diff options
-rw-r--r-- | 4.5.5/0000_README | 2 | ||||
-rw-r--r-- | 4.5.5/4420_grsecurity-3.1-4.5.5-201605291201.patch (renamed from 4.5.5/4420_grsecurity-3.1-4.5.5-201605211442.patch) | 9426 |
2 files changed, 5080 insertions, 4348 deletions
diff --git a/4.5.5/0000_README b/4.5.5/0000_README index febdb77..71dba33 100644 --- a/4.5.5/0000_README +++ b/4.5.5/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-4.5.5-201605211442.patch +Patch: 4420_grsecurity-3.1-4.5.5-201605291201.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.5.5/4420_grsecurity-3.1-4.5.5-201605211442.patch b/4.5.5/4420_grsecurity-3.1-4.5.5-201605291201.patch index 7202c18..1fb08ce 100644 --- a/4.5.5/4420_grsecurity-3.1-4.5.5-201605211442.patch +++ b/4.5.5/4420_grsecurity-3.1-4.5.5-201605291201.patch @@ -408,7 +408,7 @@ index a93b414..f50a50b 100644 A toggle value indicating if modules are allowed to be loaded diff --git a/Makefile b/Makefile -index a23df41..314f8da 100644 +index a23df41..db4f30b 100644 --- a/Makefile +++ b/Makefile @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -422,27 +422,41 @@ index a23df41..314f8da 100644 ifeq ($(shell $(HOSTCC) -v 2>&1 | grep -c "clang version"), 1) HOSTCFLAGS += -Wno-unused-value -Wno-unused-parameter \ -@@ -434,8 +436,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn \ - # Rules shared between *config targets and build targets - - # Basic helpers built in scripts/ --PHONY += scripts_basic --scripts_basic: -+PHONY += scripts_basic gcc-plugins -+scripts_basic: gcc-plugins - $(Q)$(MAKE) $(build)=scripts/basic - $(Q)rm -f .tmp_quiet_recordmcount - -@@ -622,6 +624,8 @@ endif +@@ -417,6 +419,8 @@ export KBUILD_AFLAGS_MODULE KBUILD_CFLAGS_MODULE KBUILD_LDFLAGS_MODULE + export KBUILD_AFLAGS_KERNEL KBUILD_CFLAGS_KERNEL + export KBUILD_ARFLAGS + ++export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGINS_AFLAGS ++ + # When compiling out-of-tree modules, put MODVERDIR in the module + # tree rather than in the kernel tree. The kernel tree might + # even be read-only. +@@ -547,7 +551,7 @@ ifeq ($(KBUILD_EXTMOD),) + # in parallel + PHONY += scripts + scripts: scripts_basic include/config/auto.conf include/config/tristate.conf \ +- asm-generic ++ asm-generic gcc-plugins + $(Q)$(MAKE) $(build)=$(@) + + # Objects we will link into vmlinux / subdirs we need to visit +@@ -622,6 +626,15 @@ endif # Tell gcc to never replace conditional load with a non-conditional one KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) ++PHONY += gcc-plugins ++gcc-plugins: scripts_basic ++ifdef CONFIG_GCC_PLUGINS ++ $(Q)$(MAKE) $(build)=scripts/gcc-plugins ++endif ++ @: ++ +include scripts/Makefile.gcc-plugins + ifdef CONFIG_READABLE_ASM # Disable optimizations that make assembler listings hard to read. # reorder blocks reorders the control in the function -@@ -714,7 +718,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g) +@@ -714,7 +727,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g) else KBUILD_CFLAGS += -g endif @@ -451,7 +465,7 @@ index a23df41..314f8da 100644 endif ifdef CONFIG_DEBUG_INFO_DWARF4 KBUILD_CFLAGS += $(call cc-option, -gdwarf-4,) -@@ -886,7 +890,7 @@ export mod_sign_cmd +@@ -886,7 +899,7 @@ export mod_sign_cmd ifeq ($(KBUILD_EXTMOD),) @@ -460,57 +474,16 @@ index a23df41..314f8da 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -937,6 +941,8 @@ endif - - # The actual objects are generated when descending, - # make sure no implicit rule kicks in -+$(filter-out $(init-y),$(vmlinux-deps)): KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) -+$(filter-out $(init-y),$(vmlinux-deps)): KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) - $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; - - # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -946,7 +952,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; - # Error messages still appears in the original language - - PHONY += $(vmlinux-dirs) --$(vmlinux-dirs): prepare scripts -+$(vmlinux-dirs): gcc-plugins prepare scripts - $(Q)$(MAKE) $(build)=$@ - - define filechk_kernel.release -@@ -989,10 +995,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ +@@ -989,7 +1002,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ archprepare: archheaders archscripts prepare1 scripts_basic -+prepare0: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) -+prepare0: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) - prepare0: archprepare FORCE +-prepare0: archprepare FORCE ++prepare0: archprepare gcc-plugins FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. -+prepare: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) - prepare: prepare0 - - # Generate some files -@@ -1103,6 +1112,8 @@ all: modules - # using awk while concatenating to the final file. - - PHONY += modules -+modules: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) -+modules: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) - modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin - $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order - @$(kecho) ' Building modules, stage 2.'; -@@ -1118,7 +1129,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) - - # Target to prepare building external modules - PHONY += modules_prepare --modules_prepare: prepare scripts -+modules_prepare: gcc-plugins prepare scripts - - # Target to install modules - PHONY += modules_install -@@ -1184,7 +1195,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \ +@@ -1184,7 +1197,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \ Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ signing_key.pem signing_key.priv signing_key.x509 \ x509.genkey extra_certificates signing_key.x509.keyid \ @@ -523,7 +496,7 @@ index a23df41..314f8da 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1223,7 +1238,7 @@ distclean: mrproper +@@ -1223,7 +1240,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -532,59 +505,31 @@ index a23df41..314f8da 100644 -type f -print | xargs rm -f -@@ -1390,6 +1405,8 @@ PHONY += $(module-dirs) modules - $(module-dirs): crmodverdir $(objtree)/Module.symvers - $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) +diff --git a/arch/Kconfig b/arch/Kconfig +index f6b649d..5ba628b 100644 +--- a/arch/Kconfig ++++ b/arch/Kconfig +@@ -353,6 +353,20 @@ config SECCOMP_FILTER -+modules: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) -+modules: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) - modules: $(module-dirs) - @$(kecho) ' Building modules, stage 2.'; - $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1531,17 +1548,21 @@ else - target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) - endif + See Documentation/prctl/seccomp_filter.txt for details. --%.s: %.c prepare scripts FORCE -+%.s: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) -+%.s: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) -+%.s: %.c gcc-plugins prepare scripts FORCE - $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) - %.i: %.c prepare scripts FORCE - $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) --%.o: %.c prepare scripts FORCE -+%.o: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) -+%.o: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) -+%.o: %.c gcc-plugins prepare scripts FORCE - $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) - %.lst: %.c prepare scripts FORCE - $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) --%.s: %.S prepare scripts FORCE -+%.s: %.S gcc-plugins prepare scripts FORCE - $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) --%.o: %.S prepare scripts FORCE -+%.o: %.S gcc-plugins prepare scripts FORCE - $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) - %.symtypes: %.c prepare scripts FORCE - $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1553,11 +1574,15 @@ endif - $(build)=$(build-dir) - # Make sure the latest headers are built for Documentation - Documentation/: headers_install --%/: prepare scripts FORCE -+%/: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) -+%/: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) -+%/: gcc-plugins prepare scripts FORCE - $(cmd_crmodverdir) - $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ - $(build)=$(build-dir) --%.ko: prepare scripts FORCE -+%.ko: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) -+%.ko: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) -+%.ko: gcc-plugins prepare scripts FORCE - $(cmd_crmodverdir) - $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ - $(build)=$(build-dir) $(@:.ko=.o) ++config HAVE_GCC_PLUGINS ++ bool ++ help ++ An arch should select this symbol if it supports building with ++ GCC plugins. ++ ++menuconfig GCC_PLUGINS ++ bool "GCC plugins" ++ depends on HAVE_GCC_PLUGINS ++ default y ++ help ++ GCC plugins are loadable modules that provide extra features to the ++ compiler. They are useful for runtime instrumentation and static analysis. ++ + config HAVE_CC_STACKPROTECTOR + bool + help diff --git a/arch/alpha/include/asm/atomic.h b/arch/alpha/include/asm/atomic.h index 572b228..e03acdd 100644 --- a/arch/alpha/include/asm/atomic.h @@ -928,10 +873,18 @@ index 8a188bc..26608f1 100644 Counts number of I and D TLB Misses and exports them via Debugfs The counters can be cleared via Debugfs as well diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig -index 4f799e5..cc1200e 100644 +index 4f799e5..c1e2b95 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig -@@ -1622,6 +1622,7 @@ config HIGHPTE +@@ -53,6 +53,7 @@ config ARM + select HAVE_FTRACE_MCOUNT_RECORD if (!XIP_KERNEL) + select HAVE_FUNCTION_GRAPH_TRACER if (!THUMB2_KERNEL) + select HAVE_FUNCTION_TRACER if (!XIP_KERNEL) ++ select HAVE_GCC_PLUGINS + select HAVE_GENERIC_DMA_COHERENT + select HAVE_HW_BREAKPOINT if (PERF_EVENTS && (CPU_V6 || CPU_V6K || CPU_V7)) + select HAVE_IDE if PCI || ISA || PCMCIA +@@ -1622,6 +1623,7 @@ config HIGHPTE config CPU_SW_DOMAIN_PAN bool "Enable use of CPU domains to implement privileged no-access" depends on MMU && !ARM_LPAE @@ -939,7 +892,7 @@ index 4f799e5..cc1200e 100644 default y help Increase kernel security by ensuring that normal kernel accesses -@@ -1698,7 +1699,7 @@ config ALIGNMENT_TRAP +@@ -1698,7 +1700,7 @@ config ALIGNMENT_TRAP config UACCESS_WITH_MEMCPY bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()" @@ -948,7 +901,7 @@ index 4f799e5..cc1200e 100644 default y if CPU_FEROCEON help Implement faster copy_to_user and clear_user methods for CPU -@@ -1953,6 +1954,7 @@ config KEXEC +@@ -1953,6 +1955,7 @@ config KEXEC depends on (!SMP || PM_SLEEP_SMP) depends on !CPU_V7M select KEXEC_CORE @@ -956,7 +909,7 @@ index 4f799e5..cc1200e 100644 help kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot -@@ -1997,7 +1999,7 @@ config EFI_STUB +@@ -1997,7 +2000,7 @@ config EFI_STUB config EFI bool "UEFI runtime support" @@ -977,6 +930,19 @@ index c6b6175..2884505 100644 ---help--- Say Y here if you want to show the kernel pagetable layout in a debugfs file. This information is only useful for kernel developers +diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile +index 43788b1..2efefcf 100644 +--- a/arch/arm/boot/compressed/Makefile ++++ b/arch/arm/boot/compressed/Makefile +@@ -106,6 +106,8 @@ ORIG_CFLAGS := $(KBUILD_CFLAGS) + KBUILD_CFLAGS = $(subst -pg, , $(ORIG_CFLAGS)) + endif + ++KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) ++ + # -fstack-protector-strong triggers protection checks in this code, + # but it is being used too early to link to meaningful stack_chk logic. + nossp_flags := $(call cc-option, -fno-stack-protector) diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h index 9e10c45..24a14ce 100644 --- a/arch/arm/include/asm/atomic.h @@ -3357,7 +3323,7 @@ index 6bd1089..e999400 100644 { unsigned long ua_flags; diff --git a/arch/arm/mach-exynos/suspend.c b/arch/arm/mach-exynos/suspend.c -index c169cc3..f290a77 100644 +index c169cc3..b007ec6 100644 --- a/arch/arm/mach-exynos/suspend.c +++ b/arch/arm/mach-exynos/suspend.c @@ -734,8 +734,10 @@ void __init exynos_pm_init(void) @@ -3367,8 +3333,8 @@ index c169cc3..f290a77 100644 - exynos_pm_syscore_ops.suspend = pm_data->pm_suspend; - exynos_pm_syscore_ops.resume = pm_data->pm_resume; + pax_open_kernel(); -+ *(void **)&exynos_pm_syscore_ops.suspend = pm_data->pm_suspend; -+ *(void **)&exynos_pm_syscore_ops.resume = pm_data->pm_resume; ++ const_cast(exynos_pm_syscore_ops.suspend) = pm_data->pm_suspend; ++ const_cast(exynos_pm_syscore_ops.resume) = pm_data->pm_resume; + pax_close_kernel(); register_syscore_ops(&exynos_pm_syscore_ops); @@ -3501,7 +3467,7 @@ index 2af6ff6..1f2959f 100644 /* omap_hwmod_list contains all registered struct omap_hwmods */ static LIST_HEAD(omap_hwmod_list); diff --git a/arch/arm/mach-omap2/powerdomains43xx_data.c b/arch/arm/mach-omap2/powerdomains43xx_data.c -index 95fee54..cfa9cf1 100644 +index 95fee54..b5dd79d 100644 --- a/arch/arm/mach-omap2/powerdomains43xx_data.c +++ b/arch/arm/mach-omap2/powerdomains43xx_data.c @@ -10,6 +10,7 @@ @@ -3518,7 +3484,7 @@ index 95fee54..cfa9cf1 100644 { - omap4_pwrdm_operations.pwrdm_has_voltdm = am43xx_check_vcvp; + pax_open_kernel(); -+ *(void **)&omap4_pwrdm_operations.pwrdm_has_voltdm = am43xx_check_vcvp; ++ const_cast(omap4_pwrdm_operations.pwrdm_has_voltdm) = am43xx_check_vcvp; + pax_close_kernel(); pwrdm_register_platform_funcs(&omap4_pwrdm_operations); pwrdm_register_pwrdms(powerdomains_am43xx); @@ -3548,7 +3514,7 @@ index ff0a68c..b312aa0 100644 sizeof(struct omap_wd_timer_platform_data)); WARN(IS_ERR(pdev), "Can't build omap_device for %s:%s.\n", diff --git a/arch/arm/mach-shmobile/platsmp-apmu.c b/arch/arm/mach-shmobile/platsmp-apmu.c -index aba75c8..b55a9d7 100644 +index aba75c8..b2b340f 100644 --- a/arch/arm/mach-shmobile/platsmp-apmu.c +++ b/arch/arm/mach-shmobile/platsmp-apmu.c @@ -22,6 +22,7 @@ @@ -3565,7 +3531,7 @@ index aba75c8..b55a9d7 100644 { - shmobile_suspend_ops.enter = shmobile_smp_apmu_enter_suspend; + pax_open_kernel(); -+ *(void **)&shmobile_suspend_ops.enter = shmobile_smp_apmu_enter_suspend; ++ const_cast(shmobile_suspend_ops.enter) = shmobile_smp_apmu_enter_suspend; + pax_close_kernel(); } #endif @@ -3727,7 +3693,7 @@ index c8c8b9e..c55cc79 100644 atomic64_set(&mm->context.id, asid); } diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c -index daafcf1..8205ed6 100644 +index daafcf1..a04e1fd 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c @@ -25,6 +25,7 @@ @@ -3841,7 +3807,7 @@ index daafcf1..8205ed6 100644 pr_alert("Unhandled fault: %s (0x%03x) at 0x%08lx\n", inf->name, fsr, addr); show_pte(current->mm, addr); -@@ -574,15 +647,104 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs * +@@ -574,15 +647,118 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs * ifsr_info[nr].name = name; } @@ -3879,6 +3845,13 @@ index daafcf1..8205ed6 100644 + */ + // dmb(); implied by the exception + regs->ARM_pc = regs->ARM_lr; ++#ifdef CONFIG_ARM_THUMB ++ if (regs->ARM_lr & 1) { ++ regs->ARM_cpsr |= PSR_T_BIT; ++ regs->ARM_pc &= ~0x1U; ++ } else ++ regs->ARM_cpsr &= ~PSR_T_BIT; ++#endif + return; + } + if (pc == 0xffff0fc0UL) { @@ -3901,6 +3874,13 @@ index daafcf1..8205ed6 100644 + */ + regs->ARM_r0 = current_thread_info()->tp_value[0]; + regs->ARM_pc = regs->ARM_lr; ++#ifdef CONFIG_ARM_THUMB ++ if (regs->ARM_lr & 1) { ++ regs->ARM_cpsr |= PSR_T_BIT; ++ regs->ARM_pc &= ~0x1U; ++ } else ++ regs->ARM_cpsr &= ~PSR_T_BIT; ++#endif + return; + } + } @@ -4655,6 +4635,18 @@ index a5bc92d..0bb4730 100644 omap_sram_size - omap_sram_skip); + pax_close_kernel(); } +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig +index 8cc6228..6d6e4f8 100644 +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -70,6 +70,7 @@ config ARM64 + select HAVE_FTRACE_MCOUNT_RECORD + select HAVE_FUNCTION_TRACER + select HAVE_FUNCTION_GRAPH_TRACER ++ select HAVE_GCC_PLUGINS + select HAVE_GENERIC_DMA_COHERENT + select HAVE_HW_BREAKPOINT if PERF_EVENTS + select HAVE_IRQ_TIME_ACCOUNTING diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug index e13c4bf..3feaea7 100644 --- a/arch/arm64/Kconfig.debug @@ -5602,10 +5594,18 @@ index 4efe96a..60e8699 100644 #define SMP_CACHE_BYTES L1_CACHE_BYTES diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig -index d3da79d..e607104 100644 +index d3da79d..e317c97 100644 --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig -@@ -2656,6 +2656,7 @@ source "kernel/Kconfig.preempt" +@@ -49,6 +49,7 @@ config MIPS + select GENERIC_CMOS_UPDATE + select HAVE_MOD_ARCH_SPECIFIC + select VIRT_TO_BUS ++ select HAVE_GCC_PLUGINS + select MODULES_USE_ELF_REL if MODULES + select MODULES_USE_ELF_RELA if MODULES && 64BIT + select CLONE_BACKWARDS +@@ -2656,6 +2657,7 @@ source "kernel/Kconfig.preempt" config KEXEC bool "Kexec system call" select KEXEC_CORE @@ -7607,10 +7607,18 @@ index f906444..0bb73ae 100644 /* * If for any reason at all we couldn't handle the fault, make diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig -index 9faa18c..6061610 100644 +index 9faa18c..b24277a 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig -@@ -419,6 +419,7 @@ config KEXEC +@@ -143,6 +143,7 @@ config PPC + select ARCH_USE_BUILTIN_BSWAP + select OLD_SIGSUSPEND + select OLD_SIGACTION if PPC32 ++ select HAVE_GCC_PLUGINS + select HAVE_DEBUG_STACKOVERFLOW + select HAVE_IRQ_EXIT_ON_IRQ_STACK + select ARCH_USE_CMPXCHG_LOCKREF if PPC64 +@@ -419,6 +420,7 @@ config KEXEC bool "kexec system call" depends on (PPC_BOOK3S || FSL_BOOKE || (44x && !SMP)) || PPC_BOOK3E select KEXEC_CORE @@ -7619,7 +7627,7 @@ index 9faa18c..6061610 100644 kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h -index 55f106e..70cc82a 100644 +index 55f106e..5968afb 100644 --- a/arch/powerpc/include/asm/atomic.h +++ b/arch/powerpc/include/asm/atomic.h @@ -12,6 +12,11 @@ @@ -7886,19 +7894,7 @@ index 55f106e..70cc82a 100644 PPC_ATOMIC_EXIT_BARRIER " subf %0,%2,%0 \n\ 2:" -@@ -252,6 +299,11 @@ static __inline__ int atomic_dec_if_positive(atomic_t *v) - } - #define atomic_dec_if_positive atomic_dec_if_positive - -+#define smp_mb__before_atomic_dec() smp_mb() -+#define smp_mb__after_atomic_dec() smp_mb() -+#define smp_mb__before_atomic_inc() smp_mb() -+#define smp_mb__after_atomic_inc() smp_mb() -+ - #ifdef __powerpc64__ - - #define ATOMIC64_INIT(i) { (i) } -@@ -265,37 +317,60 @@ static __inline__ long atomic64_read(const atomic64_t *v) +@@ -265,37 +312,60 @@ static __inline__ long atomic64_read(const atomic64_t *v) return t; } @@ -7963,7 +7959,7 @@ index 55f106e..70cc82a 100644 PPC_ATOMIC_EXIT_BARRIER \ : "=&r" (t) \ : "r" (a), "r" (&v->counter) \ -@@ -304,6 +379,9 @@ static __inline__ long atomic64_##op##_return(long a, atomic64_t *v) \ +@@ -304,6 +374,9 @@ static __inline__ long atomic64_##op##_return(long a, atomic64_t *v) \ return t; \ } @@ -7973,7 +7969,7 @@ index 55f106e..70cc82a 100644 #define ATOMIC64_OPS(op, asm_op) ATOMIC64_OP(op, asm_op) ATOMIC64_OP_RETURN(op, asm_op) ATOMIC64_OPS(add, add) -@@ -314,40 +392,33 @@ ATOMIC64_OP(xor, xor) +@@ -314,40 +387,33 @@ ATOMIC64_OP(xor, xor) #undef ATOMIC64_OPS #undef ATOMIC64_OP_RETURN @@ -8033,7 +8029,7 @@ index 55f106e..70cc82a 100644 } /* -@@ -360,36 +431,18 @@ static __inline__ long atomic64_inc_return(atomic64_t *v) +@@ -360,36 +426,18 @@ static __inline__ long atomic64_inc_return(atomic64_t *v) */ #define atomic64_inc_and_test(v) (atomic64_inc_return(v) == 0) @@ -8081,7 +8077,7 @@ index 55f106e..70cc82a 100644 } #define atomic64_sub_and_test(a, v) (atomic64_sub_return((a), (v)) == 0) -@@ -422,6 +475,16 @@ static __inline__ long atomic64_dec_if_positive(atomic64_t *v) +@@ -422,6 +470,16 @@ static __inline__ long atomic64_dec_if_positive(atomic64_t *v) #define atomic64_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n))) #define atomic64_xchg(v, new) (xchg(&((v)->counter), new)) @@ -8090,7 +8086,7 @@ index 55f106e..70cc82a 100644 + return cmpxchg(&(v->counter), old, new); +} + -+static inline long atomic64_xchg_unchecked(atomic64_unchecked_t *v, long new) ++static inline long atomic64_xchg_unchecked(atomic64_unchecked_t *v, long new) +{ + return xchg(&(v->counter), new); +} @@ -8098,7 +8094,7 @@ index 55f106e..70cc82a 100644 /** * atomic64_add_unless - add unless the number is a given value * @v: pointer of type atomic64_t -@@ -437,13 +500,29 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) +@@ -437,13 +495,29 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) __asm__ __volatile__ ( PPC_ATOMIC_ENTRY_BARRIER @@ -8698,17 +8694,17 @@ index b7c20f0..4adc0f1 100644 static inline unsigned long clear_user(void __user *addr, unsigned long size) diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile -index 794f22a..f8de42b 100644 +index 794f22a..9a76447 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -14,6 +14,11 @@ CFLAGS_prom_init.o += -fPIC CFLAGS_btext.o += -fPIC endif -+CFLAGS_REMOVE_cputable.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) -+CFLAGS_REMOVE_prom_init.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) -+CFLAGS_REMOVE_btext.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) -+CFLAGS_REMOVE_prom.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS) ++CFLAGS_cputable.o += $(DISABLE_LATENT_ENTROPY_PLUGIN) ++CFLAGS_prom_init.o += $(DISABLE_LATENT_ENTROPY_PLUGIN) ++CFLAGS_btext.o += $(DISABLE_LATENT_ENTROPY_PLUGIN) ++CFLAGS_prom.o += $(DISABLE_LATENT_ENTROPY_PLUGIN) + ifdef CONFIG_FUNCTION_TRACER # Do not trace early boot code @@ -9678,6 +9674,18 @@ index 6777177..d44b592 100644 info.high_limit = TASK_SIZE; addr = vm_unmapped_area(&info); } +diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig +index 57ffaf2..4d1fe9a 100644 +--- a/arch/sparc/Kconfig ++++ b/arch/sparc/Kconfig +@@ -39,6 +39,7 @@ config SPARC + select GENERIC_STRNCPY_FROM_USER + select GENERIC_STRNLEN_USER + select MODULES_USE_ELF_RELA ++ select HAVE_GCC_PLUGINS + select ODD_RT_SIGACTION + select OLD_SIGSUSPEND + select ARCH_HAS_SG_CHAIN diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm/atomic_64.h index f2fbf9e..fea461e 100644 --- a/arch/sparc/include/asm/atomic_64.h @@ -12221,16 +12229,14 @@ index c034dc3..cf1cc96 100644 /* diff --git a/arch/um/Makefile b/arch/um/Makefile -index e3abe6f..ae224ef 100644 +index e3abe6f..33a363c 100644 --- a/arch/um/Makefile +++ b/arch/um/Makefile -@@ -73,6 +73,10 @@ USER_CFLAGS = $(patsubst $(KERNEL_DEFINES),,$(patsubst -I%,,$(KBUILD_CFLAGS))) \ +@@ -73,6 +73,8 @@ USER_CFLAGS = $(patsubst $(KERNEL_DEFINES),,$(patsubst -I%,,$(KBUILD_CFLAGS))) \ -D_FILE_OFFSET_BITS=64 -idirafter $(srctree)/include \ -idirafter $(obj)/include -D__KERNEL__ -D__UM_HOST__ -+ifdef CONSTIFY_PLUGIN -+USER_CFLAGS += -fplugin-arg-constify_plugin-no-constify -+endif ++USER_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(USER_CFLAGS)) + #This will adjust *FLAGS accordingly to the platform. include $(ARCH_DIR)/Makefile-os-$(OS) @@ -12338,7 +12344,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 3bf45a0..7b04039 100644 +index 3bf45a0..25ca7da 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -38,14 +38,13 @@ config X86 @@ -12366,7 +12372,15 @@ index 3bf45a0..7b04039 100644 select HAVE_CMPXCHG_DOUBLE select HAVE_CMPXCHG_LOCAL select HAVE_CONTEXT_TRACKING if X86_64 -@@ -290,7 +289,7 @@ config X86_64_SMP +@@ -109,6 +108,7 @@ config X86 + select HAVE_FUNCTION_GRAPH_FP_TEST + select HAVE_FUNCTION_GRAPH_TRACER + select HAVE_FUNCTION_TRACER ++ select HAVE_GCC_PLUGINS + select HAVE_GENERIC_DMA_COHERENT if X86_32 + select HAVE_HW_BREAKPOINT + select HAVE_IDE +@@ -290,7 +290,7 @@ config X86_64_SMP config X86_32_LAZY_GS def_bool y @@ -12375,7 +12389,7 @@ index 3bf45a0..7b04039 100644 config ARCH_HWEIGHT_CFLAGS string -@@ -674,6 +673,7 @@ config SCHED_OMIT_FRAME_POINTER +@@ -674,6 +674,7 @@ config SCHED_OMIT_FRAME_POINTER menuconfig HYPERVISOR_GUEST bool "Linux guest support" @@ -12383,7 +12397,7 @@ index 3bf45a0..7b04039 100644 ---help--- Say Y here to enable options for running Linux under various hyper- visors. This option enables basic hypervisor detection and platform -@@ -1073,6 +1073,7 @@ config VM86 +@@ -1073,6 +1074,7 @@ config VM86 config X86_16BIT bool "Enable support for 16-bit segments" if EXPERT @@ -12391,7 +12405,7 @@ index 3bf45a0..7b04039 100644 default y depends on MODIFY_LDT_SYSCALL ---help--- -@@ -1227,6 +1228,7 @@ choice +@@ -1227,6 +1229,7 @@ choice config NOHIGHMEM bool "off" @@ -12399,7 +12413,7 @@ index 3bf45a0..7b04039 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1263,6 +1265,7 @@ config NOHIGHMEM +@@ -1263,6 +1266,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -12407,7 +12421,7 @@ index 3bf45a0..7b04039 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1315,7 +1318,7 @@ config PAGE_OFFSET +@@ -1315,7 +1319,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -12416,7 +12430,7 @@ index 3bf45a0..7b04039 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1336,7 +1339,6 @@ config X86_PAE +@@ -1336,7 +1340,6 @@ config X86_PAE config ARCH_PHYS_ADDR_T_64BIT def_bool y @@ -12424,7 +12438,7 @@ index 3bf45a0..7b04039 100644 config ARCH_DMA_ADDR_T_64BIT def_bool y -@@ -1467,7 +1469,7 @@ config ARCH_PROC_KCORE_TEXT +@@ -1467,7 +1470,7 @@ config ARCH_PROC_KCORE_TEXT config ILLEGAL_POINTER_VALUE hex @@ -12433,7 +12447,7 @@ index 3bf45a0..7b04039 100644 default 0xdead000000000000 if X86_64 source "mm/Kconfig" -@@ -1776,6 +1778,7 @@ source kernel/Kconfig.hz +@@ -1776,6 +1779,7 @@ source kernel/Kconfig.hz config KEXEC bool "kexec system call" select KEXEC_CORE @@ -12441,7 +12455,7 @@ index 3bf45a0..7b04039 100644 ---help--- kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot -@@ -1958,7 +1961,9 @@ config X86_NEED_RELOCS +@@ -1958,7 +1962,9 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" @@ -12452,7 +12466,7 @@ index 3bf45a0..7b04039 100644 range 0x2000 0x1000000 if X86_32 range 0x200000 0x1000000 if X86_64 ---help--- -@@ -2041,6 +2046,7 @@ config COMPAT_VDSO +@@ -2041,6 +2047,7 @@ config COMPAT_VDSO def_bool n prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)" depends on X86_32 || IA32_EMULATION @@ -12460,7 +12474,7 @@ index 3bf45a0..7b04039 100644 ---help--- Certain buggy versions of glibc will crash if they are presented with a 32-bit vDSO that is not mapped at the address -@@ -2081,15 +2087,6 @@ choice +@@ -2081,15 +2088,6 @@ choice If unsure, select "Emulate". @@ -12476,7 +12490,7 @@ index 3bf45a0..7b04039 100644 config LEGACY_VSYSCALL_EMULATE bool "Emulate" help -@@ -2170,6 +2167,22 @@ config MODIFY_LDT_SYSCALL +@@ -2170,6 +2168,22 @@ config MODIFY_LDT_SYSCALL Saying 'N' here may make sense for embedded or server kernels. @@ -12610,20 +12624,6 @@ index 4086abc..52a0a9b 100644 +*** ${VERSION}.${PATCHLEVEL} PaX kernels no longer build correctly with old versions of binutils. +*** Please upgrade your binutils to 2.18 or newer +endef -diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile -index bbe1a62..ec6a3ec 100644 ---- a/arch/x86/boot/Makefile -+++ b/arch/x86/boot/Makefile -@@ -58,6 +58,9 @@ clean-files += cpustr.h - # --------------------------------------------------------------------------- - - KBUILD_CFLAGS := $(USERINCLUDE) $(REALMODE_CFLAGS) -D_SETUP -+ifdef CONSTIFY_PLUGIN -+KBUILD_CFLAGS += -fplugin-arg-constify_plugin-no-constify -+endif - KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ - GCOV_PROFILE := n - UBSAN_SANITIZE := n diff --git a/arch/x86/boot/bitops.h b/arch/x86/boot/bitops.h index 878e4b9..20537ab 100644 --- a/arch/x86/boot/bitops.h @@ -12660,17 +12660,13 @@ index 9011a88..06aa820 100644 } diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile -index f9ce75d..0b1600d 100644 +index f9ce75d..245ea76 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile -@@ -30,6 +30,26 @@ KBUILD_CFLAGS += $(cflags-y) - KBUILD_CFLAGS += -mno-mmx -mno-sse +@@ -31,6 +31,23 @@ KBUILD_CFLAGS += -mno-mmx -mno-sse KBUILD_CFLAGS += $(call cc-option,-ffreestanding) KBUILD_CFLAGS += $(call cc-option,-fno-stack-protector) -+ifdef CONSTIFY_PLUGIN -+KBUILD_CFLAGS += -fplugin-arg-constify_plugin-no-constify -+endif -+ + +ifdef CONFIG_DEBUG_INFO +ifdef CONFIG_DEBUG_INFO_SPLIT +KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g) @@ -12687,9 +12683,10 @@ index f9ce75d..0b1600d 100644 +KBUILD_CFLAGS += $(call cc-option, -femit-struct-debug-baseonly) \ + $(call cc-option,-fno-var-tracking) +endif - ++ KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE := n + UBSAN_SANITIZE :=n diff --git a/arch/x86/boot/compressed/efi_stub_32.S b/arch/x86/boot/compressed/efi_stub_32.S index a53440e..c3dbf1e 100644 --- a/arch/x86/boot/compressed/efi_stub_32.S @@ -15756,7 +15753,7 @@ index e32206e0..809adae 100644 .macro REMOVE_PT_GPREGS_FROM_STACK addskip=0 diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c -index 1a4477c..95199ec4 100644 +index 1a4477c..7061819 100644 --- a/arch/x86/entry/common.c +++ b/arch/x86/entry/common.c @@ -32,9 +32,7 @@ @@ -15869,7 +15866,7 @@ index 1a4477c..95199ec4 100644 + [param4] "m" (regs->si), + [param5] "m" (regs->di), + [param6] "m" (regs->bp) -+ : "di", "si", "dx", "cx", "r8", "r9", "memory"); ++ : "ax", "di", "si", "dx", "cx", "r8", "r9", "r10", "r11", "memory"); +#else + asm volatile("pushl %[param6]\n\t" + "pushl %[param5]\n\t" @@ -22879,7 +22876,7 @@ index 82c34ee..940fa40 100644 unsigned, unsigned, unsigned); diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h -index c7b5510..2ab8977 100644 +index c7b5510..f6d5ca4 100644 --- a/arch/x86/include/asm/thread_info.h +++ b/arch/x86/include/asm/thread_info.h @@ -39,7 +39,7 @@ @@ -22961,7 +22958,7 @@ index c7b5510..2ab8977 100644 } static inline unsigned long current_stack_pointer(void) -@@ -179,14 +182,9 @@ static inline unsigned long current_stack_pointer(void) +@@ -179,41 +182,9 @@ static inline unsigned long current_stack_pointer(void) #else /* !__ASSEMBLY__ */ @@ -22973,11 +22970,38 @@ index c7b5510..2ab8977 100644 #define GET_THREAD_INFO(reg) \ - _ASM_MOV PER_CPU_VAR(cpu_current_top_of_stack),reg ; \ - _ASM_SUB $(THREAD_SIZE),reg ; +- +-/* +- * ASM operand which evaluates to a 'thread_info' address of +- * the current task, if it is known that "reg" is exactly "off" +- * bytes below the top of the stack currently. +- * +- * ( The kernel stack's size is known at build time, it is usually +- * 2 or 4 pages, and the bottom of the kernel stack contains +- * the thread_info structure. So to access the thread_info very +- * quickly from assembly code we can calculate down from the +- * top of the kernel stack to the bottom, using constant, +- * build-time calculations only. ) +- * +- * For example, to fetch the current thread_info->flags value into %eax +- * on x86-64 defconfig kernels, in syscall entry code where RSP is +- * currently at exactly SIZEOF_PTREGS bytes away from the top of the +- * stack: +- * +- * mov ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS), %eax +- * +- * will translate to: +- * +- * 8b 84 24 b8 c0 ff ff mov -0x3f48(%rsp), %eax +- * +- * which is below the current RSP by almost 16K. +- */ +-#define ASM_THREAD_INFO(field, reg, off) ((field)+(off)-THREAD_SIZE)(reg) + _ASM_MOV PER_CPU_VAR(current_tinfo),reg ; - /* - * ASM operand which evaluates to a 'thread_info' address of -@@ -279,5 +277,12 @@ static inline bool is_ia32_task(void) + #endif + +@@ -279,5 +250,12 @@ static inline bool is_ia32_task(void) extern void arch_task_cache_init(void); extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src); extern void arch_release_task_struct(struct task_struct *tsk); @@ -25722,7 +25746,7 @@ index 2cad71d..5f1baf2 100644 __bts_event_stop(event); diff --git a/arch/x86/kernel/cpu/perf_event_intel_cqm.c b/arch/x86/kernel/cpu/perf_event_intel_cqm.c -index a316ca9..99344f4 100644 +index a316ca9..07e219e 100644 --- a/arch/x86/kernel/cpu/perf_event_intel_cqm.c +++ b/arch/x86/kernel/cpu/perf_event_intel_cqm.c @@ -1364,7 +1364,9 @@ static int __init intel_cqm_init(void) @@ -25731,7 +25755,7 @@ index a316ca9..99344f4 100644 - event_attr_intel_cqm_llc_scale.event_str = str; + pax_open_kernel(); -+ *(const char **)&event_attr_intel_cqm_llc_scale.event_str = str; ++ const_cast(event_attr_intel_cqm_llc_scale.event_str) = str; + pax_close_kernel(); ret = intel_cqm_setup_rmid_cache(); @@ -25798,7 +25822,7 @@ index 653f88d..11b6b78 100644 if (!insn.opcode.got) return X86_BR_ABORT; diff --git a/arch/x86/kernel/cpu/perf_event_intel_pt.c b/arch/x86/kernel/cpu/perf_event_intel_pt.c -index c0bbd10..727ae15e 100644 +index c0bbd10..53a5dc6 100644 --- a/arch/x86/kernel/cpu/perf_event_intel_pt.c +++ b/arch/x86/kernel/cpu/perf_event_intel_pt.c @@ -133,14 +133,10 @@ static const struct attribute_group *pt_attr_groups[] = { @@ -25839,22 +25863,22 @@ index c0bbd10..727ae15e 100644 + struct dev_ext_attribute *de_attr = &de_attrs[i]; - de_attr->attr.attr.name = pt_caps[i].name; -+ *(const char **)&de_attr->attr.attr.name = pt_caps[i].name; ++ const_cast(de_attr->attr.attr.name) = pt_caps[i].name; sysfs_attr_init(&de_attr->attr.attr); - de_attr->attr.attr.mode = S_IRUGO; - de_attr->attr.show = pt_cap_show; - de_attr->var = (void *)i; -+ *(umode_t *)&de_attr->attr.attr.mode = S_IRUGO; -+ *(void **)&de_attr->attr.show = pt_cap_show; -+ *(void **)&de_attr->var = (void *)i; ++ const_cast(de_attr->attr.attr.mode) = S_IRUGO; ++ const_cast(de_attr->attr.show) = pt_cap_show; ++ const_cast(de_attr->var) = (void *)i; attrs[i] = &de_attr->attr.attr; } - pt_cap_group.attrs = attrs; -+ *(struct attribute ***)&pt_cap_group.attrs = attrs; ++ const_cast(pt_cap_group.attrs) = attrs; + pax_close_kernel(); return 0; @@ -27813,7 +27837,7 @@ index 64341aa..b1e6632 100644 +EXPORT_SYMBOL(cpu_pgd); +#endif diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c -index be22f5a..c5d0e1f 100644 +index be22f5a..a04fa14 100644 --- a/arch/x86/kernel/i8259.c +++ b/arch/x86/kernel/i8259.c @@ -110,7 +110,7 @@ static int i8259A_irq_pending(unsigned int irq) @@ -27845,10 +27869,10 @@ index be22f5a..c5d0e1f 100644 * when acking. */ - i8259A_chip.irq_mask_ack = disable_8259A_irq; -+ *(void **)&i8259A_chip.irq_mask_ack = disable_8259A_irq; ++ const_cast(i8259A_chip.irq_mask_ack) = disable_8259A_irq; else - i8259A_chip.irq_mask_ack = mask_and_ack_8259A; -+ *(void **)&i8259A_chip.irq_mask_ack = mask_and_ack_8259A; ++ const_cast(i8259A_chip.irq_mask_ack) = mask_and_ack_8259A; + pax_close_kernel(); udelay(100); /* wait for 8259A to initialize */ @@ -29041,7 +29065,7 @@ index 6d9582e..f746287 100644 return; } diff --git a/arch/x86/kernel/paravirt-spinlocks.c b/arch/x86/kernel/paravirt-spinlocks.c -index 33ee3e0..ca43dee 100644 +index 33ee3e0..6d23e5c 100644 --- a/arch/x86/kernel/paravirt-spinlocks.c +++ b/arch/x86/kernel/paravirt-spinlocks.c @@ -23,16 +23,32 @@ bool pv_is_native_spin_unlock(void) @@ -29058,7 +29082,7 @@ index 33ee3e0..ca43dee 100644 +static void native_kick(int cpu) +{ +} -+//#else /* !CONFIG_QUEUED_SPINLOCKS */ ++#else /* !CONFIG_QUEUED_SPINLOCKS */ +static void native_unlock_kick(struct arch_spinlock *lock, __ticket_t ticket) +{ +} @@ -37439,7 +37463,7 @@ index 4e664bd..2beeaa2 100644 return NULL; diff --git a/arch/x86/oprofile/nmi_int.c b/arch/x86/oprofile/nmi_int.c -index 1d2e639..d7f0e67 100644 +index 1d2e639..6473b8a 100644 --- a/arch/x86/oprofile/nmi_int.c +++ b/arch/x86/oprofile/nmi_int.c @@ -23,6 +23,7 @@ @@ -37467,14 +37491,14 @@ index 1d2e639..d7f0e67 100644 - model->num_virt_counters = model->num_counters; + if (!model->num_virt_counters) { + pax_open_kernel(); -+ *(unsigned int *)&model->num_virt_counters = model->num_counters; ++ const_cast(model->num_virt_counters) = model->num_counters; + pax_close_kernel(); + } mux_init(ops); diff --git a/arch/x86/oprofile/op_model_amd.c b/arch/x86/oprofile/op_model_amd.c -index 50d86c0..7985318 100644 +index 50d86c0..b0b9ae0 100644 --- a/arch/x86/oprofile/op_model_amd.c +++ b/arch/x86/oprofile/op_model_amd.c @@ -519,9 +519,11 @@ static int op_amd_init(struct oprofile_operations *ops) @@ -37485,15 +37509,15 @@ index 50d86c0..7985318 100644 - op_amd_spec.num_controls = num_counters; - op_amd_spec.num_virt_counters = max(num_counters, NUM_VIRT_COUNTERS); + pax_open_kernel(); -+ *(unsigned int *)&op_amd_spec.num_counters = num_counters; -+ *(unsigned int *)&op_amd_spec.num_controls = num_counters; -+ *(unsigned int *)&op_amd_spec.num_virt_counters = max(num_counters, NUM_VIRT_COUNTERS); ++ const_cast(op_amd_spec.num_counters) = num_counters; ++ const_cast(op_amd_spec.num_controls) = num_counters; ++ const_cast(op_amd_spec.num_virt_counters) = max(num_counters, NUM_VIRT_COUNTERS); + pax_close_kernel(); return 0; } diff --git a/arch/x86/oprofile/op_model_ppro.c b/arch/x86/oprofile/op_model_ppro.c -index d90528e..0127e2b 100644 +index d90528e..a44aa09 100644 --- a/arch/x86/oprofile/op_model_ppro.c +++ b/arch/x86/oprofile/op_model_ppro.c @@ -19,6 +19,7 @@ @@ -37511,8 +37535,8 @@ index d90528e..0127e2b 100644 - op_arch_perfmon_spec.num_counters = num_counters; - op_arch_perfmon_spec.num_controls = num_counters; + pax_open_kernel(); -+ *(unsigned int *)&op_arch_perfmon_spec.num_counters = num_counters; -+ *(unsigned int *)&op_arch_perfmon_spec.num_controls = num_counters; ++ const_cast(op_arch_perfmon_spec.num_counters) = num_counters; ++ const_cast(op_arch_perfmon_spec.num_controls) = num_counters; + pax_close_kernel(); } @@ -37808,7 +37832,7 @@ index 9770e55..76067ec 100644 } EXPORT_SYMBOL(pcibios_set_irq_routing); diff --git a/arch/x86/pci/vmd.c b/arch/x86/pci/vmd.c -index d57e480..20eb97a 100644 +index d57e480..fc4db30 100644 --- a/arch/x86/pci/vmd.c +++ b/arch/x86/pci/vmd.c @@ -374,7 +374,7 @@ static void vmd_teardown_dma_ops(struct vmd_dev *vmd) @@ -37816,7 +37840,7 @@ index d57e480..20eb97a 100644 do { \ if (source->fn) \ - dest->fn = vmd_##fn; \ -+ *(void **)&dest->fn = vmd_##fn; \ ++ const_cast(dest->fn) = vmd_##fn; \ } while (0) static void vmd_setup_dma_ops(struct vmd_dev *vmd) @@ -38238,20 +38262,6 @@ index 0b7a63d..dff2199 100644 trampoline_pgd[511] = init_level4_pgt[511].pgd; #endif } -diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile -index 3e75fcf..4cfefb8 100644 ---- a/arch/x86/realmode/rm/Makefile -+++ b/arch/x86/realmode/rm/Makefile -@@ -68,6 +68,9 @@ $(obj)/realmode.relocs: $(obj)/realmode.elf FORCE - - KBUILD_CFLAGS := $(LINUXINCLUDE) $(REALMODE_CFLAGS) -D_SETUP -D_WAKEUP \ - -I$(srctree)/arch/x86/boot -+ifdef CONSTIFY_PLUGIN -+KBUILD_CFLAGS += -fplugin-arg-constify_plugin-no-constify -+endif - KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ - GCOV_PROFILE := n - UBSAN_SANITIZE := n diff --git a/arch/x86/realmode/rm/header.S b/arch/x86/realmode/rm/header.S index a28221d..93c40f1 100644 --- a/arch/x86/realmode/rm/header.S @@ -39659,7 +39669,7 @@ index b719ab3..371e2a6 100644 enum acpi_battery_files { info_tag = 0, diff --git a/drivers/acpi/bgrt.c b/drivers/acpi/bgrt.c -index a83e3c6..c3d617f 100644 +index a83e3c6..7f4a90b 100644 --- a/drivers/acpi/bgrt.c +++ b/drivers/acpi/bgrt.c @@ -86,8 +86,10 @@ static int __init bgrt_init(void) @@ -39669,8 +39679,8 @@ index a83e3c6..c3d617f 100644 - bin_attr_image.private = bgrt_image; - bin_attr_image.size = bgrt_image_size; + pax_open_kernel(); -+ *(void **)&bin_attr_image.private = bgrt_image; -+ *(size_t *)&bin_attr_image.size = bgrt_image_size; ++ const_cast(bin_attr_image.private) = bgrt_image; ++ const_cast(bin_attr_image.size) = bgrt_image_size; + pax_close_kernel(); bgrt_kobj = kobject_create_and_add("bgrt", acpi_kobj); @@ -39966,7 +39976,7 @@ index 7d00b7a..d5fd80d 100644 int ret; diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 55e257c..28b9a25 100644 +index 55e257c..554c697 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -103,7 +103,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev); @@ -40009,7 +40019,7 @@ index 55e257c..28b9a25 100644 *pp = NULL; - ops->inherits = NULL; -+ *(struct ata_port_operations **)&ops->inherits = NULL; ++ const_cast(ops->inherits) = NULL; + pax_close_kernel(); spin_unlock(&lock); @@ -40051,7 +40061,7 @@ index f840ca1..edd6ef3 100644 extern int libata_fua; extern int libata_noacpi; diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c -index 80fe0f6..8c0fa3f 100644 +index 80fe0f6..d95a192 100644 --- a/drivers/ata/pata_arasan_cf.c +++ b/drivers/ata/pata_arasan_cf.c @@ -864,7 +864,9 @@ static int arasan_cf_probe(struct platform_device *pdev) @@ -40060,7 +40070,7 @@ index 80fe0f6..8c0fa3f 100644 if (quirk & CF_BROKEN_PIO) { - ap->ops->set_piomode = NULL; + pax_open_kernel(); -+ *(void **)&ap->ops->set_piomode = NULL; ++ const_cast(ap->ops->set_piomode) = NULL; + pax_close_kernel(); ap->pio_mask = 0; } @@ -41138,7 +41148,7 @@ index 560751b..3a4847a 100644 static ssize_t show_node_state(struct device *dev, struct device_attribute *attr, char *buf) diff --git a/drivers/base/platform-msi.c b/drivers/base/platform-msi.c -index 279e539..b87ed03 100644 +index 279e539..4c9d7fb 100644 --- a/drivers/base/platform-msi.c +++ b/drivers/base/platform-msi.c @@ -24,6 +24,8 @@ @@ -41157,10 +41167,10 @@ index 279e539..b87ed03 100644 + pax_open_kernel(); if (ops->msi_init == NULL) - ops->msi_init = platform_msi_init; -+ *(void **)&ops->msi_init = platform_msi_init; ++ const_cast(ops->msi_init) = platform_msi_init; if (ops->set_desc == NULL) - ops->set_desc = platform_msi_set_desc; -+ *(void **)&ops->set_desc = platform_msi_set_desc; ++ const_cast(ops->set_desc) = platform_msi_set_desc; + pax_close_kernel(); } @@ -41172,25 +41182,25 @@ index 279e539..b87ed03 100644 + pax_open_kernel(); if (!chip->irq_mask) - chip->irq_mask = irq_chip_mask_parent; -+ *(void **)&chip->irq_mask = irq_chip_mask_parent; ++ const_cast(chip->irq_mask) = irq_chip_mask_parent; if (!chip->irq_unmask) - chip->irq_unmask = irq_chip_unmask_parent; -+ *(void **)&chip->irq_unmask = irq_chip_unmask_parent; ++ const_cast(chip->irq_unmask) = irq_chip_unmask_parent; if (!chip->irq_eoi) - chip->irq_eoi = irq_chip_eoi_parent; -+ *(void **)&chip->irq_eoi = irq_chip_eoi_parent; ++ const_cast(chip->irq_eoi) = irq_chip_eoi_parent; if (!chip->irq_set_affinity) - chip->irq_set_affinity = msi_domain_set_affinity; -+ *(void **)&chip->irq_set_affinity = msi_domain_set_affinity; ++ const_cast(chip->irq_set_affinity) = msi_domain_set_affinity; if (!chip->irq_write_msi_msg) - chip->irq_write_msi_msg = platform_msi_write_msg; -+ *(void **)&chip->irq_write_msi_msg = platform_msi_write_msg; ++ const_cast(chip->irq_write_msi_msg) = platform_msi_write_msg; + pax_close_kernel(); } static void platform_msi_free_descs(struct device *dev, int base, int nvec) diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c -index 0caf92a..cff4879 100644 +index 0caf92a..62c184c 100644 --- a/drivers/base/power/domain.c +++ b/drivers/base/power/domain.c @@ -1804,8 +1804,10 @@ int genpd_dev_pm_attach(struct device *dev) @@ -41200,8 +41210,8 @@ index 0caf92a..cff4879 100644 - dev->pm_domain->detach = genpd_dev_pm_detach; - dev->pm_domain->sync = genpd_dev_pm_sync; + pax_open_kernel(); -+ *(void **)&dev->pm_domain->detach = genpd_dev_pm_detach; -+ *(void **)&dev->pm_domain->sync = genpd_dev_pm_sync; ++ const_cast(dev->pm_domain->detach) = genpd_dev_pm_detach; ++ const_cast(dev->pm_domain->sync) = genpd_dev_pm_sync; + pax_close_kernel(); mutex_lock(&pd->lock); @@ -42349,7 +42359,7 @@ index 24a652f..2dffae6 100644 int err; diff --git a/drivers/bus/arm-cci.c b/drivers/bus/arm-cci.c -index 577cc4b..bfe0c2d 100644 +index 577cc4b..129a13e 100644 --- a/drivers/bus/arm-cci.c +++ b/drivers/bus/arm-cci.c @@ -1249,16 +1249,22 @@ static int cci_pmu_init_attrs(struct cci_pmu *cci_pmu, struct platform_device *p @@ -42358,7 +42368,7 @@ index 577cc4b..bfe0c2d 100644 return -ENOMEM; - pmu_event_attr_group.attrs = attrs; + pax_open_kernel(); -+ *(struct attribute ***)&pmu_event_attr_group.attrs = attrs; ++ const_cast(pmu_event_attr_group.attrs) = attrs; + pax_close_kernel(); } if (model->nformat_attrs) { @@ -42368,18 +42378,18 @@ index 577cc4b..bfe0c2d 100644 return -ENOMEM; - pmu_format_attr_group.attrs = attrs; + pax_open_kernel(); -+ *(struct attribute ***)&pmu_format_attr_group.attrs = attrs; ++ const_cast(pmu_format_attr_group.attrs) = attrs; + pax_close_kernel(); } - pmu_cpumask_attr.var = cci_pmu; + pax_open_kernel(); -+ *(void **)&pmu_cpumask_attr.var = cci_pmu; ++ const_cast(pmu_cpumask_attr.var) = cci_pmu; + pax_close_kernel(); return 0; } diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c -index 1b257ea..ea76b22 100644 +index 1b257ea..2280898 100644 --- a/drivers/cdrom/cdrom.c +++ b/drivers/cdrom/cdrom.c @@ -610,7 +610,6 @@ int register_cdrom(struct cdrom_device_info *cdi) @@ -42398,7 +42408,7 @@ index 1b257ea..ea76b22 100644 - cdo->generic_packet = cdrom_dummy_generic_packet; + if (!cdo->generic_packet) { + pax_open_kernel(); -+ *(void **)&cdo->generic_packet = cdrom_dummy_generic_packet; ++ const_cast(cdo->generic_packet) = cdrom_dummy_generic_packet; + pax_close_kernel(); + } @@ -43150,7 +43160,7 @@ index aa872d2..afeae37 100644 /** * struct samsung_clk_reg_dump: register dump of clock controller registers. diff --git a/drivers/clk/socfpga/clk-gate.c b/drivers/clk/socfpga/clk-gate.c -index aa7a6e6..e67210d 100644 +index aa7a6e6..1e9b426 100644 --- a/drivers/clk/socfpga/clk-gate.c +++ b/drivers/clk/socfpga/clk-gate.c @@ -21,6 +21,7 @@ @@ -43177,14 +43187,14 @@ index aa7a6e6..e67210d 100644 - gateclk_ops.enable = clk_gate_ops.enable; - gateclk_ops.disable = clk_gate_ops.disable; + pax_open_kernel(); -+ *(void **)&gateclk_ops.enable = clk_gate_ops.enable; -+ *(void **)&gateclk_ops.disable = clk_gate_ops.disable; ++ const_cast(gateclk_ops.enable) = clk_gate_ops.enable; ++ const_cast(gateclk_ops.disable) = clk_gate_ops.disable; + pax_close_kernel(); } rc = of_property_read_u32(node, "fixed-divider", &fixed_div); diff --git a/drivers/clk/socfpga/clk-pll.c b/drivers/clk/socfpga/clk-pll.c -index c7f4631..463813a 100644 +index c7f4631..8d1b7d0 100644 --- a/drivers/clk/socfpga/clk-pll.c +++ b/drivers/clk/socfpga/clk-pll.c @@ -20,6 +20,7 @@ @@ -43211,14 +43221,14 @@ index c7f4631..463813a 100644 - clk_pll_ops.enable = clk_gate_ops.enable; - clk_pll_ops.disable = clk_gate_ops.disable; + pax_open_kernel(); -+ *(void **)&clk_pll_ops.enable = clk_gate_ops.enable; -+ *(void **)&clk_pll_ops.disable = clk_gate_ops.disable; ++ const_cast(clk_pll_ops.enable) = clk_gate_ops.enable; ++ const_cast(clk_pll_ops.disable) = clk_gate_ops.disable; + pax_close_kernel(); clk = clk_register(NULL, &pll_clk->hw.hw); if (WARN_ON(IS_ERR(clk))) { diff --git a/drivers/clk/ti/clk.c b/drivers/clk/ti/clk.c -index b5bcd77..0f7bd99 100644 +index b5bcd77..fc230cb 100644 --- a/drivers/clk/ti/clk.c +++ b/drivers/clk/ti/clk.c @@ -25,6 +25,8 @@ @@ -43237,14 +43247,14 @@ index b5bcd77..0f7bd99 100644 - ops->clk_readl = clk_memmap_readl; - ops->clk_writel = clk_memmap_writel; + pax_open_kernel(); -+ *(void **)&ops->clk_readl = clk_memmap_readl; -+ *(void **)&ops->clk_writel = clk_memmap_writel; ++ const_cast(ops->clk_readl) = clk_memmap_readl; ++ const_cast(ops->clk_writel) = clk_memmap_writel; + pax_close_kernel(); return 0; } diff --git a/drivers/cpufreq/acpi-cpufreq.c b/drivers/cpufreq/acpi-cpufreq.c -index 51eef87..d944fa7 100644 +index 51eef87..f530cf9 100644 --- a/drivers/cpufreq/acpi-cpufreq.c +++ b/drivers/cpufreq/acpi-cpufreq.c @@ -682,8 +682,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) @@ -43255,7 +43265,7 @@ index 51eef87..d944fa7 100644 - acpi_cpufreq_driver.flags |= CPUFREQ_CONST_LOOPS; + if (cpu_has(c, X86_FEATURE_CONSTANT_TSC)) { + pax_open_kernel(); -+ *(u8 *)&acpi_cpufreq_driver.flags |= CPUFREQ_CONST_LOOPS; ++ const_cast(acpi_cpufreq_driver.flags) |= CPUFREQ_CONST_LOOPS; + pax_close_kernel(); + } @@ -43267,7 +43277,7 @@ index 51eef87..d944fa7 100644 case ACPI_ADR_SPACE_FIXED_HARDWARE: - acpi_cpufreq_driver.get = get_cur_freq_on_cpu; + pax_open_kernel(); -+ *(void **)&acpi_cpufreq_driver.get = get_cur_freq_on_cpu; ++ const_cast(acpi_cpufreq_driver.get) = get_cur_freq_on_cpu; + pax_close_kernel(); break; default: @@ -43279,14 +43289,14 @@ index 51eef87..d944fa7 100644 - acpi_cpufreq_driver.set_boost = set_boost; - acpi_cpufreq_driver.boost_enabled = boost_state(0); + pax_open_kernel(); -+ *(void **)&acpi_cpufreq_driver.set_boost = set_boost; -+ *(bool *)&acpi_cpufreq_driver.boost_enabled = boost_state(0); ++ const_cast(acpi_cpufreq_driver.set_boost) = set_boost; ++ const_cast(acpi_cpufreq_driver.boost_enabled) = boost_state(0); + pax_close_kernel(); cpu_notifier_register_begin(); diff --git a/drivers/cpufreq/cpufreq-dt.c b/drivers/cpufreq/cpufreq-dt.c -index 0ca74d0..15705fb 100644 +index 0ca74d0..1a0d302 100644 --- a/drivers/cpufreq/cpufreq-dt.c +++ b/drivers/cpufreq/cpufreq-dt.c @@ -461,7 +461,9 @@ static int dt_cpufreq_probe(struct platform_device *pdev) @@ -43295,13 +43305,13 @@ index 0ca74d0..15705fb 100644 - dt_cpufreq_driver.driver_data = dev_get_platdata(&pdev->dev); + pax_open_kernel(); -+ *(void **)&dt_cpufreq_driver.driver_data = dev_get_platdata(&pdev->dev); ++ const_cast(dt_cpufreq_driver.driver_data) = dev_get_platdata(&pdev->dev); + pax_close_kernel(); ret = cpufreq_register_driver(&dt_cpufreq_driver); if (ret) diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c -index e979ec7..a024e16 100644 +index e979ec7..a76375c 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c @@ -474,12 +474,12 @@ EXPORT_SYMBOL_GPL(cpufreq_freq_transition_end); @@ -43343,7 +43353,7 @@ index e979ec7..a024e16 100644 write_lock_irqsave(&cpufreq_driver_lock, flags); - cpufreq_driver->boost_enabled = state; + pax_open_kernel(); -+ *(bool *)&cpufreq_driver->boost_enabled = state; ++ const_cast(cpufreq_driver->boost_enabled) = state; + pax_close_kernel(); write_unlock_irqrestore(&cpufreq_driver_lock, flags); @@ -43352,7 +43362,7 @@ index e979ec7..a024e16 100644 write_lock_irqsave(&cpufreq_driver_lock, flags); - cpufreq_driver->boost_enabled = !state; + pax_open_kernel(); -+ *(bool *)&cpufreq_driver->boost_enabled = !state; ++ const_cast(cpufreq_driver->boost_enabled) = !state; + pax_close_kernel(); write_unlock_irqrestore(&cpufreq_driver_lock, flags); @@ -43363,7 +43373,7 @@ index e979ec7..a024e16 100644 - cpufreq_driver->set_boost = cpufreq_boost_set_sw; + pax_open_kernel(); -+ *(void **)&cpufreq_driver->set_boost = cpufreq_boost_set_sw; ++ const_cast(cpufreq_driver->set_boost) = cpufreq_boost_set_sw; + pax_close_kernel(); /* This will get removed on driver unregister */ @@ -43376,7 +43386,7 @@ index e979ec7..a024e16 100644 - driver_data->flags |= CPUFREQ_CONST_LOOPS; + if (driver_data->setpolicy) { + pax_open_kernel(); -+ *(u8 *)&driver_data->flags |= CPUFREQ_CONST_LOOPS; ++ const_cast(driver_data->flags) |= CPUFREQ_CONST_LOOPS; + pax_close_kernel(); + } @@ -43445,7 +43455,7 @@ index 91e767a0..3b40724 100644 struct dbs_data *dbs_data = _gov##_dbs_cdata.gdbs_data; \ return sprintf(buf, "%u\n", dbs_data->min_sampling_rate); \ diff --git a/drivers/cpufreq/cpufreq_ondemand.c b/drivers/cpufreq/cpufreq_ondemand.c -index eae5107..26e7a39 100644 +index eae5107..3dd6408 100644 --- a/drivers/cpufreq/cpufreq_ondemand.c +++ b/drivers/cpufreq/cpufreq_ondemand.c @@ -534,7 +534,7 @@ static void od_exit(struct dbs_data *dbs_data, bool notify) @@ -43463,7 +43473,7 @@ index eae5107..26e7a39 100644 { - od_ops.powersave_bias_target = f; + pax_open_kernel(); -+ *(void **)&od_ops.powersave_bias_target = f; ++ const_cast(od_ops.powersave_bias_target) = f; + pax_close_kernel(); od_set_powersave_bias(powersave_bias); } @@ -43473,7 +43483,7 @@ index eae5107..26e7a39 100644 { - od_ops.powersave_bias_target = generic_powersave_bias_target; + pax_open_kernel(); -+ *(void **)&od_ops.powersave_bias_target = generic_powersave_bias_target; ++ const_cast(od_ops.powersave_bias_target) = generic_powersave_bias_target; + pax_close_kernel(); od_set_powersave_bias(0); } @@ -43634,7 +43644,7 @@ index e895123..05de99b 100644 #if IS_ENABLED(CONFIG_ACPI) diff --git a/drivers/cpufreq/p4-clockmod.c b/drivers/cpufreq/p4-clockmod.c -index 5dd95da..abc3837 100644 +index 5dd95da..ac41e5e 100644 --- a/drivers/cpufreq/p4-clockmod.c +++ b/drivers/cpufreq/p4-clockmod.c @@ -134,10 +134,14 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c) @@ -43643,13 +43653,13 @@ index 5dd95da..abc3837 100644 case 0x1C: /* Atom */ - p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS; + pax_open_kernel(); -+ *(u8 *)&p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS; ++ const_cast(p4clockmod_driver.flags) |= CPUFREQ_CONST_LOOPS; + pax_close_kernel(); return speedstep_get_frequency(SPEEDSTEP_CPU_PCORE); case 0x0D: /* Pentium M (Dothan) */ - p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS; + pax_open_kernel(); -+ *(u8 *)&p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS; ++ const_cast(p4clockmod_driver.flags) |= CPUFREQ_CONST_LOOPS; + pax_close_kernel(); /* fall through */ case 0x09: /* Pentium M (Banias) */ @@ -43660,7 +43670,7 @@ index 5dd95da..abc3837 100644 * throttling is active or not. */ - p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS; + pax_open_kernel(); -+ *(u8 *)&p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS; ++ const_cast(p4clockmod_driver.flags) |= CPUFREQ_CONST_LOOPS; + pax_close_kernel(); if (speedstep_detect_processor() == SPEEDSTEP_CPU_P4M) { @@ -43776,7 +43786,7 @@ index 9bb42ba..b01b4a2 100644 MODULE_AUTHOR("David S. Miller <davem@redhat.com>"); diff --git a/drivers/cpufreq/speedstep-centrino.c b/drivers/cpufreq/speedstep-centrino.c -index 7d4a315..21bb886 100644 +index 7d4a315..ce41fb3 100644 --- a/drivers/cpufreq/speedstep-centrino.c +++ b/drivers/cpufreq/speedstep-centrino.c @@ -351,8 +351,11 @@ static int centrino_cpu_init(struct cpufreq_policy *policy) @@ -43787,7 +43797,7 @@ index 7d4a315..21bb886 100644 - centrino_driver.flags |= CPUFREQ_CONST_LOOPS; + if (cpu_has(cpu, X86_FEATURE_CONSTANT_TSC)) { + pax_open_kernel(); -+ *(u8 *)¢rino_driver.flags |= CPUFREQ_CONST_LOOPS; ++ const_cast(centrino_driver.flags) |= CPUFREQ_CONST_LOOPS; + pax_close_kernel(); + } @@ -44575,7 +44585,7 @@ index 94a58a0..5b8dd03 100644 }; diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c -index 88bebe1..c7b636f 100644 +index 88bebe1..e599fad 100644 --- a/drivers/firmware/dmi_scan.c +++ b/drivers/firmware/dmi_scan.c @@ -712,14 +712,18 @@ static int __init dmi_init(void) @@ -44585,8 +44595,8 @@ index 88bebe1..c7b636f 100644 - bin_attr_smbios_entry_point.size = smbios_entry_point_size; - bin_attr_smbios_entry_point.private = smbios_entry_point; + pax_open_kernel(); -+ *(size_t *)&bin_attr_smbios_entry_point.size = smbios_entry_point_size; -+ *(void **)&bin_attr_smbios_entry_point.private = smbios_entry_point; ++ const_cast(bin_attr_smbios_entry_point.size) = smbios_entry_point_size; ++ const_cast(bin_attr_smbios_entry_point.private) = smbios_entry_point; + pax_close_kernel(); ret = sysfs_create_bin_file(tables_kobj, &bin_attr_smbios_entry_point); if (ret) @@ -44595,8 +44605,8 @@ index 88bebe1..c7b636f 100644 - bin_attr_DMI.size = dmi_len; - bin_attr_DMI.private = dmi_table; + pax_open_kernel(); -+ *(size_t *)&bin_attr_DMI.size = dmi_len; -+ *(void **)&bin_attr_DMI.private = dmi_table; ++ const_cast(bin_attr_DMI.size) = dmi_len; ++ const_cast(bin_attr_DMI.private) = dmi_table; + pax_close_kernel(); ret = sysfs_create_bin_file(tables_kobj, &bin_attr_DMI); if (!ret) @@ -44623,7 +44633,7 @@ index d425374..1da1716 100644 EXPORT_SYMBOL_GPL(cper_next_record_id); diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c -index c51f3b2..d1cc54e 100644 +index c51f3b2..54523fd 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c @@ -176,15 +176,17 @@ static struct attribute_group efi_subsys_attr_group = { @@ -44641,11 +44651,11 @@ index c51f3b2..d1cc54e 100644 - generic_ops.get_next_variable = efi.get_next_variable; - generic_ops.query_variable_store = efi_query_variable_store; + pax_open_kernel(); -+ *(void **)&generic_ops.get_variable = efi.get_variable; -+ *(void **)&generic_ops.set_variable = efi.set_variable; -+ *(void **)&generic_ops.set_variable_nonblocking = efi.set_variable_nonblocking; -+ *(void **)&generic_ops.get_next_variable = efi.get_next_variable; -+ *(void **)&generic_ops.query_variable_store = efi_query_variable_store; ++ const_cast(generic_ops.get_variable) = efi.get_variable; ++ const_cast(generic_ops.set_variable) = efi.set_variable; ++ const_cast(generic_ops.set_variable_nonblocking) = efi.set_variable_nonblocking; ++ const_cast(generic_ops.get_next_variable) = efi.get_next_variable; ++ const_cast(generic_ops.query_variable_store) = efi_query_variable_store; + pax_close_kernel(); return efivars_register(&generic_efivars, &generic_ops, efi_kobj); @@ -44690,7 +44700,7 @@ index f1ab05e..ab51228 100644 .ident = "Google Board", .matches = { diff --git a/drivers/firmware/google/memconsole.c b/drivers/firmware/google/memconsole.c -index 2f569aa..26e4f39 100644 +index 2f569aa..3af5497 100644 --- a/drivers/firmware/google/memconsole.c +++ b/drivers/firmware/google/memconsole.c @@ -136,7 +136,7 @@ static bool __init found_memconsole(void) @@ -44708,7 +44718,7 @@ index 2f569aa..26e4f39 100644 - memconsole_bin_attr.size = memconsole_length; + pax_open_kernel(); -+ *(size_t *)&memconsole_bin_attr.size = memconsole_length; ++ const_cast(memconsole_bin_attr.size) = memconsole_length; + pax_close_kernel(); + return sysfs_create_bin_file(firmware_kobj, &memconsole_bin_attr); @@ -44840,7 +44850,7 @@ index ac8deb0..f3caa10 100644 return -EINVAL; } diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c -index 5c1ba87..ab4a059 100644 +index 5c1ba87..f711915 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -669,8 +669,10 @@ static void gpiochip_irqchip_remove(struct gpio_chip *gpiochip) @@ -44850,8 +44860,8 @@ index 5c1ba87..ab4a059 100644 - gpiochip->irqchip->irq_request_resources = NULL; - gpiochip->irqchip->irq_release_resources = NULL; + pax_open_kernel(); -+ *(void **)&gpiochip->irqchip->irq_request_resources = NULL; -+ *(void **)&gpiochip->irqchip->irq_release_resources = NULL; ++ const_cast(gpiochip->irqchip->irq_request_resources) = NULL; ++ const_cast(gpiochip->irqchip->irq_release_resources) = NULL; + pax_close_kernel(); gpiochip->irqchip = NULL; } @@ -44863,8 +44873,8 @@ index 5c1ba87..ab4a059 100644 - irqchip->irq_request_resources = gpiochip_irq_reqres; - irqchip->irq_release_resources = gpiochip_irq_relres; + pax_open_kernel(); -+ *(void **)&irqchip->irq_request_resources = gpiochip_irq_reqres; -+ *(void **)&irqchip->irq_release_resources = gpiochip_irq_relres; ++ const_cast(irqchip->irq_request_resources) = gpiochip_irq_reqres; ++ const_cast(irqchip->irq_release_resources) = gpiochip_irq_relres; + pax_close_kernel(); } @@ -45050,7 +45060,7 @@ index 51bfc11..4d4112a 100644 static const struct vga_switcheroo_client_ops amdgpu_switcheroo_ops = { diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c -index 9ef1db8..bfd5d78 100644 +index 9ef1db8..5eec19b 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c @@ -495,7 +495,7 @@ static struct drm_driver kms_driver = { @@ -45082,7 +45092,7 @@ index 9ef1db8..bfd5d78 100644 - driver->num_ioctls = amdgpu_max_kms_ioctl; + + pax_open_kernel(); -+ *(int *)&kms_driver.num_ioctls = amdgpu_max_kms_ioctl; ++ const_cast(kms_driver.num_ioctls) = amdgpu_max_kms_ioctl; + pax_close_kernel(); + amdgpu_register_atpx_handler(); @@ -46288,7 +46298,7 @@ index d918567..6cfd904 100644 /** * Determine if the device really is AGP or not. diff --git a/drivers/gpu/drm/i810/i810_drv.c b/drivers/gpu/drm/i810/i810_drv.c -index 44f4a13..0063c1b 100644 +index 44f4a13..af9f6f5 100644 --- a/drivers/gpu/drm/i810/i810_drv.c +++ b/drivers/gpu/drm/i810/i810_drv.c @@ -87,7 +87,11 @@ static int __init i810_init(void) @@ -46298,7 +46308,7 @@ index 44f4a13..0063c1b 100644 - driver.num_ioctls = i810_max_ioctl; + + pax_open_kernel(); -+ *(int *)&driver.num_ioctls = i810_max_ioctl; ++ const_cast(driver.num_ioctls) = i810_max_ioctl; + pax_close_kernel(); + return