* [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.13/, 3.2.12/, 2.6.32/, 3.3.0/
@ 2012-03-27 13:44 Anthony G. Basile
0 siblings, 0 replies; only message in thread
From: Anthony G. Basile @ 2012-03-27 13:44 UTC (permalink / raw
To: gentoo-commits
commit: f9485db814f9d879537995025ddb683fc02cea52
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Mar 27 13:44:00 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Mar 27 13:44:00 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=f9485db8
Grsec/PaX: 2.9-{2.6.32.59,3.2.13,3.3.0}-201203251921
---
2.6.32/0000_README | 2 +-
...20_grsecurity-2.9-2.6.32.59-201203251921.patch} | 256 +-
{3.2.12 => 3.2.13}/0000_README | 6 +-
3.2.13/1012_linux-3.2.13.patch | 433 +
.../4420_grsecurity-2.9-3.2.13-201203251921.patch | 388 +-
.../4430_grsec-remove-localversion-grsec.patch | 0
{3.2.12 => 3.2.13}/4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 0
.../4445_grsec-pax-without-grsec.patch | 0
.../4450_grsec-kconfig-default-gids.patch | 0
{3.2.12 => 3.2.13}/4455_grsec-kconfig-gentoo.patch | 0
.../4460-grsec-kconfig-proc-user.patch | 0
.../4465_selinux-avc_audit-log-curr_ip.patch | 0
{3.2.12 => 3.2.13}/4470_disable-compat_vdso.patch | 0
{3.2.12 => 3.3.0}/0000_README | 2 +-
.../4420_grsecurity-2.9-3.3.0-201203251922.patch |12422 ++++++--------------
.../4430_grsec-remove-localversion-grsec.patch | 0
{3.2.12 => 3.3.0}/4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 0
.../4445_grsec-pax-without-grsec.patch | 0
.../4450_grsec-kconfig-default-gids.patch | 0
{3.2.12 => 3.3.0}/4455_grsec-kconfig-gentoo.patch | 0
.../4460-grsec-kconfig-proc-user.patch | 0
.../4465_selinux-avc_audit-log-curr_ip.patch | 0
{3.2.12 => 3.3.0}/4470_disable-compat_vdso.patch | 2 +-
25 files changed, 4203 insertions(+), 9308 deletions(-)
diff --git a/2.6.32/0000_README b/2.6.32/0000_README
index 9441d44..20e763f 100644
--- a/2.6.32/0000_README
+++ b/2.6.32/0000_README
@@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch
From: http://www.kernel.org
Desc: Linux 2.6.32.59
-Patch: 4420_grsecurity-2.9-2.6.32.59-201203221943.patch
+Patch: 4420_grsecurity-2.9-2.6.32.59-201203251921.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203221943.patch b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203251921.patch
similarity index 99%
rename from 2.6.32/4420_grsecurity-2.9-2.6.32.59-201203221943.patch
rename to 2.6.32/4420_grsecurity-2.9-2.6.32.59-201203251921.patch
index 0302b86..efaa4c5 100644
--- a/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203221943.patch
+++ b/2.6.32/4420_grsecurity-2.9-2.6.32.59-201203251921.patch
@@ -752,7 +752,7 @@ index b68faef..6dd1496 100644
select HAVE_KRETPROBES if (HAVE_KPROBES)
select HAVE_FUNCTION_TRACER if (!XIP_KERNEL)
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
-index d0daeab..ca7e10e 100644
+index d0daeab..99ab713 100644
--- a/arch/arm/include/asm/atomic.h
+++ b/arch/arm/include/asm/atomic.h
@@ -15,6 +15,10 @@
@@ -956,7 +956,35 @@ index d0daeab..ca7e10e 100644
static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr)
{
unsigned long tmp, tmp2;
-@@ -207,6 +349,10 @@ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr)
+@@ -165,7 +307,9 @@ static inline int atomic_add_return(int i, atomic_t *v)
+
+ return val;
+ }
++#define atomic_add_return_unchecked(i, v) atomic_add_return(i, v)
+ #define atomic_add(i, v) (void) atomic_add_return(i, v)
++#define atomic_add_unchecked(i, v) (void) atomic_add_return_unchecked(i, v)
+
+ static inline int atomic_sub_return(int i, atomic_t *v)
+ {
+@@ -179,7 +323,9 @@ static inline int atomic_sub_return(int i, atomic_t *v)
+
+ return val;
+ }
++#define atomic_sub_return_unchecked(i, v) atomic_sub_return(i, v)
+ #define atomic_sub(i, v) (void) atomic_sub_return(i, v)
++#define atomic_sub_unchecked(i, v) (void) atomic_sub_return_unchecked(i, v)
+
+ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
+ {
+@@ -194,6 +340,7 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
+
+ return ret;
+ }
++#define atomic_cmpxchg_unchecked(v, o, n) atomic_cmpxchg(v, o, n)
+
+ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr)
+ {
+@@ -207,6 +354,10 @@ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr)
#endif /* __LINUX_ARM_ARCH__ */
#define atomic_xchg(v, new) (xchg(&((v)->counter), new))
@@ -967,7 +995,7 @@ index d0daeab..ca7e10e 100644
static inline int atomic_add_unless(atomic_t *v, int a, int u)
{
-@@ -220,11 +366,27 @@ static inline int atomic_add_unless(atomic_t *v, int a, int u)
+@@ -220,11 +371,27 @@ static inline int atomic_add_unless(atomic_t *v, int a, int u)
#define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
#define atomic_inc(v) atomic_add(1, v)
@@ -16127,10 +16155,23 @@ index 4c07cca..2c8427d 100644
ret
ENDPROC(efi_call6)
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index c097e7d..c689cf4 100644
+index c097e7d..91be126 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
-@@ -185,13 +185,146 @@
+@@ -95,12 +95,6 @@
+ #endif
+ .endm
+
+-#ifdef CONFIG_VM86
+-#define resume_userspace_sig check_userspace
+-#else
+-#define resume_userspace_sig resume_userspace
+-#endif
+-
+ /*
+ * User gs save/restore
+ *
+@@ -185,13 +179,146 @@
/*CFI_REL_OFFSET gs, PT_GS*/
.endm
.macro SET_KERNEL_GS reg
@@ -16278,7 +16319,7 @@ index c097e7d..c689cf4 100644
cld
PUSH_GS
pushl %fs
-@@ -224,7 +357,7 @@
+@@ -224,7 +351,7 @@
pushl %ebx
CFI_ADJUST_CFA_OFFSET 4
CFI_REL_OFFSET ebx, 0
@@ -16287,7 +16328,7 @@ index c097e7d..c689cf4 100644
movl %edx, %ds
movl %edx, %es
movl $(__KERNEL_PERCPU), %edx
-@@ -232,6 +365,15 @@
+@@ -232,6 +359,15 @@
SET_KERNEL_GS %edx
.endm
@@ -16303,7 +16344,7 @@ index c097e7d..c689cf4 100644
.macro RESTORE_INT_REGS
popl %ebx
CFI_ADJUST_CFA_OFFSET -4
-@@ -331,7 +473,7 @@ ENTRY(ret_from_fork)
+@@ -331,7 +467,7 @@ ENTRY(ret_from_fork)
CFI_ADJUST_CFA_OFFSET -4
jmp syscall_exit
CFI_ENDPROC
@@ -16312,9 +16353,24 @@ index c097e7d..c689cf4 100644
/*
* Return to user mode is not as complex as all this looks,
-@@ -352,7 +494,15 @@ check_userspace:
+@@ -347,12 +483,29 @@ ret_from_exception:
+ preempt_stop(CLBR_ANY)
+ ret_from_intr:
+ GET_THREAD_INFO(%ebp)
+-check_userspace:
++resume_userspace_sig:
++#ifdef CONFIG_VM86
+ movl PT_EFLAGS(%esp), %eax # mix EFLAGS and CS
movb PT_CS(%esp), %al
andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax
++#else
++ /*
++ * We can be coming here from a syscall done in the kernel space,
++ * e.g. a failed kernel_execve().
++ */
++ movl PT_CS(%esp), %eax
++ andl $SEGMENT_RPL_MASK, %eax
++#endif
cmpl $USER_RPL, %eax
+
+#ifdef CONFIG_PAX_KERNEXEC
@@ -16328,7 +16384,7 @@ index c097e7d..c689cf4 100644
ENTRY(resume_userspace)
LOCKDEP_SYS_EXIT
-@@ -364,8 +514,8 @@ ENTRY(resume_userspace)
+@@ -364,8 +517,8 @@ ENTRY(resume_userspace)
andl $_TIF_WORK_MASK, %ecx # is there any work to be done on
# int/exception return?
jne work_pending
@@ -16339,7 +16395,7 @@ index c097e7d..c689cf4 100644
#ifdef CONFIG_PREEMPT
ENTRY(resume_kernel)
-@@ -380,7 +530,7 @@ need_resched:
+@@ -380,7 +533,7 @@ need_resched:
jz restore_all
call preempt_schedule_irq
jmp need_resched
@@ -16348,7 +16404,7 @@ index c097e7d..c689cf4 100644
#endif
CFI_ENDPROC
-@@ -414,25 +564,36 @@ sysenter_past_esp:
+@@ -414,25 +567,36 @@ sysenter_past_esp:
/*CFI_REL_OFFSET cs, 0*/
/*
* Push current_thread_info()->sysenter_return to the stack.
@@ -16388,7 +16444,7 @@ index c097e7d..c689cf4 100644
movl %ebp,PT_EBP(%esp)
.section __ex_table,"a"
.align 4
-@@ -455,12 +616,24 @@ sysenter_do_call:
+@@ -455,12 +619,24 @@ sysenter_do_call:
testl $_TIF_ALLWORK_MASK, %ecx
jne sysexit_audit
sysenter_exit:
@@ -16413,7 +16469,7 @@ index c097e7d..c689cf4 100644
PTGS_TO_GS
ENABLE_INTERRUPTS_SYSEXIT
-@@ -477,6 +650,9 @@ sysenter_audit:
+@@ -477,6 +653,9 @@ sysenter_audit:
movl %eax,%edx /* 2nd arg: syscall number */
movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */
call audit_syscall_entry
@@ -16423,7 +16479,7 @@ index c097e7d..c689cf4 100644
pushl %ebx
CFI_ADJUST_CFA_OFFSET 4
movl PT_EAX(%esp),%eax /* reload syscall number */
-@@ -504,11 +680,17 @@ sysexit_audit:
+@@ -504,11 +683,17 @@ sysexit_audit:
CFI_ENDPROC
.pushsection .fixup,"ax"
@@ -16443,7 +16499,7 @@ index c097e7d..c689cf4 100644
.popsection
PTGS_TO_GS_EX
ENDPROC(ia32_sysenter_target)
-@@ -538,6 +720,15 @@ syscall_exit:
+@@ -538,6 +723,15 @@ syscall_exit:
testl $_TIF_ALLWORK_MASK, %ecx # current->work
jne syscall_exit_work
@@ -16459,7 +16515,7 @@ index c097e7d..c689cf4 100644
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
-@@ -602,10 +793,29 @@ ldt_ss:
+@@ -602,10 +796,29 @@ ldt_ss:
mov PT_OLDESP(%esp), %eax /* load userspace esp */
mov %dx, %ax /* eax: new kernel esp */
sub %eax, %edx /* offset (low word is 0) */
@@ -16490,7 +16546,7 @@ index c097e7d..c689cf4 100644
pushl $__ESPFIX_SS
CFI_ADJUST_CFA_OFFSET 4
push %eax /* new kernel esp */
-@@ -636,36 +846,30 @@ work_resched:
+@@ -636,36 +849,30 @@ work_resched:
movl TI_flags(%ebp), %ecx
andl $_TIF_WORK_MASK, %ecx # is there any work to be done other
# than syscall tracing?
@@ -16532,7 +16588,7 @@ index c097e7d..c689cf4 100644
# perform syscall exit tracing
ALIGN
-@@ -673,11 +877,14 @@ syscall_trace_entry:
+@@ -673,11 +880,14 @@ syscall_trace_entry:
movl $-ENOSYS,PT_EAX(%esp)
movl %esp, %eax
call syscall_trace_enter
@@ -16548,7 +16604,7 @@ index c097e7d..c689cf4 100644
# perform syscall exit tracing
ALIGN
-@@ -690,20 +897,24 @@ syscall_exit_work:
+@@ -690,20 +900,24 @@ syscall_exit_work:
movl %esp, %eax
call syscall_trace_leave
jmp resume_userspace
@@ -16576,7 +16632,7 @@ index c097e7d..c689cf4 100644
CFI_ENDPROC
/*
-@@ -726,6 +937,33 @@ PTREGSCALL(rt_sigreturn)
+@@ -726,6 +940,33 @@ PTREGSCALL(rt_sigreturn)
PTREGSCALL(vm86)
PTREGSCALL(vm86old)
@@ -16610,7 +16666,7 @@ index c097e7d..c689cf4 100644
.macro FIXUP_ESPFIX_STACK
/*
* Switch back for ESPFIX stack to the normal zerobased stack
-@@ -735,7 +973,13 @@ PTREGSCALL(vm86old)
+@@ -735,7 +976,13 @@ PTREGSCALL(vm86old)
* normal stack and adjusts ESP with the matching offset.
*/
/* fixup the stack */
@@ -16625,7 +16681,7 @@ index c097e7d..c689cf4 100644
mov GDT_ENTRY_ESPFIX_SS * 8 + 4(%ebx), %al /* bits 16..23 */
mov GDT_ENTRY_ESPFIX_SS * 8 + 7(%ebx), %ah /* bits 24..31 */
shl $16, %eax
-@@ -793,7 +1037,7 @@ vector=vector+1
+@@ -793,7 +1040,7 @@ vector=vector+1
.endr
2: jmp common_interrupt
.endr
@@ -16634,7 +16690,7 @@ index c097e7d..c689cf4 100644
.previous
END(interrupt)
-@@ -840,7 +1084,7 @@ ENTRY(coprocessor_error)
+@@ -840,7 +1087,7 @@ ENTRY(coprocessor_error)
CFI_ADJUST_CFA_OFFSET 4
jmp error_code
CFI_ENDPROC
@@ -16643,7 +16699,7 @@ index c097e7d..c689cf4 100644
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
-@@ -850,7 +1094,7 @@ ENTRY(simd_coprocessor_error)
+@@ -850,7 +1097,7 @@ ENTRY(simd_coprocessor_error)
CFI_ADJUST_CFA_OFFSET 4
jmp error_code
CFI_ENDPROC
@@ -16652,7 +16708,7 @@ index c097e7d..c689cf4 100644
ENTRY(device_not_available)
RING0_INT_FRAME
-@@ -860,7 +1104,7 @@ ENTRY(device_not_available)
+@@ -860,7 +1107,7 @@ ENTRY(device_not_available)
CFI_ADJUST_CFA_OFFSET 4
jmp error_code
CFI_ENDPROC
@@ -16661,7 +16717,7 @@ index c097e7d..c689cf4 100644
#ifdef CONFIG_PARAVIRT
ENTRY(native_iret)
-@@ -869,12 +1113,12 @@ ENTRY(native_iret)
+@@ -869,12 +1116,12 @@ ENTRY(native_iret)
.align 4
.long native_iret, iret_exc
.previous
@@ -16676,7 +16732,7 @@ index c097e7d..c689cf4 100644
#endif
ENTRY(overflow)
-@@ -885,7 +1129,7 @@ ENTRY(overflow)
+@@ -885,7 +1132,7 @@ ENTRY(overflow)
CFI_ADJUST_CFA_OFFSET 4
jmp error_code
CFI_ENDPROC
@@ -16685,7 +16741,7 @@ index c097e7d..c689cf4 100644
ENTRY(bounds)
RING0_INT_FRAME
-@@ -895,7 +1139,7 @@ ENTRY(bounds)
+@@ -895,7 +1142,7 @@ ENTRY(bounds)
CFI_ADJUST_CFA_OFFSET 4
jmp error_code
CFI_ENDPROC
@@ -16694,7 +16750,7 @@ index c097e7d..c689cf4 100644
ENTRY(invalid_op)
RING0_INT_FRAME
-@@ -905,7 +1149,7 @@ ENTRY(invalid_op)
+@@ -905,7 +1152,7 @@ ENTRY(invalid_op)
CFI_ADJUST_CFA_OFFSET 4
jmp error_code
CFI_ENDPROC
@@ -16703,7 +16759,7 @@ index c097e7d..c689cf4 100644
ENTRY(coprocessor_segment_overrun)
RING0_INT_FRAME
-@@ -915,7 +1159,7 @@ ENTRY(coprocessor_segment_overrun)
+@@ -915,7 +1162,7 @@ ENTRY(coprocessor_segment_overrun)
CFI_ADJUST_CFA_OFFSET 4
jmp error_code
CFI_ENDPROC
@@ -16712,7 +16768,7 @@ index c097e7d..c689cf4 100644
ENTRY(invalid_TSS)
RING0_EC_FRAME
-@@ -923,7 +1167,7 @@ ENTRY(invalid_TSS)
+@@ -923,7 +1170,7 @@ ENTRY(invalid_TSS)
CFI_ADJUST_CFA_OFFSET 4
jmp error_code
CFI_ENDPROC
@@ -16721,7 +16777,7 @@ index c097e7d..c689cf4 100644
ENTRY(segment_not_present)
RING0_EC_FRAME
-@@ -931,7 +1175,7 @@ ENTRY(segment_not_present)
+@@ -931,7 +1178,7 @@ ENTRY(segment_not_present)
CFI_ADJUST_CFA_OFFSET 4
jmp error_code
CFI_ENDPROC
@@ -16730,7 +16786,7 @@ index c097e7d..c689cf4 100644
ENTRY(stack_segment)
RING0_EC_FRAME
-@@ -939,7 +1183,7 @@ ENTRY(stack_segment)
+@@ -939,7 +1186,7 @@ ENTRY(stack_segment)
CFI_ADJUST_CFA_OFFSET 4
jmp error_code
CFI_ENDPROC
@@ -16739,7 +16795,7 @@ index c097e7d..c689cf4 100644
ENTRY(alignment_check)
RING0_EC_FRAME
-@@ -947,7 +1191,7 @@ ENTRY(alignment_check)
+@@ -947,7 +1194,7 @@ ENTRY(alignment_check)
CFI_ADJUST_CFA_OFFSET 4
jmp error_code
CFI_ENDPROC
@@ -16748,7 +16804,7 @@ index c097e7d..c689cf4 100644
ENTRY(divide_error)
RING0_INT_FRAME
-@@ -957,7 +1201,7 @@ ENTRY(divide_error)
+@@ -957,7 +1204,7 @@ ENTRY(divide_error)
CFI_ADJUST_CFA_OFFSET 4
jmp error_code
CFI_ENDPROC
@@ -16757,7 +16813,7 @@ index c097e7d..c689cf4 100644
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -968,7 +1212,7 @@ ENTRY(machine_check)
+@@ -968,7 +1215,7 @@ ENTRY(machine_check)
CFI_ADJUST_CFA_OFFSET 4
jmp error_code
CFI_ENDPROC
@@ -16766,7 +16822,7 @@ index c097e7d..c689cf4 100644
#endif
ENTRY(spurious_interrupt_bug)
-@@ -979,7 +1223,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -979,7 +1226,7 @@ ENTRY(spurious_interrupt_bug)
CFI_ADJUST_CFA_OFFSET 4
jmp error_code
CFI_ENDPROC
@@ -16775,7 +16831,7 @@ index c097e7d..c689cf4 100644
ENTRY(kernel_thread_helper)
pushl $0 # fake return address for unwinder
-@@ -1095,7 +1339,7 @@ ENDPROC(xen_failsafe_callback)
+@@ -1095,7 +1342,7 @@ ENDPROC(xen_failsafe_callback)
ENTRY(mcount)
ret
@@ -16784,7 +16840,7 @@ index c097e7d..c689cf4 100644
ENTRY(ftrace_caller)
cmpl $0, function_trace_stop
-@@ -1124,7 +1368,7 @@ ftrace_graph_call:
+@@ -1124,7 +1371,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
@@ -16793,7 +16849,7 @@ index c097e7d..c689cf4 100644
#else /* ! CONFIG_DYNAMIC_FTRACE */
-@@ -1160,7 +1404,7 @@ trace:
+@@ -1160,7 +1407,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
@@ -16802,7 +16858,7 @@ index c097e7d..c689cf4 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -1181,7 +1425,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1181,7 +1428,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
@@ -16811,7 +16867,7 @@ index c097e7d..c689cf4 100644
.globl return_to_handler
return_to_handler:
-@@ -1198,7 +1442,6 @@ return_to_handler:
+@@ -1198,7 +1445,6 @@ return_to_handler:
ret
#endif
@@ -16819,7 +16875,7 @@ index c097e7d..c689cf4 100644
#include "syscall_table_32.S"
syscall_table_size=(.-sys_call_table)
-@@ -1255,15 +1498,18 @@ error_code:
+@@ -1255,15 +1501,18 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -16840,7 +16896,7 @@ index c097e7d..c689cf4 100644
/*
* Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1309,7 +1555,7 @@ debug_stack_correct:
+@@ -1309,7 +1558,7 @@ debug_stack_correct:
call do_debug
jmp ret_from_exception
CFI_ENDPROC
@@ -16849,7 +16905,7 @@ index c097e7d..c689cf4 100644
/*
* NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1351,6 +1597,9 @@ nmi_stack_correct:
+@@ -1351,6 +1600,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_nmi
@@ -16859,7 +16915,7 @@ index c097e7d..c689cf4 100644
jmp restore_all_notrace
CFI_ENDPROC
-@@ -1391,12 +1640,15 @@ nmi_espfix_stack:
+@@ -1391,12 +1643,15 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx,%edx # zero error code
call do_nmi
@@ -16876,7 +16932,7 @@ index c097e7d..c689cf4 100644
ENTRY(int3)
RING0_INT_FRAME
-@@ -1409,7 +1661,7 @@ ENTRY(int3)
+@@ -1409,7 +1664,7 @@ ENTRY(int3)
call do_int3
jmp ret_from_exception
CFI_ENDPROC
@@ -16885,7 +16941,7 @@ index c097e7d..c689cf4 100644
ENTRY(general_protection)
RING0_EC_FRAME
-@@ -1417,7 +1669,7 @@ ENTRY(general_protection)
+@@ -1417,7 +1672,7 @@ ENTRY(general_protection)
CFI_ADJUST_CFA_OFFSET 4
jmp error_code
CFI_ENDPROC
@@ -34566,7 +34622,7 @@ index e2f70a5..c703e86 100644
/* kernel_context_switch isn't used by any of the x86 drm
* modules but is required by the Sparc driver.
diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810_dma.c
-index 7d1d88c..b9131b2 100644
+index 7d1d88cd..b9131b2 100644
--- a/drivers/gpu/drm/i810/i810_dma.c
+++ b/drivers/gpu/drm/i810/i810_dma.c
@@ -952,8 +952,8 @@ static int i810_dma_vertex(struct drm_device *dev, void *data,
@@ -53337,6 +53393,19 @@ index c1b3f09..97cd8c4 100644
}
} else {
if (netif_msg_link(lp))
+diff --git a/drivers/net/pppol2tp.c b/drivers/net/pppol2tp.c
+index 9235901..d31e726 100644
+--- a/drivers/net/pppol2tp.c
++++ b/drivers/net/pppol2tp.c
+@@ -1174,7 +1174,7 @@ static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb)
+
+ /* Get routing info from the tunnel socket */
+ skb_dst_drop(skb);
+- skb_dst_set(skb, dst_clone(__sk_dst_get(sk_tun)));
++ skb_dst_set(skb, dst_clone(__sk_dst_check(sk_tun, 0)));
+ pppol2tp_skb_set_owner_w(skb, sk_tun);
+
+ /* Calculate UDP checksum if configured to do so */
diff --git a/drivers/net/sis190.c b/drivers/net/sis190.c
index 7cc9898..6eb50d3 100644
--- a/drivers/net/sis190.c
@@ -64903,7 +64972,7 @@ index 0133b5a..3710d09 100644
(unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
#ifdef __alpha__
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index a64fde6..b6699eb 100644
+index a64fde6..4d6ea81 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -31,6 +31,7 @@
@@ -65546,19 +65615,7 @@ index a64fde6..b6699eb 100644
/* set_brk can never work. Avoid overflows. */
send_sig(SIGKILL, current, 0);
retval = -EINVAL;
-@@ -866,6 +1328,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
- start_data += load_bias;
- end_data += load_bias;
-
-+#ifdef CONFIG_PAX_RANDMMAP
-+ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
-+ elf_brk += PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
-+#endif
-+
- /* Calling set_brk effectively mmaps the pages that we need
- * for the bss and break sections. We must do this before
- * mapping in the interpreter, to make sure it doesn't wind
-@@ -877,9 +1344,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -877,11 +1339,35 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
goto out_free_dentry;
}
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
@@ -65572,8 +65629,32 @@ index a64fde6..b6699eb 100644
+ */
}
++#ifdef CONFIG_PAX_RANDMMAP
++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
++ unsigned long start, size;
++
++ start = ELF_PAGEALIGN(elf_brk);
++ size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
++ down_write(¤t->mm->mmap_sem);
++ retval = -ENOMEM;
++ if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) {
++ start = do_mmap(NULL, start, size, PROT_NONE, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0);
++ retval = IS_ERR_VALUE(start) ? start : 0;
++ }
++ up_write(¤t->mm->mmap_sem);
++ if (retval == 0)
++ retval = set_brk(start + size, start + size + PAGE_SIZE);
++ if (retval < 0) {
++ send_sig(SIGKILL, current, 0);
++ goto out_free_dentry;
++ }
++ }
++#endif
++
if (elf_interpreter) {
-@@ -1112,8 +1581,10 @@ static int dump_seek(struct file *file, loff_t off)
+ unsigned long uninitialized_var(interp_map_addr);
+
+@@ -1112,8 +1598,10 @@ static int dump_seek(struct file *file, loff_t off)
unsigned long n = off;
if (n > PAGE_SIZE)
n = PAGE_SIZE;
@@ -65585,7 +65666,7 @@ index a64fde6..b6699eb 100644
off -= n;
}
free_page((unsigned long)buf);
-@@ -1125,7 +1596,7 @@ static int dump_seek(struct file *file, loff_t off)
+@@ -1125,7 +1613,7 @@ static int dump_seek(struct file *file, loff_t off)
* Decide what to dump of a segment, part, all or none.
*/
static unsigned long vma_dump_size(struct vm_area_struct *vma,
@@ -65594,7 +65675,7 @@ index a64fde6..b6699eb 100644
{
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
-@@ -1159,7 +1630,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+@@ -1159,7 +1647,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
if (vma->vm_file == NULL)
return 0;
@@ -65603,7 +65684,7 @@ index a64fde6..b6699eb 100644
goto whole;
/*
-@@ -1255,8 +1726,11 @@ static int writenote(struct memelfnote *men, struct file *file,
+@@ -1255,8 +1743,11 @@ static int writenote(struct memelfnote *men, struct file *file,
#undef DUMP_WRITE
#define DUMP_WRITE(addr, nr) \
@@ -65616,7 +65697,7 @@ index a64fde6..b6699eb 100644
static void fill_elf_header(struct elfhdr *elf, int segs,
u16 machine, u32 flags, u8 osabi)
-@@ -1385,9 +1859,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
+@@ -1385,9 +1876,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
{
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
int i = 0;
@@ -65628,7 +65709,7 @@ index a64fde6..b6699eb 100644
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
}
-@@ -1973,7 +2447,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
+@@ -1973,7 +2464,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
phdr.p_offset = offset;
phdr.p_vaddr = vma->vm_start;
phdr.p_paddr = 0;
@@ -65637,7 +65718,7 @@ index a64fde6..b6699eb 100644
phdr.p_memsz = vma->vm_end - vma->vm_start;
offset += phdr.p_filesz;
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
-@@ -2006,7 +2480,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
+@@ -2006,7 +2497,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
unsigned long addr;
unsigned long end;
@@ -65646,7 +65727,7 @@ index a64fde6..b6699eb 100644
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
struct page *page;
-@@ -2015,6 +2489,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
+@@ -2015,6 +2506,7 @@ static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, un
page = get_dump_page(addr);
if (page) {
void *kaddr = kmap(page);
@@ -65654,7 +65735,7 @@ index a64fde6..b6699eb 100644
stop = ((size += PAGE_SIZE) > limit) ||
!dump_write(file, kaddr, PAGE_SIZE);
kunmap(page);
-@@ -2042,6 +2517,97 @@ out:
+@@ -2042,6 +2534,97 @@ out:
#endif /* USE_ELF_CORE_DUMP */
@@ -65789,7 +65870,7 @@ index ca88c46..f155a60 100644
goto err;
}
diff --git a/fs/bio.c b/fs/bio.c
-index e696713..83de133 100644
+index e696713..4b5969d 100644
--- a/fs/bio.c
+++ b/fs/bio.c
@@ -78,7 +78,7 @@ static struct kmem_cache *bio_find_or_create_slab(unsigned int extra_size)
@@ -65801,6 +65882,15 @@ index e696713..83de133 100644
if (!bslab->slab && entry == -1)
entry = i;
+@@ -841,7 +841,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
+ /*
+ * Overflow, abort
+ */
+- if (end < start)
++ if (end < start || end - start > INT_MAX - nr_pages)
+ return ERR_PTR(-EINVAL);
+
+ nr_pages += end - start;
@@ -1236,7 +1236,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err)
const int read = bio_data_dir(bio) == READ;
struct bio_map_data *bmd = bio->bi_private;
@@ -66903,7 +66993,7 @@ index 8e48b52..f01ed91 100644
ino = next->s_dentry->d_inode->i_ino;
else
diff --git a/fs/dcache.c b/fs/dcache.c
-index 44c0aea..2529092 100644
+index 44c0aea..a663f95 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -45,8 +45,6 @@ EXPORT_SYMBOL(dcache_lock);
@@ -66915,6 +67005,22 @@ index 44c0aea..2529092 100644
/*
* This is the single most critical data structure when it comes
* to the dcache: the hashtable for lookups. Somebody should try
+@@ -1108,11 +1106,11 @@ struct dentry * d_alloc_root(struct inode * root_inode)
+ return res;
+ }
+
+-static inline struct hlist_head *d_hash(struct dentry *parent,
+- unsigned long hash)
++static inline struct hlist_head *d_hash(const struct dentry *parent,
++ unsigned int hash)
+ {
+- hash += ((unsigned long) parent ^ GOLDEN_RATIO_PRIME) / L1_CACHE_BYTES;
+- hash = hash ^ ((hash ^ GOLDEN_RATIO_PRIME) >> D_HASHBITS);
++ hash += (unsigned long) parent / L1_CACHE_BYTES;
++ hash = hash + (hash >> D_HASHBITS);
+ return dentry_hashtable + (hash & D_HASHMASK);
+ }
+
@@ -2319,7 +2317,7 @@ void __init vfs_caches_init(unsigned long mempages)
mempages -= reserve;
diff --git a/3.2.12/0000_README b/3.2.13/0000_README
similarity index 93%
copy from 3.2.12/0000_README
copy to 3.2.13/0000_README
index ff7242f..cdd48b2 100644
--- a/3.2.12/0000_README
+++ b/3.2.13/0000_README
@@ -2,7 +2,11 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.9-3.2.12-201203221944.patch
+Patch: 1012_linux-3.2.13.patch
+From: http://www.kernel.org
+Desc: Linux 3.2.13
+
+Patch: 4420_grsecurity-2.9-3.2.13-201203251921.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.13/1012_linux-3.2.13.patch b/3.2.13/1012_linux-3.2.13.patch
new file mode 100644
index 0000000..98feeb7
--- /dev/null
+++ b/3.2.13/1012_linux-3.2.13.patch
@@ -0,0 +1,433 @@
+diff --git a/arch/powerpc/platforms/powermac/smp.c b/arch/powerpc/platforms/powermac/smp.c
+index 9b6a820..3394254 100644
+--- a/arch/powerpc/platforms/powermac/smp.c
++++ b/arch/powerpc/platforms/powermac/smp.c
+@@ -414,7 +414,7 @@ static struct irqaction psurge_irqaction = {
+
+ static void __init smp_psurge_setup_cpu(int cpu_nr)
+ {
+- if (cpu_nr != 0)
++ if (cpu_nr != 0 || !psurge_start)
+ return;
+
+ /* reset the entry point so if we get another intr we won't
+diff --git a/drivers/net/wireless/iwlegacy/iwl-3945.c b/drivers/net/wireless/iwlegacy/iwl-3945.c
+index f7c0a74..7d1aa7c 100644
+--- a/drivers/net/wireless/iwlegacy/iwl-3945.c
++++ b/drivers/net/wireless/iwlegacy/iwl-3945.c
+@@ -1870,11 +1870,12 @@ static void iwl3945_bg_reg_txpower_periodic(struct work_struct *work)
+ struct iwl_priv *priv = container_of(work, struct iwl_priv,
+ _3945.thermal_periodic.work);
+
+- if (test_bit(STATUS_EXIT_PENDING, &priv->status))
+- return;
+-
+ mutex_lock(&priv->mutex);
++ if (test_bit(STATUS_EXIT_PENDING, &priv->status) || priv->txq == NULL)
++ goto out;
++
+ iwl3945_reg_txpower_periodic(priv);
++out:
+ mutex_unlock(&priv->mutex);
+ }
+
+diff --git a/drivers/net/wireless/iwlegacy/iwl3945-base.c b/drivers/net/wireless/iwlegacy/iwl3945-base.c
+index 05f2ad1..b3d9f3f 100644
+--- a/drivers/net/wireless/iwlegacy/iwl3945-base.c
++++ b/drivers/net/wireless/iwlegacy/iwl3945-base.c
+@@ -2513,7 +2513,7 @@ static void iwl3945_bg_alive_start(struct work_struct *data)
+ container_of(data, struct iwl_priv, alive_start.work);
+
+ mutex_lock(&priv->mutex);
+- if (test_bit(STATUS_EXIT_PENDING, &priv->status))
++ if (test_bit(STATUS_EXIT_PENDING, &priv->status) || priv->txq == NULL)
+ goto out;
+
+ iwl3945_alive_start(priv);
+diff --git a/fs/afs/internal.h b/fs/afs/internal.h
+index d2b0888..a306bb6 100644
+--- a/fs/afs/internal.h
++++ b/fs/afs/internal.h
+@@ -109,7 +109,7 @@ struct afs_call {
+ unsigned reply_size; /* current size of reply */
+ unsigned first_offset; /* offset into mapping[first] */
+ unsigned last_to; /* amount of mapping[last] */
+- unsigned short offset; /* offset into received data store */
++ unsigned offset; /* offset into received data store */
+ unsigned char unmarshall; /* unmarshalling phase */
+ bool incoming; /* T if incoming call */
+ bool send_pages; /* T if data from mapping should be sent */
+diff --git a/fs/afs/rxrpc.c b/fs/afs/rxrpc.c
+index e45a323..8ad8c2a 100644
+--- a/fs/afs/rxrpc.c
++++ b/fs/afs/rxrpc.c
+@@ -314,6 +314,7 @@ int afs_make_call(struct in_addr *addr, struct afs_call *call, gfp_t gfp,
+ struct msghdr msg;
+ struct kvec iov[1];
+ int ret;
++ struct sk_buff *skb;
+
+ _enter("%x,{%d},", addr->s_addr, ntohs(call->port));
+
+@@ -380,6 +381,8 @@ int afs_make_call(struct in_addr *addr, struct afs_call *call, gfp_t gfp,
+
+ error_do_abort:
+ rxrpc_kernel_abort_call(rxcall, RX_USER_ABORT);
++ while ((skb = skb_dequeue(&call->rx_queue)))
++ afs_free_skb(skb);
+ rxrpc_kernel_end_call(rxcall);
+ call->rxcall = NULL;
+ error_kill_call:
+diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c
+index d327140..35a8970 100644
+--- a/fs/nilfs2/the_nilfs.c
++++ b/fs/nilfs2/the_nilfs.c
+@@ -515,6 +515,7 @@ static int nilfs_load_super_block(struct the_nilfs *nilfs,
+ brelse(sbh[1]);
+ sbh[1] = NULL;
+ sbp[1] = NULL;
++ valid[1] = 0;
+ swp = 0;
+ }
+ if (!valid[swp]) {
+diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
+index 90f6544..769c0e9 100644
+--- a/net/ipv4/syncookies.c
++++ b/net/ipv4/syncookies.c
+@@ -278,6 +278,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
+ struct rtable *rt;
+ __u8 rcv_wscale;
+ bool ecn_ok = false;
++ struct flowi4 fl4;
+
+ if (!sysctl_tcp_syncookies || !th->ack || th->rst)
+ goto out;
+@@ -346,20 +347,16 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
+ * hasn't changed since we received the original syn, but I see
+ * no easy way to do this.
+ */
+- {
+- struct flowi4 fl4;
+-
+- flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
+- RT_SCOPE_UNIVERSE, IPPROTO_TCP,
+- inet_sk_flowi_flags(sk),
+- (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
+- ireq->loc_addr, th->source, th->dest);
+- security_req_classify_flow(req, flowi4_to_flowi(&fl4));
+- rt = ip_route_output_key(sock_net(sk), &fl4);
+- if (IS_ERR(rt)) {
+- reqsk_free(req);
+- goto out;
+- }
++ flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
++ RT_SCOPE_UNIVERSE, IPPROTO_TCP,
++ inet_sk_flowi_flags(sk),
++ (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
++ ireq->loc_addr, th->source, th->dest);
++ security_req_classify_flow(req, flowi4_to_flowi(&fl4));
++ rt = ip_route_output_key(sock_net(sk), &fl4);
++ if (IS_ERR(rt)) {
++ reqsk_free(req);
++ goto out;
+ }
+
+ /* Try to redo what tcp_v4_send_synack did. */
+@@ -373,5 +370,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
+ ireq->rcv_wscale = rcv_wscale;
+
+ ret = get_cookie_sock(sk, skb, req, &rt->dst);
++ /* ip_queue_xmit() depends on our flow being setup
++ * Normal sockets get it right from inet_csk_route_child_sock()
++ */
++ if (ret)
++ inet_sk(ret)->cork.fl.u.ip4 = fl4;
+ out: return ret;
+ }
+diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
+index eb90aa8..de69cec 100644
+--- a/net/ipv4/tcp_ipv4.c
++++ b/net/ipv4/tcp_ipv4.c
+@@ -1465,9 +1465,13 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
+ inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
+ newinet->inet_id = newtp->write_seq ^ jiffies;
+
+- if (!dst && (dst = inet_csk_route_child_sock(sk, newsk, req)) == NULL)
+- goto put_and_exit;
+-
++ if (!dst) {
++ dst = inet_csk_route_child_sock(sk, newsk, req);
++ if (!dst)
++ goto put_and_exit;
++ } else {
++ /* syncookie case : see end of cookie_v4_check() */
++ }
+ sk_setup_caps(newsk, dst);
+
+ tcp_mtup_init(newsk);
+diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
+index ee7839f..2257366 100644
+--- a/net/ipv6/mcast.c
++++ b/net/ipv6/mcast.c
+@@ -257,7 +257,6 @@ static struct inet6_dev *ip6_mc_find_dev_rcu(struct net *net,
+
+ if (rt) {
+ dev = rt->rt6i_dev;
+- dev_hold(dev);
+ dst_release(&rt->dst);
+ }
+ } else
+diff --git a/tools/perf/arch/powerpc/util/header.c b/tools/perf/arch/powerpc/util/header.c
+index eba80c2..2f7073d 100644
+--- a/tools/perf/arch/powerpc/util/header.c
++++ b/tools/perf/arch/powerpc/util/header.c
+@@ -25,7 +25,7 @@ get_cpuid(char *buffer, size_t sz)
+
+ pvr = mfspr(SPRN_PVR);
+
+- nb = snprintf(buffer, sz, "%lu,%lu$", PVR_VER(pvr), PVR_REV(pvr));
++ nb = scnprintf(buffer, sz, "%lu,%lu$", PVR_VER(pvr), PVR_REV(pvr));
+
+ /* look for end marker to ensure the entire data fit */
+ if (strchr(buffer, '$')) {
+diff --git a/tools/perf/arch/x86/util/header.c b/tools/perf/arch/x86/util/header.c
+index f940060..146d12a 100644
+--- a/tools/perf/arch/x86/util/header.c
++++ b/tools/perf/arch/x86/util/header.c
+@@ -48,7 +48,7 @@ get_cpuid(char *buffer, size_t sz)
+ if (family >= 0x6)
+ model += ((a >> 16) & 0xf) << 4;
+ }
+- nb = snprintf(buffer, sz, "%s,%u,%u,%u$", vendor, family, model, step);
++ nb = scnprintf(buffer, sz, "%s,%u,%u,%u$", vendor, family, model, step);
+
+ /* look for end marker to ensure the entire data fit */
+ if (strchr(buffer, '$')) {
+diff --git a/tools/perf/util/color.c b/tools/perf/util/color.c
+index 521c38a..11e46da1 100644
+--- a/tools/perf/util/color.c
++++ b/tools/perf/util/color.c
+@@ -1,3 +1,4 @@
++#include <linux/kernel.h>
+ #include "cache.h"
+ #include "color.h"
+
+@@ -182,12 +183,12 @@ static int __color_vsnprintf(char *bf, size_t size, const char *color,
+ }
+
+ if (perf_use_color_default && *color)
+- r += snprintf(bf, size, "%s", color);
+- r += vsnprintf(bf + r, size - r, fmt, args);
++ r += scnprintf(bf, size, "%s", color);
++ r += vscnprintf(bf + r, size - r, fmt, args);
+ if (perf_use_color_default && *color)
+- r += snprintf(bf + r, size - r, "%s", PERF_COLOR_RESET);
++ r += scnprintf(bf + r, size - r, "%s", PERF_COLOR_RESET);
+ if (trail)
+- r += snprintf(bf + r, size - r, "%s", trail);
++ r += scnprintf(bf + r, size - r, "%s", trail);
+ return r;
+ }
+
+diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c
+index 33c17a2..2cd88c1 100644
+--- a/tools/perf/util/header.c
++++ b/tools/perf/util/header.c
+@@ -1227,7 +1227,7 @@ int build_id_cache__add_s(const char *sbuild_id, const char *debugdir,
+ if (realname == NULL || filename == NULL || linkname == NULL)
+ goto out_free;
+
+- len = snprintf(filename, size, "%s%s%s",
++ len = scnprintf(filename, size, "%s%s%s",
+ debugdir, is_kallsyms ? "/" : "", realname);
+ if (mkdir_p(filename, 0755))
+ goto out_free;
+@@ -1242,7 +1242,7 @@ int build_id_cache__add_s(const char *sbuild_id, const char *debugdir,
+ goto out_free;
+ }
+
+- len = snprintf(linkname, size, "%s/.build-id/%.2s",
++ len = scnprintf(linkname, size, "%s/.build-id/%.2s",
+ debugdir, sbuild_id);
+
+ if (access(linkname, X_OK) && mkdir_p(linkname, 0755))
+diff --git a/tools/perf/util/hist.c b/tools/perf/util/hist.c
+index abef270..216e33a 100644
+--- a/tools/perf/util/hist.c
++++ b/tools/perf/util/hist.c
+@@ -767,7 +767,7 @@ static int hist_entry__pcnt_snprintf(struct hist_entry *self, char *s,
+ sep ? "%.2f" : " %6.2f%%",
+ (period * 100.0) / total);
+ else
+- ret = snprintf(s, size, sep ? "%.2f" : " %6.2f%%",
++ ret = scnprintf(s, size, sep ? "%.2f" : " %6.2f%%",
+ (period * 100.0) / total);
+ if (symbol_conf.show_cpu_utilization) {
+ ret += percent_color_snprintf(s + ret, size - ret,
+@@ -790,20 +790,20 @@ static int hist_entry__pcnt_snprintf(struct hist_entry *self, char *s,
+ }
+ }
+ } else
+- ret = snprintf(s, size, sep ? "%" PRIu64 : "%12" PRIu64 " ", period);
++ ret = scnprintf(s, size, sep ? "%" PRIu64 : "%12" PRIu64 " ", period);
+
+ if (symbol_conf.show_nr_samples) {
+ if (sep)
+- ret += snprintf(s + ret, size - ret, "%c%" PRIu64, *sep, nr_events);
++ ret += scnprintf(s + ret, size - ret, "%c%" PRIu64, *sep, nr_events);
+ else
+- ret += snprintf(s + ret, size - ret, "%11" PRIu64, nr_events);
++ ret += scnprintf(s + ret, size - ret, "%11" PRIu64, nr_events);
+ }
+
+ if (symbol_conf.show_total_period) {
+ if (sep)
+- ret += snprintf(s + ret, size - ret, "%c%" PRIu64, *sep, period);
++ ret += scnprintf(s + ret, size - ret, "%c%" PRIu64, *sep, period);
+ else
+- ret += snprintf(s + ret, size - ret, " %12" PRIu64, period);
++ ret += scnprintf(s + ret, size - ret, " %12" PRIu64, period);
+ }
+
+ if (pair_hists) {
+@@ -818,25 +818,25 @@ static int hist_entry__pcnt_snprintf(struct hist_entry *self, char *s,
+ diff = new_percent - old_percent;
+
+ if (fabs(diff) >= 0.01)
+- snprintf(bf, sizeof(bf), "%+4.2F%%", diff);
++ ret += scnprintf(bf, sizeof(bf), "%+4.2F%%", diff);
+ else
+- snprintf(bf, sizeof(bf), " ");
++ ret += scnprintf(bf, sizeof(bf), " ");
+
+ if (sep)
+- ret += snprintf(s + ret, size - ret, "%c%s", *sep, bf);
++ ret += scnprintf(s + ret, size - ret, "%c%s", *sep, bf);
+ else
+- ret += snprintf(s + ret, size - ret, "%11.11s", bf);
++ ret += scnprintf(s + ret, size - ret, "%11.11s", bf);
+
+ if (show_displacement) {
+ if (displacement)
+- snprintf(bf, sizeof(bf), "%+4ld", displacement);
++ ret += scnprintf(bf, sizeof(bf), "%+4ld", displacement);
+ else
+- snprintf(bf, sizeof(bf), " ");
++ ret += scnprintf(bf, sizeof(bf), " ");
+
+ if (sep)
+- ret += snprintf(s + ret, size - ret, "%c%s", *sep, bf);
++ ret += scnprintf(s + ret, size - ret, "%c%s", *sep, bf);
+ else
+- ret += snprintf(s + ret, size - ret, "%6.6s", bf);
++ ret += scnprintf(s + ret, size - ret, "%6.6s", bf);
+ }
+ }
+
+@@ -854,7 +854,7 @@ int hist_entry__snprintf(struct hist_entry *he, char *s, size_t size,
+ if (se->elide)
+ continue;
+
+- ret += snprintf(s + ret, size - ret, "%s", sep ?: " ");
++ ret += scnprintf(s + ret, size - ret, "%s", sep ?: " ");
+ ret += se->se_snprintf(he, s + ret, size - ret,
+ hists__col_len(hists, se->se_width_idx));
+ }
+diff --git a/tools/perf/util/sort.c b/tools/perf/util/sort.c
+index 16da30d..076c9d4 100644
+--- a/tools/perf/util/sort.c
++++ b/tools/perf/util/sort.c
+@@ -33,6 +33,9 @@ static int repsep_snprintf(char *bf, size_t size, const char *fmt, ...)
+ }
+ }
+ va_end(ap);
++
++ if (n >= (int)size)
++ return size - 1;
+ return n;
+ }
+
+diff --git a/tools/perf/util/strbuf.c b/tools/perf/util/strbuf.c
+index 92e0685..2eeb51b 100644
+--- a/tools/perf/util/strbuf.c
++++ b/tools/perf/util/strbuf.c
+@@ -1,4 +1,5 @@
+ #include "cache.h"
++#include <linux/kernel.h>
+
+ int prefixcmp(const char *str, const char *prefix)
+ {
+@@ -89,14 +90,14 @@ void strbuf_addf(struct strbuf *sb, const char *fmt, ...)
+ if (!strbuf_avail(sb))
+ strbuf_grow(sb, 64);
+ va_start(ap, fmt);
+- len = vsnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap);
++ len = vscnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap);
+ va_end(ap);
+ if (len < 0)
+- die("your vsnprintf is broken");
++ die("your vscnprintf is broken");
+ if (len > strbuf_avail(sb)) {
+ strbuf_grow(sb, len);
+ va_start(ap, fmt);
+- len = vsnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap);
++ len = vscnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap);
+ va_end(ap);
+ if (len > strbuf_avail(sb)) {
+ die("this should not happen, your snprintf is broken");
+diff --git a/tools/perf/util/ui/browsers/hists.c b/tools/perf/util/ui/browsers/hists.c
+index d0c94b4..81c9fa5 100644
+--- a/tools/perf/util/ui/browsers/hists.c
++++ b/tools/perf/util/ui/browsers/hists.c
+@@ -839,15 +839,15 @@ static int hists__browser_title(struct hists *self, char *bf, size_t size,
+ unsigned long nr_events = self->stats.nr_events[PERF_RECORD_SAMPLE];
+
+ nr_events = convert_unit(nr_events, &unit);
+- printed = snprintf(bf, size, "Events: %lu%c %s", nr_events, unit, ev_name);
++ printed = scnprintf(bf, size, "Events: %lu%c %s", nr_events, unit, ev_name);
+
+ if (thread)
+- printed += snprintf(bf + printed, size - printed,
++ printed += scnprintf(bf + printed, size - printed,
+ ", Thread: %s(%d)",
+ (thread->comm_set ? thread->comm : ""),
+ thread->pid);
+ if (dso)
+- printed += snprintf(bf + printed, size - printed,
++ printed += scnprintf(bf + printed, size - printed,
+ ", DSO: %s", dso->short_name);
+ return printed;
+ }
+@@ -1097,7 +1097,7 @@ static void perf_evsel_menu__write(struct ui_browser *browser,
+ HE_COLORSET_NORMAL);
+
+ nr_events = convert_unit(nr_events, &unit);
+- printed = snprintf(bf, sizeof(bf), "%lu%c%s%s", nr_events,
++ printed = scnprintf(bf, sizeof(bf), "%lu%c%s%s", nr_events,
+ unit, unit == ' ' ? "" : " ", ev_name);
+ slsmg_printf("%s", bf);
+
+@@ -1107,8 +1107,8 @@ static void perf_evsel_menu__write(struct ui_browser *browser,
+ if (!current_entry)
+ ui_browser__set_color(browser, HE_COLORSET_TOP);
+ nr_events = convert_unit(nr_events, &unit);
+- snprintf(bf, sizeof(bf), ": %ld%c%schunks LOST!", nr_events,
+- unit, unit == ' ' ? "" : " ");
++ printed += scnprintf(bf, sizeof(bf), ": %ld%c%schunks LOST!",
++ nr_events, unit, unit == ' ' ? "" : " ");
+ warn = bf;
+ }
+
+diff --git a/tools/perf/util/ui/helpline.c b/tools/perf/util/ui/helpline.c
+index 6ef3c56..f50f81c 100644
+--- a/tools/perf/util/ui/helpline.c
++++ b/tools/perf/util/ui/helpline.c
+@@ -65,7 +65,7 @@ int ui_helpline__show_help(const char *format, va_list ap)
+ static int backlog;
+
+ pthread_mutex_lock(&ui__lock);
+- ret = vsnprintf(ui_helpline__last_msg + backlog,
++ ret = vscnprintf(ui_helpline__last_msg + backlog,
+ sizeof(ui_helpline__last_msg) - backlog, format, ap);
+ backlog += ret;
+
diff --git a/3.2.12/4420_grsecurity-2.9-3.2.12-201203221944.patch b/3.2.13/4420_grsecurity-2.9-3.2.13-201203251921.patch
similarity index 99%
copy from 3.2.12/4420_grsecurity-2.9-3.2.12-201203221944.patch
copy to 3.2.13/4420_grsecurity-2.9-3.2.13-201203251921.patch
index 94d7e91..373d86b 100644
--- a/3.2.12/4420_grsecurity-2.9-3.2.12-201203221944.patch
+++ b/3.2.13/4420_grsecurity-2.9-3.2.13-201203251921.patch
@@ -195,7 +195,7 @@ index 81c287f..d456d02 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 15e80f1..4fb87db 100644
+index 172e041..4aede2e 100644
--- a/Makefile
+++ b/Makefile
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -685,7 +685,7 @@ index fadd5f8..904e73a 100644
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
-index 86976d0..683de93 100644
+index 86976d0..8e07f84 100644
--- a/arch/arm/include/asm/atomic.h
+++ b/arch/arm/include/asm/atomic.h
@@ -15,6 +15,10 @@
@@ -887,7 +887,35 @@ index 86976d0..683de93 100644
static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr)
{
unsigned long tmp, tmp2;
-@@ -207,6 +349,10 @@ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr)
+@@ -165,7 +307,9 @@ static inline int atomic_add_return(int i, atomic_t *v)
+
+ return val;
+ }
++#define atomic_add_return_unchecked(i, v) atomic_add_return(i, v)
+ #define atomic_add(i, v) (void) atomic_add_return(i, v)
++#define atomic_add_unchecked(i, v) (void) atomic_add_return_unchecked(i, v)
+
+ static inline int atomic_sub_return(int i, atomic_t *v)
+ {
+@@ -179,7 +323,9 @@ static inline int atomic_sub_return(int i, atomic_t *v)
+
+ return val;
+ }
++#define atomic_sub_return_unchecked(i, v) atomic_sub_return(i, v)
+ #define atomic_sub(i, v) (void) atomic_sub_return(i, v)
++#define atomic_sub_unchecked(i, v) (void) atomic_sub_return_unchecked(i, v)
+
+ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
+ {
+@@ -194,6 +340,7 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
+
+ return ret;
+ }
++#define atomic_cmpxchg_unchecked(v, o, n) atomic_cmpxchg(v, o, n)
+
+ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr)
+ {
+@@ -207,6 +354,10 @@ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr)
#endif /* __LINUX_ARM_ARCH__ */
#define atomic_xchg(v, new) (xchg(&((v)->counter), new))
@@ -898,7 +926,7 @@ index 86976d0..683de93 100644
static inline int __atomic_add_unless(atomic_t *v, int a, int u)
{
-@@ -219,11 +365,27 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -219,11 +370,27 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
}
#define atomic_inc(v) atomic_add(1, v)
@@ -926,7 +954,7 @@ index 86976d0..683de93 100644
#define atomic_dec_return(v) (atomic_sub_return(1, v))
#define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0)
-@@ -239,6 +401,14 @@ typedef struct {
+@@ -239,6 +406,14 @@ typedef struct {
u64 __aligned(8) counter;
} atomic64_t;
@@ -941,7 +969,7 @@ index 86976d0..683de93 100644
#define ATOMIC64_INIT(i) { (i) }
static inline u64 atomic64_read(atomic64_t *v)
-@@ -254,6 +424,19 @@ static inline u64 atomic64_read(atomic64_t *v)
+@@ -254,6 +429,19 @@ static inline u64 atomic64_read(atomic64_t *v)
return result;
}
@@ -961,7 +989,7 @@ index 86976d0..683de93 100644
static inline void atomic64_set(atomic64_t *v, u64 i)
{
u64 tmp;
-@@ -268,6 +451,20 @@ static inline void atomic64_set(atomic64_t *v, u64 i)
+@@ -268,6 +456,20 @@ static inline void atomic64_set(atomic64_t *v, u64 i)
: "cc");
}
@@ -982,7 +1010,7 @@ index 86976d0..683de93 100644
static inline void atomic64_add(u64 i, atomic64_t *v)
{
u64 result;
-@@ -276,6 +473,36 @@ static inline void atomic64_add(u64 i, atomic64_t *v)
+@@ -276,6 +478,36 @@ static inline void atomic64_add(u64 i, atomic64_t *v)
__asm__ __volatile__("@ atomic64_add\n"
"1: ldrexd %0, %H0, [%3]\n"
" adds %0, %0, %4\n"
@@ -1019,7 +1047,7 @@ index 86976d0..683de93 100644
" adc %H0, %H0, %H4\n"
" strexd %1, %0, %H0, [%3]\n"
" teq %1, #0\n"
-@@ -287,12 +514,49 @@ static inline void atomic64_add(u64 i, atomic64_t *v)
+@@ -287,12 +519,49 @@ static inline void atomic64_add(u64 i, atomic64_t *v)
static inline u64 atomic64_add_return(u64 i, atomic64_t *v)
{
@@ -1071,7 +1099,7 @@ index 86976d0..683de93 100644
"1: ldrexd %0, %H0, [%3]\n"
" adds %0, %0, %4\n"
" adc %H0, %H0, %H4\n"
-@@ -316,6 +580,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
+@@ -316,6 +585,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
__asm__ __volatile__("@ atomic64_sub\n"
"1: ldrexd %0, %H0, [%3]\n"
" subs %0, %0, %4\n"
@@ -1108,7 +1136,7 @@ index 86976d0..683de93 100644
" sbc %H0, %H0, %H4\n"
" strexd %1, %0, %H0, [%3]\n"
" teq %1, #0\n"
-@@ -327,18 +621,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
+@@ -327,18 +626,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
static inline u64 atomic64_sub_return(u64 i, atomic64_t *v)
{
@@ -1146,7 +1174,7 @@ index 86976d0..683de93 100644
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter), "r" (i)
: "cc");
-@@ -372,6 +680,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new)
+@@ -372,6 +685,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new)
return oldval;
}
@@ -1177,7 +1205,7 @@ index 86976d0..683de93 100644
static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new)
{
u64 result;
-@@ -395,21 +727,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new)
+@@ -395,21 +732,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new)
static inline u64 atomic64_dec_if_positive(atomic64_t *v)
{
@@ -1219,7 +1247,7 @@ index 86976d0..683de93 100644
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter)
: "cc");
-@@ -432,13 +777,25 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u)
+@@ -432,13 +782,25 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u)
" teq %0, %5\n"
" teqeq %H0, %H5\n"
" moveq %1, #0\n"
@@ -1247,7 +1275,7 @@ index 86976d0..683de93 100644
: "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter), "r" (u), "r" (a)
: "cc");
-@@ -451,10 +808,13 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u)
+@@ -451,10 +813,13 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u)
#define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0)
#define atomic64_inc(v) atomic64_add(1LL, (v))
@@ -14376,10 +14404,23 @@ index cd28a35..c72ed9a 100644
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index f3f6f53..0841b66 100644
+index f3f6f53..b0cbdf9 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
-@@ -186,13 +186,146 @@
+@@ -99,12 +99,6 @@
+ #endif
+ .endm
+
+-#ifdef CONFIG_VM86
+-#define resume_userspace_sig check_userspace
+-#else
+-#define resume_userspace_sig resume_userspace
+-#endif
+-
+ /*
+ * User gs save/restore
+ *
+@@ -186,13 +180,146 @@
/*CFI_REL_OFFSET gs, PT_GS*/
.endm
.macro SET_KERNEL_GS reg
@@ -14527,7 +14568,7 @@ index f3f6f53..0841b66 100644
cld
PUSH_GS
pushl_cfi %fs
-@@ -215,7 +348,7 @@
+@@ -215,7 +342,7 @@
CFI_REL_OFFSET ecx, 0
pushl_cfi %ebx
CFI_REL_OFFSET ebx, 0
@@ -14536,7 +14577,7 @@ index f3f6f53..0841b66 100644
movl %edx, %ds
movl %edx, %es
movl $(__KERNEL_PERCPU), %edx
-@@ -223,6 +356,15 @@
+@@ -223,6 +350,15 @@
SET_KERNEL_GS %edx
.endm
@@ -14552,7 +14593,7 @@ index f3f6f53..0841b66 100644
.macro RESTORE_INT_REGS
popl_cfi %ebx
CFI_RESTORE ebx
-@@ -308,7 +450,7 @@ ENTRY(ret_from_fork)
+@@ -308,7 +444,7 @@ ENTRY(ret_from_fork)
popfl_cfi
jmp syscall_exit
CFI_ENDPROC
@@ -14561,9 +14602,24 @@ index f3f6f53..0841b66 100644
/*
* Interrupt exit functions should be protected against kprobes
-@@ -333,7 +475,15 @@ check_userspace:
+@@ -328,12 +464,29 @@ ret_from_exception:
+ preempt_stop(CLBR_ANY)
+ ret_from_intr:
+ GET_THREAD_INFO(%ebp)
+-check_userspace:
++resume_userspace_sig:
++#ifdef CONFIG_VM86
+ movl PT_EFLAGS(%esp), %eax # mix EFLAGS and CS
movb PT_CS(%esp), %al
andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax
++#else
++ /*
++ * We can be coming here from a syscall done in the kernel space,
++ * e.g. a failed kernel_execve().
++ */
++ movl PT_CS(%esp), %eax
++ andl $SEGMENT_RPL_MASK, %eax
++#endif
cmpl $USER_RPL, %eax
+
+#ifdef CONFIG_PAX_KERNEXEC
@@ -14577,7 +14633,7 @@ index f3f6f53..0841b66 100644
ENTRY(resume_userspace)
LOCKDEP_SYS_EXIT
-@@ -345,8 +495,8 @@ ENTRY(resume_userspace)
+@@ -345,8 +498,8 @@ ENTRY(resume_userspace)
andl $_TIF_WORK_MASK, %ecx # is there any work to be done on
# int/exception return?
jne work_pending
@@ -14588,7 +14644,7 @@ index f3f6f53..0841b66 100644
#ifdef CONFIG_PREEMPT
ENTRY(resume_kernel)
-@@ -361,7 +511,7 @@ need_resched:
+@@ -361,7 +514,7 @@ need_resched:
jz restore_all
call preempt_schedule_irq
jmp need_resched
@@ -14597,7 +14653,7 @@ index f3f6f53..0841b66 100644
#endif
CFI_ENDPROC
/*
-@@ -395,23 +545,34 @@ sysenter_past_esp:
+@@ -395,23 +548,34 @@ sysenter_past_esp:
/*CFI_REL_OFFSET cs, 0*/
/*
* Push current_thread_info()->sysenter_return to the stack.
@@ -14635,7 +14691,7 @@ index f3f6f53..0841b66 100644
movl %ebp,PT_EBP(%esp)
.section __ex_table,"a"
.align 4
-@@ -434,12 +595,24 @@ sysenter_do_call:
+@@ -434,12 +598,24 @@ sysenter_do_call:
testl $_TIF_ALLWORK_MASK, %ecx
jne sysexit_audit
sysenter_exit:
@@ -14660,7 +14716,7 @@ index f3f6f53..0841b66 100644
PTGS_TO_GS
ENABLE_INTERRUPTS_SYSEXIT
-@@ -456,6 +629,9 @@ sysenter_audit:
+@@ -456,6 +632,9 @@ sysenter_audit:
movl %eax,%edx /* 2nd arg: syscall number */
movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */
call audit_syscall_entry
@@ -14670,7 +14726,7 @@ index f3f6f53..0841b66 100644
pushl_cfi %ebx
movl PT_EAX(%esp),%eax /* reload syscall number */
jmp sysenter_do_call
-@@ -482,11 +658,17 @@ sysexit_audit:
+@@ -482,11 +661,17 @@ sysexit_audit:
CFI_ENDPROC
.pushsection .fixup,"ax"
@@ -14690,7 +14746,7 @@ index f3f6f53..0841b66 100644
.popsection
PTGS_TO_GS_EX
ENDPROC(ia32_sysenter_target)
-@@ -519,6 +701,15 @@ syscall_exit:
+@@ -519,6 +704,15 @@ syscall_exit:
testl $_TIF_ALLWORK_MASK, %ecx # current->work
jne syscall_exit_work
@@ -14706,7 +14762,7 @@ index f3f6f53..0841b66 100644
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
-@@ -578,14 +769,34 @@ ldt_ss:
+@@ -578,14 +772,34 @@ ldt_ss:
* compensating for the offset by changing to the ESPFIX segment with
* a base address that matches for the difference.
*/
@@ -14744,7 +14800,7 @@ index f3f6f53..0841b66 100644
pushl_cfi $__ESPFIX_SS
pushl_cfi %eax /* new kernel esp */
/* Disable interrupts, but do not irqtrace this section: we
-@@ -614,34 +825,28 @@ work_resched:
+@@ -614,34 +828,28 @@ work_resched:
movl TI_flags(%ebp), %ecx
andl $_TIF_WORK_MASK, %ecx # is there any work to be done other
# than syscall tracing?
@@ -14784,7 +14840,7 @@ index f3f6f53..0841b66 100644
# perform syscall exit tracing
ALIGN
-@@ -649,11 +854,14 @@ syscall_trace_entry:
+@@ -649,11 +857,14 @@ syscall_trace_entry:
movl $-ENOSYS,PT_EAX(%esp)
movl %esp, %eax
call syscall_trace_enter
@@ -14800,7 +14856,7 @@ index f3f6f53..0841b66 100644
# perform syscall exit tracing
ALIGN
-@@ -666,20 +874,24 @@ syscall_exit_work:
+@@ -666,20 +877,24 @@ syscall_exit_work:
movl %esp, %eax
call syscall_trace_leave
jmp resume_userspace
@@ -14828,7 +14884,7 @@ index f3f6f53..0841b66 100644
CFI_ENDPROC
/*
* End of kprobes section
-@@ -753,6 +965,36 @@ ptregs_clone:
+@@ -753,6 +968,36 @@ ptregs_clone:
CFI_ENDPROC
ENDPROC(ptregs_clone)
@@ -14865,7 +14921,7 @@ index f3f6f53..0841b66 100644
.macro FIXUP_ESPFIX_STACK
/*
* Switch back for ESPFIX stack to the normal zerobased stack
-@@ -762,8 +1004,15 @@ ENDPROC(ptregs_clone)
+@@ -762,8 +1007,15 @@ ENDPROC(ptregs_clone)
* normal stack and adjusts ESP with the matching offset.
*/
/* fixup the stack */
@@ -14883,7 +14939,7 @@ index f3f6f53..0841b66 100644
shl $16, %eax
addl %esp, %eax /* the adjusted stack pointer */
pushl_cfi $__KERNEL_DS
-@@ -816,7 +1065,7 @@ vector=vector+1
+@@ -816,7 +1068,7 @@ vector=vector+1
.endr
2: jmp common_interrupt
.endr
@@ -14892,7 +14948,7 @@ index f3f6f53..0841b66 100644
.previous
END(interrupt)
-@@ -864,7 +1113,7 @@ ENTRY(coprocessor_error)
+@@ -864,7 +1116,7 @@ ENTRY(coprocessor_error)
pushl_cfi $do_coprocessor_error
jmp error_code
CFI_ENDPROC
@@ -14901,7 +14957,7 @@ index f3f6f53..0841b66 100644
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
-@@ -885,7 +1134,7 @@ ENTRY(simd_coprocessor_error)
+@@ -885,7 +1137,7 @@ ENTRY(simd_coprocessor_error)
#endif
jmp error_code
CFI_ENDPROC
@@ -14910,7 +14966,7 @@ index f3f6f53..0841b66 100644
ENTRY(device_not_available)
RING0_INT_FRAME
-@@ -893,7 +1142,7 @@ ENTRY(device_not_available)
+@@ -893,7 +1145,7 @@ ENTRY(device_not_available)
pushl_cfi $do_device_not_available
jmp error_code
CFI_ENDPROC
@@ -14919,7 +14975,7 @@ index f3f6f53..0841b66 100644
#ifdef CONFIG_PARAVIRT
ENTRY(native_iret)
-@@ -902,12 +1151,12 @@ ENTRY(native_iret)
+@@ -902,12 +1154,12 @@ ENTRY(native_iret)
.align 4
.long native_iret, iret_exc
.previous
@@ -14934,7 +14990,7 @@ index f3f6f53..0841b66 100644
#endif
ENTRY(overflow)
-@@ -916,7 +1165,7 @@ ENTRY(overflow)
+@@ -916,7 +1168,7 @@ ENTRY(overflow)
pushl_cfi $do_overflow
jmp error_code
CFI_ENDPROC
@@ -14943,7 +14999,7 @@ index f3f6f53..0841b66 100644
ENTRY(bounds)
RING0_INT_FRAME
-@@ -924,7 +1173,7 @@ ENTRY(bounds)
+@@ -924,7 +1176,7 @@ ENTRY(bounds)
pushl_cfi $do_bounds
jmp error_code
CFI_ENDPROC
@@ -14952,7 +15008,7 @@ index f3f6f53..0841b66 100644
ENTRY(invalid_op)
RING0_INT_FRAME
-@@ -932,7 +1181,7 @@ ENTRY(invalid_op)
+@@ -932,7 +1184,7 @@ ENTRY(invalid_op)
pushl_cfi $do_invalid_op
jmp error_code
CFI_ENDPROC
@@ -14961,7 +15017,7 @@ index f3f6f53..0841b66 100644
ENTRY(coprocessor_segment_overrun)
RING0_INT_FRAME
-@@ -940,35 +1189,35 @@ ENTRY(coprocessor_segment_overrun)
+@@ -940,35 +1192,35 @@ ENTRY(coprocessor_segment_overrun)
pushl_cfi $do_coprocessor_segment_overrun
jmp error_code
CFI_ENDPROC
@@ -15002,7 +15058,7 @@ index f3f6f53..0841b66 100644
ENTRY(divide_error)
RING0_INT_FRAME
-@@ -976,7 +1225,7 @@ ENTRY(divide_error)
+@@ -976,7 +1228,7 @@ ENTRY(divide_error)
pushl_cfi $do_divide_error
jmp error_code
CFI_ENDPROC
@@ -15011,7 +15067,7 @@ index f3f6f53..0841b66 100644
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -985,7 +1234,7 @@ ENTRY(machine_check)
+@@ -985,7 +1237,7 @@ ENTRY(machine_check)
pushl_cfi machine_check_vector
jmp error_code
CFI_ENDPROC
@@ -15020,7 +15076,7 @@ index f3f6f53..0841b66 100644
#endif
ENTRY(spurious_interrupt_bug)
-@@ -994,7 +1243,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -994,7 +1246,7 @@ ENTRY(spurious_interrupt_bug)
pushl_cfi $do_spurious_interrupt_bug
jmp error_code
CFI_ENDPROC
@@ -15029,7 +15085,7 @@ index f3f6f53..0841b66 100644
/*
* End of kprobes section
*/
-@@ -1109,7 +1358,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
+@@ -1109,7 +1361,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
ENTRY(mcount)
ret
@@ -15038,7 +15094,7 @@ index f3f6f53..0841b66 100644
ENTRY(ftrace_caller)
cmpl $0, function_trace_stop
-@@ -1138,7 +1387,7 @@ ftrace_graph_call:
+@@ -1138,7 +1390,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
@@ -15047,7 +15103,7 @@ index f3f6f53..0841b66 100644
#else /* ! CONFIG_DYNAMIC_FTRACE */
-@@ -1174,7 +1423,7 @@ trace:
+@@ -1174,7 +1426,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
@@ -15056,7 +15112,7 @@ index f3f6f53..0841b66 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -1195,7 +1444,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1195,7 +1447,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
@@ -15065,7 +15121,7 @@ index f3f6f53..0841b66 100644
.globl return_to_handler
return_to_handler:
-@@ -1209,7 +1458,6 @@ return_to_handler:
+@@ -1209,7 +1461,6 @@ return_to_handler:
jmp *%ecx
#endif
@@ -15073,7 +15129,7 @@ index f3f6f53..0841b66 100644
#include "syscall_table_32.S"
syscall_table_size=(.-sys_call_table)
-@@ -1255,15 +1503,18 @@ error_code:
+@@ -1255,15 +1506,18 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -15094,7 +15150,7 @@ index f3f6f53..0841b66 100644
/*
* Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1305,7 +1556,7 @@ debug_stack_correct:
+@@ -1305,7 +1559,7 @@ debug_stack_correct:
call do_debug
jmp ret_from_exception
CFI_ENDPROC
@@ -15103,7 +15159,7 @@ index f3f6f53..0841b66 100644
/*
* NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1342,6 +1593,9 @@ nmi_stack_correct:
+@@ -1342,6 +1596,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_nmi
@@ -15113,7 +15169,7 @@ index f3f6f53..0841b66 100644
jmp restore_all_notrace
CFI_ENDPROC
-@@ -1378,12 +1632,15 @@ nmi_espfix_stack:
+@@ -1378,12 +1635,15 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx,%edx # zero error code
call do_nmi
@@ -15130,7 +15186,7 @@ index f3f6f53..0841b66 100644
ENTRY(int3)
RING0_INT_FRAME
-@@ -1395,14 +1652,14 @@ ENTRY(int3)
+@@ -1395,14 +1655,14 @@ ENTRY(int3)
call do_int3
jmp ret_from_exception
CFI_ENDPROC
@@ -15147,7 +15203,7 @@ index f3f6f53..0841b66 100644
#ifdef CONFIG_KVM_GUEST
ENTRY(async_page_fault)
-@@ -1410,7 +1667,7 @@ ENTRY(async_page_fault)
+@@ -1410,7 +1670,7 @@ ENTRY(async_page_fault)
pushl_cfi $do_async_page_fault
jmp error_code
CFI_ENDPROC
@@ -35741,7 +35797,7 @@ index bea8524..c677c06 100644
struct brcms_phy {
struct brcms_phy_pub pubpi_ro;
diff --git a/drivers/net/wireless/iwlegacy/iwl3945-base.c b/drivers/net/wireless/iwlegacy/iwl3945-base.c
-index 05f2ad1..ae00eea 100644
+index b3d9f3f..9931f58 100644
--- a/drivers/net/wireless/iwlegacy/iwl3945-base.c
+++ b/drivers/net/wireless/iwlegacy/iwl3945-base.c
@@ -3685,7 +3685,9 @@ static int iwl3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *e
@@ -42144,7 +42200,7 @@ index a6395bd..f1e376a 100644
(unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
#ifdef __alpha__
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 6ff96c6..b5fb43a 100644
+index 6ff96c6..64d2dec 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -32,6 +32,7 @@
@@ -42778,19 +42834,7 @@ index 6ff96c6..b5fb43a 100644
/* set_brk can never work. Avoid overflows. */
send_sig(SIGKILL, current, 0);
retval = -EINVAL;
-@@ -870,6 +1328,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
- start_data += load_bias;
- end_data += load_bias;
-
-+#ifdef CONFIG_PAX_RANDMMAP
-+ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
-+ elf_brk += PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
-+#endif
-+
- /* Calling set_brk effectively mmaps the pages that we need
- * for the bss and break sections. We must do this before
- * mapping in the interpreter, to make sure it doesn't wind
-@@ -881,9 +1344,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -881,11 +1339,35 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
goto out_free_dentry;
}
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
@@ -42804,8 +42848,32 @@ index 6ff96c6..b5fb43a 100644
+ */
}
++#ifdef CONFIG_PAX_RANDMMAP
++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
++ unsigned long start, size;
++
++ start = ELF_PAGEALIGN(elf_brk);
++ size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
++ down_write(¤t->mm->mmap_sem);
++ retval = -ENOMEM;
++ if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) {
++ start = do_mmap(NULL, start, size, PROT_NONE, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0);
++ retval = IS_ERR_VALUE(start) ? start : 0;
++ }
++ up_write(¤t->mm->mmap_sem);
++ if (retval == 0)
++ retval = set_brk(start + size, start + size + PAGE_SIZE);
++ if (retval < 0) {
++ send_sig(SIGKILL, current, 0);
++ goto out_free_dentry;
++ }
++ }
++#endif
++
if (elf_interpreter) {
-@@ -1098,7 +1563,7 @@ out:
+ unsigned long uninitialized_var(interp_map_addr);
+
+@@ -1098,7 +1580,7 @@ out:
* Decide what to dump of a segment, part, all or none.
*/
static unsigned long vma_dump_size(struct vm_area_struct *vma,
@@ -42814,7 +42882,7 @@ index 6ff96c6..b5fb43a 100644
{
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
-@@ -1132,7 +1597,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+@@ -1132,7 +1614,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
if (vma->vm_file == NULL)
return 0;
@@ -42823,7 +42891,7 @@ index 6ff96c6..b5fb43a 100644
goto whole;
/*
-@@ -1354,9 +1819,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
+@@ -1354,9 +1836,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
{
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
int i = 0;
@@ -42835,7 +42903,7 @@ index 6ff96c6..b5fb43a 100644
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
}
-@@ -1862,14 +2327,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
+@@ -1862,14 +2344,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
}
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
@@ -42852,7 +42920,7 @@ index 6ff96c6..b5fb43a 100644
return size;
}
-@@ -1963,7 +2428,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1963,7 +2445,7 @@ static int elf_core_dump(struct coredump_params *cprm)
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
@@ -42861,7 +42929,7 @@ index 6ff96c6..b5fb43a 100644
offset += elf_core_extra_data_size();
e_shoff = offset;
-@@ -1977,10 +2442,12 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1977,10 +2459,12 @@ static int elf_core_dump(struct coredump_params *cprm)
offset = dataoff;
size += sizeof(*elf);
@@ -42874,7 +42942,7 @@ index 6ff96c6..b5fb43a 100644
if (size > cprm->limit
|| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
goto end_coredump;
-@@ -1994,7 +2461,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1994,7 +2478,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_offset = offset;
phdr.p_vaddr = vma->vm_start;
phdr.p_paddr = 0;
@@ -42883,7 +42951,7 @@ index 6ff96c6..b5fb43a 100644
phdr.p_memsz = vma->vm_end - vma->vm_start;
offset += phdr.p_filesz;
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
-@@ -2005,6 +2472,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2005,6 +2489,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_align = ELF_EXEC_PAGESIZE;
size += sizeof(phdr);
@@ -42891,7 +42959,7 @@ index 6ff96c6..b5fb43a 100644
if (size > cprm->limit
|| !dump_write(cprm->file, &phdr, sizeof(phdr)))
goto end_coredump;
-@@ -2029,7 +2497,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2029,7 +2514,7 @@ static int elf_core_dump(struct coredump_params *cprm)
unsigned long addr;
unsigned long end;
@@ -42900,7 +42968,7 @@ index 6ff96c6..b5fb43a 100644
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
struct page *page;
-@@ -2038,6 +2506,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2038,6 +2523,7 @@ static int elf_core_dump(struct coredump_params *cprm)
page = get_dump_page(addr);
if (page) {
void *kaddr = kmap(page);
@@ -42908,7 +42976,7 @@ index 6ff96c6..b5fb43a 100644
stop = ((size += PAGE_SIZE) > cprm->limit) ||
!dump_write(cprm->file, kaddr,
PAGE_SIZE);
-@@ -2055,6 +2524,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2055,6 +2541,7 @@ static int elf_core_dump(struct coredump_params *cprm)
if (e_phnum == PN_XNUM) {
size += sizeof(*shdr4extnum);
@@ -42916,7 +42984,7 @@ index 6ff96c6..b5fb43a 100644
if (size > cprm->limit
|| !dump_write(cprm->file, shdr4extnum,
sizeof(*shdr4extnum)))
-@@ -2075,6 +2545,97 @@ out:
+@@ -2075,6 +2562,97 @@ out:
#endif /* CONFIG_ELF_CORE */
@@ -43051,9 +43119,18 @@ index 1bffbe0..c8c283e 100644
goto err;
}
diff --git a/fs/bio.c b/fs/bio.c
-index b1fe82c..84da0a9 100644
+index b1fe82c..08e2e2e 100644
--- a/fs/bio.c
+++ b/fs/bio.c
+@@ -837,7 +837,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
+ /*
+ * Overflow, abort
+ */
+- if (end < start)
++ if (end < start || end - start > INT_MAX - nr_pages)
+ return ERR_PTR(-EINVAL);
+
+ nr_pages += end - start;
@@ -1233,7 +1233,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err)
const int read = bio_data_dir(bio) == READ;
struct bio_map_data *bmd = bio->bi_private;
@@ -43896,9 +43973,25 @@ index 9a37a9b..35792b6 100644
/*
* We'll have a dentry and an inode for
diff --git a/fs/dcache.c b/fs/dcache.c
-index f7908ae..920a680 100644
+index f7908ae..f0c2af2 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
+@@ -103,11 +103,11 @@ static unsigned int d_hash_shift __read_mostly;
+
+ static struct hlist_bl_head *dentry_hashtable __read_mostly;
+
+-static inline struct hlist_bl_head *d_hash(struct dentry *parent,
+- unsigned long hash)
++static inline struct hlist_bl_head *d_hash(const struct dentry *parent,
++ unsigned int hash)
+ {
+- hash += ((unsigned long) parent ^ GOLDEN_RATIO_PRIME) / L1_CACHE_BYTES;
+- hash = hash ^ ((hash ^ GOLDEN_RATIO_PRIME) >> D_HASHBITS);
++ hash += (unsigned long) parent / L1_CACHE_BYTES;
++ hash = hash + (hash >> D_HASHBITS);
+ return dentry_hashtable + (hash & D_HASHMASK);
+ }
+
@@ -3042,7 +3042,7 @@ void __init vfs_caches_init(unsigned long mempages)
mempages -= reserve;
@@ -47427,7 +47520,7 @@ index 7a2e442..8e544cc 100644
if (host_err < 0)
diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c
-index d327140..501b7f8 100644
+index 35a8970..501b7f8 100644
--- a/fs/nilfs2/the_nilfs.c
+++ b/fs/nilfs2/the_nilfs.c
@@ -409,6 +409,12 @@ static int nilfs_store_disk_layout(struct the_nilfs *nilfs,
@@ -47443,14 +47536,6 @@ index d327140..501b7f8 100644
nilfs_set_nsegments(nilfs, le64_to_cpu(sbp->s_nsegments));
nilfs->ns_crc_seed = le32_to_cpu(sbp->s_crc_seed);
return 0;
-@@ -515,6 +521,7 @@ static int nilfs_load_super_block(struct the_nilfs *nilfs,
- brelse(sbh[1]);
- sbh[1] = NULL;
- sbp[1] = NULL;
-+ valid[1] = 0;
- swp = 0;
- }
- if (!valid[swp]) {
diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
index 9fde1c0..14e8827 100644
--- a/fs/notify/fanotify/fanotify_user.c
@@ -63112,7 +63197,7 @@ index 643b96c..ef55a9c 100644
struct ctl_table_header;
struct ctl_table;
diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
-index 800f113..e9ee2e3 100644
+index 800f113..12c82ec 100644
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
@@ -129,10 +129,12 @@ extern void __ptrace_unlink(struct task_struct *child);
@@ -63130,6 +63215,19 @@ index 800f113..e9ee2e3 100644
static inline int ptrace_reparented(struct task_struct *child)
{
+@@ -197,9 +199,10 @@ static inline void ptrace_event(int event, unsigned long message)
+ if (unlikely(ptrace_event_enabled(current, event))) {
+ current->ptrace_message = message;
+ ptrace_notify((event << 8) | SIGTRAP);
+- } else if (event == PTRACE_EVENT_EXEC && unlikely(current->ptrace)) {
++ } else if (event == PTRACE_EVENT_EXEC) {
+ /* legacy EXEC report via SIGTRAP */
+- send_sig(SIGTRAP, current, 0);
++ if ((current->ptrace & (PT_PTRACED|PT_SEIZED)) == PT_PTRACED)
++ send_sig(SIGTRAP, current, 0);
+ }
+ }
+
diff --git a/include/linux/random.h b/include/linux/random.h
index 8f74538..02a1012 100644
--- a/include/linux/random.h
@@ -68418,6 +68516,19 @@ index 636af6d..8af70ab 100644
{
__rcu_process_callbacks(&rcu_sched_ctrlblk);
__rcu_process_callbacks(&rcu_bh_ctrlblk);
+diff --git a/kernel/rcutiny_plugin.h b/kernel/rcutiny_plugin.h
+index 2b0484a..07955ab 100644
+--- a/kernel/rcutiny_plugin.h
++++ b/kernel/rcutiny_plugin.h
+@@ -907,7 +907,7 @@ static int rcu_kthread(void *arg)
+ have_rcu_kthread_work = morework;
+ local_irq_restore(flags);
+ if (work)
+- rcu_process_callbacks(NULL);
++ rcu_process_callbacks();
+ schedule_timeout_interruptible(1); /* Leave CPU for others. */
+ }
+
diff --git a/kernel/rcutorture.c b/kernel/rcutorture.c
index 764825c..3aa6ac4 100644
--- a/kernel/rcutorture.c
@@ -76058,62 +76169,8 @@ index 94cdbc5..0cb0063 100644
if (peer->tcp_ts_stamp) {
ts = peer->tcp_ts;
tsage = get_seconds() - peer->tcp_ts_stamp;
-diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
-index 90f6544..769c0e9 100644
---- a/net/ipv4/syncookies.c
-+++ b/net/ipv4/syncookies.c
-@@ -278,6 +278,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
- struct rtable *rt;
- __u8 rcv_wscale;
- bool ecn_ok = false;
-+ struct flowi4 fl4;
-
- if (!sysctl_tcp_syncookies || !th->ack || th->rst)
- goto out;
-@@ -346,20 +347,16 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
- * hasn't changed since we received the original syn, but I see
- * no easy way to do this.
- */
-- {
-- struct flowi4 fl4;
--
-- flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
-- RT_SCOPE_UNIVERSE, IPPROTO_TCP,
-- inet_sk_flowi_flags(sk),
-- (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
-- ireq->loc_addr, th->source, th->dest);
-- security_req_classify_flow(req, flowi4_to_flowi(&fl4));
-- rt = ip_route_output_key(sock_net(sk), &fl4);
-- if (IS_ERR(rt)) {
-- reqsk_free(req);
-- goto out;
-- }
-+ flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
-+ RT_SCOPE_UNIVERSE, IPPROTO_TCP,
-+ inet_sk_flowi_flags(sk),
-+ (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
-+ ireq->loc_addr, th->source, th->dest);
-+ security_req_classify_flow(req, flowi4_to_flowi(&fl4));
-+ rt = ip_route_output_key(sock_net(sk), &fl4);
-+ if (IS_ERR(rt)) {
-+ reqsk_free(req);
-+ goto out;
- }
-
- /* Try to redo what tcp_v4_send_synack did. */
-@@ -373,5 +370,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
- ireq->rcv_wscale = rcv_wscale;
-
- ret = get_cookie_sock(sk, skb, req, &rt->dst);
-+ /* ip_queue_xmit() depends on our flow being setup
-+ * Normal sockets get it right from inet_csk_route_child_sock()
-+ */
-+ if (ret)
-+ inet_sk(ret)->cork.fl.u.ip4 = fl4;
- out: return ret;
- }
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
-index eb90aa8..74908e1 100644
+index de69cec..74908e1 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -87,6 +87,9 @@ int sysctl_tcp_tw_reuse __read_mostly;
@@ -76126,24 +76183,7 @@ index eb90aa8..74908e1 100644
#ifdef CONFIG_TCP_MD5SIG
static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk,
-@@ -1465,9 +1468,13 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
- inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
- newinet->inet_id = newtp->write_seq ^ jiffies;
-
-- if (!dst && (dst = inet_csk_route_child_sock(sk, newsk, req)) == NULL)
-- goto put_and_exit;
--
-+ if (!dst) {
-+ dst = inet_csk_route_child_sock(sk, newsk, req);
-+ if (!dst)
-+ goto put_and_exit;
-+ } else {
-+ /* syncookie case : see end of cookie_v4_check() */
-+ }
- sk_setup_caps(newsk, dst);
-
- tcp_mtup_init(newsk);
-@@ -1632,6 +1639,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -1636,6 +1639,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
return 0;
reset:
@@ -76153,7 +76193,7 @@ index eb90aa8..74908e1 100644
tcp_v4_send_reset(rsk, skb);
discard:
kfree_skb(skb);
-@@ -1694,12 +1704,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
+@@ -1698,12 +1704,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
TCP_SKB_CB(skb)->sacked = 0;
sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
@@ -76176,7 +76216,7 @@ index eb90aa8..74908e1 100644
if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
-@@ -1749,6 +1766,10 @@ no_tcp_socket:
+@@ -1753,6 +1766,10 @@ no_tcp_socket:
bad_packet:
TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
} else {
@@ -76187,7 +76227,7 @@ index eb90aa8..74908e1 100644
tcp_v4_send_reset(NULL, skb);
}
-@@ -2409,7 +2430,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req,
+@@ -2413,7 +2430,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req,
0, /* non standard timer */
0, /* open_requests have no inode */
atomic_read(&sk->sk_refcnt),
@@ -76199,7 +76239,7 @@ index eb90aa8..74908e1 100644
len);
}
-@@ -2459,7 +2484,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
+@@ -2463,7 +2484,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
sock_i_uid(sk),
icsk->icsk_probes_out,
sock_i_ino(sk),
@@ -76213,7 +76253,7 @@ index eb90aa8..74908e1 100644
jiffies_to_clock_t(icsk->icsk_rto),
jiffies_to_clock_t(icsk->icsk_ack.ato),
(icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
-@@ -2487,7 +2517,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw,
+@@ -2491,7 +2517,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw,
" %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK%n",
i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
diff --git a/3.2.12/4430_grsec-remove-localversion-grsec.patch b/3.2.13/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
copy from 3.2.12/4430_grsec-remove-localversion-grsec.patch
copy to 3.2.13/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.2.12/4435_grsec-mute-warnings.patch b/3.2.13/4435_grsec-mute-warnings.patch
similarity index 100%
copy from 3.2.12/4435_grsec-mute-warnings.patch
copy to 3.2.13/4435_grsec-mute-warnings.patch
diff --git a/3.2.12/4440_grsec-remove-protected-paths.patch b/3.2.13/4440_grsec-remove-protected-paths.patch
similarity index 100%
copy from 3.2.12/4440_grsec-remove-protected-paths.patch
copy to 3.2.13/4440_grsec-remove-protected-paths.patch
diff --git a/3.2.12/4445_grsec-pax-without-grsec.patch b/3.2.13/4445_grsec-pax-without-grsec.patch
similarity index 100%
copy from 3.2.12/4445_grsec-pax-without-grsec.patch
copy to 3.2.13/4445_grsec-pax-without-grsec.patch
diff --git a/3.2.12/4450_grsec-kconfig-default-gids.patch b/3.2.13/4450_grsec-kconfig-default-gids.patch
similarity index 100%
copy from 3.2.12/4450_grsec-kconfig-default-gids.patch
copy to 3.2.13/4450_grsec-kconfig-default-gids.patch
diff --git a/3.2.12/4455_grsec-kconfig-gentoo.patch b/3.2.13/4455_grsec-kconfig-gentoo.patch
similarity index 100%
copy from 3.2.12/4455_grsec-kconfig-gentoo.patch
copy to 3.2.13/4455_grsec-kconfig-gentoo.patch
diff --git a/3.2.12/4460-grsec-kconfig-proc-user.patch b/3.2.13/4460-grsec-kconfig-proc-user.patch
similarity index 100%
copy from 3.2.12/4460-grsec-kconfig-proc-user.patch
copy to 3.2.13/4460-grsec-kconfig-proc-user.patch
diff --git a/3.2.12/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.13/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 100%
copy from 3.2.12/4465_selinux-avc_audit-log-curr_ip.patch
copy to 3.2.13/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.2.12/4470_disable-compat_vdso.patch b/3.2.13/4470_disable-compat_vdso.patch
similarity index 100%
copy from 3.2.12/4470_disable-compat_vdso.patch
copy to 3.2.13/4470_disable-compat_vdso.patch
diff --git a/3.2.12/0000_README b/3.3.0/0000_README
similarity index 97%
rename from 3.2.12/0000_README
rename to 3.3.0/0000_README
index ff7242f..a7990bb 100644
--- a/3.2.12/0000_README
+++ b/3.3.0/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-2.9-3.2.12-201203221944.patch
+Patch: 4420_grsecurity-2.9-3.3.0-201203251922.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.12/4420_grsecurity-2.9-3.2.12-201203221944.patch b/3.3.0/4420_grsecurity-2.9-3.3.0-201203251922.patch
similarity index 88%
rename from 3.2.12/4420_grsecurity-2.9-3.2.12-201203221944.patch
rename to 3.3.0/4420_grsecurity-2.9-3.3.0-201203251922.patch
index 94d7e91..9b345e8 100644
--- a/3.2.12/4420_grsecurity-2.9-3.2.12-201203221944.patch
+++ b/3.3.0/4420_grsecurity-2.9-3.3.0-201203251922.patch
@@ -1,12 +1,8 @@
diff --git a/Documentation/dontdiff b/Documentation/dontdiff
-index dfa6fc6..df93044 100644
+index 0c083c5..9c2512a 100644
--- a/Documentation/dontdiff
+++ b/Documentation/dontdiff
-@@ -2,9 +2,11 @@
- *.aux
- *.bin
- *.bz2
-+*.c.[012]*.*
+@@ -5,6 +5,7 @@
*.cis
*.cpio
*.csp
@@ -14,7 +10,7 @@ index dfa6fc6..df93044 100644
*.dsp
*.dvi
*.elf
-@@ -14,6 +16,7 @@
+@@ -14,6 +15,7 @@
*.gcov
*.gen.S
*.gif
@@ -22,7 +18,7 @@ index dfa6fc6..df93044 100644
*.grep
*.grp
*.gz
-@@ -48,9 +51,11 @@
+@@ -48,9 +50,11 @@
*.tab.h
*.tex
*.ver
@@ -34,7 +30,7 @@ index dfa6fc6..df93044 100644
*_vga16.c
*~
\#*#
-@@ -70,6 +75,7 @@ Kerntypes
+@@ -69,6 +73,7 @@ Image
Module.markers
Module.symvers
PENDING
@@ -42,7 +38,7 @@ index dfa6fc6..df93044 100644
SCCS
System.map*
TAGS
-@@ -93,19 +99,24 @@ bounds.h
+@@ -92,19 +97,24 @@ bounds.h
bsetup
btfixupprep
build
@@ -67,7 +63,7 @@ index dfa6fc6..df93044 100644
conmakehash
consolemap_deftbl.c*
cpustr.h
-@@ -116,9 +127,11 @@ devlist.h*
+@@ -115,9 +125,11 @@ devlist.h*
dnotify_test
docproc
dslm
@@ -79,7 +75,7 @@ index dfa6fc6..df93044 100644
fixdep
flask.h
fore200e_mkfirm
-@@ -126,12 +139,15 @@ fore200e_pca_fw.c*
+@@ -125,12 +137,15 @@ fore200e_pca_fw.c*
gconf
gconf.glade.h
gen-devlist
@@ -95,7 +91,7 @@ index dfa6fc6..df93044 100644
hpet_example
hugepage-mmap
hugepage-shm
-@@ -146,7 +162,7 @@ int32.c
+@@ -145,7 +160,7 @@ int32.c
int4.c
int8.c
kallsyms
@@ -104,7 +100,7 @@ index dfa6fc6..df93044 100644
keywords.c
ksym.c*
ksym.h*
-@@ -154,7 +170,7 @@ kxgettext
+@@ -153,7 +168,7 @@ kxgettext
lkc_defs.h
lex.c
lex.*.c
@@ -113,7 +109,7 @@ index dfa6fc6..df93044 100644
logo_*.c
logo_*_clut224.c
logo_*_mono.c
-@@ -166,14 +182,15 @@ machtypes.h
+@@ -165,14 +180,15 @@ machtypes.h
map
map_hugetlb
maui_boot.h
@@ -130,7 +126,7 @@ index dfa6fc6..df93044 100644
mkprep
mkregtable
mktables
-@@ -209,6 +226,7 @@ r300_reg_safe.h
+@@ -208,6 +224,7 @@ r300_reg_safe.h
r420_reg_safe.h
r600_reg_safe.h
recordmcount
@@ -138,7 +134,7 @@ index dfa6fc6..df93044 100644
relocs
rlim_names.h
rn50_reg_safe.h
-@@ -219,6 +237,7 @@ setup
+@@ -218,6 +235,7 @@ setup
setup.bin
setup.elf
sImage
@@ -146,7 +142,7 @@ index dfa6fc6..df93044 100644
sm_tbl*
split-include
syscalltab.h
-@@ -229,6 +248,7 @@ tftpboot.img
+@@ -228,6 +246,7 @@ tftpboot.img
timeconst.h
times.h*
trix_boot.h
@@ -154,7 +150,7 @@ index dfa6fc6..df93044 100644
utsrelease.h*
vdso-syms.lds
vdso.lds
-@@ -246,7 +266,9 @@ vmlinux
+@@ -245,7 +264,9 @@ vmlinux
vmlinux-*
vmlinux.aout
vmlinux.bin.all
@@ -164,7 +160,7 @@ index dfa6fc6..df93044 100644
vmlinuz
voffset.h
vsyscall.lds
-@@ -254,9 +276,11 @@ vsyscall_32.lds
+@@ -253,9 +274,11 @@ vsyscall_32.lds
wanxlfw.inc
uImage
unifdef
@@ -177,10 +173,10 @@ index dfa6fc6..df93044 100644
+zconf.lex.c
zoffset.h
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
-index 81c287f..d456d02 100644
+index d99fd9c..8689fef 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
-@@ -1935,6 +1935,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -1977,6 +1977,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
the specified number of seconds. This is to be used if
your oopses keep scrolling off the screen.
@@ -195,7 +191,7 @@ index 81c287f..d456d02 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 15e80f1..4fb87db 100644
+index 1932984..0204e68 100644
--- a/Makefile
+++ b/Makefile
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -221,7 +217,7 @@ index 15e80f1..4fb87db 100644
$(Q)$(MAKE) $(build)=scripts/basic
$(Q)rm -f .tmp_quiet_recordmcount
-@@ -564,6 +565,53 @@ else
+@@ -564,6 +565,50 @@ else
KBUILD_CFLAGS += -O2
endif
@@ -248,13 +244,10 @@ index 15e80f1..4fb87db 100644
+endif
+endif
+COLORIZE_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/colorize_plugin.so
-+ifdef CONFIG_PAX_SIZE_OVERFLOW
-+SIZE_OVERFLOW_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/size_overflow_plugin.so -DSIZE_OVERFLOW_PLUGIN
-+endif
+GCC_PLUGINS_CFLAGS := $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CFLAGS) $(KALLOCSTAT_PLUGIN_CFLAGS)
-+GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) $(SIZE_OVERFLOW_PLUGIN_CFLAGS)
++GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS)
+GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS)
-+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN SIZE_OVERFLOW_PLUGIN
++export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN
+ifeq ($(KBUILD_EXTMOD),)
+gcc-plugins:
+ $(Q)$(MAKE) $(build)=tools/gcc
@@ -275,7 +268,7 @@ index 15e80f1..4fb87db 100644
include $(srctree)/arch/$(SRCARCH)/Makefile
ifneq ($(CONFIG_FRAME_WARN),0)
-@@ -708,7 +756,7 @@ export mod_strip_cmd
+@@ -708,7 +753,7 @@ export mod_strip_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -284,7 +277,7 @@ index 15e80f1..4fb87db 100644
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -932,6 +980,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
+@@ -932,6 +977,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
# The actual objects are generated when descending,
# make sure no implicit rule kicks in
@@ -293,7 +286,7 @@ index 15e80f1..4fb87db 100644
$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
# Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -941,7 +991,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
+@@ -941,7 +988,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
@@ -302,7 +295,7 @@ index 15e80f1..4fb87db 100644
$(Q)$(MAKE) $(build)=$@
# Store (new) KERNELRELASE string in include/config/kernel.release
-@@ -985,6 +1035,7 @@ prepare0: archprepare FORCE
+@@ -985,6 +1032,7 @@ prepare0: archprepare FORCE
$(Q)$(MAKE) $(build)=.
# All the preparing..
@@ -310,7 +303,7 @@ index 15e80f1..4fb87db 100644
prepare: prepare0
# Generate some files
-@@ -1086,6 +1137,8 @@ all: modules
+@@ -1089,6 +1137,8 @@ all: modules
# using awk while concatenating to the final file.
PHONY += modules
@@ -319,7 +312,7 @@ index 15e80f1..4fb87db 100644
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
@$(kecho) ' Building modules, stage 2.';
-@@ -1101,7 +1154,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
+@@ -1104,7 +1154,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
# Target to prepare building external modules
PHONY += modules_prepare
@@ -328,7 +321,7 @@ index 15e80f1..4fb87db 100644
# Target to install modules
PHONY += modules_install
-@@ -1198,6 +1251,7 @@ distclean: mrproper
+@@ -1201,6 +1251,7 @@ distclean: mrproper
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
-o -name '.*.rej' \
@@ -336,7 +329,7 @@ index 15e80f1..4fb87db 100644
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1358,6 +1412,8 @@ PHONY += $(module-dirs) modules
+@@ -1361,6 +1412,8 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -345,7 +338,7 @@ index 15e80f1..4fb87db 100644
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1484,17 +1540,21 @@ else
+@@ -1487,17 +1540,21 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -371,7 +364,7 @@ index 15e80f1..4fb87db 100644
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1504,11 +1564,15 @@ endif
+@@ -1507,11 +1564,15 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
@@ -685,7 +678,7 @@ index fadd5f8..904e73a 100644
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
-index 86976d0..683de93 100644
+index 86976d0..8e07f84 100644
--- a/arch/arm/include/asm/atomic.h
+++ b/arch/arm/include/asm/atomic.h
@@ -15,6 +15,10 @@
@@ -887,7 +880,35 @@ index 86976d0..683de93 100644
static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr)
{
unsigned long tmp, tmp2;
-@@ -207,6 +349,10 @@ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr)
+@@ -165,7 +307,9 @@ static inline int atomic_add_return(int i, atomic_t *v)
+
+ return val;
+ }
++#define atomic_add_return_unchecked(i, v) atomic_add_return(i, v)
+ #define atomic_add(i, v) (void) atomic_add_return(i, v)
++#define atomic_add_unchecked(i, v) (void) atomic_add_return_unchecked(i, v)
+
+ static inline int atomic_sub_return(int i, atomic_t *v)
+ {
+@@ -179,7 +323,9 @@ static inline int atomic_sub_return(int i, atomic_t *v)
+
+ return val;
+ }
++#define atomic_sub_return_unchecked(i, v) atomic_sub_return(i, v)
+ #define atomic_sub(i, v) (void) atomic_sub_return(i, v)
++#define atomic_sub_unchecked(i, v) (void) atomic_sub_return_unchecked(i, v)
+
+ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
+ {
+@@ -194,6 +340,7 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
+
+ return ret;
+ }
++#define atomic_cmpxchg_unchecked(v, o, n) atomic_cmpxchg(v, o, n)
+
+ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr)
+ {
+@@ -207,6 +354,10 @@ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr)
#endif /* __LINUX_ARM_ARCH__ */
#define atomic_xchg(v, new) (xchg(&((v)->counter), new))
@@ -898,7 +919,7 @@ index 86976d0..683de93 100644
static inline int __atomic_add_unless(atomic_t *v, int a, int u)
{
-@@ -219,11 +365,27 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
+@@ -219,11 +370,27 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u)
}
#define atomic_inc(v) atomic_add(1, v)
@@ -926,7 +947,7 @@ index 86976d0..683de93 100644
#define atomic_dec_return(v) (atomic_sub_return(1, v))
#define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0)
-@@ -239,6 +401,14 @@ typedef struct {
+@@ -239,6 +406,14 @@ typedef struct {
u64 __aligned(8) counter;
} atomic64_t;
@@ -941,7 +962,7 @@ index 86976d0..683de93 100644
#define ATOMIC64_INIT(i) { (i) }
static inline u64 atomic64_read(atomic64_t *v)
-@@ -254,6 +424,19 @@ static inline u64 atomic64_read(atomic64_t *v)
+@@ -254,6 +429,19 @@ static inline u64 atomic64_read(atomic64_t *v)
return result;
}
@@ -961,7 +982,7 @@ index 86976d0..683de93 100644
static inline void atomic64_set(atomic64_t *v, u64 i)
{
u64 tmp;
-@@ -268,6 +451,20 @@ static inline void atomic64_set(atomic64_t *v, u64 i)
+@@ -268,6 +456,20 @@ static inline void atomic64_set(atomic64_t *v, u64 i)
: "cc");
}
@@ -982,7 +1003,7 @@ index 86976d0..683de93 100644
static inline void atomic64_add(u64 i, atomic64_t *v)
{
u64 result;
-@@ -276,6 +473,36 @@ static inline void atomic64_add(u64 i, atomic64_t *v)
+@@ -276,6 +478,36 @@ static inline void atomic64_add(u64 i, atomic64_t *v)
__asm__ __volatile__("@ atomic64_add\n"
"1: ldrexd %0, %H0, [%3]\n"
" adds %0, %0, %4\n"
@@ -1019,7 +1040,7 @@ index 86976d0..683de93 100644
" adc %H0, %H0, %H4\n"
" strexd %1, %0, %H0, [%3]\n"
" teq %1, #0\n"
-@@ -287,12 +514,49 @@ static inline void atomic64_add(u64 i, atomic64_t *v)
+@@ -287,12 +519,49 @@ static inline void atomic64_add(u64 i, atomic64_t *v)
static inline u64 atomic64_add_return(u64 i, atomic64_t *v)
{
@@ -1071,7 +1092,7 @@ index 86976d0..683de93 100644
"1: ldrexd %0, %H0, [%3]\n"
" adds %0, %0, %4\n"
" adc %H0, %H0, %H4\n"
-@@ -316,6 +580,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
+@@ -316,6 +585,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
__asm__ __volatile__("@ atomic64_sub\n"
"1: ldrexd %0, %H0, [%3]\n"
" subs %0, %0, %4\n"
@@ -1108,7 +1129,7 @@ index 86976d0..683de93 100644
" sbc %H0, %H0, %H4\n"
" strexd %1, %0, %H0, [%3]\n"
" teq %1, #0\n"
-@@ -327,18 +621,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
+@@ -327,18 +626,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
static inline u64 atomic64_sub_return(u64 i, atomic64_t *v)
{
@@ -1146,7 +1167,7 @@ index 86976d0..683de93 100644
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter), "r" (i)
: "cc");
-@@ -372,6 +680,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new)
+@@ -372,6 +685,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new)
return oldval;
}
@@ -1177,7 +1198,7 @@ index 86976d0..683de93 100644
static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new)
{
u64 result;
-@@ -395,21 +727,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new)
+@@ -395,21 +732,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new)
static inline u64 atomic64_dec_if_positive(atomic64_t *v)
{
@@ -1219,7 +1240,7 @@ index 86976d0..683de93 100644
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter)
: "cc");
-@@ -432,13 +777,25 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u)
+@@ -432,13 +782,25 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u)
" teq %0, %5\n"
" teqeq %H0, %H5\n"
" moveq %1, #0\n"
@@ -1247,7 +1268,7 @@ index 86976d0..683de93 100644
: "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter), "r" (u), "r" (a)
: "cc");
-@@ -451,10 +808,13 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u)
+@@ -451,10 +813,13 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u)
#define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0)
#define atomic64_inc(v) atomic64_add(1LL, (v))
@@ -1347,7 +1368,7 @@ index 53426c6..c7baff3 100644
#ifdef CONFIG_OUTER_CACHE
diff --git a/arch/arm/include/asm/page.h b/arch/arm/include/asm/page.h
-index ca94653..6ac0d56 100644
+index 97b440c..b7ff179 100644
--- a/arch/arm/include/asm/page.h
+++ b/arch/arm/include/asm/page.h
@@ -123,7 +123,7 @@ struct cpu_user_fns {
@@ -1360,10 +1381,10 @@ index ca94653..6ac0d56 100644
#ifdef MULTI_USER
extern struct cpu_user_fns cpu_user;
diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h
-index 984014b..a6d914f 100644
+index e4c96cc..1145653 100644
--- a/arch/arm/include/asm/system.h
+++ b/arch/arm/include/asm/system.h
-@@ -90,6 +90,8 @@ void hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int,
+@@ -98,6 +98,8 @@ void hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int,
#define xchg(ptr,x) \
((__typeof__(*(ptr)))__xchg((unsigned long)(x),(ptr),sizeof(*(ptr))))
@@ -1372,16 +1393,7 @@ index 984014b..a6d914f 100644
extern asmlinkage void c_backtrace(unsigned long fp, int pmode);
-@@ -101,7 +103,7 @@ extern int __pure cpu_architecture(void);
- extern void cpu_init(void);
-
- void arm_machine_restart(char mode, const char *cmd);
--extern void (*arm_pm_restart)(char str, const char *cmd);
-+extern void (*arm_pm_restart)(char str, const char *cmd) __noreturn;
-
- #define UDBG_UNDEFINED (1 << 0)
- #define UDBG_SYSCALL (1 << 1)
-@@ -526,6 +528,13 @@ static inline unsigned long long __cmpxchg64_mb(volatile void *ptr,
+@@ -534,6 +536,13 @@ static inline unsigned long long __cmpxchg64_mb(volatile void *ptr,
#endif /* __LINUX_ARM_ARCH__ >= 6 */
@@ -1396,7 +1408,7 @@ index 984014b..a6d914f 100644
#define arch_align_stack(x) (x)
diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
-index b293616..96310e5 100644
+index 2958976..12ccac4 100644
--- a/arch/arm/include/asm/uaccess.h
+++ b/arch/arm/include/asm/uaccess.h
@@ -22,6 +22,8 @@
@@ -1470,7 +1482,7 @@ index 5b0bce6..becd81c 100644
EXPORT_SYMBOL(__get_user_1);
diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
-index 3d0c6fb..9d326fa 100644
+index 971d65c..cc936fb 100644
--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
@@ -28,7 +28,6 @@
@@ -1481,33 +1493,19 @@ index 3d0c6fb..9d326fa 100644
#include <linux/hw_breakpoint.h>
#include <linux/cpuidle.h>
-@@ -92,7 +91,7 @@ static int __init hlt_setup(char *__unused)
- __setup("nohlt", nohlt_setup);
- __setup("hlt", hlt_setup);
-
--void arm_machine_restart(char mode, const char *cmd)
-+__noreturn void arm_machine_restart(char mode, const char *cmd)
- {
- /* Disable interrupts first */
- local_irq_disable();
-@@ -134,7 +133,7 @@ void arm_machine_restart(char mode, const char *cmd)
- void (*pm_power_off)(void);
- EXPORT_SYMBOL(pm_power_off);
-
--void (*arm_pm_restart)(char str, const char *cmd) = arm_machine_restart;
-+void (*arm_pm_restart)(char str, const char *cmd) __noreturn = arm_machine_restart;
- EXPORT_SYMBOL_GPL(arm_pm_restart);
-
- static void do_nothing(void *unused)
-@@ -248,6 +247,7 @@ void machine_power_off(void)
+@@ -273,9 +272,10 @@ void machine_power_off(void)
machine_shutdown();
if (pm_power_off)
pm_power_off();
+ BUG();
}
- void machine_restart(char *cmd)
-@@ -484,12 +484,6 @@ unsigned long get_wchan(struct task_struct *p)
+-void machine_restart(char *cmd)
++__noreturn void machine_restart(char *cmd)
+ {
+ machine_shutdown();
+
+@@ -517,12 +517,6 @@ unsigned long get_wchan(struct task_struct *p)
return 0;
}
@@ -1521,10 +1519,10 @@ index 3d0c6fb..9d326fa 100644
/*
* The vectors page is always readable from user space for the
diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
-index 8fc2c8f..064c150 100644
+index a255c39..4a19b25 100644
--- a/arch/arm/kernel/setup.c
+++ b/arch/arm/kernel/setup.c
-@@ -108,13 +108,13 @@ struct processor processor __read_mostly;
+@@ -109,13 +109,13 @@ struct processor processor __read_mostly;
struct cpu_tlb_fns cpu_tlb __read_mostly;
#endif
#ifdef MULTI_USER
@@ -1542,7 +1540,7 @@ index 8fc2c8f..064c150 100644
#endif
diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
-index 99a5727..a3d5bb1 100644
+index f84dfe6..13e94f7 100644
--- a/arch/arm/kernel/traps.c
+++ b/arch/arm/kernel/traps.c
@@ -259,6 +259,8 @@ static int __die(const char *str, int err, struct thread_info *thread, struct pt
@@ -1554,7 +1552,7 @@ index 99a5727..a3d5bb1 100644
/*
* This function is protected against re-entrancy.
*/
-@@ -288,6 +290,9 @@ void die(const char *str, struct pt_regs *regs, int err)
+@@ -291,6 +293,9 @@ void die(const char *str, struct pt_regs *regs, int err)
panic("Fatal exception in interrupt");
if (panic_on_oops)
panic("Fatal exception");
@@ -1631,7 +1629,7 @@ index d066df6..df28194 100644
.pushsection .fixup,"ax"
diff --git a/arch/arm/lib/uaccess.S b/arch/arm/lib/uaccess.S
-index d0ece2a..5ae2f39 100644
+index 5c908b1..e712687 100644
--- a/arch/arm/lib/uaccess.S
+++ b/arch/arm/lib/uaccess.S
@@ -20,7 +20,7 @@
@@ -1643,7 +1641,7 @@ index d0ece2a..5ae2f39 100644
* Purpose : copy a block to user memory from kernel memory
* Params : to - user memory
* : from - kernel memory
-@@ -40,7 +40,7 @@ USER( T(strgtb) r3, [r0], #1) @ May fault
+@@ -40,7 +40,7 @@ USER( TUSER( strgtb) r3, [r0], #1) @ May fault
sub r2, r2, ip
b .Lc2u_dest_aligned
@@ -1652,9 +1650,9 @@ index d0ece2a..5ae2f39 100644
stmfd sp!, {r2, r4 - r7, lr}
cmp r2, #4
blt .Lc2u_not_enough
-@@ -278,14 +278,14 @@ USER( T(strgeb) r3, [r0], #1) @ May fault
+@@ -278,14 +278,14 @@ USER( TUSER( strgeb) r3, [r0], #1) @ May fault
ldrgtb r3, [r1], #0
- USER( T(strgtb) r3, [r0], #1) @ May fault
+ USER( TUSER( strgtb) r3, [r0], #1) @ May fault
b .Lc2u_finished
-ENDPROC(__copy_to_user)
+ENDPROC(___copy_to_user)
@@ -1669,7 +1667,7 @@ index d0ece2a..5ae2f39 100644
* Purpose : copy a block from user memory to kernel memory
* Params : to - kernel memory
* : from - user memory
-@@ -304,7 +304,7 @@ USER( T(ldrgtb) r3, [r1], #1) @ May fault
+@@ -304,7 +304,7 @@ USER( TUSER( ldrgtb) r3, [r1], #1) @ May fault
sub r2, r2, ip
b .Lcfu_dest_aligned
@@ -1678,8 +1676,8 @@ index d0ece2a..5ae2f39 100644
stmfd sp!, {r0, r2, r4 - r7, lr}
cmp r2, #4
blt .Lcfu_not_enough
-@@ -544,7 +544,7 @@ USER( T(ldrgeb) r3, [r1], #1) @ May fault
- USER( T(ldrgtb) r3, [r1], #1) @ May fault
+@@ -544,7 +544,7 @@ USER( TUSER( ldrgeb) r3, [r1], #1) @ May fault
+ USER( TUSER( ldrgtb) r3, [r1], #1) @ May fault
strgtb r3, [r0], #1
b .Lcfu_finished
-ENDPROC(__copy_from_user)
@@ -1701,10 +1699,10 @@ index 025f742..8432b08 100644
/*
* This test is stubbed out of the main function above to keep
diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/board-n8x0.c
-index e9d5f4a..f099699 100644
+index 6722627..8f97548c 100644
--- a/arch/arm/mach-omap2/board-n8x0.c
+++ b/arch/arm/mach-omap2/board-n8x0.c
-@@ -593,7 +593,7 @@ static int n8x0_menelaus_late_init(struct device *dev)
+@@ -597,7 +597,7 @@ static int n8x0_menelaus_late_init(struct device *dev)
}
#endif
@@ -1727,10 +1725,10 @@ index 2b2d51c..0127490 100644
static int mbox_show(struct seq_file *s, void *data)
{
diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
-index aa33949..d366075 100644
+index bb7eac3..3bade16 100644
--- a/arch/arm/mm/fault.c
+++ b/arch/arm/mm/fault.c
-@@ -183,6 +183,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr,
+@@ -172,6 +172,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr,
}
#endif
@@ -1744,7 +1742,7 @@ index aa33949..d366075 100644
tsk->thread.address = addr;
tsk->thread.error_code = fsr;
tsk->thread.trap_no = 14;
-@@ -384,6 +391,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
+@@ -393,6 +400,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
}
#endif /* CONFIG_MMU */
@@ -1778,7 +1776,7 @@ index aa33949..d366075 100644
/*
* First Level Translation Fault Handler
*
-@@ -628,6 +662,20 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs)
+@@ -573,6 +607,20 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs)
const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr);
struct siginfo info;
@@ -1800,10 +1798,10 @@ index aa33949..d366075 100644
return;
diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c
-index 44b628e..623ee2a 100644
+index ce8cb19..3ec539d 100644
--- a/arch/arm/mm/mmap.c
+++ b/arch/arm/mm/mmap.c
-@@ -54,6 +54,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -93,6 +93,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
if (len > TASK_SIZE)
return -ENOMEM;
@@ -1814,7 +1812,7 @@ index 44b628e..623ee2a 100644
if (addr) {
if (do_align)
addr = COLOUR_ALIGN(addr, pgoff);
-@@ -61,15 +65,14 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -100,15 +104,14 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
addr = PAGE_ALIGN(addr);
vma = find_vma(mm, addr);
@@ -1827,14 +1825,14 @@ index 44b628e..623ee2a 100644
- start_addr = addr = mm->free_area_cache;
+ start_addr = addr = mm->free_area_cache;
} else {
-- start_addr = addr = TASK_UNMAPPED_BASE;
+- start_addr = addr = mm->mmap_base;
- mm->cached_hole_size = 0;
+ start_addr = addr = mm->mmap_base;
+ mm->cached_hole_size = 0;
}
- /* 8 bits of randomness in 20 address space bits */
- if ((current->flags & PF_RANDOMIZE) &&
-@@ -89,14 +92,14 @@ full_search:
+
+ full_search:
+@@ -124,14 +127,14 @@ full_search:
* Start a new search - just in case we missed
* some holes.
*/
@@ -1852,11 +1850,34 @@ index 44b628e..623ee2a 100644
/*
* Remember the place where we stopped the search:
*/
+@@ -266,10 +269,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+
+ if (mmap_is_legacy()) {
+ mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
++
++#ifdef CONFIG_PAX_RANDMMAP
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
++ mm->mmap_base += mm->delta_mmap;
++#endif
++
+ mm->get_unmapped_area = arch_get_unmapped_area;
+ mm->unmap_area = arch_unmap_area;
+ } else {
+ mm->mmap_base = mmap_base(random_factor);
++
++#ifdef CONFIG_PAX_RANDMMAP
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
++ mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
++#endif
++
+ mm->get_unmapped_area = arch_get_unmapped_area_topdown;
+ mm->unmap_area = arch_unmap_area_topdown;
+ }
diff --git a/arch/arm/plat-samsung/include/plat/dma-ops.h b/arch/arm/plat-samsung/include/plat/dma-ops.h
-index 4c1a363..df311d0 100644
+index 71a6827..e7fbc23 100644
--- a/arch/arm/plat-samsung/include/plat/dma-ops.h
+++ b/arch/arm/plat-samsung/include/plat/dma-ops.h
-@@ -41,7 +41,7 @@ struct samsung_dma_ops {
+@@ -43,7 +43,7 @@ struct samsung_dma_ops {
int (*started)(unsigned ch);
int (*flush)(unsigned ch);
int (*stop)(unsigned ch);
@@ -2477,10 +2498,10 @@ index 5ca674b..e0e1b70 100644
addr = ALIGN(vmm->vm_end, HPAGE_SIZE);
}
diff --git a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c
-index 00cb0e2..2ad8024 100644
+index 13df239d..cb52116 100644
--- a/arch/ia64/mm/init.c
+++ b/arch/ia64/mm/init.c
-@@ -120,6 +120,19 @@ ia64_init_addr_space (void)
+@@ -121,6 +121,19 @@ ia64_init_addr_space (void)
vma->vm_start = current->thread.rbs_bot & PAGE_MASK;
vma->vm_end = vma->vm_start + PAGE_SIZE;
vma->vm_flags = VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT;
@@ -2650,10 +2671,10 @@ index 455c0ac..ad65fbe 100644
-
#endif /* _ASM_ELF_H */
diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h
-index e59cd1a..8e329d6 100644
+index da9bd7d..91aa7ab 100644
--- a/arch/mips/include/asm/page.h
+++ b/arch/mips/include/asm/page.h
-@@ -93,7 +93,7 @@ extern void copy_user_highpage(struct page *to, struct page *from,
+@@ -98,7 +98,7 @@ extern void copy_user_highpage(struct page *to, struct page *from,
#ifdef CONFIG_CPU_MIPS32
typedef struct { unsigned long pte_low, pte_high; } pte_t;
#define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32))
@@ -2711,10 +2732,10 @@ index ff44823..97f8906 100644
/*
diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
-index c47f96e..661d418 100644
+index 7955409..ceaea7c 100644
--- a/arch/mips/kernel/process.c
+++ b/arch/mips/kernel/process.c
-@@ -481,15 +481,3 @@ unsigned long get_wchan(struct task_struct *task)
+@@ -483,15 +483,3 @@ unsigned long get_wchan(struct task_struct *task)
out:
return pc;
}
@@ -2731,7 +2752,7 @@ index c47f96e..661d418 100644
- return sp & ALMASK;
-}
diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c
-index 937cf33..adb39bb 100644
+index 69ebd58..e4bff83 100644
--- a/arch/mips/mm/fault.c
+++ b/arch/mips/mm/fault.c
@@ -28,6 +28,23 @@
@@ -3417,10 +3438,10 @@ index d4a7f64..451de1c 100644
return (vm_flags & VM_SAO) ? __pgprot(_PAGE_SAO) : __pgprot(0);
}
diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h
-index dd9c4fd..a2ced87 100644
+index f072e97..b436dee 100644
--- a/arch/powerpc/include/asm/page.h
+++ b/arch/powerpc/include/asm/page.h
-@@ -141,8 +141,9 @@ extern phys_addr_t kernstart_addr;
+@@ -220,8 +220,9 @@ extern long long virt_phys_offset;
* and needs to be executable. This means the whole heap ends
* up being executable.
*/
@@ -3432,7 +3453,7 @@ index dd9c4fd..a2ced87 100644
#define VM_DATA_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \
VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
-@@ -170,6 +171,9 @@ extern phys_addr_t kernstart_addr;
+@@ -249,6 +250,9 @@ extern long long virt_phys_offset;
#define is_kernel_addr(x) ((x) >= PAGE_OFFSET)
#endif
@@ -3443,10 +3464,10 @@ index dd9c4fd..a2ced87 100644
* Use the top bit of the higher-level page table entries to indicate whether
* the entries we point to contain hugepages. This works because we know that
diff --git a/arch/powerpc/include/asm/page_64.h b/arch/powerpc/include/asm/page_64.h
-index fb40ede..d3ce956 100644
+index fed85e6..da5c71b 100644
--- a/arch/powerpc/include/asm/page_64.h
+++ b/arch/powerpc/include/asm/page_64.h
-@@ -144,15 +144,18 @@ do { \
+@@ -146,15 +146,18 @@ do { \
* stack by default, so in the absence of a PT_GNU_STACK program header
* we turn execute permission off.
*/
@@ -3468,7 +3489,7 @@ index fb40ede..d3ce956 100644
#include <asm-generic/getorder.h>
diff --git a/arch/powerpc/include/asm/pgtable.h b/arch/powerpc/include/asm/pgtable.h
-index 88b0bd9..e32bc67 100644
+index 2e0e411..7899c68 100644
--- a/arch/powerpc/include/asm/pgtable.h
+++ b/arch/powerpc/include/asm/pgtable.h
@@ -2,6 +2,7 @@
@@ -3492,7 +3513,7 @@ index 4aad413..85d86bf 100644
#define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */
#define _PAGE_WRITETHRU 0x040 /* W: cache write-through */
diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
-index 559da19..7e5835c 100644
+index 7fdc2c0..e47a9b02d3 100644
--- a/arch/powerpc/include/asm/reg.h
+++ b/arch/powerpc/include/asm/reg.h
@@ -212,6 +212,7 @@
@@ -3504,10 +3525,10 @@ index 559da19..7e5835c 100644
#define DSISR_ISSTORE 0x02000000 /* access was a store */
#define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */
diff --git a/arch/powerpc/include/asm/system.h b/arch/powerpc/include/asm/system.h
-index e30a13d..2b7d994 100644
+index c377457..3c69fbc 100644
--- a/arch/powerpc/include/asm/system.h
+++ b/arch/powerpc/include/asm/system.h
-@@ -530,7 +530,7 @@ __cmpxchg_local(volatile void *ptr, unsigned long old, unsigned long new,
+@@ -539,7 +539,7 @@ __cmpxchg_local(volatile void *ptr, unsigned long old, unsigned long new,
#define cmpxchg64_local(ptr, o, n) __cmpxchg64_local_generic((ptr), (o), (n))
#endif
@@ -3720,7 +3741,7 @@ index 429983c..7af363b 100644
ld r4,_DAR(r1)
bl .bad_page_fault
diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S
-index cf9c69b..ebc9640 100644
+index 15c5a4f..22a4000 100644
--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
@@ -1004,10 +1004,10 @@ handle_page_fault:
@@ -3736,10 +3757,10 @@ index cf9c69b..ebc9640 100644
addi r3,r1,STACK_FRAME_OVERHEAD
lwz r4,_DAR(r1)
diff --git a/arch/powerpc/kernel/irq.c b/arch/powerpc/kernel/irq.c
-index 745c1e7..59d97a6 100644
+index 01e2877..a1ba360 100644
--- a/arch/powerpc/kernel/irq.c
+++ b/arch/powerpc/kernel/irq.c
-@@ -547,9 +547,6 @@ struct irq_host *irq_alloc_host(struct device_node *of_node,
+@@ -560,9 +560,6 @@ struct irq_host *irq_alloc_host(struct device_node *of_node,
host->ops = ops;
host->of_node = of_node_get(of_node);
@@ -3749,7 +3770,7 @@ index 745c1e7..59d97a6 100644
raw_spin_lock_irqsave(&irq_big_lock, flags);
/* If it's a legacy controller, check for duplicates and
-@@ -622,7 +619,12 @@ struct irq_host *irq_find_host(struct device_node *node)
+@@ -635,7 +632,12 @@ struct irq_host *irq_find_host(struct device_node *node)
*/
raw_spin_lock_irqsave(&irq_big_lock, flags);
list_for_each_entry(h, &irq_hosts, link)
@@ -3797,10 +3818,10 @@ index 0b6d796..d760ddb 100644
/* Find this entry, or if that fails, the next avail. entry */
while (entry->jump[0]) {
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
-index 6457574..08b28d3 100644
+index d817ab0..b23b18e 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
-@@ -660,8 +660,8 @@ void show_regs(struct pt_regs * regs)
+@@ -676,8 +676,8 @@ void show_regs(struct pt_regs * regs)
* Lookup NIP late so we have the best change of getting the
* above info out without failing
*/
@@ -3811,7 +3832,7 @@ index 6457574..08b28d3 100644
#endif
show_stack(current, (unsigned long *) regs->gpr[1]);
if (!user_mode(regs))
-@@ -1165,10 +1165,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
+@@ -1181,10 +1181,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
newsp = stack[0];
ip = stack[STACK_FRAME_LR_SAVE];
if (!firstframe || ip != lr) {
@@ -3824,7 +3845,7 @@ index 6457574..08b28d3 100644
(void *)current->ret_stack[curr_frame].ret);
curr_frame--;
}
-@@ -1188,7 +1188,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
+@@ -1204,7 +1204,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
struct pt_regs *regs = (struct pt_regs *)
(sp + STACK_FRAME_OVERHEAD);
lr = regs->link;
@@ -3833,7 +3854,7 @@ index 6457574..08b28d3 100644
regs->trap, (void *)regs->nip, (void *)lr);
firstframe = 1;
}
-@@ -1263,58 +1263,3 @@ void thread_info_cache_init(void)
+@@ -1279,58 +1279,3 @@ void thread_info_cache_init(void)
}
#endif /* THREAD_SHIFT < PAGE_SHIFT */
@@ -3919,26 +3940,27 @@ index a50b5ec..547078a 100644
} else {
err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]);
diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
-index 5459d14..10f8070 100644
+index c091527..5592625 100644
--- a/arch/powerpc/kernel/traps.c
+++ b/arch/powerpc/kernel/traps.c
-@@ -98,6 +98,8 @@ static void pmac_backlight_unblank(void)
- static inline void pmac_backlight_unblank(void) { }
- #endif
+@@ -131,6 +131,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs)
+ return flags;
+ }
+extern void gr_handle_kernel_exploit(void);
+
- int die(const char *str, struct pt_regs *regs, long err)
+ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
+ int signr)
{
- static struct {
-@@ -171,6 +173,8 @@ int die(const char *str, struct pt_regs *regs, long err)
+@@ -178,6 +180,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
+ panic("Fatal exception in interrupt");
if (panic_on_oops)
panic("Fatal exception");
-
++
+ gr_handle_kernel_exploit();
+
- oops_exit();
- do_exit(err);
+ do_exit(signr);
+ }
diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c
index 7d14bb6..1305601 100644
@@ -4006,7 +4028,7 @@ index 5eea6f3..5d10396 100644
EXPORT_SYMBOL(copy_in_user);
diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
-index 5efe8c9..db9ceef 100644
+index 2f0d1b0..36fb5cc 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
@@ -32,6 +32,10 @@
@@ -4026,9 +4048,9 @@ index 5efe8c9..db9ceef 100644
#include <mm/mmu_decl.h>
+#include <asm/ptrace.h>
- #ifdef CONFIG_KPROBES
- static inline int notify_page_fault(struct pt_regs *regs)
-@@ -66,6 +71,33 @@ static inline int notify_page_fault(struct pt_regs *regs)
+ #include "icswx.h"
+
+@@ -68,6 +73,33 @@ static inline int notify_page_fault(struct pt_regs *regs)
}
#endif
@@ -4062,7 +4084,7 @@ index 5efe8c9..db9ceef 100644
/*
* Check whether the instruction at regs->nip is a store using
* an update addressing form which will update r1.
-@@ -136,7 +168,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
+@@ -138,7 +170,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
* indicate errors in DSISR but can validly be set in SRR1.
*/
if (trap == 0x400)
@@ -4071,7 +4093,7 @@ index 5efe8c9..db9ceef 100644
else
is_write = error_code & DSISR_ISSTORE;
#else
-@@ -259,7 +291,7 @@ good_area:
+@@ -276,7 +308,7 @@ good_area:
* "undefined". Of those that can be set, this is the only
* one which seems bad.
*/
@@ -4080,7 +4102,7 @@ index 5efe8c9..db9ceef 100644
/* Guarded storage error. */
goto bad_area;
#endif /* CONFIG_8xx */
-@@ -274,7 +306,7 @@ good_area:
+@@ -291,7 +323,7 @@ good_area:
* processors use the same I/D cache coherency mechanism
* as embedded.
*/
@@ -4089,7 +4111,7 @@ index 5efe8c9..db9ceef 100644
goto bad_area;
#endif /* CONFIG_PPC_STD_MMU */
-@@ -343,6 +375,23 @@ bad_area:
+@@ -360,6 +392,23 @@ bad_area:
bad_area_nosemaphore:
/* User mode accesses cause a SIGSEGV */
if (user_mode(regs)) {
@@ -4114,10 +4136,10 @@ index 5efe8c9..db9ceef 100644
return 0;
}
diff --git a/arch/powerpc/mm/mmap_64.c b/arch/powerpc/mm/mmap_64.c
-index 5a783d8..c23e14b 100644
+index 67a42ed..1c7210c 100644
--- a/arch/powerpc/mm/mmap_64.c
+++ b/arch/powerpc/mm/mmap_64.c
-@@ -99,10 +99,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
+@@ -91,10 +91,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
*/
if (mmap_is_legacy()) {
mm->mmap_base = TASK_UNMAPPED_BASE;
@@ -4277,10 +4299,10 @@ index 547f1a6..0b22b53 100644
-
#endif
diff --git a/arch/s390/include/asm/system.h b/arch/s390/include/asm/system.h
-index ef573c1..75a1ce6 100644
+index d73cc6b..1a296ad 100644
--- a/arch/s390/include/asm/system.h
+++ b/arch/s390/include/asm/system.h
-@@ -262,7 +262,7 @@ extern void (*_machine_restart)(char *command);
+@@ -260,7 +260,7 @@ extern void (*_machine_restart)(char *command);
extern void (*_machine_halt)(void);
extern void (*_machine_power_off)(void);
@@ -4401,10 +4423,10 @@ index dfcb343..eda788a 100644
if (r_type == R_390_GOTPC)
*(unsigned int *) loc = val;
diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c
-index 53088e2..9f44a36 100644
+index e795933..b32563c 100644
--- a/arch/s390/kernel/process.c
+++ b/arch/s390/kernel/process.c
-@@ -320,39 +320,3 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -323,39 +323,3 @@ unsigned long get_wchan(struct task_struct *p)
}
return 0;
}
@@ -4630,18 +4652,6 @@ index afeb710..d1d1289 100644
bottomup:
/*
-diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig
-index f92602e..27060b2 100644
---- a/arch/sparc/Kconfig
-+++ b/arch/sparc/Kconfig
-@@ -31,6 +31,7 @@ config SPARC
-
- config SPARC32
- def_bool !64BIT
-+ select GENERIC_ATOMIC64
-
- config SPARC64
- def_bool 64BIT
diff --git a/arch/sparc/Makefile b/arch/sparc/Makefile
index eddcfb3..b117d90 100644
--- a/arch/sparc/Makefile
@@ -4655,19 +4665,6 @@ index eddcfb3..b117d90 100644
VMLINUX_MAIN += $(patsubst %/, %/lib.a, $(libs-y)) $(libs-y)
VMLINUX_MAIN += $(drivers-y) $(net-y)
-diff --git a/arch/sparc/include/asm/atomic_32.h b/arch/sparc/include/asm/atomic_32.h
-index 5c3c8b6..ba822fa 100644
---- a/arch/sparc/include/asm/atomic_32.h
-+++ b/arch/sparc/include/asm/atomic_32.h
-@@ -13,6 +13,8 @@
-
- #include <linux/types.h>
-
-+#include <asm-generic/atomic64.h>
-+
- #ifdef __KERNEL__
-
- #include <asm/system.h>
diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm/atomic_64.h
index 9f421df..b81fc12 100644
--- a/arch/sparc/include/asm/atomic_64.h
@@ -4912,19 +4909,6 @@ index 7df8b7f..4946269 100644
extern unsigned long sparc64_elf_hwcap;
#define ELF_HWCAP sparc64_elf_hwcap
-diff --git a/arch/sparc/include/asm/page_32.h b/arch/sparc/include/asm/page_32.h
-index 156707b..aefa786 100644
---- a/arch/sparc/include/asm/page_32.h
-+++ b/arch/sparc/include/asm/page_32.h
-@@ -8,6 +8,8 @@
- #ifndef _SPARC_PAGE_H
- #define _SPARC_PAGE_H
-
-+#include <linux/const.h>
-+
- #define PAGE_SHIFT 12
-
- #ifndef __ASSEMBLY__
diff --git a/arch/sparc/include/asm/pgtable_32.h b/arch/sparc/include/asm/pgtable_32.h
index a790cc6..091ed94 100644
--- a/arch/sparc/include/asm/pgtable_32.h
@@ -5080,7 +5064,7 @@ index 9689176..63c18ea 100644
unsigned long mask, tmp1, tmp2, result;
diff --git a/arch/sparc/include/asm/thread_info_32.h b/arch/sparc/include/asm/thread_info_32.h
-index fa57532..e1a4c53 100644
+index c2a1080..21ed218 100644
--- a/arch/sparc/include/asm/thread_info_32.h
+++ b/arch/sparc/include/asm/thread_info_32.h
@@ -50,6 +50,8 @@ struct thread_info {
@@ -5093,7 +5077,7 @@ index fa57532..e1a4c53 100644
/*
diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h
-index 60d86be..952dea1 100644
+index 01d057f..0a02f7e 100644
--- a/arch/sparc/include/asm/thread_info_64.h
+++ b/arch/sparc/include/asm/thread_info_64.h
@@ -63,6 +63,8 @@ struct thread_info {
@@ -5277,10 +5261,10 @@ index f793742..4d880af 100644
} while (++count < 16);
printk("\n");
diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c
-index 3739a06..48b2ff0 100644
+index 39d8b05..d1a7d90 100644
--- a/arch/sparc/kernel/process_64.c
+++ b/arch/sparc/kernel/process_64.c
-@@ -180,14 +180,14 @@ static void show_regwindow(struct pt_regs *regs)
+@@ -182,14 +182,14 @@ static void show_regwindow(struct pt_regs *regs)
printk("i4: %016lx i5: %016lx i6: %016lx i7: %016lx\n",
rwk->ins[4], rwk->ins[5], rwk->ins[6], rwk->ins[7]);
if (regs->tstate & TSTATE_PRIV)
@@ -5297,7 +5281,7 @@ index 3739a06..48b2ff0 100644
printk("g0: %016lx g1: %016lx g2: %016lx g3: %016lx\n",
regs->u_regs[0], regs->u_regs[1], regs->u_regs[2],
regs->u_regs[3]);
-@@ -200,7 +200,7 @@ void show_regs(struct pt_regs *regs)
+@@ -202,7 +202,7 @@ void show_regs(struct pt_regs *regs)
printk("o4: %016lx o5: %016lx sp: %016lx ret_pc: %016lx\n",
regs->u_regs[12], regs->u_regs[13], regs->u_regs[14],
regs->u_regs[15]);
@@ -5306,7 +5290,7 @@ index 3739a06..48b2ff0 100644
show_regwindow(regs);
show_stack(current, (unsigned long *) regs->u_regs[UREG_FP]);
}
-@@ -285,7 +285,7 @@ void arch_trigger_all_cpu_backtrace(void)
+@@ -287,7 +287,7 @@ void arch_trigger_all_cpu_backtrace(void)
((tp && tp->task) ? tp->task->pid : -1));
if (gp->tstate & TSTATE_PRIV) {
@@ -5338,7 +5322,7 @@ index 42b282f..28ce9f2 100644
addr = vmm->vm_end;
if (flags & MAP_SHARED)
diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c
-index 441521a..b767073 100644
+index 232df99..cee1f9c 100644
--- a/arch/sparc/kernel/sys_sparc_64.c
+++ b/arch/sparc/kernel/sys_sparc_64.c
@@ -124,7 +124,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
@@ -5927,10 +5911,10 @@ index 59186e0..f747d7a 100644
cmp %g1, %g7
bne,pn %xcc, BACKOFF_LABEL(2f, 1b)
diff --git a/arch/sparc/lib/ksyms.c b/arch/sparc/lib/ksyms.c
-index 1b30bb3..b4a16c7 100644
+index f73c224..662af10 100644
--- a/arch/sparc/lib/ksyms.c
+++ b/arch/sparc/lib/ksyms.c
-@@ -142,12 +142,18 @@ EXPORT_SYMBOL(__downgrade_write);
+@@ -136,12 +136,18 @@ EXPORT_SYMBOL(__downgrade_write);
/* Atomic counter implementation. */
EXPORT_SYMBOL(atomic_add);
@@ -6940,7 +6924,7 @@ index 392e533..536b092 100644
/* bytes per L2 cache line */
#define L2_CACHE_SHIFT CHIP_L2_LOG_LINE_SIZE()
diff --git a/arch/um/Makefile b/arch/um/Makefile
-index 7730af6..cce5b19 100644
+index 28688e6..4c0aa1c 100644
--- a/arch/um/Makefile
+++ b/arch/um/Makefile
@@ -61,6 +61,10 @@ USER_CFLAGS = $(patsubst $(KERNEL_DEFINES),,$(patsubst -D__KERNEL__,,\
@@ -7001,10 +6985,10 @@ index 7cfc3ce..cbd1a58 100644
struct page;
diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c
-index c533835..84db18e 100644
+index 69f2490..2634831 100644
--- a/arch/um/kernel/process.c
+++ b/arch/um/kernel/process.c
-@@ -406,22 +406,6 @@ int singlestepping(void * t)
+@@ -408,22 +408,6 @@ int singlestepping(void * t)
return 2;
}
@@ -7045,10 +7029,10 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index efb4294..61bc18c 100644
+index 5bed94e..fbcf200 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
-@@ -235,7 +235,7 @@ config X86_HT
+@@ -226,7 +226,7 @@ config X86_HT
config X86_32_LAZY_GS
def_bool y
@@ -7057,7 +7041,7 @@ index efb4294..61bc18c 100644
config ARCH_HWEIGHT_CFLAGS
string
-@@ -1022,7 +1022,7 @@ choice
+@@ -1058,7 +1058,7 @@ choice
config NOHIGHMEM
bool "off"
@@ -7066,7 +7050,7 @@ index efb4294..61bc18c 100644
---help---
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
However, the address space of 32-bit x86 processors is only 4
-@@ -1059,7 +1059,7 @@ config NOHIGHMEM
+@@ -1095,7 +1095,7 @@ config NOHIGHMEM
config HIGHMEM4G
bool "4GB"
@@ -7075,7 +7059,7 @@ index efb4294..61bc18c 100644
---help---
Select this if you have a 32-bit processor and between 1 and 4
gigabytes of physical RAM.
-@@ -1113,7 +1113,7 @@ config PAGE_OFFSET
+@@ -1149,7 +1149,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
@@ -7084,7 +7068,7 @@ index efb4294..61bc18c 100644
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1496,6 +1496,7 @@ config SECCOMP
+@@ -1539,6 +1539,7 @@ config SECCOMP
config CC_STACKPROTECTOR
bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
@@ -7092,7 +7076,7 @@ index efb4294..61bc18c 100644
---help---
This option turns on the -fstack-protector GCC feature. This
feature puts, at the beginning of functions, a canary value on
-@@ -1553,6 +1554,7 @@ config KEXEC_JUMP
+@@ -1596,6 +1597,7 @@ config KEXEC_JUMP
config PHYSICAL_START
hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP)
default "0x1000000"
@@ -7100,7 +7084,7 @@ index efb4294..61bc18c 100644
---help---
This gives the physical address where the kernel is loaded.
