10 @@ extern void start_thread(struct pt_regs *regs, unsi= gned long new_ip, */ #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) =20 @@ -11661,7 +11602,7 @@ index 5e64171..f58957e 100644 #define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8+3) #define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS*8+3) diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h -index 73b11bc..d4a3b63 100644 +index 0434c40..1714bf0 100644 --- a/arch/x86/include/asm/smp.h +++ b/arch/x86/include/asm/smp.h @@ -36,7 +36,7 @@ DECLARE_PER_CPU(cpumask_var_t, cpu_core_map); @@ -11700,10 +11641,10 @@ index 73b11bc..d4a3b63 100644 =20 #endif diff --git a/arch/x86/include/asm/spinlock.h b/arch/x86/include/asm/spin= lock.h -index 972c260..43ab1fd 100644 +index a82c2bf..2198f61 100644 --- a/arch/x86/include/asm/spinlock.h +++ b/arch/x86/include/asm/spinlock.h -@@ -188,6 +188,14 @@ static inline int arch_write_can_lock(arch_rwlock_t= *lock) +@@ -175,6 +175,14 @@ static inline int arch_write_can_lock(arch_rwlock_t= *lock) static inline void arch_read_lock(arch_rwlock_t *rw) { asm volatile(LOCK_PREFIX READ_LOCK_SIZE(dec) " (%0)\n\t" @@ -11718,7 +11659,7 @@ index 972c260..43ab1fd 100644 "jns 1f\n" "call __read_lock_failed\n\t" "1:\n" -@@ -197,6 +205,14 @@ static inline void arch_read_lock(arch_rwlock_t *rw= ) +@@ -184,6 +192,14 @@ static inline void arch_read_lock(arch_rwlock_t *rw= ) static inline void arch_write_lock(arch_rwlock_t *rw) { asm volatile(LOCK_PREFIX WRITE_LOCK_SUB(%1) "(%0)\n\t" @@ -11733,7 +11674,7 @@ index 972c260..43ab1fd 100644 "jz 1f\n" "call __write_lock_failed\n\t" "1:\n" -@@ -226,13 +242,29 @@ static inline int arch_write_trylock(arch_rwlock_t= *lock) +@@ -213,13 +229,29 @@ static inline int arch_write_trylock(arch_rwlock_t= *lock) =20 static inline void arch_read_unlock(arch_rwlock_t *rw) { @@ -11853,19 +11794,6 @@ index cb23852..2dde194 100644 asmlinkage long sys32_sysfs(int, u32, u32); =20 asmlinkage long sys32_sched_rr_get_interval(compat_pid_t, -diff --git a/arch/x86/include/asm/syscalls.h b/arch/x86/include/asm/sysc= alls.h -index f1d8b44..a4de8b7 100644 ---- a/arch/x86/include/asm/syscalls.h -+++ b/arch/x86/include/asm/syscalls.h -@@ -30,7 +30,7 @@ long sys_clone(unsigned long, unsigned long, void __us= er *, - void __user *, struct pt_regs *); -=20 - /* kernel/ldt.c */ --asmlinkage int sys_modify_ldt(int, void __user *, unsigned long); -+asmlinkage int sys_modify_ldt(int, void __user *, unsigned long) __size= _overflow(3); -=20 - /* kernel/signal.c */ - long sys_rt_sigreturn(struct pt_regs *); diff --git a/arch/x86/include/asm/system.h b/arch/x86/include/asm/system= .h index 2d2f01c..f985723 100644 --- a/arch/x86/include/asm/system.h @@ -11914,7 +11842,7 @@ index 2d2f01c..f985723 100644 /* * Force strict CPU ordering. diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/t= hread_info.h -index d7ef849..6af292e 100644 +index cfd8144..1b1127d 100644 --- a/arch/x86/include/asm/thread_info.h +++ b/arch/x86/include/asm/thread_info.h @@ -10,6 +10,7 @@ @@ -11933,7 +11861,7 @@ index d7ef849..6af292e 100644 struct exec_domain *exec_domain; /* execution domain */ __u32 flags; /* low level flags */ __u32 status; /* thread synchronous flags */ -@@ -34,18 +34,12 @@ struct thread_info { +@@ -34,19 +34,13 @@ struct thread_info { mm_segment_t addr_limit; struct restart_block restart_block; void __user *sysenter_return; @@ -11944,7 +11872,8 @@ index d7ef849..6af292e 100644 - __u8 supervisor_stack[0]; -#endif + unsigned long lowest_stack; - int uaccess_err; + unsigned int sig_on_uaccess_error:1; + unsigned int uaccess_err:1; /* uaccess failed */ }; =20 -#define INIT_THREAD_INFO(tsk) \ @@ -11954,7 +11883,7 @@ index d7ef849..6af292e 100644 .exec_domain =3D &default_exec_domain, \ .flags =3D 0, \ .cpu =3D 0, \ -@@ -56,7 +50,7 @@ struct thread_info { +@@ -57,7 +51,7 @@ struct thread_info { }, \ } =20 @@ -11963,7 +11892,7 @@ index d7ef849..6af292e 100644 #define init_stack (init_thread_union.stack) =20 #else /* !__ASSEMBLY__ */ -@@ -170,45 +164,40 @@ struct thread_info { +@@ -169,45 +163,40 @@ struct thread_info { ret; \ }) =20 @@ -12034,7 +11963,7 @@ index d7ef849..6af292e 100644 /* * macros/functions for gaining access to the thread information struct= ure * preempt_count needs to be 1 initially, until the scheduler is functi= onal. -@@ -216,21 +205,8 @@ static inline struct thread_info *current_thread_in= fo(void) +@@ -215,27 +204,8 @@ static inline struct thread_info *current_thread_in= fo(void) #ifndef __ASSEMBLY__ DECLARE_PER_CPU(unsigned long, kernel_stack); =20 @@ -12053,12 +11982,18 @@ index d7ef849..6af292e 100644 - movq PER_CPU_VAR(kernel_stack),reg ; \ - subq $(THREAD_SIZE-KERNEL_STACK_OFFSET),reg - +-/* +- * Same if PER_CPU_VAR(kernel_stack) is, perhaps with some offset, alre= ady in +- * a certain register (to be used in assembler memory operands). +- */ +-#define THREAD_INFO(reg, off) KERNEL_STACK_OFFSET+(off)-THREAD_SIZE(reg= ) +- +/* how to get the current stack pointer from C */ +register unsigned long current_stack_pointer asm("rsp") __used; #endif =20 #endif /* !X86_32 */ -@@ -264,5 +240,16 @@ extern void arch_task_cache_init(void); +@@ -269,5 +239,16 @@ extern void arch_task_cache_init(void); extern void free_thread_info(struct thread_info *ti); extern int arch_dup_task_struct(struct task_struct *dst, struct task_st= ruct *src); #define arch_task_cache_init arch_task_cache_init @@ -12076,7 +12011,7 @@ index d7ef849..6af292e 100644 #endif #endif /* _ASM_X86_THREAD_INFO_H */ diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uacce= ss.h -index 36361bf..324f262 100644 +index 8be5f54..7ae826d 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -7,12 +7,15 @@ @@ -12299,36 +12234,11 @@ index 36361bf..324f262 100644 =20 #ifdef CONFIG_X86_WP_WORKS_OK diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/ua= ccess_32.h -index 566e803..7183d0b 100644 +index 566e803..b9521e9 100644 --- a/arch/x86/include/asm/uaccess_32.h +++ b/arch/x86/include/asm/uaccess_32.h -@@ -11,15 +11,15 @@ - #include -=20 - unsigned long __must_check __copy_to_user_ll -- (void __user *to, const void *from, unsigned long n); -+ (void __user *to, const void *from, unsigned long n) __size_overflow(= 3); - unsigned long __must_check __copy_from_user_ll -- (void *to, const void __user *from, unsigned long n); -+ (void *to, const void __user *from, unsigned long n) __size_overflow(= 3); - unsigned long __must_check __copy_from_user_ll_nozero -- (void *to, const void __user *from, unsigned long n); -+ (void *to, const void __user *from, unsigned long n) __size_overflow(= 3); - unsigned long __must_check __copy_from_user_ll_nocache -- (void *to, const void __user *from, unsigned long n); -+ (void *to, const void __user *from, unsigned long n) __size_overflow(= 3); - unsigned long __must_check __copy_from_user_ll_nocache_nozero -- (void *to, const void __user *from, unsigned long n); -+ (void *to, const void __user *from, unsigned long n) __size_overflow(= 3); -=20 - /** - * __copy_to_user_inatomic: - Copy a block of data into user space, wit= h less checking. -@@ -41,8 +41,13 @@ unsigned long __must_check __copy_from_user_ll_nocach= e_nozero - */ -=20 +@@ -43,6 +43,9 @@ unsigned long __must_check __copy_from_user_ll_nocache= _nozero static __always_inline unsigned long __must_check -+__copy_to_user_inatomic(void __user *to, const void *from, unsigned lon= g n) __size_overflow(3); -+static __always_inline unsigned long __must_check __copy_to_user_inatomic(void __user *to, const void *from, unsigned lon= g n) { + if ((long)n < 0) @@ -12337,7 +12247,7 @@ index 566e803..7183d0b 100644 if (__builtin_constant_p(n)) { unsigned long ret; =20 -@@ -61,6 +66,8 @@ __copy_to_user_inatomic(void __user *to, const void *f= rom, unsigned long n) +@@ -61,6 +64,8 @@ __copy_to_user_inatomic(void __user *to, const void *f= rom, unsigned long n) return ret; } } @@ -12346,12 +12256,7 @@ index 566e803..7183d0b 100644 return __copy_to_user_ll(to, from, n); } =20 -@@ -79,15 +86,23 @@ __copy_to_user_inatomic(void __user *to, const void = *from, unsigned long n) - * On success, this will be zero. - */ - static __always_inline unsigned long __must_check -+__copy_to_user(void __user *to, const void *from, unsigned long n) __si= ze_overflow(3); -+static __always_inline unsigned long __must_check +@@ -82,12 +87,16 @@ static __always_inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n) { might_fault(); @@ -12360,8 +12265,6 @@ index 566e803..7183d0b 100644 } =20 static __always_inline unsigned long -+__copy_from_user_inatomic(void *to, const void __user *from, unsigned l= ong n) __size_overflow(3); -+static __always_inline unsigned long __copy_from_user_inatomic(void *to, const void __user *from, unsigned l= ong n) { + if ((long)n < 0) @@ -12370,12 +12273,7 @@ index 566e803..7183d0b 100644 /* Avoid zeroing the tail if the copy fails.. * If 'n' is constant and 1, 2, or 4, we do still zero on a failure, * but as the zeroing behaviour is only significant when n is not -@@ -134,9 +149,15 @@ __copy_from_user_inatomic(void *to, const void __us= er *from, unsigned long n) - * for explanation of why this is needed. - */ - static __always_inline unsigned long -+__copy_from_user(void *to, const void __user *from, unsigned long n) __= size_overflow(3); -+static __always_inline unsigned long +@@ -137,6 +146,10 @@ static __always_inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n) { might_fault(); @@ -12386,7 +12284,7 @@ index 566e803..7183d0b 100644 if (__builtin_constant_p(n)) { unsigned long ret; =20 -@@ -152,13 +173,21 @@ __copy_from_user(void *to, const void __user *from= , unsigned long n) +@@ -152,6 +165,8 @@ __copy_from_user(void *to, const void __user *from, = unsigned long n) return ret; } } @@ -12395,9 +12293,7 @@ index 566e803..7183d0b 100644 return __copy_from_user_ll(to, from, n); } =20 - static __always_inline unsigned long __copy_from_user_nocache(void *to, -+ const void __user *from, unsigned long n) __size_overflow(3); -+static __always_inline unsigned long __copy_from_user_nocache(void *to, +@@ -159,6 +174,10 @@ static __always_inline unsigned long __copy_from_us= er_nocache(void *to, const void __user *from, unsigned long n) { might_fault(); @@ -12408,13 +12304,8 @@ index 566e803..7183d0b 100644 if (__builtin_constant_p(n)) { unsigned long ret; =20 -@@ -179,17 +208,24 @@ static __always_inline unsigned long __copy_from_u= ser_nocache(void *to, -=20 - static __always_inline unsigned long +@@ -181,15 +200,19 @@ static __always_inline unsigned long __copy_from_user_inatomic_nocache(void *to, const void __user *from, -+ unsigned long n) __size_overflow(3); -+static __always_inline unsigned long -+__copy_from_user_inatomic_nocache(void *to, const void __user *from, unsigned long n) { - return __copy_from_user_ll_nocache_nozero(to, from, n); @@ -12440,7 +12331,7 @@ index 566e803..7183d0b 100644 =20 extern void copy_from_user_overflow(void) #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS -@@ -199,17 +235,65 @@ extern void copy_from_user_overflow(void) +@@ -199,17 +222,61 @@ extern void copy_from_user_overflow(void) #endif ; =20 @@ -12461,8 +12352,6 @@ index 566e803..7183d0b 100644 + * On success, this will be zero. + */ +static inline unsigned long __must_check -+copy_to_user(void __user *to, const void *from, unsigned long n) __size= _overflow(3); -+static inline unsigned long __must_check +copy_to_user(void __user *to, const void *from, unsigned long n) +{ + int sz =3D __compiletime_object_size(from); @@ -12491,8 +12380,6 @@ index 566e803..7183d0b 100644 + * data to the requested size using zero bytes. + */ +static inline unsigned long __must_check -+copy_from_user(void *to, const void __user *from, unsigned long n) __si= ze_overflow(3); -+static inline unsigned long __must_check +copy_from_user(void *to, const void __user *from, unsigned long n) { int sz =3D __compiletime_object_size(to); @@ -12513,18 +12400,8 @@ index 566e803..7183d0b 100644 return n; } =20 -@@ -235,7 +319,7 @@ long __must_check __strncpy_from_user(char *dst, - #define strlen_user(str) strnlen_user(str, LONG_MAX) -=20 - long strnlen_user(const char __user *str, long n); --unsigned long __must_check clear_user(void __user *mem, unsigned long l= en); --unsigned long __must_check __clear_user(void __user *mem, unsigned long= len); -+unsigned long __must_check clear_user(void __user *mem, unsigned long l= en) __size_overflow(2); -+unsigned long __must_check __clear_user(void __user *mem, unsigned long= len) __size_overflow(2); -=20 - #endif /* _ASM_X86_UACCESS_32_H */ diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/ua= ccess_64.h -index 1c66d30..e294b5f 100644 +index 1c66d30..e66922c 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -10,6 +10,9 @@ @@ -12537,25 +12414,23 @@ index 1c66d30..e294b5f 100644 =20 /* * Copy To/From Userspace -@@ -17,12 +20,14 @@ +@@ -17,12 +20,12 @@ =20 /* Handles exceptions in both to and from, but doesn't do access_ok */ __must_check unsigned long -copy_user_generic_string(void *to, const void *from, unsigned len); -+copy_user_generic_string(void *to, const void *from, unsigned long len)= __size_overflow(3); ++copy_user_generic_string(void *to, const void *from, unsigned long len)= ; __must_check unsigned long -copy_user_generic_unrolled(void *to, const void *from, unsigned len); -+copy_user_generic_unrolled(void *to, const void *from, unsigned long le= n) __size_overflow(3); ++copy_user_generic_unrolled(void *to, const void *from, unsigned long le= n); =20 static __always_inline __must_check unsigned long -copy_user_generic(void *to, const void *from, unsigned len) -+copy_user_generic(void *to, const void *from, unsigned long len) __size= _overflow(3); -+static __always_inline __must_check unsigned long +copy_user_generic(void *to, const void *from, unsigned long len) { unsigned ret; =20 -@@ -32,142 +37,237 @@ copy_user_generic(void *to, const void *from, unsi= gned len) +@@ -32,142 +35,226 @@ copy_user_generic(void *to, const void *from, unsi= gned len) ASM_OUTPUT2("=3Da" (ret), "=3DD" (to), "=3DS" (from), "=3Dd" (len)), "1" (to), "2" (from), "3" (len) @@ -12565,22 +12440,19 @@ index 1c66d30..e294b5f 100644 } =20 +static __always_inline __must_check unsigned long -+__copy_to_user(void __user *to, const void *from, unsigned long len) __= size_overflow(3); ++__copy_to_user(void __user *to, const void *from, unsigned long len); +static __always_inline __must_check unsigned long -+__copy_from_user(void *to, const void __user *from, unsigned long len) = __size_overflow(3); ++__copy_from_user(void *to, const void __user *from, unsigned long len); __must_check unsigned long -_copy_to_user(void __user *to, const void *from, unsigned len); -__must_check unsigned long -_copy_from_user(void *to, const void __user *from, unsigned len); -__must_check unsigned long -copy_in_user(void __user *to, const void __user *from, unsigned len); -+copy_in_user(void __user *to, const void __user *from, unsigned long le= n) __size_overflow(3); ++copy_in_user(void __user *to, const void __user *from, unsigned long le= n); =20 static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, -+ unsigned long n) __size_overflow(3); -+static inline unsigned long __must_check copy_from_user(void *to, -+ const void __user *from, unsigned long n) { - int sz =3D __compiletime_object_size(to); @@ -12605,8 +12477,6 @@ index 1c66d30..e294b5f 100644 =20 static __always_inline __must_check -int copy_to_user(void __user *dst, const void *src, unsigned size) -+int copy_to_user(void __user *dst, const void *src, unsigned long size)= __size_overflow(3); -+static __always_inline __must_check +int copy_to_user(void __user *dst, const void *src, unsigned long size) { might_fault(); @@ -12619,8 +12489,6 @@ index 1c66d30..e294b5f 100644 =20 static __always_inline __must_check -int __copy_from_user(void *dst, const void __user *src, unsigned size) -+unsigned long __copy_from_user(void *dst, const void __user *src, unsig= ned long size) __size_overflow(3); -+static __always_inline __must_check +unsigned long __copy_from_user(void *dst, const void __user *src, unsig= ned long size) { - int ret =3D 0; @@ -12709,8 +12577,6 @@ index 1c66d30..e294b5f 100644 =20 static __always_inline __must_check -int __copy_to_user(void __user *dst, const void *src, unsigned size) -+unsigned long __copy_to_user(void __user *dst, const void *src, unsigne= d long size) __size_overflow(3); -+static __always_inline __must_check +unsigned long __copy_to_user(void __user *dst, const void *src, unsigne= d long size) { - int ret =3D 0; @@ -12799,8 +12665,6 @@ index 1c66d30..e294b5f 100644 =20 static __always_inline __must_check -int __copy_in_user(void __user *dst, const void __user *src, unsigned s= ize) -+unsigned long __copy_in_user(void __user *dst, const void __user *src, = unsigned long size) __size_overflow(3); -+static __always_inline __must_check +unsigned long __copy_in_user(void __user *dst, const void __user *src, = unsigned long size) { - int ret =3D 0; @@ -12841,7 +12705,7 @@ index 1c66d30..e294b5f 100644 ret, "b", "b", "=3Dq", 1); if (likely(!ret)) __put_user_asm(tmp, (u8 __user *)dst, -@@ -176,7 +276,7 @@ int __copy_in_user(void __user *dst, const void __us= er *src, unsigned size) +@@ -176,7 +263,7 @@ int __copy_in_user(void __user *dst, const void __us= er *src, unsigned size) } case 2: { u16 tmp; @@ -12850,7 +12714,7 @@ index 1c66d30..e294b5f 100644 ret, "w", "w", "=3Dr", 2); if (likely(!ret)) __put_user_asm(tmp, (u16 __user *)dst, -@@ -186,7 +286,7 @@ int __copy_in_user(void __user *dst, const void __us= er *src, unsigned size) +@@ -186,7 +273,7 @@ int __copy_in_user(void __user *dst, const void __us= er *src, unsigned size) =20 case 4: { u32 tmp; @@ -12859,7 +12723,7 @@ index 1c66d30..e294b5f 100644 ret, "l", "k", "=3Dr", 4); if (likely(!ret)) __put_user_asm(tmp, (u32 __user *)dst, -@@ -195,7 +295,7 @@ int __copy_in_user(void __user *dst, const void __us= er *src, unsigned size) +@@ -195,7 +282,7 @@ int __copy_in_user(void __user *dst, const void __us= er *src, unsigned size) } case 8: { u64 tmp; @@ -12868,7 +12732,7 @@ index 1c66d30..e294b5f 100644 ret, "q", "", "=3Dr", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -203,8 +303,16 @@ int __copy_in_user(void __user *dst, const void __u= ser *src, unsigned size) +@@ -203,8 +290,16 @@ int __copy_in_user(void __user *dst, const void __u= ser *src, unsigned size) return ret; } default: @@ -12887,19 +12751,11 @@ index 1c66d30..e294b5f 100644 } } =20 -@@ -215,39 +323,83 @@ __strncpy_from_user(char *dst, const char __user *= src, long count); - __must_check long strnlen_user(const char __user *str, long n); - __must_check long __strnlen_user(const char __user *str, long n); - __must_check long strlen_user(const char __user *str); --__must_check unsigned long clear_user(void __user *mem, unsigned long l= en); --__must_check unsigned long __clear_user(void __user *mem, unsigned long= len); -+__must_check unsigned long clear_user(void __user *mem, unsigned long l= en) __size_overflow(2); -+__must_check unsigned long __clear_user(void __user *mem, unsigned long= len) __size_overflow(2); +@@ -219,35 +314,72 @@ __must_check unsigned long clear_user(void __user = *mem, unsigned long len); + __must_check unsigned long __clear_user(void __user *mem, unsigned long= len); =20 static __must_check __always_inline int -__copy_from_user_inatomic(void *dst, const void __user *src, unsigned s= ize) -+__copy_from_user_inatomic(void *dst, const void __user *src, unsigned l= ong size) __size_overflow(3); -+static __must_check __always_inline int +__copy_from_user_inatomic(void *dst, const void __user *src, unsigned l= ong size) { - return copy_user_generic(dst, (__force const void *)src, size); @@ -12920,8 +12776,6 @@ index 1c66d30..e294b5f 100644 -static __must_check __always_inline int -__copy_to_user_inatomic(void __user *dst, const void *src, unsigned siz= e) +static __must_check __always_inline unsigned long -+__copy_to_user_inatomic(void __user *dst, const void *src, unsigned lon= g size) __size_overflow(3); -+static __must_check __always_inline unsigned long +__copy_to_user_inatomic(void __user *dst, const void *src, unsigned lon= g size) { - return copy_user_generic((__force void *)dst, src, size); @@ -12942,11 +12796,10 @@ index 1c66d30..e294b5f 100644 -extern long __copy_user_nocache(void *dst, const void __user *src, - unsigned size, int zerorest); +extern unsigned long __copy_user_nocache(void *dst, const void __user *= src, -+ unsigned long size, int zerorest) __size_overflow(3); ++ unsigned long size, int zerorest); =20 -static inline int -__copy_from_user_nocache(void *dst, const void __user *src, unsigned si= ze) -+static inline unsigned long __copy_from_user_nocache(void *dst, const v= oid __user *src, unsigned long size) __size_overflow(3); +static inline unsigned long __copy_from_user_nocache(void *dst, const v= oid __user *src, unsigned long size) { might_sleep(); @@ -12966,8 +12819,6 @@ index 1c66d30..e294b5f 100644 -__copy_from_user_inatomic_nocache(void *dst, const void __user *src, - unsigned size) +static inline unsigned long __copy_from_user_inatomic_nocache(void *dst= , const void __user *src, -+ unsigned long size) __size_overflow(3); -+static inline unsigned long __copy_from_user_inatomic_nocache(void *dst= , const void __user *src, + unsigned long size) { + if (size > INT_MAX) @@ -12984,7 +12835,7 @@ index 1c66d30..e294b5f 100644 -unsigned long -copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zero= rest); +extern unsigned long -+copy_user_handle_tail(char __user *to, char __user *from, unsigned long= len, unsigned zerorest) __size_overflow(3); ++copy_user_handle_tail(char __user *to, char __user *from, unsigned long= len, unsigned zerorest); =20 #endif /* _ASM_X86_UACCESS_64_H */ diff --git a/arch/x86/include/asm/vdso.h b/arch/x86/include/asm/vdso.h @@ -13001,10 +12852,10 @@ index bb05228..d763d5b 100644 #endif =20 diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_= init.h -index 1971e65..1e3559b 100644 +index 517d476..a1cb4d9 100644 --- a/arch/x86/include/asm/x86_init.h +++ b/arch/x86/include/asm/x86_init.h -@@ -28,7 +28,7 @@ struct x86_init_mpparse { +@@ -29,7 +29,7 @@ struct x86_init_mpparse { void (*mpc_oem_bus_info)(struct mpc_bus *m, char *name); void (*find_smp_config)(void); void (*get_smp_config)(unsigned int early); @@ -13013,7 +12864,7 @@ index 1971e65..1e3559b 100644 =20 /** * struct x86_init_resources - platform specific resource related ops -@@ -42,7 +42,7 @@ struct x86_init_resources { +@@ -43,7 +43,7 @@ struct x86_init_resources { void (*probe_roms)(void); void (*reserve_resources)(void); char *(*memory_setup)(void); @@ -13022,7 +12873,7 @@ index 1971e65..1e3559b 100644 =20 /** * struct x86_init_irqs - platform specific interrupt setup -@@ -55,7 +55,7 @@ struct x86_init_irqs { +@@ -56,7 +56,7 @@ struct x86_init_irqs { void (*pre_vector_init)(void); void (*intr_init)(void); void (*trap_init)(void); @@ -13031,7 +12882,7 @@ index 1971e65..1e3559b 100644 =20 /** * struct x86_init_oem - oem platform specific customizing functions -@@ -65,7 +65,7 @@ struct x86_init_irqs { +@@ -66,7 +66,7 @@ struct x86_init_irqs { struct x86_init_oem { void (*arch_setup)(void); void (*banner)(void); @@ -13040,7 +12891,7 @@ index 1971e65..1e3559b 100644 =20 /** * struct x86_init_mapping - platform specific initial kernel pagetable= setup -@@ -76,7 +76,7 @@ struct x86_init_oem { +@@ -77,7 +77,7 @@ struct x86_init_oem { */ struct x86_init_mapping { void (*pagetable_reserve)(u64 start, u64 end); @@ -13049,7 +12900,7 @@ index 1971e65..1e3559b 100644 =20 /** * struct x86_init_paging - platform specific paging functions -@@ -86,7 +86,7 @@ struct x86_init_mapping { +@@ -87,7 +87,7 @@ struct x86_init_mapping { struct x86_init_paging { void (*pagetable_setup_start)(pgd_t *base); void (*pagetable_setup_done)(pgd_t *base); @@ -13058,7 +12909,7 @@ index 1971e65..1e3559b 100644 =20 /** * struct x86_init_timers - platform specific timer setup -@@ -101,7 +101,7 @@ struct x86_init_timers { +@@ -102,7 +102,7 @@ struct x86_init_timers { void (*tsc_pre_init)(void); void (*timer_init)(void); void (*wallclock_init)(void); @@ -13067,7 +12918,7 @@ index 1971e65..1e3559b 100644 =20 /** * struct x86_init_iommu - platform specific iommu setup -@@ -109,7 +109,7 @@ struct x86_init_timers { +@@ -110,7 +110,7 @@ struct x86_init_timers { */ struct x86_init_iommu { int (*iommu_init)(void); @@ -13076,7 +12927,7 @@ index 1971e65..1e3559b 100644 =20 /** * struct x86_init_pci - platform specific pci init functions -@@ -123,7 +123,7 @@ struct x86_init_pci { +@@ -124,7 +124,7 @@ struct x86_init_pci { int (*init)(void); void (*init_irq)(void); void (*fixup_irqs)(void); @@ -13085,7 +12936,7 @@ index 1971e65..1e3559b 100644 =20 /** * struct x86_init_ops - functions for platform specific setup -@@ -139,7 +139,7 @@ struct x86_init_ops { +@@ -140,7 +140,7 @@ struct x86_init_ops { struct x86_init_timers timers; struct x86_init_iommu iommu; struct x86_init_pci pci; @@ -13094,16 +12945,16 @@ index 1971e65..1e3559b 100644 =20 /** * struct x86_cpuinit_ops - platform specific cpu hotplug setups -@@ -147,7 +147,7 @@ struct x86_init_ops { - */ +@@ -149,7 +149,7 @@ struct x86_init_ops { struct x86_cpuinit_ops { void (*setup_percpu_clockev)(void); + void (*fixup_cpu_id)(struct cpuinfo_x86 *c, int node); -}; +} __no_const; =20 /** * struct x86_platform_ops - platform specific runtime functions -@@ -169,7 +169,7 @@ struct x86_platform_ops { +@@ -171,7 +171,7 @@ struct x86_platform_ops { void (*nmi_init)(void); unsigned char (*get_nmi_reason)(void); int (*i8042_detect)(void); @@ -13112,10 +12963,10 @@ index 1971e65..1e3559b 100644 =20 struct pci_dev; =20 -@@ -177,7 +177,7 @@ struct x86_msi_ops { - int (*setup_msi_irqs)(struct pci_dev *dev, int nvec, int type); +@@ -180,7 +180,7 @@ struct x86_msi_ops { void (*teardown_msi_irq)(unsigned int irq); void (*teardown_msi_irqs)(struct pci_dev *dev); + void (*restore_msi_irqs)(struct pci_dev *dev, int irq); -}; +} __no_const; =20 @@ -13365,10 +13216,10 @@ index 1f84794..e23f862 100644 } =20 diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c -index f98d84c..e402a69 100644 +index 2eec05b..fef012b 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c -@@ -174,7 +174,7 @@ int first_system_vector =3D 0xfe; +@@ -184,7 +184,7 @@ int first_system_vector =3D 0xfe; /* * Debug level, exported for io_apic.c */ @@ -13377,7 +13228,7 @@ index f98d84c..e402a69 100644 =20 int pic_mode; =20 -@@ -1853,7 +1853,7 @@ void smp_error_interrupt(struct pt_regs *regs) +@@ -1908,7 +1908,7 @@ void smp_error_interrupt(struct pt_regs *regs) apic_write(APIC_ESR, 0); v1 =3D apic_read(APIC_ESR); ack_APIC_irq(); @@ -13387,7 +13238,7 @@ index f98d84c..e402a69 100644 apic_printk(APIC_DEBUG, KERN_DEBUG "APIC error on CPU%d: %02x(%02x)", smp_processor_id(), v0 , v1); diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_ap= ic.c -index 6d939d7..0697fcc 100644 +index fb07275..e06bb59 100644 --- a/arch/x86/kernel/apic/io_apic.c +++ b/arch/x86/kernel/apic/io_apic.c @@ -1096,7 +1096,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, = int pin, @@ -13427,7 +13278,7 @@ index 6d939d7..0697fcc 100644 eoi_ioapic_irq(irq, cfg); } diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c -index a46bd38..6b906d7 100644 +index f76623c..aab694f 100644 --- a/arch/x86/kernel/apm_32.c +++ b/arch/x86/kernel/apm_32.c @@ -411,7 +411,7 @@ static DEFINE_MUTEX(apm_mutex); @@ -13502,7 +13353,7 @@ index a46bd38..6b906d7 100644 proc_create("apm", 0, NULL, &apm_file_ops); =20 diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets= .c -index 4f13faf..87db5d2 100644 +index 68de2dc..1f3c720 100644 --- a/arch/x86/kernel/asm-offsets.c +++ b/arch/x86/kernel/asm-offsets.c @@ -33,6 +33,8 @@ void common(void) { @@ -13542,10 +13393,10 @@ index 4f13faf..87db5d2 100644 BLANK(); OFFSET(XEN_vcpu_info_mask, vcpu_info, evtchn_upcall_mask); diff --git a/arch/x86/kernel/asm-offsets_64.c b/arch/x86/kernel/asm-offs= ets_64.c -index e72a119..6e2955d 100644 +index 834e897..dacddc8 100644 --- a/arch/x86/kernel/asm-offsets_64.c +++ b/arch/x86/kernel/asm-offsets_64.c -@@ -69,6 +69,7 @@ int main(void) +@@ -70,6 +70,7 @@ int main(void) BLANK(); #undef ENTRY =20 @@ -13569,10 +13420,10 @@ index 25f24dc..4094a7f 100644 obj-y +=3D proc.o capflags.o powerflags.o common.o obj-y +=3D vmware.o hypervisor.o sched.o mshyperv.o diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index 0bab2b1..d0a1bf8 100644 +index f4773f4..b3fb13c 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c -@@ -664,7 +664,7 @@ static unsigned int __cpuinit amd_size_cache(struct = cpuinfo_x86 *c, +@@ -669,7 +669,7 @@ static unsigned int __cpuinit amd_size_cache(struct = cpuinfo_x86 *c, unsigned int size) { /* AMD errata T13 (order #21922) */ @@ -13582,7 +13433,7 @@ index 0bab2b1..d0a1bf8 100644 if (c->x86_model =3D=3D 3 && c->x86_mask =3D=3D 0) size =3D 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index aa003b1..47ea638 100644 +index c0f7d68..aa418f9 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -84,60 +84,6 @@ static const struct cpu_dev __cpuinitconst default_cp= u =3D { @@ -13655,7 +13506,7 @@ index aa003b1..47ea638 100644 gdt_descr.size =3D GDT_SIZE - 1; load_gdt(&gdt_descr); /* Reload the per-cpu base */ -@@ -844,6 +790,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x= 86 *c) +@@ -839,6 +785,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x= 86 *c) /* Filter out anything that depends on CPUID levels we don't have */ filter_cpuid_features(c, true); =20 @@ -13666,7 +13517,7 @@ index aa003b1..47ea638 100644 /* If the model name is still unset, do table lookup. */ if (!c->x86_model_id[0]) { const char *p; -@@ -1024,6 +974,9 @@ static __init int setup_disablecpuid(char *arg) +@@ -1019,10 +969,12 @@ static __init int setup_disablecpuid(char *arg) } __setup("clearcpuid=3D", setup_disablecpuid); =20 @@ -13675,8 +13526,13 @@ index aa003b1..47ea638 100644 + #ifdef CONFIG_X86_64 struct desc_ptr idt_descr =3D { NR_VECTORS * 16 - 1, (unsigned long) id= t_table }; +-struct desc_ptr nmi_idt_descr =3D { NR_VECTORS * 16 - 1, +- (unsigned long) nmi_idt_table }; ++struct desc_ptr nmi_idt_descr =3D { NR_VECTORS * 16 - 1, (unsigned long= ) nmi_idt_table }; =20 -@@ -1039,7 +992,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) = ____cacheline_aligned =3D + DEFINE_PER_CPU_FIRST(union irq_stack_union, + irq_stack_union) __aligned(PAGE_SIZE); +@@ -1036,7 +988,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) = ____cacheline_aligned =3D EXPORT_PER_CPU_SYMBOL(current_task); =20 DEFINE_PER_CPU(unsigned long, kernel_stack) =3D @@ -13685,7 +13541,7 @@ index aa003b1..47ea638 100644 EXPORT_PER_CPU_SYMBOL(kernel_stack); =20 DEFINE_PER_CPU(char *, irq_stack_ptr) =3D -@@ -1104,7 +1057,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_reg= s *regs) +@@ -1126,7 +1078,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_reg= s *regs) { memset(regs, 0, sizeof(struct pt_regs)); regs->fs =3D __KERNEL_PERCPU; @@ -13694,7 +13550,7 @@ index aa003b1..47ea638 100644 =20 return regs; } -@@ -1159,7 +1112,7 @@ void __cpuinit cpu_init(void) +@@ -1190,7 +1142,7 @@ void __cpuinit cpu_init(void) int i; =20 cpu =3D stack_smp_processor_id(); @@ -13703,7 +13559,7 @@ index aa003b1..47ea638 100644 oist =3D &per_cpu(orig_ist, cpu); =20 #ifdef CONFIG_NUMA -@@ -1185,7 +1138,7 @@ void __cpuinit cpu_init(void) +@@ -1216,7 +1168,7 @@ void __cpuinit cpu_init(void) switch_to_new_gdt(cpu); loadsegment(fs, 0); =20 @@ -13712,7 +13568,7 @@ index aa003b1..47ea638 100644 =20 memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); syscall_init(); -@@ -1194,7 +1147,6 @@ void __cpuinit cpu_init(void) +@@ -1225,7 +1177,6 @@ void __cpuinit cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); =20 @@ -13720,7 +13576,7 @@ index aa003b1..47ea638 100644 if (cpu !=3D 0) enable_x2apic(); =20 -@@ -1248,7 +1200,7 @@ void __cpuinit cpu_init(void) +@@ -1281,7 +1232,7 @@ void __cpuinit cpu_init(void) { int cpu =3D smp_processor_id(); struct task_struct *curr =3D current; @@ -13730,7 +13586,7 @@ index aa003b1..47ea638 100644 =20 if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) { diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c -index 5231312..a78a987 100644 +index 3e6ff6c..54b4992 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -174,7 +174,7 @@ static void __cpuinit trap_init_f00f_bug(void) @@ -13742,21 +13598,8 @@ index 5231312..a78a987 100644 load_idt(&idt_descr); } #endif -diff --git a/arch/x86/kernel/cpu/mcheck/mce-inject.c b/arch/x86/kernel/c= pu/mcheck/mce-inject.c -index 319882e..993534e 100644 ---- a/arch/x86/kernel/cpu/mcheck/mce-inject.c -+++ b/arch/x86/kernel/cpu/mcheck/mce-inject.c -@@ -173,6 +173,8 @@ static void raise_mce(struct mce *m) -=20 - /* Error injection interface */ - static ssize_t mce_write(struct file *filp, const char __user *ubuf, -+ size_t usize, loff_t *off) __size_overflow(3); -+static ssize_t mce_write(struct file *filp, const char __user *ubuf, - size_t usize, loff_t *off) - { - struct mce m; diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mche= ck/mce.c -index 2af127d..8ff7ac0 100644 +index 5a11ae2..a1a1c8a 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -42,6 +42,7 @@ @@ -13767,7 +13610,7 @@ index 2af127d..8ff7ac0 100644 =20 #include "mce-internal.h" =20 -@@ -202,7 +203,7 @@ static void print_mce(struct mce *m) +@@ -250,7 +251,7 @@ static void print_mce(struct mce *m) !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "", m->cs, m->ip); =20 @@ -13776,7 +13619,7 @@ index 2af127d..8ff7ac0 100644 print_symbol("{%s}", m->ip); pr_cont("\n"); } -@@ -235,10 +236,10 @@ static void print_mce(struct mce *m) +@@ -283,10 +284,10 @@ static void print_mce(struct mce *m) =20 #define PANIC_TIMEOUT 5 /* 5 seconds */ =20 @@ -13789,7 +13632,7 @@ index 2af127d..8ff7ac0 100644 =20 /* Panic in progress. Enable interrupts and wait for final IPI */ static void wait_for_panic(void) -@@ -262,7 +263,7 @@ static void mce_panic(char *msg, struct mce *final, = char *exp) +@@ -310,7 +311,7 @@ static void mce_panic(char *msg, struct mce *final, = char *exp) /* * Make sure only one CPU runs in machine check panic */ @@ -13798,7 +13641,7 @@ index 2af127d..8ff7ac0 100644 wait_for_panic(); barrier(); =20 -@@ -270,7 +271,7 @@ static void mce_panic(char *msg, struct mce *final, = char *exp) +@@ -318,7 +319,7 @@ static void mce_panic(char *msg, struct mce *final, = char *exp) console_verbose(); } else { /* Don't log too much for fake panic */ @@ -13807,7 +13650,7 @@ index 2af127d..8ff7ac0 100644 return; } /* First print corrected ones that are still unlogged */ -@@ -610,7 +611,7 @@ static int mce_timed_out(u64 *t) +@@ -658,7 +659,7 @@ static int mce_timed_out(u64 *t) * might have been modified by someone else. */ rmb(); @@ -13816,7 +13659,7 @@ index 2af127d..8ff7ac0 100644 wait_for_panic(); if (!monarch_timeout) goto out; -@@ -1398,7 +1399,7 @@ static void unexpected_machine_check(struct pt_reg= s *regs, long error_code) +@@ -1446,7 +1447,7 @@ static void unexpected_machine_check(struct pt_reg= s *regs, long error_code) } =20 /* Call the installed machine check handler for this CPU setup. */ @@ -13825,7 +13668,7 @@ index 2af127d..8ff7ac0 100644 unexpected_machine_check; =20 /* -@@ -1421,7 +1422,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 = *c) +@@ -1469,7 +1470,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 = *c) return; } =20 @@ -13835,7 +13678,7 @@ index 2af127d..8ff7ac0 100644 =20 __mcheck_cpu_init_generic(); __mcheck_cpu_init_vendor(c); -@@ -1435,7 +1438,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 = *c) +@@ -1483,7 +1486,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 = *c) */ =20 static DEFINE_SPINLOCK(mce_chrdev_state_lock); @@ -13844,7 +13687,7 @@ index 2af127d..8ff7ac0 100644 static int mce_chrdev_open_exclu; /* already open exclusive? */ =20 static int mce_chrdev_open(struct inode *inode, struct file *file) -@@ -1443,7 +1446,7 @@ static int mce_chrdev_open(struct inode *inode, st= ruct file *file) +@@ -1491,7 +1494,7 @@ static int mce_chrdev_open(struct inode *inode, st= ruct file *file) spin_lock(&mce_chrdev_state_lock); =20 if (mce_chrdev_open_exclu || @@ -13853,7 +13696,7 @@ index 2af127d..8ff7ac0 100644 spin_unlock(&mce_chrdev_state_lock); =20 return -EBUSY; -@@ -1451,7 +1454,7 @@ static int mce_chrdev_open(struct inode *inode, st= ruct file *file) +@@ -1499,7 +1502,7 @@ static int mce_chrdev_open(struct inode *inode, st= ruct file *file) =20 if (file->f_flags & O_EXCL) mce_chrdev_open_exclu =3D 1; @@ -13862,7 +13705,7 @@ index 2af127d..8ff7ac0 100644 =20 spin_unlock(&mce_chrdev_state_lock); =20 -@@ -1462,7 +1465,7 @@ static int mce_chrdev_release(struct inode *inode,= struct file *file) +@@ -1510,7 +1513,7 @@ static int mce_chrdev_release(struct inode *inode,= struct file *file) { spin_lock(&mce_chrdev_state_lock); =20 @@ -13871,7 +13714,7 @@ index 2af127d..8ff7ac0 100644 mce_chrdev_open_exclu =3D 0; =20 spin_unlock(&mce_chrdev_state_lock); -@@ -2171,7 +2174,7 @@ struct dentry *mce_get_debugfs_dir(void) +@@ -2229,7 +2232,7 @@ struct dentry *mce_get_debugfs_dir(void) static void mce_reset(void) { cpu_missing =3D 0; @@ -13924,19 +13767,6 @@ index 54060f5..c1a7577 100644 /* Make sure the vector pointer is visible before we enable MCEs: */ wmb(); =20 -diff --git a/arch/x86/kernel/cpu/mtrr/if.c b/arch/x86/kernel/cpu/mtrr/if= .c -index 7928963..1b16001 100644 ---- a/arch/x86/kernel/cpu/mtrr/if.c -+++ b/arch/x86/kernel/cpu/mtrr/if.c -@@ -91,6 +91,8 @@ mtrr_file_del(unsigned long base, unsigned long size, - * "base=3D%Lx size=3D%Lx type=3D%s" or "disable=3D%d" - */ - static ssize_t -+mtrr_write(struct file *file, const char __user *buf, size_t len, loff_= t * ppos) __size_overflow(3); -+static ssize_t - mtrr_write(struct file *file, const char __user *buf, size_t len, loff_= t * ppos) - { - int i, err; diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/= main.c index 6b96110..0da73eb 100644 --- a/arch/x86/kernel/cpu/mtrr/main.c @@ -13964,10 +13794,10 @@ index df5e41f..816c719 100644 extern int generic_get_free_region(unsigned long base, unsigned long si= ze, int replace_reg); diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf= _event.c -index 2bda212..78cc605 100644 +index 5adce10..99284ec 100644 --- a/arch/x86/kernel/cpu/perf_event.c +++ b/arch/x86/kernel/cpu/perf_event.c -@@ -1529,7 +1529,7 @@ perf_callchain_user(struct perf_callchain_entry *e= ntry, struct pt_regs *regs) +@@ -1665,7 +1665,7 @@ perf_callchain_user(struct perf_callchain_entry *e= ntry, struct pt_regs *regs) break; =20 perf_callchain_store(entry, frame.return_address); @@ -14028,7 +13858,7 @@ index 37250fe..bf2ec74 100644 =20 .__cr3 =3D __pa_nodebug(swapper_pg_dir), diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c -index 1aae78f..aab3a3d 100644 +index 4025fe4..d8451c6 100644 --- a/arch/x86/kernel/dumpstack.c +++ b/arch/x86/kernel/dumpstack.c @@ -2,6 +2,9 @@ @@ -14156,7 +13986,7 @@ index 1aae78f..aab3a3d 100644 } =20 int __kprobes __die(const char *str, struct pt_regs *regs, long err) -@@ -269,7 +274,7 @@ int __kprobes __die(const char *str, struct pt_regs = *regs, long err) +@@ -270,7 +275,7 @@ int __kprobes __die(const char *str, struct pt_regs = *regs, long err) =20 show_registers(regs); #ifdef CONFIG_X86_32 @@ -14165,7 +13995,7 @@ index 1aae78f..aab3a3d 100644 sp =3D regs->sp; ss =3D regs->ss & 0xffff; } else { -@@ -297,7 +302,7 @@ void die(const char *str, struct pt_regs *regs, long= err) +@@ -298,7 +303,7 @@ void die(const char *str, struct pt_regs *regs, long= err) unsigned long flags =3D oops_begin(); int sig =3D SIGSEGV; =20 @@ -14258,7 +14088,7 @@ index c99f9ed..2a15d80 100644 +EXPORT_SYMBOL(pax_check_alloca); +#endif diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_= 64.c -index 6d728d9..279514e 100644 +index 17107bd..b2deecf 100644 --- a/arch/x86/kernel/dumpstack_64.c +++ b/arch/x86/kernel/dumpstack_64.c @@ -119,9 +119,9 @@ void dump_trace(struct task_struct *task, struct pt_= regs *regs, @@ -14364,7 +14194,7 @@ index 6d728d9..279514e 100644 +EXPORT_SYMBOL(pax_check_alloca); +#endif diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_prin= tk.c -index cd28a35..c72ed9a 100644 +index 9b9f18b..9fcaa04 100644 --- a/arch/x86/kernel/early_printk.c +++ b/arch/x86/kernel/early_printk.c @@ -7,6 +7,7 @@ @@ -14376,10 +14206,23 @@ index cd28a35..c72ed9a 100644 #include #include diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index f3f6f53..0841b66 100644 +index 79d97e6..76aaad7 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S -@@ -186,13 +186,146 @@ +@@ -98,12 +98,6 @@ + #endif + .endm +=20 +-#ifdef CONFIG_VM86 +-#define resume_userspace_sig check_userspace +-#else +-#define resume_userspace_sig resume_userspace +-#endif +- + /* + * User gs save/restore + * +@@ -185,13 +179,146 @@ /*CFI_REL_OFFSET gs, PT_GS*/ .endm .macro SET_KERNEL_GS reg @@ -14527,7 +14370,7 @@ index f3f6f53..0841b66 100644 cld PUSH_GS pushl_cfi %fs -@@ -215,7 +348,7 @@ +@@ -214,7 +341,7 @@ CFI_REL_OFFSET ecx, 0 pushl_cfi %ebx CFI_REL_OFFSET ebx, 0 @@ -14536,7 +14379,7 @@ index f3f6f53..0841b66 100644 movl %edx, %ds movl %edx, %es movl $(__KERNEL_PERCPU), %edx -@@ -223,6 +356,15 @@ +@@ -222,6 +349,15 @@ SET_KERNEL_GS %edx .endm =20 @@ -14552,7 +14395,7 @@ index f3f6f53..0841b66 100644 .macro RESTORE_INT_REGS popl_cfi %ebx CFI_RESTORE ebx -@@ -308,7 +450,7 @@ ENTRY(ret_from_fork) +@@ -307,7 +443,7 @@ ENTRY(ret_from_fork) popfl_cfi jmp syscall_exit CFI_ENDPROC @@ -14561,9 +14404,24 @@ index f3f6f53..0841b66 100644 =20 /* * Interrupt exit functions should be protected against kprobes -@@ -333,7 +475,15 @@ check_userspace: +@@ -327,12 +463,29 @@ ret_from_exception: + preempt_stop(CLBR_ANY) + ret_from_intr: + GET_THREAD_INFO(%ebp) +-check_userspace: ++resume_userspace_sig: ++#ifdef CONFIG_VM86 + movl PT_EFLAGS(%esp), %eax # mix EFLAGS and CS movb PT_CS(%esp), %al andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax ++#else ++ /* ++ * We can be coming here from a syscall done in the kernel space, ++ * e.g. a failed kernel_execve(). ++ */ ++ movl PT_CS(%esp), %eax ++ andl $SEGMENT_RPL_MASK, %eax ++#endif cmpl $USER_RPL, %eax + +#ifdef CONFIG_PAX_KERNEXEC @@ -14577,7 +14435,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(resume_userspace) LOCKDEP_SYS_EXIT -@@ -345,8 +495,8 @@ ENTRY(resume_userspace) +@@ -344,8 +497,8 @@ ENTRY(resume_userspace) andl $_TIF_WORK_MASK, %ecx # is there any work to be done on # int/exception return? jne work_pending @@ -14588,7 +14446,7 @@ index f3f6f53..0841b66 100644 =20 #ifdef CONFIG_PREEMPT ENTRY(resume_kernel) -@@ -361,7 +511,7 @@ need_resched: +@@ -360,7 +513,7 @@ need_resched: jz restore_all call preempt_schedule_irq jmp need_resched @@ -14597,7 +14455,7 @@ index f3f6f53..0841b66 100644 #endif CFI_ENDPROC /* -@@ -395,23 +545,34 @@ sysenter_past_esp: +@@ -394,23 +547,34 @@ sysenter_past_esp: /*CFI_REL_OFFSET cs, 0*/ /* * Push current_thread_info()->sysenter_return to the stack. @@ -14635,7 +14493,7 @@ index f3f6f53..0841b66 100644 movl %ebp,PT_EBP(%esp) .section __ex_table,"a" .align 4 -@@ -434,12 +595,24 @@ sysenter_do_call: +@@ -433,12 +597,24 @@ sysenter_do_call: testl $_TIF_ALLWORK_MASK, %ecx jne sysexit_audit sysenter_exit: @@ -14660,17 +14518,17 @@ index f3f6f53..0841b66 100644 PTGS_TO_GS ENABLE_INTERRUPTS_SYSEXIT =20 -@@ -456,6 +629,9 @@ sysenter_audit: +@@ -455,6 +631,9 @@ sysenter_audit: movl %eax,%edx /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */ - call audit_syscall_entry + call __audit_syscall_entry + + pax_erase_kstack + pushl_cfi %ebx movl PT_EAX(%esp),%eax /* reload syscall number */ jmp sysenter_do_call -@@ -482,11 +658,17 @@ sysexit_audit: +@@ -480,11 +659,17 @@ sysexit_audit: =20 CFI_ENDPROC .pushsection .fixup,"ax" @@ -14690,7 +14548,7 @@ index f3f6f53..0841b66 100644 .popsection PTGS_TO_GS_EX ENDPROC(ia32_sysenter_target) -@@ -519,6 +701,15 @@ syscall_exit: +@@ -517,6 +702,15 @@ syscall_exit: testl $_TIF_ALLWORK_MASK, %ecx # current->work jne syscall_exit_work =20 @@ -14706,7 +14564,7 @@ index f3f6f53..0841b66 100644 restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -578,14 +769,34 @@ ldt_ss: +@@ -576,14 +770,34 @@ ldt_ss: * compensating for the offset by changing to the ESPFIX segment with * a base address that matches for the difference. */ @@ -14744,7 +14602,7 @@ index f3f6f53..0841b66 100644 pushl_cfi $__ESPFIX_SS pushl_cfi %eax /* new kernel esp */ /* Disable interrupts, but do not irqtrace this section: we -@@ -614,34 +825,28 @@ work_resched: +@@ -612,38 +826,30 @@ work_resched: movl TI_flags(%ebp), %ecx andl $_TIF_WORK_MASK, %ecx # is there any work to be done other # than syscall tracing? @@ -14762,6 +14620,8 @@ index f3f6f53..0841b66 100644 - jne work_notifysig_v86 # returning to kernel-space or + jz 1f # returning to kernel-space or # vm86-space +- TRACE_IRQS_ON +- ENABLE_INTERRUPTS(CLBR_NONE) - xorl %edx, %edx - call do_notify_resume - jmp resume_userspace_sig @@ -14776,6 +14636,8 @@ index f3f6f53..0841b66 100644 - movl %esp, %eax +1: #endif + TRACE_IRQS_ON + ENABLE_INTERRUPTS(CLBR_NONE) xorl %edx, %edx call do_notify_resume jmp resume_userspace_sig @@ -14784,7 +14646,7 @@ index f3f6f53..0841b66 100644 =20 # perform syscall exit tracing ALIGN -@@ -649,11 +854,14 @@ syscall_trace_entry: +@@ -651,11 +857,14 @@ syscall_trace_entry: movl $-ENOSYS,PT_EAX(%esp) movl %esp, %eax call syscall_trace_enter @@ -14792,7 +14654,7 @@ index f3f6f53..0841b66 100644 + pax_erase_kstack + /* What it returned is what we'll actually use. */ - cmpl $(nr_syscalls), %eax + cmpl $(NR_syscalls), %eax jnae syscall_call jmp syscall_exit -END(syscall_trace_entry) @@ -14800,7 +14662,7 @@ index f3f6f53..0841b66 100644 =20 # perform syscall exit tracing ALIGN -@@ -666,20 +874,24 @@ syscall_exit_work: +@@ -668,20 +877,24 @@ syscall_exit_work: movl %esp, %eax call syscall_trace_leave jmp resume_userspace @@ -14828,7 +14690,7 @@ index f3f6f53..0841b66 100644 CFI_ENDPROC /* * End of kprobes section -@@ -753,6 +965,36 @@ ptregs_clone: +@@ -753,6 +966,36 @@ ENTRY(ptregs_clone) CFI_ENDPROC ENDPROC(ptregs_clone) =20 @@ -14865,7 +14727,7 @@ index f3f6f53..0841b66 100644 .macro FIXUP_ESPFIX_STACK /* * Switch back for ESPFIX stack to the normal zerobased stack -@@ -762,8 +1004,15 @@ ENDPROC(ptregs_clone) +@@ -762,8 +1005,15 @@ ENDPROC(ptregs_clone) * normal stack and adjusts ESP with the matching offset. */ /* fixup the stack */ @@ -14883,7 +14745,7 @@ index f3f6f53..0841b66 100644 shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -816,7 +1065,7 @@ vector=3Dvector+1 +@@ -816,7 +1066,7 @@ vector=3Dvector+1 .endr 2: jmp common_interrupt .endr @@ -14892,7 +14754,7 @@ index f3f6f53..0841b66 100644 =20 .previous END(interrupt) -@@ -864,7 +1113,7 @@ ENTRY(coprocessor_error) +@@ -864,7 +1114,7 @@ ENTRY(coprocessor_error) pushl_cfi $do_coprocessor_error jmp error_code CFI_ENDPROC @@ -14901,7 +14763,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -885,7 +1134,7 @@ ENTRY(simd_coprocessor_error) +@@ -885,7 +1135,7 @@ ENTRY(simd_coprocessor_error) #endif jmp error_code CFI_ENDPROC @@ -14910,7 +14772,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(device_not_available) RING0_INT_FRAME -@@ -893,7 +1142,7 @@ ENTRY(device_not_available) +@@ -893,7 +1143,7 @@ ENTRY(device_not_available) pushl_cfi $do_device_not_available jmp error_code CFI_ENDPROC @@ -14919,7 +14781,7 @@ index f3f6f53..0841b66 100644 =20 #ifdef CONFIG_PARAVIRT ENTRY(native_iret) -@@ -902,12 +1151,12 @@ ENTRY(native_iret) +@@ -902,12 +1152,12 @@ ENTRY(native_iret) .align 4 .long native_iret, iret_exc .previous @@ -14934,7 +14796,7 @@ index f3f6f53..0841b66 100644 #endif =20 ENTRY(overflow) -@@ -916,7 +1165,7 @@ ENTRY(overflow) +@@ -916,7 +1166,7 @@ ENTRY(overflow) pushl_cfi $do_overflow jmp error_code CFI_ENDPROC @@ -14943,7 +14805,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(bounds) RING0_INT_FRAME -@@ -924,7 +1173,7 @@ ENTRY(bounds) +@@ -924,7 +1174,7 @@ ENTRY(bounds) pushl_cfi $do_bounds jmp error_code CFI_ENDPROC @@ -14952,7 +14814,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(invalid_op) RING0_INT_FRAME -@@ -932,7 +1181,7 @@ ENTRY(invalid_op) +@@ -932,7 +1182,7 @@ ENTRY(invalid_op) pushl_cfi $do_invalid_op jmp error_code CFI_ENDPROC @@ -14961,7 +14823,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -940,35 +1189,35 @@ ENTRY(coprocessor_segment_overrun) +@@ -940,35 +1190,35 @@ ENTRY(coprocessor_segment_overrun) pushl_cfi $do_coprocessor_segment_overrun jmp error_code CFI_ENDPROC @@ -15002,7 +14864,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(divide_error) RING0_INT_FRAME -@@ -976,7 +1225,7 @@ ENTRY(divide_error) +@@ -976,7 +1226,7 @@ ENTRY(divide_error) pushl_cfi $do_divide_error jmp error_code CFI_ENDPROC @@ -15011,7 +14873,7 @@ index f3f6f53..0841b66 100644 =20 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -985,7 +1234,7 @@ ENTRY(machine_check) +@@ -985,7 +1235,7 @@ ENTRY(machine_check) pushl_cfi machine_check_vector jmp error_code CFI_ENDPROC @@ -15020,7 +14882,7 @@ index f3f6f53..0841b66 100644 #endif =20 ENTRY(spurious_interrupt_bug) -@@ -994,7 +1243,7 @@ ENTRY(spurious_interrupt_bug) +@@ -994,7 +1244,7 @@ ENTRY(spurious_interrupt_bug) pushl_cfi $do_spurious_interrupt_bug jmp error_code CFI_ENDPROC @@ -15029,7 +14891,7 @@ index f3f6f53..0841b66 100644 /* * End of kprobes section */ -@@ -1109,7 +1358,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_= EVTCHN_CALLBACK, +@@ -1109,7 +1359,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_= EVTCHN_CALLBACK, =20 ENTRY(mcount) ret @@ -15038,7 +14900,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1138,7 +1387,7 @@ ftrace_graph_call: +@@ -1138,7 +1388,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -15047,7 +14909,7 @@ index f3f6f53..0841b66 100644 =20 #else /* ! CONFIG_DYNAMIC_FTRACE */ =20 -@@ -1174,7 +1423,7 @@ trace: +@@ -1174,7 +1424,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -15056,7 +14918,7 @@ index f3f6f53..0841b66 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ =20 -@@ -1195,7 +1444,7 @@ ENTRY(ftrace_graph_caller) +@@ -1195,7 +1445,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -15065,15 +14927,7 @@ index f3f6f53..0841b66 100644 =20 .globl return_to_handler return_to_handler: -@@ -1209,7 +1458,6 @@ return_to_handler: - jmp *%ecx - #endif -=20 --.section .rodata,"a" - #include "syscall_table_32.S" -=20 - syscall_table_size=3D(.-sys_call_table) -@@ -1255,15 +1503,18 @@ error_code: +@@ -1250,15 +1500,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -15094,7 +14948,7 @@ index f3f6f53..0841b66 100644 =20 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1305,7 +1556,7 @@ debug_stack_correct: +@@ -1300,7 +1553,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -15103,7 +14957,7 @@ index f3f6f53..0841b66 100644 =20 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1342,6 +1593,9 @@ nmi_stack_correct: +@@ -1337,6 +1590,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -15113,7 +14967,7 @@ index f3f6f53..0841b66 100644 jmp restore_all_notrace CFI_ENDPROC =20 -@@ -1378,12 +1632,15 @@ nmi_espfix_stack: +@@ -1373,12 +1629,15 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax =3D=3D %esp xorl %edx,%edx # zero error code call do_nmi @@ -15130,7 +14984,7 @@ index f3f6f53..0841b66 100644 =20 ENTRY(int3) RING0_INT_FRAME -@@ -1395,14 +1652,14 @@ ENTRY(int3) +@@ -1390,14 +1649,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -15147,7 +15001,7 @@ index f3f6f53..0841b66 100644 =20 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1410,7 +1667,7 @@ ENTRY(async_page_fault) +@@ -1405,7 +1664,7 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -15157,19 +15011,19 @@ index f3f6f53..0841b66 100644 =20 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index faf8d5e..4f16a68 100644 +index 1333d98..b340ca2 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S -@@ -55,6 +55,8 @@ - #include +@@ -56,6 +56,8 @@ #include #include + #include +#include +#include =20 /* Avoid __ASSEMBLER__'ifying just for this. */ #include -@@ -68,8 +70,9 @@ +@@ -69,8 +71,9 @@ #ifdef CONFIG_FUNCTION_TRACER #ifdef CONFIG_DYNAMIC_FTRACE ENTRY(mcount) @@ -15180,7 +15034,7 @@ index faf8d5e..4f16a68 100644 =20 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -92,8 +95,9 @@ GLOBAL(ftrace_graph_call) +@@ -93,8 +96,9 @@ GLOBAL(ftrace_graph_call) #endif =20 GLOBAL(ftrace_stub) @@ -15191,7 +15045,7 @@ index faf8d5e..4f16a68 100644 =20 #else /* ! CONFIG_DYNAMIC_FTRACE */ ENTRY(mcount) -@@ -112,6 +116,7 @@ ENTRY(mcount) +@@ -113,6 +117,7 @@ ENTRY(mcount) #endif =20 GLOBAL(ftrace_stub) @@ -15199,7 +15053,7 @@ index faf8d5e..4f16a68 100644 retq =20 trace: -@@ -121,12 +126,13 @@ trace: +@@ -122,12 +127,13 @@ trace: movq 8(%rbp), %rsi subq $MCOUNT_INSN_SIZE, %rdi =20 @@ -15214,7 +15068,7 @@ index faf8d5e..4f16a68 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ =20 -@@ -146,8 +152,9 @@ ENTRY(ftrace_graph_caller) +@@ -147,8 +153,9 @@ ENTRY(ftrace_graph_caller) =20 MCOUNT_RESTORE_FRAME =20 @@ -15225,7 +15079,7 @@ index faf8d5e..4f16a68 100644 =20 GLOBAL(return_to_handler) subq $24, %rsp -@@ -163,6 +170,7 @@ GLOBAL(return_to_handler) +@@ -164,6 +171,7 @@ GLOBAL(return_to_handler) movq 8(%rsp), %rdx movq (%rsp), %rax addq $24, %rsp @@ -15233,7 +15087,7 @@ index faf8d5e..4f16a68 100644 jmp *%rdi #endif =20 -@@ -178,6 +186,282 @@ ENTRY(native_usergs_sysret64) +@@ -179,6 +187,282 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ =20 @@ -15516,7 +15370,7 @@ index faf8d5e..4f16a68 100644 =20 .macro TRACE_IRQS_IRETQ offset=3DARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -231,8 +515,8 @@ ENDPROC(native_usergs_sysret64) +@@ -232,8 +516,8 @@ ENDPROC(native_usergs_sysret64) .endm =20 .macro UNFAKE_STACK_FRAME @@ -15527,7 +15381,7 @@ index faf8d5e..4f16a68 100644 .endm =20 /* -@@ -319,7 +603,7 @@ ENDPROC(native_usergs_sysret64) +@@ -320,7 +604,7 @@ ENDPROC(native_usergs_sysret64) movq %rsp, %rsi =20 leaq -RBP(%rsp),%rdi /* arg1 for handler */ @@ -15536,7 +15390,7 @@ index faf8d5e..4f16a68 100644 je 1f SWAPGS /* -@@ -355,9 +639,10 @@ ENTRY(save_rest) +@@ -356,9 +640,10 @@ ENTRY(save_rest) movq_cfi r15, R15+16 movq %r11, 8(%rsp) /* return address */ FIXUP_TOP_OF_STACK %r11, 16 @@ -15548,7 +15402,7 @@ index faf8d5e..4f16a68 100644 =20 /* save complete stack frame */ .pushsection .kprobes.text, "ax" -@@ -386,9 +671,10 @@ ENTRY(save_paranoid) +@@ -387,9 +672,10 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -15561,16 +15415,16 @@ index faf8d5e..4f16a68 100644 .popsection =20 /* -@@ -410,7 +696,7 @@ ENTRY(ret_from_fork) +@@ -411,7 +697,7 @@ ENTRY(ret_from_fork) =20 RESTORE_REST =20 - testl $3, CS-ARGOFFSET(%rsp) # from kernel_thread? + testb $3, CS-ARGOFFSET(%rsp) # from kernel_thread? - je int_ret_from_sys_call + jz retint_restore_args =20 testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -420,7 +706,7 @@ ENTRY(ret_from_fork) +@@ -421,7 +707,7 @@ ENTRY(ret_from_fork) jmp ret_from_sys_call # go to the SYSRET fastpath =20 CFI_ENDPROC @@ -15579,7 +15433,7 @@ index faf8d5e..4f16a68 100644 =20 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -456,7 +742,7 @@ END(ret_from_fork) +@@ -457,7 +743,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -15588,7 +15442,7 @@ index faf8d5e..4f16a68 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -469,12 +755,13 @@ ENTRY(system_call_after_swapgs) +@@ -470,21 +756,23 @@ GLOBAL(system_call_after_swapgs) =20 movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -15603,7 +15457,10 @@ index faf8d5e..4f16a68 100644 movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) CFI_REL_OFFSET rip,RIP-ARGOFFSET -@@ -484,7 +771,7 @@ ENTRY(system_call_after_swapgs) +- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET= ) ++ GET_THREAD_INFO(%rcx) ++ testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%rcx) + jnz tracesys system_call_fastpath: cmpq $__NR_syscall_max,%rax ja badsys @@ -15612,7 +15469,13 @@ index faf8d5e..4f16a68 100644 call *sys_call_table(,%rax,8) # XXX: rip relative movq %rax,RAX-ARGOFFSET(%rsp) /* -@@ -503,6 +790,8 @@ sysret_check: +@@ -498,10 +786,13 @@ sysret_check: + LOCKDEP_SYS_EXIT + DISABLE_INTERRUPTS(CLBR_NONE) + TRACE_IRQS_OFF +- movl TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET),%edx ++ GET_THREAD_INFO(%rcx) ++ movl TI_flags(%rcx),%edx andl %edi,%edx jnz sysret_careful CFI_REMEMBER_STATE @@ -15621,7 +15484,7 @@ index faf8d5e..4f16a68 100644 /* * sysretq will re-enable interrupts: */ -@@ -554,14 +843,18 @@ badsys: +@@ -553,14 +844,18 @@ badsys: * jump back to the normal fast path. */ auditsys: @@ -15632,7 +15495,7 @@ index faf8d5e..4f16a68 100644 movq %rdi,%rdx /* 3rd arg: 1st syscall arg */ movq %rax,%rsi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */ - call audit_syscall_entry + call __audit_syscall_entry + + pax_erase_kstack + @@ -15641,7 +15504,16 @@ index faf8d5e..4f16a68 100644 jmp system_call_fastpath =20 /* -@@ -591,16 +884,20 @@ tracesys: +@@ -581,7 +876,7 @@ sysret_audit: + /* Do syscall tracing */ + tracesys: + #ifdef CONFIG_AUDITSYSCALL +- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD= _INFO(%rsp,RIP-ARGOFFSET) ++ testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%rcx) + jz auditsys + #endif + SAVE_REST +@@ -589,16 +884,20 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -15663,16 +15535,7 @@ index faf8d5e..4f16a68 100644 call *sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) /* Use IRET because user could have changed frame */ -@@ -612,7 +909,7 @@ tracesys: - GLOBAL(int_ret_from_sys_call) - DISABLE_INTERRUPTS(CLBR_NONE) - TRACE_IRQS_OFF -- testl $3,CS-ARGOFFSET(%rsp) -+ testb $3,CS-ARGOFFSET(%rsp) - je retint_restore_args - movl $_TIF_ALLWORK_MASK,%edi - /* edi: mask to check */ -@@ -623,6 +920,7 @@ GLOBAL(int_with_check) +@@ -619,6 +918,7 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -15680,7 +15543,7 @@ index faf8d5e..4f16a68 100644 jmp retint_swapgs =20 /* Either reschedule or signal or syscall exit tracking needed. */ -@@ -669,7 +967,7 @@ int_restore_rest: +@@ -665,7 +965,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -15689,7 +15552,7 @@ index faf8d5e..4f16a68 100644 =20 /* * Certain special system calls that need to save a complete full stack= frame. -@@ -685,7 +983,7 @@ ENTRY(\label) +@@ -681,7 +981,7 @@ ENTRY(\label) call \func jmp ptregscall_common CFI_ENDPROC @@ -15698,7 +15561,7 @@ index faf8d5e..4f16a68 100644 .endm =20 PTREGSCALL stub_clone, sys_clone, %r8 -@@ -703,9 +1001,10 @@ ENTRY(ptregscall_common) +@@ -699,9 +999,10 @@ ENTRY(ptregscall_common) movq_cfi_restore R12+8, r12 movq_cfi_restore RBP+8, rbp movq_cfi_restore RBX+8, rbx @@ -15710,7 +15573,7 @@ index faf8d5e..4f16a68 100644 =20 ENTRY(stub_execve) CFI_STARTPROC -@@ -720,7 +1019,7 @@ ENTRY(stub_execve) +@@ -716,7 +1017,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -15719,7 +15582,7 @@ index faf8d5e..4f16a68 100644 =20 /* * sigreturn is special because it needs to restore all registers on re= turn. -@@ -738,7 +1037,7 @@ ENTRY(stub_rt_sigreturn) +@@ -734,7 +1035,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -15728,7 +15591,7 @@ index faf8d5e..4f16a68 100644 =20 /* * Build the entry stubs and pointer table with some assembler magic. -@@ -773,7 +1072,7 @@ vector=3Dvector+1 +@@ -769,7 +1070,7 @@ vector=3Dvector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -15737,7 +15600,7 @@ index faf8d5e..4f16a68 100644 =20 .previous END(interrupt) -@@ -793,6 +1092,16 @@ END(interrupt) +@@ -789,6 +1090,16 @@ END(interrupt) subq $ORIG_RAX-RBP, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP SAVE_ARGS_IRQ @@ -15754,7 +15617,7 @@ index faf8d5e..4f16a68 100644 call \func .endm =20 -@@ -824,7 +1133,7 @@ ret_from_intr: +@@ -820,7 +1131,7 @@ ret_from_intr: =20 exit_intr: GET_THREAD_INFO(%rcx) @@ -15763,7 +15626,7 @@ index faf8d5e..4f16a68 100644 je retint_kernel =20 /* Interrupt came from user space */ -@@ -846,12 +1155,15 @@ retint_swapgs: /* return to user-space */ +@@ -842,12 +1153,15 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -15779,7 +15642,7 @@ index faf8d5e..4f16a68 100644 /* * The iretq could re-enable interrupts: */ -@@ -940,7 +1252,7 @@ ENTRY(retint_kernel) +@@ -936,7 +1250,7 @@ ENTRY(retint_kernel) #endif =20 CFI_ENDPROC @@ -15788,7 +15651,7 @@ index faf8d5e..4f16a68 100644 /* * End of kprobes section */ -@@ -956,7 +1268,7 @@ ENTRY(\sym) +@@ -953,7 +1267,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -15797,7 +15660,7 @@ index faf8d5e..4f16a68 100644 .endm =20 #ifdef CONFIG_SMP -@@ -1021,12 +1333,22 @@ ENTRY(\sym) +@@ -1026,12 +1340,22 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -15821,7 +15684,7 @@ index faf8d5e..4f16a68 100644 .endm =20 .macro paranoidzeroentry sym do_sym -@@ -1038,15 +1360,25 @@ ENTRY(\sym) +@@ -1043,15 +1367,25 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -15849,7 +15712,7 @@ index faf8d5e..4f16a68 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1056,14 +1388,30 @@ ENTRY(\sym) +@@ -1061,14 +1395,30 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -15881,7 +15744,7 @@ index faf8d5e..4f16a68 100644 .endm =20 .macro errorentry sym do_sym -@@ -1074,13 +1422,23 @@ ENTRY(\sym) +@@ -1079,13 +1429,23 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -15906,7 +15769,7 @@ index faf8d5e..4f16a68 100644 .endm =20 /* error code is on the stack already */ -@@ -1093,13 +1451,23 @@ ENTRY(\sym) +@@ -1098,13 +1458,23 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -15931,7 +15794,7 @@ index faf8d5e..4f16a68 100644 .endm =20 zeroentry divide_error do_divide_error -@@ -1129,9 +1497,10 @@ gs_change: +@@ -1134,9 +1504,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -15943,7 +15806,7 @@ index faf8d5e..4f16a68 100644 =20 .section __ex_table,"a" .align 8 -@@ -1153,13 +1522,14 @@ ENTRY(kernel_thread_helper) +@@ -1158,13 +1529,14 @@ ENTRY(kernel_thread_helper) * Here we are in the child and the registers are set as they were * at kernel_thread() invocation in the parent. */ @@ -15959,7 +15822,7 @@ index faf8d5e..4f16a68 100644 =20 /* * execve(). This function needs to use IRET, not SYSRET, to set up all= state properly. -@@ -1186,11 +1556,11 @@ ENTRY(kernel_execve) +@@ -1191,11 +1563,11 @@ ENTRY(kernel_execve) RESTORE_REST testq %rax,%rax je int_ret_from_sys_call @@ -15973,7 +15836,7 @@ index faf8d5e..4f16a68 100644 =20 /* Call softirq on interrupt stack. Interrupts are off. */ ENTRY(call_softirq) -@@ -1208,9 +1578,10 @@ ENTRY(call_softirq) +@@ -1213,9 +1585,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -15985,7 +15848,7 @@ index faf8d5e..4f16a68 100644 =20 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1248,7 +1619,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hyperviso= r_callback(struct *pt_regs) +@@ -1253,7 +1626,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hyperviso= r_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -15994,7 +15857,7 @@ index faf8d5e..4f16a68 100644 =20 /* * Hypervisor uses this for application faults while it executes. -@@ -1307,7 +1678,7 @@ ENTRY(xen_failsafe_callback) +@@ -1312,7 +1685,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -16003,7 +15866,7 @@ index faf8d5e..4f16a68 100644 =20 apicinterrupt XEN_HVM_EVTCHN_CALLBACK \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1356,16 +1727,31 @@ ENTRY(paranoid_exit) +@@ -1361,16 +1734,31 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -16036,7 +15899,7 @@ index faf8d5e..4f16a68 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1394,7 +1780,7 @@ paranoid_schedule: +@@ -1399,7 +1787,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -16045,7 +15908,7 @@ index faf8d5e..4f16a68 100644 =20 /* * Exception entry point. This expects an error code/orig_rax on the st= ack. -@@ -1421,12 +1807,13 @@ ENTRY(error_entry) +@@ -1426,12 +1814,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -16060,7 +15923,7 @@ index faf8d5e..4f16a68 100644 ret =20 /* -@@ -1453,7 +1840,7 @@ bstep_iret: +@@ -1458,7 +1847,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -16069,17 +15932,30 @@ index faf8d5e..4f16a68 100644 =20 =20 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1473,7 +1860,7 @@ ENTRY(error_exit) +@@ -1478,7 +1867,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC -END(error_exit) +ENDPROC(error_exit) =20 -=20 - /* runs on exception stack */ -@@ -1485,6 +1872,16 @@ ENTRY(nmi) - CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 + /* + * Test if a given stack is an NMI stack or not. +@@ -1535,9 +1924,11 @@ ENTRY(nmi) + * If %cs was not the kernel segment, then the NMI triggered in user + * space, which means it is definitely not nested. + */ ++ cmpl $__KERNEXEC_KERNEL_CS, 16(%rsp) ++ je 1f + cmpl $__KERNEL_CS, 16(%rsp) + jne first_nmi +- ++1: + /* + * Check the special variable on the stack to see if NMIs are + * executing. +@@ -1659,6 +2050,16 @@ restart_nmi: + */ call save_paranoid DEFAULT_FRAME 0 +#ifdef CONFIG_PAX_MEMORY_UDEREF @@ -16095,20 +15971,9 @@ index faf8d5e..4f16a68 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1495,12 +1892,28 @@ ENTRY(nmi) - DISABLE_INTERRUPTS(CLBR_NONE) +@@ -1666,14 +2067,25 @@ restart_nmi: testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore -- testl $3,CS(%rsp) -+ testb $3,CS(%rsp) - jnz nmi_userspace -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+ pax_exit_kernel -+ SWAPGS_UNSAFE_STACK -+ RESTORE_ALL 8 -+ pax_force_retaddr_bts -+ jmp irq_return -+#endif nmi_swapgs: +#ifdef CONFIG_PAX_MEMORY_UDEREF + pax_exit_kernel_user @@ -16117,23 +15982,23 @@ index faf8d5e..4f16a68 100644 +#endif SWAPGS_UNSAFE_STACK + RESTORE_ALL 8 ++ /* Clear the NMI executing stack variable */ ++ movq $0, 10*8(%rsp) + jmp irq_return nmi_restore: + pax_exit_kernel RESTORE_ALL 8 + pax_force_retaddr_bts + /* Clear the NMI executing stack variable */ + movq $0, 10*8(%rsp) jmp irq_return - nmi_userspace: - GET_THREAD_INFO(%rcx) -@@ -1529,14 +1942,14 @@ nmi_schedule: - jmp paranoid_exit CFI_ENDPROC - #endif -END(nmi) +ENDPROC(nmi) =20 - ENTRY(ignore_sysret) - CFI_STARTPROC + /* + * If an NMI hit an iret because of an exception or breakpoint, +@@ -1700,7 +2112,7 @@ ENTRY(ignore_sysret) mov $-ENOSYS,%eax sysret CFI_ENDPROC @@ -16204,7 +16069,7 @@ index c9a281f..ce2f317 100644 return -EFAULT; =20 diff --git a/arch/x86/kernel/head32.c b/arch/x86/kernel/head32.c -index 3bb0850..55a56f4 100644 +index 51ff186..9e77418 100644 --- a/arch/x86/kernel/head32.c +++ b/arch/x86/kernel/head32.c @@ -19,6 +19,7 @@ @@ -16215,12 +16080,13 @@ index 3bb0850..55a56f4 100644 =20 static void __init i386_default_early_setup(void) { -@@ -33,7 +34,7 @@ void __init i386_start_kernel(void) - { - memblock_init(); +@@ -31,8 +32,7 @@ static void __init i386_default_early_setup(void) =20 -- memblock_x86_reserve_range(__pa_symbol(&_text), __pa_symbol(&__bss_sto= p), "TEXT DATA BSS"); -+ memblock_x86_reserve_range(LOAD_PHYSICAL_ADDR, __pa_symbol(&__bss_stop= ), "TEXT DATA BSS"); + void __init i386_start_kernel(void) + { +- memblock_reserve(__pa_symbol(&_text), +- __pa_symbol(&__bss_stop) - __pa_symbol(&_text)); ++ memblock_reserve(LOAD_PHYSICAL_ADDR, __pa_symbol(&__bss_stop) - LOAD_P= HYSICAL_ADDR); =20 #ifdef CONFIG_BLK_DEV_INITRD /* Reserve INITRD */ @@ -16663,7 +16529,7 @@ index ce0be7c..c41476e 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index e11e394..9aebc5d 100644 +index 40f4eb3..6d24d9d 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -19,6 +19,8 @@ @@ -16889,7 +16755,7 @@ index e11e394..9aebc5d 100644 =20 NEXT_PAGE(level2_kernel_pgt) /* -@@ -389,33 +429,55 @@ NEXT_PAGE(level2_kernel_pgt) +@@ -389,37 +429,59 @@ NEXT_PAGE(level2_kernel_pgt) * If you want to increase this then increase MODULES_VADDR * too.) */ @@ -16953,6 +16819,11 @@ index e11e394..9aebc5d 100644 - .skip IDT_ENTRIES * 16 + .fill 512,8,0 =20 + .align L1_CACHE_BYTES + ENTRY(nmi_idt_table) +- .skip IDT_ENTRIES * 16 ++ .fill 512,8,0 +=20 __PAGE_ALIGNED_BSS .align PAGE_SIZE diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksym= s_32.c @@ -16980,79 +16851,6 @@ index 9c3bd4a..e1d9b35 100644 +#ifdef CONFIG_PAX_KERNEXEC +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR); +#endif -diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c -index 739d859..d1d6be7 100644 ---- a/arch/x86/kernel/i387.c -+++ b/arch/x86/kernel/i387.c -@@ -188,6 +188,9 @@ int xfpregs_active(struct task_struct *target, const= struct user_regset *regset) -=20 - int xfpregs_get(struct task_struct *target, const struct user_regset *r= egset, - unsigned int pos, unsigned int count, -+ void *kbuf, void __user *ubuf) __size_overflow(4); -+int xfpregs_get(struct task_struct *target, const struct user_regset *r= egset, -+ unsigned int pos, unsigned int count, - void *kbuf, void __user *ubuf) - { - int ret; -@@ -207,6 +210,9 @@ int xfpregs_get(struct task_struct *target, const st= ruct user_regset *regset, -=20 - int xfpregs_set(struct task_struct *target, const struct user_regset *r= egset, - unsigned int pos, unsigned int count, -+ const void *kbuf, const void __user *ubuf) __size_overflow(4); -+int xfpregs_set(struct task_struct *target, const struct user_regset *r= egset, -+ unsigned int pos, unsigned int count, - const void *kbuf, const void __user *ubuf) - { - int ret; -@@ -240,6 +246,9 @@ int xfpregs_set(struct task_struct *target, const st= ruct user_regset *regset, -=20 - int xstateregs_get(struct task_struct *target, const struct user_regset= *regset, - unsigned int pos, unsigned int count, -+ void *kbuf, void __user *ubuf) __size_overflow(4); -+int xstateregs_get(struct task_struct *target, const struct user_regset= *regset, -+ unsigned int pos, unsigned int count, - void *kbuf, void __user *ubuf) - { - int ret; -@@ -269,6 +278,9 @@ int xstateregs_get(struct task_struct *target, const= struct user_regset *regset, -=20 - int xstateregs_set(struct task_struct *target, const struct user_regset= *regset, - unsigned int pos, unsigned int count, -+ const void *kbuf, const void __user *ubuf) __size_overflow(4); -+int xstateregs_set(struct task_struct *target, const struct user_regset= *regset, -+ unsigned int pos, unsigned int count, - const void *kbuf, const void __user *ubuf) - { - int ret; -@@ -439,6 +451,9 @@ static void convert_to_fxsr(struct task_struct *tsk, -=20 - int fpregs_get(struct task_struct *target, const struct user_regset *re= gset, - unsigned int pos, unsigned int count, -+ void *kbuf, void __user *ubuf) __size_overflow(3,4); -+int fpregs_get(struct task_struct *target, const struct user_regset *re= gset, -+ unsigned int pos, unsigned int count, - void *kbuf, void __user *ubuf) - { - struct user_i387_ia32_struct env; -@@ -471,6 +486,9 @@ int fpregs_get(struct task_struct *target, const str= uct user_regset *regset, -=20 - int fpregs_set(struct task_struct *target, const struct user_regset *re= gset, - unsigned int pos, unsigned int count, -+ const void *kbuf, const void __user *ubuf) __size_overflow(3,4)= ; -+int fpregs_set(struct task_struct *target, const struct user_regset *re= gset, -+ unsigned int pos, unsigned int count, - const void *kbuf, const void __user *ubuf) - { - struct user_i387_ia32_struct env; -@@ -619,6 +637,8 @@ static inline int restore_i387_fsave(struct _fpstate= _ia32 __user *buf) - } -=20 - static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf, -+ unsigned int size) __size_overflow(2); -+static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf, - unsigned int size) - { - struct task_struct *tsk =3D current; diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c index 6104852..6114160 100644 --- a/arch/x86/kernel/i8259.c @@ -17136,7 +16934,7 @@ index 8c96897..be66bfa 100644 return -EPERM; } diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c -index 429e0c9..17b3ece 100644 +index 7943e0c..dd32c5c 100644 --- a/arch/x86/kernel/irq.c +++ b/arch/x86/kernel/irq.c @@ -18,7 +18,7 @@ @@ -17148,7 +16946,7 @@ index 429e0c9..17b3ece 100644 =20 /* Function pointer for generic interrupt vector handling */ void (*x86_platform_ipi_callback)(void) =3D NULL; -@@ -117,9 +117,9 @@ int arch_show_interrupts(struct seq_file *p, int pre= c) +@@ -121,9 +121,9 @@ int arch_show_interrupts(struct seq_file *p, int pre= c) seq_printf(p, "%10u ", per_cpu(mce_poll_count, j)); seq_printf(p, " Machine check polls\n"); #endif @@ -17160,7 +16958,7 @@ index 429e0c9..17b3ece 100644 #endif return 0; } -@@ -159,10 +159,10 @@ u64 arch_irq_stat_cpu(unsigned int cpu) +@@ -164,10 +164,10 @@ u64 arch_irq_stat_cpu(unsigned int cpu) =20 u64 arch_irq_stat(void) { @@ -17174,10 +16972,10 @@ index 429e0c9..17b3ece 100644 return sum; } diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c -index 7209070..cbcd71a 100644 +index 40fc861..9b8739b 100644 --- a/arch/x86/kernel/irq_32.c +++ b/arch/x86/kernel/irq_32.c -@@ -36,7 +36,7 @@ static int check_stack_overflow(void) +@@ -39,7 +39,7 @@ static int check_stack_overflow(void) __asm__ __volatile__("andl %%esp,%0" : "=3Dr" (sp) : "0" (THREAD_SIZE - 1)); =20 @@ -17186,7 +16984,7 @@ index 7209070..cbcd71a 100644 } =20 static void print_stack_overflow(void) -@@ -54,8 +54,8 @@ static inline void print_stack_overflow(void) { } +@@ -59,8 +59,8 @@ static inline void print_stack_overflow(void) { } * per-CPU IRQ handling contexts (thread information and stack) */ union irq_ctx { @@ -17197,7 +16995,7 @@ index 7209070..cbcd71a 100644 } __attribute__((aligned(THREAD_SIZE))); =20 static DEFINE_PER_CPU(union irq_ctx *, hardirq_ctx); -@@ -75,10 +75,9 @@ static void call_on_stack(void *func, void *stack) +@@ -80,10 +80,9 @@ static void call_on_stack(void *func, void *stack) static inline int execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) { @@ -17209,7 +17007,7 @@ index 7209070..cbcd71a 100644 irqctx =3D __this_cpu_read(hardirq_ctx); =20 /* -@@ -87,21 +86,16 @@ execute_on_irq_stack(int overflow, struct irq_desc *= desc, int irq) +@@ -92,21 +91,16 @@ execute_on_irq_stack(int overflow, struct irq_desc *= desc, int irq) * handler) we can't do that and just have to keep using the * current stack (which is the irq stack already after all) */ @@ -17237,7 +17035,7 @@ index 7209070..cbcd71a 100644 =20 if (unlikely(overflow)) call_on_stack(print_stack_overflow, isp); -@@ -113,6 +107,11 @@ execute_on_irq_stack(int overflow, struct irq_desc = *desc, int irq) +@@ -118,6 +112,11 @@ execute_on_irq_stack(int overflow, struct irq_desc = *desc, int irq) : "0" (irq), "1" (desc), "2" (isp), "D" (desc->handle_irq) : "memory", "cc", "ecx"); @@ -17249,7 +17047,7 @@ index 7209070..cbcd71a 100644 return 1; } =20 -@@ -121,29 +120,11 @@ execute_on_irq_stack(int overflow, struct irq_desc= *desc, int irq) +@@ -126,29 +125,11 @@ execute_on_irq_stack(int overflow, struct irq_desc= *desc, int irq) */ void __cpuinit irq_ctx_init(int cpu) { @@ -17281,7 +17079,7 @@ index 7209070..cbcd71a 100644 =20 printk(KERN_DEBUG "CPU %u irqstacks, hard=3D%p soft=3D%p\n", cpu, per_cpu(hardirq_ctx, cpu), per_cpu(softirq_ctx, cpu)); -@@ -152,7 +133,6 @@ void __cpuinit irq_ctx_init(int cpu) +@@ -157,7 +138,6 @@ void __cpuinit irq_ctx_init(int cpu) asmlinkage void do_softirq(void) { unsigned long flags; @@ -17289,7 +17087,7 @@ index 7209070..cbcd71a 100644 union irq_ctx *irqctx; u32 *isp; =20 -@@ -162,15 +142,22 @@ asmlinkage void do_softirq(void) +@@ -167,15 +147,22 @@ asmlinkage void do_softirq(void) local_irq_save(flags); =20 if (local_softirq_pending()) { @@ -17317,18 +17115,18 @@ index 7209070..cbcd71a 100644 * Shouldn't happen, we returned above if in_interrupt(): */ diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c -index 69bca46..0bac999 100644 +index d04d3ec..ea4b374 100644 --- a/arch/x86/kernel/irq_64.c +++ b/arch/x86/kernel/irq_64.c -@@ -38,7 +38,7 @@ static inline void stack_overflow_check(struct pt_regs= *regs) - #ifdef CONFIG_DEBUG_STACKOVERFLOW +@@ -44,7 +44,7 @@ static inline void stack_overflow_check(struct pt_regs= *regs) + u64 estack_top, estack_bottom; u64 curbase =3D (u64)task_stack_page(current); =20 - if (user_mode_vm(regs)) + if (user_mode(regs)) return; =20 - WARN_ONCE(regs->sp >=3D curbase && + if (regs->sp >=3D curbase + sizeof(struct thread_info) + diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c index faba577..93b9e71 100644 --- a/arch/x86/kernel/kgdb.c @@ -17518,20 +17316,8 @@ index 7da647d..56fe348 100644 RELATIVE_ADDR_SIZE); =20 insn_buf[0] =3D RELATIVEJUMP_OPCODE; -diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c -index a9c2116..a52d4fc 100644 ---- a/arch/x86/kernel/kvm.c -+++ b/arch/x86/kernel/kvm.c -@@ -437,6 +437,7 @@ static void __init paravirt_ops_setup(void) - pv_mmu_ops.set_pud =3D kvm_set_pud; - #if PAGETABLE_LEVELS =3D=3D 4 - pv_mmu_ops.set_pgd =3D kvm_set_pgd; -+ pv_mmu_ops.set_pgd_batched =3D kvm_set_pgd; - #endif - #endif - pv_mmu_ops.flush_tlb_user =3D kvm_flush_tlb; diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c -index ea69726..8b497c9 100644 +index ea69726..604d066 100644 --- a/arch/x86/kernel/ldt.c +++ b/arch/x86/kernel/ldt.c @@ -67,13 +67,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount,= int reload) @@ -17584,15 +17370,7 @@ index ea69726..8b497c9 100644 return retval; } =20 -@@ -141,6 +159,7 @@ void destroy_context(struct mm_struct *mm) - } - } -=20 -+static int read_ldt(void __user *ptr, unsigned long bytecount) __size_o= verflow(2); - static int read_ldt(void __user *ptr, unsigned long bytecount) - { - int err; -@@ -230,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned lon= g bytecount, int oldmode) +@@ -230,6 +248,13 @@ static int write_ldt(void __user *ptr, unsigned lon= g bytecount, int oldmode) } } =20 @@ -17638,14 +17416,11 @@ index a3fa43b..8966f4c 100644 relocate_kernel_ptr =3D control_page; page_list[PA_CONTROL_PAGE] =3D __pa(control_page); diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microco= de_intel.c -index 3ca42d0..79d24cd 100644 +index 3ca42d0..7cff8cc 100644 --- a/arch/x86/kernel/microcode_intel.c +++ b/arch/x86/kernel/microcode_intel.c -@@ -434,15 +434,16 @@ static enum ucode_state request_microcode_fw(int c= pu, struct device *device) - return ret; - } +@@ -436,13 +436,13 @@ static enum ucode_state request_microcode_fw(int c= pu, struct device *device) =20 -+static int get_ucode_user(void *to, const void *from, size_t n) __size_= overflow(3); static int get_ucode_user(void *to, const void *from, size_t n) { - return copy_from_user(to, from, n); @@ -17798,10 +17573,10 @@ index 925179f..267ac7a 100644 if ((s64)val !=3D *(s32 *)loc) goto overflow; diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c -index e88f37b..1353db6 100644 +index 47acaf3..ec48ab6 100644 --- a/arch/x86/kernel/nmi.c +++ b/arch/x86/kernel/nmi.c -@@ -408,6 +408,17 @@ static notrace __kprobes void default_do_nmi(struct= pt_regs *regs) +@@ -505,6 +505,17 @@ static inline void nmi_nesting_postprocess(void) dotraplinkage notrace __kprobes void do_nmi(struct pt_regs *regs, long error_code) { @@ -17816,9 +17591,9 @@ index e88f37b..1353db6 100644 + } +#endif + - nmi_enter(); + nmi_nesting_preprocess(regs); =20 - inc_irq_stat(__nmi_count); + nmi_enter(); diff --git a/arch/x86/kernel/paravirt-spinlocks.c b/arch/x86/kernel/para= virt-spinlocks.c index 676b8c7..870ba04 100644 --- a/arch/x86/kernel/paravirt-spinlocks.c @@ -17981,7 +17756,7 @@ index 35ccf75..7a15747 100644 #define DEBUG 1 =20 diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index ee5d4fb..426649b 100644 +index 15763af..da59ada 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -48,16 +48,33 @@ void free_thread_xstate(struct task_struct *tsk) @@ -18122,7 +17897,7 @@ index ee5d4fb..426649b 100644 +} +#endif diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c -index 8598296..bfadef0 100644 +index c08d1ff..6ae1c81 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -67,6 +67,7 @@ asmlinkage void ret_from_fork(void) __asm__("ret_from_= fork"); @@ -18133,7 +17908,7 @@ index 8598296..bfadef0 100644 } =20 #ifndef CONFIG_SMP -@@ -130,15 +131,14 @@ void __show_regs(struct pt_regs *regs, int all) +@@ -132,15 +133,14 @@ void __show_regs(struct pt_regs *regs, int all) unsigned long sp; unsigned short ss, gs; =20 @@ -18151,7 +17926,7 @@ index 8598296..bfadef0 100644 =20 show_regs_common(); =20 -@@ -200,13 +200,14 @@ int copy_thread(unsigned long clone_flags, unsigne= d long sp, +@@ -202,13 +202,14 @@ int copy_thread(unsigned long clone_flags, unsigne= d long sp, struct task_struct *tsk; int err; =20 @@ -18167,7 +17942,7 @@ index 8598296..bfadef0 100644 =20 p->thread.ip =3D (unsigned long) ret_from_fork; =20 -@@ -296,7 +297,7 @@ __switch_to(struct task_struct *prev_p, struct task_= struct *next_p) +@@ -299,7 +300,7 @@ __switch_to(struct task_struct *prev_p, struct task_= struct *next_p) struct thread_struct *prev =3D &prev_p->thread, *next =3D &next_p->thread; int cpu =3D smp_processor_id(); @@ -18176,7 +17951,7 @@ index 8598296..bfadef0 100644 fpu_switch_t fpu; =20 /* never put a printk in __switch_to... printk() calls wake_up*() indi= rectly */ -@@ -320,6 +321,10 @@ __switch_to(struct task_struct *prev_p, struct task= _struct *next_p) +@@ -323,6 +324,10 @@ __switch_to(struct task_struct *prev_p, struct task= _struct *next_p) */ lazy_save_gs(prev->gs); =20 @@ -18187,7 +17962,7 @@ index 8598296..bfadef0 100644 /* * Load the per-thread Thread-Local Storage descriptor. */ -@@ -350,6 +355,9 @@ __switch_to(struct task_struct *prev_p, struct task_= struct *next_p) +@@ -353,6 +358,9 @@ __switch_to(struct task_struct *prev_p, struct task_= struct *next_p) */ arch_end_context_switch(next_p); =20 @@ -18197,7 +17972,7 @@ index 8598296..bfadef0 100644 /* * Restore %gs if needed (which is common) */ -@@ -358,8 +366,6 @@ __switch_to(struct task_struct *prev_p, struct task_= struct *next_p) +@@ -361,8 +369,6 @@ __switch_to(struct task_struct *prev_p, struct task_= struct *next_p) =20 switch_fpu_finish(next_p, fpu); =20 @@ -18206,13 +17981,13 @@ index 8598296..bfadef0 100644 return prev_p; } =20 -@@ -389,4 +395,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -392,4 +398,3 @@ unsigned long get_wchan(struct task_struct *p) } while (count++ < 16); return 0; } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index 6a364a6..b147d11 100644 +index cfa5c90..4facd28 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -89,7 +89,7 @@ static void __exit_idle(void) @@ -18224,7 +17999,7 @@ index 6a364a6..b147d11 100644 return; __exit_idle(); } -@@ -264,8 +264,7 @@ int copy_thread(unsigned long clone_flags, unsigned = long sp, +@@ -270,8 +270,7 @@ int copy_thread(unsigned long clone_flags, unsigned = long sp, struct pt_regs *childregs; struct task_struct *me =3D current; =20 @@ -18234,7 +18009,7 @@ index 6a364a6..b147d11 100644 *childregs =3D *regs; =20 childregs->ax =3D 0; -@@ -277,6 +276,7 @@ int copy_thread(unsigned long clone_flags, unsigned = long sp, +@@ -283,6 +282,7 @@ int copy_thread(unsigned long clone_flags, unsigned = long sp, p->thread.sp =3D (unsigned long) childregs; p->thread.sp0 =3D (unsigned long) (childregs+1); p->thread.usersp =3D me->thread.usersp; @@ -18242,7 +18017,7 @@ index 6a364a6..b147d11 100644 =20 set_tsk_thread_flag(p, TIF_FORK); =20 -@@ -379,7 +379,7 @@ __switch_to(struct task_struct *prev_p, struct task_= struct *next_p) +@@ -385,7 +385,7 @@ __switch_to(struct task_struct *prev_p, struct task_= struct *next_p) struct thread_struct *prev =3D &prev_p->thread; struct thread_struct *next =3D &next_p->thread; int cpu =3D smp_processor_id(); @@ -18251,7 +18026,7 @@ index 6a364a6..b147d11 100644 unsigned fsindex, gsindex; fpu_switch_t fpu; =20 -@@ -461,10 +461,9 @@ __switch_to(struct task_struct *prev_p, struct task= _struct *next_p) +@@ -467,10 +467,9 @@ __switch_to(struct task_struct *prev_p, struct task= _struct *next_p) prev->usersp =3D percpu_read(old_rsp); percpu_write(old_rsp, next->usersp); percpu_write(current_task, next_p); @@ -18264,7 +18039,7 @@ index 6a364a6..b147d11 100644 =20 /* * Now maybe reload the debug registers and handle I/O bitmaps -@@ -519,12 +518,11 @@ unsigned long get_wchan(struct task_struct *p) +@@ -525,12 +524,11 @@ unsigned long get_wchan(struct task_struct *p) if (!p || p =3D=3D current || p->state =3D=3D TASK_RUNNING) return 0; stack =3D (unsigned long)task_stack_page(p); @@ -18280,21 +18055,10 @@ index 6a364a6..b147d11 100644 ip =3D *(u64 *)(fp+8); if (!in_sched_functions(ip)) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index 8252879..f367ec9 100644 +index 5026738..9e6d6dc 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c -@@ -791,6 +791,10 @@ static int ioperm_active(struct task_struct *target= , - static int ioperm_get(struct task_struct *target, - const struct user_regset *regset, - unsigned int pos, unsigned int count, -+ void *kbuf, void __user *ubuf) __size_overflow(3,4); -+static int ioperm_get(struct task_struct *target, -+ const struct user_regset *regset, -+ unsigned int pos, unsigned int count, - void *kbuf, void __user *ubuf) - { - if (!target->thread.io_bitmap_ptr) -@@ -822,7 +826,7 @@ long arch_ptrace(struct task_struct *child, long req= uest, +@@ -823,7 +823,7 @@ long arch_ptrace(struct task_struct *child, long req= uest, unsigned long addr, unsigned long data) { int ret; @@ -18303,7 +18067,7 @@ index 8252879..f367ec9 100644 =20 switch (request) { /* read the word at location addr in the USER area. */ -@@ -907,14 +911,14 @@ long arch_ptrace(struct task_struct *child, long r= equest, +@@ -908,14 +908,14 @@ long arch_ptrace(struct task_struct *child, long r= equest, if ((int) addr < 0) return -EIO; ret =3D do_get_thread_area(child, addr, @@ -18320,7 +18084,7 @@ index 8252879..f367ec9 100644 break; #endif =20 -@@ -1331,7 +1335,7 @@ static void fill_sigtrap_info(struct task_struct *= tsk, +@@ -1332,7 +1332,7 @@ static void fill_sigtrap_info(struct task_struct *= tsk, memset(info, 0, sizeof(*info)); info->si_signo =3D SIGTRAP; info->si_code =3D si_code; @@ -18362,7 +18126,7 @@ index 42eb330..139955c 100644 =20 return ret; diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c -index 37a458b..e63d183 100644 +index d840e69..98e9581 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c @@ -35,7 +35,7 @@ void (*pm_power_off)(void); @@ -18374,7 +18138,7 @@ index 37a458b..e63d183 100644 enum reboot_type reboot_type =3D BOOT_ACPI; int reboot_force; =20 -@@ -324,13 +324,17 @@ core_initcall(reboot_init); +@@ -335,13 +335,17 @@ core_initcall(reboot_init); extern const unsigned char machine_real_restart_asm[]; extern const u64 machine_real_restart_gdt[3]; =20 @@ -18394,7 +18158,7 @@ index 37a458b..e63d183 100644 local_irq_disable(); =20 /* Write zero to CMOS register number 0x0f, which the BIOS POST -@@ -356,14 +360,14 @@ void machine_real_restart(unsigned int type) +@@ -367,14 +371,14 @@ void machine_real_restart(unsigned int type) boot)". This seems like a fairly standard thing that gets set by REBOOT.COM programs, and the previous reset routine did this too. */ @@ -18411,7 +18175,7 @@ index 37a458b..e63d183 100644 =20 /* GDT[0]: GDT self-pointer */ lowmem_gdt[0] =3D -@@ -374,7 +378,33 @@ void machine_real_restart(unsigned int type) +@@ -385,7 +389,33 @@ void machine_real_restart(unsigned int type) GDT_ENTRY(0x009b, restart_pa, 0xffff); =20 /* Jump to the identity-mapped low memory code */ @@ -18445,7 +18209,7 @@ index 37a458b..e63d183 100644 } #ifdef CONFIG_APM_MODULE EXPORT_SYMBOL(machine_real_restart); -@@ -540,7 +570,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) +@@ -556,7 +586,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) * try to force a triple fault and then cycle between hitting the keybo= ard * controller and doing that */ @@ -18454,7 +18218,7 @@ index 37a458b..e63d183 100644 { int i; int attempt =3D 0; -@@ -664,13 +694,13 @@ void native_machine_shutdown(void) +@@ -680,13 +710,13 @@ void native_machine_shutdown(void) #endif } =20 @@ -18470,7 +18234,7 @@ index 37a458b..e63d183 100644 { printk("machine restart\n"); =20 -@@ -679,7 +709,7 @@ static void native_machine_restart(char *__unused) +@@ -695,7 +725,7 @@ static void native_machine_restart(char *__unused) __machine_emergency_restart(0); } =20 @@ -18479,7 +18243,7 @@ index 37a458b..e63d183 100644 { /* stop other cpus and apics */ machine_shutdown(); -@@ -690,7 +720,7 @@ static void native_machine_halt(void) +@@ -706,7 +736,7 @@ static void native_machine_halt(void) stop_this_cpu(NULL); } =20 @@ -18488,7 +18252,7 @@ index 37a458b..e63d183 100644 { if (pm_power_off) { if (!reboot_force) -@@ -699,6 +729,7 @@ static void native_machine_power_off(void) +@@ -715,6 +745,7 @@ static void native_machine_power_off(void) } /* a fallback in case there is no PM info available */ tboot_shutdown(TB_SHUTDOWN_HALT); @@ -18525,10 +18289,10 @@ index 7a6f3b3..bed145d7 100644 =20 1: diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index cf0ef98..e3f780b 100644 +index d7d5099..28555d0 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -447,7 +447,7 @@ static void __init parse_setup_data(void) +@@ -448,7 +448,7 @@ static void __init parse_setup_data(void) =20 switch (data->type) { case SETUP_E820_EXT: @@ -18537,7 +18301,7 @@ index cf0ef98..e3f780b 100644 break; case SETUP_DTB: add_dtb(pa_data); -@@ -650,7 +650,7 @@ static void __init trim_bios_range(void) +@@ -649,7 +649,7 @@ static void __init trim_bios_range(void) * area (640->1Mb) as ram even though it is not. * take them out. */ @@ -18546,7 +18310,7 @@ index cf0ef98..e3f780b 100644 sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map); } =20 -@@ -773,14 +773,14 @@ void __init setup_arch(char **cmdline_p) +@@ -767,14 +767,14 @@ void __init setup_arch(char **cmdline_p) =20 if (!boot_params.hdr.root_flags) root_mountflags &=3D ~MS_RDONLY; @@ -18567,7 +18331,7 @@ index cf0ef98..e3f780b 100644 bss_resource.start =3D virt_to_phys(&__bss_start); bss_resource.end =3D virt_to_phys(&__bss_stop)-1; diff --git a/arch/x86/kernel/setup_percpu.c b/arch/x86/kernel/setup_perc= pu.c -index 71f4727..217419b 100644 +index 71f4727..16dc9f7 100644 --- a/arch/x86/kernel/setup_percpu.c +++ b/arch/x86/kernel/setup_percpu.c @@ -21,19 +21,17 @@ @@ -18594,25 +18358,7 @@ index 71f4727..217419b 100644 [0 ... NR_CPUS-1] =3D BOOT_PERCPU_OFFSET, }; EXPORT_SYMBOL(__per_cpu_offset); -@@ -96,6 +94,8 @@ static bool __init pcpu_need_numa(void) - * Pointer to the allocated area on success, NULL on failure. - */ - static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long= size, -+ unsigned long align) __size_overflow(2); -+static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long= size, - unsigned long align) - { - const unsigned long goal =3D __pa(MAX_DMA_ADDRESS); -@@ -124,6 +124,8 @@ static void * __init pcpu_alloc_bootmem(unsigned int= cpu, unsigned long size, - /* - * Helpers for first chunk memory allocation - */ -+static void * __init pcpu_fc_alloc(unsigned int cpu, size_t size, size_= t align) __size_overflow(2); -+ - static void * __init pcpu_fc_alloc(unsigned int cpu, size_t size, size_= t align) - { - return pcpu_alloc_bootmem(cpu, size, align); -@@ -155,10 +157,10 @@ static inline void setup_percpu_segment(int cpu) +@@ -155,10 +153,10 @@ static inline void setup_percpu_segment(int cpu) { #ifdef CONFIG_X86_32 struct desc_struct gdt; @@ -18626,7 +18372,7 @@ index 71f4727..217419b 100644 write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S); #endif -@@ -207,6 +209,11 @@ void __init setup_per_cpu_areas(void) +@@ -207,6 +205,11 @@ void __init setup_per_cpu_areas(void) /* alrighty, percpu areas up and running */ delta =3D (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_sta= rt; for_each_possible_cpu(cpu) { @@ -18638,7 +18384,7 @@ index 71f4727..217419b 100644 per_cpu_offset(cpu) =3D delta + pcpu_unit_offsets[cpu]; per_cpu(this_cpu_off, cpu) =3D per_cpu_offset(cpu); per_cpu(cpu_number, cpu) =3D cpu; -@@ -247,6 +254,12 @@ void __init setup_per_cpu_areas(void) +@@ -247,6 +250,12 @@ void __init setup_per_cpu_areas(void) */ set_cpu_numa_node(cpu, early_cpu_to_node(cpu)); #endif @@ -18652,7 +18398,7 @@ index 71f4727..217419b 100644 * Up to this point, the boot CPU has been using .init.data * area. Reload any changed state for the boot CPU. diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c -index 54ddaeb2..22c3bdc 100644 +index 46a01bd..2e88e6d 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c @@ -198,7 +198,7 @@ static unsigned long align_sigframe(unsigned long sp= ) @@ -18720,7 +18466,7 @@ index 54ddaeb2..22c3bdc 100644 } put_user_catch(err); =20 if (err) -@@ -769,7 +772,7 @@ static void do_signal(struct pt_regs *regs) +@@ -765,7 +768,7 @@ static void do_signal(struct pt_regs *regs) * X86_32: vm86 regs switched out by assembly code before reaching * here, so testing against kernel CS suffices. */ @@ -18730,10 +18476,10 @@ index 54ddaeb2..22c3bdc 100644 =20 signr =3D get_signal_to_deliver(&info, &ka, regs, NULL); diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index 9f548cb..caf76f7 100644 +index 66d250c..f1b10bd 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c -@@ -709,17 +709,20 @@ static int __cpuinit do_boot_cpu(int apicid, int c= pu) +@@ -715,17 +715,20 @@ static int __cpuinit do_boot_cpu(int apicid, int c= pu) set_idle_for_cpu(cpu, c_idle.idle); do_rest: per_cpu(current_task, cpu) =3D c_idle.idle; @@ -18757,7 +18503,7 @@ index 9f548cb..caf76f7 100644 initial_code =3D (unsigned long)start_secondary; stack_start =3D c_idle.idle->thread.sp; =20 -@@ -861,6 +864,12 @@ int __cpuinit native_cpu_up(unsigned int cpu) +@@ -868,6 +871,12 @@ int __cpuinit native_cpu_up(unsigned int cpu) =20 per_cpu(cpu_state, cpu) =3D CPU_UP_PREPARE; =20 @@ -19189,15 +18935,6 @@ index 0514890..3dbebce 100644 mm->cached_hole_size =3D ~0UL; =20 return addr; -diff --git a/arch/x86/kernel/syscall_table_32.S b/arch/x86/kernel/syscal= l_table_32.S -index 9a0e312..e6f66f2 100644 ---- a/arch/x86/kernel/syscall_table_32.S -+++ b/arch/x86/kernel/syscall_table_32.S -@@ -1,3 +1,4 @@ -+.section .rodata,"a",@progbits - ENTRY(sys_call_table) - .long sys_restart_syscall /* 0 - old "setup()" system call, used for r= estarting */ - .long sys_exit diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c index e2410e2..4fe3fbc 100644 --- a/arch/x86/kernel/tboot.c @@ -19300,18 +19037,6 @@ index 6bb7b85..dd853e1 100644 set_tls_desc(p, idx, &info, 1); =20 return 0; -diff --git a/arch/x86/kernel/tls.h b/arch/x86/kernel/tls.h -index 2f083a2..7d3fecc 100644 ---- a/arch/x86/kernel/tls.h -+++ b/arch/x86/kernel/tls.h -@@ -16,6 +16,6 @@ -=20 - extern user_regset_active_fn regset_tls_active; - extern user_regset_get_fn regset_tls_get; --extern user_regset_set_fn regset_tls_set; -+extern user_regset_set_fn regset_tls_set __size_overflow(4); -=20 - #endif /* _ARCH_X86_KERNEL_TLS_H */ diff --git a/arch/x86/kernel/trampoline_32.S b/arch/x86/kernel/trampolin= e_32.S index 451c0a7..e57f551 100644 --- a/arch/x86/kernel/trampoline_32.S @@ -19361,7 +19086,7 @@ index 09ff517..df19fbff 100644 .short 0 .quad 0x00cf9b000000ffff # __KERNEL32_CS diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index 31d9d0f..e244dd9 100644 +index 4bbe04d..41d0943 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -70,12 +70,6 @@ asmlinkage int system_call(void); @@ -19479,7 +19204,7 @@ index 31d9d0f..e244dd9 100644 die("general protection fault", regs, error_code); } =20 -@@ -414,7 +443,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs= *regs, long error_code) +@@ -421,7 +450,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs= *regs, long error_code) /* It's safe to allow irq's after DR6 has been saved */ preempt_conditional_sti(regs); =20 @@ -19488,7 +19213,7 @@ index 31d9d0f..e244dd9 100644 handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, 1); preempt_conditional_cli(regs); -@@ -428,7 +457,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs= *regs, long error_code) +@@ -436,7 +465,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs= *regs, long error_code) * We already checked v86 mode above, so we can check for kernel mode * by just checking the CPL of CS. */ @@ -19497,7 +19222,7 @@ index 31d9d0f..e244dd9 100644 tsk->thread.debugreg6 &=3D ~DR_STEP; set_tsk_thread_flag(tsk, TIF_SINGLESTEP); regs->flags &=3D ~X86_EFLAGS_TF; -@@ -457,7 +486,7 @@ void math_error(struct pt_regs *regs, int error_code= , int trapnr) +@@ -466,7 +495,7 @@ void math_error(struct pt_regs *regs, int error_code= , int trapnr) return; conditional_sti(regs); =20 @@ -19506,17 +19231,6 @@ index 31d9d0f..e244dd9 100644 { if (!fixup_exception(regs)) { task->thread.error_code =3D error_code; -@@ -569,8 +598,8 @@ asmlinkage void __attribute__((weak)) smp_threshold_= interrupt(void) - void __math_state_restore(struct task_struct *tsk) - { - /* We need a safe address that is cheap to find and that is already -- in L1. We've just brought in "tsk->thread.has_fpu", so use that */ --#define safe_address (tsk->thread.has_fpu) -+ in L1. */ -+#define safe_address (init_tss[smp_processor_id()].x86_tss.sp0) -=20 - /* AMD K7/K8 CPUs don't save/restore FDP/FIP/FOP unless an exception - is pending. Clear the x87 state here by setting it to fixed diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S index b9242ba..50c5edd 100644 --- a/arch/x86/kernel/verify_cpu.S @@ -19530,7 +19244,7 @@ index b9242ba..50c5edd 100644 * verify_cpu, returns the status of longmode and SSE in register %eax. * 0: Success 1: Failure diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c -index 863f875..4307295 100644 +index b466cab..a0df083 100644 --- a/arch/x86/kernel/vm86_32.c +++ b/arch/x86/kernel/vm86_32.c @@ -41,6 +41,7 @@ @@ -19588,7 +19302,7 @@ index 863f875..4307295 100644 tsk->thread.sp0 =3D (unsigned long) &info->VM86_TSS_ESP0; if (cpu_has_sep) tsk->thread.sysenter_cs =3D 0; -@@ -529,7 +545,7 @@ static void do_int(struct kernel_vm86_regs *regs, in= t i, +@@ -531,7 +547,7 @@ static void do_int(struct kernel_vm86_regs *regs, in= t i, goto cannot_handle; if (i =3D=3D 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored)= ) goto cannot_handle; @@ -19862,14 +19576,14 @@ index 0f703f1..9e15f64 100644 =20 #ifdef CONFIG_SMP diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64= .c -index e4d4a22..47ee71f 100644 +index b07ba93..a212969 100644 --- a/arch/x86/kernel/vsyscall_64.c +++ b/arch/x86/kernel/vsyscall_64.c @@ -57,15 +57,13 @@ DEFINE_VVAR(struct vsyscall_gtod_data, vsyscall_gtod= _data) =3D .lock =3D __SEQLOCK_UNLOCKED(__vsyscall_gtod_data.lock), }; =20 --static enum { EMULATE, NATIVE, NONE } vsyscall_mode =3D NATIVE; +-static enum { EMULATE, NATIVE, NONE } vsyscall_mode =3D EMULATE; +static enum { EMULATE, NONE } vsyscall_mode =3D EMULATE; =20 static int __init vsyscall_setup(char *str) @@ -19882,16 +19596,16 @@ index e4d4a22..47ee71f 100644 else if (!strcmp("none", str)) vsyscall_mode =3D NONE; else -@@ -178,7 +176,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned= long address) +@@ -207,7 +205,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned= long address) =20 tsk =3D current; if (seccomp_mode(&tsk->seccomp)) - do_exit(SIGKILL); + do_group_exit(SIGKILL); =20 - switch (vsyscall_nr) { - case 0: -@@ -220,8 +218,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned= long address) + /* + * With a real vsyscall, page faults cause SIGSEGV. We want to +@@ -279,8 +277,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned= long address) return true; =20 sigsegv: @@ -19901,7 +19615,7 @@ index e4d4a22..47ee71f 100644 } =20 /* -@@ -274,10 +271,7 @@ void __init map_vsyscall(void) +@@ -333,10 +330,7 @@ void __init map_vsyscall(void) extern char __vvar_page; unsigned long physaddr_vvar_page =3D __pa_symbol(&__vvar_page); =20 @@ -19957,11 +19671,62 @@ index 7110911..e8cdee5 100644 buf); if (unlikely(err)) { /* +diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c +index 89b02bf..0f6511d 100644 +--- a/arch/x86/kvm/cpuid.c ++++ b/arch/x86/kvm/cpuid.c +@@ -124,15 +124,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcp= u, + struct kvm_cpuid2 *cpuid, + struct kvm_cpuid_entry2 __user *entries) + { +- int r; ++ int r, i; +=20 + r =3D -E2BIG; + if (cpuid->nent > KVM_MAX_CPUID_ENTRIES) + goto out; + r =3D -EFAULT; +- if (copy_from_user(&vcpu->arch.cpuid_entries, entries, +- cpuid->nent * sizeof(struct kvm_cpuid_entry2))) ++ if (!access_ok(VERIFY_READ, entries, cpuid->nent * sizeof(struct kvm_c= puid_entry2))) + goto out; ++ for (i =3D 0; i < cpuid->nent; ++i) { ++ struct kvm_cpuid_entry2 cpuid_entry; ++ if (__copy_from_user(&cpuid_entry, entries + i, sizeof(cpuid_entry))) ++ goto out; ++ vcpu->arch.cpuid_entries[i] =3D cpuid_entry; ++ } + vcpu->arch.cpuid_nent =3D cpuid->nent; + kvm_apic_set_version(vcpu); + kvm_x86_ops->cpuid_update(vcpu); +@@ -147,15 +152,19 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcp= u, + struct kvm_cpuid2 *cpuid, + struct kvm_cpuid_entry2 __user *entries) + { +- int r; ++ int r, i; +=20 + r =3D -E2BIG; + if (cpuid->nent < vcpu->arch.cpuid_nent) + goto out; + r =3D -EFAULT; +- if (copy_to_user(entries, &vcpu->arch.cpuid_entries, +- vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2))) ++ if (!access_ok(VERIFY_WRITE, entries, vcpu->arch.cpuid_nent * sizeof(s= truct kvm_cpuid_entry2))) + goto out; ++ for (i =3D 0; i < vcpu->arch.cpuid_nent; ++i) { ++ struct kvm_cpuid_entry2 cpuid_entry =3D vcpu->arch.cpuid_entries[i]; ++ if (__copy_to_user(entries + i, &cpuid_entry, sizeof(cpuid_entry))) ++ goto out; ++ } + return 0; +=20 + out: diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index f1e3be18..588efc8 100644 +index 0982507..7f6d72f 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c -@@ -249,6 +249,7 @@ struct gprefix { +@@ -250,6 +250,7 @@ struct gprefix { =20 #define ____emulate_2op(ctxt, _op, _x, _y, _suffix, _dsttype) \ do { \ @@ -19969,7 +19734,7 @@ index f1e3be18..588efc8 100644 __asm__ __volatile__ ( \ _PRE_EFLAGS("0", "4", "2") \ _op _suffix " %"_x"3,%1; " \ -@@ -263,8 +264,6 @@ struct gprefix { +@@ -264,8 +265,6 @@ struct gprefix { /* Raw emulation: instruction has two explicit operands. */ #define __emulate_2op_nobyte(ctxt,_op,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -19978,7 +19743,7 @@ index f1e3be18..588efc8 100644 switch ((ctxt)->dst.bytes) { \ case 2: \ ____emulate_2op(ctxt,_op,_wx,_wy,"w",u16); \ -@@ -280,7 +279,6 @@ struct gprefix { +@@ -281,7 +280,6 @@ struct gprefix { =20 #define __emulate_2op(ctxt,_op,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -19987,10 +19752,10 @@ index f1e3be18..588efc8 100644 case 1: \ ____emulate_2op(ctxt,_op,_bx,_by,"b",u8); \ diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 54abb40..a192606 100644 +index cfdc6e0..ab92e84 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c -@@ -53,7 +53,7 @@ +@@ -54,7 +54,7 @@ #define APIC_BUS_CYCLE_NS 1 =20 /* #define apic_debug(fmt,arg...) printk(KERN_WARNING fmt,##arg) */ @@ -19999,30 +19764,8 @@ index 54abb40..a192606 100644 =20 #define APIC_LVT_NUM 6 /* 14 is the version for Xeon and Pentium 8.4.8*/ -diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c -index f1b36cf..af8a124 100644 ---- a/arch/x86/kvm/mmu.c -+++ b/arch/x86/kvm/mmu.c -@@ -3555,7 +3555,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_= t gpa, -=20 - pgprintk("%s: gpa %llx bytes %d\n", __func__, gpa, bytes); -=20 -- invlpg_counter =3D atomic_read(&vcpu->kvm->arch.invlpg_counter); -+ invlpg_counter =3D atomic_read_unchecked(&vcpu->kvm->arch.invlpg_count= er); -=20 - /* - * Assume that the pte write on a page table of the same type -@@ -3587,7 +3587,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_= t gpa, - } -=20 - spin_lock(&vcpu->kvm->mmu_lock); -- if (atomic_read(&vcpu->kvm->arch.invlpg_counter) !=3D invlpg_counter) -+ if (atomic_read_unchecked(&vcpu->kvm->arch.invlpg_counter) !