drm_pci_init(&driver, &i810_pci_driver); @@ -46547,7 +46557,7 @@ index 97f3a56..32c712e 100644 ret = drm_ioctl(filp, cmd, arg); diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index fa8afa7..0bac957 100644 +index fa8afa7..7375300 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c @@ -4490,14 +4490,15 @@ void intel_irq_init(struct drm_i915_private *dev_priv) @@ -46558,14 +46568,14 @@ index fa8afa7..0bac957 100644 if (IS_GEN2(dev_priv)) { dev->max_vblank_count = 0; - dev->driver->get_vblank_counter = i8xx_get_vblank_counter; -+ *(void **)&dev->driver->get_vblank_counter = i8xx_get_vblank_counter; ++ const_cast(dev->driver->get_vblank_counter) = i8xx_get_vblank_counter; } else if (IS_G4X(dev_priv) || INTEL_INFO(dev_priv)->gen >= 5) { dev->max_vblank_count = 0xffffffff; /* full 32 bit counter */ - dev->driver->get_vblank_counter = g4x_get_vblank_counter; -+ *(void **)&dev->driver->get_vblank_counter = g4x_get_vblank_counter; ++ const_cast(dev->driver->get_vblank_counter) = g4x_get_vblank_counter; } else { - dev->driver->get_vblank_counter = i915_get_vblank_counter; -+ *(void **)&dev->driver->get_vblank_counter = i915_get_vblank_counter; ++ const_cast(dev->driver->get_vblank_counter) = i915_get_vblank_counter; dev->max_vblank_count = 0xffffff; /* only 24 bits of frame count */ } @@ -46575,8 +46585,8 @@ index fa8afa7..0bac957 100644 - dev->driver->get_vblank_timestamp = i915_get_vblank_timestamp; - dev->driver->get_scanout_position = i915_get_crtc_scanoutpos; -+ *(void **)&dev->driver->get_vblank_timestamp = i915_get_vblank_timestamp; -+ *(void **)&dev->driver->get_scanout_position = i915_get_crtc_scanoutpos; ++ const_cast(dev->driver->get_vblank_timestamp) = i915_get_vblank_timestamp; ++ const_cast(dev->driver->get_scanout_position) = i915_get_crtc_scanoutpos; if (IS_CHERRYVIEW(dev_priv)) { - dev->driver->irq_handler = cherryview_irq_handler; @@ -46585,12 +46595,12 @@ index fa8afa7..0bac957 100644 - dev->driver->irq_uninstall = cherryview_irq_uninstall; - dev->driver->enable_vblank = valleyview_enable_vblank; - dev->driver->disable_vblank = valleyview_disable_vblank; -+ *(void **)&dev->driver->irq_handler = cherryview_irq_handler; -+ *(void **)&dev->driver->irq_preinstall = cherryview_irq_preinstall; -+ *(void **)&dev->driver->irq_postinstall = cherryview_irq_postinstall; -+ *(void **)&dev->driver->irq_uninstall = cherryview_irq_uninstall; -+ *(void **)&dev->driver->enable_vblank = valleyview_enable_vblank; -+ *(void **)&dev->driver->disable_vblank = valleyview_disable_vblank; ++ const_cast(dev->driver->irq_handler) = cherryview_irq_handler; ++ const_cast(dev->driver->irq_preinstall) = cherryview_irq_preinstall; ++ const_cast(dev->driver->irq_postinstall) = cherryview_irq_postinstall; ++ const_cast(dev->driver->irq_uninstall) = cherryview_irq_uninstall; ++ const_cast(dev->driver->enable_vblank) = valleyview_enable_vblank; ++ const_cast(dev->driver->disable_vblank) = valleyview_disable_vblank; dev_priv->display.hpd_irq_setup = i915_hpd_irq_setup; } else if (IS_VALLEYVIEW(dev_priv)) { - dev->driver->irq_handler = valleyview_irq_handler; @@ -46599,12 +46609,12 @@ index fa8afa7..0bac957 100644 - dev->driver->irq_uninstall = valleyview_irq_uninstall; - dev->driver->enable_vblank = valleyview_enable_vblank; - dev->driver->disable_vblank = valleyview_disable_vblank; -+ *(void **)&dev->driver->irq_handler = valleyview_irq_handler; -+ *(void **)&dev->driver->irq_preinstall = valleyview_irq_preinstall; -+ *(void **)&dev->driver->irq_postinstall = valleyview_irq_postinstall; -+ *(void **)&dev->driver->irq_uninstall = valleyview_irq_uninstall; -+ *(void **)&dev->driver->enable_vblank = valleyview_enable_vblank; -+ *(void **)&dev->driver->disable_vblank = valleyview_disable_vblank; ++ const_cast(dev->driver->irq_handler) = valleyview_irq_handler; ++ const_cast(dev->driver->irq_preinstall) = valleyview_irq_preinstall; ++ const_cast(dev->driver->irq_postinstall) = valleyview_irq_postinstall; ++ const_cast(dev->driver->irq_uninstall) = valleyview_irq_uninstall; ++ const_cast(dev->driver->enable_vblank) = valleyview_enable_vblank; ++ const_cast(dev->driver->disable_vblank) = valleyview_disable_vblank; dev_priv->display.hpd_irq_setup = i915_hpd_irq_setup; } else if (INTEL_INFO(dev_priv)->gen >= 8) { - dev->driver->irq_handler = gen8_irq_handler; @@ -46613,12 +46623,12 @@ index fa8afa7..0bac957 100644 - dev->driver->irq_uninstall = gen8_irq_uninstall; - dev->driver->enable_vblank = gen8_enable_vblank; - dev->driver->disable_vblank = gen8_disable_vblank; -+ *(void **)&dev->driver->irq_handler = gen8_irq_handler; -+ *(void **)&dev->driver->irq_preinstall = gen8_irq_reset; -+ *(void **)&dev->driver->irq_postinstall = gen8_irq_postinstall; -+ *(void **)&dev->driver->irq_uninstall = gen8_irq_uninstall; -+ *(void **)&dev->driver->enable_vblank = gen8_enable_vblank; -+ *(void **)&dev->driver->disable_vblank = gen8_disable_vblank; ++ const_cast(dev->driver->irq_handler) = gen8_irq_handler; ++ const_cast(dev->driver->irq_preinstall) = gen8_irq_reset; ++ const_cast(dev->driver->irq_postinstall) = gen8_irq_postinstall; ++ const_cast(dev->driver->irq_uninstall) = gen8_irq_uninstall; ++ const_cast(dev->driver->enable_vblank) = gen8_enable_vblank; ++ const_cast(dev->driver->disable_vblank) = gen8_disable_vblank; if (IS_BROXTON(dev)) dev_priv->display.hpd_irq_setup = bxt_hpd_irq_setup; else if (HAS_PCH_SPT(dev)) @@ -46632,12 +46642,12 @@ index fa8afa7..0bac957 100644 - dev->driver->irq_uninstall = ironlake_irq_uninstall; - dev->driver->enable_vblank = ironlake_enable_vblank; - dev->driver->disable_vblank = ironlake_disable_vblank; -+ *(void **)&dev->driver->irq_handler = ironlake_irq_handler; -+ *(void **)&dev->driver->irq_preinstall = ironlake_irq_reset; -+ *(void **)&dev->driver->irq_postinstall = ironlake_irq_postinstall; -+ *(void **)&dev->driver->irq_uninstall = ironlake_irq_uninstall; -+ *(void **)&dev->driver->enable_vblank = ironlake_enable_vblank; -+ *(void **)&dev->driver->disable_vblank = ironlake_disable_vblank; ++ const_cast(dev->driver->irq_handler) = ironlake_irq_handler; ++ const_cast(dev->driver->irq_preinstall) = ironlake_irq_reset; ++ const_cast(dev->driver->irq_postinstall) = ironlake_irq_postinstall; ++ const_cast(dev->driver->irq_uninstall) = ironlake_irq_uninstall; ++ const_cast(dev->driver->enable_vblank) = ironlake_enable_vblank; ++ const_cast(dev->driver->disable_vblank) = ironlake_disable_vblank; dev_priv->display.hpd_irq_setup = ilk_hpd_irq_setup; } else { if (INTEL_INFO(dev_priv)->gen == 2) { @@ -46645,42 +46655,42 @@ index fa8afa7..0bac957 100644 - dev->driver->irq_postinstall = i8xx_irq_postinstall; - dev->driver->irq_handler = i8xx_irq_handler; - dev->driver->irq_uninstall = i8xx_irq_uninstall; -+ *(void **)&dev->driver->irq_preinstall = i8xx_irq_preinstall; -+ *(void **)&dev->driver->irq_postinstall = i8xx_irq_postinstall; -+ *(void **)&dev->driver->irq_handler = i8xx_irq_handler; -+ *(void **)&dev->driver->irq_uninstall = i8xx_irq_uninstall; ++ const_cast(dev->driver->irq_preinstall) = i8xx_irq_preinstall; ++ const_cast(dev->driver->irq_postinstall) = i8xx_irq_postinstall; ++ const_cast(dev->driver->irq_handler) = i8xx_irq_handler; ++ const_cast(dev->driver->irq_uninstall) = i8xx_irq_uninstall; } else if (INTEL_INFO(dev_priv)->gen == 3) { - dev->driver->irq_preinstall = i915_irq_preinstall; - dev->driver->irq_postinstall = i915_irq_postinstall; - dev->driver->irq_uninstall = i915_irq_uninstall; - dev->driver->irq_handler = i915_irq_handler; -+ *(void **)&dev->driver->irq_preinstall = i915_irq_preinstall; -+ *(void **)&dev->driver->irq_postinstall = i915_irq_postinstall; -+ *(void **)&dev->driver->irq_uninstall = i915_irq_uninstall; -+ *(void **)&dev->driver->irq_handler = i915_irq_handler; ++ const_cast(dev->driver->irq_preinstall) = i915_irq_preinstall; ++ const_cast(dev->driver->irq_postinstall) = i915_irq_postinstall; ++ const_cast(dev->driver->irq_uninstall) = i915_irq_uninstall; ++ const_cast(dev->driver->irq_handler) = i915_irq_handler; } else { - dev->driver->irq_preinstall = i965_irq_preinstall; - dev->driver->irq_postinstall = i965_irq_postinstall; - dev->driver->irq_uninstall = i965_irq_uninstall; - dev->driver->irq_handler = i965_irq_handler; -+ *(void **)&dev->driver->irq_preinstall = i965_irq_preinstall; -+ *(void **)&dev->driver->irq_postinstall = i965_irq_postinstall; -+ *(void **)&dev->driver->irq_uninstall = i965_irq_uninstall; -+ *(void **)&dev->driver->irq_handler = i965_irq_handler; ++ const_cast(dev->driver->irq_preinstall) = i965_irq_preinstall; ++ const_cast(dev->driver->irq_postinstall) = i965_irq_postinstall; ++ const_cast(dev->driver->irq_uninstall) = i965_irq_uninstall; ++ const_cast(dev->driver->irq_handler) = i965_irq_handler; } if (I915_HAS_HOTPLUG(dev_priv)) dev_priv->display.hpd_irq_setup = i915_hpd_irq_setup; - dev->driver->enable_vblank = i915_enable_vblank; - dev->driver->disable_vblank = i915_disable_vblank; -+ *(void **)&dev->driver->enable_vblank = i915_enable_vblank; -+ *(void **)&dev->driver->disable_vblank = i915_disable_vblank; ++ const_cast(dev->driver->enable_vblank) = i915_enable_vblank; ++ const_cast(dev->driver->disable_vblank) = i915_disable_vblank; } + pax_close_kernel(); } /** diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 39b00b9..aa9fc8a 100644 +index 39b00b9..244538d 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -15111,13 +15111,13 @@ struct intel_quirk { @@ -46693,8 +46703,9 @@ index 39b00b9..aa9fc8a 100644 /* For systems that don't have a meaningful PCI subdevice/subvendor ID */ struct intel_dmi_quirk { void (*hook)(struct drm_device *dev); - const struct dmi_system_id (*dmi_id_list)[]; +- const struct dmi_system_id (*dmi_id_list)[]; -}; ++ const struct dmi_system_id *dmi_id_list; +} __do_const; static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) @@ -46726,10 +46737,19 @@ index 39b00b9..aa9fc8a 100644 + +static const struct intel_dmi_quirk intel_dmi_quirks[] = { + { -+ .dmi_id_list = &intel_dmi_quirks_table, ++ .dmi_id_list = intel_dmi_quirks_table, .hook = quirk_invert_brightness, }, }; +@@ -15219,7 +15221,7 @@ static void intel_init_quirks(struct drm_device *dev) + q->hook(dev); + } + for (i = 0; i < ARRAY_SIZE(intel_dmi_quirks); i++) { +- if (dmi_check_system(*intel_dmi_quirks[i].dmi_id_list) != 0) ++ if (dmi_check_system(intel_dmi_quirks[i].dmi_id_list) != 0) + intel_dmi_quirks[i].hook(dev); + } + } diff --git a/drivers/gpu/drm/imx/imx-drm-core.c b/drivers/gpu/drm/imx/imx-drm-core.c index 2f57d79..7152e6e 100644 --- a/drivers/gpu/drm/imx/imx-drm-core.c @@ -46744,7 +46764,7 @@ index 2f57d79..7152e6e 100644 imx_drm_crtc = kzalloc(sizeof(*imx_drm_crtc), GFP_KERNEL); diff --git a/drivers/gpu/drm/mga/mga_drv.c b/drivers/gpu/drm/mga/mga_drv.c -index 5e2f131..d227dbc 100644 +index 5e2f131..c134c7c 100644 --- a/drivers/gpu/drm/mga/mga_drv.c +++ b/drivers/gpu/drm/mga/mga_drv.c @@ -92,7 +92,10 @@ static struct pci_driver mga_pci_driver = { @@ -46753,7 +46773,7 @@ index 5e2f131..d227dbc 100644 { - driver.num_ioctls = mga_max_ioctl; + pax_open_kernel(); -+ *(int *)&driver.num_ioctls = mga_max_ioctl; ++ const_cast(driver.num_ioctls) = mga_max_ioctl; + pax_close_kernel(); + return drm_pci_init(&driver, &mga_pci_driver); @@ -47140,7 +47160,7 @@ index fe4c222..48b7b75 100644 omap_irq.o \ omap_debugfs.o \ diff --git a/drivers/gpu/drm/omapdrm/dss/display.c b/drivers/gpu/drm/omapdrm/dss/display.c -index ef5b902..47cf7f5 100644 +index ef5b902..2ae011b 100644 --- a/drivers/gpu/drm/omapdrm/dss/display.c +++ b/drivers/gpu/drm/omapdrm/dss/display.c @@ -161,12 +161,14 @@ int omapdss_register_display(struct omap_dss_device *dssdev) @@ -47150,13 +47170,13 @@ index ef5b902..47cf7f5 100644 + pax_open_kernel(); if (drv && drv->get_resolution == NULL) - drv->get_resolution = omapdss_default_get_resolution; -+ *(void **)&drv->get_resolution = omapdss_default_get_resolution; ++ const_cast(drv->get_resolution) = omapdss_default_get_resolution; if (drv && drv->get_recommended_bpp == NULL) - drv->get_recommended_bpp = omapdss_default_get_recommended_bpp; -+ *(void **)&drv->get_recommended_bpp = omapdss_default_get_recommended_bpp; ++ const_cast(drv->get_recommended_bpp) = omapdss_default_get_recommended_bpp; if (drv && drv->get_timings == NULL) - drv->get_timings = omapdss_default_get_timings; -+ *(void **)&drv->get_timings = omapdss_default_get_timings; ++ const_cast(drv->get_timings) = omapdss_default_get_timings; + pax_close_kernel(); mutex_lock(&panel_list_mutex); @@ -47232,7 +47252,7 @@ index 47e5264..3393741 100644 { struct drm_device *ddev = connector->dev; diff --git a/drivers/gpu/drm/qxl/qxl_drv.c b/drivers/gpu/drm/qxl/qxl_drv.c -index 7307b07..8eecdd0 100644 +index 7307b07..3346540 100644 --- a/drivers/gpu/drm/qxl/qxl_drv.c +++ b/drivers/gpu/drm/qxl/qxl_drv.c @@ -37,7 +37,7 @@ @@ -47251,7 +47271,7 @@ index 7307b07..8eecdd0 100644 - qxl_driver.num_ioctls = qxl_max_ioctls; + + pax_open_kernel(); -+ *(int *)&qxl_driver.num_ioctls = qxl_max_ioctls; ++ const_cast(qxl_driver.num_ioctls) = qxl_max_ioctls; + pax_close_kernel(); + return drm_pci_init(&qxl_driver, &qxl_pci_driver); @@ -47362,7 +47382,7 @@ index 0bf1e20..42a7310 100644 ret = drm_irq_install(qdev->ddev, qdev->ddev->pdev->irq); qdev->ram_header->int_mask = QXL_INTERRUPT_MASK; diff --git a/drivers/gpu/drm/qxl/qxl_ttm.c b/drivers/gpu/drm/qxl/qxl_ttm.c -index 9534127..3fbab8c 100644 +index 9534127..1d17b3f 100644 --- a/drivers/gpu/drm/qxl/qxl_ttm.c +++ b/drivers/gpu/drm/qxl/qxl_ttm.c @@ -103,7 +103,7 @@ static void qxl_ttm_global_fini(struct qxl_device *qdev) @@ -47416,8 +47436,8 @@ index 9534127..3fbab8c 100644 - else - qxl_mem_types_list[i].data = qdev->mman.bdev.man[TTM_PL_PRIV0].priv; + pax_open_kernel(); -+ *(void **)&qxl_mem_types_list[0].data = qdev->mman.bdev.man[TTM_PL_VRAM].priv; -+ *(void **)&qxl_mem_types_list[1].data = qdev->mman.bdev.man[TTM_PL_PRIV0].priv; ++ const_cast(qxl_mem_types_list[0].data) = qdev->mman.bdev.man[TTM_PL_VRAM].priv; ++ const_cast(qxl_mem_types_list[1].data) = qdev->mman.bdev.man[TTM_PL_PRIV0].priv; + pax_close_kernel(); - } @@ -47440,7 +47460,7 @@ index 14fd83b5f..b2acbd19 100644 /* We don't support anything other than bus-mastering ring mode, * but the ring can be in either AGP or PCI space for the ring diff --git a/drivers/gpu/drm/r128/r128_drv.c b/drivers/gpu/drm/r128/r128_drv.c -index c57b4de..2614d79 100644 +index c57b4de..1a875fb 100644 --- a/drivers/gpu/drm/r128/r128_drv.c +++ b/drivers/gpu/drm/r128/r128_drv.c @@ -94,7 +94,9 @@ static struct pci_driver r128_pci_driver = { @@ -47449,7 +47469,7 @@ index c57b4de..2614d79 100644 { - driver.num_ioctls = r128_max_ioctl; + pax_open_kernel(); -+ *(int *)&driver.num_ioctls = r128_max_ioctl; ++ const_cast(driver.num_ioctls) = r128_max_ioctl; + pax_close_kernel(); return drm_pci_init(&driver, &r128_pci_driver); @@ -47659,7 +47679,7 @@ index 4197ca1..f07709e 100644 static const struct vga_switcheroo_client_ops radeon_switcheroo_ops = { diff --git a/drivers/gpu/drm/radeon/radeon_drv.c b/drivers/gpu/drm/radeon/radeon_drv.c -index e266ffc..0392d08 100644 +index e266ffc..e510e3f 100644 --- a/drivers/gpu/drm/radeon/radeon_drv.c +++ b/drivers/gpu/drm/radeon/radeon_drv.c @@ -130,7 +130,7 @@ extern int radeon_get_crtc_scanoutpos(struct drm_device *dev, unsigned int crtc, @@ -47688,7 +47708,7 @@ index e266ffc..0392d08 100644 - driver->num_ioctls = radeon_max_kms_ioctl; + + pax_open_kernel(); -+ *(int *)&driver->num_ioctls = radeon_max_kms_ioctl; ++ const_cast(driver->num_ioctls) = radeon_max_kms_ioctl; + pax_close_kernel(); + radeon_register_atpx_handler(); @@ -47808,7 +47828,7 @@ index d47dff9..0752202 100644 -int savage_max_ioctl = ARRAY_SIZE(savage_ioctls); +const int savage_max_ioctl = ARRAY_SIZE(savage_ioctls); diff --git a/drivers/gpu/drm/savage/savage_drv.c b/drivers/gpu/drm/savage/savage_drv.c -index 21aed1f..5db7419 100644 +index 21aed1f..85d23a0 100644 --- a/drivers/gpu/drm/savage/savage_drv.c +++ b/drivers/gpu/drm/savage/savage_drv.c @@ -76,7 +76,10 @@ static struct pci_driver savage_pci_driver = { @@ -47817,7 +47837,7 @@ index 21aed1f..5db7419 100644 { - driver.num_ioctls = savage_max_ioctl; + pax_open_kernel(); -+ *(int *)&driver.num_ioctls = savage_max_ioctl; ++ const_cast(driver.num_ioctls) = savage_max_ioctl; + pax_close_kernel(); + return drm_pci_init(&driver, &savage_pci_driver); @@ -47837,7 +47857,7 @@ index 37b6995..9b31aaf 100644 #define S3_SAVAGE3D_SERIES(chip) ((chip>=S3_SAVAGE3D) && (chip<=S3_SAVAGE_MX)) diff --git a/drivers/gpu/drm/sis/sis_drv.c b/drivers/gpu/drm/sis/sis_drv.c -index 79bce76..4fd9a20 100644 +index 79bce76..6c02219 100644 --- a/drivers/gpu/drm/sis/sis_drv.c +++ b/drivers/gpu/drm/sis/sis_drv.c @@ -128,7 +128,10 @@ static struct pci_driver sis_pci_driver = { @@ -47846,7 +47866,7 @@ index 79bce76..4fd9a20 100644 { - driver.num_ioctls = sis_max_ioctl; + pax_open_kernel(); -+ *(int *)&driver.num_ioctls = sis_max_ioctl; ++ const_cast(driver.num_ioctls) = sis_max_ioctl; + pax_close_kernel(); + return drm_pci_init(&driver, &sis_pci_driver); @@ -47875,7 +47895,7 @@ index 93ad8a5..48f0a57 100644 -int sis_max_ioctl = ARRAY_SIZE(sis_ioctls); +const int sis_max_ioctl = ARRAY_SIZE(sis_ioctls); diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c -index dde6f20..1969ca6 100644 +index dde6f20..a74f8b9 100644 --- a/drivers/gpu/drm/tegra/dc.c +++ b/drivers/gpu/drm/tegra/dc.c @@ -1657,7 +1657,7 @@ static int tegra_dc_debugfs_init(struct tegra_dc *dc, struct drm_minor *minor) @@ -47883,7 +47903,7 @@ index dde6f20..1969ca6 100644 for (i = 0; i < ARRAY_SIZE(debugfs_files); i++) - dc->debugfs_files[i].data = dc; -+ *(void **)&dc->debugfs_files[i].data = dc; ++ const_cast(dc->debugfs_files[i].data) = dc; err = drm_debugfs_create_files(dc->debugfs_files, ARRAY_SIZE(debugfs_files), @@ -47914,7 +47934,7 @@ index b7ef492..8968507 100644 struct dentry *debugfs; }; diff --git a/drivers/gpu/drm/tegra/sor.c b/drivers/gpu/drm/tegra/sor.c -index 757c6e8..710a6ff 100644 +index 757c6e8..36532d6 100644 --- a/drivers/gpu/drm/tegra/sor.c +++ b/drivers/gpu/drm/tegra/sor.c @@ -1003,8 +1003,11 @@ static int tegra_sor_debugfs_init(struct tegra_sor *sor, @@ -47925,7 +47945,7 @@ index 757c6e8..710a6ff 100644 - sor->debugfs_files[i].data = sor; + for (i = 0; i < ARRAY_SIZE(debugfs_files); i++) { + pax_open_kernel(); -+ *(void **)&sor->debugfs_files[i].data = sor; ++ const_cast(sor->debugfs_files[i].data) = sor; + pax_close_kernel(); + } @@ -48205,7 +48225,7 @@ index d17d8f2..67e8e48b 100644 -int via_max_ioctl = ARRAY_SIZE(via_ioctls); +const int via_max_ioctl = ARRAY_SIZE(via_ioctls); diff --git a/drivers/gpu/drm/via/via_drv.c b/drivers/gpu/drm/via/via_drv.c -index ed8aa8f..16c84fc 100644 +index ed8aa8f..114cc8d 100644 --- a/drivers/gpu/drm/via/via_drv.c +++ b/drivers/gpu/drm/via/via_drv.c @@ -107,7 +107,10 @@ static struct pci_driver via_pci_driver = { @@ -48214,7 +48234,7 @@ index ed8aa8f..16c84fc 100644 { - driver.num_ioctls = via_max_ioctl; + pax_open_kernel(); -+ *(int *)&driver.num_ioctls = via_max_ioctl; ++ const_cast(driver.num_ioctls) = via_max_ioctl; + pax_close_kernel(); + via_init_command_verifier(); @@ -49094,7 +49114,7 @@ index d127ace..6ee866f 100644 int i, j = 1; diff --git a/drivers/idle/intel_idle.c b/drivers/idle/intel_idle.c -index 146eed70b..7679efd 100644 +index 146eed70b..7312f08 100644 --- a/drivers/idle/intel_idle.c +++ b/drivers/idle/intel_idle.c @@ -1060,8 +1060,10 @@ static void sklh_idle_state_table_update(void) @@ -49104,8 +49124,8 @@ index 146eed70b..7679efd 100644 - skl_cstates[5].disabled = 1; /* C8-SKL */ - skl_cstates[6].disabled = 1; /* C9-SKL */ + pax_open_kernel(); -+ *(bool *)&skl_cstates[5].disabled = 1; /* C8-SKL */ -+ *(bool *)&skl_cstates[6].disabled = 1; /* C9-SKL */ ++ const_cast(skl_cstates[5].disabled) = 1; /* C8-SKL */ ++ const_cast(skl_cstates[6].disabled) = 1; /* C9-SKL */ + pax_close_kernel(); } /* @@ -50103,18 +50123,6 @@ index 8c4daf7..77a87ab 100644 nesqp->destroyed = 1; /* Blow away the connection if it exists. */ -diff --git a/drivers/infiniband/hw/qib/qib.h b/drivers/infiniband/hw/qib/qib.h -index 7df16f7..7e1b21e 100644 ---- a/drivers/infiniband/hw/qib/qib.h -+++ b/drivers/infiniband/hw/qib/qib.h -@@ -52,6 +52,7 @@ - #include <linux/kref.h> - #include <linux/sched.h> - #include <linux/kthread.h> -+#include <linux/slab.h> - - #include "qib_common.h" - #include "qib_verbs.h" diff --git a/drivers/infiniband/hw/qib/qib_iba7322.c b/drivers/infiniband/hw/qib/qib_iba7322.c index 6c8ff10..73cfbb6 100644 --- a/drivers/infiniband/hw/qib/qib_iba7322.c @@ -50492,7 +50500,7 @@ index 2087534..c3f6b6c 100644 return -ENOMEM; diff --git a/drivers/iommu/arm-smmu.c b/drivers/iommu/arm-smmu.c -index 59ee4b8..6632759 100644 +index 59ee4b8..e4b6234 100644 --- a/drivers/iommu/arm-smmu.c +++ b/drivers/iommu/arm-smmu.c @@ -341,7 +341,7 @@ enum arm_smmu_domain_stage { @@ -50528,7 +50536,7 @@ index 59ee4b8..6632759 100644 /* Update our support page sizes to reflect the page table format */ - arm_smmu_ops.pgsize_bitmap = pgtbl_cfg.pgsize_bitmap; + pax_open_kernel(); -+ *(unsigned long *)&arm_smmu_ops.pgsize_bitmap = pgtbl_cfg.pgsize_bitmap; ++ const_cast(arm_smmu_ops.pgsize_bitmap) = pgtbl_cfg.pgsize_bitmap; + pax_close_kernel(); /* Initialise the context bank with our page table cfg */ @@ -50630,7 +50638,7 @@ index 59ee4b8..6632759 100644 - arm_smmu_ops.pgsize_bitmap &= size; + pax_open_kernel(); -+ *(unsigned long *)&arm_smmu_ops.pgsize_bitmap &= size; ++ const_cast(arm_smmu_ops.pgsize_bitmap) &= size; + pax_close_kernel(); dev_notice(smmu->dev, "\tSupported page sizes: 0x%08lx\n", size); @@ -51582,7 +51590,7 @@ index fef6586..22353ff 100644 } else if ((DIDD_Table[x].type > 0) && (DIDD_Table[x].type < 16)) { /* IDI Adapter found */ diff --git a/drivers/isdn/hardware/eicon/mntfunc.c b/drivers/isdn/hardware/eicon/mntfunc.c -index 1cd9aff..1a3e2b6 100644 +index 1cd9aff..3775d52 100644 --- a/drivers/isdn/hardware/eicon/mntfunc.c +++ b/drivers/isdn/hardware/eicon/mntfunc.c @@ -26,8 +26,13 @@ extern void DIVA_DIDD_Read(void *, int); @@ -51592,7 +51600,7 @@ index 1cd9aff..1a3e2b6 100644 + +static void didd_nothing(ENTITY IDI_CALL_ENTITY_T *e) +{ -+ diva_maint_prtComp(e); ++ diva_maint_prtComp((char *)e); +} static DESCRIPTOR MaintDescriptor = -{ IDI_DIMAINT, 0, 0, (IDI_CALL) diva_maint_prtComp }; @@ -52967,10 +52975,50 @@ index 6b420a5..d5acb8f 100644 struct gc_stat { diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c -index 22b9e34..ac456ec 100644 +index 22b9e34..d8406e7 100644 --- a/drivers/md/bcache/btree.c +++ b/drivers/md/bcache/btree.c -@@ -468,7 +468,7 @@ void __bch_btree_node_write(struct btree *b, struct closure *parent) +@@ -337,15 +337,17 @@ static void btree_complete_write(struct btree *b, struct btree_write *w) + w->journal = NULL; + } + +-static void btree_node_write_unlock(struct closure *cl) ++static void btree_node_write_unlock(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct btree *b = container_of(cl, struct btree, io); + + up(&b->io_mutex); + } + +-static void __btree_node_write_done(struct closure *cl) ++static void __btree_node_write_done(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct btree *b = container_of(cl, struct btree, io); + struct btree_write *w = btree_prev_write(b); + +@@ -359,8 +361,9 @@ static void __btree_node_write_done(struct closure *cl) + closure_return_with_destructor(cl, btree_node_write_unlock); + } + +-static void btree_node_write_done(struct closure *cl) ++static void btree_node_write_done(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct btree *b = container_of(cl, struct btree, io); + struct bio_vec *bv; + int n; +@@ -368,7 +371,7 @@ static void btree_node_write_done(struct closure *cl) + bio_for_each_segment_all(bv, b->bio, n) + __free_page(bv->bv_page); + +- __btree_node_write_done(cl); ++ __btree_node_write_done(&cl->work); + } + + static void btree_node_write_endio(struct bio *bio) +@@ -468,7 +471,7 @@ void __bch_btree_node_write(struct btree *b, struct closure *parent) do_btree_node_write(b); @@ -52979,12 +53027,44 @@ index 22b9e34..ac456ec 100644 &PTR_CACHE(b->c, &b->key, 0)->btree_sectors_written); b->written += set_blocks(i, block_bytes(b->c)); +diff --git a/drivers/md/bcache/closure.c b/drivers/md/bcache/closure.c +index 9eaf1d6..86e6fa1 100644 +--- a/drivers/md/bcache/closure.c ++++ b/drivers/md/bcache/closure.c +@@ -29,12 +29,12 @@ static inline void closure_put_after_sub(struct closure *cl, int flags) + closure_queue(cl); + } else { + struct closure *parent = cl->parent; +- closure_fn *destructor = cl->fn; ++ work_func_t destructor = cl->fn; + + closure_debug_destroy(cl); + + if (destructor) +- destructor(cl); ++ destructor(&cl->work); + + if (parent) + closure_put(parent); diff --git a/drivers/md/bcache/closure.h b/drivers/md/bcache/closure.h -index 782cc2c..4fdd593 100644 +index 782cc2c..34864f4 100644 --- a/drivers/md/bcache/closure.h +++ b/drivers/md/bcache/closure.h -@@ -238,7 +238,7 @@ static inline void closure_set_stopped(struct closure *cl) - static inline void set_closure_fn(struct closure *cl, closure_fn *fn, +@@ -151,7 +151,7 @@ struct closure { + struct workqueue_struct *wq; + struct task_struct *task; + struct llist_node list; +- closure_fn *fn; ++ work_func_t fn; + }; + struct work_struct work; + }; +@@ -235,10 +235,10 @@ static inline void closure_set_stopped(struct closure *cl) + atomic_sub(CLOSURE_RUNNING, &cl->remaining); + } + +-static inline void set_closure_fn(struct closure *cl, closure_fn *fn, ++static inline void set_closure_fn(struct closure *cl, work_func_t fn, struct workqueue_struct *wq) { - BUG_ON(object_is_on_stack(cl)); @@ -52992,6 +53072,24 @@ index 782cc2c..4fdd593 100644 closure_set_ip(cl); cl->fn = fn; cl->wq = wq; +@@ -253,7 +253,7 @@ static inline void closure_queue(struct closure *cl) + INIT_WORK(&cl->work, cl->work.func); + BUG_ON(!queue_work(wq, &cl->work)); + } else +- cl->fn(cl); ++ cl->fn(&cl->work); + } + + /** +@@ -372,7 +372,7 @@ do { \ + * asynchronously out of a new closure - @parent will then wait for @cl to + * finish. + */ +-static inline void closure_call(struct closure *cl, closure_fn fn, ++static inline void closure_call(struct closure *cl, work_func_t fn, + struct workqueue_struct *wq, + struct closure *parent) + { diff --git a/drivers/md/bcache/io.c b/drivers/md/bcache/io.c index 86a0bb8..0832b32 100644 --- a/drivers/md/bcache/io.c @@ -53035,10 +53133,46 @@ index 86a0bb8..0832b32 100644 errors >>= IO_ERROR_SHIFT; diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c -index 29eba72..348efc9 100644 +index 29eba72..1d0108a 100644 --- a/drivers/md/bcache/journal.c +++ b/drivers/md/bcache/journal.c -@@ -621,7 +621,7 @@ static void journal_write_unlocked(struct closure *cl) +@@ -555,10 +555,11 @@ static void journal_write_endio(struct bio *bio) + closure_put(&w->c->journal.io); + } + +-static void journal_write(struct closure *); ++static void journal_write(struct work_struct *); + +-static void journal_write_done(struct closure *cl) ++static void journal_write_done(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct journal *j = container_of(cl, struct journal, io); + struct journal_write *w = (j->cur == j->w) + ? &j->w[1] +@@ -568,17 +569,19 @@ static void journal_write_done(struct closure *cl) + continue_at_nobarrier(cl, journal_write, system_wq); + } + +-static void journal_write_unlock(struct closure *cl) ++static void journal_write_unlock(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct cache_set *c = container_of(cl, struct cache_set, journal.io); + + c->journal.io_in_flight = 0; + spin_unlock(&c->journal.lock); + } + +-static void journal_write_unlocked(struct closure *cl) ++static void journal_write_unlocked(struct work_struct *work) + __releases(c->journal.lock) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct cache_set *c = container_of(cl, struct cache_set, journal.io); + struct cache *ca; + struct journal_write *w = c->journal.cur; +@@ -621,7 +624,7 @@ static void journal_write_unlocked(struct closure *cl) ca = PTR_CACHE(c, k, i); bio = &ca->journal.bio; @@ -53047,6 +53181,278 @@ index 29eba72..348efc9 100644 bio_reset(bio); bio->bi_iter.bi_sector = PTR_OFFSET(k, i); +@@ -653,12 +656,13 @@ static void journal_write_unlocked(struct closure *cl) + continue_at(cl, journal_write_done, NULL); + } + +-static void journal_write(struct closure *cl) ++static void journal_write(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct cache_set *c = container_of(cl, struct cache_set, journal.io); + + spin_lock(&c->journal.lock); +- journal_write_unlocked(cl); ++ journal_write_unlocked(&cl->work); + } + + static void journal_try_write(struct cache_set *c) +diff --git a/drivers/md/bcache/movinggc.c b/drivers/md/bcache/movinggc.c +index b929fc9..4557031 100644 +--- a/drivers/md/bcache/movinggc.c ++++ b/drivers/md/bcache/movinggc.c +@@ -34,14 +34,16 @@ static bool moving_pred(struct keybuf *buf, struct bkey *k) + + /* Moving GC - IO loop */ + +-static void moving_io_destructor(struct closure *cl) ++static void moving_io_destructor(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct moving_io *io = container_of(cl, struct moving_io, cl); + kfree(io); + } + +-static void write_moving_finish(struct closure *cl) ++static void write_moving_finish(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct moving_io *io = container_of(cl, struct moving_io, cl); + struct bio *bio = &io->bio.bio; + struct bio_vec *bv; +@@ -92,8 +94,9 @@ static void moving_init(struct moving_io *io) + bch_bio_map(bio, NULL); + } + +-static void write_moving(struct closure *cl) ++static void write_moving(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct moving_io *io = container_of(cl, struct moving_io, cl); + struct data_insert_op *op = &io->op; + +@@ -116,8 +119,9 @@ static void write_moving(struct closure *cl) + continue_at(cl, write_moving_finish, op->wq); + } + +-static void read_moving_submit(struct closure *cl) ++static void read_moving_submit(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct moving_io *io = container_of(cl, struct moving_io, cl); + struct bio *bio = &io->bio.bio; + +diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c +index 25fa844..8181a97 100644 +--- a/drivers/md/bcache/request.c ++++ b/drivers/md/bcache/request.c +@@ -24,7 +24,7 @@ + + struct kmem_cache *bch_search_cache; + +-static void bch_data_insert_start(struct closure *); ++static void bch_data_insert_start(struct work_struct *); + + static unsigned cache_mode(struct cached_dev *dc, struct bio *bio) + { +@@ -53,8 +53,9 @@ static void bio_csum(struct bio *bio, struct bkey *k) + + /* Insert data into cache */ + +-static void bch_data_insert_keys(struct closure *cl) ++static void bch_data_insert_keys(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct data_insert_op *op = container_of(cl, struct data_insert_op, cl); + atomic_t *journal_ref = NULL; + struct bkey *replace_key = op->replace ? &op->replace_key : NULL; +@@ -143,8 +144,9 @@ out: + continue_at(cl, bch_data_insert_keys, op->wq); + } + +-static void bch_data_insert_error(struct closure *cl) ++static void bch_data_insert_error(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct data_insert_op *op = container_of(cl, struct data_insert_op, cl); + + /* +@@ -170,7 +172,7 @@ static void bch_data_insert_error(struct closure *cl) + + op->insert_keys.top = dst; + +- bch_data_insert_keys(cl); ++ bch_data_insert_keys(&cl->work); + } + + static void bch_data_insert_endio(struct bio *bio) +@@ -191,8 +193,9 @@ static void bch_data_insert_endio(struct bio *bio) + bch_bbio_endio(op->c, bio, bio->bi_error, "writing data to cache"); + } + +-static void bch_data_insert_start(struct closure *cl) ++static void bch_data_insert_start(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct data_insert_op *op = container_of(cl, struct data_insert_op, cl); + struct bio *bio = op->bio, *n; + +@@ -313,8 +316,9 @@ err: + * If s->bypass is true, instead of inserting the data it invalidates the + * region of the cache represented by s->cache_bio and op->inode. + */ +-void bch_data_insert(struct closure *cl) ++void bch_data_insert(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct data_insert_op *op = container_of(cl, struct data_insert_op, cl); + + trace_bcache_write(op->c, op->inode, op->bio, +@@ -322,7 +326,7 @@ void bch_data_insert(struct closure *cl) + + bch_keylist_init(&op->insert_keys); + bio_get(op->bio); +- bch_data_insert_start(cl); ++ bch_data_insert_start(&cl->work); + } + + /* Congested? */ +@@ -570,8 +574,9 @@ static int cache_lookup_fn(struct btree_op *op, struct btree *b, struct bkey *k) + return n == bio ? MAP_DONE : MAP_CONTINUE; + } + +-static void cache_lookup(struct closure *cl) ++static void cache_lookup(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct search *s = container_of(cl, struct search, iop.cl); + struct bio *bio = &s->bio.bio; + int ret; +@@ -631,8 +636,9 @@ static void do_bio_hook(struct search *s, struct bio *orig_bio) + bio_cnt_set(bio, 3); + } + +-static void search_free(struct closure *cl) ++static void search_free(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct search *s = container_of(cl, struct search, cl); + bio_complete(s); + +@@ -676,19 +682,21 @@ static inline struct search *search_alloc(struct bio *bio, + + /* Cached devices */ + +-static void cached_dev_bio_complete(struct closure *cl) ++static void cached_dev_bio_complete(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct search *s = container_of(cl, struct search, cl); + struct cached_dev *dc = container_of(s->d, struct cached_dev, disk); + +- search_free(cl); ++ search_free(&cl->work); + cached_dev_put(dc); + } + + /* Process reads */ + +-static void cached_dev_cache_miss_done(struct closure *cl) ++static void cached_dev_cache_miss_done(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct search *s = container_of(cl, struct search, cl); + + if (s->iop.replace_collision) +@@ -702,11 +710,12 @@ static void cached_dev_cache_miss_done(struct closure *cl) + __free_page(bv->bv_page); + } + +- cached_dev_bio_complete(cl); ++ cached_dev_bio_complete(&cl->work); + } + +-static void cached_dev_read_error(struct closure *cl) ++static void cached_dev_read_error(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct search *s = container_of(cl, struct search, cl); + struct bio *bio = &s->bio.bio; + +@@ -725,8 +734,9 @@ static void cached_dev_read_error(struct closure *cl) + continue_at(cl, cached_dev_cache_miss_done, NULL); + } + +-static void cached_dev_read_done(struct closure *cl) ++static void cached_dev_read_done(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct search *s = container_of(cl, struct search, cl); + struct cached_dev *dc = container_of(s->d, struct cached_dev, disk); + +@@ -765,8 +775,9 @@ static void cached_dev_read_done(struct closure *cl) + continue_at(cl, cached_dev_cache_miss_done, NULL); + } + +-static void cached_dev_read_done_bh(struct closure *cl) ++static void cached_dev_read_done_bh(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct search *s = container_of(cl, struct search, cl); + struct cached_dev *dc = container_of(s->d, struct cached_dev, disk); + +@@ -864,13 +875,14 @@ static void cached_dev_read(struct cached_dev *dc, struct search *s) + + /* Process writes */ + +-static void cached_dev_write_complete(struct closure *cl) ++static void cached_dev_write_complete(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct search *s = container_of(cl, struct search, cl); + struct cached_dev *dc = container_of(s->d, struct cached_dev, disk); + + up_read_non_owner(&dc->writeback_lock); +- cached_dev_bio_complete(cl); ++ cached_dev_bio_complete(&cl->work); + } + + static void cached_dev_write(struct cached_dev *dc, struct search *s) +@@ -942,8 +954,9 @@ static void cached_dev_write(struct cached_dev *dc, struct search *s) + continue_at(cl, cached_dev_write_complete, NULL); + } + +-static void cached_dev_nodata(struct closure *cl) ++static void cached_dev_nodata(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct search *s = container_of(cl, struct search, cl); + struct bio *bio = &s->bio.bio; + +@@ -1063,8 +1076,9 @@ static int flash_dev_cache_miss(struct btree *b, struct search *s, + return MAP_CONTINUE; + } + +-static void flash_dev_nodata(struct closure *cl) ++static void flash_dev_nodata(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct search *s = container_of(cl, struct search, cl); + + if (s->iop.flush_journal) +diff --git a/drivers/md/bcache/request.h b/drivers/md/bcache/request.h +index 1ff3687..b8f4a05 100644 +--- a/drivers/md/bcache/request.h ++++ b/drivers/md/bcache/request.h +@@ -33,7 +33,7 @@ struct data_insert_op { + }; + + unsigned bch_get_congested(struct cache_set *); +-void bch_data_insert(struct closure *cl); ++void bch_data_insert(struct work_struct *work); + + void bch_cached_dev_request_init(struct cached_dev *dc); + void bch_flash_dev_request_init(struct bcache_device *d); diff --git a/drivers/md/bcache/stats.c b/drivers/md/bcache/stats.c index 0ca072c..5e6e5c3 100644 --- a/drivers/md/bcache/stats.c @@ -53161,10 +53567,43 @@ index adbff14..018c2d2 100644 struct cache_stat_collector collector; diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c -index a296425..397607e 100644 +index a296425..c5d881c 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c -@@ -530,7 +530,7 @@ void bch_prio_write(struct cache *ca) +@@ -241,8 +241,9 @@ static void __write_super(struct cache_sb *sb, struct bio *bio) + submit_bio(REQ_WRITE, bio); + } + +-static void bch_write_bdev_super_unlock(struct closure *cl) ++static void bch_write_bdev_super_unlock(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct cached_dev *dc = container_of(cl, struct cached_dev, sb_write); + + up(&dc->sb_write_mutex); +@@ -275,8 +276,9 @@ static void write_super_endio(struct bio *bio) + closure_put(&ca->set->sb_write); + } + +-static void bcache_write_super_unlock(struct closure *cl) ++static void bcache_write_super_unlock(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct cache_set *c = container_of(cl, struct cache_set, sb_write); + + up(&c->sb_write_mutex); +@@ -326,8 +328,9 @@ static void uuid_endio(struct bio *bio) + closure_put(cl); + } + +-static void uuid_io_unlock(struct closure *cl) ++static void uuid_io_unlock(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct cache_set *c = container_of(cl, struct cache_set, uuid_write); + + up(&c->uuid_write_mutex); +@@ -530,7 +533,7 @@ void bch_prio_write(struct cache *ca) ca->disk_buckets->seq++; @@ -53173,6 +53612,83 @@ index a296425..397607e 100644 &ca->meta_sectors_written); //pr_debug("free %zu, free_inc %zu, unused %zu", fifo_used(&ca->free), +@@ -1049,8 +1052,9 @@ void bch_cached_dev_release(struct kobject *kobj) + module_put(THIS_MODULE); + } + +-static void cached_dev_free(struct closure *cl) ++static void cached_dev_free(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct cached_dev *dc = container_of(cl, struct cached_dev, disk.cl); + + cancel_delayed_work_sync(&dc->writeback_rate_update); +@@ -1074,8 +1078,9 @@ static void cached_dev_free(struct closure *cl) + kobject_put(&dc->disk.kobj); + } + +-static void cached_dev_flush(struct closure *cl) ++static void cached_dev_flush(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct cached_dev *dc = container_of(cl, struct cached_dev, disk.cl); + struct bcache_device *d = &dc->disk; + +@@ -1191,8 +1196,9 @@ void bch_flash_dev_release(struct kobject *kobj) + kfree(d); + } + +-static void flash_dev_free(struct closure *cl) ++static void flash_dev_free(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct bcache_device *d = container_of(cl, struct bcache_device, cl); + mutex_lock(&bch_register_lock); + bcache_device_free(d); +@@ -1200,8 +1206,9 @@ static void flash_dev_free(struct closure *cl) + kobject_put(&d->kobj); + } + +-static void flash_dev_flush(struct closure *cl) ++static void flash_dev_flush(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct bcache_device *d = container_of(cl, struct bcache_device, cl); + + mutex_lock(&bch_register_lock); +@@ -1320,8 +1327,9 @@ void bch_cache_set_release(struct kobject *kobj) + module_put(THIS_MODULE); + } + +-static void cache_set_free(struct closure *cl) ++static void cache_set_free(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct cache_set *c = container_of(cl, struct cache_set, cl); + struct cache *ca; + unsigned i; +@@ -1366,8 +1374,9 @@ static void cache_set_free(struct closure *cl) + kobject_put(&c->kobj); + } + +-static void cache_set_flush(struct closure *cl) ++static void cache_set_flush(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct cache_set *c = container_of(cl, struct cache_set, caching); + struct cache *ca; + struct btree *b; +@@ -1408,8 +1417,9 @@ static void cache_set_flush(struct closure *cl) + closure_return(cl); + } + +-static void __cache_set_unregister(struct closure *cl) ++static void __cache_set_unregister(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct cache_set *c = container_of(cl, struct cache_set, caching); + struct cached_dev *dc; + size_t i; diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c index b3ff57d..b2e30fb 100644 --- a/drivers/md/bcache/sysfs.c @@ -53215,6 +53731,51 @@ index b3ff57d..b2e30fb 100644 } return size; +diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c +index b9346cd..708ea8f 100644 +--- a/drivers/md/bcache/writeback.c ++++ b/drivers/md/bcache/writeback.c +@@ -118,14 +118,16 @@ static void dirty_init(struct keybuf_key *w) + bch_bio_map(bio, NULL); + } + +-static void dirty_io_destructor(struct closure *cl) ++static void dirty_io_destructor(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct dirty_io *io = container_of(cl, struct dirty_io, cl); + kfree(io); + } + +-static void write_dirty_finish(struct closure *cl) ++static void write_dirty_finish(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct dirty_io *io = container_of(cl, struct dirty_io, cl); + struct keybuf_key *w = io->bio.bi_private; + struct cached_dev *dc = io->dc; +@@ -177,8 +179,9 @@ static void dirty_endio(struct bio *bio) + closure_put(&io->cl); + } + +-static void write_dirty(struct closure *cl) ++static void write_dirty(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct dirty_io *io = container_of(cl, struct dirty_io, cl); + struct keybuf_key *w = io->bio.bi_private; + +@@ -204,8 +207,9 @@ static void read_dirty_endio(struct bio *bio) + dirty_endio(bio); + } + +-static void read_dirty_submit(struct closure *cl) ++static void read_dirty_submit(struct work_struct *work) + { ++ struct closure *cl = container_of(work, struct closure, work); + struct dirty_io *io = container_of(cl, struct dirty_io, cl); + + closure_bio_submit(&io->bio, cl); diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c index d80cce4..d7f15c4 100644 --- a/drivers/md/bitmap.c @@ -54725,6 +55286,19 @@ index 80caa70..d076ecf 100644 vma->vm_ops = &zoran_vm_ops; vma->vm_flags |= VM_DONTEXPAND; +diff --git a/drivers/media/platform/am437x/am437x-vpfe.c b/drivers/media/platform/am437x/am437x-vpfe.c +index de32e3a..e6a7bff 100644 +--- a/drivers/media/platform/am437x/am437x-vpfe.c ++++ b/drivers/media/platform/am437x/am437x-vpfe.c +@@ -1706,7 +1706,7 @@ static int vpfe_get_app_input_index(struct vpfe_device *vpfe, + sdinfo = &cfg->sub_devs[i]; + client = v4l2_get_subdevdata(sdinfo->sd); + if (client->addr == curr_client->addr && +- client->adapter->nr == client->adapter->nr) { ++ client->adapter->nr == curr_client->adapter->nr) { + if (vpfe->current_input >= 1) + return -1; + *app_input_index = j + vpfe->current_input; diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c index 70c28d1..ff21b13 100644 --- a/drivers/media/platform/omap/omap_vout.c @@ -56578,7 +57152,7 @@ index f7ab115..16b2087 100644 if (!irq) { dev_warn(tps65910->dev, "No interrupt support, no core IRQ\n"); diff --git a/drivers/mfd/twl4030-irq.c b/drivers/mfd/twl4030-irq.c -index 40e51b0..b986312 100644 +index 40e51b0..af35565 100644 --- a/drivers/mfd/twl4030-irq.c +++ b/drivers/mfd/twl4030-irq.c @@ -34,6 +34,7 @@ @@ -56597,16 +57171,16 @@ index 40e51b0..b986312 100644 - twl4030_irq_chip.name = "twl4030"; + pax_open_kernel(); + memcpy((void *)&twl4030_irq_chip, &dummy_irq_chip, sizeof twl4030_irq_chip); -+ *(const char **)&twl4030_irq_chip.name = "twl4030"; ++ const_cast(twl4030_irq_chip.name) = "twl4030"; - twl4030_sih_irq_chip.irq_ack = dummy_irq_chip.irq_ack; -+ *(void **)&twl4030_sih_irq_chip.irq_ack = dummy_irq_chip.irq_ack; ++ const_cast(twl4030_sih_irq_chip.irq_ack) = dummy_irq_chip.irq_ack; + pax_close_kernel(); for (i = irq_base; i < irq_end; i++) { irq_set_chip_and_handler(i, &twl4030_irq_chip, diff --git a/drivers/misc/c2port/core.c b/drivers/misc/c2port/core.c -index cc8645b..7cc15e4 100644 +index cc8645b..ab85ae4 100644 --- a/drivers/misc/c2port/core.c +++ b/drivers/misc/c2port/core.c @@ -922,7 +922,9 @@ struct c2port_device *c2port_device_register(char *name, @@ -56615,7 +57189,7 @@ index cc8645b..7cc15e4 100644 - bin_attr_flash_data.size = ops->blocks_num * ops->block_size; + pax_open_kernel(); -+ *(size_t *)&bin_attr_flash_data.size = ops->blocks_num * ops->block_size; ++ const_cast(bin_attr_flash_data.size) = ops->blocks_num * ops->block_size; + pax_close_kernel(); c2dev->dev = device_create(c2port_class, NULL, 0, c2dev, @@ -56705,7 +57279,7 @@ index c439c82..1f20f57 100644 int mapped_btns[3]; diff --git a/drivers/misc/mic/scif/scif_api.c b/drivers/misc/mic/scif/scif_api.c -index ddc9e4b..7b9c669 100644 +index ddc9e4b..9e27f41 100644 --- a/drivers/misc/mic/scif/scif_api.c +++ b/drivers/misc/mic/scif/scif_api.c @@ -1486,10 +1486,12 @@ int scif_client_register(struct scif_client *client) @@ -56717,10 +57291,10 @@ index ddc9e4b..7b9c669 100644 - si->add_dev = scif_add_client_dev; - si->remove_dev = scif_remove_client_dev; + pax_open_kernel(); -+ *(const char **)&si->name = client->name; -+ *(struct bus_type **)&si->subsys = &scif_peer_bus; -+ *(void **)&si->add_dev = scif_add_client_dev; -+ *(void **)&si->remove_dev = scif_remove_client_dev; ++ const_cast(si->name) = client->name; ++ const_cast(si->subsys) = &scif_peer_bus; ++ const_cast(si->add_dev) = scif_add_client_dev; ++ const_cast(si->remove_dev) = scif_remove_client_dev; + pax_close_kernel(); return subsys_interface_register(&client->si); @@ -57235,7 +57809,7 @@ index f695b58..7b7d017 100644 +} __do_const; #endif /* _DW_MMC_H_ */ diff --git a/drivers/mmc/host/mmci.c b/drivers/mmc/host/mmci.c -index 0d6ca41..d438654 100644 +index 0d6ca41..bdc6710 100644 --- a/drivers/mmc/host/mmci.c +++ b/drivers/mmc/host/mmci.c @@ -1634,7 +1634,9 @@ static int mmci_probe(struct amba_device *dev, @@ -57244,13 +57818,13 @@ index 0d6ca41..d438654 100644 if (variant->busy_detect) { - mmci_ops.card_busy = mmci_card_busy; + pax_open_kernel(); -+ *(void **)&mmci_ops.card_busy = mmci_card_busy; ++ const_cast(mmci_ops.card_busy) = mmci_card_busy; + pax_close_kernel(); mmci_write_datactrlreg(host, MCI_ST_DPSM_BUSYMODE); mmc->caps |= MMC_CAP_WAIT_WHILE_BUSY; mmc->max_busy_timeout = 0; diff --git a/drivers/mmc/host/omap_hsmmc.c b/drivers/mmc/host/omap_hsmmc.c -index f6e4d97..57358ff 100644 +index f6e4d97..8bd8c05 100644 --- a/drivers/mmc/host/omap_hsmmc.c +++ b/drivers/mmc/host/omap_hsmmc.c @@ -2088,7 +2088,9 @@ static int omap_hsmmc_probe(struct platform_device *pdev) @@ -57259,13 +57833,13 @@ index f6e4d97..57358ff 100644 dev_info(&pdev->dev, "multiblock reads disabled due to 35xx erratum 2.1.1.128; MMC read performance may suffer\n"); - omap_hsmmc_ops.multi_io_quirk = omap_hsmmc_multi_io_quirk; + pax_open_kernel(); -+ *(void **)&omap_hsmmc_ops.multi_io_quirk = omap_hsmmc_multi_io_quirk; ++ const_cast(omap_hsmmc_ops.multi_io_quirk) = omap_hsmmc_multi_io_quirk; + pax_close_kernel(); } device_init_wakeup(&pdev->dev, true); diff --git a/drivers/mmc/host/sdhci-esdhc-imx.c b/drivers/mmc/host/sdhci-esdhc-imx.c -index f25f292..a0e1250 100644 +index f25f292..7f4b03f 100644 --- a/drivers/mmc/host/sdhci-esdhc-imx.c +++ b/drivers/mmc/host/sdhci-esdhc-imx.c @@ -1194,9 +1194,12 @@ static int sdhci_esdhc_imx_probe(struct platform_device *pdev) @@ -57276,7 +57850,7 @@ index f25f292..a0e1250 100644 - sdhci_esdhc_ops.platform_execute_tuning = + if (imx_data->socdata->flags & ESDHC_FLAG_MAN_TUNING) { + pax_open_kernel(); -+ *(void **)&sdhci_esdhc_ops.platform_execute_tuning = ++ const_cast(sdhci_esdhc_ops.platform_execute_tuning) = esdhc_executing_tuning; + pax_close_kernel(); + } @@ -57284,7 +57858,7 @@ index f25f292..a0e1250 100644 if (imx_data->socdata->flags & ESDHC_FLAG_STD_TUNING) writel(readl(host->ioaddr + ESDHC_TUNING_CTRL) | diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c -index 70c724b..308aafc 100644 +index 70c724b..0c24beb 100644 --- a/drivers/mmc/host/sdhci-s3c.c +++ b/drivers/mmc/host/sdhci-s3c.c @@ -598,9 +598,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev) @@ -57295,9 +57869,9 @@ index 70c724b..308aafc 100644 - sdhci_s3c_ops.get_min_clock = sdhci_cmu_get_min_clock; - sdhci_s3c_ops.get_max_clock = sdhci_cmu_get_max_clock; + pax_open_kernel(); -+ *(void **)&sdhci_s3c_ops.set_clock = sdhci_cmu_set_clock; -+ *(void **)&sdhci_s3c_ops.get_min_clock = sdhci_cmu_get_min_clock; -+ *(void **)&sdhci_s3c_ops.get_max_clock = sdhci_cmu_get_max_clock; ++ const_cast(sdhci_s3c_ops.set_clock) = sdhci_cmu_set_clock; ++ const_cast(sdhci_s3c_ops.get_min_clock) = sdhci_cmu_get_min_clock; ++ const_cast(sdhci_s3c_ops.get_max_clock) = sdhci_cmu_get_max_clock; + pax_close_kernel(); } @@ -59971,7 +60545,7 @@ index 245c063..74ed9c9 100644 mdio_cmd->op = op; mdio_cmd->mdio_addr = loc; diff --git a/drivers/net/ethernet/cavium/liquidio/lio_main.c b/drivers/net/ethernet/cavium/liquidio/lio_main.c -index 34d269c..43dcc17 100644 +index 34d269c..69e1ac2 100644 --- a/drivers/net/ethernet/cavium/liquidio/lio_main.c +++ b/drivers/net/ethernet/cavium/liquidio/lio_main.c @@ -475,7 +475,7 @@ static void stop_pci_io(struct octeon_device *oct) @@ -60018,7 +60592,7 @@ index 34d269c..43dcc17 100644 - lionetdevops.ndo_select_queue = select_q; + if (num_iqueues > 1) { + pax_open_kernel(); -+ *(void **)&lionetdevops.ndo_select_queue = select_q; ++ const_cast(lionetdevops.ndo_select_queue) = select_q; + pax_close_kernel(); + } @@ -60316,7 +60890,7 @@ index e51892d..3e645f4 100644 struct hix5hd2_priv *priv = netdev_priv(dev); struct hix5hd2_desc *desc; diff --git a/drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c b/drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c -index d4f92ed..38fdf5b 100644 +index d4f92ed..d4755e0 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c @@ -857,16 +857,18 @@ int hns_dsaf_ae_init(struct dsaf_device *dsaf_dev) @@ -60327,11 +60901,11 @@ index d4f92ed..38fdf5b 100644 switch (dsaf_dev->dsaf_ver) { case AE_VERSION_1: - hns_dsaf_ops.toggle_ring_irq = hns_ae_toggle_ring_irq; -+ *(void **)&hns_dsaf_ops.toggle_ring_irq = hns_ae_toggle_ring_irq; ++ const_cast(hns_dsaf_ops.toggle_ring_irq) = hns_ae_toggle_ring_irq; break; case AE_VERSION_2: - hns_dsaf_ops.toggle_ring_irq = hns_aev2_toggle_ring_irq; -+ *(void **)&hns_dsaf_ops.toggle_ring_irq = hns_aev2_toggle_ring_irq; ++ const_cast(hns_dsaf_ops.toggle_ring_irq) = hns_aev2_toggle_ring_irq; break; default: break; @@ -60809,7 +61383,7 @@ index 6409a06..e5bd4d6 100644 struct netxen_adapter *adapter = pci_get_drvdata(pdev); diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c -index bf89216..4044d8c 100644 +index bf89216..b08442a 100644 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c @@ -2324,7 +2324,9 @@ int qlcnic_83xx_configure_opmode(struct qlcnic_adapter *adapter) @@ -60818,13 +61392,13 @@ index bf89216..4044d8c 100644 ahw->nic_mode = QLCNIC_DEFAULT_MODE; - adapter->nic_ops->init_driver = qlcnic_83xx_init_default_driver; + pax_open_kernel(); -+ *(void **)&adapter->nic_ops->init_driver = qlcnic_83xx_init_default_driver; ++ const_cast(adapter->nic_ops->init_driver) = qlcnic_83xx_init_default_driver; + pax_close_kernel(); ahw->idc.state_entry = qlcnic_83xx_idc_ready_state_entry; max_sds_rings = QLCNIC_MAX_SDS_RINGS; max_tx_rings = QLCNIC_MAX_TX_RINGS; diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c -index 3490675..0b9e15a 100644 +index 3490675..cf148ea 100644 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c @@ -207,17 +207,23 @@ int qlcnic_83xx_config_vnic_opmode(struct qlcnic_adapter *adapter) @@ -60833,7 +61407,7 @@ index 3490675..0b9e15a 100644 ahw->idc.state_entry = qlcnic_83xx_idc_ready_state_entry; - nic_ops->init_driver = qlcnic_83xx_init_non_privileged_vnic; + pax_open_kernel(); -+ *(void **)&nic_ops->init_driver = qlcnic_83xx_init_non_privileged_vnic; ++ const_cast(nic_ops->init_driver) = qlcnic_83xx_init_non_privileged_vnic; + pax_close_kernel(); break; case QLCNIC_PRIV_FUNC: @@ -60841,7 +61415,7 @@ index 3490675..0b9e15a 100644 ahw->idc.state_entry = qlcnic_83xx_idc_vnic_pf_entry; - nic_ops->init_driver = qlcnic_83xx_init_privileged_vnic; + pax_open_kernel(); -+ *(void **)&nic_ops->init_driver = qlcnic_83xx_init_privileged_vnic; ++ const_cast(nic_ops->init_driver) = qlcnic_83xx_init_privileged_vnic; + pax_close_kernel(); break; case QLCNIC_MGMT_FUNC: @@ -60849,7 +61423,7 @@ index 3490675..0b9e15a 100644 ahw->idc.state_entry = qlcnic_83xx_idc_ready_state_entry; - nic_ops->init_driver = qlcnic_83xx_init_mgmt_vnic; + pax_open_kernel(); -+ *(void **)&nic_ops->init_driver = qlcnic_83xx_init_mgmt_vnic; ++ const_cast(nic_ops->init_driver) = qlcnic_83xx_init_mgmt_vnic; + pax_close_kernel(); break; default: @@ -61604,7 +62178,7 @@ index f9db2ce..6cd460c 100644 } diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c -index 94e6888..1d08b6a 100644 +index 94e6888..c5c3f55 100644 --- a/drivers/net/macvlan.c +++ b/drivers/net/macvlan.c @@ -335,7 +335,7 @@ static void macvlan_broadcast_enqueue(struct macvlan_port *port, @@ -61628,13 +62202,13 @@ index 94e6888..1d08b6a 100644 - ops->get_size = macvlan_get_size; - ops->fill_info = macvlan_fill_info; + pax_open_kernel(); -+ *(size_t *)&ops->priv_size = sizeof(struct macvlan_dev); -+ *(void **)&ops->validate = macvlan_validate; -+ *(int *)&ops->maxtype = IFLA_MACVLAN_MAX; -+ *(const void **)&ops->policy = macvlan_policy; -+ *(void **)&ops->changelink = macvlan_changelink; -+ *(void **)&ops->get_size = macvlan_get_size; -+ *(void **)&ops->fill_info = macvlan_fill_info; ++ const_cast(ops->priv_size) = sizeof(struct macvlan_dev); ++ const_cast(ops->validate) = macvlan_validate; ++ const_cast(ops->maxtype) = IFLA_MACVLAN_MAX; ++ const_cast(ops->policy) = macvlan_policy; ++ const_cast(ops->changelink) = macvlan_changelink; ++ const_cast(ops->get_size) = macvlan_get_size; ++ const_cast(ops->fill_info) = macvlan_fill_info; + pax_close_kernel(); return rtnl_link_register(ops); @@ -62585,7 +63159,7 @@ index 831a544..d846785 100644 struct ath_nf_limits { s16 max; diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c -index c1b33fd..9f904b1 100644 +index c1b33fd..d61f3b4 100644 --- a/drivers/net/wireless/ath/ath9k/main.c +++ b/drivers/net/wireless/ath/ath9k/main.c @@ -2589,16 +2589,18 @@ void ath9k_fill_chanctx_ops(void) @@ -62603,16 +63177,16 @@ index c1b33fd..9f904b1 100644 - ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx; - ath9k_ops.mgd_prepare_tx = ath9k_mgd_prepare_tx; + pax_open_kernel(); -+ *(void **)&ath9k_ops.hw_scan = ath9k_hw_scan; -+ *(void **)&ath9k_ops.cancel_hw_scan = ath9k_cancel_hw_scan; -+ *(void **)&ath9k_ops.remain_on_channel = ath9k_remain_on_channel; -+ *(void **)&ath9k_ops.cancel_remain_on_channel = ath9k_cancel_remain_on_channel; -+ *(void **)&ath9k_ops.add_chanctx = ath9k_add_chanctx; -+ *(void **)&ath9k_ops.remove_chanctx = ath9k_remove_chanctx; -+ *(void **)&ath9k_ops.change_chanctx = ath9k_change_chanctx; -+ *(void **)&ath9k_ops.assign_vif_chanctx = ath9k_assign_vif_chanctx; -+ *(void **)&ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx; -+ *(void **)&ath9k_ops.mgd_prepare_tx = ath9k_mgd_prepare_tx; ++ const_cast(ath9k_ops.hw_scan) = ath9k_hw_scan; ++ const_cast(ath9k_ops.cancel_hw_scan) = ath9k_cancel_hw_scan; ++ const_cast(ath9k_ops.remain_on_channel) = ath9k_remain_on_channel; ++ const_cast(ath9k_ops.cancel_remain_on_channel) = ath9k_cancel_remain_on_channel; ++ const_cast(ath9k_ops.add_chanctx) = ath9k_add_chanctx; ++ const_cast(ath9k_ops.remove_chanctx) = ath9k_remove_chanctx; ++ const_cast(ath9k_ops.change_chanctx) = ath9k_change_chanctx; ++ const_cast(ath9k_ops.assign_vif_chanctx) = ath9k_assign_vif_chanctx; ++ const_cast(ath9k_ops.unassign_vif_chanctx) = ath9k_unassign_vif_chanctx; ++ const_cast(ath9k_ops.mgd_prepare_tx) = ath9k_mgd_prepare_tx; + pax_close_kernel(); } @@ -63861,7 +64435,7 @@ index ed0adaf..4bb4f53 100644 return ret; } diff --git a/drivers/net/wireless/intel/iwlegacy/3945-mac.c b/drivers/net/wireless/intel/iwlegacy/3945-mac.c -index af1b3e6..9bc08d3 100644 +index af1b3e6..c014779 100644 --- a/drivers/net/wireless/intel/iwlegacy/3945-mac.c +++ b/drivers/net/wireless/intel/iwlegacy/3945-mac.c @@ -1399,8 +1399,9 @@ il3945_dump_nic_error_log(struct il_priv *il) @@ -63899,7 +64473,7 @@ index af1b3e6..9bc08d3 100644 D_INFO("Disabling hw_scan\n"); - il3945_mac_ops.hw_scan = NULL; + pax_open_kernel(); -+ *(void **)&il3945_mac_ops.hw_scan = NULL; ++ const_cast(il3945_mac_ops.hw_scan) = NULL; + pax_close_kernel(); } @@ -65682,7 +66256,7 @@ index 48e8a97..3499ec8 100644 const struct iw_handler_def prism54_handler_def = { diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c -index a28414c..26c8768 100644 +index a28414c..ad61156 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c @@ -3218,20 +3218,20 @@ static int __init init_mac80211_hwsim(void) @@ -65705,17 +66279,17 @@ index a28414c..26c8768 100644 - mac80211_hwsim_unassign_vif_chanctx; + pax_open_kernel(); + memcpy((void *)&mac80211_hwsim_mchan_ops, &mac80211_hwsim_ops, sizeof mac80211_hwsim_mchan_ops); -+ *(void **)&mac80211_hwsim_mchan_ops.hw_scan = mac80211_hwsim_hw_scan; -+ *(void **)&mac80211_hwsim_mchan_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan; -+ *(void **)&mac80211_hwsim_mchan_ops.sw_scan_start = NULL; -+ *(void **)&mac80211_hwsim_mchan_ops.sw_scan_complete = NULL; -+ *(void **)&mac80211_hwsim_mchan_ops.remain_on_channel = mac80211_hwsim_roc; -+ *(void **)&mac80211_hwsim_mchan_ops.cancel_remain_on_channel = mac80211_hwsim_croc; -+ *(void **)&mac80211_hwsim_mchan_ops.add_chanctx = mac80211_hwsim_add_chanctx; -+ *(void **)&mac80211_hwsim_mchan_ops.remove_chanctx = mac80211_hwsim_remove_chanctx; -+ *(void **)&mac80211_hwsim_mchan_ops.change_chanctx = mac80211_hwsim_change_chanctx; -+ *(void **)&mac80211_hwsim_mchan_ops.assign_vif_chanctx = mac80211_hwsim_assign_vif_chanctx; -+ *(void **)&mac80211_hwsim_mchan_ops.unassign_vif_chanctx = mac80211_hwsim_unassign_vif_chanctx; ++ const_cast(mac80211_hwsim_mchan_ops.hw_scan) = mac80211_hwsim_hw_scan; ++ const_cast(mac80211_hwsim_mchan_ops.cancel_hw_scan) = mac80211_hwsim_cancel_hw_scan; ++ const_cast(mac80211_hwsim_mchan_ops.sw_scan_start) = NULL; ++ const_cast(mac80211_hwsim_mchan_ops.sw_scan_complete) = NULL; ++ const_cast(mac80211_hwsim_mchan_ops.remain_on_channel) = mac80211_hwsim_roc; ++ const_cast(mac80211_hwsim_mchan_ops.cancel_remain_on_channel) = mac80211_hwsim_croc; ++ const_cast(mac80211_hwsim_mchan_ops.add_chanctx) = mac80211_hwsim_add_chanctx; ++ const_cast(mac80211_hwsim_mchan_ops.remove_chanctx) = mac80211_hwsim_remove_chanctx; ++ const_cast(mac80211_hwsim_mchan_ops.change_chanctx) = mac80211_hwsim_change_chanctx; ++ const_cast(mac80211_hwsim_mchan_ops.assign_vif_chanctx) = mac80211_hwsim_assign_vif_chanctx; ++ const_cast(mac80211_hwsim_mchan_ops.unassign_vif_chanctx) = mac80211_hwsim_unassign_vif_chanctx; + pax_close_kernel(); spin_lock_init(&hwsim_radio_lock); @@ -66131,7 +66705,7 @@ index 29dfc51..8297755 100644 void rtl_swlps_rf_sleep(struct ieee80211_hw *hw); void rtl_p2p_ps_cmd(struct ieee80211_hw *hw , u8 p2p_ps_state); diff --git a/drivers/net/wireless/ti/wl1251/sdio.c b/drivers/net/wireless/ti/wl1251/sdio.c -index b661f896..ddf7d2b 100644 +index b661f896..ebea675 100644 --- a/drivers/net/wireless/ti/wl1251/sdio.c +++ b/drivers/net/wireless/ti/wl1251/sdio.c @@ -282,13 +282,17 @@ static int wl1251_sdio_probe(struct sdio_func *func, @@ -66141,8 +66715,8 @@ index b661f896..ddf7d2b 100644 - wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq; - wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq; + pax_open_kernel(); -+ *(void **)&wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq; -+ *(void **)&wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq; ++ const_cast(wl1251_sdio_ops.enable_irq) = wl1251_enable_line_irq; ++ const_cast(wl1251_sdio_ops.disable_irq) = wl1251_disable_line_irq; + pax_close_kernel(); wl1251_info("using dedicated interrupt line"); @@ -66150,14 +66724,14 @@ index b661f896..ddf7d2b 100644 - wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq; - wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq; + pax_open_kernel(); -+ *(void **)&wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq; -+ *(void **)&wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq; ++ const_cast(wl1251_sdio_ops.enable_irq) = wl1251_sdio_enable_irq; ++ const_cast(wl1251_sdio_ops.disable_irq) = wl1251_sdio_disable_irq; + pax_close_kernel(); wl1251_info("using SDIO interrupt"); } diff --git a/drivers/net/wireless/ti/wl12xx/main.c b/drivers/net/wireless/ti/wl12xx/main.c -index a0d6ccc..93d9ac5 100644 +index a0d6ccc..36e1ae3 100644 --- a/drivers/net/wireless/ti/wl12xx/main.c +++ b/drivers/net/wireless/ti/wl12xx/main.c @@ -656,7 +656,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl) @@ -66166,7 +66740,7 @@ index a0d6ccc..93d9ac5 100644 /* read data preparation is only needed by wl127x */ - wl->ops->prepare_read = wl127x_prepare_read; + pax_open_kernel(); -+ *(void **)&wl->ops->prepare_read = wl127x_prepare_read; ++ const_cast(wl->ops->prepare_read) = wl127x_prepare_read; + pax_close_kernel(); wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER, @@ -66177,13 +66751,13 @@ index a0d6ccc..93d9ac5 100644 /* read data preparation is only needed by wl127x */ - wl->ops->prepare_read = wl127x_prepare_read; + pax_open_kernel(); -+ *(void **)&wl->ops->prepare_read = wl127x_prepare_read; ++ const_cast(wl->ops->prepare_read) = wl127x_prepare_read; + pax_close_kernel(); wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER, WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER, diff --git a/drivers/net/wireless/ti/wl18xx/main.c b/drivers/net/wireless/ti/wl18xx/main.c -index 1bf26cc..3b15c02 100644 +index 1bf26cc..7dd1267 100644 --- a/drivers/net/wireless/ti/wl18xx/main.c +++ b/drivers/net/wireless/ti/wl18xx/main.c @@ -2018,8 +2018,10 @@ static int wl18xx_setup(struct wl1271 *wl) @@ -66193,8 +66767,8 @@ index 1bf26cc..3b15c02 100644 - wl18xx_ops.set_rx_csum = NULL; - wl18xx_ops.init_vif = NULL; + pax_open_kernel(); -+ *(void **)&wl18xx_ops.set_rx_csum = NULL; -+ *(void **)&wl18xx_ops.init_vif = NULL; ++ const_cast(wl18xx_ops.set_rx_csum) = NULL; ++ const_cast(wl18xx_ops.init_vif) = NULL; + pax_close_kernel(); } @@ -66687,7 +67261,7 @@ index 680f578..cf80097 100644 struct nvme_dev *dev = pci_get_drvdata(pdev); diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c -index 655f79d..509e3cd 100644 +index 655f79d..c684ede 100644 --- a/drivers/of/fdt.c +++ b/drivers/of/fdt.c @@ -1170,7 +1170,9 @@ static int __init of_fdt_raw_init(void) @@ -66696,7 +67270,7 @@ index 655f79d..509e3cd 100644 } - of_fdt_raw_attr.size = fdt_totalsize(initial_boot_params); + pax_open_kernel(); -+ *(size_t *)&of_fdt_raw_attr.size = fdt_totalsize(initial_boot_params); ++ const_cast(of_fdt_raw_attr.size) = fdt_totalsize(initial_boot_params); + pax_close_kernel(); return sysfs_create_bin_file(firmware_kobj, &of_fdt_raw_attr); } @@ -66881,7 +67455,7 @@ index 1652bc7..4f999c4 100644 struct gen_pci_cfg_windows { struct resource res; diff --git a/drivers/pci/hotplug/acpiphp_ibm.c b/drivers/pci/hotplug/acpiphp_ibm.c -index 2f6d3a1..5bc1bf1 100644 +index 2f6d3a1..cb43cfc 100644 --- a/drivers/pci/hotplug/acpiphp_ibm.c +++ b/drivers/pci/hotplug/acpiphp_ibm.c @@ -463,7 +463,9 @@ static int __init ibm_acpiphp_init(void) @@ -66890,7 +67464,7 @@ index 2f6d3a1..5bc1bf1 100644 - ibm_apci_table_attr.size = ibm_get_table_from_acpi(NULL); + pax_open_kernel(); -+ *(size_t *)&ibm_apci_table_attr.size = ibm_get_table_from_acpi(NULL); ++ const_cast(ibm_apci_table_attr.size) = ibm_get_table_from_acpi(NULL); + pax_close_kernel(); retval = sysfs_create_bin_file(sysdir, &ibm_apci_table_attr); @@ -66927,7 +67501,7 @@ index 88a44a7..de358ce 100644 status = cpci_hp_register_controller(&generic_hpc); diff --git a/drivers/pci/hotplug/cpcihp_zt5550.c b/drivers/pci/hotplug/cpcihp_zt5550.c -index 5f49c3f..989cd41 100644 +index 5f49c3f..438f019 100644 --- a/drivers/pci/hotplug/cpcihp_zt5550.c +++ b/drivers/pci/hotplug/cpcihp_zt5550.c @@ -59,7 +59,6 @@ @@ -66964,9 +67538,9 @@ index 5f49c3f..989cd41 100644 - zt5550_hpc_ops.disable_irq = zt5550_hc_disable_irq; - zt5550_hpc_ops.check_irq = zt5550_hc_check_irq; + pax_open_kernel(); -+ *(void **)&zt5550_hpc_ops.enable_irq = zt5550_hc_enable_irq; -+ *(void **)&zt5550_hpc_ops.disable_irq = zt5550_hc_disable_irq; -+ *(void **)&zt5550_hpc_ops.check_irq = zt5550_hc_check_irq; ++ const_cast(zt5550_hpc_ops.enable_irq) = zt5550_hc_enable_irq; ++ const_cast(zt5550_hpc_ops.disable_irq) = zt5550_hc_disable_irq; ++ const_cast(zt5550_hpc_ops.check_irq) = zt5550_hc_check_irq; + pax_open_kernel(); } else { info("using ENUM# polling mode"); @@ -66987,7 +67561,7 @@ index c25fc90..b054774 100644 dbg("int15 entry = %p\n", compaq_int15_entry_point); diff --git a/drivers/pci/hotplug/pci_hotplug_core.c b/drivers/pci/hotplug/pci_hotplug_core.c -index 9acd199..0645a09 100644 +index 9acd199..1b19f5b 100644 --- a/drivers/pci/hotplug/pci_hotplug_core.c +++ b/drivers/pci/hotplug/pci_hotplug_core.c @@ -434,8 +434,10 @@ int __pci_hp_register(struct hotplug_slot *slot, struct pci_bus *bus, @@ -66997,8 +67571,8 @@ index 9acd199..0645a09 100644 - slot->ops->owner = owner; - slot->ops->mod_name = mod_name; + pax_open_kernel(); -+ *(struct module **)&slot->ops->owner = owner; -+ *(const char **)&slot->ops->mod_name = mod_name; ++ const_cast(slot->ops->owner) = owner; ++ const_cast(slot->ops->mod_name) = mod_name; + pax_close_kernel(); mutex_lock(&pci_hp_mutex); @@ -67017,7 +67591,7 @@ index ac531e6..716d058 100644 int retval = -ENOMEM; diff --git a/drivers/pci/msi.c b/drivers/pci/msi.c -index a080f44..9ff42d9 100644 +index a080f44..24ad26c 100644 --- a/drivers/pci/msi.c +++ b/drivers/pci/msi.c @@ -474,8 +474,8 @@ static int populate_msi_sysfs(struct pci_dev *pdev) @@ -67047,13 +67621,13 @@ index a080f44..9ff42d9 100644 + pax_open_kernel(); if (ops->set_desc == NULL) - ops->set_desc = pci_msi_domain_set_desc; -+ *(void **)&ops->set_desc = pci_msi_domain_set_desc; ++ const_cast(ops->set_desc) = pci_msi_domain_set_desc; if (ops->msi_check == NULL) - ops->msi_check = pci_msi_domain_check_cap; -+ *(void **)&ops->msi_check = pci_msi_domain_check_cap; ++ const_cast(ops->msi_check) = pci_msi_domain_check_cap; if (ops->handle_error == NULL) - ops->handle_error = pci_msi_domain_handle_error; -+ *(void **)&ops->handle_error = pci_msi_domain_handle_error; ++ const_cast(ops->handle_error) = pci_msi_domain_handle_error; + pax_close_kernel(); } } @@ -67065,13 +67639,13 @@ index a080f44..9ff42d9 100644 + pax_open_kernel(); if (!chip->irq_write_msi_msg) - chip->irq_write_msi_msg = pci_msi_domain_write_msg; -+ *(void **)&chip->irq_write_msi_msg = pci_msi_domain_write_msg; ++ const_cast(chip->irq_write_msi_msg) = pci_msi_domain_write_msg; if (!chip->irq_mask) - chip->irq_mask = pci_msi_mask_irq; -+ *(void **)&chip->irq_mask = pci_msi_mask_irq; ++ const_cast(chip->irq_mask) = pci_msi_mask_irq; if (!chip->irq_unmask) - chip->irq_unmask = pci_msi_unmask_irq; -+ *(void **)&chip->irq_unmask = pci_msi_unmask_irq; ++ const_cast(chip->irq_unmask) = pci_msi_unmask_irq; + pax_close_kernel(); } @@ -67238,7 +67812,7 @@ index c8969dd..4764267 100644 bool supports_sleepmode; int irq; diff --git a/drivers/pinctrl/pinctrl-at91.c b/drivers/pinctrl/pinctrl-at91.c -index 523b6b7..e9aa88d 100644 +index 523b6b7..eb4c74d 100644 --- a/drivers/pinctrl/pinctrl-at91.c +++ b/drivers/pinctrl/pinctrl-at91.c @@ -24,6 +24,7 @@ @@ -67255,7 +67829,7 @@ index 523b6b7..e9aa88d 100644 /* Setup proper .irq_set_type function */ - gpio_irqchip.irq_set_type = at91_gpio->ops->irq_type; + pax_open_kernel(); -+ *(void **)&gpio_irqchip.irq_set_type = at91_gpio->ops->irq_type; ++ const_cast(gpio_irqchip.irq_set_type) = at91_gpio->ops->irq_type; + pax_close_kernel(); /* Disable irqs of this PIO controller */ @@ -67398,7 +67972,7 @@ index 6aa33c4..cfb5425 100644 .ident = "OakTrail platform", .matches = { diff --git a/drivers/platform/x86/msi-laptop.c b/drivers/platform/x86/msi-laptop.c -index 4231770..10a6caf 100644 +index 4231770..cbf93a6 100644 --- a/drivers/platform/x86/msi-laptop.c +++ b/drivers/platform/x86/msi-laptop.c @@ -605,7 +605,7 @@ static int dmi_check_cb(const struct dmi_system_id *dmi) @@ -67421,12 +67995,12 @@ index 4231770..10a6caf 100644 - dev_attr_wlan.attr.mode |= S_IWUSR; - dev_attr_threeg.attr.mode |= S_IWUSR; + pax_open_kernel(); -+ *(void **)&dev_attr_bluetooth.store = store_bluetooth; -+ *(void **)&dev_attr_wlan.store = store_wlan; -+ *(void **)&dev_attr_threeg.store = store_threeg; -+ *(umode_t *)&dev_attr_bluetooth.attr.mode |= S_IWUSR; -+ *(umode_t *)&dev_attr_wlan.attr.mode |= S_IWUSR; -+ *(umode_t *)&dev_attr_threeg.attr.mode |= S_IWUSR; ++ const_cast(dev_attr_bluetooth.store) = store_bluetooth; ++ const_cast(dev_attr_wlan.store) = store_wlan; ++ const_cast(dev_attr_threeg.store) = store_threeg; ++ const_cast(dev_attr_bluetooth.attr.mode) |= S_IWUSR; ++ const_cast(dev_attr_wlan.attr.mode) |= S_IWUSR; ++ const_cast(dev_attr_threeg.attr.mode) |= S_IWUSR; + pax_close_kernel(); } @@ -67756,7 +68330,7 @@ index ed2d7fd..266b28f 100644 __power_supply_attrs[i] = &power_supply_attrs[i].attr; } diff --git a/drivers/power/reset/at91-reset.c b/drivers/power/reset/at91-reset.c -index 1b5d450..3257054 100644 +index 1b5d450..b6042f8 100644 --- a/drivers/power/reset/at91-reset.c +++ b/drivers/power/reset/at91-reset.c @@ -17,6 +17,7 @@ @@ -67773,13 +68347,13 @@ index 1b5d450..3257054 100644 match = of_match_node(at91_reset_of_match, pdev->dev.of_node); - at91_restart_nb.notifier_call = match->data; + pax_open_kernel(); -+ *(void **)&at91_restart_nb.notifier_call = match->data; ++ const_cast(at91_restart_nb.notifier_call) = match->data; + pax_close_kernel(); sclk = devm_clk_get(&pdev->dev, NULL); if (IS_ERR(sclk)) diff --git a/drivers/powercap/powercap_sys.c b/drivers/powercap/powercap_sys.c -index 14bde0d..89f2669 100644 +index 14bde0d..9391277 100644 --- a/drivers/powercap/powercap_sys.c +++ b/drivers/powercap/powercap_sys.c @@ -154,8 +154,77 @@ struct powercap_constraint_attr { @@ -67887,7 +68461,7 @@ index 14bde0d..89f2669 100644 - dev_attr->store = store; + + pax_open_kernel(); -+ *(const char **)&dev_attr->attr.name = name; ++ const_cast(dev_attr->attr.name) = name; + pax_close_kernel(); return 0; @@ -67959,10 +68533,10 @@ index 14bde0d..89f2669 100644 + pax_open_kernel(); if (power_zone->ops->reset_energy_uj) - dev_attr_energy_uj.attr.mode = S_IWUSR | S_IRUGO; -+ *(umode_t *)&dev_attr_energy_uj.attr.mode = S_IWUSR | S_IRUGO; ++ const_cast(dev_attr_energy_uj.attr.mode) = S_IWUSR | S_IRUGO; else - dev_attr_energy_uj.attr.mode = S_IRUGO; -+ *(umode_t *)&dev_attr_energy_uj.attr.mode = S_IRUGO; ++ const_cast(dev_attr_energy_uj.attr.mode) = S_IRUGO; + pax_close_kernel(); power_zone->zone_dev_attrs[count++] = &dev_attr_energy_uj.attr; @@ -68016,7 +68590,7 @@ index 744c988..a269ffb 100644 if (ret != 0) { put_device(&rdev->dev); diff --git a/drivers/regulator/max8660.c b/drivers/regulator/max8660.c -index b87f62d..345b9a1 100644 +index b87f62d..34f1cdf 100644 --- a/drivers/regulator/max8660.c +++ b/drivers/regulator/max8660.c @@ -423,8 +423,10 @@ static int max8660_probe(struct i2c_client *client, @@ -68026,14 +68600,14 @@ index b87f62d..345b9a1 100644 - max8660_dcdc_ops.enable = max8660_dcdc_enable; - max8660_dcdc_ops.disable = max8660_dcdc_disable; + pax_open_kernel(); -+ *(void **)&max8660_dcdc_ops.enable = max8660_dcdc_enable; -+ *(void **)&max8660_dcdc_ops.disable = max8660_dcdc_disable; ++ const_cast(max8660_dcdc_ops.enable) = max8660_dcdc_enable; ++ const_cast(max8660_dcdc_ops.disable) = max8660_dcdc_disable; + pax_close_kernel(); } /* diff --git a/drivers/regulator/max8973-regulator.c b/drivers/regulator/max8973-regulator.c -index 5b75b7c..142c226 100644 +index 5b75b7c..8b1bb06 100644 --- a/drivers/regulator/max8973-regulator.c +++ b/drivers/regulator/max8973-regulator.c @@ -658,9 +658,11 @@ static int max8973_probe(struct i2c_client *client, @@ -68044,9 +68618,9 @@ index 5b75b7c..142c226 100644 - max->ops.disable = regulator_disable_regmap; - max->ops.is_enabled = regulator_is_enabled_regmap; + pax_open_kernel(); -+ *(void **)&max->ops.enable = regulator_enable_regmap; -+ *(void **)&max->ops.disable = regulator_disable_regmap; -+ *(void **)&max->ops.is_enabled = regulator_is_enabled_regmap; ++ const_cast(max->ops.enable) = regulator_enable_regmap; ++ const_cast(max->ops.disable) = regulator_disable_regmap; ++ const_cast(max->ops.is_enabled) = regulator_is_enabled_regmap; + pax_close_kernel(); break; } @@ -68059,15 +68633,15 @@ index 5b75b7c..142c226 100644 - max->ops.disable = regulator_disable_regmap; - max->ops.is_enabled = regulator_is_enabled_regmap; + pax_open_kernel(); -+ *(void **)&max->ops.enable = regulator_enable_regmap; -+ *(void **)&max->ops.disable = regulator_disable_regmap; -+ *(void **)&max->ops.is_enabled = regulator_is_enabled_regmap; ++ const_cast(max->ops.enable) = regulator_enable_regmap; ++ const_cast(max->ops.disable) = regulator_disable_regmap; ++ const_cast(max->ops.is_enabled) = regulator_is_enabled_regmap; + pax_close_kernel(); max->ops.set_current_limit = max8973_set_current_limit; max->ops.get_current_limit = max8973_get_current_limit; break; diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c -index 0d17c92..a29f627 100644 +index 0d17c92..ce5897e 100644 --- a/drivers/regulator/mc13892-regulator.c +++ b/drivers/regulator/mc13892-regulator.c @@ -584,10 +584,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev) @@ -68080,8 +68654,8 @@ index 0d17c92..a29f627 100644 sizeof(struct regulator_ops)); - mc13892_vcam_ops.set_mode = mc13892_vcam_set_mode, - mc13892_vcam_ops.get_mode = mc13892_vcam_get_mode, -+ *(void **)&mc13892_vcam_ops.set_mode = mc13892_vcam_set_mode, -+ *(void **)&mc13892_vcam_ops.get_mode = mc13892_vcam_get_mode, ++ const_cast(mc13892_vcam_ops.set_mode) = mc13892_vcam_set_mode, ++ const_cast(mc13892_vcam_ops.get_mode) = mc13892_vcam_get_mode, + pax_close_kernel(); mc13892_regulators[MC13892_VCAM].desc.ops = &mc13892_vcam_ops; @@ -68177,7 +68751,7 @@ index 9e03d15..36e341c 100644 /* handle firmware resource entries before booting the remote processor */ diff --git a/drivers/rtc/rtc-armada38x.c b/drivers/rtc/rtc-armada38x.c -index 9a3f2a6..604f463 100644 +index 9a3f2a6..c19b00a 100644 --- a/drivers/rtc/rtc-armada38x.c +++ b/drivers/rtc/rtc-armada38x.c @@ -18,6 +18,7 @@ @@ -68195,14 +68769,14 @@ index 9a3f2a6..604f463 100644 - armada38x_rtc_ops.set_alarm = NULL; - armada38x_rtc_ops.alarm_irq_enable = NULL; + pax_open_kernel(); -+ *(void **)&armada38x_rtc_ops.set_alarm = NULL; -+ *(void **)&armada38x_rtc_ops.alarm_irq_enable = NULL; ++ const_cast(armada38x_rtc_ops.set_alarm) = NULL; ++ const_cast(armada38x_rtc_ops.alarm_irq_enable) = NULL; + pax_close_kernel(); } platform_set_drvdata(pdev, rtc); if (rtc->irq != -1) diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c -index 84fb541..fee0421a 100644 +index 84fb541..a526dd0 100644 --- a/drivers/rtc/rtc-cmos.c +++ b/drivers/rtc/rtc-cmos.c @@ -735,7 +735,9 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq) @@ -68211,7 +68785,7 @@ index 84fb541..fee0421a 100644 /* export at least the first block of NVRAM */ - nvram.size = address_space - NVRAM_OFFSET; + pax_open_kernel(); -+ *(size_t *)&nvram.size = address_space - NVRAM_OFFSET; ++ const_cast(nvram.size) = address_space - NVRAM_OFFSET; + pax_close_kernel(); retval = sysfs_create_bin_file(&dev->kobj, &nvram); if (retval < 0) { @@ -68251,7 +68825,7 @@ index cf685f6..2311b8f 100644 unsigned long flags; #define HAS_NVRAM 0 /* bit 0 == sysfs file active */ diff --git a/drivers/rtc/rtc-m48t59.c b/drivers/rtc/rtc-m48t59.c -index d99a705..f8ebd79 100644 +index d99a705..99654e7 100644 --- a/drivers/rtc/rtc-m48t59.c +++ b/drivers/rtc/rtc-m48t59.c @@ -485,7 +485,9 @@ static int m48t59_rtc_probe(struct platform_device *pdev) @@ -68260,7 +68834,7 @@ index d99a705..f8ebd79 100644 - m48t59_nvram_attr.size = pdata->offset; + pax_open_kernel(); -+ *(size_t *)&m48t59_nvram_attr.size = pdata->offset; ++ const_cast(m48t59_nvram_attr.size) = pdata->offset; + pax_close_kernel(); ret = sysfs_create_bin_file(&pdev->dev.kobj, &m48t59_nvram_attr); @@ -68303,7 +68877,7 @@ index 7155c08..10ba718 100644 dev_err(&client->dev, "unable to register the class device\n"); return PTR_ERR(rv8803->rtc); diff --git a/drivers/rtc/rtc-rx8010.c b/drivers/rtc/rtc-rx8010.c -index 772d221..60e31aa 100644 +index 772d221..3a56e42 100644 --- a/drivers/rtc/rtc-rx8010.c +++ b/drivers/rtc/rtc-rx8010.c @@ -489,9 +489,11 @@ static int rx8010_probe(struct i2c_client *client, @@ -68314,15 +68888,15 @@ index 772d221..60e31aa 100644 - rx8010_rtc_ops.set_alarm = rx8010_set_alarm; - rx8010_rtc_ops.alarm_irq_enable = rx8010_alarm_irq_enable; + pax_open_kernel(); -+ *(void **)&rx8010_rtc_ops.read_alarm = rx8010_read_alarm; -+ *(void **)&rx8010_rtc_ops.set_alarm = rx8010_set_alarm; -+ *(void **)&rx8010_rtc_ops.alarm_irq_enable = rx8010_alarm_irq_enable; ++ const_cast(rx8010_rtc_ops.read_alarm) = rx8010_read_alarm; ++ const_cast(rx8010_rtc_ops.set_alarm) = rx8010_set_alarm; ++ const_cast(rx8010_rtc_ops.alarm_irq_enable) = rx8010_alarm_irq_enable; + pax_close_kernel(); } } diff --git a/drivers/rtc/rtc-test.c b/drivers/rtc/rtc-test.c -index 3a2da4c..e88493c 100644 +index 3a2da4c..1d1d4b1 100644 --- a/drivers/rtc/rtc-test.c +++ b/drivers/rtc/rtc-test.c @@ -112,8 +112,10 @@ static int test_probe(struct platform_device *plat_dev) @@ -68332,34 +68906,16 @@ index 3a2da4c..e88493c 100644 - test_rtc_ops.set_mmss64 = test_rtc_set_mmss64; - test_rtc_ops.set_mmss = NULL; + pax_open_kernel(); -+ *(void **)&test_rtc_ops.set_mmss64 = test_rtc_set_mmss64; -+ *(void **)&test_rtc_ops.set_mmss = NULL; ++ const_cast(test_rtc_ops.set_mmss64) = test_rtc_set_mmss64; ++ const_cast(test_rtc_ops.set_mmss) = NULL; + pax_close_kernel(); } rtc = devm_rtc_device_register(&plat_dev->dev, "test", diff --git a/drivers/scsi/aacraid/aachba.c b/drivers/scsi/aacraid/aachba.c -index e4c2437..2297164 100644 +index e4c2437..3b3cd62 100644 --- a/drivers/scsi/aacraid/aachba.c +++ b/drivers/scsi/aacraid/aachba.c -@@ -647,7 +647,7 @@ static void _aac_probe_container2(void * context, struct fib * fibptr) - } - aac_fib_complete(fibptr); - aac_fib_free(fibptr); -- callback = (int (*)(struct scsi_cmnd *))(scsicmd->SCp.ptr); -+ callback = scsicmd->SCp.ptr; - scsicmd->SCp.ptr = NULL; - (*callback)(scsicmd); - return; -@@ -726,7 +726,7 @@ static int _aac_probe_container(struct scsi_cmnd * scsicmd, int (*callback)(stru - - dinfo->count = cpu_to_le32(scmd_id(scsicmd)); - dinfo->type = cpu_to_le32(FT_FILESYS); -- scsicmd->SCp.ptr = (char *)callback; -+ scsicmd->SCp.ptr = callback; - - status = aac_fib_send(ContainerCommand, - fibptr, @@ -775,6 +775,11 @@ static int aac_probe_container_callback1(struct scsi_cmnd * scsicmd) return 0; } @@ -70641,7 +71197,7 @@ index 25aa9b9..d700a65 100644 snprintf(name, sizeof(name), "discovery_trace"); vport->debug_disc_trc = diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c -index f57d02c..ab7b70c 100644 +index f57d02c..6ba534b 100644 --- a/drivers/scsi/lpfc/lpfc_init.c +++ b/drivers/scsi/lpfc/lpfc_init.c @@ -11028,7 +11028,7 @@ lpfc_pci_resume_one(struct pci_dev *pdev) @@ -70660,8 +71216,8 @@ index f57d02c..ab7b70c 100644 - lpfc_transport_functions.vport_create = lpfc_vport_create; - lpfc_transport_functions.vport_delete = lpfc_vport_delete; + pax_open_kernel(); -+ *(void **)&lpfc_transport_functions.vport_create = lpfc_vport_create; -+ *(void **)&lpfc_transport_functions.vport_delete = lpfc_vport_delete; ++ const_cast(lpfc_transport_functions.vport_create) = lpfc_vport_create; ++ const_cast(lpfc_transport_functions.vport_delete) = lpfc_vport_delete; + pax_close_kernel(); } lpfc_transport_template = @@ -71004,7 +71560,7 @@ index 0103e46..6220a84 100644 extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *, bool); extern void qla2x00_init_host_attr(scsi_qla_host_t *); diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c -index f6c7ce3..2dd675b 100644 +index f6c7ce3..dccd3d4 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -291,12 +291,12 @@ struct scsi_transport_template *qla2xxx_transport_vport_template = NULL; @@ -71029,8 +71585,8 @@ index f6c7ce3..2dd675b 100644 - ha->isp_ops->calc_req_entries = qla2x00_calc_iocbs_64; - ha->isp_ops->build_iocbs = qla2x00_build_scsi_iocbs_64; + pax_open_kernel(); -+ *(void **)&ha->isp_ops->calc_req_entries = qla2x00_calc_iocbs_64; -+ *(void **)&ha->isp_ops->build_iocbs = qla2x00_build_scsi_iocbs_64; ++ const_cast(ha->isp_ops->calc_req_entries) = qla2x00_calc_iocbs_64; ++ const_cast(ha->isp_ops->build_iocbs) = qla2x00_build_scsi_iocbs_64; + pax_close_kernel(); return; } @@ -74424,7 +74980,7 @@ index 9a14074..3d02410 100644 struct rtw_adapter *padapter = netdev_priv(pnetdev); struct xmit_priv *pxmitpriv = &padapter->xmitpriv; diff --git a/drivers/staging/sm750fb/sm750.c b/drivers/staging/sm750fb/sm750.c -index c78421b..f75c4c4 100644 +index c78421b..e1ba746 100644 --- a/drivers/staging/sm750fb/sm750.c +++ b/drivers/staging/sm750fb/sm750.c @@ -720,6 +720,7 @@ static struct fb_ops lynxfb_ops = { @@ -74449,7 +75005,7 @@ index c78421b..f75c4c4 100644 if (!g_hwcursor) { - lynxfb_ops.fb_cursor = NULL; + pax_open_kernel(); -+ *(void **)&lynxfb_ops.fb_cursor = NULL; ++ const_cast(lynxfb_ops.fb_cursor) = NULL; + pax_close_kernel(); hw_cursor_disable(&crtc->cursor); } @@ -74461,9 +75017,9 @@ index c78421b..f75c4c4 100644 - lynxfb_ops.fb_copyarea = lynxfb_ops_copyarea; - lynxfb_ops.fb_imageblit = lynxfb_ops_imageblit; + pax_open_kernel(); -+ *(void **)&lynxfb_ops.fb_fillrect = lynxfb_ops_fillrect; -+ *(void **)&lynxfb_ops.fb_copyarea = lynxfb_ops_copyarea; -+ *(void **)&lynxfb_ops.fb_imageblit = lynxfb_ops_imageblit; ++ const_cast(lynxfb_ops.fb_fillrect) = lynxfb_ops_fillrect; ++ const_cast(lynxfb_ops.fb_copyarea) = lynxfb_ops_copyarea; ++ const_cast(lynxfb_ops.fb_imageblit) = lynxfb_ops_imageblit; + pax_close_kernel(); } info->fbops = &lynxfb_ops; @@ -74589,7 +75145,7 @@ index 3072f1a..1071742 100644 login->tgt_agt = sbp_target_agent_register(login); if (IS_ERR(login->tgt_agt)) { diff --git a/drivers/thermal/cpu_cooling.c b/drivers/thermal/cpu_cooling.c -index 6ceac4f..b2ed52c 100644 +index 6ceac4f..f8059ccd 100644 --- a/drivers/thermal/cpu_cooling.c +++ b/drivers/thermal/cpu_cooling.c @@ -838,10 +838,11 @@ __cpufreq_cooling_register(struct device_node *np, @@ -74601,9 +75157,9 @@ index 6ceac4f..b2ed52c 100644 - cpufreq_cooling_ops.state2power = cpufreq_state2power; - cpufreq_cooling_ops.power2state = cpufreq_power2state; + pax_open_kernel(); -+ *(void **)&cpufreq_cooling_ops.get_requested_power = cpufreq_get_requested_power; -+ *(void **)&cpufreq_cooling_ops.state2power = cpufreq_state2power; -+ *(void **)&cpufreq_cooling_ops.power2state = cpufreq_power2state; ++ const_cast(cpufreq_cooling_ops.get_requested_power) = cpufreq_get_requested_power; ++ const_cast(cpufreq_cooling_ops.state2power) = cpufreq_state2power; ++ const_cast(cpufreq_cooling_ops.power2state) = cpufreq_power2state; + pax_close_kernel(); cpufreq_dev->plat_get_static_power = plat_static_func; @@ -74655,7 +75211,7 @@ index 01f0015..aa56551 100644 err = PTR_ERR(cdev); dev_err(df->dev.parent, diff --git a/drivers/thermal/int340x_thermal/int3400_thermal.c b/drivers/thermal/int340x_thermal/int3400_thermal.c -index 5836e55..740ab89 100644 +index 5836e55..708bbd6 100644 --- a/drivers/thermal/int340x_thermal/int3400_thermal.c +++ b/drivers/thermal/int340x_thermal/int3400_thermal.c @@ -272,8 +272,10 @@ static int int3400_thermal_probe(struct platform_device *pdev) @@ -74665,14 +75221,14 @@ index 5836e55..740ab89 100644 - int3400_thermal_ops.get_mode = int3400_thermal_get_mode; - int3400_thermal_ops.set_mode = int3400_thermal_set_mode; + pax_open_kernel(); -+ *(void **)&int3400_thermal_ops.get_mode = int3400_thermal_get_mode; -+ *(void **)&int3400_thermal_ops.set_mode = int3400_thermal_set_mode; ++ const_cast(int3400_thermal_ops.get_mode) = int3400_thermal_get_mode; ++ const_cast(int3400_thermal_ops.set_mode) = int3400_thermal_set_mode; + pax_close_kernel(); } priv->thermal = thermal_zone_device_register("INT3400 Thermal", 0, 0, priv, &int3400_thermal_ops, diff --git a/drivers/thermal/of-thermal.c b/drivers/thermal/of-thermal.c -index 9043f8f..ab0f354 100644 +index 9043f8f..1b53349 100644 --- a/drivers/thermal/of-thermal.c +++ b/drivers/thermal/of-thermal.c @@ -31,6 +31,7 @@ @@ -74691,9 +75247,9 @@ index 9043f8f..ab0f354 100644 - tzd->ops->get_trend = of_thermal_get_trend; - tzd->ops->set_emul_temp = of_thermal_set_emul_temp; + pax_open_kernel(); -+ *(void **)&tzd->ops->get_temp = of_thermal_get_temp; -+ *(void **)&tzd->ops->get_trend = of_thermal_get_trend; -+ *(void **)&tzd->ops->set_emul_temp = of_thermal_set_emul_temp; ++ const_cast(tzd->ops->get_temp) = of_thermal_get_temp; ++ const_cast(tzd->ops->get_trend) = of_thermal_get_trend; ++ const_cast(tzd->ops->set_emul_temp) = of_thermal_set_emul_temp; + pax_close_kernel(); mutex_unlock(&tzd->lock); @@ -74706,9 +75262,9 @@ index 9043f8f..ab0f354 100644 - tzd->ops->get_trend = NULL; - tzd->ops->set_emul_temp = NULL; + pax_open_kernel(); -+ *(void **)&tzd->ops->get_temp = NULL; -+ *(void **)&tzd->ops->get_trend = NULL; -+ *(void **)&tzd->ops->set_emul_temp = NULL; ++ const_cast(tzd->ops->get_temp) = NULL; ++ const_cast(tzd->ops->get_trend) = NULL; ++ const_cast(tzd->ops->set_emul_temp) = NULL; + pax_close_kernel(); tz->ops = NULL; @@ -75289,7 +75845,7 @@ index b280abaa..3ccd7d1 100644 } EXPORT_SYMBOL_GPL(n_tty_inherit_ops); diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index 2348fa6..14894f4 100644 +index 2348fa6..490e407 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c @@ -879,8 +879,10 @@ static void __init unix98_pty_init(void) @@ -75299,7 +75855,7 @@ index 2348fa6..14894f4 100644 + pax_open_kernel(); tty_default_fops(&ptmx_fops); - ptmx_fops.open = ptmx_open; -+ *(void **)&ptmx_fops.open = ptmx_open; ++ const_cast(ptmx_fops.open) = ptmx_open; + pax_close_kernel(); cdev_init(&ptmx_cdev, &ptmx_fops); @@ -75336,7 +75892,7 @@ index 802eac7..f5dcf07 100644 clear_bit((info->aiop * 8) + info->chan, (void *) &xmit_flags[info->board]); spin_unlock_irqrestore(&info->port.lock, flags); diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c -index c9720a9..f6c9276 100644 +index c9720a9..964f2d9 100644 --- a/drivers/tty/serial/8250/8250_core.c +++ b/drivers/tty/serial/8250/8250_core.c @@ -488,9 +488,9 @@ static void univ8250_release_port(struct uart_port *port) @@ -75346,9 +75902,9 @@ index c9720a9..f6c9276 100644 - ops->config_port = univ8250_config_port; - ops->request_port = univ8250_request_port; - ops->release_port = univ8250_release_port; -+ *(void **)&ops->config_port = univ8250_config_port; -+ *(void **)&ops->request_port = univ8250_request_port; -+ *(void **)&ops->release_port = univ8250_release_port; ++ const_cast(ops->config_port) = univ8250_config_port; ++ const_cast(ops->request_port) = univ8250_request_port; ++ const_cast(ops->release_port) = univ8250_release_port; } #else @@ -75435,7 +75991,7 @@ index a119f11..120444e 100644 struct jsm_board *brd = pci_get_drvdata(pdev); diff --git a/drivers/tty/serial/kgdb_nmi.c b/drivers/tty/serial/kgdb_nmi.c -index 117df15..2f7dfcf 100644 +index 117df15..8f7486f 100644 --- a/drivers/tty/serial/kgdb_nmi.c +++ b/drivers/tty/serial/kgdb_nmi.c @@ -53,7 +53,9 @@ static int kgdb_nmi_console_setup(struct console *co, char *options) @@ -75444,7 +76000,7 @@ index 117df15..2f7dfcf 100644 */ - dbg_io_ops->is_console = true; + pax_open_kernel(); -+ *(int *)&dbg_io_ops->is_console = true; ++ const_cast(dbg_io_ops->is_console) = true; + pax_close_kernel(); return 0; @@ -76984,6 +77540,105 @@ index 48672fa..9245081 100644 /* Device for a quirk */ #define PCI_VENDOR_ID_FRESCO_LOGIC 0x1b73 +diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c +index a85a1c9..0f198bc 100644 +--- a/drivers/usb/host/xhci-ring.c ++++ b/drivers/usb/host/xhci-ring.c +@@ -1861,9 +1861,9 @@ td_cleanup: + * unsigned). Play it safe and say we didn't transfer anything. + */ + if (urb->actual_length > urb->transfer_buffer_length) { +- xhci_warn(xhci, "URB transfer length is wrong, xHC issue? req. len = %u, act. len = %u\n", ++ xhci_warn(xhci, "URB transfer length is wrong, xHC issue? req. len = %u, trans. len = %u\n", + urb->transfer_buffer_length, +- urb->actual_length); ++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len))); + urb->actual_length = 0; + if (td->urb->transfer_flags & URB_SHORT_NOT_OK) + *status = -EREMOTEIO; +@@ -1942,10 +1942,15 @@ static int process_ctrl_td(struct xhci_hcd *xhci, struct xhci_td *td, + return finish_td(xhci, td, event_trb, event, ep, status, false); + case COMP_STOP: + /* Did we stop at data stage? */ +- if (event_trb != ep_ring->dequeue && event_trb != td->last_trb) +- td->urb->actual_length = +- td->urb->transfer_buffer_length - +- EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)); ++ if (event_trb != ep_ring->dequeue && event_trb != td->last_trb) { ++ if (td->urb->transfer_buffer_length >= EVENT_TRB_LEN(le32_to_cpu(event->transfer_len))) ++ td->urb->actual_length = ++ td->urb->transfer_buffer_length - ++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)); ++ else ++ td->urb->actual_length = ++ td->urb->transfer_buffer_length + 1; ++ } + /* fall through */ + case COMP_STOP_INVAL: + return finish_td(xhci, td, event_trb, event, ep, status, false); +@@ -1959,12 +1964,15 @@ static int process_ctrl_td(struct xhci_hcd *xhci, struct xhci_td *td, + /* else fall through */ + case COMP_STALL: + /* Did we transfer part of the data (middle) phase? */ +- if (event_trb != ep_ring->dequeue && +- event_trb != td->last_trb) +- td->urb->actual_length = +- td->urb->transfer_buffer_length - +- EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)); +- else if (!td->urb_length_set) ++ if (event_trb != ep_ring->dequeue && event_trb != td->last_trb) { ++ if (td->urb->transfer_buffer_length >= EVENT_TRB_LEN(le32_to_cpu(event->transfer_len))) ++ td->urb->actual_length = ++ td->urb->transfer_buffer_length - ++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)); ++ else ++ td->urb->actual_length = ++ td->urb->transfer_buffer_length + 1; ++ } else if (!td->urb_length_set) + td->urb->actual_length = 0; + + return finish_td(xhci, td, event_trb, event, ep, status, false); +@@ -1997,9 +2005,12 @@ static int process_ctrl_td(struct xhci_hcd *xhci, struct xhci_td *td, + * the last TRB. + */ + td->urb_length_set = true; +- td->urb->actual_length = +- td->urb->transfer_buffer_length - +- EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)); ++ if (td->urb->transfer_buffer_length >= EVENT_TRB_LEN(le32_to_cpu(event->transfer_len))) ++ td->urb->actual_length = ++ td->urb->transfer_buffer_length - ++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)); ++ else ++ BUG(); + xhci_dbg(xhci, "Waiting for status " + "stage event\n"); + return 0; +@@ -2194,11 +2205,7 @@ static int process_bulk_intr_td(struct xhci_hcd *xhci, struct xhci_td *td, + /* Fast path - was this the last TRB in the TD for this URB? */ + } else if (event_trb == td->last_trb) { + if (EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)) != 0) { +- td->urb->actual_length = +- td->urb->transfer_buffer_length - +- EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)); +- if (td->urb->transfer_buffer_length < +- td->urb->actual_length) { ++ if (td->urb->transfer_buffer_length < EVENT_TRB_LEN(le32_to_cpu(event->transfer_len))) { + xhci_warn(xhci, "HC gave bad length " + "of %d bytes left\n", + EVENT_TRB_LEN(le32_to_cpu(event->transfer_len))); +@@ -2207,7 +2214,10 @@ static int process_bulk_intr_td(struct xhci_hcd *xhci, struct xhci_td *td, + *status = -EREMOTEIO; + else + *status = 0; +- } ++ } else ++ td->urb->actual_length = ++ td->urb->transfer_buffer_length - ++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)); + /* Don't overwrite a previously set error code */ + if (*status == -EINPROGRESS) { + if (td->urb->transfer_flags & URB_SHORT_NOT_OK) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 8e713cc..8c92a15 100644 --- a/drivers/usb/host/xhci.c @@ -77621,7 +78276,7 @@ index c42ce2f..4c8bc59 100644 "PCI", "PRO AGP", diff --git a/drivers/video/fbdev/aty/atyfb_base.c b/drivers/video/fbdev/aty/atyfb_base.c -index f34ed47f..026367f 100644 +index f34ed47f..7283c9f 100644 --- a/drivers/video/fbdev/aty/atyfb_base.c +++ b/drivers/video/fbdev/aty/atyfb_base.c @@ -1335,10 +1335,14 @@ static int atyfb_set_par(struct fb_info *info) @@ -77630,13 +78285,13 @@ index f34ed47f..026367f 100644 if (var->accel_flags) { - info->fbops->fb_sync = atyfb_sync; + pax_open_kernel(); -+ *(void **)&info->fbops->fb_sync = atyfb_sync; ++ const_cast(info->fbops->fb_sync) = atyfb_sync; + pax_close_kernel(); info->flags &= ~FBINFO_HWACCEL_DISABLED; } else { - info->fbops->fb_sync = NULL; + pax_open_kernel(); -+ *(void **)&info->fbops->fb_sync = NULL; ++ const_cast(info->fbops->fb_sync) = NULL; + pax_close_kernel(); info->flags |= FBINFO_HWACCEL_DISABLED; } @@ -77663,7 +78318,7 @@ index 51f29d6..2c15339 100644 const struct aty_pll_ops aty_pll_ct = { diff --git a/drivers/video/fbdev/aty/mach64_cursor.c b/drivers/video/fbdev/aty/mach64_cursor.c -index 2fa0317..4983f2a 100644 +index 2fa0317..d687dab 100644 --- a/drivers/video/fbdev/aty/mach64_cursor.c +++ b/drivers/video/fbdev/aty/mach64_cursor.c @@ -8,6 +8,7 @@ @@ -77680,7 +78335,7 @@ index 2fa0317..4983f2a 100644 - info->fbops->fb_cursor = atyfb_cursor; + pax_open_kernel(); -+ *(void **)&info->fbops->fb_cursor = atyfb_cursor; ++ const_cast(info->fbops->fb_cursor) = atyfb_cursor; + pax_close_kernel(); return 0; @@ -77721,7 +78376,7 @@ index 10c988a..f7d9299 100644 + .set_pll = aty_set_pll, }; diff --git a/drivers/video/fbdev/core/fb_defio.c b/drivers/video/fbdev/core/fb_defio.c -index 57721c7..55142ed 100644 +index 57721c7..332b94b 100644 --- a/drivers/video/fbdev/core/fb_defio.c +++ b/drivers/video/fbdev/core/fb_defio.c @@ -207,7 +207,9 @@ void fb_deferred_io_init(struct fb_info *info) @@ -77730,17 +78385,19 @@ index 57721c7..55142ed 100644 mutex_init(&fbdefio->lock); - info->fbops->fb_mmap = fb_deferred_io_mmap; + pax_open_kernel(); -+ *(void **)&info->fbops->fb_mmap = fb_deferred_io_mmap; ++ const_cast(info->fbops->fb_mmap) = fb_deferred_io_mmap; + pax_close_kernel(); INIT_DELAYED_WORK(&info->deferred_work, fb_deferred_io_work); INIT_LIST_HEAD(&fbdefio->pagelist); if (fbdefio->delay == 0) /* set a default of 1 s */ -@@ -238,7 +240,7 @@ void fb_deferred_io_cleanup(struct fb_info *info) +@@ -238,7 +240,9 @@ void fb_deferred_io_cleanup(struct fb_info *info) page->mapping = NULL; } - info->fbops->fb_mmap = NULL; -+ *(void **)&info->fbops->fb_mmap = NULL; ++ pax_open_kernel(); ++ const_cast(info->fbops->fb_mmap) = NULL; ++ pax_close_kernel(); mutex_destroy(&fbdefio->lock); } EXPORT_SYMBOL_GPL(fb_deferred_io_cleanup); @@ -77872,7 +78529,7 @@ index 11eb094..622ee31 100644 { 640, 480, 48, 16, 33, 10, 96, 2, 60 }, { 800, 600, 144, 24, 28, 8, 112, 6, 60 }, diff --git a/drivers/video/fbdev/mb862xx/mb862xxfb_accel.c b/drivers/video/fbdev/mb862xx/mb862xxfb_accel.c -index fe92eed..106e085 100644 +index fe92eed..239e386 100644 --- a/drivers/video/fbdev/mb862xx/mb862xxfb_accel.c +++ b/drivers/video/fbdev/mb862xx/mb862xxfb_accel.c @@ -312,14 +312,18 @@ void mb862xxfb_init_accel(struct fb_info *info, int xres) @@ -77883,9 +78540,9 @@ index fe92eed..106e085 100644 - info->fbops->fb_copyarea = cfb_copyarea; - info->fbops->fb_imageblit = cfb_imageblit; + pax_open_kernel(); -+ *(void **)&info->fbops->fb_fillrect = cfb_fillrect; -+ *(void **)&info->fbops->fb_copyarea = cfb_copyarea; -+ *(void **)&info->fbops->fb_imageblit = cfb_imageblit; ++ const_cast(info->fbops->fb_fillrect) = cfb_fillrect; ++ const_cast(info->fbops->fb_copyarea) = cfb_copyarea; ++ const_cast(info->fbops->fb_imageblit) = cfb_imageblit; + pax_close_kernel(); } else { outreg(disp, GC_L0EM, 3); @@ -77893,15 +78550,15 @@ index fe92eed..106e085 100644 - info->fbops->fb_copyarea = mb86290fb_copyarea; - info->fbops->fb_imageblit = mb86290fb_imageblit; + pax_open_kernel(); -+ *(void **)&info->fbops->fb_fillrect = mb86290fb_fillrect; -+ *(void **)&info->fbops->fb_copyarea = mb86290fb_copyarea; -+ *(void **)&info->fbops->fb_imageblit = mb86290fb_imageblit; ++ const_cast(info->fbops->fb_fillrect) = mb86290fb_fillrect; ++ const_cast(info->fbops->fb_copyarea) = mb86290fb_copyarea; ++ const_cast(info->fbops->fb_imageblit) = mb86290fb_imageblit; + pax_close_kernel(); } outreg(draw, GDC_REG_DRAW_BASE, 0); outreg(draw, GDC_REG_MODE_MISC, 0x8000); diff --git a/drivers/video/fbdev/nvidia/nvidia.c b/drivers/video/fbdev/nvidia/nvidia.c -index ce7dab7..a87baf8 100644 +index ce7dab7..89d6521 100644 --- a/drivers/video/fbdev/nvidia/nvidia.c +++ b/drivers/video/fbdev/nvidia/nvidia.c @@ -660,19 +660,23 @@ static int nvidiafb_set_par(struct fb_info *info) @@ -77913,10 +78570,10 @@ index ce7dab7..a87baf8 100644 - info->fbops->fb_copyarea = nvidiafb_copyarea; - info->fbops->fb_sync = nvidiafb_sync; + pax_open_kernel(); -+ *(void **)&info->fbops->fb_imageblit = nvidiafb_imageblit; -+ *(void **)&info->fbops->fb_fillrect = nvidiafb_fillrect; -+ *(void **)&info->fbops->fb_copyarea = nvidiafb_copyarea; -+ *(void **)&info->fbops->fb_sync = nvidiafb_sync; ++ const_cast(info->fbops->fb_imageblit) = nvidiafb_imageblit; ++ const_cast(info->fbops->fb_fillrect) = nvidiafb_fillrect; ++ const_cast(info->fbops->fb_copyarea) = nvidiafb_copyarea; ++ const_cast(info->fbops->fb_sync) = nvidiafb_sync; + pax_close_kernel(); info->pixmap.scan_align = 4; info->flags &= ~FBINFO_HWACCEL_DISABLED; @@ -77928,10 +78585,10 @@ index ce7dab7..a87baf8 100644 - info->fbops->fb_copyarea = cfb_copyarea; - info->fbops->fb_sync = NULL; + pax_open_kernel(); -+ *(void **)&info->fbops->fb_imageblit = cfb_imageblit; -+ *(void **)&info->fbops->fb_fillrect = cfb_fillrect; -+ *(void **)&info->fbops->fb_copyarea = cfb_copyarea; -+ *(void **)&info->fbops->fb_sync = NULL; ++ const_cast(info->fbops->fb_imageblit) = cfb_imageblit; ++ const_cast(info->fbops->fb_fillrect) = cfb_fillrect; ++ const_cast(info->fbops->fb_copyarea) = cfb_copyarea; ++ const_cast(info->fbops->fb_sync) = NULL; + pax_close_kernel(); info->pixmap.scan_align = 1; info->flags |= FBINFO_HWACCEL_DISABLED; @@ -77944,14 +78601,14 @@ index ce7dab7..a87baf8 100644 - info->fbops->fb_cursor = NULL; + if (!hwcur) { + pax_open_kernel(); -+ *(void **)&info->fbops->fb_cursor = NULL; ++ const_cast(info->fbops->fb_cursor) = NULL; + pax_close_kernel(); + } info->var.accel_flags = (!noaccel); diff --git a/drivers/video/fbdev/omap2/omapfb/dss/display.c b/drivers/video/fbdev/omap2/omapfb/dss/display.c -index ef5b902..47cf7f5 100644 +index ef5b902..2ae011b 100644 --- a/drivers/video/fbdev/omap2/omapfb/dss/display.c +++ b/drivers/video/fbdev/omap2/omapfb/dss/display.c @@ -161,12 +161,14 @@ int omapdss_register_display(struct omap_dss_device *dssdev) @@ -77961,19 +78618,19 @@ index ef5b902..47cf7f5 100644 + pax_open_kernel(); if (drv && drv->get_resolution == NULL) - drv->get_resolution = omapdss_default_get_resolution; -+ *(void **)&drv->get_resolution = omapdss_default_get_resolution; ++ const_cast(drv->get_resolution) = omapdss_default_get_resolution; if (drv && drv->get_recommended_bpp == NULL) - drv->get_recommended_bpp = omapdss_default_get_recommended_bpp; -+ *(void **)&drv->get_recommended_bpp = omapdss_default_get_recommended_bpp; ++ const_cast(drv->get_recommended_bpp) = omapdss_default_get_recommended_bpp; if (drv && drv->get_timings == NULL) - drv->get_timings = omapdss_default_get_timings; -+ *(void **)&drv->get_timings = omapdss_default_get_timings; ++ const_cast(drv->get_timings) = omapdss_default_get_timings; + pax_close_kernel(); mutex_lock(&panel_list_mutex); list_add_tail(&dssdev->panel_list, &panel_list); diff --git a/drivers/video/fbdev/s1d13xxxfb.c b/drivers/video/fbdev/s1d13xxxfb.c -index 96aa46d..c67c213 100644 +index 96aa46d..65e2554 100644 --- a/drivers/video/fbdev/s1d13xxxfb.c +++ b/drivers/video/fbdev/s1d13xxxfb.c @@ -880,8 +880,10 @@ static int s1d13xxxfb_probe(struct platform_device *pdev) @@ -77983,8 +78640,8 @@ index 96aa46d..c67c213 100644 - s1d13xxxfb_fbops.fb_fillrect = s1d13xxxfb_bitblt_solidfill; - s1d13xxxfb_fbops.fb_copyarea = s1d13xxxfb_bitblt_copyarea; + pax_open_kernel(); -+ *(void **)&s1d13xxxfb_fbops.fb_fillrect = s1d13xxxfb_bitblt_solidfill; -+ *(void **)&s1d13xxxfb_fbops.fb_copyarea = s1d13xxxfb_bitblt_copyarea; ++ const_cast(s1d13xxxfb_fbops.fb_fillrect) = s1d13xxxfb_bitblt_solidfill; ++ const_cast(s1d13xxxfb_fbops.fb_copyarea) = s1d13xxxfb_bitblt_copyarea; + pax_close_kernel(); info->flags = FBINFO_DEFAULT | FBINFO_HWACCEL_YPAN | FBINFO_HWACCEL_FILLRECT | FBINFO_HWACCEL_COPYAREA; @@ -78020,7 +78677,7 @@ index 32e23c2..7b73082 100644 extern void SiS_SetChrontelGPIO(struct SiS_Private *SiS_Pr, unsigned short myvbinfo); extern unsigned short SiS_HandleDDC(struct SiS_Private *SiS_Pr, unsigned int VBFlags, int VGAEngine, diff --git a/drivers/video/fbdev/smscufx.c b/drivers/video/fbdev/smscufx.c -index 9279e5f..d5f5276 100644 +index 9279e5f..d9fb0bd 100644 --- a/drivers/video/fbdev/smscufx.c +++ b/drivers/video/fbdev/smscufx.c @@ -1174,7 +1174,9 @@ static int ufx_ops_release(struct fb_info *info, int user) @@ -78029,13 +78686,13 @@ index 9279e5f..d5f5276 100644 info->fbdefio = NULL; - info->fbops->fb_mmap = ufx_ops_mmap; + pax_open_kernel(); -+ *(void **)&info->fbops->fb_mmap = ufx_ops_mmap; ++ const_cast(info->fbops->fb_mmap) = ufx_ops_mmap; + pax_close_kernel(); } pr_debug("released /dev/fb%d user=%d count=%d", diff --git a/drivers/video/fbdev/udlfb.c b/drivers/video/fbdev/udlfb.c -index e9c2f7b..8df1264 100644 +index e9c2f7b..87506f4 100644 --- a/drivers/video/fbdev/udlfb.c +++ b/drivers/video/fbdev/udlfb.c @@ -623,11 +623,11 @@ static int dlfb_handle_damage(struct dlfb_data *dev, int x, int y, @@ -78076,7 +78733,7 @@ index e9c2f7b..8df1264 100644 info->fbdefio = NULL; - info->fbops->fb_mmap = dlfb_ops_mmap; + pax_open_kernel(); -+ *(void **)&info->fbops->fb_mmap = dlfb_ops_mmap; ++ const_cast(info->fbops->fb_mmap) = dlfb_ops_mmap; + pax_close_kernel(); } @@ -78133,7 +78790,7 @@ index e9c2f7b..8df1264 100644 return count; } diff --git a/drivers/video/fbdev/uvesafb.c b/drivers/video/fbdev/uvesafb.c -index 178ae93..624b2eb 100644 +index 178ae93..043ddca 100644 --- a/drivers/video/fbdev/uvesafb.c +++ b/drivers/video/fbdev/uvesafb.c @@ -19,6 +19,7 @@ @@ -78202,7 +78859,7 @@ index 178ae93..624b2eb 100644 - info->fbops->fb_blank = NULL; + if (!blank) { + pax_open_kernel(); -+ *(void **)&info->fbops->fb_blank = NULL; ++ const_cast(info->fbops->fb_blank) = NULL; + pax_close_kernel(); + } @@ -78216,7 +78873,7 @@ index 178ae93..624b2eb 100644 - info->fbops->fb_pan_display = NULL; + if (!par->ypan) { + pax_open_kernel(); -+ *(void **)&info->fbops->fb_pan_display = NULL; ++ const_cast(info->fbops->fb_pan_display) = NULL; + pax_close_kernel(); + } } @@ -78247,7 +78904,7 @@ index 178ae93..624b2eb 100644 } return 0; diff --git a/drivers/video/fbdev/vesafb.c b/drivers/video/fbdev/vesafb.c -index 528fe91..6fd29fe 100644 +index 528fe91..475d9e6 100644 --- a/drivers/video/fbdev/vesafb.c +++ b/drivers/video/fbdev/vesafb.c @@ -9,6 +9,7 @@ @@ -78348,7 +79005,7 @@ index 528fe91..6fd29fe 100644 - info->fbops->fb_pan_display = NULL; + if (!ypan) { + pax_open_kernel(); -+ *(void **)&info->fbops->fb_pan_display = NULL; ++ const_cast(info->fbops->fb_pan_display) = NULL; + pax_close_kernel(); + } @@ -99826,7 +100483,7 @@ index 7cfa0aa..d5ef97b7 100644 seq_printf(m, "CacheOp: alo=%d luo=%d luc=%d gro=%d\n", atomic_read(&fscache_n_cop_alloc_object), diff --git a/fs/fuse/cuse.c b/fs/fuse/cuse.c -index c5b6b71..3949af6 100644 +index c5b6b71..527e347 100644 --- a/fs/fuse/cuse.c +++ b/fs/fuse/cuse.c @@ -611,10 +611,12 @@ static int __init cuse_init(void) @@ -99839,9 +100496,9 @@ index c5b6b71..3949af6 100644 - cuse_channel_fops.release = cuse_channel_release; + pax_open_kernel(); + memcpy((void *)&cuse_channel_fops, &fuse_dev_operations, sizeof(fuse_dev_operations)); -+ *(void **)&cuse_channel_fops.owner = THIS_MODULE; -+ *(void **)&cuse_channel_fops.open = cuse_channel_open; -+ *(void **)&cuse_channel_fops.release = cuse_channel_release; ++ const_cast(cuse_channel_fops.owner) = THIS_MODULE; ++ const_cast(cuse_channel_fops.open) = cuse_channel_open; ++ const_cast(cuse_channel_fops.release) = cuse_channel_release; + pax_close_kernel(); cuse_class = class_create(THIS_MODULE, "cuse"); @@ -100191,7 +100848,7 @@ index 4a6cf28..d3a29d3 100644 jffs2_prealloc_raw_node_refs(c, jeb, 1); diff --git a/fs/jffs2/file.c b/fs/jffs2/file.c -index cad86ba..a0bfc33 100644 +index cad86ba..7de4d99 100644 --- a/fs/jffs2/file.c +++ b/fs/jffs2/file.c @@ -111,8 +111,9 @@ static int jffs2_do_readpage_nolock (struct inode *inode, struct page *pg) @@ -100205,6 +100862,15 @@ index cad86ba..a0bfc33 100644 int ret = jffs2_do_readpage_nolock(inode, pg); unlock_page(pg); return ret; +@@ -125,7 +126,7 @@ static int jffs2_readpage (struct file *filp, struct page *pg) + int ret; + + mutex_lock(&f->sem); +- ret = jffs2_do_readpage_unlock(pg->mapping->host, pg); ++ ret = jffs2_do_readpage_unlock((struct file *)pg->mapping->host, pg); + mutex_unlock(&f->sem); + return ret; + } diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c index bead25a..5186b1c 100644 --- a/fs/jffs2/fs.c @@ -110271,7 +110937,7 @@ index d955481..a985dc41 100644 #endif diff --git a/fs/nls/nls_base.c b/fs/nls/nls_base.c -index 52ccd34..7a6b202 100644 +index 52ccd34..a166501 100644 --- a/fs/nls/nls_base.c +++ b/fs/nls/nls_base.c @@ -234,21 +234,25 @@ EXPORT_SYMBOL(utf16s_to_utf8s); @@ -110286,7 +110952,7 @@ index 52ccd34..7a6b202 100644 - nls->owner = owner; + pax_open_kernel(); -+ *(void **)&nls->owner = owner; ++ const_cast(nls->owner) = owner; + pax_close_kernel(); spin_lock(&nls_lock); - while (*tmp) { @@ -110301,7 +110967,7 @@ index 52ccd34..7a6b202 100644 } - nls->next = tables; + pax_open_kernel(); -+ *(struct nls_table **)&nls->next = tables; ++ const_cast(nls->next) = tables; + pax_close_kernel(); tables = nls; spin_unlock(&nls_lock); @@ -110394,7 +111060,7 @@ index 8e14187..d9cec2f 100644 { const unsigned char *uni2charset; diff --git a/fs/nls/nls_euc-jp.c b/fs/nls/nls_euc-jp.c -index 162b3f1..2cb932a 100644 +index 162b3f1..b9121f8 100644 --- a/fs/nls/nls_euc-jp.c +++ b/fs/nls/nls_euc-jp.c @@ -406,7 +406,7 @@ static inline int sjisnec2sjisibm(unsigned char *sjisibm, @@ -110413,14 +111079,14 @@ index 162b3f1..2cb932a 100644 - table.charset2upper = p_nls->charset2upper; - table.charset2lower = p_nls->charset2lower; + pax_open_kernel(); -+ *(const unsigned char **)&table.charset2upper = p_nls->charset2upper; -+ *(const unsigned char **)&table.charset2lower = p_nls->charset2lower; ++ const_cast(table.charset2upper) = p_nls->charset2upper; ++ const_cast(table.charset2lower) = p_nls->charset2lower; + pax_close_kernel(); return register_nls(&table); } diff --git a/fs/nls/nls_koi8-ru.c b/fs/nls/nls_koi8-ru.c -index a80a741..13030f7 100644 +index a80a741..f28c9c9 100644 --- a/fs/nls/nls_koi8-ru.c +++ b/fs/nls/nls_koi8-ru.c @@ -13,7 +13,7 @@ @@ -110439,8 +111105,8 @@ index a80a741..13030f7 100644 - table.charset2upper = p_nls->charset2upper; - table.charset2lower = p_nls->charset2lower; + pax_open_kernel(); -+ *(const unsigned char **)&table.charset2upper = p_nls->charset2upper; -+ *(const unsigned char **)&table.charset2lower = p_nls->charset2lower; ++ const_cast(table.charset2upper) = p_nls->charset2upper; ++ const_cast(table.charset2lower) = p_nls->charset2lower; + pax_close_kernel(); return register_nls(&table); } @@ -112482,7 +113148,7 @@ index 350984a..0fb02a9 100644 net = get_proc_net(inode); if (net == NULL) diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c -index fe5b6e6..e5f3883 100644 +index fe5b6e6..cd2913c 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -11,13 +11,21 @@ @@ -112515,7 +113181,7 @@ index fe5b6e6..e5f3883 100644 { - dir->header.ctl_table[0].child = sysctl_mount_point; + pax_open_kernel(); -+ *(const void **)&dir->header.ctl_table[0].child = sysctl_mount_point; ++ const_cast(dir->header.ctl_table[0].child) = sysctl_mount_point; + pax_close_kernel(); } @@ -112524,7 +113190,7 @@ index fe5b6e6..e5f3883 100644 { - dir->header.ctl_table[0].child = NULL; + pax_open_kernel(); -+ *(void **)&dir->header.ctl_table[0].child = NULL; ++ const_cast(dir->header.ctl_table[0].child) = NULL; + pax_close_kernel(); } @@ -112565,7 +113231,7 @@ index fe5b6e6..e5f3883 100644 + if (gr_handle_chroot_sysctl(op)) + goto out; + dget(filp->f_path.dentry); -+ if (gr_handle_sysctl_mod(filp->f_path.dentry->d_parent->d_name.name, table->procname, op)) { ++ if (gr_handle_sysctl_mod((const char *)filp->f_path.dentry->d_parent->d_name.name, table->procname, op)) { + dput(filp->f_path.dentry); + goto out; + } @@ -113941,7 +114607,7 @@ index 6c21228..9afd5fe 100644 if (sbi->s_bytesex == BYTESEX_PDP) return PDP_swab((__force __u32)n); diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c -index 4a0e48f..ca5b016 100644 +index 4a0e48f..d3e1fbf 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -53,7 +53,7 @@ static const struct file_operations tracefs_file_operations = { @@ -113960,8 +114626,8 @@ index 4a0e48f..ca5b016 100644 - tracefs_ops.mkdir = mkdir; - tracefs_ops.rmdir = rmdir; + pax_open_kernel(); -+ *(void **)&tracefs_ops.mkdir = mkdir; -+ *(void **)&tracefs_ops.rmdir = rmdir; ++ const_cast(tracefs_ops.mkdir) = mkdir; ++ const_cast(tracefs_ops.rmdir) = rmdir; + pax_close_kernel(); return dentry; @@ -115665,7 +116331,7 @@ index 0000000..e136e5f +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..7ad630a +index 0000000..3c66319 --- /dev/null +++ b/grsecurity/gracl.c @@ -0,0 +1,2757 @@ @@ -115867,7 +116533,7 @@ index 0000000..7ad630a + +static int prepend_name(char **buffer, int *buflen, struct qstr *name) +{ -+ return prepend(buffer, buflen, name->name, name->len); ++ return prepend(buffer, buflen, (const char *)name->name, name->len); +} + +static int prepend_path(const struct path *path, struct path *root, @@ -116231,7 +116897,7 @@ index 0000000..7ad630a +__lookup_name_entry(const struct gr_policy_state *state, const char *name) +{ + unsigned int len = strlen(name); -+ unsigned int key = full_name_hash(name, len); ++ unsigned int key = full_name_hash((const unsigned char *)name, len); + unsigned int index = key % state->name_set.n_size; + struct name_entry *match; + @@ -116253,7 +116919,7 @@ index 0000000..7ad630a +lookup_name_entry_create(const char *name) +{ + unsigned int len = strlen(name); -+ unsigned int key = full_name_hash(name, len); ++ unsigned int key = full_name_hash((const unsigned char *)name, len); + unsigned int index = key % running_polstate.name_set.n_size; + struct name_entry *match; + @@ -120006,7 +120672,7 @@ index 0000000..25f54ef +}; diff --git a/grsecurity/gracl_policy.c b/grsecurity/gracl_policy.c new file mode 100644 -index 0000000..302bda8 +index 0000000..2fc92ec --- /dev/null +++ b/grsecurity/gracl_policy.c @@ -0,0 +1,1784 @@ @@ -120362,7 +121028,7 @@ index 0000000..302bda8 + struct name_entry **curr, *nentry; + struct inodev_entry *ientry; + unsigned int len = strlen(name); -+ unsigned int key = full_name_hash(name, len); ++ unsigned int key = full_name_hash((const unsigned char *)name, len); + unsigned int index = key % polstate->name_set.n_size; + + curr = &polstate->name_set.n_hash[index]; @@ -121387,7 +122053,7 @@ index 0000000..302bda8 + FOR_EACH_ROLE_END(r) + + for (i = 0; i < polstate->num_sprole_pws; i++) { -+ if (!strcmp(rolename, polstate->acl_special_roles[i]->rolename)) { ++ if (!strcmp(rolename, (const char *)polstate->acl_special_roles[i]->rolename)) { + *salt = polstate->acl_special_roles[i]->salt; + *sum = polstate->acl_special_roles[i]->sum; + return 1; @@ -121674,11 +122340,11 @@ index 0000000..302bda8 + } + + if (lookup_special_role_auth -+ (gr_usermode->mode, gr_usermode->sp_role, &sprole_salt, &sprole_sum) ++ (gr_usermode->mode, (const char *)gr_usermode->sp_role, &sprole_salt, &sprole_sum) + && ((!sprole_salt && !sprole_sum) + || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) { + char *p = ""; -+ assign_special_role(gr_usermode->sp_role); ++ assign_special_role((const char *)gr_usermode->sp_role); + read_lock(&tasklist_lock); + if (current->real_parent) + p = current->real_parent->role->rolename; @@ -125636,7 +126302,7 @@ index 0000000..ae02d8e +EXPORT_SYMBOL_GPL(gr_handle_new_usb); diff --git a/grsecurity/grsum.c b/grsecurity/grsum.c new file mode 100644 -index 0000000..4fb2ce6 +index 0000000..aef6b92 --- /dev/null +++ b/grsecurity/grsum.c @@ -0,0 +1,54 @@ @@ -125674,12 +126340,12 @@ index 0000000..4fb2ce6 + + sg_init_table(sg, 2); + sg_set_buf(&sg[0], salt, GR_SALT_LEN); -+ sg_set_buf(&sg[1], entry->pw, strlen(entry->pw)); ++ sg_set_buf(&sg[1], entry->pw, strlen((const char *)entry->pw)); + + desc.tfm = tfm; + desc.flags = 0; + -+ cryptres = crypto_hash_digest(&desc, sg, GR_SALT_LEN + strlen(entry->pw), ++ cryptres = crypto_hash_digest(&desc, sg, GR_SALT_LEN + strlen((const char *)entry->pw), + temp_sum); + + memset(entry->pw, 0, GR_PW_LEN); @@ -127062,7 +127728,7 @@ index a76c917..75d6aeb 100644 asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, compat_size_t); /* diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h -index eeae401..a2a9f48 100644 +index eeae401..c108d27 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -116,9 +116,9 @@ @@ -127078,7 +127744,7 @@ index eeae401..a2a9f48 100644 #define __maybe_unused __attribute__((unused)) #define __always_unused __attribute__((unused)) -@@ -184,9 +184,38 @@ +@@ -184,9 +184,39 @@ # define __compiletime_warning(message) __attribute__((warning(message))) # define __compiletime_error(message) __attribute__((error(message))) #endif /* __CHECKER__ */ @@ -127099,6 +127765,7 @@ index eeae401..a2a9f48 100644 +#ifdef CONSTIFY_PLUGIN +#define __no_const __attribute__((no_const)) +#define __do_const __attribute__((do_const)) ++#define const_cast(x) (*(typeof((typeof(x))0) *)&(x)) +#endif + +#ifdef SIZE_OVERFLOW_PLUGIN @@ -127118,7 +127785,7 @@ index eeae401..a2a9f48 100644 * Mark a position in code as unreachable. This can be used to * suppress control flow warnings after asm blocks that transfer diff --git a/include/linux/compiler.h b/include/linux/compiler.h -index 48f5aab..2d1c52f 100644 +index 48f5aab..4206700 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -5,11 +5,14 @@ @@ -127340,7 +128007,7 @@ index 48f5aab..2d1c52f 100644 }) /** -@@ -416,6 +432,38 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s +@@ -416,6 +432,42 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s # define __attribute_const__ /* unimplemented */ #endif @@ -127376,10 +128043,14 @@ index 48f5aab..2d1c52f 100644 +# define __nocapture(...) +#endif + ++#ifndef const_cast ++# define const_cast(x) (x) ++#endif ++ /* * Tell gcc if a function is cold. The compiler will assume any path * directly leading to the call is unlikely. -@@ -425,6 +473,22 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s +@@ -425,6 +477,22 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s #define __cold #endif @@ -127402,7 +128073,7 @@ index 48f5aab..2d1c52f 100644 /* Simple shorthand for a section definition */ #ifndef __section # define __section(S) __attribute__ ((__section__(#S))) -@@ -447,6 +511,8 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s +@@ -447,6 +515,8 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s # define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b)) #endif @@ -127411,7 +128082,7 @@ index 48f5aab..2d1c52f 100644 /* Is this type a native word size -- useful for atomic operations */ #ifndef __native_word # define __native_word(t) (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long)) -@@ -526,8 +592,9 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s +@@ -526,8 +596,9 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s */ #define __ACCESS_ONCE(x) ({ \ __maybe_unused typeof(x) __var = (__force typeof(x)) 0; \ @@ -131980,7 +132651,7 @@ index 556ec1e..38c19c9 100644 /* diff --git a/include/linux/sched.h b/include/linux/sched.h -index a10494a..2facd6d 100644 +index a10494a..9f25fd6 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -7,7 +7,7 @@ @@ -132253,7 +132924,7 @@ index a10494a..2facd6d 100644 { return tsk->pid; } -@@ -2289,6 +2397,25 @@ extern u64 sched_clock_cpu(int cpu); +@@ -2289,6 +2397,26 @@ extern u64 sched_clock_cpu(int cpu); extern void sched_clock_init(void); @@ -132267,6 +132938,7 @@ index a10494a..2facd6d 100644 + + while (ptr < end) { + c = *(volatile int *)ptr; ++ (void)c; + ptr += PAGE_SIZE/sizeof(int); + } +} @@ -132279,7 +132951,7 @@ index a10494a..2facd6d 100644 #ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK static inline void sched_clock_tick(void) { -@@ -2417,7 +2544,9 @@ extern void set_curr_task(int cpu, struct task_struct *p); +@@ -2417,7 +2545,9 @@ extern void set_curr_task(int cpu, struct task_struct *p); void yield(void); union thread_union { @@ -132289,7 +132961,7 @@ index a10494a..2facd6d 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -2450,6 +2579,7 @@ extern struct pid_namespace init_pid_ns; +@@ -2450,6 +2580,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -132297,7 +132969,7 @@ index a10494a..2facd6d 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2481,7 +2611,7 @@ extern void proc_caches_init(void); +@@ -2481,7 +2612,7 @@ extern void proc_caches_init(void); extern void flush_signals(struct task_struct *); extern void ignore_signals(struct task_struct *); extern void flush_signal_handlers(struct task_struct *, int force_default); @@ -132306,7 +132978,7 @@ index a10494a..2facd6d 100644 static inline int kernel_dequeue_signal(siginfo_t *info) { -@@ -2635,7 +2765,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2635,7 +2766,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -132315,7 +132987,7 @@ index a10494a..2facd6d 100644 extern int do_execve(struct filename *, const char __user * const __user *, -@@ -2750,11 +2880,13 @@ static inline int thread_group_empty(struct task_struct *p) +@@ -2750,11 +2881,13 @@ static inline int thread_group_empty(struct task_struct *p) * It must not be nested with write_lock_irq(&tasklist_lock), * neither inside nor outside. */ @@ -132329,7 +133001,7 @@ index a10494a..2facd6d 100644 static