-@@ -1616,6 +1618,7 @@ config X86_NEED_RELOCS
+@@ -1659,6 +1661,7 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned" if X86_32
default "0x1000000"
@@ -7108,7 +7092,7 @@ index efb4294..61bc18c 100644
range 0x2000 0x1000000
---help---
This value puts the alignment restrictions on physical address
-@@ -1647,9 +1650,10 @@ config HOTPLUG_CPU
+@@ -1690,9 +1693,10 @@ config HOTPLUG_CPU
Say N if you want to disable CPU hotplug.
config COMPAT_VDSO
@@ -7121,10 +7105,10 @@ index efb4294..61bc18c 100644
Map the 32-bit VDSO to the predictable old-style address too.
diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu
-index e3ca7e0..b30b28a 100644
+index 3c57033..22d44aa 100644
--- a/arch/x86/Kconfig.cpu
+++ b/arch/x86/Kconfig.cpu
-@@ -341,7 +341,7 @@ config X86_PPRO_FENCE
+@@ -335,7 +335,7 @@ config X86_PPRO_FENCE
config X86_F00F_BUG
def_bool y
@@ -7133,7 +7117,7 @@ index e3ca7e0..b30b28a 100644
config X86_INVD_BUG
def_bool y
-@@ -365,7 +365,7 @@ config X86_POPAD_OK
+@@ -359,7 +359,7 @@ config X86_POPAD_OK
config X86_ALIGNMENT_16
def_bool y
@@ -7142,7 +7126,7 @@ index e3ca7e0..b30b28a 100644
config X86_INTEL_USERCOPY
def_bool y
-@@ -411,7 +411,7 @@ config X86_CMPXCHG64
+@@ -405,7 +405,7 @@ config X86_CMPXCHG64
# generates cmov.
config X86_CMOV
def_bool y
@@ -7152,10 +7136,10 @@ index e3ca7e0..b30b28a 100644
config X86_MINIMUM_CPU_FAMILY
int
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
-index bf56e17..05f9891 100644
+index e46c214..7c72b55 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
-@@ -81,7 +81,7 @@ config X86_PTDUMP
+@@ -84,7 +84,7 @@ config X86_PTDUMP
config DEBUG_RODATA
bool "Write protect kernel read-only data structures"
default y
@@ -7164,7 +7148,7 @@ index bf56e17..05f9891 100644
---help---
Mark the kernel read-only data as write-protected in the pagetables,
in order to catch accidental (and incorrect) writes to such const
-@@ -99,7 +99,7 @@ config DEBUG_RODATA_TEST
+@@ -102,7 +102,7 @@ config DEBUG_RODATA_TEST
config DEBUG_SET_MODULE_RONX
bool "Set loadable kernel module data as NX and text as RO"
@@ -7174,7 +7158,7 @@ index bf56e17..05f9891 100644
This option helps catch unintended modifications to loadable
kernel module's text and read-only data. It also prevents execution
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
-index b02e509..2631e48 100644
+index 209ba12..15140db 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@@ -46,6 +46,7 @@ else
@@ -7185,7 +7169,7 @@ index b02e509..2631e48 100644
KBUILD_AFLAGS += -m64
KBUILD_CFLAGS += -m64
-@@ -195,3 +196,12 @@ define archhelp
+@@ -201,3 +202,12 @@ define archhelp
echo ' FDARGS="..." arguments for the booted kernel'
echo ' FDINITRD=file initrd for the booted kernel'
endef
@@ -7257,7 +7241,7 @@ index c7093bd..d4247ffe0 100644
return diff;
}
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
-index 09664ef..edc5d03 100644
+index b123b9a..2cf2f23 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -14,6 +14,9 @@ cflags-$(CONFIG_X86_64) := -mcmodel=small
@@ -7271,10 +7255,10 @@ index 09664ef..edc5d03 100644
KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
GCOV_PROFILE := n
diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
-index 67a655a..b924059 100644
+index a055993..47e126c 100644
--- a/arch/x86/boot/compressed/head_32.S
+++ b/arch/x86/boot/compressed/head_32.S
-@@ -76,7 +76,7 @@ ENTRY(startup_32)
+@@ -98,7 +98,7 @@ preferred_addr:
notl %eax
andl %eax, %ebx
#else
@@ -7283,7 +7267,7 @@ index 67a655a..b924059 100644
#endif
/* Target address to relocate to for decompression */
-@@ -162,7 +162,7 @@ relocated:
+@@ -184,7 +184,7 @@ relocated:
* and where it was actually loaded.
*/
movl %ebp, %ebx
@@ -7292,7 +7276,7 @@ index 67a655a..b924059 100644
jz 2f /* Nothing to be done if loaded at compiled addr. */
/*
* Process relocations.
-@@ -170,8 +170,7 @@ relocated:
+@@ -192,8 +192,7 @@ relocated:
1: subl $4, %edi
movl (%edi), %ecx
@@ -7303,7 +7287,7 @@ index 67a655a..b924059 100644
jmp 1b
2:
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
-index 35af09d..99c9676 100644
+index 558d76c..606aa24 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -91,7 +91,7 @@ ENTRY(startup_32)
@@ -7315,7 +7299,7 @@ index 35af09d..99c9676 100644
#endif
/* Target address to relocate to for decompression */
-@@ -233,7 +233,7 @@ ENTRY(startup_64)
+@@ -253,7 +253,7 @@ preferred_addr:
notq %rax
andq %rax, %rbp
#else
@@ -7325,7 +7309,7 @@ index 35af09d..99c9676 100644
/* Target address to relocate to for decompression */
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
-index 3a19d04..7c1d55a 100644
+index 7116dcb..d9ae1d7 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -310,7 +310,7 @@ static void parse_elf(void *output)
@@ -7337,7 +7321,7 @@ index 3a19d04..7c1d55a 100644
#else
dest = (void *)(phdr->p_paddr);
#endif
-@@ -363,7 +363,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap,
+@@ -365,7 +365,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap,
error("Destination address too large");
#endif
#ifndef CONFIG_RELOCATABLE
@@ -7642,10 +7626,10 @@ index 4d3ff03..e4972ff 100644
err = check_flags();
}
diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
-index bdb4d45..0476680 100644
+index f1bbeeb..aff09cb 100644
--- a/arch/x86/boot/header.S
+++ b/arch/x86/boot/header.S
-@@ -224,7 +224,7 @@ setup_data: .quad 0 # 64-bit physical pointer to
+@@ -372,7 +372,7 @@ setup_data: .quad 0 # 64-bit physical pointer to
# single linked list of
# struct setup_data
@@ -7992,6 +7976,40 @@ index 6214a9b..1f4fc9a 100644
mov %rsi,%rdx
+ pax_force_retaddr
ret
+diff --git a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S
+index 7f24a15..9cd3ffe 100644
+--- a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S
++++ b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S
+@@ -24,6 +24,8 @@
+ *
+ */
+
++#include <asm/alternative-asm.h>
++
+ .file "serpent-sse2-x86_64-asm_64.S"
+ .text
+
+@@ -695,12 +697,14 @@ __serpent_enc_blk_8way:
+ write_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2);
+ write_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2);
+
++ pax_force_retaddr
+ ret;
+
+ __enc_xor8:
+ xor_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2);
+ xor_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2);
+
++ pax_force_retaddr
+ ret;
+
+ .align 8
+@@ -758,4 +762,5 @@ serpent_dec_blk_8way:
+ write_blocks(%rsi, RC1, RD1, RB1, RE1, RK0, RK1, RK2);
+ write_blocks(%rax, RC2, RD2, RB2, RE2, RK0, RK1, RK2);
+
++ pax_force_retaddr
+ ret;
diff --git a/arch/x86/crypto/sha1_ssse3_asm.S b/arch/x86/crypto/sha1_ssse3_asm.S
index b2c2f57..8470cab 100644
--- a/arch/x86/crypto/sha1_ssse3_asm.S
@@ -8076,7 +8094,7 @@ index 7bcf3fc..f53832f 100644
+ pax_force_retaddr 0, 1
ret
diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
-index fd84387..887aa7e 100644
+index 39e4909..887aa7e 100644
--- a/arch/x86/ia32/ia32_aout.c
+++ b/arch/x86/ia32/ia32_aout.c
@@ -162,6 +162,8 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file,
@@ -8088,34 +8106,6 @@ index fd84387..887aa7e 100644
fs = get_fs();
set_fs(KERNEL_DS);
has_dumped = 1;
-@@ -315,6 +317,13 @@ static int load_aout_binary(struct linux_binprm *bprm, struct pt_regs *regs)
- current->mm->free_area_cache = TASK_UNMAPPED_BASE;
- current->mm->cached_hole_size = 0;
-
-+ retval = setup_arg_pages(bprm, IA32_STACK_TOP, EXSTACK_DEFAULT);
-+ if (retval < 0) {
-+ /* Someone check-me: is this error path enough? */
-+ send_sig(SIGKILL, current, 0);
-+ return retval;
-+ }
-+
- install_exec_creds(bprm);
- current->flags &= ~PF_FORKNOEXEC;
-
-@@ -410,13 +419,6 @@ beyond_if:
-
- set_brk(current->mm->start_brk, current->mm->brk);
-
-- retval = setup_arg_pages(bprm, IA32_STACK_TOP, EXSTACK_DEFAULT);
-- if (retval < 0) {
-- /* Someone check-me: is this error path enough? */
-- send_sig(SIGKILL, current, 0);
-- return retval;
-- }
--
- current->mm->start_stack =
- (unsigned long)create_aout_tables((char __user *)bprm->p, bprm);
- /* start thread */
diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
index 6557769..ef6ae89 100644
--- a/arch/x86/ia32/ia32_signal.c
@@ -8197,20 +8187,21 @@ index 6557769..ef6ae89 100644
if (err)
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
-index a6253ec..4ad2120 100644
+index e3e7340..05ed805 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
-@@ -13,7 +13,9 @@
+@@ -13,8 +13,10 @@
#include <asm/thread_info.h>
#include <asm/segment.h>
#include <asm/irqflags.h>
+#include <asm/pgtable.h>
#include <linux/linkage.h>
+ #include <linux/err.h>
+#include <asm/alternative-asm.h>
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
-@@ -95,6 +97,32 @@ ENTRY(native_irq_enable_sysexit)
+@@ -94,6 +96,32 @@ ENTRY(native_irq_enable_sysexit)
ENDPROC(native_irq_enable_sysexit)
#endif
@@ -8243,7 +8234,7 @@ index a6253ec..4ad2120 100644
/*
* 32bit SYSENTER instruction entry.
*
-@@ -121,12 +149,6 @@ ENTRY(ia32_sysenter_target)
+@@ -120,12 +148,6 @@ ENTRY(ia32_sysenter_target)
CFI_REGISTER rsp,rbp
SWAPGS_UNSAFE_STACK
movq PER_CPU_VAR(kernel_stack), %rsp
@@ -8256,11 +8247,11 @@ index a6253ec..4ad2120 100644
movl %ebp,%ebp /* zero extension */
pushq_cfi $__USER32_DS
/*CFI_REL_OFFSET ss,0*/
-@@ -134,25 +156,39 @@ ENTRY(ia32_sysenter_target)
+@@ -133,24 +155,39 @@ ENTRY(ia32_sysenter_target)
CFI_REL_OFFSET rsp,0
pushfq_cfi
/*CFI_REL_OFFSET rflags,0*/
-- movl 8*3-THREAD_SIZE+TI_sysenter_return(%rsp), %r10d
+- movl TI_sysenter_return+THREAD_INFO(%rsp,3*8-KERNEL_STACK_OFFSET),%r10d
- CFI_REGISTER rip,r10
+ orl $X86_EFLAGS_IF,(%rsp)
+ GET_THREAD_INFO(%r11)
@@ -8293,78 +8284,75 @@ index a6253ec..4ad2120 100644
.section __ex_table,"a"
.quad 1b,ia32_badarg
.previous
-- GET_THREAD_INFO(%r10)
-- orl $TS_COMPAT,TI_status(%r10)
-- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10)
+- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ GET_THREAD_INFO(%r11)
+ orl $TS_COMPAT,TI_status(%r11)
+ testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11)
CFI_REMEMBER_STATE
jnz sysenter_tracesys
cmpq $(IA32_NR_syscalls-1),%rax
-@@ -162,13 +198,15 @@ sysenter_do_call:
+@@ -160,12 +197,15 @@ sysenter_do_call:
sysenter_dispatch:
call *ia32_sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
-- GET_THREAD_INFO(%r10)
+ GET_THREAD_INFO(%r11)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
-- testl $_TIF_ALLWORK_MASK,TI_flags(%r10)
+- testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ testl $_TIF_ALLWORK_MASK,TI_flags(%r11)
jnz sysexit_audit
sysexit_from_sys_call:
-- andl $~TS_COMPAT,TI_status(%r10)
+- andl $~TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ pax_exit_kernel_user
+ pax_erase_kstack
+ andl $~TS_COMPAT,TI_status(%r11)
/* clear IF, that popfq doesn't enable interrupts early */
andl $~0x200,EFLAGS-R11(%rsp)
movl RIP-R11(%rsp),%edx /* User %eip */
-@@ -194,6 +232,9 @@ sysexit_from_sys_call:
+@@ -191,6 +231,9 @@ sysexit_from_sys_call:
movl %eax,%esi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */
- call audit_syscall_entry
+ call __audit_syscall_entry
+
+ pax_erase_kstack
+
movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */
cmpq $(IA32_NR_syscalls-1),%rax
ja ia32_badsys
-@@ -205,7 +246,7 @@ sysexit_from_sys_call:
+@@ -202,7 +245,7 @@ sysexit_from_sys_call:
.endm
.macro auditsys_exit exit
-- testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10)
+- testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r11)
jnz ia32_ret_from_sys_call
TRACE_IRQS_ON
sti
-@@ -215,12 +256,12 @@ sysexit_from_sys_call:
+@@ -213,11 +256,12 @@ sysexit_from_sys_call:
+ 1: setbe %al /* 1 if error, 0 if not */
movzbl %al,%edi /* zero-extend that into %edi */
- inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */
- call audit_syscall_exit
-- GET_THREAD_INFO(%r10)
+ call __audit_syscall_exit
+ GET_THREAD_INFO(%r11)
- movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall return value */
+ movq RAX-ARGOFFSET(%rsp),%rax /* reload syscall return value */
movl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),%edi
cli
TRACE_IRQS_OFF
-- testl %edi,TI_flags(%r10)
+- testl %edi,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ testl %edi,TI_flags(%r11)
jz \exit
CLEAR_RREGS -ARGOFFSET
jmp int_with_check
-@@ -238,7 +279,7 @@ sysexit_audit:
+@@ -235,7 +279,7 @@ sysexit_audit:
sysenter_tracesys:
#ifdef CONFIG_AUDITSYSCALL
-- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10)
+- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r11)
jz sysenter_auditsys
#endif
SAVE_REST
-@@ -246,6 +287,9 @@ sysenter_tracesys:
+@@ -243,6 +287,9 @@ sysenter_tracesys:
movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */
movq %rsp,%rdi /* &pt_regs -> arg1 */
call syscall_trace_enter
@@ -8374,7 +8362,7 @@ index a6253ec..4ad2120 100644
LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
RESTORE_REST
cmpq $(IA32_NR_syscalls-1),%rax
-@@ -277,19 +321,20 @@ ENDPROC(ia32_sysenter_target)
+@@ -274,19 +321,20 @@ ENDPROC(ia32_sysenter_target)
ENTRY(ia32_cstar_target)
CFI_STARTPROC32 simple
CFI_SIGNAL_FRAME
@@ -8397,7 +8385,7 @@ index a6253ec..4ad2120 100644
movl %eax,%eax /* zero extension */
movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
movq %rcx,RIP-ARGOFFSET(%rsp)
-@@ -305,13 +350,19 @@ ENTRY(ia32_cstar_target)
+@@ -302,12 +350,19 @@ ENTRY(ia32_cstar_target)
/* no need to do an access_ok check here because r8 has been
32bit zero extended */
/* hardware stack frame is complete now */
@@ -8411,44 +8399,42 @@ index a6253ec..4ad2120 100644
.section __ex_table,"a"
.quad 1b,ia32_badarg
.previous
-- GET_THREAD_INFO(%r10)
-- orl $TS_COMPAT,TI_status(%r10)
-- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10)
+- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ GET_THREAD_INFO(%r11)
+ orl $TS_COMPAT,TI_status(%r11)
+ testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11)
CFI_REMEMBER_STATE
jnz cstar_tracesys
cmpq $IA32_NR_syscalls-1,%rax
-@@ -321,13 +372,15 @@ cstar_do_call:
+@@ -317,12 +372,15 @@ cstar_do_call:
cstar_dispatch:
call *ia32_sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
-- GET_THREAD_INFO(%r10)
+ GET_THREAD_INFO(%r11)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
-- testl $_TIF_ALLWORK_MASK,TI_flags(%r10)
+- testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ testl $_TIF_ALLWORK_MASK,TI_flags(%r11)
jnz sysretl_audit
sysretl_from_sys_call:
-- andl $~TS_COMPAT,TI_status(%r10)
+- andl $~TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ pax_exit_kernel_user
+ pax_erase_kstack
+ andl $~TS_COMPAT,TI_status(%r11)
RESTORE_ARGS 0,-ARG_SKIP,0,0,0
movl RIP-ARGOFFSET(%rsp),%ecx
CFI_REGISTER rip,rcx
-@@ -355,7 +408,7 @@ sysretl_audit:
+@@ -350,7 +408,7 @@ sysretl_audit:
cstar_tracesys:
#ifdef CONFIG_AUDITSYSCALL
-- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10)
+- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r11)
jz cstar_auditsys
#endif
xchgl %r9d,%ebp
-@@ -364,6 +417,9 @@ cstar_tracesys:
+@@ -359,6 +417,9 @@ cstar_tracesys:
movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
movq %rsp,%rdi /* &pt_regs -> arg1 */
call syscall_trace_enter
@@ -8458,7 +8444,7 @@ index a6253ec..4ad2120 100644
LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */
RESTORE_REST
xchgl %ebp,%r9d
-@@ -409,20 +465,21 @@ ENTRY(ia32_syscall)
+@@ -404,19 +465,21 @@ ENTRY(ia32_syscall)
CFI_REL_OFFSET rip,RIP-RIP
PARAVIRT_ADJUST_EXCEPTION_FRAME
SWAPGS
@@ -8473,9 +8459,8 @@ index a6253ec..4ad2120 100644
/* note the registers are not zero extended to the sf.
this could be a problem. */
SAVE_ARGS 0,1,0
-- GET_THREAD_INFO(%r10)
-- orl $TS_COMPAT,TI_status(%r10)
-- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10)
+- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+ pax_enter_kernel_user
+ /*
+ * No need to follow this irqs on/off section: the syscall
@@ -8488,7 +8473,7 @@ index a6253ec..4ad2120 100644
jnz ia32_tracesys
cmpq $(IA32_NR_syscalls-1),%rax
ja ia32_badsys
-@@ -441,6 +498,9 @@ ia32_tracesys:
+@@ -435,6 +498,9 @@ ia32_tracesys:
movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
movq %rsp,%rdi /* &pt_regs -> arg1 */
call syscall_trace_enter
@@ -8498,14 +8483,6 @@ index a6253ec..4ad2120 100644
LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
RESTORE_REST
cmpq $(IA32_NR_syscalls-1),%rax
-@@ -455,6 +515,7 @@ ia32_badsys:
-
- quiet_ni_syscall:
- movq $-ENOSYS,%rax
-+ pax_force_retaddr
- ret
- CFI_ENDPROC
-
diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c
index f6f5c53..b358b28 100644
--- a/arch/x86/ia32/sys_ia32.c
@@ -8578,22 +8555,9 @@ index f6f5c53..b358b28 100644
set_fs(old_fs);
diff --git a/arch/x86/include/asm/alternative-asm.h b/arch/x86/include/asm/alternative-asm.h
-index 091508b..7692c6f 100644
+index 952bd01..7692c6f 100644
--- a/arch/x86/include/asm/alternative-asm.h
+++ b/arch/x86/include/asm/alternative-asm.h
-@@ -4,10 +4,10 @@
-
- #ifdef CONFIG_SMP
- .macro LOCK_PREFIX
--1: lock
-+672: lock
- .section .smp_locks,"a"
- .balign 4
-- .long 1b - .
-+ .long 672b - .
- .previous
- .endm
- #else
@@ -15,6 +15,45 @@
.endm
#endif
@@ -8654,7 +8618,7 @@ index 37ad100..7d47faa 100644
".previous"
diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h
-index 1a6c09a..fec2432 100644
+index 3ab9bdd..238033e 100644
--- a/arch/x86/include/asm/apic.h
+++ b/arch/x86/include/asm/apic.h
@@ -45,7 +45,7 @@ static inline void generic_apic_probe(void)
@@ -9098,7 +9062,7 @@ index 58cb6d4..ca9010d 100644
/*
* atomic_dec_if_positive - decrement by 1 if old value positive
diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h
-index 24098aa..1e37723 100644
+index fa13f0e..27c2e08 100644
--- a/arch/x86/include/asm/atomic64_32.h
+++ b/arch/x86/include/asm/atomic64_32.h
@@ -12,6 +12,14 @@ typedef struct {
@@ -9163,7 +9127,7 @@ index 24098aa..1e37723 100644
* atomic64_read - read atomic64 variable
* @v: pointer to type atomic64_t
*
-@@ -93,6 +134,22 @@ static inline long long atomic64_read(atomic64_t *v)
+@@ -93,6 +134,22 @@ static inline long long atomic64_read(const atomic64_t *v)
}
/**
@@ -9562,7 +9526,7 @@ index 0e1cbfc..5623683 100644
#define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h
-index 1775d6e..b65017f 100644
+index b97596e..9bd48b06 100644
--- a/arch/x86/include/asm/bitops.h
+++ b/arch/x86/include/asm/bitops.h
@@ -38,7 +38,7 @@
@@ -9666,28 +9630,32 @@ index 46fc474..b02b0f9 100644
if (len)
diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h
-index 5d3acdf..6447a02 100644
+index b3b7332..3935f40 100644
--- a/arch/x86/include/asm/cmpxchg.h
+++ b/arch/x86/include/asm/cmpxchg.h
-@@ -14,6 +14,8 @@ extern void __cmpxchg_wrong_size(void)
+@@ -14,8 +14,12 @@ extern void __cmpxchg_wrong_size(void)
__compiletime_error("Bad argument size for cmpxchg");
extern void __xadd_wrong_size(void)
__compiletime_error("Bad argument size for xadd");
+extern void __xadd_check_overflow_wrong_size(void)
+ __compiletime_error("Bad argument size for xadd_check_overflow");
+ extern void __add_wrong_size(void)
+ __compiletime_error("Bad argument size for add");
++extern void __add_check_overflow_wrong_size(void)
++ __compiletime_error("Bad argument size for add_check_overflow");
/*
* Constants for operation sizes. On 32-bit, the 64-bit size it set to
-@@ -195,6 +197,34 @@ extern void __xadd_wrong_size(void)
+@@ -67,6 +71,34 @@ extern void __add_wrong_size(void)
__ret; \
})
-+#define __xadd_check_overflow(ptr, inc, lock) \
++#define __xchg_op_check_overflow(ptr, arg, op, lock) \
+ ({ \
-+ __typeof__ (*(ptr)) __ret = (inc); \
++ __typeof__ (*(ptr)) __ret = (arg); \
+ switch (sizeof(*(ptr))) { \
+ case __X86_CASE_L: \
-+ asm volatile (lock "xaddl %0, %1\n" \
++ asm volatile (lock #op "l %0, %1\n" \
+ "jno 0f\n" \
+ "mov %0,%1\n" \
+ "int $4\n0:\n" \
@@ -9696,7 +9664,7 @@ index 5d3acdf..6447a02 100644
+ : : "memory", "cc"); \
+ break; \
+ case __X86_CASE_Q: \
-+ asm volatile (lock "xaddq %q0, %1\n" \
++ asm volatile (lock #op "q %q0, %1\n" \
+ "jno 0f\n" \
+ "mov %0,%1\n" \
+ "int $4\n0:\n" \
@@ -9705,26 +9673,29 @@ index 5d3acdf..6447a02 100644
+ : : "memory", "cc"); \
+ break; \
+ default: \
-+ __xadd_check_overflow_wrong_size(); \
++ __ ## op ## _check_overflow_wrong_size(); \
+ } \
+ __ret; \
+ })
+
/*
- * xadd() adds "inc" to "*ptr" and atomically returns the previous
- * value of "*ptr".
-@@ -207,4 +237,6 @@ extern void __xadd_wrong_size(void)
+ * Note: no "lock" prefix even on SMP: xchg always implies lock anyway.
+ * Since this is generally used to protect other memory information, we
+@@ -167,6 +199,9 @@ extern void __add_wrong_size(void)
#define xadd_sync(ptr, inc) __xadd((ptr), (inc), "lock; ")
#define xadd_local(ptr, inc) __xadd((ptr), (inc), "")
-+#define xadd_check_overflow(ptr, inc) __xadd_check_overflow((ptr), (inc), LOCK_PREFIX)
++#define __xadd_check_overflow(ptr, inc, lock) __xchg_op_check_overflow((ptr), (inc), xadd, lock)
++#define xadd_check_overflow(ptr, inc) __xadd_check_overflow((ptr), (inc), LOCK_PREFIX)
+
- #endif /* ASM_X86_CMPXCHG_H */
+ #define __add(ptr, inc, lock) \
+ ({ \
+ __typeof__ (*(ptr)) __ret = (inc); \
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
-index f3444f7..051a196 100644
+index 8d67d42..183d0eb 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
-@@ -363,7 +363,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
+@@ -367,7 +367,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
".section .discard,\"aw\",@progbits\n"
" .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */
".previous\n"
@@ -9734,7 +9705,7 @@ index f3444f7..051a196 100644
"4:\n"
".previous\n"
diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
-index 41935fa..3b40db8 100644
+index e95822d..a90010e 100644
--- a/arch/x86/include/asm/desc.h
+++ b/arch/x86/include/asm/desc.h
@@ -4,6 +4,7 @@
@@ -9753,11 +9724,13 @@ index 41935fa..3b40db8 100644
desc->s = 1;
desc->dpl = 0x3;
-@@ -34,17 +36,12 @@ static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *in
+@@ -34,19 +36,14 @@ static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *in
}
extern struct desc_ptr idt_descr;
-extern gate_desc idt_table[];
+ extern struct desc_ptr nmi_idt_descr;
+-extern gate_desc nmi_idt_table[];
-
-struct gdt_page {
- struct desc_struct gdt[GDT_ENTRIES];
@@ -9765,6 +9738,7 @@ index 41935fa..3b40db8 100644
-
-DECLARE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page);
+extern gate_desc idt_table[256];
++extern gate_desc nmi_idt_table[256];
+extern struct desc_struct cpu_gdt_table[NR_CPUS][PAGE_SIZE / sizeof(struct desc_struct)];
static inline struct desc_struct *get_cpu_gdt_table(unsigned int cpu)
@@ -9774,7 +9748,7 @@ index 41935fa..3b40db8 100644
}
#ifdef CONFIG_X86_64
-@@ -69,8 +66,14 @@ static inline void pack_gate(gate_desc *gate, unsigned char type,
+@@ -71,8 +68,14 @@ static inline void pack_gate(gate_desc *gate, unsigned char type,
unsigned long base, unsigned dpl, unsigned flags,
unsigned short seg)
{
@@ -9791,7 +9765,7 @@ index 41935fa..3b40db8 100644
}
#endif
-@@ -115,12 +118,16 @@ static inline void paravirt_free_ldt(struct desc_struct *ldt, unsigned entries)
+@@ -117,12 +120,16 @@ static inline void paravirt_free_ldt(struct desc_struct *ldt, unsigned entries)
static inline void native_write_idt_entry(gate_desc *idt, int entry, const gate_desc *gate)
{
@@ -9808,7 +9782,7 @@ index 41935fa..3b40db8 100644
}
static inline void
-@@ -134,7 +141,9 @@ native_write_gdt_entry(struct desc_struct *gdt, int entry, const void *desc, int
+@@ -136,7 +143,9 @@ native_write_gdt_entry(struct desc_struct *gdt, int entry, const void *desc, int
default: size = sizeof(*gdt); break;
}
@@ -9818,7 +9792,7 @@ index 41935fa..3b40db8 100644
}
static inline void pack_descriptor(struct desc_struct *desc, unsigned long base,
-@@ -207,7 +216,9 @@ static inline void native_set_ldt(const void *addr, unsigned int entries)
+@@ -209,7 +218,9 @@ static inline void native_set_ldt(const void *addr, unsigned int entries)
static inline void native_load_tr_desc(void)
{
@@ -9828,7 +9802,7 @@ index 41935fa..3b40db8 100644
}
static inline void native_load_gdt(const struct desc_ptr *dtr)
-@@ -244,8 +255,10 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu)
+@@ -246,8 +257,10 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu)
struct desc_struct *gdt = get_cpu_gdt_table(cpu);
unsigned int i;
@@ -9839,16 +9813,25 @@ index 41935fa..3b40db8 100644
}
#define _LDT_empty(info) \
-@@ -307,7 +320,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit)
- desc->limit = (limit >> 16) & 0xf;
+@@ -310,7 +323,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit)
+ }
+
+ #ifdef CONFIG_X86_64
+-static inline void set_nmi_gate(int gate, void *addr)
++static inline void set_nmi_gate(int gate, const void *addr)
+ {
+ gate_desc s;
+
+@@ -319,7 +332,7 @@ static inline void set_nmi_gate(int gate, void *addr)
}
+ #endif
-static inline void _set_gate(int gate, unsigned type, void *addr,
+static inline void _set_gate(int gate, unsigned type, const void *addr,
unsigned dpl, unsigned ist, unsigned seg)
{
gate_desc s;
-@@ -326,7 +339,7 @@ static inline void _set_gate(int gate, unsigned type, void *addr,
+@@ -338,7 +351,7 @@ static inline void _set_gate(int gate, unsigned type, void *addr,
* Pentium F0 0F bugfix can have resulted in the mapped
* IDT being write-protected.
*/
@@ -9857,7 +9840,7 @@ index 41935fa..3b40db8 100644
{
BUG_ON((unsigned)n > 0xFF);
_set_gate(n, GATE_INTERRUPT, addr, 0, 0, __KERNEL_CS);
-@@ -356,19 +369,19 @@ static inline void alloc_intr_gate(unsigned int n, void *addr)
+@@ -368,19 +381,19 @@ static inline void alloc_intr_gate(unsigned int n, void *addr)
/*
* This routine sets up an interrupt gate at directory privilege level 3.
*/
@@ -9880,7 +9863,7 @@ index 41935fa..3b40db8 100644
{
BUG_ON((unsigned)n > 0xFF);
_set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS);
-@@ -377,19 +390,31 @@ static inline void set_trap_gate(unsigned int n, void *addr)
+@@ -389,19 +402,31 @@ static inline void set_trap_gate(unsigned int n, void *addr)
static inline void set_task_gate(unsigned int n, unsigned int gdt_entry)
{
BUG_ON((unsigned)n > 0xFF);
@@ -9933,7 +9916,7 @@ index 278441f..b95a174 100644
} __attribute__((packed));
diff --git a/arch/x86/include/asm/e820.h b/arch/x86/include/asm/e820.h
-index 908b969..a1f4eb4 100644
+index 3778256..c5d4fce 100644
--- a/arch/x86/include/asm/e820.h
+++ b/arch/x86/include/asm/e820.h
@@ -69,7 +69,7 @@ struct e820map {
@@ -10017,18 +10000,6 @@ index cc70c1c..d96d011 100644
+extern void machine_emergency_restart(void) __noreturn;
#endif /* _ASM_X86_EMERGENCY_RESTART_H */
-diff --git a/arch/x86/include/asm/floppy.h b/arch/x86/include/asm/floppy.h
-index dbe82a5..c6d8a00 100644
---- a/arch/x86/include/asm/floppy.h
-+++ b/arch/x86/include/asm/floppy.h
-@@ -157,6 +157,7 @@ static unsigned long dma_mem_alloc(unsigned long size)
- }
-
-
-+static unsigned long vdma_mem_alloc(unsigned long size) __size_overflow(1);
- static unsigned long vdma_mem_alloc(unsigned long size)
- {
- return (unsigned long)vmalloc(size);
diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h
index d09bb03..4ea4194 100644
--- a/arch/x86/include/asm/futex.h
@@ -10107,10 +10078,10 @@ index eb92a6e..b98b2f4 100644
/* EISA */
extern void eisa_set_level_irq(unsigned int irq);
diff --git a/arch/x86/include/asm/i387.h b/arch/x86/include/asm/i387.h
-index a850b4d..bae26dc 100644
+index 2479049..3fb9795 100644
--- a/arch/x86/include/asm/i387.h
+++ b/arch/x86/include/asm/i387.h
-@@ -92,6 +92,11 @@ static inline int fxrstor_checking(struct i387_fxsave_struct *fx)
+@@ -93,6 +93,11 @@ static inline int fxrstor_checking(struct i387_fxsave_struct *fx)
{
int err;
@@ -10122,7 +10093,7 @@ index a850b4d..bae26dc 100644
/* See comment in fxsave() below. */
#ifdef CONFIG_AS_FXSAVEQ
asm volatile("1: fxrstorq %[fx]\n\t"
-@@ -121,6 +126,11 @@ static inline int fxsave_user(struct i387_fxsave_struct __user *fx)
+@@ -122,6 +127,11 @@ static inline int fxsave_user(struct i387_fxsave_struct __user *fx)
{
int err;
@@ -10134,7 +10105,16 @@ index a850b4d..bae26dc 100644
/*
* Clear the bytes not touched by the fxsave and reserved
* for the SW usage.
-@@ -424,7 +434,7 @@ static inline bool interrupted_kernel_fpu_idle(void)
+@@ -278,7 +288,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk)
+ "emms\n\t" /* clear stack tags */
+ "fildl %P[addr]", /* set F?P to defined value */
+ X86_FEATURE_FXSAVE_LEAK,
+- [addr] "m" (tsk->thread.fpu.has_fpu));
++ [addr] "m" (init_tss[smp_processor_id()].x86_tss.sp0));
+
+ return fpu_restore_checking(&tsk->thread.fpu);
+ }
+@@ -445,7 +455,7 @@ static inline bool interrupted_kernel_fpu_idle(void)
static inline bool interrupted_user_mode(void)
{
struct pt_regs *regs = get_irq_regs();
@@ -10202,19 +10182,10 @@ index 5478825..839e88c 100644
#define flush_insn_slot(p) do { } while (0)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
-index b4973f4..a42170a 100644
+index 52d6640..a013b87 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
-@@ -459,7 +459,7 @@ struct kvm_arch {
- unsigned int n_requested_mmu_pages;
- unsigned int n_max_mmu_pages;
- unsigned int indirect_shadow_pages;
-- atomic_t invlpg_counter;
-+ atomic_unchecked_t invlpg_counter;
- struct hlist_head mmu_page_hash[KVM_NUM_MMU_PAGES];
- /*
- * Hash table of struct kvm_mmu_page.
-@@ -638,7 +638,7 @@ struct kvm_x86_ops {
+@@ -663,7 +663,7 @@ struct kvm_x86_ops {
int (*check_intercept)(struct kvm_vcpu *vcpu,
struct x86_instruction_info *info,
enum x86_intercept_stage stage);
@@ -10223,36 +10194,6 @@ index b4973f4..a42170a 100644
struct kvm_arch_async_pf {
u32 token;
-@@ -667,9 +667,9 @@ void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages);
- int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3);
-
- int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa,
-- const void *val, int bytes);
-+ const void *val, int bytes) __size_overflow(2);
- int kvm_pv_mmu_op(struct kvm_vcpu *vcpu, unsigned long bytes,
-- gpa_t addr, unsigned long *ret);
-+ gpa_t addr, unsigned long *ret) __size_overflow(2,3);
- u8 kvm_get_guest_memory_type(struct kvm_vcpu *vcpu, gfn_t gfn);
-
- extern bool tdp_enabled;
-@@ -730,7 +730,7 @@ void kvm_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l);
- int kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr);
-
- int kvm_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata);
--int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data);
-+int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data) __size_overflow(3);
-
- unsigned long kvm_get_rflags(struct kvm_vcpu *vcpu);
- void kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags);
-@@ -755,7 +755,7 @@ int fx_init(struct kvm_vcpu *vcpu);
- void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu);
- void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
- const u8 *new, int bytes,
-- bool guest_initiated);
-+ bool guest_initiated) __size_overflow(2);
- int kvm_mmu_unprotect_page_virt(struct kvm_vcpu *vcpu, gva_t gva);
- void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu);
- int kvm_mmu_load(struct kvm_vcpu *vcpu);
diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h
index 9cdae5d..300d20f 100644
--- a/arch/x86/include/asm/local.h
@@ -10840,7 +10781,7 @@ index effff47..f9e4035 100644
/*
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
-index 18601c8..3d716d1 100644
+index 49afb3f..ed14d07 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
@@ -11276,10 +11217,10 @@ index 013286a..8b42f4f 100644
#define pgprot_writecombine pgprot_writecombine
extern pgprot_t pgprot_writecombine(pgprot_t prot);
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
-index bb3ee36..781a6b8 100644
+index 58545c9..fe6fc38e 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
-@@ -268,7 +268,7 @@ struct tss_struct {
+@@ -266,7 +266,7 @@ struct tss_struct {
} ____cacheline_aligned;
@@ -11288,7 +11229,7 @@ index bb3ee36..781a6b8 100644
/*
* Save the original ist values for checking stack pointers during debugging
-@@ -861,11 +861,18 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -860,11 +860,18 @@ static inline void spin_lock_prefetch(const void *x)
*/
#define TASK_SIZE PAGE_OFFSET
#define TASK_SIZE_MAX TASK_SIZE
@@ -11309,7 +11250,7 @@ index bb3ee36..781a6b8 100644
.vm86_info = NULL, \
.sysenter_cs = __KERNEL_CS, \
.io_bitmap_ptr = NULL, \
-@@ -879,7 +886,7 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -878,7 +885,7 @@ static inline void spin_lock_prefetch(const void *x)
*/
#define INIT_TSS { \
.x86_tss = { \
@@ -11318,7 +11259,7 @@ index bb3ee36..781a6b8 100644
.ss0 = __KERNEL_DS, \
.ss1 = __KERNEL_CS, \
.io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \
-@@ -890,11 +897,7 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -889,11 +896,7 @@ static inline void spin_lock_prefetch(const void *x)
extern unsigned long thread_saved_pc(struct task_struct *tsk);
#define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long))
@@ -11331,7 +11272,7 @@ index bb3ee36..781a6b8 100644
/*
* The below -8 is to reserve 8 bytes on top of the ring0 stack.
-@@ -909,7 +912,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -908,7 +911,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
#define task_pt_regs(task) \
({ \
struct pt_regs *__regs__; \
@@ -11340,7 +11281,7 @@ index bb3ee36..781a6b8 100644
__regs__ - 1; \
})
-@@ -919,13 +922,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -918,13 +921,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
/*
* User space process size. 47bits minus one guard page.
*/
@@ -11356,7 +11297,7 @@ index bb3ee36..781a6b8 100644
#define TASK_SIZE (test_thread_flag(TIF_IA32) ? \
IA32_PAGE_OFFSET : TASK_SIZE_MAX)
-@@ -936,11 +939,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -935,11 +938,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
#define STACK_TOP_MAX TASK_SIZE_MAX
#define INIT_THREAD { \
@@ -11370,7 +11311,7 @@ index bb3ee36..781a6b8 100644
}
/*
-@@ -962,6 +965,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
+@@ -961,6 +964,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
*/
#define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3))
@@ -11661,7 +11602,7 @@ index 5e64171..f58957e 100644
#define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8+3)
#define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS*8+3)
diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h
-index 73b11bc..d4a3b63 100644
+index 0434c40..1714bf0 100644
--- a/arch/x86/include/asm/smp.h
+++ b/arch/x86/include/asm/smp.h
@@ -36,7 +36,7 @@ DECLARE_PER_CPU(cpumask_var_t, cpu_core_map);
@@ -11700,10 +11641,10 @@ index 73b11bc..d4a3b63 100644
#endif
diff --git a/arch/x86/include/asm/spinlock.h b/arch/x86/include/asm/spinlock.h
-index 972c260..43ab1fd 100644
+index a82c2bf..2198f61 100644
--- a/arch/x86/include/asm/spinlock.h
+++ b/arch/x86/include/asm/spinlock.h
-@@ -188,6 +188,14 @@ static inline int arch_write_can_lock(arch_rwlock_t *lock)
+@@ -175,6 +175,14 @@ static inline int arch_write_can_lock(arch_rwlock_t *lock)
static inline void arch_read_lock(arch_rwlock_t *rw)
{
asm volatile(LOCK_PREFIX READ_LOCK_SIZE(dec) " (%0)\n\t"
@@ -11718,7 +11659,7 @@ index 972c260..43ab1fd 100644
"jns 1f\n"
"call __read_lock_failed\n\t"
"1:\n"
-@@ -197,6 +205,14 @@ static inline void arch_read_lock(arch_rwlock_t *rw)
+@@ -184,6 +192,14 @@ static inline void arch_read_lock(arch_rwlock_t *rw)
static inline void arch_write_lock(arch_rwlock_t *rw)
{
asm volatile(LOCK_PREFIX WRITE_LOCK_SUB(%1) "(%0)\n\t"
@@ -11733,7 +11674,7 @@ index 972c260..43ab1fd 100644
"jz 1f\n"
"call __write_lock_failed\n\t"
"1:\n"
-@@ -226,13 +242,29 @@ static inline int arch_write_trylock(arch_rwlock_t *lock)
+@@ -213,13 +229,29 @@ static inline int arch_write_trylock(arch_rwlock_t *lock)
static inline void arch_read_unlock(arch_rwlock_t *rw)
{
@@ -11853,19 +11794,6 @@ index cb23852..2dde194 100644
asmlinkage long sys32_sysfs(int, u32, u32);
asmlinkage long sys32_sched_rr_get_interval(compat_pid_t,
-diff --git a/arch/x86/include/asm/syscalls.h b/arch/x86/include/asm/syscalls.h
-index f1d8b44..a4de8b7 100644
---- a/arch/x86/include/asm/syscalls.h
-+++ b/arch/x86/include/asm/syscalls.h
-@@ -30,7 +30,7 @@ long sys_clone(unsigned long, unsigned long, void __user *,
- void __user *, struct pt_regs *);
-
- /* kernel/ldt.c */
--asmlinkage int sys_modify_ldt(int, void __user *, unsigned long);
-+asmlinkage int sys_modify_ldt(int, void __user *, unsigned long) __size_overflow(3);
-
- /* kernel/signal.c */
- long sys_rt_sigreturn(struct pt_regs *);
diff --git a/arch/x86/include/asm/system.h b/arch/x86/include/asm/system.h
index 2d2f01c..f985723 100644
--- a/arch/x86/include/asm/system.h
@@ -11914,7 +11842,7 @@ index 2d2f01c..f985723 100644
/*
* Force strict CPU ordering.
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
-index d7ef849..6af292e 100644
+index cfd8144..1b1127d 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -10,6 +10,7 @@
@@ -11933,7 +11861,7 @@ index d7ef849..6af292e 100644
struct exec_domain *exec_domain; /* execution domain */
__u32 flags; /* low level flags */
__u32 status; /* thread synchronous flags */
-@@ -34,18 +34,12 @@ struct thread_info {
+@@ -34,19 +34,13 @@ struct thread_info {
mm_segment_t addr_limit;
struct restart_block restart_block;
void __user *sysenter_return;
@@ -11944,7 +11872,8 @@ index d7ef849..6af292e 100644
- __u8 supervisor_stack[0];
-#endif
+ unsigned long lowest_stack;
- int uaccess_err;
+ unsigned int sig_on_uaccess_error:1;
+ unsigned int uaccess_err:1; /* uaccess failed */
};
-#define INIT_THREAD_INFO(tsk) \
@@ -11954,7 +11883,7 @@ index d7ef849..6af292e 100644
.exec_domain = &default_exec_domain, \
.flags = 0, \
.cpu = 0, \
-@@ -56,7 +50,7 @@ struct thread_info {
+@@ -57,7 +51,7 @@ struct thread_info {
}, \
}
@@ -11963,7 +11892,7 @@ index d7ef849..6af292e 100644
#define init_stack (init_thread_union.stack)
#else /* !__ASSEMBLY__ */
-@@ -170,45 +164,40 @@ struct thread_info {
+@@ -169,45 +163,40 @@ struct thread_info {
ret; \
})
@@ -12034,7 +11963,7 @@ index d7ef849..6af292e 100644
/*
* macros/functions for gaining access to the thread information structure
* preempt_count needs to be 1 initially, until the scheduler is functional.
-@@ -216,21 +205,8 @@ static inline struct thread_info *current_thread_info(void)
+@@ -215,27 +204,8 @@ static inline struct thread_info *current_thread_info(void)
#ifndef __ASSEMBLY__
DECLARE_PER_CPU(unsigned long, kernel_stack);
@@ -12053,12 +11982,18 @@ index d7ef849..6af292e 100644
- movq PER_CPU_VAR(kernel_stack),reg ; \
- subq $(THREAD_SIZE-KERNEL_STACK_OFFSET),reg
-
+-/*
+- * Same if PER_CPU_VAR(kernel_stack) is, perhaps with some offset, already in
+- * a certain register (to be used in assembler memory operands).
+- */
+-#define THREAD_INFO(reg, off) KERNEL_STACK_OFFSET+(off)-THREAD_SIZE(reg)
+-
+/* how to get the current stack pointer from C */
+register unsigned long current_stack_pointer asm("rsp") __used;
#endif
#endif /* !X86_32 */
-@@ -264,5 +240,16 @@ extern void arch_task_cache_init(void);
+@@ -269,5 +239,16 @@ extern void arch_task_cache_init(void);
extern void free_thread_info(struct thread_info *ti);
extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src);
#define arch_task_cache_init arch_task_cache_init
@@ -12076,7 +12011,7 @@ index d7ef849..6af292e 100644
#endif
#endif /* _ASM_X86_THREAD_INFO_H */
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
-index 36361bf..324f262 100644
+index 8be5f54..7ae826d 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -7,12 +7,15 @@
@@ -12299,36 +12234,11 @@ index 36361bf..324f262 100644
#ifdef CONFIG_X86_WP_WORKS_OK
diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h
-index 566e803..7183d0b 100644
+index 566e803..b9521e9 100644
--- a/arch/x86/include/asm/uaccess_32.h
+++ b/arch/x86/include/asm/uaccess_32.h
-@@ -11,15 +11,15 @@
- #include <asm/page.h>
-
- unsigned long __must_check __copy_to_user_ll
-- (void __user *to, const void *from, unsigned long n);
-+ (void __user *to, const void *from, unsigned long n) __size_overflow(3);
- unsigned long __must_check __copy_from_user_ll
-- (void *to, const void __user *from, unsigned long n);
-+ (void *to, const void __user *from, unsigned long n) __size_overflow(3);
- unsigned long __must_check __copy_from_user_ll_nozero
-- (void *to, const void __user *from, unsigned long n);
-+ (void *to, const void __user *from, unsigned long n) __size_overflow(3);
- unsigned long __must_check __copy_from_user_ll_nocache
-- (void *to, const void __user *from, unsigned long n);
-+ (void *to, const void __user *from, unsigned long n) __size_overflow(3);
- unsigned long __must_check __copy_from_user_ll_nocache_nozero
-- (void *to, const void __user *from, unsigned long n);
-+ (void *to, const void __user *from, unsigned long n) __size_overflow(3);
-
- /**
- * __copy_to_user_inatomic: - Copy a block of data into user space, with less checking.
-@@ -41,8 +41,13 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero
- */
-
+@@ -43,6 +43,9 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero
static __always_inline unsigned long __must_check
-+__copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) __size_overflow(3);
-+static __always_inline unsigned long __must_check
__copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
{
+ if ((long)n < 0)
@@ -12337,7 +12247,7 @@ index 566e803..7183d0b 100644
if (__builtin_constant_p(n)) {
unsigned long ret;
-@@ -61,6 +66,8 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
+@@ -61,6 +64,8 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
return ret;
}
}
@@ -12346,12 +12256,7 @@ index 566e803..7183d0b 100644
return __copy_to_user_ll(to, from, n);
}
-@@ -79,15 +86,23 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n)
- * On success, this will be zero.
- */
- static __always_inline unsigned long __must_check
-+__copy_to_user(void __user *to, const void *from, unsigned long n) __size_overflow(3);
-+static __always_inline unsigned long __must_check
+@@ -82,12 +87,16 @@ static __always_inline unsigned long __must_check
__copy_to_user(void __user *to, const void *from, unsigned long n)
{
might_fault();
@@ -12360,8 +12265,6 @@ index 566e803..7183d0b 100644
}
static __always_inline unsigned long
-+__copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) __size_overflow(3);
-+static __always_inline unsigned long
__copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
{
+ if ((long)n < 0)
@@ -12370,12 +12273,7 @@ index 566e803..7183d0b 100644
/* Avoid zeroing the tail if the copy fails..
* If 'n' is constant and 1, 2, or 4, we do still zero on a failure,
* but as the zeroing behaviour is only significant when n is not
-@@ -134,9 +149,15 @@ __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n)
- * for explanation of why this is needed.
- */
- static __always_inline unsigned long
-+__copy_from_user(void *to, const void __user *from, unsigned long n) __size_overflow(3);
-+static __always_inline unsigned long
+@@ -137,6 +146,10 @@ static __always_inline unsigned long
__copy_from_user(void *to, const void __user *from, unsigned long n)
{
might_fault();
@@ -12386,7 +12284,7 @@ index 566e803..7183d0b 100644
if (__builtin_constant_p(n)) {
unsigned long ret;
-@@ -152,13 +173,21 @@ __copy_from_user(void *to, const void __user *from, unsigned long n)
+@@ -152,6 +165,8 @@ __copy_from_user(void *to, const void __user *from, unsigned long n)
return ret;
}
}
@@ -12395,9 +12293,7 @@ index 566e803..7183d0b 100644
return __copy_from_user_ll(to, from, n);
}
- static __always_inline unsigned long __copy_from_user_nocache(void *to,
-+ const void __user *from, unsigned long n) __size_overflow(3);
-+static __always_inline unsigned long __copy_from_user_nocache(void *to,
+@@ -159,6 +174,10 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to,
const void __user *from, unsigned long n)
{
might_fault();
@@ -12408,13 +12304,8 @@ index 566e803..7183d0b 100644
if (__builtin_constant_p(n)) {
unsigned long ret;
-@@ -179,17 +208,24 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to,
-
- static __always_inline unsigned long
+@@ -181,15 +200,19 @@ static __always_inline unsigned long
__copy_from_user_inatomic_nocache(void *to, const void __user *from,
-+ unsigned long n) __size_overflow(3);
-+static __always_inline unsigned long
-+__copy_from_user_inatomic_nocache(void *to, const void __user *from,
unsigned long n)
{
- return __copy_from_user_ll_nocache_nozero(to, from, n);
@@ -12440,7 +12331,7 @@ index 566e803..7183d0b 100644
extern void copy_from_user_overflow(void)
#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
-@@ -199,17 +235,65 @@ extern void copy_from_user_overflow(void)
+@@ -199,17 +222,61 @@ extern void copy_from_user_overflow(void)
#endif
;
@@ -12461,8 +12352,6 @@ index 566e803..7183d0b 100644
+ * On success, this will be zero.
+ */
+static inline unsigned long __must_check
-+copy_to_user(void __user *to, const void *from, unsigned long n) __size_overflow(3);
-+static inline unsigned long __must_check
+copy_to_user(void __user *to, const void *from, unsigned long n)
+{
+ int sz = __compiletime_object_size(from);
@@ -12491,8 +12380,6 @@ index 566e803..7183d0b 100644
+ * data to the requested size using zero bytes.
+ */
+static inline unsigned long __must_check
-+copy_from_user(void *to, const void __user *from, unsigned long n) __size_overflow(3);
-+static inline unsigned long __must_check
+copy_from_user(void *to, const void __user *from, unsigned long n)
{
int sz = __compiletime_object_size(to);
@@ -12513,18 +12400,8 @@ index 566e803..7183d0b 100644
return n;
}
-@@ -235,7 +319,7 @@ long __must_check __strncpy_from_user(char *dst,
- #define strlen_user(str) strnlen_user(str, LONG_MAX)
-
- long strnlen_user(const char __user *str, long n);
--unsigned long __must_check clear_user(void __user *mem, unsigned long len);
--unsigned long __must_check __clear_user(void __user *mem, unsigned long len);
-+unsigned long __must_check clear_user(void __user *mem, unsigned long len) __size_overflow(2);
-+unsigned long __must_check __clear_user(void __user *mem, unsigned long len) __size_overflow(2);
-
- #endif /* _ASM_X86_UACCESS_32_H */
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
-index 1c66d30..e294b5f 100644
+index 1c66d30..e66922c 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -10,6 +10,9 @@
@@ -12537,25 +12414,23 @@ index 1c66d30..e294b5f 100644
/*
* Copy To/From Userspace
-@@ -17,12 +20,14 @@
+@@ -17,12 +20,12 @@
/* Handles exceptions in both to and from, but doesn't do access_ok */
__must_check unsigned long
-copy_user_generic_string(void *to, const void *from, unsigned len);
-+copy_user_generic_string(void *to, const void *from, unsigned long len) __size_overflow(3);
++copy_user_generic_string(void *to, const void *from, unsigned long len);
__must_check unsigned long
-copy_user_generic_unrolled(void *to, const void *from, unsigned len);
-+copy_user_generic_unrolled(void *to, const void *from, unsigned long len) __size_overflow(3);
++copy_user_generic_unrolled(void *to, const void *from, unsigned long len);
static __always_inline __must_check unsigned long
-copy_user_generic(void *to, const void *from, unsigned len)
-+copy_user_generic(void *to, const void *from, unsigned long len) __size_overflow(3);
-+static __always_inline __must_check unsigned long
+copy_user_generic(void *to, const void *from, unsigned long len)
{
unsigned ret;
-@@ -32,142 +37,237 @@ copy_user_generic(void *to, const void *from, unsigned len)
+@@ -32,142 +35,226 @@ copy_user_generic(void *to, const void *from, unsigned len)
ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from),
"=d" (len)),
"1" (to), "2" (from), "3" (len)
@@ -12565,22 +12440,19 @@ index 1c66d30..e294b5f 100644
}
+static __always_inline __must_check unsigned long
-+__copy_to_user(void __user *to, const void *from, unsigned long len) __size_overflow(3);
++__copy_to_user(void __user *to, const void *from, unsigned long len);
+static __always_inline __must_check unsigned long
-+__copy_from_user(void *to, const void __user *from, unsigned long len) __size_overflow(3);
++__copy_from_user(void *to, const void __user *from, unsigned long len);
__must_check unsigned long
-_copy_to_user(void __user *to, const void *from, unsigned len);
-__must_check unsigned long
-_copy_from_user(void *to, const void __user *from, unsigned len);
-__must_check unsigned long
-copy_in_user(void __user *to, const void __user *from, unsigned len);
-+copy_in_user(void __user *to, const void __user *from, unsigned long len) __size_overflow(3);
++copy_in_user(void __user *to, const void __user *from, unsigned long len);
static inline unsigned long __must_check copy_from_user(void *to,
const void __user *from,
-+ unsigned long n) __size_overflow(3);
-+static inline unsigned long __must_check copy_from_user(void *to,
-+ const void __user *from,
unsigned long n)
{
- int sz = __compiletime_object_size(to);
@@ -12605,8 +12477,6 @@ index 1c66d30..e294b5f 100644
static __always_inline __must_check
-int copy_to_user(void __user *dst, const void *src, unsigned size)
-+int copy_to_user(void __user *dst, const void *src, unsigned long size) __size_overflow(3);
-+static __always_inline __must_check
+int copy_to_user(void __user *dst, const void *src, unsigned long size)
{
might_fault();
@@ -12619,8 +12489,6 @@ index 1c66d30..e294b5f 100644
static __always_inline __must_check
-int __copy_from_user(void *dst, const void __user *src, unsigned size)
-+unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long size) __size_overflow(3);
-+static __always_inline __must_check
+unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long size)
{
- int ret = 0;
@@ -12709,8 +12577,6 @@ index 1c66d30..e294b5f 100644
static __always_inline __must_check
-int __copy_to_user(void __user *dst, const void *src, unsigned size)
-+unsigned long __copy_to_user(void __user *dst, const void *src, unsigned long size) __size_overflow(3);
-+static __always_inline __must_check
+unsigned long __copy_to_user(void __user *dst, const void *src, unsigned long size)
{
- int ret = 0;
@@ -12799,8 +12665,6 @@ index 1c66d30..e294b5f 100644
static __always_inline __must_check
-int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
-+unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned long size) __size_overflow(3);
-+static __always_inline __must_check
+unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned long size)
{
- int ret = 0;
@@ -12841,7 +12705,7 @@ index 1c66d30..e294b5f 100644
ret, "b", "b", "=q", 1);
if (likely(!ret))
__put_user_asm(tmp, (u8 __user *)dst,
-@@ -176,7 +276,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+@@ -176,7 +263,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
}
case 2: {
u16 tmp;
@@ -12850,7 +12714,7 @@ index 1c66d30..e294b5f 100644
ret, "w", "w", "=r", 2);
if (likely(!ret))
__put_user_asm(tmp, (u16 __user *)dst,
-@@ -186,7 +286,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+@@ -186,7 +273,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
case 4: {
u32 tmp;
@@ -12859,7 +12723,7 @@ index 1c66d30..e294b5f 100644
ret, "l", "k", "=r", 4);
if (likely(!ret))
__put_user_asm(tmp, (u32 __user *)dst,
-@@ -195,7 +295,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+@@ -195,7 +282,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
}
case 8: {
u64 tmp;
@@ -12868,7 +12732,7 @@ index 1c66d30..e294b5f 100644
ret, "q", "", "=r", 8);
if (likely(!ret))
__put_user_asm(tmp, (u64 __user *)dst,
-@@ -203,8 +303,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+@@ -203,8 +290,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
return ret;
}
default:
@@ -12887,19 +12751,11 @@ index 1c66d30..e294b5f 100644
}
}
-@@ -215,39 +323,83 @@ __strncpy_from_user(char *dst, const char __user *src, long count);
- __must_check long strnlen_user(const char __user *str, long n);
- __must_check long __strnlen_user(const char __user *str, long n);
- __must_check long strlen_user(const char __user *str);
--__must_check unsigned long clear_user(void __user *mem, unsigned long len);
--__must_check unsigned long __clear_user(void __user *mem, unsigned long len);
-+__must_check unsigned long clear_user(void __user *mem, unsigned long len) __size_overflow(2);
-+__must_check unsigned long __clear_user(void __user *mem, unsigned long len) __size_overflow(2);
+@@ -219,35 +314,72 @@ __must_check unsigned long clear_user(void __user *mem, unsigned long len);
+ __must_check unsigned long __clear_user(void __user *mem, unsigned long len);
static __must_check __always_inline int
-__copy_from_user_inatomic(void *dst, const void __user *src, unsigned size)
-+__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size) __size_overflow(3);
-+static __must_check __always_inline int
+__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size)
{
- return copy_user_generic(dst, (__force const void *)src, size);
@@ -12920,8 +12776,6 @@ index 1c66d30..e294b5f 100644
-static __must_check __always_inline int
-__copy_to_user_inatomic(void __user *dst, const void *src, unsigned size)
+static __must_check __always_inline unsigned long
-+__copy_to_user_inatomic(void __user *dst, const void *src, unsigned long size) __size_overflow(3);
-+static __must_check __always_inline unsigned long
+__copy_to_user_inatomic(void __user *dst, const void *src, unsigned long size)
{
- return copy_user_generic((__force void *)dst, src, size);
@@ -12942,11 +12796,10 @@ index 1c66d30..e294b5f 100644
-extern long __copy_user_nocache(void *dst, const void __user *src,
- unsigned size, int zerorest);
+extern unsigned long __copy_user_nocache(void *dst, const void __user *src,
-+ unsigned long size, int zerorest) __size_overflow(3);
++ unsigned long size, int zerorest);
-static inline int
-__copy_from_user_nocache(void *dst, const void __user *src, unsigned size)
-+static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src, unsigned long size) __size_overflow(3);
+static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src, unsigned long size)
{
might_sleep();
@@ -12966,8 +12819,6 @@ index 1c66d30..e294b5f 100644
-__copy_from_user_inatomic_nocache(void *dst, const void __user *src,
- unsigned size)
+static inline unsigned long __copy_from_user_inatomic_nocache(void *dst, const void __user *src,
-+ unsigned long size) __size_overflow(3);
-+static inline unsigned long __copy_from_user_inatomic_nocache(void *dst, const void __user *src,
+ unsigned long size)
{
+ if (size > INT_MAX)
@@ -12984,7 +12835,7 @@ index 1c66d30..e294b5f 100644
-unsigned long
-copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest);
+extern unsigned long
-+copy_user_handle_tail(char __user *to, char __user *from, unsigned long len, unsigned zerorest) __size_overflow(3);
++copy_user_handle_tail(char __user *to, char __user *from, unsigned long len, unsigned zerorest);
#endif /* _ASM_X86_UACCESS_64_H */
diff --git a/arch/x86/include/asm/vdso.h b/arch/x86/include/asm/vdso.h
@@ -13001,10 +12852,10 @@ index bb05228..d763d5b 100644
#endif
diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h
-index 1971e65..1e3559b 100644
+index 517d476..a1cb4d9 100644
--- a/arch/x86/include/asm/x86_init.h
+++ b/arch/x86/include/asm/x86_init.h
-@@ -28,7 +28,7 @@ struct x86_init_mpparse {
+@@ -29,7 +29,7 @@ struct x86_init_mpparse {
void (*mpc_oem_bus_info)(struct mpc_bus *m, char *name);
void (*find_smp_config)(void);
void (*get_smp_config)(unsigned int early);
@@ -13013,7 +12864,7 @@ index 1971e65..1e3559b 100644
/**
* struct x86_init_resources - platform specific resource related ops
-@@ -42,7 +42,7 @@ struct x86_init_resources {
+@@ -43,7 +43,7 @@ struct x86_init_resources {
void (*probe_roms)(void);
void (*reserve_resources)(void);
char *(*memory_setup)(void);
@@ -13022,7 +12873,7 @@ index 1971e65..1e3559b 100644
/**
* struct x86_init_irqs - platform specific interrupt setup
-@@ -55,7 +55,7 @@ struct x86_init_irqs {
+@@ -56,7 +56,7 @@ struct x86_init_irqs {
void (*pre_vector_init)(void);
void (*intr_init)(void);
void (*trap_init)(void);
@@ -13031,7 +12882,7 @@ index 1971e65..1e3559b 100644
/**
* struct x86_init_oem - oem platform specific customizing functions
-@@ -65,7 +65,7 @@ struct x86_init_irqs {
+@@ -66,7 +66,7 @@ struct x86_init_irqs {
struct x86_init_oem {
void (*arch_setup)(void);
void (*banner)(void);
@@ -13040,7 +12891,7 @@ index 1971e65..1e3559b 100644
/**
* struct x86_init_mapping - platform specific initial kernel pagetable setup
-@@ -76,7 +76,7 @@ struct x86_init_oem {
+@@ -77,7 +77,7 @@ struct x86_init_oem {
*/
struct x86_init_mapping {
void (*pagetable_reserve)(u64 start, u64 end);
@@ -13049,7 +12900,7 @@ index 1971e65..1e3559b 100644
/**
* struct x86_init_paging - platform specific paging functions
-@@ -86,7 +86,7 @@ struct x86_init_mapping {
+@@ -87,7 +87,7 @@ struct x86_init_mapping {
struct x86_init_paging {
void (*pagetable_setup_start)(pgd_t *base);
void (*pagetable_setup_done)(pgd_t *base);
@@ -13058,7 +12909,7 @@ index 1971e65..1e3559b 100644
/**
* struct x86_init_timers - platform specific timer setup
-@@ -101,7 +101,7 @@ struct x86_init_timers {
+@@ -102,7 +102,7 @@ struct x86_init_timers {
void (*tsc_pre_init)(void);
void (*timer_init)(void);
void (*wallclock_init)(void);
@@ -13067,7 +12918,7 @@ index 1971e65..1e3559b 100644
/**
* struct x86_init_iommu - platform specific iommu setup
-@@ -109,7 +109,7 @@ struct x86_init_timers {
+@@ -110,7 +110,7 @@ struct x86_init_timers {
*/
struct x86_init_iommu {
int (*iommu_init)(void);
@@ -13076,7 +12927,7 @@ index 1971e65..1e3559b 100644
/**
* struct x86_init_pci - platform specific pci init functions
-@@ -123,7 +123,7 @@ struct x86_init_pci {
+@@ -124,7 +124,7 @@ struct x86_init_pci {
int (*init)(void);
void (*init_irq)(void);
void (*fixup_irqs)(void);
@@ -13085,7 +12936,7 @@ index 1971e65..1e3559b 100644
/**
* struct x86_init_ops - functions for platform specific setup
-@@ -139,7 +139,7 @@ struct x86_init_ops {
+@@ -140,7 +140,7 @@ struct x86_init_ops {
struct x86_init_timers timers;
struct x86_init_iommu iommu;
struct x86_init_pci pci;
@@ -13094,16 +12945,16 @@ index 1971e65..1e3559b 100644
/**
* struct x86_cpuinit_ops - platform specific cpu hotplug setups
-@@ -147,7 +147,7 @@ struct x86_init_ops {
- */
+@@ -149,7 +149,7 @@ struct x86_init_ops {
struct x86_cpuinit_ops {
void (*setup_percpu_clockev)(void);
+ void (*fixup_cpu_id)(struct cpuinfo_x86 *c, int node);
-};
+} __no_const;
/**
* struct x86_platform_ops - platform specific runtime functions
-@@ -169,7 +169,7 @@ struct x86_platform_ops {
+@@ -171,7 +171,7 @@ struct x86_platform_ops {
void (*nmi_init)(void);
unsigned char (*get_nmi_reason)(void);
int (*i8042_detect)(void);
@@ -13112,10 +12963,10 @@ index 1971e65..1e3559b 100644
struct pci_dev;
-@@ -177,7 +177,7 @@ struct x86_msi_ops {
- int (*setup_msi_irqs)(struct pci_dev *dev, int nvec, int type);
+@@ -180,7 +180,7 @@ struct x86_msi_ops {
void (*teardown_msi_irq)(unsigned int irq);
void (*teardown_msi_irqs)(struct pci_dev *dev);
+ void (*restore_msi_irqs)(struct pci_dev *dev, int irq);
-};
+} __no_const;
@@ -13365,10 +13216,10 @@ index 1f84794..e23f862 100644
}
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
-index f98d84c..e402a69 100644
+index 2eec05b..fef012b 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
-@@ -174,7 +174,7 @@ int first_system_vector = 0xfe;
+@@ -184,7 +184,7 @@ int first_system_vector = 0xfe;
/*
* Debug level, exported for io_apic.c
*/
@@ -13377,7 +13228,7 @@ index f98d84c..e402a69 100644
int pic_mode;
-@@ -1853,7 +1853,7 @@ void smp_error_interrupt(struct pt_regs *regs)
+@@ -1908,7 +1908,7 @@ void smp_error_interrupt(struct pt_regs *regs)
apic_write(APIC_ESR, 0);
v1 = apic_read(APIC_ESR);
ack_APIC_irq();
@@ -13387,7 +13238,7 @@ index f98d84c..e402a69 100644
apic_printk(APIC_DEBUG, KERN_DEBUG "APIC error on CPU%d: %02x(%02x)",
smp_processor_id(), v0 , v1);
diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
-index 6d939d7..0697fcc 100644
+index fb07275..e06bb59 100644
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -1096,7 +1096,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin,
@@ -13427,7 +13278,7 @@ index 6d939d7..0697fcc 100644
eoi_ioapic_irq(irq, cfg);
}
diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c
-index a46bd38..6b906d7 100644
+index f76623c..aab694f 100644
--- a/arch/x86/kernel/apm_32.c
+++ b/arch/x86/kernel/apm_32.c
@@ -411,7 +411,7 @@ static DEFINE_MUTEX(apm_mutex);
@@ -13502,7 +13353,7 @@ index a46bd38..6b906d7 100644
proc_create("apm", 0, NULL, &apm_file_ops);
diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c
-index 4f13faf..87db5d2 100644
+index 68de2dc..1f3c720 100644
--- a/arch/x86/kernel/asm-offsets.c
+++ b/arch/x86/kernel/asm-offsets.c
@@ -33,6 +33,8 @@ void common(void) {
@@ -13542,10 +13393,10 @@ index 4f13faf..87db5d2 100644
BLANK();
OFFSET(XEN_vcpu_info_mask, vcpu_info, evtchn_upcall_mask);
diff --git a/arch/x86/kernel/asm-offsets_64.c b/arch/x86/kernel/asm-offsets_64.c
-index e72a119..6e2955d 100644
+index 834e897..dacddc8 100644
--- a/arch/x86/kernel/asm-offsets_64.c
+++ b/arch/x86/kernel/asm-offsets_64.c
-@@ -69,6 +69,7 @@ int main(void)
+@@ -70,6 +70,7 @@ int main(void)
BLANK();
#undef ENTRY
@@ -13569,10 +13420,10 @@ index 25f24dc..4094a7f 100644
obj-y += proc.o capflags.o powerflags.o common.o
obj-y += vmware.o hypervisor.o sched.o mshyperv.o
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
-index 0bab2b1..d0a1bf8 100644
+index f4773f4..b3fb13c 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
-@@ -664,7 +664,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c,
+@@ -669,7 +669,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c,
unsigned int size)
{
/* AMD errata T13 (order #21922) */
@@ -13582,7 +13433,7 @@ index 0bab2b1..d0a1bf8 100644
if (c->x86_model == 3 && c->x86_mask == 0)
size = 64;
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index aa003b1..47ea638 100644
+index c0f7d68..aa418f9 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -84,60 +84,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = {
@@ -13655,7 +13506,7 @@ index aa003b1..47ea638 100644
gdt_descr.size = GDT_SIZE - 1;
load_gdt(&gdt_descr);
/* Reload the per-cpu base */
-@@ -844,6 +790,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
+@@ -839,6 +785,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
/* Filter out anything that depends on CPUID levels we don't have */
filter_cpuid_features(c, true);
@@ -13666,7 +13517,7 @@ index aa003b1..47ea638 100644
/* If the model name is still unset, do table lookup. */
if (!c->x86_model_id[0]) {
const char *p;
-@@ -1024,6 +974,9 @@ static __init int setup_disablecpuid(char *arg)
+@@ -1019,10 +969,12 @@ static __init int setup_disablecpuid(char *arg)
}
__setup("clearcpuid=", setup_disablecpuid);
@@ -13675,8 +13526,13 @@ index aa003b1..47ea638 100644
+
#ifdef CONFIG_X86_64
struct desc_ptr idt_descr = { NR_VECTORS * 16 - 1, (unsigned long) idt_table };
+-struct desc_ptr nmi_idt_descr = { NR_VECTORS * 16 - 1,
+- (unsigned long) nmi_idt_table };
++struct desc_ptr nmi_idt_descr = { NR_VECTORS * 16 - 1, (unsigned long) nmi_idt_table };
-@@ -1039,7 +992,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
+ DEFINE_PER_CPU_FIRST(union irq_stack_union,
+ irq_stack_union) __aligned(PAGE_SIZE);
+@@ -1036,7 +988,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
EXPORT_PER_CPU_SYMBOL(current_task);
DEFINE_PER_CPU(unsigned long, kernel_stack) =
@@ -13685,7 +13541,7 @@ index aa003b1..47ea638 100644
EXPORT_PER_CPU_SYMBOL(kernel_stack);
DEFINE_PER_CPU(char *, irq_stack_ptr) =
-@@ -1104,7 +1057,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs)
+@@ -1126,7 +1078,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs)
{
memset(regs, 0, sizeof(struct pt_regs));
regs->fs = __KERNEL_PERCPU;
@@ -13694,7 +13550,7 @@ index aa003b1..47ea638 100644
return regs;
}
-@@ -1159,7 +1112,7 @@ void __cpuinit cpu_init(void)
+@@ -1190,7 +1142,7 @@ void __cpuinit cpu_init(void)
int i;
cpu = stack_smp_processor_id();
@@ -13703,7 +13559,7 @@ index aa003b1..47ea638 100644
oist = &per_cpu(orig_ist, cpu);
#ifdef CONFIG_NUMA
-@@ -1185,7 +1138,7 @@ void __cpuinit cpu_init(void)
+@@ -1216,7 +1168,7 @@ void __cpuinit cpu_init(void)
switch_to_new_gdt(cpu);
loadsegment(fs, 0);
@@ -13712,7 +13568,7 @@ index aa003b1..47ea638 100644
memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8);
syscall_init();
-@@ -1194,7 +1147,6 @@ void __cpuinit cpu_init(void)
+@@ -1225,7 +1177,6 @@ void __cpuinit cpu_init(void)
wrmsrl(MSR_KERNEL_GS_BASE, 0);
barrier();
@@ -13720,7 +13576,7 @@ index aa003b1..47ea638 100644
if (cpu != 0)
enable_x2apic();
-@@ -1248,7 +1200,7 @@ void __cpuinit cpu_init(void)
+@@ -1281,7 +1232,7 @@ void __cpuinit cpu_init(void)
{
int cpu = smp_processor_id();
struct task_struct *curr = current;
@@ -13730,7 +13586,7 @@ index aa003b1..47ea638 100644
if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) {
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
-index 5231312..a78a987 100644
+index 3e6ff6c..54b4992 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -174,7 +174,7 @@ static void __cpuinit trap_init_f00f_bug(void)
@@ -13742,21 +13598,8 @@ index 5231312..a78a987 100644
load_idt(&idt_descr);
}
#endif
-diff --git a/arch/x86/kernel/cpu/mcheck/mce-inject.c b/arch/x86/kernel/cpu/mcheck/mce-inject.c
-index 319882e..993534e 100644
---- a/arch/x86/kernel/cpu/mcheck/mce-inject.c
-+++ b/arch/x86/kernel/cpu/mcheck/mce-inject.c
-@@ -173,6 +173,8 @@ static void raise_mce(struct mce *m)
-
- /* Error injection interface */
- static ssize_t mce_write(struct file *filp, const char __user *ubuf,
-+ size_t usize, loff_t *off) __size_overflow(3);
-+static ssize_t mce_write(struct file *filp, const char __user *ubuf,
- size_t usize, loff_t *off)
- {
- struct mce m;
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
-index 2af127d..8ff7ac0 100644
+index 5a11ae2..a1a1c8a 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -42,6 +42,7 @@
@@ -13767,7 +13610,7 @@ index 2af127d..8ff7ac0 100644
#include "mce-internal.h"
-@@ -202,7 +203,7 @@ static void print_mce(struct mce *m)
+@@ -250,7 +251,7 @@ static void print_mce(struct mce *m)
!(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "",
m->cs, m->ip);
@@ -13776,7 +13619,7 @@ index 2af127d..8ff7ac0 100644
print_symbol("{%s}", m->ip);
pr_cont("\n");
}
-@@ -235,10 +236,10 @@ static void print_mce(struct mce *m)
+@@ -283,10 +284,10 @@ static void print_mce(struct mce *m)
#define PANIC_TIMEOUT 5 /* 5 seconds */
@@ -13789,7 +13632,7 @@ index 2af127d..8ff7ac0 100644
/* Panic in progress. Enable interrupts and wait for final IPI */
static void wait_for_panic(void)
-@@ -262,7 +263,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp)
+@@ -310,7 +311,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp)
/*
* Make sure only one CPU runs in machine check panic
*/
@@ -13798,7 +13641,7 @@ index 2af127d..8ff7ac0 100644
wait_for_panic();
barrier();
-@@ -270,7 +271,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp)
+@@ -318,7 +319,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp)
console_verbose();
} else {
/* Don't log too much for fake panic */
@@ -13807,7 +13650,7 @@ index 2af127d..8ff7ac0 100644
return;
}
/* First print corrected ones that are still unlogged */
-@@ -610,7 +611,7 @@ static int mce_timed_out(u64 *t)
+@@ -658,7 +659,7 @@ static int mce_timed_out(u64 *t)
* might have been modified by someone else.
*/
rmb();
@@ -13816,7 +13659,7 @@ index 2af127d..8ff7ac0 100644
wait_for_panic();
if (!monarch_timeout)
goto out;
-@@ -1398,7 +1399,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code)
+@@ -1446,7 +1447,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code)
}
/* Call the installed machine check handler for this CPU setup. */
@@ -13825,7 +13668,7 @@ index 2af127d..8ff7ac0 100644
unexpected_machine_check;
/*
-@@ -1421,7 +1422,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
+@@ -1469,7 +1470,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
return;
}
@@ -13835,7 +13678,7 @@ index 2af127d..8ff7ac0 100644
__mcheck_cpu_init_generic();
__mcheck_cpu_init_vendor(c);
-@@ -1435,7 +1438,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
+@@ -1483,7 +1486,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c)
*/
static DEFINE_SPINLOCK(mce_chrdev_state_lock);
@@ -13844,7 +13687,7 @@ index 2af127d..8ff7ac0 100644
static int mce_chrdev_open_exclu; /* already open exclusive? */
static int mce_chrdev_open(struct inode *inode, struct file *file)
-@@ -1443,7 +1446,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
+@@ -1491,7 +1494,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
spin_lock(&mce_chrdev_state_lock);
if (mce_chrdev_open_exclu ||
@@ -13853,7 +13696,7 @@ index 2af127d..8ff7ac0 100644
spin_unlock(&mce_chrdev_state_lock);
return -EBUSY;
-@@ -1451,7 +1454,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
+@@ -1499,7 +1502,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file)
if (file->f_flags & O_EXCL)
mce_chrdev_open_exclu = 1;
@@ -13862,7 +13705,7 @@ index 2af127d..8ff7ac0 100644
spin_unlock(&mce_chrdev_state_lock);
-@@ -1462,7 +1465,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file)
+@@ -1510,7 +1513,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file)
{
spin_lock(&mce_chrdev_state_lock);
@@ -13871,7 +13714,7 @@ index 2af127d..8ff7ac0 100644
mce_chrdev_open_exclu = 0;
spin_unlock(&mce_chrdev_state_lock);
-@@ -2171,7 +2174,7 @@ struct dentry *mce_get_debugfs_dir(void)
+@@ -2229,7 +2232,7 @@ struct dentry *mce_get_debugfs_dir(void)
static void mce_reset(void)
{
cpu_missing = 0;
@@ -13924,19 +13767,6 @@ index 54060f5..c1a7577 100644
/* Make sure the vector pointer is visible before we enable MCEs: */
wmb();
-diff --git a/arch/x86/kernel/cpu/mtrr/if.c b/arch/x86/kernel/cpu/mtrr/if.c
-index 7928963..1b16001 100644
---- a/arch/x86/kernel/cpu/mtrr/if.c
-+++ b/arch/x86/kernel/cpu/mtrr/if.c
-@@ -91,6 +91,8 @@ mtrr_file_del(unsigned long base, unsigned long size,
- * "base=%Lx size=%Lx type=%s" or "disable=%d"
- */
- static ssize_t
-+mtrr_write(struct file *file, const char __user *buf, size_t len, loff_t * ppos) __size_overflow(3);
-+static ssize_t
- mtrr_write(struct file *file, const char __user *buf, size_t len, loff_t * ppos)
- {
- int i, err;
diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c
index 6b96110..0da73eb 100644
--- a/arch/x86/kernel/cpu/mtrr/main.c
@@ -13964,10 +13794,10 @@ index df5e41f..816c719 100644
extern int generic_get_free_region(unsigned long base, unsigned long size,
int replace_reg);
diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c
-index 2bda212..78cc605 100644
+index 5adce10..99284ec 100644
--- a/arch/x86/kernel/cpu/perf_event.c
+++ b/arch/x86/kernel/cpu/perf_event.c
-@@ -1529,7 +1529,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
+@@ -1665,7 +1665,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
break;
perf_callchain_store(entry, frame.return_address);
@@ -14028,7 +13858,7 @@ index 37250fe..bf2ec74 100644
.__cr3 = __pa_nodebug(swapper_pg_dir),
diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
-index 1aae78f..aab3a3d 100644
+index 4025fe4..d8451c6 100644
--- a/arch/x86/kernel/dumpstack.c
+++ b/arch/x86/kernel/dumpstack.c
@@ -2,6 +2,9 @@
@@ -14156,7 +13986,7 @@ index 1aae78f..aab3a3d 100644
}
int __kprobes __die(const char *str, struct pt_regs *regs, long err)
-@@ -269,7 +274,7 @@ int __kprobes __die(const char *str, struct pt_regs *regs, long err)
+@@ -270,7 +275,7 @@ int __kprobes __die(const char *str, struct pt_regs *regs, long err)
show_registers(regs);
#ifdef CONFIG_X86_32
@@ -14165,7 +13995,7 @@ index 1aae78f..aab3a3d 100644
sp = regs->sp;
ss = regs->ss & 0xffff;
} else {
-@@ -297,7 +302,7 @@ void die(const char *str, struct pt_regs *regs, long err)
+@@ -298,7 +303,7 @@ void die(const char *str, struct pt_regs *regs, long err)
unsigned long flags = oops_begin();
int sig = SIGSEGV;
@@ -14258,7 +14088,7 @@ index c99f9ed..2a15d80 100644
+EXPORT_SYMBOL(pax_check_alloca);
+#endif
diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
-index 6d728d9..279514e 100644
+index 17107bd..b2deecf 100644
--- a/arch/x86/kernel/dumpstack_64.c
+++ b/arch/x86/kernel/dumpstack_64.c
@@ -119,9 +119,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
@@ -14364,7 +14194,7 @@ index 6d728d9..279514e 100644
+EXPORT_SYMBOL(pax_check_alloca);
+#endif
diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c
-index cd28a35..c72ed9a 100644
+index 9b9f18b..9fcaa04 100644
--- a/arch/x86/kernel/early_printk.c
+++ b/arch/x86/kernel/early_printk.c
@@ -7,6 +7,7 @@
@@ -14376,10 +14206,23 @@ index cd28a35..c72ed9a 100644
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index f3f6f53..0841b66 100644
+index 79d97e6..76aaad7 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
-@@ -186,13 +186,146 @@
+@@ -98,12 +98,6 @@
+ #endif
+ .endm
+
+-#ifdef CONFIG_VM86
+-#define resume_userspace_sig check_userspace
+-#else
+-#define resume_userspace_sig resume_userspace
+-#endif
+-
+ /*
+ * User gs save/restore
+ *
+@@ -185,13 +179,146 @@
/*CFI_REL_OFFSET gs, PT_GS*/
.endm
.macro SET_KERNEL_GS reg
@@ -14527,7 +14370,7 @@ index f3f6f53..0841b66 100644
cld
PUSH_GS
pushl_cfi %fs
-@@ -215,7 +348,7 @@
+@@ -214,7 +341,7 @@
CFI_REL_OFFSET ecx, 0
pushl_cfi %ebx
CFI_REL_OFFSET ebx, 0
@@ -14536,7 +14379,7 @@ index f3f6f53..0841b66 100644
movl %edx, %ds
movl %edx, %es
movl $(__KERNEL_PERCPU), %edx
-@@ -223,6 +356,15 @@
+@@ -222,6 +349,15 @@
SET_KERNEL_GS %edx
.endm
@@ -14552,7 +14395,7 @@ index f3f6f53..0841b66 100644
.macro RESTORE_INT_REGS
popl_cfi %ebx
CFI_RESTORE ebx
-@@ -308,7 +450,7 @@ ENTRY(ret_from_fork)
+@@ -307,7 +443,7 @@ ENTRY(ret_from_fork)
popfl_cfi
jmp syscall_exit
CFI_ENDPROC
@@ -14561,9 +14404,24 @@ index f3f6f53..0841b66 100644
/*
* Interrupt exit functions should be protected against kprobes
-@@ -333,7 +475,15 @@ check_userspace:
+@@ -327,12 +463,29 @@ ret_from_exception:
+ preempt_stop(CLBR_ANY)
+ ret_from_intr:
+ GET_THREAD_INFO(%ebp)
+-check_userspace:
++resume_userspace_sig:
++#ifdef CONFIG_VM86
+ movl PT_EFLAGS(%esp), %eax # mix EFLAGS and CS
movb PT_CS(%esp), %al
andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax
++#else
++ /*
++ * We can be coming here from a syscall done in the kernel space,
++ * e.g. a failed kernel_execve().
++ */
++ movl PT_CS(%esp), %eax
++ andl $SEGMENT_RPL_MASK, %eax
++#endif
cmpl $USER_RPL, %eax
+
+#ifdef CONFIG_PAX_KERNEXEC
@@ -14577,7 +14435,7 @@ index f3f6f53..0841b66 100644
ENTRY(resume_userspace)
LOCKDEP_SYS_EXIT
-@@ -345,8 +495,8 @@ ENTRY(resume_userspace)
+@@ -344,8 +497,8 @@ ENTRY(resume_userspace)
andl $_TIF_WORK_MASK, %ecx # is there any work to be done on
# int/exception return?
jne work_pending
@@ -14588,7 +14446,7 @@ index f3f6f53..0841b66 100644
#ifdef CONFIG_PREEMPT
ENTRY(resume_kernel)
-@@ -361,7 +511,7 @@ need_resched:
+@@ -360,7 +513,7 @@ need_resched:
jz restore_all
call preempt_schedule_irq
jmp need_resched
@@ -14597,7 +14455,7 @@ index f3f6f53..0841b66 100644
#endif
CFI_ENDPROC
/*
-@@ -395,23 +545,34 @@ sysenter_past_esp:
+@@ -394,23 +547,34 @@ sysenter_past_esp:
/*CFI_REL_OFFSET cs, 0*/
/*
* Push current_thread_info()->sysenter_return to the stack.
@@ -14635,7 +14493,7 @@ index f3f6f53..0841b66 100644
movl %ebp,PT_EBP(%esp)
.section __ex_table,"a"
.align 4
-@@ -434,12 +595,24 @@ sysenter_do_call:
+@@ -433,12 +597,24 @@ sysenter_do_call:
testl $_TIF_ALLWORK_MASK, %ecx
jne sysexit_audit
sysenter_exit:
@@ -14660,17 +14518,17 @@ index f3f6f53..0841b66 100644
PTGS_TO_GS
ENABLE_INTERRUPTS_SYSEXIT
-@@ -456,6 +629,9 @@ sysenter_audit:
+@@ -455,6 +631,9 @@ sysenter_audit:
movl %eax,%edx /* 2nd arg: syscall number */
movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */
- call audit_syscall_entry
+ call __audit_syscall_entry
+
+ pax_erase_kstack
+
pushl_cfi %ebx
movl PT_EAX(%esp),%eax /* reload syscall number */
jmp sysenter_do_call
-@@ -482,11 +658,17 @@ sysexit_audit:
+@@ -480,11 +659,17 @@ sysexit_audit:
CFI_ENDPROC
.pushsection .fixup,"ax"
@@ -14690,7 +14548,7 @@ index f3f6f53..0841b66 100644
.popsection
PTGS_TO_GS_EX
ENDPROC(ia32_sysenter_target)
-@@ -519,6 +701,15 @@ syscall_exit:
+@@ -517,6 +702,15 @@ syscall_exit:
testl $_TIF_ALLWORK_MASK, %ecx # current->work
jne syscall_exit_work
@@ -14706,7 +14564,7 @@ index f3f6f53..0841b66 100644
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
-@@ -578,14 +769,34 @@ ldt_ss:
+@@ -576,14 +770,34 @@ ldt_ss:
* compensating for the offset by changing to the ESPFIX segment with
* a base address that matches for the difference.
*/
@@ -14744,7 +14602,7 @@ index f3f6f53..0841b66 100644
pushl_cfi $__ESPFIX_SS
pushl_cfi %eax /* new kernel esp */
/* Disable interrupts, but do not irqtrace this section: we
-@@ -614,34 +825,28 @@ work_resched:
+@@ -612,38 +826,30 @@ work_resched:
movl TI_flags(%ebp), %ecx
andl $_TIF_WORK_MASK, %ecx # is there any work to be done other
# than syscall tracing?
@@ -14762,6 +14620,8 @@ index f3f6f53..0841b66 100644
- jne work_notifysig_v86 # returning to kernel-space or
+ jz 1f # returning to kernel-space or
# vm86-space
+- TRACE_IRQS_ON
+- ENABLE_INTERRUPTS(CLBR_NONE)
- xorl %edx, %edx
- call do_notify_resume
- jmp resume_userspace_sig
@@ -14776,6 +14636,8 @@ index f3f6f53..0841b66 100644
- movl %esp, %eax
+1:
#endif
+ TRACE_IRQS_ON
+ ENABLE_INTERRUPTS(CLBR_NONE)
xorl %edx, %edx
call do_notify_resume
jmp resume_userspace_sig
@@ -14784,7 +14646,7 @@ index f3f6f53..0841b66 100644
# perform syscall exit tracing
ALIGN
-@@ -649,11 +854,14 @@ syscall_trace_entry:
+@@ -651,11 +857,14 @@ syscall_trace_entry:
movl $-ENOSYS,PT_EAX(%esp)
movl %esp, %eax
call syscall_trace_enter
@@ -14792,7 +14654,7 @@ index f3f6f53..0841b66 100644
+ pax_erase_kstack
+
/* What it returned is what we'll actually use. */
- cmpl $(nr_syscalls), %eax
+ cmpl $(NR_syscalls), %eax
jnae syscall_call
jmp syscall_exit
-END(syscall_trace_entry)
@@ -14800,7 +14662,7 @@ index f3f6f53..0841b66 100644
# perform syscall exit tracing
ALIGN
-@@ -666,20 +874,24 @@ syscall_exit_work:
+@@ -668,20 +877,24 @@ syscall_exit_work:
movl %esp, %eax
call syscall_trace_leave
jmp resume_userspace
@@ -14828,7 +14690,7 @@ index f3f6f53..0841b66 100644
CFI_ENDPROC
/*
* End of kprobes section
-@@ -753,6 +965,36 @@ ptregs_clone:
+@@ -753,6 +966,36 @@ ENTRY(ptregs_clone)
CFI_ENDPROC
ENDPROC(ptregs_clone)
@@ -14865,7 +14727,7 @@ index f3f6f53..0841b66 100644
.macro FIXUP_ESPFIX_STACK
/*
* Switch back for ESPFIX stack to the normal zerobased stack
-@@ -762,8 +1004,15 @@ ENDPROC(ptregs_clone)
+@@ -762,8 +1005,15 @@ ENDPROC(ptregs_clone)
* normal stack and adjusts ESP with the matching offset.
*/
/* fixup the stack */
@@ -14883,7 +14745,7 @@ index f3f6f53..0841b66 100644
shl $16, %eax
addl %esp, %eax /* the adjusted stack pointer */
pushl_cfi $__KERNEL_DS
-@@ -816,7 +1065,7 @@ vector=vector+1
+@@ -816,7 +1066,7 @@ vector=vector+1
.endr
2: jmp common_interrupt
.endr
@@ -14892,7 +14754,7 @@ index f3f6f53..0841b66 100644
.previous
END(interrupt)
-@@ -864,7 +1113,7 @@ ENTRY(coprocessor_error)
+@@ -864,7 +1114,7 @@ ENTRY(coprocessor_error)
pushl_cfi $do_coprocessor_error
jmp error_code
CFI_ENDPROC
@@ -14901,7 +14763,7 @@ index f3f6f53..0841b66 100644
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
-@@ -885,7 +1134,7 @@ ENTRY(simd_coprocessor_error)
+@@ -885,7 +1135,7 @@ ENTRY(simd_coprocessor_error)
#endif
jmp error_code
CFI_ENDPROC
@@ -14910,7 +14772,7 @@ index f3f6f53..0841b66 100644
ENTRY(device_not_available)
RING0_INT_FRAME
-@@ -893,7 +1142,7 @@ ENTRY(device_not_available)
+@@ -893,7 +1143,7 @@ ENTRY(device_not_available)
pushl_cfi $do_device_not_available
jmp error_code
CFI_ENDPROC
@@ -14919,7 +14781,7 @@ index f3f6f53..0841b66 100644
#ifdef CONFIG_PARAVIRT
ENTRY(native_iret)
-@@ -902,12 +1151,12 @@ ENTRY(native_iret)
+@@ -902,12 +1152,12 @@ ENTRY(native_iret)
.align 4
.long native_iret, iret_exc
.previous
@@ -14934,7 +14796,7 @@ index f3f6f53..0841b66 100644
#endif
ENTRY(overflow)
-@@ -916,7 +1165,7 @@ ENTRY(overflow)
+@@ -916,7 +1166,7 @@ ENTRY(overflow)
pushl_cfi $do_overflow
jmp error_code
CFI_ENDPROC
@@ -14943,7 +14805,7 @@ index f3f6f53..0841b66 100644
ENTRY(bounds)
RING0_INT_FRAME
-@@ -924,7 +1173,7 @@ ENTRY(bounds)
+@@ -924,7 +1174,7 @@ ENTRY(bounds)
pushl_cfi $do_bounds
jmp error_code
CFI_ENDPROC
@@ -14952,7 +14814,7 @@ index f3f6f53..0841b66 100644
ENTRY(invalid_op)
RING0_INT_FRAME
-@@ -932,7 +1181,7 @@ ENTRY(invalid_op)
+@@ -932,7 +1182,7 @@ ENTRY(invalid_op)
pushl_cfi $do_invalid_op
jmp error_code
CFI_ENDPROC
@@ -14961,7 +14823,7 @@ index f3f6f53..0841b66 100644
ENTRY(coprocessor_segment_overrun)
RING0_INT_FRAME
-@@ -940,35 +1189,35 @@ ENTRY(coprocessor_segment_overrun)
+@@ -940,35 +1190,35 @@ ENTRY(coprocessor_segment_overrun)
pushl_cfi $do_coprocessor_segment_overrun
jmp error_code
CFI_ENDPROC
@@ -15002,7 +14864,7 @@ index f3f6f53..0841b66 100644
ENTRY(divide_error)
RING0_INT_FRAME
-@@ -976,7 +1225,7 @@ ENTRY(divide_error)
+@@ -976,7 +1226,7 @@ ENTRY(divide_error)
pushl_cfi $do_divide_error
jmp error_code
CFI_ENDPROC
@@ -15011,7 +14873,7 @@ index f3f6f53..0841b66 100644
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -985,7 +1234,7 @@ ENTRY(machine_check)
+@@ -985,7 +1235,7 @@ ENTRY(machine_check)
pushl_cfi machine_check_vector
jmp error_code
CFI_ENDPROC
@@ -15020,7 +14882,7 @@ index f3f6f53..0841b66 100644
#endif
ENTRY(spurious_interrupt_bug)
-@@ -994,7 +1243,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -994,7 +1244,7 @@ ENTRY(spurious_interrupt_bug)
pushl_cfi $do_spurious_interrupt_bug
jmp error_code
CFI_ENDPROC
@@ -15029,7 +14891,7 @@ index f3f6f53..0841b66 100644
/*
* End of kprobes section
*/
-@@ -1109,7 +1358,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
+@@ -1109,7 +1359,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
ENTRY(mcount)
ret
@@ -15038,7 +14900,7 @@ index f3f6f53..0841b66 100644
ENTRY(ftrace_caller)
cmpl $0, function_trace_stop
-@@ -1138,7 +1387,7 @@ ftrace_graph_call:
+@@ -1138,7 +1388,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
@@ -15047,7 +14909,7 @@ index f3f6f53..0841b66 100644
#else /* ! CONFIG_DYNAMIC_FTRACE */
-@@ -1174,7 +1423,7 @@ trace:
+@@ -1174,7 +1424,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
@@ -15056,7 +14918,7 @@ index f3f6f53..0841b66 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -1195,7 +1444,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1195,7 +1445,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
@@ -15065,15 +14927,7 @@ index f3f6f53..0841b66 100644
.globl return_to_handler
return_to_handler:
-@@ -1209,7 +1458,6 @@ return_to_handler:
- jmp *%ecx
- #endif
-
--.section .rodata,"a"
- #include "syscall_table_32.S"
-
- syscall_table_size=(.-sys_call_table)
-@@ -1255,15 +1503,18 @@ error_code:
+@@ -1250,15 +1500,18 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -15094,7 +14948,7 @@ index f3f6f53..0841b66 100644
/*
* Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1305,7 +1556,7 @@ debug_stack_correct:
+@@ -1300,7 +1553,7 @@ debug_stack_correct:
call do_debug
jmp ret_from_exception
CFI_ENDPROC
@@ -15103,7 +14957,7 @@ index f3f6f53..0841b66 100644
/*
* NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1342,6 +1593,9 @@ nmi_stack_correct:
+@@ -1337,6 +1590,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_nmi
@@ -15113,7 +14967,7 @@ index f3f6f53..0841b66 100644
jmp restore_all_notrace
CFI_ENDPROC
-@@ -1378,12 +1632,15 @@ nmi_espfix_stack:
+@@ -1373,12 +1629,15 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx,%edx # zero error code
call do_nmi
@@ -15130,7 +14984,7 @@ index f3f6f53..0841b66 100644
ENTRY(int3)
RING0_INT_FRAME
-@@ -1395,14 +1652,14 @@ ENTRY(int3)
+@@ -1390,14 +1649,14 @@ ENTRY(int3)
call do_int3
jmp ret_from_exception
CFI_ENDPROC
@@ -15147,7 +15001,7 @@ index f3f6f53..0841b66 100644
#ifdef CONFIG_KVM_GUEST
ENTRY(async_page_fault)
-@@ -1410,7 +1667,7 @@ ENTRY(async_page_fault)
+@@ -1405,7 +1664,7 @@ ENTRY(async_page_fault)
pushl_cfi $do_async_page_fault
jmp error_code
CFI_ENDPROC
@@ -15157,19 +15011,19 @@ index f3f6f53..0841b66 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index faf8d5e..4f16a68 100644
+index 1333d98..b340ca2 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
-@@ -55,6 +55,8 @@
- #include <asm/paravirt.h>
+@@ -56,6 +56,8 @@
#include <asm/ftrace.h>
#include <asm/percpu.h>
+ #include <linux/err.h>
+#include <asm/pgtable.h>
+#include <asm/alternative-asm.h>
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
-@@ -68,8 +70,9 @@
+@@ -69,8 +71,9 @@
#ifdef CONFIG_FUNCTION_TRACER
#ifdef CONFIG_DYNAMIC_FTRACE
ENTRY(mcount)
@@ -15180,7 +15034,7 @@ index faf8d5e..4f16a68 100644
ENTRY(ftrace_caller)
cmpl $0, function_trace_stop
-@@ -92,8 +95,9 @@ GLOBAL(ftrace_graph_call)
+@@ -93,8 +96,9 @@ GLOBAL(ftrace_graph_call)
#endif
GLOBAL(ftrace_stub)
@@ -15191,7 +15045,7 @@ index faf8d5e..4f16a68 100644
#else /* ! CONFIG_DYNAMIC_FTRACE */
ENTRY(mcount)
-@@ -112,6 +116,7 @@ ENTRY(mcount)
+@@ -113,6 +117,7 @@ ENTRY(mcount)
#endif
GLOBAL(ftrace_stub)
@@ -15199,7 +15053,7 @@ index faf8d5e..4f16a68 100644
retq
trace:
-@@ -121,12 +126,13 @@ trace:
+@@ -122,12 +127,13 @@ trace:
movq 8(%rbp), %rsi
subq $MCOUNT_INSN_SIZE, %rdi
@@ -15214,7 +15068,7 @@ index faf8d5e..4f16a68 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -146,8 +152,9 @@ ENTRY(ftrace_graph_caller)
+@@ -147,8 +153,9 @@ ENTRY(ftrace_graph_caller)
MCOUNT_RESTORE_FRAME
@@ -15225,7 +15079,7 @@ index faf8d5e..4f16a68 100644
GLOBAL(return_to_handler)
subq $24, %rsp
-@@ -163,6 +170,7 @@ GLOBAL(return_to_handler)
+@@ -164,6 +171,7 @@ GLOBAL(return_to_handler)
movq 8(%rsp), %rdx
movq (%rsp), %rax
addq $24, %rsp
@@ -15233,7 +15087,7 @@ index faf8d5e..4f16a68 100644
jmp *%rdi
#endif
-@@ -178,6 +186,282 @@ ENTRY(native_usergs_sysret64)
+@@ -179,6 +187,282 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -15516,7 +15370,7 @@ index faf8d5e..4f16a68 100644
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -231,8 +515,8 @@ ENDPROC(native_usergs_sysret64)
+@@ -232,8 +516,8 @@ ENDPROC(native_usergs_sysret64)
.endm
.macro UNFAKE_STACK_FRAME
@@ -15527,7 +15381,7 @@ index faf8d5e..4f16a68 100644
.endm
/*
-@@ -319,7 +603,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -320,7 +604,7 @@ ENDPROC(native_usergs_sysret64)
movq %rsp, %rsi
leaq -RBP(%rsp),%rdi /* arg1 for handler */
@@ -15536,7 +15390,7 @@ index faf8d5e..4f16a68 100644
je 1f
SWAPGS
/*
-@@ -355,9 +639,10 @@ ENTRY(save_rest)
+@@ -356,9 +640,10 @@ ENTRY(save_rest)
movq_cfi r15, R15+16
movq %r11, 8(%rsp) /* return address */
FIXUP_TOP_OF_STACK %r11, 16
@@ -15548,7 +15402,7 @@ index faf8d5e..4f16a68 100644
/* save complete stack frame */
.pushsection .kprobes.text, "ax"
-@@ -386,9 +671,10 @@ ENTRY(save_paranoid)
+@@ -387,9 +672,10 @@ ENTRY(save_paranoid)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx,%ebx
@@ -15561,16 +15415,16 @@ index faf8d5e..4f16a68 100644
.popsection
/*
-@@ -410,7 +696,7 @@ ENTRY(ret_from_fork)
+@@ -411,7 +697,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
- testl $3, CS-ARGOFFSET(%rsp) # from kernel_thread?
+ testb $3, CS-ARGOFFSET(%rsp) # from kernel_thread?
- je int_ret_from_sys_call
+ jz retint_restore_args
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -420,7 +706,7 @@ ENTRY(ret_from_fork)
+@@ -421,7 +707,7 @@ ENTRY(ret_from_fork)
jmp ret_from_sys_call # go to the SYSRET fastpath
CFI_ENDPROC
@@ -15579,7 +15433,7 @@ index faf8d5e..4f16a68 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -456,7 +742,7 @@ END(ret_from_fork)
+@@ -457,7 +743,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -15588,7 +15442,7 @@ index faf8d5e..4f16a68 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -469,12 +755,13 @@ ENTRY(system_call_after_swapgs)
+@@ -470,21 +756,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -15603,7 +15457,10 @@ index faf8d5e..4f16a68 100644
movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
movq %rcx,RIP-ARGOFFSET(%rsp)
CFI_REL_OFFSET rip,RIP-ARGOFFSET
-@@ -484,7 +771,7 @@ ENTRY(system_call_after_swapgs)
+- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
++ GET_THREAD_INFO(%rcx)
++ testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%rcx)
+ jnz tracesys
system_call_fastpath:
cmpq $__NR_syscall_max,%rax
ja badsys
@@ -15612,7 +15469,13 @@ index faf8d5e..4f16a68 100644
call *sys_call_table(,%rax,8) # XXX: rip relative
movq %rax,RAX-ARGOFFSET(%rsp)
/*
-@@ -503,6 +790,8 @@ sysret_check:
+@@ -498,10 +786,13 @@ sysret_check:
+ LOCKDEP_SYS_EXIT
+ DISABLE_INTERRUPTS(CLBR_NONE)
+ TRACE_IRQS_OFF
+- movl TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET),%edx
++ GET_THREAD_INFO(%rcx)
++ movl TI_flags(%rcx),%edx
andl %edi,%edx
jnz sysret_careful
CFI_REMEMBER_STATE
@@ -15621,7 +15484,7 @@ index faf8d5e..4f16a68 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -554,14 +843,18 @@ badsys:
+@@ -553,14 +844,18 @@ badsys:
* jump back to the normal fast path.
*/
auditsys:
@@ -15632,7 +15495,7 @@ index faf8d5e..4f16a68 100644
movq %rdi,%rdx /* 3rd arg: 1st syscall arg */
movq %rax,%rsi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
- call audit_syscall_entry
+ call __audit_syscall_entry
+
+ pax_erase_kstack
+
@@ -15641,7 +15504,16 @@ index faf8d5e..4f16a68 100644
jmp system_call_fastpath
/*
-@@ -591,16 +884,20 @@ tracesys:
+@@ -581,7 +876,7 @@ sysret_audit:
+ /* Do syscall tracing */
+ tracesys:
+ #ifdef CONFIG_AUDITSYSCALL
+- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
++ testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%rcx)
+ jz auditsys
+ #endif
+ SAVE_REST
+@@ -589,16 +884,20 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -15663,16 +15535,7 @@ index faf8d5e..4f16a68 100644
call *sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
/* Use IRET because user could have changed frame */
-@@ -612,7 +909,7 @@ tracesys:
- GLOBAL(int_ret_from_sys_call)
- DISABLE_INTERRUPTS(CLBR_NONE)
- TRACE_IRQS_OFF
-- testl $3,CS-ARGOFFSET(%rsp)
-+ testb $3,CS-ARGOFFSET(%rsp)
- je retint_restore_args
- movl $_TIF_ALLWORK_MASK,%edi
- /* edi: mask to check */
-@@ -623,6 +920,7 @@ GLOBAL(int_with_check)
+@@ -619,6 +918,7 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -15680,7 +15543,7 @@ index faf8d5e..4f16a68 100644
jmp retint_swapgs
/* Either reschedule or signal or syscall exit tracking needed. */
-@@ -669,7 +967,7 @@ int_restore_rest:
+@@ -665,7 +965,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -15689,7 +15552,7 @@ index faf8d5e..4f16a68 100644
/*
* Certain special system calls that need to save a complete full stack frame.
-@@ -685,7 +983,7 @@ ENTRY(\label)
+@@ -681,7 +981,7 @@ ENTRY(\label)
call \func
jmp ptregscall_common
CFI_ENDPROC
@@ -15698,7 +15561,7 @@ index faf8d5e..4f16a68 100644
.endm
PTREGSCALL stub_clone, sys_clone, %r8
-@@ -703,9 +1001,10 @@ ENTRY(ptregscall_common)
+@@ -699,9 +999,10 @@ ENTRY(ptregscall_common)
movq_cfi_restore R12+8, r12
movq_cfi_restore RBP+8, rbp
movq_cfi_restore RBX+8, rbx
@@ -15710,7 +15573,7 @@ index faf8d5e..4f16a68 100644
ENTRY(stub_execve)
CFI_STARTPROC
-@@ -720,7 +1019,7 @@ ENTRY(stub_execve)
+@@ -716,7 +1017,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -15719,7 +15582,7 @@ index faf8d5e..4f16a68 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -738,7 +1037,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -734,7 +1035,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -15728,7 +15591,7 @@ index faf8d5e..4f16a68 100644
/*
* Build the entry stubs and pointer table with some assembler magic.
-@@ -773,7 +1072,7 @@ vector=vector+1
+@@ -769,7 +1070,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -15737,7 +15600,7 @@ index faf8d5e..4f16a68 100644
.previous
END(interrupt)
-@@ -793,6 +1092,16 @@ END(interrupt)
+@@ -789,6 +1090,16 @@ END(interrupt)
subq $ORIG_RAX-RBP, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
SAVE_ARGS_IRQ
@@ -15754,7 +15617,7 @@ index faf8d5e..4f16a68 100644
call \func
.endm
-@@ -824,7 +1133,7 @@ ret_from_intr:
+@@ -820,7 +1131,7 @@ ret_from_intr:
exit_intr:
GET_THREAD_INFO(%rcx)
@@ -15763,7 +15626,7 @@ index faf8d5e..4f16a68 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -846,12 +1155,15 @@ retint_swapgs: /* return to user-space */
+@@ -842,12 +1153,15 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -15779,7 +15642,7 @@ index faf8d5e..4f16a68 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -940,7 +1252,7 @@ ENTRY(retint_kernel)
+@@ -936,7 +1250,7 @@ ENTRY(retint_kernel)
#endif
CFI_ENDPROC
@@ -15788,7 +15651,7 @@ index faf8d5e..4f16a68 100644
/*
* End of kprobes section
*/
-@@ -956,7 +1268,7 @@ ENTRY(\sym)
+@@ -953,7 +1267,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -15797,7 +15660,7 @@ index faf8d5e..4f16a68 100644
.endm
#ifdef CONFIG_SMP
-@@ -1021,12 +1333,22 @@ ENTRY(\sym)
+@@ -1026,12 +1340,22 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -15821,7 +15684,7 @@ index faf8d5e..4f16a68 100644
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1038,15 +1360,25 @@ ENTRY(\sym)
+@@ -1043,15 +1367,25 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -15849,7 +15712,7 @@ index faf8d5e..4f16a68 100644
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1056,14 +1388,30 @@ ENTRY(\sym)
+@@ -1061,14 +1395,30 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -15881,7 +15744,7 @@ index faf8d5e..4f16a68 100644
.endm
.macro errorentry sym do_sym
-@@ -1074,13 +1422,23 @@ ENTRY(\sym)
+@@ -1079,13 +1429,23 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -15906,7 +15769,7 @@ index faf8d5e..4f16a68 100644
.endm
/* error code is on the stack already */
-@@ -1093,13 +1451,23 @@ ENTRY(\sym)
+@@ -1098,13 +1458,23 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
@@ -15931,7 +15794,7 @@ index faf8d5e..4f16a68 100644
.endm
zeroentry divide_error do_divide_error
-@@ -1129,9 +1497,10 @@ gs_change:
+@@ -1134,9 +1504,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -15943,7 +15806,7 @@ index faf8d5e..4f16a68 100644
.section __ex_table,"a"
.align 8
-@@ -1153,13 +1522,14 @@ ENTRY(kernel_thread_helper)
+@@ -1158,13 +1529,14 @@ ENTRY(kernel_thread_helper)
* Here we are in the child and the registers are set as they were
* at kernel_thread() invocation in the parent.
*/
@@ -15959,7 +15822,7 @@ index faf8d5e..4f16a68 100644
/*
* execve(). This function needs to use IRET, not SYSRET, to set up all state properly.
-@@ -1186,11 +1556,11 @@ ENTRY(kernel_execve)
+@@ -1191,11 +1563,11 @@ ENTRY(kernel_execve)
RESTORE_REST
testq %rax,%rax
je int_ret_from_sys_call
@@ -15973,7 +15836,7 @@ index faf8d5e..4f16a68 100644
/* Call softirq on interrupt stack. Interrupts are off. */
ENTRY(call_softirq)
-@@ -1208,9 +1578,10 @@ ENTRY(call_softirq)
+@@ -1213,9 +1585,10 @@ ENTRY(call_softirq)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -15985,7 +15848,7 @@ index faf8d5e..4f16a68 100644
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1248,7 +1619,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1253,7 +1626,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -15994,7 +15857,7 @@ index faf8d5e..4f16a68 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1307,7 +1678,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1312,7 +1685,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -16003,7 +15866,7 @@ index faf8d5e..4f16a68 100644
apicinterrupt XEN_HVM_EVTCHN_CALLBACK \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1356,16 +1727,31 @@ ENTRY(paranoid_exit)
+@@ -1361,16 +1734,31 @@ ENTRY(paranoid_exit)
TRACE_IRQS_OFF
testl %ebx,%ebx /* swapgs needed? */
jnz paranoid_restore
@@ -16036,7 +15899,7 @@ index faf8d5e..4f16a68 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1394,7 +1780,7 @@ paranoid_schedule:
+@@ -1399,7 +1787,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -16045,7 +15908,7 @@ index faf8d5e..4f16a68 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1421,12 +1807,13 @@ ENTRY(error_entry)
+@@ -1426,12 +1814,13 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -16060,7 +15923,7 @@ index faf8d5e..4f16a68 100644
ret
/*
-@@ -1453,7 +1840,7 @@ bstep_iret:
+@@ -1458,7 +1847,7 @@ bstep_iret:
movq %rcx,RIP+8(%rsp)
jmp error_swapgs
CFI_ENDPROC
@@ -16069,17 +15932,30 @@ index faf8d5e..4f16a68 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1473,7 +1860,7 @@ ENTRY(error_exit)
+@@ -1478,7 +1867,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
-END(error_exit)
+ENDPROC(error_exit)
-
- /* runs on exception stack */
-@@ -1485,6 +1872,16 @@ ENTRY(nmi)
- CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
+ /*
+ * Test if a given stack is an NMI stack or not.
+@@ -1535,9 +1924,11 @@ ENTRY(nmi)
+ * If %cs was not the kernel segment, then the NMI triggered in user
+ * space, which means it is definitely not nested.
+ */
++ cmpl $__KERNEXEC_KERNEL_CS, 16(%rsp)
++ je 1f
+ cmpl $__KERNEL_CS, 16(%rsp)
+ jne first_nmi
+-
++1:
+ /*
+ * Check the special variable on the stack to see if NMIs are
+ * executing.
+@@ -1659,6 +2050,16 @@ restart_nmi:
+ */
call save_paranoid
DEFAULT_FRAME 0
+#ifdef CONFIG_PAX_MEMORY_UDEREF
@@ -16095,20 +15971,9 @@ index faf8d5e..4f16a68 100644
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
-@@ -1495,12 +1892,28 @@ ENTRY(nmi)
- DISABLE_INTERRUPTS(CLBR_NONE)
+@@ -1666,14 +2067,25 @@ restart_nmi:
testl %ebx,%ebx /* swapgs needed? */
jnz nmi_restore
-- testl $3,CS(%rsp)
-+ testb $3,CS(%rsp)
- jnz nmi_userspace
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+ pax_exit_kernel
-+ SWAPGS_UNSAFE_STACK
-+ RESTORE_ALL 8
-+ pax_force_retaddr_bts
-+ jmp irq_return
-+#endif
nmi_swapgs:
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ pax_exit_kernel_user
@@ -16117,23 +15982,23 @@ index faf8d5e..4f16a68 100644
+#endif
SWAPGS_UNSAFE_STACK
+ RESTORE_ALL 8
++ /* Clear the NMI executing stack variable */
++ movq $0, 10*8(%rsp)
+ jmp irq_return
nmi_restore:
+ pax_exit_kernel
RESTORE_ALL 8
+ pax_force_retaddr_bts
+ /* Clear the NMI executing stack variable */
+ movq $0, 10*8(%rsp)
jmp irq_return
- nmi_userspace:
- GET_THREAD_INFO(%rcx)
-@@ -1529,14 +1942,14 @@ nmi_schedule:
- jmp paranoid_exit
CFI_ENDPROC
- #endif
-END(nmi)
+ENDPROC(nmi)
- ENTRY(ignore_sysret)
- CFI_STARTPROC
+ /*
+ * If an NMI hit an iret because of an exception or breakpoint,
+@@ -1700,7 +2112,7 @@ ENTRY(ignore_sysret)
mov $-ENOSYS,%eax
sysret
CFI_ENDPROC
@@ -16204,7 +16069,7 @@ index c9a281f..ce2f317 100644
return -EFAULT;
diff --git a/arch/x86/kernel/head32.c b/arch/x86/kernel/head32.c
-index 3bb0850..55a56f4 100644
+index 51ff186..9e77418 100644
--- a/arch/x86/kernel/head32.c
+++ b/arch/x86/kernel/head32.c
@@ -19,6 +19,7 @@
@@ -16215,12 +16080,13 @@ index 3bb0850..55a56f4 100644
static void __init i386_default_early_setup(void)
{
-@@ -33,7 +34,7 @@ void __init i386_start_kernel(void)
- {
- memblock_init();
+@@ -31,8 +32,7 @@ static void __init i386_default_early_setup(void)
-- memblock_x86_reserve_range(__pa_symbol(&_text), __pa_symbol(&__bss_stop), "TEXT DATA BSS");
-+ memblock_x86_reserve_range(LOAD_PHYSICAL_ADDR, __pa_symbol(&__bss_stop), "TEXT DATA BSS");
+ void __init i386_start_kernel(void)
+ {
+- memblock_reserve(__pa_symbol(&_text),
+- __pa_symbol(&__bss_stop) - __pa_symbol(&_text));
++ memblock_reserve(LOAD_PHYSICAL_ADDR, __pa_symbol(&__bss_stop) - LOAD_PHYSICAL_ADDR);
#ifdef CONFIG_BLK_DEV_INITRD
/* Reserve INITRD */
@@ -16663,7 +16529,7 @@ index ce0be7c..c41476e 100644
+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
+ .endr
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
-index e11e394..9aebc5d 100644
+index 40f4eb3..6d24d9d 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -19,6 +19,8 @@
@@ -16889,7 +16755,7 @@ index e11e394..9aebc5d 100644
NEXT_PAGE(level2_kernel_pgt)
/*
-@@ -389,33 +429,55 @@ NEXT_PAGE(level2_kernel_pgt)
+@@ -389,37 +429,59 @@ NEXT_PAGE(level2_kernel_pgt)
* If you want to increase this then increase MODULES_VADDR
* too.)
*/
@@ -16953,6 +16819,11 @@ index e11e394..9aebc5d 100644
- .skip IDT_ENTRIES * 16
+ .fill 512,8,0
+ .align L1_CACHE_BYTES
+ ENTRY(nmi_idt_table)
+- .skip IDT_ENTRIES * 16
++ .fill 512,8,0
+
__PAGE_ALIGNED_BSS
.align PAGE_SIZE
diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c
@@ -16980,79 +16851,6 @@ index 9c3bd4a..e1d9b35 100644
+#ifdef CONFIG_PAX_KERNEXEC
+EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR);
+#endif
-diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c
-index 739d859..d1d6be7 100644
---- a/arch/x86/kernel/i387.c
-+++ b/arch/x86/kernel/i387.c
-@@ -188,6 +188,9 @@ int xfpregs_active(struct task_struct *target, const struct user_regset *regset)
-
- int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
- unsigned int pos, unsigned int count,
-+ void *kbuf, void __user *ubuf) __size_overflow(4);
-+int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
-+ unsigned int pos, unsigned int count,
- void *kbuf, void __user *ubuf)
- {
- int ret;
-@@ -207,6 +210,9 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset,
-
- int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
- unsigned int pos, unsigned int count,
-+ const void *kbuf, const void __user *ubuf) __size_overflow(4);
-+int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
-+ unsigned int pos, unsigned int count,
- const void *kbuf, const void __user *ubuf)
- {
- int ret;
-@@ -240,6 +246,9 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset,
-
- int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
- unsigned int pos, unsigned int count,
-+ void *kbuf, void __user *ubuf) __size_overflow(4);
-+int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
-+ unsigned int pos, unsigned int count,
- void *kbuf, void __user *ubuf)
- {
- int ret;
-@@ -269,6 +278,9 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset,
-
- int xstateregs_set(struct task_struct *target, const struct user_regset *regset,
- unsigned int pos, unsigned int count,
-+ const void *kbuf, const void __user *ubuf) __size_overflow(4);
-+int xstateregs_set(struct task_struct *target, const struct user_regset *regset,
-+ unsigned int pos, unsigned int count,
- const void *kbuf, const void __user *ubuf)
- {
- int ret;
-@@ -439,6 +451,9 @@ static void convert_to_fxsr(struct task_struct *tsk,
-
- int fpregs_get(struct task_struct *target, const struct user_regset *regset,
- unsigned int pos, unsigned int count,
-+ void *kbuf, void __user *ubuf) __size_overflow(3,4);
-+int fpregs_get(struct task_struct *target, const struct user_regset *regset,
-+ unsigned int pos, unsigned int count,
- void *kbuf, void __user *ubuf)
- {
- struct user_i387_ia32_struct env;
-@@ -471,6 +486,9 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset,
-
- int fpregs_set(struct task_struct *target, const struct user_regset *regset,
- unsigned int pos, unsigned int count,
-+ const void *kbuf, const void __user *ubuf) __size_overflow(3,4);
-+int fpregs_set(struct task_struct *target, const struct user_regset *regset,
-+ unsigned int pos, unsigned int count,
- const void *kbuf, const void __user *ubuf)
- {
- struct user_i387_ia32_struct env;
-@@ -619,6 +637,8 @@ static inline int restore_i387_fsave(struct _fpstate_ia32 __user *buf)
- }
-
- static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf,
-+ unsigned int size) __size_overflow(2);
-+static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf,
- unsigned int size)
- {
- struct task_struct *tsk = current;
diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c
index 6104852..6114160 100644
--- a/arch/x86/kernel/i8259.c
@@ -17136,7 +16934,7 @@ index 8c96897..be66bfa 100644
return -EPERM;
}
diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
-index 429e0c9..17b3ece 100644
+index 7943e0c..dd32c5c 100644
--- a/arch/x86/kernel/irq.c
+++ b/arch/x86/kernel/irq.c
@@ -18,7 +18,7 @@
@@ -17148,7 +16946,7 @@ index 429e0c9..17b3ece 100644
/* Function pointer for generic interrupt vector handling */
void (*x86_platform_ipi_callback)(void) = NULL;
-@@ -117,9 +117,9 @@ int arch_show_interrupts(struct seq_file *p, int prec)
+@@ -121,9 +121,9 @@ int arch_show_interrupts(struct seq_file *p, int prec)
seq_printf(p, "%10u ", per_cpu(mce_poll_count, j));
seq_printf(p, " Machine check polls\n");
#endif
@@ -17160,7 +16958,7 @@ index 429e0c9..17b3ece 100644
#endif
return 0;
}
-@@ -159,10 +159,10 @@ u64 arch_irq_stat_cpu(unsigned int cpu)
+@@ -164,10 +164,10 @@ u64 arch_irq_stat_cpu(unsigned int cpu)
u64 arch_irq_stat(void)
{
@@ -17174,10 +16972,10 @@ index 429e0c9..17b3ece 100644
return sum;
}
diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c
-index 7209070..cbcd71a 100644
+index 40fc861..9b8739b 100644
--- a/arch/x86/kernel/irq_32.c
+++ b/arch/x86/kernel/irq_32.c
-@@ -36,7 +36,7 @@ static int check_stack_overflow(void)
+@@ -39,7 +39,7 @@ static int check_stack_overflow(void)
__asm__ __volatile__("andl %%esp,%0" :
"=r" (sp) : "0" (THREAD_SIZE - 1));
@@ -17186,7 +16984,7 @@ index 7209070..cbcd71a 100644
}
static void print_stack_overflow(void)
-@@ -54,8 +54,8 @@ static inline void print_stack_overflow(void) { }
+@@ -59,8 +59,8 @@ static inline void print_stack_overflow(void) { }
* per-CPU IRQ handling contexts (thread information and stack)
*/
union irq_ctx {
@@ -17197,7 +16995,7 @@ index 7209070..cbcd71a 100644
} __attribute__((aligned(THREAD_SIZE)));
static DEFINE_PER_CPU(union irq_ctx *, hardirq_ctx);
-@@ -75,10 +75,9 @@ static void call_on_stack(void *func, void *stack)
+@@ -80,10 +80,9 @@ static void call_on_stack(void *func, void *stack)
static inline int
execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
{
@@ -17209,7 +17007,7 @@ index 7209070..cbcd71a 100644
irqctx = __this_cpu_read(hardirq_ctx);
/*
-@@ -87,21 +86,16 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
+@@ -92,21 +91,16 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
* handler) we can't do that and just have to keep using the
* current stack (which is the irq stack already after all)
*/
@@ -17237,7 +17035,7 @@ index 7209070..cbcd71a 100644
if (unlikely(overflow))
call_on_stack(print_stack_overflow, isp);
-@@ -113,6 +107,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
+@@ -118,6 +112,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
: "0" (irq), "1" (desc), "2" (isp),
"D" (desc->handle_irq)
: "memory", "cc", "ecx");
@@ -17249,7 +17047,7 @@ index 7209070..cbcd71a 100644
return 1;
}
-@@ -121,29 +120,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
+@@ -126,29 +125,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq)
*/
void __cpuinit irq_ctx_init(int cpu)
{
@@ -17281,7 +17079,7 @@ index 7209070..cbcd71a 100644
printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n",
cpu, per_cpu(hardirq_ctx, cpu), per_cpu(softirq_ctx, cpu));
-@@ -152,7 +133,6 @@ void __cpuinit irq_ctx_init(int cpu)
+@@ -157,7 +138,6 @@ void __cpuinit irq_ctx_init(int cpu)
asmlinkage void do_softirq(void)
{
unsigned long flags;
@@ -17289,7 +17087,7 @@ index 7209070..cbcd71a 100644
union irq_ctx *irqctx;
u32 *isp;
-@@ -162,15 +142,22 @@ asmlinkage void do_softirq(void)
+@@ -167,15 +147,22 @@ asmlinkage void do_softirq(void)
local_irq_save(flags);
if (local_softirq_pending()) {
@@ -17317,18 +17115,18 @@ index 7209070..cbcd71a 100644
* Shouldn't happen, we returned above if in_interrupt():
*/
diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
-index 69bca46..0bac999 100644
+index d04d3ec..ea4b374 100644
--- a/arch/x86/kernel/irq_64.c
+++ b/arch/x86/kernel/irq_64.c
-@@ -38,7 +38,7 @@ static inline void stack_overflow_check(struct pt_regs *regs)
- #ifdef CONFIG_DEBUG_STACKOVERFLOW
+@@ -44,7 +44,7 @@ static inline void stack_overflow_check(struct pt_regs *regs)
+ u64 estack_top, estack_bottom;
u64 curbase = (u64)task_stack_page(current);
- if (user_mode_vm(regs))
+ if (user_mode(regs))
return;
- WARN_ONCE(regs->sp >= curbase &&
+ if (regs->sp >= curbase + sizeof(struct thread_info) +
diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c
index faba577..93b9e71 100644
--- a/arch/x86/kernel/kgdb.c
@@ -17518,20 +17316,8 @@ index 7da647d..56fe348 100644
RELATIVE_ADDR_SIZE);
insn_buf[0] = RELATIVEJUMP_OPCODE;
-diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
-index a9c2116..a52d4fc 100644
---- a/arch/x86/kernel/kvm.c
-+++ b/arch/x86/kernel/kvm.c
-@@ -437,6 +437,7 @@ static void __init paravirt_ops_setup(void)
- pv_mmu_ops.set_pud = kvm_set_pud;
- #if PAGETABLE_LEVELS == 4
- pv_mmu_ops.set_pgd = kvm_set_pgd;
-+ pv_mmu_ops.set_pgd_batched = kvm_set_pgd;
- #endif
- #endif
- pv_mmu_ops.flush_tlb_user = kvm_flush_tlb;
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
-index ea69726..8b497c9 100644
+index ea69726..604d066 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
@@ -67,13 +67,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
@@ -17584,15 +17370,7 @@ index ea69726..8b497c9 100644
return retval;
}
-@@ -141,6 +159,7 @@ void destroy_context(struct mm_struct *mm)
- }
- }
-
-+static int read_ldt(void __user *ptr, unsigned long bytecount) __size_overflow(2);
- static int read_ldt(void __user *ptr, unsigned long bytecount)
- {
- int err;
-@@ -230,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
+@@ -230,6 +248,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
}
}
@@ -17638,14 +17416,11 @@ index a3fa43b..8966f4c 100644
relocate_kernel_ptr = control_page;
page_list[PA_CONTROL_PAGE] = __pa(control_page);
diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microcode_intel.c
-index 3ca42d0..79d24cd 100644
+index 3ca42d0..7cff8cc 100644
--- a/arch/x86/kernel/microcode_intel.c
+++ b/arch/x86/kernel/microcode_intel.c
-@@ -434,15 +434,16 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device)
- return ret;
- }
+@@ -436,13 +436,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device)
-+static int get_ucode_user(void *to, const void *from, size_t n) __size_overflow(3);
static int get_ucode_user(void *to, const void *from, size_t n)
{
- return copy_from_user(to, from, n);
@@ -17798,10 +17573,10 @@ index 925179f..267ac7a 100644
if ((s64)val != *(s32 *)loc)
goto overflow;
diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c
-index e88f37b..1353db6 100644
+index 47acaf3..ec48ab6 100644
--- a/arch/x86/kernel/nmi.c
+++ b/arch/x86/kernel/nmi.c
-@@ -408,6 +408,17 @@ static notrace __kprobes void default_do_nmi(struct pt_regs *regs)
+@@ -505,6 +505,17 @@ static inline void nmi_nesting_postprocess(void)
dotraplinkage notrace __kprobes void
do_nmi(struct pt_regs *regs, long error_code)
{
@@ -17816,9 +17591,9 @@ index e88f37b..1353db6 100644
+ }
+#endif
+
- nmi_enter();
+ nmi_nesting_preprocess(regs);
- inc_irq_stat(__nmi_count);
+ nmi_enter();
diff --git a/arch/x86/kernel/paravirt-spinlocks.c b/arch/x86/kernel/paravirt-spinlocks.c
index 676b8c7..870ba04 100644
--- a/arch/x86/kernel/paravirt-spinlocks.c
@@ -17981,7 +17756,7 @@ index 35ccf75..7a15747 100644
#define DEBUG 1
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
-index ee5d4fb..426649b 100644
+index 15763af..da59ada 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -48,16 +48,33 @@ void free_thread_xstate(struct task_struct *tsk)
@@ -18122,7 +17897,7 @@ index ee5d4fb..426649b 100644
+}
+#endif
diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
-index 8598296..bfadef0 100644
+index c08d1ff..6ae1c81 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -67,6 +67,7 @@ asmlinkage void ret_from_fork(void) __asm__("ret_from_fork");
@@ -18133,7 +17908,7 @@ index 8598296..bfadef0 100644
}
#ifndef CONFIG_SMP
-@@ -130,15 +131,14 @@ void __show_regs(struct pt_regs *regs, int all)
+@@ -132,15 +133,14 @@ void __show_regs(struct pt_regs *regs, int all)
unsigned long sp;
unsigned short ss, gs;
@@ -18151,7 +17926,7 @@ index 8598296..bfadef0 100644
show_regs_common();
-@@ -200,13 +200,14 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
+@@ -202,13 +202,14 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
struct task_struct *tsk;
int err;
@@ -18167,7 +17942,7 @@ index 8598296..bfadef0 100644
p->thread.ip = (unsigned long) ret_from_fork;
-@@ -296,7 +297,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -299,7 +300,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
struct thread_struct *prev = &prev_p->thread,
*next = &next_p->thread;
int cpu = smp_processor_id();
@@ -18176,7 +17951,7 @@ index 8598296..bfadef0 100644
fpu_switch_t fpu;
/* never put a printk in __switch_to... printk() calls wake_up*() indirectly */
-@@ -320,6 +321,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -323,6 +324,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
*/
lazy_save_gs(prev->gs);
@@ -18187,7 +17962,7 @@ index 8598296..bfadef0 100644
/*
* Load the per-thread Thread-Local Storage descriptor.
*/
-@@ -350,6 +355,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -353,6 +358,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
*/
arch_end_context_switch(next_p);
@@ -18197,7 +17972,7 @@ index 8598296..bfadef0 100644
/*
* Restore %gs if needed (which is common)
*/
-@@ -358,8 +366,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -361,8 +369,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
switch_fpu_finish(next_p, fpu);
@@ -18206,13 +17981,13 @@ index 8598296..bfadef0 100644
return prev_p;
}
-@@ -389,4 +395,3 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -392,4 +398,3 @@ unsigned long get_wchan(struct task_struct *p)
} while (count++ < 16);
return 0;
}
-
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
-index 6a364a6..b147d11 100644
+index cfa5c90..4facd28 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -89,7 +89,7 @@ static void __exit_idle(void)
@@ -18224,7 +17999,7 @@ index 6a364a6..b147d11 100644
return;
__exit_idle();
}
-@@ -264,8 +264,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
+@@ -270,8 +270,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
struct pt_regs *childregs;
struct task_struct *me = current;
@@ -18234,7 +18009,7 @@ index 6a364a6..b147d11 100644
*childregs = *regs;
childregs->ax = 0;
-@@ -277,6 +276,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
+@@ -283,6 +282,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
p->thread.sp = (unsigned long) childregs;
p->thread.sp0 = (unsigned long) (childregs+1);
p->thread.usersp = me->thread.usersp;
@@ -18242,7 +18017,7 @@ index 6a364a6..b147d11 100644
set_tsk_thread_flag(p, TIF_FORK);
-@@ -379,7 +379,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -385,7 +385,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
struct thread_struct *prev = &prev_p->thread;
struct thread_struct *next = &next_p->thread;
int cpu = smp_processor_id();
@@ -18251,7 +18026,7 @@ index 6a364a6..b147d11 100644
unsigned fsindex, gsindex;
fpu_switch_t fpu;
-@@ -461,10 +461,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -467,10 +467,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
prev->usersp = percpu_read(old_rsp);
percpu_write(old_rsp, next->usersp);
percpu_write(current_task, next_p);
@@ -18264,7 +18039,7 @@ index 6a364a6..b147d11 100644
/*
* Now maybe reload the debug registers and handle I/O bitmaps
-@@ -519,12 +518,11 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -525,12 +524,11 @@ unsigned long get_wchan(struct task_struct *p)
if (!p || p == current || p->state == TASK_RUNNING)
return 0;
stack = (unsigned long)task_stack_page(p);
@@ -18280,21 +18055,10 @@ index 6a364a6..b147d11 100644
ip = *(u64 *)(fp+8);
if (!in_sched_functions(ip))
diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
-index 8252879..f367ec9 100644
+index 5026738..9e6d6dc 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
-@@ -791,6 +791,10 @@ static int ioperm_active(struct task_struct *target,
- static int ioperm_get(struct task_struct *target,
- const struct user_regset *regset,
- unsigned int pos, unsigned int count,
-+ void *kbuf, void __user *ubuf) __size_overflow(3,4);
-+static int ioperm_get(struct task_struct *target,
-+ const struct user_regset *regset,
-+ unsigned int pos, unsigned int count,
- void *kbuf, void __user *ubuf)
- {
- if (!target->thread.io_bitmap_ptr)
-@@ -822,7 +826,7 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -823,7 +823,7 @@ long arch_ptrace(struct task_struct *child, long request,
unsigned long addr, unsigned long data)
{
int ret;
@@ -18303,7 +18067,7 @@ index 8252879..f367ec9 100644
switch (request) {
/* read the word at location addr in the USER area. */
-@@ -907,14 +911,14 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -908,14 +908,14 @@ long arch_ptrace(struct task_struct *child, long request,
if ((int) addr < 0)
return -EIO;
ret = do_get_thread_area(child, addr,
@@ -18320,7 +18084,7 @@ index 8252879..f367ec9 100644
break;
#endif
-@@ -1331,7 +1335,7 @@ static void fill_sigtrap_info(struct task_struct *tsk,
+@@ -1332,7 +1332,7 @@ static void fill_sigtrap_info(struct task_struct *tsk,
memset(info, 0, sizeof(*info));
info->si_signo = SIGTRAP;
info->si_code = si_code;
@@ -18362,7 +18126,7 @@ index 42eb330..139955c 100644
return ret;
diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
-index 37a458b..e63d183 100644
+index d840e69..98e9581 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -35,7 +35,7 @@ void (*pm_power_off)(void);
@@ -18374,7 +18138,7 @@ index 37a458b..e63d183 100644
enum reboot_type reboot_type = BOOT_ACPI;
int reboot_force;
-@@ -324,13 +324,17 @@ core_initcall(reboot_init);
+@@ -335,13 +335,17 @@ core_initcall(reboot_init);
extern const unsigned char machine_real_restart_asm[];
extern const u64 machine_real_restart_gdt[3];
@@ -18394,7 +18158,7 @@ index 37a458b..e63d183 100644
local_irq_disable();
/* Write zero to CMOS register number 0x0f, which the BIOS POST
-@@ -356,14 +360,14 @@ void machine_real_restart(unsigned int type)
+@@ -367,14 +371,14 @@ void machine_real_restart(unsigned int type)
boot)". This seems like a fairly standard thing that gets set by
REBOOT.COM programs, and the previous reset routine did this
too. */
@@ -18411,7 +18175,7 @@ index 37a458b..e63d183 100644
/* GDT[0]: GDT self-pointer */
lowmem_gdt[0] =
-@@ -374,7 +378,33 @@ void machine_real_restart(unsigned int type)
+@@ -385,7 +389,33 @@ void machine_real_restart(unsigned int type)
GDT_ENTRY(0x009b, restart_pa, 0xffff);
/* Jump to the identity-mapped low memory code */
@@ -18445,7 +18209,7 @@ index 37a458b..e63d183 100644
}
#ifdef CONFIG_APM_MODULE
EXPORT_SYMBOL(machine_real_restart);
-@@ -540,7 +570,7 @@ void __attribute__((weak)) mach_reboot_fixups(void)
+@@ -556,7 +586,7 @@ void __attribute__((weak)) mach_reboot_fixups(void)
* try to force a triple fault and then cycle between hitting the keyboard
* controller and doing that
*/
@@ -18454,7 +18218,7 @@ index 37a458b..e63d183 100644
{
int i;
int attempt = 0;
-@@ -664,13 +694,13 @@ void native_machine_shutdown(void)
+@@ -680,13 +710,13 @@ void native_machine_shutdown(void)
#endif
}
@@ -18470,7 +18234,7 @@ index 37a458b..e63d183 100644
{
printk("machine restart\n");
-@@ -679,7 +709,7 @@ static void native_machine_restart(char *__unused)
+@@ -695,7 +725,7 @@ static void native_machine_restart(char *__unused)
__machine_emergency_restart(0);
}
@@ -18479,7 +18243,7 @@ index 37a458b..e63d183 100644
{
/* stop other cpus and apics */
machine_shutdown();
-@@ -690,7 +720,7 @@ static void native_machine_halt(void)
+@@ -706,7 +736,7 @@ static void native_machine_halt(void)
stop_this_cpu(NULL);
}
@@ -18488,7 +18252,7 @@ index 37a458b..e63d183 100644
{
if (pm_power_off) {
if (!reboot_force)
-@@ -699,6 +729,7 @@ static void native_machine_power_off(void)
+@@ -715,6 +745,7 @@ static void native_machine_power_off(void)
}
/* a fallback in case there is no PM info available */
tboot_shutdown(TB_SHUTDOWN_HALT);
@@ -18525,10 +18289,10 @@ index 7a6f3b3..bed145d7 100644
1:
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index cf0ef98..e3f780b 100644
+index d7d5099..28555d0 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
-@@ -447,7 +447,7 @@ static void __init parse_setup_data(void)
+@@ -448,7 +448,7 @@ static void __init parse_setup_data(void)
switch (data->type) {
case SETUP_E820_EXT:
@@ -18537,7 +18301,7 @@ index cf0ef98..e3f780b 100644
break;
case SETUP_DTB:
add_dtb(pa_data);
-@@ -650,7 +650,7 @@ static void __init trim_bios_range(void)
+@@ -649,7 +649,7 @@ static void __init trim_bios_range(void)
* area (640->1Mb) as ram even though it is not.
* take them out.
*/
@@ -18546,7 +18310,7 @@ index cf0ef98..e3f780b 100644
sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map);
}
-@@ -773,14 +773,14 @@ void __init setup_arch(char **cmdline_p)
+@@ -767,14 +767,14 @@ void __init setup_arch(char **cmdline_p)
if (!boot_params.hdr.root_flags)
root_mountflags &= ~MS_RDONLY;
@@ -18567,7 +18331,7 @@ index cf0ef98..e3f780b 100644
bss_resource.start = virt_to_phys(&__bss_start);
bss_resource.end = virt_to_phys(&__bss_stop)-1;
diff --git a/arch/x86/kernel/setup_percpu.c b/arch/x86/kernel/setup_percpu.c
-index 71f4727..217419b 100644
+index 71f4727..16dc9f7 100644
--- a/arch/x86/kernel/setup_percpu.c
+++ b/arch/x86/kernel/setup_percpu.c
@@ -21,19 +21,17 @@
@@ -18594,25 +18358,7 @@ index 71f4727..217419b 100644
[0 ... NR_CPUS-1] = BOOT_PERCPU_OFFSET,
};
EXPORT_SYMBOL(__per_cpu_offset);
-@@ -96,6 +94,8 @@ static bool __init pcpu_need_numa(void)
- * Pointer to the allocated area on success, NULL on failure.
- */
- static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long size,
-+ unsigned long align) __size_overflow(2);
-+static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long size,
- unsigned long align)
- {
- const unsigned long goal = __pa(MAX_DMA_ADDRESS);
-@@ -124,6 +124,8 @@ static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long size,
- /*
- * Helpers for first chunk memory allocation
- */
-+static void * __init pcpu_fc_alloc(unsigned int cpu, size_t size, size_t align) __size_overflow(2);
-+
- static void * __init pcpu_fc_alloc(unsigned int cpu, size_t size, size_t align)
- {
- return pcpu_alloc_bootmem(cpu, size, align);
-@@ -155,10 +157,10 @@ static inline void setup_percpu_segment(int cpu)
+@@ -155,10 +153,10 @@ static inline void setup_percpu_segment(int cpu)
{
#ifdef CONFIG_X86_32
struct desc_struct gdt;
@@ -18626,7 +18372,7 @@ index 71f4727..217419b 100644
write_gdt_entry(get_cpu_gdt_table(cpu),
GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S);
#endif
-@@ -207,6 +209,11 @@ void __init setup_per_cpu_areas(void)
+@@ -207,6 +205,11 @@ void __init setup_per_cpu_areas(void)
/* alrighty, percpu areas up and running */
delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start;
for_each_possible_cpu(cpu) {
@@ -18638,7 +18384,7 @@ index 71f4727..217419b 100644
per_cpu_offset(cpu) = delta + pcpu_unit_offsets[cpu];
per_cpu(this_cpu_off, cpu) = per_cpu_offset(cpu);
per_cpu(cpu_number, cpu) = cpu;
-@@ -247,6 +254,12 @@ void __init setup_per_cpu_areas(void)
+@@ -247,6 +250,12 @@ void __init setup_per_cpu_areas(void)
*/
set_cpu_numa_node(cpu, early_cpu_to_node(cpu));
#endif
@@ -18652,7 +18398,7 @@ index 71f4727..217419b 100644
* Up to this point, the boot CPU has been using .init.data
* area. Reload any changed state for the boot CPU.
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
-index 54ddaeb2..22c3bdc 100644
+index 46a01bd..2e88e6d 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -198,7 +198,7 @@ static unsigned long align_sigframe(unsigned long sp)
@@ -18720,7 +18466,7 @@ index 54ddaeb2..22c3bdc 100644
} put_user_catch(err);
if (err)
-@@ -769,7 +772,7 @@ static void do_signal(struct pt_regs *regs)
+@@ -765,7 +768,7 @@ static void do_signal(struct pt_regs *regs)
* X86_32: vm86 regs switched out by assembly code before reaching
* here, so testing against kernel CS suffices.