=3D invlpg= _counter) - gentry =3D 0; - kvm_mmu_free_some_pages(vcpu); - ++vcpu->kvm->stat.mmu_pte_write; diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h -index 9299410..ade2f9b 100644 +index 1561028..0ed7f14 100644 --- a/arch/x86/kvm/paging_tmpl.h +++ b/arch/x86/kvm/paging_tmpl.h @@ -197,7 +197,7 @@ retry_walk: @@ -20034,28 +19777,11 @@ index 9299410..ade2f9b 100644 if (unlikely(__copy_from_user(&pte, ptep_user, sizeof(pte)))) goto error; =20 -@@ -705,7 +705,7 @@ static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva= _t gva) - if (need_flush) - kvm_flush_remote_tlbs(vcpu->kvm); -=20 -- atomic_inc(&vcpu->kvm->arch.invlpg_counter); -+ atomic_inc_unchecked(&vcpu->kvm->arch.invlpg_counter); -=20 - spin_unlock(&vcpu->kvm->mmu_lock); -=20 diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index 94a4672..1700ed1 100644 +index e385214..f8df033 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -3037,6 +3037,7 @@ static int svm_set_vm_cr(struct kvm_vcpu *vcpu, u6= 4 data) - return 0; - } -=20 -+static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) _= _size_overflow(3); - static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) - { - struct vcpu_svm *svm =3D to_svm(vcpu); -@@ -3405,7 +3406,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -3420,7 +3420,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu =3D raw_smp_processor_id(); =20 struct svm_cpu_data *sd =3D per_cpu(svm_data, cpu); @@ -20067,7 +19793,7 @@ index 94a4672..1700ed1 100644 load_TR_desc(); } =20 -@@ -3783,6 +3788,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) +@@ -3798,6 +3802,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) #endif #endif =20 @@ -20079,10 +19805,10 @@ index 94a4672..1700ed1 100644 =20 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 4ea7678..c715f2f 100644 +index 3b4c8d8..f457b63 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -1305,7 +1305,11 @@ static void reload_tss(void) +@@ -1306,7 +1306,11 @@ static void reload_tss(void) struct desc_struct *descs; =20 descs =3D (void *)gdt->address; @@ -20094,15 +19820,7 @@ index 4ea7678..c715f2f 100644 load_TR_desc(); } =20 -@@ -2163,6 +2167,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 = msr_index, u64 *pdata) - * Returns 0 on success, non-0 otherwise. - * Assumes vcpu_load() was already called. - */ -+static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data) = __size_overflow(3); - static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data) - { - struct vcpu_vmx *vmx =3D to_vmx(vcpu); -@@ -2633,8 +2638,11 @@ static __init int hardware_setup(void) +@@ -2631,8 +2635,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled =3D 0; =20 @@ -20116,7 +19834,7 @@ index 4ea7678..c715f2f 100644 =20 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3648,7 +3656,7 @@ static void vmx_set_constant_host_state(void) +@@ -3648,7 +3655,7 @@ static void vmx_set_constant_host_state(void) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ =20 asm("mov $.Lkvm_vmx_return, %0" : "=3Dr"(tmpl)); @@ -20125,7 +19843,7 @@ index 4ea7678..c715f2f 100644 =20 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6169,6 +6177,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcp= u *vcpu) +@@ -6184,6 +6191,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcp= u *vcpu) "jmp .Lkvm_vmx_return \n\t" ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t" ".Lkvm_vmx_return: " @@ -20138,7 +19856,7 @@ index 4ea7678..c715f2f 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%"R"sp) \n\t" "pop %0 \n\t" -@@ -6217,6 +6231,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcp= u *vcpu) +@@ -6232,6 +6245,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcp= u *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -20150,7 +19868,7 @@ index 4ea7678..c715f2f 100644 : "cc", "memory" , R"ax", R"bx", R"di", R"si" #ifdef CONFIG_X86_64 -@@ -6245,7 +6264,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcp= u *vcpu) +@@ -6260,7 +6278,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcp= u *vcpu) } } =20 @@ -20169,18 +19887,10 @@ index 4ea7678..c715f2f 100644 =20 vmx->exit_reason =3D vmcs_read32(VM_EXIT_REASON); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 4c938da..6cd8090 100644 +index 9cbfc06..7ddc9fa 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -907,6 +907,7 @@ static int do_set_msr(struct kvm_vcpu *vcpu, unsigne= d index, u64 *data) - return kvm_set_msr(vcpu, index, *data); - } -=20 -+static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock) __s= ize_overflow(2); - static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock) - { - int version; -@@ -1345,8 +1346,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u= 64 data) +@@ -1311,8 +1311,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u= 64 data) { struct kvm *kvm =3D vcpu->kvm; int lm =3D is_long_mode(vcpu); @@ -20191,7 +19901,7 @@ index 4c938da..6cd8090 100644 u8 blob_size =3D lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num =3D data & ~PAGE_MASK; -@@ -2165,6 +2166,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2145,6 +2145,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r =3D -EFAULT; @@ -20200,54 +19910,7 @@ index 4c938da..6cd8090 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -2340,15 +2343,20 @@ static int kvm_vcpu_ioctl_set_cpuid2(struct kvm_= vcpu *vcpu, - struct kvm_cpuid2 *cpuid, - struct kvm_cpuid_entry2 __user *entries) - { -- int r; -+ int r, i; -=20 - r =3D -E2BIG; - if (cpuid->nent > KVM_MAX_CPUID_ENTRIES) - goto out; - r =3D -EFAULT; -- if (copy_from_user(&vcpu->arch.cpuid_entries, entries, -- cpuid->nent * sizeof(struct kvm_cpuid_entry2))) -+ if (!access_ok(VERIFY_READ, entries, cpuid->nent * sizeof(struct kvm_c= puid_entry2))) - goto out; -+ for (i =3D 0; i < cpuid->nent; ++i) { -+ struct kvm_cpuid_entry2 cpuid_entry; -+ if (__copy_from_user(&cpuid_entry, entries + i, sizeof(cpuid_entry))) -+ goto out; -+ vcpu->arch.cpuid_entries[i] =3D cpuid_entry; -+ } - vcpu->arch.cpuid_nent =3D cpuid->nent; - kvm_apic_set_version(vcpu); - kvm_x86_ops->cpuid_update(vcpu); -@@ -2363,15 +2371,19 @@ static int kvm_vcpu_ioctl_get_cpuid2(struct kvm_= vcpu *vcpu, - struct kvm_cpuid2 *cpuid, - struct kvm_cpuid_entry2 __user *entries) - { -- int r; -+ int r, i; -=20 - r =3D -E2BIG; - if (cpuid->nent < vcpu->arch.cpuid_nent) - goto out; - r =3D -EFAULT; -- if (copy_to_user(entries, &vcpu->arch.cpuid_entries, -- vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2))) -+ if (!access_ok(VERIFY_WRITE, entries, vcpu->arch.cpuid_nent * sizeof(s= truct kvm_cpuid_entry2))) - goto out; -+ for (i =3D 0; i < vcpu->arch.cpuid_nent; ++i) { -+ struct kvm_cpuid_entry2 cpuid_entry =3D vcpu->arch.cpuid_entries[i]; -+ if (__copy_to_user(entries + i, &cpuid_entry, sizeof(cpuid_entry))) -+ goto out; -+ } - return 0; -=20 - out: -@@ -2746,7 +2758,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcp= u *vcpu, +@@ -2266,7 +2268,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcp= u *vcpu, static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, struct kvm_interrupt *irq) { @@ -20256,67 +19919,7 @@ index 4c938da..6cd8090 100644 return -EINVAL; if (irqchip_in_kernel(vcpu->kvm)) return -ENXIO; -@@ -3949,6 +3961,9 @@ gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *v= cpu, gva_t gva, -=20 - static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned i= nt bytes, - struct kvm_vcpu *vcpu, u32 access, -+ struct x86_exception *exception) __size_overflow(1,3); -+static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned i= nt bytes, -+ struct kvm_vcpu *vcpu, u32 access, - struct x86_exception *exception) - { - void *data =3D val; -@@ -3980,6 +3995,9 @@ out: - /* used for instruction fetching */ - static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt, - gva_t addr, void *val, unsigned int bytes, -+ struct x86_exception *exception) __size_overflow(2,4); -+static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt, -+ gva_t addr, void *val, unsigned int bytes, - struct x86_exception *exception) - { - struct kvm_vcpu *vcpu =3D emul_to_vcpu(ctxt); -@@ -4004,6 +4022,9 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_virt); -=20 - static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt, - gva_t addr, void *val, unsigned int bytes, -+ struct x86_exception *exception) __size_overflow(2,4); -+static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt, -+ gva_t addr, void *val, unsigned int bytes, - struct x86_exception *exception) - { - struct kvm_vcpu *vcpu =3D emul_to_vcpu(ctxt); -@@ -4117,12 +4138,16 @@ static int read_prepare(struct kvm_vcpu *vcpu, v= oid *val, int bytes) - } -=20 - static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, -+ void *val, int bytes) __size_overflow(2); -+static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, - void *val, int bytes) - { - return !kvm_read_guest(vcpu->kvm, gpa, val, bytes); - } -=20 - static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, -+ void *val, int bytes) __size_overflow(2); -+static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, - void *val, int bytes) - { - return emulator_write_phys(vcpu, gpa, val, bytes); -@@ -4273,6 +4298,12 @@ static int emulator_cmpxchg_emulated(struct x86_e= mulate_ctxt *ctxt, - const void *old, - const void *new, - unsigned int bytes, -+ struct x86_exception *exception) __size_overflow(5); -+static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt, -+ unsigned long addr, -+ const void *old, -+ const void *new, -+ unsigned int bytes, - struct x86_exception *exception) - { - struct kvm_vcpu *vcpu =3D emul_to_vcpu(ctxt); -@@ -5162,7 +5193,7 @@ static void kvm_set_mmio_spte_mask(void) +@@ -4780,7 +4782,7 @@ static void kvm_set_mmio_spte_mask(void) kvm_mmu_set_mmio_spte_mask(mask); } =20 @@ -20325,28 +19928,11 @@ index 4c938da..6cd8090 100644 { int r; struct kvm_x86_ops *ops =3D (struct kvm_x86_ops *)opaque; -diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h -index d36fe23..a4b189f 100644 ---- a/arch/x86/kvm/x86.h -+++ b/arch/x86/kvm/x86.h -@@ -119,10 +119,10 @@ void kvm_write_tsc(struct kvm_vcpu *vcpu, u64 data= ); -=20 - int kvm_read_guest_virt(struct x86_emulate_ctxt *ctxt, - gva_t addr, void *val, unsigned int bytes, -- struct x86_exception *exception); -+ struct x86_exception *exception) __size_overflow(2,4); -=20 - int kvm_write_guest_virt_system(struct x86_emulate_ctxt *ctxt, - gva_t addr, void *val, unsigned int bytes, -- struct x86_exception *exception); -+ struct x86_exception *exception) __size_overflow(2,4); -=20 - #endif diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c -index cf4603b..7cdde38 100644 +index 642d880..44e0f3f 100644 --- a/arch/x86/lguest/boot.c +++ b/arch/x86/lguest/boot.c -@@ -1195,9 +1195,10 @@ static __init int early_put_chars(u32 vtermno, co= nst char *buf, int count) +@@ -1200,9 +1200,10 @@ static __init int early_put_chars(u32 vtermno, co= nst char *buf, int count) * Rebooting also tells the Host we're finished, but the RESTART flag t= ells the * Launcher to reboot us. */ @@ -21661,7 +21247,7 @@ index 51f1504..ddac4c1 100644 CFI_ENDPROC END(bad_get_user) diff --git a/arch/x86/lib/insn.c b/arch/x86/lib/insn.c -index 374562e..a75830b 100644 +index 5a1f9f3..ba9f577 100644 --- a/arch/x86/lib/insn.c +++ b/arch/x86/lib/insn.c @@ -21,6 +21,11 @@ @@ -22615,7 +22201,7 @@ index a63efd6..ccecad8 100644 ret CFI_ENDPROC diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c -index e218d5d..a99a1eb 100644 +index e218d5d..35679b4 100644 --- a/arch/x86/lib/usercopy_32.c +++ b/arch/x86/lib/usercopy_32.c @@ -43,7 +43,7 @@ do { \ @@ -22718,7 +22304,7 @@ index e218d5d..a99a1eb 100644 " addl $-64, %0\n" " addl $64, %4\n" " addl $64, %3\n" -@@ -278,10 +282,12 @@ __copy_user_intel(void __user *to, const void *fro= m, unsigned long size) +@@ -278,10 +282,119 @@ __copy_user_intel(void __user *to, const void *fr= om, unsigned long size) " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -22728,13 +22314,58 @@ index e218d5d..a99a1eb 100644 "37: rep; movsb\n" "100:\n" + __COPYUSER_RESTORE_ES - ".section .fixup,\"ax\"\n" - "101: lea 0(%%eax,%0,4),%0\n" - " jmp 100b\n" -@@ -334,46 +340,155 @@ __copy_user_intel(void __user *to, const void *fr= om, unsigned long size) - } -=20 - static unsigned long ++ ".section .fixup,\"ax\"\n" ++ "101: lea 0(%%eax,%0,4),%0\n" ++ " jmp 100b\n" ++ ".previous\n" ++ ".section __ex_table,\"a\"\n" ++ " .align 4\n" ++ " .long 1b,100b\n" ++ " .long 2b,100b\n" ++ " .long 3b,100b\n" ++ " .long 4b,100b\n" ++ " .long 5b,100b\n" ++ " .long 6b,100b\n" ++ " .long 7b,100b\n" ++ " .long 8b,100b\n" ++ " .long 9b,100b\n" ++ " .long 10b,100b\n" ++ " .long 11b,100b\n" ++ " .long 12b,100b\n" ++ " .long 13b,100b\n" ++ " .long 14b,100b\n" ++ " .long 15b,100b\n" ++ " .long 16b,100b\n" ++ " .long 17b,100b\n" ++ " .long 18b,100b\n" ++ " .long 19b,100b\n" ++ " .long 20b,100b\n" ++ " .long 21b,100b\n" ++ " .long 22b,100b\n" ++ " .long 23b,100b\n" ++ " .long 24b,100b\n" ++ " .long 25b,100b\n" ++ " .long 26b,100b\n" ++ " .long 27b,100b\n" ++ " .long 28b,100b\n" ++ " .long 29b,100b\n" ++ " .long 30b,100b\n" ++ " .long 31b,100b\n" ++ " .long 32b,100b\n" ++ " .long 33b,100b\n" ++ " .long 34b,100b\n" ++ " .long 35b,100b\n" ++ " .long 36b,100b\n" ++ " .long 37b,100b\n" ++ " .long 99b,101b\n" ++ ".previous" ++ : "=3D&c"(size), "=3D&D" (d0), "=3D&S" (d1) ++ : "1"(to), "2"(from), "0"(size) ++ : "eax", "edx", "memory"); ++ return size; ++} ++ ++static unsigned long +__generic_copy_from_user_intel(void *to, const void __user *from, unsig= ned long size) +{ + int d0, d1; @@ -22790,62 +22421,10 @@ index e218d5d..a99a1eb 100644 + "36: movl %%eax, %0\n" + "37: rep; "__copyuser_seg" movsb\n" + "100:\n" -+ ".section .fixup,\"ax\"\n" -+ "101: lea 0(%%eax,%0,4),%0\n" -+ " jmp 100b\n" -+ ".previous\n" -+ ".section __ex_table,\"a\"\n" -+ " .align 4\n" -+ " .long 1b,100b\n" -+ " .long 2b,100b\n" -+ " .long 3b,100b\n" -+ " .long 4b,100b\n" -+ " .long 5b,100b\n" -+ " .long 6b,100b\n" -+ " .long 7b,100b\n" -+ " .long 8b,100b\n" -+ " .long 9b,100b\n" -+ " .long 10b,100b\n" -+ " .long 11b,100b\n" -+ " .long 12b,100b\n" -+ " .long 13b,100b\n" -+ " .long 14b,100b\n" -+ " .long 15b,100b\n" -+ " .long 16b,100b\n" -+ " .long 17b,100b\n" -+ " .long 18b,100b\n" -+ " .long 19b,100b\n" -+ " .long 20b,100b\n" -+ " .long 21b,100b\n" -+ " .long 22b,100b\n" -+ " .long 23b,100b\n" -+ " .long 24b,100b\n" -+ " .long 25b,100b\n" -+ " .long 26b,100b\n" -+ " .long 27b,100b\n" -+ " .long 28b,100b\n" -+ " .long 29b,100b\n" -+ " .long 30b,100b\n" -+ " .long 31b,100b\n" -+ " .long 32b,100b\n" -+ " .long 33b,100b\n" -+ " .long 34b,100b\n" -+ " .long 35b,100b\n" -+ " .long 36b,100b\n" -+ " .long 37b,100b\n" -+ " .long 99b,101b\n" -+ ".previous" -+ : "=3D&c"(size), "=3D&D" (d0), "=3D&S" (d1) -+ : "1"(to), "2"(from), "0"(size) -+ : "eax", "edx", "memory"); -+ return size; -+} -+ -+static unsigned long -+__copy_user_zeroing_intel(void *to, const void __user *from, unsigned l= ong size) __size_overflow(3); -+static unsigned long - __copy_user_zeroing_intel(void *to, const void __user *from, unsigned l= ong size) - { + ".section .fixup,\"ax\"\n" + "101: lea 0(%%eax,%0,4),%0\n" + " jmp 100b\n" +@@ -339,41 +452,41 @@ __copy_user_zeroing_intel(void *to, const void __u= ser *from, unsigned long size) int d0, d1; __asm__ __volatile__( " .align 2,0x90\n" @@ -22905,7 +22484,7 @@ index e218d5d..a99a1eb 100644 " movl %%eax, 56(%3)\n" " movl %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -385,9 +500,9 @@ __copy_user_zeroing_intel(void *to, const void __use= r *from, unsigned long size) +@@ -385,9 +498,9 @@ __copy_user_zeroing_intel(void *to, const void __use= r *from, unsigned long size) " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -22917,15 +22496,7 @@ index e218d5d..a99a1eb 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -434,47 +549,49 @@ __copy_user_zeroing_intel(void *to, const void __u= ser *from, unsigned long size) - */ -=20 - static unsigned long __copy_user_zeroing_intel_nocache(void *to, -+ const void __user *from, unsigned long size) __size_overflow(3); -+static unsigned long __copy_user_zeroing_intel_nocache(void *to, - const void __user *from, unsigned long size) - { - int d0, d1; +@@ -440,41 +553,41 @@ static unsigned long __copy_user_zeroing_intel_noc= ache(void *to, =20 __asm__ __volatile__( " .align 2,0x90\n" @@ -22985,7 +22556,7 @@ index e218d5d..a99a1eb 100644 " movnti %%eax, 56(%3)\n" " movnti %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -487,9 +604,9 @@ static unsigned long __copy_user_zeroing_intel_nocac= he(void *to, +@@ -487,9 +600,9 @@ static unsigned long __copy_user_zeroing_intel_nocac= he(void *to, " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -22997,15 +22568,7 @@ index e218d5d..a99a1eb 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -531,47 +648,49 @@ static unsigned long __copy_user_zeroing_intel_noc= ache(void *to, - } -=20 - static unsigned long __copy_user_intel_nocache(void *to, -+ const void __user *from, unsigned long size) __size_overflow(3); -+static unsigned long __copy_user_intel_nocache(void *to, - const void __user *from, unsigned long size) - { - int d0, d1; +@@ -537,41 +650,41 @@ static unsigned long __copy_user_intel_nocache(voi= d *to, =20 __asm__ __volatile__( " .align 2,0x90\n" @@ -23065,7 +22628,7 @@ index e218d5d..a99a1eb 100644 " movnti %%eax, 56(%3)\n" " movnti %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -584,9 +703,9 @@ static unsigned long __copy_user_intel_nocache(void = *to, +@@ -584,9 +697,9 @@ static unsigned long __copy_user_intel_nocache(void = *to, " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -23077,7 +22640,7 @@ index e218d5d..a99a1eb 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -629,32 +748,36 @@ static unsigned long __copy_user_intel_nocache(voi= d *to, +@@ -629,32 +742,36 @@ static unsigned long __copy_user_intel_nocache(voi= d *to, */ unsigned long __copy_user_zeroing_intel(void *to, const void __user *fr= om, unsigned long size); @@ -23119,7 +22682,7 @@ index e218d5d..a99a1eb 100644 ".section .fixup,\"ax\"\n" \ "5: addl %3,%0\n" \ " jmp 2b\n" \ -@@ -682,14 +805,14 @@ do { \ +@@ -682,14 +799,14 @@ do { \ " negl %0\n" \ " andl $7,%0\n" \ " subl %0,%3\n" \ @@ -23137,7 +22700,7 @@ index e218d5d..a99a1eb 100644 "2:\n" \ ".section .fixup,\"ax\"\n" \ "5: addl %3,%0\n" \ -@@ -775,9 +898,9 @@ survive: +@@ -775,9 +892,9 @@ survive: } #endif if (movsl_is_ok(to, from, n)) @@ -23149,7 +22712,7 @@ index e218d5d..a99a1eb 100644 return n; } EXPORT_SYMBOL(__copy_to_user_ll); -@@ -797,10 +920,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, = const void __user *from, +@@ -797,10 +914,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, = const void __user *from, unsigned long n) { if (movsl_is_ok(to, from, n)) @@ -23162,7 +22725,7 @@ index e218d5d..a99a1eb 100644 return n; } EXPORT_SYMBOL(__copy_from_user_ll_nozero); -@@ -827,65 +949,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(v= oid *to, const void __user *fr +@@ -827,65 +943,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(v= oid *to, const void __user *fr if (n > 64 && cpu_has_xmm2) n =3D __copy_user_intel_nocache(to, from, n); else @@ -23330,7 +22893,7 @@ index b7c2849..8633ad8 100644 char c; unsigned zero_len; diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c -index d0474ad..36e9257 100644 +index 1fb85db..8b3540b 100644 --- a/arch/x86/mm/extable.c +++ b/arch/x86/mm/extable.c @@ -8,7 +8,7 @@ int fixup_exception(struct pt_regs *regs) @@ -23343,7 +22906,7 @@ index d0474ad..36e9257 100644 extern u32 pnp_bios_is_utter_crap; pnp_bios_is_utter_crap =3D 1; diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 5db0490..2ddce45 100644 +index f0b4caf..d92fd42 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,11 +13,18 @@ @@ -23545,7 +23108,7 @@ index 5db0490..2ddce45 100644 printk(KERN_ALERT "BUG: unable to handle kernel "); if (address < PAGE_SIZE) printk(KERN_CONT "NULL pointer dereference"); -@@ -739,6 +820,21 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsign= ed long error_code, +@@ -748,6 +829,21 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsign= ed long error_code, } #endif =20 @@ -23567,7 +23130,7 @@ index 5db0490..2ddce45 100644 if (unlikely(show_unhandled_signals)) show_signal_msg(regs, error_code, address, tsk); =20 -@@ -835,7 +931,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_= code, unsigned long address, +@@ -844,7 +940,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_= code, unsigned long address, if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) { printk(KERN_ERR "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n", @@ -23576,7 +23139,7 @@ index 5db0490..2ddce45 100644 code =3D BUS_MCEERR_AR; } #endif -@@ -890,6 +986,99 @@ static int spurious_fault_check(unsigned long error= _code, pte_t *pte) +@@ -900,6 +996,99 @@ static int spurious_fault_check(unsigned long error= _code, pte_t *pte) return 1; } =20 @@ -23676,7 +23239,7 @@ index 5db0490..2ddce45 100644 /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -962,6 +1151,9 @@ int show_unhandled_signals =3D 1; +@@ -972,6 +1161,9 @@ int show_unhandled_signals =3D 1; static inline int access_error(unsigned long error_code, struct vm_area_struct *vma) { @@ -23686,7 +23249,7 @@ index 5db0490..2ddce45 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -995,18 +1187,32 @@ do_page_fault(struct pt_regs *regs, unsigned long= error_code) +@@ -1005,18 +1197,32 @@ do_page_fault(struct pt_regs *regs, unsigned lon= g error_code) { struct vm_area_struct *vma; struct task_struct *tsk; @@ -23724,7 +23287,7 @@ index 5db0490..2ddce45 100644 =20 /* * Detect and handle instructions that would cause a page fault for -@@ -1067,7 +1273,7 @@ do_page_fault(struct pt_regs *regs, unsigned long = error_code) +@@ -1077,7 +1283,7 @@ do_page_fault(struct pt_regs *regs, unsigned long = error_code) * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -23733,7 +23296,7 @@ index 5db0490..2ddce45 100644 local_irq_enable(); error_code |=3D PF_USER; } else { -@@ -1122,6 +1328,11 @@ retry: +@@ -1132,6 +1338,11 @@ retry: might_sleep(); } =20 @@ -23745,7 +23308,7 @@ index 5db0490..2ddce45 100644 vma =3D find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1133,18 +1344,24 @@ retry: +@@ -1143,18 +1354,24 @@ retry: bad_area(regs, error_code, address); return; } @@ -23781,7 +23344,7 @@ index 5db0490..2ddce45 100644 if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1199,3 +1416,292 @@ good_area: +@@ -1209,3 +1426,292 @@ good_area: =20 up_read(&mm->mmap_sem); } @@ -24104,7 +23667,7 @@ index f4f29b1..5cac4fb 100644 =20 return (void *)vaddr; diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index f581a18..29efd37 100644 +index 8ecbb4b..29efd37 100644 --- a/arch/x86/mm/hugetlbpage.c +++ b/arch/x86/mm/hugetlbpage.c @@ -266,13 +266,20 @@ static unsigned long hugetlb_get_unmapped_area_bot= tomup(struct file *file, @@ -24180,7 +23743,7 @@ index f581a18..29efd37 100644 =20 /* don't allow allocations above current base */ if (mm->free_area_cache > base) -@@ -321,64 +328,63 @@ static unsigned long hugetlb_get_unmapped_area_top= down(struct file *file, +@@ -321,66 +328,63 @@ static unsigned long hugetlb_get_unmapped_area_top= down(struct file *file, largest_hole =3D 0; mm->free_area_cache =3D base; } @@ -24200,13 +23763,15 @@ index f581a18..29efd37 100644 * Lookup failure means no vma is above this address, * i.e. return with success: - */ -- if (!(vma =3D find_vma_prev(mm, addr, &prev_vma))) +- vma =3D find_vma(mm, addr); +- if (!vma) - return addr; - - /* * new region fits between prev_vma->vm_end and * vma->vm_start, use it: */ +- prev_vma =3D vma->vm_prev; - if (addr + len <=3D vma->vm_start && - (!prev_vma || (addr >=3D prev_vma->vm_end))) { + if (check_heap_stack_gap(vma, addr, len)) { @@ -24275,7 +23840,7 @@ index f581a18..29efd37 100644 mm->cached_hole_size =3D ~0UL; addr =3D hugetlb_get_unmapped_area_bottomup(file, addr0, len, pgoff, flags); -@@ -386,6 +392,7 @@ fail: +@@ -388,6 +392,7 @@ fail: /* * Restore the topdown base: */ @@ -24283,7 +23848,7 @@ index f581a18..29efd37 100644 mm->free_area_cache =3D base; mm->cached_hole_size =3D ~0UL; =20 -@@ -399,10 +406,19 @@ hugetlb_get_unmapped_area(struct file *file, unsig= ned long addr, +@@ -401,10 +406,19 @@ hugetlb_get_unmapped_area(struct file *file, unsig= ned long addr, struct hstate *h =3D hstate_file(file); struct mm_struct *mm =3D current->mm; struct vm_area_struct *vma; @@ -24304,7 +23869,7 @@ index f581a18..29efd37 100644 return -ENOMEM; =20 if (flags & MAP_FIXED) { -@@ -414,8 +430,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigne= d long addr, +@@ -416,8 +430,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigne= d long addr, if (addr) { addr =3D ALIGN(addr, huge_page_size(h)); vma =3D find_vma(mm, addr); @@ -24315,18 +23880,18 @@ index f581a18..29efd37 100644 } if (mm->get_unmapped_area =3D=3D arch_get_unmapped_area) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c -index 87488b9..399f416 100644 +index 6cabf65..77e9c1c 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c -@@ -15,6 +15,7 @@ - #include +@@ -17,6 +17,7 @@ #include #include + #include /* for MAX_DMA_PFN */ +#include =20 unsigned long __initdata pgt_buf_start; unsigned long __meminitdata pgt_buf_end; -@@ -31,7 +32,7 @@ int direct_gbpages +@@ -33,7 +34,7 @@ int direct_gbpages static void __init find_early_table_space(unsigned long end, int use_ps= e, int use_gbpages) { @@ -24335,7 +23900,7 @@ index 87488b9..399f416 100644 phys_addr_t base; =20 puds =3D (end + PUD_SIZE - 1) >> PUD_SHIFT; -@@ -312,8 +313,29 @@ unsigned long __init_refok init_memory_mapping(unsi= gned long start, +@@ -314,8 +315,29 @@ unsigned long __init_refok init_memory_mapping(unsi= gned long start, */ int devmem_is_allowed(unsigned long pagenr) { @@ -24366,7 +23931,7 @@ index 87488b9..399f416 100644 if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) return 0; if (!page_is_ram(pagenr)) -@@ -372,6 +394,86 @@ void free_init_pages(char *what, unsigned long begi= n, unsigned long end) +@@ -374,6 +396,86 @@ void free_init_pages(char *what, unsigned long begi= n, unsigned long end) =20 void free_initmem(void) { @@ -24454,7 +24019,7 @@ index 87488b9..399f416 100644 (unsigned long)(&__init_begin), (unsigned long)(&__init_end)); diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c -index 29f7c6d..b46b35b 100644 +index 8663f6c..829ae76 100644 --- a/arch/x86/mm/init_32.c +++ b/arch/x86/mm/init_32.c @@ -74,36 +74,6 @@ static __init void *alloc_low_page(void) @@ -24647,7 +24212,7 @@ index 29f7c6d..b46b35b 100644 prot =3D PAGE_KERNEL_EXEC; =20 pages_4k++; -@@ -472,7 +473,7 @@ void __init native_pagetable_setup_start(pgd_t *base= ) +@@ -466,7 +467,7 @@ void __init native_pagetable_setup_start(pgd_t *base= ) =20 pud =3D pud_offset(pgd, va); pmd =3D pmd_offset(pud, va); @@ -24656,7 +24221,7 @@ index 29f7c6d..b46b35b 100644 break; =20 pte =3D pte_offset_kernel(pmd, va); -@@ -524,12 +525,10 @@ void __init early_ioremap_page_table_range_init(vo= id) +@@ -518,12 +519,10 @@ void __init early_ioremap_page_table_range_init(vo= id) =20 static void __init pagetable_init(void) { @@ -24671,7 +24236,7 @@ index 29f7c6d..b46b35b 100644 EXPORT_SYMBOL_GPL(__supported_pte_mask); =20 /* user-defined highmem size */ -@@ -757,6 +756,12 @@ void __init mem_init(void) +@@ -735,6 +734,12 @@ void __init mem_init(void) =20 pci_iommu_alloc(); =20 @@ -24684,8 +24249,8 @@ index 29f7c6d..b46b35b 100644 #ifdef CONFIG_FLATMEM BUG_ON(!mem_map); #endif -@@ -774,7 +779,7 @@ void __init mem_init(void) - set_highmem_pages_init(); +@@ -761,7 +766,7 @@ void __init mem_init(void) + reservedpages++; =20 codesize =3D (unsigned long) &_etext - (unsigned long) &_text; - datasize =3D (unsigned long) &_edata - (unsigned long) &_etext; @@ -24693,7 +24258,7 @@ index 29f7c6d..b46b35b 100644 initsize =3D (unsigned long) &__init_end - (unsigned long) &__init_be= gin; =20 printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, " -@@ -815,10 +820,10 @@ void __init mem_init(void) +@@ -802,10 +807,10 @@ void __init mem_init(void) ((unsigned long)&__init_end - (unsigned long)&__init_begin) >> 10, =20 @@ -24707,7 +24272,7 @@ index 29f7c6d..b46b35b 100644 ((unsigned long)&_etext - (unsigned long)&_text) >> 10); =20 /* -@@ -896,6 +901,7 @@ void set_kernel_text_rw(void) +@@ -883,6 +888,7 @@ void set_kernel_text_rw(void) if (!kernel_set_to_readonly) return; =20 @@ -24715,7 +24280,7 @@ index 29f7c6d..b46b35b 100644 pr_debug("Set kernel text: %lx - %lx for read write\n", start, start+size); =20 -@@ -910,6 +916,7 @@ void set_kernel_text_ro(void) +@@ -897,6 +903,7 @@ void set_kernel_text_ro(void) if (!kernel_set_to_readonly) return; =20 @@ -24723,7 +24288,7 @@ index 29f7c6d..b46b35b 100644 pr_debug("Set kernel text: %lx - %lx for read only\n", start, start+size); =20 -@@ -938,6 +945,7 @@ void mark_rodata_ro(void) +@@ -925,6 +932,7 @@ void mark_rodata_ro(void) unsigned long start =3D PFN_ALIGN(_text); unsigned long size =3D PFN_ALIGN(_etext) - start; =20 @@ -24732,7 +24297,7 @@ index 29f7c6d..b46b35b 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index bbaaa00..796fa65 100644 +index 436a030..b8596b9 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -75,7 +75,7 @@ early_param("gbpages", parse_direct_gbpages_on); @@ -24831,7 +24396,7 @@ index bbaaa00..796fa65 100644 adr =3D (void *)(((unsigned long)adr) | left); =20 return adr; -@@ -693,6 +707,12 @@ void __init mem_init(void) +@@ -684,6 +698,12 @@ void __init mem_init(void) =20 pci_iommu_alloc(); =20 @@ -24844,7 +24409,7 @@ index bbaaa00..796fa65 100644 /* clear_bss() already clear the empty_zero_page */ =20 reservedpages =3D 0; -@@ -853,8 +873,8 @@ int kern_addr_valid(unsigned long addr) +@@ -844,8 +864,8 @@ int kern_addr_valid(unsigned long addr) static struct vm_area_struct gate_vma =3D { .vm_start =3D VSYSCALL_START, .vm_end =3D VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE), @@ -24855,7 +24420,7 @@ index bbaaa00..796fa65 100644 }; =20 struct vm_area_struct *get_gate_vma(struct mm_struct *mm) -@@ -888,7 +908,7 @@ int in_gate_area_no_mm(unsigned long addr) +@@ -879,7 +899,7 @@ int in_gate_area_no_mm(unsigned long addr) =20 const char *arch_vma_name(struct vm_area_struct *vma) { @@ -25024,7 +24589,7 @@ index 845df68..1d8d29f 100644 mm->unmap_area =3D arch_unmap_area_topdown; } diff --git a/arch/x86/mm/mmio-mod.c b/arch/x86/mm/mmio-mod.c -index de54b9b..799051e 100644 +index dc0b727..dc9d71a 100644 --- a/arch/x86/mm/mmio-mod.c +++ b/arch/x86/mm/mmio-mod.c @@ -194,7 +194,7 @@ static void pre(struct kmmio_probe *p, struct pt_reg= s *regs, @@ -25068,7 +24633,7 @@ index b008656..773eac2 100644 =20 struct split_state { diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c -index f9e5267..77b1a40 100644 +index e1ebde3..b1e1db38 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -261,7 +261,7 @@ static inline pgprot_t static_protections(pgprot_t p= rot, unsigned long address, @@ -25812,7 +25377,7 @@ index cb29191..036766d 100644 return 1; } diff --git a/arch/x86/pci/pcbios.c b/arch/x86/pci/pcbios.c -index db0e9a5..0372c14 100644 +index da8fe05..7ee6704 100644 --- a/arch/x86/pci/pcbios.c +++ b/arch/x86/pci/pcbios.c @@ -79,50 +79,93 @@ union bios32 { @@ -26341,7 +25906,7 @@ index 4c07cca..2c8427d 100644 ret ENDPROC(efi_call6) diff --git a/arch/x86/platform/mrst/mrst.c b/arch/x86/platform/mrst/mrst= .c -index ad4ec1c..686479e 100644 +index 475e2cd..1b8e708 100644 --- a/arch/x86/platform/mrst/mrst.c +++ b/arch/x86/platform/mrst/mrst.c @@ -76,18 +76,20 @@ struct sfi_rtc_table_entry sfi_mrtc_array[SFI_MRTC_M= AX]; @@ -26367,28 +25932,6 @@ index ad4ec1c..686479e 100644 } =20 /* parse all the mtimer info to a static mtimer array */ -diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv= .c -index 81aee5a..9ad9aae 100644 ---- a/arch/x86/platform/uv/tlb_uv.c -+++ b/arch/x86/platform/uv/tlb_uv.c -@@ -1433,6 +1433,8 @@ static ssize_t tunables_read(struct file *file, ch= ar __user *userbuf, - * 0: display meaning of the statistics - */ - static ssize_t ptc_proc_write(struct file *file, const char __user *use= r, -+ size_t count, loff_t *data) __size_overflow(3); -+static ssize_t ptc_proc_write(struct file *file, const char __user *use= r, - size_t count, loff_t *data) - { - int cpu; -@@ -1548,6 +1550,8 @@ static int parse_tunables_write(struct bau_control= *bcp, char *instr, - * Handle a write to debugfs. (/sys/kernel/debug/sgi_uv/bau_tunables) - */ - static ssize_t tunables_write(struct file *file, const char __user *use= r, -+ size_t count, loff_t *data) __size_overflow(3); -+static ssize_t tunables_write(struct file *file, const char __user *use= r, - size_t count, loff_t *data) - { - int cpu; diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c index f10c0af..3ec1f95 100644 --- a/arch/x86/power/cpu.c @@ -26585,7 +26128,7 @@ index 153407c..611cba9 100644 -} -__setup("vdso=3D", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 1f92865..c843b20 100644 +index 4172af8..2c8ed7f 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -85,8 +85,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -26597,7 +26140,7 @@ index 1f92865..c843b20 100644 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE); __read_mostly int xen_have_vector_callback; EXPORT_SYMBOL_GPL(xen_have_vector_callback); -@@ -1029,7 +1027,7 @@ static const struct pv_apic_ops xen_apic_ops __ini= tconst =3D { +@@ -1029,30 +1027,30 @@ static const struct pv_apic_ops xen_apic_ops __i= nitconst =3D { #endif }; =20 @@ -26606,8 +26149,10 @@ index 1f92865..c843b20 100644 { struct sched_shutdown r =3D { .reason =3D reason }; =20 -@@ -1037,17 +1035,17 @@ static void xen_reboot(int reason) - BUG(); +- if (HYPERVISOR_sched_op(SCHEDOP_shutdown, &r)) +- BUG(); ++ HYPERVISOR_sched_op(SCHEDOP_shutdown, &r); ++ BUG(); } =20 -static void xen_restart(char *msg) @@ -26627,7 +26172,13 @@ index 1f92865..c843b20 100644 { xen_reboot(SHUTDOWN_poweroff); } -@@ -1153,7 +1151,17 @@ asmlinkage void __init xen_start_kernel(void) +=20 +-static void xen_machine_power_off(void) ++static __noreturn void xen_machine_power_off(void) + { + if (pm_power_off) + pm_power_off(); +@@ -1155,7 +1153,17 @@ asmlinkage void __init xen_start_kernel(void) __userpte_alloc_gfp &=3D ~__GFP_HIGHMEM; =20 /* Work out if we support NX */ @@ -26646,7 +26197,7 @@ index 1f92865..c843b20 100644 =20 xen_setup_features(); =20 -@@ -1184,13 +1192,6 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1186,13 +1194,6 @@ asmlinkage void __init xen_start_kernel(void) =20 machine_ops =3D xen_machine_ops; =20 @@ -26661,7 +26212,7 @@ index 1f92865..c843b20 100644 =20 #ifdef CONFIG_ACPI_NUMA diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index 87f6673..e2555a6 100644 +index 95c1cf6..4bfa5be 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c @@ -1733,6 +1733,9 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *p= gd, @@ -26686,7 +26237,7 @@ index 87f6673..e2555a6 100644 set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); =20 -@@ -1962,6 +1969,7 @@ static void __init xen_post_allocator_init(void) +@@ -1958,6 +1965,7 @@ static void __init xen_post_allocator_init(void) pv_mmu_ops.set_pud =3D xen_set_pud; #if PAGETABLE_LEVELS =3D=3D 4 pv_mmu_ops.set_pgd =3D xen_set_pgd; @@ -26694,7 +26245,7 @@ index 87f6673..e2555a6 100644 #endif =20 /* This will work as long as patching hasn't happened yet -@@ -2043,6 +2051,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initc= onst =3D { +@@ -2039,6 +2047,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initc= onst =3D { .pud_val =3D PV_CALLEE_SAVE(xen_pud_val), .make_pud =3D PV_CALLEE_SAVE(xen_make_pud), .set_pgd =3D xen_set_pgd_hyper, @@ -26703,7 +26254,7 @@ index 87f6673..e2555a6 100644 .alloc_pud =3D xen_alloc_pmd_init, .release_pud =3D xen_release_pmd_init, diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c -index 041d4fe..7666b7e 100644 +index 501d4e0..e877605 100644 --- a/arch/x86/xen/smp.c +++ b/arch/x86/xen/smp.c @@ -194,11 +194,6 @@ static void __init xen_smp_prepare_boot_cpu(void) @@ -26911,7 +26462,7 @@ index 1366a89..e17f54b 100644 struct list_head *cpu_list, local_list; =20 diff --git a/block/bsg.c b/block/bsg.c -index c0ab25c..9d49f8f 100644 +index ff64ae3..593560c 100644 --- a/block/bsg.c +++ b/block/bsg.c @@ -176,16 +176,24 @@ static int blk_fill_sgv4_hdr_rq(struct request_que= ue *q, struct request *rq, @@ -26942,7 +26493,7 @@ index c0ab25c..9d49f8f 100644 if (blk_verify_command(rq->cmd, has_write_perm)) return -EPERM; diff --git a/block/compat_ioctl.c b/block/compat_ioctl.c -index 7b72502..646105c 100644 +index 7c668c8..db3521c 100644 --- a/block/compat_ioctl.c +++ b/block/compat_ioctl.c @@ -340,7 +340,7 @@ static int compat_fd_ioctl(struct block_device *bdev= , fmode_t mode, @@ -26954,8 +26505,33 @@ index 7b72502..646105c 100644 if (err) { err =3D -EFAULT; goto out; +diff --git a/block/partitions/efi.c b/block/partitions/efi.c +index 6296b40..417c00f 100644 +--- a/block/partitions/efi.c ++++ b/block/partitions/efi.c +@@ -234,14 +234,14 @@ static gpt_entry *alloc_read_gpt_entries(struct pa= rsed_partitions *state, + if (!gpt) + return NULL; +=20 ++ if (!le32_to_cpu(gpt->num_partition_entries)) ++ return NULL; ++ pte =3D kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(g= pt->sizeof_partition_entry), GFP_KERNEL); ++ if (!pte) ++ return NULL; ++ + count =3D le32_to_cpu(gpt->num_partition_entries) * + le32_to_cpu(gpt->sizeof_partition_entry); +- if (!count) +- return NULL; +- pte =3D kzalloc(count, GFP_KERNEL); +- if (!pte) +- return NULL; +- + if (read_lba(state, le64_to_cpu(gpt->partition_entry_lba), + (u8 *) pte, + count) < count) { diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c -index 688be8a..8a37d98 100644 +index 260fa80..e8f3caf 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c @@ -223,8 +223,20 @@ EXPORT_SYMBOL(blk_verify_command); @@ -27009,91 +26585,6 @@ index 688be8a..8a37d98 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; =20 -diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c -index a0f768c..1da9c73 100644 ---- a/crypto/ablkcipher.c -+++ b/crypto/ablkcipher.c -@@ -307,6 +307,8 @@ int ablkcipher_walk_phys(struct ablkcipher_request *= req, - EXPORT_SYMBOL_GPL(ablkcipher_walk_phys); -=20 - static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *ke= y, -+ unsigned int keylen) __size_overflow(3); -+static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *ke= y, - unsigned int keylen) - { - struct ablkcipher_alg *cipher =3D crypto_ablkcipher_alg(tfm); -@@ -329,6 +331,8 @@ static int setkey_unaligned(struct crypto_ablkcipher= *tfm, const u8 *key, - } -=20 - static int setkey(struct crypto_ablkcipher *tfm, const u8 *key, -+ unsigned int keylen) __size_overflow(3); -+static int setkey(struct crypto_ablkcipher *tfm, const u8 *key, - unsigned int keylen) - { - struct ablkcipher_alg *cipher =3D crypto_ablkcipher_alg(tfm); -diff --git a/crypto/aead.c b/crypto/aead.c -index 04add3dc..983032f 100644 ---- a/crypto/aead.c -+++ b/crypto/aead.c -@@ -27,6 +27,8 @@ - #include "internal.h" -=20 - static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, -+ unsigned int keylen) __size_overflow(3); -+static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, - unsigned int keylen) - { - struct aead_alg *aead =3D crypto_aead_alg(tfm); -@@ -48,6 +50,7 @@ static int setkey_unaligned(struct crypto_aead *tfm, c= onst u8 *key, - return ret; - } -=20 -+static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int = keylen) __size_overflow(3); - static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int = keylen) - { - struct aead_alg *aead =3D crypto_aead_alg(tfm); -diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c -index 1e61d1a..cf06b86 100644 ---- a/crypto/blkcipher.c -+++ b/crypto/blkcipher.c -@@ -359,6 +359,8 @@ int blkcipher_walk_virt_block(struct blkcipher_desc = *desc, - EXPORT_SYMBOL_GPL(blkcipher_walk_virt_block); -=20 - static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, -+ unsigned int keylen) __size_overflow(3); -+static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, - unsigned int keylen) - { - struct blkcipher_alg *cipher =3D &tfm->__crt_alg->cra_blkcipher; -@@ -380,6 +382,7 @@ static int setkey_unaligned(struct crypto_tfm *tfm, = const u8 *key, - return ret; - } -=20 -+static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int k= eylen) __size_overflow(3); - static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int k= eylen) - { - struct blkcipher_alg *cipher =3D &tfm->__crt_alg->cra_blkcipher; -diff --git a/crypto/cipher.c b/crypto/cipher.c -index 39541e0..802d956 100644 ---- a/crypto/cipher.c -+++ b/crypto/cipher.c -@@ -21,6 +21,8 @@ - #include "internal.h" -=20 - static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, -+ unsigned int keylen) __size_overflow(3); -+static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, - unsigned int keylen) - { - struct cipher_alg *cia =3D &tfm->__crt_alg->cra_cipher; -@@ -43,6 +45,7 @@ static int setkey_unaligned(struct crypto_tfm *tfm, co= nst u8 *key, -=20 - } -=20 -+static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int k= eylen) __size_overflow(3); - static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int k= eylen) - { - struct cipher_alg *cia =3D &tfm->__crt_alg->cra_cipher; diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 671d4d6..5f24030 100644 --- a/crypto/cryptd.c @@ -27137,22 +26628,8 @@ index 5d41894..22021e4 100644 } EXPORT_SYMBOL_GPL(cper_next_record_id); =20 -diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c -index 7711d94..8622811 100644 ---- a/drivers/acpi/battery.c -+++ b/drivers/acpi/battery.c -@@ -787,6 +787,9 @@ static int acpi_battery_print_alarm(struct seq_file = *seq, int result) -=20 - static ssize_t acpi_battery_write_alarm(struct file *file, - const char __user * buffer, -+ size_t count, loff_t * ppos) __size_overflow(3); -+static ssize_t acpi_battery_write_alarm(struct file *file, -+ const char __user * buffer, - size_t count, loff_t * ppos) - { - int result =3D 0; diff --git a/drivers/acpi/ec_sys.c b/drivers/acpi/ec_sys.c -index 6c47ae9..abfdd63 100644 +index b258cab..3fb7da7 100644 --- a/drivers/acpi/ec_sys.c +++ b/drivers/acpi/ec_sys.c @@ -12,6 +12,7 @@ @@ -27243,10 +26720,10 @@ index 251c7b62..000462d 100644 bool enable =3D !device_may_wakeup(&dev->dev); device_set_wakeup_enable(&dev->dev, enable); diff --git a/drivers/acpi/processor_driver.c b/drivers/acpi/processor_dr= iver.c -index 9d7bc9f..a6fc091 100644 +index 8ae05ce..7dbbed9 100644 --- a/drivers/acpi/processor_driver.c +++ b/drivers/acpi/processor_driver.c -@@ -473,7 +473,7 @@ static int __cpuinit acpi_processor_add(struct acpi_= device *device) +@@ -555,7 +555,7 @@ static int __cpuinit acpi_processor_add(struct acpi_= device *device) return 0; #endif =20 @@ -27255,25 +26732,11 @@ index 9d7bc9f..a6fc091 100644 =20 /* * Buggy BIOS check -diff --git a/drivers/acpi/sbs.c b/drivers/acpi/sbs.c -index 6e36d0c..f319944 100644 ---- a/drivers/acpi/sbs.c -+++ b/drivers/acpi/sbs.c -@@ -655,6 +655,9 @@ static int acpi_battery_read_alarm(struct seq_file *= seq, void *offset) -=20 - static ssize_t - acpi_battery_write_alarm(struct file *file, const char __user * buffer, -+ size_t count, loff_t * ppos) __size_overflow(3); -+static ssize_t -+acpi_battery_write_alarm(struct file *file, const char __user * buffer, - size_t count, loff_t * ppos) - { - struct seq_file *seq =3D file->private_data; diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index c04ad68..0b99473 100644 +index c06e0ec..a2c06ba 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c -@@ -4733,7 +4733,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4736,7 +4736,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; =20 @@ -27282,7 +26745,7 @@ index c04ad68..0b99473 100644 ap =3D qc->ap; =20 qc->flags =3D 0; -@@ -4749,7 +4749,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4752,7 +4752,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; =20 @@ -27291,7 +26754,7 @@ index c04ad68..0b99473 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap =3D qc->ap; link =3D qc->dev->link; -@@ -5754,6 +5754,7 @@ static void ata_finalize_port_ops(struct ata_port_= operations *ops) +@@ -5816,6 +5816,7 @@ static void ata_finalize_port_ops(struct ata_port_= operations *ops) return; =20 spin_lock(&lock); @@ -27299,7 +26762,7 @@ index c04ad68..0b99473 100644 =20 for (cur =3D ops->inherits; cur; cur =3D cur->inherits) { void **inherit =3D (void **)cur; -@@ -5767,8 +5768,9 @@ static void ata_finalize_port_ops(struct ata_port_= operations *ops) +@@ -5829,8 +5830,9 @@ static void ata_finalize_port_ops(struct ata_port_= operations *ops) if (IS_ERR(*pp)) *pp =3D NULL; =20 @@ -27311,7 +26774,7 @@ index c04ad68..0b99473 100644 } =20 diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c -index e8574bb..f9f6a72 100644 +index 048589f..4002b98 100644 --- a/drivers/ata/pata_arasan_cf.c +++ b/drivers/ata/pata_arasan_cf.c @@ -862,7 +862,9 @@ static int __devinit arasan_cf_probe(struct platform= _device *pdev) @@ -27587,7 +27050,7 @@ index 361f5ae..7fc552d 100644 fore200e->tx_sat++; DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - hear= tbeat is %08x\n", diff --git a/drivers/atm/he.c b/drivers/atm/he.c -index 9a51df4..f3bb5f8 100644 +index b182c2f..1c6fa8a 100644 --- a/drivers/atm/he.c +++ b/drivers/atm/he.c @@ -1709,7 +1709,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) @@ -27852,7 +27315,7 @@ index 1c05212..c28e200 100644 } atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc); diff --git a/drivers/atm/iphase.c b/drivers/atm/iphase.c -index 3d0c2b0..45441fa 100644 +index 9e373ba..cf93727 100644 --- a/drivers/atm/iphase.c +++ b/drivers/atm/iphase.c @@ -1146,7 +1146,7 @@ static int rx_pkt(struct atm_dev *dev) @@ -27879,8 +27342,8 @@ index 3d0c2b0..45441fa 100644 { - atomic_inc(&vcc->stats->rx_err); + atomic_inc_unchecked(&vcc->stats->rx_err); + atm_return(vcc, skb->truesize); dev_kfree_skb_any(skb); - atm_return(vcc, atm_guess_pdu2truesize(len)); goto INCR_DLE; @@ -1331,7 +1331,7 @@ static void rx_dle_intr(struct atm_dev *dev) if ((length > iadev->rx_buf_sz) || (length >=20 @@ -27890,7 +27353,7 @@ index 3d0c2b0..45441fa 100644 + atomic_inc_unchecked(&vcc->stats->rx_err); IF_ERR(printk("rx_dle_intr: Bad AAL5 trailer %d (skb len = %d)",=20 length, skb= ->len);) - dev_kfree_skb_any(skb); + atm_return(vcc, skb->truesize); @@ -1347,7 +1347,7 @@ static void rx_dle_intr(struct atm_dev *dev) =20 IF_RX(printk("rx_dle_intr: skb push");) =20 @@ -28215,7 +27678,7 @@ index 1c70c45..300718d 100644 } =20 diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c -index 5d1d076..12fbca4 100644 +index e8cd652..bbbd1fc 100644 --- a/drivers/atm/solos-pci.c +++ b/drivers/atm/solos-pci.c @@ -714,7 +714,7 @@ void solos_bh(unsigned long card_arg) @@ -28331,7 +27794,7 @@ index d889f56..17eb71e 100644 } =20 diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c -index a4760e0..51283cf 100644 +index 8493536..31adee0 100644 --- a/drivers/base/devtmpfs.c +++ b/drivers/base/devtmpfs.c @@ -368,7 +368,7 @@ int devtmpfs_mount(const char *mntdir) @@ -28656,7 +28119,7 @@ index be73e9d..7fbf140 100644 cmdlist_t *reqQ; cmdlist_t *cmpQ; diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int= .h -index 9cf2035..bffca95 100644 +index 8d68056..e67050f 100644 --- a/drivers/block/drbd/drbd_int.h +++ b/drivers/block/drbd/drbd_int.h @@ -736,7 +736,7 @@ struct drbd_request; @@ -28717,7 +28180,7 @@ index 9cf2035..bffca95 100644 =20 void drbd_bump_write_ordering(struct drbd_conf *mdev, enum write_orderi= ng_e wo); diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_ma= in.c -index 0358e55..bc33689 100644 +index 211fc44..c5116f1 100644 --- a/drivers/block/drbd/drbd_main.c +++ b/drivers/block/drbd/drbd_main.c @@ -2397,7 +2397,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, = enum drbd_packets cmd, @@ -28897,10 +28360,10 @@ index 43beaca..4a5b1dd 100644 } =20 diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index 1e888c9..05cf1b0 100644 +index cd50435..ba1ffb5 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c -@@ -227,7 +227,7 @@ static int __do_lo_send_write(struct file *file, +@@ -226,7 +226,7 @@ static int __do_lo_send_write(struct file *file, mm_segment_t old_fs =3D get_fs(); =20 set_fs(get_ds()); @@ -29049,7 +28512,7 @@ index 58c0e63..46c16bf 100644 intf->proc_dir =3D NULL; =20 diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_s= i_intf.c -index 9397ab4..d01bee1 100644 +index 50fcf9c..91b5528 100644 --- a/drivers/char/ipmi/ipmi_si_intf.c +++ b/drivers/char/ipmi/ipmi_si_intf.c @@ -277,7 +277,7 @@ struct smi_info { @@ -29096,7 +28559,7 @@ index 1aeaaba..e018570 100644 .part_num =3D MBCS_PART_NUM, .mfg_num =3D MBCS_MFG_NUM, diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 1451790..f705c30 100644 +index d6e9d08..4493e89 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -29245,7 +28708,7 @@ index da3cfee..a5a6606 100644 =20 *ppos =3D i; diff --git a/drivers/char/random.c b/drivers/char/random.c -index 6035ab8..bdfe4fd 100644 +index 54ca8b2..d58cb51 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -261,8 +261,13 @@ @@ -29280,7 +28743,7 @@ index 6035ab8..bdfe4fd 100644 #if 0 /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */ { 2048, 1638, 1231, 819, 411, 1 }, -@@ -909,7 +921,7 @@ static ssize_t extract_entropy_user(struct entropy_s= tore *r, void __user *buf, +@@ -913,7 +925,7 @@ static ssize_t extract_entropy_user(struct entropy_s= tore *r, void __user *buf, =20 extract_buf(r, tmp); i =3D min_t(int, nbytes, EXTRACT_SIZE); @@ -29289,7 +28752,7 @@ index 6035ab8..bdfe4fd 100644 ret =3D -EFAULT; break; } -@@ -1228,7 +1240,7 @@ EXPORT_SYMBOL(generate_random_uuid); +@@ -1238,7 +1250,7 @@ EXPORT_SYMBOL(generate_random_uuid); #include =20 static int min_read_thresh =3D 8, min_write_thresh; @@ -29341,10 +28804,10 @@ index 1ee8ce7..b778bef 100644 =20 return 0; diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c -index 361a1df..2471eee 100644 +index 32362cf..32a96e9 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c -@@ -414,7 +414,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, c= onst char *buf, +@@ -415,7 +415,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, c= onst char *buf, chip->vendor.req_complete_val) goto out_recv; =20 @@ -29401,7 +28864,7 @@ index 0636520..169c1d0 100644 acpi_os_unmap_memory(virt, len); return 0; diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console= .c -index 8e3c46d..c139b99 100644 +index b58b561..c9088c8 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c @@ -563,7 +563,7 @@ static ssize_t fill_readbuf(struct port *port, char = *out_buf, size_t out_count, @@ -29422,19 +28885,6 @@ index 8e3c46d..c139b99 100644 } =20 static ssize_t port_fops_write(struct file *filp, const char __user *ub= uf, -diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c -index eb1d864..39ee5a7 100644 ---- a/drivers/dma/dmatest.c -+++ b/drivers/dma/dmatest.c -@@ -591,7 +591,7 @@ static int dmatest_add_channel(struct dma_chan *chan= ) - } - if (dma_has_cap(DMA_PQ, dma_dev->cap_mask)) { - cnt =3D dmatest_add_threads(dtc, DMA_PQ); -- thread_count +=3D cnt > 0 ?: 0; -+ thread_count +=3D cnt > 0 ? cnt : 0; - } -=20 - pr_info("dmatest: Started %u threads using %s\n", diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c index c9eee6d..f9d5280 100644 --- a/drivers/edac/amd64_edac.c @@ -29488,7 +28938,7 @@ index 6ffb6d2..383d8d7 100644 PCI_VEND_DEV(INTEL, 7205_0), PCI_ANY_ID, PCI_ANY_ID, 0, 0, E7205}, diff --git a/drivers/edac/edac_pci_sysfs.c b/drivers/edac/edac_pci_sysfs= .c -index 495198a..ac08c85 100644 +index 97f5064..202b6e6 100644 --- a/drivers/edac/edac_pci_sysfs.c +++ b/drivers/edac/edac_pci_sysfs.c @@ -26,8 +26,8 @@ static int edac_pci_log_pe =3D 1; /* log PCI parity e= rrors */ @@ -29588,10 +29038,10 @@ index c0510b3..6e2a954 100644 PCI_VEND_DEV(INTEL, 3000_HB), PCI_ANY_ID, PCI_ANY_ID, 0, 0, I3000}, diff --git a/drivers/edac/i3200_edac.c b/drivers/edac/i3200_edac.c -index aa08497..7e6822a 100644 +index 73f55e200..5faaf59 100644 --- a/drivers/edac/i3200_edac.c +++ b/drivers/edac/i3200_edac.c -@@ -456,7 +456,7 @@ static void __devexit i3200_remove_one(struct pci_de= v *pdev) +@@ -445,7 +445,7 @@ static void __devexit i3200_remove_one(struct pci_de= v *pdev) edac_mc_free(mci); } =20 @@ -29653,7 +29103,7 @@ index 6104dba..e7ea8e1 100644 {0,} /* 0 terminated list. */ }; diff --git a/drivers/edac/i7core_edac.c b/drivers/edac/i7core_edac.c -index 70ad892..178943c 100644 +index 8568d9b..42b2fa8 100644 --- a/drivers/edac/i7core_edac.c +++ b/drivers/edac/i7core_edac.c @@ -391,7 +391,7 @@ static const struct pci_id_table pci_dev_table[] =3D= { @@ -29705,10 +29155,10 @@ index 33864c6..01edc61 100644 PCI_VEND_DEV(INTEL, 82875_0), PCI_ANY_ID, PCI_ANY_ID, 0, 0, I82875P}, diff --git a/drivers/edac/i82975x_edac.c b/drivers/edac/i82975x_edac.c -index a5da732..983363b 100644 +index 4184e01..dcb2cd3 100644 --- a/drivers/edac/i82975x_edac.c +++ b/drivers/edac/i82975x_edac.c -@@ -604,7 +604,7 @@ static void __devexit i82975x_remove_one(struct pci_= dev *pdev) +@@ -612,7 +612,7 @@ static void __devexit i82975x_remove_one(struct pci_= dev *pdev) edac_mc_free(mci); } =20 @@ -29731,7 +29181,7 @@ index 0106747..0b40417 100644 void amd_report_gart_errors(bool); void amd_register_ecc_decoder(void (*f)(int, struct mce *)); diff --git a/drivers/edac/r82600_edac.c b/drivers/edac/r82600_edac.c -index b153674..ad2ba9b 100644 +index e294e1b..a41b05b 100644 --- a/drivers/edac/r82600_edac.c +++ b/drivers/edac/r82600_edac.c @@ -373,7 +373,7 @@ static void __devexit r82600_remove_one(struct pci_d= ev *pdev) @@ -29744,7 +29194,7 @@ index b153674..ad2ba9b 100644 PCI_DEVICE(PCI_VENDOR_ID_RADISYS, R82600_BRIDGE_ID) }, diff --git a/drivers/edac/sb_edac.c b/drivers/edac/sb_edac.c -index 7a402bf..af0b211 100644 +index 1dc118d..8c68af9 100644 --- a/drivers/edac/sb_edac.c +++ b/drivers/edac/sb_edac.c @@ -367,7 +367,7 @@ static const struct pci_id_table pci_dev_descr_sbrid= ge_table[] =3D { @@ -29846,7 +29296,7 @@ index 153980b..4b4d046 100644 iounmap(buf); return 0; diff --git a/drivers/gpio/gpio-vr41xx.c b/drivers/gpio/gpio-vr41xx.c -index 98723cb..10ca85b 100644 +index 82d5c20..44a7177 100644 --- a/drivers/gpio/gpio-vr41xx.c +++ b/drivers/gpio/gpio-vr41xx.c @@ -204,7 +204,7 @@ static int giu_get_irq(unsigned int irq) @@ -29858,107 +29308,11 @@ index 98723cb..10ca85b 100644 =20 return -EINVAL; } -diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c -index 8323fc3..5c1d755 100644 ---- a/drivers/gpu/drm/drm_crtc.c -+++ b/drivers/gpu/drm/drm_crtc.c -@@ -1379,7 +1379,7 @@ int drm_mode_getconnector(struct drm_device *dev, = void *data, - */ - if ((out_resp->count_modes >=3D mode_count) && mode_count) { - copied =3D 0; -- mode_ptr =3D (struct drm_mode_modeinfo *)(unsigned long)out_resp->mod= es_ptr; -+ mode_ptr =3D (struct drm_mode_modeinfo __user *)(unsigned long)out_re= sp->modes_ptr; - list_for_each_entry(mode, &connector->modes, head) { - drm_crtc_convert_to_umode(&u_mode, mode); - if (copy_to_user(mode_ptr + copied, -@@ -1394,8 +1394,8 @@ int drm_mode_getconnector(struct drm_device *dev, = void *data, -=20 - if ((out_resp->count_props >=3D props_count) && props_count) { - copied =3D 0; -- prop_ptr =3D (uint32_t *)(unsigned long)(out_resp->props_ptr); -- prop_values =3D (uint64_t *)(unsigned long)(out_resp->prop_values_ptr= ); -+ prop_ptr =3D (uint32_t __user *)(unsigned long)(out_resp->props_ptr); -+ prop_values =3D (uint64_t __user *)(unsigned long)(out_resp->prop_val= ues_ptr); - for (i =3D 0; i < DRM_CONNECTOR_MAX_PROPERTY; i++) { - if (connector->property_ids[i] !=3D 0) { - if (put_user(connector->property_ids[i], -@@ -1417,7 +1417,7 @@ int drm_mode_getconnector(struct drm_device *dev, = void *data, -=20 - if ((out_resp->count_encoders >=3D encoders_count) && encoders_count) = { - copied =3D 0; -- encoder_ptr =3D (uint32_t *)(unsigned long)(out_resp->encoders_ptr); -+ encoder_ptr =3D (uint32_t __user *)(unsigned long)(out_resp->encoders= _ptr); - for (i =3D 0; i < DRM_CONNECTOR_MAX_ENCODER; i++) { - if (connector->encoder_ids[i] !=3D 0) { - if (put_user(connector->encoder_ids[i], -@@ -1576,7 +1576,7 @@ int drm_mode_setcrtc(struct drm_device *dev, void = *data, - } -=20 - for (i =3D 0; i < crtc_req->count_connectors; i++) { -- set_connectors_ptr =3D (uint32_t *)(unsigned long)crtc_req->set_conn= ectors_ptr; -+ set_connectors_ptr =3D (uint32_t __user *)(unsigned long)crtc_req->s= et_connectors_ptr; - if (get_user(out_id, &set_connectors_ptr[i])) { - ret =3D -EFAULT; - goto out; -@@ -1857,7 +1857,7 @@ int drm_mode_dirtyfb_ioctl(struct drm_device *dev, - fb =3D obj_to_fb(obj); -=20 - num_clips =3D r->num_clips; -- clips_ptr =3D (struct drm_clip_rect *)(unsigned long)r->clips_ptr; -+ clips_ptr =3D (struct drm_clip_rect __user *)(unsigned long)r->clips_p= tr; -=20 - if (!num_clips !=3D !clips_ptr) { - ret =3D -EINVAL; -@@ -2283,7 +2283,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *= dev, - out_resp->flags =3D property->flags; -=20 - if ((out_resp->count_values >=3D value_count) && value_count) { -- values_ptr =3D (uint64_t *)(unsigned long)out_resp->values_ptr; -+ values_ptr =3D (uint64_t __user *)(unsigned long)out_resp->values_ptr= ; - for (i =3D 0; i < value_count; i++) { - if (copy_to_user(values_ptr + i, &property->values[i], sizeof(uint64= _t))) { - ret =3D -EFAULT; -@@ -2296,7 +2296,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *= dev, - if (property->flags & DRM_MODE_PROP_ENUM) { - if ((out_resp->count_enum_blobs >=3D enum_count) && enum_count) { - copied =3D 0; -- enum_ptr =3D (struct drm_mode_property_enum *)(unsigned long)out_res= p->enum_blob_ptr; -+ enum_ptr =3D (struct drm_mode_property_enum __user *)(unsigned long)= out_resp->enum_blob_ptr; - list_for_each_entry(prop_enum, &property->enum_blob_list, head) { -=20 - if (copy_to_user(&enum_ptr[copied].value, &prop_enum->value, sizeof= (uint64_t))) { -@@ -2319,7 +2319,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *= dev, - if ((out_resp->count_enum_blobs >=3D blob_count) && blob_count) { - copied =3D 0; - blob_id_ptr =3D (uint32_t *)(unsigned long)out_resp->enum_blob_ptr; -- blob_length_ptr =3D (uint32_t *)(unsigned long)out_resp->values_ptr; -+ blob_length_ptr =3D (uint32_t __user *)(unsigned long)out_resp->valu= es_ptr; -=20 - list_for_each_entry(prop_blob, &property->enum_blob_list, head) { - if (put_user(prop_blob->base.id, blob_id_ptr + copied)) { -@@ -2380,7 +2380,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, - struct drm_mode_get_blob *out_resp =3D data; - struct drm_property_blob *blob; - int ret =3D 0; -- void *blob_ptr; -+ void __user *blob_ptr; -=20 - if (!drm_core_check_feature(dev, DRIVER_MODESET)) - return -EINVAL; -@@ -2394,7 +2394,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, - blob =3D obj_to_blob(obj); -=20 - if (out_resp->length =3D=3D blob->length) { -- blob_ptr =3D (void *)(unsigned long)out_resp->data; -+ blob_ptr =3D (void __user *)(unsigned long)out_resp->data; - if (copy_to_user(blob_ptr, blob->data, blob->length)){ - ret =3D -EFAULT; - goto done; diff --git a/drivers/gpu/drm/drm_crtc_helper.c b/drivers/gpu/drm/drm_crt= c_helper.c -index d2619d7..bd6bd00 100644 +index 84a4a80..ce0306e 100644 --- a/drivers/gpu/drm/drm_crtc_helper.c +++ b/drivers/gpu/drm/drm_crtc_helper.c -@@ -279,7 +279,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *= encoder, +@@ -280,7 +280,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *= encoder, struct drm_crtc *tmp; int crtc_mask =3D 1; =20 @@ -29968,10 +29322,10 @@ index d2619d7..bd6bd00 100644 dev =3D crtc->dev; =20 diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c -index 40c187c..5746164 100644 +index ebf7d3f..d64c436 100644 --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c -@@ -308,7 +308,7 @@ module_exit(drm_core_exit); +@@ -312,7 +312,7 @@ module_exit(drm_core_exit); /** * Copy and IOCTL return string to user space */ @@ -29980,7 +29334,7 @@ index 40c187c..5746164 100644 { int len; =20 -@@ -387,7 +387,7 @@ long drm_ioctl(struct file *filp, +@@ -391,7 +391,7 @@ long drm_ioctl(struct file *filp, =20 dev =3D file_priv->minor->dev; atomic_inc(&dev->ioctl_count); @@ -29990,7 +29344,7 @@ index 40c187c..5746164 100644 =20 DRM_DEBUG("pid=3D%d, cmd=3D0x%02x, nr=3D0x%02x, dev 0x%lx, auth=3D%d\n= ", diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c -index 828bf65..cdaa0e9 100644 +index 6263b01..7987f55 100644 --- a/drivers/gpu/drm/drm_fops.c +++ b/drivers/gpu/drm/drm_fops.c @@ -71,7 +71,7 @@ static int drm_setup(struct drm_device * dev) @@ -30018,12 +29372,16 @@ index 828bf65..cdaa0e9 100644 mutex_lock(&drm_global_mutex); =20 - DRM_DEBUG("open_count =3D %d\n", dev->open_count); -+ DRM_DEBUG("open_count =3D %d\n", local_read(&dev->open_count)); ++ DRM_DEBUG("open_count =3D %ld\n", local_read(&dev->open_count)); =20 if (dev->driver->preclose) dev->driver->preclose(dev, file_priv); -@@ -485,7 +485,7 @@ int drm_release(struct inode *inode, struct file *fi= lp) - DRM_DEBUG("pid =3D %d, device =3D 0x%lx, open_count =3D %d\n", +@@ -482,10 +482,10 @@ int drm_release(struct inode *inode, struct file *= filp) + * Begin inline drm_release + */ +=20 +- DRM_DEBUG("pid =3D %d, device =3D 0x%lx, open_count =3D %d\n", ++ DRM_DEBUG("pid =3D %d, device =3D 0x%lx, open_count =3D %ld\n", task_pid_nr(current), (long)old_encode_dev(file_priv->minor->device), - dev->open_count); @@ -30148,10 +29506,10 @@ index ab1162d..42587b2 100644 #if defined(__i386__) pgprot =3D pgprot_val(vma->vm_page_prot); diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c -index ddd70db..40321e6 100644 +index 637fcc3..e890b33 100644 --- a/drivers/gpu/drm/drm_ioc32.c +++ b/drivers/gpu/drm/drm_ioc32.c -@@ -456,7 +456,7 @@ static int compat_drm_infobufs(struct file *file, un= signed int cmd, +@@ -457,7 +457,7 @@ static int compat_drm_infobufs(struct file *file, un= signed int cmd, request =3D compat_alloc_user_space(nbytes); if (!access_ok(VERIFY_WRITE, request, nbytes)) return -EFAULT; @@ -30160,7 +29518,7 @@ index ddd70db..40321e6 100644 =20 if (__put_user(count, &request->count) || __put_user(list, &request->list)) -@@ -517,7 +517,7 @@ static int compat_drm_mapbufs(struct file *file, uns= igned int cmd, +@@ -518,7 +518,7 @@ static int compat_drm_mapbufs(struct file *file, uns= igned int cmd, request =3D compat_alloc_user_space(nbytes); if (!access_ok(VERIFY_WRITE, request, nbytes)) return -EFAULT; @@ -30170,10 +29528,10 @@ index ddd70db..40321e6 100644 if (__put_user(count, &request->count) || __put_user(list, &request->list)) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c -index 904d7e9..ab88581 100644 +index 956fd38..e52167a 100644 --- a/drivers/gpu/drm/drm_ioctl.c +++ b/drivers/gpu/drm/drm_ioctl.c -@@ -256,7 +256,7 @@ int drm_getstats(struct drm_device *dev, void *data, +@@ -251,7 +251,7 @@ int drm_getstats(struct drm_device *dev, void *data, stats->data[i].value =3D (file_priv->master->lock.hw_lock ? file_priv->master->lock.hw_lo= ck->lock : 0); else @@ -30183,10 +29541,10 @@ index 904d7e9..ab88581 100644 } =20 diff --git a/drivers/gpu/drm/drm_lock.c b/drivers/gpu/drm/drm_lock.c -index 632ae24..244cf4a 100644 +index c79c713..2048588 100644 --- a/drivers/gpu/drm/drm_lock.c +++ b/drivers/gpu/drm/drm_lock.c -@@ -89,7 +89,7 @@ int drm_lock(struct drm_device *dev, void *data, struc= t drm_file *file_priv) +@@ -90,7 +90,7 @@ int drm_lock(struct drm_device *dev, void *data, struc= t drm_file *file_priv) if (drm_lock_take(&master->lock, lock->context)) { master->lock.file_priv =3D file_priv; master->lock.lock_time =3D jiffies; @@ -30195,7 +29553,7 @@ index 632ae24..244cf4a 100644 break; /* Got lock */ } =20 -@@ -160,7 +160,7 @@ int drm_unlock(struct drm_device *dev, void *data, s= truct drm_file *file_priv) +@@ -161,7 +161,7 @@ int drm_unlock(struct drm_device *dev, void *data, s= truct drm_file *file_priv) return -EINVAL; } =20 @@ -30205,10 +29563,10 @@ index 632ae24..244cf4a 100644 if (drm_lock_free(&master->lock, lock->context)) { /* FIXME: Should really bail out here. */ diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810= _dma.c -index 8f371e8..9f85d52 100644 +index 7f4b4e1..bf4def2 100644 --- a/drivers/gpu/drm/i810/i810_dma.c +++ b/drivers/gpu/drm/i810/i810_dma.c -@@ -950,8 +950,8 @@ static int i810_dma_vertex(struct drm_device *dev, v= oid *data, +@@ -948,8 +948,8 @@ static int i810_dma_vertex(struct drm_device *dev, v= oid *data, dma->buflist[vertex->idx], vertex->discard, vertex->used); =20 @@ -30219,7 +29577,7 @@ index 8f371e8..9f85d52 100644 sarea_priv->last_enqueue =3D dev_priv->counter - 1; sarea_priv->last_dispatch =3D (int)hw_status[5]; =20 -@@ -1111,8 +1111,8 @@ static int i810_dma_mc(struct drm_device *dev, voi= d *data, +@@ -1109,8 +1109,8 @@ static int i810_dma_mc(struct drm_device *dev, voi= d *data, i810_dma_dispatch_mc(dev, dma->buflist[mc->idx], mc->used, mc->last_render); =20 @@ -30246,7 +29604,7 @@ index c9339f4..f5e1b9d 100644 int front_offset; } drm_i810_private_t; diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/= i915_debugfs.c -index b2e3c97..58cf079 100644 +index deaa657..e0fd296 100644 --- a/drivers/gpu/drm/i915/i915_debugfs.c +++ b/drivers/gpu/drm/i915/i915_debugfs.c @@ -499,7 +499,7 @@ static int i915_interrupt_info(struct seq_file *m, v= oid *data) @@ -30258,7 +29616,7 @@ index b2e3c97..58cf079 100644 for (i =3D 0; i < I915_NUM_RINGS; i++) { if (IS_GEN6(dev) || IS_GEN7(dev)) { seq_printf(m, "Graphics Interrupt mask (%s): %08x\n", -@@ -1232,7 +1232,7 @@ static int i915_opregion(struct seq_file *m, void = *unused) +@@ -1321,7 +1321,7 @@ static int i915_opregion(struct seq_file *m, void = *unused) return ret; =20 if (opregion->header) @@ -30268,10 +29626,10 @@ index b2e3c97..58cf079 100644 mutex_unlock(&dev->struct_mutex); =20 diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915= _dma.c -index c4da951..3c59c5c 100644 +index ddfe3d9..f6e6b21 100644 --- a/drivers/gpu/drm/i915/i915_dma.c +++ b/drivers/gpu/drm/i915/i915_dma.c -@@ -1172,7 +1172,7 @@ static bool i915_switcheroo_can_switch(struct pci_= dev *pdev) +@@ -1175,7 +1175,7 @@ static bool i915_switcheroo_can_switch(struct pci_= dev *pdev) bool can_switch; =20 spin_lock(&dev->count_lock); @@ -30281,10 +29639,10 @@ index c4da951..3c59c5c 100644 return can_switch; } diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915= _drv.h -index ae294a0..1755461 100644 +index 9689ca3..294f9c1 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h -@@ -229,7 +229,7 @@ struct drm_i915_display_funcs { +@@ -231,7 +231,7 @@ struct drm_i915_display_funcs { /* render clock increase/decrease */ /* display clock increase/decrease */ /* pll clock increase/decrease */ @@ -30293,7 +29651,7 @@ index ae294a0..1755461 100644 =20 struct intel_device_info { u8 gen; -@@ -318,7 +318,7 @@ typedef struct drm_i915_private { +@@ -320,7 +320,7 @@ typedef struct drm_i915_private { int current_page; int page_flipping; =20 @@ -30302,7 +29660,7 @@ index ae294a0..1755461 100644 =20 /* protects the irq masks */ spinlock_t irq_lock; -@@ -893,7 +893,7 @@ struct drm_i915_gem_object { +@@ -896,7 +896,7 @@ struct drm_i915_gem_object { * will be page flipped away on the next vblank. When it * reaches 0, dev_priv->pending_flip_queue will be woken up. */ @@ -30311,7 +29669,7 @@ index ae294a0..1755461 100644 }; =20 #define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base= ) -@@ -1273,7 +1273,7 @@ extern int intel_setup_gmbus(struct drm_device *de= v); +@@ -1276,7 +1276,7 @@ extern int intel_setup_gmbus(struct drm_device *de= v); extern void intel_teardown_gmbus(struct drm_device *dev); extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int spee= d); extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool for= ce_bit); @@ -30321,7 +29679,7 @@ index ae294a0..1755461 100644 return container_of(adapter, struct intel_gmbus, adapter)->force_bit; } diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/dr= m/i915/i915_gem_execbuffer.c -index b9da890..cad1d98 100644 +index 65e1f00..a30ef00 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -189,7 +189,7 @@ i915_gem_object_set_to_gpu_domain(struct drm_i915_ge= m_object *obj, @@ -30346,7 +29704,7 @@ index b9da890..cad1d98 100644 for (i =3D 0; i < count; i++) { char __user *ptr =3D (char __user *)(uintptr_t)exec[i].relocs_ptr; diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915= _irq.c -index d47a53b..61154c2 100644 +index 5bd4361..0241a42 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c @@ -475,7 +475,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARG= S) @@ -30376,7 +29734,7 @@ index d47a53b..61154c2 100644 =20 iir =3D I915_READ(IIR); =20 -@@ -1750,7 +1750,7 @@ static void ironlake_irq_preinstall(struct drm_dev= ice *dev) +@@ -1743,7 +1743,7 @@ static void ironlake_irq_preinstall(struct drm_dev= ice *dev) { drm_i915_private_t *dev_priv =3D (drm_i915_private_t *) dev->dev_priva= te; =20 @@ -30385,7 +29743,7 @@ index d47a53b..61154c2 100644 =20 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); -@@ -1938,7 +1938,7 @@ static void i915_driver_irq_preinstall(struct drm_= device * dev) +@@ -1932,7 +1932,7 @@ static void i915_driver_irq_preinstall(struct drm_= device * dev) drm_i915_private_t *dev_priv =3D (drm_i915_private_t *) dev->dev_priva= te; int pipe; =20 @@ -30395,10 +29753,10 @@ index d47a53b..61154c2 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915= /intel_display.c -index 9ec9755..6d1cf2d 100644 +index 397087c..9178d0d 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -2230,7 +2230,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, = int y, +@@ -2238,7 +2238,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, = int y, =20 wait_event(dev_priv->pending_flip_queue, atomic_read(&dev_priv->mm.wedged) || @@ -30407,7 +29765,7 @@ index 9ec9755..6d1cf2d 100644 =20 /* Big Hammer, we also need to ensure that any pending * MI_WAIT_FOR_EVENT inside a user batch buffer on the -@@ -2851,7 +2851,7 @@ static void intel_crtc_wait_for_pending_flips(stru= ct drm_crtc *crtc) +@@ -2859,7 +2859,7 @@ static void intel_crtc_wait_for_pending_flips(stru= ct drm_crtc *crtc) obj =3D to_intel_framebuffer(crtc->fb)->obj; dev_priv =3D crtc->dev->dev_private; wait_event(dev_priv->pending_flip_queue, @@ -30416,7 +29774,7 @@ index 9ec9755..6d1cf2d 100644 } =20 static bool intel_crtc_driving_pch(struct drm_crtc *crtc) -@@ -6952,7 +6952,7 @@ static void do_intel_finish_page_flip(struct drm_d= evice *dev, +@@ -7171,7 +7171,7 @@ static void do_intel_finish_page_flip(struct drm_d= evice *dev, =20 atomic_clear_mask(1 << intel_crtc->plane, &obj->pending_flip.counter); @@ -30425,7 +29783,7 @@ index 9ec9755..6d1cf2d 100644 wake_up(&dev_priv->pending_flip_queue); =20 schedule_work(&work->work); -@@ -7242,7 +7242,7 @@ static int intel_crtc_page_flip(struct drm_crtc *c= rtc, +@@ -7461,7 +7461,7 @@ static int intel_crtc_page_flip(struct drm_crtc *c= rtc, /* Block clients from rendering to the new back buffer until * the flip occurs and the object is no longer visible. */ @@ -30434,7 +29792,7 @@ index 9ec9755..6d1cf2d 100644 =20 ret =3D dev_priv->display.queue_flip(dev, crtc, fb, obj); if (ret) -@@ -7256,7 +7256,7 @@ static int intel_crtc_page_flip(struct drm_crtc *c= rtc, +@@ -7475,7 +7475,7 @@ static int intel_crtc_page_flip(struct drm_crtc *c= rtc, return 0; =20 cleanup_pending: @@ -30500,10 +29858,10 @@ index 2581202..f230a8d9 100644 =20 *sequence =3D cur_fence; diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/no= uveau/nouveau_bios.c -index 5fc201b..7b032b9 100644 +index e5cbead..6c354a3 100644 --- a/drivers/gpu/drm/nouveau/nouveau_bios.c +++ b/drivers/gpu/drm/nouveau/nouveau_bios.c -@@ -201,7 +201,7 @@ struct methods { +@@ -199,7 +199,7 @@ struct methods { const char desc[8]; void (*loadbios)(struct drm_device *, uint8_t *); const bool rw; @@ -30512,7 +29870,7 @@ index 5fc201b..7b032b9 100644 =20 static struct methods shadow_methods[] =3D { { "PRAMIN", load_vbios_pramin, true }, -@@ -5474,7 +5474,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, stru= ct nvbios *bios, +@@ -5290,7 +5290,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, stru= ct nvbios *bios, struct bit_table { const char id; int (* const parse_fn)(struct drm_device *, struct nvbios *, struct bi= t_entry *); @@ -30522,10 +29880,10 @@ index 5fc201b..7b032b9 100644 #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##func= id##_tbl_entry }) =20 diff --git a/drivers/gpu/drm/nouveau/nouveau_drv.h b/drivers/gpu/drm/nou= veau/nouveau_drv.h -index 4c0be3a..5757582 100644 +index b827098..c31a797 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drv.h +++ b/drivers/gpu/drm/nouveau/nouveau_drv.h -@@ -238,7 +238,7 @@ struct nouveau_channel { +@@ -242,7 +242,7 @@ struct nouveau_channel { struct list_head pending; uint32_t sequence; uint32_t sequence_ack; @@ -30534,7 +29892,7 @@ index 4c0be3a..5757582 100644 struct nouveau_vma vma; } fence; =20 -@@ -319,7 +319,7 @@ struct nouveau_exec_engine { +@@ -323,7 +323,7 @@ struct nouveau_exec_engine { u32 handle, u16 class); void (*set_tile_region)(struct drm_device *dev, int i); void (*tlb_flush)(struct drm_device *, int engine); @@ -30543,7 +29901,7 @@ index 4c0be3a..5757582 100644 =20 struct nouveau_instmem_engine { void *priv; -@@ -341,13 +341,13 @@ struct nouveau_instmem_engine { +@@ -345,13 +345,13 @@ struct nouveau_instmem_engine { struct nouveau_mc_engine { int (*init)(struct drm_device *dev); void (*takedown)(struct drm_device *dev); @@ -30559,7 +29917,7 @@ index 4c0be3a..5757582 100644 =20 struct nouveau_fb_engine { int num_tiles; -@@ -558,7 +558,7 @@ struct nouveau_vram_engine { +@@ -566,7 +566,7 @@ struct nouveau_vram_engine { void (*put)(struct drm_device *, struct nouveau_mem **); =20 bool (*flags_valid)(struct drm_device *, u32 tile_flags); @@ -30568,7 +29926,7 @@ index 4c0be3a..5757582 100644 =20 struct nouveau_engine { struct nouveau_instmem_engine instmem; -@@ -706,7 +706,7 @@ struct drm_nouveau_private { +@@ -714,7 +714,7 @@ struct drm_nouveau_private { struct drm_global_reference mem_global_ref; struct ttm_bo_global_ref bo_global_ref; struct ttm_bo_device bdev; @@ -30613,10 +29971,10 @@ index 7ce3fde..cb3ea04 100644 if (++trycnt > 100000) { NV_ERROR(dev, "%s failed and gave up.\n", __func__); diff --git a/drivers/gpu/drm/nouveau/nouveau_state.c b/drivers/gpu/drm/n= ouveau/nouveau_state.c -index d8831ab..0ba8356 100644 +index f80c5e0..936baa7 100644 --- a/drivers/gpu/drm/nouveau/nouveau_state.c +++ b/drivers/gpu/drm/nouveau/nouveau_state.c -@@ -542,7 +542,7 @@ static bool nouveau_switcheroo_can_switch(struct pci= _dev *pdev) +@@ -543,7 +543,7 @@ static bool nouveau_switcheroo_can_switch(struct pci= _dev *pdev) bool can_switch; =20 spin_lock(&dev->count_lock); @@ -30732,32 +30090,20 @@ index 5a82b6b..9e69c73 100644 =20 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { -diff --git a/drivers/gpu/drm/radeon/r600_cs.c b/drivers/gpu/drm/radeon/r= 600_cs.c -index cb1acff..8861bc5 100644 ---- a/drivers/gpu/drm/radeon/r600_cs.c -+++ b/drivers/gpu/drm/radeon/r600_cs.c -@@ -1304,6 +1304,7 @@ static int r600_check_texture_resource(struct rade= on_cs_parser *p, u32 idx, - h0 =3D G_038004_TEX_HEIGHT(word1) + 1; - d0 =3D G_038004_TEX_DEPTH(word1); - nfaces =3D 1; -+ array =3D 0; - switch (G_038000_DIM(word0)) { - case V_038000_SQ_TEX_DIM_1D: - case V_038000_SQ_TEX_DIM_2D: diff --git a/drivers/gpu/drm/radeon/radeon.h b/drivers/gpu/drm/radeon/ra= deon.h -index 8227e76..ce0b195 100644 +index 1668ec1..30ebdab 100644 --- a/drivers/gpu/drm/radeon/radeon.h +++ b/drivers/gpu/drm/radeon/radeon.h -@@ -192,7 +192,7 @@ extern int sumo_get_temp(struct radeon_device *rdev)= ; - */ - struct radeon_fence_driver { +@@ -250,7 +250,7 @@ struct radeon_fence_driver { uint32_t scratch_reg; + uint64_t gpu_addr; + volatile uint32_t *cpu_addr; - atomic_t seq; + atomic_unchecked_t seq; uint32_t last_seq; unsigned long last_jiffies; unsigned long last_timeout; -@@ -530,7 +530,7 @@ struct r600_blit_cp_primitives { +@@ -752,7 +752,7 @@ struct r600_blit_cp_primitives { int x2, int y2); void (*draw_auto)(struct radeon_device *rdev); void (*set_default_state)(struct radeon_device *rdev); @@ -30766,7 +30112,7 @@ index 8227e76..ce0b195 100644 =20 struct r600_blit { struct mutex mutex; -@@ -954,7 +954,7 @@ struct radeon_asic { +@@ -1201,7 +1201,7 @@ struct radeon_asic { void (*pre_page_flip)(struct radeon_device *rdev, int crtc); u32 (*page_flip)(struct radeon_device *rdev, int crtc, u64 crtc_base); void (*post_page_flip)(struct radeon_device *rdev, int crtc); @@ -30776,7 +30122,7 @@ index 8227e76..ce0b195 100644 /* * Asic structures diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/ra= deon/radeon_device.c -index 9231564..78b00fd 100644 +index 49f7cb7..2fcb48f 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c @@ -687,7 +687,7 @@ static bool radeon_switcheroo_can_switch(struct pci_= dev *pdev) @@ -30802,27 +30148,36 @@ index a1b59ca..86f2d44 100644 uint32_t irq_enable_reg; uint32_t r500_disp_irq_reg; diff --git a/drivers/gpu/drm/radeon/radeon_fence.c b/drivers/gpu/drm/rad= eon/radeon_fence.c -index 76ec0e9..6feb1a3 100644 +index 4bd36a3..e66fe9c 100644 --- a/drivers/gpu/drm/radeon/radeon_fence.c +++ b/drivers/gpu/drm/radeon/radeon_fence.c -@@ -78,7 +78,7 @@ int radeon_fence_emit(struct radeon_device *rdev, stru= ct radeon_fence *fence) - write_unlock_irqrestore(&rdev->fence_drv.lock, irq_flags); +@@ -70,7 +70,7 @@ int radeon_fence_emit(struct radeon_device *rdev, stru= ct radeon_fence *fence) + write_unlock_irqrestore(&rdev->fence_lock, irq_flags); return 0; } -- fence->seq =3D atomic_add_return(1, &rdev->fence_drv.seq); -+ fence->seq =3D atomic_add_return_unchecked(1, &rdev->fence_drv.seq); - if (!rdev->cp.ready) +- fence->seq =3D atomic_add_return(1, &rdev->fence_drv[fence->ring].seq)= ; ++ fence->seq =3D atomic_add_return_unchecked(1, &rdev->fence_drv[fence->= ring].seq); + if (!rdev->ring[fence->ring].ready) /* FIXME: cp is not running assume everythings is done right * away -@@ -373,7 +373,7 @@ int radeon_fence_driver_init(struct radeon_device *r= dev) - return r; - } - radeon_fence_write(rdev, 0); -- atomic_set(&rdev->fence_drv.seq, 0); -+ atomic_set_unchecked(&rdev->fence_drv.seq, 0); - INIT_LIST_HEAD(&rdev->fence_drv.created); - INIT_LIST_HEAD(&rdev->fence_drv.emited); - INIT_LIST_HEAD(&rdev->fence_drv.signaled); +@@ -405,7 +405,7 @@ int radeon_fence_driver_start_ring(struct radeon_dev= ice *rdev, int ring) + } + rdev->fence_drv[ring].cpu_addr =3D &rdev->wb.wb[index/4]; + rdev->fence_drv[ring].gpu_addr =3D rdev->wb.gpu_addr + index; +- radeon_fence_write(rdev, atomic_read(&rdev->fence_drv[ring].seq), ring= ); ++ radeon_fence_write(rdev, atomic_read_unchecked(&rdev->fence_drv[ring].= seq), ring); + rdev->fence_drv[ring].initialized =3D true; + DRM_INFO("fence driver on ring %d use gpu addr 0x%08Lx and cpu addr 0x= %p\n", + ring, rdev->fence_drv[ring].gpu_addr, rdev->fence_drv[ring].cpu_addr= ); +@@ -418,7 +418,7 @@ static void radeon_fence_driver_init_ring(struct rad= eon_device *rdev, int ring) + rdev->fence_drv[ring].scratch_reg =3D -1; + rdev->fence_drv[ring].cpu_addr =3D NULL; + rdev->fence_drv[ring].gpu_addr =3D 0; +- atomic_set(&rdev->fence_drv[ring].seq, 0); ++ atomic_set_unchecked(&rdev->fence_drv[ring].seq, 0); + INIT_LIST_HEAD(&rdev->fence_drv[ring].created); + INIT_LIST_HEAD(&rdev->fence_drv[ring].emitted); + INIT_LIST_HEAD(&rdev->fence_drv[ring].signaled); diff --git a/drivers/gpu/drm/radeon/radeon_ioc32.c b/drivers/gpu/drm/rad= eon/radeon_ioc32.c index 48b7cea..342236f 100644 --- a/drivers/gpu/drm/radeon/radeon_ioc32.c @@ -30883,10 +30238,10 @@ index e8422ae..d22d4a8 100644 DRM_DEBUG("pid=3D%d\n", DRM_CURRENTPID); =20 diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeo= n/radeon_ttm.c -index 0b5468b..9c4b308 100644 +index c421e77..e6bf2e8 100644 --- a/drivers/gpu/drm/radeon/radeon_ttm.c +++ b/drivers/gpu/drm/radeon/radeon_ttm.c -@@ -672,8 +672,10 @@ int radeon_mmap(struct file *filp, struct vm_area_s= truct *vma) +@@ -842,8 +842,10 @@ int radeon_mmap(struct file *filp, struct vm_area_s= truct *vma) } if (unlikely(ttm_vm_ops =3D=3D NULL)) { ttm_vm_ops =3D vma->vm_ops; @@ -30900,7 +30255,7 @@ index 0b5468b..9c4b308 100644 vma->vm_ops =3D &radeon_ttm_vm_ops; return 0; diff --git a/drivers/gpu/drm/radeon/rs690.c b/drivers/gpu/drm/radeon/rs6= 90.c -index a9049ed..501f284 100644 +index f68dff2..8df955c 100644 --- a/drivers/gpu/drm/radeon/rs690.c +++ b/drivers/gpu/drm/radeon/rs690.c @@ -304,9 +304,11 @@ void rs690_crtc_bandwidth_compute(struct radeon_dev= ice *rdev, @@ -30917,7 +30272,7 @@ index a9049ed..501f284 100644 if (rdev->pm.max_bandwidth.full > rdev->pm.k8_bandwidth.full && rdev->pm.k8_bandwidth.full) diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/= ttm_page_alloc.c -index 727e93d..1565650 100644 +index 499debd..66fce72 100644 --- a/drivers/gpu/drm/ttm/ttm_page_alloc.c +++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c @@ -398,9 +398,9 @@ static int ttm_pool_get_num_unused_pages(void) @@ -30933,7 +30288,7 @@ index 727e93d..1565650 100644 int shrink_pages =3D sc->nr_to_scan; =20 diff --git a/drivers/gpu/drm/via/via_drv.h b/drivers/gpu/drm/via/via_drv= .h -index 9cf87d9..2000b7d 100644 +index 88edacc..1e5412b 100644 --- a/drivers/gpu/drm/via/via_drv.h +++ b/drivers/gpu/drm/via/via_drv.h @@ -51,7 +51,7 @@ typedef struct drm_via_ring_buffer { @@ -31117,10 +30472,10 @@ index 8a8725c..afed796 100644 marker =3D list_first_entry(&queue->head, struct vmw_marker, head); diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index bb656d8..4169fca 100644 +index af08ce7..7a15038 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2012,7 +2012,7 @@ static bool hid_ignore(struct hid_device *hdev) +@@ -2020,7 +2020,7 @@ static bool hid_ignore(struct hid_device *hdev) =20 int hid_add_device(struct hid_device *hdev) { @@ -31129,7 +30484,7 @@ index bb656d8..4169fca 100644 int ret; =20 if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2027,7 +2027,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2035,7 +2035,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -31139,7 +30494,7 @@ index bb656d8..4169fca 100644 hid_debug_register(hdev, dev_name(&hdev->dev)); ret =3D device_add(&hdev->dev); diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c -index 4ef02b2..8a96831 100644 +index b1ec0e2..c295a61 100644 --- a/drivers/hid/usbhid/hiddev.c +++ b/drivers/hid/usbhid/hiddev.c @@ -624,7 +624,7 @@ static long hiddev_ioctl(struct file *file, unsigned= int cmd, unsigned long arg) @@ -31167,7 +30522,7 @@ index 4065374..10ed7dc 100644 ret =3D create_gpadl_header(kbuffer, size, &msginfo, &msgcount); if (ret) diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c -index 0fb100e..baf87e5 100644 +index 12aa97f..c0679f7 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -132,7 +132,7 @@ static u64 do_hypercall(u64 control, void *input, vo= id *output) @@ -31180,7 +30535,7 @@ index 0fb100e..baf87e5 100644 __asm__ __volatile__ ("call *%8" : "=3Dd"(hv_status_hi), "=3Da"(hv_status_lo) : "d" (control_hi), diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h -index 0aee112..b72d21f 100644 +index 6d7d286..92b0873 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h @@ -556,7 +556,7 @@ enum vmbus_connect_state { @@ -31193,7 +30548,7 @@ index 0aee112..b72d21f 100644 /* * Represents channel interrupts. Each bit position represents a diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c -index d2d0a2a..90b8f4d 100644 +index a220e57..428f54d 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -663,10 +663,10 @@ int vmbus_device_register(struct hv_device *child_= device_obj) @@ -31210,7 +30565,7 @@ index d2d0a2a..90b8f4d 100644 child_device_obj->device.bus =3D &hv_bus; child_device_obj->device.parent =3D &hv_acpi_dev->dev; diff --git a/drivers/hwmon/acpi_power_meter.c b/drivers/hwmon/acpi_power= _meter.c -index 66f6729..2d6de0a 100644 +index 554f046..f8b4729 100644 --- a/drivers/hwmon/acpi_power_meter.c +++ b/drivers/hwmon/acpi_power_meter.c @@ -316,8 +316,6 @@ static ssize_t set_trip(struct device *dev, struct d= evice_attribute *devattr, @@ -31223,7 +30578,7 @@ index 66f6729..2d6de0a 100644 mutex_lock(&resource->lock); resource->trip[attr->index - 7] =3D temp; diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c -index 5357925..6cf0418 100644 +index 91fdd1f..b66a686 100644 --- a/drivers/hwmon/sht15.c +++ b/drivers/hwmon/sht15.c @@ -166,7 +166,7 @@ struct sht15_data { @@ -31556,7 +30911,7 @@ index 8126824..55a2798 100644 } } diff --git a/drivers/ide/ide-pci-generic.c b/drivers/ide/ide-pci-generic= .c -index a743e68..1cfd674 100644 +index 7f56b73..dab5b67 100644 --- a/drivers/ide/ide-pci-generic.c +++ b/drivers/ide/ide-pci-generic.c @@ -53,7 +53,7 @@ static const struct ide_port_ops netcell_port_ops =3D = { @@ -31842,7 +31197,7 @@ index f46f49c..eb77678 100644 .init_chipset =3D init_chipset_via82cxxx, .enablebits =3D { { 0x40, 0x02, 0x02 }, { 0x40, 0x01, 0x01 } }, diff --git a/drivers/ieee802154/fakehard.c b/drivers/ieee802154/fakehard= .c -index eb0e2cc..14241c7 100644 +index 73d4531..c90cd2d 100644 --- a/drivers/ieee802154/fakehard.c +++ b/drivers/ieee802154/fakehard.c @@ -386,7 +386,7 @@ static int __devinit ieee802154fake_probe(struct pla= tform_device *pdev) @@ -31855,7 +31210,7 @@ index eb0e2cc..14241c7 100644 priv =3D netdev_priv(dev); priv->phy =3D phy; diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c -index 8b72f39..55df4c8 100644 +index c889aae..6cf5aa7 100644 --- a/drivers/infiniband/core/cm.c +++ b/drivers/infiniband/core/cm.c @@ -114,7 +114,7 @@ static char const counter_group_names[CM_COUNTER_GRO= UPS] @@ -32090,19 +31445,6 @@ index 40c8353..946b0e4 100644 } PDBG("%s stag_state 0x%0x type 0x%0x pdid 0x%0x, stag_idx 0x%x\n", __func__, stag_state, type, pdid, stag_idx); -diff --git a/drivers/infiniband/hw/ipath/ipath_fs.c b/drivers/infiniband= /hw/ipath/ipath_fs.c -index 31ae1b1..641d285 100644 ---- a/drivers/infiniband/hw/ipath/ipath_fs.c -+++ b/drivers/infiniband/hw/ipath/ipath_fs.c -@@ -126,6 +126,8 @@ static const struct file_operations atomic_counters_= ops =3D { - }; -=20 - static ssize_t flash_read(struct file *file, char __user *buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t flash_read(struct file *file, char __user *buf, - size_t count, loff_t *ppos) - { - struct ipath_devdata *dd; diff --git a/drivers/infiniband/hw/ipath/ipath_rc.c b/drivers/infiniband= /hw/ipath/ipath_rc.c index 79b3dbc..96e5fcc 100644 --- a/drivers/infiniband/hw/ipath/ipath_rc.c @@ -32158,7 +31500,7 @@ index 1f95bba..9530f87 100644 sdata, wqe->wr.wr.atomic.swap); goto send_comp; diff --git a/drivers/infiniband/hw/nes/nes.c b/drivers/infiniband/hw/nes= /nes.c -index 5965b3d..16817fb 100644 +index 7140199..da60063 100644 --- a/drivers/infiniband/hw/nes/nes.c +++ b/drivers/infiniband/hw/nes/nes.c @@ -103,7 +103,7 @@ MODULE_PARM_DESC(limit_maxrdreqsz, "Limit max read r= equest size to 256 Bytes"); @@ -32180,7 +31522,7 @@ index 5965b3d..16817fb 100644 /* Free the control structures */ =20 diff --git a/drivers/infiniband/hw/nes/nes.h b/drivers/infiniband/hw/nes= /nes.h -index 568b4f1..5ea3eff 100644 +index c438e46..ca30356 100644 --- a/drivers/infiniband/hw/nes/nes.h +++ b/drivers/infiniband/hw/nes/nes.h @@ -178,17 +178,17 @@ extern unsigned int nes_debug_level; @@ -32239,7 +31581,7 @@ index 568b4f1..5ea3eff 100644 extern u32 int_mod_timer_init; extern u32 int_mod_cq_depth_256; diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/= nes/nes_cm.c -index 0a52d72..0642f36 100644 +index a4972ab..1bcfc31 100644 --- a/drivers/infiniband/hw/nes/nes_cm.c +++ b/drivers/infiniband/hw/nes/nes_cm.c @@ -68,14 +68,14 @@ u32 cm_packets_dropped; @@ -32285,7 +31627,7 @@ index 0a52d72..0642f36 100644 =20 int nes_add_ref_cm_node(struct nes_cm_node *cm_node) { -@@ -1271,7 +1271,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm= _core *cm_core, +@@ -1274,7 +1274,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm= _core *cm_core, kfree(listener); listener =3D NULL; ret =3D 0; @@ -32348,7 +31690,7 @@ index 0a52d72..0642f36 100644 dev_kfree_skb_any(skb); } break; -@@ -2880,7 +2880,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesq= p) +@@ -2881,7 +2881,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesq= p) =20 if ((cm_id) && (cm_id->event_handler)) { if (issue_disconn) { @@ -32357,7 +31699,7 @@ index 0a52d72..0642f36 100644 cm_event.event =3D IW_CM_EVENT_DISCONNECT; cm_event.status =3D disconn_status; cm_event.local_addr =3D cm_id->local_addr; -@@ -2902,7 +2902,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesq= p) +@@ -2903,7 +2903,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesq= p) } =20 if (issue_close) { @@ -32366,7 +31708,7 @@ index 0a52d72..0642f36 100644 nes_disconnect(nesqp, 1); =20 cm_id->provider_data =3D nesqp; -@@ -3038,7 +3038,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_c= m_conn_param *conn_param) +@@ -3039,7 +3039,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_c= m_conn_param *conn_param) =20 nes_debug(NES_DBG_CM, "QP%u, cm_node=3D%p, jiffies =3D %lu listener =3D= %p\n", nesqp->hwqp.qp_id, cm_node, jiffies, cm_node->listener); @@ -32375,7 +31717,7 @@ index 0a52d72..0642f36 100644 =20 nes_debug(NES_DBG_CM, "netdev refcnt =3D %u.\n", netdev_refcnt_read(nesvnic->netdev)); -@@ -3240,7 +3240,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void = *pdata, u8 pdata_len) +@@ -3241,7 +3241,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void = *pdata, u8 pdata_len) struct nes_cm_core *cm_core; u8 *start_buff; =20 @@ -32384,7 +31726,7 @@ index 0a52d72..0642f36 100644 cm_node =3D (struct nes_cm_node *)cm_id->provider_data; loopback =3D cm_node->loopbackpartner; cm_core =3D cm_node->cm_core; -@@ -3300,7 +3300,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_= cm_conn_param *conn_param) +@@ -3301,7 +3301,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_= cm_conn_param *conn_param) ntohl(cm_id->local_addr.sin_addr.s_addr), ntohs(cm_id->local_addr.sin_port)); =20 @@ -32393,7 +31735,7 @@ index 0a52d72..0642f36 100644 nesqp->active_conn =3D 1; =20 /* cache the cm_id in the qp */ -@@ -3406,7 +3406,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int = backlog) +@@ -3407,7 +3407,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int = backlog) g_cm_core->api->stop_listener(g_cm_core, (void *)cm_node); return err; } @@ -32402,7 +31744,7 @@ index 0a52d72..0642f36 100644 } =20 cm_id->add_ref(cm_id); -@@ -3507,7 +3507,7 @@ static void cm_event_connected(struct nes_cm_event= *event) +@@ -3508,7 +3508,7 @@ static void cm_event_connected(struct nes_cm_event= *event) =20 if (nesqp->destroyed) return; @@ -32411,7 +31753,7 @@ index 0a52d72..0642f36 100644 nes_debug(NES_DBG_CM, "QP%u attempting to connect to 0x%08X:0x%04X on= " " local port 0x%04X. jiffies =3D %lu.\n", nesqp->hwqp.qp_id, -@@ -3694,7 +3694,7 @@ static void cm_event_reset(struct nes_cm_event *ev= ent) +@@ -3695,7 +3695,7 @@ static void cm_event_reset(struct nes_cm_event *ev= ent) =20 cm_id->add_ref(cm_id); ret =3D cm_id->event_handler(cm_id, &cm_event); @@ -32420,7 +31762,7 @@ index 0a52d72..0642f36 100644 cm_event.event =3D IW_CM_EVENT_CLOSE; cm_event.status =3D 0; cm_event.provider_data =3D cm_id->provider_data; -@@ -3730,7 +3730,7 @@ static void cm_event_mpa_req(struct nes_cm_event *= event) +@@ -3731,7 +3731,7 @@ static void cm_event_mpa_req(struct nes_cm_event *= event) return; cm_id =3D cm_node->cm_id; =20 @@ -32429,7 +31771,7 @@ index 0a52d72..0642f36 100644 nes_debug(NES_DBG_CM, "cm_node =3D %p - cm_id =3D %p, jiffies =3D %lu\= n", cm_node, cm_id, jiffies); =20 -@@ -3770,7 +3770,7 @@ static void cm_event_mpa_reject(struct nes_cm_even= t *event) +@@ -3771,7 +3771,7 @@ static void cm_event_mpa_reject(struct nes_cm_even= t *event) return; cm_id =3D cm_node->cm_id; =20 @@ -32439,7 +31781,7 @@ index 0a52d72..0642f36 100644 cm_node, cm_id, jiffies); =20 diff --git a/drivers/infiniband/hw/nes/nes_mgt.c b/drivers/infiniband/hw= /nes/nes_mgt.c -index b3b2a24..7bfaf1e 100644 +index 3ba7be3..c81f6ff 100644 --- a/drivers/infiniband/hw/nes/nes_mgt.c +++ b/drivers/infiniband/hw/nes/nes_mgt.c @@ -40,8 +40,8 @@ @@ -32472,7 +31814,7 @@ index b3b2a24..7bfaf1e 100644 } =20 diff --git a/drivers/infiniband/hw/nes/nes_nic.c b/drivers/infiniband/hw= /nes/nes_nic.c -index c00d2f3..8834298 100644 +index f3a3ecf..57d311d 100644 --- a/drivers/infiniband/hw/nes/nes_nic.c +++ b/drivers/infiniband/hw/nes/nes_nic.c @@ -1277,39 +1277,39 @@ static void nes_netdev_get_ethtool_stats(struct = net_device *netdev, @@ -32536,7 +31878,7 @@ index c00d2f3..8834298 100644 =20 /** diff --git a/drivers/infiniband/hw/nes/nes_verbs.c b/drivers/infiniband/= hw/nes/nes_verbs.c -index 5095bc4..41e8fff 100644 +index 0927b5c..ed67986 100644 --- a/drivers/infiniband/hw/nes/nes_verbs.c +++ b/drivers/infiniband/hw/nes/nes_verbs.c @@ -46,9 +46,9 @@ @@ -32582,19 +31924,6 @@ index b881bdc..c2e360c 100644 =20 #include "qib_common.h" #include "qib_verbs.h" -diff --git a/drivers/infiniband/hw/qib/qib_fs.c b/drivers/infiniband/hw/= qib/qib_fs.c -index df7fa25..0c854f0 100644 ---- a/drivers/infiniband/hw/qib/qib_fs.c -+++ b/drivers/infiniband/hw/qib/qib_fs.c -@@ -267,6 +267,8 @@ static const struct file_operations qsfp_ops[] =3D { - }; -=20 - static ssize_t flash_read(struct file *file, char __user *buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t flash_read(struct file *file, char __user *buf, - size_t count, loff_t *ppos) - { - struct qib_devdata *dd; diff --git a/drivers/input/gameport/gameport.c b/drivers/input/gameport/= gameport.c index c351aa4..e6967c2 100644 --- a/drivers/input/gameport/gameport.c @@ -32617,7 +31946,7 @@ index c351aa4..e6967c2 100644 gameport->dev.release =3D gameport_release_port; if (gameport->parent) diff --git a/drivers/input/input.c b/drivers/input/input.c -index da38d97..2aa0b79 100644 +index 1f78c95..3cddc6c 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c @@ -1814,7 +1814,7 @@ static void input_cleanse_bitmasks(struct input_de= v *dev) @@ -32651,7 +31980,7 @@ index b8d8611..7a4a04b 100644 #include #include diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad= .c -index d728875..844c89b 100644 +index fd7a0d5..a4af10c 100644 --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c @@ -710,7 +710,7 @@ static void xpad_led_set(struct led_classdev *led_cd= ev, @@ -32921,19 +32250,6 @@ index a3bd163..8956575 100644 =20 typedef struct _diva_os_xdi_adapter { struct list_head link; -diff --git a/drivers/isdn/i4l/isdn_net.c b/drivers/isdn/i4l/isdn_net.c -index 2339d73..802ab87a 100644 ---- a/drivers/isdn/i4l/isdn_net.c -+++ b/drivers/isdn/i4l/isdn_net.c -@@ -1901,7 +1901,7 @@ static int isdn_net_header(struct sk_buff *skb, st= ruct net_device *dev, - { - isdn_net_local *lp =3D netdev_priv(dev); - unsigned char *p; -- ushort len =3D 0; -+ int len =3D 0; -=20 - switch (lp->p_encap) { - case ISDN_NET_ENCAP_ETHER: diff --git a/drivers/isdn/icn/icn.c b/drivers/isdn/icn/icn.c index 1f355bb..43f1fea 100644 --- a/drivers/isdn/icn/icn.c @@ -32978,20 +32294,8 @@ index b5fdcb7..5b6c59f 100644 end_switcher_text - start_switcher_text); =20 printk(KERN_INFO "lguest: mapped switcher at %p\n", -diff --git a/drivers/lguest/lguest_user.c b/drivers/lguest/lguest_user.c -index ff4a0bc..f5fdd9c 100644 ---- a/drivers/lguest/lguest_user.c -+++ b/drivers/lguest/lguest_user.c -@@ -198,6 +198,7 @@ static int user_send_irq(struct lg_cpu *cpu, const u= nsigned long __user *input) - * Once our Guest is initialized, the Launcher makes it run by reading - * from /dev/lguest. - */ -+static ssize_t read(struct file *file, char __user *user, size_t size,l= off_t*o) __size_overflow(3); - static ssize_t read(struct file *file, char __user *user, size_t size,l= off_t*o) - { - struct lguest *lg =3D file->private_data; diff --git a/drivers/lguest/x86/core.c b/drivers/lguest/x86/core.c -index 65af42f..530c87a 100644 +index 3980903..ce25c5e 100644 --- a/drivers/lguest/x86/core.c +++ b/drivers/lguest/x86/core.c @@ -59,7 +59,7 @@ static struct { @@ -33242,7 +32546,7 @@ index 3d80cf0..b77cc47 100644 schedule_work(&sc->trigger_event); } diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c -index 8e91321..fd17aef 100644 +index 63cc542..8d45caf3 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -391,7 +391,7 @@ static int device_area_is_invalid(struct dm_target *= ti, struct dm_dev *dev, @@ -33277,10 +32581,10 @@ index 237571a..fb6d19b 100644 pmd->bl_info.value_type.inc =3D data_block_inc; pmd->bl_info.value_type.dec =3D data_block_dec; diff --git a/drivers/md/dm.c b/drivers/md/dm.c -index 4720f68..78d1df7 100644 +index b89c548..2af3ce4 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c -@@ -177,9 +177,9 @@ struct mapped_device { +@@ -176,9 +176,9 @@ struct mapped_device { /* * Event handling. */ @@ -33292,7 +32596,7 @@ index 4720f68..78d1df7 100644 struct list_head uevent_list; spinlock_t uevent_lock; /* Protect access to uevent_list */ =20 -@@ -1845,8 +1845,8 @@ static struct mapped_device *alloc_dev(int minor) +@@ -1844,8 +1844,8 @@ static struct mapped_device *alloc_dev(int minor) rwlock_init(&md->map_lock); atomic_set(&md->holders, 1); atomic_set(&md->open_count, 0); @@ -33303,7 +32607,7 @@ index 4720f68..78d1df7 100644 INIT_LIST_HEAD(&md->uevent_list); spin_lock_init(&md->uevent_lock); =20 -@@ -1980,7 +1980,7 @@ static void event_callback(void *context) +@@ -1979,7 +1979,7 @@ static void event_callback(void *context) =20 dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj); =20 @@ -33312,7 +32616,7 @@ index 4720f68..78d1df7 100644 wake_up(&md->eventq); } =20 -@@ -2622,18 +2622,18 @@ int dm_kobject_uevent(struct mapped_device *md, = enum kobject_action action, +@@ -2621,18 +2621,18 @@ int dm_kobject_uevent(struct mapped_device *md, = enum kobject_action action, =20 uint32_t dm_next_uevent_seq(struct mapped_device *md) { @@ -33335,10 +32639,10 @@ index 4720f68..78d1df7 100644 =20 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index f47f1f8..b7f559e 100644 +index ce88755..4d8686d 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c -@@ -278,10 +278,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); +@@ -277,10 +277,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); * start build, activate spare */ static DECLARE_WAIT_QUEUE_HEAD(md_event_waiters); @@ -33351,7 +32655,7 @@ index f47f1f8..b7f559e 100644 wake_up(&md_event_waiters); } EXPORT_SYMBOL_GPL(md_new_event); -@@ -291,7 +291,7 @@ EXPORT_SYMBOL_GPL(md_new_event); +@@ -290,7 +290,7 @@ EXPORT_SYMBOL_GPL(md_new_event); */ static void md_new_event_inintr(struct mddev *mddev) { @@ -33360,7 +32664,7 @@ index f47f1f8..b7f559e 100644 wake_up(&md_event_waiters); } =20 -@@ -1525,7 +1525,7 @@ static int super_1_load(struct md_rdev *rdev, stru= ct md_rdev *refdev, int minor_ +@@ -1524,7 +1524,7 @@ static int super_1_load(struct md_rdev *rdev, stru= ct md_rdev *refdev, int minor_ =20 rdev->preferred_minor =3D 0xffff; rdev->data_offset =3D le64_to_cpu(sb->data_offset); @@ -33369,7 +32673,7 @@ index f47f1f8..b7f559e 100644 =20 rdev->sb_size =3D le32_to_cpu(sb->max_dev) * 2 + 256; bmask =3D queue_logical_block_size(rdev->bdev->bd_disk->queue)-1; -@@ -1742,7 +1742,7 @@ static void super_1_sync(struct mddev *mddev, stru= ct md_rdev *rdev) +@@ -1743,7 +1743,7 @@ static void super_1_sync(struct mddev *mddev, stru= ct md_rdev *rdev) else sb->resync_offset =3D cpu_to_le64(0); =20 @@ -33378,7 +32682,7 @@ index f47f1f8..b7f559e 100644 =20 sb->raid_disks =3D cpu_to_le32(mddev->raid_disks); sb->size =3D cpu_to_le64(mddev->dev_sectors); -@@ -2639,7 +2639,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_s= tore); +@@ -2688,7 +2688,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_s= tore); static ssize_t errors_show(struct md_rdev *rdev, char *page) { @@ -33387,7 +32691,7 @@ index f47f1f8..b7f559e 100644 } =20 static ssize_t -@@ -2648,7 +2648,7 @@ errors_store(struct md_rdev *rdev, const char *buf= , size_t len) +@@ -2697,7 +2697,7 @@ errors_store(struct md_rdev *rdev, const char *buf= , size_t len) char *e; unsigned long n =3D simple_strtoul(buf, &e, 10); if (*buf && (*e =3D=3D 0 || *e =3D=3D '\n')) { @@ -33396,7 +32700,7 @@ index f47f1f8..b7f559e 100644 return len; } return -EINVAL; -@@ -3039,8 +3039,8 @@ int md_rdev_init(struct md_rdev *rdev) +@@ -3083,8 +3083,8 @@ int md_rdev_init(struct md_rdev *rdev) rdev->sb_loaded =3D 0; rdev->bb_page =3D NULL; atomic_set(&rdev->nr_pending, 0); @@ -33407,7 +32711,7 @@ index f47f1f8..b7f559e 100644 =20 INIT_LIST_HEAD(&rdev->same_set); init_waitqueue_head(&rdev->blocked_wait); -@@ -6683,7 +6683,7 @@ static int md_seq_show(struct seq_file *seq, void = *v) +@@ -6735,7 +6735,7 @@ static int md_seq_show(struct seq_file *seq, void = *v) =20 spin_unlock(&pers_lock); seq_printf(seq, "\n"); @@ -33416,7 +32720,7 @@ index f47f1f8..b7f559e 100644 return 0; } if (v =3D=3D (void*)2) { -@@ -6772,7 +6772,7 @@ static int md_seq_show(struct seq_file *seq, void = *v) +@@ -6827,7 +6827,7 @@ static int md_seq_show(struct seq_file *seq, void = *v) chunk_kb ? "KB" : "B"); if (bitmap->file) { seq_printf(seq, ", file: "); @@ -33425,7 +32729,7 @@ index f47f1f8..b7f559e 100644 } =20 seq_printf(seq, "\n"); -@@ -6803,7 +6803,7 @@ static int md_seq_open(struct inode *inode, struct= file *file) +@@ -6858,7 +6858,7 @@ static int md_seq_open(struct inode *inode, struct= file *file) return error; =20 seq =3D file->private_data; @@ -33434,7 +32738,7 @@ index f47f1f8..b7f559e 100644 return error; } =20 -@@ -6817,7 +6817,7 @@ static unsigned int mdstat_poll(struct file *filp,= poll_table *wait) +@@ -6872,7 +6872,7 @@ static unsigned int mdstat_poll(struct file *filp,= poll_table *wait) /* always allow read */ mask =3D POLLIN | POLLRDNORM; =20 @@ -33443,7 +32747,7 @@ index f47f1f8..b7f559e 100644 mask |=3D POLLERR | POLLPRI; return mask; } -@@ -6861,7 +6861,7 @@ static int is_mddev_idle(struct mddev *mddev, int = init) +@@ -6916,7 +6916,7 @@ static int is_mddev_idle(struct mddev *mddev, int = init) struct gendisk *disk =3D rdev->bdev->bd_contains->bd_disk; curr_events =3D (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - @@ -33453,10 +32757,10 @@ index f47f1f8..b7f559e 100644 * as sync_io is counted when a request starts, and * disk_stats is counted when it completes. diff --git a/drivers/md/md.h b/drivers/md/md.h -index cf742d9..7c7c745 100644 +index 44c63df..b795d1a 100644 --- a/drivers/md/md.h +++ b/drivers/md/md.h -@@ -120,13 +120,13 @@ struct md_rdev { +@@ -93,13 +93,13 @@ struct md_rdev { * only maintained for arrays that * support hot removal */ @@ -33472,7 +32776,7 @@ index cf742d9..7c7c745 100644 * for reporting to userspace and storing * in superblock. */ -@@ -410,7 +410,7 @@ static inline void rdev_dec_pending(struct md_rdev *= rdev, struct mddev *mddev) +@@ -421,7 +421,7 @@ static inline void rdev_dec_pending(struct md_rdev *= rdev, struct mddev *mddev) =20 static inline void md_sync_acct(struct block_device *bdev, unsigned lon= g nr_sectors) { @@ -33533,10 +32837,10 @@ index 1cbfc6b..56e1dbb 100644 /*----------------------------------------------------------------*/ =20 diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 7d9e071..015b1d5 100644 +index a0b225e..a9be913 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c -@@ -1568,7 +1568,7 @@ static int fix_sync_read_error(struct r1bio *r1_bi= o) +@@ -1632,7 +1632,7 @@ static int fix_sync_read_error(struct r1bio *r1_bi= o) if (r1_sync_page_io(rdev, sect, s, bio->bi_io_vec[idx].bv_page, READ) !