Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.10.9/, 3.2.50/
Date: Thu, 29 Aug 2013 23:44:48
Message-Id: 1377819863.0e6807eeaecaa7b480734954188884619fde9cc8.blueness@gentoo
1 commit: 0e6807eeaecaa7b480734954188884619fde9cc8
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Thu Aug 29 23:44:23 2013 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Thu Aug 29 23:44:23 2013 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=0e6807ee
7
8 Grsec/PaX: 2.9.1-{3.2.50.3.10.9}-201308282054
9
10 ---
11 3.10.9/0000_README | 10 +-
12 3.10.9/1007_linux-3.10.8.patch | 1793 ------------------
13 3.10.9/1008_linux-3.10.9.patch | 37 -
14 ...420_grsecurity-2.9.1-3.10.9-201308282054.patch} | 1954 ++++++++++++++++++--
15 3.2.50/0000_README | 2 +-
16 ...420_grsecurity-2.9.1-3.2.50-201308282053.patch} | 501 ++++-
17 6 files changed, 2338 insertions(+), 1959 deletions(-)
18
19 diff --git a/3.10.9/0000_README b/3.10.9/0000_README
20 index 71cd5ee..d335961 100644
21 --- a/3.10.9/0000_README
22 +++ b/3.10.9/0000_README
23 @@ -2,15 +2,7 @@ README
24 -----------------------------------------------------------------------------
25 Individual Patch Descriptions:
26 -----------------------------------------------------------------------------
27 -Patch: 1007_linux-3.10.8.patch
28 -From: http://www.kernel.org
29 -Desc: Linux 3.10.8
30 -
31 -Patch: 1008_linux-3.10.9.patch
32 -From: http://www.kernel.org
33 -Desc: Linux 3.10.9
34 -
35 -Patch: 4420_grsecurity-2.9.1-3.10.9-201308202015.patch
36 +Patch: 4420_grsecurity-2.9.1-3.10.9-201308282054.patch
37 From: http://www.grsecurity.net
38 Desc: hardened-sources base patch from upstream grsecurity
39
40
41 diff --git a/3.10.9/1007_linux-3.10.8.patch b/3.10.9/1007_linux-3.10.8.patch
42 deleted file mode 100644
43 index bf200d8..0000000
44 --- a/3.10.9/1007_linux-3.10.8.patch
45 +++ /dev/null
46 @@ -1,1793 +0,0 @@
47 -diff --git a/Makefile b/Makefile
48 -index 33e36ab..1a21612 100644
49 ---- a/Makefile
50 -+++ b/Makefile
51 -@@ -1,6 +1,6 @@
52 - VERSION = 3
53 - PATCHLEVEL = 10
54 --SUBLEVEL = 7
55 -+SUBLEVEL = 8
56 - EXTRAVERSION =
57 - NAME = TOSSUG Baby Fish
58 -
59 -diff --git a/arch/Kconfig b/arch/Kconfig
60 -index a4429bc..00e3702 100644
61 ---- a/arch/Kconfig
62 -+++ b/arch/Kconfig
63 -@@ -404,6 +404,12 @@ config CLONE_BACKWARDS2
64 - help
65 - Architecture has the first two arguments of clone(2) swapped.
66 -
67 -+config CLONE_BACKWARDS3
68 -+ bool
69 -+ help
70 -+ Architecture has tls passed as the 3rd argument of clone(2),
71 -+ not the 5th one.
72 -+
73 - config ODD_RT_SIGACTION
74 - bool
75 - help
76 -diff --git a/arch/arm/include/asm/kvm_asm.h b/arch/arm/include/asm/kvm_asm.h
77 -index 18d5032..4bb08e3 100644
78 ---- a/arch/arm/include/asm/kvm_asm.h
79 -+++ b/arch/arm/include/asm/kvm_asm.h
80 -@@ -37,16 +37,18 @@
81 - #define c5_AIFSR 15 /* Auxilary Instrunction Fault Status R */
82 - #define c6_DFAR 16 /* Data Fault Address Register */
83 - #define c6_IFAR 17 /* Instruction Fault Address Register */
84 --#define c9_L2CTLR 18 /* Cortex A15 L2 Control Register */
85 --#define c10_PRRR 19 /* Primary Region Remap Register */
86 --#define c10_NMRR 20 /* Normal Memory Remap Register */
87 --#define c12_VBAR 21 /* Vector Base Address Register */
88 --#define c13_CID 22 /* Context ID Register */
89 --#define c13_TID_URW 23 /* Thread ID, User R/W */
90 --#define c13_TID_URO 24 /* Thread ID, User R/O */
91 --#define c13_TID_PRIV 25 /* Thread ID, Privileged */
92 --#define c14_CNTKCTL 26 /* Timer Control Register (PL1) */
93 --#define NR_CP15_REGS 27 /* Number of regs (incl. invalid) */
94 -+#define c7_PAR 18 /* Physical Address Register */
95 -+#define c7_PAR_high 19 /* PAR top 32 bits */
96 -+#define c9_L2CTLR 20 /* Cortex A15 L2 Control Register */
97 -+#define c10_PRRR 21 /* Primary Region Remap Register */
98 -+#define c10_NMRR 22 /* Normal Memory Remap Register */
99 -+#define c12_VBAR 23 /* Vector Base Address Register */
100 -+#define c13_CID 24 /* Context ID Register */
101 -+#define c13_TID_URW 25 /* Thread ID, User R/W */
102 -+#define c13_TID_URO 26 /* Thread ID, User R/O */
103 -+#define c13_TID_PRIV 27 /* Thread ID, Privileged */
104 -+#define c14_CNTKCTL 28 /* Timer Control Register (PL1) */
105 -+#define NR_CP15_REGS 29 /* Number of regs (incl. invalid) */
106 -
107 - #define ARM_EXCEPTION_RESET 0
108 - #define ARM_EXCEPTION_UNDEFINED 1
109 -diff --git a/arch/arm/include/asm/tlb.h b/arch/arm/include/asm/tlb.h
110 -index bdf2b84..aa9b4ac 100644
111 ---- a/arch/arm/include/asm/tlb.h
112 -+++ b/arch/arm/include/asm/tlb.h
113 -@@ -43,6 +43,7 @@ struct mmu_gather {
114 - struct mm_struct *mm;
115 - unsigned int fullmm;
116 - struct vm_area_struct *vma;
117 -+ unsigned long start, end;
118 - unsigned long range_start;
119 - unsigned long range_end;
120 - unsigned int nr;
121 -@@ -107,10 +108,12 @@ static inline void tlb_flush_mmu(struct mmu_gather *tlb)
122 - }
123 -
124 - static inline void
125 --tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int fullmm)
126 -+tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
127 - {
128 - tlb->mm = mm;
129 -- tlb->fullmm = fullmm;
130 -+ tlb->fullmm = !(start | (end+1));
131 -+ tlb->start = start;
132 -+ tlb->end = end;
133 - tlb->vma = NULL;
134 - tlb->max = ARRAY_SIZE(tlb->local);
135 - tlb->pages = tlb->local;
136 -diff --git a/arch/arm/kernel/perf_event.c b/arch/arm/kernel/perf_event.c
137 -index d9f5cd4..e19edc6 100644
138 ---- a/arch/arm/kernel/perf_event.c
139 -+++ b/arch/arm/kernel/perf_event.c
140 -@@ -53,7 +53,12 @@ armpmu_map_cache_event(const unsigned (*cache_map)
141 - static int
142 - armpmu_map_hw_event(const unsigned (*event_map)[PERF_COUNT_HW_MAX], u64 config)
143 - {
144 -- int mapping = (*event_map)[config];
145 -+ int mapping;
146 -+
147 -+ if (config >= PERF_COUNT_HW_MAX)
148 -+ return -ENOENT;
149 -+
150 -+ mapping = (*event_map)[config];
151 - return mapping == HW_OP_UNSUPPORTED ? -ENOENT : mapping;
152 - }
153 -
154 -@@ -253,6 +258,9 @@ validate_event(struct pmu_hw_events *hw_events,
155 - struct arm_pmu *armpmu = to_arm_pmu(event->pmu);
156 - struct pmu *leader_pmu = event->group_leader->pmu;
157 -
158 -+ if (is_software_event(event))
159 -+ return 1;
160 -+
161 - if (event->pmu != leader_pmu || event->state < PERF_EVENT_STATE_OFF)
162 - return 1;
163 -
164 -diff --git a/arch/arm/kvm/coproc.c b/arch/arm/kvm/coproc.c
165 -index 8eea97b..4a51990 100644
166 ---- a/arch/arm/kvm/coproc.c
167 -+++ b/arch/arm/kvm/coproc.c
168 -@@ -180,6 +180,10 @@ static const struct coproc_reg cp15_regs[] = {
169 - NULL, reset_unknown, c6_DFAR },
170 - { CRn( 6), CRm( 0), Op1( 0), Op2( 2), is32,
171 - NULL, reset_unknown, c6_IFAR },
172 -+
173 -+ /* PAR swapped by interrupt.S */
174 -+ { CRn( 7), Op1( 0), is64, NULL, reset_unknown64, c7_PAR },
175 -+
176 - /*
177 - * DC{C,I,CI}SW operations:
178 - */
179 -diff --git a/arch/arm/kvm/interrupts.S b/arch/arm/kvm/interrupts.S
180 -index f7793df..16cd4ba 100644
181 ---- a/arch/arm/kvm/interrupts.S
182 -+++ b/arch/arm/kvm/interrupts.S
183 -@@ -49,6 +49,7 @@ __kvm_hyp_code_start:
184 - ENTRY(__kvm_tlb_flush_vmid_ipa)
185 - push {r2, r3}
186 -
187 -+ dsb ishst
188 - add r0, r0, #KVM_VTTBR
189 - ldrd r2, r3, [r0]
190 - mcrr p15, 6, r2, r3, c2 @ Write VTTBR
191 -@@ -291,6 +292,7 @@ THUMB( orr r2, r2, #PSR_T_BIT )
192 - ldr r2, =BSYM(panic)
193 - msr ELR_hyp, r2
194 - ldr r0, =\panic_str
195 -+ clrex @ Clear exclusive monitor
196 - eret
197 - .endm
198 -
199 -@@ -414,6 +416,10 @@ guest_trap:
200 - mrcne p15, 4, r2, c6, c0, 4 @ HPFAR
201 - bne 3f
202 -
203 -+ /* Preserve PAR */
204 -+ mrrc p15, 0, r0, r1, c7 @ PAR
205 -+ push {r0, r1}
206 -+
207 - /* Resolve IPA using the xFAR */
208 - mcr p15, 0, r2, c7, c8, 0 @ ATS1CPR
209 - isb
210 -@@ -424,13 +430,20 @@ guest_trap:
211 - lsl r2, r2, #4
212 - orr r2, r2, r1, lsl #24
213 -
214 -+ /* Restore PAR */
215 -+ pop {r0, r1}
216 -+ mcrr p15, 0, r0, r1, c7 @ PAR
217 -+
218 - 3: load_vcpu @ Load VCPU pointer to r0
219 - str r2, [r0, #VCPU_HPFAR]
220 -
221 - 1: mov r1, #ARM_EXCEPTION_HVC
222 - b __kvm_vcpu_return
223 -
224 --4: pop {r0, r1, r2} @ Failed translation, return to guest
225 -+4: pop {r0, r1} @ Failed translation, return to guest
226 -+ mcrr p15, 0, r0, r1, c7 @ PAR
227 -+ clrex
228 -+ pop {r0, r1, r2}
229 - eret
230 -
231 - /*
232 -@@ -456,6 +469,7 @@ switch_to_guest_vfp:
233 -
234 - pop {r3-r7}
235 - pop {r0-r2}
236 -+ clrex
237 - eret
238 - #endif
239 -
240 -diff --git a/arch/arm/kvm/interrupts_head.S b/arch/arm/kvm/interrupts_head.S
241 -index 3c8f2f0..2b44b95 100644
242 ---- a/arch/arm/kvm/interrupts_head.S
243 -+++ b/arch/arm/kvm/interrupts_head.S
244 -@@ -302,11 +302,14 @@ vcpu .req r0 @ vcpu pointer always in r0
245 - .endif
246 -
247 - mrc p15, 0, r2, c14, c1, 0 @ CNTKCTL
248 -+ mrrc p15, 0, r4, r5, c7 @ PAR
249 -
250 - .if \store_to_vcpu == 0
251 -- push {r2}
252 -+ push {r2,r4-r5}
253 - .else
254 - str r2, [vcpu, #CP15_OFFSET(c14_CNTKCTL)]
255 -+ add r12, vcpu, #CP15_OFFSET(c7_PAR)
256 -+ strd r4, r5, [r12]
257 - .endif
258 - .endm
259 -
260 -@@ -319,12 +322,15 @@ vcpu .req r0 @ vcpu pointer always in r0
261 - */
262 - .macro write_cp15_state read_from_vcpu
263 - .if \read_from_vcpu == 0
264 -- pop {r2}
265 -+ pop {r2,r4-r5}
266 - .else
267 - ldr r2, [vcpu, #CP15_OFFSET(c14_CNTKCTL)]
268 -+ add r12, vcpu, #CP15_OFFSET(c7_PAR)
269 -+ ldrd r4, r5, [r12]
270 - .endif
271 -
272 - mcr p15, 0, r2, c14, c1, 0 @ CNTKCTL
273 -+ mcrr p15, 0, r4, r5, c7 @ PAR
274 -
275 - .if \read_from_vcpu == 0
276 - pop {r2-r12}
277 -diff --git a/arch/arm64/include/asm/tlb.h b/arch/arm64/include/asm/tlb.h
278 -index 654f096..5546653 100644
279 ---- a/arch/arm64/include/asm/tlb.h
280 -+++ b/arch/arm64/include/asm/tlb.h
281 -@@ -35,6 +35,7 @@ struct mmu_gather {
282 - struct mm_struct *mm;
283 - unsigned int fullmm;
284 - struct vm_area_struct *vma;
285 -+ unsigned long start, end;
286 - unsigned long range_start;
287 - unsigned long range_end;
288 - unsigned int nr;
289 -@@ -97,10 +98,12 @@ static inline void tlb_flush_mmu(struct mmu_gather *tlb)
290 - }
291 -
292 - static inline void
293 --tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int fullmm)
294 -+tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
295 - {
296 - tlb->mm = mm;
297 -- tlb->fullmm = fullmm;
298 -+ tlb->fullmm = !(start | (end+1));
299 -+ tlb->start = start;
300 -+ tlb->end = end;
301 - tlb->vma = NULL;
302 - tlb->max = ARRAY_SIZE(tlb->local);
303 - tlb->pages = tlb->local;
304 -diff --git a/arch/ia64/include/asm/tlb.h b/arch/ia64/include/asm/tlb.h
305 -index ef3a9de..bc5efc7 100644
306 ---- a/arch/ia64/include/asm/tlb.h
307 -+++ b/arch/ia64/include/asm/tlb.h
308 -@@ -22,7 +22,7 @@
309 - * unmapping a portion of the virtual address space, these hooks are called according to
310 - * the following template:
311 - *
312 -- * tlb <- tlb_gather_mmu(mm, full_mm_flush); // start unmap for address space MM
313 -+ * tlb <- tlb_gather_mmu(mm, start, end); // start unmap for address space MM
314 - * {
315 - * for each vma that needs a shootdown do {
316 - * tlb_start_vma(tlb, vma);
317 -@@ -58,6 +58,7 @@ struct mmu_gather {
318 - unsigned int max;
319 - unsigned char fullmm; /* non-zero means full mm flush */
320 - unsigned char need_flush; /* really unmapped some PTEs? */
321 -+ unsigned long start, end;
322 - unsigned long start_addr;
323 - unsigned long end_addr;
324 - struct page **pages;
325 -@@ -155,13 +156,15 @@ static inline void __tlb_alloc_page(struct mmu_gather *tlb)
326 -
327 -
328 - static inline void
329 --tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int full_mm_flush)
330 -+tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
331 - {
332 - tlb->mm = mm;
333 - tlb->max = ARRAY_SIZE(tlb->local);
334 - tlb->pages = tlb->local;
335 - tlb->nr = 0;
336 -- tlb->fullmm = full_mm_flush;
337 -+ tlb->fullmm = !(start | (end+1));
338 -+ tlb->start = start;
339 -+ tlb->end = end;
340 - tlb->start_addr = ~0UL;
341 - }
342 -
343 -diff --git a/arch/m68k/emu/natfeat.c b/arch/m68k/emu/natfeat.c
344 -index 2291a7d..fa277ae 100644
345 ---- a/arch/m68k/emu/natfeat.c
346 -+++ b/arch/m68k/emu/natfeat.c
347 -@@ -18,9 +18,11 @@
348 - #include <asm/machdep.h>
349 - #include <asm/natfeat.h>
350 -
351 -+extern long nf_get_id2(const char *feature_name);
352 -+
353 - asm("\n"
354 --" .global nf_get_id,nf_call\n"
355 --"nf_get_id:\n"
356 -+" .global nf_get_id2,nf_call\n"
357 -+"nf_get_id2:\n"
358 - " .short 0x7300\n"
359 - " rts\n"
360 - "nf_call:\n"
361 -@@ -29,12 +31,25 @@ asm("\n"
362 - "1: moveq.l #0,%d0\n"
363 - " rts\n"
364 - " .section __ex_table,\"a\"\n"
365 --" .long nf_get_id,1b\n"
366 -+" .long nf_get_id2,1b\n"
367 - " .long nf_call,1b\n"
368 - " .previous");
369 --EXPORT_SYMBOL_GPL(nf_get_id);
370 - EXPORT_SYMBOL_GPL(nf_call);
371 -
372 -+long nf_get_id(const char *feature_name)
373 -+{
374 -+ /* feature_name may be in vmalloc()ed memory, so make a copy */
375 -+ char name_copy[32];
376 -+ size_t n;
377 -+
378 -+ n = strlcpy(name_copy, feature_name, sizeof(name_copy));
379 -+ if (n >= sizeof(name_copy))
380 -+ return 0;
381 -+
382 -+ return nf_get_id2(name_copy);
383 -+}
384 -+EXPORT_SYMBOL_GPL(nf_get_id);
385 -+
386 - void nfprint(const char *fmt, ...)