*/
@@ -18730,10 +18476,10 @@ index 54ddaeb2..22c3bdc 100644
signr = get_signal_to_deliver(&info, &ka, regs, NULL);
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
-index 9f548cb..caf76f7 100644
+index 66d250c..f1b10bd 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
-@@ -709,17 +709,20 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu)
+@@ -715,17 +715,20 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu)
set_idle_for_cpu(cpu, c_idle.idle);
do_rest:
per_cpu(current_task, cpu) = c_idle.idle;
@@ -18757,7 +18503,7 @@ index 9f548cb..caf76f7 100644
initial_code = (unsigned long)start_secondary;
stack_start = c_idle.idle->thread.sp;
-@@ -861,6 +864,12 @@ int __cpuinit native_cpu_up(unsigned int cpu)
+@@ -868,6 +871,12 @@ int __cpuinit native_cpu_up(unsigned int cpu)
per_cpu(cpu_state, cpu) = CPU_UP_PREPARE;
@@ -19189,15 +18935,6 @@ index 0514890..3dbebce 100644
mm->cached_hole_size = ~0UL;
return addr;
-diff --git a/arch/x86/kernel/syscall_table_32.S b/arch/x86/kernel/syscall_table_32.S
-index 9a0e312..e6f66f2 100644
---- a/arch/x86/kernel/syscall_table_32.S
-+++ b/arch/x86/kernel/syscall_table_32.S
-@@ -1,3 +1,4 @@
-+.section .rodata,"a",@progbits
- ENTRY(sys_call_table)
- .long sys_restart_syscall /* 0 - old "setup()" system call, used for restarting */
- .long sys_exit
diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c
index e2410e2..4fe3fbc 100644
--- a/arch/x86/kernel/tboot.c
@@ -19300,18 +19037,6 @@ index 6bb7b85..dd853e1 100644
set_tls_desc(p, idx, &info, 1);
return 0;
-diff --git a/arch/x86/kernel/tls.h b/arch/x86/kernel/tls.h
-index 2f083a2..7d3fecc 100644
---- a/arch/x86/kernel/tls.h
-+++ b/arch/x86/kernel/tls.h
-@@ -16,6 +16,6 @@
-
- extern user_regset_active_fn regset_tls_active;
- extern user_regset_get_fn regset_tls_get;
--extern user_regset_set_fn regset_tls_set;
-+extern user_regset_set_fn regset_tls_set __size_overflow(4);
-
- #endif /* _ARCH_X86_KERNEL_TLS_H */
diff --git a/arch/x86/kernel/trampoline_32.S b/arch/x86/kernel/trampoline_32.S
index 451c0a7..e57f551 100644
--- a/arch/x86/kernel/trampoline_32.S
@@ -19361,7 +19086,7 @@ index 09ff517..df19fbff 100644
.short 0
.quad 0x00cf9b000000ffff # __KERNEL32_CS
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
-index 31d9d0f..e244dd9 100644
+index 4bbe04d..41d0943 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -70,12 +70,6 @@ asmlinkage int system_call(void);
@@ -19479,7 +19204,7 @@ index 31d9d0f..e244dd9 100644
die("general protection fault", regs, error_code);
}
-@@ -414,7 +443,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
+@@ -421,7 +450,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
/* It's safe to allow irq's after DR6 has been saved */
preempt_conditional_sti(regs);
@@ -19488,7 +19213,7 @@ index 31d9d0f..e244dd9 100644
handle_vm86_trap((struct kernel_vm86_regs *) regs,
error_code, 1);
preempt_conditional_cli(regs);
-@@ -428,7 +457,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
+@@ -436,7 +465,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
* We already checked v86 mode above, so we can check for kernel mode
* by just checking the CPL of CS.
*/
@@ -19497,7 +19222,7 @@ index 31d9d0f..e244dd9 100644
tsk->thread.debugreg6 &= ~DR_STEP;
set_tsk_thread_flag(tsk, TIF_SINGLESTEP);
regs->flags &= ~X86_EFLAGS_TF;
-@@ -457,7 +486,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr)
+@@ -466,7 +495,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr)
return;
conditional_sti(regs);
@@ -19506,17 +19231,6 @@ index 31d9d0f..e244dd9 100644
{
if (!fixup_exception(regs)) {
task->thread.error_code = error_code;
-@@ -569,8 +598,8 @@ asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void)
- void __math_state_restore(struct task_struct *tsk)
- {
- /* We need a safe address that is cheap to find and that is already
-- in L1. We've just brought in "tsk->thread.has_fpu", so use that */
--#define safe_address (tsk->thread.has_fpu)
-+ in L1. */
-+#define safe_address (init_tss[smp_processor_id()].x86_tss.sp0)
-
- /* AMD K7/K8 CPUs don't save/restore FDP/FIP/FOP unless an exception
- is pending. Clear the x87 state here by setting it to fixed
diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S
index b9242ba..50c5edd 100644
--- a/arch/x86/kernel/verify_cpu.S
@@ -19530,7 +19244,7 @@ index b9242ba..50c5edd 100644
* verify_cpu, returns the status of longmode and SSE in register %eax.
* 0: Success 1: Failure
diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
-index 863f875..4307295 100644
+index b466cab..a0df083 100644
--- a/arch/x86/kernel/vm86_32.c
+++ b/arch/x86/kernel/vm86_32.c
@@ -41,6 +41,7 @@
@@ -19588,7 +19302,7 @@ index 863f875..4307295 100644
tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0;
if (cpu_has_sep)
tsk->thread.sysenter_cs = 0;
-@@ -529,7 +545,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i,
+@@ -531,7 +547,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i,
goto cannot_handle;
if (i == 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored))
goto cannot_handle;
@@ -19862,14 +19576,14 @@ index 0f703f1..9e15f64 100644
#ifdef CONFIG_SMP
diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
-index e4d4a22..47ee71f 100644
+index b07ba93..a212969 100644
--- a/arch/x86/kernel/vsyscall_64.c
+++ b/arch/x86/kernel/vsyscall_64.c
@@ -57,15 +57,13 @@ DEFINE_VVAR(struct vsyscall_gtod_data, vsyscall_gtod_data) =
.lock = __SEQLOCK_UNLOCKED(__vsyscall_gtod_data.lock),
};
--static enum { EMULATE, NATIVE, NONE } vsyscall_mode = NATIVE;
+-static enum { EMULATE, NATIVE, NONE } vsyscall_mode = EMULATE;
+static enum { EMULATE, NONE } vsyscall_mode = EMULATE;
static int __init vsyscall_setup(char *str)
@@ -19882,16 +19596,16 @@ index e4d4a22..47ee71f 100644
else if (!strcmp("none", str))
vsyscall_mode = NONE;
else
-@@ -178,7 +176,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
+@@ -207,7 +205,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
tsk = current;
if (seccomp_mode(&tsk->seccomp))
- do_exit(SIGKILL);
+ do_group_exit(SIGKILL);
- switch (vsyscall_nr) {
- case 0:
-@@ -220,8 +218,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
+ /*
+ * With a real vsyscall, page faults cause SIGSEGV. We want to
+@@ -279,8 +277,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address)
return true;
sigsegv:
@@ -19901,7 +19615,7 @@ index e4d4a22..47ee71f 100644
}
/*
-@@ -274,10 +271,7 @@ void __init map_vsyscall(void)
+@@ -333,10 +330,7 @@ void __init map_vsyscall(void)
extern char __vvar_page;
unsigned long physaddr_vvar_page = __pa_symbol(&__vvar_page);
@@ -19957,11 +19671,62 @@ index 7110911..e8cdee5 100644
buf);
if (unlikely(err)) {
/*
+diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
+index 89b02bf..0f6511d 100644
+--- a/arch/x86/kvm/cpuid.c
++++ b/arch/x86/kvm/cpuid.c
+@@ -124,15 +124,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu,
+ struct kvm_cpuid2 *cpuid,
+ struct kvm_cpuid_entry2 __user *entries)
+ {
+- int r;
++ int r, i;
+
+ r = -E2BIG;
+ if (cpuid->nent > KVM_MAX_CPUID_ENTRIES)
+ goto out;
+ r = -EFAULT;
+- if (copy_from_user(&vcpu->arch.cpuid_entries, entries,
+- cpuid->nent * sizeof(struct kvm_cpuid_entry2)))
++ if (!access_ok(VERIFY_READ, entries, cpuid->nent * sizeof(struct kvm_cpuid_entry2)))
+ goto out;
++ for (i = 0; i < cpuid->nent; ++i) {
++ struct kvm_cpuid_entry2 cpuid_entry;
++ if (__copy_from_user(&cpuid_entry, entries + i, sizeof(cpuid_entry)))
++ goto out;
++ vcpu->arch.cpuid_entries[i] = cpuid_entry;
++ }
+ vcpu->arch.cpuid_nent = cpuid->nent;
+ kvm_apic_set_version(vcpu);
+ kvm_x86_ops->cpuid_update(vcpu);
+@@ -147,15 +152,19 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
+ struct kvm_cpuid2 *cpuid,
+ struct kvm_cpuid_entry2 __user *entries)
+ {
+- int r;
++ int r, i;
+
+ r = -E2BIG;
+ if (cpuid->nent < vcpu->arch.cpuid_nent)
+ goto out;
+ r = -EFAULT;
+- if (copy_to_user(entries, &vcpu->arch.cpuid_entries,
+- vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2)))
++ if (!access_ok(VERIFY_WRITE, entries, vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2)))
+ goto out;
++ for (i = 0; i < vcpu->arch.cpuid_nent; ++i) {
++ struct kvm_cpuid_entry2 cpuid_entry = vcpu->arch.cpuid_entries[i];
++ if (__copy_to_user(entries + i, &cpuid_entry, sizeof(cpuid_entry)))
++ goto out;
++ }
+ return 0;
+
+ out:
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index f1e3be18..588efc8 100644
+index 0982507..7f6d72f 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
-@@ -249,6 +249,7 @@ struct gprefix {
+@@ -250,6 +250,7 @@ struct gprefix {
#define ____emulate_2op(ctxt, _op, _x, _y, _suffix, _dsttype) \
do { \
@@ -19969,7 +19734,7 @@ index f1e3be18..588efc8 100644
__asm__ __volatile__ ( \
_PRE_EFLAGS("0", "4", "2") \
_op _suffix " %"_x"3,%1; " \
-@@ -263,8 +264,6 @@ struct gprefix {
+@@ -264,8 +265,6 @@ struct gprefix {
/* Raw emulation: instruction has two explicit operands. */
#define __emulate_2op_nobyte(ctxt,_op,_wx,_wy,_lx,_ly,_qx,_qy) \
do { \
@@ -19978,7 +19743,7 @@ index f1e3be18..588efc8 100644
switch ((ctxt)->dst.bytes) { \
case 2: \
____emulate_2op(ctxt,_op,_wx,_wy,"w",u16); \
-@@ -280,7 +279,6 @@ struct gprefix {
+@@ -281,7 +280,6 @@ struct gprefix {
#define __emulate_2op(ctxt,_op,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \
do { \
@@ -19987,10 +19752,10 @@ index f1e3be18..588efc8 100644
case 1: \
____emulate_2op(ctxt,_op,_bx,_by,"b",u8); \
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
-index 54abb40..a192606 100644
+index cfdc6e0..ab92e84 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
-@@ -53,7 +53,7 @@
+@@ -54,7 +54,7 @@
#define APIC_BUS_CYCLE_NS 1
/* #define apic_debug(fmt,arg...) printk(KERN_WARNING fmt,##arg) */
@@ -19999,30 +19764,8 @@ index 54abb40..a192606 100644
#define APIC_LVT_NUM 6
/* 14 is the version for Xeon and Pentium 8.4.8*/
-diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
-index f1b36cf..af8a124 100644
---- a/arch/x86/kvm/mmu.c
-+++ b/arch/x86/kvm/mmu.c
-@@ -3555,7 +3555,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
-
- pgprintk("%s: gpa %llx bytes %d\n", __func__, gpa, bytes);
-
-- invlpg_counter = atomic_read(&vcpu->kvm->arch.invlpg_counter);
-+ invlpg_counter = atomic_read_unchecked(&vcpu->kvm->arch.invlpg_counter);
-
- /*
- * Assume that the pte write on a page table of the same type
-@@ -3587,7 +3587,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
- }
-
- spin_lock(&vcpu->kvm->mmu_lock);
-- if (atomic_read(&vcpu->kvm->arch.invlpg_counter) != invlpg_counter)
-+ if (atomic_read_unchecked(&vcpu->kvm->arch.invlpg_counter) != invlpg_counter)
- gentry = 0;
- kvm_mmu_free_some_pages(vcpu);
- ++vcpu->kvm->stat.mmu_pte_write;
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
-index 9299410..ade2f9b 100644
+index 1561028..0ed7f14 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -197,7 +197,7 @@ retry_walk:
@@ -20034,28 +19777,11 @@ index 9299410..ade2f9b 100644
if (unlikely(__copy_from_user(&pte, ptep_user, sizeof(pte))))
goto error;
-@@ -705,7 +705,7 @@ static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva)
- if (need_flush)
- kvm_flush_remote_tlbs(vcpu->kvm);
-
-- atomic_inc(&vcpu->kvm->arch.invlpg_counter);
-+ atomic_inc_unchecked(&vcpu->kvm->arch.invlpg_counter);
-
- spin_unlock(&vcpu->kvm->mmu_lock);
-
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
-index 94a4672..1700ed1 100644
+index e385214..f8df033 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
-@@ -3037,6 +3037,7 @@ static int svm_set_vm_cr(struct kvm_vcpu *vcpu, u64 data)
- return 0;
- }
-
-+static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) __size_overflow(3);
- static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data)
- {
- struct vcpu_svm *svm = to_svm(vcpu);
-@@ -3405,7 +3406,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
+@@ -3420,7 +3420,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
int cpu = raw_smp_processor_id();
struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
@@ -20067,7 +19793,7 @@ index 94a4672..1700ed1 100644
load_TR_desc();
}
-@@ -3783,6 +3788,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -3798,6 +3802,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
#endif
#endif
@@ -20079,10 +19805,10 @@ index 94a4672..1700ed1 100644
local_irq_disable();
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 4ea7678..c715f2f 100644
+index 3b4c8d8..f457b63 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
-@@ -1305,7 +1305,11 @@ static void reload_tss(void)
+@@ -1306,7 +1306,11 @@ static void reload_tss(void)
struct desc_struct *descs;
descs = (void *)gdt->address;
@@ -20094,15 +19820,7 @@ index 4ea7678..c715f2f 100644
load_TR_desc();
}
-@@ -2163,6 +2167,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata)
- * Returns 0 on success, non-0 otherwise.
- * Assumes vcpu_load() was already called.
- */
-+static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data) __size_overflow(3);
- static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data)
- {
- struct vcpu_vmx *vmx = to_vmx(vcpu);
-@@ -2633,8 +2638,11 @@ static __init int hardware_setup(void)
+@@ -2631,8 +2635,11 @@ static __init int hardware_setup(void)
if (!cpu_has_vmx_flexpriority())
flexpriority_enabled = 0;
@@ -20116,7 +19834,7 @@ index 4ea7678..c715f2f 100644
if (enable_ept && !cpu_has_vmx_ept_2m_page())
kvm_disable_largepages();
-@@ -3648,7 +3656,7 @@ static void vmx_set_constant_host_state(void)
+@@ -3648,7 +3655,7 @@ static void vmx_set_constant_host_state(void)
vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl));
@@ -20125,7 +19843,7 @@ index 4ea7678..c715f2f 100644
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
-@@ -6169,6 +6177,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6184,6 +6191,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
"jmp .Lkvm_vmx_return \n\t"
".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t"
".Lkvm_vmx_return: "
@@ -20138,7 +19856,7 @@ index 4ea7678..c715f2f 100644
/* Save guest registers, load host registers, keep flags */
"mov %0, %c[wordsize](%%"R"sp) \n\t"
"pop %0 \n\t"
-@@ -6217,6 +6231,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6232,6 +6245,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
#endif
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
[wordsize]"i"(sizeof(ulong))
@@ -20150,7 +19868,7 @@ index 4ea7678..c715f2f 100644
: "cc", "memory"
, R"ax", R"bx", R"di", R"si"
#ifdef CONFIG_X86_64
-@@ -6245,7 +6264,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6260,7 +6278,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
}
}
@@ -20169,18 +19887,10 @@ index 4ea7678..c715f2f 100644
vmx->exit_reason = vmcs_read32(VM_EXIT_REASON);
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 4c938da..6cd8090 100644
+index 9cbfc06..7ddc9fa 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
-@@ -907,6 +907,7 @@ static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data)
- return kvm_set_msr(vcpu, index, *data);
- }
-
-+static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock) __size_overflow(2);
- static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock)
- {
- int version;
-@@ -1345,8 +1346,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
+@@ -1311,8 +1311,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
{
struct kvm *kvm = vcpu->kvm;
int lm = is_long_mode(vcpu);
@@ -20191,7 +19901,7 @@ index 4c938da..6cd8090 100644
u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
: kvm->arch.xen_hvm_config.blob_size_32;
u32 page_num = data & ~PAGE_MASK;
-@@ -2165,6 +2166,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
+@@ -2145,6 +2145,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
if (n < msr_list.nmsrs)
goto out;
r = -EFAULT;
@@ -20200,54 +19910,7 @@ index 4c938da..6cd8090 100644
if (copy_to_user(user_msr_list->indices, &msrs_to_save,
num_msrs_to_save * sizeof(u32)))
goto out;
-@@ -2340,15 +2343,20 @@ static int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu,
- struct kvm_cpuid2 *cpuid,
- struct kvm_cpuid_entry2 __user *entries)
- {
-- int r;
-+ int r, i;
-
- r = -E2BIG;
- if (cpuid->nent > KVM_MAX_CPUID_ENTRIES)
- goto out;
- r = -EFAULT;
-- if (copy_from_user(&vcpu->arch.cpuid_entries, entries,
-- cpuid->nent * sizeof(struct kvm_cpuid_entry2)))
-+ if (!access_ok(VERIFY_READ, entries, cpuid->nent * sizeof(struct kvm_cpuid_entry2)))
- goto out;
-+ for (i = 0; i < cpuid->nent; ++i) {
-+ struct kvm_cpuid_entry2 cpuid_entry;
-+ if (__copy_from_user(&cpuid_entry, entries + i, sizeof(cpuid_entry)))
-+ goto out;
-+ vcpu->arch.cpuid_entries[i] = cpuid_entry;
-+ }
- vcpu->arch.cpuid_nent = cpuid->nent;
- kvm_apic_set_version(vcpu);
- kvm_x86_ops->cpuid_update(vcpu);
-@@ -2363,15 +2371,19 @@ static int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu,
- struct kvm_cpuid2 *cpuid,
- struct kvm_cpuid_entry2 __user *entries)
- {
-- int r;
-+ int r, i;
-
- r = -E2BIG;
- if (cpuid->nent < vcpu->arch.cpuid_nent)
- goto out;
- r = -EFAULT;
-- if (copy_to_user(entries, &vcpu->arch.cpuid_entries,
-- vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2)))
-+ if (!access_ok(VERIFY_WRITE, entries, vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2)))
- goto out;
-+ for (i = 0; i < vcpu->arch.cpuid_nent; ++i) {
-+ struct kvm_cpuid_entry2 cpuid_entry = vcpu->arch.cpuid_entries[i];
-+ if (__copy_to_user(entries + i, &cpuid_entry, sizeof(cpuid_entry)))
-+ goto out;
-+ }
- return 0;
-
- out:
-@@ -2746,7 +2758,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu,
+@@ -2266,7 +2268,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu,
static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
struct kvm_interrupt *irq)
{
@@ -20256,67 +19919,7 @@ index 4c938da..6cd8090 100644
return -EINVAL;
if (irqchip_in_kernel(vcpu->kvm))
return -ENXIO;
-@@ -3949,6 +3961,9 @@ gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva,
-
- static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes,
- struct kvm_vcpu *vcpu, u32 access,
-+ struct x86_exception *exception) __size_overflow(1,3);
-+static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes,
-+ struct kvm_vcpu *vcpu, u32 access,
- struct x86_exception *exception)
- {
- void *data = val;
-@@ -3980,6 +3995,9 @@ out:
- /* used for instruction fetching */
- static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt,
- gva_t addr, void *val, unsigned int bytes,
-+ struct x86_exception *exception) __size_overflow(2,4);
-+static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt,
-+ gva_t addr, void *val, unsigned int bytes,
- struct x86_exception *exception)
- {
- struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
-@@ -4004,6 +4022,9 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_virt);
-
- static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt,
- gva_t addr, void *val, unsigned int bytes,
-+ struct x86_exception *exception) __size_overflow(2,4);
-+static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt,
-+ gva_t addr, void *val, unsigned int bytes,
- struct x86_exception *exception)
- {
- struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
-@@ -4117,12 +4138,16 @@ static int read_prepare(struct kvm_vcpu *vcpu, void *val, int bytes)
- }
-
- static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa,
-+ void *val, int bytes) __size_overflow(2);
-+static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa,
- void *val, int bytes)
- {
- return !kvm_read_guest(vcpu->kvm, gpa, val, bytes);
- }
-
- static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa,
-+ void *val, int bytes) __size_overflow(2);
-+static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa,
- void *val, int bytes)
- {
- return emulator_write_phys(vcpu, gpa, val, bytes);
-@@ -4273,6 +4298,12 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt,
- const void *old,
- const void *new,
- unsigned int bytes,
-+ struct x86_exception *exception) __size_overflow(5);
-+static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt,
-+ unsigned long addr,
-+ const void *old,
-+ const void *new,
-+ unsigned int bytes,
- struct x86_exception *exception)
- {
- struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt);
-@@ -5162,7 +5193,7 @@ static void kvm_set_mmio_spte_mask(void)
+@@ -4780,7 +4782,7 @@ static void kvm_set_mmio_spte_mask(void)
kvm_mmu_set_mmio_spte_mask(mask);
}
@@ -20325,28 +19928,11 @@ index 4c938da..6cd8090 100644
{
int r;
struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque;
-diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
-index d36fe23..a4b189f 100644
---- a/arch/x86/kvm/x86.h
-+++ b/arch/x86/kvm/x86.h
-@@ -119,10 +119,10 @@ void kvm_write_tsc(struct kvm_vcpu *vcpu, u64 data);
-
- int kvm_read_guest_virt(struct x86_emulate_ctxt *ctxt,
- gva_t addr, void *val, unsigned int bytes,
-- struct x86_exception *exception);
-+ struct x86_exception *exception) __size_overflow(2,4);
-
- int kvm_write_guest_virt_system(struct x86_emulate_ctxt *ctxt,
- gva_t addr, void *val, unsigned int bytes,
-- struct x86_exception *exception);
-+ struct x86_exception *exception) __size_overflow(2,4);
-
- #endif
diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c
-index cf4603b..7cdde38 100644
+index 642d880..44e0f3f 100644
--- a/arch/x86/lguest/boot.c
+++ b/arch/x86/lguest/boot.c
-@@ -1195,9 +1195,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count)
+@@ -1200,9 +1200,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count)
* Rebooting also tells the Host we're finished, but the RESTART flag tells the
* Launcher to reboot us.
*/
@@ -21661,7 +21247,7 @@ index 51f1504..ddac4c1 100644
CFI_ENDPROC
END(bad_get_user)
diff --git a/arch/x86/lib/insn.c b/arch/x86/lib/insn.c
-index 374562e..a75830b 100644
+index 5a1f9f3..ba9f577 100644
--- a/arch/x86/lib/insn.c
+++ b/arch/x86/lib/insn.c
@@ -21,6 +21,11 @@
@@ -22615,7 +22201,7 @@ index a63efd6..ccecad8 100644
ret
CFI_ENDPROC
diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c
-index e218d5d..a99a1eb 100644
+index e218d5d..35679b4 100644
--- a/arch/x86/lib/usercopy_32.c
+++ b/arch/x86/lib/usercopy_32.c
@@ -43,7 +43,7 @@ do { \
@@ -22718,7 +22304,7 @@ index e218d5d..a99a1eb 100644
" addl $-64, %0\n"
" addl $64, %4\n"
" addl $64, %3\n"
-@@ -278,10 +282,12 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size)
+@@ -278,10 +282,119 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size)
" shrl $2, %0\n"
" andl $3, %%eax\n"
" cld\n"
@@ -22728,13 +22314,58 @@ index e218d5d..a99a1eb 100644
"37: rep; movsb\n"
"100:\n"
+ __COPYUSER_RESTORE_ES
- ".section .fixup,\"ax\"\n"
- "101: lea 0(%%eax,%0,4),%0\n"
- " jmp 100b\n"
-@@ -334,46 +340,155 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size)
- }
-
- static unsigned long
++ ".section .fixup,\"ax\"\n"
++ "101: lea 0(%%eax,%0,4),%0\n"
++ " jmp 100b\n"
++ ".previous\n"
++ ".section __ex_table,\"a\"\n"
++ " .align 4\n"
++ " .long 1b,100b\n"
++ " .long 2b,100b\n"
++ " .long 3b,100b\n"
++ " .long 4b,100b\n"
++ " .long 5b,100b\n"
++ " .long 6b,100b\n"
++ " .long 7b,100b\n"
++ " .long 8b,100b\n"
++ " .long 9b,100b\n"
++ " .long 10b,100b\n"
++ " .long 11b,100b\n"
++ " .long 12b,100b\n"
++ " .long 13b,100b\n"
++ " .long 14b,100b\n"
++ " .long 15b,100b\n"
++ " .long 16b,100b\n"
++ " .long 17b,100b\n"
++ " .long 18b,100b\n"
++ " .long 19b,100b\n"
++ " .long 20b,100b\n"
++ " .long 21b,100b\n"
++ " .long 22b,100b\n"
++ " .long 23b,100b\n"
++ " .long 24b,100b\n"
++ " .long 25b,100b\n"
++ " .long 26b,100b\n"
++ " .long 27b,100b\n"
++ " .long 28b,100b\n"
++ " .long 29b,100b\n"
++ " .long 30b,100b\n"
++ " .long 31b,100b\n"
++ " .long 32b,100b\n"
++ " .long 33b,100b\n"
++ " .long 34b,100b\n"
++ " .long 35b,100b\n"
++ " .long 36b,100b\n"
++ " .long 37b,100b\n"
++ " .long 99b,101b\n"
++ ".previous"
++ : "=&c"(size), "=&D" (d0), "=&S" (d1)
++ : "1"(to), "2"(from), "0"(size)
++ : "eax", "edx", "memory");
++ return size;
++}
++
++static unsigned long
+__generic_copy_from_user_intel(void *to, const void __user *from, unsigned long size)
+{
+ int d0, d1;
@@ -22790,62 +22421,10 @@ index e218d5d..a99a1eb 100644
+ "36: movl %%eax, %0\n"
+ "37: rep; "__copyuser_seg" movsb\n"
+ "100:\n"
-+ ".section .fixup,\"ax\"\n"
-+ "101: lea 0(%%eax,%0,4),%0\n"
-+ " jmp 100b\n"
-+ ".previous\n"
-+ ".section __ex_table,\"a\"\n"
-+ " .align 4\n"
-+ " .long 1b,100b\n"
-+ " .long 2b,100b\n"
-+ " .long 3b,100b\n"
-+ " .long 4b,100b\n"
-+ " .long 5b,100b\n"
-+ " .long 6b,100b\n"
-+ " .long 7b,100b\n"
-+ " .long 8b,100b\n"
-+ " .long 9b,100b\n"
-+ " .long 10b,100b\n"
-+ " .long 11b,100b\n"
-+ " .long 12b,100b\n"
-+ " .long 13b,100b\n"
-+ " .long 14b,100b\n"
-+ " .long 15b,100b\n"
-+ " .long 16b,100b\n"
-+ " .long 17b,100b\n"
-+ " .long 18b,100b\n"
-+ " .long 19b,100b\n"
-+ " .long 20b,100b\n"
-+ " .long 21b,100b\n"
-+ " .long 22b,100b\n"
-+ " .long 23b,100b\n"
-+ " .long 24b,100b\n"
-+ " .long 25b,100b\n"
-+ " .long 26b,100b\n"
-+ " .long 27b,100b\n"
-+ " .long 28b,100b\n"
-+ " .long 29b,100b\n"
-+ " .long 30b,100b\n"
-+ " .long 31b,100b\n"
-+ " .long 32b,100b\n"
-+ " .long 33b,100b\n"
-+ " .long 34b,100b\n"
-+ " .long 35b,100b\n"
-+ " .long 36b,100b\n"
-+ " .long 37b,100b\n"
-+ " .long 99b,101b\n"
-+ ".previous"
-+ : "=&c"(size), "=&D" (d0), "=&S" (d1)
-+ : "1"(to), "2"(from), "0"(size)
-+ : "eax", "edx", "memory");
-+ return size;
-+}
-+
-+static unsigned long
-+__copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) __size_overflow(3);
-+static unsigned long
- __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size)
- {
+ ".section .fixup,\"ax\"\n"
+ "101: lea 0(%%eax,%0,4),%0\n"
+ " jmp 100b\n"
+@@ -339,41 +452,41 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size)
int d0, d1;
__asm__ __volatile__(
" .align 2,0x90\n"
@@ -22905,7 +22484,7 @@ index e218d5d..a99a1eb 100644
" movl %%eax, 56(%3)\n"
" movl %%edx, 60(%3)\n"
" addl $-64, %0\n"
-@@ -385,9 +500,9 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size)
+@@ -385,9 +498,9 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size)
" shrl $2, %0\n"
" andl $3, %%eax\n"
" cld\n"
@@ -22917,15 +22496,7 @@ index e218d5d..a99a1eb 100644
"8:\n"
".section .fixup,\"ax\"\n"
"9: lea 0(%%eax,%0,4),%0\n"
-@@ -434,47 +549,49 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size)
- */
-
- static unsigned long __copy_user_zeroing_intel_nocache(void *to,
-+ const void __user *from, unsigned long size) __size_overflow(3);
-+static unsigned long __copy_user_zeroing_intel_nocache(void *to,
- const void __user *from, unsigned long size)
- {
- int d0, d1;
+@@ -440,41 +553,41 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to,
__asm__ __volatile__(
" .align 2,0x90\n"
@@ -22985,7 +22556,7 @@ index e218d5d..a99a1eb 100644
" movnti %%eax, 56(%3)\n"
" movnti %%edx, 60(%3)\n"
" addl $-64, %0\n"
-@@ -487,9 +604,9 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to,
+@@ -487,9 +600,9 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to,
" shrl $2, %0\n"
" andl $3, %%eax\n"
" cld\n"
@@ -22997,15 +22568,7 @@ index e218d5d..a99a1eb 100644
"8:\n"
".section .fixup,\"ax\"\n"
"9: lea 0(%%eax,%0,4),%0\n"
-@@ -531,47 +648,49 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to,
- }
-
- static unsigned long __copy_user_intel_nocache(void *to,
-+ const void __user *from, unsigned long size) __size_overflow(3);
-+static unsigned long __copy_user_intel_nocache(void *to,
- const void __user *from, unsigned long size)
- {
- int d0, d1;
+@@ -537,41 +650,41 @@ static unsigned long __copy_user_intel_nocache(void *to,
__asm__ __volatile__(
" .align 2,0x90\n"
@@ -23065,7 +22628,7 @@ index e218d5d..a99a1eb 100644
" movnti %%eax, 56(%3)\n"
" movnti %%edx, 60(%3)\n"
" addl $-64, %0\n"
-@@ -584,9 +703,9 @@ static unsigned long __copy_user_intel_nocache(void *to,
+@@ -584,9 +697,9 @@ static unsigned long __copy_user_intel_nocache(void *to,
" shrl $2, %0\n"
" andl $3, %%eax\n"
" cld\n"
@@ -23077,7 +22640,7 @@ index e218d5d..a99a1eb 100644
"8:\n"
".section .fixup,\"ax\"\n"
"9: lea 0(%%eax,%0,4),%0\n"
-@@ -629,32 +748,36 @@ static unsigned long __copy_user_intel_nocache(void *to,
+@@ -629,32 +742,36 @@ static unsigned long __copy_user_intel_nocache(void *to,
*/
unsigned long __copy_user_zeroing_intel(void *to, const void __user *from,
unsigned long size);
@@ -23119,7 +22682,7 @@ index e218d5d..a99a1eb 100644
".section .fixup,\"ax\"\n" \
"5: addl %3,%0\n" \
" jmp 2b\n" \
-@@ -682,14 +805,14 @@ do { \
+@@ -682,14 +799,14 @@ do { \
" negl %0\n" \
" andl $7,%0\n" \
" subl %0,%3\n" \
@@ -23137,7 +22700,7 @@ index e218d5d..a99a1eb 100644
"2:\n" \
".section .fixup,\"ax\"\n" \
"5: addl %3,%0\n" \
-@@ -775,9 +898,9 @@ survive:
+@@ -775,9 +892,9 @@ survive:
}
#endif
if (movsl_is_ok(to, from, n))
@@ -23149,7 +22712,7 @@ index e218d5d..a99a1eb 100644
return n;
}
EXPORT_SYMBOL(__copy_to_user_ll);
-@@ -797,10 +920,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from,
+@@ -797,10 +914,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from,
unsigned long n)
{
if (movsl_is_ok(to, from, n))
@@ -23162,7 +22725,7 @@ index e218d5d..a99a1eb 100644
return n;
}
EXPORT_SYMBOL(__copy_from_user_ll_nozero);
-@@ -827,65 +949,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr
+@@ -827,65 +943,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr
if (n > 64 && cpu_has_xmm2)
n = __copy_user_intel_nocache(to, from, n);
else
@@ -23330,7 +22893,7 @@ index b7c2849..8633ad8 100644
char c;
unsigned zero_len;
diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c
-index d0474ad..36e9257 100644
+index 1fb85db..8b3540b 100644
--- a/arch/x86/mm/extable.c
+++ b/arch/x86/mm/extable.c
@@ -8,7 +8,7 @@ int fixup_exception(struct pt_regs *regs)
@@ -23343,7 +22906,7 @@ index d0474ad..36e9257 100644
extern u32 pnp_bios_is_utter_crap;
pnp_bios_is_utter_crap = 1;
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index 5db0490..2ddce45 100644
+index f0b4caf..d92fd42 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -13,11 +13,18 @@
@@ -23545,7 +23108,7 @@ index 5db0490..2ddce45 100644
printk(KERN_ALERT "BUG: unable to handle kernel ");
if (address < PAGE_SIZE)
printk(KERN_CONT "NULL pointer dereference");
-@@ -739,6 +820,21 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
+@@ -748,6 +829,21 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
}
#endif
@@ -23567,7 +23130,7 @@ index 5db0490..2ddce45 100644
if (unlikely(show_unhandled_signals))
show_signal_msg(regs, error_code, address, tsk);
-@@ -835,7 +931,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
+@@ -844,7 +940,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) {
printk(KERN_ERR
"MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n",
@@ -23576,7 +23139,7 @@ index 5db0490..2ddce45 100644
code = BUS_MCEERR_AR;
}
#endif
-@@ -890,6 +986,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
+@@ -900,6 +996,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
return 1;
}
@@ -23676,7 +23239,7 @@ index 5db0490..2ddce45 100644
/*
* Handle a spurious fault caused by a stale TLB entry.
*
-@@ -962,6 +1151,9 @@ int show_unhandled_signals = 1;
+@@ -972,6 +1161,9 @@ int show_unhandled_signals = 1;
static inline int
access_error(unsigned long error_code, struct vm_area_struct *vma)
{
@@ -23686,7 +23249,7 @@ index 5db0490..2ddce45 100644
if (error_code & PF_WRITE) {
/* write, present and write, not present: */
if (unlikely(!(vma->vm_flags & VM_WRITE)))
-@@ -995,18 +1187,32 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1005,18 +1197,32 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
{
struct vm_area_struct *vma;
struct task_struct *tsk;
@@ -23724,7 +23287,7 @@ index 5db0490..2ddce45 100644
/*
* Detect and handle instructions that would cause a page fault for
-@@ -1067,7 +1273,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1077,7 +1283,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
* User-mode registers count as a user access even for any
* potential system fault or CPU buglet:
*/
@@ -23733,7 +23296,7 @@ index 5db0490..2ddce45 100644
local_irq_enable();
error_code |= PF_USER;
} else {
-@@ -1122,6 +1328,11 @@ retry:
+@@ -1132,6 +1338,11 @@ retry:
might_sleep();
}
@@ -23745,7 +23308,7 @@ index 5db0490..2ddce45 100644
vma = find_vma(mm, address);
if (unlikely(!vma)) {
bad_area(regs, error_code, address);
-@@ -1133,18 +1344,24 @@ retry:
+@@ -1143,18 +1354,24 @@ retry:
bad_area(regs, error_code, address);
return;
}
@@ -23781,7 +23344,7 @@ index 5db0490..2ddce45 100644
if (unlikely(expand_stack(vma, address))) {
bad_area(regs, error_code, address);
return;
-@@ -1199,3 +1416,292 @@ good_area:
+@@ -1209,3 +1426,292 @@ good_area:
up_read(&mm->mmap_sem);
}
@@ -24104,7 +23667,7 @@ index f4f29b1..5cac4fb 100644
return (void *)vaddr;
diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c
-index f581a18..29efd37 100644
+index 8ecbb4b..29efd37 100644
--- a/arch/x86/mm/hugetlbpage.c
+++ b/arch/x86/mm/hugetlbpage.c
@@ -266,13 +266,20 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file,
@@ -24180,7 +23743,7 @@ index f581a18..29efd37 100644
/* don't allow allocations above current base */
if (mm->free_area_cache > base)
-@@ -321,64 +328,63 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
+@@ -321,66 +328,63 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file,
largest_hole = 0;
mm->free_area_cache = base;
}
@@ -24200,13 +23763,15 @@ index f581a18..29efd37 100644
* Lookup failure means no vma is above this address,
* i.e. return with success:
- */
-- if (!(vma = find_vma_prev(mm, addr, &prev_vma)))
+- vma = find_vma(mm, addr);
+- if (!vma)
- return addr;
-
- /*
* new region fits between prev_vma->vm_end and
* vma->vm_start, use it:
*/
+- prev_vma = vma->vm_prev;
- if (addr + len <= vma->vm_start &&
- (!prev_vma || (addr >= prev_vma->vm_end))) {
+ if (check_heap_stack_gap(vma, addr, len)) {
@@ -24275,7 +23840,7 @@ index f581a18..29efd37 100644
mm->cached_hole_size = ~0UL;
addr = hugetlb_get_unmapped_area_bottomup(file, addr0,
len, pgoff, flags);
-@@ -386,6 +392,7 @@ fail:
+@@ -388,6 +392,7 @@ fail:
/*
* Restore the topdown base:
*/
@@ -24283,7 +23848,7 @@ index f581a18..29efd37 100644
mm->free_area_cache = base;
mm->cached_hole_size = ~0UL;
-@@ -399,10 +406,19 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+@@ -401,10 +406,19 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
struct hstate *h = hstate_file(file);
struct mm_struct *mm = current->mm;
struct vm_area_struct *vma;
@@ -24304,7 +23869,7 @@ index f581a18..29efd37 100644
return -ENOMEM;
if (flags & MAP_FIXED) {
-@@ -414,8 +430,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+@@ -416,8 +430,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
if (addr) {
addr = ALIGN(addr, huge_page_size(h));
vma = find_vma(mm, addr);
@@ -24315,18 +23880,18 @@ index f581a18..29efd37 100644
}
if (mm->get_unmapped_area == arch_get_unmapped_area)
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index 87488b9..399f416 100644
+index 6cabf65..77e9c1c 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
-@@ -15,6 +15,7 @@
- #include <asm/tlbflush.h>
+@@ -17,6 +17,7 @@
#include <asm/tlb.h>
#include <asm/proto.h>
+ #include <asm/dma.h> /* for MAX_DMA_PFN */
+#include <asm/desc.h>
unsigned long __initdata pgt_buf_start;
unsigned long __meminitdata pgt_buf_end;
-@@ -31,7 +32,7 @@ int direct_gbpages
+@@ -33,7 +34,7 @@ int direct_gbpages
static void __init find_early_table_space(unsigned long end, int use_pse,
int use_gbpages)
{
@@ -24335,7 +23900,7 @@ index 87488b9..399f416 100644
phys_addr_t base;
puds = (end + PUD_SIZE - 1) >> PUD_SHIFT;
-@@ -312,8 +313,29 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
+@@ -314,8 +315,29 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
*/
int devmem_is_allowed(unsigned long pagenr)
{
@@ -24366,7 +23931,7 @@ index 87488b9..399f416 100644
if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
return 0;
if (!page_is_ram(pagenr))
-@@ -372,6 +394,86 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+@@ -374,6 +396,86 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
void free_initmem(void)
{
@@ -24454,7 +24019,7 @@ index 87488b9..399f416 100644
(unsigned long)(&__init_begin),
(unsigned long)(&__init_end));
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
-index 29f7c6d..b46b35b 100644
+index 8663f6c..829ae76 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -74,36 +74,6 @@ static __init void *alloc_low_page(void)
@@ -24647,7 +24212,7 @@ index 29f7c6d..b46b35b 100644
prot = PAGE_KERNEL_EXEC;
pages_4k++;
-@@ -472,7 +473,7 @@ void __init native_pagetable_setup_start(pgd_t *base)
+@@ -466,7 +467,7 @@ void __init native_pagetable_setup_start(pgd_t *base)
pud = pud_offset(pgd, va);
pmd = pmd_offset(pud, va);
@@ -24656,7 +24221,7 @@ index 29f7c6d..b46b35b 100644
break;
pte = pte_offset_kernel(pmd, va);
-@@ -524,12 +525,10 @@ void __init early_ioremap_page_table_range_init(void)
+@@ -518,12 +519,10 @@ void __init early_ioremap_page_table_range_init(void)
static void __init pagetable_init(void)
{
@@ -24671,7 +24236,7 @@ index 29f7c6d..b46b35b 100644
EXPORT_SYMBOL_GPL(__supported_pte_mask);
/* user-defined highmem size */
-@@ -757,6 +756,12 @@ void __init mem_init(void)
+@@ -735,6 +734,12 @@ void __init mem_init(void)
pci_iommu_alloc();
@@ -24684,8 +24249,8 @@ index 29f7c6d..b46b35b 100644
#ifdef CONFIG_FLATMEM
BUG_ON(!mem_map);
#endif
-@@ -774,7 +779,7 @@ void __init mem_init(void)
- set_highmem_pages_init();
+@@ -761,7 +766,7 @@ void __init mem_init(void)
+ reservedpages++;
codesize = (unsigned long) &_etext - (unsigned long) &_text;
- datasize = (unsigned long) &_edata - (unsigned long) &_etext;
@@ -24693,7 +24258,7 @@ index 29f7c6d..b46b35b 100644
initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin;
printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, "
-@@ -815,10 +820,10 @@ void __init mem_init(void)
+@@ -802,10 +807,10 @@ void __init mem_init(void)
((unsigned long)&__init_end -
(unsigned long)&__init_begin) >> 10,
@@ -24707,7 +24272,7 @@ index 29f7c6d..b46b35b 100644
((unsigned long)&_etext - (unsigned long)&_text) >> 10);
/*
-@@ -896,6 +901,7 @@ void set_kernel_text_rw(void)
+@@ -883,6 +888,7 @@ void set_kernel_text_rw(void)
if (!kernel_set_to_readonly)
return;
@@ -24715,7 +24280,7 @@ index 29f7c6d..b46b35b 100644
pr_debug("Set kernel text: %lx - %lx for read write\n",
start, start+size);
-@@ -910,6 +916,7 @@ void set_kernel_text_ro(void)
+@@ -897,6 +903,7 @@ void set_kernel_text_ro(void)
if (!kernel_set_to_readonly)
return;
@@ -24723,7 +24288,7 @@ index 29f7c6d..b46b35b 100644
pr_debug("Set kernel text: %lx - %lx for read only\n",
start, start+size);
-@@ -938,6 +945,7 @@ void mark_rodata_ro(void)
+@@ -925,6 +932,7 @@ void mark_rodata_ro(void)
unsigned long start = PFN_ALIGN(_text);
unsigned long size = PFN_ALIGN(_etext) - start;
@@ -24732,7 +24297,7 @@ index 29f7c6d..b46b35b 100644
printk(KERN_INFO "Write protecting the kernel text: %luk\n",
size >> 10);
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
-index bbaaa00..796fa65 100644
+index 436a030..b8596b9 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -75,7 +75,7 @@ early_param("gbpages", parse_direct_gbpages_on);
@@ -24831,7 +24396,7 @@ index bbaaa00..796fa65 100644
adr = (void *)(((unsigned long)adr) | left);
return adr;
-@@ -693,6 +707,12 @@ void __init mem_init(void)
+@@ -684,6 +698,12 @@ void __init mem_init(void)
pci_iommu_alloc();
@@ -24844,7 +24409,7 @@ index bbaaa00..796fa65 100644
/* clear_bss() already clear the empty_zero_page */
reservedpages = 0;
-@@ -853,8 +873,8 @@ int kern_addr_valid(unsigned long addr)
+@@ -844,8 +864,8 @@ int kern_addr_valid(unsigned long addr)
static struct vm_area_struct gate_vma = {
.vm_start = VSYSCALL_START,
.vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE),
@@ -24855,7 +24420,7 @@ index bbaaa00..796fa65 100644
};
struct vm_area_struct *get_gate_vma(struct mm_struct *mm)
-@@ -888,7 +908,7 @@ int in_gate_area_no_mm(unsigned long addr)
+@@ -879,7 +899,7 @@ int in_gate_area_no_mm(unsigned long addr)
const char *arch_vma_name(struct vm_area_struct *vma)
{
@@ -25024,7 +24589,7 @@ index 845df68..1d8d29f 100644
mm->unmap_area = arch_unmap_area_topdown;
}
diff --git a/arch/x86/mm/mmio-mod.c b/arch/x86/mm/mmio-mod.c
-index de54b9b..799051e 100644
+index dc0b727..dc9d71a 100644
--- a/arch/x86/mm/mmio-mod.c
+++ b/arch/x86/mm/mmio-mod.c
@@ -194,7 +194,7 @@ static void pre(struct kmmio_probe *p, struct pt_regs *regs,
@@ -25068,7 +24633,7 @@ index b008656..773eac2 100644
struct split_state {
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
-index f9e5267..77b1a40 100644
+index e1ebde3..b1e1db38 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -261,7 +261,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
@@ -25812,7 +25377,7 @@ index cb29191..036766d 100644
return 1;
}
diff --git a/arch/x86/pci/pcbios.c b/arch/x86/pci/pcbios.c
-index db0e9a5..0372c14 100644
+index da8fe05..7ee6704 100644
--- a/arch/x86/pci/pcbios.c
+++ b/arch/x86/pci/pcbios.c
@@ -79,50 +79,93 @@ union bios32 {
@@ -26341,7 +25906,7 @@ index 4c07cca..2c8427d 100644
ret
ENDPROC(efi_call6)
diff --git a/arch/x86/platform/mrst/mrst.c b/arch/x86/platform/mrst/mrst.c
-index ad4ec1c..686479e 100644
+index 475e2cd..1b8e708 100644
--- a/arch/x86/platform/mrst/mrst.c
+++ b/arch/x86/platform/mrst/mrst.c
@@ -76,18 +76,20 @@ struct sfi_rtc_table_entry sfi_mrtc_array[SFI_MRTC_MAX];
@@ -26367,28 +25932,6 @@ index ad4ec1c..686479e 100644
}
/* parse all the mtimer info to a static mtimer array */
-diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c
-index 81aee5a..9ad9aae 100644
---- a/arch/x86/platform/uv/tlb_uv.c
-+++ b/arch/x86/platform/uv/tlb_uv.c
-@@ -1433,6 +1433,8 @@ static ssize_t tunables_read(struct file *file, char __user *userbuf,
- * 0: display meaning of the statistics
- */
- static ssize_t ptc_proc_write(struct file *file, const char __user *user,
-+ size_t count, loff_t *data) __size_overflow(3);
-+static ssize_t ptc_proc_write(struct file *file, const char __user *user,
- size_t count, loff_t *data)
- {
- int cpu;
-@@ -1548,6 +1550,8 @@ static int parse_tunables_write(struct bau_control *bcp, char *instr,
- * Handle a write to debugfs. (/sys/kernel/debug/sgi_uv/bau_tunables)
- */
- static ssize_t tunables_write(struct file *file, const char __user *user,
-+ size_t count, loff_t *data) __size_overflow(3);
-+static ssize_t tunables_write(struct file *file, const char __user *user,
- size_t count, loff_t *data)
- {
- int cpu;
diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c
index f10c0af..3ec1f95 100644
--- a/arch/x86/power/cpu.c
@@ -26585,7 +26128,7 @@ index 153407c..611cba9 100644
-}
-__setup("vdso=", vdso_setup);
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
-index 1f92865..c843b20 100644
+index 4172af8..2c8ed7f 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
@@ -85,8 +85,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
@@ -26597,7 +26140,7 @@ index 1f92865..c843b20 100644
RESERVE_BRK(shared_info_page_brk, PAGE_SIZE);
__read_mostly int xen_have_vector_callback;
EXPORT_SYMBOL_GPL(xen_have_vector_callback);
-@@ -1029,7 +1027,7 @@ static const struct pv_apic_ops xen_apic_ops __initconst = {
+@@ -1029,30 +1027,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = {
#endif
};
@@ -26606,8 +26149,10 @@ index 1f92865..c843b20 100644
{
struct sched_shutdown r = { .reason = reason };
-@@ -1037,17 +1035,17 @@ static void xen_reboot(int reason)
- BUG();
+- if (HYPERVISOR_sched_op(SCHEDOP_shutdown, &r))
+- BUG();
++ HYPERVISOR_sched_op(SCHEDOP_shutdown, &r);
++ BUG();
}
-static void xen_restart(char *msg)
@@ -26627,7 +26172,13 @@ index 1f92865..c843b20 100644
{
xen_reboot(SHUTDOWN_poweroff);
}
-@@ -1153,7 +1151,17 @@ asmlinkage void __init xen_start_kernel(void)
+
+-static void xen_machine_power_off(void)
++static __noreturn void xen_machine_power_off(void)
+ {
+ if (pm_power_off)
+ pm_power_off();
+@@ -1155,7 +1153,17 @@ asmlinkage void __init xen_start_kernel(void)
__userpte_alloc_gfp &= ~__GFP_HIGHMEM;
/* Work out if we support NX */
@@ -26646,7 +26197,7 @@ index 1f92865..c843b20 100644
xen_setup_features();
-@@ -1184,13 +1192,6 @@ asmlinkage void __init xen_start_kernel(void)
+@@ -1186,13 +1194,6 @@ asmlinkage void __init xen_start_kernel(void)
machine_ops = xen_machine_ops;
@@ -26661,7 +26212,7 @@ index 1f92865..c843b20 100644
#ifdef CONFIG_ACPI_NUMA
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
-index 87f6673..e2555a6 100644
+index 95c1cf6..4bfa5be 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -1733,6 +1733,9 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd,
@@ -26686,7 +26237,7 @@ index 87f6673..e2555a6 100644
set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
-@@ -1962,6 +1969,7 @@ static void __init xen_post_allocator_init(void)
+@@ -1958,6 +1965,7 @@ static void __init xen_post_allocator_init(void)
pv_mmu_ops.set_pud = xen_set_pud;
#if PAGETABLE_LEVELS == 4
pv_mmu_ops.set_pgd = xen_set_pgd;
@@ -26694,7 +26245,7 @@ index 87f6673..e2555a6 100644
#endif
/* This will work as long as patching hasn't happened yet
-@@ -2043,6 +2051,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
+@@ -2039,6 +2047,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
.pud_val = PV_CALLEE_SAVE(xen_pud_val),
.make_pud = PV_CALLEE_SAVE(xen_make_pud),
.set_pgd = xen_set_pgd_hyper,
@@ -26703,7 +26254,7 @@ index 87f6673..e2555a6 100644
.alloc_pud = xen_alloc_pmd_init,
.release_pud = xen_release_pmd_init,
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
-index 041d4fe..7666b7e 100644
+index 501d4e0..e877605 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
@@ -194,11 +194,6 @@ static void __init xen_smp_prepare_boot_cpu(void)
@@ -26911,7 +26462,7 @@ index 1366a89..e17f54b 100644
struct list_head *cpu_list, local_list;
diff --git a/block/bsg.c b/block/bsg.c
-index c0ab25c..9d49f8f 100644
+index ff64ae3..593560c 100644
--- a/block/bsg.c
+++ b/block/bsg.c
@@ -176,16 +176,24 @@ static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq,
@@ -26942,7 +26493,7 @@ index c0ab25c..9d49f8f 100644
if (blk_verify_command(rq->cmd, has_write_perm))
return -EPERM;
diff --git a/block/compat_ioctl.c b/block/compat_ioctl.c
-index 7b72502..646105c 100644
+index 7c668c8..db3521c 100644
--- a/block/compat_ioctl.c
+++ b/block/compat_ioctl.c
@@ -340,7 +340,7 @@ static int compat_fd_ioctl(struct block_device *bdev, fmode_t mode,
@@ -26954,8 +26505,33 @@ index 7b72502..646105c 100644
if (err) {
err = -EFAULT;
goto out;
+diff --git a/block/partitions/efi.c b/block/partitions/efi.c
+index 6296b40..417c00f 100644
+--- a/block/partitions/efi.c
++++ b/block/partitions/efi.c
+@@ -234,14 +234,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state,
+ if (!gpt)
+ return NULL;
+
++ if (!le32_to_cpu(gpt->num_partition_entries))
++ return NULL;
++ pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL);
++ if (!pte)
++ return NULL;
++
+ count = le32_to_cpu(gpt->num_partition_entries) *
+ le32_to_cpu(gpt->sizeof_partition_entry);
+- if (!count)
+- return NULL;
+- pte = kzalloc(count, GFP_KERNEL);
+- if (!pte)
+- return NULL;
+-
+ if (read_lba(state, le64_to_cpu(gpt->partition_entry_lba),
+ (u8 *) pte,
+ count) < count) {
diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
-index 688be8a..8a37d98 100644
+index 260fa80..e8f3caf 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -223,8 +223,20 @@ EXPORT_SYMBOL(blk_verify_command);
@@ -27009,91 +26585,6 @@ index 688be8a..8a37d98 100644
if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
goto error;
-diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
-index a0f768c..1da9c73 100644
---- a/crypto/ablkcipher.c
-+++ b/crypto/ablkcipher.c
-@@ -307,6 +307,8 @@ int ablkcipher_walk_phys(struct ablkcipher_request *req,
- EXPORT_SYMBOL_GPL(ablkcipher_walk_phys);
-
- static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key,
-+ unsigned int keylen) __size_overflow(3);
-+static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key,
- unsigned int keylen)
- {
- struct ablkcipher_alg *cipher = crypto_ablkcipher_alg(tfm);
-@@ -329,6 +331,8 @@ static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key,
- }
-
- static int setkey(struct crypto_ablkcipher *tfm, const u8 *key,
-+ unsigned int keylen) __size_overflow(3);
-+static int setkey(struct crypto_ablkcipher *tfm, const u8 *key,
- unsigned int keylen)
- {
- struct ablkcipher_alg *cipher = crypto_ablkcipher_alg(tfm);
-diff --git a/crypto/aead.c b/crypto/aead.c
-index 04add3dc..983032f 100644
---- a/crypto/aead.c
-+++ b/crypto/aead.c
-@@ -27,6 +27,8 @@
- #include "internal.h"
-
- static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key,
-+ unsigned int keylen) __size_overflow(3);
-+static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key,
- unsigned int keylen)
- {
- struct aead_alg *aead = crypto_aead_alg(tfm);
-@@ -48,6 +50,7 @@ static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key,
- return ret;
- }
-
-+static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen) __size_overflow(3);
- static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen)
- {
- struct aead_alg *aead = crypto_aead_alg(tfm);
-diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
-index 1e61d1a..cf06b86 100644
---- a/crypto/blkcipher.c
-+++ b/crypto/blkcipher.c
-@@ -359,6 +359,8 @@ int blkcipher_walk_virt_block(struct blkcipher_desc *desc,
- EXPORT_SYMBOL_GPL(blkcipher_walk_virt_block);
-
- static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key,
-+ unsigned int keylen) __size_overflow(3);
-+static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key,
- unsigned int keylen)
- {
- struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher;
-@@ -380,6 +382,7 @@ static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key,
- return ret;
- }
-
-+static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) __size_overflow(3);
- static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
- {
- struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher;
-diff --git a/crypto/cipher.c b/crypto/cipher.c
-index 39541e0..802d956 100644
---- a/crypto/cipher.c
-+++ b/crypto/cipher.c
-@@ -21,6 +21,8 @@
- #include "internal.h"
-
- static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key,
-+ unsigned int keylen) __size_overflow(3);
-+static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key,
- unsigned int keylen)
- {
- struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher;
-@@ -43,6 +45,7 @@ static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key,
-
- }
-
-+static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) __size_overflow(3);
- static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
- {
- struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher;
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 671d4d6..5f24030 100644
--- a/crypto/cryptd.c
@@ -27137,22 +26628,8 @@ index 5d41894..22021e4 100644
}
EXPORT_SYMBOL_GPL(cper_next_record_id);
-diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c
-index 7711d94..8622811 100644
---- a/drivers/acpi/battery.c
-+++ b/drivers/acpi/battery.c
-@@ -787,6 +787,9 @@ static int acpi_battery_print_alarm(struct seq_file *seq, int result)
-
- static ssize_t acpi_battery_write_alarm(struct file *file,
- const char __user * buffer,
-+ size_t count, loff_t * ppos) __size_overflow(3);
-+static ssize_t acpi_battery_write_alarm(struct file *file,
-+ const char __user * buffer,
- size_t count, loff_t * ppos)
- {
- int result = 0;
diff --git a/drivers/acpi/ec_sys.c b/drivers/acpi/ec_sys.c
-index 6c47ae9..abfdd63 100644
+index b258cab..3fb7da7 100644
--- a/drivers/acpi/ec_sys.c
+++ b/drivers/acpi/ec_sys.c
@@ -12,6 +12,7 @@
@@ -27243,10 +26720,10 @@ index 251c7b62..000462d 100644
bool enable = !device_may_wakeup(&dev->dev);
device_set_wakeup_enable(&dev->dev, enable);
diff --git a/drivers/acpi/processor_driver.c b/drivers/acpi/processor_driver.c
-index 9d7bc9f..a6fc091 100644
+index 8ae05ce..7dbbed9 100644
--- a/drivers/acpi/processor_driver.c
+++ b/drivers/acpi/processor_driver.c
-@@ -473,7 +473,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device)
+@@ -555,7 +555,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device)
return 0;
#endif
@@ -27255,25 +26732,11 @@ index 9d7bc9f..a6fc091 100644
/*
* Buggy BIOS check
-diff --git a/drivers/acpi/sbs.c b/drivers/acpi/sbs.c
-index 6e36d0c..f319944 100644
---- a/drivers/acpi/sbs.c
-+++ b/drivers/acpi/sbs.c
-@@ -655,6 +655,9 @@ static int acpi_battery_read_alarm(struct seq_file *seq, void *offset)
-
- static ssize_t
- acpi_battery_write_alarm(struct file *file, const char __user * buffer,
-+ size_t count, loff_t * ppos) __size_overflow(3);
-+static ssize_t
-+acpi_battery_write_alarm(struct file *file, const char __user * buffer,
- size_t count, loff_t * ppos)
- {
- struct seq_file *seq = file->private_data;
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index c04ad68..0b99473 100644
+index c06e0ec..a2c06ba 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
-@@ -4733,7 +4733,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
+@@ -4736,7 +4736,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
struct ata_port *ap;
unsigned int tag;
@@ -27282,7 +26745,7 @@ index c04ad68..0b99473 100644
ap = qc->ap;
qc->flags = 0;
-@@ -4749,7 +4749,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
+@@ -4752,7 +4752,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
struct ata_port *ap;
struct ata_link *link;
@@ -27291,7 +26754,7 @@ index c04ad68..0b99473 100644
WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
ap = qc->ap;
link = qc->dev->link;
-@@ -5754,6 +5754,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5816,6 +5816,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
return;
spin_lock(&lock);
@@ -27299,7 +26762,7 @@ index c04ad68..0b99473 100644
for (cur = ops->inherits; cur; cur = cur->inherits) {
void **inherit = (void **)cur;
-@@ -5767,8 +5768,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5829,8 +5830,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
if (IS_ERR(*pp))
*pp = NULL;
@@ -27311,7 +26774,7 @@ index c04ad68..0b99473 100644
}
diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c
-index e8574bb..f9f6a72 100644
+index 048589f..4002b98 100644
--- a/drivers/ata/pata_arasan_cf.c
+++ b/drivers/ata/pata_arasan_cf.c
@@ -862,7 +862,9 @@ static int __devinit arasan_cf_probe(struct platform_device *pdev)
@@ -27587,7 +27050,7 @@ index 361f5ae..7fc552d 100644
fore200e->tx_sat++;
DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n",
diff --git a/drivers/atm/he.c b/drivers/atm/he.c
-index 9a51df4..f3bb5f8 100644
+index b182c2f..1c6fa8a 100644
--- a/drivers/atm/he.c
+++ b/drivers/atm/he.c
@@ -1709,7 +1709,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
@@ -27852,7 +27315,7 @@ index 1c05212..c28e200 100644
}
atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc);
diff --git a/drivers/atm/iphase.c b/drivers/atm/iphase.c
-index 3d0c2b0..45441fa 100644
+index 9e373ba..cf93727 100644
--- a/drivers/atm/iphase.c
+++ b/drivers/atm/iphase.c
@@ -1146,7 +1146,7 @@ static int rx_pkt(struct atm_dev *dev)
@@ -27879,8 +27342,8 @@ index 3d0c2b0..45441fa 100644
{
- atomic_inc(&vcc->stats->rx_err);
+ atomic_inc_unchecked(&vcc->stats->rx_err);
+ atm_return(vcc, skb->truesize);
dev_kfree_skb_any(skb);
- atm_return(vcc, atm_guess_pdu2truesize(len));
goto INCR_DLE;
@@ -1331,7 +1331,7 @@ static void rx_dle_intr(struct atm_dev *dev)
if ((length > iadev->rx_buf_sz) || (length >
@@ -27890,7 +27353,7 @@ index 3d0c2b0..45441fa 100644
+ atomic_inc_unchecked(&vcc->stats->rx_err);
IF_ERR(printk("rx_dle_intr: Bad AAL5 trailer %d (skb len %d)",
length, skb->len);)
- dev_kfree_skb_any(skb);
+ atm_return(vcc, skb->truesize);
@@ -1347,7 +1347,7 @@ static void rx_dle_intr(struct atm_dev *dev)
IF_RX(printk("rx_dle_intr: skb push");)
@@ -28215,7 +27678,7 @@ index 1c70c45..300718d 100644
}
diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c
-index 5d1d076..12fbca4 100644
+index e8cd652..bbbd1fc 100644
--- a/drivers/atm/solos-pci.c
+++ b/drivers/atm/solos-pci.c
@@ -714,7 +714,7 @@ void solos_bh(unsigned long card_arg)
@@ -28331,7 +27794,7 @@ index d889f56..17eb71e 100644
}
diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c
-index a4760e0..51283cf 100644
+index 8493536..31adee0 100644
--- a/drivers/base/devtmpfs.c
+++ b/drivers/base/devtmpfs.c
@@ -368,7 +368,7 @@ int devtmpfs_mount(const char *mntdir)
@@ -28656,7 +28119,7 @@ index be73e9d..7fbf140 100644
cmdlist_t *reqQ;
cmdlist_t *cmpQ;
diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h
-index 9cf2035..bffca95 100644
+index 8d68056..e67050f 100644
--- a/drivers/block/drbd/drbd_int.h
+++ b/drivers/block/drbd/drbd_int.h
@@ -736,7 +736,7 @@ struct drbd_request;
@@ -28717,7 +28180,7 @@ index 9cf2035..bffca95 100644
void drbd_bump_write_ordering(struct drbd_conf *mdev, enum write_ordering_e wo);
diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
-index 0358e55..bc33689 100644
+index 211fc44..c5116f1 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
@@ -2397,7 +2397,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packets cmd,
@@ -28897,10 +28360,10 @@ index 43beaca..4a5b1dd 100644
}
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
-index 1e888c9..05cf1b0 100644
+index cd50435..ba1ffb5 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
-@@ -227,7 +227,7 @@ static int __do_lo_send_write(struct file *file,
+@@ -226,7 +226,7 @@ static int __do_lo_send_write(struct file *file,
mm_segment_t old_fs = get_fs();
set_fs(get_ds());
@@ -29049,7 +28512,7 @@ index 58c0e63..46c16bf 100644
intf->proc_dir = NULL;
diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
-index 9397ab4..d01bee1 100644
+index 50fcf9c..91b5528 100644
--- a/drivers/char/ipmi/ipmi_si_intf.c
+++ b/drivers/char/ipmi/ipmi_si_intf.c
@@ -277,7 +277,7 @@ struct smi_info {
@@ -29096,7 +28559,7 @@ index 1aeaaba..e018570 100644
.part_num = MBCS_PART_NUM,
.mfg_num = MBCS_MFG_NUM,
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 1451790..f705c30 100644
+index d6e9d08..4493e89 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -18,6 +18,7 @@
@@ -29245,7 +28708,7 @@ index da3cfee..a5a6606 100644
*ppos = i;
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 6035ab8..bdfe4fd 100644
+index 54ca8b2..d58cb51 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -261,8 +261,13 @@
@@ -29280,7 +28743,7 @@ index 6035ab8..bdfe4fd 100644
#if 0
/* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */
{ 2048, 1638, 1231, 819, 411, 1 },
-@@ -909,7 +921,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+@@ -913,7 +925,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
extract_buf(r, tmp);
i = min_t(int, nbytes, EXTRACT_SIZE);
@@ -29289,7 +28752,7 @@ index 6035ab8..bdfe4fd 100644
ret = -EFAULT;
break;
}
-@@ -1228,7 +1240,7 @@ EXPORT_SYMBOL(generate_random_uuid);
+@@ -1238,7 +1250,7 @@ EXPORT_SYMBOL(generate_random_uuid);
#include <linux/sysctl.h>
static int min_read_thresh = 8, min_write_thresh;
@@ -29341,10 +28804,10 @@ index 1ee8ce7..b778bef 100644
return 0;
diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c
-index 361a1df..2471eee 100644
+index 32362cf..32a96e9 100644
--- a/drivers/char/tpm/tpm.c
+++ b/drivers/char/tpm/tpm.c
-@@ -414,7 +414,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
+@@ -415,7 +415,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf,
chip->vendor.req_complete_val)
goto out_recv;
@@ -29401,7 +28864,7 @@ index 0636520..169c1d0 100644
acpi_os_unmap_memory(virt, len);
return 0;
diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
-index 8e3c46d..c139b99 100644
+index b58b561..c9088c8 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -563,7 +563,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count,
@@ -29422,19 +28885,6 @@ index 8e3c46d..c139b99 100644
}
static ssize_t port_fops_write(struct file *filp, const char __user *ubuf,
-diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c
-index eb1d864..39ee5a7 100644
---- a/drivers/dma/dmatest.c
-+++ b/drivers/dma/dmatest.c
-@@ -591,7 +591,7 @@ static int dmatest_add_channel(struct dma_chan *chan)
- }
- if (dma_has_cap(DMA_PQ, dma_dev->cap_mask)) {
- cnt = dmatest_add_threads(dtc, DMA_PQ);
-- thread_count += cnt > 0 ?: 0;
-+ thread_count += cnt > 0 ? cnt : 0;
- }
-
- pr_info("dmatest: Started %u threads using %s\n",
diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
index c9eee6d..f9d5280 100644
--- a/drivers/edac/amd64_edac.c
@@ -29488,7 +28938,7 @@ index 6ffb6d2..383d8d7 100644
PCI_VEND_DEV(INTEL, 7205_0), PCI_ANY_ID, PCI_ANY_ID, 0, 0,
E7205},
diff --git a/drivers/edac/edac_pci_sysfs.c b/drivers/edac/edac_pci_sysfs.c
-index 495198a..ac08c85 100644
+index 97f5064..202b6e6 100644
--- a/drivers/edac/edac_pci_sysfs.c
+++ b/drivers/edac/edac_pci_sysfs.c
@@ -26,8 +26,8 @@ static int edac_pci_log_pe = 1; /* log PCI parity errors */
@@ -29588,10 +29038,10 @@ index c0510b3..6e2a954 100644
PCI_VEND_DEV(INTEL, 3000_HB), PCI_ANY_ID, PCI_ANY_ID, 0, 0,
I3000},
diff --git a/drivers/edac/i3200_edac.c b/drivers/edac/i3200_edac.c
-index aa08497..7e6822a 100644
+index 73f55e200..5faaf59 100644
--- a/drivers/edac/i3200_edac.c
+++ b/drivers/edac/i3200_edac.c
-@@ -456,7 +456,7 @@ static void __devexit i3200_remove_one(struct pci_dev *pdev)
+@@ -445,7 +445,7 @@ static void __devexit i3200_remove_one(struct pci_dev *pdev)
edac_mc_free(mci);
}
@@ -29653,7 +29103,7 @@ index 6104dba..e7ea8e1 100644
{0,} /* 0 terminated list. */
};
diff --git a/drivers/edac/i7core_edac.c b/drivers/edac/i7core_edac.c
-index 70ad892..178943c 100644
+index 8568d9b..42b2fa8 100644
--- a/drivers/edac/i7core_edac.c
+++ b/drivers/edac/i7core_edac.c
@@ -391,7 +391,7 @@ static const struct pci_id_table pci_dev_table[] = {
@@ -29705,10 +29155,10 @@ index 33864c6..01edc61 100644
PCI_VEND_DEV(INTEL, 82875_0), PCI_ANY_ID, PCI_ANY_ID, 0, 0,
I82875P},
diff --git a/drivers/edac/i82975x_edac.c b/drivers/edac/i82975x_edac.c
-index a5da732..983363b 100644
+index 4184e01..dcb2cd3 100644
--- a/drivers/edac/i82975x_edac.c
+++ b/drivers/edac/i82975x_edac.c
-@@ -604,7 +604,7 @@ static void __devexit i82975x_remove_one(struct pci_dev *pdev)
+@@ -612,7 +612,7 @@ static void __devexit i82975x_remove_one(struct pci_dev *pdev)
edac_mc_free(mci);
}
@@ -29731,7 +29181,7 @@ index 0106747..0b40417 100644
void amd_report_gart_errors(bool);
void amd_register_ecc_decoder(void (*f)(int, struct mce *));
diff --git a/drivers/edac/r82600_edac.c b/drivers/edac/r82600_edac.c
-index b153674..ad2ba9b 100644
+index e294e1b..a41b05b 100644
--- a/drivers/edac/r82600_edac.c
+++ b/drivers/edac/r82600_edac.c
@@ -373,7 +373,7 @@ static void __devexit r82600_remove_one(struct pci_dev *pdev)
@@ -29744,7 +29194,7 @@ index b153674..ad2ba9b 100644
PCI_DEVICE(PCI_VENDOR_ID_RADISYS, R82600_BRIDGE_ID)
},
diff --git a/drivers/edac/sb_edac.c b/drivers/edac/sb_edac.c
-index 7a402bf..af0b211 100644
+index 1dc118d..8c68af9 100644
--- a/drivers/edac/sb_edac.c
+++ b/drivers/edac/sb_edac.c
@@ -367,7 +367,7 @@ static const struct pci_id_table pci_dev_descr_sbridge_table[] = {
@@ -29846,7 +29296,7 @@ index 153980b..4b4d046 100644
iounmap(buf);
return 0;
diff --git a/drivers/gpio/gpio-vr41xx.c b/drivers/gpio/gpio-vr41xx.c
-index 98723cb..10ca85b 100644
+index 82d5c20..44a7177 100644
--- a/drivers/gpio/gpio-vr41xx.c
+++ b/drivers/gpio/gpio-vr41xx.c
@@ -204,7 +204,7 @@ static int giu_get_irq(unsigned int irq)
@@ -29858,107 +29308,11 @@ index 98723cb..10ca85b 100644
return -EINVAL;
}
-diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
-index 8323fc3..5c1d755 100644
---- a/drivers/gpu/drm/drm_crtc.c
-+++ b/drivers/gpu/drm/drm_crtc.c
-@@ -1379,7 +1379,7 @@ int drm_mode_getconnector(struct drm_device *dev, void *data,
- */
- if ((out_resp->count_modes >= mode_count) && mode_count) {
- copied = 0;
-- mode_ptr = (struct drm_mode_modeinfo *)(unsigned long)out_resp->modes_ptr;
-+ mode_ptr = (struct drm_mode_modeinfo __user *)(unsigned long)out_resp->modes_ptr;
- list_for_each_entry(mode, &connector->modes, head) {
- drm_crtc_convert_to_umode(&u_mode, mode);
- if (copy_to_user(mode_ptr + copied,
-@@ -1394,8 +1394,8 @@ int drm_mode_getconnector(struct drm_device *dev, void *data,
-
- if ((out_resp->count_props >= props_count) && props_count) {
- copied = 0;
-- prop_ptr = (uint32_t *)(unsigned long)(out_resp->props_ptr);
-- prop_values = (uint64_t *)(unsigned long)(out_resp->prop_values_ptr);
-+ prop_ptr = (uint32_t __user *)(unsigned long)(out_resp->props_ptr);
-+ prop_values = (uint64_t __user *)(unsigned long)(out_resp->prop_values_ptr);
- for (i = 0; i < DRM_CONNECTOR_MAX_PROPERTY; i++) {
- if (connector->property_ids[i] != 0) {
- if (put_user(connector->property_ids[i],
-@@ -1417,7 +1417,7 @@ int drm_mode_getconnector(struct drm_device *dev, void *data,
-
- if ((out_resp->count_encoders >= encoders_count) && encoders_count) {
- copied = 0;
-- encoder_ptr = (uint32_t *)(unsigned long)(out_resp->encoders_ptr);
-+ encoder_ptr = (uint32_t __user *)(unsigned long)(out_resp->encoders_ptr);
- for (i = 0; i < DRM_CONNECTOR_MAX_ENCODER; i++) {
- if (connector->encoder_ids[i] != 0) {
- if (put_user(connector->encoder_ids[i],
-@@ -1576,7 +1576,7 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data,
- }
-
- for (i = 0; i < crtc_req->count_connectors; i++) {
-- set_connectors_ptr = (uint32_t *)(unsigned long)crtc_req->set_connectors_ptr;
-+ set_connectors_ptr = (uint32_t __user *)(unsigned long)crtc_req->set_connectors_ptr;
- if (get_user(out_id, &set_connectors_ptr[i])) {
- ret = -EFAULT;
- goto out;
-@@ -1857,7 +1857,7 @@ int drm_mode_dirtyfb_ioctl(struct drm_device *dev,
- fb = obj_to_fb(obj);
-
- num_clips = r->num_clips;
-- clips_ptr = (struct drm_clip_rect *)(unsigned long)r->clips_ptr;
-+ clips_ptr = (struct drm_clip_rect __user *)(unsigned long)r->clips_ptr;
-
- if (!num_clips != !clips_ptr) {
- ret = -EINVAL;
-@@ -2283,7 +2283,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev,
- out_resp->flags = property->flags;
-
- if ((out_resp->count_values >= value_count) && value_count) {
-- values_ptr = (uint64_t *)(unsigned long)out_resp->values_ptr;
-+ values_ptr = (uint64_t __user *)(unsigned long)out_resp->values_ptr;
- for (i = 0; i < value_count; i++) {
- if (copy_to_user(values_ptr + i, &property->values[i], sizeof(uint64_t))) {
- ret = -EFAULT;
-@@ -2296,7 +2296,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev,
- if (property->flags & DRM_MODE_PROP_ENUM) {
- if ((out_resp->count_enum_blobs >= enum_count) && enum_count) {
- copied = 0;
-- enum_ptr = (struct drm_mode_property_enum *)(unsigned long)out_resp->enum_blob_ptr;
-+ enum_ptr = (struct drm_mode_property_enum __user *)(unsigned long)out_resp->enum_blob_ptr;
- list_for_each_entry(prop_enum, &property->enum_blob_list, head) {
-
- if (copy_to_user(&enum_ptr[copied].value, &prop_enum->value, sizeof(uint64_t))) {
-@@ -2319,7 +2319,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev,
- if ((out_resp->count_enum_blobs >= blob_count) && blob_count) {
- copied = 0;
- blob_id_ptr = (uint32_t *)(unsigned long)out_resp->enum_blob_ptr;
-- blob_length_ptr = (uint32_t *)(unsigned long)out_resp->values_ptr;
-+ blob_length_ptr = (uint32_t __user *)(unsigned long)out_resp->values_ptr;
-
- list_for_each_entry(prop_blob, &property->enum_blob_list, head) {
- if (put_user(prop_blob->base.id, blob_id_ptr + copied)) {
-@@ -2380,7 +2380,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev,
- struct drm_mode_get_blob *out_resp = data;
- struct drm_property_blob *blob;
- int ret = 0;
-- void *blob_ptr;
-+ void __user *blob_ptr;
-
- if (!drm_core_check_feature(dev, DRIVER_MODESET))
- return -EINVAL;
-@@ -2394,7 +2394,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev,
- blob = obj_to_blob(obj);
-
- if (out_resp->length == blob->length) {
-- blob_ptr = (void *)(unsigned long)out_resp->data;
-+ blob_ptr = (void __user *)(unsigned long)out_resp->data;
- if (copy_to_user(blob_ptr, blob->data, blob->length)){
- ret = -EFAULT;
- goto done;
diff --git a/drivers/gpu/drm/drm_crtc_helper.c b/drivers/gpu/drm/drm_crtc_helper.c
-index d2619d7..bd6bd00 100644
+index 84a4a80..ce0306e 100644
--- a/drivers/gpu/drm/drm_crtc_helper.c
+++ b/drivers/gpu/drm/drm_crtc_helper.c
-@@ -279,7 +279,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder,
+@@ -280,7 +280,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder,
struct drm_crtc *tmp;
int crtc_mask = 1;
@@ -29968,10 +29322,10 @@ index d2619d7..bd6bd00 100644
dev = crtc->dev;
diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
-index 40c187c..5746164 100644
+index ebf7d3f..d64c436 100644
--- a/drivers/gpu/drm/drm_drv.c
+++ b/drivers/gpu/drm/drm_drv.c
-@@ -308,7 +308,7 @@ module_exit(drm_core_exit);
+@@ -312,7 +312,7 @@ module_exit(drm_core_exit);
/**
* Copy and IOCTL return string to user space
*/
@@ -29980,7 +29334,7 @@ index 40c187c..5746164 100644
{
int len;
-@@ -387,7 +387,7 @@ long drm_ioctl(struct file *filp,
+@@ -391,7 +391,7 @@ long drm_ioctl(struct file *filp,
dev = file_priv->minor->dev;
atomic_inc(&dev->ioctl_count);
@@ -29990,7 +29344,7 @@ index 40c187c..5746164 100644
DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
-index 828bf65..cdaa0e9 100644
+index 6263b01..7987f55 100644
--- a/drivers/gpu/drm/drm_fops.c
+++ b/drivers/gpu/drm/drm_fops.c
@@ -71,7 +71,7 @@ static int drm_setup(struct drm_device * dev)
@@ -30018,12 +29372,16 @@ index 828bf65..cdaa0e9 100644
mutex_lock(&drm_global_mutex);
- DRM_DEBUG("open_count = %d\n", dev->open_count);
-+ DRM_DEBUG("open_count = %d\n", local_read(&dev->open_count));
++ DRM_DEBUG("open_count = %ld\n", local_read(&dev->open_count));
if (dev->driver->preclose)
dev->driver->preclose(dev, file_priv);
-@@ -485,7 +485,7 @@ int drm_release(struct inode *inode, struct file *filp)
- DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %d\n",
+@@ -482,10 +482,10 @@ int drm_release(struct inode *inode, struct file *filp)
+ * Begin inline drm_release
+ */
+
+- DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %d\n",
++ DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %ld\n",
task_pid_nr(current),
(long)old_encode_dev(file_priv->minor->device),
- dev->open_count);
@@ -30148,10 +29506,10 @@ index ab1162d..42587b2 100644
#if defined(__i386__)
pgprot = pgprot_val(vma->vm_page_prot);
diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c
-index ddd70db..40321e6 100644
+index 637fcc3..e890b33 100644
--- a/drivers/gpu/drm/drm_ioc32.c
+++ b/drivers/gpu/drm/drm_ioc32.c
-@@ -456,7 +456,7 @@ static int compat_drm_infobufs(struct file *file, unsigned int cmd,
+@@ -457,7 +457,7 @@ static int compat_drm_infobufs(struct file *file, unsigned int cmd,
request = compat_alloc_user_space(nbytes);
if (!access_ok(VERIFY_WRITE, request, nbytes))
return -EFAULT;
@@ -30160,7 +29518,7 @@ index ddd70db..40321e6 100644
if (__put_user(count, &request->count)
|| __put_user(list, &request->list))
-@@ -517,7 +517,7 @@ static int compat_drm_mapbufs(struct file *file, unsigned int cmd,
+@@ -518,7 +518,7 @@ static int compat_drm_mapbufs(struct file *file, unsigned int cmd,
request = compat_alloc_user_space(nbytes);
if (!access_ok(VERIFY_WRITE, request, nbytes))
return -EFAULT;
@@ -30170,10 +29528,10 @@ index ddd70db..40321e6 100644
if (__put_user(count, &request->count)
|| __put_user(list, &request->list))
diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c
-index 904d7e9..ab88581 100644
+index 956fd38..e52167a 100644
--- a/drivers/gpu/drm/drm_ioctl.c
+++ b/drivers/gpu/drm/drm_ioctl.c
-@@ -256,7 +256,7 @@ int drm_getstats(struct drm_device *dev, void *data,
+@@ -251,7 +251,7 @@ int drm_getstats(struct drm_device *dev, void *data,
stats->data[i].value =
(file_priv->master->lock.hw_lock ? file_priv->master->lock.hw_lock->lock : 0);
else
@@ -30183,10 +29541,10 @@ index 904d7e9..ab88581 100644
}
diff --git a/drivers/gpu/drm/drm_lock.c b/drivers/gpu/drm/drm_lock.c
-index 632ae24..244cf4a 100644
+index c79c713..2048588 100644
--- a/drivers/gpu/drm/drm_lock.c
+++ b/drivers/gpu/drm/drm_lock.c
-@@ -89,7 +89,7 @@ int drm_lock(struct drm_device *dev, void *data, struct drm_file *file_priv)
+@@ -90,7 +90,7 @@ int drm_lock(struct drm_device *dev, void *data, struct drm_file *file_priv)
if (drm_lock_take(&master->lock, lock->context)) {
master->lock.file_priv = file_priv;
master->lock.lock_time = jiffies;
@@ -30195,7 +29553,7 @@ index 632ae24..244cf4a 100644
break; /* Got lock */
}
-@@ -160,7 +160,7 @@ int drm_unlock(struct drm_device *dev, void *data, struct drm_file *file_priv)
+@@ -161,7 +161,7 @@ int drm_unlock(struct drm_device *dev, void *data, struct drm_file *file_priv)
return -EINVAL;
}
@@ -30205,10 +29563,10 @@ index 632ae24..244cf4a 100644
if (drm_lock_free(&master->lock, lock->context)) {
/* FIXME: Should really bail out here. */
diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810_dma.c
-index 8f371e8..9f85d52 100644
+index 7f4b4e1..bf4def2 100644
--- a/drivers/gpu/drm/i810/i810_dma.c
+++ b/drivers/gpu/drm/i810/i810_dma.c
-@@ -950,8 +950,8 @@ static int i810_dma_vertex(struct drm_device *dev, void *data,
+@@ -948,8 +948,8 @@ static int i810_dma_vertex(struct drm_device *dev, void *data,
dma->buflist[vertex->idx],
vertex->discard, vertex->used);
@@ -30219,7 +29577,7 @@ index 8f371e8..9f85d52 100644
sarea_priv->last_enqueue = dev_priv->counter - 1;
sarea_priv->last_dispatch = (int)hw_status[5];
-@@ -1111,8 +1111,8 @@ static int i810_dma_mc(struct drm_device *dev, void *data,
+@@ -1109,8 +1109,8 @@ static int i810_dma_mc(struct drm_device *dev, void *data,
i810_dma_dispatch_mc(dev, dma->buflist[mc->idx], mc->used,
mc->last_render);
@@ -30246,7 +29604,7 @@ index c9339f4..f5e1b9d 100644
int front_offset;
} drm_i810_private_t;
diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c
-index b2e3c97..58cf079 100644
+index deaa657..e0fd296 100644
--- a/drivers/gpu/drm/i915/i915_debugfs.c
+++ b/drivers/gpu/drm/i915/i915_debugfs.c
@@ -499,7 +499,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data)
@@ -30258,7 +29616,7 @@ index b2e3c97..58cf079 100644
for (i = 0; i < I915_NUM_RINGS; i++) {
if (IS_GEN6(dev) || IS_GEN7(dev)) {
seq_printf(m, "Graphics Interrupt mask (%s): %08x\n",
-@@ -1232,7 +1232,7 @@ static int i915_opregion(struct seq_file *m, void *unused)
+@@ -1321,7 +1321,7 @@ static int i915_opregion(struct seq_file *m, void *unused)
return ret;
if (opregion->header)
@@ -30268,10 +29626,10 @@ index b2e3c97..58cf079 100644
mutex_unlock(&dev->struct_mutex);
diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c
-index c4da951..3c59c5c 100644
+index ddfe3d9..f6e6b21 100644
--- a/drivers/gpu/drm/i915/i915_dma.c
+++ b/drivers/gpu/drm/i915/i915_dma.c
-@@ -1172,7 +1172,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -1175,7 +1175,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
bool can_switch;
spin_lock(&dev->count_lock);
@@ -30281,10 +29639,10 @@ index c4da951..3c59c5c 100644
return can_switch;
}
diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
-index ae294a0..1755461 100644
+index 9689ca3..294f9c1 100644
--- a/drivers/gpu/drm/i915/i915_drv.h
+++ b/drivers/gpu/drm/i915/i915_drv.h
-@@ -229,7 +229,7 @@ struct drm_i915_display_funcs {
+@@ -231,7 +231,7 @@ struct drm_i915_display_funcs {
/* render clock increase/decrease */
/* display clock increase/decrease */
/* pll clock increase/decrease */
@@ -30293,7 +29651,7 @@ index ae294a0..1755461 100644
struct intel_device_info {
u8 gen;
-@@ -318,7 +318,7 @@ typedef struct drm_i915_private {
+@@ -320,7 +320,7 @@ typedef struct drm_i915_private {
int current_page;
int page_flipping;
@@ -30302,7 +29660,7 @@ index ae294a0..1755461 100644
/* protects the irq masks */
spinlock_t irq_lock;
-@@ -893,7 +893,7 @@ struct drm_i915_gem_object {
+@@ -896,7 +896,7 @@ struct drm_i915_gem_object {
* will be page flipped away on the next vblank. When it
* reaches 0, dev_priv->pending_flip_queue will be woken up.
*/
@@ -30311,7 +29669,7 @@ index ae294a0..1755461 100644
};
#define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base)
-@@ -1273,7 +1273,7 @@ extern int intel_setup_gmbus(struct drm_device *dev);
+@@ -1276,7 +1276,7 @@ extern int intel_setup_gmbus(struct drm_device *dev);
extern void intel_teardown_gmbus(struct drm_device *dev);
extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed);
extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit);
@@ -30321,7 +29679,7 @@ index ae294a0..1755461 100644
return container_of(adapter, struct intel_gmbus, adapter)->force_bit;
}
diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
-index b9da890..cad1d98 100644
+index 65e1f00..a30ef00 100644
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
@@ -189,7 +189,7 @@ i915_gem_object_set_to_gpu_domain(struct drm_i915_gem_object *obj,
@@ -30346,7 +29704,7 @@ index b9da890..cad1d98 100644
for (i = 0; i < count; i++) {
char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr;
diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
-index d47a53b..61154c2 100644
+index 5bd4361..0241a42 100644
--- a/drivers/gpu/drm/i915/i915_irq.c
+++ b/drivers/gpu/drm/i915/i915_irq.c
@@ -475,7 +475,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS)
@@ -30376,7 +29734,7 @@ index d47a53b..61154c2 100644
iir = I915_READ(IIR);
-@@ -1750,7 +1750,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
+@@ -1743,7 +1743,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
{
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
@@ -30385,7 +29743,7 @@ index d47a53b..61154c2 100644
INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func);
INIT_WORK(&dev_priv->error_work, i915_error_work_func);
-@@ -1938,7 +1938,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev)
+@@ -1932,7 +1932,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -30395,10 +29753,10 @@ index d47a53b..61154c2 100644
INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func);
INIT_WORK(&dev_priv->error_work, i915_error_work_func);
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index 9ec9755..6d1cf2d 100644
+index 397087c..9178d0d 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
-@@ -2230,7 +2230,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y,
+@@ -2238,7 +2238,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y,
wait_event(dev_priv->pending_flip_queue,
atomic_read(&dev_priv->mm.wedged) ||
@@ -30407,7 +29765,7 @@ index 9ec9755..6d1cf2d 100644
/* Big Hammer, we also need to ensure that any pending
* MI_WAIT_FOR_EVENT inside a user batch buffer on the
-@@ -2851,7 +2851,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc)
+@@ -2859,7 +2859,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc)
obj = to_intel_framebuffer(crtc->fb)->obj;
dev_priv = crtc->dev->dev_private;
wait_event(dev_priv->pending_flip_queue,
@@ -30416,7 +29774,7 @@ index 9ec9755..6d1cf2d 100644
}
static bool intel_crtc_driving_pch(struct drm_crtc *crtc)
-@@ -6952,7 +6952,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev,
+@@ -7171,7 +7171,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev,
atomic_clear_mask(1 << intel_crtc->plane,
&obj->pending_flip.counter);
@@ -30425,7 +29783,7 @@ index 9ec9755..6d1cf2d 100644
wake_up(&dev_priv->pending_flip_queue);
schedule_work(&work->work);
-@@ -7242,7 +7242,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
+@@ -7461,7 +7461,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
/* Block clients from rendering to the new back buffer until
* the flip occurs and the object is no longer visible.
*/
@@ -30434,7 +29792,7 @@ index 9ec9755..6d1cf2d 100644
ret = dev_priv->display.queue_flip(dev, crtc, fb, obj);
if (ret)
-@@ -7256,7 +7256,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
+@@ -7475,7 +7475,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc,
return 0;
cleanup_pending:
@@ -30500,10 +29858,10 @@ index 2581202..f230a8d9 100644
*sequence = cur_fence;
diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/nouveau/nouveau_bios.c
-index 5fc201b..7b032b9 100644
+index e5cbead..6c354a3 100644
--- a/drivers/gpu/drm/nouveau/nouveau_bios.c
+++ b/drivers/gpu/drm/nouveau/nouveau_bios.c
-@@ -201,7 +201,7 @@ struct methods {
+@@ -199,7 +199,7 @@ struct methods {
const char desc[8];
void (*loadbios)(struct drm_device *, uint8_t *);
const bool rw;
@@ -30512,7 +29870,7 @@ index 5fc201b..7b032b9 100644
static struct methods shadow_methods[] = {
{ "PRAMIN", load_vbios_pramin, true },
-@@ -5474,7 +5474,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, struct nvbios *bios,
+@@ -5290,7 +5290,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, struct nvbios *bios,
struct bit_table {
const char id;
int (* const parse_fn)(struct drm_device *, struct nvbios *, struct bit_entry *);
@@ -30522,10 +29880,10 @@ index 5fc201b..7b032b9 100644
#define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry })
diff --git a/drivers/gpu/drm/nouveau/nouveau_drv.h b/drivers/gpu/drm/nouveau/nouveau_drv.h
-index 4c0be3a..5757582 100644
+index b827098..c31a797 100644
--- a/drivers/gpu/drm/nouveau/nouveau_drv.h
+++ b/drivers/gpu/drm/nouveau/nouveau_drv.h
-@@ -238,7 +238,7 @@ struct nouveau_channel {
+@@ -242,7 +242,7 @@ struct nouveau_channel {
struct list_head pending;
uint32_t sequence;
uint32_t sequence_ack;
@@ -30534,7 +29892,7 @@ index 4c0be3a..5757582 100644
struct nouveau_vma vma;
} fence;
-@@ -319,7 +319,7 @@ struct nouveau_exec_engine {
+@@ -323,7 +323,7 @@ struct nouveau_exec_engine {
u32 handle, u16 class);
void (*set_tile_region)(struct drm_device *dev, int i);
void (*tlb_flush)(struct drm_device *, int engine);
@@ -30543,7 +29901,7 @@ index 4c0be3a..5757582 100644
struct nouveau_instmem_engine {
void *priv;
-@@ -341,13 +341,13 @@ struct nouveau_instmem_engine {
+@@ -345,13 +345,13 @@ struct nouveau_instmem_engine {
struct nouveau_mc_engine {
int (*init)(struct drm_device *dev);
void (*takedown)(struct drm_device *dev);
@@ -30559,7 +29917,7 @@ index 4c0be3a..5757582 100644
struct nouveau_fb_engine {
int num_tiles;
-@@ -558,7 +558,7 @@ struct nouveau_vram_engine {
+@@ -566,7 +566,7 @@ struct nouveau_vram_engine {
void (*put)(struct drm_device *, struct nouveau_mem **);
bool (*flags_valid)(struct drm_device *, u32 tile_flags);
@@ -30568,7 +29926,7 @@ index 4c0be3a..5757582 100644
struct nouveau_engine {
struct nouveau_instmem_engine instmem;
-@@ -706,7 +706,7 @@ struct drm_nouveau_private {
+@@ -714,7 +714,7 @@ struct drm_nouveau_private {
struct drm_global_reference mem_global_ref;
struct ttm_bo_global_ref bo_global_ref;
struct ttm_bo_device bdev;
@@ -30613,10 +29971,10 @@ index 7ce3fde..cb3ea04 100644
if (++trycnt > 100000) {
NV_ERROR(dev, "%s failed and gave up.\n", __func__);
diff --git a/drivers/gpu/drm/nouveau/nouveau_state.c b/drivers/gpu/drm/nouveau/nouveau_state.c
-index d8831ab..0ba8356 100644
+index f80c5e0..936baa7 100644
--- a/drivers/gpu/drm/nouveau/nouveau_state.c
+++ b/drivers/gpu/drm/nouveau/nouveau_state.c
-@@ -542,7 +542,7 @@ static bool nouveau_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -543,7 +543,7 @@ static bool nouveau_switcheroo_can_switch(struct pci_dev *pdev)
bool can_switch;
spin_lock(&dev->count_lock);
@@ -30732,32 +30090,20 @@ index 5a82b6b..9e69c73 100644
if (regcomp
(&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
-diff --git a/drivers/gpu/drm/radeon/r600_cs.c b/drivers/gpu/drm/radeon/r600_cs.c
-index cb1acff..8861bc5 100644
---- a/drivers/gpu/drm/radeon/r600_cs.c
-+++ b/drivers/gpu/drm/radeon/r600_cs.c
-@@ -1304,6 +1304,7 @@ static int r600_check_texture_resource(struct radeon_cs_parser *p, u32 idx,
- h0 = G_038004_TEX_HEIGHT(word1) + 1;
- d0 = G_038004_TEX_DEPTH(word1);
- nfaces = 1;
-+ array = 0;
- switch (G_038000_DIM(word0)) {
- case V_038000_SQ_TEX_DIM_1D:
- case V_038000_SQ_TEX_DIM_2D:
diff --git a/drivers/gpu/drm/radeon/radeon.h b/drivers/gpu/drm/radeon/radeon.h
-index 8227e76..ce0b195 100644
+index 1668ec1..30ebdab 100644
--- a/drivers/gpu/drm/radeon/radeon.h
+++ b/drivers/gpu/drm/radeon/radeon.h
-@@ -192,7 +192,7 @@ extern int sumo_get_temp(struct radeon_device *rdev);
- */
- struct radeon_fence_driver {
+@@ -250,7 +250,7 @@ struct radeon_fence_driver {
uint32_t scratch_reg;
+ uint64_t gpu_addr;
+ volatile uint32_t *cpu_addr;
- atomic_t seq;
+ atomic_unchecked_t seq;
uint32_t last_seq;
unsigned long last_jiffies;
unsigned long last_timeout;
-@@ -530,7 +530,7 @@ struct r600_blit_cp_primitives {
+@@ -752,7 +752,7 @@ struct r600_blit_cp_primitives {
int x2, int y2);
void (*draw_auto)(struct radeon_device *rdev);
void (*set_default_state)(struct radeon_device *rdev);
@@ -30766,7 +30112,7 @@ index 8227e76..ce0b195 100644
struct r600_blit {
struct mutex mutex;
-@@ -954,7 +954,7 @@ struct radeon_asic {
+@@ -1201,7 +1201,7 @@ struct radeon_asic {
void (*pre_page_flip)(struct radeon_device *rdev, int crtc);
u32 (*page_flip)(struct radeon_device *rdev, int crtc, u64 crtc_base);
void (*post_page_flip)(struct radeon_device *rdev, int crtc);
@@ -30776,7 +30122,7 @@ index 8227e76..ce0b195 100644
/*
* Asic structures
diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
-index 9231564..78b00fd 100644
+index 49f7cb7..2fcb48f 100644
--- a/drivers/gpu/drm/radeon/radeon_device.c
+++ b/drivers/gpu/drm/radeon/radeon_device.c
@@ -687,7 +687,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
@@ -30802,27 +30148,36 @@ index a1b59ca..86f2d44 100644
uint32_t irq_enable_reg;
uint32_t r500_disp_irq_reg;
diff --git a/drivers/gpu/drm/radeon/radeon_fence.c b/drivers/gpu/drm/radeon/radeon_fence.c
-index 76ec0e9..6feb1a3 100644
+index 4bd36a3..e66fe9c 100644
--- a/drivers/gpu/drm/radeon/radeon_fence.c
+++ b/drivers/gpu/drm/radeon/radeon_fence.c
-@@ -78,7 +78,7 @@ int radeon_fence_emit(struct radeon_device *rdev, struct radeon_fence *fence)
- write_unlock_irqrestore(&rdev->fence_drv.lock, irq_flags);
+@@ -70,7 +70,7 @@ int radeon_fence_emit(struct radeon_device *rdev, struct radeon_fence *fence)
+ write_unlock_irqrestore(&rdev->fence_lock, irq_flags);
return 0;
}
-- fence->seq = atomic_add_return(1, &rdev->fence_drv.seq);
-+ fence->seq = atomic_add_return_unchecked(1, &rdev->fence_drv.seq);
- if (!rdev->cp.ready)
+- fence->seq = atomic_add_return(1, &rdev->fence_drv[fence->ring].seq);
++ fence->seq = atomic_add_return_unchecked(1, &rdev->fence_drv[fence->ring].seq);
+ if (!rdev->ring[fence->ring].ready)
/* FIXME: cp is not running assume everythings is done right
* away
-@@ -373,7 +373,7 @@ int radeon_fence_driver_init(struct radeon_device *rdev)
- return r;
- }
- radeon_fence_write(rdev, 0);
-- atomic_set(&rdev->fence_drv.seq, 0);
-+ atomic_set_unchecked(&rdev->fence_drv.seq, 0);
- INIT_LIST_HEAD(&rdev->fence_drv.created);
- INIT_LIST_HEAD(&rdev->fence_drv.emited);
- INIT_LIST_HEAD(&rdev->fence_drv.signaled);
+@@ -405,7 +405,7 @@ int radeon_fence_driver_start_ring(struct radeon_device *rdev, int ring)
+ }
+ rdev->fence_drv[ring].cpu_addr = &rdev->wb.wb[index/4];
+ rdev->fence_drv[ring].gpu_addr = rdev->wb.gpu_addr + index;
+- radeon_fence_write(rdev, atomic_read(&rdev->fence_drv[ring].seq), ring);
++ radeon_fence_write(rdev, atomic_read_unchecked(&rdev->fence_drv[ring].seq), ring);
+ rdev->fence_drv[ring].initialized = true;
+ DRM_INFO("fence driver on ring %d use gpu addr 0x%08Lx and cpu addr 0x%p\n",
+ ring, rdev->fence_drv[ring].gpu_addr, rdev->fence_drv[ring].cpu_addr);
+@@ -418,7 +418,7 @@ static void radeon_fence_driver_init_ring(struct radeon_device *rdev, int ring)
+ rdev->fence_drv[ring].scratch_reg = -1;
+ rdev->fence_drv[ring].cpu_addr = NULL;
+ rdev->fence_drv[ring].gpu_addr = 0;
+- atomic_set(&rdev->fence_drv[ring].seq, 0);
++ atomic_set_unchecked(&rdev->fence_drv[ring].seq, 0);
+ INIT_LIST_HEAD(&rdev->fence_drv[ring].created);
+ INIT_LIST_HEAD(&rdev->fence_drv[ring].emitted);
+ INIT_LIST_HEAD(&rdev->fence_drv[ring].signaled);
diff --git a/drivers/gpu/drm/radeon/radeon_ioc32.c b/drivers/gpu/drm/radeon/radeon_ioc32.c
index 48b7cea..342236f 100644
--- a/drivers/gpu/drm/radeon/radeon_ioc32.c
@@ -30883,10 +30238,10 @@ index e8422ae..d22d4a8 100644
DRM_DEBUG("pid=%d\n", DRM_CURRENTPID);
diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c
-index 0b5468b..9c4b308 100644
+index c421e77..e6bf2e8 100644
--- a/drivers/gpu/drm/radeon/radeon_ttm.c
+++ b/drivers/gpu/drm/radeon/radeon_ttm.c
-@@ -672,8 +672,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma)
+@@ -842,8 +842,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma)
}
if (unlikely(ttm_vm_ops == NULL)) {
ttm_vm_ops = vma->vm_ops;
@@ -30900,7 +30255,7 @@ index 0b5468b..9c4b308 100644
vma->vm_ops = &radeon_ttm_vm_ops;
return 0;
diff --git a/drivers/gpu/drm/radeon/rs690.c b/drivers/gpu/drm/radeon/rs690.c
-index a9049ed..501f284 100644
+index f68dff2..8df955c 100644
--- a/drivers/gpu/drm/radeon/rs690.c
+++ b/drivers/gpu/drm/radeon/rs690.c
@@ -304,9 +304,11 @@ void rs690_crtc_bandwidth_compute(struct radeon_device *rdev,
@@ -30917,7 +30272,7 @@ index a9049ed..501f284 100644
if (rdev->pm.max_bandwidth.full > rdev->pm.k8_bandwidth.full &&
rdev->pm.k8_bandwidth.full)
diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c
-index 727e93d..1565650 100644
+index 499debd..66fce72 100644
--- a/drivers/gpu/drm/ttm/ttm_page_alloc.c
+++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c
@@ -398,9 +398,9 @@ static int ttm_pool_get_num_unused_pages(void)
@@ -30933,7 +30288,7 @@ index 727e93d..1565650 100644
int shrink_pages = sc->nr_to_scan;
diff --git a/drivers/gpu/drm/via/via_drv.h b/drivers/gpu/drm/via/via_drv.h
-index 9cf87d9..2000b7d 100644
+index 88edacc..1e5412b 100644
--- a/drivers/gpu/drm/via/via_drv.h
+++ b/drivers/gpu/drm/via/via_drv.h
@@ -51,7 +51,7 @@ typedef struct drm_via_ring_buffer {
@@ -31117,10 +30472,10 @@ index 8a8725c..afed796 100644
marker = list_first_entry(&queue->head,
struct vmw_marker, head);
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
-index bb656d8..4169fca 100644
+index af08ce7..7a15038 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
-@@ -2012,7 +2012,7 @@ static bool hid_ignore(struct hid_device *hdev)
+@@ -2020,7 +2020,7 @@ static bool hid_ignore(struct hid_device *hdev)
int hid_add_device(struct hid_device *hdev)
{
@@ -31129,7 +30484,7 @@ index bb656d8..4169fca 100644
int ret;
if (WARN_ON(hdev->status & HID_STAT_ADDED))
-@@ -2027,7 +2027,7 @@ int hid_add_device(struct hid_device *hdev)
+@@ -2035,7 +2035,7 @@ int hid_add_device(struct hid_device *hdev)
/* XXX hack, any other cleaner solution after the driver core
* is converted to allow more than 20 bytes as the device name? */
dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
@@ -31139,7 +30494,7 @@ index bb656d8..4169fca 100644
hid_debug_register(hdev, dev_name(&hdev->dev));
ret = device_add(&hdev->dev);
diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
-index 4ef02b2..8a96831 100644
+index b1ec0e2..c295a61 100644
--- a/drivers/hid/usbhid/hiddev.c
+++ b/drivers/hid/usbhid/hiddev.c
@@ -624,7 +624,7 @@ static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
@@ -31167,7 +30522,7 @@ index 4065374..10ed7dc 100644
ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount);
if (ret)
diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
-index 0fb100e..baf87e5 100644
+index 12aa97f..c0679f7 100644
--- a/drivers/hv/hv.c
+++ b/drivers/hv/hv.c
@@ -132,7 +132,7 @@ static u64 do_hypercall(u64 control, void *input, void *output)
@@ -31180,7 +30535,7 @@ index 0fb100e..baf87e5 100644
__asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi),
"=a"(hv_status_lo) : "d" (control_hi),
diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h
-index 0aee112..b72d21f 100644
+index 6d7d286..92b0873 100644
--- a/drivers/hv/hyperv_vmbus.h
+++ b/drivers/hv/hyperv_vmbus.h
@@ -556,7 +556,7 @@ enum vmbus_connect_state {
@@ -31193,7 +30548,7 @@ index 0aee112..b72d21f 100644
/*
* Represents channel interrupts. Each bit position represents a
diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c
-index d2d0a2a..90b8f4d 100644
+index a220e57..428f54d 100644
--- a/drivers/hv/vmbus_drv.c
+++ b/drivers/hv/vmbus_drv.c
@@ -663,10 +663,10 @@ int vmbus_device_register(struct hv_device *child_device_obj)
@@ -31210,7 +30565,7 @@ index d2d0a2a..90b8f4d 100644
child_device_obj->device.bus = &hv_bus;
child_device_obj->device.parent = &hv_acpi_dev->dev;
diff --git a/drivers/hwmon/acpi_power_meter.c b/drivers/hwmon/acpi_power_meter.c
-index 66f6729..2d6de0a 100644
+index 554f046..f8b4729 100644
--- a/drivers/hwmon/acpi_power_meter.c
+++ b/drivers/hwmon/acpi_power_meter.c
@@ -316,8 +316,6 @@ static ssize_t set_trip(struct device *dev, struct device_attribute *devattr,
@@ -31223,7 +30578,7 @@ index 66f6729..2d6de0a 100644
mutex_lock(&resource->lock);
resource->trip[attr->index - 7] = temp;
diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c
-index 5357925..6cf0418 100644
+index 91fdd1f..b66a686 100644
--- a/drivers/hwmon/sht15.c
+++ b/drivers/hwmon/sht15.c
@@ -166,7 +166,7 @@ struct sht15_data {
@@ -31556,7 +30911,7 @@ index 8126824..55a2798 100644
}
}
diff --git a/drivers/ide/ide-pci-generic.c b/drivers/ide/ide-pci-generic.c
-index a743e68..1cfd674 100644
+index 7f56b73..dab5b67 100644
--- a/drivers/ide/ide-pci-generic.c
+++ b/drivers/ide/ide-pci-generic.c
@@ -53,7 +53,7 @@ static const struct ide_port_ops netcell_port_ops = {
@@ -31842,7 +31197,7 @@ index f46f49c..eb77678 100644
.init_chipset = init_chipset_via82cxxx,
.enablebits = { { 0x40, 0x02, 0x02 }, { 0x40, 0x01, 0x01 } },
diff --git a/drivers/ieee802154/fakehard.c b/drivers/ieee802154/fakehard.c
-index eb0e2cc..14241c7 100644
+index 73d4531..c90cd2d 100644
--- a/drivers/ieee802154/fakehard.c
+++ b/drivers/ieee802154/fakehard.c
@@ -386,7 +386,7 @@ static int __devinit ieee802154fake_probe(struct platform_device *pdev)
@@ -31855,7 +31210,7 @@ index eb0e2cc..14241c7 100644
priv = netdev_priv(dev);
priv->phy = phy;
diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c
-index 8b72f39..55df4c8 100644
+index c889aae..6cf5aa7 100644
--- a/drivers/infiniband/core/cm.c
+++ b/drivers/infiniband/core/cm.c
@@ -114,7 +114,7 @@ static char const counter_group_names[CM_COUNTER_GROUPS]
@@ -32090,19 +31445,6 @@ index 40c8353..946b0e4 100644
}
PDBG("%s stag_state 0x%0x type 0x%0x pdid 0x%0x, stag_idx 0x%x\n",
__func__, stag_state, type, pdid, stag_idx);
-diff --git a/drivers/infiniband/hw/ipath/ipath_fs.c b/drivers/infiniband/hw/ipath/ipath_fs.c
-index 31ae1b1..641d285 100644
---- a/drivers/infiniband/hw/ipath/ipath_fs.c
-+++ b/drivers/infiniband/hw/ipath/ipath_fs.c
-@@ -126,6 +126,8 @@ static const struct file_operations atomic_counters_ops = {
- };
-
- static ssize_t flash_read(struct file *file, char __user *buf,
-+ size_t count, loff_t *ppos) __size_overflow(3);
-+static ssize_t flash_read(struct file *file, char __user *buf,
- size_t count, loff_t *ppos)
- {
- struct ipath_devdata *dd;
diff --git a/drivers/infiniband/hw/ipath/ipath_rc.c b/drivers/infiniband/hw/ipath/ipath_rc.c
index 79b3dbc..96e5fcc 100644
--- a/drivers/infiniband/hw/ipath/ipath_rc.c
@@ -32158,7 +31500,7 @@ index 1f95bba..9530f87 100644
sdata, wqe->wr.wr.atomic.swap);
goto send_comp;
diff --git a/drivers/infiniband/hw/nes/nes.c b/drivers/infiniband/hw/nes/nes.c
-index 5965b3d..16817fb 100644
+index 7140199..da60063 100644
--- a/drivers/infiniband/hw/nes/nes.c
+++ b/drivers/infiniband/hw/nes/nes.c
@@ -103,7 +103,7 @@ MODULE_PARM_DESC(limit_maxrdreqsz, "Limit max read request size to 256 Bytes");
@@ -32180,7 +31522,7 @@ index 5965b3d..16817fb 100644
/* Free the control structures */
diff --git a/drivers/infiniband/hw/nes/nes.h b/drivers/infiniband/hw/nes/nes.h
-index 568b4f1..5ea3eff 100644
+index c438e46..ca30356 100644
--- a/drivers/infiniband/hw/nes/nes.h
+++ b/drivers/infiniband/hw/nes/nes.h
@@ -178,17 +178,17 @@ extern unsigned int nes_debug_level;
@@ -32239,7 +31581,7 @@ index 568b4f1..5ea3eff 100644
extern u32 int_mod_timer_init;
extern u32 int_mod_cq_depth_256;
diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c
-index 0a52d72..0642f36 100644
+index a4972ab..1bcfc31 100644
--- a/drivers/infiniband/hw/nes/nes_cm.c
+++ b/drivers/infiniband/hw/nes/nes_cm.c
@@ -68,14 +68,14 @@ u32 cm_packets_dropped;
@@ -32285,7 +31627,7 @@ index 0a52d72..0642f36 100644
int nes_add_ref_cm_node(struct nes_cm_node *cm_node)
{
-@@ -1271,7 +1271,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core,
+@@ -1274,7 +1274,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core,
kfree(listener);
listener = NULL;
ret = 0;
@@ -32348,7 +31690,7 @@ index 0a52d72..0642f36 100644
dev_kfree_skb_any(skb);
}
break;
-@@ -2880,7 +2880,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp)
+@@ -2881,7 +2881,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp)
if ((cm_id) && (cm_id->event_handler)) {
if (issue_disconn) {
@@ -32357,7 +31699,7 @@ index 0a52d72..0642f36 100644
cm_event.event = IW_CM_EVENT_DISCONNECT;
cm_event.status = disconn_status;
cm_event.local_addr = cm_id->local_addr;
-@@ -2902,7 +2902,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp)
+@@ -2903,7 +2903,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp)
}
if (issue_close) {
@@ -32366,7 +31708,7 @@ index 0a52d72..0642f36 100644
nes_disconnect(nesqp, 1);
cm_id->provider_data = nesqp;
-@@ -3038,7 +3038,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
+@@ -3039,7 +3039,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
nes_debug(NES_DBG_CM, "QP%u, cm_node=%p, jiffies = %lu listener = %p\n",
nesqp->hwqp.qp_id, cm_node, jiffies, cm_node->listener);
@@ -32375,7 +31717,7 @@ index 0a52d72..0642f36 100644
nes_debug(NES_DBG_CM, "netdev refcnt = %u.\n",
netdev_refcnt_read(nesvnic->netdev));
-@@ -3240,7 +3240,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len)
+@@ -3241,7 +3241,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len)
struct nes_cm_core *cm_core;
u8 *start_buff;
@@ -32384,7 +31726,7 @@ index 0a52d72..0642f36 100644
cm_node = (struct nes_cm_node *)cm_id->provider_data;
loopback = cm_node->loopbackpartner;
cm_core = cm_node->cm_core;
-@@ -3300,7 +3300,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
+@@ -3301,7 +3301,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param)
ntohl(cm_id->local_addr.sin_addr.s_addr),
ntohs(cm_id->local_addr.sin_port));
@@ -32393,7 +31735,7 @@ index 0a52d72..0642f36 100644
nesqp->active_conn = 1;
/* cache the cm_id in the qp */
-@@ -3406,7 +3406,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog)
+@@ -3407,7 +3407,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog)
g_cm_core->api->stop_listener(g_cm_core, (void *)cm_node);
return err;
}
@@ -32402,7 +31744,7 @@ index 0a52d72..0642f36 100644
}
cm_id->add_ref(cm_id);
-@@ -3507,7 +3507,7 @@ static void cm_event_connected(struct nes_cm_event *event)
+@@ -3508,7 +3508,7 @@ static void cm_event_connected(struct nes_cm_event *event)
if (nesqp->destroyed)
return;
@@ -32411,7 +31753,7 @@ index 0a52d72..0642f36 100644
nes_debug(NES_DBG_CM, "QP%u attempting to connect to 0x%08X:0x%04X on"
" local port 0x%04X. jiffies = %lu.\n",
nesqp->hwqp.qp_id,
-@@ -3694,7 +3694,7 @@ static void cm_event_reset(struct nes_cm_event *event)
+@@ -3695,7 +3695,7 @@ static void cm_event_reset(struct nes_cm_event *event)
cm_id->add_ref(cm_id);
ret = cm_id->event_handler(cm_id, &cm_event);
@@ -32420,7 +31762,7 @@ index 0a52d72..0642f36 100644
cm_event.event = IW_CM_EVENT_CLOSE;
cm_event.status = 0;
cm_event.provider_data = cm_id->provider_data;
-@@ -3730,7 +3730,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event)
+@@ -3731,7 +3731,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event)
return;
cm_id = cm_node->cm_id;
@@ -32429,7 +31771,7 @@ index 0a52d72..0642f36 100644
nes_debug(NES_DBG_CM, "cm_node = %p - cm_id = %p, jiffies = %lu\n",
cm_node, cm_id, jiffies);
-@@ -3770,7 +3770,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event)
+@@ -3771,7 +3771,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event)
return;
cm_id = cm_node->cm_id;
@@ -32439,7 +31781,7 @@ index 0a52d72..0642f36 100644
cm_node, cm_id, jiffies);
diff --git a/drivers/infiniband/hw/nes/nes_mgt.c b/drivers/infiniband/hw/nes/nes_mgt.c
-index b3b2a24..7bfaf1e 100644
+index 3ba7be3..c81f6ff 100644
--- a/drivers/infiniband/hw/nes/nes_mgt.c
+++ b/drivers/infiniband/hw/nes/nes_mgt.c
@@ -40,8 +40,8 @@
@@ -32472,7 +31814,7 @@ index b3b2a24..7bfaf1e 100644
}
diff --git a/drivers/infiniband/hw/nes/nes_nic.c b/drivers/infiniband/hw/nes/nes_nic.c
-index c00d2f3..8834298 100644
+index f3a3ecf..57d311d 100644
--- a/drivers/infiniband/hw/nes/nes_nic.c
+++ b/drivers/infiniband/hw/nes/nes_nic.c
@@ -1277,39 +1277,39 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev,
@@ -32536,7 +31878,7 @@ index c00d2f3..8834298 100644
/**
diff --git a/drivers/infiniband/hw/nes/nes_verbs.c b/drivers/infiniband/hw/nes/nes_verbs.c
-index 5095bc4..41e8fff 100644
+index 0927b5c..ed67986 100644
--- a/drivers/infiniband/hw/nes/nes_verbs.c
+++ b/drivers/infiniband/hw/nes/nes_verbs.c
@@ -46,9 +46,9 @@
@@ -32582,19 +31924,6 @@ index b881bdc..c2e360c 100644
#include "qib_common.h"
#include "qib_verbs.h"
-diff --git a/drivers/infiniband/hw/qib/qib_fs.c b/drivers/infiniband/hw/qib/qib_fs.c
-index df7fa25..0c854f0 100644
---- a/drivers/infiniband/hw/qib/qib_fs.c
-+++ b/drivers/infiniband/hw/qib/qib_fs.c
-@@ -267,6 +267,8 @@ static const struct file_operations qsfp_ops[] = {
- };
-
- static ssize_t flash_read(struct file *file, char __user *buf,
-+ size_t count, loff_t *ppos) __size_overflow(3);
-+static ssize_t flash_read(struct file *file, char __user *buf,
- size_t count, loff_t *ppos)
- {
- struct qib_devdata *dd;
diff --git a/drivers/input/gameport/gameport.c b/drivers/input/gameport/gameport.c
index c351aa4..e6967c2 100644
--- a/drivers/input/gameport/gameport.c
@@ -32617,7 +31946,7 @@ index c351aa4..e6967c2 100644
gameport->dev.release = gameport_release_port;
if (gameport->parent)
diff --git a/drivers/input/input.c b/drivers/input/input.c
-index da38d97..2aa0b79 100644
+index 1f78c95..3cddc6c 100644
--- a/drivers/input/input.c
+++ b/drivers/input/input.c
@@ -1814,7 +1814,7 @@ static void input_cleanse_bitmasks(struct input_dev *dev)
@@ -32651,7 +31980,7 @@ index b8d8611..7a4a04b 100644
#include <linux/input.h>
#include <linux/gameport.h>
diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c
-index d728875..844c89b 100644
+index fd7a0d5..a4af10c 100644
--- a/drivers/input/joystick/xpad.c
+++ b/drivers/input/joystick/xpad.c
@@ -710,7 +710,7 @@ static void xpad_led_set(struct led_classdev *led_cdev,
@@ -32921,19 +32250,6 @@ index a3bd163..8956575 100644
typedef struct _diva_os_xdi_adapter {
struct list_head link;
-diff --git a/drivers/isdn/i4l/isdn_net.c b/drivers/isdn/i4l/isdn_net.c
-index 2339d73..802ab87a 100644
---- a/drivers/isdn/i4l/isdn_net.c
-+++ b/drivers/isdn/i4l/isdn_net.c
-@@ -1901,7 +1901,7 @@ static int isdn_net_header(struct sk_buff *skb, struct net_device *dev,
- {
- isdn_net_local *lp = netdev_priv(dev);
- unsigned char *p;
-- ushort len = 0;
-+ int len = 0;
-
- switch (lp->p_encap) {
- case ISDN_NET_ENCAP_ETHER:
diff --git a/drivers/isdn/icn/icn.c b/drivers/isdn/icn/icn.c
index 1f355bb..43f1fea 100644
--- a/drivers/isdn/icn/icn.c
@@ -32978,20 +32294,8 @@ index b5fdcb7..5b6c59f 100644
end_switcher_text - start_switcher_text);
printk(KERN_INFO "lguest: mapped switcher at %p\n",
-diff --git a/drivers/lguest/lguest_user.c b/drivers/lguest/lguest_user.c
-index ff4a0bc..f5fdd9c 100644
---- a/drivers/lguest/lguest_user.c
-+++ b/drivers/lguest/lguest_user.c
-@@ -198,6 +198,7 @@ static int user_send_irq(struct lg_cpu *cpu, const unsigned long __user *input)
- * Once our Guest is initialized, the Launcher makes it run by reading
- * from /dev/lguest.
- */
-+static ssize_t read(struct file *file, char __user *user, size_t size,loff_t*o) __size_overflow(3);
- static ssize_t read(struct file *file, char __user *user, size_t size,loff_t*o)
- {
- struct lguest *lg = file->private_data;
diff --git a/drivers/lguest/x86/core.c b/drivers/lguest/x86/core.c
-index 65af42f..530c87a 100644
+index 3980903..ce25c5e 100644
--- a/drivers/lguest/x86/core.c
+++ b/drivers/lguest/x86/core.c
@@ -59,7 +59,7 @@ static struct {
@@ -33242,7 +32546,7 @@ index 3d80cf0..b77cc47 100644
schedule_work(&sc->trigger_event);
}
diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c
-index 8e91321..fd17aef 100644
+index 63cc542..8d45caf3 100644
--- a/drivers/md/dm-table.c
+++ b/drivers/md/dm-table.c
@@ -391,7 +391,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev,
@@ -33277,10 +32581,10 @@ index 237571a..fb6d19b 100644
pmd->bl_info.value_type.inc = data_block_inc;
pmd->bl_info.value_type.dec = data_block_dec;
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
-index 4720f68..78d1df7 100644
+index b89c548..2af3ce4 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
-@@ -177,9 +177,9 @@ struct mapped_device {
+@@ -176,9 +176,9 @@ struct mapped_device {
/*
* Event handling.
*/
@@ -33292,7 +32596,7 @@ index 4720f68..78d1df7 100644
struct list_head uevent_list;
spinlock_t uevent_lock; /* Protect access to uevent_list */
-@@ -1845,8 +1845,8 @@ static struct mapped_device *alloc_dev(int minor)
+@@ -1844,8 +1844,8 @@ static struct mapped_device *alloc_dev(int minor)
rwlock_init(&md->map_lock);
atomic_set(&md->holders, 1);
atomic_set(&md->open_count, 0);
@@ -33303,7 +32607,7 @@ index 4720f68..78d1df7 100644
INIT_LIST_HEAD(&md->uevent_list);
spin_lock_init(&md->uevent_lock);
-@@ -1980,7 +1980,7 @@ static void event_callback(void *context)
+@@ -1979,7 +1979,7 @@ static void event_callback(void *context)
dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj);
@@ -33312,7 +32616,7 @@ index 4720f68..78d1df7 100644
wake_up(&md->eventq);
}
-@@ -2622,18 +2622,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
+@@ -2621,18 +2621,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
uint32_t dm_next_uevent_seq(struct mapped_device *md)
{
@@ -33335,10 +32639,10 @@ index 4720f68..78d1df7 100644
void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
diff --git a/drivers/md/md.c b/drivers/md/md.c
-index f47f1f8..b7f559e 100644
+index ce88755..4d8686d 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
-@@ -278,10 +278,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio);
+@@ -277,10 +277,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio);
* start build, activate spare
*/
static DECLARE_WAIT_QUEUE_HEAD(md_event_waiters);
@@ -33351,7 +32655,7 @@ index f47f1f8..b7f559e 100644
wake_up(&md_event_waiters);
}
EXPORT_SYMBOL_GPL(md_new_event);
-@@ -291,7 +291,7 @@ EXPORT_SYMBOL_GPL(md_new_event);
+@@ -290,7 +290,7 @@ EXPORT_SYMBOL_GPL(md_new_event);
*/
static void md_new_event_inintr(struct mddev *mddev)
{
@@ -33360,7 +32664,7 @@ index f47f1f8..b7f559e 100644
wake_up(&md_event_waiters);
}
-@@ -1525,7 +1525,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_
+@@ -1524,7 +1524,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_
rdev->preferred_minor = 0xffff;
rdev->data_offset = le64_to_cpu(sb->data_offset);
@@ -33369,7 +32673,7 @@ index f47f1f8..b7f559e 100644
rdev->sb_size = le32_to_cpu(sb->max_dev) * 2 + 256;
bmask = queue_logical_block_size(rdev->bdev->bd_disk->queue)-1;
-@@ -1742,7 +1742,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev)
+@@ -1743,7 +1743,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev)
else
sb->resync_offset = cpu_to_le64(0);
@@ -33378,7 +32682,7 @@ index f47f1f8..b7f559e 100644
sb->raid_disks = cpu_to_le32(mddev->raid_disks);
sb->size = cpu_to_le64(mddev->dev_sectors);
-@@ -2639,7 +2639,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store);
+@@ -2688,7 +2688,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store);
static ssize_t
errors_show(struct md_rdev *rdev, char *page)
{
@@ -33387,7 +32691,7 @@ index f47f1f8..b7f559e 100644
}
static ssize_t
-@@ -2648,7 +2648,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len)
+@@ -2697,7 +2697,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len)
char *e;
unsigned long n = simple_strtoul(buf, &e, 10);
if (*buf && (*e == 0 || *e == '\n')) {
@@ -33396,7 +32700,7 @@ index f47f1f8..b7f559e 100644
return len;
}
return -EINVAL;
-@@ -3039,8 +3039,8 @@ int md_rdev_init(struct md_rdev *rdev)
+@@ -3083,8 +3083,8 @@ int md_rdev_init(struct md_rdev *rdev)
rdev->sb_loaded = 0;
rdev->bb_page = NULL;
atomic_set(&rdev->nr_pending, 0);
@@ -33407,7 +32711,7 @@ index f47f1f8..b7f559e 100644
INIT_LIST_HEAD(&rdev->same_set);
init_waitqueue_head(&rdev->blocked_wait);
-@@ -6683,7 +6683,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
+@@ -6735,7 +6735,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
spin_unlock(&pers_lock);
seq_printf(seq, "\n");
@@ -33416,7 +32720,7 @@ index f47f1f8..b7f559e 100644
return 0;
}
if (v == (void*)2) {
-@@ -6772,7 +6772,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
+@@ -6827,7 +6827,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
chunk_kb ? "KB" : "B");
if (bitmap->file) {
seq_printf(seq, ", file: ");
@@ -33425,7 +32729,7 @@ index f47f1f8..b7f559e 100644
}
seq_printf(seq, "\n");
-@@ -6803,7 +6803,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
+@@ -6858,7 +6858,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
return error;
seq = file->private_data;
@@ -33434,7 +32738,7 @@ index f47f1f8..b7f559e 100644
return error;
}
-@@ -6817,7 +6817,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
+@@ -6872,7 +6872,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
/* always allow read */
mask = POLLIN | POLLRDNORM;
@@ -33443,7 +32747,7 @@ index f47f1f8..b7f559e 100644
mask |= POLLERR | POLLPRI;
return mask;
}
-@@ -6861,7 +6861,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
+@@ -6916,7 +6916,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
(int)part_stat_read(&disk->part0, sectors[1]) -
@@ -33453,10 +32757,10 @@ index f47f1f8..b7f559e 100644
* as sync_io is counted when a request starts, and
* disk_stats is counted when it completes.
diff --git a/drivers/md/md.h b/drivers/md/md.h
-index cf742d9..7c7c745 100644
+index 44c63df..b795d1a 100644
--- a/drivers/md/md.h
+++ b/drivers/md/md.h
-@@ -120,13 +120,13 @@ struct md_rdev {
+@@ -93,13 +93,13 @@ struct md_rdev {
* only maintained for arrays that
* support hot removal
*/
@@ -33472,7 +32776,7 @@ index cf742d9..7c7c745 100644
* for reporting to userspace and storing
* in superblock.
*/
-@@ -410,7 +410,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev)
+@@ -421,7 +421,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev)
static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors)
{
@@ -33533,10 +32837,10 @@ index 1cbfc6b..56e1dbb 100644
/*----------------------------------------------------------------*/
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index 7d9e071..015b1d5 100644
+index a0b225e..a9be913 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
-@@ -1568,7 +1568,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
+@@ -1632,7 +1632,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
if (r1_sync_page_io(rdev, sect, s,
bio->bi_io_vec[idx].bv_page,
READ) != 0)
@@ -33545,7 +32849,7 @@ index 7d9e071..015b1d5 100644
}
sectors -= s;
sect += s;
-@@ -1781,7 +1781,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
+@@ -1845,7 +1845,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
test_bit(In_sync, &rdev->flags)) {
if (r1_sync_page_io(rdev, sect, s,
conf->tmppage, READ)) {
@@ -33555,10 +32859,10 @@ index 7d9e071..015b1d5 100644
"md/raid1:%s: read error corrected "
"(%d sectors at %llu on %s)\n",
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index 685ddf3..955b087 100644
+index 58c44d6..f090bad 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
-@@ -1440,7 +1440,7 @@ static void end_sync_read(struct bio *bio, int error)
+@@ -1623,7 +1623,7 @@ static void end_sync_read(struct bio *bio, int error)
/* The write handler will notice the lack of
* R10BIO_Uptodate and record any errors etc
*/
@@ -33567,7 +32871,7 @@ index 685ddf3..955b087 100644
&conf->mirrors[d].rdev->corrected_errors);
/* for reconstruct, we always reschedule after a read.
-@@ -1740,7 +1740,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -1974,7 +1974,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
{
struct timespec cur_time_mon;
unsigned long hours_since_last;
@@ -33576,7 +32880,7 @@ index 685ddf3..955b087 100644
ktime_get_ts(&cur_time_mon);
-@@ -1762,9 +1762,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -1996,9 +1996,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
* overflowing the shift of read_errors by hours_since_last.
*/
if (hours_since_last >= 8 * sizeof(read_errors))
@@ -33588,7 +32892,7 @@ index 685ddf3..955b087 100644
}
static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector,
-@@ -1814,8 +1814,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2052,8 +2052,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
return;
check_decay_read_errors(mddev, rdev);
@@ -33599,7 +32903,7 @@ index 685ddf3..955b087 100644
char b[BDEVNAME_SIZE];
bdevname(rdev->bdev, b);
-@@ -1823,7 +1823,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2061,7 +2061,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
"md/raid10:%s: %s: Raid device exceeded "
"read_error threshold [cur %d:max %d]\n",
mdname(mddev), b,
@@ -33608,7 +32912,7 @@ index 685ddf3..955b087 100644
printk(KERN_NOTICE
"md/raid10:%s: %s: Failing raid device\n",
mdname(mddev), b);
-@@ -1968,7 +1968,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2210,7 +2210,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
(unsigned long long)(
sect + rdev->data_offset),
bdevname(rdev->bdev, b));
@@ -33618,10 +32922,10 @@ index 685ddf3..955b087 100644
rdev_dec_pending(rdev, mddev);
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index 858fdbb..b2dac95 100644
+index 360f2b9..08b5382 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
-@@ -1610,19 +1610,19 @@ static void raid5_end_read_request(struct bio * bi, int error)
+@@ -1687,18 +1687,18 @@ static void raid5_end_read_request(struct bio * bi, int error)
(unsigned long long)(sh->sector
+ rdev->data_offset),
bdevname(rdev->bdev, b));
@@ -33630,22 +32934,21 @@ index 858fdbb..b2dac95 100644
clear_bit(R5_ReadError, &sh->dev[i].flags);
clear_bit(R5_ReWrite, &sh->dev[i].flags);
}
-- if (atomic_read(&conf->disks[i].rdev->read_errors))
-- atomic_set(&conf->disks[i].rdev->read_errors, 0);
-+ if (atomic_read_unchecked(&conf->disks[i].rdev->read_errors))
-+ atomic_set_unchecked(&conf->disks[i].rdev->read_errors, 0);
+- if (atomic_read(&rdev->read_errors))
+- atomic_set(&rdev->read_errors, 0);
++ if (atomic_read_unchecked(&rdev->read_errors))
++ atomic_set_unchecked(&rdev->read_errors, 0);
} else {
- const char *bdn = bdevname(conf->disks[i].rdev->bdev, b);
+ const char *bdn = bdevname(rdev->bdev, b);
int retry = 0;
- rdev = conf->disks[i].rdev;
clear_bit(R5_UPTODATE, &sh->dev[i].flags);
- atomic_inc(&rdev->read_errors);
+ atomic_inc_unchecked(&rdev->read_errors);
- if (conf->mddev->degraded >= conf->max_degraded)
+ if (test_bit(R5_ReadRepl, &sh->dev[i].flags))
printk_ratelimited(
KERN_WARNING
-@@ -1642,7 +1642,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
+@@ -1727,7 +1727,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
(unsigned long long)(sh->sector
+ rdev->data_offset),
bdn);
@@ -33655,7 +32958,7 @@ index 858fdbb..b2dac95 100644
printk(KERN_WARNING
"md/raid:%s: Too many read errors, failing device %s.\n",
diff --git a/drivers/media/dvb/ddbridge/ddbridge-core.c b/drivers/media/dvb/ddbridge/ddbridge-core.c
-index ba9a643..e474ab5 100644
+index ce4f858..7bcfb46 100644
--- a/drivers/media/dvb/ddbridge/ddbridge-core.c
+++ b/drivers/media/dvb/ddbridge/ddbridge-core.c
@@ -1678,7 +1678,7 @@ static struct ddb_info ddb_v6 = {
@@ -33681,7 +32984,7 @@ index a7d876f..8c21b61 100644
struct dvb_demux *demux;
void *priv;
diff --git a/drivers/media/dvb/dvb-core/dvbdev.c b/drivers/media/dvb/dvb-core/dvbdev.c
-index f732877..d38c35a 100644
+index 00a6732..70a682e 100644
--- a/drivers/media/dvb/dvb-core/dvbdev.c
+++ b/drivers/media/dvb/dvb-core/dvbdev.c
@@ -192,7 +192,7 @@ int dvb_register_device(struct dvb_adapter *adap, struct dvb_device **pdvbdev,
@@ -33694,20 +32997,20 @@ index f732877..d38c35a 100644
int minor;
int id;
diff --git a/drivers/media/dvb/dvb-usb/cxusb.c b/drivers/media/dvb/dvb-usb/cxusb.c
-index 9f2a02c..5920f88 100644
+index 3940bb0..fb3952a 100644
--- a/drivers/media/dvb/dvb-usb/cxusb.c
+++ b/drivers/media/dvb/dvb-usb/cxusb.c
-@@ -1069,7 +1069,7 @@ static struct dib0070_config dib7070p_dib0070_config = {
+@@ -1068,7 +1068,7 @@ static struct dib0070_config dib7070p_dib0070_config = {
+
struct dib0700_adapter_state {
- int (*set_param_save) (struct dvb_frontend *,
- struct dvb_frontend_parameters *);
+ int (*set_param_save) (struct dvb_frontend *);
-};
+} __no_const;
- static int dib7070_set_param_override(struct dvb_frontend *fe,
- struct dvb_frontend_parameters *fep)
+ static int dib7070_set_param_override(struct dvb_frontend *fe)
+ {
diff --git a/drivers/media/dvb/dvb-usb/dw2102.c b/drivers/media/dvb/dvb-usb/dw2102.c
-index f103ec1..5e8968b 100644
+index 451c5a7..649f711 100644
--- a/drivers/media/dvb/dvb-usb/dw2102.c
+++ b/drivers/media/dvb/dvb-usb/dw2102.c
@@ -95,7 +95,7 @@ struct su3000_state {
@@ -33732,21 +33035,8 @@ index 404f63a..4796533 100644
#if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) && defined(MODULE))
extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config,
-diff --git a/drivers/media/dvb/frontends/ds3000.c b/drivers/media/dvb/frontends/ds3000.c
-index 90bf573..e8463da 100644
---- a/drivers/media/dvb/frontends/ds3000.c
-+++ b/drivers/media/dvb/frontends/ds3000.c
-@@ -1210,7 +1210,7 @@ static int ds3000_set_frontend(struct dvb_frontend *fe,
-
- for (i = 0; i < 30 ; i++) {
- ds3000_read_status(fe, &status);
-- if (status && FE_HAS_LOCK)
-+ if (status & FE_HAS_LOCK)
- break;
-
- msleep(10);
diff --git a/drivers/media/dvb/ngene/ngene-cards.c b/drivers/media/dvb/ngene/ngene-cards.c
-index 0564192..75b16f5 100644
+index 8418c02..8555013 100644
--- a/drivers/media/dvb/ngene/ngene-cards.c
+++ b/drivers/media/dvb/ngene/ngene-cards.c
@@ -477,7 +477,7 @@ static struct ngene_info ngene_info_m780 = {
@@ -33771,19 +33061,6 @@ index 16a089f..ab1667d 100644
mutex_lock(&dev->lock);
if (dev->rdsstat == 0) {
dev->rdsstat = 1;
-diff --git a/drivers/media/rc/redrat3.c b/drivers/media/rc/redrat3.c
-index 61287fc..8b08712 100644
---- a/drivers/media/rc/redrat3.c
-+++ b/drivers/media/rc/redrat3.c
-@@ -905,7 +905,7 @@ static int redrat3_set_tx_carrier(struct rc_dev *dev, u32 carrier)
- return carrier;
- }
-
--static int redrat3_transmit_ir(struct rc_dev *rcdev, int *txbuf, u32 n)
-+static int redrat3_transmit_ir(struct rc_dev *rcdev, unsigned *txbuf, u32 n)
- {
- struct redrat3_dev *rr3 = rcdev->priv;
- struct device *dev = rr3->dev;
diff --git a/drivers/media/video/au0828/au0828.h b/drivers/media/video/au0828/au0828.h
index 9cde353..8c6a1c3 100644
--- a/drivers/media/video/au0828/au0828.h
@@ -33798,7 +33075,7 @@ index 9cde353..8c6a1c3 100644
u32 i2c_rc;
diff --git a/drivers/media/video/cx88/cx88-alsa.c b/drivers/media/video/cx88/cx88-alsa.c
-index 68d1240..46b32eb 100644
+index 04bf662..e0ac026 100644
--- a/drivers/media/video/cx88/cx88-alsa.c
+++ b/drivers/media/video/cx88/cx88-alsa.c
@@ -766,7 +766,7 @@ static struct snd_kcontrol_new snd_cx88_alc_switch = {
@@ -33811,7 +33088,7 @@ index 68d1240..46b32eb 100644
{0x14f1,0x8811,PCI_ANY_ID,PCI_ANY_ID,0,0,0},
{0, }
diff --git a/drivers/media/video/omap/omap_vout.c b/drivers/media/video/omap/omap_vout.c
-index ee0d0b3..63f6b78 100644
+index 1fb7d5b..3901e77 100644
--- a/drivers/media/video/omap/omap_vout.c
+++ b/drivers/media/video/omap/omap_vout.c
@@ -64,7 +64,6 @@ enum omap_vout_channels {
@@ -33822,7 +33099,7 @@ index ee0d0b3..63f6b78 100644
/* Variables configurable through module params*/
static u32 video1_numbuffers = 3;
static u32 video2_numbuffers = 3;
-@@ -999,6 +998,12 @@ static int omap_vout_open(struct file *file)
+@@ -1000,6 +999,12 @@ static int omap_vout_open(struct file *file)
{
struct videobuf_queue *q;
struct omap_vout_device *vout = NULL;
@@ -33835,7 +33112,7 @@ index ee0d0b3..63f6b78 100644
vout = video_drvdata(file);
v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__);
-@@ -1016,10 +1021,6 @@ static int omap_vout_open(struct file *file)
+@@ -1017,10 +1022,6 @@ static int omap_vout_open(struct file *file)
vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT;
q = &vout->vbq;
@@ -33859,34 +33136,8 @@ index 305e6aa..0143317 100644
pvr2_i2c_func i2c_func[PVR2_I2C_FUNC_CNT];
int i2c_cx25840_hack_state;
int i2c_linked;
-diff --git a/drivers/media/video/saa7164/saa7164-encoder.c b/drivers/media/video/saa7164/saa7164-encoder.c
-index 2fd38a0..ddec3c4 100644
---- a/drivers/media/video/saa7164/saa7164-encoder.c
-+++ b/drivers/media/video/saa7164/saa7164-encoder.c
-@@ -1136,6 +1136,8 @@ struct saa7164_user_buffer *saa7164_enc_next_buf(struct saa7164_port *port)
- }
-
- static ssize_t fops_read(struct file *file, char __user *buffer,
-+ size_t count, loff_t *pos) __size_overflow(3);
-+static ssize_t fops_read(struct file *file, char __user *buffer,
- size_t count, loff_t *pos)
- {
- struct saa7164_encoder_fh *fh = file->private_data;
-diff --git a/drivers/media/video/saa7164/saa7164-vbi.c b/drivers/media/video/saa7164/saa7164-vbi.c
-index e2e0341..b80056c 100644
---- a/drivers/media/video/saa7164/saa7164-vbi.c
-+++ b/drivers/media/video/saa7164/saa7164-vbi.c
-@@ -1081,6 +1081,8 @@ struct saa7164_user_buffer *saa7164_vbi_next_buf(struct saa7164_port *port)
- }
-
- static ssize_t fops_read(struct file *file, char __user *buffer,
-+ size_t count, loff_t *pos) __size_overflow(3);
-+static ssize_t fops_read(struct file *file, char __user *buffer,
- size_t count, loff_t *pos)
- {
- struct saa7164_vbi_fh *fh = file->private_data;
diff --git a/drivers/media/video/timblogiw.c b/drivers/media/video/timblogiw.c
-index a0895bf..b7ebb1b 100644
+index 4ed1c7c2..8f15e13 100644
--- a/drivers/media/video/timblogiw.c
+++ b/drivers/media/video/timblogiw.c
@@ -745,7 +745,7 @@ static int timblogiw_mmap(struct file *file, struct vm_area_struct *vma)
@@ -33908,10 +33159,10 @@ index a0895bf..b7ebb1b 100644
.open = timblogiw_open,
.release = timblogiw_close,
diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c
-index e9c6a60..daf6a33 100644
+index a7dc467..a55c423 100644
--- a/drivers/message/fusion/mptbase.c
+++ b/drivers/message/fusion/mptbase.c
-@@ -6753,8 +6753,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v)
+@@ -6754,8 +6754,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v)
seq_printf(m, " MaxChainDepth = 0x%02x frames\n", ioc->facts.MaxChainDepth);
seq_printf(m, " MinBlockSize = 0x%02x bytes\n", 4*ioc->facts.BlockSize);
@@ -33926,7 +33177,7 @@ index e9c6a60..daf6a33 100644
* Rounding UP to nearest 4-kB boundary here...
*/
diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c
-index 9d95042..b808101 100644
+index 551262e..7551198 100644
--- a/drivers/message/fusion/mptsas.c
+++ b/drivers/message/fusion/mptsas.c
@@ -446,6 +446,23 @@ mptsas_is_end_device(struct mptsas_devinfo * attached)
@@ -34007,7 +33258,7 @@ index 0c3ced7..1fe34ec 100644
return h->info_kbuf;
}
diff --git a/drivers/message/i2o/i2o_proc.c b/drivers/message/i2o/i2o_proc.c
-index 07dbeaf..5533142 100644
+index 6d115c7..58ff7fd 100644
--- a/drivers/message/i2o/i2o_proc.c
+++ b/drivers/message/i2o/i2o_proc.c
@@ -255,13 +255,6 @@ static char *scsi_devices[] = {
@@ -34137,7 +33388,7 @@ index 7ce65f4..e66e9bc 100644
};
diff --git a/drivers/mfd/janz-cmodio.c b/drivers/mfd/janz-cmodio.c
-index 5c2a06a..8fa077c 100644
+index a9223ed..4127b13 100644
--- a/drivers/mfd/janz-cmodio.c
+++ b/drivers/mfd/janz-cmodio.c
@@ -13,6 +13,7 @@
@@ -34149,10 +33400,10 @@ index 5c2a06a..8fa077c 100644
#include <linux/pci.h>
#include <linux/interrupt.h>
diff --git a/drivers/misc/lis3lv02d/lis3lv02d.c b/drivers/misc/lis3lv02d/lis3lv02d.c
-index 29d12a7..f900ba4 100644
+index a981e2a..5ca0c8b 100644
--- a/drivers/misc/lis3lv02d/lis3lv02d.c
+++ b/drivers/misc/lis3lv02d/lis3lv02d.c
-@@ -464,7 +464,7 @@ static irqreturn_t lis302dl_interrupt(int irq, void *data)
+@@ -466,7 +466,7 @@ static irqreturn_t lis302dl_interrupt(int irq, void *data)
* the lid is closed. This leads to interrupts as soon as a little move
* is done.