=3D 0) @@ -33545,7 +32849,7 @@ index 7d9e071..015b1d5 100644 } sectors -=3D s; sect +=3D s; -@@ -1781,7 +1781,7 @@ static void fix_read_error(struct r1conf *conf, in= t read_disk, +@@ -1845,7 +1845,7 @@ static void fix_read_error(struct r1conf *conf, in= t read_disk, test_bit(In_sync, &rdev->flags)) { if (r1_sync_page_io(rdev, sect, s, conf->tmppage, READ)) { @@ -33555,10 +32859,10 @@ index 7d9e071..015b1d5 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index 685ddf3..955b087 100644 +index 58c44d6..f090bad 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c -@@ -1440,7 +1440,7 @@ static void end_sync_read(struct bio *bio, int err= or) +@@ -1623,7 +1623,7 @@ static void end_sync_read(struct bio *bio, int err= or) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc */ @@ -33567,7 +32871,7 @@ index 685ddf3..955b087 100644 &conf->mirrors[d].rdev->corrected_errors); =20 /* for reconstruct, we always reschedule after a read. -@@ -1740,7 +1740,7 @@ static void check_decay_read_errors(struct mddev *= mddev, struct md_rdev *rdev) +@@ -1974,7 +1974,7 @@ static void check_decay_read_errors(struct mddev *= mddev, struct md_rdev *rdev) { struct timespec cur_time_mon; unsigned long hours_since_last; @@ -33576,7 +32880,7 @@ index 685ddf3..955b087 100644 =20 ktime_get_ts(&cur_time_mon); =20 -@@ -1762,9 +1762,9 @@ static void check_decay_read_errors(struct mddev *= mddev, struct md_rdev *rdev) +@@ -1996,9 +1996,9 @@ static void check_decay_read_errors(struct mddev *= mddev, struct md_rdev *rdev) * overflowing the shift of read_errors by hours_since_last. */ if (hours_since_last >=3D 8 * sizeof(read_errors)) @@ -33588,7 +32892,7 @@ index 685ddf3..955b087 100644 } =20 static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, -@@ -1814,8 +1814,8 @@ static void fix_read_error(struct r10conf *conf, s= truct mddev *mddev, struct r10 +@@ -2052,8 +2052,8 @@ static void fix_read_error(struct r10conf *conf, s= truct mddev *mddev, struct r10 return; =20 check_decay_read_errors(mddev, rdev); @@ -33599,7 +32903,7 @@ index 685ddf3..955b087 100644 char b[BDEVNAME_SIZE]; bdevname(rdev->bdev, b); =20 -@@ -1823,7 +1823,7 @@ static void fix_read_error(struct r10conf *conf, s= truct mddev *mddev, struct r10 +@@ -2061,7 +2061,7 @@ static void fix_read_error(struct r10conf *conf, s= truct mddev *mddev, struct r10 "md/raid10:%s: %s: Raid device exceeded " "read_error threshold [cur %d:max %d]\n", mdname(mddev), b, @@ -33608,7 +32912,7 @@ index 685ddf3..955b087 100644 printk(KERN_NOTICE "md/raid10:%s: %s: Failing raid device\n", mdname(mddev), b); -@@ -1968,7 +1968,7 @@ static void fix_read_error(struct r10conf *conf, s= truct mddev *mddev, struct r10 +@@ -2210,7 +2210,7 @@ static void fix_read_error(struct r10conf *conf, s= truct mddev *mddev, struct r10 (unsigned long long)( sect + rdev->data_offset), bdevname(rdev->bdev, b)); @@ -33618,10 +32922,10 @@ index 685ddf3..955b087 100644 =20 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 858fdbb..b2dac95 100644 +index 360f2b9..08b5382 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c -@@ -1610,19 +1610,19 @@ static void raid5_end_read_request(struct bio * = bi, int error) +@@ -1687,18 +1687,18 @@ static void raid5_end_read_request(struct bio * = bi, int error) (unsigned long long)(sh->sector + rdev->data_offset), bdevname(rdev->bdev, b)); @@ -33630,22 +32934,21 @@ index 858fdbb..b2dac95 100644 clear_bit(R5_ReadError, &sh->dev[i].flags); clear_bit(R5_ReWrite, &sh->dev[i].flags); } -- if (atomic_read(&conf->disks[i].rdev->read_errors)) -- atomic_set(&conf->disks[i].rdev->read_errors, 0); -+ if (atomic_read_unchecked(&conf->disks[i].rdev->read_errors)) -+ atomic_set_unchecked(&conf->disks[i].rdev->read_errors, 0); +- if (atomic_read(&rdev->read_errors)) +- atomic_set(&rdev->read_errors, 0); ++ if (atomic_read_unchecked(&rdev->read_errors)) ++ atomic_set_unchecked(&rdev->read_errors, 0); } else { - const char *bdn =3D bdevname(conf->disks[i].rdev->bdev, b); + const char *bdn =3D bdevname(rdev->bdev, b); int retry =3D 0; - rdev =3D conf->disks[i].rdev; =20 clear_bit(R5_UPTODATE, &sh->dev[i].flags); - atomic_inc(&rdev->read_errors); + atomic_inc_unchecked(&rdev->read_errors); - if (conf->mddev->degraded >=3D conf->max_degraded) + if (test_bit(R5_ReadRepl, &sh->dev[i].flags)) printk_ratelimited( KERN_WARNING -@@ -1642,7 +1642,7 @@ static void raid5_end_read_request(struct bio * bi= , int error) +@@ -1727,7 +1727,7 @@ static void raid5_end_read_request(struct bio * bi= , int error) (unsigned long long)(sh->sector + rdev->data_offset), bdn); @@ -33655,7 +32958,7 @@ index 858fdbb..b2dac95 100644 printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", diff --git a/drivers/media/dvb/ddbridge/ddbridge-core.c b/drivers/media/= dvb/ddbridge/ddbridge-core.c -index ba9a643..e474ab5 100644 +index ce4f858..7bcfb46 100644 --- a/drivers/media/dvb/ddbridge/ddbridge-core.c +++ b/drivers/media/dvb/ddbridge/ddbridge-core.c @@ -1678,7 +1678,7 @@ static struct ddb_info ddb_v6 =3D { @@ -33681,7 +32984,7 @@ index a7d876f..8c21b61 100644 struct dvb_demux *demux; void *priv; diff --git a/drivers/media/dvb/dvb-core/dvbdev.c b/drivers/media/dvb/dvb= -core/dvbdev.c -index f732877..d38c35a 100644 +index 00a6732..70a682e 100644 --- a/drivers/media/dvb/dvb-core/dvbdev.c +++ b/drivers/media/dvb/dvb-core/dvbdev.c @@ -192,7 +192,7 @@ int dvb_register_device(struct dvb_adapter *adap, st= ruct dvb_device **pdvbdev, @@ -33694,20 +32997,20 @@ index f732877..d38c35a 100644 int minor; int id; diff --git a/drivers/media/dvb/dvb-usb/cxusb.c b/drivers/media/dvb/dvb-u= sb/cxusb.c -index 9f2a02c..5920f88 100644 +index 3940bb0..fb3952a 100644 --- a/drivers/media/dvb/dvb-usb/cxusb.c +++ b/drivers/media/dvb/dvb-usb/cxusb.c -@@ -1069,7 +1069,7 @@ static struct dib0070_config dib7070p_dib0070_conf= ig =3D { +@@ -1068,7 +1068,7 @@ static struct dib0070_config dib7070p_dib0070_conf= ig =3D { +=20 struct dib0700_adapter_state { - int (*set_param_save) (struct dvb_frontend *, - struct dvb_frontend_parameters *); + int (*set_param_save) (struct dvb_frontend *); -}; +} __no_const; =20 - static int dib7070_set_param_override(struct dvb_frontend *fe, - struct dvb_frontend_parameters *fep) + static int dib7070_set_param_override(struct dvb_frontend *fe) + { diff --git a/drivers/media/dvb/dvb-usb/dw2102.c b/drivers/media/dvb/dvb-= usb/dw2102.c -index f103ec1..5e8968b 100644 +index 451c5a7..649f711 100644 --- a/drivers/media/dvb/dvb-usb/dw2102.c +++ b/drivers/media/dvb/dvb-usb/dw2102.c @@ -95,7 +95,7 @@ struct su3000_state { @@ -33732,21 +33035,8 @@ index 404f63a..4796533 100644 =20 #if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODU= LE) && defined(MODULE)) extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_confi= g* config, -diff --git a/drivers/media/dvb/frontends/ds3000.c b/drivers/media/dvb/fr= ontends/ds3000.c -index 90bf573..e8463da 100644 ---- a/drivers/media/dvb/frontends/ds3000.c -+++ b/drivers/media/dvb/frontends/ds3000.c -@@ -1210,7 +1210,7 @@ static int ds3000_set_frontend(struct dvb_frontend= *fe, -=20 - for (i =3D 0; i < 30 ; i++) { - ds3000_read_status(fe, &status); -- if (status && FE_HAS_LOCK) -+ if (status & FE_HAS_LOCK) - break; -=20 - msleep(10); diff --git a/drivers/media/dvb/ngene/ngene-cards.c b/drivers/media/dvb/n= gene/ngene-cards.c -index 0564192..75b16f5 100644 +index 8418c02..8555013 100644 --- a/drivers/media/dvb/ngene/ngene-cards.c +++ b/drivers/media/dvb/ngene/ngene-cards.c @@ -477,7 +477,7 @@ static struct ngene_info ngene_info_m780 =3D { @@ -33771,19 +33061,6 @@ index 16a089f..ab1667d 100644 mutex_lock(&dev->lock); if (dev->rdsstat =3D=3D 0) { dev->rdsstat =3D 1; -diff --git a/drivers/media/rc/redrat3.c b/drivers/media/rc/redrat3.c -index 61287fc..8b08712 100644 ---- a/drivers/media/rc/redrat3.c -+++ b/drivers/media/rc/redrat3.c -@@ -905,7 +905,7 @@ static int redrat3_set_tx_carrier(struct rc_dev *dev= , u32 carrier) - return carrier; - } -=20 --static int redrat3_transmit_ir(struct rc_dev *rcdev, int *txbuf, u32 n) -+static int redrat3_transmit_ir(struct rc_dev *rcdev, unsigned *txbuf, u= 32 n) - { - struct redrat3_dev *rr3 =3D rcdev->priv; - struct device *dev =3D rr3->dev; diff --git a/drivers/media/video/au0828/au0828.h b/drivers/media/video/a= u0828/au0828.h index 9cde353..8c6a1c3 100644 --- a/drivers/media/video/au0828/au0828.h @@ -33798,7 +33075,7 @@ index 9cde353..8c6a1c3 100644 u32 i2c_rc; =20 diff --git a/drivers/media/video/cx88/cx88-alsa.c b/drivers/media/video/= cx88/cx88-alsa.c -index 68d1240..46b32eb 100644 +index 04bf662..e0ac026 100644 --- a/drivers/media/video/cx88/cx88-alsa.c +++ b/drivers/media/video/cx88/cx88-alsa.c @@ -766,7 +766,7 @@ static struct snd_kcontrol_new snd_cx88_alc_switch =3D= { @@ -33811,7 +33088,7 @@ index 68d1240..46b32eb 100644 {0x14f1,0x8811,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, {0, } diff --git a/drivers/media/video/omap/omap_vout.c b/drivers/media/video/= omap/omap_vout.c -index ee0d0b3..63f6b78 100644 +index 1fb7d5b..3901e77 100644 --- a/drivers/media/video/omap/omap_vout.c +++ b/drivers/media/video/omap/omap_vout.c @@ -64,7 +64,6 @@ enum omap_vout_channels { @@ -33822,7 +33099,7 @@ index ee0d0b3..63f6b78 100644 /* Variables configurable through module params*/ static u32 video1_numbuffers =3D 3; static u32 video2_numbuffers =3D 3; -@@ -999,6 +998,12 @@ static int omap_vout_open(struct file *file) +@@ -1000,6 +999,12 @@ static int omap_vout_open(struct file *file) { struct videobuf_queue *q; struct omap_vout_device *vout =3D NULL; @@ -33835,7 +33112,7 @@ index ee0d0b3..63f6b78 100644 =20 vout =3D video_drvdata(file); v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__= ); -@@ -1016,10 +1021,6 @@ static int omap_vout_open(struct file *file) +@@ -1017,10 +1022,6 @@ static int omap_vout_open(struct file *file) vout->type =3D V4L2_BUF_TYPE_VIDEO_OUTPUT; =20 q =3D &vout->vbq; @@ -33859,34 +33136,8 @@ index 305e6aa..0143317 100644 pvr2_i2c_func i2c_func[PVR2_I2C_FUNC_CNT]; int i2c_cx25840_hack_state; int i2c_linked; -diff --git a/drivers/media/video/saa7164/saa7164-encoder.c b/drivers/med= ia/video/saa7164/saa7164-encoder.c -index 2fd38a0..ddec3c4 100644 ---- a/drivers/media/video/saa7164/saa7164-encoder.c -+++ b/drivers/media/video/saa7164/saa7164-encoder.c -@@ -1136,6 +1136,8 @@ struct saa7164_user_buffer *saa7164_enc_next_buf(s= truct saa7164_port *port) - } -=20 - static ssize_t fops_read(struct file *file, char __user *buffer, -+ size_t count, loff_t *pos) __size_overflow(3); -+static ssize_t fops_read(struct file *file, char __user *buffer, - size_t count, loff_t *pos) - { - struct saa7164_encoder_fh *fh =3D file->private_data; -diff --git a/drivers/media/video/saa7164/saa7164-vbi.c b/drivers/media/v= ideo/saa7164/saa7164-vbi.c -index e2e0341..b80056c 100644 ---- a/drivers/media/video/saa7164/saa7164-vbi.c -+++ b/drivers/media/video/saa7164/saa7164-vbi.c -@@ -1081,6 +1081,8 @@ struct saa7164_user_buffer *saa7164_vbi_next_buf(s= truct saa7164_port *port) - } -=20 - static ssize_t fops_read(struct file *file, char __user *buffer, -+ size_t count, loff_t *pos) __size_overflow(3); -+static ssize_t fops_read(struct file *file, char __user *buffer, - size_t count, loff_t *pos) - { - struct saa7164_vbi_fh *fh =3D file->private_data; diff --git a/drivers/media/video/timblogiw.c b/drivers/media/video/timbl= ogiw.c -index a0895bf..b7ebb1b 100644 +index 4ed1c7c2..8f15e13 100644 --- a/drivers/media/video/timblogiw.c +++ b/drivers/media/video/timblogiw.c @@ -745,7 +745,7 @@ static int timblogiw_mmap(struct file *file, struct = vm_area_struct *vma) @@ -33908,10 +33159,10 @@ index a0895bf..b7ebb1b 100644 .open =3D timblogiw_open, .release =3D timblogiw_close, diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/m= ptbase.c -index e9c6a60..daf6a33 100644 +index a7dc467..a55c423 100644 --- a/drivers/message/fusion/mptbase.c +++ b/drivers/message/fusion/mptbase.c -@@ -6753,8 +6753,13 @@ static int mpt_iocinfo_proc_show(struct seq_file = *m, void *v) +@@ -6754,8 +6754,13 @@ static int mpt_iocinfo_proc_show(struct seq_file = *m, void *v) seq_printf(m, " MaxChainDepth =3D 0x%02x frames\n", ioc->facts.MaxCha= inDepth); seq_printf(m, " MinBlockSize =3D 0x%02x bytes\n", 4*ioc->facts.BlockS= ize); =20 @@ -33926,7 +33177,7 @@ index e9c6a60..daf6a33 100644 * Rounding UP to nearest 4-kB boundary here... */ diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mp= tsas.c -index 9d95042..b808101 100644 +index 551262e..7551198 100644 --- a/drivers/message/fusion/mptsas.c +++ b/drivers/message/fusion/mptsas.c @@ -446,6 +446,23 @@ mptsas_is_end_device(struct mptsas_devinfo * attach= ed) @@ -34007,7 +33258,7 @@ index 0c3ced7..1fe34ec 100644 return h->info_kbuf; } diff --git a/drivers/message/i2o/i2o_proc.c b/drivers/message/i2o/i2o_pr= oc.c -index 07dbeaf..5533142 100644 +index 6d115c7..58ff7fd 100644 --- a/drivers/message/i2o/i2o_proc.c +++ b/drivers/message/i2o/i2o_proc.c @@ -255,13 +255,6 @@ static char *scsi_devices[] =3D { @@ -34137,7 +33388,7 @@ index 7ce65f4..e66e9bc 100644 }; =20 diff --git a/drivers/mfd/janz-cmodio.c b/drivers/mfd/janz-cmodio.c -index 5c2a06a..8fa077c 100644 +index a9223ed..4127b13 100644 --- a/drivers/mfd/janz-cmodio.c +++ b/drivers/mfd/janz-cmodio.c @@ -13,6 +13,7 @@ @@ -34149,10 +33400,10 @@ index 5c2a06a..8fa077c 100644 #include #include diff --git a/drivers/misc/lis3lv02d/lis3lv02d.c b/drivers/misc/lis3lv02d= /lis3lv02d.c -index 29d12a7..f900ba4 100644 +index a981e2a..5ca0c8b 100644 --- a/drivers/misc/lis3lv02d/lis3lv02d.c +++ b/drivers/misc/lis3lv02d/lis3lv02d.c -@@ -464,7 +464,7 @@ static irqreturn_t lis302dl_interrupt(int irq, void = *data) +@@ -466,7 +466,7 @@ static irqreturn_t lis302dl_interrupt(int irq, void = *data) * the lid is closed. This leads to interrupts as soon as a little mov= e * is done. */ @@ -34161,7 +33412,7 @@ index 29d12a7..f900ba4 100644 =20 wake_up_interruptible(&lis3->misc_wait); kill_fasync(&lis3->async_queue, SIGIO, POLL_IN); -@@ -550,7 +550,7 @@ static int lis3lv02d_misc_open(struct inode *inode, = struct file *file) +@@ -552,7 +552,7 @@ static int lis3lv02d_misc_open(struct inode *inode, = struct file *file) if (lis3->pm_dev) pm_runtime_get_sync(lis3->pm_dev); =20 @@ -34170,7 +33421,7 @@ index 29d12a7..f900ba4 100644 return 0; } =20 -@@ -583,7 +583,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file= , char __user *buf, +@@ -585,7 +585,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file= , char __user *buf, add_wait_queue(&lis3->misc_wait, &wait); while (true) { set_current_state(TASK_INTERRUPTIBLE); @@ -34179,7 +33430,7 @@ index 29d12a7..f900ba4 100644 if (data) break; =20 -@@ -624,7 +624,7 @@ static unsigned int lis3lv02d_misc_poll(struct file = *file, poll_table *wait) +@@ -626,7 +626,7 @@ static unsigned int lis3lv02d_misc_poll(struct file = *file, poll_table *wait) struct lis3lv02d, miscdev); =20 poll_wait(file, &lis3->misc_wait, wait); @@ -34217,7 +33468,7 @@ index 2f30bad..c4c13d0 100644 mcs_op_statistics[op].max =3D nsec; } diff --git a/drivers/misc/sgi-gru/gruprocfs.c b/drivers/misc/sgi-gru/gru= procfs.c -index 7768b87..f8aac38 100644 +index 950dbe9..eeef0f8 100644 --- a/drivers/misc/sgi-gru/gruprocfs.c +++ b/drivers/misc/sgi-gru/gruprocfs.c @@ -32,9 +32,9 @@ @@ -34472,10 +33723,10 @@ index 8d082b4..aa749ae 100644 /* * Timer function to enforce the timelimit on the partition disengage. diff --git a/drivers/mmc/host/sdhci-pci.c b/drivers/mmc/host/sdhci-pci.c -index 6878a94..fe5c5f1 100644 +index 6ebdc40..9edf5d8 100644 --- a/drivers/mmc/host/sdhci-pci.c +++ b/drivers/mmc/host/sdhci-pci.c -@@ -673,7 +673,7 @@ static const struct sdhci_pci_fixes sdhci_via =3D { +@@ -631,7 +631,7 @@ static const struct sdhci_pci_fixes sdhci_via =3D { .probe =3D via_probe, }; =20 @@ -34485,10 +33736,10 @@ index 6878a94..fe5c5f1 100644 .vendor =3D PCI_VENDOR_ID_RICOH, .device =3D PCI_DEVICE_ID_RICOH_R5C822, diff --git a/drivers/mtd/devices/doc2000.c b/drivers/mtd/devices/doc2000= .c -index e9fad91..0a7a16a 100644 +index b1cdf64..ce6e438 100644 --- a/drivers/mtd/devices/doc2000.c +++ b/drivers/mtd/devices/doc2000.c -@@ -773,7 +773,7 @@ static int doc_write(struct mtd_info *mtd, loff_t to= , size_t len, +@@ -764,7 +764,7 @@ static int doc_write(struct mtd_info *mtd, loff_t to= , size_t len, =20 /* The ECC will not be calculated correctly if less than 512 is writt= en */ /* DBB- @@ -34498,10 +33749,10 @@ index e9fad91..0a7a16a 100644 "ECC needs a full sector write (adr: %lx size %lx)\n", (long) to, (long) len); diff --git a/drivers/mtd/devices/doc2001.c b/drivers/mtd/devices/doc2001= .c -index a3f7a27..234016e 100644 +index 7543b98..7069947 100644 --- a/drivers/mtd/devices/doc2001.c +++ b/drivers/mtd/devices/doc2001.c -@@ -392,7 +392,7 @@ static int doc_read (struct mtd_info *mtd, loff_t fr= om, size_t len, +@@ -384,7 +384,7 @@ static int doc_read (struct mtd_info *mtd, loff_t fr= om, size_t len, struct Nand *mychip =3D &this->chips[from >> (this->chipshift)]; =20 /* Don't allow read past end of device */ @@ -34523,7 +33774,7 @@ index 3984d48..28aa897 100644 #include "denali.h" =20 diff --git a/drivers/mtd/nftlmount.c b/drivers/mtd/nftlmount.c -index ac40925..483b753 100644 +index 51b9d6a..52af9a7 100644 --- a/drivers/mtd/nftlmount.c +++ b/drivers/mtd/nftlmount.c @@ -24,6 +24,7 @@ @@ -34535,7 +33786,7 @@ index ac40925..483b753 100644 #include #include diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c -index 6c3fb5a..5b2eeb0 100644 +index 115749f..3021f01 100644 --- a/drivers/mtd/ubi/build.c +++ b/drivers/mtd/ubi/build.c @@ -1311,7 +1311,7 @@ module_exit(ubi_exit); @@ -34567,7 +33818,7 @@ index 6c3fb5a..5b2eeb0 100644 } =20 - return result; -+ if (result*scale >=3D INT_MAX) { ++ if ((intoverflow_t)result*scale >=3D INT_MAX) { + printk(KERN_ERR "UBI error: incorrect bytes count: \"%s\"\n", + str); + return -EINVAL; @@ -34577,24 +33828,11 @@ index 6c3fb5a..5b2eeb0 100644 } =20 /** -diff --git a/drivers/mtd/ubi/debug.c b/drivers/mtd/ubi/debug.c -index ab80c0d..aec8580 100644 ---- a/drivers/mtd/ubi/debug.c -+++ b/drivers/mtd/ubi/debug.c -@@ -338,6 +338,8 @@ out: -=20 - /* Write an UBI debugfs file */ - static ssize_t dfs_file_write(struct file *file, const char __user *use= r_buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t dfs_file_write(struct file *file, const char __user *use= r_buf, - size_t count, loff_t *ppos) - { - unsigned long ubi_num =3D (unsigned long)file->private_data; diff --git a/drivers/net/ethernet/atheros/atlx/atl2.c b/drivers/net/ethe= rnet/atheros/atlx/atl2.c -index 1feae59..c2a61d2 100644 +index 071f4c8..440862e 100644 --- a/drivers/net/ethernet/atheros/atlx/atl2.c +++ b/drivers/net/ethernet/atheros/atlx/atl2.c -@@ -2857,7 +2857,7 @@ static void atl2_force_ps(struct atl2_hw *hw) +@@ -2862,7 +2862,7 @@ static void atl2_force_ps(struct atl2_hw *hw) */ =20 #define ATL2_PARAM(X, desc) \ @@ -34604,10 +33842,10 @@ index 1feae59..c2a61d2 100644 MODULE_PARM_DESC(X, desc); #else diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h b/drivers/ne= t/ethernet/broadcom/bnx2x/bnx2x_sp.h -index 9a517c2..a50cfcb 100644 +index 66da39f..5dc436d 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -@@ -449,7 +449,7 @@ struct bnx2x_rx_mode_obj { +@@ -473,7 +473,7 @@ struct bnx2x_rx_mode_obj { =20 int (*wait_comp)(struct bnx2x *bp, struct bnx2x_rx_mode_ramrod_params *p); @@ -34617,10 +33855,10 @@ index 9a517c2..a50cfcb 100644 /********************** Set multicast group ***************************= ********/ =20 diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/= broadcom/tg3.h -index 94b4bd0..73c02de 100644 +index aea8f72..fcebf75 100644 --- a/drivers/net/ethernet/broadcom/tg3.h +++ b/drivers/net/ethernet/broadcom/tg3.h -@@ -134,6 +134,7 @@ +@@ -140,6 +140,7 @@ #define CHIPREV_ID_5750_A0 0x4000 #define CHIPREV_ID_5750_A1 0x4001 #define CHIPREV_ID_5750_A3 0x4003 @@ -34629,7 +33867,7 @@ index 94b4bd0..73c02de 100644 #define CHIPREV_ID_5752_A0_HW 0x5000 #define CHIPREV_ID_5752_A0 0x6000 diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethe= rnet/chelsio/cxgb3/l2t.h -index c5f5479..2e8c260 100644 +index c4e8643..0979484 100644 --- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h +++ b/drivers/net/ethernet/chelsio/cxgb3/l2t.h @@ -87,7 +87,7 @@ typedef void (*arp_failure_handler_func)(struct t3cdev= * dev, @@ -34641,52 +33879,11 @@ index c5f5479..2e8c260 100644 =20 #define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb) =20 -diff --git a/drivers/net/ethernet/chelsio/cxgb3/sge.c b/drivers/net/ethe= rnet/chelsio/cxgb3/sge.c -index cfb60e1..9c76da7 100644 ---- a/drivers/net/ethernet/chelsio/cxgb3/sge.c -+++ b/drivers/net/ethernet/chelsio/cxgb3/sge.c -@@ -611,6 +611,8 @@ static void recycle_rx_buf(struct adapter *adap, str= uct sge_fl *q, - * of the SW ring. - */ - static void *alloc_ring(struct pci_dev *pdev, size_t nelem, size_t elem= _size, -+ size_t sw_size, dma_addr_t * phys, void *metadata) __size_overflow(2= ,4); -+static void *alloc_ring(struct pci_dev *pdev, size_t nelem, size_t elem= _size, - size_t sw_size, dma_addr_t * phys, void *metadata) - { - size_t len =3D nelem * elem_size; -diff --git a/drivers/net/ethernet/chelsio/cxgb4/sge.c b/drivers/net/ethe= rnet/chelsio/cxgb4/sge.c -index 140254c..5b8a0a6 100644 ---- a/drivers/net/ethernet/chelsio/cxgb4/sge.c -+++ b/drivers/net/ethernet/chelsio/cxgb4/sge.c -@@ -593,6 +593,9 @@ static inline void __refill_fl(struct adapter *adap,= struct sge_fl *fl) - */ - static void *alloc_ring(struct device *dev, size_t nelem, size_t elem_s= ize, - size_t sw_size, dma_addr_t *phys, void *metadata, -+ size_t stat_size, int node) __size_overflow(2,4); -+static void *alloc_ring(struct device *dev, size_t nelem, size_t elem_s= ize, -+ size_t sw_size, dma_addr_t *phys, void *metadata, - size_t stat_size, int node) - { - size_t len =3D nelem * elem_size + stat_size; -diff --git a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c b/drivers/net/et= hernet/chelsio/cxgb4vf/sge.c -index 8d5d55a..a3c3474 100644 ---- a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c -+++ b/drivers/net/ethernet/chelsio/cxgb4vf/sge.c -@@ -730,6 +730,9 @@ static inline void __refill_fl(struct adapter *adapt= er, struct sge_fl *fl) - */ - static void *alloc_ring(struct device *dev, size_t nelem, size_t hwsize= , - size_t swsize, dma_addr_t *busaddrp, void *swringp, -+ size_t stat_size) __size_overflow(2,4); -+static void *alloc_ring(struct device *dev, size_t nelem, size_t hwsize= , -+ size_t swsize, dma_addr_t *busaddrp, void *swringp, - size_t stat_size) - { - /* diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethern= et/dec/tulip/de4x5.c -index 871bcaa..4043505 100644 +index 4d71f5a..8004440 100644 --- a/drivers/net/ethernet/dec/tulip/de4x5.c +++ b/drivers/net/ethernet/dec/tulip/de4x5.c -@@ -5397,7 +5397,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *= rq, int cmd) +@@ -5392,7 +5392,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *= rq, int cmd) for (i=3D0; idev_addr[i]; } @@ -34695,7 +33892,7 @@ index 871bcaa..4043505 100644 break; =20 case DE4X5_SET_HWADDR: /* Set the hardware address */ -@@ -5437,7 +5437,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *= rq, int cmd) +@@ -5432,7 +5432,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *= rq, int cmd) spin_lock_irqsave(&lp->lock, flags); memcpy(&statbuf, &lp->pktStats, ioc->len); spin_unlock_irqrestore(&lp->lock, flags); @@ -34718,7 +33915,7 @@ index 14d5b61..1398636 100644 "21140 MII PHY", "21142 Serial PHY", diff --git a/drivers/net/ethernet/dec/tulip/winbond-840.c b/drivers/net/= ethernet/dec/tulip/winbond-840.c -index 4d01219..b58d26d 100644 +index 52da7b2..4ddfe1c 100644 --- a/drivers/net/ethernet/dec/tulip/winbond-840.c +++ b/drivers/net/ethernet/dec/tulip/winbond-840.c @@ -236,7 +236,7 @@ struct pci_id_info { @@ -34731,7 +33928,7 @@ index 4d01219..b58d26d 100644 "Winbond W89c840", CanHaveMII | HasBrokenTx | FDXOnNoMII}, { "Winbond W89c840", CanHaveMII | HasBrokenTx}, diff --git a/drivers/net/ethernet/dlink/sundance.c b/drivers/net/etherne= t/dlink/sundance.c -index dcd7f7a..ecb7fb3 100644 +index 28a3a9b..d96cb63 100644 --- a/drivers/net/ethernet/dlink/sundance.c +++ b/drivers/net/ethernet/dlink/sundance.c @@ -218,7 +218,7 @@ enum { @@ -34744,10 +33941,10 @@ index dcd7f7a..ecb7fb3 100644 {"D-Link DFE-550FX 100Mbps Fiber-optics Adapter"}, {"D-Link DFE-580TX 4 port Server Adapter"}, diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/e= thernet/emulex/benet/be_main.c -index bf266a0..e024af7 100644 +index e703d64..d62ecf9 100644 --- a/drivers/net/ethernet/emulex/benet/be_main.c +++ b/drivers/net/ethernet/emulex/benet/be_main.c -@@ -397,7 +397,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) +@@ -402,7 +402,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) =20 if (wrapped) newacc +=3D 65536; @@ -34757,10 +33954,10 @@ index bf266a0..e024af7 100644 =20 void be_parse_stats(struct be_adapter *adapter) diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethe= rnet/faraday/ftgmac100.c -index fb5579a..debdffa 100644 +index 47f85c3..82ab6c4 100644 --- a/drivers/net/ethernet/faraday/ftgmac100.c +++ b/drivers/net/ethernet/faraday/ftgmac100.c -@@ -30,6 +30,8 @@ +@@ -31,6 +31,8 @@ #include #include #include @@ -34770,10 +33967,10 @@ index fb5579a..debdffa 100644 =20 #include "ftgmac100.h" diff --git a/drivers/net/ethernet/faraday/ftmac100.c b/drivers/net/ether= net/faraday/ftmac100.c -index a127cb2..0d043cd 100644 +index bb336a0..4b472da 100644 --- a/drivers/net/ethernet/faraday/ftmac100.c +++ b/drivers/net/ethernet/faraday/ftmac100.c -@@ -30,6 +30,8 @@ +@@ -31,6 +31,8 @@ #include #include #include @@ -34783,7 +33980,7 @@ index a127cb2..0d043cd 100644 #include "ftmac100.h" =20 diff --git a/drivers/net/ethernet/fealnx.c b/drivers/net/ethernet/fealnx= .c -index 61d2bdd..7f1154a 100644 +index c82d444..0007fb4 100644 --- a/drivers/net/ethernet/fealnx.c +++ b/drivers/net/ethernet/fealnx.c @@ -150,7 +150,7 @@ struct chip_info { @@ -34872,7 +34069,7 @@ index 2967039..ca8c40c 100644 enum e1000_nvm_type type; enum e1000_nvm_override override; diff --git a/drivers/net/ethernet/intel/igb/e1000_hw.h b/drivers/net/eth= ernet/intel/igb/e1000_hw.h -index 4519a13..f97fcd0 100644 +index f67cbd3..cef9e3d 100644 --- a/drivers/net/ethernet/intel/igb/e1000_hw.h +++ b/drivers/net/ethernet/intel/igb/e1000_hw.h @@ -314,6 +314,7 @@ struct e1000_mac_operations { @@ -34944,7 +34141,7 @@ index 4519a13..f97fcd0 100644 u32 timeout; u32 usec_delay; diff --git a/drivers/net/ethernet/intel/igbvf/vf.h b/drivers/net/etherne= t/intel/igbvf/vf.h -index d7ed58f..64cde36 100644 +index 57db3c6..aa825fc 100644 --- a/drivers/net/ethernet/intel/igbvf/vf.h +++ b/drivers/net/ethernet/intel/igbvf/vf.h @@ -189,9 +189,10 @@ struct e1000_mac_operations { @@ -34977,7 +34174,7 @@ index d7ed58f..64cde36 100644 u32 timeout; u32 usec_delay; diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h b/drivers/net= /ethernet/intel/ixgbe/ixgbe_type.h -index 6c5cca8..de8ef63 100644 +index 9b95bef..7e254ee 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h @@ -2708,6 +2708,7 @@ struct ixgbe_eeprom_operations { @@ -35015,8 +34212,8 @@ index 6c5cca8..de8ef63 100644 - struct ixgbe_mac_operations ops; + ixgbe_mac_operations_no_const ops; enum ixgbe_mac_type type; - u8 addr[IXGBE_ETH_LENGTH_OF_ADDRESS]; - u8 perm_addr[IXGBE_ETH_LENGTH_OF_ADDRESS]= ; + u8 addr[ETH_ALEN]; + u8 perm_addr[ETH_ALEN]; @@ -2828,7 +2831,7 @@ struct ixgbe_mac_info { }; =20 @@ -35044,7 +34241,7 @@ index 6c5cca8..de8ef63 100644 u32 timeout; u32 usec_delay; diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.h b/drivers/net/ether= net/intel/ixgbevf/vf.h -index 10306b4..28df758 100644 +index 25c951d..cc7cf33 100644 --- a/drivers/net/ethernet/intel/ixgbevf/vf.h +++ b/drivers/net/ethernet/intel/ixgbevf/vf.h @@ -70,6 +70,7 @@ struct ixgbe_mac_operations { @@ -35082,13 +34279,13 @@ index 10306b4..28df758 100644 u32 timeout; u32 udelay; diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/eth= ernet/mellanox/mlx4/main.c -index 94bbc85..78c12e6 100644 +index d498f04..1b49bed 100644 --- a/drivers/net/ethernet/mellanox/mlx4/main.c +++ b/drivers/net/ethernet/mellanox/mlx4/main.c -@@ -40,6 +40,7 @@ - #include +@@ -41,6 +41,7 @@ #include #include + #include +#include =20 #include @@ -35120,10 +34317,10 @@ index 4a518a3..936b334 100644 #define VXGE_HW_VIRTUAL_PATH_HANDLE(vpath) \ ((struct __vxge_hw_vpath_handle *)(vpath)->vpath_handles.next) diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet= /realtek/r8169.c -index 0cf2351..56c4cef 100644 +index bbacb37..d60887d 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c -@@ -698,17 +698,17 @@ struct rtl8169_private { +@@ -695,17 +695,17 @@ struct rtl8169_private { struct mdio_ops { void (*write)(void __iomem *, int, int); int (*read)(void __iomem *, int); @@ -35145,10 +34342,10 @@ index 0cf2351..56c4cef 100644 int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv= ); int (*get_settings)(struct net_device *, struct ethtool_cmd *); diff --git a/drivers/net/ethernet/sis/sis190.c b/drivers/net/ethernet/si= s/sis190.c -index 1b4658c..a30dabb 100644 +index 5b118cd..858b523 100644 --- a/drivers/net/ethernet/sis/sis190.c +++ b/drivers/net/ethernet/sis/sis190.c -@@ -1624,7 +1624,7 @@ static int __devinit sis190_get_mac_addr_from_eepr= om(struct pci_dev *pdev, +@@ -1622,7 +1622,7 @@ static int __devinit sis190_get_mac_addr_from_eepr= om(struct pci_dev *pdev, static int __devinit sis190_get_mac_addr_from_apc(struct pci_dev *pdev, struct net_device *dev) { @@ -35158,10 +34355,10 @@ index 1b4658c..a30dabb 100644 struct pci_dev *isa_bridge; u8 reg, tmp8; diff --git a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c b/drivers/ne= t/ethernet/stmicro/stmmac/mmc_core.c -index 41e6b33..8e89b0f 100644 +index c07cfe9..81cbf7e 100644 --- a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c +++ b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c -@@ -139,8 +139,8 @@ void dwmac_mmc_ctrl(void __iomem *ioaddr, unsigned i= nt mode) +@@ -140,8 +140,8 @@ void dwmac_mmc_ctrl(void __iomem *ioaddr, unsigned i= nt mode) =20 writel(value, ioaddr + MMC_CNTRL); =20 @@ -35172,6 +34369,41 @@ index 41e6b33..8e89b0f 100644 } =20 /* To mask all all interrupts.*/ +diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv= _net.h +index dec5836..6d4db7d 100644 +--- a/drivers/net/hyperv/hyperv_net.h ++++ b/drivers/net/hyperv/hyperv_net.h +@@ -97,7 +97,7 @@ struct rndis_device { +=20 + enum rndis_device_state state; + bool link_state; +- atomic_t new_req_id; ++ atomic_unchecked_t new_req_id; +=20 + spinlock_t request_lock; + struct list_head req_list; +diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndi= s_filter.c +index 133b7fb..d58c559 100644 +--- a/drivers/net/hyperv/rndis_filter.c ++++ b/drivers/net/hyperv/rndis_filter.c +@@ -96,7 +96,7 @@ static struct rndis_request *get_rndis_request(struct = rndis_device *dev, + * template + */ + set =3D &rndis_msg->msg.set_req; +- set->req_id =3D atomic_inc_return(&dev->new_req_id); ++ set->req_id =3D atomic_inc_return_unchecked(&dev->new_req_id); +=20 + /* Add to the request list */ + spin_lock_irqsave(&dev->request_lock, flags); +@@ -627,7 +627,7 @@ static void rndis_filter_halt_device(struct rndis_de= vice *dev) +=20 + /* Setup the rndis set */ + halt =3D &request->request_msg.msg.halt_req; +- halt->req_id =3D atomic_inc_return(&dev->new_req_id); ++ halt->req_id =3D atomic_inc_return_unchecked(&dev->new_req_id); +=20 + /* Ignore return since this msg is optional. */ + rndis_filter_send_request(dev, request); diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic= .c index 486b404..0d6677d 100644 --- a/drivers/net/ppp/ppp_generic.c @@ -35271,62 +34503,8 @@ index 46db5c5..37c1536 100644 =20 err =3D platform_driver_register(&sk_isa_driver); if (err) -diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index 7bea9c6..7ef073c 100644 ---- a/drivers/net/tun.c -+++ b/drivers/net/tun.c -@@ -359,7 +359,7 @@ static void tun_free_netdev(struct net_device *dev) - { - struct tun_struct *tun =3D netdev_priv(dev); -=20 -- sock_put(tun->socket.sk); -+ sk_release_kernel(tun->socket.sk); - } -=20 - /* Net device open. */ -@@ -979,10 +979,18 @@ static int tun_recvmsg(struct kiocb *iocb, struct = socket *sock, - return ret; - } -=20 -+static int tun_release(struct socket *sock) -+{ -+ if (sock->sk) -+ sock_put(sock->sk); -+ return 0; -+} -+ - /* Ops structure to mimic raw sockets with tun */ - static const struct proto_ops tun_socket_ops =3D { - .sendmsg =3D tun_sendmsg, - .recvmsg =3D tun_recvmsg, -+ .release =3D tun_release, - }; -=20 - static struct proto tun_proto =3D { -@@ -1109,10 +1117,11 @@ static int tun_set_iff(struct net *net, struct f= ile *file, struct ifreq *ifr) - tun->vnet_hdr_sz =3D sizeof(struct virtio_net_hdr); -=20 - err =3D -ENOMEM; -- sk =3D sk_alloc(net, AF_UNSPEC, GFP_KERNEL, &tun_proto); -+ sk =3D sk_alloc(&init_net, AF_UNSPEC, GFP_KERNEL, &tun_proto); - if (!sk) - goto err_free_dev; -=20 -+ sk_change_net(sk, net); - tun->socket.wq =3D &tun->wq; - init_waitqueue_head(&tun->wq.wait); - tun->socket.ops =3D &tun_socket_ops; -@@ -1173,7 +1182,7 @@ static int tun_set_iff(struct net *net, struct fil= e *file, struct ifreq *ifr) - return 0; -=20 - err_free_sk: -- sock_put(sk); -+ tun_free_netdev(dev); - err_free_dev: - free_netdev(dev); - failed: diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c -index 304fe78..db112fa 100644 +index e1324b4..e1b0041 100644 --- a/drivers/net/usb/hso.c +++ b/drivers/net/usb/hso.c @@ -71,7 +71,7 @@ @@ -35425,22 +34603,8 @@ index 304fe78..db112fa 100644 result =3D hso_start_serial_device(serial_table[i], GFP_NOIO); hso_kick_transmit(dev2ser(serial_table[i])); -diff --git a/drivers/net/vmxnet3/vmxnet3_ethtool.c b/drivers/net/vmxnet3= /vmxnet3_ethtool.c -index e662cbc..8d4a102 100644 ---- a/drivers/net/vmxnet3/vmxnet3_ethtool.c -+++ b/drivers/net/vmxnet3/vmxnet3_ethtool.c -@@ -601,8 +601,7 @@ vmxnet3_set_rss_indir(struct net_device *netdev, - * Return with error code if any of the queue indices - * is out of range - */ -- if (p->ring_index[i] < 0 || -- p->ring_index[i] >=3D adapter->num_rx_queues) -+ if (p->ring_index[i] >=3D adapter->num_rx_queues) - return -EINVAL; - } -=20 diff --git a/drivers/net/wireless/ath/ath.h b/drivers/net/wireless/ath/a= th.h -index 0f9ee46..e2d6e65 100644 +index efc0111..79c8f5b 100644 --- a/drivers/net/wireless/ath/ath.h +++ b/drivers/net/wireless/ath/ath.h @@ -119,6 +119,7 @@ struct ath_ops { @@ -35451,22 +34615,8 @@ index 0f9ee46..e2d6e65 100644 =20 struct ath_common; struct ath_bus_ops; -diff --git a/drivers/net/wireless/ath/ath5k/debug.c b/drivers/net/wirele= ss/ath/ath5k/debug.c -index 8c5ce8b..abf101b 100644 ---- a/drivers/net/wireless/ath/ath5k/debug.c -+++ b/drivers/net/wireless/ath/ath5k/debug.c -@@ -343,6 +343,9 @@ static ssize_t read_file_debug(struct file *file, ch= ar __user *user_buf, -=20 - static ssize_t write_file_debug(struct file *file, - const char __user *userbuf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t write_file_debug(struct file *file, -+ const char __user *userbuf, - size_t count, loff_t *ppos) - { - struct ath5k_hw *ah =3D file->private_data; diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/w= ireless/ath/ath9k/ar9002_mac.c -index b592016..fe47870 100644 +index 7b6417b..ab5db98 100644 --- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c +++ b/drivers/net/wireless/ath/ath9k/ar9002_mac.c @@ -183,8 +183,8 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struc= t ath_tx_info *i) @@ -35549,7 +34699,7 @@ index b592016..fe47870 100644 | set11nRateFlags(i->rates, 2) | set11nRateFlags(i->rates, 3) diff --git a/drivers/net/wireless/ath/ath9k/ar9003_mac.c b/drivers/net/w= ireless/ath/ath9k/ar9003_mac.c -index f5ae3c6..7936af3 100644 +index 09b8c9d..905339e 100644 --- a/drivers/net/wireless/ath/ath9k/ar9003_mac.c +++ b/drivers/net/wireless/ath/ath9k/ar9003_mac.c @@ -35,47 +35,47 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struc= t ath_tx_info *i) @@ -35670,37 +34820,11 @@ index f5ae3c6..7936af3 100644 } =20 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) -diff --git a/drivers/net/wireless/ath/ath9k/debug.c b/drivers/net/wirele= ss/ath/ath9k/debug.c -index 2741203..837a960 100644 ---- a/drivers/net/wireless/ath/ath9k/debug.c -+++ b/drivers/net/wireless/ath/ath9k/debug.c -@@ -60,6 +60,8 @@ static ssize_t read_file_debug(struct file *file, char= __user *user_buf, - } -=20 - static ssize_t write_file_debug(struct file *file, const char __user *u= ser_buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t write_file_debug(struct file *file, const char __user *u= ser_buf, - size_t count, loff_t *ppos) - { - struct ath_softc *sc =3D file->private_data; -diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_debug.c b/drivers/ne= t/wireless/ath/ath9k/htc_drv_debug.c -index d3ff33c..c98bcda 100644 ---- a/drivers/net/wireless/ath/ath9k/htc_drv_debug.c -+++ b/drivers/net/wireless/ath/ath9k/htc_drv_debug.c -@@ -464,6 +464,8 @@ static ssize_t read_file_debug(struct file *file, ch= ar __user *user_buf, - } -=20 - static ssize_t write_file_debug(struct file *file, const char __user *u= ser_buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t write_file_debug(struct file *file, const char __user *u= ser_buf, - size_t count, loff_t *ppos) - { - struct ath9k_htc_priv *priv =3D file->private_data; diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/= ath/ath9k/hw.h -index 1bd8edf..10c6d30 100644 +index c8261d4..8d88929 100644 --- a/drivers/net/wireless/ath/ath9k/hw.h +++ b/drivers/net/wireless/ath/ath9k/hw.h -@@ -605,7 +605,7 @@ struct ath_hw_private_ops { +@@ -773,7 +773,7 @@ struct ath_hw_private_ops { =20 /* ANI */ void (*ani_cache_ini_regs)(struct ath_hw *ah); @@ -35709,7 +34833,7 @@ index 1bd8edf..10c6d30 100644 =20 /** * struct ath_hw_ops - callbacks used by hardware code and driver code -@@ -635,7 +635,7 @@ struct ath_hw_ops { +@@ -803,7 +803,7 @@ struct ath_hw_ops { void (*antdiv_comb_conf_set)(struct ath_hw *ah, struct ath_hw_antcomb_conf *antconf); =20 @@ -35718,7 +34842,7 @@ index 1bd8edf..10c6d30 100644 =20 struct ath_nf_limits { s16 max; -@@ -655,7 +655,7 @@ enum ath_cal_list { +@@ -823,7 +823,7 @@ enum ath_cal_list { #define AH_FASTCC 0x4 =20 struct ath_hw { @@ -35728,10 +34852,10 @@ index 1bd8edf..10c6d30 100644 struct ieee80211_hw *hw; struct ath_common common; diff --git a/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h b/dri= vers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h -index bea8524..c677c06 100644 +index af00e2c..ab04d34 100644 --- a/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h +++ b/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h -@@ -547,7 +547,7 @@ struct phy_func_ptr { +@@ -545,7 +545,7 @@ struct phy_func_ptr { void (*carrsuppr)(struct brcms_phy *); s32 (*rxsigpwr)(struct brcms_phy *, s32); void (*detach)(struct brcms_phy *); @@ -35740,26 +34864,26 @@ index bea8524..c677c06 100644 =20 struct brcms_phy { struct brcms_phy_pub pubpi_ro; -diff --git a/drivers/net/wireless/iwlegacy/iwl3945-base.c b/drivers/net/= wireless/iwlegacy/iwl3945-base.c -index 05f2ad1..ae00eea 100644 ---- a/drivers/net/wireless/iwlegacy/iwl3945-base.c -+++ b/drivers/net/wireless/iwlegacy/iwl3945-base.c -@@ -3685,7 +3685,9 @@ static int iwl3945_pci_probe(struct pci_dev *pdev,= const struct pci_device_id *e +diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wire= less/iwlegacy/3945-mac.c +index a7dfba8..e28eacd 100644 +--- a/drivers/net/wireless/iwlegacy/3945-mac.c ++++ b/drivers/net/wireless/iwlegacy/3945-mac.c +@@ -3647,7 +3647,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struc= t pci_device_id *ent) */ - if (iwl3945_mod_params.disable_hw_scan) { - IWL_DEBUG_INFO(priv, "Disabling hw_scan\n"); -- iwl3945_hw_ops.hw_scan =3D NULL; + if (il3945_mod_params.disable_hw_scan) { + D_INFO("Disabling hw_scan\n"); +- il3945_hw_ops.hw_scan =3D NULL; + pax_open_kernel(); -+ *(void **)&iwl3945_hw_ops.hw_scan =3D NULL; ++ *(void **)&il3945_hw_ops.hw_scan =3D NULL; + pax_close_kernel(); } =20 - IWL_DEBUG_INFO(priv, "*** LOAD DRIVER ***\n"); + D_INFO("*** LOAD DRIVER ***\n"); diff --git a/drivers/net/wireless/iwlwifi/iwl-debug.h b/drivers/net/wire= less/iwlwifi/iwl-debug.h -index 69a77e2..552b42c 100644 +index f8fc239..8cade22 100644 --- a/drivers/net/wireless/iwlwifi/iwl-debug.h +++ b/drivers/net/wireless/iwlwifi/iwl-debug.h -@@ -71,8 +71,8 @@ do { \ +@@ -86,8 +86,8 @@ do { \ } while (0) =20 #else @@ -35768,13 +34892,13 @@ index 69a77e2..552b42c 100644 +#define IWL_DEBUG(m, level, fmt, args...) do {} while (0) +#define IWL_DEBUG_LIMIT(m, level, fmt, args...) do {} while (0) #define iwl_print_hex_dump(m, level, p, len) - #endif /* CONFIG_IWLWIFI_DEBUG */ -=20 + #define IWL_DEBUG_QUIET_RFKILL(p, fmt, args...) \ + do { \ diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireles= s/mac80211_hwsim.c -index 523ad55..f8c5dc5 100644 +index 4b9e730..7603659 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c -@@ -1678,9 +1678,11 @@ static int __init init_mac80211_hwsim(void) +@@ -1677,9 +1677,11 @@ static int __init init_mac80211_hwsim(void) return -EINVAL; =20 if (fake_hw_scan) { @@ -35790,10 +34914,10 @@ index 523ad55..f8c5dc5 100644 =20 spin_lock_init(&hwsim_radio_lock); diff --git a/drivers/net/wireless/mwifiex/main.h b/drivers/net/wireless/= mwifiex/main.h -index 30f138b..c904585 100644 +index 3186aa4..b35b09f 100644 --- a/drivers/net/wireless/mwifiex/main.h +++ b/drivers/net/wireless/mwifiex/main.h -@@ -543,7 +543,7 @@ struct mwifiex_if_ops { +@@ -536,7 +536,7 @@ struct mwifiex_if_ops { void (*cleanup_mpa_buf) (struct mwifiex_adapter *); int (*cmdrsp_complete) (struct mwifiex_adapter *, struct sk_buff *); int (*event_complete) (struct mwifiex_adapter *, struct sk_buff *); @@ -35803,10 +34927,10 @@ index 30f138b..c904585 100644 struct mwifiex_adapter { u8 iface_type; diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rn= dis_wlan.c -index 0c13840..a5c3ed6 100644 +index a330c69..a81540f 100644 --- a/drivers/net/wireless/rndis_wlan.c +++ b/drivers/net/wireless/rndis_wlan.c -@@ -1275,7 +1275,7 @@ static int set_rts_threshold(struct usbnet *usbdev= , u32 rts_threshold) +@@ -1278,7 +1278,7 @@ static int set_rts_threshold(struct usbnet *usbdev= , u32 rts_threshold) =20 netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold); =20 @@ -35881,7 +35005,7 @@ index c0cc4e7..44d4e54 100644 } =20 diff --git a/drivers/oprofile/oprof.c b/drivers/oprofile/oprof.c -index f8c752e..28bf4fc 100644 +index ed2c3ec..deda85a 100644 --- a/drivers/oprofile/oprof.c +++ b/drivers/oprofile/oprof.c @@ -110,7 +110,7 @@ static void switch_worker(struct work_struct *work) @@ -35893,42 +35017,6 @@ index f8c752e..28bf4fc 100644 start_switch_worker(); } =20 -diff --git a/drivers/oprofile/oprofile_files.c b/drivers/oprofile/oprofi= le_files.c -index 84a208d..f07d177 100644 ---- a/drivers/oprofile/oprofile_files.c -+++ b/drivers/oprofile/oprofile_files.c -@@ -36,6 +36,8 @@ static ssize_t timeout_read(struct file *file, char __= user *buf, -=20 -=20 - static ssize_t timeout_write(struct file *file, char const __user *buf, -+ size_t count, loff_t *offset) __size_overflow(3); -+static ssize_t timeout_write(struct file *file, char const __user *buf, - size_t count, loff_t *offset) - { - unsigned long val; -@@ -72,6 +74,7 @@ static ssize_t depth_read(struct file *file, char __us= er *buf, size_t count, lof - } -=20 -=20 -+static ssize_t depth_write(struct file *file, char const __user *buf, s= ize_t count, loff_t *offset) __size_overflow(3); - static ssize_t depth_write(struct file *file, char const __user *buf, s= ize_t count, loff_t *offset) - { - unsigned long val; -@@ -126,12 +129,14 @@ static const struct file_operations cpu_type_fops = =3D { - }; -=20 -=20 -+static ssize_t enable_read(struct file *file, char __user *buf, size_t = count, loff_t *offset) __size_overflow(3); - static ssize_t enable_read(struct file *file, char __user *buf, size_t = count, loff_t *offset) - { - return oprofilefs_ulong_to_user(oprofile_started, buf, count, offset); - } -=20 -=20 -+static ssize_t enable_write(struct file *file, char const __user *buf, = size_t count, loff_t *offset) __size_overflow(3); - static ssize_t enable_write(struct file *file, char const __user *buf, = size_t count, loff_t *offset) - { - unsigned long val; diff --git a/drivers/oprofile/oprofile_stats.c b/drivers/oprofile/oprofi= le_stats.c index 917d28e..d62d981 100644 --- a/drivers/oprofile/oprofile_stats.c @@ -35972,18 +35060,10 @@ index 38b6fc0..b5cbfce 100644 =20 extern struct oprofile_stat_struct oprofile_stats; diff --git a/drivers/oprofile/oprofilefs.c b/drivers/oprofile/oprofilefs= .c -index 2f0aa0f..d5246c3 100644 +index 2f0aa0f..90fab02 100644 --- a/drivers/oprofile/oprofilefs.c +++ b/drivers/oprofile/oprofilefs.c -@@ -97,6 +97,7 @@ static ssize_t ulong_read_file(struct file *file, char= __user *buf, size_t count - } -=20 -=20 -+static ssize_t ulong_write_file(struct file *file, char const __user *b= uf, size_t count, loff_t *offset) __size_overflow(3); - static ssize_t ulong_write_file(struct file *file, char const __user *b= uf, size_t count, loff_t *offset) - { - unsigned long value; -@@ -193,7 +194,7 @@ static const struct file_operations atomic_ro_fops =3D= { +@@ -193,7 +193,7 @@ static const struct file_operations atomic_ro_fops =3D= { =20 =20 int oprofilefs_create_ro_atomic(struct super_block *sb, struct dentry *= root, @@ -36063,7 +35143,7 @@ index 24f049e..051f66e 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) =20 diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index dfee1b3..a454fb6 100644 +index 71eac9c..2de27ef 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -136,7 +136,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_ba= r_type type, @@ -36096,21 +35176,8 @@ index 27911b5..5b6db88 100644 proc_create("devices", 0, proc_bus_pci_dir, &proc_bus_pci_dev_operations); proc_initialized =3D 1; -diff --git a/drivers/platform/x86/asus_acpi.c b/drivers/platform/x86/asu= s_acpi.c -index d9312b3..59f63f2 100644 ---- a/drivers/platform/x86/asus_acpi.c -+++ b/drivers/platform/x86/asus_acpi.c -@@ -887,6 +887,8 @@ static int lcd_proc_open(struct inode *inode, struct= file *file) - } -=20 - static ssize_t lcd_proc_write(struct file *file, const char __user *buf= fer, -+ size_t count, loff_t *pos) __size_overflow(3); -+static ssize_t lcd_proc_write(struct file *file, const char __user *buf= fer, - size_t count, loff_t *pos) - { - int rv, value; diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86= /thinkpad_acpi.c -index 7b82868..b9344c9 100644 +index ea0c607..58c4628 100644 --- a/drivers/platform/x86/thinkpad_acpi.c +++ b/drivers/platform/x86/thinkpad_acpi.c @@ -2094,7 +2094,7 @@ static int hotkey_mask_get(void) @@ -36241,19 +35308,6 @@ index 7b82868..b9344c9 100644 =20 /* * Polling driver -diff --git a/drivers/platform/x86/toshiba_acpi.c b/drivers/platform/x86/= toshiba_acpi.c -index dcdc1f4..85cee16 100644 ---- a/drivers/platform/x86/toshiba_acpi.c -+++ b/drivers/platform/x86/toshiba_acpi.c -@@ -517,6 +517,8 @@ static int set_lcd_status(struct backlight_device *b= d) - } -=20 - static ssize_t lcd_proc_write(struct file *file, const char __user *buf= , -+ size_t count, loff_t *pos) __size_overflow(3); -+static ssize_t lcd_proc_write(struct file *file, const char __user *buf= , - size_t count, loff_t *pos) - { - struct toshiba_acpi_dev *dev =3D PDE(file->f_path.dentry->d_inode)->da= ta; diff --git a/drivers/pnp/pnpbios/bioscalls.c b/drivers/pnp/pnpbios/biosc= alls.c index b859d16..5cc6b1a 100644 --- a/drivers/pnp/pnpbios/bioscalls.c @@ -36337,10 +35391,10 @@ index b0ecacb..7c9da2e 100644 =20 /* check if the resource is reserved */ diff --git a/drivers/power/bq27x00_battery.c b/drivers/power/bq27x00_bat= tery.c -index bb16f5b..c751eef 100644 +index 1ed6ea0..77c0bd2 100644 --- a/drivers/power/bq27x00_battery.c +++ b/drivers/power/bq27x00_battery.c -@@ -67,7 +67,7 @@ +@@ -72,7 +72,7 @@ struct bq27x00_device_info; struct bq27x00_access_methods { int (*read)(struct bq27x00_device_info *di, u8 reg, bool single); @@ -36350,7 +35404,7 @@ index bb16f5b..c751eef 100644 enum bq27x00_chip { BQ27000, BQ27500 }; =20 diff --git a/drivers/regulator/max8660.c b/drivers/regulator/max8660.c -index 33f5d9a..d957d3f 100644 +index a838e66..a9e1665 100644 --- a/drivers/regulator/max8660.c +++ b/drivers/regulator/max8660.c @@ -383,8 +383,10 @@ static int __devinit max8660_probe(struct i2c_clien= t *client, @@ -36367,10 +35421,10 @@ index 33f5d9a..d957d3f 100644 =20 /* diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/m= c13892-regulator.c -index 023d17d..74ef35b 100644 +index e8cfc99..072aee2 100644 --- a/drivers/regulator/mc13892-regulator.c +++ b/drivers/regulator/mc13892-regulator.c -@@ -565,10 +565,12 @@ static int __devinit mc13892_regulator_probe(struc= t platform_device *pdev) +@@ -574,10 +574,12 @@ static int __devinit mc13892_regulator_probe(struc= t platform_device *pdev) } mc13xxx_unlock(mc13892); =20 @@ -36382,9 +35436,9 @@ index 023d17d..74ef35b 100644 + *(void **)&mc13892_regulators[MC13892_VCAM].desc.ops->get_mode =3D mc13892_vcam_get_mode; + pax_close_kernel(); - for (i =3D 0; i < pdata->num_regulators; i++) { - init_data =3D &pdata->regulators[i]; - priv->regulators[i] =3D regulator_register( +=20 + mc13xxx_data =3D mc13xxx_parse_regulators_dt(pdev, mc13892_regulators, + ARRAY_SIZE(mc13892_regulators)); diff --git a/drivers/rtc/rtc-dev.c b/drivers/rtc/rtc-dev.c index cace6d3..f623fda 100644 --- a/drivers/rtc/rtc-dev.c @@ -36459,10 +35513,10 @@ index a796de9..1ef20e1 100644 =20 struct bfa_faa_cbfn_s { diff --git a/drivers/scsi/bfa/bfa_fcpim.c b/drivers/scsi/bfa/bfa_fcpim.c -index e07bd47..cd1bbbb 100644 +index f0f80e2..8ec946b 100644 --- a/drivers/scsi/bfa/bfa_fcpim.c +++ b/drivers/scsi/bfa/bfa_fcpim.c -@@ -4121,7 +4121,7 @@ bfa_fcp_attach(struct bfa_s *bfa, void *bfad, stru= ct bfa_iocfc_cfg_s *cfg, +@@ -3715,7 +3715,7 @@ bfa_fcp_attach(struct bfa_s *bfa, void *bfad, stru= ct bfa_iocfc_cfg_s *cfg, =20 bfa_iotag_attach(fcp); =20 @@ -36471,7 +35525,7 @@ index e07bd47..cd1bbbb 100644 bfa_mem_kva_curp(fcp) =3D (u8 *)fcp->itn_arr + (fcp->num_itns * sizeof(struct bfa_itn_s)); memset(fcp->itn_arr, 0, -@@ -4179,7 +4179,7 @@ bfa_itn_create(struct bfa_s *bfa, struct bfa_rport= _s *rport, +@@ -3773,7 +3773,7 @@ bfa_itn_create(struct bfa_s *bfa, struct bfa_rport= _s *rport, void (*isr)(struct bfa_s *bfa, struct bfi_msg_s *m)) { struct bfa_fcp_mod_s *fcp =3D BFA_FCP_MOD(bfa); @@ -36481,7 +35535,7 @@ index e07bd47..cd1bbbb 100644 itn =3D BFA_ITN_FROM_TAG(fcp, rport->rport_tag); itn->isr =3D isr; diff --git a/drivers/scsi/bfa/bfa_fcpim.h b/drivers/scsi/bfa/bfa_fcpim.h -index 1080bcb..a3b39e3 100644 +index 36f26da..38a34a8 100644 --- a/drivers/scsi/bfa/bfa_fcpim.h +++ b/drivers/scsi/bfa/bfa_fcpim.h @@ -37,6 +37,7 @@ struct bfa_iotag_s { @@ -36492,7 +35546,7 @@ index 1080bcb..a3b39e3 100644 =20 void bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport, void (*isr)(struct bfa_s *bfa, struct bfi_msg_s *m)); -@@ -149,7 +150,7 @@ struct bfa_fcp_mod_s { +@@ -147,7 +148,7 @@ struct bfa_fcp_mod_s { struct list_head iotag_tio_free_q; /* free IO resources */ struct list_head iotag_unused_q; /* unused IO resources*/ struct bfa_iotag_s *iotag_arr; @@ -36546,10 +35600,10 @@ index 351dc0b..951dc32 100644 =20 /* These three are default values which can be overridden */ diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c -index 865d452..e9b7fa7 100644 +index b96962c..0c82ec2 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c -@@ -505,7 +505,7 @@ static inline u32 next_command(struct ctlr_info *h) +@@ -507,7 +507,7 @@ static inline u32 next_command(struct ctlr_info *h) u32 a; =20 if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant))) @@ -36558,7 +35612,7 @@ index 865d452..e9b7fa7 100644 =20 if ((*(h->reply_pool_head) & 1) =3D=3D (h->reply_pool_wraparound)) { a =3D *(h->reply_pool_head); /* Next cmd in ring buffer */ -@@ -2989,7 +2989,7 @@ static void start_io(struct ctlr_info *h) +@@ -2991,7 +2991,7 @@ static void start_io(struct ctlr_info *h) while (!list_empty(&h->reqQ)) { c =3D list_entry(h->reqQ.next, struct CommandList, list); /* can't do anything if fifo is full */ @@ -36567,7 +35621,7 @@ index 865d452..e9b7fa7 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -2999,7 +2999,7 @@ static void start_io(struct ctlr_info *h) +@@ -3001,7 +3001,7 @@ static void start_io(struct ctlr_info *h) h->Qdepth--; =20 /* Tell the controller execute command */ @@ -36576,7 +35630,7 @@ index 865d452..e9b7fa7 100644 =20 /* Put job onto the completed Q */ addQ(&h->cmpQ, c); -@@ -3008,17 +3008,17 @@ static void start_io(struct ctlr_info *h) +@@ -3010,17 +3010,17 @@ static void start_io(struct ctlr_info *h) =20 static inline unsigned long get_next_completion(struct ctlr_info *h) { @@ -36597,7 +35651,7 @@ index 865d452..e9b7fa7 100644 (h->interrupts_enabled =3D=3D 0); } =20 -@@ -3917,7 +3917,7 @@ static int __devinit hpsa_pci_init(struct ctlr_inf= o *h) +@@ -3919,7 +3919,7 @@ static int __devinit hpsa_pci_init(struct ctlr_inf= o *h) if (prod_index < 0) return -ENODEV; h->product_name =3D products[prod_index].product_name; @@ -36606,7 +35660,7 @@ index 865d452..e9b7fa7 100644 =20 if (hpsa_board_disabled(h->pdev)) { dev_warn(&h->pdev->dev, "controller appears to be disabled\n"); -@@ -4162,7 +4162,7 @@ static void controller_lockup_detected(struct ctlr= _info *h) +@@ -4164,7 +4164,7 @@ static void controller_lockup_detected(struct ctlr= _info *h) =20 assert_spin_locked(&lockup_detector_lock); remove_ctlr_from_lockup_detector_list(h); @@ -36615,7 +35669,7 @@ index 865d452..e9b7fa7 100644 spin_lock_irqsave(&h->lock, flags); h->lockup_detected =3D readl(h->vaddr + SA5_SCRATCHPAD_OFFSET); spin_unlock_irqrestore(&h->lock, flags); -@@ -4340,7 +4340,7 @@ reinit_after_soft_reset: +@@ -4344,7 +4344,7 @@ reinit_after_soft_reset: } =20 /* make sure the board interrupts are off */ @@ -36624,7 +35678,7 @@ index 865d452..e9b7fa7 100644 =20 if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx)) goto clean2; -@@ -4374,7 +4374,7 @@ reinit_after_soft_reset: +@@ -4378,7 +4378,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -36633,7 +35687,7 @@ index 865d452..e9b7fa7 100644 spin_unlock_irqrestore(&h->lock, flags); free_irq(h->intr[h->intr_mode], h); rc =3D hpsa_request_irq(h, hpsa_msix_discard_completions, -@@ -4393,9 +4393,9 @@ reinit_after_soft_reset: +@@ -4397,9 +4397,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -36645,7 +35699,7 @@ index 865d452..e9b7fa7 100644 =20 rc =3D controller_reset_failed(h->cfgtable); if (rc) -@@ -4416,7 +4416,7 @@ reinit_after_soft_reset: +@@ -4420,7 +4420,7 @@ reinit_after_soft_reset: } =20 /* Turn the interrupts on so we can service requests */ @@ -36654,7 +35708,7 @@ index 865d452..e9b7fa7 100644 =20 hpsa_hba_inquiry(h); hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */ -@@ -4468,7 +4468,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) +@@ -4472,7 +4472,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) * To write all data in the battery backed cache to disks */ hpsa_flush_cache(h); @@ -36663,7 +35717,7 @@ index 865d452..e9b7fa7 100644 free_irq(h->intr[h->intr_mode], h); #ifdef CONFIG_PCI_MSI if (h->msix_vector) -@@ -4632,7 +4632,7 @@ static __devinit void hpsa_enter_performant_mode(s= truct ctlr_info *h, +@@ -4636,7 +4636,7 @@ static __devinit void hpsa_enter_performant_mode(s= truct ctlr_info *h, return; } /* Change the access methods to the performant access methods */ @@ -36699,7 +35753,7 @@ index f2df059..a3a9930 100644 typedef struct ips_ha { uint8_t ha_id[IPS_MAX_CHANNELS+1]; diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c -index 9de9db2..1e09660 100644 +index 4d70d96..84d0573 100644 --- a/drivers/scsi/libfc/fc_exch.c +++ b/drivers/scsi/libfc/fc_exch.c @@ -105,12 +105,12 @@ struct fc_exch_mgr { @@ -36837,10 +35891,10 @@ index db9238f..4378ed2 100644 .qc_issue =3D sas_ata_qc_issue, .qc_fill_rtf =3D sas_ata_qc_fill_rtf, diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h -index bb4c8e0..f33d849 100644 +index 825f930..ce42672 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h -@@ -425,7 +425,7 @@ struct lpfc_vport { +@@ -413,7 +413,7 @@ struct lpfc_vport { struct dentry *debug_nodelist; struct dentry *vport_debugfs_root; struct lpfc_debugfs_trc *disc_trc; @@ -36849,7 +35903,7 @@ index bb4c8e0..f33d849 100644 #endif uint8_t stat_data_enabled; uint8_t stat_data_blocked; -@@ -835,8 +835,8 @@ struct lpfc_hba { +@@ -821,8 +821,8 @@ struct lpfc_hba { struct timer_list fabric_block_timer; unsigned long bit_flags; #define FABRIC_COMANDS_BLOCKED 0 @@ -36860,7 +35914,7 @@ index bb4c8e0..f33d849 100644 unsigned long last_rsrc_error_time; unsigned long last_ramp_down_time; unsigned long last_ramp_up_time; -@@ -866,7 +866,7 @@ struct lpfc_hba { +@@ -852,7 +852,7 @@ struct lpfc_hba { =20 struct dentry *debug_slow_ring_trc; struct lpfc_debugfs_trc *slow_ring_trc; @@ -36870,7 +35924,7 @@ index bb4c8e0..f33d849 100644 struct dentry *idiag_root; struct dentry *idiag_pci_cfg; diff --git a/drivers/scsi/lpfc/lpfc_debugfs.c b/drivers/scsi/lpfc/lpfc_d= ebugfs.c -index 2838259..a07cfb5 100644 +index 3587a3f..d45b81b 100644 --- a/drivers/scsi/lpfc/lpfc_debugfs.c +++ b/drivers/scsi/lpfc/lpfc_debugfs.c @@ -106,7 +106,7 @@ MODULE_PARM_DESC(lpfc_debugfs_mask_disc_trc, @@ -36934,7 +35988,7 @@ index 2838259..a07cfb5 100644 dtp->jif =3D jiffies; #endif return; -@@ -3986,7 +3986,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) +@@ -4040,7 +4040,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) "slow_ring buffer\n"); goto debug_failed; } @@ -36943,7 +35997,7 @@ index 2838259..a07cfb5 100644 memset(phba->slow_ring_trc, 0, (sizeof(struct lpfc_debugfs_trc) * lpfc_debugfs_max_slow_ring_trc)); -@@ -4032,7 +4032,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) +@@ -4086,7 +4086,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) "buffer\n"); goto debug_failed; } @@ -36953,10 +36007,10 @@ index 2838259..a07cfb5 100644 snprintf(name, sizeof(name), "discovery_trace"); vport->debug_disc_trc =3D diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init= .c -index 55bc4fc..a2a109c 100644 +index dfea2da..8e17227 100644 --- a/drivers/scsi/lpfc/lpfc_init.c +++ b/drivers/scsi/lpfc/lpfc_init.c -@@ -10027,8 +10027,10 @@ lpfc_init(void) +@@ -10145,8 +10145,10 @@ lpfc_init(void) printk(LPFC_COPYRIGHT "\n"); =20 if (lpfc_enable_npiv) { @@ -36970,7 +36024,7 @@ index 55bc4fc..a2a109c 100644 lpfc_transport_template =3D fc_attach_transport(&lpfc_transport_functions); diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi= .c -index 2e1e54e..1af0a0d 100644 +index c60f5d0..751535c 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c @@ -305,7 +305,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba) @@ -37025,7 +36079,7 @@ index 2e1e54e..1af0a0d 100644 =20 /** diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c -index 5163edb..7b142bc 100644 +index ea8a0b4..812a124 100644 --- a/drivers/scsi/pmcraid.c +++ b/drivers/scsi/pmcraid.c @@ -200,8 +200,8 @@ static int pmcraid_slave_alloc(struct scsi_device *s= csi_dev) @@ -37132,23 +36186,23 @@ index ca496c7..9c791d5 100644 /* To indicate add/delete/modify during CCN */ u8 change_detected; diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_d= ef.h -index fcf052c..a8025a4 100644 +index af1003f..be55a75 100644 --- a/drivers/scsi/qla2xxx/qla_def.h +++ b/drivers/scsi/qla2xxx/qla_def.h -@@ -2244,7 +2244,7 @@ struct isp_operations { - int (*get_flash_version) (struct scsi_qla_host *, void *); +@@ -2247,7 +2247,7 @@ struct isp_operations { int (*start_scsi) (srb_t *); int (*abort_isp) (struct scsi_qla_host *); + int (*iospace_config)(struct qla_hw_data*); -}; +} __no_const; =20 /* MSI-X Support ******************************************************= *******/ =20 diff --git a/drivers/scsi/qla4xxx/ql4_def.h b/drivers/scsi/qla4xxx/ql4_d= ef.h -index fd5edc6..4906148 100644 +index bfe6854..ceac088 100644 --- a/drivers/scsi/qla4xxx/ql4_def.h +++ b/drivers/scsi/qla4xxx/ql4_def.h -@@ -258,7 +258,7 @@ struct ddb_entry { +@@ -261,7 +261,7 @@ struct ddb_entry { * (4000 only) */ atomic_t relogin_timer; /* Max Time to wait for * relogin to complete */ @@ -37158,10 +36212,10 @@ index fd5edc6..4906148 100644 uint32_t default_time2wait; /* Default Min time between * relogins (+aens) */ diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os= .c -index 4169c8b..a8b896b 100644 +index ce6d3b7..73fac54 100644 --- a/drivers/scsi/qla4xxx/ql4_os.c +++ b/drivers/scsi/qla4xxx/ql4_os.c -@@ -2104,12 +2104,12 @@ void qla4xxx_check_relogin_flash_ddb(struct iscs= i_cls_session *cls_sess) +@@ -2178,12 +2178,12 @@ static void qla4xxx_check_relogin_flash_ddb(stru= ct iscsi_cls_session *cls_sess) */ if (!iscsi_is_session_online(cls_sess)) { /* Reset retry relogin timer */ @@ -37176,15 +36230,15 @@ index 4169c8b..a8b896b 100644 ddb_entry->default_time2wait + 4)); set_bit(DPC_RELOGIN_DEVICE, &ha->dpc_flags); atomic_set(&ddb_entry->retry_relogin_timer, -@@ -3835,7 +3835,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct s= csi_qla_host *ha, +@@ -3953,7 +3953,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct s= csi_qla_host *ha, =20 atomic_set(&ddb_entry->retry_relogin_timer, INVALID_ENTRY); atomic_set(&ddb_entry->relogin_timer, 0); - atomic_set(&ddb_entry->relogin_retry_count, 0); + atomic_set_unchecked(&ddb_entry->relogin_retry_count, 0); -=20 + def_timeout =3D le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout); ddb_entry->default_relogin_timeout =3D - le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout); + (def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ? diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c index 2aeb2e9..46e3925 100644 --- a/drivers/scsi/scsi.c @@ -37199,10 +36253,10 @@ index 2aeb2e9..46e3925 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state =3D=3D SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index f85cfa6..a57c9e8 100644 +index b2c95db..227d74e 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -1416,7 +1416,7 @@ static void scsi_kill_request(struct request *req,= struct request_queue *q) +@@ -1411,7 +1411,7 @@ static void scsi_kill_request(struct request *req,= struct request_queue *q) shost =3D sdev->host; scsi_init_cmd_errh(cmd); cmd->result =3D DID_NO_CONNECT << 16; @@ -37211,7 +36265,7 @@ index f85cfa6..a57c9e8 100644 =20 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1442,9 +1442,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1437,9 +1437,9 @@ static void scsi_softirq_done(struct request *rq) =20 INIT_LIST_HEAD(&cmd->eh_entry); =20 @@ -37250,7 +36304,7 @@ index 84a1fdf..693b0d6 100644 /* * TODO: need to fixup sg_tablesize, max_segment_size, diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transp= ort_fc.c -index 1b21491..1b7f60e 100644 +index f59d4a0..1d89407 100644 --- a/drivers/scsi/scsi_transport_fc.c +++ b/drivers/scsi/scsi_transport_fc.c @@ -484,7 +484,7 @@ static DECLARE_TRANSPORT_CLASS(fc_vport_class, @@ -37290,7 +36344,7 @@ index 1b21491..1b7f60e 100644 /* * Check for overflow; dev_loss_tmo is u32 diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_tra= nsport_iscsi.c -index 96029e6..4d77fa0 100644 +index cfd4914..ddd7129 100644 --- a/drivers/scsi/scsi_transport_iscsi.c +++ b/drivers/scsi/scsi_transport_iscsi.c @@ -79,7 +79,7 @@ struct iscsi_internal { @@ -37302,7 +36356,7 @@ index 96029e6..4d77fa0 100644 static struct workqueue_struct *iscsi_eh_timer_workq; =20 static DEFINE_IDA(iscsi_sess_ida); -@@ -1062,7 +1062,7 @@ int iscsi_add_session(struct iscsi_cls_session *se= ssion, unsigned int target_id) +@@ -1063,7 +1063,7 @@ int iscsi_add_session(struct iscsi_cls_session *se= ssion, unsigned int target_id) int err; =20 ihost =3D shost->shost_data; @@ -37311,7 +36365,7 @@ index 96029e6..4d77fa0 100644 =20 if (target_id =3D=3D ISCSI_MAX_TARGET) { id =3D ida_simple_get(&iscsi_sess_ida, 0, 0, GFP_KERNEL); -@@ -2663,7 +2663,7 @@ static __init int iscsi_transport_init(void) +@@ -2680,7 +2680,7 @@ static __init int iscsi_transport_init(void) printk(KERN_INFO "Loading iSCSI transport class v%s.\n", ISCSI_TRANSPORT_VERSION); =20 @@ -37352,7 +36406,7 @@ index 21a045e..ec89e03 100644 =20 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c -index 441a1c5..07cece7 100644 +index eacd46b..e3f4d62 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -1077,7 +1077,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, u= nsigned long arg) @@ -37373,15 +36427,15 @@ index 441a1c5..07cece7 100644 {"allow_dio", &adio_fops}, {"debug", &debug_fops}, {"def_reserved_size", &dressz_fops}, -@@ -2327,7 +2327,7 @@ sg_proc_init(void) - { - int k, mask; - int num_leaves =3D ARRAY_SIZE(sg_proc_leaf_arr); -- struct sg_proc_leaf * leaf; -+ const struct sg_proc_leaf * leaf; -=20 - sg_proc_sgp =3D proc_mkdir(sg_proc_sg_dirname, NULL); +@@ -2332,7 +2332,7 @@ sg_proc_init(void) if (!sg_proc_sgp) + return 1; + for (k =3D 0; k < num_leaves; ++k) { +- struct sg_proc_leaf *leaf =3D &sg_proc_leaf_arr[k]; ++ const struct sg_proc_leaf *leaf =3D &sg_proc_leaf_arr[k]; + umode_t mask =3D leaf->fops->write ? S_IRUGO | S_IWUSR : S_IRUGO; + proc_create(leaf->name, mask, sg_proc_sgp, leaf->fops); + } diff --git a/drivers/spi/spi-dw-pci.c b/drivers/spi/spi-dw-pci.c index f64250e..1ee3049 100644 --- a/drivers/spi/spi-dw-pci.c @@ -37396,7 +36450,7 @@ index f64250e..1ee3049 100644 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x0800) }, {}, diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c -index 77eae99..b7cdcc9 100644 +index b2ccdea..84cde75 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c @@ -1024,7 +1024,7 @@ int spi_bus_unlock(struct spi_master *master) @@ -37408,65 +36462,8 @@ index 77eae99..b7cdcc9 100644 =20 static u8 *buf; =20 -diff --git a/drivers/staging/gma500/power.c b/drivers/staging/gma500/pow= er.c -index 436fe97..4082570 100644 ---- a/drivers/staging/gma500/power.c -+++ b/drivers/staging/gma500/power.c -@@ -266,7 +266,7 @@ bool gma_power_begin(struct drm_device *dev, bool fo= rce_on) - ret =3D gma_resume_pci(dev->pdev); - if (ret =3D=3D 0) { - /* FIXME: we want to defer this for Medfield/Oaktrail */ -- gma_resume_display(dev); -+ gma_resume_display(dev->pdev); - psb_irq_preinstall(dev); - psb_irq_postinstall(dev); - pm_runtime_get(&dev->pdev->dev); -diff --git a/drivers/staging/hv/rndis_filter.c b/drivers/staging/hv/rndi= s_filter.c -index bafccb3..e3ac78d 100644 ---- a/drivers/staging/hv/rndis_filter.c -+++ b/drivers/staging/hv/rndis_filter.c -@@ -42,7 +42,7 @@ struct rndis_device { -=20 - enum rndis_device_state state; - bool link_state; -- atomic_t new_req_id; -+ atomic_unchecked_t new_req_id; -=20 - spinlock_t request_lock; - struct list_head req_list; -@@ -116,7 +116,7 @@ static struct rndis_request *get_rndis_request(struc= t rndis_device *dev, - * template - */ - set =3D &rndis_msg->msg.set_req; -- set->req_id =3D atomic_inc_return(&dev->new_req_id); -+ set->req_id =3D atomic_inc_return_unchecked(&dev->new_req_id); -=20 - /* Add to the request list */ - spin_lock_irqsave(&dev->request_lock, flags); -@@ -646,7 +646,7 @@ static void rndis_filter_halt_device(struct rndis_de= vice *dev) -=20 - /* Setup the rndis set */ - halt =3D &request->request_msg.msg.halt_req; -- halt->req_id =3D atomic_inc_return(&dev->new_req_id); -+ halt->req_id =3D atomic_inc_return_unchecked(&dev->new_req_id); -=20 - /* Ignore return since this msg is optional. */ - rndis_filter_send_request(dev, request); -diff --git a/drivers/staging/iio/buffer_generic.h b/drivers/staging/iio/= buffer_generic.h -index 9e8f010..af9efb56 100644 ---- a/drivers/staging/iio/buffer_generic.h -+++ b/drivers/staging/iio/buffer_generic.h -@@ -64,7 +64,7 @@ struct iio_buffer_access_funcs { -=20 - int (*is_enabled)(struct iio_buffer *buffer); - int (*enable)(struct iio_buffer *buffer); --}; -+} __no_const; -=20 - /** - * struct iio_buffer_setup_ops - buffer setup related callbacks diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octe= on/ethernet-rx.c -index 8b307b4..a97ac91 100644 +index 400df8c..065d4f4 100644 --- a/drivers/staging/octeon/ethernet-rx.c +++ b/drivers/staging/octeon/ethernet-rx.c @@ -420,11 +420,11 @@ static int cvm_oct_napi_poll(struct napi_struct *n= api, int budget) @@ -37498,7 +36495,7 @@ index 8b307b4..a97ac91 100644 dev_kfree_skb_irq(skb); } diff --git a/drivers/staging/octeon/ethernet.c b/drivers/staging/octeon/= ethernet.c -index 076f866..2308070 100644 +index 9112cd8..92f8d51 100644 --- a/drivers/staging/octeon/ethernet.c +++ b/drivers/staging/octeon/ethernet.c @@ -258,11 +258,11 @@ static struct net_device_stats *cvm_oct_common_get= _stats(struct net_device *dev) @@ -37517,101 +36514,6 @@ index 076f866..2308070 100644 #endif } =20 -diff --git a/drivers/staging/pohmelfs/inode.c b/drivers/staging/pohmelfs= /inode.c -index 7a19555..466456d 100644 ---- a/drivers/staging/pohmelfs/inode.c -+++ b/drivers/staging/pohmelfs/inode.c -@@ -1861,7 +1861,7 @@ static int pohmelfs_fill_super(struct super_block = *sb, void *data, int silent) - mutex_init(&psb->mcache_lock); - psb->mcache_root =3D RB_ROOT; - psb->mcache_timeout =3D msecs_to_jiffies(5000); -- atomic_long_set(&psb->mcache_gen, 0); -+ atomic_long_set_unchecked(&psb->mcache_gen, 0); -=20 - psb->trans_max_pages =3D 100; -=20 -@@ -1876,7 +1876,7 @@ static int pohmelfs_fill_super(struct super_block = *sb, void *data, int silent) - INIT_LIST_HEAD(&psb->crypto_ready_list); - INIT_LIST_HEAD(&psb->crypto_active_list); -=20 -- atomic_set(&psb->trans_gen, 1); -+ atomic_set_unchecked(&psb->trans_gen, 1); - atomic_long_set(&psb->total_inodes, 0); -=20 - mutex_init(&psb->state_lock); -diff --git a/drivers/staging/pohmelfs/mcache.c b/drivers/staging/pohmelf= s/mcache.c -index e22665c..a2a9390 100644 ---- a/drivers/staging/pohmelfs/mcache.c -+++ b/drivers/staging/pohmelfs/mcache.c -@@ -121,7 +121,7 @@ struct pohmelfs_mcache *pohmelfs_mcache_alloc(struct= pohmelfs_sb *psb, u64 start - m->data =3D data; - m->start =3D start; - m->size =3D size; -- m->gen =3D atomic_long_inc_return(&psb->mcache_gen); -+ m->gen =3D atomic_long_inc_return_unchecked(&psb->mcache_gen); -=20 - mutex_lock(&psb->mcache_lock); - err =3D pohmelfs_mcache_insert(psb, m); -diff --git a/drivers/staging/pohmelfs/netfs.h b/drivers/staging/pohmelfs= /netfs.h -index 985b6b7..7699e05 100644 ---- a/drivers/staging/pohmelfs/netfs.h -+++ b/drivers/staging/pohmelfs/netfs.h -@@ -571,14 +571,14 @@ struct pohmelfs_config; - struct pohmelfs_sb { - struct rb_root mcache_root; - struct mutex mcache_lock; -- atomic_long_t mcache_gen; -+ atomic_long_unchecked_t mcache_gen; - unsigned long mcache_timeout; -=20 - unsigned int idx; -=20 - unsigned int trans_retries; -=20 -- atomic_t trans_gen; -+ atomic_unchecked_t trans_gen; -=20 - unsigned int crypto_attached_size; - unsigned int crypto_align_size; -diff --git a/drivers/staging/pohmelfs/trans.c b/drivers/staging/pohmelfs= /trans.c -index 06c1a74..866eebc 100644 ---- a/drivers/staging/pohmelfs/trans.c -+++ b/drivers/staging/pohmelfs/trans.c -@@ -492,7 +492,7 @@ int netfs_trans_finish(struct netfs_trans *t, struct= pohmelfs_sb *psb) - int err; - struct netfs_cmd *cmd =3D t->iovec.iov_base; -=20 -- t->gen =3D atomic_inc_return(&psb->trans_gen); -+ t->gen =3D atomic_inc_return_unchecked(&psb->trans_gen); -=20 - cmd->size =3D t->iovec.iov_len - sizeof(struct netfs_cmd) + - t->attached_size + t->attached_pages * sizeof(struct netfs_cmd); -diff --git a/drivers/staging/rtl8192e/rtllib_module.c b/drivers/staging/= rtl8192e/rtllib_module.c -index c36a140..dd27fda 100644 ---- a/drivers/staging/rtl8192e/rtllib_module.c -+++ b/drivers/staging/rtl8192e/rtllib_module.c -@@ -228,6 +228,8 @@ static int show_debug_level(char *page, char **start= , off_t offset, - } -=20 - static int store_debug_level(struct file *file, const char __user *buff= er, -+ unsigned long count, void *data) __size_overflow(3); -+static int store_debug_level(struct file *file, const char __user *buff= er, - unsigned long count, void *data) - { - char buf[] =3D "0x00000000"; -diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c b/dri= vers/staging/rtl8192u/ieee80211/ieee80211_module.c -index e3d47bc..85f4d0d 100644 ---- a/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c -+++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c -@@ -250,6 +250,8 @@ static int show_debug_level(char *page, char **start= , off_t offset, - } -=20 - static int store_debug_level(struct file *file, const char *buffer, -+ unsigned long count, void *data) __size_overflow(3); -+static int store_debug_level(struct file *file, const char *buffer, - unsigned long count, void *data) - { - char buf[] =3D "0x00000000"; diff --git a/drivers/staging/rtl8712/rtl871x_io.h b/drivers/staging/rtl8= 712/rtl871x_io.h index 86308a0..feaa925 100644 --- a/drivers/staging/rtl8712/rtl871x_io.h @@ -37638,8 +36540,25 @@ index c7b5e8b..783d6cb 100644 return -EFAULT; =20 return 0; +diff --git a/drivers/staging/speakup/speakup_soft.c b/drivers/staging/sp= eakup/speakup_soft.c +index 42cdafe..2769103 100644 +--- a/drivers/staging/speakup/speakup_soft.c ++++ b/drivers/staging/speakup/speakup_soft.c +@@ -241,11 +241,11 @@ static ssize_t softsynth_read(struct file *fp, cha= r *buf, size_t count, + break; + } else if (!initialized) { + if (*init) { +- ch =3D *init; + init++; + } else { + initialized =3D 1; + } ++ ch =3D *init; + } else { + ch =3D synth_buffer_getc(); + } diff --git a/drivers/staging/usbip/usbip_common.h b/drivers/staging/usbi= p/usbip_common.h -index be21617..0954e45 100644 +index b8f8c48..1fc5025 100644 --- a/drivers/staging/usbip/usbip_common.h +++ b/drivers/staging/usbip/usbip_common.h @@ -289,7 +289,7 @@ struct usbip_device { @@ -37650,7 +36569,7 @@ index be21617..0954e45 100644 + } __no_const eh_ops; }; =20 - #if 0 + /* usbip_common.c */ diff --git a/drivers/staging/usbip/vhci.h b/drivers/staging/usbip/vhci.h index 88b3298..3783eee 100644 --- a/drivers/staging/usbip/vhci.h @@ -37696,7 +36615,7 @@ index 2ee97e2..0420b86 100644 =20 hcd->power_budget =3D 0; /* no limit */ diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhc= i_rx.c -index 3872b8c..fe6d2f4 100644 +index 3f511b4..d3dbc1e 100644 --- a/drivers/staging/usbip/vhci_rx.c +++ b/drivers/staging/usbip/vhci_rx.c @@ -77,7 +77,7 @@ static void vhci_recv_ret_submit(struct vhci_device *v= dev, @@ -37824,10 +36743,10 @@ index ed147c4..94fc3c6 100644 =20 /* core tmem accessor functions */ diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/= iscsi_target.c -index 03d3528..6bbe82f 100644 +index 501b27c..39dc3d3 100644 --- a/drivers/target/iscsi/iscsi_target.c +++ b/drivers/target/iscsi/iscsi_target.c -@@ -1364,7 +1364,7 @@ static int iscsit_handle_data_out(struct iscsi_con= n *conn, unsigned char *buf) +@@ -1363,7 +1363,7 @@ static int iscsit_handle_data_out(struct iscsi_con= n *conn, unsigned char *buf) * outstanding_r2ts reaches zero, go ahead and send the delayed * TASK_ABORTED status. */ @@ -37837,10 +36756,10 @@ index 03d3528..6bbe82f 100644 if (--cmd->outstanding_r2ts < 1) { iscsit_stop_dataout_timer(cmd); diff --git a/drivers/target/target_core_tmr.c b/drivers/target/target_co= re_tmr.c -index 6845228..df77141 100644 +index dcb0618..97e3d85 100644 --- a/drivers/target/target_core_tmr.c +++ b/drivers/target/target_core_tmr.c -@@ -250,7 +250,7 @@ static void core_tmr_drain_task_list( +@@ -260,7 +260,7 @@ static void core_tmr_drain_task_list( cmd->se_tfo->get_task_tag(cmd), cmd->pr_res_key, cmd->t_task_list_num, atomic_read(&cmd->t_task_cdbs_left), @@ -37849,7 +36768,7 @@ index 6845228..df77141 100644 atomic_read(&cmd->t_transport_active), atomic_read(&cmd->t_transport_stop), atomic_read(&cmd->t_transport_sent)); -@@ -281,7 +281,7 @@ static void core_tmr_drain_task_list( +@@ -291,7 +291,7 @@ static void core_tmr_drain_task_list( pr_debug("LUN_RESET: got t_transport_active =3D 1 for" " task: %p, t_fe_count: %d dev: %p\n", task, fe_count, dev); @@ -37858,7 +36777,7 @@ index 6845228..df77141 100644 spin_unlock_irqrestore(&cmd->t_state_lock, flags); =20 core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count); -@@ -289,7 +289,7 @@ static void core_tmr_drain_task_list( +@@ -299,7 +299,7 @@ static void core_tmr_drain_task_list( } pr_debug("LUN_RESET: Got t_transport_active =3D 0 for task: %p," " t_fe_count: %d dev: %p\n", task, fe_count, dev); @@ -37868,19 +36787,19 @@ index 6845228..df77141 100644 =20 core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count); diff --git a/drivers/target/target_core_transport.c b/drivers/target/tar= get_core_transport.c -index cdb774b..8753593 100644 +index cd5cd95..5249d30 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c -@@ -1343,7 +1343,7 @@ struct se_device *transport_add_device_to_core_hba= ( -=20 - dev->queue_depth =3D dev_limits->queue_depth; - atomic_set(&dev->depth_left, dev->queue_depth); +@@ -1330,7 +1330,7 @@ struct se_device *transport_add_device_to_core_hba= ( + spin_lock_init(&dev->se_port_lock); + spin_lock_init(&dev->se_tmr_lock); + spin_lock_init(&dev->qf_cmd_lock); - atomic_set(&dev->dev_ordered_id, 0); + atomic_set_unchecked(&dev->dev_ordered_id, 0); =20 se_dev_set_default_attribs(dev, dev_limits); =20 -@@ -1530,7 +1530,7 @@ static int transport_check_alloc_task_attr(struct = se_cmd *cmd) +@@ -1517,7 +1517,7 @@ static int transport_check_alloc_task_attr(struct = se_cmd *cmd) * Used to determine when ORDERED commands should go from * Dormant to Active status. */ @@ -37889,7 +36808,7 @@ index cdb774b..8753593 100644 smp_mb__after_atomic_inc(); pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n", cmd->se_ordered_id, cmd->sam_task_attr, -@@ -1800,7 +1800,7 @@ static void transport_generic_request_failure(stru= ct se_cmd *cmd) +@@ -1862,7 +1862,7 @@ static void transport_generic_request_failure(stru= ct se_cmd *cmd) " t_transport_active: %d t_transport_stop: %d" " t_transport_sent: %d\n", cmd->t_task_list_num, atomic_read(&cmd->t_task_cdbs_left), @@ -37898,8 +36817,8 @@ index cdb774b..8753593 100644 atomic_read(&cmd->t_task_cdbs_ex_left), atomic_read(&cmd->t_transport_active), atomic_read(&cmd->t_transport_stop), -@@ -2089,9 +2089,9 @@ check_depth: -=20 +@@ -2121,9 +2121,9 @@ check_depth: + cmd =3D task->task_se_cmd; spin_lock_irqsave(&cmd->t_state_lock, flags); task->task_flags |=3D (TF_ACTIVE | TF_SENT); - atomic_inc(&cmd->t_task_cdbs_sent); @@ -37910,7 +36829,7 @@ index cdb774b..8753593 100644 cmd->t_task_list_num) atomic_set(&cmd->t_transport_sent, 1); =20 -@@ -4297,7 +4297,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd) +@@ -4348,7 +4348,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd) atomic_set(&cmd->transport_lun_stop, 0); } if (!atomic_read(&cmd->t_transport_active) || @@ -37919,7 +36838,7 @@ index cdb774b..8753593 100644 spin_unlock_irqrestore(&cmd->t_state_lock, flags); return false; } -@@ -4546,7 +4546,7 @@ int transport_check_aborted_status(struct se_cmd *= cmd, int send_status) +@@ -4597,7 +4597,7 @@ int transport_check_aborted_status(struct se_cmd *= cmd, int send_status) { int ret =3D 0; =20 @@ -37928,7 +36847,7 @@ index cdb774b..8753593 100644 if (!send_status || (cmd->se_cmd_flags & SCF_SENT_DELAYED_TAS)) return 1; -@@ -4583,7 +4583,7 @@ void transport_send_task_abort(struct se_cmd *cmd) +@@ -4634,7 +4634,7 @@ void transport_send_task_abort(struct se_cmd *cmd) */ if (cmd->data_direction =3D=3D DMA_TO_DEVICE) { if (cmd->se_tfo->write_pending_status(cmd) !=3D 0) { @@ -38183,7 +37102,7 @@ index fc7bbba..9527e93 100644 return NULL; } diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index 39d6ab6..eb97f41 100644 +index d2256d0..97476fa 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c @@ -2123,6 +2123,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) @@ -38196,10 +37115,10 @@ index 39d6ab6..eb97f41 100644 } EXPORT_SYMBOL_GPL(n_tty_inherit_ops); diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index e18604b..a7d5a11 100644 +index d8653ab..f8afd9d 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c -@@ -773,8 +773,10 @@ static void __init unix98_pty_init(void) +@@ -765,8 +765,10 @@ static void __init unix98_pty_init(void) register_sysctl_table(pty_root_table); =20 /* Now create the /dev/ptmx special device */ @@ -38314,10 +37233,10 @@ index 2b42a01..32a2ed3 100644 /* This is only available if kgdboc is a built in for early debugging *= / static int __init kgdboc_early_init(char *opt) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index 05085be..67eadb0 100644 +index e41b9bb..84002fb 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c -@@ -3240,7 +3240,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); +@@ -3291,7 +3291,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); =20 void tty_default_fops(struct file_operations *fops) { @@ -38327,10 +37246,10 @@ index 05085be..67eadb0 100644 =20 /* diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c -index 8e0924f..4204eb4 100644 +index 24b95db..9c078d0 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c -@@ -75,7 +75,7 @@ static void put_ldisc(struct tty_ldisc *ld) +@@ -57,7 +57,7 @@ static void put_ldisc(struct tty_ldisc *ld) if (atomic_dec_and_lock(&ld->users, &tty_ldisc_lock)) { struct tty_ldisc_ops *ldo =3D ld->ops; =20 @@ -38339,7 +37258,7 @@ index 8e0924f..4204eb4 100644 module_put(ldo->owner); spin_unlock_irqrestore(&tty_ldisc_lock, flags); =20 -@@ -110,7 +110,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_op= s *new_ldisc) +@@ -92,7 +92,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops = *new_ldisc) spin_lock_irqsave(&tty_ldisc_lock, flags); tty_ldiscs[disc] =3D new_ldisc; new_ldisc->num =3D disc; @@ -38348,7 +37267,7 @@ index 8e0924f..4204eb4 100644 spin_unlock_irqrestore(&tty_ldisc_lock, flags); =20 return ret; -@@ -138,7 +138,7 @@ int tty_unregister_ldisc(int disc) +@@ -120,7 +120,7 @@ int tty_unregister_ldisc(int disc) return -EINVAL; =20 spin_lock_irqsave(&tty_ldisc_lock, flags); @@ -38357,7 +37276,7 @@ index 8e0924f..4204eb4 100644 ret =3D -EBUSY; else tty_ldiscs[disc] =3D NULL; -@@ -159,7 +159,7 @@ static struct tty_ldisc_ops *get_ldops(int disc) +@@ -141,7 +141,7 @@ static struct tty_ldisc_ops *get_ldops(int disc) if (ldops) { ret =3D ERR_PTR(-EAGAIN); if (try_module_get(ldops->owner)) { @@ -38366,7 +37285,7 @@ index 8e0924f..4204eb4 100644 ret =3D ldops; } } -@@ -172,7 +172,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops) +@@ -154,7 +154,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops) unsigned long flags; =20 spin_lock_irqsave(&tty_ldisc_lock, flags); @@ -38536,7 +37455,7 @@ index a783d53..cb30d94 100644 ret =3D uio_get_minor(idev); if (ret) diff --git a/drivers/usb/atm/cxacru.c b/drivers/usb/atm/cxacru.c -index a845f8b..4f54072 100644 +index 98b89fe..aff824e 100644 --- a/drivers/usb/atm/cxacru.c +++ b/drivers/usb/atm/cxacru.c @@ -473,7 +473,7 @@ static ssize_t cxacru_sysfs_store_adsl_config(struct= device *dev, @@ -38662,6 +37581,21 @@ index d956965..4179a77 100644 if (file->f_version !=3D event_count) { file->f_version =3D event_count; return POLLIN | POLLRDNORM; +diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c +index b3bdfed..a9460e0 100644 +--- a/drivers/usb/core/message.c ++++ b/drivers/usb/core/message.c +@@ -869,8 +869,8 @@ char *usb_cache_string(struct usb_device *udev, int = index) + buf =3D kmalloc(MAX_USB_STRING_SIZE, GFP_NOIO); + if (buf) { + len =3D usb_string(udev, index, buf, MAX_USB_STRING_SIZE); +- if (len > 0) { +- smallbuf =3D kmalloc(++len, GFP_NOIO); ++ if (len++ > 0) { ++ smallbuf =3D kmalloc(len, GFP_NOIO); + if (!smallbuf) + return buf; + memcpy(smallbuf, buf, len); diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp= .c index 1fc8f12..20647c1 100644 --- a/drivers/usb/early/ehci-dbgp.c @@ -38764,19 +37698,6 @@ index b0b2ac3..89a4399 100644 "AGP", "PCI", "PRO AGP", -diff --git a/drivers/video/backlight/s6e63m0.c b/drivers/video/backlight= /s6e63m0.c -index e132157..516db70 100644 ---- a/drivers/video/backlight/s6e63m0.c -+++ b/drivers/video/backlight/s6e63m0.c -@@ -690,7 +690,7 @@ static ssize_t s6e63m0_sysfs_store_gamma_mode(struct= device *dev, - struct backlight_device *bd =3D NULL; - int brightness, rc; -=20 -- rc =3D strict_strtoul(buf, 0, (unsigned long *)&lcd->gamma_mode); -+ rc =3D kstrtouint(buf, 0, &lcd->gamma_mode); - if (rc < 0) - return rc; -=20 diff --git a/drivers/video/fbcmap.c b/drivers/video/fbcmap.c index 5c3960d..15cf8fc 100644 --- a/drivers/video/fbcmap.c @@ -38792,7 +37713,7 @@ index 5c3960d..15cf8fc 100644 goto out1; } diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c -index ad93629..e020fc3 100644 +index ac9141b..9f07583 100644 --- a/drivers/video/fbmem.c +++ b/drivers/video/fbmem.c @@ -428,7 +428,7 @@ static void fb_do_show_logo(struct fb_info *info, st= ruct fb_image *image, @@ -38813,7 +37734,7 @@ index ad93629..e020fc3 100644 info->fbops->fb_imageblit(info, image); image->dy -=3D image->height + 8; } -@@ -1143,7 +1143,7 @@ static long do_fb_ioctl(struct fb_info *info, unsi= gned int cmd, +@@ -1157,7 +1157,7 @@ static long do_fb_ioctl(struct fb_info *info, unsi= gned int cmd, return -EFAULT; if (con2fb.console < 1 || con2fb.console > MAX_NR_CONSOLES) return -EINVAL; @@ -38870,7 +37791,7 @@ index 7672d2e..b56437f 100644 par->dev_flags |=3D LOCKUP; info->pixmap.scan_align =3D 1; diff --git a/drivers/video/i810/i810_main.c b/drivers/video/i810/i810_ma= in.c -index 318f6fb..9a389c1 100644 +index b83f361..2b05a91 100644 --- a/drivers/video/i810/i810_main.c +++ b/drivers/video/i810/i810_main.c @@ -97,7 +97,7 @@ static int i810fb_blank (int blank_mode, struct f= b_info *info); @@ -41625,7 +40546,7 @@ index 3c14e43..eafa544 100644 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 +4 4 4 4 4 4 diff --git a/drivers/video/udlfb.c b/drivers/video/udlfb.c -index 3473e75..c930142 100644 +index a197731..6c3af9d 100644 --- a/drivers/video/udlfb.c +++ b/drivers/video/udlfb.c @@ -619,11 +619,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int = x, int y, @@ -41712,7 +40633,7 @@ index 3473e75..c930142 100644 return count; } diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c -index 7f8472c..9842e87 100644 +index e7f69ef..83af4fd 100644 --- a/drivers/video/uvesafb.c +++ b/drivers/video/uvesafb.c @@ -19,6 +19,7 @@ @@ -41933,23 +40854,23 @@ index e56c934..fc22f4b 100644 struct list_head list; }; diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c -index 879ed88..bc03a01 100644 +index 014c8dd..6f3dfe6 100644 --- a/fs/9p/vfs_inode.c +++ b/fs/9p/vfs_inode.c -@@ -1286,7 +1286,7 @@ static void *v9fs_vfs_follow_link(struct dentry *d= entry, struct nameidata *nd) +@@ -1303,7 +1303,7 @@ static void *v9fs_vfs_follow_link(struct dentry *d= entry, struct nameidata *nd) void v9fs_vfs_put_link(struct dentry *dentry, struct nameidata *nd, void *p) { - char *s =3D nd_get_link(nd); + const char *s =3D nd_get_link(nd); =20 - P9_DPRINTK(P9_DEBUG_VFS, " %s %s\n", dentry->d_name.name, - IS_ERR(s) ? "" : s); + p9_debug(P9_DEBUG_VFS, " %s %s\n", + dentry->d_name.name, IS_ERR(s) ? "" : s); diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt -index 79e2ca7..5828ad1 100644 +index e95d1b6..3454244 100644 --- a/fs/Kconfig.binfmt +++ b/fs/Kconfig.binfmt -@@ -86,7 +86,7 @@ config HAVE_AOUT +@@ -89,7 +89,7 @@ config HAVE_AOUT =20 config BINFMT_AOUT tristate "Kernel support for a.out and ECOFF binaries" @@ -42002,7 +40923,7 @@ index b9d64d8..86cb1d5 100644 kiocb->ki_cur_seg =3D 0; /* ki_nbytes/left now reflect bytes instead of segs */ diff --git a/fs/attr.c b/fs/attr.c -index 7ee7ba4..0c61a60 100644 +index 95053ad..2cc93ca 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -99,6 +99,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t= offset) @@ -42014,10 +40935,10 @@ index 7ee7ba4..0c61a60 100644 goto out_sig; if (offset > inode->i_sb->s_maxbytes) diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c -index 6861f61..a25f010 100644 +index 9c098db..c755da5 100644 --- a/fs/autofs4/waitq.c +++ b/fs/autofs4/waitq.c -@@ -60,7 +60,7 @@ static int autofs4_write(struct file *file, const void= *addr, int bytes) +@@ -61,7 +61,7 @@ static int autofs4_write(struct autofs_sb_info *sbi, { unsigned long sigpipe, flags; mm_segment_t fs; @@ -42025,12 +40946,12 @@ index 6861f61..a25f010 100644 + const char __user *data =3D (const char __force_user *)addr; ssize_t wr =3D 0; =20 - /** WARNING: this is not safe for writing more than PIPE_BUF bytes! **= / + sigpipe =3D sigismember(¤t->pending.signal, SIGPIPE); diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c -index 8342ca6..82fd192 100644 +index 6e6d536..457113a 100644 --- a/fs/befs/linuxvfs.c +++ b/fs/befs/linuxvfs.c -@@ -503,7 +503,7 @@ static void befs_put_link(struct dentry *dentry, str= uct nameidata *nd, void *p) +@@ -502,7 +502,7 @@ static void befs_put_link(struct dentry *dentry, str= uct nameidata *nd, void *p) { befs_inode_info *befs_ino =3D BEFS_I(dentry->d_inode); if (befs_ino->i_flags & BEFS_LONG_SYMLINK) { @@ -42040,7 +40961,7 @@ index 8342ca6..82fd192 100644 kfree(link); } diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c -index a6395bd..f1e376a 100644 +index 1ff9405..f1e376a 100644 --- a/fs/binfmt_aout.c +++ b/fs/binfmt_aout.c @@ -16,6 +16,7 @@ @@ -42082,17 +41003,7 @@ index a6395bd..f1e376a 100644 if (ex.a_data + ex.a_bss > rlim) return -ENOMEM; =20 -@@ -259,9 +266,37 @@ static int load_aout_binary(struct linux_binprm * b= prm, struct pt_regs * regs) - current->mm->free_area_cache =3D current->mm->mmap_base; - current->mm->cached_hole_size =3D 0; -=20 -+ retval =3D setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); -+ if (retval < 0) { -+ /* Someone check-me: is this error path enough? */ -+ send_sig(SIGKILL, current, 0); -+ return retval; -+ } -+ +@@ -269,6 +276,27 @@ static int load_aout_binary(struct linux_binprm * b= prm, struct pt_regs * regs) install_exec_creds(bprm); current->flags &=3D ~PF_FORKNOEXEC; =20 @@ -42120,7 +41031,7 @@ index a6395bd..f1e376a 100644 if (N_MAGIC(ex) =3D=3D OMAGIC) { unsigned long text_addr, map_size; loff_t pos; -@@ -334,7 +369,7 @@ static int load_aout_binary(struct linux_binprm * bp= rm, struct pt_regs * regs) +@@ -341,7 +369,7 @@ static int load_aout_binary(struct linux_binprm * bp= rm, struct pt_regs * regs) =20 down_write(¤t->mm->mmap_sem); error =3D do_mmap(bprm->file, N_DATADDR(ex), ex.a_data, @@ -42129,22 +41040,8 @@ index a6395bd..f1e376a 100644 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, fd_offset + ex.a_text); up_write(¤t->mm->mmap_sem); -@@ -352,13 +387,6 @@ beyond_if: - return retval; - } -=20 -- retval =3D setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); -- if (retval < 0) {=20 -- /* Someone check-me: is this error path enough? */=20 -- send_sig(SIGKILL, current, 0);=20 -- return retval; -- } -- - current->mm->start_stack =3D - (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); - #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 6ff96c6..b5fb43a 100644 +index 07d096c..5e2a0b3 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -42778,19 +41675,7 @@ index 6ff96c6..b5fb43a 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval =3D -EINVAL; -@@ -870,6 +1328,11 @@ static int load_elf_binary(struct linux_binprm *bp= rm, struct pt_regs *regs) - start_data +=3D load_bias; - end_data +=3D load_bias; -=20 -+#ifdef CONFIG_PAX_RANDMMAP -+ if (current->mm->pax_flags & MF_PAX_RANDMMAP) -+ elf_brk +=3D PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL= )) << 4); -+#endif -+ - /* Calling set_brk effectively mmaps the pages that we need - * for the bss and break sections. We must do this before - * mapping in the interpreter, to make sure it doesn't wind -@@ -881,9 +1344,11 @@ static int load_elf_binary(struct linux_binprm *bp= rm, struct pt_regs *regs) +@@ -881,11 +1339,35 @@ static int load_elf_binary(struct linux_binprm *b= prm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss !=3D elf_brk) && unlikely(padzero(elf_bss))) { @@ -42804,8 +41689,32 @@ index 6ff96c6..b5fb43a 100644 + */ } =20 ++#ifdef CONFIG_PAX_RANDMMAP ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) { ++ unsigned long start, size; ++ ++ start =3D ELF_PAGEALIGN(elf_brk); ++ size =3D PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) <= < 4); ++ down_write(¤t->mm->mmap_sem); ++ retval =3D -ENOMEM; ++ if (!find_vma_intersection(current->mm, start, start + size + PAGE_SI= ZE)) { ++ start =3D do_mmap(NULL, start, size, PROT_NONE, MAP_ANONYMOUS | MAP_= FIXED | MAP_PRIVATE, 0); ++ retval =3D IS_ERR_VALUE(start) ? start : 0; ++ } ++ up_write(¤t->mm->mmap_sem); ++ if (retval =3D=3D 0) ++ retval =3D set_brk(start + size, start + size + PAGE_SIZE); ++ if (retval < 0) { ++ send_sig(SIGKILL, current, 0); ++ goto out_free_dentry; ++ } ++ } ++#endif ++ if (elf_interpreter) { -@@ -1098,7 +1563,7 @@ out: + unsigned long uninitialized_var(interp_map_addr); +=20 +@@ -1098,7 +1580,7 @@ out: * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -42814,7 +41723,7 @@ index 6ff96c6..b5fb43a 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) =20 -@@ -1132,7 +1597,7 @@ static unsigned long vma_dump_size(struct vm_area_= struct *vma, +@@ -1132,7 +1614,7 @@ static unsigned long vma_dump_size(struct vm_area_= struct *vma, if (vma->vm_file =3D=3D NULL) return 0; =20 @@ -42823,7 +41732,7 @@ index 6ff96c6..b5fb43a 100644 goto whole; =20 /* -@@ -1354,9 +1819,9 @@ static void fill_auxv_note(struct memelfnote *note= , struct mm_struct *mm) +@@ -1354,9 +1836,9 @@ static void fill_auxv_note(struct memelfnote *note= , struct mm_struct *mm) { elf_addr_t *auxv =3D (elf_addr_t *) mm->saved_auxv; int i =3D 0; @@ -42835,7 +41744,7 @@ index 6ff96c6..b5fb43a 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } =20 -@@ -1862,14 +2327,14 @@ static void fill_extnum_info(struct elfhdr *elf,= struct elf_shdr *shdr4extnum, +@@ -1862,14 +2344,14 @@ static void fill_extnum_info(struct elfhdr *elf,= struct elf_shdr *shdr4extnum, } =20 static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -42852,7 +41761,7 @@ index 6ff96c6..b5fb43a 100644 return size; } =20 -@@ -1963,7 +2428,7 @@ static int elf_core_dump(struct coredump_params *c= prm) +@@ -1963,7 +2445,7 @@ static int elf_core_dump(struct coredump_params *c= prm) =20 dataoff =3D offset =3D roundup(offset, ELF_EXEC_PAGESIZE); =20 @@ -42861,7 +41770,7 @@ index 6ff96c6..b5fb43a 100644 offset +=3D elf_core_extra_data_size(); e_shoff =3D offset; =20 -@@ -1977,10 +2442,12 @@ static int elf_core_dump(struct coredump_params = *cprm) +@@ -1977,10 +2459,12 @@ static int elf_core_dump(struct coredump_params = *cprm) offset =3D dataoff; =20 size +=3D sizeof(*elf); @@ -42874,7 +41783,7 @@ index 6ff96c6..b5fb43a 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -1994,7 +2461,7 @@ static int elf_core_dump(struct coredump_params *c= prm) +@@ -1994,7 +2478,7 @@ static int elf_core_dump(struct coredump_params *c= prm) phdr.p_offset =3D offset; phdr.p_vaddr =3D vma->vm_start; phdr.p_paddr =3D 0; @@ -42883,7 +41792,7 @@ index 6ff96c6..b5fb43a 100644 phdr.p_memsz =3D vma->vm_end - vma->vm_start; offset +=3D phdr.p_filesz; phdr.p_flags =3D vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2005,6 +2472,7 @@ static int elf_core_dump(struct coredump_params *c= prm) +@@ -2005,6 +2489,7 @@ static int elf_core_dump(struct coredump_params *c= prm) phdr.p_align =3D ELF_EXEC_PAGESIZE; =20 size +=3D sizeof(phdr); @@ -42891,7 +41800,7 @@ index 6ff96c6..b5fb43a 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2029,7 +2497,7 @@ static int elf_core_dump(struct coredump_params *c= prm) +@@ -2029,7 +2514,7 @@ static int elf_core_dump(struct coredump_params *c= prm) unsigned long addr; unsigned long end; =20 @@ -42900,7 +41809,7 @@ index 6ff96c6..b5fb43a 100644 =20 for (addr =3D vma->vm_start; addr < end; addr +=3D PAGE_SIZE) { struct page *page; -@@ -2038,6 +2506,7 @@ static int elf_core_dump(struct coredump_params *c= prm) +@@ -2038,6 +2523,7 @@ static int elf_core_dump(struct coredump_params *c= prm) page =3D get_dump_page(addr); if (page) { void *kaddr =3D kmap(page); @@ -42908,7 +41817,7 @@ index 6ff96c6..b5fb43a 100644 stop =3D ((size +=3D PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2055,6 +2524,7 @@ static int elf_core_dump(struct coredump_params *c= prm) +@@ -2055,6 +2541,7 @@ static int elf_core_dump(struct coredump_params *c= prm) =20 if (e_phnum =3D=3D PN_XNUM) { size +=3D sizeof(*shdr4extnum); @@ -42916,7 +41825,7 @@ index 6ff96c6..b5fb43a 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2075,6 +2545,97 @@ out: +@@ -2075,6 +2562,97 @@ out: =20 #endif /* CONFIG_ELF_CORE */ =20 @@ -43051,10 +41960,19 @@ index 1bffbe0..c8c283e 100644 goto err; } diff --git a/fs/bio.c b/fs/bio.c -index b1fe82c..84da0a9 100644 +index b980ecd..74800bf 100644 --- a/fs/bio.c +++ b/fs/bio.c -@@ -1233,7 +1233,7 @@ static void bio_copy_kern_endio(struct bio *bio, i= nt err) +@@ -833,7 +833,7 @@ struct bio *bio_copy_user_iov(struct request_queue *= q, + /* + * Overflow, abort + */ +- if (end < start) ++ if (end < start || end - start > INT_MAX - nr_pages) + return ERR_PTR(-EINVAL); +=20 + nr_pages +=3D end - start; +@@ -1229,7 +1229,7 @@ static void bio_copy_kern_endio(struct bio *bio, i= nt err) const int read =3D bio_data_dir(bio) =3D=3D READ; struct bio_map_data *bmd =3D bio->bi_private; int i; @@ -43064,10 +41982,10 @@ index b1fe82c..84da0a9 100644 __bio_for_each_segment(bvec, bio, i, 0) { char *addr =3D page_address(bvec->bv_page); diff --git a/fs/block_dev.c b/fs/block_dev.c -index abe9b48..5df59e8 100644 +index 5e9f198..6bf9b1c 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c -@@ -681,7 +681,7 @@ static bool bd_may_claim(struct block_device *bdev, = struct block_device *whole, +@@ -703,7 +703,7 @@ static bool bd_may_claim(struct block_device *bdev, = struct block_device *whole, else if (bdev->bd_contains =3D=3D bdev) return true; /* is a whole device which isn't held */ =20 @@ -43076,8 +41994,21 @@ index abe9b48..5df59e8 100644 return true; /* is a partition of a device that is being partitione= d */ else if (whole->bd_holder !=3D NULL) return false; /* is a partition of a held device */ +diff --git a/fs/btrfs/check-integrity.c b/fs/btrfs/check-integrity.c +index d986824..af1befd 100644 +--- a/fs/btrfs/check-integrity.c ++++ b/fs/btrfs/check-integrity.c +@@ -157,7 +157,7 @@ struct btrfsic_block { + union { + bio_end_io_t *bio; + bh_end_io_t *bh; +- } orig_bio_bh_end_io; ++ } __no_const orig_bio_bh_end_io; + int submit_bio_bh_rw; + u64 flush_gen; /* only valid if !never_written */ + }; diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index dede441..f2a2507 100644 +index 0639a55..7d9e07f 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -488,9 +488,12 @@ static noinline int __btrfs_cow_block(struct btrfs_= trans_handle *trans, @@ -43097,10 +42028,10 @@ index dede441..f2a2507 100644 =20 WARN_ON(trans->transid !=3D btrfs_header_generation(parent)); diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index fd1a06d..6e9033d 100644 +index 892b347..b3db246 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c -@@ -6895,7 +6895,7 @@ fail: +@@ -6930,7 +6930,7 @@ fail: return -ENOMEM; } =20 @@ -43109,7 +42040,7 @@ index fd1a06d..6e9033d 100644 struct dentry *dentry, struct kstat *stat) { struct inode *inode =3D dentry->d_inode; -@@ -6909,6 +6909,14 @@ static int btrfs_getattr(struct vfsmount *mnt, +@@ -6944,6 +6944,14 @@ static int btrfs_getattr(struct vfsmount *mnt, return 0; } =20 @@ -43125,10 +42056,10 @@ index fd1a06d..6e9033d 100644 * If a file is moved, it will inherit the cow and compression flags of= the new * directory. diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c -index c04f02c..f5c9e2e 100644 +index d8b5471..e5463d7 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c -@@ -2733,9 +2733,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *ro= ot, void __user *arg) +@@ -2783,9 +2783,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *ro= ot, void __user *arg) for (i =3D 0; i < num_types; i++) { struct btrfs_space_info *tmp; =20 @@ -43141,7 +42072,7 @@ index c04f02c..f5c9e2e 100644 info =3D NULL; rcu_read_lock(); list_for_each_entry_rcu(tmp, &root->fs_info->space_info, -@@ -2757,15 +2760,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *r= oot, void __user *arg) +@@ -2807,15 +2810,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *r= oot, void __user *arg) memcpy(dest, &space, sizeof(space)); dest++; space_args.total_spaces++; @@ -43159,7 +42090,7 @@ index c04f02c..f5c9e2e 100644 =20 if (copy_to_user(user_dest, dest_orig, alloc_size)) diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c -index cfb5543..1ae7347 100644 +index 8c1aae2..1e46446 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -1244,7 +1244,7 @@ static int __update_reloc_root(struct btrfs_root *= root, int del) @@ -43326,7 +42257,7 @@ index 0e3c092..818480e 100644 kunmap(page); if (ret !=3D len) diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c -index 9895400..78a67e7 100644 +index 3e8094b..cb3ff3d 100644 --- a/fs/ceph/dir.c +++ b/fs/ceph/dir.c @@ -244,7 +244,7 @@ static int ceph_readdir(struct file *filp, void *dir= ent, filldir_t filldir) @@ -43347,22 +42278,8 @@ index 9895400..78a67e7 100644 return ceph_lookup_open(dir, dentry, nd, mode, 1); } =20 -diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c -index cfd1ce3..6b13a74 100644 ---- a/fs/cifs/asn1.c -+++ b/fs/cifs/asn1.c -@@ -416,6 +416,9 @@ asn1_subid_decode(struct asn1_ctx *ctx, unsigned lon= g *subid) -=20 - static int - asn1_oid_decode(struct asn1_ctx *ctx, -+ unsigned char *eoc, unsigned long **oid, unsigned int *len) __size_ov= erflow(2); -+static int -+asn1_oid_decode(struct asn1_ctx *ctx, - unsigned char *eoc, unsigned long **oid, unsigned int *len) - { - unsigned long subid; diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c -index 84e8c07..6170d31 100644 +index 24b3dfc..3cd5454 100644 --- a/fs/cifs/cifs_debug.c +++ b/fs/cifs/cifs_debug.c @@ -265,8 +265,8 @@ static ssize_t cifs_stats_proc_write(struct file *fi= le, @@ -43495,7 +42412,7 @@ index 84e8c07..6170d31 100644 } } diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c -index 8f1fe32..38f9e27 100644 +index b1fd382..df45435 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c @@ -989,7 +989,7 @@ cifs_init_request_bufs(void) @@ -43528,7 +42445,7 @@ index 8f1fe32..38f9e27 100644 =20 atomic_set(&midCount, 0); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h -index 8238aa1..0347196 100644 +index 76e7d8b..4814992 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -392,28 +392,28 @@ struct cifs_tcon { @@ -43591,7 +42508,7 @@ index 8238aa1..0347196 100644 =20 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, unsigned int bytes) -@@ -985,8 +985,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; +@@ -987,8 +987,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; /* Various Debug counters */ GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated *= / #ifdef CONFIG_CIFS_STATS2 @@ -43686,21 +42603,10 @@ index 6901578..d402eb5 100644 =20 return hit; diff --git a/fs/compat.c b/fs/compat.c -index c987875..08771ca 100644 +index 07880ba..3fb2862 100644 --- a/fs/compat.c +++ b/fs/compat.c -@@ -132,8 +132,8 @@ asmlinkage long compat_sys_utimes(const char __user = *filename, struct compat_tim - static int cp_compat_stat(struct kstat *stat, struct compat_stat __user= *ubuf) - { - compat_ino_t ino =3D stat->ino; -- typeof(ubuf->st_uid) uid =3D 0; -- typeof(ubuf->st_gid) gid =3D 0; -+ typeof(((struct compat_stat *)0)->st_uid) uid =3D 0; -+ typeof(((struct compat_stat *)0)->st_gid) gid =3D 0; - int err; -=20 - SET_UID(uid, stat->uid); -@@ -504,7 +504,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ct= x32p) +@@ -491,7 +491,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ct= x32p) =20 set_fs(KERNEL_DS); /* The __user pointer cast is valid because of the set_fs() */ @@ -43709,7 +42615,7 @@ index c987875..08771ca 100644 set_fs(oldfs); /* truncating is ok because it's a user address */ if (!ret) -@@ -562,7 +562,7 @@ ssize_t compat_rw_copy_check_uvector(int type, +@@ -549,7 +549,7 @@ ssize_t compat_rw_copy_check_uvector(int type, goto out; =20 ret =3D -EINVAL; @@ -43718,7 +42624,7 @@ index c987875..08771ca 100644 goto out; if (nr_segs > fast_segs) { ret =3D -ENOMEM; -@@ -845,6 +845,7 @@ struct compat_old_linux_dirent { +@@ -832,6 +832,7 @@ struct compat_old_linux_dirent { =20 struct compat_readdir_callback { struct compat_old_linux_dirent __user *dirent; @@ -43726,7 +42632,7 @@ index c987875..08771ca 100644 int result; }; =20 -@@ -862,6 +863,10 @@ static int compat_fillonedir(void *__buf, const cha= r *name, int namlen, +@@ -849,6 +850,10 @@ static int compat_fillonedir(void *__buf, const cha= r *name, int namlen, buf->result =3D -EOVERFLOW; return -EOVERFLOW; } @@ -43737,7 +42643,7 @@ index c987875..08771ca 100644 buf->result++; dirent =3D buf->dirent; if (!access_ok(VERIFY_WRITE, dirent, -@@ -894,6 +899,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int = fd, +@@ -881,6 +886,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int = fd, =20 buf.result =3D 0; buf.dirent =3D dirent; @@ -43745,7 +42651,7 @@ index c987875..08771ca 100644 =20 error =3D vfs_readdir(file, compat_fillonedir, &buf); if (buf.result) -@@ -914,6 +920,7 @@ struct compat_linux_dirent { +@@ -901,6 +907,7 @@ struct compat_linux_dirent { struct compat_getdents_callback { struct compat_linux_dirent __user *current_dir; struct compat_linux_dirent __user *previous; @@ -43753,7 +42659,7 @@ index c987875..08771ca 100644 int count; int error; }; -@@ -935,6 +942,10 @@ static int compat_filldir(void *__buf, const char *= name, int namlen, +@@ -922,6 +929,10 @@ static int compat_filldir(void *__buf, const char *= name, int namlen, buf->error =3D -EOVERFLOW; return -EOVERFLOW; } @@ -43764,7 +42670,7 @@ index c987875..08771ca 100644 dirent =3D buf->previous; if (dirent) { if (__put_user(offset, &dirent->d_off)) -@@ -982,6 +993,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd, +@@ -969,6 +980,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd, buf.previous =3D NULL; buf.count =3D count; buf.error =3D 0; @@ -43772,7 +42678,7 @@ index c987875..08771ca 100644 =20 error =3D vfs_readdir(file, compat_filldir, &buf); if (error >=3D 0) -@@ -1003,6 +1015,7 @@ out: +@@ -990,6 +1002,7 @@ out: struct compat_getdents_callback64 { struct linux_dirent64 __user *current_dir; struct linux_dirent64 __user *previous; @@ -43780,7 +42686,7 @@ index c987875..08771ca 100644 int count; int error; }; -@@ -1019,6 +1032,10 @@ static int compat_filldir64(void * __buf, const c= har * name, int namlen, loff_t +@@ -1006,6 +1019,10 @@ static int compat_filldir64(void * __buf, const c= har * name, int namlen, loff_t buf->error =3D -EINVAL; /* only used if we fail.. */ if (reclen > buf->count) return -EINVAL; @@ -43791,7 +42697,7 @@ index c987875..08771ca 100644 dirent =3D buf->previous; =20 if (dirent) { -@@ -1070,13 +1087,14 @@ asmlinkage long compat_sys_getdents64(unsigned i= nt fd, +@@ -1057,13 +1074,14 @@ asmlinkage long compat_sys_getdents64(unsigned i= nt fd, buf.previous =3D NULL; buf.count =3D count; buf.error =3D 0; @@ -43826,10 +42732,10 @@ index 112e45a..b59845b 100644 =20 /* diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c -index 51352de..93292ff 100644 +index a26bea1..ae23e72 100644 --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c -@@ -210,6 +210,8 @@ static int do_video_set_spu_palette(unsigned int fd,= unsigned int cmd, +@@ -211,6 +211,8 @@ static int do_video_set_spu_palette(unsigned int fd,= unsigned int cmd, =20 err =3D get_user(palp, &up->palette); err |=3D get_user(length, &up->length); @@ -43838,7 +42744,7 @@ index 51352de..93292ff 100644 =20 up_native =3D compat_alloc_user_space(sizeof(struct video_spu_palette)= ); err =3D put_user(compat_ptr(palp), &up_native->palette); -@@ -621,7 +623,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned= cmd, +@@ -622,7 +624,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned= cmd, return -EFAULT; if (__get_user(udata, &ss32->iomem_base)) return -EFAULT; @@ -43847,7 +42753,7 @@ index 51352de..93292ff 100644 if (__get_user(ss.iomem_reg_shift, &ss32->iomem_reg_shi= ft) || __get_user(ss.port_high, &ss32->port_high)) return -EFAULT; -@@ -796,7 +798,7 @@ static int compat_ioctl_preallocate(struct file *fil= e, +@@ -797,7 +799,7 @@ static int compat_ioctl_preallocate(struct file *fil= e, copy_in_user(&p->l_len, &p32->l_len, sizeof(s64)) || copy_in_user(&p->l_sysid, &p32->l_sysid, sizeof(s32)) || copy_in_user(&p->l_pid, &p32->l_pid, sizeof(u32)) || @@ -43856,7 +42762,7 @@ index 51352de..93292ff 100644 return -EFAULT; =20 return ioctl_preallocate(file, p); -@@ -1644,8 +1646,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, = unsigned int cmd, +@@ -1611,8 +1613,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, = unsigned int cmd, static int __init init_sys32_ioctl_cmp(const void *p, const void *q) { unsigned int a, b; @@ -43868,7 +42774,7 @@ index 51352de..93292ff 100644 return 1; if (a < b) diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c -index 9a37a9b..35792b6 100644 +index 5ddd7eb..c18bf04 100644 --- a/fs/configfs/dir.c +++ b/fs/configfs/dir.c @@ -1575,7 +1575,8 @@ static int configfs_readdir(struct file * filp, vo= id * dirent, filldir_t filldir @@ -43896,10 +42802,24 @@ index 9a37a9b..35792b6 100644 /* * We'll have a dentry and an inode for diff --git a/fs/dcache.c b/fs/dcache.c -index f7908ae..920a680 100644 +index bcbdb33..55ffe97 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -3042,7 +3042,7 @@ void __init vfs_caches_init(unsigned long mempages= ) +@@ -105,10 +105,10 @@ static unsigned int d_hash_shift __read_mostly; + static struct hlist_bl_head *dentry_hashtable __read_mostly; +=20 + static inline struct hlist_bl_head *d_hash(const struct dentry *parent, +- unsigned long hash) ++ unsigned int hash) + { +- hash +=3D ((unsigned long) parent ^ GOLDEN_RATIO_PRIME) / L1_CACHE_BYT= ES; +- hash =3D hash ^ ((hash ^ GOLDEN_RATIO_PRIME) >> D_HASHBITS); ++ hash +=3D (unsigned long) parent / L1_CACHE_BYTES; ++ hash =3D hash + (hash >> D_HASHBITS); + return dentry_hashtable + (hash & D_HASHMASK); + } +=20 +@@ -3066,7 +3066,7 @@ void __init vfs_caches_init(unsigned long mempages= ) mempages -=3D reserve; =20 names_cachep =3D kmem_cache_create("names_cache", PATH_MAX, 0, @@ -43909,7 +42829,7 @@ index f7908ae..920a680 100644 dcache_init(); inode_init(); diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index f3a257d..715ac0f 100644 +index 956d5dd..e755e04 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c @@ -261,7 +261,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); @@ -43925,10 +42845,10 @@ index f3a257d..715ac0f 100644 } EXPORT_SYMBOL_GPL(debugfs_create_dir); diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c -index af11098..81e3bbe 100644 +index ab35b11..b30af66 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c -@@ -691,7 +691,7 @@ static int ecryptfs_readlink_lower(struct dentry *de= ntry, char **buf, +@@ -672,7 +672,7 @@ static int ecryptfs_readlink_lower(struct dentry *de= ntry, char **buf, old_fs =3D get_fs(); set_fs(get_ds()); rc =3D lower_dentry->d_inode->i_op->readlink(lower_dentry, @@ -43937,7 +42857,7 @@ index af11098..81e3bbe 100644 lower_bufsiz); set_fs(old_fs); if (rc < 0) -@@ -737,7 +737,7 @@ static void *ecryptfs_follow_link(struct dentry *den= try, struct nameidata *nd) +@@ -718,7 +718,7 @@ static void *ecryptfs_follow_link(struct dentry *den= try, struct nameidata *nd) } old_fs =3D get_fs(); set_fs(get_ds()); @@ -43946,7 +42866,7 @@ index af11098..81e3bbe 100644 set_fs(old_fs); if (rc < 0) { kfree(buf); -@@ -752,7 +752,7 @@ out: +@@ -733,7 +733,7 @@ out: static void ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *pt= r) { @@ -43956,12 +42876,12 @@ index af11098..81e3bbe 100644 /* Free the char* */ kfree(buf); diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c -index 0dc5a3d..d3cdeea 100644 +index 3a06f40..f7af544 100644 --- a/fs/ecryptfs/miscdev.c +++ b/fs/ecryptfs/miscdev.c -@@ -328,7 +328,7 @@ check_list: +@@ -345,7 +345,7 @@ check_list: goto out_unlock_msg_ctx; - i =3D 5; + i =3D PKT_TYPE_SIZE + PKT_CTR_SIZE; if (msg_ctx->msg) { - if (copy_to_user(&buf[i], packet_length, packet_length_size)) + if (packet_length_size > sizeof(packet_length) || copy_to_user(&buf[i= ], packet_length, packet_length_size)) @@ -43969,7 +42889,7 @@ index 0dc5a3d..d3cdeea 100644 i +=3D packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c -index 608c1c3..7d040a8 100644 +index b2a34a1..162fa69 100644 --- a/fs/ecryptfs/read_write.c +++ b/fs/ecryptfs/read_write.c @@ -48,7 +48,7 @@ int ecryptfs_write_lower(struct inode *ecryptfs_inode,= char *data, @@ -43991,10 +42911,10 @@ index 608c1c3..7d040a8 100644 return rc; } diff --git a/fs/exec.c b/fs/exec.c -index 3625464..ff895b9 100644 +index 153dee1..8ee97ba 100644 --- a/fs/exec.c +++ b/fs/exec.c -@@ -55,12 +55,28 @@ +@@ -55,6 +55,13 @@ #include #include #include @@ -44008,7 +42928,8 @@ index 3625464..ff895b9 100644 =20 #include #include - #include +@@ -63,6 +70,15 @@ + #include #include "internal.h" =20 +#ifndef CONFIG_PAX_HAVE_ACL_FLAGS @@ -44023,7 +42944,7 @@ index 3625464..ff895b9 100644 int core_uses_pid; char core_pattern[CORENAME_MAX_SIZE] =3D "core"; unsigned int core_pipe_limit; -@@ -70,7 +86,7 @@ struct core_name { +@@ -72,7 +88,7 @@ struct core_name { char *corename; int used, size; }; @@ -44032,7 +42953,7 @@ index 3625464..ff895b9 100644 =20 /* The maximal length of core_pattern is also specified in sysctl.c */ =20 -@@ -188,18 +204,10 @@ static struct page *get_arg_page(struct linux_binp= rm *bprm, unsigned long pos, +@@ -190,18 +206,10 @@ static struct page *get_arg_page(struct linux_binp= rm *bprm, unsigned long pos, int write) { struct page *page; @@ -44054,7 +42975,7 @@ index 3625464..ff895b9 100644 return NULL; =20 if (write) { -@@ -215,6 +223,17 @@ static struct page *get_arg_page(struct linux_binpr= m *bprm, unsigned long pos, +@@ -217,6 +225,17 @@ static struct page *get_arg_page(struct linux_binpr= m *bprm, unsigned long pos, if (size <=3D ARG_MAX) return page; =20 @@ -44072,7 +42993,7 @@ index 3625464..ff895b9 100644 /* * Limit to 1/4-th the stack size for the argv+env strings. * This ensures that: -@@ -274,6 +293,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm= ) +@@ -276,6 +295,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm= ) vma->vm_end =3D STACK_TOP_MAX; vma->vm_start =3D vma->vm_end - PAGE_SIZE; vma->vm_flags =3D VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP; @@ -44084,7 +43005,7 @@ index 3625464..ff895b9 100644 vma->vm_page_prot =3D vm_get_page_prot(vma->vm_flags); INIT_LIST_HEAD(&vma->anon_vma_chain); =20 -@@ -288,6 +312,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm= ) +@@ -290,6 +314,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm= ) mm->stack_vm =3D mm->total_vm =3D 1; up_write(&mm->mmap_sem); bprm->p =3D vma->vm_end - sizeof(void *); @@ -44097,7 +43018,7 @@ index 3625464..ff895b9 100644 return 0; err: up_write(&mm->mmap_sem); -@@ -396,19 +426,7 @@ err: +@@ -398,19 +428,7 @@ err: return err; } =20 @@ -44118,7 +43039,7 @@ index 3625464..ff895b9 100644 { const char __user *native; =20 -@@ -417,14 +435,14 @@ static const char __user *get_user_arg_ptr(struct = user_arg_ptr argv, int nr) +@@ -419,14 +437,14 @@ static const char __user *get_user_arg_ptr(struct = user_arg_ptr argv, int nr) compat_uptr_t compat; =20 if (get_user(compat, argv.ptr.compat + nr)) @@ -44135,7 +43056,7 @@ index 3625464..ff895b9 100644 =20 return native; } -@@ -443,7 +461,7 @@ static int count(struct user_arg_ptr argv, int max) +@@ -445,7 +463,7 @@ static int count(struct user_arg_ptr argv, int max) if (!p) break; =20 @@ -44144,7 +43065,7 @@ index 3625464..ff895b9 100644 return -EFAULT; =20 if (i++ >=3D max) -@@ -477,7 +495,7 @@ static int copy_strings(int argc, struct user_arg_pt= r argv, +@@ -479,7 +497,7 @@ static int copy_strings(int argc, struct user_arg_pt= r argv, =20 ret =3D -EFAULT; str =3D get_user_arg_ptr(argv, argc); @@ -44153,7 +43074,7 @@ index 3625464..ff895b9 100644 goto out; =20 len =3D strnlen_user(str, MAX_ARG_STRLEN); -@@ -559,7 +577,7 @@ int copy_strings_kernel(int argc, const char *const = *__argv, +@@ -561,7 +579,7 @@ int copy_strings_kernel(int argc, const char *const = *__argv, int r; mm_segment_t oldfs =3D get_fs(); struct user_arg_ptr argv =3D { @@ -44162,7 +43083,7 @@ index 3625464..ff895b9 100644 }; =20 set_fs(KERNEL_DS); -@@ -594,7 +612,8 @@ static int shift_arg_pages(struct vm_area_struct *vm= a, unsigned long shift) +@@ -596,7 +614,8 @@ static int shift_arg_pages(struct vm_area_struct *vm= a, unsigned long shift) unsigned long new_end =3D old_end - shift; struct mmu_gather tlb; =20 @@ -44172,7 +43093,7 @@ index 3625464..ff895b9 100644 =20 /* * ensure there are no vmas between where we want to go -@@ -603,6 +622,10 @@ static int shift_arg_pages(struct vm_area_struct *v= ma, unsigned long shift) +@@ -605,6 +624,10 @@ static int shift_arg_pages(struct vm_area_struct *v= ma, unsigned long shift) if (vma !