387 - {
388 - static char buf[256];
389 -diff --git a/arch/m68k/include/asm/div64.h b/arch/m68k/include/asm/div64.h
390 -index 444ea8a..ef881cf 100644
391 ---- a/arch/m68k/include/asm/div64.h
392 -+++ b/arch/m68k/include/asm/div64.h
393 -@@ -15,16 +15,17 @@
394 - unsigned long long n64; \
395 - } __n; \
396 - unsigned long __rem, __upper; \
397 -+ unsigned long __base = (base); \
398 - \
399 - __n.n64 = (n); \
400 - if ((__upper = __n.n32[0])) { \
401 - asm ("divul.l %2,%1:%0" \
402 -- : "=d" (__n.n32[0]), "=d" (__upper) \
403 -- : "d" (base), "0" (__n.n32[0])); \
404 -+ : "=d" (__n.n32[0]), "=d" (__upper) \
405 -+ : "d" (__base), "0" (__n.n32[0])); \
406 - } \
407 - asm ("divu.l %2,%1:%0" \
408 -- : "=d" (__n.n32[1]), "=d" (__rem) \
409 -- : "d" (base), "1" (__upper), "0" (__n.n32[1])); \
410 -+ : "=d" (__n.n32[1]), "=d" (__rem) \
411 -+ : "d" (__base), "1" (__upper), "0" (__n.n32[1])); \
412 - (n) = __n.n64; \
413 - __rem; \
414 - })
415 -diff --git a/arch/microblaze/Kconfig b/arch/microblaze/Kconfig
416 -index d22a4ec..4fab522 100644
417 ---- a/arch/microblaze/Kconfig
418 -+++ b/arch/microblaze/Kconfig
419 -@@ -28,7 +28,7 @@ config MICROBLAZE
420 - select GENERIC_CLOCKEVENTS
421 - select GENERIC_IDLE_POLL_SETUP
422 - select MODULES_USE_ELF_RELA
423 -- select CLONE_BACKWARDS
424 -+ select CLONE_BACKWARDS3
425 -
426 - config SWAP
427 - def_bool n
428 -diff --git a/arch/s390/include/asm/tlb.h b/arch/s390/include/asm/tlb.h
429 -index b75d7d6..6d6d92b 100644
430 ---- a/arch/s390/include/asm/tlb.h
431 -+++ b/arch/s390/include/asm/tlb.h
432 -@@ -32,6 +32,7 @@ struct mmu_gather {
433 - struct mm_struct *mm;
434 - struct mmu_table_batch *batch;
435 - unsigned int fullmm;
436 -+ unsigned long start, end;
437 - };
438 -
439 - struct mmu_table_batch {
440 -@@ -48,10 +49,13 @@ extern void tlb_remove_table(struct mmu_gather *tlb, void *table);
441 -
442 - static inline void tlb_gather_mmu(struct mmu_gather *tlb,
443 - struct mm_struct *mm,
444 -- unsigned int full_mm_flush)
445 -+ unsigned long start,
446 -+ unsigned long end)
447 - {
448 - tlb->mm = mm;
449 -- tlb->fullmm = full_mm_flush;
450 -+ tlb->start = start;
451 -+ tlb->end = end;
452 -+ tlb->fullmm = !(start | (end+1));
453 - tlb->batch = NULL;
454 - if (tlb->fullmm)
455 - __tlb_flush_mm(mm);
456 -diff --git a/arch/sh/include/asm/tlb.h b/arch/sh/include/asm/tlb.h
457 -index e61d43d..362192e 100644
458 ---- a/arch/sh/include/asm/tlb.h
459 -+++ b/arch/sh/include/asm/tlb.h
460 -@@ -36,10 +36,12 @@ static inline void init_tlb_gather(struct mmu_gather *tlb)
461 - }
462 -
463 - static inline void
464 --tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int full_mm_flush)
465 -+tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
466 - {
467 - tlb->mm = mm;
468 -- tlb->fullmm = full_mm_flush;
469 -+ tlb->start = start;
470 -+ tlb->end = end;
471 -+ tlb->fullmm = !(start | (end+1));
472 -
473 - init_tlb_gather(tlb);
474 - }
475 -diff --git a/arch/um/include/asm/tlb.h b/arch/um/include/asm/tlb.h
476 -index 4febacd..29b0301 100644
477 ---- a/arch/um/include/asm/tlb.h
478 -+++ b/arch/um/include/asm/tlb.h
479 -@@ -45,10 +45,12 @@ static inline void init_tlb_gather(struct mmu_gather *tlb)
480 - }
481 -
482 - static inline void
483 --tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int full_mm_flush)
484 -+tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
485 - {
486 - tlb->mm = mm;
487 -- tlb->fullmm = full_mm_flush;
488 -+ tlb->start = start;
489 -+ tlb->end = end;
490 -+ tlb->fullmm = !(start | (end+1));
491 -
492 - init_tlb_gather(tlb);
493 - }
494 -diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
495 -index 52441a2..8aac56b 100644
496 ---- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c
497 -+++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
498 -@@ -314,8 +314,8 @@ static struct uncore_event_desc snbep_uncore_imc_events[] = {
499 - static struct uncore_event_desc snbep_uncore_qpi_events[] = {
500 - INTEL_UNCORE_EVENT_DESC(clockticks, "event=0x14"),
501 - INTEL_UNCORE_EVENT_DESC(txl_flits_active, "event=0x00,umask=0x06"),
502 -- INTEL_UNCORE_EVENT_DESC(drs_data, "event=0x02,umask=0x08"),
503 -- INTEL_UNCORE_EVENT_DESC(ncb_data, "event=0x03,umask=0x04"),
504 -+ INTEL_UNCORE_EVENT_DESC(drs_data, "event=0x102,umask=0x08"),
505 -+ INTEL_UNCORE_EVENT_DESC(ncb_data, "event=0x103,umask=0x04"),
506 - { /* end: all zeroes */ },
507 - };
508 -
509 -diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
510 -index dbded5a..48f8375 100644
511 ---- a/arch/x86/kernel/sys_x86_64.c
512 -+++ b/arch/x86/kernel/sys_x86_64.c
513 -@@ -101,7 +101,7 @@ static void find_start_end(unsigned long flags, unsigned long *begin,
514 - *begin = new_begin;
515 - }
516 - } else {
517 -- *begin = TASK_UNMAPPED_BASE;
518 -+ *begin = mmap_legacy_base();
519 - *end = TASK_SIZE;
520 - }
521 - }
522 -diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c
523 -index 845df68..c1af323 100644
524 ---- a/arch/x86/mm/mmap.c
525 -+++ b/arch/x86/mm/mmap.c
526 -@@ -98,7 +98,7 @@ static unsigned long mmap_base(void)
527 - * Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64
528 - * does, but not when emulating X86_32
529 - */
530 --static unsigned long mmap_legacy_base(void)
531 -+unsigned long mmap_legacy_base(void)
532 - {
533 - if (mmap_is_ia32())
534 - return TASK_UNMAPPED_BASE;
535 -diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
536 -index d5cd313..d5bbdcf 100644
537 ---- a/block/cfq-iosched.c
538 -+++ b/block/cfq-iosched.c
539 -@@ -4347,18 +4347,28 @@ static void cfq_exit_queue(struct elevator_queue *e)
540 - kfree(cfqd);
541 - }
542 -
543 --static int cfq_init_queue(struct request_queue *q)
544 -+static int cfq_init_queue(struct request_queue *q, struct elevator_type *e)
545 - {
546 - struct cfq_data *cfqd;
547 - struct blkcg_gq *blkg __maybe_unused;
548 - int i, ret;
549 -+ struct elevator_queue *eq;
550 -+
551 -+ eq = elevator_alloc(q, e);
552 -+ if (!eq)
553 -+ return -ENOMEM;
554 -
555 - cfqd = kmalloc_node(sizeof(*cfqd), GFP_KERNEL | __GFP_ZERO, q->node);
556 -- if (!cfqd)
557 -+ if (!cfqd) {
558 -+ kobject_put(&eq->kobj);
559 - return -ENOMEM;
560 -+ }
561 -+ eq->elevator_data = cfqd;
562 -
563 - cfqd->queue = q;
564 -- q->elevator->elevator_data = cfqd;
565 -+ spin_lock_irq(q->queue_lock);
566 -+ q->elevator = eq;
567 -+ spin_unlock_irq(q->queue_lock);
568 -
569 - /* Init root service tree */
570 - cfqd->grp_service_tree = CFQ_RB_ROOT;
571 -@@ -4433,6 +4443,7 @@ static int cfq_init_queue(struct request_queue *q)
572 -
573 - out_free:
574 - kfree(cfqd);
575 -+ kobject_put(&eq->kobj);
576 - return ret;
577 - }
578 -
579 -diff --git a/block/deadline-iosched.c b/block/deadline-iosched.c
580 -index ba19a3a..20614a3 100644
581 ---- a/block/deadline-iosched.c
582 -+++ b/block/deadline-iosched.c
583 -@@ -337,13 +337,21 @@ static void deadline_exit_queue(struct elevator_queue *e)
584 - /*
585 - * initialize elevator private data (deadline_data).
586 - */
587 --static int deadline_init_queue(struct request_queue *q)
588 -+static int deadline_init_queue(struct request_queue *q, struct elevator_type *e)
589 - {
590 - struct deadline_data *dd;
591 -+ struct elevator_queue *eq;
592 -+
593 -+ eq = elevator_alloc(q, e);
594 -+ if (!eq)
595 -+ return -ENOMEM;
596 -
597 - dd = kmalloc_node(sizeof(*dd), GFP_KERNEL | __GFP_ZERO, q->node);
598 -- if (!dd)
599 -+ if (!dd) {
600 -+ kobject_put(&eq->kobj);
601 - return -ENOMEM;
602 -+ }
603 -+ eq->elevator_data = dd;
604 -
605 - INIT_LIST_HEAD(&dd->fifo_list[READ]);
606 - INIT_LIST_HEAD(&dd->fifo_list[WRITE]);
607 -@@ -355,7 +363,9 @@ static int deadline_init_queue(struct request_queue *q)
608 - dd->front_merges = 1;
609 - dd->fifo_batch = fifo_batch;
610 -
611 -- q->elevator->elevator_data = dd;
612 -+ spin_lock_irq(q->queue_lock);
613 -+ q->elevator = eq;
614 -+ spin_unlock_irq(q->queue_lock);
615 - return 0;
616 - }
617 -
618 -diff --git a/block/elevator.c b/block/elevator.c
619 -index eba5b04..668394d 100644
620 ---- a/block/elevator.c
621 -+++ b/block/elevator.c
622 -@@ -150,7 +150,7 @@ void __init load_default_elevator_module(void)
623 -
624 - static struct kobj_type elv_ktype;
625 -
626 --static struct elevator_queue *elevator_alloc(struct request_queue *q,
627 -+struct elevator_queue *elevator_alloc(struct request_queue *q,
628 - struct elevator_type *e)
629 - {
630 - struct elevator_queue *eq;
631 -@@ -170,6 +170,7 @@ err:
632 - elevator_put(e);
633 - return NULL;
634 - }
635 -+EXPORT_SYMBOL(elevator_alloc);
636 -
637 - static void elevator_release(struct kobject *kobj)
638 - {
639 -@@ -221,16 +222,7 @@ int elevator_init(struct request_queue *q, char *name)
640 - }
641 - }
642 -
643 -- q->elevator = elevator_alloc(q, e);
644 -- if (!q->elevator)
645 -- return -ENOMEM;
646 --
647 -- err = e->ops.elevator_init_fn(q);
648 -- if (err) {
649 -- kobject_put(&q->elevator->kobj);
650 -- return err;
651 -- }
652 --
653 -+ err = e->ops.elevator_init_fn(q, e);
654 - return 0;
655 - }
656 - EXPORT_SYMBOL(elevator_init);
657 -@@ -935,16 +927,9 @@ static int elevator_switch(struct request_queue *q, struct elevator_type *new_e)
658 - spin_unlock_irq(q->queue_lock);
659 -
660 - /* allocate, init and register new elevator */
661 -- err = -ENOMEM;
662 -- q->elevator = elevator_alloc(q, new_e);
663 -- if (!q->elevator)
664 -- goto fail_init;
665 --
666 -- err = new_e->ops.elevator_init_fn(q);
667 -- if (err) {
668 -- kobject_put(&q->elevator->kobj);
669 -+ err = new_e->ops.elevator_init_fn(q, new_e);
670 -+ if (err)
671 - goto fail_init;
672 -- }
673 -
674 - if (registered) {
675 - err = elv_register_queue(q);
676 -diff --git a/block/noop-iosched.c b/block/noop-iosched.c
677 -index 5d1bf70..3de89d4 100644
678 ---- a/block/noop-iosched.c
679 -+++ b/block/noop-iosched.c
680 -@@ -59,16 +59,27 @@ noop_latter_request(struct request_queue *q, struct request *rq)
681 - return list_entry(rq->queuelist.next, struct request, queuelist);
682 - }
683 -
684 --static int noop_init_queue(struct request_queue *q)
685 -+static int noop_init_queue(struct request_queue *q, struct elevator_type *e)
686 - {
687 - struct noop_data *nd;
688 -+ struct elevator_queue *eq;
689 -+
690 -+ eq = elevator_alloc(q, e);
691 -+ if (!eq)
692 -+ return -ENOMEM;
693 -
694 - nd = kmalloc_node(sizeof(*nd), GFP_KERNEL, q->node);
695 -- if (!nd)
696 -+ if (!nd) {
697 -+ kobject_put(&eq->kobj);
698 - return -ENOMEM;
699 -+ }
700 -+ eq->elevator_data = nd;
701 -
702 - INIT_LIST_HEAD(&nd->queue);
703 -- q->elevator->elevator_data = nd;
704 -+
705 -+ spin_lock_irq(q->queue_lock);
706 -+ q->elevator = eq;
707 -+ spin_unlock_irq(q->queue_lock);
708 - return 0;
709 - }
710 -
711 -diff --git a/drivers/net/can/usb/peak_usb/pcan_usb.c b/drivers/net/can/usb/peak_usb/pcan_usb.c
712 -index 25723d8..925ab8e 100644
713 ---- a/drivers/net/can/usb/peak_usb/pcan_usb.c
714 -+++ b/drivers/net/can/usb/peak_usb/pcan_usb.c
715 -@@ -649,7 +649,7 @@ static int pcan_usb_decode_data(struct pcan_usb_msg_context *mc, u8 status_len)
716 - if ((mc->ptr + rec_len) > mc->end)
717 - goto decode_failed;
718 -
719 -- memcpy(cf->data, mc->ptr, rec_len);
720 -+ memcpy(cf->data, mc->ptr, cf->can_dlc);
721 - mc->ptr += rec_len;
722 - }
723 -
724 -diff --git a/drivers/net/wireless/iwlegacy/4965-mac.c b/drivers/net/wireless/iwlegacy/4965-mac.c
725 -index 9a95045..900f5f8 100644
726 ---- a/drivers/net/wireless/iwlegacy/4965-mac.c
727 -+++ b/drivers/net/wireless/iwlegacy/4965-mac.c
728 -@@ -4442,12 +4442,12 @@ il4965_irq_tasklet(struct il_priv *il)
729 - * is killed. Hence update the killswitch state here. The
730 - * rfkill handler will care about restarting if needed.
731 - */
732 -- if (!test_bit(S_ALIVE, &il->status)) {
733 -- if (hw_rf_kill)
734 -- set_bit(S_RFKILL, &il->status);
735 -- else
736 -- clear_bit(S_RFKILL, &il->status);
737 -+ if (hw_rf_kill) {
738 -+ set_bit(S_RFKILL, &il->status);
739 -+ } else {
740 -+ clear_bit(S_RFKILL, &il->status);
741 - wiphy_rfkill_set_hw_state(il->hw->wiphy, hw_rf_kill);
742 -+ il_force_reset(il, true);
743 - }
744 -
745 - handled |= CSR_INT_BIT_RF_KILL;
746 -@@ -5316,6 +5316,9 @@ il4965_alive_start(struct il_priv *il)
747 -
748 - il->active_rate = RATES_MASK;
749 -
750 -+ il_power_update_mode(il, true);
751 -+ D_INFO("Updated power mode\n");
752 -+
753 - if (il_is_associated(il)) {
754 - struct il_rxon_cmd *active_rxon =
755 - (struct il_rxon_cmd *)&il->active;
756 -@@ -5346,9 +5349,6 @@ il4965_alive_start(struct il_priv *il)
757 - D_INFO("ALIVE processing complete.\n");
758 - wake_up(&il->wait_command_queue);
759 -
760 -- il_power_update_mode(il, true);
761 -- D_INFO("Updated power mode\n");
762 --
763 - return;
764 -
765 - restart:
766 -diff --git a/drivers/net/wireless/iwlegacy/common.c b/drivers/net/wireless/iwlegacy/common.c
767 -index e9a3cbc..9c9ebad 100644
768 ---- a/drivers/net/wireless/iwlegacy/common.c
769 -+++ b/drivers/net/wireless/iwlegacy/common.c
770 -@@ -4660,6 +4660,7 @@ il_force_reset(struct il_priv *il, bool external)
771 -
772 - return 0;
773 - }
774 -+EXPORT_SYMBOL(il_force_reset);
775 -
776 - int
777 - il_mac_change_interface(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
778 -diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c
779 -index a635988..5b44cd4 100644
780 ---- a/drivers/usb/core/quirks.c
781 -+++ b/drivers/usb/core/quirks.c
782 -@@ -78,6 +78,12 @@ static const struct usb_device_id usb_quirk_list[] = {
783 - { USB_DEVICE(0x04d8, 0x000c), .driver_info =
784 - USB_QUIRK_CONFIG_INTF_STRINGS },
785 -
786 -+ /* CarrolTouch 4000U */
787 -+ { USB_DEVICE(0x04e7, 0x0009), .driver_info = USB_QUIRK_RESET_RESUME },
788 -+
789 -+ /* CarrolTouch 4500U */
790 -+ { USB_DEVICE(0x04e7, 0x0030), .driver_info = USB_QUIRK_RESET_RESUME },
791 -+
792 - /* Samsung Android phone modem - ID conflict with SPH-I500 */
793 - { USB_DEVICE(0x04e8, 0x6601), .driver_info =
794 - USB_QUIRK_CONFIG_INTF_STRINGS },
795 -diff --git a/drivers/usb/host/ehci-sched.c b/drivers/usb/host/ehci-sched.c
796 -index f80d033..8e3c878 100644
797 ---- a/drivers/usb/host/ehci-sched.c
798 -+++ b/drivers/usb/host/ehci-sched.c
799 -@@ -1391,21 +1391,20 @@ iso_stream_schedule (
800 -
801 - /* Behind the scheduling threshold? */
802 - if (unlikely(start < next)) {
803 -+ unsigned now2 = (now - base) & (mod - 1);
804 -
805 - /* USB_ISO_ASAP: Round up to the first available slot */
806 - if (urb->transfer_flags & URB_ISO_ASAP)
807 - start += (next - start + period - 1) & -period;
808 -
809 - /*
810 -- * Not ASAP: Use the next slot in the stream. If
811 -- * the entire URB falls before the threshold, fail.
812 -+ * Not ASAP: Use the next slot in the stream,
813 -+ * no matter what.
814 - */
815 -- else if (start + span - period < next) {
816 -- ehci_dbg(ehci, "iso urb late %p (%u+%u < %u)\n",
817 -+ else if (start + span - period < now2) {
818 -+ ehci_dbg(ehci, "iso underrun %p (%u+%u < %u)\n",
819 - urb, start + base,
820 -- span - period, next + base);
821 -- status = -EXDEV;
822 -- goto fail;
823 -+ span - period, now2 + base);
824 - }
825 - }
826 -
827 -diff --git a/drivers/usb/serial/keyspan.c b/drivers/usb/serial/keyspan.c
828 -index 3549d07..07fbdf0 100644
829 ---- a/drivers/usb/serial/keyspan.c
830 -+++ b/drivers/usb/serial/keyspan.c
831 -@@ -2315,7 +2315,7 @@ static int keyspan_startup(struct usb_serial *serial)
832 - if (d_details == NULL) {
833 - dev_err(&serial->dev->dev, "%s - unknown product id %x\n",
834 - __func__, le16_to_cpu(serial->dev->descriptor.idProduct));
835 -- return 1;
836 -+ return -ENODEV;
837 - }
838 -
839 - /* Setup private data for serial driver */
840 -diff --git a/drivers/usb/serial/mos7720.c b/drivers/usb/serial/mos7720.c
841 -index f27c621..5050cc8 100644
842 ---- a/drivers/usb/serial/mos7720.c
843 -+++ b/drivers/usb/serial/mos7720.c
844 -@@ -90,6 +90,7 @@ struct urbtracker {
845 - struct list_head urblist_entry;
846 - struct kref ref_count;
847 - struct urb *urb;
848 -+ struct usb_ctrlrequest *setup;
849 - };
850 -
851 - enum mos7715_pp_modes {
852 -@@ -271,6 +272,7 @@ static void destroy_urbtracker(struct kref *kref)
853 - struct mos7715_parport *mos_parport = urbtrack->mos_parport;
854 -
855 - usb_free_urb(urbtrack->urb);
856 -+ kfree(urbtrack->setup);
857 - kfree(urbtrack);
858 - kref_put(&mos_parport->ref_count, destroy_mos_parport);
859 - }
860 -@@ -355,7 +357,6 @@ static int write_parport_reg_nonblock(struct mos7715_parport *mos_parport,
861 - struct urbtracker *urbtrack;
862 - int ret_val;
863 - unsigned long flags;
864 -- struct usb_ctrlrequest setup;
865 - struct usb_serial *serial = mos_parport->serial;
866 - struct usb_device *usbdev = serial->dev;
867 -
868 -@@ -373,14 +374,20 @@ static int write_parport_reg_nonblock(struct mos7715_parport *mos_parport,
869 - kfree(urbtrack);
870 - return -ENOMEM;
871 - }
872 -- setup.bRequestType = (__u8)0x40;
873 -- setup.bRequest = (__u8)0x0e;
874 -- setup.wValue = get_reg_value(reg, dummy);
875 -- setup.wIndex = get_reg_index(reg);
876 -- setup.wLength = 0;
877 -+ urbtrack->setup = kmalloc(sizeof(*urbtrack->setup), GFP_KERNEL);
878 -+ if (!urbtrack->setup) {
879 -+ usb_free_urb(urbtrack->urb);
880 -+ kfree(urbtrack);
881 -+ return -ENOMEM;
882 -+ }
883 -+ urbtrack->setup->bRequestType = (__u8)0x40;
884 -+ urbtrack->setup->bRequest = (__u8)0x0e;
885 -+ urbtrack->setup->wValue = get_reg_value(reg, dummy);
886 -+ urbtrack->setup->wIndex = get_reg_index(reg);
887 -+ urbtrack->setup->wLength = 0;
888 - usb_fill_control_urb(urbtrack->urb, usbdev,
889 - usb_sndctrlpipe(usbdev, 0),
890 -- (unsigned char *)&setup,
891 -+ (unsigned char *)urbtrack->setup,
892 - NULL, 0, async_complete, urbtrack);
893 - kref_init(&urbtrack->ref_count);
894 - INIT_LIST_HEAD(&urbtrack->urblist_entry);
895 -diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c
896 -index b92d333..2c1749d 100644
897 ---- a/drivers/usb/serial/mos7840.c
898 -+++ b/drivers/usb/serial/mos7840.c
899 -@@ -2208,7 +2208,7 @@ static int mos7810_check(struct usb_serial *serial)
900 - static int mos7840_probe(struct usb_serial *serial,
901 - const struct usb_device_id *id)
902 - {
903 -- u16 product = serial->dev->descriptor.idProduct;
904 -+ u16 product = le16_to_cpu(serial->dev->descriptor.idProduct);
905 - u8 *buf;
906 - int device_type;
907 -
908 -diff --git a/drivers/usb/serial/ti_usb_3410_5052.c b/drivers/usb/serial/ti_usb_3410_5052.c
909 -index 01f79f1..32bdd5e 100644
910 ---- a/drivers/usb/serial/ti_usb_3410_5052.c
911 -+++ b/drivers/usb/serial/ti_usb_3410_5052.c
912 -@@ -1536,14 +1536,15 @@ static int ti_download_firmware(struct ti_device *tdev)
913 - char buf[32];
914 -
915 - /* try ID specific firmware first, then try generic firmware */
916 -- sprintf(buf, "ti_usb-v%04x-p%04x.fw", dev->descriptor.idVendor,
917 -- dev->descriptor.idProduct);
918 -+ sprintf(buf, "ti_usb-v%04x-p%04x.fw",
919 -+ le16_to_cpu(dev->descriptor.idVendor),
920 -+ le16_to_cpu(dev->descriptor.idProduct));
921 - status = request_firmware(&fw_p, buf, &dev->dev);
922 -
923 - if (status != 0) {
924 - buf[0] = '\0';
925 -- if (dev->descriptor.idVendor == MTS_VENDOR_ID) {
926 -- switch (dev->descriptor.idProduct) {
927 -+ if (le16_to_cpu(dev->descriptor.idVendor) == MTS_VENDOR_ID) {
928 -+ switch (le16_to_cpu(dev->descriptor.idProduct)) {
929 - case MTS_CDMA_PRODUCT_ID:
930 - strcpy(buf, "mts_cdma.fw");
931 - break;
932 -diff --git a/drivers/usb/serial/usb_wwan.c b/drivers/usb/serial/usb_wwan.c
933 -index ece326e..db0cf53 100644
934 ---- a/drivers/usb/serial/usb_wwan.c
935 -+++ b/drivers/usb/serial/usb_wwan.c
936 -@@ -291,18 +291,18 @@ static void usb_wwan_indat_callback(struct urb *urb)
937 - tty_flip_buffer_push(&port->port);
938 - } else
939 - dev_dbg(dev, "%s: empty read urb received\n", __func__);
940 --
941 -- /* Resubmit urb so we continue receiving */
942 -- err = usb_submit_urb(urb, GFP_ATOMIC);
943 -- if (err) {
944 -- if (err != -EPERM) {
945 -- dev_err(dev, "%s: resubmit read urb failed. (%d)\n", __func__, err);
946 -- /* busy also in error unless we are killed */
947 -- usb_mark_last_busy(port->serial->dev);
948 -- }
949 -- } else {
950 -+ }
951 -+ /* Resubmit urb so we continue receiving */
952 -+ err = usb_submit_urb(urb, GFP_ATOMIC);
953 -+ if (err) {
954 -+ if (err != -EPERM) {
955 -+ dev_err(dev, "%s: resubmit read urb failed. (%d)\n",
956 -+ __func__, err);
957 -+ /* busy also in error unless we are killed */
958 - usb_mark_last_busy(port->serial->dev);
959 - }
960 -+ } else {
961 -+ usb_mark_last_busy(port->serial->dev);
962 - }
963 - }
964 -
965 -diff --git a/drivers/usb/wusbcore/wa-xfer.c b/drivers/usb/wusbcore/wa-xfer.c
966 -index 6ef94bc..028fc83 100644
967 ---- a/drivers/usb/wusbcore/wa-xfer.c
968 -+++ b/drivers/usb/wusbcore/wa-xfer.c
969 -@@ -1110,6 +1110,12 @@ int wa_urb_dequeue(struct wahc *wa, struct urb *urb)
970 - }
971 - spin_lock_irqsave(&xfer->lock, flags);
972 - rpipe = xfer->ep->hcpriv;
973 -+ if (rpipe == NULL) {
974 -+ pr_debug("%s: xfer id 0x%08X has no RPIPE. %s",
975 -+ __func__, wa_xfer_id(xfer),
976 -+ "Probably already aborted.\n" );
977 -+ goto out_unlock;
978 -+ }
979 - /* Check the delayed list -> if there, release and complete */
980 - spin_lock_irqsave(&wa->xfer_list_lock, flags2);
981 - if (!list_empty(&xfer->list_node) && xfer->seg == NULL)
982 -@@ -1493,8 +1499,7 @@ static void wa_xfer_result_cb(struct urb *urb)
983 - break;
984 - }
985 - usb_status = xfer_result->bTransferStatus & 0x3f;
986 -- if (usb_status == WA_XFER_STATUS_ABORTED
987 -- || usb_status == WA_XFER_STATUS_NOT_FOUND)
988 -+ if (usb_status == WA_XFER_STATUS_NOT_FOUND)
989 - /* taken care of already */
990 - break;
991 - xfer_id = xfer_result->dwTransferID;
992 -diff --git a/fs/exec.c b/fs/exec.c
993 -index ffd7a81..1f44670 100644
994 ---- a/fs/exec.c
995 -+++ b/fs/exec.c
996 -@@ -607,7 +607,7 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
997 - return -ENOMEM;
998 -
999 - lru_add_drain();
1000 -- tlb_gather_mmu(&tlb, mm, 0);
1001 -+ tlb_gather_mmu(&tlb, mm, old_start, old_end);
1002 - if (new_end > old_start) {
1003 - /*
1004 - * when the old and new regions overlap clear from new_end.
1005 -@@ -624,7 +624,7 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
1006 - free_pgd_range(&tlb, old_start, old_end, new_end,
1007 - vma->vm_next ? vma->vm_next->vm_start : USER_PGTABLES_CEILING);
1008 - }
1009 -- tlb_finish_mmu(&tlb, new_end, old_end);
1010 -+ tlb_finish_mmu(&tlb, old_start, old_end);
1011 -
1012 - /*
1013 - * Shrink the vma to just the new range. Always succeeds.
1014 -diff --git a/fs/ext4/ext4_jbd2.c b/fs/ext4/ext4_jbd2.c
1015 -index 451eb40..1c88061 100644
1016 ---- a/fs/ext4/ext4_jbd2.c
1017 -+++ b/fs/ext4/ext4_jbd2.c
1018 -@@ -219,10 +219,10 @@ int __ext4_handle_dirty_metadata(const char *where, unsigned int line,
1019 - set_buffer_prio(bh);
1020 - if (ext4_handle_valid(handle)) {
1021 - err = jbd2_journal_dirty_metadata(handle, bh);
1022 -- if (err) {
1023 -- /* Errors can only happen if there is a bug */
1024 -- handle->h_err = err;
1025 -- __ext4_journal_stop(where, line, handle);
1026 -+ /* Errors can only happen if there is a bug */
1027 -+ if (WARN_ON_ONCE(err)) {
1028 -+ ext4_journal_abort_handle(where, line, __func__, bh,
1029 -+ handle, err);
1030 - }
1031 - } else {
1032 - if (inode)
1033 -diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
1034 -index 3e636d8..65fc60a 100644
1035 ---- a/fs/proc/task_mmu.c
1036 -+++ b/fs/proc/task_mmu.c
1037 -@@ -792,14 +792,14 @@ typedef struct {
1038 - } pagemap_entry_t;
1039 -
1040 - struct pagemapread {
1041 -- int pos, len;
1042 -+ int pos, len; /* units: PM_ENTRY_BYTES, not bytes */
1043 - pagemap_entry_t *buffer;
1044 - };
1045 -
1046 - #define PAGEMAP_WALK_SIZE (PMD_SIZE)
1047 - #define PAGEMAP_WALK_MASK (PMD_MASK)
1048 -
1049 --#define PM_ENTRY_BYTES sizeof(u64)
1050 -+#define PM_ENTRY_BYTES sizeof(pagemap_entry_t)
1051 - #define PM_STATUS_BITS 3
1052 - #define PM_STATUS_OFFSET (64 - PM_STATUS_BITS)
1053 - #define PM_STATUS_MASK (((1LL << PM_STATUS_BITS) - 1) << PM_STATUS_OFFSET)
1054 -@@ -1038,8 +1038,8 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
1055 - if (!count)
1056 - goto out_task;
1057 -
1058 -- pm.len = PM_ENTRY_BYTES * (PAGEMAP_WALK_SIZE >> PAGE_SHIFT);
1059 -- pm.buffer = kmalloc(pm.len, GFP_TEMPORARY);
1060 -+ pm.len = (PAGEMAP_WALK_SIZE >> PAGE_SHIFT);
1061 -+ pm.buffer = kmalloc(pm.len * PM_ENTRY_BYTES, GFP_TEMPORARY);
1062 - ret = -ENOMEM;
1063 - if (!pm.buffer)
1064 - goto out_task;
1065 -diff --git a/include/asm-generic/tlb.h b/include/asm-generic/tlb.h
1066 -index 13821c3..5672d7e 100644
1067 ---- a/include/asm-generic/tlb.h
1068 -+++ b/include/asm-generic/tlb.h
1069 -@@ -112,7 +112,7 @@ struct mmu_gather {
1070 -
1071 - #define HAVE_GENERIC_MMU_GATHER
1072 -
1073 --void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, bool fullmm);
1074 -+void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end);
1075 - void tlb_flush_mmu(struct mmu_gather *tlb);
1076 - void tlb_finish_mmu(struct mmu_gather *tlb, unsigned long start,
1077 - unsigned long end);
1078 -diff --git a/include/linux/elevator.h b/include/linux/elevator.h
1079 -index acd0312..306dd8c 100644
1080 ---- a/include/linux/elevator.h
1081 -+++ b/include/linux/elevator.h
1082 -@@ -7,6 +7,7 @@
1083 - #ifdef CONFIG_BLOCK
1084 -
1085 - struct io_cq;
1086 -+struct elevator_type;
1087 -
1088 - typedef int (elevator_merge_fn) (struct request_queue *, struct request **,
1089 - struct bio *);
1090 -@@ -35,7 +36,8 @@ typedef void (elevator_put_req_fn) (struct request *);
1091 - typedef void (elevator_activate_req_fn) (struct request_queue *, struct request *);
1092 - typedef void (elevator_deactivate_req_fn) (struct request_queue *, struct request *);
1093 -
1094 --typedef int (elevator_init_fn) (struct request_queue *);
1095 -+typedef int (elevator_init_fn) (struct request_queue *,
1096 -+ struct elevator_type *e);
1097 - typedef void (elevator_exit_fn) (struct elevator_queue *);
1098 -
1099 - struct elevator_ops
1100 -@@ -155,6 +157,8 @@ extern int elevator_init(struct request_queue *, char *);
1101 - extern void elevator_exit(struct elevator_queue *);
1102 - extern int elevator_change(struct request_queue *, const char *);
1103 - extern bool elv_rq_merge_ok(struct request *, struct bio *);
1104 -+extern struct elevator_queue *elevator_alloc(struct request_queue *,
1105 -+ struct elevator_type *);
1106 -
1107 - /*
1108 - * Helper functions.
1109 -diff --git a/include/linux/sched.h b/include/linux/sched.h
1110 -index 178a8d9..3aeb14b 100644
1111 ---- a/include/linux/sched.h
1112 -+++ b/include/linux/sched.h
1113 -@@ -314,6 +314,7 @@ struct nsproxy;
1114 - struct user_namespace;
1115 -
1116 - #ifdef CONFIG_MMU
1117 -+extern unsigned long mmap_legacy_base(void);
1118 - extern void arch_pick_mmap_layout(struct mm_struct *mm);
1119 - extern unsigned long
1120 - arch_get_unmapped_area(struct file *, unsigned long, unsigned long,
1121 -diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
1122 -index 4147d70..84662ec 100644
1123 ---- a/include/linux/syscalls.h
1124 -+++ b/include/linux/syscalls.h
1125 -@@ -802,9 +802,14 @@ asmlinkage long sys_vfork(void);
1126 - asmlinkage long sys_clone(unsigned long, unsigned long, int __user *, int,
1127 - int __user *);
1128 - #else
1129 -+#ifdef CONFIG_CLONE_BACKWARDS3
1130 -+asmlinkage long sys_clone(unsigned long, unsigned long, int, int __user *,
1131 -+ int __user *, int);
1132 -+#else
1133 - asmlinkage long sys_clone(unsigned long, unsigned long, int __user *,
1134 - int __user *, int);
1135 - #endif
1136 -+#endif
1137 -
1138 - asmlinkage long sys_execve(const char __user *filename,
1139 - const char __user *const __user *argv,
1140 -diff --git a/kernel/cpuset.c b/kernel/cpuset.c
1141 -index 64b3f79..6948e94 100644
1142 ---- a/kernel/cpuset.c
1143 -+++ b/kernel/cpuset.c
1144 -@@ -1502,11 +1502,13 @@ static int cpuset_write_u64(struct cgroup *cgrp, struct cftype *cft, u64 val)
1145 - {
1146 - struct cpuset *cs = cgroup_cs(cgrp);
1147 - cpuset_filetype_t type = cft->private;
1148 -- int retval = -ENODEV;
1149 -+ int retval = 0;
1150 -
1151 - mutex_lock(&cpuset_mutex);
1152 -- if (!is_cpuset_online(cs))
1153 -+ if (!is_cpuset_online(cs)) {
1154 -+ retval = -ENODEV;
1155 - goto out_unlock;
1156 -+ }
1157 -
1158 - switch (type) {
1159 - case FILE_CPU_EXCLUSIVE:
1160 -diff --git a/kernel/fork.c b/kernel/fork.c
1161 -index 987b28a..ffbc090 100644
1162 ---- a/kernel/fork.c
1163 -+++ b/kernel/fork.c
1164 -@@ -1675,6 +1675,12 @@ SYSCALL_DEFINE5(clone, unsigned long, newsp, unsigned long, clone_flags,
1165 - int __user *, parent_tidptr,
1166 - int __user *, child_tidptr,
1167 - int, tls_val)
1168 -+#elif defined(CONFIG_CLONE_BACKWARDS3)
1169 -+SYSCALL_DEFINE6(clone, unsigned long, clone_flags, unsigned long, newsp,
1170 -+ int, stack_size,
1171 -+ int __user *, parent_tidptr,
1172 -+ int __user *, child_tidptr,
1173 -+ int, tls_val)
1174 - #else
1175 - SYSCALL_DEFINE5(clone, unsigned long, clone_flags, unsigned long, newsp,
1176 - int __user *, parent_tidptr,
1177 -diff --git a/kernel/power/qos.c b/kernel/power/qos.c
1178 -index 587ddde..25cf89b 100644
1179 ---- a/kernel/power/qos.c
1180 -+++ b/kernel/power/qos.c
1181 -@@ -293,6 +293,15 @@ int pm_qos_request_active(struct pm_qos_request *req)
1182 - }
1183 - EXPORT_SYMBOL_GPL(pm_qos_request_active);
1184 -
1185 -+static void __pm_qos_update_request(struct pm_qos_request *req,
1186 -+ s32 new_value)
1187 -+{
1188 -+ if (new_value != req->node.prio)
1189 -+ pm_qos_update_target(
1190 -+ pm_qos_array[req->pm_qos_class]->constraints,
1191 -+ &req->node, PM_QOS_UPDATE_REQ, new_value);
1192 -+}
1193 -+
1194 - /**
1195 - * pm_qos_work_fn - the timeout handler of pm_qos_update_request_timeout
1196 - * @work: work struct for the delayed work (timeout)
1197 -@@ -305,7 +314,7 @@ static void pm_qos_work_fn(struct work_struct *work)
1198 - struct pm_qos_request,
1199 - work);
1200 -
1201 -- pm_qos_update_request(req, PM_QOS_DEFAULT_VALUE);
1202 -+ __pm_qos_update_request(req, PM_QOS_DEFAULT_VALUE);
1203 - }
1204 -
1205 - /**
1206 -@@ -365,6 +374,8 @@ void pm_qos_update_request(struct pm_qos_request *req,
1207 - pm_qos_update_target(
1208 - pm_qos_array[req->pm_qos_class]->constraints,
1209 - &req->node, PM_QOS_UPDATE_REQ, new_value);
1210 -+
1211 -+ __pm_qos_update_request(req, new_value);
1212 - }
1213 - EXPORT_SYMBOL_GPL(pm_qos_update_request);
1214 -
1215 -diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
1216 -index c61a614..03b73be 100644
1217 ---- a/kernel/sched/fair.c
1218 -+++ b/kernel/sched/fair.c
1219 -@@ -1984,6 +1984,7 @@ entity_tick(struct cfs_rq *cfs_rq, struct sched_entity *curr, int queued)
1220 - */
1221 - update_entity_load_avg(curr, 1);
1222 - update_cfs_rq_blocked_load(cfs_rq, 1);
1223 -+ update_cfs_shares(cfs_rq);
1224 -
1225 - #ifdef CONFIG_SCHED_HRTICK
1226 - /*
1227 -diff --git a/mm/hugetlb.c b/mm/hugetlb.c
1228 -index 5cf99bf..7c5eb85 100644
1229 ---- a/mm/hugetlb.c
1230 -+++ b/mm/hugetlb.c
1231 -@@ -2490,7 +2490,7 @@ void unmap_hugepage_range(struct vm_area_struct *vma, unsigned long start,
1232 -
1233 - mm = vma->vm_mm;
1234 -
1235 -- tlb_gather_mmu(&tlb, mm, 0);
1236 -+ tlb_gather_mmu(&tlb, mm, start, end);
1237 - __unmap_hugepage_range(&tlb, vma, start, end, ref_page);
1238 - tlb_finish_mmu(&tlb, start, end);
1239 - }
1240 -diff --git a/mm/memcontrol.c b/mm/memcontrol.c
1241 -index 15b0409..82a187a 100644
1242 ---- a/mm/memcontrol.c
1243 -+++ b/mm/memcontrol.c
1244 -@@ -3186,11 +3186,11 @@ int memcg_register_cache(struct mem_cgroup *memcg, struct kmem_cache *s,
1245 - if (!s->memcg_params)
1246 - return -ENOMEM;
1247 -
1248 -- INIT_WORK(&s->memcg_params->destroy,
1249 -- kmem_cache_destroy_work_func);
1250 - if (memcg) {
1251 - s->memcg_params->memcg = memcg;
1252 - s->memcg_params->root_cache = root_cache;
1253 -+ INIT_WORK(&s->memcg_params->destroy,
1254 -+ kmem_cache_destroy_work_func);
1255 - } else
1256 - s->memcg_params->is_root_cache = true;
1257 -
1258 -diff --git a/mm/memory.c b/mm/memory.c
1259 -index 5e50800..5a35443 100644
1260 ---- a/mm/memory.c
1261 -+++ b/mm/memory.c
1262 -@@ -211,14 +211,15 @@ static int tlb_next_batch(struct mmu_gather *tlb)
1263 - * tear-down from @mm. The @fullmm argument is used when @mm is without
1264 - * users and we're going to destroy the full address space (exit/execve).
1265 - */
1266 --void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, bool fullmm)
1267 -+void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
1268 - {
1269 - tlb->mm = mm;
1270 -
1271 -- tlb->fullmm = fullmm;
1272 -+ /* Is it from 0 to ~0? */
1273 -+ tlb->fullmm = !(start | (end+1));
1274 - tlb->need_flush_all = 0;
1275 -- tlb->start = -1UL;
1276 -- tlb->end = 0;
1277 -+ tlb->start = start;
1278 -+ tlb->end = end;
1279 - tlb->need_flush = 0;
1280 - tlb->local.next = NULL;
1281 - tlb->local.nr = 0;
1282 -@@ -258,8 +259,6 @@ void tlb_finish_mmu(struct mmu_gather *tlb, unsigned long start, unsigned long e
1283 - {
1284 - struct mmu_gather_batch *batch, *next;
1285 -
1286 -- tlb->start = start;
1287 -- tlb->end = end;
1288 - tlb_flush_mmu(tlb);
1289 -
1290 - /* keep the page table cache within bounds */
1291 -@@ -1101,7 +1100,6 @@ static unsigned long zap_pte_range(struct mmu_gather *tlb,
1292 - spinlock_t *ptl;
1293 - pte_t *start_pte;
1294 - pte_t *pte;
1295 -- unsigned long range_start = addr;
1296 -
1297 - again:
1298 - init_rss_vec(rss);
1299 -@@ -1204,17 +1202,25 @@ again:
1300 - * and page-free while holding it.
1301 - */
1302 - if (force_flush) {
1303 -+ unsigned long old_end;
1304 -+
1305 - force_flush = 0;
1306 -
1307 --#ifdef HAVE_GENERIC_MMU_GATHER
1308 -- tlb->start = range_start;
1309 -+ /*
1310 -+ * Flush the TLB just for the previous segment,
1311 -+ * then update the range to be the remaining
1312 -+ * TLB range.
1313 -+ */
1314 -+ old_end = tlb->end;
1315 - tlb->end = addr;
1316 --#endif
1317 -+
1318 - tlb_flush_mmu(tlb);
1319 -- if (addr != end) {
1320 -- range_start = addr;
1321 -+
1322 -+ tlb->start = addr;
1323 -+ tlb->end = old_end;
1324 -+
1325 -+ if (addr != end)
1326 - goto again;
1327 -- }
1328 - }
1329 -
1330 - return addr;
1331 -@@ -1399,7 +1405,7 @@ void zap_page_range(struct vm_area_struct *vma, unsigned long start,
1332 - unsigned long end = start + size;
1333 -
1334 - lru_add_drain();
1335 -- tlb_gather_mmu(&tlb, mm, 0);
1336 -+ tlb_gather_mmu(&tlb, mm, start, end);
1337 - update_hiwater_rss(mm);
1338 - mmu_notifier_invalidate_range_start(mm, start, end);
1339 - for ( ; vma && vma->vm_start < end; vma = vma->vm_next)
1340 -@@ -1425,7 +1431,7 @@ static void zap_page_range_single(struct vm_area_struct *vma, unsigned long addr
1341 - unsigned long end = address + size;
1342 -
1343 - lru_add_drain();
1344 -- tlb_gather_mmu(&tlb, mm, 0);
1345 -+ tlb_gather_mmu(&tlb, mm, address, end);
1346 - update_hiwater_rss(mm);
1347 - mmu_notifier_invalidate_range_start(mm, address, end);
1348 - unmap_single_vma(&tlb, vma, address, end, details);
1349 -diff --git a/mm/mmap.c b/mm/mmap.c
1350 -index 7dbe397..8d25fdc 100644
1351 ---- a/mm/mmap.c
1352 -+++ b/mm/mmap.c
1353 -@@ -2356,7 +2356,7 @@ static void unmap_region(struct mm_struct *mm,
1354 - struct mmu_gather tlb;
1355 -
1356 - lru_add_drain();
1357 -- tlb_gather_mmu(&tlb, mm, 0);
1358 -+ tlb_gather_mmu(&tlb, mm, start, end);
1359 - update_hiwater_rss(mm);
1360 - unmap_vmas(&tlb, vma, start, end);
1361 - free_pgtables(&tlb, vma, prev ? prev->vm_end : FIRST_USER_ADDRESS,
1362 -@@ -2735,7 +2735,7 @@ void exit_mmap(struct mm_struct *mm)
1363 -
1364 - lru_add_drain();
1365 - flush_cache_mm(mm);
1366 -- tlb_gather_mmu(&tlb, mm, 1);
1367 -+ tlb_gather_mmu(&tlb, mm, 0, -1);
1368 - /* update_hiwater_rss(mm) here? but nobody should be looking */
1369 - /* Use -1 here to ensure all VMAs in the mm are unmapped */
1370 - unmap_vmas(&tlb, vma, 0, -1);
1371 -diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
1372 -index 741448b..55a42f9 100644
1373 ---- a/net/mac80211/mlme.c
1374 -+++ b/net/mac80211/mlme.c
1375 -@@ -237,8 +237,9 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
1376 - struct ieee80211_channel *channel,
1377 - const struct ieee80211_ht_operation *ht_oper,
1378 - const struct ieee80211_vht_operation *vht_oper,
1379 -- struct cfg80211_chan_def *chandef, bool verbose)
1380 -+ struct cfg80211_chan_def *chandef, bool tracking)
1381 - {
1382 -+ struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1383 - struct cfg80211_chan_def vht_chandef;
1384 - u32 ht_cfreq, ret;
1385 -
1386 -@@ -257,7 +258,7 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
1387 - ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
1388 - channel->band);
1389 - /* check that channel matches the right operating channel */
1390 -- if (channel->center_freq != ht_cfreq) {
1391 -+ if (!tracking && channel->center_freq != ht_cfreq) {
1392 - /*
1393 - * It's possible that some APs are confused here;
1394 - * Netgear WNDR3700 sometimes reports 4 higher than
1395 -@@ -265,11 +266,10 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
1396 - * since we look at probe response/beacon data here
1397 - * it should be OK.
1398 - */
1399 -- if (verbose)
1400 -- sdata_info(sdata,
1401 -- "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
1402 -- channel->center_freq, ht_cfreq,
1403 -- ht_oper->primary_chan, channel->band);
1404 -+ sdata_info(sdata,
1405 -+ "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
1406 -+ channel->center_freq, ht_cfreq,
1407 -+ ht_oper->primary_chan, channel->band);
1408 - ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
1409 - goto out;
1410 - }
1411 -@@ -323,7 +323,7 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
1412 - channel->band);
1413 - break;
1414 - default:
1415 -- if (verbose)
1416 -+ if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
1417 - sdata_info(sdata,
1418 - "AP VHT operation IE has invalid channel width (%d), disable VHT\n",
1419 - vht_oper->chan_width);
1420 -@@ -332,7 +332,7 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
1421 - }
1422 -
1423 - if (!cfg80211_chandef_valid(&vht_chandef)) {
1424 -- if (verbose)
1425 -+ if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
1426 - sdata_info(sdata,
1427 - "AP VHT information is invalid, disable VHT\n");
1428 - ret = IEEE80211_STA_DISABLE_VHT;
1429 -@@ -345,7 +345,7 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
1430 - }
1431 -
1432 - if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
1433 -- if (verbose)
1434 -+ if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
1435 - sdata_info(sdata,
1436 - "AP VHT information doesn't match HT, disable VHT\n");
1437 - ret = IEEE80211_STA_DISABLE_VHT;
1438 -@@ -361,18 +361,27 @@ out:
1439 - if (ret & IEEE80211_STA_DISABLE_VHT)
1440 - vht_chandef = *chandef;
1441 -
1442 -+ /*
1443 -+ * Ignore the DISABLED flag when we're already connected and only
1444 -+ * tracking the APs beacon for bandwidth changes - otherwise we
1445 -+ * might get disconnected here if we connect to an AP, update our
1446 -+ * regulatory information based on the AP's country IE and the
1447 -+ * information we have is wrong/outdated and disables the channel
1448 -+ * that we're actually using for the connection to the AP.
1449 -+ */
1450 - while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
1451 -- IEEE80211_CHAN_DISABLED)) {
1452 -+ tracking ? 0 :
1453 -+ IEEE80211_CHAN_DISABLED)) {
1454 - if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
1455 - ret = IEEE80211_STA_DISABLE_HT |
1456 - IEEE80211_STA_DISABLE_VHT;
1457 -- goto out;
1458 -+ break;
1459 - }
1460 -
1461 - ret |= chandef_downgrade(chandef);
1462 - }
1463 -
1464 -- if (chandef->width != vht_chandef.width && verbose)
1465 -+ if (chandef->width != vht_chandef.width && !tracking)
1466 - sdata_info(sdata,
1467 - "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
1468 -
1469 -@@ -412,7 +421,7 @@ static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata,
1470 -
1471 - /* calculate new channel (type) based on HT/VHT operation IEs */
1472 - flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper,
1473 -- vht_oper, &chandef, false);
1474 -+ vht_oper, &chandef, true);
1475 -
1476 - /*
1477 - * Downgrade the new channel if we associated with restricted
1478 -@@ -3906,7 +3915,7 @@ static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
1479 - ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
1480 - cbss->channel,
1481 - ht_oper, vht_oper,
1482 -- &chandef, true);
1483 -+ &chandef, false);
1484 -
1485 - sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
1486 - local->rx_chains);
1487 -diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
1488 -index 1076fe1..ba6e55d 100644
1489 ---- a/net/netlink/genetlink.c
1490 -+++ b/net/netlink/genetlink.c
1491 -@@ -789,6 +789,10 @@ static int ctrl_dumpfamily(struct sk_buff *skb, struct netlink_callback *cb)
1492 - struct net *net = sock_net(skb->sk);
1493 - int chains_to_skip = cb->args[0];
1494 - int fams_to_skip = cb->args[1];
1495 -+ bool need_locking = chains_to_skip || fams_to_skip;
1496 -+
1497 -+ if (need_locking)
1498 -+ genl_lock();
1499 -
1500 - for (i = chains_to_skip; i < GENL_FAM_TAB_SIZE; i++) {
1501 - n = 0;
1502 -@@ -810,6 +814,9 @@ errout:
1503 - cb->args[0] = i;
1504 - cb->args[1] = n;
1505 -
1506 -+ if (need_locking)
1507 -+ genl_unlock();
1508 -+
1509 - return skb->len;
1510 - }
1511 -
1512 -diff --git a/net/wireless/core.c b/net/wireless/core.c
1513 -index 73405e0..64fcbae 100644
1514 ---- a/net/wireless/core.c
1515 -+++ b/net/wireless/core.c
1516 -@@ -876,6 +876,7 @@ void cfg80211_leave(struct cfg80211_registered_device *rdev,
1517 - cfg80211_leave_mesh(rdev, dev);
1518 - break;
1519 - case NL80211_IFTYPE_AP:
1520 -+ case NL80211_IFTYPE_P2P_GO:
1521 - cfg80211_stop_ap(rdev, dev);
1522 - break;
1523 - default:
1524 -diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
1525 -index db8ead9..448c034 100644
1526 ---- a/net/wireless/nl80211.c
1527 -+++ b/net/wireless/nl80211.c
1528 -@@ -471,10 +471,12 @@ static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
1529 - goto out_unlock;
1530 - }
1531 - *rdev = wiphy_to_dev((*wdev)->wiphy);
1532 -- cb->args[0] = (*rdev)->wiphy_idx;
1533 -+ /* 0 is the first index - add 1 to parse only once */
1534 -+ cb->args[0] = (*rdev)->wiphy_idx + 1;
1535 - cb->args[1] = (*wdev)->identifier;
1536 - } else {
1537 -- struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0]);
1538 -+ /* subtract the 1 again here */
1539 -+ struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
1540 - struct wireless_dev *tmp;
1541 -
1542 - if (!wiphy) {
1543 -diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c
1544 -index 24400cf..ad22dec 100644
1545 ---- a/sound/pci/hda/hda_generic.c
1546 -+++ b/sound/pci/hda/hda_generic.c
1547 -@@ -519,7 +519,7 @@ static bool same_amp_caps(struct hda_codec *codec, hda_nid_t nid1,
1548 - }
1549 -
1550 - #define nid_has_mute(codec, nid, dir) \
1551 -- check_amp_caps(codec, nid, dir, AC_AMPCAP_MUTE)
1552 -+ check_amp_caps(codec, nid, dir, (AC_AMPCAP_MUTE | AC_AMPCAP_MIN_MUTE))
1553 - #define nid_has_volume(codec, nid, dir) \
1554 - check_amp_caps(codec, nid, dir, AC_AMPCAP_NUM_STEPS)
1555 -
1556 -@@ -621,7 +621,7 @@ static int get_amp_val_to_activate(struct hda_codec *codec, hda_nid_t nid,
1557 - if (enable)
1558 - val = (caps & AC_AMPCAP_OFFSET) >> AC_AMPCAP_OFFSET_SHIFT;
1559 - }
1560 -- if (caps & AC_AMPCAP_MUTE) {
1561 -+ if (caps & (AC_AMPCAP_MUTE | AC_AMPCAP_MIN_MUTE)) {
1562 - if (!enable)
1563 - val |= HDA_AMP_MUTE;
1564 - }
1565 -@@ -645,7 +645,7 @@ static unsigned int get_amp_mask_to_modify(struct hda_codec *codec,
1566 - {
1567 - unsigned int mask = 0xff;
1568 -
1569 -- if (caps & AC_AMPCAP_MUTE) {
1570 -+ if (caps & (AC_AMPCAP_MUTE | AC_AMPCAP_MIN_MUTE)) {
1571 - if (is_ctl_associated(codec, nid, dir, idx, NID_PATH_MUTE_CTL))
1572 - mask &= ~0x80;
1573 - }
1574 -diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
1575 -index 051c03d..57f9f2a 100644
1576 ---- a/sound/pci/hda/patch_realtek.c
1577 -+++ b/sound/pci/hda/patch_realtek.c
1578 -@@ -1027,6 +1027,7 @@ enum {
1579 - ALC880_FIXUP_GPIO2,
1580 - ALC880_FIXUP_MEDION_RIM,
1581 - ALC880_FIXUP_LG,
1582 -+ ALC880_FIXUP_LG_LW25,
1583 - ALC880_FIXUP_W810,
1584 - ALC880_FIXUP_EAPD_COEF,
1585 - ALC880_FIXUP_TCL_S700,
1586 -@@ -1085,6 +1086,14 @@ static const struct hda_fixup alc880_fixups[] = {
1587 - { }
1588 - }
1589 - },
1590 -+ [ALC880_FIXUP_LG_LW25] = {
1591 -+ .type = HDA_FIXUP_PINS,
1592 -+ .v.pins = (const struct hda_pintbl[]) {
1593 -+ { 0x1a, 0x0181344f }, /* line-in */
1594 -+ { 0x1b, 0x0321403f }, /* headphone */
1595 -+ { }
1596 -+ }
1597 -+ },
1598 - [ALC880_FIXUP_W810] = {
1599 - .type = HDA_FIXUP_PINS,
1600 - .v.pins = (const struct hda_pintbl[]) {
1601 -@@ -1337,6 +1346,7 @@ static const struct snd_pci_quirk alc880_fixup_tbl[] = {
1602 - SND_PCI_QUIRK(0x1854, 0x003b, "LG", ALC880_FIXUP_LG),
1603 - SND_PCI_QUIRK(0x1854, 0x005f, "LG P1 Express", ALC880_FIXUP_LG),
1604 - SND_PCI_QUIRK(0x1854, 0x0068, "LG w1", ALC880_FIXUP_LG),
1605 -+ SND_PCI_QUIRK(0x1854, 0x0077, "LG LW25", ALC880_FIXUP_LG_LW25),
1606 - SND_PCI_QUIRK(0x19db, 0x4188, "TCL S700", ALC880_FIXUP_TCL_S700),
1607 -
1608 - /* Below is the copied entries from alc880_quirks.c.
1609 -@@ -4200,6 +4210,7 @@ static const struct snd_pci_quirk alc662_fixup_tbl[] = {
1610 - SND_PCI_QUIRK(0x1025, 0x0308, "Acer Aspire 8942G", ALC662_FIXUP_ASPIRE),
1611 - SND_PCI_QUIRK(0x1025, 0x031c, "Gateway NV79", ALC662_FIXUP_SKU_IGNORE),
1612 - SND_PCI_QUIRK(0x1025, 0x0349, "eMachines eM250", ALC662_FIXUP_INV_DMIC),
1613 -+ SND_PCI_QUIRK(0x1025, 0x034a, "Gateway LT27", ALC662_FIXUP_INV_DMIC),
1614 - SND_PCI_QUIRK(0x1025, 0x038b, "Acer Aspire 8943G", ALC662_FIXUP_ASPIRE),
1615 - SND_PCI_QUIRK(0x1028, 0x05d8, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE),
1616 - SND_PCI_QUIRK(0x1028, 0x05db, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE),
1617 -diff --git a/sound/soc/codecs/cs42l52.c b/sound/soc/codecs/cs42l52.c
1618 -index 987f728..ee25f32 100644
1619 ---- a/sound/soc/codecs/cs42l52.c
1620 -+++ b/sound/soc/codecs/cs42l52.c
1621 -@@ -451,7 +451,7 @@ static const struct snd_kcontrol_new cs42l52_snd_controls[] = {
1622 - SOC_ENUM("Beep Pitch", beep_pitch_enum),
1623 - SOC_ENUM("Beep on Time", beep_ontime_enum),
1624 - SOC_ENUM("Beep off Time", beep_offtime_enum),
1625 -- SOC_SINGLE_TLV("Beep Volume", CS42L52_BEEP_VOL, 0, 0x1f, 0x07, hl_tlv),
1626 -+ SOC_SINGLE_SX_TLV("Beep Volume", CS42L52_BEEP_VOL, 0, 0x07, 0x1f, hl_tlv),
1627 - SOC_SINGLE("Beep Mixer Switch", CS42L52_BEEP_TONE_CTL, 5, 1, 1),
1628 - SOC_ENUM("Beep Treble Corner Freq", beep_treble_enum),
1629 - SOC_ENUM("Beep Bass Corner Freq", beep_bass_enum),
1630 -diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
1631 -index c7051c4..3606383 100644
1632 ---- a/sound/soc/soc-dapm.c
1633 -+++ b/sound/soc/soc-dapm.c
1634 -@@ -682,13 +682,14 @@ static int dapm_new_mux(struct snd_soc_dapm_widget *w)
1635 - return -EINVAL;
1636 - }
1637 -
1638 -- path = list_first_entry(&w->sources, struct snd_soc_dapm_path,
1639 -- list_sink);
1640 -- if (!path) {
1641 -+ if (list_empty(&w->sources)) {
1642 - dev_err(dapm->dev, "ASoC: mux %s has no paths\n", w->name);
1643 - return -EINVAL;
1644 - }
1645 -
1646 -+ path = list_first_entry(&w->sources, struct snd_soc_dapm_path,
1647 -+ list_sink);
1648 -+
1649 - ret = dapm_create_or_share_mixmux_kcontrol(w, 0, path);
1650 - if (ret < 0)
1651 - return ret;
1652 -diff --git a/sound/soc/tegra/tegra30_i2s.c b/sound/soc/tegra/tegra30_i2s.c
1653 -index 31d092d..a5432b1 100644
1654 ---- a/sound/soc/tegra/tegra30_i2s.c
1655 -+++ b/sound/soc/tegra/tegra30_i2s.c
1656 -@@ -228,7 +228,7 @@ static int tegra30_i2s_hw_params(struct snd_pcm_substream *substream,
1657 - reg = TEGRA30_I2S_CIF_RX_CTRL;
1658 - } else {
1659 - val |= TEGRA30_AUDIOCIF_CTRL_DIRECTION_TX;
1660 -- reg = TEGRA30_I2S_CIF_RX_CTRL;
1661 -+ reg = TEGRA30_I2S_CIF_TX_CTRL;
1662 - }
1663 -
1664 - regmap_write(i2s->regmap, reg, val);
1665 -diff --git a/sound/usb/6fire/midi.c b/sound/usb/6fire/midi.c
1666 -index 2672242..f3dd726 100644
1667 ---- a/sound/usb/6fire/midi.c
1668 -+++ b/sound/usb/6fire/midi.c
1669 -@@ -19,6 +19,10 @@
1670 - #include "chip.h"
1671 - #include "comm.h"
1672 -
1673 -+enum {
1674 -+ MIDI_BUFSIZE = 64
1675 -+};
1676 -+
1677 - static void usb6fire_midi_out_handler(struct urb *urb)
1678 - {
1679 - struct midi_runtime *rt = urb->context;
1680 -@@ -156,6 +160,12 @@ int usb6fire_midi_init(struct sfire_chip *chip)
1681 - if (!rt)
1682 - return -ENOMEM;
1683 -
1684 -+ rt->out_buffer = kzalloc(MIDI_BUFSIZE, GFP_KERNEL);
1685 -+ if (!rt->out_buffer) {
1686 -+ kfree(rt);
1687 -+ return -ENOMEM;
1688 -+ }
1689 -+
1690 - rt->chip = chip;
1691 - rt->in_received = usb6fire_midi_in_received;
1692 - rt->out_buffer[0] = 0x80; /* 'send midi' command */
1693 -@@ -169,6 +179,7 @@ int usb6fire_midi_init(struct sfire_chip *chip)
1694 -
1695 - ret = snd_rawmidi_new(chip->card, "6FireUSB", 0, 1, 1, &rt->instance);
1696 - if (ret < 0) {
1697 -+ kfree(rt->out_buffer);
1698 - kfree(rt);
1699 - snd_printk(KERN_ERR PREFIX "unable to create midi.\n");
1700 - return ret;
1701 -@@ -197,6 +208,9 @@ void usb6fire_midi_abort(struct sfire_chip *chip)
1702 -
1703 - void usb6fire_midi_destroy(struct sfire_chip *chip)
1704 - {
1705 -- kfree(chip->midi);
1706 -+ struct midi_runtime *rt = chip->midi;
1707 -+
1708 -+ kfree(rt->out_buffer);
1709 -+ kfree(rt);
1710 - chip->midi = NULL;
1711 - }
1712 -diff --git a/sound/usb/6fire/midi.h b/sound/usb/6fire/midi.h
1713 -index c321006..84851b9 100644
1714 ---- a/sound/usb/6fire/midi.h
1715 -+++ b/sound/usb/6fire/midi.h
1716 -@@ -16,10 +16,6 @@
1717 -
1718 - #include "common.h"
1719 -
1720 --enum {
1721 -- MIDI_BUFSIZE = 64
1722 --};
1723 --
1724 - struct midi_runtime {
1725 - struct sfire_chip *chip;
1726 - struct snd_rawmidi *instance;
1727 -@@ -32,7 +28,7 @@ struct midi_runtime {
1728 - struct snd_rawmidi_substream *out;
1729 - struct urb out_urb;
1730 - u8 out_serial; /* serial number of out packet */
1731 -- u8 out_buffer[MIDI_BUFSIZE];
1732 -+ u8 *out_buffer;
1733 - int buffer_offset;
1734 -
1735 - void (*in_received)(struct midi_runtime *rt, u8 *data, int length);
1736 -diff --git a/sound/usb/6fire/pcm.c b/sound/usb/6fire/pcm.c
1737 -index 074aaf7..25f9e61 100644
1738 ---- a/sound/usb/6fire/pcm.c
1739 -+++ b/sound/usb/6fire/pcm.c
1740 -@@ -580,6 +580,33 @@ static void usb6fire_pcm_init_urb(struct pcm_urb *urb,
1741 - urb->instance.number_of_packets = PCM_N_PACKETS_PER_URB;
1742 - }
1743 -
1744 -+static int usb6fire_pcm_buffers_init(struct pcm_runtime *rt)
1745 -+{
1746 -+ int i;
1747 -+
1748 -+ for (i = 0; i < PCM_N_URBS; i++) {
1749 -+ rt->out_urbs[i].buffer = kzalloc(PCM_N_PACKETS_PER_URB
1750 -+ * PCM_MAX_PACKET_SIZE, GFP_KERNEL);
1751 -+ if (!rt->out_urbs[i].buffer)
1752 -+ return -ENOMEM;
1753 -+ rt->in_urbs[i].buffer = kzalloc(PCM_N_PACKETS_PER_URB
1754 -+ * PCM_MAX_PACKET_SIZE, GFP_KERNEL);
1755 -+ if (!rt->in_urbs[i].buffer)
1756 -+ return -ENOMEM;
1757 -+ }
1758 -+ return 0;
1759 -+}
1760 -+
1761 -+static void usb6fire_pcm_buffers_destroy(struct pcm_runtime *rt)
1762 -+{
1763 -+ int i;
1764 -+
1765 -+ for (i = 0; i < PCM_N_URBS; i++) {
1766 -+ kfree(rt->out_urbs[i].buffer);
1767 -+ kfree(rt->in_urbs[i].buffer);
1768 -+ }
1769 -+}
1770 -+
1771 - int usb6fire_pcm_init(struct sfire_chip *chip)
1772 - {
1773 - int i;
1774 -@@ -591,6 +618,13 @@ int usb6fire_pcm_init(struct sfire_chip *chip)
1775 - if (!rt)
1776 - return -ENOMEM;
1777 -
1778 -+ ret = usb6fire_pcm_buffers_init(rt);
1779 -+ if (ret) {
1780 -+ usb6fire_pcm_buffers_destroy(rt);
1781 -+ kfree(rt);
1782 -+ return ret;
1783 -+ }
1784 -+
1785 - rt->chip = chip;
1786 - rt->stream_state = STREAM_DISABLED;
1787 - rt->rate = ARRAY_SIZE(rates);
1788 -@@ -612,6 +646,7 @@ int usb6fire_pcm_init(struct sfire_chip *chip)
1789 -
1790 - ret = snd_pcm_new(chip->card, "DMX6FireUSB", 0, 1, 1, &pcm);
1791 - if (ret < 0) {
1792 -+ usb6fire_pcm_buffers_destroy(rt);
1793 - kfree(rt);
1794 - snd_printk(KERN_ERR PREFIX "cannot create pcm instance.\n");
1795 - return ret;
1796 -@@ -627,6 +662,7 @@ int usb6fire_pcm_init(struct sfire_chip *chip)
1797 - snd_dma_continuous_data(GFP_KERNEL),
1798 - MAX_BUFSIZE, MAX_BUFSIZE);
1799 - if (ret) {
1800 -+ usb6fire_pcm_buffers_destroy(rt);
1801 - kfree(rt);
1802 - snd_printk(KERN_ERR PREFIX
1803 - "error preallocating pcm buffers.\n");
1804 -@@ -671,6 +707,9 @@ void usb6fire_pcm_abort(struct sfire_chip *chip)
1805 -
1806 - void usb6fire_pcm_destroy(struct sfire_chip *chip)
1807 - {
1808 -- kfree(chip->pcm);
1809 -+ struct pcm_runtime *rt = chip->pcm;
1810 -+
1811 -+ usb6fire_pcm_buffers_destroy(rt);
1812 -+ kfree(rt);
1813 - chip->pcm = NULL;
1814 - }
1815 -diff --git a/sound/usb/6fire/pcm.h b/sound/usb/6fire/pcm.h
1816 -index 9b01133..f5779d6 100644
1817 ---- a/sound/usb/6fire/pcm.h
1818 -+++ b/sound/usb/6fire/pcm.h
1819 -@@ -32,7 +32,7 @@ struct pcm_urb {
1820 - struct urb instance;
1821 - struct usb_iso_packet_descriptor packets[PCM_N_PACKETS_PER_URB];
1822 - /* END DO NOT SEPARATE */
1823 -- u8 buffer[PCM_N_PACKETS_PER_URB * PCM_MAX_PACKET_SIZE];
1824 -+ u8 *buffer;
1825 -
1826 - struct pcm_urb *peer;
1827 - };
1828 -diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c
1829 -index d543808..95558ef 100644
1830 ---- a/sound/usb/mixer.c
1831 -+++ b/sound/usb/mixer.c
1832 -@@ -888,6 +888,7 @@ static void volume_control_quirks(struct usb_mixer_elem_info *cval,
1833 - case USB_ID(0x046d, 0x081b): /* HD Webcam c310 */
1834 - case USB_ID(0x046d, 0x081d): /* HD Webcam c510 */
1835 - case USB_ID(0x046d, 0x0825): /* HD Webcam c270 */
1836 -+ case USB_ID(0x046d, 0x0826): /* HD Webcam c525 */
1837 - case USB_ID(0x046d, 0x0991):
1838 - /* Most audio usb devices lie about volume resolution.
1839 - * Most Logitech webcams have res = 384.
1840
1841 diff --git a/3.10.9/1008_linux-3.10.9.patch b/3.10.9/1008_linux-3.10.9.patch
1842 deleted file mode 100644
1843 index e91b33a..0000000
1844 --- a/3.10.9/1008_linux-3.10.9.patch
1845 +++ /dev/null
1846 @@ -1,37 +0,0 @@
1847 -diff --git a/Makefile b/Makefile
1848 -index 1a21612..4b31d62 100644
1849 ---- a/Makefile
1850 -+++ b/Makefile
1851 -@@ -1,6 +1,6 @@
1852 - VERSION = 3
1853 - PATCHLEVEL = 10
1854 --SUBLEVEL = 8
1855 -+SUBLEVEL = 9
1856 - EXTRAVERSION =
1857 - NAME = TOSSUG Baby Fish
1858 -
1859 -diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
1860 -index ba6e55d..1076fe1 100644
1861 ---- a/net/netlink/genetlink.c
1862 -+++ b/net/netlink/genetlink.c
1863 -@@ -789,10 +789,6 @@ static int ctrl_dumpfamily(struct sk_buff *skb, struct netlink_callback *cb)
1864 - struct net *net = sock_net(skb->sk);
1865 - int chains_to_skip = cb->args[0];
1866 - int fams_to_skip = cb->args[1];
1867 -- bool need_locking = chains_to_skip || fams_to_skip;
1868 --
1869 -- if (need_locking)
1870 -- genl_lock();
1871 -
1872 - for (i = chains_to_skip; i < GENL_FAM_TAB_SIZE; i++) {
1873 - n = 0;
1874 -@@ -814,9 +810,6 @@ errout:
1875 - cb->args[0] = i;
1876 - cb->args[1] = n;
1877 -
1878 -- if (need_locking)
1879 -- genl_unlock();
1880 --
1881 - return skb->len;
1882 - }
1883 -
1884
1885 diff --git a/3.10.9/4420_grsecurity-2.9.1-3.10.9-201308202015.patch b/3.10.9/4420_grsecurity-2.9.1-3.10.9-201308282054.patch
1886 similarity index 98%
1887 rename from 3.10.9/4420_grsecurity-2.9.1-3.10.9-201308202015.patch
1888 rename to 3.10.9/4420_grsecurity-2.9.1-3.10.9-201308282054.patch
1889 index 24d81a0..ed67d72 100644
1890 --- a/3.10.9/4420_grsecurity-2.9.1-3.10.9-201308202015.patch
1891 +++ b/3.10.9/4420_grsecurity-2.9.1-3.10.9-201308282054.patch
1892 @@ -1968,7 +1968,7 @@ index 86b8fe3..e25f975 100644
1893 #define L_PTE_DIRTY_HIGH (1 << (55 - 32))
1894
1895 diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h
1896 -index 9bcd262..fba731c 100644
1897 +index 9bcd262..1ff999b 100644
1898 --- a/arch/arm/include/asm/pgtable.h
1899 +++ b/arch/arm/include/asm/pgtable.h
1900 @@ -30,6 +30,9 @@
1901 @@ -1991,20 +1991,18 @@ index 9bcd262..fba731c 100644
1902 extern void __pte_error(const char *file, int line, pte_t);
1903 extern void __pmd_error(const char *file, int line, pmd_t);
1904 extern void __pgd_error(const char *file, int line, pgd_t);
1905 -@@ -53,6 +59,50 @@ extern void __pgd_error(const char *file, int line, pgd_t);
1906 +@@ -53,6 +59,48 @@ extern void __pgd_error(const char *file, int line, pgd_t);
1907 #define pmd_ERROR(pmd) __pmd_error(__FILE__, __LINE__, pmd)
1908 #define pgd_ERROR(pgd) __pgd_error(__FILE__, __LINE__, pgd)
1909
1910 +#define __HAVE_ARCH_PAX_OPEN_KERNEL
1911 +#define __HAVE_ARCH_PAX_CLOSE_KERNEL
1912 +
1913 -+#ifdef CONFIG_PAX_KERNEXEC
1914 ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
1915 +#include <asm/domain.h>
1916 +#include <linux/thread_info.h>
1917 +#include <linux/preempt.h>
1918 -+#endif
1919 +
1920 -+#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
1921 +static inline int test_domain(int domain, int domaintype)
1922 +{
1923 + return ((current_thread_info()->cpu_domain) & domain_val(domain, 3)) == domain_val(domain, domaintype);
1924 @@ -2042,7 +2040,7 @@ index 9bcd262..fba731c 100644
1925 /*
1926 * This is the lowest virtual address we can permit any user space
1927 * mapping to be mapped at. This is particularly important for
1928 -@@ -72,8 +122,8 @@ extern void __pgd_error(const char *file, int line, pgd_t);
1929 +@@ -72,8 +120,8 @@ extern void __pgd_error(const char *file, int line, pgd_t);
1930 /*
1931 * The pgprot_* and protection_map entries will be fixed up in runtime
1932 * to include the cachable and bufferable bits based on memory policy,
1933 @@ -2053,7 +2051,7 @@ index 9bcd262..fba731c 100644
1934 */
1935 #define _L_PTE_DEFAULT L_PTE_PRESENT | L_PTE_YOUNG
1936
1937 -@@ -257,7 +307,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; }
1938 +@@ -257,7 +305,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; }
1939 static inline pte_t pte_modify(pte_t pte, pgprot_t newprot)
1940 {
1941 const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER |
1942 @@ -3737,7 +3735,7 @@ index 6f4585b..7b6f52b 100644
1943 goto fault; \
1944 } while (0)
1945 diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
1946 -index 5dbf13f..ee1ec24 100644
1947 +index 5dbf13f..a2d1876 100644
1948 --- a/arch/arm/mm/fault.c
1949 +++ b/arch/arm/mm/fault.c
1950 @@ -25,6 +25,7 @@
1951 @@ -3840,7 +3838,7 @@ index 5dbf13f..ee1ec24 100644
1952 printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n",
1953 inf->name, fsr, addr);
1954
1955 -@@ -569,15 +631,67 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *
1956 +@@ -569,15 +631,68 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *
1957 ifsr_info[nr].name = name;
1958 }
1959
1960 @@ -3852,18 +3850,19 @@ index 5dbf13f..ee1ec24 100644
1961 {
1962 const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr);
1963 struct siginfo info;
1964 -
1965 ++ unsigned long pc = instruction_pointer(regs);
1966 ++
1967 + if (user_mode(regs)) {
1968 + unsigned long sigpage = current->mm->context.sigpage;
1969 +
1970 -+ if (sigpage <= addr && addr < sigpage + 7*4) {
1971 -+ if (addr < sigpage + 3*4)
1972 ++ if (sigpage <= pc && pc < sigpage + 7*4) {
1973 ++ if (pc < sigpage + 3*4)
1974 + sys_sigreturn(regs);
1975 + else
1976 + sys_rt_sigreturn(regs);
1977 + return;
1978 + }
1979 -+ if (addr == 0xffff0fe0UL) {
1980 ++ if (pc == 0xffff0fe0UL) {
1981 + /*
1982 + * PaX: __kuser_get_tls emulation
1983 + */
1984 @@ -3878,11 +3877,11 @@ index 5dbf13f..ee1ec24 100644
1985 + if (current->signal->curr_ip)
1986 + printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", &current->signal->curr_ip, current->comm, task_pid_nr(current),
1987 + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()),
1988 -+ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr);
1989 ++ pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc);
1990 + else
1991 + printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current),
1992 + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()),
1993 -+ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr);
1994 ++ pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc);
1995 + goto die;
1996 + }
1997 +#endif
1998 @@ -3891,7 +3890,7 @@ index 5dbf13f..ee1ec24 100644
1999 + if (fsr_fs(ifsr) == FAULT_CODE_DEBUG) {
2000 + unsigned int bkpt;
2001 +
2002 -+ if (!probe_kernel_address((unsigned int *)addr, bkpt) && bkpt == 0xe12f1073) {
2003 ++ if (!probe_kernel_address((unsigned int *)pc, bkpt) && cpu_to_le32(bkpt) == 0xe12f1073) {
2004 + current->thread.error_code = ifsr;
2005 + current->thread.trap_no = 0;
2006 + pax_report_refcount_overflow(regs);
2007 @@ -3900,7 +3899,7 @@ index 5dbf13f..ee1ec24 100644
2008 + }
2009 + }
2010 +#endif
2011 -+
2012 +
2013 if (!inf->fn(addr, ifsr | FSR_LNX_PF, regs))
2014 return;
2015
2016 @@ -5347,10 +5346,10 @@ index 4efe96a..60e8699 100644
2017 #define SMP_CACHE_BYTES L1_CACHE_BYTES
2018
2019 diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h
2020 -index 08b6079..eb272cf 100644
2021 +index 08b6079..e94e6da 100644
2022 --- a/arch/mips/include/asm/atomic.h
2023 +++ b/arch/mips/include/asm/atomic.h
2024 -@@ -21,6 +21,10 @@
2025 +@@ -21,15 +21,39 @@
2026 #include <asm/cmpxchg.h>
2027 #include <asm/war.h>
2028
2029 @@ -5360,24 +5359,887 @@ index 08b6079..eb272cf 100644
2030 +
2031 #define ATOMIC_INIT(i) { (i) }
2032
2033 ++#ifdef CONFIG_64BIT
2034 ++#define _ASM_EXTABLE(from, to) \
2035 ++" .section __ex_table,\"a\"\n" \
2036 ++" .dword " #from ", " #to"\n" \
2037 ++" .previous\n"
2038 ++#else
2039 ++#define _ASM_EXTABLE(from, to) \
2040 ++" .section __ex_table,\"a\"\n" \
2041 ++" .word " #from ", " #to"\n" \
2042 ++" .previous\n"
2043 ++#endif
2044 ++
2045 /*
2046 -@@ -759,6 +763,16 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u)
2047 + * atomic_read - read atomic variable
2048 + * @v: pointer of type atomic_t
2049 + *
2050 + * Atomically reads the value of @v.
2051 */
2052 - #define atomic64_add_negative(i, v) (atomic64_add_return(i, (v)) < 0)
2053 +-#define atomic_read(v) (*(volatile int *)&(v)->counter)
2054 ++static inline int atomic_read(const atomic_t *v)
2055 ++{
2056 ++ return (*(volatile const int *) &v->counter);
2057 ++}
2058 ++
2059 ++static inline int atomic_read_unchecked(const atomic_unchecked_t *v)
2060 ++{
2061 ++ return (*(volatile const int *) &v->counter);
2062 ++}
2063
2064 -+#define atomic64_read_unchecked(v) atomic64_read(v)
2065 -+#define atomic64_set_unchecked(v, i) atomic64_set((v), (i))
2066 -+#define atomic64_add_unchecked(a, v) atomic64_add((a), (v))
2067 -+#define atomic64_add_return_unchecked(a, v) atomic64_add_return((a), (v))
2068 -+#define atomic64_sub_unchecked(a, v) atomic64_sub((a), (v))
2069 -+#define atomic64_inc_unchecked(v) atomic64_inc(v)
2070 -+#define atomic64_inc_return_unchecked(v) atomic64_inc_return(v)
2071 -+#define atomic64_dec_unchecked(v) atomic64_dec(v)
2072 -+#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n))
2073 + /*
2074 + * atomic_set - set atomic variable
2075 +@@ -38,7 +62,15 @@
2076 + *
2077 + * Atomically sets the value of @v to @i.
2078 + */
2079 +-#define atomic_set(v, i) ((v)->counter = (i))
2080 ++static inline void atomic_set(atomic_t *v, int i)
2081 ++{
2082 ++ v->counter = i;
2083 ++}
2084 +
2085 - #endif /* CONFIG_64BIT */
2086 ++static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i)
2087 ++{
2088 ++ v->counter = i;
2089 ++}
2090 +
2091 + /*
2092 + * atomic_add - add integer to atomic variable
2093 +@@ -47,7 +79,67 @@
2094 + *
2095 + * Atomically adds @i to @v.
2096 + */
2097 +-static __inline__ void atomic_add(int i, atomic_t * v)
2098 ++static __inline__ void atomic_add(int i, atomic_t *v)
2099 ++{
2100 ++ int temp;
2101 ++
2102 ++ if (kernel_uses_llsc && R10000_LLSC_WAR) {
2103 ++ __asm__ __volatile__(
2104 ++ " .set mips3 \n"
2105 ++ "1: ll %0, %1 # atomic_add \n"
2106 ++#ifdef CONFIG_PAX_REFCOUNT
2107 ++ /* Exception on overflow. */
2108 ++ "2: add %0, %2 \n"
2109 ++#else
2110 ++ " addu %0, %2 \n"
2111 ++#endif
2112 ++ " sc %0, %1 \n"
2113 ++ " beqzl %0, 1b \n"
2114 ++#ifdef CONFIG_PAX_REFCOUNT
2115 ++ "3: \n"
2116 ++ _ASM_EXTABLE(2b, 3b)
2117 ++#endif
2118 ++ " .set mips0 \n"
2119 ++ : "=&r" (temp), "+m" (v->counter)
2120 ++ : "Ir" (i));
2121 ++ } else if (kernel_uses_llsc) {
2122 ++ __asm__ __volatile__(
2123 ++ " .set mips3 \n"
2124 ++ "1: ll %0, %1 # atomic_add \n"
2125 ++#ifdef CONFIG_PAX_REFCOUNT
2126 ++ /* Exception on overflow. */
2127 ++ "2: add %0, %2 \n"
2128 ++#else
2129 ++ " addu %0, %2 \n"
2130 ++#endif
2131 ++ " sc %0, %1 \n"
2132 ++ " beqz %0, 1b \n"
2133 ++#ifdef CONFIG_PAX_REFCOUNT
2134 ++ "3: \n"
2135 ++ _ASM_EXTABLE(2b, 3b)
2136 ++#endif
2137 ++ " .set mips0 \n"
2138 ++ : "=&r" (temp), "+m" (v->counter)
2139 ++ : "Ir" (i));
2140 ++ } else {
2141 ++ unsigned long flags;
2142 ++
2143 ++ raw_local_irq_save(flags);
2144 ++ __asm__ __volatile__(
2145 ++#ifdef CONFIG_PAX_REFCOUNT
2146 ++ /* Exception on overflow. */
2147 ++ "1: add %0, %1 \n"
2148 ++ "2: \n"
2149 ++ _ASM_EXTABLE(1b, 2b)
2150 ++#else
2151 ++ " addu %0, %1 \n"
2152 ++#endif
2153 ++ : "+r" (v->counter) : "Ir" (i));
2154 ++ raw_local_irq_restore(flags);
2155 ++ }
2156 ++}
2157 ++
2158 ++static __inline__ void atomic_add_unchecked(int i, atomic_unchecked_t *v)
2159 + {
2160 + if (kernel_uses_llsc && R10000_LLSC_WAR) {
2161 + int temp;
2162 +@@ -90,7 +182,67 @@ static __inline__ void atomic_add(int i, atomic_t * v)
2163 + *
2164 + * Atomically subtracts @i from @v.
2165 + */
2166 +-static __inline__ void atomic_sub(int i, atomic_t * v)
2167 ++static __inline__ void atomic_sub(int i, atomic_t *v)
2168 ++{
2169 ++ int temp;
2170 ++
2171 ++ if (kernel_uses_llsc && R10000_LLSC_WAR) {
2172 ++ __asm__ __volatile__(
2173 ++ " .set mips3 \n"
2174 ++ "1: ll %0, %1 # atomic64_sub \n"
2175 ++#ifdef CONFIG_PAX_REFCOUNT
2176 ++ /* Exception on overflow. */
2177 ++ "2: sub %0, %2 \n"
2178 ++#else
2179 ++ " subu %0, %2 \n"
2180 ++#endif
2181 ++ " sc %0, %1 \n"
2182 ++ " beqzl %0, 1b \n"
2183 ++#ifdef CONFIG_PAX_REFCOUNT
2184 ++ "3: \n"
2185 ++ _ASM_EXTABLE(2b, 3b)
2186 ++#endif
2187 ++ " .set mips0 \n"
2188 ++ : "=&r" (temp), "+m" (v->counter)
2189 ++ : "Ir" (i));
2190 ++ } else if (kernel_uses_llsc) {
2191 ++ __asm__ __volatile__(
2192 ++ " .set mips3 \n"
2193 ++ "1: ll %0, %1 # atomic64_sub \n"
2194 ++#ifdef CONFIG_PAX_REFCOUNT
2195 ++ /* Exception on overflow. */
2196 ++ "2: sub %0, %2 \n"
2197 ++#else
2198 ++ " subu %0, %2 \n"
2199 ++#endif
2200 ++ " sc %0, %1 \n"
2201 ++ " beqz %0, 1b \n"
2202 ++#ifdef CONFIG_PAX_REFCOUNT
2203 ++ "3: \n"
2204 ++ _ASM_EXTABLE(2b, 3b)
2205 ++#endif
2206 ++ " .set mips0 \n"
2207 ++ : "=&r" (temp), "+m" (v->counter)
2208 ++ : "Ir" (i));
2209 ++ } else {
2210 ++ unsigned long flags;
2211 ++
2212 ++ raw_local_irq_save(flags);
2213 ++ __asm__ __volatile__(
2214 ++#ifdef CONFIG_PAX_REFCOUNT
2215 ++ /* Exception on overflow. */
2216 ++ "1: sub %0, %1 \n"
2217 ++ "2: \n"
2218 ++ _ASM_EXTABLE(1b, 2b)
2219 ++#else
2220 ++ " subu %0, %1 \n"
2221 ++#endif
2222 ++ : "+r" (v->counter) : "Ir" (i));
2223 ++ raw_local_irq_restore(flags);
2224 ++ }
2225 ++}
2226 ++
2227 ++static __inline__ void atomic_sub_unchecked(long i, atomic_unchecked_t *v)
2228 + {
2229 + if (kernel_uses_llsc && R10000_LLSC_WAR) {
2230 + int temp;
2231 +@@ -129,7 +281,93 @@ static __inline__ void atomic_sub(int i, atomic_t * v)
2232 + /*
2233 + * Same as above, but return the result value
2234 + */
2235 +-static __inline__ int atomic_add_return(int i, atomic_t * v)
2236 ++static __inline__ int atomic_add_return(int i, atomic_t *v)
2237 ++{
2238 ++ int result;
2239 ++ int temp;
2240 ++
2241 ++ smp_mb__before_llsc();
2242 ++
2243 ++ if (kernel_uses_llsc && R10000_LLSC_WAR) {
2244 ++ __asm__ __volatile__(
2245 ++ " .set mips3 \n"
2246 ++ "1: ll %1, %2 # atomic_add_return \n"
2247 ++#ifdef CONFIG_PAX_REFCOUNT
2248 ++ "2: add %0, %1, %3 \n"
2249 ++#else
2250 ++ " addu %0, %1, %3 \n"
2251 ++#endif
2252 ++ " sc %0, %2 \n"
2253 ++ " beqzl %0, 1b \n"
2254 ++#ifdef CONFIG_PAX_REFCOUNT
2255 ++ " b 4f \n"
2256 ++ " .set noreorder \n"
2257 ++ "3: b 5f \n"
2258 ++ " move %0, %1 \n"
2259 ++ " .set reorder \n"
2260 ++ _ASM_EXTABLE(2b, 3b)
2261 ++#endif
2262 ++ "4: addu %0, %1, %3 \n"
2263 ++#ifdef CONFIG_PAX_REFCOUNT
2264 ++ "5: \n"
2265 ++#endif
2266 ++ " .set mips0 \n"
2267 ++ : "=&r" (result), "=&r" (temp), "+m" (v->counter)
2268 ++ : "Ir" (i));
2269 ++ } else if (kernel_uses_llsc) {
2270 ++ __asm__ __volatile__(
2271 ++ " .set mips3 \n"
2272 ++ "1: ll %1, %2 # atomic_add_return \n"
2273 ++#ifdef CONFIG_PAX_REFCOUNT
2274 ++ "2: add %0, %1, %3 \n"
2275 ++#else
2276 ++ " addu %0, %1, %3 \n"
2277 ++#endif
2278 ++ " sc %0, %2 \n"
2279 ++ " bnez %0, 4f \n"
2280 ++ " b 1b \n"
2281 ++#ifdef CONFIG_PAX_REFCOUNT
2282 ++ " .set noreorder \n"
2283 ++ "3: b 5f \n"
2284 ++ " move %0, %1 \n"
2285 ++ " .set reorder \n"
2286 ++ _ASM_EXTABLE(2b, 3b)
2287 ++#endif
2288 ++ "4: addu %0, %1, %3 \n"
2289 ++#ifdef CONFIG_PAX_REFCOUNT
2290 ++ "5: \n"
2291 ++#endif
2292 ++ " .set mips0 \n"
2293 ++ : "=&r" (result), "=&r" (temp), "+m" (v->counter)
2294 ++ : "Ir" (i));
2295 ++ } else {
2296 ++ unsigned long flags;
2297 ++
2298 ++ raw_local_irq_save(flags);
2299 ++ __asm__ __volatile__(
2300 ++ " lw %0, %1 \n"
2301 ++#ifdef CONFIG_PAX_REFCOUNT
2302 ++ /* Exception on overflow. */
2303 ++ "1: add %0, %2 \n"
2304 ++#else
2305 ++ " addu %0, %2 \n"
2306 ++#endif
2307 ++ " sw %0, %1 \n"
2308 ++#ifdef CONFIG_PAX_REFCOUNT
2309 ++ /* Note: Dest reg is not modified on overflow */
2310 ++ "2: \n"
2311 ++ _ASM_EXTABLE(1b, 2b)
2312 ++#endif
2313 ++ : "=&r" (result), "+m" (v->counter) : "Ir" (i));
2314 ++ raw_local_irq_restore(flags);
2315 ++ }
2316 ++
2317 ++ smp_llsc_mb();
2318 ++
2319 ++ return result;
2320 ++}
2321 ++
2322 ++static __inline__ int atomic_add_return_unchecked(int i, atomic_unchecked_t *v)
2323 + {
2324 + int result;
2325 +
2326 +@@ -178,7 +416,93 @@ static __inline__ int atomic_add_return(int i, atomic_t * v)
2327 + return result;
2328 + }
2329 +
2330 +-static __inline__ int atomic_sub_return(int i, atomic_t * v)
2331 ++static __inline__ int atomic_sub_return(int i, atomic_t *v)
2332 ++{
2333 ++ int result;
2334 ++ int temp;
2335 ++
2336 ++ smp_mb__before_llsc();
2337 ++
2338 ++ if (kernel_uses_llsc && R10000_LLSC_WAR) {
2339 ++ __asm__ __volatile__(
2340 ++ " .set mips3 \n"
2341 ++ "1: ll %1, %2 # atomic_sub_return \n"
2342 ++#ifdef CONFIG_PAX_REFCOUNT
2343 ++ "2: sub %0, %1, %3 \n"
2344 ++#else
2345 ++ " subu %0, %1, %3 \n"
2346 ++#endif
2347 ++ " sc %0, %2 \n"
2348 ++ " beqzl %0, 1b \n"
2349 ++#ifdef CONFIG_PAX_REFCOUNT
2350 ++ " b 4f \n"
2351 ++ " .set noreorder \n"
2352 ++ "3: b 5f \n"
2353 ++ " move %0, %1 \n"
2354 ++ " .set reorder \n"
2355 ++ _ASM_EXTABLE(2b, 3b)
2356 ++#endif
2357 ++ "4: subu %0, %1, %3 \n"
2358 ++#ifdef CONFIG_PAX_REFCOUNT
2359 ++ "5: \n"
2360 ++#endif
2361 ++ " .set mips0 \n"
2362 ++ : "=&r" (result), "=&r" (temp), "=m" (v->counter)
2363 ++ : "Ir" (i), "m" (v->counter)
2364 ++ : "memory");
2365 ++ } else if (kernel_uses_llsc) {
2366 ++ __asm__ __volatile__(
2367 ++ " .set mips3 \n"
2368 ++ "1: ll %1, %2 # atomic_sub_return \n"
2369 ++#ifdef CONFIG_PAX_REFCOUNT
2370 ++ "2: sub %0, %1, %3 \n"
2371 ++#else
2372 ++ " subu %0, %1, %3 \n"
2373 ++#endif
2374 ++ " sc %0, %2 \n"
2375 ++ " bnez %0, 4f \n"
2376 ++ " b 1b \n"
2377 ++#ifdef CONFIG_PAX_REFCOUNT
2378 ++ " .set noreorder \n"
2379 ++ "3: b 5f \n"
2380 ++ " move %0, %1 \n"
2381 ++ " .set reorder \n"
2382 ++ _ASM_EXTABLE(2b, 3b)
2383 ++#endif
2384 ++ "4: subu %0, %1, %3 \n"
2385 ++#ifdef CONFIG_PAX_REFCOUNT
2386 ++ "5: \n"
2387 ++#endif
2388 ++ " .set mips0 \n"
2389 ++ : "=&r" (result), "=&r" (temp), "+m" (v->counter)
2390 ++ : "Ir" (i));
2391 ++ } else {
2392 ++ unsigned long flags;
2393 ++
2394 ++ raw_local_irq_save(flags);
2395 ++ __asm__ __volatile__(
2396 ++ " lw %0, %1 \n"
2397 ++#ifdef CONFIG_PAX_REFCOUNT
2398 ++ /* Exception on overflow. */
2399 ++ "1: sub %0, %2 \n"
2400 ++#else
2401 ++ " subu %0, %2 \n"
2402 ++#endif
2403 ++ " sw %0, %1 \n"
2404 ++#ifdef CONFIG_PAX_REFCOUNT
2405 ++ /* Note: Dest reg is not modified on overflow */
2406 ++ "2: \n"
2407 ++ _ASM_EXTABLE(1b, 2b)
2408 ++#endif
2409 ++ : "=&r" (result), "+m" (v->counter) : "Ir" (i));
2410 ++ raw_local_irq_restore(flags);
2411 ++ }
2412 ++
2413 ++ smp_llsc_mb();
2414 ++
2415 ++ return result;
2416 ++}
2417 ++static __inline__ int atomic_sub_return_unchecked(int i, atomic_unchecked_t *v)
2418 + {
2419 + int result;
2420 +
2421 +@@ -238,7 +562,7 @@ static __inline__ int atomic_sub_return(int i, atomic_t * v)
2422 + * Atomically test @v and subtract @i if @v is greater or equal than @i.
2423 + * The function returns the old value of @v minus @i.
2424 + */
2425 +-static __inline__ int atomic_sub_if_positive(int i, atomic_t * v)
2426 ++static __inline__ int atomic_sub_if_positive(int i, atomic_t *v)
2427 + {
2428 + int result;
2429 +
2430 +@@ -295,8 +619,26 @@ static __inline__ int atomic_sub_if_positive(int i, atomic_t * v)
2431 + return result;
2432 + }
2433 +
2434 +-#define atomic_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n)))
2435 +-#define atomic_xchg(v, new) (xchg(&((v)->counter), (new)))
2436 ++static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
2437 ++{
2438 ++ return cmpxchg(&v->counter, old, new);
2439 ++}
2440 ++
2441 ++static inline int atomic_cmpxchg_unchecked(atomic_unchecked_t *v, int old,
2442 ++ int new)
2443 ++{
2444 ++ return cmpxchg(&(v->counter), old, new);
2445 ++}
2446 ++
2447 ++static inline int atomic_xchg(atomic_t *v, int new)
2448 ++{
2449 ++ return xchg(&v->counter, new);
2450 ++}
2451 ++
2452 ++static inline int atomic_xchg_unchecked(atomic_unchecked_t *v, int new)
2453 ++{
2454 ++ return xchg(&(v->counter), new);
2455 ++}
2456 +
2457 + /**
2458 + * __atomic_add_unless - add unless the number is a given value
2459 +@@ -324,6 +666,7 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u)
2460 +
2461 + #define atomic_dec_return(v) atomic_sub_return(1, (v))
2462 + #define atomic_inc_return(v) atomic_add_return(1, (v))
2463 ++#define atomic_inc_return_unchecked(v) atomic_add_return_unchecked(1, (v))
2464 +
2465 + /*
2466 + * atomic_sub_and_test - subtract value from variable and test result
2467 +@@ -345,6 +688,7 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u)
2468 + * other cases.
2469 + */
2470 + #define atomic_inc_and_test(v) (atomic_inc_return(v) == 0)
2471 ++#define atomic_inc_and_test_unchecked(v) (atomic_add_return_unchecked(1, (v)) == 0)
2472 +
2473 + /*
2474 + * atomic_dec_and_test - decrement by 1 and test
2475 +@@ -369,6 +713,7 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u)
2476 + * Atomically increments @v by 1.
2477 + */
2478 + #define atomic_inc(v) atomic_add(1, (v))
2479 ++#define atomic_inc_unchecked(v) atomic_add_unchecked(1, (v))
2480 +
2481 + /*
2482 + * atomic_dec - decrement and test
2483 +@@ -377,6 +722,7 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u)
2484 + * Atomically decrements @v by 1.
2485 + */
2486 + #define atomic_dec(v) atomic_sub(1, (v))
2487 ++#define atomic_dec_unchecked(v) atomic_sub_return_unchecked(1, (v))
2488 +
2489 + /*
2490 + * atomic_add_negative - add and test if negative
2491 +@@ -398,14 +744,30 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u)
2492 + * @v: pointer of type atomic64_t
2493 + *
2494 + */
2495 +-#define atomic64_read(v) (*(volatile long *)&(v)->counter)
2496 ++static inline long atomic64_read(const atomic64_t *v)
2497 ++{
2498 ++ return (*(volatile const long *) &v->counter);
2499 ++}
2500 ++
2501 ++static inline long atomic64_read_unchecked(const atomic64_unchecked_t *v)
2502 ++{
2503 ++ return (*(volatile const long *) &v->counter);
2504 ++}
2505 +
2506 + /*
2507 + * atomic64_set - set atomic variable
2508 + * @v: pointer of type atomic64_t
2509 + * @i: required value
2510 + */
2511 +-#define atomic64_set(v, i) ((v)->counter = (i))
2512 ++static inline void atomic64_set(atomic64_t *v, long i)
2513 ++{
2514 ++ v->counter = i;
2515 ++}
2516 ++
2517 ++static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long i)
2518 ++{
2519 ++ v->counter = i;
2520 ++}
2521 +
2522 + /*
2523 + * atomic64_add - add integer to atomic variable
2524 +@@ -414,7 +776,66 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u)
2525 + *
2526 + * Atomically adds @i to @v.
2527 + */
2528 +-static __inline__ void atomic64_add(long i, atomic64_t * v)
2529 ++static __inline__ void atomic64_add(long i, atomic64_t *v)
2530 ++{
2531 ++ long temp;
2532 ++
2533 ++ if (kernel_uses_llsc && R10000_LLSC_WAR) {
2534 ++ __asm__ __volatile__(
2535 ++ " .set mips3 \n"
2536 ++ "1: lld %0, %1 # atomic64_add \n"
2537 ++#ifdef CONFIG_PAX_REFCOUNT
2538 ++ /* Exception on overflow. */
2539 ++ "2: dadd %0, %2 \n"
2540 ++#else
2541 ++ " daddu %0, %2 \n"
2542 ++#endif
2543 ++ " scd %0, %1 \n"
2544 ++ " beqzl %0, 1b \n"
2545 ++#ifdef CONFIG_PAX_REFCOUNT
2546 ++ "3: \n"
2547 ++ _ASM_EXTABLE(2b, 3b)
2548 ++#endif
2549 ++ " .set mips0 \n"
2550 ++ : "=&r" (temp), "+m" (v->counter)
2551 ++ : "Ir" (i));
2552 ++ } else if (kernel_uses_llsc) {
2553 ++ __asm__ __volatile__(
2554 ++ " .set mips3 \n"
2555 ++ "1: lld %0, %1 # atomic64_add \n"
2556 ++#ifdef CONFIG_PAX_REFCOUNT
2557 ++ /* Exception on overflow. */
2558 ++ "2: dadd %0, %2 \n"
2559 ++#else
2560 ++ " daddu %0, %2 \n"
2561 ++#endif
2562 ++ " scd %0, %1 \n"
2563 ++ " beqz %0, 1b \n"