*/
@@ -34161,7 +33412,7 @@ index 29d12a7..f900ba4 100644
wake_up_interruptible(&lis3->misc_wait);
kill_fasync(&lis3->async_queue, SIGIO, POLL_IN);
-@@ -550,7 +550,7 @@ static int lis3lv02d_misc_open(struct inode *inode, struct file *file)
+@@ -552,7 +552,7 @@ static int lis3lv02d_misc_open(struct inode *inode, struct file *file)
if (lis3->pm_dev)
pm_runtime_get_sync(lis3->pm_dev);
@@ -34170,7 +33421,7 @@ index 29d12a7..f900ba4 100644
return 0;
}
-@@ -583,7 +583,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file, char __user *buf,
+@@ -585,7 +585,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file, char __user *buf,
add_wait_queue(&lis3->misc_wait, &wait);
while (true) {
set_current_state(TASK_INTERRUPTIBLE);
@@ -34179,7 +33430,7 @@ index 29d12a7..f900ba4 100644
if (data)
break;
-@@ -624,7 +624,7 @@ static unsigned int lis3lv02d_misc_poll(struct file *file, poll_table *wait)
+@@ -626,7 +626,7 @@ static unsigned int lis3lv02d_misc_poll(struct file *file, poll_table *wait)
struct lis3lv02d, miscdev);
poll_wait(file, &lis3->misc_wait, wait);
@@ -34217,7 +33468,7 @@ index 2f30bad..c4c13d0 100644
mcs_op_statistics[op].max = nsec;
}
diff --git a/drivers/misc/sgi-gru/gruprocfs.c b/drivers/misc/sgi-gru/gruprocfs.c
-index 7768b87..f8aac38 100644
+index 950dbe9..eeef0f8 100644
--- a/drivers/misc/sgi-gru/gruprocfs.c
+++ b/drivers/misc/sgi-gru/gruprocfs.c
@@ -32,9 +32,9 @@
@@ -34472,10 +33723,10 @@ index 8d082b4..aa749ae 100644
/*
* Timer function to enforce the timelimit on the partition disengage.
diff --git a/drivers/mmc/host/sdhci-pci.c b/drivers/mmc/host/sdhci-pci.c
-index 6878a94..fe5c5f1 100644
+index 6ebdc40..9edf5d8 100644
--- a/drivers/mmc/host/sdhci-pci.c
+++ b/drivers/mmc/host/sdhci-pci.c
-@@ -673,7 +673,7 @@ static const struct sdhci_pci_fixes sdhci_via = {
+@@ -631,7 +631,7 @@ static const struct sdhci_pci_fixes sdhci_via = {
.probe = via_probe,
};
@@ -34485,10 +33736,10 @@ index 6878a94..fe5c5f1 100644
.vendor = PCI_VENDOR_ID_RICOH,
.device = PCI_DEVICE_ID_RICOH_R5C822,
diff --git a/drivers/mtd/devices/doc2000.c b/drivers/mtd/devices/doc2000.c
-index e9fad91..0a7a16a 100644
+index b1cdf64..ce6e438 100644
--- a/drivers/mtd/devices/doc2000.c
+++ b/drivers/mtd/devices/doc2000.c
-@@ -773,7 +773,7 @@ static int doc_write(struct mtd_info *mtd, loff_t to, size_t len,
+@@ -764,7 +764,7 @@ static int doc_write(struct mtd_info *mtd, loff_t to, size_t len,
/* The ECC will not be calculated correctly if less than 512 is written */
/* DBB-
@@ -34498,10 +33749,10 @@ index e9fad91..0a7a16a 100644
"ECC needs a full sector write (adr: %lx size %lx)\n",
(long) to, (long) len);
diff --git a/drivers/mtd/devices/doc2001.c b/drivers/mtd/devices/doc2001.c
-index a3f7a27..234016e 100644
+index 7543b98..7069947 100644
--- a/drivers/mtd/devices/doc2001.c
+++ b/drivers/mtd/devices/doc2001.c
-@@ -392,7 +392,7 @@ static int doc_read (struct mtd_info *mtd, loff_t from, size_t len,
+@@ -384,7 +384,7 @@ static int doc_read (struct mtd_info *mtd, loff_t from, size_t len,
struct Nand *mychip = &this->chips[from >> (this->chipshift)];
/* Don't allow read past end of device */
@@ -34523,7 +33774,7 @@ index 3984d48..28aa897 100644
#include "denali.h"
diff --git a/drivers/mtd/nftlmount.c b/drivers/mtd/nftlmount.c
-index ac40925..483b753 100644
+index 51b9d6a..52af9a7 100644
--- a/drivers/mtd/nftlmount.c
+++ b/drivers/mtd/nftlmount.c
@@ -24,6 +24,7 @@
@@ -34535,7 +33786,7 @@ index ac40925..483b753 100644
#include <linux/mtd/nand.h>
#include <linux/mtd/nftl.h>
diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c
-index 6c3fb5a..5b2eeb0 100644
+index 115749f..3021f01 100644
--- a/drivers/mtd/ubi/build.c
+++ b/drivers/mtd/ubi/build.c
@@ -1311,7 +1311,7 @@ module_exit(ubi_exit);
@@ -34567,7 +33818,7 @@ index 6c3fb5a..5b2eeb0 100644
}
- return result;
-+ if (result*scale >= INT_MAX) {
++ if ((intoverflow_t)result*scale >= INT_MAX) {
+ printk(KERN_ERR "UBI error: incorrect bytes count: \"%s\"\n",
+ str);
+ return -EINVAL;
@@ -34577,24 +33828,11 @@ index 6c3fb5a..5b2eeb0 100644
}
/**
-diff --git a/drivers/mtd/ubi/debug.c b/drivers/mtd/ubi/debug.c
-index ab80c0d..aec8580 100644
---- a/drivers/mtd/ubi/debug.c
-+++ b/drivers/mtd/ubi/debug.c
-@@ -338,6 +338,8 @@ out:
-
- /* Write an UBI debugfs file */
- static ssize_t dfs_file_write(struct file *file, const char __user *user_buf,
-+ size_t count, loff_t *ppos) __size_overflow(3);
-+static ssize_t dfs_file_write(struct file *file, const char __user *user_buf,
- size_t count, loff_t *ppos)
- {
- unsigned long ubi_num = (unsigned long)file->private_data;
diff --git a/drivers/net/ethernet/atheros/atlx/atl2.c b/drivers/net/ethernet/atheros/atlx/atl2.c
-index 1feae59..c2a61d2 100644
+index 071f4c8..440862e 100644
--- a/drivers/net/ethernet/atheros/atlx/atl2.c
+++ b/drivers/net/ethernet/atheros/atlx/atl2.c
-@@ -2857,7 +2857,7 @@ static void atl2_force_ps(struct atl2_hw *hw)
+@@ -2862,7 +2862,7 @@ static void atl2_force_ps(struct atl2_hw *hw)
*/
#define ATL2_PARAM(X, desc) \
@@ -34604,10 +33842,10 @@ index 1feae59..c2a61d2 100644
MODULE_PARM_DESC(X, desc);
#else
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
-index 9a517c2..a50cfcb 100644
+index 66da39f..5dc436d 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
-@@ -449,7 +449,7 @@ struct bnx2x_rx_mode_obj {
+@@ -473,7 +473,7 @@ struct bnx2x_rx_mode_obj {
int (*wait_comp)(struct bnx2x *bp,
struct bnx2x_rx_mode_ramrod_params *p);
@@ -34617,10 +33855,10 @@ index 9a517c2..a50cfcb 100644
/********************** Set multicast group ***********************************/
diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h
-index 94b4bd0..73c02de 100644
+index aea8f72..fcebf75 100644
--- a/drivers/net/ethernet/broadcom/tg3.h
+++ b/drivers/net/ethernet/broadcom/tg3.h
-@@ -134,6 +134,7 @@
+@@ -140,6 +140,7 @@
#define CHIPREV_ID_5750_A0 0x4000
#define CHIPREV_ID_5750_A1 0x4001
#define CHIPREV_ID_5750_A3 0x4003
@@ -34629,7 +33867,7 @@ index 94b4bd0..73c02de 100644
#define CHIPREV_ID_5752_A0_HW 0x5000
#define CHIPREV_ID_5752_A0 0x6000
diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h
-index c5f5479..2e8c260 100644
+index c4e8643..0979484 100644
--- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h
+++ b/drivers/net/ethernet/chelsio/cxgb3/l2t.h
@@ -87,7 +87,7 @@ typedef void (*arp_failure_handler_func)(struct t3cdev * dev,
@@ -34641,52 +33879,11 @@ index c5f5479..2e8c260 100644
#define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb)
-diff --git a/drivers/net/ethernet/chelsio/cxgb3/sge.c b/drivers/net/ethernet/chelsio/cxgb3/sge.c
-index cfb60e1..9c76da7 100644
---- a/drivers/net/ethernet/chelsio/cxgb3/sge.c
-+++ b/drivers/net/ethernet/chelsio/cxgb3/sge.c
-@@ -611,6 +611,8 @@ static void recycle_rx_buf(struct adapter *adap, struct sge_fl *q,
- * of the SW ring.
- */
- static void *alloc_ring(struct pci_dev *pdev, size_t nelem, size_t elem_size,
-+ size_t sw_size, dma_addr_t * phys, void *metadata) __size_overflow(2,4);
-+static void *alloc_ring(struct pci_dev *pdev, size_t nelem, size_t elem_size,
- size_t sw_size, dma_addr_t * phys, void *metadata)
- {
- size_t len = nelem * elem_size;
-diff --git a/drivers/net/ethernet/chelsio/cxgb4/sge.c b/drivers/net/ethernet/chelsio/cxgb4/sge.c
-index 140254c..5b8a0a6 100644
---- a/drivers/net/ethernet/chelsio/cxgb4/sge.c
-+++ b/drivers/net/ethernet/chelsio/cxgb4/sge.c
-@@ -593,6 +593,9 @@ static inline void __refill_fl(struct adapter *adap, struct sge_fl *fl)
- */
- static void *alloc_ring(struct device *dev, size_t nelem, size_t elem_size,
- size_t sw_size, dma_addr_t *phys, void *metadata,
-+ size_t stat_size, int node) __size_overflow(2,4);
-+static void *alloc_ring(struct device *dev, size_t nelem, size_t elem_size,
-+ size_t sw_size, dma_addr_t *phys, void *metadata,
- size_t stat_size, int node)
- {
- size_t len = nelem * elem_size + stat_size;
-diff --git a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c b/drivers/net/ethernet/chelsio/cxgb4vf/sge.c
-index 8d5d55a..a3c3474 100644
---- a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c
-+++ b/drivers/net/ethernet/chelsio/cxgb4vf/sge.c
-@@ -730,6 +730,9 @@ static inline void __refill_fl(struct adapter *adapter, struct sge_fl *fl)
- */
- static void *alloc_ring(struct device *dev, size_t nelem, size_t hwsize,
- size_t swsize, dma_addr_t *busaddrp, void *swringp,
-+ size_t stat_size) __size_overflow(2,4);
-+static void *alloc_ring(struct device *dev, size_t nelem, size_t hwsize,
-+ size_t swsize, dma_addr_t *busaddrp, void *swringp,
- size_t stat_size)
- {
- /*
diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c
-index 871bcaa..4043505 100644
+index 4d71f5a..8004440 100644
--- a/drivers/net/ethernet/dec/tulip/de4x5.c
+++ b/drivers/net/ethernet/dec/tulip/de4x5.c
-@@ -5397,7 +5397,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
+@@ -5392,7 +5392,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
for (i=0; i<ETH_ALEN; i++) {
tmp.addr[i] = dev->dev_addr[i];
}
@@ -34695,7 +33892,7 @@ index 871bcaa..4043505 100644
break;
case DE4X5_SET_HWADDR: /* Set the hardware address */
-@@ -5437,7 +5437,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
+@@ -5432,7 +5432,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
spin_lock_irqsave(&lp->lock, flags);
memcpy(&statbuf, &lp->pktStats, ioc->len);
spin_unlock_irqrestore(&lp->lock, flags);
@@ -34718,7 +33915,7 @@ index 14d5b61..1398636 100644
"21140 MII PHY",
"21142 Serial PHY",
diff --git a/drivers/net/ethernet/dec/tulip/winbond-840.c b/drivers/net/ethernet/dec/tulip/winbond-840.c
-index 4d01219..b58d26d 100644
+index 52da7b2..4ddfe1c 100644
--- a/drivers/net/ethernet/dec/tulip/winbond-840.c
+++ b/drivers/net/ethernet/dec/tulip/winbond-840.c
@@ -236,7 +236,7 @@ struct pci_id_info {
@@ -34731,7 +33928,7 @@ index 4d01219..b58d26d 100644
"Winbond W89c840", CanHaveMII | HasBrokenTx | FDXOnNoMII},
{ "Winbond W89c840", CanHaveMII | HasBrokenTx},
diff --git a/drivers/net/ethernet/dlink/sundance.c b/drivers/net/ethernet/dlink/sundance.c
-index dcd7f7a..ecb7fb3 100644
+index 28a3a9b..d96cb63 100644
--- a/drivers/net/ethernet/dlink/sundance.c
+++ b/drivers/net/ethernet/dlink/sundance.c
@@ -218,7 +218,7 @@ enum {
@@ -34744,10 +33941,10 @@ index dcd7f7a..ecb7fb3 100644
{"D-Link DFE-550FX 100Mbps Fiber-optics Adapter"},
{"D-Link DFE-580TX 4 port Server Adapter"},
diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c
-index bf266a0..e024af7 100644
+index e703d64..d62ecf9 100644
--- a/drivers/net/ethernet/emulex/benet/be_main.c
+++ b/drivers/net/ethernet/emulex/benet/be_main.c
-@@ -397,7 +397,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val)
+@@ -402,7 +402,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val)
if (wrapped)
newacc += 65536;
@@ -34757,10 +33954,10 @@ index bf266a0..e024af7 100644
void be_parse_stats(struct be_adapter *adapter)
diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c
-index fb5579a..debdffa 100644
+index 47f85c3..82ab6c4 100644
--- a/drivers/net/ethernet/faraday/ftgmac100.c
+++ b/drivers/net/ethernet/faraday/ftgmac100.c
-@@ -30,6 +30,8 @@
+@@ -31,6 +31,8 @@
#include <linux/netdevice.h>
#include <linux/phy.h>
#include <linux/platform_device.h>
@@ -34770,10 +33967,10 @@ index fb5579a..debdffa 100644
#include "ftgmac100.h"
diff --git a/drivers/net/ethernet/faraday/ftmac100.c b/drivers/net/ethernet/faraday/ftmac100.c
-index a127cb2..0d043cd 100644
+index bb336a0..4b472da 100644
--- a/drivers/net/ethernet/faraday/ftmac100.c
+++ b/drivers/net/ethernet/faraday/ftmac100.c
-@@ -30,6 +30,8 @@
+@@ -31,6 +31,8 @@
#include <linux/module.h>
#include <linux/netdevice.h>
#include <linux/platform_device.h>
@@ -34783,7 +33980,7 @@ index a127cb2..0d043cd 100644
#include "ftmac100.h"
diff --git a/drivers/net/ethernet/fealnx.c b/drivers/net/ethernet/fealnx.c
-index 61d2bdd..7f1154a 100644
+index c82d444..0007fb4 100644
--- a/drivers/net/ethernet/fealnx.c
+++ b/drivers/net/ethernet/fealnx.c
@@ -150,7 +150,7 @@ struct chip_info {
@@ -34872,7 +34069,7 @@ index 2967039..ca8c40c 100644
enum e1000_nvm_type type;
enum e1000_nvm_override override;
diff --git a/drivers/net/ethernet/intel/igb/e1000_hw.h b/drivers/net/ethernet/intel/igb/e1000_hw.h
-index 4519a13..f97fcd0 100644
+index f67cbd3..cef9e3d 100644
--- a/drivers/net/ethernet/intel/igb/e1000_hw.h
+++ b/drivers/net/ethernet/intel/igb/e1000_hw.h
@@ -314,6 +314,7 @@ struct e1000_mac_operations {
@@ -34944,7 +34141,7 @@ index 4519a13..f97fcd0 100644
u32 timeout;
u32 usec_delay;
diff --git a/drivers/net/ethernet/intel/igbvf/vf.h b/drivers/net/ethernet/intel/igbvf/vf.h
-index d7ed58f..64cde36 100644
+index 57db3c6..aa825fc 100644
--- a/drivers/net/ethernet/intel/igbvf/vf.h
+++ b/drivers/net/ethernet/intel/igbvf/vf.h
@@ -189,9 +189,10 @@ struct e1000_mac_operations {
@@ -34977,7 +34174,7 @@ index d7ed58f..64cde36 100644
u32 timeout;
u32 usec_delay;
diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h
-index 6c5cca8..de8ef63 100644
+index 9b95bef..7e254ee 100644
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h
@@ -2708,6 +2708,7 @@ struct ixgbe_eeprom_operations {
@@ -35015,8 +34212,8 @@ index 6c5cca8..de8ef63 100644
- struct ixgbe_mac_operations ops;
+ ixgbe_mac_operations_no_const ops;
enum ixgbe_mac_type type;
- u8 addr[IXGBE_ETH_LENGTH_OF_ADDRESS];
- u8 perm_addr[IXGBE_ETH_LENGTH_OF_ADDRESS];
+ u8 addr[ETH_ALEN];
+ u8 perm_addr[ETH_ALEN];
@@ -2828,7 +2831,7 @@ struct ixgbe_mac_info {
};
@@ -35044,7 +34241,7 @@ index 6c5cca8..de8ef63 100644
u32 timeout;
u32 usec_delay;
diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.h b/drivers/net/ethernet/intel/ixgbevf/vf.h
-index 10306b4..28df758 100644
+index 25c951d..cc7cf33 100644
--- a/drivers/net/ethernet/intel/ixgbevf/vf.h
+++ b/drivers/net/ethernet/intel/ixgbevf/vf.h
@@ -70,6 +70,7 @@ struct ixgbe_mac_operations {
@@ -35082,13 +34279,13 @@ index 10306b4..28df758 100644
u32 timeout;
u32 udelay;
diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c
-index 94bbc85..78c12e6 100644
+index d498f04..1b49bed 100644
--- a/drivers/net/ethernet/mellanox/mlx4/main.c
+++ b/drivers/net/ethernet/mellanox/mlx4/main.c
-@@ -40,6 +40,7 @@
- #include <linux/dma-mapping.h>
+@@ -41,6 +41,7 @@
#include <linux/slab.h>
#include <linux/io-mapping.h>
+ #include <linux/delay.h>
+#include <linux/sched.h>
#include <linux/mlx4/device.h>
@@ -35120,10 +34317,10 @@ index 4a518a3..936b334 100644
#define VXGE_HW_VIRTUAL_PATH_HANDLE(vpath) \
((struct __vxge_hw_vpath_handle *)(vpath)->vpath_handles.next)
diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
-index 0cf2351..56c4cef 100644
+index bbacb37..d60887d 100644
--- a/drivers/net/ethernet/realtek/r8169.c
+++ b/drivers/net/ethernet/realtek/r8169.c
-@@ -698,17 +698,17 @@ struct rtl8169_private {
+@@ -695,17 +695,17 @@ struct rtl8169_private {
struct mdio_ops {
void (*write)(void __iomem *, int, int);
int (*read)(void __iomem *, int);
@@ -35145,10 +34342,10 @@ index 0cf2351..56c4cef 100644
int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv);
int (*get_settings)(struct net_device *, struct ethtool_cmd *);
diff --git a/drivers/net/ethernet/sis/sis190.c b/drivers/net/ethernet/sis/sis190.c
-index 1b4658c..a30dabb 100644
+index 5b118cd..858b523 100644
--- a/drivers/net/ethernet/sis/sis190.c
+++ b/drivers/net/ethernet/sis/sis190.c
-@@ -1624,7 +1624,7 @@ static int __devinit sis190_get_mac_addr_from_eeprom(struct pci_dev *pdev,
+@@ -1622,7 +1622,7 @@ static int __devinit sis190_get_mac_addr_from_eeprom(struct pci_dev *pdev,
static int __devinit sis190_get_mac_addr_from_apc(struct pci_dev *pdev,
struct net_device *dev)
{
@@ -35158,10 +34355,10 @@ index 1b4658c..a30dabb 100644
struct pci_dev *isa_bridge;
u8 reg, tmp8;
diff --git a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c
-index 41e6b33..8e89b0f 100644
+index c07cfe9..81cbf7e 100644
--- a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c
+++ b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c
-@@ -139,8 +139,8 @@ void dwmac_mmc_ctrl(void __iomem *ioaddr, unsigned int mode)
+@@ -140,8 +140,8 @@ void dwmac_mmc_ctrl(void __iomem *ioaddr, unsigned int mode)
writel(value, ioaddr + MMC_CNTRL);
@@ -35172,6 +34369,41 @@ index 41e6b33..8e89b0f 100644
}
/* To mask all all interrupts.*/
+diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h
+index dec5836..6d4db7d 100644
+--- a/drivers/net/hyperv/hyperv_net.h
++++ b/drivers/net/hyperv/hyperv_net.h
+@@ -97,7 +97,7 @@ struct rndis_device {
+
+ enum rndis_device_state state;
+ bool link_state;
+- atomic_t new_req_id;
++ atomic_unchecked_t new_req_id;
+
+ spinlock_t request_lock;
+ struct list_head req_list;
+diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c
+index 133b7fb..d58c559 100644
+--- a/drivers/net/hyperv/rndis_filter.c
++++ b/drivers/net/hyperv/rndis_filter.c
+@@ -96,7 +96,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev,
+ * template
+ */
+ set = &rndis_msg->msg.set_req;
+- set->req_id = atomic_inc_return(&dev->new_req_id);
++ set->req_id = atomic_inc_return_unchecked(&dev->new_req_id);
+
+ /* Add to the request list */
+ spin_lock_irqsave(&dev->request_lock, flags);
+@@ -627,7 +627,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev)
+
+ /* Setup the rndis set */
+ halt = &request->request_msg.msg.halt_req;
+- halt->req_id = atomic_inc_return(&dev->new_req_id);
++ halt->req_id = atomic_inc_return_unchecked(&dev->new_req_id);
+
+ /* Ignore return since this msg is optional. */
+ rndis_filter_send_request(dev, request);
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index 486b404..0d6677d 100644
--- a/drivers/net/ppp/ppp_generic.c
@@ -35271,62 +34503,8 @@ index 46db5c5..37c1536 100644
err = platform_driver_register(&sk_isa_driver);
if (err)
-diff --git a/drivers/net/tun.c b/drivers/net/tun.c
-index 7bea9c6..7ef073c 100644
---- a/drivers/net/tun.c
-+++ b/drivers/net/tun.c
-@@ -359,7 +359,7 @@ static void tun_free_netdev(struct net_device *dev)
- {
- struct tun_struct *tun = netdev_priv(dev);
-
-- sock_put(tun->socket.sk);
-+ sk_release_kernel(tun->socket.sk);
- }
-
- /* Net device open. */
-@@ -979,10 +979,18 @@ static int tun_recvmsg(struct kiocb *iocb, struct socket *sock,
- return ret;
- }
-
-+static int tun_release(struct socket *sock)
-+{
-+ if (sock->sk)
-+ sock_put(sock->sk);
-+ return 0;
-+}
-+
- /* Ops structure to mimic raw sockets with tun */
- static const struct proto_ops tun_socket_ops = {
- .sendmsg = tun_sendmsg,
- .recvmsg = tun_recvmsg,
-+ .release = tun_release,
- };
-
- static struct proto tun_proto = {
-@@ -1109,10 +1117,11 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
- tun->vnet_hdr_sz = sizeof(struct virtio_net_hdr);
-
- err = -ENOMEM;
-- sk = sk_alloc(net, AF_UNSPEC, GFP_KERNEL, &tun_proto);
-+ sk = sk_alloc(&init_net, AF_UNSPEC, GFP_KERNEL, &tun_proto);
- if (!sk)
- goto err_free_dev;
-
-+ sk_change_net(sk, net);
- tun->socket.wq = &tun->wq;
- init_waitqueue_head(&tun->wq.wait);
- tun->socket.ops = &tun_socket_ops;
-@@ -1173,7 +1182,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
- return 0;
-
- err_free_sk:
-- sock_put(sk);
-+ tun_free_netdev(dev);
- err_free_dev:
- free_netdev(dev);
- failed:
diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
-index 304fe78..db112fa 100644
+index e1324b4..e1b0041 100644
--- a/drivers/net/usb/hso.c
+++ b/drivers/net/usb/hso.c
@@ -71,7 +71,7 @@
@@ -35425,22 +34603,8 @@ index 304fe78..db112fa 100644
result =
hso_start_serial_device(serial_table[i], GFP_NOIO);
hso_kick_transmit(dev2ser(serial_table[i]));
-diff --git a/drivers/net/vmxnet3/vmxnet3_ethtool.c b/drivers/net/vmxnet3/vmxnet3_ethtool.c
-index e662cbc..8d4a102 100644
---- a/drivers/net/vmxnet3/vmxnet3_ethtool.c
-+++ b/drivers/net/vmxnet3/vmxnet3_ethtool.c
-@@ -601,8 +601,7 @@ vmxnet3_set_rss_indir(struct net_device *netdev,
- * Return with error code if any of the queue indices
- * is out of range
- */
-- if (p->ring_index[i] < 0 ||
-- p->ring_index[i] >= adapter->num_rx_queues)
-+ if (p->ring_index[i] >= adapter->num_rx_queues)
- return -EINVAL;
- }
-
diff --git a/drivers/net/wireless/ath/ath.h b/drivers/net/wireless/ath/ath.h
-index 0f9ee46..e2d6e65 100644
+index efc0111..79c8f5b 100644
--- a/drivers/net/wireless/ath/ath.h
+++ b/drivers/net/wireless/ath/ath.h
@@ -119,6 +119,7 @@ struct ath_ops {
@@ -35451,22 +34615,8 @@ index 0f9ee46..e2d6e65 100644
struct ath_common;
struct ath_bus_ops;
-diff --git a/drivers/net/wireless/ath/ath5k/debug.c b/drivers/net/wireless/ath/ath5k/debug.c
-index 8c5ce8b..abf101b 100644
---- a/drivers/net/wireless/ath/ath5k/debug.c
-+++ b/drivers/net/wireless/ath/ath5k/debug.c
-@@ -343,6 +343,9 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf,
-
- static ssize_t write_file_debug(struct file *file,
- const char __user *userbuf,
-+ size_t count, loff_t *ppos) __size_overflow(3);
-+static ssize_t write_file_debug(struct file *file,
-+ const char __user *userbuf,
- size_t count, loff_t *ppos)
- {
- struct ath5k_hw *ah = file->private_data;
diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c
-index b592016..fe47870 100644
+index 7b6417b..ab5db98 100644
--- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c
+++ b/drivers/net/wireless/ath/ath9k/ar9002_mac.c
@@ -183,8 +183,8 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
@@ -35549,7 +34699,7 @@ index b592016..fe47870 100644
| set11nRateFlags(i->rates, 2)
| set11nRateFlags(i->rates, 3)
diff --git a/drivers/net/wireless/ath/ath9k/ar9003_mac.c b/drivers/net/wireless/ath/ath9k/ar9003_mac.c
-index f5ae3c6..7936af3 100644
+index 09b8c9d..905339e 100644
--- a/drivers/net/wireless/ath/ath9k/ar9003_mac.c
+++ b/drivers/net/wireless/ath/ath9k/ar9003_mac.c
@@ -35,47 +35,47 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i)
@@ -35670,37 +34820,11 @@ index f5ae3c6..7936af3 100644
}
static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads)
-diff --git a/drivers/net/wireless/ath/ath9k/debug.c b/drivers/net/wireless/ath/ath9k/debug.c
-index 2741203..837a960 100644
---- a/drivers/net/wireless/ath/ath9k/debug.c
-+++ b/drivers/net/wireless/ath/ath9k/debug.c
-@@ -60,6 +60,8 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf,
- }
-
- static ssize_t write_file_debug(struct file *file, const char __user *user_buf,
-+ size_t count, loff_t *ppos) __size_overflow(3);
-+static ssize_t write_file_debug(struct file *file, const char __user *user_buf,
- size_t count, loff_t *ppos)
- {
- struct ath_softc *sc = file->private_data;
-diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_debug.c b/drivers/net/wireless/ath/ath9k/htc_drv_debug.c
-index d3ff33c..c98bcda 100644
---- a/drivers/net/wireless/ath/ath9k/htc_drv_debug.c
-+++ b/drivers/net/wireless/ath/ath9k/htc_drv_debug.c
-@@ -464,6 +464,8 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf,
- }
-
- static ssize_t write_file_debug(struct file *file, const char __user *user_buf,
-+ size_t count, loff_t *ppos) __size_overflow(3);
-+static ssize_t write_file_debug(struct file *file, const char __user *user_buf,
- size_t count, loff_t *ppos)
- {
- struct ath9k_htc_priv *priv = file->private_data;
diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h
-index 1bd8edf..10c6d30 100644
+index c8261d4..8d88929 100644
--- a/drivers/net/wireless/ath/ath9k/hw.h
+++ b/drivers/net/wireless/ath/ath9k/hw.h
-@@ -605,7 +605,7 @@ struct ath_hw_private_ops {
+@@ -773,7 +773,7 @@ struct ath_hw_private_ops {
/* ANI */
void (*ani_cache_ini_regs)(struct ath_hw *ah);
@@ -35709,7 +34833,7 @@ index 1bd8edf..10c6d30 100644
/**
* struct ath_hw_ops - callbacks used by hardware code and driver code
-@@ -635,7 +635,7 @@ struct ath_hw_ops {
+@@ -803,7 +803,7 @@ struct ath_hw_ops {
void (*antdiv_comb_conf_set)(struct ath_hw *ah,
struct ath_hw_antcomb_conf *antconf);
@@ -35718,7 +34842,7 @@ index 1bd8edf..10c6d30 100644
struct ath_nf_limits {
s16 max;
-@@ -655,7 +655,7 @@ enum ath_cal_list {
+@@ -823,7 +823,7 @@ enum ath_cal_list {
#define AH_FASTCC 0x4
struct ath_hw {
@@ -35728,10 +34852,10 @@ index 1bd8edf..10c6d30 100644
struct ieee80211_hw *hw;
struct ath_common common;
diff --git a/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h b/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h
-index bea8524..c677c06 100644
+index af00e2c..ab04d34 100644
--- a/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h
+++ b/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h
-@@ -547,7 +547,7 @@ struct phy_func_ptr {
+@@ -545,7 +545,7 @@ struct phy_func_ptr {
void (*carrsuppr)(struct brcms_phy *);
s32 (*rxsigpwr)(struct brcms_phy *, s32);
void (*detach)(struct brcms_phy *);
@@ -35740,26 +34864,26 @@ index bea8524..c677c06 100644
struct brcms_phy {
struct brcms_phy_pub pubpi_ro;
-diff --git a/drivers/net/wireless/iwlegacy/iwl3945-base.c b/drivers/net/wireless/iwlegacy/iwl3945-base.c
-index 05f2ad1..ae00eea 100644
---- a/drivers/net/wireless/iwlegacy/iwl3945-base.c
-+++ b/drivers/net/wireless/iwlegacy/iwl3945-base.c
-@@ -3685,7 +3685,9 @@ static int iwl3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *e
+diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c
+index a7dfba8..e28eacd 100644
+--- a/drivers/net/wireless/iwlegacy/3945-mac.c
++++ b/drivers/net/wireless/iwlegacy/3945-mac.c
+@@ -3647,7 +3647,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
*/
- if (iwl3945_mod_params.disable_hw_scan) {
- IWL_DEBUG_INFO(priv, "Disabling hw_scan\n");
-- iwl3945_hw_ops.hw_scan = NULL;
+ if (il3945_mod_params.disable_hw_scan) {
+ D_INFO("Disabling hw_scan\n");
+- il3945_hw_ops.hw_scan = NULL;
+ pax_open_kernel();
-+ *(void **)&iwl3945_hw_ops.hw_scan = NULL;
++ *(void **)&il3945_hw_ops.hw_scan = NULL;
+ pax_close_kernel();
}
- IWL_DEBUG_INFO(priv, "*** LOAD DRIVER ***\n");
+ D_INFO("*** LOAD DRIVER ***\n");
diff --git a/drivers/net/wireless/iwlwifi/iwl-debug.h b/drivers/net/wireless/iwlwifi/iwl-debug.h
-index 69a77e2..552b42c 100644
+index f8fc239..8cade22 100644
--- a/drivers/net/wireless/iwlwifi/iwl-debug.h
+++ b/drivers/net/wireless/iwlwifi/iwl-debug.h
-@@ -71,8 +71,8 @@ do { \
+@@ -86,8 +86,8 @@ do { \
} while (0)
#else
@@ -35768,13 +34892,13 @@ index 69a77e2..552b42c 100644
+#define IWL_DEBUG(m, level, fmt, args...) do {} while (0)
+#define IWL_DEBUG_LIMIT(m, level, fmt, args...) do {} while (0)
#define iwl_print_hex_dump(m, level, p, len)
- #endif /* CONFIG_IWLWIFI_DEBUG */
-
+ #define IWL_DEBUG_QUIET_RFKILL(p, fmt, args...) \
+ do { \
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
-index 523ad55..f8c5dc5 100644
+index 4b9e730..7603659 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
-@@ -1678,9 +1678,11 @@ static int __init init_mac80211_hwsim(void)
+@@ -1677,9 +1677,11 @@ static int __init init_mac80211_hwsim(void)
return -EINVAL;
if (fake_hw_scan) {
@@ -35790,10 +34914,10 @@ index 523ad55..f8c5dc5 100644
spin_lock_init(&hwsim_radio_lock);
diff --git a/drivers/net/wireless/mwifiex/main.h b/drivers/net/wireless/mwifiex/main.h
-index 30f138b..c904585 100644
+index 3186aa4..b35b09f 100644
--- a/drivers/net/wireless/mwifiex/main.h
+++ b/drivers/net/wireless/mwifiex/main.h
-@@ -543,7 +543,7 @@ struct mwifiex_if_ops {
+@@ -536,7 +536,7 @@ struct mwifiex_if_ops {
void (*cleanup_mpa_buf) (struct mwifiex_adapter *);
int (*cmdrsp_complete) (struct mwifiex_adapter *, struct sk_buff *);
int (*event_complete) (struct mwifiex_adapter *, struct sk_buff *);
@@ -35803,10 +34927,10 @@ index 30f138b..c904585 100644
struct mwifiex_adapter {
u8 iface_type;
diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c
-index 0c13840..a5c3ed6 100644
+index a330c69..a81540f 100644
--- a/drivers/net/wireless/rndis_wlan.c
+++ b/drivers/net/wireless/rndis_wlan.c
-@@ -1275,7 +1275,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold)
+@@ -1278,7 +1278,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold)
netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold);
@@ -35881,7 +35005,7 @@ index c0cc4e7..44d4e54 100644
}
diff --git a/drivers/oprofile/oprof.c b/drivers/oprofile/oprof.c
-index f8c752e..28bf4fc 100644
+index ed2c3ec..deda85a 100644
--- a/drivers/oprofile/oprof.c
+++ b/drivers/oprofile/oprof.c
@@ -110,7 +110,7 @@ static void switch_worker(struct work_struct *work)
@@ -35893,42 +35017,6 @@ index f8c752e..28bf4fc 100644
start_switch_worker();
}
-diff --git a/drivers/oprofile/oprofile_files.c b/drivers/oprofile/oprofile_files.c
-index 84a208d..f07d177 100644
---- a/drivers/oprofile/oprofile_files.c
-+++ b/drivers/oprofile/oprofile_files.c
-@@ -36,6 +36,8 @@ static ssize_t timeout_read(struct file *file, char __user *buf,
-
-
- static ssize_t timeout_write(struct file *file, char const __user *buf,
-+ size_t count, loff_t *offset) __size_overflow(3);
-+static ssize_t timeout_write(struct file *file, char const __user *buf,
- size_t count, loff_t *offset)
- {
- unsigned long val;
-@@ -72,6 +74,7 @@ static ssize_t depth_read(struct file *file, char __user *buf, size_t count, lof
- }
-
-
-+static ssize_t depth_write(struct file *file, char const __user *buf, size_t count, loff_t *offset) __size_overflow(3);
- static ssize_t depth_write(struct file *file, char const __user *buf, size_t count, loff_t *offset)
- {
- unsigned long val;
-@@ -126,12 +129,14 @@ static const struct file_operations cpu_type_fops = {
- };
-
-
-+static ssize_t enable_read(struct file *file, char __user *buf, size_t count, loff_t *offset) __size_overflow(3);
- static ssize_t enable_read(struct file *file, char __user *buf, size_t count, loff_t *offset)
- {
- return oprofilefs_ulong_to_user(oprofile_started, buf, count, offset);
- }
-
-
-+static ssize_t enable_write(struct file *file, char const __user *buf, size_t count, loff_t *offset) __size_overflow(3);
- static ssize_t enable_write(struct file *file, char const __user *buf, size_t count, loff_t *offset)
- {
- unsigned long val;
diff --git a/drivers/oprofile/oprofile_stats.c b/drivers/oprofile/oprofile_stats.c
index 917d28e..d62d981 100644
--- a/drivers/oprofile/oprofile_stats.c
@@ -35972,18 +35060,10 @@ index 38b6fc0..b5cbfce 100644
extern struct oprofile_stat_struct oprofile_stats;
diff --git a/drivers/oprofile/oprofilefs.c b/drivers/oprofile/oprofilefs.c
-index 2f0aa0f..d5246c3 100644
+index 2f0aa0f..90fab02 100644
--- a/drivers/oprofile/oprofilefs.c
+++ b/drivers/oprofile/oprofilefs.c
-@@ -97,6 +97,7 @@ static ssize_t ulong_read_file(struct file *file, char __user *buf, size_t count
- }
-
-
-+static ssize_t ulong_write_file(struct file *file, char const __user *buf, size_t count, loff_t *offset) __size_overflow(3);
- static ssize_t ulong_write_file(struct file *file, char const __user *buf, size_t count, loff_t *offset)
- {
- unsigned long value;
-@@ -193,7 +194,7 @@ static const struct file_operations atomic_ro_fops = {
+@@ -193,7 +193,7 @@ static const struct file_operations atomic_ro_fops = {
int oprofilefs_create_ro_atomic(struct super_block *sb, struct dentry *root,
@@ -36063,7 +35143,7 @@ index 24f049e..051f66e 100644
#define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1)
diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
-index dfee1b3..a454fb6 100644
+index 71eac9c..2de27ef 100644
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -136,7 +136,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type,
@@ -36096,21 +35176,8 @@ index 27911b5..5b6db88 100644
proc_create("devices", 0, proc_bus_pci_dir,
&proc_bus_pci_dev_operations);
proc_initialized = 1;
-diff --git a/drivers/platform/x86/asus_acpi.c b/drivers/platform/x86/asus_acpi.c
-index d9312b3..59f63f2 100644
---- a/drivers/platform/x86/asus_acpi.c
-+++ b/drivers/platform/x86/asus_acpi.c
-@@ -887,6 +887,8 @@ static int lcd_proc_open(struct inode *inode, struct file *file)
- }
-
- static ssize_t lcd_proc_write(struct file *file, const char __user *buffer,
-+ size_t count, loff_t *pos) __size_overflow(3);
-+static ssize_t lcd_proc_write(struct file *file, const char __user *buffer,
- size_t count, loff_t *pos)
- {
- int rv, value;
diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
-index 7b82868..b9344c9 100644
+index ea0c607..58c4628 100644
--- a/drivers/platform/x86/thinkpad_acpi.c
+++ b/drivers/platform/x86/thinkpad_acpi.c
@@ -2094,7 +2094,7 @@ static int hotkey_mask_get(void)
@@ -36241,19 +35308,6 @@ index 7b82868..b9344c9 100644
/*
* Polling driver
-diff --git a/drivers/platform/x86/toshiba_acpi.c b/drivers/platform/x86/toshiba_acpi.c
-index dcdc1f4..85cee16 100644
---- a/drivers/platform/x86/toshiba_acpi.c
-+++ b/drivers/platform/x86/toshiba_acpi.c
-@@ -517,6 +517,8 @@ static int set_lcd_status(struct backlight_device *bd)
- }
-
- static ssize_t lcd_proc_write(struct file *file, const char __user *buf,
-+ size_t count, loff_t *pos) __size_overflow(3);
-+static ssize_t lcd_proc_write(struct file *file, const char __user *buf,
- size_t count, loff_t *pos)
- {
- struct toshiba_acpi_dev *dev = PDE(file->f_path.dentry->d_inode)->data;
diff --git a/drivers/pnp/pnpbios/bioscalls.c b/drivers/pnp/pnpbios/bioscalls.c
index b859d16..5cc6b1a 100644
--- a/drivers/pnp/pnpbios/bioscalls.c
@@ -36337,10 +35391,10 @@ index b0ecacb..7c9da2e 100644
/* check if the resource is reserved */
diff --git a/drivers/power/bq27x00_battery.c b/drivers/power/bq27x00_battery.c
-index bb16f5b..c751eef 100644
+index 1ed6ea0..77c0bd2 100644
--- a/drivers/power/bq27x00_battery.c
+++ b/drivers/power/bq27x00_battery.c
-@@ -67,7 +67,7 @@
+@@ -72,7 +72,7 @@
struct bq27x00_device_info;
struct bq27x00_access_methods {
int (*read)(struct bq27x00_device_info *di, u8 reg, bool single);
@@ -36350,7 +35404,7 @@ index bb16f5b..c751eef 100644
enum bq27x00_chip { BQ27000, BQ27500 };
diff --git a/drivers/regulator/max8660.c b/drivers/regulator/max8660.c
-index 33f5d9a..d957d3f 100644
+index a838e66..a9e1665 100644
--- a/drivers/regulator/max8660.c
+++ b/drivers/regulator/max8660.c
@@ -383,8 +383,10 @@ static int __devinit max8660_probe(struct i2c_client *client,
@@ -36367,10 +35421,10 @@ index 33f5d9a..d957d3f 100644
/*
diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c
-index 023d17d..74ef35b 100644
+index e8cfc99..072aee2 100644
--- a/drivers/regulator/mc13892-regulator.c
+++ b/drivers/regulator/mc13892-regulator.c
-@@ -565,10 +565,12 @@ static int __devinit mc13892_regulator_probe(struct platform_device *pdev)
+@@ -574,10 +574,12 @@ static int __devinit mc13892_regulator_probe(struct platform_device *pdev)
}
mc13xxx_unlock(mc13892);
@@ -36382,9 +35436,9 @@ index 023d17d..74ef35b 100644
+ *(void **)&mc13892_regulators[MC13892_VCAM].desc.ops->get_mode
= mc13892_vcam_get_mode;
+ pax_close_kernel();
- for (i = 0; i < pdata->num_regulators; i++) {
- init_data = &pdata->regulators[i];
- priv->regulators[i] = regulator_register(
+
+ mc13xxx_data = mc13xxx_parse_regulators_dt(pdev, mc13892_regulators,
+ ARRAY_SIZE(mc13892_regulators));
diff --git a/drivers/rtc/rtc-dev.c b/drivers/rtc/rtc-dev.c
index cace6d3..f623fda 100644
--- a/drivers/rtc/rtc-dev.c
@@ -36459,10 +35513,10 @@ index a796de9..1ef20e1 100644
struct bfa_faa_cbfn_s {
diff --git a/drivers/scsi/bfa/bfa_fcpim.c b/drivers/scsi/bfa/bfa_fcpim.c
-index e07bd47..cd1bbbb 100644
+index f0f80e2..8ec946b 100644
--- a/drivers/scsi/bfa/bfa_fcpim.c
+++ b/drivers/scsi/bfa/bfa_fcpim.c
-@@ -4121,7 +4121,7 @@ bfa_fcp_attach(struct bfa_s *bfa, void *bfad, struct bfa_iocfc_cfg_s *cfg,
+@@ -3715,7 +3715,7 @@ bfa_fcp_attach(struct bfa_s *bfa, void *bfad, struct bfa_iocfc_cfg_s *cfg,
bfa_iotag_attach(fcp);
@@ -36471,7 +35525,7 @@ index e07bd47..cd1bbbb 100644
bfa_mem_kva_curp(fcp) = (u8 *)fcp->itn_arr +
(fcp->num_itns * sizeof(struct bfa_itn_s));
memset(fcp->itn_arr, 0,
-@@ -4179,7 +4179,7 @@ bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport,
+@@ -3773,7 +3773,7 @@ bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport,
void (*isr)(struct bfa_s *bfa, struct bfi_msg_s *m))
{
struct bfa_fcp_mod_s *fcp = BFA_FCP_MOD(bfa);
@@ -36481,7 +35535,7 @@ index e07bd47..cd1bbbb 100644
itn = BFA_ITN_FROM_TAG(fcp, rport->rport_tag);
itn->isr = isr;
diff --git a/drivers/scsi/bfa/bfa_fcpim.h b/drivers/scsi/bfa/bfa_fcpim.h
-index 1080bcb..a3b39e3 100644
+index 36f26da..38a34a8 100644
--- a/drivers/scsi/bfa/bfa_fcpim.h
+++ b/drivers/scsi/bfa/bfa_fcpim.h
@@ -37,6 +37,7 @@ struct bfa_iotag_s {
@@ -36492,7 +35546,7 @@ index 1080bcb..a3b39e3 100644
void bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport,
void (*isr)(struct bfa_s *bfa, struct bfi_msg_s *m));
-@@ -149,7 +150,7 @@ struct bfa_fcp_mod_s {
+@@ -147,7 +148,7 @@ struct bfa_fcp_mod_s {
struct list_head iotag_tio_free_q; /* free IO resources */
struct list_head iotag_unused_q; /* unused IO resources*/
struct bfa_iotag_s *iotag_arr;
@@ -36546,10 +35600,10 @@ index 351dc0b..951dc32 100644
/* These three are default values which can be overridden */
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
-index 865d452..e9b7fa7 100644
+index b96962c..0c82ec2 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
-@@ -505,7 +505,7 @@ static inline u32 next_command(struct ctlr_info *h)
+@@ -507,7 +507,7 @@ static inline u32 next_command(struct ctlr_info *h)
u32 a;
if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant)))
@@ -36558,7 +35612,7 @@ index 865d452..e9b7fa7 100644
if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) {
a = *(h->reply_pool_head); /* Next cmd in ring buffer */
-@@ -2989,7 +2989,7 @@ static void start_io(struct ctlr_info *h)
+@@ -2991,7 +2991,7 @@ static void start_io(struct ctlr_info *h)
while (!list_empty(&h->reqQ)) {
c = list_entry(h->reqQ.next, struct CommandList, list);
/* can't do anything if fifo is full */
@@ -36567,7 +35621,7 @@ index 865d452..e9b7fa7 100644
dev_warn(&h->pdev->dev, "fifo full\n");
break;
}
-@@ -2999,7 +2999,7 @@ static void start_io(struct ctlr_info *h)
+@@ -3001,7 +3001,7 @@ static void start_io(struct ctlr_info *h)
h->Qdepth--;
/* Tell the controller execute command */
@@ -36576,7 +35630,7 @@ index 865d452..e9b7fa7 100644
/* Put job onto the completed Q */
addQ(&h->cmpQ, c);
-@@ -3008,17 +3008,17 @@ static void start_io(struct ctlr_info *h)
+@@ -3010,17 +3010,17 @@ static void start_io(struct ctlr_info *h)
static inline unsigned long get_next_completion(struct ctlr_info *h)
{
@@ -36597,7 +35651,7 @@ index 865d452..e9b7fa7 100644
(h->interrupts_enabled == 0);
}
-@@ -3917,7 +3917,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h)
+@@ -3919,7 +3919,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h)
if (prod_index < 0)
return -ENODEV;
h->product_name = products[prod_index].product_name;
@@ -36606,7 +35660,7 @@ index 865d452..e9b7fa7 100644
if (hpsa_board_disabled(h->pdev)) {
dev_warn(&h->pdev->dev, "controller appears to be disabled\n");
-@@ -4162,7 +4162,7 @@ static void controller_lockup_detected(struct ctlr_info *h)
+@@ -4164,7 +4164,7 @@ static void controller_lockup_detected(struct ctlr_info *h)
assert_spin_locked(&lockup_detector_lock);
remove_ctlr_from_lockup_detector_list(h);
@@ -36615,7 +35669,7 @@ index 865d452..e9b7fa7 100644
spin_lock_irqsave(&h->lock, flags);
h->lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET);
spin_unlock_irqrestore(&h->lock, flags);
-@@ -4340,7 +4340,7 @@ reinit_after_soft_reset:
+@@ -4344,7 +4344,7 @@ reinit_after_soft_reset:
}
/* make sure the board interrupts are off */
@@ -36624,7 +35678,7 @@ index 865d452..e9b7fa7 100644
if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx))
goto clean2;
-@@ -4374,7 +4374,7 @@ reinit_after_soft_reset:
+@@ -4378,7 +4378,7 @@ reinit_after_soft_reset:
* fake ones to scoop up any residual completions.
*/
spin_lock_irqsave(&h->lock, flags);
@@ -36633,7 +35687,7 @@ index 865d452..e9b7fa7 100644
spin_unlock_irqrestore(&h->lock, flags);
free_irq(h->intr[h->intr_mode], h);
rc = hpsa_request_irq(h, hpsa_msix_discard_completions,
-@@ -4393,9 +4393,9 @@ reinit_after_soft_reset:
+@@ -4397,9 +4397,9 @@ reinit_after_soft_reset:
dev_info(&h->pdev->dev, "Board READY.\n");
dev_info(&h->pdev->dev,
"Waiting for stale completions to drain.\n");
@@ -36645,7 +35699,7 @@ index 865d452..e9b7fa7 100644
rc = controller_reset_failed(h->cfgtable);
if (rc)
-@@ -4416,7 +4416,7 @@ reinit_after_soft_reset:
+@@ -4420,7 +4420,7 @@ reinit_after_soft_reset:
}
/* Turn the interrupts on so we can service requests */
@@ -36654,7 +35708,7 @@ index 865d452..e9b7fa7 100644
hpsa_hba_inquiry(h);
hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */
-@@ -4468,7 +4468,7 @@ static void hpsa_shutdown(struct pci_dev *pdev)
+@@ -4472,7 +4472,7 @@ static void hpsa_shutdown(struct pci_dev *pdev)
* To write all data in the battery backed cache to disks
*/
hpsa_flush_cache(h);
@@ -36663,7 +35717,7 @@ index 865d452..e9b7fa7 100644
free_irq(h->intr[h->intr_mode], h);
#ifdef CONFIG_PCI_MSI
if (h->msix_vector)
-@@ -4632,7 +4632,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h,
+@@ -4636,7 +4636,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h,
return;
}
/* Change the access methods to the performant access methods */
@@ -36699,7 +35753,7 @@ index f2df059..a3a9930 100644
typedef struct ips_ha {
uint8_t ha_id[IPS_MAX_CHANNELS+1];
diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c
-index 9de9db2..1e09660 100644
+index 4d70d96..84d0573 100644
--- a/drivers/scsi/libfc/fc_exch.c
+++ b/drivers/scsi/libfc/fc_exch.c
@@ -105,12 +105,12 @@ struct fc_exch_mgr {
@@ -36837,10 +35891,10 @@ index db9238f..4378ed2 100644
.qc_issue = sas_ata_qc_issue,
.qc_fill_rtf = sas_ata_qc_fill_rtf,
diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h
-index bb4c8e0..f33d849 100644
+index 825f930..ce42672 100644
--- a/drivers/scsi/lpfc/lpfc.h
+++ b/drivers/scsi/lpfc/lpfc.h
-@@ -425,7 +425,7 @@ struct lpfc_vport {
+@@ -413,7 +413,7 @@ struct lpfc_vport {
struct dentry *debug_nodelist;
struct dentry *vport_debugfs_root;
struct lpfc_debugfs_trc *disc_trc;
@@ -36849,7 +35903,7 @@ index bb4c8e0..f33d849 100644
#endif
uint8_t stat_data_enabled;
uint8_t stat_data_blocked;
-@@ -835,8 +835,8 @@ struct lpfc_hba {
+@@ -821,8 +821,8 @@ struct lpfc_hba {
struct timer_list fabric_block_timer;
unsigned long bit_flags;
#define FABRIC_COMANDS_BLOCKED 0
@@ -36860,7 +35914,7 @@ index bb4c8e0..f33d849 100644
unsigned long last_rsrc_error_time;
unsigned long last_ramp_down_time;
unsigned long last_ramp_up_time;
-@@ -866,7 +866,7 @@ struct lpfc_hba {
+@@ -852,7 +852,7 @@ struct lpfc_hba {
struct dentry *debug_slow_ring_trc;
struct lpfc_debugfs_trc *slow_ring_trc;
@@ -36870,7 +35924,7 @@ index bb4c8e0..f33d849 100644
struct dentry *idiag_root;
struct dentry *idiag_pci_cfg;
diff --git a/drivers/scsi/lpfc/lpfc_debugfs.c b/drivers/scsi/lpfc/lpfc_debugfs.c
-index 2838259..a07cfb5 100644
+index 3587a3f..d45b81b 100644
--- a/drivers/scsi/lpfc/lpfc_debugfs.c
+++ b/drivers/scsi/lpfc/lpfc_debugfs.c
@@ -106,7 +106,7 @@ MODULE_PARM_DESC(lpfc_debugfs_mask_disc_trc,
@@ -36934,7 +35988,7 @@ index 2838259..a07cfb5 100644
dtp->jif = jiffies;
#endif
return;
-@@ -3986,7 +3986,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport)
+@@ -4040,7 +4040,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport)
"slow_ring buffer\n");
goto debug_failed;
}
@@ -36943,7 +35997,7 @@ index 2838259..a07cfb5 100644
memset(phba->slow_ring_trc, 0,
(sizeof(struct lpfc_debugfs_trc) *
lpfc_debugfs_max_slow_ring_trc));
-@@ -4032,7 +4032,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport)
+@@ -4086,7 +4086,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport)
"buffer\n");
goto debug_failed;
}
@@ -36953,10 +36007,10 @@ index 2838259..a07cfb5 100644
snprintf(name, sizeof(name), "discovery_trace");
vport->debug_disc_trc =
diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
-index 55bc4fc..a2a109c 100644
+index dfea2da..8e17227 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
-@@ -10027,8 +10027,10 @@ lpfc_init(void)
+@@ -10145,8 +10145,10 @@ lpfc_init(void)
printk(LPFC_COPYRIGHT "\n");
if (lpfc_enable_npiv) {
@@ -36970,7 +36024,7 @@ index 55bc4fc..a2a109c 100644
lpfc_transport_template =
fc_attach_transport(&lpfc_transport_functions);
diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c
-index 2e1e54e..1af0a0d 100644
+index c60f5d0..751535c 100644
--- a/drivers/scsi/lpfc/lpfc_scsi.c
+++ b/drivers/scsi/lpfc/lpfc_scsi.c
@@ -305,7 +305,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba)
@@ -37025,7 +36079,7 @@ index 2e1e54e..1af0a0d 100644
/**
diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c
-index 5163edb..7b142bc 100644
+index ea8a0b4..812a124 100644
--- a/drivers/scsi/pmcraid.c
+++ b/drivers/scsi/pmcraid.c
@@ -200,8 +200,8 @@ static int pmcraid_slave_alloc(struct scsi_device *scsi_dev)
@@ -37132,23 +36186,23 @@ index ca496c7..9c791d5 100644
/* To indicate add/delete/modify during CCN */
u8 change_detected;
diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h
-index fcf052c..a8025a4 100644
+index af1003f..be55a75 100644
--- a/drivers/scsi/qla2xxx/qla_def.h
+++ b/drivers/scsi/qla2xxx/qla_def.h
-@@ -2244,7 +2244,7 @@ struct isp_operations {
- int (*get_flash_version) (struct scsi_qla_host *, void *);
+@@ -2247,7 +2247,7 @@ struct isp_operations {
int (*start_scsi) (srb_t *);
int (*abort_isp) (struct scsi_qla_host *);
+ int (*iospace_config)(struct qla_hw_data*);
-};
+} __no_const;
/* MSI-X Support *************************************************************/
diff --git a/drivers/scsi/qla4xxx/ql4_def.h b/drivers/scsi/qla4xxx/ql4_def.h
-index fd5edc6..4906148 100644
+index bfe6854..ceac088 100644
--- a/drivers/scsi/qla4xxx/ql4_def.h
+++ b/drivers/scsi/qla4xxx/ql4_def.h
-@@ -258,7 +258,7 @@ struct ddb_entry {
+@@ -261,7 +261,7 @@ struct ddb_entry {
* (4000 only) */
atomic_t relogin_timer; /* Max Time to wait for
* relogin to complete */
@@ -37158,10 +36212,10 @@ index fd5edc6..4906148 100644
uint32_t default_time2wait; /* Default Min time between
* relogins (+aens) */
diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
-index 4169c8b..a8b896b 100644
+index ce6d3b7..73fac54 100644
--- a/drivers/scsi/qla4xxx/ql4_os.c
+++ b/drivers/scsi/qla4xxx/ql4_os.c
-@@ -2104,12 +2104,12 @@ void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess)
+@@ -2178,12 +2178,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess)
*/
if (!iscsi_is_session_online(cls_sess)) {
/* Reset retry relogin timer */
@@ -37176,15 +36230,15 @@ index 4169c8b..a8b896b 100644
ddb_entry->default_time2wait + 4));
set_bit(DPC_RELOGIN_DEVICE, &ha->dpc_flags);
atomic_set(&ddb_entry->retry_relogin_timer,
-@@ -3835,7 +3835,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha,
+@@ -3953,7 +3953,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha,
atomic_set(&ddb_entry->retry_relogin_timer, INVALID_ENTRY);
atomic_set(&ddb_entry->relogin_timer, 0);
- atomic_set(&ddb_entry->relogin_retry_count, 0);
+ atomic_set_unchecked(&ddb_entry->relogin_retry_count, 0);
-
+ def_timeout = le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout);
ddb_entry->default_relogin_timeout =
- le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout);
+ (def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ?
diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
index 2aeb2e9..46e3925 100644
--- a/drivers/scsi/scsi.c
@@ -37199,10 +36253,10 @@ index 2aeb2e9..46e3925 100644
/* check if the device is still usable */
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
-index f85cfa6..a57c9e8 100644
+index b2c95db..227d74e 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
-@@ -1416,7 +1416,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
+@@ -1411,7 +1411,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
shost = sdev->host;
scsi_init_cmd_errh(cmd);
cmd->result = DID_NO_CONNECT << 16;
@@ -37211,7 +36265,7 @@ index f85cfa6..a57c9e8 100644
/*
* SCSI request completion path will do scsi_device_unbusy(),
-@@ -1442,9 +1442,9 @@ static void scsi_softirq_done(struct request *rq)
+@@ -1437,9 +1437,9 @@ static void scsi_softirq_done(struct request *rq)
INIT_LIST_HEAD(&cmd->eh_entry);
@@ -37250,7 +36304,7 @@ index 84a1fdf..693b0d6 100644
/*
* TODO: need to fixup sg_tablesize, max_segment_size,
diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c
-index 1b21491..1b7f60e 100644
+index f59d4a0..1d89407 100644
--- a/drivers/scsi/scsi_transport_fc.c
+++ b/drivers/scsi/scsi_transport_fc.c
@@ -484,7 +484,7 @@ static DECLARE_TRANSPORT_CLASS(fc_vport_class,
@@ -37290,7 +36344,7 @@ index 1b21491..1b7f60e 100644
/*
* Check for overflow; dev_loss_tmo is u32
diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
-index 96029e6..4d77fa0 100644
+index cfd4914..ddd7129 100644
--- a/drivers/scsi/scsi_transport_iscsi.c
+++ b/drivers/scsi/scsi_transport_iscsi.c
@@ -79,7 +79,7 @@ struct iscsi_internal {
@@ -37302,7 +36356,7 @@ index 96029e6..4d77fa0 100644
static struct workqueue_struct *iscsi_eh_timer_workq;
static DEFINE_IDA(iscsi_sess_ida);
-@@ -1062,7 +1062,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id)
+@@ -1063,7 +1063,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id)
int err;
ihost = shost->shost_data;
@@ -37311,7 +36365,7 @@ index 96029e6..4d77fa0 100644
if (target_id == ISCSI_MAX_TARGET) {
id = ida_simple_get(&iscsi_sess_ida, 0, 0, GFP_KERNEL);
-@@ -2663,7 +2663,7 @@ static __init int iscsi_transport_init(void)
+@@ -2680,7 +2680,7 @@ static __init int iscsi_transport_init(void)
printk(KERN_INFO "Loading iSCSI transport class v%s.\n",
ISCSI_TRANSPORT_VERSION);
@@ -37352,7 +36406,7 @@ index 21a045e..ec89e03 100644
transport_setup_device(&rport->dev);
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
-index 441a1c5..07cece7 100644
+index eacd46b..e3f4d62 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -1077,7 +1077,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
@@ -37373,15 +36427,15 @@ index 441a1c5..07cece7 100644
{"allow_dio", &adio_fops},
{"debug", &debug_fops},
{"def_reserved_size", &dressz_fops},
-@@ -2327,7 +2327,7 @@ sg_proc_init(void)
- {
- int k, mask;
- int num_leaves = ARRAY_SIZE(sg_proc_leaf_arr);
-- struct sg_proc_leaf * leaf;
-+ const struct sg_proc_leaf * leaf;
-
- sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL);
+@@ -2332,7 +2332,7 @@ sg_proc_init(void)
if (!sg_proc_sgp)
+ return 1;
+ for (k = 0; k < num_leaves; ++k) {
+- struct sg_proc_leaf *leaf = &sg_proc_leaf_arr[k];
++ const struct sg_proc_leaf *leaf = &sg_proc_leaf_arr[k];
+ umode_t mask = leaf->fops->write ? S_IRUGO | S_IWUSR : S_IRUGO;
+ proc_create(leaf->name, mask, sg_proc_sgp, leaf->fops);
+ }
diff --git a/drivers/spi/spi-dw-pci.c b/drivers/spi/spi-dw-pci.c
index f64250e..1ee3049 100644
--- a/drivers/spi/spi-dw-pci.c
@@ -37396,7 +36450,7 @@ index f64250e..1ee3049 100644
{ PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x0800) },
{},
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
-index 77eae99..b7cdcc9 100644
+index b2ccdea..84cde75 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
@@ -1024,7 +1024,7 @@ int spi_bus_unlock(struct spi_master *master)
@@ -37408,65 +36462,8 @@ index 77eae99..b7cdcc9 100644
static u8 *buf;
-diff --git a/drivers/staging/gma500/power.c b/drivers/staging/gma500/power.c
-index 436fe97..4082570 100644
---- a/drivers/staging/gma500/power.c
-+++ b/drivers/staging/gma500/power.c
-@@ -266,7 +266,7 @@ bool gma_power_begin(struct drm_device *dev, bool force_on)
- ret = gma_resume_pci(dev->pdev);
- if (ret == 0) {
- /* FIXME: we want to defer this for Medfield/Oaktrail */
-- gma_resume_display(dev);
-+ gma_resume_display(dev->pdev);
- psb_irq_preinstall(dev);
- psb_irq_postinstall(dev);
- pm_runtime_get(&dev->pdev->dev);
-diff --git a/drivers/staging/hv/rndis_filter.c b/drivers/staging/hv/rndis_filter.c
-index bafccb3..e3ac78d 100644
---- a/drivers/staging/hv/rndis_filter.c
-+++ b/drivers/staging/hv/rndis_filter.c
-@@ -42,7 +42,7 @@ struct rndis_device {
-
- enum rndis_device_state state;
- bool link_state;
-- atomic_t new_req_id;
-+ atomic_unchecked_t new_req_id;
-
- spinlock_t request_lock;
- struct list_head req_list;
-@@ -116,7 +116,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev,
- * template
- */
- set = &rndis_msg->msg.set_req;
-- set->req_id = atomic_inc_return(&dev->new_req_id);
-+ set->req_id = atomic_inc_return_unchecked(&dev->new_req_id);
-
- /* Add to the request list */
- spin_lock_irqsave(&dev->request_lock, flags);
-@@ -646,7 +646,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev)
-
- /* Setup the rndis set */
- halt = &request->request_msg.msg.halt_req;
-- halt->req_id = atomic_inc_return(&dev->new_req_id);
-+ halt->req_id = atomic_inc_return_unchecked(&dev->new_req_id);
-
- /* Ignore return since this msg is optional. */
- rndis_filter_send_request(dev, request);
-diff --git a/drivers/staging/iio/buffer_generic.h b/drivers/staging/iio/buffer_generic.h
-index 9e8f010..af9efb56 100644
---- a/drivers/staging/iio/buffer_generic.h
-+++ b/drivers/staging/iio/buffer_generic.h
-@@ -64,7 +64,7 @@ struct iio_buffer_access_funcs {
-
- int (*is_enabled)(struct iio_buffer *buffer);
- int (*enable)(struct iio_buffer *buffer);
--};
-+} __no_const;
-
- /**
- * struct iio_buffer_setup_ops - buffer setup related callbacks
diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c
-index 8b307b4..a97ac91 100644
+index 400df8c..065d4f4 100644
--- a/drivers/staging/octeon/ethernet-rx.c
+++ b/drivers/staging/octeon/ethernet-rx.c
@@ -420,11 +420,11 @@ static int cvm_oct_napi_poll(struct napi_struct *napi, int budget)
@@ -37498,7 +36495,7 @@ index 8b307b4..a97ac91 100644
dev_kfree_skb_irq(skb);
}
diff --git a/drivers/staging/octeon/ethernet.c b/drivers/staging/octeon/ethernet.c
-index 076f866..2308070 100644
+index 9112cd8..92f8d51 100644
--- a/drivers/staging/octeon/ethernet.c
+++ b/drivers/staging/octeon/ethernet.c
@@ -258,11 +258,11 @@ static struct net_device_stats *cvm_oct_common_get_stats(struct net_device *dev)
@@ -37517,101 +36514,6 @@ index 076f866..2308070 100644
#endif
}
-diff --git a/drivers/staging/pohmelfs/inode.c b/drivers/staging/pohmelfs/inode.c
-index 7a19555..466456d 100644
---- a/drivers/staging/pohmelfs/inode.c
-+++ b/drivers/staging/pohmelfs/inode.c
-@@ -1861,7 +1861,7 @@ static int pohmelfs_fill_super(struct super_block *sb, void *data, int silent)
- mutex_init(&psb->mcache_lock);
- psb->mcache_root = RB_ROOT;
- psb->mcache_timeout = msecs_to_jiffies(5000);
-- atomic_long_set(&psb->mcache_gen, 0);
-+ atomic_long_set_unchecked(&psb->mcache_gen, 0);
-
- psb->trans_max_pages = 100;
-
-@@ -1876,7 +1876,7 @@ static int pohmelfs_fill_super(struct super_block *sb, void *data, int silent)
- INIT_LIST_HEAD(&psb->crypto_ready_list);
- INIT_LIST_HEAD(&psb->crypto_active_list);
-
-- atomic_set(&psb->trans_gen, 1);
-+ atomic_set_unchecked(&psb->trans_gen, 1);
- atomic_long_set(&psb->total_inodes, 0);
-
- mutex_init(&psb->state_lock);
-diff --git a/drivers/staging/pohmelfs/mcache.c b/drivers/staging/pohmelfs/mcache.c
-index e22665c..a2a9390 100644
---- a/drivers/staging/pohmelfs/mcache.c
-+++ b/drivers/staging/pohmelfs/mcache.c
-@@ -121,7 +121,7 @@ struct pohmelfs_mcache *pohmelfs_mcache_alloc(struct pohmelfs_sb *psb, u64 start
- m->data = data;
- m->start = start;
- m->size = size;
-- m->gen = atomic_long_inc_return(&psb->mcache_gen);
-+ m->gen = atomic_long_inc_return_unchecked(&psb->mcache_gen);
-
- mutex_lock(&psb->mcache_lock);
- err = pohmelfs_mcache_insert(psb, m);
-diff --git a/drivers/staging/pohmelfs/netfs.h b/drivers/staging/pohmelfs/netfs.h
-index 985b6b7..7699e05 100644
---- a/drivers/staging/pohmelfs/netfs.h
-+++ b/drivers/staging/pohmelfs/netfs.h
-@@ -571,14 +571,14 @@ struct pohmelfs_config;
- struct pohmelfs_sb {
- struct rb_root mcache_root;
- struct mutex mcache_lock;
-- atomic_long_t mcache_gen;
-+ atomic_long_unchecked_t mcache_gen;
- unsigned long mcache_timeout;
-
- unsigned int idx;
-
- unsigned int trans_retries;
-
-- atomic_t trans_gen;
-+ atomic_unchecked_t trans_gen;
-
- unsigned int crypto_attached_size;
- unsigned int crypto_align_size;
-diff --git a/drivers/staging/pohmelfs/trans.c b/drivers/staging/pohmelfs/trans.c
-index 06c1a74..866eebc 100644
---- a/drivers/staging/pohmelfs/trans.c
-+++ b/drivers/staging/pohmelfs/trans.c
-@@ -492,7 +492,7 @@ int netfs_trans_finish(struct netfs_trans *t, struct pohmelfs_sb *psb)
- int err;
- struct netfs_cmd *cmd = t->iovec.iov_base;
-
-- t->gen = atomic_inc_return(&psb->trans_gen);
-+ t->gen = atomic_inc_return_unchecked(&psb->trans_gen);
-
- cmd->size = t->iovec.iov_len - sizeof(struct netfs_cmd) +
- t->attached_size + t->attached_pages * sizeof(struct netfs_cmd);
-diff --git a/drivers/staging/rtl8192e/rtllib_module.c b/drivers/staging/rtl8192e/rtllib_module.c
-index c36a140..dd27fda 100644
---- a/drivers/staging/rtl8192e/rtllib_module.c
-+++ b/drivers/staging/rtl8192e/rtllib_module.c
-@@ -228,6 +228,8 @@ static int show_debug_level(char *page, char **start, off_t offset,
- }
-
- static int store_debug_level(struct file *file, const char __user *buffer,
-+ unsigned long count, void *data) __size_overflow(3);
-+static int store_debug_level(struct file *file, const char __user *buffer,
- unsigned long count, void *data)
- {
- char buf[] = "0x00000000";
-diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c b/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c
-index e3d47bc..85f4d0d 100644
---- a/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c
-+++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c
-@@ -250,6 +250,8 @@ static int show_debug_level(char *page, char **start, off_t offset,
- }
-
- static int store_debug_level(struct file *file, const char *buffer,
-+ unsigned long count, void *data) __size_overflow(3);
-+static int store_debug_level(struct file *file, const char *buffer,
- unsigned long count, void *data)
- {
- char buf[] = "0x00000000";
diff --git a/drivers/staging/rtl8712/rtl871x_io.h b/drivers/staging/rtl8712/rtl871x_io.h
index 86308a0..feaa925 100644
--- a/drivers/staging/rtl8712/rtl871x_io.h
@@ -37638,8 +36540,25 @@ index c7b5e8b..783d6cb 100644
return -EFAULT;
return 0;
+diff --git a/drivers/staging/speakup/speakup_soft.c b/drivers/staging/speakup/speakup_soft.c
+index 42cdafe..2769103 100644
+--- a/drivers/staging/speakup/speakup_soft.c
++++ b/drivers/staging/speakup/speakup_soft.c
+@@ -241,11 +241,11 @@ static ssize_t softsynth_read(struct file *fp, char *buf, size_t count,
+ break;
+ } else if (!initialized) {
+ if (*init) {
+- ch = *init;
+ init++;
+ } else {
+ initialized = 1;
+ }
++ ch = *init;
+ } else {
+ ch = synth_buffer_getc();
+ }
diff --git a/drivers/staging/usbip/usbip_common.h b/drivers/staging/usbip/usbip_common.h
-index be21617..0954e45 100644
+index b8f8c48..1fc5025 100644
--- a/drivers/staging/usbip/usbip_common.h
+++ b/drivers/staging/usbip/usbip_common.h
@@ -289,7 +289,7 @@ struct usbip_device {
@@ -37650,7 +36569,7 @@ index be21617..0954e45 100644
+ } __no_const eh_ops;
};
- #if 0
+ /* usbip_common.c */
diff --git a/drivers/staging/usbip/vhci.h b/drivers/staging/usbip/vhci.h
index 88b3298..3783eee 100644
--- a/drivers/staging/usbip/vhci.h
@@ -37696,7 +36615,7 @@ index 2ee97e2..0420b86 100644
hcd->power_budget = 0; /* no limit */
diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhci_rx.c
-index 3872b8c..fe6d2f4 100644
+index 3f511b4..d3dbc1e 100644
--- a/drivers/staging/usbip/vhci_rx.c
+++ b/drivers/staging/usbip/vhci_rx.c
@@ -77,7 +77,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev,
@@ -37824,10 +36743,10 @@ index ed147c4..94fc3c6 100644
/* core tmem accessor functions */
diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c
-index 03d3528..6bbe82f 100644
+index 501b27c..39dc3d3 100644
--- a/drivers/target/iscsi/iscsi_target.c
+++ b/drivers/target/iscsi/iscsi_target.c
-@@ -1364,7 +1364,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf)
+@@ -1363,7 +1363,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf)
* outstanding_r2ts reaches zero, go ahead and send the delayed
* TASK_ABORTED status.
*/
@@ -37837,10 +36756,10 @@ index 03d3528..6bbe82f 100644
if (--cmd->outstanding_r2ts < 1) {
iscsit_stop_dataout_timer(cmd);
diff --git a/drivers/target/target_core_tmr.c b/drivers/target/target_core_tmr.c
-index 6845228..df77141 100644
+index dcb0618..97e3d85 100644
--- a/drivers/target/target_core_tmr.c
+++ b/drivers/target/target_core_tmr.c
-@@ -250,7 +250,7 @@ static void core_tmr_drain_task_list(
+@@ -260,7 +260,7 @@ static void core_tmr_drain_task_list(
cmd->se_tfo->get_task_tag(cmd), cmd->pr_res_key,
cmd->t_task_list_num,
atomic_read(&cmd->t_task_cdbs_left),
@@ -37849,7 +36768,7 @@ index 6845228..df77141 100644
atomic_read(&cmd->t_transport_active),
atomic_read(&cmd->t_transport_stop),
atomic_read(&cmd->t_transport_sent));
-@@ -281,7 +281,7 @@ static void core_tmr_drain_task_list(
+@@ -291,7 +291,7 @@ static void core_tmr_drain_task_list(
pr_debug("LUN_RESET: got t_transport_active = 1 for"
" task: %p, t_fe_count: %d dev: %p\n", task,
fe_count, dev);
@@ -37858,7 +36777,7 @@ index 6845228..df77141 100644
spin_unlock_irqrestore(&cmd->t_state_lock, flags);
core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count);
-@@ -289,7 +289,7 @@ static void core_tmr_drain_task_list(
+@@ -299,7 +299,7 @@ static void core_tmr_drain_task_list(
}
pr_debug("LUN_RESET: Got t_transport_active = 0 for task: %p,"
" t_fe_count: %d dev: %p\n", task, fe_count, dev);
@@ -37868,19 +36787,19 @@ index 6845228..df77141 100644
core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count);
diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
-index cdb774b..8753593 100644
+index cd5cd95..5249d30 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
-@@ -1343,7 +1343,7 @@ struct se_device *transport_add_device_to_core_hba(
-
- dev->queue_depth = dev_limits->queue_depth;
- atomic_set(&dev->depth_left, dev->queue_depth);
+@@ -1330,7 +1330,7 @@ struct se_device *transport_add_device_to_core_hba(
+ spin_lock_init(&dev->se_port_lock);
+ spin_lock_init(&dev->se_tmr_lock);
+ spin_lock_init(&dev->qf_cmd_lock);
- atomic_set(&dev->dev_ordered_id, 0);
+ atomic_set_unchecked(&dev->dev_ordered_id, 0);
se_dev_set_default_attribs(dev, dev_limits);
-@@ -1530,7 +1530,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd)
+@@ -1517,7 +1517,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd)
* Used to determine when ORDERED commands should go from
* Dormant to Active status.
*/
@@ -37889,7 +36808,7 @@ index cdb774b..8753593 100644
smp_mb__after_atomic_inc();
pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n",
cmd->se_ordered_id, cmd->sam_task_attr,
-@@ -1800,7 +1800,7 @@ static void transport_generic_request_failure(struct se_cmd *cmd)
+@@ -1862,7 +1862,7 @@ static void transport_generic_request_failure(struct se_cmd *cmd)
" t_transport_active: %d t_transport_stop: %d"
" t_transport_sent: %d\n", cmd->t_task_list_num,
atomic_read(&cmd->t_task_cdbs_left),
@@ -37898,8 +36817,8 @@ index cdb774b..8753593 100644
atomic_read(&cmd->t_task_cdbs_ex_left),
atomic_read(&cmd->t_transport_active),
atomic_read(&cmd->t_transport_stop),
-@@ -2089,9 +2089,9 @@ check_depth:
-
+@@ -2121,9 +2121,9 @@ check_depth:
+ cmd = task->task_se_cmd;
spin_lock_irqsave(&cmd->t_state_lock, flags);
task->task_flags |= (TF_ACTIVE | TF_SENT);
- atomic_inc(&cmd->t_task_cdbs_sent);
@@ -37910,7 +36829,7 @@ index cdb774b..8753593 100644
cmd->t_task_list_num)
atomic_set(&cmd->t_transport_sent, 1);
-@@ -4297,7 +4297,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd)
+@@ -4348,7 +4348,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd)
atomic_set(&cmd->transport_lun_stop, 0);
}
if (!atomic_read(&cmd->t_transport_active) ||
@@ -37919,7 +36838,7 @@ index cdb774b..8753593 100644
spin_unlock_irqrestore(&cmd->t_state_lock, flags);
return false;
}
-@@ -4546,7 +4546,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status)
+@@ -4597,7 +4597,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status)
{
int ret = 0;
@@ -37928,7 +36847,7 @@ index cdb774b..8753593 100644
if (!send_status ||
(cmd->se_cmd_flags & SCF_SENT_DELAYED_TAS))
return 1;
-@@ -4583,7 +4583,7 @@ void transport_send_task_abort(struct se_cmd *cmd)
+@@ -4634,7 +4634,7 @@ void transport_send_task_abort(struct se_cmd *cmd)
*/
if (cmd->data_direction == DMA_TO_DEVICE) {
if (cmd->se_tfo->write_pending_status(cmd) != 0) {
@@ -38183,7 +37102,7 @@ index fc7bbba..9527e93 100644
return NULL;
}
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index 39d6ab6..eb97f41 100644
+index d2256d0..97476fa 100644
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
@@ -2123,6 +2123,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
@@ -38196,10 +37115,10 @@ index 39d6ab6..eb97f41 100644
}
EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
-index e18604b..a7d5a11 100644
+index d8653ab..f8afd9d 100644
--- a/drivers/tty/pty.c
+++ b/drivers/tty/pty.c
-@@ -773,8 +773,10 @@ static void __init unix98_pty_init(void)
+@@ -765,8 +765,10 @@ static void __init unix98_pty_init(void)
register_sysctl_table(pty_root_table);
/* Now create the /dev/ptmx special device */
@@ -38314,10 +37233,10 @@ index 2b42a01..32a2ed3 100644
/* This is only available if kgdboc is a built in for early debugging */
static int __init kgdboc_early_init(char *opt)
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
-index 05085be..67eadb0 100644
+index e41b9bb..84002fb 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
-@@ -3240,7 +3240,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
+@@ -3291,7 +3291,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
void tty_default_fops(struct file_operations *fops)
{
@@ -38327,10 +37246,10 @@ index 05085be..67eadb0 100644
/*
diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c
-index 8e0924f..4204eb4 100644
+index 24b95db..9c078d0 100644
--- a/drivers/tty/tty_ldisc.c
+++ b/drivers/tty/tty_ldisc.c
-@@ -75,7 +75,7 @@ static void put_ldisc(struct tty_ldisc *ld)
+@@ -57,7 +57,7 @@ static void put_ldisc(struct tty_ldisc *ld)
if (atomic_dec_and_lock(&ld->users, &tty_ldisc_lock)) {
struct tty_ldisc_ops *ldo = ld->ops;
@@ -38339,7 +37258,7 @@ index 8e0924f..4204eb4 100644
module_put(ldo->owner);
spin_unlock_irqrestore(&tty_ldisc_lock, flags);
-@@ -110,7 +110,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc)
+@@ -92,7 +92,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc)
spin_lock_irqsave(&tty_ldisc_lock, flags);
tty_ldiscs[disc] = new_ldisc;
new_ldisc->num = disc;
@@ -38348,7 +37267,7 @@ index 8e0924f..4204eb4 100644
spin_unlock_irqrestore(&tty_ldisc_lock, flags);
return ret;
-@@ -138,7 +138,7 @@ int tty_unregister_ldisc(int disc)
+@@ -120,7 +120,7 @@ int tty_unregister_ldisc(int disc)
return -EINVAL;
spin_lock_irqsave(&tty_ldisc_lock, flags);
@@ -38357,7 +37276,7 @@ index 8e0924f..4204eb4 100644
ret = -EBUSY;
else
tty_ldiscs[disc] = NULL;
-@@ -159,7 +159,7 @@ static struct tty_ldisc_ops *get_ldops(int disc)
+@@ -141,7 +141,7 @@ static struct tty_ldisc_ops *get_ldops(int disc)
if (ldops) {
ret = ERR_PTR(-EAGAIN);
if (try_module_get(ldops->owner)) {
@@ -38366,7 +37285,7 @@ index 8e0924f..4204eb4 100644
ret = ldops;
}
}
-@@ -172,7 +172,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops)
+@@ -154,7 +154,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops)
unsigned long flags;
spin_lock_irqsave(&tty_ldisc_lock, flags);
@@ -38536,7 +37455,7 @@ index a783d53..cb30d94 100644
ret = uio_get_minor(idev);
if (ret)
diff --git a/drivers/usb/atm/cxacru.c b/drivers/usb/atm/cxacru.c
-index a845f8b..4f54072 100644
+index 98b89fe..aff824e 100644
--- a/drivers/usb/atm/cxacru.c
+++ b/drivers/usb/atm/cxacru.c
@@ -473,7 +473,7 @@ static ssize_t cxacru_sysfs_store_adsl_config(struct device *dev,
@@ -38662,6 +37581,21 @@ index d956965..4179a77 100644
if (file->f_version != event_count) {
file->f_version = event_count;
return POLLIN | POLLRDNORM;
+diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
+index b3bdfed..a9460e0 100644
+--- a/drivers/usb/core/message.c
++++ b/drivers/usb/core/message.c
+@@ -869,8 +869,8 @@ char *usb_cache_string(struct usb_device *udev, int index)
+ buf = kmalloc(MAX_USB_STRING_SIZE, GFP_NOIO);
+ if (buf) {
+ len = usb_string(udev, index, buf, MAX_USB_STRING_SIZE);
+- if (len > 0) {
+- smallbuf = kmalloc(++len, GFP_NOIO);
++ if (len++ > 0) {
++ smallbuf = kmalloc(len, GFP_NOIO);
+ if (!smallbuf)
+ return buf;
+ memcpy(smallbuf, buf, len);
diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c
index 1fc8f12..20647c1 100644
--- a/drivers/usb/early/ehci-dbgp.c
@@ -38764,19 +37698,6 @@ index b0b2ac3..89a4399 100644
"AGP",
"PCI",
"PRO AGP",
-diff --git a/drivers/video/backlight/s6e63m0.c b/drivers/video/backlight/s6e63m0.c
-index e132157..516db70 100644
---- a/drivers/video/backlight/s6e63m0.c
-+++ b/drivers/video/backlight/s6e63m0.c
-@@ -690,7 +690,7 @@ static ssize_t s6e63m0_sysfs_store_gamma_mode(struct device *dev,
- struct backlight_device *bd = NULL;
- int brightness, rc;
-
-- rc = strict_strtoul(buf, 0, (unsigned long *)&lcd->gamma_mode);
-+ rc = kstrtouint(buf, 0, &lcd->gamma_mode);
- if (rc < 0)
- return rc;
-
diff --git a/drivers/video/fbcmap.c b/drivers/video/fbcmap.c
index 5c3960d..15cf8fc 100644
--- a/drivers/video/fbcmap.c
@@ -38792,7 +37713,7 @@ index 5c3960d..15cf8fc 100644
goto out1;
}
diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c
-index ad93629..e020fc3 100644
+index ac9141b..9f07583 100644
--- a/drivers/video/fbmem.c
+++ b/drivers/video/fbmem.c
@@ -428,7 +428,7 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image,
@@ -38813,7 +37734,7 @@ index ad93629..e020fc3 100644
info->fbops->fb_imageblit(info, image);
image->dy -= image->height + 8;
}
-@@ -1143,7 +1143,7 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd,
+@@ -1157,7 +1157,7 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd,
return -EFAULT;
if (con2fb.console < 1 || con2fb.console > MAX_NR_CONSOLES)
return -EINVAL;
@@ -38870,7 +37791,7 @@ index 7672d2e..b56437f 100644
par->dev_flags |= LOCKUP;
info->pixmap.scan_align = 1;
diff --git a/drivers/video/i810/i810_main.c b/drivers/video/i810/i810_main.c
-index 318f6fb..9a389c1 100644
+index b83f361..2b05a91 100644
--- a/drivers/video/i810/i810_main.c
+++ b/drivers/video/i810/i810_main.c
@@ -97,7 +97,7 @@ static int i810fb_blank (int blank_mode, struct fb_info *info);
@@ -41625,7 +40546,7 @@ index 3c14e43..eafa544 100644
+4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4
+4 4 4 4 4 4
diff --git a/drivers/video/udlfb.c b/drivers/video/udlfb.c
-index 3473e75..c930142 100644
+index a197731..6c3af9d 100644
--- a/drivers/video/udlfb.c
+++ b/drivers/video/udlfb.c
@@ -619,11 +619,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y,
@@ -41712,7 +40633,7 @@ index 3473e75..c930142 100644
return count;
}
diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c
-index 7f8472c..9842e87 100644
+index e7f69ef..83af4fd 100644
--- a/drivers/video/uvesafb.c
+++ b/drivers/video/uvesafb.c
@@ -19,6 +19,7 @@
@@ -41933,23 +40854,23 @@ index e56c934..fc22f4b 100644
struct list_head list;
};
diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c
-index 879ed88..bc03a01 100644
+index 014c8dd..6f3dfe6 100644
--- a/fs/9p/vfs_inode.c
+++ b/fs/9p/vfs_inode.c
-@@ -1286,7 +1286,7 @@ static void *v9fs_vfs_follow_link(struct dentry *dentry, struct nameidata *nd)
+@@ -1303,7 +1303,7 @@ static void *v9fs_vfs_follow_link(struct dentry *dentry, struct nameidata *nd)
void
v9fs_vfs_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
{
- char *s = nd_get_link(nd);
+ const char *s = nd_get_link(nd);
- P9_DPRINTK(P9_DEBUG_VFS, " %s %s\n", dentry->d_name.name,
- IS_ERR(s) ? "<error>" : s);
+ p9_debug(P9_DEBUG_VFS, " %s %s\n",
+ dentry->d_name.name, IS_ERR(s) ? "<error>" : s);
diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt
-index 79e2ca7..5828ad1 100644
+index e95d1b6..3454244 100644
--- a/fs/Kconfig.binfmt
+++ b/fs/Kconfig.binfmt
-@@ -86,7 +86,7 @@ config HAVE_AOUT
+@@ -89,7 +89,7 @@ config HAVE_AOUT
config BINFMT_AOUT
tristate "Kernel support for a.out and ECOFF binaries"
@@ -42002,7 +40923,7 @@ index b9d64d8..86cb1d5 100644
kiocb->ki_cur_seg = 0;
/* ki_nbytes/left now reflect bytes instead of segs */
diff --git a/fs/attr.c b/fs/attr.c
-index 7ee7ba4..0c61a60 100644
+index 95053ad..2cc93ca 100644
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -99,6 +99,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset)
@@ -42014,10 +40935,10 @@ index 7ee7ba4..0c61a60 100644
goto out_sig;
if (offset > inode->i_sb->s_maxbytes)
diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
-index 6861f61..a25f010 100644
+index 9c098db..c755da5 100644
--- a/fs/autofs4/waitq.c
+++ b/fs/autofs4/waitq.c
-@@ -60,7 +60,7 @@ static int autofs4_write(struct file *file, const void *addr, int bytes)
+@@ -61,7 +61,7 @@ static int autofs4_write(struct autofs_sb_info *sbi,
{
unsigned long sigpipe, flags;
mm_segment_t fs;
@@ -42025,12 +40946,12 @@ index 6861f61..a25f010 100644
+ const char __user *data = (const char __force_user *)addr;
ssize_t wr = 0;
- /** WARNING: this is not safe for writing more than PIPE_BUF bytes! **/
+ sigpipe = sigismember(¤t->pending.signal, SIGPIPE);
diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c
-index 8342ca6..82fd192 100644
+index 6e6d536..457113a 100644
--- a/fs/befs/linuxvfs.c
+++ b/fs/befs/linuxvfs.c
-@@ -503,7 +503,7 @@ static void befs_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
+@@ -502,7 +502,7 @@ static void befs_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
{
befs_inode_info *befs_ino = BEFS_I(dentry->d_inode);
if (befs_ino->i_flags & BEFS_LONG_SYMLINK) {
@@ -42040,7 +40961,7 @@ index 8342ca6..82fd192 100644
kfree(link);
}
diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
-index a6395bd..f1e376a 100644
+index 1ff9405..f1e376a 100644
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -16,6 +16,7 @@
@@ -42082,17 +41003,7 @@ index a6395bd..f1e376a 100644
if (ex.a_data + ex.a_bss > rlim)
return -ENOMEM;
-@@ -259,9 +266,37 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
- current->mm->free_area_cache = current->mm->mmap_base;
- current->mm->cached_hole_size = 0;
-
-+ retval = setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT);
-+ if (retval < 0) {
-+ /* Someone check-me: is this error path enough? */
-+ send_sig(SIGKILL, current, 0);
-+ return retval;
-+ }
-+
+@@ -269,6 +276,27 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
install_exec_creds(bprm);
current->flags &= ~PF_FORKNOEXEC;
@@ -42120,7 +41031,7 @@ index a6395bd..f1e376a 100644
if (N_MAGIC(ex) == OMAGIC) {
unsigned long text_addr, map_size;
loff_t pos;
-@@ -334,7 +369,7 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
+@@ -341,7 +369,7 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs)
down_write(¤t->mm->mmap_sem);
error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data,
@@ -42129,22 +41040,8 @@ index a6395bd..f1e376a 100644
MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
fd_offset + ex.a_text);
up_write(¤t->mm->mmap_sem);
-@@ -352,13 +387,6 @@ beyond_if:
- return retval;
- }
-
-- retval = setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT);
-- if (retval < 0) {
-- /* Someone check-me: is this error path enough? */
-- send_sig(SIGKILL, current, 0);
-- return retval;
-- }
--
- current->mm->start_stack =
- (unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
- #ifdef __alpha__
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 6ff96c6..b5fb43a 100644
+index 07d096c..5e2a0b3 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -32,6 +32,7 @@
@@ -42778,19 +41675,7 @@ index 6ff96c6..b5fb43a 100644
/* set_brk can never work. Avoid overflows. */
send_sig(SIGKILL, current, 0);
retval = -EINVAL;
-@@ -870,6 +1328,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
- start_data += load_bias;
- end_data += load_bias;
-
-+#ifdef CONFIG_PAX_RANDMMAP
-+ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
-+ elf_brk += PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
-+#endif
-+
- /* Calling set_brk effectively mmaps the pages that we need
- * for the bss and break sections. We must do this before
- * mapping in the interpreter, to make sure it doesn't wind
-@@ -881,9 +1344,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
+@@ -881,11 +1339,35 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
goto out_free_dentry;
}
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
@@ -42804,8 +41689,32 @@ index 6ff96c6..b5fb43a 100644
+ */
}
++#ifdef CONFIG_PAX_RANDMMAP
++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
++ unsigned long start, size;
++
++ start = ELF_PAGEALIGN(elf_brk);
++ size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
++ down_write(¤t->mm->mmap_sem);
++ retval = -ENOMEM;
++ if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) {
++ start = do_mmap(NULL, start, size, PROT_NONE, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0);
++ retval = IS_ERR_VALUE(start) ? start : 0;
++ }
++ up_write(¤t->mm->mmap_sem);
++ if (retval == 0)
++ retval = set_brk(start + size, start + size + PAGE_SIZE);
++ if (retval < 0) {
++ send_sig(SIGKILL, current, 0);
++ goto out_free_dentry;
++ }
++ }
++#endif
++
if (elf_interpreter) {
-@@ -1098,7 +1563,7 @@ out:
+ unsigned long uninitialized_var(interp_map_addr);
+
+@@ -1098,7 +1580,7 @@ out:
* Decide what to dump of a segment, part, all or none.
*/
static unsigned long vma_dump_size(struct vm_area_struct *vma,
@@ -42814,7 +41723,7 @@ index 6ff96c6..b5fb43a 100644
{
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
-@@ -1132,7 +1597,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+@@ -1132,7 +1614,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
if (vma->vm_file == NULL)
return 0;
@@ -42823,7 +41732,7 @@ index 6ff96c6..b5fb43a 100644
goto whole;
/*
-@@ -1354,9 +1819,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
+@@ -1354,9 +1836,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
{
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
int i = 0;
@@ -42835,7 +41744,7 @@ index 6ff96c6..b5fb43a 100644
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
}
-@@ -1862,14 +2327,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
+@@ -1862,14 +2344,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
}
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
@@ -42852,7 +41761,7 @@ index 6ff96c6..b5fb43a 100644
return size;
}
-@@ -1963,7 +2428,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1963,7 +2445,7 @@ static int elf_core_dump(struct coredump_params *cprm)
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
@@ -42861,7 +41770,7 @@ index 6ff96c6..b5fb43a 100644
offset += elf_core_extra_data_size();
e_shoff = offset;
-@@ -1977,10 +2442,12 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1977,10 +2459,12 @@ static int elf_core_dump(struct coredump_params *cprm)
offset = dataoff;
size += sizeof(*elf);
@@ -42874,7 +41783,7 @@ index 6ff96c6..b5fb43a 100644
if (size > cprm->limit
|| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
goto end_coredump;
-@@ -1994,7 +2461,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -1994,7 +2478,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_offset = offset;
phdr.p_vaddr = vma->vm_start;
phdr.p_paddr = 0;
@@ -42883,7 +41792,7 @@ index 6ff96c6..b5fb43a 100644
phdr.p_memsz = vma->vm_end - vma->vm_start;
offset += phdr.p_filesz;
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
-@@ -2005,6 +2472,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2005,6 +2489,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_align = ELF_EXEC_PAGESIZE;
size += sizeof(phdr);
@@ -42891,7 +41800,7 @@ index 6ff96c6..b5fb43a 100644
if (size > cprm->limit
|| !dump_write(cprm->file, &phdr, sizeof(phdr)))
goto end_coredump;
-@@ -2029,7 +2497,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2029,7 +2514,7 @@ static int elf_core_dump(struct coredump_params *cprm)
unsigned long addr;
unsigned long end;
@@ -42900,7 +41809,7 @@ index 6ff96c6..b5fb43a 100644
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
struct page *page;
-@@ -2038,6 +2506,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2038,6 +2523,7 @@ static int elf_core_dump(struct coredump_params *cprm)
page = get_dump_page(addr);
if (page) {
void *kaddr = kmap(page);
@@ -42908,7 +41817,7 @@ index 6ff96c6..b5fb43a 100644
stop = ((size += PAGE_SIZE) > cprm->limit) ||
!dump_write(cprm->file, kaddr,
PAGE_SIZE);
-@@ -2055,6 +2524,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2055,6 +2541,7 @@ static int elf_core_dump(struct coredump_params *cprm)
if (e_phnum == PN_XNUM) {
size += sizeof(*shdr4extnum);
@@ -42916,7 +41825,7 @@ index 6ff96c6..b5fb43a 100644
if (size > cprm->limit
|| !dump_write(cprm->file, shdr4extnum,
sizeof(*shdr4extnum)))
-@@ -2075,6 +2545,97 @@ out:
+@@ -2075,6 +2562,97 @@ out:
#endif /* CONFIG_ELF_CORE */
@@ -43051,10 +41960,19 @@ index 1bffbe0..c8c283e 100644
goto err;
}
diff --git a/fs/bio.c b/fs/bio.c
-index b1fe82c..84da0a9 100644
+index b980ecd..74800bf 100644
--- a/fs/bio.c
+++ b/fs/bio.c
-@@ -1233,7 +1233,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err)
+@@ -833,7 +833,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
+ /*
+ * Overflow, abort
+ */
+- if (end < start)
++ if (end < start || end - start > INT_MAX - nr_pages)
+ return ERR_PTR(-EINVAL);
+
+ nr_pages += end - start;
+@@ -1229,7 +1229,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err)
const int read = bio_data_dir(bio) == READ;
struct bio_map_data *bmd = bio->bi_private;
int i;
@@ -43064,10 +41982,10 @@ index b1fe82c..84da0a9 100644
__bio_for_each_segment(bvec, bio, i, 0) {
char *addr = page_address(bvec->bv_page);
diff --git a/fs/block_dev.c b/fs/block_dev.c
-index abe9b48..5df59e8 100644
+index 5e9f198..6bf9b1c 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
-@@ -681,7 +681,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole,
+@@ -703,7 +703,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole,
else if (bdev->bd_contains == bdev)
return true; /* is a whole device which isn't held */
@@ -43076,8 +41994,21 @@ index abe9b48..5df59e8 100644
return true; /* is a partition of a device that is being partitioned */
else if (whole->bd_holder != NULL)
return false; /* is a partition of a held device */
+diff --git a/fs/btrfs/check-integrity.c b/fs/btrfs/check-integrity.c
+index d986824..af1befd 100644
+--- a/fs/btrfs/check-integrity.c
++++ b/fs/btrfs/check-integrity.c
+@@ -157,7 +157,7 @@ struct btrfsic_block {
+ union {
+ bio_end_io_t *bio;
+ bh_end_io_t *bh;
+- } orig_bio_bh_end_io;
++ } __no_const orig_bio_bh_end_io;
+ int submit_bio_bh_rw;
+ u64 flush_gen; /* only valid if !never_written */
+ };
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
-index dede441..f2a2507 100644
+index 0639a55..7d9e07f 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -488,9 +488,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
@@ -43097,10 +42028,10 @@ index dede441..f2a2507 100644
WARN_ON(trans->transid != btrfs_header_generation(parent));
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
-index fd1a06d..6e9033d 100644
+index 892b347..b3db246 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
-@@ -6895,7 +6895,7 @@ fail:
+@@ -6930,7 +6930,7 @@ fail:
return -ENOMEM;
}
@@ -43109,7 +42040,7 @@ index fd1a06d..6e9033d 100644
struct dentry *dentry, struct kstat *stat)
{
struct inode *inode = dentry->d_inode;
-@@ -6909,6 +6909,14 @@ static int btrfs_getattr(struct vfsmount *mnt,
+@@ -6944,6 +6944,14 @@ static int btrfs_getattr(struct vfsmount *mnt,
return 0;
}
@@ -43125,10 +42056,10 @@ index fd1a06d..6e9033d 100644
* If a file is moved, it will inherit the cow and compression flags of the new
* directory.
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
-index c04f02c..f5c9e2e 100644
+index d8b5471..e5463d7 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
-@@ -2733,9 +2733,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -2783,9 +2783,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
for (i = 0; i < num_types; i++) {
struct btrfs_space_info *tmp;
@@ -43141,7 +42072,7 @@ index c04f02c..f5c9e2e 100644
info = NULL;
rcu_read_lock();
list_for_each_entry_rcu(tmp, &root->fs_info->space_info,
-@@ -2757,15 +2760,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -2807,15 +2810,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
memcpy(dest, &space, sizeof(space));
dest++;
space_args.total_spaces++;
@@ -43159,7 +42090,7 @@ index c04f02c..f5c9e2e 100644
if (copy_to_user(user_dest, dest_orig, alloc_size))
diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
-index cfb5543..1ae7347 100644
+index 8c1aae2..1e46446 100644
--- a/fs/btrfs/relocation.c
+++ b/fs/btrfs/relocation.c
@@ -1244,7 +1244,7 @@ static int __update_reloc_root(struct btrfs_root *root, int del)
@@ -43326,7 +42257,7 @@ index 0e3c092..818480e 100644
kunmap(page);
if (ret != len)
diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
-index 9895400..78a67e7 100644
+index 3e8094b..cb3ff3d 100644
--- a/fs/ceph/dir.c
+++ b/fs/ceph/dir.c
@@ -244,7 +244,7 @@ static int ceph_readdir(struct file *filp, void *dirent, filldir_t filldir)
@@ -43347,22 +42278,8 @@ index 9895400..78a67e7 100644
return ceph_lookup_open(dir, dentry, nd, mode, 1);
}
-diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c
-index cfd1ce3..6b13a74 100644
---- a/fs/cifs/asn1.c
-+++ b/fs/cifs/asn1.c
-@@ -416,6 +416,9 @@ asn1_subid_decode(struct asn1_ctx *ctx, unsigned long *subid)
-
- static int
- asn1_oid_decode(struct asn1_ctx *ctx,
-+ unsigned char *eoc, unsigned long **oid, unsigned int *len) __size_overflow(2);
-+static int
-+asn1_oid_decode(struct asn1_ctx *ctx,
- unsigned char *eoc, unsigned long **oid, unsigned int *len)
- {
- unsigned long subid;
diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
-index 84e8c07..6170d31 100644
+index 24b3dfc..3cd5454 100644
--- a/fs/cifs/cifs_debug.c
+++ b/fs/cifs/cifs_debug.c
@@ -265,8 +265,8 @@ static ssize_t cifs_stats_proc_write(struct file *file,
@@ -43495,7 +42412,7 @@ index 84e8c07..6170d31 100644
}
}
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
-index 8f1fe32..38f9e27 100644
+index b1fd382..df45435 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -989,7 +989,7 @@ cifs_init_request_bufs(void)
@@ -43528,7 +42445,7 @@ index 8f1fe32..38f9e27 100644
atomic_set(&midCount, 0);
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
-index 8238aa1..0347196 100644
+index 76e7d8b..4814992 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -392,28 +392,28 @@ struct cifs_tcon {
@@ -43591,7 +42508,7 @@ index 8238aa1..0347196 100644
static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon,
unsigned int bytes)
-@@ -985,8 +985,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
+@@ -987,8 +987,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
/* Various Debug counters */
GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */
#ifdef CONFIG_CIFS_STATS2
@@ -43686,21 +42603,10 @@ index 6901578..d402eb5 100644
return hit;
diff --git a/fs/compat.c b/fs/compat.c
-index c987875..08771ca 100644
+index 07880ba..3fb2862 100644
--- a/fs/compat.c
+++ b/fs/compat.c
-@@ -132,8 +132,8 @@ asmlinkage long compat_sys_utimes(const char __user *filename, struct compat_tim
- static int cp_compat_stat(struct kstat *stat, struct compat_stat __user *ubuf)
- {
- compat_ino_t ino = stat->ino;
-- typeof(ubuf->st_uid) uid = 0;
-- typeof(ubuf->st_gid) gid = 0;
-+ typeof(((struct compat_stat *)0)->st_uid) uid = 0;
-+ typeof(((struct compat_stat *)0)->st_gid) gid = 0;
- int err;
-
- SET_UID(uid, stat->uid);
-@@ -504,7 +504,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p)
+@@ -491,7 +491,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p)
set_fs(KERNEL_DS);
/* The __user pointer cast is valid because of the set_fs() */
@@ -43709,7 +42615,7 @@ index c987875..08771ca 100644
set_fs(oldfs);
/* truncating is ok because it's a user address */
if (!ret)
-@@ -562,7 +562,7 @@ ssize_t compat_rw_copy_check_uvector(int type,
+@@ -549,7 +549,7 @@ ssize_t compat_rw_copy_check_uvector(int type,
goto out;
ret = -EINVAL;
@@ -43718,7 +42624,7 @@ index c987875..08771ca 100644
goto out;
if (nr_segs > fast_segs) {
ret = -ENOMEM;
-@@ -845,6 +845,7 @@ struct compat_old_linux_dirent {
+@@ -832,6 +832,7 @@ struct compat_old_linux_dirent {
struct compat_readdir_callback {
struct compat_old_linux_dirent __user *dirent;
@@ -43726,7 +42632,7 @@ index c987875..08771ca 100644
int result;
};
-@@ -862,6 +863,10 @@ static int compat_fillonedir(void *__buf, const char *name, int namlen,
+@@ -849,6 +850,10 @@ static int compat_fillonedir(void *__buf, const char *name, int namlen,
buf->result = -EOVERFLOW;
return -EOVERFLOW;
}
@@ -43737,7 +42643,7 @@ index c987875..08771ca 100644
buf->result++;
dirent = buf->dirent;
if (!access_ok(VERIFY_WRITE, dirent,
-@@ -894,6 +899,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int fd,
+@@ -881,6 +886,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int fd,
buf.result = 0;
buf.dirent = dirent;
@@ -43745,7 +42651,7 @@ index c987875..08771ca 100644
error = vfs_readdir(file, compat_fillonedir, &buf);
if (buf.result)
-@@ -914,6 +920,7 @@ struct compat_linux_dirent {
+@@ -901,6 +907,7 @@ struct compat_linux_dirent {
struct compat_getdents_callback {
struct compat_linux_dirent __user *current_dir;
struct compat_linux_dirent __user *previous;
@@ -43753,7 +42659,7 @@ index c987875..08771ca 100644
int count;
int error;
};
-@@ -935,6 +942,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen,
+@@ -922,6 +929,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen,
buf->error = -EOVERFLOW;
return -EOVERFLOW;
}
@@ -43764,7 +42670,7 @@ index c987875..08771ca 100644
dirent = buf->previous;
if (dirent) {
if (__put_user(offset, &dirent->d_off))
-@@ -982,6 +993,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd,
+@@ -969,6 +980,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd,
buf.previous = NULL;
buf.count = count;
buf.error = 0;
@@ -43772,7 +42678,7 @@ index c987875..08771ca 100644
error = vfs_readdir(file, compat_filldir, &buf);
if (error >= 0)
-@@ -1003,6 +1015,7 @@ out:
+@@ -990,6 +1002,7 @@ out:
struct compat_getdents_callback64 {
struct linux_dirent64 __user *current_dir;
struct linux_dirent64 __user *previous;
@@ -43780,7 +42686,7 @@ index c987875..08771ca 100644
int count;
int error;
};
-@@ -1019,6 +1032,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t
+@@ -1006,6 +1019,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t
buf->error = -EINVAL; /* only used if we fail.. */
if (reclen > buf->count)
return -EINVAL;
@@ -43791,7 +42697,7 @@ index c987875..08771ca 100644
dirent = buf->previous;
if (dirent) {
-@@ -1070,13 +1087,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd,
+@@ -1057,13 +1074,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd,
buf.previous = NULL;
buf.count = count;
buf.error = 0;
@@ -43826,10 +42732,10 @@ index 112e45a..b59845b 100644
/*
diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
-index 51352de..93292ff 100644
+index a26bea1..ae23e72 100644
--- a/fs/compat_ioctl.c
+++ b/fs/compat_ioctl.c
-@@ -210,6 +210,8 @@ static int do_video_set_spu_palette(unsigned int fd, unsigned int cmd,
+@@ -211,6 +211,8 @@ static int do_video_set_spu_palette(unsigned int fd, unsigned int cmd,
err = get_user(palp, &up->palette);
err |= get_user(length, &up->length);
@@ -43838,7 +42744,7 @@ index 51352de..93292ff 100644
up_native = compat_alloc_user_space(sizeof(struct video_spu_palette));
err = put_user(compat_ptr(palp), &up_native->palette);
-@@ -621,7 +623,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd,
+@@ -622,7 +624,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd,
return -EFAULT;
if (__get_user(udata, &ss32->iomem_base))
return -EFAULT;
@@ -43847,7 +42753,7 @@ index 51352de..93292ff 100644
if (__get_user(ss.iomem_reg_shift, &ss32->iomem_reg_shift) ||
__get_user(ss.port_high, &ss32->port_high))
return -EFAULT;
-@@ -796,7 +798,7 @@ static int compat_ioctl_preallocate(struct file *file,
+@@ -797,7 +799,7 @@ static int compat_ioctl_preallocate(struct file *file,
copy_in_user(&p->l_len, &p32->l_len, sizeof(s64)) ||
copy_in_user(&p->l_sysid, &p32->l_sysid, sizeof(s32)) ||
copy_in_user(&p->l_pid, &p32->l_pid, sizeof(u32)) ||
@@ -43856,7 +42762,7 @@ index 51352de..93292ff 100644
return -EFAULT;
return ioctl_preallocate(file, p);
-@@ -1644,8 +1646,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd,
+@@ -1611,8 +1613,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd,
static int __init init_sys32_ioctl_cmp(const void *p, const void *q)
{
unsigned int a, b;
@@ -43868,7 +42774,7 @@ index 51352de..93292ff 100644
return 1;
if (a < b)
diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c
-index 9a37a9b..35792b6 100644
+index 5ddd7eb..c18bf04 100644
--- a/fs/configfs/dir.c
+++ b/fs/configfs/dir.c
@@ -1575,7 +1575,8 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir
@@ -43896,10 +42802,24 @@ index 9a37a9b..35792b6 100644
/*
* We'll have a dentry and an inode for
diff --git a/fs/dcache.c b/fs/dcache.c
-index f7908ae..920a680 100644
+index bcbdb33..55ffe97 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
-@@ -3042,7 +3042,7 @@ void __init vfs_caches_init(unsigned long mempages)
+@@ -105,10 +105,10 @@ static unsigned int d_hash_shift __read_mostly;
+ static struct hlist_bl_head *dentry_hashtable __read_mostly;
+
+ static inline struct hlist_bl_head *d_hash(const struct dentry *parent,
+- unsigned long hash)
++ unsigned int hash)
+ {
+- hash += ((unsigned long) parent ^ GOLDEN_RATIO_PRIME) / L1_CACHE_BYTES;
+- hash = hash ^ ((hash ^ GOLDEN_RATIO_PRIME) >> D_HASHBITS);
++ hash += (unsigned long) parent / L1_CACHE_BYTES;
++ hash = hash + (hash >> D_HASHBITS);
+ return dentry_hashtable + (hash & D_HASHMASK);
+ }
+
+@@ -3066,7 +3066,7 @@ void __init vfs_caches_init(unsigned long mempages)
mempages -= reserve;
names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
@@ -43909,7 +42829,7 @@ index f7908ae..920a680 100644
dcache_init();
inode_init();
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
-index f3a257d..715ac0f 100644
+index 956d5dd..e755e04 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
@@ -261,7 +261,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file);
@@ -43925,10 +42845,10 @@ index f3a257d..715ac0f 100644
}
EXPORT_SYMBOL_GPL(debugfs_create_dir);
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
-index af11098..81e3bbe 100644
+index ab35b11..b30af66 100644
--- a/fs/ecryptfs/inode.c
+++ b/fs/ecryptfs/inode.c
-@@ -691,7 +691,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf,
+@@ -672,7 +672,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf,
old_fs = get_fs();
set_fs(get_ds());
rc = lower_dentry->d_inode->i_op->readlink(lower_dentry,
@@ -43937,7 +42857,7 @@ index af11098..81e3bbe 100644
lower_bufsiz);
set_fs(old_fs);
if (rc < 0)
-@@ -737,7 +737,7 @@ static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd)
+@@ -718,7 +718,7 @@ static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd)
}
old_fs = get_fs();
set_fs(get_ds());
@@ -43946,7 +42866,7 @@ index af11098..81e3bbe 100644
set_fs(old_fs);
if (rc < 0) {
kfree(buf);
-@@ -752,7 +752,7 @@ out:
+@@ -733,7 +733,7 @@ out:
static void
ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr)
{
@@ -43956,12 +42876,12 @@ index af11098..81e3bbe 100644
/* Free the char* */
kfree(buf);
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
-index 0dc5a3d..d3cdeea 100644
+index 3a06f40..f7af544 100644
--- a/fs/ecryptfs/miscdev.c
+++ b/fs/ecryptfs/miscdev.c
-@@ -328,7 +328,7 @@ check_list:
+@@ -345,7 +345,7 @@ check_list:
goto out_unlock_msg_ctx;
- i = 5;
+ i = PKT_TYPE_SIZE + PKT_CTR_SIZE;
if (msg_ctx->msg) {
- if (copy_to_user(&buf[i], packet_length, packet_length_size))
+ if (packet_length_size > sizeof(packet_length) || copy_to_user(&buf[i], packet_length, packet_length_size))
@@ -43969,7 +42889,7 @@ index 0dc5a3d..d3cdeea 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c
-index 608c1c3..7d040a8 100644
+index b2a34a1..162fa69 100644
--- a/fs/ecryptfs/read_write.c
+++ b/fs/ecryptfs/read_write.c
@@ -48,7 +48,7 @@ int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data,
@@ -43991,10 +42911,10 @@ index 608c1c3..7d040a8 100644
return rc;
}
diff --git a/fs/exec.c b/fs/exec.c
-index 3625464..ff895b9 100644
+index 153dee1..8ee97ba 100644
--- a/fs/exec.c
+++ b/fs/exec.c
-@@ -55,12 +55,28 @@
+@@ -55,6 +55,13 @@
#include <linux/pipe_fs_i.h>
#include <linux/oom.h>
#include <linux/compat.h>
@@ -44008,7 +42928,8 @@ index 3625464..ff895b9 100644
#include <asm/uaccess.h>
#include <asm/mmu_context.h>
- #include <asm/tlb.h>
+@@ -63,6 +70,15 @@
+ #include <trace/events/task.h>
#include "internal.h"
+#ifndef CONFIG_PAX_HAVE_ACL_FLAGS
@@ -44023,7 +42944,7 @@ index 3625464..ff895b9 100644
int core_uses_pid;
char core_pattern[CORENAME_MAX_SIZE] = "core";
unsigned int core_pipe_limit;
-@@ -70,7 +86,7 @@ struct core_name {
+@@ -72,7 +88,7 @@ struct core_name {
char *corename;
int used, size;
};
@@ -44032,7 +42953,7 @@ index 3625464..ff895b9 100644
/* The maximal length of core_pattern is also specified in sysctl.c */
-@@ -188,18 +204,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
+@@ -190,18 +206,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
int write)
{
struct page *page;
@@ -44054,7 +42975,7 @@ index 3625464..ff895b9 100644
return NULL;
if (write) {
-@@ -215,6 +223,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
+@@ -217,6 +225,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
if (size <= ARG_MAX)
return page;
@@ -44072,7 +42993,7 @@ index 3625464..ff895b9 100644
/*
* Limit to 1/4-th the stack size for the argv+env strings.
* This ensures that:
-@@ -274,6 +293,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
+@@ -276,6 +295,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
vma->vm_end = STACK_TOP_MAX;
vma->vm_start = vma->vm_end - PAGE_SIZE;
vma->vm_flags = VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP;
@@ -44084,7 +43005,7 @@ index 3625464..ff895b9 100644
vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
INIT_LIST_HEAD(&vma->anon_vma_chain);
-@@ -288,6 +312,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
+@@ -290,6 +314,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
mm->stack_vm = mm->total_vm = 1;
up_write(&mm->mmap_sem);
bprm->p = vma->vm_end - sizeof(void *);
@@ -44097,7 +43018,7 @@ index 3625464..ff895b9 100644
return 0;
err:
up_write(&mm->mmap_sem);
-@@ -396,19 +426,7 @@ err:
+@@ -398,19 +428,7 @@ err:
return err;
}
@@ -44118,7 +43039,7 @@ index 3625464..ff895b9 100644
{
const char __user *native;
-@@ -417,14 +435,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr)
+@@ -419,14 +437,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr)
compat_uptr_t compat;
if (get_user(compat, argv.ptr.compat + nr))
@@ -44135,7 +43056,7 @@ index 3625464..ff895b9 100644
return native;
}
-@@ -443,7 +461,7 @@ static int count(struct user_arg_ptr argv, int max)
+@@ -445,7 +463,7 @@ static int count(struct user_arg_ptr argv, int max)
if (!p)
break;
@@ -44144,7 +43065,7 @@ index 3625464..ff895b9 100644
return -EFAULT;
if (i++ >= max)
-@@ -477,7 +495,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv,
+@@ -479,7 +497,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv,
ret = -EFAULT;
str = get_user_arg_ptr(argv, argc);
@@ -44153,7 +43074,7 @@ index 3625464..ff895b9 100644
goto out;
len = strnlen_user(str, MAX_ARG_STRLEN);
-@@ -559,7 +577,7 @@ int copy_strings_kernel(int argc, const char *const *__argv,
+@@ -561,7 +579,7 @@ int copy_strings_kernel(int argc, const char *const *__argv,
int r;
mm_segment_t oldfs = get_fs();
struct user_arg_ptr argv = {
@@ -44162,7 +43083,7 @@ index 3625464..ff895b9 100644
};
set_fs(KERNEL_DS);
-@@ -594,7 +612,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
+@@ -596,7 +614,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
unsigned long new_end = old_end - shift;
struct mmu_gather tlb;
@@ -44172,7 +43093,7 @@ index 3625464..ff895b9 100644
/*
* ensure there are no vmas between where we want to go
-@@ -603,6 +622,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
+@@ -605,6 +624,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
if (vma != find_vma(mm, new_start))
return -EFAULT;
@@ -44183,7 +43104,7 @@ index 3625464..ff895b9 100644
/*
* cover the whole range: [new_start, old_end)
*/
-@@ -683,10 +706,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
+@@ -685,10 +708,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
stack_top = arch_align_stack(stack_top);
stack_top = PAGE_ALIGN(stack_top);
@@ -44194,7 +43115,7 @@ index 3625464..ff895b9 100644
stack_shift = vma->vm_end - stack_top;
bprm->p -= stack_shift;
-@@ -698,8 +717,28 @@ int setup_arg_pages(struct linux_binprm *bprm,
+@@ -700,8 +719,28 @@ int setup_arg_pages(struct linux_binprm *bprm,
bprm->exec -= stack_shift;
down_write(&mm->mmap_sem);
@@ -44223,7 +43144,7 @@ index 3625464..ff895b9 100644
/*
* Adjust stack execute permissions; explicitly enable for
* EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone
-@@ -718,13 +757,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
+@@ -720,13 +759,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
goto out_unlock;
BUG_ON(prev != vma);
@@ -44237,7 +43158,7 @@ index 3625464..ff895b9 100644
/* mprotect_fixup is overkill to remove the temporary stack flags */
vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP;
-@@ -805,7 +837,7 @@ int kernel_read(struct file *file, loff_t offset,
+@@ -807,7 +839,7 @@ int kernel_read(struct file *file, loff_t offset,
old_fs = get_fs();
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
@@ -44246,68 +43167,7 @@ index 3625464..ff895b9 100644
set_fs(old_fs);
return result;
}
-@@ -1067,6 +1099,21 @@ void set_task_comm(struct task_struct *tsk, char *buf)
- perf_event_comm(tsk);
- }
-
-+static void filename_to_taskname(char *tcomm, const char *fn, unsigned int len)
-+{
-+ int i, ch;
-+
-+ /* Copies the binary name from after last slash */
-+ for (i = 0; (ch = *(fn++)) != '\0';) {
-+ if (ch == '/')
-+ i = 0; /* overwrite what we wrote */
-+ else
-+ if (i < len - 1)
-+ tcomm[i++] = ch;
-+ }
-+ tcomm[i] = '\0';
-+}
-+
- int flush_old_exec(struct linux_binprm * bprm)
- {
- int retval;
-@@ -1081,6 +1128,7 @@ int flush_old_exec(struct linux_binprm * bprm)
-
- set_mm_exe_file(bprm->mm, bprm->file);
-
-+ filename_to_taskname(bprm->tcomm, bprm->filename, sizeof(bprm->tcomm));
- /*
- * Release all of the old mmap stuff
- */
-@@ -1112,10 +1160,6 @@ EXPORT_SYMBOL(would_dump);
-
- void setup_new_exec(struct linux_binprm * bprm)
- {
-- int i, ch;
-- const char *name;
-- char tcomm[sizeof(current->comm)];
--
- arch_pick_mmap_layout(current->mm);
-
- /* This is the point of no return */
-@@ -1126,18 +1170,7 @@ void setup_new_exec(struct linux_binprm * bprm)
- else
- set_dumpable(current->mm, suid_dumpable);
-
-- name = bprm->filename;
--
-- /* Copies the binary name from after last slash */
-- for (i=0; (ch = *(name++)) != '\0';) {
-- if (ch == '/')
-- i = 0; /* overwrite what we wrote */
-- else
-- if (i < (sizeof(tcomm) - 1))
-- tcomm[i++] = ch;
-- }
-- tcomm[i] = '\0';
-- set_task_comm(current, tcomm);
-+ set_task_comm(current, bprm->tcomm);
-
- /* Set the new mm task size. We have to do that late because it may
- * depend on TIF_32BIT which is only updated in flush_thread() on
-@@ -1247,7 +1280,7 @@ int check_unsafe_exec(struct linux_binprm *bprm)
+@@ -1252,7 +1284,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm)
}
rcu_read_unlock();
@@ -44316,7 +43176,7 @@ index 3625464..ff895b9 100644
bprm->unsafe |= LSM_UNSAFE_SHARE;
} else {
res = -EAGAIN;
-@@ -1442,6 +1475,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
+@@ -1447,6 +1479,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
EXPORT_SYMBOL(search_binary_handler);
@@ -44345,7 +43205,7 @@ index 3625464..ff895b9 100644
/*
* sys_execve() executes a new program.
*/
-@@ -1450,6 +1505,11 @@ static int do_execve_common(const char *filename,
+@@ -1455,6 +1509,11 @@ static int do_execve_common(const char *filename,
struct user_arg_ptr envp,
struct pt_regs *regs)
{
@@ -44357,7 +43217,7 @@ index 3625464..ff895b9 100644
struct linux_binprm *bprm;
struct file *file;
struct files_struct *displaced;
-@@ -1457,6 +1517,8 @@ static int do_execve_common(const char *filename,
+@@ -1462,6 +1521,8 @@ static int do_execve_common(const char *filename,
int retval;
const struct cred *cred = current_cred();
@@ -44366,7 +43226,7 @@ index 3625464..ff895b9 100644
/*
* We move the actual failure in case of RLIMIT_NPROC excess from
* set*uid() to execve() because too many poorly written programs
-@@ -1497,12 +1559,27 @@ static int do_execve_common(const char *filename,
+@@ -1502,12 +1563,27 @@ static int do_execve_common(const char *filename,
if (IS_ERR(file))
goto out_unmark;
@@ -44394,7 +43254,7 @@ index 3625464..ff895b9 100644
retval = bprm_mm_init(bprm);
if (retval)
goto out_file;
-@@ -1519,24 +1596,65 @@ static int do_execve_common(const char *filename,
+@@ -1524,24 +1600,65 @@ static int do_execve_common(const char *filename,
if (retval < 0)
goto out;
@@ -44464,7 +43324,7 @@ index 3625464..ff895b9 100644
current->fs->in_exec = 0;
current->in_execve = 0;
acct_update_integrals(current);
-@@ -1545,6 +1663,14 @@ static int do_execve_common(const char *filename,
+@@ -1550,6 +1667,14 @@ static int do_execve_common(const char *filename,
put_files_struct(displaced);
return retval;
@@ -44479,7 +43339,7 @@ index 3625464..ff895b9 100644
out:
if (bprm->mm) {
acct_arg_size(bprm, 0);
-@@ -1618,7 +1744,7 @@ static int expand_corename(struct core_name *cn)
+@@ -1623,7 +1748,7 @@ static int expand_corename(struct core_name *cn)
{
char *old_corename = cn->corename;
@@ -44488,7 +43348,7 @@ index 3625464..ff895b9 100644
cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL);
if (!cn->corename) {
-@@ -1715,7 +1841,7 @@ static int format_corename(struct core_name *cn, long signr)
+@@ -1720,7 +1845,7 @@ static int format_corename(struct core_name *cn, long signr)
int pid_in_pattern = 0;
int err = 0;
@@ -44497,7 +43357,7 @@ index 3625464..ff895b9 100644
cn->corename = kmalloc(cn->size, GFP_KERNEL);
cn->used = 0;
-@@ -1812,6 +1938,228 @@ out:
+@@ -1817,6 +1942,218 @@ out:
return ispipe;
}
@@ -44713,20 +43573,10 @@ index 3625464..ff895b9 100644
+EXPORT_SYMBOL(pax_track_stack);
+#endif
+
-+#ifdef CONFIG_PAX_SIZE_OVERFLOW
-+void report_size_overflow(const char *file, unsigned int line, const char *func)
-+{
-+ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u\n", func, file, line);
-+ dump_stack();
-+ do_group_exit(SIGKILL);
-+}
-+EXPORT_SYMBOL(report_size_overflow);
-+#endif
-+
static int zap_process(struct task_struct *start, int exit_code)
{
struct task_struct *t;
-@@ -2023,17 +2371,17 @@ static void wait_for_dump_helpers(struct file *file)
+@@ -2014,17 +2351,17 @@ static void wait_for_dump_helpers(struct file *file)
pipe = file->f_path.dentry->d_inode->i_pipe;
pipe_lock(pipe);
@@ -44749,7 +43599,7 @@ index 3625464..ff895b9 100644
pipe_unlock(pipe);
}
-@@ -2094,7 +2442,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -2085,7 +2422,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
int retval = 0;
int flag = 0;
int ispipe;
@@ -44758,7 +43608,7 @@ index 3625464..ff895b9 100644
struct coredump_params cprm = {
.signr = signr,
.regs = regs,
-@@ -2109,6 +2457,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -2100,6 +2437,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
audit_core_dumps(signr);
@@ -44768,7 +43618,7 @@ index 3625464..ff895b9 100644
binfmt = mm->binfmt;
if (!binfmt || !binfmt->core_dump)
goto fail;
-@@ -2176,7 +2527,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -2167,7 +2507,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
}
cprm.limit = RLIM_INFINITY;
@@ -44777,7 +43627,7 @@ index 3625464..ff895b9 100644
if (core_pipe_limit && (core_pipe_limit < dump_count)) {
printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n",
task_tgid_vnr(current), current->comm);
-@@ -2203,6 +2554,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
+@@ -2194,6 +2534,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
} else {
struct inode *inode;
@@ -44786,7 +43636,7 @@ index 3625464..ff895b9 100644
if (cprm.limit < binfmt->min_coredump)
goto fail_unlock;
-@@ -2246,7 +2599,7 @@ close_fail:
+@@ -2237,7 +2579,7 @@ close_fail:
filp_close(cprm.file, NULL);
fail_dropcount:
if (ispipe)
@@ -44795,7 +43645,7 @@ index 3625464..ff895b9 100644
fail_unlock:
kfree(cn.corename);
fail_corename:
-@@ -2265,7 +2618,7 @@ fail:
+@@ -2256,7 +2598,7 @@ fail:
*/
int dump_write(struct file *file, const void *addr, int nr)
{
@@ -44835,10 +43685,10 @@ index a203892..4e64db5 100644
}
return 1;
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
-index 12ccacd..a6035fce0 100644
+index f9e2cd8..bfdc476 100644
--- a/fs/ext4/balloc.c
+++ b/fs/ext4/balloc.c
-@@ -436,8 +436,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
+@@ -438,8 +438,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
/* Hm, nope. Are (enough) root reserved clusters available? */
if (sbi->s_resuid == current_fsuid() ||
((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) ||
@@ -44850,10 +43700,10 @@ index 12ccacd..a6035fce0 100644
if (free_clusters >= (nclusters + dirty_clusters))
return 1;
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
-index 5b0e26a..0aa002d 100644
+index 513004f..2591a6b 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
-@@ -1208,19 +1208,19 @@ struct ext4_sb_info {
+@@ -1218,19 +1218,19 @@ struct ext4_sb_info {
unsigned long s_mb_last_start;
/* stats for buddy allocator */
@@ -44884,7 +43734,7 @@ index 5b0e26a..0aa002d 100644
/* locality groups */
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
-index e2d8be8..c7f0ce9 100644
+index cb990b2..4820141 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -1794,7 +1794,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
@@ -45137,10 +43987,10 @@ index 4c6992d..104cdea 100644
return -EMFILE;
diff --git a/fs/filesystems.c b/fs/filesystems.c
-index 0845f84..7b4ebef 100644
+index 96f2428..f5eeb8e 100644
--- a/fs/filesystems.c
+++ b/fs/filesystems.c
-@@ -274,7 +274,12 @@ struct file_system_type *get_fs_type(const char *name)
+@@ -273,7 +273,12 @@ struct file_system_type *get_fs_type(const char *name)
int len = dot ? dot - name : strlen(name);
fs = __get_fs_type(name, len);
@@ -46580,7 +45430,7 @@ index 3426521..3b75162 100644
cuse_class = class_create(THIS_MODULE, "cuse");
if (IS_ERR(cuse_class))
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
-index 2aaf3ea..8e50863 100644
+index 5f3368a..8306426 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -1242,7 +1242,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
@@ -46593,10 +45443,10 @@ index 2aaf3ea..8e50863 100644
if (!ret)
ret = -EPIPE;
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
-index 9f63e49..d8a64c0 100644
+index 2066328..f5add3b 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
-@@ -1147,7 +1147,7 @@ static char *read_link(struct dentry *dentry)
+@@ -1175,7 +1175,7 @@ static char *read_link(struct dentry *dentry)
return link;
}
@@ -46606,10 +45456,10 @@ index 9f63e49..d8a64c0 100644
if (!IS_ERR(link))
free_page((unsigned long) link);
diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c
-index cfd4959..a780959 100644
+index 5698746..6086012 100644
--- a/fs/gfs2/inode.c
+++ b/fs/gfs2/inode.c
-@@ -1490,7 +1490,7 @@ out:
+@@ -1487,7 +1487,7 @@ out:
static void gfs2_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
{
@@ -46619,10 +45469,10 @@ index cfd4959..a780959 100644
kfree(s);
}
diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
-index 0be5a78..9cfb853 100644
+index 1e85a7a..eb4218a 100644
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
-@@ -915,7 +915,7 @@ static struct file_system_type hugetlbfs_fs_type = {
+@@ -921,7 +921,7 @@ static struct file_system_type hugetlbfs_fs_type = {
.kill_sb = kill_litter_super,
};
@@ -46632,10 +45482,10 @@ index 0be5a78..9cfb853 100644
static int can_do_hugetlb_shm(void)
{
diff --git a/fs/inode.c b/fs/inode.c
-index ee4e66b..9a39f9c 100644
+index 83ab215..8842101 100644
--- a/fs/inode.c
+++ b/fs/inode.c
-@@ -787,8 +787,8 @@ unsigned int get_next_ino(void)
+@@ -870,8 +870,8 @@ unsigned int get_next_ino(void)
#ifdef CONFIG_SMP
if (unlikely((res & (LAST_INO_BATCH-1)) == 0)) {
@@ -46646,29 +45496,11 @@ index ee4e66b..9a39f9c 100644
res = next - LAST_INO_BATCH;
}
-@@ -855,8 +855,7 @@ void lockdep_annotate_inode_mutex_key(struct inode *inode)
- struct file_system_type *type = inode->i_sb->s_type;
-
- /* Set new key only if filesystem hasn't already changed it */
-- if (!lockdep_match_class(&inode->i_mutex,
-- &type->i_mutex_key)) {
-+ if (lockdep_match_class(&inode->i_mutex, &type->i_mutex_key)) {
- /*
- * ensure nobody is actually holding i_mutex
- */
-@@ -883,6 +882,7 @@ void unlock_new_inode(struct inode *inode)
- spin_lock(&inode->i_lock);
- WARN_ON(!(inode->i_state & I_NEW));
- inode->i_state &= ~I_NEW;
-+ smp_mb();
- wake_up_bit(&inode->i_state, __I_NEW);
- spin_unlock(&inode->i_lock);
- }
diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c
-index e513f19..2ab1351 100644
+index eafb8d3..f423d37 100644
--- a/fs/jffs2/erase.c
+++ b/fs/jffs2/erase.c
-@@ -439,7 +439,8 @@ static void jffs2_mark_erased_block(struct jffs2_sb_info *c, struct jffs2_eraseb
+@@ -438,7 +438,8 @@ static void jffs2_mark_erased_block(struct jffs2_sb_info *c, struct jffs2_eraseb
struct jffs2_unknown_node marker = {
.magic = cpu_to_je16(JFFS2_MAGIC_BITMASK),
.nodetype = cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
@@ -46679,10 +45511,10 @@ index e513f19..2ab1351 100644
jffs2_prealloc_raw_node_refs(c, jeb, 1);
diff --git a/fs/jffs2/wbuf.c b/fs/jffs2/wbuf.c
-index b09e51d..e482afa 100644
+index 30e8f47..21f600c 100644
--- a/fs/jffs2/wbuf.c
+++ b/fs/jffs2/wbuf.c
-@@ -1011,7 +1011,8 @@ static const struct jffs2_unknown_node oob_cleanmarker =
+@@ -1012,7 +1012,8 @@ static const struct jffs2_unknown_node oob_cleanmarker =
{
.magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK),
.nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
@@ -46693,10 +45525,10 @@ index b09e51d..e482afa 100644
/*
diff --git a/fs/jfs/super.c b/fs/jfs/super.c
-index a44eff0..462e07d 100644
+index 682bca6..86b8e6e 100644
--- a/fs/jfs/super.c
+++ b/fs/jfs/super.c
-@@ -802,7 +802,7 @@ static int __init init_jfs_fs(void)
+@@ -801,7 +801,7 @@ static int __init init_jfs_fs(void)
jfs_inode_cachep =
kmem_cache_create("jfs_ip", sizeof(struct jfs_inode_info), 0,
@@ -46706,7 +45538,7 @@ index a44eff0..462e07d 100644
if (jfs_inode_cachep == NULL)
return -ENOMEM;
diff --git a/fs/libfs.c b/fs/libfs.c
-index f6d411e..e82a08d 100644
+index 5b2dbb3..7442d54 100644
--- a/fs/libfs.c
+++ b/fs/libfs.c
@@ -165,6 +165,9 @@ int dcache_readdir(struct file * filp, void * dirent, filldir_t filldir)
@@ -46777,10 +45609,10 @@ index 637694b..f84a121 100644
lock_flocks();
diff --git a/fs/namei.c b/fs/namei.c
-index 9680cef..a19f203 100644
+index 46ea9cc..c7cf3a3 100644
--- a/fs/namei.c
+++ b/fs/namei.c
-@@ -279,16 +279,32 @@ int generic_permission(struct inode *inode, int mask)
+@@ -278,16 +278,32 @@ int generic_permission(struct inode *inode, int mask)
if (ret != -EACCES)
return ret;
@@ -46816,7 +45648,7 @@ index 9680cef..a19f203 100644
* Read/write DACs are always overridable.
* Executable DACs are overridable when there is
* at least one exec bit set.
-@@ -297,14 +313,6 @@ int generic_permission(struct inode *inode, int mask)
+@@ -296,14 +312,6 @@ int generic_permission(struct inode *inode, int mask)
if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE))
return 0;
@@ -46831,7 +45663,7 @@ index 9680cef..a19f203 100644
return -EACCES;
}
-@@ -653,11 +661,19 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
+@@ -652,11 +660,19 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
return error;
}
@@ -46852,7 +45684,7 @@ index 9680cef..a19f203 100644
error = 0;
if (s)
error = __vfs_follow_link(nd, s);
-@@ -1624,6 +1640,21 @@ static int path_lookupat(int dfd, const char *name,
+@@ -1650,6 +1666,21 @@ static int path_lookupat(int dfd, const char *name,
if (!err)
err = complete_walk(nd);
@@ -46874,7 +45706,7 @@ index 9680cef..a19f203 100644
if (!err && nd->flags & LOOKUP_DIRECTORY) {
if (!nd->inode->i_op->lookup) {
path_put(&nd->path);
-@@ -1651,6 +1682,15 @@ static int do_path_lookup(int dfd, const char *name,
+@@ -1677,6 +1708,15 @@ static int do_path_lookup(int dfd, const char *name,
retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd);
if (likely(!retval)) {
@@ -46890,7 +45722,7 @@ index 9680cef..a19f203 100644
if (unlikely(!audit_dummy_context())) {
if (nd->path.dentry && nd->inode)
audit_inode(name, nd->path.dentry);
-@@ -2048,6 +2088,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
+@@ -2071,6 +2111,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
if (flag & O_NOATIME && !inode_owner_or_capable(inode))
return -EPERM;
@@ -46904,7 +45736,7 @@ index 9680cef..a19f203 100644
return 0;
}
-@@ -2109,6 +2156,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
+@@ -2132,6 +2179,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
error = complete_walk(nd);
if (error)
return ERR_PTR(error);
@@ -46921,7 +45753,7 @@ index 9680cef..a19f203 100644
audit_inode(pathname, nd->path.dentry);
if (open_flag & O_CREAT) {
error = -EISDIR;
-@@ -2119,6 +2176,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
+@@ -2142,6 +2199,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
error = complete_walk(nd);
if (error)
return ERR_PTR(error);
@@ -46938,7 +45770,7 @@ index 9680cef..a19f203 100644
audit_inode(pathname, dir);
goto ok;
}
-@@ -2140,6 +2207,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
+@@ -2163,6 +2230,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
error = complete_walk(nd);
if (error)
return ERR_PTR(error);
@@ -46955,10 +45787,10 @@ index 9680cef..a19f203 100644
error = -ENOTDIR;
if (nd->flags & LOOKUP_DIRECTORY) {
-@@ -2180,6 +2257,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
+@@ -2203,6 +2280,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
/* Negative dentry, just create the file */
if (!dentry->d_inode) {
- int mode = op->mode;
+ umode_t mode = op->mode;
+
+ if (!gr_acl_handle_creat(path->dentry, nd->path.dentry, path->mnt, open_flag, acc_mode, mode)) {
+ error = -EACCES;
@@ -46968,7 +45800,7 @@ index 9680cef..a19f203 100644
if (!IS_POSIXACL(dir->d_inode))
mode &= ~current_umask();
/*
-@@ -2203,6 +2286,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
+@@ -2226,6 +2309,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
error = vfs_create(dir->d_inode, dentry, mode, nd);
if (error)
goto exit_mutex_unlock;
@@ -46977,7 +45809,7 @@ index 9680cef..a19f203 100644
mutex_unlock(&dir->d_inode->i_mutex);
dput(nd->path.dentry);
nd->path.dentry = dentry;
-@@ -2212,6 +2297,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
+@@ -2235,6 +2320,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path,
/*
* It already exists.