=3D find_vma(mm, new_start)) return -EFAULT; =20 @@ -44183,7 +43104,7 @@ index 3625464..ff895b9 100644 /* * cover the whole range: [new_start, old_end) */ -@@ -683,10 +706,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -685,10 +708,6 @@ int setup_arg_pages(struct linux_binprm *bprm, stack_top =3D arch_align_stack(stack_top); stack_top =3D PAGE_ALIGN(stack_top); =20 @@ -44194,7 +43115,7 @@ index 3625464..ff895b9 100644 stack_shift =3D vma->vm_end - stack_top; =20 bprm->p -=3D stack_shift; -@@ -698,8 +717,28 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -700,8 +719,28 @@ int setup_arg_pages(struct linux_binprm *bprm, bprm->exec -=3D stack_shift; =20 down_write(&mm->mmap_sem); @@ -44223,7 +43144,7 @@ index 3625464..ff895b9 100644 /* * Adjust stack execute permissions; explicitly enable for * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone -@@ -718,13 +757,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -720,13 +759,6 @@ int setup_arg_pages(struct linux_binprm *bprm, goto out_unlock; BUG_ON(prev !=3D vma); =20 @@ -44237,7 +43158,7 @@ index 3625464..ff895b9 100644 /* mprotect_fixup is overkill to remove the temporary stack flags */ vma->vm_flags &=3D ~VM_STACK_INCOMPLETE_SETUP; =20 -@@ -805,7 +837,7 @@ int kernel_read(struct file *file, loff_t offset, +@@ -807,7 +839,7 @@ int kernel_read(struct file *file, loff_t offset, old_fs =3D get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -44246,68 +43167,7 @@ index 3625464..ff895b9 100644 set_fs(old_fs); return result; } -@@ -1067,6 +1099,21 @@ void set_task_comm(struct task_struct *tsk, char = *buf) - perf_event_comm(tsk); - } -=20 -+static void filename_to_taskname(char *tcomm, const char *fn, unsigned = int len) -+{ -+ int i, ch; -+ -+ /* Copies the binary name from after last slash */ -+ for (i =3D 0; (ch =3D *(fn++)) !=3D '\0';) { -+ if (ch =3D=3D '/') -+ i =3D 0; /* overwrite what we wrote */ -+ else -+ if (i < len - 1) -+ tcomm[i++] =3D ch; -+ } -+ tcomm[i] =3D '\0'; -+} -+ - int flush_old_exec(struct linux_binprm * bprm) - { - int retval; -@@ -1081,6 +1128,7 @@ int flush_old_exec(struct linux_binprm * bprm) -=20 - set_mm_exe_file(bprm->mm, bprm->file); -=20 -+ filename_to_taskname(bprm->tcomm, bprm->filename, sizeof(bprm->tcomm))= ; - /* - * Release all of the old mmap stuff - */ -@@ -1112,10 +1160,6 @@ EXPORT_SYMBOL(would_dump); -=20 - void setup_new_exec(struct linux_binprm * bprm) - { -- int i, ch; -- const char *name; -- char tcomm[sizeof(current->comm)]; -- - arch_pick_mmap_layout(current->mm); -=20 - /* This is the point of no return */ -@@ -1126,18 +1170,7 @@ void setup_new_exec(struct linux_binprm * bprm) - else - set_dumpable(current->mm, suid_dumpable); -=20 -- name =3D bprm->filename; -- -- /* Copies the binary name from after last slash */ -- for (i=3D0; (ch =3D *(name++)) !=3D '\0';) { -- if (ch =3D=3D '/') -- i =3D 0; /* overwrite what we wrote */ -- else -- if (i < (sizeof(tcomm) - 1)) -- tcomm[i++] =3D ch; -- } -- tcomm[i] =3D '\0'; -- set_task_comm(current, tcomm); -+ set_task_comm(current, bprm->tcomm); -=20 - /* Set the new mm task size. We have to do that late because it may - * depend on TIF_32BIT which is only updated in flush_thread() on -@@ -1247,7 +1280,7 @@ int check_unsafe_exec(struct linux_binprm *bprm) +@@ -1252,7 +1284,7 @@ static int check_unsafe_exec(struct linux_binprm *= bprm) } rcu_read_unlock(); =20 @@ -44316,7 +43176,7 @@ index 3625464..ff895b9 100644 bprm->unsafe |=3D LSM_UNSAFE_SHARE; } else { res =3D -EAGAIN; -@@ -1442,6 +1475,28 @@ int search_binary_handler(struct linux_binprm *bp= rm,struct pt_regs *regs) +@@ -1447,6 +1479,28 @@ int search_binary_handler(struct linux_binprm *bp= rm,struct pt_regs *regs) =20 EXPORT_SYMBOL(search_binary_handler); =20 @@ -44345,7 +43205,7 @@ index 3625464..ff895b9 100644 /* * sys_execve() executes a new program. */ -@@ -1450,6 +1505,11 @@ static int do_execve_common(const char *filename, +@@ -1455,6 +1509,11 @@ static int do_execve_common(const char *filename, struct user_arg_ptr envp, struct pt_regs *regs) { @@ -44357,7 +43217,7 @@ index 3625464..ff895b9 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1457,6 +1517,8 @@ static int do_execve_common(const char *filename, +@@ -1462,6 +1521,8 @@ static int do_execve_common(const char *filename, int retval; const struct cred *cred =3D current_cred(); =20 @@ -44366,7 +43226,7 @@ index 3625464..ff895b9 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1497,12 +1559,27 @@ static int do_execve_common(const char *filename= , +@@ -1502,12 +1563,27 @@ static int do_execve_common(const char *filename= , if (IS_ERR(file)) goto out_unmark; =20 @@ -44394,7 +43254,7 @@ index 3625464..ff895b9 100644 retval =3D bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1519,24 +1596,65 @@ static int do_execve_common(const char *filename= , +@@ -1524,24 +1600,65 @@ static int do_execve_common(const char *filename= , if (retval < 0) goto out; =20 @@ -44464,7 +43324,7 @@ index 3625464..ff895b9 100644 current->fs->in_exec =3D 0; current->in_execve =3D 0; acct_update_integrals(current); -@@ -1545,6 +1663,14 @@ static int do_execve_common(const char *filename, +@@ -1550,6 +1667,14 @@ static int do_execve_common(const char *filename, put_files_struct(displaced); return retval; =20 @@ -44479,7 +43339,7 @@ index 3625464..ff895b9 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1618,7 +1744,7 @@ static int expand_corename(struct core_name *cn) +@@ -1623,7 +1748,7 @@ static int expand_corename(struct core_name *cn) { char *old_corename =3D cn->corename; =20 @@ -44488,7 +43348,7 @@ index 3625464..ff895b9 100644 cn->corename =3D krealloc(old_corename, cn->size, GFP_KERNEL); =20 if (!cn->corename) { -@@ -1715,7 +1841,7 @@ static int format_corename(struct core_name *cn, l= ong signr) +@@ -1720,7 +1845,7 @@ static int format_corename(struct core_name *cn, l= ong signr) int pid_in_pattern =3D 0; int err =3D 0; =20 @@ -44497,7 +43357,7 @@ index 3625464..ff895b9 100644 cn->corename =3D kmalloc(cn->size, GFP_KERNEL); cn->used =3D 0; =20 -@@ -1812,6 +1938,228 @@ out: +@@ -1817,6 +1942,218 @@ out: return ispipe; } =20 @@ -44713,20 +43573,10 @@ index 3625464..ff895b9 100644 +EXPORT_SYMBOL(pax_track_stack); +#endif + -+#ifdef CONFIG_PAX_SIZE_OVERFLOW -+void report_size_overflow(const char *file, unsigned int line, const ch= ar *func) -+{ -+ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u\n", = func, file, line); -+ dump_stack(); -+ do_group_exit(SIGKILL); -+} -+EXPORT_SYMBOL(report_size_overflow); -+#endif -+ static int zap_process(struct task_struct *start, int exit_code) { struct task_struct *t; -@@ -2023,17 +2371,17 @@ static void wait_for_dump_helpers(struct file *f= ile) +@@ -2014,17 +2351,17 @@ static void wait_for_dump_helpers(struct file *f= ile) pipe =3D file->f_path.dentry->d_inode->i_pipe; =20 pipe_lock(pipe); @@ -44749,7 +43599,7 @@ index 3625464..ff895b9 100644 pipe_unlock(pipe); =20 } -@@ -2094,7 +2442,7 @@ void do_coredump(long signr, int exit_code, struct= pt_regs *regs) +@@ -2085,7 +2422,7 @@ void do_coredump(long signr, int exit_code, struct= pt_regs *regs) int retval =3D 0; int flag =3D 0; int ispipe; @@ -44758,7 +43608,7 @@ index 3625464..ff895b9 100644 struct coredump_params cprm =3D { .signr =3D signr, .regs =3D regs, -@@ -2109,6 +2457,9 @@ void do_coredump(long signr, int exit_code, struct= pt_regs *regs) +@@ -2100,6 +2437,9 @@ void do_coredump(long signr, int exit_code, struct= pt_regs *regs) =20 audit_core_dumps(signr); =20 @@ -44768,7 +43618,7 @@ index 3625464..ff895b9 100644 binfmt =3D mm->binfmt; if (!binfmt || !binfmt->core_dump) goto fail; -@@ -2176,7 +2527,7 @@ void do_coredump(long signr, int exit_code, struct= pt_regs *regs) +@@ -2167,7 +2507,7 @@ void do_coredump(long signr, int exit_code, struct= pt_regs *regs) } cprm.limit =3D RLIM_INFINITY; =20 @@ -44777,7 +43627,7 @@ index 3625464..ff895b9 100644 if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", task_tgid_vnr(current), current->comm); -@@ -2203,6 +2554,8 @@ void do_coredump(long signr, int exit_code, struct= pt_regs *regs) +@@ -2194,6 +2534,8 @@ void do_coredump(long signr, int exit_code, struct= pt_regs *regs) } else { struct inode *inode; =20 @@ -44786,7 +43636,7 @@ index 3625464..ff895b9 100644 if (cprm.limit < binfmt->min_coredump) goto fail_unlock; =20 -@@ -2246,7 +2599,7 @@ close_fail: +@@ -2237,7 +2579,7 @@ close_fail: filp_close(cprm.file, NULL); fail_dropcount: if (ispipe) @@ -44795,7 +43645,7 @@ index 3625464..ff895b9 100644 fail_unlock: kfree(cn.corename); fail_corename: -@@ -2265,7 +2618,7 @@ fail: +@@ -2256,7 +2598,7 @@ fail: */ int dump_write(struct file *file, const void *addr, int nr) { @@ -44835,10 +43685,10 @@ index a203892..4e64db5 100644 } return 1; diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c -index 12ccacd..a6035fce0 100644 +index f9e2cd8..bfdc476 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c -@@ -436,8 +436,8 @@ static int ext4_has_free_clusters(struct ext4_sb_inf= o *sbi, +@@ -438,8 +438,8 @@ static int ext4_has_free_clusters(struct ext4_sb_inf= o *sbi, /* Hm, nope. Are (enough) root reserved clusters available? */ if (sbi->s_resuid =3D=3D current_fsuid() || ((sbi->s_resgid !=3D 0) && in_group_p(sbi->s_resgid)) || @@ -44850,10 +43700,10 @@ index 12ccacd..a6035fce0 100644 if (free_clusters >=3D (nclusters + dirty_clusters)) return 1; diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index 5b0e26a..0aa002d 100644 +index 513004f..2591a6b 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h -@@ -1208,19 +1208,19 @@ struct ext4_sb_info { +@@ -1218,19 +1218,19 @@ struct ext4_sb_info { unsigned long s_mb_last_start; =20 /* stats for buddy allocator */ @@ -44884,7 +43734,7 @@ index 5b0e26a..0aa002d 100644 =20 /* locality groups */ diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index e2d8be8..c7f0ce9 100644 +index cb990b2..4820141 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1794,7 +1794,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocat= ion_context *ac, @@ -45137,10 +43987,10 @@ index 4c6992d..104cdea 100644 return -EMFILE; =20 diff --git a/fs/filesystems.c b/fs/filesystems.c -index 0845f84..7b4ebef 100644 +index 96f2428..f5eeb8e 100644 --- a/fs/filesystems.c +++ b/fs/filesystems.c -@@ -274,7 +274,12 @@ struct file_system_type *get_fs_type(const char *na= me) +@@ -273,7 +273,12 @@ struct file_system_type *get_fs_type(const char *na= me) int len =3D dot ? dot - name : strlen(name); =20 fs =3D __get_fs_type(name, len); @@ -46580,7 +45430,7 @@ index 3426521..3b75162 100644 cuse_class =3D class_create(THIS_MODULE, "cuse"); if (IS_ERR(cuse_class)) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c -index 2aaf3ea..8e50863 100644 +index 5f3368a..8306426 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -1242,7 +1242,7 @@ static ssize_t fuse_dev_splice_read(struct file *i= n, loff_t *ppos, @@ -46593,10 +45443,10 @@ index 2aaf3ea..8e50863 100644 if (!ret) ret =3D -EPIPE; diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c -index 9f63e49..d8a64c0 100644 +index 2066328..f5add3b 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c -@@ -1147,7 +1147,7 @@ static char *read_link(struct dentry *dentry) +@@ -1175,7 +1175,7 @@ static char *read_link(struct dentry *dentry) return link; } =20 @@ -46606,10 +45456,10 @@ index 9f63e49..d8a64c0 100644 if (!IS_ERR(link)) free_page((unsigned long) link); diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c -index cfd4959..a780959 100644 +index 5698746..6086012 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c -@@ -1490,7 +1490,7 @@ out: +@@ -1487,7 +1487,7 @@ out: =20 static void gfs2_put_link(struct dentry *dentry, struct nameidata *nd, = void *p) { @@ -46619,10 +45469,10 @@ index cfd4959..a780959 100644 kfree(s); } diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c -index 0be5a78..9cfb853 100644 +index 1e85a7a..eb4218a 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c -@@ -915,7 +915,7 @@ static struct file_system_type hugetlbfs_fs_type =3D= { +@@ -921,7 +921,7 @@ static struct file_system_type hugetlbfs_fs_type =3D= { .kill_sb =3D kill_litter_super, }; =20 @@ -46632,10 +45482,10 @@ index 0be5a78..9cfb853 100644 static int can_do_hugetlb_shm(void) { diff --git a/fs/inode.c b/fs/inode.c -index ee4e66b..9a39f9c 100644 +index 83ab215..8842101 100644 --- a/fs/inode.c +++ b/fs/inode.c -@@ -787,8 +787,8 @@ unsigned int get_next_ino(void) +@@ -870,8 +870,8 @@ unsigned int get_next_ino(void) =20 #ifdef CONFIG_SMP if (unlikely((res & (LAST_INO_BATCH-1)) =3D=3D 0)) { @@ -46646,29 +45496,11 @@ index ee4e66b..9a39f9c 100644 =20 res =3D next - LAST_INO_BATCH; } -@@ -855,8 +855,7 @@ void lockdep_annotate_inode_mutex_key(struct inode *= inode) - struct file_system_type *type =3D inode->i_sb->s_type; -=20 - /* Set new key only if filesystem hasn't already changed it */ -- if (!lockdep_match_class(&inode->i_mutex, -- &type->i_mutex_key)) { -+ if (lockdep_match_class(&inode->i_mutex, &type->i_mutex_key)) { - /* - * ensure nobody is actually holding i_mutex - */ -@@ -883,6 +882,7 @@ void unlock_new_inode(struct inode *inode) - spin_lock(&inode->i_lock); - WARN_ON(!(inode->i_state & I_NEW)); - inode->i_state &=3D ~I_NEW; -+ smp_mb(); - wake_up_bit(&inode->i_state, __I_NEW); - spin_unlock(&inode->i_lock); - } diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c -index e513f19..2ab1351 100644 +index eafb8d3..f423d37 100644 --- a/fs/jffs2/erase.c +++ b/fs/jffs2/erase.c -@@ -439,7 +439,8 @@ static void jffs2_mark_erased_block(struct jffs2_sb_= info *c, struct jffs2_eraseb +@@ -438,7 +438,8 @@ static void jffs2_mark_erased_block(struct jffs2_sb_= info *c, struct jffs2_eraseb struct jffs2_unknown_node marker =3D { .magic =3D cpu_to_je16(JFFS2_MAGIC_BITMASK), .nodetype =3D cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER), @@ -46679,10 +45511,10 @@ index e513f19..2ab1351 100644 =20 jffs2_prealloc_raw_node_refs(c, jeb, 1); diff --git a/fs/jffs2/wbuf.c b/fs/jffs2/wbuf.c -index b09e51d..e482afa 100644 +index 30e8f47..21f600c 100644 --- a/fs/jffs2/wbuf.c +++ b/fs/jffs2/wbuf.c -@@ -1011,7 +1011,8 @@ static const struct jffs2_unknown_node oob_cleanma= rker =3D +@@ -1012,7 +1012,8 @@ static const struct jffs2_unknown_node oob_cleanma= rker =3D { .magic =3D constant_cpu_to_je16(JFFS2_MAGIC_BITMASK), .nodetype =3D constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER), @@ -46693,10 +45525,10 @@ index b09e51d..e482afa 100644 =20 /* diff --git a/fs/jfs/super.c b/fs/jfs/super.c -index a44eff0..462e07d 100644 +index 682bca6..86b8e6e 100644 --- a/fs/jfs/super.c +++ b/fs/jfs/super.c -@@ -802,7 +802,7 @@ static int __init init_jfs_fs(void) +@@ -801,7 +801,7 @@ static int __init init_jfs_fs(void) =20 jfs_inode_cachep =3D kmem_cache_create("jfs_ip", sizeof(struct jfs_inode_info), 0, @@ -46706,7 +45538,7 @@ index a44eff0..462e07d 100644 if (jfs_inode_cachep =3D=3D NULL) return -ENOMEM; diff --git a/fs/libfs.c b/fs/libfs.c -index f6d411e..e82a08d 100644 +index 5b2dbb3..7442d54 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -165,6 +165,9 @@ int dcache_readdir(struct file * filp, void * dirent= , filldir_t filldir) @@ -46777,10 +45609,10 @@ index 637694b..f84a121 100644 =20 lock_flocks(); diff --git a/fs/namei.c b/fs/namei.c -index 9680cef..a19f203 100644 +index 46ea9cc..c7cf3a3 100644 --- a/fs/namei.c +++ b/fs/namei.c -@@ -279,16 +279,32 @@ int generic_permission(struct inode *inode, int ma= sk) +@@ -278,16 +278,32 @@ int generic_permission(struct inode *inode, int ma= sk) if (ret !=3D -EACCES) return ret; =20 @@ -46816,7 +45648,7 @@ index 9680cef..a19f203 100644 * Read/write DACs are always overridable. * Executable DACs are overridable when there is * at least one exec bit set. -@@ -297,14 +313,6 @@ int generic_permission(struct inode *inode, int mas= k) +@@ -296,14 +312,6 @@ int generic_permission(struct inode *inode, int mas= k) if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE)) return 0; =20 @@ -46831,7 +45663,7 @@ index 9680cef..a19f203 100644 return -EACCES; } =20 -@@ -653,11 +661,19 @@ follow_link(struct path *link, struct nameidata *n= d, void **p) +@@ -652,11 +660,19 @@ follow_link(struct path *link, struct nameidata *n= d, void **p) return error; } =20 @@ -46852,7 +45684,7 @@ index 9680cef..a19f203 100644 error =3D 0; if (s) error =3D __vfs_follow_link(nd, s); -@@ -1624,6 +1640,21 @@ static int path_lookupat(int dfd, const char *nam= e, +@@ -1650,6 +1666,21 @@ static int path_lookupat(int dfd, const char *nam= e, if (!err) err =3D complete_walk(nd); =20 @@ -46874,7 +45706,7 @@ index 9680cef..a19f203 100644 if (!err && nd->flags & LOOKUP_DIRECTORY) { if (!nd->inode->i_op->lookup) { path_put(&nd->path); -@@ -1651,6 +1682,15 @@ static int do_path_lookup(int dfd, const char *na= me, +@@ -1677,6 +1708,15 @@ static int do_path_lookup(int dfd, const char *na= me, retval =3D path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd); =20 if (likely(!retval)) { @@ -46890,7 +45722,7 @@ index 9680cef..a19f203 100644 if (unlikely(!audit_dummy_context())) { if (nd->path.dentry && nd->inode) audit_inode(name, nd->path.dentry); -@@ -2048,6 +2088,13 @@ static int may_open(struct path *path, int acc_mo= de, int flag) +@@ -2071,6 +2111,13 @@ static int may_open(struct path *path, int acc_mo= de, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; =20 @@ -46904,7 +45736,7 @@ index 9680cef..a19f203 100644 return 0; } =20 -@@ -2109,6 +2156,16 @@ static struct file *do_last(struct nameidata *nd,= struct path *path, +@@ -2132,6 +2179,16 @@ static struct file *do_last(struct nameidata *nd,= struct path *path, error =3D complete_walk(nd); if (error) return ERR_PTR(error); @@ -46921,7 +45753,7 @@ index 9680cef..a19f203 100644 audit_inode(pathname, nd->path.dentry); if (open_flag & O_CREAT) { error =3D -EISDIR; -@@ -2119,6 +2176,16 @@ static struct file *do_last(struct nameidata *nd,= struct path *path, +@@ -2142,6 +2199,16 @@ static struct file *do_last(struct nameidata *nd,= struct path *path, error =3D complete_walk(nd); if (error) return ERR_PTR(error); @@ -46938,7 +45770,7 @@ index 9680cef..a19f203 100644 audit_inode(pathname, dir); goto ok; } -@@ -2140,6 +2207,16 @@ static struct file *do_last(struct nameidata *nd,= struct path *path, +@@ -2163,6 +2230,16 @@ static struct file *do_last(struct nameidata *nd,= struct path *path, error =3D complete_walk(nd); if (error) return ERR_PTR(error); @@ -46955,10 +45787,10 @@ index 9680cef..a19f203 100644 =20 error =3D -ENOTDIR; if (nd->flags & LOOKUP_DIRECTORY) { -@@ -2180,6 +2257,12 @@ static struct file *do_last(struct nameidata *nd,= struct path *path, +@@ -2203,6 +2280,12 @@ static struct file *do_last(struct nameidata *nd,= struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode) { - int mode =3D op->mode; + umode_t mode =3D op->mode; + + if (!gr_acl_handle_creat(path->dentry, nd->path.dentry, path->mnt, op= en_flag, acc_mode, mode)) { + error =3D -EACCES; @@ -46968,7 +45800,7 @@ index 9680cef..a19f203 100644 if (!IS_POSIXACL(dir->d_inode)) mode &=3D ~current_umask(); /* -@@ -2203,6 +2286,8 @@ static struct file *do_last(struct nameidata *nd, = struct path *path, +@@ -2226,6 +2309,8 @@ static struct file *do_last(struct nameidata *nd, = struct path *path, error =3D vfs_create(dir->d_inode, dentry, mode, nd); if (error) goto exit_mutex_unlock; @@ -46977,7 +45809,7 @@ index 9680cef..a19f203 100644 mutex_unlock(&dir->d_inode->i_mutex); dput(nd->path.dentry); nd->path.dentry =3D dentry; -@@ -2212,6 +2297,19 @@ static struct file *do_last(struct nameidata *nd,= struct path *path, +@@ -2235,6 +2320,19 @@ static struct file *do_last(struct nameidata *nd,= struct path *path, /* * It already exists. */ @@ -46997,7 +45829,7 @@ index 9680cef..a19f203 100644 mutex_unlock(&dir->d_inode->i_mutex); audit_inode(pathname, path->dentry); =20 -@@ -2424,6 +2522,11 @@ struct dentry *kern_path_create(int dfd, const ch= ar *pathname, struct path *path +@@ -2447,6 +2545,11 @@ struct dentry *kern_path_create(int dfd, const ch= ar *pathname, struct path *path *path =3D nd.path; return dentry; eexist: @@ -47009,7 +45841,7 @@ index 9680cef..a19f203 100644 dput(dentry); dentry =3D ERR_PTR(-EEXIST); fail: -@@ -2446,6 +2549,20 @@ struct dentry *user_path_create(int dfd, const ch= ar __user *pathname, struct pat +@@ -2469,6 +2572,20 @@ struct dentry *user_path_create(int dfd, const ch= ar __user *pathname, struct pat } EXPORT_SYMBOL(user_path_create); =20 @@ -47027,10 +45859,10 @@ index 9680cef..a19f203 100644 + return res; +} + - int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t= dev) + int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, d= ev_t dev) { int error =3D may_create(dir, dentry); -@@ -2513,6 +2630,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __u= ser *, filename, int, mode, +@@ -2536,6 +2653,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __u= ser *, filename, umode_t, mode, error =3D mnt_want_write(path.mnt); if (error) goto out_dput; @@ -47048,7 +45880,7 @@ index 9680cef..a19f203 100644 error =3D security_path_mknod(&path, dentry, mode, dev); if (error) goto out_drop_write; -@@ -2530,6 +2658,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __us= er *, filename, int, mode, +@@ -2553,6 +2681,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __us= er *, filename, umode_t, mode, } out_drop_write: mnt_drop_write(path.mnt); @@ -47058,7 +45890,7 @@ index 9680cef..a19f203 100644 out_dput: dput(dentry); mutex_unlock(&path.dentry->d_inode->i_mutex); -@@ -2579,12 +2710,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __= user *, pathname, int, mode) +@@ -2602,12 +2733,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __= user *, pathname, umode_t, mode) error =3D mnt_want_write(path.mnt); if (error) goto out_dput; @@ -47080,7 +45912,7 @@ index 9680cef..a19f203 100644 out_dput: dput(dentry); mutex_unlock(&path.dentry->d_inode->i_mutex); -@@ -2664,6 +2804,8 @@ static long do_rmdir(int dfd, const char __user *p= athname) +@@ -2687,6 +2827,8 @@ static long do_rmdir(int dfd, const char __user *p= athname) char * name; struct dentry *dentry; struct nameidata nd; @@ -47089,7 +45921,7 @@ index 9680cef..a19f203 100644 =20 error =3D user_path_parent(dfd, pathname, &nd, &name); if (error) -@@ -2692,6 +2834,15 @@ static long do_rmdir(int dfd, const char __user *= pathname) +@@ -2715,6 +2857,15 @@ static long do_rmdir(int dfd, const char __user *= pathname) error =3D -ENOENT; goto exit3; } @@ -47105,7 +45937,7 @@ index 9680cef..a19f203 100644 error =3D mnt_want_write(nd.path.mnt); if (error) goto exit3; -@@ -2699,6 +2850,8 @@ static long do_rmdir(int dfd, const char __user *p= athname) +@@ -2722,6 +2873,8 @@ static long do_rmdir(int dfd, const char __user *p= athname) if (error) goto exit4; error =3D vfs_rmdir(nd.path.dentry->d_inode, dentry); @@ -47114,7 +45946,7 @@ index 9680cef..a19f203 100644 exit4: mnt_drop_write(nd.path.mnt); exit3: -@@ -2761,6 +2914,8 @@ static long do_unlinkat(int dfd, const char __user= *pathname) +@@ -2784,6 +2937,8 @@ static long do_unlinkat(int dfd, const char __user= *pathname) struct dentry *dentry; struct nameidata nd; struct inode *inode =3D NULL; @@ -47123,7 +45955,7 @@ index 9680cef..a19f203 100644 =20 error =3D user_path_parent(dfd, pathname, &nd, &name); if (error) -@@ -2783,6 +2938,16 @@ static long do_unlinkat(int dfd, const char __use= r *pathname) +@@ -2806,6 +2961,16 @@ static long do_unlinkat(int dfd, const char __use= r *pathname) if (!inode) goto slashes; ihold(inode); @@ -47140,7 +45972,7 @@ index 9680cef..a19f203 100644 error =3D mnt_want_write(nd.path.mnt); if (error) goto exit2; -@@ -2790,6 +2955,8 @@ static long do_unlinkat(int dfd, const char __user= *pathname) +@@ -2813,6 +2978,8 @@ static long do_unlinkat(int dfd, const char __user= *pathname) if (error) goto exit3; error =3D vfs_unlink(nd.path.dentry->d_inode, dentry); @@ -47149,7 +45981,7 @@ index 9680cef..a19f203 100644 exit3: mnt_drop_write(nd.path.mnt); exit2: -@@ -2865,10 +3032,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, = oldname, +@@ -2888,10 +3055,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, = oldname, error =3D mnt_want_write(path.mnt); if (error) goto out_dput; @@ -47168,7 +46000,7 @@ index 9680cef..a19f203 100644 out_drop_write: mnt_drop_write(path.mnt); out_dput: -@@ -2940,6 +3115,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __= user *, oldname, +@@ -2963,6 +3138,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __= user *, oldname, { struct dentry *new_dentry; struct path old_path, new_path; @@ -47176,7 +46008,7 @@ index 9680cef..a19f203 100644 int how =3D 0; int error; =20 -@@ -2963,7 +3139,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __= user *, oldname, +@@ -2986,7 +3162,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __= user *, oldname, if (error) return error; =20 @@ -47185,7 +46017,7 @@ index 9680cef..a19f203 100644 error =3D PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) goto out; -@@ -2974,13 +3150,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char = __user *, oldname, +@@ -2997,13 +3173,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char = __user *, oldname, error =3D mnt_want_write(new_path.mnt); if (error) goto out_dput; @@ -47216,7 +46048,7 @@ index 9680cef..a19f203 100644 dput(new_dentry); mutex_unlock(&new_path.dentry->d_inode->i_mutex); path_put(&new_path); -@@ -3208,6 +3401,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char= __user *, oldname, +@@ -3231,6 +3424,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char= __user *, oldname, if (new_dentry =3D=3D trap) goto exit5; =20 @@ -47229,7 +46061,7 @@ index 9680cef..a19f203 100644 error =3D mnt_want_write(oldnd.path.mnt); if (error) goto exit5; -@@ -3217,6 +3416,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char = __user *, oldname, +@@ -3240,6 +3439,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char = __user *, oldname, goto exit6; error =3D vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry); @@ -47239,7 +46071,7 @@ index 9680cef..a19f203 100644 exit6: mnt_drop_write(oldnd.path.mnt); exit5: -@@ -3242,6 +3444,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldna= me, const char __user *, newna +@@ -3265,6 +3467,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldna= me, const char __user *, newna =20 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen= , const char *link) { @@ -47248,7 +46080,7 @@ index 9680cef..a19f203 100644 int len; =20 len =3D PTR_ERR(link); -@@ -3251,7 +3455,14 @@ int vfs_readlink(struct dentry *dentry, char __us= er *buffer, int buflen, const c +@@ -3274,7 +3478,14 @@ int vfs_readlink(struct dentry *dentry, char __us= er *buffer, int buflen, const c len =3D strlen(link); if (len > (unsigned) buflen) len =3D buflen; @@ -47265,10 +46097,10 @@ index 9680cef..a19f203 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index cfc6d44..b4632a5 100644 +index e608199..9609cb9 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1326,6 +1326,9 @@ static int do_umount(struct vfsmount *mnt, int fla= gs) +@@ -1155,6 +1155,9 @@ static int do_umount(struct mount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval =3D do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -47278,7 +46110,7 @@ index cfc6d44..b4632a5 100644 return retval; } =20 -@@ -1345,6 +1348,9 @@ static int do_umount(struct vfsmount *mnt, int fla= gs) +@@ -1174,6 +1177,9 @@ static int do_umount(struct mount *mnt, int flags) br_write_unlock(vfsmount_lock); up_write(&namespace_sem); release_mounts(&umount_list); @@ -47288,7 +46120,7 @@ index cfc6d44..b4632a5 100644 return retval; } =20 -@@ -2336,6 +2342,16 @@ long do_mount(char *dev_name, char *dir_name, cha= r *type_page, +@@ -2175,6 +2181,16 @@ long do_mount(char *dev_name, char *dir_name, cha= r *type_page, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); =20 @@ -47305,7 +46137,7 @@ index cfc6d44..b4632a5 100644 if (flags & MS_REMOUNT) retval =3D do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2350,6 +2366,9 @@ long do_mount(char *dev_name, char *dir_name, char= *type_page, +@@ -2189,6 +2205,9 @@ long do_mount(char *dev_name, char *dir_name, char= *type_page, dev_name, data_page); dput_out: path_put(&path); @@ -47315,7 +46147,7 @@ index cfc6d44..b4632a5 100644 return retval; } =20 -@@ -2605,6 +2624,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, = new_root, +@@ -2470,6 +2489,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, = new_root, if (error) goto out2; =20 @@ -47327,46 +46159,11 @@ index cfc6d44..b4632a5 100644 get_fs_root(current->fs, &root); error =3D lock_mount(&old); if (error) -diff --git a/fs/ncpfs/ncplib_kernel.h b/fs/ncpfs/ncplib_kernel.h -index 09881e6..308ff20 100644 ---- a/fs/ncpfs/ncplib_kernel.h -+++ b/fs/ncpfs/ncplib_kernel.h -@@ -130,7 +130,7 @@ static inline int ncp_is_nfs_extras(struct ncp_serve= r* server, unsigned int voln - int ncp__io2vol(struct ncp_server *, unsigned char *, unsigned int *, - const unsigned char *, unsigned int, int); - int ncp__vol2io(struct ncp_server *, unsigned char *, unsigned int *, -- const unsigned char *, unsigned int, int); -+ const unsigned char *, unsigned int, int) __size_overflow(5); -=20 - #define NCP_ESC ':' - #define NCP_IO_TABLE(sb) (NCP_SBP(sb)->nls_io) -@@ -146,7 +146,7 @@ int ncp__vol2io(struct ncp_server *, unsigned char *= , unsigned int *, - int ncp__io2vol(unsigned char *, unsigned int *, - const unsigned char *, unsigned int, int); - int ncp__vol2io(unsigned char *, unsigned int *, -- const unsigned char *, unsigned int, int); -+ const unsigned char *, unsigned int, int) __size_overflow(5); -=20 - #define NCP_IO_TABLE(sb) NULL - #define ncp_tolower(t, c) tolower(c) -diff --git a/fs/nfs/blocklayout/blocklayout.c b/fs/nfs/blocklayout/block= layout.c -index 3db6b82..a57597e 100644 ---- a/fs/nfs/blocklayout/blocklayout.c -+++ b/fs/nfs/blocklayout/blocklayout.c -@@ -90,7 +90,7 @@ static int is_writable(struct pnfs_block_extent *be, s= ector_t isect) - */ - struct parallel_io { - struct kref refcnt; -- struct rpc_call_ops call_ops; -+ rpc_call_ops_no_const call_ops; - void (*pnfs_callback) (void *data); - void *data; - }; diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c -index 50a15fa..ca113f9 100644 +index f649fba..236bf92 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c -@@ -150,7 +150,7 @@ static void nfs_zap_caches_locked(struct inode *inod= e) +@@ -151,7 +151,7 @@ static void nfs_zap_caches_locked(struct inode *inod= e) nfsi->attrtimeo =3D NFS_MINATTRTIMEO(inode); nfsi->attrtimeo_timestamp =3D jiffies; =20 @@ -47375,7 +46172,7 @@ index 50a15fa..ca113f9 100644 if (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)) nfsi->cache_validity |=3D NFS_INO_INVALID_ATTR|NFS_INO_INVALID_DATA|N= FS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL|NFS_INO_REVAL_PAGECACHE; else -@@ -1002,16 +1002,16 @@ static int nfs_size_need_update(const struct ino= de *inode, const struct nfs_fatt +@@ -1003,16 +1003,16 @@ static int nfs_size_need_update(const struct ino= de *inode, const struct nfs_fatt return nfs_size_to_loff_t(fattr->size) > i_size_read(inode); } =20 @@ -47396,10 +46193,10 @@ index 50a15fa..ca113f9 100644 =20 void nfs_fattr_init(struct nfs_fattr *fattr) diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c -index 7a2e442..8e544cc 100644 +index edf6d3e..bdd1da7 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c -@@ -914,7 +914,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh = *fhp, struct file *file, +@@ -925,7 +925,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh = *fhp, struct file *file, } else { oldfs =3D get_fs(); set_fs(KERNEL_DS); @@ -47408,7 +46205,7 @@ index 7a2e442..8e544cc 100644 set_fs(oldfs); } =20 -@@ -1018,7 +1018,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_= fh *fhp, struct file *file, +@@ -1029,7 +1029,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_= fh *fhp, struct file *file, =20 /* Write the data. */ oldfs =3D get_fs(); set_fs(KERNEL_DS); @@ -47417,7 +46214,7 @@ index 7a2e442..8e544cc 100644 set_fs(oldfs); if (host_err < 0) goto out_nfserr; -@@ -1553,7 +1553,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_f= h *fhp, char *buf, int *lenp) +@@ -1564,7 +1564,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_f= h *fhp, char *buf, int *lenp) */ =20 oldfs =3D get_fs(); set_fs(KERNEL_DS); @@ -47426,36 +46223,11 @@ index 7a2e442..8e544cc 100644 set_fs(oldfs); =20 if (host_err < 0) -diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c -index d327140..501b7f8 100644 ---- a/fs/nilfs2/the_nilfs.c -+++ b/fs/nilfs2/the_nilfs.c -@@ -409,6 +409,12 @@ static int nilfs_store_disk_layout(struct the_nilfs= *nilfs, - nilfs->ns_first_data_block =3D le64_to_cpu(sbp->s_first_data_block); - nilfs->ns_r_segments_percentage =3D - le32_to_cpu(sbp->s_r_segments_percentage); -+ if (nilfs->ns_r_segments_percentage < 1 || -+ nilfs->ns_r_segments_percentage > 99) { -+ printk(KERN_ERR "NILFS: invalid reserved segments percentage.\n"); -+ return -EINVAL; -+ } -+ - nilfs_set_nsegments(nilfs, le64_to_cpu(sbp->s_nsegments)); - nilfs->ns_crc_seed =3D le32_to_cpu(sbp->s_crc_seed); - return 0; -@@ -515,6 +521,7 @@ static int nilfs_load_super_block(struct the_nilfs *= nilfs, - brelse(sbh[1]); - sbh[1] =3D NULL; - sbp[1] =3D NULL; -+ valid[1] =3D 0; - swp =3D 0; - } - if (!valid[swp]) { diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fan= otify_user.c -index 9fde1c0..14e8827 100644 +index 3568c8a..e0240d8 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c -@@ -276,7 +276,8 @@ static ssize_t copy_event_to_user(struct fsnotify_gr= oup *group, +@@ -278,7 +278,8 @@ static ssize_t copy_event_to_user(struct fsnotify_gr= oup *group, goto out_close_fd; =20 ret =3D -EFAULT; @@ -47606,7 +46378,7 @@ index ba5d97e..c77db25 100644 } } diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c -index 4994f8b..eaab8eb 100644 +index 604e12c..8426483 100644 --- a/fs/ocfs2/super.c +++ b/fs/ocfs2/super.c @@ -301,11 +301,11 @@ static int ocfs2_osb_dump(struct ocfs2_super *osb,= char *buf, int len) @@ -47626,7 +46398,7 @@ index 4994f8b..eaab8eb 100644 =20 out +=3D snprintf(buf + out, len - out, "%10s =3D> State: %u Descriptor: %llu Size: %u bits " -@@ -2119,11 +2119,11 @@ static int ocfs2_initialize_super(struct super_b= lock *sb, +@@ -2117,11 +2117,11 @@ static int ocfs2_initialize_super(struct super_b= lock *sb, spin_lock_init(&osb->osb_xattr_lock); ocfs2_init_steal_slots(osb); =20 @@ -47657,7 +46429,7 @@ index 5d22872..523db20 100644 kfree(link); } diff --git a/fs/open.c b/fs/open.c -index 22c41b5..78894cf 100644 +index 77becc0..aad7bd9 100644 --- a/fs/open.c +++ b/fs/open.c @@ -112,6 +112,10 @@ static long do_sys_truncate(const char __user *path= name, loff_t length) @@ -47732,7 +46504,7 @@ index 22c41b5..78894cf 100644 + goto out_unlock; + } + - error =3D security_path_chmod(path->dentry, path->mnt, mode); + error =3D security_path_chmod(path, mode); if (error) goto out_unlock; @@ -506,6 +538,9 @@ static int chown_common(struct path *path, uid_t use= r, gid_t group) @@ -47745,46 +46517,8 @@ index 22c41b5..78894cf 100644 newattrs.ia_valid =3D ATTR_CTIME; if (user !=3D (uid_t) -1) { newattrs.ia_valid |=3D ATTR_UID; -diff --git a/fs/partitions/efi.c b/fs/partitions/efi.c -index 6296b40..417c00f 100644 ---- a/fs/partitions/efi.c -+++ b/fs/partitions/efi.c -@@ -234,14 +234,14 @@ static gpt_entry *alloc_read_gpt_entries(struct pa= rsed_partitions *state, - if (!gpt) - return NULL; -=20 -+ if (!le32_to_cpu(gpt->num_partition_entries)) -+ return NULL; -+ pte =3D kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(g= pt->sizeof_partition_entry), GFP_KERNEL); -+ if (!pte) -+ return NULL; -+ - count =3D le32_to_cpu(gpt->num_partition_entries) * - le32_to_cpu(gpt->sizeof_partition_entry); -- if (!count) -- return NULL; -- pte =3D kzalloc(count, GFP_KERNEL); -- if (!pte) -- return NULL; -- - if (read_lba(state, le64_to_cpu(gpt->partition_entry_lba), - (u8 *) pte, - count) < count) { -diff --git a/fs/partitions/ldm.c b/fs/partitions/ldm.c -index bd8ae78..539d250 100644 ---- a/fs/partitions/ldm.c -+++ b/fs/partitions/ldm.c -@@ -1324,7 +1324,7 @@ static bool ldm_frag_add (const u8 *data, int size= , struct list_head *frags) - goto found; - } -=20 -- f =3D kmalloc (sizeof (*f) + size*num, GFP_KERNEL); -+ f =3D kmalloc (size*num + sizeof (*f), GFP_KERNEL); - if (!f) { - ldm_crit ("Out of memory."); - return false; diff --git a/fs/pipe.c b/fs/pipe.c -index 4065f07..68c0706 100644 +index a932ced..6495412 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -420,9 +420,9 @@ redo: @@ -47942,7 +46676,7 @@ index 15af622..0e9f4467 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index 3a1dafd..bf1bd84 100644 +index c602b8d..a7de642 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -48013,7 +46747,7 @@ index 3a1dafd..bf1bd84 100644 + state =3D *get_task_state(task); vsize =3D eip =3D esp =3D 0; - permitted =3D ptrace_may_access(task, PTRACE_MODE_READ); + permitted =3D ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_N= OAUDIT); @@ -449,6 +487,19 @@ static int do_task_stat(struct seq_file *m, struct = pid_namespace *ns, gtime =3D task->gtime; } @@ -48050,7 +46784,7 @@ index 3a1dafd..bf1bd84 100644 esp, eip, /* The signal information here is obsolete. -@@ -533,8 +590,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_n= amespace *ns, +@@ -536,8 +593,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_n= amespace *ns, struct pid *pid, struct task_struct *task) { unsigned long size =3D 0, resident =3D 0, shared =3D 0, text =3D 0, da= ta =3D 0; @@ -48067,7 +46801,7 @@ index 3a1dafd..bf1bd84 100644 if (mm) { size =3D task_statm(mm, &shared, &text, &data, &resident); mmput(mm); -@@ -544,3 +608,18 @@ int proc_pid_statm(struct seq_file *m, struct pid_n= amespace *ns, +@@ -547,3 +611,18 @@ int proc_pid_statm(struct seq_file *m, struct pid_n= amespace *ns, =20 return 0; } @@ -48087,10 +46821,10 @@ index 3a1dafd..bf1bd84 100644 +} +#endif diff --git a/fs/proc/base.c b/fs/proc/base.c -index 1ace83d..f5e575d 100644 +index d4548dd..d101f84 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c -@@ -107,6 +107,22 @@ struct pid_entry { +@@ -109,6 +109,14 @@ struct pid_entry { union proc_op op; }; =20 @@ -48102,45 +46836,10 @@ index 1ace83d..f5e575d 100644 + int error; +}; + -+static int gr_fake_filldir(void * __buf, const char *name, int namlen,=20 -+ loff_t offset, u64 ino, unsigned int d_type) -+{ -+ struct getdents_callback * buf =3D (struct getdents_callback *) __buf; -+ buf->error =3D -EINVAL; -+ return 0; -+} -+ #define NOD(NAME, MODE, IOP, FOP, OP) { \ .name =3D (NAME), \ .len =3D sizeof(NAME) - 1, \ -@@ -194,26 +210,6 @@ static int proc_root_link(struct inode *inode, stru= ct path *path) - return result; - } -=20 --static struct mm_struct *mm_access(struct task_struct *task, unsigned i= nt mode) --{ -- struct mm_struct *mm; -- int err; -- -- err =3D mutex_lock_killable(&task->signal->cred_guard_mutex); -- if (err) -- return ERR_PTR(err); -- -- mm =3D get_task_mm(task); -- if (mm && mm !=3D current->mm && -- !ptrace_may_access(task, mode)) { -- mmput(mm); -- mm =3D ERR_PTR(-EACCES); -- } -- mutex_unlock(&task->signal->cred_guard_mutex); -- -- return mm; --} -- - struct mm_struct *mm_for_maps(struct task_struct *task) - { - return mm_access(task, PTRACE_MODE_READ); -@@ -229,6 +225,9 @@ static int proc_pid_cmdline(struct task_struct *task= , char * buffer) +@@ -213,6 +221,9 @@ static int proc_pid_cmdline(struct task_struct *task= , char * buffer) if (!mm->arg_end) goto out_mm; /* Shh! No looking before we're done */ =20 @@ -48150,7 +46849,7 @@ index 1ace83d..f5e575d 100644 len =3D mm->arg_end - mm->arg_start; =20 if (len > PAGE_SIZE) -@@ -256,12 +255,28 @@ out: +@@ -240,12 +251,28 @@ out: return res; } =20 @@ -48179,7 +46878,7 @@ index 1ace83d..f5e575d 100644 do { nwords +=3D 2; } while (mm->saved_auxv[nwords - 2] !=3D 0); /* AT_NULL */ -@@ -275,7 +290,7 @@ static int proc_pid_auxv(struct task_struct *task, c= har *buffer) +@@ -259,7 +286,7 @@ static int proc_pid_auxv(struct task_struct *task, c= har *buffer) } =20 =20 @@ -48188,7 +46887,7 @@ index 1ace83d..f5e575d 100644 /* * Provides a wchan file via kallsyms in a proper one-value-per-file fo= rmat. * Returns the resolved symbol. If that fails, simply return the addre= ss. -@@ -314,7 +329,7 @@ static void unlock_trace(struct task_struct *task) +@@ -298,7 +325,7 @@ static void unlock_trace(struct task_struct *task) mutex_unlock(&task->signal->cred_guard_mutex); } =20 @@ -48197,7 +46896,7 @@ index 1ace83d..f5e575d 100644 =20 #define MAX_STACK_TRACE_DEPTH 64 =20 -@@ -505,7 +520,7 @@ static int proc_pid_limits(struct task_struct *task,= char *buffer) +@@ -489,7 +516,7 @@ static int proc_pid_limits(struct task_struct *task,= char *buffer) return count; } =20 @@ -48206,7 +46905,7 @@ index 1ace83d..f5e575d 100644 static int proc_pid_syscall(struct task_struct *task, char *buffer) { long nr; -@@ -534,7 +549,7 @@ static int proc_pid_syscall(struct task_struct *task= , char *buffer) +@@ -518,7 +545,7 @@ static int proc_pid_syscall(struct task_struct *task= , char *buffer) /**********************************************************************= **/ =20 /* permission checks */ @@ -48215,19 +46914,67 @@ index 1ace83d..f5e575d 100644 { struct task_struct *task; int allowed =3D 0; -@@ -544,7 +559,10 @@ static int proc_fd_access_allowed(struct inode *ino= de) +@@ -528,7 +555,10 @@ static int proc_fd_access_allowed(struct inode *ino= de) */ task =3D get_proc_task(inode); if (task) { - allowed =3D ptrace_may_access(task, PTRACE_MODE_READ); + if (log) -+ allowed =3D ptrace_may_access_log(task, PTRACE_MODE_READ); -+ else + allowed =3D ptrace_may_access(task, PTRACE_MODE_READ); ++ else ++ allowed =3D ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_N= OAUDIT); put_task_struct(task); } return allowed; -@@ -786,6 +804,10 @@ static int mem_open(struct inode* inode, struct fil= e* file) +@@ -566,10 +596,35 @@ static bool has_pid_permissions(struct pid_namespa= ce *pid, + struct task_struct *task, + int hide_pid_min) + { ++ if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task)) ++ return false; ++ ++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PRO= C_USERGROUP) ++ rcu_read_lock(); ++ { ++ const struct cred *tmpcred =3D current_cred(); ++ const struct cred *cred =3D __task_cred(task); ++ ++ if (!tmpcred->uid || (tmpcred->uid =3D=3D cred->uid) ++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP ++ || in_group_p(CONFIG_GRKERNSEC_PROC_GID) ++#endif ++ ) { ++ rcu_read_unlock(); ++ return true; ++ } ++ } ++ rcu_read_unlock(); ++ ++ if (!pid->hide_pid) ++ return false; ++#endif ++ + if (pid->hide_pid < hide_pid_min) + return true; + if (in_group_p(pid->pid_gid)) + return true; ++ + return ptrace_may_access(task, PTRACE_MODE_READ); + } +=20 +@@ -587,7 +642,11 @@ static int proc_pid_permission(struct inode *inode,= int mask) + put_task_struct(task); +=20 + if (!has_perms) { ++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PRO= C_USERGROUP) ++ { ++#else + if (pid->hide_pid =3D=3D 2) { ++#endif + /* + * Let's make getdents(), stat(), and open() + * consistent with each other. If a process +@@ -702,6 +761,10 @@ static int mem_open(struct inode* inode, struct fil= e* file) file->f_mode |=3D FMODE_UNSIGNED_OFFSET; file->private_data =3D mm; =20 @@ -48238,7 +46985,7 @@ index 1ace83d..f5e575d 100644 return 0; } =20 -@@ -797,6 +819,17 @@ static ssize_t mem_rw(struct file *file, char __use= r *buf, +@@ -713,6 +776,17 @@ static ssize_t mem_rw(struct file *file, char __use= r *buf, ssize_t copied; char *page; =20 @@ -48256,7 +47003,7 @@ index 1ace83d..f5e575d 100644 if (!mm) return 0; =20 -@@ -897,6 +930,9 @@ static ssize_t environ_read(struct file *file, char = __user *buf, +@@ -813,6 +887,9 @@ static ssize_t environ_read(struct file *file, char = __user *buf, if (!task) goto out_no_task; =20 @@ -48266,16 +47013,16 @@ index 1ace83d..f5e575d 100644 ret =3D -ENOMEM; page =3D (char *)__get_free_page(GFP_TEMPORARY); if (!page) -@@ -1519,7 +1555,7 @@ static void *proc_pid_follow_link(struct dentry *d= entry, struct nameidata *nd) +@@ -1434,7 +1511,7 @@ static void *proc_pid_follow_link(struct dentry *d= entry, struct nameidata *nd) path_put(&nd->path); =20 /* Are we allowed to snoop on the tasks file descriptors? */ - if (!proc_fd_access_allowed(inode)) -+ if (!proc_fd_access_allowed(inode,0)) ++ if (!proc_fd_access_allowed(inode, 0)) goto out; =20 - error =3D PROC_I(inode)->op.proc_get_link(inode, &nd->path); -@@ -1558,8 +1594,18 @@ static int proc_pid_readlink(struct dentry * dent= ry, char __user * buffer, int b + error =3D PROC_I(inode)->op.proc_get_link(dentry, &nd->path); +@@ -1473,8 +1550,18 @@ static int proc_pid_readlink(struct dentry * dent= ry, char __user * buffer, int b struct path path; =20 /* Are we allowed to snoop on the tasks file descriptors? */ @@ -48294,9 +47041,9 @@ index 1ace83d..f5e575d 100644 + goto out; + } =20 - error =3D PROC_I(inode)->op.proc_get_link(inode, &path); + error =3D PROC_I(inode)->op.proc_get_link(dentry, &path); if (error) -@@ -1624,7 +1670,11 @@ struct inode *proc_pid_make_inode(struct super_bl= ock * sb, struct task_struct *t +@@ -1539,7 +1626,11 @@ struct inode *proc_pid_make_inode(struct super_bl= ock * sb, struct task_struct *t rcu_read_lock(); cred =3D __task_cred(task); inode->i_uid =3D cred->euid; @@ -48308,35 +47055,9 @@ index 1ace83d..f5e575d 100644 rcu_read_unlock(); } security_task_to_inode(task, inode); -@@ -1642,6 +1692,9 @@ int pid_getattr(struct vfsmount *mnt, struct dentr= y *dentry, struct kstat *stat) - struct inode *inode =3D dentry->d_inode; - struct task_struct *task; - const struct cred *cred; -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PRO= C_USERGROUP) -+ const struct cred *tmpcred =3D current_cred(); -+#endif -=20 - generic_fillattr(inode, stat); -=20 -@@ -1649,13 +1702,41 @@ int pid_getattr(struct vfsmount *mnt, struct den= try *dentry, struct kstat *stat) - stat->uid =3D 0; - stat->gid =3D 0; - task =3D pid_task(proc_pid(inode), PIDTYPE_PID); -+ -+ if (task && (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))) = { -+ rcu_read_unlock(); -+ return -ENOENT; -+ } -+ - if (task) { -+ cred =3D __task_cred(task); -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PRO= C_USERGROUP) -+ if (!tmpcred->uid || (tmpcred->uid =3D=3D cred->uid) -+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP -+ || in_group_p(CONFIG_GRKERNSEC_PROC_GID) -+#endif -+ ) { -+#endif +@@ -1575,10 +1666,19 @@ int pid_getattr(struct vfsmount *mnt, struct den= try *dentry, struct kstat *stat) + return -ENOENT; + } if ((inode->i_mode =3D=3D (S_IFDIR|S_IRUGO|S_IXUGO)) || +#ifdef CONFIG_GRKERNSEC_PROC_USER + (inode->i_mode =3D=3D (S_IFDIR|S_IRUSR|S_IXUSR)) || @@ -48344,7 +47065,7 @@ index 1ace83d..f5e575d 100644 + (inode->i_mode =3D=3D (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) = || +#endif task_dumpable(task)) { -- cred =3D __task_cred(task); + cred =3D __task_cred(task); stat->uid =3D cred->euid; +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP + stat->gid =3D CONFIG_GRKERNSEC_PROC_GID; @@ -48352,16 +47073,9 @@ index 1ace83d..f5e575d 100644 stat->gid =3D cred->egid; +#endif } -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PRO= C_USERGROUP) -+ } else { -+ rcu_read_unlock(); -+ return -ENOENT; -+ } -+#endif } rcu_read_unlock(); - return 0; -@@ -1692,11 +1773,20 @@ int pid_revalidate(struct dentry *dentry, struct= nameidata *nd) +@@ -1616,11 +1716,20 @@ int pid_revalidate(struct dentry *dentry, struct= nameidata *nd) =20 if (task) { if ((inode->i_mode =3D=3D (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -48382,7 +47096,7 @@ index 1ace83d..f5e575d 100644 rcu_read_unlock(); } else { inode->i_uid =3D 0; -@@ -1814,7 +1904,8 @@ static int proc_fd_info(struct inode *inode, struc= t path *path, char *info) +@@ -1738,7 +1847,8 @@ static int proc_fd_info(struct inode *inode, struc= t path *path, char *info) int fd =3D proc_fd(inode); =20 if (task) { @@ -48392,7 +47106,7 @@ index 1ace83d..f5e575d 100644 put_task_struct(task); } if (files) { -@@ -2082,11 +2173,21 @@ static const struct file_operations proc_fd_oper= ations =3D { +@@ -2355,11 +2465,21 @@ static const struct file_operations proc_map_fil= es_operations =3D { */ static int proc_fd_permission(struct inode *inode, int mask) { @@ -48416,7 +47130,7 @@ index 1ace83d..f5e575d 100644 return rv; } =20 -@@ -2196,6 +2297,9 @@ static struct dentry *proc_pident_lookup(struct in= ode *dir, +@@ -2469,6 +2589,9 @@ static struct dentry *proc_pident_lookup(struct in= ode *dir, if (!task) goto out_no_task; =20 @@ -48426,7 +47140,7 @@ index 1ace83d..f5e575d 100644 /* * Yes, it does not scale. And it should not. Don't add * new entries into /proc// without very good reasons. -@@ -2240,6 +2344,9 @@ static int proc_pident_readdir(struct file *filp, +@@ -2513,6 +2636,9 @@ static int proc_pident_readdir(struct file *filp, if (!task) goto out_no_task; =20 @@ -48436,7 +47150,7 @@ index 1ace83d..f5e575d 100644 ret =3D 0; i =3D filp->f_pos; switch (i) { -@@ -2510,7 +2617,7 @@ static void *proc_self_follow_link(struct dentry *= dentry, struct nameidata *nd) +@@ -2783,7 +2909,7 @@ static void *proc_self_follow_link(struct dentry *= dentry, struct nameidata *nd) static void proc_self_put_link(struct dentry *dentry, struct nameidata = *nd, void *cookie) { @@ -48445,7 +47159,7 @@ index 1ace83d..f5e575d 100644 if (!IS_ERR(s)) __putname(s); } -@@ -2708,7 +2815,7 @@ static const struct pid_entry tgid_base_stuff[] =3D= { +@@ -2984,7 +3110,7 @@ static const struct pid_entry tgid_base_stuff[] =3D= { REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations= ), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -48454,7 +47168,7 @@ index 1ace83d..f5e575d 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2733,10 +2840,10 @@ static const struct pid_entry tgid_base_stuff[] = =3D { +@@ -3009,10 +3135,10 @@ static const struct pid_entry tgid_base_stuff[] = =3D { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, pro= c_attr_dir_operations), #endif @@ -48467,7 +47181,7 @@ index 1ace83d..f5e575d 100644 ONE("stack", S_IRUGO, proc_pid_stack), #endif #ifdef CONFIG_SCHEDSTATS -@@ -2770,6 +2877,9 @@ static const struct pid_entry tgid_base_stuff[] =3D= { +@@ -3046,6 +3172,9 @@ static const struct pid_entry tgid_base_stuff[] =3D= { #ifdef CONFIG_HARDWALL INF("hardwall", S_IRUGO, proc_pid_hardwall), #endif @@ -48477,7 +47191,7 @@ index 1ace83d..f5e575d 100644 }; =20 static int proc_tgid_base_readdir(struct file * filp, -@@ -2895,7 +3005,14 @@ static struct dentry *proc_pid_instantiate(struct= inode *dir, +@@ -3172,7 +3301,14 @@ static struct dentry *proc_pid_instantiate(struct= inode *dir, if (!inode) goto out; =20 @@ -48492,7 +47206,7 @@ index 1ace83d..f5e575d 100644 inode->i_op =3D &proc_tgid_base_inode_operations; inode->i_fop =3D &proc_tgid_base_operations; inode->i_flags|=3DS_IMMUTABLE; -@@ -2937,7 +3054,11 @@ struct dentry *proc_pid_lookup(struct inode *dir,= struct dentry * dentry, struct +@@ -3214,7 +3350,11 @@ struct dentry *proc_pid_lookup(struct inode *dir,= struct dentry * dentry, struct if (!task) goto out; =20 @@ -48504,48 +47218,16 @@ index 1ace83d..f5e575d 100644 put_task_struct(task); out: return result; -@@ -3002,6 +3123,11 @@ int proc_pid_readdir(struct file * filp, void * d= irent, filldir_t filldir) +@@ -3277,6 +3417,8 @@ static int proc_pid_fill_cache(struct file *filp, = void *dirent, filldir_t filldi + static int fake_filldir(void *buf, const char *name, int namelen, + loff_t offset, u64 ino, unsigned d_type) { - unsigned int nr; - struct task_struct *reaper; -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PRO= C_USERGROUP) -+ const struct cred *tmpcred =3D current_cred(); -+ const struct cred *itercred; -+#endif -+ filldir_t __filldir =3D filldir; - struct tgid_iter iter; - struct pid_namespace *ns; ++ struct getdents_callback * __buf =3D (struct getdents_callback *) buf; ++ __buf->error =3D -EINVAL; + return 0; + } =20 -@@ -3025,8 +3151,27 @@ int proc_pid_readdir(struct file * filp, void * d= irent, filldir_t filldir) - for (iter =3D next_tgid(ns, iter); - iter.task; - iter.tgid +=3D 1, iter =3D next_tgid(ns, iter)) { -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PRO= C_USERGROUP) -+ rcu_read_lock(); -+ itercred =3D __task_cred(iter.task); -+#endif -+ if (gr_pid_is_chrooted(iter.task) || gr_check_hidden_task(iter.task) -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PRO= C_USERGROUP) -+ || (tmpcred->uid && (itercred->uid !=3D tmpcred->uid) -+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP -+ && !in_group_p(CONFIG_GRKERNSEC_PROC_GID) -+#endif -+ ) -+#endif -+ ) -+ __filldir =3D &gr_fake_filldir; -+ else -+ __filldir =3D filldir; -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PRO= C_USERGROUP) -+ rcu_read_unlock(); -+#endif - filp->f_pos =3D iter.tgid + TGID_OFFSET; -- if (proc_pid_fill_cache(filp, dirent, filldir, iter) < 0) { -+ if (proc_pid_fill_cache(filp, dirent, __filldir, iter) < 0) { - put_task_struct(iter.task); - goto out; - } -@@ -3054,7 +3199,7 @@ static const struct pid_entry tid_base_stuff[] =3D= { +@@ -3343,7 +3485,7 @@ static const struct pid_entry tid_base_stuff[] =3D= { REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -48554,7 +47236,7 @@ index 1ace83d..f5e575d 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -3078,10 +3223,10 @@ static const struct pid_entry tid_base_stuff[] =3D= { +@@ -3367,10 +3509,10 @@ static const struct pid_entry tid_base_stuff[] =3D= { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc= _attr_dir_operations), #endif @@ -48600,13 +47282,13 @@ index b143471..bb105e5 100644 } module_init(proc_devices_init); diff --git a/fs/proc/inode.c b/fs/proc/inode.c -index 7737c54..7172574 100644 +index 84fd323..f698a32 100644 --- a/fs/proc/inode.c +++ b/fs/proc/inode.c -@@ -18,12 +18,18 @@ - #include - #include +@@ -21,12 +21,18 @@ + #include #include + #include +#include =20 #include @@ -48622,7 +47304,7 @@ index 7737c54..7172574 100644 static void proc_evict_inode(struct inode *inode) { struct proc_dir_entry *de; -@@ -49,6 +55,13 @@ static void proc_evict_inode(struct inode *inode) +@@ -52,6 +58,13 @@ static void proc_evict_inode(struct inode *inode) ns_ops =3D PROC_I(inode)->ns_ops; if (ns_ops && ns_ops->put) ns_ops->put(PROC_I(inode)->ns); @@ -48636,7 +47318,7 @@ index 7737c54..7172574 100644 } =20 static struct kmem_cache * proc_inode_cachep; -@@ -440,7 +453,11 @@ struct inode *proc_get_inode(struct super_block *sb= , struct proc_dir_entry *de) +@@ -457,7 +470,11 @@ struct inode *proc_get_inode(struct super_block *sb= , struct proc_dir_entry *de) if (de->mode) { inode->i_mode =3D de->mode; inode->i_uid =3D de->uid; @@ -48649,7 +47331,7 @@ index 7737c54..7172574 100644 if (de->size) inode->i_size =3D de->size; diff --git a/fs/proc/internal.h b/fs/proc/internal.h -index 7838e5c..ff92cbc 100644 +index 2925775..4f08fae 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h @@ -51,6 +51,9 @@ extern int proc_pid_status(struct seq_file *m, struct = pid_namespace *ns, @@ -48751,7 +47433,7 @@ index b1822dd..df622cb 100644 =20 seq_putc(m, '\n'); diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c -index f738024..876984a 100644 +index 06e1cc1..177cd98 100644 --- a/fs/proc/proc_net.c +++ b/fs/proc/proc_net.c @@ -105,6 +105,17 @@ static struct net *get_proc_task_net(struct inode *= dir) @@ -48867,10 +47549,10 @@ index a6b6217..1e0579d 100644 .permission =3D proc_sys_permission, .setattr =3D proc_sys_setattr, diff --git a/fs/proc/root.c b/fs/proc/root.c -index 03102d9..4ae347e 100644 +index 46a15d8..335631a 100644 --- a/fs/proc/root.c +++ b/fs/proc/root.c -@@ -121,7 +121,15 @@ void __init proc_root_init(void) +@@ -187,7 +187,15 @@ void __init proc_root_init(void) #ifdef CONFIG_PROC_DEVICETREE proc_device_tree_init(); #endif @@ -49253,7 +47935,7 @@ index 7a99811..a7c96c4 100644 SF(s_do_balance), SF(s_unneeded_left_neighbor), SF(s_good_search_by_key_reada), SF(s_bmaps), diff --git a/fs/select.c b/fs/select.c -index d33418f..2a5345e 100644 +index e782258..3b4b44c 100644 --- a/fs/select.c +++ b/fs/select.c @@ -20,6 +20,7 @@ @@ -49273,7 +47955,7 @@ index d33418f..2a5345e 100644 return -EINVAL; =20 diff --git a/fs/seq_file.c b/fs/seq_file.c -index dba43c3..4b3f701 100644 +index 4023d6b..53b39c5 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -9,6 +9,7 @@ @@ -49294,7 +47976,47 @@ index dba43c3..4b3f701 100644 =20 /* * Wrappers around seq_open(e.g. swaps_open) need to be -@@ -549,7 +553,7 @@ static void single_stop(struct seq_file *p, void *v) +@@ -76,7 +80,8 @@ static int traverse(struct seq_file *m, loff_t offset) + return 0; + } + if (!m->buf) { +- m->buf =3D kmalloc(m->size =3D PAGE_SIZE, GFP_KERNEL); ++ m->size =3D PAGE_SIZE; ++ m->buf =3D kmalloc(PAGE_SIZE, GFP_KERNEL); + if (!m->buf) + return -ENOMEM; + } +@@ -116,7 +121,8 @@ static int traverse(struct seq_file *m, loff_t offse= t) + Eoverflow: + m->op->stop(m, p); + kfree(m->buf); +- m->buf =3D kmalloc(m->size <<=3D 1, GFP_KERNEL); ++ m->size <<=3D 1; ++ m->buf =3D kmalloc(m->size, GFP_KERNEL); + return !m->buf ? -ENOMEM : -EAGAIN; + } +=20 +@@ -169,7 +175,8 @@ ssize_t seq_read(struct file *file, char __user *buf= , size_t size, loff_t *ppos) + m->version =3D file->f_version; + /* grab buffer if we didn't have one */ + if (!m->buf) { +- m->buf =3D kmalloc(m->size =3D PAGE_SIZE, GFP_KERNEL); ++ m->size =3D PAGE_SIZE; ++ m->buf =3D kmalloc(PAGE_SIZE, GFP_KERNEL); + if (!m->buf) + goto Enomem; + } +@@ -210,7 +217,8 @@ ssize_t seq_read(struct file *file, char __user *buf= , size_t size, loff_t *ppos) + goto Fill; + m->op->stop(m, p); + kfree(m->buf); +- m->buf =3D kmalloc(m->size <<=3D 1, GFP_KERNEL); ++ m->size <<=3D 1; ++ m->buf =3D kmalloc(m->size, GFP_KERNEL); + if (!m->buf) + goto Enomem; + m->count =3D 0; +@@ -549,7 +557,7 @@ static void single_stop(struct seq_file *p, void *v) int single_open(struct file *file, int (*show)(struct seq_file *, void = *), void *data) { @@ -49304,10 +48026,10 @@ index dba43c3..4b3f701 100644 =20 if (op) { diff --git a/fs/splice.c b/fs/splice.c -index fa2defa..8601650 100644 +index 1ec0493..d6ab5c2 100644 --- a/fs/splice.c +++ b/fs/splice.c -@@ -194,7 +194,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, +@@ -193,7 +193,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, pipe_lock(pipe); =20 for (;;) { @@ -49316,7 +48038,7 @@ index fa2defa..8601650 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret =3D -EPIPE; -@@ -248,9 +248,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, +@@ -247,9 +247,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, do_wakeup =3D 0; } =20 @@ -49328,7 +48050,7 @@ index fa2defa..8601650 100644 } =20 pipe_unlock(pipe); -@@ -560,7 +560,7 @@ static ssize_t kernel_readv(struct file *file, const= struct iovec *vec, +@@ -559,7 +559,7 @@ static ssize_t kernel_readv(struct file *file, const= struct iovec *vec, old_fs =3D get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -49337,7 +48059,7 @@ index fa2defa..8601650 100644 set_fs(old_fs); =20 return res; -@@ -575,7 +575,7 @@ static ssize_t kernel_write(struct file *file, const= char *buf, size_t count, +@@ -574,7 +574,7 @@ static ssize_t kernel_write(struct file *file, const= char *buf, size_t count, old_fs =3D get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -49346,7 +48068,7 @@ index fa2defa..8601650 100644 set_fs(old_fs); =20 return res; -@@ -626,7 +626,7 @@ ssize_t default_file_splice_read(struct file *in, lo= ff_t *ppos, +@@ -625,7 +625,7 @@ ssize_t default_file_splice_read(struct file *in, lo= ff_t *ppos, goto err; =20 this_len =3D min_t(size_t, len, PAGE_CACHE_SIZE - offset); @@ -49355,7 +48077,7 @@ index fa2defa..8601650 100644 vec[i].iov_len =3D this_len; spd.pages[i] =3D page; spd.nr_pages++; -@@ -846,10 +846,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed); +@@ -845,10 +845,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed); int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_d= esc *sd) { while (!pipe->nrbufs) { @@ -49368,7 +48090,7 @@ index fa2defa..8601650 100644 return 0; =20 if (sd->flags & SPLICE_F_NONBLOCK) -@@ -1182,7 +1182,7 @@ ssize_t splice_direct_to_actor(struct file *in, st= ruct splice_desc *sd, +@@ -1181,7 +1181,7 @@ ssize_t splice_direct_to_actor(struct file *in, st= ruct splice_desc *sd, * out of the pipe right after the splice_to_pipe(). So set * PIPE_READERS appropriately. */ @@ -49377,7 +48099,7 @@ index fa2defa..8601650 100644 =20 current->splice_pipe =3D pipe; } -@@ -1734,9 +1734,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe= , unsigned int flags) +@@ -1733,9 +1733,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe= , unsigned int flags) ret =3D -ERESTARTSYS; break; } @@ -49389,7 +48111,7 @@ index fa2defa..8601650 100644 if (flags & SPLICE_F_NONBLOCK) { ret =3D -EAGAIN; break; -@@ -1768,7 +1768,7 @@ static int opipe_prep(struct pipe_inode_info *pipe= , unsigned int flags) +@@ -1767,7 +1767,7 @@ static int opipe_prep(struct pipe_inode_info *pipe= , unsigned int flags) pipe_lock(pipe); =20 while (pipe->nrbufs >=3D pipe->buffers) { @@ -49398,7 +48120,7 @@ index fa2defa..8601650 100644 send_sig(SIGPIPE, current, 0); ret =3D -EPIPE; break; -@@ -1781,9 +1781,9 @@ static int opipe_prep(struct pipe_inode_info *pipe= , unsigned int flags) +@@ -1780,9 +1780,9 @@ static int opipe_prep(struct pipe_inode_info *pipe= , unsigned int flags) ret =3D -ERESTARTSYS; break; } @@ -49410,7 +48132,7 @@ index fa2defa..8601650 100644 } =20 pipe_unlock(pipe); -@@ -1819,14 +1819,14 @@ retry: +@@ -1818,14 +1818,14 @@ retry: pipe_double_lock(ipipe, opipe); =20 do { @@ -49427,7 +48149,7 @@ index fa2defa..8601650 100644 break; =20 /* -@@ -1923,7 +1923,7 @@ static int link_pipe(struct pipe_inode_info *ipipe= , +@@ -1922,7 +1922,7 @@ static int link_pipe(struct pipe_inode_info *ipipe= , pipe_double_lock(ipipe, opipe); =20 do { @@ -49436,7 +48158,7 @@ index fa2defa..8601650 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret =3D -EPIPE; -@@ -1968,7 +1968,7 @@ static int link_pipe(struct pipe_inode_info *ipipe= , +@@ -1967,7 +1967,7 @@ static int link_pipe(struct pipe_inode_info *ipipe= , * return EAGAIN if we have the potential of some data in the * future, otherwise just return 0 */ @@ -49445,19 +48167,6 @@ index fa2defa..8601650 100644 ret =3D -EAGAIN; =20 pipe_unlock(ipipe); -diff --git a/fs/sysfs/bin.c b/fs/sysfs/bin.c -index a475983..9c6a1f0 100644 ---- a/fs/sysfs/bin.c -+++ b/fs/sysfs/bin.c -@@ -67,6 +67,8 @@ fill_read(struct file *file, char *buffer, loff_t off,= size_t count) - } -=20 - static ssize_t -+read(struct file *file, char __user *userbuf, size_t bytes, loff_t *off= ) __size_overflow(3); -+static ssize_t - read(struct file *file, char __user *userbuf, size_t bytes, loff_t *off= ) - { - struct bin_buffer *bb =3D file->private_data; diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c index 7fdf6a7..e6cd8ad 100644 --- a/fs/sysfs/dir.c @@ -49482,7 +48191,7 @@ index 7fdf6a7..e6cd8ad 100644 sd =3D sysfs_new_dirent(name, mode, SYSFS_DIR); if (!sd) diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c -index 779789a..f58193c 100644 +index 00012e3..8392349 100644 --- a/fs/sysfs/file.c +++ b/fs/sysfs/file.c @@ -37,7 +37,7 @@ static DEFINE_SPINLOCK(sysfs_open_dirent_lock); @@ -49543,44 +48252,6 @@ index a7ac78f..02158e1 100644 if (!IS_ERR(page)) free_page((unsigned long)page); } -diff --git a/fs/ubifs/debug.c b/fs/ubifs/debug.c -index b09ba2d..1cad1a8 100644 ---- a/fs/ubifs/debug.c -+++ b/fs/ubifs/debug.c -@@ -2817,6 +2817,7 @@ static ssize_t dfs_file_read(struct file *file, ch= ar __user *u, size_t count, - * debugfs file. Returns %0 or %1 in case of success and a negative err= or code - * in case of failure. - */ -+static int interpret_user_input(const char __user *u, size_t count) __s= ize_overflow(2); - static int interpret_user_input(const char __user *u, size_t count) - { - size_t buf_size; -@@ -2835,6 +2836,8 @@ static int interpret_user_input(const char __user = *u, size_t count) - } -=20 - static ssize_t dfs_file_write(struct file *file, const char __user *u, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t dfs_file_write(struct file *file, const char __user *u, - size_t count, loff_t *ppos) - { - struct ubifs_info *c =3D file->private_data; -diff --git a/fs/udf/file.c b/fs/udf/file.c -index dca0c38..d567b84 100644 ---- a/fs/udf/file.c -+++ b/fs/udf/file.c -@@ -201,12 +201,10 @@ out: - static int udf_release_file(struct inode *inode, struct file *filp) - { - if (filp->f_mode & FMODE_WRITE) { -- mutex_lock(&inode->i_mutex); - down_write(&UDF_I(inode)->i_data_sem); - udf_discard_prealloc(inode); - udf_truncate_tail_extent(inode); - up_write(&UDF_I(inode)->i_data_sem); -- mutex_unlock(&inode->i_mutex); - } - return 0; - } diff --git a/fs/udf/misc.c b/fs/udf/misc.c index c175b4d..8f36a16 100644 --- a/fs/udf/misc.c @@ -49620,7 +48291,7 @@ index ba653f3..06ea4b1 100644 error =3D notify_change(path->dentry, &newattrs); mutex_unlock(&inode->i_mutex); diff --git a/fs/xattr.c b/fs/xattr.c -index 67583de..c5aad14 100644 +index 82f4337..236473c 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -315,7 +315,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr); @@ -49682,7 +48353,7 @@ index 67583de..c5aad14 100644 if (!error) { - error =3D setxattr(dentry, name, value, size, flags); + error =3D setxattr(&f->f_path, name, value, size, flags); - mnt_drop_write(f->f_path.mnt); + mnt_drop_write_file(f); } fput(f); diff --git a/fs/xattr_acl.c b/fs/xattr_acl.c @@ -49701,7 +48372,7 @@ index 8d5a506..7f62712 100644 struct posix_acl *acl; struct posix_acl_entry *acl_e; diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c -index d0ab788..827999b 100644 +index 188ef2f..adcf864 100644 --- a/fs/xfs/xfs_bmap.c +++ b/fs/xfs/xfs_bmap.c @@ -190,7 +190,7 @@ xfs_bmap_validate_ret( @@ -49735,7 +48406,7 @@ index 79d05e8..e3e5861 100644 *offset =3D off & 0x7fffffff; return 0; diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c -index d99a905..9f88202 100644 +index 76f3ca5..f57f712 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -128,7 +128,7 @@ xfs_find_handle( @@ -49748,7 +48419,7 @@ index d99a905..9f88202 100644 goto out_put; =20 diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c -index 23ce927..e274cc1 100644 +index ab30253..4d86958 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -447,7 +447,7 @@ xfs_vn_put_link( @@ -50890,10 +49561,10 @@ index 0000000..1b9afa9 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..2d9c682 +index 0000000..e8c5d41 --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,4172 @@ +@@ -0,0 +1,4179 @@ +#include +#include +#include @@ -50918,6 +49589,7 @@ index 0000000..2d9c682 +#include +#include +#include ++#include "../fs/mount.h" + +#include +#include @@ -51089,6 +49761,7 @@ index 0000000..2d9c682 +{ + struct dentry *dentry =3D path->dentry; + struct vfsmount *vfsmnt =3D path->mnt; ++ struct mount *mnt =3D real_mount(vfsmnt); + bool slash =3D false; + int error =3D 0; + @@ -51097,11 +49770,12 @@ index 0000000..2d9c682 + + if (dentry =3D=3D vfsmnt->mnt_root || IS_ROOT(dentry)) { + /* Global root? */ -+ if (vfsmnt->mnt_parent =3D=3D vfsmnt) { ++ if (!mnt_has_parent(mnt)) { + goto out; + } -+ dentry =3D vfsmnt->mnt_mountpoint; -+ vfsmnt =3D vfsmnt->mnt_parent; ++ dentry =3D mnt->mnt_mountpoint; ++ mnt =3D mnt->mnt_parent; ++ vfsmnt =3D &mnt->mnt; + continue; + } + parent =3D dentry->d_parent; @@ -52754,6 +51428,7 @@ index 0000000..2d9c682 +{ + struct dentry *dentry =3D (struct dentry *) l_dentry; + struct vfsmount *mnt =3D (struct vfsmount *) l_mnt; ++ struct mount *real_mnt =3D real_mount(mnt); + struct acl_object_label *retval; + struct dentry *parent; + @@ -52778,15 +51453,16 @@ index 0000000..2d9c682 + break; + + if (dentry =3D=3D mnt->mnt_root || IS_ROOT(dentry)) { -+ if (mnt->mnt_parent =3D=3D mnt) ++ if (!mnt_has_parent(real_mnt)) + break; + + retval =3D full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkgl= ob); + if (retval !=3D NULL) + goto out; + -+ dentry =3D mnt->mnt_mountpoint; -+ mnt =3D mnt->mnt_parent; ++ dentry =3D real_mnt->mnt_mountpoint; ++ real_mnt =3D real_mnt->mnt_parent; ++ mnt =3D &real_mnt->mnt; + continue; + } + @@ -52841,6 +51517,7 @@ index 0000000..2d9c682 +{ + struct dentry *dentry =3D (struct dentry *) l_dentry; + struct vfsmount *mnt =3D (struct vfsmount *) l_mnt; ++ struct mount *real_mnt =3D real_mount(mnt); + struct acl_subject_label *retval; + struct dentry *parent; + @@ -52851,7 +51528,7 @@ index 0000000..2d9c682 + if (dentry =3D=3D real_root.dentry && mnt =3D=3D real_root.mnt) + break; + if (dentry =3D=3D mnt->mnt_root || IS_ROOT(dentry)) { -+ if (mnt->mnt_parent =3D=3D mnt) ++ if (!mnt_has_parent(real_mnt)) + break; + + spin_lock(&dentry->d_lock); @@ -52864,8 +51541,9 @@ index 0000000..2d9c682 + if (retval !=3D NULL) + goto out; + -+ dentry =3D mnt->mnt_mountpoint; -+ mnt =3D mnt->mnt_parent; ++ dentry =3D real_mnt->mnt_mountpoint; ++ real_mnt =3D real_mnt->mnt_parent; ++ mnt =3D &real_mnt->mnt; + continue; + } + @@ -55179,10 +53857,10 @@ index 0000000..34fefda +} diff --git a/grsecurity/gracl_cap.c b/grsecurity/gracl_cap.c new file mode 100644 -index 0000000..955ddfb +index 0000000..6d21049 --- /dev/null +++ b/grsecurity/gracl_cap.c -@@ -0,0 +1,101 @@ +@@ -0,0 +1,110 @@ +#include +#include +#include @@ -55193,11 +53871,8 @@ index 0000000..955ddfb +extern const char *captab_log[]; +extern int captab_log_entries; + -+int -+gr_acl_is_capable(const int cap) ++int gr_task_acl_is_capable(const struct task_struct *task, const struct= cred *cred, const int cap) +{ -+ struct task_struct *task =3D current; -+ const struct cred *cred =3D current_cred(); + struct acl_subject_label *curracl; + kernel_cap_t cap_drop =3D __cap_empty_set, cap_mask =3D __cap_empty_se= t; + kernel_cap_t cap_audit =3D __cap_empty_set; @@ -55248,11 +53923,17 @@ index 0000000..955ddfb + + if ((cap >=3D 0) && (cap < captab_log_entries) && cap_raised(cred->cap= _effective, cap) && !cap_raised(cap_audit, cap)) + gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]); ++ + return 0; +} + +int -+gr_acl_is_capable_nolog(const int cap) ++gr_acl_is_capable(const int cap) ++{ ++ return gr_task_acl_is_capable(current, current_cred(), cap); ++} ++ ++int gr_task_acl_is_capable_nolog(const struct task_struct *task, const = int cap) +{ + struct acl_subject_label *curracl; + kernel_cap_t cap_drop =3D __cap_empty_set, cap_mask =3D __cap_empty_se= t; @@ -55260,7 +53941,7 @@ index 0000000..955ddfb + if (!gr_acl_is_enabled()) + return 1; + -+ curracl =3D current->acl; ++ curracl =3D task->acl; + + cap_drop =3D curracl->cap_lower; + cap_mask =3D curracl->cap_mask; @@ -55284,6 +53965,12 @@ index 0000000..955ddfb + return 0; +} + ++int ++gr_acl_is_capable_nolog(const int cap) ++{ ++ return gr_task_acl_is_capable_nolog(current, cap); ++} ++ diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c new file mode 100644 index 0000000..88d0e87 @@ -56777,10 +55464,10 @@ index 0000000..bc0be01 +} diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c new file mode 100644 -index 0000000..a2dc675 +index 0000000..9807ee2 --- /dev/null +++ b/grsecurity/grsec_chroot.c -@@ -0,0 +1,351 @@ +@@ -0,0 +1,368 @@ +#include +#include +#include @@ -56788,7 +55475,7 @@ index 0000000..a2dc675 +#include +#include +#include -+#include ++#include "../fs/mount.h" +#include +#include + @@ -56796,7 +55483,7 @@ index 0000000..a2dc675 +{ +#ifdef CONFIG_GRKERNSEC + if (task->pid > 1 && path->dentry !=3D init_task.fs->root.dentry && -+ path->dentry !=3D task->nsproxy->mnt_ns->root->mnt_root) ++ path->dentry !=3D task->nsproxy->mnt_ns->root->mnt.mnt_root= ) + task->gr_is_chrooted =3D 1; + else + task->gr_is_chrooted =3D 0; @@ -57065,15 +55752,14 @@ index 0000000..a2dc675 +extern int captab_log_entries; + +int -+gr_chroot_is_capable(const int cap) ++gr_task_chroot_is_capable(const struct task_struct *task, const struct = cred *cred, const int cap) +{ +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS -+ if (grsec_enable_chroot_caps && proc_is_chrooted(current)) { ++ if (grsec_enable_chroot_caps && proc_is_chrooted(task)) { + kernel_cap_t chroot_caps =3D GR_CHROOT_CAPS; + if (cap_raised(chroot_caps, cap)) { -+ const struct cred *creds =3D current_cred(); -+ if (cap_raised(creds->cap_effective, cap) && cap < captab_log_entrie= s) { -+ gr_log_cap(GR_DONT_AUDIT, GR_CAP_CHROOT_MSG, current, captab_log[ca= p]); ++ if (cap_raised(cred->cap_effective, cap) && cap < captab_log_entries= ) { ++ gr_log_cap(GR_DONT_AUDIT, GR_CAP_CHROOT_MSG, task, captab_log[cap])= ; + } + return 0; + } @@ -57083,10 +55769,19 @@ index 0000000..a2dc675 +} + +int -+gr_chroot_is_capable_nolog(const int cap) ++gr_chroot_is_capable(const int cap) ++{ ++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS ++ return gr_task_chroot_is_capable(current, current_cred(), cap); ++#endif ++ return 1; ++} ++ ++int ++gr_task_chroot_is_capable_nolog(const struct task_struct *task, const i= nt cap) +{ +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS -+ if (grsec_enable_chroot_caps && proc_is_chrooted(current)) { ++ if (grsec_enable_chroot_caps && proc_is_chrooted(task)) { + kernel_cap_t chroot_caps =3D GR_CHROOT_CAPS; + if (cap_raised(chroot_caps, cap)) { + return 0; @@ -57097,6 +55792,15 @@ index 0000000..a2dc675 +} + +int ++gr_chroot_is_capable_nolog(const int cap) ++{ ++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS ++ return gr_task_chroot_is_capable_nolog(current, cap); ++#endif ++ return 1; ++} ++ ++int +gr_handle_chroot_sysctl(const int op) +{ +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL @@ -57577,10 +56281,10 @@ index 0000000..213ad8b +#endif diff --git a/grsecurity/grsec_exec.c b/grsecurity/grsec_exec.c new file mode 100644 -index 0000000..2b05ada +index 0000000..abfa971 --- /dev/null +++ b/grsecurity/grsec_exec.c -@@ -0,0 +1,146 @@ +@@ -0,0 +1,174 @@ +#include +#include +#include @@ -57658,8 +56362,12 @@ index 0000000..2b05ada +#ifdef CONFIG_GRKERNSEC +extern int gr_acl_is_capable(const int cap); +extern int gr_acl_is_capable_nolog(const int cap); ++extern int gr_task_acl_is_capable(const struct task_struct *task, const= struct cred *cred, const int cap); ++extern int gr_task_acl_is_capable_nolog(const struct task_struct *task,= const int cap); +extern int gr_chroot_is_capable(const int cap); +extern int gr_chroot_is_capable_nolog(const int cap); ++extern int gr_task_chroot_is_capable(const struct task_struct *task, co= nst struct cred *cred, const int cap); ++extern int gr_task_chroot_is_capable_nolog(const struct task_struct *ta= sk, const int cap); +#endif + +const char *captab_log[] =3D { @@ -57714,6 +56422,17 @@ index 0000000..2b05ada +#endif +} + ++int gr_task_is_capable(const struct task_struct *task, const struct cre= d *cred, const int cap) ++{ ++#ifdef CONFIG_GRKERNSEC ++ if (gr_task_acl_is_capable(task, cred, cap) && gr_task_chroot_is_capab= le(task, cred, cap)) ++ return 1; ++ return 0; ++#else ++ return 1; ++#endif ++} ++ +int gr_is_capable_nolog(const int cap) +{ +#ifdef CONFIG_GRKERNSEC @@ -57725,8 +56444,21 @@ index 0000000..2b05ada +#endif +} + ++int gr_task_is_capable_nolog(const struct task_struct *task, const int = cap) ++{ ++#ifdef CONFIG_GRKERNSEC ++ if (gr_task_acl_is_capable_nolog(task, cap) && gr_task_chroot_is_capab= le_nolog(task, cap)) ++ return 1; ++ return 0; ++#else ++ return 1; ++#endif ++} ++ +EXPORT_SYMBOL(gr_is_capable); +EXPORT_SYMBOL(gr_is_capable_nolog); ++EXPORT_SYMBOL(gr_task_is_capable); ++EXPORT_SYMBOL(gr_task_is_capable_nolog); diff --git a/grsecurity/grsec_fifo.c b/grsecurity/grsec_fifo.c new file mode 100644 index 0000000..d3ee748 @@ -60098,6 +58830,32 @@ index 0d68a1e..b74a761 100644 { machine_restart(NULL); } +diff --git a/include/asm-generic/int-l64.h b/include/asm-generic/int-l64= .h +index 1ca3efc..e3dc852 100644 +--- a/include/asm-generic/int-l64.h ++++ b/include/asm-generic/int-l64.h +@@ -46,6 +46,8 @@ typedef unsigned int u32; + typedef signed long s64; + typedef unsigned long u64; +=20 ++typedef unsigned int intoverflow_t __attribute__ ((mode(TI))); ++ + #define S8_C(x) x + #define U8_C(x) x ## U + #define S16_C(x) x +diff --git a/include/asm-generic/int-ll64.h b/include/asm-generic/int-ll= 64.h +index f394147..b6152b9 100644 +--- a/include/asm-generic/int-ll64.h ++++ b/include/asm-generic/int-ll64.h +@@ -51,6 +51,8 @@ typedef unsigned int u32; + typedef signed long long s64; + typedef unsigned long long u64; +=20 ++typedef unsigned long long intoverflow_t; ++ + #define S8_C(x) x + #define U8_C(x) x ## U + #define S16_C(x) x diff --git a/include/asm-generic/kmap_types.h b/include/asm-generic/kmap= _types.h index 0232ccb..13d9165 100644 --- a/include/asm-generic/kmap_types.h @@ -60220,70 +58978,6 @@ index 76bff2b..c7a14e2 100644 #endif /* !__ASSEMBLY__ */ =20 #endif /* _ASM_GENERIC_PGTABLE_H */ -diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess= .h -index ac68c99..90d3439 100644 ---- a/include/asm-generic/uaccess.h -+++ b/include/asm-generic/uaccess.h -@@ -76,6 +76,8 @@ extern unsigned long search_exception_table(unsigned l= ong); - */ - #ifndef __copy_from_user - static inline __must_check long __copy_from_user(void *to, -+ const void __user * from, unsigned long n) __size_overflow(3); -+static inline __must_check long __copy_from_user(void *to, - const void __user * from, unsigned long n) - { - if (__builtin_constant_p(n)) { -@@ -106,6 +108,8 @@ static inline __must_check long __copy_from_user(voi= d *to, -=20 - #ifndef __copy_to_user - static inline __must_check long __copy_to_user(void __user *to, -+ const void *from, unsigned long n) __size_overflow(3); -+static inline __must_check long __copy_to_user(void __user *to, - const void *from, unsigned long n) - { - if (__builtin_constant_p(n)) { -@@ -224,6 +228,7 @@ extern int __put_user_bad(void) __attribute__((noret= urn)); - -EFAULT; \ - }) -=20 -+static inline int __get_user_fn(size_t size, const void __user *ptr, vo= id *x) __size_overflow(1); - static inline int __get_user_fn(size_t size, const void __user *ptr, vo= id *x) - { - size =3D __copy_from_user(x, ptr, size); -@@ -240,6 +245,7 @@ extern int __get_user_bad(void) __attribute__((noret= urn)); - #define __copy_to_user_inatomic __copy_to_user - #endif -=20 -+static inline long copy_from_user(void *to, const void __user * from, u= nsigned long n) __size_overflow(3); - static inline long copy_from_user(void *to, - const void __user * from, unsigned long n) - { -@@ -250,6 +256,7 @@ static inline long copy_from_user(void *to, - return n; - } -=20 -+static inline long copy_to_user(void __user *to, const void *from, unsi= gned long n) __size_overflow(3); - static inline long copy_to_user(void __user *to, - const void *from, unsigned long n) - { -@@ -309,6 +316,8 @@ static inline long strlen_user(const char __user *sr= c) - */ - #ifndef __clear_user - static inline __must_check unsigned long -+__clear_user(void __user *to, unsigned long n) __size_overflow(2); -+static inline __must_check unsigned long - __clear_user(void __user *to, unsigned long n) - { - memset((void __force *)to, 0, n); -@@ -317,6 +326,8 @@ __clear_user(void __user *to, unsigned long n) - #endif -=20 - static inline __must_check unsigned long -+clear_user(void __user *to, unsigned long n) __size_overflow(2); -+static inline __must_check unsigned long - clear_user(void __user *to, unsigned long n) - { - might_sleep(); diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vml= inux.lds.h index b5e2e4c..6a5373e 100644 --- a/include/asm-generic/vmlinux.lds.h @@ -60320,7 +59014,7 @@ index b5e2e4c..6a5373e 100644 /** * PERCPU_SECTION - define output section for percpu area, simple versi= on diff --git a/include/drm/drmP.h b/include/drm/drmP.h -index bf4b2dc..2d0762f 100644 +index 92f0981..d44a37c 100644 --- a/include/drm/drmP.h +++ b/include/drm/drmP.h @@ -72,6 +72,7 @@ @@ -60350,7 +59044,7 @@ index bf4b2dc..2d0762f 100644 =20 struct list_head filelist; diff --git a/include/drm/drm_crtc_helper.h b/include/drm/drm_crtc_helper= .h -index 73b0712..0b7ef2f 100644 +index 37515d1..34fa8b0 100644 --- a/include/drm/drm_crtc_helper.h +++ b/include/drm/drm_crtc_helper.h @@ -74,7 +74,7 @@ struct drm_crtc_helper_funcs { @@ -60404,7 +59098,7 @@ index e86dfca..40cc55f 100644 #define N_MAGIC(exec) ((exec).a_info & 0xffff) #endif diff --git a/include/linux/atmdev.h b/include/linux/atmdev.h -index 49a83ca..df96b54 100644 +index f4ff882..84b53a6 100644 --- a/include/linux/atmdev.h +++ b/include/linux/atmdev.h @@ -237,7 +237,7 @@ struct compat_atm_iobuf { @@ -60417,27 +59111,10 @@ index 49a83ca..df96b54 100644 #undef __HANDLE_ITEM }; diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h -index fd88a39..8a801b4 100644 +index 0092102..8a801b4 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h -@@ -18,7 +18,7 @@ struct pt_regs; - #define BINPRM_BUF_SIZE 128 -=20 - #ifdef __KERNEL__ --#include -+#include -=20 - #define CORENAME_MAX_SIZE 128 -=20 -@@ -58,6 +58,7 @@ struct linux_binprm { - unsigned interp_flags; - unsigned interp_data; - unsigned long loader, exec; -+ char tcomm[TASK_COMM_LEN]; - }; -=20 - #define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0 -@@ -88,6 +89,7 @@ struct linux_binfmt { +@@ -89,6 +89,7 @@ struct linux_binfmt { int (*load_binary)(struct linux_binprm *, struct pt_regs * regs); int (*load_shlib)(struct file *); int (*core_dump)(struct coredump_params *cprm); @@ -60446,10 +59123,10 @@ index fd88a39..8a801b4 100644 }; =20 diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h -index 0ed1eb0..3ab569b 100644 +index 606cf33..b72c577 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h -@@ -1315,7 +1315,7 @@ struct block_device_operations { +@@ -1379,7 +1379,7 @@ struct block_device_operations { /* this callback is with swap_lock and sometimes page table lock held = */ void (*swap_slot_free_notify) (struct block_device *, unsigned long); struct module *owner; @@ -60555,16 +59232,15 @@ index 4c57065..4307975 100644 #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTE= S))) #endif diff --git a/include/linux/capability.h b/include/linux/capability.h -index a63d13d..069bfd5 100644 +index 12d52de..b5f7fa7 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h -@@ -548,6 +548,9 @@ extern bool capable(int cap); +@@ -548,6 +548,8 @@ extern bool has_ns_capability_noaudit(struct task_st= ruct *t, + extern bool capable(int cap); extern bool ns_capable(struct user_namespace *ns, int cap); - extern bool task_ns_capable(struct task_struct *t, int cap); extern bool nsown_capable(int cap); -+extern bool task_ns_capable_nolog(struct task_struct *t, int cap); -+extern bool ns_capable_nolog(struct user_namespace *ns, int cap); +extern bool capable_nolog(int cap); ++extern bool ns_capable_nolog(struct user_namespace *ns, int cap); =20 /* audit system wants to get cap info from files as well */ extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct c= pu_vfs_cap_data *cpu_caps); @@ -60582,11 +59258,11 @@ index 04ffb2e..6799180 100644 extern struct cleancache_ops cleancache_register_ops(struct cleancache_ops *ops); diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4= .h -index dfadc96..d90deca 100644 +index 2f40791..89a56fd 100644 --- a/include/linux/compiler-gcc4.h +++ b/include/linux/compiler-gcc4.h -@@ -31,6 +31,15 @@ -=20 +@@ -32,6 +32,12 @@ + #define __linktime_error(message) __attribute__((__error__(message))) =20 #if __GNUC_MINOR__ >=3D 5 + @@ -60595,13 +59271,10 @@ index dfadc96..d90deca 100644 +#define __do_const __attribute__((do_const)) +#endif + -+#ifdef SIZE_OVERFLOW_PLUGIN -+#define __size_overflow(...) __attribute__((size_overflow(__VA_ARGS__))= ) -+#endif /* * Mark a position in code as unreachable. This can be used to * suppress control flow warnings after asm blocks that transfer -@@ -46,6 +55,11 @@ +@@ -47,6 +53,11 @@ #define __noclone __attribute__((__noclone__)) =20 #endif @@ -60614,7 +59287,7 @@ index dfadc96..d90deca 100644 =20 #if __GNUC_MINOR__ > 0 diff --git a/include/linux/compiler.h b/include/linux/compiler.h -index 320d6c9..1221a6b 100644 +index 4a24354..9570c1b 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -5,31 +5,62 @@ @@ -60690,7 +59363,7 @@ index 320d6c9..1221a6b 100644 #endif =20 #ifdef __KERNEL__ -@@ -264,6 +297,17 @@ void ftrace_likely_update(struct ftrace_branch_data= *f, int val, int expect); +@@ -264,6 +297,14 @@ void ftrace_likely_update(struct ftrace_branch_data= *f, int val, int expect); # define __attribute_const__ /* unimplemented */ #endif =20 @@ -60702,13 +59375,10 @@ index 320d6c9..1221a6b 100644 +# define __do_const +#endif + -+#ifndef __size_overflow -+# define __size_overflow(...) -+#endif /* * Tell gcc if a function is cold. The compiler will assume any path * directly leading to the call is unlikely. -@@ -273,6 +317,22 @@ void ftrace_likely_update(struct ftrace_branch_data= *f, int val, int expect); +@@ -273,6 +314,22 @@ void ftrace_likely_update(struct ftrace_branch_data= *f, int val, int expect); #define __cold #endif =20 @@ -60731,7 +59401,7 @@ index 320d6c9..1221a6b 100644 /* Simple shorthand for a section definition */ #ifndef __section # define __section(S) __attribute__ ((__section__(#S))) -@@ -306,6 +366,7 @@ void ftrace_likely_update(struct ftrace_branch_data = *f, int val, int expect); +@@ -308,6 +365,7 @@ void ftrace_likely_update(struct ftrace_branch_data = *f, int val, int expect); * use is to mediate communication between process-level code and irq/N= MI * handlers, all running on the same CPU. */ @@ -60753,21 +59423,8 @@ index e9eaec5..bfeb9bb 100644 } =20 static inline void set_mems_allowed(nodemask_t nodemask) -diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h -index b936763..48685ee 100644 ---- a/include/linux/crash_dump.h -+++ b/include/linux/crash_dump.h -@@ -14,7 +14,7 @@ extern unsigned long long elfcorehdr_addr; - extern unsigned long long elfcorehdr_size; -=20 - extern ssize_t copy_oldmem_page(unsigned long, char *, size_t, -- unsigned long, int); -+ unsigned long, int) __size_overflow(3); -=20 - /* Architecture code defines this if there are other possible ELF - * machine types, e.g. on bi-arch capable hardware. */ diff --git a/include/linux/cred.h b/include/linux/cred.h -index 4030896..8d6f342 100644 +index adadf71..6af5560 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -207,6 +207,9 @@ static inline void validate_creds_for_do_exit(struct= task_struct *tsk) @@ -60836,10 +59493,10 @@ index e13117c..e9fc938 100644 #define DMA_BIT_MASK(n) (((n) =3D=3D 64) ? ~0ULL : ((1ULL<<(n))-1)) =20 diff --git a/include/linux/efi.h b/include/linux/efi.h -index 2362a0b..cfaf8fcc 100644 +index 37c3007..92ab679 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -446,7 +446,7 @@ struct efivar_operations { +@@ -580,7 +580,7 @@ struct efivar_operations { efi_get_variable_t *get_variable; efi_get_next_variable_t *get_next_variable; efi_set_variable_t *set_variable; @@ -60849,10 +59506,10 @@ index 2362a0b..cfaf8fcc 100644 struct efivars { /* diff --git a/include/linux/elf.h b/include/linux/elf.h -index 31f0508..5421c01 100644 +index 999b4f5..57753b4 100644 --- a/include/linux/elf.h +++ b/include/linux/elf.h -@@ -49,6 +49,17 @@ typedef __s64 Elf64_Sxword; +@@ -40,6 +40,17 @@ typedef __s64 Elf64_Sxword; #define PT_GNU_EH_FRAME 0x6474e550 =20 #define PT_GNU_STACK (PT_LOOS + 0x474e551) @@ -60870,7 +59527,7 @@ index 31f0508..5421c01 100644 =20 /* * Extended Numbering -@@ -106,6 +117,8 @@ typedef __s64 Elf64_Sxword; +@@ -97,6 +108,8 @@ typedef __s64 Elf64_Sxword; #define DT_DEBUG 21 #define DT_TEXTREL 22 #define DT_JMPREL 23 @@ -60879,7 +59536,7 @@ index 31f0508..5421c01 100644 #define DT_ENCODING 32 #define OLD_DT_LOOS 0x60000000 #define DT_LOOS 0x6000000d -@@ -252,6 +265,19 @@ typedef struct elf64_hdr { +@@ -243,6 +256,19 @@ typedef struct elf64_hdr { #define PF_W 0x2 #define PF_X 0x1 =20 @@ -60899,7 +59556,7 @@ index 31f0508..5421c01 100644 typedef struct elf32_phdr{ Elf32_Word p_type; Elf32_Off p_offset; -@@ -344,6 +370,8 @@ typedef struct elf64_shdr { +@@ -335,6 +361,8 @@ typedef struct elf64_shdr { #define EI_OSABI 7 #define EI_PAD 8 =20 @@ -60908,7 +59565,7 @@ index 31f0508..5421c01 100644 #define ELFMAG0 0x7f /* EI_MAG */ #define ELFMAG1 'E' #define ELFMAG2 'L' -@@ -423,6 +451,7 @@ extern Elf32_Dyn _DYNAMIC []; +@@ -421,6 +449,7 @@ extern Elf32_Dyn _DYNAMIC []; #define elf_note elf32_note #define elf_addr_t Elf32_Off #define Elf_Half Elf32_Half @@ -60916,7 +59573,7 @@ index 31f0508..5421c01 100644 =20 #else =20 -@@ -433,6 +462,7 @@ extern Elf64_Dyn _DYNAMIC []; +@@ -431,6 +460,7 @@ extern Elf64_Dyn _DYNAMIC []; #define elf_note elf64_note #define elf_addr_t Elf64_Off #define Elf_Half Elf64_Half @@ -60960,10 +59617,10 @@ index 84ccf8e..2e9b14c 100644 }; =20 diff --git a/include/linux/fs.h b/include/linux/fs.h -index 10b2288..09180e4 100644 +index 69cd5bb..58425c2 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h -@@ -1609,7 +1609,8 @@ struct file_operations { +@@ -1623,7 +1623,8 @@ struct file_operations { int (*setlease)(struct file *, long, struct file_lock **); long (*fallocate)(struct file *file, int mode, loff_t offset, loff_t len); @@ -61056,7 +59713,7 @@ index c3da42d..c70e0df 100644 int trace_set_clr_event(const char *system, const char *event, int set)= ; =20 diff --git a/include/linux/genhd.h b/include/linux/genhd.h -index c6f7f6a..aa0f7d3 100644 +index e61d319..0da8505 100644 --- a/include/linux/genhd.h +++ b/include/linux/genhd.h @@ -185,7 +185,7 @@ struct gendisk { @@ -61898,10 +60555,10 @@ index 0000000..ae576a1 +#define GR_BADPROCPID_MSG "denied read of sensitive /proc/pid/%s entry = via fd passed across exec by " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..2ccf677 +index 0000000..acd05db --- /dev/null +++ b/include/linux/grsecurity.h -@@ -0,0 +1,229 @@ +@@ -0,0 +1,232 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include @@ -62013,6 +60670,9 @@ index 0000000..2ccf677 + +int gr_is_capable(const int cap); +int gr_is_capable_nolog(const int cap); ++int gr_task_is_capable(const struct task_struct *task, const struct cre= d *cred, const int cap); ++int gr_task_is_capable_nolog(const struct task_struct *task, const int = cap); ++ +void gr_learn_resource(const struct task_struct *task, const int limit, + const unsigned long wanted, const int gt); +void gr_copy_label(struct task_struct *tsk); @@ -62157,10 +60817,10 @@ index 0000000..e7ffaaf + +#endif diff --git a/include/linux/hid.h b/include/linux/hid.h -index c235e4e..f0cf7a0 100644 +index 3a95da6..51986f1 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h -@@ -679,7 +679,7 @@ struct hid_ll_driver { +@@ -696,7 +696,7 @@ struct hid_ll_driver { unsigned int code, int value); =20 int (*parse)(struct hid_device *hdev); @@ -62193,7 +60853,7 @@ index 3a93f73..b19d0b3 100644 unsigned start1, unsigned end1, unsigned start2, unsigned end2) diff --git a/include/linux/i2c.h b/include/linux/i2c.h -index 07d103a..04ec65b 100644 +index 8e25a91..551b161 100644 --- a/include/linux/i2c.h +++ b/include/linux/i2c.h @@ -364,6 +364,7 @@ struct i2c_algorithm { @@ -62217,11 +60877,32 @@ index a6deef4..c56a7f2 100644 struct list_head context_list; /* list of context id's and pointers */ #endif +diff --git a/include/linux/if_team.h b/include/linux/if_team.h +index 58404b0..439ed95 100644 +--- a/include/linux/if_team.h ++++ b/include/linux/if_team.h +@@ -64,6 +64,7 @@ struct team_mode_ops { + void (*port_leave)(struct team *team, struct team_port *port); + void (*port_change_mac)(struct team *team, struct team_port *port); + }; ++typedef struct team_mode_ops __no_const team_mode_ops_no_const; +=20 + enum team_option_type { + TEAM_OPTION_TYPE_U32, +@@ -112,7 +113,7 @@ struct team { + struct list_head option_list; +=20 + const struct team_mode *mode; +- struct team_mode_ops ops; ++ team_mode_ops_no_const ops; + long mode_priv[TEAM_MODE_PRIV_LONGS]; + }; +=20 diff --git a/include/linux/init.h b/include/linux/init.h -index 9146f39..885354d 100644 +index 6b95109..4aca62c 100644 --- a/include/linux/init.h +++ b/include/linux/init.h -@@ -293,13 +293,13 @@ void __init parse_early_options(char *cmdline); +@@ -294,13 +294,13 @@ void __init parse_early_options(char *cmdline); =20 /* Each module must use one module_init(). */ #define module_init(initfn) \ @@ -62238,10 +60919,10 @@ index 9146f39..885354d 100644 void cleanup_module(void) __attribute__((alias(#exitfn))); =20 diff --git a/include/linux/init_task.h b/include/linux/init_task.h -index 32574ee..00d4ef1 100644 +index 9c66b1a..a3fdded 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h -@@ -128,6 +128,12 @@ extern struct cred init_cred; +@@ -127,6 +127,12 @@ extern struct cred init_cred; =20 #define INIT_TASK_COMM "swapper" =20 @@ -62254,7 +60935,7 @@ index 32574ee..00d4ef1 100644 /* * INIT_TASK is used to set up the first task table, touch at * your own risk!. Base=3D0, limit=3D0x1fffff (=3D2MB) -@@ -166,6 +172,7 @@ extern struct cred init_cred; +@@ -165,6 +171,7 @@ extern struct cred init_cred; RCU_INIT_POINTER(.cred, &init_cred), \ .comm =3D INIT_TASK_COMM, \ .thread =3D INIT_THREAD, \ @@ -62366,7 +61047,7 @@ index fa39183..40160be 100644 extern struct kgdb_arch arch_kgdb_ops; =20 diff --git a/include/linux/kmod.h b/include/linux/kmod.h -index b16f653..eb908f4 100644 +index 722f477..eef2a27 100644 --- a/include/linux/kmod.h +++ b/include/linux/kmod.h @@ -34,6 +34,8 @@ extern char modprobe_path[]; /* for sysctl */ @@ -62378,11 +61059,24 @@ index b16f653..eb908f4 100644 #define request_module(mod...) __request_module(true, mod) #define request_module_nowait(mod...) __request_module(false, mod) #define try_then_request_module(x, mod...) \ +diff --git a/include/linux/kref.h b/include/linux/kref.h +index 9c07dce..a92fa71 100644 +--- a/include/linux/kref.h ++++ b/include/linux/kref.h +@@ -63,7 +63,7 @@ static inline void kref_get(struct kref *kref) + static inline int kref_sub(struct kref *kref, unsigned int count, + void (*release)(struct kref *kref)) + { +- WARN_ON(release =3D=3D NULL); ++ BUG_ON(release =3D=3D NULL); +=20 + if (atomic_sub_and_test((int) count, &kref->refcount)) { + release(kref); diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index d526231..c9599fc 100644 +index 900c763..43260cf 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h -@@ -308,7 +308,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); +@@ -326,7 +326,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); void vcpu_load(struct kvm_vcpu *vcpu); void vcpu_put(struct kvm_vcpu *vcpu); =20 @@ -62391,34 +61085,7 @@ index d526231..c9599fc 100644 struct module *module); void kvm_exit(void); =20 -@@ -385,20 +385,20 @@ void kvm_get_pfn(pfn_t pfn); - int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int off= set, - int len); - int kvm_read_guest_atomic(struct kvm *kvm, gpa_t gpa, void *data, -- unsigned long len); --int kvm_read_guest(struct kvm *kvm, gpa_t gpa, void *data, unsigned lon= g len); -+ unsigned long len) __size_overflow(4); -+int kvm_read_guest(struct kvm *kvm, gpa_t gpa, void *data, unsigned lon= g len) __size_overflow(2,4); - int kvm_read_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc= , -- void *data, unsigned long len); -+ void *data, unsigned long len) __size_overflow(4); - int kvm_write_guest_page(struct kvm *kvm, gfn_t gfn, const void *data, - int offset, int len); - int kvm_write_guest(struct kvm *kvm, gpa_t gpa, const void *data, -- unsigned long len); -+ unsigned long len) __size_overflow(2,4); - int kvm_write_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *gh= c, -- void *data, unsigned long len); -+ void *data, unsigned long len) __size_overflow(4); - int kvm_gfn_to_hva_cache_init(struct kvm *kvm, struct gfn_to_hva_cache = *ghc, - gpa_t gpa); - int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int le= n); --int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len); -+int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len) __si= ze_overflow(2,3); - struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn); - int kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn); - unsigned long kvm_host_page_size(struct kvm *kvm, gfn_t gfn); -@@ -454,7 +454,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_v= cpu *vcpu, +@@ -485,7 +485,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_v= cpu *vcpu, struct kvm_guest_debug *dbg); int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_= run); =20 @@ -62427,15 +61094,6 @@ index d526231..c9599fc 100644 void kvm_arch_exit(void); =20 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); -@@ -690,7 +690,7 @@ int kvm_setup_default_irq_routing(struct kvm *kvm); - int kvm_set_irq_routing(struct kvm *kvm, - const struct kvm_irq_routing_entry *entries, - unsigned nr, -- unsigned flags); -+ unsigned flags) __size_overflow(3); - void kvm_free_irq_routing(struct kvm *kvm); -=20 - #else diff --git a/include/linux/libata.h b/include/linux/libata.h index cafc09a..d7e7829 100644 --- a/include/linux/libata.h @@ -62463,10 +61121,10 @@ index 3797270..7765ede 100644 struct mca_bus { u64 default_dma_mask; diff --git a/include/linux/memory.h b/include/linux/memory.h -index 935699b..11042cc 100644 +index 1ac7f6e..a5794d0 100644 --- a/include/linux/memory.h +++ b/include/linux/memory.h -@@ -144,7 +144,7 @@ struct memory_accessor { +@@ -143,7 +143,7 @@ struct memory_accessor { size_t count); ssize_t (*write)(struct memory_accessor *, const char *buf, off_t offset, size_t count); @@ -62488,7 +61146,7 @@ index 9970337..9444122 100644 int abx500_register_ops(struct device *core_dev, struct abx500_ops *ops= ); void abx500_remove_ops(struct device *dev); diff --git a/include/linux/mm.h b/include/linux/mm.h -index 4baadd1..2e0b45e 100644 +index 17b27cd..467ba2f 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -115,7 +115,14 @@ extern unsigned int kobjsize(const void *objp); @@ -62557,7 +61215,7 @@ index 4baadd1..2e0b45e 100644 int vma_wants_writenotify(struct vm_area_struct *vma); =20 extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr= , -@@ -1419,6 +1407,7 @@ out: +@@ -1409,6 +1397,7 @@ out: } =20 extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -62565,7 +61223,7 @@ index 4baadd1..2e0b45e 100644 =20 extern unsigned long do_brk(unsigned long, unsigned long); =20 -@@ -1476,6 +1465,10 @@ extern struct vm_area_struct * find_vma(struct mm= _struct * mm, unsigned long add +@@ -1466,6 +1455,10 @@ extern struct vm_area_struct * find_vma(struct mm= _struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, uns= igned long addr, struct vm_area_struct **pprev); =20 @@ -62576,8 +61234,8 @@ index 4baadd1..2e0b45e 100644 /* Look up the first VMA which intersects the interval start_addr..end_= addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_s= truct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1492,15 +1485,6 @@ static inline unsigned long vma_pages(struct vm_a= rea_struct *vma) - return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT; +@@ -1494,15 +1487,6 @@ static inline struct vm_area_struct *find_exact_v= ma(struct mm_struct *mm, + return vma; } =20 -#ifdef CONFIG_MMU @@ -62592,7 +61250,7 @@ index 4baadd1..2e0b45e 100644 struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned lon= g addr); int remap_pfn_range(struct vm_area_struct *, unsigned long addr, unsigned long pfn, unsigned long size, pgprot_t); -@@ -1614,7 +1598,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -1606,7 +1590,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -62601,9 +61259,9 @@ index 4baadd1..2e0b45e 100644 extern int soft_offline_page(struct page *page, int flags); =20 extern void dump_page(struct page *page); -@@ -1628,5 +1612,11 @@ extern void copy_user_huge_page(struct page *dst,= struct page *src, - unsigned int pages_per_huge_page); - #endif /* CONFIG_TRANSPARENT_HUGEPAGE || CONFIG_HUGETLBFS */ +@@ -1637,5 +1621,11 @@ static inline unsigned int debug_guardpage_minord= er(void) { return 0; } + static inline bool page_is_guard(struct page *page) { return false; } + #endif /* CONFIG_DEBUG_PAGEALLOC */ =20 +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT +extern void track_exec_limit(struct mm_struct *mm, unsigned long start,= unsigned long end, unsigned long prot); @@ -62614,10 +61272,10 @@ index 4baadd1..2e0b45e 100644 #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index 5b42f1b..759e4b4 100644 +index 3cc3062..8947a82 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h -@@ -253,6 +253,8 @@ struct vm_area_struct { +@@ -252,6 +252,8 @@ struct vm_area_struct { #ifdef CONFIG_NUMA struct mempolicy *vm_policy; /* NUMA policy for the VMA */ #endif @@ -62626,7 +61284,7 @@ index 5b42f1b..759e4b4 100644 }; =20 struct core_thread { -@@ -389,6 +391,24 @@ struct mm_struct { +@@ -388,6 +390,24 @@ struct mm_struct { #ifdef CONFIG_CPUMASK_OFFSTACK struct cpumask cpumask_allocation; #endif @@ -62672,10 +61330,10 @@ index 1d1b1e1..2a13c78 100644 =20 #define pmdp_clear_flush_notify(__vma, __address, __pmdp) \ diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h -index 188cb2f..d78409b 100644 +index 650ba2f..af0a58c 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h -@@ -369,7 +369,7 @@ struct zone { +@@ -379,7 +379,7 @@ struct zone { unsigned long flags; /* zone flags, see below */ =20 /* Zone statistics */ @@ -62685,7 +61343,7 @@ index 188cb2f..d78409b 100644 /* * The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicet= able.h -index 468819c..17b9db3 100644 +index 83ac071..2656e0e 100644 --- a/include/linux/mod_devicetable.h +++ b/include/linux/mod_devicetable.h @@ -12,7 +12,7 @@ @@ -62707,7 +61365,7 @@ index 468819c..17b9db3 100644 struct hid_device_id { __u16 bus; diff --git a/include/linux/module.h b/include/linux/module.h -index 3cb7839..511cb87 100644 +index 4598bf0..e069d7f 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -17,6 +17,7 @@ @@ -62718,7 +61376,7 @@ index 3cb7839..511cb87 100644 =20 #include #include -@@ -261,19 +262,16 @@ struct module +@@ -275,19 +276,16 @@ struct module int (*init)(void); =20 /* If this is non-NULL, vfree after init() returns */ @@ -62742,7 +61400,7 @@ index 3cb7839..511cb87 100644 =20 /* Arch-specific module values */ struct mod_arch_specific arch; -@@ -329,6 +327,10 @@ struct module +@@ -343,6 +341,10 @@ struct module #ifdef CONFIG_EVENT_TRACING struct ftrace_event_call **trace_events; unsigned int num_trace_events; @@ -62753,7 +61411,7 @@ index 3cb7839..511cb87 100644 #endif #ifdef CONFIG_FTRACE_MCOUNT_RECORD unsigned int num_ftrace_callsites; -@@ -379,16 +381,46 @@ bool is_module_address(unsigned long addr); +@@ -390,16 +392,46 @@ bool is_module_address(unsigned long addr); bool is_module_percpu_address(unsigned long addr); bool is_module_text_address(unsigned long addr); =20 @@ -62805,22 +61463,19 @@ index 3cb7839..511cb87 100644 =20 /* Search for module by name: must hold module_mutex. */ diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h -index b2be02e..edb10c9 100644 +index b2be02e..6a9fdb1 100644 --- a/include/linux/moduleloader.h +++ b/include/linux/moduleloader.h -@@ -23,11 +23,23 @@ unsigned int arch_mod_section_prepend(struct module = *mod, unsigned int section); -=20 - /* Allocator used for allocating struct module, core sections and init +@@ -25,9 +25,21 @@ unsigned int arch_mod_section_prepend(struct module *= mod, unsigned int section); sections. Returns NULL on failure. */ --void *module_alloc(unsigned long size); -+void *module_alloc(unsigned long size) __size_overflow(1); -+ + void *module_alloc(unsigned long size); +=20 +#ifdef CONFIG_PAX_KERNEXEC +void *module_alloc_exec(unsigned long size); +#else +#define module_alloc_exec(x) module_alloc(x) +#endif -=20 ++ /* Free memory returned from module_alloc. */ void module_free(struct module *mod, void *module_region); =20 @@ -62834,7 +61489,7 @@ index b2be02e..edb10c9 100644 or 0. */ int apply_relocate(Elf_Shdr *sechdrs, diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h -index 7939f63..ec6df57 100644 +index c47f4d6..23f9bdb 100644 --- a/include/linux/moduleparam.h +++ b/include/linux/moduleparam.h @@ -260,7 +260,7 @@ static inline void __kernel_param_unlock(void) @@ -62846,27 +61501,15 @@ index 7939f63..ec6df57 100644 =3D { len, string }; \ __module_param_call(MODULE_PARAM_PREFIX, name, \ ¶m_ops_string, \ -@@ -395,7 +395,7 @@ extern int param_get_invbool(char *buffer, const str= uct kernel_param *kp); - * module_param_named() for why this might be necessary. +@@ -396,7 +396,7 @@ extern int param_set_bint(const char *val, const str= uct kernel_param *kp); */ #define module_param_array_named(name, array, type, nump, perm) \ + param_check_##type(name, &(array)[0]); \ - static const struct kparam_array __param_arr_##name \ + static const struct kparam_array __param_arr_##name __used \ =3D { .max =3D ARRAY_SIZE(array), .num =3D nump, = \ .ops =3D ¶m_ops_##type, \ .elemsize =3D sizeof(array[0]), .elem =3D array }; \ -diff --git a/include/linux/mtd/map.h b/include/linux/mtd/map.h -index a9e6ba4..0f9e29b 100644 ---- a/include/linux/mtd/map.h -+++ b/include/linux/mtd/map.h -@@ -25,6 +25,7 @@ - #include - #include - #include -+#include - #include -=20 -=20 diff --git a/include/linux/namei.h b/include/linux/namei.h index ffc0213..2c1f2cb 100644 --- a/include/linux/namei.h @@ -62896,18 +61539,18 @@ index ffc0213..2c1f2cb 100644 return nd->saved_names[nd->depth]; } diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index a82ad4d..90d15b7 100644 +index 0eac07c..a59f6a8 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -949,6 +949,7 @@ struct net_device_ops { - int (*ndo_set_features)(struct net_device *dev, - u32 features); +@@ -1002,6 +1002,7 @@ struct net_device_ops { + int (*ndo_neigh_construct)(struct neighbour *n); + void (*ndo_neigh_destroy)(struct neighbour *n); }; +typedef struct net_device_ops __no_const net_device_ops_no_const; =20 /* * The DEVICE structure. -@@ -1088,7 +1089,7 @@ struct net_device { +@@ -1063,7 +1064,7 @@ struct net_device { int iflink; =20 struct net_device_stats stats; @@ -62945,7 +61588,7 @@ index c65a18a..0c05f3a 100644 extern void *prom_early_alloc(unsigned long size); =20 diff --git a/include/linux/oprofile.h b/include/linux/oprofile.h -index a4c5624..2dabfb7 100644 +index a4c5624..79d6d88 100644 --- a/include/linux/oprofile.h +++ b/include/linux/oprofile.h @@ -139,9 +139,9 @@ int oprofilefs_create_ulong(struct super_block * sb,= struct dentry * root, @@ -62960,15 +61603,6 @@ index a4c5624..2dabfb7 100644 =20 /** create a directory */ struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry= * root, -@@ -163,7 +163,7 @@ ssize_t oprofilefs_ulong_to_user(unsigned long val, = char __user * buf, size_t co - * Read an ASCII string for a number from a userspace buffer and fill *= val on success. - * Returns 0 on success, < 0 on error. - */ --int oprofilefs_ulong_from_user(unsigned long * val, char const __user *= buf, size_t count); -+int oprofilefs_ulong_from_user(unsigned long * val, char const __user *= buf, size_t count) __size_overflow(3); -=20 - /** lock for read/write safety */ - extern raw_spinlock_t oprofilefs_lock; diff --git a/include/linux/padata.h b/include/linux/padata.h index 4633b2f..988bc08 100644 --- a/include/linux/padata.h @@ -62983,10 +61617,10 @@ index 4633b2f..988bc08 100644 atomic_t refcnt; unsigned int max_seq_nr; diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h -index b1f8912..c955bff 100644 +index abb2776..d8b8e15 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h -@@ -748,8 +748,8 @@ struct perf_event { +@@ -750,8 +750,8 @@ struct perf_event { =20 enum perf_event_active_state state; unsigned int attach_state; @@ -62997,7 +61631,7 @@ index b1f8912..c955bff 100644 =20 /* * These are the total time in nanoseconds that the event -@@ -800,8 +800,8 @@ struct perf_event { +@@ -802,8 +802,8 @@ struct perf_event { * These accumulate total time (in nanoseconds) that children * events have been enabled and running, respectively. */ @@ -63038,10 +61672,10 @@ index 77257c9..51d473a 100644 unsigned int w_counter; struct page *tmp_page; diff --git a/include/linux/pm_runtime.h b/include/linux/pm_runtime.h -index d3085e7..fd01052 100644 +index 609daae..5392427 100644 --- a/include/linux/pm_runtime.h +++ b/include/linux/pm_runtime.h -@@ -95,7 +95,7 @@ static inline bool pm_runtime_callbacks_present(struct= device *dev) +@@ -97,7 +97,7 @@ static inline bool pm_runtime_callbacks_present(struct= device *dev) =20 static inline void pm_runtime_mark_last_busy(struct device *dev) { @@ -63051,7 +61685,7 @@ index d3085e7..fd01052 100644 =20 #else /* !CONFIG_PM_RUNTIME */ diff --git a/include/linux/poison.h b/include/linux/poison.h -index 79159de..f1233a9 100644 +index 2110a81..13a11bb 100644 --- a/include/linux/poison.h +++ b/include/linux/poison.h @@ -19,8 +19,8 @@ @@ -63079,14 +61713,14 @@ index 58969b2..ead129b 100644 /** * preempt_notifier - key for installing preemption notifiers diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h -index 643b96c..ef55a9c 100644 +index 85c5073..51fac8b 100644 --- a/include/linux/proc_fs.h +++ b/include/linux/proc_fs.h -@@ -155,6 +155,19 @@ static inline struct proc_dir_entry *proc_create(co= nst char *name, mode_t mode, +@@ -155,6 +155,18 @@ static inline struct proc_dir_entry *proc_create(co= nst char *name, umode_t mode, return proc_create_data(name, mode, parent, proc_fops, NULL); } =20 -+static inline struct proc_dir_entry *proc_create_grsec(const char *name= , mode_t mode, ++static inline struct proc_dir_entry *proc_create_grsec(const char *name= , umode_t mode, + struct proc_dir_entry *parent, const struct file_operations *proc_fops= ) +{ +#ifdef CONFIG_GRKERNSEC_PROC_USER @@ -63097,12 +61731,11 @@ index 643b96c..ef55a9c 100644 + return proc_create_data(name, mode, parent, proc_fops, NULL); +#endif +} -+=09 + static inline struct proc_dir_entry *create_proc_read_entry(const char = *name, - mode_t mode, struct proc_dir_entry *base,=20 + umode_t mode, struct proc_dir_entry *base,=20 read_proc_t *read_proc, void * data) -@@ -258,7 +271,7 @@ union proc_op { +@@ -258,7 +270,7 @@ union proc_op { int (*proc_show)(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); @@ -63112,24 +61745,22 @@ index 643b96c..ef55a9c 100644 struct ctl_table_header; struct ctl_table; diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h -index 800f113..e9ee2e3 100644 +index c2f1f6a..6fdb196 100644 --- a/include/linux/ptrace.h +++ b/include/linux/ptrace.h -@@ -129,10 +129,12 @@ extern void __ptrace_unlink(struct task_struct *ch= ild); - extern void exit_ptrace(struct task_struct *tracer); - #define PTRACE_MODE_READ 1 - #define PTRACE_MODE_ATTACH 2 --/* Returns 0 on success, -errno on denial. */ --extern int __ptrace_may_access(struct task_struct *task, unsigned int m= ode); - /* Returns true on success, false on denial. */ - extern bool ptrace_may_access(struct task_struct *task, unsigned int mo= de); -+/* Returns true on success, false on denial. */ -+extern bool ptrace_may_access_log(struct task_struct *task, unsigned in= t mode); -+/* Returns true on success, false on denial. */ -+extern bool ptrace_may_access_nolock(struct task_struct *task, unsigned= int mode); -=20 - static inline int ptrace_reparented(struct task_struct *child) - { +@@ -199,9 +199,10 @@ static inline void ptrace_event(int event, unsigned= long message) + if (unlikely(ptrace_event_enabled(current, event))) { + current->ptrace_message =3D message; + ptrace_notify((event << 8) | SIGTRAP); +- } else if (event =3D=3D PTRACE_EVENT_EXEC && unlikely(current->ptrace)= ) { ++ } else if (event =3D=3D PTRACE_EVENT_EXEC) { + /* legacy EXEC report via SIGTRAP */ +- send_sig(SIGTRAP, current, 0); ++ if ((current->ptrace & (PT_PTRACED|PT_SEIZED)) =3D=3D PT_PTRACED) ++ send_sig(SIGTRAP, current, 0); + } + } +=20 diff --git a/include/linux/random.h b/include/linux/random.h index 8f74538..02a1012 100644 --- a/include/linux/random.h @@ -63193,7 +61824,7 @@ index e0879a7..a12f962 100644 =20 #endif diff --git a/include/linux/reiserfs_fs.h b/include/linux/reiserfs_fs.h -index 96d465f..b084e05 100644 +index 2213ddc..650212a 100644 --- a/include/linux/reiserfs_fs.h +++ b/include/linux/reiserfs_fs.h @@ -1406,7 +1406,7 @@ static inline loff_t max_reiserfs_offset(struct in= ode *inode) @@ -63206,7 +61837,7 @@ index 96d465f..b084e05 100644 #define __fs_changed(gen,s) (gen !