inline void task_unlock(struct task_struct *p) { spin_unlock(&p->alloc_lock); -@@ -2840,9 +2972,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) +@@ -2840,9 +2973,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #define task_stack_end_corrupted(task) \ (*(end_of_stack(task)) != STACK_END_MAGIC) @@ -132404,6 +133076,19 @@ index dc368b8..e895209 100644 extern int __must_check down_killable(struct semaphore *sem); extern int __must_check down_trylock(struct semaphore *sem); extern int __must_check down_timeout(struct semaphore *sem, long jiffies); +diff --git a/include/linux/seq_buf.h b/include/linux/seq_buf.h +index fb7eb9c..1b493dc 100644 +--- a/include/linux/seq_buf.h ++++ b/include/linux/seq_buf.h +@@ -16,7 +16,7 @@ + * @readpos: The next position to read in the buffer. + */ + struct seq_buf { +- char *buffer; ++ unsigned char *buffer; + size_t size; + size_t len; + loff_t readpos; diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h index dde00de..202bfd3 100644 --- a/include/linux/seq_file.h @@ -133368,7 +134053,7 @@ index fa7bc29..0d96561 100644 struct ctl_node { struct rb_node node; diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h -index c6f0f0d..a34ab2d 100644 +index c6f0f0d..e663567 100644 --- a/include/linux/sysfs.h +++ b/include/linux/sysfs.h @@ -34,7 +34,8 @@ struct attribute { @@ -133401,6 +134086,15 @@ index c6f0f0d..a34ab2d 100644 /** * sysfs_bin_attr_init - initialize a dynamically allocated bin_attribute +@@ -512,7 +515,7 @@ static inline void sysfs_notify_dirent(struct kernfs_node *kn) + } + + static inline struct kernfs_node *sysfs_get_dirent(struct kernfs_node *parent, +- const unsigned char *name) ++ const char *name) + { + return kernfs_find_and_get(parent, name); + } diff --git a/include/linux/sysrq.h b/include/linux/sysrq.h index 387fa7d..3fcde6b 100644 --- a/include/linux/sysrq.h @@ -136761,7 +137455,7 @@ index 45432b5..988f1e4 100644 +} +EXPORT_SYMBOL(capable_wrt_inode_uidgid_nolog); diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index 355cd5f..6273802 100644 +index 355cd5f..93e1510 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -3333,7 +3333,7 @@ static int cgroup_add_file(struct cgroup_subsys_state *css, struct cgroup *cgrp, @@ -136781,12 +137475,12 @@ index 355cd5f..6273802 100644 - cft->ss = NULL; + + pax_open_kernel(); -+ *(void **)&cft->kf_ops = NULL; -+ *(void **)&cft->ss = NULL; ++ const_cast(cft->kf_ops) = NULL; ++ const_cast(cft->ss) = NULL; /* revert flags set by cgroup core while adding @cfts */ - cft->flags &= ~(__CFTYPE_ONLY_ON_DFL | __CFTYPE_NOT_ON_DFL); -+ *(unsigned int *)&cft->flags &= ~(__CFTYPE_ONLY_ON_DFL | __CFTYPE_NOT_ON_DFL); ++ const_cast(cft->flags) &= ~(__CFTYPE_ONLY_ON_DFL | __CFTYPE_NOT_ON_DFL); + pax_close_kernel(); } } @@ -136798,8 +137492,8 @@ index 355cd5f..6273802 100644 - cft->kf_ops = kf_ops; - cft->ss = ss; + pax_open_kernel(); -+ *(void **)&cft->kf_ops = kf_ops; -+ *(void **)&cft->ss = ss; ++ const_cast(cft->kf_ops) = kf_ops; ++ const_cast(cft->ss) = ss; + pax_close_kernel(); } @@ -136829,7 +137523,7 @@ index 355cd5f..6273802 100644 + pax_open_kernel(); for (cft = cfts; cft && cft->name[0] != '\0'; cft++) - cft->flags |= __CFTYPE_ONLY_ON_DFL; -+ *(unsigned int *)&cft->flags |= __CFTYPE_ONLY_ON_DFL; ++ const_cast(cft->flags) |= __CFTYPE_ONLY_ON_DFL; + pax_close_kernel(); return cgroup_add_cftypes(ss, cfts); } @@ -136841,7 +137535,7 @@ index 355cd5f..6273802 100644 + pax_open_kernel(); for (cft = cfts; cft && cft->name[0] != '\0'; cft++) - cft->flags |= __CFTYPE_NOT_ON_DFL; -+ *(unsigned int *)&cft->flags |= __CFTYPE_NOT_ON_DFL; ++ const_cast(cft->flags) |= __CFTYPE_NOT_ON_DFL; + pax_close_kernel(); return cgroup_add_cftypes(ss, cfts); } @@ -138224,7 +138918,7 @@ index 84118723..317f7a5 100644 irq_wake_secondary(desc, action); diff --git a/kernel/irq/msi.c b/kernel/irq/msi.c -index 38e89ce..58960ac 100644 +index 38e89ce..8b7a537 100644 --- a/kernel/irq/msi.c +++ b/kernel/irq/msi.c @@ -214,16 +214,18 @@ static void msi_domain_update_dom_ops(struct msi_domain_info *info) @@ -138234,19 +138928,19 @@ index 38e89ce..58960ac 100644 + pax_open_kernel(); if (ops->get_hwirq == NULL) - ops->get_hwirq = msi_domain_ops_default.get_hwirq; -+ *(void **)&ops->get_hwirq = msi_domain_ops_default.get_hwirq; ++ const_cast(ops->get_hwirq) = msi_domain_ops_default.get_hwirq; if (ops->msi_init == NULL) - ops->msi_init = msi_domain_ops_default.msi_init; -+ *(void **)&ops->msi_init = msi_domain_ops_default.msi_init; ++ const_cast(ops->msi_init) = msi_domain_ops_default.msi_init; if (ops->msi_check == NULL) - ops->msi_check = msi_domain_ops_default.msi_check; -+ *(void **)&ops->msi_check = msi_domain_ops_default.msi_check; ++ const_cast(ops->msi_check) = msi_domain_ops_default.msi_check; if (ops->msi_prepare == NULL) - ops->msi_prepare = msi_domain_ops_default.msi_prepare; -+ *(void **)&ops->msi_prepare = msi_domain_ops_default.msi_prepare; ++ const_cast(ops->msi_prepare) = msi_domain_ops_default.msi_prepare; if (ops->set_desc == NULL) - ops->set_desc = msi_domain_ops_default.set_desc; -+ *(void **)&ops->set_desc = msi_domain_ops_default.set_desc; ++ const_cast(ops->set_desc) = msi_domain_ops_default.set_desc; + pax_close_kernel(); } @@ -138259,7 +138953,7 @@ index 38e89ce..58960ac 100644 - chip->irq_set_affinity = msi_domain_set_affinity; + if (!chip->irq_set_affinity) { + pax_open_kernel(); -+ *(void **)&chip->irq_set_affinity = msi_domain_set_affinity; ++ const_cast(chip->irq_set_affinity) = msi_domain_set_affinity; + pax_close_kernel(); + } } @@ -139888,7 +140582,7 @@ index 794ebe8..f81f123 100644 } return mod; diff --git a/kernel/notifier.c b/kernel/notifier.c -index fd2c9ac..95e58f6 100644 +index fd2c9ac..6263e05 100644 --- a/kernel/notifier.c +++ b/kernel/notifier.c @@ -5,6 +5,7 @@ @@ -139908,7 +140602,7 @@ index fd2c9ac..95e58f6 100644 } - n->next = *nl; + pax_open_kernel(); -+ *(const void **)&n->next = *nl; ++ const_cast(n->next) = *nl; rcu_assign_pointer(*nl, n); + pax_close_kernel(); return 0; @@ -139923,7 +140617,7 @@ index fd2c9ac..95e58f6 100644 } - n->next = *nl; + pax_open_kernel(); -+ *(const void **)&n->next = *nl; ++ const_cast(n->next) = *nl; rcu_assign_pointer(*nl, n); + pax_close_kernel(); return 0; @@ -140025,7 +140719,7 @@ index d96469d..81d6d28 100644 } EXPORT_SYMBOL(__stack_chk_fail); diff --git a/kernel/pid.c b/kernel/pid.c -index 4d73a83..4712357 100644 +index 4d73a83..9df1950 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -33,6 +33,7 @@ @@ -140078,15 +140772,18 @@ index 4d73a83..4712357 100644 struct pid *get_task_pid(struct task_struct *task, enum pid_type type) { struct pid *pid; -@@ -497,7 +513,7 @@ struct pid *find_get_pid(pid_t nr) +@@ -497,9 +513,9 @@ struct pid *find_get_pid(pid_t nr) } EXPORT_SYMBOL_GPL(find_get_pid); -pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns) +pid_t pid_nr_ns(const struct pid *pid, const struct pid_namespace *ns) { - struct upid *upid; +- struct upid *upid; ++ const struct upid *upid; pid_t nr = 0; + + if (pid && ns->level <= pid->level) { @@ -511,7 +527,7 @@ pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns) } EXPORT_SYMBOL_GPL(pid_nr_ns); @@ -143248,7 +143945,7 @@ index 2be8c4f..444ecfb 100644 } entry = ring_buffer_event_data(event); diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c -index 2829821..a290dc89 100644 +index 2829821..cd4ea77 100644 --- a/kernel/trace/trace_output.c +++ b/kernel/trace/trace_output.c @@ -713,14 +713,16 @@ int register_trace_event(struct trace_event *event) @@ -143258,16 +143955,16 @@ index 2829821..a290dc89 100644 + pax_open_kernel(); if (event->funcs->trace == NULL) - event->funcs->trace = trace_nop_print; -+ *(void **)&event->funcs->trace = trace_nop_print; ++ const_cast(event->funcs->trace) = trace_nop_print; if (event->funcs->raw == NULL) - event->funcs->raw = trace_nop_print; -+ *(void **)&event->funcs->raw = trace_nop_print; ++ const_cast(event->funcs->raw) = trace_nop_print; if (event->funcs->hex == NULL) - event->funcs->hex = trace_nop_print; -+ *(void **)&event->funcs->hex = trace_nop_print; ++ const_cast(event->funcs->hex) = trace_nop_print; if (event->funcs->binary == NULL) - event->funcs->binary = trace_nop_print; -+ *(void **)&event->funcs->binary = trace_nop_print; ++ const_cast(event->funcs->binary) = trace_nop_print; + pax_close_kernel(); key = event->type & (EVENT_HASHSIZE - 1); @@ -151655,7 +152352,7 @@ index 1474cfd..961bc9f 100644 pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR); return -ENODEV; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 482c371..b02a761 100644 +index 482c371..150e1ee 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -61,7 +61,7 @@ struct rtnl_link { @@ -151675,7 +152372,7 @@ index 482c371..b02a761 100644 - ops->dellink = unregister_netdevice_queue; + if (ops->setup && !ops->dellink) { + pax_open_kernel(); -+ *(void **)&ops->dellink = unregister_netdevice_queue; ++ const_cast(ops->dellink) = unregister_netdevice_queue; + pax_close_kernel(); + } @@ -160008,7 +160705,7 @@ index b5e665b..3030b1d 100644 } diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c -index 9895a8c..705c302 100644 +index 9895a8c..e7c5936 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -166,12 +166,14 @@ int xfrm_register_type(const struct xfrm_type *type, unsigned short family) @@ -160082,7 +160779,7 @@ index 9895a8c..705c302 100644 - mode->afinfo = afinfo; + pax_open_kernel(); -+ *(const void **)&mode->afinfo = afinfo; ++ const_cast(mode->afinfo) = afinfo; modemap[mode->encap] = mode; + pax_close_kernel(); err = 0; @@ -160172,6 +160869,18 @@ index 1db6d73..0819042 100644 # ld-option # Usage: LDFLAGS += $(call ld-option, -X) +diff --git a/scripts/Makefile b/scripts/Makefile +index fd0d53d..1471190 100644 +--- a/scripts/Makefile ++++ b/scripts/Makefile +@@ -44,6 +44,7 @@ subdir-y += mod + subdir-$(CONFIG_SECURITY_SELINUX) += selinux + subdir-$(CONFIG_DTC) += dtc + subdir-$(CONFIG_GDB_SCRIPTS) += gdb ++subdir-$(CONFIG_GCC_PLUGINS) += gcc-plugins + + # Let clean descend into subdirs + subdir- += basic kconfig package diff --git a/scripts/Makefile.build b/scripts/Makefile.build index 2c47f9c..9d46008 100644 --- a/scripts/Makefile.build @@ -160216,81 +160925,83 @@ index f9e47a7..b72022a 100644 warning-2 += -Wdisabled-optimization diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins new file mode 100644 -index 0000000..02fd848 +index 0000000..08d4e22 --- /dev/null +++ b/scripts/Makefile.gcc-plugins -@@ -0,0 +1,69 @@ -+__PLUGINCC := $(call cc-ifversion, -ge, 0408, $(HOSTCXX), $(HOSTCC)) -+PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)") -+ifneq ($(PLUGINCC),) -+ifdef CONFIG_PAX_CONSTIFY_PLUGIN -+CONSTIFY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN -+endif -+ifdef CONFIG_PAX_MEMORY_STACKLEAK -+STACKLEAK_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -DSTACKLEAK_PLUGIN -+STACKLEAK_PLUGIN_CFLAGS += -fplugin-arg-stackleak_plugin-track-lowest-sp=100 -+endif -+ifdef CONFIG_KALLOCSTAT_PLUGIN -+KALLOCSTAT_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so -+endif -+ifdef CONFIG_PAX_KERNEXEC_PLUGIN -+KERNEXEC_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so -+KERNEXEC_PLUGIN_CFLAGS += -fplugin-arg-kernexec_plugin-method=$(CONFIG_PAX_KERNEXEC_PLUGIN_METHOD) -DKERNEXEC_PLUGIN -+KERNEXEC_PLUGIN_AFLAGS := -DKERNEXEC_PLUGIN -+endif -+ifdef CONFIG_CHECKER_PLUGIN -+ifeq ($(call cc-ifversion, -ge, 0406, y), y) -+CHECKER_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/checker_plugin.so -DCHECKER_PLUGIN -+ifdef CONFIG_CHECKER_PLUGIN_USER -+CHECKER_PLUGIN_CFLAGS += -fplugin-arg-checker_plugin-user -DCHECKER_PLUGIN_USER -+endif -+ifdef CONFIG_CHECKER_PLUGIN_CONTEXT -+CHECKER_PLUGIN_CFLAGS += -fplugin-arg-checker_plugin-context -DCHECKER_PLUGIN_CONTEXT -+endif -+endif -+endif -+COLORIZE_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/colorize_plugin.so -+ifdef CONFIG_PAX_SIZE_OVERFLOW -+SIZE_OVERFLOW_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/size_overflow_plugin/size_overflow_plugin.so -DSIZE_OVERFLOW_PLUGIN -+endif -+ifdef CONFIG_PAX_LATENT_ENTROPY -+LATENT_ENTROPY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/latent_entropy_plugin.so -DLATENT_ENTROPY_PLUGIN -+endif -+ifdef CONFIG_PAX_MEMORY_STRUCTLEAK -+STRUCTLEAK_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/structleak_plugin.so -DSTRUCTLEAK_PLUGIN -+endif -+INITIFY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/initify_plugin.so -DINITIFY_PLUGIN -+ifdef CONFIG_PAX_RAP -+RAP_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/rap_plugin/rap_plugin.so -fplugin-arg-rap_plugin-check=call -DRAP_PLUGIN -+#RAP_PLUGIN_CFLAGS += -fplugin-arg-rap_plugin-report=func,fptr,abs -+RAP_PLUGIN_ABS_CFLAGS := -fplugin-arg-rap_plugin-hash=abs-finish -+RAP_PLUGIN_AFLAGS := -DRAP_PLUGIN -+endif -+GCC_PLUGINS_CFLAGS := $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CFLAGS) $(KALLOCSTAT_PLUGIN_CFLAGS) -+GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) -+GCC_PLUGINS_CFLAGS += $(SIZE_OVERFLOW_PLUGIN_CFLAGS) $(LATENT_ENTROPY_PLUGIN_CFLAGS) $(STRUCTLEAK_PLUGIN_CFLAGS) -+GCC_PLUGINS_CFLAGS += $(INITIFY_PLUGIN_CFLAGS) -+GCC_PLUGINS_CFLAGS += $(RAP_PLUGIN_CFLAGS) $(RAP_PLUGIN_ABS_CFLAGS) -+GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS) $(RAP_PLUGIN_AFLAGS) -+export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGINS_AFLAGS CONSTIFY_PLUGIN LATENT_ENTROPY_PLUGIN_CFLAGS RAP_PLUGIN_CFLAGS RAP_PLUGIN_ABS_CFLAGS -+ifeq ($(KBUILD_EXTMOD),) -+gcc-plugins: -+ $(Q)$(MAKE) $(build)=tools/gcc -+else -+gcc-plugins: ; -+endif -+else -+gcc-plugins: -+ifeq ($(call cc-ifversion, -ge, 0405, y), y) -+ $(warning warning, your gcc installation does not support plugins, perhaps the necessary headers are missing?) -+ $(CONFIG_SHELL) -x $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)" -+else -+ $(warning warning, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least) -+endif -+ $(warning PAX_MEMORY_STACKLEAK and other features will be less secure) +@@ -0,0 +1,71 @@ ++ifdef CONFIG_GCC_PLUGINS ++ __PLUGINCC := $(call cc-ifversion, -ge, 0408, $(HOSTCXX), $(HOSTCC)) ++ PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)") ++ ++ gcc-plugin-$(CONFIG_PAX_CONSTIFY_PLUGIN) += constify_plugin.so ++ gcc-plugin-cflags-$(CONFIG_PAX_CONSTIFY_PLUGIN) += -DCONSTIFY_PLUGIN ++ ++ gcc-plugin-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so ++ gcc-plugin-cflags-$(CONFIG_PAX_MEMORY_STACKLEAK) += -DSTACKLEAK_PLUGIN -fplugin-arg-stackleak_plugin-track-lowest-sp=100 ++ ++ gcc-plugin-$(CONFIG_KALLOCSTAT_PLUGIN) += kallocstat_plugin.so ++ ++ gcc-plugin-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so ++ gcc-plugin-cflags-$(CONFIG_PAX_KERNEXEC_PLUGIN) += -DKERNEXEC_PLUGIN -fplugin-arg-kernexec_plugin-method=$(CONFIG_PAX_KERNEXEC_PLUGIN_METHOD) ++ gcc-plugin-aflags-$(CONFIG_PAX_KERNEXEC_PLUGIN) += -DKERNEXEC_PLUGIN ++ ++ ifdef CONFIG_CHECKER_PLUGIN ++ ifeq ($(call cc-ifversion, -ge, 0406, y), y) ++ gcc-plugin-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so ++ gcc-plugin-cflags-$(CONFIG_CHECKER_PLUGIN) += -DCHECKER_PLUGIN ++ gcc-plugin-cflags-$(CONFIG_CHECKER_PLUGIN_USER) += -DCHECKER_PLUGIN_USER -fplugin-arg-checker_plugin-user ++ gcc-plugin-cflags-$(CONFIG_CHECKER_PLUGIN_CONTEXT)+= -DCHECKER_PLUGIN_CONTEXT -fplugin-arg-checker_plugin-context ++ endif ++ endif ++ ++ gcc-plugin-y += colorize_plugin.so ++ ++ gcc-plugin-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin/size_overflow_plugin.so ++ gcc-plugin-cflags-$(CONFIG_PAX_SIZE_OVERFLOW) += -DSIZE_OVERFLOW_PLUGIN ++ ++ gcc-plugin-$(CONFIG_PAX_LATENT_ENTROPY) += latent_entropy_plugin.so ++ gcc-plugin-cflags-$(CONFIG_PAX_LATENT_ENTROPY) += -DLATENT_ENTROPY_PLUGIN ++ ifdef CONFIG_PAX_LATENT_ENTROPY ++ DISABLE_LATENT_ENTROPY_PLUGIN += -fplugin-arg-latent_entropy_plugin-disable ++ endif ++ ++ gcc-plugin-$(CONFIG_PAX_MEMORY_STRUCTLEAK) += structleak_plugin.so ++ gcc-plugin-cflags-$(CONFIG_PAX_MEMORY_STRUCTLEAK) += -DSTRUCTLEAK_PLUGIN ++ ++ gcc-plugin-y += initify_plugin.so ++ gcc-plugin-cflags-y += -DINITIFY_PLUGIN ++ ++ gcc-plugin-$(CONFIG_PAX_RAP) += rap_plugin/rap_plugin.so ++ gcc-plugin-cflags-$(CONFIG_PAX_RAP) += -DRAP_PLUGIN -fplugin-arg-rap_plugin-check=call ++# gcc-plugin-cflags-$(CONFIG_PAX_RAP) += -fplugin-arg-rap_plugin-report=func,fptr,abs ++ gcc-plugin-aflags-$(CONFIG_PAX_RAP) += -DRAP_PLUGIN ++ ifdef CONFIG_PAX_RAP ++ RAP_PLUGIN_ABS_CFLAGS := -fplugin-arg-rap_plugin-hash=abs-finish ++ endif ++ gcc-plugin-cflags-$(CONFIG_PAX_RAP) += $(RAP_PLUGIN_ABS_CFLAGS) ++ ++ GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y)) ++ GCC_PLUGINS_AFLAGS := $(gcc-plugin-aflags-y) ++ ++ export DISABLE_LATENT_ENTROPY_PLUGIN RAP_PLUGIN_ABS_CFLAGS ++ ++ ifeq ($(PLUGINCC),) ++ ifneq ($(GCC_PLUGINS_CFLAGS),) ++ ifeq ($(call cc-ifversion, -ge, 0405, y), y) ++ PLUGINCC := $(shell $(CONFIG_SHELL) -x $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)") ++ $(warning warning, your gcc installation does not support plugins, perhaps the necessary headers are missing?) ++ else ++ $(warning warning, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least) ++ endif ++ $(warning PAX_MEMORY_STACKLEAK and other features will be less secure) ++ endif ++ endif ++ ++ KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++ KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) +endif diff --git a/scripts/Makefile.host b/scripts/Makefile.host -index 133edfa..3cc6af2 100644 +index 133edfa..3439bd8 100644 --- a/scripts/Makefile.host +++ b/scripts/Makefile.host @@ -20,7 +20,25 @@ @@ -160349,7 +161060,7 @@ index 133edfa..3cc6af2 100644 host-objdirs := $(addprefix $(obj)/,$(host-objdirs)) obj-dirs += $(host-objdirs) -@@ -124,5 +158,37 @@ quiet_cmd_host-cxxobjs = HOSTCXX $@ +@@ -124,5 +158,39 @@ quiet_cmd_host-cxxobjs = HOSTCXX $@ $(host-cxxobjs): $(obj)/%.o: $(src)/%.cc FORCE $(call if_changed_dep,host-cxxobjs) @@ -160373,8 +161084,9 @@ index 133edfa..3cc6af2 100644 + cmd_host-cshlib = $(HOSTCC) $(HOSTLDFLAGS) -shared -o $@ \ + $(addprefix $(obj)/,$($(@F:.so=-objs))) \ + $(HOST_LOADLIBES) $(HOSTLOADLIBES_$(@F)) -+$(host-cshlib): $(obj)/%: $(host-cshobjs) FORCE ++$(host-cshlib): FORCE + $(call if_changed,host-cshlib) ++$(call multi_depend, $(host-cshlib), .so, -objs -cshobjs) + +# Link a shared library, based on position independent .o files +# *.o -> .so shared library (host-cxxshlib) @@ -160382,8 +161094,9 @@ index 133edfa..3cc6af2 100644 + cmd_host-cxxshlib = $(HOSTCXX) $(HOSTLDFLAGS) -shared -o $@ \ + $(addprefix $(obj)/,$($(@F:.so=-objs))) \ + $(HOST_LOADLIBES) $(HOSTLOADLIBES_$(@F)) -+$(host-cxxshlib): $(obj)/%: $(host-cxxshobjs) FORCE ++$(host-cxxshlib): FORCE + $(call if_changed,host-cxxshlib) ++$(call multi_depend, $(host-cxxshlib), .so, -objs -cxxshobjs) + targets += $(host-csingle) $(host-cmulti) $(host-cobjs)\ - $(host-cxxmulti) $(host-cxxobjs) @@ -160592,14 +161305,14 @@ index e229b84..7141e8e 100644 while (get_node_by_phandle(root, phandle)) diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..eaa4fce +index 0000000..fb92075 --- /dev/null +++ b/scripts/gcc-plugin.sh @@ -0,0 +1,51 @@ +#!/bin/sh +srctree=$(dirname "$0") +gccplugins_dir=$($3 -print-file-name=plugin) -+plugincc=$($1 -E -x c++ - -o /dev/null -I"${srctree}"/../tools/gcc -I"${gccplugins_dir}"/include 2>&1 <<EOF ++plugincc=$($1 -E -x c++ - -o /dev/null -I"${srctree}"/gcc-plugins -I"${gccplugins_dir}"/include 2>&1 <<EOF +#include "gcc-common.h" +#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX) +#warning $2 CXX @@ -160630,7 +161343,7 @@ index 0000000..eaa4fce +esac + +# we need a c++ compiler that supports the designated initializer GNU extension -+plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I"${srctree}"/../tools/gcc -I"${gccplugins_dir}"/include 2>&1 <<EOF ++plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I"${srctree}"/gcc-plugins -I"${gccplugins_dir}"/include 2>&1 <<EOF +#include "gcc-common.h" +class test { +public: @@ -160647,3459 +161360,19 @@ index 0000000..eaa4fce + exit 0 +fi +exit 1 -diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh -index fdebd66..a349e33 100755 ---- a/scripts/headers_install.sh -+++ b/scripts/headers_install.sh -@@ -32,6 +32,7 @@ do - FILE="$(basename "$i")" - sed -r \ - -e 's/([ \t(])(__user|__force|__iomem)[ \t]/\1/g' \ -+ -e 's/__intentional_overflow\([- \t,0-9]*\)//g' \ - -e 's/__attribute_const__([ \t]|$)/\1/g' \ - -e 's@^#include <linux/compiler.h>@@' \ - -e 's/(^|[^a-zA-Z0-9])__packed([^a-zA-Z0-9_]|$)/\1__attribute__((packed))\2/g' \ -diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c -index 8fa81e8..a9ac144 100644 ---- a/scripts/kallsyms.c -+++ b/scripts/kallsyms.c -@@ -89,7 +89,7 @@ static inline int is_arm_mapping_symbol(const char *str) - } - - static int check_symbol_range(const char *sym, unsigned long long addr, -- struct addr_range *ranges, int entries) -+ struct addr_range *ranges, size_t entries) - { - size_t i; - struct addr_range *ar; -@@ -178,7 +178,7 @@ static int read_symbol(FILE *in, struct sym_entry *s) - } - - static int symbol_in_range(struct sym_entry *s, struct addr_range *ranges, -- int entries) -+ size_t entries) - { - size_t i; - struct addr_range *ar; -diff --git a/scripts/kconfig/lkc.h b/scripts/kconfig/lkc.h -index 91ca126..5f7cad6 100644 ---- a/scripts/kconfig/lkc.h -+++ b/scripts/kconfig/lkc.h -@@ -108,7 +108,8 @@ void menu_add_expr(enum prop_type type, struct expr *expr, struct expr *dep); - void menu_add_symbol(enum prop_type type, struct symbol *sym, struct expr *dep); - void menu_add_option(int token, char *arg); - void menu_finalize(struct menu *parent); --void menu_set_type(int type); -+enum symbol_type; -+void menu_set_type(enum symbol_type type); - - /* util.c */ - struct file *file_lookup(const char *name); -@@ -123,7 +124,7 @@ struct gstr { - * when max_width is not zero long lines in string s (if any) get - * wrapped not to exceed the max_width value - */ -- int max_width; -+ size_t max_width; - }; - struct gstr str_new(void); - void str_free(struct gstr *gs); -diff --git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c -index aed678e..1a703de 100644 ---- a/scripts/kconfig/menu.c -+++ b/scripts/kconfig/menu.c -@@ -109,7 +109,7 @@ void menu_add_dep(struct expr *dep) - current_entry->dep = expr_alloc_and(current_entry->dep, menu_check_dep(dep)); - } - --void menu_set_type(int type) -+void menu_set_type(enum symbol_type type) - { - struct symbol *sym = current_entry->sym; - -diff --git a/scripts/kconfig/symbol.c b/scripts/kconfig/symbol.c -index 25cf0c2..eb178ce 100644 ---- a/scripts/kconfig/symbol.c -+++ b/scripts/kconfig/symbol.c -@@ -956,7 +956,7 @@ const char *sym_escape_string_value(const char *in) - - struct sym_match { - struct symbol *sym; -- off_t so, eo; -+ regoff_t so, eo; - }; - - /* Compare matched symbols as thus: -@@ -978,8 +978,8 @@ static int sym_rel_comp(const void *sym1, const void *sym2) - * exactly; if this is the case, we can't decide which comes first, - * and we fallback to sorting alphabetically. - */ -- exact1 = (s1->eo - s1->so) == strlen(s1->sym->name); -- exact2 = (s2->eo - s2->so) == strlen(s2->sym->name); -+ exact1 = (s1->eo - s1->so) == (long)strlen(s1->sym->name); -+ exact2 = (s2->eo - s2->so) == (long)strlen(s2->sym->name); - if (exact1 && !exact2) - return -1; - if (!exact1 && exact2) -diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh -index ba6c34e..ea10bce 100755 ---- a/scripts/link-vmlinux.sh -+++ b/scripts/link-vmlinux.sh -@@ -179,7 +179,7 @@ else - fi; - - # final build of init/ --${MAKE} -f "${srctree}/scripts/Makefile.build" obj=init -+${MAKE} -f "${srctree}/scripts/Makefile.build" obj=init GCC_PLUGINS_CFLAGS="${GCC_PLUGINS_CFLAGS}" GCC_PLUGINS_AFLAGS="${GCC_PLUGINS_AFLAGS}" - - kallsymso="" - kallsyms_vmlinux="" -diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c -index a915507..27c1b41 100644 ---- a/scripts/mod/file2alias.c -+++ b/scripts/mod/file2alias.c -@@ -156,7 +156,7 @@ static void device_id_check(const char *modname, const char *device_id, - unsigned long size, unsigned long id_size, - void *symval) - { -- int i; -+ unsigned int i; - - if (size % id_size || size < id_size) { - fatal("%s: sizeof(struct %s_device_id)=%lu is not a modulo " -@@ -185,7 +185,7 @@ static void device_id_check(const char *modname, const char *device_id, - /* USB is special because the bcdDevice can be matched against a numeric range */ - /* Looks like "usb:vNpNdNdcNdscNdpNicNiscNipNinN" */ - static void do_usb_entry(void *symval, -- unsigned int bcdDevice_initial, int bcdDevice_initial_digits, -+ unsigned int bcdDevice_initial, unsigned int bcdDevice_initial_digits, - unsigned char range_lo, unsigned char range_hi, - unsigned char max, struct module *mod) - { -@@ -295,7 +295,7 @@ static void do_usb_entry_multi(void *symval, struct module *mod) - { - unsigned int devlo, devhi; - unsigned char chi, clo, max; -- int ndigits; -+ unsigned int ndigits; - - DEF_FIELD(symval, usb_device_id, match_flags); - DEF_FIELD(symval, usb_device_id, idVendor); -@@ -619,7 +619,7 @@ static void do_pnp_device_entry(void *symval, unsigned long size, - for (i = 0; i < count; i++) { - DEF_FIELD_ADDR(symval + i*id_size, pnp_device_id, id); - char acpi_id[sizeof(*id)]; -- int j; -+ unsigned int j; - - buf_printf(&mod->dev_table_buf, - "MODULE_ALIAS(\"pnp:d%s*\");\n", *id); -@@ -648,7 +648,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size, - - for (j = 0; j < PNP_MAX_DEVICES; j++) { - const char *id = (char *)(*devs)[j].id; -- int i2, j2; -+ unsigned int i2, j2; - int dup = 0; - - if (!id[0]) -@@ -674,7 +674,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size, - /* add an individual alias for every device entry */ - if (!dup) { - char acpi_id[PNP_ID_LEN]; -- int k; -+ unsigned int k; - - buf_printf(&mod->dev_table_buf, - "MODULE_ALIAS(\"pnp:d%s*\");\n", id); -@@ -999,7 +999,7 @@ static void dmi_ascii_filter(char *d, const char *s) - static int do_dmi_entry(const char *filename, void *symval, - char *alias) - { -- int i, j; -+ unsigned int i, j; - DEF_FIELD_ADDR(symval, dmi_system_id, matches); - sprintf(alias, "dmi*"); - -diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index 48958d3..d5ccb52 100644 ---- a/scripts/mod/modpost.c -+++ b/scripts/mod/modpost.c -@@ -37,6 +37,7 @@ static int vmlinux_section_warnings = 1; - static int warn_unresolved = 0; - /* How a symbol is exported */ - static int sec_mismatch_count = 0; -+static int writable_fptr_count = 0; - static int sec_mismatch_verbose = 1; - static int sec_mismatch_fatal = 0; - /* ignore missing files */ -@@ -947,6 +948,7 @@ enum mismatch { - ANY_EXIT_TO_ANY_INIT, - EXPORT_TO_INIT_EXIT, - EXTABLE_TO_NON_TEXT, -+ DATA_TO_TEXT - }; - - /** -@@ -1073,6 +1075,12 @@ static const struct sectioncheck sectioncheck[] = { - .good_tosec = {ALL_TEXT_SECTIONS , NULL}, - .mismatch = EXTABLE_TO_NON_TEXT, - .handler = extable_mismatch_handler, -+}, -+/* Do not reference code from writable data */ -+{ -+ .fromsec = { DATA_SECTIONS, NULL }, -+ .bad_tosec = { ALL_TEXT_SECTIONS, NULL }, -+ .mismatch = DATA_TO_TEXT - } - }; - -@@ -1222,10 +1230,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, - continue; - if (ELF_ST_TYPE(sym->st_info) == STT_SECTION) - continue; -- if (sym->st_value == addr) -- return sym; - /* Find a symbol nearby - addr are maybe negative */ - d = sym->st_value - addr; -+ if (d == 0) -+ return sym; - if (d < 0) - d = addr - sym->st_value; - if (d < distance) { -@@ -1384,7 +1392,11 @@ static void report_sec_mismatch(const char *modname, - char *prl_from; - char *prl_to; - -- sec_mismatch_count++; -+ if (mismatch->mismatch == DATA_TO_TEXT) -+ writable_fptr_count++; -+ else -+ sec_mismatch_count++; -+ - if (!sec_mismatch_verbose) - return; - -@@ -1508,6 +1520,14 @@ static void report_sec_mismatch(const char *modname, - fatal("There's a special handler for this mismatch type, " - "we should never get here."); - break; -+ case DATA_TO_TEXT: -+#if 0 -+ fprintf(stderr, -+ "The %s %s:%s references\n" -+ "the %s %s:%s%s\n", -+ from, fromsec, fromsym, to, tosec, tosym, to_p); -+#endif -+ break; - } - fprintf(stderr, "\n"); - } -@@ -1897,7 +1917,7 @@ static void section_rel(const char *modname, struct elf_info *elf, - static void check_sec_ref(struct module *mod, const char *modname, - struct elf_info *elf) - { -- int i; -+ unsigned int i; - Elf_Shdr *sechdrs = elf->sechdrs; - - /* Walk through all sections */ -@@ -2028,7 +2048,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf, - va_end(ap); - } - --void buf_write(struct buffer *buf, const char *s, int len) -+void buf_write(struct buffer *buf, const char *s, unsigned int len) - { - if (buf->size - buf->pos < len) { - buf->size += len + SZ; -@@ -2258,7 +2278,7 @@ static void write_if_changed(struct buffer *b, const char *fname) - if (fstat(fileno(file), &st) < 0) - goto close_write; - -- if (st.st_size != b->pos) -+ if (st.st_size != (off_t)b->pos) - goto close_write; - - tmp = NOFAIL(malloc(b->pos)); -@@ -2496,6 +2516,14 @@ int main(int argc, char **argv) - "Set CONFIG_SECTION_MISMATCH_WARN_ONLY=y to allow them.\n"); - } - } -+ if (writable_fptr_count) { -+ if (!sec_mismatch_verbose) { -+ warn("modpost: Found %d writable function pointer(s).\n" -+ "To see full details build your kernel with:\n" -+ "'make CONFIG_DEBUG_SECTION_MISMATCH=y'\n", -+ writable_fptr_count); -+ } -+ } - - return err; - } -diff --git a/scripts/mod/modpost.h b/scripts/mod/modpost.h -index 6a5e151..f2fbaf5 100644 ---- a/scripts/mod/modpost.h -+++ b/scripts/mod/modpost.h -@@ -98,15 +98,15 @@ void *do_nofail(void *ptr, const char *expr); - - struct buffer { - char *p; -- int pos; -- int size; -+ unsigned int pos; -+ unsigned int size; - }; - - void __attribute__((format(printf, 2, 3))) - buf_printf(struct buffer *buf, const char *fmt, ...); - - void --buf_write(struct buffer *buf, const char *s, int len); -+buf_write(struct buffer *buf, const char *s, unsigned int len); - - struct module { - struct module *next; -diff --git a/scripts/mod/sumversion.c b/scripts/mod/sumversion.c -index 944418d..15291e4 100644 ---- a/scripts/mod/sumversion.c -+++ b/scripts/mod/sumversion.c -@@ -470,7 +470,7 @@ static void write_version(const char *filename, const char *sum, - goto out; - } - -- if (write(fd, sum, strlen(sum)+1) != strlen(sum)+1) { -+ if (write(fd, sum, strlen(sum)+1) != (ssize_t)strlen(sum)+1) { - warn("writing sum in %s failed: %s\n", - filename, strerror(errno)); - goto out; -diff --git a/scripts/module-common.lds b/scripts/module-common.lds -index 73a2c7d..df11b31 100644 ---- a/scripts/module-common.lds -+++ b/scripts/module-common.lds -@@ -6,6 +6,10 @@ - SECTIONS { - /DISCARD/ : { *(.discard) } - -+ .rodata 0: { -+ *(.rodata) *(.rodata.*) -+ *(.data..read_only) -+ } - __ksymtab 0 : { *(SORT(___ksymtab+*)) } - __ksymtab_gpl 0 : { *(SORT(___ksymtab_gpl+*)) } - __ksymtab_unused 0 : { *(SORT(___ksymtab_unused+*)) } -diff --git a/scripts/package/Makefile b/scripts/package/Makefile -index c2c7389..81b8117 100644 ---- a/scripts/package/Makefile -+++ b/scripts/package/Makefile -@@ -40,7 +40,7 @@ if test "$(objtree)" != "$(srctree)"; then \ - fi ; \ - $(srctree)/scripts/setlocalversion --save-scmversion; \ - ln -sf $(srctree) $(2); \ --tar -cz $(RCS_TAR_IGNORE) -f $(2).tar.gz \ -+tar --owner=root --group=root -cz $(RCS_TAR_IGNORE) -f $(2).tar.gz \ - $(addprefix $(2)/,$(TAR_CONTENT) $(3)); \ - rm -f $(2) $(objtree)/.scmversion - -diff --git a/scripts/package/builddeb b/scripts/package/builddeb -index 6c3b038..54e0b5e 100755 ---- a/scripts/package/builddeb -+++ b/scripts/package/builddeb -@@ -326,6 +326,7 @@ fi - (cd $srctree; find arch/$SRCARCH -name module.lds -o -name Kbuild.platforms -o -name Platform) >> "$objtree/debian/hdrsrcfiles" - (cd $srctree; find $(find arch/$SRCARCH -name include -o -name scripts -type d) -type f) >> "$objtree/debian/hdrsrcfiles" - (cd $objtree; find arch/$SRCARCH/include Module.symvers include scripts -type f) >> "$objtree/debian/hdrobjfiles" -+(cd $objtree; find tools/gcc -name \*.so -o -name gcc-common.h) >> "$objtree/debian/hdrobjfiles" - destdir=$kernel_headers_dir/usr/src/linux-headers-$version - mkdir -p "$destdir" - (cd $srctree; tar -c -f - -T -) < "$objtree/debian/hdrsrcfiles" | (cd $destdir; tar -xf -) -diff --git a/scripts/package/mkspec b/scripts/package/mkspec -index fe44d68..3874acb 100755 ---- a/scripts/package/mkspec -+++ b/scripts/package/mkspec -@@ -120,29 +120,40 @@ echo 'rm -f $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE/{build,source}" - echo "mkdir -p "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE" - echo "EXCLUDES=\"$RCS_TAR_IGNORE --exclude .tmp_versions --exclude=*vmlinux* --exclude=*.o --exclude=*.ko --exclude=*.cmd --exclude=Documentation --exclude=firmware --exclude .config.old --exclude .missing-syscalls.d\"" - echo "tar "'$EXCLUDES'" -cf- . | (cd "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE;tar xvf -)" --echo 'cd $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE" --echo "ln -sf /usr/src/kernels/$KERNELRELEASE build" --echo "ln -sf /usr/src/kernels/$KERNELRELEASE source" - fi - - echo "" - echo "%clean" - echo 'rm -rf $RPM_BUILD_ROOT' - echo "" -+echo "%pre" -+echo 'chmod -f 0500 /boot' -+echo 'if [ -d /lib/modules ]; then' -+echo 'chmod -f 0500 /lib/modules' -+echo 'fi' -+echo 'if [ -d /lib32/modules ]; then' -+echo 'chmod -f 0500 /lib32/modules' -+echo 'fi' -+echo 'if [ -d /lib64/modules ]; then' -+echo 'chmod -f 0500 /lib64/modules' -+echo 'fi' -+echo "" -+echo "%post devel" -+echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/build" -+echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/source" -+echo "" - echo "%post" --echo "if [ -x /sbin/installkernel -a -r /boot/vmlinuz-$KERNELRELEASE -a -r /boot/System.map-$KERNELRELEASE ]; then" --echo "cp /boot/vmlinuz-$KERNELRELEASE /boot/.vmlinuz-$KERNELRELEASE-rpm" --echo "cp /boot/System.map-$KERNELRELEASE /boot/.System.map-$KERNELRELEASE-rpm" --echo "rm -f /boot/vmlinuz-$KERNELRELEASE /boot/System.map-$KERNELRELEASE" --echo "/sbin/installkernel $KERNELRELEASE /boot/.vmlinuz-$KERNELRELEASE-rpm /boot/.System.map-$KERNELRELEASE-rpm" --echo "rm -f /boot/.vmlinuz-$KERNELRELEASE-rpm /boot/.System.map-$KERNELRELEASE-rpm" -+echo "if [ -x /sbin/dracut ]; then" -+echo '/sbin/new-kernel-pkg --dracut --mkinitrd --depmod --install --make-default '"$KERNELRELEASE"' || exit $?' -+echo "else" -+echo '/sbin/new-kernel-pkg --mkinitrd --depmod --install --make-default '"$KERNELRELEASE"' || exit $?' - echo "fi" - echo "" - echo "%files" --echo '%defattr (-, root, root)' --echo "/lib/modules/$KERNELRELEASE" -+echo '%defattr (400, root, root, 500)' - echo "%exclude /lib/modules/$KERNELRELEASE/build" - echo "%exclude /lib/modules/$KERNELRELEASE/source" -+echo "/lib/modules/$KERNELRELEASE" - echo "/lib/firmware/$KERNELRELEASE" - echo "/boot/*" - echo "" -@@ -152,9 +163,11 @@ echo "/usr/include" - echo "" - if ! $PREBUILT; then - echo "%files devel" --echo '%defattr (-, root, root)' -+echo '%defattr (400, root, root, 500)' -+echo "%dir /lib/modules/$KERNELRELEASE" - echo "/usr/src/kernels/$KERNELRELEASE" --echo "/lib/modules/$KERNELRELEASE/build" --echo "/lib/modules/$KERNELRELEASE/source" -+echo "%attr (500, root, root) /usr/src/kernels/$KERNELRELEASE/scripts/recordmcount" -+echo "%attr (500, root, root) /usr/src/kernels/$KERNELRELEASE/scripts/basic/fixdep" -+echo "%attr (500, root, root) /usr/src/kernels/$KERNELRELEASE/scripts/mod/modpost" - echo "" - fi -diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c -index 4718d78..9220d58 100644 ---- a/scripts/pnmtologo.c -+++ b/scripts/pnmtologo.c -@@ -244,14 +244,14 @@ static void write_header(void) - fprintf(out, " * Linux logo %s\n", logoname); - fputs(" */\n\n", out); - fputs("#include <linux/linux_logo.h>\n\n", out); -- fprintf(out, "static unsigned char %s_data[] __initdata = {\n", -+ fprintf(out, "static unsigned char %s_data[] = {\n", - logoname); - } - - static void write_footer(void) - { - fputs("\n};\n\n", out); -- fprintf(out, "const struct linux_logo %s __initconst = {\n", logoname); -+ fprintf(out, "const struct linux_logo %s = {\n", logoname); - fprintf(out, "\t.type\t\t= %s,\n", logo_types[logo_type]); - fprintf(out, "\t.width\t\t= %d,\n", logo_width); - fprintf(out, "\t.height\t\t= %d,\n", logo_height); -@@ -381,7 +381,7 @@ static void write_logo_clut224(void) - fputs("\n};\n\n", out); - - /* write logo clut */ -- fprintf(out, "static unsigned char %s_clut[] __initdata = {\n", -+ fprintf(out, "static unsigned char %s_clut[] = {\n", - logoname); - write_hex_cnt = 0; - for (i = 0; i < logo_clutsize; i++) { -diff --git a/scripts/sortextable.h b/scripts/sortextable.h -index ba87004..3f4852c 100644 ---- a/scripts/sortextable.h -+++ b/scripts/sortextable.h -@@ -108,9 +108,9 @@ do_func(Elf_Ehdr *ehdr, char const *const fname, table_sort_t custom_sort) - const char *secstrtab; - const char *strtab; - char *extab_image; -- int extab_index = 0; -- int i; -- int idx; -+ unsigned int extab_index = 0; -+ unsigned int i; -+ unsigned int idx; - unsigned int num_sections; - unsigned int secindex_strings; - -diff --git a/scripts/tags.sh b/scripts/tags.sh -index 23ba1c6..cad2484 100755 ---- a/scripts/tags.sh -+++ b/scripts/tags.sh -@@ -26,7 +26,7 @@ else - fi - - # ignore userspace tools --ignore="$ignore ( -path ${tree}tools ) -prune -o" -+ignore="$ignore ( -path \"${tree}tools/[^g]*\" ) -prune -o" - - # Find all available archs - find_all_archs() -diff --git a/security/Kconfig b/security/Kconfig -index e452378..4388a35 100644 ---- a/security/Kconfig -+++ b/security/Kconfig -@@ -4,6 +4,989 @@ - - menu "Security options" - -+menu "Grsecurity" -+ -+ config ARCH_TRACK_EXEC_LIMIT -+ bool -+ -+ config PAX_KERNEXEC_PLUGIN -+ bool -+ -+ config PAX_PER_CPU_PGD -+ bool -+ -+ config TASK_SIZE_MAX_SHIFT -+ int -+ depends on X86_64 -+ default 47 if !PAX_PER_CPU_PGD -+ default 42 if PAX_PER_CPU_PGD -+ -+ config PAX_ENABLE_PAE -+ bool -+ default y if (X86_32 && (MPENTIUM4 || MK8 || MPSC || MCORE2 || MATOM)) -+ -+ config PAX_USERCOPY_SLABS -+ bool -+ -+config GRKERNSEC -+ bool "Grsecurity" -+ select CRYPTO -+ select CRYPTO_SHA256 -+ select PROC_FS -+ select STOP_MACHINE -+ select TTY -+ select DEBUG_KERNEL -+ select DEBUG_LIST -+ select MULTIUSER -+ help -+ If you say Y here, you will be able to configure many features -+ that will enhance the security of your system. It is highly -+ recommended that you say Y here and read through the help -+ for each option so that you fully understand the features and -+ can evaluate their usefulness for your machine. -+ -+choice -+ prompt "Configuration Method" -+ depends on GRKERNSEC -+ default GRKERNSEC_CONFIG_CUSTOM -+ help -+ -+config GRKERNSEC_CONFIG_AUTO -+ bool "Automatic" -+ help -+ If you choose this configuration method, you'll be able to answer a small -+ number of simple questions about how you plan to use this kernel. -+ The settings of grsecurity and PaX will be automatically configured for -+ the highest commonly-used settings within the provided constraints. -+ -+ If you require additional configuration, custom changes can still be made -+ from the "custom configuration" menu. -+ -+config GRKERNSEC_CONFIG_CUSTOM -+ bool "Custom" -+ help -+ If you choose this configuration method, you'll be able to configure all -+ grsecurity and PaX settings manually. Via this method, no options are -+ automatically enabled. -+ -+ Take note that if menuconfig is exited with this configuration method -+ chosen, you will not be able to use the automatic configuration methods -+ without starting again with a kernel configuration with no grsecurity -+ or PaX options specified inside. -+ -+endchoice -+ -+choice -+ prompt "Usage Type" -+ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO) -+ default GRKERNSEC_CONFIG_SERVER -+ help -+ -+config GRKERNSEC_CONFIG_SERVER -+ bool "Server" -+ help -+ Choose this option if you plan to use this kernel on a server. -+ -+config GRKERNSEC_CONFIG_DESKTOP -+ bool "Desktop" -+ help -+ Choose this option if you plan to use this kernel on a desktop. -+ -+endchoice -+ -+choice -+ prompt "Virtualization Type" -+ depends on (GRKERNSEC && X86 && GRKERNSEC_CONFIG_AUTO) -+ default GRKERNSEC_CONFIG_VIRT_NONE -+ help -+ -+config GRKERNSEC_CONFIG_VIRT_NONE -+ bool "None" -+ help -+ Choose this option if this kernel will be run on bare metal. -+ -+config GRKERNSEC_CONFIG_VIRT_GUEST -+ bool "Guest" -+ help -+ Choose this option if this kernel will be run as a VM guest. -+ -+config GRKERNSEC_CONFIG_VIRT_HOST -+ bool "Host" -+ help -+ Choose this option if this kernel will be run as a VM host. -+ -+endchoice -+ -+choice -+ prompt "Virtualization Hardware" -+ depends on (GRKERNSEC && X86 && GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_GUEST || GRKERNSEC_CONFIG_VIRT_HOST)) -+ help -+ -+config GRKERNSEC_CONFIG_VIRT_EPT -+ bool "EPT/RVI Processor Support" -+ depends on X86 -+ help -+ Choose this option if your CPU supports the EPT or RVI features of 2nd-gen -+ hardware virtualization. This allows for additional kernel hardening protections -+ to operate without additional performance impact. -+ -+ To see if your Intel processor supports EPT, see: -+ http://ark.intel.com/Products/VirtualizationTechnology -+ (Most Core i3/5/7 support EPT) -+ -+ To see if your AMD processor supports RVI, see: -+ http://support.amd.com/us/kbarticles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx -+ -+config GRKERNSEC_CONFIG_VIRT_SOFT -+ bool "First-gen/No Hardware Virtualization" -+ help -+ Choose this option if you use an Atom/Pentium/Core 2 processor that either doesn't -+ support hardware virtualization or doesn't support the EPT/RVI extensions. -+ -+endchoice -+ -+choice -+ prompt "Virtualization Software" -+ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_GUEST || GRKERNSEC_CONFIG_VIRT_HOST)) -+ help -+ -+config GRKERNSEC_CONFIG_VIRT_XEN -+ bool "Xen" -+ help -+ Choose this option if this kernel is running as a Xen guest or host. -+ -+config GRKERNSEC_CONFIG_VIRT_VMWARE -+ bool "VMWare" -+ help -+ Choose this option if this kernel is running as a VMWare guest or host. -+ -+config GRKERNSEC_CONFIG_VIRT_KVM -+ bool "KVM" -+ help -+ Choose this option if this kernel is running as a KVM guest or host. -+ -+config GRKERNSEC_CONFIG_VIRT_VIRTUALBOX -+ bool "VirtualBox" -+ help -+ Choose this option if this kernel is running as a VirtualBox guest or host. -+ -+config GRKERNSEC_CONFIG_VIRT_HYPERV -+ bool "Hyper-V" -+ help -+ Choose this option if this kernel is running as a Hyper-V guest. -+ -+endchoice -+ -+choice -+ prompt "Required Priorities" -+ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO) -+ default GRKERNSEC_CONFIG_PRIORITY_PERF -+ help -+ -+config GRKERNSEC_CONFIG_PRIORITY_PERF -+ bool "Performance" -+ help -+ Choose this option if performance is of highest priority for this deployment -+ of grsecurity. Features like UDEREF on a 64bit kernel, kernel stack clearing, -+ clearing of structures intended for userland, and freed memory sanitizing will -+ be disabled. -+ -+config GRKERNSEC_CONFIG_PRIORITY_SECURITY -+ bool "Security" -+ help -+ Choose this option if security is of highest priority for this deployment of -+ grsecurity. UDEREF, kernel stack clearing, clearing of structures intended -+ for userland, and freed memory sanitizing will be enabled for this kernel. -+ In a worst-case scenario, these features can introduce a 20% performance hit -+ (UDEREF on x64 contributing half of this hit). -+ -+endchoice -+ -+menu "Default Special Groups" -+depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO) -+ -+config GRKERNSEC_PROC_GID -+ int "GID exempted from /proc restrictions" -+ default 1001 -+ help -+ Setting this GID determines which group will be exempted from -+ grsecurity's /proc restrictions, allowing users of the specified -+ group to view network statistics and the existence of other users' -+ processes on the system. This GID may also be chosen at boot time -+ via "grsec_proc_gid=" on the kernel commandline. -+ -+config GRKERNSEC_TPE_UNTRUSTED_GID -+ int "GID for TPE-untrusted users" -+ depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT -+ default 1005 -+ help -+ Setting this GID determines which group untrusted users should -+ be added to. These users will be placed under grsecurity's Trusted Path -+ Execution mechanism, preventing them from executing their own binaries. -+ The users will only be able to execute binaries in directories owned and -+ writable only by the root user. If the sysctl option is enabled, a sysctl -+ option with name "tpe_gid" is created. -+ -+config GRKERNSEC_TPE_TRUSTED_GID -+ int "GID for TPE-trusted users" -+ depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT -+ default 1005 -+ help -+ Setting this GID determines what group TPE restrictions will be -+ *disabled* for. If the sysctl option is enabled, a sysctl option -+ with name "tpe_gid" is created. -+ -+config GRKERNSEC_SYMLINKOWN_GID -+ int "GID for users with kernel-enforced SymlinksIfOwnerMatch" -+ depends on GRKERNSEC_CONFIG_SERVER -+ default 1006 -+ help -+ Setting this GID determines what group kernel-enforced -+ SymlinksIfOwnerMatch will be enabled for. If the sysctl option -+ is enabled, a sysctl option with name "symlinkown_gid" is created. -+ -+ -+endmenu -+ -+menu "Customize Configuration" -+depends on GRKERNSEC -+ -+menu "PaX" -+ -+config PAX -+ bool "Enable various PaX features" -+ default y if GRKERNSEC_CONFIG_AUTO -+ depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS || PARISC || PPC || SPARC || X86) -+ help -+ This allows you to enable various PaX features. PaX adds -+ intrusion prevention mechanisms to the kernel that reduce -+ the risks posed by exploitable memory corruption bugs. -+ -+menu "PaX Control" -+ depends on PAX -+ -+config PAX_SOFTMODE -+ bool 'Support soft mode' -+ help -+ Enabling this option will allow you to run PaX in soft mode, that -+ is, PaX features will not be enforced by default, only on executables -+ marked explicitly. You must also enable PT_PAX_FLAGS or XATTR_PAX_FLAGS -+ support as they are the only way to mark executables for soft mode use. -+ -+ Soft mode can be activated by using the "pax_softmode=1" kernel command -+ line option on boot. Furthermore you can control various PaX features -+ at runtime via the entries in /proc/sys/kernel/pax. -+ -+config PAX_EI_PAX -+ bool 'Use legacy ELF header marking' -+ default y if GRKERNSEC_CONFIG_AUTO -+ help -+ Enabling this option will allow you to control PaX features on -+ a per executable basis via the 'chpax' utility available at -+ http://pax.grsecurity.net/. The control flags will be read from -+ an otherwise reserved part of the ELF header. This marking has -+ numerous drawbacks (no support for soft-mode, toolchain does not -+ know about the non-standard use of the ELF header) therefore it -+ has been deprecated in favour of PT_PAX_FLAGS and XATTR_PAX_FLAGS -+ support. -+ -+ Note that if you enable PT_PAX_FLAGS or XATTR_PAX_FLAGS marking -+ support as well, they will override the legacy EI_PAX marks. -+ -+ If you enable none of the marking options then all applications -+ will run with PaX enabled on them by default. -+ -+config PAX_PT_PAX_FLAGS -+ bool 'Use ELF program header marking' -+ default y if GRKERNSEC_CONFIG_AUTO -+ help -+ Enabling this option will allow you to control PaX features on -+ a per executable basis via the 'paxctl' utility available at -+ http://pax.grsecurity.net/. The control flags will be read from -+ a PaX specific ELF program header (PT_PAX_FLAGS). This marking -+ has the benefits of supporting both soft mode and being fully -+ integrated into the toolchain (the binutils patch is available -+ from http://pax.grsecurity.net). -+ -+ Note that if you enable the legacy EI_PAX marking support as well, -+ the EI_PAX marks will be overridden by the PT_PAX_FLAGS marks. -+ -+ If you enable both PT_PAX_FLAGS and XATTR_PAX_FLAGS support then you -+ must make sure that the marks are the same if a binary has both marks. -+ -+ If you enable none of the marking options then all applications -+ will run with PaX enabled on them by default. -+ -+config PAX_XATTR_PAX_FLAGS -+ bool 'Use filesystem extended attributes marking' -+ default y if GRKERNSEC_CONFIG_AUTO -+ select CIFS_XATTR if CIFS -+ select EXT2_FS_XATTR if EXT2_FS -+ select EXT3_FS_XATTR if EXT3_FS -+ select F2FS_FS_XATTR if F2FS_FS -+ select JFFS2_FS_XATTR if JFFS2_FS -+ select REISERFS_FS_XATTR if REISERFS_FS -+ select SQUASHFS_XATTR if SQUASHFS -+ select TMPFS_XATTR if TMPFS -+ help -+ Enabling this option will allow you to control PaX features on -+ a per executable basis via the 'setfattr' utility. The control -+ flags will be read from the user.pax.flags extended attribute of -+ the file. This marking has the benefit of supporting binary-only -+ applications that self-check themselves (e.g., skype) and would -+ not tolerate chpax/paxctl changes. The main drawback is that -+ extended attributes are not supported by some filesystems (e.g., -+ isofs, udf, vfat) so copying files through such filesystems will -+ lose the extended attributes and these PaX markings. -+ -+ Note that if you enable the legacy EI_PAX marking support as well, -+ the EI_PAX marks will be overridden by the XATTR_PAX_FLAGS marks. -+ -+ If you enable both PT_PAX_FLAGS and XATTR_PAX_FLAGS support then you -+ must make sure that the marks are the same if a binary has both marks. -+ -+ If you enable none of the marking options then all applications -+ will run with PaX enabled on them by default. -+ -+choice -+ prompt 'MAC system integration' -+ default PAX_HAVE_ACL_FLAGS -+ help -+ Mandatory Access Control systems have the option of controlling -+ PaX flags on a per executable basis, choose the method supported -+ by your particular system. -+ -+ - "none": if your MAC system does not interact with PaX, -+ - "direct": if your MAC system defines pax_set_initial_flags() itself, -+ - "hook": if your MAC system uses the pax_set_initial_flags_func callback. -+ -+ NOTE: this option is for developers/integrators only. -+ -+ config PAX_NO_ACL_FLAGS -+ bool 'none' -+ -+ config PAX_HAVE_ACL_FLAGS -+ bool 'direct' -+ -+ config PAX_HOOK_ACL_FLAGS -+ bool 'hook' -+endchoice -+ -+endmenu -+ -+menu "Non-executable pages" -+ depends on PAX -+ -+config PAX_NOEXEC -+ bool "Enforce non-executable pages" -+ default y if GRKERNSEC_CONFIG_AUTO -+ depends on ALPHA || (ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86 -+ help -+ By design some architectures do not allow for protecting memory -+ pages against execution or even if they do, Linux does not make -+ use of this feature. In practice this means that if a page is -+ readable (such as the stack or heap) it is also executable. -+ -+ There is a well known exploit technique that makes use of this -+ fact and a common programming mistake where an attacker can -+ introduce code of his choice somewhere in the attacked program's -+ memory (typically the stack or the heap) and then execute it. -+ -+ If the attacked program was running with different (typically -+ higher) privileges than that of the attacker, then he can elevate -+ his own privilege level (e.g. get a root shell, write to files for -+ which he does not have write access to, etc). -+ -+ Enabling this option will let you choose from various features -+ that prevent the injection and execution of 'foreign' code in -+ a program. -+ -+ This will also break programs that rely on the old behaviour and -+ expect that dynamically allocated memory via the malloc() family -+ of functions is executable (which it is not). Notable examples -+ are the XFree86 4.x server, the java runtime and wine. -+ -+config PAX_PAGEEXEC -+ bool "Paging based non-executable pages" -+ default y if GRKERNSEC_CONFIG_AUTO -+ depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MATOM || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7) -+ select ARCH_TRACK_EXEC_LIMIT if X86_32 -+ help -+ This implementation is based on the paging feature of the CPU. -+ On i386 without hardware non-executable bit support there is a -+ variable but usually low performance impact, however on Intel's -+ P4 core based CPUs it is very high so you should not enable this -+ for kernels meant to be used on such CPUs. -+ -+ On alpha, avr32, ia64, parisc, sparc, sparc64, x86_64 and i386 -+ with hardware non-executable bit support there is no performance -+ impact, on ppc the impact is negligible. -+ -+ Note that several architectures require various emulations due to -+ badly designed userland ABIs, this will cause a performance impact -+ but will disappear as soon as userland is fixed. For example, ppc -+ userland MUST have been built with secure-plt by a recent toolchain. -+ -+config PAX_SEGMEXEC -+ bool "Segmentation based non-executable pages" -+ default y if GRKERNSEC_CONFIG_AUTO -+ depends on PAX_NOEXEC && X86_32 -+ help -+ This implementation is based on the segmentation feature of the -+ CPU and has a very small performance impact, however applications -+ will be limited to a 1.5 GB address space instead of the normal -+ 3 GB. -+ -+config PAX_EMUTRAMP -+ bool "Emulate trampolines" -+ default y if PARISC || GRKERNSEC_CONFIG_AUTO -+ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86) -+ help -+ There are some programs and libraries that for one reason or -+ another attempt to execute special small code snippets from -+ non-executable memory pages. Most notable examples are the -+ signal handler return code generated by the kernel itself and -+ the GCC trampolines. -+ -+ If you enabled CONFIG_PAX_PAGEEXEC or CONFIG_PAX_SEGMEXEC then -+ such programs will no longer work under your kernel. -+ -+ As a remedy you can say Y here and use the 'chpax' or 'paxctl' -+ utilities to enable trampoline emulation for the affected programs -+ yet still have the protection provided by the non-executable pages. -+ -+ On parisc you MUST enable this option and EMUSIGRT as well, otherwise -+ your system will not even boot. -+ -+ Alternatively you can say N here and use the 'chpax' or 'paxctl' -+ utilities to disable CONFIG_PAX_PAGEEXEC and CONFIG_PAX_SEGMEXEC -+ for the affected files. -+ -+ NOTE: enabling this feature *may* open up a loophole in the -+ protection provided by non-executable pages that an attacker -+ could abuse. Therefore the best solution is to not have any -+ files on your system that would require this option. This can -+ be achieved by not using libc5 (which relies on the kernel -+ signal handler return code) and not using or rewriting programs -+ that make use of the nested function implementation of GCC. -+ Skilled users can just fix GCC itself so that it implements -+ nested function calls in a way that does not interfere with PaX. -+ -+config PAX_EMUSIGRT -+ bool "Automatically emulate sigreturn trampolines" -+ depends on PAX_EMUTRAMP && PARISC -+ default y -+ help -+ Enabling this option will have the kernel automatically detect -+ and emulate signal return trampolines executing on the stack -+ that would otherwise lead to task termination. -+ -+ This solution is intended as a temporary one for users with -+ legacy versions of libc (libc5, glibc 2.0, uClibc before 0.9.17, -+ Modula-3 runtime, etc) or executables linked to such, basically -+ everything that does not specify its own SA_RESTORER function in -+ normal executable memory like glibc 2.1+ does. -+ -+ On parisc you MUST enable this option, otherwise your system will -+ not even boot. -+ -+ NOTE: this feature cannot be disabled on a per executable basis -+ and since it *does* open up a loophole in the protection provided -+ by non-executable pages, the best solution is to not have any -+ files on your system that would require this option. -+ -+config PAX_MPROTECT -+ bool "Restrict mprotect()" -+ default y if GRKERNSEC_CONFIG_AUTO -+ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) -+ help -+ Enabling this option will prevent programs from -+ - changing the executable status of memory pages that were -+ not originally created as executable, -+ - making read-only executable pages writable again, -+ - creating executable pages from anonymous memory, -+ - making read-only-after-relocations (RELRO) data pages writable again. -+ -+ You should say Y here to complete the protection provided by -+ the enforcement of non-executable pages. -+ -+ NOTE: you can use the 'chpax' or 'paxctl' utilities to control -+ this feature on a per file basis. -+ -+config PAX_MPROTECT_COMPAT -+ bool "Use legacy/compat protection demoting (read help)" -+ depends on PAX_MPROTECT -+ default n -+ help -+ The current implementation of PAX_MPROTECT denies RWX allocations/mprotects -+ by sending the proper error code to the application. For some older -+ userland, this can cause problems with applications that assume such -+ allocations will not be prevented by PaX or SELinux and other access -+ control systems and have no fallback mechanisms. For modern distros, -+ this option should generally be set to 'N'. -+ -+config PAX_ELFRELOCS -+ bool "Allow ELF text relocations (read help)" -+ depends on PAX_MPROTECT -+ default n -+ help -+ Non-executable pages and mprotect() restrictions are effective -+ in preventing the introduction of new executable code into an -+ attacked task's address space. There remain only two venues -+ for this kind of attack: if the attacker can execute already -+ existing code in the attacked task then he can either have it -+ create and mmap() a file containing his code or have it mmap() -+ an already existing ELF library that does not have position -+ independent code in it and use mprotect() on it to make it -+ writable and copy his code there. While protecting against -+ the former approach is beyond PaX, the latter can be prevented -+ by having only PIC ELF libraries on one's system (which do not -+ need to relocate their code). If you are sure this is your case, -+ as is the case with all modern Linux distributions, then leave -+ this option disabled. You should say 'n' here. -+ -+config PAX_ETEXECRELOCS -+ bool "Allow ELF ET_EXEC text relocations" -+ depends on PAX_MPROTECT && (ALPHA || IA64 || PARISC) -+ select PAX_ELFRELOCS -+ default y -+ help -+ On some architectures there are incorrectly created applications -+ that require text relocations and would not work without enabling -+ this option. If you are an alpha, ia64 or parisc user, you should -+ enable this option and disable it once you have made sure that -+ none of your applications need it. -+ -+config PAX_EMUPLT -+ bool "Automatically emulate ELF PLT" -+ depends on PAX_MPROTECT && (ALPHA || PARISC || SPARC) -+ default y -+ help -+ Enabling this option will have the kernel automatically detect -+ and emulate the Procedure Linkage Table entries in ELF files. -+ On some architectures such entries are in writable memory, and -+ become non-executable leading to task termination. Therefore -+ it is mandatory that you enable this option on alpha, parisc, -+ sparc and sparc64, otherwise your system would not even boot. -+ -+ NOTE: this feature *does* open up a loophole in the protection -+ provided by the non-executable pages, therefore the proper -+ solution is to modify the toolchain to produce a PLT that does -+ not need to be writable. -+ -+config PAX_DLRESOLVE -+ bool 'Emulate old glibc resolver stub' -+ depends on PAX_EMUPLT && SPARC -+ default n -+ help -+ This option is needed if userland has an old glibc (before 2.4) -+ that puts a 'save' instruction into the runtime generated resolver -+ stub that needs special emulation. -+ -+config PAX_KERNEXEC -+ bool "Enforce non-executable kernel pages" -+ default y if GRKERNSEC_CONFIG_AUTO && (!X86 || GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM)) -+ depends on (X86 || (ARM && (CPU_V6 || CPU_V6K || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN -+ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE) -+ select PAX_KERNEXEC_PLUGIN if X86_64 -+ select ARM_KERNMEM_PERMS if ARM -+ help -+ This is the kernel land equivalent of PAGEEXEC and MPROTECT, -+ that is, enabling this option will make it harder to inject -+ and execute 'foreign' code in kernel memory itself. -+ -+ Note that on amd64, CONFIG_EFI enabled with "efi=old_map" on -+ the kernel command-line will result in an RWX physical map. -+ -+ Likewise, the EFI runtime services are necessarily mapped as -+ RWX. If CONFIG_EFI is enabled on an EFI-capable system, it -+ is recommended that you boot with "noefi" on the kernel -+ command-line if possible to eliminate the mapping. -+ -+choice -+ prompt "Return Address Instrumentation Method" -+ default PAX_KERNEXEC_PLUGIN_METHOD_BTS -+ depends on PAX_KERNEXEC_PLUGIN -+ help -+ Select the method used to instrument function pointer dereferences. -+ Note that binary modules cannot be instrumented by this approach. -+ -+ Note that the implementation requires a gcc with plugin support, -+ i.e., gcc 4.5 or newer. You may need to install the supporting -+ headers explicitly in addition to the normal gcc package. -+ -+ config PAX_KERNEXEC_PLUGIN_METHOD_BTS -+ bool "bts" -+ help -+ This method is compatible with binary only modules but has -+ a higher runtime overhead. -+ -+ config PAX_KERNEXEC_PLUGIN_METHOD_OR -+ bool "or" -+ depends on !PARAVIRT -+ help -+ This method is incompatible with binary only modules but has -+ a lower runtime overhead. -+endchoice -+ -+config PAX_KERNEXEC_PLUGIN_METHOD -+ string -+ default "bts" if PAX_KERNEXEC_PLUGIN_METHOD_BTS -+ default "or" if PAX_KERNEXEC_PLUGIN_METHOD_OR -+ default "" -+ -+config PAX_KERNEXEC_MODULE_TEXT -+ int "Minimum amount of memory reserved for module code" -+ default "8" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER) -+ default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP) -+ depends on PAX_KERNEXEC && X86_32 -+ help -+ Due to implementation details the kernel must reserve a fixed -+ amount of memory for runtime allocated code (such as modules) -+ at compile time that cannot be changed at runtime. Here you -+ can specify the minimum amount in MB that will be reserved. -+ Due to the same implementation details this size will always -+ be rounded up to the next 2/4 MB boundary (depends on PAE) so -+ the actually available memory for runtime allocated code will -+ usually be more than this minimum. -+ -+ The default 4 MB should be enough for most users but if you have -+ an excessive number of modules (e.g., most distribution configs -+ compile many drivers as modules) or use huge modules such as -+ nvidia's kernel driver, you will need to adjust this amount. -+ A good rule of thumb is to look at your currently loaded kernel -+ modules and add up their sizes. -+ -+endmenu -+ -+menu "Address Space Layout Randomization" -+ depends on PAX -+ -+config PAX_ASLR -+ bool "Address Space Layout Randomization" -+ default y if GRKERNSEC_CONFIG_AUTO -+ help -+ Many if not most exploit techniques rely on the knowledge of -+ certain addresses in the attacked program. The following options -+ will allow the kernel to apply a certain amount of randomization -+ to specific parts of the program thereby forcing an attacker to -+ guess them in most cases. Any failed guess will most likely crash -+ the attacked program which allows the kernel to detect such attempts -+ and react on them. PaX itself provides no reaction mechanisms, -+ instead it is strongly encouraged that you make use of grsecurity's -+ (http://www.grsecurity.net/) built-in crash detection features or -+ develop one yourself. -+ -+ By saying Y here you can choose to randomize the following areas: -+ - top of the task's kernel stack -+ - top of the task's userland stack -+ - base address for mmap() requests that do not specify one -+ (this includes all libraries) -+ - base address of the main executable -+ -+ It is strongly recommended to say Y here as address space layout -+ randomization has negligible impact on performance yet it provides -+ a very effective protection. -+ -+ NOTE: you can use the 'chpax' or 'paxctl' utilities to control -+ this feature on a per file basis. -+ -+config PAX_RANDKSTACK -+ bool "Randomize kernel stack base" -+ default y if GRKERNSEC_CONFIG_AUTO && !(GRKERNSEC_CONFIG_VIRT_HOST && GRKERNSEC_CONFIG_VIRT_VIRTUALBOX) -+ depends on X86_TSC && X86 -+ help -+ By saying Y here the kernel will randomize every task's kernel -+ stack on every system call. This will not only force an attacker -+ to guess it but also prevent him from making use of possible -+ leaked information about it. -+ -+ Since the kernel stack is a rather scarce resource, randomization -+ may cause unexpected stack overflows, therefore you should very -+ carefully test your system. Note that once enabled in the kernel -+ configuration, this feature cannot be disabled on a per file basis. -+ -+config PAX_RANDUSTACK -+ bool -+ -+config PAX_RANDMMAP -+ bool "Randomize user stack and mmap() bases" -+ default y if GRKERNSEC_CONFIG_AUTO -+ depends on PAX_ASLR -+ select PAX_RANDUSTACK -+ help -+ By saying Y here the kernel will randomize every task's userland -+ stack and use a randomized base address for mmap() requests that -+ do not specify one themselves. -+ -+ The stack randomization is done in two steps where the second -+ one may apply a big amount of shift to the top of the stack and -+ cause problems for programs that want to use lots of memory (more -+ than 2.5 GB if SEGMEXEC is not active, or 1.25 GB when it is). -+ -+ As a result of mmap randomization all dynamically loaded libraries -+ will appear at random addresses and therefore be harder to exploit -+ by a technique where an attacker attempts to execute library code -+ for his purposes (e.g. spawn a shell from an exploited program that -+ is running at an elevated privilege level). -+ -+ Furthermore, if a program is relinked as a dynamic ELF file, its -+ base address will be randomized as well, completing the full -+ randomization of the address space layout. Attacking such programs -+ becomes a guess game. You can find an example of doing this at -+ http://pax.grsecurity.net/et_dyn.tar.gz and practical samples at -+ http://www.grsecurity.net/grsec-gcc-specs.tar.gz . -+ -+ NOTE: you can use the 'chpax' or 'paxctl' utilities to control this -+ feature on a per file basis. -+ -+endmenu -+ -+menu "Miscellaneous hardening features" -+ -+config PAX_MEMORY_SANITIZE -+ bool "Sanitize all freed memory" -+ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY) -+ help -+ By saying Y here the kernel will erase memory pages and slab objects -+ as soon as they are freed. This in turn reduces the lifetime of data -+ stored in them, making it less likely that sensitive information such -+ as passwords, cryptographic secrets, etc stay in memory for too long. -+ -+ This is especially useful for programs whose runtime is short, long -+ lived processes and the kernel itself benefit from this as long as -+ they ensure timely freeing of memory that may hold sensitive -+ information. -+ -+ A nice side effect of the sanitization of slab objects is the -+ reduction of possible info leaks caused by padding bytes within the -+ leaky structures. Use-after-free bugs for structures containing -+ pointers can also be detected as dereferencing the sanitized pointer -+ will generate an access violation. -+ -+ The tradeoff is performance impact, on a single CPU system kernel -+ compilation sees a 3% slowdown, other systems and workloads may vary -+ and you are advised to test this feature on your expected workload -+ before deploying it. -+ -+ The slab sanitization feature excludes a few slab caches per default -+ for performance reasons. To extend the feature to cover those as -+ well, pass "pax_sanitize_slab=full" as kernel command line parameter. -+ -+ To reduce the performance penalty by sanitizing pages only, albeit -+ limiting the effectiveness of this feature at the same time, slab -+ sanitization can be disabled with the kernel command line parameter -+ "pax_sanitize_slab=off". -+ -+ Note that this feature does not protect data stored in live pages, -+ e.g., process memory swapped to disk may stay there for a long time. -+ -+config PAX_MEMORY_STACKLEAK -+ bool "Sanitize kernel stack" -+ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY) -+ depends on X86 -+ help -+ By saying Y here the kernel will erase the kernel stack before it -+ returns from a system call. This in turn reduces the information -+ that a kernel stack leak bug can reveal. -+ -+ Note that such a bug can still leak information that was put on -+ the stack by the current system call (the one eventually triggering -+ the bug) but traces of earlier system calls on the kernel stack -+ cannot leak anymore. -+ -+ The tradeoff is performance impact: on a single CPU system kernel -+ compilation sees a 1% slowdown, other systems and workloads may vary -+ and you are advised to test this feature on your expected workload -+ before deploying it. -+ -+ Note that the full feature requires a gcc with plugin support, -+ i.e., gcc 4.5 or newer. You may need to install the supporting -+ headers explicitly in addition to the normal gcc package. Using -+ older gcc versions means that functions with large enough stack -+ frames may leave uninitialized memory behind that may be exposed -+ to a later syscall leaking the stack. -+ -+config PAX_MEMORY_STRUCTLEAK -+ bool "Forcibly initialize local variables copied to userland" -+ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY) -+ help -+ By saying Y here the kernel will zero initialize some local -+ variables that are going to be copied to userland. This in -+ turn prevents unintended information leakage from the kernel -+ stack should later code forget to explicitly set all parts of -+ the copied variable. -+ -+ The tradeoff is less performance impact than PAX_MEMORY_STACKLEAK -+ at a much smaller coverage. -+ -+ Note that the implementation requires a gcc with plugin support, -+ i.e., gcc 4.5 or newer. You may need to install the supporting -+ headers explicitly in addition to the normal gcc package. -+ -+config PAX_MEMORY_UDEREF -+ bool "Prevent invalid userland pointer dereference" -+ default y if GRKERNSEC_CONFIG_AUTO && !(X86_64 && GRKERNSEC_CONFIG_PRIORITY_PERF) && !(X86_64 && GRKERNSEC_CONFIG_VIRT_HOST && GRKERNSEC_CONFIG_VIRT_VIRTUALBOX) && (!X86 || GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT) -+ depends on (X86 || (ARM && (CPU_V6 || CPU_V6K || CPU_V7) && !ARM_LPAE)) && !UML_X86 && !XEN -+ select PAX_PER_CPU_PGD if X86_64 -+ help -+ By saying Y here the kernel will be prevented from dereferencing -+ userland pointers in contexts where the kernel expects only kernel -+ pointers. This is both a useful runtime debugging feature and a -+ security measure that prevents exploiting a class of kernel bugs. -+ -+ The tradeoff is that some virtualization solutions may experience -+ a huge slowdown and therefore you should not enable this feature -+ for kernels meant to run in such environments. Whether a given VM -+ solution is affected or not is best determined by simply trying it -+ out, the performance impact will be obvious right on boot as this -+ mechanism engages from very early on. A good rule of thumb is that -+ VMs running on CPUs without hardware virtualization support (i.e., -+ the majority of IA-32 CPUs) will likely experience the slowdown. -+ -+ On X86_64 the kernel will make use of PCID support when available -+ (Intel's Westmere, Sandy Bridge, etc) for better security (default) -+ or performance impact. Pass pax_weakuderef on the kernel command -+ line to choose the latter. -+ -+config PAX_REFCOUNT -+ bool "Prevent various kernel object reference counter overflows" -+ default y if GRKERNSEC_CONFIG_AUTO -+ depends on GRKERNSEC && ((ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || MIPS || PPC || SPARC64 || X86) -+ help -+ By saying Y here the kernel will detect and prevent overflowing -+ various (but not all) kinds of object reference counters. Such -+ overflows can normally occur due to bugs only and are often, if -+ not always, exploitable. -+ -+ The tradeoff is that data structures protected by an overflowed -+ refcount will never be freed and therefore will leak memory. Note -+ that this leak also happens even without this protection but in -+ that case the overflow can eventually trigger the freeing of the -+ data structure while it is still being used elsewhere, resulting -+ in the exploitable situation that this feature prevents. -+ -+ Since this has a negligible performance impact, you should enable -+ this feature. -+ -+config PAX_CONSTIFY_PLUGIN -+ bool "Automatically constify eligible structures" -+ default y -+ depends on !UML && PAX_KERNEXEC -+ help -+ By saying Y here the compiler will automatically constify a class -+ of types that contain only function pointers. This reduces the -+ kernel's attack surface and also produces a better memory layout. -+ -+ Note that the implementation requires a gcc with plugin support, -+ i.e., gcc 4.5 or newer. You may need to install the supporting -+ headers explicitly in addition to the normal gcc package. -+ -+ Note that if some code really has to modify constified variables -+ then the source code will have to be patched to allow it. Examples -+ can be found in PaX itself (the no_const attribute) and for some -+ out-of-tree modules at http://www.grsecurity.net/~paxguy1/ . -+ -+config PAX_USERCOPY -+ bool "Harden heap object copies between kernel and userland" -+ default y if GRKERNSEC_CONFIG_AUTO -+ depends on ARM || IA64 || PPC || SPARC || X86 -+ depends on GRKERNSEC && (SLAB || SLUB || SLOB) -+ select PAX_USERCOPY_SLABS -+ help -+ By saying Y here the kernel will enforce the size of heap objects -+ when they are copied in either direction between the kernel and -+ userland, even if only a part of the heap object is copied. -+ -+ Specifically, this checking prevents information leaking from the -+ kernel heap during kernel to userland copies (if the kernel heap -+ object is otherwise fully initialized) and prevents kernel heap -+ overflows during userland to kernel copies. -+ -+ Note that the current implementation provides the strictest bounds -+ checks for the SLUB allocator. -+ -+ Enabling this option also enables per-slab cache protection against -+ data in a given cache being copied into/out of via userland -+ accessors. Though the whitelist of regions will be reduced over -+ time, it notably protects important data structures like task structs. -+ -+ If frame pointers are enabled on x86, this option will also restrict -+ copies into and out of the kernel stack to local variables within a -+ single frame. -+ -+ Since this has a negligible performance impact, you should enable -+ this feature. -+ -+config PAX_USERCOPY_DEBUG -+ bool -+ depends on X86 && PAX_USERCOPY -+ default n -+ -+config PAX_SIZE_OVERFLOW -+ bool "Prevent various integer overflows in function size parameters" -+ default y if GRKERNSEC_CONFIG_AUTO -+ help -+ By saying Y here the kernel recomputes expressions of function -+ arguments marked by a size_overflow attribute with double integer -+ precision (DImode/TImode for 32/64 bit integer types). -+ -+ The recomputed argument is checked against TYPE_MAX and an event -+ is logged on overflow and the triggering process is killed. -+ -+ Homepage: https://github.com/ephox-gcc-plugins -+ -+ Note that the implementation requires a gcc with plugin support, -+ i.e., gcc 4.5 or newer. You may need to install the supporting -+ headers explicitly in addition to the normal gcc package. -+ -+config PAX_LATENT_ENTROPY -+ bool "Generate some entropy during boot and runtime" -+ default y if GRKERNSEC_CONFIG_AUTO -+ help -+ By saying Y here the kernel will instrument some kernel code to -+ extract some entropy from both original and artificially created -+ program state. This will help especially embedded systems where -+ there is little 'natural' source of entropy normally. The cost -+ is some slowdown of the boot process and fork and irq processing. -+ -+ When pax_extra_latent_entropy is passed on the kernel command line, -+ entropy will be extracted from up to the first 4GB of RAM while the -+ runtime memory allocator is being initialized. This costs even more -+ slowdown of the boot process. -+ -+ Note that the implementation requires a gcc with plugin support, -+ i.e., gcc 4.5 or newer. You may need to install the supporting -+ headers explicitly in addition to the normal gcc package. -+ -+ Note that entropy extracted this way is not cryptographically -+ secure! -+ -+config PAX_RAP -+ bool "Prevent code reuse attacks" -+ depends on X86_64 -+ default y if GRKERNSEC_CONFIG_AUTO -+ help -+ By saying Y here the kernel will check indirect control transfers -+ in order to detect and prevent attacks that try to hijack control -+ flow by overwriting code pointers. -+ -+ Note that binary modules cannot be instrumented by this approach. -+ -+ Note that the implementation requires a gcc with plugin support, -+ i.e., gcc 4.5 or newer. You may need to install the supporting -+ headers explicitly in addition to the normal gcc package. -+ -+endmenu -+ -+endmenu -+ -+source grsecurity/Kconfig -+ -+endmenu -+ -+endmenu -+ - source security/keys/Kconfig - - config SECURITY_DMESG_RESTRICT -@@ -104,7 +1087,7 @@ config INTEL_TXT - config LSM_MMAP_MIN_ADDR - int "Low address space for LSM to protect from user allocation" - depends on SECURITY && SECURITY_SELINUX -- default 32768 if ARM || (ARM64 && COMPAT) -+ default 32768 if ALPHA || ARM || (ARM64 && COMPAT) || PARISC || SPARC32 - default 65536 - help - This is the portion of low virtual memory which should be protected -diff --git a/security/apparmor/file.c b/security/apparmor/file.c -index 913f377..6e392d5 100644 ---- a/security/apparmor/file.c -+++ b/security/apparmor/file.c -@@ -348,8 +348,8 @@ static inline bool xindex_is_subset(u32 link, u32 target) - int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, - struct path *new_dir, struct dentry *new_dentry) - { -- struct path link = { new_dir->mnt, new_dentry }; -- struct path target = { new_dir->mnt, old_dentry }; -+ struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry }; -+ struct path target = { .mnt = new_dir->mnt, .dentry = old_dentry }; - struct path_cond cond = { - d_backing_inode(old_dentry)->i_uid, - d_backing_inode(old_dentry)->i_mode -diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h -index c28b0f2..3b9fee0 100644 ---- a/security/apparmor/include/policy.h -+++ b/security/apparmor/include/policy.h -@@ -134,7 +134,7 @@ struct aa_namespace { - struct aa_ns_acct acct; - struct aa_profile *unconfined; - struct list_head sub_ns; -- atomic_t uniq_null; -+ atomic_unchecked_t uniq_null; - long uniq_id; - - struct dentry *dents[AAFS_NS_SIZEOF]; -diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c -index dec607c..37fe357 100644 ---- a/security/apparmor/lsm.c -+++ b/security/apparmor/lsm.c -@@ -176,7 +176,7 @@ static int common_perm_dir_dentry(int op, struct path *dir, - struct dentry *dentry, u32 mask, - struct path_cond *cond) - { -- struct path path = { dir->mnt, dentry }; -+ struct path path = { .mnt = dir->mnt, .dentry = dentry }; - - return common_perm(op, &path, mask, cond); - } -@@ -193,7 +193,7 @@ static int common_perm_dir_dentry(int op, struct path *dir, - static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, - struct dentry *dentry, u32 mask) - { -- struct path path = { mnt, dentry }; -+ struct path path = { .mnt = mnt, .dentry = dentry }; - struct path_cond cond = { d_backing_inode(dentry)->i_uid, - d_backing_inode(dentry)->i_mode - }; -@@ -315,8 +315,8 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, - - profile = aa_current_profile(); - if (!unconfined(profile)) { -- struct path old_path = { old_dir->mnt, old_dentry }; -- struct path new_path = { new_dir->mnt, new_dentry }; -+ struct path old_path = { .mnt = old_dir->mnt, .dentry = old_dentry }; -+ struct path new_path = { .mnt = new_dir->mnt, .dentry = new_dentry }; - struct path_cond cond = { d_backing_inode(old_dentry)->i_uid, - d_backing_inode(old_dentry)->i_mode - }; -@@ -677,11 +677,11 @@ static const struct kernel_param_ops param_ops_aalockpolicy = { - .get = param_get_aalockpolicy - }; - --static int param_set_audit(const char *val, struct kernel_param *kp); --static int param_get_audit(char *buffer, struct kernel_param *kp); -+static int param_set_audit(const char *val, const struct kernel_param *kp); -+static int param_get_audit(char *buffer, const struct kernel_param *kp); - --static int param_set_mode(const char *val, struct kernel_param *kp); --static int param_get_mode(char *buffer, struct kernel_param *kp); -+static int param_set_mode(const char *val, const struct kernel_param *kp); -+static int param_get_mode(char *buffer, const struct kernel_param *kp); - - /* Flag values, also controllable via /sys/module/apparmor/parameters - * We define special types as we want to do additional mediation. -@@ -791,7 +791,7 @@ static int param_get_aauint(char *buffer, const struct kernel_param *kp) - return param_get_uint(buffer, kp); - } - --static int param_get_audit(char *buffer, struct kernel_param *kp) -+static int param_get_audit(char *buffer, const struct kernel_param *kp) - { - if (!capable(CAP_MAC_ADMIN)) - return -EPERM; -@@ -802,7 +802,7 @@ static int param_get_audit(char *buffer, struct kernel_param *kp) - return sprintf(buffer, "%s", audit_mode_names[aa_g_audit]); - } - --static int param_set_audit(const char *val, struct kernel_param *kp) -+static int param_set_audit(const char *val, const struct kernel_param *kp) - { - int i; - if (!capable(CAP_MAC_ADMIN)) -@@ -824,7 +824,7 @@ static int param_set_audit(const char *val, struct kernel_param *kp) - return -EINVAL; - } - --static int param_get_mode(char *buffer, struct kernel_param *kp) -+static int param_get_mode(char *buffer, const struct kernel_param *kp) - { - if (!capable(CAP_MAC_ADMIN)) - return -EPERM; -@@ -835,7 +835,7 @@ static int param_get_mode(char *buffer, struct kernel_param *kp) - return sprintf(buffer, "%s", aa_profile_mode_names[aa_g_profile_mode]); - } - --static int param_set_mode(const char *val, struct kernel_param *kp) -+static int param_set_mode(const char *val, const struct kernel_param *kp) - { - int i; - if (!capable(CAP_MAC_ADMIN)) -diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c -index 705c287..81257f1 100644 ---- a/security/apparmor/policy.c -+++ b/security/apparmor/policy.c -@@ -298,7 +298,7 @@ static struct aa_namespace *alloc_namespace(const char *prefix, - /* ns and ns->unconfined share ns->unconfined refcount */ - ns->unconfined->ns = ns; - -- atomic_set(&ns->uniq_null, 0); -+ atomic_set_unchecked(&ns->uniq_null, 0); - - return ns; - -@@ -689,7 +689,7 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat) - { - struct aa_profile *profile = NULL; - char *name; -- int uniq = atomic_inc_return(&parent->ns->uniq_null); -+ int uniq = atomic_inc_return_unchecked(&parent->ns->uniq_null); - - /* freed below */ - name = kmalloc(strlen(parent->base.hname) + 2 + 7 + 8, GFP_KERNEL); -diff --git a/security/commoncap.c b/security/commoncap.c -index 48071ed..b805e0f 100644 ---- a/security/commoncap.c -+++ b/security/commoncap.c -@@ -438,6 +438,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data - return 0; - } - -+/* returns: -+ 1 for suid privilege -+ 2 for sgid privilege -+ 3 for fscap privilege -+*/ -+int is_privileged_binary(const struct dentry *dentry) -+{ -+ struct cpu_vfs_cap_data capdata; -+ struct inode *inode = dentry->d_inode; -+ -+ if (!inode || S_ISDIR(inode->i_mode)) -+ return 0; -+ -+ if (inode->i_mode & S_ISUID) -+ return 1; -+ if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) -+ return 2; -+ -+ if (!get_vfs_caps_from_disk(dentry, &capdata)) { -+ if (!cap_isclear(capdata.inheritable) || !cap_isclear(capdata.permitted)) -+ return 3; -+ } -+ -+ return 0; -+} -+ - /* - * Attempt to get the on-exec apply capability sets for an executable file from - * its xattrs and, if present, apply them to the proposed credentials being -@@ -628,6 +654,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) - const struct cred *cred = current_cred(); - kuid_t root_uid = make_kuid(cred->user_ns, 0); - -+ if (gr_acl_enable_at_secure()) -+ return 1; -+ - if (!uid_eq(cred->uid, root_uid)) { - if (bprm->cap_effective) - return 1; -diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h -index 585af61..b7d35ff 100644 ---- a/security/integrity/ima/ima.h -+++ b/security/integrity/ima/ima.h -@@ -125,8 +125,8 @@ int ima_init_template(void); - extern spinlock_t ima_queue_lock; - - struct ima_h_table { -- atomic_long_t len; /* number of stored measurements in the list */ -- atomic_long_t violations; -+ atomic_long_unchecked_t len; /* number of stored measurements in the list */ -+ atomic_long_unchecked_t violations; - struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE]; - }; - extern struct ima_h_table ima_htable; -diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c -index 1d950fb..a8f4eab 100644 ---- a/security/integrity/ima/ima_api.c -+++ b/security/integrity/ima/ima_api.c -@@ -137,7 +137,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, - int result; - - /* can overflow, only indicator */ -- atomic_long_inc(&ima_htable.violations); -+ atomic_long_inc_unchecked(&ima_htable.violations); - - result = ima_alloc_init_template(&event_data, &entry); - if (result < 0) { -diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c -index f355231..c71f640 100644 ---- a/security/integrity/ima/ima_fs.c -+++ b/security/integrity/ima/ima_fs.c -@@ -30,12 +30,12 @@ static DEFINE_MUTEX(ima_write_mutex); - static int valid_policy = 1; - #define TMPBUFLEN 12 - static ssize_t ima_show_htable_value(char __user *buf, size_t count, -- loff_t *ppos, atomic_long_t *val) -+ loff_t *ppos, atomic_long_unchecked_t *val) - { - char tmpbuf[TMPBUFLEN]; - ssize_t len; - -- len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read(val)); -+ len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read_unchecked(val)); - return simple_read_from_buffer(buf, count, ppos, tmpbuf, len); - } - -diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c -index 552705d..9920f4fb 100644 ---- a/security/integrity/ima/ima_queue.c -+++ b/security/integrity/ima/ima_queue.c -@@ -83,7 +83,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry) - INIT_LIST_HEAD(&qe->later); - list_add_tail_rcu(&qe->later, &ima_measurements); - -- atomic_long_inc(&ima_htable.len); -+ atomic_long_inc_unchecked(&ima_htable.len); - key = ima_hash_key(entry->digest); - hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]); - return 0; -diff --git a/security/keys/internal.h b/security/keys/internal.h -index 5105c2c..a5010e6 100644 ---- a/security/keys/internal.h -+++ b/security/keys/internal.h -@@ -90,12 +90,16 @@ extern void key_type_put(struct key_type *ktype); - - extern int __key_link_begin(struct key *keyring, - const struct keyring_index_key *index_key, -- struct assoc_array_edit **_edit); -+ struct assoc_array_edit **_edit) -+ __acquires(&keyring->sem) -+ __acquires(&keyring_serialise_link_sem); - extern int __key_link_check_live_key(struct key *keyring, struct key *key); - extern void __key_link(struct key *key, struct assoc_array_edit **_edit); - extern void __key_link_end(struct key *keyring, - const struct keyring_index_key *index_key, -- struct assoc_array_edit *edit); -+ struct assoc_array_edit *edit) -+ __releases(&keyring->sem) -+ __releases(&keyring_serialise_link_sem); - - extern key_ref_t find_key_to_update(key_ref_t keyring_ref, - const struct keyring_index_key *index_key); -@@ -191,7 +195,7 @@ struct request_key_auth { - void *callout_info; - size_t callout_len; - pid_t pid; --}; -+} __randomize_layout; - - extern struct key_type key_type_request_key_auth; - extern struct key *request_key_auth_new(struct key *target, -diff --git a/security/keys/key.c b/security/keys/key.c -index 09ef276..ab2894f 100644 ---- a/security/keys/key.c -+++ b/security/keys/key.c -@@ -283,7 +283,7 @@ struct key *key_alloc(struct key_type *type, const char *desc, - - atomic_set(&key->usage, 1); - init_rwsem(&key->sem); -- lockdep_set_class(&key->sem, &type->lock_class); -+ lockdep_set_class(&key->sem, (struct lock_class_key *)&type->lock_class); - key->index_key.type = type; - key->user = user; - key->quotalen = quotalen; -@@ -1077,7 +1077,9 @@ int register_key_type(struct key_type *ktype) - struct key_type *p; - int ret; - -- memset(&ktype->lock_class, 0, sizeof(ktype->lock_class)); -+ pax_open_kernel(); -+ memset((void *)&ktype->lock_class, 0, sizeof(ktype->lock_class)); -+ pax_close_kernel(); - - ret = -EEXIST; - down_write(&key_types_sem); -@@ -1089,7 +1091,7 @@ int register_key_type(struct key_type *ktype) - } - - /* store the type */ -- list_add(&ktype->link, &key_types_list); -+ pax_list_add((struct list_head *)&ktype->link, &key_types_list); - - pr_notice("Key type %s registered\n", ktype->name); - ret = 0; -@@ -1111,7 +1113,7 @@ EXPORT_SYMBOL(register_key_type); - void unregister_key_type(struct key_type *ktype) - { - down_write(&key_types_sem); -- list_del_init(&ktype->link); -+ pax_list_del_init((struct list_head *)&ktype->link); - downgrade_write(&key_types_sem); - key_gc_keytype(ktype); - pr_notice("Key type %s unregistered\n", ktype->name); -@@ -1129,10 +1131,10 @@ void __init key_init(void) - 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); - - /* add the special key types */ -- list_add_tail(&key_type_keyring.link, &key_types_list); -- list_add_tail(&key_type_dead.link, &key_types_list); -- list_add_tail(&key_type_user.link, &key_types_list); -- list_add_tail(&key_type_logon.link, &key_types_list); -+ pax_list_add_tail((struct list_head *)&key_type_keyring.link, &key_types_list); -+ pax_list_add_tail((struct list_head *)&key_type_dead.link, &key_types_list); -+ pax_list_add_tail((struct list_head *)&key_type_user.link, &key_types_list); -+ pax_list_add_tail((struct list_head *)&key_type_logon.link, &key_types_list); - - /* record the root user tracking */ - rb_link_node(&root_key_user.node, -diff --git a/security/keys/keyring.c b/security/keys/keyring.c -index f931ccf..ed9cd36 100644 ---- a/security/keys/keyring.c -+++ b/security/keys/keyring.c -@@ -1071,8 +1071,6 @@ static int keyring_detect_cycle(struct key *A, struct key *B) - int __key_link_begin(struct key *keyring, - const struct keyring_index_key *index_key, - struct assoc_array_edit **_edit) -- __acquires(&keyring->sem) -- __acquires(&keyring_serialise_link_sem) - { - struct assoc_array_edit *edit; - int ret; -@@ -1172,8 +1170,6 @@ void __key_link(struct key *key, struct assoc_array_edit **_edit) - void __key_link_end(struct key *keyring, - const struct keyring_index_key *index_key, - struct assoc_array_edit *edit) -- __releases(&keyring->sem) -- __releases(&keyring_serialise_link_sem) - { - BUG_ON(index_key->type == NULL); - kenter("%d,%s,", keyring->serial, index_key->type->name); -diff --git a/security/min_addr.c b/security/min_addr.c -index f728728..6457a0c 100644 ---- a/security/min_addr.c -+++ b/security/min_addr.c -@@ -14,6 +14,7 @@ unsigned long dac_mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR; - */ - static void update_mmap_min_addr(void) - { -+#ifndef SPARC - #ifdef CONFIG_LSM_MMAP_MIN_ADDR - if (dac_mmap_min_addr > CONFIG_LSM_MMAP_MIN_ADDR) - mmap_min_addr = dac_mmap_min_addr; -@@ -22,6 +23,7 @@ static void update_mmap_min_addr(void) - #else - mmap_min_addr = dac_mmap_min_addr; - #endif -+#endif - } - - /* -diff --git a/security/selinux/avc.c b/security/selinux/avc.c -index e60c79d..41fb721 100644 ---- a/security/selinux/avc.c -+++ b/security/selinux/avc.c -@@ -71,7 +71,7 @@ struct avc_xperms_node { - struct avc_cache { - struct hlist_head slots[AVC_CACHE_SLOTS]; /* head for avc_node->list */ - spinlock_t slots_lock[AVC_CACHE_SLOTS]; /* lock for writes */ -- atomic_t lru_hint; /* LRU hint for reclaim scan */ -+ atomic_unchecked_t lru_hint; /* LRU hint for reclaim scan */ - atomic_t active_nodes; - u32 latest_notif; /* latest revocation notification */ - }; -@@ -183,7 +183,7 @@ void __init avc_init(void) - spin_lock_init(&avc_cache.slots_lock[i]); - } - atomic_set(&avc_cache.active_nodes, 0); -- atomic_set(&avc_cache.lru_hint, 0); -+ atomic_set_unchecked(&avc_cache.lru_hint, 0); - - avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node), - 0, SLAB_PANIC, NULL); -@@ -521,7 +521,7 @@ static inline int avc_reclaim_node(void) - spinlock_t *lock; - - for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) { -- hvalue = atomic_inc_return(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1); -+ hvalue = atomic_inc_return_unchecked(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1); - head = &avc_cache.slots[hvalue]; - lock = &avc_cache.slots_lock[hvalue]; - -diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h -index 1450f85..a91e0bc 100644 ---- a/security/selinux/include/xfrm.h -+++ b/security/selinux/include/xfrm.h -@@ -48,7 +48,7 @@ static inline void selinux_xfrm_notify_policyload(void) - - rtnl_lock(); - for_each_net(net) { -- atomic_inc(&net->xfrm.flow_cache_genid); -+ atomic_inc_unchecked(&net->xfrm.flow_cache_genid); - rt_genid_bump_all(net); - } - rtnl_unlock(); -diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c -index 2367b10..a0c3c51 100644 ---- a/security/tomoyo/file.c -+++ b/security/tomoyo/file.c -@@ -692,7 +692,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path, - { - struct tomoyo_request_info r; - struct tomoyo_obj_info obj = { -- .path1 = *path, -+ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, - }; - int error = -ENOMEM; - struct tomoyo_path_info buf; -@@ -740,7 +740,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, - struct tomoyo_path_info buf; - struct tomoyo_request_info r; - struct tomoyo_obj_info obj = { -- .path1 = *path, -+ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, - }; - int idx; - -@@ -786,7 +786,7 @@ int tomoyo_path_perm(const u8 operation, const struct path *path, const char *ta - { - struct tomoyo_request_info r; - struct tomoyo_obj_info obj = { -- .path1 = *path, -+ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, - }; - int error; - struct tomoyo_path_info buf; -@@ -843,7 +843,7 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path, - { - struct tomoyo_request_info r; - struct tomoyo_obj_info obj = { -- .path1 = *path, -+ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, - }; - int error = -ENOMEM; - struct tomoyo_path_info buf; -@@ -890,8 +890,8 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1, - struct tomoyo_path_info buf2; - struct tomoyo_request_info r; - struct tomoyo_obj_info obj = { -- .path1 = *path1, -- .path2 = *path2, -+ .path1 = { .mnt = path1->mnt, .dentry = path1->dentry }, -+ .path2 = { .mnt = path2->mnt, .dentry = path2->dentry } - }; - int idx; - -diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c -index 390c646..f2f8db3 100644 ---- a/security/tomoyo/mount.c -+++ b/security/tomoyo/mount.c -@@ -118,6 +118,10 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, - type == tomoyo_mounts[TOMOYO_MOUNT_MOVE]) { - need_dev = -1; /* dev_name is a directory */ - } else { -+ if (!capable(CAP_SYS_ADMIN)) { -+ error = -EPERM; -+ goto out; -+ } - fstype = get_fs_type(type); - if (!fstype) { - error = -ENODEV; -diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c -index cbf3df4..22b11df 100644 ---- a/security/tomoyo/tomoyo.c -+++ b/security/tomoyo/tomoyo.c -@@ -165,7 +165,7 @@ static int tomoyo_path_truncate(struct path *path) - */ - static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) - { -- struct path path = { parent->mnt, dentry }; -+ struct path path = { .mnt = parent->mnt, .dentry = dentry }; - return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL); - } - -@@ -181,7 +181,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) - static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, - umode_t mode) - { -- struct path path = { parent->mnt, dentry }; -+ struct path path = { .mnt = parent->mnt, .dentry = dentry }; - return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path, - mode & S_IALLUGO); - } -@@ -196,7 +196,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, - */ - static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) - { -- struct path path = { parent->mnt, dentry }; -+ struct path path = { .mnt = parent->mnt, .dentry = dentry }; - return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL); - } - -@@ -212,7 +212,7 @@ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) - static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, - const char *old_name) - { -- struct path path = { parent->mnt, dentry }; -+ struct path path = { .mnt = parent->mnt, .dentry = dentry }; - return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name); - } - -@@ -229,7 +229,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, - static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, - umode_t mode, unsigned int dev) - { -- struct path path = { parent->mnt, dentry }; -+ struct path path = { .mnt = parent->mnt, .dentry = dentry }; - int type = TOMOYO_TYPE_CREATE; - const unsigned int perm = mode & S_IALLUGO; - -@@ -268,8 +268,8 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, - static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, - struct dentry *new_dentry) - { -- struct path path1 = { new_dir->mnt, old_dentry }; -- struct path path2 = { new_dir->mnt, new_dentry }; -+ struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry }; -+ struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry }; - return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2); - } - -@@ -288,8 +288,8 @@ static int tomoyo_path_rename(struct path *old_parent, - struct path *new_parent, - struct dentry *new_dentry) - { -- struct path path1 = { old_parent->mnt, old_dentry }; -- struct path path2 = { new_parent->mnt, new_dentry }; -+ struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry }; -+ struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry }; - return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2); - } - -@@ -417,7 +417,7 @@ static int tomoyo_sb_mount(const char *dev_name, struct path *path, - */ - static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) - { -- struct path path = { mnt, mnt->mnt_root }; -+ struct path path = { .mnt = mnt, .dentry = mnt->mnt_root }; - return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL); - } - -diff --git a/security/yama/Kconfig b/security/yama/Kconfig -index 90c605e..bf3a29a 100644 ---- a/security/yama/Kconfig -+++ b/security/yama/Kconfig -@@ -1,6 +1,6 @@ - config SECURITY_YAMA - bool "Yama support" -- depends on SECURITY -+ depends on SECURITY && !GRKERNSEC - default n - help - This selects Yama, which extends DAC support with additional -diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c -index cb6ed10..fb00554 100644 ---- a/security/yama/yama_lsm.c -+++ b/security/yama/yama_lsm.c -@@ -357,7 +357,7 @@ static struct security_hook_list yama_hooks[] = { - static int yama_dointvec_minmax(struct ctl_table *table, int write, - void __user *buffer, size_t *lenp, loff_t *ppos) - { -- struct ctl_table table_copy; -+ ctl_table_no_const table_copy; - - if (write && !capable(CAP_SYS_PTRACE)) - return -EPERM; -diff --git a/sound/aoa/codecs/onyx.c b/sound/aoa/codecs/onyx.c -index a04edff..6811b91 100644 ---- a/sound/aoa/codecs/onyx.c -+++ b/sound/aoa/codecs/onyx.c -@@ -54,7 +54,7 @@ struct onyx { - spdif_locked:1, - analog_locked:1, - original_mute:2; -- int open_count; -+ local_t open_count; - struct codec_info *codec_info; - - /* mutex serializes concurrent access to the device -@@ -747,7 +747,7 @@ static int onyx_open(struct codec_info_item *cii, - struct onyx *onyx = cii->codec_data; - - mutex_lock(&onyx->mutex); -- onyx->open_count++; -+ local_inc(&onyx->open_count); - mutex_unlock(&onyx->mutex); - - return 0; -@@ -759,8 +759,7 @@ static int onyx_close(struct codec_info_item *cii, - struct onyx *onyx = cii->codec_data; - - mutex_lock(&onyx->mutex); -- onyx->open_count--; -- if (!onyx->open_count) -+ if (local_dec_and_test(&onyx->open_count)) - onyx->spdif_locked = onyx->analog_locked = 0; - mutex_unlock(&onyx->mutex); - -diff --git a/sound/aoa/codecs/onyx.h b/sound/aoa/codecs/onyx.h -index ffd2025..df062c9 100644 ---- a/sound/aoa/codecs/onyx.h -+++ b/sound/aoa/codecs/onyx.h -@@ -11,6 +11,7 @@ - #include <linux/i2c.h> - #include <asm/pmac_low_i2c.h> - #include <asm/prom.h> -+#include <asm/local.h> - - /* PCM3052 register definitions */ - -diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c -index ebc9fdf..61f491e 100644 ---- a/sound/core/oss/pcm_oss.c -+++ b/sound/core/oss/pcm_oss.c -@@ -1193,10 +1193,10 @@ snd_pcm_sframes_t snd_pcm_oss_write3(struct snd_pcm_substream *substream, const - if (in_kernel) { - mm_segment_t fs; - fs = snd_enter_user(); -- ret = snd_pcm_lib_write(substream, (void __force __user *)ptr, frames); -+ ret = snd_pcm_lib_write(substream, (void __force_user *)ptr, frames); - snd_leave_user(fs); - } else { -- ret = snd_pcm_lib_write(substream, (void __force __user *)ptr, frames); -+ ret = snd_pcm_lib_write(substream, (void __force_user *)ptr, frames); - } - if (ret != -EPIPE && ret != -ESTRPIPE) - break; -@@ -1236,10 +1236,10 @@ snd_pcm_sframes_t snd_pcm_oss_read3(struct snd_pcm_substream *substream, char *p - if (in_kernel) { - mm_segment_t fs; - fs = snd_enter_user(); -- ret = snd_pcm_lib_read(substream, (void __force __user *)ptr, frames); -+ ret = snd_pcm_lib_read(substream, (void __force_user *)ptr, frames); - snd_leave_user(fs); - } else { -- ret = snd_pcm_lib_read(substream, (void __force __user *)ptr, frames); -+ ret = snd_pcm_lib_read(substream, (void __force_user *)ptr, frames); - } - if (ret == -EPIPE) { - if (runtime->status->state == SNDRV_PCM_STATE_DRAINING) { -@@ -1335,7 +1335,7 @@ static ssize_t snd_pcm_oss_write2(struct snd_pcm_substream *substream, const cha - struct snd_pcm_plugin_channel *channels; - size_t oss_frame_bytes = (runtime->oss.plugin_first->src_width * runtime->oss.plugin_first->src_format.channels) / 8; - if (!in_kernel) { -- if (copy_from_user(runtime->oss.buffer, (const char __force __user *)buf, bytes)) -+ if (copy_from_user(runtime->oss.buffer, (const char __force_user *)buf, bytes)) - return -EFAULT; - buf = runtime->oss.buffer; - } -@@ -1405,7 +1405,7 @@ static ssize_t snd_pcm_oss_write1(struct snd_pcm_substream *substream, const cha - } - } else { - tmp = snd_pcm_oss_write2(substream, -- (const char __force *)buf, -+ (const char __force_kernel *)buf, - runtime->oss.period_bytes, 0); - if (tmp <= 0) - goto err; -@@ -1431,7 +1431,7 @@ static ssize_t snd_pcm_oss_read2(struct snd_pcm_substream *substream, char *buf, - struct snd_pcm_runtime *runtime = substream->runtime; - snd_pcm_sframes_t frames, frames1; - #ifdef CONFIG_SND_PCM_OSS_PLUGINS -- char __user *final_dst = (char __force __user *)buf; -+ char __user *final_dst = (char __force_user *)buf; - if (runtime->oss.plugin_first) { - struct snd_pcm_plugin_channel *channels; - size_t oss_frame_bytes = (runtime->oss.plugin_last->dst_width * runtime->oss.plugin_last->dst_format.channels) / 8; -@@ -1493,7 +1493,7 @@ static ssize_t snd_pcm_oss_read1(struct snd_pcm_substream *substream, char __use - xfer += tmp; - runtime->oss.buffer_used -= tmp; - } else { -- tmp = snd_pcm_oss_read2(substream, (char __force *)buf, -+ tmp = snd_pcm_oss_read2(substream, (char __force_kernel *)buf, - runtime->oss.period_bytes, 0); - if (tmp <= 0) - goto err; -@@ -1662,7 +1662,7 @@ static int snd_pcm_oss_sync(struct snd_pcm_oss_file *pcm_oss_file) - size1); - size1 /= runtime->channels; /* frames */ - fs = snd_enter_user(); -- snd_pcm_lib_write(substream, (void __force __user *)runtime->oss.buffer, size1); -+ snd_pcm_lib_write(substream, (void __force_user *)runtime->oss.buffer, size1); - snd_leave_user(fs); - } - } else if (runtime->access == SNDRV_PCM_ACCESS_RW_NONINTERLEAVED) { -diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c -index 1f64ab0..26a7233 100644 ---- a/sound/core/pcm_compat.c -+++ b/sound/core/pcm_compat.c -@@ -31,7 +31,7 @@ static int snd_pcm_ioctl_delay_compat(struct snd_pcm_substream *substream, - int err; - - fs = snd_enter_user(); -- err = snd_pcm_delay(substream, &delay); -+ err = snd_pcm_delay(substream, (snd_pcm_sframes_t __force_user *)&delay); - snd_leave_user(fs); - if (err < 0) - return err; -diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c -index 3a9b66c..2b38b21 100644 ---- a/sound/core/pcm_lib.c -+++ b/sound/core/pcm_lib.c -@@ -1867,8 +1867,9 @@ EXPORT_SYMBOL(snd_pcm_lib_ioctl); - * Even if more than one periods have elapsed since the last call, you - * have to call this only once. - */ --void snd_pcm_period_elapsed(struct snd_pcm_substream *substream) -+void snd_pcm_period_elapsed(void *_substream) - { -+ struct snd_pcm_substream *substream = _substream; - struct snd_pcm_runtime *runtime; - unsigned long flags; - -diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c -index 9106d8e..e7e2e3c 100644 ---- a/sound/core/pcm_native.c -+++ b/sound/core/pcm_native.c -@@ -3014,11 +3014,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, - switch (substream->stream) { - case SNDRV_PCM_STREAM_PLAYBACK: - result = snd_pcm_playback_ioctl1(NULL, substream, cmd, -- (void __user *)arg); -+ (void __force_user *)arg); - break; - case SNDRV_PCM_STREAM_CAPTURE: - result = snd_pcm_capture_ioctl1(NULL, substream, cmd, -- (void __user *)arg); -+ (void __force_user *)arg); - break; - default: - result = -EINVAL; -diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c -index 795437b..3650746 100644 ---- a/sound/core/rawmidi.c -+++ b/sound/core/rawmidi.c -@@ -871,9 +871,10 @@ static int snd_rawmidi_control_ioctl(struct snd_card *card, - * - * Return: The size of read data, or a negative error code on failure. - */ --int snd_rawmidi_receive(struct snd_rawmidi_substream *substream, -- const unsigned char *buffer, int count) -+int snd_rawmidi_receive(void *_substream, const void *_buffer, int count) - { -+ struct snd_rawmidi_substream *substream = _substream; -+ const unsigned char *buffer = _buffer; - unsigned long flags; - int result = 0, count1; - struct snd_rawmidi_runtime *runtime = substream->runtime; -diff --git a/sound/core/seq/oss/seq_oss_synth.c b/sound/core/seq/oss/seq_oss_synth.c -index b16dbef04..8eb05a4 100644 ---- a/sound/core/seq/oss/seq_oss_synth.c -+++ b/sound/core/seq/oss/seq_oss_synth.c -@@ -653,8 +653,8 @@ snd_seq_oss_synth_info_read(struct snd_info_buffer *buf) - rec->synth_type, rec->synth_subtype, - rec->nr_voices); - snd_iprintf(buf, " capabilities : ioctl %s / load_patch %s\n", -- enabled_str((long)rec->oper.ioctl), -- enabled_str((long)rec->oper.load_patch)); -+ enabled_str(!!rec->oper.ioctl), -+ enabled_str(!!rec->oper.load_patch)); - snd_use_lock_free(&rec->use_lock); - } - } -diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c -index 58e79e0..19751d1 100644 ---- a/sound/core/seq/seq_clientmgr.c -+++ b/sound/core/seq/seq_clientmgr.c -@@ -416,7 +416,7 @@ static ssize_t snd_seq_read(struct file *file, char __user *buf, size_t count, - if (!client->accept_input || (fifo = client->data.user.fifo) == NULL) - return -ENXIO; - -- if (atomic_read(&fifo->overflow) > 0) { -+ if (atomic_read_unchecked(&fifo->overflow) > 0) { - /* buffer overflow is detected */ - snd_seq_fifo_clear(fifo); - /* return error code */ -@@ -446,7 +446,7 @@ static ssize_t snd_seq_read(struct file *file, char __user *buf, size_t count, - count -= sizeof(struct snd_seq_event); - buf += sizeof(struct snd_seq_event); - err = snd_seq_expand_var_event(&cell->event, count, -- (char __force *)buf, 0, -+ (char __force_kernel *)buf, 0, - sizeof(struct snd_seq_event)); - if (err < 0) - break; -@@ -1062,13 +1062,13 @@ static ssize_t snd_seq_write(struct file *file, const char __user *buf, - } - /* set user space pointer */ - event.data.ext.len = extlen | SNDRV_SEQ_EXT_USRPTR; -- event.data.ext.ptr = (char __force *)buf -+ event.data.ext.ptr = (char __force_kernel *)buf - + sizeof(struct snd_seq_event); - len += extlen; /* increment data length */ - } else { - #ifdef CONFIG_COMPAT - if (client->convert32 && snd_seq_ev_is_varusr(&event)) { -- void *ptr = (void __force *)compat_ptr(event.data.raw32.d[1]); -+ void *ptr = (void __force_kernel *)compat_ptr(event.data.raw32.d[1]); - event.data.ext.ptr = ptr; - } - #endif -@@ -2423,7 +2423,7 @@ int snd_seq_kernel_client_ctl(int clientid, unsigned int cmd, void *arg) - if (client == NULL) - return -ENXIO; - fs = snd_enter_user(); -- result = snd_seq_do_ioctl(client, cmd, (void __force __user *)arg); -+ result = snd_seq_do_ioctl(client, cmd, (void __force_user *)arg); - snd_leave_user(fs); - return result; - } -diff --git a/sound/core/seq/seq_compat.c b/sound/core/seq/seq_compat.c -index 6517590..9905cee 100644 ---- a/sound/core/seq/seq_compat.c -+++ b/sound/core/seq/seq_compat.c -@@ -60,7 +60,7 @@ static int snd_seq_call_port_info_ioctl(struct snd_seq_client *client, unsigned - data->kernel = NULL; - - fs = snd_enter_user(); -- err = snd_seq_do_ioctl(client, cmd, data); -+ err = snd_seq_do_ioctl(client, cmd, (void __force_user *)data); - snd_leave_user(fs); - if (err < 0) - goto error; -diff --git a/sound/core/seq/seq_fifo.c b/sound/core/seq/seq_fifo.c -index 1d5acbe..5f55223 100644 ---- a/sound/core/seq/seq_fifo.c -+++ b/sound/core/seq/seq_fifo.c -@@ -50,7 +50,7 @@ struct snd_seq_fifo *snd_seq_fifo_new(int poolsize) - spin_lock_init(&f->lock); - snd_use_lock_init(&f->use_lock); - init_waitqueue_head(&f->input_sleep); -- atomic_set(&f->overflow, 0); -+ atomic_set_unchecked(&f->overflow, 0); - - f->head = NULL; - f->tail = NULL; -@@ -96,7 +96,7 @@ void snd_seq_fifo_clear(struct snd_seq_fifo *f) - unsigned long flags; - - /* clear overflow flag */ -- atomic_set(&f->overflow, 0); -+ atomic_set_unchecked(&f->overflow, 0); - - snd_use_lock_sync(&f->use_lock); - spin_lock_irqsave(&f->lock, flags); -@@ -123,7 +123,7 @@ int snd_seq_fifo_event_in(struct snd_seq_fifo *f, - err = snd_seq_event_dup(f->pool, event, &cell, 1, NULL); /* always non-blocking */ - if (err < 0) { - if ((err == -ENOMEM) || (err == -EAGAIN)) -- atomic_inc(&f->overflow); -+ atomic_inc_unchecked(&f->overflow); - snd_use_lock_free(&f->use_lock); - return err; - } -diff --git a/sound/core/seq/seq_fifo.h b/sound/core/seq/seq_fifo.h -index 062c446..a4b6f4c 100644 ---- a/sound/core/seq/seq_fifo.h -+++ b/sound/core/seq/seq_fifo.h -@@ -35,7 +35,7 @@ struct snd_seq_fifo { - spinlock_t lock; - snd_use_lock_t use_lock; - wait_queue_head_t input_sleep; -- atomic_t overflow; -+ atomic_unchecked_t overflow; - - }; - -diff --git a/sound/core/seq/seq_memory.c b/sound/core/seq/seq_memory.c -index c850345..ec0a853 100644 ---- a/sound/core/seq/seq_memory.c -+++ b/sound/core/seq/seq_memory.c -@@ -87,7 +87,7 @@ int snd_seq_dump_var_event(const struct snd_seq_event *event, - - if (event->data.ext.len & SNDRV_SEQ_EXT_USRPTR) { - char buf[32]; -- char __user *curptr = (char __force __user *)event->data.ext.ptr; -+ char __user *curptr = (char __force_user *)event->data.ext.ptr; - while (len > 0) { - int size = sizeof(buf); - if (len < size) -@@ -126,15 +126,19 @@ EXPORT_SYMBOL(snd_seq_dump_var_event); - * expand the variable length event to linear buffer space. - */ - --static int seq_copy_in_kernel(char **bufptr, const void *src, int size) -+static int seq_copy_in_kernel(void *_bufptr, const void *src, int size) - { -+ char **bufptr = (char **)_bufptr; -+ - memcpy(*bufptr, src, size); - *bufptr += size; - return 0; - } - --static int seq_copy_in_user(char __user **bufptr, const void *src, int size) -+static int seq_copy_in_user(void *_bufptr, const void *src, int size) - { -+ char __user **bufptr = (char __user **)_bufptr; -+ - if (copy_to_user(*bufptr, src, size)) - return -EFAULT; - *bufptr += size; -@@ -158,13 +162,13 @@ int snd_seq_expand_var_event(const struct snd_seq_event *event, int count, char - if (event->data.ext.len & SNDRV_SEQ_EXT_USRPTR) { - if (! in_kernel) - return -EINVAL; -- if (copy_from_user(buf, (void __force __user *)event->data.ext.ptr, len)) -+ if (copy_from_user(buf, (void __force_user *)event->data.ext.ptr, len)) - return -EFAULT; - return newlen; - } - err = snd_seq_dump_var_event(event, -- in_kernel ? (snd_seq_dump_func_t)seq_copy_in_kernel : -- (snd_seq_dump_func_t)seq_copy_in_user, -+ in_kernel ? seq_copy_in_kernel : -+ seq_copy_in_user, - &buf); - return err < 0 ? err : newlen; - } -@@ -344,7 +348,7 @@ int snd_seq_event_dup(struct snd_seq_pool *pool, struct snd_seq_event *event, - tmp->event = src->event; - src = src->next; - } else if (is_usrptr) { -- if (copy_from_user(&tmp->event, (char __force __user *)buf, size)) { -+ if (copy_from_user(&tmp->event, (char __force_user *)buf, size)) { - err = -EFAULT; - goto __error; - } -diff --git a/sound/core/seq/seq_midi.c b/sound/core/seq/seq_midi.c -index 5dd0ee2..0208e35 100644 ---- a/sound/core/seq/seq_midi.c -+++ b/sound/core/seq/seq_midi.c -@@ -111,8 +111,9 @@ static void snd_midi_input_event(struct snd_rawmidi_substream *substream) - } - } - --static int dump_midi(struct snd_rawmidi_substream *substream, const char *buf, int count) -+static int dump_midi(void *_substream, const void *buf, int count) - { -+ struct snd_rawmidi_substream *substream = _substream; - struct snd_rawmidi_runtime *runtime; - int tmp; - -@@ -148,7 +149,7 @@ static int event_process_midi(struct snd_seq_event *ev, int direct, - pr_debug("ALSA: seq_midi: invalid sysex event flags = 0x%x\n", ev->flags); - return 0; - } -- snd_seq_dump_var_event(ev, (snd_seq_dump_func_t)dump_midi, substream); -+ snd_seq_dump_var_event(ev, dump_midi, substream); - snd_midi_event_reset_decode(msynth->parser); - } else { - if (msynth->parser == NULL) -diff --git a/sound/core/seq/seq_virmidi.c b/sound/core/seq/seq_virmidi.c -index c82ed3e..e11d039 100644 ---- a/sound/core/seq/seq_virmidi.c -+++ b/sound/core/seq/seq_virmidi.c -@@ -90,7 +90,7 @@ static int snd_virmidi_dev_receive_event(struct snd_virmidi_dev *rdev, - if (ev->type == SNDRV_SEQ_EVENT_SYSEX) { - if ((ev->flags & SNDRV_SEQ_EVENT_LENGTH_MASK) != SNDRV_SEQ_EVENT_LENGTH_VARIABLE) - continue; -- snd_seq_dump_var_event(ev, (snd_seq_dump_func_t)snd_rawmidi_receive, vmidi->substream); -+ snd_seq_dump_var_event(ev, snd_rawmidi_receive, vmidi->substream); - } else { - len = snd_midi_event_decode(vmidi->parser, msg, sizeof(msg), ev); - if (len > 0) -diff --git a/sound/core/sound.c b/sound/core/sound.c -index 175f9e4..3518d31 100644 ---- a/sound/core/sound.c -+++ b/sound/core/sound.c -@@ -86,7 +86,7 @@ static void snd_request_other(int minor) - case SNDRV_MINOR_TIMER: str = "snd-timer"; break; - default: return; - } -- request_module(str); -+ request_module("%s", str); - } - - #endif /* modular kernel */ -diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c -index 2a008a9..a1efb3f 100644 ---- a/sound/drivers/mts64.c -+++ b/sound/drivers/mts64.c -@@ -29,6 +29,7 @@ - #include <sound/initval.h> - #include <sound/rawmidi.h> - #include <sound/control.h> -+#include <asm/local.h> - - #define CARD_NAME "Miditerminal 4140" - #define DRIVER_NAME "MTS64" -@@ -67,7 +68,7 @@ struct mts64 { - struct pardevice *pardev; - int pardev_claimed; - -- int open_count; -+ local_t open_count; - int current_midi_output_port; - int current_midi_input_port; - u8 mode[MTS64_NUM_INPUT_PORTS]; -@@ -687,7 +688,7 @@ static int snd_mts64_rawmidi_open(struct snd_rawmidi_substream *substream) - { - struct mts64 *mts = substream->rmidi->private_data; - -- if (mts->open_count == 0) { -+ if (local_read(&mts->open_count) == 0) { - /* We don't need a spinlock here, because this is just called - if the device has not been opened before. - So there aren't any IRQs from the device */ -@@ -695,7 +696,7 @@ static int snd_mts64_rawmidi_open(struct snd_rawmidi_substream *substream) - - msleep(50); - } -- ++(mts->open_count); -+ local_inc(&mts->open_count); - - return 0; - } -@@ -705,8 +706,7 @@ static int snd_mts64_rawmidi_close(struct snd_rawmidi_substream *substream) - struct mts64 *mts = substream->rmidi->private_data; - unsigned long flags; - -- --(mts->open_count); -- if (mts->open_count == 0) { -+ if (local_dec_return(&mts->open_count) == 0) { - /* We need the spinlock_irqsave here because we can still - have IRQs at this point */ - spin_lock_irqsave(&mts->lock, flags); -@@ -715,8 +715,8 @@ static int snd_mts64_rawmidi_close(struct snd_rawmidi_substream *substream) - - msleep(500); - -- } else if (mts->open_count < 0) -- mts->open_count = 0; -+ } else if (local_read(&mts->open_count) < 0) -+ local_set(&mts->open_count, 0); - - return 0; - } -diff --git a/sound/drivers/opl4/opl4_lib.c b/sound/drivers/opl4/opl4_lib.c -index 89c7aa0..6d75e49 100644 ---- a/sound/drivers/opl4/opl4_lib.c -+++ b/sound/drivers/opl4/opl4_lib.c -@@ -29,7 +29,7 @@ MODULE_AUTHOR("Clemens Ladisch <clemens@ladisch.de>"); - MODULE_DESCRIPTION("OPL4 driver"); - MODULE_LICENSE("GPL"); - --static void inline snd_opl4_wait(struct snd_opl4 *opl4) -+static inline void snd_opl4_wait(struct snd_opl4 *opl4) - { - int timeout = 10; - while ((inb(opl4->fm_port) & OPL4_STATUS_BUSY) && --timeout > 0) -diff --git a/sound/drivers/portman2x4.c b/sound/drivers/portman2x4.c -index 464385a..46ab3f6 100644 ---- a/sound/drivers/portman2x4.c -+++ b/sound/drivers/portman2x4.c -@@ -48,6 +48,7 @@ - #include <sound/initval.h> - #include <sound/rawmidi.h> - #include <sound/control.h> -+#include <asm/local.h> - - #define CARD_NAME "Portman 2x4" - #define DRIVER_NAME "portman" -@@ -85,7 +86,7 @@ struct portman { - struct pardevice *pardev; - int pardev_claimed; - -- int open_count; -+ local_t open_count; - int mode[PORTMAN_NUM_INPUT_PORTS]; - struct snd_rawmidi_substream *midi_input[PORTMAN_NUM_INPUT_PORTS]; - }; -diff --git a/sound/firewire/amdtp-am824.c b/sound/firewire/amdtp-am824.c -index bebddc6..f5976be 100644 ---- a/sound/firewire/amdtp-am824.c -+++ b/sound/firewire/amdtp-am824.c -@@ -314,7 +314,7 @@ void amdtp_am824_midi_trigger(struct amdtp_stream *s, unsigned int port, - struct amdtp_am824 *p = s->protocol; - - if (port < p->midi_ports) -- ACCESS_ONCE(p->midi[port]) = midi; -+ ACCESS_ONCE_RW(p->midi[port]) = midi; - } - EXPORT_SYMBOL_GPL(amdtp_am824_midi_trigger); - -diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c -index ed29026..933d2ae 100644 ---- a/sound/firewire/amdtp-stream.c -+++ b/sound/firewire/amdtp-stream.c -@@ -344,7 +344,7 @@ static void update_pcm_pointers(struct amdtp_stream *s, - ptr = s->pcm_buffer_pointer + frames; - if (ptr >= pcm->runtime->buffer_size) - ptr -= pcm->runtime->buffer_size; -- ACCESS_ONCE(s->pcm_buffer_pointer) = ptr; -+ ACCESS_ONCE_RW(s->pcm_buffer_pointer) = ptr; - - s->pcm_period_pointer += frames; - if (s->pcm_period_pointer >= pcm->runtime->period_size) { -@@ -811,7 +811,7 @@ EXPORT_SYMBOL(amdtp_stream_pcm_pointer); - void amdtp_stream_update(struct amdtp_stream *s) - { - /* Precomputing. */ -- ACCESS_ONCE(s->source_node_id_field) = -+ ACCESS_ONCE_RW(s->source_node_id_field) = - (fw_parent_device(s->unit)->card->node_id << CIP_SID_SHIFT) & - CIP_SID_MASK; - } -diff --git a/sound/firewire/amdtp-stream.h b/sound/firewire/amdtp-stream.h -index 8775704..8fea566 100644 ---- a/sound/firewire/amdtp-stream.h -+++ b/sound/firewire/amdtp-stream.h -@@ -215,7 +215,7 @@ static inline bool amdtp_stream_pcm_running(struct amdtp_stream *s) - static inline void amdtp_stream_pcm_trigger(struct amdtp_stream *s, - struct snd_pcm_substream *pcm) - { -- ACCESS_ONCE(s->pcm) = pcm; -+ ACCESS_ONCE_RW(s->pcm) = pcm; - } - - static inline bool cip_sfc_is_base_44100(enum cip_sfc sfc) -diff --git a/sound/firewire/digi00x/amdtp-dot.c b/sound/firewire/digi00x/amdtp-dot.c -index 0ac92ab..a2081aa 100644 ---- a/sound/firewire/digi00x/amdtp-dot.c -+++ b/sound/firewire/digi00x/amdtp-dot.c -@@ -365,7 +365,7 @@ void amdtp_dot_midi_trigger(struct amdtp_stream *s, unsigned int port, - struct amdtp_dot *p = s->protocol; - - if (port < p->midi_ports) -- ACCESS_ONCE(p->midi[port]) = midi; -+ ACCESS_ONCE_RW(p->midi[port]) = midi; - } - - static unsigned int process_tx_data_blocks(struct amdtp_stream *s, -diff --git a/sound/firewire/isight.c b/sound/firewire/isight.c -index 48d6dca..a0266c23 100644 ---- a/sound/firewire/isight.c -+++ b/sound/firewire/isight.c -@@ -96,7 +96,7 @@ static void isight_update_pointers(struct isight *isight, unsigned int count) - ptr += count; - if (ptr >= runtime->buffer_size) - ptr -= runtime->buffer_size; -- ACCESS_ONCE(isight->buffer_pointer) = ptr; -+ ACCESS_ONCE_RW(isight->buffer_pointer) = ptr; - - isight->period_counter += count; - if (isight->period_counter >= runtime->period_size) { -@@ -293,7 +293,7 @@ static int isight_hw_params(struct snd_pcm_substream *substream, - if (err < 0) - return err; - -- ACCESS_ONCE(isight->pcm_active) = true; -+ ACCESS_ONCE_RW(isight->pcm_active) = true; - - return 0; - } -@@ -331,7 +331,7 @@ static int isight_hw_free(struct snd_pcm_substream *substream) - { - struct isight *isight = substream->private_data; - -- ACCESS_ONCE(isight->pcm_active) = false; -+ ACCESS_ONCE_RW(isight->pcm_active) = false; - - mutex_lock(&isight->mutex); - isight_stop_streaming(isight); -@@ -424,10 +424,10 @@ static int isight_trigger(struct snd_pcm_substream *substream, int cmd) - - switch (cmd) { - case SNDRV_PCM_TRIGGER_START: -- ACCESS_ONCE(isight->pcm_running) = true; -+ ACCESS_ONCE_RW(isight->pcm_running) = true; - break; - case SNDRV_PCM_TRIGGER_STOP: -- ACCESS_ONCE(isight->pcm_running) = false; -+ ACCESS_ONCE_RW(isight->pcm_running) = false; - break; - default: - return -EINVAL; -diff --git a/sound/firewire/oxfw/oxfw-scs1x.c b/sound/firewire/oxfw/oxfw-scs1x.c -index bb53eb3..670cd89 100644 ---- a/sound/firewire/oxfw/oxfw-scs1x.c -+++ b/sound/firewire/oxfw/oxfw-scs1x.c -@@ -278,9 +278,9 @@ static void midi_capture_trigger(struct snd_rawmidi_substream *stream, int up) - - if (up) { - scs->input_escape_count = 0; -- ACCESS_ONCE(scs->input) = stream; -+ ACCESS_ONCE_RW(scs->input) = stream; - } else { -- ACCESS_ONCE(scs->input) = NULL; -+ ACCESS_ONCE_RW(scs->input) = NULL; - } - } - -@@ -310,10 +310,10 @@ static void midi_playback_trigger(struct snd_rawmidi_substream *stream, int up) - scs->output_escaped = false; - scs->output_idle = false; - -- ACCESS_ONCE(scs->output) = stream; -+ ACCESS_ONCE_RW(scs->output) = stream; - tasklet_schedule(&scs->tasklet); - } else { -- ACCESS_ONCE(scs->output) = NULL; -+ ACCESS_ONCE_RW(scs->output) = NULL; - } - } - static void midi_playback_drain(struct snd_rawmidi_substream *stream) -diff --git a/sound/oss/sb_audio.c b/sound/oss/sb_audio.c -index dc91072..d85a10a 100644 ---- a/sound/oss/sb_audio.c -+++ b/sound/oss/sb_audio.c -@@ -900,7 +900,7 @@ sb16_copy_from_user(int dev, - buf16 = (signed short *)(localbuf + localoffs); - while (c) - { -- locallen = (c >= LBUFCOPYSIZE ? LBUFCOPYSIZE : c); -+ locallen = ((unsigned)c >= LBUFCOPYSIZE ? LBUFCOPYSIZE : c); - if (copy_from_user(lbuf8, - userbuf+useroffs + p, - locallen)) -diff --git a/sound/oss/swarm_cs4297a.c b/sound/oss/swarm_cs4297a.c -index 213a416..aeab5c9 100644 ---- a/sound/oss/swarm_cs4297a.c -+++ b/sound/oss/swarm_cs4297a.c -@@ -2623,7 +2623,6 @@ static int __init cs4297a_init(void) - { - struct cs4297a_state *s; - u32 pwr, id; -- mm_segment_t fs; - int rval; - u64 cfg; - int mdio_val; -@@ -2709,22 +2708,23 @@ static int __init cs4297a_init(void) - if (!rval) { - char *sb1250_duart_present; - -+#if 0 -+ mm_segment_t fs; - fs = get_fs(); - set_fs(KERNEL_DS); --#if 0 - val = SOUND_MASK_LINE; - mixer_ioctl(s, SOUND_MIXER_WRITE_RECSRC, (unsigned long) &val); - for (i = 0; i < ARRAY_SIZE(initvol); i++) { - val = initvol[i].vol; - mixer_ioctl(s, initvol[i].mixch, (unsigned long) &val); - } -+ set_fs(fs); - // cs4297a_write_ac97(s, 0x18, 0x0808); - #else - // cs4297a_write_ac97(s, 0x5e, 0x180); - cs4297a_write_ac97(s, 0x02, 0x0808); - cs4297a_write_ac97(s, 0x18, 0x0808); - #endif -- set_fs(fs); - - list_add(&s->list, &cs4297a_devs); - -diff --git a/sound/pci/als300.c b/sound/pci/als300.c -index add3176..c9394d9 100644 ---- a/sound/pci/als300.c -+++ b/sound/pci/als300.c -@@ -647,7 +647,7 @@ static int snd_als300_create(struct snd_card *card, - struct snd_als300 **rchip) - { - struct snd_als300 *chip; -- void *irq_handler; -+ irq_handler_t irq_handler; - int err; - - static struct snd_device_ops ops = { -diff --git a/sound/pci/aw2/aw2-alsa.c b/sound/pci/aw2/aw2-alsa.c -index 1677143..85aca1d 100644 ---- a/sound/pci/aw2/aw2-alsa.c -+++ b/sound/pci/aw2/aw2-alsa.c -@@ -458,7 +458,6 @@ static int snd_aw2_pcm_prepare_playback(struct snd_pcm_substream *substream) - - /* Define Interrupt callback */ - snd_aw2_saa7146_define_it_playback_callback(pcm_device->stream_number, -- (snd_aw2_saa7146_it_cb) - snd_pcm_period_elapsed, - (void *)substream); - -@@ -487,7 +486,6 @@ static int snd_aw2_pcm_prepare_capture(struct snd_pcm_substream *substream) - - /* Define Interrupt callback */ - snd_aw2_saa7146_define_it_capture_callback(pcm_device->stream_number, -- (snd_aw2_saa7146_it_cb) - snd_pcm_period_elapsed, - (void *)substream); - -diff --git a/sound/pci/aw2/aw2-saa7146.c b/sound/pci/aw2/aw2-saa7146.c -index 1d78904..d9c1056 100644 ---- a/sound/pci/aw2/aw2-saa7146.c -+++ b/sound/pci/aw2/aw2-saa7146.c -@@ -262,7 +262,7 @@ void snd_aw2_saa7146_define_it_playback_callback(unsigned int stream_number, - { - if (stream_number < NB_STREAM_PLAYBACK) { - arr_substream_it_playback_cb[stream_number].p_it_callback = -- (snd_aw2_saa7146_it_cb) p_it_callback; -+ p_it_callback; - arr_substream_it_playback_cb[stream_number].p_callback_param = - (void *)p_callback_param; - } -@@ -275,7 +275,7 @@ void snd_aw2_saa7146_define_it_capture_callback(unsigned int stream_number, - { - if (stream_number < NB_STREAM_CAPTURE) { - arr_substream_it_capture_cb[stream_number].p_it_callback = -- (snd_aw2_saa7146_it_cb) p_it_callback; -+ p_it_callback; - arr_substream_it_capture_cb[stream_number].p_callback_param = - (void *)p_callback_param; - } -diff --git a/sound/pci/ctxfi/ctamixer.c b/sound/pci/ctxfi/ctamixer.c -index 5fcbb06..f4b85df 100644 ---- a/sound/pci/ctxfi/ctamixer.c -+++ b/sound/pci/ctxfi/ctamixer.c -@@ -297,8 +297,9 @@ static int put_amixer_rsc(struct amixer_mgr *mgr, struct amixer *amixer) - return 0; - } - --int amixer_mgr_create(struct hw *hw, struct amixer_mgr **ramixer_mgr) -+int amixer_mgr_create(struct hw *hw, void **_ramixer_mgr) - { -+ struct amixer_mgr **ramixer_mgr = (struct amixer_mgr **)_ramixer_mgr; - int err; - struct amixer_mgr *amixer_mgr; - -@@ -326,8 +327,10 @@ error: - return err; - } - --int amixer_mgr_destroy(struct amixer_mgr *amixer_mgr) -+int amixer_mgr_destroy(void *_amixer_mgr) - { -+ struct amixer_mgr *amixer_mgr = _amixer_mgr; -+ - rsc_mgr_uninit(&amixer_mgr->mgr); - kfree(amixer_mgr); - return 0; -@@ -452,8 +455,9 @@ static int put_sum_rsc(struct sum_mgr *mgr, struct sum *sum) - return 0; - } - --int sum_mgr_create(struct hw *hw, struct sum_mgr **rsum_mgr) -+int sum_mgr_create(struct hw *hw, void **_rsum_mgr) - { -+ struct sum_mgr **rsum_mgr = (struct sum_mgr **)_rsum_mgr; - int err; - struct sum_mgr *sum_mgr; - -@@ -481,8 +485,10 @@ error: - return err; - } - --int sum_mgr_destroy(struct sum_mgr *sum_mgr) -+int sum_mgr_destroy(void *_sum_mgr) - { -+ struct sum_mgr *sum_mgr = _sum_mgr; -+ - rsc_mgr_uninit(&sum_mgr->mgr); - kfree(sum_mgr); - return 0; -diff --git a/sound/pci/ctxfi/ctamixer.h b/sound/pci/ctxfi/ctamixer.h -index 2de18aa..2fbd01b 100644 ---- a/sound/pci/ctxfi/ctamixer.h -+++ b/sound/pci/ctxfi/ctamixer.h -@@ -47,8 +47,8 @@ struct sum_mgr { - }; - - /* Constructor and destructor of daio resource manager */ --int sum_mgr_create(struct hw *hw, struct sum_mgr **rsum_mgr); --int sum_mgr_destroy(struct sum_mgr *sum_mgr); -+int sum_mgr_create(struct hw *hw, void **rsum_mgr); -+int sum_mgr_destroy(void *sum_mgr); - - /* Define the descriptor of a amixer resource */ - struct amixer_rsc_ops; -@@ -93,7 +93,7 @@ struct amixer_mgr { - }; - - /* Constructor and destructor of amixer resource manager */ --int amixer_mgr_create(struct hw *hw, struct amixer_mgr **ramixer_mgr); --int amixer_mgr_destroy(struct amixer_mgr *amixer_mgr); -+int amixer_mgr_create(struct hw *hw, void **ramixer_mgr); -+int amixer_mgr_destroy(void *amixer_mgr); - - #endif /* CTAMIXER_H */ -diff --git a/sound/pci/ctxfi/ctatc.c b/sound/pci/ctxfi/ctatc.c -index 977a598..a787004 100644 ---- a/sound/pci/ctxfi/ctatc.c -+++ b/sound/pci/ctxfi/ctatc.c -@@ -113,16 +113,16 @@ static struct { - int (*create)(struct hw *hw, void **rmgr); - int (*destroy)(void *mgr); - } rsc_mgr_funcs[NUM_RSCTYP] = { -- [SRC] = { .create = (create_t)src_mgr_create, -- .destroy = (destroy_t)src_mgr_destroy }, -- [SRCIMP] = { .create = (create_t)srcimp_mgr_create, -- .destroy = (destroy_t)srcimp_mgr_destroy }, -- [AMIXER] = { .create = (create_t)amixer_mgr_create, -- .destroy = (destroy_t)amixer_mgr_destroy }, -- [SUM] = { .create = (create_t)sum_mgr_create, -- .destroy = (destroy_t)sum_mgr_destroy }, -- [DAIO] = { .create = (create_t)daio_mgr_create, -- .destroy = (destroy_t)daio_mgr_destroy } -+ [SRC] = { .create = src_mgr_create, -+ .destroy = src_mgr_destroy }, -+ [SRCIMP] = { .create = srcimp_mgr_create, -+ .destroy = srcimp_mgr_destroy }, -+ [AMIXER] = { .create = amixer_mgr_create, -+ .destroy = amixer_mgr_destroy }, -+ [SUM] = { .create = sum_mgr_create, -+ .destroy = sum_mgr_destroy }, -+ [DAIO] = { .create = daio_mgr_create, -+ .destroy = daio_mgr_destroy } - }; - - static int -diff --git a/sound/pci/ctxfi/ctdaio.c b/sound/pci/ctxfi/ctdaio.c -index 7f089cb..6bea28e 100644 ---- a/sound/pci/ctxfi/ctdaio.c -+++ b/sound/pci/ctxfi/ctdaio.c -@@ -687,8 +687,9 @@ static int daio_mgr_commit_write(struct daio_mgr *mgr) - return 0; - } - --int daio_mgr_create(struct hw *hw, struct daio_mgr **rdaio_mgr) -+int daio_mgr_create(struct hw *hw, void **_rdaio_mgr) - { -+ struct daio_mgr **rdaio_mgr = (struct daio_mgr **)_rdaio_mgr; - int err, i; - struct daio_mgr *daio_mgr; - struct imapper *entry; -@@ -741,8 +742,9 @@ error1: - return err; - } - --int daio_mgr_destroy(struct daio_mgr *daio_mgr) -+int daio_mgr_destroy(void *_daio_mgr) - { -+ struct daio_mgr *daio_mgr = _daio_mgr; - unsigned long flags; - - /* free daio input mapper list */ -diff --git a/sound/pci/ctxfi/ctdaio.h b/sound/pci/ctxfi/ctdaio.h -index a30be73..91b8dbd 100644 ---- a/sound/pci/ctxfi/ctdaio.h -+++ b/sound/pci/ctxfi/ctdaio.h -@@ -119,7 +119,7 @@ struct daio_mgr { - }; - - /* Constructor and destructor of daio resource manager */ --int daio_mgr_create(struct hw *hw, struct daio_mgr **rdaio_mgr); --int daio_mgr_destroy(struct daio_mgr *daio_mgr); -+int daio_mgr_create(struct hw *hw, void **rdaio_mgr); -+int daio_mgr_destroy(void *daio_mgr); - - #endif /* CTDAIO_H */ -diff --git a/sound/pci/ctxfi/ctsrc.c b/sound/pci/ctxfi/ctsrc.c -index a5a72df..f86edb8 100644 ---- a/sound/pci/ctxfi/ctsrc.c -+++ b/sound/pci/ctxfi/ctsrc.c -@@ -544,8 +544,9 @@ static int src_mgr_commit_write(struct src_mgr *mgr) - return 0; - } - --int src_mgr_create(struct hw *hw, struct src_mgr **rsrc_mgr) -+int src_mgr_create(struct hw *hw, void **_rsrc_mgr) - { -+ struct src_mgr **rsrc_mgr = (struct src_mgr **)_rsrc_mgr; - int err, i; - struct src_mgr *src_mgr; - -@@ -584,8 +585,10 @@ error1: - return err; - } - --int src_mgr_destroy(struct src_mgr *src_mgr) -+int src_mgr_destroy(void *_src_mgr) - { -+ struct src_mgr *src_mgr = _src_mgr; -+ - rsc_mgr_uninit(&src_mgr->mgr); - kfree(src_mgr); - -@@ -828,8 +831,9 @@ static int srcimp_imap_delete(struct srcimp_mgr *mgr, struct imapper *entry) - return err; - } - --int srcimp_mgr_create(struct hw *hw, struct srcimp_mgr **rsrcimp_mgr) -+int srcimp_mgr_create(struct hw *hw, void **_rsrcimp_mgr) - { -+ struct srcimp_mgr **rsrcimp_mgr = (struct srcimp_mgr **)_rsrcimp_mgr; - int err; - struct srcimp_mgr *srcimp_mgr; - struct imapper *entry; -@@ -873,8 +877,9 @@ error1: - return err; - } - --int srcimp_mgr_destroy(struct srcimp_mgr *srcimp_mgr) -+int srcimp_mgr_destroy(void *_srcimp_mgr) - { -+ struct srcimp_mgr *srcimp_mgr = _srcimp_mgr; - unsigned long flags; - - /* free src input mapper list */ -diff --git a/sound/pci/ctxfi/ctsrc.h b/sound/pci/ctxfi/ctsrc.h -index 92944a0..fc78ed4 100644 ---- a/sound/pci/ctxfi/ctsrc.h -+++ b/sound/pci/ctxfi/ctsrc.h -@@ -143,10 +143,10 @@ struct srcimp_mgr { - }; - - /* Constructor and destructor of SRC resource manager */ --int src_mgr_create(struct hw *hw, struct src_mgr **rsrc_mgr); --int src_mgr_destroy(struct src_mgr *src_mgr); -+int src_mgr_create(struct hw *hw, void **rsrc_mgr); -+int src_mgr_destroy(void *src_mgr); - /* Constructor and destructor of SRCIMP resource manager */ --int srcimp_mgr_create(struct hw *hw, struct srcimp_mgr **rsrc_mgr); --int srcimp_mgr_destroy(struct srcimp_mgr *srcimp_mgr); -+int srcimp_mgr_create(struct hw *hw, void **rsrc_mgr); -+int srcimp_mgr_destroy(void *srcimp_mgr); - - #endif /* CTSRC_H */ -diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c -index 8374188..f073778 100644 ---- a/sound/pci/hda/hda_codec.c -+++ b/sound/pci/hda/hda_codec.c -@@ -1743,7 +1743,7 @@ static int get_kctl_0dB_offset(struct hda_codec *codec, - /* FIXME: set_fs() hack for obtaining user-space TLV data */ - mm_segment_t fs = get_fs(); - set_fs(get_ds()); -- if (!kctl->tlv.c(kctl, 0, sizeof(_tlv), _tlv)) -+ if (!kctl->tlv.c(kctl, 0, sizeof(_tlv), (unsigned int __force_user *)_tlv)) - tlv = _tlv; - set_fs(fs); - } else if (kctl->vd[0].access & SNDRV_CTL_ELEM_ACCESS_TLV_READ) -diff --git a/sound/pci/ymfpci/ymfpci.h b/sound/pci/ymfpci/ymfpci.h -index 149d4cb..7784769 100644 ---- a/sound/pci/ymfpci/ymfpci.h -+++ b/sound/pci/ymfpci/ymfpci.h -@@ -358,7 +358,7 @@ struct snd_ymfpci { - spinlock_t reg_lock; - spinlock_t voice_lock; - wait_queue_head_t interrupt_sleep; -- atomic_t interrupt_sleep_count; -+ atomic_unchecked_t interrupt_sleep_count; - struct snd_info_entry *proc_entry; - const struct firmware *dsp_microcode; - const struct firmware *controller_microcode; -diff --git a/sound/pci/ymfpci/ymfpci_main.c b/sound/pci/ymfpci/ymfpci_main.c -index 4c26076..a13f370 100644 ---- a/sound/pci/ymfpci/ymfpci_main.c -+++ b/sound/pci/ymfpci/ymfpci_main.c -@@ -204,8 +204,8 @@ static void snd_ymfpci_hw_stop(struct snd_ymfpci *chip) - if ((snd_ymfpci_readl(chip, YDSXGR_STATUS) & 2) == 0) - break; - } -- if (atomic_read(&chip->interrupt_sleep_count)) { -- atomic_set(&chip->interrupt_sleep_count, 0); -+ if (atomic_read_unchecked(&chip->interrupt_sleep_count)) { -+ atomic_set_unchecked(&chip->interrupt_sleep_count, 0); - wake_up(&chip->interrupt_sleep); - } - __end: -@@ -789,7 +789,7 @@ static void snd_ymfpci_irq_wait(struct snd_ymfpci *chip) - continue; - init_waitqueue_entry(&wait, current); - add_wait_queue(&chip->interrupt_sleep, &wait); -- atomic_inc(&chip->interrupt_sleep_count); -+ atomic_inc_unchecked(&chip->interrupt_sleep_count); - schedule_timeout_uninterruptible(msecs_to_jiffies(50)); - remove_wait_queue(&chip->interrupt_sleep, &wait); - } -@@ -827,8 +827,8 @@ static irqreturn_t snd_ymfpci_interrupt(int irq, void *dev_id) - snd_ymfpci_writel(chip, YDSXGR_MODE, mode); - spin_unlock(&chip->reg_lock); - -- if (atomic_read(&chip->interrupt_sleep_count)) { -- atomic_set(&chip->interrupt_sleep_count, 0); -+ if (atomic_read_unchecked(&chip->interrupt_sleep_count)) { -+ atomic_set_unchecked(&chip->interrupt_sleep_count, 0); - wake_up(&chip->interrupt_sleep); - } - } -@@ -2384,7 +2384,7 @@ int snd_ymfpci_create(struct snd_card *card, - spin_lock_init(&chip->reg_lock); - spin_lock_init(&chip->voice_lock); - init_waitqueue_head(&chip->interrupt_sleep); -- atomic_set(&chip->interrupt_sleep_count, 0); -+ atomic_set_unchecked(&chip->interrupt_sleep_count, 0); - chip->card = card; - chip->pci = pci; - chip->irq = -1; -diff --git a/sound/soc/codecs/cx20442.c b/sound/soc/codecs/cx20442.c -index d6f4abb..5d59f0c 100644 ---- a/sound/soc/codecs/cx20442.c -+++ b/sound/soc/codecs/cx20442.c -@@ -263,6 +263,12 @@ static int v253_hangup(struct tty_struct *tty) - return 0; - } - -+static int v253_hw_write(void *client, const char *buf, int count) -+{ -+ struct tty_struct *tty = client; -+ return tty->ops->write(client, buf, count); -+} -+ - /* Line discipline .receive_buf() */ - static void v253_receive(struct tty_struct *tty, - const unsigned char *cp, char *fp, int count) -@@ -280,7 +286,7 @@ static void v253_receive(struct tty_struct *tty, - - /* Set up codec driver access to modem controls */ - cx20442->control_data = tty; -- codec->hw_write = (hw_write_t)tty->ops->write; -+ codec->hw_write = v253_hw_write; - codec->component.card->pop_time = 1; - } - } -diff --git a/sound/soc/codecs/sti-sas.c b/sound/soc/codecs/sti-sas.c -index 160d61a..10bfd63 100644 ---- a/sound/soc/codecs/sti-sas.c -+++ b/sound/soc/codecs/sti-sas.c -@@ -591,11 +591,13 @@ static int sti_sas_driver_probe(struct platform_device *pdev) - sti_sas_dai[STI_SAS_DAI_ANALOG_OUT].ops = drvdata->dev_data->dac_ops; - - /* Set dapms*/ -- sti_sas_driver.dapm_widgets = drvdata->dev_data->dapm_widgets; -- sti_sas_driver.num_dapm_widgets = drvdata->dev_data->num_dapm_widgets; -+ pax_open_kernel(); -+ *(const void **)&sti_sas_driver.dapm_widgets = drvdata->dev_data->dapm_widgets; -+ *(int *)&sti_sas_driver.num_dapm_widgets = drvdata->dev_data->num_dapm_widgets; - -- sti_sas_driver.dapm_routes = drvdata->dev_data->dapm_routes; -- sti_sas_driver.num_dapm_routes = drvdata->dev_data->num_dapm_routes; -+ *(const void **)&sti_sas_driver.dapm_routes = drvdata->dev_data->dapm_routes; -+ *(int *)&sti_sas_driver.num_dapm_routes = drvdata->dev_data->num_dapm_routes; -+ pax_close_kernel(); - - /* Store context */ - dev_set_drvdata(&pdev->dev, drvdata); -diff --git a/sound/soc/codecs/tlv320dac33.c b/sound/soc/codecs/tlv320dac33.c -index f7a6ce7..82310c8 100644 ---- a/sound/soc/codecs/tlv320dac33.c -+++ b/sound/soc/codecs/tlv320dac33.c -@@ -1375,13 +1375,18 @@ static int dac33_set_dai_fmt(struct snd_soc_dai *codec_dai, - return 0; - } - -+static int dac33_hw_write(void *client, const char *buf, int count) -+{ -+ return i2c_master_send(client, buf, count); -+} -+ - static int dac33_soc_probe(struct snd_soc_codec *codec) - { - struct tlv320dac33_priv *dac33 = snd_soc_codec_get_drvdata(codec); - int ret = 0; - - codec->control_data = dac33->control_data; -- codec->hw_write = (hw_write_t) i2c_master_send; -+ codec->hw_write = dac33_hw_write; - dac33->codec = codec; - - /* Read the tlv320dac33 ID registers */ -diff --git a/sound/soc/codecs/uda1380.c b/sound/soc/codecs/uda1380.c -index 35f0469..7c25cd5 100644 ---- a/sound/soc/codecs/uda1380.c -+++ b/sound/soc/codecs/uda1380.c -@@ -687,6 +687,11 @@ static struct snd_soc_dai_driver uda1380_dai[] = { - }, - }; - -+static int uda1380_hw_write(void *client, const char *buf, int count) -+{ -+ return i2c_master_send(client, buf, count); -+} -+ - static int uda1380_probe(struct snd_soc_codec *codec) - { - struct uda1380_platform_data *pdata =codec->dev->platform_data; -@@ -695,7 +700,7 @@ static int uda1380_probe(struct snd_soc_codec *codec) - - uda1380->codec = codec; - -- codec->hw_write = (hw_write_t)i2c_master_send; -+ codec->hw_write = uda1380_hw_write; - codec->control_data = uda1380->control_data; - - if (!pdata) -diff --git a/sound/soc/intel/skylake/skl-sst-dsp.h b/sound/soc/intel/skylake/skl-sst-dsp.h -index cbb4075..edda3dd 100644 ---- a/sound/soc/intel/skylake/skl-sst-dsp.h -+++ b/sound/soc/intel/skylake/skl-sst-dsp.h -@@ -117,14 +117,14 @@ struct skl_dsp_fw_ops { - int (*load_mod)(struct sst_dsp *ctx, u16 mod_id, char *mod_name); - int (*unload_mod)(struct sst_dsp *ctx, u16 mod_id); - --}; -+} __no_const; - - struct skl_dsp_loader_ops { - int (*alloc_dma_buf)(struct device *dev, - struct snd_dma_buffer *dmab, size_t size); - int (*free_dma_buf)(struct device *dev, - struct snd_dma_buffer *dmab); --}; -+} __no_const; - - struct skl_load_module_info { - u16 mod_id; -diff --git a/sound/soc/soc-ac97.c b/sound/soc/soc-ac97.c -index 7e0acd8..7fe0f65 100644 ---- a/sound/soc/soc-ac97.c -+++ b/sound/soc/soc-ac97.c -@@ -416,8 +416,10 @@ int snd_soc_set_ac97_ops_of_reset(struct snd_ac97_bus_ops *ops, - if (ret) - return ret; - -- ops->warm_reset = snd_soc_ac97_warm_reset; -- ops->reset = snd_soc_ac97_reset; -+ pax_open_kernel(); -+ *(void **)&ops->warm_reset = snd_soc_ac97_warm_reset; -+ *(void **)&ops->reset = snd_soc_ac97_reset; -+ pax_close_kernel(); - - snd_ac97_rst_cfg = cfg; - return 0; -diff --git a/sound/soc/xtensa/xtfpga-i2s.c b/sound/soc/xtensa/xtfpga-i2s.c -index 8382ffa..86af7d0 100644 ---- a/sound/soc/xtensa/xtfpga-i2s.c -+++ b/sound/soc/xtensa/xtfpga-i2s.c -@@ -437,7 +437,7 @@ static int xtfpga_pcm_trigger(struct snd_pcm_substream *substream, int cmd) - case SNDRV_PCM_TRIGGER_START: - case SNDRV_PCM_TRIGGER_RESUME: - case SNDRV_PCM_TRIGGER_PAUSE_RELEASE: -- ACCESS_ONCE(i2s->tx_ptr) = 0; -+ ACCESS_ONCE_RW(i2s->tx_ptr) = 0; - rcu_assign_pointer(i2s->tx_substream, substream); - xtfpga_pcm_refill_fifo(i2s); - break; -diff --git a/sound/synth/emux/emux_seq.c b/sound/synth/emux/emux_seq.c -index a020920..55579f6 100644 ---- a/sound/synth/emux/emux_seq.c -+++ b/sound/synth/emux/emux_seq.c -@@ -33,13 +33,13 @@ static int snd_emux_unuse(void *private_data, struct snd_seq_port_subscribe *inf - * MIDI emulation operators - */ - static struct snd_midi_op emux_ops = { -- snd_emux_note_on, -- snd_emux_note_off, -- snd_emux_key_press, -- snd_emux_terminate_note, -- snd_emux_control, -- snd_emux_nrpn, -- snd_emux_sysex, -+ .note_on = snd_emux_note_on, -+ .note_off = snd_emux_note_off, -+ .key_press = snd_emux_key_press, -+ .note_terminate = snd_emux_terminate_note, -+ .control = snd_emux_control, -+ .nrpn = snd_emux_nrpn, -+ .sysex = snd_emux_sysex, - }; - - -diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c -index 81b7da8..bb2676f 100644 ---- a/sound/usb/line6/driver.c -+++ b/sound/usb/line6/driver.c -@@ -307,7 +307,7 @@ int line6_read_data(struct usb_line6 *line6, unsigned address, void *data, - { - struct usb_device *usbdev = line6->usbdev; - int ret; -- unsigned char len; -+ unsigned char *plen; - unsigned count; - - if (address > 0xffff || datalen > 0xff) -@@ -324,6 +324,10 @@ int line6_read_data(struct usb_line6 *line6, unsigned address, void *data, - return ret; - } - -+ plen = kmalloc(1, GFP_KERNEL); -+ if (plen == NULL) -+ return -ENOMEM; -+ - /* Wait for data length. We'll get 0xff until length arrives. */ - for (count = 0; count < LINE6_READ_WRITE_MAX_RETRIES; count++) { - mdelay(LINE6_READ_WRITE_STATUS_DELAY); -@@ -331,30 +335,35 @@ int line6_read_data(struct usb_line6 *line6, unsigned address, void *data, - ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67, - USB_TYPE_VENDOR | USB_RECIP_DEVICE | - USB_DIR_IN, -- 0x0012, 0x0000, &len, 1, -+ 0x0012, 0x0000, plen, 1, - LINE6_TIMEOUT * HZ); - if (ret < 0) { - dev_err(line6->ifcdev, - "receive length failed (error %d)\n", ret); -+ kfree(plen); - return ret; - } - -- if (len != 0xff) -+ if (*plen != 0xff) - break; - } - -- if (len == 0xff) { -+ if (*plen == 0xff) { - dev_err(line6->ifcdev, "read failed after %d retries\n", - count); -+ kfree(plen); - return -EIO; -- } else if (len != datalen) { -+ } else if (*plen != datalen) { - /* should be equal or something went wrong */ - dev_err(line6->ifcdev, - "length mismatch (expected %d, got %d)\n", -- (int)datalen, (int)len); -+ (int)datalen, (int)*plen); -+ kfree(plen); - return -EIO; - } - -+ kfree(plen); -+ - /* receive the result: */ - ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67, - USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, -@@ -378,7 +387,7 @@ int line6_write_data(struct usb_line6 *line6, unsigned address, void *data, - { - struct usb_device *usbdev = line6->usbdev; - int ret; -- unsigned char status; -+ unsigned char *status; - int count; - - if (address > 0xffff || datalen > 0xffff) -@@ -395,6 +404,10 @@ int line6_write_data(struct usb_line6 *line6, unsigned address, void *data, - return ret; - } - -+ status = kmalloc(1, GFP_KERNEL); -+ if (status == NULL) -+ return -ENOMEM; -+ - for (count = 0; count < LINE6_READ_WRITE_MAX_RETRIES; count++) { - mdelay(LINE6_READ_WRITE_STATUS_DELAY); - -@@ -403,27 +416,32 @@ int line6_write_data(struct usb_line6 *line6, unsigned address, void *data, - USB_TYPE_VENDOR | USB_RECIP_DEVICE | - USB_DIR_IN, - 0x0012, 0x0000, -- &status, 1, LINE6_TIMEOUT * HZ); -+ status, 1, LINE6_TIMEOUT * HZ); - - if (ret < 0) { - dev_err(line6->ifcdev, - "receiving status failed (error %d)\n", ret); -+ kfree(status); - return ret; - } - -- if (status != 0xff) -+ if (*status != 0xff) - break; - } - -- if (status == 0xff) { -+ if (*status == 0xff) { - dev_err(line6->ifcdev, "write failed after %d retries\n", - count); -+ kfree(status); - return -EIO; -- } else if (status != 0) { -+ } else if (*status != 0) { - dev_err(line6->ifcdev, "write failed (error %d)\n", ret); -+ kfree(status); - return -EIO; - } - -+ kfree(status); -+ - return 0; - } - EXPORT_SYMBOL_GPL(line6_write_data); -diff --git a/sound/usb/line6/toneport.c b/sound/usb/line6/toneport.c -index 6d4c50c..aa658c8 100644 ---- a/sound/usb/line6/toneport.c -+++ b/sound/usb/line6/toneport.c -@@ -367,13 +367,19 @@ static bool toneport_has_source_select(struct usb_line6_toneport *toneport) - */ - static void toneport_setup(struct usb_line6_toneport *toneport) - { -- int ticks; -+ int *ticks; - struct usb_line6 *line6 = &toneport->line6; - struct usb_device *usbdev = line6->usbdev; - -+ ticks = kmalloc(sizeof(int), GFP_KERNEL); -+ if (ticks == NULL) -+ return; -+ - /* sync time on device with host: */ -- ticks = (int)get_seconds(); -- line6_write_data(line6, 0x80c6, &ticks, 4); -+ *ticks = (int)get_seconds(); -+ line6_write_data(line6, 0x80c6, ticks, sizeof(int)); -+ -+ kfree(ticks); - - /* enable device: */ - toneport_send_cmd(usbdev, 0x0301, 0x0000); -diff --git a/tools/gcc/.gitignore b/tools/gcc/.gitignore +diff --git a/scripts/gcc-plugins/.gitignore b/scripts/gcc-plugins/.gitignore new file mode 100644 index 0000000..de92ed9 --- /dev/null -+++ b/tools/gcc/.gitignore ++++ b/scripts/gcc-plugins/.gitignore @@ -0,0 +1 @@ +randomize_layout_seed.h -diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile +diff --git a/scripts/gcc-plugins/Makefile b/scripts/gcc-plugins/Makefile new file mode 100644 -index 0000000..f1db084 +index 0000000..ad7ca02 --- /dev/null -+++ b/tools/gcc/Makefile -@@ -0,0 +1,58 @@ ++++ b/scripts/gcc-plugins/Makefile +@@ -0,0 +1,57 @@ +#CC := gcc +#PLUGIN_SOURCE_FILES := pax_plugin.c +#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES)) @@ -164146,7 +161419,6 @@ index 0000000..f1db084 +latent_entropy_plugin-objs := latent_entropy_plugin.o +structleak_plugin-objs := structleak_plugin.o +initify_plugin-objs := initify_plugin.o -+rap_plugin-objs := rap_plugin.o sip.o +randomize_layout_plugin-objs := randomize_layout_plugin.o + +$(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h @@ -164158,11 +161430,11 @@ index 0000000..f1db084 + $(call if_changed,create_randomize_layout_seed) + +targets += randomize_layout_seed.h randomize_layout_hash.h -diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c +diff --git a/scripts/gcc-plugins/checker_plugin.c b/scripts/gcc-plugins/checker_plugin.c new file mode 100644 index 0000000..efaf576 --- /dev/null -+++ b/tools/gcc/checker_plugin.c ++++ b/scripts/gcc-plugins/checker_plugin.c @@ -0,0 +1,496 @@ +/* + * Copyright 2011-2016 by the PaX Team <pageexec@freemail.hu> @@ -164660,11 +161932,11 @@ index 0000000..efaf576 + + return 0; +} -diff --git a/tools/gcc/colorize_plugin.c b/tools/gcc/colorize_plugin.c +diff --git a/scripts/gcc-plugins/colorize_plugin.c b/scripts/gcc-plugins/colorize_plugin.c new file mode 100644 index 0000000..ffe60f6 --- /dev/null -+++ b/tools/gcc/colorize_plugin.c ++++ b/scripts/gcc-plugins/colorize_plugin.c @@ -0,0 +1,162 @@ +/* + * Copyright 2012-2016 by PaX Team <pageexec@freemail.hu> @@ -164828,11 +162100,11 @@ index 0000000..ffe60f6 + } + return 0; +} -diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c +diff --git a/scripts/gcc-plugins/constify_plugin.c b/scripts/gcc-plugins/constify_plugin.c new file mode 100644 -index 0000000..b52a700 +index 0000000..7142f36 --- /dev/null -+++ b/tools/gcc/constify_plugin.c ++++ b/scripts/gcc-plugins/constify_plugin.c @@ -0,0 +1,521 @@ +/* + * Copyright 2011 by Emese Revfy <re.emese@gmail.com> @@ -164856,11 +162128,11 @@ index 0000000..b52a700 + +int plugin_is_GPL_compatible; + -+static bool constify = true; ++static bool enabled = true; + +static struct plugin_info const_plugin_info = { -+ .version = "201602181345", -+ .help = "no-constify\tturn off constification\n", ++ .version = "201605212045", ++ .help = "disable\tturn off constification\n", +}; + +typedef struct { @@ -165070,7 +162342,7 @@ index 0000000..b52a700 + + constifiable(type, &cinfo); + if ((cinfo.has_fptr_field && !cinfo.has_writable_field && !cinfo.has_no_const_field) || lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) { -+ if (constify) { ++ if (enabled) { + if TYPE_P(*node) + deconstify_type(*node); + else @@ -165083,7 +162355,7 @@ index 0000000..b52a700 + return NULL_TREE; + } + -+ if (constify && TYPE_FIELDS(type)) ++ if (enabled && TYPE_FIELDS(type)) + error("%qE attribute used on type %qT that is not constified", name, type); + return NULL_TREE; +} @@ -165332,8 +162604,8 @@ index 0000000..b52a700 + } + + for (i = 0; i < argc; ++i) { -+ if (!(strcmp(argv[i].key, "no-constify"))) { -+ constify = false; ++ if (!(strcmp(argv[i].key, "disable"))) { ++ enabled = false; + continue; + } + error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); @@ -165341,11 +162613,11 @@ index 0000000..b52a700 + + if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) { + inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name); -+ constify = false; ++ enabled = false; + } + + register_callback(plugin_name, PLUGIN_INFO, NULL, &const_plugin_info); -+ if (constify) { ++ if (enabled) { + register_callback(plugin_name, PLUGIN_ALL_IPA_PASSES_START, check_global_variables, NULL); + register_callback(plugin_name, PLUGIN_FINISH_TYPE, finish_type, NULL); + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &check_local_variables_pass_info); @@ -165355,11 +162627,11 @@ index 0000000..b52a700 + + return 0; +} -diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h +diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h new file mode 100644 index 0000000..0c0b842 --- /dev/null -+++ b/tools/gcc/gcc-common.h ++++ b/scripts/gcc-plugins/gcc-common.h @@ -0,0 +1,879 @@ +#ifndef GCC_COMMON_H_INCLUDED +#define GCC_COMMON_H_INCLUDED @@ -166240,11 +163512,11 @@ index 0000000..0c0b842 +#endif + +#endif -diff --git a/tools/gcc/gcc-generate-gimple-pass.h b/tools/gcc/gcc-generate-gimple-pass.h +diff --git a/scripts/gcc-plugins/gcc-generate-gimple-pass.h b/scripts/gcc-plugins/gcc-generate-gimple-pass.h new file mode 100644 index 0000000..0b081fe --- /dev/null -+++ b/tools/gcc/gcc-generate-gimple-pass.h ++++ b/scripts/gcc-plugins/gcc-generate-gimple-pass.h @@ -0,0 +1,175 @@ +/* + * Generator for GIMPLE pass related boilerplate code/data @@ -166421,11 +163693,11 @@ index 0000000..0b081fe +#undef __PASS_NAME_PASS_DATA + +#endif /* PASS_NAME */ -diff --git a/tools/gcc/gcc-generate-ipa-pass.h b/tools/gcc/gcc-generate-ipa-pass.h +diff --git a/scripts/gcc-plugins/gcc-generate-ipa-pass.h b/scripts/gcc-plugins/gcc-generate-ipa-pass.h new file mode 100644 index 0000000..9bd926e --- /dev/null -+++ b/tools/gcc/gcc-generate-ipa-pass.h ++++ b/scripts/gcc-plugins/gcc-generate-ipa-pass.h @@ -0,0 +1,289 @@ +/* + * Generator for IPA pass related boilerplate code/data @@ -166716,11 +163988,11 @@ index 0000000..9bd926e +#undef __WRITE_SUMMARY + +#endif /* PASS_NAME */ -diff --git a/tools/gcc/gcc-generate-rtl-pass.h b/tools/gcc/gcc-generate-rtl-pass.h +diff --git a/scripts/gcc-plugins/gcc-generate-rtl-pass.h b/scripts/gcc-plugins/gcc-generate-rtl-pass.h new file mode 100644 index 0000000..1dc67a5 --- /dev/null -+++ b/tools/gcc/gcc-generate-rtl-pass.h ++++ b/scripts/gcc-plugins/gcc-generate-rtl-pass.h @@ -0,0 +1,175 @@ +/* + * Generator for RTL pass related boilerplate code/data @@ -166897,11 +164169,11 @@ index 0000000..1dc67a5 +#undef __PASS_NAME_PASS_DATA + +#endif /* PASS_NAME */ -diff --git a/tools/gcc/gcc-generate-simple_ipa-pass.h b/tools/gcc/gcc-generate-simple_ipa-pass.h +diff --git a/scripts/gcc-plugins/gcc-generate-simple_ipa-pass.h b/scripts/gcc-plugins/gcc-generate-simple_ipa-pass.h new file mode 100644 index 0000000..a27e2b3 --- /dev/null -+++ b/tools/gcc/gcc-generate-simple_ipa-pass.h ++++ b/scripts/gcc-plugins/gcc-generate-simple_ipa-pass.h @@ -0,0 +1,175 @@ +/* + * Generator for SIMPLE_IPA pass related boilerplate code/data @@ -167078,11 +164350,11 @@ index 0000000..a27e2b3 +#undef __PASS_NAME_PASS_DATA + +#endif /* PASS_NAME */ -diff --git a/tools/gcc/gen-random-seed.sh b/tools/gcc/gen-random-seed.sh +diff --git a/scripts/gcc-plugins/gen-random-seed.sh b/scripts/gcc-plugins/gen-random-seed.sh new file mode 100644 index 0000000..7514850 --- /dev/null -+++ b/tools/gcc/gen-random-seed.sh ++++ b/scripts/gcc-plugins/gen-random-seed.sh @@ -0,0 +1,8 @@ +#!/bin/sh + @@ -167092,11 +164364,11 @@ index 0000000..7514850 + HASH=`echo -n "$SEED" | sha256sum | cut -d" " -f1 | tr -d ' \n'` + echo "#define RANDSTRUCT_HASHED_SEED \"$HASH\"" > "$2" +fi -diff --git a/tools/gcc/initify_plugin.c b/tools/gcc/initify_plugin.c +diff --git a/scripts/gcc-plugins/initify_plugin.c b/scripts/gcc-plugins/initify_plugin.c new file mode 100644 index 0000000..bf3eb6c --- /dev/null -+++ b/tools/gcc/initify_plugin.c ++++ b/scripts/gcc-plugins/initify_plugin.c @@ -0,0 +1,536 @@ +/* + * Copyright 2015-2016 by Emese Revfy <re.emese@gmail.com> @@ -167634,11 +164906,11 @@ index 0000000..bf3eb6c + + return 0; +} -diff --git a/tools/gcc/kallocstat_plugin.c b/tools/gcc/kallocstat_plugin.c +diff --git a/scripts/gcc-plugins/kallocstat_plugin.c b/scripts/gcc-plugins/kallocstat_plugin.c new file mode 100644 index 0000000..30ecc9a --- /dev/null -+++ b/tools/gcc/kallocstat_plugin.c ++++ b/scripts/gcc-plugins/kallocstat_plugin.c @@ -0,0 +1,135 @@ +/* + * Copyright 2011-2016 by the PaX Team <pageexec@freemail.hu> @@ -167775,11 +165047,11 @@ index 0000000..30ecc9a + + return 0; +} -diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c +diff --git a/scripts/gcc-plugins/kernexec_plugin.c b/scripts/gcc-plugins/kernexec_plugin.c new file mode 100644 index 0000000..e31e92f --- /dev/null -+++ b/tools/gcc/kernexec_plugin.c ++++ b/scripts/gcc-plugins/kernexec_plugin.c @@ -0,0 +1,407 @@ +/* + * Copyright 2011-2016 by the PaX Team <pageexec@freemail.hu> @@ -168188,12 +165460,12 @@ index 0000000..e31e92f + + return 0; +} -diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c +diff --git a/scripts/gcc-plugins/latent_entropy_plugin.c b/scripts/gcc-plugins/latent_entropy_plugin.c new file mode 100644 -index 0000000..50d373c +index 0000000..f08a221 --- /dev/null -+++ b/tools/gcc/latent_entropy_plugin.c -@@ -0,0 +1,422 @@ ++++ b/scripts/gcc-plugins/latent_entropy_plugin.c +@@ -0,0 +1,438 @@ +/* + * Copyright 2012-2016 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -168219,11 +165491,13 @@ index 0000000..50d373c + +int plugin_is_GPL_compatible; + ++static bool enabled = true; ++ +static GTY(()) tree latent_entropy_decl; + +static struct plugin_info latent_entropy_plugin_info = { -+ .version = "201604022010", -+ .help = NULL ++ .version = "201605212030", ++ .help = "disable\tturn off latent entropy instrumentation\n", +}; + +static unsigned HOST_WIDE_INT seed; @@ -168586,6 +165860,10 @@ index 0000000..50d373c +int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) +{ + const char * const plugin_name = plugin_info->base_name; ++ const int argc = plugin_info->argc; ++ const struct plugin_argument * const argv = plugin_info->argv; ++ int i; ++ + struct register_pass_info latent_entropy_pass_info; + + latent_entropy_pass_info.pass = make_latent_entropy_pass(); @@ -168608,19 +165886,29 @@ index 0000000..50d373c + return 1; + } + ++ for (i = 0; i < argc; ++i) { ++ if (!(strcmp(argv[i].key, "disable"))) { ++ enabled = false; ++ continue; ++ } ++ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); ++ } ++ + register_callback(plugin_name, PLUGIN_INFO, NULL, &latent_entropy_plugin_info); -+ register_callback(plugin_name, PLUGIN_START_UNIT, &latent_entropy_start_unit, NULL); -+ register_callback(plugin_name, PLUGIN_REGISTER_GGC_ROOTS, NULL, (void *)>_ggc_r_gt_latent_entropy); -+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &latent_entropy_pass_info); ++ if (enabled) { ++ register_callback(plugin_name, PLUGIN_START_UNIT, &latent_entropy_start_unit, NULL); ++ register_callback(plugin_name, PLUGIN_REGISTER_GGC_ROOTS, NULL, (void *)>_ggc_r_gt_latent_entropy); ++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &latent_entropy_pass_info); ++ } + register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL); + + return 0; +} -diff --git a/tools/gcc/randomize_layout_plugin.c b/tools/gcc/randomize_layout_plugin.c +diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c new file mode 100644 index 0000000..a716d7a --- /dev/null -+++ b/tools/gcc/randomize_layout_plugin.c ++++ b/scripts/gcc-plugins/randomize_layout_plugin.c @@ -0,0 +1,940 @@ +/* + * Copyright 2014-2016 by Open Source Security, Inc., Brad Spengler <spender@grsecurity.net> @@ -169562,21 +166850,21 @@ index 0000000..a716d7a + + return 0; +} -diff --git a/tools/gcc/rap_plugin/Makefile b/tools/gcc/rap_plugin/Makefile +diff --git a/scripts/gcc-plugins/rap_plugin/Makefile b/scripts/gcc-plugins/rap_plugin/Makefile new file mode 100644 index 0000000..8171be8 --- /dev/null -+++ b/tools/gcc/rap_plugin/Makefile ++++ b/scripts/gcc-plugins/rap_plugin/Makefile @@ -0,0 +1,4 @@ +$(HOSTLIBS)-$(CONFIG_PAX_RAP) += rap_plugin.so +always := $($(HOSTLIBS)-y) + +rap_plugin-objs := $(patsubst $(srctree)/$(src)/%.c,%.o,$(wildcard $(srctree)/$(src)/*.c)) -diff --git a/tools/gcc/rap_plugin/rap.h b/tools/gcc/rap_plugin/rap.h +diff --git a/scripts/gcc-plugins/rap_plugin/rap.h b/scripts/gcc-plugins/rap_plugin/rap.h new file mode 100644 index 0000000..f6a284d --- /dev/null -+++ b/tools/gcc/rap_plugin/rap.h ++++ b/scripts/gcc-plugins/rap_plugin/rap.h @@ -0,0 +1,36 @@ +#ifndef RAP_H_INCLUDED +#define RAP_H_INCLUDED @@ -169614,11 +166902,11 @@ index 0000000..f6a284d +#endif + +#endif -diff --git a/tools/gcc/rap_plugin/rap_fptr_pass.c b/tools/gcc/rap_plugin/rap_fptr_pass.c +diff --git a/scripts/gcc-plugins/rap_plugin/rap_fptr_pass.c b/scripts/gcc-plugins/rap_plugin/rap_fptr_pass.c new file mode 100644 index 0000000..2f53f14 --- /dev/null -+++ b/tools/gcc/rap_plugin/rap_fptr_pass.c ++++ b/scripts/gcc-plugins/rap_plugin/rap_fptr_pass.c @@ -0,0 +1,220 @@ +/* + * Copyright 2012-2016 by PaX Team <pageexec@freemail.hu> @@ -169840,11 +167128,11 @@ index 0000000..2f53f14 +#define PASS_NAME rap_fptr +#define TODO_FLAGS_FINISH TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_remove_unused_locals | TODO_update_ssa | TODO_cleanup_cfg | TODO_rebuild_cgraph_edges | TODO_verify_flow +#include "gcc-generate-gimple-pass.h" -diff --git a/tools/gcc/rap_plugin/rap_hash.c b/tools/gcc/rap_plugin/rap_hash.c +diff --git a/scripts/gcc-plugins/rap_plugin/rap_hash.c b/scripts/gcc-plugins/rap_plugin/rap_hash.c new file mode 100644 index 0000000..7c59f38 --- /dev/null -+++ b/tools/gcc/rap_plugin/rap_hash.c ++++ b/scripts/gcc-plugins/rap_plugin/rap_hash.c @@ -0,0 +1,382 @@ +/* + * Copyright 2012-2016 by PaX Team <pageexec@freemail.hu> @@ -170228,11 +167516,11 @@ index 0000000..7c59f38 + gcc_assert(rap_imprecise_hashes[uid].hash); + } +} -diff --git a/tools/gcc/rap_plugin/rap_plugin.c b/tools/gcc/rap_plugin/rap_plugin.c +diff --git a/scripts/gcc-plugins/rap_plugin/rap_plugin.c b/scripts/gcc-plugins/rap_plugin/rap_plugin.c new file mode 100644 index 0000000..bca74dc --- /dev/null -+++ b/tools/gcc/rap_plugin/rap_plugin.c ++++ b/scripts/gcc-plugins/rap_plugin/rap_plugin.c @@ -0,0 +1,511 @@ +/* + * Copyright 2012-2016 by PaX Team <pageexec@freemail.hu> @@ -170745,11 +168033,11 @@ index 0000000..bca74dc + + return 0; +} -diff --git a/tools/gcc/rap_plugin/sip.c b/tools/gcc/rap_plugin/sip.c +diff --git a/scripts/gcc-plugins/rap_plugin/sip.c b/scripts/gcc-plugins/rap_plugin/sip.c new file mode 100644 index 0000000..65bc1cd --- /dev/null -+++ b/tools/gcc/rap_plugin/sip.c ++++ b/scripts/gcc-plugins/rap_plugin/sip.c @@ -0,0 +1,96 @@ +// SipHash-2-4 adapted by the PaX Team from the public domain version written by +// Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com> @@ -170847,20 +168135,20 @@ index 0000000..65bc1cd + b = v0 ^ v1 ^ v2 ^ v3; + U64TO8_LE(out, b); +} -diff --git a/tools/gcc/size_overflow_plugin/.gitignore b/tools/gcc/size_overflow_plugin/.gitignore +diff --git a/scripts/gcc-plugins/size_overflow_plugin/.gitignore b/scripts/gcc-plugins/size_overflow_plugin/.gitignore new file mode 100644 index 0000000..c4b24b9 --- /dev/null -+++ b/tools/gcc/size_overflow_plugin/.gitignore ++++ b/scripts/gcc-plugins/size_overflow_plugin/.gitignore @@ -0,0 +1,3 @@ +disable_size_overflow_hash.h +size_overflow_hash.h +size_overflow_hash_aux.h -diff --git a/tools/gcc/size_overflow_plugin/Makefile b/tools/gcc/size_overflow_plugin/Makefile +diff --git a/scripts/gcc-plugins/size_overflow_plugin/Makefile b/scripts/gcc-plugins/size_overflow_plugin/Makefile new file mode 100644 index 0000000..f74d85a --- /dev/null -+++ b/tools/gcc/size_overflow_plugin/Makefile ++++ b/scripts/gcc-plugins/size_overflow_plugin/Makefile @@ -0,0 +1,28 @@ +HOST_EXTRACXXFLAGS += $(call hostcc-option, -fno-ipa-icf) + @@ -170890,11 +168178,11 @@ index 0000000..f74d85a + $(call if_changed,build_disable_size_overflow_hash) + +targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h -diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data +diff --git a/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data b/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data new file mode 100644 index 0000000..2a420f3 --- /dev/null -+++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data ++++ b/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data @@ -0,0 +1,12444 @@ +disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL +disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL @@ -183340,11 +180628,11 @@ index 0000000..2a420f3 +enable_so_inofree_iagctl_5194 inofree iagctl 0 5194 NULL +enable_so_inofreefwd_iag_4921 inofreefwd iag 0 4921 NULL +enable_so_iagnum_iag_23227 iagnum iag 0 23227 NULL -diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh +diff --git a/scripts/gcc-plugins/size_overflow_plugin/generate_size_overflow_hash.sh b/scripts/gcc-plugins/size_overflow_plugin/generate_size_overflow_hash.sh new file mode 100644 index 0000000..be9724d --- /dev/null -+++ b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh ++++ b/scripts/gcc-plugins/size_overflow_plugin/generate_size_overflow_hash.sh @@ -0,0 +1,103 @@ +#!/bin/bash + @@ -183449,11 +180737,11 @@ index 0000000..be9724d +create_array_elements + +exit 0 -diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c b/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c +diff --git a/scripts/gcc-plugins/size_overflow_plugin/insert_size_overflow_asm.c b/scripts/gcc-plugins/size_overflow_plugin/insert_size_overflow_asm.c new file mode 100644 index 0000000..ee987da --- /dev/null -+++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c ++++ b/scripts/gcc-plugins/size_overflow_plugin/insert_size_overflow_asm.c @@ -0,0 +1,369 @@ +/* + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com> @@ -183824,11 +181112,11 @@ index 0000000..ee987da +#define TODO_FLAGS_FINISH TODO_dump_func | TODO_verify_ssa | TODO_verify_stmts | TODO_remove_unused_locals | TODO_update_ssa_no_phi | TODO_cleanup_cfg | TODO_ggc_collect | TODO_verify_flow + +#include "gcc-generate-gimple-pass.h" -diff --git a/tools/gcc/size_overflow_plugin/intentional_overflow.c b/tools/gcc/size_overflow_plugin/intentional_overflow.c +diff --git a/scripts/gcc-plugins/size_overflow_plugin/intentional_overflow.c b/scripts/gcc-plugins/size_overflow_plugin/intentional_overflow.c new file mode 100644 -index 0000000..6fcc436 +index 0000000..f29aac6 --- /dev/null -+++ b/tools/gcc/size_overflow_plugin/intentional_overflow.c ++++ b/scripts/gcc-plugins/size_overflow_plugin/intentional_overflow.c @@ -0,0 +1,1166 @@ +/* + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com> @@ -184963,7 +182251,7 @@ index 0000000..6fcc436 +{ + const_tree rhs, lhs_type, rhs_type; + const_tree def_rhs1, def_rhs2; -+ gimple def_stmt; ++ const_gimple def_stmt; + gimple def_def_stmt = NULL; + + if (!gimple_assign_cast_p(stmt)) @@ -184996,11 +182284,11 @@ index 0000000..6fcc436 + // _36 = (signed short) _35; + return def_def_stmt && gimple_assign_cast_p(def_def_stmt); +} -diff --git a/tools/gcc/size_overflow_plugin/remove_unnecessary_dup.c b/tools/gcc/size_overflow_plugin/remove_unnecessary_dup.c +diff --git a/scripts/gcc-plugins/size_overflow_plugin/remove_unnecessary_dup.c b/scripts/gcc-plugins/size_overflow_plugin/remove_unnecessary_dup.c new file mode 100644 index 0000000..c910983 --- /dev/null -+++ b/tools/gcc/size_overflow_plugin/remove_unnecessary_dup.c ++++ b/scripts/gcc-plugins/size_overflow_plugin/remove_unnecessary_dup.c @@ -0,0 +1,137 @@ +/* + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com> @@ -185139,11 +182427,11 @@ index 0000000..c910983 + } +} + -diff --git a/tools/gcc/size_overflow_plugin/size_overflow.h b/tools/gcc/size_overflow_plugin/size_overflow.h +diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow.h b/scripts/gcc-plugins/size_overflow_plugin/size_overflow.h new file mode 100644 index 0000000..4bd2e7f --- /dev/null -+++ b/tools/gcc/size_overflow_plugin/size_overflow.h ++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow.h @@ -0,0 +1,331 @@ +#ifndef SIZE_OVERFLOW_H +#define SIZE_OVERFLOW_H @@ -185476,11 +182764,11 @@ index 0000000..4bd2e7f +extern const char * __unused print_intentional_mark_name(enum intentional_mark mark); + +#endif -diff --git a/tools/gcc/size_overflow_plugin/size_overflow_debug.c b/tools/gcc/size_overflow_plugin/size_overflow_debug.c +diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_debug.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_debug.c new file mode 100644 index 0000000..4098952 --- /dev/null -+++ b/tools/gcc/size_overflow_plugin/size_overflow_debug.c ++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_debug.c @@ -0,0 +1,194 @@ +/* + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com> @@ -185676,11 +182964,11 @@ index 0000000..4098952 + + gcc_unreachable(); +} -diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data +diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash.data b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash.data new file mode 100644 index 0000000..cbb8a80 --- /dev/null -+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data ++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash.data @@ -0,0 +1,21645 @@ +enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL +enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL @@ -207327,11 +204615,11 @@ index 0000000..cbb8a80 +enable_so_write_page_nocow_fndecl_65527 write_page_nocow fndecl 2 65527 NULL +enable_so_size_mei_msg_data_65529 size mei_msg_data 0 65529 NULL +enable_so_connector_write_fndecl_65534 connector_write fndecl 3 65534 NULL -diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash_aux.data b/tools/gcc/size_overflow_plugin/size_overflow_hash_aux.data +diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash_aux.data b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash_aux.data new file mode 100644 index 0000000..17bc0d8 --- /dev/null -+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash_aux.data ++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash_aux.data @@ -0,0 +1,92 @@ +enable_so_spa_set_aux_vdevs_fndecl_746 spa_set_aux_vdevs fndecl 3 746 NULL +enable_so_zfs_lookup_fndecl_2144 zfs_lookup fndecl 0 2144 NULL @@ -207425,11 +204713,11 @@ index 0000000..17bc0d8 +enable_so_proc_copyin_string_fndecl_62019 proc_copyin_string fndecl 4 62019 NULL +enable_so_random_get_pseudo_bytes_fndecl_64611 random_get_pseudo_bytes fndecl 2 64611 NULL +enable_so_zpios_read_fndecl_64734 zpios_read fndecl 3 64734 NULL -diff --git a/tools/gcc/size_overflow_plugin/size_overflow_ipa.c b/tools/gcc/size_overflow_plugin/size_overflow_ipa.c +diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_ipa.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_ipa.c new file mode 100644 index 0000000..0a679f8 --- /dev/null -+++ b/tools/gcc/size_overflow_plugin/size_overflow_ipa.c ++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_ipa.c @@ -0,0 +1,1163 @@ +/* + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com> @@ -208594,11 +205882,11 @@ index 0000000..0a679f8 +#define NO_GATE + +#include "gcc-generate-ipa-pass.h" -diff --git a/tools/gcc/size_overflow_plugin/size_overflow_misc.c b/tools/gcc/size_overflow_plugin/size_overflow_misc.c +diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_misc.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_misc.c new file mode 100644 index 0000000..7f459ed --- /dev/null -+++ b/tools/gcc/size_overflow_plugin/size_overflow_misc.c ++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_misc.c @@ -0,0 +1,505 @@ +/* + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com> @@ -209105,11 +206393,11 @@ index 0000000..7f459ed + } +} + -diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c +diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin.c new file mode 100644 index 0000000..3f8f032 --- /dev/null -+++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c ++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin.c @@ -0,0 +1,290 @@ +/* + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com> @@ -209401,11 +206689,11 @@ index 0000000..3f8f032 + + return 0; +} -diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin_hash.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin_hash.c +diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin_hash.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin_hash.c new file mode 100644 index 0000000..87af656 --- /dev/null -+++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin_hash.c ++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin_hash.c @@ -0,0 +1,352 @@ +/* + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com> @@ -209759,11 +207047,11 @@ index 0000000..87af656 + fprintf(stderr, "Function %s is missing from the size_overflow hash table +%s+%s+%u+%u+\n", decl_name, decl_name, node->context, argnum, hash); +} + -diff --git a/tools/gcc/size_overflow_plugin/size_overflow_transform.c b/tools/gcc/size_overflow_plugin/size_overflow_transform.c +diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform.c new file mode 100644 index 0000000..eebcf4c --- /dev/null -+++ b/tools/gcc/size_overflow_plugin/size_overflow_transform.c ++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform.c @@ -0,0 +1,743 @@ +/* + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com> @@ -210508,11 +207796,11 @@ index 0000000..eebcf4c +#endif + return TODO_dump_func | TODO_verify_stmts | TODO_remove_unused_locals | TODO_update_ssa_no_phi | TODO_ggc_collect | TODO_verify_flow; +} -diff --git a/tools/gcc/size_overflow_plugin/size_overflow_transform_core.c b/tools/gcc/size_overflow_plugin/size_overflow_transform_core.c +diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform_core.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform_core.c new file mode 100644 index 0000000..062204a --- /dev/null -+++ b/tools/gcc/size_overflow_plugin/size_overflow_transform_core.c ++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform_core.c @@ -0,0 +1,1025 @@ +/* + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com> @@ -211539,11 +208827,11 @@ index 0000000..062204a + gcc_unreachable(); + } +} -diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c +diff --git a/scripts/gcc-plugins/stackleak_plugin.c b/scripts/gcc-plugins/stackleak_plugin.c new file mode 100644 index 0000000..8b69bd4 --- /dev/null -+++ b/tools/gcc/stackleak_plugin.c ++++ b/scripts/gcc-plugins/stackleak_plugin.c @@ -0,0 +1,350 @@ +/* + * Copyright 2011-2016 by the PaX Team <pageexec@freemail.hu> @@ -211895,11 +209183,11 @@ index 0000000..8b69bd4 + + return 0; +} -diff --git a/tools/gcc/structleak_plugin.c b/tools/gcc/structleak_plugin.c +diff --git a/scripts/gcc-plugins/structleak_plugin.c b/scripts/gcc-plugins/structleak_plugin.c new file mode 100644 index 0000000..d7596e6 --- /dev/null -+++ b/tools/gcc/structleak_plugin.c ++++ b/scripts/gcc-plugins/structleak_plugin.c @@ -0,0 +1,239 @@ +/* + * Copyright 2013-2016 by PaX Team <pageexec@freemail.hu> @@ -212140,6 +209428,3450 @@ index 0000000..d7596e6 + + return 0; +} +diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh +index fdebd66..a349e33 100755 +--- a/scripts/headers_install.sh ++++ b/scripts/headers_install.sh +@@ -32,6 +32,7 @@ do + FILE="$(basename "$i")" + sed -r \ + -e 's/([ \t(])(__user|__force|__iomem)[ \t]/\1/g' \ ++ -e 's/__intentional_overflow\([- \t,0-9]*\)//g' \ + -e 's/__attribute_const__([ \t]|$)/\1/g' \ + -e 's@^#include <linux/compiler.h>@@' \ + -e 's/(^|[^a-zA-Z0-9])__packed([^a-zA-Z0-9_]|$)/\1__attribute__((packed))\2/g' \ +diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c +index 8fa81e8..a9ac144 100644 +--- a/scripts/kallsyms.c ++++ b/scripts/kallsyms.c +@@ -89,7 +89,7 @@ static inline int is_arm_mapping_symbol(const char *str) + } + + static int check_symbol_range(const char *sym, unsigned long long addr, +- struct addr_range *ranges, int entries) ++ struct addr_range *ranges, size_t entries) + { + size_t i; + struct addr_range *ar; +@@ -178,7 +178,7 @@ static int read_symbol(FILE *in, struct sym_entry *s) + } + + static int symbol_in_range(struct sym_entry *s, struct addr_range *ranges, +- int entries) ++ size_t entries) + { + size_t i; + struct addr_range *ar; +diff --git a/scripts/kconfig/lkc.h b/scripts/kconfig/lkc.h +index 91ca126..5f7cad6 100644 +--- a/scripts/kconfig/lkc.h ++++ b/scripts/kconfig/lkc.h +@@ -108,7 +108,8 @@ void menu_add_expr(enum prop_type type, struct expr *expr, struct expr *dep); + void menu_add_symbol(enum prop_type type, struct symbol *sym, struct expr *dep); + void menu_add_option(int token, char *arg); + void menu_finalize(struct menu *parent); +-void menu_set_type(int type); ++enum symbol_type; ++void menu_set_type(enum symbol_type type); + + /* util.c */ + struct file *file_lookup(const char *name); +@@ -123,7 +124,7 @@ struct gstr { + * when max_width is not zero long lines in string s (if any) get + * wrapped not to exceed the max_width value + */ +- int max_width; ++ size_t max_width; + }; + struct gstr str_new(void); + void str_free(struct gstr *gs); +diff --git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c +index aed678e..1a703de 100644 +--- a/scripts/kconfig/menu.c ++++ b/scripts/kconfig/menu.c +@@ -109,7 +109,7 @@ void menu_add_dep(struct expr *dep) + current_entry->dep = expr_alloc_and(current_entry->dep, menu_check_dep(dep)); + } + +-void menu_set_type(int type) ++void menu_set_type(enum symbol_type type) + { + struct symbol *sym = current_entry->sym; + +diff --git a/scripts/kconfig/symbol.c b/scripts/kconfig/symbol.c +index 25cf0c2..eb178ce 100644 +--- a/scripts/kconfig/symbol.c ++++ b/scripts/kconfig/symbol.c +@@ -956,7 +956,7 @@ const char *sym_escape_string_value(const char *in) + + struct sym_match { + struct symbol *sym; +- off_t so, eo; ++ regoff_t so, eo; + }; + + /* Compare matched symbols as thus: +@@ -978,8 +978,8 @@ static int sym_rel_comp(const void *sym1, const void *sym2) + * exactly; if this is the case, we can't decide which comes first, + * and we fallback to sorting alphabetically. + */ +- exact1 = (s1->eo - s1->so) == strlen(s1->sym->name); +- exact2 = (s2->eo - s2->so) == strlen(s2->sym->name); ++ exact1 = (s1->eo - s1->so) == (long)strlen(s1->sym->name); ++ exact2 = (s2->eo - s2->so) == (long)strlen(s2->sym->name); + if (exact1 && !exact2) + return -1; + if (!exact1 && exact2) +diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh +index ba6c34e..ea10bce 100755 +--- a/scripts/link-vmlinux.sh ++++ b/scripts/link-vmlinux.sh +@@ -179,7 +179,7 @@ else + fi; + + # final build of init/ +-${MAKE} -f "${srctree}/scripts/Makefile.build" obj=init ++${MAKE} -f "${srctree}/scripts/Makefile.build" obj=init GCC_PLUGINS_CFLAGS="${GCC_PLUGINS_CFLAGS}" GCC_PLUGINS_AFLAGS="${GCC_PLUGINS_AFLAGS}" + + kallsymso="" + kallsyms_vmlinux="" +diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c +index a915507..27c1b41 100644 +--- a/scripts/mod/file2alias.c ++++ b/scripts/mod/file2alias.c +@@ -156,7 +156,7 @@ static void device_id_check(const char *modname, const char *device_id, + unsigned long size, unsigned long id_size, + void *symval) + { +- int i; ++ unsigned int i; + + if (size % id_size || size < id_size) { + fatal("%s: sizeof(struct %s_device_id)=%lu is not a modulo " +@@ -185,7 +185,7 @@ static void device_id_check(const char *modname, const char *device_id, + /* USB is special because the bcdDevice can be matched against a numeric range */ + /* Looks like "usb:vNpNdNdcNdscNdpNicNiscNipNinN" */ + static void do_usb_entry(void *symval, +- unsigned int bcdDevice_initial, int bcdDevice_initial_digits, ++ unsigned int bcdDevice_initial, unsigned int bcdDevice_initial_digits, + unsigned char range_lo, unsigned char range_hi, + unsigned char max, struct module *mod) + { +@@ -295,7 +295,7 @@ static void do_usb_entry_multi(void *symval, struct module *mod) + { + unsigned int devlo, devhi; + unsigned char chi, clo, max; +- int ndigits; ++ unsigned int ndigits; + + DEF_FIELD(symval, usb_device_id, match_flags); + DEF_FIELD(symval, usb_device_id, idVendor); +@@ -619,7 +619,7 @@ static void do_pnp_device_entry(void *symval, unsigned long size, + for (i = 0; i < count; i++) { + DEF_FIELD_ADDR(symval + i*id_size, pnp_device_id, id); + char acpi_id[sizeof(*id)]; +- int j; ++ unsigned int j; + + buf_printf(&mod->dev_table_buf, + "MODULE_ALIAS(\"pnp:d%s*\");\n", *id); +@@ -648,7 +648,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size, + + for (j = 0; j < PNP_MAX_DEVICES; j++) { + const char *id = (char *)(*devs)[j].id; +- int i2, j2; ++ unsigned int i2, j2; + int dup = 0; + + if (!id[0]) +@@ -674,7 +674,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size, + /* add an individual alias for every device entry */ + if (!dup) { + char acpi_id[PNP_ID_LEN]; +- int k; ++ unsigned int k; + + buf_printf(&mod->dev_table_buf, + "MODULE_ALIAS(\"pnp:d%s*\");\n", id); +@@ -999,7 +999,7 @@ static void dmi_ascii_filter(char *d, const char *s) + static int do_dmi_entry(const char *filename, void *symval, + char *alias) + { +- int i, j; ++ unsigned int i, j; + DEF_FIELD_ADDR(symval, dmi_system_id, matches); + sprintf(alias, "dmi*"); + +diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c +index 48958d3..d5ccb52 100644 +--- a/scripts/mod/modpost.c ++++ b/scripts/mod/modpost.c +@@ -37,6 +37,7 @@ static int vmlinux_section_warnings = 1; + static int warn_unresolved = 0; + /* How a symbol is exported */ + static int sec_mismatch_count = 0; ++static int writable_fptr_count = 0; + static int sec_mismatch_verbose = 1; + static int sec_mismatch_fatal = 0; + /* ignore missing files */ +@@ -947,6 +948,7 @@ enum mismatch { + ANY_EXIT_TO_ANY_INIT, + EXPORT_TO_INIT_EXIT, + EXTABLE_TO_NON_TEXT, ++ DATA_TO_TEXT + }; + + /** +@@ -1073,6 +1075,12 @@ static const struct sectioncheck sectioncheck[] = { + .good_tosec = {ALL_TEXT_SECTIONS , NULL}, + .mismatch = EXTABLE_TO_NON_TEXT, + .handler = extable_mismatch_handler, ++}, ++/* Do not reference code from writable data */ ++{ ++ .fromsec = { DATA_SECTIONS, NULL }, ++ .bad_tosec = { ALL_TEXT_SECTIONS, NULL }, ++ .mismatch = DATA_TO_TEXT + } + }; + +@@ -1222,10 +1230,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, + continue; + if (ELF_ST_TYPE(sym->st_info) == STT_SECTION) + continue; +- if (sym->st_value == addr) +- return sym; + /* Find a symbol nearby - addr are maybe negative */ + d = sym->st_value - addr; ++ if (d == 0) ++ return sym; + if (d < 0) + d = addr - sym->st_value; + if (d < distance) { +@@ -1384,7 +1392,11 @@ static void report_sec_mismatch(const char *modname, + char *prl_from; + char *prl_to; + +- sec_mismatch_count++; ++ if (mismatch->mismatch == DATA_TO_TEXT) ++ writable_fptr_count++; ++ else ++ sec_mismatch_count++; ++ + if (!sec_mismatch_verbose) + return; + +@@ -1508,6 +1520,14 @@ static void report_sec_mismatch(const char *modname, + fatal("There's a special handler for this mismatch type, " + "we should never get here."); + break; ++ case DATA_TO_TEXT: ++#if 0 ++ fprintf(stderr, ++ "The %s %s:%s references\n" ++ "the %s %s:%s%s\n", ++ from, fromsec, fromsym, to, tosec, tosym, to_p); ++#endif ++ break; + } + fprintf(stderr, "\n"); + } +@@ -1897,7 +1917,7 @@ static void section_rel(const char *modname, struct elf_info *elf, + static void check_sec_ref(struct module *mod, const char *modname, + struct elf_info *elf) + { +- int i; ++ unsigned int i; + Elf_Shdr *sechdrs = elf->sechdrs; + + /* Walk through all sections */ +@@ -2028,7 +2048,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf, + va_end(ap); + } + +-void buf_write(struct buffer *buf, const char *s, int len) ++void buf_write(struct buffer *buf, const char *s, unsigned int len) + { + if (buf->size - buf->pos < len) { + buf->size += len + SZ; +@@ -2258,7 +2278,7 @@ static void write_if_changed(struct buffer *b, const char *fname) + if (fstat(fileno(file), &st) < 0) + goto close_write; + +- if (st.st_size != b->pos) ++ if (st.st_size != (off_t)b->pos) + goto close_write; + + tmp = NOFAIL(malloc(b->pos)); +@@ -2496,6 +2516,14 @@ int main(int argc, char **argv) + "Set CONFIG_SECTION_MISMATCH_WARN_ONLY=y to allow them.\n"); + } + } ++ if (writable_fptr_count) { ++ if (!sec_mismatch_verbose) { ++ warn("modpost: Found %d writable function pointer(s).\n" ++ "To see full details build your kernel with:\n" ++ "'make CONFIG_DEBUG_SECTION_MISMATCH=y'\n", ++ writable_fptr_count); ++ } ++ } + + return err; + } +diff --git a/scripts/mod/modpost.h b/scripts/mod/modpost.h +index 6a5e151..f2fbaf5 100644 +--- a/scripts/mod/modpost.h ++++ b/scripts/mod/modpost.h +@@ -98,15 +98,15 @@ void *do_nofail(void *ptr, const char *expr); + + struct buffer { + char *p; +- int pos; +- int size; ++ unsigned int pos; ++ unsigned int size; + }; + + void __attribute__((format(printf, 2, 3))) + buf_printf(struct buffer *buf, const char *fmt, ...); + + void +-buf_write(struct buffer *buf, const char *s, int len); ++buf_write(struct buffer *buf, const char *s, unsigned int len); + + struct module { + struct module *next; +diff --git a/scripts/mod/sumversion.c b/scripts/mod/sumversion.c +index 944418d..15291e4 100644 +--- a/scripts/mod/sumversion.c ++++ b/scripts/mod/sumversion.c +@@ -470,7 +470,7 @@ static void write_version(const char *filename, const char *sum, + goto out; + } + +- if (write(fd, sum, strlen(sum)+1) != strlen(sum)+1) { ++ if (write(fd, sum, strlen(sum)+1) != (ssize_t)strlen(sum)+1) { + warn("writing sum in %s failed: %s\n", + filename, strerror(errno)); + goto out; +diff --git a/scripts/module-common.lds b/scripts/module-common.lds +index 73a2c7d..df11b31 100644 +--- a/scripts/module-common.lds ++++ b/scripts/module-common.lds +@@ -6,6 +6,10 @@ + SECTIONS { + /DISCARD/ : { *(.discard) } + ++ .rodata 0: { ++ *(.rodata) *(.rodata.*) ++ *(.data..read_only) ++ } + __ksymtab 0 : { *(SORT(___ksymtab+*)) } + __ksymtab_gpl 0 : { *(SORT(___ksymtab_gpl+*)) } + __ksymtab_unused 0 : { *(SORT(___ksymtab_unused+*)) } +diff --git a/scripts/package/Makefile b/scripts/package/Makefile +index c2c7389..81b8117 100644 +--- a/scripts/package/Makefile ++++ b/scripts/package/Makefile +@@ -40,7 +40,7 @@ if test "$(objtree)" != "$(srctree)"; then \ + fi ; \ + $(srctree)/scripts/setlocalversion --save-scmversion; \ + ln -sf $(srctree) $(2); \ +-tar -cz $(RCS_TAR_IGNORE) -f $(2).tar.gz \ ++tar --owner=root --group=root -cz $(RCS_TAR_IGNORE) -f $(2).tar.gz \ + $(addprefix $(2)/,$(TAR_CONTENT) $(3)); \ + rm -f $(2) $(objtree)/.scmversion + +diff --git a/scripts/package/builddeb b/scripts/package/builddeb +index 6c3b038..4bac93f 100755 +--- a/scripts/package/builddeb ++++ b/scripts/package/builddeb +@@ -326,6 +326,7 @@ fi + (cd $srctree; find arch/$SRCARCH -name module.lds -o -name Kbuild.platforms -o -name Platform) >> "$objtree/debian/hdrsrcfiles" + (cd $srctree; find $(find arch/$SRCARCH -name include -o -name scripts -type d) -type f) >> "$objtree/debian/hdrsrcfiles" + (cd $objtree; find arch/$SRCARCH/include Module.symvers include scripts -type f) >> "$objtree/debian/hdrobjfiles" ++(cd $objtree; find scripts/gcc-plugins -name \*.so -o -name gcc-common.h) >> "$objtree/debian/hdrobjfiles" + destdir=$kernel_headers_dir/usr/src/linux-headers-$version + mkdir -p "$destdir" + (cd $srctree; tar -c -f - -T -) < "$objtree/debian/hdrsrcfiles" | (cd $destdir; tar -xf -) +diff --git a/scripts/package/mkspec b/scripts/package/mkspec +index fe44d68..3874acb 100755 +--- a/scripts/package/mkspec ++++ b/scripts/package/mkspec +@@ -120,29 +120,40 @@ echo 'rm -f $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE/{build,source}" + echo "mkdir -p "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE" + echo "EXCLUDES=\"$RCS_TAR_IGNORE --exclude .tmp_versions --exclude=*vmlinux* --exclude=*.o --exclude=*.ko --exclude=*.cmd --exclude=Documentation --exclude=firmware --exclude .config.old --exclude .missing-syscalls.d\"" + echo "tar "'$EXCLUDES'" -cf- . | (cd "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE;tar xvf -)" +-echo 'cd $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE" +-echo "ln -sf /usr/src/kernels/$KERNELRELEASE build" +-echo "ln -sf /usr/src/kernels/$KERNELRELEASE source" + fi + + echo "" + echo "%clean" + echo 'rm -rf $RPM_BUILD_ROOT' + echo "" ++echo "%pre" ++echo 'chmod -f 0500 /boot' ++echo 'if [ -d /lib/modules ]; then' ++echo 'chmod -f 0500 /lib/modules' ++echo 'fi' ++echo 'if [ -d /lib32/modules ]; then' ++echo 'chmod -f 0500 /lib32/modules' ++echo 'fi' ++echo 'if [ -d /lib64/modules ]; then' ++echo 'chmod -f 0500 /lib64/modules' ++echo 'fi' ++echo "" ++echo "%post devel" ++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/build" ++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/source" ++echo "" + echo "%post" +-echo "if [ -x /sbin/installkernel -a -r /boot/vmlinuz-$KERNELRELEASE -a -r /boot/System.map-$KERNELRELEASE ]; then" +-echo "cp /boot/vmlinuz-$KERNELRELEASE /boot/.vmlinuz-$KERNELRELEASE-rpm" +-echo "cp /boot/System.map-$KERNELRELEASE /boot/.System.map-$KERNELRELEASE-rpm" +-echo "rm -f /boot/vmlinuz-$KERNELRELEASE /boot/System.map-$KERNELRELEASE" +-echo "/sbin/installkernel $KERNELRELEASE /boot/.vmlinuz-$KERNELRELEASE-rpm /boot/.System.map-$KERNELRELEASE-rpm" +-echo "rm -f /boot/.vmlinuz-$KERNELRELEASE-rpm /boot/.System.map-$KERNELRELEASE-rpm" ++echo "if [ -x /sbin/dracut ]; then" ++echo '/sbin/new-kernel-pkg --dracut --mkinitrd --depmod --install --make-default '"$KERNELRELEASE"' || exit $?' ++echo "else" ++echo '/sbin/new-kernel-pkg --mkinitrd --depmod --install --make-default '"$KERNELRELEASE"' || exit $?' + echo "fi" + echo "" + echo "%files" +-echo '%defattr (-, root, root)' +-echo "/lib/modules/$KERNELRELEASE" ++echo '%defattr (400, root, root, 500)' + echo "%exclude /lib/modules/$KERNELRELEASE/build" + echo "%exclude /lib/modules/$KERNELRELEASE/source" ++echo "/lib/modules/$KERNELRELEASE" + echo "/lib/firmware/$KERNELRELEASE" + echo "/boot/*" + echo "" +@@ -152,9 +163,11 @@ echo "/usr/include" + echo "" + if ! $PREBUILT; then + echo "%files devel" +-echo '%defattr (-, root, root)' ++echo '%defattr (400, root, root, 500)' ++echo "%dir /lib/modules/$KERNELRELEASE" + echo "/usr/src/kernels/$KERNELRELEASE" +-echo "/lib/modules/$KERNELRELEASE/build" +-echo "/lib/modules/$KERNELRELEASE/source" ++echo "%attr (500, root, root) /usr/src/kernels/$KERNELRELEASE/scripts/recordmcount" ++echo "%attr (500, root, root) /usr/src/kernels/$KERNELRELEASE/scripts/basic/fixdep" ++echo "%attr (500, root, root) /usr/src/kernels/$KERNELRELEASE/scripts/mod/modpost" + echo "" + fi +diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c +index 4718d78..9220d58 100644 +--- a/scripts/pnmtologo.c ++++ b/scripts/pnmtologo.c +@@ -244,14 +244,14 @@ static void write_header(void) + fprintf(out, " * Linux logo %s\n", logoname); + fputs(" */\n\n", out); + fputs("#include <linux/linux_logo.h>\n\n", out); +- fprintf(out, "static unsigned char %s_data[] __initdata = {\n", ++ fprintf(out, "static unsigned char %s_data[] = {\n", + logoname); + } + + static void write_footer(void) + { + fputs("\n};\n\n", out); +- fprintf(out, "const struct linux_logo %s __initconst = {\n", logoname); ++ fprintf(out, "const struct linux_logo %s = {\n", logoname); + fprintf(out, "\t.type\t\t= %s,\n", logo_types[logo_type]); + fprintf(out, "\t.width\t\t= %d,\n", logo_width); + fprintf(out, "\t.height\t\t= %d,\n", logo_height); +@@ -381,7 +381,7 @@ static void write_logo_clut224(void) + fputs("\n};\n\n", out); + + /* write logo clut */ +- fprintf(out, "static unsigned char %s_clut[] __initdata = {\n", ++ fprintf(out, "static unsigned char %s_clut[] = {\n", + logoname); + write_hex_cnt = 0; + for (i = 0; i < logo_clutsize; i++) { +diff --git a/scripts/sortextable.h b/scripts/sortextable.h +index ba87004..3f4852c 100644 +--- a/scripts/sortextable.h ++++ b/scripts/sortextable.h +@@ -108,9 +108,9 @@ do_func(Elf_Ehdr *ehdr, char const *const fname, table_sort_t custom_sort) + const char *secstrtab; + const char *strtab; + char *extab_image; +- int extab_index = 0; +- int i; +- int idx; ++ unsigned int extab_index = 0; ++ unsigned int i; ++ unsigned int idx; + unsigned int num_sections; + unsigned int secindex_strings; + +diff --git a/scripts/tags.sh b/scripts/tags.sh +index 23ba1c6..cad2484 100755 +--- a/scripts/tags.sh ++++ b/scripts/tags.sh +@@ -26,7 +26,7 @@ else + fi + + # ignore userspace tools +-ignore="$ignore ( -path ${tree}tools ) -prune -o" ++ignore="$ignore ( -path \"${tree}tools/[^g]*\" ) -prune -o" + + # Find all available archs + find_all_archs() +diff --git a/security/Kconfig b/security/Kconfig +index e452378..8059bd2 100644 +--- a/security/Kconfig ++++ b/security/Kconfig +@@ -4,6 +4,993 @@ + + menu "Security options" + ++menu "Grsecurity" ++ ++ config ARCH_TRACK_EXEC_LIMIT ++ bool ++ ++ config PAX_KERNEXEC_PLUGIN ++ bool ++ depends on GCC_PLUGINS ++ ++ config PAX_PER_CPU_PGD ++ bool ++ ++ config TASK_SIZE_MAX_SHIFT ++ int ++ depends on X86_64 ++ default 47 if !PAX_PER_CPU_PGD ++ default 42 if PAX_PER_CPU_PGD ++ ++ config PAX_ENABLE_PAE ++ bool ++ default y if (X86_32 && (MPENTIUM4 || MK8 || MPSC || MCORE2 || MATOM)) ++ ++ config PAX_USERCOPY_SLABS ++ bool ++ ++config GRKERNSEC ++ bool "Grsecurity" ++ select CRYPTO ++ select CRYPTO_SHA256 ++ select PROC_FS ++ select STOP_MACHINE ++ select TTY ++ select DEBUG_KERNEL ++ select DEBUG_LIST ++ select MULTIUSER ++ help ++ If you say Y here, you will be able to configure many features ++ that will enhance the security of your system. It is highly ++ recommended that you say Y here and read through the help ++ for each option so that you fully understand the features and ++ can evaluate their usefulness for your machine. ++ ++choice ++ prompt "Configuration Method" ++ depends on GRKERNSEC ++ default GRKERNSEC_CONFIG_CUSTOM ++ help ++ ++config GRKERNSEC_CONFIG_AUTO ++ bool "Automatic" ++ help ++ If you choose this configuration method, you'll be able to answer a small ++ number of simple questions about how you plan to use this kernel. ++ The settings of grsecurity and PaX will be automatically configured for ++ the highest commonly-used settings within the provided constraints. ++ ++ If you require additional configuration, custom changes can still be made ++ from the "custom configuration" menu. ++ ++config GRKERNSEC_CONFIG_CUSTOM ++ bool "Custom" ++ help ++ If you choose this configuration method, you'll be able to configure all ++ grsecurity and PaX settings manually. Via this method, no options are ++ automatically enabled. ++ ++ Take note that if menuconfig is exited with this configuration method ++ chosen, you will not be able to use the automatic configuration methods ++ without starting again with a kernel configuration with no grsecurity ++ or PaX options specified inside. ++ ++endchoice ++ ++choice ++ prompt "Usage Type" ++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO) ++ default GRKERNSEC_CONFIG_SERVER ++ help ++ ++config GRKERNSEC_CONFIG_SERVER ++ bool "Server" ++ help ++ Choose this option if you plan to use this kernel on a server. ++ ++config GRKERNSEC_CONFIG_DESKTOP ++ bool "Desktop" ++ help ++ Choose this option if you plan to use this kernel on a desktop. ++ ++endchoice ++ ++choice ++ prompt "Virtualization Type" ++ depends on (GRKERNSEC && X86 && GRKERNSEC_CONFIG_AUTO) ++ default GRKERNSEC_CONFIG_VIRT_NONE ++ help ++ ++config GRKERNSEC_CONFIG_VIRT_NONE ++ bool "None" ++ help ++ Choose this option if this kernel will be run on bare metal. ++ ++config GRKERNSEC_CONFIG_VIRT_GUEST ++ bool "Guest" ++ help ++ Choose this option if this kernel will be run as a VM guest. ++ ++config GRKERNSEC_CONFIG_VIRT_HOST ++ bool "Host" ++ help ++ Choose this option if this kernel will be run as a VM host. ++ ++endchoice ++ ++choice ++ prompt "Virtualization Hardware" ++ depends on (GRKERNSEC && X86 && GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_GUEST || GRKERNSEC_CONFIG_VIRT_HOST)) ++ help ++ ++config GRKERNSEC_CONFIG_VIRT_EPT ++ bool "EPT/RVI Processor Support" ++ depends on X86 ++ help ++ Choose this option if your CPU supports the EPT or RVI features of 2nd-gen ++ hardware virtualization. This allows for additional kernel hardening protections ++ to operate without additional performance impact. ++ ++ To see if your Intel processor supports EPT, see: ++ http://ark.intel.com/Products/VirtualizationTechnology ++ (Most Core i3/5/7 support EPT) ++ ++ To see if your AMD processor supports RVI, see: ++ http://support.amd.com/us/kbarticles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx ++ ++config GRKERNSEC_CONFIG_VIRT_SOFT ++ bool "First-gen/No Hardware Virtualization" ++ help ++ Choose this option if you use an Atom/Pentium/Core 2 processor that either doesn't ++ support hardware virtualization or doesn't support the EPT/RVI extensions. ++ ++endchoice ++ ++choice ++ prompt "Virtualization Software" ++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_GUEST || GRKERNSEC_CONFIG_VIRT_HOST)) ++ help ++ ++config GRKERNSEC_CONFIG_VIRT_XEN ++ bool "Xen" ++ help ++ Choose this option if this kernel is running as a Xen guest or host. ++ ++config GRKERNSEC_CONFIG_VIRT_VMWARE ++ bool "VMWare" ++ help ++ Choose this option if this kernel is running as a VMWare guest or host. ++ ++config GRKERNSEC_CONFIG_VIRT_KVM ++ bool "KVM" ++ help ++ Choose this option if this kernel is running as a KVM guest or host. ++ ++config GRKERNSEC_CONFIG_VIRT_VIRTUALBOX ++ bool "VirtualBox" ++ help ++ Choose this option if this kernel is running as a VirtualBox guest or host. ++ ++config GRKERNSEC_CONFIG_VIRT_HYPERV ++ bool "Hyper-V" ++ help ++ Choose this option if this kernel is running as a Hyper-V guest. ++ ++endchoice ++ ++choice ++ prompt "Required Priorities" ++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO) ++ default GRKERNSEC_CONFIG_PRIORITY_PERF ++ help ++ ++config GRKERNSEC_CONFIG_PRIORITY_PERF ++ bool "Performance" ++ help ++ Choose this option if performance is of highest priority for this deployment ++ of grsecurity. Features like UDEREF on a 64bit kernel, kernel stack clearing, ++ clearing of structures intended for userland, and freed memory sanitizing will ++ be disabled. ++ ++config GRKERNSEC_CONFIG_PRIORITY_SECURITY ++ bool "Security" ++ help ++ Choose this option if security is of highest priority for this deployment of ++ grsecurity. UDEREF, kernel stack clearing, clearing of structures intended ++ for userland, and freed memory sanitizing will be enabled for this kernel. ++ In a worst-case scenario, these features can introduce a 20% performance hit ++ (UDEREF on x64 contributing half of this hit). ++ ++endchoice ++ ++menu "Default Special Groups" ++depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO) ++ ++config GRKERNSEC_PROC_GID ++ int "GID exempted from /proc restrictions" ++ default 1001 ++ help ++ Setting this GID determines which group will be exempted from ++ grsecurity's /proc restrictions, allowing users of the specified ++ group to view network statistics and the existence of other users' ++ processes on the system. This GID may also be chosen at boot time ++ via "grsec_proc_gid=" on the kernel commandline. ++ ++config GRKERNSEC_TPE_UNTRUSTED_GID ++ int "GID for TPE-untrusted users" ++ depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT ++ default 1005 ++ help ++ Setting this GID determines which group untrusted users should ++ be added to. These users will be placed under grsecurity's Trusted Path ++ Execution mechanism, preventing them from executing their own binaries. ++ The users will only be able to execute binaries in directories owned and ++ writable only by the root user. If the sysctl option is enabled, a sysctl ++ option with name "tpe_gid" is created. ++ ++config GRKERNSEC_TPE_TRUSTED_GID ++ int "GID for TPE-trusted users" ++ depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT ++ default 1005 ++ help ++ Setting this GID determines what group TPE restrictions will be ++ *disabled* for. If the sysctl option is enabled, a sysctl option ++ with name "tpe_gid" is created. ++ ++config GRKERNSEC_SYMLINKOWN_GID ++ int "GID for users with kernel-enforced SymlinksIfOwnerMatch" ++ depends on GRKERNSEC_CONFIG_SERVER ++ default 1006 ++ help ++ Setting this GID determines what group kernel-enforced ++ SymlinksIfOwnerMatch will be enabled for. If the sysctl option ++ is enabled, a sysctl option with name "symlinkown_gid" is created. ++ ++ ++endmenu ++ ++menu "Customize Configuration" ++depends on GRKERNSEC ++ ++menu "PaX" ++ ++config PAX ++ bool "Enable various PaX features" ++ default y if GRKERNSEC_CONFIG_AUTO ++ depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS || PARISC || PPC || SPARC || X86) ++ help ++ This allows you to enable various PaX features. PaX adds ++ intrusion prevention mechanisms to the kernel that reduce ++ the risks posed by exploitable memory corruption bugs. ++ ++menu "PaX Control" ++ depends on PAX ++ ++config PAX_SOFTMODE ++ bool 'Support soft mode' ++ help ++ Enabling this option will allow you to run PaX in soft mode, that ++ is, PaX features will not be enforced by default, only on executables ++ marked explicitly. You must also enable PT_PAX_FLAGS or XATTR_PAX_FLAGS ++ support as they are the only way to mark executables for soft mode use. ++ ++ Soft mode can be activated by using the "pax_softmode=1" kernel command ++ line option on boot. Furthermore you can control various PaX features ++ at runtime via the entries in /proc/sys/kernel/pax. ++ ++config PAX_EI_PAX ++ bool 'Use legacy ELF header marking' ++ default y if GRKERNSEC_CONFIG_AUTO ++ help ++ Enabling this option will allow you to control PaX features on ++ a per executable basis via the 'chpax' utility available at ++ http://pax.grsecurity.net/. The control flags will be read from ++ an otherwise reserved part of the ELF header. This marking has ++ numerous drawbacks (no support for soft-mode, toolchain does not ++ know about the non-standard use of the ELF header) therefore it ++ has been deprecated in favour of PT_PAX_FLAGS and XATTR_PAX_FLAGS ++ support. ++ ++ Note that if you enable PT_PAX_FLAGS or XATTR_PAX_FLAGS marking ++ support as well, they will override the legacy EI_PAX marks. ++ ++ If you enable none of the marking options then all applications ++ will run with PaX enabled on them by default. ++ ++config PAX_PT_PAX_FLAGS ++ bool 'Use ELF program header marking' ++ default y if GRKERNSEC_CONFIG_AUTO ++ help ++ Enabling this option will allow you to control PaX features on ++ a per executable basis via the 'paxctl' utility available at ++ http://pax.grsecurity.net/. The control flags will be read from ++ a PaX specific ELF program header (PT_PAX_FLAGS). This marking ++ has the benefits of supporting both soft mode and being fully ++ integrated into the toolchain (the binutils patch is available ++ from http://pax.grsecurity.net). ++ ++ Note that if you enable the legacy EI_PAX marking support as well, ++ the EI_PAX marks will be overridden by the PT_PAX_FLAGS marks. ++ ++ If you enable both PT_PAX_FLAGS and XATTR_PAX_FLAGS support then you ++ must make sure that the marks are the same if a binary has both marks. ++ ++ If you enable none of the marking options then all applications ++ will run with PaX enabled on them by default. ++ ++config PAX_XATTR_PAX_FLAGS ++ bool 'Use filesystem extended attributes marking' ++ default y if GRKERNSEC_CONFIG_AUTO ++ select CIFS_XATTR if CIFS ++ select EXT2_FS_XATTR if EXT2_FS ++ select EXT3_FS_XATTR if EXT3_FS ++ select F2FS_FS_XATTR if F2FS_FS ++ select JFFS2_FS_XATTR if JFFS2_FS ++ select REISERFS_FS_XATTR if REISERFS_FS ++ select SQUASHFS_XATTR if SQUASHFS ++ select TMPFS_XATTR if TMPFS ++ help ++ Enabling this option will allow you to control PaX features on ++ a per executable basis via the 'setfattr' utility. The control ++ flags will be read from the user.pax.flags extended attribute of ++ the file. This marking has the benefit of supporting binary-only ++ applications that self-check themselves (e.g., skype) and would ++ not tolerate chpax/paxctl changes. The main drawback is that ++ extended attributes are not supported by some filesystems (e.g., ++ isofs, udf, vfat) so copying files through such filesystems will ++ lose the extended attributes and these PaX markings. ++ ++ Note that if you enable the legacy EI_PAX marking support as well, ++ the EI_PAX marks will be overridden by the XATTR_PAX_FLAGS marks. ++ ++ If you enable both PT_PAX_FLAGS and XATTR_PAX_FLAGS support then you ++ must make sure that the marks are the same if a binary has both marks. ++ ++ If you enable none of the marking options then all applications ++ will run with PaX enabled on them by default. ++ ++choice ++ prompt 'MAC system integration' ++ default PAX_HAVE_ACL_FLAGS ++ help ++ Mandatory Access Control systems have the option of controlling ++ PaX flags on a per executable basis, choose the method supported ++ by your particular system. ++ ++ - "none": if your MAC system does not interact with PaX, ++ - "direct": if your MAC system defines pax_set_initial_flags() itself, ++ - "hook": if your MAC system uses the pax_set_initial_flags_func callback. ++ ++ NOTE: this option is for developers/integrators only. ++ ++ config PAX_NO_ACL_FLAGS ++ bool 'none' ++ ++ config PAX_HAVE_ACL_FLAGS ++ bool 'direct' ++ ++ config PAX_HOOK_ACL_FLAGS ++ bool 'hook' ++endchoice ++ ++endmenu ++ ++menu "Non-executable pages" ++ depends on PAX ++ ++config PAX_NOEXEC ++ bool "Enforce non-executable pages" ++ default y if GRKERNSEC_CONFIG_AUTO ++ depends on ALPHA || (ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86 ++ help ++ By design some architectures do not allow for protecting memory ++ pages against execution or even if they do, Linux does not make ++ use of this feature. In practice this means that if a page is ++ readable (such as the stack or heap) it is also executable. ++ ++ There is a well known exploit technique that makes use of this ++ fact and a common programming mistake where an attacker can ++ introduce code of his choice somewhere in the attacked program's ++ memory (typically the stack or the heap) and then execute it. ++ ++ If the attacked program was running with different (typically ++ higher) privileges than that of the attacker, then he can elevate ++ his own privilege level (e.g. get a root shell, write to files for ++ which he does not have write access to, etc). ++ ++ Enabling this option will let you choose from various features ++ that prevent the injection and execution of 'foreign' code in ++ a program. ++ ++ This will also break programs that rely on the old behaviour and ++ expect that dynamically allocated memory via the malloc() family ++ of functions is executable (which it is not). Notable examples ++ are the XFree86 4.x server, the java runtime and wine. ++ ++config PAX_PAGEEXEC ++ bool "Paging based non-executable pages" ++ default y if GRKERNSEC_CONFIG_AUTO ++ depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MATOM || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7) ++ select ARCH_TRACK_EXEC_LIMIT if X86_32 ++ help ++ This implementation is based on the paging feature of the CPU. ++ On i386 without hardware non-executable bit support there is a ++ variable but usually low performance impact, however on Intel's ++ P4 core based CPUs it is very high so you should not enable this ++ for kernels meant to be used on such CPUs. ++ ++ On alpha, avr32, ia64, parisc, sparc, sparc64, x86_64 and i386 ++ with hardware non-executable bit support there is no performance ++ impact, on ppc the impact is negligible. ++ ++ Note that several architectures require various emulations due to ++ badly designed userland ABIs, this will cause a performance impact ++ but will disappear as soon as userland is fixed. For example, ppc ++ userland MUST have been built with secure-plt by a recent toolchain. ++ ++config PAX_SEGMEXEC ++ bool "Segmentation based non-executable pages" ++ default y if GRKERNSEC_CONFIG_AUTO ++ depends on PAX_NOEXEC && X86_32 ++ help ++ This implementation is based on the segmentation feature of the ++ CPU and has a very small performance impact, however applications ++ will be limited to a 1.5 GB address space instead of the normal ++ 3 GB. ++ ++config PAX_EMUTRAMP ++ bool "Emulate trampolines" ++ default y if PARISC || GRKERNSEC_CONFIG_AUTO ++ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86) ++ help ++ There are some programs and libraries that for one reason or ++ another attempt to execute special small code snippets from ++ non-executable memory pages. Most notable examples are the ++ signal handler return code generated by the kernel itself and ++ the GCC trampolines. ++ ++ If you enabled CONFIG_PAX_PAGEEXEC or CONFIG_PAX_SEGMEXEC then ++ such programs will no longer work under your kernel. ++ ++ As a remedy you can say Y here and use the 'chpax' or 'paxctl' ++ utilities to enable trampoline emulation for the affected programs ++ yet still have the protection provided by the non-executable pages. ++ ++ On parisc you MUST enable this option and EMUSIGRT as well, otherwise ++ your system will not even boot. ++ ++ Alternatively you can say N here and use the 'chpax' or 'paxctl' ++ utilities to disable CONFIG_PAX_PAGEEXEC and CONFIG_PAX_SEGMEXEC ++ for the affected files. ++ ++ NOTE: enabling this feature *may* open up a loophole in the ++ protection provided by non-executable pages that an attacker ++ could abuse. Therefore the best solution is to not have any ++ files on your system that would require this option. This can ++ be achieved by not using libc5 (which relies on the kernel ++ signal handler return code) and not using or rewriting programs ++ that make use of the nested function implementation of GCC. ++ Skilled users can just fix GCC itself so that it implements ++ nested function calls in a way that does not interfere with PaX. ++ ++config PAX_EMUSIGRT ++ bool "Automatically emulate sigreturn trampolines" ++ depends on PAX_EMUTRAMP && PARISC ++ default y ++ help ++ Enabling this option will have the kernel automatically detect ++ and emulate signal return trampolines executing on the stack ++ that would otherwise lead to task termination. ++ ++ This solution is intended as a temporary one for users with ++ legacy versions of libc (libc5, glibc 2.0, uClibc before 0.9.17, ++ Modula-3 runtime, etc) or executables linked to such, basically ++ everything that does not specify its own SA_RESTORER function in ++ normal executable memory like glibc 2.1+ does. ++ ++ On parisc you MUST enable this option, otherwise your system will ++ not even boot. ++ ++ NOTE: this feature cannot be disabled on a per executable basis ++ and since it *does* open up a loophole in the protection provided ++ by non-executable pages, the best solution is to not have any ++ files on your system that would require this option. ++ ++config PAX_MPROTECT ++ bool "Restrict mprotect()" ++ default y if GRKERNSEC_CONFIG_AUTO ++ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) ++ help ++ Enabling this option will prevent programs from ++ - changing the executable status of memory pages that were ++ not originally created as executable, ++ - making read-only executable pages writable again, ++ - creating executable pages from anonymous memory, ++ - making read-only-after-relocations (RELRO) data pages writable again. ++ ++ You should say Y here to complete the protection provided by ++ the enforcement of non-executable pages. ++ ++ NOTE: you can use the 'chpax' or 'paxctl' utilities to control ++ this feature on a per file basis. ++ ++config PAX_MPROTECT_COMPAT ++ bool "Use legacy/compat protection demoting (read help)" ++ depends on PAX_MPROTECT ++ default n ++ help ++ The current implementation of PAX_MPROTECT denies RWX allocations/mprotects ++ by sending the proper error code to the application. For some older ++ userland, this can cause problems with applications that assume such ++ allocations will not be prevented by PaX or SELinux and other access ++ control systems and have no fallback mechanisms. For modern distros, ++ this option should generally be set to 'N'. ++ ++config PAX_ELFRELOCS ++ bool "Allow ELF text relocations (read help)" ++ depends on PAX_MPROTECT ++ default n ++ help ++ Non-executable pages and mprotect() restrictions are effective ++ in preventing the introduction of new executable code into an ++ attacked task's address space. There remain only two venues ++ for this kind of attack: if the attacker can execute already ++ existing code in the attacked task then he can either have it ++ create and mmap() a file containing his code or have it mmap() ++ an already existing ELF library that does not have position ++ independent code in it and use mprotect() on it to make it ++ writable and copy his code there. While protecting against ++ the former approach is beyond PaX, the latter can be prevented ++ by having only PIC ELF libraries on one's system (which do not ++ need to relocate their code). If you are sure this is your case, ++ as is the case with all modern Linux distributions, then leave ++ this option disabled. You should say 'n' here. ++ ++config PAX_ETEXECRELOCS ++ bool "Allow ELF ET_EXEC text relocations" ++ depends on PAX_MPROTECT && (ALPHA || IA64 || PARISC) ++ select PAX_ELFRELOCS ++ default y ++ help ++ On some architectures there are incorrectly created applications ++ that require text relocations and would not work without enabling ++ this option. If you are an alpha, ia64 or parisc user, you should ++ enable this option and disable it once you have made sure that ++ none of your applications need it. ++ ++config PAX_EMUPLT ++ bool "Automatically emulate ELF PLT" ++ depends on PAX_MPROTECT && (ALPHA || PARISC || SPARC) ++ default y ++ help ++ Enabling this option will have the kernel automatically detect ++ and emulate the Procedure Linkage Table entries in ELF files. ++ On some architectures such entries are in writable memory, and ++ become non-executable leading to task termination. Therefore ++ it is mandatory that you enable this option on alpha, parisc, ++ sparc and sparc64, otherwise your system would not even boot. ++ ++ NOTE: this feature *does* open up a loophole in the protection ++ provided by the non-executable pages, therefore the proper ++ solution is to modify the toolchain to produce a PLT that does ++ not need to be writable. ++ ++config PAX_DLRESOLVE ++ bool 'Emulate old glibc resolver stub' ++ depends on PAX_EMUPLT && SPARC ++ default n ++ help ++ This option is needed if userland has an old glibc (before 2.4) ++ that puts a 'save' instruction into the runtime generated resolver ++ stub that needs special emulation. ++ ++config PAX_KERNEXEC ++ bool "Enforce non-executable kernel pages" ++ default y if GRKERNSEC_CONFIG_AUTO && (!X86 || GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM)) ++ depends on (X86 || (ARM && (CPU_V6 || CPU_V6K || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN ++ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE) ++ select PAX_KERNEXEC_PLUGIN if X86_64 ++ select ARM_KERNMEM_PERMS if ARM ++ help ++ This is the kernel land equivalent of PAGEEXEC and MPROTECT, ++ that is, enabling this option will make it harder to inject ++ and execute 'foreign' code in kernel memory itself. ++ ++ Note that on amd64, CONFIG_EFI enabled with "efi=old_map" on ++ the kernel command-line will result in an RWX physical map. ++ ++ Likewise, the EFI runtime services are necessarily mapped as ++ RWX. If CONFIG_EFI is enabled on an EFI-capable system, it ++ is recommended that you boot with "noefi" on the kernel ++ command-line if possible to eliminate the mapping. ++ ++choice ++ prompt "Return Address Instrumentation Method" ++ default PAX_KERNEXEC_PLUGIN_METHOD_BTS ++ depends on PAX_KERNEXEC_PLUGIN ++ help ++ Select the method used to instrument function pointer dereferences. ++ Note that binary modules cannot be instrumented by this approach. ++ ++ Note that the implementation requires a gcc with plugin support, ++ i.e., gcc 4.5 or newer. You may need to install the supporting ++ headers explicitly in addition to the normal gcc package. ++ ++ config PAX_KERNEXEC_PLUGIN_METHOD_BTS ++ bool "bts" ++ help ++ This method is compatible with binary only modules but has ++ a higher runtime overhead. ++ ++ config PAX_KERNEXEC_PLUGIN_METHOD_OR ++ bool "or" ++ depends on !PARAVIRT ++ help ++ This method is incompatible with binary only modules but has ++ a lower runtime overhead. ++endchoice ++ ++config PAX_KERNEXEC_PLUGIN_METHOD ++ string ++ default "bts" if PAX_KERNEXEC_PLUGIN_METHOD_BTS ++ default "or" if PAX_KERNEXEC_PLUGIN_METHOD_OR ++ default "" ++ ++config PAX_KERNEXEC_MODULE_TEXT ++ int "Minimum amount of memory reserved for module code" ++ default "8" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER) ++ default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP) ++ depends on PAX_KERNEXEC && X86_32 ++ help ++ Due to implementation details the kernel must reserve a fixed ++ amount of memory for runtime allocated code (such as modules) ++ at compile time that cannot be changed at runtime. Here you ++ can specify the minimum amount in MB that will be reserved. ++ Due to the same implementation details this size will always ++ be rounded up to the next 2/4 MB boundary (depends on PAE) so ++ the actually available memory for runtime allocated code will ++ usually be more than this minimum. ++ ++ The default 4 MB should be enough for most users but if you have ++ an excessive number of modules (e.g., most distribution configs ++ compile many drivers as modules) or use huge modules such as ++ nvidia's kernel driver, you will need to adjust this amount. ++ A good rule of thumb is to look at your currently loaded kernel ++ modules and add up their sizes. ++ ++endmenu ++ ++menu "Address Space Layout Randomization" ++ depends on PAX ++ ++config PAX_ASLR ++ bool "Address Space Layout Randomization" ++ default y if GRKERNSEC_CONFIG_AUTO ++ help ++ Many if not most exploit techniques rely on the knowledge of ++ certain addresses in the attacked program. The following options ++ will allow the kernel to apply a certain amount of randomization ++ to specific parts of the program thereby forcing an attacker to ++ guess them in most cases. Any failed guess will most likely crash ++ the attacked program which allows the kernel to detect such attempts ++ and react on them. PaX itself provides no reaction mechanisms, ++ instead it is strongly encouraged that you make use of grsecurity's ++ (http://www.grsecurity.net/) built-in crash detection features or ++ develop one yourself. ++ ++ By saying Y here you can choose to randomize the following areas: ++ - top of the task's kernel stack ++ - top of the task's userland stack ++ - base address for mmap() requests that do not specify one ++ (this includes all libraries) ++ - base address of the main executable ++ ++ It is strongly recommended to say Y here as address space layout ++ randomization has negligible impact on performance yet it provides ++ a very effective protection. ++ ++ NOTE: you can use the 'chpax' or 'paxctl' utilities to control ++ this feature on a per file basis. ++ ++config PAX_RANDKSTACK ++ bool "Randomize kernel stack base" ++ default y if GRKERNSEC_CONFIG_AUTO && !(GRKERNSEC_CONFIG_VIRT_HOST && GRKERNSEC_CONFIG_VIRT_VIRTUALBOX) ++ depends on X86_TSC && X86 ++ help ++ By saying Y here the kernel will randomize every task's kernel ++ stack on every system call. This will not only force an attacker ++ to guess it but also prevent him from making use of possible ++ leaked information about it. ++ ++ Since the kernel stack is a rather scarce resource, randomization ++ may cause unexpected stack overflows, therefore you should very ++ carefully test your system. Note that once enabled in the kernel ++ configuration, this feature cannot be disabled on a per file basis. ++ ++config PAX_RANDUSTACK ++ bool ++ ++config PAX_RANDMMAP ++ bool "Randomize user stack and mmap() bases" ++ default y if GRKERNSEC_CONFIG_AUTO ++ depends on PAX_ASLR ++ select PAX_RANDUSTACK ++ help ++ By saying Y here the kernel will randomize every task's userland ++ stack and use a randomized base address for mmap() requests that ++ do not specify one themselves. ++ ++ The stack randomization is done in two steps where the second ++ one may apply a big amount of shift to the top of the stack and ++ cause problems for programs that want to use lots of memory (more ++ than 2.5 GB if SEGMEXEC is not active, or 1.25 GB when it is). ++ ++ As a result of mmap randomization all dynamically loaded libraries ++ will appear at random addresses and therefore be harder to exploit ++ by a technique where an attacker attempts to execute library code ++ for his purposes (e.g. spawn a shell from an exploited program that ++ is running at an elevated privilege level). ++ ++ Furthermore, if a program is relinked as a dynamic ELF file, its ++ base address will be randomized as well, completing the full ++ randomization of the address space layout. Attacking such programs ++ becomes a guess game. You can find an example of doing this at ++ http://pax.grsecurity.net/et_dyn.tar.gz and practical samples at ++ http://www.grsecurity.net/grsec-gcc-specs.tar.gz . ++ ++ NOTE: you can use the 'chpax' or 'paxctl' utilities to control this ++ feature on a per file basis. ++ ++endmenu ++ ++menu "Miscellaneous hardening features" ++ ++config PAX_MEMORY_SANITIZE ++ bool "Sanitize all freed memory" ++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY) ++ help ++ By saying Y here the kernel will erase memory pages and slab objects ++ as soon as they are freed. This in turn reduces the lifetime of data ++ stored in them, making it less likely that sensitive information such ++ as passwords, cryptographic secrets, etc stay in memory for too long. ++ ++ This is especially useful for programs whose runtime is short, long ++ lived processes and the kernel itself benefit from this as long as ++ they ensure timely freeing of memory that may hold sensitive ++ information. ++ ++ A nice side effect of the sanitization of slab objects is the ++ reduction of possible info leaks caused by padding bytes within the ++ leaky structures. Use-after-free bugs for structures containing ++ pointers can also be detected as dereferencing the sanitized pointer ++ will generate an access violation. ++ ++ The tradeoff is performance impact, on a single CPU system kernel ++ compilation sees a 3% slowdown, other systems and workloads may vary ++ and you are advised to test this feature on your expected workload ++ before deploying it. ++ ++ The slab sanitization feature excludes a few slab caches per default ++ for performance reasons. To extend the feature to cover those as ++ well, pass "pax_sanitize_slab=full" as kernel command line parameter. ++ ++ To reduce the performance penalty by sanitizing pages only, albeit ++ limiting the effectiveness of this feature at the same time, slab ++ sanitization can be disabled with the kernel command line parameter ++ "pax_sanitize_slab=off". ++ ++ Note that this feature does not protect data stored in live pages, ++ e.g., process memory swapped to disk may stay there for a long time. ++ ++config PAX_MEMORY_STACKLEAK ++ bool "Sanitize kernel stack" ++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY) ++ depends on X86 && GCC_PLUGINS ++ help ++ By saying Y here the kernel will erase the kernel stack before it ++ returns from a system call. This in turn reduces the information ++ that a kernel stack leak bug can reveal. ++ ++ Note that such a bug can still leak information that was put on ++ the stack by the current system call (the one eventually triggering ++ the bug) but traces of earlier system calls on the kernel stack ++ cannot leak anymore. ++ ++ The tradeoff is performance impact: on a single CPU system kernel ++ compilation sees a 1% slowdown, other systems and workloads may vary ++ and you are advised to test this feature on your expected workload ++ before deploying it. ++ ++ Note that the full feature requires a gcc with plugin support, ++ i.e., gcc 4.5 or newer. You may need to install the supporting ++ headers explicitly in addition to the normal gcc package. Using ++ older gcc versions means that functions with large enough stack ++ frames may leave uninitialized memory behind that may be exposed ++ to a later syscall leaking the stack. ++ ++config PAX_MEMORY_STRUCTLEAK ++ bool "Forcibly initialize local variables copied to userland" ++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY) ++ depends on GCC_PLUGINS ++ help ++ By saying Y here the kernel will zero initialize some local ++ variables that are going to be copied to userland. This in ++ turn prevents unintended information leakage from the kernel ++ stack should later code forget to explicitly set all parts of ++ the copied variable. ++ ++ The tradeoff is less performance impact than PAX_MEMORY_STACKLEAK ++ at a much smaller coverage. ++ ++ Note that the implementation requires a gcc with plugin support, ++ i.e., gcc 4.5 or newer. You may need to install the supporting ++ headers explicitly in addition to the normal gcc package. ++ ++config PAX_MEMORY_UDEREF ++ bool "Prevent invalid userland pointer dereference" ++ default y if GRKERNSEC_CONFIG_AUTO && !(X86_64 && GRKERNSEC_CONFIG_PRIORITY_PERF) && !(X86_64 && GRKERNSEC_CONFIG_VIRT_HOST && GRKERNSEC_CONFIG_VIRT_VIRTUALBOX) && (!X86 || GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT) ++ depends on (X86 || (ARM && (CPU_V6 || CPU_V6K || CPU_V7) && !ARM_LPAE)) && !UML_X86 && !XEN ++ select PAX_PER_CPU_PGD if X86_64 ++ help ++ By saying Y here the kernel will be prevented from dereferencing ++ userland pointers in contexts where the kernel expects only kernel ++ pointers. This is both a useful runtime debugging feature and a ++ security measure that prevents exploiting a class of kernel bugs. ++ ++ The tradeoff is that some virtualization solutions may experience ++ a huge slowdown and therefore you should not enable this feature ++ for kernels meant to run in such environments. Whether a given VM ++ solution is affected or not is best determined by simply trying it ++ out, the performance impact will be obvious right on boot as this ++ mechanism engages from very early on. A good rule of thumb is that ++ VMs running on CPUs without hardware virtualization support (i.e., ++ the majority of IA-32 CPUs) will likely experience the slowdown. ++ ++ On X86_64 the kernel will make use of PCID support when available ++ (Intel's Westmere, Sandy Bridge, etc) for better security (default) ++ or performance impact. Pass pax_weakuderef on the kernel command ++ line to choose the latter. ++ ++config PAX_REFCOUNT ++ bool "Prevent various kernel object reference counter overflows" ++ default y if GRKERNSEC_CONFIG_AUTO ++ depends on GRKERNSEC && ((ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || MIPS || PPC || SPARC64 || X86) ++ help ++ By saying Y here the kernel will detect and prevent overflowing ++ various (but not all) kinds of object reference counters. Such ++ overflows can normally occur due to bugs only and are often, if ++ not always, exploitable. ++ ++ The tradeoff is that data structures protected by an overflowed ++ refcount will never be freed and therefore will leak memory. Note ++ that this leak also happens even without this protection but in ++ that case the overflow can eventually trigger the freeing of the ++ data structure while it is still being used elsewhere, resulting ++ in the exploitable situation that this feature prevents. ++ ++ Since this has a negligible performance impact, you should enable ++ this feature. ++ ++config PAX_CONSTIFY_PLUGIN ++ bool "Automatically constify eligible structures" ++ default y ++ depends on !UML && PAX_KERNEXEC ++ help ++ By saying Y here the compiler will automatically constify a class ++ of types that contain only function pointers. This reduces the ++ kernel's attack surface and also produces a better memory layout. ++ ++ Note that the implementation requires a gcc with plugin support, ++ i.e., gcc 4.5 or newer. You may need to install the supporting ++ headers explicitly in addition to the normal gcc package. ++ ++ Note that if some code really has to modify constified variables ++ then the source code will have to be patched to allow it. Examples ++ can be found in PaX itself (the no_const attribute) and for some ++ out-of-tree modules at http://www.grsecurity.net/~paxguy1/ . ++ ++config PAX_USERCOPY ++ bool "Harden heap object copies between kernel and userland" ++ default y if GRKERNSEC_CONFIG_AUTO ++ depends on ARM || IA64 || PPC || SPARC || X86 ++ depends on GRKERNSEC && (SLAB || SLUB || SLOB) ++ select PAX_USERCOPY_SLABS ++ help ++ By saying Y here the kernel will enforce the size of heap objects ++ when they are copied in either direction between the kernel and ++ userland, even if only a part of the heap object is copied. ++ ++ Specifically, this checking prevents information leaking from the ++ kernel heap during kernel to userland copies (if the kernel heap ++ object is otherwise fully initialized) and prevents kernel heap ++ overflows during userland to kernel copies. ++ ++ Note that the current implementation provides the strictest bounds ++ checks for the SLUB allocator. ++ ++ Enabling this option also enables per-slab cache protection against ++ data in a given cache being copied into/out of via userland ++ accessors. Though the whitelist of regions will be reduced over ++ time, it notably protects important data structures like task structs. ++ ++ If frame pointers are enabled on x86, this option will also restrict ++ copies into and out of the kernel stack to local variables within a ++ single frame. ++ ++ Since this has a negligible performance impact, you should enable ++ this feature. ++ ++config PAX_USERCOPY_DEBUG ++ bool ++ depends on X86 && PAX_USERCOPY ++ default n ++ ++config PAX_SIZE_OVERFLOW ++ bool "Prevent various integer overflows in function size parameters" ++ default y if GRKERNSEC_CONFIG_AUTO ++ depends on GCC_PLUGINS ++ help ++ By saying Y here the kernel recomputes expressions of function ++ arguments marked by a size_overflow attribute with double integer ++ precision (DImode/TImode for 32/64 bit integer types). ++ ++ The recomputed argument is checked against TYPE_MAX and an event ++ is logged on overflow and the triggering process is killed. ++ ++ Homepage: https://github.com/ephox-gcc-plugins ++ ++ Note that the implementation requires a gcc with plugin support, ++ i.e., gcc 4.5 or newer. You may need to install the supporting ++ headers explicitly in addition to the normal gcc package. ++ ++config PAX_LATENT_ENTROPY ++ bool "Generate some entropy during boot and runtime" ++ default y if GRKERNSEC_CONFIG_AUTO ++ depends on GCC_PLUGINS ++ help ++ By saying Y here the kernel will instrument some kernel code to ++ extract some entropy from both original and artificially created ++ program state. This will help especially embedded systems where ++ there is little 'natural' source of entropy normally. The cost ++ is some slowdown of the boot process and fork and irq processing. ++ ++ When pax_extra_latent_entropy is passed on the kernel command line, ++ entropy will be extracted from up to the first 4GB of RAM while the ++ runtime memory allocator is being initialized. This costs even more ++ slowdown of the boot process. ++ ++ Note that the implementation requires a gcc with plugin support, ++ i.e., gcc 4.5 or newer. You may need to install the supporting ++ headers explicitly in addition to the normal gcc package. ++ ++ Note that entropy extracted this way is not cryptographically ++ secure! ++ ++config PAX_RAP ++ bool "Prevent code reuse attacks" ++ depends on X86_64 ++ default y if GRKERNSEC_CONFIG_AUTO ++ help ++ By saying Y here the kernel will check indirect control transfers ++ in order to detect and prevent attacks that try to hijack control ++ flow by overwriting code pointers. ++ ++ Note that binary modules cannot be instrumented by this approach. ++ ++ Note that the implementation requires a gcc with plugin support, ++ i.e., gcc 4.5 or newer. You may need to install the supporting ++ headers explicitly in addition to the normal gcc package. ++ ++endmenu ++ ++endmenu ++ ++source grsecurity/Kconfig ++ ++endmenu ++ ++endmenu ++ + source security/keys/Kconfig + + config SECURITY_DMESG_RESTRICT +@@ -104,7 +1091,7 @@ config INTEL_TXT + config LSM_MMAP_MIN_ADDR + int "Low address space for LSM to protect from user allocation" + depends on SECURITY && SECURITY_SELINUX +- default 32768 if ARM || (ARM64 && COMPAT) ++ default 32768 if ALPHA || ARM || (ARM64 && COMPAT) || PARISC || SPARC32 + default 65536 + help + This is the portion of low virtual memory which should be protected +diff --git a/security/apparmor/file.c b/security/apparmor/file.c +index 913f377..6e392d5 100644 +--- a/security/apparmor/file.c ++++ b/security/apparmor/file.c +@@ -348,8 +348,8 @@ static inline bool xindex_is_subset(u32 link, u32 target) + int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, + struct path *new_dir, struct dentry *new_dentry) + { +- struct path link = { new_dir->mnt, new_dentry }; +- struct path target = { new_dir->mnt, old_dentry }; ++ struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry }; ++ struct path target = { .mnt = new_dir->mnt, .dentry = old_dentry }; + struct path_cond cond = { + d_backing_inode(old_dentry)->i_uid, + d_backing_inode(old_dentry)->i_mode +diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h +index c28b0f2..3b9fee0 100644 +--- a/security/apparmor/include/policy.h ++++ b/security/apparmor/include/policy.h +@@ -134,7 +134,7 @@ struct aa_namespace { + struct aa_ns_acct acct; + struct aa_profile *unconfined; + struct list_head sub_ns; +- atomic_t uniq_null; ++ atomic_unchecked_t uniq_null; + long uniq_id; + + struct dentry *dents[AAFS_NS_SIZEOF]; +diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c +index dec607c..37fe357 100644 +--- a/security/apparmor/lsm.c ++++ b/security/apparmor/lsm.c +@@ -176,7 +176,7 @@ static int common_perm_dir_dentry(int op, struct path *dir, + struct dentry *dentry, u32 mask, + struct path_cond *cond) + { +- struct path path = { dir->mnt, dentry }; ++ struct path path = { .mnt = dir->mnt, .dentry = dentry }; + + return common_perm(op, &path, mask, cond); + } +@@ -193,7 +193,7 @@ static int common_perm_dir_dentry(int op, struct path *dir, + static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, + struct dentry *dentry, u32 mask) + { +- struct path path = { mnt, dentry }; ++ struct path path = { .mnt = mnt, .dentry = dentry }; + struct path_cond cond = { d_backing_inode(dentry)->i_uid, + d_backing_inode(dentry)->i_mode + }; +@@ -315,8 +315,8 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, + + profile = aa_current_profile(); + if (!unconfined(profile)) { +- struct path old_path = { old_dir->mnt, old_dentry }; +- struct path new_path = { new_dir->mnt, new_dentry }; ++ struct path old_path = { .mnt = old_dir->mnt, .dentry = old_dentry }; ++ struct path new_path = { .mnt = new_dir->mnt, .dentry = new_dentry }; + struct path_cond cond = { d_backing_inode(old_dentry)->i_uid, + d_backing_inode(old_dentry)->i_mode + }; +@@ -677,11 +677,11 @@ static const struct kernel_param_ops param_ops_aalockpolicy = { + .get = param_get_aalockpolicy + }; + +-static int param_set_audit(const char *val, struct kernel_param *kp); +-static int param_get_audit(char *buffer, struct kernel_param *kp); ++static int param_set_audit(const char *val, const struct kernel_param *kp); ++static int param_get_audit(char *buffer, const struct kernel_param *kp); + +-static int param_set_mode(const char *val, struct kernel_param *kp); +-static int param_get_mode(char *buffer, struct kernel_param *kp); ++static int param_set_mode(const char *val, const struct kernel_param *kp); ++static int param_get_mode(char *buffer, const struct kernel_param *kp); + + /* Flag values, also controllable via /sys/module/apparmor/parameters + * We define special types as we want to do additional mediation. +@@ -791,7 +791,7 @@ static int param_get_aauint(char *buffer, const struct kernel_param *kp) + return param_get_uint(buffer, kp); + } + +-static int param_get_audit(char *buffer, struct kernel_param *kp) ++static int param_get_audit(char *buffer, const struct kernel_param *kp) + { + if (!capable(CAP_MAC_ADMIN)) + return -EPERM; +@@ -802,7 +802,7 @@ static int param_get_audit(char *buffer, struct kernel_param *kp) + return sprintf(buffer, "%s", audit_mode_names[aa_g_audit]); + } + +-static int param_set_audit(const char *val, struct kernel_param *kp) ++static int param_set_audit(const char *val, const struct kernel_param *kp) + { + int i; + if (!capable(CAP_MAC_ADMIN)) +@@ -824,7 +824,7 @@ static int param_set_audit(const char *val, struct kernel_param *kp) + return -EINVAL; + } + +-static int param_get_mode(char *buffer, struct kernel_param *kp) ++static int param_get_mode(char *buffer, const struct kernel_param *kp) + { + if (!capable(CAP_MAC_ADMIN)) + return -EPERM; +@@ -835,7 +835,7 @@ static int param_get_mode(char *buffer, struct kernel_param *kp) + return sprintf(buffer, "%s", aa_profile_mode_names[aa_g_profile_mode]); + } + +-static int param_set_mode(const char *val, struct kernel_param *kp) ++static int param_set_mode(const char *val, const struct kernel_param *kp) + { + int i; + if (!capable(CAP_MAC_ADMIN)) +diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c +index 705c287..81257f1 100644 +--- a/security/apparmor/policy.c ++++ b/security/apparmor/policy.c +@@ -298,7 +298,7 @@ static struct aa_namespace *alloc_namespace(const char *prefix, + /* ns and ns->unconfined share ns->unconfined refcount */ + ns->unconfined->ns = ns; + +- atomic_set(&ns->uniq_null, 0); ++ atomic_set_unchecked(&ns->uniq_null, 0); + + return ns; + +@@ -689,7 +689,7 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat) + { + struct aa_profile *profile = NULL; + char *name; +- int uniq = atomic_inc_return(&parent->ns->uniq_null); ++ int uniq = atomic_inc_return_unchecked(&parent->ns->uniq_null); + + /* freed below */ + name = kmalloc(strlen(parent->base.hname) + 2 + 7 + 8, GFP_KERNEL); +diff --git a/security/commoncap.c b/security/commoncap.c +index 48071ed..b805e0f 100644 +--- a/security/commoncap.c ++++ b/security/commoncap.c +@@ -438,6 +438,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data + return 0; + } + ++/* returns: ++ 1 for suid privilege ++ 2 for sgid privilege ++ 3 for fscap privilege ++*/ ++int is_privileged_binary(const struct dentry *dentry) ++{ ++ struct cpu_vfs_cap_data capdata; ++ struct inode *inode = dentry->d_inode; ++ ++ if (!inode || S_ISDIR(inode->i_mode)) ++ return 0; ++ ++ if (inode->i_mode & S_ISUID) ++ return 1; ++ if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) ++ return 2; ++ ++ if (!get_vfs_caps_from_disk(dentry, &capdata)) { ++ if (!cap_isclear(capdata.inheritable) || !cap_isclear(capdata.permitted)) ++ return 3; ++ } ++ ++ return 0; ++} ++ + /* + * Attempt to get the on-exec apply capability sets for an executable file from + * its xattrs and, if present, apply them to the proposed credentials being +@@ -628,6 +654,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) + const struct cred *cred = current_cred(); + kuid_t root_uid = make_kuid(cred->user_ns, 0); + ++ if (gr_acl_enable_at_secure()) ++ return 1; ++ + if (!uid_eq(cred->uid, root_uid)) { + if (bprm->cap_effective) + return 1; +diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h +index 585af61..b7d35ff 100644 +--- a/security/integrity/ima/ima.h ++++ b/security/integrity/ima/ima.h +@@ -125,8 +125,8 @@ int ima_init_template(void); + extern spinlock_t ima_queue_lock; + + struct ima_h_table { +- atomic_long_t len; /* number of stored measurements in the list */ +- atomic_long_t violations; ++ atomic_long_unchecked_t len; /* number of stored measurements in the list */ ++ atomic_long_unchecked_t violations; + struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE]; + }; + extern struct ima_h_table ima_htable; +diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c +index 1d950fb..a8f4eab 100644 +--- a/security/integrity/ima/ima_api.c ++++ b/security/integrity/ima/ima_api.c +@@ -137,7 +137,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, + int result; + + /* can overflow, only indicator */ +- atomic_long_inc(&ima_htable.violations); ++ atomic_long_inc_unchecked(&ima_htable.violations); + + result = ima_alloc_init_template(&event_data, &entry); + if (result < 0) { +diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c +index f355231..c71f640 100644 +--- a/security/integrity/ima/ima_fs.c ++++ b/security/integrity/ima/ima_fs.c +@@ -30,12 +30,12 @@ static DEFINE_MUTEX(ima_write_mutex); + static int valid_policy = 1; + #define TMPBUFLEN 12 + static ssize_t ima_show_htable_value(char __user *buf, size_t count, +- loff_t *ppos, atomic_long_t *val) ++ loff_t *ppos, atomic_long_unchecked_t *val) + { + char tmpbuf[TMPBUFLEN]; + ssize_t len; + +- len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read(val)); ++ len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read_unchecked(val)); + return simple_read_from_buffer(buf, count, ppos, tmpbuf, len); + } + +diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c +index 552705d..9920f4fb 100644 +--- a/security/integrity/ima/ima_queue.c ++++ b/security/integrity/ima/ima_queue.c +@@ -83,7 +83,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry) + INIT_LIST_HEAD(&qe->later); + list_add_tail_rcu(&qe->later, &ima_measurements); + +- atomic_long_inc(&ima_htable.len); ++ atomic_long_inc_unchecked(&ima_htable.len); + key = ima_hash_key(entry->digest); + hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]); + return 0; +diff --git a/security/keys/internal.h b/security/keys/internal.h +index 5105c2c..a5010e6 100644 +--- a/security/keys/internal.h ++++ b/security/keys/internal.h +@@ -90,12 +90,16 @@ extern void key_type_put(struct key_type *ktype); + + extern int __key_link_begin(struct key *keyring, + const struct keyring_index_key *index_key, +- struct assoc_array_edit **_edit); ++ struct assoc_array_edit **_edit) ++ __acquires(&keyring->sem) ++ __acquires(&keyring_serialise_link_sem); + extern int __key_link_check_live_key(struct key *keyring, struct key *key); + extern void __key_link(struct key *key, struct assoc_array_edit **_edit); + extern void __key_link_end(struct key *keyring, + const struct keyring_index_key *index_key, +- struct assoc_array_edit *edit); ++ struct assoc_array_edit *edit) ++ __releases(&keyring->sem) ++ __releases(&keyring_serialise_link_sem); + + extern key_ref_t find_key_to_update(key_ref_t keyring_ref, + const struct keyring_index_key *index_key); +@@ -191,7 +195,7 @@ struct request_key_auth { + void *callout_info; + size_t callout_len; + pid_t pid; +-}; ++} __randomize_layout; + + extern struct key_type key_type_request_key_auth; + extern struct key *request_key_auth_new(struct key *target, +diff --git a/security/keys/key.c b/security/keys/key.c +index 09ef276..ab2894f 100644 +--- a/security/keys/key.c ++++ b/security/keys/key.c +@@ -283,7 +283,7 @@ struct key *key_alloc(struct key_type *type, const char *desc, + + atomic_set(&key->usage, 1); + init_rwsem(&key->sem); +- lockdep_set_class(&key->sem, &type->lock_class); ++ lockdep_set_class(&key->sem, (struct lock_class_key *)&type->lock_class); + key->index_key.type = type; + key->user = user; + key->quotalen = quotalen; +@@ -1077,7 +1077,9 @@ int register_key_type(struct key_type *ktype) + struct key_type *p; + int ret; + +- memset(&ktype->lock_class, 0, sizeof(ktype->lock_class)); ++ pax_open_kernel(); ++ memset((void *)&ktype->lock_class, 0, sizeof(ktype->lock_class)); ++ pax_close_kernel(); + + ret = -EEXIST; + down_write(&key_types_sem); +@@ -1089,7 +1091,7 @@ int register_key_type(struct key_type *ktype) + } + + /* store the type */ +- list_add(&ktype->link, &key_types_list); ++ pax_list_add((struct list_head *)&ktype->link, &key_types_list); + + pr_notice("Key type %s registered\n", ktype->name); + ret = 0; +@@ -1111,7 +1113,7 @@ EXPORT_SYMBOL(register_key_type); + void unregister_key_type(struct key_type *ktype) + { + down_write(&key_types_sem); +- list_del_init(&ktype->link); ++ pax_list_del_init((struct list_head *)&ktype->link); + downgrade_write(&key_types_sem); + key_gc_keytype(ktype); + pr_notice("Key type %s unregistered\n", ktype->name); +@@ -1129,10 +1131,10 @@ void __init key_init(void) + 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); + + /* add the special key types */ +- list_add_tail(&key_type_keyring.link, &key_types_list); +- list_add_tail(&key_type_dead.link, &key_types_list); +- list_add_tail(&key_type_user.link, &key_types_list); +- list_add_tail(&key_type_logon.link, &key_types_list); ++ pax_list_add_tail((struct list_head *)&key_type_keyring.link, &key_types_list); ++ pax_list_add_tail((struct list_head *)&key_type_dead.link, &key_types_list); ++ pax_list_add_tail((struct list_head *)&key_type_user.link, &key_types_list); ++ pax_list_add_tail((struct list_head *)&key_type_logon.link, &key_types_list); + + /* record the root user tracking */ + rb_link_node(&root_key_user.node, +diff --git a/security/keys/keyring.c b/security/keys/keyring.c +index f931ccf..ed9cd36 100644 +--- a/security/keys/keyring.c ++++ b/security/keys/keyring.c +@@ -1071,8 +1071,6 @@ static int keyring_detect_cycle(struct key *A, struct key *B) + int __key_link_begin(struct key *keyring, + const struct keyring_index_key *index_key, + struct assoc_array_edit **_edit) +- __acquires(&keyring->sem) +- __acquires(&keyring_serialise_link_sem) + { + struct assoc_array_edit *edit; + int ret; +@@ -1172,8 +1170,6 @@ void __key_link(struct key *key, struct assoc_array_edit **_edit) + void __key_link_end(struct key *keyring, + const struct keyring_index_key *index_key, + struct assoc_array_edit *edit) +- __releases(&keyring->sem) +- __releases(&keyring_serialise_link_sem) + { + BUG_ON(index_key->type == NULL); + kenter("%d,%s,", keyring->serial, index_key->type->name); +diff --git a/security/min_addr.c b/security/min_addr.c +index f728728..6457a0c 100644 +--- a/security/min_addr.c ++++ b/security/min_addr.c +@@ -14,6 +14,7 @@ unsigned long dac_mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR; + */ + static void update_mmap_min_addr(void) + { ++#ifndef SPARC + #ifdef CONFIG_LSM_MMAP_MIN_ADDR + if (dac_mmap_min_addr > CONFIG_LSM_MMAP_MIN_ADDR) + mmap_min_addr = dac_mmap_min_addr; +@@ -22,6 +23,7 @@ static void update_mmap_min_addr(void) + #else + mmap_min_addr = dac_mmap_min_addr; + #endif ++#endif + } + + /* +diff --git a/security/selinux/avc.c b/security/selinux/avc.c +index e60c79d..41fb721 100644 +--- a/security/selinux/avc.c ++++ b/security/selinux/avc.c +@@ -71,7 +71,7 @@ struct avc_xperms_node { + struct avc_cache { + struct hlist_head slots[AVC_CACHE_SLOTS]; /* head for avc_node->list */ + spinlock_t slots_lock[AVC_CACHE_SLOTS]; /* lock for writes */ +- atomic_t lru_hint; /* LRU hint for reclaim scan */ ++ atomic_unchecked_t lru_hint; /* LRU hint for reclaim scan */ + atomic_t active_nodes; + u32 latest_notif; /* latest revocation notification */ + }; +@@ -183,7 +183,7 @@ void __init avc_init(void) + spin_lock_init(&avc_cache.slots_lock[i]); + } + atomic_set(&avc_cache.active_nodes, 0); +- atomic_set(&avc_cache.lru_hint, 0); ++ atomic_set_unchecked(&avc_cache.lru_hint, 0); + + avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node), + 0, SLAB_PANIC, NULL); +@@ -521,7 +521,7 @@ static inline int avc_reclaim_node(void) + spinlock_t *lock; + + for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) { +- hvalue = atomic_inc_return(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1); ++ hvalue = atomic_inc_return_unchecked(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1); + head = &avc_cache.slots[hvalue]; + lock = &avc_cache.slots_lock[hvalue]; + +diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h +index 1450f85..a91e0bc 100644 +--- a/security/selinux/include/xfrm.h ++++ b/security/selinux/include/xfrm.h +@@ -48,7 +48,7 @@ static inline void selinux_xfrm_notify_policyload(void) + + rtnl_lock(); + for_each_net(net) { +- atomic_inc(&net->xfrm.flow_cache_genid); ++ atomic_inc_unchecked(&net->xfrm.flow_cache_genid); + rt_genid_bump_all(net); + } + rtnl_unlock(); +diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c +index 2367b10..a0c3c51 100644 +--- a/security/tomoyo/file.c ++++ b/security/tomoyo/file.c +@@ -692,7 +692,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path, + { + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path, ++ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, + }; + int error = -ENOMEM; + struct tomoyo_path_info buf; +@@ -740,7 +740,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, + struct tomoyo_path_info buf; + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path, ++ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, + }; + int idx; + +@@ -786,7 +786,7 @@ int tomoyo_path_perm(const u8 operation, const struct path *path, const char *ta + { + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path, ++ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, + }; + int error; + struct tomoyo_path_info buf; +@@ -843,7 +843,7 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path, + { + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path, ++ .path1 = { .mnt = path->mnt, .dentry = path->dentry }, + }; + int error = -ENOMEM; + struct tomoyo_path_info buf; +@@ -890,8 +890,8 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1, + struct tomoyo_path_info buf2; + struct tomoyo_request_info r; + struct tomoyo_obj_info obj = { +- .path1 = *path1, +- .path2 = *path2, ++ .path1 = { .mnt = path1->mnt, .dentry = path1->dentry }, ++ .path2 = { .mnt = path2->mnt, .dentry = path2->dentry } + }; + int idx; + +diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c +index 390c646..f2f8db3 100644 +--- a/security/tomoyo/mount.c ++++ b/security/tomoyo/mount.c +@@ -118,6 +118,10 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, + type == tomoyo_mounts[TOMOYO_MOUNT_MOVE]) { + need_dev = -1; /* dev_name is a directory */ + } else { ++ if (!capable(CAP_SYS_ADMIN)) { ++ error = -EPERM; ++ goto out; ++ } + fstype = get_fs_type(type); + if (!fstype) { + error = -ENODEV; +diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c +index cbf3df4..22b11df 100644 +--- a/security/tomoyo/tomoyo.c ++++ b/security/tomoyo/tomoyo.c +@@ -165,7 +165,7 @@ static int tomoyo_path_truncate(struct path *path) + */ + static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL); + } + +@@ -181,7 +181,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) + static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, + umode_t mode) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path, + mode & S_IALLUGO); + } +@@ -196,7 +196,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, + */ + static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL); + } + +@@ -212,7 +212,7 @@ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) + static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, + const char *old_name) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name); + } + +@@ -229,7 +229,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, + static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, + umode_t mode, unsigned int dev) + { +- struct path path = { parent->mnt, dentry }; ++ struct path path = { .mnt = parent->mnt, .dentry = dentry }; + int type = TOMOYO_TYPE_CREATE; + const unsigned int perm = mode & S_IALLUGO; + +@@ -268,8 +268,8 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, + static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, + struct dentry *new_dentry) + { +- struct path path1 = { new_dir->mnt, old_dentry }; +- struct path path2 = { new_dir->mnt, new_dentry }; ++ struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry }; ++ struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry }; + return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2); + } + +@@ -288,8 +288,8 @@ static int tomoyo_path_rename(struct path *old_parent, + struct path *new_parent, + struct dentry *new_dentry) + { +- struct path path1 = { old_parent->mnt, old_dentry }; +- struct path path2 = { new_parent->mnt, new_dentry }; ++ struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry }; ++ struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry }; + return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2); + } + +@@ -417,7 +417,7 @@ static int tomoyo_sb_mount(const char *dev_name, struct path *path, + */ + static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) + { +- struct path path = { mnt, mnt->mnt_root }; ++ struct path path = { .mnt = mnt, .dentry = mnt->mnt_root }; + return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL); + } + +diff --git a/security/yama/Kconfig b/security/yama/Kconfig +index 90c605e..bf3a29a 100644 +--- a/security/yama/Kconfig ++++ b/security/yama/Kconfig +@@ -1,6 +1,6 @@ + config SECURITY_YAMA + bool "Yama support" +- depends on SECURITY ++ depends on SECURITY && !GRKERNSEC + default n + help + This selects Yama, which extends DAC support with additional +diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c +index cb6ed10..fb00554 100644 +--- a/security/yama/yama_lsm.c ++++ b/security/yama/yama_lsm.c +@@ -357,7 +357,7 @@ static struct security_hook_list yama_hooks[] = { + static int yama_dointvec_minmax(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) + { +- struct ctl_table table_copy; ++ ctl_table_no_const table_copy; + + if (write && !capable(CAP_SYS_PTRACE)) + return -EPERM; +diff --git a/sound/aoa/codecs/onyx.c b/sound/aoa/codecs/onyx.c +index a04edff..6811b91 100644 +--- a/sound/aoa/codecs/onyx.c ++++ b/sound/aoa/codecs/onyx.c +@@ -54,7 +54,7 @@ struct onyx { + spdif_locked:1, + analog_locked:1, + original_mute:2; +- int open_count; ++ local_t open_count; + struct codec_info *codec_info; + + /* mutex serializes concurrent access to the device +@@ -747,7 +747,7 @@ static int onyx_open(struct codec_info_item *cii, + struct onyx *onyx = cii->codec_data; + + mutex_lock(&onyx->mutex); +- onyx->open_count++; ++ local_inc(&onyx->open_count); + mutex_unlock(&onyx->mutex); + + return 0; +@@ -759,8 +759,7 @@ static int onyx_close(struct codec_info_item *cii, + struct onyx *onyx = cii->codec_data; + + mutex_lock(&onyx->mutex); +- onyx->open_count--; +- if (!onyx->open_count) ++ if (local_dec_and_test(&onyx->open_count)) + onyx->spdif_locked = onyx->analog_locked = 0; + mutex_unlock(&onyx->mutex); + +diff --git a/sound/aoa/codecs/onyx.h b/sound/aoa/codecs/onyx.h +index ffd2025..df062c9 100644 +--- a/sound/aoa/codecs/onyx.h ++++ b/sound/aoa/codecs/onyx.h +@@ -11,6 +11,7 @@ + #include <linux/i2c.h> + #include <asm/pmac_low_i2c.h> + #include <asm/prom.h> ++#include <asm/local.h> + + /* PCM3052 register definitions */ + +diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c +index ebc9fdf..61f491e 100644 +--- a/sound/core/oss/pcm_oss.c ++++ b/sound/core/oss/pcm_oss.c +@@ -1193,10 +1193,10 @@ snd_pcm_sframes_t snd_pcm_oss_write3(struct snd_pcm_substream *substream, const + if (in_kernel) { + mm_segment_t fs; + fs = snd_enter_user(); +- ret = snd_pcm_lib_write(substream, (void __force __user *)ptr, frames); ++ ret = snd_pcm_lib_write(substream, (void __force_user *)ptr, frames); + snd_leave_user(fs); + } else { +- ret = snd_pcm_lib_write(substream, (void __force __user *)ptr, frames); ++ ret = snd_pcm_lib_write(substream, (void __force_user *)ptr, frames); + } + if (ret != -EPIPE && ret != -ESTRPIPE) + break; +@@ -1236,10 +1236,10 @@ snd_pcm_sframes_t snd_pcm_oss_read3(struct snd_pcm_substream *substream, char *p + if (in_kernel) { + mm_segment_t fs; + fs = snd_enter_user(); +- ret = snd_pcm_lib_read(substream, (void __force __user *)ptr, frames); ++ ret = snd_pcm_lib_read(substream, (void __force_user *)ptr, frames); + snd_leave_user(fs); + } else { +- ret = snd_pcm_lib_read(substream, (void __force __user *)ptr, frames); ++ ret = snd_pcm_lib_read(substream, (void __force_user *)ptr, frames); + } + if (ret == -EPIPE) { + if (runtime->status->state == SNDRV_PCM_STATE_DRAINING) { +@@ -1335,7 +1335,7 @@ static ssize_t snd_pcm_oss_write2(struct snd_pcm_substream *substream, const cha + struct snd_pcm_plugin_channel *channels; + size_t oss_frame_bytes = (runtime->oss.plugin_first->src_width * runtime->oss.plugin_first->src_format.channels) / 8; + if (!in_kernel) { +- if (copy_from_user(runtime->oss.buffer, (const char __force __user *)buf, bytes)) ++ if (copy_from_user(runtime->oss.buffer, (const char __force_user *)buf, bytes)) + return -EFAULT; + buf = runtime->oss.buffer; + } +@@ -1405,7 +1405,7 @@ static ssize_t snd_pcm_oss_write1(struct snd_pcm_substream *substream, const cha + } + } else { + tmp = snd_pcm_oss_write2(substream, +- (const char __force *)buf, ++ (const char __force_kernel *)buf, + runtime->oss.period_bytes, 0); + if (tmp <= 0) + goto err; +@@ -1431,7 +1431,7 @@ static ssize_t snd_pcm_oss_read2(struct snd_pcm_substream *substream, char *buf, + struct snd_pcm_runtime *runtime = substream->runtime; + snd_pcm_sframes_t frames, frames1; + #ifdef CONFIG_SND_PCM_OSS_PLUGINS +- char __user *final_dst = (char __force __user *)buf; ++ char __user *final_dst = (char __force_user *)buf; + if (runtime->oss.plugin_first) { + struct snd_pcm_plugin_channel *channels; + size_t oss_frame_bytes = (runtime->oss.plugin_last->dst_width * runtime->oss.plugin_last->dst_format.channels) / 8; +@@ -1493,7 +1493,7 @@ static ssize_t snd_pcm_oss_read1(struct snd_pcm_substream *substream, char __use + xfer += tmp; + runtime->oss.buffer_used -= tmp; + } else { +- tmp = snd_pcm_oss_read2(substream, (char __force *)buf, ++ tmp = snd_pcm_oss_read2(substream, (char __force_kernel *)buf, + runtime->oss.period_bytes, 0); + if (tmp <= 0) + goto err; +@@ -1662,7 +1662,7 @@ static int snd_pcm_oss_sync(struct snd_pcm_oss_file *pcm_oss_file) + size1); + size1 /= runtime->channels; /* frames */ + fs = snd_enter_user(); +- snd_pcm_lib_write(substream, (void __force __user *)runtime->oss.buffer, size1); ++ snd_pcm_lib_write(substream, (void __force_user *)runtime->oss.buffer, size1); + snd_leave_user(fs); + } + } else if (runtime->access == SNDRV_PCM_ACCESS_RW_NONINTERLEAVED) { +diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c +index 1f64ab0..26a7233 100644 +--- a/sound/core/pcm_compat.c ++++ b/sound/core/pcm_compat.c +@@ -31,7 +31,7 @@ static int snd_pcm_ioctl_delay_compat(struct snd_pcm_substream *substream, + int err; + + fs = snd_enter_user(); +- err = snd_pcm_delay(substream, &delay); ++ err = snd_pcm_delay(substream, (snd_pcm_sframes_t __force_user *)&delay); + snd_leave_user(fs); + if (err < 0) + return err; +diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c +index 3a9b66c..2b38b21 100644 +--- a/sound/core/pcm_lib.c ++++ b/sound/core/pcm_lib.c +@@ -1867,8 +1867,9 @@ EXPORT_SYMBOL(snd_pcm_lib_ioctl); + * Even if more than one periods have elapsed since the last call, you + * have to call this only once. + */ +-void snd_pcm_period_elapsed(struct snd_pcm_substream *substream) ++void snd_pcm_period_elapsed(void *_substream) + { ++ struct snd_pcm_substream *substream = _substream; + struct snd_pcm_runtime *runtime; + unsigned long flags; + +diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c +index 9106d8e..e7e2e3c 100644 +--- a/sound/core/pcm_native.c ++++ b/sound/core/pcm_native.c +@@ -3014,11 +3014,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, + switch (substream->stream) { + case SNDRV_PCM_STREAM_PLAYBACK: + result = snd_pcm_playback_ioctl1(NULL, substream, cmd, +- (void __user *)arg); ++ (void __force_user *)arg); + break; + case SNDRV_PCM_STREAM_CAPTURE: + result = snd_pcm_capture_ioctl1(NULL, substream, cmd, +- (void __user *)arg); ++ (void __force_user *)arg); + break; + default: + result = -EINVAL; +diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c +index 795437b..3650746 100644 +--- a/sound/core/rawmidi.c ++++ b/sound/core/rawmidi.c +@@ -871,9 +871,10 @@ static int snd_rawmidi_control_ioctl(struct snd_card *card, + * + * Return: The size of read data, or a negative error code on failure. + */ +-int snd_rawmidi_receive(struct snd_rawmidi_substream *substream, +- const unsigned char *buffer, int count) ++int snd_rawmidi_receive(void *_substream, const void *_buffer, int count) + { ++ struct snd_rawmidi_substream *substream = _substream; ++ const unsigned char *buffer = _buffer; + unsigned long flags; + int result = 0, count1; + struct snd_rawmidi_runtime *runtime = substream->runtime; +diff --git a/sound/core/seq/oss/seq_oss_synth.c b/sound/core/seq/oss/seq_oss_synth.c +index b16dbef04..8eb05a4 100644 +--- a/sound/core/seq/oss/seq_oss_synth.c ++++ b/sound/core/seq/oss/seq_oss_synth.c +@@ -653,8 +653,8 @@ snd_seq_oss_synth_info_read(struct snd_info_buffer *buf) + rec->synth_type, rec->synth_subtype, + rec->nr_voices); + snd_iprintf(buf, " capabilities : ioctl %s / load_patch %s\n", +- enabled_str((long)rec->oper.ioctl), +- enabled_str((long)rec->oper.load_patch)); ++ enabled_str(!!rec->oper.ioctl), ++ enabled_str(!!rec->oper.load_patch)); + snd_use_lock_free(&rec->use_lock); + } + } +diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c +index 58e79e0..19751d1 100644 +--- a/sound/core/seq/seq_clientmgr.c ++++ b/sound/core/seq/seq_clientmgr.c +@@ -416,7 +416,7 @@ static ssize_t snd_seq_read(struct file *file, char __user *buf, size_t count, + if (!client->accept_input || (fifo = client->data.user.fifo) == NULL) + return -ENXIO; + +- if (atomic_read(&fifo->overflow) > 0) { ++ if (atomic_read_unchecked(&fifo->overflow) > 0) { + /* buffer overflow is detected */ + snd_seq_fifo_clear(fifo); + /* return error code */ +@@ -446,7 +446,7 @@ static ssize_t snd_seq_read(struct file *file, char __user *buf, size_t count, + count -= sizeof(struct snd_seq_event); + buf += sizeof(struct snd_seq_event); + err = snd_seq_expand_var_event(&cell->event, count, +- (char __force *)buf, 0, ++ (char __force_kernel *)buf, 0, + sizeof(struct snd_seq_event)); + if (err < 0) + break; +@@ -1062,13 +1062,13 @@ static ssize_t snd_seq_write(struct file *file, const char __user *buf, + } + /* set user space pointer */ + event.data.ext.len = extlen | SNDRV_SEQ_EXT_USRPTR; +- event.data.ext.ptr = (char __force *)buf ++ event.data.ext.ptr = (char __force_kernel *)buf + + sizeof(struct snd_seq_event); + len += extlen; /* increment data length */ + } else { + #ifdef CONFIG_COMPAT + if (client->convert32 && snd_seq_ev_is_varusr(&event)) { +- void *ptr = (void __force *)compat_ptr(event.data.raw32.d[1]); ++ void *ptr = (void __force_kernel *)compat_ptr(event.data.raw32.d[1]); + event.data.ext.ptr = ptr; + } + #endif +@@ -2423,7 +2423,7 @@ int snd_seq_kernel_client_ctl(int clientid, unsigned int cmd, void *arg) + if (client == NULL) + return -ENXIO; + fs = snd_enter_user(); +- result = snd_seq_do_ioctl(client, cmd, (void __force __user *)arg); ++ result = snd_seq_do_ioctl(client, cmd, (void __force_user *)arg); + snd_leave_user(fs); + return result; + } +diff --git a/sound/core/seq/seq_compat.c b/sound/core/seq/seq_compat.c +index 6517590..9905cee 100644 +--- a/sound/core/seq/seq_compat.c ++++ b/sound/core/seq/seq_compat.c +@@ -60,7 +60,7 @@ static int snd_seq_call_port_info_ioctl(struct snd_seq_client *client, unsigned + data->kernel = NULL; + + fs = snd_enter_user(); +- err = snd_seq_do_ioctl(client, cmd, data); ++ err = snd_seq_do_ioctl(client, cmd, (void __force_user *)data); + snd_leave_user(fs); + if (err < 0) + goto error; +diff --git a/sound/core/seq/seq_fifo.c b/sound/core/seq/seq_fifo.c +index 1d5acbe..5f55223 100644 +--- a/sound/core/seq/seq_fifo.c ++++ b/sound/core/seq/seq_fifo.c +@@ -50,7 +50,7 @@ struct snd_seq_fifo *snd_seq_fifo_new(int poolsize) + spin_lock_init(&f->lock); + snd_use_lock_init(&f->use_lock); + init_waitqueue_head(&f->input_sleep); +- atomic_set(&f->overflow, 0); ++ atomic_set_unchecked(&f->overflow, 0); + + f->head = NULL; + f->tail = NULL; +@@ -96,7 +96,7 @@ void snd_seq_fifo_clear(struct snd_seq_fifo *f) + unsigned long flags; + + /* clear overflow flag */ +- atomic_set(&f->overflow, 0); ++ atomic_set_unchecked(&f->overflow, 0); + + snd_use_lock_sync(&f->use_lock); + spin_lock_irqsave(&f->lock, flags); +@@ -123,7 +123,7 @@ int snd_seq_fifo_event_in(struct snd_seq_fifo *f, + err = snd_seq_event_dup(f->pool, event, &cell, 1, NULL); /* always non-blocking */ + if (err < 0) { + if ((err == -ENOMEM) || (err == -EAGAIN)) +- atomic_inc(&f->overflow); ++ atomic_inc_unchecked(&f->overflow); + snd_use_lock_free(&f->use_lock); + return err; + } +diff --git a/sound/core/seq/seq_fifo.h b/sound/core/seq/seq_fifo.h +index 062c446..a4b6f4c 100644 +--- a/sound/core/seq/seq_fifo.h ++++ b/sound/core/seq/seq_fifo.h +@@ -35,7 +35,7 @@ struct snd_seq_fifo { + spinlock_t lock; + snd_use_lock_t use_lock; + wait_queue_head_t input_sleep; +- atomic_t overflow; ++ atomic_unchecked_t overflow; + + }; + +diff --git a/sound/core/seq/seq_memory.c b/sound/core/seq/seq_memory.c +index c850345..ec0a853 100644 +--- a/sound/core/seq/seq_memory.c ++++ b/sound/core/seq/seq_memory.c +@@ -87,7 +87,7 @@ int snd_seq_dump_var_event(const struct snd_seq_event *event, + + if (event->data.ext.len & SNDRV_SEQ_EXT_USRPTR) { + char buf[32]; +- char __user *curptr = (char __force __user *)event->data.ext.ptr; ++ char __user *curptr = (char __force_user *)event->data.ext.ptr; + while (len > 0) { + int size = sizeof(buf); + if (len < size) +@@ -126,15 +126,19 @@ EXPORT_SYMBOL(snd_seq_dump_var_event); + * expand the variable length event to linear buffer space. + */ + +-static int seq_copy_in_kernel(char **bufptr, const void *src, int size) ++static int seq_copy_in_kernel(void *_bufptr, const void *src, int size) + { ++ char **bufptr = (char **)_bufptr; ++ + memcpy(*bufptr, src, size); + *bufptr += size; + return 0; + } + +-static int seq_copy_in_user(char __user **bufptr, const void *src, int size) ++static int seq_copy_in_user(void *_bufptr, const void *src, int size) + { ++ char __user **bufptr = (char __user **)_bufptr; ++ + if (copy_to_user(*bufptr, src, size)) + return -EFAULT; + *bufptr += size; +@@ -158,13 +162,13 @@ int snd_seq_expand_var_event(const struct snd_seq_event *event, int count, char + if (event->data.ext.len & SNDRV_SEQ_EXT_USRPTR) { + if (! in_kernel) + return -EINVAL; +- if (copy_from_user(buf, (void __force __user *)event->data.ext.ptr, len)) ++ if (copy_from_user(buf, (void __force_user *)event->data.ext.ptr, len)) + return -EFAULT; + return newlen; + } + err = snd_seq_dump_var_event(event, +- in_kernel ? (snd_seq_dump_func_t)seq_copy_in_kernel : +- (snd_seq_dump_func_t)seq_copy_in_user, ++ in_kernel ? seq_copy_in_kernel : ++ seq_copy_in_user, + &buf); + return err < 0 ? err : newlen; + } +@@ -344,7 +348,7 @@ int snd_seq_event_dup(struct snd_seq_pool *pool, struct snd_seq_event *event, + tmp->event = src->event; + src = src->next; + } else if (is_usrptr) { +- if (copy_from_user(&tmp->event, (char __force __user *)buf, size)) { ++ if (copy_from_user(&tmp->event, (char __force_user *)buf, size)) { + err = -EFAULT; + goto __error; + } +diff --git a/sound/core/seq/seq_midi.c b/sound/core/seq/seq_midi.c +index 5dd0ee2..0208e35 100644 +--- a/sound/core/seq/seq_midi.c ++++ b/sound/core/seq/seq_midi.c +@@ -111,8 +111,9 @@ static void snd_midi_input_event(struct snd_rawmidi_substream *substream) + } + } + +-static int dump_midi(struct snd_rawmidi_substream *substream, const char *buf, int count) ++static int dump_midi(void *_substream, const void *buf, int count) + { ++ struct snd_rawmidi_substream *substream = _substream; + struct snd_rawmidi_runtime *runtime; + int tmp; + +@@ -148,7 +149,7 @@ static int event_process_midi(struct snd_seq_event *ev, int direct, + pr_debug("ALSA: seq_midi: invalid sysex event flags = 0x%x\n", ev->flags); + return 0; + } +- snd_seq_dump_var_event(ev, (snd_seq_dump_func_t)dump_midi, substream); ++ snd_seq_dump_var_event(ev, dump_midi, substream); + snd_midi_event_reset_decode(msynth->parser); + } else { + if (msynth->parser == NULL) +diff --git a/sound/core/seq/seq_virmidi.c b/sound/core/seq/seq_virmidi.c +index c82ed3e..e11d039 100644 +--- a/sound/core/seq/seq_virmidi.c ++++ b/sound/core/seq/seq_virmidi.c +@@ -90,7 +90,7 @@ static int snd_virmidi_dev_receive_event(struct snd_virmidi_dev *rdev, + if (ev->type == SNDRV_SEQ_EVENT_SYSEX) { + if ((ev->flags & SNDRV_SEQ_EVENT_LENGTH_MASK) != SNDRV_SEQ_EVENT_LENGTH_VARIABLE) + continue; +- snd_seq_dump_var_event(ev, (snd_seq_dump_func_t)snd_rawmidi_receive, vmidi->substream); ++ snd_seq_dump_var_event(ev, snd_rawmidi_receive, vmidi->substream); + } else { + len = snd_midi_event_decode(vmidi->parser, msg, sizeof(msg), ev); + if (len > 0) +diff --git a/sound/core/sound.c b/sound/core/sound.c +index 175f9e4..3518d31 100644 +--- a/sound/core/sound.c ++++ b/sound/core/sound.c +@@ -86,7 +86,7 @@ static void snd_request_other(int minor) + case SNDRV_MINOR_TIMER: str = "snd-timer"; break; + default: return; + } +- request_module(str); ++ request_module("%s", str); + } + + #endif /* modular kernel */ +diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c +index 2a008a9..a1efb3f 100644 +--- a/sound/drivers/mts64.c ++++ b/sound/drivers/mts64.c +@@ -29,6 +29,7 @@ + #include <sound/initval.h> + #include <sound/rawmidi.h> + #include <sound/control.h> ++#include <asm/local.h> + + #define CARD_NAME "Miditerminal 4140" + #define DRIVER_NAME "MTS64" +@@ -67,7 +68,7 @@ struct mts64 { + struct pardevice *pardev; + int pardev_claimed; + +- int open_count; ++ local_t open_count; + int current_midi_output_port; + int current_midi_input_port; + u8 mode[MTS64_NUM_INPUT_PORTS]; +@@ -687,7 +688,7 @@ static int snd_mts64_rawmidi_open(struct snd_rawmidi_substream *substream) + { + struct mts64 *mts = substream->rmidi->private_data; + +- if (mts->open_count == 0) { ++ if (local_read(&mts->open_count) == 0) { + /* We don't need a spinlock here, because this is just called + if the device has not been opened before. + So there aren't any IRQs from the device */ +@@ -695,7 +696,7 @@ static int snd_mts64_rawmidi_open(struct snd_rawmidi_substream *substream) + + msleep(50); + } +- ++(mts->open_count); ++ local_inc(&mts->open_count); + + return 0; + } +@@ -705,8 +706,7 @@ static int snd_mts64_rawmidi_close(struct snd_rawmidi_substream *substream) + struct mts64 *mts = substream->rmidi->private_data; + unsigned long flags; + +- --(mts->open_count); +- if (mts->open_count == 0) { ++ if (local_dec_return(&mts->open_count) == 0) { + /* We need the spinlock_irqsave here because we can still + have IRQs at this point */ + spin_lock_irqsave(&mts->lock, flags); +@@ -715,8 +715,8 @@ static int snd_mts64_rawmidi_close(struct snd_rawmidi_substream *substream) + + msleep(500); + +- } else if (mts->open_count < 0) +- mts->open_count = 0; ++ } else if (local_read(&mts->open_count) < 0) ++ local_set(&mts->open_count, 0); + + return 0; + } +diff --git a/sound/drivers/opl4/opl4_lib.c b/sound/drivers/opl4/opl4_lib.c +index 89c7aa0..6d75e49 100644 +--- a/sound/drivers/opl4/opl4_lib.c ++++ b/sound/drivers/opl4/opl4_lib.c +@@ -29,7 +29,7 @@ MODULE_AUTHOR("Clemens Ladisch <clemens@ladisch.de>"); + MODULE_DESCRIPTION("OPL4 driver"); + MODULE_LICENSE("GPL"); + +-static void inline snd_opl4_wait(struct snd_opl4 *opl4) ++static inline void snd_opl4_wait(struct snd_opl4 *opl4) + { + int timeout = 10; + while ((inb(opl4->fm_port) & OPL4_STATUS_BUSY) && --timeout > 0) +diff --git a/sound/drivers/portman2x4.c b/sound/drivers/portman2x4.c +index 464385a..46ab3f6 100644 +--- a/sound/drivers/portman2x4.c ++++ b/sound/drivers/portman2x4.c +@@ -48,6 +48,7 @@ + #include <sound/initval.h> + #include <sound/rawmidi.h> + #include <sound/control.h> ++#include <asm/local.h> + + #define CARD_NAME "Portman 2x4" + #define DRIVER_NAME "portman" +@@ -85,7 +86,7 @@ struct portman { + struct pardevice *pardev; + int pardev_claimed; + +- int open_count; ++ local_t open_count; + int mode[PORTMAN_NUM_INPUT_PORTS]; + struct snd_rawmidi_substream *midi_input[PORTMAN_NUM_INPUT_PORTS]; + }; +diff --git a/sound/firewire/amdtp-am824.c b/sound/firewire/amdtp-am824.c +index bebddc6..f5976be 100644 +--- a/sound/firewire/amdtp-am824.c ++++ b/sound/firewire/amdtp-am824.c +@@ -314,7 +314,7 @@ void amdtp_am824_midi_trigger(struct amdtp_stream *s, unsigned int port, + struct amdtp_am824 *p = s->protocol; + + if (port < p->midi_ports) +- ACCESS_ONCE(p->midi[port]) = midi; ++ ACCESS_ONCE_RW(p->midi[port]) = midi; + } + EXPORT_SYMBOL_GPL(amdtp_am824_midi_trigger); + +diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c +index ed29026..933d2ae 100644 +--- a/sound/firewire/amdtp-stream.c ++++ b/sound/firewire/amdtp-stream.c +@@ -344,7 +344,7 @@ static void update_pcm_pointers(struct amdtp_stream *s, + ptr = s->pcm_buffer_pointer + frames; + if (ptr >= pcm->runtime->buffer_size) + ptr -= pcm->runtime->buffer_size; +- ACCESS_ONCE(s->pcm_buffer_pointer) = ptr; ++ ACCESS_ONCE_RW(s->pcm_buffer_pointer) = ptr; + + s->pcm_period_pointer += frames; + if (s->pcm_period_pointer >= pcm->runtime->period_size) { +@@ -811,7 +811,7 @@ EXPORT_SYMBOL(amdtp_stream_pcm_pointer); + void amdtp_stream_update(struct amdtp_stream *s) + { + /* Precomputing. */ +- ACCESS_ONCE(s->source_node_id_field) = ++ ACCESS_ONCE_RW(s->source_node_id_field) = + (fw_parent_device(s->unit)->card->node_id << CIP_SID_SHIFT) & + CIP_SID_MASK; + } +diff --git a/sound/firewire/amdtp-stream.h b/sound/firewire/amdtp-stream.h +index 8775704..8fea566 100644 +--- a/sound/firewire/amdtp-stream.h ++++ b/sound/firewire/amdtp-stream.h +@@ -215,7 +215,7 @@ static inline bool amdtp_stream_pcm_running(struct amdtp_stream *s) + static inline void amdtp_stream_pcm_trigger(struct amdtp_stream *s, + struct snd_pcm_substream *pcm) + { +- ACCESS_ONCE(s->pcm) = pcm; ++ ACCESS_ONCE_RW(s->pcm) = pcm; + } + + static inline bool cip_sfc_is_base_44100(enum cip_sfc sfc) +diff --git a/sound/firewire/digi00x/amdtp-dot.c b/sound/firewire/digi00x/amdtp-dot.c +index 0ac92ab..a2081aa 100644 +--- a/sound/firewire/digi00x/amdtp-dot.c ++++ b/sound/firewire/digi00x/amdtp-dot.c +@@ -365,7 +365,7 @@ void amdtp_dot_midi_trigger(struct amdtp_stream *s, unsigned int port, + struct amdtp_dot *p = s->protocol; + + if (port < p->midi_ports) +- ACCESS_ONCE(p->midi[port]) = midi; ++ ACCESS_ONCE_RW(p->midi[port]) = midi; + } + + static unsigned int process_tx_data_blocks(struct amdtp_stream *s, +diff --git a/sound/firewire/isight.c b/sound/firewire/isight.c +index 48d6dca..a0266c23 100644 +--- a/sound/firewire/isight.c ++++ b/sound/firewire/isight.c +@@ -96,7 +96,7 @@ static void isight_update_pointers(struct isight *isight, unsigned int count) + ptr += count; + if (ptr >= runtime->buffer_size) + ptr -= runtime->buffer_size; +- ACCESS_ONCE(isight->buffer_pointer) = ptr; ++ ACCESS_ONCE_RW(isight->buffer_pointer) = ptr; + + isight->period_counter += count; + if (isight->period_counter >= runtime->period_size) { +@@ -293,7 +293,7 @@ static int isight_hw_params(struct snd_pcm_substream *substream, + if (err < 0) + return err; + +- ACCESS_ONCE(isight->pcm_active) = true; ++ ACCESS_ONCE_RW(isight->pcm_active) = true; + + return 0; + } +@@ -331,7 +331,7 @@ static int isight_hw_free(struct snd_pcm_substream *substream) + { + struct isight *isight = substream->private_data; + +- ACCESS_ONCE(isight->pcm_active) = false; ++ ACCESS_ONCE_RW(isight->pcm_active) = false; + + mutex_lock(&isight->mutex); + isight_stop_streaming(isight); +@@ -424,10 +424,10 @@ static int isight_trigger(struct snd_pcm_substream *substream, int cmd) + + switch (cmd) { + case SNDRV_PCM_TRIGGER_START: +- ACCESS_ONCE(isight->pcm_running) = true; ++ ACCESS_ONCE_RW(isight->pcm_running) = true; + break; + case SNDRV_PCM_TRIGGER_STOP: +- ACCESS_ONCE(isight->pcm_running) = false; ++ ACCESS_ONCE_RW(isight->pcm_running) = false; + break; + default: + return -EINVAL; +diff --git a/sound/firewire/oxfw/oxfw-scs1x.c b/sound/firewire/oxfw/oxfw-scs1x.c +index bb53eb3..670cd89 100644 +--- a/sound/firewire/oxfw/oxfw-scs1x.c ++++ b/sound/firewire/oxfw/oxfw-scs1x.c +@@ -278,9 +278,9 @@ static void midi_capture_trigger(struct snd_rawmidi_substream *stream, int up) + + if (up) { + scs->input_escape_count = 0; +- ACCESS_ONCE(scs->input) = stream; ++ ACCESS_ONCE_RW(scs->input) = stream; + } else { +- ACCESS_ONCE(scs->input) = NULL; ++ ACCESS_ONCE_RW(scs->input) = NULL; + } + } + +@@ -310,10 +310,10 @@ static void midi_playback_trigger(struct snd_rawmidi_substream *stream, int up) + scs->output_escaped = false; + scs->output_idle = false; + +- ACCESS_ONCE(scs->output) = stream; ++ ACCESS_ONCE_RW(scs->output) = stream; + tasklet_schedule(&scs->tasklet); + } else { +- ACCESS_ONCE(scs->output) = NULL; ++ ACCESS_ONCE_RW(scs->output) = NULL; + } + } + static void midi_playback_drain(struct snd_rawmidi_substream *stream) +diff --git a/sound/oss/sb_audio.c b/sound/oss/sb_audio.c +index dc91072..d85a10a 100644 +--- a/sound/oss/sb_audio.c ++++ b/sound/oss/sb_audio.c +@@ -900,7 +900,7 @@ sb16_copy_from_user(int dev, + buf16 = (signed short *)(localbuf + localoffs); + while (c) + { +- locallen = (c >= LBUFCOPYSIZE ? LBUFCOPYSIZE : c); ++ locallen = ((unsigned)c >= LBUFCOPYSIZE ? LBUFCOPYSIZE : c); + if (copy_from_user(lbuf8, + userbuf+useroffs + p, + locallen)) +diff --git a/sound/oss/swarm_cs4297a.c b/sound/oss/swarm_cs4297a.c +index 213a416..aeab5c9 100644 +--- a/sound/oss/swarm_cs4297a.c ++++ b/sound/oss/swarm_cs4297a.c +@@ -2623,7 +2623,6 @@ static int __init cs4297a_init(void) + { + struct cs4297a_state *s; + u32 pwr, id; +- mm_segment_t fs; + int rval; + u64 cfg; + int mdio_val; +@@ -2709,22 +2708,23 @@ static int __init cs4297a_init(void) + if (!rval) { + char *sb1250_duart_present; + ++#if 0 ++ mm_segment_t fs; + fs = get_fs(); + set_fs(KERNEL_DS); +-#if 0 + val = SOUND_MASK_LINE; + mixer_ioctl(s, SOUND_MIXER_WRITE_RECSRC, (unsigned long) &val); + for (i = 0; i < ARRAY_SIZE(initvol); i++) { + val = initvol[i].vol; + mixer_ioctl(s, initvol[i].mixch, (unsigned long) &val); + } ++ set_fs(fs); + // cs4297a_write_ac97(s, 0x18, 0x0808); + #else + // cs4297a_write_ac97(s, 0x5e, 0x180); + cs4297a_write_ac97(s, 0x02, 0x0808); + cs4297a_write_ac97(s, 0x18, 0x0808); + #endif +- set_fs(fs); + + list_add(&s->list, &cs4297a_devs); + +diff --git a/sound/pci/als300.c b/sound/pci/als300.c +index add3176..c9394d9 100644 +--- a/sound/pci/als300.c ++++ b/sound/pci/als300.c +@@ -647,7 +647,7 @@ static int snd_als300_create(struct snd_card *card, + struct snd_als300 **rchip) + { + struct snd_als300 *chip; +- void *irq_handler; ++ irq_handler_t irq_handler; + int err; + + static struct snd_device_ops ops = { +diff --git a/sound/pci/aw2/aw2-alsa.c b/sound/pci/aw2/aw2-alsa.c +index 1677143..85aca1d 100644 +--- a/sound/pci/aw2/aw2-alsa.c ++++ b/sound/pci/aw2/aw2-alsa.c +@@ -458,7 +458,6 @@ static int snd_aw2_pcm_prepare_playback(struct snd_pcm_substream *substream) + + /* Define Interrupt callback */ + snd_aw2_saa7146_define_it_playback_callback(pcm_device->stream_number, +- (snd_aw2_saa7146_it_cb) + snd_pcm_period_elapsed, + (void *)substream); + +@@ -487,7 +486,6 @@ static int snd_aw2_pcm_prepare_capture(struct snd_pcm_substream *substream) + + /* Define Interrupt callback */ + snd_aw2_saa7146_define_it_capture_callback(pcm_device->stream_number, +- (snd_aw2_saa7146_it_cb) + snd_pcm_period_elapsed, + (void *)substream); + +diff --git a/sound/pci/aw2/aw2-saa7146.c b/sound/pci/aw2/aw2-saa7146.c +index 1d78904..d9c1056 100644 +--- a/sound/pci/aw2/aw2-saa7146.c ++++ b/sound/pci/aw2/aw2-saa7146.c +@@ -262,7 +262,7 @@ void snd_aw2_saa7146_define_it_playback_callback(unsigned int stream_number, + { + if (stream_number < NB_STREAM_PLAYBACK) { + arr_substream_it_playback_cb[stream_number].p_it_callback = +- (snd_aw2_saa7146_it_cb) p_it_callback; ++ p_it_callback; + arr_substream_it_playback_cb[stream_number].p_callback_param = + (void *)p_callback_param; + } +@@ -275,7 +275,7 @@ void snd_aw2_saa7146_define_it_capture_callback(unsigned int stream_number, + { + if (stream_number < NB_STREAM_CAPTURE) { + arr_substream_it_capture_cb[stream_number].p_it_callback = +- (snd_aw2_saa7146_it_cb) p_it_callback; ++ p_it_callback; + arr_substream_it_capture_cb[stream_number].p_callback_param = + (void *)p_callback_param; + } +diff --git a/sound/pci/ctxfi/ctamixer.c b/sound/pci/ctxfi/ctamixer.c +index 5fcbb06..f4b85df 100644 +--- a/sound/pci/ctxfi/ctamixer.c ++++ b/sound/pci/ctxfi/ctamixer.c +@@ -297,8 +297,9 @@ static int put_amixer_rsc(struct amixer_mgr *mgr, struct amixer *amixer) + return 0; + } + +-int amixer_mgr_create(struct hw *hw, struct amixer_mgr **ramixer_mgr) ++int amixer_mgr_create(struct hw *hw, void **_ramixer_mgr) + { ++ struct amixer_mgr **ramixer_mgr = (struct amixer_mgr **)_ramixer_mgr; + int err; + struct amixer_mgr *amixer_mgr; + +@@ -326,8 +327,10 @@ error: + return err; + } + +-int amixer_mgr_destroy(struct amixer_mgr *amixer_mgr) ++int amixer_mgr_destroy(void *_amixer_mgr) + { ++ struct amixer_mgr *amixer_mgr = _amixer_mgr; ++ + rsc_mgr_uninit(&amixer_mgr->mgr); + kfree(amixer_mgr); + return 0; +@@ -452,8 +455,9 @@ static int put_sum_rsc(struct sum_mgr *mgr, struct sum *sum) + return 0; + } + +-int sum_mgr_create(struct hw *hw, struct sum_mgr **rsum_mgr) ++int sum_mgr_create(struct hw *hw, void **_rsum_mgr) + { ++ struct sum_mgr **rsum_mgr = (struct sum_mgr **)_rsum_mgr; + int err; + struct sum_mgr *sum_mgr; + +@@ -481,8 +485,10 @@ error: + return err; + } + +-int sum_mgr_destroy(struct sum_mgr *sum_mgr) ++int sum_mgr_destroy(void *_sum_mgr) + { ++ struct sum_mgr *sum_mgr = _sum_mgr; ++ + rsc_mgr_uninit(&sum_mgr->mgr); + kfree(sum_mgr); + return 0; +diff --git a/sound/pci/ctxfi/ctamixer.h b/sound/pci/ctxfi/ctamixer.h +index 2de18aa..2fbd01b 100644 +--- a/sound/pci/ctxfi/ctamixer.h ++++ b/sound/pci/ctxfi/ctamixer.h +@@ -47,8 +47,8 @@ struct sum_mgr { + }; + + /* Constructor and destructor of daio resource manager */ +-int sum_mgr_create(struct hw *hw, struct sum_mgr **rsum_mgr); +-int sum_mgr_destroy(struct sum_mgr *sum_mgr); ++int sum_mgr_create(struct hw *hw, void **rsum_mgr); ++int sum_mgr_destroy(void *sum_mgr); + + /* Define the descriptor of a amixer resource */ + struct amixer_rsc_ops; +@@ -93,7 +93,7 @@ struct amixer_mgr { + }; + + /* Constructor and destructor of amixer resource manager */ +-int amixer_mgr_create(struct hw *hw, struct amixer_mgr **ramixer_mgr); +-int amixer_mgr_destroy(struct amixer_mgr *amixer_mgr); ++int amixer_mgr_create(struct hw *hw, void **ramixer_mgr); ++int amixer_mgr_destroy(void *amixer_mgr); + + #endif /* CTAMIXER_H */ +diff --git a/sound/pci/ctxfi/ctatc.c b/sound/pci/ctxfi/ctatc.c +index 977a598..a787004 100644 +--- a/sound/pci/ctxfi/ctatc.c ++++ b/sound/pci/ctxfi/ctatc.c +@@ -113,16 +113,16 @@ static struct { + int (*create)(struct hw *hw, void **rmgr); + int (*destroy)(void *mgr); + } rsc_mgr_funcs[NUM_RSCTYP] = { +- [SRC] = { .create = (create_t)src_mgr_create, +- .destroy = (destroy_t)src_mgr_destroy }, +- [SRCIMP] = { .create = (create_t)srcimp_mgr_create, +- .destroy = (destroy_t)srcimp_mgr_destroy }, +- [AMIXER] = { .create = (create_t)amixer_mgr_create, +- .destroy = (destroy_t)amixer_mgr_destroy }, +- [SUM] = { .create = (create_t)sum_mgr_create, +- .destroy = (destroy_t)sum_mgr_destroy }, +- [DAIO] = { .create = (create_t)daio_mgr_create, +- .destroy = (destroy_t)daio_mgr_destroy } ++ [SRC] = { .create = src_mgr_create, ++ .destroy = src_mgr_destroy }, ++ [SRCIMP] = { .create = srcimp_mgr_create, ++ .destroy = srcimp_mgr_destroy }, ++ [AMIXER] = { .create = amixer_mgr_create, ++ .destroy = amixer_mgr_destroy }, ++ [SUM] = { .create = sum_mgr_create, ++ .destroy = sum_mgr_destroy }, ++ [DAIO] = { .create = daio_mgr_create, ++ .destroy = daio_mgr_destroy } + }; + + static int +diff --git a/sound/pci/ctxfi/ctdaio.c b/sound/pci/ctxfi/ctdaio.c +index 7f089cb..6bea28e 100644 +--- a/sound/pci/ctxfi/ctdaio.c ++++ b/sound/pci/ctxfi/ctdaio.c +@@ -687,8 +687,9 @@ static int daio_mgr_commit_write(struct daio_mgr *mgr) + return 0; + } + +-int daio_mgr_create(struct hw *hw, struct daio_mgr **rdaio_mgr) ++int daio_mgr_create(struct hw *hw, void **_rdaio_mgr) + { ++ struct daio_mgr **rdaio_mgr = (struct daio_mgr **)_rdaio_mgr; + int err, i; + struct daio_mgr *daio_mgr; + struct imapper *entry; +@@ -741,8 +742,9 @@ error1: + return err; + } + +-int daio_mgr_destroy(struct daio_mgr *daio_mgr) ++int daio_mgr_destroy(void *_daio_mgr) + { ++ struct daio_mgr *daio_mgr = _daio_mgr; + unsigned long flags; + + /* free daio input mapper list */ +diff --git a/sound/pci/ctxfi/ctdaio.h b/sound/pci/ctxfi/ctdaio.h +index a30be73..91b8dbd 100644 +--- a/sound/pci/ctxfi/ctdaio.h ++++ b/sound/pci/ctxfi/ctdaio.h +@@ -119,7 +119,7 @@ struct daio_mgr { + }; + + /* Constructor and destructor of daio resource manager */ +-int daio_mgr_create(struct hw *hw, struct daio_mgr **rdaio_mgr); +-int daio_mgr_destroy(struct daio_mgr *daio_mgr); ++int daio_mgr_create(struct hw *hw, void **rdaio_mgr); ++int daio_mgr_destroy(void *daio_mgr); + + #endif /* CTDAIO_H */ +diff --git a/sound/pci/ctxfi/ctsrc.c b/sound/pci/ctxfi/ctsrc.c +index a5a72df..f86edb8 100644 +--- a/sound/pci/ctxfi/ctsrc.c ++++ b/sound/pci/ctxfi/ctsrc.c +@@ -544,8 +544,9 @@ static int src_mgr_commit_write(struct src_mgr *mgr) + return 0; + } + +-int src_mgr_create(struct hw *hw, struct src_mgr **rsrc_mgr) ++int src_mgr_create(struct hw *hw, void **_rsrc_mgr) + { ++ struct src_mgr **rsrc_mgr = (struct src_mgr **)_rsrc_mgr; + int err, i; + struct src_mgr *src_mgr; + +@@ -584,8 +585,10 @@ error1: + return err; + } + +-int src_mgr_destroy(struct src_mgr *src_mgr) ++int src_mgr_destroy(void *_src_mgr) + { ++ struct src_mgr *src_mgr = _src_mgr; ++ + rsc_mgr_uninit(&src_mgr->mgr); + kfree(src_mgr); + +@@ -828,8 +831,9 @@ static int srcimp_imap_delete(struct srcimp_mgr *mgr, struct imapper *entry) + return err; + } + +-int srcimp_mgr_create(struct hw *hw, struct srcimp_mgr **rsrcimp_mgr) ++int srcimp_mgr_create(struct hw *hw, void **_rsrcimp_mgr) + { ++ struct srcimp_mgr **rsrcimp_mgr = (struct srcimp_mgr **)_rsrcimp_mgr; + int err; + struct srcimp_mgr *srcimp_mgr; + struct imapper *entry; +@@ -873,8 +877,9 @@ error1: + return err; + } + +-int srcimp_mgr_destroy(struct srcimp_mgr *srcimp_mgr) ++int srcimp_mgr_destroy(void *_srcimp_mgr) + { ++ struct srcimp_mgr *srcimp_mgr = _srcimp_mgr; + unsigned long flags; + + /* free src input mapper list */ +diff --git a/sound/pci/ctxfi/ctsrc.h b/sound/pci/ctxfi/ctsrc.h +index 92944a0..fc78ed4 100644 +--- a/sound/pci/ctxfi/ctsrc.h ++++ b/sound/pci/ctxfi/ctsrc.h +@@ -143,10 +143,10 @@ struct srcimp_mgr { + }; + + /* Constructor and destructor of SRC resource manager */ +-int src_mgr_create(struct hw *hw, struct src_mgr **rsrc_mgr); +-int src_mgr_destroy(struct src_mgr *src_mgr); ++int src_mgr_create(struct hw *hw, void **rsrc_mgr); ++int src_mgr_destroy(void *src_mgr); + /* Constructor and destructor of SRCIMP resource manager */ +-int srcimp_mgr_create(struct hw *hw, struct srcimp_mgr **rsrc_mgr); +-int srcimp_mgr_destroy(struct srcimp_mgr *srcimp_mgr); ++int srcimp_mgr_create(struct hw *hw, void **rsrc_mgr); ++int srcimp_mgr_destroy(void *srcimp_mgr); + + #endif /* CTSRC_H */ +diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c +index 8374188..f073778 100644 +--- a/sound/pci/hda/hda_codec.c ++++ b/sound/pci/hda/hda_codec.c +@@ -1743,7 +1743,7 @@ static int get_kctl_0dB_offset(struct hda_codec *codec, + /* FIXME: set_fs() hack for obtaining user-space TLV data */ + mm_segment_t fs = get_fs(); + set_fs(get_ds()); +- if (!kctl->tlv.c(kctl, 0, sizeof(_tlv), _tlv)) ++ if (!kctl->tlv.c(kctl, 0, sizeof(_tlv), (unsigned int __force_user *)_tlv)) + tlv = _tlv; + set_fs(fs); + } else if (kctl->vd[0].access & SNDRV_CTL_ELEM_ACCESS_TLV_READ) +diff --git a/sound/pci/ymfpci/ymfpci.h b/sound/pci/ymfpci/ymfpci.h +index 149d4cb..7784769 100644 +--- a/sound/pci/ymfpci/ymfpci.h ++++ b/sound/pci/ymfpci/ymfpci.h +@@ -358,7 +358,7 @@ struct snd_ymfpci { + spinlock_t reg_lock; + spinlock_t voice_lock; + wait_queue_head_t interrupt_sleep; +- atomic_t interrupt_sleep_count; ++ atomic_unchecked_t interrupt_sleep_count; + struct snd_info_entry *proc_entry; + const struct firmware *dsp_microcode; + const struct firmware *controller_microcode; +diff --git a/sound/pci/ymfpci/ymfpci_main.c b/sound/pci/ymfpci/ymfpci_main.c +index 4c26076..a13f370 100644 +--- a/sound/pci/ymfpci/ymfpci_main.c ++++ b/sound/pci/ymfpci/ymfpci_main.c +@@ -204,8 +204,8 @@ static void snd_ymfpci_hw_stop(struct snd_ymfpci *chip) + if ((snd_ymfpci_readl(chip, YDSXGR_STATUS) & 2) == 0) + break; + } +- if (atomic_read(&chip->interrupt_sleep_count)) { +- atomic_set(&chip->interrupt_sleep_count, 0); ++ if (atomic_read_unchecked(&chip->interrupt_sleep_count)) { ++ atomic_set_unchecked(&chip->interrupt_sleep_count, 0); + wake_up(&chip->interrupt_sleep); + } + __end: +@@ -789,7 +789,7 @@ static void snd_ymfpci_irq_wait(struct snd_ymfpci *chip) + continue; + init_waitqueue_entry(&wait, current); + add_wait_queue(&chip->interrupt_sleep, &wait); +- atomic_inc(&chip->interrupt_sleep_count); ++ atomic_inc_unchecked(&chip->interrupt_sleep_count); + schedule_timeout_uninterruptible(msecs_to_jiffies(50)); + remove_wait_queue(&chip->interrupt_sleep, &wait); + } +@@ -827,8 +827,8 @@ static irqreturn_t snd_ymfpci_interrupt(int irq, void *dev_id) + snd_ymfpci_writel(chip, YDSXGR_MODE, mode); + spin_unlock(&chip->reg_lock); + +- if (atomic_read(&chip->interrupt_sleep_count)) { +- atomic_set(&chip->interrupt_sleep_count, 0); ++ if (atomic_read_unchecked(&chip->interrupt_sleep_count)) { ++ atomic_set_unchecked(&chip->interrupt_sleep_count, 0); + wake_up(&chip->interrupt_sleep); + } + } +@@ -2384,7 +2384,7 @@ int snd_ymfpci_create(struct snd_card *card, + spin_lock_init(&chip->reg_lock); + spin_lock_init(&chip->voice_lock); + init_waitqueue_head(&chip->interrupt_sleep); +- atomic_set(&chip->interrupt_sleep_count, 0); ++ atomic_set_unchecked(&chip->interrupt_sleep_count, 0); + chip->card = card; + chip->pci = pci; + chip->irq = -1; +diff --git a/sound/soc/codecs/cx20442.c b/sound/soc/codecs/cx20442.c +index d6f4abb..5d59f0c 100644 +--- a/sound/soc/codecs/cx20442.c ++++ b/sound/soc/codecs/cx20442.c +@@ -263,6 +263,12 @@ static int v253_hangup(struct tty_struct *tty) + return 0; + } + ++static int v253_hw_write(void *client, const char *buf, int count) ++{ ++ struct tty_struct *tty = client; ++ return tty->ops->write(client, buf, count); ++} ++ + /* Line discipline .receive_buf() */ + static void v253_receive(struct tty_struct *tty, + const unsigned char *cp, char *fp, int count) +@@ -280,7 +286,7 @@ static void v253_receive(struct tty_struct *tty, + + /* Set up codec driver access to modem controls */ + cx20442->control_data = tty; +- codec->hw_write = (hw_write_t)tty->ops->write; ++ codec->hw_write = v253_hw_write; + codec->component.card->pop_time = 1; + } + } +diff --git a/sound/soc/codecs/sti-sas.c b/sound/soc/codecs/sti-sas.c +index 160d61a..cd7a4ac 100644 +--- a/sound/soc/codecs/sti-sas.c ++++ b/sound/soc/codecs/sti-sas.c +@@ -591,11 +591,13 @@ static int sti_sas_driver_probe(struct platform_device *pdev) + sti_sas_dai[STI_SAS_DAI_ANALOG_OUT].ops = drvdata->dev_data->dac_ops; + + /* Set dapms*/ +- sti_sas_driver.dapm_widgets = drvdata->dev_data->dapm_widgets; +- sti_sas_driver.num_dapm_widgets = drvdata->dev_data->num_dapm_widgets; ++ pax_open_kernel(); ++ const_cast(sti_sas_driver.dapm_widgets) = drvdata->dev_data->dapm_widgets; ++ const_cast(sti_sas_driver.num_dapm_widgets) = drvdata->dev_data->num_dapm_widgets; + +- sti_sas_driver.dapm_routes = drvdata->dev_data->dapm_routes; +- sti_sas_driver.num_dapm_routes = drvdata->dev_data->num_dapm_routes; ++ const_cast(sti_sas_driver.dapm_routes) = drvdata->dev_data->dapm_routes; ++ const_cast(sti_sas_driver.num_dapm_routes) = drvdata->dev_data->num_dapm_routes; ++ pax_close_kernel(); + + /* Store context */ + dev_set_drvdata(&pdev->dev, drvdata); +diff --git a/sound/soc/codecs/tlv320dac33.c b/sound/soc/codecs/tlv320dac33.c +index f7a6ce7..82310c8 100644 +--- a/sound/soc/codecs/tlv320dac33.c ++++ b/sound/soc/codecs/tlv320dac33.c +@@ -1375,13 +1375,18 @@ static int dac33_set_dai_fmt(struct snd_soc_dai *codec_dai, + return 0; + } + ++static int dac33_hw_write(void *client, const char *buf, int count) ++{ ++ return i2c_master_send(client, buf, count); ++} ++ + static int dac33_soc_probe(struct snd_soc_codec *codec) + { + struct tlv320dac33_priv *dac33 = snd_soc_codec_get_drvdata(codec); + int ret = 0; + + codec->control_data = dac33->control_data; +- codec->hw_write = (hw_write_t) i2c_master_send; ++ codec->hw_write = dac33_hw_write; + dac33->codec = codec; + + /* Read the tlv320dac33 ID registers */ +diff --git a/sound/soc/codecs/uda1380.c b/sound/soc/codecs/uda1380.c +index 35f0469..7c25cd5 100644 +--- a/sound/soc/codecs/uda1380.c ++++ b/sound/soc/codecs/uda1380.c +@@ -687,6 +687,11 @@ static struct snd_soc_dai_driver uda1380_dai[] = { + }, + }; + ++static int uda1380_hw_write(void *client, const char *buf, int count) ++{ ++ return i2c_master_send(client, buf, count); ++} ++ + static int uda1380_probe(struct snd_soc_codec *codec) + { + struct uda1380_platform_data *pdata =codec->dev->platform_data; +@@ -695,7 +700,7 @@ static int uda1380_probe(struct snd_soc_codec *codec) + + uda1380->codec = codec; + +- codec->hw_write = (hw_write_t)i2c_master_send; ++ codec->hw_write = uda1380_hw_write; + codec->control_data = uda1380->control_data; + + if (!pdata) +diff --git a/sound/soc/intel/skylake/skl-sst-dsp.h b/sound/soc/intel/skylake/skl-sst-dsp.h +index cbb4075..edda3dd 100644 +--- a/sound/soc/intel/skylake/skl-sst-dsp.h ++++ b/sound/soc/intel/skylake/skl-sst-dsp.h +@@ -117,14 +117,14 @@ struct skl_dsp_fw_ops { + int (*load_mod)(struct sst_dsp *ctx, u16 mod_id, char *mod_name); + int (*unload_mod)(struct sst_dsp *ctx, u16 mod_id); + +-}; ++} __no_const; + + struct skl_dsp_loader_ops { + int (*alloc_dma_buf)(struct device *dev, + struct snd_dma_buffer *dmab, size_t size); + int (*free_dma_buf)(struct device *dev, + struct snd_dma_buffer *dmab); +-}; ++} __no_const; + + struct skl_load_module_info { + u16 mod_id; +diff --git a/sound/soc/soc-ac97.c b/sound/soc/soc-ac97.c +index 7e0acd8..b4b2acb 100644 +--- a/sound/soc/soc-ac97.c ++++ b/sound/soc/soc-ac97.c +@@ -416,8 +416,10 @@ int snd_soc_set_ac97_ops_of_reset(struct snd_ac97_bus_ops *ops, + if (ret) + return ret; + +- ops->warm_reset = snd_soc_ac97_warm_reset; +- ops->reset = snd_soc_ac97_reset; ++ pax_open_kernel(); ++ const_cast(ops->warm_reset) = snd_soc_ac97_warm_reset; ++ const_cast(ops->reset) = snd_soc_ac97_reset; ++ pax_close_kernel(); + + snd_ac97_rst_cfg = cfg; + return 0; +diff --git a/sound/soc/xtensa/xtfpga-i2s.c b/sound/soc/xtensa/xtfpga-i2s.c +index 8382ffa..86af7d0 100644 +--- a/sound/soc/xtensa/xtfpga-i2s.c ++++ b/sound/soc/xtensa/xtfpga-i2s.c +@@ -437,7 +437,7 @@ static int xtfpga_pcm_trigger(struct snd_pcm_substream *substream, int cmd) + case SNDRV_PCM_TRIGGER_START: + case SNDRV_PCM_TRIGGER_RESUME: + case SNDRV_PCM_TRIGGER_PAUSE_RELEASE: +- ACCESS_ONCE(i2s->tx_ptr) = 0; ++ ACCESS_ONCE_RW(i2s->tx_ptr) = 0; + rcu_assign_pointer(i2s->tx_substream, substream); + xtfpga_pcm_refill_fifo(i2s); + break; +diff --git a/sound/synth/emux/emux_seq.c b/sound/synth/emux/emux_seq.c +index a020920..55579f6 100644 +--- a/sound/synth/emux/emux_seq.c ++++ b/sound/synth/emux/emux_seq.c +@@ -33,13 +33,13 @@ static int snd_emux_unuse(void *private_data, struct snd_seq_port_subscribe *inf + * MIDI emulation operators + */ + static struct snd_midi_op emux_ops = { +- snd_emux_note_on, +- snd_emux_note_off, +- snd_emux_key_press, +- snd_emux_terminate_note, +- snd_emux_control, +- snd_emux_nrpn, +- snd_emux_sysex, ++ .note_on = snd_emux_note_on, ++ .note_off = snd_emux_note_off, ++ .key_press = snd_emux_key_press, ++ .note_terminate = snd_emux_terminate_note, ++ .control = snd_emux_control, ++ .nrpn = snd_emux_nrpn, ++ .sysex = snd_emux_sysex, + }; + + +diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c +index 81b7da8..bb2676f 100644 +--- a/sound/usb/line6/driver.c ++++ b/sound/usb/line6/driver.c +@@ -307,7 +307,7 @@ int line6_read_data(struct usb_line6 *line6, unsigned address, void *data, + { + struct usb_device *usbdev = line6->usbdev; + int ret; +- unsigned char len; ++ unsigned char *plen; + unsigned count; + + if (address > 0xffff || datalen > 0xff) +@@ -324,6 +324,10 @@ int line6_read_data(struct usb_line6 *line6, unsigned address, void *data, + return ret; + } + ++ plen = kmalloc(1, GFP_KERNEL); ++ if (plen == NULL) ++ return -ENOMEM; ++ + /* Wait for data length. We'll get 0xff until length arrives. */ + for (count = 0; count < LINE6_READ_WRITE_MAX_RETRIES; count++) { + mdelay(LINE6_READ_WRITE_STATUS_DELAY); +@@ -331,30 +335,35 @@ int line6_read_data(struct usb_line6 *line6, unsigned address, void *data, + ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67, + USB_TYPE_VENDOR | USB_RECIP_DEVICE | + USB_DIR_IN, +- 0x0012, 0x0000, &len, 1, ++ 0x0012, 0x0000, plen, 1, + LINE6_TIMEOUT * HZ); + if (ret < 0) { + dev_err(line6->ifcdev, + "receive length failed (error %d)\n", ret); ++ kfree(plen); + return ret; + } + +- if (len != 0xff) ++ if (*plen != 0xff) + break; + } + +- if (len == 0xff) { ++ if (*plen == 0xff) { + dev_err(line6->ifcdev, "read failed after %d retries\n", + count); ++ kfree(plen); + return -EIO; +- } else if (len != datalen) { ++ } else if (*plen != datalen) { + /* should be equal or something went wrong */ + dev_err(line6->ifcdev, + "length mismatch (expected %d, got %d)\n", +- (int)datalen, (int)len); ++ (int)datalen, (int)*plen); ++ kfree(plen); + return -EIO; + } + ++ kfree(plen); ++ + /* receive the result: */ + ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67, + USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, +@@ -378,7 +387,7 @@ int line6_write_data(struct usb_line6 *line6, unsigned address, void *data, + { + struct usb_device *usbdev = line6->usbdev; + int ret; +- unsigned char status; ++ unsigned char *status; + int count; + + if (address > 0xffff || datalen > 0xffff) +@@ -395,6 +404,10 @@ int line6_write_data(struct usb_line6 *line6, unsigned address, void *data, + return ret; + } + ++ status = kmalloc(1, GFP_KERNEL); ++ if (status == NULL) ++ return -ENOMEM; ++ + for (count = 0; count < LINE6_READ_WRITE_MAX_RETRIES; count++) { + mdelay(LINE6_READ_WRITE_STATUS_DELAY); + +@@ -403,27 +416,32 @@ int line6_write_data(struct usb_line6 *line6, unsigned address, void *data, + USB_TYPE_VENDOR | USB_RECIP_DEVICE | + USB_DIR_IN, + 0x0012, 0x0000, +- &status, 1, LINE6_TIMEOUT * HZ); ++ status, 1, LINE6_TIMEOUT * HZ); + + if (ret < 0) { + dev_err(line6->ifcdev, + "receiving status failed (error %d)\n", ret); ++ kfree(status); + return ret; + } + +- if (status != 0xff) ++ if (*status != 0xff) + break; + } + +- if (status == 0xff) { ++ if (*status == 0xff) { + dev_err(line6->ifcdev, "write failed after %d retries\n", + count); ++ kfree(status); + return -EIO; +- } else if (status != 0) { ++ } else if (*status != 0) { + dev_err(line6->ifcdev, "write failed (error %d)\n", ret); ++ kfree(status); + return -EIO; + } + ++ kfree(status); ++ + return 0; + } + EXPORT_SYMBOL_GPL(line6_write_data); +diff --git a/sound/usb/line6/toneport.c b/sound/usb/line6/toneport.c +index 6d4c50c..aa658c8 100644 +--- a/sound/usb/line6/toneport.c ++++ b/sound/usb/line6/toneport.c +@@ -367,13 +367,19 @@ static bool toneport_has_source_select(struct usb_line6_toneport *toneport) + */ + static void toneport_setup(struct usb_line6_toneport *toneport) + { +- int ticks; ++ int *ticks; + struct usb_line6 *line6 = &toneport->line6; + struct usb_device *usbdev = line6->usbdev; + ++ ticks = kmalloc(sizeof(int), GFP_KERNEL); ++ if (ticks == NULL) ++ return; ++ + /* sync time on device with host: */ +- ticks = (int)get_seconds(); +- line6_write_data(line6, 0x80c6, &ticks, 4); ++ *ticks = (int)get_seconds(); ++ line6_write_data(line6, 0x80c6, ticks, sizeof(int)); ++ ++ kfree(ticks); + + /* enable device: */ + toneport_send_cmd(usbdev, 0x0301, 0x0000); diff --git a/tools/include/linux/compiler.h b/tools/include/linux/compiler.h index fa7208a..d568e71 100644 --- a/tools/include/linux/compiler.h |