*/
@@ -46997,7 +45829,7 @@ index 9680cef..a19f203 100644
mutex_unlock(&dir->d_inode->i_mutex);
audit_inode(pathname, path->dentry);
-@@ -2424,6 +2522,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path
+@@ -2447,6 +2545,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path
*path = nd.path;
return dentry;
eexist:
@@ -47009,7 +45841,7 @@ index 9680cef..a19f203 100644
dput(dentry);
dentry = ERR_PTR(-EEXIST);
fail:
-@@ -2446,6 +2549,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat
+@@ -2469,6 +2572,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat
}
EXPORT_SYMBOL(user_path_create);
@@ -47027,10 +45859,10 @@ index 9680cef..a19f203 100644
+ return res;
+}
+
- int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
+ int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
{
int error = may_create(dir, dentry);
-@@ -2513,6 +2630,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
+@@ -2536,6 +2653,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode,
error = mnt_want_write(path.mnt);
if (error)
goto out_dput;
@@ -47048,7 +45880,7 @@ index 9680cef..a19f203 100644
error = security_path_mknod(&path, dentry, mode, dev);
if (error)
goto out_drop_write;
-@@ -2530,6 +2658,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode,
+@@ -2553,6 +2681,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode,
}
out_drop_write:
mnt_drop_write(path.mnt);
@@ -47058,7 +45890,7 @@ index 9680cef..a19f203 100644
out_dput:
dput(dentry);
mutex_unlock(&path.dentry->d_inode->i_mutex);
-@@ -2579,12 +2710,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode)
+@@ -2602,12 +2733,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, umode_t, mode)
error = mnt_want_write(path.mnt);
if (error)
goto out_dput;
@@ -47080,7 +45912,7 @@ index 9680cef..a19f203 100644
out_dput:
dput(dentry);
mutex_unlock(&path.dentry->d_inode->i_mutex);
-@@ -2664,6 +2804,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -2687,6 +2827,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
char * name;
struct dentry *dentry;
struct nameidata nd;
@@ -47089,7 +45921,7 @@ index 9680cef..a19f203 100644
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
-@@ -2692,6 +2834,15 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -2715,6 +2857,15 @@ static long do_rmdir(int dfd, const char __user *pathname)
error = -ENOENT;
goto exit3;
}
@@ -47105,7 +45937,7 @@ index 9680cef..a19f203 100644
error = mnt_want_write(nd.path.mnt);
if (error)
goto exit3;
-@@ -2699,6 +2850,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
+@@ -2722,6 +2873,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
if (error)
goto exit4;
error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
@@ -47114,7 +45946,7 @@ index 9680cef..a19f203 100644
exit4:
mnt_drop_write(nd.path.mnt);
exit3:
-@@ -2761,6 +2914,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -2784,6 +2937,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
struct dentry *dentry;
struct nameidata nd;
struct inode *inode = NULL;
@@ -47123,7 +45955,7 @@ index 9680cef..a19f203 100644
error = user_path_parent(dfd, pathname, &nd, &name);
if (error)
-@@ -2783,6 +2938,16 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -2806,6 +2961,16 @@ static long do_unlinkat(int dfd, const char __user *pathname)
if (!inode)
goto slashes;
ihold(inode);
@@ -47140,7 +45972,7 @@ index 9680cef..a19f203 100644
error = mnt_want_write(nd.path.mnt);
if (error)
goto exit2;
-@@ -2790,6 +2955,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
+@@ -2813,6 +2978,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
if (error)
goto exit3;
error = vfs_unlink(nd.path.dentry->d_inode, dentry);
@@ -47149,7 +45981,7 @@ index 9680cef..a19f203 100644
exit3:
mnt_drop_write(nd.path.mnt);
exit2:
-@@ -2865,10 +3032,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
+@@ -2888,10 +3055,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname,
error = mnt_want_write(path.mnt);
if (error)
goto out_dput;
@@ -47168,7 +46000,7 @@ index 9680cef..a19f203 100644
out_drop_write:
mnt_drop_write(path.mnt);
out_dput:
-@@ -2940,6 +3115,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -2963,6 +3138,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
{
struct dentry *new_dentry;
struct path old_path, new_path;
@@ -47176,7 +46008,7 @@ index 9680cef..a19f203 100644
int how = 0;
int error;
-@@ -2963,7 +3139,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -2986,7 +3162,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
if (error)
return error;
@@ -47185,7 +46017,7 @@ index 9680cef..a19f203 100644
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
goto out;
-@@ -2974,13 +3150,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
+@@ -2997,13 +3173,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
error = mnt_want_write(new_path.mnt);
if (error)
goto out_dput;
@@ -47216,7 +46048,7 @@ index 9680cef..a19f203 100644
dput(new_dentry);
mutex_unlock(&new_path.dentry->d_inode->i_mutex);
path_put(&new_path);
-@@ -3208,6 +3401,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
+@@ -3231,6 +3424,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
if (new_dentry == trap)
goto exit5;
@@ -47229,7 +46061,7 @@ index 9680cef..a19f203 100644
error = mnt_want_write(oldnd.path.mnt);
if (error)
goto exit5;
-@@ -3217,6 +3416,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
+@@ -3240,6 +3439,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname,
goto exit6;
error = vfs_rename(old_dir->d_inode, old_dentry,
new_dir->d_inode, new_dentry);
@@ -47239,7 +46071,7 @@ index 9680cef..a19f203 100644
exit6:
mnt_drop_write(oldnd.path.mnt);
exit5:
-@@ -3242,6 +3444,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
+@@ -3265,6 +3467,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
{
@@ -47248,7 +46080,7 @@ index 9680cef..a19f203 100644
int len;
len = PTR_ERR(link);
-@@ -3251,7 +3455,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
+@@ -3274,7 +3478,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
len = strlen(link);
if (len > (unsigned) buflen)
len = buflen;
@@ -47265,10 +46097,10 @@ index 9680cef..a19f203 100644
out:
return len;
diff --git a/fs/namespace.c b/fs/namespace.c
-index cfc6d44..b4632a5 100644
+index e608199..9609cb9 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
-@@ -1326,6 +1326,9 @@ static int do_umount(struct vfsmount *mnt, int flags)
+@@ -1155,6 +1155,9 @@ static int do_umount(struct mount *mnt, int flags)
if (!(sb->s_flags & MS_RDONLY))
retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
up_write(&sb->s_umount);
@@ -47278,7 +46110,7 @@ index cfc6d44..b4632a5 100644
return retval;
}
-@@ -1345,6 +1348,9 @@ static int do_umount(struct vfsmount *mnt, int flags)
+@@ -1174,6 +1177,9 @@ static int do_umount(struct mount *mnt, int flags)
br_write_unlock(vfsmount_lock);
up_write(&namespace_sem);
release_mounts(&umount_list);
@@ -47288,7 +46120,7 @@ index cfc6d44..b4632a5 100644
return retval;
}
-@@ -2336,6 +2342,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
+@@ -2175,6 +2181,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
MS_STRICTATIME);
@@ -47305,7 +46137,7 @@ index cfc6d44..b4632a5 100644
if (flags & MS_REMOUNT)
retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
data_page);
-@@ -2350,6 +2366,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
+@@ -2189,6 +2205,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
dev_name, data_page);
dput_out:
path_put(&path);
@@ -47315,7 +46147,7 @@ index cfc6d44..b4632a5 100644
return retval;
}
-@@ -2605,6 +2624,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
+@@ -2470,6 +2489,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
if (error)
goto out2;
@@ -47327,46 +46159,11 @@ index cfc6d44..b4632a5 100644
get_fs_root(current->fs, &root);
error = lock_mount(&old);
if (error)
-diff --git a/fs/ncpfs/ncplib_kernel.h b/fs/ncpfs/ncplib_kernel.h
-index 09881e6..308ff20 100644
---- a/fs/ncpfs/ncplib_kernel.h
-+++ b/fs/ncpfs/ncplib_kernel.h
-@@ -130,7 +130,7 @@ static inline int ncp_is_nfs_extras(struct ncp_server* server, unsigned int voln
- int ncp__io2vol(struct ncp_server *, unsigned char *, unsigned int *,
- const unsigned char *, unsigned int, int);
- int ncp__vol2io(struct ncp_server *, unsigned char *, unsigned int *,
-- const unsigned char *, unsigned int, int);
-+ const unsigned char *, unsigned int, int) __size_overflow(5);
-
- #define NCP_ESC ':'
- #define NCP_IO_TABLE(sb) (NCP_SBP(sb)->nls_io)
-@@ -146,7 +146,7 @@ int ncp__vol2io(struct ncp_server *, unsigned char *, unsigned int *,
- int ncp__io2vol(unsigned char *, unsigned int *,
- const unsigned char *, unsigned int, int);
- int ncp__vol2io(unsigned char *, unsigned int *,
-- const unsigned char *, unsigned int, int);
-+ const unsigned char *, unsigned int, int) __size_overflow(5);
-
- #define NCP_IO_TABLE(sb) NULL
- #define ncp_tolower(t, c) tolower(c)
-diff --git a/fs/nfs/blocklayout/blocklayout.c b/fs/nfs/blocklayout/blocklayout.c
-index 3db6b82..a57597e 100644
---- a/fs/nfs/blocklayout/blocklayout.c
-+++ b/fs/nfs/blocklayout/blocklayout.c
-@@ -90,7 +90,7 @@ static int is_writable(struct pnfs_block_extent *be, sector_t isect)
- */
- struct parallel_io {
- struct kref refcnt;
-- struct rpc_call_ops call_ops;
-+ rpc_call_ops_no_const call_ops;
- void (*pnfs_callback) (void *data);
- void *data;
- };
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
-index 50a15fa..ca113f9 100644
+index f649fba..236bf92 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
-@@ -150,7 +150,7 @@ static void nfs_zap_caches_locked(struct inode *inode)
+@@ -151,7 +151,7 @@ static void nfs_zap_caches_locked(struct inode *inode)
nfsi->attrtimeo = NFS_MINATTRTIMEO(inode);
nfsi->attrtimeo_timestamp = jiffies;
@@ -47375,7 +46172,7 @@ index 50a15fa..ca113f9 100644
if (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))
nfsi->cache_validity |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_DATA|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL|NFS_INO_REVAL_PAGECACHE;
else
-@@ -1002,16 +1002,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt
+@@ -1003,16 +1003,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt
return nfs_size_to_loff_t(fattr->size) > i_size_read(inode);
}
@@ -47396,10 +46193,10 @@ index 50a15fa..ca113f9 100644
void nfs_fattr_init(struct nfs_fattr *fattr)
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
-index 7a2e442..8e544cc 100644
+index edf6d3e..bdd1da7 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
-@@ -914,7 +914,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
+@@ -925,7 +925,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
} else {
oldfs = get_fs();
set_fs(KERNEL_DS);
@@ -47408,7 +46205,7 @@ index 7a2e442..8e544cc 100644
set_fs(oldfs);
}
-@@ -1018,7 +1018,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
+@@ -1029,7 +1029,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
/* Write the data. */
oldfs = get_fs(); set_fs(KERNEL_DS);
@@ -47417,7 +46214,7 @@ index 7a2e442..8e544cc 100644
set_fs(oldfs);
if (host_err < 0)
goto out_nfserr;
-@@ -1553,7 +1553,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp)
+@@ -1564,7 +1564,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp)
*/
oldfs = get_fs(); set_fs(KERNEL_DS);
@@ -47426,36 +46223,11 @@ index 7a2e442..8e544cc 100644
set_fs(oldfs);
if (host_err < 0)
-diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c
-index d327140..501b7f8 100644
---- a/fs/nilfs2/the_nilfs.c
-+++ b/fs/nilfs2/the_nilfs.c
-@@ -409,6 +409,12 @@ static int nilfs_store_disk_layout(struct the_nilfs *nilfs,
- nilfs->ns_first_data_block = le64_to_cpu(sbp->s_first_data_block);
- nilfs->ns_r_segments_percentage =
- le32_to_cpu(sbp->s_r_segments_percentage);
-+ if (nilfs->ns_r_segments_percentage < 1 ||
-+ nilfs->ns_r_segments_percentage > 99) {
-+ printk(KERN_ERR "NILFS: invalid reserved segments percentage.\n");
-+ return -EINVAL;
-+ }
-+
- nilfs_set_nsegments(nilfs, le64_to_cpu(sbp->s_nsegments));
- nilfs->ns_crc_seed = le32_to_cpu(sbp->s_crc_seed);
- return 0;
-@@ -515,6 +521,7 @@ static int nilfs_load_super_block(struct the_nilfs *nilfs,
- brelse(sbh[1]);
- sbh[1] = NULL;
- sbp[1] = NULL;
-+ valid[1] = 0;
- swp = 0;
- }
- if (!valid[swp]) {
diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
-index 9fde1c0..14e8827 100644
+index 3568c8a..e0240d8 100644
--- a/fs/notify/fanotify/fanotify_user.c
+++ b/fs/notify/fanotify/fanotify_user.c
-@@ -276,7 +276,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
+@@ -278,7 +278,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
goto out_close_fd;
ret = -EFAULT;
@@ -47606,7 +46378,7 @@ index ba5d97e..c77db25 100644
}
}
diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c
-index 4994f8b..eaab8eb 100644
+index 604e12c..8426483 100644
--- a/fs/ocfs2/super.c
+++ b/fs/ocfs2/super.c
@@ -301,11 +301,11 @@ static int ocfs2_osb_dump(struct ocfs2_super *osb, char *buf, int len)
@@ -47626,7 +46398,7 @@ index 4994f8b..eaab8eb 100644
out += snprintf(buf + out, len - out,
"%10s => State: %u Descriptor: %llu Size: %u bits "
-@@ -2119,11 +2119,11 @@ static int ocfs2_initialize_super(struct super_block *sb,
+@@ -2117,11 +2117,11 @@ static int ocfs2_initialize_super(struct super_block *sb,
spin_lock_init(&osb->osb_xattr_lock);
ocfs2_init_steal_slots(osb);
@@ -47657,7 +46429,7 @@ index 5d22872..523db20 100644
kfree(link);
}
diff --git a/fs/open.c b/fs/open.c
-index 22c41b5..78894cf 100644
+index 77becc0..aad7bd9 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -112,6 +112,10 @@ static long do_sys_truncate(const char __user *pathname, loff_t length)
@@ -47732,7 +46504,7 @@ index 22c41b5..78894cf 100644
+ goto out_unlock;
+ }
+
- error = security_path_chmod(path->dentry, path->mnt, mode);
+ error = security_path_chmod(path, mode);
if (error)
goto out_unlock;
@@ -506,6 +538,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
@@ -47745,46 +46517,8 @@ index 22c41b5..78894cf 100644
newattrs.ia_valid = ATTR_CTIME;
if (user != (uid_t) -1) {
newattrs.ia_valid |= ATTR_UID;
-diff --git a/fs/partitions/efi.c b/fs/partitions/efi.c
-index 6296b40..417c00f 100644
---- a/fs/partitions/efi.c
-+++ b/fs/partitions/efi.c
-@@ -234,14 +234,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state,
- if (!gpt)
- return NULL;
-
-+ if (!le32_to_cpu(gpt->num_partition_entries))
-+ return NULL;
-+ pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL);
-+ if (!pte)
-+ return NULL;
-+
- count = le32_to_cpu(gpt->num_partition_entries) *
- le32_to_cpu(gpt->sizeof_partition_entry);
-- if (!count)
-- return NULL;
-- pte = kzalloc(count, GFP_KERNEL);
-- if (!pte)
-- return NULL;
--
- if (read_lba(state, le64_to_cpu(gpt->partition_entry_lba),
- (u8 *) pte,
- count) < count) {
-diff --git a/fs/partitions/ldm.c b/fs/partitions/ldm.c
-index bd8ae78..539d250 100644
---- a/fs/partitions/ldm.c
-+++ b/fs/partitions/ldm.c
-@@ -1324,7 +1324,7 @@ static bool ldm_frag_add (const u8 *data, int size, struct list_head *frags)
- goto found;
- }
-
-- f = kmalloc (sizeof (*f) + size*num, GFP_KERNEL);
-+ f = kmalloc (size*num + sizeof (*f), GFP_KERNEL);
- if (!f) {
- ldm_crit ("Out of memory.");
- return false;
diff --git a/fs/pipe.c b/fs/pipe.c
-index 4065f07..68c0706 100644
+index a932ced..6495412 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -420,9 +420,9 @@ redo:
@@ -47942,7 +46676,7 @@ index 15af622..0e9f4467 100644
help
Various /proc files exist to monitor process memory utilization:
diff --git a/fs/proc/array.c b/fs/proc/array.c
-index 3a1dafd..bf1bd84 100644
+index c602b8d..a7de642 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -60,6 +60,7 @@
@@ -48013,7 +46747,7 @@ index 3a1dafd..bf1bd84 100644
+
state = *get_task_state(task);
vsize = eip = esp = 0;
- permitted = ptrace_may_access(task, PTRACE_MODE_READ);
+ permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT);
@@ -449,6 +487,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
gtime = task->gtime;
}
@@ -48050,7 +46784,7 @@ index 3a1dafd..bf1bd84 100644
esp,
eip,
/* The signal information here is obsolete.
-@@ -533,8 +590,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
+@@ -536,8 +593,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *task)
{
unsigned long size = 0, resident = 0, shared = 0, text = 0, data = 0;
@@ -48067,7 +46801,7 @@ index 3a1dafd..bf1bd84 100644
if (mm) {
size = task_statm(mm, &shared, &text, &data, &resident);
mmput(mm);
-@@ -544,3 +608,18 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
+@@ -547,3 +611,18 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
return 0;
}
@@ -48087,10 +46821,10 @@ index 3a1dafd..bf1bd84 100644
+}
+#endif
diff --git a/fs/proc/base.c b/fs/proc/base.c
-index 1ace83d..f5e575d 100644
+index d4548dd..d101f84 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
-@@ -107,6 +107,22 @@ struct pid_entry {
+@@ -109,6 +109,14 @@ struct pid_entry {
union proc_op op;
};
@@ -48102,45 +46836,10 @@ index 1ace83d..f5e575d 100644
+ int error;
+};
+
-+static int gr_fake_filldir(void * __buf, const char *name, int namlen,
-+ loff_t offset, u64 ino, unsigned int d_type)
-+{
-+ struct getdents_callback * buf = (struct getdents_callback *) __buf;
-+ buf->error = -EINVAL;
-+ return 0;
-+}
-+
#define NOD(NAME, MODE, IOP, FOP, OP) { \
.name = (NAME), \
.len = sizeof(NAME) - 1, \
-@@ -194,26 +210,6 @@ static int proc_root_link(struct inode *inode, struct path *path)
- return result;
- }
-
--static struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
--{
-- struct mm_struct *mm;
-- int err;
--
-- err = mutex_lock_killable(&task->signal->cred_guard_mutex);
-- if (err)
-- return ERR_PTR(err);
--
-- mm = get_task_mm(task);
-- if (mm && mm != current->mm &&
-- !ptrace_may_access(task, mode)) {
-- mmput(mm);
-- mm = ERR_PTR(-EACCES);
-- }
-- mutex_unlock(&task->signal->cred_guard_mutex);
--
-- return mm;
--}
--
- struct mm_struct *mm_for_maps(struct task_struct *task)
- {
- return mm_access(task, PTRACE_MODE_READ);
-@@ -229,6 +225,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer)
+@@ -213,6 +221,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer)
if (!mm->arg_end)
goto out_mm; /* Shh! No looking before we're done */
@@ -48150,7 +46849,7 @@ index 1ace83d..f5e575d 100644
len = mm->arg_end - mm->arg_start;
if (len > PAGE_SIZE)
-@@ -256,12 +255,28 @@ out:
+@@ -240,12 +251,28 @@ out:
return res;
}
@@ -48179,7 +46878,7 @@ index 1ace83d..f5e575d 100644
do {
nwords += 2;
} while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */
-@@ -275,7 +290,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer)
+@@ -259,7 +286,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer)
}
@@ -48188,7 +46887,7 @@ index 1ace83d..f5e575d 100644
/*
* Provides a wchan file via kallsyms in a proper one-value-per-file format.
* Returns the resolved symbol. If that fails, simply return the address.
-@@ -314,7 +329,7 @@ static void unlock_trace(struct task_struct *task)
+@@ -298,7 +325,7 @@ static void unlock_trace(struct task_struct *task)
mutex_unlock(&task->signal->cred_guard_mutex);
}
@@ -48197,7 +46896,7 @@ index 1ace83d..f5e575d 100644
#define MAX_STACK_TRACE_DEPTH 64
-@@ -505,7 +520,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer)
+@@ -489,7 +516,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer)
return count;
}
@@ -48206,7 +46905,7 @@ index 1ace83d..f5e575d 100644
static int proc_pid_syscall(struct task_struct *task, char *buffer)
{
long nr;
-@@ -534,7 +549,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer)
+@@ -518,7 +545,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer)
/************************************************************************/
/* permission checks */
@@ -48215,19 +46914,67 @@ index 1ace83d..f5e575d 100644
{
struct task_struct *task;
int allowed = 0;
-@@ -544,7 +559,10 @@ static int proc_fd_access_allowed(struct inode *inode)
+@@ -528,7 +555,10 @@ static int proc_fd_access_allowed(struct inode *inode)
*/
task = get_proc_task(inode);
if (task) {
- allowed = ptrace_may_access(task, PTRACE_MODE_READ);
+ if (log)
-+ allowed = ptrace_may_access_log(task, PTRACE_MODE_READ);
-+ else
+ allowed = ptrace_may_access(task, PTRACE_MODE_READ);
++ else
++ allowed = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT);
put_task_struct(task);
}
return allowed;
-@@ -786,6 +804,10 @@ static int mem_open(struct inode* inode, struct file* file)
+@@ -566,10 +596,35 @@ static bool has_pid_permissions(struct pid_namespace *pid,
+ struct task_struct *task,
+ int hide_pid_min)
+ {
++ if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
++ return false;
++
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ rcu_read_lock();
++ {
++ const struct cred *tmpcred = current_cred();
++ const struct cred *cred = __task_cred(task);
++
++ if (!tmpcred->uid || (tmpcred->uid == cred->uid)
++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++ || in_group_p(CONFIG_GRKERNSEC_PROC_GID)
++#endif
++ ) {
++ rcu_read_unlock();
++ return true;
++ }
++ }
++ rcu_read_unlock();
++
++ if (!pid->hide_pid)
++ return false;
++#endif
++
+ if (pid->hide_pid < hide_pid_min)
+ return true;
+ if (in_group_p(pid->pid_gid))
+ return true;
++
+ return ptrace_may_access(task, PTRACE_MODE_READ);
+ }
+
+@@ -587,7 +642,11 @@ static int proc_pid_permission(struct inode *inode, int mask)
+ put_task_struct(task);
+
+ if (!has_perms) {
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++ {
++#else
+ if (pid->hide_pid == 2) {
++#endif
+ /*
+ * Let's make getdents(), stat(), and open()
+ * consistent with each other. If a process
+@@ -702,6 +761,10 @@ static int mem_open(struct inode* inode, struct file* file)
file->f_mode |= FMODE_UNSIGNED_OFFSET;
file->private_data = mm;
@@ -48238,7 +46985,7 @@ index 1ace83d..f5e575d 100644
return 0;
}
-@@ -797,6 +819,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
+@@ -713,6 +776,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
ssize_t copied;
char *page;
@@ -48256,7 +47003,7 @@ index 1ace83d..f5e575d 100644
if (!mm)
return 0;
-@@ -897,6 +930,9 @@ static ssize_t environ_read(struct file *file, char __user *buf,
+@@ -813,6 +887,9 @@ static ssize_t environ_read(struct file *file, char __user *buf,
if (!task)
goto out_no_task;
@@ -48266,16 +47013,16 @@ index 1ace83d..f5e575d 100644
ret = -ENOMEM;
page = (char *)__get_free_page(GFP_TEMPORARY);
if (!page)
-@@ -1519,7 +1555,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd)
+@@ -1434,7 +1511,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd)
path_put(&nd->path);
/* Are we allowed to snoop on the tasks file descriptors? */
- if (!proc_fd_access_allowed(inode))
-+ if (!proc_fd_access_allowed(inode,0))
++ if (!proc_fd_access_allowed(inode, 0))
goto out;
- error = PROC_I(inode)->op.proc_get_link(inode, &nd->path);
-@@ -1558,8 +1594,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
+ error = PROC_I(inode)->op.proc_get_link(dentry, &nd->path);
+@@ -1473,8 +1550,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
struct path path;
/* Are we allowed to snoop on the tasks file descriptors? */
@@ -48294,9 +47041,9 @@ index 1ace83d..f5e575d 100644
+ goto out;
+ }
- error = PROC_I(inode)->op.proc_get_link(inode, &path);
+ error = PROC_I(inode)->op.proc_get_link(dentry, &path);
if (error)
-@@ -1624,7 +1670,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
+@@ -1539,7 +1626,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
rcu_read_lock();
cred = __task_cred(task);
inode->i_uid = cred->euid;
@@ -48308,35 +47055,9 @@ index 1ace83d..f5e575d 100644
rcu_read_unlock();
}
security_task_to_inode(task, inode);
-@@ -1642,6 +1692,9 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
- struct inode *inode = dentry->d_inode;
- struct task_struct *task;
- const struct cred *cred;
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ const struct cred *tmpcred = current_cred();
-+#endif
-
- generic_fillattr(inode, stat);
-
-@@ -1649,13 +1702,41 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
- stat->uid = 0;
- stat->gid = 0;
- task = pid_task(proc_pid(inode), PIDTYPE_PID);
-+
-+ if (task && (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))) {
-+ rcu_read_unlock();
-+ return -ENOENT;
-+ }
-+
- if (task) {
-+ cred = __task_cred(task);
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ if (!tmpcred->uid || (tmpcred->uid == cred->uid)
-+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+ || in_group_p(CONFIG_GRKERNSEC_PROC_GID)
-+#endif
-+ ) {
-+#endif
+@@ -1575,10 +1666,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
+ return -ENOENT;
+ }
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
+#ifdef CONFIG_GRKERNSEC_PROC_USER
+ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
@@ -48344,7 +47065,7 @@ index 1ace83d..f5e575d 100644
+ (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
+#endif
task_dumpable(task)) {
-- cred = __task_cred(task);
+ cred = __task_cred(task);
stat->uid = cred->euid;
+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
+ stat->gid = CONFIG_GRKERNSEC_PROC_GID;
@@ -48352,16 +47073,9 @@ index 1ace83d..f5e575d 100644
stat->gid = cred->egid;
+#endif
}
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ } else {
-+ rcu_read_unlock();
-+ return -ENOENT;
-+ }
-+#endif
}
rcu_read_unlock();
- return 0;
-@@ -1692,11 +1773,20 @@ int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
+@@ -1616,11 +1716,20 @@ int pid_revalidate(struct dentry *dentry, struct nameidata *nd)
if (task) {
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
@@ -48382,7 +47096,7 @@ index 1ace83d..f5e575d 100644
rcu_read_unlock();
} else {
inode->i_uid = 0;
-@@ -1814,7 +1904,8 @@ static int proc_fd_info(struct inode *inode, struct path *path, char *info)
+@@ -1738,7 +1847,8 @@ static int proc_fd_info(struct inode *inode, struct path *path, char *info)
int fd = proc_fd(inode);
if (task) {
@@ -48392,7 +47106,7 @@ index 1ace83d..f5e575d 100644
put_task_struct(task);
}
if (files) {
-@@ -2082,11 +2173,21 @@ static const struct file_operations proc_fd_operations = {
+@@ -2355,11 +2465,21 @@ static const struct file_operations proc_map_files_operations = {
*/
static int proc_fd_permission(struct inode *inode, int mask)
{
@@ -48416,7 +47130,7 @@ index 1ace83d..f5e575d 100644
return rv;
}
-@@ -2196,6 +2297,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
+@@ -2469,6 +2589,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
if (!task)
goto out_no_task;
@@ -48426,7 +47140,7 @@ index 1ace83d..f5e575d 100644
/*
* Yes, it does not scale. And it should not. Don't add
* new entries into /proc/<tgid>/ without very good reasons.
-@@ -2240,6 +2344,9 @@ static int proc_pident_readdir(struct file *filp,
+@@ -2513,6 +2636,9 @@ static int proc_pident_readdir(struct file *filp,
if (!task)
goto out_no_task;
@@ -48436,7 +47150,7 @@ index 1ace83d..f5e575d 100644
ret = 0;
i = filp->f_pos;
switch (i) {
-@@ -2510,7 +2617,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd)
+@@ -2783,7 +2909,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd)
static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd,
void *cookie)
{
@@ -48445,7 +47159,7 @@ index 1ace83d..f5e575d 100644
if (!IS_ERR(s))
__putname(s);
}
-@@ -2708,7 +2815,7 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2984,7 +3110,7 @@ static const struct pid_entry tgid_base_stuff[] = {
REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
@@ -48454,7 +47168,7 @@ index 1ace83d..f5e575d 100644
INF("syscall", S_IRUGO, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -2733,10 +2840,10 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -3009,10 +3135,10 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
@@ -48467,7 +47181,7 @@ index 1ace83d..f5e575d 100644
ONE("stack", S_IRUGO, proc_pid_stack),
#endif
#ifdef CONFIG_SCHEDSTATS
-@@ -2770,6 +2877,9 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -3046,6 +3172,9 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_HARDWALL
INF("hardwall", S_IRUGO, proc_pid_hardwall),
#endif
@@ -48477,7 +47191,7 @@ index 1ace83d..f5e575d 100644
};
static int proc_tgid_base_readdir(struct file * filp,
-@@ -2895,7 +3005,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir,
+@@ -3172,7 +3301,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir,
if (!inode)
goto out;
@@ -48492,7 +47206,7 @@ index 1ace83d..f5e575d 100644
inode->i_op = &proc_tgid_base_inode_operations;
inode->i_fop = &proc_tgid_base_operations;
inode->i_flags|=S_IMMUTABLE;
-@@ -2937,7 +3054,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct
+@@ -3214,7 +3350,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct
if (!task)
goto out;
@@ -48504,48 +47218,16 @@ index 1ace83d..f5e575d 100644
put_task_struct(task);
out:
return result;
-@@ -3002,6 +3123,11 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir)
+@@ -3277,6 +3417,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi
+ static int fake_filldir(void *buf, const char *name, int namelen,
+ loff_t offset, u64 ino, unsigned d_type)
{
- unsigned int nr;
- struct task_struct *reaper;
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ const struct cred *tmpcred = current_cred();
-+ const struct cred *itercred;
-+#endif
-+ filldir_t __filldir = filldir;
- struct tgid_iter iter;
- struct pid_namespace *ns;
++ struct getdents_callback * __buf = (struct getdents_callback *) buf;
++ __buf->error = -EINVAL;
+ return 0;
+ }
-@@ -3025,8 +3151,27 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir)
- for (iter = next_tgid(ns, iter);
- iter.task;
- iter.tgid += 1, iter = next_tgid(ns, iter)) {
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ rcu_read_lock();
-+ itercred = __task_cred(iter.task);
-+#endif
-+ if (gr_pid_is_chrooted(iter.task) || gr_check_hidden_task(iter.task)
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ || (tmpcred->uid && (itercred->uid != tmpcred->uid)
-+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
-+ && !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
-+#endif
-+ )
-+#endif
-+ )
-+ __filldir = &gr_fake_filldir;
-+ else
-+ __filldir = filldir;
-+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
-+ rcu_read_unlock();
-+#endif
- filp->f_pos = iter.tgid + TGID_OFFSET;
-- if (proc_pid_fill_cache(filp, dirent, filldir, iter) < 0) {
-+ if (proc_pid_fill_cache(filp, dirent, __filldir, iter) < 0) {
- put_task_struct(iter.task);
- goto out;
- }
-@@ -3054,7 +3199,7 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -3343,7 +3485,7 @@ static const struct pid_entry tid_base_stuff[] = {
REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
@@ -48554,7 +47236,7 @@ index 1ace83d..f5e575d 100644
INF("syscall", S_IRUGO, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -3078,10 +3223,10 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -3367,10 +3509,10 @@ static const struct pid_entry tid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
@@ -48600,13 +47282,13 @@ index b143471..bb105e5 100644
}
module_init(proc_devices_init);
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
-index 7737c54..7172574 100644
+index 84fd323..f698a32 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
-@@ -18,12 +18,18 @@
- #include <linux/module.h>
- #include <linux/sysctl.h>
+@@ -21,12 +21,18 @@
+ #include <linux/seq_file.h>
#include <linux/slab.h>
+ #include <linux/mount.h>
+#include <linux/grsecurity.h>
#include <asm/system.h>
@@ -48622,7 +47304,7 @@ index 7737c54..7172574 100644
static void proc_evict_inode(struct inode *inode)
{
struct proc_dir_entry *de;
-@@ -49,6 +55,13 @@ static void proc_evict_inode(struct inode *inode)
+@@ -52,6 +58,13 @@ static void proc_evict_inode(struct inode *inode)
ns_ops = PROC_I(inode)->ns_ops;
if (ns_ops && ns_ops->put)
ns_ops->put(PROC_I(inode)->ns);
@@ -48636,7 +47318,7 @@ index 7737c54..7172574 100644
}
static struct kmem_cache * proc_inode_cachep;
-@@ -440,7 +453,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
+@@ -457,7 +470,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
if (de->mode) {
inode->i_mode = de->mode;
inode->i_uid = de->uid;
@@ -48649,7 +47331,7 @@ index 7737c54..7172574 100644
if (de->size)
inode->i_size = de->size;
diff --git a/fs/proc/internal.h b/fs/proc/internal.h
-index 7838e5c..ff92cbc 100644
+index 2925775..4f08fae 100644
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@ -51,6 +51,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
@@ -48751,7 +47433,7 @@ index b1822dd..df622cb 100644
seq_putc(m, '\n');
diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c
-index f738024..876984a 100644
+index 06e1cc1..177cd98 100644
--- a/fs/proc/proc_net.c
+++ b/fs/proc/proc_net.c
@@ -105,6 +105,17 @@ static struct net *get_proc_task_net(struct inode *dir)
@@ -48867,10 +47549,10 @@ index a6b6217..1e0579d 100644
.permission = proc_sys_permission,
.setattr = proc_sys_setattr,
diff --git a/fs/proc/root.c b/fs/proc/root.c
-index 03102d9..4ae347e 100644
+index 46a15d8..335631a 100644
--- a/fs/proc/root.c
+++ b/fs/proc/root.c
-@@ -121,7 +121,15 @@ void __init proc_root_init(void)
+@@ -187,7 +187,15 @@ void __init proc_root_init(void)
#ifdef CONFIG_PROC_DEVICETREE
proc_device_tree_init();
#endif
@@ -49253,7 +47935,7 @@ index 7a99811..a7c96c4 100644
SF(s_do_balance), SF(s_unneeded_left_neighbor),
SF(s_good_search_by_key_reada), SF(s_bmaps),
diff --git a/fs/select.c b/fs/select.c
-index d33418f..2a5345e 100644
+index e782258..3b4b44c 100644
--- a/fs/select.c
+++ b/fs/select.c
@@ -20,6 +20,7 @@
@@ -49273,7 +47955,7 @@ index d33418f..2a5345e 100644
return -EINVAL;
diff --git a/fs/seq_file.c b/fs/seq_file.c
-index dba43c3..4b3f701 100644
+index 4023d6b..53b39c5 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -9,6 +9,7 @@
@@ -49294,7 +47976,47 @@ index dba43c3..4b3f701 100644
/*
* Wrappers around seq_open(e.g. swaps_open) need to be
-@@ -549,7 +553,7 @@ static void single_stop(struct seq_file *p, void *v)
+@@ -76,7 +80,8 @@ static int traverse(struct seq_file *m, loff_t offset)
+ return 0;
+ }
+ if (!m->buf) {
+- m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL);
++ m->size = PAGE_SIZE;
++ m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
+ if (!m->buf)
+ return -ENOMEM;
+ }
+@@ -116,7 +121,8 @@ static int traverse(struct seq_file *m, loff_t offset)
+ Eoverflow:
+ m->op->stop(m, p);
+ kfree(m->buf);
+- m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
++ m->size <<= 1;
++ m->buf = kmalloc(m->size, GFP_KERNEL);
+ return !m->buf ? -ENOMEM : -EAGAIN;
+ }
+
+@@ -169,7 +175,8 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos)
+ m->version = file->f_version;
+ /* grab buffer if we didn't have one */
+ if (!m->buf) {
+- m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL);
++ m->size = PAGE_SIZE;
++ m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL);
+ if (!m->buf)
+ goto Enomem;
+ }
+@@ -210,7 +217,8 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos)
+ goto Fill;
+ m->op->stop(m, p);
+ kfree(m->buf);
+- m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
++ m->size <<= 1;
++ m->buf = kmalloc(m->size, GFP_KERNEL);
+ if (!m->buf)
+ goto Enomem;
+ m->count = 0;
+@@ -549,7 +557,7 @@ static void single_stop(struct seq_file *p, void *v)
int single_open(struct file *file, int (*show)(struct seq_file *, void *),
void *data)
{
@@ -49304,10 +48026,10 @@ index dba43c3..4b3f701 100644
if (op) {
diff --git a/fs/splice.c b/fs/splice.c
-index fa2defa..8601650 100644
+index 1ec0493..d6ab5c2 100644
--- a/fs/splice.c
+++ b/fs/splice.c
-@@ -194,7 +194,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
+@@ -193,7 +193,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
pipe_lock(pipe);
for (;;) {
@@ -49316,7 +48038,7 @@ index fa2defa..8601650 100644
send_sig(SIGPIPE, current, 0);
if (!ret)
ret = -EPIPE;
-@@ -248,9 +248,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
+@@ -247,9 +247,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
do_wakeup = 0;
}
@@ -49328,7 +48050,7 @@ index fa2defa..8601650 100644
}
pipe_unlock(pipe);
-@@ -560,7 +560,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec,
+@@ -559,7 +559,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec,
old_fs = get_fs();
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
@@ -49337,7 +48059,7 @@ index fa2defa..8601650 100644
set_fs(old_fs);
return res;
-@@ -575,7 +575,7 @@ static ssize_t kernel_write(struct file *file, const char *buf, size_t count,
+@@ -574,7 +574,7 @@ static ssize_t kernel_write(struct file *file, const char *buf, size_t count,
old_fs = get_fs();
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
@@ -49346,7 +48068,7 @@ index fa2defa..8601650 100644
set_fs(old_fs);
return res;
-@@ -626,7 +626,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
+@@ -625,7 +625,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
goto err;
this_len = min_t(size_t, len, PAGE_CACHE_SIZE - offset);
@@ -49355,7 +48077,7 @@ index fa2defa..8601650 100644
vec[i].iov_len = this_len;
spd.pages[i] = page;
spd.nr_pages++;
-@@ -846,10 +846,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed);
+@@ -845,10 +845,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed);
int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
{
while (!pipe->nrbufs) {
@@ -49368,7 +48090,7 @@ index fa2defa..8601650 100644
return 0;
if (sd->flags & SPLICE_F_NONBLOCK)
-@@ -1182,7 +1182,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
+@@ -1181,7 +1181,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
* out of the pipe right after the splice_to_pipe(). So set
* PIPE_READERS appropriately.
*/
@@ -49377,7 +48099,7 @@ index fa2defa..8601650 100644
current->splice_pipe = pipe;
}
-@@ -1734,9 +1734,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1733,9 +1733,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
ret = -ERESTARTSYS;
break;
}
@@ -49389,7 +48111,7 @@ index fa2defa..8601650 100644
if (flags & SPLICE_F_NONBLOCK) {
ret = -EAGAIN;
break;
-@@ -1768,7 +1768,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1767,7 +1767,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
pipe_lock(pipe);
while (pipe->nrbufs >= pipe->buffers) {
@@ -49398,7 +48120,7 @@ index fa2defa..8601650 100644
send_sig(SIGPIPE, current, 0);
ret = -EPIPE;
break;
-@@ -1781,9 +1781,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1780,9 +1780,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
ret = -ERESTARTSYS;
break;
}
@@ -49410,7 +48132,7 @@ index fa2defa..8601650 100644
}
pipe_unlock(pipe);
-@@ -1819,14 +1819,14 @@ retry:
+@@ -1818,14 +1818,14 @@ retry:
pipe_double_lock(ipipe, opipe);
do {
@@ -49427,7 +48149,7 @@ index fa2defa..8601650 100644
break;
/*
-@@ -1923,7 +1923,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
+@@ -1922,7 +1922,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
pipe_double_lock(ipipe, opipe);
do {
@@ -49436,7 +48158,7 @@ index fa2defa..8601650 100644
send_sig(SIGPIPE, current, 0);
if (!ret)
ret = -EPIPE;
-@@ -1968,7 +1968,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
+@@ -1967,7 +1967,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
* return EAGAIN if we have the potential of some data in the
* future, otherwise just return 0
*/
@@ -49445,19 +48167,6 @@ index fa2defa..8601650 100644
ret = -EAGAIN;
pipe_unlock(ipipe);
-diff --git a/fs/sysfs/bin.c b/fs/sysfs/bin.c
-index a475983..9c6a1f0 100644
---- a/fs/sysfs/bin.c
-+++ b/fs/sysfs/bin.c
-@@ -67,6 +67,8 @@ fill_read(struct file *file, char *buffer, loff_t off, size_t count)
- }
-
- static ssize_t
-+read(struct file *file, char __user *userbuf, size_t bytes, loff_t *off) __size_overflow(3);
-+static ssize_t
- read(struct file *file, char __user *userbuf, size_t bytes, loff_t *off)
- {
- struct bin_buffer *bb = file->private_data;
diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
index 7fdf6a7..e6cd8ad 100644
--- a/fs/sysfs/dir.c
@@ -49482,7 +48191,7 @@ index 7fdf6a7..e6cd8ad 100644
sd = sysfs_new_dirent(name, mode, SYSFS_DIR);
if (!sd)
diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
-index 779789a..f58193c 100644
+index 00012e3..8392349 100644
--- a/fs/sysfs/file.c
+++ b/fs/sysfs/file.c
@@ -37,7 +37,7 @@ static DEFINE_SPINLOCK(sysfs_open_dirent_lock);
@@ -49543,44 +48252,6 @@ index a7ac78f..02158e1 100644
if (!IS_ERR(page))
free_page((unsigned long)page);
}
-diff --git a/fs/ubifs/debug.c b/fs/ubifs/debug.c
-index b09ba2d..1cad1a8 100644
---- a/fs/ubifs/debug.c
-+++ b/fs/ubifs/debug.c
-@@ -2817,6 +2817,7 @@ static ssize_t dfs_file_read(struct file *file, char __user *u, size_t count,
- * debugfs file. Returns %0 or %1 in case of success and a negative error code
- * in case of failure.
- */
-+static int interpret_user_input(const char __user *u, size_t count) __size_overflow(2);
- static int interpret_user_input(const char __user *u, size_t count)
- {
- size_t buf_size;
-@@ -2835,6 +2836,8 @@ static int interpret_user_input(const char __user *u, size_t count)
- }
-
- static ssize_t dfs_file_write(struct file *file, const char __user *u,
-+ size_t count, loff_t *ppos) __size_overflow(3);
-+static ssize_t dfs_file_write(struct file *file, const char __user *u,
- size_t count, loff_t *ppos)
- {
- struct ubifs_info *c = file->private_data;
-diff --git a/fs/udf/file.c b/fs/udf/file.c
-index dca0c38..d567b84 100644
---- a/fs/udf/file.c
-+++ b/fs/udf/file.c
-@@ -201,12 +201,10 @@ out:
- static int udf_release_file(struct inode *inode, struct file *filp)
- {
- if (filp->f_mode & FMODE_WRITE) {
-- mutex_lock(&inode->i_mutex);
- down_write(&UDF_I(inode)->i_data_sem);
- udf_discard_prealloc(inode);
- udf_truncate_tail_extent(inode);
- up_write(&UDF_I(inode)->i_data_sem);
-- mutex_unlock(&inode->i_mutex);
- }
- return 0;
- }
diff --git a/fs/udf/misc.c b/fs/udf/misc.c
index c175b4d..8f36a16 100644
--- a/fs/udf/misc.c
@@ -49620,7 +48291,7 @@ index ba653f3..06ea4b1 100644
error = notify_change(path->dentry, &newattrs);
mutex_unlock(&inode->i_mutex);
diff --git a/fs/xattr.c b/fs/xattr.c
-index 67583de..c5aad14 100644
+index 82f4337..236473c 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -315,7 +315,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr);
@@ -49682,7 +48353,7 @@ index 67583de..c5aad14 100644
if (!error) {
- error = setxattr(dentry, name, value, size, flags);
+ error = setxattr(&f->f_path, name, value, size, flags);
- mnt_drop_write(f->f_path.mnt);
+ mnt_drop_write_file(f);
}
fput(f);
diff --git a/fs/xattr_acl.c b/fs/xattr_acl.c
@@ -49701,7 +48372,7 @@ index 8d5a506..7f62712 100644
struct posix_acl *acl;
struct posix_acl_entry *acl_e;
diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c
-index d0ab788..827999b 100644
+index 188ef2f..adcf864 100644
--- a/fs/xfs/xfs_bmap.c
+++ b/fs/xfs/xfs_bmap.c
@@ -190,7 +190,7 @@ xfs_bmap_validate_ret(
@@ -49735,7 +48406,7 @@ index 79d05e8..e3e5861 100644
*offset = off & 0x7fffffff;
return 0;
diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
-index d99a905..9f88202 100644
+index 76f3ca5..f57f712 100644
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
@@ -128,7 +128,7 @@ xfs_find_handle(
@@ -49748,7 +48419,7 @@ index d99a905..9f88202 100644
goto out_put;
diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c
-index 23ce927..e274cc1 100644
+index ab30253..4d86958 100644
--- a/fs/xfs/xfs_iops.c
+++ b/fs/xfs/xfs_iops.c
@@ -447,7 +447,7 @@ xfs_vn_put_link(
@@ -50890,10 +49561,10 @@ index 0000000..1b9afa9
+endif
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
new file mode 100644
-index 0000000..2d9c682
+index 0000000..e8c5d41
--- /dev/null
+++ b/grsecurity/gracl.c
-@@ -0,0 +1,4172 @@
+@@ -0,0 +1,4179 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -50918,6 +49589,7 @@ index 0000000..2d9c682
+#include <linux/pid_namespace.h>
+#include <linux/fdtable.h>
+#include <linux/percpu.h>
++#include "../fs/mount.h"
+
+#include <asm/uaccess.h>
+#include <asm/errno.h>
@@ -51089,6 +49761,7 @@ index 0000000..2d9c682
+{
+ struct dentry *dentry = path->dentry;
+ struct vfsmount *vfsmnt = path->mnt;
++ struct mount *mnt = real_mount(vfsmnt);
+ bool slash = false;
+ int error = 0;
+
@@ -51097,11 +49770,12 @@ index 0000000..2d9c682
+
+ if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
+ /* Global root? */
-+ if (vfsmnt->mnt_parent == vfsmnt) {
++ if (!mnt_has_parent(mnt)) {
+ goto out;
+ }
-+ dentry = vfsmnt->mnt_mountpoint;
-+ vfsmnt = vfsmnt->mnt_parent;
++ dentry = mnt->mnt_mountpoint;
++ mnt = mnt->mnt_parent;
++ vfsmnt = &mnt->mnt;
+ continue;
+ }
+ parent = dentry->d_parent;
@@ -52754,6 +51428,7 @@ index 0000000..2d9c682
+{
+ struct dentry *dentry = (struct dentry *) l_dentry;
+ struct vfsmount *mnt = (struct vfsmount *) l_mnt;
++ struct mount *real_mnt = real_mount(mnt);
+ struct acl_object_label *retval;
+ struct dentry *parent;
+
@@ -52778,15 +51453,16 @@ index 0000000..2d9c682
+ break;
+
+ if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
-+ if (mnt->mnt_parent == mnt)
++ if (!mnt_has_parent(real_mnt))
+ break;
+
+ retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
+ if (retval != NULL)
+ goto out;
+
-+ dentry = mnt->mnt_mountpoint;
-+ mnt = mnt->mnt_parent;
++ dentry = real_mnt->mnt_mountpoint;
++ real_mnt = real_mnt->mnt_parent;
++ mnt = &real_mnt->mnt;
+ continue;
+ }
+
@@ -52841,6 +51517,7 @@ index 0000000..2d9c682
+{
+ struct dentry *dentry = (struct dentry *) l_dentry;
+ struct vfsmount *mnt = (struct vfsmount *) l_mnt;
++ struct mount *real_mnt = real_mount(mnt);
+ struct acl_subject_label *retval;
+ struct dentry *parent;
+
@@ -52851,7 +51528,7 @@ index 0000000..2d9c682
+ if (dentry == real_root.dentry && mnt == real_root.mnt)
+ break;
+ if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
-+ if (mnt->mnt_parent == mnt)
++ if (!mnt_has_parent(real_mnt))
+ break;
+
+ spin_lock(&dentry->d_lock);
@@ -52864,8 +51541,9 @@ index 0000000..2d9c682
+ if (retval != NULL)
+ goto out;
+
-+ dentry = mnt->mnt_mountpoint;
-+ mnt = mnt->mnt_parent;
++ dentry = real_mnt->mnt_mountpoint;
++ real_mnt = real_mnt->mnt_parent;
++ mnt = &real_mnt->mnt;
+ continue;
+ }
+
@@ -55179,10 +53857,10 @@ index 0000000..34fefda
+}
diff --git a/grsecurity/gracl_cap.c b/grsecurity/gracl_cap.c
new file mode 100644
-index 0000000..955ddfb
+index 0000000..6d21049
--- /dev/null
+++ b/grsecurity/gracl_cap.c
-@@ -0,0 +1,101 @@
+@@ -0,0 +1,110 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -55193,11 +53871,8 @@ index 0000000..955ddfb
+extern const char *captab_log[];
+extern int captab_log_entries;
+
-+int
-+gr_acl_is_capable(const int cap)
++int gr_task_acl_is_capable(const struct task_struct *task, const struct cred *cred, const int cap)
+{
-+ struct task_struct *task = current;
-+ const struct cred *cred = current_cred();
+ struct acl_subject_label *curracl;
+ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
+ kernel_cap_t cap_audit = __cap_empty_set;
@@ -55248,11 +53923,17 @@ index 0000000..955ddfb
+
+ if ((cap >= 0) && (cap < captab_log_entries) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
+ gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
++
+ return 0;
+}
+
+int
-+gr_acl_is_capable_nolog(const int cap)
++gr_acl_is_capable(const int cap)
++{
++ return gr_task_acl_is_capable(current, current_cred(), cap);
++}
++
++int gr_task_acl_is_capable_nolog(const struct task_struct *task, const int cap)
+{
+ struct acl_subject_label *curracl;
+ kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
@@ -55260,7 +53941,7 @@ index 0000000..955ddfb
+ if (!gr_acl_is_enabled())
+ return 1;
+
-+ curracl = current->acl;
++ curracl = task->acl;
+
+ cap_drop = curracl->cap_lower;
+ cap_mask = curracl->cap_mask;
@@ -55284,6 +53965,12 @@ index 0000000..955ddfb
+ return 0;
+}
+
++int
++gr_acl_is_capable_nolog(const int cap)
++{
++ return gr_task_acl_is_capable_nolog(current, cap);
++}
++
diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c
new file mode 100644
index 0000000..88d0e87
@@ -56777,10 +55464,10 @@ index 0000000..bc0be01
+}
diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c
new file mode 100644
-index 0000000..a2dc675
+index 0000000..9807ee2
--- /dev/null
+++ b/grsecurity/grsec_chroot.c
-@@ -0,0 +1,351 @@
+@@ -0,0 +1,368 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -56788,7 +55475,7 @@ index 0000000..a2dc675
+#include <linux/fs.h>
+#include <linux/mount.h>
+#include <linux/types.h>
-+#include <linux/pid_namespace.h>
++#include "../fs/mount.h"
+#include <linux/grsecurity.h>
+#include <linux/grinternal.h>
+
@@ -56796,7 +55483,7 @@ index 0000000..a2dc675
+{
+#ifdef CONFIG_GRKERNSEC
+ if (task->pid > 1 && path->dentry != init_task.fs->root.dentry &&
-+ path->dentry != task->nsproxy->mnt_ns->root->mnt_root)
++ path->dentry != task->nsproxy->mnt_ns->root->mnt.mnt_root)
+ task->gr_is_chrooted = 1;
+ else
+ task->gr_is_chrooted = 0;
@@ -57065,15 +55752,14 @@ index 0000000..a2dc675
+extern int captab_log_entries;
+
+int
-+gr_chroot_is_capable(const int cap)
++gr_task_chroot_is_capable(const struct task_struct *task, const struct cred *cred, const int cap)
+{
+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
-+ if (grsec_enable_chroot_caps && proc_is_chrooted(current)) {
++ if (grsec_enable_chroot_caps && proc_is_chrooted(task)) {
+ kernel_cap_t chroot_caps = GR_CHROOT_CAPS;
+ if (cap_raised(chroot_caps, cap)) {
-+ const struct cred *creds = current_cred();
-+ if (cap_raised(creds->cap_effective, cap) && cap < captab_log_entries) {
-+ gr_log_cap(GR_DONT_AUDIT, GR_CAP_CHROOT_MSG, current, captab_log[cap]);
++ if (cap_raised(cred->cap_effective, cap) && cap < captab_log_entries) {
++ gr_log_cap(GR_DONT_AUDIT, GR_CAP_CHROOT_MSG, task, captab_log[cap]);
+ }
+ return 0;
+ }
@@ -57083,10 +55769,19 @@ index 0000000..a2dc675
+}
+
+int
-+gr_chroot_is_capable_nolog(const int cap)
++gr_chroot_is_capable(const int cap)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
++ return gr_task_chroot_is_capable(current, current_cred(), cap);
++#endif
++ return 1;
++}
++
++int
++gr_task_chroot_is_capable_nolog(const struct task_struct *task, const int cap)
+{
+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
-+ if (grsec_enable_chroot_caps && proc_is_chrooted(current)) {
++ if (grsec_enable_chroot_caps && proc_is_chrooted(task)) {
+ kernel_cap_t chroot_caps = GR_CHROOT_CAPS;
+ if (cap_raised(chroot_caps, cap)) {
+ return 0;
@@ -57097,6 +55792,15 @@ index 0000000..a2dc675
+}
+
+int
++gr_chroot_is_capable_nolog(const int cap)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
++ return gr_task_chroot_is_capable_nolog(current, cap);
++#endif
++ return 1;
++}
++
++int
+gr_handle_chroot_sysctl(const int op)
+{
+#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
@@ -57577,10 +56281,10 @@ index 0000000..213ad8b
+#endif
diff --git a/grsecurity/grsec_exec.c b/grsecurity/grsec_exec.c
new file mode 100644
-index 0000000..2b05ada
+index 0000000..abfa971
--- /dev/null
+++ b/grsecurity/grsec_exec.c
-@@ -0,0 +1,146 @@
+@@ -0,0 +1,174 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
@@ -57658,8 +56362,12 @@ index 0000000..2b05ada
+#ifdef CONFIG_GRKERNSEC
+extern int gr_acl_is_capable(const int cap);
+extern int gr_acl_is_capable_nolog(const int cap);
++extern int gr_task_acl_is_capable(const struct task_struct *task, const struct cred *cred, const int cap);
++extern int gr_task_acl_is_capable_nolog(const struct task_struct *task, const int cap);
+extern int gr_chroot_is_capable(const int cap);
+extern int gr_chroot_is_capable_nolog(const int cap);
++extern int gr_task_chroot_is_capable(const struct task_struct *task, const struct cred *cred, const int cap);
++extern int gr_task_chroot_is_capable_nolog(const struct task_struct *task, const int cap);
+#endif
+
+const char *captab_log[] = {
@@ -57714,6 +56422,17 @@ index 0000000..2b05ada
+#endif
+}
+
++int gr_task_is_capable(const struct task_struct *task, const struct cred *cred, const int cap)
++{
++#ifdef CONFIG_GRKERNSEC
++ if (gr_task_acl_is_capable(task, cred, cap) && gr_task_chroot_is_capable(task, cred, cap))
++ return 1;
++ return 0;
++#else
++ return 1;
++#endif
++}
++
+int gr_is_capable_nolog(const int cap)
+{
+#ifdef CONFIG_GRKERNSEC
@@ -57725,8 +56444,21 @@ index 0000000..2b05ada
+#endif
+}
+
++int gr_task_is_capable_nolog(const struct task_struct *task, const int cap)
++{
++#ifdef CONFIG_GRKERNSEC
++ if (gr_task_acl_is_capable_nolog(task, cap) && gr_task_chroot_is_capable_nolog(task, cap))
++ return 1;
++ return 0;
++#else
++ return 1;
++#endif
++}
++
+EXPORT_SYMBOL(gr_is_capable);
+EXPORT_SYMBOL(gr_is_capable_nolog);
++EXPORT_SYMBOL(gr_task_is_capable);
++EXPORT_SYMBOL(gr_task_is_capable_nolog);
diff --git a/grsecurity/grsec_fifo.c b/grsecurity/grsec_fifo.c
new file mode 100644
index 0000000..d3ee748
@@ -60098,6 +58830,32 @@ index 0d68a1e..b74a761 100644
{
machine_restart(NULL);
}
+diff --git a/include/asm-generic/int-l64.h b/include/asm-generic/int-l64.h
+index 1ca3efc..e3dc852 100644
+--- a/include/asm-generic/int-l64.h
++++ b/include/asm-generic/int-l64.h
+@@ -46,6 +46,8 @@ typedef unsigned int u32;
+ typedef signed long s64;
+ typedef unsigned long u64;
+
++typedef unsigned int intoverflow_t __attribute__ ((mode(TI)));
++
+ #define S8_C(x) x
+ #define U8_C(x) x ## U
+ #define S16_C(x) x
+diff --git a/include/asm-generic/int-ll64.h b/include/asm-generic/int-ll64.h
+index f394147..b6152b9 100644
+--- a/include/asm-generic/int-ll64.h
++++ b/include/asm-generic/int-ll64.h
+@@ -51,6 +51,8 @@ typedef unsigned int u32;
+ typedef signed long long s64;
+ typedef unsigned long long u64;
+
++typedef unsigned long long intoverflow_t;
++
+ #define S8_C(x) x
+ #define U8_C(x) x ## U
+ #define S16_C(x) x
diff --git a/include/asm-generic/kmap_types.h b/include/asm-generic/kmap_types.h
index 0232ccb..13d9165 100644
--- a/include/asm-generic/kmap_types.h
@@ -60220,70 +58978,6 @@ index 76bff2b..c7a14e2 100644
#endif /* !__ASSEMBLY__ */
#endif /* _ASM_GENERIC_PGTABLE_H */
-diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h
-index ac68c99..90d3439 100644
---- a/include/asm-generic/uaccess.h
-+++ b/include/asm-generic/uaccess.h
-@@ -76,6 +76,8 @@ extern unsigned long search_exception_table(unsigned long);
- */
- #ifndef __copy_from_user
- static inline __must_check long __copy_from_user(void *to,
-+ const void __user * from, unsigned long n) __size_overflow(3);
-+static inline __must_check long __copy_from_user(void *to,
- const void __user * from, unsigned long n)
- {
- if (__builtin_constant_p(n)) {
-@@ -106,6 +108,8 @@ static inline __must_check long __copy_from_user(void *to,
-
- #ifndef __copy_to_user
- static inline __must_check long __copy_to_user(void __user *to,
-+ const void *from, unsigned long n) __size_overflow(3);
-+static inline __must_check long __copy_to_user(void __user *to,
- const void *from, unsigned long n)
- {
- if (__builtin_constant_p(n)) {
-@@ -224,6 +228,7 @@ extern int __put_user_bad(void) __attribute__((noreturn));
- -EFAULT; \
- })
-
-+static inline int __get_user_fn(size_t size, const void __user *ptr, void *x) __size_overflow(1);
- static inline int __get_user_fn(size_t size, const void __user *ptr, void *x)
- {
- size = __copy_from_user(x, ptr, size);
-@@ -240,6 +245,7 @@ extern int __get_user_bad(void) __attribute__((noreturn));
- #define __copy_to_user_inatomic __copy_to_user
- #endif
-
-+static inline long copy_from_user(void *to, const void __user * from, unsigned long n) __size_overflow(3);
- static inline long copy_from_user(void *to,
- const void __user * from, unsigned long n)
- {
-@@ -250,6 +256,7 @@ static inline long copy_from_user(void *to,
- return n;
- }
-
-+static inline long copy_to_user(void __user *to, const void *from, unsigned long n) __size_overflow(3);
- static inline long copy_to_user(void __user *to,
- const void *from, unsigned long n)
- {
-@@ -309,6 +316,8 @@ static inline long strlen_user(const char __user *src)
- */
- #ifndef __clear_user
- static inline __must_check unsigned long
-+__clear_user(void __user *to, unsigned long n) __size_overflow(2);
-+static inline __must_check unsigned long
- __clear_user(void __user *to, unsigned long n)
- {
- memset((void __force *)to, 0, n);
-@@ -317,6 +326,8 @@ __clear_user(void __user *to, unsigned long n)
- #endif
-
- static inline __must_check unsigned long
-+clear_user(void __user *to, unsigned long n) __size_overflow(2);
-+static inline __must_check unsigned long
- clear_user(void __user *to, unsigned long n)
- {
- might_sleep();
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
index b5e2e4c..6a5373e 100644
--- a/include/asm-generic/vmlinux.lds.h
@@ -60320,7 +59014,7 @@ index b5e2e4c..6a5373e 100644
/**
* PERCPU_SECTION - define output section for percpu area, simple version
diff --git a/include/drm/drmP.h b/include/drm/drmP.h
-index bf4b2dc..2d0762f 100644
+index 92f0981..d44a37c 100644
--- a/include/drm/drmP.h
+++ b/include/drm/drmP.h
@@ -72,6 +72,7 @@
@@ -60350,7 +59044,7 @@ index bf4b2dc..2d0762f 100644
struct list_head filelist;
diff --git a/include/drm/drm_crtc_helper.h b/include/drm/drm_crtc_helper.h
-index 73b0712..0b7ef2f 100644
+index 37515d1..34fa8b0 100644
--- a/include/drm/drm_crtc_helper.h
+++ b/include/drm/drm_crtc_helper.h
@@ -74,7 +74,7 @@ struct drm_crtc_helper_funcs {
@@ -60404,7 +59098,7 @@ index e86dfca..40cc55f 100644
#define N_MAGIC(exec) ((exec).a_info & 0xffff)
#endif
diff --git a/include/linux/atmdev.h b/include/linux/atmdev.h
-index 49a83ca..df96b54 100644
+index f4ff882..84b53a6 100644
--- a/include/linux/atmdev.h
+++ b/include/linux/atmdev.h
@@ -237,7 +237,7 @@ struct compat_atm_iobuf {
@@ -60417,27 +59111,10 @@ index 49a83ca..df96b54 100644
#undef __HANDLE_ITEM
};
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
-index fd88a39..8a801b4 100644
+index 0092102..8a801b4 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
-@@ -18,7 +18,7 @@ struct pt_regs;
- #define BINPRM_BUF_SIZE 128
-
- #ifdef __KERNEL__
--#include <linux/list.h>
-+#include <linux/sched.h>
-
- #define CORENAME_MAX_SIZE 128
-
-@@ -58,6 +58,7 @@ struct linux_binprm {
- unsigned interp_flags;
- unsigned interp_data;
- unsigned long loader, exec;
-+ char tcomm[TASK_COMM_LEN];
- };
-
- #define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0
-@@ -88,6 +89,7 @@ struct linux_binfmt {
+@@ -89,6 +89,7 @@ struct linux_binfmt {
int (*load_binary)(struct linux_binprm *, struct pt_regs * regs);
int (*load_shlib)(struct file *);
int (*core_dump)(struct coredump_params *cprm);
@@ -60446,10 +59123,10 @@ index fd88a39..8a801b4 100644
};
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
-index 0ed1eb0..3ab569b 100644
+index 606cf33..b72c577 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
-@@ -1315,7 +1315,7 @@ struct block_device_operations {
+@@ -1379,7 +1379,7 @@ struct block_device_operations {
/* this callback is with swap_lock and sometimes page table lock held */
void (*swap_slot_free_notify) (struct block_device *, unsigned long);
struct module *owner;
@@ -60555,16 +59232,15 @@ index 4c57065..4307975 100644
#define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES)))
#endif
diff --git a/include/linux/capability.h b/include/linux/capability.h
-index a63d13d..069bfd5 100644
+index 12d52de..b5f7fa7 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
-@@ -548,6 +548,9 @@ extern bool capable(int cap);
+@@ -548,6 +548,8 @@ extern bool has_ns_capability_noaudit(struct task_struct *t,
+ extern bool capable(int cap);
extern bool ns_capable(struct user_namespace *ns, int cap);
- extern bool task_ns_capable(struct task_struct *t, int cap);
extern bool nsown_capable(int cap);
-+extern bool task_ns_capable_nolog(struct task_struct *t, int cap);
-+extern bool ns_capable_nolog(struct user_namespace *ns, int cap);
+extern bool capable_nolog(int cap);
++extern bool ns_capable_nolog(struct user_namespace *ns, int cap);
/* audit system wants to get cap info from files as well */
extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps);
@@ -60582,11 +59258,11 @@ index 04ffb2e..6799180 100644
extern struct cleancache_ops
cleancache_register_ops(struct cleancache_ops *ops);
diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index dfadc96..d90deca 100644
+index 2f40791..89a56fd 100644
--- a/include/linux/compiler-gcc4.h
+++ b/include/linux/compiler-gcc4.h
-@@ -31,6 +31,15 @@
-
+@@ -32,6 +32,12 @@
+ #define __linktime_error(message) __attribute__((__error__(message)))
#if __GNUC_MINOR__ >= 5
+
@@ -60595,13 +59271,10 @@ index dfadc96..d90deca 100644
+#define __do_const __attribute__((do_const))
+#endif
+
-+#ifdef SIZE_OVERFLOW_PLUGIN
-+#define __size_overflow(...) __attribute__((size_overflow(__VA_ARGS__)))
-+#endif
/*
* Mark a position in code as unreachable. This can be used to
* suppress control flow warnings after asm blocks that transfer
-@@ -46,6 +55,11 @@
+@@ -47,6 +53,11 @@
#define __noclone __attribute__((__noclone__))
#endif
@@ -60614,7 +59287,7 @@ index dfadc96..d90deca 100644
#if __GNUC_MINOR__ > 0
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
-index 320d6c9..1221a6b 100644
+index 4a24354..9570c1b 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -5,31 +5,62 @@
@@ -60690,7 +59363,7 @@ index 320d6c9..1221a6b 100644
#endif
#ifdef __KERNEL__
-@@ -264,6 +297,17 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
+@@ -264,6 +297,14 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
# define __attribute_const__ /* unimplemented */
#endif
@@ -60702,13 +59375,10 @@ index 320d6c9..1221a6b 100644
+# define __do_const
+#endif
+
-+#ifndef __size_overflow
-+# define __size_overflow(...)
-+#endif
/*
* Tell gcc if a function is cold. The compiler will assume any path
* directly leading to the call is unlikely.
-@@ -273,6 +317,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
+@@ -273,6 +314,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
#define __cold
#endif
@@ -60731,7 +59401,7 @@ index 320d6c9..1221a6b 100644
/* Simple shorthand for a section definition */
#ifndef __section
# define __section(S) __attribute__ ((__section__(#S)))
-@@ -306,6 +366,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
+@@ -308,6 +365,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
* use is to mediate communication between process-level code and irq/NMI
* handlers, all running on the same CPU.
*/
@@ -60753,21 +59423,8 @@ index e9eaec5..bfeb9bb 100644
}
static inline void set_mems_allowed(nodemask_t nodemask)
-diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h
-index b936763..48685ee 100644
---- a/include/linux/crash_dump.h
-+++ b/include/linux/crash_dump.h
-@@ -14,7 +14,7 @@ extern unsigned long long elfcorehdr_addr;
- extern unsigned long long elfcorehdr_size;
-
- extern ssize_t copy_oldmem_page(unsigned long, char *, size_t,
-- unsigned long, int);
-+ unsigned long, int) __size_overflow(3);
-
- /* Architecture code defines this if there are other possible ELF
- * machine types, e.g. on bi-arch capable hardware. */
diff --git a/include/linux/cred.h b/include/linux/cred.h
-index 4030896..8d6f342 100644
+index adadf71..6af5560 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -207,6 +207,9 @@ static inline void validate_creds_for_do_exit(struct task_struct *tsk)
@@ -60836,10 +59493,10 @@ index e13117c..e9fc938 100644
#define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1))
diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 2362a0b..cfaf8fcc 100644
+index 37c3007..92ab679 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
-@@ -446,7 +446,7 @@ struct efivar_operations {
+@@ -580,7 +580,7 @@ struct efivar_operations {
efi_get_variable_t *get_variable;
efi_get_next_variable_t *get_next_variable;
efi_set_variable_t *set_variable;
@@ -60849,10 +59506,10 @@ index 2362a0b..cfaf8fcc 100644
struct efivars {
/*
diff --git a/include/linux/elf.h b/include/linux/elf.h
-index 31f0508..5421c01 100644
+index 999b4f5..57753b4 100644
--- a/include/linux/elf.h
+++ b/include/linux/elf.h
-@@ -49,6 +49,17 @@ typedef __s64 Elf64_Sxword;
+@@ -40,6 +40,17 @@ typedef __s64 Elf64_Sxword;
#define PT_GNU_EH_FRAME 0x6474e550
#define PT_GNU_STACK (PT_LOOS + 0x474e551)
@@ -60870,7 +59527,7 @@ index 31f0508..5421c01 100644
/*
* Extended Numbering
-@@ -106,6 +117,8 @@ typedef __s64 Elf64_Sxword;
+@@ -97,6 +108,8 @@ typedef __s64 Elf64_Sxword;
#define DT_DEBUG 21
#define DT_TEXTREL 22
#define DT_JMPREL 23
@@ -60879,7 +59536,7 @@ index 31f0508..5421c01 100644
#define DT_ENCODING 32
#define OLD_DT_LOOS 0x60000000
#define DT_LOOS 0x6000000d
-@@ -252,6 +265,19 @@ typedef struct elf64_hdr {
+@@ -243,6 +256,19 @@ typedef struct elf64_hdr {
#define PF_W 0x2
#define PF_X 0x1
@@ -60899,7 +59556,7 @@ index 31f0508..5421c01 100644
typedef struct elf32_phdr{
Elf32_Word p_type;
Elf32_Off p_offset;
-@@ -344,6 +370,8 @@ typedef struct elf64_shdr {
+@@ -335,6 +361,8 @@ typedef struct elf64_shdr {
#define EI_OSABI 7
#define EI_PAD 8
@@ -60908,7 +59565,7 @@ index 31f0508..5421c01 100644
#define ELFMAG0 0x7f /* EI_MAG */
#define ELFMAG1 'E'
#define ELFMAG2 'L'
-@@ -423,6 +451,7 @@ extern Elf32_Dyn _DYNAMIC [];
+@@ -421,6 +449,7 @@ extern Elf32_Dyn _DYNAMIC [];
#define elf_note elf32_note
#define elf_addr_t Elf32_Off
#define Elf_Half Elf32_Half
@@ -60916,7 +59573,7 @@ index 31f0508..5421c01 100644
#else
-@@ -433,6 +462,7 @@ extern Elf64_Dyn _DYNAMIC [];
+@@ -431,6 +460,7 @@ extern Elf64_Dyn _DYNAMIC [];
#define elf_note elf64_note
#define elf_addr_t Elf64_Off
#define Elf_Half Elf64_Half
@@ -60960,10 +59617,10 @@ index 84ccf8e..2e9b14c 100644
};
diff --git a/include/linux/fs.h b/include/linux/fs.h
-index 10b2288..09180e4 100644
+index 69cd5bb..58425c2 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
-@@ -1609,7 +1609,8 @@ struct file_operations {
+@@ -1623,7 +1623,8 @@ struct file_operations {
int (*setlease)(struct file *, long, struct file_lock **);
long (*fallocate)(struct file *file, int mode, loff_t offset,
loff_t len);
@@ -61056,7 +59713,7 @@ index c3da42d..c70e0df 100644
int trace_set_clr_event(const char *system, const char *event, int set);
diff --git a/include/linux/genhd.h b/include/linux/genhd.h
-index c6f7f6a..aa0f7d3 100644
+index e61d319..0da8505 100644
--- a/include/linux/genhd.h
+++ b/include/linux/genhd.h
@@ -185,7 +185,7 @@ struct gendisk {
@@ -61898,10 +60555,10 @@ index 0000000..ae576a1
+#define GR_BADPROCPID_MSG "denied read of sensitive /proc/pid/%s entry via fd passed across exec by "
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
new file mode 100644
-index 0000000..2ccf677
+index 0000000..acd05db
--- /dev/null
+++ b/include/linux/grsecurity.h
-@@ -0,0 +1,229 @@
+@@ -0,0 +1,232 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -62013,6 +60670,9 @@ index 0000000..2ccf677
+
+int gr_is_capable(const int cap);
+int gr_is_capable_nolog(const int cap);
++int gr_task_is_capable(const struct task_struct *task, const struct cred *cred, const int cap);
++int gr_task_is_capable_nolog(const struct task_struct *task, const int cap);
++
+void gr_learn_resource(const struct task_struct *task, const int limit,
+ const unsigned long wanted, const int gt);
+void gr_copy_label(struct task_struct *tsk);
@@ -62157,10 +60817,10 @@ index 0000000..e7ffaaf
+
+#endif
diff --git a/include/linux/hid.h b/include/linux/hid.h
-index c235e4e..f0cf7a0 100644
+index 3a95da6..51986f1 100644
--- a/include/linux/hid.h
+++ b/include/linux/hid.h
-@@ -679,7 +679,7 @@ struct hid_ll_driver {
+@@ -696,7 +696,7 @@ struct hid_ll_driver {
unsigned int code, int value);
int (*parse)(struct hid_device *hdev);
@@ -62193,7 +60853,7 @@ index 3a93f73..b19d0b3 100644
unsigned start1, unsigned end1,
unsigned start2, unsigned end2)
diff --git a/include/linux/i2c.h b/include/linux/i2c.h
-index 07d103a..04ec65b 100644
+index 8e25a91..551b161 100644
--- a/include/linux/i2c.h
+++ b/include/linux/i2c.h
@@ -364,6 +364,7 @@ struct i2c_algorithm {
@@ -62217,11 +60877,32 @@ index a6deef4..c56a7f2 100644
struct list_head context_list; /* list of context id's
and pointers */
#endif
+diff --git a/include/linux/if_team.h b/include/linux/if_team.h
+index 58404b0..439ed95 100644
+--- a/include/linux/if_team.h
++++ b/include/linux/if_team.h
+@@ -64,6 +64,7 @@ struct team_mode_ops {
+ void (*port_leave)(struct team *team, struct team_port *port);
+ void (*port_change_mac)(struct team *team, struct team_port *port);
+ };
++typedef struct team_mode_ops __no_const team_mode_ops_no_const;
+
+ enum team_option_type {
+ TEAM_OPTION_TYPE_U32,
+@@ -112,7 +113,7 @@ struct team {
+ struct list_head option_list;
+
+ const struct team_mode *mode;
+- struct team_mode_ops ops;
++ team_mode_ops_no_const ops;
+ long mode_priv[TEAM_MODE_PRIV_LONGS];
+ };
+
diff --git a/include/linux/init.h b/include/linux/init.h
-index 9146f39..885354d 100644
+index 6b95109..4aca62c 100644
--- a/include/linux/init.h
+++ b/include/linux/init.h
-@@ -293,13 +293,13 @@ void __init parse_early_options(char *cmdline);
+@@ -294,13 +294,13 @@ void __init parse_early_options(char *cmdline);
/* Each module must use one module_init(). */
#define module_init(initfn) \
@@ -62238,10 +60919,10 @@ index 9146f39..885354d 100644
void cleanup_module(void) __attribute__((alias(#exitfn)));
diff --git a/include/linux/init_task.h b/include/linux/init_task.h
-index 32574ee..00d4ef1 100644
+index 9c66b1a..a3fdded 100644
--- a/include/linux/init_task.h
+++ b/include/linux/init_task.h
-@@ -128,6 +128,12 @@ extern struct cred init_cred;
+@@ -127,6 +127,12 @@ extern struct cred init_cred;
#define INIT_TASK_COMM "swapper"
@@ -62254,7 +60935,7 @@ index 32574ee..00d4ef1 100644
/*
* INIT_TASK is used to set up the first task table, touch at
* your own risk!. Base=0, limit=0x1fffff (=2MB)
-@@ -166,6 +172,7 @@ extern struct cred init_cred;
+@@ -165,6 +171,7 @@ extern struct cred init_cred;
RCU_INIT_POINTER(.cred, &init_cred), \
.comm = INIT_TASK_COMM, \
.thread = INIT_THREAD, \
@@ -62366,7 +61047,7 @@ index fa39183..40160be 100644
extern struct kgdb_arch arch_kgdb_ops;
diff --git a/include/linux/kmod.h b/include/linux/kmod.h
-index b16f653..eb908f4 100644
+index 722f477..eef2a27 100644
--- a/include/linux/kmod.h
+++ b/include/linux/kmod.h
@@ -34,6 +34,8 @@ extern char modprobe_path[]; /* for sysctl */
@@ -62378,11 +61059,24 @@ index b16f653..eb908f4 100644
#define request_module(mod...) __request_module(true, mod)
#define request_module_nowait(mod...) __request_module(false, mod)
#define try_then_request_module(x, mod...) \
+diff --git a/include/linux/kref.h b/include/linux/kref.h
+index 9c07dce..a92fa71 100644
+--- a/include/linux/kref.h
++++ b/include/linux/kref.h
+@@ -63,7 +63,7 @@ static inline void kref_get(struct kref *kref)
+ static inline int kref_sub(struct kref *kref, unsigned int count,
+ void (*release)(struct kref *kref))
+ {
+- WARN_ON(release == NULL);
++ BUG_ON(release == NULL);
+
+ if (atomic_sub_and_test((int) count, &kref->refcount)) {
+ release(kref);
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
-index d526231..c9599fc 100644
+index 900c763..43260cf 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
-@@ -308,7 +308,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu);
+@@ -326,7 +326,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu);
void vcpu_load(struct kvm_vcpu *vcpu);
void vcpu_put(struct kvm_vcpu *vcpu);
@@ -62391,34 +61085,7 @@ index d526231..c9599fc 100644
struct module *module);
void kvm_exit(void);
-@@ -385,20 +385,20 @@ void kvm_get_pfn(pfn_t pfn);
- int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int offset,
- int len);
- int kvm_read_guest_atomic(struct kvm *kvm, gpa_t gpa, void *data,
-- unsigned long len);
--int kvm_read_guest(struct kvm *kvm, gpa_t gpa, void *data, unsigned long len);
-+ unsigned long len) __size_overflow(4);
-+int kvm_read_guest(struct kvm *kvm, gpa_t gpa, void *data, unsigned long len) __size_overflow(2,4);
- int kvm_read_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
-- void *data, unsigned long len);
-+ void *data, unsigned long len) __size_overflow(4);
- int kvm_write_guest_page(struct kvm *kvm, gfn_t gfn, const void *data,
- int offset, int len);
- int kvm_write_guest(struct kvm *kvm, gpa_t gpa, const void *data,
-- unsigned long len);
-+ unsigned long len) __size_overflow(2,4);
- int kvm_write_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
-- void *data, unsigned long len);
-+ void *data, unsigned long len) __size_overflow(4);
- int kvm_gfn_to_hva_cache_init(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
- gpa_t gpa);
- int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len);
--int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len);
-+int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len) __size_overflow(2,3);
- struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn);
- int kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn);
- unsigned long kvm_host_page_size(struct kvm *kvm, gfn_t gfn);
-@@ -454,7 +454,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
+@@ -485,7 +485,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
struct kvm_guest_debug *dbg);
int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run);
@@ -62427,15 +61094,6 @@ index d526231..c9599fc 100644
void kvm_arch_exit(void);
int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
-@@ -690,7 +690,7 @@ int kvm_setup_default_irq_routing(struct kvm *kvm);
- int kvm_set_irq_routing(struct kvm *kvm,
- const struct kvm_irq_routing_entry *entries,
- unsigned nr,
-- unsigned flags);
-+ unsigned flags) __size_overflow(3);
- void kvm_free_irq_routing(struct kvm *kvm);
-
- #else
diff --git a/include/linux/libata.h b/include/linux/libata.h
index cafc09a..d7e7829 100644
--- a/include/linux/libata.h
@@ -62463,10 +61121,10 @@ index 3797270..7765ede 100644
struct mca_bus {
u64 default_dma_mask;
diff --git a/include/linux/memory.h b/include/linux/memory.h
-index 935699b..11042cc 100644
+index 1ac7f6e..a5794d0 100644
--- a/include/linux/memory.h
+++ b/include/linux/memory.h
-@@ -144,7 +144,7 @@ struct memory_accessor {
+@@ -143,7 +143,7 @@ struct memory_accessor {
size_t count);
ssize_t (*write)(struct memory_accessor *, const char *buf,
off_t offset, size_t count);
@@ -62488,7 +61146,7 @@ index 9970337..9444122 100644
int abx500_register_ops(struct device *core_dev, struct abx500_ops *ops);
void abx500_remove_ops(struct device *dev);
diff --git a/include/linux/mm.h b/include/linux/mm.h
-index 4baadd1..2e0b45e 100644
+index 17b27cd..467ba2f 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -115,7 +115,14 @@ extern unsigned int kobjsize(const void *objp);
@@ -62557,7 +61215,7 @@ index 4baadd1..2e0b45e 100644
int vma_wants_writenotify(struct vm_area_struct *vma);
extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr,
-@@ -1419,6 +1407,7 @@ out:
+@@ -1409,6 +1397,7 @@ out:
}
extern int do_munmap(struct mm_struct *, unsigned long, size_t);
@@ -62565,7 +61223,7 @@ index 4baadd1..2e0b45e 100644
extern unsigned long do_brk(unsigned long, unsigned long);
-@@ -1476,6 +1465,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
+@@ -1466,6 +1455,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
struct vm_area_struct **pprev);
@@ -62576,8 +61234,8 @@ index 4baadd1..2e0b45e 100644
/* Look up the first VMA which intersects the interval start_addr..end_addr-1,
NULL if none. Assume start_addr < end_addr. */
static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
-@@ -1492,15 +1485,6 @@ static inline unsigned long vma_pages(struct vm_area_struct *vma)
- return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT;
+@@ -1494,15 +1487,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
+ return vma;
}
-#ifdef CONFIG_MMU
@@ -62592,7 +61250,7 @@ index 4baadd1..2e0b45e 100644
struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr);
int remap_pfn_range(struct vm_area_struct *, unsigned long addr,
unsigned long pfn, unsigned long size, pgprot_t);
-@@ -1614,7 +1598,7 @@ extern int unpoison_memory(unsigned long pfn);
+@@ -1606,7 +1590,7 @@ extern int unpoison_memory(unsigned long pfn);
extern int sysctl_memory_failure_early_kill;
extern int sysctl_memory_failure_recovery;
extern void shake_page(struct page *p, int access);
@@ -62601,9 +61259,9 @@ index 4baadd1..2e0b45e 100644
extern int soft_offline_page(struct page *page, int flags);
extern void dump_page(struct page *page);
-@@ -1628,5 +1612,11 @@ extern void copy_user_huge_page(struct page *dst, struct page *src,
- unsigned int pages_per_huge_page);
- #endif /* CONFIG_TRANSPARENT_HUGEPAGE || CONFIG_HUGETLBFS */
+@@ -1637,5 +1621,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; }
+ static inline bool page_is_guard(struct page *page) { return false; }
+ #endif /* CONFIG_DEBUG_PAGEALLOC */
+#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
+extern void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot);
@@ -62614,10 +61272,10 @@ index 4baadd1..2e0b45e 100644
#endif /* __KERNEL__ */
#endif /* _LINUX_MM_H */
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
-index 5b42f1b..759e4b4 100644
+index 3cc3062..8947a82 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
-@@ -253,6 +253,8 @@ struct vm_area_struct {
+@@ -252,6 +252,8 @@ struct vm_area_struct {
#ifdef CONFIG_NUMA
struct mempolicy *vm_policy; /* NUMA policy for the VMA */
#endif
@@ -62626,7 +61284,7 @@ index 5b42f1b..759e4b4 100644
};
struct core_thread {
-@@ -389,6 +391,24 @@ struct mm_struct {
+@@ -388,6 +390,24 @@ struct mm_struct {
#ifdef CONFIG_CPUMASK_OFFSTACK
struct cpumask cpumask_allocation;
#endif
@@ -62672,10 +61330,10 @@ index 1d1b1e1..2a13c78 100644
#define pmdp_clear_flush_notify(__vma, __address, __pmdp) \
diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
-index 188cb2f..d78409b 100644
+index 650ba2f..af0a58c 100644
--- a/include/linux/mmzone.h
+++ b/include/linux/mmzone.h
-@@ -369,7 +369,7 @@ struct zone {
+@@ -379,7 +379,7 @@ struct zone {
unsigned long flags; /* zone flags, see below */
/* Zone statistics */
@@ -62685,7 +61343,7 @@ index 188cb2f..d78409b 100644
/*
* The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on
diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h
-index 468819c..17b9db3 100644
+index 83ac071..2656e0e 100644
--- a/include/linux/mod_devicetable.h
+++ b/include/linux/mod_devicetable.h
@@ -12,7 +12,7 @@
@@ -62707,7 +61365,7 @@ index 468819c..17b9db3 100644
struct hid_device_id {
__u16 bus;
diff --git a/include/linux/module.h b/include/linux/module.h
-index 3cb7839..511cb87 100644
+index 4598bf0..e069d7f 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -17,6 +17,7 @@
@@ -62718,7 +61376,7 @@ index 3cb7839..511cb87 100644
#include <linux/percpu.h>
#include <asm/module.h>
-@@ -261,19 +262,16 @@ struct module
+@@ -275,19 +276,16 @@ struct module
int (*init)(void);
/* If this is non-NULL, vfree after init() returns */
@@ -62742,7 +61400,7 @@ index 3cb7839..511cb87 100644
/* Arch-specific module values */
struct mod_arch_specific arch;
-@@ -329,6 +327,10 @@ struct module
+@@ -343,6 +341,10 @@ struct module
#ifdef CONFIG_EVENT_TRACING
struct ftrace_event_call **trace_events;
unsigned int num_trace_events;
@@ -62753,7 +61411,7 @@ index 3cb7839..511cb87 100644
#endif
#ifdef CONFIG_FTRACE_MCOUNT_RECORD
unsigned int num_ftrace_callsites;
-@@ -379,16 +381,46 @@ bool is_module_address(unsigned long addr);
+@@ -390,16 +392,46 @@ bool is_module_address(unsigned long addr);
bool is_module_percpu_address(unsigned long addr);
bool is_module_text_address(unsigned long addr);
@@ -62805,22 +61463,19 @@ index 3cb7839..511cb87 100644
/* Search for module by name: must hold module_mutex. */
diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h
-index b2be02e..edb10c9 100644
+index b2be02e..6a9fdb1 100644
--- a/include/linux/moduleloader.h
+++ b/include/linux/moduleloader.h
-@@ -23,11 +23,23 @@ unsigned int arch_mod_section_prepend(struct module *mod, unsigned int section);
-
- /* Allocator used for allocating struct module, core sections and init
+@@ -25,9 +25,21 @@ unsigned int arch_mod_section_prepend(struct module *mod, unsigned int section);
sections. Returns NULL on failure. */
--void *module_alloc(unsigned long size);
-+void *module_alloc(unsigned long size) __size_overflow(1);
-+
+ void *module_alloc(unsigned long size);
+
+#ifdef CONFIG_PAX_KERNEXEC
+void *module_alloc_exec(unsigned long size);
+#else
+#define module_alloc_exec(x) module_alloc(x)
+#endif
-
++
/* Free memory returned from module_alloc. */
void module_free(struct module *mod, void *module_region);
@@ -62834,7 +61489,7 @@ index b2be02e..edb10c9 100644
or 0. */
int apply_relocate(Elf_Shdr *sechdrs,
diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h
-index 7939f63..ec6df57 100644
+index c47f4d6..23f9bdb 100644
--- a/include/linux/moduleparam.h
+++ b/include/linux/moduleparam.h
@@ -260,7 +260,7 @@ static inline void __kernel_param_unlock(void)
@@ -62846,27 +61501,15 @@ index 7939f63..ec6df57 100644
= { len, string }; \
__module_param_call(MODULE_PARAM_PREFIX, name, \
¶m_ops_string, \
-@@ -395,7 +395,7 @@ extern int param_get_invbool(char *buffer, const struct kernel_param *kp);
- * module_param_named() for why this might be necessary.
+@@ -396,7 +396,7 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp);
*/
#define module_param_array_named(name, array, type, nump, perm) \
+ param_check_##type(name, &(array)[0]); \
- static const struct kparam_array __param_arr_##name \
+ static const struct kparam_array __param_arr_##name __used \
= { .max = ARRAY_SIZE(array), .num = nump, \
.ops = ¶m_ops_##type, \
.elemsize = sizeof(array[0]), .elem = array }; \
-diff --git a/include/linux/mtd/map.h b/include/linux/mtd/map.h
-index a9e6ba4..0f9e29b 100644
---- a/include/linux/mtd/map.h
-+++ b/include/linux/mtd/map.h
-@@ -25,6 +25,7 @@
- #include <linux/types.h>
- #include <linux/list.h>
- #include <linux/string.h>
-+#include <linux/kernel.h>
- #include <linux/bug.h>
-
-
diff --git a/include/linux/namei.h b/include/linux/namei.h
index ffc0213..2c1f2cb 100644
--- a/include/linux/namei.h
@@ -62896,18 +61539,18 @@ index ffc0213..2c1f2cb 100644
return nd->saved_names[nd->depth];
}
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
-index a82ad4d..90d15b7 100644
+index 0eac07c..a59f6a8 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
-@@ -949,6 +949,7 @@ struct net_device_ops {
- int (*ndo_set_features)(struct net_device *dev,
- u32 features);
+@@ -1002,6 +1002,7 @@ struct net_device_ops {
+ int (*ndo_neigh_construct)(struct neighbour *n);
+ void (*ndo_neigh_destroy)(struct neighbour *n);
};
+typedef struct net_device_ops __no_const net_device_ops_no_const;
/*
* The DEVICE structure.
-@@ -1088,7 +1089,7 @@ struct net_device {
+@@ -1063,7 +1064,7 @@ struct net_device {
int iflink;
struct net_device_stats stats;
@@ -62945,7 +61588,7 @@ index c65a18a..0c05f3a 100644
extern void *prom_early_alloc(unsigned long size);
diff --git a/include/linux/oprofile.h b/include/linux/oprofile.h
-index a4c5624..2dabfb7 100644
+index a4c5624..79d6d88 100644
--- a/include/linux/oprofile.h
+++ b/include/linux/oprofile.h
@@ -139,9 +139,9 @@ int oprofilefs_create_ulong(struct super_block * sb, struct dentry * root,
@@ -62960,15 +61603,6 @@ index a4c5624..2dabfb7 100644
/** create a directory */
struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry * root,
-@@ -163,7 +163,7 @@ ssize_t oprofilefs_ulong_to_user(unsigned long val, char __user * buf, size_t co
- * Read an ASCII string for a number from a userspace buffer and fill *val on success.
- * Returns 0 on success, < 0 on error.
- */
--int oprofilefs_ulong_from_user(unsigned long * val, char const __user * buf, size_t count);
-+int oprofilefs_ulong_from_user(unsigned long * val, char const __user * buf, size_t count) __size_overflow(3);
-
- /** lock for read/write safety */
- extern raw_spinlock_t oprofilefs_lock;
diff --git a/include/linux/padata.h b/include/linux/padata.h
index 4633b2f..988bc08 100644
--- a/include/linux/padata.h
@@ -62983,10 +61617,10 @@ index 4633b2f..988bc08 100644
atomic_t refcnt;
unsigned int max_seq_nr;
diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
-index b1f8912..c955bff 100644
+index abb2776..d8b8e15 100644
--- a/include/linux/perf_event.h
+++ b/include/linux/perf_event.h
-@@ -748,8 +748,8 @@ struct perf_event {
+@@ -750,8 +750,8 @@ struct perf_event {
enum perf_event_active_state state;
unsigned int attach_state;
@@ -62997,7 +61631,7 @@ index b1f8912..c955bff 100644
/*
* These are the total time in nanoseconds that the event
-@@ -800,8 +800,8 @@ struct perf_event {
+@@ -802,8 +802,8 @@ struct perf_event {
* These accumulate total time (in nanoseconds) that children
* events have been enabled and running, respectively.
*/
@@ -63038,10 +61672,10 @@ index 77257c9..51d473a 100644
unsigned int w_counter;
struct page *tmp_page;
diff --git a/include/linux/pm_runtime.h b/include/linux/pm_runtime.h
-index d3085e7..fd01052 100644
+index 609daae..5392427 100644
--- a/include/linux/pm_runtime.h
+++ b/include/linux/pm_runtime.h
-@@ -95,7 +95,7 @@ static inline bool pm_runtime_callbacks_present(struct device *dev)
+@@ -97,7 +97,7 @@ static inline bool pm_runtime_callbacks_present(struct device *dev)
static inline void pm_runtime_mark_last_busy(struct device *dev)
{
@@ -63051,7 +61685,7 @@ index d3085e7..fd01052 100644
#else /* !CONFIG_PM_RUNTIME */
diff --git a/include/linux/poison.h b/include/linux/poison.h
-index 79159de..f1233a9 100644
+index 2110a81..13a11bb 100644
--- a/include/linux/poison.h
+++ b/include/linux/poison.h
@@ -19,8 +19,8 @@
@@ -63079,14 +61713,14 @@ index 58969b2..ead129b 100644
/**
* preempt_notifier - key for installing preemption notifiers
diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
-index 643b96c..ef55a9c 100644
+index 85c5073..51fac8b 100644
--- a/include/linux/proc_fs.h
+++ b/include/linux/proc_fs.h
-@@ -155,6 +155,19 @@ static inline struct proc_dir_entry *proc_create(const char *name, mode_t mode,
+@@ -155,6 +155,18 @@ static inline struct proc_dir_entry *proc_create(const char *name, umode_t mode,
return proc_create_data(name, mode, parent, proc_fops, NULL);
}
-+static inline struct proc_dir_entry *proc_create_grsec(const char *name, mode_t mode,
++static inline struct proc_dir_entry *proc_create_grsec(const char *name, umode_t mode,
+ struct proc_dir_entry *parent, const struct file_operations *proc_fops)
+{
+#ifdef CONFIG_GRKERNSEC_PROC_USER
@@ -63097,12 +61731,11 @@ index 643b96c..ef55a9c 100644
+ return proc_create_data(name, mode, parent, proc_fops, NULL);
+#endif
+}
-+
+
static inline struct proc_dir_entry *create_proc_read_entry(const char *name,
- mode_t mode, struct proc_dir_entry *base,
+ umode_t mode, struct proc_dir_entry *base,
read_proc_t *read_proc, void * data)
-@@ -258,7 +271,7 @@ union proc_op {
+@@ -258,7 +270,7 @@ union proc_op {
int (*proc_show)(struct seq_file *m,
struct pid_namespace *ns, struct pid *pid,
struct task_struct *task);
@@ -63112,24 +61745,22 @@ index 643b96c..ef55a9c 100644
struct ctl_table_header;
struct ctl_table;
diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
-index 800f113..e9ee2e3 100644
+index c2f1f6a..6fdb196 100644
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
-@@ -129,10 +129,12 @@ extern void __ptrace_unlink(struct task_struct *child);
- extern void exit_ptrace(struct task_struct *tracer);
- #define PTRACE_MODE_READ 1
- #define PTRACE_MODE_ATTACH 2
--/* Returns 0 on success, -errno on denial. */
--extern int __ptrace_may_access(struct task_struct *task, unsigned int mode);
- /* Returns true on success, false on denial. */
- extern bool ptrace_may_access(struct task_struct *task, unsigned int mode);
-+/* Returns true on success, false on denial. */
-+extern bool ptrace_may_access_log(struct task_struct *task, unsigned int mode);
-+/* Returns true on success, false on denial. */
-+extern bool ptrace_may_access_nolock(struct task_struct *task, unsigned int mode);
-
- static inline int ptrace_reparented(struct task_struct *child)
- {
+@@ -199,9 +199,10 @@ static inline void ptrace_event(int event, unsigned long message)
+ if (unlikely(ptrace_event_enabled(current, event))) {
+ current->ptrace_message = message;
+ ptrace_notify((event << 8) | SIGTRAP);
+- } else if (event == PTRACE_EVENT_EXEC && unlikely(current->ptrace)) {
++ } else if (event == PTRACE_EVENT_EXEC) {
+ /* legacy EXEC report via SIGTRAP */
+- send_sig(SIGTRAP, current, 0);
++ if ((current->ptrace & (PT_PTRACED|PT_SEIZED)) == PT_PTRACED)
++ send_sig(SIGTRAP, current, 0);
+ }
+ }
+
diff --git a/include/linux/random.h b/include/linux/random.h
index 8f74538..02a1012 100644
--- a/include/linux/random.h
@@ -63193,7 +61824,7 @@ index e0879a7..a12f962 100644
#endif
diff --git a/include/linux/reiserfs_fs.h b/include/linux/reiserfs_fs.h
-index 96d465f..b084e05 100644
+index 2213ddc..650212a 100644
--- a/include/linux/reiserfs_fs.h
+++ b/include/linux/reiserfs_fs.h
@@ -1406,7 +1406,7 @@ static inline loff_t max_reiserfs_offset(struct inode *inode)
@@ -63206,7 +61837,7 @@ index 96d465f..b084e05 100644
#define __fs_changed(gen,s) (gen != get_generation (s))
#define fs_changed(gen,s) \
diff --git a/include/linux/reiserfs_fs_sb.h b/include/linux/reiserfs_fs_sb.h
-index 52c83b6..18ed7eb 100644
+index 8c9e85c..1698e9a 100644
--- a/include/linux/reiserfs_fs_sb.h
+++ b/include/linux/reiserfs_fs_sb.h
@@ -386,7 +386,7 @@ struct reiserfs_sb_info {
@@ -63219,7 +61850,7 @@ index 52c83b6..18ed7eb 100644
unsigned long s_properties; /* File system properties. Currently holds
on-disk FS format */
diff --git a/include/linux/relay.h b/include/linux/relay.h
-index 14a86bc..17d0700 100644
+index a822fd7..62b70f6 100644
--- a/include/linux/relay.h
+++ b/include/linux/relay.h
@@ -159,7 +159,7 @@ struct rchan_callbacks
@@ -63257,22 +61888,23 @@ index 4d50611..c6858a2 100644
#define RIO_RESOURCE_MEM 0x00000100
#define RIO_RESOURCE_DOORBELL 0x00000200
diff --git a/include/linux/rmap.h b/include/linux/rmap.h
-index 2148b12..519b820 100644
+index 1cdd62a..e399f0d 100644
--- a/include/linux/rmap.h
+++ b/include/linux/rmap.h
-@@ -119,8 +119,8 @@ static inline void anon_vma_unlock(struct anon_vma *anon_vma)
+@@ -119,9 +119,9 @@ static inline void anon_vma_unlock(struct anon_vma *anon_vma)
void anon_vma_init(void); /* create anon_vma_cachep */
int anon_vma_prepare(struct vm_area_struct *);
void unlink_anon_vmas(struct vm_area_struct *);
-int anon_vma_clone(struct vm_area_struct *, struct vm_area_struct *);
--int anon_vma_fork(struct vm_area_struct *, struct vm_area_struct *);
+int anon_vma_clone(struct vm_area_struct *, const struct vm_area_struct *);
+ void anon_vma_moveto_tail(struct vm_area_struct *);
+-int anon_vma_fork(struct vm_area_struct *, struct vm_area_struct *);
+int anon_vma_fork(struct vm_area_struct *, const struct vm_area_struct *);
void __anon_vma_link(struct vm_area_struct *);
static inline void anon_vma_merge(struct vm_area_struct *vma,
diff --git a/include/linux/sched.h b/include/linux/sched.h
-index 1c4f3e9..342eb1f 100644
+index 0657368..765f70f 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -101,6 +101,7 @@ struct bio_list;
@@ -63283,7 +61915,7 @@ index 1c4f3e9..342eb1f 100644
/*
* List of flags we want to share for kernel threads,
-@@ -380,10 +381,13 @@ struct user_namespace;
+@@ -382,10 +383,13 @@ struct user_namespace;
#define DEFAULT_MAX_MAP_COUNT (USHRT_MAX - MAPCOUNT_ELF_CORE_MARGIN)
extern int sysctl_max_map_count;
@@ -63297,7 +61929,7 @@ index 1c4f3e9..342eb1f 100644
extern void arch_pick_mmap_layout(struct mm_struct *mm);
extern unsigned long
arch_get_unmapped_area(struct file *, unsigned long, unsigned long,
-@@ -629,6 +633,17 @@ struct signal_struct {
+@@ -631,6 +635,17 @@ struct signal_struct {
#ifdef CONFIG_TASKSTATS
struct taskstats *stats;
#endif
@@ -63315,7 +61947,7 @@ index 1c4f3e9..342eb1f 100644
#ifdef CONFIG_AUDIT
unsigned audit_tty;
struct tty_audit_buf *tty_audit_buf;
-@@ -710,6 +725,11 @@ struct user_struct {
+@@ -714,6 +729,11 @@ struct user_struct {
struct key *session_keyring; /* UID's default session keyring */
#endif
@@ -63327,7 +61959,7 @@ index 1c4f3e9..342eb1f 100644
/* Hash table maintenance information */
struct hlist_node uidhash_node;
uid_t uid;
-@@ -1337,8 +1357,8 @@ struct task_struct {
+@@ -1354,8 +1374,8 @@ struct task_struct {
struct list_head thread_group;
struct completion *vfork_done; /* for vfork() */
@@ -63338,7 +61970,7 @@ index 1c4f3e9..342eb1f 100644
cputime_t utime, stime, utimescaled, stimescaled;
cputime_t gtime;
-@@ -1354,13 +1374,6 @@ struct task_struct {
+@@ -1371,13 +1391,6 @@ struct task_struct {
struct task_cputime cputime_expires;
struct list_head cpu_timers[3];
@@ -63352,7 +61984,7 @@ index 1c4f3e9..342eb1f 100644
char comm[TASK_COMM_LEN]; /* executable name excluding path
- access with [gs]et_task_comm (which lock
it with task_lock())
-@@ -1377,8 +1390,16 @@ struct task_struct {
+@@ -1394,8 +1407,16 @@ struct task_struct {
#endif
/* CPU-specific state of this task */
struct thread_struct thread;
@@ -63369,7 +62001,7 @@ index 1c4f3e9..342eb1f 100644
/* open file information */
struct files_struct *files;
/* namespaces */
-@@ -1425,6 +1446,11 @@ struct task_struct {
+@@ -1442,6 +1463,11 @@ struct task_struct {
struct rt_mutex_waiter *pi_blocked_on;
#endif
@@ -63381,7 +62013,7 @@ index 1c4f3e9..342eb1f 100644
#ifdef CONFIG_DEBUG_MUTEXES
/* mutex deadlock detection */
struct mutex_waiter *blocked_on;
-@@ -1540,6 +1566,27 @@ struct task_struct {
+@@ -1558,6 +1584,27 @@ struct task_struct {
unsigned long default_timer_slack_ns;
struct list_head *scm_work_list;
@@ -63409,7 +62041,7 @@ index 1c4f3e9..342eb1f 100644
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
/* Index of current stored address in ret_stack */
int curr_ret_stack;
-@@ -1574,6 +1621,51 @@ struct task_struct {
+@@ -1592,6 +1639,51 @@ struct task_struct {
#endif
};
@@ -63461,7 +62093,7 @@ index 1c4f3e9..342eb1f 100644
/* Future-safe accessor for struct task_struct's cpus_allowed. */
#define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
-@@ -2081,7 +2173,9 @@ void yield(void);
+@@ -2104,7 +2196,9 @@ void yield(void);
extern struct exec_domain default_exec_domain;
union thread_union {
@@ -63471,7 +62103,7 @@ index 1c4f3e9..342eb1f 100644
unsigned long stack[THREAD_SIZE/sizeof(long)];
};
-@@ -2114,6 +2208,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -2137,6 +2231,7 @@ extern struct pid_namespace init_pid_ns;
*/
extern struct task_struct *find_task_by_vpid(pid_t nr);
@@ -63479,29 +62111,16 @@ index 1c4f3e9..342eb1f 100644
extern struct task_struct *find_task_by_pid_ns(pid_t nr,
struct pid_namespace *ns);
-@@ -2235,6 +2330,12 @@ static inline void mmdrop(struct mm_struct * mm)
- extern void mmput(struct mm_struct *);
- /* Grab a reference to a task's mm, if it is not already going away */
- extern struct mm_struct *get_task_mm(struct task_struct *task);
-+/*
-+ * Grab a reference to a task's mm, if it is not already going away
-+ * and ptrace_may_access with the mode parameter passed to it
-+ * succeeds.
-+ */
-+extern struct mm_struct *mm_access(struct task_struct *task, unsigned int mode);
- /* Remove the current tasks stale references to the old mm_struct */
- extern void mm_release(struct task_struct *, struct mm_struct *);
- /* Allocate a new mm structure and copy contents from tsk->mm */
-@@ -2251,7 +2352,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2280,7 +2375,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
extern void exit_itimers(struct signal_struct *);
extern void flush_itimer_signals(void);
--extern NORET_TYPE void do_group_exit(int);
+-extern void do_group_exit(int);
+extern __noreturn void do_group_exit(int);
extern void daemonize(const char *, ...);
extern int allow_signal(int);
-@@ -2416,13 +2517,17 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2478,13 +2573,17 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
#endif
@@ -63536,7 +62155,7 @@ index 899fbb4..1cb4138 100644
#define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */
diff --git a/include/linux/security.h b/include/linux/security.h
-index e8c619d..e0cbd1c 100644
+index 83c18e8..2d98860 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -37,6 +37,7 @@
@@ -63548,7 +62167,7 @@ index e8c619d..e0cbd1c 100644
/* Maximum number of letters for an LSM name string */
diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h
-index 0b69a46..b2ffa4c 100644
+index 44f1514..2bbf6c1 100644
--- a/include/linux/seq_file.h
+++ b/include/linux/seq_file.h
@@ -24,6 +24,9 @@ struct seq_file {
@@ -63585,10 +62204,10 @@ index 92808b8..c28cac4 100644
/* shm_mode upper byte flags */
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index 6cf8b53..bcce844 100644
+index ae86ade..2b51468 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
-@@ -642,7 +642,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
+@@ -654,7 +654,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
*/
static inline int skb_queue_empty(const struct sk_buff_head *list)
{
@@ -63597,7 +62216,7 @@ index 6cf8b53..bcce844 100644
}
/**
-@@ -655,7 +655,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
+@@ -667,7 +667,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
static inline bool skb_queue_is_last(const struct sk_buff_head *list,
const struct sk_buff *skb)
{
@@ -63606,7 +62225,7 @@ index 6cf8b53..bcce844 100644
}
/**
-@@ -668,7 +668,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
+@@ -680,7 +680,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
static inline bool skb_queue_is_first(const struct sk_buff_head *list,
const struct sk_buff *skb)
{
@@ -63615,7 +62234,7 @@ index 6cf8b53..bcce844 100644
}
/**
-@@ -1533,7 +1533,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
+@@ -1545,7 +1545,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
* NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8)
*/
#ifndef NET_SKB_PAD
@@ -63625,7 +62244,7 @@ index 6cf8b53..bcce844 100644
extern int ___pskb_trim(struct sk_buff *skb, unsigned int len);
diff --git a/include/linux/slab.h b/include/linux/slab.h
-index 573c809..07e1f43 100644
+index 573c809..e84c132 100644
--- a/include/linux/slab.h
+++ b/include/linux/slab.h
@@ -11,12 +11,20 @@
@@ -63666,14 +62285,7 @@ index 573c809..07e1f43 100644
/*
* struct kmem_cache related prototypes
-@@ -156,11 +167,12 @@ unsigned int kmem_cache_size(struct kmem_cache *);
- /*
- * Common kmalloc functions provided by all allocators
- */
--void * __must_check __krealloc(const void *, size_t, gfp_t);
--void * __must_check krealloc(const void *, size_t, gfp_t);
-+void * __must_check __krealloc(const void *, size_t, gfp_t) __size_overflow(2);
-+void * __must_check krealloc(const void *, size_t, gfp_t) __size_overflow(2);
+@@ -161,6 +172,7 @@ void * __must_check krealloc(const void *, size_t, gfp_t);
void kfree(const void *);
void kzfree(const void *);
size_t ksize(const void *);
@@ -63681,29 +62293,71 @@ index 573c809..07e1f43 100644
/*
* Allocator specific definitions. These are mainly used to establish optimized
-@@ -287,7 +299,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep,
- */
- #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \
- (defined(CONFIG_SLAB) && defined(CONFIG_TRACING))
--extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long);
-+extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long) __size_overflow(1);
- #define kmalloc_track_caller(size, flags) \
- __kmalloc_track_caller(size, flags, _RET_IP_)
- #else
-@@ -306,7 +318,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long);
- */
- #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \
- (defined(CONFIG_SLAB) && defined(CONFIG_TRACING))
--extern void *__kmalloc_node_track_caller(size_t, gfp_t, int, unsigned long);
-+extern void *__kmalloc_node_track_caller(size_t, gfp_t, int, unsigned long) __size_overflow(1);
- #define kmalloc_node_track_caller(size, flags, node) \
- __kmalloc_node_track_caller(size, flags, node, \
- _RET_IP_)
+@@ -353,4 +365,59 @@ static inline void *kzalloc_node(size_t size, gfp_t flags, int node)
+
+ void __init kmem_cache_init_late(void);
+
++#define kmalloc(x, y) \
++({ \
++ void *___retval; \
++ intoverflow_t ___x = (intoverflow_t)x; \
++ if (WARN(___x > ULONG_MAX, "kmalloc size overflow\n")) \
++ ___retval = NULL; \
++ else \
++ ___retval = kmalloc((size_t)___x, (y)); \
++ ___retval; \
++})
++
++#define kmalloc_node(x, y, z) \
++({ \
++ void *___retval; \
++ intoverflow_t ___x = (intoverflow_t)x; \
++ if (WARN(___x > ULONG_MAX, "kmalloc_node size overflow\n"))\
++ ___retval = NULL; \
++ else \
++ ___retval = kmalloc_node((size_t)___x, (y), (z));\
++ ___retval; \
++})
++
++#define kzalloc(x, y) \
++({ \
++ void *___retval; \
++ intoverflow_t ___x = (intoverflow_t)x; \
++ if (WARN(___x > ULONG_MAX, "kzalloc size overflow\n")) \
++ ___retval = NULL; \
++ else \
++ ___retval = kzalloc((size_t)___x, (y)); \
++ ___retval; \
++})
++
++#define __krealloc(x, y, z) \
++({ \
++ void *___retval; \
++ intoverflow_t ___y = (intoverflow_t)y; \
++ if (WARN(___y > ULONG_MAX, "__krealloc size overflow\n"))\
++ ___retval = NULL; \
++ else \
++ ___retval = __krealloc((x), (size_t)___y, (z)); \
++ ___retval; \
++})
++
++#define krealloc(x, y, z) \
++({ \
++ void *___retval; \
++ intoverflow_t ___y = (intoverflow_t)y; \
++ if (WARN(___y > ULONG_MAX, "krealloc size overflow\n")) \
++ ___retval = NULL; \
++ else \
++ ___retval = krealloc((x), (size_t)___y, (z)); \
++ ___retval; \
++})
++
+ #endif /* _LINUX_SLAB_H */
diff --git a/include/linux/slab_def.h b/include/linux/slab_def.h
-index d00e0ba..d61fb1f 100644
+index fbd1117..1e5e46c 100644
--- a/include/linux/slab_def.h
+++ b/include/linux/slab_def.h
-@@ -68,10 +68,10 @@ struct kmem_cache {
+@@ -66,10 +66,10 @@ struct kmem_cache {
unsigned long node_allocs;
unsigned long node_frees;
unsigned long node_overflow;
@@ -63718,71 +62372,8 @@ index d00e0ba..d61fb1f 100644
/*
* If debugging is enabled, then the allocator can add additional
-@@ -109,7 +109,7 @@ struct cache_sizes {
- extern struct cache_sizes malloc_sizes[];
-
- void *kmem_cache_alloc(struct kmem_cache *, gfp_t);
--void *__kmalloc(size_t size, gfp_t flags);
-+void *__kmalloc(size_t size, gfp_t flags) __size_overflow(1);
-
- #ifdef CONFIG_TRACING
- extern void *kmem_cache_alloc_trace(size_t size,
-@@ -127,6 +127,7 @@ static inline size_t slab_buffer_size(struct kmem_cache *cachep)
- }
- #endif
-
-+static __always_inline void *kmalloc(size_t size, gfp_t flags) __size_overflow(1);
- static __always_inline void *kmalloc(size_t size, gfp_t flags)
- {
- struct kmem_cache *cachep;
-@@ -162,7 +163,7 @@ found:
- }
-
- #ifdef CONFIG_NUMA
--extern void *__kmalloc_node(size_t size, gfp_t flags, int node);
-+extern void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1);
- extern void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node);
-
- #ifdef CONFIG_TRACING
-@@ -181,6 +182,7 @@ kmem_cache_alloc_node_trace(size_t size,
- }
- #endif
-
-+static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1);
- static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node)
- {
- struct kmem_cache *cachep;
-diff --git a/include/linux/slob_def.h b/include/linux/slob_def.h
-index 0ec00b3..65e7e0e 100644
---- a/include/linux/slob_def.h
-+++ b/include/linux/slob_def.h
-@@ -9,8 +9,9 @@ static __always_inline void *kmem_cache_alloc(struct kmem_cache *cachep,
- return kmem_cache_alloc_node(cachep, flags, -1);
- }
-
--void *__kmalloc_node(size_t size, gfp_t flags, int node);
-+void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1);
-
-+static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1);
- static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node)
- {
- return __kmalloc_node(size, flags, node);
-@@ -24,11 +25,13 @@ static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node)
- * kmalloc is the normal method of allocating memory
- * in the kernel.
- */
-+static __always_inline void *kmalloc(size_t size, gfp_t flags) __size_overflow(1);
- static __always_inline void *kmalloc(size_t size, gfp_t flags)
- {
- return __kmalloc_node(size, flags, -1);
- }
-
-+static __always_inline void *__kmalloc(size_t size, gfp_t flags) __size_overflow(1);
- static __always_inline void *__kmalloc(size_t size, gfp_t flags)
- {
- return kmalloc(size, flags);
diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h
-index a32bcfd..d26bd6e 100644
+index a32bcfd..53b71f4 100644
--- a/include/linux/slub_def.h
+++ b/include/linux/slub_def.h
@@ -89,7 +89,7 @@ struct kmem_cache {
@@ -63794,59 +62385,15 @@ index a32bcfd..d26bd6e 100644
void (*ctor)(void *);
int inuse; /* Offset to metadata */
int align; /* Alignment */
-@@ -204,6 +204,7 @@ static __always_inline int kmalloc_index(size_t size)
- * This ought to end up with a global pointer to the right cache
- * in kmalloc_caches.
- */
-+static __always_inline struct kmem_cache *kmalloc_slab(size_t size) __size_overflow(1);
- static __always_inline struct kmem_cache *kmalloc_slab(size_t size)
- {
- int index = kmalloc_index(size);
-@@ -215,9 +216,11 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size)
+@@ -215,7 +215,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size)
}
void *kmem_cache_alloc(struct kmem_cache *, gfp_t);
-void *__kmalloc(size_t size, gfp_t flags);
-+void *__kmalloc(size_t size, gfp_t flags) __alloc_size(1) __size_overflow(1);
++void *__kmalloc(size_t size, gfp_t flags) __alloc_size(1);
static __always_inline void *
-+kmalloc_order(size_t size, gfp_t flags, unsigned int order) __size_overflow(1);
-+static __always_inline void *
kmalloc_order(size_t size, gfp_t flags, unsigned int order)
- {
- void *ret = (void *) __get_free_pages(flags | __GFP_COMP, order);
-@@ -256,12 +259,14 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order)
- }
- #endif
-
-+static __always_inline void *kmalloc_large(size_t size, gfp_t flags) __size_overflow(1);
- static __always_inline void *kmalloc_large(size_t size, gfp_t flags)
- {
- unsigned int order = get_order(size);
- return kmalloc_order_trace(size, flags, order);
- }
-
-+static __always_inline void *kmalloc(size_t size, gfp_t flags) __size_overflow(1);
- static __always_inline void *kmalloc(size_t size, gfp_t flags)
- {
- if (__builtin_constant_p(size)) {
-@@ -281,7 +286,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags)
- }
-
- #ifdef CONFIG_NUMA
--void *__kmalloc_node(size_t size, gfp_t flags, int node);
-+void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1);
- void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node);
-
- #ifdef CONFIG_TRACING
-@@ -298,6 +303,7 @@ kmem_cache_alloc_node_trace(struct kmem_cache *s,
- }
- #endif
-
-+static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1);
- static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node)
- {
- if (__builtin_constant_p(size) &&
diff --git a/include/linux/sonet.h b/include/linux/sonet.h
index de8832d..0147b46 100644
--- a/include/linux/sonet.h
@@ -63861,7 +62408,7 @@ index de8832d..0147b46 100644
#undef __HANDLE_ITEM
};
diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h
-index 3d8f9c4..69f1c0a 100644
+index 2c5993a..b0e79f0 100644
--- a/include/linux/sunrpc/clnt.h
+++ b/include/linux/sunrpc/clnt.h
@@ -172,9 +172,9 @@ static inline unsigned short rpc_get_port(const struct sockaddr *sap)
@@ -63936,7 +62483,7 @@ index c14fe86..393245e 100644
#define RPCRDMA_VERSION 1
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
-index 703cfa33..0b8ca72ac 100644
+index bb9127d..34ab358 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -155,7 +155,11 @@ enum
@@ -64013,10 +62560,10 @@ index ff7dc08..893e1bd 100644
struct tty_ldisc {
diff --git a/include/linux/types.h b/include/linux/types.h
-index 57a9723..dbe234a 100644
+index e5fa503..df6e8a4 100644
--- a/include/linux/types.h
+++ b/include/linux/types.h
-@@ -213,10 +213,26 @@ typedef struct {
+@@ -214,10 +214,26 @@ typedef struct {
int counter;
} atomic_t;
@@ -64044,7 +62591,7 @@ index 57a9723..dbe234a 100644
struct list_head {
diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
-index 5ca0951..53a2fff 100644
+index 5ca0951..ab496a5 100644
--- a/include/linux/uaccess.h
+++ b/include/linux/uaccess.h
@@ -76,11 +76,11 @@ static inline unsigned long __copy_from_user_nocache(void *to,
@@ -64062,15 +62609,6 @@ index 5ca0951..53a2fff 100644
ret; \
})
-@@ -105,7 +105,7 @@ extern long __probe_kernel_read(void *dst, const void *src, size_t size);
- * Safely write to address @dst from the buffer at @src. If a kernel fault
- * happens, handle that and return -EFAULT.
- */
--extern long notrace probe_kernel_write(void *dst, const void *src, size_t size);
-+extern long notrace probe_kernel_write(void *dst, const void *src, size_t size) __size_overflow(3);
- extern long notrace __probe_kernel_write(void *dst, const void *src, size_t size);
-
- #endif /* __LINUX_UACCESS_H__ */
diff --git a/include/linux/unaligned/access_ok.h b/include/linux/unaligned/access_ok.h
index 99c1b4d..bb94261 100644
--- a/include/linux/unaligned/access_ok.h
@@ -64115,7 +62653,7 @@ index 99c1b4d..bb94261 100644
static inline void put_unaligned_le16(u16 val, void *p)
diff --git a/include/linux/usb/renesas_usbhs.h b/include/linux/usb/renesas_usbhs.h
-index e5a40c3..20ab0f6 100644
+index 0d3f988..000f101 100644
--- a/include/linux/usb/renesas_usbhs.h
+++ b/include/linux/usb/renesas_usbhs.h
@@ -39,7 +39,7 @@ enum {
@@ -64127,7 +62665,7 @@ index e5a40c3..20ab0f6 100644
/*
* callback functions for platform
-@@ -89,7 +89,7 @@ struct renesas_usbhs_platform_callback {
+@@ -97,7 +97,7 @@ struct renesas_usbhs_platform_callback {
* VBUS control is needed for Host
*/
int (*set_vbus)(struct platform_device *pdev, int enable);
@@ -64178,7 +62716,7 @@ index 6f8fbcf..8259001 100644
+ MODULE_GRSEC
diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h
-index 4bde182..c42a656 100644
+index dcdfc2b..f937197 100644
--- a/include/linux/vmalloc.h
+++ b/include/linux/vmalloc.h
@@ -14,6 +14,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */
@@ -64193,46 +62731,110 @@ index 4bde182..c42a656 100644
/* bits [20..32] reserved for arch specific ioremap internals */
/*
-@@ -51,18 +56,18 @@ static inline void vmalloc_init(void)
- }
+@@ -157,4 +162,103 @@ pcpu_free_vm_areas(struct vm_struct **vms, int nr_vms)
+ # endif
#endif
--extern void *vmalloc(unsigned long size);
--extern void *vzalloc(unsigned long size);
--extern void *vmalloc_user(unsigned long size);
--extern void *vmalloc_node(unsigned long size, int node);
--extern void *vzalloc_node(unsigned long size, int node);
--extern void *vmalloc_exec(unsigned long size);
--extern void *vmalloc_32(unsigned long size);
--extern void *vmalloc_32_user(unsigned long size);
--extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot);
-+extern void *vmalloc(unsigned long size) __size_overflow(1);
-+extern void *vzalloc(unsigned long size) __size_overflow(1);
-+extern void *vmalloc_user(unsigned long size) __size_overflow(1);
-+extern void *vmalloc_node(unsigned long size, int node) __size_overflow(1);
-+extern void *vzalloc_node(unsigned long size, int node) __size_overflow(1);
-+extern void *vmalloc_exec(unsigned long size) __size_overflow(1);
-+extern void *vmalloc_32(unsigned long size) __size_overflow(1);
-+extern void *vmalloc_32_user(unsigned long size) __size_overflow(1);
-+extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) __size_overflow(1);
- extern void *__vmalloc_node_range(unsigned long size, unsigned long align,
- unsigned long start, unsigned long end, gfp_t gfp_mask,
-- pgprot_t prot, int node, void *caller);
-+ pgprot_t prot, int node, void *caller) __size_overflow(1);
- extern void vfree(const void *addr);
-
- extern void *vmap(struct page **pages, unsigned int count,
-@@ -123,8 +128,8 @@ extern struct vm_struct *alloc_vm_area(size_t size, pte_t **ptes);
- extern void free_vm_area(struct vm_struct *area);
-
- /* for /dev/kmem */
--extern long vread(char *buf, char *addr, unsigned long count);
--extern long vwrite(char *buf, char *addr, unsigned long count);
-+extern long vread(char *buf, char *addr, unsigned long count) __size_overflow(3);
-+extern long vwrite(char *buf, char *addr, unsigned long count) __size_overflow(3);
-
- /*
- * Internals. Dont't use..
++#define vmalloc(x) \
++({ \
++ void *___retval; \
++ intoverflow_t ___x = (intoverflow_t)x; \
++ if (WARN(___x > ULONG_MAX, "vmalloc size overflow\n")) \
++ ___retval = NULL; \
++ else \
++ ___retval = vmalloc((unsigned long)___x); \
++ ___retval; \
++})
++
++#define vzalloc(x) \
++({ \
++ void *___retval; \
++ intoverflow_t ___x = (intoverflow_t)x; \
++ if (WARN(___x > ULONG_MAX, "vzalloc size overflow\n")) \
++ ___retval = NULL; \
++ else \
++ ___retval = vzalloc((unsigned long)___x); \
++ ___retval; \
++})
++
++#define __vmalloc(x, y, z) \
++({ \
++ void *___retval; \
++ intoverflow_t ___x = (intoverflow_t)x; \
++ if (WARN(___x > ULONG_MAX, "__vmalloc size overflow\n"))\
++ ___retval = NULL; \
++ else \
++ ___retval = __vmalloc((unsigned long)___x, (y), (z));\
++ ___retval; \
++})
++
++#define vmalloc_user(x) \
++({ \
++ void *___retval; \
++ intoverflow_t ___x = (intoverflow_t)x; \
++ if (WARN(___x > ULONG_MAX, "vmalloc_user size overflow\n"))\
++ ___retval = NULL; \
++ else \
++ ___retval = vmalloc_user((unsigned long)___x); \
++ ___retval; \
++})
++
++#define vmalloc_exec(x) \
++({ \
++ void *___retval; \
++ intoverflow_t ___x = (intoverflow_t)x; \
++ if (WARN(___x > ULONG_MAX, "vmalloc_exec size overflow\n"))\
++ ___retval = NULL; \
++ else \
++ ___retval = vmalloc_exec((unsigned long)___x); \
++ ___retval; \
++})
++
++#define vmalloc_node(x, y) \
++({ \
++ void *___retval; \
++ intoverflow_t ___x = (intoverflow_t)x; \
++ if (WARN(___x > ULONG_MAX, "vmalloc_node size overflow\n"))\
++ ___retval = NULL; \
++ else \
++ ___retval = vmalloc_node((unsigned long)___x, (y));\
++ ___retval; \
++})
++
++#define vzalloc_node(x, y) \
++({ \
++ void *___retval; \
++ intoverflow_t ___x = (intoverflow_t)x; \
++ if (WARN(___x > ULONG_MAX, "vzalloc_node size overflow\n"))\
++ ___retval = NULL; \
++ else \
++ ___retval = vzalloc_node((unsigned long)___x, (y));\
++ ___retval; \
++})
++
++#define vmalloc_32(x) \
++({ \
++ void *___retval; \
++ intoverflow_t ___x = (intoverflow_t)x; \
++ if (WARN(___x > ULONG_MAX, "vmalloc_32 size overflow\n"))\
++ ___retval = NULL; \
++ else \
++ ___retval = vmalloc_32((unsigned long)___x); \
++ ___retval; \
++})
++
++#define vmalloc_32_user(x) \
++({ \
++void *___retval; \
++ intoverflow_t ___x = (intoverflow_t)x; \
++ if (WARN(___x > ULONG_MAX, "vmalloc_32_user size overflow\n"))\
++ ___retval = NULL; \
++ else \
++ ___retval = vmalloc_32_user((unsigned long)___x);\
++ ___retval; \
++})
++
+ #endif /* _LINUX_VMALLOC_H */
diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h
index 65efb92..137adbb 100644
--- a/include/linux/vmstat.h
@@ -64351,10 +62953,10 @@ index c7c40f1..4f01585 100644
/*
* Newer version of video_device, handled by videodev2.c
diff --git a/include/media/v4l2-ioctl.h b/include/media/v4l2-ioctl.h
-index 4d1c74a..65e1221 100644
+index 3f5d60f..44210ed 100644
--- a/include/media/v4l2-ioctl.h
+++ b/include/media/v4l2-ioctl.h
-@@ -274,7 +274,7 @@ struct v4l2_ioctl_ops {
+@@ -278,7 +278,7 @@ struct v4l2_ioctl_ops {
long (*vidioc_default) (struct file *file, void *fh,
bool valid_prio, int cmd, void *arg);
};
@@ -64401,10 +63003,10 @@ index 9e5425b..8136ffc 100644
/* Protects from simultaneous access to first_req list */
spinlock_t info_list_lock;
diff --git a/include/net/flow.h b/include/net/flow.h
-index 2a7eefd..3250f3b 100644
+index 6c469db..7743b8e 100644
--- a/include/net/flow.h
+++ b/include/net/flow.h
-@@ -218,6 +218,6 @@ extern struct flow_cache_object *flow_cache_lookup(
+@@ -221,6 +221,6 @@ extern struct flow_cache_object *flow_cache_lookup(
extern void flow_cache_flush(void);
extern void flow_cache_flush_deferred(void);
@@ -64413,7 +63015,7 @@ index 2a7eefd..3250f3b 100644
#endif
diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h
-index e9ff3fc..9d3e5c7 100644
+index b94765e..053f68b 100644
--- a/include/net/inetpeer.h
+++ b/include/net/inetpeer.h
@@ -48,8 +48,8 @@ struct inet_peer {
@@ -64427,7 +63029,7 @@ index e9ff3fc..9d3e5c7 100644
__u32 tcp_ts;
__u32 tcp_ts_stamp;
};
-@@ -113,11 +113,11 @@ static inline int inet_getid(struct inet_peer *p, int more)
+@@ -115,11 +115,11 @@ static inline int inet_getid(struct inet_peer *p, int more)
more++;
inet_peer_refcheck(p);
do {
@@ -64455,7 +63057,7 @@ index 10422ef..662570f 100644
fib_info_update_nh_saddr((net), &FIB_RES_NH(res)))
#define FIB_RES_GW(res) (FIB_RES_NH(res).nh_gw)
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
-index e5a7b9a..f4fc44b 100644
+index ebe517f..1bd286b 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -509,7 +509,7 @@ struct ip_vs_conn {
@@ -64513,10 +63115,10 @@ index 59ba38bc..d515662 100644
/* Protect concurent access to :
* o self->open_count
diff --git a/include/net/iucv/af_iucv.h b/include/net/iucv/af_iucv.h
-index f2419cf..473679f 100644
+index 0954ec9..7413562 100644
--- a/include/net/iucv/af_iucv.h
+++ b/include/net/iucv/af_iucv.h
-@@ -139,7 +139,7 @@ struct iucv_sock {
+@@ -138,7 +138,7 @@ struct iucv_sock {
struct iucv_sock_list {
struct hlist_head head;
rwlock_t lock;
@@ -64526,10 +63128,10 @@ index f2419cf..473679f 100644
unsigned int iucv_sock_poll(struct file *file, struct socket *sock,
diff --git a/include/net/neighbour.h b/include/net/neighbour.h
-index 2720884..3aa5c25 100644
+index 34c996f..bb3b4d4 100644
--- a/include/net/neighbour.h
+++ b/include/net/neighbour.h
-@@ -122,7 +122,7 @@ struct neigh_ops {
+@@ -123,7 +123,7 @@ struct neigh_ops {
void (*error_report)(struct neighbour *, struct sk_buff *);
int (*output)(struct neighbour *, struct sk_buff *);
int (*connected_output)(struct neighbour *, struct sk_buff *);
@@ -64552,12 +63154,12 @@ index cb1f350..3279d2c 100644
/**
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
-index d786b4f..4c3dd41 100644
+index bbd023a..97c6d0d 100644
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h
-@@ -56,8 +56,8 @@ struct netns_ipv4 {
-
+@@ -57,8 +57,8 @@ struct netns_ipv4 {
unsigned int sysctl_ping_group_range[2];
+ long sysctl_tcp_mem[3];
- atomic_t rt_genid;
- atomic_t dev_addr_genid;
@@ -64567,7 +63169,7 @@ index d786b4f..4c3dd41 100644
#ifdef CONFIG_IP_MROUTE
#ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES
diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
-index 6a72a58..e6a127d 100644
+index d368561..96aaa17 100644
--- a/include/net/sctp/sctp.h
+++ b/include/net/sctp/sctp.h
@@ -318,9 +318,9 @@ do { \
@@ -64584,10 +63186,10 @@ index 6a72a58..e6a127d 100644
#define SCTP_DISABLE_DEBUG
#define SCTP_ASSERT(expr, str, func)
diff --git a/include/net/sock.h b/include/net/sock.h
-index 32e3937..87a1dbc 100644
+index 91c1c8b..15ae923 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
-@@ -277,7 +277,7 @@ struct sock {
+@@ -299,7 +299,7 @@ struct sock {
#ifdef CONFIG_RPS
__u32 sk_rxhash;
#endif
@@ -64596,7 +63198,7 @@ index 32e3937..87a1dbc 100644
int sk_rcvbuf;
struct sk_filter __rcu *sk_filter;
-@@ -1402,7 +1402,7 @@ static inline void sk_nocaps_add(struct sock *sk, int flags)
+@@ -1660,7 +1660,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
}
static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb,
@@ -64606,10 +63208,10 @@ index 32e3937..87a1dbc 100644
{
if (skb->ip_summed == CHECKSUM_NONE) {
diff --git a/include/net/tcp.h b/include/net/tcp.h
-index bb18c4d..bb87972 100644
+index 2d80c29..aa07caf 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
-@@ -1409,7 +1409,7 @@ struct tcp_seq_afinfo {
+@@ -1426,7 +1426,7 @@ struct tcp_seq_afinfo {
char *name;
sa_family_t family;
const struct file_operations *seq_fops;
@@ -64619,10 +63221,10 @@ index bb18c4d..bb87972 100644
struct tcp_iter_state {
diff --git a/include/net/udp.h b/include/net/udp.h
-index 3b285f4..0219639 100644
+index e39592f..fef9680 100644
--- a/include/net/udp.h
+++ b/include/net/udp.h
-@@ -237,7 +237,7 @@ struct udp_seq_afinfo {
+@@ -243,7 +243,7 @@ struct udp_seq_afinfo {
sa_family_t family;
struct udp_table *udp_table;
const struct file_operations *seq_fops;
@@ -64632,7 +63234,7 @@ index 3b285f4..0219639 100644
struct udp_iter_state {
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
-index b203e14..1df3991 100644
+index 89174e2..1f82598 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -505,7 +505,7 @@ struct xfrm_policy {
@@ -64658,7 +63260,7 @@ index 1a046b1..ee0bef0 100644
/**
* iw_create_cm_id - Create an IW CM identifier.
diff --git a/include/scsi/libfc.h b/include/scsi/libfc.h
-index 5d1a758..1dbf795 100644
+index 6a3922f..0b73022 100644
--- a/include/scsi/libfc.h
+++ b/include/scsi/libfc.h
@@ -748,6 +748,7 @@ struct libfc_function_template {
@@ -64679,7 +63281,7 @@ index 5d1a758..1dbf795 100644
u8 qfull;
enum fc_lport_state state;
diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h
-index 5591ed5..13eb457 100644
+index 77273f2..dd4031f 100644
--- a/include/scsi/scsi_device.h
+++ b/include/scsi/scsi_device.h
@@ -161,9 +161,9 @@ struct scsi_device {
@@ -64735,7 +63337,7 @@ index 8c05e47..2b5df97 100644
struct snd_hwdep {
struct snd_card *card;
diff --git a/include/sound/info.h b/include/sound/info.h
-index 5492cc4..1a65278 100644
+index 9ca1a49..aba1728 100644
--- a/include/sound/info.h
+++ b/include/sound/info.h
@@ -44,7 +44,7 @@ struct snd_info_entry_text {
@@ -64773,10 +63375,10 @@ index af1b49e..a5d55a5 100644
/*
* CSP private data
diff --git a/include/sound/soc.h b/include/sound/soc.h
-index 11cfb59..e3f93f4 100644
+index 0992dff..bb366fe 100644
--- a/include/sound/soc.h
+++ b/include/sound/soc.h
-@@ -683,7 +683,7 @@ struct snd_soc_platform_driver {
+@@ -682,7 +682,7 @@ struct snd_soc_platform_driver {
/* platform IO - used for platform DAPM */
unsigned int (*read)(struct snd_soc_platform *, unsigned int);
int (*write)(struct snd_soc_platform *, unsigned int, unsigned int);
@@ -64785,6 +63387,15 @@ index 11cfb59..e3f93f4 100644
struct snd_soc_platform {
const char *name;
+@@ -852,7 +852,7 @@ struct snd_soc_pcm_runtime {
+ struct snd_soc_dai_link *dai_link;
+ struct mutex pcm_mutex;
+ enum snd_soc_pcm_subclass pcm_subclass;
+- struct snd_pcm_ops ops;
++ snd_pcm_ops_no_const ops;
+
+ unsigned int complete:1;
+ unsigned int dev_registered:1;
diff --git a/include/sound/ymfpci.h b/include/sound/ymfpci.h
index 444cd6b..3327cc5 100644
--- a/include/sound/ymfpci.h
@@ -64799,10 +63410,10 @@ index 444cd6b..3327cc5 100644
const struct firmware *dsp_microcode;
const struct firmware *controller_microcode;
diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
-index 94bbec3..3a8c6b0 100644
+index dc4e345..6bf6080 100644
--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
-@@ -346,7 +346,7 @@ struct t10_reservation_ops {
+@@ -443,7 +443,7 @@ struct t10_reservation_ops {
int (*t10_seq_non_holder)(struct se_cmd *, unsigned char *, u32);
int (*t10_pr_register)(struct se_cmd *);
int (*t10_pr_clear)(struct se_cmd *);
@@ -64811,7 +63422,7 @@ index 94bbec3..3a8c6b0 100644
struct t10_reservation {
/* Reservation effects all target ports */
-@@ -465,8 +465,8 @@ struct se_cmd {
+@@ -561,8 +561,8 @@ struct se_cmd {
atomic_t t_se_count;
atomic_t t_task_cdbs_left;
atomic_t t_task_cdbs_ex_left;
@@ -64822,10 +63433,10 @@ index 94bbec3..3a8c6b0 100644
atomic_t t_transport_active;
atomic_t t_transport_complete;
atomic_t t_transport_queue_active;
-@@ -705,7 +705,7 @@ struct se_device {
+@@ -799,7 +799,7 @@ struct se_device {
+ spinlock_t stats_lock;
/* Active commands on this virtual SE device */
atomic_t simple_cmds;
- atomic_t depth_left;
- atomic_t dev_ordered_id;
+ atomic_unchecked_t dev_ordered_id;
atomic_t execute_tasks;
@@ -64885,10 +63496,18 @@ index 0993a22..32ba2fe 100644
void *pmi_pal;
u8 *vbe_state_orig; /*
diff --git a/init/Kconfig b/init/Kconfig
-index 43298f9..2f56c12 100644
+index 3f42cd6..613f41d 100644
--- a/init/Kconfig
+++ b/init/Kconfig
-@@ -1214,7 +1214,7 @@ config SLUB_DEBUG
+@@ -799,6 +799,7 @@ endif # CGROUPS
+
+ config CHECKPOINT_RESTORE
+ bool "Checkpoint/restore support" if EXPERT
++ depends on !GRKERNSEC
+ default n
+ help
+ Enables additional kernel features in a sake of checkpoint/restore.
+@@ -1249,7 +1250,7 @@ config SLUB_DEBUG
config COMPAT_BRK
bool "Disable heap randomization"
@@ -64898,24 +63517,24 @@ index 43298f9..2f56c12 100644
Randomizing heap placement makes heap exploits harder, but it
also breaks ancient binaries (including anything libc5 based).
diff --git a/init/do_mounts.c b/init/do_mounts.c
-index db6e5ee..7677ff7 100644
+index 2974c8b..0b863ae 100644
--- a/init/do_mounts.c
+++ b/init/do_mounts.c
-@@ -325,11 +325,11 @@ static void __init get_fs_names(char *page)
-
+@@ -326,11 +326,11 @@ static void __init get_fs_names(char *page)
static int __init do_mount_root(char *name, char *fs, int flags, void *data)
{
+ struct super_block *s;
- int err = sys_mount(name, "/root", fs, flags, data);
+ int err = sys_mount((char __force_user *)name, (char __force_user *)"/root", (char __force_user *)fs, flags, (void __force_user *)data);
if (err)
return err;
- sys_chdir((const char __user __force *)"/root");
-+ sys_chdir((const char __force_user*)"/root");
- ROOT_DEV = current->fs->pwd.mnt->mnt_sb->s_dev;
++ sys_chdir((const char __force_user *)"/root");
+ s = current->fs->pwd.dentry->d_sb;
+ ROOT_DEV = s->s_dev;
printk(KERN_INFO
- "VFS: Mounted root (%s filesystem)%s on device %u:%u.\n",
-@@ -448,18 +448,18 @@ void __init change_floppy(char *fmt, ...)
+@@ -450,18 +450,18 @@ void __init change_floppy(char *fmt, ...)
va_start(args, fmt);
vsprintf(buf, fmt, args);
va_end(args);
@@ -64937,7 +63556,7 @@ index db6e5ee..7677ff7 100644
termios.c_lflag |= ICANON;
sys_ioctl(fd, TCSETSF, (long)&termios);
sys_close(fd);
-@@ -553,6 +553,6 @@ void __init prepare_namespace(void)
+@@ -555,6 +555,6 @@ void __init prepare_namespace(void)
mount_root();
out:
devtmpfs_mount("dev");
@@ -65088,7 +63707,7 @@ index 32c4799..c27ee74 100644
sys_ioctl(fd, RAID_AUTORUN, raid_autopart);
sys_close(fd);
diff --git a/init/initramfs.c b/init/initramfs.c
-index 2531811..040d4d4 100644
+index 8216c30..25e8e32 100644
--- a/init/initramfs.c
+++ b/init/initramfs.c
@@ -74,7 +74,7 @@ static void __init free_hash(void)
@@ -65118,7 +63737,7 @@ index 2531811..040d4d4 100644
}
return 0;
}
-@@ -280,11 +280,11 @@ static void __init clean_path(char *path, mode_t mode)
+@@ -280,11 +280,11 @@ static void __init clean_path(char *path, umode_t mode)
{
struct stat st;
@@ -65200,7 +63819,7 @@ index 2531811..040d4d4 100644
next_state = Reset;
return 0;
diff --git a/init/main.c b/init/main.c
-index 217ed23..ec5406f 100644
+index ff49a6d..5fa0429 100644
--- a/init/main.c
+++ b/init/main.c
@@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { }
@@ -65262,7 +63881,7 @@ index 217ed23..ec5406f 100644
static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
static const char *panic_later, *panic_param;
-@@ -681,6 +726,7 @@ int __init_or_module do_one_initcall(initcall_t fn)
+@@ -675,6 +720,7 @@ int __init_or_module do_one_initcall(initcall_t fn)
{
int count = preempt_count();
int ret;
@@ -65270,7 +63889,7 @@ index 217ed23..ec5406f 100644
if (initcall_debug)
ret = do_one_initcall_debug(fn);
-@@ -693,15 +739,15 @@ int __init_or_module do_one_initcall(initcall_t fn)
+@@ -687,15 +733,15 @@ int __init_or_module do_one_initcall(initcall_t fn)
sprintf(msgbuf, "error code %d ", ret);
if (preempt_count() != count) {
@@ -65290,7 +63909,7 @@ index 217ed23..ec5406f 100644
}
return ret;
-@@ -820,7 +866,7 @@ static int __init kernel_init(void * unused)
+@@ -814,7 +860,7 @@ static int __init kernel_init(void * unused)
do_basic_setup();
/* Open the /dev/console on the rootfs, this should never fail */
@@ -65299,7 +63918,7 @@ index 217ed23..ec5406f 100644
printk(KERN_WARNING "Warning: unable to open an initial console.\n");
(void) sys_dup(0);
-@@ -833,11 +879,13 @@ static int __init kernel_init(void * unused)
+@@ -827,11 +873,13 @@ static int __init kernel_init(void * unused)
if (!ramdisk_execute_command)
ramdisk_execute_command = "/init";
@@ -65315,7 +63934,7 @@ index 217ed23..ec5406f 100644
* Ok, we have completed the initial bootup, and
* we're essentially up and running. Get rid of the
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
-index 5b4293d..f179875 100644
+index 86ee272..773d937 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -156,6 +156,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb,
@@ -65325,7 +63944,7 @@ index 5b4293d..f179875 100644
+ gr_learn_resource(current, RLIMIT_MSGQUEUE, u->mq_bytes + mq_bytes, 1);
spin_lock(&mq_lock);
if (u->mq_bytes + mq_bytes < u->mq_bytes ||
- u->mq_bytes + mq_bytes > task_rlimit(p, RLIMIT_MSGQUEUE)) {
+ u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) {
diff --git a/ipc/msg.c b/ipc/msg.c
index 7385de2..a8180e08 100644
--- a/ipc/msg.c
@@ -65482,10 +64101,10 @@ index b76be5b..859e750 100644
shm_unlock(shp);
diff --git a/kernel/acct.c b/kernel/acct.c
-index fa7eb3d..7faf116 100644
+index 02e6167..54824f7 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
-@@ -570,7 +570,7 @@ static void do_acct_process(struct bsd_acct_struct *acct,
+@@ -550,7 +550,7 @@ static void do_acct_process(struct bsd_acct_struct *acct,
*/
flim = current->signal->rlim[RLIMIT_FSIZE].rlim_cur;
current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY;
@@ -65495,7 +64114,7 @@ index fa7eb3d..7faf116 100644
current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
set_fs(fs);
diff --git a/kernel/audit.c b/kernel/audit.c
-index 09fae26..ed71d5b 100644
+index bb0eb5b..cf2a03a 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -115,7 +115,7 @@ u32 audit_sig_sid = 0;
@@ -65534,38 +64153,11 @@ index 09fae26..ed71d5b 100644
status_set.backlog = skb_queue_len(&audit_skb_queue);
audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0,
&status_set, sizeof(status_set));
-@@ -1260,12 +1260,13 @@ static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
- avail = audit_expand(ab,
- max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail));
- if (!avail)
-- goto out;
-+ goto out_va_end;
- len = vsnprintf(skb_tail_pointer(skb), avail, fmt, args2);
- }
-- va_end(args2);
- if (len > 0)
- skb_put(skb, len);
-+out_va_end:
-+ va_end(args2);
- out:
- return;
- }
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
-index 47b7fc1..c003c33 100644
+index af1de0f..06dfe57 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
-@@ -1166,8 +1166,8 @@ static void audit_log_execve_info(struct audit_context *context,
- struct audit_buffer **ab,
- struct audit_aux_data_execve *axi)
- {
-- int i;
-- size_t len, len_sent = 0;
-+ int i, len;
-+ size_t len_sent = 0;
- const char __user *p;
- char *buf;
-
-@@ -2118,7 +2118,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
+@@ -2288,7 +2288,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
}
/* global counter which is incremented every time something logs in */
@@ -65573,18 +64165,18 @@ index 47b7fc1..c003c33 100644
+static atomic_unchecked_t session_id = ATOMIC_INIT(0);
/**
- * audit_set_loginuid - set a task's audit_context loginuid
-@@ -2131,7 +2131,7 @@ static atomic_t session_id = ATOMIC_INIT(0);
- */
- int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
- {
-- unsigned int sessionid = atomic_inc_return(&session_id);
-+ unsigned int sessionid = atomic_inc_return_unchecked(&session_id);
- struct audit_context *context = task->audit_context;
+ * audit_set_loginuid - set current task's audit_context loginuid
+@@ -2312,7 +2312,7 @@ int audit_set_loginuid(uid_t loginuid)
+ return -EPERM;
+ #endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
+- sessionid = atomic_inc_return(&session_id);
++ sessionid = atomic_inc_return_unchecked(&session_id);
if (context && context->in_syscall) {
+ struct audit_buffer *ab;
+
diff --git a/kernel/capability.c b/kernel/capability.c
-index b463871..fa3ea1f 100644
+index 3f1adb6..c564db0 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -202,6 +202,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr)
@@ -65597,16 +64189,43 @@ index b463871..fa3ea1f 100644
if (copy_to_user(dataptr, kdata, tocopy
* sizeof(struct __user_cap_data_struct))) {
return -EFAULT;
-@@ -374,7 +377,7 @@ bool ns_capable(struct user_namespace *ns, int cap)
+@@ -303,10 +306,11 @@ bool has_ns_capability(struct task_struct *t,
+ int ret;
+
+ rcu_read_lock();
+- ret = security_capable(__task_cred(t), ns, cap);
++ ret = security_capable(__task_cred(t), ns, cap) == 0 &&
++ gr_task_is_capable(t, __task_cred(t), cap);
+ rcu_read_unlock();
+
+- return (ret == 0);
++ return ret;
+ }
+
+ /**
+@@ -343,10 +347,10 @@ bool has_ns_capability_noaudit(struct task_struct *t,
+ int ret;
+
+ rcu_read_lock();
+- ret = security_capable_noaudit(__task_cred(t), ns, cap);
++ ret = security_capable_noaudit(__task_cred(t), ns, cap) == 0 && gr_task_is_capable_nolog(t, cap);
+ rcu_read_unlock();
+
+- return (ret == 0);
++ return ret;
+ }
+
+ /**
+@@ -384,7 +388,7 @@ bool ns_capable(struct user_namespace *ns, int cap)
BUG();
}
-- if (security_capable(ns, current_cred(), cap) == 0) {
-+ if (security_capable(ns, current_cred(), cap) == 0 && gr_is_capable(cap)) {
+- if (security_capable(current_cred(), ns, cap) == 0) {
++ if (security_capable(current_cred(), ns, cap) == 0 && gr_is_capable(cap)) {
current->flags |= PF_SUPERPRIV;
return true;
}
-@@ -382,6 +385,27 @@ bool ns_capable(struct user_namespace *ns, int cap)
+@@ -392,6 +396,21 @@ bool ns_capable(struct user_namespace *ns, int cap)
}
EXPORT_SYMBOL(ns_capable);
@@ -65617,7 +64236,7 @@ index b463871..fa3ea1f 100644
+ BUG();
+ }
+
-+ if (security_capable(ns, current_cred(), cap) == 0 && gr_is_capable_nolog(cap)) {
++ if (security_capable(current_cred(), ns, cap) == 0 && gr_is_capable_nolog(cap)) {
+ current->flags |= PF_SUPERPRIV;
+ return true;
+ }
@@ -65625,24 +64244,18 @@ index b463871..fa3ea1f 100644
+}
+EXPORT_SYMBOL(ns_capable_nolog);
+
-+bool capable_nolog(int cap)
-+{
-+ return ns_capable_nolog(&init_user_ns, cap);
-+}
-+EXPORT_SYMBOL(capable_nolog);
-+
/**
- * task_ns_capable - Determine whether current task has a superior
- * capability targeted at a specific task's user namespace.