=3D get_generation (s)) #define fs_changed(gen,s) \ diff --git a/include/linux/reiserfs_fs_sb.h b/include/linux/reiserfs_fs_= sb.h -index 52c83b6..18ed7eb 100644 +index 8c9e85c..1698e9a 100644 --- a/include/linux/reiserfs_fs_sb.h +++ b/include/linux/reiserfs_fs_sb.h @@ -386,7 +386,7 @@ struct reiserfs_sb_info { @@ -63219,7 +61850,7 @@ index 52c83b6..18ed7eb 100644 unsigned long s_properties; /* File system properties. Currently holds on-disk FS format */ diff --git a/include/linux/relay.h b/include/linux/relay.h -index 14a86bc..17d0700 100644 +index a822fd7..62b70f6 100644 --- a/include/linux/relay.h +++ b/include/linux/relay.h @@ -159,7 +159,7 @@ struct rchan_callbacks @@ -63257,22 +61888,23 @@ index 4d50611..c6858a2 100644 #define RIO_RESOURCE_MEM 0x00000100 #define RIO_RESOURCE_DOORBELL 0x00000200 diff --git a/include/linux/rmap.h b/include/linux/rmap.h -index 2148b12..519b820 100644 +index 1cdd62a..e399f0d 100644 --- a/include/linux/rmap.h +++ b/include/linux/rmap.h -@@ -119,8 +119,8 @@ static inline void anon_vma_unlock(struct anon_vma *= anon_vma) +@@ -119,9 +119,9 @@ static inline void anon_vma_unlock(struct anon_vma *= anon_vma) void anon_vma_init(void); /* create anon_vma_cachep */ int anon_vma_prepare(struct vm_area_struct *); void unlink_anon_vmas(struct vm_area_struct *); -int anon_vma_clone(struct vm_area_struct *, struct vm_area_struct *); --int anon_vma_fork(struct vm_area_struct *, struct vm_area_struct *); +int anon_vma_clone(struct vm_area_struct *, const struct vm_area_struct= *); + void anon_vma_moveto_tail(struct vm_area_struct *); +-int anon_vma_fork(struct vm_area_struct *, struct vm_area_struct *); +int anon_vma_fork(struct vm_area_struct *, const struct vm_area_struct = *); void __anon_vma_link(struct vm_area_struct *); =20 static inline void anon_vma_merge(struct vm_area_struct *vma, diff --git a/include/linux/sched.h b/include/linux/sched.h -index 1c4f3e9..342eb1f 100644 +index 0657368..765f70f 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -101,6 +101,7 @@ struct bio_list; @@ -63283,7 +61915,7 @@ index 1c4f3e9..342eb1f 100644 =20 /* * List of flags we want to share for kernel threads, -@@ -380,10 +381,13 @@ struct user_namespace; +@@ -382,10 +383,13 @@ struct user_namespace; #define DEFAULT_MAX_MAP_COUNT (USHRT_MAX - MAPCOUNT_ELF_CORE_MARGIN) =20 extern int sysctl_max_map_count; @@ -63297,7 +61929,7 @@ index 1c4f3e9..342eb1f 100644 extern void arch_pick_mmap_layout(struct mm_struct *mm); extern unsigned long arch_get_unmapped_area(struct file *, unsigned long, unsigned long, -@@ -629,6 +633,17 @@ struct signal_struct { +@@ -631,6 +635,17 @@ struct signal_struct { #ifdef CONFIG_TASKSTATS struct taskstats *stats; #endif @@ -63315,7 +61947,7 @@ index 1c4f3e9..342eb1f 100644 #ifdef CONFIG_AUDIT unsigned audit_tty; struct tty_audit_buf *tty_audit_buf; -@@ -710,6 +725,11 @@ struct user_struct { +@@ -714,6 +729,11 @@ struct user_struct { struct key *session_keyring; /* UID's default session keyring */ #endif =20 @@ -63327,7 +61959,7 @@ index 1c4f3e9..342eb1f 100644 /* Hash table maintenance information */ struct hlist_node uidhash_node; uid_t uid; -@@ -1337,8 +1357,8 @@ struct task_struct { +@@ -1354,8 +1374,8 @@ struct task_struct { struct list_head thread_group; =20 struct completion *vfork_done; /* for vfork() */ @@ -63338,7 +61970,7 @@ index 1c4f3e9..342eb1f 100644 =20 cputime_t utime, stime, utimescaled, stimescaled; cputime_t gtime; -@@ -1354,13 +1374,6 @@ struct task_struct { +@@ -1371,13 +1391,6 @@ struct task_struct { struct task_cputime cputime_expires; struct list_head cpu_timers[3]; =20 @@ -63352,7 +61984,7 @@ index 1c4f3e9..342eb1f 100644 char comm[TASK_COMM_LEN]; /* executable name excluding path - access with [gs]et_task_comm (which lock it with task_lock()) -@@ -1377,8 +1390,16 @@ struct task_struct { +@@ -1394,8 +1407,16 @@ struct task_struct { #endif /* CPU-specific state of this task */ struct thread_struct thread; @@ -63369,7 +62001,7 @@ index 1c4f3e9..342eb1f 100644 /* open file information */ struct files_struct *files; /* namespaces */ -@@ -1425,6 +1446,11 @@ struct task_struct { +@@ -1442,6 +1463,11 @@ struct task_struct { struct rt_mutex_waiter *pi_blocked_on; #endif =20 @@ -63381,7 +62013,7 @@ index 1c4f3e9..342eb1f 100644 #ifdef CONFIG_DEBUG_MUTEXES /* mutex deadlock detection */ struct mutex_waiter *blocked_on; -@@ -1540,6 +1566,27 @@ struct task_struct { +@@ -1558,6 +1584,27 @@ struct task_struct { unsigned long default_timer_slack_ns; =20 struct list_head *scm_work_list; @@ -63409,7 +62041,7 @@ index 1c4f3e9..342eb1f 100644 #ifdef CONFIG_FUNCTION_GRAPH_TRACER /* Index of current stored address in ret_stack */ int curr_ret_stack; -@@ -1574,6 +1621,51 @@ struct task_struct { +@@ -1592,6 +1639,51 @@ struct task_struct { #endif }; =20 @@ -63461,7 +62093,7 @@ index 1c4f3e9..342eb1f 100644 /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) =20 -@@ -2081,7 +2173,9 @@ void yield(void); +@@ -2104,7 +2196,9 @@ void yield(void); extern struct exec_domain default_exec_domain; =20 union thread_union { @@ -63471,7 +62103,7 @@ index 1c4f3e9..342eb1f 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; =20 -@@ -2114,6 +2208,7 @@ extern struct pid_namespace init_pid_ns; +@@ -2137,6 +2231,7 @@ extern struct pid_namespace init_pid_ns; */ =20 extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -63479,29 +62111,16 @@ index 1c4f3e9..342eb1f 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); =20 -@@ -2235,6 +2330,12 @@ static inline void mmdrop(struct mm_struct * mm) - extern void mmput(struct mm_struct *); - /* Grab a reference to a task's mm, if it is not already going away */ - extern struct mm_struct *get_task_mm(struct task_struct *task); -+/* -+ * Grab a reference to a task's mm, if it is not already going away -+ * and ptrace_may_access with the mode parameter passed to it -+ * succeeds. -+ */ -+extern struct mm_struct *mm_access(struct task_struct *task, unsigned i= nt mode); - /* Remove the current tasks stale references to the old mm_struct */ - extern void mm_release(struct task_struct *, struct mm_struct *); - /* Allocate a new mm structure and copy contents from tsk->mm */ -@@ -2251,7 +2352,7 @@ extern void __cleanup_sighand(struct sighand_struc= t *); +@@ -2280,7 +2375,7 @@ extern void __cleanup_sighand(struct sighand_struc= t *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); =20 --extern NORET_TYPE void do_group_exit(int); +-extern void do_group_exit(int); +extern __noreturn void do_group_exit(int); =20 extern void daemonize(const char *, ...); extern int allow_signal(int); -@@ -2416,13 +2517,17 @@ static inline unsigned long *end_of_stack(struct= task_struct *p) +@@ -2478,13 +2573,17 @@ static inline unsigned long *end_of_stack(struct= task_struct *p) =20 #endif =20 @@ -63536,7 +62155,7 @@ index 899fbb4..1cb4138 100644 =20 #define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */ diff --git a/include/linux/security.h b/include/linux/security.h -index e8c619d..e0cbd1c 100644 +index 83c18e8..2d98860 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -37,6 +37,7 @@ @@ -63548,7 +62167,7 @@ index e8c619d..e0cbd1c 100644 =20 /* Maximum number of letters for an LSM name string */ diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h -index 0b69a46..b2ffa4c 100644 +index 44f1514..2bbf6c1 100644 --- a/include/linux/seq_file.h +++ b/include/linux/seq_file.h @@ -24,6 +24,9 @@ struct seq_file { @@ -63585,10 +62204,10 @@ index 92808b8..c28cac4 100644 =20 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 6cf8b53..bcce844 100644 +index ae86ade..2b51468 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -642,7 +642,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtst= amps(struct sk_buff *skb) +@@ -654,7 +654,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtst= amps(struct sk_buff *skb) */ static inline int skb_queue_empty(const struct sk_buff_head *list) { @@ -63597,7 +62216,7 @@ index 6cf8b53..bcce844 100644 } =20 /** -@@ -655,7 +655,7 @@ static inline int skb_queue_empty(const struct sk_bu= ff_head *list) +@@ -667,7 +667,7 @@ static inline int skb_queue_empty(const struct sk_bu= ff_head *list) static inline bool skb_queue_is_last(const struct sk_buff_head *list, const struct sk_buff *skb) { @@ -63606,7 +62225,7 @@ index 6cf8b53..bcce844 100644 } =20 /** -@@ -668,7 +668,7 @@ static inline bool skb_queue_is_last(const struct sk= _buff_head *list, +@@ -680,7 +680,7 @@ static inline bool skb_queue_is_last(const struct sk= _buff_head *list, static inline bool skb_queue_is_first(const struct sk_buff_head *list, const struct sk_buff *skb) { @@ -63615,7 +62234,7 @@ index 6cf8b53..bcce844 100644 } =20 /** -@@ -1533,7 +1533,7 @@ static inline int pskb_network_may_pull(struct sk_= buff *skb, unsigned int len) +@@ -1545,7 +1545,7 @@ static inline int pskb_network_may_pull(struct sk_= buff *skb, unsigned int len) * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD @@ -63625,7 +62244,7 @@ index 6cf8b53..bcce844 100644 =20 extern int ___pskb_trim(struct sk_buff *skb, unsigned int len); diff --git a/include/linux/slab.h b/include/linux/slab.h -index 573c809..07e1f43 100644 +index 573c809..e84c132 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -11,12 +11,20 @@ @@ -63666,14 +62285,7 @@ index 573c809..07e1f43 100644 =20 /* * struct kmem_cache related prototypes -@@ -156,11 +167,12 @@ unsigned int kmem_cache_size(struct kmem_cache *); - /* - * Common kmalloc functions provided by all allocators - */ --void * __must_check __krealloc(const void *, size_t, gfp_t); --void * __must_check krealloc(const void *, size_t, gfp_t); -+void * __must_check __krealloc(const void *, size_t, gfp_t) __size_over= flow(2); -+void * __must_check krealloc(const void *, size_t, gfp_t) __size_overfl= ow(2); +@@ -161,6 +172,7 @@ void * __must_check krealloc(const void *, size_t, g= fp_t); void kfree(const void *); void kzfree(const void *); size_t ksize(const void *); @@ -63681,29 +62293,71 @@ index 573c809..07e1f43 100644 =20 /* * Allocator specific definitions. These are mainly used to establish o= ptimized -@@ -287,7 +299,7 @@ static inline void *kmem_cache_alloc_node(struct kme= m_cache *cachep, - */ - #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ - (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) --extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); -+extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long) __siz= e_overflow(1); - #define kmalloc_track_caller(size, flags) \ - __kmalloc_track_caller(size, flags, _RET_IP_) - #else -@@ -306,7 +318,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, u= nsigned long); - */ - #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ - (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) --extern void *__kmalloc_node_track_caller(size_t, gfp_t, int, unsigned l= ong); -+extern void *__kmalloc_node_track_caller(size_t, gfp_t, int, unsigned l= ong) __size_overflow(1); - #define kmalloc_node_track_caller(size, flags, node) \ - __kmalloc_node_track_caller(size, flags, node, \ - _RET_IP_) +@@ -353,4 +365,59 @@ static inline void *kzalloc_node(size_t size, gfp_t= flags, int node) +=20 + void __init kmem_cache_init_late(void); +=20 ++#define kmalloc(x, y) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x =3D (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "kmalloc size overflow\n")) \ ++ ___retval =3D NULL; \ ++ else \ ++ ___retval =3D kmalloc((size_t)___x, (y)); \ ++ ___retval; \ ++}) ++ ++#define kmalloc_node(x, y, z) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x =3D (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "kmalloc_node size overflow\n"))\ ++ ___retval =3D NULL; \ ++ else \ ++ ___retval =3D kmalloc_node((size_t)___x, (y), (z));\ ++ ___retval; \ ++}) ++ ++#define kzalloc(x, y) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x =3D (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "kzalloc size overflow\n")) \ ++ ___retval =3D NULL; \ ++ else \ ++ ___retval =3D kzalloc((size_t)___x, (y)); \ ++ ___retval; \ ++}) ++ ++#define __krealloc(x, y, z) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___y =3D (intoverflow_t)y; \ ++ if (WARN(___y > ULONG_MAX, "__krealloc size overflow\n"))\ ++ ___retval =3D NULL; \ ++ else \ ++ ___retval =3D __krealloc((x), (size_t)___y, (z)); \ ++ ___retval; \ ++}) ++ ++#define krealloc(x, y, z) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___y =3D (intoverflow_t)y; \ ++ if (WARN(___y > ULONG_MAX, "krealloc size overflow\n")) \ ++ ___retval =3D NULL; \ ++ else \ ++ ___retval =3D krealloc((x), (size_t)___y, (z)); \ ++ ___retval; \ ++}) ++ + #endif /* _LINUX_SLAB_H */ diff --git a/include/linux/slab_def.h b/include/linux/slab_def.h -index d00e0ba..d61fb1f 100644 +index fbd1117..1e5e46c 100644 --- a/include/linux/slab_def.h +++ b/include/linux/slab_def.h -@@ -68,10 +68,10 @@ struct kmem_cache { +@@ -66,10 +66,10 @@ struct kmem_cache { unsigned long node_allocs; unsigned long node_frees; unsigned long node_overflow; @@ -63718,71 +62372,8 @@ index d00e0ba..d61fb1f 100644 =20 /* * If debugging is enabled, then the allocator can add additional -@@ -109,7 +109,7 @@ struct cache_sizes { - extern struct cache_sizes malloc_sizes[]; -=20 - void *kmem_cache_alloc(struct kmem_cache *, gfp_t); --void *__kmalloc(size_t size, gfp_t flags); -+void *__kmalloc(size_t size, gfp_t flags) __size_overflow(1); -=20 - #ifdef CONFIG_TRACING - extern void *kmem_cache_alloc_trace(size_t size, -@@ -127,6 +127,7 @@ static inline size_t slab_buffer_size(struct kmem_ca= che *cachep) - } - #endif -=20 -+static __always_inline void *kmalloc(size_t size, gfp_t flags) __size_o= verflow(1); - static __always_inline void *kmalloc(size_t size, gfp_t flags) - { - struct kmem_cache *cachep; -@@ -162,7 +163,7 @@ found: - } -=20 - #ifdef CONFIG_NUMA --extern void *__kmalloc_node(size_t size, gfp_t flags, int node); -+extern void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_= overflow(1); - extern void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, in= t node); -=20 - #ifdef CONFIG_TRACING -@@ -181,6 +182,7 @@ kmem_cache_alloc_node_trace(size_t size, - } - #endif -=20 -+static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int= node) __size_overflow(1); - static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int= node) - { - struct kmem_cache *cachep; -diff --git a/include/linux/slob_def.h b/include/linux/slob_def.h -index 0ec00b3..65e7e0e 100644 ---- a/include/linux/slob_def.h -+++ b/include/linux/slob_def.h -@@ -9,8 +9,9 @@ static __always_inline void *kmem_cache_alloc(struct kme= m_cache *cachep, - return kmem_cache_alloc_node(cachep, flags, -1); - } -=20 --void *__kmalloc_node(size_t size, gfp_t flags, int node); -+void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_overflo= w(1); -=20 -+static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int= node) __size_overflow(1); - static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int= node) - { - return __kmalloc_node(size, flags, node); -@@ -24,11 +25,13 @@ static __always_inline void *kmalloc_node(size_t siz= e, gfp_t flags, int node) - * kmalloc is the normal method of allocating memory - * in the kernel. - */ -+static __always_inline void *kmalloc(size_t size, gfp_t flags) __size_o= verflow(1); - static __always_inline void *kmalloc(size_t size, gfp_t flags) - { - return __kmalloc_node(size, flags, -1); - } -=20 -+static __always_inline void *__kmalloc(size_t size, gfp_t flags) __size= _overflow(1); - static __always_inline void *__kmalloc(size_t size, gfp_t flags) - { - return kmalloc(size, flags); diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h -index a32bcfd..d26bd6e 100644 +index a32bcfd..53b71f4 100644 --- a/include/linux/slub_def.h +++ b/include/linux/slub_def.h @@ -89,7 +89,7 @@ struct kmem_cache { @@ -63794,59 +62385,15 @@ index a32bcfd..d26bd6e 100644 void (*ctor)(void *); int inuse; /* Offset to metadata */ int align; /* Alignment */ -@@ -204,6 +204,7 @@ static __always_inline int kmalloc_index(size_t size= ) - * This ought to end up with a global pointer to the right cache - * in kmalloc_caches. - */ -+static __always_inline struct kmem_cache *kmalloc_slab(size_t size) __s= ize_overflow(1); - static __always_inline struct kmem_cache *kmalloc_slab(size_t size) - { - int index =3D kmalloc_index(size); -@@ -215,9 +216,11 @@ static __always_inline struct kmem_cache *kmalloc_s= lab(size_t size) +@@ -215,7 +215,7 @@ static __always_inline struct kmem_cache *kmalloc_sl= ab(size_t size) } =20 void *kmem_cache_alloc(struct kmem_cache *, gfp_t); -void *__kmalloc(size_t size, gfp_t flags); -+void *__kmalloc(size_t size, gfp_t flags) __alloc_size(1) __size_overfl= ow(1); ++void *__kmalloc(size_t size, gfp_t flags) __alloc_size(1); =20 static __always_inline void * -+kmalloc_order(size_t size, gfp_t flags, unsigned int order) __size_over= flow(1); -+static __always_inline void * kmalloc_order(size_t size, gfp_t flags, unsigned int order) - { - void *ret =3D (void *) __get_free_pages(flags | __GFP_COMP, order); -@@ -256,12 +259,14 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsi= gned int order) - } - #endif -=20 -+static __always_inline void *kmalloc_large(size_t size, gfp_t flags) __= size_overflow(1); - static __always_inline void *kmalloc_large(size_t size, gfp_t flags) - { - unsigned int order =3D get_order(size); - return kmalloc_order_trace(size, flags, order); - } -=20 -+static __always_inline void *kmalloc(size_t size, gfp_t flags) __size_o= verflow(1); - static __always_inline void *kmalloc(size_t size, gfp_t flags) - { - if (__builtin_constant_p(size)) { -@@ -281,7 +286,7 @@ static __always_inline void *kmalloc(size_t size, gf= p_t flags) - } -=20 - #ifdef CONFIG_NUMA --void *__kmalloc_node(size_t size, gfp_t flags, int node); -+void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_overflo= w(1); - void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node)= ; -=20 - #ifdef CONFIG_TRACING -@@ -298,6 +303,7 @@ kmem_cache_alloc_node_trace(struct kmem_cache *s, - } - #endif -=20 -+static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int= node) __size_overflow(1); - static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int= node) - { - if (__builtin_constant_p(size) && diff --git a/include/linux/sonet.h b/include/linux/sonet.h index de8832d..0147b46 100644 --- a/include/linux/sonet.h @@ -63861,7 +62408,7 @@ index de8832d..0147b46 100644 #undef __HANDLE_ITEM }; diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h -index 3d8f9c4..69f1c0a 100644 +index 2c5993a..b0e79f0 100644 --- a/include/linux/sunrpc/clnt.h +++ b/include/linux/sunrpc/clnt.h @@ -172,9 +172,9 @@ static inline unsigned short rpc_get_port(const stru= ct sockaddr *sap) @@ -63936,7 +62483,7 @@ index c14fe86..393245e 100644 #define RPCRDMA_VERSION 1 =20 diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h -index 703cfa33..0b8ca72ac 100644 +index bb9127d..34ab358 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h @@ -155,7 +155,11 @@ enum @@ -64013,10 +62560,10 @@ index ff7dc08..893e1bd 100644 =20 struct tty_ldisc { diff --git a/include/linux/types.h b/include/linux/types.h -index 57a9723..dbe234a 100644 +index e5fa503..df6e8a4 100644 --- a/include/linux/types.h +++ b/include/linux/types.h -@@ -213,10 +213,26 @@ typedef struct { +@@ -214,10 +214,26 @@ typedef struct { int counter; } atomic_t; =20 @@ -64044,7 +62591,7 @@ index 57a9723..dbe234a 100644 =20 struct list_head { diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h -index 5ca0951..53a2fff 100644 +index 5ca0951..ab496a5 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -76,11 +76,11 @@ static inline unsigned long __copy_from_user_nocache= (void *to, @@ -64062,15 +62609,6 @@ index 5ca0951..53a2fff 100644 ret; \ }) =20 -@@ -105,7 +105,7 @@ extern long __probe_kernel_read(void *dst, const voi= d *src, size_t size); - * Safely write to address @dst from the buffer at @src. If a kernel f= ault - * happens, handle that and return -EFAULT. - */ --extern long notrace probe_kernel_write(void *dst, const void *src, size= _t size); -+extern long notrace probe_kernel_write(void *dst, const void *src, size= _t size) __size_overflow(3); - extern long notrace __probe_kernel_write(void *dst, const void *src, si= ze_t size); -=20 - #endif /* __LINUX_UACCESS_H__ */ diff --git a/include/linux/unaligned/access_ok.h b/include/linux/unalign= ed/access_ok.h index 99c1b4d..bb94261 100644 --- a/include/linux/unaligned/access_ok.h @@ -64115,7 +62653,7 @@ index 99c1b4d..bb94261 100644 =20 static inline void put_unaligned_le16(u16 val, void *p) diff --git a/include/linux/usb/renesas_usbhs.h b/include/linux/usb/renes= as_usbhs.h -index e5a40c3..20ab0f6 100644 +index 0d3f988..000f101 100644 --- a/include/linux/usb/renesas_usbhs.h +++ b/include/linux/usb/renesas_usbhs.h @@ -39,7 +39,7 @@ enum { @@ -64127,7 +62665,7 @@ index e5a40c3..20ab0f6 100644 =20 /* * callback functions for platform -@@ -89,7 +89,7 @@ struct renesas_usbhs_platform_callback { +@@ -97,7 +97,7 @@ struct renesas_usbhs_platform_callback { * VBUS control is needed for Host */ int (*set_vbus)(struct platform_device *pdev, int enable); @@ -64178,7 +62716,7 @@ index 6f8fbcf..8259001 100644 + MODULE_GRSEC =20 diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h -index 4bde182..c42a656 100644 +index dcdfc2b..f937197 100644 --- a/include/linux/vmalloc.h +++ b/include/linux/vmalloc.h @@ -14,6 +14,11 @@ struct vm_area_struct; /* vma defining user mapping = in mm_types.h */ @@ -64193,46 +62731,110 @@ index 4bde182..c42a656 100644 /* bits [20..32] reserved for arch specific ioremap internals */ =20 /* -@@ -51,18 +56,18 @@ static inline void vmalloc_init(void) - } +@@ -157,4 +162,103 @@ pcpu_free_vm_areas(struct vm_struct **vms, int nr_= vms) + # endif #endif =20 --extern void *vmalloc(unsigned long size); --extern void *vzalloc(unsigned long size); --extern void *vmalloc_user(unsigned long size); --extern void *vmalloc_node(unsigned long size, int node); --extern void *vzalloc_node(unsigned long size, int node); --extern void *vmalloc_exec(unsigned long size); --extern void *vmalloc_32(unsigned long size); --extern void *vmalloc_32_user(unsigned long size); --extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t pro= t); -+extern void *vmalloc(unsigned long size) __size_overflow(1); -+extern void *vzalloc(unsigned long size) __size_overflow(1); -+extern void *vmalloc_user(unsigned long size) __size_overflow(1); -+extern void *vmalloc_node(unsigned long size, int node) __size_overflow= (1); -+extern void *vzalloc_node(unsigned long size, int node) __size_overflow= (1); -+extern void *vmalloc_exec(unsigned long size) __size_overflow(1); -+extern void *vmalloc_32(unsigned long size) __size_overflow(1); -+extern void *vmalloc_32_user(unsigned long size) __size_overflow(1); -+extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t pro= t) __size_overflow(1); - extern void *__vmalloc_node_range(unsigned long size, unsigned long ali= gn, - unsigned long start, unsigned long end, gfp_t gfp_mask, -- pgprot_t prot, int node, void *caller); -+ pgprot_t prot, int node, void *caller) __size_overflow(1); - extern void vfree(const void *addr); -=20 - extern void *vmap(struct page **pages, unsigned int count, -@@ -123,8 +128,8 @@ extern struct vm_struct *alloc_vm_area(size_t size, = pte_t **ptes); - extern void free_vm_area(struct vm_struct *area); -=20 - /* for /dev/kmem */ --extern long vread(char *buf, char *addr, unsigned long count); --extern long vwrite(char *buf, char *addr, unsigned long count); -+extern long vread(char *buf, char *addr, unsigned long count) __size_ov= erflow(3); -+extern long vwrite(char *buf, char *addr, unsigned long count) __size_o= verflow(3); -=20 - /* - * Internals. Dont't use.. ++#define vmalloc(x) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x =3D (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "vmalloc size overflow\n")) \ ++ ___retval =3D NULL; \ ++ else \ ++ ___retval =3D vmalloc((unsigned long)___x); \ ++ ___retval; \ ++}) ++ ++#define vzalloc(x) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x =3D (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "vzalloc size overflow\n")) \ ++ ___retval =3D NULL; \ ++ else \ ++ ___retval =3D vzalloc((unsigned long)___x); \ ++ ___retval; \ ++}) ++ ++#define __vmalloc(x, y, z) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x =3D (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "__vmalloc size overflow\n"))\ ++ ___retval =3D NULL; \ ++ else \ ++ ___retval =3D __vmalloc((unsigned long)___x, (y), (z));\ ++ ___retval; \ ++}) ++ ++#define vmalloc_user(x) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x =3D (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "vmalloc_user size overflow\n"))\ ++ ___retval =3D NULL; \ ++ else \ ++ ___retval =3D vmalloc_user((unsigned long)___x); \ ++ ___retval; \ ++}) ++ ++#define vmalloc_exec(x) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x =3D (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "vmalloc_exec size overflow\n"))\ ++ ___retval =3D NULL; \ ++ else \ ++ ___retval =3D vmalloc_exec((unsigned long)___x); \ ++ ___retval; \ ++}) ++ ++#define vmalloc_node(x, y) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x =3D (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "vmalloc_node size overflow\n"))\ ++ ___retval =3D NULL; \ ++ else \ ++ ___retval =3D vmalloc_node((unsigned long)___x, (y));\ ++ ___retval; \ ++}) ++ ++#define vzalloc_node(x, y) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x =3D (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "vzalloc_node size overflow\n"))\ ++ ___retval =3D NULL; \ ++ else \ ++ ___retval =3D vzalloc_node((unsigned long)___x, (y));\ ++ ___retval; \ ++}) ++ ++#define vmalloc_32(x) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x =3D (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "vmalloc_32 size overflow\n"))\ ++ ___retval =3D NULL; \ ++ else \ ++ ___retval =3D vmalloc_32((unsigned long)___x); \ ++ ___retval; \ ++}) ++ ++#define vmalloc_32_user(x) \ ++({ \ ++void *___retval; \ ++ intoverflow_t ___x =3D (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "vmalloc_32_user size overflow\n"))\ ++ ___retval =3D NULL; \ ++ else \ ++ ___retval =3D vmalloc_32_user((unsigned long)___x);\ ++ ___retval; \ ++}) ++ + #endif /* _LINUX_VMALLOC_H */ diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h index 65efb92..137adbb 100644 --- a/include/linux/vmstat.h @@ -64351,10 +62953,10 @@ index c7c40f1..4f01585 100644 /* * Newer version of video_device, handled by videodev2.c diff --git a/include/media/v4l2-ioctl.h b/include/media/v4l2-ioctl.h -index 4d1c74a..65e1221 100644 +index 3f5d60f..44210ed 100644 --- a/include/media/v4l2-ioctl.h +++ b/include/media/v4l2-ioctl.h -@@ -274,7 +274,7 @@ struct v4l2_ioctl_ops { +@@ -278,7 +278,7 @@ struct v4l2_ioctl_ops { long (*vidioc_default) (struct file *file, void *fh, bool valid_prio, int cmd, void *arg); }; @@ -64401,10 +63003,10 @@ index 9e5425b..8136ffc 100644 /* Protects from simultaneous access to first_req list */ spinlock_t info_list_lock; diff --git a/include/net/flow.h b/include/net/flow.h -index 2a7eefd..3250f3b 100644 +index 6c469db..7743b8e 100644 --- a/include/net/flow.h +++ b/include/net/flow.h -@@ -218,6 +218,6 @@ extern struct flow_cache_object *flow_cache_lookup( +@@ -221,6 +221,6 @@ extern struct flow_cache_object *flow_cache_lookup( =20 extern void flow_cache_flush(void); extern void flow_cache_flush_deferred(void); @@ -64413,7 +63015,7 @@ index 2a7eefd..3250f3b 100644 =20 #endif diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h -index e9ff3fc..9d3e5c7 100644 +index b94765e..053f68b 100644 --- a/include/net/inetpeer.h +++ b/include/net/inetpeer.h @@ -48,8 +48,8 @@ struct inet_peer { @@ -64427,7 +63029,7 @@ index e9ff3fc..9d3e5c7 100644 __u32 tcp_ts; __u32 tcp_ts_stamp; }; -@@ -113,11 +113,11 @@ static inline int inet_getid(struct inet_peer *p, = int more) +@@ -115,11 +115,11 @@ static inline int inet_getid(struct inet_peer *p, = int more) more++; inet_peer_refcheck(p); do { @@ -64455,7 +63057,7 @@ index 10422ef..662570f 100644 fib_info_update_nh_saddr((net), &FIB_RES_NH(res))) #define FIB_RES_GW(res) (FIB_RES_NH(res).nh_gw) diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h -index e5a7b9a..f4fc44b 100644 +index ebe517f..1bd286b 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -509,7 +509,7 @@ struct ip_vs_conn { @@ -64513,10 +63115,10 @@ index 59ba38bc..d515662 100644 /* Protect concurent access to : * o self->open_count diff --git a/include/net/iucv/af_iucv.h b/include/net/iucv/af_iucv.h -index f2419cf..473679f 100644 +index 0954ec9..7413562 100644 --- a/include/net/iucv/af_iucv.h +++ b/include/net/iucv/af_iucv.h -@@ -139,7 +139,7 @@ struct iucv_sock { +@@ -138,7 +138,7 @@ struct iucv_sock { struct iucv_sock_list { struct hlist_head head; rwlock_t lock; @@ -64526,10 +63128,10 @@ index f2419cf..473679f 100644 =20 unsigned int iucv_sock_poll(struct file *file, struct socket *sock, diff --git a/include/net/neighbour.h b/include/net/neighbour.h -index 2720884..3aa5c25 100644 +index 34c996f..bb3b4d4 100644 --- a/include/net/neighbour.h +++ b/include/net/neighbour.h -@@ -122,7 +122,7 @@ struct neigh_ops { +@@ -123,7 +123,7 @@ struct neigh_ops { void (*error_report)(struct neighbour *, struct sk_buff *); int (*output)(struct neighbour *, struct sk_buff *); int (*connected_output)(struct neighbour *, struct sk_buff *); @@ -64552,12 +63154,12 @@ index cb1f350..3279d2c 100644 =20 /** diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h -index d786b4f..4c3dd41 100644 +index bbd023a..97c6d0d 100644 --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h -@@ -56,8 +56,8 @@ struct netns_ipv4 { -=20 +@@ -57,8 +57,8 @@ struct netns_ipv4 { unsigned int sysctl_ping_group_range[2]; + long sysctl_tcp_mem[3]; =20 - atomic_t rt_genid; - atomic_t dev_addr_genid; @@ -64567,7 +63169,7 @@ index d786b4f..4c3dd41 100644 #ifdef CONFIG_IP_MROUTE #ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h -index 6a72a58..e6a127d 100644 +index d368561..96aaa17 100644 --- a/include/net/sctp/sctp.h +++ b/include/net/sctp/sctp.h @@ -318,9 +318,9 @@ do { \ @@ -64584,10 +63186,10 @@ index 6a72a58..e6a127d 100644 #define SCTP_DISABLE_DEBUG #define SCTP_ASSERT(expr, str, func) diff --git a/include/net/sock.h b/include/net/sock.h -index 32e3937..87a1dbc 100644 +index 91c1c8b..15ae923 100644 --- a/include/net/sock.h +++ b/include/net/sock.h -@@ -277,7 +277,7 @@ struct sock { +@@ -299,7 +299,7 @@ struct sock { #ifdef CONFIG_RPS __u32 sk_rxhash; #endif @@ -64596,7 +63198,7 @@ index 32e3937..87a1dbc 100644 int sk_rcvbuf; =20 struct sk_filter __rcu *sk_filter; -@@ -1402,7 +1402,7 @@ static inline void sk_nocaps_add(struct sock *sk, = int flags) +@@ -1660,7 +1660,7 @@ static inline void sk_nocaps_add(struct sock *sk, = netdev_features_t flags) } =20 static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_b= uff *skb, @@ -64606,10 +63208,10 @@ index 32e3937..87a1dbc 100644 { if (skb->ip_summed =3D=3D CHECKSUM_NONE) { diff --git a/include/net/tcp.h b/include/net/tcp.h -index bb18c4d..bb87972 100644 +index 2d80c29..aa07caf 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h -@@ -1409,7 +1409,7 @@ struct tcp_seq_afinfo { +@@ -1426,7 +1426,7 @@ struct tcp_seq_afinfo { char *name; sa_family_t family; const struct file_operations *seq_fops; @@ -64619,10 +63221,10 @@ index bb18c4d..bb87972 100644 =20 struct tcp_iter_state { diff --git a/include/net/udp.h b/include/net/udp.h -index 3b285f4..0219639 100644 +index e39592f..fef9680 100644 --- a/include/net/udp.h +++ b/include/net/udp.h -@@ -237,7 +237,7 @@ struct udp_seq_afinfo { +@@ -243,7 +243,7 @@ struct udp_seq_afinfo { sa_family_t family; struct udp_table *udp_table; const struct file_operations *seq_fops; @@ -64632,7 +63234,7 @@ index 3b285f4..0219639 100644 =20 struct udp_iter_state { diff --git a/include/net/xfrm.h b/include/net/xfrm.h -index b203e14..1df3991 100644 +index 89174e2..1f82598 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -505,7 +505,7 @@ struct xfrm_policy { @@ -64658,7 +63260,7 @@ index 1a046b1..ee0bef0 100644 /** * iw_create_cm_id - Create an IW CM identifier. diff --git a/include/scsi/libfc.h b/include/scsi/libfc.h -index 5d1a758..1dbf795 100644 +index 6a3922f..0b73022 100644 --- a/include/scsi/libfc.h +++ b/include/scsi/libfc.h @@ -748,6 +748,7 @@ struct libfc_function_template { @@ -64679,7 +63281,7 @@ index 5d1a758..1dbf795 100644 u8 qfull; enum fc_lport_state state; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h -index 5591ed5..13eb457 100644 +index 77273f2..dd4031f 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h @@ -161,9 +161,9 @@ struct scsi_device { @@ -64735,7 +63337,7 @@ index 8c05e47..2b5df97 100644 struct snd_hwdep { struct snd_card *card; diff --git a/include/sound/info.h b/include/sound/info.h -index 5492cc4..1a65278 100644 +index 9ca1a49..aba1728 100644 --- a/include/sound/info.h +++ b/include/sound/info.h @@ -44,7 +44,7 @@ struct snd_info_entry_text { @@ -64773,10 +63375,10 @@ index af1b49e..a5d55a5 100644 /* * CSP private data diff --git a/include/sound/soc.h b/include/sound/soc.h -index 11cfb59..e3f93f4 100644 +index 0992dff..bb366fe 100644 --- a/include/sound/soc.h +++ b/include/sound/soc.h -@@ -683,7 +683,7 @@ struct snd_soc_platform_driver { +@@ -682,7 +682,7 @@ struct snd_soc_platform_driver { /* platform IO - used for platform DAPM */ unsigned int (*read)(struct snd_soc_platform *, unsigned int); int (*write)(struct snd_soc_platform *, unsigned int, unsigned int); @@ -64785,6 +63387,15 @@ index 11cfb59..e3f93f4 100644 =20 struct snd_soc_platform { const char *name; +@@ -852,7 +852,7 @@ struct snd_soc_pcm_runtime { + struct snd_soc_dai_link *dai_link; + struct mutex pcm_mutex; + enum snd_soc_pcm_subclass pcm_subclass; +- struct snd_pcm_ops ops; ++ snd_pcm_ops_no_const ops; +=20 + unsigned int complete:1; + unsigned int dev_registered:1; diff --git a/include/sound/ymfpci.h b/include/sound/ymfpci.h index 444cd6b..3327cc5 100644 --- a/include/sound/ymfpci.h @@ -64799,10 +63410,10 @@ index 444cd6b..3327cc5 100644 const struct firmware *dsp_microcode; const struct firmware *controller_microcode; diff --git a/include/target/target_core_base.h b/include/target/target_c= ore_base.h -index 94bbec3..3a8c6b0 100644 +index dc4e345..6bf6080 100644 --- a/include/target/target_core_base.h +++ b/include/target/target_core_base.h -@@ -346,7 +346,7 @@ struct t10_reservation_ops { +@@ -443,7 +443,7 @@ struct t10_reservation_ops { int (*t10_seq_non_holder)(struct se_cmd *, unsigned char *, u32); int (*t10_pr_register)(struct se_cmd *); int (*t10_pr_clear)(struct se_cmd *); @@ -64811,7 +63422,7 @@ index 94bbec3..3a8c6b0 100644 =20 struct t10_reservation { /* Reservation effects all target ports */ -@@ -465,8 +465,8 @@ struct se_cmd { +@@ -561,8 +561,8 @@ struct se_cmd { atomic_t t_se_count; atomic_t t_task_cdbs_left; atomic_t t_task_cdbs_ex_left; @@ -64822,10 +63433,10 @@ index 94bbec3..3a8c6b0 100644 atomic_t t_transport_active; atomic_t t_transport_complete; atomic_t t_transport_queue_active; -@@ -705,7 +705,7 @@ struct se_device { +@@ -799,7 +799,7 @@ struct se_device { + spinlock_t stats_lock; /* Active commands on this virtual SE device */ atomic_t simple_cmds; - atomic_t depth_left; - atomic_t dev_ordered_id; + atomic_unchecked_t dev_ordered_id; atomic_t execute_tasks; @@ -64885,10 +63496,18 @@ index 0993a22..32ba2fe 100644 void *pmi_pal; u8 *vbe_state_orig; /* diff --git a/init/Kconfig b/init/Kconfig -index 43298f9..2f56c12 100644 +index 3f42cd6..613f41d 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1214,7 +1214,7 @@ config SLUB_DEBUG +@@ -799,6 +799,7 @@ endif # CGROUPS +=20 + config CHECKPOINT_RESTORE + bool "Checkpoint/restore support" if EXPERT ++ depends on !GRKERNSEC + default n + help + Enables additional kernel features in a sake of checkpoint/restore. +@@ -1249,7 +1250,7 @@ config SLUB_DEBUG =20 config COMPAT_BRK bool "Disable heap randomization" @@ -64898,24 +63517,24 @@ index 43298f9..2f56c12 100644 Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). diff --git a/init/do_mounts.c b/init/do_mounts.c -index db6e5ee..7677ff7 100644 +index 2974c8b..0b863ae 100644 --- a/init/do_mounts.c +++ b/init/do_mounts.c -@@ -325,11 +325,11 @@ static void __init get_fs_names(char *page) -=20 +@@ -326,11 +326,11 @@ static void __init get_fs_names(char *page) static int __init do_mount_root(char *name, char *fs, int flags, void *= data) { + struct super_block *s; - int err =3D sys_mount(name, "/root", fs, flags, data); + int err =3D sys_mount((char __force_user *)name, (char __force_user *)= "/root", (char __force_user *)fs, flags, (void __force_user *)data); if (err) return err; =20 - sys_chdir((const char __user __force *)"/root"); -+ sys_chdir((const char __force_user*)"/root"); - ROOT_DEV =3D current->fs->pwd.mnt->mnt_sb->s_dev; ++ sys_chdir((const char __force_user *)"/root"); + s =3D current->fs->pwd.dentry->d_sb; + ROOT_DEV =3D s->s_dev; printk(KERN_INFO - "VFS: Mounted root (%s filesystem)%s on device %u:%u.\n", -@@ -448,18 +448,18 @@ void __init change_floppy(char *fmt, ...) +@@ -450,18 +450,18 @@ void __init change_floppy(char *fmt, ...) va_start(args, fmt); vsprintf(buf, fmt, args); va_end(args); @@ -64937,7 +63556,7 @@ index db6e5ee..7677ff7 100644 termios.c_lflag |=3D ICANON; sys_ioctl(fd, TCSETSF, (long)&termios); sys_close(fd); -@@ -553,6 +553,6 @@ void __init prepare_namespace(void) +@@ -555,6 +555,6 @@ void __init prepare_namespace(void) mount_root(); out: devtmpfs_mount("dev"); @@ -65088,7 +63707,7 @@ index 32c4799..c27ee74 100644 sys_ioctl(fd, RAID_AUTORUN, raid_autopart); sys_close(fd); diff --git a/init/initramfs.c b/init/initramfs.c -index 2531811..040d4d4 100644 +index 8216c30..25e8e32 100644 --- a/init/initramfs.c +++ b/init/initramfs.c @@ -74,7 +74,7 @@ static void __init free_hash(void) @@ -65118,7 +63737,7 @@ index 2531811..040d4d4 100644 } return 0; } -@@ -280,11 +280,11 @@ static void __init clean_path(char *path, mode_t m= ode) +@@ -280,11 +280,11 @@ static void __init clean_path(char *path, umode_t = mode) { struct stat st; =20 @@ -65200,7 +63819,7 @@ index 2531811..040d4d4 100644 next_state =3D Reset; return 0; diff --git a/init/main.c b/init/main.c -index 217ed23..ec5406f 100644 +index ff49a6d..5fa0429 100644 --- a/init/main.c +++ b/init/main.c @@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { } @@ -65262,7 +63881,7 @@ index 217ed23..ec5406f 100644 static const char * argv_init[MAX_INIT_ARGS+2] =3D { "init", NULL, }; const char * envp_init[MAX_INIT_ENVS+2] =3D { "HOME=3D/", "TERM=3Dlinux= ", NULL, }; static const char *panic_later, *panic_param; -@@ -681,6 +726,7 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -675,6 +720,7 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count =3D preempt_count(); int ret; @@ -65270,7 +63889,7 @@ index 217ed23..ec5406f 100644 =20 if (initcall_debug) ret =3D do_one_initcall_debug(fn); -@@ -693,15 +739,15 @@ int __init_or_module do_one_initcall(initcall_t fn= ) +@@ -687,15 +733,15 @@ int __init_or_module do_one_initcall(initcall_t fn= ) sprintf(msgbuf, "error code %d ", ret); =20 if (preempt_count() !=3D count) { @@ -65290,7 +63909,7 @@ index 217ed23..ec5406f 100644 } =20 return ret; -@@ -820,7 +866,7 @@ static int __init kernel_init(void * unused) +@@ -814,7 +860,7 @@ static int __init kernel_init(void * unused) do_basic_setup(); =20 /* Open the /dev/console on the rootfs, this should never fail */ @@ -65299,7 +63918,7 @@ index 217ed23..ec5406f 100644 printk(KERN_WARNING "Warning: unable to open an initial console.\n"); =20 (void) sys_dup(0); -@@ -833,11 +879,13 @@ static int __init kernel_init(void * unused) +@@ -827,11 +873,13 @@ static int __init kernel_init(void * unused) if (!ramdisk_execute_command) ramdisk_execute_command =3D "/init"; =20 @@ -65315,7 +63934,7 @@ index 217ed23..ec5406f 100644 * Ok, we have completed the initial bootup, and * we're essentially up and running. Get rid of the diff --git a/ipc/mqueue.c b/ipc/mqueue.c -index 5b4293d..f179875 100644 +index 86ee272..773d937 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -156,6 +156,7 @@ static struct inode *mqueue_get_inode(struct super_b= lock *sb, @@ -65325,7 +63944,7 @@ index 5b4293d..f179875 100644 + gr_learn_resource(current, RLIMIT_MSGQUEUE, u->mq_bytes + mq_bytes, 1= ); spin_lock(&mq_lock); if (u->mq_bytes + mq_bytes < u->mq_bytes || - u->mq_bytes + mq_bytes > task_rlimit(p, RLIMIT_MSGQUEUE)) { + u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) { diff --git a/ipc/msg.c b/ipc/msg.c index 7385de2..a8180e08 100644 --- a/ipc/msg.c @@ -65482,10 +64101,10 @@ index b76be5b..859e750 100644 shm_unlock(shp); =20 diff --git a/kernel/acct.c b/kernel/acct.c -index fa7eb3d..7faf116 100644 +index 02e6167..54824f7 100644 --- a/kernel/acct.c +++ b/kernel/acct.c -@@ -570,7 +570,7 @@ static void do_acct_process(struct bsd_acct_struct *= acct, +@@ -550,7 +550,7 @@ static void do_acct_process(struct bsd_acct_struct *= acct, */ flim =3D current->signal->rlim[RLIMIT_FSIZE].rlim_cur; current->signal->rlim[RLIMIT_FSIZE].rlim_cur =3D RLIM_INFINITY; @@ -65495,7 +64114,7 @@ index fa7eb3d..7faf116 100644 current->signal->rlim[RLIMIT_FSIZE].rlim_cur =3D flim; set_fs(fs); diff --git a/kernel/audit.c b/kernel/audit.c -index 09fae26..ed71d5b 100644 +index bb0eb5b..cf2a03a 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -115,7 +115,7 @@ u32 audit_sig_sid =3D 0; @@ -65534,38 +64153,11 @@ index 09fae26..ed71d5b 100644 status_set.backlog =3D skb_queue_len(&audit_skb_queue); audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0, &status_set, sizeof(status_set)); -@@ -1260,12 +1260,13 @@ static void audit_log_vformat(struct audit_buffe= r *ab, const char *fmt, - avail =3D audit_expand(ab, - max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail)); - if (!avail) -- goto out; -+ goto out_va_end; - len =3D vsnprintf(skb_tail_pointer(skb), avail, fmt, args2); - } -- va_end(args2); - if (len > 0) - skb_put(skb, len); -+out_va_end: -+ va_end(args2); - out: - return; - } diff --git a/kernel/auditsc.c b/kernel/auditsc.c -index 47b7fc1..c003c33 100644 +index af1de0f..06dfe57 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c -@@ -1166,8 +1166,8 @@ static void audit_log_execve_info(struct audit_con= text *context, - struct audit_buffer **ab, - struct audit_aux_data_execve *axi) - { -- int i; -- size_t len, len_sent =3D 0; -+ int i, len; -+ size_t len_sent =3D 0; - const char __user *p; - char *buf; -=20 -@@ -2118,7 +2118,7 @@ int auditsc_get_stamp(struct audit_context *ctx, +@@ -2288,7 +2288,7 @@ int auditsc_get_stamp(struct audit_context *ctx, } =20 /* global counter which is incremented every time something logs in */ @@ -65573,18 +64165,18 @@ index 47b7fc1..c003c33 100644 +static atomic_unchecked_t session_id =3D ATOMIC_INIT(0); =20 /** - * audit_set_loginuid - set a task's audit_context loginuid -@@ -2131,7 +2131,7 @@ static atomic_t session_id =3D ATOMIC_INIT(0); - */ - int audit_set_loginuid(struct task_struct *task, uid_t loginuid) - { -- unsigned int sessionid =3D atomic_inc_return(&session_id); -+ unsigned int sessionid =3D atomic_inc_return_unchecked(&session_id); - struct audit_context *context =3D task->audit_context; + * audit_set_loginuid - set current task's audit_context loginuid +@@ -2312,7 +2312,7 @@ int audit_set_loginuid(uid_t loginuid) + return -EPERM; + #endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */ =20 +- sessionid =3D atomic_inc_return(&session_id); ++ sessionid =3D atomic_inc_return_unchecked(&session_id); if (context && context->in_syscall) { + struct audit_buffer *ab; +=20 diff --git a/kernel/capability.c b/kernel/capability.c -index b463871..fa3ea1f 100644 +index 3f1adb6..c564db0 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -202,6 +202,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, c= ap_user_data_t, dataptr) @@ -65597,16 +64189,43 @@ index b463871..fa3ea1f 100644 if (copy_to_user(dataptr, kdata, tocopy * sizeof(struct __user_cap_data_struct))) { return -EFAULT; -@@ -374,7 +377,7 @@ bool ns_capable(struct user_namespace *ns, int cap) +@@ -303,10 +306,11 @@ bool has_ns_capability(struct task_struct *t, + int ret; +=20 + rcu_read_lock(); +- ret =3D security_capable(__task_cred(t), ns, cap); ++ ret =3D security_capable(__task_cred(t), ns, cap) =3D=3D 0 && ++ gr_task_is_capable(t, __task_cred(t), cap); + rcu_read_unlock(); +=20 +- return (ret =3D=3D 0); ++ return ret; + } +=20 + /** +@@ -343,10 +347,10 @@ bool has_ns_capability_noaudit(struct task_struct = *t, + int ret; +=20 + rcu_read_lock(); +- ret =3D security_capable_noaudit(__task_cred(t), ns, cap); ++ ret =3D security_capable_noaudit(__task_cred(t), ns, cap) =3D=3D 0 && = gr_task_is_capable_nolog(t, cap); + rcu_read_unlock(); +=20 +- return (ret =3D=3D 0); ++ return ret; + } +=20 + /** +@@ -384,7 +388,7 @@ bool ns_capable(struct user_namespace *ns, int cap) BUG(); } =20 -- if (security_capable(ns, current_cred(), cap) =3D=3D 0) { -+ if (security_capable(ns, current_cred(), cap) =3D=3D 0 && gr_is_capabl= e(cap)) { +- if (security_capable(current_cred(), ns, cap) =3D=3D 0) { ++ if (security_capable(current_cred(), ns, cap) =3D=3D 0 && gr_is_capabl= e(cap)) { current->flags |=3D PF_SUPERPRIV; return true; } -@@ -382,6 +385,27 @@ bool ns_capable(struct user_namespace *ns, int cap) +@@ -392,6 +396,21 @@ bool ns_capable(struct user_namespace *ns, int cap) } EXPORT_SYMBOL(ns_capable); =20 @@ -65617,7 +64236,7 @@ index b463871..fa3ea1f 100644 + BUG(); + } + -+ if (security_capable(ns, current_cred(), cap) =3D=3D 0 && gr_is_capabl= e_nolog(cap)) { ++ if (security_capable(current_cred(), ns, cap) =3D=3D 0 && gr_is_capabl= e_nolog(cap)) { + current->flags |=3D PF_SUPERPRIV; + return true; + } @@ -65625,24 +64244,18 @@ index b463871..fa3ea1f 100644 +} +EXPORT_SYMBOL(ns_capable_nolog); + -+bool capable_nolog(int cap) -+{ -+ return ns_capable_nolog(&init_user_ns, cap); -+} -+EXPORT_SYMBOL(capable_nolog); -+ /** - * task_ns_capable - Determine whether current task has a superior - * capability targeted at a specific task's user namespace. -@@ -396,6 +420,12 @@ bool task_ns_capable(struct task_struct *t, int cap= ) + * capable - Determine if the current task has a superior capability in= effect + * @cap: The capability to be tested for +@@ -408,6 +427,12 @@ bool capable(int cap) } - EXPORT_SYMBOL(task_ns_capable); + EXPORT_SYMBOL(capable); =20 -+bool task_ns_capable_nolog(struct task_struct *t, int cap) ++bool capable_nolog(int cap) +{ -+ return ns_capable_nolog(task_cred_xxx(t, user)->user_ns, cap); ++ return ns_capable_nolog(&init_user_ns, cap); +} -+EXPORT_SYMBOL(task_ns_capable_nolog); ++EXPORT_SYMBOL(capable_nolog); + /** * nsown_capable - Check superior capability to one's own user_ns @@ -66036,7 +64649,7 @@ index 0d7c087..01b8cef 100644 } EXPORT_SYMBOL_GPL(kgdb_schedule_breakpoint); diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c -index 63786e7..0780cac 100644 +index e2ae734..08a4c5c 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c @@ -1980,7 +1980,7 @@ static int kdb_lsmod(int argc, const char **argv) @@ -66046,7 +64659,7 @@ index 63786e7..0780cac 100644 - mod->core_size, (void *)mod); + mod->core_size_rx + mod->core_size_rw, (void *)mod); #ifdef CONFIG_MODULE_UNLOAD - kdb_printf("%4d ", module_refcount(mod)); + kdb_printf("%4ld ", module_refcount(mod)); #endif @@ -1990,7 +1990,7 @@ static int kdb_lsmod(int argc, const char **argv) kdb_printf(" (Loading)"); @@ -66058,7 +64671,7 @@ index 63786e7..0780cac 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index 58690af..d903d75 100644 +index 1b5c081..c375f83 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -173,7 +173,7 @@ int perf_proc_update_handler(struct ctl_table *table= , int write, @@ -66070,7 +64683,7 @@ index 58690af..d903d75 100644 =20 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, enum event_type_t event_type); -@@ -2540,7 +2540,7 @@ static void __perf_event_read(void *info) +@@ -2581,7 +2581,7 @@ static void __perf_event_read(void *info) =20 static inline u64 perf_event_count(struct perf_event *event) { @@ -66079,7 +64692,7 @@ index 58690af..d903d75 100644 } =20 static u64 perf_event_read(struct perf_event *event) -@@ -3065,9 +3065,9 @@ u64 perf_event_read_value(struct perf_event *event= , u64 *enabled, u64 *running) +@@ -2897,9 +2897,9 @@ u64 perf_event_read_value(struct perf_event *event= , u64 *enabled, u64 *running) mutex_lock(&event->child_mutex); total +=3D perf_event_read(event); *enabled +=3D event->total_time_enabled + @@ -66091,7 +64704,7 @@ index 58690af..d903d75 100644 =20 list_for_each_entry(child, &event->child_list, child_list) { total +=3D perf_event_read(child); -@@ -3474,10 +3474,10 @@ void perf_event_update_userpage(struct perf_even= t *event) +@@ -3306,10 +3306,10 @@ void perf_event_update_userpage(struct perf_even= t *event) userpg->offset -=3D local64_read(&event->hw.prev_count); =20 userpg->time_enabled =3D enabled + @@ -66104,7 +64717,7 @@ index 58690af..d903d75 100644 =20 barrier(); ++userpg->lock; -@@ -3906,11 +3906,11 @@ static void perf_output_read_one(struct perf_out= put_handle *handle, +@@ -3738,11 +3738,11 @@ static void perf_output_read_one(struct perf_out= put_handle *handle, values[n++] =3D perf_event_count(event); if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] =3D enabled + @@ -66118,7 +64731,7 @@ index 58690af..d903d75 100644 } if (read_format & PERF_FORMAT_ID) values[n++] =3D primary_event_id(event); -@@ -4561,12 +4561,12 @@ static void perf_event_mmap_event(struct perf_mm= ap_event *mmap_event) +@@ -4393,12 +4393,12 @@ static void perf_event_mmap_event(struct perf_mm= ap_event *mmap_event) * need to add enough zero bytes after the string to handle * the 64bit alignment we do later. */ @@ -66133,7 +64746,7 @@ index 58690af..d903d75 100644 if (IS_ERR(name)) { name =3D strncpy(tmp, "//toolong", sizeof(tmp)); goto got_name; -@@ -5921,7 +5921,7 @@ perf_event_alloc(struct perf_event_attr *attr, int= cpu, +@@ -5765,7 +5765,7 @@ perf_event_alloc(struct perf_event_attr *attr, int= cpu, event->parent =3D parent_event; =20 event->ns =3D get_pid_ns(current->nsproxy->pid_ns); @@ -66142,7 +64755,7 @@ index 58690af..d903d75 100644 =20 event->state =3D PERF_EVENT_STATE_INACTIVE; =20 -@@ -6443,10 +6443,10 @@ static void sync_child_event(struct perf_event *= child_event, +@@ -6287,10 +6287,10 @@ static void sync_child_event(struct perf_event *= child_event, /* * Add back the child's count to the parent's count: */ @@ -66157,10 +64770,10 @@ index 58690af..d903d75 100644 =20 /* diff --git a/kernel/exit.c b/kernel/exit.c -index e6e01b9..0a21b0a 100644 +index 4b4042f..5bdd8d5 100644 --- a/kernel/exit.c +++ b/kernel/exit.c -@@ -57,6 +57,10 @@ +@@ -58,6 +58,10 @@ #include #include =20 @@ -66171,7 +64784,7 @@ index e6e01b9..0a21b0a 100644 static void exit_mm(struct task_struct * tsk); =20 static void __unhash_process(struct task_struct *p, bool group_dead) -@@ -168,6 +172,10 @@ void release_task(struct task_struct * p) +@@ -169,6 +173,10 @@ void release_task(struct task_struct * p) struct task_struct *leader; int zap_leader; repeat: @@ -66182,7 +64795,7 @@ index e6e01b9..0a21b0a 100644 /* don't need to get the RCU readlock here - the process is dead and * can't be modifying its own credentials. But shut RCU-lockdep up */ rcu_read_lock(); -@@ -380,7 +388,7 @@ int allow_signal(int sig) +@@ -381,7 +389,7 @@ int allow_signal(int sig) * know it'll be handled, so that they don't get converted to * SIGKILL or just silently dropped. */ @@ -66191,7 +64804,7 @@ index e6e01b9..0a21b0a 100644 recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); return 0; -@@ -416,6 +424,17 @@ void daemonize(const char *name, ...) +@@ -417,6 +425,17 @@ void daemonize(const char *name, ...) vsnprintf(current->comm, sizeof(current->comm), name, args); va_end(args); =20 @@ -66209,7 +64822,7 @@ index e6e01b9..0a21b0a 100644 /* * If we were started as result of loading a module, close all of the * user space pages. We don't need them, and if we didn't close them -@@ -893,6 +912,8 @@ NORET_TYPE void do_exit(long code) +@@ -892,6 +911,8 @@ void do_exit(long code) struct task_struct *tsk =3D current; int group_dead; =20 @@ -66218,7 +64831,7 @@ index e6e01b9..0a21b0a 100644 profile_task_exit(tsk); =20 WARN_ON(blk_needs_flush_plug(tsk)); -@@ -909,7 +930,6 @@ NORET_TYPE void do_exit(long code) +@@ -908,7 +929,6 @@ void do_exit(long code) * mm_release()->clear_child_tid() from writing to a user-controlled * kernel address. */ @@ -66226,7 +64839,7 @@ index e6e01b9..0a21b0a 100644 =20 ptrace_event(PTRACE_EVENT_EXIT, code); =20 -@@ -971,6 +991,9 @@ NORET_TYPE void do_exit(long code) +@@ -969,6 +989,9 @@ void do_exit(long code) tsk->exit_code =3D code; taskstats_exit(tsk, group_dead); =20 @@ -66236,20 +64849,20 @@ index e6e01b9..0a21b0a 100644 exit_mm(tsk); =20 if (group_dead) -@@ -1068,7 +1091,7 @@ SYSCALL_DEFINE1(exit, int, error_code) +@@ -1085,7 +1108,7 @@ SYSCALL_DEFINE1(exit, int, error_code) * Take down every thread in the group. This is called by fatal signal= s * as well as by sys_exit_group (below). */ --NORET_TYPE void +-void +__noreturn void do_group_exit(int exit_code) { struct signal_struct *sig =3D current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index 0acf42c0..9e40e2e 100644 +index 26a7a67..a1053f9 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -281,7 +281,7 @@ static struct task_struct *dup_task_struct(struct ta= sk_struct *orig) +@@ -284,7 +284,7 @@ static struct task_struct *dup_task_struct(struct ta= sk_struct *orig) *stackend =3D STACK_END_MAGIC; /* for overflow detection */ =20 #ifdef CONFIG_CC_STACKPROTECTOR @@ -66258,7 +64871,7 @@ index 0acf42c0..9e40e2e 100644 #endif =20 /* -@@ -305,13 +305,77 @@ out: +@@ -308,13 +308,77 @@ out: } =20 #ifdef CONFIG_MMU @@ -66338,7 +64951,7 @@ index 0acf42c0..9e40e2e 100644 =20 down_write(&oldmm->mmap_sem); flush_cache_dup_mm(oldmm); -@@ -323,8 +387,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_= struct *oldmm) +@@ -326,8 +390,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_= struct *oldmm) mm->locked_vm =3D 0; mm->mmap =3D NULL; mm->mmap_cache =3D NULL; @@ -66349,7 +64962,7 @@ index 0acf42c0..9e40e2e 100644 mm->map_count =3D 0; cpumask_clear(mm_cpumask(mm)); mm->mm_rb =3D RB_ROOT; -@@ -340,8 +404,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_= struct *oldmm) +@@ -343,8 +407,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_= struct *oldmm) =20 prev =3D NULL; for (mpnt =3D oldmm->mmap; mpnt; mpnt =3D mpnt->vm_next) { @@ -66358,7 +64971,7 @@ index 0acf42c0..9e40e2e 100644 if (mpnt->vm_flags & VM_DONTCOPY) { long pages =3D vma_pages(mpnt); mm->total_vm -=3D pages; -@@ -349,53 +411,11 @@ static int dup_mmap(struct mm_struct *mm, struct m= m_struct *oldmm) +@@ -352,53 +414,11 @@ static int dup_mmap(struct mm_struct *mm, struct m= m_struct *oldmm) -pages); continue; } @@ -66416,7 +65029,7 @@ index 0acf42c0..9e40e2e 100644 =20 /* * Link in the new vma and copy the page table entries. -@@ -418,6 +438,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm= _struct *oldmm) +@@ -421,6 +441,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm= _struct *oldmm) if (retval) goto out; } @@ -66448,7 +65061,7 @@ index 0acf42c0..9e40e2e 100644 /* a new mm has just been created */ arch_dup_mmap(oldmm, mm); retval =3D 0; -@@ -426,14 +471,6 @@ out: +@@ -429,14 +474,6 @@ out: flush_tlb_mm(oldmm); up_write(&oldmm->mmap_sem); return retval; @@ -66463,34 +65076,18 @@ index 0acf42c0..9e40e2e 100644 } =20 static inline int mm_alloc_pgd(struct mm_struct *mm) -@@ -645,6 +682,26 @@ struct mm_struct *get_task_mm(struct task_struct *t= ask) - } - EXPORT_SYMBOL_GPL(get_task_mm); +@@ -658,8 +695,8 @@ struct mm_struct *mm_access(struct task_struct *task= , unsigned int mode) + return ERR_PTR(err); =20 -+struct mm_struct *mm_access(struct task_struct *task, unsigned int mode= ) -+{ -+ struct mm_struct *mm; -+ int err; -+ -+ err =3D mutex_lock_killable(&task->signal->cred_guard_mutex); -+ if (err) -+ return ERR_PTR(err); -+ -+ mm =3D get_task_mm(task); + mm =3D get_task_mm(task); +- if (mm && mm !=3D current->mm && +- !ptrace_may_access(task, mode)) { + if (mm && ((mm !=3D current->mm && !ptrace_may_access(task, mode)) || -+ (mode =3D=3D PTRACE_MODE_ATTACH && (gr_handle_proc_ptrace(task) || g= r_acl_handle_procpidmem(task))))) { -+ mmput(mm); -+ mm =3D ERR_PTR(-EACCES); -+ } -+ mutex_unlock(&task->signal->cred_guard_mutex); -+ -+ return mm; -+} -+ - /* Please note the differences between mmput and mm_release. - * mmput is called whenever we stop holding onto a mm_struct, - * error success whatever. -@@ -830,13 +887,14 @@ static int copy_fs(unsigned long clone_flags, stru= ct task_struct *tsk) ++ (mode =3D=3D PTRACE_MODE_ATTACH && (gr_handle_proc_ptrace(task) || = gr_acl_handle_procpidmem(task))))) { + mmput(mm); + mm =3D ERR_PTR(-EACCES); + } +@@ -881,13 +918,14 @@ static int copy_fs(unsigned long clone_flags, stru= ct task_struct *tsk) spin_unlock(&fs->lock); return -EAGAIN; } @@ -66506,7 +65103,7 @@ index 0acf42c0..9e40e2e 100644 return 0; } =20 -@@ -1100,6 +1158,9 @@ static struct task_struct *copy_process(unsigned l= ong clone_flags, +@@ -1151,6 +1189,9 @@ static struct task_struct *copy_process(unsigned l= ong clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval =3D -EAGAIN; @@ -66516,7 +65113,7 @@ index 0acf42c0..9e40e2e 100644 if (atomic_read(&p->real_cred->user->processes) >=3D task_rlimit(p, RLIMIT_NPROC)) { if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && -@@ -1259,6 +1320,8 @@ static struct task_struct *copy_process(unsigned l= ong clone_flags, +@@ -1306,6 +1347,8 @@ static struct task_struct *copy_process(unsigned l= ong clone_flags, if (clone_flags & CLONE_THREAD) p->tgid =3D current->tgid; =20 @@ -66525,7 +65122,7 @@ index 0acf42c0..9e40e2e 100644 p->set_child_tid =3D (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr= : NULL; /* * Clear TID on mm_release()? -@@ -1421,6 +1484,8 @@ bad_fork_cleanup_count: +@@ -1472,6 +1515,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -66534,7 +65131,7 @@ index 0acf42c0..9e40e2e 100644 return ERR_PTR(retval); } =20 -@@ -1521,6 +1586,8 @@ long do_fork(unsigned long clone_flags, +@@ -1572,6 +1617,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); =20 @@ -66543,7 +65140,7 @@ index 0acf42c0..9e40e2e 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done =3D &vfork; init_completion(&vfork); -@@ -1630,7 +1697,7 @@ static int unshare_fs(unsigned long unshare_flags,= struct fs_struct **new_fsp) +@@ -1670,7 +1717,7 @@ static int unshare_fs(unsigned long unshare_flags,= struct fs_struct **new_fsp) return 0; =20 /* don't need lock here; in the worst case we'll do useless copy */ @@ -66552,7 +65149,7 @@ index 0acf42c0..9e40e2e 100644 return 0; =20 *new_fsp =3D copy_fs_struct(fs); -@@ -1719,7 +1786,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_fl= ags) +@@ -1759,7 +1806,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_fl= ags) fs =3D current->fs; spin_lock(&fs->lock); current->fs =3D new_fs; @@ -66689,7 +65286,7 @@ index ae34bf5..4e2f3d0 100644 hrtimer_peek_ahead_timers(); } diff --git a/kernel/jump_label.c b/kernel/jump_label.c -index 66ff710..05a5128 100644 +index 01d3b70..9e4d098 100644 --- a/kernel/jump_label.c +++ b/kernel/jump_label.c @@ -55,7 +55,9 @@ jump_label_sort_entries(struct jump_entry *start, stru= ct jump_entry *stop) @@ -66702,7 +65299,7 @@ index 66ff710..05a5128 100644 } =20 static void jump_label_update(struct jump_label_key *key, int enable); -@@ -303,10 +305,12 @@ static void jump_label_invalidate_module_init(stru= ct module *mod) +@@ -340,10 +342,12 @@ static void jump_label_invalidate_module_init(stru= ct module *mod) struct jump_entry *iter_stop =3D iter_start + mod->num_jump_entries; struct jump_entry *iter; =20 @@ -66822,10 +65419,10 @@ index 079f1d3..a407562 100644 return -ENOMEM; reset_iter(iter, 0); diff --git a/kernel/kexec.c b/kernel/kexec.c -index dc7bc08..4601964 100644 +index 7b08867..3bac516 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c -@@ -1048,7 +1048,8 @@ asmlinkage long compat_sys_kexec_load(unsigned lon= g entry, +@@ -1047,7 +1047,8 @@ asmlinkage long compat_sys_kexec_load(unsigned lon= g entry, unsigned long flags) { struct compat_kexec_segment in; @@ -66836,10 +65433,10 @@ index dc7bc08..4601964 100644 =20 /* Don't allow clients that don't understand the native diff --git a/kernel/kmod.c b/kernel/kmod.c -index a4bea97..7a1ae9a 100644 +index a0a8854..642b106 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c -@@ -73,13 +73,12 @@ char modprobe_path[KMOD_PATH_LEN] =3D "/sbin/modprob= e"; +@@ -75,13 +75,12 @@ char modprobe_path[KMOD_PATH_LEN] =3D "/sbin/modprob= e"; * If module auto-loading support is disabled then this function * becomes a no-operation. */ @@ -66855,7 +65452,7 @@ index a4bea97..7a1ae9a 100644 static char *envp[] =3D { "HOME=3D/", "TERM=3Dlinux", "PATH=3D/sbin:/usr/sbin:/bin:/usr/bin", -@@ -88,9 +87,7 @@ int __request_module(bool wait, const char *fmt, ...) +@@ -90,9 +89,7 @@ int __request_module(bool wait, const char *fmt, ...) #define MAX_KMOD_CONCURRENT 50 /* Completely arbitrary value - KAO */ static int kmod_loop_msg; =20 @@ -66866,7 +65463,7 @@ index a4bea97..7a1ae9a 100644 if (ret >=3D MODULE_NAME_LEN) return -ENAMETOOLONG; =20 -@@ -98,6 +95,20 @@ int __request_module(bool wait, const char *fmt, ...) +@@ -100,6 +97,20 @@ int __request_module(bool wait, const char *fmt, ...= ) if (ret) return ret; =20 @@ -66887,7 +65484,7 @@ index a4bea97..7a1ae9a 100644 /* If modprobe needs a service that is in a module, we get a recursive * loop. Limit the number of running kmod threads to max_threads/2 or * MAX_KMOD_CONCURRENT, whichever is the smaller. A cleaner method -@@ -133,6 +144,47 @@ int __request_module(bool wait, const char *fmt, ..= .) +@@ -135,6 +146,47 @@ int __request_module(bool wait, const char *fmt, ..= .) atomic_dec(&kmod_concurrent); return ret; } @@ -66935,7 +65532,7 @@ index a4bea97..7a1ae9a 100644 EXPORT_SYMBOL(__request_module); #endif /* CONFIG_MODULES */ =20 -@@ -222,7 +274,7 @@ static int wait_for_helper(void *data) +@@ -224,7 +276,7 @@ static int wait_for_helper(void *data) * * Thus the __user pointer cast is valid here. */ @@ -66945,7 +65542,7 @@ index a4bea97..7a1ae9a 100644 /* * If ret is 0, either ____call_usermodehelper failed and the diff --git a/kernel/kprobes.c b/kernel/kprobes.c -index bc90b87..43c7d8c 100644 +index c62b854..cb67968 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -185,7 +185,7 @@ static kprobe_opcode_t __kprobes *__get_insn_slot(st= ruct kprobe_insn_cache *c) @@ -66985,10 +65582,10 @@ index bc90b87..43c7d8c 100644 head =3D &kprobe_table[i]; preempt_disable(); diff --git a/kernel/lockdep.c b/kernel/lockdep.c -index b2e08c9..01d8049 100644 +index 8889f7d..95319b7 100644 --- a/kernel/lockdep.c +++ b/kernel/lockdep.c -@@ -592,6 +592,10 @@ static int static_obj(void *obj) +@@ -590,6 +590,10 @@ static int static_obj(void *obj) end =3D (unsigned long) &_end, addr =3D (unsigned long) obj; =20 @@ -66999,7 +65596,7 @@ index b2e08c9..01d8049 100644 /* * static variable? */ -@@ -731,6 +735,7 @@ register_lock_class(struct lockdep_map *lock, unsign= ed int subclass, int force) +@@ -730,6 +734,7 @@ register_lock_class(struct lockdep_map *lock, unsign= ed int subclass, int force) if (!static_obj(lock->key)) { debug_locks_off(); printk("INFO: trying to register non-static key.\n"); @@ -67030,7 +65627,7 @@ index 91c32a0..b2c71c5 100644 =20 if (!name) { diff --git a/kernel/module.c b/kernel/module.c -index 178333c..04e3408 100644 +index 2c93276..476fe81 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -58,6 +58,7 @@ @@ -67041,7 +65638,7 @@ index 178333c..04e3408 100644 =20 #define CREATE_TRACE_POINTS #include -@@ -119,7 +120,8 @@ static BLOCKING_NOTIFIER_HEAD(module_notify_list); +@@ -113,7 +114,8 @@ static BLOCKING_NOTIFIER_HEAD(module_notify_list); =20 /* Bounds of module allocation, for speeding __module_address. * Protected by module_mutex. */ @@ -67051,7 +65648,7 @@ index 178333c..04e3408 100644 =20 int register_module_notifier(struct notifier_block * nb) { -@@ -284,7 +286,7 @@ bool each_symbol_section(bool (*fn)(const struct sym= search *arr, +@@ -277,7 +279,7 @@ bool each_symbol_section(bool (*fn)(const struct sym= search *arr, return true; =20 list_for_each_entry_rcu(mod, &modules, list) { @@ -67060,7 +65657,7 @@ index 178333c..04e3408 100644 { mod->syms, mod->syms + mod->num_syms, mod->crcs, NOT_GPL_ONLY, false }, { mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms, -@@ -306,7 +308,7 @@ bool each_symbol_section(bool (*fn)(const struct sym= search *arr, +@@ -299,7 +301,7 @@ bool each_symbol_section(bool (*fn)(const struct sym= search *arr, #endif }; =20 @@ -67069,7 +65666,7 @@ index 178333c..04e3408 100644 return true; } return false; -@@ -438,7 +440,7 @@ static inline void __percpu *mod_percpu(struct modul= e *mod) +@@ -431,7 +433,7 @@ static inline void __percpu *mod_percpu(struct modul= e *mod) static int percpu_modalloc(struct module *mod, unsigned long size, unsigned long align) { @@ -67078,7 +65675,25 @@ index 178333c..04e3408 100644 printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n", mod->name, align, PAGE_SIZE); align =3D PAGE_SIZE; -@@ -1183,7 +1185,7 @@ resolve_symbol_wait(struct module *mod, +@@ -1001,7 +1003,7 @@ struct module_attribute module_uevent =3D + static ssize_t show_coresize(struct module_attribute *mattr, + struct module_kobject *mk, char *buffer) + { +- return sprintf(buffer, "%u\n", mk->mod->core_size); ++ return sprintf(buffer, "%u\n", mk->mod->core_size_rx + mk->mod->core_s= ize_rw); + } +=20 + static struct module_attribute modinfo_coresize =3D +@@ -1010,7 +1012,7 @@ static struct module_attribute modinfo_coresize =3D + static ssize_t show_initsize(struct module_attribute *mattr, + struct module_kobject *mk, char *buffer) + { +- return sprintf(buffer, "%u\n", mk->mod->init_size); ++ return sprintf(buffer, "%u\n", mk->mod->init_size_rx + mk->mod->init_= size_rw); + } +=20 + static struct module_attribute modinfo_initsize =3D +@@ -1224,7 +1226,7 @@ resolve_symbol_wait(struct module *mod, */ #ifdef CONFIG_SYSFS =20 @@ -67087,7 +65702,7 @@ index 178333c..04e3408 100644 static inline bool sect_empty(const Elf_Shdr *sect) { return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size =3D=3D 0; -@@ -1649,21 +1651,21 @@ static void set_section_ro_nx(void *base, +@@ -1690,21 +1692,21 @@ static void set_section_ro_nx(void *base, =20 static void unset_module_core_ro_nx(struct module *mod) { @@ -67117,7 +65732,7 @@ index 178333c..04e3408 100644 set_memory_rw); } =20 -@@ -1674,14 +1676,14 @@ void set_all_modules_text_rw(void) +@@ -1715,14 +1717,14 @@ void set_all_modules_text_rw(void) =20 mutex_lock(&module_mutex); list_for_each_entry_rcu(mod, &modules, list) { @@ -67138,7 +65753,7 @@ index 178333c..04e3408 100644 set_memory_rw); } } -@@ -1695,14 +1697,14 @@ void set_all_modules_text_ro(void) +@@ -1736,14 +1738,14 @@ void set_all_modules_text_ro(void) =20 mutex_lock(&module_mutex); list_for_each_entry_rcu(mod, &modules, list) { @@ -67159,7 +65774,7 @@ index 178333c..04e3408 100644 set_memory_ro); } } -@@ -1748,16 +1750,19 @@ static void free_module(struct module *mod) +@@ -1789,16 +1791,19 @@ static void free_module(struct module *mod) =20 /* This may be NULL, but that's OK */ unset_module_init_ro_nx(mod); @@ -67182,7 +65797,7 @@ index 178333c..04e3408 100644 =20 #ifdef CONFIG_MPU update_protections(current->mm); -@@ -1826,10 +1831,31 @@ static int simplify_symbols(struct module *mod, = const struct load_info *info) +@@ -1867,10 +1872,31 @@ static int simplify_symbols(struct module *mod, = const struct load_info *info) unsigned int i; int ret =3D 0; const struct kernel_symbol *ksym; @@ -67214,7 +65829,7 @@ index 178333c..04e3408 100644 switch (sym[i].st_shndx) { case SHN_COMMON: /* We compiled with -fno-common. These are not -@@ -1850,7 +1876,9 @@ static int simplify_symbols(struct module *mod, co= nst struct load_info *info) +@@ -1891,7 +1917,9 @@ static int simplify_symbols(struct module *mod, co= nst struct load_info *info) ksym =3D resolve_symbol_wait(mod, info, name); /* Ok if resolved. */ if (ksym && !IS_ERR(ksym)) { @@ -67224,7 +65839,7 @@ index 178333c..04e3408 100644 break; } =20 -@@ -1869,11 +1897,20 @@ static int simplify_symbols(struct module *mod, = const struct load_info *info) +@@ -1910,11 +1938,20 @@ static int simplify_symbols(struct module *mod, = const struct load_info *info) secbase =3D (unsigned long)mod_percpu(mod); else secbase =3D info->sechdrs[sym[i].st_shndx].sh_addr; @@ -67245,7 +65860,7 @@ index 178333c..04e3408 100644 return ret; } =20 -@@ -1977,22 +2014,12 @@ static void layout_sections(struct module *mod, = struct load_info *info) +@@ -2018,22 +2055,12 @@ static void layout_sections(struct module *mod, = struct load_info *info) || s->sh_entsize !=3D ~0UL || strstarts(sname, ".init")) continue; @@ -67254,7 +65869,7 @@ index 178333c..04e3408 100644 + s->sh_entsize =3D get_offset(mod, &mod->core_size_rw, s, i); + else + s->sh_entsize =3D get_offset(mod, &mod->core_size_rx, s, i); - DEBUGP("\t%s\n", name); + pr_debug("\t%s\n", sname); } - switch (m) { - case 0: /* executable */ @@ -67271,8 +65886,8 @@ index 178333c..04e3408 100644 - } } =20 - DEBUGP("Init section allocation order:\n"); -@@ -2006,23 +2033,13 @@ static void layout_sections(struct module *mod, = struct load_info *info) + pr_debug("Init section allocation order:\n"); +@@ -2047,23 +2074,13 @@ static void layout_sections(struct module *mod, = struct load_info *info) || s->sh_entsize !=3D ~0UL || !strstarts(sname, ".init")) continue; @@ -67283,7 +65898,7 @@ index 178333c..04e3408 100644 + else + s->sh_entsize =3D get_offset(mod, &mod->init_size_rx, s, i); + s->sh_entsize |=3D INIT_OFFSET_MASK; - DEBUGP("\t%s\n", sname); + pr_debug("\t%s\n", sname); } - switch (m) { - case 0: /* executable */ @@ -67301,41 +65916,34 @@ index 178333c..04e3408 100644 } } =20 -@@ -2187,7 +2204,7 @@ static void layout_symtab(struct module *mod, stru= ct load_info *info) +@@ -2235,7 +2252,7 @@ static void layout_symtab(struct module *mod, stru= ct load_info *info) =20 /* Put symbol section at end of init part of module. */ symsect->sh_flags |=3D SHF_ALLOC; - symsect->sh_entsize =3D get_offset(mod, &mod->init_size, symsect, + symsect->sh_entsize =3D get_offset(mod, &mod->init_size_rx, symsect, info->index.sym) | INIT_OFFSET_MASK; - DEBUGP("\t%s\n", info->secstrings + symsect->sh_name); + pr_debug("\t%s\n", info->secstrings + symsect->sh_name); =20 -@@ -2204,19 +2221,19 @@ static void layout_symtab(struct module *mod, st= ruct load_info *info) +@@ -2250,13 +2267,13 @@ static void layout_symtab(struct module *mod, st= ruct load_info *info) } =20 /* Append room for core symbols at end of core part. */ - info->symoffs =3D ALIGN(mod->core_size, symsect->sh_addralign ?: 1); -- mod->core_size =3D info->symoffs + ndst * sizeof(Elf_Sym); +- info->stroffs =3D mod->core_size =3D info->symoffs + ndst * sizeof(Elf= _Sym); +- mod->core_size +=3D strtab_size; + info->symoffs =3D ALIGN(mod->core_size_rx, symsect->sh_addralign ?: 1)= ; -+ mod->core_size_rx =3D info->symoffs + ndst * sizeof(Elf_Sym); ++ info->stroffs =3D mod->core_size_rx =3D info->symoffs + ndst * sizeof(= Elf_Sym); ++ mod->core_size_rx +=3D strtab_size; =20 /* Put string table section at end of init part of module. */ strsect->sh_flags |=3D SHF_ALLOC; - strsect->sh_entsize =3D get_offset(mod, &mod->init_size, strsect, + strsect->sh_entsize =3D get_offset(mod, &mod->init_size_rx, strsect, info->index.str) | INIT_OFFSET_MASK; - DEBUGP("\t%s\n", info->secstrings + strsect->sh_name); -=20 - /* Append room for core symbols' strings at end of core part. */ -- info->stroffs =3D mod->core_size; -+ info->stroffs =3D mod->core_size_rx; - __set_bit(0, info->strmap); -- mod->core_size +=3D bitmap_weight(info->strmap, strsect->sh_size); -+ mod->core_size_rx +=3D bitmap_weight(info->strmap, strsect->sh_size); + pr_debug("\t%s\n", info->secstrings + strsect->sh_name); } -=20 - static void add_kallsyms(struct module *mod, const struct load_info *in= fo) -@@ -2232,11 +2249,13 @@ static void add_kallsyms(struct module *mod, con= st struct load_info *info) +@@ -2274,12 +2291,14 @@ static void add_kallsyms(struct module *mod, con= st struct load_info *info) /* Make sure we get permanent strtab: don't use info->strtab. */ mod->strtab =3D (void *)info->sechdrs[info->index.str].sh_addr; =20 @@ -67346,25 +65954,22 @@ index 178333c..04e3408 100644 mod->symtab[i].st_info =3D elf_type(&mod->symtab[i], info); =20 - mod->core_symtab =3D dst =3D mod->module_core + info->symoffs; +- mod->core_strtab =3D s =3D mod->module_core + info->stroffs; + mod->core_symtab =3D dst =3D mod->module_core_rx + info->symoffs; ++ mod->core_strtab =3D s =3D mod->module_core_rx + info->stroffs; src =3D mod->symtab; *dst =3D *src; - for (ndst =3D i =3D 1; i < mod->num_symtab; ++i, ++src) { -@@ -2249,10 +2268,12 @@ static void add_kallsyms(struct module *mod, con= st struct load_info *info) + *s++ =3D 0; +@@ -2292,6 +2311,8 @@ static void add_kallsyms(struct module *mod, const= struct load_info *info) + s +=3D strlcpy(s, &mod->strtab[src->st_name], KSYM_NAME_LEN) + 1; } mod->core_num_syms =3D ndst; -=20 -- mod->core_strtab =3D s =3D mod->module_core + info->stroffs; -+ mod->core_strtab =3D s =3D mod->module_core_rx + info->stroffs; - for (*s =3D 0, i =3D 1; i < info->sechdrs[info->index.str].sh_size; ++= i) - if (test_bit(i, info->strmap)) - *++s =3D mod->strtab[i]; + + pax_close_kernel(); } #else static inline void layout_symtab(struct module *mod, struct load_info *= info) -@@ -2286,17 +2307,33 @@ void * __weak module_alloc(unsigned long size) +@@ -2325,17 +2346,33 @@ void * __weak module_alloc(unsigned long size) return size =3D=3D 0 ? NULL : vmalloc_exec(size); } =20 @@ -67403,7 +66008,7 @@ index 178333c..04e3408 100644 mutex_unlock(&module_mutex); } return ret; -@@ -2474,8 +2511,14 @@ static struct module *setup_load_info(struct load= _info *info) +@@ -2513,8 +2550,14 @@ static struct module *setup_load_info(struct load= _info *info) static int check_modinfo(struct module *mod, struct load_info *info) { const char *modmagic =3D get_modinfo(info, "vermagic"); @@ -67418,7 +66023,7 @@ index 178333c..04e3408 100644 /* This is allowed: modprobe --force will invalidate it. */ if (!modmagic) { err =3D try_to_force_load(mod, "bad vermagic"); -@@ -2498,7 +2541,7 @@ static int check_modinfo(struct module *mod, struc= t load_info *info) +@@ -2537,7 +2580,7 @@ static int check_modinfo(struct module *mod, struc= t load_info *info) } =20 /* Set up license info based on the info section */ @@ -67427,7 +66032,7 @@ index 178333c..04e3408 100644 =20 return 0; } -@@ -2592,7 +2635,7 @@ static int move_module(struct module *mod, struct = load_info *info) +@@ -2631,7 +2674,7 @@ static int move_module(struct module *mod, struct = load_info *info) void *ptr; =20 /* Do the allocs. */ @@ -67436,7 +66041,7 @@ index 178333c..04e3408 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2602,23 +2645,50 @@ static int move_module(struct module *mod, struc= t load_info *info) +@@ -2641,23 +2684,50 @@ static int move_module(struct module *mod, struc= t load_info *info) if (!ptr) return -ENOMEM; =20 @@ -67494,8 +66099,8 @@ index 178333c..04e3408 100644 + mod->module_init_rx =3D ptr; =20 /* Transfer each section which specifies SHF_ALLOC */ - DEBUGP("final section addresses:\n"); -@@ -2629,16 +2699,45 @@ static int move_module(struct module *mod, struc= t load_info *info) + pr_debug("final section addresses:\n"); +@@ -2668,16 +2738,45 @@ static int move_module(struct module *mod, struc= t load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; =20 @@ -67545,10 +66150,10 @@ index 178333c..04e3408 100644 +#endif + + shdr->sh_addr =3D (unsigned long)dest; - DEBUGP("\t0x%lx %s\n", - shdr->sh_addr, info->secstrings + shdr->sh_name); + pr_debug("\t0x%lx %s\n", + (long)shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -2689,12 +2788,12 @@ static void flush_module_icache(const struct mod= ule *mod) +@@ -2728,12 +2827,12 @@ static void flush_module_icache(const struct mod= ule *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -67567,9 +66172,9 @@ index 178333c..04e3408 100644 =20 set_fs(old_fs); } -@@ -2774,8 +2873,10 @@ static void module_deallocate(struct module *mod,= struct load_info *info) +@@ -2803,8 +2902,10 @@ out: + static void module_deallocate(struct module *mod, struct load_info *inf= o) { - kfree(info->strmap); percpu_modfree(mod); - module_free(mod, mod->module_init); - module_free(mod, mod->module_core); @@ -67580,7 +66185,7 @@ index 178333c..04e3408 100644 } =20 int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -2839,9 +2940,38 @@ static struct module *load_module(void __user *um= od, +@@ -2868,9 +2969,38 @@ static struct module *load_module(void __user *um= od, if (err) goto free_unload; =20 @@ -67619,7 +66224,7 @@ index 178333c..04e3408 100644 /* Fix up syms, so that st_value is a pointer to location. */ err =3D simplify_symbols(mod, &info); if (err < 0) -@@ -2857,13 +2987,6 @@ static struct module *load_module(void __user *um= od, +@@ -2886,13 +3016,6 @@ static struct module *load_module(void __user *um= od, =20 flush_module_icache(mod); =20 @@ -67633,7 +66238,7 @@ index 178333c..04e3408 100644 /* Mark state as coming so strong_try_module_get() ignores us. */ mod->state =3D MODULE_STATE_COMING; =20 -@@ -2921,11 +3044,10 @@ static struct module *load_module(void __user *u= mod, +@@ -2949,11 +3072,10 @@ static struct module *load_module(void __user *u= mod, unlock: mutex_unlock(&module_mutex); synchronize_sched(); @@ -67646,7 +66251,7 @@ index 178333c..04e3408 100644 free_unload: module_unload_free(mod); free_module: -@@ -2966,16 +3088,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod= , +@@ -2994,16 +3116,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod= , MODULE_STATE_COMING, mod); =20 /* Set RO and NX regions for core */ @@ -67671,7 +66276,7 @@ index 178333c..04e3408 100644 =20 do_mod_ctors(mod); /* Start the module */ -@@ -3021,11 +3143,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod= , +@@ -3049,11 +3171,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod= , mod->strtab =3D mod->core_strtab; #endif unset_module_init_ro_nx(mod); @@ -67689,7 +66294,7 @@ index 178333c..04e3408 100644 mutex_unlock(&module_mutex); =20 return 0; -@@ -3056,10 +3179,16 @@ static const char *get_ksymbol(struct module *mo= d, +@@ -3084,10 +3207,16 @@ static const char *get_ksymbol(struct module *mo= d, unsigned long nextval; =20 /* At worse, next value is at end of module */ @@ -67709,7 +66314,7 @@ index 178333c..04e3408 100644 =20 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3307,7 +3436,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3322,7 +3451,7 @@ static int m_show(struct seq_file *m, void *p) char buf[8]; =20 seq_printf(m, "%s %u", @@ -67718,7 +66323,7 @@ index 178333c..04e3408 100644 print_unload_info(m, mod); =20 /* Informative for users. */ -@@ -3316,7 +3445,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3331,7 +3460,7 @@ static int m_show(struct seq_file *m, void *p) mod->state =3D=3D MODULE_STATE_COMING ? "Loading": "Live"); /* Used by oprofile and other similar tools. */ @@ -67727,7 +66332,7 @@ index 178333c..04e3408 100644 =20 /* Taints info */ if (mod->taints) -@@ -3352,7 +3481,17 @@ static const struct file_operations proc_modules_= operations =3D { +@@ -3367,7 +3496,17 @@ static const struct file_operations proc_modules_= operations =3D { =20 static int __init proc_modules_init(void) { @@ -67745,7 +66350,7 @@ index 178333c..04e3408 100644 return 0; } module_init(proc_modules_init); -@@ -3411,12 +3550,12 @@ struct module *__module_address(unsigned long ad= dr) +@@ -3426,12 +3565,12 @@ struct module *__module_address(unsigned long ad= dr) { struct module *mod; =20 @@ -67761,7 +66366,7 @@ index 178333c..04e3408 100644 return mod; return NULL; } -@@ -3450,11 +3589,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3465,11 +3604,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -67893,23 +66498,10 @@ index b452599..5d68f4e 100644 atomic_set(&pd->refcnt, 0); pd->pinst =3D pinst; diff --git a/kernel/panic.c b/kernel/panic.c -index 3458469..342c500 100644 +index 80aed44..f291d37 100644 --- a/kernel/panic.c +++ b/kernel/panic.c -@@ -78,7 +78,11 @@ NORET_TYPE void panic(const char * fmt, ...) - va_end(args); - printk(KERN_EMERG "Kernel panic - not syncing: %s\n",buf); - #ifdef CONFIG_DEBUG_BUGVERBOSE -- dump_stack(); -+ /* -+ * Avoid nested stack-dumping if a panic occurs during oops processing -+ */ -+ if (!oops_in_progress) -+ dump_stack(); - #endif -=20 - /* -@@ -382,7 +386,7 @@ static void warn_slowpath_common(const char *file, i= nt line, void *caller, +@@ -402,7 +402,7 @@ static void warn_slowpath_common(const char *file, i= nt line, void *caller, const char *board; =20 printk(KERN_WARNING "------------[ cut here ]------------\n"); @@ -67918,7 +66510,7 @@ index 3458469..342c500 100644 board =3D dmi_get_system_info(DMI_PRODUCT_NAME); if (board) printk(KERN_WARNING "Hardware name: %s\n", board); -@@ -437,7 +441,8 @@ EXPORT_SYMBOL(warn_slowpath_null); +@@ -457,7 +457,8 @@ EXPORT_SYMBOL(warn_slowpath_null); */ void __stack_chk_fail(void) { @@ -67929,7 +66521,7 @@ index 3458469..342c500 100644 } EXPORT_SYMBOL(__stack_chk_fail); diff --git a/kernel/pid.c b/kernel/pid.c -index fa5f722..0c93e57 100644 +index 9f08dfa..6765c40 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -33,6 +33,7 @@ @@ -67949,7 +66541,7 @@ index fa5f722..0c93e57 100644 =20 int pid_max_min =3D RESERVED_PIDS + 1; int pid_max_max =3D PID_MAX_LIMIT; -@@ -418,10 +419,18 @@ EXPORT_SYMBOL(pid_task); +@@ -420,10 +421,18 @@ EXPORT_SYMBOL(pid_task); */ struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace = *ns) { @@ -67969,7 +66561,7 @@ index fa5f722..0c93e57 100644 } =20 struct task_struct *find_task_by_vpid(pid_t vnr) -@@ -429,6 +438,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) +@@ -431,6 +440,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); } =20 @@ -67985,7 +66577,7 @@ index fa5f722..0c93e57 100644 { struct pid *pid; diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c -index e7cb76d..75eceb3 100644 +index 125cb67..a4d1c30 100644 --- a/kernel/posix-cpu-timers.c +++ b/kernel/posix-cpu-timers.c @@ -6,6 +6,7 @@ @@ -67996,7 +66588,7 @@ index e7cb76d..75eceb3 100644 #include #include #include -@@ -1606,14 +1607,14 @@ struct k_clock clock_posix_cpu =3D { +@@ -1578,14 +1579,14 @@ struct k_clock clock_posix_cpu =3D { =20 static __init int init_posix_cpu_timers(void) { @@ -68125,10 +66717,10 @@ index d523593..68197a4 100644 register_sysrq_key('o', &sysrq_poweroff_op); return 0; diff --git a/kernel/power/process.c b/kernel/power/process.c -index 3d4b954..11af930 100644 +index 7e42645..3d43df1 100644 --- a/kernel/power/process.c +++ b/kernel/power/process.c -@@ -41,6 +41,7 @@ static int try_to_freeze_tasks(bool sig_only) +@@ -32,6 +32,7 @@ static int try_to_freeze_tasks(bool user_only) u64 elapsed_csecs64; unsigned int elapsed_csecs; bool wakeup =3D false; @@ -68136,7 +66728,7 @@ index 3d4b954..11af930 100644 =20 do_gettimeofday(&start); =20 -@@ -51,6 +52,8 @@ static int try_to_freeze_tasks(bool sig_only) +@@ -42,6 +43,8 @@ static int try_to_freeze_tasks(bool user_only) =20 while (true) { todo =3D 0; @@ -68144,8 +66736,8 @@ index 3d4b954..11af930 100644 + timedout =3D true; read_lock(&tasklist_lock); do_each_thread(g, p) { - if (frozen(p) || !freezable(p)) -@@ -71,9 +74,13 @@ static int try_to_freeze_tasks(bool sig_only) + if (p =3D=3D current || !freeze_task(p)) +@@ -59,9 +62,13 @@ static int try_to_freeze_tasks(bool user_only) * try_to_stop() after schedule() in ptrace/signal * stop sees TIF_FREEZE. */ @@ -68161,7 +66753,7 @@ index 3d4b954..11af930 100644 } while_each_thread(g, p); read_unlock(&tasklist_lock); =20 -@@ -82,7 +89,7 @@ static int try_to_freeze_tasks(bool sig_only) +@@ -70,7 +77,7 @@ static int try_to_freeze_tasks(bool user_only) todo +=3D wq_busy; } =20 @@ -68171,7 +66763,7 @@ index 3d4b954..11af930 100644 =20 if (pm_wakeup_pending()) { diff --git a/kernel/printk.c b/kernel/printk.c -index 7982a0a..2095fdc 100644 +index 32690a0..cd7c798 100644 --- a/kernel/printk.c +++ b/kernel/printk.c @@ -313,6 +313,11 @@ static int check_syslog_permissions(int type, bool = from_file) @@ -68248,82 +66840,19 @@ index 76b8e77..a2930e8 100644 } =20 diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index 78ab24a..332c915 100644 +index 00ab2ca..d237f61 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -172,7 +172,8 @@ int ptrace_check_attach(struct task_struct *child, b= ool ignore_state) - return ret; - } -=20 --int __ptrace_may_access(struct task_struct *task, unsigned int mode) -+static int __ptrace_may_access(struct task_struct *task, unsigned int m= ode, -+ unsigned int log) - { - const struct cred *cred =3D current_cred(), *tcred; -=20 -@@ -198,7 +199,8 @@ int __ptrace_may_access(struct task_struct *task, un= signed int mode) - cred->gid =3D=3D tcred->sgid && - cred->gid =3D=3D tcred->gid)) - goto ok; -- if (ns_capable(tcred->user->user_ns, CAP_SYS_PTRACE)) -+ if ((!log && ns_capable_nolog(tcred->user->user_ns, CAP_SYS_PTRACE)) |= | -+ (log && ns_capable(tcred->user->user_ns, CAP_SYS_PTRACE))) - goto ok; - rcu_read_unlock(); - return -EPERM; -@@ -207,7 +209,9 @@ ok: - smp_rmb(); - if (task->mm) - dumpable =3D get_dumpable(task->mm); -- if (!dumpable && !task_ns_capable(task, CAP_SYS_PTRACE)) -+ if (!dumpable && -+ ((!log && !task_ns_capable_nolog(task, CAP_SYS_PTRACE)) || -+ (log && !task_ns_capable(task, CAP_SYS_PTRACE)))) - return -EPERM; -=20 - return security_ptrace_access_check(task, mode); -@@ -217,7 +221,21 @@ bool ptrace_may_access(struct task_struct *task, un= signed int mode) - { - int err; - task_lock(task); -- err =3D __ptrace_may_access(task, mode); -+ err =3D __ptrace_may_access(task, mode, 0); -+ task_unlock(task); -+ return !err; -+} -+ -+bool ptrace_may_access_nolock(struct task_struct *task, unsigned int mo= de) -+{ -+ return __ptrace_may_access(task, mode, 0); -+} -+ -+bool ptrace_may_access_log(struct task_struct *task, unsigned int mode) -+{ -+ int err; -+ task_lock(task); -+ err =3D __ptrace_may_access(task, mode, 1); - task_unlock(task); - return !err; - } -@@ -262,7 +280,7 @@ static int ptrace_attach(struct task_struct *task, l= ong request, - goto out; -=20 - task_lock(task); -- retval =3D __ptrace_may_access(task, PTRACE_MODE_ATTACH); -+ retval =3D __ptrace_may_access(task, PTRACE_MODE_ATTACH, 1); - task_unlock(task); - if (retval) - goto unlock_creds; -@@ -277,7 +295,7 @@ static int ptrace_attach(struct task_struct *task, l= ong request, +@@ -285,7 +285,7 @@ static int ptrace_attach(struct task_struct *task, l= ong request, task->ptrace =3D PT_PTRACED; if (seize) task->ptrace |=3D PT_SEIZED; -- if (task_ns_capable(task, CAP_SYS_PTRACE)) -+ if (task_ns_capable_nolog(task, CAP_SYS_PTRACE)) +- if (ns_capable(task_user_ns(task), CAP_SYS_PTRACE)) ++ if (ns_capable_nolog(task_user_ns(task), CAP_SYS_PTRACE)) task->ptrace |=3D PT_PTRACE_CAP; =20 __ptrace_link(task, current); -@@ -483,7 +501,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigne= d long src, char __user *dst +@@ -491,7 +491,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigne= d long src, char __user *dst break; return -EIO; } @@ -68332,7 +66861,7 @@ index 78ab24a..332c915 100644 return -EFAULT; copied +=3D retval; src +=3D retval; -@@ -680,7 +698,7 @@ int ptrace_request(struct task_struct *child, long r= equest, +@@ -688,7 +688,7 @@ int ptrace_request(struct task_struct *child, long r= equest, bool seized =3D child->ptrace & PT_SEIZED; int ret =3D -EIO; siginfo_t siginfo, *si; @@ -68341,7 +66870,7 @@ index 78ab24a..332c915 100644 unsigned long __user *datalp =3D datavp; unsigned long flags; =20 -@@ -882,14 +900,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, = unsigned long, addr, +@@ -890,14 +890,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, = unsigned long, addr, goto out; } =20 @@ -68364,7 +66893,7 @@ index 78ab24a..332c915 100644 goto out_put_task_struct; } =20 -@@ -915,7 +940,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk,= unsigned long addr, +@@ -923,7 +930,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk,= unsigned long addr, copied =3D access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); if (copied !=3D sizeof(tmp)) return -EIO; @@ -68373,7 +66902,7 @@ index 78ab24a..332c915 100644 } =20 int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr= , -@@ -1025,14 +1050,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t = request, compat_long_t pid, +@@ -1033,14 +1040,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t = request, compat_long_t pid, goto out; } =20 @@ -68397,7 +66926,7 @@ index 78ab24a..332c915 100644 } =20 diff --git a/kernel/rcutiny.c b/kernel/rcutiny.c -index 636af6d..8af70ab 100644 +index 977296d..c4744dc 100644 --- a/kernel/rcutiny.c +++ b/kernel/rcutiny.c @@ -46,7 +46,7 @@ @@ -68409,8 +66938,8 @@ index 636af6d..8af70ab 100644 static void __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), struct rcu_ctrlblk *rcp); -@@ -186,7 +186,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlb= lk *rcp) - RCU_TRACE(trace_rcu_batch_end(rcp->name, cb_count)); +@@ -297,7 +297,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlb= lk *rcp) + rcu_is_callbacks_kthread())); } =20 -static void rcu_process_callbacks(struct softirq_action *unused) @@ -68418,11 +66947,24 @@ index 636af6d..8af70ab 100644 { __rcu_process_callbacks(&rcu_sched_ctrlblk); __rcu_process_callbacks(&rcu_bh_ctrlblk); +diff --git a/kernel/rcutiny_plugin.h b/kernel/rcutiny_plugin.h +index 9cb1ae4..aac7d3e 100644 +--- a/kernel/rcutiny_plugin.h ++++ b/kernel/rcutiny_plugin.h +@@ -920,7 +920,7 @@ static int rcu_kthread(void *arg) + have_rcu_kthread_work =3D morework; + local_irq_restore(flags); + if (work) +- rcu_process_callbacks(NULL); ++ rcu_process_callbacks(); + schedule_timeout_interruptible(1); /* Leave CPU for others. */ + } +=20 diff --git a/kernel/rcutorture.c b/kernel/rcutorture.c -index 764825c..3aa6ac4 100644 +index a58ac28..196a3d8 100644 --- a/kernel/rcutorture.c +++ b/kernel/rcutorture.c -@@ -138,12 +138,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN += 1], rcu_torture_count) =3D +@@ -148,12 +148,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN += 1], rcu_torture_count) =3D { 0 }; static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_batc= h) =3D { 0 }; @@ -68441,7 +66983,7 @@ index 764825c..3aa6ac4 100644 static long n_rcu_torture_boost_ktrerror; static long n_rcu_torture_boost_rterror; static long n_rcu_torture_boost_failure; -@@ -223,11 +223,11 @@ rcu_torture_alloc(void) +@@ -243,11 +243,11 @@ rcu_torture_alloc(void) =20 spin_lock_bh(&rcu_torture_lock); if (list_empty(&rcu_torture_freelist)) { @@ -68455,7 +66997,7 @@ index 764825c..3aa6ac4 100644 p =3D rcu_torture_freelist.next; list_del_init(p); spin_unlock_bh(&rcu_torture_lock); -@@ -240,7 +240,7 @@ rcu_torture_alloc(void) +@@ -260,7 +260,7 @@ rcu_torture_alloc(void) static void rcu_torture_free(struct rcu_torture *p) { @@ -68464,7 +67006,7 @@ index 764825c..3aa6ac4 100644 spin_lock_bh(&rcu_torture_lock); list_add_tail(&p->rtort_free, &rcu_torture_freelist); spin_unlock_bh(&rcu_torture_lock); -@@ -360,7 +360,7 @@ rcu_torture_cb(struct rcu_head *p) +@@ -380,7 +380,7 @@ rcu_torture_cb(struct rcu_head *p) i =3D rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i =3D RCU_TORTURE_PIPE_LEN; @@ -68473,7 +67015,7 @@ index 764825c..3aa6ac4 100644 if (++rp->rtort_pipe_count >=3D RCU_TORTURE_PIPE_LEN) { rp->rtort_mbtest =3D 0; rcu_torture_free(rp); -@@ -407,7 +407,7 @@ static void rcu_sync_torture_deferred_free(struct rc= u_torture *p) +@@ -427,7 +427,7 @@ static void rcu_sync_torture_deferred_free(struct rc= u_torture *p) i =3D rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i =3D RCU_TORTURE_PIPE_LEN; @@ -68482,7 +67024,7 @@ index 764825c..3aa6ac4 100644 if (++rp->rtort_pipe_count >=3D RCU_TORTURE_PIPE_LEN) { rp->rtort_mbtest =3D 0; list_del(&rp->rtort_free); -@@ -872,7 +872,7 @@ rcu_torture_writer(void *arg) +@@ -916,7 +916,7 @@ rcu_torture_writer(void *arg) i =3D old_rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i =3D RCU_TORTURE_PIPE_LEN; @@ -68491,7 +67033,7 @@ index 764825c..3aa6ac4 100644 old_rp->rtort_pipe_count++; cur_ops->deferred_free(old_rp); } -@@ -940,7 +940,7 @@ static void rcu_torture_timer(unsigned long unused) +@@ -997,7 +997,7 @@ static void rcu_torture_timer(unsigned long unused) return; } if (p->rtort_mbtest =3D=3D 0) @@ -68500,7 +67042,7 @@ index 764825c..3aa6ac4 100644 spin_lock(&rand_lock); cur_ops->read_delay(&rand); n_rcu_torture_timers++; -@@ -1001,7 +1001,7 @@ rcu_torture_reader(void *arg) +@@ -1061,7 +1061,7 @@ rcu_torture_reader(void *arg) continue; } if (p->rtort_mbtest =3D=3D 0) @@ -68509,7 +67051,7 @@ index 764825c..3aa6ac4 100644 cur_ops->read_delay(&rand); preempt_disable(); pipe_count =3D p->rtort_pipe_count; -@@ -1060,16 +1060,16 @@ rcu_torture_printk(char *page) +@@ -1123,10 +1123,10 @@ rcu_torture_printk(char *page) rcu_torture_current, rcu_torture_current_version, list_empty(&rcu_torture_freelist), @@ -68524,14 +67066,16 @@ index 764825c..3aa6ac4 100644 n_rcu_torture_boost_ktrerror, n_rcu_torture_boost_rterror, n_rcu_torture_boost_failure, - n_rcu_torture_boosts, - n_rcu_torture_timers); +@@ -1136,7 +1136,7 @@ rcu_torture_printk(char *page) + n_online_attempts, + n_offline_successes, + n_offline_attempts); - if (atomic_read(&n_rcu_torture_mberror) !=3D 0 || + if (atomic_read_unchecked(&n_rcu_torture_mberror) !=3D 0 || n_rcu_torture_boost_ktrerror !=3D 0 || n_rcu_torture_boost_rterror !=3D 0 || n_rcu_torture_boost_failure !=3D 0) -@@ -1077,7 +1077,7 @@ rcu_torture_printk(char *page) +@@ -1144,7 +1144,7 @@ rcu_torture_printk(char *page) cnt +=3D sprintf(&page[cnt], "\n%s%s ", torture_type, TORTURE_FLAG); if (i > 1) { cnt +=3D sprintf(&page[cnt], "!!! "); @@ -68540,7 +67084,7 @@ index 764825c..3aa6ac4 100644 WARN_ON_ONCE(1); } cnt +=3D sprintf(&page[cnt], "Reader Pipe: "); -@@ -1091,7 +1091,7 @@ rcu_torture_printk(char *page) +@@ -1158,7 +1158,7 @@ rcu_torture_printk(char *page) cnt +=3D sprintf(&page[cnt], "Free-Block Circulation: "); for (i =3D 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { cnt +=3D sprintf(&page[cnt], " %d", @@ -68549,7 +67093,7 @@ index 764825c..3aa6ac4 100644 } cnt +=3D sprintf(&page[cnt], "\n"); if (cur_ops->stats) -@@ -1401,7 +1401,7 @@ rcu_torture_cleanup(void) +@@ -1600,7 +1600,7 @@ rcu_torture_cleanup(void) =20 if (cur_ops->cleanup) cur_ops->cleanup(); @@ -68558,7 +67102,7 @@ index 764825c..3aa6ac4 100644 rcu_torture_print_module_parms(cur_ops, "End of test: FAILURE"); else rcu_torture_print_module_parms(cur_ops, "End of test: SUCCESS"); -@@ -1465,17 +1465,17 @@ rcu_torture_init(void) +@@ -1664,17 +1664,17 @@ rcu_torture_init(void) =20 rcu_torture_current =3D NULL; rcu_torture_current_version =3D 0; @@ -68583,11 +67127,11 @@ index 764825c..3aa6ac4 100644 for (i =3D 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { per_cpu(rcu_torture_count, cpu)[i] =3D 0; diff --git a/kernel/rcutree.c b/kernel/rcutree.c -index 6b76d81..7afc1b3 100644 +index 6c4a672..70f3202 100644 --- a/kernel/rcutree.c +++ b/kernel/rcutree.c -@@ -367,9 +367,9 @@ void rcu_enter_nohz(void) - trace_rcu_dyntick("Start"); +@@ -363,9 +363,9 @@ static void rcu_idle_enter_common(struct rcu_dyntick= s *rdtp, long long oldval) + rcu_prepare_for_idle(smp_processor_id()); /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ smp_mb__before_atomic_inc(); /* See above. */ - atomic_inc(&rdtp->dynticks); @@ -68595,12 +67139,12 @@ index 6b76d81..7afc1b3 100644 smp_mb__after_atomic_inc(); /* Force ordering with next sojourn. */ - WARN_ON_ONCE(atomic_read(&rdtp->dynticks) & 0x1); + WARN_ON_ONCE(atomic_read_unchecked(&rdtp->dynticks) & 0x1); - local_irq_restore(flags); } =20 -@@ -391,10 +391,10 @@ void rcu_exit_nohz(void) - return; - } + /** +@@ -438,10 +438,10 @@ void rcu_irq_exit(void) + static void rcu_idle_exit_common(struct rcu_dynticks *rdtp, long long o= ldval) + { smp_mb__before_atomic_inc(); /* Force ordering w/previous sojourn. */ - atomic_inc(&rdtp->dynticks); + atomic_inc_unchecked(&rdtp->dynticks); @@ -68608,10 +67152,10 @@ index 6b76d81..7afc1b3 100644 smp_mb__after_atomic_inc(); /* See above. */ - WARN_ON_ONCE(!(atomic_read(&rdtp->dynticks) & 0x1)); + WARN_ON_ONCE(!(atomic_read_unchecked(&rdtp->dynticks) & 0x1)); - trace_rcu_dyntick("End"); - local_irq_restore(flags); - } -@@ -411,14 +411,14 @@ void rcu_nmi_enter(void) + rcu_cleanup_after_idle(smp_processor_id()); + trace_rcu_dyntick("End", oldval, rdtp->dynticks_nesting); + if (!is_idle_task(current)) { +@@ -531,14 +531,14 @@ void rcu_nmi_enter(void) struct rcu_dynticks *rdtp =3D &__get_cpu_var(rcu_dynticks); =20 if (rdtp->dynticks_nmi_nesting =3D=3D 0 && @@ -68629,7 +67173,7 @@ index 6b76d81..7afc1b3 100644 } =20 /** -@@ -437,9 +437,9 @@ void rcu_nmi_exit(void) +@@ -557,9 +557,9 @@ void rcu_nmi_exit(void) return; /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ smp_mb__before_atomic_inc(); /* See above. */ @@ -68640,17 +67184,26 @@ index 6b76d81..7afc1b3 100644 + WARN_ON_ONCE(atomic_read_unchecked(&rdtp->dynticks) & 0x1); } =20 - /** -@@ -474,7 +474,7 @@ void rcu_irq_exit(void) + #ifdef CONFIG_PROVE_RCU +@@ -575,7 +575,7 @@ int rcu_is_cpu_idle(void) + int ret; +=20 + preempt_disable(); +- ret =3D (atomic_read(&__get_cpu_var(rcu_dynticks).dynticks) & 0x1) =3D= =3D 0; ++ ret =3D (atomic_read_unchecked(&__get_cpu_var(rcu_dynticks).dynticks) = & 0x1) =3D=3D 0; + preempt_enable(); + return ret; + } +@@ -604,7 +604,7 @@ int rcu_is_cpu_rrupt_from_idle(void) */ static int dyntick_save_progress_counter(struct rcu_data *rdp) { - rdp->dynticks_snap =3D atomic_add_return(0, &rdp->dynticks->dynticks); + rdp->dynticks_snap =3D atomic_add_return_unchecked(0, &rdp->dynticks->= dynticks); - return 0; + return (rdp->dynticks_snap & 0x1) =3D=3D 0; } =20 -@@ -489,7 +489,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data = *rdp) +@@ -619,7 +619,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data = *rdp) unsigned int curr; unsigned int snap; =20 @@ -68659,7 +67212,7 @@ index 6b76d81..7afc1b3 100644 snap =3D (unsigned int)rdp->dynticks_snap; =20 /* -@@ -1552,7 +1552,7 @@ __rcu_process_callbacks(struct rcu_state *rsp, str= uct rcu_data *rdp) +@@ -1667,7 +1667,7 @@ __rcu_process_callbacks(struct rcu_state *rsp, str= uct rcu_data *rdp) /* * Do RCU core processing for the current CPU. */ @@ -68668,24 +67221,44 @@ index 6b76d81..7afc1b3 100644 { trace_rcu_utilization("Start RCU core"); __rcu_process_callbacks(&rcu_sched_state, +@@ -2030,7 +2030,7 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_stat= e *rsp) + rdp->qlen =3D 0; + rdp->dynticks =3D &per_cpu(rcu_dynticks, cpu); + WARN_ON_ONCE(rdp->dynticks->dynticks_nesting !=3D DYNTICK_TASK_NESTING= ); +- WARN_ON_ONCE(atomic_read(&rdp->dynticks->dynticks) !=3D 1); ++ WARN_ON_ONCE(atomic_read_unchecked(&rdp->dynticks->dynticks) !=3D 1); + rdp->cpu =3D cpu; + rdp->rsp =3D rsp; + raw_spin_unlock_irqrestore(&rnp->lock, flags); +@@ -2058,8 +2058,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rs= p, int preemptible) + rdp->n_force_qs_snap =3D rsp->n_force_qs; + rdp->blimit =3D blimit; + rdp->dynticks->dynticks_nesting =3D DYNTICK_TASK_NESTING; +- atomic_set(&rdp->dynticks->dynticks, +- (atomic_read(&rdp->dynticks->dynticks) & ~0x1) + 1); ++ atomic_set_unchecked(&rdp->dynticks->dynticks, ++ (atomic_read_unchecked(&rdp->dynticks->dynticks) & ~0x1) + 1); + rcu_prepare_for_idle_init(cpu); + raw_spin_unlock(&rnp->lock); /* irqs remain disabled. */ +=20 diff --git a/kernel/rcutree.h b/kernel/rcutree.h -index 849ce9e..74bc9de 100644 +index fddff92..2c08359 100644 --- a/kernel/rcutree.h +++ b/kernel/rcutree.h -@@ -86,7 +86,7 @@ - struct rcu_dynticks { - int dynticks_nesting; /* Track irq/process nesting level. */ - int dynticks_nmi_nesting; /* Track NMI nesting level. */ -- atomic_t dynticks; /* Even value for dynticks-idle, else odd. */ -+ atomic_unchecked_t dynticks; /* Even value for dynticks-idle, else odd= . */ +@@ -87,7 +87,7 @@ struct rcu_dynticks { + long long dynticks_nesting; /* Track irq/process nesting level. */ + /* Process level is worth LLONG_MAX/2. */ + int dynticks_nmi_nesting; /* Track NMI nesting level. */ +- atomic_t dynticks; /* Even value for idle, else odd. */ ++ atomic_unchecked_t dynticks;/* Even value for idle, else odd. */ }; =20 /* RCU's kthread states for tracing. */ diff --git a/kernel/rcutree_plugin.h b/kernel/rcutree_plugin.h -index 4b9b9f8..2326053 100644 +index 8bb35d7..6ea0a463 100644 --- a/kernel/rcutree_plugin.h +++ b/kernel/rcutree_plugin.h -@@ -842,7 +842,7 @@ void synchronize_rcu_expedited(void) +@@ -850,7 +850,7 @@ void synchronize_rcu_expedited(void) =20 /* Clean up and exit. */ smp_mb(); /* ensure expedited GP seen before counter increment. */ @@ -68694,7 +67267,7 @@ index 4b9b9f8..2326053 100644 unlock_mb_ret: mutex_unlock(&sync_rcu_preempt_exp_mutex); mb_ret: -@@ -1815,8 +1815,8 @@ EXPORT_SYMBOL_GPL(synchronize_sched_expedited); +@@ -1833,8 +1833,8 @@ EXPORT_SYMBOL_GPL(synchronize_sched_expedited); =20 #else /* #ifndef CONFIG_SMP */ =20 @@ -68705,7 +67278,7 @@ index 4b9b9f8..2326053 100644 =20 static int synchronize_sched_expedited_cpu_stop(void *data) { -@@ -1871,7 +1871,7 @@ void synchronize_sched_expedited(void) +@@ -1889,7 +1889,7 @@ void synchronize_sched_expedited(void) int firstsnap, s, snap, trycount =3D 0; =20 /* Note that atomic_inc_return() implies full memory barrier. */ @@ -68714,7 +67287,7 @@ index 4b9b9f8..2326053 100644 get_online_cpus(); =20 /* -@@ -1892,7 +1892,7 @@ void synchronize_sched_expedited(void) +@@ -1910,7 +1910,7 @@ void synchronize_sched_expedited(void) } =20 /* Check to see if someone else did our work for us. */ @@ -68723,16 +67296,16 @@ index 4b9b9f8..2326053 100644 if (UINT_CMP_GE((unsigned)s, (unsigned)firstsnap)) { smp_mb(); /* ensure test happens before caller kfree */ return; -@@ -1907,7 +1907,7 @@ void synchronize_sched_expedited(void) +@@ -1925,7 +1925,7 @@ void synchronize_sched_expedited(void) * grace period works for us. */ get_online_cpus(); -- snap =3D atomic_read(&sync_sched_expedited_started) - 1; -+ snap =3D atomic_read_unchecked(&sync_sched_expedited_started) - 1; +- snap =3D atomic_read(&sync_sched_expedited_started); ++ snap =3D atomic_read_unchecked(&sync_sched_expedited_started); smp_mb(); /* ensure read is before try_stop_cpus(). */ } =20 -@@ -1918,12 +1918,12 @@ void synchronize_sched_expedited(void) +@@ -1936,12 +1936,12 @@ void synchronize_sched_expedited(void) * than we did beat us to the punch. */ do { @@ -68747,32 +67320,23 @@ index 4b9b9f8..2326053 100644 =20 put_online_cpus(); } -@@ -1985,7 +1985,7 @@ int rcu_needs_cpu(int cpu) - for_each_online_cpu(thatcpu) { - if (thatcpu =3D=3D cpu) - continue; -- snap =3D atomic_add_return(0, &per_cpu(rcu_dynticks, -+ snap =3D atomic_add_return_unchecked(0, &per_cpu(rcu_dynticks, - thatcpu).dynticks); - smp_mb(); /* Order sampling of snap with end of grace period. */ - if ((snap & 0x1) !=3D 0) { diff --git a/kernel/rcutree_trace.c b/kernel/rcutree_trace.c -index 9feffa4..54058df 100644 +index 654cfe6..c0b28e2 100644 --- a/kernel/rcutree_trace.c +++ b/kernel/rcutree_trace.c -@@ -69,7 +69,7 @@ static void print_one_rcu_data(struct seq_file *m, str= uct rcu_data *rdp) +@@ -68,7 +68,7 @@ static void print_one_rcu_data(struct seq_file *m, str= uct rcu_data *rdp) + rdp->passed_quiesce, rdp->passed_quiesce_gpnum, rdp->qs_pending); - #ifdef CONFIG_NO_HZ - seq_printf(m, " dt=3D%d/%d/%d df=3D%lu", + seq_printf(m, " dt=3D%d/%llx/%d df=3D%lu", - atomic_read(&rdp->dynticks->dynticks), + atomic_read_unchecked(&rdp->dynticks->dynticks), rdp->dynticks->dynticks_nesting, rdp->dynticks->dynticks_nmi_nesting, rdp->dynticks_fqs); -@@ -143,7 +143,7 @@ static void print_one_rcu_data_csv(struct seq_file *= m, struct rcu_data *rdp) +@@ -140,7 +140,7 @@ static void print_one_rcu_data_csv(struct seq_file *= m, struct rcu_data *rdp) + rdp->passed_quiesce, rdp->passed_quiesce_gpnum, rdp->qs_pending); - #ifdef CONFIG_NO_HZ - seq_printf(m, ",%d,%d,%d,%lu", + seq_printf(m, ",%d,%llx,%d,%lu", - atomic_read(&rdp->dynticks->dynticks), + atomic_read_unchecked(&rdp->dynticks->dynticks), rdp->dynticks->dynticks_nesting, @@ -68802,7 +67366,7 @@ index 7640b3a..5879283 100644 } __initcall(ioresources_init); diff --git a/kernel/rtmutex-tester.c b/kernel/rtmutex-tester.c -index 3d9f31c..7fefc9e 100644 +index 98ec494..4241d6d 100644 --- a/kernel/rtmutex-tester.c +++ b/kernel/rtmutex-tester.c @@ -20,7 +20,7 @@ @@ -68895,11 +67459,33 @@ index 3d9f31c..7fefc9e 100644 return; =20 default: -diff --git a/kernel/sched.c b/kernel/sched.c -index d6b149c..896cbb8 100644 ---- a/kernel/sched.c -+++ b/kernel/sched.c -@@ -4389,6 +4389,19 @@ pick_next_task(struct rq *rq) +diff --git a/kernel/sched/auto_group.c b/kernel/sched/auto_group.c +index e8a1f83..363d17d 100644 +--- a/kernel/sched/auto_group.c ++++ b/kernel/sched/auto_group.c +@@ -11,7 +11,7 @@ +=20 + unsigned int __read_mostly sysctl_sched_autogroup_enabled =3D 1; + static struct autogroup autogroup_default; +-static atomic_t autogroup_seq_nr; ++static atomic_unchecked_t autogroup_seq_nr; +=20 + void __init autogroup_init(struct task_struct *init_task) + { +@@ -78,7 +78,7 @@ static inline struct autogroup *autogroup_create(void) +=20 + kref_init(&ag->kref); + init_rwsem(&ag->lock); +- ag->id =3D atomic_inc_return(&autogroup_seq_nr); ++ ag->id =3D atomic_inc_return_unchecked(&autogroup_seq_nr); + ag->tg =3D tg; + #ifdef CONFIG_RT_GROUP_SCHED + /* +diff --git a/kernel/sched/core.c b/kernel/sched/core.c +index b342f57..00324a0 100644 +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -3143,6 +3143,19 @@ pick_next_task(struct rq *rq) BUG(); /* the idle class will always have a runnable task */ } =20 @@ -68919,7 +67505,7 @@ index d6b149c..896cbb8 100644 /* * __schedule() is the main scheduler function. */ -@@ -4408,6 +4421,8 @@ need_resched: +@@ -3162,6 +3175,8 @@ need_resched: =20 schedule_debug(prev); =20 @@ -68928,7 +67514,7 @@ index d6b149c..896cbb8 100644 if (sched_feat(HRTICK)) hrtick_clear(rq); =20 -@@ -5098,6 +5113,8 @@ int can_nice(const struct task_struct *p, const in= t nice) +@@ -3852,6 +3867,8 @@ int can_nice(const struct task_struct *p, const in= t nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim =3D 20 - nice; =20 @@ -68937,7 +67523,7 @@ index d6b149c..896cbb8 100644 return (nice_rlim <=3D task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -5131,7 +5148,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -3885,7 +3902,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice =3D 19; =20 @@ -68947,7 +67533,7 @@ index d6b149c..896cbb8 100644 return -EPERM; =20 retval =3D security_task_setnice(current, nice); -@@ -5288,6 +5306,7 @@ recheck: +@@ -4042,6 +4060,7 @@ recheck: unsigned long rlim_rtprio =3D task_rlimit(p, RLIMIT_RTPRIO); =20 @@ -68955,33 +67541,11 @@ index d6b149c..896cbb8 100644 /* can't set/change the rt policy */ if (policy !=3D p->policy && !rlim_rtprio) return -EPERM; -diff --git a/kernel/sched_autogroup.c b/kernel/sched_autogroup.c -index 429242f..d7cca82 100644 ---- a/kernel/sched_autogroup.c -+++ b/kernel/sched_autogroup.c -@@ -7,7 +7,7 @@ -=20 - unsigned int __read_mostly sysctl_sched_autogroup_enabled =3D 1; - static struct autogroup autogroup_default; --static atomic_t autogroup_seq_nr; -+static atomic_unchecked_t autogroup_seq_nr; -=20 - static void __init autogroup_init(struct task_struct *init_task) - { -@@ -78,7 +78,7 @@ static inline struct autogroup *autogroup_create(void) -=20 - kref_init(&ag->kref); - init_rwsem(&ag->lock); -- ag->id =3D atomic_inc_return(&autogroup_seq_nr); -+ ag->id =3D atomic_inc_return_unchecked(&autogroup_seq_nr); - ag->tg =3D tg; - #ifdef CONFIG_RT_GROUP_SCHED - /* -diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c -index 8a39fa3..34f3dbc 100644 ---- a/kernel/sched_fair.c -+++ b/kernel/sched_fair.c -@@ -4801,7 +4801,7 @@ static void nohz_idle_balance(int this_cpu, enum c= pu_idle_type idle) { } +diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c +index aca16b8..8e3acc4 100644 +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -5147,7 +5147,7 @@ static void nohz_idle_balance(int this_cpu, enum c= pu_idle_type idle) { } * run_rebalance_domains is triggered when needed from the scheduler ti= ck. * Also triggered for nohz idle balancing (with nohz_balancing_kick set= ). */ @@ -68991,10 +67555,10 @@ index 8a39fa3..34f3dbc 100644 int this_cpu =3D smp_processor_id(); struct rq *this_rq =3D cpu_rq(this_cpu); diff --git a/kernel/signal.c b/kernel/signal.c -index 2065515..aed2987 100644 +index c73c428..7040057 100644 --- a/kernel/signal.c +++ b/kernel/signal.c -@@ -45,12 +45,12 @@ static struct kmem_cache *sigqueue_cachep; +@@ -46,12 +46,12 @@ static struct kmem_cache *sigqueue_cachep; =20 int print_fatal_signals __read_mostly; =20 @@ -69009,7 +67573,7 @@ index 2065515..aed2987 100644 { /* Is it explicitly or implicitly ignored? */ return handler =3D=3D SIG_IGN || -@@ -60,7 +60,7 @@ static int sig_handler_ignored(void __user *handler, i= nt sig) +@@ -61,7 +61,7 @@ static int sig_handler_ignored(void __user *handler, i= nt sig) static int sig_task_ignored(struct task_struct *t, int sig, int from_ancestor_ns) { @@ -69018,7 +67582,7 @@ index 2065515..aed2987 100644 =20 handler =3D sig_handler(t, sig); =20 -@@ -364,6 +364,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp= _t flags, int override_rlimi +@@ -365,6 +365,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp= _t flags, int override_rlimi atomic_inc(&user->sigpending); rcu_read_unlock(); =20 @@ -69028,7 +67592,7 @@ index 2065515..aed2987 100644 if (override_rlimit || atomic_read(&user->sigpending) <=3D task_rlimit(t, RLIMIT_SIGPENDING)) { -@@ -488,7 +491,7 @@ flush_signal_handlers(struct task_struct *t, int for= ce_default) +@@ -489,7 +492,7 @@ flush_signal_handlers(struct task_struct *t, int for= ce_default) =20 int unhandled_signal(struct task_struct *tsk, int sig) { @@ -69037,7 +67601,7 @@ index 2065515..aed2987 100644 if (is_global_init(tsk)) return 1; if (handler !=3D SIG_IGN && handler !=3D SIG_DFL) -@@ -815,6 +818,13 @@ static int check_kill_permission(int sig, struct si= ginfo *info, +@@ -816,6 +819,13 @@ static int check_kill_permission(int sig, struct si= ginfo *info, } } =20 @@ -69051,7 +67615,7 @@ index 2065515..aed2987 100644 return security_task_kill(t, info, sig, 0); } =20 -@@ -1165,7 +1175,7 @@ __group_send_sig_info(int sig, struct siginfo *inf= o, struct task_struct *p) +@@ -1197,7 +1207,7 @@ __group_send_sig_info(int sig, struct siginfo *inf= o, struct task_struct *p) return send_signal(sig, info, p, 1); } =20 @@ -69060,7 +67624,7 @@ index 2065515..aed2987 100644 specific_send_sig_info(int sig, struct siginfo *info, struct task_struc= t *t) { return send_signal(sig, info, t, 0); -@@ -1202,6 +1212,7 @@ force_sig_info(int sig, struct siginfo *info, stru= ct task_struct *t) +@@ -1234,6 +1244,7 @@ force_sig_info(int sig, struct siginfo *info, stru= ct task_struct *t) unsigned long int flags; int ret, blocked, ignored; struct k_sigaction *action; @@ -69068,7 +67632,7 @@ index 2065515..aed2987 100644 =20 spin_lock_irqsave(&t->sighand->siglock, flags); action =3D &t->sighand->action[sig-1]; -@@ -1216,9 +1227,18 @@ force_sig_info(int sig, struct siginfo *info, str= uct task_struct *t) +@@ -1248,9 +1259,18 @@ force_sig_info(int sig, struct siginfo *info, str= uct task_struct *t) } if (action->sa.sa_handler =3D=3D SIG_DFL) t->signal->flags &=3D ~SIGNAL_UNKILLABLE; @@ -69087,7 +67651,7 @@ index 2065515..aed2987 100644 return ret; } =20 -@@ -1285,8 +1305,11 @@ int group_send_sig_info(int sig, struct siginfo *= info, struct task_struct *p) +@@ -1317,8 +1337,11 @@ int group_send_sig_info(int sig, struct siginfo *= info, struct task_struct *p) ret =3D check_kill_permission(sig, info, p); rcu_read_unlock(); =20 @@ -69100,7 +67664,7 @@ index 2065515..aed2987 100644 =20 return ret; } -@@ -2754,7 +2777,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, = struct siginfo *info) +@@ -2820,7 +2843,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, = struct siginfo *info) int error =3D -ESRCH; =20 rcu_read_lock(); @@ -69149,7 +67713,7 @@ index db197d6..17aef0b 100644 raw_spin_unlock_irq(&call_function.lock); } diff --git a/kernel/softirq.c b/kernel/softirq.c -index 2c71d91..1021f81 100644 +index 4eb3a0f..6f1fa81 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c @@ -56,7 +56,7 @@ static struct softirq_action softirq_vec[NR_SOFTIRQS] = __cacheline_aligned_in_smp @@ -69203,7 +67767,7 @@ index 2c71d91..1021f81 100644 struct tasklet_struct *list; =20 diff --git a/kernel/sys.c b/kernel/sys.c -index 481611f..0754d86 100644 +index 888d227..f04b318 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -158,6 +158,12 @@ static int set_one_prio(struct task_struct *p, int = niceval, int error) @@ -69364,7 +67928,7 @@ index 481611f..0754d86 100644 __OLD_UTS_LEN); error |=3D __put_user(0, name->machine + __OLD_UTS_LEN); up_read(&uts_sem); -@@ -1720,7 +1759,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long,= arg2, unsigned long, arg3, +@@ -1838,7 +1877,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long,= arg2, unsigned long, arg3, error =3D get_dumpable(me->mm); break; case PR_SET_DUMPABLE: @@ -69374,7 +67938,7 @@ index 481611f..0754d86 100644 break; } diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index ae27196..7506d69 100644 +index f487f25..9056a9e 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -86,6 +86,13 @@ @@ -69474,7 +68038,7 @@ index ae27196..7506d69 100644 { .procname =3D "ngroups_max", .data =3D &ngroups_max, -@@ -1216,6 +1258,13 @@ static struct ctl_table vm_table[] =3D { +@@ -1225,6 +1267,13 @@ static struct ctl_table vm_table[] =3D { .proc_handler =3D proc_dointvec_minmax, .extra1 =3D &zero, }, @@ -69488,7 +68052,7 @@ index ae27196..7506d69 100644 #else { .procname =3D "nr_trim_pages", -@@ -1720,6 +1769,17 @@ static int test_perm(int mode, int op) +@@ -1729,6 +1778,17 @@ static int test_perm(int mode, int op) int sysctl_perm(struct ctl_table_root *root, struct ctl_table *table, i= nt op) { int mode; @@ -69506,7 +68070,7 @@ index ae27196..7506d69 100644 =20 if (root->permissions) mode =3D root->permissions(root, current->nsproxy, table); -@@ -2124,6 +2184,16 @@ int proc_dostring(struct ctl_table *table, int wr= ite, +@@ -2133,6 +2193,16 @@ int proc_dostring(struct ctl_table *table, int wr= ite, buffer, lenp, ppos); } =20 @@ -69523,7 +68087,7 @@ index ae27196..7506d69 100644 static size_t proc_skip_spaces(char **buf) { size_t ret; -@@ -2229,6 +2299,8 @@ static int proc_put_long(void __user **buf, size_t= *size, unsigned long val, +@@ -2238,6 +2308,8 @@ static int proc_put_long(void __user **buf, size_t= *size, unsigned long val, len =3D strlen(tmp); if (len > *size) len =3D *size; @@ -69532,7 +68096,7 @@ index ae27196..7506d69 100644 if (copy_to_user(*buf, tmp, len)) return -EFAULT; *size -=3D len; -@@ -2545,8 +2617,11 @@ static int __do_proc_doulongvec_minmax(void *data= , struct ctl_table *table, int +@@ -2554,8 +2626,11 @@ static int __do_proc_doulongvec_minmax(void *data= , struct ctl_table *table, int *i =3D val; } else { val =3D convdiv * (*i) / convmul; @@ -69545,7 +68109,7 @@ index ae27196..7506d69 100644 err =3D proc_put_long(&buffer, &left, val, false); if (err) break; -@@ -2941,6 +3016,12 @@ int proc_dostring(struct ctl_table *table, int wr= ite, +@@ -2950,6 +3025,12 @@ int proc_dostring(struct ctl_table *table, int wr= ite, return -ENOSYS; } =20 @@ -69558,7 +68122,7 @@ index ae27196..7506d69 100644 int proc_dointvec(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2997,6 +3078,7 @@ EXPORT_SYMBOL(proc_dointvec_minmax); +@@ -3006,6 +3087,7 @@ EXPORT_SYMBOL(proc_dointvec_minmax); EXPORT_SYMBOL(proc_dointvec_userhz_jiffies); EXPORT_SYMBOL(proc_dointvec_ms_jiffies); EXPORT_SYMBOL(proc_dostring); @@ -69715,7 +68279,7 @@ index fd4a7b1..fae5c2a 100644 cpumask_clear_cpu(cpu, tick_get_broadcast_mask()); tick_broadcast_clear_oneshot(cpu); diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c -index 2378413..be455fd 100644 +index 0c63581..e25dcb6 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -14,6 +14,7 @@ @@ -69853,10 +68417,10 @@ index 0b537f2..9e71eca 100644 return -ENOMEM; return 0; diff --git a/kernel/timer.c b/kernel/timer.c -index 9c3c62b..441690e 100644 +index a297ffc..5e16b0b 100644 --- a/kernel/timer.c +++ b/kernel/timer.c -@@ -1304,7 +1304,7 @@ void update_process_times(int user_tick) +@@ -1354,7 +1354,7 @@ void update_process_times(int user_tick) /* * This function runs timers and the timer-tq in bottom half context. */ @@ -69866,7 +68430,7 @@ index 9c3c62b..441690e 100644 struct tvec_base *base =3D __this_cpu_read(tvec_bases); =20 diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c -index 16fc34a..efd8bb8 100644 +index cdea7b5..9b820d4 100644 --- a/kernel/trace/blktrace.c +++ b/kernel/trace/blktrace.c @@ -324,7 +324,7 @@ static ssize_t blk_dropped_read(struct file *filp, c= har __user *buffer, @@ -69897,10 +68461,10 @@ index 16fc34a..efd8bb8 100644 ret =3D -EIO; bt->dropped_file =3D debugfs_create_file("dropped", 0444, dir, bt, diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index 25b4f4d..6f4772d 100644 +index 683d559..d70d914 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c -@@ -1587,12 +1587,17 @@ ftrace_code_disable(struct module *mod, struct d= yn_ftrace *rec) +@@ -1726,12 +1726,17 @@ ftrace_code_disable(struct module *mod, struct d= yn_ftrace *rec) if (unlikely(ftrace_disabled)) return 0; =20 @@ -69920,7 +68484,7 @@ index 25b4f4d..6f4772d 100644 } =20 /* -@@ -2608,7 +2613,7 @@ static void ftrace_free_entry_rcu(struct rcu_head = *rhp) +@@ -2843,7 +2848,7 @@ static void ftrace_free_entry_rcu(struct rcu_head = *rhp) =20 int register_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops= , @@ -69930,10 +68494,10 @@ index 25b4f4d..6f4772d 100644 struct ftrace_func_probe *entry; struct ftrace_page *pg; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index f2bd275..adaf3a2 100644 +index a3f1bc5..5e651718 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c -@@ -4201,10 +4201,9 @@ static const struct file_operations tracing_dyn_i= nfo_fops =3D { +@@ -4254,10 +4254,9 @@ static const struct file_operations tracing_dyn_i= nfo_fops =3D { }; #endif =20 @@ -69945,7 +68509,7 @@ index f2bd275..adaf3a2 100644 static int once; =20 if (d_tracer) -@@ -4224,10 +4223,9 @@ struct dentry *tracing_init_dentry(void) +@@ -4277,10 +4276,9 @@ struct dentry *tracing_init_dentry(void) return d_tracer; } =20 @@ -70088,7 +68652,7 @@ index fd3c8aa..5f324a6 100644 } entry =3D ring_buffer_event_data(event); diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c -index 5199930..26c73a0 100644 +index 0d6ff35..67e0ed7 100644 --- a/kernel/trace/trace_output.c +++ b/kernel/trace/trace_output.c @@ -278,7 +278,7 @@ int trace_seq_path(struct trace_seq *s, struct path = *path) @@ -70101,10 +68665,10 @@ index 5199930..26c73a0 100644 s->len =3D p - s->buffer; return 1; diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c -index 77575b3..6e623d1 100644 +index d4545f4..a9010a1 100644 --- a/kernel/trace/trace_stack.c +++ b/kernel/trace/trace_stack.c -@@ -50,7 +50,7 @@ static inline void check_stack(void) +@@ -53,7 +53,7 @@ static inline void check_stack(void) return; =20 /* we do not handle interrupt stacks yet */ @@ -70145,7 +68709,7 @@ index 209b379..7f76423 100644 put_task_struct(tsk); } diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug -index 82928f5..92da771 100644 +index 8745ac7..d144e37 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1103,6 +1103,7 @@ config LATENCYTOP @@ -70197,7 +68761,7 @@ index 0d4a127..33a06c7 100644 } EXPORT_SYMBOL(bitmap_parselist_user); diff --git a/lib/bug.c b/lib/bug.c -index 1955209..cbbb2ad 100644 +index a28c141..2bd3d95 100644 --- a/lib/bug.c +++ b/lib/bug.c @@ -133,6 +133,8 @@ enum bug_trap_type report_bug(unsigned long bugaddr,= struct pt_regs *regs) @@ -70210,10 +68774,10 @@ index 1955209..cbbb2ad 100644 file =3D NULL; line =3D 0; diff --git a/lib/debugobjects.c b/lib/debugobjects.c -index a78b7c6..2c73084 100644 +index 0ab9ae8..f01ceca 100644 --- a/lib/debugobjects.c +++ b/lib/debugobjects.c -@@ -284,7 +284,7 @@ static void debug_object_is_on_stack(void *addr, int= onstack) +@@ -288,7 +288,7 @@ static void debug_object_is_on_stack(void *addr, int= onstack) if (limit > 4) return; =20 @@ -70223,7 +68787,7 @@ index a78b7c6..2c73084 100644 return; =20 diff --git a/lib/devres.c b/lib/devres.c -index 7c0e953..f642b5c 100644 +index 9676617..5149e15 100644 --- a/lib/devres.c +++ b/lib/devres.c @@ -80,7 +80,7 @@ EXPORT_SYMBOL(devm_ioremap_nocache); @@ -70235,7 +68799,7 @@ index 7c0e953..f642b5c 100644 iounmap(addr); } EXPORT_SYMBOL(devm_iounmap); -@@ -141,7 +141,7 @@ void devm_ioport_unmap(struct device *dev, void __io= mem *addr) +@@ -192,7 +192,7 @@ void devm_ioport_unmap(struct device *dev, void __io= mem *addr) { ioport_unmap(addr); WARN_ON(devres_destroy(dev, devm_ioport_map_release, @@ -70307,24 +68871,11 @@ index bd2bea9..6b3c95e 100644 if (atomic_read(&task->signal->live) !=3D 1) return false; =20 -diff --git a/lib/kref.c b/lib/kref.c -index 3efb882..8492f4c 100644 ---- a/lib/kref.c -+++ b/lib/kref.c -@@ -52,7 +52,7 @@ void kref_get(struct kref *kref) - */ - int kref_put(struct kref *kref, void (*release)(struct kref *kref)) - { -- WARN_ON(release =3D=3D NULL); -+ BUG_ON(release =3D=3D NULL); - WARN_ON(release =3D=3D (void (*)(struct kref *))kfree); -=20 - if (atomic_dec_and_test(&kref->refcount)) { diff --git a/lib/radix-tree.c b/lib/radix-tree.c -index d9df745..e73c2fe 100644 +index dc63d08..95ae14a 100644 --- a/lib/radix-tree.c +++ b/lib/radix-tree.c -@@ -80,7 +80,7 @@ struct radix_tree_preload { +@@ -78,7 +78,7 @@ struct radix_tree_preload { int nr; struct radix_tree_node *nodes[RADIX_TREE_MAX_PATH]; }; @@ -70334,7 +68885,7 @@ index d9df745..e73c2fe 100644 static inline void *ptr_to_indirect(void *ptr) { diff --git a/lib/vsprintf.c b/lib/vsprintf.c -index 993599e..f1dbc14 100644 +index 38e612e..4fb99a8 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -16,6 +16,9 @@ @@ -70356,8 +68907,8 @@ index 993599e..f1dbc14 100644 sprint_symbol(sym, value); else kallsyms_lookup(value, NULL, NULL, NULL, sym); -@@ -777,7 +780,11 @@ char *uuid_string(char *buf, char *end, const u8 *a= ddr, - return string(buf, end, uuid, spec); +@@ -789,7 +792,11 @@ char *netdev_feature_string(char *buf, char *end, c= onst u8 *addr, + return number(buf, end, *(const netdev_features_t *)addr, spec); } =20 +#ifdef CONFIG_GRKERNSEC_HIDESYM @@ -70368,7 +68919,7 @@ index 993599e..f1dbc14 100644 =20 /* * Show a '%p' thing. A kernel extension is that the '%p' is followed -@@ -791,6 +798,8 @@ int kptr_restrict __read_mostly; +@@ -803,6 +810,8 @@ int kptr_restrict __read_mostly; * - 'S' For symbolic direct pointers with offset * - 's' For symbolic direct pointers without offset * - 'B' For backtraced symbolic direct pointers with offset @@ -70377,7 +68928,7 @@ index 993599e..f1dbc14 100644 * - 'R' For decoded struct resource, e.g., [mem 0x0-0x1f 64bit pref] * - 'r' For raw struct resource, e.g., [mem 0x0-0x1f flags 0x201] * - 'M' For a 6-byte MAC address, it prints the address in the -@@ -835,12 +844,12 @@ char *pointer(const char *fmt, char *buf, char *en= d, void *ptr, +@@ -848,12 +857,12 @@ char *pointer(const char *fmt, char *buf, char *en= d, void *ptr, { if (!ptr && *fmt !=3D 'K') { /* @@ -70392,7 +68943,7 @@ index 993599e..f1dbc14 100644 } =20 switch (*fmt) { -@@ -850,6 +859,13 @@ char *pointer(const char *fmt, char *buf, char *end= , void *ptr, +@@ -863,6 +872,13 @@ char *pointer(const char *fmt, char *buf, char *end= , void *ptr, /* Fallthrough */ case 'S': case 's': @@ -70406,26 +68957,7 @@ index 993599e..f1dbc14 100644 case 'B': return symbol_string(buf, end, ptr, spec, *fmt); case 'R': -@@ -878,9 +894,15 @@ char *pointer(const char *fmt, char *buf, char *end= , void *ptr, - case 'U': - return uuid_string(buf, end, ptr, spec, fmt); - case 'V': -- return buf + vsnprintf(buf, end > buf ? end - buf : 0, -- ((struct va_format *)ptr)->fmt, -- *(((struct va_format *)ptr)->va)); -+ { -+ va_list va; -+ -+ va_copy(va, *((struct va_format *)ptr)->va); -+ buf +=3D vsnprintf(buf, end > buf ? end - buf : 0, -+ ((struct va_format *)ptr)->fmt, va); -+ va_end(va); -+ return buf; -+ } - case 'K': - /* - * %pK cannot be used in IRQ context because its test -@@ -1608,11 +1630,11 @@ int bstr_printf(char *buf, size_t size, const ch= ar *fmt, const u32 *bin_buf) +@@ -1633,11 +1649,11 @@ int bstr_printf(char *buf, size_t size, const ch= ar *fmt, const u32 *bin_buf) typeof(type) value; \ if (sizeof(type) =3D=3D 8) { \ args =3D PTR_ALIGN(args, sizeof(u32)); \ @@ -70440,7 +68972,7 @@ index 993599e..f1dbc14 100644 } \ args +=3D sizeof(type); \ value; \ -@@ -1675,7 +1697,7 @@ int bstr_printf(char *buf, size_t size, const char= *fmt, const u32 *bin_buf) +@@ -1700,7 +1716,7 @@ int bstr_printf(char *buf, size_t size, const char= *fmt, const u32 *bin_buf) case FORMAT_TYPE_STR: { const char *str_arg =3D args; args +=3D strlen(str_arg) + 1; @@ -70457,10 +68989,10 @@ index 0000000..7cd6065 @@ -0,0 +1 @@ +-grsec diff --git a/mm/Kconfig b/mm/Kconfig -index 011b110..b492af2 100644 +index e338407..49b5b7a 100644 --- a/mm/Kconfig +++ b/mm/Kconfig -@@ -241,10 +241,10 @@ config KSM +@@ -247,10 +247,10 @@ config KSM root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set). =20 config DEFAULT_MMAP_MIN_ADDR @@ -70475,7 +69007,7 @@ index 011b110..b492af2 100644 from userspace allocation. Keeping a user from writing to low pages can help reduce the impact of kernel NULL pointer bugs. diff --git a/mm/filemap.c b/mm/filemap.c -index 03c5b0e..a01e793 100644 +index b662757..3081ddd 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -1770,7 +1770,7 @@ int generic_file_mmap(struct file * file, struct v= m_area_struct * vma) @@ -70541,10 +69073,10 @@ index 57d82c6..e9e0552 100644 set_page_address(page, (void *)vaddr); =20 diff --git a/mm/huge_memory.c b/mm/huge_memory.c -index 8f005e9..1cb1036 100644 +index 8f7fc39..69bf1e9 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c -@@ -704,7 +704,7 @@ out: +@@ -733,7 +733,7 @@ out: * run pte_offset_map on the pmd, if an huge pmd could * materialize from under us from a different thread. */ @@ -70554,10 +69086,10 @@ index 8f005e9..1cb1036 100644 /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 2316840..b418671 100644 +index a876871..132cde0 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2347,6 +2347,27 @@ static int unmap_ref_private(struct mm_struct *mm= , struct vm_area_struct *vma, +@@ -2346,6 +2346,27 @@ static int unmap_ref_private(struct mm_struct *mm= , struct vm_area_struct *vma, return 1; } =20 @@ -70584,8 +69116,8 @@ index 2316840..b418671 100644 + /* * Hugetlb_cow() should be called with page lock of the original hugepa= ge held. - */ -@@ -2450,6 +2471,11 @@ retry_avoidcopy: + * Called with hugetlb_instantiation_mutex held and pte_page locked so = we +@@ -2459,6 +2480,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -70597,7 +69129,7 @@ index 2316840..b418671 100644 /* Make the old page be freed below */ new_page =3D old_page; mmu_notifier_invalidate_range_end(mm, -@@ -2601,6 +2627,10 @@ retry: +@@ -2613,6 +2639,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); =20 @@ -70608,7 +69140,7 @@ index 2316840..b418671 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret =3D hugetlb_cow(mm, vma, address, ptep, new_pte, page); -@@ -2630,6 +2660,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm= _area_struct *vma, +@@ -2642,6 +2672,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm= _area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h =3D hstate_vma(vma); =20 @@ -70616,10 +69148,10 @@ index 2316840..b418671 100644 + struct vm_area_struct *vma_m; +#endif + + address &=3D huge_page_mask(h); +=20 ptep =3D huge_pte_offset(mm, address); - if (ptep) { - entry =3D huge_ptep_get(ptep); -@@ -2641,6 +2675,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm= _area_struct *vma, +@@ -2655,6 +2689,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm= _area_struct *vma, VM_FAULT_SET_HINDEX(h - hstates); } =20 @@ -70659,10 +69191,10 @@ index 2189af4..f2ca332 100644 #ifdef CONFIG_MEMORY_FAILURE extern bool is_free_buddy_page(struct page *page); diff --git a/mm/kmemleak.c b/mm/kmemleak.c -index f3b2a00..61da94d 100644 +index 45eb621..6ccd8ea 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c -@@ -357,7 +357,7 @@ static void print_unreferenced(struct seq_file *seq, +@@ -363,7 +363,7 @@ static void print_unreferenced(struct seq_file *seq, =20 for (i =3D 0; i < object->trace_len; i++) { void *ptr =3D (void *)object->trace[i]; @@ -70774,7 +69306,7 @@ index 74bf193..feb6fd3 100644 if (end =3D=3D start) goto out; diff --git a/mm/memory-failure.c b/mm/memory-failure.c -index 06d3479..0778eef 100644 +index 56080ea..115071e 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly =3D= 0; @@ -70859,7 +69391,7 @@ index 06d3479..0778eef 100644 /* keep elevated page count for bad page */ return ret; diff --git a/mm/memory.c b/mm/memory.c -index 829d437..3d3926a 100644 +index fa2f04e..a8a40c8 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -457,8 +457,12 @@ static inline void free_pmd_range(struct mmu_gather= *tlb, pud_t *pud, @@ -70888,7 +69420,7 @@ index 829d437..3d3926a 100644 } =20 /* -@@ -1566,12 +1573,6 @@ no_page_table: +@@ -1585,12 +1592,6 @@ no_page_table: return page; } =20 @@ -70901,7 +69433,7 @@ index 829d437..3d3926a 100644 /** * __get_user_pages() - pin user pages in memory * @tsk: task_struct of target task -@@ -1644,10 +1645,10 @@ int __get_user_pages(struct task_struct *tsk, st= ruct mm_struct *mm, +@@ -1663,10 +1664,10 @@ int __get_user_pages(struct task_struct *tsk, st= ruct mm_struct *mm, (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE); i =3D 0; =20 @@ -70914,7 +69446,7 @@ index 829d437..3d3926a 100644 if (!vma && in_gate_area(mm, start)) { unsigned long pg =3D start & PAGE_MASK; pgd_t *pgd; -@@ -1695,7 +1696,7 @@ int __get_user_pages(struct task_struct *tsk, stru= ct mm_struct *mm, +@@ -1714,7 +1715,7 @@ int __get_user_pages(struct task_struct *tsk, stru= ct mm_struct *mm, goto next_page; } =20 @@ -70923,7 +69455,7 @@ index 829d437..3d3926a 100644 (vma->vm_flags & (VM_IO | VM_PFNMAP)) || !(vm_flags & vma->vm_flags)) return i ? : -EFAULT; -@@ -1722,11 +1723,6 @@ int __get_user_pages(struct task_struct *tsk, str= uct mm_struct *mm, +@@ -1741,11 +1742,6 @@ int __get_user_pages(struct task_struct *tsk, str= uct mm_struct *mm, int ret; unsigned int fault_flags =3D 0; =20 @@ -70935,7 +69467,7 @@ index 829d437..3d3926a 100644 if (foll_flags & FOLL_WRITE) fault_flags |=3D FAULT_FLAG_WRITE; if (nonblocking) -@@ -1800,7 +1796,7 @@ next_page: +@@ -1819,7 +1815,7 @@ next_page: start +=3D PAGE_SIZE; nr_pages--; } while (nr_pages && start < vma->vm_end); @@ -70944,7 +69476,7 @@ index 829d437..3d3926a 100644 return i; } EXPORT_SYMBOL(__get_user_pages); -@@ -2007,6 +2003,10 @@ static int insert_page(struct vm_area_struct *vma= , unsigned long addr, +@@ -2026,6 +2022,10 @@ static int insert_page(struct vm_area_struct *vma= , unsigned long addr, page_add_file_rmap(page); set_pte_at(mm, addr, pte, mk_pte(page, prot)); =20 @@ -70955,7 +69487,7 @@ index 829d437..3d3926a 100644 retval =3D 0; pte_unmap_unlock(pte, ptl); return retval; -@@ -2041,10 +2041,22 @@ out: +@@ -2060,10 +2060,22 @@ out: int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, struct page *page) { @@ -70978,7 +69510,7 @@ index 829d437..3d3926a 100644 vma->vm_flags |=3D VM_INSERTPAGE; return insert_page(vma, addr, page, vma->vm_page_prot); } -@@ -2130,6 +2142,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, un= signed long addr, +@@ -2149,6 +2161,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, un= signed long addr, unsigned long pfn) { BUG_ON(!(vma->vm_flags & VM_MIXEDMAP)); @@ -70986,7 +69518,7 @@ index 829d437..3d3926a 100644 =20 if (addr < vma->vm_start || addr >=3D vma->vm_end) return -EFAULT; -@@ -2445,6 +2458,186 @@ static inline void cow_user_page(struct page *ds= t, struct page *src, unsigned lo +@@ -2464,6 +2477,186 @@ static inline void cow_user_page(struct page *ds= t, struct page *src, unsigned lo copy_user_highpage(dst, src, va, vma); } =20 @@ -71173,7 +69705,7 @@ index 829d437..3d3926a 100644 /* * This routine handles present pages, when users try to write * to a shared page. It is done by copying the page to a new address -@@ -2656,6 +2849,12 @@ gotten: +@@ -2675,6 +2868,12 @@ gotten: */ page_table =3D pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { @@ -71186,7 +69718,7 @@ index 829d437..3d3926a 100644 if (old_page) { if (!PageAnon(old_page)) { dec_mm_counter_fast(mm, MM_FILEPAGES); -@@ -2707,6 +2906,10 @@ gotten: +@@ -2726,6 +2925,10 @@ gotten: page_remove_rmap(old_page); } =20 @@ -71197,7 +69729,7 @@ index 829d437..3d3926a 100644 /* Free the old page.. */ new_page =3D old_page; ret |=3D VM_FAULT_WRITE; -@@ -2986,6 +3189,11 @@ static int do_swap_page(struct mm_struct *mm, str= uct vm_area_struct *vma, +@@ -3005,6 +3208,11 @@ static int do_swap_page(struct mm_struct *mm, str= uct vm_area_struct *vma, swap_free(entry); if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)= ) try_to_free_swap(page); @@ -71209,7 +69741,7 @@ index 829d437..3d3926a 100644 unlock_page(page); if (swapcache) { /* -@@ -3009,6 +3217,11 @@ static int do_swap_page(struct mm_struct *mm, str= uct vm_area_struct *vma, +@@ -3028,6 +3236,11 @@ static int do_swap_page(struct mm_struct *mm, str= uct vm_area_struct *vma, =20 /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -71221,7 +69753,7 @@ index 829d437..3d3926a 100644 unlock: pte_unmap_unlock(page_table, ptl); out: -@@ -3028,40 +3241,6 @@ out_release: +@@ -3047,40 +3260,6 @@ out_release: } =20 /* @@ -71262,7 +69794,7 @@ index 829d437..3d3926a 100644 * We enter with non-exclusive mmap_sem (to exclude vma changes, * but allow concurrent faults), and pte mapped but not yet locked. * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -3070,27 +3249,23 @@ static int do_anonymous_page(struct mm_struct *m= m, struct vm_area_struct *vma, +@@ -3089,27 +3268,23 @@ static int do_anonymous_page(struct mm_struct *m= m, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, unsigned int flags) { @@ -71295,7 +69827,7 @@ index 829d437..3d3926a 100644 if (unlikely(anon_vma_prepare(vma))) goto oom; page =3D alloc_zeroed_user_highpage_movable(vma, address); -@@ -3109,6 +3284,11 @@ static int do_anonymous_page(struct mm_struct *mm= , struct vm_area_struct *vma, +@@ -3128,6 +3303,11 @@ static int do_anonymous_page(struct mm_struct *mm= , struct vm_area_struct *vma, if (!pte_none(*page_table)) goto release; =20 @@ -71307,7 +69839,7 @@ index 829d437..3d3926a 100644 inc_mm_counter_fast(mm, MM_ANONPAGES); page_add_new_anon_rmap(page, vma, address); setpte: -@@ -3116,6 +3296,12 @@ setpte: +@@ -3135,6 +3315,12 @@ setpte: =20 /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -71320,7 +69852,7 @@ index 829d437..3d3926a 100644 unlock: pte_unmap_unlock(page_table, ptl); return 0; -@@ -3259,6 +3445,12 @@ static int __do_fault(struct mm_struct *mm, struc= t vm_area_struct *vma, +@@ -3278,6 +3464,12 @@ static int __do_fault(struct mm_struct *mm, struc= t vm_area_struct *vma, */ /* Only go through if we didn't race with anybody else... */ if (likely(pte_same(*page_table, orig_pte))) { @@ -71333,7 +69865,7 @@ index 829d437..3d3926a 100644 flush_icache_page(vma, page); entry =3D mk_pte(page, vma->vm_page_prot); if (flags & FAULT_FLAG_WRITE) -@@ -3278,6 +3470,14 @@ static int __do_fault(struct mm_struct *mm, struc= t vm_area_struct *vma, +@@ -3297,6 +3489,14 @@ static int __do_fault(struct mm_struct *mm, struc= t vm_area_struct *vma, =20 /* no need to invalidate: a not-present page won't be cached */ update_mmu_cache(vma, address, page_table); @@ -71348,7 +69880,7 @@ index 829d437..3d3926a 100644 } else { if (cow_page) mem_cgroup_uncharge_page(cow_page); -@@ -3431,6 +3631,12 @@ int handle_pte_fault(struct mm_struct *mm, +@@ -3450,6 +3650,12 @@ int handle_pte_fault(struct mm_struct *mm, if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } @@ -71361,7 +69893,7 @@ index 829d437..3d3926a 100644 unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -3447,6 +3653,10 @@ int handle_mm_fault(struct mm_struct *mm, struct = vm_area_struct *vma, +@@ -3466,6 +3672,10 @@ int handle_mm_fault(struct mm_struct *mm, struct = vm_area_struct *vma, pmd_t *pmd; pte_t *pte; =20 @@ -71372,7 +69904,7 @@ index 829d437..3d3926a 100644 __set_current_state(TASK_RUNNING); =20 count_vm_event(PGFAULT); -@@ -3458,6 +3668,34 @@ int handle_mm_fault(struct mm_struct *mm, struct = vm_area_struct *vma, +@@ -3477,6 +3687,34 @@ int handle_mm_fault(struct mm_struct *mm, struct = vm_area_struct *vma, if (unlikely(is_vm_hugetlb_page(vma))) return hugetlb_fault(mm, vma, address, flags); =20 @@ -71407,7 +69939,7 @@ index 829d437..3d3926a 100644 pgd =3D pgd_offset(mm, address); pud =3D pud_alloc(mm, pgd, address); if (!pud) -@@ -3487,7 +3725,7 @@ int handle_mm_fault(struct mm_struct *mm, struct v= m_area_struct *vma, +@@ -3506,7 +3744,7 @@ int handle_mm_fault(struct mm_struct *mm, struct v= m_area_struct *vma, * run pte_offset_map on the pmd, if an huge pmd could * materialize from under us from a different thread. */ @@ -71416,7 +69948,7 @@ index 829d437..3d3926a 100644 return VM_FAULT_OOM; /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) -@@ -3591,7 +3829,7 @@ static int __init gate_vma_init(void) +@@ -3610,7 +3848,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start =3D FIXADDR_USER_START; gate_vma.vm_end =3D FIXADDR_USER_END; gate_vma.vm_flags =3D VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -71426,7 +69958,7 @@ index 829d437..3d3926a 100644 * Make sure the vDSO gets into every core dump. * Dumping its contents makes post-mortem fully interpretable later diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index c3fdbcb..2e8ef90 100644 +index 47296fe..5c3d263 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -640,6 +640,10 @@ static int mbind_range(struct mm_struct *mm, unsign= ed long start, @@ -71437,10 +69969,10 @@ index c3fdbcb..2e8ef90 100644 + struct vm_area_struct *vma_m; +#endif + - vma =3D find_vma_prev(mm, start, &prev); + vma =3D find_vma(mm, start); if (!vma || vma->vm_start > start) return -EFAULT; -@@ -678,6 +682,16 @@ static int mbind_range(struct mm_struct *mm, unsign= ed long start, +@@ -679,6 +683,16 @@ static int mbind_range(struct mm_struct *mm, unsign= ed long start, err =3D policy_vma(vma, new_pol); if (err) goto out; @@ -71457,7 +69989,7 @@ index c3fdbcb..2e8ef90 100644 } =20 out: -@@ -1111,6 +1125,17 @@ static long do_mbind(unsigned long start, unsigne= d long len, +@@ -1112,6 +1126,17 @@ static long do_mbind(unsigned long start, unsigne= d long len, =20 if (end < start) return -EINVAL; @@ -71475,7 +70007,7 @@ index c3fdbcb..2e8ef90 100644 if (end =3D=3D start) return 0; =20 -@@ -1329,6 +1354,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsign= ed long, maxnode, +@@ -1330,6 +1355,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsign= ed long, maxnode, if (!mm) goto out; =20 @@ -71490,7 +70022,7 @@ index c3fdbcb..2e8ef90 100644 /* * Check if this process has the right to modify the specified * process. The right exists if the process has administrative -@@ -1338,8 +1371,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigne= d long, maxnode, +@@ -1339,8 +1372,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigne= d long, maxnode, rcu_read_lock(); tcred =3D __task_cred(task); if (cred->euid !=3D tcred->suid && cred->euid !=3D tcred->uid && @@ -71501,10 +70033,10 @@ index c3fdbcb..2e8ef90 100644 err =3D -EPERM; goto out; diff --git a/mm/migrate.c b/mm/migrate.c -index 177aca4..ab3a744 100644 +index 1503b6b..156c672 100644 --- a/mm/migrate.c +++ b/mm/migrate.c -@@ -1313,6 +1313,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned = long, nr_pages, +@@ -1370,6 +1370,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned = long, nr_pages, if (!mm) return -EINVAL; =20 @@ -71519,7 +70051,7 @@ index 177aca4..ab3a744 100644 /* * Check if this process has the right to modify the specified * process. The right exists if the process has administrative -@@ -1322,8 +1330,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned l= ong, nr_pages, +@@ -1379,8 +1387,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned l= ong, nr_pages, rcu_read_lock(); tcred =3D __task_cred(task); if (cred->euid !=3D tcred->suid && cred->euid !=3D tcred->uid && @@ -71530,7 +70062,7 @@ index 177aca4..ab3a744 100644 err =3D -EPERM; goto out; diff --git a/mm/mlock.c b/mm/mlock.c -index 4f4f53b..9511904 100644 +index ef726e8..13e0901 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -13,6 +13,7 @@ @@ -71548,10 +70080,10 @@ index 4f4f53b..9511904 100644 + if (end > TASK_SIZE) + return -EINVAL; + - vma =3D find_vma_prev(current->mm, start, &prev); + vma =3D find_vma(current->mm, start); if (!vma || vma->vm_start > start) return -ENOMEM; -@@ -395,6 +399,11 @@ static int do_mlock(unsigned long start, size_t len= , int on) +@@ -396,6 +400,11 @@ static int do_mlock(unsigned long start, size_t len= , int on) for (nstart =3D start ; ; ) { vm_flags_t newflags; =20 @@ -71563,7 +70095,7 @@ index 4f4f53b..9511904 100644 /* Here we know that vma->vm_start <=3D nstart < vma->vm_end. */ =20 newflags =3D vma->vm_flags | VM_LOCKED; -@@ -500,6 +509,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t,= len) +@@ -501,6 +510,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t,= len) lock_limit >>=3D PAGE_SHIFT; =20 /* check against resource limits */ @@ -71571,7 +70103,7 @@ index 4f4f53b..9511904 100644 if ((locked <=3D lock_limit) || capable(CAP_IPC_LOCK)) error =3D do_mlock(start, len, 1); up_write(¤t->mm->mmap_sem); -@@ -523,17 +533,23 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, siz= e_t, len) +@@ -524,17 +534,23 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, siz= e_t, len) static int do_mlockall(int flags) { struct vm_area_struct * vma, * prev =3D NULL; @@ -71598,7 +70130,7 @@ index 4f4f53b..9511904 100644 newflags =3D vma->vm_flags | VM_LOCKED; if (!(flags & MCL_CURRENT)) newflags &=3D ~VM_LOCKED; -@@ -566,6 +582,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) +@@ -567,6 +583,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) lock_limit >>=3D PAGE_SHIFT; =20 ret =3D -ENOMEM; @@ -71607,7 +70139,7 @@ index 4f4f53b..9511904 100644 capable(CAP_IPC_LOCK)) ret =3D do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index eae90af..c930262 100644 +index da15a79..2e3d9ff 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -46,6 +46,16 @@ @@ -71941,18 +70473,7 @@ index eae90af..c930262 100644 vma->vm_mm =3D mm; vma->vm_start =3D addr; vma->vm_end =3D addr + len; -@@ -1266,8 +1397,9 @@ munmap_back: - vma->vm_pgoff =3D pgoff; - INIT_LIST_HEAD(&vma->anon_vma_chain); -=20 -+ error =3D -EINVAL; /* when rejecting VM_GROWSDOWN|VM_GROWSUP */ -+ - if (file) { -- error =3D -EINVAL; - if (vm_flags & (VM_GROWSDOWN|VM_GROWSUP)) - goto free_vma; - if (vm_flags & VM_DENYWRITE) { -@@ -1281,6 +1413,19 @@ munmap_back: +@@ -1282,6 +1413,19 @@ munmap_back: error =3D file->f_op->mmap(file, vma); if (error) goto unmap_and_free_vma; @@ -71972,16 +70493,7 @@ index eae90af..c930262 100644 if (vm_flags & VM_EXECUTABLE) added_exe_file_vma(mm); =20 -@@ -1293,6 +1438,8 @@ munmap_back: - pgoff =3D vma->vm_pgoff; - vm_flags =3D vma->vm_flags; - } else if (vm_flags & VM_SHARED) { -+ if (unlikely(vm_flags & (VM_GROWSDOWN|VM_GROWSUP))) -+ goto free_vma; - error =3D shmem_zero_setup(vma); - if (error) - goto free_vma; -@@ -1316,6 +1463,11 @@ munmap_back: +@@ -1319,6 +1463,11 @@ munmap_back: vma_link(mm, vma, prev, rb_link, rb_parent); file =3D vma->vm_file; =20 @@ -71993,7 +70505,7 @@ index eae90af..c930262 100644 /* Once vma denies write, undo our temporary denial count */ if (correct_wcount) atomic_inc(&inode->i_writecount); -@@ -1324,6 +1476,7 @@ out: +@@ -1327,6 +1476,7 @@ out: =20 mm->total_vm +=3D len >> PAGE_SHIFT; vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); @@ -72001,7 +70513,7 @@ index eae90af..c930262 100644 if (vm_flags & VM_LOCKED) { if (!mlock_vma_pages_range(vma, addr, addr + len)) mm->locked_vm +=3D (len >> PAGE_SHIFT); -@@ -1341,6 +1494,12 @@ unmap_and_free_vma: +@@ -1344,6 +1494,12 @@ unmap_and_free_vma: unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); charged =3D 0; free_vma: @@ -72014,7 +70526,7 @@ index eae90af..c930262 100644 kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1348,6 +1507,44 @@ unacct_error: +@@ -1351,6 +1507,44 @@ unacct_error: return error; } =20 @@ -72059,7 +70571,7 @@ index eae90af..c930262 100644 /* Get an address range which is currently unmapped. * For shmat() with addr=3D0. * -@@ -1374,18 +1571,23 @@ arch_get_unmapped_area(struct file *filp, unsign= ed long addr, +@@ -1377,18 +1571,23 @@ arch_get_unmapped_area(struct file *filp, unsign= ed long addr, if (flags & MAP_FIXED) return addr; =20 @@ -72090,7 +70602,7 @@ index eae90af..c930262 100644 } =20 full_search: -@@ -1396,34 +1598,40 @@ full_search: +@@ -1399,34 +1598,40 @@ full_search: * Start a new search - just in case we missed * some holes. */ @@ -72142,7 +70654,7 @@ index eae90af..c930262 100644 mm->free_area_cache =3D addr; mm->cached_hole_size =3D ~0UL; } -@@ -1441,7 +1649,7 @@ arch_get_unmapped_area_topdown(struct file *filp, = const unsigned long addr0, +@@ -1444,7 +1649,7 @@ arch_get_unmapped_area_topdown(struct file *filp, = const unsigned long addr0, { struct vm_area_struct *vma; struct mm_struct *mm =3D current->mm; @@ -72151,7 +70663,7 @@ index eae90af..c930262 100644 =20 /* requested length too big for entire address space */ if (len > TASK_SIZE) -@@ -1450,13 +1658,18 @@ arch_get_unmapped_area_topdown(struct file *filp= , const unsigned long addr0, +@@ -1453,13 +1658,18 @@ arch_get_unmapped_area_topdown(struct file *filp= , const unsigned long addr0, if (flags & MAP_FIXED) return addr; =20 @@ -72174,7 +70686,7 @@ index eae90af..c930262 100644 } =20 /* check if free_area_cache is useful for us */ -@@ -1471,7 +1684,7 @@ arch_get_unmapped_area_topdown(struct file *filp, = const unsigned long addr0, +@@ -1474,7 +1684,7 @@ arch_get_unmapped_area_topdown(struct file *filp, = const unsigned long addr0, /* make sure it can fit in the remaining address space */ if (addr > len) { vma =3D find_vma(mm, addr-len); @@ -72183,7 +70695,7 @@ index eae90af..c930262 100644 /* remember the address as a hint for next time */ return (mm->free_area_cache =3D addr-len); } -@@ -1488,7 +1701,7 @@ arch_get_unmapped_area_topdown(struct file *filp, = const unsigned long addr0, +@@ -1491,7 +1701,7 @@ arch_get_unmapped_area_topdown(struct file *filp, = const unsigned long addr0, * return with success: */ vma =3D find_vma(mm, addr); @@ -72192,7 +70704,7 @@ index eae90af..c930262 100644 /* remember the address as a hint for next time */ return (mm->free_area_cache =3D addr); =20 -@@ -1497,8 +1710,8 @@ arch_get_unmapped_area_topdown(struct file *filp, = const unsigned long addr0, +@@ -1500,8 +1710,8 @@ arch_get_unmapped_area_topdown(struct file *filp, = const unsigned long addr0, mm->cached_hole_size =3D vma->vm_start - addr; =20 /* try just below the current vma->vm_start */ @@ -72203,7 +70715,7 @@ index eae90af..c930262 100644 =20 bottomup: /* -@@ -1507,13 +1720,21 @@ bottomup: +@@ -1510,13 +1720,21 @@ bottomup: * can happen with large stack limits and large mmap() * allocations. */ @@ -72227,7 +70739,7 @@ index eae90af..c930262 100644 mm->cached_hole_size =3D ~0UL; =20 return addr; -@@ -1522,6 +1743,12 @@ bottomup: +@@ -1525,6 +1743,12 @@ bottomup: =20 void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) { @@ -72240,7 +70752,7 @@ index eae90af..c930262 100644 /* * Is this a new hole at the highest possible address? */ -@@ -1529,8 +1756,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm= , unsigned long addr) +@@ -1532,8 +1756,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm= , unsigned long addr) mm->free_area_cache =3D addr; =20 /* dont allow allocations above current base */ @@ -72252,63 +70764,15 @@ index eae90af..c930262 100644 } =20 unsigned long -@@ -1603,40 +1832,50 @@ struct vm_area_struct *find_vma(struct mm_struct= *mm, unsigned long addr) -=20 - EXPORT_SYMBOL(find_vma); +@@ -1629,6 +1855,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long= addr, + return vma; + } =20 --/* Same as find_vma, but also return a pointer to the previous VMA in *= pprev. */ -+/* -+ * Same as find_vma, but also return a pointer to the previous VMA in *= pprev. -+ */ - struct vm_area_struct * - find_vma_prev(struct mm_struct *mm, unsigned long addr, - struct vm_area_struct **pprev) - { -- struct vm_area_struct *vma =3D NULL, *prev =3D NULL; -- struct rb_node *rb_node; -- if (!mm) -- goto out; -- -- /* Guard against addr being lower than the first VMA */ -- vma =3D mm->mmap; -- -- /* Go through the RB tree quickly. */ -- rb_node =3D mm->mm_rb.rb_node; -- -- while (rb_node) { -- struct vm_area_struct *vma_tmp; -- vma_tmp =3D rb_entry(rb_node, struct vm_area_struct, vm_rb); -- -- if (addr < vma_tmp->vm_end) { -- rb_node =3D rb_node->rb_left; -- } else { -- prev =3D vma_tmp; -- if (!prev->vm_next || (addr < prev->vm_next->vm_end)) -- break; -+ struct vm_area_struct *vma; -+ -+ vma =3D find_vma(mm, addr); -+ if (vma) { -+ *pprev =3D vma->vm_prev; -+ } else { -+ struct rb_node *rb_node =3D mm->mm_rb.rb_node; -+ *pprev =3D NULL; -+ while (rb_node) { -+ *pprev =3D rb_entry(rb_node, struct vm_area_struct, vm_rb); - rb_node =3D rb_node->rb_right; - } - } -+ return vma; -+} -+ +#ifdef CONFIG_PAX_SEGMEXEC +struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma) +{ + struct vm_area_struct *vma_m; -=20 --out: -- *pprev =3D prev; -- return prev ? prev->vm_next : vma; ++ + BUG_ON(!vma || vma->vm_start >=3D vma->vm_end); + if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM= _EXEC)) { + BUG_ON(vma->vm_mirror); @@ -72323,12 +70787,13 @@ index eae90af..c930262 100644 + BUG_ON(vma->anon_vma !=3D vma_m->anon_vma && vma->anon_vma->root !=3D = vma_m->anon_vma->root); + BUG_ON((vma->vm_flags ^ vma_m->vm_flags) & ~(VM_WRITE | VM_MAYWRITE | = VM_ACCOUNT | VM_LOCKED | VM_RESERVED)); + return vma_m; - } ++} +#endif -=20 ++ /* * Verify that the stack growth is acceptable and -@@ -1654,6 +1893,7 @@ static int acct_stack_growth(struct vm_area_struct= *vma, unsigned long size, uns + * update accounting. This is shared with both the +@@ -1645,6 +1893,7 @@ static int acct_stack_growth(struct vm_area_struct= *vma, unsigned long size, uns return -ENOMEM; =20 /* Stack limit test */ @@ -72336,7 +70801,7 @@ index eae90af..c930262 100644 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; =20 -@@ -1664,6 +1904,7 @@ static int acct_stack_growth(struct vm_area_struct= *vma, unsigned long size, uns +@@ -1655,6 +1904,7 @@ static int acct_stack_growth(struct vm_area_struct= *vma, unsigned long size, uns locked =3D mm->locked_vm + grow; limit =3D ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>=3D PAGE_SHIFT; @@ -72344,7 +70809,7 @@ index eae90af..c930262 100644 if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -1694,37 +1935,48 @@ static int acct_stack_growth(struct vm_area_stru= ct *vma, unsigned long size, uns +@@ -1685,37 +1935,48 @@ static int acct_stack_growth(struct vm_area_stru= ct *vma, unsigned long size, uns * PA-RISC uses this for its stack; IA64 for its Register Backing Store= . * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -72402,7 +70867,7 @@ index eae90af..c930262 100644 unsigned long size, grow; =20 size =3D address - vma->vm_start; -@@ -1739,6 +1991,8 @@ int expand_upwards(struct vm_area_struct *vma, uns= igned long address) +@@ -1730,6 +1991,8 @@ int expand_upwards(struct vm_area_struct *vma, uns= igned long address) } } } @@ -72411,7 +70876,7 @@ index eae90af..c930262 100644 vma_unlock_anon_vma(vma); khugepaged_enter_vma_merge(vma); return error; -@@ -1752,6 +2006,8 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1743,6 +2006,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) { int error; @@ -72420,7 +70885,7 @@ index eae90af..c930262 100644 =20 /* * We must make sure the anon_vma is allocated -@@ -1765,6 +2021,15 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1756,6 +2021,15 @@ int expand_downwards(struct vm_area_struct *vma, if (error) return error; =20 @@ -72436,7 +70901,7 @@ index eae90af..c930262 100644 vma_lock_anon_vma(vma); =20 /* -@@ -1774,9 +2039,17 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1765,9 +2039,17 @@ int expand_downwards(struct vm_area_struct *vma, */ =20 /* Somebody else might have raced and expanded it already */ @@ -72455,7 +70920,7 @@ index eae90af..c930262 100644 size =3D vma->vm_end - address; grow =3D (vma->vm_start - address) >> PAGE_SHIFT; =20 -@@ -1786,11 +2059,22 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1777,11 +2059,22 @@ int expand_downwards(struct vm_area_struct *vma, if (!error) { vma->vm_start =3D address; vma->vm_pgoff -=3D grow; @@ -72478,7 +70943,7 @@ index eae90af..c930262 100644 khugepaged_enter_vma_merge(vma); return error; } -@@ -1860,6 +2144,13 @@ static void remove_vma_list(struct mm_struct *mm,= struct vm_area_struct *vma) +@@ -1851,6 +2144,13 @@ static void remove_vma_list(struct mm_struct *mm,= struct vm_area_struct *vma) do { long nrpages =3D vma_pages(vma); =20 @@ -72492,7 +70957,7 @@ index eae90af..c930262 100644 mm->total_vm -=3D nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); vma =3D remove_vma(vma); -@@ -1905,6 +2196,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, = struct vm_area_struct *vma, +@@ -1896,6 +2196,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, = struct vm_area_struct *vma, insertion_point =3D (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev =3D NULL; do { @@ -72509,7 +70974,7 @@ index eae90af..c930262 100644 rb_erase(&vma->vm_rb, &mm->mm_rb); mm->map_count--; tail_vma =3D vma; -@@ -1933,14 +2234,33 @@ static int __split_vma(struct mm_struct * mm, st= ruct vm_area_struct * vma, +@@ -1924,14 +2234,33 @@ static int __split_vma(struct mm_struct * mm, st= ruct vm_area_struct * vma, struct vm_area_struct *new; int err =3D -ENOMEM; =20 @@ -72543,7 +71008,7 @@ index eae90af..c930262 100644 /* most fields are the same, copy all, and then fixup */ *new =3D *vma; =20 -@@ -1953,6 +2273,22 @@ static int __split_vma(struct mm_struct * mm, str= uct vm_area_struct * vma, +@@ -1944,6 +2273,22 @@ static int __split_vma(struct mm_struct * mm, str= uct vm_area_struct * vma, new->vm_pgoff +=3D ((addr - vma->vm_start) >> PAGE_SHIFT); } =20 @@ -72566,7 +71031,7 @@ index eae90af..c930262 100644 pol =3D mpol_dup(vma_policy(vma)); if (IS_ERR(pol)) { err =3D PTR_ERR(pol); -@@ -1978,6 +2314,42 @@ static int __split_vma(struct mm_struct * mm, str= uct vm_area_struct * vma, +@@ -1969,6 +2314,42 @@ static int __split_vma(struct mm_struct * mm, str= uct vm_area_struct * vma, else err =3D vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); =20 @@ -72609,7 +71074,7 @@ index eae90af..c930262 100644 /* Success. */ if (!err) return 0; -@@ -1990,10 +2362,18 @@ static int __split_vma(struct mm_struct * mm, st= ruct vm_area_struct * vma, +@@ -1981,10 +2362,18 @@ static int __split_vma(struct mm_struct * mm, st= ruct vm_area_struct * vma, removed_exe_file_vma(mm); fput(new->vm_file); } @@ -72629,7 +71094,7 @@ index eae90af..c930262 100644 kmem_cache_free(vm_area_cachep, new); out_err: return err; -@@ -2006,6 +2386,15 @@ static int __split_vma(struct mm_struct * mm, str= uct vm_area_struct * vma, +@@ -1997,6 +2386,15 @@ static int __split_vma(struct mm_struct * mm, str= uct vm_area_struct * vma, int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -72645,7 +71110,7 @@ index eae90af..c930262 100644 if (mm->map_count >=3D sysctl_max_map_count) return -ENOMEM; =20 -@@ -2017,11 +2406,30 @@ int split_vma(struct mm_struct *mm, struct vm_ar= ea_struct *vma, +@@ -2008,11 +2406,30 @@ int split_vma(struct mm_struct *mm, struct vm_ar= ea_struct *vma, * work. This now handles partial unmappings. * Jeremy Fitzhardinge */ @@ -72676,7 +71141,7 @@ index eae90af..c930262 100644 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start= ) return -EINVAL; =20 -@@ -2096,6 +2504,8 @@ int do_munmap(struct mm_struct *mm, unsigned long = start, size_t len) +@@ -2087,6 +2504,8 @@ int do_munmap(struct mm_struct *mm, unsigned long = start, size_t len) /* Fix up all other VM information */ remove_vma_list(mm, vma); =20 @@ -72685,7 +71150,7 @@ index eae90af..c930262 100644 return 0; } =20 -@@ -2108,22 +2518,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, siz= e_t, len) +@@ -2099,22 +2518,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, siz= e_t, len) =20 profile_munmap(addr); =20 @@ -72714,7 +71179,7 @@ index eae90af..c930262 100644 /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2137,6 +2543,7 @@ unsigned long do_brk(unsigned long addr, unsigned = long len) +@@ -2128,6 +2543,7 @@ unsigned long do_brk(unsigned long addr, unsigned = long len) struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff =3D addr >> PAGE_SHIFT; int error; @@ -72722,7 +71187,7 @@ index eae90af..c930262 100644 =20 len =3D PAGE_ALIGN(len); if (!len) -@@ -2148,16 +2555,30 @@ unsigned long do_brk(unsigned long addr, unsigne= d long len) +@@ -2139,16 +2555,30 @@ unsigned long do_brk(unsigned long addr, unsigne= d long len) =20 flags =3D VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; =20 @@ -72754,7 +71219,7 @@ index eae90af..c930262 100644 locked +=3D mm->locked_vm; lock_limit =3D rlimit(RLIMIT_MEMLOCK); lock_limit >>=3D PAGE_SHIFT; -@@ -2174,22 +2595,22 @@ unsigned long do_brk(unsigned long addr, unsigne= d long len) +@@ -2165,22 +2595,22 @@ unsigned long do_brk(unsigned long addr, unsigne= d long len) /* * Clear old maps. this also does some error checking for us */ @@ -72781,7 +71246,7 @@ index eae90af..c930262 100644 return -ENOMEM; =20 /* Can we just expand an old private anonymous mapping? */ -@@ -2203,7 +2624,7 @@ unsigned long do_brk(unsigned long addr, unsigned = long len) +@@ -2194,7 +2624,7 @@ unsigned long do_brk(unsigned long addr, unsigned = long len) */ vma =3D kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -72790,7 +71255,7 @@ index eae90af..c930262 100644 return -ENOMEM; } =20 -@@ -2217,11 +2638,12 @@ unsigned long do_brk(unsigned long addr, unsigne= d long len) +@@ -2208,11 +2638,12 @@ unsigned long do_brk(unsigned long addr, unsigne= d long len) vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); @@ -72805,7 +71270,7 @@ index eae90af..c930262 100644 return addr; } =20 -@@ -2268,8 +2690,10 @@ void exit_mmap(struct mm_struct *mm) +@@ -2259,8 +2690,10 @@ void exit_mmap(struct mm_struct *mm) * Walk the list again, actually closing and freeing it, * with preemption enabled, without holding any MM locks. */ @@ -72817,7 +71282,7 @@ index eae90af..c930262 100644 =20 BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT); } -@@ -2283,6 +2707,13 @@ int insert_vm_struct(struct mm_struct * mm, struc= t vm_area_struct * vma) +@@ -2274,6 +2707,13 @@ int insert_vm_struct(struct mm_struct * mm, struc= t vm_area_struct * vma) struct vm_area_struct * __vma, * prev; struct rb_node ** rb_link, * rb_parent; =20 @@ -72831,7 +71296,7 @@ index eae90af..c930262 100644 /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2305,7 +2736,22 @@ int insert_vm_struct(struct mm_struct * mm, struc= t vm_area_struct * vma) +@@ -2296,7 +2736,22 @@ int insert_vm_struct(struct mm_struct * mm, struc= t vm_area_struct * vma) if ((vma->vm_flags & VM_ACCOUNT) && security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -72854,16 +71319,16 @@ index eae90af..c930262 100644 return 0; } =20 -@@ -2323,6 +2769,8 @@ struct vm_area_struct *copy_vma(struct vm_area_str= uct **vmap, - struct rb_node **rb_link, *rb_parent; +@@ -2315,6 +2770,8 @@ struct vm_area_struct *copy_vma(struct vm_area_str= uct **vmap, struct mempolicy *pol; + bool faulted_in_anon_vma =3D true; =20 + BUG_ON(vma->vm_mirror); + /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2373,6 +2821,39 @@ struct vm_area_struct *copy_vma(struct vm_area_st= ruct **vmap, +@@ -2382,6 +2839,39 @@ struct vm_area_struct *copy_vma(struct vm_area_st= ruct **vmap, return NULL; } =20 @@ -72903,7 +71368,7 @@ index eae90af..c930262 100644 /* * Return true if the calling process may expand its vm space by the pa= ssed * number of pages -@@ -2383,7 +2864,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned l= ong npages) +@@ -2392,7 +2882,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned l= ong npages) unsigned long lim; =20 lim =3D rlimit(RLIMIT_AS) >> PAGE_SHIFT; @@ -72912,7 +71377,7 @@ index eae90af..c930262 100644 if (cur + npages > lim) return 0; return 1; -@@ -2454,6 +2935,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2463,6 +2953,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start =3D addr; vma->vm_end =3D addr + len; =20 @@ -72936,7 +71401,7 @@ index eae90af..c930262 100644 vma->vm_page_prot =3D vm_get_page_prot(vma->vm_flags); =20 diff --git a/mm/mprotect.c b/mm/mprotect.c -index 5a688a2..27e031c 100644 +index f437d05..e3763f6 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -23,10 +23,16 @@ @@ -73128,7 +71593,7 @@ index 5a688a2..27e031c 100644 prot |=3D PROT_EXEC; =20 vm_flags =3D calc_vm_prot_bits(prot); -@@ -287,6 +412,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, siz= e_t, len, +@@ -288,6 +413,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, siz= e_t, len, if (start > vma->vm_start) prev =3D vma; =20 @@ -73140,7 +71605,7 @@ index 5a688a2..27e031c 100644 for (nstart =3D start ; ; ) { unsigned long newflags; =20 -@@ -296,6 +426,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, siz= e_t, len, +@@ -297,6 +427,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, siz= e_t, len, =20 /* newflags >> 4 shift VM_MAY% in place of VM_% */ if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) { @@ -73155,7 +71620,7 @@ index 5a688a2..27e031c 100644 error =3D -EACCES; goto out; } -@@ -310,6 +448,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size= _t, len, +@@ -311,6 +449,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size= _t, len, error =3D mprotect_fixup(vma, &prev, nstart, tmp, newflags); if (error) goto out; @@ -73166,7 +71631,7 @@ index 5a688a2..27e031c 100644 =20 if (nstart < prev->vm_end) diff --git a/mm/mremap.c b/mm/mremap.c -index d6959cb..18a402a 100644 +index 87bb839..c3bfadb 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -106,6 +106,12 @@ static void move_ptes(struct vm_area_struct *vma, p= md_t *old_pmd, @@ -73182,7 +71647,7 @@ index d6959cb..18a402a 100644 set_pte_at(mm, new_addr, new_pte, pte); } =20 -@@ -290,6 +296,11 @@ static struct vm_area_struct *vma_to_resize(unsigne= d long addr, +@@ -299,6 +305,11 @@ static struct vm_area_struct *vma_to_resize(unsigne= d long addr, if (is_vm_hugetlb_page(vma)) goto Einval; =20 @@ -73194,7 +71659,7 @@ index d6959cb..18a402a 100644 /* We can't remap across vm area boundaries */ if (old_len > vma->vm_end - addr) goto Efault; -@@ -346,20 +357,25 @@ static unsigned long mremap_to(unsigned long addr, +@@ -355,20 +366,25 @@ static unsigned long mremap_to(unsigned long addr, unsigned long ret =3D -EINVAL; unsigned long charged =3D 0; unsigned long map_flags; @@ -73225,7 +71690,7 @@ index d6959cb..18a402a 100644 goto out; =20 ret =3D security_file_mmap(NULL, 0, 0, 0, new_addr, 1); -@@ -431,6 +447,7 @@ unsigned long do_mremap(unsigned long addr, +@@ -440,6 +456,7 @@ unsigned long do_mremap(unsigned long addr, struct vm_area_struct *vma; unsigned long ret =3D -EINVAL; unsigned long charged =3D 0; @@ -73233,7 +71698,7 @@ index d6959cb..18a402a 100644 =20 if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE)) goto out; -@@ -449,6 +466,17 @@ unsigned long do_mremap(unsigned long addr, +@@ -458,6 +475,17 @@ unsigned long do_mremap(unsigned long addr, if (!new_len) goto out; =20 @@ -73251,7 +71716,7 @@ index d6959cb..18a402a 100644 if (flags & MREMAP_FIXED) { if (flags & MREMAP_MAYMOVE) ret =3D mremap_to(addr, old_len, new_addr, new_len); -@@ -498,6 +526,7 @@ unsigned long do_mremap(unsigned long addr, +@@ -507,6 +535,7 @@ unsigned long do_mremap(unsigned long addr, addr + new_len); } ret =3D addr; @@ -73259,7 +71724,7 @@ index d6959cb..18a402a 100644 goto out; } } -@@ -524,7 +553,13 @@ unsigned long do_mremap(unsigned long addr, +@@ -533,7 +562,13 @@ unsigned long do_mremap(unsigned long addr, ret =3D security_file_mmap(NULL, 0, 0, 0, new_addr, 1); if (ret) goto out; @@ -73273,43 +71738,6 @@ index d6959cb..18a402a 100644 } out: if (ret & ~PAGE_MASK) -diff --git a/mm/nobootmem.c b/mm/nobootmem.c -index 7fa41b4..6087460 100644 ---- a/mm/nobootmem.c -+++ b/mm/nobootmem.c -@@ -110,19 +110,30 @@ static void __init __free_pages_memory(unsigned lo= ng start, unsigned long end) - unsigned long __init free_all_memory_core_early(int nodeid) - { - int i; -- u64 start, end; -+ u64 start, end, startrange, endrange; - unsigned long count =3D 0; -- struct range *range =3D NULL; -+ struct range *range =3D NULL, rangerange =3D { 0, 0 }; - int nr_range; -=20 - nr_range =3D get_free_all_memory_range(&range, nodeid); -+ startrange =3D __pa(range) >> PAGE_SHIFT; -+ endrange =3D (__pa(range + nr_range) - 1) >> PAGE_SHIFT; -=20 - for (i =3D 0; i < nr_range; i++) { - start =3D range[i].start; - end =3D range[i].end; -+ if (start <=3D endrange && startrange < end) { -+ BUG_ON(rangerange.start | rangerange.end); -+ rangerange =3D range[i]; -+ continue; -+ } - count +=3D end - start; - __free_pages_memory(start, end); - } -+ start =3D rangerange.start; -+ end =3D rangerange.end; -+ count +=3D end - start; -+ __free_pages_memory(start, end); -=20 - return count; - } diff --git a/mm/nommu.c b/mm/nommu.c index f59e170..34e2a2b 100644 --- a/mm/nommu.c @@ -73347,10 +71775,10 @@ index f59e170..34e2a2b 100644 new->vm_region =3D region; =20 diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 485be89..c059ad3 100644 +index a13ded1..b949d15 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c -@@ -341,7 +341,7 @@ out: +@@ -335,7 +335,7 @@ out: * This usage means that zero-order pages may not be compound. */ =20 @@ -73359,7 +71787,7 @@ index 485be89..c059ad3 100644 { __free_pages_ok(page, compound_order(page)); } -@@ -654,6 +654,10 @@ static bool free_pages_prepare(struct page *page, u= nsigned int order) +@@ -692,6 +692,10 @@ static bool free_pages_prepare(struct page *page, u= nsigned int order) int i; int bad =3D 0; =20 @@ -73367,10 +71795,10 @@ index 485be89..c059ad3 100644 + unsigned long index =3D 1UL << order; +#endif + - trace_mm_page_free_direct(page, order); + trace_mm_page_free(page, order); kmemcheck_free_shadow(page, order); =20 -@@ -669,6 +673,12 @@ static bool free_pages_prepare(struct page *page, u= nsigned int order) +@@ -707,6 +711,12 @@ static bool free_pages_prepare(struct page *page, u= nsigned int order) debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } @@ -73383,7 +71811,7 @@ index 485be89..c059ad3 100644 arch_free_page(page, order); kernel_map_pages(page, 1 << order, 0); =20 -@@ -784,8 +794,10 @@ static int prep_new_page(struct page *page, int ord= er, gfp_t gfp_flags) +@@ -830,8 +840,10 @@ static int prep_new_page(struct page *page, int ord= er, gfp_t gfp_flags) arch_alloc_page(page, order); kernel_map_pages(page, 1 << order, 1); =20 @@ -73394,7 +71822,7 @@ index 485be89..c059ad3 100644 =20 if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); -@@ -3357,7 +3369,13 @@ static int pageblock_is_reserved(unsigned long st= art_pfn, unsigned long end_pfn) +@@ -3468,7 +3480,13 @@ static int pageblock_is_reserved(unsigned long st= art_pfn, unsigned long end_pfn) unsigned long pfn; =20 for (pfn =3D start_pfn; pfn < end_pfn; pfn++) { @@ -73409,10 +71837,10 @@ index 485be89..c059ad3 100644 } return 0; diff --git a/mm/percpu.c b/mm/percpu.c -index 716eb4a..8d10419 100644 +index f47af91..7eeef99 100644 --- a/mm/percpu.c +++ b/mm/percpu.c -@@ -121,7 +121,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly; +@@ -122,7 +122,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly; static unsigned int pcpu_high_unit_cpu __read_mostly; =20 /* the address of the first chunk which starts with the kernel static a= rea */ @@ -73422,7 +71850,7 @@ index 716eb4a..8d10419 100644 =20 static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */ diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c -index e920aa3..137702a 100644 +index c20ff48..137702a 100644 --- a/mm/process_vm_access.c +++ b/mm/process_vm_access.c @@ -13,6 +13,7 @@ @@ -73460,42 +71888,20 @@ index e920aa3..137702a 100644 } =20 if (nr_pages =3D=3D 0) -@@ -298,23 +299,23 @@ static ssize_t process_vm_rw_core(pid_t pid, const= struct iovec *lvec, +@@ -298,6 +299,11 @@ static ssize_t process_vm_rw_core(pid_t pid, const = struct iovec *lvec, goto free_proc_pages; } =20 -- task_lock(task); -- if (__ptrace_may_access(task, PTRACE_MODE_ATTACH)) { -- task_unlock(task); + if (gr_handle_ptrace(task, vm_write ? PTRACE_POKETEXT : PTRACE_ATTACH)= ) { - rc =3D -EPERM; - goto put_task_struct; - } -- mm =3D task->mm; -=20 -- if (!mm || (task->flags & PF_KTHREAD)) { -- task_unlock(task); -- rc =3D -EINVAL; -+ mm =3D mm_access(task, PTRACE_MODE_ATTACH); -+ if (!mm || IS_ERR(mm)) { -+ rc =3D IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; -+ /* -+ * Explicitly map EACCES to EPERM as EPERM is a more a -+ * appropriate error code for process_vw_readv/writev -+ */ -+ if (rc =3D=3D -EACCES) -+ rc =3D -EPERM; - goto put_task_struct; - } -=20 -- atomic_inc(&mm->mm_users); -- task_unlock(task); -- - for (i =3D 0; i < riovcnt && iov_l_curr_idx < liovcnt; i++) { - rc =3D process_vm_rw_single_vec( - (unsigned long)rvec[i].iov_base, rvec[i].iov_len, ++ rc =3D -EPERM; ++ goto put_task_struct; ++ } ++ + mm =3D mm_access(task, PTRACE_MODE_ATTACH); + if (!mm || IS_ERR(mm)) { + rc =3D IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; diff --git a/mm/rmap.c b/mm/rmap.c -index a4fd368..e0ffec7 100644 +index c8454e0..b04f3a2 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -152,6 +152,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) @@ -73578,7 +71984,7 @@ index a4fd368..e0ffec7 100644 { struct anon_vma_chain *avc, *pavc; struct anon_vma *root =3D NULL; -@@ -276,7 +313,7 @@ int anon_vma_clone(struct vm_area_struct *dst, struc= t vm_area_struct *src) +@@ -321,7 +358,7 @@ void anon_vma_moveto_tail(struct vm_area_struct *dst= ) * the corresponding VMA in the parent process is attached to. * Returns 0 on success, non-zero on failure. */ @@ -73588,7 +71994,7 @@ index a4fd368..e0ffec7 100644 struct anon_vma_chain *avc; struct anon_vma *anon_vma; diff --git a/mm/shmem.c b/mm/shmem.c -index 6c253f7..367e20a 100644 +index 269d049..a9d2b50 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -31,7 +31,7 @@ @@ -73620,10 +72026,10 @@ index 6c253f7..367e20a 100644 return -ENOMEM; =20 diff --git a/mm/slab.c b/mm/slab.c -index 83311c9a..fcf8f86 100644 +index f0bd785..348b96a 100644 --- a/mm/slab.c +++ b/mm/slab.c -@@ -151,7 +151,7 @@ +@@ -153,7 +153,7 @@ =20 /* Legal flag mask for kmem_cache_create(). */ #if DEBUG @@ -73632,7 +72038,7 @@ index 83311c9a..fcf8f86 100644 SLAB_POISON | SLAB_HWCACHE_ALIGN | \ SLAB_CACHE_DMA | \ SLAB_STORE_USER | \ -@@ -159,7 +159,7 @@ +@@ -161,7 +161,7 @@ SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD | \ SLAB_DEBUG_OBJECTS | SLAB_NOLEAKTRACE | SLAB_NOTRACK) #else @@ -73641,7 +72047,7 @@ index 83311c9a..fcf8f86 100644 SLAB_CACHE_DMA | \ SLAB_RECLAIM_ACCOUNT | SLAB_PANIC | \ SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD | \ -@@ -288,7 +288,7 @@ struct kmem_list3 { +@@ -290,7 +290,7 @@ struct kmem_list3 { * Need this for bootstrapping a per node allocator. */ #define NUM_INIT_LISTS (3 * MAX_NUMNODES) @@ -73650,7 +72056,7 @@ index 83311c9a..fcf8f86 100644 #define CACHE_CACHE 0 #define SIZE_AC MAX_NUMNODES #define SIZE_L3 (2 * MAX_NUMNODES) -@@ -389,10 +389,10 @@ static void kmem_list3_init(struct kmem_list3 *par= ent) +@@ -391,10 +391,10 @@ static void kmem_list3_init(struct kmem_list3 *par= ent) if ((x)->max_freeable < i) \ (x)->max_freeable =3D i; \ } while (0) @@ -73665,7 +72071,7 @@ index 83311c9a..fcf8f86 100644 #else #define STATS_INC_ACTIVE(x) do { } while (0) #define STATS_DEC_ACTIVE(x) do { } while (0) -@@ -538,7 +538,7 @@ static inline void *index_to_obj(struct kmem_cache *= cache, struct slab *slab, +@@ -542,7 +542,7 @@ static inline void *index_to_obj(struct kmem_cache *= cache, struct slab *slab, * reciprocal_divide(offset, cache->reciprocal_buffer_size) */ static inline unsigned int obj_to_index(const struct kmem_cache *cache, @@ -73674,7 +72080,7 @@ index 83311c9a..fcf8f86 100644 { u32 offset =3D (obj - slab->s_mem); return reciprocal_divide(offset, cache->reciprocal_buffer_size); -@@ -564,7 +564,7 @@ struct cache_names { +@@ -568,7 +568,7 @@ struct cache_names { static struct cache_names __initdata cache_names[] =3D { #define CACHE(x) { .name =3D "size-" #x, .name_dma =3D "size-" #x "(DMA= )" }, #include @@ -73683,7 +72089,7 @@ index 83311c9a..fcf8f86 100644 #undef CACHE }; =20 -@@ -1572,7 +1572,7 @@ void __init kmem_cache_init(void) +@@ -1588,7 +1588,7 @@ void __init kmem_cache_init(void) sizes[INDEX_AC].cs_cachep =3D kmem_cache_create(names[INDEX_AC].name, sizes[INDEX_AC].cs_size, ARCH_KMALLOC_MINALIGN, @@ -73692,7 +72098,7 @@ index 83311c9a..fcf8f86 100644 NULL); =20 if (INDEX_AC !=3D INDEX_L3) { -@@ -1580,7 +1580,7 @@ void __init kmem_cache_init(void) +@@ -1596,7 +1596,7 @@ void __init kmem_cache_init(void) kmem_cache_create(names[INDEX_L3].name, sizes[INDEX_L3].cs_size, ARCH_KMALLOC_MINALIGN, @@ -73701,7 +72107,7 @@ index 83311c9a..fcf8f86 100644 NULL); } =20 -@@ -1598,7 +1598,7 @@ void __init kmem_cache_init(void) +@@ -1614,7 +1614,7 @@ void __init kmem_cache_init(void) sizes->cs_cachep =3D kmem_cache_create(names->name, sizes->cs_size, ARCH_KMALLOC_MINALIGN, @@ -73710,7 +72116,7 @@ index 83311c9a..fcf8f86 100644 NULL); } #ifdef CONFIG_ZONE_DMA -@@ -4322,10 +4322,10 @@ static int s_show(struct seq_file *m, void *p) +@@ -4339,10 +4339,10 @@ static int s_show(struct seq_file *m, void *p) } /* cpu stats */ { @@ -73725,7 +72131,7 @@ index 83311c9a..fcf8f86 100644 =20 seq_printf(m, " : cpustat %6lu %6lu %6lu %6lu", allochit, allocmiss, freehit, freemiss); -@@ -4584,13 +4584,62 @@ static int __init slab_proc_init(void) +@@ -4601,13 +4601,62 @@ static int __init slab_proc_init(void) { proc_create("slabinfo",S_IWUSR|S_IRUSR,NULL,&proc_slabinfo_operations)= ; #ifdef CONFIG_DEBUG_SLAB_LEAK @@ -74146,7 +72552,7 @@ index 8105be4..e045f96 100644 EXPORT_SYMBOL(kmem_cache_free); =20 diff --git a/mm/slub.c b/mm/slub.c -index 1a919f0..1739c9b 100644 +index 4907563..e3d7905 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -208,7 +208,7 @@ struct track { @@ -74158,7 +72564,7 @@ index 1a919f0..1739c9b 100644 static int sysfs_slab_add(struct kmem_cache *); static int sysfs_slab_alias(struct kmem_cache *, const char *); static void sysfs_slab_remove(struct kmem_cache *); -@@ -530,7 +530,7 @@ static void print_track(const char *s, struct track = *t) +@@ -532,7 +532,7 @@ static void print_track(const char *s, struct track = *t) if (!t->addr) return; =20 @@ -74167,7 +72573,7 @@ index 1a919f0..1739c9b 100644 s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid); #ifdef CONFIG_STACKTRACE { -@@ -2559,6 +2559,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x= ) +@@ -2571,6 +2571,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x= ) =20 page =3D virt_to_head_page(x); =20 @@ -74176,7 +72582,7 @@ index 1a919f0..1739c9b 100644 slab_free(s, page, x, _RET_IP_); =20 trace_kmem_cache_free(_RET_IP_, x); -@@ -2592,7 +2594,7 @@ static int slub_min_objects; +@@ -2604,7 +2606,7 @@ static int slub_min_objects; * Merge control. If this is set then no merging of slab caches will oc= cur. * (Could be removed. This was introduced to pacify the merge skeptics.= ) */ @@ -74185,7 +72591,7 @@ index 1a919f0..1739c9b 100644 =20 /* * Calculate the order of allocation given an slab object size. -@@ -3042,7 +3044,7 @@ static int kmem_cache_open(struct kmem_cache *s, +@@ -3057,7 +3059,7 @@ static int kmem_cache_open(struct kmem_cache *s, else s->cpu_partial =3D 30; =20 @@ -74194,7 +72600,7 @@ index 1a919f0..1739c9b 100644 #ifdef CONFIG_NUMA s->remote_node_defrag_ratio =3D 1000; #endif -@@ -3146,8 +3148,7 @@ static inline int kmem_cache_close(struct kmem_cac= he *s) +@@ -3161,8 +3163,7 @@ static inline int kmem_cache_close(struct kmem_cac= he *s) void kmem_cache_destroy(struct kmem_cache *s) { down_write(&slub_lock); @@ -74204,7 +72610,7 @@ index 1a919f0..1739c9b 100644 list_del(&s->list); up_write(&slub_lock); if (kmem_cache_close(s)) { -@@ -3358,6 +3359,50 @@ void *__kmalloc_node(size_t size, gfp_t flags, in= t node) +@@ -3373,6 +3374,50 @@ void *__kmalloc_node(size_t size, gfp_t flags, in= t node) EXPORT_SYMBOL(__kmalloc_node); #endif =20 @@ -74255,7 +72661,7 @@ index 1a919f0..1739c9b 100644 size_t ksize(const void *object) { struct page *page; -@@ -3632,7 +3677,7 @@ static void __init kmem_cache_bootstrap_fixup(stru= ct kmem_cache *s) +@@ -3647,7 +3692,7 @@ static void __init kmem_cache_bootstrap_fixup(stru= ct kmem_cache *s) int node; =20 list_add(&s->list, &slab_caches); @@ -74264,7 +72670,7 @@ index 1a919f0..1739c9b 100644 =20 for_each_node_state(node, N_NORMAL_MEMORY) { struct kmem_cache_node *n =3D get_node(s, node); -@@ -3749,17 +3794,17 @@ void __init kmem_cache_init(void) +@@ -3767,17 +3812,17 @@ void __init kmem_cache_init(void) =20 /* Caches that are not of the two-to-the-power-of size */ if (KMALLOC_MIN_SIZE <=3D 32) { @@ -74285,7 +72691,7 @@ index 1a919f0..1739c9b 100644 caches++; } =20 -@@ -3827,7 +3872,7 @@ static int slab_unmergeable(struct kmem_cache *s) +@@ -3845,7 +3890,7 @@ static int slab_unmergeable(struct kmem_cache *s) /* * We may have set a slab to be unmergeable during bootstrap. */ @@ -74294,7 +72700,7 @@ index 1a919f0..1739c9b 100644 return 1; =20 return 0; -@@ -3886,7 +3931,7 @@ struct kmem_cache *kmem_cache_create(const char *n= ame, size_t size, +@@ -3904,7 +3949,7 @@ struct kmem_cache *kmem_cache_create(const char *n= ame, size_t size, down_write(&slub_lock); s =3D find_mergeable(size, align, flags, name, ctor); if (s) { @@ -74303,7 +72709,7 @@ index 1a919f0..1739c9b 100644 /* * Adjust the object sizes so that we clear * the complete object on kzalloc. -@@ -3895,7 +3940,7 @@ struct kmem_cache *kmem_cache_create(const char *n= ame, size_t size, +@@ -3913,7 +3958,7 @@ struct kmem_cache *kmem_cache_create(const char *n= ame, size_t size, s->inuse =3D max_t(int, s->inuse, ALIGN(size, sizeof(void *))); =20 if (sysfs_slab_alias(s, name)) { @@ -74312,7 +72718,7 @@ index 1a919f0..1739c9b 100644 goto err; } up_write(&slub_lock); -@@ -4023,7 +4068,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp= _t gfpflags, +@@ -4041,7 +4086,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp= _t gfpflags, } #endif =20 @@ -74321,7 +72727,7 @@ index 1a919f0..1739c9b 100644 static int count_inuse(struct page *page) { return page->inuse; -@@ -4410,12 +4455,12 @@ static void resiliency_test(void) +@@ -4428,12 +4473,12 @@ static void resiliency_test(void) validate_slab_cache(kmalloc_caches[9]); } #else @@ -74336,7 +72742,7 @@ index 1a919f0..1739c9b 100644 enum slab_stat_type { SL_ALL, /* All slabs */ SL_PARTIAL, /* Only partially allocated slabs */ -@@ -4656,7 +4701,7 @@ SLAB_ATTR_RO(ctor); +@@ -4676,7 +4721,7 @@ SLAB_ATTR_RO(ctor); =20 static ssize_t aliases_show(struct kmem_cache *s, char *buf) { @@ -74345,7 +72751,7 @@ index 1a919f0..1739c9b 100644 } SLAB_ATTR_RO(aliases); =20 -@@ -5223,6 +5268,7 @@ static char *create_unique_id(struct kmem_cache *s= ) +@@ -5243,6 +5288,7 @@ static char *create_unique_id(struct kmem_cache *s= ) return name; } =20 @@ -74353,7 +72759,7 @@ index 1a919f0..1739c9b 100644 static int sysfs_slab_add(struct kmem_cache *s) { int err; -@@ -5285,6 +5331,7 @@ static void sysfs_slab_remove(struct kmem_cache *s= ) +@@ -5305,6 +5351,7 @@ static void sysfs_slab_remove(struct kmem_cache *s= ) kobject_del(&s->kobj); kobject_put(&s->kobj); } @@ -74361,7 +72767,7 @@ index 1a919f0..1739c9b 100644 =20 /* * Need to buffer aliases during bootup until sysfs becomes -@@ -5298,6 +5345,7 @@ struct saved_alias { +@@ -5318,6 +5365,7 @@ struct saved_alias { =20 static struct saved_alias *alias_list; =20 @@ -74369,7 +72775,7 @@ index 1a919f0..1739c9b 100644 static int sysfs_slab_alias(struct kmem_cache *s, const char *name) { struct saved_alias *al; -@@ -5320,6 +5368,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, = const char *name) +@@ -5340,6 +5388,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, = const char *name) alias_list =3D al; return 0; } @@ -74378,10 +72784,10 @@ index 1a919f0..1739c9b 100644 static int __init slab_sysfs_init(void) { diff --git a/mm/swap.c b/mm/swap.c -index 55b266d..a532537 100644 +index 14380e9..e244704 100644 --- a/mm/swap.c +++ b/mm/swap.c -@@ -31,6 +31,7 @@ +@@ -30,6 +30,7 @@ #include #include #include @@ -74389,7 +72795,7 @@ index 55b266d..a532537 100644 =20 #include "internal.h" =20 -@@ -71,6 +72,8 @@ static void __put_compound_page(struct page *page) +@@ -70,6 +71,8 @@ static void __put_compound_page(struct page *page) =20 __page_cache_release(page); dtor =3D get_compound_page_dtor(page); @@ -74399,7 +72805,7 @@ index 55b266d..a532537 100644 } =20 diff --git a/mm/swapfile.c b/mm/swapfile.c -index b1cd120..aaae885 100644 +index d999f09..e00270a 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -61,7 +61,7 @@ static DEFINE_MUTEX(swapon_mutex); @@ -74411,7 +72817,7 @@ index b1cd120..aaae885 100644 =20 static inline unsigned char swap_count(unsigned char ent) { -@@ -1670,7 +1670,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, spec= ialfile) +@@ -1671,7 +1671,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, spec= ialfile) } filp_close(swap_file, NULL); err =3D 0; @@ -74420,7 +72826,7 @@ index b1cd120..aaae885 100644 wake_up_interruptible(&proc_poll_wait); =20 out_dput: -@@ -1686,8 +1686,8 @@ static unsigned swaps_poll(struct file *file, poll= _table *wait) +@@ -1687,8 +1687,8 @@ static unsigned swaps_poll(struct file *file, poll= _table *wait) =20 poll_wait(file, &proc_poll_wait, wait); =20 @@ -74431,7 +72837,7 @@ index b1cd120..aaae885 100644 return POLLIN | POLLRDNORM | POLLERR | POLLPRI; } =20 -@@ -1785,7 +1785,7 @@ static int swaps_open(struct inode *inode, struct = file *file) +@@ -1786,7 +1786,7 @@ static int swaps_open(struct inode *inode, struct = file *file) return ret; =20 seq =3D file->private_data; @@ -74440,7 +72846,7 @@ index b1cd120..aaae885 100644 return 0; } =20 -@@ -2123,7 +2123,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, speci= alfile, int, swap_flags) +@@ -2124,7 +2124,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, speci= alfile, int, swap_flags) (p->flags & SWP_DISCARDABLE) ? "D" : ""); =20 mutex_unlock(&swapon_mutex); @@ -74450,10 +72856,26 @@ index b1cd120..aaae885 100644 =20 if (S_ISREG(inode->i_mode)) diff --git a/mm/util.c b/mm/util.c -index 136ac4f..f917fa9 100644 +index 136ac4f..5117eef 100644 --- a/mm/util.c +++ b/mm/util.c -@@ -243,6 +243,12 @@ void __vma_link_list(struct mm_struct *mm, struct v= m_area_struct *vma, +@@ -114,6 +114,7 @@ EXPORT_SYMBOL(memdup_user); + * allocated buffer. Use this if you don't want to free the buffer imme= diately + * like, for example, with RCU. + */ ++#undef __krealloc + void *__krealloc(const void *p, size_t new_size, gfp_t flags) + { + void *ret; +@@ -147,6 +148,7 @@ EXPORT_SYMBOL(__krealloc); + * behaves exactly like kmalloc(). If @size is 0 and @p is not a + * %NULL pointer, the object pointed to is freed. + */ ++#undef krealloc + void *krealloc(const void *p, size_t new_size, gfp_t flags) + { + void *ret; +@@ -243,6 +245,12 @@ void __vma_link_list(struct mm_struct *mm, struct v= m_area_struct *vma, void arch_pick_mmap_layout(struct mm_struct *mm) { mm->mmap_base =3D TASK_UNMAPPED_BASE; @@ -74467,7 +72889,7 @@ index 136ac4f..f917fa9 100644 mm->unmap_area =3D arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 27be2f0..633e5cc 100644 +index 86ce9a5..0fa4d89 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned lon= g addr, unsigned long end) @@ -74573,7 +72995,7 @@ index 27be2f0..633e5cc 100644 if (!pmd_none(*pmd)) { pte_t *ptep, pte; =20 -@@ -1294,6 +1334,16 @@ static struct vm_struct *__get_vm_area_node(unsig= ned long size, +@@ -1319,6 +1359,16 @@ static struct vm_struct *__get_vm_area_node(unsig= ned long size, struct vm_struct *area; =20 BUG_ON(in_interrupt()); @@ -74590,7 +73012,7 @@ index 27be2f0..633e5cc 100644 if (flags & VM_IOREMAP) { int bit =3D fls(size); =20 -@@ -1526,6 +1576,11 @@ void *vmap(struct page **pages, unsigned int coun= t, +@@ -1551,6 +1601,11 @@ void *vmap(struct page **pages, unsigned int coun= t, if (count > totalram_pages) return NULL; =20 @@ -74602,7 +73024,7 @@ index 27be2f0..633e5cc 100644 area =3D get_vm_area_caller((count << PAGE_SHIFT), flags, __builtin_return_address(0)); if (!area) -@@ -1627,6 +1682,13 @@ void *__vmalloc_node_range(unsigned long size, un= signed long align, +@@ -1652,6 +1707,13 @@ void *__vmalloc_node_range(unsigned long size, un= signed long align, if (!size || (size >> PAGE_SHIFT) > totalram_pages) goto fail; =20 @@ -74616,11 +73038,60 @@ index 27be2f0..633e5cc 100644 area =3D __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, start, end, node, gfp_mask, caller); if (!area) -@@ -1800,10 +1862,9 @@ EXPORT_SYMBOL(vzalloc_node); +@@ -1704,6 +1766,7 @@ static void *__vmalloc_node(unsigned long size, un= signed long align, + gfp_mask, prot, node, caller); + } +=20 ++#undef __vmalloc + void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) + { + return __vmalloc_node(size, 1, gfp_mask, prot, -1, +@@ -1727,6 +1790,7 @@ static inline void *__vmalloc_node_flags(unsigned = long size, + * For tight control over page level allocator and protection flags + * use __vmalloc() instead. + */ ++#undef vmalloc + void *vmalloc(unsigned long size) + { + return __vmalloc_node_flags(size, -1, GFP_KERNEL | __GFP_HIGHMEM); +@@ -1743,6 +1807,7 @@ EXPORT_SYMBOL(vmalloc); + * For tight control over page level allocator and protection flags + * use __vmalloc() instead. + */ ++#undef vzalloc + void *vzalloc(unsigned long size) + { + return __vmalloc_node_flags(size, -1, +@@ -1757,6 +1822,7 @@ EXPORT_SYMBOL(vzalloc); + * The resulting memory area is zeroed so it can be mapped to userspace + * without leaking data. + */ ++#undef vmalloc_user + void *vmalloc_user(unsigned long size) + { + struct vm_struct *area; +@@ -1784,6 +1850,7 @@ EXPORT_SYMBOL(vmalloc_user); + * For tight control over page level allocator and protection flags + * use __vmalloc() instead. + */ ++#undef vmalloc_node + void *vmalloc_node(unsigned long size, int node) + { + return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL= , +@@ -1803,6 +1870,7 @@ EXPORT_SYMBOL(vmalloc_node); + * For tight control over page level allocator and protection flags + * use __vmalloc_node() instead. + */ ++#undef vzalloc_node + void *vzalloc_node(unsigned long size, int node) + { + return __vmalloc_node_flags(size, node, +@@ -1825,10 +1893,10 @@ EXPORT_SYMBOL(vzalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ - ++#undef vmalloc_exec void *vmalloc_exec(unsigned long size) { - return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL= _EXEC, @@ -74628,7 +73099,23 @@ index 27be2f0..633e5cc 100644 -1, __builtin_return_address(0)); } =20 -@@ -2098,6 +2159,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma= , void *addr, +@@ -1847,6 +1915,7 @@ void *vmalloc_exec(unsigned long size) + * Allocate enough 32bit PA addressable pages to cover @size from the + * page level allocator and map them into contiguous kernel virtual spa= ce. + */ ++#undef vmalloc_32 + void *vmalloc_32(unsigned long size) + { + return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL, +@@ -1861,6 +1930,7 @@ EXPORT_SYMBOL(vmalloc_32); + * The resulting memory area is 32bit addressable and zeroed so it can = be + * mapped to userspace without leaking data. + */ ++#undef vmalloc_32_user + void *vmalloc_32_user(unsigned long size) + { + struct vm_struct *area; +@@ -2123,6 +2193,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma= , void *addr, unsigned long uaddr =3D vma->vm_start; unsigned long usize =3D vma->vm_end - vma->vm_start; =20 @@ -74638,7 +73125,7 @@ index 27be2f0..633e5cc 100644 return -EINVAL; =20 diff --git a/mm/vmstat.c b/mm/vmstat.c -index 8fd603b..cf0d930 100644 +index f600557..1459fc8 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -78,7 +78,7 @@ void vm_events_fold_cpu(int cpu) @@ -74694,10 +73181,10 @@ index 8fd603b..cf0d930 100644 return 0; } diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c -index 5471628..cef8398 100644 +index efea35b..9c8dd0b 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c -@@ -588,8 +588,7 @@ static int vlan_ioctl_handler(struct net *net, void = __user *arg) +@@ -554,8 +554,7 @@ static int vlan_ioctl_handler(struct net *net, void = __user *arg) err =3D -EPERM; if (!capable(CAP_NET_ADMIN)) break; @@ -74708,10 +73195,10 @@ index 5471628..cef8398 100644 =20 vn =3D net_generic(net, vlan_net_id); diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c -index fdfdb57..38d368c 100644 +index fccae26..e7ece2f 100644 --- a/net/9p/trans_fd.c +++ b/net/9p/trans_fd.c -@@ -423,7 +423,7 @@ static int p9_fd_write(struct p9_client *client, voi= d *v, int len) +@@ -425,7 +425,7 @@ static int p9_fd_write(struct p9_client *client, voi= d *v, int len) oldfs =3D get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -74721,7 +73208,7 @@ index fdfdb57..38d368c 100644 =20 if (ret <=3D 0 && ret !=3D -ERESTARTSYS && ret !=3D -EAGAIN) diff --git a/net/atm/atm_misc.c b/net/atm/atm_misc.c -index f41f026..fe76ea8 100644 +index 876fbe8..8bbea9f 100644 --- a/net/atm/atm_misc.c +++ b/net/atm/atm_misc.c @@ -17,7 +17,7 @@ int atm_charge(struct atm_vcc *vcc, int truesize) @@ -74872,10 +73359,10 @@ index 7704df4..beb4e16 100644 hard_iface->net_dev->name); =20 diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-inter= face.c -index f9cc957..efd9dae 100644 +index 987c75a..20d6f36 100644 --- a/net/batman-adv/soft-interface.c +++ b/net/batman-adv/soft-interface.c -@@ -634,7 +634,7 @@ static int interface_tx(struct sk_buff *skb, struct = net_device *soft_iface) +@@ -645,7 +645,7 @@ static int interface_tx(struct sk_buff *skb, struct = net_device *soft_iface) =20 /* set broadcast sequence number */ bcast_packet->seqno =3D @@ -74884,7 +73371,7 @@ index f9cc957..efd9dae 100644 =20 add_bcast_packet_to_list(bat_priv, skb, 1); =20 -@@ -828,7 +828,7 @@ struct net_device *softif_create(const char *name) +@@ -843,7 +843,7 @@ struct net_device *softif_create(const char *name) atomic_set(&bat_priv->batman_queue_left, BATMAN_QUEUE_LEN); =20 atomic_set(&bat_priv->mesh_state, MESH_INACTIVE); @@ -74894,7 +73381,7 @@ index f9cc957..efd9dae 100644 atomic_set(&bat_priv->tt_local_changes, 0); atomic_set(&bat_priv->tt_ogm_append_cnt, 0); diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h -index ab8d0fe..ceba3fd 100644 +index e9eb043..d174eeb 100644 --- a/net/batman-adv/types.h +++ b/net/batman-adv/types.h @@ -38,8 +38,8 @@ struct hard_iface { @@ -74931,7 +73418,7 @@ index 07d1c1d..7e9bea9 100644 frag2->seqno =3D htons(seqno); =20 diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c -index c1c597e..05ebb40 100644 +index 07bc69e..21e76b1 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -234,7 +234,7 @@ void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[= 16]) @@ -74944,10 +73431,10 @@ index c1c597e..05ebb40 100644 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp); } diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c -index 17b5b1c..826d872 100644 +index 32d338c..d24bcdb 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c -@@ -2176,8 +2176,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan= *chan, void *rsp, int len, voi +@@ -2418,8 +2418,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan= *chan, void *rsp, int len, voi break; =20 case L2CAP_CONF_RFC: @@ -74960,7 +73447,7 @@ index 17b5b1c..826d872 100644 =20 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && rfc.mode !=3D chan->mode) -@@ -2265,8 +2267,10 @@ static void l2cap_conf_rfc_get(struct l2cap_chan = *chan, void *rsp, int len) +@@ -2537,8 +2539,10 @@ static void l2cap_conf_rfc_get(struct l2cap_chan = *chan, void *rsp, int len) =20 switch (type) { case L2CAP_CONF_RFC: @@ -74973,24 +73460,11 @@ index 17b5b1c..826d872 100644 goto done; } } -diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c -index 8eb6b15..e3db7ab 100644 ---- a/net/bridge/br_multicast.c -+++ b/net/bridge/br_multicast.c -@@ -1488,7 +1488,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge= *br, - nexthdr =3D ip6h->nexthdr; - offset =3D ipv6_skip_exthdr(skb, sizeof(*ip6h), &nexthdr); -=20 -- if (offset < 0 || nexthdr !=3D IPPROTO_ICMPV6) -+ if (nexthdr !=3D IPPROTO_ICMPV6) - return 0; -=20 - /* Okay, we found ICMPv6 header */ diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebta= bles.c -index 5864cc4..121f3a30 100644 +index 5fe2ff3..10968b5 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c -@@ -1513,7 +1513,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd= , void __user *user, int *len) +@@ -1523,7 +1523,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd= , void __user *user, int *len) tmp.valid_hooks =3D t->table->valid_hooks; } mutex_unlock(&ebt_mutex); @@ -75000,7 +73474,7 @@ index 5864cc4..121f3a30 100644 ret =3D -EFAULT; break; diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c -index a986280..13444a1 100644 +index a97d97a..6f679ed 100644 --- a/net/caif/caif_socket.c +++ b/net/caif/caif_socket.c @@ -48,19 +48,20 @@ static struct dentry *debugfsdir; @@ -75105,7 +73579,7 @@ index a986280..13444a1 100644 set_rx_flow_on(cf_sk); caif_flow_ctrl(sk, CAIF_MODEMCMD_FLOW_ON_REQ); } -@@ -854,7 +855,7 @@ static int caif_connect(struct socket *sock, struct = sockaddr *uaddr, +@@ -856,7 +857,7 @@ static int caif_connect(struct socket *sock, struct = sockaddr *uaddr, /*ifindex =3D id of the interface.*/ cf_sk->conn_req.ifindex =3D cf_sk->sk.sk_bound_dev_if; =20 @@ -75114,7 +73588,7 @@ index a986280..13444a1 100644 cf_sk->layer.receive =3D caif_sktrecv_cb; =20 err =3D caif_connect_client(sock_net(sk), &cf_sk->conn_req, -@@ -943,7 +944,7 @@ static int caif_release(struct socket *sock) +@@ -945,7 +946,7 @@ static int caif_release(struct socket *sock) spin_unlock_bh(&sk->sk_receive_queue.lock); sock->sk =3D NULL; =20 @@ -75123,7 +73597,7 @@ index a986280..13444a1 100644 =20 WARN_ON(IS_ERR(cf_sk->debugfs_socket_dir)); if (cf_sk->debugfs_socket_dir !=3D NULL) -@@ -1122,7 +1123,7 @@ static int caif_create(struct net *net, struct soc= ket *sock, int protocol, +@@ -1124,7 +1125,7 @@ static int caif_create(struct net *net, struct soc= ket *sock, int protocol, cf_sk->conn_req.protocol =3D protocol; /* Increase the number of sockets created. */ dbfs_atomic_inc(&cnt.caif_nr_socks); @@ -75333,10 +73807,10 @@ index 68bbf9f..5ef0d12 100644 =20 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index c56cacf..b28e35f 100644 +index 6ca32f6..c7e9bbd 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -1139,10 +1139,14 @@ void dev_load(struct net *net, const char *name) +@@ -1138,10 +1138,14 @@ void dev_load(struct net *net, const char *name) if (no_module && capable(CAP_NET_ADMIN)) no_module =3D request_module("netdev-%s", name); if (no_module && capable(CAP_SYS_MODULE)) { @@ -75351,7 +73825,7 @@ index c56cacf..b28e35f 100644 } } EXPORT_SYMBOL(dev_load); -@@ -1573,7 +1577,7 @@ int dev_forward_skb(struct net_device *dev, struct= sk_buff *skb) +@@ -1585,7 +1589,7 @@ int dev_forward_skb(struct net_device *dev, struct= sk_buff *skb) { if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) { if (skb_copy_ubufs(skb, GFP_ATOMIC)) { @@ -75360,7 +73834,7 @@ index c56cacf..b28e35f 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -1583,7 +1587,7 @@ int dev_forward_skb(struct net_device *dev, struct= sk_buff *skb) +@@ -1595,7 +1599,7 @@ int dev_forward_skb(struct net_device *dev, struct= sk_buff *skb) nf_reset(skb); =20 if (unlikely(!is_skb_forwardable(dev, skb))) { @@ -75369,7 +73843,7 @@ index c56cacf..b28e35f 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2036,7 +2040,7 @@ static int illegal_highdma(struct net_device *dev,= struct sk_buff *skb) +@@ -2057,7 +2061,7 @@ static int illegal_highdma(struct net_device *dev,= struct sk_buff *skb) =20 struct dev_gso_cb { void (*destructor)(struct sk_buff *skb); @@ -75378,7 +73852,7 @@ index c56cacf..b28e35f 100644 =20 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) =20 -@@ -2970,7 +2974,7 @@ enqueue: +@@ -2913,7 +2917,7 @@ enqueue: =20 local_irq_restore(flags); =20 @@ -75387,7 +73861,7 @@ index c56cacf..b28e35f 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -3044,7 +3048,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -2985,7 +2989,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); =20 @@ -75396,7 +73870,7 @@ index c56cacf..b28e35f 100644 { struct softnet_data *sd =3D &__get_cpu_var(softnet_data); =20 -@@ -3333,7 +3337,7 @@ ncls: +@@ -3273,7 +3277,7 @@ ncls: if (pt_prev) { ret =3D pt_prev->func(skb, skb->dev, pt_prev, orig_dev); } else { @@ -75405,7 +73879,7 @@ index c56cacf..b28e35f 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -3897,7 +3901,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -3832,7 +3836,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); =20 @@ -75414,7 +73888,7 @@ index c56cacf..b28e35f 100644 { struct softnet_data *sd =3D &__get_cpu_var(softnet_data); unsigned long time_limit =3D jiffies + 2; -@@ -5955,7 +5959,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net= _device *dev, +@@ -5889,7 +5893,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net= _device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -75486,7 +73960,7 @@ index c40f27e..7f49254 100644 =20 m->msg_iov =3D iov; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 9083e82..1673203 100644 +index f965dce..92c792a 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -57,7 +57,7 @@ struct rtnl_link { @@ -75497,7 +73971,7 @@ index 9083e82..1673203 100644 +} __no_const; =20 static DEFINE_MUTEX(rtnl_mutex); - static u16 min_ifinfo_dump_size; +=20 diff --git a/net/core/scm.c b/net/core/scm.c index ff52ad0..aff1c0f 100644 --- a/net/core/scm.c @@ -75539,10 +74013,10 @@ index ff52ad0..aff1c0f 100644 { int new_fd; diff --git a/net/core/sock.c b/net/core/sock.c -index b23f174..b9a0d26 100644 +index 02f8dfe..86dfd4a 100644 --- a/net/core/sock.c +++ b/net/core/sock.c -@@ -289,7 +289,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_bu= ff *skb) +@@ -341,7 +341,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_bu= ff *skb) struct sk_buff_head *list =3D &sk->sk_receive_queue; =20 if (atomic_read(&sk->sk_rmem_alloc) >=3D sk->sk_rcvbuf) { @@ -75551,7 +74025,7 @@ index b23f174..b9a0d26 100644 trace_sock_rcvqueue_full(sk, skb); return -ENOMEM; } -@@ -299,7 +299,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_bu= ff *skb) +@@ -351,7 +351,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_bu= ff *skb) return err; =20 if (!sk_rmem_schedule(sk, skb->truesize)) { @@ -75560,7 +74034,7 @@ index b23f174..b9a0d26 100644 return -ENOBUFS; } =20 -@@ -319,7 +319,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_bu= ff *skb) +@@ -371,7 +371,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_bu= ff *skb) skb_dst_force(skb); =20 spin_lock_irqsave(&list->lock, flags); @@ -75569,7 +74043,7 @@ index b23f174..b9a0d26 100644 __skb_queue_tail(list, skb); spin_unlock_irqrestore(&list->lock, flags); =20 -@@ -339,7 +339,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *= skb, const int nested) +@@ -391,7 +391,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *= skb, const int nested) skb->dev =3D NULL; =20 if (sk_rcvqueues_full(sk, skb)) { @@ -75578,7 +74052,7 @@ index b23f174..b9a0d26 100644 goto discard_and_relse; } if (nested) -@@ -357,7 +357,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *= skb, const int nested) +@@ -409,7 +409,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *= skb, const int nested) mutex_release(&sk->sk_lock.dep_map, 1, _RET_IP_); } else if (sk_add_backlog(sk, skb)) { bh_unlock_sock(sk); @@ -75587,7 +74061,7 @@ index b23f174..b9a0d26 100644 goto discard_and_relse; } =20 -@@ -917,7 +917,7 @@ int sock_getsockopt(struct socket *sock, int level, = int optname, +@@ -974,7 +974,7 @@ int sock_getsockopt(struct socket *sock, int level, = int optname, if (len > sizeof(peercred)) len =3D sizeof(peercred); cred_to_ucred(sk->sk_peer_pid, sk->sk_peer_cred, &peercred); @@ -75596,7 +74070,7 @@ index b23f174..b9a0d26 100644 return -EFAULT; goto lenout; } -@@ -930,7 +930,7 @@ int sock_getsockopt(struct socket *sock, int level, = int optname, +@@ -987,7 +987,7 @@ int sock_getsockopt(struct socket *sock, int level, = int optname, return -ENOTCONN; if (lv < len) return -EINVAL; @@ -75605,7 +74079,7 @@ index b23f174..b9a0d26 100644 return -EFAULT; goto lenout; } -@@ -963,7 +963,7 @@ int sock_getsockopt(struct socket *sock, int level, = int optname, +@@ -1024,7 +1024,7 @@ int sock_getsockopt(struct socket *sock, int level= , int optname, =20 if (len > lv) len =3D lv; @@ -75614,7 +74088,7 @@ index b23f174..b9a0d26 100644 return -EFAULT; lenout: if (put_user(len, optlen)) -@@ -2020,7 +2020,7 @@ void sock_init_data(struct socket *sock, struct so= ck *sk) +@@ -2108,7 +2108,7 @@ void sock_init_data(struct socket *sock, struct so= ck *sk) */ smp_wmb(); atomic_set(&sk->sk_refcnt, 1); @@ -75623,6 +74097,38 @@ index b23f174..b9a0d26 100644 } EXPORT_SYMBOL(sock_init_data); =20 +diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c +index b9868e1..849f809 100644 +--- a/net/core/sock_diag.c ++++ b/net/core/sock_diag.c +@@ -16,20 +16,27 @@ static DEFINE_MUTEX(sock_diag_table_mutex); +=20 + int sock_diag_check_cookie(void *sk, __u32 *cookie) + { ++#ifndef CONFIG_GRKERNSEC_HIDESYM + if ((cookie[0] !=3D INET_DIAG_NOCOOKIE || + cookie[1] !=3D INET_DIAG_NOCOOKIE) && + ((u32)(unsigned long)sk !=3D cookie[0] || + (u32)((((unsigned long)sk) >> 31) >> 1) !=3D cookie[1])) + return -ESTALE; + else ++#endif + return 0; + } + EXPORT_SYMBOL_GPL(sock_diag_check_cookie); +=20 + void sock_diag_save_cookie(void *sk, __u32 *cookie) + { ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ cookie[0] =3D 0; ++ cookie[1] =3D 0; ++#else + cookie[0] =3D (u32)(unsigned long)sk; + cookie[1] =3D (u32)(((unsigned long)sk >> 31) >> 1); ++#endif + } + EXPORT_SYMBOL_GPL(sock_diag_save_cookie); +=20 diff --git a/net/decnet/sysctl_net_decnet.c b/net/decnet/sysctl_net_decn= et.c index 02e75d1..9a57a7c 100644 --- a/net/decnet/sysctl_net_decnet.c @@ -75658,19 +74164,6 @@ index 39a2d29..f39c0fe 100644 ---help--- Econet is a fairly old and slow networking protocol mainly used by Acorn computers to access file and print servers. It uses native -diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c -index 36d1440..44ff28b 100644 ---- a/net/ipv4/ah4.c -+++ b/net/ipv4/ah4.c -@@ -19,6 +19,8 @@ struct ah_skb_cb { - #define AH_SKB_CB(__skb) ((struct ah_skb_cb *)&((__skb)->cb[0])) -=20 - static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags, -+ unsigned int size) __size_overflow(3); -+static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags, - unsigned int size) - { - unsigned int len; diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 92fc5f6..b790d91 100644 --- a/net/ipv4/fib_frontend.c @@ -75712,71 +74205,6 @@ index 80106d8..232e898 100644 =20 return nh->nh_saddr; } -diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c -index ccee270..db23c3c 100644 ---- a/net/ipv4/inet_diag.c -+++ b/net/ipv4/inet_diag.c -@@ -114,8 +114,14 @@ static int inet_csk_diag_fill(struct sock *sk, - r->idiag_retrans =3D 0; -=20 - r->id.idiag_if =3D sk->sk_bound_dev_if; -+ -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ r->id.idiag_cookie[0] =3D 0; -+ r->id.idiag_cookie[1] =3D 0; -+#else - r->id.idiag_cookie[0] =3D (u32)(unsigned long)sk; - r->id.idiag_cookie[1] =3D (u32)(((unsigned long)sk >> 31) >> 1); -+#endif -=20 - r->id.idiag_sport =3D inet->inet_sport; - r->id.idiag_dport =3D inet->inet_dport; -@@ -210,8 +216,15 @@ static int inet_twsk_diag_fill(struct inet_timewait= _sock *tw, - r->idiag_family =3D tw->tw_family; - r->idiag_retrans =3D 0; - r->id.idiag_if =3D tw->tw_bound_dev_if; -+ -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ r->id.idiag_cookie[0] =3D 0; -+ r->id.idiag_cookie[1] =3D 0; -+#else - r->id.idiag_cookie[0] =3D (u32)(unsigned long)tw; - r->id.idiag_cookie[1] =3D (u32)(((unsigned long)tw >> 31) >> 1); -+#endif -+ - r->id.idiag_sport =3D tw->tw_sport; - r->id.idiag_dport =3D tw->tw_dport; - r->id.idiag_src[0] =3D tw->tw_rcv_saddr; -@@ -294,12 +307,14 @@ static int inet_diag_get_exact(struct sk_buff *in_= skb, - if (sk =3D=3D NULL) - goto unlock; -=20 -+#ifndef CONFIG_GRKERNSEC_HIDESYM - err =3D -ESTALE; - if ((req->id.idiag_cookie[0] !=3D INET_DIAG_NOCOOKIE || - req->id.idiag_cookie[1] !=3D INET_DIAG_NOCOOKIE) && - ((u32)(unsigned long)sk !=3D req->id.idiag_cookie[0] || - (u32)((((unsigned long)sk) >> 31) >> 1) !=3D req->id.idiag_cookie= [1])) - goto out; -+#endif -=20 - err =3D -ENOMEM; - rep =3D alloc_skb(NLMSG_SPACE((sizeof(struct inet_diag_msg) + -@@ -589,8 +604,14 @@ static int inet_diag_fill_req(struct sk_buff *skb, = struct sock *sk, - r->idiag_retrans =3D req->retrans; -=20 - r->id.idiag_if =3D sk->sk_bound_dev_if; -+ -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ r->id.idiag_cookie[0] =3D 0; -+ r->id.idiag_cookie[1] =3D 0; -+#else - r->id.idiag_cookie[0] =3D (u32)(unsigned long)req; - r->id.idiag_cookie[1] =3D (u32)(((unsigned long)req >> 31) >> 1); -+#endif -=20 - tmo =3D req->expires - jiffies; - if (tmo < 0) diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c index 984ec65..97ac518 100644 --- a/net/ipv4/inet_hashtables.c @@ -75807,10 +74235,10 @@ index 984ec65..97ac518 100644 inet_twsk_deschedule(tw, death_row); while (twrefcnt) { diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c -index 86f13c67..59a35b5 100644 +index d4d61b6..b81aec8 100644 --- a/net/ipv4/inetpeer.c +++ b/net/ipv4/inetpeer.c -@@ -436,8 +436,8 @@ relookup: +@@ -487,8 +487,8 @@ relookup: if (p) { p->daddr =3D *daddr; atomic_set(&p->refcnt, 1); @@ -75822,7 +74250,7 @@ index 86f13c67..59a35b5 100644 secure_ip_id(daddr->addr.a4) : secure_ipv6_id(daddr->addr.a6)); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c -index fdaabf2..0ec3205 100644 +index 1f23a57..7180dfe 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -316,7 +316,7 @@ static inline int ip_frag_too_far(struct ipq *qp) @@ -75835,10 +74263,10 @@ index fdaabf2..0ec3205 100644 =20 rc =3D qp->q.fragments && (end - start) > max; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c -index 09ff51b..d3968eb 100644 +index 8aa87c1..35c3248 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c -@@ -1111,7 +1111,8 @@ static int do_ip_getsockopt(struct sock *sk, int l= evel, int optname, +@@ -1112,7 +1112,8 @@ static int do_ip_getsockopt(struct sock *sk, int l= evel, int optname, len =3D min_t(unsigned int, len, opt->optlen); if (put_user(len, optlen)) return -EFAULT; @@ -75848,7 +74276,7 @@ index 09ff51b..d3968eb 100644 return -EFAULT; return 0; } -@@ -1239,7 +1240,7 @@ static int do_ip_getsockopt(struct sock *sk, int l= evel, int optname, +@@ -1240,7 +1241,7 @@ static int do_ip_getsockopt(struct sock *sk, int l= evel, int optname, if (sk->sk_type !=3D SOCK_STREAM) return -ENOPROTOOPT; =20 @@ -75858,7 +74286,7 @@ index 09ff51b..d3968eb 100644 msg.msg_flags =3D flags; =20 diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c -index 99ec116..c5628fe 100644 +index 6e412a6..6640538 100644 --- a/net/ipv4/ipconfig.c +++ b/net/ipv4/ipconfig.c @@ -318,7 +318,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd,= struct ifreq *arg) @@ -75888,76 +74316,24 @@ index 99ec116..c5628fe 100644 set_fs(oldfs); return res; } -diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_ta= bles.c -index fd7a3f6..e5be655 100644 ---- a/net/ipv4/netfilter/arp_tables.c -+++ b/net/ipv4/netfilter/arp_tables.c -@@ -984,6 +984,11 @@ static int __do_replace(struct net *net, const char= *name, - unsigned int valid_hooks, - struct xt_table_info *newinfo, - unsigned int num_counters, -+ void __user *counters_ptr) __size_overflow(5); -+static int __do_replace(struct net *net, const char *name, -+ unsigned int valid_hooks, -+ struct xt_table_info *newinfo, -+ unsigned int num_counters, - void __user *counters_ptr) - { - int ret; -@@ -1104,6 +1109,8 @@ static int do_replace(struct net *net, const void = __user *user, - } -=20 - static int do_add_counters(struct net *net, const void __user *user, -+ unsigned int len, int compat) __size_overflow(3); -+static int do_add_counters(struct net *net, const void __user *user, - unsigned int len, int compat) - { - unsigned int i, curcpu; -diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tabl= es.c -index 24e556e..a8daf7a 100644 ---- a/net/ipv4/netfilter/ip_tables.c -+++ b/net/ipv4/netfilter/ip_tables.c -@@ -1172,6 +1172,10 @@ get_entries(struct net *net, struct ipt_get_entri= es __user *uptr, - static int - __do_replace(struct net *net, const char *name, unsigned int valid_hook= s, - struct xt_table_info *newinfo, unsigned int num_counters, -+ void __user *counters_ptr) __size_overflow(5); -+static int -+__do_replace(struct net *net, const char *name, unsigned int valid_hook= s, -+ struct xt_table_info *newinfo, unsigned int num_counters, - void __user *counters_ptr) - { - int ret; -@@ -1293,6 +1297,9 @@ do_replace(struct net *net, const void __user *use= r, unsigned int len) -=20 - static int - do_add_counters(struct net *net, const void __user *user, -+ unsigned int len, int compat) __size_overflow(3); -+static int -+do_add_counters(struct net *net, const void __user *user, - unsigned int len, int compat) - { - unsigned int i, curcpu; diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter= /nf_nat_snmp_basic.c -index 2133c30..0e8047e 100644 +index 2133c30..5c4b40b 100644 --- a/net/ipv4/netfilter/nf_nat_snmp_basic.c +++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c -@@ -435,6 +435,10 @@ static unsigned char asn1_subid_decode(struct asn1_= ctx *ctx, - static unsigned char asn1_oid_decode(struct asn1_ctx *ctx, - unsigned char *eoc, - unsigned long **oid, -+ unsigned int *len) __size_overflow(2); -+static unsigned char asn1_oid_decode(struct asn1_ctx *ctx, -+ unsigned char *eoc, -+ unsigned long **oid, - unsigned int *len) - { - unsigned long subid; +@@ -399,7 +399,7 @@ static unsigned char asn1_octets_decode(struct asn1_= ctx *ctx, +=20 + *len =3D 0; +=20 +- *octets =3D kmalloc(eoc - ctx->pointer, GFP_ATOMIC); ++ *octets =3D kmalloc((eoc - ctx->pointer), GFP_ATOMIC); + if (*octets =3D=3D NULL) + return 0; +=20 diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 43d4c3b..1914409 100644 +index b072386..abdebcf 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c -@@ -836,7 +836,7 @@ static void ping_format_sock(struct sock *sp, struct= seq_file *f, +@@ -838,7 +838,7 @@ static void ping_format_sock(struct sock *sp, struct= seq_file *f, sk_rmem_alloc_get(sp), 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -75967,10 +74343,10 @@ index 43d4c3b..1914409 100644 =20 static int ping_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c -index 007e2eb..85a18a0 100644 +index 3ccda5a..3c1e61d 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c -@@ -303,7 +303,7 @@ static int raw_rcv_skb(struct sock * sk, struct sk_b= uff * skb) +@@ -304,7 +304,7 @@ static int raw_rcv_skb(struct sock * sk, struct sk_b= uff * skb) int raw_rcv(struct sock *sk, struct sk_buff *skb) { if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) { @@ -75979,7 +74355,7 @@ index 007e2eb..85a18a0 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -738,16 +738,20 @@ static int raw_init(struct sock *sk) +@@ -742,16 +742,20 @@ static int raw_init(struct sock *sk) =20 static int raw_seticmpfilter(struct sock *sk, char __user *optval, int = optlen) { @@ -76001,7 +74377,7 @@ index 007e2eb..85a18a0 100644 =20 if (get_user(len, optlen)) goto out; -@@ -757,8 +761,8 @@ static int raw_geticmpfilter(struct sock *sk, char _= _user *optval, int __user *o +@@ -761,8 +765,8 @@ static int raw_geticmpfilter(struct sock *sk, char _= _user *optval, int __user *o if (len > sizeof(struct icmp_filter)) len =3D sizeof(struct icmp_filter); ret =3D -EFAULT; @@ -76012,7 +74388,7 @@ index 007e2eb..85a18a0 100644 goto out; ret =3D 0; out: return ret; -@@ -986,7 +990,13 @@ static void raw_sock_seq_show(struct seq_file *seq,= struct sock *sp, int i) +@@ -990,7 +994,13 @@ static void raw_sock_seq_show(struct seq_file *seq,= struct sock *sp, int i) sk_wmem_alloc_get(sp), sk_rmem_alloc_get(sp), 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -76028,10 +74404,10 @@ index 007e2eb..85a18a0 100644 =20 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index 94cdbc5..0cb0063 100644 +index 0197747..7adb0dc 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c -@@ -313,7 +313,7 @@ static inline unsigned int rt_hash(__be32 daddr, __b= e32 saddr, int idx, +@@ -311,7 +311,7 @@ static inline unsigned int rt_hash(__be32 daddr, __b= e32 saddr, int idx, =20 static inline int rt_genid(struct net *net) { @@ -76040,16 +74416,16 @@ index 94cdbc5..0cb0063 100644 } =20 #ifdef CONFIG_PROC_FS -@@ -937,7 +937,7 @@ static void rt_cache_invalidate(struct net *net) +@@ -935,7 +935,7 @@ static void rt_cache_invalidate(struct net *net) unsigned char shuffle; =20 get_random_bytes(&shuffle, sizeof(shuffle)); - atomic_add(shuffle + 1U, &net->ipv4.rt_genid); + atomic_add_unchecked(shuffle + 1U, &net->ipv4.rt_genid); - redirect_genid++; + inetpeer_invalidate_tree(AF_INET); } =20 -@@ -3022,7 +3022,7 @@ static int rt_fill_info(struct net *net, +@@ -3010,7 +3010,7 @@ static int rt_fill_info(struct net *net, error =3D rt->dst.error; if (peer) { inet_peer_refcheck(rt->peer); @@ -76058,65 +74434,11 @@ index 94cdbc5..0cb0063 100644 if (peer->tcp_ts_stamp) { ts =3D peer->tcp_ts; tsage =3D get_seconds() - peer->tcp_ts_stamp; -diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c -index 90f6544..769c0e9 100644 ---- a/net/ipv4/syncookies.c -+++ b/net/ipv4/syncookies.c -@@ -278,6 +278,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct= sk_buff *skb, - struct rtable *rt; - __u8 rcv_wscale; - bool ecn_ok =3D false; -+ struct flowi4 fl4; -=20 - if (!sysctl_tcp_syncookies || !th->ack || th->rst) - goto out; -@@ -346,20 +347,16 @@ struct sock *cookie_v4_check(struct sock *sk, stru= ct sk_buff *skb, - * hasn't changed since we received the original syn, but I see - * no easy way to do this. - */ -- { -- struct flowi4 fl4; -- -- flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), -- RT_SCOPE_UNIVERSE, IPPROTO_TCP, -- inet_sk_flowi_flags(sk), -- (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, -- ireq->loc_addr, th->source, th->dest); -- security_req_classify_flow(req, flowi4_to_flowi(&fl4)); -- rt =3D ip_route_output_key(sock_net(sk), &fl4); -- if (IS_ERR(rt)) { -- reqsk_free(req); -- goto out; -- } -+ flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), -+ RT_SCOPE_UNIVERSE, IPPROTO_TCP, -+ inet_sk_flowi_flags(sk), -+ (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, -+ ireq->loc_addr, th->source, th->dest); -+ security_req_classify_flow(req, flowi4_to_flowi(&fl4)); -+ rt =3D ip_route_output_key(sock_net(sk), &fl4); -+ if (IS_ERR(rt)) { -+ reqsk_free(req); -+ goto out; - } -=20 - /* Try to redo what tcp_v4_send_synack did. */ -@@ -373,5 +370,10 @@ struct sock *cookie_v4_check(struct sock *sk, struc= t sk_buff *skb, - ireq->rcv_wscale =3D rcv_wscale; -=20 - ret =3D get_cookie_sock(sk, skb, req, &rt->dst); -+ /* ip_queue_xmit() depends on our flow being setup -+ * Normal sockets get it right from inet_csk_route_child_sock() -+ */ -+ if (ret) -+ inet_sk(ret)->cork.fl.u.ip4 =3D fl4; - out: return ret; - } diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index eb90aa8..74908e1 100644 +index fd54c5f..96d6407 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c -@@ -87,6 +87,9 @@ int sysctl_tcp_tw_reuse __read_mostly; +@@ -88,6 +88,9 @@ int sysctl_tcp_tw_reuse __read_mostly; int sysctl_tcp_low_latency __read_mostly; EXPORT_SYMBOL(sysctl_tcp_low_latency); =20 @@ -76126,24 +74448,7 @@ index eb90aa8..74908e1 100644 =20 #ifdef CONFIG_TCP_MD5SIG static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, -@@ -1465,9 +1468,13 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk= , struct sk_buff *skb, - inet_csk(newsk)->icsk_ext_hdr_len =3D inet_opt->opt.optlen; - newinet->inet_id =3D newtp->write_seq ^ jiffies; -=20 -- if (!dst && (dst =3D inet_csk_route_child_sock(sk, newsk, req)) =3D=3D= NULL) -- goto put_and_exit; -- -+ if (!dst) { -+ dst =3D inet_csk_route_child_sock(sk, newsk, req); -+ if (!dst) -+ goto put_and_exit; -+ } else { -+ /* syncookie case : see end of cookie_v4_check() */ -+ } - sk_setup_caps(newsk, dst); -=20 - tcp_mtup_init(newsk); -@@ -1632,6 +1639,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff = *skb) +@@ -1638,6 +1641,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff = *skb) return 0; =20 reset: @@ -76153,7 +74458,7 @@ index eb90aa8..74908e1 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1694,12 +1704,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1700,12 +1706,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked =3D 0; =20 sk =3D __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -76176,7 +74481,7 @@ index eb90aa8..74908e1 100644 =20 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1749,6 +1766,10 @@ no_tcp_socket: +@@ -1755,6 +1768,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -76187,7 +74492,7 @@ index eb90aa8..74908e1 100644 tcp_v4_send_reset(NULL, skb); } =20 -@@ -2409,7 +2430,11 @@ static void get_openreq4(const struct sock *sk, c= onst struct request_sock *req, +@@ -2417,7 +2434,11 @@ static void get_openreq4(const struct sock *sk, c= onst struct request_sock *req, 0, /* non standard timer */ 0, /* open_requests have no inode */ atomic_read(&sk->sk_refcnt), @@ -76199,7 +74504,7 @@ index eb90aa8..74908e1 100644 len); } =20 -@@ -2459,7 +2484,12 @@ static void get_tcp4_sock(struct sock *sk, struct= seq_file *f, int i, int *len) +@@ -2467,7 +2488,12 @@ static void get_tcp4_sock(struct sock *sk, struct= seq_file *f, int i, int *len) sock_i_uid(sk), icsk->icsk_probes_out, sock_i_ino(sk), @@ -76213,7 +74518,7 @@ index eb90aa8..74908e1 100644 jiffies_to_clock_t(icsk->icsk_rto), jiffies_to_clock_t(icsk->icsk_ack.ato), (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong, -@@ -2487,7 +2517,13 @@ static void get_timewait4_sock(const struct inet_= timewait_sock *tw, +@@ -2495,7 +2521,13 @@ static void get_timewait4_sock(const struct inet_= timewait_sock *tw, " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK%n", i, src, srcp, dest, destp, tw->tw_substate, 0, 0, 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, @@ -76229,7 +74534,7 @@ index eb90aa8..74908e1 100644 =20 #define TMPSZ 150 diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c -index 66363b6..b0654a3 100644 +index 550e755..25721b3 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -27,6 +27,10 @@ @@ -76243,7 +74548,7 @@ index 66363b6..b0654a3 100644 int sysctl_tcp_syncookies __read_mostly =3D 1; EXPORT_SYMBOL(sysctl_tcp_syncookies); =20 -@@ -751,6 +755,10 @@ listen_overflow: +@@ -753,6 +757,10 @@ listen_overflow: =20 embryonic_reset: NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS); @@ -76268,7 +74573,7 @@ index 85ee7eb..53277ab 100644 cnt +=3D width; } diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c -index 2e0f0af..e2948bf 100644 +index cd2e072..1fffee2 100644 --- a/net/ipv4/tcp_timer.c +++ b/net/ipv4/tcp_timer.c @@ -22,6 +22,10 @@ @@ -76282,7 +74587,7 @@ index 2e0f0af..e2948bf 100644 int sysctl_tcp_syn_retries __read_mostly =3D TCP_SYN_RETRIES; int sysctl_tcp_synack_retries __read_mostly =3D TCP_SYNACK_RETRIES; int sysctl_tcp_keepalive_time __read_mostly =3D TCP_KEEPALIVE_TIME; -@@ -199,6 +203,13 @@ static int tcp_write_timeout(struct sock *sk) +@@ -196,6 +200,13 @@ static int tcp_write_timeout(struct sock *sk) } } =20 @@ -76297,7 +74602,7 @@ index 2e0f0af..e2948bf 100644 syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) { /* Has it gone just too far? */ diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c -index 5a65eea..bd913a1 100644 +index 5d075b5..d907d5f 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -86,6 +86,7 @@ @@ -76319,7 +74624,7 @@ index 5a65eea..bd913a1 100644 struct udp_table udp_table __read_mostly; EXPORT_SYMBOL(udp_table); =20 -@@ -565,6 +570,9 @@ found: +@@ -566,6 +571,9 @@ found: return s; } =20 @@ -76329,7 +74634,7 @@ index 5a65eea..bd913a1 100644 /* * This routine is called by the ICMP module when it gets some * sort of error condition. If err < 0 then the socket should -@@ -856,9 +864,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk= , struct msghdr *msg, +@@ -857,9 +865,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk= , struct msghdr *msg, dport =3D usin->sin_port; if (dport =3D=3D 0) return -EINVAL; @@ -76348,7 +74653,7 @@ index 5a65eea..bd913a1 100644 daddr =3D inet->inet_daddr; dport =3D inet->inet_dport; /* Open fast path for connected socket. -@@ -1099,7 +1116,7 @@ static unsigned int first_packet_length(struct soc= k *sk) +@@ -1100,7 +1117,7 @@ static unsigned int first_packet_length(struct soc= k *sk) udp_lib_checksum_complete(skb)) { UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, IS_UDPLITE(sk)); @@ -76357,7 +74662,7 @@ index 5a65eea..bd913a1 100644 __skb_unlink(skb, rcvq); __skb_queue_tail(&list_kill, skb); } -@@ -1185,6 +1202,10 @@ try_again: +@@ -1186,6 +1203,10 @@ try_again: if (!skb) goto out; =20 @@ -76368,7 +74673,7 @@ index 5a65eea..bd913a1 100644 ulen =3D skb->len - sizeof(struct udphdr); copied =3D len; if (copied > ulen) -@@ -1487,7 +1508,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_b= uff *skb) +@@ -1489,7 +1510,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_b= uff *skb) =20 drop: UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); @@ -76377,7 +74682,7 @@ index 5a65eea..bd913a1 100644 kfree_skb(skb); return -1; } -@@ -1506,7 +1527,7 @@ static void flush_stack(struct sock **stack, unsig= ned int count, +@@ -1508,7 +1529,7 @@ static void flush_stack(struct sock **stack, unsig= ned int count, skb1 =3D (i =3D=3D final) ? skb : skb_clone(skb, GFP_ATOMIC); =20 if (!skb1) { @@ -76386,7 +74691,7 @@ index 5a65eea..bd913a1 100644 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk)); UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, -@@ -1675,6 +1696,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp= _table *udptable, +@@ -1677,6 +1698,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp= _table *udptable, goto csum_error; =20 UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto =3D=3D IPPROTO_UDPLITE); @@ -76396,7 +74701,7 @@ index 5a65eea..bd913a1 100644 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); =20 /* -@@ -2098,8 +2122,13 @@ static void udp4_format_sock(struct sock *sp, str= uct seq_file *f, +@@ -2100,8 +2124,13 @@ static void udp4_format_sock(struct sock *sp, str= uct seq_file *f, sk_wmem_alloc_get(sp), sk_rmem_alloc_get(sp), 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -76413,10 +74718,10 @@ index 5a65eea..bd913a1 100644 =20 int udp4_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index a5521c5..984a2f4 100644 +index 6b8ebc5..1d624f4 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c -@@ -2153,7 +2153,7 @@ int addrconf_set_dstaddr(struct net *net, void __u= ser *arg) +@@ -2145,7 +2145,7 @@ int addrconf_set_dstaddr(struct net *net, void __u= ser *arg) p.iph.ihl =3D 5; p.iph.protocol =3D IPPROTO_IPV6; p.iph.ttl =3D 64; @@ -76425,21 +74730,8 @@ index a5521c5..984a2f4 100644 =20 if (ops->ndo_do_ioctl) { mm_segment_t oldfs =3D get_fs(); -diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c -index 4c0f894..fca5d15 100644 ---- a/net/ipv6/ah6.c -+++ b/net/ipv6/ah6.c -@@ -56,6 +56,8 @@ struct ah_skb_cb { - #define AH_SKB_CB(__skb) ((struct ah_skb_cb *)&((__skb)->cb[0])) -=20 - static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags, -+ unsigned int size) __size_overflow(3); -+static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags, - unsigned int size) - { - unsigned int len; diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connectio= n_sock.c -index 1567fb1..29af910 100644 +index 02dd203..e03fcc9 100644 --- a/net/ipv6/inet6_connection_sock.c +++ b/net/ipv6/inet6_connection_sock.c @@ -178,7 +178,7 @@ void __inet6_csk_dst_store(struct sock *sk, struct d= st_entry *dst, @@ -76461,7 +74753,7 @@ index 1567fb1..29af910 100644 dst =3D NULL; } diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c -index 26cb08c..8af9877 100644 +index 18a2719..779f36a 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c @@ -960,7 +960,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int l= evel, int optname, @@ -76473,33 +74765,8 @@ index 26cb08c..8af9877 100644 msg.msg_controllen =3D len; msg.msg_flags =3D flags; =20 -diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_ta= bles.c -index 94874b0..dc413fa 100644 ---- a/net/ipv6/netfilter/ip6_tables.c -+++ b/net/ipv6/netfilter/ip6_tables.c -@@ -1194,6 +1194,10 @@ get_entries(struct net *net, struct ip6t_get_entr= ies __user *uptr, - static int - __do_replace(struct net *net, const char *name, unsigned int valid_hook= s, - struct xt_table_info *newinfo, unsigned int num_counters, -+ void __user *counters_ptr) __size_overflow(5); -+static int -+__do_replace(struct net *net, const char *name, unsigned int valid_hook= s, -+ struct xt_table_info *newinfo, unsigned int num_counters, - void __user *counters_ptr) - { - int ret; -@@ -1315,6 +1319,9 @@ do_replace(struct net *net, const void __user *use= r, unsigned int len) -=20 - static int - do_add_counters(struct net *net, const void __user *user, unsigned int = len, -+ int compat) __size_overflow(3); -+static int -+do_add_counters(struct net *net, const void __user *user, unsigned int = len, - int compat) - { - unsigned int i, curcpu; diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c -index 361ebf3..d5628fb 100644 +index d02f7e4..2d2a0f1 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -377,7 +377,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, str= uct sk_buff *skb) @@ -76511,7 +74778,7 @@ index 361ebf3..d5628fb 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -404,7 +404,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb) +@@ -405,7 +405,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb) struct raw6_sock *rp =3D raw6_sk(sk); =20 if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) { @@ -76520,7 +74787,7 @@ index 361ebf3..d5628fb 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -428,7 +428,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb) +@@ -429,7 +429,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb) =20 if (inet->hdrincl) { if (skb_checksum_complete(skb)) { @@ -76529,7 +74796,7 @@ index 361ebf3..d5628fb 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -601,7 +601,7 @@ out: +@@ -602,7 +602,7 @@ out: return err; } =20 @@ -76538,7 +74805,7 @@ index 361ebf3..d5628fb 100644 struct flowi6 *fl6, struct dst_entry **dstp, unsigned int flags) { -@@ -909,12 +909,15 @@ do_confirm: +@@ -912,12 +912,15 @@ do_confirm: static int rawv6_seticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int optlen) { @@ -76555,7 +74822,7 @@ index 361ebf3..d5628fb 100644 return 0; default: return -ENOPROTOOPT; -@@ -927,6 +930,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int = level, int optname, +@@ -930,6 +933,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int = level, int optname, char __user *optval, int __user *optlen) { int len; @@ -76563,7 +74830,7 @@ index 361ebf3..d5628fb 100644 =20 switch (optname) { case ICMPV6_FILTER: -@@ -938,7 +942,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int = level, int optname, +@@ -941,7 +945,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int = level, int optname, len =3D sizeof(struct icmp6_filter); if (put_user(len, optlen)) return -EFAULT; @@ -76573,7 +74840,7 @@ index 361ebf3..d5628fb 100644 return -EFAULT; return 0; default: -@@ -1245,7 +1250,13 @@ static void raw6_sock_seq_show(struct seq_file *s= eq, struct sock *sp, int i) +@@ -1248,7 +1253,13 @@ static void raw6_sock_seq_show(struct seq_file *s= eq, struct sock *sp, int i) 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -76589,10 +74856,10 @@ index 361ebf3..d5628fb 100644 =20 static int raw6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index b859e4a..f9d1589 100644 +index 3edd05a..63aad01 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c -@@ -93,6 +93,10 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(st= ruct sock *sk, +@@ -94,6 +94,10 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(st= ruct sock *sk, } #endif =20 @@ -76603,7 +74870,7 @@ index b859e4a..f9d1589 100644 static void tcp_v6_hash(struct sock *sk) { if (sk->sk_state !=3D TCP_CLOSE) { -@@ -1651,6 +1655,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct s= k_buff *skb) +@@ -1650,6 +1654,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct s= k_buff *skb) return 0; =20 reset: @@ -76613,7 +74880,7 @@ index b859e4a..f9d1589 100644 tcp_v6_send_reset(sk, skb); discard: if (opt_skb) -@@ -1730,12 +1737,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) +@@ -1729,12 +1736,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked =3D 0; =20 sk =3D __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -76636,7 +74903,7 @@ index b859e4a..f9d1589 100644 =20 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1783,6 +1798,10 @@ no_tcp_socket: +@@ -1782,6 +1797,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -76692,7 +74959,7 @@ index b859e4a..f9d1589 100644 =20 static int tcp6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c -index 8c25419..47a51ae 100644 +index 4f96b5c..75543d7 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -50,6 +50,10 @@ @@ -76706,7 +74973,7 @@ index 8c25419..47a51ae 100644 int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2) { const struct in6_addr *sk_rcv_saddr6 =3D &inet6_sk(sk)->rcv_saddr; -@@ -549,7 +553,7 @@ int udpv6_queue_rcv_skb(struct sock * sk, struct sk_= buff *skb) +@@ -551,7 +555,7 @@ int udpv6_queue_rcv_skb(struct sock * sk, struct sk_= buff *skb) =20 return 0; drop: @@ -76715,7 +74982,7 @@ index 8c25419..47a51ae 100644 drop_no_sk_drops_inc: UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); kfree_skb(skb); -@@ -625,7 +629,7 @@ static void flush_stack(struct sock **stack, unsigne= d int count, +@@ -627,7 +631,7 @@ static void flush_stack(struct sock **stack, unsigne= d int count, continue; } drop: @@ -76724,7 +74991,7 @@ index 8c25419..47a51ae 100644 UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk)); UDP6_INC_STATS_BH(sock_net(sk), -@@ -780,6 +784,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_t= able *udptable, +@@ -782,6 +786,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_t= able *udptable, UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto =3D=3D IPPROTO_UDPLITE); =20 @@ -76734,7 +75001,7 @@ index 8c25419..47a51ae 100644 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0); =20 kfree_skb(skb); -@@ -796,7 +803,7 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_t= able *udptable, +@@ -798,7 +805,7 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_t= able *udptable, if (!sock_owned_by_user(sk)) udpv6_queue_rcv_skb(sk, skb); else if (sk_add_backlog(sk, skb)) { @@ -76743,7 +75010,7 @@ index 8c25419..47a51ae 100644 bh_unlock_sock(sk); sock_put(sk); goto discard; -@@ -1407,8 +1414,13 @@ static void udp6_sock_seq_show(struct seq_file *s= eq, struct sock *sp, int bucket +@@ -1410,8 +1417,13 @@ static void udp6_sock_seq_show(struct seq_file *s= eq, struct sock *sp, int bucket 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -76886,10 +75153,10 @@ index 253695d..9481ce8 100644 seq_printf(m, "Max header size: %d\n", self->max_header_size); =20 diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c -index 274d150..656a144 100644 +index d5c5b8f..33beff0 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c -@@ -787,10 +787,10 @@ static int iucv_sock_autobind(struct sock *sk) +@@ -764,10 +764,10 @@ static int iucv_sock_autobind(struct sock *sk) =20 write_lock_bh(&iucv_sk_list.lock); =20 @@ -76903,7 +75170,7 @@ index 274d150..656a144 100644 =20 write_unlock_bh(&iucv_sk_list.lock); diff --git a/net/key/af_key.c b/net/key/af_key.c -index 1e733e9..3d73c9f 100644 +index 11dbb22..c20f667 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -3016,10 +3016,10 @@ static int pfkey_send_policy_notify(struct xfrm_= policy *xp, int dir, const struc @@ -76920,10 +75187,10 @@ index 1e733e9..3d73c9f 100644 return res; } diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index 73495f1..ad51356 100644 +index 2f0642d..e5c6fba 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h -@@ -27,6 +27,7 @@ +@@ -28,6 +28,7 @@ #include #include #include @@ -76931,7 +75198,7 @@ index 73495f1..ad51356 100644 #include "key.h" #include "sta_info.h" =20 -@@ -764,7 +765,7 @@ struct ieee80211_local { +@@ -781,7 +782,7 @@ struct ieee80211_local { /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ spinlock_t queue_stop_reason_lock; =20 @@ -76941,10 +75208,10 @@ index 73495f1..ad51356 100644 /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c -index 30d7355..e260095 100644 +index 8e2137b..2974283 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c -@@ -211,7 +211,7 @@ static int ieee80211_do_open(struct net_device *dev,= bool coming_up) +@@ -222,7 +222,7 @@ static int ieee80211_do_open(struct net_device *dev,= bool coming_up) break; } =20 @@ -76953,7 +75220,7 @@ index 30d7355..e260095 100644 res =3D drv_start(local); if (res) goto err_del_bss; -@@ -235,7 +235,7 @@ static int ieee80211_do_open(struct net_device *dev,= bool coming_up) +@@ -246,7 +246,7 @@ static int ieee80211_do_open(struct net_device *dev,= bool coming_up) memcpy(dev->perm_addr, dev->dev_addr, ETH_ALEN); =20 if (!is_valid_ether_addr(dev->dev_addr)) { @@ -76962,25 +75229,25 @@ index 30d7355..e260095 100644 drv_stop(local); return -EADDRNOTAVAIL; } -@@ -327,7 +327,7 @@ static int ieee80211_do_open(struct net_device *dev,= bool coming_up) +@@ -347,7 +347,7 @@ static int ieee80211_do_open(struct net_device *dev,= bool coming_up) mutex_unlock(&local->mtx); =20 if (coming_up) - local->open_count++; + local_inc(&local->open_count); =20 - if (hw_reconf_flags) { + if (hw_reconf_flags) ieee80211_hw_config(local, hw_reconf_flags); -@@ -347,7 +347,7 @@ static int ieee80211_do_open(struct net_device *dev,= bool coming_up) +@@ -360,7 +360,7 @@ static int ieee80211_do_open(struct net_device *dev,= bool coming_up) err_del_interface: - drv_remove_interface(local, &sdata->vif); + drv_remove_interface(local, sdata); err_stop: - if (!local->open_count) + if (!local_read(&local->open_count)) drv_stop(local); err_del_bss: sdata->bss =3D NULL; -@@ -472,7 +472,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_i= f_data *sdata, +@@ -489,7 +489,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_i= f_data *sdata, } =20 if (going_down) @@ -76989,7 +75256,7 @@ index 30d7355..e260095 100644 =20 switch (sdata->vif.type) { case NL80211_IFTYPE_AP_VLAN: -@@ -531,7 +531,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_i= f_data *sdata, +@@ -548,7 +548,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_i= f_data *sdata, =20 ieee80211_recalc_ps(local, -1); =20 @@ -76999,10 +75266,10 @@ index 30d7355..e260095 100644 napi_disable(&local->napi); ieee80211_clear_tx_pending(local); diff --git a/net/mac80211/main.c b/net/mac80211/main.c -index 7d9b21d..0687004 100644 +index b142bd4..a651749 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c -@@ -163,7 +163,7 @@ int ieee80211_hw_config(struct ieee80211_local *loca= l, u32 changed) +@@ -166,7 +166,7 @@ int ieee80211_hw_config(struct ieee80211_local *loca= l, u32 changed) local->hw.conf.power_level =3D power; } =20 @@ -77012,7 +75279,7 @@ index 7d9b21d..0687004 100644 /* * Goal: diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c -index 9ee7164..56c5061 100644 +index 596efaf..8f1911f 100644 --- a/net/mac80211/pm.c +++ b/net/mac80211/pm.c @@ -34,7 +34,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struc= t cfg80211_wowlan *wowlan) @@ -77043,7 +75310,7 @@ index 9ee7164..56c5061 100644 =20 suspend: diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c -index 7d84b87..6a69cd9 100644 +index f9b8e81..bb89b46 100644 --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c @@ -401,7 +401,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_lo= cal *local, @@ -77069,12 +75336,12 @@ index c97a065..ff61928 100644 =20 return p; diff --git a/net/mac80211/util.c b/net/mac80211/util.c -index d5230ec..c604b21 100644 +index 9919892..8c49803 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c -@@ -1000,7 +1000,7 @@ int ieee80211_reconfig(struct ieee80211_local *loc= al) - drv_set_coverage_class(local, hw->wiphy->coverage_class); -=20 +@@ -1143,7 +1143,7 @@ int ieee80211_reconfig(struct ieee80211_local *loc= al) + } + #endif /* everything else happens only if HW was up & running */ - if (!local->open_count) + if (!local_read(&local->open_count)) @@ -77082,10 +75349,10 @@ index d5230ec..c604b21 100644 =20 /* diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig -index d5597b7..ab6d39c 100644 +index f8ac4ef..b02560b 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig -@@ -779,6 +779,16 @@ config NETFILTER_XT_MATCH_ESP +@@ -806,6 +806,16 @@ config NETFILTER_XT_MATCH_ESP =20 To compile it as a module, choose M here. If unsure, say N. =20 @@ -77103,12 +75370,12 @@ index d5597b7..ab6d39c 100644 tristate '"hashlimit" match support' depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=3Dn) diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile -index 1a02853..5d8c22e 100644 +index 40f4c3d..0d5dd6b 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile -@@ -81,6 +81,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DCCP) +=3D xt_dccp.o - obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) +=3D xt_devgroup.o +@@ -83,6 +83,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) +=3D xt_devg= roup.o obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) +=3D xt_dscp.o + obj-$(CONFIG_NETFILTER_XT_MATCH_ECN) +=3D xt_ecn.o obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) +=3D xt_esp.o +obj-$(CONFIG_NETFILTER_XT_MATCH_GRADM) +=3D xt_gradm.o obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) +=3D xt_hashlimit.o @@ -77146,7 +75413,7 @@ index 29fa5ba..8debc79 100644 =20 if (!todrop_rate[i]) return 0; diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_= core.c -index 6dc7d7d..e45913a 100644 +index 2555816..31492d9 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c @@ -562,7 +562,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk= _buff *skb, @@ -77168,7 +75435,7 @@ index 6dc7d7d..e45913a 100644 if ((ipvs->sync_state & IP_VS_STATE_MASTER) && cp->protocol =3D=3D IPPROTO_SCTP) { diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_c= tl.c -index e1a66cf..0910076 100644 +index b3afe18..08ec940 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -788,7 +788,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struc= t ip_vs_dest *dest, @@ -77217,7 +75484,7 @@ index e1a66cf..0910076 100644 NLA_PUT_U32(skb, IPVS_DEST_ATTR_U_THRESH, dest->u_threshold); NLA_PUT_U32(skb, IPVS_DEST_ATTR_L_THRESH, dest->l_threshold); diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_= sync.c -index 2b6678c0..aaa41fc 100644 +index 8a0d6d6..90ec197 100644 --- a/net/netfilter/ipvs/ip_vs_sync.c +++ b/net/netfilter/ipvs/ip_vs_sync.c @@ -649,7 +649,7 @@ control: @@ -77239,7 +75506,7 @@ index 2b6678c0..aaa41fc 100644 cp->old_state =3D cp->state; /* diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_= xmit.c -index aa2d720..d8aa111 100644 +index 7fd66de..e6fb361 100644 --- a/net/netfilter/ipvs/ip_vs_xmit.c +++ b/net/netfilter/ipvs/ip_vs_xmit.c @@ -1151,7 +1151,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_= conn *cp, @@ -77374,10 +75641,10 @@ index 4fe4fb4..87a89e5 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index 1201b6d..bcff8c6 100644 +index 629b061..21cd04c 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c -@@ -742,7 +742,7 @@ static void netlink_overrun(struct sock *sk) +@@ -741,7 +741,7 @@ static void netlink_overrun(struct sock *sk) sk->sk_error_report(sk); } } @@ -77386,7 +75653,7 @@ index 1201b6d..bcff8c6 100644 } =20 static struct sock *netlink_getsockbypid(struct sock *ssk, u32 pid) -@@ -1999,7 +1999,7 @@ static int netlink_seq_show(struct seq_file *seq, = void *v) +@@ -1995,7 +1995,7 @@ static int netlink_seq_show(struct seq_file *seq, = void *v) sk_wmem_alloc_get(s), nlk->cb, atomic_read(&s->sk_refcnt), @@ -77396,7 +75663,7 @@ index 1201b6d..bcff8c6 100644 ); =20 diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c -index 732152f..60bb09e 100644 +index 7dab229..212156f 100644 --- a/net/netrom/af_netrom.c +++ b/net/netrom/af_netrom.c @@ -839,6 +839,7 @@ static int nr_getname(struct socket *sock, struct so= ckaddr *uaddr, @@ -77416,10 +75683,10 @@ index 732152f..60bb09e 100644 *uaddr_len =3D sizeof(struct sockaddr_ax25); } diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index d9d4970..d5a6a68 100644 +index 2dbb32b..a1b4722 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c -@@ -1675,7 +1675,7 @@ static int packet_rcv(struct sk_buff *skb, struct = net_device *dev, +@@ -1676,7 +1676,7 @@ static int packet_rcv(struct sk_buff *skb, struct = net_device *dev, =20 spin_lock(&sk->sk_receive_queue.lock); po->stats.tp_packets++; @@ -77428,7 +75695,7 @@ index d9d4970..d5a6a68 100644 __skb_queue_tail(&sk->sk_receive_queue, skb); spin_unlock(&sk->sk_receive_queue.lock); sk->sk_data_ready(sk, skb->len); -@@ -1684,7 +1684,7 @@ static int packet_rcv(struct sk_buff *skb, struct = net_device *dev, +@@ -1685,7 +1685,7 @@ static int packet_rcv(struct sk_buff *skb, struct = net_device *dev, drop_n_acct: spin_lock(&sk->sk_receive_queue.lock); po->stats.tp_drops++; @@ -77437,7 +75704,7 @@ index d9d4970..d5a6a68 100644 spin_unlock(&sk->sk_receive_queue.lock); =20 drop_n_restore: -@@ -3266,7 +3266,7 @@ static int packet_getsockopt(struct socket *sock, = int level, int optname, +@@ -3271,7 +3271,7 @@ static int packet_getsockopt(struct socket *sock, = int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len =3D sizeof(int); @@ -77446,7 +75713,7 @@ index d9d4970..d5a6a68 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -3316,7 +3316,7 @@ static int packet_getsockopt(struct socket *sock, = int level, int optname, +@@ -3321,7 +3321,7 @@ static int packet_getsockopt(struct socket *sock, = int level, int optname, =20 if (put_user(len, optlen)) return -EFAULT; @@ -77478,7 +75745,7 @@ index d65f699..05aa6ce 100644 =20 err =3D proto_register(pp->prot, 1); diff --git a/net/phonet/pep.c b/net/phonet/pep.c -index 2ba6e9f..409573f 100644 +index 9f60008..ae96f04 100644 --- a/net/phonet/pep.c +++ b/net/phonet/pep.c @@ -388,7 +388,7 @@ static int pipe_do_rcv(struct sock *sk, struct sk_bu= ff *skb) @@ -77499,7 +75766,7 @@ index 2ba6e9f..409573f 100644 err =3D -ENOBUFS; break; } -@@ -557,7 +557,7 @@ static int pipe_handler_do_rcv(struct sock *sk, stru= ct sk_buff *skb) +@@ -580,7 +580,7 @@ static int pipe_handler_do_rcv(struct sock *sk, stru= ct sk_buff *skb) } =20 if (pn->rx_credits =3D=3D 0) { @@ -77695,7 +75962,7 @@ index 74c064c..fdec26f 100644 /* count of skbs currently in use */ atomic_t rxrpc_n_skbs; diff --git a/net/rxrpc/ar-ack.c b/net/rxrpc/ar-ack.c -index f99cfce..cc529dd 100644 +index c3126e8..21facc7 100644 --- a/net/rxrpc/ar-ack.c +++ b/net/rxrpc/ar-ack.c @@ -175,7 +175,7 @@ static void rxrpc_resend(struct rxrpc_call *call) @@ -77863,7 +76130,7 @@ index 87f7135..74d3703 100644 } =20 diff --git a/net/rxrpc/ar-output.c b/net/rxrpc/ar-output.c -index 338d793..47391d0 100644 +index 16ae887..d24f12b 100644 --- a/net/rxrpc/ar-output.c +++ b/net/rxrpc/ar-output.c @@ -682,9 +682,9 @@ static int rxrpc_send_data(struct kiocb *iocb, @@ -77956,7 +76223,7 @@ index 1e2eee8..ce3967e 100644 assoc->assoc_id, assoc->sndbuf_used, diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index 54a7cd2..944edae 100644 +index 408ebd0..202aa85 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -4574,7 +4574,7 @@ static int sctp_getsockopt_peer_addrs(struct sock = *sk, int len, @@ -77969,7 +76236,7 @@ index 54a7cd2..944edae 100644 to +=3D addrlen; cnt++; diff --git a/net/socket.c b/net/socket.c -index 2dce67a..1e91168 100644 +index 28a96af..61a7a06 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -77998,7 +76265,7 @@ index 2dce67a..1e91168 100644 =20 static struct file_system_type sock_fs_type =3D { .name =3D "sockfs", -@@ -1187,6 +1190,8 @@ int __sock_create(struct net *net, int family, int= type, int protocol, +@@ -1207,6 +1210,8 @@ int __sock_create(struct net *net, int family, int= type, int protocol, return -EAFNOSUPPORT; if (type < 0 || type >=3D SOCK_MAX) return -EINVAL; @@ -78007,7 +76274,7 @@ index 2dce67a..1e91168 100644 =20 /* Compatibility. =20 -@@ -1319,6 +1324,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, i= nt, protocol) +@@ -1339,6 +1344,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, i= nt, protocol) if (SOCK_NONBLOCK !=3D O_NONBLOCK && (flags & SOCK_NONBLOCK)) flags =3D (flags & ~SOCK_NONBLOCK) | O_NONBLOCK; =20 @@ -78024,7 +76291,7 @@ index 2dce67a..1e91168 100644 retval =3D sock_create(family, type, protocol, &sock); if (retval < 0) goto out; -@@ -1431,6 +1446,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __= user *, umyaddr, int, addrlen) +@@ -1451,6 +1466,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __= user *, umyaddr, int, addrlen) if (sock) { err =3D move_addr_to_kernel(umyaddr, addrlen, (struct sockaddr *)&add= ress); if (err >=3D 0) { @@ -78039,7 +76306,7 @@ index 2dce67a..1e91168 100644 err =3D security_socket_bind(sock, (struct sockaddr *)&address, addrlen); -@@ -1439,6 +1462,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __u= ser *, umyaddr, int, addrlen) +@@ -1459,6 +1482,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __u= ser *, umyaddr, int, addrlen) (struct sockaddr *) &address, addrlen); } @@ -78047,7 +76314,7 @@ index 2dce67a..1e91168 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1462,10 +1486,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) +@@ -1482,10 +1506,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) if ((unsigned)backlog > somaxconn) backlog =3D somaxconn; =20 @@ -78068,7 +76335,7 @@ index 2dce67a..1e91168 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1509,6 +1543,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr= __user *, upeer_sockaddr, +@@ -1529,6 +1563,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr= __user *, upeer_sockaddr, newsock->type =3D sock->type; newsock->ops =3D sock->ops; =20 @@ -78087,7 +76354,7 @@ index 2dce67a..1e91168 100644 /* * We don't need try_module_get here, as the listening socket (sock) * has the protocol module (sock->ops->owner) held. -@@ -1547,6 +1593,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr = __user *, upeer_sockaddr, +@@ -1567,6 +1613,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr = __user *, upeer_sockaddr, fd_install(newfd, newfile); err =3D newfd; =20 @@ -78096,7 +76363,7 @@ index 2dce67a..1e91168 100644 out_put: fput_light(sock->file, fput_needed); out: -@@ -1579,6 +1627,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr = __user *, uservaddr, +@@ -1599,6 +1647,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr = __user *, uservaddr, int, addrlen) { struct socket *sock; @@ -78104,7 +76371,7 @@ index 2dce67a..1e91168 100644 struct sockaddr_storage address; int err, fput_needed; =20 -@@ -1589,6 +1638,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr= __user *, uservaddr, +@@ -1609,6 +1658,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr= __user *, uservaddr, if (err < 0) goto out_put; =20 @@ -78122,7 +76389,7 @@ index 2dce67a..1e91168 100644 err =3D security_socket_connect(sock, (struct sockaddr *)&address, addrlen= ); if (err) -@@ -1950,7 +2010,7 @@ static int __sys_sendmsg(struct socket *sock, stru= ct msghdr __user *msg, +@@ -1970,7 +2030,7 @@ static int __sys_sendmsg(struct socket *sock, stru= ct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -78131,7 +76398,7 @@ index 2dce67a..1e91168 100644 ctl_len)) goto out_freectl; msg_sys->msg_control =3D ctl_buf; -@@ -2120,7 +2180,7 @@ static int __sys_recvmsg(struct socket *sock, stru= ct msghdr __user *msg, +@@ -2140,7 +2200,7 @@ static int __sys_recvmsg(struct socket *sock, stru= ct msghdr __user *msg, * kernel msghdr to use the kernel address space) */ =20 @@ -78140,7 +76407,7 @@ index 2dce67a..1e91168 100644 uaddr_len =3D COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) { err =3D verify_compat_iovec(msg_sys, iov, -@@ -2748,7 +2808,7 @@ static int ethtool_ioctl(struct net *net, struct c= ompat_ifreq __user *ifr32) +@@ -2768,7 +2828,7 @@ static int ethtool_ioctl(struct net *net, struct c= ompat_ifreq __user *ifr32) } =20 ifr =3D compat_alloc_user_space(buf_size); @@ -78149,7 +76416,7 @@ index 2dce67a..1e91168 100644 =20 if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ)) return -EFAULT; -@@ -2772,12 +2832,12 @@ static int ethtool_ioctl(struct net *net, struct= compat_ifreq __user *ifr32) +@@ -2792,12 +2852,12 @@ static int ethtool_ioctl(struct net *net, struct= compat_ifreq __user *ifr32) offsetof(struct ethtool_rxnfc, fs.ring_cookie)); =20 if (copy_in_user(rxnfc, compat_rxnfc, @@ -78166,7 +76433,7 @@ index 2dce67a..1e91168 100644 copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2789,12 +2849,12 @@ static int ethtool_ioctl(struct net *net, struct= compat_ifreq __user *ifr32) +@@ -2809,12 +2869,12 @@ static int ethtool_ioctl(struct net *net, struct= compat_ifreq __user *ifr32) =20 if (convert_out) { if (copy_in_user(compat_rxnfc, rxnfc, @@ -78183,7 +76450,7 @@ index 2dce67a..1e91168 100644 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2864,7 +2924,7 @@ static int bond_ioctl(struct net *net, unsigned in= t cmd, +@@ -2884,7 +2944,7 @@ static int bond_ioctl(struct net *net, unsigned in= t cmd, old_fs =3D get_fs(); set_fs(KERNEL_DS); err =3D dev_ioctl(net, cmd, @@ -78192,7 +76459,7 @@ index 2dce67a..1e91168 100644 set_fs(old_fs); =20 return err; -@@ -2973,7 +3033,7 @@ static int compat_sioc_ifmap(struct net *net, unsi= gned int cmd, +@@ -2993,7 +3053,7 @@ static int compat_sioc_ifmap(struct net *net, unsi= gned int cmd, =20 old_fs =3D get_fs(); set_fs(KERNEL_DS); @@ -78201,7 +76468,7 @@ index 2dce67a..1e91168 100644 set_fs(old_fs); =20 if (cmd =3D=3D SIOCGIFMAP && !err) { -@@ -3078,7 +3138,7 @@ static int routing_ioctl(struct net *net, struct s= ocket *sock, +@@ -3098,7 +3158,7 @@ static int routing_ioctl(struct net *net, struct s= ocket *sock, ret |=3D __get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |=3D copy_from_user(devname, compat_ptr(rtdev), 15); @@ -78210,7 +76477,7 @@ index 2dce67a..1e91168 100644 devname[15] =3D 0; } else r4.rt_dev =3D NULL; -@@ -3318,8 +3378,8 @@ int kernel_getsockopt(struct socket *sock, int lev= el, int optname, +@@ -3324,8 +3384,8 @@ int kernel_getsockopt(struct socket *sock, int lev= el, int optname, int __user *uoptlen; int err; =20 @@ -78221,7 +76488,7 @@ index 2dce67a..1e91168 100644 =20 set_fs(KERNEL_DS); if (level =3D=3D SOL_SOCKET) -@@ -3339,7 +3399,7 @@ int kernel_setsockopt(struct socket *sock, int lev= el, int optname, +@@ -3345,7 +3405,7 @@ int kernel_setsockopt(struct socket *sock, int lev= el, int optname, char __user *uoptval; int err; =20 @@ -78231,10 +76498,10 @@ index 2dce67a..1e91168 100644 set_fs(KERNEL_DS); if (level =3D=3D SOL_SOCKET) diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c -index 00a1a2a..6a0138a 100644 +index 3341d89..c662621 100644 --- a/net/sunrpc/sched.c +++ b/net/sunrpc/sched.c -@@ -238,9 +238,9 @@ static int rpc_wait_bit_killable(void *word) +@@ -239,9 +239,9 @@ static int rpc_wait_bit_killable(void *word) #ifdef RPC_DEBUG static void rpc_task_set_debuginfo(struct rpc_task *task) { @@ -78247,7 +76514,7 @@ index 00a1a2a..6a0138a 100644 #else static inline void rpc_task_set_debuginfo(struct rpc_task *task) diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c -index 71bed1c..5dff36d 100644 +index 4645709..d41d668 100644 --- a/net/sunrpc/svcsock.c +++ b/net/sunrpc/svcsock.c @@ -396,7 +396,7 @@ static int svc_partial_recvfrom(struct svc_rqst *rqs= tp, @@ -78415,7 +76682,7 @@ index 249a835..fb2794b 100644 goto err; return 0; diff --git a/net/sunrpc/xprtrdma/svc_rdma_transport.c b/net/sunrpc/xprtr= dma/svc_rdma_transport.c -index ba1296d..0fec1a5 100644 +index 894cb42..cf5bafb 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_transport.c +++ b/net/sunrpc/xprtrdma/svc_rdma_transport.c @@ -300,7 +300,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) @@ -78477,10 +76744,10 @@ index e758139..d29ea47 100644 return (mode << 6) | (mode << 3) | mode; } diff --git a/net/tipc/link.c b/net/tipc/link.c -index ae98a72..7bb6056 100644 +index ac1832a..533ed97 100644 --- a/net/tipc/link.c +++ b/net/tipc/link.c -@@ -1203,7 +1203,7 @@ static int link_send_sections_long(struct tipc_por= t *sender, +@@ -1205,7 +1205,7 @@ static int link_send_sections_long(struct tipc_por= t *sender, struct tipc_msg fragm_hdr; struct sk_buff *buf, *buf_chain, *prev; u32 fragm_crs, fragm_rest, hsz, sect_rest; @@ -78489,7 +76756,7 @@ index ae98a72..7bb6056 100644 int curr_sect; u32 fragm_no; =20 -@@ -1247,7 +1247,7 @@ again: +@@ -1249,7 +1249,7 @@ again: =20 if (!sect_rest) { sect_rest =3D msg_sect[++curr_sect].iov_len; @@ -78498,7 +76765,7 @@ index ae98a72..7bb6056 100644 } =20 if (sect_rest < fragm_rest) -@@ -1266,7 +1266,7 @@ error: +@@ -1268,7 +1268,7 @@ error: } } else skb_copy_to_linear_data_offset(buf, fragm_crs, @@ -78508,7 +76775,7 @@ index ae98a72..7bb6056 100644 sect_rest -=3D sz; fragm_crs +=3D sz; diff --git a/net/tipc/msg.c b/net/tipc/msg.c -index 83d5096..dcba497 100644 +index 3e4d3e2..27b55dc 100644 --- a/net/tipc/msg.c +++ b/net/tipc/msg.c @@ -99,7 +99,7 @@ int tipc_msg_build(struct tipc_msg *hdr, struct iovec = const *msg_sect, @@ -78521,10 +76788,10 @@ index 83d5096..dcba497 100644 pos +=3D msg_sect[cnt].iov_len; } diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c -index 1983717..4d6102c 100644 +index 8c49566..14510cb 100644 --- a/net/tipc/subscr.c +++ b/net/tipc/subscr.c -@@ -101,7 +101,7 @@ static void subscr_send_event(struct subscription *s= ub, +@@ -101,7 +101,7 @@ static void subscr_send_event(struct tipc_subscripti= on *sub, { struct iovec msg_sect; =20 @@ -78534,10 +76801,10 @@ index 1983717..4d6102c 100644 =20 sub->evt.event =3D htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index d99678a..3514a21 100644 +index 85d3bb7..79f4487 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c -@@ -767,6 +767,12 @@ static struct sock *unix_find_other(struct net *net= , +@@ -770,6 +770,12 @@ static struct sock *unix_find_other(struct net *net= , err =3D -ECONNREFUSED; if (!S_ISSOCK(inode->i_mode)) goto put_fail; @@ -78550,7 +76817,7 @@ index d99678a..3514a21 100644 u =3D unix_find_socket_byinode(inode); if (!u) goto put_fail; -@@ -787,6 +793,13 @@ static struct sock *unix_find_other(struct net *net= , +@@ -790,6 +796,13 @@ static struct sock *unix_find_other(struct net *net= , if (u) { struct dentry *dentry; dentry =3D unix_sk(u)->dentry; @@ -78564,7 +76831,7 @@ index d99678a..3514a21 100644 if (dentry) touch_atime(unix_sk(u)->mnt, dentry); } else -@@ -869,11 +882,18 @@ static int unix_bind(struct socket *sock, struct s= ockaddr *uaddr, int addr_len) +@@ -872,11 +885,18 @@ static int unix_bind(struct socket *sock, struct s= ockaddr *uaddr, int addr_len) err =3D security_path_mknod(&path, dentry, mode, 0); if (err) goto out_mknod_drop_write; @@ -78584,7 +76851,7 @@ index d99678a..3514a21 100644 dput(path.dentry); path.dentry =3D dentry; diff --git a/net/wireless/core.h b/net/wireless/core.h -index b9ec306..b4a563e 100644 +index 43ad9c8..ab5127c 100644 --- a/net/wireless/core.h +++ b/net/wireless/core.h @@ -27,7 +27,7 @@ struct cfg80211_registered_device { @@ -78634,7 +76901,7 @@ index 0af7f54..c916d2f 100644 =20 iwp->length +=3D essid_compat; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 9049a5c..cfa6f5c 100644 +index 7661576..80f7627 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -299,7 +299,7 @@ static void xfrm_policy_kill(struct xfrm_policy *pol= icy) @@ -78812,10 +77079,10 @@ index 0000000..8729101 +#!/bin/sh +echo -e "#include \"gcc-plugin.h\"\n#include \"tree.h\"\n#include \"tm.= h\"\n#include \"rtl.h\"" | $1 -x c -shared - -o /dev/null -I`$2 -print-fi= le-name=3Dplugin`/include >/dev/null 2>&1 && echo "y" diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c -index f936d1f..a66d95f 100644 +index b89efe6..2c30808 100644 --- a/scripts/mod/file2alias.c +++ b/scripts/mod/file2alias.c -@@ -72,7 +72,7 @@ static void device_id_check(const char *modname, const= char *device_id, +@@ -128,7 +128,7 @@ static void device_id_check(const char *modname, con= st char *device_id, unsigned long size, unsigned long id_size, void *symval) { @@ -78824,7 +77091,7 @@ index f936d1f..a66d95f 100644 =20 if (size % id_size || size < id_size) { if (cross_build !=3D 0) -@@ -102,7 +102,7 @@ static void device_id_check(const char *modname, con= st char *device_id, +@@ -158,7 +158,7 @@ static void device_id_check(const char *modname, con= st char *device_id, /* USB is special because the bcdDevice can be matched against a numeri= c range */ /* Looks like "usb:vNpNdNdcNdscNdpNicNiscNipN" */ static void do_usb_entry(struct usb_device_id *id, @@ -78833,7 +77100,7 @@ index f936d1f..a66d95f 100644 unsigned char range_lo, unsigned char range_hi, unsigned char max, struct module *mod) { -@@ -203,7 +203,7 @@ static void do_usb_entry_multi(struct usb_device_id = *id, struct module *mod) +@@ -259,7 +259,7 @@ static void do_usb_entry_multi(struct usb_device_id = *id, struct module *mod) { unsigned int devlo, devhi; unsigned char chi, clo, max; @@ -78842,7 +77109,7 @@ index f936d1f..a66d95f 100644 =20 id->match_flags =3D TO_NATIVE(id->match_flags); id->idVendor =3D TO_NATIVE(id->idVendor); -@@ -437,7 +437,7 @@ static void do_pnp_device_entry(void *symval, unsign= ed long size, +@@ -501,7 +501,7 @@ static void do_pnp_device_entry(void *symval, unsign= ed long size, for (i =3D 0; i < count; i++) { const char *id =3D (char *)devs[i].id; char acpi_id[sizeof(devs[0].id)]; @@ -78851,7 +77118,7 @@ index f936d1f..a66d95f 100644 =20 buf_printf(&mod->dev_table_buf, "MODULE_ALIAS(\"pnp:d%s*\");\n", id); -@@ -467,7 +467,7 @@ static void do_pnp_card_entries(void *symval, unsign= ed long size, +@@ -531,7 +531,7 @@ static void do_pnp_card_entries(void *symval, unsign= ed long size, =20 for (j =3D 0; j < PNP_MAX_DEVICES; j++) { const char *id =3D (char *)card->devs[j].id; @@ -78860,7 +77127,7 @@ index f936d1f..a66d95f 100644 int dup =3D 0; =20 if (!id[0]) -@@ -493,7 +493,7 @@ static void do_pnp_card_entries(void *symval, unsign= ed long size, +@@ -557,7 +557,7 @@ static void do_pnp_card_entries(void *symval, unsign= ed long size, /* add an individual alias for every device entry */ if (!dup) { char acpi_id[sizeof(card->devs[0].id)]; @@ -78869,7 +77136,7 @@ index f936d1f..a66d95f 100644 =20 buf_printf(&mod->dev_table_buf, "MODULE_ALIAS(\"pnp:d%s*\");\n", id); -@@ -807,7 +807,7 @@ static void dmi_ascii_filter(char *d, const char *s) +@@ -882,7 +882,7 @@ static void dmi_ascii_filter(char *d, const char *s) static int do_dmi_entry(const char *filename, struct dmi_system_id *id, char *alias) { @@ -78879,7 +77146,7 @@ index f936d1f..a66d95f 100644 sprintf(alias, "dmi*"); =20 diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index 2bd594e..d43245e 100644 +index 9adb667..c6ac044 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -919,6 +919,7 @@ enum mismatch { @@ -78931,7 +77198,7 @@ index 2bd594e..d43245e 100644 } fprintf(stderr, "\n"); } -@@ -1656,7 +1671,7 @@ static void section_rel(const char *modname, struc= t elf_info *elf, +@@ -1665,7 +1680,7 @@ static void section_rel(const char *modname, struc= t elf_info *elf, static void check_sec_ref(struct module *mod, const char *modname, struct elf_info *elf) { @@ -78940,7 +77207,7 @@ index 2bd594e..d43245e 100644 Elf_Shdr *sechdrs =3D elf->sechdrs; =20 /* Walk through all sections */ -@@ -1754,7 +1769,7 @@ void __attribute__((format(printf, 2, 3))) buf_pri= ntf(struct buffer *buf, +@@ -1763,7 +1778,7 @@ void __attribute__((format(printf, 2, 3))) buf_pri= ntf(struct buffer *buf, va_end(ap); } =20 @@ -78949,7 +77216,7 @@ index 2bd594e..d43245e 100644 { if (buf->size - buf->pos < len) { buf->size +=3D len + SZ; -@@ -1972,7 +1987,7 @@ static void write_if_changed(struct buffer *b, con= st char *fname) +@@ -1981,7 +1996,7 @@ static void write_if_changed(struct buffer *b, con= st char *fname) if (fstat(fileno(file), &st) < 0) goto close_write; =20 @@ -79025,10 +77292,10 @@ index 5c11312..72742b5 100644 write_hex_cnt =3D 0; for (i =3D 0; i < logo_clutsize; i++) { diff --git a/security/Kconfig b/security/Kconfig -index 51bd5a0..58c5b70 100644 +index 51bd5a0..3a4ebd0 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,639 @@ +@@ -4,6 +4,627 @@ =20 menu "Security options" =20 @@ -79120,6 +77387,7 @@ index 51bd5a0..58c5b70 100644 + +config PAX_XATTR_PAX_FLAGS + bool 'Use filesystem extended attributes marking' ++ depends on EXPERT + select CIFS_XATTR if CIFS + select EXT2_FS_XATTR if EXT2_FS + select EXT3_FS_XATTR if EXT3_FS @@ -79648,19 +77916,6 @@ index 51bd5a0..58c5b70 100644 + Since this has a negligible performance impact, you should enable + this feature. + -+config PAX_SIZE_OVERFLOW -+ bool "Prevent various integer overflows in function size parameters" -+ help -+ By saying Y here the kernel recomputes expressions of function -+ arguments marked by a size_overflow attribute with double integer -+ precision (DImode/TImode for 32/64 bit integer types). -+ -+ The recomputed argument is checked against INT_MAX and an event -+ is logged on overflow and the triggering process is killed. -+ -+ Homepage: -+ http://www.grsecurity.net/~ephox/overflow_plugin/ -+ +endmenu + +endmenu @@ -79668,7 +77923,7 @@ index 51bd5a0..58c5b70 100644 config KEYS bool "Enable access key retention support" help -@@ -169,7 +802,7 @@ config INTEL_TXT +@@ -169,7 +790,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -79678,10 +77933,10 @@ index 51bd5a0..58c5b70 100644 help This is the portion of low virtual memory which should be protected diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c -index 3783202..1852837 100644 +index 97ce8fa..23dad96 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c -@@ -621,7 +621,7 @@ static int apparmor_task_setrlimit(struct task_struc= t *task, +@@ -620,7 +620,7 @@ static int apparmor_task_setrlimit(struct task_struc= t *task, return error; } =20 @@ -79691,7 +77946,7 @@ index 3783202..1852837 100644 =20 .ptrace_access_check =3D apparmor_ptrace_access_check, diff --git a/security/commoncap.c b/security/commoncap.c -index ee4f848..a320c64 100644 +index 7ce191e..6c29c34 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -28,6 +28,7 @@ @@ -79702,16 +77957,7 @@ index ee4f848..a320c64 100644 =20 /* * If a non-root user executes a setuid-root binary in -@@ -58,7 +59,7 @@ int cap_netlink_send(struct sock *sk, struct sk_buff *= skb) -=20 - int cap_netlink_recv(struct sk_buff *skb, int cap) - { -- if (!cap_raised(current_cap(), cap)) -+ if (!cap_raised(current_cap(), cap) || !gr_is_capable(cap)) - return -EPERM; - return 0; - } -@@ -579,6 +580,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) +@@ -569,6 +570,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) { const struct cred *cred =3D current_cred(); =20 @@ -79749,25 +77995,6 @@ index 88a2788..581ab92 100644 =20 entry =3D kmalloc(sizeof(*entry), GFP_KERNEL); if (!entry) { -diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima= /ima_audit.c -index c5c5a72..2ad942f 100644 ---- a/security/integrity/ima/ima_audit.c -+++ b/security/integrity/ima/ima_audit.c -@@ -56,9 +56,11 @@ void integrity_audit_msg(int audit_msgno, struct inod= e *inode, - audit_log_format(ab, " name=3D"); - audit_log_untrustedstring(ab, fname); - } -- if (inode) -- audit_log_format(ab, " dev=3D%s ino=3D%lu", -- inode->i_sb->s_id, inode->i_ino); -+ if (inode) { -+ audit_log_format(ab, " dev=3D"); -+ audit_log_untrustedstring(ab, inode->i_sb->s_id); -+ audit_log_format(ab, " ino=3D%lu", inode->i_ino); -+ } - audit_log_format(ab, " res=3D%d", !result ? 0 : 1); - audit_log_end(ab); - } diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/im= a_fs.c index e1aa2b4..52027bf 100644 --- a/security/integrity/ima/ima_fs.c @@ -79854,7 +78081,7 @@ index 0b3f5d7..892c8a6 100644 if (iov !=3D iovstack) kfree(iov); diff --git a/security/keys/keyring.c b/security/keys/keyring.c -index 37a7f3b..86dc19f 100644 +index d605f75..2bc6be9 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -214,15 +214,15 @@ static long keyring_read(const struct key *keyring= , @@ -79876,54 +78103,6 @@ index 37a7f3b..86dc19f 100644 goto error; =20 buflen -=3D tmp; -diff --git a/security/lsm_audit.c b/security/lsm_audit.c -index 893af8a..ba9237c 100644 ---- a/security/lsm_audit.c -+++ b/security/lsm_audit.c -@@ -234,10 +234,11 @@ static void dump_common_audit_data(struct audit_bu= ffer *ab, - audit_log_d_path(ab, "path=3D", &a->u.path); -=20 - inode =3D a->u.path.dentry->d_inode; -- if (inode) -- audit_log_format(ab, " dev=3D%s ino=3D%lu", -- inode->i_sb->s_id, -- inode->i_ino); -+ if (inode) { -+ audit_log_format(ab, " dev=3D"); -+ audit_log_untrustedstring(ab, inode->i_sb->s_id); -+ audit_log_format(ab, " ino=3D%lu", inode->i_ino); -+ } - break; - } - case LSM_AUDIT_DATA_DENTRY: { -@@ -247,10 +248,11 @@ static void dump_common_audit_data(struct audit_bu= ffer *ab, - audit_log_untrustedstring(ab, a->u.dentry->d_name.name); -=20 - inode =3D a->u.dentry->d_inode; -- if (inode) -- audit_log_format(ab, " dev=3D%s ino=3D%lu", -- inode->i_sb->s_id, -- inode->i_ino); -+ if (inode) { -+ audit_log_format(ab, " dev=3D"); -+ audit_log_untrustedstring(ab, inode->i_sb->s_id); -+ audit_log_format(ab, " ino=3D%lu", inode->i_ino); -+ } - break; - } - case LSM_AUDIT_DATA_INODE: { -@@ -265,8 +267,9 @@ static void dump_common_audit_data(struct audit_buff= er *ab, - dentry->d_name.name); - dput(dentry); - } -- audit_log_format(ab, " dev=3D%s ino=3D%lu", inode->i_sb->s_id, -- inode->i_ino); -+ audit_log_format(ab, " dev=3D"); -+ audit_log_untrustedstring(ab, inode->i_sb->s_id); -+ audit_log_format(ab, " ino=3D%lu", inode->i_ino); - break; - } - case LSM_AUDIT_DATA_TASK: diff --git a/security/min_addr.c b/security/min_addr.c index f728728..6457a0c 100644 --- a/security/min_addr.c @@ -79945,7 +78124,7 @@ index f728728..6457a0c 100644 =20 /* diff --git a/security/security.c b/security/security.c -index e2f684a..8d62ef5 100644 +index d754249..8bf426e 100644 --- a/security/security.c +++ b/security/security.c @@ -26,8 +26,8 @@ @@ -79970,7 +78149,7 @@ index e2f684a..8d62ef5 100644 =20 /* Save user chosen LSM */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index 1126c10..effb32b 100644 +index 6a3683e..f52f4c0 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -94,8 +94,6 @@ @@ -79982,7 +78161,7 @@ index 1126c10..effb32b 100644 /* SECMARK reference count */ static atomic_t selinux_secmark_refcount =3D ATOMIC_INIT(0); =20 -@@ -5449,7 +5447,7 @@ static int selinux_key_getsecurity(struct key *key= , char **_buffer) +@@ -5429,7 +5427,7 @@ static int selinux_key_getsecurity(struct key *key= , char **_buffer) =20 #endif =20 @@ -80005,7 +78184,7 @@ index b43813c..74be837 100644 #else static inline int selinux_xfrm_enabled(void) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index 7db62b4..ee4d949 100644 +index e8af5b0b..78527ef 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3481,7 +3481,7 @@ static int smack_inode_getsecctx(struct inode *ino= de, void **ctx, u32 *ctxlen) @@ -80018,10 +78197,10 @@ index 7db62b4..ee4d949 100644 =20 .ptrace_access_check =3D smack_ptrace_access_check, diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c -index 4b327b6..646c57a 100644 +index 620d37c..e2ad89b 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c -@@ -504,7 +504,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock= , struct msghdr *msg, +@@ -501,7 +501,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock= , struct msghdr *msg, * tomoyo_security_ops is a "struct security_operations" which is used = for * registering TOMOYO. */ @@ -80075,7 +78254,7 @@ index ffd2025..df062c9 100644 /* PCM3052 register definitions */ =20 diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c -index 3cc4b86..af0a951 100644 +index 08fde00..0bf641a 100644 --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -1189,10 +1189,10 @@ snd_pcm_sframes_t snd_pcm_oss_write3(struct snd_= pcm_substream *substream, const @@ -80221,7 +78400,7 @@ index 5cf8d65..912a79c 100644 dev->driver_data =3D NULL; ops->num_init_devices--; diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c -index f24bf9a..1f7b67c 100644 +index 621e60e..f4543f5 100644 --- a/sound/drivers/mts64.c +++ b/sound/drivers/mts64.c @@ -29,6 +29,7 @@ @@ -80294,7 +78473,7 @@ index b953fb4..1999c01 100644 int timeout =3D 10; while ((inb(opl4->fm_port) & OPL4_STATUS_BUSY) && --timeout > 0) diff --git a/sound/drivers/portman2x4.c b/sound/drivers/portman2x4.c -index f664823..590c745 100644 +index 3e32bd3..46fc152 100644 --- a/sound/drivers/portman2x4.c +++ b/sound/drivers/portman2x4.c @@ -48,6 +48,7 @@ @@ -80394,7 +78573,7 @@ index cd094ec..eca1277 100644 default: return -EINVAL; diff --git a/sound/isa/cmi8330.c b/sound/isa/cmi8330.c -index c94578d..0794ac1 100644 +index 7bd5e33..1fcab12 100644 --- a/sound/isa/cmi8330.c +++ b/sound/isa/cmi8330.c @@ -172,7 +172,7 @@ struct snd_cmi8330 { @@ -80458,10 +78637,10 @@ index 09d4648..cf234c7 100644 list_add(&s->list, &cs4297a_devs); =20 diff --git a/sound/pci/hda/hda_codec.h b/sound/pci/hda/hda_codec.h -index 71f6744..d8aeae7 100644 +index f0f1943..8e1f96c 100644 --- a/sound/pci/hda/hda_codec.h +++ b/sound/pci/hda/hda_codec.h -@@ -614,7 +614,7 @@ struct hda_bus_ops { +@@ -611,7 +611,7 @@ struct hda_bus_ops { /* notify power-up/down from codec to controller */ void (*pm_notify)(struct hda_bus *bus); #endif @@ -80470,7 +78649,7 @@ index 71f6744..d8aeae7 100644 =20 /* template to pass to the bus constructor */ struct hda_bus_template { -@@ -716,6 +716,7 @@ struct hda_codec_ops { +@@ -713,6 +713,7 @@ struct hda_codec_ops { #endif void (*reboot_notify)(struct hda_codec *codec); }; @@ -80478,7 +78657,7 @@ index 71f6744..d8aeae7 100644 =20 /* record for amp information cache */ struct hda_cache_head { -@@ -746,7 +747,7 @@ struct hda_pcm_ops { +@@ -743,7 +744,7 @@ struct hda_pcm_ops { struct snd_pcm_substream *substream); int (*cleanup)(struct hda_pcm_stream *info, struct hda_codec *codec, struct snd_pcm_substream *substream); @@ -80487,7 +78666,7 @@ index 71f6744..d8aeae7 100644 =20 /* PCM information for each substream */ struct hda_pcm_stream { -@@ -804,7 +805,7 @@ struct hda_codec { +@@ -801,7 +802,7 @@ struct hda_codec { const char *modelname; /* model name for preset */ =20 /* set by patch */ @@ -80519,7 +78698,7 @@ index 0da778a..bc38b84 100644 =20 =20 diff --git a/sound/pci/ymfpci/ymfpci_main.c b/sound/pci/ymfpci/ymfpci_ma= in.c -index 03ee4e3..be86b46 100644 +index 12a9a2b..2b6138f 100644 --- a/sound/pci/ymfpci/ymfpci_main.c +++ b/sound/pci/ymfpci/ymfpci_main.c @@ -203,8 +203,8 @@ static void snd_ymfpci_hw_stop(struct snd_ymfpci *ch= ip) @@ -80553,7 +78732,7 @@ index 03ee4e3..be86b46 100644 wake_up(&chip->interrupt_sleep); } } -@@ -2382,7 +2382,7 @@ int __devinit snd_ymfpci_create(struct snd_card *c= ard, +@@ -2389,7 +2389,7 @@ int __devinit snd_ymfpci_create(struct snd_card *c= ard, spin_lock_init(&chip->reg_lock); spin_lock_init(&chip->voice_lock); init_waitqueue_head(&chip->interrupt_sleep); @@ -80563,23 +78742,23 @@ index 03ee4e3..be86b46 100644 chip->pci =3D pci; chip->irq =3D -1; diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c -index ee15337..e2187a6 100644 +index cdc860a..db34a93 100644 --- a/sound/soc/soc-pcm.c +++ b/sound/soc/soc-pcm.c -@@ -583,7 +583,7 @@ static snd_pcm_uframes_t soc_pcm_pointer(struct snd_= pcm_substream *substream) - } -=20 - /* ASoC PCM operations */ --static struct snd_pcm_ops soc_pcm_ops =3D { -+static snd_pcm_ops_no_const soc_pcm_ops =3D { - .open =3D soc_pcm_open, - .close =3D soc_pcm_close, - .hw_params =3D soc_pcm_hw_params, +@@ -605,7 +605,7 @@ int soc_new_pcm(struct snd_soc_pcm_runtime *rtd, int= num) + struct snd_soc_platform *platform =3D rtd->platform; + struct snd_soc_dai *codec_dai =3D rtd->codec_dai; + struct snd_soc_dai *cpu_dai =3D rtd->cpu_dai; +- struct snd_pcm_ops *soc_pcm_ops =3D &rtd->ops; ++ snd_pcm_ops_no_const *soc_pcm_ops =3D &rtd->ops; + struct snd_pcm *pcm; + char new_name[64]; + int ret =3D 0, playback =3D 0, capture =3D 0; diff --git a/sound/usb/card.h b/sound/usb/card.h -index a39edcc..1014050 100644 +index da5fa1a..113cd02 100644 --- a/sound/usb/card.h +++ b/sound/usb/card.h -@@ -44,6 +44,7 @@ struct snd_urb_ops { +@@ -45,6 +45,7 @@ struct snd_urb_ops { int (*prepare_sync)(struct snd_usb_substream *subs, struct snd_pcm_run= time *runtime, struct urb *u); int (*retire_sync)(struct snd_usb_substream *subs, struct snd_pcm_runt= ime *runtime, struct urb *u); }; @@ -80587,7 +78766,7 @@ index a39edcc..1014050 100644 =20 struct snd_usb_substream { struct snd_usb_stream *stream; -@@ -93,7 +94,7 @@ struct snd_usb_substream { +@@ -94,7 +95,7 @@ struct snd_usb_substream { struct snd_pcm_hw_constraint_list rate_list; /* limited rates */ spinlock_t lock; =20 @@ -80598,10 +78777,10 @@ index a39edcc..1014050 100644 }; diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile new file mode 100644 -index 0000000..ca64170 +index 0000000..894c8bf --- /dev/null +++ b/tools/gcc/Makefile -@@ -0,0 +1,26 @@ +@@ -0,0 +1,23 @@ +#CC :=3D gcc +#PLUGIN_SOURCE_FILES :=3D pax_plugin.c +#PLUGIN_OBJECT_FILES :=3D $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES)) @@ -80609,7 +78788,6 @@ index 0000000..ca64170 +#CFLAGS +=3D -I$(GCCPLUGINS_DIR)/include -fPIC -O2 -Wall -W -std=3Dgnu9= 9 + +HOST_EXTRACFLAGS +=3D -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/i= nclude/c-family -std=3Dgnu99 -ggdb -+CFLAGS_size_overflow_plugin.o :=3D -Wno-missing-initializer + +hostlibs-y :=3D constify_plugin.so +hostlibs-$(CONFIG_PAX_MEMORY_STACKLEAK) +=3D stackleak_plugin.so @@ -80617,7 +78795,6 @@ index 0000000..ca64170 +hostlibs-$(CONFIG_PAX_KERNEXEC_PLUGIN) +=3D kernexec_plugin.so +hostlibs-$(CONFIG_CHECKER_PLUGIN) +=3D checker_plugin.so +hostlibs-y +=3D colorize_plugin.so -+hostlibs-$(CONFIG_PAX_SIZE_OVERFLOW) +=3D size_overflow_plugin.so + +always :=3D $(hostlibs-y) + @@ -80627,7 +78804,6 @@ index 0000000..ca64170 +kernexec_plugin-objs :=3D kernexec_plugin.o +checker_plugin-objs :=3D checker_plugin.o +colorize_plugin-objs :=3D colorize_plugin.o -+size_overflow_plugin-objs :=3D size_overflow_plugin.o diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c new file mode 100644 index 0000000..d41b5af @@ -81873,3870 +80049,6 @@ index 0000000..008f159 + + return 0; +} -diff --git a/tools/gcc/size_overflow_hash1.h b/tools/gcc/size_overflow_h= ash1.h -new file mode 100644 -index 0000000..55a1292 ---- /dev/null -+++ b/tools/gcc/size_overflow_hash1.h -@@ -0,0 +1,2760 @@ -+struct size_overflow_hash size_overflow_hash1[65536] =3D { -+ [10013].file =3D "security/smack/smackfs.c", -+ [10013].name =3D "smk_write_direct", -+ [10013].param3 =3D 1, -+ [10167].file =3D "sound/core/oss/pcm_plugin.c", -+ [10167].name =3D "snd_pcm_plugin_build", -+ [10167].param5 =3D 1, -+ [1020].file =3D "drivers/usb/misc/usbtest.c", -+ [1020].name =3D "test_unaligned_bulk", -+ [1020].param3 =3D 1, -+ [1022].file =3D "sound/pci/rme9652/rme9652.c", -+ [1022].name =3D "snd_rme9652_playback_copy", -+ [1022].param5 =3D 1, -+ [10341].file =3D "fs/nfsd/nfs4xdr.c", -+ [10341].name =3D "read_buf", -+ [10341].param2 =3D 1, -+ [10357].file =3D "net/sunrpc/cache.c", -+ [10357].name =3D "cache_read", -+ [10357].param3 =3D 1, -+ [10397].file =3D "drivers/gpu/drm/i915/i915_debugfs.c", -+ [10397].name =3D "i915_wedged_write", -+ [10397].param3 =3D 1, -+ [10414].file =3D "drivers/tty/vt/vt.c", -+ [10414].name =3D "vc_do_resize", -+ [10414].param3 =3D 1, -+ [10414].param4 =3D 1, -+ [10496].file =3D "drivers/bluetooth/hci_vhci.c", -+ [10496].name =3D "vhci_read", -+ [10496].param3 =3D 1, -+ [10565].file =3D "drivers/input/touchscreen/ad7879-spi.c", -+ [10565].name =3D "ad7879_spi_multi_read", -+ [10565].param3 =3D 1, -+ [10623].file =3D "drivers/infiniband/core/user_mad.c", -+ [10623].name =3D "ib_umad_write", -+ [10623].param3 =3D 1, -+ [10707].file =3D "fs/nfs/idmap.c", -+ [10707].name =3D "nfs_idmap_request_key", -+ [10707].param2 =3D 1, -+ [10773].file =3D "drivers/input/mousedev.c", -+ [10773].name =3D "mousedev_read", -+ [10773].param3 =3D 1, -+ [10777].file =3D "fs/ntfs/file.c", -+ [10777].name =3D "ntfs_file_buffered_write", -+ [10777].param6 =3D 1, -+ [10919].file =3D "net/ipv4/netfilter/arp_tables.c", -+ [10919].name =3D "do_arpt_set_ctl", -+ [10919].param4 =3D 1, -+ [11054].file =3D "drivers/net/wireless/libertas/debugfs.c", -+ [11054].name =3D "lbs_wrmac_write", -+ [11054].param3 =3D 1, -+ [11068].file =3D "drivers/net/wireless/libertas/debugfs.c", -+ [11068].name =3D "lbs_wrrf_write", -+ [11068].param3 =3D 1, -+ [11364].file =3D "fs/ext4/super.c", -+ [11364].name =3D "ext4_kvzalloc", -+ [11364].param1 =3D 1, -+ [11402].file =3D "drivers/net/wireless/libertas/debugfs.c", -+ [11402].name =3D "lbs_threshold_write", -+ [11402].param5 =3D 1, -+ [11494].file =3D "drivers/video/via/viafbdev.c", -+ [11494].name =3D "viafb_dvp1_proc_write", -+ [11494].param3 =3D 1, -+ [11616].file =3D "security/selinux/selinuxfs.c", -+ [11616].name =3D "sel_write_enforce", -+ [11616].param3 =3D 1, -+ [11699].file =3D "drivers/net/ethernet/neterion/vxge/vxge-config.h", -+ [11699].name =3D "vxge_os_dma_malloc", -+ [11699].param2 =3D 1, -+ [11766].file =3D "drivers/block/paride/pt.c", -+ [11766].name =3D "pt_read", -+ [11766].param3 =3D 1, -+ [11784].file =3D "fs/bio.c", -+ [11784].name =3D "bio_kmalloc", -+ [11784].param2 =3D 1, -+ [11814].file =3D "drivers/staging/speakup/kobjects.c", -+ [11814].name =3D "keymap_store", -+ [11814].param4 =3D 1, -+ [11912].file =3D "net/sunrpc/cache.c", -+ [11912].name =3D "cache_write_pipefs", -+ [11912].param3 =3D 1, -+ [11919].file =3D "drivers/lguest/core.c", -+ [11919].name =3D "__lgread", -+ [11919].param4 =3D 1, -+ [11986].file =3D "drivers/net/usb/asix.c", -+ [11986].name =3D "asix_read_cmd", -+ [11986].param5 =3D 1, -+ [12059].file =3D "drivers/net/wireless/libertas/debugfs.c", -+ [12059].name =3D "lbs_debugfs_write", -+ [12059].param3 =3D 1, -+ [12071].file =3D "lib/kstrtox.c", -+ [12071].name =3D "kstrtou8_from_user", -+ [12071].param2 =3D 1, -+ [12151].file =3D "fs/compat.c", -+ [12151].name =3D "compat_rw_copy_check_uvector", -+ [12151].param3 =3D 1, -+ [12205].file =3D "fs/reiserfs/journal.c", -+ [12205].name =3D "reiserfs_allocate_list_bitmaps", -+ [12205].param3 =3D 1, -+ [12234].file =3D "include/acpi/platform/aclinux.h", -+ [12234].name =3D "acpi_os_allocate", -+ [12234].param1 =3D 1, -+ [1227].file =3D "lib/cpu_rmap.c", -+ [1227].name =3D "alloc_cpu_rmap", -+ [1227].param1 =3D 1, -+ [12395].file =3D "drivers/char/hw_random/core.c", -+ [12395].name =3D "rng_dev_read", -+ [12395].param3 =3D 1, -+ [1248].file =3D "kernel/kprobes.c", -+ [1248].name =3D "write_enabled_file_bool", -+ [1248].param3 =3D 1, -+ [12501].file =3D "net/mac80211/debugfs.c", -+ [12501].name =3D "uapsd_max_sp_len_write", -+ [12501].param3 =3D 1, -+ [12591].file =3D "sound/core/pcm_lib.c", -+ [12591].name =3D "snd_pcm_lib_writev_transfer", -+ [12591].param5 =3D 1, -+ [12602].file =3D "net/sunrpc/cache.c", -+ [12602].name =3D "cache_downcall", -+ [12602].param3 =3D 1, -+ [12712].file =3D "drivers/net/wimax/i2400m/fw.c", -+ [12712].name =3D "i2400m_zrealloc_2x", -+ [12712].param3 =3D 1, -+ [12755].file =3D "sound/drivers/opl4/opl4_proc.c", -+ [12755].name =3D "snd_opl4_mem_proc_read", -+ [12755].param5 =3D 1, -+ [12833].file =3D "net/sctp/auth.c", -+ [12833].name =3D "sctp_auth_create_key", -+ [12833].param1 =3D 1, -+ [12840].file =3D "net/sctp/tsnmap.c", -+ [12840].name =3D "sctp_tsnmap_mark", -+ [12840].param2 =3D 1, -+ [12896].file =3D "drivers/net/wireless/wl12xx/debugfs.c", -+ [12896].name =3D "beacon_filtering_write", -+ [12896].param3 =3D 1, -+ [12931].file =3D "drivers/hid/hid-roccat.c", -+ [12931].name =3D "roccat_read", -+ [12931].param3 =3D 1, -+ [12954].file =3D "fs/proc/base.c", -+ [12954].name =3D "oom_adjust_write", -+ [12954].param3 =3D 1, -+ [13013].file =3D "drivers/media/dvb/ttpci/av7110_ca.c", -+ [13013].name =3D "dvb_ca_write", -+ [13013].param3 =3D 1, -+ [13103].file =3D "drivers/acpi/acpica/utobject.c", -+ [13103].name =3D "acpi_ut_create_string_object", -+ [13103].param1 =3D 1, -+ [13121].file =3D "net/ipv4/ip_sockglue.c", -+ [13121].name =3D "do_ip_setsockopt", -+ [13121].param5 =3D 1, -+ [13337].file =3D "net/core/iovec.c", -+ [13337].name =3D "csum_partial_copy_fromiovecend", -+ [13337].param4 =3D 1, -+ [13339].file =3D "security/smack/smackfs.c", -+ [13339].name =3D "smk_write_netlbladdr", -+ [13339].param3 =3D 1, -+ [13342].file =3D "fs/jbd2/journal.c", -+ [13342].name =3D "jbd2_alloc", -+ [13342].param1 =3D 1, -+ [13412].file =3D "fs/proc/base.c", -+ [13412].name =3D "oom_score_adj_write", -+ [13412].param3 =3D 1, -+ [13659].file =3D "drivers/net/wan/hdlc.c", -+ [13659].name =3D "attach_hdlc_protocol", -+ [13659].param3 =3D 1, -+ [13708].file =3D "drivers/usb/misc/usbtest.c", -+ [13708].name =3D "simple_alloc_urb", -+ [13708].param3 =3D 1, -+ [13863].file =3D "drivers/net/wireless/iwlwifi/iwl-agn-rs.c", -+ [13863].name =3D "rs_sta_dbgfs_scale_table_write", -+ [13863].param3 =3D 1, -+ [13924].file =3D "net/ipv4/netfilter/ip_tables.c", -+ [13924].name =3D "do_ipt_set_ctl", -+ [13924].param4 =3D 1, -+ [14019].file =3D "net/dns_resolver/dns_key.c", -+ [14019].name =3D "dns_resolver_instantiate", -+ [14019].param2 =3D 1, -+ [14019].param3 =3D 1, -+ [14025].file =3D "net/ax25/af_ax25.c", -+ [14025].name =3D "ax25_setsockopt", -+ [14025].param5 =3D 1, -+ [14029].file =3D "drivers/spi/spidev.c", -+ [14029].name =3D "spidev_compat_ioctl", -+ [14029].param2 =3D 1, -+ [14031].file =3D "drivers/net/wireless/ath/ath5k/debug.c", -+ [14031].name =3D "write_file_beacon", -+ [14031].param3 =3D 1, -+ [14086].file =3D "fs/nfs/nfs4proc.c", -+ [14086].name =3D "nfs4_reset_slot_table", -+ [14086].param2 =3D 1, -+ [14090].file =3D "drivers/bluetooth/btmrvl_debugfs.c", -+ [14090].name =3D "btmrvl_hsmode_write", -+ [14090].param3 =3D 1, -+ [14125].file =3D "kernel/module.c", -+ [14125].name =3D "load_module", -+ [14125].param2 =3D 1, -+ [14149].file =3D "drivers/hid/hidraw.c", -+ [14149].name =3D "hidraw_ioctl", -+ [14149].param2 =3D 1, -+ [14153].file =3D "drivers/staging/bcm/led_control.c", -+ [14153].name =3D "ValidateDSDParamsChecksum", -+ [14153].param3 =3D 1, -+ [14174].file =3D "sound/pci/es1938.c", -+ [14174].name =3D "snd_es1938_capture_copy", -+ [14174].param5 =3D 1, -+ [14207].file =3D "drivers/media/video/v4l2-event.c", -+ [14207].name =3D "v4l2_event_subscribe", -+ [14207].param3 =3D 1, -+ [14241].file =3D "drivers/platform/x86/asus_acpi.c", -+ [14241].name =3D "brn_proc_write", -+ [14241].param3 =3D 1, -+ [14299].file =3D "sound/core/oss/pcm_plugin.c", -+ [14299].name =3D "snd_pcm_plugin_alloc", -+ [14299].param2 =3D 1, -+ [14345].file =3D "fs/cachefiles/daemon.c", -+ [14345].name =3D "cachefiles_daemon_write", -+ [14345].param3 =3D 1, -+ [14347].file =3D "drivers/media/dvb/dvb-core/dvb_ca_en50221.c", -+ [14347].name =3D "dvb_ca_en50221_io_write", -+ [14347].param3 =3D 1, -+ [14462].file =3D "fs/namei.c", -+ [14462].name =3D "sys_rmdir", -+ [14462].param1 =3D 1, -+ [14478].file =3D "drivers/char/random.c", -+ [14478].name =3D "random_write", -+ [14478].param3 =3D 1, -+ [1458].file =3D "drivers/misc/lkdtm.c", -+ [1458].name =3D "direct_entry", -+ [1458].param3 =3D 1, -+ [145].file =3D "lib/xz/xz_dec_test.c", -+ [145].name =3D "xz_dec_test_write", -+ [145].param3 =3D 1, -+ [14646].file =3D "fs/compat.c", -+ [14646].name =3D "compat_writev", -+ [14646].param3 =3D 1, -+ [14736].file =3D "drivers/usb/misc/usbtest.c", -+ [14736].name =3D "unlink_queued", -+ [14736].param3 =3D 1, -+ [14842].file =3D "fs/namei.c", -+ [14842].name =3D "sys_renameat", -+ [14842].param2 =3D 1, -+ [14842].param4 =3D 1, -+ [15017].file =3D "drivers/edac/edac_device.c", -+ [15017].name =3D "edac_device_alloc_ctl_info", -+ [15017].param1 =3D 1, -+ [15087].file =3D "fs/bio.c", -+ [15087].name =3D "bio_map_kern", -+ [15087].param2 =3D 1, -+ [15087].param3 =3D 1, -+ [15112].file =3D "drivers/xen/evtchn.c", -+ [15112].name =3D "evtchn_write", -+ [15112].param3 =3D 1, -+ [15274].file =3D "crypto/shash.c", -+ [15274].name =3D "crypto_shash_setkey", -+ [15274].param3 =3D 1, -+ [15361].file =3D "drivers/char/agp/generic.c", -+ [15361].name =3D "agp_allocate_memory", -+ [15361].param2 =3D 1, -+ [15497].file =3D "drivers/media/dvb/ddbridge/ddbridge-core.c", -+ [15497].name =3D "ts_read", -+ [15497].param3 =3D 1, -+ [15551].file =3D "net/ipv4/netfilter/ipt_CLUSTERIP.c", -+ [15551].name =3D "clusterip_proc_write", -+ [15551].param3 =3D 1, -+ [15701].file =3D "drivers/hid/hid-roccat-common.c", -+ [15701].name =3D "roccat_common_receive", -+ [15701].param4 =3D 1, -+ [1572].file =3D "net/ceph/pagevec.c", -+ [1572].name =3D "ceph_copy_page_vector_to_user", -+ [1572].param4 =3D 1, -+ [15814].file =3D "net/mac80211/debugfs_netdev.c", -+ [15814].name =3D "ieee80211_if_write", -+ [15814].param3 =3D 1, -+ [15883].file =3D "security/keys/keyctl.c", -+ [15883].name =3D "sys_add_key", -+ [15883].param4 =3D 1, -+ [15884].file =3D "fs/exofs/super.c", -+ [15884].name =3D "exofs_read_lookup_dev_table", -+ [15884].param3 =3D 1, -+ [1603].file =3D "fs/debugfs/file.c", -+ [1603].name =3D "write_file_bool", -+ [1603].param3 =3D 1, -+ [16073].file =3D "net/sctp/socket.c", -+ [16073].name =3D "sctp_setsockopt", -+ [16073].param5 =3D 1, -+ [16138].file =3D "security/selinux/ss/services.c", -+ [16138].name =3D "security_context_to_sid_force", -+ [16138].param2 =3D 1, -+ [16166].file =3D "drivers/platform/x86/thinkpad_acpi.c", -+ [16166].name =3D "dispatch_proc_write", -+ [16166].param3 =3D 1, -+ [16229].file =3D "drivers/scsi/scsi_transport_iscsi.c", -+ [16229].name =3D "iscsi_offload_mesg", -+ [16229].param5 =3D 1, -+ [16353].file =3D "drivers/base/regmap/regmap.c", -+ [16353].name =3D "regmap_raw_write", -+ [16353].param4 =3D 1, -+ [16383].file =3D "fs/proc/base.c", -+ [16383].name =3D "comm_write", -+ [16383].param3 =3D 1, -+ [16447].file =3D "drivers/hid/usbhid/hiddev.c", -+ [16447].name =3D "hiddev_ioctl", -+ [16447].param2 =3D 1, -+ [16453].file =3D "include/linux/slab.h", -+ [16453].name =3D "kzalloc", -+ [16453].param1 =3D 1, -+ [16535].file =3D "fs/proc/generic.c", -+ [16535].name =3D "proc_file_read", -+ [16535].param3 =3D 1, -+ [16605].file =3D "fs/ecryptfs/miscdev.c", -+ [16605].name =3D "ecryptfs_send_miscdev", -+ [16605].param2 =3D 1, -+ [16606].file =3D "drivers/ide/ide-tape.c", -+ [16606].name =3D "idetape_chrdev_write", -+ [16606].param3 =3D 1, -+ [16741].file =3D "fs/namei.c", -+ [16741].name =3D "sys_unlinkat", -+ [16741].param2 =3D 1, -+ [16911].file =3D "drivers/media/dvb/ttpci/av7110_hw.c", -+ [16911].name =3D "LoadBitmap", -+ [16911].param2 =3D 1, -+ [17075].file =3D "sound/isa/gus/gus_dram.c", -+ [17075].name =3D "snd_gus_dram_write", -+ [17075].param4 =3D 1, -+ [17133].file =3D "drivers/usb/misc/iowarrior.c", -+ [17133].name =3D "iowarrior_read", -+ [17133].param3 =3D 1, -+ [17139].file =3D "fs/ubifs/xattr.c", -+ [17139].name =3D "ubifs_setxattr", -+ [17139].param4 =3D 1, -+ [17185].file =3D "net/wireless/scan.c", -+ [17185].name =3D "cfg80211_inform_bss", -+ [17185].param8 =3D 1, -+ [17349].file =3D "net/tipc/link.c", -+ [17349].name =3D "tipc_link_send_sections_fast", -+ [17349].param4 =3D 1, -+ [17377].file =3D "drivers/usb/class/cdc-wdm.c", -+ [17377].name =3D "wdm_write", -+ [17377].param3 =3D 1, -+ [17459].file =3D "drivers/usb/misc/rio500.c", -+ [17459].name =3D "write_rio", -+ [17459].param3 =3D 1, -+ [17460].file =3D "fs/nfsd/nfscache.c", -+ [17460].name =3D "nfsd_cache_update", -+ [17460].param3 =3D 1, -+ [17492].file =3D "net/dccp/proto.c", -+ [17492].name =3D "do_dccp_setsockopt", -+ [17492].param5 =3D 1, -+ [1754].file =3D "sound/core/oss/pcm_oss.c", -+ [1754].name =3D "snd_pcm_oss_write", -+ [1754].param3 =3D 1, -+ [17571].file =3D "drivers/ptp/ptp_chardev.c", -+ [17571].name =3D "ptp_read", -+ [17571].param4 =3D 1, -+ [17684].file =3D "fs/namei.c", -+ [17684].name =3D "sys_mknod", -+ [17684].param1 =3D 1, -+ [17718].file =3D "net/caif/caif_socket.c", -+ [17718].name =3D "setsockopt", -+ [17718].param5 =3D 1, -+ [17875].file =3D "fs/namei.c", -+ [17875].name =3D "sys_linkat", -+ [17875].param2 =3D 1, -+ [17875].param4 =3D 1, -+ [17946].file =3D "drivers/net/wireless/libertas/if_spi.c", -+ [17946].name =3D "if_spi_host_to_card", -+ [17946].param4 =3D 1, -+ [1800].file =3D "drivers/media/dvb/dvb-core/dmxdev.c", -+ [1800].name =3D "dvb_dvr_do_ioctl", -+ [1800].param3 =3D 1, -+ [18102].file =3D "net/netlink/af_netlink.c", -+ [18102].name =3D "netlink_change_ngroups", -+ [18102].param2 =3D 1, -+ [18183].file =3D "drivers/tty/tty_buffer.c", -+ [18183].name =3D "tty_insert_flip_string_fixed_flag", -+ [18183].param4 =3D 1, -+ [18224].file =3D "drivers/xen/grant-table.c", -+ [18224].name =3D "gnttab_map", -+ [18224].param2 =3D 1, -+ [18232].file =3D "fs/nfs/write.c", -+ [18232].name =3D "nfs_writedata_alloc", -+ [18232].param1 =3D 1, -+ [18277].file =3D "drivers/char/virtio_console.c", -+ [18277].name =3D "port_fops_write", -+ [18277].param3 =3D 1, -+ [18303].file =3D "fs/xattr.c", -+ [18303].name =3D "getxattr", -+ [18303].param4 =3D 1, -+ [18353].file =3D "net/rfkill/core.c", -+ [18353].name =3D "rfkill_fop_read", -+ [18353].param3 =3D 1, -+ [18386].file =3D "fs/read_write.c", -+ [18386].name =3D "vfs_readv", -+ [18386].param3 =3D 1, -+ [18391].file =3D "fs/ocfs2/stack_user.c", -+ [18391].name =3D "ocfs2_control_write", -+ [18391].param3 =3D 1, -+ [183].file =3D "crypto/ahash.c", -+ [183].name =3D "crypto_ahash_setkey", -+ [183].param3 =3D 1, -+ [18406].file =3D "drivers/media/video/tm6000/tm6000-core.c", -+ [18406].name =3D "tm6000_read_write_usb", -+ [18406].param7 =3D 1, -+ [1845].file =3D "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [1845].name =3D "rt2x00debug_write_rf", -+ [1845].param3 =3D 1, -+ [18465].file =3D "drivers/net/ethernet/chelsio/cxgb3/cxgb3_offload.c", -+ [18465].name =3D "cxgb_alloc_mem", -+ [18465].param1 =3D 1, -+ [1858].file =3D "net/ipv6/netfilter/ip6_tables.c", -+ [1858].name =3D "do_ip6t_set_ctl", -+ [1858].param4 =3D 1, -+ [18659].file =3D "drivers/media/dvb/dvb-core/dvbdev.c", -+ [18659].name =3D "dvb_usercopy", -+ [18659].param2 =3D 1, -+ [18775].file =3D "drivers/net/wireless/ath/ath5k/debug.c", -+ [18775].name =3D "write_file_frameerrors", -+ [18775].param3 =3D 1, -+ [18928].file =3D "drivers/staging/speakup/devsynth.c", -+ [18928].name =3D "speakup_file_write", -+ [18928].param3 =3D 1, -+ [18988].file =3D "drivers/staging/vme/devices/vme_user.c", -+ [18988].name =3D "vme_user_read", -+ [18988].param3 =3D 1, -+ [19012].file =3D "drivers/acpi/event.c", -+ [19012].name =3D "acpi_system_read_event", -+ [19012].param3 =3D 1, -+ [19028].file =3D "mm/filemap.c", -+ [19028].name =3D "iov_iter_copy_from_user_atomic", -+ [19028].param4 =3D 1, -+ [19107].file =3D "security/smack/smackfs.c", -+ [19107].name =3D "smk_write_load_list", -+ [19107].param3 =3D 1, -+ [19261].file =3D "net/netlabel/netlabel_domainhash.c", -+ [19261].name =3D "netlbl_domhsh_init", -+ [19261].param1 =3D 1, -+ [19274].file =3D "net/core/pktgen.c", -+ [19274].name =3D "pktgen_if_write", -+ [19274].param3 =3D 1, -+ [19286].file =3D "drivers/base/regmap/regmap.c", -+ [19286].name =3D "_regmap_raw_write", -+ [19286].param4 =3D 1, -+ [19288].file =3D "net/ipv6/raw.c", -+ [19288].name =3D "rawv6_setsockopt", -+ [19288].param5 =3D 1, -+ [19308].file =3D "drivers/char/mem.c", -+ [19308].name =3D "read_oldmem", -+ [19308].param3 =3D 1, -+ [19332].file =3D "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [19332].name =3D "iwl_dbgfs_plcp_delta_write", -+ [19332].param3 =3D 1, -+ [19349].file =3D "drivers/acpi/acpica/utobject.c", -+ [19349].name =3D "acpi_ut_create_package_object", -+ [19349].param1 =3D 1, -+ [19504].file =3D "drivers/usb/serial/garmin_gps.c", -+ [19504].name =3D "pkt_add", -+ [19504].param3 =3D 1, -+ [19522].file =3D "mm/percpu.c", -+ [19522].name =3D "pcpu_mem_zalloc", -+ [19522].param1 =3D 1, -+ [19548].file =3D "drivers/scsi/qla2xxx/qla_init.c", -+ [19548].name =3D "qla2x00_get_ctx_sp", -+ [19548].param3 =3D 1, -+ [19738].file =3D "fs/sysfs/file.c", -+ [19738].name =3D "sysfs_write_file", -+ [19738].param3 =3D 1, -+ [19833].file =3D "drivers/xen/xenfs/privcmd.c", -+ [19833].name =3D "gather_array", -+ [19833].param3 =3D 1, -+ [19909].file =3D "drivers/net/wireless/libertas/debugfs.c", -+ [19909].name =3D "lbs_sleepparams_write", -+ [19909].param3 =3D 1, -+ [19920].file =3D "drivers/input/joydev.c", -+ [19920].name =3D "joydev_ioctl", -+ [19920].param2 =3D 1, -+ [19931].file =3D "drivers/usb/misc/ftdi-elan.c", -+ [19931].name =3D "ftdi_elan_write", -+ [19931].param3 =3D 1, -+ [19943].file =3D "drivers/net/wireless/ath/ath9k/debug.c", -+ [19943].name =3D "write_file_regval", -+ [19943].param3 =3D 1, -+ [19960].file =3D "drivers/usb/class/usblp.c", -+ [19960].name =3D "usblp_read", -+ [19960].param3 =3D 1, -+ [20023].file =3D "drivers/media/video/gspca/gspca.c", -+ [20023].name =3D "dev_read", -+ [20023].param3 =3D 1, -+ [20113].file =3D "drivers/net/wireless/libertas/debugfs.c", -+ [20113].name =3D "lbs_rdmac_write", -+ [20113].param3 =3D 1, -+ [20314].file =3D "drivers/gpu/drm/drm_hashtab.c", -+ [20314].name =3D "drm_ht_create", -+ [20314].param2 =3D 1, -+ [20376].file =3D "mm/nobootmem.c", -+ [20376].name =3D "__alloc_bootmem_nopanic", -+ [20376].param1 =3D 1, -+ [20606].file =3D "fs/nilfs2/mdt.c", -+ [20606].name =3D "nilfs_mdt_init", -+ [20606].param3 =3D 1, -+ [20611].file =3D "net/netfilter/x_tables.c", -+ [20611].name =3D "xt_alloc_table_info", -+ [20611].param1 =3D 1, -+ [20713].file =3D "drivers/gpu/drm/ttm/ttm_bo_vm.c", -+ [20713].name =3D "ttm_bo_io", -+ [20713].param5 =3D 1, -+ [20730].file =3D "drivers/media/video/videobuf2-vmalloc.c", -+ [20730].name =3D "vb2_vmalloc_alloc", -+ [20730].param2 =3D 1, -+ [20801].file =3D "drivers/vhost/vhost.c", -+ [20801].name =3D "vhost_add_used_n", -+ [20801].param3 =3D 1, -+ [20835].file =3D "drivers/isdn/i4l/isdn_common.c", -+ [20835].name =3D "isdn_read", -+ [20835].param3 =3D 1, -+ [20951].file =3D "crypto/rng.c", -+ [20951].name =3D "rngapi_reset", -+ [20951].param3 =3D 1, -+ [21134].file =3D "drivers/video/via/viafbdev.c", -+ [21134].name =3D "viafb_dfph_proc_write", -+ [21134].param3 =3D 1, -+ [21193].file =3D "net/wireless/sme.c", -+ [21193].name =3D "cfg80211_disconnected", -+ [21193].param4 =3D 1, -+ [21277].file =3D "drivers/usb/storage/shuttle_usbat.c", -+ [21277].name =3D "usbat_flash_write_data", -+ [21277].param4 =3D 1, -+ [21312].file =3D "lib/ts_kmp.c", -+ [21312].name =3D "kmp_init", -+ [21312].param2 =3D 1, -+ [21335].file =3D "net/econet/af_econet.c", -+ [21335].name =3D "econet_sendmsg", -+ [21335].param4 =3D 1, -+ [21397].file =3D "net/core/sock.c", -+ [21397].name =3D "sock_setsockopt", -+ [21397].param5 =3D 1, -+ [21406].file =3D "fs/libfs.c", -+ [21406].name =3D "simple_write_to_buffer", -+ [21406].param2 =3D 1, -+ [21406].param5 =3D 1, -+ [21451].file =3D "net/netfilter/ipvs/ip_vs_ctl.c", -+ [21451].name =3D "do_ip_vs_set_ctl", -+ [21451].param4 =3D 1, -+ [21459].file =3D "security/smack/smackfs.c", -+ [21459].name =3D "smk_write_doi", -+ [21459].param3 =3D 1, -+ [21468].file =3D "drivers/char/virtio_console.c", -+ [21468].name =3D "port_fops_read", -+ [21468].param3 =3D 1, -+ [21511].file =3D "drivers/input/ff-core.c", -+ [21511].name =3D "input_ff_create", -+ [21511].param2 =3D 1, -+ [21538].file =3D "net/bluetooth/l2cap_sock.c", -+ [21538].name =3D "l2cap_sock_setsockopt", -+ [21538].param5 =3D 1, -+ [21608].file =3D "drivers/char/tpm/tpm.c", -+ [21608].name =3D "tpm_write", -+ [21608].param3 =3D 1, -+ [2160].file =3D "drivers/net/wireless/ray_cs.c", -+ [2160].name =3D "int_proc_write", -+ [2160].param3 =3D 1, -+ [21632].file =3D "fs/afs/cell.c", -+ [21632].name =3D "afs_cell_create", -+ [21632].param2 =3D 1, -+ [21679].file =3D "drivers/net/wireless/ath/carl9170/debug.c", -+ [21679].name =3D "carl9170_debugfs_write", -+ [21679].param3 =3D 1, -+ [21712].file =3D "net/rxrpc/ar-output.c", -+ [21712].name =3D "rxrpc_send_data", -+ [21712].param5 =3D 1, -+ [2180].file =3D "drivers/char/ppdev.c", -+ [2180].name =3D "pp_write", -+ [2180].param3 =3D 1, -+ [21946].file =3D "fs/nfs/idmap.c", -+ [21946].name =3D "nfs_map_name_to_uid", -+ [21946].param3 =3D 1, -+ [22085].file =3D "drivers/staging/sep/sep_driver.c", -+ [22085].name =3D "sep_lock_user_pages", -+ [22085].param2 =3D 1, -+ [22085].param3 =3D 1, -+ [22187].file =3D "fs/namei.c", -+ [22187].name =3D "user_path_at_empty", -+ [22187].param2 =3D 1, -+ [22190].file =3D "drivers/char/tpm/tpm.c", -+ [22190].name =3D "tpm_read", -+ [22190].param3 =3D 1, -+ [22204].file =3D "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [22204].name =3D "iwl_dbgfs_echo_test_write", -+ [22204].param3 =3D 1, -+ [22291].file =3D "net/core/pktgen.c", -+ [22291].name =3D "pgctrl_write", -+ [22291].param3 =3D 1, -+ [22439].file =3D "fs/afs/rxrpc.c", -+ [22439].name =3D "afs_alloc_flat_call", -+ [22439].param2 =3D 1, -+ [22439].param3 =3D 1, -+ [2243].file =3D "drivers/scsi/scsi_tgt_lib.c", -+ [2243].name =3D "scsi_tgt_kspace_exec", -+ [2243].param8 =3D 1, -+ [22546].file =3D "drivers/char/pcmcia/cm4040_cs.c", -+ [22546].name =3D "cm4040_read", -+ [22546].param3 =3D 1, -+ [22742].file =3D "drivers/tty/tty_buffer.c", -+ [22742].name =3D "tty_insert_flip_string_flags", -+ [22742].param4 =3D 1, -+ [22772].file =3D "drivers/target/iscsi/iscsi_target_erl1.c", -+ [22772].name =3D "iscsit_dump_data_payload", -+ [22772].param2 =3D 1, -+ [2286].file =3D "drivers/scsi/mvumi.c", -+ [2286].name =3D "mvumi_alloc_mem_resource", -+ [2286].param3 =3D 1, -+ [22904].file =3D "security/selinux/ss/services.c", -+ [22904].name =3D "security_context_to_sid_default", -+ [22904].param2 =3D 1, -+ [22932].file =3D "fs/compat.c", -+ [22932].name =3D "compat_sys_writev", -+ [22932].param3 =3D 1, -+ [2302].file =3D "drivers/media/video/stk-webcam.c", -+ [2302].name =3D "v4l_stk_read", -+ [2302].param3 =3D 1, -+ [23037].file =3D "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [23037].name =3D "iwl_dbgfs_wd_timeout_write", -+ [23037].param3 =3D 1, -+ [2307].file =3D "drivers/pcmcia/cistpl.c", -+ [2307].name =3D "pcmcia_replace_cis", -+ [2307].param3 =3D 1, -+ [23093].file =3D "drivers/scsi/st.c", -+ [23093].name =3D "st_read", -+ [23093].param3 =3D 1, -+ [23117].file =3D "drivers/media/dvb/ttpci/av7110_av.c", -+ [23117].name =3D "dvb_audio_write", -+ [23117].param3 =3D 1, -+ [2324].file =3D "net/ieee802154/wpan-class.c", -+ [2324].name =3D "wpan_phy_alloc", -+ [2324].param1 =3D 1, -+ [23535].file =3D "ipc/sem.c", -+ [23535].name =3D "sys_semtimedop", -+ [23535].param3 =3D 1, -+ [2357].file =3D "drivers/usb/serial/garmin_gps.c", -+ [2357].name =3D "garmin_read_process", -+ [2357].param3 =3D 1, -+ [23589].file =3D "kernel/relay.c", -+ [23589].name =3D "subbuf_read_actor", -+ [23589].param3 =3D 1, -+ [23619].file =3D "drivers/tty/tty_buffer.c", -+ [23619].name =3D "tty_buffer_request_room", -+ [23619].param2 =3D 1, -+ [23640].file =3D "drivers/usb/host/ehci-dbg.c", -+ [23640].name =3D "debug_lpm_write", -+ [23640].param3 =3D 1, -+ [23684].file =3D "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [23684].name =3D "iwl_legacy_dbgfs_clear_traffic_statistics_write", -+ [23684].param3 =3D 1, -+ [23848].file =3D "crypto/blkcipher.c", -+ [23848].name =3D "async_setkey", -+ [23848].param3 =3D 1, -+ [2386].file =3D "drivers/acpi/acpica/exnames.c", -+ [2386].name =3D "acpi_ex_allocate_name_string", -+ [2386].param2 =3D 1, -+ [23883].file =3D "drivers/net/wireless/iwlwifi/iwl-trans-pcie.c", -+ [23883].name =3D "iwl_dbgfs_interrupt_write", -+ [23883].param3 =3D 1, -+ [23999].file =3D "sound/pci/rme9652/hdsp.c", -+ [23999].name =3D "snd_hdsp_capture_copy", -+ [23999].param5 =3D 1, -+ [24072].file =3D "drivers/staging/pohmelfs/inode.c", -+ [24072].name =3D "pohmelfs_send_readpages", -+ [24072].param3 =3D 1, -+ [24233].file =3D "drivers/pci/pcie/aer/aer_inject.c", -+ [24233].name =3D "aer_inject_write", -+ [24233].param3 =3D 1, -+ [24263].file =3D "kernel/cgroup.c", -+ [24263].name =3D "cgroup_file_write", -+ [24263].param3 =3D 1, -+ [24313].file =3D "drivers/staging/frontier/tranzport.c", -+ [24313].name =3D "usb_tranzport_write", -+ [24313].param3 =3D 1, -+ [24359].file =3D "kernel/power/qos.c", -+ [24359].name =3D "pm_qos_power_write", -+ [24359].param3 =3D 1, -+ [24410].file =3D "drivers/net/wireless/ipw2x00/libipw_module.c", -+ [24410].name =3D "debug_level_proc_write", -+ [24410].param3 =3D 1, -+ [24457].file =3D "fs/btrfs/backref.c", -+ [24457].name =3D "init_data_container", -+ [24457].param1 =3D 1, -+ [24539].file =3D "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c", -+ [24539].name =3D "vmw_framebuffer_dmabuf_dirty", -+ [24539].param6 =3D 1, -+ [24719].file =3D "drivers/input/evdev.c", -+ [24719].name =3D "bits_to_user", -+ [24719].param2 =3D 1, -+ [24719].param3 =3D 1, -+ [2472].file =3D "net/ipv4/netfilter/ip_tables.c", -+ [2472].name =3D "compat_do_ipt_set_ctl", -+ [2472].param4 =3D 1, -+ [24755].file =3D "drivers/infiniband/hw/qib/qib_diag.c", -+ [24755].name =3D "qib_diag_write", -+ [24755].param3 =3D 1, -+ [24805].file =3D "security/keys/user_defined.c", -+ [24805].name =3D "user_update", -+ [24805].param3 =3D 1, -+ [25036].file =3D "fs/pipe.c", -+ [25036].name =3D "pipe_iov_copy_from_user", -+ [25036].param3 =3D 1, -+ [25127].file =3D "drivers/scsi/device_handler/scsi_dh_alua.c", -+ [25127].name =3D "realloc_buffer", -+ [25127].param2 =3D 1, -+ [25157].file =3D "security/keys/request_key_auth.c", -+ [25157].name =3D "request_key_auth_new", -+ [25157].param3 =3D 1, -+ [25158].file =3D "drivers/net/ethernet/mellanox/mlx4/en_rx.c", -+ [25158].name =3D "mlx4_en_create_rx_ring", -+ [25158].param3 =3D 1, -+ [25223].file =3D "drivers/platform/x86/toshiba_acpi.c", -+ [25223].name =3D "fan_proc_write", -+ [25223].param3 =3D 1, -+ [25267].file =3D "fs/configfs/file.c", -+ [25267].name =3D "configfs_write_file", -+ [25267].param3 =3D 1, -+ [25356].file =3D "net/core/dev.c", -+ [25356].name =3D "alloc_netdev_mqs", -+ [25356].param4 =3D 1, -+ [25356].param5 =3D 1, -+ [25495].file =3D "drivers/scsi/bfa/bfad_debugfs.c", -+ [25495].name =3D "bfad_debugfs_write_regwr", -+ [25495].param3 =3D 1, -+ [25558].file =3D "fs/proc/task_mmu.c", -+ [25558].name =3D "clear_refs_write", -+ [25558].param3 =3D 1, -+ [25692].file =3D "drivers/net/wireless/ath/ath6kl/wmi.c", -+ [25692].name =3D "ath6kl_wmi_send_action_cmd", -+ [25692].param6 =3D 1, -+ [2609].file =3D "lib/kstrtox.c", -+ [2609].name =3D "kstrtoul_from_user", -+ [2609].param2 =3D 1, -+ [26100].file =3D "sound/core/info.c", -+ [26100].name =3D "snd_info_entry_write", -+ [26100].param3 =3D 1, -+ [26215].file =3D "drivers/md/dm-table.c", -+ [26215].name =3D "dm_table_create", -+ [26215].param3 =3D 1, -+ [26256].file =3D "fs/hpfs/name.c", -+ [26256].name =3D "hpfs_translate_name", -+ [26256].param3 =3D 1, -+ [26404].file =3D "drivers/net/wireless/mwifiex/debugfs.c", -+ [26404].name =3D "mwifiex_rdeeprom_write", -+ [26404].param3 =3D 1, -+ [26494].file =3D "kernel/signal.c", -+ [26494].name =3D "sys_rt_sigpending", -+ [26494].param2 =3D 1, -+ [26497].file =3D "security/keys/keyctl.c", -+ [26497].name =3D "sys_keyctl", -+ [26497].param4 =3D 1, -+ [26533].file =3D "drivers/block/aoe/aoechr.c", -+ [26533].name =3D "aoechr_write", -+ [26533].param3 =3D 1, -+ [26560].file =3D "crypto/algapi.c", -+ [26560].name =3D "crypto_alloc_instance2", -+ [26560].param3 =3D 1, -+ [26620].file =3D "net/bluetooth/mgmt.c", -+ [26620].name =3D "mgmt_control", -+ [26620].param3 =3D 1, -+ [26701].file =3D "drivers/mtd/chips/cfi_util.c", -+ [26701].name =3D "cfi_read_pri", -+ [26701].param3 =3D 1, -+ [26757].file =3D "fs/xattr.c", -+ [26757].name =3D "sys_fgetxattr", -+ [26757].param4 =3D 1, -+ [2678].file =3D "drivers/platform/x86/asus_acpi.c", -+ [2678].name =3D "disp_proc_write", -+ [2678].param3 =3D 1, -+ [26834].file =3D "drivers/gpu/drm/drm_drv.c", -+ [26834].name =3D "drm_ioctl", -+ [26834].param2 =3D 1, -+ [26843].file =3D "drivers/firewire/core-cdev.c", -+ [26843].name =3D "fw_device_op_compat_ioctl", -+ [26843].param2 =3D 1, -+ [26845].file =3D "drivers/scsi/qla2xxx/qla_bsg.c", -+ [26845].name =3D "qla2x00_get_ctx_bsg_sp", -+ [26845].param3 =3D 1, -+ [26962].file =3D "drivers/usb/class/usbtmc.c", -+ [26962].name =3D "usbtmc_write", -+ [26962].param3 =3D 1, -+ [26966].file =3D "drivers/media/dvb/ddbridge/ddbridge-core.c", -+ [26966].name =3D "ts_write", -+ [26966].param3 =3D 1, -+ [27004].file =3D "drivers/misc/hpilo.c", -+ [27004].name =3D "ilo_write", -+ [27004].param3 =3D 1, -+ [27025].file =3D "fs/ntfs/file.c", -+ [27025].name =3D "__ntfs_copy_from_user_iovec_inatomic", -+ [27025].param3 =3D 1, -+ [27025].param4 =3D 1, -+ [27061].file =3D "drivers/firewire/core-cdev.c", -+ [27061].name =3D "iso_callback", -+ [27061].param3 =3D 1, -+ [2711].file =3D "drivers/media/dvb/dvb-core/dvb_ringbuffer.c", -+ [2711].name =3D "dvb_ringbuffer_read_user", -+ [2711].param3 =3D 1, -+ [27129].file =3D "fs/lockd/mon.c", -+ [27129].name =3D "nsm_get_handle", -+ [27129].param4 =3D 1, -+ [27142].file =3D "fs/proc/kcore.c", -+ [27142].name =3D "read_kcore", -+ [27142].param3 =3D 1, -+ [27164].file =3D "include/drm/drm_mem_util.h", -+ [27164].name =3D "drm_calloc_large", -+ [27164].param1 =3D 1, -+ [2722].file =3D "drivers/gpu/drm/ttm/ttm_page_alloc.c", -+ [2722].name =3D "ttm_alloc_new_pages", -+ [2722].param5 =3D 1, -+ [27232].file =3D "security/apparmor/lib.c", -+ [27232].name =3D "kvmalloc", -+ [27232].param1 =3D 1, -+ [27275].file =3D "drivers/scsi/cxgbi/libcxgbi.c", -+ [27275].name =3D "cxgbi_ddp_reserve", -+ [27275].param4 =3D 1, -+ [27280].file =3D "drivers/net/ethernet/mellanox/mlx4/en_tx.c", -+ [27280].name =3D "mlx4_en_create_tx_ring", -+ [27280].param4 =3D 1, -+ [27290].file =3D "security/selinux/ss/services.c", -+ [27290].name =3D "security_context_to_sid_core", -+ [27290].param2 =3D 1, -+ [27302].file =3D "fs/proc/base.c", -+ [27302].name =3D "proc_loginuid_write", -+ [27302].param3 =3D 1, -+ [27472].file =3D "security/selinux/selinuxfs.c", -+ [27472].name =3D "sel_write_load", -+ [27472].param3 =3D 1, -+ [27491].file =3D "fs/proc/base.c", -+ [27491].name =3D "proc_pid_attr_write", -+ [27491].param3 =3D 1, -+ [27568].file =3D "drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c", -+ [27568].name =3D "t4_alloc_mem", -+ [27568].param1 =3D 1, -+ [27582].file =3D "drivers/platform/x86/asus_acpi.c", -+ [27582].name =3D "ledd_proc_write", -+ [27582].param3 =3D 1, -+ [27695].file =3D "fs/namei.c", -+ [27695].name =3D "sys_link", -+ [27695].param1 =3D 1, -+ [27695].param2 =3D 1, -+ [27697].file =3D "drivers/staging/mei/iorw.c", -+ [27697].name =3D "amthi_read", -+ [27697].param4 =3D 1, -+ [27927].file =3D "drivers/tty/tty_io.c", -+ [27927].name =3D "redirected_tty_write", -+ [27927].param3 =3D 1, -+ [28040].file =3D "kernel/kfifo.c", -+ [28040].name =3D "__kfifo_alloc", -+ [28040].param2 =3D 1, -+ [28040].param3 =3D 1, -+ [28092].file =3D "fs/select.c", -+ [28092].name =3D "do_sys_poll", -+ [28092].param2 =3D 1, -+ [28170].file =3D "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [28170].name =3D "iwl_dbgfs_ucode_tracing_write", -+ [28170].param3 =3D 1, -+ [28247].file =3D "net/sctp/tsnmap.c", -+ [28247].name =3D "sctp_tsnmap_init", -+ [28247].param2 =3D 1, -+ [28265].file =3D "fs/notify/fanotify/fanotify_user.c", -+ [28265].name =3D "fanotify_write", -+ [28265].param3 =3D 1, -+ [28316].file =3D "drivers/input/joydev.c", -+ [28316].name =3D "joydev_ioctl_common", -+ [28316].param2 =3D 1, -+ [28360].file =3D "drivers/hid/usbhid/hiddev.c", -+ [28360].name =3D "hiddev_compat_ioctl", -+ [28360].param2 =3D 1, -+ [28407].file =3D "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [28407].name =3D "rt2x00debug_write_csr", -+ [28407].param3 =3D 1, -+ [28462].file =3D "net/rfkill/core.c", -+ [28462].name =3D "rfkill_fop_write", -+ [28462].param3 =3D 1, -+ [28635].file =3D "drivers/gpu/drm/drm_sman.c", -+ [28635].name =3D "drm_sman_init", -+ [28635].param2 =3D 1, -+ [28655].file =3D "drivers/infiniband/hw/mthca/mthca_allocator.c", -+ [28655].name =3D "mthca_alloc_init", -+ [28655].param2 =3D 1, -+ [28688].file =3D "mm/mempolicy.c", -+ [28688].name =3D "compat_sys_get_mempolicy", -+ [28688].param3 =3D 1, -+ [28783].file =3D "drivers/gpu/drm/i915/i915_debugfs.c", -+ [28783].name =3D "i915_cache_sharing_write", -+ [28783].param3 =3D 1, -+ [28787].file =3D "drivers/media/video/videobuf2-core.c", -+ [28787].name =3D "vb2_write", -+ [28787].param3 =3D 1, -+ [28879].file =3D "drivers/base/map.c", -+ [28879].name =3D "kobj_map", -+ [28879].param2 =3D 1, -+ [28879].param3 =3D 1, -+ [28889].file =3D "drivers/char/pcmcia/cm4040_cs.c", -+ [28889].name =3D "cm4040_write", -+ [28889].param3 =3D 1, -+ [29073].file =3D "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c", -+ [29073].name =3D "vmw_kms_readback", -+ [29073].param6 =3D 1, -+ [29085].file =3D "security/apparmor/apparmorfs.c", -+ [29085].name =3D "profile_load", -+ [29085].param3 =3D 1, -+ [29092].file =3D "lib/lru_cache.c", -+ [29092].name =3D "lc_create", -+ [29092].param3 =3D 1, -+ [29189].file =3D "drivers/gpu/drm/ttm/ttm_page_alloc.c", -+ [29189].name =3D "ttm_put_pages", -+ [29189].param2 =3D 1, -+ [29257].file =3D "drivers/vhost/vhost.c", -+ [29257].name =3D "vhost_add_used_and_signal_n", -+ [29257].param4 =3D 1, -+ [29366].file =3D "drivers/char/pcmcia/cm4000_cs.c", -+ [29366].name =3D "cmm_read", -+ [29366].param3 =3D 1, -+ [29405].file =3D "drivers/media/dvb/dvb-usb/dw2102.c", -+ [29405].name =3D "dw210x_op_rw", -+ [29405].param6 =3D 1, -+ [29437].file =3D "drivers/net/wireless/iwlegacy/iwl-4965-rs.c", -+ [29437].name =3D "iwl4965_rs_sta_dbgfs_scale_table_write", -+ [29437].param3 =3D 1, -+ [29465].file =3D "drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c", -+ [29465].name =3D "mem_read", -+ [29465].param3 =3D 1, -+ [29714].file =3D "drivers/scsi/cxgbi/libcxgbi.c", -+ [29714].name =3D "cxgbi_device_register", -+ [29714].param1 =3D 1, -+ [29714].param2 =3D 1, -+ [29859].file =3D "net/rds/page.c", -+ [29859].name =3D "rds_page_copy_user", -+ [29859].param4 =3D 1, -+ [29875].file =3D "sound/isa/gus/gus_pcm.c", -+ [29875].name =3D "snd_gf1_pcm_playback_copy", -+ [29875].param5 =3D 1, -+ [29905].file =3D "mm/nobootmem.c", -+ [29905].name =3D "___alloc_bootmem", -+ [29905].param1 =3D 1, -+ [2995].file =3D "mm/page_alloc.c", -+ [2995].name =3D "alloc_large_system_hash", -+ [2995].param2 =3D 1, -+ [30242].file =3D "fs/cifs/cifssmb.c", -+ [30242].name =3D "cifs_readdata_alloc", -+ [30242].param1 =3D 1, -+ [30341].file =3D "drivers/infiniband/hw/qib/qib_verbs.c", -+ [30341].name =3D "qib_verbs_send", -+ [30341].param3 =3D 1, -+ [30341].param5 =3D 1, -+ [30438].file =3D "mm/filemap_xip.c", -+ [30438].name =3D "xip_file_read", -+ [30438].param3 =3D 1, -+ [30449].file =3D "drivers/telephony/ixj.c", -+ [30449].name =3D "ixj_read", -+ [30449].param3 =3D 1, -+ [30489].file =3D "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [30489].name =3D "iwl_dbgfs_rx_handlers_write", -+ [30489].param3 =3D 1, -+ [30693].file =3D "fs/namei.c", -+ [30693].name =3D "sys_rename", -+ [30693].param1 =3D 1, -+ [30693].param2 =3D 1, -+ [307].file =3D "drivers/base/regmap/regmap-debugfs.c", -+ [307].name =3D "regmap_map_read_file", -+ [307].param3 =3D 1, -+ [30970].file =3D "drivers/usb/misc/ldusb.c", -+ [30970].name =3D "ld_usb_read", -+ [30970].param3 =3D 1, -+ [31155].file =3D "drivers/staging/frontier/alphatrack.c", -+ [31155].name =3D "usb_alphatrack_write", -+ [31155].param3 =3D 1, -+ [31207].file =3D "drivers/platform/x86/asus_acpi.c", -+ [31207].name =3D "parse_arg", -+ [31207].param2 =3D 1, -+ [31348].file =3D "kernel/sched.c", -+ [31348].name =3D "sys_sched_getaffinity", -+ [31348].param2 =3D 1, -+ [31465].file =3D "net/rds/message.c", -+ [31465].name =3D "rds_message_map_pages", -+ [31465].param2 =3D 1, -+ [31492].file =3D "drivers/hid/hidraw.c", -+ [31492].name =3D "hidraw_read", -+ [31492].param3 =3D 1, -+ [31649].file =3D "fs/ecryptfs/crypto.c", -+ [31649].name =3D "ecryptfs_decode_and_decrypt_filename", -+ [31649].param5 =3D 1, -+ [3170].file =3D "security/integrity/ima/ima_fs.c", -+ [3170].name =3D "ima_write_policy", -+ [3170].param3 =3D 1, -+ [31730].file =3D "net/dccp/proto.c", -+ [31730].name =3D "dccp_setsockopt", -+ [31730].param5 =3D 1, -+ [31782].file =3D "drivers/misc/pti.c", -+ [31782].name =3D "pti_char_write", -+ [31782].param3 =3D 1, -+ [31789].file =3D "fs/file.c", -+ [31789].name =3D "alloc_fdmem", -+ [31789].param1 =3D 1, -+ [31957].file =3D "fs/afs/proc.c", -+ [31957].name =3D "afs_proc_cells_write", -+ [31957].param3 =3D 1, -+ [32025].file =3D "drivers/nfc/pn544.c", -+ [32025].name =3D "pn544_write", -+ [32025].param3 =3D 1, -+ [32182].file =3D "net/sunrpc/cache.c", -+ [32182].name =3D "cache_write", -+ [32182].param3 =3D 1, -+ [32326].file =3D "drivers/tty/n_r3964.c", -+ [32326].name =3D "r3964_write", -+ [32326].param4 =3D 1, -+ [32402].file =3D "net/ceph/pagevec.c", -+ [32402].name =3D "ceph_copy_user_to_page_vector", -+ [32402].param4 =3D 1, -+ [3241].file =3D "drivers/usb/wusbcore/crypto.c", -+ [3241].name =3D "wusb_prf", -+ [3241].param7 =3D 1, -+ [32459].file =3D "drivers/media/radio/radio-wl1273.c", -+ [32459].name =3D "wl1273_fm_fops_write", -+ [32459].param3 =3D 1, -+ [32560].file =3D "drivers/input/input-mt.c", -+ [32560].name =3D "input_mt_init_slots", -+ [32560].param2 =3D 1, -+ [32574].file =3D "mm/mempolicy.c", -+ [32574].name =3D "sys_get_mempolicy", -+ [32574].param3 =3D 1, -+ [32608].file =3D "security/selinux/selinuxfs.c", -+ [32608].name =3D "sel_write_checkreqprot", -+ [32608].param3 =3D 1, -+ [32950].file =3D "fs/reiserfs/resize.c", -+ [32950].name =3D "reiserfs_resize", -+ [32950].param2 =3D 1, -+ [33010].file =3D "drivers/media/dvb/dvb-core/dvb_ringbuffer.c", -+ [33010].name =3D "dvb_ringbuffer_pkt_read_user", -+ [33010].param5 =3D 1, -+ [33268].file =3D "mm/maccess.c", -+ [33268].name =3D "__probe_kernel_write", -+ [33268].param3 =3D 1, -+ [33280].file =3D "fs/xfs/kmem.c", -+ [33280].name =3D "kmem_realloc", -+ [33280].param2 =3D 1, -+ [33375].file =3D "drivers/staging/rtl8712/osdep_service.h", -+ [33375].name =3D "_malloc", -+ [33375].param1 =3D 1, -+ [33637].file =3D "net/9p/client.c", -+ [33637].name =3D "p9_client_read", -+ [33637].param5 =3D 1, -+ [33669].file =3D "fs/gfs2/glock.c", -+ [33669].name =3D "gfs2_glock_nq_m", -+ [33669].param1 =3D 1, -+ [33810].file =3D "net/mac80211/util.c", -+ [33810].name =3D "ieee80211_send_probe_req", -+ [33810].param6 =3D 1, -+ [3384].file =3D "drivers/block/paride/pg.c", -+ [3384].name =3D "pg_write", -+ [3384].param3 =3D 1, -+ [34016].file =3D "drivers/tty/tty_buffer.c", -+ [34016].name =3D "tty_prepare_flip_string_flags", -+ [34016].param4 =3D 1, -+ [34105].file =3D "fs/libfs.c", -+ [34105].name =3D "simple_read_from_buffer", -+ [34105].param2 =3D 1, -+ [34105].param5 =3D 1, -+ [34120].file =3D "drivers/media/video/pvrusb2/pvrusb2-io.c", -+ [34120].name =3D "pvr2_stream_buffer_count", -+ [34120].param2 =3D 1, -+ [34226].file =3D "mm/shmem.c", -+ [34226].name =3D "shmem_xattr_set", -+ [34226].param4 =3D 1, -+ [34251].file =3D "drivers/staging/cxt1e1/sbecom_inline_linux.h", -+ [34251].name =3D "OS_kmalloc", -+ [34251].param1 =3D 1, -+ [34276].file =3D "drivers/media/video/videobuf2-core.c", -+ [34276].name =3D "__vb2_perform_fileio", -+ [34276].param3 =3D 1, -+ [34278].file =3D "fs/ubifs/debug.c", -+ [34278].name =3D "dfs_global_file_write", -+ [34278].param3 =3D 1, -+ [34432].file =3D "drivers/edac/edac_pci.c", -+ [34432].name =3D "edac_pci_alloc_ctl_info", -+ [34432].param1 =3D 1, -+ [34551].file =3D "fs/ocfs2/stack_user.c", -+ [34551].name =3D "ocfs2_control_cfu", -+ [34551].param2 =3D 1, -+ [34666].file =3D "fs/cifs/cifs_debug.c", -+ [34666].name =3D "cifs_security_flags_proc_write", -+ [34666].param3 =3D 1, -+ [34672].file =3D "drivers/tty/tty_io.c", -+ [34672].name =3D "tty_write", -+ [34672].param3 =3D 1, -+ [34760].file =3D "include/acpi/platform/aclinux.h", -+ [34760].name =3D "acpi_os_allocate_zeroed", -+ [34760].param1 =3D 1, -+ [34802].file =3D "drivers/scsi/cxgbi/libcxgbi.h", -+ [34802].name =3D "cxgbi_alloc_big_mem", -+ [34802].param1 =3D 1, -+ [34847].file =3D "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [34847].name =3D "iwl_dbgfs_clear_traffic_statistics_write", -+ [34847].param3 =3D 1, -+ [34863].file =3D "drivers/video/fbsysfs.c", -+ [34863].name =3D "framebuffer_alloc", -+ [34863].param1 =3D 1, -+ [34882].file =3D "drivers/platform/x86/toshiba_acpi.c", -+ [34882].name =3D "video_proc_write", -+ [34882].param3 =3D 1, -+ [34988].file =3D "drivers/net/wireless/libertas/debugfs.c", -+ [34988].name =3D "lbs_rdrf_write", -+ [34988].param3 =3D 1, -+ [35007].file =3D "drivers/usb/mon/mon_bin.c", -+ [35007].name =3D "mon_bin_read", -+ [35007].param3 =3D 1, -+ [35050].file =3D "fs/ocfs2/dlmfs/dlmfs.c", -+ [35050].name =3D "dlmfs_file_write", -+ [35050].param3 =3D 1, -+ [35119].file =3D "fs/xattr.c", -+ [35119].name =3D "sys_llistxattr", -+ [35119].param3 =3D 1, -+ [35129].file =3D "mm/nobootmem.c", -+ [35129].name =3D "___alloc_bootmem_nopanic", -+ [35129].param1 =3D 1, -+ [35176].file =3D "drivers/usb/misc/ldusb.c", -+ [35176].name =3D "ld_usb_write", -+ [35176].param3 =3D 1, -+ [35234].file =3D "net/irda/irnet/irnet_ppp.c", -+ [35234].name =3D "irnet_ctrl_write", -+ [35234].param3 =3D 1, -+ [35256].file =3D "sound/core/memory.c", -+ [35256].name =3D "copy_from_user_toio", -+ [35256].param3 =3D 1, -+ [35268].file =3D "security/keys/request_key_auth.c", -+ [35268].name =3D "request_key_auth_read", -+ [35268].param3 =3D 1, -+ [3541].file =3D "drivers/mtd/ubi/cdev.c", -+ [3541].name =3D "vol_cdev_write", -+ [3541].param3 =3D 1, -+ [35443].file =3D "sound/core/pcm_memory.c", -+ [35443].name =3D "_snd_pcm_lib_alloc_vmalloc_buffer", -+ [35443].param2 =3D 1, -+ [35449].file =3D "fs/namei.c", -+ [35449].name =3D "sys_mkdir", -+ [35449].param1 =3D 1, -+ [35542].file =3D "drivers/tty/ipwireless/hardware.c", -+ [35542].name =3D "ipwireless_send_packet", -+ [35542].param4 =3D 1, -+ [35556].file =3D "fs/read_write.c", -+ [35556].name =3D "sys_readv", -+ [35556].param3 =3D 1, -+ [35610].file =3D "net/batman-adv/translation-table.c", -+ [35610].name =3D "tt_save_orig_buffer", -+ [35610].param4 =3D 1, -+ [35693].file =3D "drivers/staging/mei/main.c", -+ [35693].name =3D "mei_read", -+ [35693].param3 =3D 1, -+ [35729].file =3D "include/linux/skbuff.h", -+ [35729].name =3D "__dev_alloc_skb", -+ [35729].param1 =3D 1, -+ [35731].file =3D "drivers/usb/class/cdc-wdm.c", -+ [35731].name =3D "wdm_read", -+ [35731].param3 =3D 1, -+ [35796].file =3D "drivers/mtd/nand/nand_bch.c", -+ [35796].name =3D "nand_bch_init", -+ [35796].param2 =3D 1, -+ [35796].param3 =3D 1, -+ [35880].file =3D "fs/ecryptfs/crypto.c", -+ [35880].name =3D "ecryptfs_encrypt_and_encode_filename", -+ [35880].param6 =3D 1, -+ [3604].file =3D "net/batman-adv/translation-table.c", -+ [3604].name =3D "tt_update_orig", -+ [3604].param4 =3D 1, -+ [36080].file =3D "drivers/media/video/v4l2-ioctl.c", -+ [36080].name =3D "video_usercopy", -+ [36080].param2 =3D 1, -+ [36149].file =3D "fs/udf/inode.c", -+ [36149].name =3D "udf_alloc_i_data", -+ [36149].param2 =3D 1, -+ [36183].file =3D "drivers/tty/vt/vc_screen.c", -+ [36183].name =3D "vcs_read", -+ [36183].param3 =3D 1, -+ [36199].file =3D "net/sunrpc/auth_gss/auth_gss.c", -+ [36199].name =3D "gss_pipe_downcall", -+ [36199].param3 =3D 1, -+ [3630].file =3D "drivers/video/broadsheetfb.c", -+ [3630].name =3D "broadsheetfb_write", -+ [3630].param3 =3D 1, -+ [3632].file =3D "drivers/firewire/core-cdev.c", -+ [3632].name =3D "fw_device_op_read", -+ [3632].param3 =3D 1, -+ [36490].file =3D "drivers/net/wireless/ath/ath6kl/cfg80211.c", -+ [36490].name =3D "ath6kl_cfg80211_connect_event", -+ [36490].param7 =3D 1, -+ [36522].file =3D "drivers/hid/hidraw.c", -+ [36522].name =3D "hidraw_send_report", -+ [36522].param3 =3D 1, -+ [36560].file =3D "net/sunrpc/cache.c", -+ [36560].name =3D "write_flush", -+ [36560].param3 =3D 1, -+ [36633].file =3D "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [36633].name =3D "rt2x00debug_read_queue_stats", -+ [36633].param3 =3D 1, -+ [3665].file =3D "drivers/media/video/ivtv/ivtvfb.c", -+ [3665].name =3D "ivtvfb_write", -+ [3665].param3 =3D 1, -+ [36981].file =3D "drivers/video/via/viafbdev.c", -+ [36981].name =3D "viafb_dfpl_proc_write", -+ [36981].param3 =3D 1, -+ [37034].file =3D "fs/cifs/cifssmb.c", -+ [37034].name =3D "cifs_writedata_alloc", -+ [37034].param1 =3D 1, -+ [37044].file =3D "sound/firewire/packets-buffer.c", -+ [37044].name =3D "iso_packets_buffer_init", -+ [37044].param3 =3D 1, -+ [37115].file =3D "drivers/tty/tty_buffer.c", -+ [37115].name =3D "tty_prepare_flip_string", -+ [37115].param3 =3D 1, -+ [37163].file =3D "net/core/skbuff.c", -+ [37163].name =3D "__netdev_alloc_skb", -+ [37163].param2 =3D 1, -+ [37204].file =3D "drivers/isdn/hardware/eicon/divasi.c", -+ [37204].name =3D "um_idi_read", -+ [37204].param3 =3D 1, -+ [37233].file =3D "fs/ocfs2/cluster/tcp.c", -+ [37233].name =3D "o2net_send_message_vec", -+ [37233].param4 =3D 1, -+ [37309].file =3D "drivers/mtd/mtdchar.c", -+ [37309].name =3D "mtd_do_readoob", -+ [37309].param4 =3D 1, -+ [37382].file =3D "drivers/staging/pohmelfs/inode.c", -+ [37382].name =3D "pohmelfs_readpages_trans_complete", -+ [37382].param2 =3D 1, -+ [37384].file =3D "drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c", -+ [37384].name =3D "vmw_fifo_reserve", -+ [37384].param2 =3D 1, -+ [37497].file =3D "net/mac80211/util.c", -+ [37497].name =3D "ieee80211_build_probe_req", -+ [37497].param7 =3D 1, -+ [37594].file =3D "include/linux/poll.h", -+ [37594].name =3D "get_fd_set", -+ [37594].param1 =3D 1, -+ [37611].file =3D "drivers/xen/xenbus/xenbus_xs.c", -+ [37611].name =3D "split", -+ [37611].param2 =3D 1, -+ [37661].file =3D "mm/filemap.c", -+ [37661].name =3D "file_read_actor", -+ [37661].param4 =3D 1, -+ [37872].file =3D "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [37872].name =3D "iwl_dbgfs_protection_mode_write", -+ [37872].param3 =3D 1, -+ [37976].file =3D "drivers/platform/x86/asus_acpi.c", -+ [37976].name =3D "bluetooth_proc_write", -+ [37976].param3 =3D 1, -+ [3797].file =3D "sound/pci/asihpi/hpicmn.c", -+ [3797].name =3D "hpi_alloc_control_cache", -+ [3797].param1 =3D 1, -+ [3801].file =3D "drivers/block/paride/pt.c", -+ [3801].name =3D "pt_write", -+ [3801].param3 =3D 1, -+ [38057].file =3D "fs/coda/psdev.c", -+ [38057].name =3D "coda_psdev_write", -+ [38057].param3 =3D 1, -+ [38186].file =3D "kernel/signal.c", -+ [38186].name =3D "do_sigpending", -+ [38186].param2 =3D 1, -+ [38401].file =3D "drivers/xen/xenfs/xenbus.c", -+ [38401].name =3D "queue_reply", -+ [38401].param3 =3D 1, -+ [3841].file =3D "drivers/platform/x86/asus_acpi.c", -+ [3841].name =3D "write_led", -+ [3841].param2 =3D 1, -+ [38532].file =3D "fs/afs/cell.c", -+ [38532].name =3D "afs_cell_lookup", -+ [38532].param2 =3D 1, -+ [38576].file =3D "drivers/i2c/i2c-dev.c", -+ [38576].name =3D "i2cdev_read", -+ [38576].param3 =3D 1, -+ [38747].file =3D "fs/xattr.c", -+ [38747].name =3D "sys_lgetxattr", -+ [38747].param4 =3D 1, -+ [38972].file =3D "security/smack/smackfs.c", -+ [38972].name =3D "smk_write_logging", -+ [38972].param3 =3D 1, -+ [39001].file =3D "net/xfrm/xfrm_hash.c", -+ [39001].name =3D "xfrm_hash_alloc", -+ [39001].param1 =3D 1, -+ [39044].file =3D "lib/kstrtox.c", -+ [39044].name =3D "kstrtos16_from_user", -+ [39044].param2 =3D 1, -+ [39052].file =3D "drivers/input/evdev.c", -+ [39052].name =3D "evdev_ioctl", -+ [39052].param2 =3D 1, -+ [39154].file =3D "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [39154].name =3D "iwl_dbgfs_clear_ucode_statistics_write", -+ [39154].param3 =3D 1, -+ [39155].file =3D "drivers/xen/grant-table.c", -+ [39155].name =3D "get_free_entries", -+ [39155].param1 =3D 1, -+ [39254].file =3D "drivers/char/pcmcia/cm4000_cs.c", -+ [39254].name =3D "cmm_write", -+ [39254].param3 =3D 1, -+ [39415].file =3D "fs/pstore/inode.c", -+ [39415].name =3D "pstore_mkfile", -+ [39415].param5 =3D 1, -+ [39417].file =3D "drivers/block/DAC960.c", -+ [39417].name =3D "dac960_user_command_proc_write", -+ [39417].param3 =3D 1, -+ [39479].file =3D "drivers/ide/ide-tape.c", -+ [39479].name =3D "idetape_chrdev_read", -+ [39479].param3 =3D 1, -+ [39573].file =3D "drivers/hid/hid-picolcd.c", -+ [39573].name =3D "picolcd_debug_reset_write", -+ [39573].param3 =3D 1, -+ [39583].file =3D "drivers/net/ethernet/broadcom/cnic.c", -+ [39583].name =3D "cnic_init_id_tbl", -+ [39583].param2 =3D 1, -+ [39606].file =3D "drivers/bluetooth/hci_vhci.c", -+ [39606].name =3D "vhci_write", -+ [39606].param3 =3D 1, -+ [39638].file =3D "security/selinux/selinuxfs.c", -+ [39638].name =3D "sel_write_avc_cache_threshold", -+ [39638].param3 =3D 1, -+ [39645].file =3D "drivers/media/dvb/dvb-core/dvbdev.c", -+ [39645].name =3D "dvb_generic_ioctl", -+ [39645].param2 =3D 1, -+ [39741].file =3D "drivers/video/via/viafbdev.c", -+ [39741].name =3D "viafb_iga2_odev_proc_write", -+ [39741].param3 =3D 1, -+ [39888].file =3D "net/core/skbuff.c", -+ [39888].name =3D "__alloc_skb", -+ [39888].param1 =3D 1, -+ [40043].file =3D "drivers/media/video/v4l2-ioctl.c", -+ [40043].name =3D "video_ioctl2", -+ [40043].param2 =3D 1, -+ [40049].file =3D "drivers/bluetooth/btmrvl_debugfs.c", -+ [40049].name =3D "btmrvl_psmode_write", -+ [40049].param3 =3D 1, -+ [40075].file =3D "drivers/media/video/c-qcam.c", -+ [40075].name =3D "qc_capture", -+ [40075].param3 =3D 1, -+ [40163].file =3D "fs/ncpfs/file.c", -+ [40163].name =3D "ncp_file_write", -+ [40163].param3 =3D 1, -+ [40240].file =3D "drivers/char/nvram.c", -+ [40240].name =3D "nvram_write", -+ [40240].param3 =3D 1, -+ [40256].file =3D "drivers/tty/vt/vc_screen.c", -+ [40256].name =3D "vcs_write", -+ [40256].param3 =3D 1, -+ [40302].file =3D "sound/isa/gus/gus_dram.c", -+ [40302].name =3D "snd_gus_dram_poke", -+ [40302].param4 =3D 1, -+ [40355].file =3D "drivers/staging/mei/main.c", -+ [40355].name =3D "mei_write", -+ [40355].param3 =3D 1, -+ [40373].file =3D "fs/cifs/cifs_spnego.c", -+ [40373].name =3D "cifs_spnego_key_instantiate", -+ [40373].param3 =3D 1, -+ [40412].file =3D "fs/namei.c", -+ [40412].name =3D "user_path_at", -+ [40412].param2 =3D 1, -+ [40578].file =3D "sound/soc/soc-core.c", -+ [40578].name =3D "codec_reg_write_file", -+ [40578].param3 =3D 1, -+ [40678].file =3D "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [40678].name =3D "iwl_legacy_dbgfs_traffic_log_write", -+ [40678].param3 =3D 1, -+ [40713].file =3D "net/mac80211/debugfs.c", -+ [40713].name =3D "noack_write", -+ [40713].param3 =3D 1, -+ [40754].file =3D "fs/btrfs/delayed-inode.c", -+ [40754].name =3D "btrfs_alloc_delayed_item", -+ [40754].param1 =3D 1, -+ [40786].file =3D "net/ipv4/netfilter/nf_nat_snmp_basic.c", -+ [40786].name =3D "asn1_octets_decode", -+ [40786].param2 =3D 1, -+ [40901].file =3D "drivers/block/drbd/drbd_bitmap.c", -+ [40901].name =3D "drbd_bm_resize", -+ [40901].param2 =3D 1, -+ [40952].file =3D "drivers/misc/sgi-xp/xpc_partition.c", -+ [40952].name =3D "xpc_kmalloc_cacheline_aligned", -+ [40952].param1 =3D 1, -+ [41000].file =3D "sound/core/pcm_native.c", -+ [41000].name =3D "snd_pcm_aio_read", -+ [41000].param3 =3D 1, -+ [41003].file =3D "fs/namei.c", -+ [41003].name =3D "user_path_parent", -+ [41003].param2 =3D 1, -+ [41005].file =3D "net/bridge/netfilter/ebtables.c", -+ [41005].name =3D "copy_counters_to_user", -+ [41005].param5 =3D 1, -+ [41090].file =3D "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [41090].name =3D "iwl_legacy_dbgfs_sram_write", -+ [41090].param3 =3D 1, -+ [41122].file =3D "fs/binfmt_misc.c", -+ [41122].name =3D "bm_status_write", -+ [41122].param3 =3D 1, -+ [41230].file =3D "drivers/usb/storage/datafab.c", -+ [41230].name =3D "datafab_read_data", -+ [41230].param4 =3D 1, -+ [41249].file =3D "drivers/media/video/zr364xx.c", -+ [41249].name =3D "send_control_msg", -+ [41249].param6 =3D 1, -+ [41302].file =3D "net/dns_resolver/dns_query.c", -+ [41302].name =3D "dns_query", -+ [41302].param3 =3D 1, -+ [41418].file =3D "fs/libfs.c", -+ [41418].name =3D "simple_attr_write", -+ [41418].param3 =3D 1, -+ [4155].file =3D "kernel/kexec.c", -+ [4155].name =3D "do_kimage_alloc", -+ [4155].param3 =3D 1, -+ [41592].file =3D "net/sctp/ssnmap.c", -+ [41592].name =3D "sctp_ssnmap_new", -+ [41592].param1 =3D 1, -+ [41592].param2 =3D 1, -+ [41616].file =3D "net/core/filter.c", -+ [41616].name =3D "sk_chk_filter", -+ [41616].param2 =3D 1, -+ [41676].file =3D "fs/compat.c", -+ [41676].name =3D "compat_sys_preadv", -+ [41676].param3 =3D 1, -+ [41727].file =3D "drivers/media/video/meye.c", -+ [41727].name =3D "rvmalloc", -+ [41727].param1 =3D 1, -+ [41884].file =3D "sound/core/oss/pcm_plugin.c", -+ [41884].name =3D "snd_pcm_plug_alloc", -+ [41884].param2 =3D 1, -+ [41924].file =3D "security/keys/keyctl.c", -+ [41924].name =3D "keyctl_get_security", -+ [41924].param3 =3D 1, -+ [4202].file =3D "drivers/edac/edac_mc.c", -+ [4202].name =3D "edac_mc_alloc", -+ [4202].param1 =3D 1, -+ [42143].file =3D "drivers/media/video/c-qcam.c", -+ [42143].name =3D "qcam_read", -+ [42143].param3 =3D 1, -+ [42206].file =3D "fs/quota/quota_tree.c", -+ [42206].name =3D "getdqbuf", -+ [42206].param1 =3D 1, -+ [42270].file =3D "net/wireless/scan.c", -+ [42270].name =3D "cfg80211_inform_bss_frame", -+ [42270].param4 =3D 1, -+ [4233].file =3D "fs/select.c", -+ [4233].name =3D "sys_poll", -+ [4233].param2 =3D 1, -+ [42378].file =3D "drivers/net/wireless/ath/ath6kl/debug.c", -+ [42378].name =3D "ath6kl_regread_write", -+ [42378].param3 =3D 1, -+ [42420].file =3D "drivers/net/wireless/hostap/hostap_ioctl.c", -+ [42420].name =3D "prism2_set_genericelement", -+ [42420].param3 =3D 1, -+ [42466].file =3D "drivers/scsi/lpfc/lpfc_debugfs.c", -+ [42466].name =3D "lpfc_idiag_cmd_get", -+ [42466].param2 =3D 1, -+ [42472].file =3D "fs/compat.c", -+ [42472].name =3D "compat_readv", -+ [42472].param3 =3D 1, -+ [42483].file =3D "drivers/media/video/videobuf-dma-sg.c", -+ [42483].name =3D "videobuf_dma_init_user_locked", -+ [42483].param3 =3D 1, -+ [42483].param4 =3D 1, -+ [42562].file =3D "kernel/kfifo.c", -+ [42562].name =3D "__kfifo_to_user_r", -+ [42562].param3 =3D 1, -+ [42666].file =3D "drivers/pcmcia/cistpl.c", -+ [42666].name =3D "read_cis_cache", -+ [42666].param4 =3D 1, -+ [42882].file =3D "security/keys/user_defined.c", -+ [42882].name =3D "user_instantiate", -+ [42882].param3 =3D 1, -+ [42964].file =3D "drivers/video/fb_sys_fops.c", -+ [42964].name =3D "fb_sys_read", -+ [42964].param3 =3D 1, -+ [43023].file =3D "drivers/usb/misc/usblcd.c", -+ [43023].name =3D "lcd_write", -+ [43023].param3 =3D 1, -+ [4324].file =3D "drivers/video/fbmem.c", -+ [4324].name =3D "fb_read", -+ [4324].param3 =3D 1, -+ [43380].file =3D "drivers/scsi/bfa/bfad_debugfs.c", -+ [43380].name =3D "bfad_debugfs_write_regrd", -+ [43380].param3 =3D 1, -+ [43393].file =3D "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [43393].name =3D "iwl_dbgfs_sram_write", -+ [43393].param3 =3D 1, -+ [4344].file =3D "fs/namei.c", -+ [4344].name =3D "sys_mkdirat", -+ [4344].param2 =3D 1, -+ [43510].file =3D "kernel/kexec.c", -+ [43510].name =3D "compat_sys_kexec_load", -+ [43510].param2 =3D 1, -+ [43515].file =3D "drivers/usb/storage/jumpshot.c", -+ [43515].name =3D "jumpshot_read_data", -+ [43515].param4 =3D 1, -+ [43540].file =3D "include/rdma/ib_verbs.h", -+ [43540].name =3D "ib_copy_to_udata", -+ [43540].param3 =3D 1, -+ [4357].file =3D "security/tomoyo/securityfs_if.c", -+ [4357].name =3D "tomoyo_read_self", -+ [4357].param3 =3D 1, -+ [43590].file =3D "security/smack/smackfs.c", -+ [43590].name =3D "smk_write_onlycap", -+ [43590].param3 =3D 1, -+ [43596].file =3D "drivers/usb/core/buffer.c", -+ [43596].name =3D "hcd_buffer_alloc", -+ [43596].param2 =3D 1, -+ [43632].file =3D "drivers/media/video/videobuf2-core.c", -+ [43632].name =3D "vb2_read", -+ [43632].param3 =3D 1, -+ [43731].file =3D "drivers/hid/hid-picolcd.c", -+ [43731].name =3D "picolcd_debug_eeprom_read", -+ [43731].param3 =3D 1, -+ [43777].file =3D "drivers/acpi/acpica/utobject.c", -+ [43777].name =3D "acpi_ut_create_buffer_object", -+ [43777].param1 =3D 1, -+ [43834].file =3D "security/apparmor/apparmorfs.c", -+ [43834].name =3D "profile_replace", -+ [43834].param3 =3D 1, -+ [43899].file =3D "drivers/media/rc/imon.c", -+ [43899].name =3D "vfd_write", -+ [43899].param3 =3D 1, -+ [43982].file =3D "drivers/platform/x86/toshiba_acpi.c", -+ [43982].name =3D "keys_proc_write", -+ [43982].param3 =3D 1, -+ [44039].file =3D "drivers/video/via/viafbdev.c", -+ [44039].name =3D "odev_update", -+ [44039].param2 =3D 1, -+ [44050].file =3D "fs/nfs/idmap.c", -+ [44050].name =3D "nfs_map_group_to_gid", -+ [44050].param3 =3D 1, -+ [44125].file =3D "fs/ext4/super.c", -+ [44125].name =3D "ext4_kvmalloc", -+ [44125].param1 =3D 1, -+ [44180].file =3D "drivers/video/via/viafbdev.c", -+ [44180].name =3D "viafb_vt1636_proc_write", -+ [44180].param3 =3D 1, -+ [44290].file =3D "drivers/net/usb/dm9601.c", -+ [44290].name =3D "dm_read", -+ [44290].param3 =3D 1, -+ [44298].file =3D "drivers/scsi/pmcraid.c", -+ [44298].name =3D "pmcraid_copy_sglist", -+ [44298].param3 =3D 1, -+ [44365].file =3D "fs/namei.c", -+ [44365].name =3D "do_rmdir", -+ [44365].param2 =3D 1, -+ [44640].file =3D "fs/select.c", -+ [44640].name =3D "sys_ppoll", -+ [44640].param2 =3D 1, -+ [44649].file =3D "mm/page_cgroup.c", -+ [44649].name =3D "swap_cgroup_swapon", -+ [44649].param2 =3D 1, -+ [44656].file =3D "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [44656].name =3D "iwl_legacy_dbgfs_wd_timeout_write", -+ [44656].param3 =3D 1, -+ [4471].file =3D "fs/ntfs/malloc.h", -+ [4471].name =3D "__ntfs_malloc", -+ [4471].param1 =3D 1, -+ [44773].file =3D "drivers/staging/vme/devices/vme_user.c", -+ [44773].name =3D "vme_user_write", -+ [44773].param3 =3D 1, -+ [44825].file =3D "drivers/scsi/osd/osd_initiator.c", -+ [44825].name =3D "_osd_realloc_seg", -+ [44825].param3 =3D 1, -+ [44943].file =3D "mm/util.c", -+ [44943].name =3D "kmemdup", -+ [44943].param2 =3D 1, -+ [44990].file =3D "drivers/media/video/pvrusb2/pvrusb2-ioread.c", -+ [44990].name =3D "pvr2_ioread_set_sync_key", -+ [44990].param3 =3D 1, -+ [45000].file =3D "fs/afs/proc.c", -+ [45000].name =3D "afs_proc_rootcell_write", -+ [45000].param3 =3D 1, -+ [45119].file =3D "drivers/usb/misc/yurex.c", -+ [45119].name =3D "yurex_write", -+ [45119].param3 =3D 1, -+ [45169].file =3D "drivers/video/metronomefb.c", -+ [45169].name =3D "metronomefb_write", -+ [45169].param3 =3D 1, -+ [45200].file =3D "drivers/scsi/scsi_proc.c", -+ [45200].name =3D "proc_scsi_write_proc", -+ [45200].param3 =3D 1, -+ [45217].file =3D "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [45217].name =3D "iwl_dbgfs_debug_level_write", -+ [45217].param3 =3D 1, -+ [45231].file =3D "fs/ecryptfs/crypto.c", -+ [45231].name =3D "ecryptfs_copy_filename", -+ [45231].param4 =3D 1, -+ [45233].file =3D "net/rds/info.c", -+ [45233].name =3D "rds_info_getsockopt", -+ [45233].param3 =3D 1, -+ [45244].file =3D "drivers/mfd/ab3100-core.c", -+ [45244].name =3D "ab3100_get_set_reg", -+ [45244].param3 =3D 1, -+ [45264].file =3D "drivers/net/wireless/ath/ath5k/debug.c", -+ [45264].name =3D "write_file_ani", -+ [45264].param3 =3D 1, -+ [45326].file =3D "drivers/mtd/ubi/cdev.c", -+ [45326].name =3D "vol_cdev_read", -+ [45326].param3 =3D 1, -+ [45335].file =3D "fs/read_write.c", -+ [45335].name =3D "vfs_writev", -+ [45335].param3 =3D 1, -+ [45421].file =3D "drivers/message/fusion/mptctl.c", -+ [45421].name =3D "mptctl_do_mpt_command", -+ [45421].param3 =3D 1, -+ [45534].file =3D "drivers/net/wireless/ath/carl9170/cmd.c", -+ [45534].name =3D "carl9170_cmd_buf", -+ [45534].param3 =3D 1, -+ [45576].file =3D "net/netfilter/xt_recent.c", -+ [45576].name =3D "recent_mt_proc_write", -+ [45576].param3 =3D 1, -+ [45586].file =3D "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [45586].name =3D "rt2x00debug_write_bbp", -+ [45586].param3 =3D 1, -+ [45629].file =3D "lib/bch.c", -+ [45629].name =3D "bch_alloc", -+ [45629].param1 =3D 1, -+ [45633].file =3D "drivers/input/evdev.c", -+ [45633].name =3D "evdev_do_ioctl", -+ [45633].param2 =3D 1, -+ [45740].file =3D "drivers/net/wireless/ath/ath6kl/debug.c", -+ [45740].name =3D "ath6kl_lrssi_roam_write", -+ [45740].param3 =3D 1, -+ [45747].file =3D "net/netlink/af_netlink.c", -+ [45747].name =3D "__netlink_change_ngroups", -+ [45747].param2 =3D 1, -+ [45930].file =3D "security/apparmor/apparmorfs.c", -+ [45930].name =3D "profile_remove", -+ [45930].param3 =3D 1, -+ [45954].file =3D "drivers/usb/misc/legousbtower.c", -+ [45954].name =3D "tower_write", -+ [45954].param3 =3D 1, -+ [45995].file =3D "fs/namei.c", -+ [45995].name =3D "sys_mknodat", -+ [45995].param2 =3D 1, -+ [46072].file =3D "drivers/video/arcfb.c", -+ [46072].name =3D "arcfb_write", -+ [46072].param3 =3D 1, -+ [46140].file =3D "sound/core/memalloc.c", -+ [46140].name =3D "snd_mem_proc_write", -+ [46140].param3 =3D 1, -+ [4614].file =3D "sound/core/pcm_lib.c", -+ [4614].name =3D "snd_pcm_lib_write_transfer", -+ [4614].param5 =3D 1, -+ [4616].file =3D "net/sunrpc/cache.c", -+ [4616].name =3D "cache_do_downcall", -+ [4616].param3 =3D 1, -+ [46243].file =3D "fs/binfmt_misc.c", -+ [46243].name =3D "bm_register_write", -+ [46243].param3 =3D 1, -+ [46250].file =3D "fs/xattr.c", -+ [46250].name =3D "sys_getxattr", -+ [46250].param4 =3D 1, -+ [46343].file =3D "fs/compat.c", -+ [46343].name =3D "compat_do_readv_writev", -+ [46343].param4 =3D 1, -+ [4644].file =3D "drivers/net/usb/mcs7830.c", -+ [4644].name =3D "mcs7830_get_reg", -+ [4644].param3 =3D 1, -+ [46605].file =3D "sound/core/oss/pcm_oss.c", -+ [46605].name =3D "snd_pcm_oss_sync1", -+ [46605].param2 =3D 1, -+ [46630].file =3D "net/decnet/af_decnet.c", -+ [46630].name =3D "__dn_setsockopt", -+ [46630].param5 =3D 1, -+ [46655].file =3D "drivers/media/video/hdpvr/hdpvr-video.c", -+ [46655].name =3D "hdpvr_read", -+ [46655].param3 =3D 1, -+ [46685].file =3D "drivers/gpu/drm/ttm/ttm_bo_vm.c", -+ [46685].name =3D "ttm_bo_fbdev_io", -+ [46685].param4 =3D 1, -+ [46752].file =3D "drivers/staging/pohmelfs/dir.c", -+ [46752].name =3D "pohmelfs_name_alloc", -+ [46752].param1 =3D 1, -+ [46881].file =3D "drivers/char/lp.c", -+ [46881].name =3D "lp_write", -+ [46881].param3 =3D 1, -+ [47130].file =3D "kernel/kfifo.c", -+ [47130].name =3D "kfifo_copy_to_user", -+ [47130].param3 =3D 1, -+ [47265].file =3D "drivers/scsi/bnx2fc/bnx2fc_io.c", -+ [47265].name =3D "bnx2fc_cmd_mgr_alloc", -+ [47265].param2 =3D 1, -+ [47265].param3 =3D 1, -+ [47342].file =3D "fs/proc/base.c", -+ [47342].name =3D "sched_autogroup_write", -+ [47342].param3 =3D 1, -+ [47363].file =3D "drivers/input/evdev.c", -+ [47363].name =3D "evdev_ioctl_handler", -+ [47363].param2 =3D 1, -+ [47385].file =3D "drivers/net/wireless/zd1211rw/zd_usb.c", -+ [47385].name =3D "zd_usb_iowrite16v", -+ [47385].param3 =3D 1, -+ [47463].file =3D "fs/xfs/kmem.c", -+ [47463].name =3D "kmem_zalloc", -+ [47463].param1 =3D 1, -+ [47636].file =3D "drivers/usb/class/usblp.c", -+ [47636].name =3D "usblp_ioctl", -+ [47636].param2 =3D 1, -+ [47637].file =3D "drivers/block/cciss.c", -+ [47637].name =3D "cciss_proc_write", -+ [47637].param3 =3D 1, -+ [47652].file =3D "lib/kstrtox.c", -+ [47652].name =3D "kstrtoll_from_user", -+ [47652].param2 =3D 1, -+ [47881].file =3D "security/selinux/selinuxfs.c", -+ [47881].name =3D "sel_write_disable", -+ [47881].param3 =3D 1, -+ [48010].file =3D "drivers/net/wireless/ath/ath9k/debug.c", -+ [48010].name =3D "write_file_rx_chainmask", -+ [48010].param3 =3D 1, -+ [48155].file =3D "net/sctp/sm_make_chunk.c", -+ [48155].name =3D "sctp_make_abort_user", -+ [48155].param3 =3D 1, -+ [48182].file =3D "crypto/cryptd.c", -+ [48182].name =3D "cryptd_alloc_instance", -+ [48182].param2 =3D 1, -+ [48248].file =3D "security/keys/keyctl.c", -+ [48248].name =3D "keyctl_instantiate_key", -+ [48248].param3 =3D 1, -+ [48461].file =3D "drivers/gpu/drm/drm_memory.c", -+ [48461].name =3D "agp_remap", -+ [48461].param2 =3D 1, -+ [48642].file =3D "fs/hugetlbfs/inode.c", -+ [48642].name =3D "hugetlbfs_read", -+ [48642].param3 =3D 1, -+ [48720].file =3D "drivers/gpu/drm/i915/i915_debugfs.c", -+ [48720].name =3D "i915_max_freq_write", -+ [48720].param3 =3D 1, -+ [48768].file =3D "net/irda/irnet/irnet_ppp.c", -+ [48768].name =3D "dev_irnet_write", -+ [48768].param3 =3D 1, -+ [48856].file =3D "drivers/acpi/acpica/utalloc.c", -+ [48856].name =3D "acpi_ut_initialize_buffer", -+ [48856].param2 =3D 1, -+ [48941].file =3D "drivers/gpu/drm/nouveau/nouveau_vm.c", -+ [48941].name =3D "nouveau_vm_new", -+ [48941].param2 =3D 1, -+ [48941].param3 =3D 1, -+ [49126].file =3D "lib/prio_heap.c", -+ [49126].name =3D "heap_init", -+ [49126].param2 =3D 1, -+ [49143].file =3D "sound/core/oss/pcm_oss.c", -+ [49143].name =3D "snd_pcm_oss_write2", -+ [49143].param3 =3D 1, -+ [49216].file =3D "fs/read_write.c", -+ [49216].name =3D "do_readv_writev", -+ [49216].param4 =3D 1, -+ [49354].file =3D "drivers/media/video/cx18/cx18-fileops.c", -+ [49354].name =3D "cx18_v4l2_read", -+ [49354].param3 =3D 1, -+ [49448].file =3D "drivers/isdn/gigaset/common.c", -+ [49448].name =3D "gigaset_initdriver", -+ [49448].param2 =3D 1, -+ [49494].file =3D "drivers/virtio/virtio_ring.c", -+ [49494].name =3D "vring_new_virtqueue", -+ [49494].param1 =3D 1, -+ [49507].file =3D "fs/namei.c", -+ [49507].name =3D "sys_symlink", -+ [49507].param1 =3D 1, -+ [49604].file =3D "crypto/af_alg.c", -+ [49604].name =3D "alg_setsockopt", -+ [49604].param5 =3D 1, -+ [49646].file =3D "drivers/tty/vt/vt.c", -+ [49646].name =3D "vc_resize", -+ [49646].param2 =3D 1, -+ [49646].param3 =3D 1, -+ [49663].file =3D "drivers/media/video/uvc/uvc_driver.c", -+ [49663].name =3D "uvc_simplify_fraction", -+ [49663].param3 =3D 1, -+ [49718].file =3D "drivers/hid/hid-roccat-common.c", -+ [49718].name =3D "roccat_common_send", -+ [49718].param4 =3D 1, -+ [4972].file =3D "drivers/video/fb_sys_fops.c", -+ [4972].name =3D "fb_sys_write", -+ [4972].param3 =3D 1, -+ [49746].file =3D "net/ipv4/netfilter/arp_tables.c", -+ [49746].name =3D "compat_do_arpt_set_ctl", -+ [49746].param4 =3D 1, -+ [49780].file =3D "net/mac80211/key.c", -+ [49780].name =3D "ieee80211_key_alloc", -+ [49780].param3 =3D 1, -+ [49845].file =3D "mm/vmalloc.c", -+ [49845].name =3D "__vmalloc_node", -+ [49845].param1 =3D 1, -+ [49935].file =3D "fs/xfs/kmem.c", -+ [49935].name =3D "kmem_zalloc_greedy", -+ [49935].param2 =3D 1, -+ [49935].param3 =3D 1, -+ [50001].file =3D "sound/pci/ctxfi/ctresource.c", -+ [50001].name =3D "rsc_mgr_init", -+ [50001].param3 =3D 1, -+ [50022].file =3D "drivers/usb/storage/shuttle_usbat.c", -+ [50022].name =3D "usbat_flash_read_data", -+ [50022].param4 =3D 1, -+ [50096].file =3D "drivers/net/wireless/libertas/debugfs.c", -+ [50096].name =3D "lbs_rdbbp_write", -+ [50096].param3 =3D 1, -+ [50102].file =3D "drivers/telephony/ixj.c", -+ [50102].name =3D "ixj_write", -+ [50102].param3 =3D 1, -+ [50238].file =3D "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [50238].name =3D "iwl_legacy_dbgfs_clear_ucode_statistics_write", -+ [50238].param3 =3D 1, -+ [50267].file =3D "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [50267].name =3D "rt2x00debug_read_crypto_stats", -+ [50267].param3 =3D 1, -+ [50398].file =3D "fs/proc/base.c", -+ [50398].name =3D "mem_write", -+ [50398].param3 =3D 1, -+ [50518].file =3D "drivers/gpu/drm/nouveau/nouveau_gem.c", -+ [50518].name =3D "u_memcpya", -+ [50518].param2 =3D 1, -+ [50518].param3 =3D 1, -+ [5052].file =3D "drivers/char/ppdev.c", -+ [5052].name =3D "pp_read", -+ [5052].param3 =3D 1, -+ [50562].file =3D "drivers/media/video/zoran/zoran_procfs.c", -+ [50562].name =3D "zoran_write", -+ [50562].param3 =3D 1, -+ [50653].file =3D "net/sunrpc/cache.c", -+ [50653].name =3D "cache_write_procfs", -+ [50653].param3 =3D 1, -+ [50692].file =3D "lib/ts_bm.c", -+ [50692].name =3D "bm_init", -+ [50692].param2 =3D 1, -+ [50813].file =3D "mm/vmalloc.c", -+ [50813].name =3D "__vmalloc_node_flags", -+ [50813].param1 =3D 1, -+ [5087].file =3D "drivers/atm/solos-pci.c", -+ [5087].name =3D "console_store", -+ [5087].param4 =3D 1, -+ [5102].file =3D "drivers/usb/misc/usbtest.c", -+ [5102].name =3D "usbtest_alloc_urb", -+ [5102].param3 =3D 1, -+ [5102].param5 =3D 1, -+ [51052].file =3D "drivers/base/firmware_class.c", -+ [51052].name =3D "firmware_data_write", -+ [51052].param6 =3D 1, -+ [51177].file =3D "net/sunrpc/xprtrdma/transport.c", -+ [51177].name =3D "xprt_rdma_allocate", -+ [51177].param2 =3D 1, -+ [51182].file =3D "drivers/misc/sgi-xp/xpc_main.c", -+ [51182].name =3D "xpc_kzalloc_cacheline_aligned", -+ [51182].param1 =3D 1, -+ [51250].file =3D "fs/read_write.c", -+ [51250].name =3D "rw_copy_check_uvector", -+ [51250].param3 =3D 1, -+ [51253].file =3D "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [51253].name =3D "rt2x00debug_write_eeprom", -+ [51253].param3 =3D 1, -+ [51284].file =3D "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [51284].name =3D "iwl_legacy_dbgfs_interrupt_write", -+ [51284].param3 =3D 1, -+ [51323].file =3D "sound/pci/ac97/ac97_pcm.c", -+ [51323].name =3D "snd_ac97_pcm_assign", -+ [51323].param2 =3D 1, -+ [51340].file =3D "drivers/usb/class/usblp.c", -+ [51340].name =3D "usblp_write", -+ [51340].param3 =3D 1, -+ [51471].file =3D "drivers/block/floppy.c", -+ [51471].name =3D "fd_locked_ioctl", -+ [51471].param3 =3D 1, -+ [5197].file =3D "net/core/dev.c", -+ [5197].name =3D "dev_set_alias", -+ [5197].param3 =3D 1, -+ [51998].file =3D "drivers/net/macvtap.c", -+ [51998].name =3D "macvtap_get_user", -+ [51998].param4 =3D 1, -+ [5204].file =3D "drivers/media/video/usbvision/usbvision-video.c", -+ [5204].name =3D "usbvision_v4l2_read", -+ [5204].param3 =3D 1, -+ [52086].file =3D "drivers/usb/image/mdc800.c", -+ [52086].name =3D "mdc800_device_read", -+ [52086].param3 =3D 1, -+ [52172].file =3D "drivers/pcmcia/cistpl.c", -+ [52172].name =3D "pccard_store_cis", -+ [52172].param6 =3D 1, -+ [52173].file =3D "drivers/misc/ibmasm/ibmasmfs.c", -+ [52173].name =3D "remote_settings_file_write", -+ [52173].param3 =3D 1, -+ [52199].file =3D "mm/nobootmem.c", -+ [52199].name =3D "__alloc_bootmem", -+ [52199].param1 =3D 1, -+ [52201].file =3D "drivers/video/via/viafbdev.c", -+ [52201].name =3D "viafb_dvp0_proc_write", -+ [52201].param3 =3D 1, -+ [5233].file =3D "include/linux/poll.h", -+ [5233].name =3D "set_fd_set", -+ [5233].param1 =3D 1, -+ [52343].file =3D "drivers/usb/misc/adutux.c", -+ [52343].name =3D "adu_read", -+ [52343].param3 =3D 1, -+ [52364].file =3D "sound/core/pcm_lib.c", -+ [52364].name =3D "snd_pcm_lib_readv_transfer", -+ [52364].param5 =3D 1, -+ [52401].file =3D "drivers/staging/rtl8712/rtl871x_ioctl_linux.c", -+ [52401].name =3D "r871x_set_wpa_ie", -+ [52401].param3 =3D 1, -+ [52699].file =3D "lib/ts_fsm.c", -+ [52699].name =3D "fsm_init", -+ [52699].param2 =3D 1, -+ [52721].file =3D "security/keys/encrypted-keys/encrypted.c", -+ [52721].name =3D "encrypted_instantiate", -+ [52721].param3 =3D 1, -+ [53041].file =3D "fs/libfs.c", -+ [53041].name =3D "simple_transaction_get", -+ [53041].param3 =3D 1, -+ [5313].file =3D "fs/gfs2/quota.c", -+ [5313].name =3D "do_sync", -+ [5313].param1 =3D 1, -+ [53209].file =3D "drivers/usb/host/ehci-sched.c", -+ [53209].name =3D "iso_sched_alloc", -+ [53209].param1 =3D 1, -+ [53302].file =3D "drivers/firewire/core-cdev.c", -+ [53302].name =3D "dispatch_ioctl", -+ [53302].param2 =3D 1, -+ [53355].file =3D "fs/ceph/dir.c", -+ [53355].name =3D "ceph_read_dir", -+ [53355].param3 =3D 1, -+ [53405].file =3D "drivers/media/video/videobuf-core.c", -+ [53405].name =3D "__videobuf_copy_to_user", -+ [53405].param4 =3D 1, -+ [53407].file =3D "net/wireless/sme.c", -+ [53407].name =3D "cfg80211_connect_result", -+ [53407].param4 =3D 1, -+ [53407].param6 =3D 1, -+ [53426].file =3D "fs/libfs.c", -+ [53426].name =3D "simple_transaction_read", -+ [53426].param3 =3D 1, -+ [5344].file =3D "security/selinux/ss/hashtab.c", -+ [5344].name =3D "hashtab_create", -+ [5344].param3 =3D 1, -+ [53468].file =3D "drivers/char/mem.c", -+ [53468].name =3D "write_mem", -+ [53468].param3 =3D 1, -+ [53513].file =3D "drivers/mmc/core/mmc_ops.c", -+ [53513].name =3D "mmc_send_bus_test", -+ [53513].param4 =3D 1, -+ [53539].file =3D "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [53539].name =3D "iwl_dbgfs_txfifo_flush_write", -+ [53539].param3 =3D 1, -+ [53626].file =3D "drivers/block/paride/pg.c", -+ [53626].name =3D "pg_read", -+ [53626].param3 =3D 1, -+ [53631].file =3D "mm/util.c", -+ [53631].name =3D "memdup_user", -+ [53631].param2 =3D 1, -+ [53680].file =3D "lib/kstrtox.c", -+ [53680].name =3D "kstrtol_from_user", -+ [53680].param2 =3D 1, -+ [5389].file =3D "drivers/infiniband/core/uverbs_cmd.c", -+ [5389].name =3D "ib_uverbs_unmarshall_recv", -+ [5389].param5 =3D 1, -+ [53901].file =3D "net/rds/message.c", -+ [53901].name =3D "rds_message_alloc", -+ [53901].param1 =3D 1, -+ [53904].file =3D "fs/namei.c", -+ [53904].name =3D "sys_unlink", -+ [53904].param1 =3D 1, -+ [5410].file =3D "kernel/kexec.c", -+ [5410].name =3D "sys_kexec_load", -+ [5410].param2 =3D 1, -+ [54182].file =3D "drivers/block/rbd.c", -+ [54182].name =3D "rbd_snap_add", -+ [54182].param4 =3D 1, -+ [5419].file =3D "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [5419].name =3D "iwl_legacy_dbgfs_disable_ht40_write", -+ [5419].param3 =3D 1, -+ [54201].file =3D "drivers/platform/x86/asus_acpi.c", -+ [54201].name =3D "mled_proc_write", -+ [54201].param3 =3D 1, -+ [5422].file =3D "fs/namei.c", -+ [5422].name =3D "do_unlinkat", -+ [5422].param2 =3D 1, -+ [54252].file =3D "drivers/scsi/st.c", -+ [54252].name =3D "st_write", -+ [54252].param3 =3D 1, -+ [54263].file =3D "security/keys/trusted.c", -+ [54263].name =3D "trusted_instantiate", -+ [54263].param3 =3D 1, -+ [54298].file =3D "drivers/usb/wusbcore/crypto.c", -+ [54298].name =3D "wusb_ccm_mac", -+ [54298].param7 =3D 1, -+ [54318].file =3D "include/drm/drm_mem_util.h", -+ [54318].name =3D "drm_malloc_ab", -+ [54318].param1 =3D 1, -+ [54318].param2 =3D 1, -+ [54335].file =3D "drivers/md/dm-table.c", -+ [54335].name =3D "dm_vcalloc", -+ [54335].param1 =3D 1, -+ [54335].param2 =3D 1, -+ [54339].file =3D "security/smack/smackfs.c", -+ [54339].name =3D "smk_write_cipso", -+ [54339].param3 =3D 1, -+ [5438].file =3D "sound/core/memory.c", -+ [5438].name =3D "copy_to_user_fromio", -+ [5438].param3 =3D 1, -+ [54401].file =3D "lib/dynamic_debug.c", -+ [54401].name =3D "ddebug_proc_write", -+ [54401].param3 =3D 1, -+ [54427].file =3D "drivers/usb/storage/jumpshot.c", -+ [54427].name =3D "jumpshot_write_data", -+ [54427].param4 =3D 1, -+ [54467].file =3D "net/packet/af_packet.c", -+ [54467].name =3D "packet_setsockopt", -+ [54467].param5 =3D 1, -+ [54573].file =3D "ipc/sem.c", -+ [54573].name =3D "sys_semop", -+ [54573].param3 =3D 1, -+ [54643].file =3D "drivers/isdn/hardware/eicon/divasi.c", -+ [54643].name =3D "um_idi_write", -+ [54643].param3 =3D 1, -+ [54657].file =3D "mm/migrate.c", -+ [54657].name =3D "do_pages_stat", -+ [54657].param2 =3D 1, -+ [54663].file =3D "drivers/isdn/hardware/eicon/platform.h", -+ [54663].name =3D "diva_os_malloc", -+ [54663].param2 =3D 1, -+ [54751].file =3D "drivers/infiniband/core/device.c", -+ [54751].name =3D "ib_alloc_device", -+ [54751].param1 =3D 1, -+ [54806].file =3D "drivers/scsi/lpfc/lpfc_debugfs.c", -+ [54806].name =3D "lpfc_debugfs_dif_err_write", -+ [54806].param3 =3D 1, -+ [5494].file =3D "fs/cifs/cifsacl.c", -+ [5494].name =3D "cifs_idmap_key_instantiate", -+ [5494].param3 =3D 1, -+ [55066].file =3D "net/ipv6/ipv6_sockglue.c", -+ [55066].name =3D "do_ipv6_setsockopt", -+ [55066].param5 =3D 1, -+ [55105].file =3D "drivers/base/devres.c", -+ [55105].name =3D "devres_alloc", -+ [55105].param2 =3D 1, -+ [55115].file =3D "net/sctp/probe.c", -+ [55115].name =3D "sctpprobe_read", -+ [55115].param3 =3D 1, -+ [55155].file =3D "net/bluetooth/rfcomm/sock.c", -+ [55155].name =3D "rfcomm_sock_setsockopt", -+ [55155].param5 =3D 1, -+ [55187].file =3D "security/keys/keyctl.c", -+ [55187].name =3D "keyctl_describe_key", -+ [55187].param3 =3D 1, -+ [5524].file =3D "lib/kstrtox.c", -+ [5524].name =3D "kstrtos8_from_user", -+ [5524].param2 =3D 1, -+ [55253].file =3D "drivers/net/wireless/ray_cs.c", -+ [55253].name =3D "ray_cs_essid_proc_write", -+ [55253].param3 =3D 1, -+ [5548].file =3D "drivers/media/media-entity.c", -+ [5548].name =3D "media_entity_init", -+ [5548].param2 =3D 1, -+ [5548].param4 =3D 1, -+ [55580].file =3D "drivers/usb/mon/mon_bin.c", -+ [55580].name =3D "copy_from_buf", -+ [55580].param2 =3D 1, -+ [55682].file =3D "drivers/net/wireless/libertas/debugfs.c", -+ [55682].name =3D "lbs_host_sleep_write", -+ [55682].param3 =3D 1, -+ [55712].file =3D "drivers/char/mem.c", -+ [55712].name =3D "read_zero", -+ [55712].param3 =3D 1, -+ [55857].file =3D "drivers/net/wireless/ath/ath9k/debug.c", -+ [55857].name =3D "write_file_tx_chainmask", -+ [55857].param3 =3D 1, -+ [55978].file =3D "drivers/usb/misc/iowarrior.c", -+ [55978].name =3D "iowarrior_write", -+ [55978].param3 =3D 1, -+ [5599].file =3D "drivers/char/random.c", -+ [5599].name =3D "write_pool", -+ [5599].param3 =3D 1, -+ [56090].file =3D "drivers/media/video/videobuf-dma-sg.c", -+ [56090].name =3D "__videobuf_alloc_vb", -+ [56090].param1 =3D 1, -+ [56199].file =3D "fs/binfmt_misc.c", -+ [56199].name =3D "parse_command", -+ [56199].param2 =3D 1, -+ [56218].file =3D "drivers/mmc/card/mmc_test.c", -+ [56218].name =3D "mtf_test_write", -+ [56218].param3 =3D 1, -+ [56416].file =3D "drivers/misc/lkdtm.c", -+ [56416].name =3D "do_register_entry", -+ [56416].param4 =3D 1, -+ [56432].file =3D "drivers/mfd/aat2870-core.c", -+ [56432].name =3D "aat2870_reg_write_file", -+ [56432].param3 =3D 1, -+ [56471].file =3D "include/linux/slab.h", -+ [56471].name =3D "kcalloc", -+ [56471].param1 =3D 1, -+ [56471].param2 =3D 1, -+ [56513].file =3D "fs/cifs/connect.c", -+ [56513].name =3D "cifs_readv_from_socket", -+ [56513].param3 =3D 1, -+ [56544].file =3D "drivers/block/drbd/drbd_receiver.c", -+ [56544].name =3D "receive_DataRequest", -+ [56544].param3 =3D 1, -+ [5661].file =3D "lib/dma-debug.c", -+ [5661].name =3D "filter_write", -+ [5661].param3 =3D 1, -+ [56672].file =3D "drivers/char/agp/generic.c", -+ [56672].name =3D "agp_alloc_page_array", -+ [56672].param1 =3D 1, -+ [56843].file =3D "drivers/scsi/scsi_transport_iscsi.c", -+ [56843].name =3D "iscsi_recv_pdu", -+ [56843].param4 =3D 1, -+ [57120].file =3D "lib/kstrtox.c", -+ [57120].name =3D "kstrtouint_from_user", -+ [57120].param2 =3D 1, -+ [57128].file =3D "drivers/pnp/pnpbios/proc.c", -+ [57128].name =3D "pnpbios_proc_write", -+ [57128].param3 =3D 1, -+ [57190].file =3D "drivers/char/agp/generic.c", -+ [57190].name =3D "agp_generic_alloc_user", -+ [57190].param1 =3D 1, -+ [57471].file =3D "drivers/media/video/sn9c102/sn9c102_core.c", -+ [57471].name =3D "sn9c102_read", -+ [57471].param3 =3D 1, -+ [57605].file =3D "net/netlink/af_netlink.c", -+ [57605].name =3D "netlink_kernel_create", -+ [57605].param3 =3D 1, -+ [57670].file =3D "drivers/bluetooth/btmrvl_debugfs.c", -+ [57670].name =3D "btmrvl_pscmd_write", -+ [57670].param3 =3D 1, -+ [57675].file =3D "drivers/net/wireless/ath/ath9k/debug.c", -+ [57675].name =3D "write_file_regidx", -+ [57675].param3 =3D 1, -+ [57724].file =3D "net/bluetooth/hci_sock.c", -+ [57724].name =3D "hci_sock_setsockopt", -+ [57724].param5 =3D 1, -+ [57748].file =3D "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [57748].name =3D "iwl_dbgfs_missed_beacon_write", -+ [57748].param3 =3D 1, -+ [57786].file =3D "net/ipv6/netfilter/ip6_tables.c", -+ [57786].name =3D "compat_do_ip6t_set_ctl", -+ [57786].param4 =3D 1, -+ [57872].file =3D "fs/ceph/xattr.c", -+ [57872].name =3D "ceph_setxattr", -+ [57872].param4 =3D 1, -+ [57927].file =3D "fs/read_write.c", -+ [57927].name =3D "sys_preadv", -+ [57927].param3 =3D 1, -+ [58020].file =3D "drivers/firewire/core-cdev.c", -+ [58020].name =3D "fw_device_op_ioctl", -+ [58020].param2 =3D 1, -+ [58043].file =3D "kernel/auditfilter.c", -+ [58043].name =3D "audit_unpack_string", -+ [58043].param3 =3D 1, -+ [5805].file =3D "drivers/xen/grant-table.c", -+ [5805].name =3D "gnttab_alloc_grant_references", -+ [5805].param1 =3D 1, -+ [58087].file =3D "kernel/module.c", -+ [58087].name =3D "module_alloc_update_bounds_rw", -+ [58087].param1 =3D 1, -+ [58107].file =3D "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [58107].name =3D "iwl_dbgfs_sleep_level_override_write", -+ [58107].param3 =3D 1, -+ [58124].file =3D "drivers/usb/misc/usbtest.c", -+ [58124].name =3D "ctrl_out", -+ [58124].param3 =3D 1, -+ [58124].param5 =3D 1, -+ [58263].file =3D "security/keys/keyring.c", -+ [58263].name =3D "keyring_read", -+ [58263].param3 =3D 1, -+ [58278].file =3D "drivers/net/wireless/iwlwifi/iwl-trans-pcie.c", -+ [58278].name =3D "iwl_dbgfs_log_event_write", -+ [58278].param3 =3D 1, -+ [5830].file =3D "drivers/gpu/vga/vga_switcheroo.c", -+ [5830].name =3D "vga_switcheroo_debugfs_write", -+ [5830].param3 =3D 1, -+ [58320].file =3D "drivers/scsi/scsi_proc.c", -+ [58320].name =3D "proc_scsi_write", -+ [58320].param3 =3D 1, -+ [58344].file =3D "net/sunrpc/cache.c", -+ [58344].name =3D "read_flush", -+ [58344].param3 =3D 1, -+ [58392].file =3D "fs/namei.c", -+ [58392].name =3D "getname_flags", -+ [58392].param1 =3D 1, -+ [58418].file =3D "kernel/module.c", -+ [58418].name =3D "sys_init_module", -+ [58418].param2 =3D 1, -+ [58502].file =3D "sound/core/sgbuf.c", -+ [58502].name =3D "snd_malloc_sgbuf_pages", -+ [58502].param2 =3D 1, -+ [58597].file =3D "kernel/kfifo.c", -+ [58597].name =3D "__kfifo_to_user", -+ [58597].param3 =3D 1, -+ [58641].file =3D "drivers/usb/misc/adutux.c", -+ [58641].name =3D "adu_write", -+ [58641].param3 =3D 1, -+ [58709].file =3D "fs/compat.c", -+ [58709].name =3D "compat_sys_pwritev", -+ [58709].param3 =3D 1, -+ [58769].file =3D "drivers/net/wireless/zd1211rw/zd_usb.c", -+ [58769].name =3D "zd_usb_read_fw", -+ [58769].param4 =3D 1, -+ [5876].file =3D "drivers/net/ppp/ppp_generic.c", -+ [5876].name =3D "ppp_write", -+ [5876].param3 =3D 1, -+ [58826].file =3D "net/sunrpc/xprt.c", -+ [58826].name =3D "xprt_alloc", -+ [58826].param2 =3D 1, -+ [58867].file =3D "drivers/platform/x86/asus_acpi.c", -+ [58867].name =3D "wled_proc_write", -+ [58867].param3 =3D 1, -+ [58878].file =3D "drivers/net/wireless/libertas/debugfs.c", -+ [58878].name =3D "lbs_wrbbp_write", -+ [58878].param3 =3D 1, -+ [58888].file =3D "fs/xattr.c", -+ [58888].name =3D "listxattr", -+ [58888].param3 =3D 1, -+ [58912].file =3D "drivers/lguest/core.c", -+ [58912].name =3D "__lgwrite", -+ [58912].param4 =3D 1, -+ [58918].file =3D "sound/core/pcm_native.c", -+ [58918].name =3D "snd_pcm_aio_write", -+ [58918].param3 =3D 1, -+ [58919].file =3D "net/netlabel/netlabel_unlabeled.c", -+ [58919].name =3D "netlbl_unlabel_init", -+ [58919].param1 =3D 1, -+ [58942].file =3D "drivers/block/aoe/aoedev.c", -+ [58942].name =3D "aoedev_flush", -+ [58942].param2 =3D 1, -+ [58958].file =3D "fs/fuse/control.c", -+ [58958].name =3D "fuse_conn_limit_write", -+ [58958].param3 =3D 1, -+ [58].file =3D "lib/kstrtox.c", -+ [58].name =3D "kstrtoull_from_user", -+ [58].param2 =3D 1, -+ [59034].file =3D "drivers/acpi/acpica/dsobject.c", -+ [59034].name =3D "acpi_ds_build_internal_package_obj", -+ [59034].param3 =3D 1, -+ [59073].file =3D "drivers/staging/speakup/i18n.c", -+ [59073].name =3D "msg_set", -+ [59073].param3 =3D 1, -+ [59108].file =3D "drivers/net/wireless/ath/ath5k/debug.c", -+ [59108].name =3D "write_file_queue", -+ [59108].param3 =3D 1, -+ [59297].file =3D "drivers/media/dvb/ttpci/av7110_av.c", -+ [59297].name =3D "dvb_play", -+ [59297].param3 =3D 1, -+ [59472].file =3D "drivers/misc/ibmasm/ibmasmfs.c", -+ [59472].name =3D "command_file_write", -+ [59472].param3 =3D 1, -+ [59505].file =3D "drivers/media/video/pvrusb2/pvrusb2-ioread.c", -+ [59505].name =3D "pvr2_ioread_read", -+ [59505].param3 =3D 1, -+ [59681].file =3D "fs/xfs/kmem.c", -+ [59681].name =3D "kmem_alloc", -+ [59681].param1 =3D 1, -+ [5968].file =3D "net/sunrpc/sched.c", -+ [5968].name =3D "rpc_malloc", -+ [5968].param2 =3D 1, -+ [59794].file =3D "mm/mincore.c", -+ [59794].name =3D "sys_mincore", -+ [59794].param1 =3D 1, -+ [59794].param2 =3D 1, -+ [59838].file =3D "net/netlink/af_netlink.c", -+ [59838].name =3D "nl_pid_hash_zalloc", -+ [59838].param1 =3D 1, -+ [59856].file =3D "drivers/base/devres.c", -+ [59856].name =3D "devm_kzalloc", -+ [59856].param2 =3D 1, -+ [59991].file =3D "drivers/media/video/uvc/uvc_queue.c", -+ [59991].name =3D "uvc_alloc_buffers", -+ [59991].param2 =3D 1, -+ [59991].param3 =3D 1, -+ [60005].file =3D "fs/namei.c", -+ [60005].name =3D "getname", -+ [60005].param1 =3D 1, -+ [60066].file =3D "mm/filemap.c", -+ [60066].name =3D "iov_iter_copy_from_user", -+ [60066].param4 =3D 1, -+ [60198].file =3D "fs/nfs/nfs4proc.c", -+ [60198].name =3D "nfs4_write_cached_acl", -+ [60198].param3 =3D 1, -+ [60330].file =3D "drivers/media/video/w9966.c", -+ [60330].name =3D "w9966_v4l_read", -+ [60330].param3 =3D 1, -+ [6041].file =3D "drivers/mtd/mtdchar.c", -+ [6041].name =3D "mtd_write", -+ [6041].param3 =3D 1, -+ [60436].file =3D "drivers/net/macvtap.c", -+ [60436].name =3D "macvtap_sendmsg", -+ [60436].param4 =3D 1, -+ [60483].file =3D "drivers/char/virtio_console.c", -+ [60483].name =3D "fill_readbuf", -+ [60483].param3 =3D 1, -+ [604].file =3D "drivers/staging/rtl8712/usb_ops_linux.c", -+ [604].name =3D "r8712_usbctrl_vendorreq", -+ [604].param6 =3D 1, -+ [60543].file =3D "drivers/usb/class/usbtmc.c", -+ [60543].name =3D "usbtmc_read", -+ [60543].param3 =3D 1, -+ [60683].file =3D "sound/drivers/opl4/opl4_proc.c", -+ [60683].name =3D "snd_opl4_mem_proc_write", -+ [60683].param5 =3D 1, -+ [60693].file =3D "drivers/misc/hpilo.c", -+ [60693].name =3D "ilo_read", -+ [60693].param3 =3D 1, -+ [60744].file =3D "sound/pci/emu10k1/emuproc.c", -+ [60744].name =3D "snd_emu10k1_fx8010_read", -+ [60744].param5 =3D 1, -+ [60833].file =3D "drivers/block/aoe/aoenet.c", -+ [60833].name =3D "set_aoe_iflist", -+ [60833].param2 =3D 1, -+ [60878].file =3D "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [60878].name =3D "rt2x00debug_read_queue_dump", -+ [60878].param3 =3D 1, -+ [60882].file =3D "drivers/input/joydev.c", -+ [60882].name =3D "joydev_compat_ioctl", -+ [60882].param2 =3D 1, -+ [60891].file =3D "kernel/sched.c", -+ [60891].name =3D "sys_sched_setaffinity", -+ [60891].param2 =3D 1, -+ [60927].file =3D "drivers/net/wireless/ath/ath9k/debug.c", -+ [60927].name =3D "write_file_disable_ani", -+ [60927].param3 =3D 1, -+ [60928].file =3D "drivers/staging/bcm/Bcmchar.c", -+ [60928].name =3D "bcm_char_read", -+ [60928].param3 =3D 1, -+ [61058].file =3D "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [61058].name =3D "iwl_dbgfs_disable_ht40_write", -+ [61058].param3 =3D 1, -+ [61120].file =3D "drivers/char/mem.c", -+ [61120].name =3D "read_mem", -+ [61120].param3 =3D 1, -+ [61222].file =3D "net/sunrpc/rpc_pipe.c", -+ [61222].name =3D "rpc_pipe_generic_upcall", -+ [61222].param4 =3D 1, -+ [61254].file =3D "drivers/scsi/scsi_devinfo.c", -+ [61254].name =3D "proc_scsi_devinfo_write", -+ [61254].param3 =3D 1, -+ [61283].file =3D "drivers/net/wireless/ath/ath6kl/debug.c", -+ [61283].name =3D "ath6kl_fwlog_read", -+ [61283].param3 =3D 1, -+ [61289].file =3D "security/apparmor/apparmorfs.c", -+ [61289].name =3D "aa_simple_write_to_buffer", -+ [61289].param4 =3D 1, -+ [61389].file =3D "include/linux/slab.h", -+ [61389].name =3D "kzalloc_node", -+ [61389].param1 =3D 1, -+ [61546].file =3D "mm/filemap.c", -+ [61546].name =3D "__iovec_copy_from_user_inatomic", -+ [61546].param3 =3D 1, -+ [61546].param4 =3D 1, -+ [61552].file =3D "drivers/input/evdev.c", -+ [61552].name =3D "str_to_user", -+ [61552].param2 =3D 1, -+ [61673].file =3D "security/keys/trusted.c", -+ [61673].name =3D "trusted_update", -+ [61673].param3 =3D 1, -+ [61676].file =3D "kernel/module.c", -+ [61676].name =3D "module_alloc_update_bounds_rx", -+ [61676].param1 =3D 1, -+ [61770].file =3D "drivers/media/video/et61x251/et61x251_core.c", -+ [61770].name =3D "et61x251_read", -+ [61770].param3 =3D 1, -+ [6186].file =3D "drivers/char/mem.c", -+ [6186].name =3D "read_kmem", -+ [6186].param3 =3D 1, -+ [61932].file =3D "drivers/message/fusion/mptctl.c", -+ [61932].name =3D "__mptctl_ioctl", -+ [61932].param2 =3D 1, -+ [62081].file =3D "drivers/net/irda/vlsi_ir.c", -+ [62081].name =3D "vlsi_alloc_ring", -+ [62081].param3 =3D 1, -+ [62116].file =3D "fs/libfs.c", -+ [62116].name =3D "simple_attr_read", -+ [62116].param3 =3D 1, -+ [6225].file =3D "drivers/block/floppy.c", -+ [6225].name =3D "fd_ioctl", -+ [6225].param3 =3D 1, -+ [62294].file =3D "sound/core/info.c", -+ [62294].name =3D "resize_info_buffer", -+ [62294].param2 =3D 1, -+ [62378].file =3D "net/ipv4/tcp.c", -+ [62378].name =3D "do_tcp_setsockopt", -+ [62378].param5 =3D 1, -+ [62387].file =3D "fs/nfs/idmap.c", -+ [62387].name =3D "nfs_idmap_lookup_id", -+ [62387].param2 =3D 1, -+ [62453].file =3D "fs/namei.c", -+ [62453].name =3D "user_path_create", -+ [62453].param2 =3D 1, -+ [62495].file =3D "drivers/block/floppy.c", -+ [62495].name =3D "fallback_on_nodma_alloc", -+ [62495].param2 =3D 1, -+ [62498].file =3D "fs/xattr.c", -+ [62498].name =3D "sys_listxattr", -+ [62498].param3 =3D 1, -+ [62583].file =3D "drivers/net/wireless/mwifiex/debugfs.c", -+ [62583].name =3D "mwifiex_regrdwr_write", -+ [62583].param3 =3D 1, -+ [625].file =3D "fs/read_write.c", -+ [625].name =3D "sys_pwritev", -+ [625].param3 =3D 1, -+ [62669].file =3D "drivers/platform/x86/asus_acpi.c", -+ [62669].name =3D "tled_proc_write", -+ [62669].param3 =3D 1, -+ [62714].file =3D "security/keys/keyctl.c", -+ [62714].name =3D "keyctl_update_key", -+ [62714].param3 =3D 1, -+ [62799].file =3D "fs/proc/task_mmu.c", -+ [62799].name =3D "pagemap_read", -+ [62799].param3 =3D 1, -+ [62811].file =3D "drivers/usb/misc/legousbtower.c", -+ [62811].name =3D "tower_read", -+ [62811].param3 =3D 1, -+ [62851].file =3D "fs/proc/vmcore.c", -+ [62851].name =3D "read_vmcore", -+ [62851].param3 =3D 1, -+ [62925].file =3D "include/rdma/ib_verbs.h", -+ [62925].name =3D "ib_copy_from_udata", -+ [62925].param3 =3D 1, -+ [62967].file =3D "security/keys/encrypted-keys/encrypted.c", -+ [62967].name =3D "encrypted_update", -+ [62967].param3 =3D 1, -+ [62970].file =3D "net/sched/sch_api.c", -+ [62970].name =3D "qdisc_class_hash_alloc", -+ [62970].param1 =3D 1, -+ [62999].file =3D "net/core/neighbour.c", -+ [62999].name =3D "neigh_hash_alloc", -+ [62999].param1 =3D 1, -+ [63004].file =3D "drivers/usb/storage/datafab.c", -+ [63004].name =3D "datafab_write_data", -+ [63004].param4 =3D 1, -+ [63007].file =3D "fs/proc/base.c", -+ [63007].name =3D "proc_coredump_filter_write", -+ [63007].param3 =3D 1, -+ [63010].file =3D "drivers/gpu/drm/ttm/ttm_page_alloc.c", -+ [63010].name =3D "ttm_page_pool_free", -+ [63010].param2 =3D 1, -+ [63076].file =3D "fs/cifs/xattr.c", -+ [63076].name =3D "cifs_setxattr", -+ [63076].param4 =3D 1, -+ [63091].file =3D "drivers/net/usb/pegasus.c", -+ [63091].name =3D "get_registers", -+ [63091].param3 =3D 1, -+ [63169].file =3D "drivers/scsi/sg.c", -+ [63169].name =3D "sg_read", -+ [63169].param3 =3D 1, -+ [6331].file =3D "drivers/atm/solos-pci.c", -+ [6331].name =3D "solos_param_store", -+ [6331].param4 =3D 1, -+ [63367].file =3D "net/netfilter/ipset/ip_set_core.c", -+ [63367].name =3D "ip_set_alloc", -+ [63367].param1 =3D 1, -+ [63473].file =3D "drivers/staging/pohmelfs/trans.c", -+ [63473].name =3D "netfs_trans_alloc", -+ [63473].param2 =3D 1, -+ [63473].param4 =3D 1, -+ [63489].file =3D "drivers/bluetooth/btmrvl_debugfs.c", -+ [63489].name =3D "btmrvl_hscfgcmd_write", -+ [63489].param3 =3D 1, -+ [63490].file =3D "crypto/shash.c", -+ [63490].name =3D "shash_compat_setkey", -+ [63490].param3 =3D 1, -+ [63583].file =3D "drivers/char/mem.c", -+ [63583].name =3D "write_kmem", -+ [63583].param3 =3D 1, -+ [63605].file =3D "mm/mempool.c", -+ [63605].name =3D "mempool_kmalloc", -+ [63605].param2 =3D 1, -+ [63717].file =3D "drivers/net/wireless/iwlwifi/iwl-trans-pcie.c", -+ [63717].name =3D "iwl_dbgfs_csr_write", -+ [63717].param3 =3D 1, -+ [63748].file =3D "drivers/staging/crystalhd/crystalhd_misc.c", -+ [63748].name =3D "crystalhd_map_dio", -+ [63748].param3 =3D 1, -+ [63765].file =3D "fs/seq_file.c", -+ [63765].name =3D "seq_read", -+ [63765].param3 =3D 1, -+ [63777].file =3D "drivers/virtio/virtio_ring.c", -+ [63777].name =3D "virtqueue_add_buf_gfp", -+ [63777].param3 =3D 1, -+ [63777].param4 =3D 1, -+ [63961].file =3D "fs/xattr.c", -+ [63961].name =3D "sys_flistxattr", -+ [63961].param3 =3D 1, -+ [63988].file =3D "drivers/input/evdev.c", -+ [63988].name =3D "evdev_ioctl_compat", -+ [63988].param2 =3D 1, -+ [64118].file =3D "fs/namei.c", -+ [64118].name =3D "sys_symlinkat", -+ [64118].param1 =3D 1, -+ [64156].file =3D "drivers/net/wireless/ath/ath6kl/cfg80211.c", -+ [64156].name =3D "ath6kl_mgmt_tx", -+ [64156].param9 =3D 1, -+ [64227].file =3D "mm/nobootmem.c", -+ [64227].name =3D "__alloc_bootmem_node_nopanic", -+ [64227].param2 =3D 1, -+ [64312].file =3D "drivers/video/hecubafb.c", -+ [64312].name =3D "hecubafb_write", -+ [64312].param3 =3D 1, -+ [64351].file =3D "kernel/kfifo.c", -+ [64351].name =3D "kfifo_copy_from_user", -+ [64351].param3 =3D 1, -+ [64392].file =3D "drivers/mmc/core/mmc_ops.c", -+ [64392].name =3D "mmc_send_cxd_data", -+ [64392].param5 =3D 1, -+ [64471].file =3D "drivers/bluetooth/btmrvl_debugfs.c", -+ [64471].name =3D "btmrvl_hscmd_write", -+ [64471].param3 =3D 1, -+ [64667].file =3D "sound/core/oss/pcm_oss.c", -+ [64667].name =3D "snd_pcm_oss_read", -+ [64667].param3 =3D 1, -+ [64689].file =3D "sound/isa/gus/gus_dram.c", -+ [64689].name =3D "snd_gus_dram_read", -+ [64689].param4 =3D 1, -+ [64692].file =3D "fs/binfmt_misc.c", -+ [64692].name =3D "bm_entry_write", -+ [64692].param3 =3D 1, -+ [64705].file =3D "drivers/staging/iio/accel/sca3000_ring.c", -+ [64705].name =3D "sca3000_read_first_n_hw_rb", -+ [64705].param2 =3D 1, -+ [64743].file =3D "fs/ocfs2/dlmfs/dlmfs.c", -+ [64743].name =3D "dlmfs_file_read", -+ [64743].param3 =3D 1, -+ [6477].file =3D "net/bluetooth/mgmt.c", -+ [6477].name =3D "mgmt_pending_add", -+ [6477].param5 =3D 1, -+ [64898].file =3D "drivers/media/video/videobuf-dma-sg.c", -+ [64898].name =3D "videobuf_dma_init_user", -+ [64898].param3 =3D 1, -+ [64898].param4 =3D 1, -+ [64906].file =3D "drivers/net/wireless/b43legacy/debugfs.c", -+ [64906].name =3D "b43legacy_debugfs_write", -+ [64906].param3 =3D 1, -+ [64961].file =3D "drivers/spi/spidev.c", -+ [64961].name =3D "spidev_ioctl", -+ [64961].param2 =3D 1, -+ [65033].file =3D "crypto/shash.c", -+ [65033].name =3D "shash_async_setkey", -+ [65033].param3 =3D 1, -+ [65093].file =3D "security/integrity/evm/evm_secfs.c", -+ [65093].name =3D "evm_write_key", -+ [65093].param3 =3D 1, -+ [65098].file =3D "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [65098].name =3D "iwl_dbgfs_traffic_log_write", -+ [65098].param3 =3D 1, -+ [6514].file =3D "mm/nobootmem.c", -+ [6514].name =3D "__alloc_bootmem_low", -+ [6514].param1 =3D 1, -+ [65169].file =3D "net/core/skbuff.c", -+ [65169].name =3D "dev_alloc_skb", -+ [65169].param1 =3D 1, -+ [6517].file =3D "drivers/md/dm-table.c", -+ [6517].name =3D "alloc_targets", -+ [6517].param2 =3D 1, -+ [65195].file =3D "fs/jffs2/xattr.c", -+ [65195].name =3D "do_jffs2_setxattr", -+ [65195].param5 =3D 1, -+ [65237].file =3D "kernel/profile.c", -+ [65237].name =3D "read_profile", -+ [65237].param3 =3D 1, -+ [65345].file =3D "lib/xz/xz_dec_lzma2.c", -+ [65345].name =3D "xz_dec_lzma2_create", -+ [65345].param2 =3D 1, -+ [65364].file =3D "sound/core/pcm_lib.c", -+ [65364].name =3D "snd_pcm_lib_read_transfer", -+ [65364].param5 =3D 1, -+ [65409].file =3D "net/802/garp.c", -+ [65409].name =3D "garp_request_join", -+ [65409].param4 =3D 1, -+ [65432].file =3D "drivers/hid/hid-roccat-kone.c", -+ [65432].name =3D "kone_receive", -+ [65432].param4 =3D 1, -+ [65452].file =3D "drivers/message/fusion/mptctl.c", -+ [65452].name =3D "mptctl_ioctl", -+ [65452].param2 =3D 1, -+ [65514].file =3D "drivers/media/video/gspca/t613.c", -+ [65514].name =3D "reg_w_ixbuf", -+ [65514].param4 =3D 1, -+ [6551].file =3D "drivers/usb/host/xhci-mem.c", -+ [6551].name =3D "xhci_alloc_stream_info", -+ [6551].param3 =3D 1, -+ [65535].file =3D "drivers/media/dvb/dvb-usb/opera1.c", -+ [65535].name =3D "opera1_xilinx_rw", -+ [65535].param5 =3D 1, -+ [6657].file =3D "drivers/hid/hid-roccat-kone.c", -+ [6657].name =3D "kone_send", -+ [6657].param4 =3D 1, -+ [6672].file =3D "drivers/net/wireless/b43/debugfs.c", -+ [6672].name =3D "b43_debugfs_write", -+ [6672].param3 =3D 1, -+ [6691].file =3D "drivers/acpi/proc.c", -+ [6691].name =3D "acpi_system_write_wakeup_device", -+ [6691].param3 =3D 1, -+ [6772].file =3D "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [6772].name =3D "iwl_dbgfs_force_reset_write", -+ [6772].param3 =3D 1, -+ [6780].file =3D "sound/core/info.c", -+ [6780].name =3D "snd_info_entry_read", -+ [6780].param3 =3D 1, -+ [6800].file =3D "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [6800].name =3D "iwl_legacy_dbgfs_missed_beacon_write", -+ [6800].param3 =3D 1, -+ [680].file =3D "drivers/misc/ibmasm/ibmasmfs.c", -+ [680].name =3D "command_file_read", -+ [680].param3 =3D 1, -+ [6865].file =3D "drivers/staging/iio/ring_sw.c", -+ [6865].name =3D "iio_read_first_n_sw_rb", -+ [6865].param2 =3D 1, -+ [6867].file =3D "fs/coda/psdev.c", -+ [6867].name =3D "coda_psdev_read", -+ [6867].param3 =3D 1, -+ [6891].file =3D "drivers/bluetooth/btmrvl_debugfs.c", -+ [6891].name =3D "btmrvl_gpiogap_write", -+ [6891].param3 =3D 1, -+ [6944].file =3D "drivers/ide/ide-proc.c", -+ [6944].name =3D "ide_settings_proc_write", -+ [6944].param3 =3D 1, -+ [6950].file =3D "drivers/isdn/capi/capi.c", -+ [6950].name =3D "capi_write", -+ [6950].param3 =3D 1, -+ [697].file =3D "sound/isa/gus/gus_dram.c", -+ [697].name =3D "snd_gus_dram_peek", -+ [697].param4 =3D 1, -+ [7066].file =3D "security/keys/keyctl.c", -+ [7066].name =3D "keyctl_instantiate_key_common", -+ [7066].param4 =3D 1, -+ [7129].file =3D "mm/maccess.c", -+ [7129].name =3D "__probe_kernel_read", -+ [7129].param3 =3D 1, -+ [720].file =3D "sound/pci/rme9652/hdsp.c", -+ [720].name =3D "snd_hdsp_playback_copy", -+ [720].param5 =3D 1, -+ [7411].file =3D "drivers/vhost/vhost.c", -+ [7411].name =3D "__vhost_add_used_n", -+ [7411].param3 =3D 1, -+ [7488].file =3D "security/keys/user_defined.c", -+ [7488].name =3D "user_read", -+ [7488].param3 =3D 1, -+ [7551].file =3D "drivers/input/touchscreen/ad7879-spi.c", -+ [7551].name =3D "ad7879_spi_xfer", -+ [7551].param3 =3D 1, -+ [7676].file =3D "drivers/acpi/custom_method.c", -+ [7676].name =3D "cm_write", -+ [7676].param3 =3D 1, -+ [7832].file =3D "drivers/net/wireless/ath/ath5k/debug.c", -+ [7832].name =3D "write_file_antenna", -+ [7832].param3 =3D 1, -+ [7843].file =3D "fs/compat.c", -+ [7843].name =3D "compat_sys_readv", -+ [7843].param3 =3D 1, -+ [7958].file =3D "drivers/gpu/vga/vgaarb.c", -+ [7958].name =3D "vga_arb_write", -+ [7958].param3 =3D 1, -+ [7976].file =3D "drivers/usb/gadget/rndis.c", -+ [7976].name =3D "rndis_add_response", -+ [7976].param2 =3D 1, -+ [8014].file =3D "net/netfilter/ipset/ip_set_list_set.c", -+ [8014].name =3D "init_list_set", -+ [8014].param2 =3D 1, -+ [8014].param3 =3D 1, -+ [8087].file =3D "drivers/video/via/viafbdev.c", -+ [8087].name =3D "viafb_iga1_odev_proc_write", -+ [8087].param3 =3D 1, -+ [8126].file =3D "sound/soc/soc-core.c", -+ [8126].name =3D "codec_reg_read_file", -+ [8126].param3 =3D 1, -+ [8185].file =3D "drivers/net/wireless/ath/ath6kl/debug.c", -+ [8185].name =3D "ath6kl_regwrite_write", -+ [8185].param3 =3D 1, -+ [8317].file =3D "security/smack/smackfs.c", -+ [8317].name =3D "smk_write_ambient", -+ [8317].param3 =3D 1, -+ [8334].file =3D "drivers/scsi/sg.c", -+ [8334].name =3D "sg_proc_write_adio", -+ [8334].param3 =3D 1, -+ [8481].file =3D "drivers/isdn/i4l/isdn_common.c", -+ [8481].name =3D "isdn_write", -+ [8481].param3 =3D 1, -+ [8536].file =3D "fs/cifs/dns_resolve.c", -+ [8536].name =3D "dns_resolve_server_name_to_ip", -+ [8536].param1 =3D 1, -+ [8650].file =3D "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c", -+ [8650].name =3D "vmw_kms_present", -+ [8650].param9 =3D 1, -+ [865].file =3D "drivers/base/regmap/regmap-debugfs.c", -+ [865].name =3D "regmap_access_read_file", -+ [865].param3 =3D 1, -+ [8663].file =3D "net/bridge/netfilter/ebtables.c", -+ [8663].name =3D "do_update_counters", -+ [8663].param4 =3D 1, -+ [8684].file =3D "fs/read_write.c", -+ [8684].name =3D "sys_writev", -+ [8684].param3 =3D 1, -+ [8699].file =3D "security/selinux/selinuxfs.c", -+ [8699].name =3D "sel_commit_bools_write", -+ [8699].param3 =3D 1, -+ [8714].file =3D "lib/kstrtox.c", -+ [8714].name =3D "kstrtou16_from_user", -+ [8714].param2 =3D 1, -+ [8764].file =3D "drivers/usb/core/devio.c", -+ [8764].name =3D "usbdev_read", -+ [8764].param3 =3D 1, -+ [8802].file =3D "fs/dlm/user.c", -+ [8802].name =3D "device_write", -+ [8802].param3 =3D 1, -+ [8810].file =3D "net/mac80211/debugfs_sta.c", -+ [8810].name =3D "sta_agg_status_write", -+ [8810].param3 =3D 1, -+ [8815].file =3D "security/tomoyo/securityfs_if.c", -+ [8815].name =3D "tomoyo_write_self", -+ [8815].param3 =3D 1, -+ [8821].file =3D "net/wireless/sme.c", -+ [8821].name =3D "cfg80211_roamed", -+ [8821].param5 =3D 1, -+ [8821].param7 =3D 1, -+ [8833].file =3D "security/selinux/ss/services.c", -+ [8833].name =3D "security_context_to_sid", -+ [8833].param2 =3D 1, -+ [8851].file =3D "net/key/af_key.c", -+ [8851].name =3D "pfkey_sendmsg", -+ [8851].param4 =3D 1, -+ [8917].file =3D "net/ipv4/raw.c", -+ [8917].name =3D "raw_setsockopt", -+ [8917].param5 =3D 1, -+ [8983].file =3D "include/linux/skbuff.h", -+ [8983].name =3D "alloc_skb", -+ [8983].param1 =3D 1, -+ [9226].file =3D "mm/migrate.c", -+ [9226].name =3D "sys_move_pages", -+ [9226].param2 =3D 1, -+ [9341].file =3D "drivers/acpi/apei/erst-dbg.c", -+ [9341].name =3D "erst_dbg_write", -+ [9341].param3 =3D 1, -+ [9463].file =3D "drivers/infiniband/hw/ipath/ipath_verbs.c", -+ [9463].name =3D "ipath_verbs_send", -+ [9463].param3 =3D 1, -+ [9463].param5 =3D 1, -+ [9546].file =3D "drivers/video/fbmem.c", -+ [9546].name =3D "fb_write", -+ [9546].param3 =3D 1, -+ [9601].file =3D "kernel/kfifo.c", -+ [9601].name =3D "__kfifo_from_user", -+ [9601].param3 =3D 1, -+ [9618].file =3D "security/selinux/selinuxfs.c", -+ [9618].name =3D "sel_write_bool", -+ [9618].param3 =3D 1, -+ [9768].file =3D "drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c", -+ [9768].name =3D "vmw_execbuf_process", -+ [9768].param5 =3D 1, -+ [9828].file =3D "drivers/media/dvb/dvb-core/dmxdev.c", -+ [9828].name =3D "dvb_demux_do_ioctl", -+ [9828].param3 =3D 1, -+ [9870].file =3D "net/atm/addr.c", -+ [9870].name =3D "atm_get_addr", -+ [9870].param3 =3D 1, -+ [9962].file =3D "drivers/scsi/sg.c", -+ [9962].name =3D "sg_proc_write_dressz", -+ [9962].param3 =3D 1, -+ [9977].file =3D "drivers/net/wireless/zd1211rw/zd_usb.c", -+ [9977].name =3D "zd_usb_iowrite16v_async", -+ [9977].param3 =3D 1, -+ [16344].collision =3D 1, -+ [30494].collision =3D 1, -+ [31291].collision =3D 1, -+ [33040].collision =3D 1, -+ [38314].collision =3D 1, -+ [54338].collision =3D 1, -+ [60651].collision =3D 1, -+}; -diff --git a/tools/gcc/size_overflow_hash2.h b/tools/gcc/size_overflow_h= ash2.h -new file mode 100644 -index 0000000..8ed7d96 ---- /dev/null -+++ b/tools/gcc/size_overflow_hash2.h -@@ -0,0 +1,44 @@ -+struct size_overflow_hash size_overflow_hash2[65536] =3D { -+ [2118].file =3D "fs/ntfs/malloc.h", -+ [2118].name =3D "ntfs_malloc_nofs", -+ [2118].param1 =3D 1, -+ [22224].file =3D "fs/proc/vmcore.c", -+ [22224].name =3D "read_from_oldmem", -+ [22224].param2 =3D 1, -+ [26518].file =3D "drivers/gpu/vga/vgaarb.c", -+ [26518].name =3D "vga_arb_read", -+ [26518].param3 =3D 1, -+ [26569].file =3D "lib/kstrtox.c", -+ [26569].name =3D "kstrtoint_from_user", -+ [26569].param2 =3D 1, -+ [30632].file =3D "drivers/ide/ide-proc.c", -+ [30632].name =3D "ide_driver_proc_write", -+ [30632].param3 =3D 1, -+ [36150].file =3D "net/ceph/buffer.c", -+ [36150].name =3D "ceph_buffer_new", -+ [36150].param1 =3D 1, -+ [39024].file =3D "lib/scatterlist.c", -+ [39024].name =3D "sg_kmalloc", -+ [39024].param1 =3D 1, -+ [39105].file =3D "drivers/gpu/drm/ttm/ttm_tt.c", -+ [39105].name =3D "ttm_tt_create", -+ [39105].param2 =3D 1, -+ [43208].file =3D "fs/nfs/read.c", -+ [43208].name =3D "nfs_readdata_alloc", -+ [43208].param1 =3D 1, -+ [46911].file =3D "drivers/media/video/ivtv/ivtv-fileops.c", -+ [46911].name =3D "ivtv_v4l2_read", -+ [46911].param3 =3D 1, -+ [50359].file =3D "kernel/sched.c", -+ [50359].name =3D "alloc_sched_domains", -+ [50359].param1 =3D 1, -+ [52857].file =3D "sound/pci/rme9652/rme9652.c", -+ [52857].name =3D "snd_rme9652_capture_copy", -+ [52857].param5 =3D 1, -+ [57500].file =3D "drivers/spi/spidev.c", -+ [57500].name =3D "spidev_write", -+ [57500].param3 =3D 1, -+ [65149].file =3D "fs/nilfs2/ioctl.c", -+ [65149].name =3D "nilfs_ioctl_wrap_copy", -+ [65149].param4 =3D 1, -+}; -diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_= plugin.c -new file mode 100644 -index 0000000..a9ae886 ---- /dev/null -+++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,1042 @@ -+/* -+ * Copyright 2011, 2012 by Emese Revfy -+ * Licensed under the GPL v2, or (at your option) v3 -+ * -+ * Homepage: -+ * http://www.grsecurity.net/~ephox/overflow_plugin/ -+ * -+ * This plugin recomputes expressions of function arguments marked by a= size_overflow attribute -+ * with double integer precision (DImode/TImode for 32/64 bit integer t= ypes). -+ * The recomputed argument is checked against INT_MAX and an event is l= ogged on overflow and the triggering process is killed. -+ * -+ * Usage: -+ * $ gcc -I`gcc -print-file-name=3Dplugin`/include -fPIC -shared -O2 -o= size_overflow_plugin.so size_overflow_plugin.c -+ * $ gcc -fplugin=3Dsize_overflow_plugin.so test.c -O2 -+ */ -+ -+#include "gcc-plugin.h" -+#include "config.h" -+#include "system.h" -+#include "coretypes.h" -+#include "tree.h" -+#include "tree-pass.h" -+#include "intl.h" -+#include "plugin-version.h" -+#include "tm.h" -+#include "toplev.h" -+#include "function.h" -+#include "tree-flow.h" -+#include "plugin.h" -+#include "gimple.h" -+#include "c-common.h" -+#include "diagnostic.h" -+ -+struct size_overflow_hash { -+ const char *name; -+ const char *file; -+ unsigned short collision:1; -+ unsigned short param1:1; -+ unsigned short param2:1; -+ unsigned short param3:1; -+ unsigned short param4:1; -+ unsigned short param5:1; -+ unsigned short param6:1; -+ unsigned short param7:1; -+ unsigned short param8:1; -+ unsigned short param9:1; -+}; -+ -+#include "size_overflow_hash1.h" -+#include "size_overflow_hash2.h" -+ -+#define __unused __attribute__((__unused__)) -+#define NAME(node) IDENTIFIER_POINTER(DECL_NAME(node)) -+#define BEFORE_STMT true -+#define AFTER_STMT false -+#define CREATE_NEW_VAR NULL_TREE -+ -+int plugin_is_GPL_compatible; -+void debug_gimple_stmt (gimple gs); -+ -+static tree expand(struct pointer_set_t *visited, tree var); -+static tree signed_size_overflow_type; -+static tree unsigned_size_overflow_type; -+static tree report_size_overflow_decl; -+static tree const_char_ptr_type_node; -+static unsigned int handle_function(void); -+ -+static struct plugin_info size_overflow_plugin_info =3D { -+ .version =3D "20120311beta", -+ .help =3D "no-size_overflow\tturn off size overflow checking\n", -+}; -+ -+static tree handle_size_overflow_attribute(tree *node, tree __unused na= me, tree args, int __unused flags, bool *no_add_attrs) -+{ -+ unsigned int arg_count =3D type_num_arguments(*node); -+ -+ for (; args; args =3D TREE_CHAIN(args)) { -+ tree position =3D TREE_VALUE(args); -+ if (TREE_CODE(position) !=3D INTEGER_CST || TREE_INT_CST_HIGH(positio= n) || TREE_INT_CST_LOW(position) < 1 || TREE_INT_CST_LOW(position) > arg_= count ) { -+ error("handle_size_overflow_attribute: overflow parameter outside ra= nge."); -+ *no_add_attrs =3D true; -+ } -+ } -+ return NULL_TREE; -+} -+ -+static struct attribute_spec no_size_overflow_attr =3D { -+ .name =3D "size_overflow", -+ .min_length =3D 1, -+ .max_length =3D -1, -+ .decl_required =3D false, -+ .type_required =3D true, -+ .function_type_required =3D true, -+ .handler =3D handle_size_overflow_attribute -+}; -+ -+static void register_attributes(void __unused *event_data, void __unuse= d *data) -+{ -+ register_attribute(&no_size_overflow_attr); -+} -+ -+// http://www.team5150.com/~andrew/noncryptohashzoo2~/CrapWow.html -+static unsigned int CrapWow(const char *key, unsigned int len, unsigned= int seed) -+{ -+#define cwfold( a, b, lo, hi ) { p =3D (unsigned int)(a) * (unsigned lo= ng long)(b); lo ^=3D (unsigned int)p; hi ^=3D (unsigned int)(p >> 32); } -+#define cwmixa( in ) { cwfold( in, m, k, h ); } -+#define cwmixb( in ) { cwfold( in, n, h, k ); } -+ -+ const unsigned int m =3D 0x57559429; -+ const unsigned int n =3D 0x5052acdb; -+ const unsigned int *key4 =3D (const unsigned int *)key; -+ unsigned int h =3D len; -+ unsigned int k =3D len + seed + n; -+ unsigned long long p; -+ -+ while (len >=3D 8) { -+ cwmixb(key4[0]) cwmixa(key4[1]) key4 +=3D 2; -+ len -=3D 8; -+ } -+ if (len >=3D 4) { -+ cwmixb(key4[0]) key4 +=3D 1; -+ len -=3D 4; -+ } -+ if (len) -+ cwmixa(key4[0] & ((1 << (len * 8)) - 1 )); -+ cwmixb(h ^ (k + n)); -+ return k ^ h; -+ -+#undef cwfold -+#undef cwmixa -+#undef cwmixb -+} -+ -+static inline unsigned int size_overflow_hash(const char *fndecl, unsig= ned int seed) -+{ -+ return CrapWow(fndecl, strlen(fndecl), seed) & 0xffff; -+} -+ -+static inline tree get_original_function_decl(tree fndecl) -+{ -+ if (DECL_ABSTRACT_ORIGIN(fndecl)) -+ return DECL_ABSTRACT_ORIGIN(fndecl); -+ return fndecl; -+} -+ -+static inline gimple get_def_stmt(tree node) -+{ -+ gcc_assert(TREE_CODE(node) =3D=3D SSA_NAME); -+ return SSA_NAME_DEF_STMT(node); -+} -+ -+static struct size_overflow_hash *get_function_hash(tree fndecl) -+{ -+ unsigned int hash; -+ const char *func =3D NAME(fndecl); -+ -+ hash =3D size_overflow_hash(func, 0); -+ -+ if (size_overflow_hash1[hash].collision) { -+ hash =3D size_overflow_hash(func, 23432); -+ return &size_overflow_hash2[hash]; -+ } -+ return &size_overflow_hash1[hash]; -+} -+ -+static void check_missing_attribute(tree arg) -+{ -+ tree var, func =3D get_original_function_decl(current_function_decl); -+ const char *curfunc =3D NAME(func); -+ unsigned int new_hash, argnum =3D 1; -+ struct size_overflow_hash *hash; -+ location_t loc; -+ expanded_location xloc; -+ bool match =3D false; -+ -+ loc =3D DECL_SOURCE_LOCATION(func); -+ xloc =3D expand_location(loc); -+ -+ if (lookup_attribute("size_overflow", TYPE_ATTRIBUTES(TREE_TYPE(func))= )) -+ return; -+ -+ hash =3D get_function_hash(func); -+ if (hash->name && !strcmp(hash->name, NAME(func)) && !strcmp(hash->fil= e, xloc.file)) -+ return; -+ -+ gcc_assert(TREE_CODE(arg) !=3D COMPONENT_REF); -+ -+ if (TREE_CODE(arg) =3D=3D SSA_NAME) -+ arg =3D SSA_NAME_VAR(arg); -+ -+ for (var =3D DECL_ARGUMENTS(func); var; var =3D TREE_CHAIN(var)) { -+ if (strcmp(NAME(arg), NAME(var))) { -+ argnum++; -+ continue; -+ } -+ match =3D true; -+ if (!TYPE_UNSIGNED(TREE_TYPE(var))) -+ return; -+ break; -+ } -+ if (!match) { -+ warning(0, "check_missing_attribute: cannot find the %s argument in %= s", NAME(arg), NAME(func)); -+ return; -+ } -+ -+#define check_param(num) \ -+ if (num =3D=3D argnum && hash->param##num) \ -+ return; -+ check_param(1); -+ check_param(2); -+ check_param(3); -+ check_param(4); -+ check_param(5); -+ check_param(6); -+ check_param(7); -+ check_param(8); -+ check_param(9); -+#undef check_param -+ -+ new_hash =3D size_overflow_hash(curfunc, 0); -+ inform(loc, "Function %s is missing from the size_overflow hash table = +%s+%d+%u+%s", curfunc, curfunc, argnum, new_hash, xloc.file); -+} -+ -+static tree create_new_var(tree type) -+{ -+ tree new_var =3D create_tmp_var(type, "cicus"); -+ -+ add_referenced_var(new_var); -+ mark_sym_for_renaming(new_var); -+ return new_var; -+} -+ -+static bool is_bool(tree node) -+{ -+ tree type; -+ -+ if (node =3D=3D NULL_TREE) -+ return false; -+ -+ type =3D TREE_TYPE(node); -+ if (!INTEGRAL_TYPE_P(type)) -+ return false; -+ if (TREE_CODE(type) =3D=3D BOOLEAN_TYPE) -+ return true; -+ if (TYPE_PRECISION(type) =3D=3D 1) -+ return true; -+ return false; -+} -+ -+static gimple build_cast_stmt(tree type, tree var, tree new_var, locati= on_t loc) -+{ -+ gimple assign; -+ -+ if (new_var =3D=3D CREATE_NEW_VAR) -+ new_var =3D create_new_var(type); -+ -+ assign =3D gimple_build_assign(new_var, fold_convert(type, var)); -+ gimple_set_location(assign, loc); -+ gimple_set_lhs(assign, make_ssa_name(new_var, assign)); -+ -+ return assign; -+} -+ -+static tree create_assign(struct pointer_set_t *visited, gimple oldstmt= , tree rhs1, bool before) -+{ -+ tree oldstmt_rhs1; -+ enum tree_code code; -+ gimple stmt; -+ gimple_stmt_iterator gsi; -+ -+ if (is_bool(rhs1)) { -+ pointer_set_insert(visited, oldstmt); -+ return gimple_get_lhs(oldstmt); -+ } -+ -+ if (rhs1 =3D=3D NULL_TREE) { -+ debug_gimple_stmt(oldstmt); -+ error("create_assign: rhs1 is NULL_TREE"); -+ gcc_unreachable(); -+ } -+ -+ oldstmt_rhs1 =3D gimple_assign_rhs1(oldstmt); -+ code =3D TREE_CODE(oldstmt_rhs1); -+ if (code =3D=3D PARM_DECL || (code =3D=3D SSA_NAME && gimple_code(get_= def_stmt(oldstmt_rhs1)) =3D=3D GIMPLE_NOP)) -+ check_missing_attribute(oldstmt_rhs1); -+ -+ stmt =3D build_cast_stmt(signed_size_overflow_type, rhs1, CREATE_NEW_V= AR, gimple_location(oldstmt)); -+ gsi =3D gsi_for_stmt(oldstmt); -+ if (before) -+ gsi_insert_before(&gsi, stmt, GSI_NEW_STMT); -+ else -+ gsi_insert_after(&gsi, stmt, GSI_NEW_STMT); -+ update_stmt(stmt); -+ pointer_set_insert(visited, oldstmt); -+ return gimple_get_lhs(stmt); -+} -+ -+static tree dup_assign(struct pointer_set_t *visited, gimple oldstmt, t= ree rhs1, tree rhs2, tree __unused rhs3) -+{ -+ tree new_var, lhs =3D gimple_get_lhs(oldstmt); -+ gimple stmt; -+ gimple_stmt_iterator gsi; -+ -+ if (gimple_num_ops(oldstmt) !=3D 4 && rhs1 =3D=3D NULL_TREE) { -+ rhs1 =3D gimple_assign_rhs1(oldstmt); -+ rhs1 =3D create_assign(visited, oldstmt, rhs1, BEFORE_STMT); -+ } -+ if (gimple_num_ops(oldstmt) =3D=3D 3 && rhs2 =3D=3D NULL_TREE) { -+ rhs2 =3D gimple_assign_rhs2(oldstmt); -+ rhs2 =3D create_assign(visited, oldstmt, rhs2, BEFORE_STMT); -+ } -+ -+ stmt =3D gimple_copy(oldstmt); -+ gimple_set_location(stmt, gimple_location(oldstmt)); -+ -+ if (gimple_assign_rhs_code(oldstmt) =3D=3D WIDEN_MULT_EXPR) -+ gimple_assign_set_rhs_code(stmt, MULT_EXPR); -+ -+ if (is_bool(lhs)) -+ new_var =3D SSA_NAME_VAR(lhs); -+ else -+ new_var =3D create_new_var(signed_size_overflow_type); -+ new_var =3D make_ssa_name(new_var, stmt); -+ gimple_set_lhs(stmt, new_var); -+ -+ if (rhs1 !=3D NULL_TREE) { -+ if (!gimple_assign_cast_p(oldstmt)) -+ rhs1 =3D fold_convert(signed_size_overflow_type, rhs1); -+ gimple_assign_set_rhs1(stmt, rhs1); -+ } -+ -+ if (rhs2 !=3D NULL_TREE) -+ gimple_assign_set_rhs2(stmt, rhs2); -+#if BUILDING_GCC_VERSION >=3D 4007 -+ if (rhs3 !=3D NULL_TREE) -+ gimple_assign_set_rhs3(stmt, rhs3); -+#endif -+ gimple_set_vuse(stmt, gimple_vuse(oldstmt)); -+ gimple_set_vdef(stmt, gimple_vdef(oldstmt)); -+ -+ gsi =3D gsi_for_stmt(oldstmt); -+ gsi_insert_after(&gsi, stmt, GSI_SAME_STMT); -+ update_stmt(stmt); -+ pointer_set_insert(visited, oldstmt); -+ return gimple_get_lhs(stmt); -+} -+ -+static gimple overflow_create_phi_node(gimple oldstmt, tree var) -+{ -+ basic_block bb; -+ gimple phi; -+ gimple_stmt_iterator gsi =3D gsi_for_stmt(oldstmt); -+ -+ bb =3D gsi_bb(gsi); -+ phi =3D make_phi_node(var, EDGE_COUNT(bb->preds)); -+ -+ gsi_insert_after(&gsi, phi, GSI_NEW_STMT); -+ gimple_set_bb(phi, bb); -+ return phi; -+} -+ -+static tree signed_cast_constant(tree node) -+{ -+ gcc_assert(is_gimple_constant(node)); -+ -+ if (TYPE_PRECISION(signed_size_overflow_type) =3D=3D TYPE_PRECISION(TR= EE_TYPE(node))) -+ return build_int_cst_wide(signed_size_overflow_type, TREE_INT_CST_LOW= (node), TREE_INT_CST_HIGH(node)); -+ else -+ return build_int_cst(signed_size_overflow_type, int_cst_value(node)); -+} -+ -+static gimple cast_old_phi_arg(gimple oldstmt, tree arg, tree new_var) -+{ -+ basic_block first_bb; -+ gimple newstmt; -+ gimple_stmt_iterator gsi; -+ -+ newstmt =3D build_cast_stmt(signed_size_overflow_type, arg, new_var, g= imple_location(oldstmt)); -+ -+ first_bb =3D split_block_after_labels(ENTRY_BLOCK_PTR)->dest; -+ if (dom_info_available_p(CDI_DOMINATORS)) -+ set_immediate_dominator(CDI_DOMINATORS, first_bb, ENTRY_BLOCK_PTR); -+ gsi =3D gsi_start_bb(first_bb); -+ -+ gsi_insert_before(&gsi, newstmt, GSI_NEW_STMT); -+ return newstmt; -+} -+ -+static gimple handle_new_phi_arg(tree arg, tree new_var, tree new_rhs) -+{ -+ gimple newstmt; -+ gimple_stmt_iterator gsi; -+ void (*gsi_insert)(gimple_stmt_iterator *, gimple, enum gsi_iterator_u= pdate); -+ gimple def_newstmt =3D get_def_stmt(new_rhs); -+ -+ gsi_insert =3D gsi_insert_after; -+ gsi =3D gsi_for_stmt(def_newstmt); -+ -+ switch (gimple_code(get_def_stmt(arg))) { -+ case GIMPLE_PHI: -+ newstmt =3D gimple_build_assign(new_var, new_rhs); -+ gsi =3D gsi_after_labels(gimple_bb(def_newstmt)); -+ gsi_insert =3D gsi_insert_before; -+ break; -+ case GIMPLE_ASM: -+ case GIMPLE_CALL: -+ newstmt =3D gimple_build_assign(new_var, new_rhs); -+ break; -+ case GIMPLE_ASSIGN: -+ newstmt =3D gimple_copy(def_newstmt); -+ break; -+ default: -+ /* unknown gimple_code (build_new_phi_arg) */ -+ gcc_unreachable(); -+ } -+ -+ gimple_set_lhs(newstmt, make_ssa_name(new_var, newstmt)); -+ gsi_insert(&gsi, newstmt, GSI_NEW_STMT); -+ return newstmt; -+} -+ -+static tree build_new_phi_arg(struct pointer_set_t *visited, gimple old= stmt, tree arg, tree new_var) -+{ -+ gimple newstmt; -+ tree new_rhs; -+ -+ if (is_gimple_constant(arg)) -+ return signed_cast_constant(arg); -+ -+ pointer_set_insert(visited, oldstmt); -+ new_rhs =3D expand(visited, arg); -+ if (new_rhs =3D=3D NULL_TREE) { -+ gcc_assert(TREE_CODE(TREE_TYPE(arg)) !=3D VOID_TYPE); -+ newstmt =3D cast_old_phi_arg(oldstmt, arg, new_var); -+ } else -+ newstmt =3D handle_new_phi_arg(arg, new_var, new_rhs); -+ update_stmt(newstmt); -+ return gimple_get_lhs(newstmt); -+} -+ -+static tree build_new_phi(struct pointer_set_t *visited, gimple oldstmt= ) -+{ -+ gimple phi; -+ tree new_var =3D create_new_var(signed_size_overflow_type); -+ unsigned int i, n =3D gimple_phi_num_args(oldstmt); -+ -+ phi =3D overflow_create_phi_node(oldstmt, new_var); -+ -+ for (i =3D 0; i < n; i++) { -+ tree arg, lhs; -+ -+ arg =3D gimple_phi_arg_def(oldstmt, i); -+ lhs =3D build_new_phi_arg(visited, oldstmt, arg, new_var); -+ add_phi_arg(phi, lhs, gimple_phi_arg_edge(oldstmt, i), gimple_locatio= n(oldstmt)); -+ } -+ update_stmt(phi); -+ return gimple_phi_result(phi); -+} -+ -+static tree handle_unary_ops(struct pointer_set_t *visited, tree var) -+{ -+ gimple def_stmt =3D get_def_stmt(var); -+ tree new_rhs1, rhs1 =3D gimple_assign_rhs1(def_stmt); -+ -+ if (is_gimple_constant(rhs1)) -+ return dup_assign(visited, def_stmt, signed_cast_constant(rhs1), NULL= _TREE, NULL_TREE); -+ -+ switch (TREE_CODE(rhs1)) { -+ case SSA_NAME: -+ new_rhs1 =3D expand(visited, rhs1); -+ break; -+ case ARRAY_REF: -+ case ADDR_EXPR: -+ case COMPONENT_REF: -+ case COND_EXPR: -+ case INDIRECT_REF: -+#if BUILDING_GCC_VERSION >=3D 4006 -+ case MEM_REF: -+#endif -+ case PARM_DECL: -+ case TARGET_MEM_REF: -+ case VAR_DECL: -+ return create_assign(visited, def_stmt, var, AFTER_STMT); -+ default: -+ debug_gimple_stmt(def_stmt); -+ debug_tree(rhs1); -+ gcc_unreachable(); -+ } -+ -+ if (new_rhs1 =3D=3D NULL_TREE) -+ return create_assign(visited, def_stmt, rhs1, AFTER_STMT); -+ return dup_assign(visited, def_stmt, new_rhs1, NULL_TREE, NULL_TREE); -+} -+ -+static tree transform_mult_overflow(tree rhs, tree const_rhs, tree log2= const_rhs, location_t loc) -+{ -+ tree new_def_rhs; -+ -+ if (!is_gimple_constant(rhs)) -+ return NULL_TREE; -+ -+ new_def_rhs =3D fold_build2_loc(loc, MULT_EXPR, TREE_TYPE(const_rhs), = rhs, const_rhs); -+ new_def_rhs =3D signed_cast_constant(new_def_rhs); -+ if (int_cst_value(new_def_rhs) >=3D 0) -+ return NULL_TREE; -+ return fold_build2_loc(loc, RSHIFT_EXPR, TREE_TYPE(new_def_rhs), new_d= ef_rhs, log2const_rhs); -+} -+ -+static tree handle_intentional_mult_overflow(struct pointer_set_t *visi= ted, tree rhs, tree const_rhs) -+{ -+ gimple new_def_stmt, def_stmt; -+ tree def_rhs1, def_rhs2, new_def_rhs; -+ location_t loc; -+ tree log2const_rhs; -+ int log2 =3D exact_log2(TREE_INT_CST_LOW(const_rhs)); -+ -+ if (log2 =3D=3D -1) { -+// warning(0, "Possibly unhandled intentional integer truncation"); -+ return NULL_TREE; -+ } -+ -+ def_stmt =3D get_def_stmt(rhs); -+ loc =3D gimple_location(def_stmt); -+ def_rhs1 =3D gimple_assign_rhs1(def_stmt); -+ def_rhs2 =3D gimple_assign_rhs2(def_stmt); -+ new_def_stmt =3D get_def_stmt(expand(visited, rhs)); -+ log2const_rhs =3D build_int_cstu(TREE_TYPE(const_rhs), log2); -+ -+ new_def_rhs =3D transform_mult_overflow(def_rhs1, const_rhs, log2const= _rhs, loc); -+ if (new_def_rhs !=3D NULL_TREE) { -+ gimple_assign_set_rhs1(new_def_stmt, new_def_rhs); -+ } else { -+ new_def_rhs =3D transform_mult_overflow(def_rhs2, const_rhs, log2cons= t_rhs, loc); -+ if (new_def_rhs !=3D NULL_TREE) -+ gimple_assign_set_rhs2(new_def_stmt, new_def_rhs); -+ } -+ if (new_def_rhs =3D=3D NULL_TREE) -+ return NULL_TREE; -+ -+ update_stmt(new_def_stmt); -+// warning(0, "Handle integer truncation (gcc optimization)"); -+ return gimple_get_lhs(new_def_stmt); -+} -+ -+static bool is_mult_overflow(gimple def_stmt, tree rhs1) -+{ -+ gimple rhs1_def_stmt =3D get_def_stmt(rhs1); -+ -+ if (gimple_assign_rhs_code(def_stmt) !=3D MULT_EXPR) -+ return false; -+ if (gimple_code(rhs1_def_stmt) !=3D GIMPLE_ASSIGN) -+ return false; -+ if (gimple_assign_rhs_code(rhs1_def_stmt) !=3D PLUS_EXPR) -+ return false; -+ return true; -+} -+ -+static tree handle_intentional_overflow(struct pointer_set_t *visited, = gimple def_stmt, tree rhs1, tree rhs2) -+{ -+ if (is_mult_overflow(def_stmt, rhs1)) -+ return handle_intentional_mult_overflow(visited, rhs1, rhs2); -+ return NULL_TREE; -+} -+ -+static tree handle_binary_ops(struct pointer_set_t *visited, tree var) -+{ -+ tree rhs1, rhs2; -+ gimple def_stmt =3D get_def_stmt(var); -+ tree new_rhs1 =3D NULL_TREE; -+ tree new_rhs2 =3D NULL_TREE; -+ -+ rhs1 =3D gimple_assign_rhs1(def_stmt); -+ rhs2 =3D gimple_assign_rhs2(def_stmt); -+ -+ /* no DImode/TImode division in the 32/64 bit kernel */ -+ switch (gimple_assign_rhs_code(def_stmt)) { -+ case RDIV_EXPR: -+ case TRUNC_DIV_EXPR: -+ case CEIL_DIV_EXPR: -+ case FLOOR_DIV_EXPR: -+ case ROUND_DIV_EXPR: -+ case TRUNC_MOD_EXPR: -+ case CEIL_MOD_EXPR: -+ case FLOOR_MOD_EXPR: -+ case ROUND_MOD_EXPR: -+ case EXACT_DIV_EXPR: -+ case POINTER_PLUS_EXPR: -+ /* logical AND cannot cause an overflow */ -+ case BIT_AND_EXPR: -+ return create_assign(visited, def_stmt, var, AFTER_STMT); -+ default: -+ break; -+ } -+ -+ if (is_gimple_constant(rhs2)) { -+ new_rhs2 =3D signed_cast_constant(rhs2); -+ new_rhs1 =3D handle_intentional_overflow(visited, def_stmt, rhs1, rhs= 2); -+ } -+ -+ if (is_gimple_constant(rhs1)) { -+ new_rhs1 =3D signed_cast_constant(rhs1); -+ new_rhs2 =3D handle_intentional_overflow(visited, def_stmt, rhs2, rhs= 1); -+ } -+ -+ if (new_rhs1 =3D=3D NULL_TREE && TREE_CODE(rhs1) =3D=3D SSA_NAME) -+ new_rhs1 =3D expand(visited, rhs1); -+ if (new_rhs2 =3D=3D NULL_TREE && TREE_CODE(rhs2) =3D=3D SSA_NAME) -+ new_rhs2 =3D expand(visited, rhs2); -+ -+ return dup_assign(visited, def_stmt, new_rhs1, new_rhs2, NULL_TREE); -+} -+ -+#if BUILDING_GCC_VERSION >=3D 4007 -+static tree get_new_rhs(struct pointer_set_t *visited, tree rhs) -+{ -+ if (is_gimple_constant(rhs)) -+ return signed_cast_constant(rhs); -+ if (TREE_CODE(rhs) !=3D SSA_NAME) -+ return NULL_TREE; -+ return expand(visited, rhs); -+} -+ -+static tree handle_ternary_ops(struct pointer_set_t *visited, tree var) -+{ -+ tree rhs1, rhs2, rhs3, new_rhs1, new_rhs2, new_rhs3; -+ gimple def_stmt =3D get_def_stmt(var); -+ -+ rhs1 =3D gimple_assign_rhs1(def_stmt); -+ rhs2 =3D gimple_assign_rhs2(def_stmt); -+ rhs3 =3D gimple_assign_rhs3(def_stmt); -+ new_rhs1 =3D get_new_rhs(visited, rhs1); -+ new_rhs2 =3D get_new_rhs(visited, rhs2); -+ new_rhs3 =3D get_new_rhs(visited, rhs3); -+ -+ if (new_rhs1 =3D=3D NULL_TREE && new_rhs2 !=3D NULL_TREE && new_rhs3 != =3D NULL_TREE) -+ return dup_assign(visited, def_stmt, new_rhs1, new_rhs2, new_rhs3); -+ error("handle_ternary_ops: unknown rhs"); -+ gcc_unreachable(); -+} -+#endif -+ -+static void set_size_overflow_type(tree node) -+{ -+ switch (TYPE_MODE(TREE_TYPE(node))) { -+ case SImode: -+ signed_size_overflow_type =3D intDI_type_node; -+ unsigned_size_overflow_type =3D unsigned_intDI_type_node; -+ break; -+ case DImode: -+ if (LONG_TYPE_SIZE =3D=3D GET_MODE_BITSIZE(SImode)) { -+ signed_size_overflow_type =3D intDI_type_node; -+ unsigned_size_overflow_type =3D unsigned_intDI_type_node; -+ } else { -+ signed_size_overflow_type =3D intTI_type_node; -+ unsigned_size_overflow_type =3D unsigned_intTI_type_node; -+ } -+ break; -+ default: -+ error("set_size_overflow_type: unsupported gcc configuration."); -+ gcc_unreachable(); -+ } -+} -+ -+static tree expand_visited(gimple def_stmt) -+{ -+ gimple tmp; -+ gimple_stmt_iterator gsi =3D gsi_for_stmt(def_stmt); -+ -+ gsi_next(&gsi); -+ tmp =3D gsi_stmt(gsi); -+ switch (gimple_code(tmp)) { -+ case GIMPLE_ASSIGN: -+ return gimple_get_lhs(tmp); -+ case GIMPLE_PHI: -+ return gimple_phi_result(tmp); -+ case GIMPLE_CALL: -+ return gimple_call_lhs(tmp); -+ default: -+ return NULL_TREE; -+ } -+} -+ -+static tree expand(struct pointer_set_t *visited, tree var) -+{ -+ gimple def_stmt; -+ -+ if (is_gimple_constant(var)) -+ return NULL_TREE; -+ -+ if (TREE_CODE(var) =3D=3D ADDR_EXPR) -+ return NULL_TREE; -+ -+ if (SSA_NAME_IS_DEFAULT_DEF(var)) -+ return NULL_TREE; -+ -+ def_stmt =3D get_def_stmt(var); -+ -+ if (!def_stmt) -+ return NULL_TREE; -+ -+ if (pointer_set_contains(visited, def_stmt)) -+ return expand_visited(def_stmt); -+ -+ switch (gimple_code(def_stmt)) { -+ case GIMPLE_NOP: -+ check_missing_attribute(var); -+ return NULL_TREE; -+ case GIMPLE_PHI: -+ return build_new_phi(visited, def_stmt); -+ case GIMPLE_CALL: -+ case GIMPLE_ASM: -+ gcc_assert(TREE_CODE(TREE_TYPE(var)) !=3D VOID_TYPE); -+ return create_assign(visited, def_stmt, var, AFTER_STMT); -+ case GIMPLE_ASSIGN: -+ switch (gimple_num_ops(def_stmt)) { -+ case 2: -+ return handle_unary_ops(visited, var); -+ case 3: -+ return handle_binary_ops(visited, var); -+#if BUILDING_GCC_VERSION >=3D 4007 -+ case 4: -+ return handle_ternary_ops(visited, var); -+#endif -+ } -+ default: -+ debug_gimple_stmt(def_stmt); -+ error("expand: unknown gimple code"); -+ gcc_unreachable(); -+ } -+} -+ -+static void change_function_arg(gimple func_stmt, tree origarg, unsigne= d int argnum, tree newarg) -+{ -+ gimple assign, stmt; -+ gimple_stmt_iterator gsi =3D gsi_for_stmt(func_stmt); -+ tree origtype =3D TREE_TYPE(origarg); -+ -+ stmt =3D gsi_stmt(gsi); -+ gcc_assert(gimple_code(stmt) =3D=3D GIMPLE_CALL); -+ -+ assign =3D build_cast_stmt(origtype, newarg, CREATE_NEW_VAR, gimple_lo= cation(stmt)); -+ gsi_insert_before(&gsi, assign, GSI_SAME_STMT); -+ update_stmt(assign); -+ -+ gimple_call_set_arg(stmt, argnum, gimple_get_lhs(assign)); -+ update_stmt(stmt); -+} -+ -+static tree get_function_arg(unsigned int argnum, gimple stmt, tree fnd= ecl) -+{ -+ const char *origid; -+ tree arg, origarg; -+ -+ if (!DECL_ABSTRACT_ORIGIN(fndecl)) { -+ gcc_assert(gimple_call_num_args(stmt) > argnum); -+ return gimple_call_arg(stmt, argnum); -+ } -+ -+ origarg =3D DECL_ARGUMENTS(DECL_ABSTRACT_ORIGIN(fndecl)); -+ while (origarg && argnum) { -+ argnum--; -+ origarg =3D TREE_CHAIN(origarg); -+ } -+ -+ gcc_assert(argnum =3D=3D 0); -+ -+ gcc_assert(origarg !=3D NULL_TREE); -+ origid =3D NAME(origarg); -+ for (arg =3D DECL_ARGUMENTS(fndecl); arg; arg =3D TREE_CHAIN(arg)) { -+ if (!strcmp(origid, NAME(arg))) -+ return arg; -+ } -+ return NULL_TREE; -+} -+ -+static void insert_cond(tree arg, basic_block cond_bb) -+{ -+ gimple cond_stmt; -+ gimple_stmt_iterator gsi =3D gsi_last_bb(cond_bb); -+ -+ cond_stmt =3D gimple_build_cond(GT_EXPR, arg, build_int_cstu(signed_si= ze_overflow_type, 0x7fffffff), NULL_TREE, NULL_TREE); -+ gsi_insert_after(&gsi, cond_stmt, GSI_CONTINUE_LINKING); -+ update_stmt(cond_stmt); -+} -+ -+static tree create_string_param(tree string) -+{ -+ tree array_ref =3D build4(ARRAY_REF, TREE_TYPE(string), string, intege= r_zero_node, NULL, NULL); -+ -+ return build1(ADDR_EXPR, ptr_type_node, array_ref); -+} -+ -+static void insert_cond_result(basic_block bb_true, gimple stmt, tree a= rg) -+{ -+ gimple func_stmt, def_stmt; -+ tree current_func, loc_file, loc_line; -+ expanded_location xloc; -+ gimple_stmt_iterator gsi =3D gsi_start_bb(bb_true); -+ -+ def_stmt =3D get_def_stmt(arg); -+ xloc =3D expand_location(gimple_location(def_stmt)); -+ -+ if (!gimple_has_location(def_stmt)) { -+ xloc =3D expand_location(gimple_location(stmt)); -+ gcc_assert(gimple_has_location(stmt)); -+ } -+ -+ loc_line =3D build_int_cstu(unsigned_type_node, xloc.line); -+ -+ loc_file =3D build_string(strlen(xloc.file), xloc.file); -+ TREE_TYPE(loc_file) =3D char_array_type_node; -+ loc_file =3D create_string_param(loc_file); -+ -+ current_func =3D build_string(IDENTIFIER_LENGTH(DECL_NAME(current_func= tion_decl)), NAME(current_function_decl)); -+ TREE_TYPE(current_func) =3D char_array_type_node; -+ current_func =3D create_string_param(current_func); -+ -+ // void report_size_overflow(const char *file, unsigned int line, cons= t char *func) -+ func_stmt =3D gimple_build_call(report_size_overflow_decl, 3, loc_file= , loc_line, current_func); -+ -+ gsi_insert_after(&gsi, func_stmt, GSI_CONTINUE_LINKING); -+} -+ -+static void insert_check_size_overflow(gimple stmt, tree arg) -+{ -+ basic_block cond_bb, join_bb, bb_true; -+ edge e; -+ gimple_stmt_iterator gsi =3D gsi_for_stmt(stmt); -+ -+ cond_bb =3D gimple_bb(stmt); -+ gsi_prev(&gsi); -+ if (gsi_end_p(gsi)) -+ e =3D split_block_after_labels(cond_bb); -+ else -+ e =3D split_block(cond_bb, gsi_stmt(gsi)); -+ cond_bb =3D e->src; -+ join_bb =3D e->dest; -+ e->flags =3D EDGE_FALSE_VALUE; -+ e->probability =3D REG_BR_PROB_BASE; -+ -+ bb_true =3D create_empty_bb(cond_bb); -+ make_edge(cond_bb, bb_true, EDGE_TRUE_VALUE); -+ -+ if (dom_info_available_p(CDI_DOMINATORS)) { -+ set_immediate_dominator(CDI_DOMINATORS, bb_true, cond_bb); -+ set_immediate_dominator(CDI_DOMINATORS, join_bb, cond_bb); -+ } -+ -+ insert_cond(arg, cond_bb); -+ insert_cond_result(bb_true, stmt, arg); -+} -+ -+static void handle_function_arg(gimple stmt, tree fndecl, unsigned int = argnum) -+{ -+ struct pointer_set_t *visited; -+ tree arg, newarg; -+ gimple ucast_stmt; -+ gimple_stmt_iterator gsi; -+ location_t loc =3D gimple_location(stmt); -+ -+ arg =3D get_function_arg(argnum, stmt, fndecl); -+ if (arg =3D=3D NULL_TREE) -+ return; -+ -+ if (is_gimple_constant(arg)) -+ return; -+ if (TREE_CODE(arg) !=3D SSA_NAME) -+ return; -+ -+ set_size_overflow_type(arg); -+ visited =3D pointer_set_create(); -+ newarg =3D expand(visited, arg); -+ pointer_set_destroy(visited); -+ -+ if (newarg =3D=3D NULL_TREE) -+ return; -+ -+ change_function_arg(stmt, arg, argnum, newarg); -+ -+ ucast_stmt =3D build_cast_stmt(unsigned_size_overflow_type, newarg, CR= EATE_NEW_VAR, loc); -+ gsi =3D gsi_for_stmt(stmt); -+ gsi_insert_before(&gsi, ucast_stmt, GSI_SAME_STMT); -+ -+ insert_check_size_overflow(stmt, gimple_get_lhs(ucast_stmt)); -+// inform(loc, "Integer size_overflow check applied here."); -+} -+ -+static void handle_function_by_attribute(gimple stmt, tree attr, tree f= ndecl) -+{ -+ tree p =3D TREE_VALUE(attr); -+ do { -+ handle_function_arg(stmt, fndecl, TREE_INT_CST_LOW(TREE_VALUE(p))-1); -+ p =3D TREE_CHAIN(p); -+ } while (p); -+} -+ -+static void handle_function_by_hash(gimple stmt, tree fndecl) -+{ -+ struct size_overflow_hash *hash; -+ expanded_location xloc; -+ -+ hash =3D get_function_hash(fndecl); -+ xloc =3D expand_location(DECL_SOURCE_LOCATION(fndecl)); -+ -+ fndecl =3D get_original_function_decl(fndecl); -+ if (!hash->name || !hash->file) -+ return; -+ if (strcmp(hash->name, NAME(fndecl)) || strcmp(hash->file, xloc.file)) -+ return; -+ -+#define search_param(argnum) \ -+ if (hash->param##argnum) \ -+ handle_function_arg(stmt, fndecl, argnum - 1); -+ -+ search_param(1); -+ search_param(2); -+ search_param(3); -+ search_param(4); -+ search_param(5); -+ search_param(6); -+ search_param(7); -+ search_param(8); -+ search_param(9); -+#undef search_param -+} -+ -+static unsigned int handle_function(void) -+{ -+ basic_block bb =3D ENTRY_BLOCK_PTR->next_bb; -+ int saved_last_basic_block =3D last_basic_block; -+ -+ do { -+ gimple_stmt_iterator gsi; -+ basic_block next =3D bb->next_bb; -+ -+ for (gsi =3D gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { -+ tree fndecl, attr; -+ gimple stmt =3D gsi_stmt(gsi); -+ -+ if (!(is_gimple_call(stmt))) -+ continue; -+ fndecl =3D gimple_call_fndecl(stmt); -+ if (fndecl =3D=3D NULL_TREE) -+ continue; -+ if (gimple_call_num_args(stmt) =3D=3D 0) -+ continue; -+ attr =3D lookup_attribute("size_overflow", TYPE_ATTRIBUTES(TREE_TYPE= (fndecl))); -+ if (!attr || !TREE_VALUE(attr)) -+ handle_function_by_hash(stmt, fndecl); -+ else -+ handle_function_by_attribute(stmt, attr, fndecl); -+ gsi =3D gsi_for_stmt(stmt); -+ } -+ bb =3D next; -+ } while (bb && bb->index <=3D saved_last_basic_block); -+ return 0; -+} -+ -+static struct gimple_opt_pass size_overflow_pass =3D { -+ .pass =3D { -+ .type =3D GIMPLE_PASS, -+ .name =3D "size_overflow", -+ .gate =3D NULL, -+ .execute =3D handle_function, -+ .sub =3D NULL, -+ .next =3D NULL, -+ .static_pass_number =3D 0, -+ .tv_id =3D TV_NONE, -+ .properties_required =3D PROP_cfg | PROP_referenced_vars, -+ .properties_provided =3D 0, -+ .properties_destroyed =3D 0, -+ .todo_flags_start =3D 0, -+ .todo_flags_finish =3D TODO_verify_ssa | TODO_verify_stmts | TODO_dum= p_func | TODO_remove_unused_locals | TODO_update_ssa_no_phi | TODO_cleanu= p_cfg | TODO_ggc_collect | TODO_verify_flow -+ } -+}; -+ -+static void start_unit_callback(void __unused *gcc_data, void __unused = *user_data) -+{ -+ tree fntype; -+ -+ const_char_ptr_type_node =3D build_pointer_type(build_type_variant(cha= r_type_node, 1, 0)); -+ -+ // void report_size_overflow(const char *loc_file, unsigned int loc_li= ne, const char *current_func) -+ fntype =3D build_function_type_list(void_type_node, -+ const_char_ptr_type_node, -+ unsigned_type_node, -+ const_char_ptr_type_node, -+ NULL_TREE); -+ report_size_overflow_decl =3D build_fn_decl("report_size_overflow", fn= type); -+ -+ TREE_PUBLIC(report_size_overflow_decl) =3D 1; -+ DECL_EXTERNAL(report_size_overflow_decl) =3D 1; -+ DECL_ARTIFICIAL(report_size_overflow_decl) =3D 1; -+} -+ -+extern struct gimple_opt_pass pass_dce; -+ -+int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc= _version *version) -+{ -+ int i; -+ const char * const plugin_name =3D plugin_info->base_name; -+ const int argc =3D plugin_info->argc; -+ const struct plugin_argument * const argv =3D plugin_info->argv; -+ bool enable =3D true; -+ -+ struct register_pass_info size_overflow_pass_info =3D { -+ .pass =3D &size_overflow_pass.pass, -+ .reference_pass_name =3D "mudflap2", -+ .ref_pass_instance_number =3D 1, -+ .pos_op =3D PASS_POS_INSERT_BEFORE -+ }; -+ -+ struct register_pass_info dce_pass_info =3D { -+ .pass =3D &pass_dce.pass, -+ .reference_pass_name =3D "mudflap2", -+ .ref_pass_instance_number =3D 1, -+ .pos_op =3D PASS_POS_INSERT_BEFORE -+ }; -+ -+ if (!plugin_default_version_check(version, &gcc_version)) { -+ error(G_("incompatible gcc/plugin versions")); -+ return 1; -+ } -+ -+ for (i =3D 0; i < argc; ++i) { -+ if (!(strcmp(argv[i].key, "no-size_overflow"))) { -+ enable =3D false; -+ continue; -+ } -+ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].= key); -+ } -+ -+ register_callback(plugin_name, PLUGIN_INFO, NULL, &size_overflow_plugi= n_info); -+ if (enable) { -+ register_callback ("start_unit", PLUGIN_START_UNIT, &start_unit_callb= ack, NULL); -+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &size= _overflow_pass_info); -+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &dce_= pass_info); -+ } -+ register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes,= NULL); -+ -+ return 0; -+} diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c new file mode 100644 index 0000000..b87ec9d @@ -86095,7 +80407,7 @@ index af0f22f..9a7d479 100644 break; } diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index d9cfb78..4f27c10 100644 +index a91f980..a58d32c 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -75,7 +75,7 @@ LIST_HEAD(vm_list); @@ -86107,7 +80419,7 @@ index d9cfb78..4f27c10 100644 =20 struct kmem_cache *kvm_vcpu_cache; EXPORT_SYMBOL_GPL(kvm_vcpu_cache); -@@ -2268,7 +2268,7 @@ static void hardware_enable_nolock(void *junk) +@@ -2312,7 +2312,7 @@ static void hardware_enable_nolock(void *junk) =20 if (r) { cpumask_clear_cpu(cpu, cpus_hardware_enabled); @@ -86116,7 +80428,7 @@ index d9cfb78..4f27c10 100644 printk(KERN_INFO "kvm: enabling virtualization on " "CPU%d failed\n", cpu); } -@@ -2322,10 +2322,10 @@ static int hardware_enable_all(void) +@@ -2366,10 +2366,10 @@ static int hardware_enable_all(void) =20 kvm_usage_count++; if (kvm_usage_count =3D=3D 1) { @@ -86129,7 +80441,7 @@ index d9cfb78..4f27c10 100644 hardware_disable_all_nolock(); r =3D -EBUSY; } -@@ -2676,7 +2676,7 @@ static void kvm_sched_out(struct preempt_notifier = *pn, +@@ -2732,7 +2732,7 @@ static void kvm_sched_out(struct preempt_notifier = *pn, kvm_arch_vcpu_put(vcpu); } =20 @@ -86138,7 +80450,7 @@ index d9cfb78..4f27c10 100644 struct module *module) { int r; -@@ -2739,7 +2739,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, uns= igned vcpu_align, +@@ -2795,7 +2795,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, uns= igned vcpu_align, if (!vcpu_align) vcpu_align =3D __alignof__(struct kvm_vcpu); kvm_vcpu_cache =3D kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align= , @@ -86147,7 +80459,7 @@ index d9cfb78..4f27c10 100644 if (!kvm_vcpu_cache) { r =3D -ENOMEM; goto out_free_3; -@@ -2749,9 +2749,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, un= signed vcpu_align, +@@ -2805,9 +2805,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, un= signed vcpu_align, if (r) goto out_free; =20 diff --git a/3.2.12/4430_grsec-remove-localversion-grsec.patch b/3.3.0/44= 30_grsec-remove-localversion-grsec.patch similarity index 100% rename from 3.2.12/4430_grsec-remove-localversion-grsec.patch rename to 3.3.0/4430_grsec-remove-localversion-grsec.patch diff --git a/3.2.12/4435_grsec-mute-warnings.patch b/3.3.0/4435_grsec-mut= e-warnings.patch similarity index 100% rename from 3.2.12/4435_grsec-mute-warnings.patch rename to 3.3.0/4435_grsec-mute-warnings.patch diff --git a/3.2.12/4440_grsec-remove-protected-paths.patch b/3.3.0/4440_= grsec-remove-protected-paths.patch similarity index 100% rename from 3.2.12/4440_grsec-remove-protected-paths.patch rename to 3.3.0/4440_grsec-remove-protected-paths.patch diff --git a/3.2.12/4445_grsec-pax-without-grsec.patch b/3.3.0/4445_grsec= -pax-without-grsec.patch similarity index 100% rename from 3.2.12/4445_grsec-pax-without-grsec.patch rename to 3.3.0/4445_grsec-pax-without-grsec.patch diff --git a/3.2.12/4450_grsec-kconfig-default-gids.patch b/3.3.0/4450_gr= sec-kconfig-default-gids.patch similarity index 100% rename from 3.2.12/4450_grsec-kconfig-default-gids.patch rename to 3.3.0/4450_grsec-kconfig-default-gids.patch diff --git a/3.2.12/4455_grsec-kconfig-gentoo.patch b/3.3.0/4455_grsec-kc= onfig-gentoo.patch similarity index 100% rename from 3.2.12/4455_grsec-kconfig-gentoo.patch rename to 3.3.0/4455_grsec-kconfig-gentoo.patch diff --git a/3.2.12/4460-grsec-kconfig-proc-user.patch b/3.3.0/4460-grsec= -kconfig-proc-user.patch similarity index 100% rename from 3.2.12/4460-grsec-kconfig-proc-user.patch rename to 3.3.0/4460-grsec-kconfig-proc-user.patch diff --git a/3.2.12/4465_selinux-avc_audit-log-curr_ip.patch b/3.3.0/4465= _selinux-avc_audit-log-curr_ip.patch similarity index 100% rename from 3.2.12/4465_selinux-avc_audit-log-curr_ip.patch rename to 3.3.0/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.2.12/4470_disable-compat_vdso.patch b/3.3.0/4470_disable-c= ompat_vdso.patch similarity index 98% rename from 3.2.12/4470_disable-compat_vdso.patch rename to 3.3.0/4470_disable-compat_vdso.patch index 4742d01..be237ff 100644 --- a/3.2.12/4470_disable-compat_vdso.patch +++ b/3.3.0/4470_disable-compat_vdso.patch @@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=3D21= 0138 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig --- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100 +++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100 -@@ -1651,17 +1651,8 @@ +@@ -1694,8 +1694,17 @@ =20 config COMPAT_VDSO def_bool n