-@@ -396,6 +420,12 @@ bool task_ns_capable(struct task_struct *t, int cap)
+ * capable - Determine if the current task has a superior capability in effect
+ * @cap: The capability to be tested for
+@@ -408,6 +427,12 @@ bool capable(int cap)
}
- EXPORT_SYMBOL(task_ns_capable);
+ EXPORT_SYMBOL(capable);
-+bool task_ns_capable_nolog(struct task_struct *t, int cap)
++bool capable_nolog(int cap)
+{
-+ return ns_capable_nolog(task_cred_xxx(t, user)->user_ns, cap);
++ return ns_capable_nolog(&init_user_ns, cap);
+}
-+EXPORT_SYMBOL(task_ns_capable_nolog);
++EXPORT_SYMBOL(capable_nolog);
+
/**
* nsown_capable - Check superior capability to one's own user_ns
@@ -66036,7 +64649,7 @@ index 0d7c087..01b8cef 100644
}
EXPORT_SYMBOL_GPL(kgdb_schedule_breakpoint);
diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
-index 63786e7..0780cac 100644
+index e2ae734..08a4c5c 100644
--- a/kernel/debug/kdb/kdb_main.c
+++ b/kernel/debug/kdb/kdb_main.c
@@ -1980,7 +1980,7 @@ static int kdb_lsmod(int argc, const char **argv)
@@ -66046,7 +64659,7 @@ index 63786e7..0780cac 100644
- mod->core_size, (void *)mod);
+ mod->core_size_rx + mod->core_size_rw, (void *)mod);
#ifdef CONFIG_MODULE_UNLOAD
- kdb_printf("%4d ", module_refcount(mod));
+ kdb_printf("%4ld ", module_refcount(mod));
#endif
@@ -1990,7 +1990,7 @@ static int kdb_lsmod(int argc, const char **argv)
kdb_printf(" (Loading)");
@@ -66058,7 +64671,7 @@ index 63786e7..0780cac 100644
#ifdef CONFIG_MODULE_UNLOAD
{
diff --git a/kernel/events/core.c b/kernel/events/core.c
-index 58690af..d903d75 100644
+index 1b5c081..c375f83 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -173,7 +173,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write,
@@ -66070,7 +64683,7 @@ index 58690af..d903d75 100644
static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
enum event_type_t event_type);
-@@ -2540,7 +2540,7 @@ static void __perf_event_read(void *info)
+@@ -2581,7 +2581,7 @@ static void __perf_event_read(void *info)
static inline u64 perf_event_count(struct perf_event *event)
{
@@ -66079,7 +64692,7 @@ index 58690af..d903d75 100644
}
static u64 perf_event_read(struct perf_event *event)
-@@ -3065,9 +3065,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
+@@ -2897,9 +2897,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
mutex_lock(&event->child_mutex);
total += perf_event_read(event);
*enabled += event->total_time_enabled +
@@ -66091,7 +64704,7 @@ index 58690af..d903d75 100644
list_for_each_entry(child, &event->child_list, child_list) {
total += perf_event_read(child);
-@@ -3474,10 +3474,10 @@ void perf_event_update_userpage(struct perf_event *event)
+@@ -3306,10 +3306,10 @@ void perf_event_update_userpage(struct perf_event *event)
userpg->offset -= local64_read(&event->hw.prev_count);
userpg->time_enabled = enabled +
@@ -66104,7 +64717,7 @@ index 58690af..d903d75 100644
barrier();
++userpg->lock;
-@@ -3906,11 +3906,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
+@@ -3738,11 +3738,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
values[n++] = perf_event_count(event);
if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
values[n++] = enabled +
@@ -66118,7 +64731,7 @@ index 58690af..d903d75 100644
}
if (read_format & PERF_FORMAT_ID)
values[n++] = primary_event_id(event);
-@@ -4561,12 +4561,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
+@@ -4393,12 +4393,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
* need to add enough zero bytes after the string to handle
* the 64bit alignment we do later.
*/
@@ -66133,7 +64746,7 @@ index 58690af..d903d75 100644
if (IS_ERR(name)) {
name = strncpy(tmp, "//toolong", sizeof(tmp));
goto got_name;
-@@ -5921,7 +5921,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
+@@ -5765,7 +5765,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
event->parent = parent_event;
event->ns = get_pid_ns(current->nsproxy->pid_ns);
@@ -66142,7 +64755,7 @@ index 58690af..d903d75 100644
event->state = PERF_EVENT_STATE_INACTIVE;
-@@ -6443,10 +6443,10 @@ static void sync_child_event(struct perf_event *child_event,
+@@ -6287,10 +6287,10 @@ static void sync_child_event(struct perf_event *child_event,
/*
* Add back the child's count to the parent's count:
*/
@@ -66157,10 +64770,10 @@ index 58690af..d903d75 100644
/*
diff --git a/kernel/exit.c b/kernel/exit.c
-index e6e01b9..0a21b0a 100644
+index 4b4042f..5bdd8d5 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
-@@ -57,6 +57,10 @@
+@@ -58,6 +58,10 @@
#include <asm/pgtable.h>
#include <asm/mmu_context.h>
@@ -66171,7 +64784,7 @@ index e6e01b9..0a21b0a 100644
static void exit_mm(struct task_struct * tsk);
static void __unhash_process(struct task_struct *p, bool group_dead)
-@@ -168,6 +172,10 @@ void release_task(struct task_struct * p)
+@@ -169,6 +173,10 @@ void release_task(struct task_struct * p)
struct task_struct *leader;
int zap_leader;
repeat:
@@ -66182,7 +64795,7 @@ index e6e01b9..0a21b0a 100644
/* don't need to get the RCU readlock here - the process is dead and
* can't be modifying its own credentials. But shut RCU-lockdep up */
rcu_read_lock();
-@@ -380,7 +388,7 @@ int allow_signal(int sig)
+@@ -381,7 +389,7 @@ int allow_signal(int sig)
* know it'll be handled, so that they don't get converted to
* SIGKILL or just silently dropped.
*/
@@ -66191,7 +64804,7 @@ index e6e01b9..0a21b0a 100644
recalc_sigpending();
spin_unlock_irq(¤t->sighand->siglock);
return 0;
-@@ -416,6 +424,17 @@ void daemonize(const char *name, ...)
+@@ -417,6 +425,17 @@ void daemonize(const char *name, ...)
vsnprintf(current->comm, sizeof(current->comm), name, args);
va_end(args);
@@ -66209,7 +64822,7 @@ index e6e01b9..0a21b0a 100644
/*
* If we were started as result of loading a module, close all of the
* user space pages. We don't need them, and if we didn't close them
-@@ -893,6 +912,8 @@ NORET_TYPE void do_exit(long code)
+@@ -892,6 +911,8 @@ void do_exit(long code)
struct task_struct *tsk = current;
int group_dead;
@@ -66218,7 +64831,7 @@ index e6e01b9..0a21b0a 100644
profile_task_exit(tsk);
WARN_ON(blk_needs_flush_plug(tsk));
-@@ -909,7 +930,6 @@ NORET_TYPE void do_exit(long code)
+@@ -908,7 +929,6 @@ void do_exit(long code)
* mm_release()->clear_child_tid() from writing to a user-controlled
* kernel address.
*/
@@ -66226,7 +64839,7 @@ index e6e01b9..0a21b0a 100644
ptrace_event(PTRACE_EVENT_EXIT, code);
-@@ -971,6 +991,9 @@ NORET_TYPE void do_exit(long code)
+@@ -969,6 +989,9 @@ void do_exit(long code)
tsk->exit_code = code;
taskstats_exit(tsk, group_dead);
@@ -66236,20 +64849,20 @@ index e6e01b9..0a21b0a 100644
exit_mm(tsk);
if (group_dead)
-@@ -1068,7 +1091,7 @@ SYSCALL_DEFINE1(exit, int, error_code)
+@@ -1085,7 +1108,7 @@ SYSCALL_DEFINE1(exit, int, error_code)
* Take down every thread in the group. This is called by fatal signals
* as well as by sys_exit_group (below).
*/
--NORET_TYPE void
+-void
+__noreturn void
do_group_exit(int exit_code)
{
struct signal_struct *sig = current->signal;
diff --git a/kernel/fork.c b/kernel/fork.c
-index 0acf42c0..9e40e2e 100644
+index 26a7a67..a1053f9 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
-@@ -281,7 +281,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
+@@ -284,7 +284,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
*stackend = STACK_END_MAGIC; /* for overflow detection */
#ifdef CONFIG_CC_STACKPROTECTOR
@@ -66258,7 +64871,7 @@ index 0acf42c0..9e40e2e 100644
#endif
/*
-@@ -305,13 +305,77 @@ out:
+@@ -308,13 +308,77 @@ out:
}
#ifdef CONFIG_MMU
@@ -66338,7 +64951,7 @@ index 0acf42c0..9e40e2e 100644
down_write(&oldmm->mmap_sem);
flush_cache_dup_mm(oldmm);
-@@ -323,8 +387,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -326,8 +390,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
mm->locked_vm = 0;
mm->mmap = NULL;
mm->mmap_cache = NULL;
@@ -66349,7 +64962,7 @@ index 0acf42c0..9e40e2e 100644
mm->map_count = 0;
cpumask_clear(mm_cpumask(mm));
mm->mm_rb = RB_ROOT;
-@@ -340,8 +404,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -343,8 +407,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
prev = NULL;
for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) {
@@ -66358,7 +64971,7 @@ index 0acf42c0..9e40e2e 100644
if (mpnt->vm_flags & VM_DONTCOPY) {
long pages = vma_pages(mpnt);
mm->total_vm -= pages;
-@@ -349,53 +411,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -352,53 +414,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
-pages);
continue;
}
@@ -66416,7 +65029,7 @@ index 0acf42c0..9e40e2e 100644
/*
* Link in the new vma and copy the page table entries.
-@@ -418,6 +438,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -421,6 +441,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
if (retval)
goto out;
}
@@ -66448,7 +65061,7 @@ index 0acf42c0..9e40e2e 100644
/* a new mm has just been created */
arch_dup_mmap(oldmm, mm);
retval = 0;
-@@ -426,14 +471,6 @@ out:
+@@ -429,14 +474,6 @@ out:
flush_tlb_mm(oldmm);
up_write(&oldmm->mmap_sem);
return retval;
@@ -66463,34 +65076,18 @@ index 0acf42c0..9e40e2e 100644
}
static inline int mm_alloc_pgd(struct mm_struct *mm)
-@@ -645,6 +682,26 @@ struct mm_struct *get_task_mm(struct task_struct *task)
- }
- EXPORT_SYMBOL_GPL(get_task_mm);
+@@ -658,8 +695,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
+ return ERR_PTR(err);
-+struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
-+{
-+ struct mm_struct *mm;
-+ int err;
-+
-+ err = mutex_lock_killable(&task->signal->cred_guard_mutex);
-+ if (err)
-+ return ERR_PTR(err);
-+
-+ mm = get_task_mm(task);
+ mm = get_task_mm(task);
+- if (mm && mm != current->mm &&
+- !ptrace_may_access(task, mode)) {
+ if (mm && ((mm != current->mm && !ptrace_may_access(task, mode)) ||
-+ (mode == PTRACE_MODE_ATTACH && (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))))) {
-+ mmput(mm);
-+ mm = ERR_PTR(-EACCES);
-+ }
-+ mutex_unlock(&task->signal->cred_guard_mutex);
-+
-+ return mm;
-+}
-+
- /* Please note the differences between mmput and mm_release.
- * mmput is called whenever we stop holding onto a mm_struct,
- * error success whatever.
-@@ -830,13 +887,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
++ (mode == PTRACE_MODE_ATTACH && (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))))) {
+ mmput(mm);
+ mm = ERR_PTR(-EACCES);
+ }
+@@ -881,13 +918,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
spin_unlock(&fs->lock);
return -EAGAIN;
}
@@ -66506,7 +65103,7 @@ index 0acf42c0..9e40e2e 100644
return 0;
}
-@@ -1100,6 +1158,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1151,6 +1189,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
#endif
retval = -EAGAIN;
@@ -66516,7 +65113,7 @@ index 0acf42c0..9e40e2e 100644
if (atomic_read(&p->real_cred->user->processes) >=
task_rlimit(p, RLIMIT_NPROC)) {
if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
-@@ -1259,6 +1320,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1306,6 +1347,8 @@ static struct task_struct *copy_process(unsigned long clone_flags,
if (clone_flags & CLONE_THREAD)
p->tgid = current->tgid;
@@ -66525,7 +65122,7 @@ index 0acf42c0..9e40e2e 100644
p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL;
/*
* Clear TID on mm_release()?
-@@ -1421,6 +1484,8 @@ bad_fork_cleanup_count:
+@@ -1472,6 +1515,8 @@ bad_fork_cleanup_count:
bad_fork_free:
free_task(p);
fork_out:
@@ -66534,7 +65131,7 @@ index 0acf42c0..9e40e2e 100644
return ERR_PTR(retval);
}
-@@ -1521,6 +1586,8 @@ long do_fork(unsigned long clone_flags,
+@@ -1572,6 +1617,8 @@ long do_fork(unsigned long clone_flags,
if (clone_flags & CLONE_PARENT_SETTID)
put_user(nr, parent_tidptr);
@@ -66543,7 +65140,7 @@ index 0acf42c0..9e40e2e 100644
if (clone_flags & CLONE_VFORK) {
p->vfork_done = &vfork;
init_completion(&vfork);
-@@ -1630,7 +1697,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
+@@ -1670,7 +1717,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
return 0;
/* don't need lock here; in the worst case we'll do useless copy */
@@ -66552,7 +65149,7 @@ index 0acf42c0..9e40e2e 100644
return 0;
*new_fsp = copy_fs_struct(fs);
-@@ -1719,7 +1786,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -1759,7 +1806,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
fs = current->fs;
spin_lock(&fs->lock);
current->fs = new_fs;
@@ -66689,7 +65286,7 @@ index ae34bf5..4e2f3d0 100644
hrtimer_peek_ahead_timers();
}
diff --git a/kernel/jump_label.c b/kernel/jump_label.c
-index 66ff710..05a5128 100644
+index 01d3b70..9e4d098 100644
--- a/kernel/jump_label.c
+++ b/kernel/jump_label.c
@@ -55,7 +55,9 @@ jump_label_sort_entries(struct jump_entry *start, struct jump_entry *stop)
@@ -66702,7 +65299,7 @@ index 66ff710..05a5128 100644
}
static void jump_label_update(struct jump_label_key *key, int enable);
-@@ -303,10 +305,12 @@ static void jump_label_invalidate_module_init(struct module *mod)
+@@ -340,10 +342,12 @@ static void jump_label_invalidate_module_init(struct module *mod)
struct jump_entry *iter_stop = iter_start + mod->num_jump_entries;
struct jump_entry *iter;
@@ -66822,10 +65419,10 @@ index 079f1d3..a407562 100644
return -ENOMEM;
reset_iter(iter, 0);
diff --git a/kernel/kexec.c b/kernel/kexec.c
-index dc7bc08..4601964 100644
+index 7b08867..3bac516 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
-@@ -1048,7 +1048,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry,
+@@ -1047,7 +1047,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry,
unsigned long flags)
{
struct compat_kexec_segment in;
@@ -66836,10 +65433,10 @@ index dc7bc08..4601964 100644
/* Don't allow clients that don't understand the native
diff --git a/kernel/kmod.c b/kernel/kmod.c
-index a4bea97..7a1ae9a 100644
+index a0a8854..642b106 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
-@@ -73,13 +73,12 @@ char modprobe_path[KMOD_PATH_LEN] = "/sbin/modprobe";
+@@ -75,13 +75,12 @@ char modprobe_path[KMOD_PATH_LEN] = "/sbin/modprobe";
* If module auto-loading support is disabled then this function
* becomes a no-operation.
*/
@@ -66855,7 +65452,7 @@ index a4bea97..7a1ae9a 100644
static char *envp[] = { "HOME=/",
"TERM=linux",
"PATH=/sbin:/usr/sbin:/bin:/usr/bin",
-@@ -88,9 +87,7 @@ int __request_module(bool wait, const char *fmt, ...)
+@@ -90,9 +89,7 @@ int __request_module(bool wait, const char *fmt, ...)
#define MAX_KMOD_CONCURRENT 50 /* Completely arbitrary value - KAO */
static int kmod_loop_msg;
@@ -66866,7 +65463,7 @@ index a4bea97..7a1ae9a 100644
if (ret >= MODULE_NAME_LEN)
return -ENAMETOOLONG;
-@@ -98,6 +95,20 @@ int __request_module(bool wait, const char *fmt, ...)
+@@ -100,6 +97,20 @@ int __request_module(bool wait, const char *fmt, ...)
if (ret)
return ret;
@@ -66887,7 +65484,7 @@ index a4bea97..7a1ae9a 100644
/* If modprobe needs a service that is in a module, we get a recursive
* loop. Limit the number of running kmod threads to max_threads/2 or
* MAX_KMOD_CONCURRENT, whichever is the smaller. A cleaner method
-@@ -133,6 +144,47 @@ int __request_module(bool wait, const char *fmt, ...)
+@@ -135,6 +146,47 @@ int __request_module(bool wait, const char *fmt, ...)
atomic_dec(&kmod_concurrent);
return ret;
}
@@ -66935,7 +65532,7 @@ index a4bea97..7a1ae9a 100644
EXPORT_SYMBOL(__request_module);
#endif /* CONFIG_MODULES */
-@@ -222,7 +274,7 @@ static int wait_for_helper(void *data)
+@@ -224,7 +276,7 @@ static int wait_for_helper(void *data)
*
* Thus the __user pointer cast is valid here.
*/
@@ -66945,7 +65542,7 @@ index a4bea97..7a1ae9a 100644
/*
* If ret is 0, either ____call_usermodehelper failed and the
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
-index bc90b87..43c7d8c 100644
+index c62b854..cb67968 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -185,7 +185,7 @@ static kprobe_opcode_t __kprobes *__get_insn_slot(struct kprobe_insn_cache *c)
@@ -66985,10 +65582,10 @@ index bc90b87..43c7d8c 100644
head = &kprobe_table[i];
preempt_disable();
diff --git a/kernel/lockdep.c b/kernel/lockdep.c
-index b2e08c9..01d8049 100644
+index 8889f7d..95319b7 100644
--- a/kernel/lockdep.c
+++ b/kernel/lockdep.c
-@@ -592,6 +592,10 @@ static int static_obj(void *obj)
+@@ -590,6 +590,10 @@ static int static_obj(void *obj)
end = (unsigned long) &_end,
addr = (unsigned long) obj;
@@ -66999,7 +65596,7 @@ index b2e08c9..01d8049 100644
/*
* static variable?
*/
-@@ -731,6 +735,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force)
+@@ -730,6 +734,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force)
if (!static_obj(lock->key)) {
debug_locks_off();
printk("INFO: trying to register non-static key.\n");
@@ -67030,7 +65627,7 @@ index 91c32a0..b2c71c5 100644
if (!name) {
diff --git a/kernel/module.c b/kernel/module.c
-index 178333c..04e3408 100644
+index 2c93276..476fe81 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -58,6 +58,7 @@
@@ -67041,7 +65638,7 @@ index 178333c..04e3408 100644
#define CREATE_TRACE_POINTS
#include <trace/events/module.h>
-@@ -119,7 +120,8 @@ static BLOCKING_NOTIFIER_HEAD(module_notify_list);
+@@ -113,7 +114,8 @@ static BLOCKING_NOTIFIER_HEAD(module_notify_list);
/* Bounds of module allocation, for speeding __module_address.
* Protected by module_mutex. */
@@ -67051,7 +65648,7 @@ index 178333c..04e3408 100644
int register_module_notifier(struct notifier_block * nb)
{
-@@ -284,7 +286,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
+@@ -277,7 +279,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
return true;
list_for_each_entry_rcu(mod, &modules, list) {
@@ -67060,7 +65657,7 @@ index 178333c..04e3408 100644
{ mod->syms, mod->syms + mod->num_syms, mod->crcs,
NOT_GPL_ONLY, false },
{ mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms,
-@@ -306,7 +308,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
+@@ -299,7 +301,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
#endif
};
@@ -67069,7 +65666,7 @@ index 178333c..04e3408 100644
return true;
}
return false;
-@@ -438,7 +440,7 @@ static inline void __percpu *mod_percpu(struct module *mod)
+@@ -431,7 +433,7 @@ static inline void __percpu *mod_percpu(struct module *mod)
static int percpu_modalloc(struct module *mod,
unsigned long size, unsigned long align)
{
@@ -67078,7 +65675,25 @@ index 178333c..04e3408 100644
printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n",
mod->name, align, PAGE_SIZE);
align = PAGE_SIZE;
-@@ -1183,7 +1185,7 @@ resolve_symbol_wait(struct module *mod,
+@@ -1001,7 +1003,7 @@ struct module_attribute module_uevent =
+ static ssize_t show_coresize(struct module_attribute *mattr,
+ struct module_kobject *mk, char *buffer)
+ {
+- return sprintf(buffer, "%u\n", mk->mod->core_size);
++ return sprintf(buffer, "%u\n", mk->mod->core_size_rx + mk->mod->core_size_rw);
+ }
+
+ static struct module_attribute modinfo_coresize =
+@@ -1010,7 +1012,7 @@ static struct module_attribute modinfo_coresize =
+ static ssize_t show_initsize(struct module_attribute *mattr,
+ struct module_kobject *mk, char *buffer)
+ {
+- return sprintf(buffer, "%u\n", mk->mod->init_size);
++ return sprintf(buffer, "%u\n", mk->mod->init_size_rx + mk->mod->init_size_rw);
+ }
+
+ static struct module_attribute modinfo_initsize =
+@@ -1224,7 +1226,7 @@ resolve_symbol_wait(struct module *mod,
*/
#ifdef CONFIG_SYSFS
@@ -67087,7 +65702,7 @@ index 178333c..04e3408 100644
static inline bool sect_empty(const Elf_Shdr *sect)
{
return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0;
-@@ -1649,21 +1651,21 @@ static void set_section_ro_nx(void *base,
+@@ -1690,21 +1692,21 @@ static void set_section_ro_nx(void *base,
static void unset_module_core_ro_nx(struct module *mod)
{
@@ -67117,7 +65732,7 @@ index 178333c..04e3408 100644
set_memory_rw);
}
-@@ -1674,14 +1676,14 @@ void set_all_modules_text_rw(void)
+@@ -1715,14 +1717,14 @@ void set_all_modules_text_rw(void)
mutex_lock(&module_mutex);
list_for_each_entry_rcu(mod, &modules, list) {
@@ -67138,7 +65753,7 @@ index 178333c..04e3408 100644
set_memory_rw);
}
}
-@@ -1695,14 +1697,14 @@ void set_all_modules_text_ro(void)
+@@ -1736,14 +1738,14 @@ void set_all_modules_text_ro(void)
mutex_lock(&module_mutex);
list_for_each_entry_rcu(mod, &modules, list) {
@@ -67159,7 +65774,7 @@ index 178333c..04e3408 100644
set_memory_ro);
}
}
-@@ -1748,16 +1750,19 @@ static void free_module(struct module *mod)
+@@ -1789,16 +1791,19 @@ static void free_module(struct module *mod)
/* This may be NULL, but that's OK */
unset_module_init_ro_nx(mod);
@@ -67182,7 +65797,7 @@ index 178333c..04e3408 100644
#ifdef CONFIG_MPU
update_protections(current->mm);
-@@ -1826,10 +1831,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1867,10 +1872,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
unsigned int i;
int ret = 0;
const struct kernel_symbol *ksym;
@@ -67214,7 +65829,7 @@ index 178333c..04e3408 100644
switch (sym[i].st_shndx) {
case SHN_COMMON:
/* We compiled with -fno-common. These are not
-@@ -1850,7 +1876,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1891,7 +1917,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
ksym = resolve_symbol_wait(mod, info, name);
/* Ok if resolved. */
if (ksym && !IS_ERR(ksym)) {
@@ -67224,7 +65839,7 @@ index 178333c..04e3408 100644
break;
}
-@@ -1869,11 +1897,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1910,11 +1938,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
secbase = (unsigned long)mod_percpu(mod);
else
secbase = info->sechdrs[sym[i].st_shndx].sh_addr;
@@ -67245,7 +65860,7 @@ index 178333c..04e3408 100644
return ret;
}
-@@ -1977,22 +2014,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
+@@ -2018,22 +2055,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
|| s->sh_entsize != ~0UL
|| strstarts(sname, ".init"))
continue;
@@ -67254,7 +65869,7 @@ index 178333c..04e3408 100644
+ s->sh_entsize = get_offset(mod, &mod->core_size_rw, s, i);
+ else
+ s->sh_entsize = get_offset(mod, &mod->core_size_rx, s, i);
- DEBUGP("\t%s\n", name);
+ pr_debug("\t%s\n", sname);
}
- switch (m) {
- case 0: /* executable */
@@ -67271,8 +65886,8 @@ index 178333c..04e3408 100644
- }
}
- DEBUGP("Init section allocation order:\n");
-@@ -2006,23 +2033,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
+ pr_debug("Init section allocation order:\n");
+@@ -2047,23 +2074,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
|| s->sh_entsize != ~0UL
|| !strstarts(sname, ".init"))
continue;
@@ -67283,7 +65898,7 @@ index 178333c..04e3408 100644
+ else
+ s->sh_entsize = get_offset(mod, &mod->init_size_rx, s, i);
+ s->sh_entsize |= INIT_OFFSET_MASK;
- DEBUGP("\t%s\n", sname);
+ pr_debug("\t%s\n", sname);
}
- switch (m) {
- case 0: /* executable */
@@ -67301,41 +65916,34 @@ index 178333c..04e3408 100644
}
}
-@@ -2187,7 +2204,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
+@@ -2235,7 +2252,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
/* Put symbol section at end of init part of module. */
symsect->sh_flags |= SHF_ALLOC;
- symsect->sh_entsize = get_offset(mod, &mod->init_size, symsect,
+ symsect->sh_entsize = get_offset(mod, &mod->init_size_rx, symsect,
info->index.sym) | INIT_OFFSET_MASK;
- DEBUGP("\t%s\n", info->secstrings + symsect->sh_name);
+ pr_debug("\t%s\n", info->secstrings + symsect->sh_name);
-@@ -2204,19 +2221,19 @@ static void layout_symtab(struct module *mod, struct load_info *info)
+@@ -2250,13 +2267,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
}
/* Append room for core symbols at end of core part. */
- info->symoffs = ALIGN(mod->core_size, symsect->sh_addralign ?: 1);
-- mod->core_size = info->symoffs + ndst * sizeof(Elf_Sym);
+- info->stroffs = mod->core_size = info->symoffs + ndst * sizeof(Elf_Sym);
+- mod->core_size += strtab_size;
+ info->symoffs = ALIGN(mod->core_size_rx, symsect->sh_addralign ?: 1);
-+ mod->core_size_rx = info->symoffs + ndst * sizeof(Elf_Sym);
++ info->stroffs = mod->core_size_rx = info->symoffs + ndst * sizeof(Elf_Sym);
++ mod->core_size_rx += strtab_size;
/* Put string table section at end of init part of module. */
strsect->sh_flags |= SHF_ALLOC;
- strsect->sh_entsize = get_offset(mod, &mod->init_size, strsect,
+ strsect->sh_entsize = get_offset(mod, &mod->init_size_rx, strsect,
info->index.str) | INIT_OFFSET_MASK;
- DEBUGP("\t%s\n", info->secstrings + strsect->sh_name);
-
- /* Append room for core symbols' strings at end of core part. */
-- info->stroffs = mod->core_size;
-+ info->stroffs = mod->core_size_rx;
- __set_bit(0, info->strmap);
-- mod->core_size += bitmap_weight(info->strmap, strsect->sh_size);
-+ mod->core_size_rx += bitmap_weight(info->strmap, strsect->sh_size);
+ pr_debug("\t%s\n", info->secstrings + strsect->sh_name);
}
-
- static void add_kallsyms(struct module *mod, const struct load_info *info)
-@@ -2232,11 +2249,13 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2274,12 +2291,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
/* Make sure we get permanent strtab: don't use info->strtab. */
mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr;
@@ -67346,25 +65954,22 @@ index 178333c..04e3408 100644
mod->symtab[i].st_info = elf_type(&mod->symtab[i], info);
- mod->core_symtab = dst = mod->module_core + info->symoffs;
+- mod->core_strtab = s = mod->module_core + info->stroffs;
+ mod->core_symtab = dst = mod->module_core_rx + info->symoffs;
++ mod->core_strtab = s = mod->module_core_rx + info->stroffs;
src = mod->symtab;
*dst = *src;
- for (ndst = i = 1; i < mod->num_symtab; ++i, ++src) {
-@@ -2249,10 +2268,12 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+ *s++ = 0;
+@@ -2292,6 +2311,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+ s += strlcpy(s, &mod->strtab[src->st_name], KSYM_NAME_LEN) + 1;
}
mod->core_num_syms = ndst;
-
-- mod->core_strtab = s = mod->module_core + info->stroffs;
-+ mod->core_strtab = s = mod->module_core_rx + info->stroffs;
- for (*s = 0, i = 1; i < info->sechdrs[info->index.str].sh_size; ++i)
- if (test_bit(i, info->strmap))
- *++s = mod->strtab[i];
+
+ pax_close_kernel();
}
#else
static inline void layout_symtab(struct module *mod, struct load_info *info)
-@@ -2286,17 +2307,33 @@ void * __weak module_alloc(unsigned long size)
+@@ -2325,17 +2346,33 @@ void * __weak module_alloc(unsigned long size)
return size == 0 ? NULL : vmalloc_exec(size);
}
@@ -67403,7 +66008,7 @@ index 178333c..04e3408 100644
mutex_unlock(&module_mutex);
}
return ret;
-@@ -2474,8 +2511,14 @@ static struct module *setup_load_info(struct load_info *info)
+@@ -2513,8 +2550,14 @@ static struct module *setup_load_info(struct load_info *info)
static int check_modinfo(struct module *mod, struct load_info *info)
{
const char *modmagic = get_modinfo(info, "vermagic");
@@ -67418,7 +66023,7 @@ index 178333c..04e3408 100644
/* This is allowed: modprobe --force will invalidate it. */
if (!modmagic) {
err = try_to_force_load(mod, "bad vermagic");
-@@ -2498,7 +2541,7 @@ static int check_modinfo(struct module *mod, struct load_info *info)
+@@ -2537,7 +2580,7 @@ static int check_modinfo(struct module *mod, struct load_info *info)
}
/* Set up license info based on the info section */
@@ -67427,7 +66032,7 @@ index 178333c..04e3408 100644
return 0;
}
-@@ -2592,7 +2635,7 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2631,7 +2674,7 @@ static int move_module(struct module *mod, struct load_info *info)
void *ptr;
/* Do the allocs. */
@@ -67436,7 +66041,7 @@ index 178333c..04e3408 100644
/*
* The pointer to this block is stored in the module structure
* which is inside the block. Just mark it as not being a
-@@ -2602,23 +2645,50 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2641,23 +2684,50 @@ static int move_module(struct module *mod, struct load_info *info)
if (!ptr)
return -ENOMEM;
@@ -67494,8 +66099,8 @@ index 178333c..04e3408 100644
+ mod->module_init_rx = ptr;
/* Transfer each section which specifies SHF_ALLOC */
- DEBUGP("final section addresses:\n");
-@@ -2629,16 +2699,45 @@ static int move_module(struct module *mod, struct load_info *info)
+ pr_debug("final section addresses:\n");
+@@ -2668,16 +2738,45 @@ static int move_module(struct module *mod, struct load_info *info)
if (!(shdr->sh_flags & SHF_ALLOC))
continue;
@@ -67545,10 +66150,10 @@ index 178333c..04e3408 100644
+#endif
+
+ shdr->sh_addr = (unsigned long)dest;
- DEBUGP("\t0x%lx %s\n",
- shdr->sh_addr, info->secstrings + shdr->sh_name);
+ pr_debug("\t0x%lx %s\n",
+ (long)shdr->sh_addr, info->secstrings + shdr->sh_name);
}
-@@ -2689,12 +2788,12 @@ static void flush_module_icache(const struct module *mod)
+@@ -2728,12 +2827,12 @@ static void flush_module_icache(const struct module *mod)
* Do it before processing of module parameters, so the module
* can provide parameter accessor functions of its own.
*/
@@ -67567,9 +66172,9 @@ index 178333c..04e3408 100644
set_fs(old_fs);
}
-@@ -2774,8 +2873,10 @@ static void module_deallocate(struct module *mod, struct load_info *info)
+@@ -2803,8 +2902,10 @@ out:
+ static void module_deallocate(struct module *mod, struct load_info *info)
{
- kfree(info->strmap);
percpu_modfree(mod);
- module_free(mod, mod->module_init);
- module_free(mod, mod->module_core);
@@ -67580,7 +66185,7 @@ index 178333c..04e3408 100644
}
int __weak module_finalize(const Elf_Ehdr *hdr,
-@@ -2839,9 +2940,38 @@ static struct module *load_module(void __user *umod,
+@@ -2868,9 +2969,38 @@ static struct module *load_module(void __user *umod,
if (err)
goto free_unload;
@@ -67619,7 +66224,7 @@ index 178333c..04e3408 100644
/* Fix up syms, so that st_value is a pointer to location. */
err = simplify_symbols(mod, &info);
if (err < 0)
-@@ -2857,13 +2987,6 @@ static struct module *load_module(void __user *umod,
+@@ -2886,13 +3016,6 @@ static struct module *load_module(void __user *umod,
flush_module_icache(mod);
@@ -67633,7 +66238,7 @@ index 178333c..04e3408 100644
/* Mark state as coming so strong_try_module_get() ignores us. */
mod->state = MODULE_STATE_COMING;
-@@ -2921,11 +3044,10 @@ static struct module *load_module(void __user *umod,
+@@ -2949,11 +3072,10 @@ static struct module *load_module(void __user *umod,
unlock:
mutex_unlock(&module_mutex);
synchronize_sched();
@@ -67646,7 +66251,7 @@ index 178333c..04e3408 100644
free_unload:
module_unload_free(mod);
free_module:
-@@ -2966,16 +3088,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
+@@ -2994,16 +3116,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
MODULE_STATE_COMING, mod);
/* Set RO and NX regions for core */
@@ -67671,7 +66276,7 @@ index 178333c..04e3408 100644
do_mod_ctors(mod);
/* Start the module */
-@@ -3021,11 +3143,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
+@@ -3049,11 +3171,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
mod->strtab = mod->core_strtab;
#endif
unset_module_init_ro_nx(mod);
@@ -67689,7 +66294,7 @@ index 178333c..04e3408 100644
mutex_unlock(&module_mutex);
return 0;
-@@ -3056,10 +3179,16 @@ static const char *get_ksymbol(struct module *mod,
+@@ -3084,10 +3207,16 @@ static const char *get_ksymbol(struct module *mod,
unsigned long nextval;
/* At worse, next value is at end of module */
@@ -67709,7 +66314,7 @@ index 178333c..04e3408 100644
/* Scan for closest preceding symbol, and next symbol. (ELF
starts real symbols at 1). */
-@@ -3307,7 +3436,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3322,7 +3451,7 @@ static int m_show(struct seq_file *m, void *p)
char buf[8];
seq_printf(m, "%s %u",
@@ -67718,7 +66323,7 @@ index 178333c..04e3408 100644
print_unload_info(m, mod);
/* Informative for users. */
-@@ -3316,7 +3445,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3331,7 +3460,7 @@ static int m_show(struct seq_file *m, void *p)
mod->state == MODULE_STATE_COMING ? "Loading":
"Live");
/* Used by oprofile and other similar tools. */
@@ -67727,7 +66332,7 @@ index 178333c..04e3408 100644
/* Taints info */
if (mod->taints)
-@@ -3352,7 +3481,17 @@ static const struct file_operations proc_modules_operations = {
+@@ -3367,7 +3496,17 @@ static const struct file_operations proc_modules_operations = {
static int __init proc_modules_init(void)
{
@@ -67745,7 +66350,7 @@ index 178333c..04e3408 100644
return 0;
}
module_init(proc_modules_init);
-@@ -3411,12 +3550,12 @@ struct module *__module_address(unsigned long addr)
+@@ -3426,12 +3565,12 @@ struct module *__module_address(unsigned long addr)
{
struct module *mod;
@@ -67761,7 +66366,7 @@ index 178333c..04e3408 100644
return mod;
return NULL;
}
-@@ -3450,11 +3589,20 @@ bool is_module_text_address(unsigned long addr)
+@@ -3465,11 +3604,20 @@ bool is_module_text_address(unsigned long addr)
*/
struct module *__module_text_address(unsigned long addr)
{
@@ -67893,23 +66498,10 @@ index b452599..5d68f4e 100644
atomic_set(&pd->refcnt, 0);
pd->pinst = pinst;
diff --git a/kernel/panic.c b/kernel/panic.c
-index 3458469..342c500 100644
+index 80aed44..f291d37 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
-@@ -78,7 +78,11 @@ NORET_TYPE void panic(const char * fmt, ...)
- va_end(args);
- printk(KERN_EMERG "Kernel panic - not syncing: %s\n",buf);
- #ifdef CONFIG_DEBUG_BUGVERBOSE
-- dump_stack();
-+ /*
-+ * Avoid nested stack-dumping if a panic occurs during oops processing
-+ */
-+ if (!oops_in_progress)
-+ dump_stack();
- #endif
-
- /*
-@@ -382,7 +386,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller,
+@@ -402,7 +402,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller,
const char *board;
printk(KERN_WARNING "------------[ cut here ]------------\n");
@@ -67918,7 +66510,7 @@ index 3458469..342c500 100644
board = dmi_get_system_info(DMI_PRODUCT_NAME);
if (board)
printk(KERN_WARNING "Hardware name: %s\n", board);
-@@ -437,7 +441,8 @@ EXPORT_SYMBOL(warn_slowpath_null);
+@@ -457,7 +457,8 @@ EXPORT_SYMBOL(warn_slowpath_null);
*/
void __stack_chk_fail(void)
{
@@ -67929,7 +66521,7 @@ index 3458469..342c500 100644
}
EXPORT_SYMBOL(__stack_chk_fail);
diff --git a/kernel/pid.c b/kernel/pid.c
-index fa5f722..0c93e57 100644
+index 9f08dfa..6765c40 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -33,6 +33,7 @@
@@ -67949,7 +66541,7 @@ index fa5f722..0c93e57 100644
int pid_max_min = RESERVED_PIDS + 1;
int pid_max_max = PID_MAX_LIMIT;
-@@ -418,10 +419,18 @@ EXPORT_SYMBOL(pid_task);
+@@ -420,10 +421,18 @@ EXPORT_SYMBOL(pid_task);
*/
struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns)
{
@@ -67969,7 +66561,7 @@ index fa5f722..0c93e57 100644
}
struct task_struct *find_task_by_vpid(pid_t vnr)
-@@ -429,6 +438,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr)
+@@ -431,6 +440,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr)
return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns);
}
@@ -67985,7 +66577,7 @@ index fa5f722..0c93e57 100644
{
struct pid *pid;
diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c
-index e7cb76d..75eceb3 100644
+index 125cb67..a4d1c30 100644
--- a/kernel/posix-cpu-timers.c
+++ b/kernel/posix-cpu-timers.c
@@ -6,6 +6,7 @@
@@ -67996,7 +66588,7 @@ index e7cb76d..75eceb3 100644
#include <asm/uaccess.h>
#include <linux/kernel_stat.h>
#include <trace/events/timer.h>
-@@ -1606,14 +1607,14 @@ struct k_clock clock_posix_cpu = {
+@@ -1578,14 +1579,14 @@ struct k_clock clock_posix_cpu = {
static __init int init_posix_cpu_timers(void)
{
@@ -68125,10 +66717,10 @@ index d523593..68197a4 100644
register_sysrq_key('o', &sysrq_poweroff_op);
return 0;
diff --git a/kernel/power/process.c b/kernel/power/process.c
-index 3d4b954..11af930 100644
+index 7e42645..3d43df1 100644
--- a/kernel/power/process.c
+++ b/kernel/power/process.c
-@@ -41,6 +41,7 @@ static int try_to_freeze_tasks(bool sig_only)
+@@ -32,6 +32,7 @@ static int try_to_freeze_tasks(bool user_only)
u64 elapsed_csecs64;
unsigned int elapsed_csecs;
bool wakeup = false;
@@ -68136,7 +66728,7 @@ index 3d4b954..11af930 100644
do_gettimeofday(&start);
-@@ -51,6 +52,8 @@ static int try_to_freeze_tasks(bool sig_only)
+@@ -42,6 +43,8 @@ static int try_to_freeze_tasks(bool user_only)
while (true) {
todo = 0;
@@ -68144,8 +66736,8 @@ index 3d4b954..11af930 100644
+ timedout = true;
read_lock(&tasklist_lock);
do_each_thread(g, p) {
- if (frozen(p) || !freezable(p))
-@@ -71,9 +74,13 @@ static int try_to_freeze_tasks(bool sig_only)
+ if (p == current || !freeze_task(p))
+@@ -59,9 +62,13 @@ static int try_to_freeze_tasks(bool user_only)
* try_to_stop() after schedule() in ptrace/signal
* stop sees TIF_FREEZE.
*/
@@ -68161,7 +66753,7 @@ index 3d4b954..11af930 100644
} while_each_thread(g, p);
read_unlock(&tasklist_lock);
-@@ -82,7 +89,7 @@ static int try_to_freeze_tasks(bool sig_only)
+@@ -70,7 +77,7 @@ static int try_to_freeze_tasks(bool user_only)
todo += wq_busy;
}
@@ -68171,7 +66763,7 @@ index 3d4b954..11af930 100644
if (pm_wakeup_pending()) {
diff --git a/kernel/printk.c b/kernel/printk.c
-index 7982a0a..2095fdc 100644
+index 32690a0..cd7c798 100644
--- a/kernel/printk.c
+++ b/kernel/printk.c
@@ -313,6 +313,11 @@ static int check_syslog_permissions(int type, bool from_file)
@@ -68248,82 +66840,19 @@ index 76b8e77..a2930e8 100644
}
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
-index 78ab24a..332c915 100644
+index 00ab2ca..d237f61 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
-@@ -172,7 +172,8 @@ int ptrace_check_attach(struct task_struct *child, bool ignore_state)
- return ret;
- }
-
--int __ptrace_may_access(struct task_struct *task, unsigned int mode)
-+static int __ptrace_may_access(struct task_struct *task, unsigned int mode,
-+ unsigned int log)
- {
- const struct cred *cred = current_cred(), *tcred;
-
-@@ -198,7 +199,8 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
- cred->gid == tcred->sgid &&
- cred->gid == tcred->gid))
- goto ok;
-- if (ns_capable(tcred->user->user_ns, CAP_SYS_PTRACE))
-+ if ((!log && ns_capable_nolog(tcred->user->user_ns, CAP_SYS_PTRACE)) ||
-+ (log && ns_capable(tcred->user->user_ns, CAP_SYS_PTRACE)))
- goto ok;
- rcu_read_unlock();
- return -EPERM;
-@@ -207,7 +209,9 @@ ok:
- smp_rmb();
- if (task->mm)
- dumpable = get_dumpable(task->mm);
-- if (!dumpable && !task_ns_capable(task, CAP_SYS_PTRACE))
-+ if (!dumpable &&
-+ ((!log && !task_ns_capable_nolog(task, CAP_SYS_PTRACE)) ||
-+ (log && !task_ns_capable(task, CAP_SYS_PTRACE))))
- return -EPERM;
-
- return security_ptrace_access_check(task, mode);
-@@ -217,7 +221,21 @@ bool ptrace_may_access(struct task_struct *task, unsigned int mode)
- {
- int err;
- task_lock(task);
-- err = __ptrace_may_access(task, mode);
-+ err = __ptrace_may_access(task, mode, 0);
-+ task_unlock(task);
-+ return !err;
-+}
-+
-+bool ptrace_may_access_nolock(struct task_struct *task, unsigned int mode)
-+{
-+ return __ptrace_may_access(task, mode, 0);
-+}
-+
-+bool ptrace_may_access_log(struct task_struct *task, unsigned int mode)
-+{
-+ int err;
-+ task_lock(task);
-+ err = __ptrace_may_access(task, mode, 1);
- task_unlock(task);
- return !err;
- }
-@@ -262,7 +280,7 @@ static int ptrace_attach(struct task_struct *task, long request,
- goto out;
-
- task_lock(task);
-- retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH);
-+ retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH, 1);
- task_unlock(task);
- if (retval)
- goto unlock_creds;
-@@ -277,7 +295,7 @@ static int ptrace_attach(struct task_struct *task, long request,
+@@ -285,7 +285,7 @@ static int ptrace_attach(struct task_struct *task, long request,
task->ptrace = PT_PTRACED;
if (seize)
task->ptrace |= PT_SEIZED;
-- if (task_ns_capable(task, CAP_SYS_PTRACE))
-+ if (task_ns_capable_nolog(task, CAP_SYS_PTRACE))
+- if (ns_capable(task_user_ns(task), CAP_SYS_PTRACE))
++ if (ns_capable_nolog(task_user_ns(task), CAP_SYS_PTRACE))
task->ptrace |= PT_PTRACE_CAP;
__ptrace_link(task, current);
-@@ -483,7 +501,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
+@@ -491,7 +491,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
break;
return -EIO;
}
@@ -68332,7 +66861,7 @@ index 78ab24a..332c915 100644
return -EFAULT;
copied += retval;
src += retval;
-@@ -680,7 +698,7 @@ int ptrace_request(struct task_struct *child, long request,
+@@ -688,7 +688,7 @@ int ptrace_request(struct task_struct *child, long request,
bool seized = child->ptrace & PT_SEIZED;
int ret = -EIO;
siginfo_t siginfo, *si;
@@ -68341,7 +66870,7 @@ index 78ab24a..332c915 100644
unsigned long __user *datalp = datavp;
unsigned long flags;
-@@ -882,14 +900,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
+@@ -890,14 +890,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
goto out;
}
@@ -68364,7 +66893,7 @@ index 78ab24a..332c915 100644
goto out_put_task_struct;
}
-@@ -915,7 +940,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
+@@ -923,7 +930,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0);
if (copied != sizeof(tmp))
return -EIO;
@@ -68373,7 +66902,7 @@ index 78ab24a..332c915 100644
}
int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr,
-@@ -1025,14 +1050,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
+@@ -1033,14 +1040,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
goto out;
}
@@ -68397,7 +66926,7 @@ index 78ab24a..332c915 100644
}
diff --git a/kernel/rcutiny.c b/kernel/rcutiny.c
-index 636af6d..8af70ab 100644
+index 977296d..c4744dc 100644
--- a/kernel/rcutiny.c
+++ b/kernel/rcutiny.c
@@ -46,7 +46,7 @@
@@ -68409,8 +66938,8 @@ index 636af6d..8af70ab 100644
static void __call_rcu(struct rcu_head *head,
void (*func)(struct rcu_head *rcu),
struct rcu_ctrlblk *rcp);
-@@ -186,7 +186,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp)
- RCU_TRACE(trace_rcu_batch_end(rcp->name, cb_count));
+@@ -297,7 +297,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp)
+ rcu_is_callbacks_kthread()));
}
-static void rcu_process_callbacks(struct softirq_action *unused)
@@ -68418,11 +66947,24 @@ index 636af6d..8af70ab 100644
{
__rcu_process_callbacks(&rcu_sched_ctrlblk);
__rcu_process_callbacks(&rcu_bh_ctrlblk);
+diff --git a/kernel/rcutiny_plugin.h b/kernel/rcutiny_plugin.h
+index 9cb1ae4..aac7d3e 100644
+--- a/kernel/rcutiny_plugin.h
++++ b/kernel/rcutiny_plugin.h
+@@ -920,7 +920,7 @@ static int rcu_kthread(void *arg)
+ have_rcu_kthread_work = morework;
+ local_irq_restore(flags);
+ if (work)
+- rcu_process_callbacks(NULL);
++ rcu_process_callbacks();
+ schedule_timeout_interruptible(1); /* Leave CPU for others. */
+ }
+
diff --git a/kernel/rcutorture.c b/kernel/rcutorture.c
-index 764825c..3aa6ac4 100644
+index a58ac28..196a3d8 100644
--- a/kernel/rcutorture.c
+++ b/kernel/rcutorture.c
-@@ -138,12 +138,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count) =
+@@ -148,12 +148,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count) =
{ 0 };
static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_batch) =
{ 0 };
@@ -68441,7 +66983,7 @@ index 764825c..3aa6ac4 100644
static long n_rcu_torture_boost_ktrerror;
static long n_rcu_torture_boost_rterror;
static long n_rcu_torture_boost_failure;
-@@ -223,11 +223,11 @@ rcu_torture_alloc(void)
+@@ -243,11 +243,11 @@ rcu_torture_alloc(void)
spin_lock_bh(&rcu_torture_lock);
if (list_empty(&rcu_torture_freelist)) {
@@ -68455,7 +66997,7 @@ index 764825c..3aa6ac4 100644
p = rcu_torture_freelist.next;
list_del_init(p);
spin_unlock_bh(&rcu_torture_lock);
-@@ -240,7 +240,7 @@ rcu_torture_alloc(void)
+@@ -260,7 +260,7 @@ rcu_torture_alloc(void)
static void
rcu_torture_free(struct rcu_torture *p)
{
@@ -68464,7 +67006,7 @@ index 764825c..3aa6ac4 100644
spin_lock_bh(&rcu_torture_lock);
list_add_tail(&p->rtort_free, &rcu_torture_freelist);
spin_unlock_bh(&rcu_torture_lock);
-@@ -360,7 +360,7 @@ rcu_torture_cb(struct rcu_head *p)
+@@ -380,7 +380,7 @@ rcu_torture_cb(struct rcu_head *p)
i = rp->rtort_pipe_count;
if (i > RCU_TORTURE_PIPE_LEN)
i = RCU_TORTURE_PIPE_LEN;
@@ -68473,7 +67015,7 @@ index 764825c..3aa6ac4 100644
if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) {
rp->rtort_mbtest = 0;
rcu_torture_free(rp);
-@@ -407,7 +407,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p)
+@@ -427,7 +427,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p)
i = rp->rtort_pipe_count;
if (i > RCU_TORTURE_PIPE_LEN)
i = RCU_TORTURE_PIPE_LEN;
@@ -68482,7 +67024,7 @@ index 764825c..3aa6ac4 100644
if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) {
rp->rtort_mbtest = 0;
list_del(&rp->rtort_free);
-@@ -872,7 +872,7 @@ rcu_torture_writer(void *arg)
+@@ -916,7 +916,7 @@ rcu_torture_writer(void *arg)
i = old_rp->rtort_pipe_count;
if (i > RCU_TORTURE_PIPE_LEN)
i = RCU_TORTURE_PIPE_LEN;
@@ -68491,7 +67033,7 @@ index 764825c..3aa6ac4 100644
old_rp->rtort_pipe_count++;
cur_ops->deferred_free(old_rp);
}
-@@ -940,7 +940,7 @@ static void rcu_torture_timer(unsigned long unused)
+@@ -997,7 +997,7 @@ static void rcu_torture_timer(unsigned long unused)
return;
}
if (p->rtort_mbtest == 0)
@@ -68500,7 +67042,7 @@ index 764825c..3aa6ac4 100644
spin_lock(&rand_lock);
cur_ops->read_delay(&rand);
n_rcu_torture_timers++;
-@@ -1001,7 +1001,7 @@ rcu_torture_reader(void *arg)
+@@ -1061,7 +1061,7 @@ rcu_torture_reader(void *arg)
continue;
}
if (p->rtort_mbtest == 0)
@@ -68509,7 +67051,7 @@ index 764825c..3aa6ac4 100644
cur_ops->read_delay(&rand);
preempt_disable();
pipe_count = p->rtort_pipe_count;
-@@ -1060,16 +1060,16 @@ rcu_torture_printk(char *page)
+@@ -1123,10 +1123,10 @@ rcu_torture_printk(char *page)
rcu_torture_current,
rcu_torture_current_version,
list_empty(&rcu_torture_freelist),
@@ -68524,14 +67066,16 @@ index 764825c..3aa6ac4 100644
n_rcu_torture_boost_ktrerror,
n_rcu_torture_boost_rterror,
n_rcu_torture_boost_failure,
- n_rcu_torture_boosts,
- n_rcu_torture_timers);
+@@ -1136,7 +1136,7 @@ rcu_torture_printk(char *page)
+ n_online_attempts,
+ n_offline_successes,
+ n_offline_attempts);
- if (atomic_read(&n_rcu_torture_mberror) != 0 ||
+ if (atomic_read_unchecked(&n_rcu_torture_mberror) != 0 ||
n_rcu_torture_boost_ktrerror != 0 ||
n_rcu_torture_boost_rterror != 0 ||
n_rcu_torture_boost_failure != 0)
-@@ -1077,7 +1077,7 @@ rcu_torture_printk(char *page)
+@@ -1144,7 +1144,7 @@ rcu_torture_printk(char *page)
cnt += sprintf(&page[cnt], "\n%s%s ", torture_type, TORTURE_FLAG);
if (i > 1) {
cnt += sprintf(&page[cnt], "!!! ");
@@ -68540,7 +67084,7 @@ index 764825c..3aa6ac4 100644
WARN_ON_ONCE(1);
}
cnt += sprintf(&page[cnt], "Reader Pipe: ");
-@@ -1091,7 +1091,7 @@ rcu_torture_printk(char *page)
+@@ -1158,7 +1158,7 @@ rcu_torture_printk(char *page)
cnt += sprintf(&page[cnt], "Free-Block Circulation: ");
for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
cnt += sprintf(&page[cnt], " %d",
@@ -68549,7 +67093,7 @@ index 764825c..3aa6ac4 100644
}
cnt += sprintf(&page[cnt], "\n");
if (cur_ops->stats)
-@@ -1401,7 +1401,7 @@ rcu_torture_cleanup(void)
+@@ -1600,7 +1600,7 @@ rcu_torture_cleanup(void)
if (cur_ops->cleanup)
cur_ops->cleanup();
@@ -68558,7 +67102,7 @@ index 764825c..3aa6ac4 100644
rcu_torture_print_module_parms(cur_ops, "End of test: FAILURE");
else
rcu_torture_print_module_parms(cur_ops, "End of test: SUCCESS");
-@@ -1465,17 +1465,17 @@ rcu_torture_init(void)
+@@ -1664,17 +1664,17 @@ rcu_torture_init(void)
rcu_torture_current = NULL;
rcu_torture_current_version = 0;
@@ -68583,11 +67127,11 @@ index 764825c..3aa6ac4 100644
for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
per_cpu(rcu_torture_count, cpu)[i] = 0;
diff --git a/kernel/rcutree.c b/kernel/rcutree.c
-index 6b76d81..7afc1b3 100644
+index 6c4a672..70f3202 100644
--- a/kernel/rcutree.c
+++ b/kernel/rcutree.c
-@@ -367,9 +367,9 @@ void rcu_enter_nohz(void)
- trace_rcu_dyntick("Start");
+@@ -363,9 +363,9 @@ static void rcu_idle_enter_common(struct rcu_dynticks *rdtp, long long oldval)
+ rcu_prepare_for_idle(smp_processor_id());
/* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */
smp_mb__before_atomic_inc(); /* See above. */
- atomic_inc(&rdtp->dynticks);
@@ -68595,12 +67139,12 @@ index 6b76d81..7afc1b3 100644
smp_mb__after_atomic_inc(); /* Force ordering with next sojourn. */
- WARN_ON_ONCE(atomic_read(&rdtp->dynticks) & 0x1);
+ WARN_ON_ONCE(atomic_read_unchecked(&rdtp->dynticks) & 0x1);
- local_irq_restore(flags);
}
-@@ -391,10 +391,10 @@ void rcu_exit_nohz(void)
- return;
- }
+ /**
+@@ -438,10 +438,10 @@ void rcu_irq_exit(void)
+ static void rcu_idle_exit_common(struct rcu_dynticks *rdtp, long long oldval)
+ {
smp_mb__before_atomic_inc(); /* Force ordering w/previous sojourn. */
- atomic_inc(&rdtp->dynticks);
+ atomic_inc_unchecked(&rdtp->dynticks);
@@ -68608,10 +67152,10 @@ index 6b76d81..7afc1b3 100644
smp_mb__after_atomic_inc(); /* See above. */
- WARN_ON_ONCE(!(atomic_read(&rdtp->dynticks) & 0x1));
+ WARN_ON_ONCE(!(atomic_read_unchecked(&rdtp->dynticks) & 0x1));
- trace_rcu_dyntick("End");
- local_irq_restore(flags);
- }
-@@ -411,14 +411,14 @@ void rcu_nmi_enter(void)
+ rcu_cleanup_after_idle(smp_processor_id());
+ trace_rcu_dyntick("End", oldval, rdtp->dynticks_nesting);
+ if (!is_idle_task(current)) {
+@@ -531,14 +531,14 @@ void rcu_nmi_enter(void)
struct rcu_dynticks *rdtp = &__get_cpu_var(rcu_dynticks);
if (rdtp->dynticks_nmi_nesting == 0 &&
@@ -68629,7 +67173,7 @@ index 6b76d81..7afc1b3 100644
}
/**
-@@ -437,9 +437,9 @@ void rcu_nmi_exit(void)
+@@ -557,9 +557,9 @@ void rcu_nmi_exit(void)
return;
/* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */
smp_mb__before_atomic_inc(); /* See above. */
@@ -68640,17 +67184,26 @@ index 6b76d81..7afc1b3 100644
+ WARN_ON_ONCE(atomic_read_unchecked(&rdtp->dynticks) & 0x1);
}
- /**
-@@ -474,7 +474,7 @@ void rcu_irq_exit(void)
+ #ifdef CONFIG_PROVE_RCU
+@@ -575,7 +575,7 @@ int rcu_is_cpu_idle(void)
+ int ret;
+
+ preempt_disable();
+- ret = (atomic_read(&__get_cpu_var(rcu_dynticks).dynticks) & 0x1) == 0;
++ ret = (atomic_read_unchecked(&__get_cpu_var(rcu_dynticks).dynticks) & 0x1) == 0;
+ preempt_enable();
+ return ret;
+ }
+@@ -604,7 +604,7 @@ int rcu_is_cpu_rrupt_from_idle(void)
*/
static int dyntick_save_progress_counter(struct rcu_data *rdp)
{
- rdp->dynticks_snap = atomic_add_return(0, &rdp->dynticks->dynticks);
+ rdp->dynticks_snap = atomic_add_return_unchecked(0, &rdp->dynticks->dynticks);
- return 0;
+ return (rdp->dynticks_snap & 0x1) == 0;
}
-@@ -489,7 +489,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp)
+@@ -619,7 +619,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp)
unsigned int curr;
unsigned int snap;
@@ -68659,7 +67212,7 @@ index 6b76d81..7afc1b3 100644
snap = (unsigned int)rdp->dynticks_snap;
/*
-@@ -1552,7 +1552,7 @@ __rcu_process_callbacks(struct rcu_state *rsp, struct rcu_data *rdp)
+@@ -1667,7 +1667,7 @@ __rcu_process_callbacks(struct rcu_state *rsp, struct rcu_data *rdp)
/*
* Do RCU core processing for the current CPU.
*/
@@ -68668,24 +67221,44 @@ index 6b76d81..7afc1b3 100644
{
trace_rcu_utilization("Start RCU core");
__rcu_process_callbacks(&rcu_sched_state,
+@@ -2030,7 +2030,7 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp)
+ rdp->qlen = 0;
+ rdp->dynticks = &per_cpu(rcu_dynticks, cpu);
+ WARN_ON_ONCE(rdp->dynticks->dynticks_nesting != DYNTICK_TASK_NESTING);
+- WARN_ON_ONCE(atomic_read(&rdp->dynticks->dynticks) != 1);
++ WARN_ON_ONCE(atomic_read_unchecked(&rdp->dynticks->dynticks) != 1);
+ rdp->cpu = cpu;
+ rdp->rsp = rsp;
+ raw_spin_unlock_irqrestore(&rnp->lock, flags);
+@@ -2058,8 +2058,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible)
+ rdp->n_force_qs_snap = rsp->n_force_qs;
+ rdp->blimit = blimit;
+ rdp->dynticks->dynticks_nesting = DYNTICK_TASK_NESTING;
+- atomic_set(&rdp->dynticks->dynticks,
+- (atomic_read(&rdp->dynticks->dynticks) & ~0x1) + 1);
++ atomic_set_unchecked(&rdp->dynticks->dynticks,
++ (atomic_read_unchecked(&rdp->dynticks->dynticks) & ~0x1) + 1);
+ rcu_prepare_for_idle_init(cpu);
+ raw_spin_unlock(&rnp->lock); /* irqs remain disabled. */
+
diff --git a/kernel/rcutree.h b/kernel/rcutree.h
-index 849ce9e..74bc9de 100644
+index fddff92..2c08359 100644
--- a/kernel/rcutree.h
+++ b/kernel/rcutree.h
-@@ -86,7 +86,7 @@
- struct rcu_dynticks {
- int dynticks_nesting; /* Track irq/process nesting level. */
- int dynticks_nmi_nesting; /* Track NMI nesting level. */
-- atomic_t dynticks; /* Even value for dynticks-idle, else odd. */
-+ atomic_unchecked_t dynticks; /* Even value for dynticks-idle, else odd. */
+@@ -87,7 +87,7 @@ struct rcu_dynticks {
+ long long dynticks_nesting; /* Track irq/process nesting level. */
+ /* Process level is worth LLONG_MAX/2. */
+ int dynticks_nmi_nesting; /* Track NMI nesting level. */
+- atomic_t dynticks; /* Even value for idle, else odd. */
++ atomic_unchecked_t dynticks;/* Even value for idle, else odd. */
};
/* RCU's kthread states for tracing. */
diff --git a/kernel/rcutree_plugin.h b/kernel/rcutree_plugin.h
-index 4b9b9f8..2326053 100644
+index 8bb35d7..6ea0a463 100644
--- a/kernel/rcutree_plugin.h
+++ b/kernel/rcutree_plugin.h
-@@ -842,7 +842,7 @@ void synchronize_rcu_expedited(void)
+@@ -850,7 +850,7 @@ void synchronize_rcu_expedited(void)
/* Clean up and exit. */
smp_mb(); /* ensure expedited GP seen before counter increment. */
@@ -68694,7 +67267,7 @@ index 4b9b9f8..2326053 100644
unlock_mb_ret:
mutex_unlock(&sync_rcu_preempt_exp_mutex);
mb_ret:
-@@ -1815,8 +1815,8 @@ EXPORT_SYMBOL_GPL(synchronize_sched_expedited);
+@@ -1833,8 +1833,8 @@ EXPORT_SYMBOL_GPL(synchronize_sched_expedited);
#else /* #ifndef CONFIG_SMP */
@@ -68705,7 +67278,7 @@ index 4b9b9f8..2326053 100644
static int synchronize_sched_expedited_cpu_stop(void *data)
{
-@@ -1871,7 +1871,7 @@ void synchronize_sched_expedited(void)
+@@ -1889,7 +1889,7 @@ void synchronize_sched_expedited(void)
int firstsnap, s, snap, trycount = 0;
/* Note that atomic_inc_return() implies full memory barrier. */
@@ -68714,7 +67287,7 @@ index 4b9b9f8..2326053 100644
get_online_cpus();
/*
-@@ -1892,7 +1892,7 @@ void synchronize_sched_expedited(void)
+@@ -1910,7 +1910,7 @@ void synchronize_sched_expedited(void)
}
/* Check to see if someone else did our work for us. */
@@ -68723,16 +67296,16 @@ index 4b9b9f8..2326053 100644
if (UINT_CMP_GE((unsigned)s, (unsigned)firstsnap)) {
smp_mb(); /* ensure test happens before caller kfree */
return;
-@@ -1907,7 +1907,7 @@ void synchronize_sched_expedited(void)
+@@ -1925,7 +1925,7 @@ void synchronize_sched_expedited(void)
* grace period works for us.
*/
get_online_cpus();
-- snap = atomic_read(&sync_sched_expedited_started) - 1;
-+ snap = atomic_read_unchecked(&sync_sched_expedited_started) - 1;
+- snap = atomic_read(&sync_sched_expedited_started);
++ snap = atomic_read_unchecked(&sync_sched_expedited_started);
smp_mb(); /* ensure read is before try_stop_cpus(). */
}
-@@ -1918,12 +1918,12 @@ void synchronize_sched_expedited(void)
+@@ -1936,12 +1936,12 @@ void synchronize_sched_expedited(void)
* than we did beat us to the punch.
*/
do {
@@ -68747,32 +67320,23 @@ index 4b9b9f8..2326053 100644
put_online_cpus();
}
-@@ -1985,7 +1985,7 @@ int rcu_needs_cpu(int cpu)
- for_each_online_cpu(thatcpu) {
- if (thatcpu == cpu)
- continue;
-- snap = atomic_add_return(0, &per_cpu(rcu_dynticks,
-+ snap = atomic_add_return_unchecked(0, &per_cpu(rcu_dynticks,
- thatcpu).dynticks);
- smp_mb(); /* Order sampling of snap with end of grace period. */
- if ((snap & 0x1) != 0) {
diff --git a/kernel/rcutree_trace.c b/kernel/rcutree_trace.c
-index 9feffa4..54058df 100644
+index 654cfe6..c0b28e2 100644
--- a/kernel/rcutree_trace.c
+++ b/kernel/rcutree_trace.c
-@@ -69,7 +69,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp)
+@@ -68,7 +68,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp)
+ rdp->passed_quiesce, rdp->passed_quiesce_gpnum,
rdp->qs_pending);
- #ifdef CONFIG_NO_HZ
- seq_printf(m, " dt=%d/%d/%d df=%lu",
+ seq_printf(m, " dt=%d/%llx/%d df=%lu",
- atomic_read(&rdp->dynticks->dynticks),
+ atomic_read_unchecked(&rdp->dynticks->dynticks),
rdp->dynticks->dynticks_nesting,
rdp->dynticks->dynticks_nmi_nesting,
rdp->dynticks_fqs);
-@@ -143,7 +143,7 @@ static void print_one_rcu_data_csv(struct seq_file *m, struct rcu_data *rdp)
+@@ -140,7 +140,7 @@ static void print_one_rcu_data_csv(struct seq_file *m, struct rcu_data *rdp)
+ rdp->passed_quiesce, rdp->passed_quiesce_gpnum,
rdp->qs_pending);
- #ifdef CONFIG_NO_HZ
- seq_printf(m, ",%d,%d,%d,%lu",
+ seq_printf(m, ",%d,%llx,%d,%lu",
- atomic_read(&rdp->dynticks->dynticks),
+ atomic_read_unchecked(&rdp->dynticks->dynticks),
rdp->dynticks->dynticks_nesting,
@@ -68802,7 +67366,7 @@ index 7640b3a..5879283 100644
}
__initcall(ioresources_init);
diff --git a/kernel/rtmutex-tester.c b/kernel/rtmutex-tester.c
-index 3d9f31c..7fefc9e 100644
+index 98ec494..4241d6d 100644
--- a/kernel/rtmutex-tester.c
+++ b/kernel/rtmutex-tester.c
@@ -20,7 +20,7 @@
@@ -68895,11 +67459,33 @@ index 3d9f31c..7fefc9e 100644
return;
default:
-diff --git a/kernel/sched.c b/kernel/sched.c
-index d6b149c..896cbb8 100644
---- a/kernel/sched.c
-+++ b/kernel/sched.c
-@@ -4389,6 +4389,19 @@ pick_next_task(struct rq *rq)
+diff --git a/kernel/sched/auto_group.c b/kernel/sched/auto_group.c
+index e8a1f83..363d17d 100644
+--- a/kernel/sched/auto_group.c
++++ b/kernel/sched/auto_group.c
+@@ -11,7 +11,7 @@
+
+ unsigned int __read_mostly sysctl_sched_autogroup_enabled = 1;
+ static struct autogroup autogroup_default;
+-static atomic_t autogroup_seq_nr;
++static atomic_unchecked_t autogroup_seq_nr;
+
+ void __init autogroup_init(struct task_struct *init_task)
+ {
+@@ -78,7 +78,7 @@ static inline struct autogroup *autogroup_create(void)
+
+ kref_init(&ag->kref);
+ init_rwsem(&ag->lock);
+- ag->id = atomic_inc_return(&autogroup_seq_nr);
++ ag->id = atomic_inc_return_unchecked(&autogroup_seq_nr);
+ ag->tg = tg;
+ #ifdef CONFIG_RT_GROUP_SCHED
+ /*
+diff --git a/kernel/sched/core.c b/kernel/sched/core.c
+index b342f57..00324a0 100644
+--- a/kernel/sched/core.c
++++ b/kernel/sched/core.c
+@@ -3143,6 +3143,19 @@ pick_next_task(struct rq *rq)
BUG(); /* the idle class will always have a runnable task */
}
@@ -68919,7 +67505,7 @@ index d6b149c..896cbb8 100644
/*
* __schedule() is the main scheduler function.
*/
-@@ -4408,6 +4421,8 @@ need_resched:
+@@ -3162,6 +3175,8 @@ need_resched:
schedule_debug(prev);
@@ -68928,7 +67514,7 @@ index d6b149c..896cbb8 100644
if (sched_feat(HRTICK))
hrtick_clear(rq);
-@@ -5098,6 +5113,8 @@ int can_nice(const struct task_struct *p, const int nice)
+@@ -3852,6 +3867,8 @@ int can_nice(const struct task_struct *p, const int nice)
/* convert nice value [19,-20] to rlimit style value [1,40] */
int nice_rlim = 20 - nice;
@@ -68937,7 +67523,7 @@ index d6b149c..896cbb8 100644
return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
capable(CAP_SYS_NICE));
}
-@@ -5131,7 +5148,8 @@ SYSCALL_DEFINE1(nice, int, increment)
+@@ -3885,7 +3902,8 @@ SYSCALL_DEFINE1(nice, int, increment)
if (nice > 19)
nice = 19;
@@ -68947,7 +67533,7 @@ index d6b149c..896cbb8 100644
return -EPERM;
retval = security_task_setnice(current, nice);
-@@ -5288,6 +5306,7 @@ recheck:
+@@ -4042,6 +4060,7 @@ recheck:
unsigned long rlim_rtprio =
task_rlimit(p, RLIMIT_RTPRIO);
@@ -68955,33 +67541,11 @@ index d6b149c..896cbb8 100644
/* can't set/change the rt policy */
if (policy != p->policy && !rlim_rtprio)
return -EPERM;
-diff --git a/kernel/sched_autogroup.c b/kernel/sched_autogroup.c
-index 429242f..d7cca82 100644
---- a/kernel/sched_autogroup.c
-+++ b/kernel/sched_autogroup.c
-@@ -7,7 +7,7 @@
-
- unsigned int __read_mostly sysctl_sched_autogroup_enabled = 1;
- static struct autogroup autogroup_default;
--static atomic_t autogroup_seq_nr;
-+static atomic_unchecked_t autogroup_seq_nr;
-
- static void __init autogroup_init(struct task_struct *init_task)
- {
-@@ -78,7 +78,7 @@ static inline struct autogroup *autogroup_create(void)
-
- kref_init(&ag->kref);
- init_rwsem(&ag->lock);
-- ag->id = atomic_inc_return(&autogroup_seq_nr);
-+ ag->id = atomic_inc_return_unchecked(&autogroup_seq_nr);
- ag->tg = tg;
- #ifdef CONFIG_RT_GROUP_SCHED
- /*
-diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c
-index 8a39fa3..34f3dbc 100644
---- a/kernel/sched_fair.c
-+++ b/kernel/sched_fair.c
-@@ -4801,7 +4801,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
+diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
+index aca16b8..8e3acc4 100644
+--- a/kernel/sched/fair.c
++++ b/kernel/sched/fair.c
+@@ -5147,7 +5147,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
* run_rebalance_domains is triggered when needed from the scheduler tick.
* Also triggered for nohz idle balancing (with nohz_balancing_kick set).
*/
@@ -68991,10 +67555,10 @@ index 8a39fa3..34f3dbc 100644
int this_cpu = smp_processor_id();
struct rq *this_rq = cpu_rq(this_cpu);
diff --git a/kernel/signal.c b/kernel/signal.c
-index 2065515..aed2987 100644
+index c73c428..7040057 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
-@@ -45,12 +45,12 @@ static struct kmem_cache *sigqueue_cachep;
+@@ -46,12 +46,12 @@ static struct kmem_cache *sigqueue_cachep;
int print_fatal_signals __read_mostly;
@@ -69009,7 +67573,7 @@ index 2065515..aed2987 100644
{
/* Is it explicitly or implicitly ignored? */
return handler == SIG_IGN ||
-@@ -60,7 +60,7 @@ static int sig_handler_ignored(void __user *handler, int sig)
+@@ -61,7 +61,7 @@ static int sig_handler_ignored(void __user *handler, int sig)
static int sig_task_ignored(struct task_struct *t, int sig,
int from_ancestor_ns)
{
@@ -69018,7 +67582,7 @@ index 2065515..aed2987 100644
handler = sig_handler(t, sig);
-@@ -364,6 +364,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi
+@@ -365,6 +365,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi
atomic_inc(&user->sigpending);
rcu_read_unlock();
@@ -69028,7 +67592,7 @@ index 2065515..aed2987 100644
if (override_rlimit ||
atomic_read(&user->sigpending) <=
task_rlimit(t, RLIMIT_SIGPENDING)) {
-@@ -488,7 +491,7 @@ flush_signal_handlers(struct task_struct *t, int force_default)
+@@ -489,7 +492,7 @@ flush_signal_handlers(struct task_struct *t, int force_default)
int unhandled_signal(struct task_struct *tsk, int sig)
{
@@ -69037,7 +67601,7 @@ index 2065515..aed2987 100644
if (is_global_init(tsk))
return 1;
if (handler != SIG_IGN && handler != SIG_DFL)
-@@ -815,6 +818,13 @@ static int check_kill_permission(int sig, struct siginfo *info,
+@@ -816,6 +819,13 @@ static int check_kill_permission(int sig, struct siginfo *info,
}
}
@@ -69051,7 +67615,7 @@ index 2065515..aed2987 100644
return security_task_kill(t, info, sig, 0);
}
-@@ -1165,7 +1175,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
+@@ -1197,7 +1207,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
return send_signal(sig, info, p, 1);
}
@@ -69060,7 +67624,7 @@ index 2065515..aed2987 100644
specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t)
{
return send_signal(sig, info, t, 0);
-@@ -1202,6 +1212,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
+@@ -1234,6 +1244,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
unsigned long int flags;
int ret, blocked, ignored;
struct k_sigaction *action;
@@ -69068,7 +67632,7 @@ index 2065515..aed2987 100644
spin_lock_irqsave(&t->sighand->siglock, flags);
action = &t->sighand->action[sig-1];
-@@ -1216,9 +1227,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
+@@ -1248,9 +1259,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
}
if (action->sa.sa_handler == SIG_DFL)
t->signal->flags &= ~SIGNAL_UNKILLABLE;
@@ -69087,7 +67651,7 @@ index 2065515..aed2987 100644
return ret;
}
-@@ -1285,8 +1305,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
+@@ -1317,8 +1337,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
ret = check_kill_permission(sig, info, p);
rcu_read_unlock();
@@ -69100,7 +67664,7 @@ index 2065515..aed2987 100644
return ret;
}
-@@ -2754,7 +2777,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
+@@ -2820,7 +2843,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
int error = -ESRCH;
rcu_read_lock();
@@ -69149,7 +67713,7 @@ index db197d6..17aef0b 100644
raw_spin_unlock_irq(&call_function.lock);
}
diff --git a/kernel/softirq.c b/kernel/softirq.c
-index 2c71d91..1021f81 100644
+index 4eb3a0f..6f1fa81 100644
--- a/kernel/softirq.c
+++ b/kernel/softirq.c
@@ -56,7 +56,7 @@ static struct softirq_action softirq_vec[NR_SOFTIRQS] __cacheline_aligned_in_smp
@@ -69203,7 +67767,7 @@ index 2c71d91..1021f81 100644
struct tasklet_struct *list;
diff --git a/kernel/sys.c b/kernel/sys.c
-index 481611f..0754d86 100644
+index 888d227..f04b318 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -158,6 +158,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
@@ -69364,7 +67928,7 @@ index 481611f..0754d86 100644
__OLD_UTS_LEN);
error |= __put_user(0, name->machine + __OLD_UTS_LEN);
up_read(&uts_sem);
-@@ -1720,7 +1759,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
+@@ -1838,7 +1877,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
error = get_dumpable(me->mm);
break;
case PR_SET_DUMPABLE:
@@ -69374,7 +67938,7 @@ index 481611f..0754d86 100644
break;
}
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index ae27196..7506d69 100644
+index f487f25..9056a9e 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -86,6 +86,13 @@
@@ -69474,7 +68038,7 @@ index ae27196..7506d69 100644
{
.procname = "ngroups_max",
.data = &ngroups_max,
-@@ -1216,6 +1258,13 @@ static struct ctl_table vm_table[] = {
+@@ -1225,6 +1267,13 @@ static struct ctl_table vm_table[] = {
.proc_handler = proc_dointvec_minmax,
.extra1 = &zero,
},
@@ -69488,7 +68052,7 @@ index ae27196..7506d69 100644
#else
{
.procname = "nr_trim_pages",
-@@ -1720,6 +1769,17 @@ static int test_perm(int mode, int op)
+@@ -1729,6 +1778,17 @@ static int test_perm(int mode, int op)
int sysctl_perm(struct ctl_table_root *root, struct ctl_table *table, int op)
{
int mode;
@@ -69506,7 +68070,7 @@ index ae27196..7506d69 100644
if (root->permissions)
mode = root->permissions(root, current->nsproxy, table);
-@@ -2124,6 +2184,16 @@ int proc_dostring(struct ctl_table *table, int write,
+@@ -2133,6 +2193,16 @@ int proc_dostring(struct ctl_table *table, int write,
buffer, lenp, ppos);
}
@@ -69523,7 +68087,7 @@ index ae27196..7506d69 100644
static size_t proc_skip_spaces(char **buf)
{
size_t ret;
-@@ -2229,6 +2299,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
+@@ -2238,6 +2308,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
len = strlen(tmp);
if (len > *size)
len = *size;
@@ -69532,7 +68096,7 @@ index ae27196..7506d69 100644
if (copy_to_user(*buf, tmp, len))
return -EFAULT;
*size -= len;
-@@ -2545,8 +2617,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
+@@ -2554,8 +2626,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
*i = val;
} else {
val = convdiv * (*i) / convmul;
@@ -69545,7 +68109,7 @@ index ae27196..7506d69 100644
err = proc_put_long(&buffer, &left, val, false);
if (err)
break;
-@@ -2941,6 +3016,12 @@ int proc_dostring(struct ctl_table *table, int write,
+@@ -2950,6 +3025,12 @@ int proc_dostring(struct ctl_table *table, int write,
return -ENOSYS;
}
@@ -69558,7 +68122,7 @@ index ae27196..7506d69 100644
int proc_dointvec(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
-@@ -2997,6 +3078,7 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
+@@ -3006,6 +3087,7 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
EXPORT_SYMBOL(proc_dointvec_userhz_jiffies);
EXPORT_SYMBOL(proc_dointvec_ms_jiffies);
EXPORT_SYMBOL(proc_dostring);
@@ -69715,7 +68279,7 @@ index fd4a7b1..fae5c2a 100644
cpumask_clear_cpu(cpu, tick_get_broadcast_mask());
tick_broadcast_clear_oneshot(cpu);
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
-index 2378413..be455fd 100644
+index 0c63581..e25dcb6 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -14,6 +14,7 @@
@@ -69853,10 +68417,10 @@ index 0b537f2..9e71eca 100644
return -ENOMEM;
return 0;
diff --git a/kernel/timer.c b/kernel/timer.c
-index 9c3c62b..441690e 100644
+index a297ffc..5e16b0b 100644
--- a/kernel/timer.c
+++ b/kernel/timer.c
-@@ -1304,7 +1304,7 @@ void update_process_times(int user_tick)
+@@ -1354,7 +1354,7 @@ void update_process_times(int user_tick)
/*
* This function runs timers and the timer-tq in bottom half context.
*/
@@ -69866,7 +68430,7 @@ index 9c3c62b..441690e 100644
struct tvec_base *base = __this_cpu_read(tvec_bases);
diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
-index 16fc34a..efd8bb8 100644
+index cdea7b5..9b820d4 100644
--- a/kernel/trace/blktrace.c
+++ b/kernel/trace/blktrace.c
@@ -324,7 +324,7 @@ static ssize_t blk_dropped_read(struct file *filp, char __user *buffer,
@@ -69897,10 +68461,10 @@ index 16fc34a..efd8bb8 100644
ret = -EIO;
bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt,
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
-index 25b4f4d..6f4772d 100644
+index 683d559..d70d914 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
-@@ -1587,12 +1587,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
+@@ -1726,12 +1726,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
if (unlikely(ftrace_disabled))
return 0;
@@ -69920,7 +68484,7 @@ index 25b4f4d..6f4772d 100644
}
/*
-@@ -2608,7 +2613,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp)
+@@ -2843,7 +2848,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp)
int
register_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops,
@@ -69930,10 +68494,10 @@ index 25b4f4d..6f4772d 100644
struct ftrace_func_probe *entry;
struct ftrace_page *pg;
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index f2bd275..adaf3a2 100644
+index a3f1bc5..5e651718 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
-@@ -4201,10 +4201,9 @@ static const struct file_operations tracing_dyn_info_fops = {
+@@ -4254,10 +4254,9 @@ static const struct file_operations tracing_dyn_info_fops = {
};
#endif
@@ -69945,7 +68509,7 @@ index f2bd275..adaf3a2 100644
static int once;
if (d_tracer)
-@@ -4224,10 +4223,9 @@ struct dentry *tracing_init_dentry(void)
+@@ -4277,10 +4276,9 @@ struct dentry *tracing_init_dentry(void)
return d_tracer;
}
@@ -70088,7 +68652,7 @@ index fd3c8aa..5f324a6 100644
}
entry = ring_buffer_event_data(event);
diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c
-index 5199930..26c73a0 100644
+index 0d6ff35..67e0ed7 100644
--- a/kernel/trace/trace_output.c
+++ b/kernel/trace/trace_output.c
@@ -278,7 +278,7 @@ int trace_seq_path(struct trace_seq *s, struct path *path)
@@ -70101,10 +68665,10 @@ index 5199930..26c73a0 100644
s->len = p - s->buffer;
return 1;
diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c
-index 77575b3..6e623d1 100644
+index d4545f4..a9010a1 100644
--- a/kernel/trace/trace_stack.c
+++ b/kernel/trace/trace_stack.c
-@@ -50,7 +50,7 @@ static inline void check_stack(void)
+@@ -53,7 +53,7 @@ static inline void check_stack(void)
return;
/* we do not handle interrupt stacks yet */
@@ -70145,7 +68709,7 @@ index 209b379..7f76423 100644
put_task_struct(tsk);
}
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
-index 82928f5..92da771 100644
+index 8745ac7..d144e37 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -1103,6 +1103,7 @@ config LATENCYTOP
@@ -70197,7 +68761,7 @@ index 0d4a127..33a06c7 100644
}
EXPORT_SYMBOL(bitmap_parselist_user);
diff --git a/lib/bug.c b/lib/bug.c
-index 1955209..cbbb2ad 100644
+index a28c141..2bd3d95 100644
--- a/lib/bug.c
+++ b/lib/bug.c
@@ -133,6 +133,8 @@ enum bug_trap_type report_bug(unsigned long bugaddr, struct pt_regs *regs)
@@ -70210,10 +68774,10 @@ index 1955209..cbbb2ad 100644
file = NULL;
line = 0;
diff --git a/lib/debugobjects.c b/lib/debugobjects.c
-index a78b7c6..2c73084 100644
+index 0ab9ae8..f01ceca 100644
--- a/lib/debugobjects.c
+++ b/lib/debugobjects.c
-@@ -284,7 +284,7 @@ static void debug_object_is_on_stack(void *addr, int onstack)
+@@ -288,7 +288,7 @@ static void debug_object_is_on_stack(void *addr, int onstack)
if (limit > 4)
return;
@@ -70223,7 +68787,7 @@ index a78b7c6..2c73084 100644
return;
diff --git a/lib/devres.c b/lib/devres.c
-index 7c0e953..f642b5c 100644
+index 9676617..5149e15 100644
--- a/lib/devres.c
+++ b/lib/devres.c
@@ -80,7 +80,7 @@ EXPORT_SYMBOL(devm_ioremap_nocache);
@@ -70235,7 +68799,7 @@ index 7c0e953..f642b5c 100644
iounmap(addr);
}
EXPORT_SYMBOL(devm_iounmap);
-@@ -141,7 +141,7 @@ void devm_ioport_unmap(struct device *dev, void __iomem *addr)
+@@ -192,7 +192,7 @@ void devm_ioport_unmap(struct device *dev, void __iomem *addr)
{
ioport_unmap(addr);
WARN_ON(devres_destroy(dev, devm_ioport_map_release,
@@ -70307,24 +68871,11 @@ index bd2bea9..6b3c95e 100644
if (atomic_read(&task->signal->live) != 1)
return false;
-diff --git a/lib/kref.c b/lib/kref.c
-index 3efb882..8492f4c 100644
---- a/lib/kref.c
-+++ b/lib/kref.c
-@@ -52,7 +52,7 @@ void kref_get(struct kref *kref)
- */
- int kref_put(struct kref *kref, void (*release)(struct kref *kref))
- {
-- WARN_ON(release == NULL);
-+ BUG_ON(release == NULL);
- WARN_ON(release == (void (*)(struct kref *))kfree);
-
- if (atomic_dec_and_test(&kref->refcount)) {
diff --git a/lib/radix-tree.c b/lib/radix-tree.c
-index d9df745..e73c2fe 100644
+index dc63d08..95ae14a 100644
--- a/lib/radix-tree.c
+++ b/lib/radix-tree.c
-@@ -80,7 +80,7 @@ struct radix_tree_preload {
+@@ -78,7 +78,7 @@ struct radix_tree_preload {
int nr;
struct radix_tree_node *nodes[RADIX_TREE_MAX_PATH];
};
@@ -70334,7 +68885,7 @@ index d9df745..e73c2fe 100644
static inline void *ptr_to_indirect(void *ptr)
{
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
-index 993599e..f1dbc14 100644
+index 38e612e..4fb99a8 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -16,6 +16,9 @@
@@ -70356,8 +68907,8 @@ index 993599e..f1dbc14 100644
sprint_symbol(sym, value);
else
kallsyms_lookup(value, NULL, NULL, NULL, sym);
-@@ -777,7 +780,11 @@ char *uuid_string(char *buf, char *end, const u8 *addr,
- return string(buf, end, uuid, spec);
+@@ -789,7 +792,11 @@ char *netdev_feature_string(char *buf, char *end, const u8 *addr,
+ return number(buf, end, *(const netdev_features_t *)addr, spec);
}
+#ifdef CONFIG_GRKERNSEC_HIDESYM
@@ -70368,7 +68919,7 @@ index 993599e..f1dbc14 100644
/*
* Show a '%p' thing. A kernel extension is that the '%p' is followed
-@@ -791,6 +798,8 @@ int kptr_restrict __read_mostly;
+@@ -803,6 +810,8 @@ int kptr_restrict __read_mostly;
* - 'S' For symbolic direct pointers with offset
* - 's' For symbolic direct pointers without offset
* - 'B' For backtraced symbolic direct pointers with offset
@@ -70377,7 +68928,7 @@ index 993599e..f1dbc14 100644
* - 'R' For decoded struct resource, e.g., [mem 0x0-0x1f 64bit pref]
* - 'r' For raw struct resource, e.g., [mem 0x0-0x1f flags 0x201]
* - 'M' For a 6-byte MAC address, it prints the address in the
-@@ -835,12 +844,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+@@ -848,12 +857,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
{
if (!ptr && *fmt != 'K') {
/*
@@ -70392,7 +68943,7 @@ index 993599e..f1dbc14 100644
}
switch (*fmt) {
-@@ -850,6 +859,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+@@ -863,6 +872,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
/* Fallthrough */
case 'S':
case 's':
@@ -70406,26 +68957,7 @@ index 993599e..f1dbc14 100644
case 'B':
return symbol_string(buf, end, ptr, spec, *fmt);
case 'R':
-@@ -878,9 +894,15 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
- case 'U':
- return uuid_string(buf, end, ptr, spec, fmt);
- case 'V':
-- return buf + vsnprintf(buf, end > buf ? end - buf : 0,
-- ((struct va_format *)ptr)->fmt,
-- *(((struct va_format *)ptr)->va));
-+ {
-+ va_list va;
-+
-+ va_copy(va, *((struct va_format *)ptr)->va);
-+ buf += vsnprintf(buf, end > buf ? end - buf : 0,
-+ ((struct va_format *)ptr)->fmt, va);
-+ va_end(va);
-+ return buf;
-+ }
- case 'K':
- /*
- * %pK cannot be used in IRQ context because its test
-@@ -1608,11 +1630,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
+@@ -1633,11 +1649,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
typeof(type) value; \
if (sizeof(type) == 8) { \
args = PTR_ALIGN(args, sizeof(u32)); \
@@ -70440,7 +68972,7 @@ index 993599e..f1dbc14 100644
} \
args += sizeof(type); \
value; \
-@@ -1675,7 +1697,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
+@@ -1700,7 +1716,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
case FORMAT_TYPE_STR: {
const char *str_arg = args;
args += strlen(str_arg) + 1;
@@ -70457,10 +68989,10 @@ index 0000000..7cd6065
@@ -0,0 +1 @@
+-grsec
diff --git a/mm/Kconfig b/mm/Kconfig
-index 011b110..b492af2 100644
+index e338407..49b5b7a 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
-@@ -241,10 +241,10 @@ config KSM
+@@ -247,10 +247,10 @@ config KSM
root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set).
config DEFAULT_MMAP_MIN_ADDR
@@ -70475,7 +69007,7 @@ index 011b110..b492af2 100644
from userspace allocation. Keeping a user from writing to low pages
can help reduce the impact of kernel NULL pointer bugs.
diff --git a/mm/filemap.c b/mm/filemap.c
-index 03c5b0e..a01e793 100644
+index b662757..3081ddd 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -1770,7 +1770,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
@@ -70541,10 +69073,10 @@ index 57d82c6..e9e0552 100644
set_page_address(page, (void *)vaddr);
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
-index 8f005e9..1cb1036 100644
+index 8f7fc39..69bf1e9 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
-@@ -704,7 +704,7 @@ out:
+@@ -733,7 +733,7 @@ out:
* run pte_offset_map on the pmd, if an huge pmd could
* materialize from under us from a different thread.
*/
@@ -70554,10 +69086,10 @@ index 8f005e9..1cb1036 100644
/* if an huge pmd materialized from under us just retry later */
if (unlikely(pmd_trans_huge(*pmd)))
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index 2316840..b418671 100644
+index a876871..132cde0 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
-@@ -2347,6 +2347,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2346,6 +2346,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
return 1;
}
@@ -70584,8 +69116,8 @@ index 2316840..b418671 100644
+
/*
* Hugetlb_cow() should be called with page lock of the original hugepage held.
- */
-@@ -2450,6 +2471,11 @@ retry_avoidcopy:
+ * Called with hugetlb_instantiation_mutex held and pte_page locked so we
+@@ -2459,6 +2480,11 @@ retry_avoidcopy:
make_huge_pte(vma, new_page, 1));
page_remove_rmap(old_page);
hugepage_add_new_anon_rmap(new_page, vma, address);
@@ -70597,7 +69129,7 @@ index 2316840..b418671 100644
/* Make the old page be freed below */
new_page = old_page;
mmu_notifier_invalidate_range_end(mm,
-@@ -2601,6 +2627,10 @@ retry:
+@@ -2613,6 +2639,10 @@ retry:
&& (vma->vm_flags & VM_SHARED)));
set_huge_pte_at(mm, address, ptep, new_pte);
@@ -70608,7 +69140,7 @@ index 2316840..b418671 100644
if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
/* Optimization, do the COW without a second fault */
ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page);
-@@ -2630,6 +2660,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2642,6 +2672,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
static DEFINE_MUTEX(hugetlb_instantiation_mutex);
struct hstate *h = hstate_vma(vma);
@@ -70616,10 +69148,10 @@ index 2316840..b418671 100644
+ struct vm_area_struct *vma_m;
+#endif
+
+ address &= huge_page_mask(h);
+
ptep = huge_pte_offset(mm, address);
- if (ptep) {
- entry = huge_ptep_get(ptep);
-@@ -2641,6 +2675,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2655,6 +2689,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
VM_FAULT_SET_HINDEX(h - hstates);
}
@@ -70659,10 +69191,10 @@ index 2189af4..f2ca332 100644
#ifdef CONFIG_MEMORY_FAILURE
extern bool is_free_buddy_page(struct page *page);
diff --git a/mm/kmemleak.c b/mm/kmemleak.c
-index f3b2a00..61da94d 100644
+index 45eb621..6ccd8ea 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
-@@ -357,7 +357,7 @@ static void print_unreferenced(struct seq_file *seq,
+@@ -363,7 +363,7 @@ static void print_unreferenced(struct seq_file *seq,
for (i = 0; i < object->trace_len; i++) {
void *ptr = (void *)object->trace[i];
@@ -70774,7 +69306,7 @@ index 74bf193..feb6fd3 100644
if (end == start)
goto out;
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index 06d3479..0778eef 100644
+index 56080ea..115071e 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -70859,7 +69391,7 @@ index 06d3479..0778eef 100644
/* keep elevated page count for bad page */
return ret;
diff --git a/mm/memory.c b/mm/memory.c
-index 829d437..3d3926a 100644
+index fa2f04e..a8a40c8 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -457,8 +457,12 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
@@ -70888,7 +69420,7 @@ index 829d437..3d3926a 100644
}
/*
-@@ -1566,12 +1573,6 @@ no_page_table:
+@@ -1585,12 +1592,6 @@ no_page_table:
return page;
}
@@ -70901,7 +69433,7 @@ index 829d437..3d3926a 100644
/**
* __get_user_pages() - pin user pages in memory
* @tsk: task_struct of target task
-@@ -1644,10 +1645,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1663,10 +1664,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
(VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE);
i = 0;
@@ -70914,7 +69446,7 @@ index 829d437..3d3926a 100644
if (!vma && in_gate_area(mm, start)) {
unsigned long pg = start & PAGE_MASK;
pgd_t *pgd;
-@@ -1695,7 +1696,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1714,7 +1715,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
goto next_page;
}
@@ -70923,7 +69455,7 @@ index 829d437..3d3926a 100644
(vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
!(vm_flags & vma->vm_flags))
return i ? : -EFAULT;
-@@ -1722,11 +1723,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1741,11 +1742,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
int ret;
unsigned int fault_flags = 0;
@@ -70935,7 +69467,7 @@ index 829d437..3d3926a 100644
if (foll_flags & FOLL_WRITE)
fault_flags |= FAULT_FLAG_WRITE;
if (nonblocking)
-@@ -1800,7 +1796,7 @@ next_page:
+@@ -1819,7 +1815,7 @@ next_page:
start += PAGE_SIZE;
nr_pages--;
} while (nr_pages && start < vma->vm_end);
@@ -70944,7 +69476,7 @@ index 829d437..3d3926a 100644
return i;
}
EXPORT_SYMBOL(__get_user_pages);
-@@ -2007,6 +2003,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -2026,6 +2022,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
page_add_file_rmap(page);
set_pte_at(mm, addr, pte, mk_pte(page, prot));
@@ -70955,7 +69487,7 @@ index 829d437..3d3926a 100644
retval = 0;
pte_unmap_unlock(pte, ptl);
return retval;
-@@ -2041,10 +2041,22 @@ out:
+@@ -2060,10 +2060,22 @@ out:
int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
struct page *page)
{
@@ -70978,7 +69510,7 @@ index 829d437..3d3926a 100644
vma->vm_flags |= VM_INSERTPAGE;
return insert_page(vma, addr, page, vma->vm_page_prot);
}
-@@ -2130,6 +2142,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
+@@ -2149,6 +2161,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
unsigned long pfn)
{
BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
@@ -70986,7 +69518,7 @@ index 829d437..3d3926a 100644
if (addr < vma->vm_start || addr >= vma->vm_end)
return -EFAULT;
-@@ -2445,6 +2458,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
+@@ -2464,6 +2477,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
copy_user_highpage(dst, src, va, vma);
}
@@ -71173,7 +69705,7 @@ index 829d437..3d3926a 100644
/*
* This routine handles present pages, when users try to write
* to a shared page. It is done by copying the page to a new address
-@@ -2656,6 +2849,12 @@ gotten:
+@@ -2675,6 +2868,12 @@ gotten:
*/
page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
if (likely(pte_same(*page_table, orig_pte))) {
@@ -71186,7 +69718,7 @@ index 829d437..3d3926a 100644
if (old_page) {
if (!PageAnon(old_page)) {
dec_mm_counter_fast(mm, MM_FILEPAGES);
-@@ -2707,6 +2906,10 @@ gotten:
+@@ -2726,6 +2925,10 @@ gotten:
page_remove_rmap(old_page);
}
@@ -71197,7 +69729,7 @@ index 829d437..3d3926a 100644
/* Free the old page.. */
new_page = old_page;
ret |= VM_FAULT_WRITE;
-@@ -2986,6 +3189,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3005,6 +3208,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
swap_free(entry);
if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
try_to_free_swap(page);
@@ -71209,7 +69741,7 @@ index 829d437..3d3926a 100644
unlock_page(page);
if (swapcache) {
/*
-@@ -3009,6 +3217,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3028,6 +3236,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
@@ -71221,7 +69753,7 @@ index 829d437..3d3926a 100644
unlock:
pte_unmap_unlock(page_table, ptl);
out:
-@@ -3028,40 +3241,6 @@ out_release:
+@@ -3047,40 +3260,6 @@ out_release:
}
/*
@@ -71262,7 +69794,7 @@ index 829d437..3d3926a 100644
* We enter with non-exclusive mmap_sem (to exclude vma changes,
* but allow concurrent faults), and pte mapped but not yet locked.
* We return with mmap_sem still held, but pte unmapped and unlocked.
-@@ -3070,27 +3249,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3089,27 +3268,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long address, pte_t *page_table, pmd_t *pmd,
unsigned int flags)
{
@@ -71295,7 +69827,7 @@ index 829d437..3d3926a 100644
if (unlikely(anon_vma_prepare(vma)))
goto oom;
page = alloc_zeroed_user_highpage_movable(vma, address);
-@@ -3109,6 +3284,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3128,6 +3303,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
if (!pte_none(*page_table))
goto release;
@@ -71307,7 +69839,7 @@ index 829d437..3d3926a 100644
inc_mm_counter_fast(mm, MM_ANONPAGES);
page_add_new_anon_rmap(page, vma, address);
setpte:
-@@ -3116,6 +3296,12 @@ setpte:
+@@ -3135,6 +3315,12 @@ setpte:
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
@@ -71320,7 +69852,7 @@ index 829d437..3d3926a 100644
unlock:
pte_unmap_unlock(page_table, ptl);
return 0;
-@@ -3259,6 +3445,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3278,6 +3464,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
*/
/* Only go through if we didn't race with anybody else... */
if (likely(pte_same(*page_table, orig_pte))) {
@@ -71333,7 +69865,7 @@ index 829d437..3d3926a 100644
flush_icache_page(vma, page);
entry = mk_pte(page, vma->vm_page_prot);
if (flags & FAULT_FLAG_WRITE)
-@@ -3278,6 +3470,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3297,6 +3489,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
/* no need to invalidate: a not-present page won't be cached */
update_mmu_cache(vma, address, page_table);
@@ -71348,7 +69880,7 @@ index 829d437..3d3926a 100644
} else {
if (cow_page)
mem_cgroup_uncharge_page(cow_page);
-@@ -3431,6 +3631,12 @@ int handle_pte_fault(struct mm_struct *mm,
+@@ -3450,6 +3650,12 @@ int handle_pte_fault(struct mm_struct *mm,
if (flags & FAULT_FLAG_WRITE)
flush_tlb_fix_spurious_fault(vma, address);
}
@@ -71361,7 +69893,7 @@ index 829d437..3d3926a 100644
unlock:
pte_unmap_unlock(pte, ptl);
return 0;
-@@ -3447,6 +3653,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3466,6 +3672,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
pmd_t *pmd;
pte_t *pte;
@@ -71372,7 +69904,7 @@ index 829d437..3d3926a 100644
__set_current_state(TASK_RUNNING);
count_vm_event(PGFAULT);
-@@ -3458,6 +3668,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3477,6 +3687,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
if (unlikely(is_vm_hugetlb_page(vma)))
return hugetlb_fault(mm, vma, address, flags);
@@ -71407,7 +69939,7 @@ index 829d437..3d3926a 100644
pgd = pgd_offset(mm, address);
pud = pud_alloc(mm, pgd, address);
if (!pud)
-@@ -3487,7 +3725,7 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3506,7 +3744,7 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
* run pte_offset_map on the pmd, if an huge pmd could
* materialize from under us from a different thread.
*/
@@ -71416,7 +69948,7 @@ index 829d437..3d3926a 100644
return VM_FAULT_OOM;
/* if an huge pmd materialized from under us just retry later */
if (unlikely(pmd_trans_huge(*pmd)))
-@@ -3591,7 +3829,7 @@ static int __init gate_vma_init(void)
+@@ -3610,7 +3848,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -71426,7 +69958,7 @@ index 829d437..3d3926a 100644
* Make sure the vDSO gets into every core dump.
* Dumping its contents makes post-mortem fully interpretable later
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
-index c3fdbcb..2e8ef90 100644
+index 47296fe..5c3d263 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -640,6 +640,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
@@ -71437,10 +69969,10 @@ index c3fdbcb..2e8ef90 100644
+ struct vm_area_struct *vma_m;
+#endif
+
- vma = find_vma_prev(mm, start, &prev);
+ vma = find_vma(mm, start);
if (!vma || vma->vm_start > start)
return -EFAULT;
-@@ -678,6 +682,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
+@@ -679,6 +683,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
err = policy_vma(vma, new_pol);
if (err)
goto out;
@@ -71457,7 +69989,7 @@ index c3fdbcb..2e8ef90 100644
}
out:
-@@ -1111,6 +1125,17 @@ static long do_mbind(unsigned long start, unsigned long len,
+@@ -1112,6 +1126,17 @@ static long do_mbind(unsigned long start, unsigned long len,
if (end < start)
return -EINVAL;
@@ -71475,7 +70007,7 @@ index c3fdbcb..2e8ef90 100644
if (end == start)
return 0;
-@@ -1329,6 +1354,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
+@@ -1330,6 +1355,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
if (!mm)
goto out;
@@ -71490,7 +70022,7 @@ index c3fdbcb..2e8ef90 100644
/*
* Check if this process has the right to modify the specified
* process. The right exists if the process has administrative
-@@ -1338,8 +1371,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
+@@ -1339,8 +1372,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
rcu_read_lock();
tcred = __task_cred(task);
if (cred->euid != tcred->suid && cred->euid != tcred->uid &&
@@ -71501,10 +70033,10 @@ index c3fdbcb..2e8ef90 100644
err = -EPERM;
goto out;
diff --git a/mm/migrate.c b/mm/migrate.c
-index 177aca4..ab3a744 100644
+index 1503b6b..156c672 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
-@@ -1313,6 +1313,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
+@@ -1370,6 +1370,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
if (!mm)
return -EINVAL;
@@ -71519,7 +70051,7 @@ index 177aca4..ab3a744 100644
/*
* Check if this process has the right to modify the specified
* process. The right exists if the process has administrative
-@@ -1322,8 +1330,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
+@@ -1379,8 +1387,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
rcu_read_lock();
tcred = __task_cred(task);
if (cred->euid != tcred->suid && cred->euid != tcred->uid &&
@@ -71530,7 +70062,7 @@ index 177aca4..ab3a744 100644
err = -EPERM;
goto out;
diff --git a/mm/mlock.c b/mm/mlock.c
-index 4f4f53b..9511904 100644
+index ef726e8..13e0901 100644
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -13,6 +13,7 @@
@@ -71548,10 +70080,10 @@ index 4f4f53b..9511904 100644
+ if (end > TASK_SIZE)
+ return -EINVAL;
+
- vma = find_vma_prev(current->mm, start, &prev);
+ vma = find_vma(current->mm, start);
if (!vma || vma->vm_start > start)
return -ENOMEM;
-@@ -395,6 +399,11 @@ static int do_mlock(unsigned long start, size_t len, int on)
+@@ -396,6 +400,11 @@ static int do_mlock(unsigned long start, size_t len, int on)
for (nstart = start ; ; ) {
vm_flags_t newflags;
@@ -71563,7 +70095,7 @@ index 4f4f53b..9511904 100644
/* Here we know that vma->vm_start <= nstart < vma->vm_end. */
newflags = vma->vm_flags | VM_LOCKED;
-@@ -500,6 +509,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len)
+@@ -501,6 +510,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len)
lock_limit >>= PAGE_SHIFT;
/* check against resource limits */
@@ -71571,7 +70103,7 @@ index 4f4f53b..9511904 100644
if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
error = do_mlock(start, len, 1);
up_write(¤t->mm->mmap_sem);
-@@ -523,17 +533,23 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len)
+@@ -524,17 +534,23 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len)
static int do_mlockall(int flags)
{
struct vm_area_struct * vma, * prev = NULL;
@@ -71598,7 +70130,7 @@ index 4f4f53b..9511904 100644
newflags = vma->vm_flags | VM_LOCKED;
if (!(flags & MCL_CURRENT))
newflags &= ~VM_LOCKED;
-@@ -566,6 +582,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
+@@ -567,6 +583,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
lock_limit >>= PAGE_SHIFT;
ret = -ENOMEM;
@@ -71607,7 +70139,7 @@ index 4f4f53b..9511904 100644
capable(CAP_IPC_LOCK))
ret = do_mlockall(flags);
diff --git a/mm/mmap.c b/mm/mmap.c
-index eae90af..c930262 100644
+index da15a79..2e3d9ff 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -46,6 +46,16 @@
@@ -71941,18 +70473,7 @@ index eae90af..c930262 100644
vma->vm_mm = mm;
vma->vm_start = addr;
vma->vm_end = addr + len;
-@@ -1266,8 +1397,9 @@ munmap_back:
- vma->vm_pgoff = pgoff;
- INIT_LIST_HEAD(&vma->anon_vma_chain);
-
-+ error = -EINVAL; /* when rejecting VM_GROWSDOWN|VM_GROWSUP */
-+
- if (file) {
-- error = -EINVAL;
- if (vm_flags & (VM_GROWSDOWN|VM_GROWSUP))
- goto free_vma;
- if (vm_flags & VM_DENYWRITE) {
-@@ -1281,6 +1413,19 @@ munmap_back:
+@@ -1282,6 +1413,19 @@ munmap_back:
error = file->f_op->mmap(file, vma);
if (error)
goto unmap_and_free_vma;
@@ -71972,16 +70493,7 @@ index eae90af..c930262 100644
if (vm_flags & VM_EXECUTABLE)
added_exe_file_vma(mm);
-@@ -1293,6 +1438,8 @@ munmap_back:
- pgoff = vma->vm_pgoff;
- vm_flags = vma->vm_flags;
- } else if (vm_flags & VM_SHARED) {
-+ if (unlikely(vm_flags & (VM_GROWSDOWN|VM_GROWSUP)))
-+ goto free_vma;
- error = shmem_zero_setup(vma);
- if (error)
- goto free_vma;
-@@ -1316,6 +1463,11 @@ munmap_back:
+@@ -1319,6 +1463,11 @@ munmap_back:
vma_link(mm, vma, prev, rb_link, rb_parent);
file = vma->vm_file;
@@ -71993,7 +70505,7 @@ index eae90af..c930262 100644
/* Once vma denies write, undo our temporary denial count */
if (correct_wcount)
atomic_inc(&inode->i_writecount);
-@@ -1324,6 +1476,7 @@ out:
+@@ -1327,6 +1476,7 @@ out:
mm->total_vm += len >> PAGE_SHIFT;
vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
@@ -72001,7 +70513,7 @@ index eae90af..c930262 100644
if (vm_flags & VM_LOCKED) {
if (!mlock_vma_pages_range(vma, addr, addr + len))
mm->locked_vm += (len >> PAGE_SHIFT);
-@@ -1341,6 +1494,12 @@ unmap_and_free_vma:
+@@ -1344,6 +1494,12 @@ unmap_and_free_vma:
unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
charged = 0;
free_vma:
@@ -72014,7 +70526,7 @@ index eae90af..c930262 100644
kmem_cache_free(vm_area_cachep, vma);
unacct_error:
if (charged)
-@@ -1348,6 +1507,44 @@ unacct_error:
+@@ -1351,6 +1507,44 @@ unacct_error:
return error;
}
@@ -72059,7 +70571,7 @@ index eae90af..c930262 100644
/* Get an address range which is currently unmapped.
* For shmat() with addr=0.
*
-@@ -1374,18 +1571,23 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -1377,18 +1571,23 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
if (flags & MAP_FIXED)
return addr;
@@ -72090,7 +70602,7 @@ index eae90af..c930262 100644
}
full_search:
-@@ -1396,34 +1598,40 @@ full_search:
+@@ -1399,34 +1598,40 @@ full_search:
* Start a new search - just in case we missed
* some holes.
*/
@@ -72142,7 +70654,7 @@ index eae90af..c930262 100644
mm->free_area_cache = addr;
mm->cached_hole_size = ~0UL;
}
-@@ -1441,7 +1649,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1444,7 +1649,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
{
struct vm_area_struct *vma;
struct mm_struct *mm = current->mm;
@@ -72151,7 +70663,7 @@ index eae90af..c930262 100644
/* requested length too big for entire address space */
if (len > TASK_SIZE)
-@@ -1450,13 +1658,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1453,13 +1658,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
if (flags & MAP_FIXED)
return addr;
@@ -72174,7 +70686,7 @@ index eae90af..c930262 100644
}
/* check if free_area_cache is useful for us */
-@@ -1471,7 +1684,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1474,7 +1684,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
/* make sure it can fit in the remaining address space */
if (addr > len) {
vma = find_vma(mm, addr-len);
@@ -72183,7 +70695,7 @@ index eae90af..c930262 100644
/* remember the address as a hint for next time */
return (mm->free_area_cache = addr-len);
}
-@@ -1488,7 +1701,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1491,7 +1701,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
* return with success:
*/
vma = find_vma(mm, addr);
@@ -72192,7 +70704,7 @@ index eae90af..c930262 100644
/* remember the address as a hint for next time */
return (mm->free_area_cache = addr);
-@@ -1497,8 +1710,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1500,8 +1710,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
mm->cached_hole_size = vma->vm_start - addr;
/* try just below the current vma->vm_start */
@@ -72203,7 +70715,7 @@ index eae90af..c930262 100644
bottomup:
/*
-@@ -1507,13 +1720,21 @@ bottomup:
+@@ -1510,13 +1720,21 @@ bottomup:
* can happen with large stack limits and large mmap()
* allocations.
*/
@@ -72227,7 +70739,7 @@ index eae90af..c930262 100644
mm->cached_hole_size = ~0UL;
return addr;
-@@ -1522,6 +1743,12 @@ bottomup:
+@@ -1525,6 +1743,12 @@ bottomup:
void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
{
@@ -72240,7 +70752,7 @@ index eae90af..c930262 100644
/*
* Is this a new hole at the highest possible address?
*/
-@@ -1529,8 +1756,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
+@@ -1532,8 +1756,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
mm->free_area_cache = addr;
/* dont allow allocations above current base */
@@ -72252,63 +70764,15 @@ index eae90af..c930262 100644
}
unsigned long
-@@ -1603,40 +1832,50 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr)
-
- EXPORT_SYMBOL(find_vma);
+@@ -1629,6 +1855,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
+ return vma;
+ }
--/* Same as find_vma, but also return a pointer to the previous VMA in *pprev. */
-+/*
-+ * Same as find_vma, but also return a pointer to the previous VMA in *pprev.
-+ */
- struct vm_area_struct *
- find_vma_prev(struct mm_struct *mm, unsigned long addr,
- struct vm_area_struct **pprev)
- {
-- struct vm_area_struct *vma = NULL, *prev = NULL;
-- struct rb_node *rb_node;
-- if (!mm)
-- goto out;
--
-- /* Guard against addr being lower than the first VMA */
-- vma = mm->mmap;
--
-- /* Go through the RB tree quickly. */
-- rb_node = mm->mm_rb.rb_node;
--
-- while (rb_node) {
-- struct vm_area_struct *vma_tmp;
-- vma_tmp = rb_entry(rb_node, struct vm_area_struct, vm_rb);
--
-- if (addr < vma_tmp->vm_end) {
-- rb_node = rb_node->rb_left;
-- } else {
-- prev = vma_tmp;
-- if (!prev->vm_next || (addr < prev->vm_next->vm_end))
-- break;
-+ struct vm_area_struct *vma;
-+
-+ vma = find_vma(mm, addr);
-+ if (vma) {
-+ *pprev = vma->vm_prev;
-+ } else {
-+ struct rb_node *rb_node = mm->mm_rb.rb_node;
-+ *pprev = NULL;
-+ while (rb_node) {
-+ *pprev = rb_entry(rb_node, struct vm_area_struct, vm_rb);
- rb_node = rb_node->rb_right;
- }
- }
-+ return vma;
-+}
-+
+#ifdef CONFIG_PAX_SEGMEXEC
+struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma)
+{
+ struct vm_area_struct *vma_m;
-
--out:
-- *pprev = prev;
-- return prev ? prev->vm_next : vma;
++
+ BUG_ON(!vma || vma->vm_start >= vma->vm_end);
+ if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC)) {
+ BUG_ON(vma->vm_mirror);
@@ -72323,12 +70787,13 @@ index eae90af..c930262 100644
+ BUG_ON(vma->anon_vma != vma_m->anon_vma && vma->anon_vma->root != vma_m->anon_vma->root);
+ BUG_ON((vma->vm_flags ^ vma_m->vm_flags) & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED | VM_RESERVED));
+ return vma_m;
- }
++}
+#endif
-
++
/*
* Verify that the stack growth is acceptable and
-@@ -1654,6 +1893,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+ * update accounting. This is shared with both the
+@@ -1645,6 +1893,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
return -ENOMEM;
/* Stack limit test */
@@ -72336,7 +70801,7 @@ index eae90af..c930262 100644
if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur))
return -ENOMEM;
-@@ -1664,6 +1904,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -1655,6 +1904,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
locked = mm->locked_vm + grow;
limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
limit >>= PAGE_SHIFT;
@@ -72344,7 +70809,7 @@ index eae90af..c930262 100644
if (locked > limit && !capable(CAP_IPC_LOCK))
return -ENOMEM;
}
-@@ -1694,37 +1935,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -1685,37 +1935,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
* PA-RISC uses this for its stack; IA64 for its Register Backing Store.
* vma is the last one with address > vma->vm_end. Have to extend vma.
*/
@@ -72402,7 +70867,7 @@ index eae90af..c930262 100644
unsigned long size, grow;
size = address - vma->vm_start;
-@@ -1739,6 +1991,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
+@@ -1730,6 +1991,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
}
}
}
@@ -72411,7 +70876,7 @@ index eae90af..c930262 100644
vma_unlock_anon_vma(vma);
khugepaged_enter_vma_merge(vma);
return error;
-@@ -1752,6 +2006,8 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -1743,6 +2006,8 @@ int expand_downwards(struct vm_area_struct *vma,
unsigned long address)
{
int error;
@@ -72420,7 +70885,7 @@ index eae90af..c930262 100644
/*
* We must make sure the anon_vma is allocated
-@@ -1765,6 +2021,15 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -1756,6 +2021,15 @@ int expand_downwards(struct vm_area_struct *vma,
if (error)
return error;
@@ -72436,7 +70901,7 @@ index eae90af..c930262 100644
vma_lock_anon_vma(vma);
/*
-@@ -1774,9 +2039,17 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -1765,9 +2039,17 @@ int expand_downwards(struct vm_area_struct *vma,
*/
/* Somebody else might have raced and expanded it already */
@@ -72455,7 +70920,7 @@ index eae90af..c930262 100644
size = vma->vm_end - address;
grow = (vma->vm_start - address) >> PAGE_SHIFT;
-@@ -1786,11 +2059,22 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -1777,11 +2059,22 @@ int expand_downwards(struct vm_area_struct *vma,
if (!error) {
vma->vm_start = address;
vma->vm_pgoff -= grow;
@@ -72478,7 +70943,7 @@ index eae90af..c930262 100644
khugepaged_enter_vma_merge(vma);
return error;
}
-@@ -1860,6 +2144,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -1851,6 +2144,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
do {
long nrpages = vma_pages(vma);
@@ -72492,7 +70957,7 @@ index eae90af..c930262 100644
mm->total_vm -= nrpages;
vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
vma = remove_vma(vma);
-@@ -1905,6 +2196,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -1896,6 +2196,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
insertion_point = (prev ? &prev->vm_next : &mm->mmap);
vma->vm_prev = NULL;
do {
@@ -72509,7 +70974,7 @@ index eae90af..c930262 100644
rb_erase(&vma->vm_rb, &mm->mm_rb);
mm->map_count--;
tail_vma = vma;
-@@ -1933,14 +2234,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -1924,14 +2234,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
struct vm_area_struct *new;
int err = -ENOMEM;
@@ -72543,7 +71008,7 @@ index eae90af..c930262 100644
/* most fields are the same, copy all, and then fixup */
*new = *vma;
-@@ -1953,6 +2273,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -1944,6 +2273,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
}
@@ -72566,7 +71031,7 @@ index eae90af..c930262 100644
pol = mpol_dup(vma_policy(vma));
if (IS_ERR(pol)) {
err = PTR_ERR(pol);
-@@ -1978,6 +2314,42 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -1969,6 +2314,42 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
else
err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
@@ -72609,7 +71074,7 @@ index eae90af..c930262 100644
/* Success. */
if (!err)
return 0;
-@@ -1990,10 +2362,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -1981,10 +2362,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
removed_exe_file_vma(mm);
fput(new->vm_file);
}
@@ -72629,7 +71094,7 @@ index eae90af..c930262 100644
kmem_cache_free(vm_area_cachep, new);
out_err:
return err;
-@@ -2006,6 +2386,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -1997,6 +2386,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long addr, int new_below)
{
@@ -72645,7 +71110,7 @@ index eae90af..c930262 100644
if (mm->map_count >= sysctl_max_map_count)
return -ENOMEM;
-@@ -2017,11 +2406,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2008,11 +2406,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
* work. This now handles partial unmappings.
* Jeremy Fitzhardinge <jeremy@goop.org>
*/
@@ -72676,7 +71141,7 @@ index eae90af..c930262 100644
if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
return -EINVAL;
-@@ -2096,6 +2504,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
+@@ -2087,6 +2504,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
/* Fix up all other VM information */
remove_vma_list(mm, vma);
@@ -72685,7 +71150,7 @@ index eae90af..c930262 100644
return 0;
}
-@@ -2108,22 +2518,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
+@@ -2099,22 +2518,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
profile_munmap(addr);
@@ -72714,7 +71179,7 @@ index eae90af..c930262 100644
/*
* this is really a simplified "do_mmap". it only handles
* anonymous maps. eventually we may be able to do some
-@@ -2137,6 +2543,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2128,6 +2543,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
struct rb_node ** rb_link, * rb_parent;
pgoff_t pgoff = addr >> PAGE_SHIFT;
int error;
@@ -72722,7 +71187,7 @@ index eae90af..c930262 100644
len = PAGE_ALIGN(len);
if (!len)
-@@ -2148,16 +2555,30 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2139,16 +2555,30 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
@@ -72754,7 +71219,7 @@ index eae90af..c930262 100644
locked += mm->locked_vm;
lock_limit = rlimit(RLIMIT_MEMLOCK);
lock_limit >>= PAGE_SHIFT;
-@@ -2174,22 +2595,22 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2165,22 +2595,22 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
/*
* Clear old maps. this also does some error checking for us
*/
@@ -72781,7 +71246,7 @@ index eae90af..c930262 100644
return -ENOMEM;
/* Can we just expand an old private anonymous mapping? */
-@@ -2203,7 +2624,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2194,7 +2624,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
*/
vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
if (!vma) {
@@ -72790,7 +71255,7 @@ index eae90af..c930262 100644
return -ENOMEM;
}
-@@ -2217,11 +2638,12 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2208,11 +2638,12 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
vma_link(mm, vma, prev, rb_link, rb_parent);
out:
perf_event_mmap(vma);
@@ -72805,7 +71270,7 @@ index eae90af..c930262 100644
return addr;
}
-@@ -2268,8 +2690,10 @@ void exit_mmap(struct mm_struct *mm)
+@@ -2259,8 +2690,10 @@ void exit_mmap(struct mm_struct *mm)
* Walk the list again, actually closing and freeing it,
* with preemption enabled, without holding any MM locks.
*/
@@ -72817,7 +71282,7 @@ index eae90af..c930262 100644
BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT);
}
-@@ -2283,6 +2707,13 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
+@@ -2274,6 +2707,13 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
struct vm_area_struct * __vma, * prev;
struct rb_node ** rb_link, * rb_parent;
@@ -72831,7 +71296,7 @@ index eae90af..c930262 100644
/*
* The vm_pgoff of a purely anonymous vma should be irrelevant
* until its first write fault, when page's anon_vma and index
-@@ -2305,7 +2736,22 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
+@@ -2296,7 +2736,22 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
if ((vma->vm_flags & VM_ACCOUNT) &&
security_vm_enough_memory_mm(mm, vma_pages(vma)))
return -ENOMEM;
@@ -72854,16 +71319,16 @@ index eae90af..c930262 100644
return 0;
}
-@@ -2323,6 +2769,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
- struct rb_node **rb_link, *rb_parent;
+@@ -2315,6 +2770,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
struct mempolicy *pol;
+ bool faulted_in_anon_vma = true;
+ BUG_ON(vma->vm_mirror);
+
/*
* If anonymous vma has not yet been faulted, update new pgoff
* to match new location, to increase its chance of merging.
-@@ -2373,6 +2821,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
+@@ -2382,6 +2839,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
return NULL;
}
@@ -72903,7 +71368,7 @@ index eae90af..c930262 100644
/*
* Return true if the calling process may expand its vm space by the passed
* number of pages
-@@ -2383,7 +2864,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
+@@ -2392,7 +2882,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
unsigned long lim;
lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT;
@@ -72912,7 +71377,7 @@ index eae90af..c930262 100644
if (cur + npages > lim)
return 0;
return 1;
-@@ -2454,6 +2935,22 @@ int install_special_mapping(struct mm_struct *mm,
+@@ -2463,6 +2953,22 @@ int install_special_mapping(struct mm_struct *mm,
vma->vm_start = addr;
vma->vm_end = addr + len;
@@ -72936,7 +71401,7 @@ index eae90af..c930262 100644
vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
diff --git a/mm/mprotect.c b/mm/mprotect.c
-index 5a688a2..27e031c 100644
+index f437d05..e3763f6 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -23,10 +23,16 @@
@@ -73128,7 +71593,7 @@ index 5a688a2..27e031c 100644
prot |= PROT_EXEC;
vm_flags = calc_vm_prot_bits(prot);
-@@ -287,6 +412,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -288,6 +413,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
if (start > vma->vm_start)
prev = vma;
@@ -73140,7 +71605,7 @@ index 5a688a2..27e031c 100644
for (nstart = start ; ; ) {
unsigned long newflags;
-@@ -296,6 +426,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -297,6 +427,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
/* newflags >> 4 shift VM_MAY% in place of VM_% */
if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) {
@@ -73155,7 +71620,7 @@ index 5a688a2..27e031c 100644
error = -EACCES;
goto out;
}
-@@ -310,6 +448,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
+@@ -311,6 +449,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
if (error)
goto out;
@@ -73166,7 +71631,7 @@ index 5a688a2..27e031c 100644
if (nstart < prev->vm_end)
diff --git a/mm/mremap.c b/mm/mremap.c
-index d6959cb..18a402a 100644
+index 87bb839..c3bfadb 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -106,6 +106,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd,
@@ -73182,7 +71647,7 @@ index d6959cb..18a402a 100644
set_pte_at(mm, new_addr, new_pte, pte);
}
-@@ -290,6 +296,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr,
+@@ -299,6 +305,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr,
if (is_vm_hugetlb_page(vma))
goto Einval;
@@ -73194,7 +71659,7 @@ index d6959cb..18a402a 100644
/* We can't remap across vm area boundaries */
if (old_len > vma->vm_end - addr)
goto Efault;
-@@ -346,20 +357,25 @@ static unsigned long mremap_to(unsigned long addr,
+@@ -355,20 +366,25 @@ static unsigned long mremap_to(unsigned long addr,
unsigned long ret = -EINVAL;
unsigned long charged = 0;
unsigned long map_flags;
@@ -73225,7 +71690,7 @@ index d6959cb..18a402a 100644
goto out;
ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1);
-@@ -431,6 +447,7 @@ unsigned long do_mremap(unsigned long addr,
+@@ -440,6 +456,7 @@ unsigned long do_mremap(unsigned long addr,
struct vm_area_struct *vma;
unsigned long ret = -EINVAL;
unsigned long charged = 0;
@@ -73233,7 +71698,7 @@ index d6959cb..18a402a 100644
if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE))
goto out;
-@@ -449,6 +466,17 @@ unsigned long do_mremap(unsigned long addr,
+@@ -458,6 +475,17 @@ unsigned long do_mremap(unsigned long addr,
if (!new_len)
goto out;
@@ -73251,7 +71716,7 @@ index d6959cb..18a402a 100644
if (flags & MREMAP_FIXED) {
if (flags & MREMAP_MAYMOVE)
ret = mremap_to(addr, old_len, new_addr, new_len);
-@@ -498,6 +526,7 @@ unsigned long do_mremap(unsigned long addr,
+@@ -507,6 +535,7 @@ unsigned long do_mremap(unsigned long addr,
addr + new_len);
}
ret = addr;
@@ -73259,7 +71724,7 @@ index d6959cb..18a402a 100644
goto out;
}
}
-@@ -524,7 +553,13 @@ unsigned long do_mremap(unsigned long addr,
+@@ -533,7 +562,13 @@ unsigned long do_mremap(unsigned long addr,
ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1);
if (ret)
goto out;
@@ -73273,43 +71738,6 @@ index d6959cb..18a402a 100644
}
out:
if (ret & ~PAGE_MASK)
-diff --git a/mm/nobootmem.c b/mm/nobootmem.c
-index 7fa41b4..6087460 100644
---- a/mm/nobootmem.c
-+++ b/mm/nobootmem.c
-@@ -110,19 +110,30 @@ static void __init __free_pages_memory(unsigned long start, unsigned long end)
- unsigned long __init free_all_memory_core_early(int nodeid)
- {
- int i;
-- u64 start, end;
-+ u64 start, end, startrange, endrange;
- unsigned long count = 0;
-- struct range *range = NULL;
-+ struct range *range = NULL, rangerange = { 0, 0 };
- int nr_range;
-
- nr_range = get_free_all_memory_range(&range, nodeid);
-+ startrange = __pa(range) >> PAGE_SHIFT;
-+ endrange = (__pa(range + nr_range) - 1) >> PAGE_SHIFT;
-
- for (i = 0; i < nr_range; i++) {
- start = range[i].start;
- end = range[i].end;
-+ if (start <= endrange && startrange < end) {
-+ BUG_ON(rangerange.start | rangerange.end);
-+ rangerange = range[i];
-+ continue;
-+ }
- count += end - start;
- __free_pages_memory(start, end);
- }
-+ start = rangerange.start;
-+ end = rangerange.end;
-+ count += end - start;
-+ __free_pages_memory(start, end);
-
- return count;
- }
diff --git a/mm/nommu.c b/mm/nommu.c
index f59e170..34e2a2b 100644
--- a/mm/nommu.c
@@ -73347,10 +71775,10 @@ index f59e170..34e2a2b 100644
new->vm_region = region;
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 485be89..c059ad3 100644
+index a13ded1..b949d15 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
-@@ -341,7 +341,7 @@ out:
+@@ -335,7 +335,7 @@ out:
* This usage means that zero-order pages may not be compound.
*/
@@ -73359,7 +71787,7 @@ index 485be89..c059ad3 100644
{
__free_pages_ok(page, compound_order(page));
}
-@@ -654,6 +654,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
+@@ -692,6 +692,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
int i;
int bad = 0;
@@ -73367,10 +71795,10 @@ index 485be89..c059ad3 100644
+ unsigned long index = 1UL << order;
+#endif
+
- trace_mm_page_free_direct(page, order);
+ trace_mm_page_free(page, order);
kmemcheck_free_shadow(page, order);
-@@ -669,6 +673,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
+@@ -707,6 +711,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
debug_check_no_obj_freed(page_address(page),
PAGE_SIZE << order);
}
@@ -73383,7 +71811,7 @@ index 485be89..c059ad3 100644
arch_free_page(page, order);
kernel_map_pages(page, 1 << order, 0);
-@@ -784,8 +794,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags)
+@@ -830,8 +840,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags)
arch_alloc_page(page, order);
kernel_map_pages(page, 1 << order, 1);
@@ -73394,7 +71822,7 @@ index 485be89..c059ad3 100644
if (order && (gfp_flags & __GFP_COMP))
prep_compound_page(page, order);
-@@ -3357,7 +3369,13 @@ static int pageblock_is_reserved(unsigned long start_pfn, unsigned long end_pfn)
+@@ -3468,7 +3480,13 @@ static int pageblock_is_reserved(unsigned long start_pfn, unsigned long end_pfn)
unsigned long pfn;
for (pfn = start_pfn; pfn < end_pfn; pfn++) {
@@ -73409,10 +71837,10 @@ index 485be89..c059ad3 100644
}
return 0;
diff --git a/mm/percpu.c b/mm/percpu.c
-index 716eb4a..8d10419 100644
+index f47af91..7eeef99 100644
--- a/mm/percpu.c
+++ b/mm/percpu.c
-@@ -121,7 +121,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly;
+@@ -122,7 +122,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly;
static unsigned int pcpu_high_unit_cpu __read_mostly;
/* the address of the first chunk which starts with the kernel static area */
@@ -73422,7 +71850,7 @@ index 716eb4a..8d10419 100644
static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */
diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c
-index e920aa3..137702a 100644
+index c20ff48..137702a 100644
--- a/mm/process_vm_access.c
+++ b/mm/process_vm_access.c
@@ -13,6 +13,7 @@
@@ -73460,42 +71888,20 @@ index e920aa3..137702a 100644
}
if (nr_pages == 0)
-@@ -298,23 +299,23 @@ static ssize_t process_vm_rw_core(pid_t pid, const struct iovec *lvec,
+@@ -298,6 +299,11 @@ static ssize_t process_vm_rw_core(pid_t pid, const struct iovec *lvec,
goto free_proc_pages;
}
-- task_lock(task);
-- if (__ptrace_may_access(task, PTRACE_MODE_ATTACH)) {
-- task_unlock(task);
+ if (gr_handle_ptrace(task, vm_write ? PTRACE_POKETEXT : PTRACE_ATTACH)) {
- rc = -EPERM;
- goto put_task_struct;
- }
-- mm = task->mm;
-
-- if (!mm || (task->flags & PF_KTHREAD)) {
-- task_unlock(task);
-- rc = -EINVAL;
-+ mm = mm_access(task, PTRACE_MODE_ATTACH);
-+ if (!mm || IS_ERR(mm)) {
-+ rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
-+ /*
-+ * Explicitly map EACCES to EPERM as EPERM is a more a
-+ * appropriate error code for process_vw_readv/writev
-+ */
-+ if (rc == -EACCES)
-+ rc = -EPERM;
- goto put_task_struct;
- }
-
-- atomic_inc(&mm->mm_users);
-- task_unlock(task);
--
- for (i = 0; i < riovcnt && iov_l_curr_idx < liovcnt; i++) {
- rc = process_vm_rw_single_vec(
- (unsigned long)rvec[i].iov_base, rvec[i].iov_len,
++ rc = -EPERM;
++ goto put_task_struct;
++ }
++
+ mm = mm_access(task, PTRACE_MODE_ATTACH);
+ if (!mm || IS_ERR(mm)) {
+ rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
diff --git a/mm/rmap.c b/mm/rmap.c
-index a4fd368..e0ffec7 100644
+index c8454e0..b04f3a2 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -152,6 +152,10 @@ int anon_vma_prepare(struct vm_area_struct *vma)
@@ -73578,7 +71984,7 @@ index a4fd368..e0ffec7 100644
{
struct anon_vma_chain *avc, *pavc;
struct anon_vma *root = NULL;
-@@ -276,7 +313,7 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src)
+@@ -321,7 +358,7 @@ void anon_vma_moveto_tail(struct vm_area_struct *dst)
* the corresponding VMA in the parent process is attached to.
* Returns 0 on success, non-zero on failure.
*/
@@ -73588,7 +71994,7 @@ index a4fd368..e0ffec7 100644
struct anon_vma_chain *avc;
struct anon_vma *anon_vma;
diff --git a/mm/shmem.c b/mm/shmem.c
-index 6c253f7..367e20a 100644
+index 269d049..a9d2b50 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -31,7 +31,7 @@
@@ -73620,10 +72026,10 @@ index 6c253f7..367e20a 100644
return -ENOMEM;
diff --git a/mm/slab.c b/mm/slab.c
-index 83311c9a..fcf8f86 100644
+index f0bd785..348b96a 100644
--- a/mm/slab.c
+++ b/mm/slab.c
-@@ -151,7 +151,7 @@
+@@ -153,7 +153,7 @@
/* Legal flag mask for kmem_cache_create(). */
#if DEBUG
@@ -73632,7 +72038,7 @@ index 83311c9a..fcf8f86 100644
SLAB_POISON | SLAB_HWCACHE_ALIGN | \
SLAB_CACHE_DMA | \
SLAB_STORE_USER | \
-@@ -159,7 +159,7 @@
+@@ -161,7 +161,7 @@
SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD | \
SLAB_DEBUG_OBJECTS | SLAB_NOLEAKTRACE | SLAB_NOTRACK)
#else
@@ -73641,7 +72047,7 @@ index 83311c9a..fcf8f86 100644
SLAB_CACHE_DMA | \
SLAB_RECLAIM_ACCOUNT | SLAB_PANIC | \
SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD | \
-@@ -288,7 +288,7 @@ struct kmem_list3 {
+@@ -290,7 +290,7 @@ struct kmem_list3 {
* Need this for bootstrapping a per node allocator.
*/
#define NUM_INIT_LISTS (3 * MAX_NUMNODES)
@@ -73650,7 +72056,7 @@ index 83311c9a..fcf8f86 100644
#define CACHE_CACHE 0
#define SIZE_AC MAX_NUMNODES
#define SIZE_L3 (2 * MAX_NUMNODES)
-@@ -389,10 +389,10 @@ static void kmem_list3_init(struct kmem_list3 *parent)
+@@ -391,10 +391,10 @@ static void kmem_list3_init(struct kmem_list3 *parent)
if ((x)->max_freeable < i) \
(x)->max_freeable = i; \
} while (0)
@@ -73665,7 +72071,7 @@ index 83311c9a..fcf8f86 100644
#else
#define STATS_INC_ACTIVE(x) do { } while (0)
#define STATS_DEC_ACTIVE(x) do { } while (0)
-@@ -538,7 +538,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab,
+@@ -542,7 +542,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab,
* reciprocal_divide(offset, cache->reciprocal_buffer_size)
*/
static inline unsigned int obj_to_index(const struct kmem_cache *cache,
@@ -73674,7 +72080,7 @@ index 83311c9a..fcf8f86 100644
{
u32 offset = (obj - slab->s_mem);
return reciprocal_divide(offset, cache->reciprocal_buffer_size);
-@@ -564,7 +564,7 @@ struct cache_names {
+@@ -568,7 +568,7 @@ struct cache_names {
static struct cache_names __initdata cache_names[] = {
#define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)" },
#include <linux/kmalloc_sizes.h>
@@ -73683,7 +72089,7 @@ index 83311c9a..fcf8f86 100644
#undef CACHE
};
-@@ -1572,7 +1572,7 @@ void __init kmem_cache_init(void)
+@@ -1588,7 +1588,7 @@ void __init kmem_cache_init(void)
sizes[INDEX_AC].cs_cachep = kmem_cache_create(names[INDEX_AC].name,
sizes[INDEX_AC].cs_size,
ARCH_KMALLOC_MINALIGN,
@@ -73692,7 +72098,7 @@ index 83311c9a..fcf8f86 100644
NULL);
if (INDEX_AC != INDEX_L3) {
-@@ -1580,7 +1580,7 @@ void __init kmem_cache_init(void)
+@@ -1596,7 +1596,7 @@ void __init kmem_cache_init(void)
kmem_cache_create(names[INDEX_L3].name,
sizes[INDEX_L3].cs_size,
ARCH_KMALLOC_MINALIGN,
@@ -73701,7 +72107,7 @@ index 83311c9a..fcf8f86 100644
NULL);
}
-@@ -1598,7 +1598,7 @@ void __init kmem_cache_init(void)
+@@ -1614,7 +1614,7 @@ void __init kmem_cache_init(void)
sizes->cs_cachep = kmem_cache_create(names->name,
sizes->cs_size,
ARCH_KMALLOC_MINALIGN,
@@ -73710,7 +72116,7 @@ index 83311c9a..fcf8f86 100644
NULL);
}
#ifdef CONFIG_ZONE_DMA
-@@ -4322,10 +4322,10 @@ static int s_show(struct seq_file *m, void *p)
+@@ -4339,10 +4339,10 @@ static int s_show(struct seq_file *m, void *p)
}
/* cpu stats */
{
@@ -73725,7 +72131,7 @@ index 83311c9a..fcf8f86 100644
seq_printf(m, " : cpustat %6lu %6lu %6lu %6lu",
allochit, allocmiss, freehit, freemiss);
-@@ -4584,13 +4584,62 @@ static int __init slab_proc_init(void)
+@@ -4601,13 +4601,62 @@ static int __init slab_proc_init(void)
{
proc_create("slabinfo",S_IWUSR|S_IRUSR,NULL,&proc_slabinfo_operations);
#ifdef CONFIG_DEBUG_SLAB_LEAK
@@ -74146,7 +72552,7 @@ index 8105be4..e045f96 100644
EXPORT_SYMBOL(kmem_cache_free);
diff --git a/mm/slub.c b/mm/slub.c
-index 1a919f0..1739c9b 100644
+index 4907563..e3d7905 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -208,7 +208,7 @@ struct track {
@@ -74158,7 +72564,7 @@ index 1a919f0..1739c9b 100644
static int sysfs_slab_add(struct kmem_cache *);
static int sysfs_slab_alias(struct kmem_cache *, const char *);
static void sysfs_slab_remove(struct kmem_cache *);
-@@ -530,7 +530,7 @@ static void print_track(const char *s, struct track *t)
+@@ -532,7 +532,7 @@ static void print_track(const char *s, struct track *t)
if (!t->addr)
return;
@@ -74167,7 +72573,7 @@ index 1a919f0..1739c9b 100644
s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid);
#ifdef CONFIG_STACKTRACE
{
-@@ -2559,6 +2559,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x)
+@@ -2571,6 +2571,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x)
page = virt_to_head_page(x);
@@ -74176,7 +72582,7 @@ index 1a919f0..1739c9b 100644
slab_free(s, page, x, _RET_IP_);
trace_kmem_cache_free(_RET_IP_, x);
-@@ -2592,7 +2594,7 @@ static int slub_min_objects;
+@@ -2604,7 +2606,7 @@ static int slub_min_objects;
* Merge control. If this is set then no merging of slab caches will occur.
* (Could be removed. This was introduced to pacify the merge skeptics.)
*/
@@ -74185,7 +72591,7 @@ index 1a919f0..1739c9b 100644
/*
* Calculate the order of allocation given an slab object size.
-@@ -3042,7 +3044,7 @@ static int kmem_cache_open(struct kmem_cache *s,
+@@ -3057,7 +3059,7 @@ static int kmem_cache_open(struct kmem_cache *s,
else
s->cpu_partial = 30;
@@ -74194,7 +72600,7 @@ index 1a919f0..1739c9b 100644
#ifdef CONFIG_NUMA
s->remote_node_defrag_ratio = 1000;
#endif
-@@ -3146,8 +3148,7 @@ static inline int kmem_cache_close(struct kmem_cache *s)
+@@ -3161,8 +3163,7 @@ static inline int kmem_cache_close(struct kmem_cache *s)
void kmem_cache_destroy(struct kmem_cache *s)
{
down_write(&slub_lock);
@@ -74204,7 +72610,7 @@ index 1a919f0..1739c9b 100644
list_del(&s->list);
up_write(&slub_lock);
if (kmem_cache_close(s)) {
-@@ -3358,6 +3359,50 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node)
+@@ -3373,6 +3374,50 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node)
EXPORT_SYMBOL(__kmalloc_node);
#endif
@@ -74255,7 +72661,7 @@ index 1a919f0..1739c9b 100644
size_t ksize(const void *object)
{
struct page *page;
-@@ -3632,7 +3677,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s)
+@@ -3647,7 +3692,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s)
int node;
list_add(&s->list, &slab_caches);
@@ -74264,7 +72670,7 @@ index 1a919f0..1739c9b 100644
for_each_node_state(node, N_NORMAL_MEMORY) {
struct kmem_cache_node *n = get_node(s, node);
-@@ -3749,17 +3794,17 @@ void __init kmem_cache_init(void)
+@@ -3767,17 +3812,17 @@ void __init kmem_cache_init(void)
/* Caches that are not of the two-to-the-power-of size */
if (KMALLOC_MIN_SIZE <= 32) {
@@ -74285,7 +72691,7 @@ index 1a919f0..1739c9b 100644
caches++;
}
-@@ -3827,7 +3872,7 @@ static int slab_unmergeable(struct kmem_cache *s)
+@@ -3845,7 +3890,7 @@ static int slab_unmergeable(struct kmem_cache *s)
/*
* We may have set a slab to be unmergeable during bootstrap.
*/
@@ -74294,7 +72700,7 @@ index 1a919f0..1739c9b 100644
return 1;
return 0;
-@@ -3886,7 +3931,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size,
+@@ -3904,7 +3949,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size,
down_write(&slub_lock);
s = find_mergeable(size, align, flags, name, ctor);
if (s) {
@@ -74303,7 +72709,7 @@ index 1a919f0..1739c9b 100644
/*
* Adjust the object sizes so that we clear
* the complete object on kzalloc.
-@@ -3895,7 +3940,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size,
+@@ -3913,7 +3958,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size,
s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *)));
if (sysfs_slab_alias(s, name)) {
@@ -74312,7 +72718,7 @@ index 1a919f0..1739c9b 100644
goto err;
}
up_write(&slub_lock);
-@@ -4023,7 +4068,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags,
+@@ -4041,7 +4086,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags,
}
#endif
@@ -74321,7 +72727,7 @@ index 1a919f0..1739c9b 100644
static int count_inuse(struct page *page)
{
return page->inuse;
-@@ -4410,12 +4455,12 @@ static void resiliency_test(void)
+@@ -4428,12 +4473,12 @@ static void resiliency_test(void)
validate_slab_cache(kmalloc_caches[9]);
}
#else
@@ -74336,7 +72742,7 @@ index 1a919f0..1739c9b 100644
enum slab_stat_type {
SL_ALL, /* All slabs */
SL_PARTIAL, /* Only partially allocated slabs */
-@@ -4656,7 +4701,7 @@ SLAB_ATTR_RO(ctor);
+@@ -4676,7 +4721,7 @@ SLAB_ATTR_RO(ctor);
static ssize_t aliases_show(struct kmem_cache *s, char *buf)
{
@@ -74345,7 +72751,7 @@ index 1a919f0..1739c9b 100644
}
SLAB_ATTR_RO(aliases);
-@@ -5223,6 +5268,7 @@ static char *create_unique_id(struct kmem_cache *s)
+@@ -5243,6 +5288,7 @@ static char *create_unique_id(struct kmem_cache *s)
return name;
}
@@ -74353,7 +72759,7 @@ index 1a919f0..1739c9b 100644
static int sysfs_slab_add(struct kmem_cache *s)
{
int err;
-@@ -5285,6 +5331,7 @@ static void sysfs_slab_remove(struct kmem_cache *s)
+@@ -5305,6 +5351,7 @@ static void sysfs_slab_remove(struct kmem_cache *s)
kobject_del(&s->kobj);
kobject_put(&s->kobj);
}
@@ -74361,7 +72767,7 @@ index 1a919f0..1739c9b 100644
/*
* Need to buffer aliases during bootup until sysfs becomes
-@@ -5298,6 +5345,7 @@ struct saved_alias {
+@@ -5318,6 +5365,7 @@ struct saved_alias {
static struct saved_alias *alias_list;
@@ -74369,7 +72775,7 @@ index 1a919f0..1739c9b 100644
static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
{
struct saved_alias *al;
-@@ -5320,6 +5368,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
+@@ -5340,6 +5388,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
alias_list = al;
return 0;
}
@@ -74378,10 +72784,10 @@ index 1a919f0..1739c9b 100644
static int __init slab_sysfs_init(void)
{
diff --git a/mm/swap.c b/mm/swap.c
-index 55b266d..a532537 100644
+index 14380e9..e244704 100644
--- a/mm/swap.c
+++ b/mm/swap.c
-@@ -31,6 +31,7 @@
+@@ -30,6 +30,7 @@
#include <linux/backing-dev.h>
#include <linux/memcontrol.h>
#include <linux/gfp.h>
@@ -74389,7 +72795,7 @@ index 55b266d..a532537 100644
#include "internal.h"
-@@ -71,6 +72,8 @@ static void __put_compound_page(struct page *page)
+@@ -70,6 +71,8 @@ static void __put_compound_page(struct page *page)
__page_cache_release(page);
dtor = get_compound_page_dtor(page);
@@ -74399,7 +72805,7 @@ index 55b266d..a532537 100644
}
diff --git a/mm/swapfile.c b/mm/swapfile.c
-index b1cd120..aaae885 100644
+index d999f09..e00270a 100644
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -61,7 +61,7 @@ static DEFINE_MUTEX(swapon_mutex);
@@ -74411,7 +72817,7 @@ index b1cd120..aaae885 100644
static inline unsigned char swap_count(unsigned char ent)
{
-@@ -1670,7 +1670,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
+@@ -1671,7 +1671,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
}
filp_close(swap_file, NULL);
err = 0;
@@ -74420,7 +72826,7 @@ index b1cd120..aaae885 100644
wake_up_interruptible(&proc_poll_wait);
out_dput:
-@@ -1686,8 +1686,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait)
+@@ -1687,8 +1687,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait)
poll_wait(file, &proc_poll_wait, wait);
@@ -74431,7 +72837,7 @@ index b1cd120..aaae885 100644
return POLLIN | POLLRDNORM | POLLERR | POLLPRI;
}
-@@ -1785,7 +1785,7 @@ static int swaps_open(struct inode *inode, struct file *file)
+@@ -1786,7 +1786,7 @@ static int swaps_open(struct inode *inode, struct file *file)
return ret;
seq = file->private_data;
@@ -74440,7 +72846,7 @@ index b1cd120..aaae885 100644
return 0;
}
-@@ -2123,7 +2123,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags)
+@@ -2124,7 +2124,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags)
(p->flags & SWP_DISCARDABLE) ? "D" : "");
mutex_unlock(&swapon_mutex);
@@ -74450,10 +72856,26 @@ index b1cd120..aaae885 100644
if (S_ISREG(inode->i_mode))
diff --git a/mm/util.c b/mm/util.c
-index 136ac4f..f917fa9 100644
+index 136ac4f..5117eef 100644
--- a/mm/util.c
+++ b/mm/util.c
-@@ -243,6 +243,12 @@ void __vma_link_list(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -114,6 +114,7 @@ EXPORT_SYMBOL(memdup_user);
+ * allocated buffer. Use this if you don't want to free the buffer immediately
+ * like, for example, with RCU.
+ */
++#undef __krealloc
+ void *__krealloc(const void *p, size_t new_size, gfp_t flags)
+ {
+ void *ret;
+@@ -147,6 +148,7 @@ EXPORT_SYMBOL(__krealloc);
+ * behaves exactly like kmalloc(). If @size is 0 and @p is not a
+ * %NULL pointer, the object pointed to is freed.
+ */
++#undef krealloc
+ void *krealloc(const void *p, size_t new_size, gfp_t flags)
+ {
+ void *ret;
+@@ -243,6 +245,12 @@ void __vma_link_list(struct mm_struct *mm, struct vm_area_struct *vma,
void arch_pick_mmap_layout(struct mm_struct *mm)
{
mm->mmap_base = TASK_UNMAPPED_BASE;
@@ -74467,7 +72889,7 @@ index 136ac4f..f917fa9 100644
mm->unmap_area = arch_unmap_area;
}
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index 27be2f0..633e5cc 100644
+index 86ce9a5..0fa4d89 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
@@ -74573,7 +72995,7 @@ index 27be2f0..633e5cc 100644
if (!pmd_none(*pmd)) {
pte_t *ptep, pte;
-@@ -1294,6 +1334,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
+@@ -1319,6 +1359,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
struct vm_struct *area;
BUG_ON(in_interrupt());
@@ -74590,7 +73012,7 @@ index 27be2f0..633e5cc 100644
if (flags & VM_IOREMAP) {
int bit = fls(size);
-@@ -1526,6 +1576,11 @@ void *vmap(struct page **pages, unsigned int count,
+@@ -1551,6 +1601,11 @@ void *vmap(struct page **pages, unsigned int count,
if (count > totalram_pages)
return NULL;
@@ -74602,7 +73024,7 @@ index 27be2f0..633e5cc 100644
area = get_vm_area_caller((count << PAGE_SHIFT), flags,
__builtin_return_address(0));
if (!area)
-@@ -1627,6 +1682,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
+@@ -1652,6 +1707,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
if (!size || (size >> PAGE_SHIFT) > totalram_pages)
goto fail;
@@ -74616,11 +73038,60 @@ index 27be2f0..633e5cc 100644
area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST,
start, end, node, gfp_mask, caller);
if (!area)
-@@ -1800,10 +1862,9 @@ EXPORT_SYMBOL(vzalloc_node);
+@@ -1704,6 +1766,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align,
+ gfp_mask, prot, node, caller);
+ }
+
++#undef __vmalloc
+ void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot)
+ {
+ return __vmalloc_node(size, 1, gfp_mask, prot, -1,
+@@ -1727,6 +1790,7 @@ static inline void *__vmalloc_node_flags(unsigned long size,
+ * For tight control over page level allocator and protection flags
+ * use __vmalloc() instead.
+ */
++#undef vmalloc
+ void *vmalloc(unsigned long size)
+ {
+ return __vmalloc_node_flags(size, -1, GFP_KERNEL | __GFP_HIGHMEM);
+@@ -1743,6 +1807,7 @@ EXPORT_SYMBOL(vmalloc);
+ * For tight control over page level allocator and protection flags
+ * use __vmalloc() instead.
+ */
++#undef vzalloc
+ void *vzalloc(unsigned long size)
+ {
+ return __vmalloc_node_flags(size, -1,
+@@ -1757,6 +1822,7 @@ EXPORT_SYMBOL(vzalloc);
+ * The resulting memory area is zeroed so it can be mapped to userspace
+ * without leaking data.
+ */
++#undef vmalloc_user
+ void *vmalloc_user(unsigned long size)
+ {
+ struct vm_struct *area;
+@@ -1784,6 +1850,7 @@ EXPORT_SYMBOL(vmalloc_user);
+ * For tight control over page level allocator and protection flags
+ * use __vmalloc() instead.
+ */
++#undef vmalloc_node
+ void *vmalloc_node(unsigned long size, int node)
+ {
+ return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL,
+@@ -1803,6 +1870,7 @@ EXPORT_SYMBOL(vmalloc_node);
+ * For tight control over page level allocator and protection flags
+ * use __vmalloc_node() instead.
+ */
++#undef vzalloc_node
+ void *vzalloc_node(unsigned long size, int node)
+ {
+ return __vmalloc_node_flags(size, node,
+@@ -1825,10 +1893,10 @@ EXPORT_SYMBOL(vzalloc_node);
* For tight control over page level allocator and protection flags
* use __vmalloc() instead.
*/
-
++#undef vmalloc_exec
void *vmalloc_exec(unsigned long size)
{
- return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC,
@@ -74628,7 +73099,23 @@ index 27be2f0..633e5cc 100644
-1, __builtin_return_address(0));
}
-@@ -2098,6 +2159,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
+@@ -1847,6 +1915,7 @@ void *vmalloc_exec(unsigned long size)
+ * Allocate enough 32bit PA addressable pages to cover @size from the
+ * page level allocator and map them into contiguous kernel virtual space.
+ */
++#undef vmalloc_32
+ void *vmalloc_32(unsigned long size)
+ {
+ return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL,
+@@ -1861,6 +1930,7 @@ EXPORT_SYMBOL(vmalloc_32);
+ * The resulting memory area is 32bit addressable and zeroed so it can be
+ * mapped to userspace without leaking data.
+ */
++#undef vmalloc_32_user
+ void *vmalloc_32_user(unsigned long size)
+ {
+ struct vm_struct *area;
+@@ -2123,6 +2193,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
unsigned long uaddr = vma->vm_start;
unsigned long usize = vma->vm_end - vma->vm_start;
@@ -74638,7 +73125,7 @@ index 27be2f0..633e5cc 100644
return -EINVAL;
diff --git a/mm/vmstat.c b/mm/vmstat.c
-index 8fd603b..cf0d930 100644
+index f600557..1459fc8 100644
--- a/mm/vmstat.c
+++ b/mm/vmstat.c
@@ -78,7 +78,7 @@ void vm_events_fold_cpu(int cpu)
@@ -74694,10 +73181,10 @@ index 8fd603b..cf0d930 100644
return 0;
}
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
-index 5471628..cef8398 100644
+index efea35b..9c8dd0b 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
-@@ -588,8 +588,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
+@@ -554,8 +554,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
err = -EPERM;
if (!capable(CAP_NET_ADMIN))
break;
@@ -74708,10 +73195,10 @@ index 5471628..cef8398 100644
vn = net_generic(net, vlan_net_id);
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
-index fdfdb57..38d368c 100644
+index fccae26..e7ece2f 100644
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
-@@ -423,7 +423,7 @@ static int p9_fd_write(struct p9_client *client, void *v, int len)
+@@ -425,7 +425,7 @@ static int p9_fd_write(struct p9_client *client, void *v, int len)
oldfs = get_fs();
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
@@ -74721,7 +73208,7 @@ index fdfdb57..38d368c 100644
if (ret <= 0 && ret != -ERESTARTSYS && ret != -EAGAIN)
diff --git a/net/atm/atm_misc.c b/net/atm/atm_misc.c
-index f41f026..fe76ea8 100644
+index 876fbe8..8bbea9f 100644
--- a/net/atm/atm_misc.c
+++ b/net/atm/atm_misc.c
@@ -17,7 +17,7 @@ int atm_charge(struct atm_vcc *vcc, int truesize)
@@ -74872,10 +73359,10 @@ index 7704df4..beb4e16 100644
hard_iface->net_dev->name);
diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
-index f9cc957..efd9dae 100644
+index 987c75a..20d6f36 100644
--- a/net/batman-adv/soft-interface.c
+++ b/net/batman-adv/soft-interface.c
-@@ -634,7 +634,7 @@ static int interface_tx(struct sk_buff *skb, struct net_device *soft_iface)
+@@ -645,7 +645,7 @@ static int interface_tx(struct sk_buff *skb, struct net_device *soft_iface)
/* set broadcast sequence number */
bcast_packet->seqno =
@@ -74884,7 +73371,7 @@ index f9cc957..efd9dae 100644
add_bcast_packet_to_list(bat_priv, skb, 1);
-@@ -828,7 +828,7 @@ struct net_device *softif_create(const char *name)
+@@ -843,7 +843,7 @@ struct net_device *softif_create(const char *name)
atomic_set(&bat_priv->batman_queue_left, BATMAN_QUEUE_LEN);
atomic_set(&bat_priv->mesh_state, MESH_INACTIVE);
@@ -74894,7 +73381,7 @@ index f9cc957..efd9dae 100644
atomic_set(&bat_priv->tt_local_changes, 0);
atomic_set(&bat_priv->tt_ogm_append_cnt, 0);
diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
-index ab8d0fe..ceba3fd 100644
+index e9eb043..d174eeb 100644
--- a/net/batman-adv/types.h
+++ b/net/batman-adv/types.h
@@ -38,8 +38,8 @@ struct hard_iface {
@@ -74931,7 +73418,7 @@ index 07d1c1d..7e9bea9 100644
frag2->seqno = htons(seqno);
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
-index c1c597e..05ebb40 100644
+index 07bc69e..21e76b1 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -234,7 +234,7 @@ void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16])
@@ -74944,10 +73431,10 @@ index c1c597e..05ebb40 100644
hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
}
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
-index 17b5b1c..826d872 100644
+index 32d338c..d24bcdb 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
-@@ -2176,8 +2176,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
+@@ -2418,8 +2418,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi
break;
case L2CAP_CONF_RFC:
@@ -74960,7 +73447,7 @@ index 17b5b1c..826d872 100644
if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
rfc.mode != chan->mode)
-@@ -2265,8 +2267,10 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
+@@ -2537,8 +2539,10 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
switch (type) {
case L2CAP_CONF_RFC:
@@ -74973,24 +73460,11 @@ index 17b5b1c..826d872 100644
goto done;
}
}
-diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
-index 8eb6b15..e3db7ab 100644
---- a/net/bridge/br_multicast.c
-+++ b/net/bridge/br_multicast.c
-@@ -1488,7 +1488,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br,
- nexthdr = ip6h->nexthdr;
- offset = ipv6_skip_exthdr(skb, sizeof(*ip6h), &nexthdr);
-
-- if (offset < 0 || nexthdr != IPPROTO_ICMPV6)
-+ if (nexthdr != IPPROTO_ICMPV6)
- return 0;
-
- /* Okay, we found ICMPv6 header */
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
-index 5864cc4..121f3a30 100644
+index 5fe2ff3..10968b5 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
-@@ -1513,7 +1513,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
+@@ -1523,7 +1523,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
tmp.valid_hooks = t->table->valid_hooks;
}
mutex_unlock(&ebt_mutex);
@@ -75000,7 +73474,7 @@ index 5864cc4..121f3a30 100644
ret = -EFAULT;
break;
diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c
-index a986280..13444a1 100644
+index a97d97a..6f679ed 100644
--- a/net/caif/caif_socket.c
+++ b/net/caif/caif_socket.c
@@ -48,19 +48,20 @@ static struct dentry *debugfsdir;
@@ -75105,7 +73579,7 @@ index a986280..13444a1 100644
set_rx_flow_on(cf_sk);
caif_flow_ctrl(sk, CAIF_MODEMCMD_FLOW_ON_REQ);
}
-@@ -854,7 +855,7 @@ static int caif_connect(struct socket *sock, struct sockaddr *uaddr,
+@@ -856,7 +857,7 @@ static int caif_connect(struct socket *sock, struct sockaddr *uaddr,
/*ifindex = id of the interface.*/
cf_sk->conn_req.ifindex = cf_sk->sk.sk_bound_dev_if;
@@ -75114,7 +73588,7 @@ index a986280..13444a1 100644
cf_sk->layer.receive = caif_sktrecv_cb;
err = caif_connect_client(sock_net(sk), &cf_sk->conn_req,
-@@ -943,7 +944,7 @@ static int caif_release(struct socket *sock)
+@@ -945,7 +946,7 @@ static int caif_release(struct socket *sock)
spin_unlock_bh(&sk->sk_receive_queue.lock);
sock->sk = NULL;
@@ -75123,7 +73597,7 @@ index a986280..13444a1 100644
WARN_ON(IS_ERR(cf_sk->debugfs_socket_dir));
if (cf_sk->debugfs_socket_dir != NULL)
-@@ -1122,7 +1123,7 @@ static int caif_create(struct net *net, struct socket *sock, int protocol,
+@@ -1124,7 +1125,7 @@ static int caif_create(struct net *net, struct socket *sock, int protocol,
cf_sk->conn_req.protocol = protocol;
/* Increase the number of sockets created. */
dbfs_atomic_inc(&cnt.caif_nr_socks);
@@ -75333,10 +73807,10 @@ index 68bbf9f..5ef0d12 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index c56cacf..b28e35f 100644
+index 6ca32f6..c7e9bbd 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
-@@ -1139,10 +1139,14 @@ void dev_load(struct net *net, const char *name)
+@@ -1138,10 +1138,14 @@ void dev_load(struct net *net, const char *name)
if (no_module && capable(CAP_NET_ADMIN))
no_module = request_module("netdev-%s", name);
if (no_module && capable(CAP_SYS_MODULE)) {
@@ -75351,7 +73825,7 @@ index c56cacf..b28e35f 100644
}
}
EXPORT_SYMBOL(dev_load);
-@@ -1573,7 +1577,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
+@@ -1585,7 +1589,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
{
if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
if (skb_copy_ubufs(skb, GFP_ATOMIC)) {
@@ -75360,7 +73834,7 @@ index c56cacf..b28e35f 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -1583,7 +1587,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
+@@ -1595,7 +1599,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
nf_reset(skb);
if (unlikely(!is_skb_forwardable(dev, skb))) {
@@ -75369,7 +73843,7 @@ index c56cacf..b28e35f 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -2036,7 +2040,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
+@@ -2057,7 +2061,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
struct dev_gso_cb {
void (*destructor)(struct sk_buff *skb);
@@ -75378,7 +73852,7 @@ index c56cacf..b28e35f 100644
#define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb)
-@@ -2970,7 +2974,7 @@ enqueue:
+@@ -2913,7 +2917,7 @@ enqueue:
local_irq_restore(flags);
@@ -75387,7 +73861,7 @@ index c56cacf..b28e35f 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -3044,7 +3048,7 @@ int netif_rx_ni(struct sk_buff *skb)
+@@ -2985,7 +2989,7 @@ int netif_rx_ni(struct sk_buff *skb)
}
EXPORT_SYMBOL(netif_rx_ni);
@@ -75396,7 +73870,7 @@ index c56cacf..b28e35f 100644
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
-@@ -3333,7 +3337,7 @@ ncls:
+@@ -3273,7 +3277,7 @@ ncls:
if (pt_prev) {
ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
} else {
@@ -75405,7 +73879,7 @@ index c56cacf..b28e35f 100644
kfree_skb(skb);
/* Jamal, now you will not able to escape explaining
* me how you were going to use this. :-)
-@@ -3897,7 +3901,7 @@ void netif_napi_del(struct napi_struct *napi)
+@@ -3832,7 +3836,7 @@ void netif_napi_del(struct napi_struct *napi)
}
EXPORT_SYMBOL(netif_napi_del);
@@ -75414,7 +73888,7 @@ index c56cacf..b28e35f 100644
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
unsigned long time_limit = jiffies + 2;
-@@ -5955,7 +5959,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
+@@ -5889,7 +5893,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
} else {
netdev_stats_to_stats64(storage, &dev->stats);
}
@@ -75486,7 +73960,7 @@ index c40f27e..7f49254 100644
m->msg_iov = iov;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index 9083e82..1673203 100644
+index f965dce..92c792a 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -57,7 +57,7 @@ struct rtnl_link {
@@ -75497,7 +73971,7 @@ index 9083e82..1673203 100644
+} __no_const;
static DEFINE_MUTEX(rtnl_mutex);
- static u16 min_ifinfo_dump_size;
+
diff --git a/net/core/scm.c b/net/core/scm.c
index ff52ad0..aff1c0f 100644
--- a/net/core/scm.c
@@ -75539,10 +74013,10 @@ index ff52ad0..aff1c0f 100644
{
int new_fd;
diff --git a/net/core/sock.c b/net/core/sock.c
-index b23f174..b9a0d26 100644
+index 02f8dfe..86dfd4a 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
-@@ -289,7 +289,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -341,7 +341,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
struct sk_buff_head *list = &sk->sk_receive_queue;
if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) {
@@ -75551,7 +74025,7 @@ index b23f174..b9a0d26 100644
trace_sock_rcvqueue_full(sk, skb);
return -ENOMEM;
}
-@@ -299,7 +299,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -351,7 +351,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
return err;
if (!sk_rmem_schedule(sk, skb->truesize)) {
@@ -75560,7 +74034,7 @@ index b23f174..b9a0d26 100644
return -ENOBUFS;
}
-@@ -319,7 +319,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -371,7 +371,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
skb_dst_force(skb);
spin_lock_irqsave(&list->lock, flags);
@@ -75569,7 +74043,7 @@ index b23f174..b9a0d26 100644
__skb_queue_tail(list, skb);
spin_unlock_irqrestore(&list->lock, flags);
-@@ -339,7 +339,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested)
+@@ -391,7 +391,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested)
skb->dev = NULL;
if (sk_rcvqueues_full(sk, skb)) {
@@ -75578,7 +74052,7 @@ index b23f174..b9a0d26 100644
goto discard_and_relse;
}
if (nested)
-@@ -357,7 +357,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested)
+@@ -409,7 +409,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested)
mutex_release(&sk->sk_lock.dep_map, 1, _RET_IP_);
} else if (sk_add_backlog(sk, skb)) {
bh_unlock_sock(sk);
@@ -75587,7 +74061,7 @@ index b23f174..b9a0d26 100644
goto discard_and_relse;
}
-@@ -917,7 +917,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -974,7 +974,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
if (len > sizeof(peercred))
len = sizeof(peercred);
cred_to_ucred(sk->sk_peer_pid, sk->sk_peer_cred, &peercred);
@@ -75596,7 +74070,7 @@ index b23f174..b9a0d26 100644
return -EFAULT;
goto lenout;
}
-@@ -930,7 +930,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -987,7 +987,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
return -ENOTCONN;
if (lv < len)
return -EINVAL;
@@ -75605,7 +74079,7 @@ index b23f174..b9a0d26 100644
return -EFAULT;
goto lenout;
}
-@@ -963,7 +963,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -1024,7 +1024,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
if (len > lv)
len = lv;
@@ -75614,7 +74088,7 @@ index b23f174..b9a0d26 100644
return -EFAULT;
lenout:
if (put_user(len, optlen))
-@@ -2020,7 +2020,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
+@@ -2108,7 +2108,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
*/
smp_wmb();
atomic_set(&sk->sk_refcnt, 1);
@@ -75623,6 +74097,38 @@ index b23f174..b9a0d26 100644
}
EXPORT_SYMBOL(sock_init_data);
+diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
+index b9868e1..849f809 100644
+--- a/net/core/sock_diag.c
++++ b/net/core/sock_diag.c
+@@ -16,20 +16,27 @@ static DEFINE_MUTEX(sock_diag_table_mutex);
+
+ int sock_diag_check_cookie(void *sk, __u32 *cookie)
+ {
++#ifndef CONFIG_GRKERNSEC_HIDESYM
+ if ((cookie[0] != INET_DIAG_NOCOOKIE ||
+ cookie[1] != INET_DIAG_NOCOOKIE) &&
+ ((u32)(unsigned long)sk != cookie[0] ||
+ (u32)((((unsigned long)sk) >> 31) >> 1) != cookie[1]))
+ return -ESTALE;
+ else
++#endif
+ return 0;
+ }
+ EXPORT_SYMBOL_GPL(sock_diag_check_cookie);
+
+ void sock_diag_save_cookie(void *sk, __u32 *cookie)
+ {
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++ cookie[0] = 0;
++ cookie[1] = 0;
++#else
+ cookie[0] = (u32)(unsigned long)sk;
+ cookie[1] = (u32)(((unsigned long)sk >> 31) >> 1);
++#endif
+ }
+ EXPORT_SYMBOL_GPL(sock_diag_save_cookie);
+
diff --git a/net/decnet/sysctl_net_decnet.c b/net/decnet/sysctl_net_decnet.c
index 02e75d1..9a57a7c 100644
--- a/net/decnet/sysctl_net_decnet.c
@@ -75658,19 +74164,6 @@ index 39a2d29..f39c0fe 100644
---help---
Econet is a fairly old and slow networking protocol mainly used by
Acorn computers to access file and print servers. It uses native
-diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
-index 36d1440..44ff28b 100644
---- a/net/ipv4/ah4.c
-+++ b/net/ipv4/ah4.c
-@@ -19,6 +19,8 @@ struct ah_skb_cb {
- #define AH_SKB_CB(__skb) ((struct ah_skb_cb *)&((__skb)->cb[0]))
-
- static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags,
-+ unsigned int size) __size_overflow(3);
-+static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags,
- unsigned int size)
- {
- unsigned int len;
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 92fc5f6..b790d91 100644
--- a/net/ipv4/fib_frontend.c
@@ -75712,71 +74205,6 @@ index 80106d8..232e898 100644
return nh->nh_saddr;
}
-diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
-index ccee270..db23c3c 100644
---- a/net/ipv4/inet_diag.c
-+++ b/net/ipv4/inet_diag.c
-@@ -114,8 +114,14 @@ static int inet_csk_diag_fill(struct sock *sk,
- r->idiag_retrans = 0;
-
- r->id.idiag_if = sk->sk_bound_dev_if;
-+
-+#ifdef CONFIG_GRKERNSEC_HIDESYM
-+ r->id.idiag_cookie[0] = 0;
-+ r->id.idiag_cookie[1] = 0;
-+#else
- r->id.idiag_cookie[0] = (u32)(unsigned long)sk;
- r->id.idiag_cookie[1] = (u32)(((unsigned long)sk >> 31) >> 1);
-+#endif
-
- r->id.idiag_sport = inet->inet_sport;
- r->id.idiag_dport = inet->inet_dport;
-@@ -210,8 +216,15 @@ static int inet_twsk_diag_fill(struct inet_timewait_sock *tw,
- r->idiag_family = tw->tw_family;
- r->idiag_retrans = 0;
- r->id.idiag_if = tw->tw_bound_dev_if;
-+
-+#ifdef CONFIG_GRKERNSEC_HIDESYM
-+ r->id.idiag_cookie[0] = 0;
-+ r->id.idiag_cookie[1] = 0;
-+#else
- r->id.idiag_cookie[0] = (u32)(unsigned long)tw;
- r->id.idiag_cookie[1] = (u32)(((unsigned long)tw >> 31) >> 1);
-+#endif
-+
- r->id.idiag_sport = tw->tw_sport;
- r->id.idiag_dport = tw->tw_dport;
- r->id.idiag_src[0] = tw->tw_rcv_saddr;
-@@ -294,12 +307,14 @@ static int inet_diag_get_exact(struct sk_buff *in_skb,
- if (sk == NULL)
- goto unlock;
-
-+#ifndef CONFIG_GRKERNSEC_HIDESYM
- err = -ESTALE;
- if ((req->id.idiag_cookie[0] != INET_DIAG_NOCOOKIE ||
- req->id.idiag_cookie[1] != INET_DIAG_NOCOOKIE) &&
- ((u32)(unsigned long)sk != req->id.idiag_cookie[0] ||
- (u32)((((unsigned long)sk) >> 31) >> 1) != req->id.idiag_cookie[1]))
- goto out;
-+#endif
-
- err = -ENOMEM;
- rep = alloc_skb(NLMSG_SPACE((sizeof(struct inet_diag_msg) +
-@@ -589,8 +604,14 @@ static int inet_diag_fill_req(struct sk_buff *skb, struct sock *sk,
- r->idiag_retrans = req->retrans;
-
- r->id.idiag_if = sk->sk_bound_dev_if;
-+
-+#ifdef CONFIG_GRKERNSEC_HIDESYM
-+ r->id.idiag_cookie[0] = 0;
-+ r->id.idiag_cookie[1] = 0;
-+#else
- r->id.idiag_cookie[0] = (u32)(unsigned long)req;
- r->id.idiag_cookie[1] = (u32)(((unsigned long)req >> 31) >> 1);
-+#endif
-
- tmo = req->expires - jiffies;
- if (tmo < 0)
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 984ec65..97ac518 100644
--- a/net/ipv4/inet_hashtables.c
@@ -75807,10 +74235,10 @@ index 984ec65..97ac518 100644
inet_twsk_deschedule(tw, death_row);
while (twrefcnt) {
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c
-index 86f13c67..59a35b5 100644
+index d4d61b6..b81aec8 100644
--- a/net/ipv4/inetpeer.c
+++ b/net/ipv4/inetpeer.c
-@@ -436,8 +436,8 @@ relookup:
+@@ -487,8 +487,8 @@ relookup:
if (p) {
p->daddr = *daddr;
atomic_set(&p->refcnt, 1);
@@ -75822,7 +74250,7 @@ index 86f13c67..59a35b5 100644
secure_ip_id(daddr->addr.a4) :
secure_ipv6_id(daddr->addr.a6));
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
-index fdaabf2..0ec3205 100644
+index 1f23a57..7180dfe 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -316,7 +316,7 @@ static inline int ip_frag_too_far(struct ipq *qp)
@@ -75835,10 +74263,10 @@ index fdaabf2..0ec3205 100644
rc = qp->q.fragments && (end - start) > max;
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
-index 09ff51b..d3968eb 100644
+index 8aa87c1..35c3248 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
-@@ -1111,7 +1111,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
+@@ -1112,7 +1112,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
len = min_t(unsigned int, len, opt->optlen);
if (put_user(len, optlen))
return -EFAULT;
@@ -75848,7 +74276,7 @@ index 09ff51b..d3968eb 100644
return -EFAULT;
return 0;
}
-@@ -1239,7 +1240,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
+@@ -1240,7 +1241,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
if (sk->sk_type != SOCK_STREAM)
return -ENOPROTOOPT;
@@ -75858,7 +74286,7 @@ index 09ff51b..d3968eb 100644
msg.msg_flags = flags;
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
-index 99ec116..c5628fe 100644
+index 6e412a6..6640538 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
@@ -318,7 +318,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg)
@@ -75888,76 +74316,24 @@ index 99ec116..c5628fe 100644
set_fs(oldfs);
return res;
}
-diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
-index fd7a3f6..e5be655 100644
---- a/net/ipv4/netfilter/arp_tables.c
-+++ b/net/ipv4/netfilter/arp_tables.c
-@@ -984,6 +984,11 @@ static int __do_replace(struct net *net, const char *name,
- unsigned int valid_hooks,
- struct xt_table_info *newinfo,
- unsigned int num_counters,
-+ void __user *counters_ptr) __size_overflow(5);
-+static int __do_replace(struct net *net, const char *name,
-+ unsigned int valid_hooks,
-+ struct xt_table_info *newinfo,
-+ unsigned int num_counters,
- void __user *counters_ptr)
- {
- int ret;
-@@ -1104,6 +1109,8 @@ static int do_replace(struct net *net, const void __user *user,
- }
-
- static int do_add_counters(struct net *net, const void __user *user,
-+ unsigned int len, int compat) __size_overflow(3);
-+static int do_add_counters(struct net *net, const void __user *user,
- unsigned int len, int compat)
- {
- unsigned int i, curcpu;
-diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
-index 24e556e..a8daf7a 100644
---- a/net/ipv4/netfilter/ip_tables.c
-+++ b/net/ipv4/netfilter/ip_tables.c
-@@ -1172,6 +1172,10 @@ get_entries(struct net *net, struct ipt_get_entries __user *uptr,
- static int
- __do_replace(struct net *net, const char *name, unsigned int valid_hooks,
- struct xt_table_info *newinfo, unsigned int num_counters,
-+ void __user *counters_ptr) __size_overflow(5);
-+static int
-+__do_replace(struct net *net, const char *name, unsigned int valid_hooks,
-+ struct xt_table_info *newinfo, unsigned int num_counters,
- void __user *counters_ptr)
- {
- int ret;
-@@ -1293,6 +1297,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
-
- static int
- do_add_counters(struct net *net, const void __user *user,
-+ unsigned int len, int compat) __size_overflow(3);
-+static int
-+do_add_counters(struct net *net, const void __user *user,
- unsigned int len, int compat)
- {
- unsigned int i, curcpu;
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
-index 2133c30..0e8047e 100644
+index 2133c30..5c4b40b 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
-@@ -435,6 +435,10 @@ static unsigned char asn1_subid_decode(struct asn1_ctx *ctx,
- static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
- unsigned char *eoc,
- unsigned long **oid,
-+ unsigned int *len) __size_overflow(2);
-+static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
-+ unsigned char *eoc,
-+ unsigned long **oid,
- unsigned int *len)
- {
- unsigned long subid;
+@@ -399,7 +399,7 @@ static unsigned char asn1_octets_decode(struct asn1_ctx *ctx,
+
+ *len = 0;
+
+- *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC);
++ *octets = kmalloc((eoc - ctx->pointer), GFP_ATOMIC);
+ if (*octets == NULL)
+ return 0;
+
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index 43d4c3b..1914409 100644
+index b072386..abdebcf 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
-@@ -836,7 +836,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f,
+@@ -838,7 +838,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f,
sk_rmem_alloc_get(sp),
0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
@@ -75967,10 +74343,10 @@ index 43d4c3b..1914409 100644
static int ping_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
-index 007e2eb..85a18a0 100644
+index 3ccda5a..3c1e61d 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
-@@ -303,7 +303,7 @@ static int raw_rcv_skb(struct sock * sk, struct sk_buff * skb)
+@@ -304,7 +304,7 @@ static int raw_rcv_skb(struct sock * sk, struct sk_buff * skb)
int raw_rcv(struct sock *sk, struct sk_buff *skb)
{
if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) {
@@ -75979,7 +74355,7 @@ index 007e2eb..85a18a0 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -738,16 +738,20 @@ static int raw_init(struct sock *sk)
+@@ -742,16 +742,20 @@ static int raw_init(struct sock *sk)
static int raw_seticmpfilter(struct sock *sk, char __user *optval, int optlen)
{
@@ -76001,7 +74377,7 @@ index 007e2eb..85a18a0 100644
if (get_user(len, optlen))
goto out;
-@@ -757,8 +761,8 @@ static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *o
+@@ -761,8 +765,8 @@ static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *o
if (len > sizeof(struct icmp_filter))
len = sizeof(struct icmp_filter);
ret = -EFAULT;
@@ -76012,7 +74388,7 @@ index 007e2eb..85a18a0 100644
goto out;
ret = 0;
out: return ret;
-@@ -986,7 +990,13 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
+@@ -990,7 +994,13 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
sk_wmem_alloc_get(sp),
sk_rmem_alloc_get(sp),
0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
@@ -76028,10 +74404,10 @@ index 007e2eb..85a18a0 100644
static int raw_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index 94cdbc5..0cb0063 100644
+index 0197747..7adb0dc 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
-@@ -313,7 +313,7 @@ static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx,
+@@ -311,7 +311,7 @@ static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx,
static inline int rt_genid(struct net *net)
{
@@ -76040,16 +74416,16 @@ index 94cdbc5..0cb0063 100644
}
#ifdef CONFIG_PROC_FS
-@@ -937,7 +937,7 @@ static void rt_cache_invalidate(struct net *net)
+@@ -935,7 +935,7 @@ static void rt_cache_invalidate(struct net *net)
unsigned char shuffle;
get_random_bytes(&shuffle, sizeof(shuffle));
- atomic_add(shuffle + 1U, &net->ipv4.rt_genid);
+ atomic_add_unchecked(shuffle + 1U, &net->ipv4.rt_genid);
- redirect_genid++;
+ inetpeer_invalidate_tree(AF_INET);
}
-@@ -3022,7 +3022,7 @@ static int rt_fill_info(struct net *net,
+@@ -3010,7 +3010,7 @@ static int rt_fill_info(struct net *net,
error = rt->dst.error;
if (peer) {
inet_peer_refcheck(rt->peer);
@@ -76058,65 +74434,11 @@ index 94cdbc5..0cb0063 100644
if (peer->tcp_ts_stamp) {
ts = peer->tcp_ts;
tsage = get_seconds() - peer->tcp_ts_stamp;
-diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
-index 90f6544..769c0e9 100644
---- a/net/ipv4/syncookies.c
-+++ b/net/ipv4/syncookies.c
-@@ -278,6 +278,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
- struct rtable *rt;
- __u8 rcv_wscale;
- bool ecn_ok = false;
-+ struct flowi4 fl4;
-
- if (!sysctl_tcp_syncookies || !th->ack || th->rst)
- goto out;
-@@ -346,20 +347,16 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
- * hasn't changed since we received the original syn, but I see
- * no easy way to do this.
- */
-- {
-- struct flowi4 fl4;
--
-- flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
-- RT_SCOPE_UNIVERSE, IPPROTO_TCP,
-- inet_sk_flowi_flags(sk),
-- (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
-- ireq->loc_addr, th->source, th->dest);
-- security_req_classify_flow(req, flowi4_to_flowi(&fl4));
-- rt = ip_route_output_key(sock_net(sk), &fl4);
-- if (IS_ERR(rt)) {
-- reqsk_free(req);
-- goto out;
-- }
-+ flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk),
-+ RT_SCOPE_UNIVERSE, IPPROTO_TCP,
-+ inet_sk_flowi_flags(sk),
-+ (opt && opt->srr) ? opt->faddr : ireq->rmt_addr,
-+ ireq->loc_addr, th->source, th->dest);
-+ security_req_classify_flow(req, flowi4_to_flowi(&fl4));
-+ rt = ip_route_output_key(sock_net(sk), &fl4);
-+ if (IS_ERR(rt)) {
-+ reqsk_free(req);
-+ goto out;
- }
-
- /* Try to redo what tcp_v4_send_synack did. */
-@@ -373,5 +370,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
- ireq->rcv_wscale = rcv_wscale;
-
- ret = get_cookie_sock(sk, skb, req, &rt->dst);
-+ /* ip_queue_xmit() depends on our flow being setup
-+ * Normal sockets get it right from inet_csk_route_child_sock()
-+ */
-+ if (ret)
-+ inet_sk(ret)->cork.fl.u.ip4 = fl4;
- out: return ret;
- }
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
-index eb90aa8..74908e1 100644
+index fd54c5f..96d6407 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
-@@ -87,6 +87,9 @@ int sysctl_tcp_tw_reuse __read_mostly;
+@@ -88,6 +88,9 @@ int sysctl_tcp_tw_reuse __read_mostly;
int sysctl_tcp_low_latency __read_mostly;
EXPORT_SYMBOL(sysctl_tcp_low_latency);
@@ -76126,24 +74448,7 @@ index eb90aa8..74908e1 100644
#ifdef CONFIG_TCP_MD5SIG
static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk,
-@@ -1465,9 +1468,13 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
- inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen;
- newinet->inet_id = newtp->write_seq ^ jiffies;
-
-- if (!dst && (dst = inet_csk_route_child_sock(sk, newsk, req)) == NULL)
-- goto put_and_exit;
--
-+ if (!dst) {
-+ dst = inet_csk_route_child_sock(sk, newsk, req);
-+ if (!dst)
-+ goto put_and_exit;
-+ } else {
-+ /* syncookie case : see end of cookie_v4_check() */
-+ }
- sk_setup_caps(newsk, dst);
-
- tcp_mtup_init(newsk);
-@@ -1632,6 +1639,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -1638,6 +1641,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
return 0;
reset:
@@ -76153,7 +74458,7 @@ index eb90aa8..74908e1 100644
tcp_v4_send_reset(rsk, skb);
discard:
kfree_skb(skb);
-@@ -1694,12 +1704,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
+@@ -1700,12 +1706,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
TCP_SKB_CB(skb)->sacked = 0;
sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
@@ -76176,7 +74481,7 @@ index eb90aa8..74908e1 100644
if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
-@@ -1749,6 +1766,10 @@ no_tcp_socket:
+@@ -1755,6 +1768,10 @@ no_tcp_socket:
bad_packet:
TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
} else {
@@ -76187,7 +74492,7 @@ index eb90aa8..74908e1 100644
tcp_v4_send_reset(NULL, skb);
}
-@@ -2409,7 +2430,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req,
+@@ -2417,7 +2434,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req,
0, /* non standard timer */
0, /* open_requests have no inode */
atomic_read(&sk->sk_refcnt),
@@ -76199,7 +74504,7 @@ index eb90aa8..74908e1 100644
len);
}
-@@ -2459,7 +2484,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
+@@ -2467,7 +2488,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len)
sock_i_uid(sk),
icsk->icsk_probes_out,
sock_i_ino(sk),
@@ -76213,7 +74518,7 @@ index eb90aa8..74908e1 100644
jiffies_to_clock_t(icsk->icsk_rto),
jiffies_to_clock_t(icsk->icsk_ack.ato),
(icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong,
-@@ -2487,7 +2517,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw,
+@@ -2495,7 +2521,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw,
" %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK%n",
i, src, srcp, dest, destp, tw->tw_substate, 0, 0,
3, jiffies_to_clock_t(ttd), 0, 0, 0, 0,
@@ -76229,7 +74534,7 @@ index eb90aa8..74908e1 100644
#define TMPSZ 150
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
-index 66363b6..b0654a3 100644
+index 550e755..25721b3 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -27,6 +27,10 @@
@@ -76243,7 +74548,7 @@ index 66363b6..b0654a3 100644
int sysctl_tcp_syncookies __read_mostly = 1;
EXPORT_SYMBOL(sysctl_tcp_syncookies);
-@@ -751,6 +755,10 @@ listen_overflow:
+@@ -753,6 +757,10 @@ listen_overflow:
embryonic_reset:
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS);
@@ -76268,7 +74573,7 @@ index 85ee7eb..53277ab 100644
cnt += width;
}
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
-index 2e0f0af..e2948bf 100644
+index cd2e072..1fffee2 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -22,6 +22,10 @@
@@ -76282,7 +74587,7 @@ index 2e0f0af..e2948bf 100644
int sysctl_tcp_syn_retries __read_mostly = TCP_SYN_RETRIES;
int sysctl_tcp_synack_retries __read_mostly = TCP_SYNACK_RETRIES;
int sysctl_tcp_keepalive_time __read_mostly = TCP_KEEPALIVE_TIME;
-@@ -199,6 +203,13 @@ static int tcp_write_timeout(struct sock *sk)
+@@ -196,6 +200,13 @@ static int tcp_write_timeout(struct sock *sk)
}
}
@@ -76297,7 +74602,7 @@ index 2e0f0af..e2948bf 100644
syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) {
/* Has it gone just too far? */
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
-index 5a65eea..bd913a1 100644
+index 5d075b5..d907d5f 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -86,6 +86,7 @@
@@ -76319,7 +74624,7 @@ index 5a65eea..bd913a1 100644
struct udp_table udp_table __read_mostly;
EXPORT_SYMBOL(udp_table);
-@@ -565,6 +570,9 @@ found:
+@@ -566,6 +571,9 @@ found:
return s;
}
@@ -76329,7 +74634,7 @@ index 5a65eea..bd913a1 100644
/*
* This routine is called by the ICMP module when it gets some
* sort of error condition. If err < 0 then the socket should
-@@ -856,9 +864,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -857,9 +865,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
dport = usin->sin_port;
if (dport == 0)
return -EINVAL;
@@ -76348,7 +74653,7 @@ index 5a65eea..bd913a1 100644
daddr = inet->inet_daddr;
dport = inet->inet_dport;
/* Open fast path for connected socket.
-@@ -1099,7 +1116,7 @@ static unsigned int first_packet_length(struct sock *sk)
+@@ -1100,7 +1117,7 @@ static unsigned int first_packet_length(struct sock *sk)
udp_lib_checksum_complete(skb)) {
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
IS_UDPLITE(sk));
@@ -76357,7 +74662,7 @@ index 5a65eea..bd913a1 100644
__skb_unlink(skb, rcvq);
__skb_queue_tail(&list_kill, skb);
}
-@@ -1185,6 +1202,10 @@ try_again:
+@@ -1186,6 +1203,10 @@ try_again:
if (!skb)
goto out;
@@ -76368,7 +74673,7 @@ index 5a65eea..bd913a1 100644
ulen = skb->len - sizeof(struct udphdr);
copied = len;
if (copied > ulen)
-@@ -1487,7 +1508,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+@@ -1489,7 +1510,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
drop:
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
@@ -76377,7 +74682,7 @@ index 5a65eea..bd913a1 100644
kfree_skb(skb);
return -1;
}
-@@ -1506,7 +1527,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
+@@ -1508,7 +1529,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC);
if (!skb1) {
@@ -76386,7 +74691,7 @@ index 5a65eea..bd913a1 100644
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS,
IS_UDPLITE(sk));
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
-@@ -1675,6 +1696,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
+@@ -1677,6 +1698,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
goto csum_error;
UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
@@ -76396,7 +74701,7 @@ index 5a65eea..bd913a1 100644
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
/*
-@@ -2098,8 +2122,13 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -2100,8 +2124,13 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
sk_wmem_alloc_get(sp),
sk_rmem_alloc_get(sp),
0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
@@ -76413,10 +74718,10 @@ index 5a65eea..bd913a1 100644
int udp4_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index a5521c5..984a2f4 100644
+index 6b8ebc5..1d624f4 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
-@@ -2153,7 +2153,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
+@@ -2145,7 +2145,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
p.iph.ihl = 5;
p.iph.protocol = IPPROTO_IPV6;
p.iph.ttl = 64;
@@ -76425,21 +74730,8 @@ index a5521c5..984a2f4 100644
if (ops->ndo_do_ioctl) {
mm_segment_t oldfs = get_fs();
-diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
-index 4c0f894..fca5d15 100644
---- a/net/ipv6/ah6.c
-+++ b/net/ipv6/ah6.c
-@@ -56,6 +56,8 @@ struct ah_skb_cb {
- #define AH_SKB_CB(__skb) ((struct ah_skb_cb *)&((__skb)->cb[0]))
-
- static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags,
-+ unsigned int size) __size_overflow(3);
-+static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags,
- unsigned int size)
- {
- unsigned int len;
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
-index 1567fb1..29af910 100644
+index 02dd203..e03fcc9 100644
--- a/net/ipv6/inet6_connection_sock.c
+++ b/net/ipv6/inet6_connection_sock.c
@@ -178,7 +178,7 @@ void __inet6_csk_dst_store(struct sock *sk, struct dst_entry *dst,
@@ -76461,7 +74753,7 @@ index 1567fb1..29af910 100644
dst = NULL;
}
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
-index 26cb08c..8af9877 100644
+index 18a2719..779f36a 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -960,7 +960,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
@@ -76473,33 +74765,8 @@ index 26cb08c..8af9877 100644
msg.msg_controllen = len;
msg.msg_flags = flags;
-diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
-index 94874b0..dc413fa 100644
---- a/net/ipv6/netfilter/ip6_tables.c
-+++ b/net/ipv6/netfilter/ip6_tables.c
-@@ -1194,6 +1194,10 @@ get_entries(struct net *net, struct ip6t_get_entries __user *uptr,
- static int
- __do_replace(struct net *net, const char *name, unsigned int valid_hooks,
- struct xt_table_info *newinfo, unsigned int num_counters,
-+ void __user *counters_ptr) __size_overflow(5);
-+static int
-+__do_replace(struct net *net, const char *name, unsigned int valid_hooks,
-+ struct xt_table_info *newinfo, unsigned int num_counters,
- void __user *counters_ptr)
- {
- int ret;
-@@ -1315,6 +1319,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len)
-
- static int
- do_add_counters(struct net *net, const void __user *user, unsigned int len,
-+ int compat) __size_overflow(3);
-+static int
-+do_add_counters(struct net *net, const void __user *user, unsigned int len,
- int compat)
- {
- unsigned int i, curcpu;
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
-index 361ebf3..d5628fb 100644
+index d02f7e4..2d2a0f1 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -377,7 +377,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb)
@@ -76511,7 +74778,7 @@ index 361ebf3..d5628fb 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -404,7 +404,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -405,7 +405,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb)
struct raw6_sock *rp = raw6_sk(sk);
if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) {
@@ -76520,7 +74787,7 @@ index 361ebf3..d5628fb 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -428,7 +428,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -429,7 +429,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb)
if (inet->hdrincl) {
if (skb_checksum_complete(skb)) {
@@ -76529,7 +74796,7 @@ index 361ebf3..d5628fb 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -601,7 +601,7 @@ out:
+@@ -602,7 +602,7 @@ out:
return err;
}
@@ -76538,7 +74805,7 @@ index 361ebf3..d5628fb 100644
struct flowi6 *fl6, struct dst_entry **dstp,
unsigned int flags)
{
-@@ -909,12 +909,15 @@ do_confirm:
+@@ -912,12 +912,15 @@ do_confirm:
static int rawv6_seticmpfilter(struct sock *sk, int level, int optname,
char __user *optval, int optlen)
{
@@ -76555,7 +74822,7 @@ index 361ebf3..d5628fb 100644
return 0;
default:
return -ENOPROTOOPT;
-@@ -927,6 +930,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
+@@ -930,6 +933,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
char __user *optval, int __user *optlen)
{
int len;
@@ -76563,7 +74830,7 @@ index 361ebf3..d5628fb 100644
switch (optname) {
case ICMPV6_FILTER:
-@@ -938,7 +942,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
+@@ -941,7 +945,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
len = sizeof(struct icmp6_filter);
if (put_user(len, optlen))
return -EFAULT;
@@ -76573,7 +74840,7 @@ index 361ebf3..d5628fb 100644
return -EFAULT;
return 0;
default:
-@@ -1245,7 +1250,13 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
+@@ -1248,7 +1253,13 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
0, 0L, 0,
sock_i_uid(sp), 0,
sock_i_ino(sp),
@@ -76589,10 +74856,10 @@ index 361ebf3..d5628fb 100644
static int raw6_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
-index b859e4a..f9d1589 100644
+index 3edd05a..63aad01 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
-@@ -93,6 +93,10 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
+@@ -94,6 +94,10 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk,
}
#endif
@@ -76603,7 +74870,7 @@ index b859e4a..f9d1589 100644
static void tcp_v6_hash(struct sock *sk)
{
if (sk->sk_state != TCP_CLOSE) {
-@@ -1651,6 +1655,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -1650,6 +1654,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
return 0;
reset:
@@ -76613,7 +74880,7 @@ index b859e4a..f9d1589 100644
tcp_v6_send_reset(sk, skb);
discard:
if (opt_skb)
-@@ -1730,12 +1737,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
+@@ -1729,12 +1736,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
TCP_SKB_CB(skb)->sacked = 0;
sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
@@ -76636,7 +74903,7 @@ index b859e4a..f9d1589 100644
if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
-@@ -1783,6 +1798,10 @@ no_tcp_socket:
+@@ -1782,6 +1797,10 @@ no_tcp_socket:
bad_packet:
TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
} else {
@@ -76692,7 +74959,7 @@ index b859e4a..f9d1589 100644
static int tcp6_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
-index 8c25419..47a51ae 100644
+index 4f96b5c..75543d7 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -50,6 +50,10 @@
@@ -76706,7 +74973,7 @@ index 8c25419..47a51ae 100644
int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2)
{
const struct in6_addr *sk_rcv_saddr6 = &inet6_sk(sk)->rcv_saddr;
-@@ -549,7 +553,7 @@ int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
+@@ -551,7 +555,7 @@ int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
return 0;
drop:
@@ -76715,7 +74982,7 @@ index 8c25419..47a51ae 100644
drop_no_sk_drops_inc:
UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
kfree_skb(skb);
-@@ -625,7 +629,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
+@@ -627,7 +631,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
continue;
}
drop:
@@ -76724,7 +74991,7 @@ index 8c25419..47a51ae 100644
UDP6_INC_STATS_BH(sock_net(sk),
UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk));
UDP6_INC_STATS_BH(sock_net(sk),
-@@ -780,6 +784,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
+@@ -782,6 +786,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS,
proto == IPPROTO_UDPLITE);
@@ -76734,7 +75001,7 @@ index 8c25419..47a51ae 100644
icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0);
kfree_skb(skb);
-@@ -796,7 +803,7 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
+@@ -798,7 +805,7 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
if (!sock_owned_by_user(sk))
udpv6_queue_rcv_skb(sk, skb);
else if (sk_add_backlog(sk, skb)) {
@@ -76743,7 +75010,7 @@ index 8c25419..47a51ae 100644
bh_unlock_sock(sk);
sock_put(sk);
goto discard;
-@@ -1407,8 +1414,13 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket
+@@ -1410,8 +1417,13 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket
0, 0L, 0,
sock_i_uid(sp), 0,
sock_i_ino(sp),
@@ -76886,10 +75153,10 @@ index 253695d..9481ce8 100644
seq_printf(m, "Max header size: %d\n", self->max_header_size);
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
-index 274d150..656a144 100644
+index d5c5b8f..33beff0 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
-@@ -787,10 +787,10 @@ static int iucv_sock_autobind(struct sock *sk)
+@@ -764,10 +764,10 @@ static int iucv_sock_autobind(struct sock *sk)
write_lock_bh(&iucv_sk_list.lock);
@@ -76903,7 +75170,7 @@ index 274d150..656a144 100644
write_unlock_bh(&iucv_sk_list.lock);
diff --git a/net/key/af_key.c b/net/key/af_key.c
-index 1e733e9..3d73c9f 100644
+index 11dbb22..c20f667 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3016,10 +3016,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc
@@ -76920,10 +75187,10 @@ index 1e733e9..3d73c9f 100644
return res;
}
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
-index 73495f1..ad51356 100644
+index 2f0642d..e5c6fba 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
-@@ -27,6 +27,7 @@
+@@ -28,6 +28,7 @@
#include <net/ieee80211_radiotap.h>
#include <net/cfg80211.h>
#include <net/mac80211.h>
@@ -76931,7 +75198,7 @@ index 73495f1..ad51356 100644
#include "key.h"
#include "sta_info.h"
-@@ -764,7 +765,7 @@ struct ieee80211_local {
+@@ -781,7 +782,7 @@ struct ieee80211_local {
/* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
spinlock_t queue_stop_reason_lock;
@@ -76941,10 +75208,10 @@ index 73495f1..ad51356 100644
/* number of interfaces with corresponding FIF_ flags */
int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
-index 30d7355..e260095 100644
+index 8e2137b..2974283 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
-@@ -211,7 +211,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
+@@ -222,7 +222,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
break;
}
@@ -76953,7 +75220,7 @@ index 30d7355..e260095 100644
res = drv_start(local);
if (res)
goto err_del_bss;
-@@ -235,7 +235,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
+@@ -246,7 +246,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
memcpy(dev->perm_addr, dev->dev_addr, ETH_ALEN);
if (!is_valid_ether_addr(dev->dev_addr)) {
@@ -76962,25 +75229,25 @@ index 30d7355..e260095 100644
drv_stop(local);
return -EADDRNOTAVAIL;
}
-@@ -327,7 +327,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
+@@ -347,7 +347,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
mutex_unlock(&local->mtx);
if (coming_up)
- local->open_count++;
+ local_inc(&local->open_count);
- if (hw_reconf_flags) {
+ if (hw_reconf_flags)
ieee80211_hw_config(local, hw_reconf_flags);
-@@ -347,7 +347,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
+@@ -360,7 +360,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
err_del_interface:
- drv_remove_interface(local, &sdata->vif);
+ drv_remove_interface(local, sdata);
err_stop:
- if (!local->open_count)
+ if (!local_read(&local->open_count))
drv_stop(local);
err_del_bss:
sdata->bss = NULL;
-@@ -472,7 +472,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -489,7 +489,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
}
if (going_down)
@@ -76989,7 +75256,7 @@ index 30d7355..e260095 100644
switch (sdata->vif.type) {
case NL80211_IFTYPE_AP_VLAN:
-@@ -531,7 +531,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -548,7 +548,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
ieee80211_recalc_ps(local, -1);
@@ -76999,10 +75266,10 @@ index 30d7355..e260095 100644
napi_disable(&local->napi);
ieee80211_clear_tx_pending(local);
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
-index 7d9b21d..0687004 100644
+index b142bd4..a651749 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
-@@ -163,7 +163,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
+@@ -166,7 +166,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
local->hw.conf.power_level = power;
}
@@ -77012,7 +75279,7 @@ index 7d9b21d..0687004 100644
/*
* Goal:
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
-index 9ee7164..56c5061 100644
+index 596efaf..8f1911f 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -34,7 +34,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
@@ -77043,7 +75310,7 @@ index 9ee7164..56c5061 100644
suspend:
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
-index 7d84b87..6a69cd9 100644
+index f9b8e81..bb89b46 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -401,7 +401,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
@@ -77069,12 +75336,12 @@ index c97a065..ff61928 100644
return p;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
-index d5230ec..c604b21 100644
+index 9919892..8c49803 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
-@@ -1000,7 +1000,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
- drv_set_coverage_class(local, hw->wiphy->coverage_class);
-
+@@ -1143,7 +1143,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
+ }
+ #endif
/* everything else happens only if HW was up & running */
- if (!local->open_count)
+ if (!local_read(&local->open_count))
@@ -77082,10 +75349,10 @@ index d5230ec..c604b21 100644
/*
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
-index d5597b7..ab6d39c 100644
+index f8ac4ef..b02560b 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
-@@ -779,6 +779,16 @@ config NETFILTER_XT_MATCH_ESP
+@@ -806,6 +806,16 @@ config NETFILTER_XT_MATCH_ESP
To compile it as a module, choose M here. If unsure, say N.
@@ -77103,12 +75370,12 @@ index d5597b7..ab6d39c 100644
tristate '"hashlimit" match support'
depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n)
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
-index 1a02853..5d8c22e 100644
+index 40f4c3d..0d5dd6b 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
-@@ -81,6 +81,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DCCP) += xt_dccp.o
- obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o
+@@ -83,6 +83,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o
obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) += xt_dscp.o
+ obj-$(CONFIG_NETFILTER_XT_MATCH_ECN) += xt_ecn.o
obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o
+obj-$(CONFIG_NETFILTER_XT_MATCH_GRADM) += xt_gradm.o
obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o
@@ -77146,7 +75413,7 @@ index 29fa5ba..8debc79 100644
if (!todrop_rate[i]) return 0;
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
-index 6dc7d7d..e45913a 100644
+index 2555816..31492d9 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -562,7 +562,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
@@ -77168,7 +75435,7 @@ index 6dc7d7d..e45913a 100644
if ((ipvs->sync_state & IP_VS_STATE_MASTER) &&
cp->protocol == IPPROTO_SCTP) {
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
-index e1a66cf..0910076 100644
+index b3afe18..08ec940 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -788,7 +788,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest,
@@ -77217,7 +75484,7 @@ index e1a66cf..0910076 100644
NLA_PUT_U32(skb, IPVS_DEST_ATTR_U_THRESH, dest->u_threshold);
NLA_PUT_U32(skb, IPVS_DEST_ATTR_L_THRESH, dest->l_threshold);
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
-index 2b6678c0..aaa41fc 100644
+index 8a0d6d6..90ec197 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -649,7 +649,7 @@ control:
@@ -77239,7 +75506,7 @@ index 2b6678c0..aaa41fc 100644
cp->old_state = cp->state;
/*
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
-index aa2d720..d8aa111 100644
+index 7fd66de..e6fb361 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -1151,7 +1151,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
@@ -77374,10 +75641,10 @@ index 4fe4fb4..87a89e5 100644
return 0;
}
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
-index 1201b6d..bcff8c6 100644
+index 629b061..21cd04c 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
-@@ -742,7 +742,7 @@ static void netlink_overrun(struct sock *sk)
+@@ -741,7 +741,7 @@ static void netlink_overrun(struct sock *sk)
sk->sk_error_report(sk);
}
}
@@ -77386,7 +75653,7 @@ index 1201b6d..bcff8c6 100644
}
static struct sock *netlink_getsockbypid(struct sock *ssk, u32 pid)
-@@ -1999,7 +1999,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
+@@ -1995,7 +1995,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
sk_wmem_alloc_get(s),
nlk->cb,
atomic_read(&s->sk_refcnt),
@@ -77396,7 +75663,7 @@ index 1201b6d..bcff8c6 100644
);
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
-index 732152f..60bb09e 100644
+index 7dab229..212156f 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -839,6 +839,7 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr,
@@ -77416,10 +75683,10 @@ index 732152f..60bb09e 100644
*uaddr_len = sizeof(struct sockaddr_ax25);
}
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index d9d4970..d5a6a68 100644
+index 2dbb32b..a1b4722 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
-@@ -1675,7 +1675,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -1676,7 +1676,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
spin_lock(&sk->sk_receive_queue.lock);
po->stats.tp_packets++;
@@ -77428,7 +75695,7 @@ index d9d4970..d5a6a68 100644
__skb_queue_tail(&sk->sk_receive_queue, skb);
spin_unlock(&sk->sk_receive_queue.lock);
sk->sk_data_ready(sk, skb->len);
-@@ -1684,7 +1684,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -1685,7 +1685,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
drop_n_acct:
spin_lock(&sk->sk_receive_queue.lock);
po->stats.tp_drops++;
@@ -77437,7 +75704,7 @@ index d9d4970..d5a6a68 100644
spin_unlock(&sk->sk_receive_queue.lock);
drop_n_restore:
-@@ -3266,7 +3266,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3271,7 +3271,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
case PACKET_HDRLEN:
if (len > sizeof(int))
len = sizeof(int);
@@ -77446,7 +75713,7 @@ index d9d4970..d5a6a68 100644
return -EFAULT;
switch (val) {
case TPACKET_V1:
-@@ -3316,7 +3316,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3321,7 +3321,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
if (put_user(len, optlen))
return -EFAULT;
@@ -77478,7 +75745,7 @@ index d65f699..05aa6ce 100644
err = proto_register(pp->prot, 1);
diff --git a/net/phonet/pep.c b/net/phonet/pep.c
-index 2ba6e9f..409573f 100644
+index 9f60008..ae96f04 100644
--- a/net/phonet/pep.c
+++ b/net/phonet/pep.c
@@ -388,7 +388,7 @@ static int pipe_do_rcv(struct sock *sk, struct sk_buff *skb)
@@ -77499,7 +75766,7 @@ index 2ba6e9f..409573f 100644
err = -ENOBUFS;
break;
}
-@@ -557,7 +557,7 @@ static int pipe_handler_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -580,7 +580,7 @@ static int pipe_handler_do_rcv(struct sock *sk, struct sk_buff *skb)
}
if (pn->rx_credits == 0) {
@@ -77695,7 +75962,7 @@ index 74c064c..fdec26f 100644
/* count of skbs currently in use */
atomic_t rxrpc_n_skbs;
diff --git a/net/rxrpc/ar-ack.c b/net/rxrpc/ar-ack.c
-index f99cfce..cc529dd 100644
+index c3126e8..21facc7 100644
--- a/net/rxrpc/ar-ack.c
+++ b/net/rxrpc/ar-ack.c
@@ -175,7 +175,7 @@ static void rxrpc_resend(struct rxrpc_call *call)
@@ -77863,7 +76130,7 @@ index 87f7135..74d3703 100644
}
diff --git a/net/rxrpc/ar-output.c b/net/rxrpc/ar-output.c
-index 338d793..47391d0 100644
+index 16ae887..d24f12b 100644
--- a/net/rxrpc/ar-output.c
+++ b/net/rxrpc/ar-output.c
@@ -682,9 +682,9 @@ static int rxrpc_send_data(struct kiocb *iocb,
@@ -77956,7 +76223,7 @@ index 1e2eee8..ce3967e 100644
assoc->assoc_id,
assoc->sndbuf_used,
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
-index 54a7cd2..944edae 100644
+index 408ebd0..202aa85 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4574,7 +4574,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
@@ -77969,7 +76236,7 @@ index 54a7cd2..944edae 100644
to += addrlen;
cnt++;
diff --git a/net/socket.c b/net/socket.c
-index 2dce67a..1e91168 100644
+index 28a96af..61a7a06 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -88,6 +88,7 @@
@@ -77998,7 +76265,7 @@ index 2dce67a..1e91168 100644
static struct file_system_type sock_fs_type = {
.name = "sockfs",
-@@ -1187,6 +1190,8 @@ int __sock_create(struct net *net, int family, int type, int protocol,
+@@ -1207,6 +1210,8 @@ int __sock_create(struct net *net, int family, int type, int protocol,
return -EAFNOSUPPORT;
if (type < 0 || type >= SOCK_MAX)
return -EINVAL;
@@ -78007,7 +76274,7 @@ index 2dce67a..1e91168 100644
/* Compatibility.
-@@ -1319,6 +1324,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
+@@ -1339,6 +1344,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
@@ -78024,7 +76291,7 @@ index 2dce67a..1e91168 100644
retval = sock_create(family, type, protocol, &sock);
if (retval < 0)
goto out;
-@@ -1431,6 +1446,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
+@@ -1451,6 +1466,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
if (sock) {
err = move_addr_to_kernel(umyaddr, addrlen, (struct sockaddr *)&address);
if (err >= 0) {
@@ -78039,7 +76306,7 @@ index 2dce67a..1e91168 100644
err = security_socket_bind(sock,
(struct sockaddr *)&address,
addrlen);
-@@ -1439,6 +1462,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
+@@ -1459,6 +1482,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
(struct sockaddr *)
&address, addrlen);
}
@@ -78047,7 +76314,7 @@ index 2dce67a..1e91168 100644
fput_light(sock->file, fput_needed);
}
return err;
-@@ -1462,10 +1486,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog)
+@@ -1482,10 +1506,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog)
if ((unsigned)backlog > somaxconn)
backlog = somaxconn;
@@ -78068,7 +76335,7 @@ index 2dce67a..1e91168 100644
fput_light(sock->file, fput_needed);
}
return err;
-@@ -1509,6 +1543,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
+@@ -1529,6 +1563,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
newsock->type = sock->type;
newsock->ops = sock->ops;
@@ -78087,7 +76354,7 @@ index 2dce67a..1e91168 100644
/*
* We don't need try_module_get here, as the listening socket (sock)
* has the protocol module (sock->ops->owner) held.
-@@ -1547,6 +1593,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
+@@ -1567,6 +1613,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
fd_install(newfd, newfile);
err = newfd;
@@ -78096,7 +76363,7 @@ index 2dce67a..1e91168 100644
out_put:
fput_light(sock->file, fput_needed);
out:
-@@ -1579,6 +1627,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
+@@ -1599,6 +1647,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
int, addrlen)
{
struct socket *sock;
@@ -78104,7 +76371,7 @@ index 2dce67a..1e91168 100644
struct sockaddr_storage address;
int err, fput_needed;
-@@ -1589,6 +1638,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
+@@ -1609,6 +1658,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
if (err < 0)
goto out_put;
@@ -78122,7 +76389,7 @@ index 2dce67a..1e91168 100644
err =
security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
if (err)
-@@ -1950,7 +2010,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -1970,7 +2030,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
* checking falls down on this.
*/
if (copy_from_user(ctl_buf,
@@ -78131,7 +76398,7 @@ index 2dce67a..1e91168 100644
ctl_len))
goto out_freectl;
msg_sys->msg_control = ctl_buf;
-@@ -2120,7 +2180,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2140,7 +2200,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
* kernel msghdr to use the kernel address space)
*/
@@ -78140,7 +76407,7 @@ index 2dce67a..1e91168 100644
uaddr_len = COMPAT_NAMELEN(msg);
if (MSG_CMSG_COMPAT & flags) {
err = verify_compat_iovec(msg_sys, iov,
-@@ -2748,7 +2808,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2768,7 +2828,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
}
ifr = compat_alloc_user_space(buf_size);
@@ -78149,7 +76416,7 @@ index 2dce67a..1e91168 100644
if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ))
return -EFAULT;
-@@ -2772,12 +2832,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2792,12 +2852,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
offsetof(struct ethtool_rxnfc, fs.ring_cookie));
if (copy_in_user(rxnfc, compat_rxnfc,
@@ -78166,7 +76433,7 @@ index 2dce67a..1e91168 100644
copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt,
sizeof(rxnfc->rule_cnt)))
return -EFAULT;
-@@ -2789,12 +2849,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2809,12 +2869,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
if (convert_out) {
if (copy_in_user(compat_rxnfc, rxnfc,
@@ -78183,7 +76450,7 @@ index 2dce67a..1e91168 100644
copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
sizeof(rxnfc->rule_cnt)))
return -EFAULT;
-@@ -2864,7 +2924,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
+@@ -2884,7 +2944,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
err = dev_ioctl(net, cmd,
@@ -78192,7 +76459,7 @@ index 2dce67a..1e91168 100644
set_fs(old_fs);
return err;
-@@ -2973,7 +3033,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
+@@ -2993,7 +3053,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -78201,7 +76468,7 @@ index 2dce67a..1e91168 100644
set_fs(old_fs);
if (cmd == SIOCGIFMAP && !err) {
-@@ -3078,7 +3138,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
+@@ -3098,7 +3158,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
ret |= __get_user(rtdev, &(ur4->rt_dev));
if (rtdev) {
ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
@@ -78210,7 +76477,7 @@ index 2dce67a..1e91168 100644
devname[15] = 0;
} else
r4.rt_dev = NULL;
-@@ -3318,8 +3378,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
+@@ -3324,8 +3384,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
int __user *uoptlen;
int err;
@@ -78221,7 +76488,7 @@ index 2dce67a..1e91168 100644
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
-@@ -3339,7 +3399,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
+@@ -3345,7 +3405,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
char __user *uoptval;
int err;
@@ -78231,10 +76498,10 @@ index 2dce67a..1e91168 100644
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c
-index 00a1a2a..6a0138a 100644
+index 3341d89..c662621 100644
--- a/net/sunrpc/sched.c
+++ b/net/sunrpc/sched.c
-@@ -238,9 +238,9 @@ static int rpc_wait_bit_killable(void *word)
+@@ -239,9 +239,9 @@ static int rpc_wait_bit_killable(void *word)
#ifdef RPC_DEBUG
static void rpc_task_set_debuginfo(struct rpc_task *task)
{
@@ -78247,7 +76514,7 @@ index 00a1a2a..6a0138a 100644
#else
static inline void rpc_task_set_debuginfo(struct rpc_task *task)
diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c
-index 71bed1c..5dff36d 100644
+index 4645709..d41d668 100644
--- a/net/sunrpc/svcsock.c
+++ b/net/sunrpc/svcsock.c
@@ -396,7 +396,7 @@ static int svc_partial_recvfrom(struct svc_rqst *rqstp,
@@ -78415,7 +76682,7 @@ index 249a835..fb2794b 100644
goto err;
return 0;
diff --git a/net/sunrpc/xprtrdma/svc_rdma_transport.c b/net/sunrpc/xprtrdma/svc_rdma_transport.c
-index ba1296d..0fec1a5 100644
+index 894cb42..cf5bafb 100644
--- a/net/sunrpc/xprtrdma/svc_rdma_transport.c
+++ b/net/sunrpc/xprtrdma/svc_rdma_transport.c
@@ -300,7 +300,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt)
@@ -78477,10 +76744,10 @@ index e758139..d29ea47 100644
return (mode << 6) | (mode << 3) | mode;
}
diff --git a/net/tipc/link.c b/net/tipc/link.c
-index ae98a72..7bb6056 100644
+index ac1832a..533ed97 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
-@@ -1203,7 +1203,7 @@ static int link_send_sections_long(struct tipc_port *sender,
+@@ -1205,7 +1205,7 @@ static int link_send_sections_long(struct tipc_port *sender,
struct tipc_msg fragm_hdr;
struct sk_buff *buf, *buf_chain, *prev;
u32 fragm_crs, fragm_rest, hsz, sect_rest;
@@ -78489,7 +76756,7 @@ index ae98a72..7bb6056 100644
int curr_sect;
u32 fragm_no;
-@@ -1247,7 +1247,7 @@ again:
+@@ -1249,7 +1249,7 @@ again:
if (!sect_rest) {
sect_rest = msg_sect[++curr_sect].iov_len;
@@ -78498,7 +76765,7 @@ index ae98a72..7bb6056 100644
}
if (sect_rest < fragm_rest)
-@@ -1266,7 +1266,7 @@ error:
+@@ -1268,7 +1268,7 @@ error:
}
} else
skb_copy_to_linear_data_offset(buf, fragm_crs,
@@ -78508,7 +76775,7 @@ index ae98a72..7bb6056 100644
sect_rest -= sz;
fragm_crs += sz;
diff --git a/net/tipc/msg.c b/net/tipc/msg.c
-index 83d5096..dcba497 100644
+index 3e4d3e2..27b55dc 100644
--- a/net/tipc/msg.c
+++ b/net/tipc/msg.c
@@ -99,7 +99,7 @@ int tipc_msg_build(struct tipc_msg *hdr, struct iovec const *msg_sect,
@@ -78521,10 +76788,10 @@ index 83d5096..dcba497 100644
pos += msg_sect[cnt].iov_len;
}
diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c
-index 1983717..4d6102c 100644
+index 8c49566..14510cb 100644
--- a/net/tipc/subscr.c
+++ b/net/tipc/subscr.c
-@@ -101,7 +101,7 @@ static void subscr_send_event(struct subscription *sub,
+@@ -101,7 +101,7 @@ static void subscr_send_event(struct tipc_subscription *sub,
{
struct iovec msg_sect;
@@ -78534,10 +76801,10 @@ index 1983717..4d6102c 100644
sub->evt.event = htohl(event, sub->swap);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index d99678a..3514a21 100644
+index 85d3bb7..79f4487 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
-@@ -767,6 +767,12 @@ static struct sock *unix_find_other(struct net *net,
+@@ -770,6 +770,12 @@ static struct sock *unix_find_other(struct net *net,
err = -ECONNREFUSED;
if (!S_ISSOCK(inode->i_mode))
goto put_fail;
@@ -78550,7 +76817,7 @@ index d99678a..3514a21 100644
u = unix_find_socket_byinode(inode);
if (!u)
goto put_fail;
-@@ -787,6 +793,13 @@ static struct sock *unix_find_other(struct net *net,
+@@ -790,6 +796,13 @@ static struct sock *unix_find_other(struct net *net,
if (u) {
struct dentry *dentry;
dentry = unix_sk(u)->dentry;
@@ -78564,7 +76831,7 @@ index d99678a..3514a21 100644
if (dentry)
touch_atime(unix_sk(u)->mnt, dentry);
} else
-@@ -869,11 +882,18 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
+@@ -872,11 +885,18 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
err = security_path_mknod(&path, dentry, mode, 0);
if (err)
goto out_mknod_drop_write;
@@ -78584,7 +76851,7 @@ index d99678a..3514a21 100644
dput(path.dentry);
path.dentry = dentry;
diff --git a/net/wireless/core.h b/net/wireless/core.h
-index b9ec306..b4a563e 100644
+index 43ad9c8..ab5127c 100644
--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -27,7 +27,7 @@ struct cfg80211_registered_device {
@@ -78634,7 +76901,7 @@ index 0af7f54..c916d2f 100644
iwp->length += essid_compat;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
-index 9049a5c..cfa6f5c 100644
+index 7661576..80f7627 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -299,7 +299,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy)
@@ -78812,10 +77079,10 @@ index 0000000..8729101
+#!/bin/sh
+echo -e "#include \"gcc-plugin.h\"\n#include \"tree.h\"\n#include \"tm.h\"\n#include \"rtl.h\"" | $1 -x c -shared - -o /dev/null -I`$2 -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y"
diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c
-index f936d1f..a66d95f 100644
+index b89efe6..2c30808 100644
--- a/scripts/mod/file2alias.c
+++ b/scripts/mod/file2alias.c
-@@ -72,7 +72,7 @@ static void device_id_check(const char *modname, const char *device_id,
+@@ -128,7 +128,7 @@ static void device_id_check(const char *modname, const char *device_id,
unsigned long size, unsigned long id_size,
void *symval)
{
@@ -78824,7 +77091,7 @@ index f936d1f..a66d95f 100644
if (size % id_size || size < id_size) {
if (cross_build != 0)
-@@ -102,7 +102,7 @@ static void device_id_check(const char *modname, const char *device_id,
+@@ -158,7 +158,7 @@ static void device_id_check(const char *modname, const char *device_id,
/* USB is special because the bcdDevice can be matched against a numeric range */
/* Looks like "usb:vNpNdNdcNdscNdpNicNiscNipN" */
static void do_usb_entry(struct usb_device_id *id,
@@ -78833,7 +77100,7 @@ index f936d1f..a66d95f 100644
unsigned char range_lo, unsigned char range_hi,
unsigned char max, struct module *mod)
{
-@@ -203,7 +203,7 @@ static void do_usb_entry_multi(struct usb_device_id *id, struct module *mod)
+@@ -259,7 +259,7 @@ static void do_usb_entry_multi(struct usb_device_id *id, struct module *mod)
{
unsigned int devlo, devhi;
unsigned char chi, clo, max;
@@ -78842,7 +77109,7 @@ index f936d1f..a66d95f 100644
id->match_flags = TO_NATIVE(id->match_flags);
id->idVendor = TO_NATIVE(id->idVendor);
-@@ -437,7 +437,7 @@ static void do_pnp_device_entry(void *symval, unsigned long size,
+@@ -501,7 +501,7 @@ static void do_pnp_device_entry(void *symval, unsigned long size,
for (i = 0; i < count; i++) {
const char *id = (char *)devs[i].id;
char acpi_id[sizeof(devs[0].id)];
@@ -78851,7 +77118,7 @@ index f936d1f..a66d95f 100644
buf_printf(&mod->dev_table_buf,
"MODULE_ALIAS(\"pnp:d%s*\");\n", id);
-@@ -467,7 +467,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size,
+@@ -531,7 +531,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size,
for (j = 0; j < PNP_MAX_DEVICES; j++) {
const char *id = (char *)card->devs[j].id;
@@ -78860,7 +77127,7 @@ index f936d1f..a66d95f 100644
int dup = 0;
if (!id[0])
-@@ -493,7 +493,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size,
+@@ -557,7 +557,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size,
/* add an individual alias for every device entry */
if (!dup) {
char acpi_id[sizeof(card->devs[0].id)];
@@ -78869,7 +77136,7 @@ index f936d1f..a66d95f 100644
buf_printf(&mod->dev_table_buf,
"MODULE_ALIAS(\"pnp:d%s*\");\n", id);
-@@ -807,7 +807,7 @@ static void dmi_ascii_filter(char *d, const char *s)
+@@ -882,7 +882,7 @@ static void dmi_ascii_filter(char *d, const char *s)
static int do_dmi_entry(const char *filename, struct dmi_system_id *id,
char *alias)
{
@@ -78879,7 +77146,7 @@ index f936d1f..a66d95f 100644
sprintf(alias, "dmi*");
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
-index 2bd594e..d43245e 100644
+index 9adb667..c6ac044 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -919,6 +919,7 @@ enum mismatch {
@@ -78931,7 +77198,7 @@ index 2bd594e..d43245e 100644
}
fprintf(stderr, "\n");
}
-@@ -1656,7 +1671,7 @@ static void section_rel(const char *modname, struct elf_info *elf,
+@@ -1665,7 +1680,7 @@ static void section_rel(const char *modname, struct elf_info *elf,
static void check_sec_ref(struct module *mod, const char *modname,
struct elf_info *elf)
{
@@ -78940,7 +77207,7 @@ index 2bd594e..d43245e 100644
Elf_Shdr *sechdrs = elf->sechdrs;
/* Walk through all sections */
-@@ -1754,7 +1769,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf,
+@@ -1763,7 +1778,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf,
va_end(ap);
}
@@ -78949,7 +77216,7 @@ index 2bd594e..d43245e 100644
{
if (buf->size - buf->pos < len) {
buf->size += len + SZ;
-@@ -1972,7 +1987,7 @@ static void write_if_changed(struct buffer *b, const char *fname)
+@@ -1981,7 +1996,7 @@ static void write_if_changed(struct buffer *b, const char *fname)
if (fstat(fileno(file), &st) < 0)
goto close_write;
@@ -79025,10 +77292,10 @@ index 5c11312..72742b5 100644
write_hex_cnt = 0;
for (i = 0; i < logo_clutsize; i++) {
diff --git a/security/Kconfig b/security/Kconfig
-index 51bd5a0..58c5b70 100644
+index 51bd5a0..3a4ebd0 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,639 @@
+@@ -4,6 +4,627 @@
menu "Security options"
@@ -79120,6 +77387,7 @@ index 51bd5a0..58c5b70 100644
+
+config PAX_XATTR_PAX_FLAGS
+ bool 'Use filesystem extended attributes marking'
++ depends on EXPERT
+ select CIFS_XATTR if CIFS
+ select EXT2_FS_XATTR if EXT2_FS
+ select EXT3_FS_XATTR if EXT3_FS
@@ -79648,19 +77916,6 @@ index 51bd5a0..58c5b70 100644
+ Since this has a negligible performance impact, you should enable
+ this feature.
+
-+config PAX_SIZE_OVERFLOW
-+ bool "Prevent various integer overflows in function size parameters"
-+ help
-+ By saying Y here the kernel recomputes expressions of function
-+ arguments marked by a size_overflow attribute with double integer
-+ precision (DImode/TImode for 32/64 bit integer types).
-+
-+ The recomputed argument is checked against INT_MAX and an event
-+ is logged on overflow and the triggering process is killed.
-+
-+ Homepage:
-+ http://www.grsecurity.net/~ephox/overflow_plugin/
-+
+endmenu
+
+endmenu
@@ -79668,7 +77923,7 @@ index 51bd5a0..58c5b70 100644
config KEYS
bool "Enable access key retention support"
help
-@@ -169,7 +802,7 @@ config INTEL_TXT
+@@ -169,7 +790,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
@@ -79678,10 +77933,10 @@ index 51bd5a0..58c5b70 100644
help
This is the portion of low virtual memory which should be protected
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index 3783202..1852837 100644
+index 97ce8fa..23dad96 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
-@@ -621,7 +621,7 @@ static int apparmor_task_setrlimit(struct task_struct *task,
+@@ -620,7 +620,7 @@ static int apparmor_task_setrlimit(struct task_struct *task,
return error;
}
@@ -79691,7 +77946,7 @@ index 3783202..1852837 100644
.ptrace_access_check = apparmor_ptrace_access_check,
diff --git a/security/commoncap.c b/security/commoncap.c
-index ee4f848..a320c64 100644
+index 7ce191e..6c29c34 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -28,6 +28,7 @@
@@ -79702,16 +77957,7 @@ index ee4f848..a320c64 100644
/*
* If a non-root user executes a setuid-root binary in
-@@ -58,7 +59,7 @@ int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
-
- int cap_netlink_recv(struct sk_buff *skb, int cap)
- {
-- if (!cap_raised(current_cap(), cap))
-+ if (!cap_raised(current_cap(), cap) || !gr_is_capable(cap))
- return -EPERM;
- return 0;
- }
-@@ -579,6 +580,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm)
+@@ -569,6 +570,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm)
{
const struct cred *cred = current_cred();
@@ -79749,25 +77995,6 @@ index 88a2788..581ab92 100644
entry = kmalloc(sizeof(*entry), GFP_KERNEL);
if (!entry) {
-diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c
-index c5c5a72..2ad942f 100644
---- a/security/integrity/ima/ima_audit.c
-+++ b/security/integrity/ima/ima_audit.c
-@@ -56,9 +56,11 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
- audit_log_format(ab, " name=");
- audit_log_untrustedstring(ab, fname);
- }
-- if (inode)
-- audit_log_format(ab, " dev=%s ino=%lu",
-- inode->i_sb->s_id, inode->i_ino);
-+ if (inode) {
-+ audit_log_format(ab, " dev=");
-+ audit_log_untrustedstring(ab, inode->i_sb->s_id);
-+ audit_log_format(ab, " ino=%lu", inode->i_ino);
-+ }
- audit_log_format(ab, " res=%d", !result ? 0 : 1);
- audit_log_end(ab);
- }
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index e1aa2b4..52027bf 100644
--- a/security/integrity/ima/ima_fs.c
@@ -79854,7 +78081,7 @@ index 0b3f5d7..892c8a6 100644
if (iov != iovstack)
kfree(iov);
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
-index 37a7f3b..86dc19f 100644
+index d605f75..2bc6be9 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -214,15 +214,15 @@ static long keyring_read(const struct key *keyring,
@@ -79876,54 +78103,6 @@ index 37a7f3b..86dc19f 100644
goto error;
buflen -= tmp;
-diff --git a/security/lsm_audit.c b/security/lsm_audit.c
-index 893af8a..ba9237c 100644
---- a/security/lsm_audit.c
-+++ b/security/lsm_audit.c
-@@ -234,10 +234,11 @@ static void dump_common_audit_data(struct audit_buffer *ab,
- audit_log_d_path(ab, "path=", &a->u.path);
-
- inode = a->u.path.dentry->d_inode;
-- if (inode)
-- audit_log_format(ab, " dev=%s ino=%lu",
-- inode->i_sb->s_id,
-- inode->i_ino);
-+ if (inode) {
-+ audit_log_format(ab, " dev=");
-+ audit_log_untrustedstring(ab, inode->i_sb->s_id);
-+ audit_log_format(ab, " ino=%lu", inode->i_ino);
-+ }
- break;
- }
- case LSM_AUDIT_DATA_DENTRY: {
-@@ -247,10 +248,11 @@ static void dump_common_audit_data(struct audit_buffer *ab,
- audit_log_untrustedstring(ab, a->u.dentry->d_name.name);
-
- inode = a->u.dentry->d_inode;
-- if (inode)
-- audit_log_format(ab, " dev=%s ino=%lu",
-- inode->i_sb->s_id,
-- inode->i_ino);
-+ if (inode) {
-+ audit_log_format(ab, " dev=");
-+ audit_log_untrustedstring(ab, inode->i_sb->s_id);
-+ audit_log_format(ab, " ino=%lu", inode->i_ino);
-+ }
- break;
- }
- case LSM_AUDIT_DATA_INODE: {
-@@ -265,8 +267,9 @@ static void dump_common_audit_data(struct audit_buffer *ab,
- dentry->d_name.name);
- dput(dentry);
- }
-- audit_log_format(ab, " dev=%s ino=%lu", inode->i_sb->s_id,
-- inode->i_ino);
-+ audit_log_format(ab, " dev=");
-+ audit_log_untrustedstring(ab, inode->i_sb->s_id);
-+ audit_log_format(ab, " ino=%lu", inode->i_ino);
- break;
- }
- case LSM_AUDIT_DATA_TASK:
diff --git a/security/min_addr.c b/security/min_addr.c
index f728728..6457a0c 100644
--- a/security/min_addr.c
@@ -79945,7 +78124,7 @@ index f728728..6457a0c 100644
/*
diff --git a/security/security.c b/security/security.c
-index e2f684a..8d62ef5 100644
+index d754249..8bf426e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -26,8 +26,8 @@
@@ -79970,7 +78149,7 @@ index e2f684a..8d62ef5 100644
/* Save user chosen LSM */
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index 1126c10..effb32b 100644
+index 6a3683e..f52f4c0 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -94,8 +94,6 @@
@@ -79982,7 +78161,7 @@ index 1126c10..effb32b 100644
/* SECMARK reference count */
static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
-@@ -5449,7 +5447,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
+@@ -5429,7 +5427,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
#endif
@@ -80005,7 +78184,7 @@ index b43813c..74be837 100644
#else
static inline int selinux_xfrm_enabled(void)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index 7db62b4..ee4d949 100644
+index e8af5b0b..78527ef 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3481,7 +3481,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
@@ -80018,10 +78197,10 @@ index 7db62b4..ee4d949 100644
.ptrace_access_check = smack_ptrace_access_check,
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
-index 4b327b6..646c57a 100644
+index 620d37c..e2ad89b 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
-@@ -504,7 +504,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
+@@ -501,7 +501,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
* tomoyo_security_ops is a "struct security_operations" which is used for
* registering TOMOYO.
*/
@@ -80075,7 +78254,7 @@ index ffd2025..df062c9 100644
/* PCM3052 register definitions */
diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
-index 3cc4b86..af0a951 100644
+index 08fde00..0bf641a 100644
--- a/sound/core/oss/pcm_oss.c
+++ b/sound/core/oss/pcm_oss.c
@@ -1189,10 +1189,10 @@ snd_pcm_sframes_t snd_pcm_oss_write3(struct snd_pcm_substream *substream, const
@@ -80221,7 +78400,7 @@ index 5cf8d65..912a79c 100644
dev->driver_data = NULL;
ops->num_init_devices--;
diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c
-index f24bf9a..1f7b67c 100644
+index 621e60e..f4543f5 100644
--- a/sound/drivers/mts64.c
+++ b/sound/drivers/mts64.c
@@ -29,6 +29,7 @@
@@ -80294,7 +78473,7 @@ index b953fb4..1999c01 100644
int timeout = 10;
while ((inb(opl4->fm_port) & OPL4_STATUS_BUSY) && --timeout > 0)
diff --git a/sound/drivers/portman2x4.c b/sound/drivers/portman2x4.c
-index f664823..590c745 100644
+index 3e32bd3..46fc152 100644
--- a/sound/drivers/portman2x4.c
+++ b/sound/drivers/portman2x4.c
@@ -48,6 +48,7 @@
@@ -80394,7 +78573,7 @@ index cd094ec..eca1277 100644
default:
return -EINVAL;
diff --git a/sound/isa/cmi8330.c b/sound/isa/cmi8330.c
-index c94578d..0794ac1 100644
+index 7bd5e33..1fcab12 100644
--- a/sound/isa/cmi8330.c
+++ b/sound/isa/cmi8330.c
@@ -172,7 +172,7 @@ struct snd_cmi8330 {
@@ -80458,10 +78637,10 @@ index 09d4648..cf234c7 100644
list_add(&s->list, &cs4297a_devs);
diff --git a/sound/pci/hda/hda_codec.h b/sound/pci/hda/hda_codec.h
-index 71f6744..d8aeae7 100644
+index f0f1943..8e1f96c 100644
--- a/sound/pci/hda/hda_codec.h
+++ b/sound/pci/hda/hda_codec.h
-@@ -614,7 +614,7 @@ struct hda_bus_ops {
+@@ -611,7 +611,7 @@ struct hda_bus_ops {
/* notify power-up/down from codec to controller */
void (*pm_notify)(struct hda_bus *bus);
#endif
@@ -80470,7 +78649,7 @@ index 71f6744..d8aeae7 100644
/* template to pass to the bus constructor */
struct hda_bus_template {
-@@ -716,6 +716,7 @@ struct hda_codec_ops {
+@@ -713,6 +713,7 @@ struct hda_codec_ops {
#endif
void (*reboot_notify)(struct hda_codec *codec);
};
@@ -80478,7 +78657,7 @@ index 71f6744..d8aeae7 100644
/* record for amp information cache */
struct hda_cache_head {
-@@ -746,7 +747,7 @@ struct hda_pcm_ops {
+@@ -743,7 +744,7 @@ struct hda_pcm_ops {
struct snd_pcm_substream *substream);
int (*cleanup)(struct hda_pcm_stream *info, struct hda_codec *codec,
struct snd_pcm_substream *substream);
@@ -80487,7 +78666,7 @@ index 71f6744..d8aeae7 100644
/* PCM information for each substream */
struct hda_pcm_stream {
-@@ -804,7 +805,7 @@ struct hda_codec {
+@@ -801,7 +802,7 @@ struct hda_codec {
const char *modelname; /* model name for preset */
/* set by patch */
@@ -80519,7 +78698,7 @@ index 0da778a..bc38b84 100644
diff --git a/sound/pci/ymfpci/ymfpci_main.c b/sound/pci/ymfpci/ymfpci_main.c
-index 03ee4e3..be86b46 100644
+index 12a9a2b..2b6138f 100644
--- a/sound/pci/ymfpci/ymfpci_main.c
+++ b/sound/pci/ymfpci/ymfpci_main.c
@@ -203,8 +203,8 @@ static void snd_ymfpci_hw_stop(struct snd_ymfpci *chip)
@@ -80553,7 +78732,7 @@ index 03ee4e3..be86b46 100644
wake_up(&chip->interrupt_sleep);
}
}
-@@ -2382,7 +2382,7 @@ int __devinit snd_ymfpci_create(struct snd_card *card,
+@@ -2389,7 +2389,7 @@ int __devinit snd_ymfpci_create(struct snd_card *card,
spin_lock_init(&chip->reg_lock);
spin_lock_init(&chip->voice_lock);
init_waitqueue_head(&chip->interrupt_sleep);
@@ -80563,23 +78742,23 @@ index 03ee4e3..be86b46 100644
chip->pci = pci;
chip->irq = -1;
diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c
-index ee15337..e2187a6 100644
+index cdc860a..db34a93 100644
--- a/sound/soc/soc-pcm.c
+++ b/sound/soc/soc-pcm.c
-@@ -583,7 +583,7 @@ static snd_pcm_uframes_t soc_pcm_pointer(struct snd_pcm_substream *substream)
- }
-
- /* ASoC PCM operations */
--static struct snd_pcm_ops soc_pcm_ops = {
-+static snd_pcm_ops_no_const soc_pcm_ops = {
- .open = soc_pcm_open,
- .close = soc_pcm_close,
- .hw_params = soc_pcm_hw_params,
+@@ -605,7 +605,7 @@ int soc_new_pcm(struct snd_soc_pcm_runtime *rtd, int num)
+ struct snd_soc_platform *platform = rtd->platform;
+ struct snd_soc_dai *codec_dai = rtd->codec_dai;
+ struct snd_soc_dai *cpu_dai = rtd->cpu_dai;
+- struct snd_pcm_ops *soc_pcm_ops = &rtd->ops;
++ snd_pcm_ops_no_const *soc_pcm_ops = &rtd->ops;
+ struct snd_pcm *pcm;
+ char new_name[64];
+ int ret = 0, playback = 0, capture = 0;
diff --git a/sound/usb/card.h b/sound/usb/card.h
-index a39edcc..1014050 100644
+index da5fa1a..113cd02 100644
--- a/sound/usb/card.h
+++ b/sound/usb/card.h
-@@ -44,6 +44,7 @@ struct snd_urb_ops {
+@@ -45,6 +45,7 @@ struct snd_urb_ops {
int (*prepare_sync)(struct snd_usb_substream *subs, struct snd_pcm_runtime *runtime, struct urb *u);
int (*retire_sync)(struct snd_usb_substream *subs, struct snd_pcm_runtime *runtime, struct urb *u);
};
@@ -80587,7 +78766,7 @@ index a39edcc..1014050 100644
struct snd_usb_substream {
struct snd_usb_stream *stream;
-@@ -93,7 +94,7 @@ struct snd_usb_substream {
+@@ -94,7 +95,7 @@ struct snd_usb_substream {
struct snd_pcm_hw_constraint_list rate_list; /* limited rates */
spinlock_t lock;
@@ -80598,10 +78777,10 @@ index a39edcc..1014050 100644
};
diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile
new file mode 100644
-index 0000000..ca64170
+index 0000000..894c8bf
--- /dev/null
+++ b/tools/gcc/Makefile
-@@ -0,0 +1,26 @@
+@@ -0,0 +1,23 @@
+#CC := gcc
+#PLUGIN_SOURCE_FILES := pax_plugin.c
+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
@@ -80609,7 +78788,6 @@ index 0000000..ca64170
+#CFLAGS += -I$(GCCPLUGINS_DIR)/include -fPIC -O2 -Wall -W -std=gnu99
+
+HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/include/c-family -std=gnu99 -ggdb
-+CFLAGS_size_overflow_plugin.o := -Wno-missing-initializer
+
+hostlibs-y := constify_plugin.so
+hostlibs-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so
@@ -80617,7 +78795,6 @@ index 0000000..ca64170
+hostlibs-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so
+hostlibs-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so
+hostlibs-y += colorize_plugin.so
-+hostlibs-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin.so
+
+always := $(hostlibs-y)
+
@@ -80627,7 +78804,6 @@ index 0000000..ca64170
+kernexec_plugin-objs := kernexec_plugin.o
+checker_plugin-objs := checker_plugin.o
+colorize_plugin-objs := colorize_plugin.o
-+size_overflow_plugin-objs := size_overflow_plugin.o
diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c
new file mode 100644
index 0000000..d41b5af
@@ -81873,3870 +80049,6 @@ index 0000000..008f159
+
+ return 0;
+}
-diff --git a/tools/gcc/size_overflow_hash1.h b/tools/gcc/size_overflow_hash1.h
-new file mode 100644
-index 0000000..55a1292
---- /dev/null
-+++ b/tools/gcc/size_overflow_hash1.h
-@@ -0,0 +1,2760 @@
-+struct size_overflow_hash size_overflow_hash1[65536] = {
-+ [10013].file = "security/smack/smackfs.c",
-+ [10013].name = "smk_write_direct",
-+ [10013].param3 = 1,
-+ [10167].file = "sound/core/oss/pcm_plugin.c",
-+ [10167].name = "snd_pcm_plugin_build",
-+ [10167].param5 = 1,
-+ [1020].file = "drivers/usb/misc/usbtest.c",
-+ [1020].name = "test_unaligned_bulk",
-+ [1020].param3 = 1,
-+ [1022].file = "sound/pci/rme9652/rme9652.c",
-+ [1022].name = "snd_rme9652_playback_copy",
-+ [1022].param5 = 1,
-+ [10341].file = "fs/nfsd/nfs4xdr.c",
-+ [10341].name = "read_buf",
-+ [10341].param2 = 1,
-+ [10357].file = "net/sunrpc/cache.c",
-+ [10357].name = "cache_read",
-+ [10357].param3 = 1,
-+ [10397].file = "drivers/gpu/drm/i915/i915_debugfs.c",
-+ [10397].name = "i915_wedged_write",
-+ [10397].param3 = 1,
-+ [10414].file = "drivers/tty/vt/vt.c",
-+ [10414].name = "vc_do_resize",
-+ [10414].param3 = 1,
-+ [10414].param4 = 1,
-+ [10496].file = "drivers/bluetooth/hci_vhci.c",
-+ [10496].name = "vhci_read",
-+ [10496].param3 = 1,
-+ [10565].file = "drivers/input/touchscreen/ad7879-spi.c",
-+ [10565].name = "ad7879_spi_multi_read",
-+ [10565].param3 = 1,
-+ [10623].file = "drivers/infiniband/core/user_mad.c",
-+ [10623].name = "ib_umad_write",
-+ [10623].param3 = 1,
-+ [10707].file = "fs/nfs/idmap.c",
-+ [10707].name = "nfs_idmap_request_key",
-+ [10707].param2 = 1,
-+ [10773].file = "drivers/input/mousedev.c",
-+ [10773].name = "mousedev_read",
-+ [10773].param3 = 1,
-+ [10777].file = "fs/ntfs/file.c",
-+ [10777].name = "ntfs_file_buffered_write",
-+ [10777].param6 = 1,
-+ [10919].file = "net/ipv4/netfilter/arp_tables.c",
-+ [10919].name = "do_arpt_set_ctl",
-+ [10919].param4 = 1,
-+ [11054].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [11054].name = "lbs_wrmac_write",
-+ [11054].param3 = 1,
-+ [11068].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [11068].name = "lbs_wrrf_write",
-+ [11068].param3 = 1,
-+ [11364].file = "fs/ext4/super.c",
-+ [11364].name = "ext4_kvzalloc",
-+ [11364].param1 = 1,
-+ [11402].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [11402].name = "lbs_threshold_write",
-+ [11402].param5 = 1,
-+ [11494].file = "drivers/video/via/viafbdev.c",
-+ [11494].name = "viafb_dvp1_proc_write",
-+ [11494].param3 = 1,
-+ [11616].file = "security/selinux/selinuxfs.c",
-+ [11616].name = "sel_write_enforce",
-+ [11616].param3 = 1,
-+ [11699].file = "drivers/net/ethernet/neterion/vxge/vxge-config.h",
-+ [11699].name = "vxge_os_dma_malloc",
-+ [11699].param2 = 1,
-+ [11766].file = "drivers/block/paride/pt.c",
-+ [11766].name = "pt_read",
-+ [11766].param3 = 1,
-+ [11784].file = "fs/bio.c",
-+ [11784].name = "bio_kmalloc",
-+ [11784].param2 = 1,
-+ [11814].file = "drivers/staging/speakup/kobjects.c",
-+ [11814].name = "keymap_store",
-+ [11814].param4 = 1,
-+ [11912].file = "net/sunrpc/cache.c",
-+ [11912].name = "cache_write_pipefs",
-+ [11912].param3 = 1,
-+ [11919].file = "drivers/lguest/core.c",
-+ [11919].name = "__lgread",
-+ [11919].param4 = 1,
-+ [11986].file = "drivers/net/usb/asix.c",
-+ [11986].name = "asix_read_cmd",
-+ [11986].param5 = 1,
-+ [12059].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [12059].name = "lbs_debugfs_write",
-+ [12059].param3 = 1,
-+ [12071].file = "lib/kstrtox.c",
-+ [12071].name = "kstrtou8_from_user",
-+ [12071].param2 = 1,
-+ [12151].file = "fs/compat.c",
-+ [12151].name = "compat_rw_copy_check_uvector",
-+ [12151].param3 = 1,
-+ [12205].file = "fs/reiserfs/journal.c",
-+ [12205].name = "reiserfs_allocate_list_bitmaps",
-+ [12205].param3 = 1,
-+ [12234].file = "include/acpi/platform/aclinux.h",
-+ [12234].name = "acpi_os_allocate",
-+ [12234].param1 = 1,
-+ [1227].file = "lib/cpu_rmap.c",
-+ [1227].name = "alloc_cpu_rmap",
-+ [1227].param1 = 1,
-+ [12395].file = "drivers/char/hw_random/core.c",
-+ [12395].name = "rng_dev_read",
-+ [12395].param3 = 1,
-+ [1248].file = "kernel/kprobes.c",
-+ [1248].name = "write_enabled_file_bool",
-+ [1248].param3 = 1,
-+ [12501].file = "net/mac80211/debugfs.c",
-+ [12501].name = "uapsd_max_sp_len_write",
-+ [12501].param3 = 1,
-+ [12591].file = "sound/core/pcm_lib.c",
-+ [12591].name = "snd_pcm_lib_writev_transfer",
-+ [12591].param5 = 1,
-+ [12602].file = "net/sunrpc/cache.c",
-+ [12602].name = "cache_downcall",
-+ [12602].param3 = 1,
-+ [12712].file = "drivers/net/wimax/i2400m/fw.c",
-+ [12712].name = "i2400m_zrealloc_2x",
-+ [12712].param3 = 1,
-+ [12755].file = "sound/drivers/opl4/opl4_proc.c",
-+ [12755].name = "snd_opl4_mem_proc_read",
-+ [12755].param5 = 1,
-+ [12833].file = "net/sctp/auth.c",
-+ [12833].name = "sctp_auth_create_key",
-+ [12833].param1 = 1,
-+ [12840].file = "net/sctp/tsnmap.c",
-+ [12840].name = "sctp_tsnmap_mark",
-+ [12840].param2 = 1,
-+ [12896].file = "drivers/net/wireless/wl12xx/debugfs.c",
-+ [12896].name = "beacon_filtering_write",
-+ [12896].param3 = 1,
-+ [12931].file = "drivers/hid/hid-roccat.c",
-+ [12931].name = "roccat_read",
-+ [12931].param3 = 1,
-+ [12954].file = "fs/proc/base.c",
-+ [12954].name = "oom_adjust_write",
-+ [12954].param3 = 1,
-+ [13013].file = "drivers/media/dvb/ttpci/av7110_ca.c",
-+ [13013].name = "dvb_ca_write",
-+ [13013].param3 = 1,
-+ [13103].file = "drivers/acpi/acpica/utobject.c",
-+ [13103].name = "acpi_ut_create_string_object",
-+ [13103].param1 = 1,
-+ [13121].file = "net/ipv4/ip_sockglue.c",
-+ [13121].name = "do_ip_setsockopt",
-+ [13121].param5 = 1,
-+ [13337].file = "net/core/iovec.c",
-+ [13337].name = "csum_partial_copy_fromiovecend",
-+ [13337].param4 = 1,
-+ [13339].file = "security/smack/smackfs.c",
-+ [13339].name = "smk_write_netlbladdr",
-+ [13339].param3 = 1,
-+ [13342].file = "fs/jbd2/journal.c",
-+ [13342].name = "jbd2_alloc",
-+ [13342].param1 = 1,
-+ [13412].file = "fs/proc/base.c",
-+ [13412].name = "oom_score_adj_write",
-+ [13412].param3 = 1,
-+ [13659].file = "drivers/net/wan/hdlc.c",
-+ [13659].name = "attach_hdlc_protocol",
-+ [13659].param3 = 1,
-+ [13708].file = "drivers/usb/misc/usbtest.c",
-+ [13708].name = "simple_alloc_urb",
-+ [13708].param3 = 1,
-+ [13863].file = "drivers/net/wireless/iwlwifi/iwl-agn-rs.c",
-+ [13863].name = "rs_sta_dbgfs_scale_table_write",
-+ [13863].param3 = 1,
-+ [13924].file = "net/ipv4/netfilter/ip_tables.c",
-+ [13924].name = "do_ipt_set_ctl",
-+ [13924].param4 = 1,
-+ [14019].file = "net/dns_resolver/dns_key.c",
-+ [14019].name = "dns_resolver_instantiate",
-+ [14019].param2 = 1,
-+ [14019].param3 = 1,
-+ [14025].file = "net/ax25/af_ax25.c",
-+ [14025].name = "ax25_setsockopt",
-+ [14025].param5 = 1,
-+ [14029].file = "drivers/spi/spidev.c",
-+ [14029].name = "spidev_compat_ioctl",
-+ [14029].param2 = 1,
-+ [14031].file = "drivers/net/wireless/ath/ath5k/debug.c",
-+ [14031].name = "write_file_beacon",
-+ [14031].param3 = 1,
-+ [14086].file = "fs/nfs/nfs4proc.c",
-+ [14086].name = "nfs4_reset_slot_table",
-+ [14086].param2 = 1,
-+ [14090].file = "drivers/bluetooth/btmrvl_debugfs.c",
-+ [14090].name = "btmrvl_hsmode_write",
-+ [14090].param3 = 1,
-+ [14125].file = "kernel/module.c",
-+ [14125].name = "load_module",
-+ [14125].param2 = 1,
-+ [14149].file = "drivers/hid/hidraw.c",
-+ [14149].name = "hidraw_ioctl",
-+ [14149].param2 = 1,
-+ [14153].file = "drivers/staging/bcm/led_control.c",
-+ [14153].name = "ValidateDSDParamsChecksum",
-+ [14153].param3 = 1,
-+ [14174].file = "sound/pci/es1938.c",
-+ [14174].name = "snd_es1938_capture_copy",
-+ [14174].param5 = 1,
-+ [14207].file = "drivers/media/video/v4l2-event.c",
-+ [14207].name = "v4l2_event_subscribe",
-+ [14207].param3 = 1,
-+ [14241].file = "drivers/platform/x86/asus_acpi.c",
-+ [14241].name = "brn_proc_write",
-+ [14241].param3 = 1,
-+ [14299].file = "sound/core/oss/pcm_plugin.c",
-+ [14299].name = "snd_pcm_plugin_alloc",
-+ [14299].param2 = 1,
-+ [14345].file = "fs/cachefiles/daemon.c",
-+ [14345].name = "cachefiles_daemon_write",
-+ [14345].param3 = 1,
-+ [14347].file = "drivers/media/dvb/dvb-core/dvb_ca_en50221.c",
-+ [14347].name = "dvb_ca_en50221_io_write",
-+ [14347].param3 = 1,
-+ [14462].file = "fs/namei.c",
-+ [14462].name = "sys_rmdir",
-+ [14462].param1 = 1,
-+ [14478].file = "drivers/char/random.c",
-+ [14478].name = "random_write",
-+ [14478].param3 = 1,
-+ [1458].file = "drivers/misc/lkdtm.c",
-+ [1458].name = "direct_entry",
-+ [1458].param3 = 1,
-+ [145].file = "lib/xz/xz_dec_test.c",
-+ [145].name = "xz_dec_test_write",
-+ [145].param3 = 1,
-+ [14646].file = "fs/compat.c",
-+ [14646].name = "compat_writev",
-+ [14646].param3 = 1,
-+ [14736].file = "drivers/usb/misc/usbtest.c",
-+ [14736].name = "unlink_queued",
-+ [14736].param3 = 1,
-+ [14842].file = "fs/namei.c",
-+ [14842].name = "sys_renameat",
-+ [14842].param2 = 1,
-+ [14842].param4 = 1,
-+ [15017].file = "drivers/edac/edac_device.c",
-+ [15017].name = "edac_device_alloc_ctl_info",
-+ [15017].param1 = 1,
-+ [15087].file = "fs/bio.c",
-+ [15087].name = "bio_map_kern",
-+ [15087].param2 = 1,
-+ [15087].param3 = 1,
-+ [15112].file = "drivers/xen/evtchn.c",
-+ [15112].name = "evtchn_write",
-+ [15112].param3 = 1,
-+ [15274].file = "crypto/shash.c",
-+ [15274].name = "crypto_shash_setkey",
-+ [15274].param3 = 1,
-+ [15361].file = "drivers/char/agp/generic.c",
-+ [15361].name = "agp_allocate_memory",
-+ [15361].param2 = 1,
-+ [15497].file = "drivers/media/dvb/ddbridge/ddbridge-core.c",
-+ [15497].name = "ts_read",
-+ [15497].param3 = 1,
-+ [15551].file = "net/ipv4/netfilter/ipt_CLUSTERIP.c",
-+ [15551].name = "clusterip_proc_write",
-+ [15551].param3 = 1,
-+ [15701].file = "drivers/hid/hid-roccat-common.c",
-+ [15701].name = "roccat_common_receive",
-+ [15701].param4 = 1,
-+ [1572].file = "net/ceph/pagevec.c",
-+ [1572].name = "ceph_copy_page_vector_to_user",
-+ [1572].param4 = 1,
-+ [15814].file = "net/mac80211/debugfs_netdev.c",
-+ [15814].name = "ieee80211_if_write",
-+ [15814].param3 = 1,
-+ [15883].file = "security/keys/keyctl.c",
-+ [15883].name = "sys_add_key",
-+ [15883].param4 = 1,
-+ [15884].file = "fs/exofs/super.c",
-+ [15884].name = "exofs_read_lookup_dev_table",
-+ [15884].param3 = 1,
-+ [1603].file = "fs/debugfs/file.c",
-+ [1603].name = "write_file_bool",
-+ [1603].param3 = 1,
-+ [16073].file = "net/sctp/socket.c",
-+ [16073].name = "sctp_setsockopt",
-+ [16073].param5 = 1,
-+ [16138].file = "security/selinux/ss/services.c",
-+ [16138].name = "security_context_to_sid_force",
-+ [16138].param2 = 1,
-+ [16166].file = "drivers/platform/x86/thinkpad_acpi.c",
-+ [16166].name = "dispatch_proc_write",
-+ [16166].param3 = 1,
-+ [16229].file = "drivers/scsi/scsi_transport_iscsi.c",
-+ [16229].name = "iscsi_offload_mesg",
-+ [16229].param5 = 1,
-+ [16353].file = "drivers/base/regmap/regmap.c",
-+ [16353].name = "regmap_raw_write",
-+ [16353].param4 = 1,
-+ [16383].file = "fs/proc/base.c",
-+ [16383].name = "comm_write",
-+ [16383].param3 = 1,
-+ [16447].file = "drivers/hid/usbhid/hiddev.c",
-+ [16447].name = "hiddev_ioctl",
-+ [16447].param2 = 1,
-+ [16453].file = "include/linux/slab.h",
-+ [16453].name = "kzalloc",
-+ [16453].param1 = 1,
-+ [16535].file = "fs/proc/generic.c",
-+ [16535].name = "proc_file_read",
-+ [16535].param3 = 1,
-+ [16605].file = "fs/ecryptfs/miscdev.c",
-+ [16605].name = "ecryptfs_send_miscdev",
-+ [16605].param2 = 1,
-+ [16606].file = "drivers/ide/ide-tape.c",
-+ [16606].name = "idetape_chrdev_write",
-+ [16606].param3 = 1,
-+ [16741].file = "fs/namei.c",
-+ [16741].name = "sys_unlinkat",
-+ [16741].param2 = 1,
-+ [16911].file = "drivers/media/dvb/ttpci/av7110_hw.c",
-+ [16911].name = "LoadBitmap",
-+ [16911].param2 = 1,
-+ [17075].file = "sound/isa/gus/gus_dram.c",
-+ [17075].name = "snd_gus_dram_write",
-+ [17075].param4 = 1,
-+ [17133].file = "drivers/usb/misc/iowarrior.c",
-+ [17133].name = "iowarrior_read",
-+ [17133].param3 = 1,
-+ [17139].file = "fs/ubifs/xattr.c",
-+ [17139].name = "ubifs_setxattr",
-+ [17139].param4 = 1,
-+ [17185].file = "net/wireless/scan.c",
-+ [17185].name = "cfg80211_inform_bss",
-+ [17185].param8 = 1,
-+ [17349].file = "net/tipc/link.c",
-+ [17349].name = "tipc_link_send_sections_fast",
-+ [17349].param4 = 1,
-+ [17377].file = "drivers/usb/class/cdc-wdm.c",
-+ [17377].name = "wdm_write",
-+ [17377].param3 = 1,
-+ [17459].file = "drivers/usb/misc/rio500.c",
-+ [17459].name = "write_rio",
-+ [17459].param3 = 1,
-+ [17460].file = "fs/nfsd/nfscache.c",
-+ [17460].name = "nfsd_cache_update",
-+ [17460].param3 = 1,
-+ [17492].file = "net/dccp/proto.c",
-+ [17492].name = "do_dccp_setsockopt",
-+ [17492].param5 = 1,
-+ [1754].file = "sound/core/oss/pcm_oss.c",
-+ [1754].name = "snd_pcm_oss_write",
-+ [1754].param3 = 1,
-+ [17571].file = "drivers/ptp/ptp_chardev.c",
-+ [17571].name = "ptp_read",
-+ [17571].param4 = 1,
-+ [17684].file = "fs/namei.c",
-+ [17684].name = "sys_mknod",
-+ [17684].param1 = 1,
-+ [17718].file = "net/caif/caif_socket.c",
-+ [17718].name = "setsockopt",
-+ [17718].param5 = 1,
-+ [17875].file = "fs/namei.c",
-+ [17875].name = "sys_linkat",
-+ [17875].param2 = 1,
-+ [17875].param4 = 1,
-+ [17946].file = "drivers/net/wireless/libertas/if_spi.c",
-+ [17946].name = "if_spi_host_to_card",
-+ [17946].param4 = 1,
-+ [1800].file = "drivers/media/dvb/dvb-core/dmxdev.c",
-+ [1800].name = "dvb_dvr_do_ioctl",
-+ [1800].param3 = 1,
-+ [18102].file = "net/netlink/af_netlink.c",
-+ [18102].name = "netlink_change_ngroups",
-+ [18102].param2 = 1,
-+ [18183].file = "drivers/tty/tty_buffer.c",
-+ [18183].name = "tty_insert_flip_string_fixed_flag",
-+ [18183].param4 = 1,
-+ [18224].file = "drivers/xen/grant-table.c",
-+ [18224].name = "gnttab_map",
-+ [18224].param2 = 1,
-+ [18232].file = "fs/nfs/write.c",
-+ [18232].name = "nfs_writedata_alloc",
-+ [18232].param1 = 1,
-+ [18277].file = "drivers/char/virtio_console.c",
-+ [18277].name = "port_fops_write",
-+ [18277].param3 = 1,
-+ [18303].file = "fs/xattr.c",
-+ [18303].name = "getxattr",
-+ [18303].param4 = 1,
-+ [18353].file = "net/rfkill/core.c",
-+ [18353].name = "rfkill_fop_read",
-+ [18353].param3 = 1,
-+ [18386].file = "fs/read_write.c",
-+ [18386].name = "vfs_readv",
-+ [18386].param3 = 1,
-+ [18391].file = "fs/ocfs2/stack_user.c",
-+ [18391].name = "ocfs2_control_write",
-+ [18391].param3 = 1,
-+ [183].file = "crypto/ahash.c",
-+ [183].name = "crypto_ahash_setkey",
-+ [183].param3 = 1,
-+ [18406].file = "drivers/media/video/tm6000/tm6000-core.c",
-+ [18406].name = "tm6000_read_write_usb",
-+ [18406].param7 = 1,
-+ [1845].file = "drivers/net/wireless/rt2x00/rt2x00debug.c",
-+ [1845].name = "rt2x00debug_write_rf",
-+ [1845].param3 = 1,
-+ [18465].file = "drivers/net/ethernet/chelsio/cxgb3/cxgb3_offload.c",
-+ [18465].name = "cxgb_alloc_mem",
-+ [18465].param1 = 1,
-+ [1858].file = "net/ipv6/netfilter/ip6_tables.c",
-+ [1858].name = "do_ip6t_set_ctl",
-+ [1858].param4 = 1,
-+ [18659].file = "drivers/media/dvb/dvb-core/dvbdev.c",
-+ [18659].name = "dvb_usercopy",
-+ [18659].param2 = 1,
-+ [18775].file = "drivers/net/wireless/ath/ath5k/debug.c",
-+ [18775].name = "write_file_frameerrors",
-+ [18775].param3 = 1,
-+ [18928].file = "drivers/staging/speakup/devsynth.c",
-+ [18928].name = "speakup_file_write",
-+ [18928].param3 = 1,
-+ [18988].file = "drivers/staging/vme/devices/vme_user.c",
-+ [18988].name = "vme_user_read",
-+ [18988].param3 = 1,
-+ [19012].file = "drivers/acpi/event.c",
-+ [19012].name = "acpi_system_read_event",
-+ [19012].param3 = 1,
-+ [19028].file = "mm/filemap.c",
-+ [19028].name = "iov_iter_copy_from_user_atomic",
-+ [19028].param4 = 1,
-+ [19107].file = "security/smack/smackfs.c",
-+ [19107].name = "smk_write_load_list",
-+ [19107].param3 = 1,
-+ [19261].file = "net/netlabel/netlabel_domainhash.c",
-+ [19261].name = "netlbl_domhsh_init",
-+ [19261].param1 = 1,
-+ [19274].file = "net/core/pktgen.c",
-+ [19274].name = "pktgen_if_write",
-+ [19274].param3 = 1,
-+ [19286].file = "drivers/base/regmap/regmap.c",
-+ [19286].name = "_regmap_raw_write",
-+ [19286].param4 = 1,
-+ [19288].file = "net/ipv6/raw.c",
-+ [19288].name = "rawv6_setsockopt",
-+ [19288].param5 = 1,
-+ [19308].file = "drivers/char/mem.c",
-+ [19308].name = "read_oldmem",
-+ [19308].param3 = 1,
-+ [19332].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [19332].name = "iwl_dbgfs_plcp_delta_write",
-+ [19332].param3 = 1,
-+ [19349].file = "drivers/acpi/acpica/utobject.c",
-+ [19349].name = "acpi_ut_create_package_object",
-+ [19349].param1 = 1,
-+ [19504].file = "drivers/usb/serial/garmin_gps.c",
-+ [19504].name = "pkt_add",
-+ [19504].param3 = 1,
-+ [19522].file = "mm/percpu.c",
-+ [19522].name = "pcpu_mem_zalloc",
-+ [19522].param1 = 1,
-+ [19548].file = "drivers/scsi/qla2xxx/qla_init.c",
-+ [19548].name = "qla2x00_get_ctx_sp",
-+ [19548].param3 = 1,
-+ [19738].file = "fs/sysfs/file.c",
-+ [19738].name = "sysfs_write_file",
-+ [19738].param3 = 1,
-+ [19833].file = "drivers/xen/xenfs/privcmd.c",
-+ [19833].name = "gather_array",
-+ [19833].param3 = 1,
-+ [19909].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [19909].name = "lbs_sleepparams_write",
-+ [19909].param3 = 1,
-+ [19920].file = "drivers/input/joydev.c",
-+ [19920].name = "joydev_ioctl",
-+ [19920].param2 = 1,
-+ [19931].file = "drivers/usb/misc/ftdi-elan.c",
-+ [19931].name = "ftdi_elan_write",
-+ [19931].param3 = 1,
-+ [19943].file = "drivers/net/wireless/ath/ath9k/debug.c",
-+ [19943].name = "write_file_regval",
-+ [19943].param3 = 1,
-+ [19960].file = "drivers/usb/class/usblp.c",
-+ [19960].name = "usblp_read",
-+ [19960].param3 = 1,
-+ [20023].file = "drivers/media/video/gspca/gspca.c",
-+ [20023].name = "dev_read",
-+ [20023].param3 = 1,
-+ [20113].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [20113].name = "lbs_rdmac_write",
-+ [20113].param3 = 1,
-+ [20314].file = "drivers/gpu/drm/drm_hashtab.c",
-+ [20314].name = "drm_ht_create",
-+ [20314].param2 = 1,
-+ [20376].file = "mm/nobootmem.c",
-+ [20376].name = "__alloc_bootmem_nopanic",
-+ [20376].param1 = 1,
-+ [20606].file = "fs/nilfs2/mdt.c",
-+ [20606].name = "nilfs_mdt_init",
-+ [20606].param3 = 1,
-+ [20611].file = "net/netfilter/x_tables.c",
-+ [20611].name = "xt_alloc_table_info",
-+ [20611].param1 = 1,
-+ [20713].file = "drivers/gpu/drm/ttm/ttm_bo_vm.c",
-+ [20713].name = "ttm_bo_io",
-+ [20713].param5 = 1,
-+ [20730].file = "drivers/media/video/videobuf2-vmalloc.c",
-+ [20730].name = "vb2_vmalloc_alloc",
-+ [20730].param2 = 1,
-+ [20801].file = "drivers/vhost/vhost.c",
-+ [20801].name = "vhost_add_used_n",
-+ [20801].param3 = 1,
-+ [20835].file = "drivers/isdn/i4l/isdn_common.c",
-+ [20835].name = "isdn_read",
-+ [20835].param3 = 1,
-+ [20951].file = "crypto/rng.c",
-+ [20951].name = "rngapi_reset",
-+ [20951].param3 = 1,
-+ [21134].file = "drivers/video/via/viafbdev.c",
-+ [21134].name = "viafb_dfph_proc_write",
-+ [21134].param3 = 1,
-+ [21193].file = "net/wireless/sme.c",
-+ [21193].name = "cfg80211_disconnected",
-+ [21193].param4 = 1,
-+ [21277].file = "drivers/usb/storage/shuttle_usbat.c",
-+ [21277].name = "usbat_flash_write_data",
-+ [21277].param4 = 1,
-+ [21312].file = "lib/ts_kmp.c",
-+ [21312].name = "kmp_init",
-+ [21312].param2 = 1,
-+ [21335].file = "net/econet/af_econet.c",
-+ [21335].name = "econet_sendmsg",
-+ [21335].param4 = 1,
-+ [21397].file = "net/core/sock.c",
-+ [21397].name = "sock_setsockopt",
-+ [21397].param5 = 1,
-+ [21406].file = "fs/libfs.c",
-+ [21406].name = "simple_write_to_buffer",
-+ [21406].param2 = 1,
-+ [21406].param5 = 1,
-+ [21451].file = "net/netfilter/ipvs/ip_vs_ctl.c",
-+ [21451].name = "do_ip_vs_set_ctl",
-+ [21451].param4 = 1,
-+ [21459].file = "security/smack/smackfs.c",
-+ [21459].name = "smk_write_doi",
-+ [21459].param3 = 1,
-+ [21468].file = "drivers/char/virtio_console.c",
-+ [21468].name = "port_fops_read",
-+ [21468].param3 = 1,
-+ [21511].file = "drivers/input/ff-core.c",
-+ [21511].name = "input_ff_create",
-+ [21511].param2 = 1,
-+ [21538].file = "net/bluetooth/l2cap_sock.c",
-+ [21538].name = "l2cap_sock_setsockopt",
-+ [21538].param5 = 1,
-+ [21608].file = "drivers/char/tpm/tpm.c",
-+ [21608].name = "tpm_write",
-+ [21608].param3 = 1,
-+ [2160].file = "drivers/net/wireless/ray_cs.c",
-+ [2160].name = "int_proc_write",
-+ [2160].param3 = 1,
-+ [21632].file = "fs/afs/cell.c",
-+ [21632].name = "afs_cell_create",
-+ [21632].param2 = 1,
-+ [21679].file = "drivers/net/wireless/ath/carl9170/debug.c",
-+ [21679].name = "carl9170_debugfs_write",
-+ [21679].param3 = 1,
-+ [21712].file = "net/rxrpc/ar-output.c",
-+ [21712].name = "rxrpc_send_data",
-+ [21712].param5 = 1,
-+ [2180].file = "drivers/char/ppdev.c",
-+ [2180].name = "pp_write",
-+ [2180].param3 = 1,
-+ [21946].file = "fs/nfs/idmap.c",
-+ [21946].name = "nfs_map_name_to_uid",
-+ [21946].param3 = 1,
-+ [22085].file = "drivers/staging/sep/sep_driver.c",
-+ [22085].name = "sep_lock_user_pages",
-+ [22085].param2 = 1,
-+ [22085].param3 = 1,
-+ [22187].file = "fs/namei.c",
-+ [22187].name = "user_path_at_empty",
-+ [22187].param2 = 1,
-+ [22190].file = "drivers/char/tpm/tpm.c",
-+ [22190].name = "tpm_read",
-+ [22190].param3 = 1,
-+ [22204].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [22204].name = "iwl_dbgfs_echo_test_write",
-+ [22204].param3 = 1,
-+ [22291].file = "net/core/pktgen.c",
-+ [22291].name = "pgctrl_write",
-+ [22291].param3 = 1,
-+ [22439].file = "fs/afs/rxrpc.c",
-+ [22439].name = "afs_alloc_flat_call",
-+ [22439].param2 = 1,
-+ [22439].param3 = 1,
-+ [2243].file = "drivers/scsi/scsi_tgt_lib.c",
-+ [2243].name = "scsi_tgt_kspace_exec",
-+ [2243].param8 = 1,
-+ [22546].file = "drivers/char/pcmcia/cm4040_cs.c",
-+ [22546].name = "cm4040_read",
-+ [22546].param3 = 1,
-+ [22742].file = "drivers/tty/tty_buffer.c",
-+ [22742].name = "tty_insert_flip_string_flags",
-+ [22742].param4 = 1,
-+ [22772].file = "drivers/target/iscsi/iscsi_target_erl1.c",
-+ [22772].name = "iscsit_dump_data_payload",
-+ [22772].param2 = 1,
-+ [2286].file = "drivers/scsi/mvumi.c",
-+ [2286].name = "mvumi_alloc_mem_resource",
-+ [2286].param3 = 1,
-+ [22904].file = "security/selinux/ss/services.c",
-+ [22904].name = "security_context_to_sid_default",
-+ [22904].param2 = 1,
-+ [22932].file = "fs/compat.c",
-+ [22932].name = "compat_sys_writev",
-+ [22932].param3 = 1,
-+ [2302].file = "drivers/media/video/stk-webcam.c",
-+ [2302].name = "v4l_stk_read",
-+ [2302].param3 = 1,
-+ [23037].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [23037].name = "iwl_dbgfs_wd_timeout_write",
-+ [23037].param3 = 1,
-+ [2307].file = "drivers/pcmcia/cistpl.c",
-+ [2307].name = "pcmcia_replace_cis",
-+ [2307].param3 = 1,
-+ [23093].file = "drivers/scsi/st.c",
-+ [23093].name = "st_read",
-+ [23093].param3 = 1,
-+ [23117].file = "drivers/media/dvb/ttpci/av7110_av.c",
-+ [23117].name = "dvb_audio_write",
-+ [23117].param3 = 1,
-+ [2324].file = "net/ieee802154/wpan-class.c",
-+ [2324].name = "wpan_phy_alloc",
-+ [2324].param1 = 1,
-+ [23535].file = "ipc/sem.c",
-+ [23535].name = "sys_semtimedop",
-+ [23535].param3 = 1,
-+ [2357].file = "drivers/usb/serial/garmin_gps.c",
-+ [2357].name = "garmin_read_process",
-+ [2357].param3 = 1,
-+ [23589].file = "kernel/relay.c",
-+ [23589].name = "subbuf_read_actor",
-+ [23589].param3 = 1,
-+ [23619].file = "drivers/tty/tty_buffer.c",
-+ [23619].name = "tty_buffer_request_room",
-+ [23619].param2 = 1,
-+ [23640].file = "drivers/usb/host/ehci-dbg.c",
-+ [23640].name = "debug_lpm_write",
-+ [23640].param3 = 1,
-+ [23684].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c",
-+ [23684].name = "iwl_legacy_dbgfs_clear_traffic_statistics_write",
-+ [23684].param3 = 1,
-+ [23848].file = "crypto/blkcipher.c",
-+ [23848].name = "async_setkey",
-+ [23848].param3 = 1,
-+ [2386].file = "drivers/acpi/acpica/exnames.c",
-+ [2386].name = "acpi_ex_allocate_name_string",
-+ [2386].param2 = 1,
-+ [23883].file = "drivers/net/wireless/iwlwifi/iwl-trans-pcie.c",
-+ [23883].name = "iwl_dbgfs_interrupt_write",
-+ [23883].param3 = 1,
-+ [23999].file = "sound/pci/rme9652/hdsp.c",
-+ [23999].name = "snd_hdsp_capture_copy",
-+ [23999].param5 = 1,
-+ [24072].file = "drivers/staging/pohmelfs/inode.c",
-+ [24072].name = "pohmelfs_send_readpages",
-+ [24072].param3 = 1,
-+ [24233].file = "drivers/pci/pcie/aer/aer_inject.c",
-+ [24233].name = "aer_inject_write",
-+ [24233].param3 = 1,
-+ [24263].file = "kernel/cgroup.c",
-+ [24263].name = "cgroup_file_write",
-+ [24263].param3 = 1,
-+ [24313].file = "drivers/staging/frontier/tranzport.c",
-+ [24313].name = "usb_tranzport_write",
-+ [24313].param3 = 1,
-+ [24359].file = "kernel/power/qos.c",
-+ [24359].name = "pm_qos_power_write",
-+ [24359].param3 = 1,
-+ [24410].file = "drivers/net/wireless/ipw2x00/libipw_module.c",
-+ [24410].name = "debug_level_proc_write",
-+ [24410].param3 = 1,
-+ [24457].file = "fs/btrfs/backref.c",
-+ [24457].name = "init_data_container",
-+ [24457].param1 = 1,
-+ [24539].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c",
-+ [24539].name = "vmw_framebuffer_dmabuf_dirty",
-+ [24539].param6 = 1,
-+ [24719].file = "drivers/input/evdev.c",
-+ [24719].name = "bits_to_user",
-+ [24719].param2 = 1,
-+ [24719].param3 = 1,
-+ [2472].file = "net/ipv4/netfilter/ip_tables.c",
-+ [2472].name = "compat_do_ipt_set_ctl",
-+ [2472].param4 = 1,
-+ [24755].file = "drivers/infiniband/hw/qib/qib_diag.c",
-+ [24755].name = "qib_diag_write",
-+ [24755].param3 = 1,
-+ [24805].file = "security/keys/user_defined.c",
-+ [24805].name = "user_update",
-+ [24805].param3 = 1,
-+ [25036].file = "fs/pipe.c",
-+ [25036].name = "pipe_iov_copy_from_user",
-+ [25036].param3 = 1,
-+ [25127].file = "drivers/scsi/device_handler/scsi_dh_alua.c",
-+ [25127].name = "realloc_buffer",
-+ [25127].param2 = 1,
-+ [25157].file = "security/keys/request_key_auth.c",
-+ [25157].name = "request_key_auth_new",
-+ [25157].param3 = 1,
-+ [25158].file = "drivers/net/ethernet/mellanox/mlx4/en_rx.c",
-+ [25158].name = "mlx4_en_create_rx_ring",
-+ [25158].param3 = 1,
-+ [25223].file = "drivers/platform/x86/toshiba_acpi.c",
-+ [25223].name = "fan_proc_write",
-+ [25223].param3 = 1,
-+ [25267].file = "fs/configfs/file.c",
-+ [25267].name = "configfs_write_file",
-+ [25267].param3 = 1,
-+ [25356].file = "net/core/dev.c",
-+ [25356].name = "alloc_netdev_mqs",
-+ [25356].param4 = 1,
-+ [25356].param5 = 1,
-+ [25495].file = "drivers/scsi/bfa/bfad_debugfs.c",
-+ [25495].name = "bfad_debugfs_write_regwr",
-+ [25495].param3 = 1,
-+ [25558].file = "fs/proc/task_mmu.c",
-+ [25558].name = "clear_refs_write",
-+ [25558].param3 = 1,
-+ [25692].file = "drivers/net/wireless/ath/ath6kl/wmi.c",
-+ [25692].name = "ath6kl_wmi_send_action_cmd",
-+ [25692].param6 = 1,
-+ [2609].file = "lib/kstrtox.c",
-+ [2609].name = "kstrtoul_from_user",
-+ [2609].param2 = 1,
-+ [26100].file = "sound/core/info.c",
-+ [26100].name = "snd_info_entry_write",
-+ [26100].param3 = 1,
-+ [26215].file = "drivers/md/dm-table.c",
-+ [26215].name = "dm_table_create",
-+ [26215].param3 = 1,
-+ [26256].file = "fs/hpfs/name.c",
-+ [26256].name = "hpfs_translate_name",
-+ [26256].param3 = 1,
-+ [26404].file = "drivers/net/wireless/mwifiex/debugfs.c",
-+ [26404].name = "mwifiex_rdeeprom_write",
-+ [26404].param3 = 1,
-+ [26494].file = "kernel/signal.c",
-+ [26494].name = "sys_rt_sigpending",
-+ [26494].param2 = 1,
-+ [26497].file = "security/keys/keyctl.c",
-+ [26497].name = "sys_keyctl",
-+ [26497].param4 = 1,
-+ [26533].file = "drivers/block/aoe/aoechr.c",
-+ [26533].name = "aoechr_write",
-+ [26533].param3 = 1,
-+ [26560].file = "crypto/algapi.c",
-+ [26560].name = "crypto_alloc_instance2",
-+ [26560].param3 = 1,
-+ [26620].file = "net/bluetooth/mgmt.c",
-+ [26620].name = "mgmt_control",
-+ [26620].param3 = 1,
-+ [26701].file = "drivers/mtd/chips/cfi_util.c",
-+ [26701].name = "cfi_read_pri",
-+ [26701].param3 = 1,
-+ [26757].file = "fs/xattr.c",
-+ [26757].name = "sys_fgetxattr",
-+ [26757].param4 = 1,
-+ [2678].file = "drivers/platform/x86/asus_acpi.c",
-+ [2678].name = "disp_proc_write",
-+ [2678].param3 = 1,
-+ [26834].file = "drivers/gpu/drm/drm_drv.c",
-+ [26834].name = "drm_ioctl",
-+ [26834].param2 = 1,
-+ [26843].file = "drivers/firewire/core-cdev.c",
-+ [26843].name = "fw_device_op_compat_ioctl",
-+ [26843].param2 = 1,
-+ [26845].file = "drivers/scsi/qla2xxx/qla_bsg.c",
-+ [26845].name = "qla2x00_get_ctx_bsg_sp",
-+ [26845].param3 = 1,
-+ [26962].file = "drivers/usb/class/usbtmc.c",
-+ [26962].name = "usbtmc_write",
-+ [26962].param3 = 1,
-+ [26966].file = "drivers/media/dvb/ddbridge/ddbridge-core.c",
-+ [26966].name = "ts_write",
-+ [26966].param3 = 1,
-+ [27004].file = "drivers/misc/hpilo.c",
-+ [27004].name = "ilo_write",
-+ [27004].param3 = 1,
-+ [27025].file = "fs/ntfs/file.c",
-+ [27025].name = "__ntfs_copy_from_user_iovec_inatomic",
-+ [27025].param3 = 1,
-+ [27025].param4 = 1,
-+ [27061].file = "drivers/firewire/core-cdev.c",
-+ [27061].name = "iso_callback",
-+ [27061].param3 = 1,
-+ [2711].file = "drivers/media/dvb/dvb-core/dvb_ringbuffer.c",
-+ [2711].name = "dvb_ringbuffer_read_user",
-+ [2711].param3 = 1,
-+ [27129].file = "fs/lockd/mon.c",
-+ [27129].name = "nsm_get_handle",
-+ [27129].param4 = 1,
-+ [27142].file = "fs/proc/kcore.c",
-+ [27142].name = "read_kcore",
-+ [27142].param3 = 1,
-+ [27164].file = "include/drm/drm_mem_util.h",
-+ [27164].name = "drm_calloc_large",
-+ [27164].param1 = 1,
-+ [2722].file = "drivers/gpu/drm/ttm/ttm_page_alloc.c",
-+ [2722].name = "ttm_alloc_new_pages",
-+ [2722].param5 = 1,
-+ [27232].file = "security/apparmor/lib.c",
-+ [27232].name = "kvmalloc",
-+ [27232].param1 = 1,
-+ [27275].file = "drivers/scsi/cxgbi/libcxgbi.c",
-+ [27275].name = "cxgbi_ddp_reserve",
-+ [27275].param4 = 1,
-+ [27280].file = "drivers/net/ethernet/mellanox/mlx4/en_tx.c",
-+ [27280].name = "mlx4_en_create_tx_ring",
-+ [27280].param4 = 1,
-+ [27290].file = "security/selinux/ss/services.c",
-+ [27290].name = "security_context_to_sid_core",
-+ [27290].param2 = 1,
-+ [27302].file = "fs/proc/base.c",
-+ [27302].name = "proc_loginuid_write",
-+ [27302].param3 = 1,
-+ [27472].file = "security/selinux/selinuxfs.c",
-+ [27472].name = "sel_write_load",
-+ [27472].param3 = 1,
-+ [27491].file = "fs/proc/base.c",
-+ [27491].name = "proc_pid_attr_write",
-+ [27491].param3 = 1,
-+ [27568].file = "drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c",
-+ [27568].name = "t4_alloc_mem",
-+ [27568].param1 = 1,
-+ [27582].file = "drivers/platform/x86/asus_acpi.c",
-+ [27582].name = "ledd_proc_write",
-+ [27582].param3 = 1,
-+ [27695].file = "fs/namei.c",
-+ [27695].name = "sys_link",
-+ [27695].param1 = 1,
-+ [27695].param2 = 1,
-+ [27697].file = "drivers/staging/mei/iorw.c",
-+ [27697].name = "amthi_read",
-+ [27697].param4 = 1,
-+ [27927].file = "drivers/tty/tty_io.c",
-+ [27927].name = "redirected_tty_write",
-+ [27927].param3 = 1,
-+ [28040].file = "kernel/kfifo.c",
-+ [28040].name = "__kfifo_alloc",
-+ [28040].param2 = 1,
-+ [28040].param3 = 1,
-+ [28092].file = "fs/select.c",
-+ [28092].name = "do_sys_poll",
-+ [28092].param2 = 1,
-+ [28170].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [28170].name = "iwl_dbgfs_ucode_tracing_write",
-+ [28170].param3 = 1,
-+ [28247].file = "net/sctp/tsnmap.c",
-+ [28247].name = "sctp_tsnmap_init",
-+ [28247].param2 = 1,
-+ [28265].file = "fs/notify/fanotify/fanotify_user.c",
-+ [28265].name = "fanotify_write",
-+ [28265].param3 = 1,
-+ [28316].file = "drivers/input/joydev.c",
-+ [28316].name = "joydev_ioctl_common",
-+ [28316].param2 = 1,
-+ [28360].file = "drivers/hid/usbhid/hiddev.c",
-+ [28360].name = "hiddev_compat_ioctl",
-+ [28360].param2 = 1,
-+ [28407].file = "drivers/net/wireless/rt2x00/rt2x00debug.c",
-+ [28407].name = "rt2x00debug_write_csr",
-+ [28407].param3 = 1,
-+ [28462].file = "net/rfkill/core.c",
-+ [28462].name = "rfkill_fop_write",
-+ [28462].param3 = 1,
-+ [28635].file = "drivers/gpu/drm/drm_sman.c",
-+ [28635].name = "drm_sman_init",
-+ [28635].param2 = 1,
-+ [28655].file = "drivers/infiniband/hw/mthca/mthca_allocator.c",
-+ [28655].name = "mthca_alloc_init",
-+ [28655].param2 = 1,
-+ [28688].file = "mm/mempolicy.c",
-+ [28688].name = "compat_sys_get_mempolicy",
-+ [28688].param3 = 1,
-+ [28783].file = "drivers/gpu/drm/i915/i915_debugfs.c",
-+ [28783].name = "i915_cache_sharing_write",
-+ [28783].param3 = 1,
-+ [28787].file = "drivers/media/video/videobuf2-core.c",
-+ [28787].name = "vb2_write",
-+ [28787].param3 = 1,
-+ [28879].file = "drivers/base/map.c",
-+ [28879].name = "kobj_map",
-+ [28879].param2 = 1,
-+ [28879].param3 = 1,
-+ [28889].file = "drivers/char/pcmcia/cm4040_cs.c",
-+ [28889].name = "cm4040_write",
-+ [28889].param3 = 1,
-+ [29073].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c",
-+ [29073].name = "vmw_kms_readback",
-+ [29073].param6 = 1,
-+ [29085].file = "security/apparmor/apparmorfs.c",
-+ [29085].name = "profile_load",
-+ [29085].param3 = 1,
-+ [29092].file = "lib/lru_cache.c",
-+ [29092].name = "lc_create",
-+ [29092].param3 = 1,
-+ [29189].file = "drivers/gpu/drm/ttm/ttm_page_alloc.c",
-+ [29189].name = "ttm_put_pages",
-+ [29189].param2 = 1,
-+ [29257].file = "drivers/vhost/vhost.c",
-+ [29257].name = "vhost_add_used_and_signal_n",
-+ [29257].param4 = 1,
-+ [29366].file = "drivers/char/pcmcia/cm4000_cs.c",
-+ [29366].name = "cmm_read",
-+ [29366].param3 = 1,
-+ [29405].file = "drivers/media/dvb/dvb-usb/dw2102.c",
-+ [29405].name = "dw210x_op_rw",
-+ [29405].param6 = 1,
-+ [29437].file = "drivers/net/wireless/iwlegacy/iwl-4965-rs.c",
-+ [29437].name = "iwl4965_rs_sta_dbgfs_scale_table_write",
-+ [29437].param3 = 1,
-+ [29465].file = "drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c",
-+ [29465].name = "mem_read",
-+ [29465].param3 = 1,
-+ [29714].file = "drivers/scsi/cxgbi/libcxgbi.c",
-+ [29714].name = "cxgbi_device_register",
-+ [29714].param1 = 1,
-+ [29714].param2 = 1,
-+ [29859].file = "net/rds/page.c",
-+ [29859].name = "rds_page_copy_user",
-+ [29859].param4 = 1,
-+ [29875].file = "sound/isa/gus/gus_pcm.c",
-+ [29875].name = "snd_gf1_pcm_playback_copy",
-+ [29875].param5 = 1,
-+ [29905].file = "mm/nobootmem.c",
-+ [29905].name = "___alloc_bootmem",
-+ [29905].param1 = 1,
-+ [2995].file = "mm/page_alloc.c",
-+ [2995].name = "alloc_large_system_hash",
-+ [2995].param2 = 1,
-+ [30242].file = "fs/cifs/cifssmb.c",
-+ [30242].name = "cifs_readdata_alloc",
-+ [30242].param1 = 1,
-+ [30341].file = "drivers/infiniband/hw/qib/qib_verbs.c",
-+ [30341].name = "qib_verbs_send",
-+ [30341].param3 = 1,
-+ [30341].param5 = 1,
-+ [30438].file = "mm/filemap_xip.c",
-+ [30438].name = "xip_file_read",
-+ [30438].param3 = 1,
-+ [30449].file = "drivers/telephony/ixj.c",
-+ [30449].name = "ixj_read",
-+ [30449].param3 = 1,
-+ [30489].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [30489].name = "iwl_dbgfs_rx_handlers_write",
-+ [30489].param3 = 1,
-+ [30693].file = "fs/namei.c",
-+ [30693].name = "sys_rename",
-+ [30693].param1 = 1,
-+ [30693].param2 = 1,
-+ [307].file = "drivers/base/regmap/regmap-debugfs.c",
-+ [307].name = "regmap_map_read_file",
-+ [307].param3 = 1,
-+ [30970].file = "drivers/usb/misc/ldusb.c",
-+ [30970].name = "ld_usb_read",
-+ [30970].param3 = 1,
-+ [31155].file = "drivers/staging/frontier/alphatrack.c",
-+ [31155].name = "usb_alphatrack_write",
-+ [31155].param3 = 1,
-+ [31207].file = "drivers/platform/x86/asus_acpi.c",
-+ [31207].name = "parse_arg",
-+ [31207].param2 = 1,
-+ [31348].file = "kernel/sched.c",
-+ [31348].name = "sys_sched_getaffinity",
-+ [31348].param2 = 1,
-+ [31465].file = "net/rds/message.c",
-+ [31465].name = "rds_message_map_pages",
-+ [31465].param2 = 1,
-+ [31492].file = "drivers/hid/hidraw.c",
-+ [31492].name = "hidraw_read",
-+ [31492].param3 = 1,
-+ [31649].file = "fs/ecryptfs/crypto.c",
-+ [31649].name = "ecryptfs_decode_and_decrypt_filename",
-+ [31649].param5 = 1,
-+ [3170].file = "security/integrity/ima/ima_fs.c",
-+ [3170].name = "ima_write_policy",
-+ [3170].param3 = 1,
-+ [31730].file = "net/dccp/proto.c",
-+ [31730].name = "dccp_setsockopt",
-+ [31730].param5 = 1,
-+ [31782].file = "drivers/misc/pti.c",
-+ [31782].name = "pti_char_write",
-+ [31782].param3 = 1,
-+ [31789].file = "fs/file.c",
-+ [31789].name = "alloc_fdmem",
-+ [31789].param1 = 1,
-+ [31957].file = "fs/afs/proc.c",
-+ [31957].name = "afs_proc_cells_write",
-+ [31957].param3 = 1,
-+ [32025].file = "drivers/nfc/pn544.c",
-+ [32025].name = "pn544_write",
-+ [32025].param3 = 1,
-+ [32182].file = "net/sunrpc/cache.c",
-+ [32182].name = "cache_write",
-+ [32182].param3 = 1,
-+ [32326].file = "drivers/tty/n_r3964.c",
-+ [32326].name = "r3964_write",
-+ [32326].param4 = 1,
-+ [32402].file = "net/ceph/pagevec.c",
-+ [32402].name = "ceph_copy_user_to_page_vector",
-+ [32402].param4 = 1,
-+ [3241].file = "drivers/usb/wusbcore/crypto.c",
-+ [3241].name = "wusb_prf",
-+ [3241].param7 = 1,
-+ [32459].file = "drivers/media/radio/radio-wl1273.c",
-+ [32459].name = "wl1273_fm_fops_write",
-+ [32459].param3 = 1,
-+ [32560].file = "drivers/input/input-mt.c",
-+ [32560].name = "input_mt_init_slots",
-+ [32560].param2 = 1,
-+ [32574].file = "mm/mempolicy.c",
-+ [32574].name = "sys_get_mempolicy",
-+ [32574].param3 = 1,
-+ [32608].file = "security/selinux/selinuxfs.c",
-+ [32608].name = "sel_write_checkreqprot",
-+ [32608].param3 = 1,
-+ [32950].file = "fs/reiserfs/resize.c",
-+ [32950].name = "reiserfs_resize",
-+ [32950].param2 = 1,
-+ [33010].file = "drivers/media/dvb/dvb-core/dvb_ringbuffer.c",
-+ [33010].name = "dvb_ringbuffer_pkt_read_user",
-+ [33010].param5 = 1,
-+ [33268].file = "mm/maccess.c",
-+ [33268].name = "__probe_kernel_write",
-+ [33268].param3 = 1,
-+ [33280].file = "fs/xfs/kmem.c",
-+ [33280].name = "kmem_realloc",
-+ [33280].param2 = 1,
-+ [33375].file = "drivers/staging/rtl8712/osdep_service.h",
-+ [33375].name = "_malloc",
-+ [33375].param1 = 1,
-+ [33637].file = "net/9p/client.c",
-+ [33637].name = "p9_client_read",
-+ [33637].param5 = 1,
-+ [33669].file = "fs/gfs2/glock.c",
-+ [33669].name = "gfs2_glock_nq_m",
-+ [33669].param1 = 1,
-+ [33810].file = "net/mac80211/util.c",
-+ [33810].name = "ieee80211_send_probe_req",
-+ [33810].param6 = 1,
-+ [3384].file = "drivers/block/paride/pg.c",
-+ [3384].name = "pg_write",
-+ [3384].param3 = 1,
-+ [34016].file = "drivers/tty/tty_buffer.c",
-+ [34016].name = "tty_prepare_flip_string_flags",
-+ [34016].param4 = 1,
-+ [34105].file = "fs/libfs.c",
-+ [34105].name = "simple_read_from_buffer",
-+ [34105].param2 = 1,
-+ [34105].param5 = 1,
-+ [34120].file = "drivers/media/video/pvrusb2/pvrusb2-io.c",
-+ [34120].name = "pvr2_stream_buffer_count",
-+ [34120].param2 = 1,
-+ [34226].file = "mm/shmem.c",
-+ [34226].name = "shmem_xattr_set",
-+ [34226].param4 = 1,
-+ [34251].file = "drivers/staging/cxt1e1/sbecom_inline_linux.h",
-+ [34251].name = "OS_kmalloc",
-+ [34251].param1 = 1,
-+ [34276].file = "drivers/media/video/videobuf2-core.c",
-+ [34276].name = "__vb2_perform_fileio",
-+ [34276].param3 = 1,
-+ [34278].file = "fs/ubifs/debug.c",
-+ [34278].name = "dfs_global_file_write",
-+ [34278].param3 = 1,
-+ [34432].file = "drivers/edac/edac_pci.c",
-+ [34432].name = "edac_pci_alloc_ctl_info",
-+ [34432].param1 = 1,
-+ [34551].file = "fs/ocfs2/stack_user.c",
-+ [34551].name = "ocfs2_control_cfu",
-+ [34551].param2 = 1,
-+ [34666].file = "fs/cifs/cifs_debug.c",
-+ [34666].name = "cifs_security_flags_proc_write",
-+ [34666].param3 = 1,
-+ [34672].file = "drivers/tty/tty_io.c",
-+ [34672].name = "tty_write",
-+ [34672].param3 = 1,
-+ [34760].file = "include/acpi/platform/aclinux.h",
-+ [34760].name = "acpi_os_allocate_zeroed",
-+ [34760].param1 = 1,
-+ [34802].file = "drivers/scsi/cxgbi/libcxgbi.h",
-+ [34802].name = "cxgbi_alloc_big_mem",
-+ [34802].param1 = 1,
-+ [34847].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [34847].name = "iwl_dbgfs_clear_traffic_statistics_write",
-+ [34847].param3 = 1,
-+ [34863].file = "drivers/video/fbsysfs.c",
-+ [34863].name = "framebuffer_alloc",
-+ [34863].param1 = 1,
-+ [34882].file = "drivers/platform/x86/toshiba_acpi.c",
-+ [34882].name = "video_proc_write",
-+ [34882].param3 = 1,
-+ [34988].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [34988].name = "lbs_rdrf_write",
-+ [34988].param3 = 1,
-+ [35007].file = "drivers/usb/mon/mon_bin.c",
-+ [35007].name = "mon_bin_read",
-+ [35007].param3 = 1,
-+ [35050].file = "fs/ocfs2/dlmfs/dlmfs.c",
-+ [35050].name = "dlmfs_file_write",
-+ [35050].param3 = 1,
-+ [35119].file = "fs/xattr.c",
-+ [35119].name = "sys_llistxattr",
-+ [35119].param3 = 1,
-+ [35129].file = "mm/nobootmem.c",
-+ [35129].name = "___alloc_bootmem_nopanic",
-+ [35129].param1 = 1,
-+ [35176].file = "drivers/usb/misc/ldusb.c",
-+ [35176].name = "ld_usb_write",
-+ [35176].param3 = 1,
-+ [35234].file = "net/irda/irnet/irnet_ppp.c",
-+ [35234].name = "irnet_ctrl_write",
-+ [35234].param3 = 1,
-+ [35256].file = "sound/core/memory.c",
-+ [35256].name = "copy_from_user_toio",
-+ [35256].param3 = 1,
-+ [35268].file = "security/keys/request_key_auth.c",
-+ [35268].name = "request_key_auth_read",
-+ [35268].param3 = 1,
-+ [3541].file = "drivers/mtd/ubi/cdev.c",
-+ [3541].name = "vol_cdev_write",
-+ [3541].param3 = 1,
-+ [35443].file = "sound/core/pcm_memory.c",
-+ [35443].name = "_snd_pcm_lib_alloc_vmalloc_buffer",
-+ [35443].param2 = 1,
-+ [35449].file = "fs/namei.c",
-+ [35449].name = "sys_mkdir",
-+ [35449].param1 = 1,
-+ [35542].file = "drivers/tty/ipwireless/hardware.c",
-+ [35542].name = "ipwireless_send_packet",
-+ [35542].param4 = 1,
-+ [35556].file = "fs/read_write.c",
-+ [35556].name = "sys_readv",
-+ [35556].param3 = 1,
-+ [35610].file = "net/batman-adv/translation-table.c",
-+ [35610].name = "tt_save_orig_buffer",
-+ [35610].param4 = 1,
-+ [35693].file = "drivers/staging/mei/main.c",
-+ [35693].name = "mei_read",
-+ [35693].param3 = 1,
-+ [35729].file = "include/linux/skbuff.h",
-+ [35729].name = "__dev_alloc_skb",
-+ [35729].param1 = 1,
-+ [35731].file = "drivers/usb/class/cdc-wdm.c",
-+ [35731].name = "wdm_read",
-+ [35731].param3 = 1,
-+ [35796].file = "drivers/mtd/nand/nand_bch.c",
-+ [35796].name = "nand_bch_init",
-+ [35796].param2 = 1,
-+ [35796].param3 = 1,
-+ [35880].file = "fs/ecryptfs/crypto.c",
-+ [35880].name = "ecryptfs_encrypt_and_encode_filename",
-+ [35880].param6 = 1,
-+ [3604].file = "net/batman-adv/translation-table.c",
-+ [3604].name = "tt_update_orig",
-+ [3604].param4 = 1,
-+ [36080].file = "drivers/media/video/v4l2-ioctl.c",
-+ [36080].name = "video_usercopy",
-+ [36080].param2 = 1,
-+ [36149].file = "fs/udf/inode.c",
-+ [36149].name = "udf_alloc_i_data",
-+ [36149].param2 = 1,
-+ [36183].file = "drivers/tty/vt/vc_screen.c",
-+ [36183].name = "vcs_read",
-+ [36183].param3 = 1,
-+ [36199].file = "net/sunrpc/auth_gss/auth_gss.c",
-+ [36199].name = "gss_pipe_downcall",
-+ [36199].param3 = 1,
-+ [3630].file = "drivers/video/broadsheetfb.c",
-+ [3630].name = "broadsheetfb_write",
-+ [3630].param3 = 1,
-+ [3632].file = "drivers/firewire/core-cdev.c",
-+ [3632].name = "fw_device_op_read",
-+ [3632].param3 = 1,
-+ [36490].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c",
-+ [36490].name = "ath6kl_cfg80211_connect_event",
-+ [36490].param7 = 1,
-+ [36522].file = "drivers/hid/hidraw.c",
-+ [36522].name = "hidraw_send_report",
-+ [36522].param3 = 1,
-+ [36560].file = "net/sunrpc/cache.c",
-+ [36560].name = "write_flush",
-+ [36560].param3 = 1,
-+ [36633].file = "drivers/net/wireless/rt2x00/rt2x00debug.c",
-+ [36633].name = "rt2x00debug_read_queue_stats",
-+ [36633].param3 = 1,
-+ [3665].file = "drivers/media/video/ivtv/ivtvfb.c",
-+ [3665].name = "ivtvfb_write",
-+ [3665].param3 = 1,
-+ [36981].file = "drivers/video/via/viafbdev.c",
-+ [36981].name = "viafb_dfpl_proc_write",
-+ [36981].param3 = 1,
-+ [37034].file = "fs/cifs/cifssmb.c",
-+ [37034].name = "cifs_writedata_alloc",
-+ [37034].param1 = 1,
-+ [37044].file = "sound/firewire/packets-buffer.c",
-+ [37044].name = "iso_packets_buffer_init",
-+ [37044].param3 = 1,
-+ [37115].file = "drivers/tty/tty_buffer.c",
-+ [37115].name = "tty_prepare_flip_string",
-+ [37115].param3 = 1,
-+ [37163].file = "net/core/skbuff.c",
-+ [37163].name = "__netdev_alloc_skb",
-+ [37163].param2 = 1,
-+ [37204].file = "drivers/isdn/hardware/eicon/divasi.c",
-+ [37204].name = "um_idi_read",
-+ [37204].param3 = 1,
-+ [37233].file = "fs/ocfs2/cluster/tcp.c",
-+ [37233].name = "o2net_send_message_vec",
-+ [37233].param4 = 1,
-+ [37309].file = "drivers/mtd/mtdchar.c",
-+ [37309].name = "mtd_do_readoob",
-+ [37309].param4 = 1,
-+ [37382].file = "drivers/staging/pohmelfs/inode.c",
-+ [37382].name = "pohmelfs_readpages_trans_complete",
-+ [37382].param2 = 1,
-+ [37384].file = "drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c",
-+ [37384].name = "vmw_fifo_reserve",
-+ [37384].param2 = 1,
-+ [37497].file = "net/mac80211/util.c",
-+ [37497].name = "ieee80211_build_probe_req",
-+ [37497].param7 = 1,
-+ [37594].file = "include/linux/poll.h",
-+ [37594].name = "get_fd_set",
-+ [37594].param1 = 1,
-+ [37611].file = "drivers/xen/xenbus/xenbus_xs.c",
-+ [37611].name = "split",
-+ [37611].param2 = 1,
-+ [37661].file = "mm/filemap.c",
-+ [37661].name = "file_read_actor",
-+ [37661].param4 = 1,
-+ [37872].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [37872].name = "iwl_dbgfs_protection_mode_write",
-+ [37872].param3 = 1,
-+ [37976].file = "drivers/platform/x86/asus_acpi.c",
-+ [37976].name = "bluetooth_proc_write",
-+ [37976].param3 = 1,
-+ [3797].file = "sound/pci/asihpi/hpicmn.c",
-+ [3797].name = "hpi_alloc_control_cache",
-+ [3797].param1 = 1,
-+ [3801].file = "drivers/block/paride/pt.c",
-+ [3801].name = "pt_write",
-+ [3801].param3 = 1,
-+ [38057].file = "fs/coda/psdev.c",
-+ [38057].name = "coda_psdev_write",
-+ [38057].param3 = 1,
-+ [38186].file = "kernel/signal.c",
-+ [38186].name = "do_sigpending",
-+ [38186].param2 = 1,
-+ [38401].file = "drivers/xen/xenfs/xenbus.c",
-+ [38401].name = "queue_reply",
-+ [38401].param3 = 1,
-+ [3841].file = "drivers/platform/x86/asus_acpi.c",
-+ [3841].name = "write_led",
-+ [3841].param2 = 1,
-+ [38532].file = "fs/afs/cell.c",
-+ [38532].name = "afs_cell_lookup",
-+ [38532].param2 = 1,
-+ [38576].file = "drivers/i2c/i2c-dev.c",
-+ [38576].name = "i2cdev_read",
-+ [38576].param3 = 1,
-+ [38747].file = "fs/xattr.c",
-+ [38747].name = "sys_lgetxattr",
-+ [38747].param4 = 1,
-+ [38972].file = "security/smack/smackfs.c",
-+ [38972].name = "smk_write_logging",
-+ [38972].param3 = 1,
-+ [39001].file = "net/xfrm/xfrm_hash.c",
-+ [39001].name = "xfrm_hash_alloc",
-+ [39001].param1 = 1,
-+ [39044].file = "lib/kstrtox.c",
-+ [39044].name = "kstrtos16_from_user",
-+ [39044].param2 = 1,
-+ [39052].file = "drivers/input/evdev.c",
-+ [39052].name = "evdev_ioctl",
-+ [39052].param2 = 1,
-+ [39154].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [39154].name = "iwl_dbgfs_clear_ucode_statistics_write",
-+ [39154].param3 = 1,
-+ [39155].file = "drivers/xen/grant-table.c",
-+ [39155].name = "get_free_entries",
-+ [39155].param1 = 1,
-+ [39254].file = "drivers/char/pcmcia/cm4000_cs.c",
-+ [39254].name = "cmm_write",
-+ [39254].param3 = 1,
-+ [39415].file = "fs/pstore/inode.c",
-+ [39415].name = "pstore_mkfile",
-+ [39415].param5 = 1,
-+ [39417].file = "drivers/block/DAC960.c",
-+ [39417].name = "dac960_user_command_proc_write",
-+ [39417].param3 = 1,
-+ [39479].file = "drivers/ide/ide-tape.c",
-+ [39479].name = "idetape_chrdev_read",
-+ [39479].param3 = 1,
-+ [39573].file = "drivers/hid/hid-picolcd.c",
-+ [39573].name = "picolcd_debug_reset_write",
-+ [39573].param3 = 1,
-+ [39583].file = "drivers/net/ethernet/broadcom/cnic.c",
-+ [39583].name = "cnic_init_id_tbl",
-+ [39583].param2 = 1,
-+ [39606].file = "drivers/bluetooth/hci_vhci.c",
-+ [39606].name = "vhci_write",
-+ [39606].param3 = 1,
-+ [39638].file = "security/selinux/selinuxfs.c",
-+ [39638].name = "sel_write_avc_cache_threshold",
-+ [39638].param3 = 1,
-+ [39645].file = "drivers/media/dvb/dvb-core/dvbdev.c",
-+ [39645].name = "dvb_generic_ioctl",
-+ [39645].param2 = 1,
-+ [39741].file = "drivers/video/via/viafbdev.c",
-+ [39741].name = "viafb_iga2_odev_proc_write",
-+ [39741].param3 = 1,
-+ [39888].file = "net/core/skbuff.c",
-+ [39888].name = "__alloc_skb",
-+ [39888].param1 = 1,
-+ [40043].file = "drivers/media/video/v4l2-ioctl.c",
-+ [40043].name = "video_ioctl2",
-+ [40043].param2 = 1,
-+ [40049].file = "drivers/bluetooth/btmrvl_debugfs.c",
-+ [40049].name = "btmrvl_psmode_write",
-+ [40049].param3 = 1,
-+ [40075].file = "drivers/media/video/c-qcam.c",
-+ [40075].name = "qc_capture",
-+ [40075].param3 = 1,
-+ [40163].file = "fs/ncpfs/file.c",
-+ [40163].name = "ncp_file_write",
-+ [40163].param3 = 1,
-+ [40240].file = "drivers/char/nvram.c",
-+ [40240].name = "nvram_write",
-+ [40240].param3 = 1,
-+ [40256].file = "drivers/tty/vt/vc_screen.c",
-+ [40256].name = "vcs_write",
-+ [40256].param3 = 1,
-+ [40302].file = "sound/isa/gus/gus_dram.c",
-+ [40302].name = "snd_gus_dram_poke",
-+ [40302].param4 = 1,
-+ [40355].file = "drivers/staging/mei/main.c",
-+ [40355].name = "mei_write",
-+ [40355].param3 = 1,
-+ [40373].file = "fs/cifs/cifs_spnego.c",
-+ [40373].name = "cifs_spnego_key_instantiate",
-+ [40373].param3 = 1,
-+ [40412].file = "fs/namei.c",
-+ [40412].name = "user_path_at",
-+ [40412].param2 = 1,
-+ [40578].file = "sound/soc/soc-core.c",
-+ [40578].name = "codec_reg_write_file",
-+ [40578].param3 = 1,
-+ [40678].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c",
-+ [40678].name = "iwl_legacy_dbgfs_traffic_log_write",
-+ [40678].param3 = 1,
-+ [40713].file = "net/mac80211/debugfs.c",
-+ [40713].name = "noack_write",
-+ [40713].param3 = 1,
-+ [40754].file = "fs/btrfs/delayed-inode.c",
-+ [40754].name = "btrfs_alloc_delayed_item",
-+ [40754].param1 = 1,
-+ [40786].file = "net/ipv4/netfilter/nf_nat_snmp_basic.c",
-+ [40786].name = "asn1_octets_decode",
-+ [40786].param2 = 1,
-+ [40901].file = "drivers/block/drbd/drbd_bitmap.c",
-+ [40901].name = "drbd_bm_resize",
-+ [40901].param2 = 1,
-+ [40952].file = "drivers/misc/sgi-xp/xpc_partition.c",
-+ [40952].name = "xpc_kmalloc_cacheline_aligned",
-+ [40952].param1 = 1,
-+ [41000].file = "sound/core/pcm_native.c",
-+ [41000].name = "snd_pcm_aio_read",
-+ [41000].param3 = 1,
-+ [41003].file = "fs/namei.c",
-+ [41003].name = "user_path_parent",
-+ [41003].param2 = 1,
-+ [41005].file = "net/bridge/netfilter/ebtables.c",
-+ [41005].name = "copy_counters_to_user",
-+ [41005].param5 = 1,
-+ [41090].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c",
-+ [41090].name = "iwl_legacy_dbgfs_sram_write",
-+ [41090].param3 = 1,
-+ [41122].file = "fs/binfmt_misc.c",
-+ [41122].name = "bm_status_write",
-+ [41122].param3 = 1,
-+ [41230].file = "drivers/usb/storage/datafab.c",
-+ [41230].name = "datafab_read_data",
-+ [41230].param4 = 1,
-+ [41249].file = "drivers/media/video/zr364xx.c",
-+ [41249].name = "send_control_msg",
-+ [41249].param6 = 1,
-+ [41302].file = "net/dns_resolver/dns_query.c",
-+ [41302].name = "dns_query",
-+ [41302].param3 = 1,
-+ [41418].file = "fs/libfs.c",
-+ [41418].name = "simple_attr_write",
-+ [41418].param3 = 1,
-+ [4155].file = "kernel/kexec.c",
-+ [4155].name = "do_kimage_alloc",
-+ [4155].param3 = 1,
-+ [41592].file = "net/sctp/ssnmap.c",
-+ [41592].name = "sctp_ssnmap_new",
-+ [41592].param1 = 1,
-+ [41592].param2 = 1,
-+ [41616].file = "net/core/filter.c",
-+ [41616].name = "sk_chk_filter",
-+ [41616].param2 = 1,
-+ [41676].file = "fs/compat.c",
-+ [41676].name = "compat_sys_preadv",
-+ [41676].param3 = 1,
-+ [41727].file = "drivers/media/video/meye.c",
-+ [41727].name = "rvmalloc",
-+ [41727].param1 = 1,
-+ [41884].file = "sound/core/oss/pcm_plugin.c",
-+ [41884].name = "snd_pcm_plug_alloc",
-+ [41884].param2 = 1,
-+ [41924].file = "security/keys/keyctl.c",
-+ [41924].name = "keyctl_get_security",
-+ [41924].param3 = 1,
-+ [4202].file = "drivers/edac/edac_mc.c",
-+ [4202].name = "edac_mc_alloc",
-+ [4202].param1 = 1,
-+ [42143].file = "drivers/media/video/c-qcam.c",
-+ [42143].name = "qcam_read",
-+ [42143].param3 = 1,
-+ [42206].file = "fs/quota/quota_tree.c",
-+ [42206].name = "getdqbuf",
-+ [42206].param1 = 1,
-+ [42270].file = "net/wireless/scan.c",
-+ [42270].name = "cfg80211_inform_bss_frame",
-+ [42270].param4 = 1,
-+ [4233].file = "fs/select.c",
-+ [4233].name = "sys_poll",
-+ [4233].param2 = 1,
-+ [42378].file = "drivers/net/wireless/ath/ath6kl/debug.c",
-+ [42378].name = "ath6kl_regread_write",
-+ [42378].param3 = 1,
-+ [42420].file = "drivers/net/wireless/hostap/hostap_ioctl.c",
-+ [42420].name = "prism2_set_genericelement",
-+ [42420].param3 = 1,
-+ [42466].file = "drivers/scsi/lpfc/lpfc_debugfs.c",
-+ [42466].name = "lpfc_idiag_cmd_get",
-+ [42466].param2 = 1,
-+ [42472].file = "fs/compat.c",
-+ [42472].name = "compat_readv",
-+ [42472].param3 = 1,
-+ [42483].file = "drivers/media/video/videobuf-dma-sg.c",
-+ [42483].name = "videobuf_dma_init_user_locked",
-+ [42483].param3 = 1,
-+ [42483].param4 = 1,
-+ [42562].file = "kernel/kfifo.c",
-+ [42562].name = "__kfifo_to_user_r",
-+ [42562].param3 = 1,
-+ [42666].file = "drivers/pcmcia/cistpl.c",
-+ [42666].name = "read_cis_cache",
-+ [42666].param4 = 1,
-+ [42882].file = "security/keys/user_defined.c",
-+ [42882].name = "user_instantiate",
-+ [42882].param3 = 1,
-+ [42964].file = "drivers/video/fb_sys_fops.c",
-+ [42964].name = "fb_sys_read",
-+ [42964].param3 = 1,
-+ [43023].file = "drivers/usb/misc/usblcd.c",
-+ [43023].name = "lcd_write",
-+ [43023].param3 = 1,
-+ [4324].file = "drivers/video/fbmem.c",
-+ [4324].name = "fb_read",
-+ [4324].param3 = 1,
-+ [43380].file = "drivers/scsi/bfa/bfad_debugfs.c",
-+ [43380].name = "bfad_debugfs_write_regrd",
-+ [43380].param3 = 1,
-+ [43393].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [43393].name = "iwl_dbgfs_sram_write",
-+ [43393].param3 = 1,
-+ [4344].file = "fs/namei.c",
-+ [4344].name = "sys_mkdirat",
-+ [4344].param2 = 1,
-+ [43510].file = "kernel/kexec.c",
-+ [43510].name = "compat_sys_kexec_load",
-+ [43510].param2 = 1,
-+ [43515].file = "drivers/usb/storage/jumpshot.c",
-+ [43515].name = "jumpshot_read_data",
-+ [43515].param4 = 1,
-+ [43540].file = "include/rdma/ib_verbs.h",
-+ [43540].name = "ib_copy_to_udata",
-+ [43540].param3 = 1,
-+ [4357].file = "security/tomoyo/securityfs_if.c",
-+ [4357].name = "tomoyo_read_self",
-+ [4357].param3 = 1,
-+ [43590].file = "security/smack/smackfs.c",
-+ [43590].name = "smk_write_onlycap",
-+ [43590].param3 = 1,
-+ [43596].file = "drivers/usb/core/buffer.c",
-+ [43596].name = "hcd_buffer_alloc",
-+ [43596].param2 = 1,
-+ [43632].file = "drivers/media/video/videobuf2-core.c",
-+ [43632].name = "vb2_read",
-+ [43632].param3 = 1,
-+ [43731].file = "drivers/hid/hid-picolcd.c",
-+ [43731].name = "picolcd_debug_eeprom_read",
-+ [43731].param3 = 1,
-+ [43777].file = "drivers/acpi/acpica/utobject.c",
-+ [43777].name = "acpi_ut_create_buffer_object",
-+ [43777].param1 = 1,
-+ [43834].file = "security/apparmor/apparmorfs.c",
-+ [43834].name = "profile_replace",
-+ [43834].param3 = 1,
-+ [43899].file = "drivers/media/rc/imon.c",
-+ [43899].name = "vfd_write",
-+ [43899].param3 = 1,
-+ [43982].file = "drivers/platform/x86/toshiba_acpi.c",
-+ [43982].name = "keys_proc_write",
-+ [43982].param3 = 1,
-+ [44039].file = "drivers/video/via/viafbdev.c",
-+ [44039].name = "odev_update",
-+ [44039].param2 = 1,
-+ [44050].file = "fs/nfs/idmap.c",
-+ [44050].name = "nfs_map_group_to_gid",
-+ [44050].param3 = 1,
-+ [44125].file = "fs/ext4/super.c",
-+ [44125].name = "ext4_kvmalloc",
-+ [44125].param1 = 1,
-+ [44180].file = "drivers/video/via/viafbdev.c",
-+ [44180].name = "viafb_vt1636_proc_write",
-+ [44180].param3 = 1,
-+ [44290].file = "drivers/net/usb/dm9601.c",
-+ [44290].name = "dm_read",
-+ [44290].param3 = 1,
-+ [44298].file = "drivers/scsi/pmcraid.c",
-+ [44298].name = "pmcraid_copy_sglist",
-+ [44298].param3 = 1,
-+ [44365].file = "fs/namei.c",
-+ [44365].name = "do_rmdir",
-+ [44365].param2 = 1,
-+ [44640].file = "fs/select.c",
-+ [44640].name = "sys_ppoll",
-+ [44640].param2 = 1,
-+ [44649].file = "mm/page_cgroup.c",
-+ [44649].name = "swap_cgroup_swapon",
-+ [44649].param2 = 1,
-+ [44656].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c",
-+ [44656].name = "iwl_legacy_dbgfs_wd_timeout_write",
-+ [44656].param3 = 1,
-+ [4471].file = "fs/ntfs/malloc.h",
-+ [4471].name = "__ntfs_malloc",
-+ [4471].param1 = 1,
-+ [44773].file = "drivers/staging/vme/devices/vme_user.c",
-+ [44773].name = "vme_user_write",
-+ [44773].param3 = 1,
-+ [44825].file = "drivers/scsi/osd/osd_initiator.c",
-+ [44825].name = "_osd_realloc_seg",
-+ [44825].param3 = 1,
-+ [44943].file = "mm/util.c",
-+ [44943].name = "kmemdup",
-+ [44943].param2 = 1,
-+ [44990].file = "drivers/media/video/pvrusb2/pvrusb2-ioread.c",
-+ [44990].name = "pvr2_ioread_set_sync_key",
-+ [44990].param3 = 1,
-+ [45000].file = "fs/afs/proc.c",
-+ [45000].name = "afs_proc_rootcell_write",
-+ [45000].param3 = 1,
-+ [45119].file = "drivers/usb/misc/yurex.c",
-+ [45119].name = "yurex_write",
-+ [45119].param3 = 1,
-+ [45169].file = "drivers/video/metronomefb.c",
-+ [45169].name = "metronomefb_write",
-+ [45169].param3 = 1,
-+ [45200].file = "drivers/scsi/scsi_proc.c",
-+ [45200].name = "proc_scsi_write_proc",
-+ [45200].param3 = 1,
-+ [45217].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [45217].name = "iwl_dbgfs_debug_level_write",
-+ [45217].param3 = 1,
-+ [45231].file = "fs/ecryptfs/crypto.c",
-+ [45231].name = "ecryptfs_copy_filename",
-+ [45231].param4 = 1,
-+ [45233].file = "net/rds/info.c",
-+ [45233].name = "rds_info_getsockopt",
-+ [45233].param3 = 1,
-+ [45244].file = "drivers/mfd/ab3100-core.c",
-+ [45244].name = "ab3100_get_set_reg",
-+ [45244].param3 = 1,
-+ [45264].file = "drivers/net/wireless/ath/ath5k/debug.c",
-+ [45264].name = "write_file_ani",
-+ [45264].param3 = 1,
-+ [45326].file = "drivers/mtd/ubi/cdev.c",
-+ [45326].name = "vol_cdev_read",
-+ [45326].param3 = 1,
-+ [45335].file = "fs/read_write.c",
-+ [45335].name = "vfs_writev",
-+ [45335].param3 = 1,
-+ [45421].file = "drivers/message/fusion/mptctl.c",
-+ [45421].name = "mptctl_do_mpt_command",
-+ [45421].param3 = 1,
-+ [45534].file = "drivers/net/wireless/ath/carl9170/cmd.c",
-+ [45534].name = "carl9170_cmd_buf",
-+ [45534].param3 = 1,
-+ [45576].file = "net/netfilter/xt_recent.c",
-+ [45576].name = "recent_mt_proc_write",
-+ [45576].param3 = 1,
-+ [45586].file = "drivers/net/wireless/rt2x00/rt2x00debug.c",
-+ [45586].name = "rt2x00debug_write_bbp",
-+ [45586].param3 = 1,
-+ [45629].file = "lib/bch.c",
-+ [45629].name = "bch_alloc",
-+ [45629].param1 = 1,
-+ [45633].file = "drivers/input/evdev.c",
-+ [45633].name = "evdev_do_ioctl",
-+ [45633].param2 = 1,
-+ [45740].file = "drivers/net/wireless/ath/ath6kl/debug.c",
-+ [45740].name = "ath6kl_lrssi_roam_write",
-+ [45740].param3 = 1,
-+ [45747].file = "net/netlink/af_netlink.c",
-+ [45747].name = "__netlink_change_ngroups",
-+ [45747].param2 = 1,
-+ [45930].file = "security/apparmor/apparmorfs.c",
-+ [45930].name = "profile_remove",
-+ [45930].param3 = 1,
-+ [45954].file = "drivers/usb/misc/legousbtower.c",
-+ [45954].name = "tower_write",
-+ [45954].param3 = 1,
-+ [45995].file = "fs/namei.c",
-+ [45995].name = "sys_mknodat",
-+ [45995].param2 = 1,
-+ [46072].file = "drivers/video/arcfb.c",
-+ [46072].name = "arcfb_write",
-+ [46072].param3 = 1,
-+ [46140].file = "sound/core/memalloc.c",
-+ [46140].name = "snd_mem_proc_write",
-+ [46140].param3 = 1,
-+ [4614].file = "sound/core/pcm_lib.c",
-+ [4614].name = "snd_pcm_lib_write_transfer",
-+ [4614].param5 = 1,
-+ [4616].file = "net/sunrpc/cache.c",
-+ [4616].name = "cache_do_downcall",
-+ [4616].param3 = 1,
-+ [46243].file = "fs/binfmt_misc.c",
-+ [46243].name = "bm_register_write",
-+ [46243].param3 = 1,
-+ [46250].file = "fs/xattr.c",
-+ [46250].name = "sys_getxattr",
-+ [46250].param4 = 1,
-+ [46343].file = "fs/compat.c",
-+ [46343].name = "compat_do_readv_writev",
-+ [46343].param4 = 1,
-+ [4644].file = "drivers/net/usb/mcs7830.c",
-+ [4644].name = "mcs7830_get_reg",
-+ [4644].param3 = 1,
-+ [46605].file = "sound/core/oss/pcm_oss.c",
-+ [46605].name = "snd_pcm_oss_sync1",
-+ [46605].param2 = 1,
-+ [46630].file = "net/decnet/af_decnet.c",
-+ [46630].name = "__dn_setsockopt",
-+ [46630].param5 = 1,
-+ [46655].file = "drivers/media/video/hdpvr/hdpvr-video.c",
-+ [46655].name = "hdpvr_read",
-+ [46655].param3 = 1,
-+ [46685].file = "drivers/gpu/drm/ttm/ttm_bo_vm.c",
-+ [46685].name = "ttm_bo_fbdev_io",
-+ [46685].param4 = 1,
-+ [46752].file = "drivers/staging/pohmelfs/dir.c",
-+ [46752].name = "pohmelfs_name_alloc",
-+ [46752].param1 = 1,
-+ [46881].file = "drivers/char/lp.c",
-+ [46881].name = "lp_write",
-+ [46881].param3 = 1,
-+ [47130].file = "kernel/kfifo.c",
-+ [47130].name = "kfifo_copy_to_user",
-+ [47130].param3 = 1,
-+ [47265].file = "drivers/scsi/bnx2fc/bnx2fc_io.c",
-+ [47265].name = "bnx2fc_cmd_mgr_alloc",
-+ [47265].param2 = 1,
-+ [47265].param3 = 1,
-+ [47342].file = "fs/proc/base.c",
-+ [47342].name = "sched_autogroup_write",
-+ [47342].param3 = 1,
-+ [47363].file = "drivers/input/evdev.c",
-+ [47363].name = "evdev_ioctl_handler",
-+ [47363].param2 = 1,
-+ [47385].file = "drivers/net/wireless/zd1211rw/zd_usb.c",
-+ [47385].name = "zd_usb_iowrite16v",
-+ [47385].param3 = 1,
-+ [47463].file = "fs/xfs/kmem.c",
-+ [47463].name = "kmem_zalloc",
-+ [47463].param1 = 1,
-+ [47636].file = "drivers/usb/class/usblp.c",
-+ [47636].name = "usblp_ioctl",
-+ [47636].param2 = 1,
-+ [47637].file = "drivers/block/cciss.c",
-+ [47637].name = "cciss_proc_write",
-+ [47637].param3 = 1,
-+ [47652].file = "lib/kstrtox.c",
-+ [47652].name = "kstrtoll_from_user",
-+ [47652].param2 = 1,
-+ [47881].file = "security/selinux/selinuxfs.c",
-+ [47881].name = "sel_write_disable",
-+ [47881].param3 = 1,
-+ [48010].file = "drivers/net/wireless/ath/ath9k/debug.c",
-+ [48010].name = "write_file_rx_chainmask",
-+ [48010].param3 = 1,
-+ [48155].file = "net/sctp/sm_make_chunk.c",
-+ [48155].name = "sctp_make_abort_user",
-+ [48155].param3 = 1,
-+ [48182].file = "crypto/cryptd.c",
-+ [48182].name = "cryptd_alloc_instance",
-+ [48182].param2 = 1,
-+ [48248].file = "security/keys/keyctl.c",
-+ [48248].name = "keyctl_instantiate_key",
-+ [48248].param3 = 1,
-+ [48461].file = "drivers/gpu/drm/drm_memory.c",
-+ [48461].name = "agp_remap",
-+ [48461].param2 = 1,
-+ [48642].file = "fs/hugetlbfs/inode.c",
-+ [48642].name = "hugetlbfs_read",
-+ [48642].param3 = 1,
-+ [48720].file = "drivers/gpu/drm/i915/i915_debugfs.c",
-+ [48720].name = "i915_max_freq_write",
-+ [48720].param3 = 1,
-+ [48768].file = "net/irda/irnet/irnet_ppp.c",
-+ [48768].name = "dev_irnet_write",
-+ [48768].param3 = 1,
-+ [48856].file = "drivers/acpi/acpica/utalloc.c",
-+ [48856].name = "acpi_ut_initialize_buffer",
-+ [48856].param2 = 1,
-+ [48941].file = "drivers/gpu/drm/nouveau/nouveau_vm.c",
-+ [48941].name = "nouveau_vm_new",
-+ [48941].param2 = 1,
-+ [48941].param3 = 1,
-+ [49126].file = "lib/prio_heap.c",
-+ [49126].name = "heap_init",
-+ [49126].param2 = 1,
-+ [49143].file = "sound/core/oss/pcm_oss.c",
-+ [49143].name = "snd_pcm_oss_write2",
-+ [49143].param3 = 1,
-+ [49216].file = "fs/read_write.c",
-+ [49216].name = "do_readv_writev",
-+ [49216].param4 = 1,
-+ [49354].file = "drivers/media/video/cx18/cx18-fileops.c",
-+ [49354].name = "cx18_v4l2_read",
-+ [49354].param3 = 1,
-+ [49448].file = "drivers/isdn/gigaset/common.c",
-+ [49448].name = "gigaset_initdriver",
-+ [49448].param2 = 1,
-+ [49494].file = "drivers/virtio/virtio_ring.c",
-+ [49494].name = "vring_new_virtqueue",
-+ [49494].param1 = 1,
-+ [49507].file = "fs/namei.c",
-+ [49507].name = "sys_symlink",
-+ [49507].param1 = 1,
-+ [49604].file = "crypto/af_alg.c",
-+ [49604].name = "alg_setsockopt",
-+ [49604].param5 = 1,
-+ [49646].file = "drivers/tty/vt/vt.c",
-+ [49646].name = "vc_resize",
-+ [49646].param2 = 1,
-+ [49646].param3 = 1,
-+ [49663].file = "drivers/media/video/uvc/uvc_driver.c",
-+ [49663].name = "uvc_simplify_fraction",
-+ [49663].param3 = 1,
-+ [49718].file = "drivers/hid/hid-roccat-common.c",
-+ [49718].name = "roccat_common_send",
-+ [49718].param4 = 1,
-+ [4972].file = "drivers/video/fb_sys_fops.c",
-+ [4972].name = "fb_sys_write",
-+ [4972].param3 = 1,
-+ [49746].file = "net/ipv4/netfilter/arp_tables.c",
-+ [49746].name = "compat_do_arpt_set_ctl",
-+ [49746].param4 = 1,
-+ [49780].file = "net/mac80211/key.c",
-+ [49780].name = "ieee80211_key_alloc",
-+ [49780].param3 = 1,
-+ [49845].file = "mm/vmalloc.c",
-+ [49845].name = "__vmalloc_node",
-+ [49845].param1 = 1,
-+ [49935].file = "fs/xfs/kmem.c",
-+ [49935].name = "kmem_zalloc_greedy",
-+ [49935].param2 = 1,
-+ [49935].param3 = 1,
-+ [50001].file = "sound/pci/ctxfi/ctresource.c",
-+ [50001].name = "rsc_mgr_init",
-+ [50001].param3 = 1,
-+ [50022].file = "drivers/usb/storage/shuttle_usbat.c",
-+ [50022].name = "usbat_flash_read_data",
-+ [50022].param4 = 1,
-+ [50096].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [50096].name = "lbs_rdbbp_write",
-+ [50096].param3 = 1,
-+ [50102].file = "drivers/telephony/ixj.c",
-+ [50102].name = "ixj_write",
-+ [50102].param3 = 1,
-+ [50238].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c",
-+ [50238].name = "iwl_legacy_dbgfs_clear_ucode_statistics_write",
-+ [50238].param3 = 1,
-+ [50267].file = "drivers/net/wireless/rt2x00/rt2x00debug.c",
-+ [50267].name = "rt2x00debug_read_crypto_stats",
-+ [50267].param3 = 1,
-+ [50398].file = "fs/proc/base.c",
-+ [50398].name = "mem_write",
-+ [50398].param3 = 1,
-+ [50518].file = "drivers/gpu/drm/nouveau/nouveau_gem.c",
-+ [50518].name = "u_memcpya",
-+ [50518].param2 = 1,
-+ [50518].param3 = 1,
-+ [5052].file = "drivers/char/ppdev.c",
-+ [5052].name = "pp_read",
-+ [5052].param3 = 1,
-+ [50562].file = "drivers/media/video/zoran/zoran_procfs.c",
-+ [50562].name = "zoran_write",
-+ [50562].param3 = 1,
-+ [50653].file = "net/sunrpc/cache.c",
-+ [50653].name = "cache_write_procfs",
-+ [50653].param3 = 1,
-+ [50692].file = "lib/ts_bm.c",
-+ [50692].name = "bm_init",
-+ [50692].param2 = 1,
-+ [50813].file = "mm/vmalloc.c",
-+ [50813].name = "__vmalloc_node_flags",
-+ [50813].param1 = 1,
-+ [5087].file = "drivers/atm/solos-pci.c",
-+ [5087].name = "console_store",
-+ [5087].param4 = 1,
-+ [5102].file = "drivers/usb/misc/usbtest.c",
-+ [5102].name = "usbtest_alloc_urb",
-+ [5102].param3 = 1,
-+ [5102].param5 = 1,
-+ [51052].file = "drivers/base/firmware_class.c",
-+ [51052].name = "firmware_data_write",
-+ [51052].param6 = 1,
-+ [51177].file = "net/sunrpc/xprtrdma/transport.c",
-+ [51177].name = "xprt_rdma_allocate",
-+ [51177].param2 = 1,
-+ [51182].file = "drivers/misc/sgi-xp/xpc_main.c",
-+ [51182].name = "xpc_kzalloc_cacheline_aligned",
-+ [51182].param1 = 1,
-+ [51250].file = "fs/read_write.c",
-+ [51250].name = "rw_copy_check_uvector",
-+ [51250].param3 = 1,
-+ [51253].file = "drivers/net/wireless/rt2x00/rt2x00debug.c",
-+ [51253].name = "rt2x00debug_write_eeprom",
-+ [51253].param3 = 1,
-+ [51284].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c",
-+ [51284].name = "iwl_legacy_dbgfs_interrupt_write",
-+ [51284].param3 = 1,
-+ [51323].file = "sound/pci/ac97/ac97_pcm.c",
-+ [51323].name = "snd_ac97_pcm_assign",
-+ [51323].param2 = 1,
-+ [51340].file = "drivers/usb/class/usblp.c",
-+ [51340].name = "usblp_write",
-+ [51340].param3 = 1,
-+ [51471].file = "drivers/block/floppy.c",
-+ [51471].name = "fd_locked_ioctl",
-+ [51471].param3 = 1,
-+ [5197].file = "net/core/dev.c",
-+ [5197].name = "dev_set_alias",
-+ [5197].param3 = 1,
-+ [51998].file = "drivers/net/macvtap.c",
-+ [51998].name = "macvtap_get_user",
-+ [51998].param4 = 1,
-+ [5204].file = "drivers/media/video/usbvision/usbvision-video.c",
-+ [5204].name = "usbvision_v4l2_read",
-+ [5204].param3 = 1,
-+ [52086].file = "drivers/usb/image/mdc800.c",
-+ [52086].name = "mdc800_device_read",
-+ [52086].param3 = 1,
-+ [52172].file = "drivers/pcmcia/cistpl.c",
-+ [52172].name = "pccard_store_cis",
-+ [52172].param6 = 1,
-+ [52173].file = "drivers/misc/ibmasm/ibmasmfs.c",
-+ [52173].name = "remote_settings_file_write",
-+ [52173].param3 = 1,
-+ [52199].file = "mm/nobootmem.c",
-+ [52199].name = "__alloc_bootmem",
-+ [52199].param1 = 1,
-+ [52201].file = "drivers/video/via/viafbdev.c",
-+ [52201].name = "viafb_dvp0_proc_write",
-+ [52201].param3 = 1,
-+ [5233].file = "include/linux/poll.h",
-+ [5233].name = "set_fd_set",
-+ [5233].param1 = 1,
-+ [52343].file = "drivers/usb/misc/adutux.c",
-+ [52343].name = "adu_read",
-+ [52343].param3 = 1,
-+ [52364].file = "sound/core/pcm_lib.c",
-+ [52364].name = "snd_pcm_lib_readv_transfer",
-+ [52364].param5 = 1,
-+ [52401].file = "drivers/staging/rtl8712/rtl871x_ioctl_linux.c",
-+ [52401].name = "r871x_set_wpa_ie",
-+ [52401].param3 = 1,
-+ [52699].file = "lib/ts_fsm.c",
-+ [52699].name = "fsm_init",
-+ [52699].param2 = 1,
-+ [52721].file = "security/keys/encrypted-keys/encrypted.c",
-+ [52721].name = "encrypted_instantiate",
-+ [52721].param3 = 1,
-+ [53041].file = "fs/libfs.c",
-+ [53041].name = "simple_transaction_get",
-+ [53041].param3 = 1,
-+ [5313].file = "fs/gfs2/quota.c",
-+ [5313].name = "do_sync",
-+ [5313].param1 = 1,
-+ [53209].file = "drivers/usb/host/ehci-sched.c",
-+ [53209].name = "iso_sched_alloc",
-+ [53209].param1 = 1,
-+ [53302].file = "drivers/firewire/core-cdev.c",
-+ [53302].name = "dispatch_ioctl",
-+ [53302].param2 = 1,
-+ [53355].file = "fs/ceph/dir.c",
-+ [53355].name = "ceph_read_dir",
-+ [53355].param3 = 1,
-+ [53405].file = "drivers/media/video/videobuf-core.c",
-+ [53405].name = "__videobuf_copy_to_user",
-+ [53405].param4 = 1,
-+ [53407].file = "net/wireless/sme.c",
-+ [53407].name = "cfg80211_connect_result",
-+ [53407].param4 = 1,
-+ [53407].param6 = 1,
-+ [53426].file = "fs/libfs.c",
-+ [53426].name = "simple_transaction_read",
-+ [53426].param3 = 1,
-+ [5344].file = "security/selinux/ss/hashtab.c",
-+ [5344].name = "hashtab_create",
-+ [5344].param3 = 1,
-+ [53468].file = "drivers/char/mem.c",
-+ [53468].name = "write_mem",
-+ [53468].param3 = 1,
-+ [53513].file = "drivers/mmc/core/mmc_ops.c",
-+ [53513].name = "mmc_send_bus_test",
-+ [53513].param4 = 1,
-+ [53539].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [53539].name = "iwl_dbgfs_txfifo_flush_write",
-+ [53539].param3 = 1,
-+ [53626].file = "drivers/block/paride/pg.c",
-+ [53626].name = "pg_read",
-+ [53626].param3 = 1,
-+ [53631].file = "mm/util.c",
-+ [53631].name = "memdup_user",
-+ [53631].param2 = 1,
-+ [53680].file = "lib/kstrtox.c",
-+ [53680].name = "kstrtol_from_user",
-+ [53680].param2 = 1,
-+ [5389].file = "drivers/infiniband/core/uverbs_cmd.c",
-+ [5389].name = "ib_uverbs_unmarshall_recv",
-+ [5389].param5 = 1,
-+ [53901].file = "net/rds/message.c",
-+ [53901].name = "rds_message_alloc",
-+ [53901].param1 = 1,
-+ [53904].file = "fs/namei.c",
-+ [53904].name = "sys_unlink",
-+ [53904].param1 = 1,
-+ [5410].file = "kernel/kexec.c",
-+ [5410].name = "sys_kexec_load",
-+ [5410].param2 = 1,
-+ [54182].file = "drivers/block/rbd.c",
-+ [54182].name = "rbd_snap_add",
-+ [54182].param4 = 1,
-+ [5419].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c",
-+ [5419].name = "iwl_legacy_dbgfs_disable_ht40_write",
-+ [5419].param3 = 1,
-+ [54201].file = "drivers/platform/x86/asus_acpi.c",
-+ [54201].name = "mled_proc_write",
-+ [54201].param3 = 1,
-+ [5422].file = "fs/namei.c",
-+ [5422].name = "do_unlinkat",
-+ [5422].param2 = 1,
-+ [54252].file = "drivers/scsi/st.c",
-+ [54252].name = "st_write",
-+ [54252].param3 = 1,
-+ [54263].file = "security/keys/trusted.c",
-+ [54263].name = "trusted_instantiate",
-+ [54263].param3 = 1,
-+ [54298].file = "drivers/usb/wusbcore/crypto.c",
-+ [54298].name = "wusb_ccm_mac",
-+ [54298].param7 = 1,
-+ [54318].file = "include/drm/drm_mem_util.h",
-+ [54318].name = "drm_malloc_ab",
-+ [54318].param1 = 1,
-+ [54318].param2 = 1,
-+ [54335].file = "drivers/md/dm-table.c",
-+ [54335].name = "dm_vcalloc",
-+ [54335].param1 = 1,
-+ [54335].param2 = 1,
-+ [54339].file = "security/smack/smackfs.c",
-+ [54339].name = "smk_write_cipso",
-+ [54339].param3 = 1,
-+ [5438].file = "sound/core/memory.c",
-+ [5438].name = "copy_to_user_fromio",
-+ [5438].param3 = 1,
-+ [54401].file = "lib/dynamic_debug.c",
-+ [54401].name = "ddebug_proc_write",
-+ [54401].param3 = 1,
-+ [54427].file = "drivers/usb/storage/jumpshot.c",
-+ [54427].name = "jumpshot_write_data",
-+ [54427].param4 = 1,
-+ [54467].file = "net/packet/af_packet.c",
-+ [54467].name = "packet_setsockopt",
-+ [54467].param5 = 1,
-+ [54573].file = "ipc/sem.c",
-+ [54573].name = "sys_semop",
-+ [54573].param3 = 1,
-+ [54643].file = "drivers/isdn/hardware/eicon/divasi.c",
-+ [54643].name = "um_idi_write",
-+ [54643].param3 = 1,
-+ [54657].file = "mm/migrate.c",
-+ [54657].name = "do_pages_stat",
-+ [54657].param2 = 1,
-+ [54663].file = "drivers/isdn/hardware/eicon/platform.h",
-+ [54663].name = "diva_os_malloc",
-+ [54663].param2 = 1,
-+ [54751].file = "drivers/infiniband/core/device.c",
-+ [54751].name = "ib_alloc_device",
-+ [54751].param1 = 1,
-+ [54806].file = "drivers/scsi/lpfc/lpfc_debugfs.c",
-+ [54806].name = "lpfc_debugfs_dif_err_write",
-+ [54806].param3 = 1,
-+ [5494].file = "fs/cifs/cifsacl.c",
-+ [5494].name = "cifs_idmap_key_instantiate",
-+ [5494].param3 = 1,
-+ [55066].file = "net/ipv6/ipv6_sockglue.c",
-+ [55066].name = "do_ipv6_setsockopt",
-+ [55066].param5 = 1,
-+ [55105].file = "drivers/base/devres.c",
-+ [55105].name = "devres_alloc",
-+ [55105].param2 = 1,
-+ [55115].file = "net/sctp/probe.c",
-+ [55115].name = "sctpprobe_read",
-+ [55115].param3 = 1,
-+ [55155].file = "net/bluetooth/rfcomm/sock.c",
-+ [55155].name = "rfcomm_sock_setsockopt",
-+ [55155].param5 = 1,
-+ [55187].file = "security/keys/keyctl.c",
-+ [55187].name = "keyctl_describe_key",
-+ [55187].param3 = 1,
-+ [5524].file = "lib/kstrtox.c",
-+ [5524].name = "kstrtos8_from_user",
-+ [5524].param2 = 1,
-+ [55253].file = "drivers/net/wireless/ray_cs.c",
-+ [55253].name = "ray_cs_essid_proc_write",
-+ [55253].param3 = 1,
-+ [5548].file = "drivers/media/media-entity.c",
-+ [5548].name = "media_entity_init",
-+ [5548].param2 = 1,
-+ [5548].param4 = 1,
-+ [55580].file = "drivers/usb/mon/mon_bin.c",
-+ [55580].name = "copy_from_buf",
-+ [55580].param2 = 1,
-+ [55682].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [55682].name = "lbs_host_sleep_write",
-+ [55682].param3 = 1,
-+ [55712].file = "drivers/char/mem.c",
-+ [55712].name = "read_zero",
-+ [55712].param3 = 1,
-+ [55857].file = "drivers/net/wireless/ath/ath9k/debug.c",
-+ [55857].name = "write_file_tx_chainmask",
-+ [55857].param3 = 1,
-+ [55978].file = "drivers/usb/misc/iowarrior.c",
-+ [55978].name = "iowarrior_write",
-+ [55978].param3 = 1,
-+ [5599].file = "drivers/char/random.c",
-+ [5599].name = "write_pool",
-+ [5599].param3 = 1,
-+ [56090].file = "drivers/media/video/videobuf-dma-sg.c",
-+ [56090].name = "__videobuf_alloc_vb",
-+ [56090].param1 = 1,
-+ [56199].file = "fs/binfmt_misc.c",
-+ [56199].name = "parse_command",
-+ [56199].param2 = 1,
-+ [56218].file = "drivers/mmc/card/mmc_test.c",
-+ [56218].name = "mtf_test_write",
-+ [56218].param3 = 1,
-+ [56416].file = "drivers/misc/lkdtm.c",
-+ [56416].name = "do_register_entry",
-+ [56416].param4 = 1,
-+ [56432].file = "drivers/mfd/aat2870-core.c",
-+ [56432].name = "aat2870_reg_write_file",
-+ [56432].param3 = 1,
-+ [56471].file = "include/linux/slab.h",
-+ [56471].name = "kcalloc",
-+ [56471].param1 = 1,
-+ [56471].param2 = 1,
-+ [56513].file = "fs/cifs/connect.c",
-+ [56513].name = "cifs_readv_from_socket",
-+ [56513].param3 = 1,
-+ [56544].file = "drivers/block/drbd/drbd_receiver.c",
-+ [56544].name = "receive_DataRequest",
-+ [56544].param3 = 1,
-+ [5661].file = "lib/dma-debug.c",
-+ [5661].name = "filter_write",
-+ [5661].param3 = 1,
-+ [56672].file = "drivers/char/agp/generic.c",
-+ [56672].name = "agp_alloc_page_array",
-+ [56672].param1 = 1,
-+ [56843].file = "drivers/scsi/scsi_transport_iscsi.c",
-+ [56843].name = "iscsi_recv_pdu",
-+ [56843].param4 = 1,
-+ [57120].file = "lib/kstrtox.c",
-+ [57120].name = "kstrtouint_from_user",
-+ [57120].param2 = 1,
-+ [57128].file = "drivers/pnp/pnpbios/proc.c",
-+ [57128].name = "pnpbios_proc_write",
-+ [57128].param3 = 1,
-+ [57190].file = "drivers/char/agp/generic.c",
-+ [57190].name = "agp_generic_alloc_user",
-+ [57190].param1 = 1,
-+ [57471].file = "drivers/media/video/sn9c102/sn9c102_core.c",
-+ [57471].name = "sn9c102_read",
-+ [57471].param3 = 1,
-+ [57605].file = "net/netlink/af_netlink.c",
-+ [57605].name = "netlink_kernel_create",
-+ [57605].param3 = 1,
-+ [57670].file = "drivers/bluetooth/btmrvl_debugfs.c",
-+ [57670].name = "btmrvl_pscmd_write",
-+ [57670].param3 = 1,
-+ [57675].file = "drivers/net/wireless/ath/ath9k/debug.c",
-+ [57675].name = "write_file_regidx",
-+ [57675].param3 = 1,
-+ [57724].file = "net/bluetooth/hci_sock.c",
-+ [57724].name = "hci_sock_setsockopt",
-+ [57724].param5 = 1,
-+ [57748].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [57748].name = "iwl_dbgfs_missed_beacon_write",
-+ [57748].param3 = 1,
-+ [57786].file = "net/ipv6/netfilter/ip6_tables.c",
-+ [57786].name = "compat_do_ip6t_set_ctl",
-+ [57786].param4 = 1,
-+ [57872].file = "fs/ceph/xattr.c",
-+ [57872].name = "ceph_setxattr",
-+ [57872].param4 = 1,
-+ [57927].file = "fs/read_write.c",
-+ [57927].name = "sys_preadv",
-+ [57927].param3 = 1,
-+ [58020].file = "drivers/firewire/core-cdev.c",
-+ [58020].name = "fw_device_op_ioctl",
-+ [58020].param2 = 1,
-+ [58043].file = "kernel/auditfilter.c",
-+ [58043].name = "audit_unpack_string",
-+ [58043].param3 = 1,
-+ [5805].file = "drivers/xen/grant-table.c",
-+ [5805].name = "gnttab_alloc_grant_references",
-+ [5805].param1 = 1,
-+ [58087].file = "kernel/module.c",
-+ [58087].name = "module_alloc_update_bounds_rw",
-+ [58087].param1 = 1,
-+ [58107].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [58107].name = "iwl_dbgfs_sleep_level_override_write",
-+ [58107].param3 = 1,
-+ [58124].file = "drivers/usb/misc/usbtest.c",
-+ [58124].name = "ctrl_out",
-+ [58124].param3 = 1,
-+ [58124].param5 = 1,
-+ [58263].file = "security/keys/keyring.c",
-+ [58263].name = "keyring_read",
-+ [58263].param3 = 1,
-+ [58278].file = "drivers/net/wireless/iwlwifi/iwl-trans-pcie.c",
-+ [58278].name = "iwl_dbgfs_log_event_write",
-+ [58278].param3 = 1,
-+ [5830].file = "drivers/gpu/vga/vga_switcheroo.c",
-+ [5830].name = "vga_switcheroo_debugfs_write",
-+ [5830].param3 = 1,
-+ [58320].file = "drivers/scsi/scsi_proc.c",
-+ [58320].name = "proc_scsi_write",
-+ [58320].param3 = 1,
-+ [58344].file = "net/sunrpc/cache.c",
-+ [58344].name = "read_flush",
-+ [58344].param3 = 1,
-+ [58392].file = "fs/namei.c",
-+ [58392].name = "getname_flags",
-+ [58392].param1 = 1,
-+ [58418].file = "kernel/module.c",
-+ [58418].name = "sys_init_module",
-+ [58418].param2 = 1,
-+ [58502].file = "sound/core/sgbuf.c",
-+ [58502].name = "snd_malloc_sgbuf_pages",
-+ [58502].param2 = 1,
-+ [58597].file = "kernel/kfifo.c",
-+ [58597].name = "__kfifo_to_user",
-+ [58597].param3 = 1,
-+ [58641].file = "drivers/usb/misc/adutux.c",
-+ [58641].name = "adu_write",
-+ [58641].param3 = 1,
-+ [58709].file = "fs/compat.c",
-+ [58709].name = "compat_sys_pwritev",
-+ [58709].param3 = 1,
-+ [58769].file = "drivers/net/wireless/zd1211rw/zd_usb.c",
-+ [58769].name = "zd_usb_read_fw",
-+ [58769].param4 = 1,
-+ [5876].file = "drivers/net/ppp/ppp_generic.c",
-+ [5876].name = "ppp_write",
-+ [5876].param3 = 1,
-+ [58826].file = "net/sunrpc/xprt.c",
-+ [58826].name = "xprt_alloc",
-+ [58826].param2 = 1,
-+ [58867].file = "drivers/platform/x86/asus_acpi.c",
-+ [58867].name = "wled_proc_write",
-+ [58867].param3 = 1,
-+ [58878].file = "drivers/net/wireless/libertas/debugfs.c",
-+ [58878].name = "lbs_wrbbp_write",
-+ [58878].param3 = 1,
-+ [58888].file = "fs/xattr.c",
-+ [58888].name = "listxattr",
-+ [58888].param3 = 1,
-+ [58912].file = "drivers/lguest/core.c",
-+ [58912].name = "__lgwrite",
-+ [58912].param4 = 1,
-+ [58918].file = "sound/core/pcm_native.c",
-+ [58918].name = "snd_pcm_aio_write",
-+ [58918].param3 = 1,
-+ [58919].file = "net/netlabel/netlabel_unlabeled.c",
-+ [58919].name = "netlbl_unlabel_init",
-+ [58919].param1 = 1,
-+ [58942].file = "drivers/block/aoe/aoedev.c",
-+ [58942].name = "aoedev_flush",
-+ [58942].param2 = 1,
-+ [58958].file = "fs/fuse/control.c",
-+ [58958].name = "fuse_conn_limit_write",
-+ [58958].param3 = 1,
-+ [58].file = "lib/kstrtox.c",
-+ [58].name = "kstrtoull_from_user",
-+ [58].param2 = 1,
-+ [59034].file = "drivers/acpi/acpica/dsobject.c",
-+ [59034].name = "acpi_ds_build_internal_package_obj",
-+ [59034].param3 = 1,
-+ [59073].file = "drivers/staging/speakup/i18n.c",
-+ [59073].name = "msg_set",
-+ [59073].param3 = 1,
-+ [59108].file = "drivers/net/wireless/ath/ath5k/debug.c",
-+ [59108].name = "write_file_queue",
-+ [59108].param3 = 1,
-+ [59297].file = "drivers/media/dvb/ttpci/av7110_av.c",
-+ [59297].name = "dvb_play",
-+ [59297].param3 = 1,
-+ [59472].file = "drivers/misc/ibmasm/ibmasmfs.c",
-+ [59472].name = "command_file_write",
-+ [59472].param3 = 1,
-+ [59505].file = "drivers/media/video/pvrusb2/pvrusb2-ioread.c",
-+ [59505].name = "pvr2_ioread_read",
-+ [59505].param3 = 1,
-+ [59681].file = "fs/xfs/kmem.c",
-+ [59681].name = "kmem_alloc",
-+ [59681].param1 = 1,
-+ [5968].file = "net/sunrpc/sched.c",
-+ [5968].name = "rpc_malloc",
-+ [5968].param2 = 1,
-+ [59794].file = "mm/mincore.c",
-+ [59794].name = "sys_mincore",
-+ [59794].param1 = 1,
-+ [59794].param2 = 1,
-+ [59838].file = "net/netlink/af_netlink.c",
-+ [59838].name = "nl_pid_hash_zalloc",
-+ [59838].param1 = 1,
-+ [59856].file = "drivers/base/devres.c",
-+ [59856].name = "devm_kzalloc",
-+ [59856].param2 = 1,
-+ [59991].file = "drivers/media/video/uvc/uvc_queue.c",
-+ [59991].name = "uvc_alloc_buffers",
-+ [59991].param2 = 1,
-+ [59991].param3 = 1,
-+ [60005].file = "fs/namei.c",
-+ [60005].name = "getname",
-+ [60005].param1 = 1,
-+ [60066].file = "mm/filemap.c",
-+ [60066].name = "iov_iter_copy_from_user",
-+ [60066].param4 = 1,
-+ [60198].file = "fs/nfs/nfs4proc.c",
-+ [60198].name = "nfs4_write_cached_acl",
-+ [60198].param3 = 1,
-+ [60330].file = "drivers/media/video/w9966.c",
-+ [60330].name = "w9966_v4l_read",
-+ [60330].param3 = 1,
-+ [6041].file = "drivers/mtd/mtdchar.c",
-+ [6041].name = "mtd_write",
-+ [6041].param3 = 1,
-+ [60436].file = "drivers/net/macvtap.c",
-+ [60436].name = "macvtap_sendmsg",
-+ [60436].param4 = 1,
-+ [60483].file = "drivers/char/virtio_console.c",
-+ [60483].name = "fill_readbuf",
-+ [60483].param3 = 1,
-+ [604].file = "drivers/staging/rtl8712/usb_ops_linux.c",
-+ [604].name = "r8712_usbctrl_vendorreq",
-+ [604].param6 = 1,
-+ [60543].file = "drivers/usb/class/usbtmc.c",
-+ [60543].name = "usbtmc_read",
-+ [60543].param3 = 1,
-+ [60683].file = "sound/drivers/opl4/opl4_proc.c",
-+ [60683].name = "snd_opl4_mem_proc_write",
-+ [60683].param5 = 1,
-+ [60693].file = "drivers/misc/hpilo.c",
-+ [60693].name = "ilo_read",
-+ [60693].param3 = 1,
-+ [60744].file = "sound/pci/emu10k1/emuproc.c",
-+ [60744].name = "snd_emu10k1_fx8010_read",
-+ [60744].param5 = 1,
-+ [60833].file = "drivers/block/aoe/aoenet.c",
-+ [60833].name = "set_aoe_iflist",
-+ [60833].param2 = 1,
-+ [60878].file = "drivers/net/wireless/rt2x00/rt2x00debug.c",
-+ [60878].name = "rt2x00debug_read_queue_dump",
-+ [60878].param3 = 1,
-+ [60882].file = "drivers/input/joydev.c",
-+ [60882].name = "joydev_compat_ioctl",
-+ [60882].param2 = 1,
-+ [60891].file = "kernel/sched.c",
-+ [60891].name = "sys_sched_setaffinity",
-+ [60891].param2 = 1,
-+ [60927].file = "drivers/net/wireless/ath/ath9k/debug.c",
-+ [60927].name = "write_file_disable_ani",
-+ [60927].param3 = 1,
-+ [60928].file = "drivers/staging/bcm/Bcmchar.c",
-+ [60928].name = "bcm_char_read",
-+ [60928].param3 = 1,
-+ [61058].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [61058].name = "iwl_dbgfs_disable_ht40_write",
-+ [61058].param3 = 1,
-+ [61120].file = "drivers/char/mem.c",
-+ [61120].name = "read_mem",
-+ [61120].param3 = 1,
-+ [61222].file = "net/sunrpc/rpc_pipe.c",
-+ [61222].name = "rpc_pipe_generic_upcall",
-+ [61222].param4 = 1,
-+ [61254].file = "drivers/scsi/scsi_devinfo.c",
-+ [61254].name = "proc_scsi_devinfo_write",
-+ [61254].param3 = 1,
-+ [61283].file = "drivers/net/wireless/ath/ath6kl/debug.c",
-+ [61283].name = "ath6kl_fwlog_read",
-+ [61283].param3 = 1,
-+ [61289].file = "security/apparmor/apparmorfs.c",
-+ [61289].name = "aa_simple_write_to_buffer",
-+ [61289].param4 = 1,
-+ [61389].file = "include/linux/slab.h",
-+ [61389].name = "kzalloc_node",
-+ [61389].param1 = 1,
-+ [61546].file = "mm/filemap.c",
-+ [61546].name = "__iovec_copy_from_user_inatomic",
-+ [61546].param3 = 1,
-+ [61546].param4 = 1,
-+ [61552].file = "drivers/input/evdev.c",
-+ [61552].name = "str_to_user",
-+ [61552].param2 = 1,
-+ [61673].file = "security/keys/trusted.c",
-+ [61673].name = "trusted_update",
-+ [61673].param3 = 1,
-+ [61676].file = "kernel/module.c",
-+ [61676].name = "module_alloc_update_bounds_rx",
-+ [61676].param1 = 1,
-+ [61770].file = "drivers/media/video/et61x251/et61x251_core.c",
-+ [61770].name = "et61x251_read",
-+ [61770].param3 = 1,
-+ [6186].file = "drivers/char/mem.c",
-+ [6186].name = "read_kmem",
-+ [6186].param3 = 1,
-+ [61932].file = "drivers/message/fusion/mptctl.c",
-+ [61932].name = "__mptctl_ioctl",
-+ [61932].param2 = 1,
-+ [62081].file = "drivers/net/irda/vlsi_ir.c",
-+ [62081].name = "vlsi_alloc_ring",
-+ [62081].param3 = 1,
-+ [62116].file = "fs/libfs.c",
-+ [62116].name = "simple_attr_read",
-+ [62116].param3 = 1,
-+ [6225].file = "drivers/block/floppy.c",
-+ [6225].name = "fd_ioctl",
-+ [6225].param3 = 1,
-+ [62294].file = "sound/core/info.c",
-+ [62294].name = "resize_info_buffer",
-+ [62294].param2 = 1,
-+ [62378].file = "net/ipv4/tcp.c",
-+ [62378].name = "do_tcp_setsockopt",
-+ [62378].param5 = 1,
-+ [62387].file = "fs/nfs/idmap.c",
-+ [62387].name = "nfs_idmap_lookup_id",
-+ [62387].param2 = 1,
-+ [62453].file = "fs/namei.c",
-+ [62453].name = "user_path_create",
-+ [62453].param2 = 1,
-+ [62495].file = "drivers/block/floppy.c",
-+ [62495].name = "fallback_on_nodma_alloc",
-+ [62495].param2 = 1,
-+ [62498].file = "fs/xattr.c",
-+ [62498].name = "sys_listxattr",
-+ [62498].param3 = 1,
-+ [62583].file = "drivers/net/wireless/mwifiex/debugfs.c",
-+ [62583].name = "mwifiex_regrdwr_write",
-+ [62583].param3 = 1,
-+ [625].file = "fs/read_write.c",
-+ [625].name = "sys_pwritev",
-+ [625].param3 = 1,
-+ [62669].file = "drivers/platform/x86/asus_acpi.c",
-+ [62669].name = "tled_proc_write",
-+ [62669].param3 = 1,
-+ [62714].file = "security/keys/keyctl.c",
-+ [62714].name = "keyctl_update_key",
-+ [62714].param3 = 1,
-+ [62799].file = "fs/proc/task_mmu.c",
-+ [62799].name = "pagemap_read",
-+ [62799].param3 = 1,
-+ [62811].file = "drivers/usb/misc/legousbtower.c",
-+ [62811].name = "tower_read",
-+ [62811].param3 = 1,
-+ [62851].file = "fs/proc/vmcore.c",
-+ [62851].name = "read_vmcore",
-+ [62851].param3 = 1,
-+ [62925].file = "include/rdma/ib_verbs.h",
-+ [62925].name = "ib_copy_from_udata",
-+ [62925].param3 = 1,
-+ [62967].file = "security/keys/encrypted-keys/encrypted.c",
-+ [62967].name = "encrypted_update",
-+ [62967].param3 = 1,
-+ [62970].file = "net/sched/sch_api.c",
-+ [62970].name = "qdisc_class_hash_alloc",
-+ [62970].param1 = 1,
-+ [62999].file = "net/core/neighbour.c",
-+ [62999].name = "neigh_hash_alloc",
-+ [62999].param1 = 1,
-+ [63004].file = "drivers/usb/storage/datafab.c",
-+ [63004].name = "datafab_write_data",
-+ [63004].param4 = 1,
-+ [63007].file = "fs/proc/base.c",
-+ [63007].name = "proc_coredump_filter_write",
-+ [63007].param3 = 1,
-+ [63010].file = "drivers/gpu/drm/ttm/ttm_page_alloc.c",
-+ [63010].name = "ttm_page_pool_free",
-+ [63010].param2 = 1,
-+ [63076].file = "fs/cifs/xattr.c",
-+ [63076].name = "cifs_setxattr",
-+ [63076].param4 = 1,
-+ [63091].file = "drivers/net/usb/pegasus.c",
-+ [63091].name = "get_registers",
-+ [63091].param3 = 1,
-+ [63169].file = "drivers/scsi/sg.c",
-+ [63169].name = "sg_read",
-+ [63169].param3 = 1,
-+ [6331].file = "drivers/atm/solos-pci.c",
-+ [6331].name = "solos_param_store",
-+ [6331].param4 = 1,
-+ [63367].file = "net/netfilter/ipset/ip_set_core.c",
-+ [63367].name = "ip_set_alloc",
-+ [63367].param1 = 1,
-+ [63473].file = "drivers/staging/pohmelfs/trans.c",
-+ [63473].name = "netfs_trans_alloc",
-+ [63473].param2 = 1,
-+ [63473].param4 = 1,
-+ [63489].file = "drivers/bluetooth/btmrvl_debugfs.c",
-+ [63489].name = "btmrvl_hscfgcmd_write",
-+ [63489].param3 = 1,
-+ [63490].file = "crypto/shash.c",
-+ [63490].name = "shash_compat_setkey",
-+ [63490].param3 = 1,
-+ [63583].file = "drivers/char/mem.c",
-+ [63583].name = "write_kmem",
-+ [63583].param3 = 1,
-+ [63605].file = "mm/mempool.c",
-+ [63605].name = "mempool_kmalloc",
-+ [63605].param2 = 1,
-+ [63717].file = "drivers/net/wireless/iwlwifi/iwl-trans-pcie.c",
-+ [63717].name = "iwl_dbgfs_csr_write",
-+ [63717].param3 = 1,
-+ [63748].file = "drivers/staging/crystalhd/crystalhd_misc.c",
-+ [63748].name = "crystalhd_map_dio",
-+ [63748].param3 = 1,
-+ [63765].file = "fs/seq_file.c",
-+ [63765].name = "seq_read",
-+ [63765].param3 = 1,
-+ [63777].file = "drivers/virtio/virtio_ring.c",
-+ [63777].name = "virtqueue_add_buf_gfp",
-+ [63777].param3 = 1,
-+ [63777].param4 = 1,
-+ [63961].file = "fs/xattr.c",
-+ [63961].name = "sys_flistxattr",
-+ [63961].param3 = 1,
-+ [63988].file = "drivers/input/evdev.c",
-+ [63988].name = "evdev_ioctl_compat",
-+ [63988].param2 = 1,
-+ [64118].file = "fs/namei.c",
-+ [64118].name = "sys_symlinkat",
-+ [64118].param1 = 1,
-+ [64156].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c",
-+ [64156].name = "ath6kl_mgmt_tx",
-+ [64156].param9 = 1,
-+ [64227].file = "mm/nobootmem.c",
-+ [64227].name = "__alloc_bootmem_node_nopanic",
-+ [64227].param2 = 1,
-+ [64312].file = "drivers/video/hecubafb.c",
-+ [64312].name = "hecubafb_write",
-+ [64312].param3 = 1,
-+ [64351].file = "kernel/kfifo.c",
-+ [64351].name = "kfifo_copy_from_user",
-+ [64351].param3 = 1,
-+ [64392].file = "drivers/mmc/core/mmc_ops.c",
-+ [64392].name = "mmc_send_cxd_data",
-+ [64392].param5 = 1,
-+ [64471].file = "drivers/bluetooth/btmrvl_debugfs.c",
-+ [64471].name = "btmrvl_hscmd_write",
-+ [64471].param3 = 1,
-+ [64667].file = "sound/core/oss/pcm_oss.c",
-+ [64667].name = "snd_pcm_oss_read",
-+ [64667].param3 = 1,
-+ [64689].file = "sound/isa/gus/gus_dram.c",
-+ [64689].name = "snd_gus_dram_read",
-+ [64689].param4 = 1,
-+ [64692].file = "fs/binfmt_misc.c",
-+ [64692].name = "bm_entry_write",
-+ [64692].param3 = 1,
-+ [64705].file = "drivers/staging/iio/accel/sca3000_ring.c",
-+ [64705].name = "sca3000_read_first_n_hw_rb",
-+ [64705].param2 = 1,
-+ [64743].file = "fs/ocfs2/dlmfs/dlmfs.c",
-+ [64743].name = "dlmfs_file_read",
-+ [64743].param3 = 1,
-+ [6477].file = "net/bluetooth/mgmt.c",
-+ [6477].name = "mgmt_pending_add",
-+ [6477].param5 = 1,
-+ [64898].file = "drivers/media/video/videobuf-dma-sg.c",
-+ [64898].name = "videobuf_dma_init_user",
-+ [64898].param3 = 1,
-+ [64898].param4 = 1,
-+ [64906].file = "drivers/net/wireless/b43legacy/debugfs.c",
-+ [64906].name = "b43legacy_debugfs_write",
-+ [64906].param3 = 1,
-+ [64961].file = "drivers/spi/spidev.c",
-+ [64961].name = "spidev_ioctl",
-+ [64961].param2 = 1,
-+ [65033].file = "crypto/shash.c",
-+ [65033].name = "shash_async_setkey",
-+ [65033].param3 = 1,
-+ [65093].file = "security/integrity/evm/evm_secfs.c",
-+ [65093].name = "evm_write_key",
-+ [65093].param3 = 1,
-+ [65098].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [65098].name = "iwl_dbgfs_traffic_log_write",
-+ [65098].param3 = 1,
-+ [6514].file = "mm/nobootmem.c",
-+ [6514].name = "__alloc_bootmem_low",
-+ [6514].param1 = 1,
-+ [65169].file = "net/core/skbuff.c",
-+ [65169].name = "dev_alloc_skb",
-+ [65169].param1 = 1,
-+ [6517].file = "drivers/md/dm-table.c",
-+ [6517].name = "alloc_targets",
-+ [6517].param2 = 1,
-+ [65195].file = "fs/jffs2/xattr.c",
-+ [65195].name = "do_jffs2_setxattr",
-+ [65195].param5 = 1,
-+ [65237].file = "kernel/profile.c",
-+ [65237].name = "read_profile",
-+ [65237].param3 = 1,
-+ [65345].file = "lib/xz/xz_dec_lzma2.c",
-+ [65345].name = "xz_dec_lzma2_create",
-+ [65345].param2 = 1,
-+ [65364].file = "sound/core/pcm_lib.c",
-+ [65364].name = "snd_pcm_lib_read_transfer",
-+ [65364].param5 = 1,
-+ [65409].file = "net/802/garp.c",
-+ [65409].name = "garp_request_join",
-+ [65409].param4 = 1,
-+ [65432].file = "drivers/hid/hid-roccat-kone.c",
-+ [65432].name = "kone_receive",
-+ [65432].param4 = 1,
-+ [65452].file = "drivers/message/fusion/mptctl.c",
-+ [65452].name = "mptctl_ioctl",
-+ [65452].param2 = 1,
-+ [65514].file = "drivers/media/video/gspca/t613.c",
-+ [65514].name = "reg_w_ixbuf",
-+ [65514].param4 = 1,
-+ [6551].file = "drivers/usb/host/xhci-mem.c",
-+ [6551].name = "xhci_alloc_stream_info",
-+ [6551].param3 = 1,
-+ [65535].file = "drivers/media/dvb/dvb-usb/opera1.c",
-+ [65535].name = "opera1_xilinx_rw",
-+ [65535].param5 = 1,
-+ [6657].file = "drivers/hid/hid-roccat-kone.c",
-+ [6657].name = "kone_send",
-+ [6657].param4 = 1,
-+ [6672].file = "drivers/net/wireless/b43/debugfs.c",
-+ [6672].name = "b43_debugfs_write",
-+ [6672].param3 = 1,
-+ [6691].file = "drivers/acpi/proc.c",
-+ [6691].name = "acpi_system_write_wakeup_device",
-+ [6691].param3 = 1,
-+ [6772].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c",
-+ [6772].name = "iwl_dbgfs_force_reset_write",
-+ [6772].param3 = 1,
-+ [6780].file = "sound/core/info.c",
-+ [6780].name = "snd_info_entry_read",
-+ [6780].param3 = 1,
-+ [6800].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c",
-+ [6800].name = "iwl_legacy_dbgfs_missed_beacon_write",
-+ [6800].param3 = 1,
-+ [680].file = "drivers/misc/ibmasm/ibmasmfs.c",
-+ [680].name = "command_file_read",
-+ [680].param3 = 1,
-+ [6865].file = "drivers/staging/iio/ring_sw.c",
-+ [6865].name = "iio_read_first_n_sw_rb",
-+ [6865].param2 = 1,
-+ [6867].file = "fs/coda/psdev.c",
-+ [6867].name = "coda_psdev_read",
-+ [6867].param3 = 1,
-+ [6891].file = "drivers/bluetooth/btmrvl_debugfs.c",
-+ [6891].name = "btmrvl_gpiogap_write",
-+ [6891].param3 = 1,
-+ [6944].file = "drivers/ide/ide-proc.c",
-+ [6944].name = "ide_settings_proc_write",
-+ [6944].param3 = 1,
-+ [6950].file = "drivers/isdn/capi/capi.c",
-+ [6950].name = "capi_write",
-+ [6950].param3 = 1,
-+ [697].file = "sound/isa/gus/gus_dram.c",
-+ [697].name = "snd_gus_dram_peek",
-+ [697].param4 = 1,
-+ [7066].file = "security/keys/keyctl.c",
-+ [7066].name = "keyctl_instantiate_key_common",
-+ [7066].param4 = 1,
-+ [7129].file = "mm/maccess.c",
-+ [7129].name = "__probe_kernel_read",
-+ [7129].param3 = 1,
-+ [720].file = "sound/pci/rme9652/hdsp.c",
-+ [720].name = "snd_hdsp_playback_copy",
-+ [720].param5 = 1,
-+ [7411].file = "drivers/vhost/vhost.c",
-+ [7411].name = "__vhost_add_used_n",
-+ [7411].param3 = 1,
-+ [7488].file = "security/keys/user_defined.c",
-+ [7488].name = "user_read",
-+ [7488].param3 = 1,
-+ [7551].file = "drivers/input/touchscreen/ad7879-spi.c",
-+ [7551].name = "ad7879_spi_xfer",
-+ [7551].param3 = 1,
-+ [7676].file = "drivers/acpi/custom_method.c",
-+ [7676].name = "cm_write",
-+ [7676].param3 = 1,
-+ [7832].file = "drivers/net/wireless/ath/ath5k/debug.c",
-+ [7832].name = "write_file_antenna",
-+ [7832].param3 = 1,
-+ [7843].file = "fs/compat.c",
-+ [7843].name = "compat_sys_readv",
-+ [7843].param3 = 1,
-+ [7958].file = "drivers/gpu/vga/vgaarb.c",
-+ [7958].name = "vga_arb_write",
-+ [7958].param3 = 1,
-+ [7976].file = "drivers/usb/gadget/rndis.c",
-+ [7976].name = "rndis_add_response",
-+ [7976].param2 = 1,
-+ [8014].file = "net/netfilter/ipset/ip_set_list_set.c",
-+ [8014].name = "init_list_set",
-+ [8014].param2 = 1,
-+ [8014].param3 = 1,
-+ [8087].file = "drivers/video/via/viafbdev.c",
-+ [8087].name = "viafb_iga1_odev_proc_write",
-+ [8087].param3 = 1,
-+ [8126].file = "sound/soc/soc-core.c",
-+ [8126].name = "codec_reg_read_file",
-+ [8126].param3 = 1,
-+ [8185].file = "drivers/net/wireless/ath/ath6kl/debug.c",
-+ [8185].name = "ath6kl_regwrite_write",
-+ [8185].param3 = 1,
-+ [8317].file = "security/smack/smackfs.c",
-+ [8317].name = "smk_write_ambient",
-+ [8317].param3 = 1,
-+ [8334].file = "drivers/scsi/sg.c",
-+ [8334].name = "sg_proc_write_adio",
-+ [8334].param3 = 1,
-+ [8481].file = "drivers/isdn/i4l/isdn_common.c",
-+ [8481].name = "isdn_write",
-+ [8481].param3 = 1,
-+ [8536].file = "fs/cifs/dns_resolve.c",
-+ [8536].name = "dns_resolve_server_name_to_ip",
-+ [8536].param1 = 1,
-+ [8650].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c",
-+ [8650].name = "vmw_kms_present",
-+ [8650].param9 = 1,
-+ [865].file = "drivers/base/regmap/regmap-debugfs.c",
-+ [865].name = "regmap_access_read_file",
-+ [865].param3 = 1,
-+ [8663].file = "net/bridge/netfilter/ebtables.c",
-+ [8663].name = "do_update_counters",
-+ [8663].param4 = 1,
-+ [8684].file = "fs/read_write.c",
-+ [8684].name = "sys_writev",
-+ [8684].param3 = 1,
-+ [8699].file = "security/selinux/selinuxfs.c",
-+ [8699].name = "sel_commit_bools_write",
-+ [8699].param3 = 1,
-+ [8714].file = "lib/kstrtox.c",
-+ [8714].name = "kstrtou16_from_user",
-+ [8714].param2 = 1,
-+ [8764].file = "drivers/usb/core/devio.c",
-+ [8764].name = "usbdev_read",
-+ [8764].param3 = 1,
-+ [8802].file = "fs/dlm/user.c",
-+ [8802].name = "device_write",
-+ [8802].param3 = 1,
-+ [8810].file = "net/mac80211/debugfs_sta.c",
-+ [8810].name = "sta_agg_status_write",
-+ [8810].param3 = 1,
-+ [8815].file = "security/tomoyo/securityfs_if.c",
-+ [8815].name = "tomoyo_write_self",
-+ [8815].param3 = 1,
-+ [8821].file = "net/wireless/sme.c",
-+ [8821].name = "cfg80211_roamed",
-+ [8821].param5 = 1,
-+ [8821].param7 = 1,
-+ [8833].file = "security/selinux/ss/services.c",
-+ [8833].name = "security_context_to_sid",
-+ [8833].param2 = 1,
-+ [8851].file = "net/key/af_key.c",
-+ [8851].name = "pfkey_sendmsg",
-+ [8851].param4 = 1,
-+ [8917].file = "net/ipv4/raw.c",
-+ [8917].name = "raw_setsockopt",
-+ [8917].param5 = 1,
-+ [8983].file = "include/linux/skbuff.h",
-+ [8983].name = "alloc_skb",
-+ [8983].param1 = 1,
-+ [9226].file = "mm/migrate.c",
-+ [9226].name = "sys_move_pages",
-+ [9226].param2 = 1,
-+ [9341].file = "drivers/acpi/apei/erst-dbg.c",
-+ [9341].name = "erst_dbg_write",
-+ [9341].param3 = 1,
-+ [9463].file = "drivers/infiniband/hw/ipath/ipath_verbs.c",
-+ [9463].name = "ipath_verbs_send",
-+ [9463].param3 = 1,
-+ [9463].param5 = 1,
-+ [9546].file = "drivers/video/fbmem.c",
-+ [9546].name = "fb_write",
-+ [9546].param3 = 1,
-+ [9601].file = "kernel/kfifo.c",
-+ [9601].name = "__kfifo_from_user",
-+ [9601].param3 = 1,
-+ [9618].file = "security/selinux/selinuxfs.c",
-+ [9618].name = "sel_write_bool",
-+ [9618].param3 = 1,
-+ [9768].file = "drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c",
-+ [9768].name = "vmw_execbuf_process",
-+ [9768].param5 = 1,
-+ [9828].file = "drivers/media/dvb/dvb-core/dmxdev.c",
-+ [9828].name = "dvb_demux_do_ioctl",
-+ [9828].param3 = 1,
-+ [9870].file = "net/atm/addr.c",
-+ [9870].name = "atm_get_addr",
-+ [9870].param3 = 1,
-+ [9962].file = "drivers/scsi/sg.c",
-+ [9962].name = "sg_proc_write_dressz",
-+ [9962].param3 = 1,
-+ [9977].file = "drivers/net/wireless/zd1211rw/zd_usb.c",
-+ [9977].name = "zd_usb_iowrite16v_async",
-+ [9977].param3 = 1,
-+ [16344].collision = 1,
-+ [30494].collision = 1,
-+ [31291].collision = 1,
-+ [33040].collision = 1,
-+ [38314].collision = 1,
-+ [54338].collision = 1,
-+ [60651].collision = 1,
-+};
-diff --git a/tools/gcc/size_overflow_hash2.h b/tools/gcc/size_overflow_hash2.h
-new file mode 100644
-index 0000000..8ed7d96
---- /dev/null
-+++ b/tools/gcc/size_overflow_hash2.h
-@@ -0,0 +1,44 @@
-+struct size_overflow_hash size_overflow_hash2[65536] = {
-+ [2118].file = "fs/ntfs/malloc.h",
-+ [2118].name = "ntfs_malloc_nofs",
-+ [2118].param1 = 1,
-+ [22224].file = "fs/proc/vmcore.c",
-+ [22224].name = "read_from_oldmem",
-+ [22224].param2 = 1,
-+ [26518].file = "drivers/gpu/vga/vgaarb.c",
-+ [26518].name = "vga_arb_read",
-+ [26518].param3 = 1,
-+ [26569].file = "lib/kstrtox.c",
-+ [26569].name = "kstrtoint_from_user",
-+ [26569].param2 = 1,
-+ [30632].file = "drivers/ide/ide-proc.c",
-+ [30632].name = "ide_driver_proc_write",
-+ [30632].param3 = 1,
-+ [36150].file = "net/ceph/buffer.c",
-+ [36150].name = "ceph_buffer_new",
-+ [36150].param1 = 1,
-+ [39024].file = "lib/scatterlist.c",
-+ [39024].name = "sg_kmalloc",
-+ [39024].param1 = 1,
-+ [39105].file = "drivers/gpu/drm/ttm/ttm_tt.c",
-+ [39105].name = "ttm_tt_create",
-+ [39105].param2 = 1,
-+ [43208].file = "fs/nfs/read.c",
-+ [43208].name = "nfs_readdata_alloc",
-+ [43208].param1 = 1,
-+ [46911].file = "drivers/media/video/ivtv/ivtv-fileops.c",
-+ [46911].name = "ivtv_v4l2_read",
-+ [46911].param3 = 1,
-+ [50359].file = "kernel/sched.c",
-+ [50359].name = "alloc_sched_domains",
-+ [50359].param1 = 1,
-+ [52857].file = "sound/pci/rme9652/rme9652.c",
-+ [52857].name = "snd_rme9652_capture_copy",
-+ [52857].param5 = 1,
-+ [57500].file = "drivers/spi/spidev.c",
-+ [57500].name = "spidev_write",
-+ [57500].param3 = 1,
-+ [65149].file = "fs/nilfs2/ioctl.c",
-+ [65149].name = "nilfs_ioctl_wrap_copy",
-+ [65149].param4 = 1,
-+};
-diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
-new file mode 100644
-index 0000000..a9ae886
---- /dev/null
-+++ b/tools/gcc/size_overflow_plugin.c
-@@ -0,0 +1,1042 @@
-+/*
-+ * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
-+ *
-+ * Homepage:
-+ * http://www.grsecurity.net/~ephox/overflow_plugin/
-+ *
-+ * This plugin recomputes expressions of function arguments marked by a size_overflow attribute
-+ * with double integer precision (DImode/TImode for 32/64 bit integer types).
-+ * The recomputed argument is checked against INT_MAX and an event is logged on overflow and the triggering process is killed.
-+ *
-+ * Usage:
-+ * $ gcc -I`gcc -print-file-name=plugin`/include -fPIC -shared -O2 -o size_overflow_plugin.so size_overflow_plugin.c
-+ * $ gcc -fplugin=size_overflow_plugin.so test.c -O2
-+ */
-+
-+#include "gcc-plugin.h"
-+#include "config.h"
-+#include "system.h"
-+#include "coretypes.h"
-+#include "tree.h"
-+#include "tree-pass.h"
-+#include "intl.h"
-+#include "plugin-version.h"
-+#include "tm.h"
-+#include "toplev.h"
-+#include "function.h"
-+#include "tree-flow.h"
-+#include "plugin.h"
-+#include "gimple.h"
-+#include "c-common.h"
-+#include "diagnostic.h"
-+
-+struct size_overflow_hash {
-+ const char *name;
-+ const char *file;
-+ unsigned short collision:1;
-+ unsigned short param1:1;
-+ unsigned short param2:1;
-+ unsigned short param3:1;
-+ unsigned short param4:1;
-+ unsigned short param5:1;
-+ unsigned short param6:1;
-+ unsigned short param7:1;
-+ unsigned short param8:1;
-+ unsigned short param9:1;
-+};
-+
-+#include "size_overflow_hash1.h"
-+#include "size_overflow_hash2.h"
-+
-+#define __unused __attribute__((__unused__))
-+#define NAME(node) IDENTIFIER_POINTER(DECL_NAME(node))
-+#define BEFORE_STMT true
-+#define AFTER_STMT false
-+#define CREATE_NEW_VAR NULL_TREE
-+
-+int plugin_is_GPL_compatible;
-+void debug_gimple_stmt (gimple gs);
-+
-+static tree expand(struct pointer_set_t *visited, tree var);
-+static tree signed_size_overflow_type;
-+static tree unsigned_size_overflow_type;
-+static tree report_size_overflow_decl;
-+static tree const_char_ptr_type_node;
-+static unsigned int handle_function(void);
-+
-+static struct plugin_info size_overflow_plugin_info = {
-+ .version = "20120311beta",
-+ .help = "no-size_overflow\tturn off size overflow checking\n",
-+};
-+
-+static tree handle_size_overflow_attribute(tree *node, tree __unused name, tree args, int __unused flags, bool *no_add_attrs)
-+{
-+ unsigned int arg_count = type_num_arguments(*node);
-+
-+ for (; args; args = TREE_CHAIN(args)) {
-+ tree position = TREE_VALUE(args);
-+ if (TREE_CODE(position) != INTEGER_CST || TREE_INT_CST_HIGH(position) || TREE_INT_CST_LOW(position) < 1 || TREE_INT_CST_LOW(position) > arg_count ) {
-+ error("handle_size_overflow_attribute: overflow parameter outside range.");
-+ *no_add_attrs = true;
-+ }
-+ }
-+ return NULL_TREE;
-+}
-+
-+static struct attribute_spec no_size_overflow_attr = {
-+ .name = "size_overflow",
-+ .min_length = 1,
-+ .max_length = -1,
-+ .decl_required = false,
-+ .type_required = true,
-+ .function_type_required = true,
-+ .handler = handle_size_overflow_attribute
-+};
-+
-+static void register_attributes(void __unused *event_data, void __unused *data)
-+{
-+ register_attribute(&no_size_overflow_attr);
-+}
-+
-+// http://www.team5150.com/~andrew/noncryptohashzoo2~/CrapWow.html
-+static unsigned int CrapWow(const char *key, unsigned int len, unsigned int seed)
-+{
-+#define cwfold( a, b, lo, hi ) { p = (unsigned int)(a) * (unsigned long long)(b); lo ^= (unsigned int)p; hi ^= (unsigned int)(p >> 32); }
-+#define cwmixa( in ) { cwfold( in, m, k, h ); }
-+#define cwmixb( in ) { cwfold( in, n, h, k ); }
-+
-+ const unsigned int m = 0x57559429;
-+ const unsigned int n = 0x5052acdb;
-+ const unsigned int *key4 = (const unsigned int *)key;
-+ unsigned int h = len;
-+ unsigned int k = len + seed + n;
-+ unsigned long long p;
-+
-+ while (len >= 8) {
-+ cwmixb(key4[0]) cwmixa(key4[1]) key4 += 2;
-+ len -= 8;
-+ }
-+ if (len >= 4) {
-+ cwmixb(key4[0]) key4 += 1;
-+ len -= 4;
-+ }
-+ if (len)
-+ cwmixa(key4[0] & ((1 << (len * 8)) - 1 ));
-+ cwmixb(h ^ (k + n));
-+ return k ^ h;
-+
-+#undef cwfold
-+#undef cwmixa
-+#undef cwmixb
-+}
-+
-+static inline unsigned int size_overflow_hash(const char *fndecl, unsigned int seed)
-+{
-+ return CrapWow(fndecl, strlen(fndecl), seed) & 0xffff;
-+}
-+
-+static inline tree get_original_function_decl(tree fndecl)
-+{
-+ if (DECL_ABSTRACT_ORIGIN(fndecl))
-+ return DECL_ABSTRACT_ORIGIN(fndecl);
-+ return fndecl;
-+}
-+
-+static inline gimple get_def_stmt(tree node)
-+{
-+ gcc_assert(TREE_CODE(node) == SSA_NAME);
-+ return SSA_NAME_DEF_STMT(node);
-+}
-+
-+static struct size_overflow_hash *get_function_hash(tree fndecl)
-+{
-+ unsigned int hash;
-+ const char *func = NAME(fndecl);
-+
-+ hash = size_overflow_hash(func, 0);
-+
-+ if (size_overflow_hash1[hash].collision) {
-+ hash = size_overflow_hash(func, 23432);
-+ return &size_overflow_hash2[hash];
-+ }
-+ return &size_overflow_hash1[hash];
-+}
-+
-+static void check_missing_attribute(tree arg)
-+{
-+ tree var, func = get_original_function_decl(current_function_decl);
-+ const char *curfunc = NAME(func);
-+ unsigned int new_hash, argnum = 1;
-+ struct size_overflow_hash *hash;
-+ location_t loc;
-+ expanded_location xloc;
-+ bool match = false;
-+
-+ loc = DECL_SOURCE_LOCATION(func);
-+ xloc = expand_location(loc);
-+
-+ if (lookup_attribute("size_overflow", TYPE_ATTRIBUTES(TREE_TYPE(func))))
-+ return;
-+
-+ hash = get_function_hash(func);
-+ if (hash->name && !strcmp(hash->name, NAME(func)) && !strcmp(hash->file, xloc.file))
-+ return;
-+
-+ gcc_assert(TREE_CODE(arg) != COMPONENT_REF);
-+
-+ if (TREE_CODE(arg) == SSA_NAME)
-+ arg = SSA_NAME_VAR(arg);
-+
-+ for (var = DECL_ARGUMENTS(func); var; var = TREE_CHAIN(var)) {
-+ if (strcmp(NAME(arg), NAME(var))) {
-+ argnum++;
-+ continue;
-+ }
-+ match = true;
-+ if (!TYPE_UNSIGNED(TREE_TYPE(var)))
-+ return;
-+ break;
-+ }
-+ if (!match) {
-+ warning(0, "check_missing_attribute: cannot find the %s argument in %s", NAME(arg), NAME(func));
-+ return;
-+ }
-+
-+#define check_param(num) \
-+ if (num == argnum && hash->param##num) \
-+ return;
-+ check_param(1);
-+ check_param(2);
-+ check_param(3);
-+ check_param(4);
-+ check_param(5);
-+ check_param(6);
-+ check_param(7);
-+ check_param(8);
-+ check_param(9);
-+#undef check_param
-+
-+ new_hash = size_overflow_hash(curfunc, 0);
-+ inform(loc, "Function %s is missing from the size_overflow hash table +%s+%d+%u+%s", curfunc, curfunc, argnum, new_hash, xloc.file);
-+}
-+
-+static tree create_new_var(tree type)
-+{
-+ tree new_var = create_tmp_var(type, "cicus");
-+
-+ add_referenced_var(new_var);
-+ mark_sym_for_renaming(new_var);
-+ return new_var;
-+}
-+
-+static bool is_bool(tree node)
-+{
-+ tree type;
-+
-+ if (node == NULL_TREE)
-+ return false;
-+
-+ type = TREE_TYPE(node);
-+ if (!INTEGRAL_TYPE_P(type))
-+ return false;
-+ if (TREE_CODE(type) == BOOLEAN_TYPE)
-+ return true;
-+ if (TYPE_PRECISION(type) == 1)
-+ return true;
-+ return false;
-+}
-+
-+static gimple build_cast_stmt(tree type, tree var, tree new_var, location_t loc)
-+{
-+ gimple assign;
-+
-+ if (new_var == CREATE_NEW_VAR)
-+ new_var = create_new_var(type);
-+
-+ assign = gimple_build_assign(new_var, fold_convert(type, var));
-+ gimple_set_location(assign, loc);
-+ gimple_set_lhs(assign, make_ssa_name(new_var, assign));
-+
-+ return assign;
-+}
-+
-+static tree create_assign(struct pointer_set_t *visited, gimple oldstmt, tree rhs1, bool before)
-+{
-+ tree oldstmt_rhs1;
-+ enum tree_code code;
-+ gimple stmt;
-+ gimple_stmt_iterator gsi;
-+
-+ if (is_bool(rhs1)) {
-+ pointer_set_insert(visited, oldstmt);
-+ return gimple_get_lhs(oldstmt);
-+ }
-+
-+ if (rhs1 == NULL_TREE) {
-+ debug_gimple_stmt(oldstmt);
-+ error("create_assign: rhs1 is NULL_TREE");
-+ gcc_unreachable();
-+ }
-+
-+ oldstmt_rhs1 = gimple_assign_rhs1(oldstmt);
-+ code = TREE_CODE(oldstmt_rhs1);
-+ if (code == PARM_DECL || (code == SSA_NAME && gimple_code(get_def_stmt(oldstmt_rhs1)) == GIMPLE_NOP))
-+ check_missing_attribute(oldstmt_rhs1);
-+
-+ stmt = build_cast_stmt(signed_size_overflow_type, rhs1, CREATE_NEW_VAR, gimple_location(oldstmt));
-+ gsi = gsi_for_stmt(oldstmt);
-+ if (before)
-+ gsi_insert_before(&gsi, stmt, GSI_NEW_STMT);
-+ else
-+ gsi_insert_after(&gsi, stmt, GSI_NEW_STMT);
-+ update_stmt(stmt);
-+ pointer_set_insert(visited, oldstmt);
-+ return gimple_get_lhs(stmt);
-+}
-+
-+static tree dup_assign(struct pointer_set_t *visited, gimple oldstmt, tree rhs1, tree rhs2, tree __unused rhs3)
-+{
-+ tree new_var, lhs = gimple_get_lhs(oldstmt);
-+ gimple stmt;
-+ gimple_stmt_iterator gsi;
-+
-+ if (gimple_num_ops(oldstmt) != 4 && rhs1 == NULL_TREE) {
-+ rhs1 = gimple_assign_rhs1(oldstmt);
-+ rhs1 = create_assign(visited, oldstmt, rhs1, BEFORE_STMT);
-+ }
-+ if (gimple_num_ops(oldstmt) == 3 && rhs2 == NULL_TREE) {
-+ rhs2 = gimple_assign_rhs2(oldstmt);
-+ rhs2 = create_assign(visited, oldstmt, rhs2, BEFORE_STMT);
-+ }
-+
-+ stmt = gimple_copy(oldstmt);
-+ gimple_set_location(stmt, gimple_location(oldstmt));
-+
-+ if (gimple_assign_rhs_code(oldstmt) == WIDEN_MULT_EXPR)
-+ gimple_assign_set_rhs_code(stmt, MULT_EXPR);
-+
-+ if (is_bool(lhs))
-+ new_var = SSA_NAME_VAR(lhs);
-+ else
-+ new_var = create_new_var(signed_size_overflow_type);
-+ new_var = make_ssa_name(new_var, stmt);
-+ gimple_set_lhs(stmt, new_var);
-+
-+ if (rhs1 != NULL_TREE) {
-+ if (!gimple_assign_cast_p(oldstmt))
-+ rhs1 = fold_convert(signed_size_overflow_type, rhs1);
-+ gimple_assign_set_rhs1(stmt, rhs1);
-+ }
-+
-+ if (rhs2 != NULL_TREE)
-+ gimple_assign_set_rhs2(stmt, rhs2);
-+#if BUILDING_GCC_VERSION >= 4007
-+ if (rhs3 != NULL_TREE)
-+ gimple_assign_set_rhs3(stmt, rhs3);
-+#endif
-+ gimple_set_vuse(stmt, gimple_vuse(oldstmt));
-+ gimple_set_vdef(stmt, gimple_vdef(oldstmt));
-+
-+ gsi = gsi_for_stmt(oldstmt);
-+ gsi_insert_after(&gsi, stmt, GSI_SAME_STMT);
-+ update_stmt(stmt);
-+ pointer_set_insert(visited, oldstmt);
-+ return gimple_get_lhs(stmt);
-+}
-+
-+static gimple overflow_create_phi_node(gimple oldstmt, tree var)
-+{
-+ basic_block bb;
-+ gimple phi;
-+ gimple_stmt_iterator gsi = gsi_for_stmt(oldstmt);
-+
-+ bb = gsi_bb(gsi);
-+ phi = make_phi_node(var, EDGE_COUNT(bb->preds));
-+
-+ gsi_insert_after(&gsi, phi, GSI_NEW_STMT);
-+ gimple_set_bb(phi, bb);
-+ return phi;
-+}
-+
-+static tree signed_cast_constant(tree node)
-+{
-+ gcc_assert(is_gimple_constant(node));
-+
-+ if (TYPE_PRECISION(signed_size_overflow_type) == TYPE_PRECISION(TREE_TYPE(node)))
-+ return build_int_cst_wide(signed_size_overflow_type, TREE_INT_CST_LOW(node), TREE_INT_CST_HIGH(node));
-+ else
-+ return build_int_cst(signed_size_overflow_type, int_cst_value(node));
-+}
-+
-+static gimple cast_old_phi_arg(gimple oldstmt, tree arg, tree new_var)
-+{
-+ basic_block first_bb;
-+ gimple newstmt;
-+ gimple_stmt_iterator gsi;
-+
-+ newstmt = build_cast_stmt(signed_size_overflow_type, arg, new_var, gimple_location(oldstmt));
-+
-+ first_bb = split_block_after_labels(ENTRY_BLOCK_PTR)->dest;
-+ if (dom_info_available_p(CDI_DOMINATORS))
-+ set_immediate_dominator(CDI_DOMINATORS, first_bb, ENTRY_BLOCK_PTR);
-+ gsi = gsi_start_bb(first_bb);
-+
-+ gsi_insert_before(&gsi, newstmt, GSI_NEW_STMT);
-+ return newstmt;
-+}
-+
-+static gimple handle_new_phi_arg(tree arg, tree new_var, tree new_rhs)
-+{
-+ gimple newstmt;
-+ gimple_stmt_iterator gsi;
-+ void (*gsi_insert)(gimple_stmt_iterator *, gimple, enum gsi_iterator_update);
-+ gimple def_newstmt = get_def_stmt(new_rhs);
-+
-+ gsi_insert = gsi_insert_after;
-+ gsi = gsi_for_stmt(def_newstmt);
-+
-+ switch (gimple_code(get_def_stmt(arg))) {
-+ case GIMPLE_PHI:
-+ newstmt = gimple_build_assign(new_var, new_rhs);
-+ gsi = gsi_after_labels(gimple_bb(def_newstmt));
-+ gsi_insert = gsi_insert_before;
-+ break;
-+ case GIMPLE_ASM:
-+ case GIMPLE_CALL:
-+ newstmt = gimple_build_assign(new_var, new_rhs);
-+ break;
-+ case GIMPLE_ASSIGN:
-+ newstmt = gimple_copy(def_newstmt);
-+ break;
-+ default:
-+ /* unknown gimple_code (build_new_phi_arg) */
-+ gcc_unreachable();
-+ }
-+
-+ gimple_set_lhs(newstmt, make_ssa_name(new_var, newstmt));
-+ gsi_insert(&gsi, newstmt, GSI_NEW_STMT);
-+ return newstmt;
-+}
-+
-+static tree build_new_phi_arg(struct pointer_set_t *visited, gimple oldstmt, tree arg, tree new_var)
-+{
-+ gimple newstmt;
-+ tree new_rhs;
-+
-+ if (is_gimple_constant(arg))
-+ return signed_cast_constant(arg);
-+
-+ pointer_set_insert(visited, oldstmt);
-+ new_rhs = expand(visited, arg);
-+ if (new_rhs == NULL_TREE) {
-+ gcc_assert(TREE_CODE(TREE_TYPE(arg)) != VOID_TYPE);
-+ newstmt = cast_old_phi_arg(oldstmt, arg, new_var);
-+ } else
-+ newstmt = handle_new_phi_arg(arg, new_var, new_rhs);
-+ update_stmt(newstmt);
-+ return gimple_get_lhs(newstmt);
-+}
-+
-+static tree build_new_phi(struct pointer_set_t *visited, gimple oldstmt)
-+{
-+ gimple phi;
-+ tree new_var = create_new_var(signed_size_overflow_type);
-+ unsigned int i, n = gimple_phi_num_args(oldstmt);
-+
-+ phi = overflow_create_phi_node(oldstmt, new_var);
-+
-+ for (i = 0; i < n; i++) {
-+ tree arg, lhs;
-+
-+ arg = gimple_phi_arg_def(oldstmt, i);
-+ lhs = build_new_phi_arg(visited, oldstmt, arg, new_var);
-+ add_phi_arg(phi, lhs, gimple_phi_arg_edge(oldstmt, i), gimple_location(oldstmt));
-+ }
-+ update_stmt(phi);
-+ return gimple_phi_result(phi);
-+}
-+
-+static tree handle_unary_ops(struct pointer_set_t *visited, tree var)
-+{
-+ gimple def_stmt = get_def_stmt(var);
-+ tree new_rhs1, rhs1 = gimple_assign_rhs1(def_stmt);
-+
-+ if (is_gimple_constant(rhs1))
-+ return dup_assign(visited, def_stmt, signed_cast_constant(rhs1), NULL_TREE, NULL_TREE);
-+
-+ switch (TREE_CODE(rhs1)) {
-+ case SSA_NAME:
-+ new_rhs1 = expand(visited, rhs1);
-+ break;
-+ case ARRAY_REF:
-+ case ADDR_EXPR:
-+ case COMPONENT_REF:
-+ case COND_EXPR:
-+ case INDIRECT_REF:
-+#if BUILDING_GCC_VERSION >= 4006
-+ case MEM_REF:
-+#endif
-+ case PARM_DECL:
-+ case TARGET_MEM_REF:
-+ case VAR_DECL:
-+ return create_assign(visited, def_stmt, var, AFTER_STMT);
-+ default:
-+ debug_gimple_stmt(def_stmt);
-+ debug_tree(rhs1);
-+ gcc_unreachable();
-+ }
-+
-+ if (new_rhs1 == NULL_TREE)
-+ return create_assign(visited, def_stmt, rhs1, AFTER_STMT);
-+ return dup_assign(visited, def_stmt, new_rhs1, NULL_TREE, NULL_TREE);
-+}
-+
-+static tree transform_mult_overflow(tree rhs, tree const_rhs, tree log2const_rhs, location_t loc)
-+{
-+ tree new_def_rhs;
-+
-+ if (!is_gimple_constant(rhs))
-+ return NULL_TREE;
-+
-+ new_def_rhs = fold_build2_loc(loc, MULT_EXPR, TREE_TYPE(const_rhs), rhs, const_rhs);
-+ new_def_rhs = signed_cast_constant(new_def_rhs);
-+ if (int_cst_value(new_def_rhs) >= 0)
-+ return NULL_TREE;
-+ return fold_build2_loc(loc, RSHIFT_EXPR, TREE_TYPE(new_def_rhs), new_def_rhs, log2const_rhs);
-+}
-+
-+static tree handle_intentional_mult_overflow(struct pointer_set_t *visited, tree rhs, tree const_rhs)
-+{
-+ gimple new_def_stmt, def_stmt;
-+ tree def_rhs1, def_rhs2, new_def_rhs;
-+ location_t loc;
-+ tree log2const_rhs;
-+ int log2 = exact_log2(TREE_INT_CST_LOW(const_rhs));
-+
-+ if (log2 == -1) {
-+// warning(0, "Possibly unhandled intentional integer truncation");
-+ return NULL_TREE;
-+ }
-+
-+ def_stmt = get_def_stmt(rhs);
-+ loc = gimple_location(def_stmt);
-+ def_rhs1 = gimple_assign_rhs1(def_stmt);
-+ def_rhs2 = gimple_assign_rhs2(def_stmt);
-+ new_def_stmt = get_def_stmt(expand(visited, rhs));
-+ log2const_rhs = build_int_cstu(TREE_TYPE(const_rhs), log2);
-+
-+ new_def_rhs = transform_mult_overflow(def_rhs1, const_rhs, log2const_rhs, loc);
-+ if (new_def_rhs != NULL_TREE) {
-+ gimple_assign_set_rhs1(new_def_stmt, new_def_rhs);
-+ } else {
-+ new_def_rhs = transform_mult_overflow(def_rhs2, const_rhs, log2const_rhs, loc);
-+ if (new_def_rhs != NULL_TREE)
-+ gimple_assign_set_rhs2(new_def_stmt, new_def_rhs);
-+ }
-+ if (new_def_rhs == NULL_TREE)
-+ return NULL_TREE;
-+
-+ update_stmt(new_def_stmt);
-+// warning(0, "Handle integer truncation (gcc optimization)");
-+ return gimple_get_lhs(new_def_stmt);
-+}
-+
-+static bool is_mult_overflow(gimple def_stmt, tree rhs1)
-+{
-+ gimple rhs1_def_stmt = get_def_stmt(rhs1);
-+
-+ if (gimple_assign_rhs_code(def_stmt) != MULT_EXPR)
-+ return false;
-+ if (gimple_code(rhs1_def_stmt) != GIMPLE_ASSIGN)
-+ return false;
-+ if (gimple_assign_rhs_code(rhs1_def_stmt) != PLUS_EXPR)
-+ return false;
-+ return true;
-+}
-+
-+static tree handle_intentional_overflow(struct pointer_set_t *visited, gimple def_stmt, tree rhs1, tree rhs2)
-+{
-+ if (is_mult_overflow(def_stmt, rhs1))
-+ return handle_intentional_mult_overflow(visited, rhs1, rhs2);
-+ return NULL_TREE;
-+}
-+
-+static tree handle_binary_ops(struct pointer_set_t *visited, tree var)
-+{
-+ tree rhs1, rhs2;
-+ gimple def_stmt = get_def_stmt(var);
-+ tree new_rhs1 = NULL_TREE;
-+ tree new_rhs2 = NULL_TREE;
-+
-+ rhs1 = gimple_assign_rhs1(def_stmt);
-+ rhs2 = gimple_assign_rhs2(def_stmt);
-+
-+ /* no DImode/TImode division in the 32/64 bit kernel */
-+ switch (gimple_assign_rhs_code(def_stmt)) {
-+ case RDIV_EXPR:
-+ case TRUNC_DIV_EXPR:
-+ case CEIL_DIV_EXPR:
-+ case FLOOR_DIV_EXPR:
-+ case ROUND_DIV_EXPR:
-+ case TRUNC_MOD_EXPR:
-+ case CEIL_MOD_EXPR:
-+ case FLOOR_MOD_EXPR:
-+ case ROUND_MOD_EXPR:
-+ case EXACT_DIV_EXPR:
-+ case POINTER_PLUS_EXPR:
-+ /* logical AND cannot cause an overflow */
-+ case BIT_AND_EXPR:
-+ return create_assign(visited, def_stmt, var, AFTER_STMT);
-+ default:
-+ break;
-+ }
-+
-+ if (is_gimple_constant(rhs2)) {
-+ new_rhs2 = signed_cast_constant(rhs2);
-+ new_rhs1 = handle_intentional_overflow(visited, def_stmt, rhs1, rhs2);
-+ }
-+
-+ if (is_gimple_constant(rhs1)) {
-+ new_rhs1 = signed_cast_constant(rhs1);
-+ new_rhs2 = handle_intentional_overflow(visited, def_stmt, rhs2, rhs1);
-+ }
-+
-+ if (new_rhs1 == NULL_TREE && TREE_CODE(rhs1) == SSA_NAME)
-+ new_rhs1 = expand(visited, rhs1);
-+ if (new_rhs2 == NULL_TREE && TREE_CODE(rhs2) == SSA_NAME)
-+ new_rhs2 = expand(visited, rhs2);
-+
-+ return dup_assign(visited, def_stmt, new_rhs1, new_rhs2, NULL_TREE);
-+}
-+
-+#if BUILDING_GCC_VERSION >= 4007
-+static tree get_new_rhs(struct pointer_set_t *visited, tree rhs)
-+{
-+ if (is_gimple_constant(rhs))
-+ return signed_cast_constant(rhs);
-+ if (TREE_CODE(rhs) != SSA_NAME)
-+ return NULL_TREE;
-+ return expand(visited, rhs);
-+}
-+
-+static tree handle_ternary_ops(struct pointer_set_t *visited, tree var)
-+{
-+ tree rhs1, rhs2, rhs3, new_rhs1, new_rhs2, new_rhs3;
-+ gimple def_stmt = get_def_stmt(var);
-+
-+ rhs1 = gimple_assign_rhs1(def_stmt);
-+ rhs2 = gimple_assign_rhs2(def_stmt);
-+ rhs3 = gimple_assign_rhs3(def_stmt);
-+ new_rhs1 = get_new_rhs(visited, rhs1);
-+ new_rhs2 = get_new_rhs(visited, rhs2);
-+ new_rhs3 = get_new_rhs(visited, rhs3);
-+
-+ if (new_rhs1 == NULL_TREE && new_rhs2 != NULL_TREE && new_rhs3 != NULL_TREE)
-+ return dup_assign(visited, def_stmt, new_rhs1, new_rhs2, new_rhs3);
-+ error("handle_ternary_ops: unknown rhs");
-+ gcc_unreachable();
-+}
-+#endif
-+
-+static void set_size_overflow_type(tree node)
-+{
-+ switch (TYPE_MODE(TREE_TYPE(node))) {
-+ case SImode:
-+ signed_size_overflow_type = intDI_type_node;
-+ unsigned_size_overflow_type = unsigned_intDI_type_node;
-+ break;
-+ case DImode:
-+ if (LONG_TYPE_SIZE == GET_MODE_BITSIZE(SImode)) {
-+ signed_size_overflow_type = intDI_type_node;
-+ unsigned_size_overflow_type = unsigned_intDI_type_node;
-+ } else {
-+ signed_size_overflow_type = intTI_type_node;
-+ unsigned_size_overflow_type = unsigned_intTI_type_node;
-+ }
-+ break;
-+ default:
-+ error("set_size_overflow_type: unsupported gcc configuration.");
-+ gcc_unreachable();
-+ }
-+}
-+
-+static tree expand_visited(gimple def_stmt)
-+{
-+ gimple tmp;
-+ gimple_stmt_iterator gsi = gsi_for_stmt(def_stmt);
-+
-+ gsi_next(&gsi);
-+ tmp = gsi_stmt(gsi);
-+ switch (gimple_code(tmp)) {
-+ case GIMPLE_ASSIGN:
-+ return gimple_get_lhs(tmp);
-+ case GIMPLE_PHI:
-+ return gimple_phi_result(tmp);
-+ case GIMPLE_CALL:
-+ return gimple_call_lhs(tmp);
-+ default:
-+ return NULL_TREE;
-+ }
-+}
-+
-+static tree expand(struct pointer_set_t *visited, tree var)
-+{
-+ gimple def_stmt;
-+
-+ if (is_gimple_constant(var))
-+ return NULL_TREE;
-+
-+ if (TREE_CODE(var) == ADDR_EXPR)
-+ return NULL_TREE;
-+
-+ if (SSA_NAME_IS_DEFAULT_DEF(var))
-+ return NULL_TREE;
-+
-+ def_stmt = get_def_stmt(var);
-+
-+ if (!def_stmt)
-+ return NULL_TREE;
-+
-+ if (pointer_set_contains(visited, def_stmt))
-+ return expand_visited(def_stmt);
-+
-+ switch (gimple_code(def_stmt)) {
-+ case GIMPLE_NOP:
-+ check_missing_attribute(var);
-+ return NULL_TREE;
-+ case GIMPLE_PHI:
-+ return build_new_phi(visited, def_stmt);
-+ case GIMPLE_CALL:
-+ case GIMPLE_ASM:
-+ gcc_assert(TREE_CODE(TREE_TYPE(var)) != VOID_TYPE);
-+ return create_assign(visited, def_stmt, var, AFTER_STMT);
-+ case GIMPLE_ASSIGN:
-+ switch (gimple_num_ops(def_stmt)) {
-+ case 2:
-+ return handle_unary_ops(visited, var);
-+ case 3:
-+ return handle_binary_ops(visited, var);
-+#if BUILDING_GCC_VERSION >= 4007
-+ case 4:
-+ return handle_ternary_ops(visited, var);
-+#endif
-+ }
-+ default:
-+ debug_gimple_stmt(def_stmt);
-+ error("expand: unknown gimple code");
-+ gcc_unreachable();
-+ }
-+}
-+
-+static void change_function_arg(gimple func_stmt, tree origarg, unsigned int argnum, tree newarg)
-+{
-+ gimple assign, stmt;
-+ gimple_stmt_iterator gsi = gsi_for_stmt(func_stmt);
-+ tree origtype = TREE_TYPE(origarg);
-+
-+ stmt = gsi_stmt(gsi);
-+ gcc_assert(gimple_code(stmt) == GIMPLE_CALL);
-+
-+ assign = build_cast_stmt(origtype, newarg, CREATE_NEW_VAR, gimple_location(stmt));
-+ gsi_insert_before(&gsi, assign, GSI_SAME_STMT);
-+ update_stmt(assign);
-+
-+ gimple_call_set_arg(stmt, argnum, gimple_get_lhs(assign));
-+ update_stmt(stmt);
-+}
-+
-+static tree get_function_arg(unsigned int argnum, gimple stmt, tree fndecl)
-+{
-+ const char *origid;
-+ tree arg, origarg;
-+
-+ if (!DECL_ABSTRACT_ORIGIN(fndecl)) {
-+ gcc_assert(gimple_call_num_args(stmt) > argnum);
-+ return gimple_call_arg(stmt, argnum);
-+ }
-+
-+ origarg = DECL_ARGUMENTS(DECL_ABSTRACT_ORIGIN(fndecl));
-+ while (origarg && argnum) {
-+ argnum--;
-+ origarg = TREE_CHAIN(origarg);
-+ }
-+
-+ gcc_assert(argnum == 0);
-+
-+ gcc_assert(origarg != NULL_TREE);
-+ origid = NAME(origarg);
-+ for (arg = DECL_ARGUMENTS(fndecl); arg; arg = TREE_CHAIN(arg)) {
-+ if (!strcmp(origid, NAME(arg)))
-+ return arg;
-+ }
-+ return NULL_TREE;
-+}
-+
-+static void insert_cond(tree arg, basic_block cond_bb)
-+{
-+ gimple cond_stmt;
-+ gimple_stmt_iterator gsi = gsi_last_bb(cond_bb);
-+
-+ cond_stmt = gimple_build_cond(GT_EXPR, arg, build_int_cstu(signed_size_overflow_type, 0x7fffffff), NULL_TREE, NULL_TREE);
-+ gsi_insert_after(&gsi, cond_stmt, GSI_CONTINUE_LINKING);
-+ update_stmt(cond_stmt);
-+}
-+
-+static tree create_string_param(tree string)
-+{
-+ tree array_ref = build4(ARRAY_REF, TREE_TYPE(string), string, integer_zero_node, NULL, NULL);
-+
-+ return build1(ADDR_EXPR, ptr_type_node, array_ref);
-+}
-+
-+static void insert_cond_result(basic_block bb_true, gimple stmt, tree arg)
-+{
-+ gimple func_stmt, def_stmt;
-+ tree current_func, loc_file, loc_line;
-+ expanded_location xloc;
-+ gimple_stmt_iterator gsi = gsi_start_bb(bb_true);
-+
-+ def_stmt = get_def_stmt(arg);
-+ xloc = expand_location(gimple_location(def_stmt));
-+
-+ if (!gimple_has_location(def_stmt)) {
-+ xloc = expand_location(gimple_location(stmt));
-+ gcc_assert(gimple_has_location(stmt));
-+ }
-+
-+ loc_line = build_int_cstu(unsigned_type_node, xloc.line);
-+
-+ loc_file = build_string(strlen(xloc.file), xloc.file);
-+ TREE_TYPE(loc_file) = char_array_type_node;
-+ loc_file = create_string_param(loc_file);
-+
-+ current_func = build_string(IDENTIFIER_LENGTH(DECL_NAME(current_function_decl)), NAME(current_function_decl));
-+ TREE_TYPE(current_func) = char_array_type_node;
-+ current_func = create_string_param(current_func);
-+
-+ // void report_size_overflow(const char *file, unsigned int line, const char *func)
-+ func_stmt = gimple_build_call(report_size_overflow_decl, 3, loc_file, loc_line, current_func);
-+
-+ gsi_insert_after(&gsi, func_stmt, GSI_CONTINUE_LINKING);
-+}
-+
-+static void insert_check_size_overflow(gimple stmt, tree arg)
-+{
-+ basic_block cond_bb, join_bb, bb_true;
-+ edge e;
-+ gimple_stmt_iterator gsi = gsi_for_stmt(stmt);
-+
-+ cond_bb = gimple_bb(stmt);
-+ gsi_prev(&gsi);
-+ if (gsi_end_p(gsi))
-+ e = split_block_after_labels(cond_bb);
-+ else
-+ e = split_block(cond_bb, gsi_stmt(gsi));
-+ cond_bb = e->src;
-+ join_bb = e->dest;
-+ e->flags = EDGE_FALSE_VALUE;
-+ e->probability = REG_BR_PROB_BASE;
-+
-+ bb_true = create_empty_bb(cond_bb);
-+ make_edge(cond_bb, bb_true, EDGE_TRUE_VALUE);
-+
-+ if (dom_info_available_p(CDI_DOMINATORS)) {
-+ set_immediate_dominator(CDI_DOMINATORS, bb_true, cond_bb);
-+ set_immediate_dominator(CDI_DOMINATORS, join_bb, cond_bb);
-+ }
-+
-+ insert_cond(arg, cond_bb);
-+ insert_cond_result(bb_true, stmt, arg);
-+}
-+
-+static void handle_function_arg(gimple stmt, tree fndecl, unsigned int argnum)
-+{
-+ struct pointer_set_t *visited;
-+ tree arg, newarg;
-+ gimple ucast_stmt;
-+ gimple_stmt_iterator gsi;
-+ location_t loc = gimple_location(stmt);
-+
-+ arg = get_function_arg(argnum, stmt, fndecl);
-+ if (arg == NULL_TREE)
-+ return;
-+
-+ if (is_gimple_constant(arg))
-+ return;
-+ if (TREE_CODE(arg) != SSA_NAME)
-+ return;
-+
-+ set_size_overflow_type(arg);
-+ visited = pointer_set_create();
-+ newarg = expand(visited, arg);
-+ pointer_set_destroy(visited);
-+
-+ if (newarg == NULL_TREE)
-+ return;
-+
-+ change_function_arg(stmt, arg, argnum, newarg);
-+
-+ ucast_stmt = build_cast_stmt(unsigned_size_overflow_type, newarg, CREATE_NEW_VAR, loc);
-+ gsi = gsi_for_stmt(stmt);
-+ gsi_insert_before(&gsi, ucast_stmt, GSI_SAME_STMT);
-+
-+ insert_check_size_overflow(stmt, gimple_get_lhs(ucast_stmt));
-+// inform(loc, "Integer size_overflow check applied here.");
-+}
-+
-+static void handle_function_by_attribute(gimple stmt, tree attr, tree fndecl)
-+{
-+ tree p = TREE_VALUE(attr);
-+ do {
-+ handle_function_arg(stmt, fndecl, TREE_INT_CST_LOW(TREE_VALUE(p))-1);
-+ p = TREE_CHAIN(p);
-+ } while (p);
-+}
-+
-+static void handle_function_by_hash(gimple stmt, tree fndecl)
-+{
-+ struct size_overflow_hash *hash;
-+ expanded_location xloc;
-+
-+ hash = get_function_hash(fndecl);
-+ xloc = expand_location(DECL_SOURCE_LOCATION(fndecl));
-+
-+ fndecl = get_original_function_decl(fndecl);
-+ if (!hash->name || !hash->file)
-+ return;
-+ if (strcmp(hash->name, NAME(fndecl)) || strcmp(hash->file, xloc.file))
-+ return;
-+
-+#define search_param(argnum) \
-+ if (hash->param##argnum) \
-+ handle_function_arg(stmt, fndecl, argnum - 1);
-+
-+ search_param(1);
-+ search_param(2);
-+ search_param(3);
-+ search_param(4);
-+ search_param(5);
-+ search_param(6);
-+ search_param(7);
-+ search_param(8);
-+ search_param(9);
-+#undef search_param
-+}
-+
-+static unsigned int handle_function(void)
-+{
-+ basic_block bb = ENTRY_BLOCK_PTR->next_bb;
-+ int saved_last_basic_block = last_basic_block;
-+
-+ do {
-+ gimple_stmt_iterator gsi;
-+ basic_block next = bb->next_bb;
-+
-+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
-+ tree fndecl, attr;
-+ gimple stmt = gsi_stmt(gsi);
-+
-+ if (!(is_gimple_call(stmt)))
-+ continue;
-+ fndecl = gimple_call_fndecl(stmt);
-+ if (fndecl == NULL_TREE)
-+ continue;
-+ if (gimple_call_num_args(stmt) == 0)
-+ continue;
-+ attr = lookup_attribute("size_overflow", TYPE_ATTRIBUTES(TREE_TYPE(fndecl)));
-+ if (!attr || !TREE_VALUE(attr))
-+ handle_function_by_hash(stmt, fndecl);
-+ else
-+ handle_function_by_attribute(stmt, attr, fndecl);
-+ gsi = gsi_for_stmt(stmt);
-+ }
-+ bb = next;
-+ } while (bb && bb->index <= saved_last_basic_block);
-+ return 0;
-+}
-+
-+static struct gimple_opt_pass size_overflow_pass = {
-+ .pass = {
-+ .type = GIMPLE_PASS,
-+ .name = "size_overflow",
-+ .gate = NULL,
-+ .execute = handle_function,
-+ .sub = NULL,
-+ .next = NULL,
-+ .static_pass_number = 0,
-+ .tv_id = TV_NONE,
-+ .properties_required = PROP_cfg | PROP_referenced_vars,
-+ .properties_provided = 0,
-+ .properties_destroyed = 0,
-+ .todo_flags_start = 0,
-+ .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_remove_unused_locals | TODO_update_ssa_no_phi | TODO_cleanup_cfg | TODO_ggc_collect | TODO_verify_flow
-+ }
-+};
-+
-+static void start_unit_callback(void __unused *gcc_data, void __unused *user_data)
-+{
-+ tree fntype;
-+
-+ const_char_ptr_type_node = build_pointer_type(build_type_variant(char_type_node, 1, 0));
-+
-+ // void report_size_overflow(const char *loc_file, unsigned int loc_line, const char *current_func)
-+ fntype = build_function_type_list(void_type_node,
-+ const_char_ptr_type_node,
-+ unsigned_type_node,
-+ const_char_ptr_type_node,
-+ NULL_TREE);
-+ report_size_overflow_decl = build_fn_decl("report_size_overflow", fntype);
-+
-+ TREE_PUBLIC(report_size_overflow_decl) = 1;
-+ DECL_EXTERNAL(report_size_overflow_decl) = 1;
-+ DECL_ARTIFICIAL(report_size_overflow_decl) = 1;
-+}
-+
-+extern struct gimple_opt_pass pass_dce;
-+
-+int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
-+{
-+ int i;
-+ const char * const plugin_name = plugin_info->base_name;
-+ const int argc = plugin_info->argc;
-+ const struct plugin_argument * const argv = plugin_info->argv;
-+ bool enable = true;
-+
-+ struct register_pass_info size_overflow_pass_info = {
-+ .pass = &size_overflow_pass.pass,
-+ .reference_pass_name = "mudflap2",
-+ .ref_pass_instance_number = 1,
-+ .pos_op = PASS_POS_INSERT_BEFORE
-+ };
-+
-+ struct register_pass_info dce_pass_info = {
-+ .pass = &pass_dce.pass,
-+ .reference_pass_name = "mudflap2",
-+ .ref_pass_instance_number = 1,
-+ .pos_op = PASS_POS_INSERT_BEFORE
-+ };
-+
-+ if (!plugin_default_version_check(version, &gcc_version)) {
-+ error(G_("incompatible gcc/plugin versions"));
-+ return 1;
-+ }
-+
-+ for (i = 0; i < argc; ++i) {
-+ if (!(strcmp(argv[i].key, "no-size_overflow"))) {
-+ enable = false;
-+ continue;
-+ }
-+ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
-+ }
-+
-+ register_callback(plugin_name, PLUGIN_INFO, NULL, &size_overflow_plugin_info);
-+ if (enable) {
-+ register_callback ("start_unit", PLUGIN_START_UNIT, &start_unit_callback, NULL);
-+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &size_overflow_pass_info);
-+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &dce_pass_info);
-+ }
-+ register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL);
-+
-+ return 0;
-+}
diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c
new file mode 100644
index 0000000..b87ec9d
@@ -86095,7 +80407,7 @@ index af0f22f..9a7d479 100644
break;
}
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index d9cfb78..4f27c10 100644
+index a91f980..a58d32c 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -75,7 +75,7 @@ LIST_HEAD(vm_list);
@@ -86107,7 +80419,7 @@ index d9cfb78..4f27c10 100644
struct kmem_cache *kvm_vcpu_cache;
EXPORT_SYMBOL_GPL(kvm_vcpu_cache);
-@@ -2268,7 +2268,7 @@ static void hardware_enable_nolock(void *junk)
+@@ -2312,7 +2312,7 @@ static void hardware_enable_nolock(void *junk)
if (r) {
cpumask_clear_cpu(cpu, cpus_hardware_enabled);
@@ -86116,7 +80428,7 @@ index d9cfb78..4f27c10 100644
printk(KERN_INFO "kvm: enabling virtualization on "
"CPU%d failed\n", cpu);
}
-@@ -2322,10 +2322,10 @@ static int hardware_enable_all(void)
+@@ -2366,10 +2366,10 @@ static int hardware_enable_all(void)
kvm_usage_count++;
if (kvm_usage_count == 1) {
@@ -86129,7 +80441,7 @@ index d9cfb78..4f27c10 100644
hardware_disable_all_nolock();
r = -EBUSY;
}
-@@ -2676,7 +2676,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
+@@ -2732,7 +2732,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
kvm_arch_vcpu_put(vcpu);
}
@@ -86138,7 +80450,7 @@ index d9cfb78..4f27c10 100644
struct module *module)
{
int r;
-@@ -2739,7 +2739,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -2795,7 +2795,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (!vcpu_align)
vcpu_align = __alignof__(struct kvm_vcpu);
kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align,
@@ -86147,7 +80459,7 @@ index d9cfb78..4f27c10 100644
if (!kvm_vcpu_cache) {
r = -ENOMEM;
goto out_free_3;
-@@ -2749,9 +2749,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -2805,9 +2805,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (r)
goto out_free;
diff --git a/3.2.12/4430_grsec-remove-localversion-grsec.patch b/3.3.0/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
rename from 3.2.12/4430_grsec-remove-localversion-grsec.patch
rename to 3.3.0/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.2.12/4435_grsec-mute-warnings.patch b/3.3.0/4435_grsec-mute-warnings.patch
similarity index 100%
rename from 3.2.12/4435_grsec-mute-warnings.patch
rename to 3.3.0/4435_grsec-mute-warnings.patch
diff --git a/3.2.12/4440_grsec-remove-protected-paths.patch b/3.3.0/4440_grsec-remove-protected-paths.patch
similarity index 100%
rename from 3.2.12/4440_grsec-remove-protected-paths.patch
rename to 3.3.0/4440_grsec-remove-protected-paths.patch
diff --git a/3.2.12/4445_grsec-pax-without-grsec.patch b/3.3.0/4445_grsec-pax-without-grsec.patch
similarity index 100%
rename from 3.2.12/4445_grsec-pax-without-grsec.patch
rename to 3.3.0/4445_grsec-pax-without-grsec.patch
diff --git a/3.2.12/4450_grsec-kconfig-default-gids.patch b/3.3.0/4450_grsec-kconfig-default-gids.patch
similarity index 100%
rename from 3.2.12/4450_grsec-kconfig-default-gids.patch
rename to 3.3.0/4450_grsec-kconfig-default-gids.patch
diff --git a/3.2.12/4455_grsec-kconfig-gentoo.patch b/3.3.0/4455_grsec-kconfig-gentoo.patch
similarity index 100%
rename from 3.2.12/4455_grsec-kconfig-gentoo.patch
rename to 3.3.0/4455_grsec-kconfig-gentoo.patch
diff --git a/3.2.12/4460-grsec-kconfig-proc-user.patch b/3.3.0/4460-grsec-kconfig-proc-user.patch
similarity index 100%
rename from 3.2.12/4460-grsec-kconfig-proc-user.patch
rename to 3.3.0/4460-grsec-kconfig-proc-user.patch
diff --git a/3.2.12/4465_selinux-avc_audit-log-curr_ip.patch b/3.3.0/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 100%
rename from 3.2.12/4465_selinux-avc_audit-log-curr_ip.patch
rename to 3.3.0/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.2.12/4470_disable-compat_vdso.patch b/3.3.0/4470_disable-compat_vdso.patch
similarity index 98%
rename from 3.2.12/4470_disable-compat_vdso.patch
rename to 3.3.0/4470_disable-compat_vdso.patch
index 4742d01..be237ff 100644
--- a/3.2.12/4470_disable-compat_vdso.patch
+++ b/3.3.0/4470_disable-compat_vdso.patch
@@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138
diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
--- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100
+++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100
-@@ -1651,17 +1651,8 @@
+@@ -1694,8 +1694,17 @@
config COMPAT_VDSO
def_bool n
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2012-03-27 13:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-03-27 13:44 [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.13/, 3.2.12/, 2.6.32/, 3.3.0/ Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox