summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--4.5.5/0000_README2
-rw-r--r--4.5.5/4420_grsecurity-3.1-4.5.5-201605291201.patch (renamed from 4.5.5/4420_grsecurity-3.1-4.5.5-201605211442.patch)9426
2 files changed, 5080 insertions, 4348 deletions
diff --git a/4.5.5/0000_README b/4.5.5/0000_README
index febdb77..71dba33 100644
--- a/4.5.5/0000_README
+++ b/4.5.5/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.5.5-201605211442.patch
+Patch: 4420_grsecurity-3.1-4.5.5-201605291201.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.5.5/4420_grsecurity-3.1-4.5.5-201605211442.patch b/4.5.5/4420_grsecurity-3.1-4.5.5-201605291201.patch
index 7202c18..1fb08ce 100644
--- a/4.5.5/4420_grsecurity-3.1-4.5.5-201605211442.patch
+++ b/4.5.5/4420_grsecurity-3.1-4.5.5-201605291201.patch
@@ -408,7 +408,7 @@ index a93b414..f50a50b 100644
A toggle value indicating if modules are allowed to be loaded
diff --git a/Makefile b/Makefile
-index a23df41..314f8da 100644
+index a23df41..db4f30b 100644
--- a/Makefile
+++ b/Makefile
@@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -422,27 +422,41 @@ index a23df41..314f8da 100644
ifeq ($(shell $(HOSTCC) -v 2>&1 | grep -c "clang version"), 1)
HOSTCFLAGS += -Wno-unused-value -Wno-unused-parameter \
-@@ -434,8 +436,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn \
- # Rules shared between *config targets and build targets
-
- # Basic helpers built in scripts/
--PHONY += scripts_basic
--scripts_basic:
-+PHONY += scripts_basic gcc-plugins
-+scripts_basic: gcc-plugins
- $(Q)$(MAKE) $(build)=scripts/basic
- $(Q)rm -f .tmp_quiet_recordmcount
-
-@@ -622,6 +624,8 @@ endif
+@@ -417,6 +419,8 @@ export KBUILD_AFLAGS_MODULE KBUILD_CFLAGS_MODULE KBUILD_LDFLAGS_MODULE
+ export KBUILD_AFLAGS_KERNEL KBUILD_CFLAGS_KERNEL
+ export KBUILD_ARFLAGS
+
++export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGINS_AFLAGS
++
+ # When compiling out-of-tree modules, put MODVERDIR in the module
+ # tree rather than in the kernel tree. The kernel tree might
+ # even be read-only.
+@@ -547,7 +551,7 @@ ifeq ($(KBUILD_EXTMOD),)
+ # in parallel
+ PHONY += scripts
+ scripts: scripts_basic include/config/auto.conf include/config/tristate.conf \
+- asm-generic
++ asm-generic gcc-plugins
+ $(Q)$(MAKE) $(build)=$(@)
+
+ # Objects we will link into vmlinux / subdirs we need to visit
+@@ -622,6 +626,15 @@ endif
# Tell gcc to never replace conditional load with a non-conditional one
KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
++PHONY += gcc-plugins
++gcc-plugins: scripts_basic
++ifdef CONFIG_GCC_PLUGINS
++ $(Q)$(MAKE) $(build)=scripts/gcc-plugins
++endif
++ @:
++
+include scripts/Makefile.gcc-plugins
+
ifdef CONFIG_READABLE_ASM
# Disable optimizations that make assembler listings hard to read.
# reorder blocks reorders the control in the function
-@@ -714,7 +718,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
+@@ -714,7 +727,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
else
KBUILD_CFLAGS += -g
endif
@@ -451,7 +465,7 @@ index a23df41..314f8da 100644
endif
ifdef CONFIG_DEBUG_INFO_DWARF4
KBUILD_CFLAGS += $(call cc-option, -gdwarf-4,)
-@@ -886,7 +890,7 @@ export mod_sign_cmd
+@@ -886,7 +899,7 @@ export mod_sign_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -460,57 +474,16 @@ index a23df41..314f8da 100644
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -937,6 +941,8 @@ endif
-
- # The actual objects are generated when descending,
- # make sure no implicit rule kicks in
-+$(filter-out $(init-y),$(vmlinux-deps)): KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
-+$(filter-out $(init-y),$(vmlinux-deps)): KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
- $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
-
- # Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -946,7 +952,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
- # Error messages still appears in the original language
-
- PHONY += $(vmlinux-dirs)
--$(vmlinux-dirs): prepare scripts
-+$(vmlinux-dirs): gcc-plugins prepare scripts
- $(Q)$(MAKE) $(build)=$@
-
- define filechk_kernel.release
-@@ -989,10 +995,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
+@@ -989,7 +1002,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
archprepare: archheaders archscripts prepare1 scripts_basic
-+prepare0: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
-+prepare0: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
- prepare0: archprepare FORCE
+-prepare0: archprepare FORCE
++prepare0: archprepare gcc-plugins FORCE
$(Q)$(MAKE) $(build)=.
# All the preparing..
-+prepare: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS))
- prepare: prepare0
-
- # Generate some files
-@@ -1103,6 +1112,8 @@ all: modules
- # using awk while concatenating to the final file.
-
- PHONY += modules
-+modules: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
-+modules: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
- modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
- $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
- @$(kecho) ' Building modules, stage 2.';
-@@ -1118,7 +1129,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
-
- # Target to prepare building external modules
- PHONY += modules_prepare
--modules_prepare: prepare scripts
-+modules_prepare: gcc-plugins prepare scripts
-
- # Target to install modules
- PHONY += modules_install
-@@ -1184,7 +1195,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
+@@ -1184,7 +1197,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
signing_key.pem signing_key.priv signing_key.x509 \
x509.genkey extra_certificates signing_key.x509.keyid \
@@ -523,7 +496,7 @@ index a23df41..314f8da 100644
# clean - Delete most, but leave enough to build external modules
#
-@@ -1223,7 +1238,7 @@ distclean: mrproper
+@@ -1223,7 +1240,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -532,59 +505,31 @@ index a23df41..314f8da 100644
-type f -print | xargs rm -f
-@@ -1390,6 +1405,8 @@ PHONY += $(module-dirs) modules
- $(module-dirs): crmodverdir $(objtree)/Module.symvers
- $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
+diff --git a/arch/Kconfig b/arch/Kconfig
+index f6b649d..5ba628b 100644
+--- a/arch/Kconfig
++++ b/arch/Kconfig
+@@ -353,6 +353,20 @@ config SECCOMP_FILTER
-+modules: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
-+modules: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
- modules: $(module-dirs)
- @$(kecho) ' Building modules, stage 2.';
- $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1531,17 +1548,21 @@ else
- target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
- endif
+ See Documentation/prctl/seccomp_filter.txt for details.
--%.s: %.c prepare scripts FORCE
-+%.s: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
-+%.s: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
-+%.s: %.c gcc-plugins prepare scripts FORCE
- $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
- %.i: %.c prepare scripts FORCE
- $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
--%.o: %.c prepare scripts FORCE
-+%.o: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
-+%.o: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
-+%.o: %.c gcc-plugins prepare scripts FORCE
- $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
- %.lst: %.c prepare scripts FORCE
- $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
--%.s: %.S prepare scripts FORCE
-+%.s: %.S gcc-plugins prepare scripts FORCE
- $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
--%.o: %.S prepare scripts FORCE
-+%.o: %.S gcc-plugins prepare scripts FORCE
- $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
- %.symtypes: %.c prepare scripts FORCE
- $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1553,11 +1574,15 @@ endif
- $(build)=$(build-dir)
- # Make sure the latest headers are built for Documentation
- Documentation/: headers_install
--%/: prepare scripts FORCE
-+%/: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
-+%/: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
-+%/: gcc-plugins prepare scripts FORCE
- $(cmd_crmodverdir)
- $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
- $(build)=$(build-dir)
--%.ko: prepare scripts FORCE
-+%.ko: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
-+%.ko: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
-+%.ko: gcc-plugins prepare scripts FORCE
- $(cmd_crmodverdir)
- $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
- $(build)=$(build-dir) $(@:.ko=.o)
++config HAVE_GCC_PLUGINS
++ bool
++ help
++ An arch should select this symbol if it supports building with
++ GCC plugins.
++
++menuconfig GCC_PLUGINS
++ bool "GCC plugins"
++ depends on HAVE_GCC_PLUGINS
++ default y
++ help
++ GCC plugins are loadable modules that provide extra features to the
++ compiler. They are useful for runtime instrumentation and static analysis.
++
+ config HAVE_CC_STACKPROTECTOR
+ bool
+ help
diff --git a/arch/alpha/include/asm/atomic.h b/arch/alpha/include/asm/atomic.h
index 572b228..e03acdd 100644
--- a/arch/alpha/include/asm/atomic.h
@@ -928,10 +873,18 @@ index 8a188bc..26608f1 100644
Counts number of I and D TLB Misses and exports them via Debugfs
The counters can be cleared via Debugfs as well
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
-index 4f799e5..cc1200e 100644
+index 4f799e5..c1e2b95 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
-@@ -1622,6 +1622,7 @@ config HIGHPTE
+@@ -53,6 +53,7 @@ config ARM
+ select HAVE_FTRACE_MCOUNT_RECORD if (!XIP_KERNEL)
+ select HAVE_FUNCTION_GRAPH_TRACER if (!THUMB2_KERNEL)
+ select HAVE_FUNCTION_TRACER if (!XIP_KERNEL)
++ select HAVE_GCC_PLUGINS
+ select HAVE_GENERIC_DMA_COHERENT
+ select HAVE_HW_BREAKPOINT if (PERF_EVENTS && (CPU_V6 || CPU_V6K || CPU_V7))
+ select HAVE_IDE if PCI || ISA || PCMCIA
+@@ -1622,6 +1623,7 @@ config HIGHPTE
config CPU_SW_DOMAIN_PAN
bool "Enable use of CPU domains to implement privileged no-access"
depends on MMU && !ARM_LPAE
@@ -939,7 +892,7 @@ index 4f799e5..cc1200e 100644
default y
help
Increase kernel security by ensuring that normal kernel accesses
-@@ -1698,7 +1699,7 @@ config ALIGNMENT_TRAP
+@@ -1698,7 +1700,7 @@ config ALIGNMENT_TRAP
config UACCESS_WITH_MEMCPY
bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()"
@@ -948,7 +901,7 @@ index 4f799e5..cc1200e 100644
default y if CPU_FEROCEON
help
Implement faster copy_to_user and clear_user methods for CPU
-@@ -1953,6 +1954,7 @@ config KEXEC
+@@ -1953,6 +1955,7 @@ config KEXEC
depends on (!SMP || PM_SLEEP_SMP)
depends on !CPU_V7M
select KEXEC_CORE
@@ -956,7 +909,7 @@ index 4f799e5..cc1200e 100644
help
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
-@@ -1997,7 +1999,7 @@ config EFI_STUB
+@@ -1997,7 +2000,7 @@ config EFI_STUB
config EFI
bool "UEFI runtime support"
@@ -977,6 +930,19 @@ index c6b6175..2884505 100644
---help---
Say Y here if you want to show the kernel pagetable layout in a
debugfs file. This information is only useful for kernel developers
+diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile
+index 43788b1..2efefcf 100644
+--- a/arch/arm/boot/compressed/Makefile
++++ b/arch/arm/boot/compressed/Makefile
+@@ -106,6 +106,8 @@ ORIG_CFLAGS := $(KBUILD_CFLAGS)
+ KBUILD_CFLAGS = $(subst -pg, , $(ORIG_CFLAGS))
+ endif
+
++KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS))
++
+ # -fstack-protector-strong triggers protection checks in this code,
+ # but it is being used too early to link to meaningful stack_chk logic.
+ nossp_flags := $(call cc-option, -fno-stack-protector)
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
index 9e10c45..24a14ce 100644
--- a/arch/arm/include/asm/atomic.h
@@ -3357,7 +3323,7 @@ index 6bd1089..e999400 100644
{
unsigned long ua_flags;
diff --git a/arch/arm/mach-exynos/suspend.c b/arch/arm/mach-exynos/suspend.c
-index c169cc3..f290a77 100644
+index c169cc3..b007ec6 100644
--- a/arch/arm/mach-exynos/suspend.c
+++ b/arch/arm/mach-exynos/suspend.c
@@ -734,8 +734,10 @@ void __init exynos_pm_init(void)
@@ -3367,8 +3333,8 @@ index c169cc3..f290a77 100644
- exynos_pm_syscore_ops.suspend = pm_data->pm_suspend;
- exynos_pm_syscore_ops.resume = pm_data->pm_resume;
+ pax_open_kernel();
-+ *(void **)&exynos_pm_syscore_ops.suspend = pm_data->pm_suspend;
-+ *(void **)&exynos_pm_syscore_ops.resume = pm_data->pm_resume;
++ const_cast(exynos_pm_syscore_ops.suspend) = pm_data->pm_suspend;
++ const_cast(exynos_pm_syscore_ops.resume) = pm_data->pm_resume;
+ pax_close_kernel();
register_syscore_ops(&exynos_pm_syscore_ops);
@@ -3501,7 +3467,7 @@ index 2af6ff6..1f2959f 100644
/* omap_hwmod_list contains all registered struct omap_hwmods */
static LIST_HEAD(omap_hwmod_list);
diff --git a/arch/arm/mach-omap2/powerdomains43xx_data.c b/arch/arm/mach-omap2/powerdomains43xx_data.c
-index 95fee54..cfa9cf1 100644
+index 95fee54..b5dd79d 100644
--- a/arch/arm/mach-omap2/powerdomains43xx_data.c
+++ b/arch/arm/mach-omap2/powerdomains43xx_data.c
@@ -10,6 +10,7 @@
@@ -3518,7 +3484,7 @@ index 95fee54..cfa9cf1 100644
{
- omap4_pwrdm_operations.pwrdm_has_voltdm = am43xx_check_vcvp;
+ pax_open_kernel();
-+ *(void **)&omap4_pwrdm_operations.pwrdm_has_voltdm = am43xx_check_vcvp;
++ const_cast(omap4_pwrdm_operations.pwrdm_has_voltdm) = am43xx_check_vcvp;
+ pax_close_kernel();
pwrdm_register_platform_funcs(&omap4_pwrdm_operations);
pwrdm_register_pwrdms(powerdomains_am43xx);
@@ -3548,7 +3514,7 @@ index ff0a68c..b312aa0 100644
sizeof(struct omap_wd_timer_platform_data));
WARN(IS_ERR(pdev), "Can't build omap_device for %s:%s.\n",
diff --git a/arch/arm/mach-shmobile/platsmp-apmu.c b/arch/arm/mach-shmobile/platsmp-apmu.c
-index aba75c8..b55a9d7 100644
+index aba75c8..b2b340f 100644
--- a/arch/arm/mach-shmobile/platsmp-apmu.c
+++ b/arch/arm/mach-shmobile/platsmp-apmu.c
@@ -22,6 +22,7 @@
@@ -3565,7 +3531,7 @@ index aba75c8..b55a9d7 100644
{
- shmobile_suspend_ops.enter = shmobile_smp_apmu_enter_suspend;
+ pax_open_kernel();
-+ *(void **)&shmobile_suspend_ops.enter = shmobile_smp_apmu_enter_suspend;
++ const_cast(shmobile_suspend_ops.enter) = shmobile_smp_apmu_enter_suspend;
+ pax_close_kernel();
}
#endif
@@ -3727,7 +3693,7 @@ index c8c8b9e..c55cc79 100644
atomic64_set(&mm->context.id, asid);
}
diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
-index daafcf1..8205ed6 100644
+index daafcf1..a04e1fd 100644
--- a/arch/arm/mm/fault.c
+++ b/arch/arm/mm/fault.c
@@ -25,6 +25,7 @@
@@ -3841,7 +3807,7 @@ index daafcf1..8205ed6 100644
pr_alert("Unhandled fault: %s (0x%03x) at 0x%08lx\n",
inf->name, fsr, addr);
show_pte(current->mm, addr);
-@@ -574,15 +647,104 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *
+@@ -574,15 +647,118 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *
ifsr_info[nr].name = name;
}
@@ -3879,6 +3845,13 @@ index daafcf1..8205ed6 100644
+ */
+ // dmb(); implied by the exception
+ regs->ARM_pc = regs->ARM_lr;
++#ifdef CONFIG_ARM_THUMB
++ if (regs->ARM_lr & 1) {
++ regs->ARM_cpsr |= PSR_T_BIT;
++ regs->ARM_pc &= ~0x1U;
++ } else
++ regs->ARM_cpsr &= ~PSR_T_BIT;
++#endif
+ return;
+ }
+ if (pc == 0xffff0fc0UL) {
@@ -3901,6 +3874,13 @@ index daafcf1..8205ed6 100644
+ */
+ regs->ARM_r0 = current_thread_info()->tp_value[0];
+ regs->ARM_pc = regs->ARM_lr;
++#ifdef CONFIG_ARM_THUMB
++ if (regs->ARM_lr & 1) {
++ regs->ARM_cpsr |= PSR_T_BIT;
++ regs->ARM_pc &= ~0x1U;
++ } else
++ regs->ARM_cpsr &= ~PSR_T_BIT;
++#endif
+ return;
+ }
+ }
@@ -4655,6 +4635,18 @@ index a5bc92d..0bb4730 100644
omap_sram_size - omap_sram_skip);
+ pax_close_kernel();
}
+diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
+index 8cc6228..6d6e4f8 100644
+--- a/arch/arm64/Kconfig
++++ b/arch/arm64/Kconfig
+@@ -70,6 +70,7 @@ config ARM64
+ select HAVE_FTRACE_MCOUNT_RECORD
+ select HAVE_FUNCTION_TRACER
+ select HAVE_FUNCTION_GRAPH_TRACER
++ select HAVE_GCC_PLUGINS
+ select HAVE_GENERIC_DMA_COHERENT
+ select HAVE_HW_BREAKPOINT if PERF_EVENTS
+ select HAVE_IRQ_TIME_ACCOUNTING
diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug
index e13c4bf..3feaea7 100644
--- a/arch/arm64/Kconfig.debug
@@ -5602,10 +5594,18 @@ index 4efe96a..60e8699 100644
#define SMP_CACHE_BYTES L1_CACHE_BYTES
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
-index d3da79d..e607104 100644
+index d3da79d..e317c97 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
-@@ -2656,6 +2656,7 @@ source "kernel/Kconfig.preempt"
+@@ -49,6 +49,7 @@ config MIPS
+ select GENERIC_CMOS_UPDATE
+ select HAVE_MOD_ARCH_SPECIFIC
+ select VIRT_TO_BUS
++ select HAVE_GCC_PLUGINS
+ select MODULES_USE_ELF_REL if MODULES
+ select MODULES_USE_ELF_RELA if MODULES && 64BIT
+ select CLONE_BACKWARDS
+@@ -2656,6 +2657,7 @@ source "kernel/Kconfig.preempt"
config KEXEC
bool "Kexec system call"
select KEXEC_CORE
@@ -7607,10 +7607,18 @@ index f906444..0bb73ae 100644
/*
* If for any reason at all we couldn't handle the fault, make
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
-index 9faa18c..6061610 100644
+index 9faa18c..b24277a 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
-@@ -419,6 +419,7 @@ config KEXEC
+@@ -143,6 +143,7 @@ config PPC
+ select ARCH_USE_BUILTIN_BSWAP
+ select OLD_SIGSUSPEND
+ select OLD_SIGACTION if PPC32
++ select HAVE_GCC_PLUGINS
+ select HAVE_DEBUG_STACKOVERFLOW
+ select HAVE_IRQ_EXIT_ON_IRQ_STACK
+ select ARCH_USE_CMPXCHG_LOCKREF if PPC64
+@@ -419,6 +420,7 @@ config KEXEC
bool "kexec system call"
depends on (PPC_BOOK3S || FSL_BOOKE || (44x && !SMP)) || PPC_BOOK3E
select KEXEC_CORE
@@ -7619,7 +7627,7 @@ index 9faa18c..6061610 100644
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h
-index 55f106e..70cc82a 100644
+index 55f106e..5968afb 100644
--- a/arch/powerpc/include/asm/atomic.h
+++ b/arch/powerpc/include/asm/atomic.h
@@ -12,6 +12,11 @@
@@ -7886,19 +7894,7 @@ index 55f106e..70cc82a 100644
PPC_ATOMIC_EXIT_BARRIER
" subf %0,%2,%0 \n\
2:"
-@@ -252,6 +299,11 @@ static __inline__ int atomic_dec_if_positive(atomic_t *v)
- }
- #define atomic_dec_if_positive atomic_dec_if_positive
-
-+#define smp_mb__before_atomic_dec() smp_mb()
-+#define smp_mb__after_atomic_dec() smp_mb()
-+#define smp_mb__before_atomic_inc() smp_mb()
-+#define smp_mb__after_atomic_inc() smp_mb()
-+
- #ifdef __powerpc64__
-
- #define ATOMIC64_INIT(i) { (i) }
-@@ -265,37 +317,60 @@ static __inline__ long atomic64_read(const atomic64_t *v)
+@@ -265,37 +312,60 @@ static __inline__ long atomic64_read(const atomic64_t *v)
return t;
}
@@ -7963,7 +7959,7 @@ index 55f106e..70cc82a 100644
PPC_ATOMIC_EXIT_BARRIER \
: "=&r" (t) \
: "r" (a), "r" (&v->counter) \
-@@ -304,6 +379,9 @@ static __inline__ long atomic64_##op##_return(long a, atomic64_t *v) \
+@@ -304,6 +374,9 @@ static __inline__ long atomic64_##op##_return(long a, atomic64_t *v) \
return t; \
}
@@ -7973,7 +7969,7 @@ index 55f106e..70cc82a 100644
#define ATOMIC64_OPS(op, asm_op) ATOMIC64_OP(op, asm_op) ATOMIC64_OP_RETURN(op, asm_op)
ATOMIC64_OPS(add, add)
-@@ -314,40 +392,33 @@ ATOMIC64_OP(xor, xor)
+@@ -314,40 +387,33 @@ ATOMIC64_OP(xor, xor)
#undef ATOMIC64_OPS
#undef ATOMIC64_OP_RETURN
@@ -8033,7 +8029,7 @@ index 55f106e..70cc82a 100644
}
/*
-@@ -360,36 +431,18 @@ static __inline__ long atomic64_inc_return(atomic64_t *v)
+@@ -360,36 +426,18 @@ static __inline__ long atomic64_inc_return(atomic64_t *v)
*/
#define atomic64_inc_and_test(v) (atomic64_inc_return(v) == 0)
@@ -8081,7 +8077,7 @@ index 55f106e..70cc82a 100644
}
#define atomic64_sub_and_test(a, v) (atomic64_sub_return((a), (v)) == 0)
-@@ -422,6 +475,16 @@ static __inline__ long atomic64_dec_if_positive(atomic64_t *v)
+@@ -422,6 +470,16 @@ static __inline__ long atomic64_dec_if_positive(atomic64_t *v)
#define atomic64_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n)))
#define atomic64_xchg(v, new) (xchg(&((v)->counter), new))
@@ -8090,7 +8086,7 @@ index 55f106e..70cc82a 100644
+ return cmpxchg(&(v->counter), old, new);
+}
+
-+static inline long atomic64_xchg_unchecked(atomic64_unchecked_t *v, long new)
++static inline long atomic64_xchg_unchecked(atomic64_unchecked_t *v, long new)
+{
+ return xchg(&(v->counter), new);
+}
@@ -8098,7 +8094,7 @@ index 55f106e..70cc82a 100644
/**
* atomic64_add_unless - add unless the number is a given value
* @v: pointer of type atomic64_t
-@@ -437,13 +500,29 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u)
+@@ -437,13 +495,29 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u)
__asm__ __volatile__ (
PPC_ATOMIC_ENTRY_BARRIER
@@ -8698,17 +8694,17 @@ index b7c20f0..4adc0f1 100644
static inline unsigned long clear_user(void __user *addr, unsigned long size)
diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
-index 794f22a..f8de42b 100644
+index 794f22a..9a76447 100644
--- a/arch/powerpc/kernel/Makefile
+++ b/arch/powerpc/kernel/Makefile
@@ -14,6 +14,11 @@ CFLAGS_prom_init.o += -fPIC
CFLAGS_btext.o += -fPIC
endif
-+CFLAGS_REMOVE_cputable.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS)
-+CFLAGS_REMOVE_prom_init.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS)
-+CFLAGS_REMOVE_btext.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS)
-+CFLAGS_REMOVE_prom.o = $(LATENT_ENTROPY_PLUGIN_CFLAGS)
++CFLAGS_cputable.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
++CFLAGS_prom_init.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
++CFLAGS_btext.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
++CFLAGS_prom.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
+
ifdef CONFIG_FUNCTION_TRACER
# Do not trace early boot code
@@ -9678,6 +9674,18 @@ index 6777177..d44b592 100644
info.high_limit = TASK_SIZE;
addr = vm_unmapped_area(&info);
}
+diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig
+index 57ffaf2..4d1fe9a 100644
+--- a/arch/sparc/Kconfig
++++ b/arch/sparc/Kconfig
+@@ -39,6 +39,7 @@ config SPARC
+ select GENERIC_STRNCPY_FROM_USER
+ select GENERIC_STRNLEN_USER
+ select MODULES_USE_ELF_RELA
++ select HAVE_GCC_PLUGINS
+ select ODD_RT_SIGACTION
+ select OLD_SIGSUSPEND
+ select ARCH_HAS_SG_CHAIN
diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm/atomic_64.h
index f2fbf9e..fea461e 100644
--- a/arch/sparc/include/asm/atomic_64.h
@@ -12221,16 +12229,14 @@ index c034dc3..cf1cc96 100644
/*
diff --git a/arch/um/Makefile b/arch/um/Makefile
-index e3abe6f..ae224ef 100644
+index e3abe6f..33a363c 100644
--- a/arch/um/Makefile
+++ b/arch/um/Makefile
-@@ -73,6 +73,10 @@ USER_CFLAGS = $(patsubst $(KERNEL_DEFINES),,$(patsubst -I%,,$(KBUILD_CFLAGS))) \
+@@ -73,6 +73,8 @@ USER_CFLAGS = $(patsubst $(KERNEL_DEFINES),,$(patsubst -I%,,$(KBUILD_CFLAGS))) \
-D_FILE_OFFSET_BITS=64 -idirafter $(srctree)/include \
-idirafter $(obj)/include -D__KERNEL__ -D__UM_HOST__
-+ifdef CONSTIFY_PLUGIN
-+USER_CFLAGS += -fplugin-arg-constify_plugin-no-constify
-+endif
++USER_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(USER_CFLAGS))
+
#This will adjust *FLAGS accordingly to the platform.
include $(ARCH_DIR)/Makefile-os-$(OS)
@@ -12338,7 +12344,7 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 3bf45a0..7b04039 100644
+index 3bf45a0..25ca7da 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -38,14 +38,13 @@ config X86
@@ -12366,7 +12372,15 @@ index 3bf45a0..7b04039 100644
select HAVE_CMPXCHG_DOUBLE
select HAVE_CMPXCHG_LOCAL
select HAVE_CONTEXT_TRACKING if X86_64
-@@ -290,7 +289,7 @@ config X86_64_SMP
+@@ -109,6 +108,7 @@ config X86
+ select HAVE_FUNCTION_GRAPH_FP_TEST
+ select HAVE_FUNCTION_GRAPH_TRACER
+ select HAVE_FUNCTION_TRACER
++ select HAVE_GCC_PLUGINS
+ select HAVE_GENERIC_DMA_COHERENT if X86_32
+ select HAVE_HW_BREAKPOINT
+ select HAVE_IDE
+@@ -290,7 +290,7 @@ config X86_64_SMP
config X86_32_LAZY_GS
def_bool y
@@ -12375,7 +12389,7 @@ index 3bf45a0..7b04039 100644
config ARCH_HWEIGHT_CFLAGS
string
-@@ -674,6 +673,7 @@ config SCHED_OMIT_FRAME_POINTER
+@@ -674,6 +674,7 @@ config SCHED_OMIT_FRAME_POINTER
menuconfig HYPERVISOR_GUEST
bool "Linux guest support"
@@ -12383,7 +12397,7 @@ index 3bf45a0..7b04039 100644
---help---
Say Y here to enable options for running Linux under various hyper-
visors. This option enables basic hypervisor detection and platform
-@@ -1073,6 +1073,7 @@ config VM86
+@@ -1073,6 +1074,7 @@ config VM86
config X86_16BIT
bool "Enable support for 16-bit segments" if EXPERT
@@ -12391,7 +12405,7 @@ index 3bf45a0..7b04039 100644
default y
depends on MODIFY_LDT_SYSCALL
---help---
-@@ -1227,6 +1228,7 @@ choice
+@@ -1227,6 +1229,7 @@ choice
config NOHIGHMEM
bool "off"
@@ -12399,7 +12413,7 @@ index 3bf45a0..7b04039 100644
---help---
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
However, the address space of 32-bit x86 processors is only 4
-@@ -1263,6 +1265,7 @@ config NOHIGHMEM
+@@ -1263,6 +1266,7 @@ config NOHIGHMEM
config HIGHMEM4G
bool "4GB"
@@ -12407,7 +12421,7 @@ index 3bf45a0..7b04039 100644
---help---
Select this if you have a 32-bit processor and between 1 and 4
gigabytes of physical RAM.
-@@ -1315,7 +1318,7 @@ config PAGE_OFFSET
+@@ -1315,7 +1319,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
@@ -12416,7 +12430,7 @@ index 3bf45a0..7b04039 100644
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1336,7 +1339,6 @@ config X86_PAE
+@@ -1336,7 +1340,6 @@ config X86_PAE
config ARCH_PHYS_ADDR_T_64BIT
def_bool y
@@ -12424,7 +12438,7 @@ index 3bf45a0..7b04039 100644
config ARCH_DMA_ADDR_T_64BIT
def_bool y
-@@ -1467,7 +1469,7 @@ config ARCH_PROC_KCORE_TEXT
+@@ -1467,7 +1470,7 @@ config ARCH_PROC_KCORE_TEXT
config ILLEGAL_POINTER_VALUE
hex
@@ -12433,7 +12447,7 @@ index 3bf45a0..7b04039 100644
default 0xdead000000000000 if X86_64
source "mm/Kconfig"
-@@ -1776,6 +1778,7 @@ source kernel/Kconfig.hz
+@@ -1776,6 +1779,7 @@ source kernel/Kconfig.hz
config KEXEC
bool "kexec system call"
select KEXEC_CORE
@@ -12441,7 +12455,7 @@ index 3bf45a0..7b04039 100644
---help---
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
-@@ -1958,7 +1961,9 @@ config X86_NEED_RELOCS
+@@ -1958,7 +1962,9 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned"
@@ -12452,7 +12466,7 @@ index 3bf45a0..7b04039 100644
range 0x2000 0x1000000 if X86_32
range 0x200000 0x1000000 if X86_64
---help---
-@@ -2041,6 +2046,7 @@ config COMPAT_VDSO
+@@ -2041,6 +2047,7 @@ config COMPAT_VDSO
def_bool n
prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
depends on X86_32 || IA32_EMULATION
@@ -12460,7 +12474,7 @@ index 3bf45a0..7b04039 100644
---help---
Certain buggy versions of glibc will crash if they are
presented with a 32-bit vDSO that is not mapped at the address
-@@ -2081,15 +2087,6 @@ choice
+@@ -2081,15 +2088,6 @@ choice
If unsure, select "Emulate".
@@ -12476,7 +12490,7 @@ index 3bf45a0..7b04039 100644
config LEGACY_VSYSCALL_EMULATE
bool "Emulate"
help
-@@ -2170,6 +2167,22 @@ config MODIFY_LDT_SYSCALL
+@@ -2170,6 +2168,22 @@ config MODIFY_LDT_SYSCALL
Saying 'N' here may make sense for embedded or server kernels.
@@ -12610,20 +12624,6 @@ index 4086abc..52a0a9b 100644
+*** ${VERSION}.${PATCHLEVEL} PaX kernels no longer build correctly with old versions of binutils.
+*** Please upgrade your binutils to 2.18 or newer
+endef
-diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
-index bbe1a62..ec6a3ec 100644
---- a/arch/x86/boot/Makefile
-+++ b/arch/x86/boot/Makefile
-@@ -58,6 +58,9 @@ clean-files += cpustr.h
- # ---------------------------------------------------------------------------
-
- KBUILD_CFLAGS := $(USERINCLUDE) $(REALMODE_CFLAGS) -D_SETUP
-+ifdef CONSTIFY_PLUGIN
-+KBUILD_CFLAGS += -fplugin-arg-constify_plugin-no-constify
-+endif
- KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
- GCOV_PROFILE := n
- UBSAN_SANITIZE := n
diff --git a/arch/x86/boot/bitops.h b/arch/x86/boot/bitops.h
index 878e4b9..20537ab 100644
--- a/arch/x86/boot/bitops.h
@@ -12660,17 +12660,13 @@ index 9011a88..06aa820 100644
}
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
-index f9ce75d..0b1600d 100644
+index f9ce75d..245ea76 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
-@@ -30,6 +30,26 @@ KBUILD_CFLAGS += $(cflags-y)
- KBUILD_CFLAGS += -mno-mmx -mno-sse
+@@ -31,6 +31,23 @@ KBUILD_CFLAGS += -mno-mmx -mno-sse
KBUILD_CFLAGS += $(call cc-option,-ffreestanding)
KBUILD_CFLAGS += $(call cc-option,-fno-stack-protector)
-+ifdef CONSTIFY_PLUGIN
-+KBUILD_CFLAGS += -fplugin-arg-constify_plugin-no-constify
-+endif
-+
+
+ifdef CONFIG_DEBUG_INFO
+ifdef CONFIG_DEBUG_INFO_SPLIT
+KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
@@ -12687,9 +12683,10 @@ index f9ce75d..0b1600d 100644
+KBUILD_CFLAGS += $(call cc-option, -femit-struct-debug-baseonly) \
+ $(call cc-option,-fno-var-tracking)
+endif
-
++
KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
GCOV_PROFILE := n
+ UBSAN_SANITIZE :=n
diff --git a/arch/x86/boot/compressed/efi_stub_32.S b/arch/x86/boot/compressed/efi_stub_32.S
index a53440e..c3dbf1e 100644
--- a/arch/x86/boot/compressed/efi_stub_32.S
@@ -15756,7 +15753,7 @@ index e32206e0..809adae 100644
.macro REMOVE_PT_GPREGS_FROM_STACK addskip=0
diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
-index 1a4477c..95199ec4 100644
+index 1a4477c..7061819 100644
--- a/arch/x86/entry/common.c
+++ b/arch/x86/entry/common.c
@@ -32,9 +32,7 @@
@@ -15869,7 +15866,7 @@ index 1a4477c..95199ec4 100644
+ [param4] "m" (regs->si),
+ [param5] "m" (regs->di),
+ [param6] "m" (regs->bp)
-+ : "di", "si", "dx", "cx", "r8", "r9", "memory");
++ : "ax", "di", "si", "dx", "cx", "r8", "r9", "r10", "r11", "memory");
+#else
+ asm volatile("pushl %[param6]\n\t"
+ "pushl %[param5]\n\t"
@@ -22879,7 +22876,7 @@ index 82c34ee..940fa40 100644
unsigned, unsigned, unsigned);
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
-index c7b5510..2ab8977 100644
+index c7b5510..f6d5ca4 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -39,7 +39,7 @@
@@ -22961,7 +22958,7 @@ index c7b5510..2ab8977 100644
}
static inline unsigned long current_stack_pointer(void)
-@@ -179,14 +182,9 @@ static inline unsigned long current_stack_pointer(void)
+@@ -179,41 +182,9 @@ static inline unsigned long current_stack_pointer(void)
#else /* !__ASSEMBLY__ */
@@ -22973,11 +22970,38 @@ index c7b5510..2ab8977 100644
#define GET_THREAD_INFO(reg) \
- _ASM_MOV PER_CPU_VAR(cpu_current_top_of_stack),reg ; \
- _ASM_SUB $(THREAD_SIZE),reg ;
+-
+-/*
+- * ASM operand which evaluates to a 'thread_info' address of
+- * the current task, if it is known that "reg" is exactly "off"
+- * bytes below the top of the stack currently.
+- *
+- * ( The kernel stack's size is known at build time, it is usually
+- * 2 or 4 pages, and the bottom of the kernel stack contains
+- * the thread_info structure. So to access the thread_info very
+- * quickly from assembly code we can calculate down from the
+- * top of the kernel stack to the bottom, using constant,
+- * build-time calculations only. )
+- *
+- * For example, to fetch the current thread_info->flags value into %eax
+- * on x86-64 defconfig kernels, in syscall entry code where RSP is
+- * currently at exactly SIZEOF_PTREGS bytes away from the top of the
+- * stack:
+- *
+- * mov ASM_THREAD_INFO(TI_flags, %rsp, SIZEOF_PTREGS), %eax
+- *
+- * will translate to:
+- *
+- * 8b 84 24 b8 c0 ff ff mov -0x3f48(%rsp), %eax
+- *
+- * which is below the current RSP by almost 16K.
+- */
+-#define ASM_THREAD_INFO(field, reg, off) ((field)+(off)-THREAD_SIZE)(reg)
+ _ASM_MOV PER_CPU_VAR(current_tinfo),reg ;
- /*
- * ASM operand which evaluates to a 'thread_info' address of
-@@ -279,5 +277,12 @@ static inline bool is_ia32_task(void)
+ #endif
+
+@@ -279,5 +250,12 @@ static inline bool is_ia32_task(void)
extern void arch_task_cache_init(void);
extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src);
extern void arch_release_task_struct(struct task_struct *tsk);
@@ -25722,7 +25746,7 @@ index 2cad71d..5f1baf2 100644
__bts_event_stop(event);
diff --git a/arch/x86/kernel/cpu/perf_event_intel_cqm.c b/arch/x86/kernel/cpu/perf_event_intel_cqm.c
-index a316ca9..99344f4 100644
+index a316ca9..07e219e 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_cqm.c
+++ b/arch/x86/kernel/cpu/perf_event_intel_cqm.c
@@ -1364,7 +1364,9 @@ static int __init intel_cqm_init(void)
@@ -25731,7 +25755,7 @@ index a316ca9..99344f4 100644
- event_attr_intel_cqm_llc_scale.event_str = str;
+ pax_open_kernel();
-+ *(const char **)&event_attr_intel_cqm_llc_scale.event_str = str;
++ const_cast(event_attr_intel_cqm_llc_scale.event_str) = str;
+ pax_close_kernel();
ret = intel_cqm_setup_rmid_cache();
@@ -25798,7 +25822,7 @@ index 653f88d..11b6b78 100644
if (!insn.opcode.got)
return X86_BR_ABORT;
diff --git a/arch/x86/kernel/cpu/perf_event_intel_pt.c b/arch/x86/kernel/cpu/perf_event_intel_pt.c
-index c0bbd10..727ae15e 100644
+index c0bbd10..53a5dc6 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_pt.c
+++ b/arch/x86/kernel/cpu/perf_event_intel_pt.c
@@ -133,14 +133,10 @@ static const struct attribute_group *pt_attr_groups[] = {
@@ -25839,22 +25863,22 @@ index c0bbd10..727ae15e 100644
+ struct dev_ext_attribute *de_attr = &de_attrs[i];
- de_attr->attr.attr.name = pt_caps[i].name;
-+ *(const char **)&de_attr->attr.attr.name = pt_caps[i].name;
++ const_cast(de_attr->attr.attr.name) = pt_caps[i].name;
sysfs_attr_init(&de_attr->attr.attr);
- de_attr->attr.attr.mode = S_IRUGO;
- de_attr->attr.show = pt_cap_show;
- de_attr->var = (void *)i;
-+ *(umode_t *)&de_attr->attr.attr.mode = S_IRUGO;
-+ *(void **)&de_attr->attr.show = pt_cap_show;
-+ *(void **)&de_attr->var = (void *)i;
++ const_cast(de_attr->attr.attr.mode) = S_IRUGO;
++ const_cast(de_attr->attr.show) = pt_cap_show;
++ const_cast(de_attr->var) = (void *)i;
attrs[i] = &de_attr->attr.attr;
}
- pt_cap_group.attrs = attrs;
-+ *(struct attribute ***)&pt_cap_group.attrs = attrs;
++ const_cast(pt_cap_group.attrs) = attrs;
+ pax_close_kernel();
return 0;
@@ -27813,7 +27837,7 @@ index 64341aa..b1e6632 100644
+EXPORT_SYMBOL(cpu_pgd);
+#endif
diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c
-index be22f5a..c5d0e1f 100644
+index be22f5a..a04fa14 100644
--- a/arch/x86/kernel/i8259.c
+++ b/arch/x86/kernel/i8259.c
@@ -110,7 +110,7 @@ static int i8259A_irq_pending(unsigned int irq)
@@ -27845,10 +27869,10 @@ index be22f5a..c5d0e1f 100644
* when acking.
*/
- i8259A_chip.irq_mask_ack = disable_8259A_irq;
-+ *(void **)&i8259A_chip.irq_mask_ack = disable_8259A_irq;
++ const_cast(i8259A_chip.irq_mask_ack) = disable_8259A_irq;
else
- i8259A_chip.irq_mask_ack = mask_and_ack_8259A;
-+ *(void **)&i8259A_chip.irq_mask_ack = mask_and_ack_8259A;
++ const_cast(i8259A_chip.irq_mask_ack) = mask_and_ack_8259A;
+ pax_close_kernel();
udelay(100); /* wait for 8259A to initialize */
@@ -29041,7 +29065,7 @@ index 6d9582e..f746287 100644
return;
}
diff --git a/arch/x86/kernel/paravirt-spinlocks.c b/arch/x86/kernel/paravirt-spinlocks.c
-index 33ee3e0..ca43dee 100644
+index 33ee3e0..6d23e5c 100644
--- a/arch/x86/kernel/paravirt-spinlocks.c
+++ b/arch/x86/kernel/paravirt-spinlocks.c
@@ -23,16 +23,32 @@ bool pv_is_native_spin_unlock(void)
@@ -29058,7 +29082,7 @@ index 33ee3e0..ca43dee 100644
+static void native_kick(int cpu)
+{
+}
-+//#else /* !CONFIG_QUEUED_SPINLOCKS */
++#else /* !CONFIG_QUEUED_SPINLOCKS */
+static void native_unlock_kick(struct arch_spinlock *lock, __ticket_t ticket)
+{
+}
@@ -37439,7 +37463,7 @@ index 4e664bd..2beeaa2 100644
return NULL;
diff --git a/arch/x86/oprofile/nmi_int.c b/arch/x86/oprofile/nmi_int.c
-index 1d2e639..d7f0e67 100644
+index 1d2e639..6473b8a 100644
--- a/arch/x86/oprofile/nmi_int.c
+++ b/arch/x86/oprofile/nmi_int.c
@@ -23,6 +23,7 @@
@@ -37467,14 +37491,14 @@ index 1d2e639..d7f0e67 100644
- model->num_virt_counters = model->num_counters;
+ if (!model->num_virt_counters) {
+ pax_open_kernel();
-+ *(unsigned int *)&model->num_virt_counters = model->num_counters;
++ const_cast(model->num_virt_counters) = model->num_counters;
+ pax_close_kernel();
+ }
mux_init(ops);
diff --git a/arch/x86/oprofile/op_model_amd.c b/arch/x86/oprofile/op_model_amd.c
-index 50d86c0..7985318 100644
+index 50d86c0..b0b9ae0 100644
--- a/arch/x86/oprofile/op_model_amd.c
+++ b/arch/x86/oprofile/op_model_amd.c
@@ -519,9 +519,11 @@ static int op_amd_init(struct oprofile_operations *ops)
@@ -37485,15 +37509,15 @@ index 50d86c0..7985318 100644
- op_amd_spec.num_controls = num_counters;
- op_amd_spec.num_virt_counters = max(num_counters, NUM_VIRT_COUNTERS);
+ pax_open_kernel();
-+ *(unsigned int *)&op_amd_spec.num_counters = num_counters;
-+ *(unsigned int *)&op_amd_spec.num_controls = num_counters;
-+ *(unsigned int *)&op_amd_spec.num_virt_counters = max(num_counters, NUM_VIRT_COUNTERS);
++ const_cast(op_amd_spec.num_counters) = num_counters;
++ const_cast(op_amd_spec.num_controls) = num_counters;
++ const_cast(op_amd_spec.num_virt_counters) = max(num_counters, NUM_VIRT_COUNTERS);
+ pax_close_kernel();
return 0;
}
diff --git a/arch/x86/oprofile/op_model_ppro.c b/arch/x86/oprofile/op_model_ppro.c
-index d90528e..0127e2b 100644
+index d90528e..a44aa09 100644
--- a/arch/x86/oprofile/op_model_ppro.c
+++ b/arch/x86/oprofile/op_model_ppro.c
@@ -19,6 +19,7 @@
@@ -37511,8 +37535,8 @@ index d90528e..0127e2b 100644
- op_arch_perfmon_spec.num_counters = num_counters;
- op_arch_perfmon_spec.num_controls = num_counters;
+ pax_open_kernel();
-+ *(unsigned int *)&op_arch_perfmon_spec.num_counters = num_counters;
-+ *(unsigned int *)&op_arch_perfmon_spec.num_controls = num_counters;
++ const_cast(op_arch_perfmon_spec.num_counters) = num_counters;
++ const_cast(op_arch_perfmon_spec.num_controls) = num_counters;
+ pax_close_kernel();
}
@@ -37808,7 +37832,7 @@ index 9770e55..76067ec 100644
}
EXPORT_SYMBOL(pcibios_set_irq_routing);
diff --git a/arch/x86/pci/vmd.c b/arch/x86/pci/vmd.c
-index d57e480..20eb97a 100644
+index d57e480..fc4db30 100644
--- a/arch/x86/pci/vmd.c
+++ b/arch/x86/pci/vmd.c
@@ -374,7 +374,7 @@ static void vmd_teardown_dma_ops(struct vmd_dev *vmd)
@@ -37816,7 +37840,7 @@ index d57e480..20eb97a 100644
do { \
if (source->fn) \
- dest->fn = vmd_##fn; \
-+ *(void **)&dest->fn = vmd_##fn; \
++ const_cast(dest->fn) = vmd_##fn; \
} while (0)
static void vmd_setup_dma_ops(struct vmd_dev *vmd)
@@ -38238,20 +38262,6 @@ index 0b7a63d..dff2199 100644
trampoline_pgd[511] = init_level4_pgt[511].pgd;
#endif
}
-diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile
-index 3e75fcf..4cfefb8 100644
---- a/arch/x86/realmode/rm/Makefile
-+++ b/arch/x86/realmode/rm/Makefile
-@@ -68,6 +68,9 @@ $(obj)/realmode.relocs: $(obj)/realmode.elf FORCE
-
- KBUILD_CFLAGS := $(LINUXINCLUDE) $(REALMODE_CFLAGS) -D_SETUP -D_WAKEUP \
- -I$(srctree)/arch/x86/boot
-+ifdef CONSTIFY_PLUGIN
-+KBUILD_CFLAGS += -fplugin-arg-constify_plugin-no-constify
-+endif
- KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
- GCOV_PROFILE := n
- UBSAN_SANITIZE := n
diff --git a/arch/x86/realmode/rm/header.S b/arch/x86/realmode/rm/header.S
index a28221d..93c40f1 100644
--- a/arch/x86/realmode/rm/header.S
@@ -39659,7 +39669,7 @@ index b719ab3..371e2a6 100644
enum acpi_battery_files {
info_tag = 0,
diff --git a/drivers/acpi/bgrt.c b/drivers/acpi/bgrt.c
-index a83e3c6..c3d617f 100644
+index a83e3c6..7f4a90b 100644
--- a/drivers/acpi/bgrt.c
+++ b/drivers/acpi/bgrt.c
@@ -86,8 +86,10 @@ static int __init bgrt_init(void)
@@ -39669,8 +39679,8 @@ index a83e3c6..c3d617f 100644
- bin_attr_image.private = bgrt_image;
- bin_attr_image.size = bgrt_image_size;
+ pax_open_kernel();
-+ *(void **)&bin_attr_image.private = bgrt_image;
-+ *(size_t *)&bin_attr_image.size = bgrt_image_size;
++ const_cast(bin_attr_image.private) = bgrt_image;
++ const_cast(bin_attr_image.size) = bgrt_image_size;
+ pax_close_kernel();
bgrt_kobj = kobject_create_and_add("bgrt", acpi_kobj);
@@ -39966,7 +39976,7 @@ index 7d00b7a..d5fd80d 100644
int ret;
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index 55e257c..28b9a25 100644
+index 55e257c..554c697 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -103,7 +103,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev);
@@ -40009,7 +40019,7 @@ index 55e257c..28b9a25 100644
*pp = NULL;
- ops->inherits = NULL;
-+ *(struct ata_port_operations **)&ops->inherits = NULL;
++ const_cast(ops->inherits) = NULL;
+ pax_close_kernel();
spin_unlock(&lock);
@@ -40051,7 +40061,7 @@ index f840ca1..edd6ef3 100644
extern int libata_fua;
extern int libata_noacpi;
diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c
-index 80fe0f6..8c0fa3f 100644
+index 80fe0f6..d95a192 100644
--- a/drivers/ata/pata_arasan_cf.c
+++ b/drivers/ata/pata_arasan_cf.c
@@ -864,7 +864,9 @@ static int arasan_cf_probe(struct platform_device *pdev)
@@ -40060,7 +40070,7 @@ index 80fe0f6..8c0fa3f 100644
if (quirk & CF_BROKEN_PIO) {
- ap->ops->set_piomode = NULL;
+ pax_open_kernel();
-+ *(void **)&ap->ops->set_piomode = NULL;
++ const_cast(ap->ops->set_piomode) = NULL;
+ pax_close_kernel();
ap->pio_mask = 0;
}
@@ -41138,7 +41148,7 @@ index 560751b..3a4847a 100644
static ssize_t show_node_state(struct device *dev,
struct device_attribute *attr, char *buf)
diff --git a/drivers/base/platform-msi.c b/drivers/base/platform-msi.c
-index 279e539..b87ed03 100644
+index 279e539..4c9d7fb 100644
--- a/drivers/base/platform-msi.c
+++ b/drivers/base/platform-msi.c
@@ -24,6 +24,8 @@
@@ -41157,10 +41167,10 @@ index 279e539..b87ed03 100644
+ pax_open_kernel();
if (ops->msi_init == NULL)
- ops->msi_init = platform_msi_init;
-+ *(void **)&ops->msi_init = platform_msi_init;
++ const_cast(ops->msi_init) = platform_msi_init;
if (ops->set_desc == NULL)
- ops->set_desc = platform_msi_set_desc;
-+ *(void **)&ops->set_desc = platform_msi_set_desc;
++ const_cast(ops->set_desc) = platform_msi_set_desc;
+ pax_close_kernel();
}
@@ -41172,25 +41182,25 @@ index 279e539..b87ed03 100644
+ pax_open_kernel();
if (!chip->irq_mask)
- chip->irq_mask = irq_chip_mask_parent;
-+ *(void **)&chip->irq_mask = irq_chip_mask_parent;
++ const_cast(chip->irq_mask) = irq_chip_mask_parent;
if (!chip->irq_unmask)
- chip->irq_unmask = irq_chip_unmask_parent;
-+ *(void **)&chip->irq_unmask = irq_chip_unmask_parent;
++ const_cast(chip->irq_unmask) = irq_chip_unmask_parent;
if (!chip->irq_eoi)
- chip->irq_eoi = irq_chip_eoi_parent;
-+ *(void **)&chip->irq_eoi = irq_chip_eoi_parent;
++ const_cast(chip->irq_eoi) = irq_chip_eoi_parent;
if (!chip->irq_set_affinity)
- chip->irq_set_affinity = msi_domain_set_affinity;
-+ *(void **)&chip->irq_set_affinity = msi_domain_set_affinity;
++ const_cast(chip->irq_set_affinity) = msi_domain_set_affinity;
if (!chip->irq_write_msi_msg)
- chip->irq_write_msi_msg = platform_msi_write_msg;
-+ *(void **)&chip->irq_write_msi_msg = platform_msi_write_msg;
++ const_cast(chip->irq_write_msi_msg) = platform_msi_write_msg;
+ pax_close_kernel();
}
static void platform_msi_free_descs(struct device *dev, int base, int nvec)
diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
-index 0caf92a..cff4879 100644
+index 0caf92a..62c184c 100644
--- a/drivers/base/power/domain.c
+++ b/drivers/base/power/domain.c
@@ -1804,8 +1804,10 @@ int genpd_dev_pm_attach(struct device *dev)
@@ -41200,8 +41210,8 @@ index 0caf92a..cff4879 100644
- dev->pm_domain->detach = genpd_dev_pm_detach;
- dev->pm_domain->sync = genpd_dev_pm_sync;
+ pax_open_kernel();
-+ *(void **)&dev->pm_domain->detach = genpd_dev_pm_detach;
-+ *(void **)&dev->pm_domain->sync = genpd_dev_pm_sync;
++ const_cast(dev->pm_domain->detach) = genpd_dev_pm_detach;
++ const_cast(dev->pm_domain->sync) = genpd_dev_pm_sync;
+ pax_close_kernel();
mutex_lock(&pd->lock);
@@ -42349,7 +42359,7 @@ index 24a652f..2dffae6 100644
int err;
diff --git a/drivers/bus/arm-cci.c b/drivers/bus/arm-cci.c
-index 577cc4b..bfe0c2d 100644
+index 577cc4b..129a13e 100644
--- a/drivers/bus/arm-cci.c
+++ b/drivers/bus/arm-cci.c
@@ -1249,16 +1249,22 @@ static int cci_pmu_init_attrs(struct cci_pmu *cci_pmu, struct platform_device *p
@@ -42358,7 +42368,7 @@ index 577cc4b..bfe0c2d 100644
return -ENOMEM;
- pmu_event_attr_group.attrs = attrs;
+ pax_open_kernel();
-+ *(struct attribute ***)&pmu_event_attr_group.attrs = attrs;
++ const_cast(pmu_event_attr_group.attrs) = attrs;
+ pax_close_kernel();
}
if (model->nformat_attrs) {
@@ -42368,18 +42378,18 @@ index 577cc4b..bfe0c2d 100644
return -ENOMEM;
- pmu_format_attr_group.attrs = attrs;
+ pax_open_kernel();
-+ *(struct attribute ***)&pmu_format_attr_group.attrs = attrs;
++ const_cast(pmu_format_attr_group.attrs) = attrs;
+ pax_close_kernel();
}
- pmu_cpumask_attr.var = cci_pmu;
+ pax_open_kernel();
-+ *(void **)&pmu_cpumask_attr.var = cci_pmu;
++ const_cast(pmu_cpumask_attr.var) = cci_pmu;
+ pax_close_kernel();
return 0;
}
diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
-index 1b257ea..ea76b22 100644
+index 1b257ea..2280898 100644
--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c
@@ -610,7 +610,6 @@ int register_cdrom(struct cdrom_device_info *cdi)
@@ -42398,7 +42408,7 @@ index 1b257ea..ea76b22 100644
- cdo->generic_packet = cdrom_dummy_generic_packet;
+ if (!cdo->generic_packet) {
+ pax_open_kernel();
-+ *(void **)&cdo->generic_packet = cdrom_dummy_generic_packet;
++ const_cast(cdo->generic_packet) = cdrom_dummy_generic_packet;
+ pax_close_kernel();
+ }
@@ -43150,7 +43160,7 @@ index aa872d2..afeae37 100644
/**
* struct samsung_clk_reg_dump: register dump of clock controller registers.
diff --git a/drivers/clk/socfpga/clk-gate.c b/drivers/clk/socfpga/clk-gate.c
-index aa7a6e6..e67210d 100644
+index aa7a6e6..1e9b426 100644
--- a/drivers/clk/socfpga/clk-gate.c
+++ b/drivers/clk/socfpga/clk-gate.c
@@ -21,6 +21,7 @@
@@ -43177,14 +43187,14 @@ index aa7a6e6..e67210d 100644
- gateclk_ops.enable = clk_gate_ops.enable;
- gateclk_ops.disable = clk_gate_ops.disable;
+ pax_open_kernel();
-+ *(void **)&gateclk_ops.enable = clk_gate_ops.enable;
-+ *(void **)&gateclk_ops.disable = clk_gate_ops.disable;
++ const_cast(gateclk_ops.enable) = clk_gate_ops.enable;
++ const_cast(gateclk_ops.disable) = clk_gate_ops.disable;
+ pax_close_kernel();
}
rc = of_property_read_u32(node, "fixed-divider", &fixed_div);
diff --git a/drivers/clk/socfpga/clk-pll.c b/drivers/clk/socfpga/clk-pll.c
-index c7f4631..463813a 100644
+index c7f4631..8d1b7d0 100644
--- a/drivers/clk/socfpga/clk-pll.c
+++ b/drivers/clk/socfpga/clk-pll.c
@@ -20,6 +20,7 @@
@@ -43211,14 +43221,14 @@ index c7f4631..463813a 100644
- clk_pll_ops.enable = clk_gate_ops.enable;
- clk_pll_ops.disable = clk_gate_ops.disable;
+ pax_open_kernel();
-+ *(void **)&clk_pll_ops.enable = clk_gate_ops.enable;
-+ *(void **)&clk_pll_ops.disable = clk_gate_ops.disable;
++ const_cast(clk_pll_ops.enable) = clk_gate_ops.enable;
++ const_cast(clk_pll_ops.disable) = clk_gate_ops.disable;
+ pax_close_kernel();
clk = clk_register(NULL, &pll_clk->hw.hw);
if (WARN_ON(IS_ERR(clk))) {
diff --git a/drivers/clk/ti/clk.c b/drivers/clk/ti/clk.c
-index b5bcd77..0f7bd99 100644
+index b5bcd77..fc230cb 100644
--- a/drivers/clk/ti/clk.c
+++ b/drivers/clk/ti/clk.c
@@ -25,6 +25,8 @@
@@ -43237,14 +43247,14 @@ index b5bcd77..0f7bd99 100644
- ops->clk_readl = clk_memmap_readl;
- ops->clk_writel = clk_memmap_writel;
+ pax_open_kernel();
-+ *(void **)&ops->clk_readl = clk_memmap_readl;
-+ *(void **)&ops->clk_writel = clk_memmap_writel;
++ const_cast(ops->clk_readl) = clk_memmap_readl;
++ const_cast(ops->clk_writel) = clk_memmap_writel;
+ pax_close_kernel();
return 0;
}
diff --git a/drivers/cpufreq/acpi-cpufreq.c b/drivers/cpufreq/acpi-cpufreq.c
-index 51eef87..d944fa7 100644
+index 51eef87..f530cf9 100644
--- a/drivers/cpufreq/acpi-cpufreq.c
+++ b/drivers/cpufreq/acpi-cpufreq.c
@@ -682,8 +682,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
@@ -43255,7 +43265,7 @@ index 51eef87..d944fa7 100644
- acpi_cpufreq_driver.flags |= CPUFREQ_CONST_LOOPS;
+ if (cpu_has(c, X86_FEATURE_CONSTANT_TSC)) {
+ pax_open_kernel();
-+ *(u8 *)&acpi_cpufreq_driver.flags |= CPUFREQ_CONST_LOOPS;
++ const_cast(acpi_cpufreq_driver.flags) |= CPUFREQ_CONST_LOOPS;
+ pax_close_kernel();
+ }
@@ -43267,7 +43277,7 @@ index 51eef87..d944fa7 100644
case ACPI_ADR_SPACE_FIXED_HARDWARE:
- acpi_cpufreq_driver.get = get_cur_freq_on_cpu;
+ pax_open_kernel();
-+ *(void **)&acpi_cpufreq_driver.get = get_cur_freq_on_cpu;
++ const_cast(acpi_cpufreq_driver.get) = get_cur_freq_on_cpu;
+ pax_close_kernel();
break;
default:
@@ -43279,14 +43289,14 @@ index 51eef87..d944fa7 100644
- acpi_cpufreq_driver.set_boost = set_boost;
- acpi_cpufreq_driver.boost_enabled = boost_state(0);
+ pax_open_kernel();
-+ *(void **)&acpi_cpufreq_driver.set_boost = set_boost;
-+ *(bool *)&acpi_cpufreq_driver.boost_enabled = boost_state(0);
++ const_cast(acpi_cpufreq_driver.set_boost) = set_boost;
++ const_cast(acpi_cpufreq_driver.boost_enabled) = boost_state(0);
+ pax_close_kernel();
cpu_notifier_register_begin();
diff --git a/drivers/cpufreq/cpufreq-dt.c b/drivers/cpufreq/cpufreq-dt.c
-index 0ca74d0..15705fb 100644
+index 0ca74d0..1a0d302 100644
--- a/drivers/cpufreq/cpufreq-dt.c
+++ b/drivers/cpufreq/cpufreq-dt.c
@@ -461,7 +461,9 @@ static int dt_cpufreq_probe(struct platform_device *pdev)
@@ -43295,13 +43305,13 @@ index 0ca74d0..15705fb 100644
- dt_cpufreq_driver.driver_data = dev_get_platdata(&pdev->dev);
+ pax_open_kernel();
-+ *(void **)&dt_cpufreq_driver.driver_data = dev_get_platdata(&pdev->dev);
++ const_cast(dt_cpufreq_driver.driver_data) = dev_get_platdata(&pdev->dev);
+ pax_close_kernel();
ret = cpufreq_register_driver(&dt_cpufreq_driver);
if (ret)
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
-index e979ec7..a024e16 100644
+index e979ec7..a76375c 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -474,12 +474,12 @@ EXPORT_SYMBOL_GPL(cpufreq_freq_transition_end);
@@ -43343,7 +43353,7 @@ index e979ec7..a024e16 100644
write_lock_irqsave(&cpufreq_driver_lock, flags);
- cpufreq_driver->boost_enabled = state;
+ pax_open_kernel();
-+ *(bool *)&cpufreq_driver->boost_enabled = state;
++ const_cast(cpufreq_driver->boost_enabled) = state;
+ pax_close_kernel();
write_unlock_irqrestore(&cpufreq_driver_lock, flags);
@@ -43352,7 +43362,7 @@ index e979ec7..a024e16 100644
write_lock_irqsave(&cpufreq_driver_lock, flags);
- cpufreq_driver->boost_enabled = !state;
+ pax_open_kernel();
-+ *(bool *)&cpufreq_driver->boost_enabled = !state;
++ const_cast(cpufreq_driver->boost_enabled) = !state;
+ pax_close_kernel();
write_unlock_irqrestore(&cpufreq_driver_lock, flags);
@@ -43363,7 +43373,7 @@ index e979ec7..a024e16 100644
- cpufreq_driver->set_boost = cpufreq_boost_set_sw;
+ pax_open_kernel();
-+ *(void **)&cpufreq_driver->set_boost = cpufreq_boost_set_sw;
++ const_cast(cpufreq_driver->set_boost) = cpufreq_boost_set_sw;
+ pax_close_kernel();
/* This will get removed on driver unregister */
@@ -43376,7 +43386,7 @@ index e979ec7..a024e16 100644
- driver_data->flags |= CPUFREQ_CONST_LOOPS;
+ if (driver_data->setpolicy) {
+ pax_open_kernel();
-+ *(u8 *)&driver_data->flags |= CPUFREQ_CONST_LOOPS;
++ const_cast(driver_data->flags) |= CPUFREQ_CONST_LOOPS;
+ pax_close_kernel();
+ }
@@ -43445,7 +43455,7 @@ index 91e767a0..3b40724 100644
struct dbs_data *dbs_data = _gov##_dbs_cdata.gdbs_data; \
return sprintf(buf, "%u\n", dbs_data->min_sampling_rate); \
diff --git a/drivers/cpufreq/cpufreq_ondemand.c b/drivers/cpufreq/cpufreq_ondemand.c
-index eae5107..26e7a39 100644
+index eae5107..3dd6408 100644
--- a/drivers/cpufreq/cpufreq_ondemand.c
+++ b/drivers/cpufreq/cpufreq_ondemand.c
@@ -534,7 +534,7 @@ static void od_exit(struct dbs_data *dbs_data, bool notify)
@@ -43463,7 +43473,7 @@ index eae5107..26e7a39 100644
{
- od_ops.powersave_bias_target = f;
+ pax_open_kernel();
-+ *(void **)&od_ops.powersave_bias_target = f;
++ const_cast(od_ops.powersave_bias_target) = f;
+ pax_close_kernel();
od_set_powersave_bias(powersave_bias);
}
@@ -43473,7 +43483,7 @@ index eae5107..26e7a39 100644
{
- od_ops.powersave_bias_target = generic_powersave_bias_target;
+ pax_open_kernel();
-+ *(void **)&od_ops.powersave_bias_target = generic_powersave_bias_target;
++ const_cast(od_ops.powersave_bias_target) = generic_powersave_bias_target;
+ pax_close_kernel();
od_set_powersave_bias(0);
}
@@ -43634,7 +43644,7 @@ index e895123..05de99b 100644
#if IS_ENABLED(CONFIG_ACPI)
diff --git a/drivers/cpufreq/p4-clockmod.c b/drivers/cpufreq/p4-clockmod.c
-index 5dd95da..abc3837 100644
+index 5dd95da..ac41e5e 100644
--- a/drivers/cpufreq/p4-clockmod.c
+++ b/drivers/cpufreq/p4-clockmod.c
@@ -134,10 +134,14 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c)
@@ -43643,13 +43653,13 @@ index 5dd95da..abc3837 100644
case 0x1C: /* Atom */
- p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS;
+ pax_open_kernel();
-+ *(u8 *)&p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS;
++ const_cast(p4clockmod_driver.flags) |= CPUFREQ_CONST_LOOPS;
+ pax_close_kernel();
return speedstep_get_frequency(SPEEDSTEP_CPU_PCORE);
case 0x0D: /* Pentium M (Dothan) */
- p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS;
+ pax_open_kernel();
-+ *(u8 *)&p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS;
++ const_cast(p4clockmod_driver.flags) |= CPUFREQ_CONST_LOOPS;
+ pax_close_kernel();
/* fall through */
case 0x09: /* Pentium M (Banias) */
@@ -43660,7 +43670,7 @@ index 5dd95da..abc3837 100644
* throttling is active or not. */
- p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS;
+ pax_open_kernel();
-+ *(u8 *)&p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS;
++ const_cast(p4clockmod_driver.flags) |= CPUFREQ_CONST_LOOPS;
+ pax_close_kernel();
if (speedstep_detect_processor() == SPEEDSTEP_CPU_P4M) {
@@ -43776,7 +43786,7 @@ index 9bb42ba..b01b4a2 100644
MODULE_AUTHOR("David S. Miller <davem@redhat.com>");
diff --git a/drivers/cpufreq/speedstep-centrino.c b/drivers/cpufreq/speedstep-centrino.c
-index 7d4a315..21bb886 100644
+index 7d4a315..ce41fb3 100644
--- a/drivers/cpufreq/speedstep-centrino.c
+++ b/drivers/cpufreq/speedstep-centrino.c
@@ -351,8 +351,11 @@ static int centrino_cpu_init(struct cpufreq_policy *policy)
@@ -43787,7 +43797,7 @@ index 7d4a315..21bb886 100644
- centrino_driver.flags |= CPUFREQ_CONST_LOOPS;
+ if (cpu_has(cpu, X86_FEATURE_CONSTANT_TSC)) {
+ pax_open_kernel();
-+ *(u8 *)&centrino_driver.flags |= CPUFREQ_CONST_LOOPS;
++ const_cast(centrino_driver.flags) |= CPUFREQ_CONST_LOOPS;
+ pax_close_kernel();
+ }
@@ -44575,7 +44585,7 @@ index 94a58a0..5b8dd03 100644
};
diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c
-index 88bebe1..c7b636f 100644
+index 88bebe1..e599fad 100644
--- a/drivers/firmware/dmi_scan.c
+++ b/drivers/firmware/dmi_scan.c
@@ -712,14 +712,18 @@ static int __init dmi_init(void)
@@ -44585,8 +44595,8 @@ index 88bebe1..c7b636f 100644
- bin_attr_smbios_entry_point.size = smbios_entry_point_size;
- bin_attr_smbios_entry_point.private = smbios_entry_point;
+ pax_open_kernel();
-+ *(size_t *)&bin_attr_smbios_entry_point.size = smbios_entry_point_size;
-+ *(void **)&bin_attr_smbios_entry_point.private = smbios_entry_point;
++ const_cast(bin_attr_smbios_entry_point.size) = smbios_entry_point_size;
++ const_cast(bin_attr_smbios_entry_point.private) = smbios_entry_point;
+ pax_close_kernel();
ret = sysfs_create_bin_file(tables_kobj, &bin_attr_smbios_entry_point);
if (ret)
@@ -44595,8 +44605,8 @@ index 88bebe1..c7b636f 100644
- bin_attr_DMI.size = dmi_len;
- bin_attr_DMI.private = dmi_table;
+ pax_open_kernel();
-+ *(size_t *)&bin_attr_DMI.size = dmi_len;
-+ *(void **)&bin_attr_DMI.private = dmi_table;
++ const_cast(bin_attr_DMI.size) = dmi_len;
++ const_cast(bin_attr_DMI.private) = dmi_table;
+ pax_close_kernel();
ret = sysfs_create_bin_file(tables_kobj, &bin_attr_DMI);
if (!ret)
@@ -44623,7 +44633,7 @@ index d425374..1da1716 100644
EXPORT_SYMBOL_GPL(cper_next_record_id);
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
-index c51f3b2..d1cc54e 100644
+index c51f3b2..54523fd 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -176,15 +176,17 @@ static struct attribute_group efi_subsys_attr_group = {
@@ -44641,11 +44651,11 @@ index c51f3b2..d1cc54e 100644
- generic_ops.get_next_variable = efi.get_next_variable;
- generic_ops.query_variable_store = efi_query_variable_store;
+ pax_open_kernel();
-+ *(void **)&generic_ops.get_variable = efi.get_variable;
-+ *(void **)&generic_ops.set_variable = efi.set_variable;
-+ *(void **)&generic_ops.set_variable_nonblocking = efi.set_variable_nonblocking;
-+ *(void **)&generic_ops.get_next_variable = efi.get_next_variable;
-+ *(void **)&generic_ops.query_variable_store = efi_query_variable_store;
++ const_cast(generic_ops.get_variable) = efi.get_variable;
++ const_cast(generic_ops.set_variable) = efi.set_variable;
++ const_cast(generic_ops.set_variable_nonblocking) = efi.set_variable_nonblocking;
++ const_cast(generic_ops.get_next_variable) = efi.get_next_variable;
++ const_cast(generic_ops.query_variable_store) = efi_query_variable_store;
+ pax_close_kernel();
return efivars_register(&generic_efivars, &generic_ops, efi_kobj);
@@ -44690,7 +44700,7 @@ index f1ab05e..ab51228 100644
.ident = "Google Board",
.matches = {
diff --git a/drivers/firmware/google/memconsole.c b/drivers/firmware/google/memconsole.c
-index 2f569aa..26e4f39 100644
+index 2f569aa..3af5497 100644
--- a/drivers/firmware/google/memconsole.c
+++ b/drivers/firmware/google/memconsole.c
@@ -136,7 +136,7 @@ static bool __init found_memconsole(void)
@@ -44708,7 +44718,7 @@ index 2f569aa..26e4f39 100644
- memconsole_bin_attr.size = memconsole_length;
+ pax_open_kernel();
-+ *(size_t *)&memconsole_bin_attr.size = memconsole_length;
++ const_cast(memconsole_bin_attr.size) = memconsole_length;
+ pax_close_kernel();
+
return sysfs_create_bin_file(firmware_kobj, &memconsole_bin_attr);
@@ -44840,7 +44850,7 @@ index ac8deb0..f3caa10 100644
return -EINVAL;
}
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
-index 5c1ba87..ab4a059 100644
+index 5c1ba87..f711915 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -669,8 +669,10 @@ static void gpiochip_irqchip_remove(struct gpio_chip *gpiochip)
@@ -44850,8 +44860,8 @@ index 5c1ba87..ab4a059 100644
- gpiochip->irqchip->irq_request_resources = NULL;
- gpiochip->irqchip->irq_release_resources = NULL;
+ pax_open_kernel();
-+ *(void **)&gpiochip->irqchip->irq_request_resources = NULL;
-+ *(void **)&gpiochip->irqchip->irq_release_resources = NULL;
++ const_cast(gpiochip->irqchip->irq_request_resources) = NULL;
++ const_cast(gpiochip->irqchip->irq_release_resources) = NULL;
+ pax_close_kernel();
gpiochip->irqchip = NULL;
}
@@ -44863,8 +44873,8 @@ index 5c1ba87..ab4a059 100644
- irqchip->irq_request_resources = gpiochip_irq_reqres;
- irqchip->irq_release_resources = gpiochip_irq_relres;
+ pax_open_kernel();
-+ *(void **)&irqchip->irq_request_resources = gpiochip_irq_reqres;
-+ *(void **)&irqchip->irq_release_resources = gpiochip_irq_relres;
++ const_cast(irqchip->irq_request_resources) = gpiochip_irq_reqres;
++ const_cast(irqchip->irq_release_resources) = gpiochip_irq_relres;
+ pax_close_kernel();
}
@@ -45050,7 +45060,7 @@ index 51bfc11..4d4112a 100644
static const struct vga_switcheroo_client_ops amdgpu_switcheroo_ops = {
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
-index 9ef1db8..bfd5d78 100644
+index 9ef1db8..5eec19b 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
@@ -495,7 +495,7 @@ static struct drm_driver kms_driver = {
@@ -45082,7 +45092,7 @@ index 9ef1db8..bfd5d78 100644
- driver->num_ioctls = amdgpu_max_kms_ioctl;
+
+ pax_open_kernel();
-+ *(int *)&kms_driver.num_ioctls = amdgpu_max_kms_ioctl;
++ const_cast(kms_driver.num_ioctls) = amdgpu_max_kms_ioctl;
+ pax_close_kernel();
+
amdgpu_register_atpx_handler();
@@ -46288,7 +46298,7 @@ index d918567..6cfd904 100644
/**
* Determine if the device really is AGP or not.
diff --git a/drivers/gpu/drm/i810/i810_drv.c b/drivers/gpu/drm/i810/i810_drv.c
-index 44f4a13..0063c1b 100644
+index 44f4a13..af9f6f5 100644
--- a/drivers/gpu/drm/i810/i810_drv.c
+++ b/drivers/gpu/drm/i810/i810_drv.c
@@ -87,7 +87,11 @@ static int __init i810_init(void)
@@ -46298,7 +46308,7 @@ index 44f4a13..0063c1b 100644
- driver.num_ioctls = i810_max_ioctl;
+
+ pax_open_kernel();
-+ *(int *)&driver.num_ioctls = i810_max_ioctl;
++ const_cast(driver.num_ioctls) = i810_max_ioctl;
+ pax_close_kernel();
+
return drm_pci_init(&driver, &i810_pci_driver);
@@ -46547,7 +46557,7 @@ index 97f3a56..32c712e 100644
ret = drm_ioctl(filp, cmd, arg);
diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
-index fa8afa7..0bac957 100644
+index fa8afa7..7375300 100644
--- a/drivers/gpu/drm/i915/i915_irq.c
+++ b/drivers/gpu/drm/i915/i915_irq.c
@@ -4490,14 +4490,15 @@ void intel_irq_init(struct drm_i915_private *dev_priv)
@@ -46558,14 +46568,14 @@ index fa8afa7..0bac957 100644
if (IS_GEN2(dev_priv)) {
dev->max_vblank_count = 0;
- dev->driver->get_vblank_counter = i8xx_get_vblank_counter;
-+ *(void **)&dev->driver->get_vblank_counter = i8xx_get_vblank_counter;
++ const_cast(dev->driver->get_vblank_counter) = i8xx_get_vblank_counter;
} else if (IS_G4X(dev_priv) || INTEL_INFO(dev_priv)->gen >= 5) {
dev->max_vblank_count = 0xffffffff; /* full 32 bit counter */
- dev->driver->get_vblank_counter = g4x_get_vblank_counter;
-+ *(void **)&dev->driver->get_vblank_counter = g4x_get_vblank_counter;
++ const_cast(dev->driver->get_vblank_counter) = g4x_get_vblank_counter;
} else {
- dev->driver->get_vblank_counter = i915_get_vblank_counter;
-+ *(void **)&dev->driver->get_vblank_counter = i915_get_vblank_counter;
++ const_cast(dev->driver->get_vblank_counter) = i915_get_vblank_counter;
dev->max_vblank_count = 0xffffff; /* only 24 bits of frame count */
}
@@ -46575,8 +46585,8 @@ index fa8afa7..0bac957 100644
- dev->driver->get_vblank_timestamp = i915_get_vblank_timestamp;
- dev->driver->get_scanout_position = i915_get_crtc_scanoutpos;
-+ *(void **)&dev->driver->get_vblank_timestamp = i915_get_vblank_timestamp;
-+ *(void **)&dev->driver->get_scanout_position = i915_get_crtc_scanoutpos;
++ const_cast(dev->driver->get_vblank_timestamp) = i915_get_vblank_timestamp;
++ const_cast(dev->driver->get_scanout_position) = i915_get_crtc_scanoutpos;
if (IS_CHERRYVIEW(dev_priv)) {
- dev->driver->irq_handler = cherryview_irq_handler;
@@ -46585,12 +46595,12 @@ index fa8afa7..0bac957 100644
- dev->driver->irq_uninstall = cherryview_irq_uninstall;
- dev->driver->enable_vblank = valleyview_enable_vblank;
- dev->driver->disable_vblank = valleyview_disable_vblank;
-+ *(void **)&dev->driver->irq_handler = cherryview_irq_handler;
-+ *(void **)&dev->driver->irq_preinstall = cherryview_irq_preinstall;
-+ *(void **)&dev->driver->irq_postinstall = cherryview_irq_postinstall;
-+ *(void **)&dev->driver->irq_uninstall = cherryview_irq_uninstall;
-+ *(void **)&dev->driver->enable_vblank = valleyview_enable_vblank;
-+ *(void **)&dev->driver->disable_vblank = valleyview_disable_vblank;
++ const_cast(dev->driver->irq_handler) = cherryview_irq_handler;
++ const_cast(dev->driver->irq_preinstall) = cherryview_irq_preinstall;
++ const_cast(dev->driver->irq_postinstall) = cherryview_irq_postinstall;
++ const_cast(dev->driver->irq_uninstall) = cherryview_irq_uninstall;
++ const_cast(dev->driver->enable_vblank) = valleyview_enable_vblank;
++ const_cast(dev->driver->disable_vblank) = valleyview_disable_vblank;
dev_priv->display.hpd_irq_setup = i915_hpd_irq_setup;
} else if (IS_VALLEYVIEW(dev_priv)) {
- dev->driver->irq_handler = valleyview_irq_handler;
@@ -46599,12 +46609,12 @@ index fa8afa7..0bac957 100644
- dev->driver->irq_uninstall = valleyview_irq_uninstall;
- dev->driver->enable_vblank = valleyview_enable_vblank;
- dev->driver->disable_vblank = valleyview_disable_vblank;
-+ *(void **)&dev->driver->irq_handler = valleyview_irq_handler;
-+ *(void **)&dev->driver->irq_preinstall = valleyview_irq_preinstall;
-+ *(void **)&dev->driver->irq_postinstall = valleyview_irq_postinstall;
-+ *(void **)&dev->driver->irq_uninstall = valleyview_irq_uninstall;
-+ *(void **)&dev->driver->enable_vblank = valleyview_enable_vblank;
-+ *(void **)&dev->driver->disable_vblank = valleyview_disable_vblank;
++ const_cast(dev->driver->irq_handler) = valleyview_irq_handler;
++ const_cast(dev->driver->irq_preinstall) = valleyview_irq_preinstall;
++ const_cast(dev->driver->irq_postinstall) = valleyview_irq_postinstall;
++ const_cast(dev->driver->irq_uninstall) = valleyview_irq_uninstall;
++ const_cast(dev->driver->enable_vblank) = valleyview_enable_vblank;
++ const_cast(dev->driver->disable_vblank) = valleyview_disable_vblank;
dev_priv->display.hpd_irq_setup = i915_hpd_irq_setup;
} else if (INTEL_INFO(dev_priv)->gen >= 8) {
- dev->driver->irq_handler = gen8_irq_handler;
@@ -46613,12 +46623,12 @@ index fa8afa7..0bac957 100644
- dev->driver->irq_uninstall = gen8_irq_uninstall;
- dev->driver->enable_vblank = gen8_enable_vblank;
- dev->driver->disable_vblank = gen8_disable_vblank;
-+ *(void **)&dev->driver->irq_handler = gen8_irq_handler;
-+ *(void **)&dev->driver->irq_preinstall = gen8_irq_reset;
-+ *(void **)&dev->driver->irq_postinstall = gen8_irq_postinstall;
-+ *(void **)&dev->driver->irq_uninstall = gen8_irq_uninstall;
-+ *(void **)&dev->driver->enable_vblank = gen8_enable_vblank;
-+ *(void **)&dev->driver->disable_vblank = gen8_disable_vblank;
++ const_cast(dev->driver->irq_handler) = gen8_irq_handler;
++ const_cast(dev->driver->irq_preinstall) = gen8_irq_reset;
++ const_cast(dev->driver->irq_postinstall) = gen8_irq_postinstall;
++ const_cast(dev->driver->irq_uninstall) = gen8_irq_uninstall;
++ const_cast(dev->driver->enable_vblank) = gen8_enable_vblank;
++ const_cast(dev->driver->disable_vblank) = gen8_disable_vblank;
if (IS_BROXTON(dev))
dev_priv->display.hpd_irq_setup = bxt_hpd_irq_setup;
else if (HAS_PCH_SPT(dev))
@@ -46632,12 +46642,12 @@ index fa8afa7..0bac957 100644
- dev->driver->irq_uninstall = ironlake_irq_uninstall;
- dev->driver->enable_vblank = ironlake_enable_vblank;
- dev->driver->disable_vblank = ironlake_disable_vblank;
-+ *(void **)&dev->driver->irq_handler = ironlake_irq_handler;
-+ *(void **)&dev->driver->irq_preinstall = ironlake_irq_reset;
-+ *(void **)&dev->driver->irq_postinstall = ironlake_irq_postinstall;
-+ *(void **)&dev->driver->irq_uninstall = ironlake_irq_uninstall;
-+ *(void **)&dev->driver->enable_vblank = ironlake_enable_vblank;
-+ *(void **)&dev->driver->disable_vblank = ironlake_disable_vblank;
++ const_cast(dev->driver->irq_handler) = ironlake_irq_handler;
++ const_cast(dev->driver->irq_preinstall) = ironlake_irq_reset;
++ const_cast(dev->driver->irq_postinstall) = ironlake_irq_postinstall;
++ const_cast(dev->driver->irq_uninstall) = ironlake_irq_uninstall;
++ const_cast(dev->driver->enable_vblank) = ironlake_enable_vblank;
++ const_cast(dev->driver->disable_vblank) = ironlake_disable_vblank;
dev_priv->display.hpd_irq_setup = ilk_hpd_irq_setup;
} else {
if (INTEL_INFO(dev_priv)->gen == 2) {
@@ -46645,42 +46655,42 @@ index fa8afa7..0bac957 100644
- dev->driver->irq_postinstall = i8xx_irq_postinstall;
- dev->driver->irq_handler = i8xx_irq_handler;
- dev->driver->irq_uninstall = i8xx_irq_uninstall;
-+ *(void **)&dev->driver->irq_preinstall = i8xx_irq_preinstall;
-+ *(void **)&dev->driver->irq_postinstall = i8xx_irq_postinstall;
-+ *(void **)&dev->driver->irq_handler = i8xx_irq_handler;
-+ *(void **)&dev->driver->irq_uninstall = i8xx_irq_uninstall;
++ const_cast(dev->driver->irq_preinstall) = i8xx_irq_preinstall;
++ const_cast(dev->driver->irq_postinstall) = i8xx_irq_postinstall;
++ const_cast(dev->driver->irq_handler) = i8xx_irq_handler;
++ const_cast(dev->driver->irq_uninstall) = i8xx_irq_uninstall;
} else if (INTEL_INFO(dev_priv)->gen == 3) {
- dev->driver->irq_preinstall = i915_irq_preinstall;
- dev->driver->irq_postinstall = i915_irq_postinstall;
- dev->driver->irq_uninstall = i915_irq_uninstall;
- dev->driver->irq_handler = i915_irq_handler;
-+ *(void **)&dev->driver->irq_preinstall = i915_irq_preinstall;
-+ *(void **)&dev->driver->irq_postinstall = i915_irq_postinstall;
-+ *(void **)&dev->driver->irq_uninstall = i915_irq_uninstall;
-+ *(void **)&dev->driver->irq_handler = i915_irq_handler;
++ const_cast(dev->driver->irq_preinstall) = i915_irq_preinstall;
++ const_cast(dev->driver->irq_postinstall) = i915_irq_postinstall;
++ const_cast(dev->driver->irq_uninstall) = i915_irq_uninstall;
++ const_cast(dev->driver->irq_handler) = i915_irq_handler;
} else {
- dev->driver->irq_preinstall = i965_irq_preinstall;
- dev->driver->irq_postinstall = i965_irq_postinstall;
- dev->driver->irq_uninstall = i965_irq_uninstall;
- dev->driver->irq_handler = i965_irq_handler;
-+ *(void **)&dev->driver->irq_preinstall = i965_irq_preinstall;
-+ *(void **)&dev->driver->irq_postinstall = i965_irq_postinstall;
-+ *(void **)&dev->driver->irq_uninstall = i965_irq_uninstall;
-+ *(void **)&dev->driver->irq_handler = i965_irq_handler;
++ const_cast(dev->driver->irq_preinstall) = i965_irq_preinstall;
++ const_cast(dev->driver->irq_postinstall) = i965_irq_postinstall;
++ const_cast(dev->driver->irq_uninstall) = i965_irq_uninstall;
++ const_cast(dev->driver->irq_handler) = i965_irq_handler;
}
if (I915_HAS_HOTPLUG(dev_priv))
dev_priv->display.hpd_irq_setup = i915_hpd_irq_setup;
- dev->driver->enable_vblank = i915_enable_vblank;
- dev->driver->disable_vblank = i915_disable_vblank;
-+ *(void **)&dev->driver->enable_vblank = i915_enable_vblank;
-+ *(void **)&dev->driver->disable_vblank = i915_disable_vblank;
++ const_cast(dev->driver->enable_vblank) = i915_enable_vblank;
++ const_cast(dev->driver->disable_vblank) = i915_disable_vblank;
}
+ pax_close_kernel();
}
/**
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index 39b00b9..aa9fc8a 100644
+index 39b00b9..244538d 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -15111,13 +15111,13 @@ struct intel_quirk {
@@ -46693,8 +46703,9 @@ index 39b00b9..aa9fc8a 100644
/* For systems that don't have a meaningful PCI subdevice/subvendor ID */
struct intel_dmi_quirk {
void (*hook)(struct drm_device *dev);
- const struct dmi_system_id (*dmi_id_list)[];
+- const struct dmi_system_id (*dmi_id_list)[];
-};
++ const struct dmi_system_id *dmi_id_list;
+} __do_const;
static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
@@ -46726,10 +46737,19 @@ index 39b00b9..aa9fc8a 100644
+
+static const struct intel_dmi_quirk intel_dmi_quirks[] = {
+ {
-+ .dmi_id_list = &intel_dmi_quirks_table,
++ .dmi_id_list = intel_dmi_quirks_table,
.hook = quirk_invert_brightness,
},
};
+@@ -15219,7 +15221,7 @@ static void intel_init_quirks(struct drm_device *dev)
+ q->hook(dev);
+ }
+ for (i = 0; i < ARRAY_SIZE(intel_dmi_quirks); i++) {
+- if (dmi_check_system(*intel_dmi_quirks[i].dmi_id_list) != 0)
++ if (dmi_check_system(intel_dmi_quirks[i].dmi_id_list) != 0)
+ intel_dmi_quirks[i].hook(dev);
+ }
+ }
diff --git a/drivers/gpu/drm/imx/imx-drm-core.c b/drivers/gpu/drm/imx/imx-drm-core.c
index 2f57d79..7152e6e 100644
--- a/drivers/gpu/drm/imx/imx-drm-core.c
@@ -46744,7 +46764,7 @@ index 2f57d79..7152e6e 100644
imx_drm_crtc = kzalloc(sizeof(*imx_drm_crtc), GFP_KERNEL);
diff --git a/drivers/gpu/drm/mga/mga_drv.c b/drivers/gpu/drm/mga/mga_drv.c
-index 5e2f131..d227dbc 100644
+index 5e2f131..c134c7c 100644
--- a/drivers/gpu/drm/mga/mga_drv.c
+++ b/drivers/gpu/drm/mga/mga_drv.c
@@ -92,7 +92,10 @@ static struct pci_driver mga_pci_driver = {
@@ -46753,7 +46773,7 @@ index 5e2f131..d227dbc 100644
{
- driver.num_ioctls = mga_max_ioctl;
+ pax_open_kernel();
-+ *(int *)&driver.num_ioctls = mga_max_ioctl;
++ const_cast(driver.num_ioctls) = mga_max_ioctl;
+ pax_close_kernel();
+
return drm_pci_init(&driver, &mga_pci_driver);
@@ -47140,7 +47160,7 @@ index fe4c222..48b7b75 100644
omap_irq.o \
omap_debugfs.o \
diff --git a/drivers/gpu/drm/omapdrm/dss/display.c b/drivers/gpu/drm/omapdrm/dss/display.c
-index ef5b902..47cf7f5 100644
+index ef5b902..2ae011b 100644
--- a/drivers/gpu/drm/omapdrm/dss/display.c
+++ b/drivers/gpu/drm/omapdrm/dss/display.c
@@ -161,12 +161,14 @@ int omapdss_register_display(struct omap_dss_device *dssdev)
@@ -47150,13 +47170,13 @@ index ef5b902..47cf7f5 100644
+ pax_open_kernel();
if (drv && drv->get_resolution == NULL)
- drv->get_resolution = omapdss_default_get_resolution;
-+ *(void **)&drv->get_resolution = omapdss_default_get_resolution;
++ const_cast(drv->get_resolution) = omapdss_default_get_resolution;
if (drv && drv->get_recommended_bpp == NULL)
- drv->get_recommended_bpp = omapdss_default_get_recommended_bpp;
-+ *(void **)&drv->get_recommended_bpp = omapdss_default_get_recommended_bpp;
++ const_cast(drv->get_recommended_bpp) = omapdss_default_get_recommended_bpp;
if (drv && drv->get_timings == NULL)
- drv->get_timings = omapdss_default_get_timings;
-+ *(void **)&drv->get_timings = omapdss_default_get_timings;
++ const_cast(drv->get_timings) = omapdss_default_get_timings;
+ pax_close_kernel();
mutex_lock(&panel_list_mutex);
@@ -47232,7 +47252,7 @@ index 47e5264..3393741 100644
{
struct drm_device *ddev = connector->dev;
diff --git a/drivers/gpu/drm/qxl/qxl_drv.c b/drivers/gpu/drm/qxl/qxl_drv.c
-index 7307b07..8eecdd0 100644
+index 7307b07..3346540 100644
--- a/drivers/gpu/drm/qxl/qxl_drv.c
+++ b/drivers/gpu/drm/qxl/qxl_drv.c
@@ -37,7 +37,7 @@
@@ -47251,7 +47271,7 @@ index 7307b07..8eecdd0 100644
- qxl_driver.num_ioctls = qxl_max_ioctls;
+
+ pax_open_kernel();
-+ *(int *)&qxl_driver.num_ioctls = qxl_max_ioctls;
++ const_cast(qxl_driver.num_ioctls) = qxl_max_ioctls;
+ pax_close_kernel();
+
return drm_pci_init(&qxl_driver, &qxl_pci_driver);
@@ -47362,7 +47382,7 @@ index 0bf1e20..42a7310 100644
ret = drm_irq_install(qdev->ddev, qdev->ddev->pdev->irq);
qdev->ram_header->int_mask = QXL_INTERRUPT_MASK;
diff --git a/drivers/gpu/drm/qxl/qxl_ttm.c b/drivers/gpu/drm/qxl/qxl_ttm.c
-index 9534127..3fbab8c 100644
+index 9534127..1d17b3f 100644
--- a/drivers/gpu/drm/qxl/qxl_ttm.c
+++ b/drivers/gpu/drm/qxl/qxl_ttm.c
@@ -103,7 +103,7 @@ static void qxl_ttm_global_fini(struct qxl_device *qdev)
@@ -47416,8 +47436,8 @@ index 9534127..3fbab8c 100644
- else
- qxl_mem_types_list[i].data = qdev->mman.bdev.man[TTM_PL_PRIV0].priv;
+ pax_open_kernel();
-+ *(void **)&qxl_mem_types_list[0].data = qdev->mman.bdev.man[TTM_PL_VRAM].priv;
-+ *(void **)&qxl_mem_types_list[1].data = qdev->mman.bdev.man[TTM_PL_PRIV0].priv;
++ const_cast(qxl_mem_types_list[0].data) = qdev->mman.bdev.man[TTM_PL_VRAM].priv;
++ const_cast(qxl_mem_types_list[1].data) = qdev->mman.bdev.man[TTM_PL_PRIV0].priv;
+ pax_close_kernel();
- }
@@ -47440,7 +47460,7 @@ index 14fd83b5f..b2acbd19 100644
/* We don't support anything other than bus-mastering ring mode,
* but the ring can be in either AGP or PCI space for the ring
diff --git a/drivers/gpu/drm/r128/r128_drv.c b/drivers/gpu/drm/r128/r128_drv.c
-index c57b4de..2614d79 100644
+index c57b4de..1a875fb 100644
--- a/drivers/gpu/drm/r128/r128_drv.c
+++ b/drivers/gpu/drm/r128/r128_drv.c
@@ -94,7 +94,9 @@ static struct pci_driver r128_pci_driver = {
@@ -47449,7 +47469,7 @@ index c57b4de..2614d79 100644
{
- driver.num_ioctls = r128_max_ioctl;
+ pax_open_kernel();
-+ *(int *)&driver.num_ioctls = r128_max_ioctl;
++ const_cast(driver.num_ioctls) = r128_max_ioctl;
+ pax_close_kernel();
return drm_pci_init(&driver, &r128_pci_driver);
@@ -47659,7 +47679,7 @@ index 4197ca1..f07709e 100644
static const struct vga_switcheroo_client_ops radeon_switcheroo_ops = {
diff --git a/drivers/gpu/drm/radeon/radeon_drv.c b/drivers/gpu/drm/radeon/radeon_drv.c
-index e266ffc..0392d08 100644
+index e266ffc..e510e3f 100644
--- a/drivers/gpu/drm/radeon/radeon_drv.c
+++ b/drivers/gpu/drm/radeon/radeon_drv.c
@@ -130,7 +130,7 @@ extern int radeon_get_crtc_scanoutpos(struct drm_device *dev, unsigned int crtc,
@@ -47688,7 +47708,7 @@ index e266ffc..0392d08 100644
- driver->num_ioctls = radeon_max_kms_ioctl;
+
+ pax_open_kernel();
-+ *(int *)&driver->num_ioctls = radeon_max_kms_ioctl;
++ const_cast(driver->num_ioctls) = radeon_max_kms_ioctl;
+ pax_close_kernel();
+
radeon_register_atpx_handler();
@@ -47808,7 +47828,7 @@ index d47dff9..0752202 100644
-int savage_max_ioctl = ARRAY_SIZE(savage_ioctls);
+const int savage_max_ioctl = ARRAY_SIZE(savage_ioctls);
diff --git a/drivers/gpu/drm/savage/savage_drv.c b/drivers/gpu/drm/savage/savage_drv.c
-index 21aed1f..5db7419 100644
+index 21aed1f..85d23a0 100644
--- a/drivers/gpu/drm/savage/savage_drv.c
+++ b/drivers/gpu/drm/savage/savage_drv.c
@@ -76,7 +76,10 @@ static struct pci_driver savage_pci_driver = {
@@ -47817,7 +47837,7 @@ index 21aed1f..5db7419 100644
{
- driver.num_ioctls = savage_max_ioctl;
+ pax_open_kernel();
-+ *(int *)&driver.num_ioctls = savage_max_ioctl;
++ const_cast(driver.num_ioctls) = savage_max_ioctl;
+ pax_close_kernel();
+
return drm_pci_init(&driver, &savage_pci_driver);
@@ -47837,7 +47857,7 @@ index 37b6995..9b31aaf 100644
#define S3_SAVAGE3D_SERIES(chip) ((chip>=S3_SAVAGE3D) && (chip<=S3_SAVAGE_MX))
diff --git a/drivers/gpu/drm/sis/sis_drv.c b/drivers/gpu/drm/sis/sis_drv.c
-index 79bce76..4fd9a20 100644
+index 79bce76..6c02219 100644
--- a/drivers/gpu/drm/sis/sis_drv.c
+++ b/drivers/gpu/drm/sis/sis_drv.c
@@ -128,7 +128,10 @@ static struct pci_driver sis_pci_driver = {
@@ -47846,7 +47866,7 @@ index 79bce76..4fd9a20 100644
{
- driver.num_ioctls = sis_max_ioctl;
+ pax_open_kernel();
-+ *(int *)&driver.num_ioctls = sis_max_ioctl;
++ const_cast(driver.num_ioctls) = sis_max_ioctl;
+ pax_close_kernel();
+
return drm_pci_init(&driver, &sis_pci_driver);
@@ -47875,7 +47895,7 @@ index 93ad8a5..48f0a57 100644
-int sis_max_ioctl = ARRAY_SIZE(sis_ioctls);
+const int sis_max_ioctl = ARRAY_SIZE(sis_ioctls);
diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c
-index dde6f20..1969ca6 100644
+index dde6f20..a74f8b9 100644
--- a/drivers/gpu/drm/tegra/dc.c
+++ b/drivers/gpu/drm/tegra/dc.c
@@ -1657,7 +1657,7 @@ static int tegra_dc_debugfs_init(struct tegra_dc *dc, struct drm_minor *minor)
@@ -47883,7 +47903,7 @@ index dde6f20..1969ca6 100644
for (i = 0; i < ARRAY_SIZE(debugfs_files); i++)
- dc->debugfs_files[i].data = dc;
-+ *(void **)&dc->debugfs_files[i].data = dc;
++ const_cast(dc->debugfs_files[i].data) = dc;
err = drm_debugfs_create_files(dc->debugfs_files,
ARRAY_SIZE(debugfs_files),
@@ -47914,7 +47934,7 @@ index b7ef492..8968507 100644
struct dentry *debugfs;
};
diff --git a/drivers/gpu/drm/tegra/sor.c b/drivers/gpu/drm/tegra/sor.c
-index 757c6e8..710a6ff 100644
+index 757c6e8..36532d6 100644
--- a/drivers/gpu/drm/tegra/sor.c
+++ b/drivers/gpu/drm/tegra/sor.c
@@ -1003,8 +1003,11 @@ static int tegra_sor_debugfs_init(struct tegra_sor *sor,
@@ -47925,7 +47945,7 @@ index 757c6e8..710a6ff 100644
- sor->debugfs_files[i].data = sor;
+ for (i = 0; i < ARRAY_SIZE(debugfs_files); i++) {
+ pax_open_kernel();
-+ *(void **)&sor->debugfs_files[i].data = sor;
++ const_cast(sor->debugfs_files[i].data) = sor;
+ pax_close_kernel();
+ }
@@ -48205,7 +48225,7 @@ index d17d8f2..67e8e48b 100644
-int via_max_ioctl = ARRAY_SIZE(via_ioctls);
+const int via_max_ioctl = ARRAY_SIZE(via_ioctls);
diff --git a/drivers/gpu/drm/via/via_drv.c b/drivers/gpu/drm/via/via_drv.c
-index ed8aa8f..16c84fc 100644
+index ed8aa8f..114cc8d 100644
--- a/drivers/gpu/drm/via/via_drv.c
+++ b/drivers/gpu/drm/via/via_drv.c
@@ -107,7 +107,10 @@ static struct pci_driver via_pci_driver = {
@@ -48214,7 +48234,7 @@ index ed8aa8f..16c84fc 100644
{
- driver.num_ioctls = via_max_ioctl;
+ pax_open_kernel();
-+ *(int *)&driver.num_ioctls = via_max_ioctl;
++ const_cast(driver.num_ioctls) = via_max_ioctl;
+ pax_close_kernel();
+
via_init_command_verifier();
@@ -49094,7 +49114,7 @@ index d127ace..6ee866f 100644
int i, j = 1;
diff --git a/drivers/idle/intel_idle.c b/drivers/idle/intel_idle.c
-index 146eed70b..7679efd 100644
+index 146eed70b..7312f08 100644
--- a/drivers/idle/intel_idle.c
+++ b/drivers/idle/intel_idle.c
@@ -1060,8 +1060,10 @@ static void sklh_idle_state_table_update(void)
@@ -49104,8 +49124,8 @@ index 146eed70b..7679efd 100644
- skl_cstates[5].disabled = 1; /* C8-SKL */
- skl_cstates[6].disabled = 1; /* C9-SKL */
+ pax_open_kernel();
-+ *(bool *)&skl_cstates[5].disabled = 1; /* C8-SKL */
-+ *(bool *)&skl_cstates[6].disabled = 1; /* C9-SKL */
++ const_cast(skl_cstates[5].disabled) = 1; /* C8-SKL */
++ const_cast(skl_cstates[6].disabled) = 1; /* C9-SKL */
+ pax_close_kernel();
}
/*
@@ -50103,18 +50123,6 @@ index 8c4daf7..77a87ab 100644
nesqp->destroyed = 1;
/* Blow away the connection if it exists. */
-diff --git a/drivers/infiniband/hw/qib/qib.h b/drivers/infiniband/hw/qib/qib.h
-index 7df16f7..7e1b21e 100644
---- a/drivers/infiniband/hw/qib/qib.h
-+++ b/drivers/infiniband/hw/qib/qib.h
-@@ -52,6 +52,7 @@
- #include <linux/kref.h>
- #include <linux/sched.h>
- #include <linux/kthread.h>
-+#include <linux/slab.h>
-
- #include "qib_common.h"
- #include "qib_verbs.h"
diff --git a/drivers/infiniband/hw/qib/qib_iba7322.c b/drivers/infiniband/hw/qib/qib_iba7322.c
index 6c8ff10..73cfbb6 100644
--- a/drivers/infiniband/hw/qib/qib_iba7322.c
@@ -50492,7 +50500,7 @@ index 2087534..c3f6b6c 100644
return -ENOMEM;
diff --git a/drivers/iommu/arm-smmu.c b/drivers/iommu/arm-smmu.c
-index 59ee4b8..6632759 100644
+index 59ee4b8..e4b6234 100644
--- a/drivers/iommu/arm-smmu.c
+++ b/drivers/iommu/arm-smmu.c
@@ -341,7 +341,7 @@ enum arm_smmu_domain_stage {
@@ -50528,7 +50536,7 @@ index 59ee4b8..6632759 100644
/* Update our support page sizes to reflect the page table format */
- arm_smmu_ops.pgsize_bitmap = pgtbl_cfg.pgsize_bitmap;
+ pax_open_kernel();
-+ *(unsigned long *)&arm_smmu_ops.pgsize_bitmap = pgtbl_cfg.pgsize_bitmap;
++ const_cast(arm_smmu_ops.pgsize_bitmap) = pgtbl_cfg.pgsize_bitmap;
+ pax_close_kernel();
/* Initialise the context bank with our page table cfg */
@@ -50630,7 +50638,7 @@ index 59ee4b8..6632759 100644
- arm_smmu_ops.pgsize_bitmap &= size;
+ pax_open_kernel();
-+ *(unsigned long *)&arm_smmu_ops.pgsize_bitmap &= size;
++ const_cast(arm_smmu_ops.pgsize_bitmap) &= size;
+ pax_close_kernel();
dev_notice(smmu->dev, "\tSupported page sizes: 0x%08lx\n", size);
@@ -51582,7 +51590,7 @@ index fef6586..22353ff 100644
} else if ((DIDD_Table[x].type > 0)
&& (DIDD_Table[x].type < 16)) { /* IDI Adapter found */
diff --git a/drivers/isdn/hardware/eicon/mntfunc.c b/drivers/isdn/hardware/eicon/mntfunc.c
-index 1cd9aff..1a3e2b6 100644
+index 1cd9aff..3775d52 100644
--- a/drivers/isdn/hardware/eicon/mntfunc.c
+++ b/drivers/isdn/hardware/eicon/mntfunc.c
@@ -26,8 +26,13 @@ extern void DIVA_DIDD_Read(void *, int);
@@ -51592,7 +51600,7 @@ index 1cd9aff..1a3e2b6 100644
+
+static void didd_nothing(ENTITY IDI_CALL_ENTITY_T *e)
+{
-+ diva_maint_prtComp(e);
++ diva_maint_prtComp((char *)e);
+}
static DESCRIPTOR MaintDescriptor =
-{ IDI_DIMAINT, 0, 0, (IDI_CALL) diva_maint_prtComp };
@@ -52967,10 +52975,50 @@ index 6b420a5..d5acb8f 100644
struct gc_stat {
diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c
-index 22b9e34..ac456ec 100644
+index 22b9e34..d8406e7 100644
--- a/drivers/md/bcache/btree.c
+++ b/drivers/md/bcache/btree.c
-@@ -468,7 +468,7 @@ void __bch_btree_node_write(struct btree *b, struct closure *parent)
+@@ -337,15 +337,17 @@ static void btree_complete_write(struct btree *b, struct btree_write *w)
+ w->journal = NULL;
+ }
+
+-static void btree_node_write_unlock(struct closure *cl)
++static void btree_node_write_unlock(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct btree *b = container_of(cl, struct btree, io);
+
+ up(&b->io_mutex);
+ }
+
+-static void __btree_node_write_done(struct closure *cl)
++static void __btree_node_write_done(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct btree *b = container_of(cl, struct btree, io);
+ struct btree_write *w = btree_prev_write(b);
+
+@@ -359,8 +361,9 @@ static void __btree_node_write_done(struct closure *cl)
+ closure_return_with_destructor(cl, btree_node_write_unlock);
+ }
+
+-static void btree_node_write_done(struct closure *cl)
++static void btree_node_write_done(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct btree *b = container_of(cl, struct btree, io);
+ struct bio_vec *bv;
+ int n;
+@@ -368,7 +371,7 @@ static void btree_node_write_done(struct closure *cl)
+ bio_for_each_segment_all(bv, b->bio, n)
+ __free_page(bv->bv_page);
+
+- __btree_node_write_done(cl);
++ __btree_node_write_done(&cl->work);
+ }
+
+ static void btree_node_write_endio(struct bio *bio)
+@@ -468,7 +471,7 @@ void __bch_btree_node_write(struct btree *b, struct closure *parent)
do_btree_node_write(b);
@@ -52979,12 +53027,44 @@ index 22b9e34..ac456ec 100644
&PTR_CACHE(b->c, &b->key, 0)->btree_sectors_written);
b->written += set_blocks(i, block_bytes(b->c));
+diff --git a/drivers/md/bcache/closure.c b/drivers/md/bcache/closure.c
+index 9eaf1d6..86e6fa1 100644
+--- a/drivers/md/bcache/closure.c
++++ b/drivers/md/bcache/closure.c
+@@ -29,12 +29,12 @@ static inline void closure_put_after_sub(struct closure *cl, int flags)
+ closure_queue(cl);
+ } else {
+ struct closure *parent = cl->parent;
+- closure_fn *destructor = cl->fn;
++ work_func_t destructor = cl->fn;
+
+ closure_debug_destroy(cl);
+
+ if (destructor)
+- destructor(cl);
++ destructor(&cl->work);
+
+ if (parent)
+ closure_put(parent);
diff --git a/drivers/md/bcache/closure.h b/drivers/md/bcache/closure.h
-index 782cc2c..4fdd593 100644
+index 782cc2c..34864f4 100644
--- a/drivers/md/bcache/closure.h
+++ b/drivers/md/bcache/closure.h
-@@ -238,7 +238,7 @@ static inline void closure_set_stopped(struct closure *cl)
- static inline void set_closure_fn(struct closure *cl, closure_fn *fn,
+@@ -151,7 +151,7 @@ struct closure {
+ struct workqueue_struct *wq;
+ struct task_struct *task;
+ struct llist_node list;
+- closure_fn *fn;
++ work_func_t fn;
+ };
+ struct work_struct work;
+ };
+@@ -235,10 +235,10 @@ static inline void closure_set_stopped(struct closure *cl)
+ atomic_sub(CLOSURE_RUNNING, &cl->remaining);
+ }
+
+-static inline void set_closure_fn(struct closure *cl, closure_fn *fn,
++static inline void set_closure_fn(struct closure *cl, work_func_t fn,
struct workqueue_struct *wq)
{
- BUG_ON(object_is_on_stack(cl));
@@ -52992,6 +53072,24 @@ index 782cc2c..4fdd593 100644
closure_set_ip(cl);
cl->fn = fn;
cl->wq = wq;
+@@ -253,7 +253,7 @@ static inline void closure_queue(struct closure *cl)
+ INIT_WORK(&cl->work, cl->work.func);
+ BUG_ON(!queue_work(wq, &cl->work));
+ } else
+- cl->fn(cl);
++ cl->fn(&cl->work);
+ }
+
+ /**
+@@ -372,7 +372,7 @@ do { \
+ * asynchronously out of a new closure - @parent will then wait for @cl to
+ * finish.
+ */
+-static inline void closure_call(struct closure *cl, closure_fn fn,
++static inline void closure_call(struct closure *cl, work_func_t fn,
+ struct workqueue_struct *wq,
+ struct closure *parent)
+ {
diff --git a/drivers/md/bcache/io.c b/drivers/md/bcache/io.c
index 86a0bb8..0832b32 100644
--- a/drivers/md/bcache/io.c
@@ -53035,10 +53133,46 @@ index 86a0bb8..0832b32 100644
errors >>= IO_ERROR_SHIFT;
diff --git a/drivers/md/bcache/journal.c b/drivers/md/bcache/journal.c
-index 29eba72..348efc9 100644
+index 29eba72..1d0108a 100644
--- a/drivers/md/bcache/journal.c
+++ b/drivers/md/bcache/journal.c
-@@ -621,7 +621,7 @@ static void journal_write_unlocked(struct closure *cl)
+@@ -555,10 +555,11 @@ static void journal_write_endio(struct bio *bio)
+ closure_put(&w->c->journal.io);
+ }
+
+-static void journal_write(struct closure *);
++static void journal_write(struct work_struct *);
+
+-static void journal_write_done(struct closure *cl)
++static void journal_write_done(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct journal *j = container_of(cl, struct journal, io);
+ struct journal_write *w = (j->cur == j->w)
+ ? &j->w[1]
+@@ -568,17 +569,19 @@ static void journal_write_done(struct closure *cl)
+ continue_at_nobarrier(cl, journal_write, system_wq);
+ }
+
+-static void journal_write_unlock(struct closure *cl)
++static void journal_write_unlock(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct cache_set *c = container_of(cl, struct cache_set, journal.io);
+
+ c->journal.io_in_flight = 0;
+ spin_unlock(&c->journal.lock);
+ }
+
+-static void journal_write_unlocked(struct closure *cl)
++static void journal_write_unlocked(struct work_struct *work)
+ __releases(c->journal.lock)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct cache_set *c = container_of(cl, struct cache_set, journal.io);
+ struct cache *ca;
+ struct journal_write *w = c->journal.cur;
+@@ -621,7 +624,7 @@ static void journal_write_unlocked(struct closure *cl)
ca = PTR_CACHE(c, k, i);
bio = &ca->journal.bio;
@@ -53047,6 +53181,278 @@ index 29eba72..348efc9 100644
bio_reset(bio);
bio->bi_iter.bi_sector = PTR_OFFSET(k, i);
+@@ -653,12 +656,13 @@ static void journal_write_unlocked(struct closure *cl)
+ continue_at(cl, journal_write_done, NULL);
+ }
+
+-static void journal_write(struct closure *cl)
++static void journal_write(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct cache_set *c = container_of(cl, struct cache_set, journal.io);
+
+ spin_lock(&c->journal.lock);
+- journal_write_unlocked(cl);
++ journal_write_unlocked(&cl->work);
+ }
+
+ static void journal_try_write(struct cache_set *c)
+diff --git a/drivers/md/bcache/movinggc.c b/drivers/md/bcache/movinggc.c
+index b929fc9..4557031 100644
+--- a/drivers/md/bcache/movinggc.c
++++ b/drivers/md/bcache/movinggc.c
+@@ -34,14 +34,16 @@ static bool moving_pred(struct keybuf *buf, struct bkey *k)
+
+ /* Moving GC - IO loop */
+
+-static void moving_io_destructor(struct closure *cl)
++static void moving_io_destructor(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct moving_io *io = container_of(cl, struct moving_io, cl);
+ kfree(io);
+ }
+
+-static void write_moving_finish(struct closure *cl)
++static void write_moving_finish(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct moving_io *io = container_of(cl, struct moving_io, cl);
+ struct bio *bio = &io->bio.bio;
+ struct bio_vec *bv;
+@@ -92,8 +94,9 @@ static void moving_init(struct moving_io *io)
+ bch_bio_map(bio, NULL);
+ }
+
+-static void write_moving(struct closure *cl)
++static void write_moving(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct moving_io *io = container_of(cl, struct moving_io, cl);
+ struct data_insert_op *op = &io->op;
+
+@@ -116,8 +119,9 @@ static void write_moving(struct closure *cl)
+ continue_at(cl, write_moving_finish, op->wq);
+ }
+
+-static void read_moving_submit(struct closure *cl)
++static void read_moving_submit(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct moving_io *io = container_of(cl, struct moving_io, cl);
+ struct bio *bio = &io->bio.bio;
+
+diff --git a/drivers/md/bcache/request.c b/drivers/md/bcache/request.c
+index 25fa844..8181a97 100644
+--- a/drivers/md/bcache/request.c
++++ b/drivers/md/bcache/request.c
+@@ -24,7 +24,7 @@
+
+ struct kmem_cache *bch_search_cache;
+
+-static void bch_data_insert_start(struct closure *);
++static void bch_data_insert_start(struct work_struct *);
+
+ static unsigned cache_mode(struct cached_dev *dc, struct bio *bio)
+ {
+@@ -53,8 +53,9 @@ static void bio_csum(struct bio *bio, struct bkey *k)
+
+ /* Insert data into cache */
+
+-static void bch_data_insert_keys(struct closure *cl)
++static void bch_data_insert_keys(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct data_insert_op *op = container_of(cl, struct data_insert_op, cl);
+ atomic_t *journal_ref = NULL;
+ struct bkey *replace_key = op->replace ? &op->replace_key : NULL;
+@@ -143,8 +144,9 @@ out:
+ continue_at(cl, bch_data_insert_keys, op->wq);
+ }
+
+-static void bch_data_insert_error(struct closure *cl)
++static void bch_data_insert_error(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct data_insert_op *op = container_of(cl, struct data_insert_op, cl);
+
+ /*
+@@ -170,7 +172,7 @@ static void bch_data_insert_error(struct closure *cl)
+
+ op->insert_keys.top = dst;
+
+- bch_data_insert_keys(cl);
++ bch_data_insert_keys(&cl->work);
+ }
+
+ static void bch_data_insert_endio(struct bio *bio)
+@@ -191,8 +193,9 @@ static void bch_data_insert_endio(struct bio *bio)
+ bch_bbio_endio(op->c, bio, bio->bi_error, "writing data to cache");
+ }
+
+-static void bch_data_insert_start(struct closure *cl)
++static void bch_data_insert_start(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct data_insert_op *op = container_of(cl, struct data_insert_op, cl);
+ struct bio *bio = op->bio, *n;
+
+@@ -313,8 +316,9 @@ err:
+ * If s->bypass is true, instead of inserting the data it invalidates the
+ * region of the cache represented by s->cache_bio and op->inode.
+ */
+-void bch_data_insert(struct closure *cl)
++void bch_data_insert(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct data_insert_op *op = container_of(cl, struct data_insert_op, cl);
+
+ trace_bcache_write(op->c, op->inode, op->bio,
+@@ -322,7 +326,7 @@ void bch_data_insert(struct closure *cl)
+
+ bch_keylist_init(&op->insert_keys);
+ bio_get(op->bio);
+- bch_data_insert_start(cl);
++ bch_data_insert_start(&cl->work);
+ }
+
+ /* Congested? */
+@@ -570,8 +574,9 @@ static int cache_lookup_fn(struct btree_op *op, struct btree *b, struct bkey *k)
+ return n == bio ? MAP_DONE : MAP_CONTINUE;
+ }
+
+-static void cache_lookup(struct closure *cl)
++static void cache_lookup(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct search *s = container_of(cl, struct search, iop.cl);
+ struct bio *bio = &s->bio.bio;
+ int ret;
+@@ -631,8 +636,9 @@ static void do_bio_hook(struct search *s, struct bio *orig_bio)
+ bio_cnt_set(bio, 3);
+ }
+
+-static void search_free(struct closure *cl)
++static void search_free(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct search *s = container_of(cl, struct search, cl);
+ bio_complete(s);
+
+@@ -676,19 +682,21 @@ static inline struct search *search_alloc(struct bio *bio,
+
+ /* Cached devices */
+
+-static void cached_dev_bio_complete(struct closure *cl)
++static void cached_dev_bio_complete(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct search *s = container_of(cl, struct search, cl);
+ struct cached_dev *dc = container_of(s->d, struct cached_dev, disk);
+
+- search_free(cl);
++ search_free(&cl->work);
+ cached_dev_put(dc);
+ }
+
+ /* Process reads */
+
+-static void cached_dev_cache_miss_done(struct closure *cl)
++static void cached_dev_cache_miss_done(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct search *s = container_of(cl, struct search, cl);
+
+ if (s->iop.replace_collision)
+@@ -702,11 +710,12 @@ static void cached_dev_cache_miss_done(struct closure *cl)
+ __free_page(bv->bv_page);
+ }
+
+- cached_dev_bio_complete(cl);
++ cached_dev_bio_complete(&cl->work);
+ }
+
+-static void cached_dev_read_error(struct closure *cl)
++static void cached_dev_read_error(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct search *s = container_of(cl, struct search, cl);
+ struct bio *bio = &s->bio.bio;
+
+@@ -725,8 +734,9 @@ static void cached_dev_read_error(struct closure *cl)
+ continue_at(cl, cached_dev_cache_miss_done, NULL);
+ }
+
+-static void cached_dev_read_done(struct closure *cl)
++static void cached_dev_read_done(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct search *s = container_of(cl, struct search, cl);
+ struct cached_dev *dc = container_of(s->d, struct cached_dev, disk);
+
+@@ -765,8 +775,9 @@ static void cached_dev_read_done(struct closure *cl)
+ continue_at(cl, cached_dev_cache_miss_done, NULL);
+ }
+
+-static void cached_dev_read_done_bh(struct closure *cl)
++static void cached_dev_read_done_bh(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct search *s = container_of(cl, struct search, cl);
+ struct cached_dev *dc = container_of(s->d, struct cached_dev, disk);
+
+@@ -864,13 +875,14 @@ static void cached_dev_read(struct cached_dev *dc, struct search *s)
+
+ /* Process writes */
+
+-static void cached_dev_write_complete(struct closure *cl)
++static void cached_dev_write_complete(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct search *s = container_of(cl, struct search, cl);
+ struct cached_dev *dc = container_of(s->d, struct cached_dev, disk);
+
+ up_read_non_owner(&dc->writeback_lock);
+- cached_dev_bio_complete(cl);
++ cached_dev_bio_complete(&cl->work);
+ }
+
+ static void cached_dev_write(struct cached_dev *dc, struct search *s)
+@@ -942,8 +954,9 @@ static void cached_dev_write(struct cached_dev *dc, struct search *s)
+ continue_at(cl, cached_dev_write_complete, NULL);
+ }
+
+-static void cached_dev_nodata(struct closure *cl)
++static void cached_dev_nodata(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct search *s = container_of(cl, struct search, cl);
+ struct bio *bio = &s->bio.bio;
+
+@@ -1063,8 +1076,9 @@ static int flash_dev_cache_miss(struct btree *b, struct search *s,
+ return MAP_CONTINUE;
+ }
+
+-static void flash_dev_nodata(struct closure *cl)
++static void flash_dev_nodata(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct search *s = container_of(cl, struct search, cl);
+
+ if (s->iop.flush_journal)
+diff --git a/drivers/md/bcache/request.h b/drivers/md/bcache/request.h
+index 1ff3687..b8f4a05 100644
+--- a/drivers/md/bcache/request.h
++++ b/drivers/md/bcache/request.h
+@@ -33,7 +33,7 @@ struct data_insert_op {
+ };
+
+ unsigned bch_get_congested(struct cache_set *);
+-void bch_data_insert(struct closure *cl);
++void bch_data_insert(struct work_struct *work);
+
+ void bch_cached_dev_request_init(struct cached_dev *dc);
+ void bch_flash_dev_request_init(struct bcache_device *d);
diff --git a/drivers/md/bcache/stats.c b/drivers/md/bcache/stats.c
index 0ca072c..5e6e5c3 100644
--- a/drivers/md/bcache/stats.c
@@ -53161,10 +53567,43 @@ index adbff14..018c2d2 100644
struct cache_stat_collector collector;
diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c
-index a296425..397607e 100644
+index a296425..c5d881c 100644
--- a/drivers/md/bcache/super.c
+++ b/drivers/md/bcache/super.c
-@@ -530,7 +530,7 @@ void bch_prio_write(struct cache *ca)
+@@ -241,8 +241,9 @@ static void __write_super(struct cache_sb *sb, struct bio *bio)
+ submit_bio(REQ_WRITE, bio);
+ }
+
+-static void bch_write_bdev_super_unlock(struct closure *cl)
++static void bch_write_bdev_super_unlock(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct cached_dev *dc = container_of(cl, struct cached_dev, sb_write);
+
+ up(&dc->sb_write_mutex);
+@@ -275,8 +276,9 @@ static void write_super_endio(struct bio *bio)
+ closure_put(&ca->set->sb_write);
+ }
+
+-static void bcache_write_super_unlock(struct closure *cl)
++static void bcache_write_super_unlock(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct cache_set *c = container_of(cl, struct cache_set, sb_write);
+
+ up(&c->sb_write_mutex);
+@@ -326,8 +328,9 @@ static void uuid_endio(struct bio *bio)
+ closure_put(cl);
+ }
+
+-static void uuid_io_unlock(struct closure *cl)
++static void uuid_io_unlock(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct cache_set *c = container_of(cl, struct cache_set, uuid_write);
+
+ up(&c->uuid_write_mutex);
+@@ -530,7 +533,7 @@ void bch_prio_write(struct cache *ca)
ca->disk_buckets->seq++;
@@ -53173,6 +53612,83 @@ index a296425..397607e 100644
&ca->meta_sectors_written);
//pr_debug("free %zu, free_inc %zu, unused %zu", fifo_used(&ca->free),
+@@ -1049,8 +1052,9 @@ void bch_cached_dev_release(struct kobject *kobj)
+ module_put(THIS_MODULE);
+ }
+
+-static void cached_dev_free(struct closure *cl)
++static void cached_dev_free(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct cached_dev *dc = container_of(cl, struct cached_dev, disk.cl);
+
+ cancel_delayed_work_sync(&dc->writeback_rate_update);
+@@ -1074,8 +1078,9 @@ static void cached_dev_free(struct closure *cl)
+ kobject_put(&dc->disk.kobj);
+ }
+
+-static void cached_dev_flush(struct closure *cl)
++static void cached_dev_flush(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct cached_dev *dc = container_of(cl, struct cached_dev, disk.cl);
+ struct bcache_device *d = &dc->disk;
+
+@@ -1191,8 +1196,9 @@ void bch_flash_dev_release(struct kobject *kobj)
+ kfree(d);
+ }
+
+-static void flash_dev_free(struct closure *cl)
++static void flash_dev_free(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct bcache_device *d = container_of(cl, struct bcache_device, cl);
+ mutex_lock(&bch_register_lock);
+ bcache_device_free(d);
+@@ -1200,8 +1206,9 @@ static void flash_dev_free(struct closure *cl)
+ kobject_put(&d->kobj);
+ }
+
+-static void flash_dev_flush(struct closure *cl)
++static void flash_dev_flush(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct bcache_device *d = container_of(cl, struct bcache_device, cl);
+
+ mutex_lock(&bch_register_lock);
+@@ -1320,8 +1327,9 @@ void bch_cache_set_release(struct kobject *kobj)
+ module_put(THIS_MODULE);
+ }
+
+-static void cache_set_free(struct closure *cl)
++static void cache_set_free(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct cache_set *c = container_of(cl, struct cache_set, cl);
+ struct cache *ca;
+ unsigned i;
+@@ -1366,8 +1374,9 @@ static void cache_set_free(struct closure *cl)
+ kobject_put(&c->kobj);
+ }
+
+-static void cache_set_flush(struct closure *cl)
++static void cache_set_flush(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct cache_set *c = container_of(cl, struct cache_set, caching);
+ struct cache *ca;
+ struct btree *b;
+@@ -1408,8 +1417,9 @@ static void cache_set_flush(struct closure *cl)
+ closure_return(cl);
+ }
+
+-static void __cache_set_unregister(struct closure *cl)
++static void __cache_set_unregister(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct cache_set *c = container_of(cl, struct cache_set, caching);
+ struct cached_dev *dc;
+ size_t i;
diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c
index b3ff57d..b2e30fb 100644
--- a/drivers/md/bcache/sysfs.c
@@ -53215,6 +53731,51 @@ index b3ff57d..b2e30fb 100644
}
return size;
+diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c
+index b9346cd..708ea8f 100644
+--- a/drivers/md/bcache/writeback.c
++++ b/drivers/md/bcache/writeback.c
+@@ -118,14 +118,16 @@ static void dirty_init(struct keybuf_key *w)
+ bch_bio_map(bio, NULL);
+ }
+
+-static void dirty_io_destructor(struct closure *cl)
++static void dirty_io_destructor(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct dirty_io *io = container_of(cl, struct dirty_io, cl);
+ kfree(io);
+ }
+
+-static void write_dirty_finish(struct closure *cl)
++static void write_dirty_finish(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct dirty_io *io = container_of(cl, struct dirty_io, cl);
+ struct keybuf_key *w = io->bio.bi_private;
+ struct cached_dev *dc = io->dc;
+@@ -177,8 +179,9 @@ static void dirty_endio(struct bio *bio)
+ closure_put(&io->cl);
+ }
+
+-static void write_dirty(struct closure *cl)
++static void write_dirty(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct dirty_io *io = container_of(cl, struct dirty_io, cl);
+ struct keybuf_key *w = io->bio.bi_private;
+
+@@ -204,8 +207,9 @@ static void read_dirty_endio(struct bio *bio)
+ dirty_endio(bio);
+ }
+
+-static void read_dirty_submit(struct closure *cl)
++static void read_dirty_submit(struct work_struct *work)
+ {
++ struct closure *cl = container_of(work, struct closure, work);
+ struct dirty_io *io = container_of(cl, struct dirty_io, cl);
+
+ closure_bio_submit(&io->bio, cl);
diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c
index d80cce4..d7f15c4 100644
--- a/drivers/md/bitmap.c
@@ -54725,6 +55286,19 @@ index 80caa70..d076ecf 100644
vma->vm_ops = &zoran_vm_ops;
vma->vm_flags |= VM_DONTEXPAND;
+diff --git a/drivers/media/platform/am437x/am437x-vpfe.c b/drivers/media/platform/am437x/am437x-vpfe.c
+index de32e3a..e6a7bff 100644
+--- a/drivers/media/platform/am437x/am437x-vpfe.c
++++ b/drivers/media/platform/am437x/am437x-vpfe.c
+@@ -1706,7 +1706,7 @@ static int vpfe_get_app_input_index(struct vpfe_device *vpfe,
+ sdinfo = &cfg->sub_devs[i];
+ client = v4l2_get_subdevdata(sdinfo->sd);
+ if (client->addr == curr_client->addr &&
+- client->adapter->nr == client->adapter->nr) {
++ client->adapter->nr == curr_client->adapter->nr) {
+ if (vpfe->current_input >= 1)
+ return -1;
+ *app_input_index = j + vpfe->current_input;
diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c
index 70c28d1..ff21b13 100644
--- a/drivers/media/platform/omap/omap_vout.c
@@ -56578,7 +57152,7 @@ index f7ab115..16b2087 100644
if (!irq) {
dev_warn(tps65910->dev, "No interrupt support, no core IRQ\n");
diff --git a/drivers/mfd/twl4030-irq.c b/drivers/mfd/twl4030-irq.c
-index 40e51b0..b986312 100644
+index 40e51b0..af35565 100644
--- a/drivers/mfd/twl4030-irq.c
+++ b/drivers/mfd/twl4030-irq.c
@@ -34,6 +34,7 @@
@@ -56597,16 +57171,16 @@ index 40e51b0..b986312 100644
- twl4030_irq_chip.name = "twl4030";
+ pax_open_kernel();
+ memcpy((void *)&twl4030_irq_chip, &dummy_irq_chip, sizeof twl4030_irq_chip);
-+ *(const char **)&twl4030_irq_chip.name = "twl4030";
++ const_cast(twl4030_irq_chip.name) = "twl4030";
- twl4030_sih_irq_chip.irq_ack = dummy_irq_chip.irq_ack;
-+ *(void **)&twl4030_sih_irq_chip.irq_ack = dummy_irq_chip.irq_ack;
++ const_cast(twl4030_sih_irq_chip.irq_ack) = dummy_irq_chip.irq_ack;
+ pax_close_kernel();
for (i = irq_base; i < irq_end; i++) {
irq_set_chip_and_handler(i, &twl4030_irq_chip,
diff --git a/drivers/misc/c2port/core.c b/drivers/misc/c2port/core.c
-index cc8645b..7cc15e4 100644
+index cc8645b..ab85ae4 100644
--- a/drivers/misc/c2port/core.c
+++ b/drivers/misc/c2port/core.c
@@ -922,7 +922,9 @@ struct c2port_device *c2port_device_register(char *name,
@@ -56615,7 +57189,7 @@ index cc8645b..7cc15e4 100644
- bin_attr_flash_data.size = ops->blocks_num * ops->block_size;
+ pax_open_kernel();
-+ *(size_t *)&bin_attr_flash_data.size = ops->blocks_num * ops->block_size;
++ const_cast(bin_attr_flash_data.size) = ops->blocks_num * ops->block_size;
+ pax_close_kernel();
c2dev->dev = device_create(c2port_class, NULL, 0, c2dev,
@@ -56705,7 +57279,7 @@ index c439c82..1f20f57 100644
int mapped_btns[3];
diff --git a/drivers/misc/mic/scif/scif_api.c b/drivers/misc/mic/scif/scif_api.c
-index ddc9e4b..7b9c669 100644
+index ddc9e4b..9e27f41 100644
--- a/drivers/misc/mic/scif/scif_api.c
+++ b/drivers/misc/mic/scif/scif_api.c
@@ -1486,10 +1486,12 @@ int scif_client_register(struct scif_client *client)
@@ -56717,10 +57291,10 @@ index ddc9e4b..7b9c669 100644
- si->add_dev = scif_add_client_dev;
- si->remove_dev = scif_remove_client_dev;
+ pax_open_kernel();
-+ *(const char **)&si->name = client->name;
-+ *(struct bus_type **)&si->subsys = &scif_peer_bus;
-+ *(void **)&si->add_dev = scif_add_client_dev;
-+ *(void **)&si->remove_dev = scif_remove_client_dev;
++ const_cast(si->name) = client->name;
++ const_cast(si->subsys) = &scif_peer_bus;
++ const_cast(si->add_dev) = scif_add_client_dev;
++ const_cast(si->remove_dev) = scif_remove_client_dev;
+ pax_close_kernel();
return subsys_interface_register(&client->si);
@@ -57235,7 +57809,7 @@ index f695b58..7b7d017 100644
+} __do_const;
#endif /* _DW_MMC_H_ */
diff --git a/drivers/mmc/host/mmci.c b/drivers/mmc/host/mmci.c
-index 0d6ca41..d438654 100644
+index 0d6ca41..bdc6710 100644
--- a/drivers/mmc/host/mmci.c
+++ b/drivers/mmc/host/mmci.c
@@ -1634,7 +1634,9 @@ static int mmci_probe(struct amba_device *dev,
@@ -57244,13 +57818,13 @@ index 0d6ca41..d438654 100644
if (variant->busy_detect) {
- mmci_ops.card_busy = mmci_card_busy;
+ pax_open_kernel();
-+ *(void **)&mmci_ops.card_busy = mmci_card_busy;
++ const_cast(mmci_ops.card_busy) = mmci_card_busy;
+ pax_close_kernel();
mmci_write_datactrlreg(host, MCI_ST_DPSM_BUSYMODE);
mmc->caps |= MMC_CAP_WAIT_WHILE_BUSY;
mmc->max_busy_timeout = 0;
diff --git a/drivers/mmc/host/omap_hsmmc.c b/drivers/mmc/host/omap_hsmmc.c
-index f6e4d97..57358ff 100644
+index f6e4d97..8bd8c05 100644
--- a/drivers/mmc/host/omap_hsmmc.c
+++ b/drivers/mmc/host/omap_hsmmc.c
@@ -2088,7 +2088,9 @@ static int omap_hsmmc_probe(struct platform_device *pdev)
@@ -57259,13 +57833,13 @@ index f6e4d97..57358ff 100644
dev_info(&pdev->dev, "multiblock reads disabled due to 35xx erratum 2.1.1.128; MMC read performance may suffer\n");
- omap_hsmmc_ops.multi_io_quirk = omap_hsmmc_multi_io_quirk;
+ pax_open_kernel();
-+ *(void **)&omap_hsmmc_ops.multi_io_quirk = omap_hsmmc_multi_io_quirk;
++ const_cast(omap_hsmmc_ops.multi_io_quirk) = omap_hsmmc_multi_io_quirk;
+ pax_close_kernel();
}
device_init_wakeup(&pdev->dev, true);
diff --git a/drivers/mmc/host/sdhci-esdhc-imx.c b/drivers/mmc/host/sdhci-esdhc-imx.c
-index f25f292..a0e1250 100644
+index f25f292..7f4b03f 100644
--- a/drivers/mmc/host/sdhci-esdhc-imx.c
+++ b/drivers/mmc/host/sdhci-esdhc-imx.c
@@ -1194,9 +1194,12 @@ static int sdhci_esdhc_imx_probe(struct platform_device *pdev)
@@ -57276,7 +57850,7 @@ index f25f292..a0e1250 100644
- sdhci_esdhc_ops.platform_execute_tuning =
+ if (imx_data->socdata->flags & ESDHC_FLAG_MAN_TUNING) {
+ pax_open_kernel();
-+ *(void **)&sdhci_esdhc_ops.platform_execute_tuning =
++ const_cast(sdhci_esdhc_ops.platform_execute_tuning) =
esdhc_executing_tuning;
+ pax_close_kernel();
+ }
@@ -57284,7 +57858,7 @@ index f25f292..a0e1250 100644
if (imx_data->socdata->flags & ESDHC_FLAG_STD_TUNING)
writel(readl(host->ioaddr + ESDHC_TUNING_CTRL) |
diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c
-index 70c724b..308aafc 100644
+index 70c724b..0c24beb 100644
--- a/drivers/mmc/host/sdhci-s3c.c
+++ b/drivers/mmc/host/sdhci-s3c.c
@@ -598,9 +598,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev)
@@ -57295,9 +57869,9 @@ index 70c724b..308aafc 100644
- sdhci_s3c_ops.get_min_clock = sdhci_cmu_get_min_clock;
- sdhci_s3c_ops.get_max_clock = sdhci_cmu_get_max_clock;
+ pax_open_kernel();
-+ *(void **)&sdhci_s3c_ops.set_clock = sdhci_cmu_set_clock;
-+ *(void **)&sdhci_s3c_ops.get_min_clock = sdhci_cmu_get_min_clock;
-+ *(void **)&sdhci_s3c_ops.get_max_clock = sdhci_cmu_get_max_clock;
++ const_cast(sdhci_s3c_ops.set_clock) = sdhci_cmu_set_clock;
++ const_cast(sdhci_s3c_ops.get_min_clock) = sdhci_cmu_get_min_clock;
++ const_cast(sdhci_s3c_ops.get_max_clock) = sdhci_cmu_get_max_clock;
+ pax_close_kernel();
}
@@ -59971,7 +60545,7 @@ index 245c063..74ed9c9 100644
mdio_cmd->op = op;
mdio_cmd->mdio_addr = loc;
diff --git a/drivers/net/ethernet/cavium/liquidio/lio_main.c b/drivers/net/ethernet/cavium/liquidio/lio_main.c
-index 34d269c..43dcc17 100644
+index 34d269c..69e1ac2 100644
--- a/drivers/net/ethernet/cavium/liquidio/lio_main.c
+++ b/drivers/net/ethernet/cavium/liquidio/lio_main.c
@@ -475,7 +475,7 @@ static void stop_pci_io(struct octeon_device *oct)
@@ -60018,7 +60592,7 @@ index 34d269c..43dcc17 100644
- lionetdevops.ndo_select_queue = select_q;
+ if (num_iqueues > 1) {
+ pax_open_kernel();
-+ *(void **)&lionetdevops.ndo_select_queue = select_q;
++ const_cast(lionetdevops.ndo_select_queue) = select_q;
+ pax_close_kernel();
+ }
@@ -60316,7 +60890,7 @@ index e51892d..3e645f4 100644
struct hix5hd2_priv *priv = netdev_priv(dev);
struct hix5hd2_desc *desc;
diff --git a/drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c b/drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c
-index d4f92ed..38fdf5b 100644
+index d4f92ed..d4755e0 100644
--- a/drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c
+++ b/drivers/net/ethernet/hisilicon/hns/hns_ae_adapt.c
@@ -857,16 +857,18 @@ int hns_dsaf_ae_init(struct dsaf_device *dsaf_dev)
@@ -60327,11 +60901,11 @@ index d4f92ed..38fdf5b 100644
switch (dsaf_dev->dsaf_ver) {
case AE_VERSION_1:
- hns_dsaf_ops.toggle_ring_irq = hns_ae_toggle_ring_irq;
-+ *(void **)&hns_dsaf_ops.toggle_ring_irq = hns_ae_toggle_ring_irq;
++ const_cast(hns_dsaf_ops.toggle_ring_irq) = hns_ae_toggle_ring_irq;
break;
case AE_VERSION_2:
- hns_dsaf_ops.toggle_ring_irq = hns_aev2_toggle_ring_irq;
-+ *(void **)&hns_dsaf_ops.toggle_ring_irq = hns_aev2_toggle_ring_irq;
++ const_cast(hns_dsaf_ops.toggle_ring_irq) = hns_aev2_toggle_ring_irq;
break;
default:
break;
@@ -60809,7 +61383,7 @@ index 6409a06..e5bd4d6 100644
struct netxen_adapter *adapter = pci_get_drvdata(pdev);
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c
-index bf89216..4044d8c 100644
+index bf89216..b08442a 100644
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c
@@ -2324,7 +2324,9 @@ int qlcnic_83xx_configure_opmode(struct qlcnic_adapter *adapter)
@@ -60818,13 +61392,13 @@ index bf89216..4044d8c 100644
ahw->nic_mode = QLCNIC_DEFAULT_MODE;
- adapter->nic_ops->init_driver = qlcnic_83xx_init_default_driver;
+ pax_open_kernel();
-+ *(void **)&adapter->nic_ops->init_driver = qlcnic_83xx_init_default_driver;
++ const_cast(adapter->nic_ops->init_driver) = qlcnic_83xx_init_default_driver;
+ pax_close_kernel();
ahw->idc.state_entry = qlcnic_83xx_idc_ready_state_entry;
max_sds_rings = QLCNIC_MAX_SDS_RINGS;
max_tx_rings = QLCNIC_MAX_TX_RINGS;
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c
-index 3490675..0b9e15a 100644
+index 3490675..cf148ea 100644
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_vnic.c
@@ -207,17 +207,23 @@ int qlcnic_83xx_config_vnic_opmode(struct qlcnic_adapter *adapter)
@@ -60833,7 +61407,7 @@ index 3490675..0b9e15a 100644
ahw->idc.state_entry = qlcnic_83xx_idc_ready_state_entry;
- nic_ops->init_driver = qlcnic_83xx_init_non_privileged_vnic;
+ pax_open_kernel();
-+ *(void **)&nic_ops->init_driver = qlcnic_83xx_init_non_privileged_vnic;
++ const_cast(nic_ops->init_driver) = qlcnic_83xx_init_non_privileged_vnic;
+ pax_close_kernel();
break;
case QLCNIC_PRIV_FUNC:
@@ -60841,7 +61415,7 @@ index 3490675..0b9e15a 100644
ahw->idc.state_entry = qlcnic_83xx_idc_vnic_pf_entry;
- nic_ops->init_driver = qlcnic_83xx_init_privileged_vnic;
+ pax_open_kernel();
-+ *(void **)&nic_ops->init_driver = qlcnic_83xx_init_privileged_vnic;
++ const_cast(nic_ops->init_driver) = qlcnic_83xx_init_privileged_vnic;
+ pax_close_kernel();
break;
case QLCNIC_MGMT_FUNC:
@@ -60849,7 +61423,7 @@ index 3490675..0b9e15a 100644
ahw->idc.state_entry = qlcnic_83xx_idc_ready_state_entry;
- nic_ops->init_driver = qlcnic_83xx_init_mgmt_vnic;
+ pax_open_kernel();
-+ *(void **)&nic_ops->init_driver = qlcnic_83xx_init_mgmt_vnic;
++ const_cast(nic_ops->init_driver) = qlcnic_83xx_init_mgmt_vnic;
+ pax_close_kernel();
break;
default:
@@ -61604,7 +62178,7 @@ index f9db2ce..6cd460c 100644
}
diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
-index 94e6888..1d08b6a 100644
+index 94e6888..c5c3f55 100644
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -335,7 +335,7 @@ static void macvlan_broadcast_enqueue(struct macvlan_port *port,
@@ -61628,13 +62202,13 @@ index 94e6888..1d08b6a 100644
- ops->get_size = macvlan_get_size;
- ops->fill_info = macvlan_fill_info;
+ pax_open_kernel();
-+ *(size_t *)&ops->priv_size = sizeof(struct macvlan_dev);
-+ *(void **)&ops->validate = macvlan_validate;
-+ *(int *)&ops->maxtype = IFLA_MACVLAN_MAX;
-+ *(const void **)&ops->policy = macvlan_policy;
-+ *(void **)&ops->changelink = macvlan_changelink;
-+ *(void **)&ops->get_size = macvlan_get_size;
-+ *(void **)&ops->fill_info = macvlan_fill_info;
++ const_cast(ops->priv_size) = sizeof(struct macvlan_dev);
++ const_cast(ops->validate) = macvlan_validate;
++ const_cast(ops->maxtype) = IFLA_MACVLAN_MAX;
++ const_cast(ops->policy) = macvlan_policy;
++ const_cast(ops->changelink) = macvlan_changelink;
++ const_cast(ops->get_size) = macvlan_get_size;
++ const_cast(ops->fill_info) = macvlan_fill_info;
+ pax_close_kernel();
return rtnl_link_register(ops);
@@ -62585,7 +63159,7 @@ index 831a544..d846785 100644
struct ath_nf_limits {
s16 max;
diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c
-index c1b33fd..9f904b1 100644
+index c1b33fd..d61f3b4 100644
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
@@ -2589,16 +2589,18 @@ void ath9k_fill_chanctx_ops(void)
@@ -62603,16 +63177,16 @@ index c1b33fd..9f904b1 100644
- ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx;
- ath9k_ops.mgd_prepare_tx = ath9k_mgd_prepare_tx;
+ pax_open_kernel();
-+ *(void **)&ath9k_ops.hw_scan = ath9k_hw_scan;
-+ *(void **)&ath9k_ops.cancel_hw_scan = ath9k_cancel_hw_scan;
-+ *(void **)&ath9k_ops.remain_on_channel = ath9k_remain_on_channel;
-+ *(void **)&ath9k_ops.cancel_remain_on_channel = ath9k_cancel_remain_on_channel;
-+ *(void **)&ath9k_ops.add_chanctx = ath9k_add_chanctx;
-+ *(void **)&ath9k_ops.remove_chanctx = ath9k_remove_chanctx;
-+ *(void **)&ath9k_ops.change_chanctx = ath9k_change_chanctx;
-+ *(void **)&ath9k_ops.assign_vif_chanctx = ath9k_assign_vif_chanctx;
-+ *(void **)&ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx;
-+ *(void **)&ath9k_ops.mgd_prepare_tx = ath9k_mgd_prepare_tx;
++ const_cast(ath9k_ops.hw_scan) = ath9k_hw_scan;
++ const_cast(ath9k_ops.cancel_hw_scan) = ath9k_cancel_hw_scan;
++ const_cast(ath9k_ops.remain_on_channel) = ath9k_remain_on_channel;
++ const_cast(ath9k_ops.cancel_remain_on_channel) = ath9k_cancel_remain_on_channel;
++ const_cast(ath9k_ops.add_chanctx) = ath9k_add_chanctx;
++ const_cast(ath9k_ops.remove_chanctx) = ath9k_remove_chanctx;
++ const_cast(ath9k_ops.change_chanctx) = ath9k_change_chanctx;
++ const_cast(ath9k_ops.assign_vif_chanctx) = ath9k_assign_vif_chanctx;
++ const_cast(ath9k_ops.unassign_vif_chanctx) = ath9k_unassign_vif_chanctx;
++ const_cast(ath9k_ops.mgd_prepare_tx) = ath9k_mgd_prepare_tx;
+ pax_close_kernel();
}
@@ -63861,7 +64435,7 @@ index ed0adaf..4bb4f53 100644
return ret;
}
diff --git a/drivers/net/wireless/intel/iwlegacy/3945-mac.c b/drivers/net/wireless/intel/iwlegacy/3945-mac.c
-index af1b3e6..9bc08d3 100644
+index af1b3e6..c014779 100644
--- a/drivers/net/wireless/intel/iwlegacy/3945-mac.c
+++ b/drivers/net/wireless/intel/iwlegacy/3945-mac.c
@@ -1399,8 +1399,9 @@ il3945_dump_nic_error_log(struct il_priv *il)
@@ -63899,7 +64473,7 @@ index af1b3e6..9bc08d3 100644
D_INFO("Disabling hw_scan\n");
- il3945_mac_ops.hw_scan = NULL;
+ pax_open_kernel();
-+ *(void **)&il3945_mac_ops.hw_scan = NULL;
++ const_cast(il3945_mac_ops.hw_scan) = NULL;
+ pax_close_kernel();
}
@@ -65682,7 +66256,7 @@ index 48e8a97..3499ec8 100644
const struct iw_handler_def prism54_handler_def = {
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
-index a28414c..26c8768 100644
+index a28414c..ad61156 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -3218,20 +3218,20 @@ static int __init init_mac80211_hwsim(void)
@@ -65705,17 +66279,17 @@ index a28414c..26c8768 100644
- mac80211_hwsim_unassign_vif_chanctx;
+ pax_open_kernel();
+ memcpy((void *)&mac80211_hwsim_mchan_ops, &mac80211_hwsim_ops, sizeof mac80211_hwsim_mchan_ops);
-+ *(void **)&mac80211_hwsim_mchan_ops.hw_scan = mac80211_hwsim_hw_scan;
-+ *(void **)&mac80211_hwsim_mchan_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan;
-+ *(void **)&mac80211_hwsim_mchan_ops.sw_scan_start = NULL;
-+ *(void **)&mac80211_hwsim_mchan_ops.sw_scan_complete = NULL;
-+ *(void **)&mac80211_hwsim_mchan_ops.remain_on_channel = mac80211_hwsim_roc;
-+ *(void **)&mac80211_hwsim_mchan_ops.cancel_remain_on_channel = mac80211_hwsim_croc;
-+ *(void **)&mac80211_hwsim_mchan_ops.add_chanctx = mac80211_hwsim_add_chanctx;
-+ *(void **)&mac80211_hwsim_mchan_ops.remove_chanctx = mac80211_hwsim_remove_chanctx;
-+ *(void **)&mac80211_hwsim_mchan_ops.change_chanctx = mac80211_hwsim_change_chanctx;
-+ *(void **)&mac80211_hwsim_mchan_ops.assign_vif_chanctx = mac80211_hwsim_assign_vif_chanctx;
-+ *(void **)&mac80211_hwsim_mchan_ops.unassign_vif_chanctx = mac80211_hwsim_unassign_vif_chanctx;
++ const_cast(mac80211_hwsim_mchan_ops.hw_scan) = mac80211_hwsim_hw_scan;
++ const_cast(mac80211_hwsim_mchan_ops.cancel_hw_scan) = mac80211_hwsim_cancel_hw_scan;
++ const_cast(mac80211_hwsim_mchan_ops.sw_scan_start) = NULL;
++ const_cast(mac80211_hwsim_mchan_ops.sw_scan_complete) = NULL;
++ const_cast(mac80211_hwsim_mchan_ops.remain_on_channel) = mac80211_hwsim_roc;
++ const_cast(mac80211_hwsim_mchan_ops.cancel_remain_on_channel) = mac80211_hwsim_croc;
++ const_cast(mac80211_hwsim_mchan_ops.add_chanctx) = mac80211_hwsim_add_chanctx;
++ const_cast(mac80211_hwsim_mchan_ops.remove_chanctx) = mac80211_hwsim_remove_chanctx;
++ const_cast(mac80211_hwsim_mchan_ops.change_chanctx) = mac80211_hwsim_change_chanctx;
++ const_cast(mac80211_hwsim_mchan_ops.assign_vif_chanctx) = mac80211_hwsim_assign_vif_chanctx;
++ const_cast(mac80211_hwsim_mchan_ops.unassign_vif_chanctx) = mac80211_hwsim_unassign_vif_chanctx;
+ pax_close_kernel();
spin_lock_init(&hwsim_radio_lock);
@@ -66131,7 +66705,7 @@ index 29dfc51..8297755 100644
void rtl_swlps_rf_sleep(struct ieee80211_hw *hw);
void rtl_p2p_ps_cmd(struct ieee80211_hw *hw , u8 p2p_ps_state);
diff --git a/drivers/net/wireless/ti/wl1251/sdio.c b/drivers/net/wireless/ti/wl1251/sdio.c
-index b661f896..ddf7d2b 100644
+index b661f896..ebea675 100644
--- a/drivers/net/wireless/ti/wl1251/sdio.c
+++ b/drivers/net/wireless/ti/wl1251/sdio.c
@@ -282,13 +282,17 @@ static int wl1251_sdio_probe(struct sdio_func *func,
@@ -66141,8 +66715,8 @@ index b661f896..ddf7d2b 100644
- wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq;
- wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq;
+ pax_open_kernel();
-+ *(void **)&wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq;
-+ *(void **)&wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq;
++ const_cast(wl1251_sdio_ops.enable_irq) = wl1251_enable_line_irq;
++ const_cast(wl1251_sdio_ops.disable_irq) = wl1251_disable_line_irq;
+ pax_close_kernel();
wl1251_info("using dedicated interrupt line");
@@ -66150,14 +66724,14 @@ index b661f896..ddf7d2b 100644
- wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq;
- wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq;
+ pax_open_kernel();
-+ *(void **)&wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq;
-+ *(void **)&wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq;
++ const_cast(wl1251_sdio_ops.enable_irq) = wl1251_sdio_enable_irq;
++ const_cast(wl1251_sdio_ops.disable_irq) = wl1251_sdio_disable_irq;
+ pax_close_kernel();
wl1251_info("using SDIO interrupt");
}
diff --git a/drivers/net/wireless/ti/wl12xx/main.c b/drivers/net/wireless/ti/wl12xx/main.c
-index a0d6ccc..93d9ac5 100644
+index a0d6ccc..36e1ae3 100644
--- a/drivers/net/wireless/ti/wl12xx/main.c
+++ b/drivers/net/wireless/ti/wl12xx/main.c
@@ -656,7 +656,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl)
@@ -66166,7 +66740,7 @@ index a0d6ccc..93d9ac5 100644
/* read data preparation is only needed by wl127x */
- wl->ops->prepare_read = wl127x_prepare_read;
+ pax_open_kernel();
-+ *(void **)&wl->ops->prepare_read = wl127x_prepare_read;
++ const_cast(wl->ops->prepare_read) = wl127x_prepare_read;
+ pax_close_kernel();
wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER,
@@ -66177,13 +66751,13 @@ index a0d6ccc..93d9ac5 100644
/* read data preparation is only needed by wl127x */
- wl->ops->prepare_read = wl127x_prepare_read;
+ pax_open_kernel();
-+ *(void **)&wl->ops->prepare_read = wl127x_prepare_read;
++ const_cast(wl->ops->prepare_read) = wl127x_prepare_read;
+ pax_close_kernel();
wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER,
WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER,
diff --git a/drivers/net/wireless/ti/wl18xx/main.c b/drivers/net/wireless/ti/wl18xx/main.c
-index 1bf26cc..3b15c02 100644
+index 1bf26cc..7dd1267 100644
--- a/drivers/net/wireless/ti/wl18xx/main.c
+++ b/drivers/net/wireless/ti/wl18xx/main.c
@@ -2018,8 +2018,10 @@ static int wl18xx_setup(struct wl1271 *wl)
@@ -66193,8 +66767,8 @@ index 1bf26cc..3b15c02 100644
- wl18xx_ops.set_rx_csum = NULL;
- wl18xx_ops.init_vif = NULL;
+ pax_open_kernel();
-+ *(void **)&wl18xx_ops.set_rx_csum = NULL;
-+ *(void **)&wl18xx_ops.init_vif = NULL;
++ const_cast(wl18xx_ops.set_rx_csum) = NULL;
++ const_cast(wl18xx_ops.init_vif) = NULL;
+ pax_close_kernel();
}
@@ -66687,7 +67261,7 @@ index 680f578..cf80097 100644
struct nvme_dev *dev = pci_get_drvdata(pdev);
diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
-index 655f79d..509e3cd 100644
+index 655f79d..c684ede 100644
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -1170,7 +1170,9 @@ static int __init of_fdt_raw_init(void)
@@ -66696,7 +67270,7 @@ index 655f79d..509e3cd 100644
}
- of_fdt_raw_attr.size = fdt_totalsize(initial_boot_params);
+ pax_open_kernel();
-+ *(size_t *)&of_fdt_raw_attr.size = fdt_totalsize(initial_boot_params);
++ const_cast(of_fdt_raw_attr.size) = fdt_totalsize(initial_boot_params);
+ pax_close_kernel();
return sysfs_create_bin_file(firmware_kobj, &of_fdt_raw_attr);
}
@@ -66881,7 +67455,7 @@ index 1652bc7..4f999c4 100644
struct gen_pci_cfg_windows {
struct resource res;
diff --git a/drivers/pci/hotplug/acpiphp_ibm.c b/drivers/pci/hotplug/acpiphp_ibm.c
-index 2f6d3a1..5bc1bf1 100644
+index 2f6d3a1..cb43cfc 100644
--- a/drivers/pci/hotplug/acpiphp_ibm.c
+++ b/drivers/pci/hotplug/acpiphp_ibm.c
@@ -463,7 +463,9 @@ static int __init ibm_acpiphp_init(void)
@@ -66890,7 +67464,7 @@ index 2f6d3a1..5bc1bf1 100644
- ibm_apci_table_attr.size = ibm_get_table_from_acpi(NULL);
+ pax_open_kernel();
-+ *(size_t *)&ibm_apci_table_attr.size = ibm_get_table_from_acpi(NULL);
++ const_cast(ibm_apci_table_attr.size) = ibm_get_table_from_acpi(NULL);
+ pax_close_kernel();
retval = sysfs_create_bin_file(sysdir, &ibm_apci_table_attr);
@@ -66927,7 +67501,7 @@ index 88a44a7..de358ce 100644
status = cpci_hp_register_controller(&generic_hpc);
diff --git a/drivers/pci/hotplug/cpcihp_zt5550.c b/drivers/pci/hotplug/cpcihp_zt5550.c
-index 5f49c3f..989cd41 100644
+index 5f49c3f..438f019 100644
--- a/drivers/pci/hotplug/cpcihp_zt5550.c
+++ b/drivers/pci/hotplug/cpcihp_zt5550.c
@@ -59,7 +59,6 @@
@@ -66964,9 +67538,9 @@ index 5f49c3f..989cd41 100644
- zt5550_hpc_ops.disable_irq = zt5550_hc_disable_irq;
- zt5550_hpc_ops.check_irq = zt5550_hc_check_irq;
+ pax_open_kernel();
-+ *(void **)&zt5550_hpc_ops.enable_irq = zt5550_hc_enable_irq;
-+ *(void **)&zt5550_hpc_ops.disable_irq = zt5550_hc_disable_irq;
-+ *(void **)&zt5550_hpc_ops.check_irq = zt5550_hc_check_irq;
++ const_cast(zt5550_hpc_ops.enable_irq) = zt5550_hc_enable_irq;
++ const_cast(zt5550_hpc_ops.disable_irq) = zt5550_hc_disable_irq;
++ const_cast(zt5550_hpc_ops.check_irq) = zt5550_hc_check_irq;
+ pax_open_kernel();
} else {
info("using ENUM# polling mode");
@@ -66987,7 +67561,7 @@ index c25fc90..b054774 100644
dbg("int15 entry = %p\n", compaq_int15_entry_point);
diff --git a/drivers/pci/hotplug/pci_hotplug_core.c b/drivers/pci/hotplug/pci_hotplug_core.c
-index 9acd199..0645a09 100644
+index 9acd199..1b19f5b 100644
--- a/drivers/pci/hotplug/pci_hotplug_core.c
+++ b/drivers/pci/hotplug/pci_hotplug_core.c
@@ -434,8 +434,10 @@ int __pci_hp_register(struct hotplug_slot *slot, struct pci_bus *bus,
@@ -66997,8 +67571,8 @@ index 9acd199..0645a09 100644
- slot->ops->owner = owner;
- slot->ops->mod_name = mod_name;
+ pax_open_kernel();
-+ *(struct module **)&slot->ops->owner = owner;
-+ *(const char **)&slot->ops->mod_name = mod_name;
++ const_cast(slot->ops->owner) = owner;
++ const_cast(slot->ops->mod_name) = mod_name;
+ pax_close_kernel();
mutex_lock(&pci_hp_mutex);
@@ -67017,7 +67591,7 @@ index ac531e6..716d058 100644
int retval = -ENOMEM;
diff --git a/drivers/pci/msi.c b/drivers/pci/msi.c
-index a080f44..9ff42d9 100644
+index a080f44..24ad26c 100644
--- a/drivers/pci/msi.c
+++ b/drivers/pci/msi.c
@@ -474,8 +474,8 @@ static int populate_msi_sysfs(struct pci_dev *pdev)
@@ -67047,13 +67621,13 @@ index a080f44..9ff42d9 100644
+ pax_open_kernel();
if (ops->set_desc == NULL)
- ops->set_desc = pci_msi_domain_set_desc;
-+ *(void **)&ops->set_desc = pci_msi_domain_set_desc;
++ const_cast(ops->set_desc) = pci_msi_domain_set_desc;
if (ops->msi_check == NULL)
- ops->msi_check = pci_msi_domain_check_cap;
-+ *(void **)&ops->msi_check = pci_msi_domain_check_cap;
++ const_cast(ops->msi_check) = pci_msi_domain_check_cap;
if (ops->handle_error == NULL)
- ops->handle_error = pci_msi_domain_handle_error;
-+ *(void **)&ops->handle_error = pci_msi_domain_handle_error;
++ const_cast(ops->handle_error) = pci_msi_domain_handle_error;
+ pax_close_kernel();
}
}
@@ -67065,13 +67639,13 @@ index a080f44..9ff42d9 100644
+ pax_open_kernel();
if (!chip->irq_write_msi_msg)
- chip->irq_write_msi_msg = pci_msi_domain_write_msg;
-+ *(void **)&chip->irq_write_msi_msg = pci_msi_domain_write_msg;
++ const_cast(chip->irq_write_msi_msg) = pci_msi_domain_write_msg;
if (!chip->irq_mask)
- chip->irq_mask = pci_msi_mask_irq;
-+ *(void **)&chip->irq_mask = pci_msi_mask_irq;
++ const_cast(chip->irq_mask) = pci_msi_mask_irq;
if (!chip->irq_unmask)
- chip->irq_unmask = pci_msi_unmask_irq;
-+ *(void **)&chip->irq_unmask = pci_msi_unmask_irq;
++ const_cast(chip->irq_unmask) = pci_msi_unmask_irq;
+ pax_close_kernel();
}
@@ -67238,7 +67812,7 @@ index c8969dd..4764267 100644
bool supports_sleepmode;
int irq;
diff --git a/drivers/pinctrl/pinctrl-at91.c b/drivers/pinctrl/pinctrl-at91.c
-index 523b6b7..e9aa88d 100644
+index 523b6b7..eb4c74d 100644
--- a/drivers/pinctrl/pinctrl-at91.c
+++ b/drivers/pinctrl/pinctrl-at91.c
@@ -24,6 +24,7 @@
@@ -67255,7 +67829,7 @@ index 523b6b7..e9aa88d 100644
/* Setup proper .irq_set_type function */
- gpio_irqchip.irq_set_type = at91_gpio->ops->irq_type;
+ pax_open_kernel();
-+ *(void **)&gpio_irqchip.irq_set_type = at91_gpio->ops->irq_type;
++ const_cast(gpio_irqchip.irq_set_type) = at91_gpio->ops->irq_type;
+ pax_close_kernel();
/* Disable irqs of this PIO controller */
@@ -67398,7 +67972,7 @@ index 6aa33c4..cfb5425 100644
.ident = "OakTrail platform",
.matches = {
diff --git a/drivers/platform/x86/msi-laptop.c b/drivers/platform/x86/msi-laptop.c
-index 4231770..10a6caf 100644
+index 4231770..cbf93a6 100644
--- a/drivers/platform/x86/msi-laptop.c
+++ b/drivers/platform/x86/msi-laptop.c
@@ -605,7 +605,7 @@ static int dmi_check_cb(const struct dmi_system_id *dmi)
@@ -67421,12 +67995,12 @@ index 4231770..10a6caf 100644
- dev_attr_wlan.attr.mode |= S_IWUSR;
- dev_attr_threeg.attr.mode |= S_IWUSR;
+ pax_open_kernel();
-+ *(void **)&dev_attr_bluetooth.store = store_bluetooth;
-+ *(void **)&dev_attr_wlan.store = store_wlan;
-+ *(void **)&dev_attr_threeg.store = store_threeg;
-+ *(umode_t *)&dev_attr_bluetooth.attr.mode |= S_IWUSR;
-+ *(umode_t *)&dev_attr_wlan.attr.mode |= S_IWUSR;
-+ *(umode_t *)&dev_attr_threeg.attr.mode |= S_IWUSR;
++ const_cast(dev_attr_bluetooth.store) = store_bluetooth;
++ const_cast(dev_attr_wlan.store) = store_wlan;
++ const_cast(dev_attr_threeg.store) = store_threeg;
++ const_cast(dev_attr_bluetooth.attr.mode) |= S_IWUSR;
++ const_cast(dev_attr_wlan.attr.mode) |= S_IWUSR;
++ const_cast(dev_attr_threeg.attr.mode) |= S_IWUSR;
+ pax_close_kernel();
}
@@ -67756,7 +68330,7 @@ index ed2d7fd..266b28f 100644
__power_supply_attrs[i] = &power_supply_attrs[i].attr;
}
diff --git a/drivers/power/reset/at91-reset.c b/drivers/power/reset/at91-reset.c
-index 1b5d450..3257054 100644
+index 1b5d450..b6042f8 100644
--- a/drivers/power/reset/at91-reset.c
+++ b/drivers/power/reset/at91-reset.c
@@ -17,6 +17,7 @@
@@ -67773,13 +68347,13 @@ index 1b5d450..3257054 100644
match = of_match_node(at91_reset_of_match, pdev->dev.of_node);
- at91_restart_nb.notifier_call = match->data;
+ pax_open_kernel();
-+ *(void **)&at91_restart_nb.notifier_call = match->data;
++ const_cast(at91_restart_nb.notifier_call) = match->data;
+ pax_close_kernel();
sclk = devm_clk_get(&pdev->dev, NULL);
if (IS_ERR(sclk))
diff --git a/drivers/powercap/powercap_sys.c b/drivers/powercap/powercap_sys.c
-index 14bde0d..89f2669 100644
+index 14bde0d..9391277 100644
--- a/drivers/powercap/powercap_sys.c
+++ b/drivers/powercap/powercap_sys.c
@@ -154,8 +154,77 @@ struct powercap_constraint_attr {
@@ -67887,7 +68461,7 @@ index 14bde0d..89f2669 100644
- dev_attr->store = store;
+
+ pax_open_kernel();
-+ *(const char **)&dev_attr->attr.name = name;
++ const_cast(dev_attr->attr.name) = name;
+ pax_close_kernel();
return 0;
@@ -67959,10 +68533,10 @@ index 14bde0d..89f2669 100644
+ pax_open_kernel();
if (power_zone->ops->reset_energy_uj)
- dev_attr_energy_uj.attr.mode = S_IWUSR | S_IRUGO;
-+ *(umode_t *)&dev_attr_energy_uj.attr.mode = S_IWUSR | S_IRUGO;
++ const_cast(dev_attr_energy_uj.attr.mode) = S_IWUSR | S_IRUGO;
else
- dev_attr_energy_uj.attr.mode = S_IRUGO;
-+ *(umode_t *)&dev_attr_energy_uj.attr.mode = S_IRUGO;
++ const_cast(dev_attr_energy_uj.attr.mode) = S_IRUGO;
+ pax_close_kernel();
power_zone->zone_dev_attrs[count++] =
&dev_attr_energy_uj.attr;
@@ -68016,7 +68590,7 @@ index 744c988..a269ffb 100644
if (ret != 0) {
put_device(&rdev->dev);
diff --git a/drivers/regulator/max8660.c b/drivers/regulator/max8660.c
-index b87f62d..345b9a1 100644
+index b87f62d..34f1cdf 100644
--- a/drivers/regulator/max8660.c
+++ b/drivers/regulator/max8660.c
@@ -423,8 +423,10 @@ static int max8660_probe(struct i2c_client *client,
@@ -68026,14 +68600,14 @@ index b87f62d..345b9a1 100644
- max8660_dcdc_ops.enable = max8660_dcdc_enable;
- max8660_dcdc_ops.disable = max8660_dcdc_disable;
+ pax_open_kernel();
-+ *(void **)&max8660_dcdc_ops.enable = max8660_dcdc_enable;
-+ *(void **)&max8660_dcdc_ops.disable = max8660_dcdc_disable;
++ const_cast(max8660_dcdc_ops.enable) = max8660_dcdc_enable;
++ const_cast(max8660_dcdc_ops.disable) = max8660_dcdc_disable;
+ pax_close_kernel();
}
/*
diff --git a/drivers/regulator/max8973-regulator.c b/drivers/regulator/max8973-regulator.c
-index 5b75b7c..142c226 100644
+index 5b75b7c..8b1bb06 100644
--- a/drivers/regulator/max8973-regulator.c
+++ b/drivers/regulator/max8973-regulator.c
@@ -658,9 +658,11 @@ static int max8973_probe(struct i2c_client *client,
@@ -68044,9 +68618,9 @@ index 5b75b7c..142c226 100644
- max->ops.disable = regulator_disable_regmap;
- max->ops.is_enabled = regulator_is_enabled_regmap;
+ pax_open_kernel();
-+ *(void **)&max->ops.enable = regulator_enable_regmap;
-+ *(void **)&max->ops.disable = regulator_disable_regmap;
-+ *(void **)&max->ops.is_enabled = regulator_is_enabled_regmap;
++ const_cast(max->ops.enable) = regulator_enable_regmap;
++ const_cast(max->ops.disable) = regulator_disable_regmap;
++ const_cast(max->ops.is_enabled) = regulator_is_enabled_regmap;
+ pax_close_kernel();
break;
}
@@ -68059,15 +68633,15 @@ index 5b75b7c..142c226 100644
- max->ops.disable = regulator_disable_regmap;
- max->ops.is_enabled = regulator_is_enabled_regmap;
+ pax_open_kernel();
-+ *(void **)&max->ops.enable = regulator_enable_regmap;
-+ *(void **)&max->ops.disable = regulator_disable_regmap;
-+ *(void **)&max->ops.is_enabled = regulator_is_enabled_regmap;
++ const_cast(max->ops.enable) = regulator_enable_regmap;
++ const_cast(max->ops.disable) = regulator_disable_regmap;
++ const_cast(max->ops.is_enabled) = regulator_is_enabled_regmap;
+ pax_close_kernel();
max->ops.set_current_limit = max8973_set_current_limit;
max->ops.get_current_limit = max8973_get_current_limit;
break;
diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c
-index 0d17c92..a29f627 100644
+index 0d17c92..ce5897e 100644
--- a/drivers/regulator/mc13892-regulator.c
+++ b/drivers/regulator/mc13892-regulator.c
@@ -584,10 +584,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev)
@@ -68080,8 +68654,8 @@ index 0d17c92..a29f627 100644
sizeof(struct regulator_ops));
- mc13892_vcam_ops.set_mode = mc13892_vcam_set_mode,
- mc13892_vcam_ops.get_mode = mc13892_vcam_get_mode,
-+ *(void **)&mc13892_vcam_ops.set_mode = mc13892_vcam_set_mode,
-+ *(void **)&mc13892_vcam_ops.get_mode = mc13892_vcam_get_mode,
++ const_cast(mc13892_vcam_ops.set_mode) = mc13892_vcam_set_mode,
++ const_cast(mc13892_vcam_ops.get_mode) = mc13892_vcam_get_mode,
+ pax_close_kernel();
mc13892_regulators[MC13892_VCAM].desc.ops = &mc13892_vcam_ops;
@@ -68177,7 +68751,7 @@ index 9e03d15..36e341c 100644
/* handle firmware resource entries before booting the remote processor */
diff --git a/drivers/rtc/rtc-armada38x.c b/drivers/rtc/rtc-armada38x.c
-index 9a3f2a6..604f463 100644
+index 9a3f2a6..c19b00a 100644
--- a/drivers/rtc/rtc-armada38x.c
+++ b/drivers/rtc/rtc-armada38x.c
@@ -18,6 +18,7 @@
@@ -68195,14 +68769,14 @@ index 9a3f2a6..604f463 100644
- armada38x_rtc_ops.set_alarm = NULL;
- armada38x_rtc_ops.alarm_irq_enable = NULL;
+ pax_open_kernel();
-+ *(void **)&armada38x_rtc_ops.set_alarm = NULL;
-+ *(void **)&armada38x_rtc_ops.alarm_irq_enable = NULL;
++ const_cast(armada38x_rtc_ops.set_alarm) = NULL;
++ const_cast(armada38x_rtc_ops.alarm_irq_enable) = NULL;
+ pax_close_kernel();
}
platform_set_drvdata(pdev, rtc);
if (rtc->irq != -1)
diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
-index 84fb541..fee0421a 100644
+index 84fb541..a526dd0 100644
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -735,7 +735,9 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq)
@@ -68211,7 +68785,7 @@ index 84fb541..fee0421a 100644
/* export at least the first block of NVRAM */
- nvram.size = address_space - NVRAM_OFFSET;
+ pax_open_kernel();
-+ *(size_t *)&nvram.size = address_space - NVRAM_OFFSET;
++ const_cast(nvram.size) = address_space - NVRAM_OFFSET;
+ pax_close_kernel();
retval = sysfs_create_bin_file(&dev->kobj, &nvram);
if (retval < 0) {
@@ -68251,7 +68825,7 @@ index cf685f6..2311b8f 100644
unsigned long flags;
#define HAS_NVRAM 0 /* bit 0 == sysfs file active */
diff --git a/drivers/rtc/rtc-m48t59.c b/drivers/rtc/rtc-m48t59.c
-index d99a705..f8ebd79 100644
+index d99a705..99654e7 100644
--- a/drivers/rtc/rtc-m48t59.c
+++ b/drivers/rtc/rtc-m48t59.c
@@ -485,7 +485,9 @@ static int m48t59_rtc_probe(struct platform_device *pdev)
@@ -68260,7 +68834,7 @@ index d99a705..f8ebd79 100644
- m48t59_nvram_attr.size = pdata->offset;
+ pax_open_kernel();
-+ *(size_t *)&m48t59_nvram_attr.size = pdata->offset;
++ const_cast(m48t59_nvram_attr.size) = pdata->offset;
+ pax_close_kernel();
ret = sysfs_create_bin_file(&pdev->dev.kobj, &m48t59_nvram_attr);
@@ -68303,7 +68877,7 @@ index 7155c08..10ba718 100644
dev_err(&client->dev, "unable to register the class device\n");
return PTR_ERR(rv8803->rtc);
diff --git a/drivers/rtc/rtc-rx8010.c b/drivers/rtc/rtc-rx8010.c
-index 772d221..60e31aa 100644
+index 772d221..3a56e42 100644
--- a/drivers/rtc/rtc-rx8010.c
+++ b/drivers/rtc/rtc-rx8010.c
@@ -489,9 +489,11 @@ static int rx8010_probe(struct i2c_client *client,
@@ -68314,15 +68888,15 @@ index 772d221..60e31aa 100644
- rx8010_rtc_ops.set_alarm = rx8010_set_alarm;
- rx8010_rtc_ops.alarm_irq_enable = rx8010_alarm_irq_enable;
+ pax_open_kernel();
-+ *(void **)&rx8010_rtc_ops.read_alarm = rx8010_read_alarm;
-+ *(void **)&rx8010_rtc_ops.set_alarm = rx8010_set_alarm;
-+ *(void **)&rx8010_rtc_ops.alarm_irq_enable = rx8010_alarm_irq_enable;
++ const_cast(rx8010_rtc_ops.read_alarm) = rx8010_read_alarm;
++ const_cast(rx8010_rtc_ops.set_alarm) = rx8010_set_alarm;
++ const_cast(rx8010_rtc_ops.alarm_irq_enable) = rx8010_alarm_irq_enable;
+ pax_close_kernel();
}
}
diff --git a/drivers/rtc/rtc-test.c b/drivers/rtc/rtc-test.c
-index 3a2da4c..e88493c 100644
+index 3a2da4c..1d1d4b1 100644
--- a/drivers/rtc/rtc-test.c
+++ b/drivers/rtc/rtc-test.c
@@ -112,8 +112,10 @@ static int test_probe(struct platform_device *plat_dev)
@@ -68332,34 +68906,16 @@ index 3a2da4c..e88493c 100644
- test_rtc_ops.set_mmss64 = test_rtc_set_mmss64;
- test_rtc_ops.set_mmss = NULL;
+ pax_open_kernel();
-+ *(void **)&test_rtc_ops.set_mmss64 = test_rtc_set_mmss64;
-+ *(void **)&test_rtc_ops.set_mmss = NULL;
++ const_cast(test_rtc_ops.set_mmss64) = test_rtc_set_mmss64;
++ const_cast(test_rtc_ops.set_mmss) = NULL;
+ pax_close_kernel();
}
rtc = devm_rtc_device_register(&plat_dev->dev, "test",
diff --git a/drivers/scsi/aacraid/aachba.c b/drivers/scsi/aacraid/aachba.c
-index e4c2437..2297164 100644
+index e4c2437..3b3cd62 100644
--- a/drivers/scsi/aacraid/aachba.c
+++ b/drivers/scsi/aacraid/aachba.c
-@@ -647,7 +647,7 @@ static void _aac_probe_container2(void * context, struct fib * fibptr)
- }
- aac_fib_complete(fibptr);
- aac_fib_free(fibptr);
-- callback = (int (*)(struct scsi_cmnd *))(scsicmd->SCp.ptr);
-+ callback = scsicmd->SCp.ptr;
- scsicmd->SCp.ptr = NULL;
- (*callback)(scsicmd);
- return;
-@@ -726,7 +726,7 @@ static int _aac_probe_container(struct scsi_cmnd * scsicmd, int (*callback)(stru
-
- dinfo->count = cpu_to_le32(scmd_id(scsicmd));
- dinfo->type = cpu_to_le32(FT_FILESYS);
-- scsicmd->SCp.ptr = (char *)callback;
-+ scsicmd->SCp.ptr = callback;
-
- status = aac_fib_send(ContainerCommand,
- fibptr,
@@ -775,6 +775,11 @@ static int aac_probe_container_callback1(struct scsi_cmnd * scsicmd)
return 0;
}
@@ -70641,7 +71197,7 @@ index 25aa9b9..d700a65 100644
snprintf(name, sizeof(name), "discovery_trace");
vport->debug_disc_trc =
diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
-index f57d02c..ab7b70c 100644
+index f57d02c..6ba534b 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -11028,7 +11028,7 @@ lpfc_pci_resume_one(struct pci_dev *pdev)
@@ -70660,8 +71216,8 @@ index f57d02c..ab7b70c 100644
- lpfc_transport_functions.vport_create = lpfc_vport_create;
- lpfc_transport_functions.vport_delete = lpfc_vport_delete;
+ pax_open_kernel();
-+ *(void **)&lpfc_transport_functions.vport_create = lpfc_vport_create;
-+ *(void **)&lpfc_transport_functions.vport_delete = lpfc_vport_delete;
++ const_cast(lpfc_transport_functions.vport_create) = lpfc_vport_create;
++ const_cast(lpfc_transport_functions.vport_delete) = lpfc_vport_delete;
+ pax_close_kernel();
}
lpfc_transport_template =
@@ -71004,7 +71560,7 @@ index 0103e46..6220a84 100644
extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *, bool);
extern void qla2x00_init_host_attr(scsi_qla_host_t *);
diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
-index f6c7ce3..2dd675b 100644
+index f6c7ce3..dccd3d4 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -291,12 +291,12 @@ struct scsi_transport_template *qla2xxx_transport_vport_template = NULL;
@@ -71029,8 +71585,8 @@ index f6c7ce3..2dd675b 100644
- ha->isp_ops->calc_req_entries = qla2x00_calc_iocbs_64;
- ha->isp_ops->build_iocbs = qla2x00_build_scsi_iocbs_64;
+ pax_open_kernel();
-+ *(void **)&ha->isp_ops->calc_req_entries = qla2x00_calc_iocbs_64;
-+ *(void **)&ha->isp_ops->build_iocbs = qla2x00_build_scsi_iocbs_64;
++ const_cast(ha->isp_ops->calc_req_entries) = qla2x00_calc_iocbs_64;
++ const_cast(ha->isp_ops->build_iocbs) = qla2x00_build_scsi_iocbs_64;
+ pax_close_kernel();
return;
}
@@ -74424,7 +74980,7 @@ index 9a14074..3d02410 100644
struct rtw_adapter *padapter = netdev_priv(pnetdev);
struct xmit_priv *pxmitpriv = &padapter->xmitpriv;
diff --git a/drivers/staging/sm750fb/sm750.c b/drivers/staging/sm750fb/sm750.c
-index c78421b..f75c4c4 100644
+index c78421b..e1ba746 100644
--- a/drivers/staging/sm750fb/sm750.c
+++ b/drivers/staging/sm750fb/sm750.c
@@ -720,6 +720,7 @@ static struct fb_ops lynxfb_ops = {
@@ -74449,7 +75005,7 @@ index c78421b..f75c4c4 100644
if (!g_hwcursor) {
- lynxfb_ops.fb_cursor = NULL;
+ pax_open_kernel();
-+ *(void **)&lynxfb_ops.fb_cursor = NULL;
++ const_cast(lynxfb_ops.fb_cursor) = NULL;
+ pax_close_kernel();
hw_cursor_disable(&crtc->cursor);
}
@@ -74461,9 +75017,9 @@ index c78421b..f75c4c4 100644
- lynxfb_ops.fb_copyarea = lynxfb_ops_copyarea;
- lynxfb_ops.fb_imageblit = lynxfb_ops_imageblit;
+ pax_open_kernel();
-+ *(void **)&lynxfb_ops.fb_fillrect = lynxfb_ops_fillrect;
-+ *(void **)&lynxfb_ops.fb_copyarea = lynxfb_ops_copyarea;
-+ *(void **)&lynxfb_ops.fb_imageblit = lynxfb_ops_imageblit;
++ const_cast(lynxfb_ops.fb_fillrect) = lynxfb_ops_fillrect;
++ const_cast(lynxfb_ops.fb_copyarea) = lynxfb_ops_copyarea;
++ const_cast(lynxfb_ops.fb_imageblit) = lynxfb_ops_imageblit;
+ pax_close_kernel();
}
info->fbops = &lynxfb_ops;
@@ -74589,7 +75145,7 @@ index 3072f1a..1071742 100644
login->tgt_agt = sbp_target_agent_register(login);
if (IS_ERR(login->tgt_agt)) {
diff --git a/drivers/thermal/cpu_cooling.c b/drivers/thermal/cpu_cooling.c
-index 6ceac4f..b2ed52c 100644
+index 6ceac4f..f8059ccd 100644
--- a/drivers/thermal/cpu_cooling.c
+++ b/drivers/thermal/cpu_cooling.c
@@ -838,10 +838,11 @@ __cpufreq_cooling_register(struct device_node *np,
@@ -74601,9 +75157,9 @@ index 6ceac4f..b2ed52c 100644
- cpufreq_cooling_ops.state2power = cpufreq_state2power;
- cpufreq_cooling_ops.power2state = cpufreq_power2state;
+ pax_open_kernel();
-+ *(void **)&cpufreq_cooling_ops.get_requested_power = cpufreq_get_requested_power;
-+ *(void **)&cpufreq_cooling_ops.state2power = cpufreq_state2power;
-+ *(void **)&cpufreq_cooling_ops.power2state = cpufreq_power2state;
++ const_cast(cpufreq_cooling_ops.get_requested_power) = cpufreq_get_requested_power;
++ const_cast(cpufreq_cooling_ops.state2power) = cpufreq_state2power;
++ const_cast(cpufreq_cooling_ops.power2state) = cpufreq_power2state;
+ pax_close_kernel();
cpufreq_dev->plat_get_static_power = plat_static_func;
@@ -74655,7 +75211,7 @@ index 01f0015..aa56551 100644
err = PTR_ERR(cdev);
dev_err(df->dev.parent,
diff --git a/drivers/thermal/int340x_thermal/int3400_thermal.c b/drivers/thermal/int340x_thermal/int3400_thermal.c
-index 5836e55..740ab89 100644
+index 5836e55..708bbd6 100644
--- a/drivers/thermal/int340x_thermal/int3400_thermal.c
+++ b/drivers/thermal/int340x_thermal/int3400_thermal.c
@@ -272,8 +272,10 @@ static int int3400_thermal_probe(struct platform_device *pdev)
@@ -74665,14 +75221,14 @@ index 5836e55..740ab89 100644
- int3400_thermal_ops.get_mode = int3400_thermal_get_mode;
- int3400_thermal_ops.set_mode = int3400_thermal_set_mode;
+ pax_open_kernel();
-+ *(void **)&int3400_thermal_ops.get_mode = int3400_thermal_get_mode;
-+ *(void **)&int3400_thermal_ops.set_mode = int3400_thermal_set_mode;
++ const_cast(int3400_thermal_ops.get_mode) = int3400_thermal_get_mode;
++ const_cast(int3400_thermal_ops.set_mode) = int3400_thermal_set_mode;
+ pax_close_kernel();
}
priv->thermal = thermal_zone_device_register("INT3400 Thermal", 0, 0,
priv, &int3400_thermal_ops,
diff --git a/drivers/thermal/of-thermal.c b/drivers/thermal/of-thermal.c
-index 9043f8f..ab0f354 100644
+index 9043f8f..1b53349 100644
--- a/drivers/thermal/of-thermal.c
+++ b/drivers/thermal/of-thermal.c
@@ -31,6 +31,7 @@
@@ -74691,9 +75247,9 @@ index 9043f8f..ab0f354 100644
- tzd->ops->get_trend = of_thermal_get_trend;
- tzd->ops->set_emul_temp = of_thermal_set_emul_temp;
+ pax_open_kernel();
-+ *(void **)&tzd->ops->get_temp = of_thermal_get_temp;
-+ *(void **)&tzd->ops->get_trend = of_thermal_get_trend;
-+ *(void **)&tzd->ops->set_emul_temp = of_thermal_set_emul_temp;
++ const_cast(tzd->ops->get_temp) = of_thermal_get_temp;
++ const_cast(tzd->ops->get_trend) = of_thermal_get_trend;
++ const_cast(tzd->ops->set_emul_temp) = of_thermal_set_emul_temp;
+ pax_close_kernel();
mutex_unlock(&tzd->lock);
@@ -74706,9 +75262,9 @@ index 9043f8f..ab0f354 100644
- tzd->ops->get_trend = NULL;
- tzd->ops->set_emul_temp = NULL;
+ pax_open_kernel();
-+ *(void **)&tzd->ops->get_temp = NULL;
-+ *(void **)&tzd->ops->get_trend = NULL;
-+ *(void **)&tzd->ops->set_emul_temp = NULL;
++ const_cast(tzd->ops->get_temp) = NULL;
++ const_cast(tzd->ops->get_trend) = NULL;
++ const_cast(tzd->ops->set_emul_temp) = NULL;
+ pax_close_kernel();
tz->ops = NULL;
@@ -75289,7 +75845,7 @@ index b280abaa..3ccd7d1 100644
}
EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
-index 2348fa6..14894f4 100644
+index 2348fa6..490e407 100644
--- a/drivers/tty/pty.c
+++ b/drivers/tty/pty.c
@@ -879,8 +879,10 @@ static void __init unix98_pty_init(void)
@@ -75299,7 +75855,7 @@ index 2348fa6..14894f4 100644
+ pax_open_kernel();
tty_default_fops(&ptmx_fops);
- ptmx_fops.open = ptmx_open;
-+ *(void **)&ptmx_fops.open = ptmx_open;
++ const_cast(ptmx_fops.open) = ptmx_open;
+ pax_close_kernel();
cdev_init(&ptmx_cdev, &ptmx_fops);
@@ -75336,7 +75892,7 @@ index 802eac7..f5dcf07 100644
clear_bit((info->aiop * 8) + info->chan, (void *) &xmit_flags[info->board]);
spin_unlock_irqrestore(&info->port.lock, flags);
diff --git a/drivers/tty/serial/8250/8250_core.c b/drivers/tty/serial/8250/8250_core.c
-index c9720a9..f6c9276 100644
+index c9720a9..964f2d9 100644
--- a/drivers/tty/serial/8250/8250_core.c
+++ b/drivers/tty/serial/8250/8250_core.c
@@ -488,9 +488,9 @@ static void univ8250_release_port(struct uart_port *port)
@@ -75346,9 +75902,9 @@ index c9720a9..f6c9276 100644
- ops->config_port = univ8250_config_port;
- ops->request_port = univ8250_request_port;
- ops->release_port = univ8250_release_port;
-+ *(void **)&ops->config_port = univ8250_config_port;
-+ *(void **)&ops->request_port = univ8250_request_port;
-+ *(void **)&ops->release_port = univ8250_release_port;
++ const_cast(ops->config_port) = univ8250_config_port;
++ const_cast(ops->request_port) = univ8250_request_port;
++ const_cast(ops->release_port) = univ8250_release_port;
}
#else
@@ -75435,7 +75991,7 @@ index a119f11..120444e 100644
struct jsm_board *brd = pci_get_drvdata(pdev);
diff --git a/drivers/tty/serial/kgdb_nmi.c b/drivers/tty/serial/kgdb_nmi.c
-index 117df15..2f7dfcf 100644
+index 117df15..8f7486f 100644
--- a/drivers/tty/serial/kgdb_nmi.c
+++ b/drivers/tty/serial/kgdb_nmi.c
@@ -53,7 +53,9 @@ static int kgdb_nmi_console_setup(struct console *co, char *options)
@@ -75444,7 +76000,7 @@ index 117df15..2f7dfcf 100644
*/
- dbg_io_ops->is_console = true;
+ pax_open_kernel();
-+ *(int *)&dbg_io_ops->is_console = true;
++ const_cast(dbg_io_ops->is_console) = true;
+ pax_close_kernel();
return 0;
@@ -76984,6 +77540,105 @@ index 48672fa..9245081 100644
/* Device for a quirk */
#define PCI_VENDOR_ID_FRESCO_LOGIC 0x1b73
+diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
+index a85a1c9..0f198bc 100644
+--- a/drivers/usb/host/xhci-ring.c
++++ b/drivers/usb/host/xhci-ring.c
+@@ -1861,9 +1861,9 @@ td_cleanup:
+ * unsigned). Play it safe and say we didn't transfer anything.
+ */
+ if (urb->actual_length > urb->transfer_buffer_length) {
+- xhci_warn(xhci, "URB transfer length is wrong, xHC issue? req. len = %u, act. len = %u\n",
++ xhci_warn(xhci, "URB transfer length is wrong, xHC issue? req. len = %u, trans. len = %u\n",
+ urb->transfer_buffer_length,
+- urb->actual_length);
++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)));
+ urb->actual_length = 0;
+ if (td->urb->transfer_flags & URB_SHORT_NOT_OK)
+ *status = -EREMOTEIO;
+@@ -1942,10 +1942,15 @@ static int process_ctrl_td(struct xhci_hcd *xhci, struct xhci_td *td,
+ return finish_td(xhci, td, event_trb, event, ep, status, false);
+ case COMP_STOP:
+ /* Did we stop at data stage? */
+- if (event_trb != ep_ring->dequeue && event_trb != td->last_trb)
+- td->urb->actual_length =
+- td->urb->transfer_buffer_length -
+- EVENT_TRB_LEN(le32_to_cpu(event->transfer_len));
++ if (event_trb != ep_ring->dequeue && event_trb != td->last_trb) {
++ if (td->urb->transfer_buffer_length >= EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)))
++ td->urb->actual_length =
++ td->urb->transfer_buffer_length -
++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len));
++ else
++ td->urb->actual_length =
++ td->urb->transfer_buffer_length + 1;
++ }
+ /* fall through */
+ case COMP_STOP_INVAL:
+ return finish_td(xhci, td, event_trb, event, ep, status, false);
+@@ -1959,12 +1964,15 @@ static int process_ctrl_td(struct xhci_hcd *xhci, struct xhci_td *td,
+ /* else fall through */
+ case COMP_STALL:
+ /* Did we transfer part of the data (middle) phase? */
+- if (event_trb != ep_ring->dequeue &&
+- event_trb != td->last_trb)
+- td->urb->actual_length =
+- td->urb->transfer_buffer_length -
+- EVENT_TRB_LEN(le32_to_cpu(event->transfer_len));
+- else if (!td->urb_length_set)
++ if (event_trb != ep_ring->dequeue && event_trb != td->last_trb) {
++ if (td->urb->transfer_buffer_length >= EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)))
++ td->urb->actual_length =
++ td->urb->transfer_buffer_length -
++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len));
++ else
++ td->urb->actual_length =
++ td->urb->transfer_buffer_length + 1;
++ } else if (!td->urb_length_set)
+ td->urb->actual_length = 0;
+
+ return finish_td(xhci, td, event_trb, event, ep, status, false);
+@@ -1997,9 +2005,12 @@ static int process_ctrl_td(struct xhci_hcd *xhci, struct xhci_td *td,
+ * the last TRB.
+ */
+ td->urb_length_set = true;
+- td->urb->actual_length =
+- td->urb->transfer_buffer_length -
+- EVENT_TRB_LEN(le32_to_cpu(event->transfer_len));
++ if (td->urb->transfer_buffer_length >= EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)))
++ td->urb->actual_length =
++ td->urb->transfer_buffer_length -
++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len));
++ else
++ BUG();
+ xhci_dbg(xhci, "Waiting for status "
+ "stage event\n");
+ return 0;
+@@ -2194,11 +2205,7 @@ static int process_bulk_intr_td(struct xhci_hcd *xhci, struct xhci_td *td,
+ /* Fast path - was this the last TRB in the TD for this URB? */
+ } else if (event_trb == td->last_trb) {
+ if (EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)) != 0) {
+- td->urb->actual_length =
+- td->urb->transfer_buffer_length -
+- EVENT_TRB_LEN(le32_to_cpu(event->transfer_len));
+- if (td->urb->transfer_buffer_length <
+- td->urb->actual_length) {
++ if (td->urb->transfer_buffer_length < EVENT_TRB_LEN(le32_to_cpu(event->transfer_len))) {
+ xhci_warn(xhci, "HC gave bad length "
+ "of %d bytes left\n",
+ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len)));
+@@ -2207,7 +2214,10 @@ static int process_bulk_intr_td(struct xhci_hcd *xhci, struct xhci_td *td,
+ *status = -EREMOTEIO;
+ else
+ *status = 0;
+- }
++ } else
++ td->urb->actual_length =
++ td->urb->transfer_buffer_length -
++ EVENT_TRB_LEN(le32_to_cpu(event->transfer_len));
+ /* Don't overwrite a previously set error code */
+ if (*status == -EINPROGRESS) {
+ if (td->urb->transfer_flags & URB_SHORT_NOT_OK)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 8e713cc..8c92a15 100644
--- a/drivers/usb/host/xhci.c
@@ -77621,7 +78276,7 @@ index c42ce2f..4c8bc59 100644
"PCI",
"PRO AGP",
diff --git a/drivers/video/fbdev/aty/atyfb_base.c b/drivers/video/fbdev/aty/atyfb_base.c
-index f34ed47f..026367f 100644
+index f34ed47f..7283c9f 100644
--- a/drivers/video/fbdev/aty/atyfb_base.c
+++ b/drivers/video/fbdev/aty/atyfb_base.c
@@ -1335,10 +1335,14 @@ static int atyfb_set_par(struct fb_info *info)
@@ -77630,13 +78285,13 @@ index f34ed47f..026367f 100644
if (var->accel_flags) {
- info->fbops->fb_sync = atyfb_sync;
+ pax_open_kernel();
-+ *(void **)&info->fbops->fb_sync = atyfb_sync;
++ const_cast(info->fbops->fb_sync) = atyfb_sync;
+ pax_close_kernel();
info->flags &= ~FBINFO_HWACCEL_DISABLED;
} else {
- info->fbops->fb_sync = NULL;
+ pax_open_kernel();
-+ *(void **)&info->fbops->fb_sync = NULL;
++ const_cast(info->fbops->fb_sync) = NULL;
+ pax_close_kernel();
info->flags |= FBINFO_HWACCEL_DISABLED;
}
@@ -77663,7 +78318,7 @@ index 51f29d6..2c15339 100644
const struct aty_pll_ops aty_pll_ct = {
diff --git a/drivers/video/fbdev/aty/mach64_cursor.c b/drivers/video/fbdev/aty/mach64_cursor.c
-index 2fa0317..4983f2a 100644
+index 2fa0317..d687dab 100644
--- a/drivers/video/fbdev/aty/mach64_cursor.c
+++ b/drivers/video/fbdev/aty/mach64_cursor.c
@@ -8,6 +8,7 @@
@@ -77680,7 +78335,7 @@ index 2fa0317..4983f2a 100644
- info->fbops->fb_cursor = atyfb_cursor;
+ pax_open_kernel();
-+ *(void **)&info->fbops->fb_cursor = atyfb_cursor;
++ const_cast(info->fbops->fb_cursor) = atyfb_cursor;
+ pax_close_kernel();
return 0;
@@ -77721,7 +78376,7 @@ index 10c988a..f7d9299 100644
+ .set_pll = aty_set_pll,
};
diff --git a/drivers/video/fbdev/core/fb_defio.c b/drivers/video/fbdev/core/fb_defio.c
-index 57721c7..55142ed 100644
+index 57721c7..332b94b 100644
--- a/drivers/video/fbdev/core/fb_defio.c
+++ b/drivers/video/fbdev/core/fb_defio.c
@@ -207,7 +207,9 @@ void fb_deferred_io_init(struct fb_info *info)
@@ -77730,17 +78385,19 @@ index 57721c7..55142ed 100644
mutex_init(&fbdefio->lock);
- info->fbops->fb_mmap = fb_deferred_io_mmap;
+ pax_open_kernel();
-+ *(void **)&info->fbops->fb_mmap = fb_deferred_io_mmap;
++ const_cast(info->fbops->fb_mmap) = fb_deferred_io_mmap;
+ pax_close_kernel();
INIT_DELAYED_WORK(&info->deferred_work, fb_deferred_io_work);
INIT_LIST_HEAD(&fbdefio->pagelist);
if (fbdefio->delay == 0) /* set a default of 1 s */
-@@ -238,7 +240,7 @@ void fb_deferred_io_cleanup(struct fb_info *info)
+@@ -238,7 +240,9 @@ void fb_deferred_io_cleanup(struct fb_info *info)
page->mapping = NULL;
}
- info->fbops->fb_mmap = NULL;
-+ *(void **)&info->fbops->fb_mmap = NULL;
++ pax_open_kernel();
++ const_cast(info->fbops->fb_mmap) = NULL;
++ pax_close_kernel();
mutex_destroy(&fbdefio->lock);
}
EXPORT_SYMBOL_GPL(fb_deferred_io_cleanup);
@@ -77872,7 +78529,7 @@ index 11eb094..622ee31 100644
{ 640, 480, 48, 16, 33, 10, 96, 2, 60 },
{ 800, 600, 144, 24, 28, 8, 112, 6, 60 },
diff --git a/drivers/video/fbdev/mb862xx/mb862xxfb_accel.c b/drivers/video/fbdev/mb862xx/mb862xxfb_accel.c
-index fe92eed..106e085 100644
+index fe92eed..239e386 100644
--- a/drivers/video/fbdev/mb862xx/mb862xxfb_accel.c
+++ b/drivers/video/fbdev/mb862xx/mb862xxfb_accel.c
@@ -312,14 +312,18 @@ void mb862xxfb_init_accel(struct fb_info *info, int xres)
@@ -77883,9 +78540,9 @@ index fe92eed..106e085 100644
- info->fbops->fb_copyarea = cfb_copyarea;
- info->fbops->fb_imageblit = cfb_imageblit;
+ pax_open_kernel();
-+ *(void **)&info->fbops->fb_fillrect = cfb_fillrect;
-+ *(void **)&info->fbops->fb_copyarea = cfb_copyarea;
-+ *(void **)&info->fbops->fb_imageblit = cfb_imageblit;
++ const_cast(info->fbops->fb_fillrect) = cfb_fillrect;
++ const_cast(info->fbops->fb_copyarea) = cfb_copyarea;
++ const_cast(info->fbops->fb_imageblit) = cfb_imageblit;
+ pax_close_kernel();
} else {
outreg(disp, GC_L0EM, 3);
@@ -77893,15 +78550,15 @@ index fe92eed..106e085 100644
- info->fbops->fb_copyarea = mb86290fb_copyarea;
- info->fbops->fb_imageblit = mb86290fb_imageblit;
+ pax_open_kernel();
-+ *(void **)&info->fbops->fb_fillrect = mb86290fb_fillrect;
-+ *(void **)&info->fbops->fb_copyarea = mb86290fb_copyarea;
-+ *(void **)&info->fbops->fb_imageblit = mb86290fb_imageblit;
++ const_cast(info->fbops->fb_fillrect) = mb86290fb_fillrect;
++ const_cast(info->fbops->fb_copyarea) = mb86290fb_copyarea;
++ const_cast(info->fbops->fb_imageblit) = mb86290fb_imageblit;
+ pax_close_kernel();
}
outreg(draw, GDC_REG_DRAW_BASE, 0);
outreg(draw, GDC_REG_MODE_MISC, 0x8000);
diff --git a/drivers/video/fbdev/nvidia/nvidia.c b/drivers/video/fbdev/nvidia/nvidia.c
-index ce7dab7..a87baf8 100644
+index ce7dab7..89d6521 100644
--- a/drivers/video/fbdev/nvidia/nvidia.c
+++ b/drivers/video/fbdev/nvidia/nvidia.c
@@ -660,19 +660,23 @@ static int nvidiafb_set_par(struct fb_info *info)
@@ -77913,10 +78570,10 @@ index ce7dab7..a87baf8 100644
- info->fbops->fb_copyarea = nvidiafb_copyarea;
- info->fbops->fb_sync = nvidiafb_sync;
+ pax_open_kernel();
-+ *(void **)&info->fbops->fb_imageblit = nvidiafb_imageblit;
-+ *(void **)&info->fbops->fb_fillrect = nvidiafb_fillrect;
-+ *(void **)&info->fbops->fb_copyarea = nvidiafb_copyarea;
-+ *(void **)&info->fbops->fb_sync = nvidiafb_sync;
++ const_cast(info->fbops->fb_imageblit) = nvidiafb_imageblit;
++ const_cast(info->fbops->fb_fillrect) = nvidiafb_fillrect;
++ const_cast(info->fbops->fb_copyarea) = nvidiafb_copyarea;
++ const_cast(info->fbops->fb_sync) = nvidiafb_sync;
+ pax_close_kernel();
info->pixmap.scan_align = 4;
info->flags &= ~FBINFO_HWACCEL_DISABLED;
@@ -77928,10 +78585,10 @@ index ce7dab7..a87baf8 100644
- info->fbops->fb_copyarea = cfb_copyarea;
- info->fbops->fb_sync = NULL;
+ pax_open_kernel();
-+ *(void **)&info->fbops->fb_imageblit = cfb_imageblit;
-+ *(void **)&info->fbops->fb_fillrect = cfb_fillrect;
-+ *(void **)&info->fbops->fb_copyarea = cfb_copyarea;
-+ *(void **)&info->fbops->fb_sync = NULL;
++ const_cast(info->fbops->fb_imageblit) = cfb_imageblit;
++ const_cast(info->fbops->fb_fillrect) = cfb_fillrect;
++ const_cast(info->fbops->fb_copyarea) = cfb_copyarea;
++ const_cast(info->fbops->fb_sync) = NULL;
+ pax_close_kernel();
info->pixmap.scan_align = 1;
info->flags |= FBINFO_HWACCEL_DISABLED;
@@ -77944,14 +78601,14 @@ index ce7dab7..a87baf8 100644
- info->fbops->fb_cursor = NULL;
+ if (!hwcur) {
+ pax_open_kernel();
-+ *(void **)&info->fbops->fb_cursor = NULL;
++ const_cast(info->fbops->fb_cursor) = NULL;
+ pax_close_kernel();
+ }
info->var.accel_flags = (!noaccel);
diff --git a/drivers/video/fbdev/omap2/omapfb/dss/display.c b/drivers/video/fbdev/omap2/omapfb/dss/display.c
-index ef5b902..47cf7f5 100644
+index ef5b902..2ae011b 100644
--- a/drivers/video/fbdev/omap2/omapfb/dss/display.c
+++ b/drivers/video/fbdev/omap2/omapfb/dss/display.c
@@ -161,12 +161,14 @@ int omapdss_register_display(struct omap_dss_device *dssdev)
@@ -77961,19 +78618,19 @@ index ef5b902..47cf7f5 100644
+ pax_open_kernel();
if (drv && drv->get_resolution == NULL)
- drv->get_resolution = omapdss_default_get_resolution;
-+ *(void **)&drv->get_resolution = omapdss_default_get_resolution;
++ const_cast(drv->get_resolution) = omapdss_default_get_resolution;
if (drv && drv->get_recommended_bpp == NULL)
- drv->get_recommended_bpp = omapdss_default_get_recommended_bpp;
-+ *(void **)&drv->get_recommended_bpp = omapdss_default_get_recommended_bpp;
++ const_cast(drv->get_recommended_bpp) = omapdss_default_get_recommended_bpp;
if (drv && drv->get_timings == NULL)
- drv->get_timings = omapdss_default_get_timings;
-+ *(void **)&drv->get_timings = omapdss_default_get_timings;
++ const_cast(drv->get_timings) = omapdss_default_get_timings;
+ pax_close_kernel();
mutex_lock(&panel_list_mutex);
list_add_tail(&dssdev->panel_list, &panel_list);
diff --git a/drivers/video/fbdev/s1d13xxxfb.c b/drivers/video/fbdev/s1d13xxxfb.c
-index 96aa46d..c67c213 100644
+index 96aa46d..65e2554 100644
--- a/drivers/video/fbdev/s1d13xxxfb.c
+++ b/drivers/video/fbdev/s1d13xxxfb.c
@@ -880,8 +880,10 @@ static int s1d13xxxfb_probe(struct platform_device *pdev)
@@ -77983,8 +78640,8 @@ index 96aa46d..c67c213 100644
- s1d13xxxfb_fbops.fb_fillrect = s1d13xxxfb_bitblt_solidfill;
- s1d13xxxfb_fbops.fb_copyarea = s1d13xxxfb_bitblt_copyarea;
+ pax_open_kernel();
-+ *(void **)&s1d13xxxfb_fbops.fb_fillrect = s1d13xxxfb_bitblt_solidfill;
-+ *(void **)&s1d13xxxfb_fbops.fb_copyarea = s1d13xxxfb_bitblt_copyarea;
++ const_cast(s1d13xxxfb_fbops.fb_fillrect) = s1d13xxxfb_bitblt_solidfill;
++ const_cast(s1d13xxxfb_fbops.fb_copyarea) = s1d13xxxfb_bitblt_copyarea;
+ pax_close_kernel();
info->flags = FBINFO_DEFAULT | FBINFO_HWACCEL_YPAN |
FBINFO_HWACCEL_FILLRECT | FBINFO_HWACCEL_COPYAREA;
@@ -78020,7 +78677,7 @@ index 32e23c2..7b73082 100644
extern void SiS_SetChrontelGPIO(struct SiS_Private *SiS_Pr, unsigned short myvbinfo);
extern unsigned short SiS_HandleDDC(struct SiS_Private *SiS_Pr, unsigned int VBFlags, int VGAEngine,
diff --git a/drivers/video/fbdev/smscufx.c b/drivers/video/fbdev/smscufx.c
-index 9279e5f..d5f5276 100644
+index 9279e5f..d9fb0bd 100644
--- a/drivers/video/fbdev/smscufx.c
+++ b/drivers/video/fbdev/smscufx.c
@@ -1174,7 +1174,9 @@ static int ufx_ops_release(struct fb_info *info, int user)
@@ -78029,13 +78686,13 @@ index 9279e5f..d5f5276 100644
info->fbdefio = NULL;
- info->fbops->fb_mmap = ufx_ops_mmap;
+ pax_open_kernel();
-+ *(void **)&info->fbops->fb_mmap = ufx_ops_mmap;
++ const_cast(info->fbops->fb_mmap) = ufx_ops_mmap;
+ pax_close_kernel();
}
pr_debug("released /dev/fb%d user=%d count=%d",
diff --git a/drivers/video/fbdev/udlfb.c b/drivers/video/fbdev/udlfb.c
-index e9c2f7b..8df1264 100644
+index e9c2f7b..87506f4 100644
--- a/drivers/video/fbdev/udlfb.c
+++ b/drivers/video/fbdev/udlfb.c
@@ -623,11 +623,11 @@ static int dlfb_handle_damage(struct dlfb_data *dev, int x, int y,
@@ -78076,7 +78733,7 @@ index e9c2f7b..8df1264 100644
info->fbdefio = NULL;
- info->fbops->fb_mmap = dlfb_ops_mmap;
+ pax_open_kernel();
-+ *(void **)&info->fbops->fb_mmap = dlfb_ops_mmap;
++ const_cast(info->fbops->fb_mmap) = dlfb_ops_mmap;
+ pax_close_kernel();
}
@@ -78133,7 +78790,7 @@ index e9c2f7b..8df1264 100644
return count;
}
diff --git a/drivers/video/fbdev/uvesafb.c b/drivers/video/fbdev/uvesafb.c
-index 178ae93..624b2eb 100644
+index 178ae93..043ddca 100644
--- a/drivers/video/fbdev/uvesafb.c
+++ b/drivers/video/fbdev/uvesafb.c
@@ -19,6 +19,7 @@
@@ -78202,7 +78859,7 @@ index 178ae93..624b2eb 100644
- info->fbops->fb_blank = NULL;
+ if (!blank) {
+ pax_open_kernel();
-+ *(void **)&info->fbops->fb_blank = NULL;
++ const_cast(info->fbops->fb_blank) = NULL;
+ pax_close_kernel();
+ }
@@ -78216,7 +78873,7 @@ index 178ae93..624b2eb 100644
- info->fbops->fb_pan_display = NULL;
+ if (!par->ypan) {
+ pax_open_kernel();
-+ *(void **)&info->fbops->fb_pan_display = NULL;
++ const_cast(info->fbops->fb_pan_display) = NULL;
+ pax_close_kernel();
+ }
}
@@ -78247,7 +78904,7 @@ index 178ae93..624b2eb 100644
}
return 0;
diff --git a/drivers/video/fbdev/vesafb.c b/drivers/video/fbdev/vesafb.c
-index 528fe91..6fd29fe 100644
+index 528fe91..475d9e6 100644
--- a/drivers/video/fbdev/vesafb.c
+++ b/drivers/video/fbdev/vesafb.c
@@ -9,6 +9,7 @@
@@ -78348,7 +79005,7 @@ index 528fe91..6fd29fe 100644
- info->fbops->fb_pan_display = NULL;
+ if (!ypan) {
+ pax_open_kernel();
-+ *(void **)&info->fbops->fb_pan_display = NULL;
++ const_cast(info->fbops->fb_pan_display) = NULL;
+ pax_close_kernel();
+ }
@@ -99826,7 +100483,7 @@ index 7cfa0aa..d5ef97b7 100644
seq_printf(m, "CacheOp: alo=%d luo=%d luc=%d gro=%d\n",
atomic_read(&fscache_n_cop_alloc_object),
diff --git a/fs/fuse/cuse.c b/fs/fuse/cuse.c
-index c5b6b71..3949af6 100644
+index c5b6b71..527e347 100644
--- a/fs/fuse/cuse.c
+++ b/fs/fuse/cuse.c
@@ -611,10 +611,12 @@ static int __init cuse_init(void)
@@ -99839,9 +100496,9 @@ index c5b6b71..3949af6 100644
- cuse_channel_fops.release = cuse_channel_release;
+ pax_open_kernel();
+ memcpy((void *)&cuse_channel_fops, &fuse_dev_operations, sizeof(fuse_dev_operations));
-+ *(void **)&cuse_channel_fops.owner = THIS_MODULE;
-+ *(void **)&cuse_channel_fops.open = cuse_channel_open;
-+ *(void **)&cuse_channel_fops.release = cuse_channel_release;
++ const_cast(cuse_channel_fops.owner) = THIS_MODULE;
++ const_cast(cuse_channel_fops.open) = cuse_channel_open;
++ const_cast(cuse_channel_fops.release) = cuse_channel_release;
+ pax_close_kernel();
cuse_class = class_create(THIS_MODULE, "cuse");
@@ -100191,7 +100848,7 @@ index 4a6cf28..d3a29d3 100644
jffs2_prealloc_raw_node_refs(c, jeb, 1);
diff --git a/fs/jffs2/file.c b/fs/jffs2/file.c
-index cad86ba..a0bfc33 100644
+index cad86ba..7de4d99 100644
--- a/fs/jffs2/file.c
+++ b/fs/jffs2/file.c
@@ -111,8 +111,9 @@ static int jffs2_do_readpage_nolock (struct inode *inode, struct page *pg)
@@ -100205,6 +100862,15 @@ index cad86ba..a0bfc33 100644
int ret = jffs2_do_readpage_nolock(inode, pg);
unlock_page(pg);
return ret;
+@@ -125,7 +126,7 @@ static int jffs2_readpage (struct file *filp, struct page *pg)
+ int ret;
+
+ mutex_lock(&f->sem);
+- ret = jffs2_do_readpage_unlock(pg->mapping->host, pg);
++ ret = jffs2_do_readpage_unlock((struct file *)pg->mapping->host, pg);
+ mutex_unlock(&f->sem);
+ return ret;
+ }
diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c
index bead25a..5186b1c 100644
--- a/fs/jffs2/fs.c
@@ -110271,7 +110937,7 @@ index d955481..a985dc41 100644
#endif
diff --git a/fs/nls/nls_base.c b/fs/nls/nls_base.c
-index 52ccd34..7a6b202 100644
+index 52ccd34..a166501 100644
--- a/fs/nls/nls_base.c
+++ b/fs/nls/nls_base.c
@@ -234,21 +234,25 @@ EXPORT_SYMBOL(utf16s_to_utf8s);
@@ -110286,7 +110952,7 @@ index 52ccd34..7a6b202 100644
- nls->owner = owner;
+ pax_open_kernel();
-+ *(void **)&nls->owner = owner;
++ const_cast(nls->owner) = owner;
+ pax_close_kernel();
spin_lock(&nls_lock);
- while (*tmp) {
@@ -110301,7 +110967,7 @@ index 52ccd34..7a6b202 100644
}
- nls->next = tables;
+ pax_open_kernel();
-+ *(struct nls_table **)&nls->next = tables;
++ const_cast(nls->next) = tables;
+ pax_close_kernel();
tables = nls;
spin_unlock(&nls_lock);
@@ -110394,7 +111060,7 @@ index 8e14187..d9cec2f 100644
{
const unsigned char *uni2charset;
diff --git a/fs/nls/nls_euc-jp.c b/fs/nls/nls_euc-jp.c
-index 162b3f1..2cb932a 100644
+index 162b3f1..b9121f8 100644
--- a/fs/nls/nls_euc-jp.c
+++ b/fs/nls/nls_euc-jp.c
@@ -406,7 +406,7 @@ static inline int sjisnec2sjisibm(unsigned char *sjisibm,
@@ -110413,14 +111079,14 @@ index 162b3f1..2cb932a 100644
- table.charset2upper = p_nls->charset2upper;
- table.charset2lower = p_nls->charset2lower;
+ pax_open_kernel();
-+ *(const unsigned char **)&table.charset2upper = p_nls->charset2upper;
-+ *(const unsigned char **)&table.charset2lower = p_nls->charset2lower;
++ const_cast(table.charset2upper) = p_nls->charset2upper;
++ const_cast(table.charset2lower) = p_nls->charset2lower;
+ pax_close_kernel();
return register_nls(&table);
}
diff --git a/fs/nls/nls_koi8-ru.c b/fs/nls/nls_koi8-ru.c
-index a80a741..13030f7 100644
+index a80a741..f28c9c9 100644
--- a/fs/nls/nls_koi8-ru.c
+++ b/fs/nls/nls_koi8-ru.c
@@ -13,7 +13,7 @@
@@ -110439,8 +111105,8 @@ index a80a741..13030f7 100644
- table.charset2upper = p_nls->charset2upper;
- table.charset2lower = p_nls->charset2lower;
+ pax_open_kernel();
-+ *(const unsigned char **)&table.charset2upper = p_nls->charset2upper;
-+ *(const unsigned char **)&table.charset2lower = p_nls->charset2lower;
++ const_cast(table.charset2upper) = p_nls->charset2upper;
++ const_cast(table.charset2lower) = p_nls->charset2lower;
+ pax_close_kernel();
return register_nls(&table);
}
@@ -112482,7 +113148,7 @@ index 350984a..0fb02a9 100644
net = get_proc_net(inode);
if (net == NULL)
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
-index fe5b6e6..e5f3883 100644
+index fe5b6e6..cd2913c 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -11,13 +11,21 @@
@@ -112515,7 +113181,7 @@ index fe5b6e6..e5f3883 100644
{
- dir->header.ctl_table[0].child = sysctl_mount_point;
+ pax_open_kernel();
-+ *(const void **)&dir->header.ctl_table[0].child = sysctl_mount_point;
++ const_cast(dir->header.ctl_table[0].child) = sysctl_mount_point;
+ pax_close_kernel();
}
@@ -112524,7 +113190,7 @@ index fe5b6e6..e5f3883 100644
{
- dir->header.ctl_table[0].child = NULL;
+ pax_open_kernel();
-+ *(void **)&dir->header.ctl_table[0].child = NULL;
++ const_cast(dir->header.ctl_table[0].child) = NULL;
+ pax_close_kernel();
}
@@ -112565,7 +113231,7 @@ index fe5b6e6..e5f3883 100644
+ if (gr_handle_chroot_sysctl(op))
+ goto out;
+ dget(filp->f_path.dentry);
-+ if (gr_handle_sysctl_mod(filp->f_path.dentry->d_parent->d_name.name, table->procname, op)) {
++ if (gr_handle_sysctl_mod((const char *)filp->f_path.dentry->d_parent->d_name.name, table->procname, op)) {
+ dput(filp->f_path.dentry);
+ goto out;
+ }
@@ -113941,7 +114607,7 @@ index 6c21228..9afd5fe 100644
if (sbi->s_bytesex == BYTESEX_PDP)
return PDP_swab((__force __u32)n);
diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c
-index 4a0e48f..ca5b016 100644
+index 4a0e48f..d3e1fbf 100644
--- a/fs/tracefs/inode.c
+++ b/fs/tracefs/inode.c
@@ -53,7 +53,7 @@ static const struct file_operations tracefs_file_operations = {
@@ -113960,8 +114626,8 @@ index 4a0e48f..ca5b016 100644
- tracefs_ops.mkdir = mkdir;
- tracefs_ops.rmdir = rmdir;
+ pax_open_kernel();
-+ *(void **)&tracefs_ops.mkdir = mkdir;
-+ *(void **)&tracefs_ops.rmdir = rmdir;
++ const_cast(tracefs_ops.mkdir) = mkdir;
++ const_cast(tracefs_ops.rmdir) = rmdir;
+ pax_close_kernel();
return dentry;
@@ -115665,7 +116331,7 @@ index 0000000..e136e5f
+endif
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
new file mode 100644
-index 0000000..7ad630a
+index 0000000..3c66319
--- /dev/null
+++ b/grsecurity/gracl.c
@@ -0,0 +1,2757 @@
@@ -115867,7 +116533,7 @@ index 0000000..7ad630a
+
+static int prepend_name(char **buffer, int *buflen, struct qstr *name)
+{
-+ return prepend(buffer, buflen, name->name, name->len);
++ return prepend(buffer, buflen, (const char *)name->name, name->len);
+}
+
+static int prepend_path(const struct path *path, struct path *root,
@@ -116231,7 +116897,7 @@ index 0000000..7ad630a
+__lookup_name_entry(const struct gr_policy_state *state, const char *name)
+{
+ unsigned int len = strlen(name);
-+ unsigned int key = full_name_hash(name, len);
++ unsigned int key = full_name_hash((const unsigned char *)name, len);
+ unsigned int index = key % state->name_set.n_size;
+ struct name_entry *match;
+
@@ -116253,7 +116919,7 @@ index 0000000..7ad630a
+lookup_name_entry_create(const char *name)
+{
+ unsigned int len = strlen(name);
-+ unsigned int key = full_name_hash(name, len);
++ unsigned int key = full_name_hash((const unsigned char *)name, len);
+ unsigned int index = key % running_polstate.name_set.n_size;
+ struct name_entry *match;
+
@@ -120006,7 +120672,7 @@ index 0000000..25f54ef
+};
diff --git a/grsecurity/gracl_policy.c b/grsecurity/gracl_policy.c
new file mode 100644
-index 0000000..302bda8
+index 0000000..2fc92ec
--- /dev/null
+++ b/grsecurity/gracl_policy.c
@@ -0,0 +1,1784 @@
@@ -120362,7 +121028,7 @@ index 0000000..302bda8
+ struct name_entry **curr, *nentry;
+ struct inodev_entry *ientry;
+ unsigned int len = strlen(name);
-+ unsigned int key = full_name_hash(name, len);
++ unsigned int key = full_name_hash((const unsigned char *)name, len);
+ unsigned int index = key % polstate->name_set.n_size;
+
+ curr = &polstate->name_set.n_hash[index];
@@ -121387,7 +122053,7 @@ index 0000000..302bda8
+ FOR_EACH_ROLE_END(r)
+
+ for (i = 0; i < polstate->num_sprole_pws; i++) {
-+ if (!strcmp(rolename, polstate->acl_special_roles[i]->rolename)) {
++ if (!strcmp(rolename, (const char *)polstate->acl_special_roles[i]->rolename)) {
+ *salt = polstate->acl_special_roles[i]->salt;
+ *sum = polstate->acl_special_roles[i]->sum;
+ return 1;
@@ -121674,11 +122340,11 @@ index 0000000..302bda8
+ }
+
+ if (lookup_special_role_auth
-+ (gr_usermode->mode, gr_usermode->sp_role, &sprole_salt, &sprole_sum)
++ (gr_usermode->mode, (const char *)gr_usermode->sp_role, &sprole_salt, &sprole_sum)
+ && ((!sprole_salt && !sprole_sum)
+ || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) {
+ char *p = "";
-+ assign_special_role(gr_usermode->sp_role);
++ assign_special_role((const char *)gr_usermode->sp_role);
+ read_lock(&tasklist_lock);
+ if (current->real_parent)
+ p = current->real_parent->role->rolename;
@@ -125636,7 +126302,7 @@ index 0000000..ae02d8e
+EXPORT_SYMBOL_GPL(gr_handle_new_usb);
diff --git a/grsecurity/grsum.c b/grsecurity/grsum.c
new file mode 100644
-index 0000000..4fb2ce6
+index 0000000..aef6b92
--- /dev/null
+++ b/grsecurity/grsum.c
@@ -0,0 +1,54 @@
@@ -125674,12 +126340,12 @@ index 0000000..4fb2ce6
+
+ sg_init_table(sg, 2);
+ sg_set_buf(&sg[0], salt, GR_SALT_LEN);
-+ sg_set_buf(&sg[1], entry->pw, strlen(entry->pw));
++ sg_set_buf(&sg[1], entry->pw, strlen((const char *)entry->pw));
+
+ desc.tfm = tfm;
+ desc.flags = 0;
+
-+ cryptres = crypto_hash_digest(&desc, sg, GR_SALT_LEN + strlen(entry->pw),
++ cryptres = crypto_hash_digest(&desc, sg, GR_SALT_LEN + strlen((const char *)entry->pw),
+ temp_sum);
+
+ memset(entry->pw, 0, GR_PW_LEN);
@@ -127062,7 +127728,7 @@ index a76c917..75d6aeb 100644
asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, compat_size_t);
/*
diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
-index eeae401..a2a9f48 100644
+index eeae401..c108d27 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -116,9 +116,9 @@
@@ -127078,7 +127744,7 @@ index eeae401..a2a9f48 100644
#define __maybe_unused __attribute__((unused))
#define __always_unused __attribute__((unused))
-@@ -184,9 +184,38 @@
+@@ -184,9 +184,39 @@
# define __compiletime_warning(message) __attribute__((warning(message)))
# define __compiletime_error(message) __attribute__((error(message)))
#endif /* __CHECKER__ */
@@ -127099,6 +127765,7 @@ index eeae401..a2a9f48 100644
+#ifdef CONSTIFY_PLUGIN
+#define __no_const __attribute__((no_const))
+#define __do_const __attribute__((do_const))
++#define const_cast(x) (*(typeof((typeof(x))0) *)&(x))
+#endif
+
+#ifdef SIZE_OVERFLOW_PLUGIN
@@ -127118,7 +127785,7 @@ index eeae401..a2a9f48 100644
* Mark a position in code as unreachable. This can be used to
* suppress control flow warnings after asm blocks that transfer
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
-index 48f5aab..2d1c52f 100644
+index 48f5aab..4206700 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -5,11 +5,14 @@
@@ -127340,7 +128007,7 @@ index 48f5aab..2d1c52f 100644
})
/**
-@@ -416,6 +432,38 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
+@@ -416,6 +432,42 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
# define __attribute_const__ /* unimplemented */
#endif
@@ -127376,10 +128043,14 @@ index 48f5aab..2d1c52f 100644
+# define __nocapture(...)
+#endif
+
++#ifndef const_cast
++# define const_cast(x) (x)
++#endif
++
/*
* Tell gcc if a function is cold. The compiler will assume any path
* directly leading to the call is unlikely.
-@@ -425,6 +473,22 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
+@@ -425,6 +477,22 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
#define __cold
#endif
@@ -127402,7 +128073,7 @@ index 48f5aab..2d1c52f 100644
/* Simple shorthand for a section definition */
#ifndef __section
# define __section(S) __attribute__ ((__section__(#S)))
-@@ -447,6 +511,8 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
+@@ -447,6 +515,8 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
# define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b))
#endif
@@ -127411,7 +128082,7 @@ index 48f5aab..2d1c52f 100644
/* Is this type a native word size -- useful for atomic operations */
#ifndef __native_word
# define __native_word(t) (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long))
-@@ -526,8 +592,9 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
+@@ -526,8 +596,9 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
*/
#define __ACCESS_ONCE(x) ({ \
__maybe_unused typeof(x) __var = (__force typeof(x)) 0; \
@@ -131980,7 +132651,7 @@ index 556ec1e..38c19c9 100644
/*
diff --git a/include/linux/sched.h b/include/linux/sched.h
-index a10494a..2facd6d 100644
+index a10494a..9f25fd6 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -7,7 +7,7 @@
@@ -132253,7 +132924,7 @@ index a10494a..2facd6d 100644
{
return tsk->pid;
}
-@@ -2289,6 +2397,25 @@ extern u64 sched_clock_cpu(int cpu);
+@@ -2289,6 +2397,26 @@ extern u64 sched_clock_cpu(int cpu);
extern void sched_clock_init(void);
@@ -132267,6 +132938,7 @@ index a10494a..2facd6d 100644
+
+ while (ptr < end) {
+ c = *(volatile int *)ptr;
++ (void)c;
+ ptr += PAGE_SIZE/sizeof(int);
+ }
+}
@@ -132279,7 +132951,7 @@ index a10494a..2facd6d 100644
#ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK
static inline void sched_clock_tick(void)
{
-@@ -2417,7 +2544,9 @@ extern void set_curr_task(int cpu, struct task_struct *p);
+@@ -2417,7 +2545,9 @@ extern void set_curr_task(int cpu, struct task_struct *p);
void yield(void);
union thread_union {
@@ -132289,7 +132961,7 @@ index a10494a..2facd6d 100644
unsigned long stack[THREAD_SIZE/sizeof(long)];
};
-@@ -2450,6 +2579,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -2450,6 +2580,7 @@ extern struct pid_namespace init_pid_ns;
*/
extern struct task_struct *find_task_by_vpid(pid_t nr);
@@ -132297,7 +132969,7 @@ index a10494a..2facd6d 100644
extern struct task_struct *find_task_by_pid_ns(pid_t nr,
struct pid_namespace *ns);
-@@ -2481,7 +2611,7 @@ extern void proc_caches_init(void);
+@@ -2481,7 +2612,7 @@ extern void proc_caches_init(void);
extern void flush_signals(struct task_struct *);
extern void ignore_signals(struct task_struct *);
extern void flush_signal_handlers(struct task_struct *, int force_default);
@@ -132306,7 +132978,7 @@ index a10494a..2facd6d 100644
static inline int kernel_dequeue_signal(siginfo_t *info)
{
-@@ -2635,7 +2765,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2635,7 +2766,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
extern void exit_itimers(struct signal_struct *);
extern void flush_itimer_signals(void);
@@ -132315,7 +132987,7 @@ index a10494a..2facd6d 100644
extern int do_execve(struct filename *,
const char __user * const __user *,
-@@ -2750,11 +2880,13 @@ static inline int thread_group_empty(struct task_struct *p)
+@@ -2750,11 +2881,13 @@ static inline int thread_group_empty(struct task_struct *p)
* It must not be nested with write_lock_irq(&tasklist_lock),
* neither inside nor outside.
*/
@@ -132329,7 +133001,7 @@ index a10494a..2facd6d 100644
static inline void task_unlock(struct task_struct *p)
{
spin_unlock(&p->alloc_lock);
-@@ -2840,9 +2972,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2840,9 +2973,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
#define task_stack_end_corrupted(task) \
(*(end_of_stack(task)) != STACK_END_MAGIC)
@@ -132404,6 +133076,19 @@ index dc368b8..e895209 100644
extern int __must_check down_killable(struct semaphore *sem);
extern int __must_check down_trylock(struct semaphore *sem);
extern int __must_check down_timeout(struct semaphore *sem, long jiffies);
+diff --git a/include/linux/seq_buf.h b/include/linux/seq_buf.h
+index fb7eb9c..1b493dc 100644
+--- a/include/linux/seq_buf.h
++++ b/include/linux/seq_buf.h
+@@ -16,7 +16,7 @@
+ * @readpos: The next position to read in the buffer.
+ */
+ struct seq_buf {
+- char *buffer;
++ unsigned char *buffer;
+ size_t size;
+ size_t len;
+ loff_t readpos;
diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h
index dde00de..202bfd3 100644
--- a/include/linux/seq_file.h
@@ -133368,7 +134053,7 @@ index fa7bc29..0d96561 100644
struct ctl_node {
struct rb_node node;
diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h
-index c6f0f0d..a34ab2d 100644
+index c6f0f0d..e663567 100644
--- a/include/linux/sysfs.h
+++ b/include/linux/sysfs.h
@@ -34,7 +34,8 @@ struct attribute {
@@ -133401,6 +134086,15 @@ index c6f0f0d..a34ab2d 100644
/**
* sysfs_bin_attr_init - initialize a dynamically allocated bin_attribute
+@@ -512,7 +515,7 @@ static inline void sysfs_notify_dirent(struct kernfs_node *kn)
+ }
+
+ static inline struct kernfs_node *sysfs_get_dirent(struct kernfs_node *parent,
+- const unsigned char *name)
++ const char *name)
+ {
+ return kernfs_find_and_get(parent, name);
+ }
diff --git a/include/linux/sysrq.h b/include/linux/sysrq.h
index 387fa7d..3fcde6b 100644
--- a/include/linux/sysrq.h
@@ -136761,7 +137455,7 @@ index 45432b5..988f1e4 100644
+}
+EXPORT_SYMBOL(capable_wrt_inode_uidgid_nolog);
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index 355cd5f..6273802 100644
+index 355cd5f..93e1510 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
@@ -3333,7 +3333,7 @@ static int cgroup_add_file(struct cgroup_subsys_state *css, struct cgroup *cgrp,
@@ -136781,12 +137475,12 @@ index 355cd5f..6273802 100644
- cft->ss = NULL;
+
+ pax_open_kernel();
-+ *(void **)&cft->kf_ops = NULL;
-+ *(void **)&cft->ss = NULL;
++ const_cast(cft->kf_ops) = NULL;
++ const_cast(cft->ss) = NULL;
/* revert flags set by cgroup core while adding @cfts */
- cft->flags &= ~(__CFTYPE_ONLY_ON_DFL | __CFTYPE_NOT_ON_DFL);
-+ *(unsigned int *)&cft->flags &= ~(__CFTYPE_ONLY_ON_DFL | __CFTYPE_NOT_ON_DFL);
++ const_cast(cft->flags) &= ~(__CFTYPE_ONLY_ON_DFL | __CFTYPE_NOT_ON_DFL);
+ pax_close_kernel();
}
}
@@ -136798,8 +137492,8 @@ index 355cd5f..6273802 100644
- cft->kf_ops = kf_ops;
- cft->ss = ss;
+ pax_open_kernel();
-+ *(void **)&cft->kf_ops = kf_ops;
-+ *(void **)&cft->ss = ss;
++ const_cast(cft->kf_ops) = kf_ops;
++ const_cast(cft->ss) = ss;
+ pax_close_kernel();
}
@@ -136829,7 +137523,7 @@ index 355cd5f..6273802 100644
+ pax_open_kernel();
for (cft = cfts; cft && cft->name[0] != '\0'; cft++)
- cft->flags |= __CFTYPE_ONLY_ON_DFL;
-+ *(unsigned int *)&cft->flags |= __CFTYPE_ONLY_ON_DFL;
++ const_cast(cft->flags) |= __CFTYPE_ONLY_ON_DFL;
+ pax_close_kernel();
return cgroup_add_cftypes(ss, cfts);
}
@@ -136841,7 +137535,7 @@ index 355cd5f..6273802 100644
+ pax_open_kernel();
for (cft = cfts; cft && cft->name[0] != '\0'; cft++)
- cft->flags |= __CFTYPE_NOT_ON_DFL;
-+ *(unsigned int *)&cft->flags |= __CFTYPE_NOT_ON_DFL;
++ const_cast(cft->flags) |= __CFTYPE_NOT_ON_DFL;
+ pax_close_kernel();
return cgroup_add_cftypes(ss, cfts);
}
@@ -138224,7 +138918,7 @@ index 84118723..317f7a5 100644
irq_wake_secondary(desc, action);
diff --git a/kernel/irq/msi.c b/kernel/irq/msi.c
-index 38e89ce..58960ac 100644
+index 38e89ce..8b7a537 100644
--- a/kernel/irq/msi.c
+++ b/kernel/irq/msi.c
@@ -214,16 +214,18 @@ static void msi_domain_update_dom_ops(struct msi_domain_info *info)
@@ -138234,19 +138928,19 @@ index 38e89ce..58960ac 100644
+ pax_open_kernel();
if (ops->get_hwirq == NULL)
- ops->get_hwirq = msi_domain_ops_default.get_hwirq;
-+ *(void **)&ops->get_hwirq = msi_domain_ops_default.get_hwirq;
++ const_cast(ops->get_hwirq) = msi_domain_ops_default.get_hwirq;
if (ops->msi_init == NULL)
- ops->msi_init = msi_domain_ops_default.msi_init;
-+ *(void **)&ops->msi_init = msi_domain_ops_default.msi_init;
++ const_cast(ops->msi_init) = msi_domain_ops_default.msi_init;
if (ops->msi_check == NULL)
- ops->msi_check = msi_domain_ops_default.msi_check;
-+ *(void **)&ops->msi_check = msi_domain_ops_default.msi_check;
++ const_cast(ops->msi_check) = msi_domain_ops_default.msi_check;
if (ops->msi_prepare == NULL)
- ops->msi_prepare = msi_domain_ops_default.msi_prepare;
-+ *(void **)&ops->msi_prepare = msi_domain_ops_default.msi_prepare;
++ const_cast(ops->msi_prepare) = msi_domain_ops_default.msi_prepare;
if (ops->set_desc == NULL)
- ops->set_desc = msi_domain_ops_default.set_desc;
-+ *(void **)&ops->set_desc = msi_domain_ops_default.set_desc;
++ const_cast(ops->set_desc) = msi_domain_ops_default.set_desc;
+ pax_close_kernel();
}
@@ -138259,7 +138953,7 @@ index 38e89ce..58960ac 100644
- chip->irq_set_affinity = msi_domain_set_affinity;
+ if (!chip->irq_set_affinity) {
+ pax_open_kernel();
-+ *(void **)&chip->irq_set_affinity = msi_domain_set_affinity;
++ const_cast(chip->irq_set_affinity) = msi_domain_set_affinity;
+ pax_close_kernel();
+ }
}
@@ -139888,7 +140582,7 @@ index 794ebe8..f81f123 100644
}
return mod;
diff --git a/kernel/notifier.c b/kernel/notifier.c
-index fd2c9ac..95e58f6 100644
+index fd2c9ac..6263e05 100644
--- a/kernel/notifier.c
+++ b/kernel/notifier.c
@@ -5,6 +5,7 @@
@@ -139908,7 +140602,7 @@ index fd2c9ac..95e58f6 100644
}
- n->next = *nl;
+ pax_open_kernel();
-+ *(const void **)&n->next = *nl;
++ const_cast(n->next) = *nl;
rcu_assign_pointer(*nl, n);
+ pax_close_kernel();
return 0;
@@ -139923,7 +140617,7 @@ index fd2c9ac..95e58f6 100644
}
- n->next = *nl;
+ pax_open_kernel();
-+ *(const void **)&n->next = *nl;
++ const_cast(n->next) = *nl;
rcu_assign_pointer(*nl, n);
+ pax_close_kernel();
return 0;
@@ -140025,7 +140719,7 @@ index d96469d..81d6d28 100644
}
EXPORT_SYMBOL(__stack_chk_fail);
diff --git a/kernel/pid.c b/kernel/pid.c
-index 4d73a83..4712357 100644
+index 4d73a83..9df1950 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -33,6 +33,7 @@
@@ -140078,15 +140772,18 @@ index 4d73a83..4712357 100644
struct pid *get_task_pid(struct task_struct *task, enum pid_type type)
{
struct pid *pid;
-@@ -497,7 +513,7 @@ struct pid *find_get_pid(pid_t nr)
+@@ -497,9 +513,9 @@ struct pid *find_get_pid(pid_t nr)
}
EXPORT_SYMBOL_GPL(find_get_pid);
-pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns)
+pid_t pid_nr_ns(const struct pid *pid, const struct pid_namespace *ns)
{
- struct upid *upid;
+- struct upid *upid;
++ const struct upid *upid;
pid_t nr = 0;
+
+ if (pid && ns->level <= pid->level) {
@@ -511,7 +527,7 @@ pid_t pid_nr_ns(struct pid *pid, struct pid_namespace *ns)
}
EXPORT_SYMBOL_GPL(pid_nr_ns);
@@ -143248,7 +143945,7 @@ index 2be8c4f..444ecfb 100644
}
entry = ring_buffer_event_data(event);
diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c
-index 2829821..a290dc89 100644
+index 2829821..cd4ea77 100644
--- a/kernel/trace/trace_output.c
+++ b/kernel/trace/trace_output.c
@@ -713,14 +713,16 @@ int register_trace_event(struct trace_event *event)
@@ -143258,16 +143955,16 @@ index 2829821..a290dc89 100644
+ pax_open_kernel();
if (event->funcs->trace == NULL)
- event->funcs->trace = trace_nop_print;
-+ *(void **)&event->funcs->trace = trace_nop_print;
++ const_cast(event->funcs->trace) = trace_nop_print;
if (event->funcs->raw == NULL)
- event->funcs->raw = trace_nop_print;
-+ *(void **)&event->funcs->raw = trace_nop_print;
++ const_cast(event->funcs->raw) = trace_nop_print;
if (event->funcs->hex == NULL)
- event->funcs->hex = trace_nop_print;
-+ *(void **)&event->funcs->hex = trace_nop_print;
++ const_cast(event->funcs->hex) = trace_nop_print;
if (event->funcs->binary == NULL)
- event->funcs->binary = trace_nop_print;
-+ *(void **)&event->funcs->binary = trace_nop_print;
++ const_cast(event->funcs->binary) = trace_nop_print;
+ pax_close_kernel();
key = event->type & (EVENT_HASHSIZE - 1);
@@ -151655,7 +152352,7 @@ index 1474cfd..961bc9f 100644
pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR);
return -ENODEV;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index 482c371..b02a761 100644
+index 482c371..150e1ee 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -61,7 +61,7 @@ struct rtnl_link {
@@ -151675,7 +152372,7 @@ index 482c371..b02a761 100644
- ops->dellink = unregister_netdevice_queue;
+ if (ops->setup && !ops->dellink) {
+ pax_open_kernel();
-+ *(void **)&ops->dellink = unregister_netdevice_queue;
++ const_cast(ops->dellink) = unregister_netdevice_queue;
+ pax_close_kernel();
+ }
@@ -160008,7 +160705,7 @@ index b5e665b..3030b1d 100644
}
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
-index 9895a8c..705c302 100644
+index 9895a8c..e7c5936 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -166,12 +166,14 @@ int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
@@ -160082,7 +160779,7 @@ index 9895a8c..705c302 100644
- mode->afinfo = afinfo;
+ pax_open_kernel();
-+ *(const void **)&mode->afinfo = afinfo;
++ const_cast(mode->afinfo) = afinfo;
modemap[mode->encap] = mode;
+ pax_close_kernel();
err = 0;
@@ -160172,6 +160869,18 @@ index 1db6d73..0819042 100644
# ld-option
# Usage: LDFLAGS += $(call ld-option, -X)
+diff --git a/scripts/Makefile b/scripts/Makefile
+index fd0d53d..1471190 100644
+--- a/scripts/Makefile
++++ b/scripts/Makefile
+@@ -44,6 +44,7 @@ subdir-y += mod
+ subdir-$(CONFIG_SECURITY_SELINUX) += selinux
+ subdir-$(CONFIG_DTC) += dtc
+ subdir-$(CONFIG_GDB_SCRIPTS) += gdb
++subdir-$(CONFIG_GCC_PLUGINS) += gcc-plugins
+
+ # Let clean descend into subdirs
+ subdir- += basic kconfig package
diff --git a/scripts/Makefile.build b/scripts/Makefile.build
index 2c47f9c..9d46008 100644
--- a/scripts/Makefile.build
@@ -160216,81 +160925,83 @@ index f9e47a7..b72022a 100644
warning-2 += -Wdisabled-optimization
diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins
new file mode 100644
-index 0000000..02fd848
+index 0000000..08d4e22
--- /dev/null
+++ b/scripts/Makefile.gcc-plugins
-@@ -0,0 +1,69 @@
-+__PLUGINCC := $(call cc-ifversion, -ge, 0408, $(HOSTCXX), $(HOSTCC))
-+PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)")
-+ifneq ($(PLUGINCC),)
-+ifdef CONFIG_PAX_CONSTIFY_PLUGIN
-+CONSTIFY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN
-+endif
-+ifdef CONFIG_PAX_MEMORY_STACKLEAK
-+STACKLEAK_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -DSTACKLEAK_PLUGIN
-+STACKLEAK_PLUGIN_CFLAGS += -fplugin-arg-stackleak_plugin-track-lowest-sp=100
-+endif
-+ifdef CONFIG_KALLOCSTAT_PLUGIN
-+KALLOCSTAT_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so
-+endif
-+ifdef CONFIG_PAX_KERNEXEC_PLUGIN
-+KERNEXEC_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so
-+KERNEXEC_PLUGIN_CFLAGS += -fplugin-arg-kernexec_plugin-method=$(CONFIG_PAX_KERNEXEC_PLUGIN_METHOD) -DKERNEXEC_PLUGIN
-+KERNEXEC_PLUGIN_AFLAGS := -DKERNEXEC_PLUGIN
-+endif
-+ifdef CONFIG_CHECKER_PLUGIN
-+ifeq ($(call cc-ifversion, -ge, 0406, y), y)
-+CHECKER_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/checker_plugin.so -DCHECKER_PLUGIN
-+ifdef CONFIG_CHECKER_PLUGIN_USER
-+CHECKER_PLUGIN_CFLAGS += -fplugin-arg-checker_plugin-user -DCHECKER_PLUGIN_USER
-+endif
-+ifdef CONFIG_CHECKER_PLUGIN_CONTEXT
-+CHECKER_PLUGIN_CFLAGS += -fplugin-arg-checker_plugin-context -DCHECKER_PLUGIN_CONTEXT
-+endif
-+endif
-+endif
-+COLORIZE_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/colorize_plugin.so
-+ifdef CONFIG_PAX_SIZE_OVERFLOW
-+SIZE_OVERFLOW_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/size_overflow_plugin/size_overflow_plugin.so -DSIZE_OVERFLOW_PLUGIN
-+endif
-+ifdef CONFIG_PAX_LATENT_ENTROPY
-+LATENT_ENTROPY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/latent_entropy_plugin.so -DLATENT_ENTROPY_PLUGIN
-+endif
-+ifdef CONFIG_PAX_MEMORY_STRUCTLEAK
-+STRUCTLEAK_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/structleak_plugin.so -DSTRUCTLEAK_PLUGIN
-+endif
-+INITIFY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/initify_plugin.so -DINITIFY_PLUGIN
-+ifdef CONFIG_PAX_RAP
-+RAP_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/rap_plugin/rap_plugin.so -fplugin-arg-rap_plugin-check=call -DRAP_PLUGIN
-+#RAP_PLUGIN_CFLAGS += -fplugin-arg-rap_plugin-report=func,fptr,abs
-+RAP_PLUGIN_ABS_CFLAGS := -fplugin-arg-rap_plugin-hash=abs-finish
-+RAP_PLUGIN_AFLAGS := -DRAP_PLUGIN
-+endif
-+GCC_PLUGINS_CFLAGS := $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CFLAGS) $(KALLOCSTAT_PLUGIN_CFLAGS)
-+GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS)
-+GCC_PLUGINS_CFLAGS += $(SIZE_OVERFLOW_PLUGIN_CFLAGS) $(LATENT_ENTROPY_PLUGIN_CFLAGS) $(STRUCTLEAK_PLUGIN_CFLAGS)
-+GCC_PLUGINS_CFLAGS += $(INITIFY_PLUGIN_CFLAGS)
-+GCC_PLUGINS_CFLAGS += $(RAP_PLUGIN_CFLAGS) $(RAP_PLUGIN_ABS_CFLAGS)
-+GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS) $(RAP_PLUGIN_AFLAGS)
-+export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGINS_AFLAGS CONSTIFY_PLUGIN LATENT_ENTROPY_PLUGIN_CFLAGS RAP_PLUGIN_CFLAGS RAP_PLUGIN_ABS_CFLAGS
-+ifeq ($(KBUILD_EXTMOD),)
-+gcc-plugins:
-+ $(Q)$(MAKE) $(build)=tools/gcc
-+else
-+gcc-plugins: ;
-+endif
-+else
-+gcc-plugins:
-+ifeq ($(call cc-ifversion, -ge, 0405, y), y)
-+ $(warning warning, your gcc installation does not support plugins, perhaps the necessary headers are missing?)
-+ $(CONFIG_SHELL) -x $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)"
-+else
-+ $(warning warning, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least)
-+endif
-+ $(warning PAX_MEMORY_STACKLEAK and other features will be less secure)
+@@ -0,0 +1,71 @@
++ifdef CONFIG_GCC_PLUGINS
++ __PLUGINCC := $(call cc-ifversion, -ge, 0408, $(HOSTCXX), $(HOSTCC))
++ PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)")
++
++ gcc-plugin-$(CONFIG_PAX_CONSTIFY_PLUGIN) += constify_plugin.so
++ gcc-plugin-cflags-$(CONFIG_PAX_CONSTIFY_PLUGIN) += -DCONSTIFY_PLUGIN
++
++ gcc-plugin-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so
++ gcc-plugin-cflags-$(CONFIG_PAX_MEMORY_STACKLEAK) += -DSTACKLEAK_PLUGIN -fplugin-arg-stackleak_plugin-track-lowest-sp=100
++
++ gcc-plugin-$(CONFIG_KALLOCSTAT_PLUGIN) += kallocstat_plugin.so
++
++ gcc-plugin-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so
++ gcc-plugin-cflags-$(CONFIG_PAX_KERNEXEC_PLUGIN) += -DKERNEXEC_PLUGIN -fplugin-arg-kernexec_plugin-method=$(CONFIG_PAX_KERNEXEC_PLUGIN_METHOD)
++ gcc-plugin-aflags-$(CONFIG_PAX_KERNEXEC_PLUGIN) += -DKERNEXEC_PLUGIN
++
++ ifdef CONFIG_CHECKER_PLUGIN
++ ifeq ($(call cc-ifversion, -ge, 0406, y), y)
++ gcc-plugin-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so
++ gcc-plugin-cflags-$(CONFIG_CHECKER_PLUGIN) += -DCHECKER_PLUGIN
++ gcc-plugin-cflags-$(CONFIG_CHECKER_PLUGIN_USER) += -DCHECKER_PLUGIN_USER -fplugin-arg-checker_plugin-user
++ gcc-plugin-cflags-$(CONFIG_CHECKER_PLUGIN_CONTEXT)+= -DCHECKER_PLUGIN_CONTEXT -fplugin-arg-checker_plugin-context
++ endif
++ endif
++
++ gcc-plugin-y += colorize_plugin.so
++
++ gcc-plugin-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin/size_overflow_plugin.so
++ gcc-plugin-cflags-$(CONFIG_PAX_SIZE_OVERFLOW) += -DSIZE_OVERFLOW_PLUGIN
++
++ gcc-plugin-$(CONFIG_PAX_LATENT_ENTROPY) += latent_entropy_plugin.so
++ gcc-plugin-cflags-$(CONFIG_PAX_LATENT_ENTROPY) += -DLATENT_ENTROPY_PLUGIN
++ ifdef CONFIG_PAX_LATENT_ENTROPY
++ DISABLE_LATENT_ENTROPY_PLUGIN += -fplugin-arg-latent_entropy_plugin-disable
++ endif
++
++ gcc-plugin-$(CONFIG_PAX_MEMORY_STRUCTLEAK) += structleak_plugin.so
++ gcc-plugin-cflags-$(CONFIG_PAX_MEMORY_STRUCTLEAK) += -DSTRUCTLEAK_PLUGIN
++
++ gcc-plugin-y += initify_plugin.so
++ gcc-plugin-cflags-y += -DINITIFY_PLUGIN
++
++ gcc-plugin-$(CONFIG_PAX_RAP) += rap_plugin/rap_plugin.so
++ gcc-plugin-cflags-$(CONFIG_PAX_RAP) += -DRAP_PLUGIN -fplugin-arg-rap_plugin-check=call
++# gcc-plugin-cflags-$(CONFIG_PAX_RAP) += -fplugin-arg-rap_plugin-report=func,fptr,abs
++ gcc-plugin-aflags-$(CONFIG_PAX_RAP) += -DRAP_PLUGIN
++ ifdef CONFIG_PAX_RAP
++ RAP_PLUGIN_ABS_CFLAGS := -fplugin-arg-rap_plugin-hash=abs-finish
++ endif
++ gcc-plugin-cflags-$(CONFIG_PAX_RAP) += $(RAP_PLUGIN_ABS_CFLAGS)
++
++ GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y))
++ GCC_PLUGINS_AFLAGS := $(gcc-plugin-aflags-y)
++
++ export DISABLE_LATENT_ENTROPY_PLUGIN RAP_PLUGIN_ABS_CFLAGS
++
++ ifeq ($(PLUGINCC),)
++ ifneq ($(GCC_PLUGINS_CFLAGS),)
++ ifeq ($(call cc-ifversion, -ge, 0405, y), y)
++ PLUGINCC := $(shell $(CONFIG_SHELL) -x $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)")
++ $(warning warning, your gcc installation does not support plugins, perhaps the necessary headers are missing?)
++ else
++ $(warning warning, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least)
++ endif
++ $(warning PAX_MEMORY_STACKLEAK and other features will be less secure)
++ endif
++ endif
++
++ KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
++ KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
+endif
diff --git a/scripts/Makefile.host b/scripts/Makefile.host
-index 133edfa..3cc6af2 100644
+index 133edfa..3439bd8 100644
--- a/scripts/Makefile.host
+++ b/scripts/Makefile.host
@@ -20,7 +20,25 @@
@@ -160349,7 +161060,7 @@ index 133edfa..3cc6af2 100644
host-objdirs := $(addprefix $(obj)/,$(host-objdirs))
obj-dirs += $(host-objdirs)
-@@ -124,5 +158,37 @@ quiet_cmd_host-cxxobjs = HOSTCXX $@
+@@ -124,5 +158,39 @@ quiet_cmd_host-cxxobjs = HOSTCXX $@
$(host-cxxobjs): $(obj)/%.o: $(src)/%.cc FORCE
$(call if_changed_dep,host-cxxobjs)
@@ -160373,8 +161084,9 @@ index 133edfa..3cc6af2 100644
+ cmd_host-cshlib = $(HOSTCC) $(HOSTLDFLAGS) -shared -o $@ \
+ $(addprefix $(obj)/,$($(@F:.so=-objs))) \
+ $(HOST_LOADLIBES) $(HOSTLOADLIBES_$(@F))
-+$(host-cshlib): $(obj)/%: $(host-cshobjs) FORCE
++$(host-cshlib): FORCE
+ $(call if_changed,host-cshlib)
++$(call multi_depend, $(host-cshlib), .so, -objs -cshobjs)
+
+# Link a shared library, based on position independent .o files
+# *.o -> .so shared library (host-cxxshlib)
@@ -160382,8 +161094,9 @@ index 133edfa..3cc6af2 100644
+ cmd_host-cxxshlib = $(HOSTCXX) $(HOSTLDFLAGS) -shared -o $@ \
+ $(addprefix $(obj)/,$($(@F:.so=-objs))) \
+ $(HOST_LOADLIBES) $(HOSTLOADLIBES_$(@F))
-+$(host-cxxshlib): $(obj)/%: $(host-cxxshobjs) FORCE
++$(host-cxxshlib): FORCE
+ $(call if_changed,host-cxxshlib)
++$(call multi_depend, $(host-cxxshlib), .so, -objs -cxxshobjs)
+
targets += $(host-csingle) $(host-cmulti) $(host-cobjs)\
- $(host-cxxmulti) $(host-cxxobjs)
@@ -160592,14 +161305,14 @@ index e229b84..7141e8e 100644
while (get_node_by_phandle(root, phandle))
diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
new file mode 100644
-index 0000000..eaa4fce
+index 0000000..fb92075
--- /dev/null
+++ b/scripts/gcc-plugin.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+srctree=$(dirname "$0")
+gccplugins_dir=$($3 -print-file-name=plugin)
-+plugincc=$($1 -E -x c++ - -o /dev/null -I"${srctree}"/../tools/gcc -I"${gccplugins_dir}"/include 2>&1 <<EOF
++plugincc=$($1 -E -x c++ - -o /dev/null -I"${srctree}"/gcc-plugins -I"${gccplugins_dir}"/include 2>&1 <<EOF
+#include "gcc-common.h"
+#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX)
+#warning $2 CXX
@@ -160630,7 +161343,7 @@ index 0000000..eaa4fce
+esac
+
+# we need a c++ compiler that supports the designated initializer GNU extension
-+plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I"${srctree}"/../tools/gcc -I"${gccplugins_dir}"/include 2>&1 <<EOF
++plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I"${srctree}"/gcc-plugins -I"${gccplugins_dir}"/include 2>&1 <<EOF
+#include "gcc-common.h"
+class test {
+public:
@@ -160647,3459 +161360,19 @@ index 0000000..eaa4fce
+ exit 0
+fi
+exit 1
-diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh
-index fdebd66..a349e33 100755
---- a/scripts/headers_install.sh
-+++ b/scripts/headers_install.sh
-@@ -32,6 +32,7 @@ do
- FILE="$(basename "$i")"
- sed -r \
- -e 's/([ \t(])(__user|__force|__iomem)[ \t]/\1/g' \
-+ -e 's/__intentional_overflow\([- \t,0-9]*\)//g' \
- -e 's/__attribute_const__([ \t]|$)/\1/g' \
- -e 's@^#include <linux/compiler.h>@@' \
- -e 's/(^|[^a-zA-Z0-9])__packed([^a-zA-Z0-9_]|$)/\1__attribute__((packed))\2/g' \
-diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c
-index 8fa81e8..a9ac144 100644
---- a/scripts/kallsyms.c
-+++ b/scripts/kallsyms.c
-@@ -89,7 +89,7 @@ static inline int is_arm_mapping_symbol(const char *str)
- }
-
- static int check_symbol_range(const char *sym, unsigned long long addr,
-- struct addr_range *ranges, int entries)
-+ struct addr_range *ranges, size_t entries)
- {
- size_t i;
- struct addr_range *ar;
-@@ -178,7 +178,7 @@ static int read_symbol(FILE *in, struct sym_entry *s)
- }
-
- static int symbol_in_range(struct sym_entry *s, struct addr_range *ranges,
-- int entries)
-+ size_t entries)
- {
- size_t i;
- struct addr_range *ar;
-diff --git a/scripts/kconfig/lkc.h b/scripts/kconfig/lkc.h
-index 91ca126..5f7cad6 100644
---- a/scripts/kconfig/lkc.h
-+++ b/scripts/kconfig/lkc.h
-@@ -108,7 +108,8 @@ void menu_add_expr(enum prop_type type, struct expr *expr, struct expr *dep);
- void menu_add_symbol(enum prop_type type, struct symbol *sym, struct expr *dep);
- void menu_add_option(int token, char *arg);
- void menu_finalize(struct menu *parent);
--void menu_set_type(int type);
-+enum symbol_type;
-+void menu_set_type(enum symbol_type type);
-
- /* util.c */
- struct file *file_lookup(const char *name);
-@@ -123,7 +124,7 @@ struct gstr {
- * when max_width is not zero long lines in string s (if any) get
- * wrapped not to exceed the max_width value
- */
-- int max_width;
-+ size_t max_width;
- };
- struct gstr str_new(void);
- void str_free(struct gstr *gs);
-diff --git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c
-index aed678e..1a703de 100644
---- a/scripts/kconfig/menu.c
-+++ b/scripts/kconfig/menu.c
-@@ -109,7 +109,7 @@ void menu_add_dep(struct expr *dep)
- current_entry->dep = expr_alloc_and(current_entry->dep, menu_check_dep(dep));
- }
-
--void menu_set_type(int type)
-+void menu_set_type(enum symbol_type type)
- {
- struct symbol *sym = current_entry->sym;
-
-diff --git a/scripts/kconfig/symbol.c b/scripts/kconfig/symbol.c
-index 25cf0c2..eb178ce 100644
---- a/scripts/kconfig/symbol.c
-+++ b/scripts/kconfig/symbol.c
-@@ -956,7 +956,7 @@ const char *sym_escape_string_value(const char *in)
-
- struct sym_match {
- struct symbol *sym;
-- off_t so, eo;
-+ regoff_t so, eo;
- };
-
- /* Compare matched symbols as thus:
-@@ -978,8 +978,8 @@ static int sym_rel_comp(const void *sym1, const void *sym2)
- * exactly; if this is the case, we can't decide which comes first,
- * and we fallback to sorting alphabetically.
- */
-- exact1 = (s1->eo - s1->so) == strlen(s1->sym->name);
-- exact2 = (s2->eo - s2->so) == strlen(s2->sym->name);
-+ exact1 = (s1->eo - s1->so) == (long)strlen(s1->sym->name);
-+ exact2 = (s2->eo - s2->so) == (long)strlen(s2->sym->name);
- if (exact1 && !exact2)
- return -1;
- if (!exact1 && exact2)
-diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
-index ba6c34e..ea10bce 100755
---- a/scripts/link-vmlinux.sh
-+++ b/scripts/link-vmlinux.sh
-@@ -179,7 +179,7 @@ else
- fi;
-
- # final build of init/
--${MAKE} -f "${srctree}/scripts/Makefile.build" obj=init
-+${MAKE} -f "${srctree}/scripts/Makefile.build" obj=init GCC_PLUGINS_CFLAGS="${GCC_PLUGINS_CFLAGS}" GCC_PLUGINS_AFLAGS="${GCC_PLUGINS_AFLAGS}"
-
- kallsymso=""
- kallsyms_vmlinux=""
-diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c
-index a915507..27c1b41 100644
---- a/scripts/mod/file2alias.c
-+++ b/scripts/mod/file2alias.c
-@@ -156,7 +156,7 @@ static void device_id_check(const char *modname, const char *device_id,
- unsigned long size, unsigned long id_size,
- void *symval)
- {
-- int i;
-+ unsigned int i;
-
- if (size % id_size || size < id_size) {
- fatal("%s: sizeof(struct %s_device_id)=%lu is not a modulo "
-@@ -185,7 +185,7 @@ static void device_id_check(const char *modname, const char *device_id,
- /* USB is special because the bcdDevice can be matched against a numeric range */
- /* Looks like "usb:vNpNdNdcNdscNdpNicNiscNipNinN" */
- static void do_usb_entry(void *symval,
-- unsigned int bcdDevice_initial, int bcdDevice_initial_digits,
-+ unsigned int bcdDevice_initial, unsigned int bcdDevice_initial_digits,
- unsigned char range_lo, unsigned char range_hi,
- unsigned char max, struct module *mod)
- {
-@@ -295,7 +295,7 @@ static void do_usb_entry_multi(void *symval, struct module *mod)
- {
- unsigned int devlo, devhi;
- unsigned char chi, clo, max;
-- int ndigits;
-+ unsigned int ndigits;
-
- DEF_FIELD(symval, usb_device_id, match_flags);
- DEF_FIELD(symval, usb_device_id, idVendor);
-@@ -619,7 +619,7 @@ static void do_pnp_device_entry(void *symval, unsigned long size,
- for (i = 0; i < count; i++) {
- DEF_FIELD_ADDR(symval + i*id_size, pnp_device_id, id);
- char acpi_id[sizeof(*id)];
-- int j;
-+ unsigned int j;
-
- buf_printf(&mod->dev_table_buf,
- "MODULE_ALIAS(\"pnp:d%s*\");\n", *id);
-@@ -648,7 +648,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size,
-
- for (j = 0; j < PNP_MAX_DEVICES; j++) {
- const char *id = (char *)(*devs)[j].id;
-- int i2, j2;
-+ unsigned int i2, j2;
- int dup = 0;
-
- if (!id[0])
-@@ -674,7 +674,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size,
- /* add an individual alias for every device entry */
- if (!dup) {
- char acpi_id[PNP_ID_LEN];
-- int k;
-+ unsigned int k;
-
- buf_printf(&mod->dev_table_buf,
- "MODULE_ALIAS(\"pnp:d%s*\");\n", id);
-@@ -999,7 +999,7 @@ static void dmi_ascii_filter(char *d, const char *s)
- static int do_dmi_entry(const char *filename, void *symval,
- char *alias)
- {
-- int i, j;
-+ unsigned int i, j;
- DEF_FIELD_ADDR(symval, dmi_system_id, matches);
- sprintf(alias, "dmi*");
-
-diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
-index 48958d3..d5ccb52 100644
---- a/scripts/mod/modpost.c
-+++ b/scripts/mod/modpost.c
-@@ -37,6 +37,7 @@ static int vmlinux_section_warnings = 1;
- static int warn_unresolved = 0;
- /* How a symbol is exported */
- static int sec_mismatch_count = 0;
-+static int writable_fptr_count = 0;
- static int sec_mismatch_verbose = 1;
- static int sec_mismatch_fatal = 0;
- /* ignore missing files */
-@@ -947,6 +948,7 @@ enum mismatch {
- ANY_EXIT_TO_ANY_INIT,
- EXPORT_TO_INIT_EXIT,
- EXTABLE_TO_NON_TEXT,
-+ DATA_TO_TEXT
- };
-
- /**
-@@ -1073,6 +1075,12 @@ static const struct sectioncheck sectioncheck[] = {
- .good_tosec = {ALL_TEXT_SECTIONS , NULL},
- .mismatch = EXTABLE_TO_NON_TEXT,
- .handler = extable_mismatch_handler,
-+},
-+/* Do not reference code from writable data */
-+{
-+ .fromsec = { DATA_SECTIONS, NULL },
-+ .bad_tosec = { ALL_TEXT_SECTIONS, NULL },
-+ .mismatch = DATA_TO_TEXT
- }
- };
-
-@@ -1222,10 +1230,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr,
- continue;
- if (ELF_ST_TYPE(sym->st_info) == STT_SECTION)
- continue;
-- if (sym->st_value == addr)
-- return sym;
- /* Find a symbol nearby - addr are maybe negative */
- d = sym->st_value - addr;
-+ if (d == 0)
-+ return sym;
- if (d < 0)
- d = addr - sym->st_value;
- if (d < distance) {
-@@ -1384,7 +1392,11 @@ static void report_sec_mismatch(const char *modname,
- char *prl_from;
- char *prl_to;
-
-- sec_mismatch_count++;
-+ if (mismatch->mismatch == DATA_TO_TEXT)
-+ writable_fptr_count++;
-+ else
-+ sec_mismatch_count++;
-+
- if (!sec_mismatch_verbose)
- return;
-
-@@ -1508,6 +1520,14 @@ static void report_sec_mismatch(const char *modname,
- fatal("There's a special handler for this mismatch type, "
- "we should never get here.");
- break;
-+ case DATA_TO_TEXT:
-+#if 0
-+ fprintf(stderr,
-+ "The %s %s:%s references\n"
-+ "the %s %s:%s%s\n",
-+ from, fromsec, fromsym, to, tosec, tosym, to_p);
-+#endif
-+ break;
- }
- fprintf(stderr, "\n");
- }
-@@ -1897,7 +1917,7 @@ static void section_rel(const char *modname, struct elf_info *elf,
- static void check_sec_ref(struct module *mod, const char *modname,
- struct elf_info *elf)
- {
-- int i;
-+ unsigned int i;
- Elf_Shdr *sechdrs = elf->sechdrs;
-
- /* Walk through all sections */
-@@ -2028,7 +2048,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf,
- va_end(ap);
- }
-
--void buf_write(struct buffer *buf, const char *s, int len)
-+void buf_write(struct buffer *buf, const char *s, unsigned int len)
- {
- if (buf->size - buf->pos < len) {
- buf->size += len + SZ;
-@@ -2258,7 +2278,7 @@ static void write_if_changed(struct buffer *b, const char *fname)
- if (fstat(fileno(file), &st) < 0)
- goto close_write;
-
-- if (st.st_size != b->pos)
-+ if (st.st_size != (off_t)b->pos)
- goto close_write;
-
- tmp = NOFAIL(malloc(b->pos));
-@@ -2496,6 +2516,14 @@ int main(int argc, char **argv)
- "Set CONFIG_SECTION_MISMATCH_WARN_ONLY=y to allow them.\n");
- }
- }
-+ if (writable_fptr_count) {
-+ if (!sec_mismatch_verbose) {
-+ warn("modpost: Found %d writable function pointer(s).\n"
-+ "To see full details build your kernel with:\n"
-+ "'make CONFIG_DEBUG_SECTION_MISMATCH=y'\n",
-+ writable_fptr_count);
-+ }
-+ }
-
- return err;
- }
-diff --git a/scripts/mod/modpost.h b/scripts/mod/modpost.h
-index 6a5e151..f2fbaf5 100644
---- a/scripts/mod/modpost.h
-+++ b/scripts/mod/modpost.h
-@@ -98,15 +98,15 @@ void *do_nofail(void *ptr, const char *expr);
-
- struct buffer {
- char *p;
-- int pos;
-- int size;
-+ unsigned int pos;
-+ unsigned int size;
- };
-
- void __attribute__((format(printf, 2, 3)))
- buf_printf(struct buffer *buf, const char *fmt, ...);
-
- void
--buf_write(struct buffer *buf, const char *s, int len);
-+buf_write(struct buffer *buf, const char *s, unsigned int len);
-
- struct module {
- struct module *next;
-diff --git a/scripts/mod/sumversion.c b/scripts/mod/sumversion.c
-index 944418d..15291e4 100644
---- a/scripts/mod/sumversion.c
-+++ b/scripts/mod/sumversion.c
-@@ -470,7 +470,7 @@ static void write_version(const char *filename, const char *sum,
- goto out;
- }
-
-- if (write(fd, sum, strlen(sum)+1) != strlen(sum)+1) {
-+ if (write(fd, sum, strlen(sum)+1) != (ssize_t)strlen(sum)+1) {
- warn("writing sum in %s failed: %s\n",
- filename, strerror(errno));
- goto out;
-diff --git a/scripts/module-common.lds b/scripts/module-common.lds
-index 73a2c7d..df11b31 100644
---- a/scripts/module-common.lds
-+++ b/scripts/module-common.lds
-@@ -6,6 +6,10 @@
- SECTIONS {
- /DISCARD/ : { *(.discard) }
-
-+ .rodata 0: {
-+ *(.rodata) *(.rodata.*)
-+ *(.data..read_only)
-+ }
- __ksymtab 0 : { *(SORT(___ksymtab+*)) }
- __ksymtab_gpl 0 : { *(SORT(___ksymtab_gpl+*)) }
- __ksymtab_unused 0 : { *(SORT(___ksymtab_unused+*)) }
-diff --git a/scripts/package/Makefile b/scripts/package/Makefile
-index c2c7389..81b8117 100644
---- a/scripts/package/Makefile
-+++ b/scripts/package/Makefile
-@@ -40,7 +40,7 @@ if test "$(objtree)" != "$(srctree)"; then \
- fi ; \
- $(srctree)/scripts/setlocalversion --save-scmversion; \
- ln -sf $(srctree) $(2); \
--tar -cz $(RCS_TAR_IGNORE) -f $(2).tar.gz \
-+tar --owner=root --group=root -cz $(RCS_TAR_IGNORE) -f $(2).tar.gz \
- $(addprefix $(2)/,$(TAR_CONTENT) $(3)); \
- rm -f $(2) $(objtree)/.scmversion
-
-diff --git a/scripts/package/builddeb b/scripts/package/builddeb
-index 6c3b038..54e0b5e 100755
---- a/scripts/package/builddeb
-+++ b/scripts/package/builddeb
-@@ -326,6 +326,7 @@ fi
- (cd $srctree; find arch/$SRCARCH -name module.lds -o -name Kbuild.platforms -o -name Platform) >> "$objtree/debian/hdrsrcfiles"
- (cd $srctree; find $(find arch/$SRCARCH -name include -o -name scripts -type d) -type f) >> "$objtree/debian/hdrsrcfiles"
- (cd $objtree; find arch/$SRCARCH/include Module.symvers include scripts -type f) >> "$objtree/debian/hdrobjfiles"
-+(cd $objtree; find tools/gcc -name \*.so -o -name gcc-common.h) >> "$objtree/debian/hdrobjfiles"
- destdir=$kernel_headers_dir/usr/src/linux-headers-$version
- mkdir -p "$destdir"
- (cd $srctree; tar -c -f - -T -) < "$objtree/debian/hdrsrcfiles" | (cd $destdir; tar -xf -)
-diff --git a/scripts/package/mkspec b/scripts/package/mkspec
-index fe44d68..3874acb 100755
---- a/scripts/package/mkspec
-+++ b/scripts/package/mkspec
-@@ -120,29 +120,40 @@ echo 'rm -f $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE/{build,source}"
- echo "mkdir -p "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE"
- echo "EXCLUDES=\"$RCS_TAR_IGNORE --exclude .tmp_versions --exclude=*vmlinux* --exclude=*.o --exclude=*.ko --exclude=*.cmd --exclude=Documentation --exclude=firmware --exclude .config.old --exclude .missing-syscalls.d\""
- echo "tar "'$EXCLUDES'" -cf- . | (cd "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE;tar xvf -)"
--echo 'cd $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE"
--echo "ln -sf /usr/src/kernels/$KERNELRELEASE build"
--echo "ln -sf /usr/src/kernels/$KERNELRELEASE source"
- fi
-
- echo ""
- echo "%clean"
- echo 'rm -rf $RPM_BUILD_ROOT'
- echo ""
-+echo "%pre"
-+echo 'chmod -f 0500 /boot'
-+echo 'if [ -d /lib/modules ]; then'
-+echo 'chmod -f 0500 /lib/modules'
-+echo 'fi'
-+echo 'if [ -d /lib32/modules ]; then'
-+echo 'chmod -f 0500 /lib32/modules'
-+echo 'fi'
-+echo 'if [ -d /lib64/modules ]; then'
-+echo 'chmod -f 0500 /lib64/modules'
-+echo 'fi'
-+echo ""
-+echo "%post devel"
-+echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/build"
-+echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/source"
-+echo ""
- echo "%post"
--echo "if [ -x /sbin/installkernel -a -r /boot/vmlinuz-$KERNELRELEASE -a -r /boot/System.map-$KERNELRELEASE ]; then"
--echo "cp /boot/vmlinuz-$KERNELRELEASE /boot/.vmlinuz-$KERNELRELEASE-rpm"
--echo "cp /boot/System.map-$KERNELRELEASE /boot/.System.map-$KERNELRELEASE-rpm"
--echo "rm -f /boot/vmlinuz-$KERNELRELEASE /boot/System.map-$KERNELRELEASE"
--echo "/sbin/installkernel $KERNELRELEASE /boot/.vmlinuz-$KERNELRELEASE-rpm /boot/.System.map-$KERNELRELEASE-rpm"
--echo "rm -f /boot/.vmlinuz-$KERNELRELEASE-rpm /boot/.System.map-$KERNELRELEASE-rpm"
-+echo "if [ -x /sbin/dracut ]; then"
-+echo '/sbin/new-kernel-pkg --dracut --mkinitrd --depmod --install --make-default '"$KERNELRELEASE"' || exit $?'
-+echo "else"
-+echo '/sbin/new-kernel-pkg --mkinitrd --depmod --install --make-default '"$KERNELRELEASE"' || exit $?'
- echo "fi"
- echo ""
- echo "%files"
--echo '%defattr (-, root, root)'
--echo "/lib/modules/$KERNELRELEASE"
-+echo '%defattr (400, root, root, 500)'
- echo "%exclude /lib/modules/$KERNELRELEASE/build"
- echo "%exclude /lib/modules/$KERNELRELEASE/source"
-+echo "/lib/modules/$KERNELRELEASE"
- echo "/lib/firmware/$KERNELRELEASE"
- echo "/boot/*"
- echo ""
-@@ -152,9 +163,11 @@ echo "/usr/include"
- echo ""
- if ! $PREBUILT; then
- echo "%files devel"
--echo '%defattr (-, root, root)'
-+echo '%defattr (400, root, root, 500)'
-+echo "%dir /lib/modules/$KERNELRELEASE"
- echo "/usr/src/kernels/$KERNELRELEASE"
--echo "/lib/modules/$KERNELRELEASE/build"
--echo "/lib/modules/$KERNELRELEASE/source"
-+echo "%attr (500, root, root) /usr/src/kernels/$KERNELRELEASE/scripts/recordmcount"
-+echo "%attr (500, root, root) /usr/src/kernels/$KERNELRELEASE/scripts/basic/fixdep"
-+echo "%attr (500, root, root) /usr/src/kernels/$KERNELRELEASE/scripts/mod/modpost"
- echo ""
- fi
-diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c
-index 4718d78..9220d58 100644
---- a/scripts/pnmtologo.c
-+++ b/scripts/pnmtologo.c
-@@ -244,14 +244,14 @@ static void write_header(void)
- fprintf(out, " * Linux logo %s\n", logoname);
- fputs(" */\n\n", out);
- fputs("#include <linux/linux_logo.h>\n\n", out);
-- fprintf(out, "static unsigned char %s_data[] __initdata = {\n",
-+ fprintf(out, "static unsigned char %s_data[] = {\n",
- logoname);
- }
-
- static void write_footer(void)
- {
- fputs("\n};\n\n", out);
-- fprintf(out, "const struct linux_logo %s __initconst = {\n", logoname);
-+ fprintf(out, "const struct linux_logo %s = {\n", logoname);
- fprintf(out, "\t.type\t\t= %s,\n", logo_types[logo_type]);
- fprintf(out, "\t.width\t\t= %d,\n", logo_width);
- fprintf(out, "\t.height\t\t= %d,\n", logo_height);
-@@ -381,7 +381,7 @@ static void write_logo_clut224(void)
- fputs("\n};\n\n", out);
-
- /* write logo clut */
-- fprintf(out, "static unsigned char %s_clut[] __initdata = {\n",
-+ fprintf(out, "static unsigned char %s_clut[] = {\n",
- logoname);
- write_hex_cnt = 0;
- for (i = 0; i < logo_clutsize; i++) {
-diff --git a/scripts/sortextable.h b/scripts/sortextable.h
-index ba87004..3f4852c 100644
---- a/scripts/sortextable.h
-+++ b/scripts/sortextable.h
-@@ -108,9 +108,9 @@ do_func(Elf_Ehdr *ehdr, char const *const fname, table_sort_t custom_sort)
- const char *secstrtab;
- const char *strtab;
- char *extab_image;
-- int extab_index = 0;
-- int i;
-- int idx;
-+ unsigned int extab_index = 0;
-+ unsigned int i;
-+ unsigned int idx;
- unsigned int num_sections;
- unsigned int secindex_strings;
-
-diff --git a/scripts/tags.sh b/scripts/tags.sh
-index 23ba1c6..cad2484 100755
---- a/scripts/tags.sh
-+++ b/scripts/tags.sh
-@@ -26,7 +26,7 @@ else
- fi
-
- # ignore userspace tools
--ignore="$ignore ( -path ${tree}tools ) -prune -o"
-+ignore="$ignore ( -path \"${tree}tools/[^g]*\" ) -prune -o"
-
- # Find all available archs
- find_all_archs()
-diff --git a/security/Kconfig b/security/Kconfig
-index e452378..4388a35 100644
---- a/security/Kconfig
-+++ b/security/Kconfig
-@@ -4,6 +4,989 @@
-
- menu "Security options"
-
-+menu "Grsecurity"
-+
-+ config ARCH_TRACK_EXEC_LIMIT
-+ bool
-+
-+ config PAX_KERNEXEC_PLUGIN
-+ bool
-+
-+ config PAX_PER_CPU_PGD
-+ bool
-+
-+ config TASK_SIZE_MAX_SHIFT
-+ int
-+ depends on X86_64
-+ default 47 if !PAX_PER_CPU_PGD
-+ default 42 if PAX_PER_CPU_PGD
-+
-+ config PAX_ENABLE_PAE
-+ bool
-+ default y if (X86_32 && (MPENTIUM4 || MK8 || MPSC || MCORE2 || MATOM))
-+
-+ config PAX_USERCOPY_SLABS
-+ bool
-+
-+config GRKERNSEC
-+ bool "Grsecurity"
-+ select CRYPTO
-+ select CRYPTO_SHA256
-+ select PROC_FS
-+ select STOP_MACHINE
-+ select TTY
-+ select DEBUG_KERNEL
-+ select DEBUG_LIST
-+ select MULTIUSER
-+ help
-+ If you say Y here, you will be able to configure many features
-+ that will enhance the security of your system. It is highly
-+ recommended that you say Y here and read through the help
-+ for each option so that you fully understand the features and
-+ can evaluate their usefulness for your machine.
-+
-+choice
-+ prompt "Configuration Method"
-+ depends on GRKERNSEC
-+ default GRKERNSEC_CONFIG_CUSTOM
-+ help
-+
-+config GRKERNSEC_CONFIG_AUTO
-+ bool "Automatic"
-+ help
-+ If you choose this configuration method, you'll be able to answer a small
-+ number of simple questions about how you plan to use this kernel.
-+ The settings of grsecurity and PaX will be automatically configured for
-+ the highest commonly-used settings within the provided constraints.
-+
-+ If you require additional configuration, custom changes can still be made
-+ from the "custom configuration" menu.
-+
-+config GRKERNSEC_CONFIG_CUSTOM
-+ bool "Custom"
-+ help
-+ If you choose this configuration method, you'll be able to configure all
-+ grsecurity and PaX settings manually. Via this method, no options are
-+ automatically enabled.
-+
-+ Take note that if menuconfig is exited with this configuration method
-+ chosen, you will not be able to use the automatic configuration methods
-+ without starting again with a kernel configuration with no grsecurity
-+ or PaX options specified inside.
-+
-+endchoice
-+
-+choice
-+ prompt "Usage Type"
-+ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO)
-+ default GRKERNSEC_CONFIG_SERVER
-+ help
-+
-+config GRKERNSEC_CONFIG_SERVER
-+ bool "Server"
-+ help
-+ Choose this option if you plan to use this kernel on a server.
-+
-+config GRKERNSEC_CONFIG_DESKTOP
-+ bool "Desktop"
-+ help
-+ Choose this option if you plan to use this kernel on a desktop.
-+
-+endchoice
-+
-+choice
-+ prompt "Virtualization Type"
-+ depends on (GRKERNSEC && X86 && GRKERNSEC_CONFIG_AUTO)
-+ default GRKERNSEC_CONFIG_VIRT_NONE
-+ help
-+
-+config GRKERNSEC_CONFIG_VIRT_NONE
-+ bool "None"
-+ help
-+ Choose this option if this kernel will be run on bare metal.
-+
-+config GRKERNSEC_CONFIG_VIRT_GUEST
-+ bool "Guest"
-+ help
-+ Choose this option if this kernel will be run as a VM guest.
-+
-+config GRKERNSEC_CONFIG_VIRT_HOST
-+ bool "Host"
-+ help
-+ Choose this option if this kernel will be run as a VM host.
-+
-+endchoice
-+
-+choice
-+ prompt "Virtualization Hardware"
-+ depends on (GRKERNSEC && X86 && GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_GUEST || GRKERNSEC_CONFIG_VIRT_HOST))
-+ help
-+
-+config GRKERNSEC_CONFIG_VIRT_EPT
-+ bool "EPT/RVI Processor Support"
-+ depends on X86
-+ help
-+ Choose this option if your CPU supports the EPT or RVI features of 2nd-gen
-+ hardware virtualization. This allows for additional kernel hardening protections
-+ to operate without additional performance impact.
-+
-+ To see if your Intel processor supports EPT, see:
-+ http://ark.intel.com/Products/VirtualizationTechnology
-+ (Most Core i3/5/7 support EPT)
-+
-+ To see if your AMD processor supports RVI, see:
-+ http://support.amd.com/us/kbarticles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx
-+
-+config GRKERNSEC_CONFIG_VIRT_SOFT
-+ bool "First-gen/No Hardware Virtualization"
-+ help
-+ Choose this option if you use an Atom/Pentium/Core 2 processor that either doesn't
-+ support hardware virtualization or doesn't support the EPT/RVI extensions.
-+
-+endchoice
-+
-+choice
-+ prompt "Virtualization Software"
-+ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_GUEST || GRKERNSEC_CONFIG_VIRT_HOST))
-+ help
-+
-+config GRKERNSEC_CONFIG_VIRT_XEN
-+ bool "Xen"
-+ help
-+ Choose this option if this kernel is running as a Xen guest or host.
-+
-+config GRKERNSEC_CONFIG_VIRT_VMWARE
-+ bool "VMWare"
-+ help
-+ Choose this option if this kernel is running as a VMWare guest or host.
-+
-+config GRKERNSEC_CONFIG_VIRT_KVM
-+ bool "KVM"
-+ help
-+ Choose this option if this kernel is running as a KVM guest or host.
-+
-+config GRKERNSEC_CONFIG_VIRT_VIRTUALBOX
-+ bool "VirtualBox"
-+ help
-+ Choose this option if this kernel is running as a VirtualBox guest or host.
-+
-+config GRKERNSEC_CONFIG_VIRT_HYPERV
-+ bool "Hyper-V"
-+ help
-+ Choose this option if this kernel is running as a Hyper-V guest.
-+
-+endchoice
-+
-+choice
-+ prompt "Required Priorities"
-+ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO)
-+ default GRKERNSEC_CONFIG_PRIORITY_PERF
-+ help
-+
-+config GRKERNSEC_CONFIG_PRIORITY_PERF
-+ bool "Performance"
-+ help
-+ Choose this option if performance is of highest priority for this deployment
-+ of grsecurity. Features like UDEREF on a 64bit kernel, kernel stack clearing,
-+ clearing of structures intended for userland, and freed memory sanitizing will
-+ be disabled.
-+
-+config GRKERNSEC_CONFIG_PRIORITY_SECURITY
-+ bool "Security"
-+ help
-+ Choose this option if security is of highest priority for this deployment of
-+ grsecurity. UDEREF, kernel stack clearing, clearing of structures intended
-+ for userland, and freed memory sanitizing will be enabled for this kernel.
-+ In a worst-case scenario, these features can introduce a 20% performance hit
-+ (UDEREF on x64 contributing half of this hit).
-+
-+endchoice
-+
-+menu "Default Special Groups"
-+depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO)
-+
-+config GRKERNSEC_PROC_GID
-+ int "GID exempted from /proc restrictions"
-+ default 1001
-+ help
-+ Setting this GID determines which group will be exempted from
-+ grsecurity's /proc restrictions, allowing users of the specified
-+ group to view network statistics and the existence of other users'
-+ processes on the system. This GID may also be chosen at boot time
-+ via "grsec_proc_gid=" on the kernel commandline.
-+
-+config GRKERNSEC_TPE_UNTRUSTED_GID
-+ int "GID for TPE-untrusted users"
-+ depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
-+ default 1005
-+ help
-+ Setting this GID determines which group untrusted users should
-+ be added to. These users will be placed under grsecurity's Trusted Path
-+ Execution mechanism, preventing them from executing their own binaries.
-+ The users will only be able to execute binaries in directories owned and
-+ writable only by the root user. If the sysctl option is enabled, a sysctl
-+ option with name "tpe_gid" is created.
-+
-+config GRKERNSEC_TPE_TRUSTED_GID
-+ int "GID for TPE-trusted users"
-+ depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
-+ default 1005
-+ help
-+ Setting this GID determines what group TPE restrictions will be
-+ *disabled* for. If the sysctl option is enabled, a sysctl option
-+ with name "tpe_gid" is created.
-+
-+config GRKERNSEC_SYMLINKOWN_GID
-+ int "GID for users with kernel-enforced SymlinksIfOwnerMatch"
-+ depends on GRKERNSEC_CONFIG_SERVER
-+ default 1006
-+ help
-+ Setting this GID determines what group kernel-enforced
-+ SymlinksIfOwnerMatch will be enabled for. If the sysctl option
-+ is enabled, a sysctl option with name "symlinkown_gid" is created.
-+
-+
-+endmenu
-+
-+menu "Customize Configuration"
-+depends on GRKERNSEC
-+
-+menu "PaX"
-+
-+config PAX
-+ bool "Enable various PaX features"
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS || PARISC || PPC || SPARC || X86)
-+ help
-+ This allows you to enable various PaX features. PaX adds
-+ intrusion prevention mechanisms to the kernel that reduce
-+ the risks posed by exploitable memory corruption bugs.
-+
-+menu "PaX Control"
-+ depends on PAX
-+
-+config PAX_SOFTMODE
-+ bool 'Support soft mode'
-+ help
-+ Enabling this option will allow you to run PaX in soft mode, that
-+ is, PaX features will not be enforced by default, only on executables
-+ marked explicitly. You must also enable PT_PAX_FLAGS or XATTR_PAX_FLAGS
-+ support as they are the only way to mark executables for soft mode use.
-+
-+ Soft mode can be activated by using the "pax_softmode=1" kernel command
-+ line option on boot. Furthermore you can control various PaX features
-+ at runtime via the entries in /proc/sys/kernel/pax.
-+
-+config PAX_EI_PAX
-+ bool 'Use legacy ELF header marking'
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ help
-+ Enabling this option will allow you to control PaX features on
-+ a per executable basis via the 'chpax' utility available at
-+ http://pax.grsecurity.net/. The control flags will be read from
-+ an otherwise reserved part of the ELF header. This marking has
-+ numerous drawbacks (no support for soft-mode, toolchain does not
-+ know about the non-standard use of the ELF header) therefore it
-+ has been deprecated in favour of PT_PAX_FLAGS and XATTR_PAX_FLAGS
-+ support.
-+
-+ Note that if you enable PT_PAX_FLAGS or XATTR_PAX_FLAGS marking
-+ support as well, they will override the legacy EI_PAX marks.
-+
-+ If you enable none of the marking options then all applications
-+ will run with PaX enabled on them by default.
-+
-+config PAX_PT_PAX_FLAGS
-+ bool 'Use ELF program header marking'
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ help
-+ Enabling this option will allow you to control PaX features on
-+ a per executable basis via the 'paxctl' utility available at
-+ http://pax.grsecurity.net/. The control flags will be read from
-+ a PaX specific ELF program header (PT_PAX_FLAGS). This marking
-+ has the benefits of supporting both soft mode and being fully
-+ integrated into the toolchain (the binutils patch is available
-+ from http://pax.grsecurity.net).
-+
-+ Note that if you enable the legacy EI_PAX marking support as well,
-+ the EI_PAX marks will be overridden by the PT_PAX_FLAGS marks.
-+
-+ If you enable both PT_PAX_FLAGS and XATTR_PAX_FLAGS support then you
-+ must make sure that the marks are the same if a binary has both marks.
-+
-+ If you enable none of the marking options then all applications
-+ will run with PaX enabled on them by default.
-+
-+config PAX_XATTR_PAX_FLAGS
-+ bool 'Use filesystem extended attributes marking'
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ select CIFS_XATTR if CIFS
-+ select EXT2_FS_XATTR if EXT2_FS
-+ select EXT3_FS_XATTR if EXT3_FS
-+ select F2FS_FS_XATTR if F2FS_FS
-+ select JFFS2_FS_XATTR if JFFS2_FS
-+ select REISERFS_FS_XATTR if REISERFS_FS
-+ select SQUASHFS_XATTR if SQUASHFS
-+ select TMPFS_XATTR if TMPFS
-+ help
-+ Enabling this option will allow you to control PaX features on
-+ a per executable basis via the 'setfattr' utility. The control
-+ flags will be read from the user.pax.flags extended attribute of
-+ the file. This marking has the benefit of supporting binary-only
-+ applications that self-check themselves (e.g., skype) and would
-+ not tolerate chpax/paxctl changes. The main drawback is that
-+ extended attributes are not supported by some filesystems (e.g.,
-+ isofs, udf, vfat) so copying files through such filesystems will
-+ lose the extended attributes and these PaX markings.
-+
-+ Note that if you enable the legacy EI_PAX marking support as well,
-+ the EI_PAX marks will be overridden by the XATTR_PAX_FLAGS marks.
-+
-+ If you enable both PT_PAX_FLAGS and XATTR_PAX_FLAGS support then you
-+ must make sure that the marks are the same if a binary has both marks.
-+
-+ If you enable none of the marking options then all applications
-+ will run with PaX enabled on them by default.
-+
-+choice
-+ prompt 'MAC system integration'
-+ default PAX_HAVE_ACL_FLAGS
-+ help
-+ Mandatory Access Control systems have the option of controlling
-+ PaX flags on a per executable basis, choose the method supported
-+ by your particular system.
-+
-+ - "none": if your MAC system does not interact with PaX,
-+ - "direct": if your MAC system defines pax_set_initial_flags() itself,
-+ - "hook": if your MAC system uses the pax_set_initial_flags_func callback.
-+
-+ NOTE: this option is for developers/integrators only.
-+
-+ config PAX_NO_ACL_FLAGS
-+ bool 'none'
-+
-+ config PAX_HAVE_ACL_FLAGS
-+ bool 'direct'
-+
-+ config PAX_HOOK_ACL_FLAGS
-+ bool 'hook'
-+endchoice
-+
-+endmenu
-+
-+menu "Non-executable pages"
-+ depends on PAX
-+
-+config PAX_NOEXEC
-+ bool "Enforce non-executable pages"
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ depends on ALPHA || (ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86
-+ help
-+ By design some architectures do not allow for protecting memory
-+ pages against execution or even if they do, Linux does not make
-+ use of this feature. In practice this means that if a page is
-+ readable (such as the stack or heap) it is also executable.
-+
-+ There is a well known exploit technique that makes use of this
-+ fact and a common programming mistake where an attacker can
-+ introduce code of his choice somewhere in the attacked program's
-+ memory (typically the stack or the heap) and then execute it.
-+
-+ If the attacked program was running with different (typically
-+ higher) privileges than that of the attacker, then he can elevate
-+ his own privilege level (e.g. get a root shell, write to files for
-+ which he does not have write access to, etc).
-+
-+ Enabling this option will let you choose from various features
-+ that prevent the injection and execution of 'foreign' code in
-+ a program.
-+
-+ This will also break programs that rely on the old behaviour and
-+ expect that dynamically allocated memory via the malloc() family
-+ of functions is executable (which it is not). Notable examples
-+ are the XFree86 4.x server, the java runtime and wine.
-+
-+config PAX_PAGEEXEC
-+ bool "Paging based non-executable pages"
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MATOM || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7)
-+ select ARCH_TRACK_EXEC_LIMIT if X86_32
-+ help
-+ This implementation is based on the paging feature of the CPU.
-+ On i386 without hardware non-executable bit support there is a
-+ variable but usually low performance impact, however on Intel's
-+ P4 core based CPUs it is very high so you should not enable this
-+ for kernels meant to be used on such CPUs.
-+
-+ On alpha, avr32, ia64, parisc, sparc, sparc64, x86_64 and i386
-+ with hardware non-executable bit support there is no performance
-+ impact, on ppc the impact is negligible.
-+
-+ Note that several architectures require various emulations due to
-+ badly designed userland ABIs, this will cause a performance impact
-+ but will disappear as soon as userland is fixed. For example, ppc
-+ userland MUST have been built with secure-plt by a recent toolchain.
-+
-+config PAX_SEGMEXEC
-+ bool "Segmentation based non-executable pages"
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ depends on PAX_NOEXEC && X86_32
-+ help
-+ This implementation is based on the segmentation feature of the
-+ CPU and has a very small performance impact, however applications
-+ will be limited to a 1.5 GB address space instead of the normal
-+ 3 GB.
-+
-+config PAX_EMUTRAMP
-+ bool "Emulate trampolines"
-+ default y if PARISC || GRKERNSEC_CONFIG_AUTO
-+ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
-+ help
-+ There are some programs and libraries that for one reason or
-+ another attempt to execute special small code snippets from
-+ non-executable memory pages. Most notable examples are the
-+ signal handler return code generated by the kernel itself and
-+ the GCC trampolines.
-+
-+ If you enabled CONFIG_PAX_PAGEEXEC or CONFIG_PAX_SEGMEXEC then
-+ such programs will no longer work under your kernel.
-+
-+ As a remedy you can say Y here and use the 'chpax' or 'paxctl'
-+ utilities to enable trampoline emulation for the affected programs
-+ yet still have the protection provided by the non-executable pages.
-+
-+ On parisc you MUST enable this option and EMUSIGRT as well, otherwise
-+ your system will not even boot.
-+
-+ Alternatively you can say N here and use the 'chpax' or 'paxctl'
-+ utilities to disable CONFIG_PAX_PAGEEXEC and CONFIG_PAX_SEGMEXEC
-+ for the affected files.
-+
-+ NOTE: enabling this feature *may* open up a loophole in the
-+ protection provided by non-executable pages that an attacker
-+ could abuse. Therefore the best solution is to not have any
-+ files on your system that would require this option. This can
-+ be achieved by not using libc5 (which relies on the kernel
-+ signal handler return code) and not using or rewriting programs
-+ that make use of the nested function implementation of GCC.
-+ Skilled users can just fix GCC itself so that it implements
-+ nested function calls in a way that does not interfere with PaX.
-+
-+config PAX_EMUSIGRT
-+ bool "Automatically emulate sigreturn trampolines"
-+ depends on PAX_EMUTRAMP && PARISC
-+ default y
-+ help
-+ Enabling this option will have the kernel automatically detect
-+ and emulate signal return trampolines executing on the stack
-+ that would otherwise lead to task termination.
-+
-+ This solution is intended as a temporary one for users with
-+ legacy versions of libc (libc5, glibc 2.0, uClibc before 0.9.17,
-+ Modula-3 runtime, etc) or executables linked to such, basically
-+ everything that does not specify its own SA_RESTORER function in
-+ normal executable memory like glibc 2.1+ does.
-+
-+ On parisc you MUST enable this option, otherwise your system will
-+ not even boot.
-+
-+ NOTE: this feature cannot be disabled on a per executable basis
-+ and since it *does* open up a loophole in the protection provided
-+ by non-executable pages, the best solution is to not have any
-+ files on your system that would require this option.
-+
-+config PAX_MPROTECT
-+ bool "Restrict mprotect()"
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC)
-+ help
-+ Enabling this option will prevent programs from
-+ - changing the executable status of memory pages that were
-+ not originally created as executable,
-+ - making read-only executable pages writable again,
-+ - creating executable pages from anonymous memory,
-+ - making read-only-after-relocations (RELRO) data pages writable again.
-+
-+ You should say Y here to complete the protection provided by
-+ the enforcement of non-executable pages.
-+
-+ NOTE: you can use the 'chpax' or 'paxctl' utilities to control
-+ this feature on a per file basis.
-+
-+config PAX_MPROTECT_COMPAT
-+ bool "Use legacy/compat protection demoting (read help)"
-+ depends on PAX_MPROTECT
-+ default n
-+ help
-+ The current implementation of PAX_MPROTECT denies RWX allocations/mprotects
-+ by sending the proper error code to the application. For some older
-+ userland, this can cause problems with applications that assume such
-+ allocations will not be prevented by PaX or SELinux and other access
-+ control systems and have no fallback mechanisms. For modern distros,
-+ this option should generally be set to 'N'.
-+
-+config PAX_ELFRELOCS
-+ bool "Allow ELF text relocations (read help)"
-+ depends on PAX_MPROTECT
-+ default n
-+ help
-+ Non-executable pages and mprotect() restrictions are effective
-+ in preventing the introduction of new executable code into an
-+ attacked task's address space. There remain only two venues
-+ for this kind of attack: if the attacker can execute already
-+ existing code in the attacked task then he can either have it
-+ create and mmap() a file containing his code or have it mmap()
-+ an already existing ELF library that does not have position
-+ independent code in it and use mprotect() on it to make it
-+ writable and copy his code there. While protecting against
-+ the former approach is beyond PaX, the latter can be prevented
-+ by having only PIC ELF libraries on one's system (which do not
-+ need to relocate their code). If you are sure this is your case,
-+ as is the case with all modern Linux distributions, then leave
-+ this option disabled. You should say 'n' here.
-+
-+config PAX_ETEXECRELOCS
-+ bool "Allow ELF ET_EXEC text relocations"
-+ depends on PAX_MPROTECT && (ALPHA || IA64 || PARISC)
-+ select PAX_ELFRELOCS
-+ default y
-+ help
-+ On some architectures there are incorrectly created applications
-+ that require text relocations and would not work without enabling
-+ this option. If you are an alpha, ia64 or parisc user, you should
-+ enable this option and disable it once you have made sure that
-+ none of your applications need it.
-+
-+config PAX_EMUPLT
-+ bool "Automatically emulate ELF PLT"
-+ depends on PAX_MPROTECT && (ALPHA || PARISC || SPARC)
-+ default y
-+ help
-+ Enabling this option will have the kernel automatically detect
-+ and emulate the Procedure Linkage Table entries in ELF files.
-+ On some architectures such entries are in writable memory, and
-+ become non-executable leading to task termination. Therefore
-+ it is mandatory that you enable this option on alpha, parisc,
-+ sparc and sparc64, otherwise your system would not even boot.
-+
-+ NOTE: this feature *does* open up a loophole in the protection
-+ provided by the non-executable pages, therefore the proper
-+ solution is to modify the toolchain to produce a PLT that does
-+ not need to be writable.
-+
-+config PAX_DLRESOLVE
-+ bool 'Emulate old glibc resolver stub'
-+ depends on PAX_EMUPLT && SPARC
-+ default n
-+ help
-+ This option is needed if userland has an old glibc (before 2.4)
-+ that puts a 'save' instruction into the runtime generated resolver
-+ stub that needs special emulation.
-+
-+config PAX_KERNEXEC
-+ bool "Enforce non-executable kernel pages"
-+ default y if GRKERNSEC_CONFIG_AUTO && (!X86 || GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM))
-+ depends on (X86 || (ARM && (CPU_V6 || CPU_V6K || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN
-+ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
-+ select PAX_KERNEXEC_PLUGIN if X86_64
-+ select ARM_KERNMEM_PERMS if ARM
-+ help
-+ This is the kernel land equivalent of PAGEEXEC and MPROTECT,
-+ that is, enabling this option will make it harder to inject
-+ and execute 'foreign' code in kernel memory itself.
-+
-+ Note that on amd64, CONFIG_EFI enabled with "efi=old_map" on
-+ the kernel command-line will result in an RWX physical map.
-+
-+ Likewise, the EFI runtime services are necessarily mapped as
-+ RWX. If CONFIG_EFI is enabled on an EFI-capable system, it
-+ is recommended that you boot with "noefi" on the kernel
-+ command-line if possible to eliminate the mapping.
-+
-+choice
-+ prompt "Return Address Instrumentation Method"
-+ default PAX_KERNEXEC_PLUGIN_METHOD_BTS
-+ depends on PAX_KERNEXEC_PLUGIN
-+ help
-+ Select the method used to instrument function pointer dereferences.
-+ Note that binary modules cannot be instrumented by this approach.
-+
-+ Note that the implementation requires a gcc with plugin support,
-+ i.e., gcc 4.5 or newer. You may need to install the supporting
-+ headers explicitly in addition to the normal gcc package.
-+
-+ config PAX_KERNEXEC_PLUGIN_METHOD_BTS
-+ bool "bts"
-+ help
-+ This method is compatible with binary only modules but has
-+ a higher runtime overhead.
-+
-+ config PAX_KERNEXEC_PLUGIN_METHOD_OR
-+ bool "or"
-+ depends on !PARAVIRT
-+ help
-+ This method is incompatible with binary only modules but has
-+ a lower runtime overhead.
-+endchoice
-+
-+config PAX_KERNEXEC_PLUGIN_METHOD
-+ string
-+ default "bts" if PAX_KERNEXEC_PLUGIN_METHOD_BTS
-+ default "or" if PAX_KERNEXEC_PLUGIN_METHOD_OR
-+ default ""
-+
-+config PAX_KERNEXEC_MODULE_TEXT
-+ int "Minimum amount of memory reserved for module code"
-+ default "8" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER)
-+ default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP)
-+ depends on PAX_KERNEXEC && X86_32
-+ help
-+ Due to implementation details the kernel must reserve a fixed
-+ amount of memory for runtime allocated code (such as modules)
-+ at compile time that cannot be changed at runtime. Here you
-+ can specify the minimum amount in MB that will be reserved.
-+ Due to the same implementation details this size will always
-+ be rounded up to the next 2/4 MB boundary (depends on PAE) so
-+ the actually available memory for runtime allocated code will
-+ usually be more than this minimum.
-+
-+ The default 4 MB should be enough for most users but if you have
-+ an excessive number of modules (e.g., most distribution configs
-+ compile many drivers as modules) or use huge modules such as
-+ nvidia's kernel driver, you will need to adjust this amount.
-+ A good rule of thumb is to look at your currently loaded kernel
-+ modules and add up their sizes.
-+
-+endmenu
-+
-+menu "Address Space Layout Randomization"
-+ depends on PAX
-+
-+config PAX_ASLR
-+ bool "Address Space Layout Randomization"
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ help
-+ Many if not most exploit techniques rely on the knowledge of
-+ certain addresses in the attacked program. The following options
-+ will allow the kernel to apply a certain amount of randomization
-+ to specific parts of the program thereby forcing an attacker to
-+ guess them in most cases. Any failed guess will most likely crash
-+ the attacked program which allows the kernel to detect such attempts
-+ and react on them. PaX itself provides no reaction mechanisms,
-+ instead it is strongly encouraged that you make use of grsecurity's
-+ (http://www.grsecurity.net/) built-in crash detection features or
-+ develop one yourself.
-+
-+ By saying Y here you can choose to randomize the following areas:
-+ - top of the task's kernel stack
-+ - top of the task's userland stack
-+ - base address for mmap() requests that do not specify one
-+ (this includes all libraries)
-+ - base address of the main executable
-+
-+ It is strongly recommended to say Y here as address space layout
-+ randomization has negligible impact on performance yet it provides
-+ a very effective protection.
-+
-+ NOTE: you can use the 'chpax' or 'paxctl' utilities to control
-+ this feature on a per file basis.
-+
-+config PAX_RANDKSTACK
-+ bool "Randomize kernel stack base"
-+ default y if GRKERNSEC_CONFIG_AUTO && !(GRKERNSEC_CONFIG_VIRT_HOST && GRKERNSEC_CONFIG_VIRT_VIRTUALBOX)
-+ depends on X86_TSC && X86
-+ help
-+ By saying Y here the kernel will randomize every task's kernel
-+ stack on every system call. This will not only force an attacker
-+ to guess it but also prevent him from making use of possible
-+ leaked information about it.
-+
-+ Since the kernel stack is a rather scarce resource, randomization
-+ may cause unexpected stack overflows, therefore you should very
-+ carefully test your system. Note that once enabled in the kernel
-+ configuration, this feature cannot be disabled on a per file basis.
-+
-+config PAX_RANDUSTACK
-+ bool
-+
-+config PAX_RANDMMAP
-+ bool "Randomize user stack and mmap() bases"
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ depends on PAX_ASLR
-+ select PAX_RANDUSTACK
-+ help
-+ By saying Y here the kernel will randomize every task's userland
-+ stack and use a randomized base address for mmap() requests that
-+ do not specify one themselves.
-+
-+ The stack randomization is done in two steps where the second
-+ one may apply a big amount of shift to the top of the stack and
-+ cause problems for programs that want to use lots of memory (more
-+ than 2.5 GB if SEGMEXEC is not active, or 1.25 GB when it is).
-+
-+ As a result of mmap randomization all dynamically loaded libraries
-+ will appear at random addresses and therefore be harder to exploit
-+ by a technique where an attacker attempts to execute library code
-+ for his purposes (e.g. spawn a shell from an exploited program that
-+ is running at an elevated privilege level).
-+
-+ Furthermore, if a program is relinked as a dynamic ELF file, its
-+ base address will be randomized as well, completing the full
-+ randomization of the address space layout. Attacking such programs
-+ becomes a guess game. You can find an example of doing this at
-+ http://pax.grsecurity.net/et_dyn.tar.gz and practical samples at
-+ http://www.grsecurity.net/grsec-gcc-specs.tar.gz .
-+
-+ NOTE: you can use the 'chpax' or 'paxctl' utilities to control this
-+ feature on a per file basis.
-+
-+endmenu
-+
-+menu "Miscellaneous hardening features"
-+
-+config PAX_MEMORY_SANITIZE
-+ bool "Sanitize all freed memory"
-+ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY)
-+ help
-+ By saying Y here the kernel will erase memory pages and slab objects
-+ as soon as they are freed. This in turn reduces the lifetime of data
-+ stored in them, making it less likely that sensitive information such
-+ as passwords, cryptographic secrets, etc stay in memory for too long.
-+
-+ This is especially useful for programs whose runtime is short, long
-+ lived processes and the kernel itself benefit from this as long as
-+ they ensure timely freeing of memory that may hold sensitive
-+ information.
-+
-+ A nice side effect of the sanitization of slab objects is the
-+ reduction of possible info leaks caused by padding bytes within the
-+ leaky structures. Use-after-free bugs for structures containing
-+ pointers can also be detected as dereferencing the sanitized pointer
-+ will generate an access violation.
-+
-+ The tradeoff is performance impact, on a single CPU system kernel
-+ compilation sees a 3% slowdown, other systems and workloads may vary
-+ and you are advised to test this feature on your expected workload
-+ before deploying it.
-+
-+ The slab sanitization feature excludes a few slab caches per default
-+ for performance reasons. To extend the feature to cover those as
-+ well, pass "pax_sanitize_slab=full" as kernel command line parameter.
-+
-+ To reduce the performance penalty by sanitizing pages only, albeit
-+ limiting the effectiveness of this feature at the same time, slab
-+ sanitization can be disabled with the kernel command line parameter
-+ "pax_sanitize_slab=off".
-+
-+ Note that this feature does not protect data stored in live pages,
-+ e.g., process memory swapped to disk may stay there for a long time.
-+
-+config PAX_MEMORY_STACKLEAK
-+ bool "Sanitize kernel stack"
-+ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY)
-+ depends on X86
-+ help
-+ By saying Y here the kernel will erase the kernel stack before it
-+ returns from a system call. This in turn reduces the information
-+ that a kernel stack leak bug can reveal.
-+
-+ Note that such a bug can still leak information that was put on
-+ the stack by the current system call (the one eventually triggering
-+ the bug) but traces of earlier system calls on the kernel stack
-+ cannot leak anymore.
-+
-+ The tradeoff is performance impact: on a single CPU system kernel
-+ compilation sees a 1% slowdown, other systems and workloads may vary
-+ and you are advised to test this feature on your expected workload
-+ before deploying it.
-+
-+ Note that the full feature requires a gcc with plugin support,
-+ i.e., gcc 4.5 or newer. You may need to install the supporting
-+ headers explicitly in addition to the normal gcc package. Using
-+ older gcc versions means that functions with large enough stack
-+ frames may leave uninitialized memory behind that may be exposed
-+ to a later syscall leaking the stack.
-+
-+config PAX_MEMORY_STRUCTLEAK
-+ bool "Forcibly initialize local variables copied to userland"
-+ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY)
-+ help
-+ By saying Y here the kernel will zero initialize some local
-+ variables that are going to be copied to userland. This in
-+ turn prevents unintended information leakage from the kernel
-+ stack should later code forget to explicitly set all parts of
-+ the copied variable.
-+
-+ The tradeoff is less performance impact than PAX_MEMORY_STACKLEAK
-+ at a much smaller coverage.
-+
-+ Note that the implementation requires a gcc with plugin support,
-+ i.e., gcc 4.5 or newer. You may need to install the supporting
-+ headers explicitly in addition to the normal gcc package.
-+
-+config PAX_MEMORY_UDEREF
-+ bool "Prevent invalid userland pointer dereference"
-+ default y if GRKERNSEC_CONFIG_AUTO && !(X86_64 && GRKERNSEC_CONFIG_PRIORITY_PERF) && !(X86_64 && GRKERNSEC_CONFIG_VIRT_HOST && GRKERNSEC_CONFIG_VIRT_VIRTUALBOX) && (!X86 || GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT)
-+ depends on (X86 || (ARM && (CPU_V6 || CPU_V6K || CPU_V7) && !ARM_LPAE)) && !UML_X86 && !XEN
-+ select PAX_PER_CPU_PGD if X86_64
-+ help
-+ By saying Y here the kernel will be prevented from dereferencing
-+ userland pointers in contexts where the kernel expects only kernel
-+ pointers. This is both a useful runtime debugging feature and a
-+ security measure that prevents exploiting a class of kernel bugs.
-+
-+ The tradeoff is that some virtualization solutions may experience
-+ a huge slowdown and therefore you should not enable this feature
-+ for kernels meant to run in such environments. Whether a given VM
-+ solution is affected or not is best determined by simply trying it
-+ out, the performance impact will be obvious right on boot as this
-+ mechanism engages from very early on. A good rule of thumb is that
-+ VMs running on CPUs without hardware virtualization support (i.e.,
-+ the majority of IA-32 CPUs) will likely experience the slowdown.
-+
-+ On X86_64 the kernel will make use of PCID support when available
-+ (Intel's Westmere, Sandy Bridge, etc) for better security (default)
-+ or performance impact. Pass pax_weakuderef on the kernel command
-+ line to choose the latter.
-+
-+config PAX_REFCOUNT
-+ bool "Prevent various kernel object reference counter overflows"
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ depends on GRKERNSEC && ((ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || MIPS || PPC || SPARC64 || X86)
-+ help
-+ By saying Y here the kernel will detect and prevent overflowing
-+ various (but not all) kinds of object reference counters. Such
-+ overflows can normally occur due to bugs only and are often, if
-+ not always, exploitable.
-+
-+ The tradeoff is that data structures protected by an overflowed
-+ refcount will never be freed and therefore will leak memory. Note
-+ that this leak also happens even without this protection but in
-+ that case the overflow can eventually trigger the freeing of the
-+ data structure while it is still being used elsewhere, resulting
-+ in the exploitable situation that this feature prevents.
-+
-+ Since this has a negligible performance impact, you should enable
-+ this feature.
-+
-+config PAX_CONSTIFY_PLUGIN
-+ bool "Automatically constify eligible structures"
-+ default y
-+ depends on !UML && PAX_KERNEXEC
-+ help
-+ By saying Y here the compiler will automatically constify a class
-+ of types that contain only function pointers. This reduces the
-+ kernel's attack surface and also produces a better memory layout.
-+
-+ Note that the implementation requires a gcc with plugin support,
-+ i.e., gcc 4.5 or newer. You may need to install the supporting
-+ headers explicitly in addition to the normal gcc package.
-+
-+ Note that if some code really has to modify constified variables
-+ then the source code will have to be patched to allow it. Examples
-+ can be found in PaX itself (the no_const attribute) and for some
-+ out-of-tree modules at http://www.grsecurity.net/~paxguy1/ .
-+
-+config PAX_USERCOPY
-+ bool "Harden heap object copies between kernel and userland"
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ depends on ARM || IA64 || PPC || SPARC || X86
-+ depends on GRKERNSEC && (SLAB || SLUB || SLOB)
-+ select PAX_USERCOPY_SLABS
-+ help
-+ By saying Y here the kernel will enforce the size of heap objects
-+ when they are copied in either direction between the kernel and
-+ userland, even if only a part of the heap object is copied.
-+
-+ Specifically, this checking prevents information leaking from the
-+ kernel heap during kernel to userland copies (if the kernel heap
-+ object is otherwise fully initialized) and prevents kernel heap
-+ overflows during userland to kernel copies.
-+
-+ Note that the current implementation provides the strictest bounds
-+ checks for the SLUB allocator.
-+
-+ Enabling this option also enables per-slab cache protection against
-+ data in a given cache being copied into/out of via userland
-+ accessors. Though the whitelist of regions will be reduced over
-+ time, it notably protects important data structures like task structs.
-+
-+ If frame pointers are enabled on x86, this option will also restrict
-+ copies into and out of the kernel stack to local variables within a
-+ single frame.
-+
-+ Since this has a negligible performance impact, you should enable
-+ this feature.
-+
-+config PAX_USERCOPY_DEBUG
-+ bool
-+ depends on X86 && PAX_USERCOPY
-+ default n
-+
-+config PAX_SIZE_OVERFLOW
-+ bool "Prevent various integer overflows in function size parameters"
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ help
-+ By saying Y here the kernel recomputes expressions of function
-+ arguments marked by a size_overflow attribute with double integer
-+ precision (DImode/TImode for 32/64 bit integer types).
-+
-+ The recomputed argument is checked against TYPE_MAX and an event
-+ is logged on overflow and the triggering process is killed.
-+
-+ Homepage: https://github.com/ephox-gcc-plugins
-+
-+ Note that the implementation requires a gcc with plugin support,
-+ i.e., gcc 4.5 or newer. You may need to install the supporting
-+ headers explicitly in addition to the normal gcc package.
-+
-+config PAX_LATENT_ENTROPY
-+ bool "Generate some entropy during boot and runtime"
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ help
-+ By saying Y here the kernel will instrument some kernel code to
-+ extract some entropy from both original and artificially created
-+ program state. This will help especially embedded systems where
-+ there is little 'natural' source of entropy normally. The cost
-+ is some slowdown of the boot process and fork and irq processing.
-+
-+ When pax_extra_latent_entropy is passed on the kernel command line,
-+ entropy will be extracted from up to the first 4GB of RAM while the
-+ runtime memory allocator is being initialized. This costs even more
-+ slowdown of the boot process.
-+
-+ Note that the implementation requires a gcc with plugin support,
-+ i.e., gcc 4.5 or newer. You may need to install the supporting
-+ headers explicitly in addition to the normal gcc package.
-+
-+ Note that entropy extracted this way is not cryptographically
-+ secure!
-+
-+config PAX_RAP
-+ bool "Prevent code reuse attacks"
-+ depends on X86_64
-+ default y if GRKERNSEC_CONFIG_AUTO
-+ help
-+ By saying Y here the kernel will check indirect control transfers
-+ in order to detect and prevent attacks that try to hijack control
-+ flow by overwriting code pointers.
-+
-+ Note that binary modules cannot be instrumented by this approach.
-+
-+ Note that the implementation requires a gcc with plugin support,
-+ i.e., gcc 4.5 or newer. You may need to install the supporting
-+ headers explicitly in addition to the normal gcc package.
-+
-+endmenu
-+
-+endmenu
-+
-+source grsecurity/Kconfig
-+
-+endmenu
-+
-+endmenu
-+
- source security/keys/Kconfig
-
- config SECURITY_DMESG_RESTRICT
-@@ -104,7 +1087,7 @@ config INTEL_TXT
- config LSM_MMAP_MIN_ADDR
- int "Low address space for LSM to protect from user allocation"
- depends on SECURITY && SECURITY_SELINUX
-- default 32768 if ARM || (ARM64 && COMPAT)
-+ default 32768 if ALPHA || ARM || (ARM64 && COMPAT) || PARISC || SPARC32
- default 65536
- help
- This is the portion of low virtual memory which should be protected
-diff --git a/security/apparmor/file.c b/security/apparmor/file.c
-index 913f377..6e392d5 100644
---- a/security/apparmor/file.c
-+++ b/security/apparmor/file.c
-@@ -348,8 +348,8 @@ static inline bool xindex_is_subset(u32 link, u32 target)
- int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
- struct path *new_dir, struct dentry *new_dentry)
- {
-- struct path link = { new_dir->mnt, new_dentry };
-- struct path target = { new_dir->mnt, old_dentry };
-+ struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry };
-+ struct path target = { .mnt = new_dir->mnt, .dentry = old_dentry };
- struct path_cond cond = {
- d_backing_inode(old_dentry)->i_uid,
- d_backing_inode(old_dentry)->i_mode
-diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
-index c28b0f2..3b9fee0 100644
---- a/security/apparmor/include/policy.h
-+++ b/security/apparmor/include/policy.h
-@@ -134,7 +134,7 @@ struct aa_namespace {
- struct aa_ns_acct acct;
- struct aa_profile *unconfined;
- struct list_head sub_ns;
-- atomic_t uniq_null;
-+ atomic_unchecked_t uniq_null;
- long uniq_id;
-
- struct dentry *dents[AAFS_NS_SIZEOF];
-diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index dec607c..37fe357 100644
---- a/security/apparmor/lsm.c
-+++ b/security/apparmor/lsm.c
-@@ -176,7 +176,7 @@ static int common_perm_dir_dentry(int op, struct path *dir,
- struct dentry *dentry, u32 mask,
- struct path_cond *cond)
- {
-- struct path path = { dir->mnt, dentry };
-+ struct path path = { .mnt = dir->mnt, .dentry = dentry };
-
- return common_perm(op, &path, mask, cond);
- }
-@@ -193,7 +193,7 @@ static int common_perm_dir_dentry(int op, struct path *dir,
- static int common_perm_mnt_dentry(int op, struct vfsmount *mnt,
- struct dentry *dentry, u32 mask)
- {
-- struct path path = { mnt, dentry };
-+ struct path path = { .mnt = mnt, .dentry = dentry };
- struct path_cond cond = { d_backing_inode(dentry)->i_uid,
- d_backing_inode(dentry)->i_mode
- };
-@@ -315,8 +315,8 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
-
- profile = aa_current_profile();
- if (!unconfined(profile)) {
-- struct path old_path = { old_dir->mnt, old_dentry };
-- struct path new_path = { new_dir->mnt, new_dentry };
-+ struct path old_path = { .mnt = old_dir->mnt, .dentry = old_dentry };
-+ struct path new_path = { .mnt = new_dir->mnt, .dentry = new_dentry };
- struct path_cond cond = { d_backing_inode(old_dentry)->i_uid,
- d_backing_inode(old_dentry)->i_mode
- };
-@@ -677,11 +677,11 @@ static const struct kernel_param_ops param_ops_aalockpolicy = {
- .get = param_get_aalockpolicy
- };
-
--static int param_set_audit(const char *val, struct kernel_param *kp);
--static int param_get_audit(char *buffer, struct kernel_param *kp);
-+static int param_set_audit(const char *val, const struct kernel_param *kp);
-+static int param_get_audit(char *buffer, const struct kernel_param *kp);
-
--static int param_set_mode(const char *val, struct kernel_param *kp);
--static int param_get_mode(char *buffer, struct kernel_param *kp);
-+static int param_set_mode(const char *val, const struct kernel_param *kp);
-+static int param_get_mode(char *buffer, const struct kernel_param *kp);
-
- /* Flag values, also controllable via /sys/module/apparmor/parameters
- * We define special types as we want to do additional mediation.
-@@ -791,7 +791,7 @@ static int param_get_aauint(char *buffer, const struct kernel_param *kp)
- return param_get_uint(buffer, kp);
- }
-
--static int param_get_audit(char *buffer, struct kernel_param *kp)
-+static int param_get_audit(char *buffer, const struct kernel_param *kp)
- {
- if (!capable(CAP_MAC_ADMIN))
- return -EPERM;
-@@ -802,7 +802,7 @@ static int param_get_audit(char *buffer, struct kernel_param *kp)
- return sprintf(buffer, "%s", audit_mode_names[aa_g_audit]);
- }
-
--static int param_set_audit(const char *val, struct kernel_param *kp)
-+static int param_set_audit(const char *val, const struct kernel_param *kp)
- {
- int i;
- if (!capable(CAP_MAC_ADMIN))
-@@ -824,7 +824,7 @@ static int param_set_audit(const char *val, struct kernel_param *kp)
- return -EINVAL;
- }
-
--static int param_get_mode(char *buffer, struct kernel_param *kp)
-+static int param_get_mode(char *buffer, const struct kernel_param *kp)
- {
- if (!capable(CAP_MAC_ADMIN))
- return -EPERM;
-@@ -835,7 +835,7 @@ static int param_get_mode(char *buffer, struct kernel_param *kp)
- return sprintf(buffer, "%s", aa_profile_mode_names[aa_g_profile_mode]);
- }
-
--static int param_set_mode(const char *val, struct kernel_param *kp)
-+static int param_set_mode(const char *val, const struct kernel_param *kp)
- {
- int i;
- if (!capable(CAP_MAC_ADMIN))
-diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index 705c287..81257f1 100644
---- a/security/apparmor/policy.c
-+++ b/security/apparmor/policy.c
-@@ -298,7 +298,7 @@ static struct aa_namespace *alloc_namespace(const char *prefix,
- /* ns and ns->unconfined share ns->unconfined refcount */
- ns->unconfined->ns = ns;
-
-- atomic_set(&ns->uniq_null, 0);
-+ atomic_set_unchecked(&ns->uniq_null, 0);
-
- return ns;
-
-@@ -689,7 +689,7 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat)
- {
- struct aa_profile *profile = NULL;
- char *name;
-- int uniq = atomic_inc_return(&parent->ns->uniq_null);
-+ int uniq = atomic_inc_return_unchecked(&parent->ns->uniq_null);
-
- /* freed below */
- name = kmalloc(strlen(parent->base.hname) + 2 + 7 + 8, GFP_KERNEL);
-diff --git a/security/commoncap.c b/security/commoncap.c
-index 48071ed..b805e0f 100644
---- a/security/commoncap.c
-+++ b/security/commoncap.c
-@@ -438,6 +438,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
- return 0;
- }
-
-+/* returns:
-+ 1 for suid privilege
-+ 2 for sgid privilege
-+ 3 for fscap privilege
-+*/
-+int is_privileged_binary(const struct dentry *dentry)
-+{
-+ struct cpu_vfs_cap_data capdata;
-+ struct inode *inode = dentry->d_inode;
-+
-+ if (!inode || S_ISDIR(inode->i_mode))
-+ return 0;
-+
-+ if (inode->i_mode & S_ISUID)
-+ return 1;
-+ if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))
-+ return 2;
-+
-+ if (!get_vfs_caps_from_disk(dentry, &capdata)) {
-+ if (!cap_isclear(capdata.inheritable) || !cap_isclear(capdata.permitted))
-+ return 3;
-+ }
-+
-+ return 0;
-+}
-+
- /*
- * Attempt to get the on-exec apply capability sets for an executable file from
- * its xattrs and, if present, apply them to the proposed credentials being
-@@ -628,6 +654,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm)
- const struct cred *cred = current_cred();
- kuid_t root_uid = make_kuid(cred->user_ns, 0);
-
-+ if (gr_acl_enable_at_secure())
-+ return 1;
-+
- if (!uid_eq(cred->uid, root_uid)) {
- if (bprm->cap_effective)
- return 1;
-diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
-index 585af61..b7d35ff 100644
---- a/security/integrity/ima/ima.h
-+++ b/security/integrity/ima/ima.h
-@@ -125,8 +125,8 @@ int ima_init_template(void);
- extern spinlock_t ima_queue_lock;
-
- struct ima_h_table {
-- atomic_long_t len; /* number of stored measurements in the list */
-- atomic_long_t violations;
-+ atomic_long_unchecked_t len; /* number of stored measurements in the list */
-+ atomic_long_unchecked_t violations;
- struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE];
- };
- extern struct ima_h_table ima_htable;
-diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
-index 1d950fb..a8f4eab 100644
---- a/security/integrity/ima/ima_api.c
-+++ b/security/integrity/ima/ima_api.c
-@@ -137,7 +137,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
- int result;
-
- /* can overflow, only indicator */
-- atomic_long_inc(&ima_htable.violations);
-+ atomic_long_inc_unchecked(&ima_htable.violations);
-
- result = ima_alloc_init_template(&event_data, &entry);
- if (result < 0) {
-diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
-index f355231..c71f640 100644
---- a/security/integrity/ima/ima_fs.c
-+++ b/security/integrity/ima/ima_fs.c
-@@ -30,12 +30,12 @@ static DEFINE_MUTEX(ima_write_mutex);
- static int valid_policy = 1;
- #define TMPBUFLEN 12
- static ssize_t ima_show_htable_value(char __user *buf, size_t count,
-- loff_t *ppos, atomic_long_t *val)
-+ loff_t *ppos, atomic_long_unchecked_t *val)
- {
- char tmpbuf[TMPBUFLEN];
- ssize_t len;
-
-- len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read(val));
-+ len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read_unchecked(val));
- return simple_read_from_buffer(buf, count, ppos, tmpbuf, len);
- }
-
-diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
-index 552705d..9920f4fb 100644
---- a/security/integrity/ima/ima_queue.c
-+++ b/security/integrity/ima/ima_queue.c
-@@ -83,7 +83,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry)
- INIT_LIST_HEAD(&qe->later);
- list_add_tail_rcu(&qe->later, &ima_measurements);
-
-- atomic_long_inc(&ima_htable.len);
-+ atomic_long_inc_unchecked(&ima_htable.len);
- key = ima_hash_key(entry->digest);
- hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]);
- return 0;
-diff --git a/security/keys/internal.h b/security/keys/internal.h
-index 5105c2c..a5010e6 100644
---- a/security/keys/internal.h
-+++ b/security/keys/internal.h
-@@ -90,12 +90,16 @@ extern void key_type_put(struct key_type *ktype);
-
- extern int __key_link_begin(struct key *keyring,
- const struct keyring_index_key *index_key,
-- struct assoc_array_edit **_edit);
-+ struct assoc_array_edit **_edit)
-+ __acquires(&keyring->sem)
-+ __acquires(&keyring_serialise_link_sem);
- extern int __key_link_check_live_key(struct key *keyring, struct key *key);
- extern void __key_link(struct key *key, struct assoc_array_edit **_edit);
- extern void __key_link_end(struct key *keyring,
- const struct keyring_index_key *index_key,
-- struct assoc_array_edit *edit);
-+ struct assoc_array_edit *edit)
-+ __releases(&keyring->sem)
-+ __releases(&keyring_serialise_link_sem);
-
- extern key_ref_t find_key_to_update(key_ref_t keyring_ref,
- const struct keyring_index_key *index_key);
-@@ -191,7 +195,7 @@ struct request_key_auth {
- void *callout_info;
- size_t callout_len;
- pid_t pid;
--};
-+} __randomize_layout;
-
- extern struct key_type key_type_request_key_auth;
- extern struct key *request_key_auth_new(struct key *target,
-diff --git a/security/keys/key.c b/security/keys/key.c
-index 09ef276..ab2894f 100644
---- a/security/keys/key.c
-+++ b/security/keys/key.c
-@@ -283,7 +283,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
-
- atomic_set(&key->usage, 1);
- init_rwsem(&key->sem);
-- lockdep_set_class(&key->sem, &type->lock_class);
-+ lockdep_set_class(&key->sem, (struct lock_class_key *)&type->lock_class);
- key->index_key.type = type;
- key->user = user;
- key->quotalen = quotalen;
-@@ -1077,7 +1077,9 @@ int register_key_type(struct key_type *ktype)
- struct key_type *p;
- int ret;
-
-- memset(&ktype->lock_class, 0, sizeof(ktype->lock_class));
-+ pax_open_kernel();
-+ memset((void *)&ktype->lock_class, 0, sizeof(ktype->lock_class));
-+ pax_close_kernel();
-
- ret = -EEXIST;
- down_write(&key_types_sem);
-@@ -1089,7 +1091,7 @@ int register_key_type(struct key_type *ktype)
- }
-
- /* store the type */
-- list_add(&ktype->link, &key_types_list);
-+ pax_list_add((struct list_head *)&ktype->link, &key_types_list);
-
- pr_notice("Key type %s registered\n", ktype->name);
- ret = 0;
-@@ -1111,7 +1113,7 @@ EXPORT_SYMBOL(register_key_type);
- void unregister_key_type(struct key_type *ktype)
- {
- down_write(&key_types_sem);
-- list_del_init(&ktype->link);
-+ pax_list_del_init((struct list_head *)&ktype->link);
- downgrade_write(&key_types_sem);
- key_gc_keytype(ktype);
- pr_notice("Key type %s unregistered\n", ktype->name);
-@@ -1129,10 +1131,10 @@ void __init key_init(void)
- 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
-
- /* add the special key types */
-- list_add_tail(&key_type_keyring.link, &key_types_list);
-- list_add_tail(&key_type_dead.link, &key_types_list);
-- list_add_tail(&key_type_user.link, &key_types_list);
-- list_add_tail(&key_type_logon.link, &key_types_list);
-+ pax_list_add_tail((struct list_head *)&key_type_keyring.link, &key_types_list);
-+ pax_list_add_tail((struct list_head *)&key_type_dead.link, &key_types_list);
-+ pax_list_add_tail((struct list_head *)&key_type_user.link, &key_types_list);
-+ pax_list_add_tail((struct list_head *)&key_type_logon.link, &key_types_list);
-
- /* record the root user tracking */
- rb_link_node(&root_key_user.node,
-diff --git a/security/keys/keyring.c b/security/keys/keyring.c
-index f931ccf..ed9cd36 100644
---- a/security/keys/keyring.c
-+++ b/security/keys/keyring.c
-@@ -1071,8 +1071,6 @@ static int keyring_detect_cycle(struct key *A, struct key *B)
- int __key_link_begin(struct key *keyring,
- const struct keyring_index_key *index_key,
- struct assoc_array_edit **_edit)
-- __acquires(&keyring->sem)
-- __acquires(&keyring_serialise_link_sem)
- {
- struct assoc_array_edit *edit;
- int ret;
-@@ -1172,8 +1170,6 @@ void __key_link(struct key *key, struct assoc_array_edit **_edit)
- void __key_link_end(struct key *keyring,
- const struct keyring_index_key *index_key,
- struct assoc_array_edit *edit)
-- __releases(&keyring->sem)
-- __releases(&keyring_serialise_link_sem)
- {
- BUG_ON(index_key->type == NULL);
- kenter("%d,%s,", keyring->serial, index_key->type->name);
-diff --git a/security/min_addr.c b/security/min_addr.c
-index f728728..6457a0c 100644
---- a/security/min_addr.c
-+++ b/security/min_addr.c
-@@ -14,6 +14,7 @@ unsigned long dac_mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
- */
- static void update_mmap_min_addr(void)
- {
-+#ifndef SPARC
- #ifdef CONFIG_LSM_MMAP_MIN_ADDR
- if (dac_mmap_min_addr > CONFIG_LSM_MMAP_MIN_ADDR)
- mmap_min_addr = dac_mmap_min_addr;
-@@ -22,6 +23,7 @@ static void update_mmap_min_addr(void)
- #else
- mmap_min_addr = dac_mmap_min_addr;
- #endif
-+#endif
- }
-
- /*
-diff --git a/security/selinux/avc.c b/security/selinux/avc.c
-index e60c79d..41fb721 100644
---- a/security/selinux/avc.c
-+++ b/security/selinux/avc.c
-@@ -71,7 +71,7 @@ struct avc_xperms_node {
- struct avc_cache {
- struct hlist_head slots[AVC_CACHE_SLOTS]; /* head for avc_node->list */
- spinlock_t slots_lock[AVC_CACHE_SLOTS]; /* lock for writes */
-- atomic_t lru_hint; /* LRU hint for reclaim scan */
-+ atomic_unchecked_t lru_hint; /* LRU hint for reclaim scan */
- atomic_t active_nodes;
- u32 latest_notif; /* latest revocation notification */
- };
-@@ -183,7 +183,7 @@ void __init avc_init(void)
- spin_lock_init(&avc_cache.slots_lock[i]);
- }
- atomic_set(&avc_cache.active_nodes, 0);
-- atomic_set(&avc_cache.lru_hint, 0);
-+ atomic_set_unchecked(&avc_cache.lru_hint, 0);
-
- avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node),
- 0, SLAB_PANIC, NULL);
-@@ -521,7 +521,7 @@ static inline int avc_reclaim_node(void)
- spinlock_t *lock;
-
- for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) {
-- hvalue = atomic_inc_return(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1);
-+ hvalue = atomic_inc_return_unchecked(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1);
- head = &avc_cache.slots[hvalue];
- lock = &avc_cache.slots_lock[hvalue];
-
-diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
-index 1450f85..a91e0bc 100644
---- a/security/selinux/include/xfrm.h
-+++ b/security/selinux/include/xfrm.h
-@@ -48,7 +48,7 @@ static inline void selinux_xfrm_notify_policyload(void)
-
- rtnl_lock();
- for_each_net(net) {
-- atomic_inc(&net->xfrm.flow_cache_genid);
-+ atomic_inc_unchecked(&net->xfrm.flow_cache_genid);
- rt_genid_bump_all(net);
- }
- rtnl_unlock();
-diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
-index 2367b10..a0c3c51 100644
---- a/security/tomoyo/file.c
-+++ b/security/tomoyo/file.c
-@@ -692,7 +692,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path,
- {
- struct tomoyo_request_info r;
- struct tomoyo_obj_info obj = {
-- .path1 = *path,
-+ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
- };
- int error = -ENOMEM;
- struct tomoyo_path_info buf;
-@@ -740,7 +740,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
- struct tomoyo_path_info buf;
- struct tomoyo_request_info r;
- struct tomoyo_obj_info obj = {
-- .path1 = *path,
-+ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
- };
- int idx;
-
-@@ -786,7 +786,7 @@ int tomoyo_path_perm(const u8 operation, const struct path *path, const char *ta
- {
- struct tomoyo_request_info r;
- struct tomoyo_obj_info obj = {
-- .path1 = *path,
-+ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
- };
- int error;
- struct tomoyo_path_info buf;
-@@ -843,7 +843,7 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path,
- {
- struct tomoyo_request_info r;
- struct tomoyo_obj_info obj = {
-- .path1 = *path,
-+ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
- };
- int error = -ENOMEM;
- struct tomoyo_path_info buf;
-@@ -890,8 +890,8 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
- struct tomoyo_path_info buf2;
- struct tomoyo_request_info r;
- struct tomoyo_obj_info obj = {
-- .path1 = *path1,
-- .path2 = *path2,
-+ .path1 = { .mnt = path1->mnt, .dentry = path1->dentry },
-+ .path2 = { .mnt = path2->mnt, .dentry = path2->dentry }
- };
- int idx;
-
-diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
-index 390c646..f2f8db3 100644
---- a/security/tomoyo/mount.c
-+++ b/security/tomoyo/mount.c
-@@ -118,6 +118,10 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r,
- type == tomoyo_mounts[TOMOYO_MOUNT_MOVE]) {
- need_dev = -1; /* dev_name is a directory */
- } else {
-+ if (!capable(CAP_SYS_ADMIN)) {
-+ error = -EPERM;
-+ goto out;
-+ }
- fstype = get_fs_type(type);
- if (!fstype) {
- error = -ENODEV;
-diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
-index cbf3df4..22b11df 100644
---- a/security/tomoyo/tomoyo.c
-+++ b/security/tomoyo/tomoyo.c
-@@ -165,7 +165,7 @@ static int tomoyo_path_truncate(struct path *path)
- */
- static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
- {
-- struct path path = { parent->mnt, dentry };
-+ struct path path = { .mnt = parent->mnt, .dentry = dentry };
- return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
- }
-
-@@ -181,7 +181,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
- static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
- umode_t mode)
- {
-- struct path path = { parent->mnt, dentry };
-+ struct path path = { .mnt = parent->mnt, .dentry = dentry };
- return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
- mode & S_IALLUGO);
- }
-@@ -196,7 +196,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
- */
- static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
- {
-- struct path path = { parent->mnt, dentry };
-+ struct path path = { .mnt = parent->mnt, .dentry = dentry };
- return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
- }
-
-@@ -212,7 +212,7 @@ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
- static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
- const char *old_name)
- {
-- struct path path = { parent->mnt, dentry };
-+ struct path path = { .mnt = parent->mnt, .dentry = dentry };
- return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
- }
-
-@@ -229,7 +229,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
- static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
- umode_t mode, unsigned int dev)
- {
-- struct path path = { parent->mnt, dentry };
-+ struct path path = { .mnt = parent->mnt, .dentry = dentry };
- int type = TOMOYO_TYPE_CREATE;
- const unsigned int perm = mode & S_IALLUGO;
-
-@@ -268,8 +268,8 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
- static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
- struct dentry *new_dentry)
- {
-- struct path path1 = { new_dir->mnt, old_dentry };
-- struct path path2 = { new_dir->mnt, new_dentry };
-+ struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry };
-+ struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry };
- return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
- }
-
-@@ -288,8 +288,8 @@ static int tomoyo_path_rename(struct path *old_parent,
- struct path *new_parent,
- struct dentry *new_dentry)
- {
-- struct path path1 = { old_parent->mnt, old_dentry };
-- struct path path2 = { new_parent->mnt, new_dentry };
-+ struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry };
-+ struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry };
- return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
- }
-
-@@ -417,7 +417,7 @@ static int tomoyo_sb_mount(const char *dev_name, struct path *path,
- */
- static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
- {
-- struct path path = { mnt, mnt->mnt_root };
-+ struct path path = { .mnt = mnt, .dentry = mnt->mnt_root };
- return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
- }
-
-diff --git a/security/yama/Kconfig b/security/yama/Kconfig
-index 90c605e..bf3a29a 100644
---- a/security/yama/Kconfig
-+++ b/security/yama/Kconfig
-@@ -1,6 +1,6 @@
- config SECURITY_YAMA
- bool "Yama support"
-- depends on SECURITY
-+ depends on SECURITY && !GRKERNSEC
- default n
- help
- This selects Yama, which extends DAC support with additional
-diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
-index cb6ed10..fb00554 100644
---- a/security/yama/yama_lsm.c
-+++ b/security/yama/yama_lsm.c
-@@ -357,7 +357,7 @@ static struct security_hook_list yama_hooks[] = {
- static int yama_dointvec_minmax(struct ctl_table *table, int write,
- void __user *buffer, size_t *lenp, loff_t *ppos)
- {
-- struct ctl_table table_copy;
-+ ctl_table_no_const table_copy;
-
- if (write && !capable(CAP_SYS_PTRACE))
- return -EPERM;
-diff --git a/sound/aoa/codecs/onyx.c b/sound/aoa/codecs/onyx.c
-index a04edff..6811b91 100644
---- a/sound/aoa/codecs/onyx.c
-+++ b/sound/aoa/codecs/onyx.c
-@@ -54,7 +54,7 @@ struct onyx {
- spdif_locked:1,
- analog_locked:1,
- original_mute:2;
-- int open_count;
-+ local_t open_count;
- struct codec_info *codec_info;
-
- /* mutex serializes concurrent access to the device
-@@ -747,7 +747,7 @@ static int onyx_open(struct codec_info_item *cii,
- struct onyx *onyx = cii->codec_data;
-
- mutex_lock(&onyx->mutex);
-- onyx->open_count++;
-+ local_inc(&onyx->open_count);
- mutex_unlock(&onyx->mutex);
-
- return 0;
-@@ -759,8 +759,7 @@ static int onyx_close(struct codec_info_item *cii,
- struct onyx *onyx = cii->codec_data;
-
- mutex_lock(&onyx->mutex);
-- onyx->open_count--;
-- if (!onyx->open_count)
-+ if (local_dec_and_test(&onyx->open_count))
- onyx->spdif_locked = onyx->analog_locked = 0;
- mutex_unlock(&onyx->mutex);
-
-diff --git a/sound/aoa/codecs/onyx.h b/sound/aoa/codecs/onyx.h
-index ffd2025..df062c9 100644
---- a/sound/aoa/codecs/onyx.h
-+++ b/sound/aoa/codecs/onyx.h
-@@ -11,6 +11,7 @@
- #include <linux/i2c.h>
- #include <asm/pmac_low_i2c.h>
- #include <asm/prom.h>
-+#include <asm/local.h>
-
- /* PCM3052 register definitions */
-
-diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
-index ebc9fdf..61f491e 100644
---- a/sound/core/oss/pcm_oss.c
-+++ b/sound/core/oss/pcm_oss.c
-@@ -1193,10 +1193,10 @@ snd_pcm_sframes_t snd_pcm_oss_write3(struct snd_pcm_substream *substream, const
- if (in_kernel) {
- mm_segment_t fs;
- fs = snd_enter_user();
-- ret = snd_pcm_lib_write(substream, (void __force __user *)ptr, frames);
-+ ret = snd_pcm_lib_write(substream, (void __force_user *)ptr, frames);
- snd_leave_user(fs);
- } else {
-- ret = snd_pcm_lib_write(substream, (void __force __user *)ptr, frames);
-+ ret = snd_pcm_lib_write(substream, (void __force_user *)ptr, frames);
- }
- if (ret != -EPIPE && ret != -ESTRPIPE)
- break;
-@@ -1236,10 +1236,10 @@ snd_pcm_sframes_t snd_pcm_oss_read3(struct snd_pcm_substream *substream, char *p
- if (in_kernel) {
- mm_segment_t fs;
- fs = snd_enter_user();
-- ret = snd_pcm_lib_read(substream, (void __force __user *)ptr, frames);
-+ ret = snd_pcm_lib_read(substream, (void __force_user *)ptr, frames);
- snd_leave_user(fs);
- } else {
-- ret = snd_pcm_lib_read(substream, (void __force __user *)ptr, frames);
-+ ret = snd_pcm_lib_read(substream, (void __force_user *)ptr, frames);
- }
- if (ret == -EPIPE) {
- if (runtime->status->state == SNDRV_PCM_STATE_DRAINING) {
-@@ -1335,7 +1335,7 @@ static ssize_t snd_pcm_oss_write2(struct snd_pcm_substream *substream, const cha
- struct snd_pcm_plugin_channel *channels;
- size_t oss_frame_bytes = (runtime->oss.plugin_first->src_width * runtime->oss.plugin_first->src_format.channels) / 8;
- if (!in_kernel) {
-- if (copy_from_user(runtime->oss.buffer, (const char __force __user *)buf, bytes))
-+ if (copy_from_user(runtime->oss.buffer, (const char __force_user *)buf, bytes))
- return -EFAULT;
- buf = runtime->oss.buffer;
- }
-@@ -1405,7 +1405,7 @@ static ssize_t snd_pcm_oss_write1(struct snd_pcm_substream *substream, const cha
- }
- } else {
- tmp = snd_pcm_oss_write2(substream,
-- (const char __force *)buf,
-+ (const char __force_kernel *)buf,
- runtime->oss.period_bytes, 0);
- if (tmp <= 0)
- goto err;
-@@ -1431,7 +1431,7 @@ static ssize_t snd_pcm_oss_read2(struct snd_pcm_substream *substream, char *buf,
- struct snd_pcm_runtime *runtime = substream->runtime;
- snd_pcm_sframes_t frames, frames1;
- #ifdef CONFIG_SND_PCM_OSS_PLUGINS
-- char __user *final_dst = (char __force __user *)buf;
-+ char __user *final_dst = (char __force_user *)buf;
- if (runtime->oss.plugin_first) {
- struct snd_pcm_plugin_channel *channels;
- size_t oss_frame_bytes = (runtime->oss.plugin_last->dst_width * runtime->oss.plugin_last->dst_format.channels) / 8;
-@@ -1493,7 +1493,7 @@ static ssize_t snd_pcm_oss_read1(struct snd_pcm_substream *substream, char __use
- xfer += tmp;
- runtime->oss.buffer_used -= tmp;
- } else {
-- tmp = snd_pcm_oss_read2(substream, (char __force *)buf,
-+ tmp = snd_pcm_oss_read2(substream, (char __force_kernel *)buf,
- runtime->oss.period_bytes, 0);
- if (tmp <= 0)
- goto err;
-@@ -1662,7 +1662,7 @@ static int snd_pcm_oss_sync(struct snd_pcm_oss_file *pcm_oss_file)
- size1);
- size1 /= runtime->channels; /* frames */
- fs = snd_enter_user();
-- snd_pcm_lib_write(substream, (void __force __user *)runtime->oss.buffer, size1);
-+ snd_pcm_lib_write(substream, (void __force_user *)runtime->oss.buffer, size1);
- snd_leave_user(fs);
- }
- } else if (runtime->access == SNDRV_PCM_ACCESS_RW_NONINTERLEAVED) {
-diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c
-index 1f64ab0..26a7233 100644
---- a/sound/core/pcm_compat.c
-+++ b/sound/core/pcm_compat.c
-@@ -31,7 +31,7 @@ static int snd_pcm_ioctl_delay_compat(struct snd_pcm_substream *substream,
- int err;
-
- fs = snd_enter_user();
-- err = snd_pcm_delay(substream, &delay);
-+ err = snd_pcm_delay(substream, (snd_pcm_sframes_t __force_user *)&delay);
- snd_leave_user(fs);
- if (err < 0)
- return err;
-diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c
-index 3a9b66c..2b38b21 100644
---- a/sound/core/pcm_lib.c
-+++ b/sound/core/pcm_lib.c
-@@ -1867,8 +1867,9 @@ EXPORT_SYMBOL(snd_pcm_lib_ioctl);
- * Even if more than one periods have elapsed since the last call, you
- * have to call this only once.
- */
--void snd_pcm_period_elapsed(struct snd_pcm_substream *substream)
-+void snd_pcm_period_elapsed(void *_substream)
- {
-+ struct snd_pcm_substream *substream = _substream;
- struct snd_pcm_runtime *runtime;
- unsigned long flags;
-
-diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
-index 9106d8e..e7e2e3c 100644
---- a/sound/core/pcm_native.c
-+++ b/sound/core/pcm_native.c
-@@ -3014,11 +3014,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
- switch (substream->stream) {
- case SNDRV_PCM_STREAM_PLAYBACK:
- result = snd_pcm_playback_ioctl1(NULL, substream, cmd,
-- (void __user *)arg);
-+ (void __force_user *)arg);
- break;
- case SNDRV_PCM_STREAM_CAPTURE:
- result = snd_pcm_capture_ioctl1(NULL, substream, cmd,
-- (void __user *)arg);
-+ (void __force_user *)arg);
- break;
- default:
- result = -EINVAL;
-diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c
-index 795437b..3650746 100644
---- a/sound/core/rawmidi.c
-+++ b/sound/core/rawmidi.c
-@@ -871,9 +871,10 @@ static int snd_rawmidi_control_ioctl(struct snd_card *card,
- *
- * Return: The size of read data, or a negative error code on failure.
- */
--int snd_rawmidi_receive(struct snd_rawmidi_substream *substream,
-- const unsigned char *buffer, int count)
-+int snd_rawmidi_receive(void *_substream, const void *_buffer, int count)
- {
-+ struct snd_rawmidi_substream *substream = _substream;
-+ const unsigned char *buffer = _buffer;
- unsigned long flags;
- int result = 0, count1;
- struct snd_rawmidi_runtime *runtime = substream->runtime;
-diff --git a/sound/core/seq/oss/seq_oss_synth.c b/sound/core/seq/oss/seq_oss_synth.c
-index b16dbef04..8eb05a4 100644
---- a/sound/core/seq/oss/seq_oss_synth.c
-+++ b/sound/core/seq/oss/seq_oss_synth.c
-@@ -653,8 +653,8 @@ snd_seq_oss_synth_info_read(struct snd_info_buffer *buf)
- rec->synth_type, rec->synth_subtype,
- rec->nr_voices);
- snd_iprintf(buf, " capabilities : ioctl %s / load_patch %s\n",
-- enabled_str((long)rec->oper.ioctl),
-- enabled_str((long)rec->oper.load_patch));
-+ enabled_str(!!rec->oper.ioctl),
-+ enabled_str(!!rec->oper.load_patch));
- snd_use_lock_free(&rec->use_lock);
- }
- }
-diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c
-index 58e79e0..19751d1 100644
---- a/sound/core/seq/seq_clientmgr.c
-+++ b/sound/core/seq/seq_clientmgr.c
-@@ -416,7 +416,7 @@ static ssize_t snd_seq_read(struct file *file, char __user *buf, size_t count,
- if (!client->accept_input || (fifo = client->data.user.fifo) == NULL)
- return -ENXIO;
-
-- if (atomic_read(&fifo->overflow) > 0) {
-+ if (atomic_read_unchecked(&fifo->overflow) > 0) {
- /* buffer overflow is detected */
- snd_seq_fifo_clear(fifo);
- /* return error code */
-@@ -446,7 +446,7 @@ static ssize_t snd_seq_read(struct file *file, char __user *buf, size_t count,
- count -= sizeof(struct snd_seq_event);
- buf += sizeof(struct snd_seq_event);
- err = snd_seq_expand_var_event(&cell->event, count,
-- (char __force *)buf, 0,
-+ (char __force_kernel *)buf, 0,
- sizeof(struct snd_seq_event));
- if (err < 0)
- break;
-@@ -1062,13 +1062,13 @@ static ssize_t snd_seq_write(struct file *file, const char __user *buf,
- }
- /* set user space pointer */
- event.data.ext.len = extlen | SNDRV_SEQ_EXT_USRPTR;
-- event.data.ext.ptr = (char __force *)buf
-+ event.data.ext.ptr = (char __force_kernel *)buf
- + sizeof(struct snd_seq_event);
- len += extlen; /* increment data length */
- } else {
- #ifdef CONFIG_COMPAT
- if (client->convert32 && snd_seq_ev_is_varusr(&event)) {
-- void *ptr = (void __force *)compat_ptr(event.data.raw32.d[1]);
-+ void *ptr = (void __force_kernel *)compat_ptr(event.data.raw32.d[1]);
- event.data.ext.ptr = ptr;
- }
- #endif
-@@ -2423,7 +2423,7 @@ int snd_seq_kernel_client_ctl(int clientid, unsigned int cmd, void *arg)
- if (client == NULL)
- return -ENXIO;
- fs = snd_enter_user();
-- result = snd_seq_do_ioctl(client, cmd, (void __force __user *)arg);
-+ result = snd_seq_do_ioctl(client, cmd, (void __force_user *)arg);
- snd_leave_user(fs);
- return result;
- }
-diff --git a/sound/core/seq/seq_compat.c b/sound/core/seq/seq_compat.c
-index 6517590..9905cee 100644
---- a/sound/core/seq/seq_compat.c
-+++ b/sound/core/seq/seq_compat.c
-@@ -60,7 +60,7 @@ static int snd_seq_call_port_info_ioctl(struct snd_seq_client *client, unsigned
- data->kernel = NULL;
-
- fs = snd_enter_user();
-- err = snd_seq_do_ioctl(client, cmd, data);
-+ err = snd_seq_do_ioctl(client, cmd, (void __force_user *)data);
- snd_leave_user(fs);
- if (err < 0)
- goto error;
-diff --git a/sound/core/seq/seq_fifo.c b/sound/core/seq/seq_fifo.c
-index 1d5acbe..5f55223 100644
---- a/sound/core/seq/seq_fifo.c
-+++ b/sound/core/seq/seq_fifo.c
-@@ -50,7 +50,7 @@ struct snd_seq_fifo *snd_seq_fifo_new(int poolsize)
- spin_lock_init(&f->lock);
- snd_use_lock_init(&f->use_lock);
- init_waitqueue_head(&f->input_sleep);
-- atomic_set(&f->overflow, 0);
-+ atomic_set_unchecked(&f->overflow, 0);
-
- f->head = NULL;
- f->tail = NULL;
-@@ -96,7 +96,7 @@ void snd_seq_fifo_clear(struct snd_seq_fifo *f)
- unsigned long flags;
-
- /* clear overflow flag */
-- atomic_set(&f->overflow, 0);
-+ atomic_set_unchecked(&f->overflow, 0);
-
- snd_use_lock_sync(&f->use_lock);
- spin_lock_irqsave(&f->lock, flags);
-@@ -123,7 +123,7 @@ int snd_seq_fifo_event_in(struct snd_seq_fifo *f,
- err = snd_seq_event_dup(f->pool, event, &cell, 1, NULL); /* always non-blocking */
- if (err < 0) {
- if ((err == -ENOMEM) || (err == -EAGAIN))
-- atomic_inc(&f->overflow);
-+ atomic_inc_unchecked(&f->overflow);
- snd_use_lock_free(&f->use_lock);
- return err;
- }
-diff --git a/sound/core/seq/seq_fifo.h b/sound/core/seq/seq_fifo.h
-index 062c446..a4b6f4c 100644
---- a/sound/core/seq/seq_fifo.h
-+++ b/sound/core/seq/seq_fifo.h
-@@ -35,7 +35,7 @@ struct snd_seq_fifo {
- spinlock_t lock;
- snd_use_lock_t use_lock;
- wait_queue_head_t input_sleep;
-- atomic_t overflow;
-+ atomic_unchecked_t overflow;
-
- };
-
-diff --git a/sound/core/seq/seq_memory.c b/sound/core/seq/seq_memory.c
-index c850345..ec0a853 100644
---- a/sound/core/seq/seq_memory.c
-+++ b/sound/core/seq/seq_memory.c
-@@ -87,7 +87,7 @@ int snd_seq_dump_var_event(const struct snd_seq_event *event,
-
- if (event->data.ext.len & SNDRV_SEQ_EXT_USRPTR) {
- char buf[32];
-- char __user *curptr = (char __force __user *)event->data.ext.ptr;
-+ char __user *curptr = (char __force_user *)event->data.ext.ptr;
- while (len > 0) {
- int size = sizeof(buf);
- if (len < size)
-@@ -126,15 +126,19 @@ EXPORT_SYMBOL(snd_seq_dump_var_event);
- * expand the variable length event to linear buffer space.
- */
-
--static int seq_copy_in_kernel(char **bufptr, const void *src, int size)
-+static int seq_copy_in_kernel(void *_bufptr, const void *src, int size)
- {
-+ char **bufptr = (char **)_bufptr;
-+
- memcpy(*bufptr, src, size);
- *bufptr += size;
- return 0;
- }
-
--static int seq_copy_in_user(char __user **bufptr, const void *src, int size)
-+static int seq_copy_in_user(void *_bufptr, const void *src, int size)
- {
-+ char __user **bufptr = (char __user **)_bufptr;
-+
- if (copy_to_user(*bufptr, src, size))
- return -EFAULT;
- *bufptr += size;
-@@ -158,13 +162,13 @@ int snd_seq_expand_var_event(const struct snd_seq_event *event, int count, char
- if (event->data.ext.len & SNDRV_SEQ_EXT_USRPTR) {
- if (! in_kernel)
- return -EINVAL;
-- if (copy_from_user(buf, (void __force __user *)event->data.ext.ptr, len))
-+ if (copy_from_user(buf, (void __force_user *)event->data.ext.ptr, len))
- return -EFAULT;
- return newlen;
- }
- err = snd_seq_dump_var_event(event,
-- in_kernel ? (snd_seq_dump_func_t)seq_copy_in_kernel :
-- (snd_seq_dump_func_t)seq_copy_in_user,
-+ in_kernel ? seq_copy_in_kernel :
-+ seq_copy_in_user,
- &buf);
- return err < 0 ? err : newlen;
- }
-@@ -344,7 +348,7 @@ int snd_seq_event_dup(struct snd_seq_pool *pool, struct snd_seq_event *event,
- tmp->event = src->event;
- src = src->next;
- } else if (is_usrptr) {
-- if (copy_from_user(&tmp->event, (char __force __user *)buf, size)) {
-+ if (copy_from_user(&tmp->event, (char __force_user *)buf, size)) {
- err = -EFAULT;
- goto __error;
- }
-diff --git a/sound/core/seq/seq_midi.c b/sound/core/seq/seq_midi.c
-index 5dd0ee2..0208e35 100644
---- a/sound/core/seq/seq_midi.c
-+++ b/sound/core/seq/seq_midi.c
-@@ -111,8 +111,9 @@ static void snd_midi_input_event(struct snd_rawmidi_substream *substream)
- }
- }
-
--static int dump_midi(struct snd_rawmidi_substream *substream, const char *buf, int count)
-+static int dump_midi(void *_substream, const void *buf, int count)
- {
-+ struct snd_rawmidi_substream *substream = _substream;
- struct snd_rawmidi_runtime *runtime;
- int tmp;
-
-@@ -148,7 +149,7 @@ static int event_process_midi(struct snd_seq_event *ev, int direct,
- pr_debug("ALSA: seq_midi: invalid sysex event flags = 0x%x\n", ev->flags);
- return 0;
- }
-- snd_seq_dump_var_event(ev, (snd_seq_dump_func_t)dump_midi, substream);
-+ snd_seq_dump_var_event(ev, dump_midi, substream);
- snd_midi_event_reset_decode(msynth->parser);
- } else {
- if (msynth->parser == NULL)
-diff --git a/sound/core/seq/seq_virmidi.c b/sound/core/seq/seq_virmidi.c
-index c82ed3e..e11d039 100644
---- a/sound/core/seq/seq_virmidi.c
-+++ b/sound/core/seq/seq_virmidi.c
-@@ -90,7 +90,7 @@ static int snd_virmidi_dev_receive_event(struct snd_virmidi_dev *rdev,
- if (ev->type == SNDRV_SEQ_EVENT_SYSEX) {
- if ((ev->flags & SNDRV_SEQ_EVENT_LENGTH_MASK) != SNDRV_SEQ_EVENT_LENGTH_VARIABLE)
- continue;
-- snd_seq_dump_var_event(ev, (snd_seq_dump_func_t)snd_rawmidi_receive, vmidi->substream);
-+ snd_seq_dump_var_event(ev, snd_rawmidi_receive, vmidi->substream);
- } else {
- len = snd_midi_event_decode(vmidi->parser, msg, sizeof(msg), ev);
- if (len > 0)
-diff --git a/sound/core/sound.c b/sound/core/sound.c
-index 175f9e4..3518d31 100644
---- a/sound/core/sound.c
-+++ b/sound/core/sound.c
-@@ -86,7 +86,7 @@ static void snd_request_other(int minor)
- case SNDRV_MINOR_TIMER: str = "snd-timer"; break;
- default: return;
- }
-- request_module(str);
-+ request_module("%s", str);
- }
-
- #endif /* modular kernel */
-diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c
-index 2a008a9..a1efb3f 100644
---- a/sound/drivers/mts64.c
-+++ b/sound/drivers/mts64.c
-@@ -29,6 +29,7 @@
- #include <sound/initval.h>
- #include <sound/rawmidi.h>
- #include <sound/control.h>
-+#include <asm/local.h>
-
- #define CARD_NAME "Miditerminal 4140"
- #define DRIVER_NAME "MTS64"
-@@ -67,7 +68,7 @@ struct mts64 {
- struct pardevice *pardev;
- int pardev_claimed;
-
-- int open_count;
-+ local_t open_count;
- int current_midi_output_port;
- int current_midi_input_port;
- u8 mode[MTS64_NUM_INPUT_PORTS];
-@@ -687,7 +688,7 @@ static int snd_mts64_rawmidi_open(struct snd_rawmidi_substream *substream)
- {
- struct mts64 *mts = substream->rmidi->private_data;
-
-- if (mts->open_count == 0) {
-+ if (local_read(&mts->open_count) == 0) {
- /* We don't need a spinlock here, because this is just called
- if the device has not been opened before.
- So there aren't any IRQs from the device */
-@@ -695,7 +696,7 @@ static int snd_mts64_rawmidi_open(struct snd_rawmidi_substream *substream)
-
- msleep(50);
- }
-- ++(mts->open_count);
-+ local_inc(&mts->open_count);
-
- return 0;
- }
-@@ -705,8 +706,7 @@ static int snd_mts64_rawmidi_close(struct snd_rawmidi_substream *substream)
- struct mts64 *mts = substream->rmidi->private_data;
- unsigned long flags;
-
-- --(mts->open_count);
-- if (mts->open_count == 0) {
-+ if (local_dec_return(&mts->open_count) == 0) {
- /* We need the spinlock_irqsave here because we can still
- have IRQs at this point */
- spin_lock_irqsave(&mts->lock, flags);
-@@ -715,8 +715,8 @@ static int snd_mts64_rawmidi_close(struct snd_rawmidi_substream *substream)
-
- msleep(500);
-
-- } else if (mts->open_count < 0)
-- mts->open_count = 0;
-+ } else if (local_read(&mts->open_count) < 0)
-+ local_set(&mts->open_count, 0);
-
- return 0;
- }
-diff --git a/sound/drivers/opl4/opl4_lib.c b/sound/drivers/opl4/opl4_lib.c
-index 89c7aa0..6d75e49 100644
---- a/sound/drivers/opl4/opl4_lib.c
-+++ b/sound/drivers/opl4/opl4_lib.c
-@@ -29,7 +29,7 @@ MODULE_AUTHOR("Clemens Ladisch <clemens@ladisch.de>");
- MODULE_DESCRIPTION("OPL4 driver");
- MODULE_LICENSE("GPL");
-
--static void inline snd_opl4_wait(struct snd_opl4 *opl4)
-+static inline void snd_opl4_wait(struct snd_opl4 *opl4)
- {
- int timeout = 10;
- while ((inb(opl4->fm_port) & OPL4_STATUS_BUSY) && --timeout > 0)
-diff --git a/sound/drivers/portman2x4.c b/sound/drivers/portman2x4.c
-index 464385a..46ab3f6 100644
---- a/sound/drivers/portman2x4.c
-+++ b/sound/drivers/portman2x4.c
-@@ -48,6 +48,7 @@
- #include <sound/initval.h>
- #include <sound/rawmidi.h>
- #include <sound/control.h>
-+#include <asm/local.h>
-
- #define CARD_NAME "Portman 2x4"
- #define DRIVER_NAME "portman"
-@@ -85,7 +86,7 @@ struct portman {
- struct pardevice *pardev;
- int pardev_claimed;
-
-- int open_count;
-+ local_t open_count;
- int mode[PORTMAN_NUM_INPUT_PORTS];
- struct snd_rawmidi_substream *midi_input[PORTMAN_NUM_INPUT_PORTS];
- };
-diff --git a/sound/firewire/amdtp-am824.c b/sound/firewire/amdtp-am824.c
-index bebddc6..f5976be 100644
---- a/sound/firewire/amdtp-am824.c
-+++ b/sound/firewire/amdtp-am824.c
-@@ -314,7 +314,7 @@ void amdtp_am824_midi_trigger(struct amdtp_stream *s, unsigned int port,
- struct amdtp_am824 *p = s->protocol;
-
- if (port < p->midi_ports)
-- ACCESS_ONCE(p->midi[port]) = midi;
-+ ACCESS_ONCE_RW(p->midi[port]) = midi;
- }
- EXPORT_SYMBOL_GPL(amdtp_am824_midi_trigger);
-
-diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c
-index ed29026..933d2ae 100644
---- a/sound/firewire/amdtp-stream.c
-+++ b/sound/firewire/amdtp-stream.c
-@@ -344,7 +344,7 @@ static void update_pcm_pointers(struct amdtp_stream *s,
- ptr = s->pcm_buffer_pointer + frames;
- if (ptr >= pcm->runtime->buffer_size)
- ptr -= pcm->runtime->buffer_size;
-- ACCESS_ONCE(s->pcm_buffer_pointer) = ptr;
-+ ACCESS_ONCE_RW(s->pcm_buffer_pointer) = ptr;
-
- s->pcm_period_pointer += frames;
- if (s->pcm_period_pointer >= pcm->runtime->period_size) {
-@@ -811,7 +811,7 @@ EXPORT_SYMBOL(amdtp_stream_pcm_pointer);
- void amdtp_stream_update(struct amdtp_stream *s)
- {
- /* Precomputing. */
-- ACCESS_ONCE(s->source_node_id_field) =
-+ ACCESS_ONCE_RW(s->source_node_id_field) =
- (fw_parent_device(s->unit)->card->node_id << CIP_SID_SHIFT) &
- CIP_SID_MASK;
- }
-diff --git a/sound/firewire/amdtp-stream.h b/sound/firewire/amdtp-stream.h
-index 8775704..8fea566 100644
---- a/sound/firewire/amdtp-stream.h
-+++ b/sound/firewire/amdtp-stream.h
-@@ -215,7 +215,7 @@ static inline bool amdtp_stream_pcm_running(struct amdtp_stream *s)
- static inline void amdtp_stream_pcm_trigger(struct amdtp_stream *s,
- struct snd_pcm_substream *pcm)
- {
-- ACCESS_ONCE(s->pcm) = pcm;
-+ ACCESS_ONCE_RW(s->pcm) = pcm;
- }
-
- static inline bool cip_sfc_is_base_44100(enum cip_sfc sfc)
-diff --git a/sound/firewire/digi00x/amdtp-dot.c b/sound/firewire/digi00x/amdtp-dot.c
-index 0ac92ab..a2081aa 100644
---- a/sound/firewire/digi00x/amdtp-dot.c
-+++ b/sound/firewire/digi00x/amdtp-dot.c
-@@ -365,7 +365,7 @@ void amdtp_dot_midi_trigger(struct amdtp_stream *s, unsigned int port,
- struct amdtp_dot *p = s->protocol;
-
- if (port < p->midi_ports)
-- ACCESS_ONCE(p->midi[port]) = midi;
-+ ACCESS_ONCE_RW(p->midi[port]) = midi;
- }
-
- static unsigned int process_tx_data_blocks(struct amdtp_stream *s,
-diff --git a/sound/firewire/isight.c b/sound/firewire/isight.c
-index 48d6dca..a0266c23 100644
---- a/sound/firewire/isight.c
-+++ b/sound/firewire/isight.c
-@@ -96,7 +96,7 @@ static void isight_update_pointers(struct isight *isight, unsigned int count)
- ptr += count;
- if (ptr >= runtime->buffer_size)
- ptr -= runtime->buffer_size;
-- ACCESS_ONCE(isight->buffer_pointer) = ptr;
-+ ACCESS_ONCE_RW(isight->buffer_pointer) = ptr;
-
- isight->period_counter += count;
- if (isight->period_counter >= runtime->period_size) {
-@@ -293,7 +293,7 @@ static int isight_hw_params(struct snd_pcm_substream *substream,
- if (err < 0)
- return err;
-
-- ACCESS_ONCE(isight->pcm_active) = true;
-+ ACCESS_ONCE_RW(isight->pcm_active) = true;
-
- return 0;
- }
-@@ -331,7 +331,7 @@ static int isight_hw_free(struct snd_pcm_substream *substream)
- {
- struct isight *isight = substream->private_data;
-
-- ACCESS_ONCE(isight->pcm_active) = false;
-+ ACCESS_ONCE_RW(isight->pcm_active) = false;
-
- mutex_lock(&isight->mutex);
- isight_stop_streaming(isight);
-@@ -424,10 +424,10 @@ static int isight_trigger(struct snd_pcm_substream *substream, int cmd)
-
- switch (cmd) {
- case SNDRV_PCM_TRIGGER_START:
-- ACCESS_ONCE(isight->pcm_running) = true;
-+ ACCESS_ONCE_RW(isight->pcm_running) = true;
- break;
- case SNDRV_PCM_TRIGGER_STOP:
-- ACCESS_ONCE(isight->pcm_running) = false;
-+ ACCESS_ONCE_RW(isight->pcm_running) = false;
- break;
- default:
- return -EINVAL;
-diff --git a/sound/firewire/oxfw/oxfw-scs1x.c b/sound/firewire/oxfw/oxfw-scs1x.c
-index bb53eb3..670cd89 100644
---- a/sound/firewire/oxfw/oxfw-scs1x.c
-+++ b/sound/firewire/oxfw/oxfw-scs1x.c
-@@ -278,9 +278,9 @@ static void midi_capture_trigger(struct snd_rawmidi_substream *stream, int up)
-
- if (up) {
- scs->input_escape_count = 0;
-- ACCESS_ONCE(scs->input) = stream;
-+ ACCESS_ONCE_RW(scs->input) = stream;
- } else {
-- ACCESS_ONCE(scs->input) = NULL;
-+ ACCESS_ONCE_RW(scs->input) = NULL;
- }
- }
-
-@@ -310,10 +310,10 @@ static void midi_playback_trigger(struct snd_rawmidi_substream *stream, int up)
- scs->output_escaped = false;
- scs->output_idle = false;
-
-- ACCESS_ONCE(scs->output) = stream;
-+ ACCESS_ONCE_RW(scs->output) = stream;
- tasklet_schedule(&scs->tasklet);
- } else {
-- ACCESS_ONCE(scs->output) = NULL;
-+ ACCESS_ONCE_RW(scs->output) = NULL;
- }
- }
- static void midi_playback_drain(struct snd_rawmidi_substream *stream)
-diff --git a/sound/oss/sb_audio.c b/sound/oss/sb_audio.c
-index dc91072..d85a10a 100644
---- a/sound/oss/sb_audio.c
-+++ b/sound/oss/sb_audio.c
-@@ -900,7 +900,7 @@ sb16_copy_from_user(int dev,
- buf16 = (signed short *)(localbuf + localoffs);
- while (c)
- {
-- locallen = (c >= LBUFCOPYSIZE ? LBUFCOPYSIZE : c);
-+ locallen = ((unsigned)c >= LBUFCOPYSIZE ? LBUFCOPYSIZE : c);
- if (copy_from_user(lbuf8,
- userbuf+useroffs + p,
- locallen))
-diff --git a/sound/oss/swarm_cs4297a.c b/sound/oss/swarm_cs4297a.c
-index 213a416..aeab5c9 100644
---- a/sound/oss/swarm_cs4297a.c
-+++ b/sound/oss/swarm_cs4297a.c
-@@ -2623,7 +2623,6 @@ static int __init cs4297a_init(void)
- {
- struct cs4297a_state *s;
- u32 pwr, id;
-- mm_segment_t fs;
- int rval;
- u64 cfg;
- int mdio_val;
-@@ -2709,22 +2708,23 @@ static int __init cs4297a_init(void)
- if (!rval) {
- char *sb1250_duart_present;
-
-+#if 0
-+ mm_segment_t fs;
- fs = get_fs();
- set_fs(KERNEL_DS);
--#if 0
- val = SOUND_MASK_LINE;
- mixer_ioctl(s, SOUND_MIXER_WRITE_RECSRC, (unsigned long) &val);
- for (i = 0; i < ARRAY_SIZE(initvol); i++) {
- val = initvol[i].vol;
- mixer_ioctl(s, initvol[i].mixch, (unsigned long) &val);
- }
-+ set_fs(fs);
- // cs4297a_write_ac97(s, 0x18, 0x0808);
- #else
- // cs4297a_write_ac97(s, 0x5e, 0x180);
- cs4297a_write_ac97(s, 0x02, 0x0808);
- cs4297a_write_ac97(s, 0x18, 0x0808);
- #endif
-- set_fs(fs);
-
- list_add(&s->list, &cs4297a_devs);
-
-diff --git a/sound/pci/als300.c b/sound/pci/als300.c
-index add3176..c9394d9 100644
---- a/sound/pci/als300.c
-+++ b/sound/pci/als300.c
-@@ -647,7 +647,7 @@ static int snd_als300_create(struct snd_card *card,
- struct snd_als300 **rchip)
- {
- struct snd_als300 *chip;
-- void *irq_handler;
-+ irq_handler_t irq_handler;
- int err;
-
- static struct snd_device_ops ops = {
-diff --git a/sound/pci/aw2/aw2-alsa.c b/sound/pci/aw2/aw2-alsa.c
-index 1677143..85aca1d 100644
---- a/sound/pci/aw2/aw2-alsa.c
-+++ b/sound/pci/aw2/aw2-alsa.c
-@@ -458,7 +458,6 @@ static int snd_aw2_pcm_prepare_playback(struct snd_pcm_substream *substream)
-
- /* Define Interrupt callback */
- snd_aw2_saa7146_define_it_playback_callback(pcm_device->stream_number,
-- (snd_aw2_saa7146_it_cb)
- snd_pcm_period_elapsed,
- (void *)substream);
-
-@@ -487,7 +486,6 @@ static int snd_aw2_pcm_prepare_capture(struct snd_pcm_substream *substream)
-
- /* Define Interrupt callback */
- snd_aw2_saa7146_define_it_capture_callback(pcm_device->stream_number,
-- (snd_aw2_saa7146_it_cb)
- snd_pcm_period_elapsed,
- (void *)substream);
-
-diff --git a/sound/pci/aw2/aw2-saa7146.c b/sound/pci/aw2/aw2-saa7146.c
-index 1d78904..d9c1056 100644
---- a/sound/pci/aw2/aw2-saa7146.c
-+++ b/sound/pci/aw2/aw2-saa7146.c
-@@ -262,7 +262,7 @@ void snd_aw2_saa7146_define_it_playback_callback(unsigned int stream_number,
- {
- if (stream_number < NB_STREAM_PLAYBACK) {
- arr_substream_it_playback_cb[stream_number].p_it_callback =
-- (snd_aw2_saa7146_it_cb) p_it_callback;
-+ p_it_callback;
- arr_substream_it_playback_cb[stream_number].p_callback_param =
- (void *)p_callback_param;
- }
-@@ -275,7 +275,7 @@ void snd_aw2_saa7146_define_it_capture_callback(unsigned int stream_number,
- {
- if (stream_number < NB_STREAM_CAPTURE) {
- arr_substream_it_capture_cb[stream_number].p_it_callback =
-- (snd_aw2_saa7146_it_cb) p_it_callback;
-+ p_it_callback;
- arr_substream_it_capture_cb[stream_number].p_callback_param =
- (void *)p_callback_param;
- }
-diff --git a/sound/pci/ctxfi/ctamixer.c b/sound/pci/ctxfi/ctamixer.c
-index 5fcbb06..f4b85df 100644
---- a/sound/pci/ctxfi/ctamixer.c
-+++ b/sound/pci/ctxfi/ctamixer.c
-@@ -297,8 +297,9 @@ static int put_amixer_rsc(struct amixer_mgr *mgr, struct amixer *amixer)
- return 0;
- }
-
--int amixer_mgr_create(struct hw *hw, struct amixer_mgr **ramixer_mgr)
-+int amixer_mgr_create(struct hw *hw, void **_ramixer_mgr)
- {
-+ struct amixer_mgr **ramixer_mgr = (struct amixer_mgr **)_ramixer_mgr;
- int err;
- struct amixer_mgr *amixer_mgr;
-
-@@ -326,8 +327,10 @@ error:
- return err;
- }
-
--int amixer_mgr_destroy(struct amixer_mgr *amixer_mgr)
-+int amixer_mgr_destroy(void *_amixer_mgr)
- {
-+ struct amixer_mgr *amixer_mgr = _amixer_mgr;
-+
- rsc_mgr_uninit(&amixer_mgr->mgr);
- kfree(amixer_mgr);
- return 0;
-@@ -452,8 +455,9 @@ static int put_sum_rsc(struct sum_mgr *mgr, struct sum *sum)
- return 0;
- }
-
--int sum_mgr_create(struct hw *hw, struct sum_mgr **rsum_mgr)
-+int sum_mgr_create(struct hw *hw, void **_rsum_mgr)
- {
-+ struct sum_mgr **rsum_mgr = (struct sum_mgr **)_rsum_mgr;
- int err;
- struct sum_mgr *sum_mgr;
-
-@@ -481,8 +485,10 @@ error:
- return err;
- }
-
--int sum_mgr_destroy(struct sum_mgr *sum_mgr)
-+int sum_mgr_destroy(void *_sum_mgr)
- {
-+ struct sum_mgr *sum_mgr = _sum_mgr;
-+
- rsc_mgr_uninit(&sum_mgr->mgr);
- kfree(sum_mgr);
- return 0;
-diff --git a/sound/pci/ctxfi/ctamixer.h b/sound/pci/ctxfi/ctamixer.h
-index 2de18aa..2fbd01b 100644
---- a/sound/pci/ctxfi/ctamixer.h
-+++ b/sound/pci/ctxfi/ctamixer.h
-@@ -47,8 +47,8 @@ struct sum_mgr {
- };
-
- /* Constructor and destructor of daio resource manager */
--int sum_mgr_create(struct hw *hw, struct sum_mgr **rsum_mgr);
--int sum_mgr_destroy(struct sum_mgr *sum_mgr);
-+int sum_mgr_create(struct hw *hw, void **rsum_mgr);
-+int sum_mgr_destroy(void *sum_mgr);
-
- /* Define the descriptor of a amixer resource */
- struct amixer_rsc_ops;
-@@ -93,7 +93,7 @@ struct amixer_mgr {
- };
-
- /* Constructor and destructor of amixer resource manager */
--int amixer_mgr_create(struct hw *hw, struct amixer_mgr **ramixer_mgr);
--int amixer_mgr_destroy(struct amixer_mgr *amixer_mgr);
-+int amixer_mgr_create(struct hw *hw, void **ramixer_mgr);
-+int amixer_mgr_destroy(void *amixer_mgr);
-
- #endif /* CTAMIXER_H */
-diff --git a/sound/pci/ctxfi/ctatc.c b/sound/pci/ctxfi/ctatc.c
-index 977a598..a787004 100644
---- a/sound/pci/ctxfi/ctatc.c
-+++ b/sound/pci/ctxfi/ctatc.c
-@@ -113,16 +113,16 @@ static struct {
- int (*create)(struct hw *hw, void **rmgr);
- int (*destroy)(void *mgr);
- } rsc_mgr_funcs[NUM_RSCTYP] = {
-- [SRC] = { .create = (create_t)src_mgr_create,
-- .destroy = (destroy_t)src_mgr_destroy },
-- [SRCIMP] = { .create = (create_t)srcimp_mgr_create,
-- .destroy = (destroy_t)srcimp_mgr_destroy },
-- [AMIXER] = { .create = (create_t)amixer_mgr_create,
-- .destroy = (destroy_t)amixer_mgr_destroy },
-- [SUM] = { .create = (create_t)sum_mgr_create,
-- .destroy = (destroy_t)sum_mgr_destroy },
-- [DAIO] = { .create = (create_t)daio_mgr_create,
-- .destroy = (destroy_t)daio_mgr_destroy }
-+ [SRC] = { .create = src_mgr_create,
-+ .destroy = src_mgr_destroy },
-+ [SRCIMP] = { .create = srcimp_mgr_create,
-+ .destroy = srcimp_mgr_destroy },
-+ [AMIXER] = { .create = amixer_mgr_create,
-+ .destroy = amixer_mgr_destroy },
-+ [SUM] = { .create = sum_mgr_create,
-+ .destroy = sum_mgr_destroy },
-+ [DAIO] = { .create = daio_mgr_create,
-+ .destroy = daio_mgr_destroy }
- };
-
- static int
-diff --git a/sound/pci/ctxfi/ctdaio.c b/sound/pci/ctxfi/ctdaio.c
-index 7f089cb..6bea28e 100644
---- a/sound/pci/ctxfi/ctdaio.c
-+++ b/sound/pci/ctxfi/ctdaio.c
-@@ -687,8 +687,9 @@ static int daio_mgr_commit_write(struct daio_mgr *mgr)
- return 0;
- }
-
--int daio_mgr_create(struct hw *hw, struct daio_mgr **rdaio_mgr)
-+int daio_mgr_create(struct hw *hw, void **_rdaio_mgr)
- {
-+ struct daio_mgr **rdaio_mgr = (struct daio_mgr **)_rdaio_mgr;
- int err, i;
- struct daio_mgr *daio_mgr;
- struct imapper *entry;
-@@ -741,8 +742,9 @@ error1:
- return err;
- }
-
--int daio_mgr_destroy(struct daio_mgr *daio_mgr)
-+int daio_mgr_destroy(void *_daio_mgr)
- {
-+ struct daio_mgr *daio_mgr = _daio_mgr;
- unsigned long flags;
-
- /* free daio input mapper list */
-diff --git a/sound/pci/ctxfi/ctdaio.h b/sound/pci/ctxfi/ctdaio.h
-index a30be73..91b8dbd 100644
---- a/sound/pci/ctxfi/ctdaio.h
-+++ b/sound/pci/ctxfi/ctdaio.h
-@@ -119,7 +119,7 @@ struct daio_mgr {
- };
-
- /* Constructor and destructor of daio resource manager */
--int daio_mgr_create(struct hw *hw, struct daio_mgr **rdaio_mgr);
--int daio_mgr_destroy(struct daio_mgr *daio_mgr);
-+int daio_mgr_create(struct hw *hw, void **rdaio_mgr);
-+int daio_mgr_destroy(void *daio_mgr);
-
- #endif /* CTDAIO_H */
-diff --git a/sound/pci/ctxfi/ctsrc.c b/sound/pci/ctxfi/ctsrc.c
-index a5a72df..f86edb8 100644
---- a/sound/pci/ctxfi/ctsrc.c
-+++ b/sound/pci/ctxfi/ctsrc.c
-@@ -544,8 +544,9 @@ static int src_mgr_commit_write(struct src_mgr *mgr)
- return 0;
- }
-
--int src_mgr_create(struct hw *hw, struct src_mgr **rsrc_mgr)
-+int src_mgr_create(struct hw *hw, void **_rsrc_mgr)
- {
-+ struct src_mgr **rsrc_mgr = (struct src_mgr **)_rsrc_mgr;
- int err, i;
- struct src_mgr *src_mgr;
-
-@@ -584,8 +585,10 @@ error1:
- return err;
- }
-
--int src_mgr_destroy(struct src_mgr *src_mgr)
-+int src_mgr_destroy(void *_src_mgr)
- {
-+ struct src_mgr *src_mgr = _src_mgr;
-+
- rsc_mgr_uninit(&src_mgr->mgr);
- kfree(src_mgr);
-
-@@ -828,8 +831,9 @@ static int srcimp_imap_delete(struct srcimp_mgr *mgr, struct imapper *entry)
- return err;
- }
-
--int srcimp_mgr_create(struct hw *hw, struct srcimp_mgr **rsrcimp_mgr)
-+int srcimp_mgr_create(struct hw *hw, void **_rsrcimp_mgr)
- {
-+ struct srcimp_mgr **rsrcimp_mgr = (struct srcimp_mgr **)_rsrcimp_mgr;
- int err;
- struct srcimp_mgr *srcimp_mgr;
- struct imapper *entry;
-@@ -873,8 +877,9 @@ error1:
- return err;
- }
-
--int srcimp_mgr_destroy(struct srcimp_mgr *srcimp_mgr)
-+int srcimp_mgr_destroy(void *_srcimp_mgr)
- {
-+ struct srcimp_mgr *srcimp_mgr = _srcimp_mgr;
- unsigned long flags;
-
- /* free src input mapper list */
-diff --git a/sound/pci/ctxfi/ctsrc.h b/sound/pci/ctxfi/ctsrc.h
-index 92944a0..fc78ed4 100644
---- a/sound/pci/ctxfi/ctsrc.h
-+++ b/sound/pci/ctxfi/ctsrc.h
-@@ -143,10 +143,10 @@ struct srcimp_mgr {
- };
-
- /* Constructor and destructor of SRC resource manager */
--int src_mgr_create(struct hw *hw, struct src_mgr **rsrc_mgr);
--int src_mgr_destroy(struct src_mgr *src_mgr);
-+int src_mgr_create(struct hw *hw, void **rsrc_mgr);
-+int src_mgr_destroy(void *src_mgr);
- /* Constructor and destructor of SRCIMP resource manager */
--int srcimp_mgr_create(struct hw *hw, struct srcimp_mgr **rsrc_mgr);
--int srcimp_mgr_destroy(struct srcimp_mgr *srcimp_mgr);
-+int srcimp_mgr_create(struct hw *hw, void **rsrc_mgr);
-+int srcimp_mgr_destroy(void *srcimp_mgr);
-
- #endif /* CTSRC_H */
-diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
-index 8374188..f073778 100644
---- a/sound/pci/hda/hda_codec.c
-+++ b/sound/pci/hda/hda_codec.c
-@@ -1743,7 +1743,7 @@ static int get_kctl_0dB_offset(struct hda_codec *codec,
- /* FIXME: set_fs() hack for obtaining user-space TLV data */
- mm_segment_t fs = get_fs();
- set_fs(get_ds());
-- if (!kctl->tlv.c(kctl, 0, sizeof(_tlv), _tlv))
-+ if (!kctl->tlv.c(kctl, 0, sizeof(_tlv), (unsigned int __force_user *)_tlv))
- tlv = _tlv;
- set_fs(fs);
- } else if (kctl->vd[0].access & SNDRV_CTL_ELEM_ACCESS_TLV_READ)
-diff --git a/sound/pci/ymfpci/ymfpci.h b/sound/pci/ymfpci/ymfpci.h
-index 149d4cb..7784769 100644
---- a/sound/pci/ymfpci/ymfpci.h
-+++ b/sound/pci/ymfpci/ymfpci.h
-@@ -358,7 +358,7 @@ struct snd_ymfpci {
- spinlock_t reg_lock;
- spinlock_t voice_lock;
- wait_queue_head_t interrupt_sleep;
-- atomic_t interrupt_sleep_count;
-+ atomic_unchecked_t interrupt_sleep_count;
- struct snd_info_entry *proc_entry;
- const struct firmware *dsp_microcode;
- const struct firmware *controller_microcode;
-diff --git a/sound/pci/ymfpci/ymfpci_main.c b/sound/pci/ymfpci/ymfpci_main.c
-index 4c26076..a13f370 100644
---- a/sound/pci/ymfpci/ymfpci_main.c
-+++ b/sound/pci/ymfpci/ymfpci_main.c
-@@ -204,8 +204,8 @@ static void snd_ymfpci_hw_stop(struct snd_ymfpci *chip)
- if ((snd_ymfpci_readl(chip, YDSXGR_STATUS) & 2) == 0)
- break;
- }
-- if (atomic_read(&chip->interrupt_sleep_count)) {
-- atomic_set(&chip->interrupt_sleep_count, 0);
-+ if (atomic_read_unchecked(&chip->interrupt_sleep_count)) {
-+ atomic_set_unchecked(&chip->interrupt_sleep_count, 0);
- wake_up(&chip->interrupt_sleep);
- }
- __end:
-@@ -789,7 +789,7 @@ static void snd_ymfpci_irq_wait(struct snd_ymfpci *chip)
- continue;
- init_waitqueue_entry(&wait, current);
- add_wait_queue(&chip->interrupt_sleep, &wait);
-- atomic_inc(&chip->interrupt_sleep_count);
-+ atomic_inc_unchecked(&chip->interrupt_sleep_count);
- schedule_timeout_uninterruptible(msecs_to_jiffies(50));
- remove_wait_queue(&chip->interrupt_sleep, &wait);
- }
-@@ -827,8 +827,8 @@ static irqreturn_t snd_ymfpci_interrupt(int irq, void *dev_id)
- snd_ymfpci_writel(chip, YDSXGR_MODE, mode);
- spin_unlock(&chip->reg_lock);
-
-- if (atomic_read(&chip->interrupt_sleep_count)) {
-- atomic_set(&chip->interrupt_sleep_count, 0);
-+ if (atomic_read_unchecked(&chip->interrupt_sleep_count)) {
-+ atomic_set_unchecked(&chip->interrupt_sleep_count, 0);
- wake_up(&chip->interrupt_sleep);
- }
- }
-@@ -2384,7 +2384,7 @@ int snd_ymfpci_create(struct snd_card *card,
- spin_lock_init(&chip->reg_lock);
- spin_lock_init(&chip->voice_lock);
- init_waitqueue_head(&chip->interrupt_sleep);
-- atomic_set(&chip->interrupt_sleep_count, 0);
-+ atomic_set_unchecked(&chip->interrupt_sleep_count, 0);
- chip->card = card;
- chip->pci = pci;
- chip->irq = -1;
-diff --git a/sound/soc/codecs/cx20442.c b/sound/soc/codecs/cx20442.c
-index d6f4abb..5d59f0c 100644
---- a/sound/soc/codecs/cx20442.c
-+++ b/sound/soc/codecs/cx20442.c
-@@ -263,6 +263,12 @@ static int v253_hangup(struct tty_struct *tty)
- return 0;
- }
-
-+static int v253_hw_write(void *client, const char *buf, int count)
-+{
-+ struct tty_struct *tty = client;
-+ return tty->ops->write(client, buf, count);
-+}
-+
- /* Line discipline .receive_buf() */
- static void v253_receive(struct tty_struct *tty,
- const unsigned char *cp, char *fp, int count)
-@@ -280,7 +286,7 @@ static void v253_receive(struct tty_struct *tty,
-
- /* Set up codec driver access to modem controls */
- cx20442->control_data = tty;
-- codec->hw_write = (hw_write_t)tty->ops->write;
-+ codec->hw_write = v253_hw_write;
- codec->component.card->pop_time = 1;
- }
- }
-diff --git a/sound/soc/codecs/sti-sas.c b/sound/soc/codecs/sti-sas.c
-index 160d61a..10bfd63 100644
---- a/sound/soc/codecs/sti-sas.c
-+++ b/sound/soc/codecs/sti-sas.c
-@@ -591,11 +591,13 @@ static int sti_sas_driver_probe(struct platform_device *pdev)
- sti_sas_dai[STI_SAS_DAI_ANALOG_OUT].ops = drvdata->dev_data->dac_ops;
-
- /* Set dapms*/
-- sti_sas_driver.dapm_widgets = drvdata->dev_data->dapm_widgets;
-- sti_sas_driver.num_dapm_widgets = drvdata->dev_data->num_dapm_widgets;
-+ pax_open_kernel();
-+ *(const void **)&sti_sas_driver.dapm_widgets = drvdata->dev_data->dapm_widgets;
-+ *(int *)&sti_sas_driver.num_dapm_widgets = drvdata->dev_data->num_dapm_widgets;
-
-- sti_sas_driver.dapm_routes = drvdata->dev_data->dapm_routes;
-- sti_sas_driver.num_dapm_routes = drvdata->dev_data->num_dapm_routes;
-+ *(const void **)&sti_sas_driver.dapm_routes = drvdata->dev_data->dapm_routes;
-+ *(int *)&sti_sas_driver.num_dapm_routes = drvdata->dev_data->num_dapm_routes;
-+ pax_close_kernel();
-
- /* Store context */
- dev_set_drvdata(&pdev->dev, drvdata);
-diff --git a/sound/soc/codecs/tlv320dac33.c b/sound/soc/codecs/tlv320dac33.c
-index f7a6ce7..82310c8 100644
---- a/sound/soc/codecs/tlv320dac33.c
-+++ b/sound/soc/codecs/tlv320dac33.c
-@@ -1375,13 +1375,18 @@ static int dac33_set_dai_fmt(struct snd_soc_dai *codec_dai,
- return 0;
- }
-
-+static int dac33_hw_write(void *client, const char *buf, int count)
-+{
-+ return i2c_master_send(client, buf, count);
-+}
-+
- static int dac33_soc_probe(struct snd_soc_codec *codec)
- {
- struct tlv320dac33_priv *dac33 = snd_soc_codec_get_drvdata(codec);
- int ret = 0;
-
- codec->control_data = dac33->control_data;
-- codec->hw_write = (hw_write_t) i2c_master_send;
-+ codec->hw_write = dac33_hw_write;
- dac33->codec = codec;
-
- /* Read the tlv320dac33 ID registers */
-diff --git a/sound/soc/codecs/uda1380.c b/sound/soc/codecs/uda1380.c
-index 35f0469..7c25cd5 100644
---- a/sound/soc/codecs/uda1380.c
-+++ b/sound/soc/codecs/uda1380.c
-@@ -687,6 +687,11 @@ static struct snd_soc_dai_driver uda1380_dai[] = {
- },
- };
-
-+static int uda1380_hw_write(void *client, const char *buf, int count)
-+{
-+ return i2c_master_send(client, buf, count);
-+}
-+
- static int uda1380_probe(struct snd_soc_codec *codec)
- {
- struct uda1380_platform_data *pdata =codec->dev->platform_data;
-@@ -695,7 +700,7 @@ static int uda1380_probe(struct snd_soc_codec *codec)
-
- uda1380->codec = codec;
-
-- codec->hw_write = (hw_write_t)i2c_master_send;
-+ codec->hw_write = uda1380_hw_write;
- codec->control_data = uda1380->control_data;
-
- if (!pdata)
-diff --git a/sound/soc/intel/skylake/skl-sst-dsp.h b/sound/soc/intel/skylake/skl-sst-dsp.h
-index cbb4075..edda3dd 100644
---- a/sound/soc/intel/skylake/skl-sst-dsp.h
-+++ b/sound/soc/intel/skylake/skl-sst-dsp.h
-@@ -117,14 +117,14 @@ struct skl_dsp_fw_ops {
- int (*load_mod)(struct sst_dsp *ctx, u16 mod_id, char *mod_name);
- int (*unload_mod)(struct sst_dsp *ctx, u16 mod_id);
-
--};
-+} __no_const;
-
- struct skl_dsp_loader_ops {
- int (*alloc_dma_buf)(struct device *dev,
- struct snd_dma_buffer *dmab, size_t size);
- int (*free_dma_buf)(struct device *dev,
- struct snd_dma_buffer *dmab);
--};
-+} __no_const;
-
- struct skl_load_module_info {
- u16 mod_id;
-diff --git a/sound/soc/soc-ac97.c b/sound/soc/soc-ac97.c
-index 7e0acd8..7fe0f65 100644
---- a/sound/soc/soc-ac97.c
-+++ b/sound/soc/soc-ac97.c
-@@ -416,8 +416,10 @@ int snd_soc_set_ac97_ops_of_reset(struct snd_ac97_bus_ops *ops,
- if (ret)
- return ret;
-
-- ops->warm_reset = snd_soc_ac97_warm_reset;
-- ops->reset = snd_soc_ac97_reset;
-+ pax_open_kernel();
-+ *(void **)&ops->warm_reset = snd_soc_ac97_warm_reset;
-+ *(void **)&ops->reset = snd_soc_ac97_reset;
-+ pax_close_kernel();
-
- snd_ac97_rst_cfg = cfg;
- return 0;
-diff --git a/sound/soc/xtensa/xtfpga-i2s.c b/sound/soc/xtensa/xtfpga-i2s.c
-index 8382ffa..86af7d0 100644
---- a/sound/soc/xtensa/xtfpga-i2s.c
-+++ b/sound/soc/xtensa/xtfpga-i2s.c
-@@ -437,7 +437,7 @@ static int xtfpga_pcm_trigger(struct snd_pcm_substream *substream, int cmd)
- case SNDRV_PCM_TRIGGER_START:
- case SNDRV_PCM_TRIGGER_RESUME:
- case SNDRV_PCM_TRIGGER_PAUSE_RELEASE:
-- ACCESS_ONCE(i2s->tx_ptr) = 0;
-+ ACCESS_ONCE_RW(i2s->tx_ptr) = 0;
- rcu_assign_pointer(i2s->tx_substream, substream);
- xtfpga_pcm_refill_fifo(i2s);
- break;
-diff --git a/sound/synth/emux/emux_seq.c b/sound/synth/emux/emux_seq.c
-index a020920..55579f6 100644
---- a/sound/synth/emux/emux_seq.c
-+++ b/sound/synth/emux/emux_seq.c
-@@ -33,13 +33,13 @@ static int snd_emux_unuse(void *private_data, struct snd_seq_port_subscribe *inf
- * MIDI emulation operators
- */
- static struct snd_midi_op emux_ops = {
-- snd_emux_note_on,
-- snd_emux_note_off,
-- snd_emux_key_press,
-- snd_emux_terminate_note,
-- snd_emux_control,
-- snd_emux_nrpn,
-- snd_emux_sysex,
-+ .note_on = snd_emux_note_on,
-+ .note_off = snd_emux_note_off,
-+ .key_press = snd_emux_key_press,
-+ .note_terminate = snd_emux_terminate_note,
-+ .control = snd_emux_control,
-+ .nrpn = snd_emux_nrpn,
-+ .sysex = snd_emux_sysex,
- };
-
-
-diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c
-index 81b7da8..bb2676f 100644
---- a/sound/usb/line6/driver.c
-+++ b/sound/usb/line6/driver.c
-@@ -307,7 +307,7 @@ int line6_read_data(struct usb_line6 *line6, unsigned address, void *data,
- {
- struct usb_device *usbdev = line6->usbdev;
- int ret;
-- unsigned char len;
-+ unsigned char *plen;
- unsigned count;
-
- if (address > 0xffff || datalen > 0xff)
-@@ -324,6 +324,10 @@ int line6_read_data(struct usb_line6 *line6, unsigned address, void *data,
- return ret;
- }
-
-+ plen = kmalloc(1, GFP_KERNEL);
-+ if (plen == NULL)
-+ return -ENOMEM;
-+
- /* Wait for data length. We'll get 0xff until length arrives. */
- for (count = 0; count < LINE6_READ_WRITE_MAX_RETRIES; count++) {
- mdelay(LINE6_READ_WRITE_STATUS_DELAY);
-@@ -331,30 +335,35 @@ int line6_read_data(struct usb_line6 *line6, unsigned address, void *data,
- ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67,
- USB_TYPE_VENDOR | USB_RECIP_DEVICE |
- USB_DIR_IN,
-- 0x0012, 0x0000, &len, 1,
-+ 0x0012, 0x0000, plen, 1,
- LINE6_TIMEOUT * HZ);
- if (ret < 0) {
- dev_err(line6->ifcdev,
- "receive length failed (error %d)\n", ret);
-+ kfree(plen);
- return ret;
- }
-
-- if (len != 0xff)
-+ if (*plen != 0xff)
- break;
- }
-
-- if (len == 0xff) {
-+ if (*plen == 0xff) {
- dev_err(line6->ifcdev, "read failed after %d retries\n",
- count);
-+ kfree(plen);
- return -EIO;
-- } else if (len != datalen) {
-+ } else if (*plen != datalen) {
- /* should be equal or something went wrong */
- dev_err(line6->ifcdev,
- "length mismatch (expected %d, got %d)\n",
-- (int)datalen, (int)len);
-+ (int)datalen, (int)*plen);
-+ kfree(plen);
- return -EIO;
- }
-
-+ kfree(plen);
-+
- /* receive the result: */
- ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67,
- USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN,
-@@ -378,7 +387,7 @@ int line6_write_data(struct usb_line6 *line6, unsigned address, void *data,
- {
- struct usb_device *usbdev = line6->usbdev;
- int ret;
-- unsigned char status;
-+ unsigned char *status;
- int count;
-
- if (address > 0xffff || datalen > 0xffff)
-@@ -395,6 +404,10 @@ int line6_write_data(struct usb_line6 *line6, unsigned address, void *data,
- return ret;
- }
-
-+ status = kmalloc(1, GFP_KERNEL);
-+ if (status == NULL)
-+ return -ENOMEM;
-+
- for (count = 0; count < LINE6_READ_WRITE_MAX_RETRIES; count++) {
- mdelay(LINE6_READ_WRITE_STATUS_DELAY);
-
-@@ -403,27 +416,32 @@ int line6_write_data(struct usb_line6 *line6, unsigned address, void *data,
- USB_TYPE_VENDOR | USB_RECIP_DEVICE |
- USB_DIR_IN,
- 0x0012, 0x0000,
-- &status, 1, LINE6_TIMEOUT * HZ);
-+ status, 1, LINE6_TIMEOUT * HZ);
-
- if (ret < 0) {
- dev_err(line6->ifcdev,
- "receiving status failed (error %d)\n", ret);
-+ kfree(status);
- return ret;
- }
-
-- if (status != 0xff)
-+ if (*status != 0xff)
- break;
- }
-
-- if (status == 0xff) {
-+ if (*status == 0xff) {
- dev_err(line6->ifcdev, "write failed after %d retries\n",
- count);
-+ kfree(status);
- return -EIO;
-- } else if (status != 0) {
-+ } else if (*status != 0) {
- dev_err(line6->ifcdev, "write failed (error %d)\n", ret);
-+ kfree(status);
- return -EIO;
- }
-
-+ kfree(status);
-+
- return 0;
- }
- EXPORT_SYMBOL_GPL(line6_write_data);
-diff --git a/sound/usb/line6/toneport.c b/sound/usb/line6/toneport.c
-index 6d4c50c..aa658c8 100644
---- a/sound/usb/line6/toneport.c
-+++ b/sound/usb/line6/toneport.c
-@@ -367,13 +367,19 @@ static bool toneport_has_source_select(struct usb_line6_toneport *toneport)
- */
- static void toneport_setup(struct usb_line6_toneport *toneport)
- {
-- int ticks;
-+ int *ticks;
- struct usb_line6 *line6 = &toneport->line6;
- struct usb_device *usbdev = line6->usbdev;
-
-+ ticks = kmalloc(sizeof(int), GFP_KERNEL);
-+ if (ticks == NULL)
-+ return;
-+
- /* sync time on device with host: */
-- ticks = (int)get_seconds();
-- line6_write_data(line6, 0x80c6, &ticks, 4);
-+ *ticks = (int)get_seconds();
-+ line6_write_data(line6, 0x80c6, ticks, sizeof(int));
-+
-+ kfree(ticks);
-
- /* enable device: */
- toneport_send_cmd(usbdev, 0x0301, 0x0000);
-diff --git a/tools/gcc/.gitignore b/tools/gcc/.gitignore
+diff --git a/scripts/gcc-plugins/.gitignore b/scripts/gcc-plugins/.gitignore
new file mode 100644
index 0000000..de92ed9
--- /dev/null
-+++ b/tools/gcc/.gitignore
++++ b/scripts/gcc-plugins/.gitignore
@@ -0,0 +1 @@
+randomize_layout_seed.h
-diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile
+diff --git a/scripts/gcc-plugins/Makefile b/scripts/gcc-plugins/Makefile
new file mode 100644
-index 0000000..f1db084
+index 0000000..ad7ca02
--- /dev/null
-+++ b/tools/gcc/Makefile
-@@ -0,0 +1,58 @@
++++ b/scripts/gcc-plugins/Makefile
+@@ -0,0 +1,57 @@
+#CC := gcc
+#PLUGIN_SOURCE_FILES := pax_plugin.c
+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
@@ -164146,7 +161419,6 @@ index 0000000..f1db084
+latent_entropy_plugin-objs := latent_entropy_plugin.o
+structleak_plugin-objs := structleak_plugin.o
+initify_plugin-objs := initify_plugin.o
-+rap_plugin-objs := rap_plugin.o sip.o
+randomize_layout_plugin-objs := randomize_layout_plugin.o
+
+$(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h
@@ -164158,11 +161430,11 @@ index 0000000..f1db084
+ $(call if_changed,create_randomize_layout_seed)
+
+targets += randomize_layout_seed.h randomize_layout_hash.h
-diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c
+diff --git a/scripts/gcc-plugins/checker_plugin.c b/scripts/gcc-plugins/checker_plugin.c
new file mode 100644
index 0000000..efaf576
--- /dev/null
-+++ b/tools/gcc/checker_plugin.c
++++ b/scripts/gcc-plugins/checker_plugin.c
@@ -0,0 +1,496 @@
+/*
+ * Copyright 2011-2016 by the PaX Team <pageexec@freemail.hu>
@@ -164660,11 +161932,11 @@ index 0000000..efaf576
+
+ return 0;
+}
-diff --git a/tools/gcc/colorize_plugin.c b/tools/gcc/colorize_plugin.c
+diff --git a/scripts/gcc-plugins/colorize_plugin.c b/scripts/gcc-plugins/colorize_plugin.c
new file mode 100644
index 0000000..ffe60f6
--- /dev/null
-+++ b/tools/gcc/colorize_plugin.c
++++ b/scripts/gcc-plugins/colorize_plugin.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright 2012-2016 by PaX Team <pageexec@freemail.hu>
@@ -164828,11 +162100,11 @@ index 0000000..ffe60f6
+ }
+ return 0;
+}
-diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c
+diff --git a/scripts/gcc-plugins/constify_plugin.c b/scripts/gcc-plugins/constify_plugin.c
new file mode 100644
-index 0000000..b52a700
+index 0000000..7142f36
--- /dev/null
-+++ b/tools/gcc/constify_plugin.c
++++ b/scripts/gcc-plugins/constify_plugin.c
@@ -0,0 +1,521 @@
+/*
+ * Copyright 2011 by Emese Revfy <re.emese@gmail.com>
@@ -164856,11 +162128,11 @@ index 0000000..b52a700
+
+int plugin_is_GPL_compatible;
+
-+static bool constify = true;
++static bool enabled = true;
+
+static struct plugin_info const_plugin_info = {
-+ .version = "201602181345",
-+ .help = "no-constify\tturn off constification\n",
++ .version = "201605212045",
++ .help = "disable\tturn off constification\n",
+};
+
+typedef struct {
@@ -165070,7 +162342,7 @@ index 0000000..b52a700
+
+ constifiable(type, &cinfo);
+ if ((cinfo.has_fptr_field && !cinfo.has_writable_field && !cinfo.has_no_const_field) || lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) {
-+ if (constify) {
++ if (enabled) {
+ if TYPE_P(*node)
+ deconstify_type(*node);
+ else
@@ -165083,7 +162355,7 @@ index 0000000..b52a700
+ return NULL_TREE;
+ }
+
-+ if (constify && TYPE_FIELDS(type))
++ if (enabled && TYPE_FIELDS(type))
+ error("%qE attribute used on type %qT that is not constified", name, type);
+ return NULL_TREE;
+}
@@ -165332,8 +162604,8 @@ index 0000000..b52a700
+ }
+
+ for (i = 0; i < argc; ++i) {
-+ if (!(strcmp(argv[i].key, "no-constify"))) {
-+ constify = false;
++ if (!(strcmp(argv[i].key, "disable"))) {
++ enabled = false;
+ continue;
+ }
+ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
@@ -165341,11 +162613,11 @@ index 0000000..b52a700
+
+ if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) {
+ inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name);
-+ constify = false;
++ enabled = false;
+ }
+
+ register_callback(plugin_name, PLUGIN_INFO, NULL, &const_plugin_info);
-+ if (constify) {
++ if (enabled) {
+ register_callback(plugin_name, PLUGIN_ALL_IPA_PASSES_START, check_global_variables, NULL);
+ register_callback(plugin_name, PLUGIN_FINISH_TYPE, finish_type, NULL);
+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &check_local_variables_pass_info);
@@ -165355,11 +162627,11 @@ index 0000000..b52a700
+
+ return 0;
+}
-diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h
+diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h
new file mode 100644
index 0000000..0c0b842
--- /dev/null
-+++ b/tools/gcc/gcc-common.h
++++ b/scripts/gcc-plugins/gcc-common.h
@@ -0,0 +1,879 @@
+#ifndef GCC_COMMON_H_INCLUDED
+#define GCC_COMMON_H_INCLUDED
@@ -166240,11 +163512,11 @@ index 0000000..0c0b842
+#endif
+
+#endif
-diff --git a/tools/gcc/gcc-generate-gimple-pass.h b/tools/gcc/gcc-generate-gimple-pass.h
+diff --git a/scripts/gcc-plugins/gcc-generate-gimple-pass.h b/scripts/gcc-plugins/gcc-generate-gimple-pass.h
new file mode 100644
index 0000000..0b081fe
--- /dev/null
-+++ b/tools/gcc/gcc-generate-gimple-pass.h
++++ b/scripts/gcc-plugins/gcc-generate-gimple-pass.h
@@ -0,0 +1,175 @@
+/*
+ * Generator for GIMPLE pass related boilerplate code/data
@@ -166421,11 +163693,11 @@ index 0000000..0b081fe
+#undef __PASS_NAME_PASS_DATA
+
+#endif /* PASS_NAME */
-diff --git a/tools/gcc/gcc-generate-ipa-pass.h b/tools/gcc/gcc-generate-ipa-pass.h
+diff --git a/scripts/gcc-plugins/gcc-generate-ipa-pass.h b/scripts/gcc-plugins/gcc-generate-ipa-pass.h
new file mode 100644
index 0000000..9bd926e
--- /dev/null
-+++ b/tools/gcc/gcc-generate-ipa-pass.h
++++ b/scripts/gcc-plugins/gcc-generate-ipa-pass.h
@@ -0,0 +1,289 @@
+/*
+ * Generator for IPA pass related boilerplate code/data
@@ -166716,11 +163988,11 @@ index 0000000..9bd926e
+#undef __WRITE_SUMMARY
+
+#endif /* PASS_NAME */
-diff --git a/tools/gcc/gcc-generate-rtl-pass.h b/tools/gcc/gcc-generate-rtl-pass.h
+diff --git a/scripts/gcc-plugins/gcc-generate-rtl-pass.h b/scripts/gcc-plugins/gcc-generate-rtl-pass.h
new file mode 100644
index 0000000..1dc67a5
--- /dev/null
-+++ b/tools/gcc/gcc-generate-rtl-pass.h
++++ b/scripts/gcc-plugins/gcc-generate-rtl-pass.h
@@ -0,0 +1,175 @@
+/*
+ * Generator for RTL pass related boilerplate code/data
@@ -166897,11 +164169,11 @@ index 0000000..1dc67a5
+#undef __PASS_NAME_PASS_DATA
+
+#endif /* PASS_NAME */
-diff --git a/tools/gcc/gcc-generate-simple_ipa-pass.h b/tools/gcc/gcc-generate-simple_ipa-pass.h
+diff --git a/scripts/gcc-plugins/gcc-generate-simple_ipa-pass.h b/scripts/gcc-plugins/gcc-generate-simple_ipa-pass.h
new file mode 100644
index 0000000..a27e2b3
--- /dev/null
-+++ b/tools/gcc/gcc-generate-simple_ipa-pass.h
++++ b/scripts/gcc-plugins/gcc-generate-simple_ipa-pass.h
@@ -0,0 +1,175 @@
+/*
+ * Generator for SIMPLE_IPA pass related boilerplate code/data
@@ -167078,11 +164350,11 @@ index 0000000..a27e2b3
+#undef __PASS_NAME_PASS_DATA
+
+#endif /* PASS_NAME */
-diff --git a/tools/gcc/gen-random-seed.sh b/tools/gcc/gen-random-seed.sh
+diff --git a/scripts/gcc-plugins/gen-random-seed.sh b/scripts/gcc-plugins/gen-random-seed.sh
new file mode 100644
index 0000000..7514850
--- /dev/null
-+++ b/tools/gcc/gen-random-seed.sh
++++ b/scripts/gcc-plugins/gen-random-seed.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
@@ -167092,11 +164364,11 @@ index 0000000..7514850
+ HASH=`echo -n "$SEED" | sha256sum | cut -d" " -f1 | tr -d ' \n'`
+ echo "#define RANDSTRUCT_HASHED_SEED \"$HASH\"" > "$2"
+fi
-diff --git a/tools/gcc/initify_plugin.c b/tools/gcc/initify_plugin.c
+diff --git a/scripts/gcc-plugins/initify_plugin.c b/scripts/gcc-plugins/initify_plugin.c
new file mode 100644
index 0000000..bf3eb6c
--- /dev/null
-+++ b/tools/gcc/initify_plugin.c
++++ b/scripts/gcc-plugins/initify_plugin.c
@@ -0,0 +1,536 @@
+/*
+ * Copyright 2015-2016 by Emese Revfy <re.emese@gmail.com>
@@ -167634,11 +164906,11 @@ index 0000000..bf3eb6c
+
+ return 0;
+}
-diff --git a/tools/gcc/kallocstat_plugin.c b/tools/gcc/kallocstat_plugin.c
+diff --git a/scripts/gcc-plugins/kallocstat_plugin.c b/scripts/gcc-plugins/kallocstat_plugin.c
new file mode 100644
index 0000000..30ecc9a
--- /dev/null
-+++ b/tools/gcc/kallocstat_plugin.c
++++ b/scripts/gcc-plugins/kallocstat_plugin.c
@@ -0,0 +1,135 @@
+/*
+ * Copyright 2011-2016 by the PaX Team <pageexec@freemail.hu>
@@ -167775,11 +165047,11 @@ index 0000000..30ecc9a
+
+ return 0;
+}
-diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c
+diff --git a/scripts/gcc-plugins/kernexec_plugin.c b/scripts/gcc-plugins/kernexec_plugin.c
new file mode 100644
index 0000000..e31e92f
--- /dev/null
-+++ b/tools/gcc/kernexec_plugin.c
++++ b/scripts/gcc-plugins/kernexec_plugin.c
@@ -0,0 +1,407 @@
+/*
+ * Copyright 2011-2016 by the PaX Team <pageexec@freemail.hu>
@@ -168188,12 +165460,12 @@ index 0000000..e31e92f
+
+ return 0;
+}
-diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c
+diff --git a/scripts/gcc-plugins/latent_entropy_plugin.c b/scripts/gcc-plugins/latent_entropy_plugin.c
new file mode 100644
-index 0000000..50d373c
+index 0000000..f08a221
--- /dev/null
-+++ b/tools/gcc/latent_entropy_plugin.c
-@@ -0,0 +1,422 @@
++++ b/scripts/gcc-plugins/latent_entropy_plugin.c
+@@ -0,0 +1,438 @@
+/*
+ * Copyright 2012-2016 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -168219,11 +165491,13 @@ index 0000000..50d373c
+
+int plugin_is_GPL_compatible;
+
++static bool enabled = true;
++
+static GTY(()) tree latent_entropy_decl;
+
+static struct plugin_info latent_entropy_plugin_info = {
-+ .version = "201604022010",
-+ .help = NULL
++ .version = "201605212030",
++ .help = "disable\tturn off latent entropy instrumentation\n",
+};
+
+static unsigned HOST_WIDE_INT seed;
@@ -168586,6 +165860,10 @@ index 0000000..50d373c
+int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
+{
+ const char * const plugin_name = plugin_info->base_name;
++ const int argc = plugin_info->argc;
++ const struct plugin_argument * const argv = plugin_info->argv;
++ int i;
++
+ struct register_pass_info latent_entropy_pass_info;
+
+ latent_entropy_pass_info.pass = make_latent_entropy_pass();
@@ -168608,19 +165886,29 @@ index 0000000..50d373c
+ return 1;
+ }
+
++ for (i = 0; i < argc; ++i) {
++ if (!(strcmp(argv[i].key, "disable"))) {
++ enabled = false;
++ continue;
++ }
++ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key);
++ }
++
+ register_callback(plugin_name, PLUGIN_INFO, NULL, &latent_entropy_plugin_info);
-+ register_callback(plugin_name, PLUGIN_START_UNIT, &latent_entropy_start_unit, NULL);
-+ register_callback(plugin_name, PLUGIN_REGISTER_GGC_ROOTS, NULL, (void *)&gt_ggc_r_gt_latent_entropy);
-+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &latent_entropy_pass_info);
++ if (enabled) {
++ register_callback(plugin_name, PLUGIN_START_UNIT, &latent_entropy_start_unit, NULL);
++ register_callback(plugin_name, PLUGIN_REGISTER_GGC_ROOTS, NULL, (void *)&gt_ggc_r_gt_latent_entropy);
++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &latent_entropy_pass_info);
++ }
+ register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL);
+
+ return 0;
+}
-diff --git a/tools/gcc/randomize_layout_plugin.c b/tools/gcc/randomize_layout_plugin.c
+diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c
new file mode 100644
index 0000000..a716d7a
--- /dev/null
-+++ b/tools/gcc/randomize_layout_plugin.c
++++ b/scripts/gcc-plugins/randomize_layout_plugin.c
@@ -0,0 +1,940 @@
+/*
+ * Copyright 2014-2016 by Open Source Security, Inc., Brad Spengler <spender@grsecurity.net>
@@ -169562,21 +166850,21 @@ index 0000000..a716d7a
+
+ return 0;
+}
-diff --git a/tools/gcc/rap_plugin/Makefile b/tools/gcc/rap_plugin/Makefile
+diff --git a/scripts/gcc-plugins/rap_plugin/Makefile b/scripts/gcc-plugins/rap_plugin/Makefile
new file mode 100644
index 0000000..8171be8
--- /dev/null
-+++ b/tools/gcc/rap_plugin/Makefile
++++ b/scripts/gcc-plugins/rap_plugin/Makefile
@@ -0,0 +1,4 @@
+$(HOSTLIBS)-$(CONFIG_PAX_RAP) += rap_plugin.so
+always := $($(HOSTLIBS)-y)
+
+rap_plugin-objs := $(patsubst $(srctree)/$(src)/%.c,%.o,$(wildcard $(srctree)/$(src)/*.c))
-diff --git a/tools/gcc/rap_plugin/rap.h b/tools/gcc/rap_plugin/rap.h
+diff --git a/scripts/gcc-plugins/rap_plugin/rap.h b/scripts/gcc-plugins/rap_plugin/rap.h
new file mode 100644
index 0000000..f6a284d
--- /dev/null
-+++ b/tools/gcc/rap_plugin/rap.h
++++ b/scripts/gcc-plugins/rap_plugin/rap.h
@@ -0,0 +1,36 @@
+#ifndef RAP_H_INCLUDED
+#define RAP_H_INCLUDED
@@ -169614,11 +166902,11 @@ index 0000000..f6a284d
+#endif
+
+#endif
-diff --git a/tools/gcc/rap_plugin/rap_fptr_pass.c b/tools/gcc/rap_plugin/rap_fptr_pass.c
+diff --git a/scripts/gcc-plugins/rap_plugin/rap_fptr_pass.c b/scripts/gcc-plugins/rap_plugin/rap_fptr_pass.c
new file mode 100644
index 0000000..2f53f14
--- /dev/null
-+++ b/tools/gcc/rap_plugin/rap_fptr_pass.c
++++ b/scripts/gcc-plugins/rap_plugin/rap_fptr_pass.c
@@ -0,0 +1,220 @@
+/*
+ * Copyright 2012-2016 by PaX Team <pageexec@freemail.hu>
@@ -169840,11 +167128,11 @@ index 0000000..2f53f14
+#define PASS_NAME rap_fptr
+#define TODO_FLAGS_FINISH TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_remove_unused_locals | TODO_update_ssa | TODO_cleanup_cfg | TODO_rebuild_cgraph_edges | TODO_verify_flow
+#include "gcc-generate-gimple-pass.h"
-diff --git a/tools/gcc/rap_plugin/rap_hash.c b/tools/gcc/rap_plugin/rap_hash.c
+diff --git a/scripts/gcc-plugins/rap_plugin/rap_hash.c b/scripts/gcc-plugins/rap_plugin/rap_hash.c
new file mode 100644
index 0000000..7c59f38
--- /dev/null
-+++ b/tools/gcc/rap_plugin/rap_hash.c
++++ b/scripts/gcc-plugins/rap_plugin/rap_hash.c
@@ -0,0 +1,382 @@
+/*
+ * Copyright 2012-2016 by PaX Team <pageexec@freemail.hu>
@@ -170228,11 +167516,11 @@ index 0000000..7c59f38
+ gcc_assert(rap_imprecise_hashes[uid].hash);
+ }
+}
-diff --git a/tools/gcc/rap_plugin/rap_plugin.c b/tools/gcc/rap_plugin/rap_plugin.c
+diff --git a/scripts/gcc-plugins/rap_plugin/rap_plugin.c b/scripts/gcc-plugins/rap_plugin/rap_plugin.c
new file mode 100644
index 0000000..bca74dc
--- /dev/null
-+++ b/tools/gcc/rap_plugin/rap_plugin.c
++++ b/scripts/gcc-plugins/rap_plugin/rap_plugin.c
@@ -0,0 +1,511 @@
+/*
+ * Copyright 2012-2016 by PaX Team <pageexec@freemail.hu>
@@ -170745,11 +168033,11 @@ index 0000000..bca74dc
+
+ return 0;
+}
-diff --git a/tools/gcc/rap_plugin/sip.c b/tools/gcc/rap_plugin/sip.c
+diff --git a/scripts/gcc-plugins/rap_plugin/sip.c b/scripts/gcc-plugins/rap_plugin/sip.c
new file mode 100644
index 0000000..65bc1cd
--- /dev/null
-+++ b/tools/gcc/rap_plugin/sip.c
++++ b/scripts/gcc-plugins/rap_plugin/sip.c
@@ -0,0 +1,96 @@
+// SipHash-2-4 adapted by the PaX Team from the public domain version written by
+// Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>
@@ -170847,20 +168135,20 @@ index 0000000..65bc1cd
+ b = v0 ^ v1 ^ v2 ^ v3;
+ U64TO8_LE(out, b);
+}
-diff --git a/tools/gcc/size_overflow_plugin/.gitignore b/tools/gcc/size_overflow_plugin/.gitignore
+diff --git a/scripts/gcc-plugins/size_overflow_plugin/.gitignore b/scripts/gcc-plugins/size_overflow_plugin/.gitignore
new file mode 100644
index 0000000..c4b24b9
--- /dev/null
-+++ b/tools/gcc/size_overflow_plugin/.gitignore
++++ b/scripts/gcc-plugins/size_overflow_plugin/.gitignore
@@ -0,0 +1,3 @@
+disable_size_overflow_hash.h
+size_overflow_hash.h
+size_overflow_hash_aux.h
-diff --git a/tools/gcc/size_overflow_plugin/Makefile b/tools/gcc/size_overflow_plugin/Makefile
+diff --git a/scripts/gcc-plugins/size_overflow_plugin/Makefile b/scripts/gcc-plugins/size_overflow_plugin/Makefile
new file mode 100644
index 0000000..f74d85a
--- /dev/null
-+++ b/tools/gcc/size_overflow_plugin/Makefile
++++ b/scripts/gcc-plugins/size_overflow_plugin/Makefile
@@ -0,0 +1,28 @@
+HOST_EXTRACXXFLAGS += $(call hostcc-option, -fno-ipa-icf)
+
@@ -170890,11 +168178,11 @@ index 0000000..f74d85a
+ $(call if_changed,build_disable_size_overflow_hash)
+
+targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h
-diff --git a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data
+diff --git a/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data b/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data
new file mode 100644
index 0000000..2a420f3
--- /dev/null
-+++ b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data
++++ b/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data
@@ -0,0 +1,12444 @@
+disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL
+disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL
@@ -183340,11 +180628,11 @@ index 0000000..2a420f3
+enable_so_inofree_iagctl_5194 inofree iagctl 0 5194 NULL
+enable_so_inofreefwd_iag_4921 inofreefwd iag 0 4921 NULL
+enable_so_iagnum_iag_23227 iagnum iag 0 23227 NULL
-diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh
+diff --git a/scripts/gcc-plugins/size_overflow_plugin/generate_size_overflow_hash.sh b/scripts/gcc-plugins/size_overflow_plugin/generate_size_overflow_hash.sh
new file mode 100644
index 0000000..be9724d
--- /dev/null
-+++ b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh
++++ b/scripts/gcc-plugins/size_overflow_plugin/generate_size_overflow_hash.sh
@@ -0,0 +1,103 @@
+#!/bin/bash
+
@@ -183449,11 +180737,11 @@ index 0000000..be9724d
+create_array_elements
+
+exit 0
-diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c b/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c
+diff --git a/scripts/gcc-plugins/size_overflow_plugin/insert_size_overflow_asm.c b/scripts/gcc-plugins/size_overflow_plugin/insert_size_overflow_asm.c
new file mode 100644
index 0000000..ee987da
--- /dev/null
-+++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c
++++ b/scripts/gcc-plugins/size_overflow_plugin/insert_size_overflow_asm.c
@@ -0,0 +1,369 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
@@ -183824,11 +181112,11 @@ index 0000000..ee987da
+#define TODO_FLAGS_FINISH TODO_dump_func | TODO_verify_ssa | TODO_verify_stmts | TODO_remove_unused_locals | TODO_update_ssa_no_phi | TODO_cleanup_cfg | TODO_ggc_collect | TODO_verify_flow
+
+#include "gcc-generate-gimple-pass.h"
-diff --git a/tools/gcc/size_overflow_plugin/intentional_overflow.c b/tools/gcc/size_overflow_plugin/intentional_overflow.c
+diff --git a/scripts/gcc-plugins/size_overflow_plugin/intentional_overflow.c b/scripts/gcc-plugins/size_overflow_plugin/intentional_overflow.c
new file mode 100644
-index 0000000..6fcc436
+index 0000000..f29aac6
--- /dev/null
-+++ b/tools/gcc/size_overflow_plugin/intentional_overflow.c
++++ b/scripts/gcc-plugins/size_overflow_plugin/intentional_overflow.c
@@ -0,0 +1,1166 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
@@ -184963,7 +182251,7 @@ index 0000000..6fcc436
+{
+ const_tree rhs, lhs_type, rhs_type;
+ const_tree def_rhs1, def_rhs2;
-+ gimple def_stmt;
++ const_gimple def_stmt;
+ gimple def_def_stmt = NULL;
+
+ if (!gimple_assign_cast_p(stmt))
@@ -184996,11 +182284,11 @@ index 0000000..6fcc436
+ // _36 = (signed short) _35;
+ return def_def_stmt && gimple_assign_cast_p(def_def_stmt);
+}
-diff --git a/tools/gcc/size_overflow_plugin/remove_unnecessary_dup.c b/tools/gcc/size_overflow_plugin/remove_unnecessary_dup.c
+diff --git a/scripts/gcc-plugins/size_overflow_plugin/remove_unnecessary_dup.c b/scripts/gcc-plugins/size_overflow_plugin/remove_unnecessary_dup.c
new file mode 100644
index 0000000..c910983
--- /dev/null
-+++ b/tools/gcc/size_overflow_plugin/remove_unnecessary_dup.c
++++ b/scripts/gcc-plugins/size_overflow_plugin/remove_unnecessary_dup.c
@@ -0,0 +1,137 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
@@ -185139,11 +182427,11 @@ index 0000000..c910983
+ }
+}
+
-diff --git a/tools/gcc/size_overflow_plugin/size_overflow.h b/tools/gcc/size_overflow_plugin/size_overflow.h
+diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow.h b/scripts/gcc-plugins/size_overflow_plugin/size_overflow.h
new file mode 100644
index 0000000..4bd2e7f
--- /dev/null
-+++ b/tools/gcc/size_overflow_plugin/size_overflow.h
++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow.h
@@ -0,0 +1,331 @@
+#ifndef SIZE_OVERFLOW_H
+#define SIZE_OVERFLOW_H
@@ -185476,11 +182764,11 @@ index 0000000..4bd2e7f
+extern const char * __unused print_intentional_mark_name(enum intentional_mark mark);
+
+#endif
-diff --git a/tools/gcc/size_overflow_plugin/size_overflow_debug.c b/tools/gcc/size_overflow_plugin/size_overflow_debug.c
+diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_debug.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_debug.c
new file mode 100644
index 0000000..4098952
--- /dev/null
-+++ b/tools/gcc/size_overflow_plugin/size_overflow_debug.c
++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_debug.c
@@ -0,0 +1,194 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
@@ -185676,11 +182964,11 @@ index 0000000..4098952
+
+ gcc_unreachable();
+}
-diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
+diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash.data b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
index 0000000..cbb8a80
--- /dev/null
-+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash.data
@@ -0,0 +1,21645 @@
+enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL
+enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL
@@ -207327,11 +204615,11 @@ index 0000000..cbb8a80
+enable_so_write_page_nocow_fndecl_65527 write_page_nocow fndecl 2 65527 NULL
+enable_so_size_mei_msg_data_65529 size mei_msg_data 0 65529 NULL
+enable_so_connector_write_fndecl_65534 connector_write fndecl 3 65534 NULL
-diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash_aux.data b/tools/gcc/size_overflow_plugin/size_overflow_hash_aux.data
+diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash_aux.data b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash_aux.data
new file mode 100644
index 0000000..17bc0d8
--- /dev/null
-+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash_aux.data
++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash_aux.data
@@ -0,0 +1,92 @@
+enable_so_spa_set_aux_vdevs_fndecl_746 spa_set_aux_vdevs fndecl 3 746 NULL
+enable_so_zfs_lookup_fndecl_2144 zfs_lookup fndecl 0 2144 NULL
@@ -207425,11 +204713,11 @@ index 0000000..17bc0d8
+enable_so_proc_copyin_string_fndecl_62019 proc_copyin_string fndecl 4 62019 NULL
+enable_so_random_get_pseudo_bytes_fndecl_64611 random_get_pseudo_bytes fndecl 2 64611 NULL
+enable_so_zpios_read_fndecl_64734 zpios_read fndecl 3 64734 NULL
-diff --git a/tools/gcc/size_overflow_plugin/size_overflow_ipa.c b/tools/gcc/size_overflow_plugin/size_overflow_ipa.c
+diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_ipa.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_ipa.c
new file mode 100644
index 0000000..0a679f8
--- /dev/null
-+++ b/tools/gcc/size_overflow_plugin/size_overflow_ipa.c
++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_ipa.c
@@ -0,0 +1,1163 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
@@ -208594,11 +205882,11 @@ index 0000000..0a679f8
+#define NO_GATE
+
+#include "gcc-generate-ipa-pass.h"
-diff --git a/tools/gcc/size_overflow_plugin/size_overflow_misc.c b/tools/gcc/size_overflow_plugin/size_overflow_misc.c
+diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_misc.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_misc.c
new file mode 100644
index 0000000..7f459ed
--- /dev/null
-+++ b/tools/gcc/size_overflow_plugin/size_overflow_misc.c
++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_misc.c
@@ -0,0 +1,505 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
@@ -209105,11 +206393,11 @@ index 0000000..7f459ed
+ }
+}
+
-diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
+diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin.c
new file mode 100644
index 0000000..3f8f032
--- /dev/null
-+++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin.c
@@ -0,0 +1,290 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
@@ -209401,11 +206689,11 @@ index 0000000..3f8f032
+
+ return 0;
+}
-diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin_hash.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin_hash.c
+diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin_hash.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin_hash.c
new file mode 100644
index 0000000..87af656
--- /dev/null
-+++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin_hash.c
++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin_hash.c
@@ -0,0 +1,352 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
@@ -209759,11 +207047,11 @@ index 0000000..87af656
+ fprintf(stderr, "Function %s is missing from the size_overflow hash table +%s+%s+%u+%u+\n", decl_name, decl_name, node->context, argnum, hash);
+}
+
-diff --git a/tools/gcc/size_overflow_plugin/size_overflow_transform.c b/tools/gcc/size_overflow_plugin/size_overflow_transform.c
+diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform.c
new file mode 100644
index 0000000..eebcf4c
--- /dev/null
-+++ b/tools/gcc/size_overflow_plugin/size_overflow_transform.c
++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform.c
@@ -0,0 +1,743 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
@@ -210508,11 +207796,11 @@ index 0000000..eebcf4c
+#endif
+ return TODO_dump_func | TODO_verify_stmts | TODO_remove_unused_locals | TODO_update_ssa_no_phi | TODO_ggc_collect | TODO_verify_flow;
+}
-diff --git a/tools/gcc/size_overflow_plugin/size_overflow_transform_core.c b/tools/gcc/size_overflow_plugin/size_overflow_transform_core.c
+diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform_core.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform_core.c
new file mode 100644
index 0000000..062204a
--- /dev/null
-+++ b/tools/gcc/size_overflow_plugin/size_overflow_transform_core.c
++++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform_core.c
@@ -0,0 +1,1025 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
@@ -211539,11 +208827,11 @@ index 0000000..062204a
+ gcc_unreachable();
+ }
+}
-diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c
+diff --git a/scripts/gcc-plugins/stackleak_plugin.c b/scripts/gcc-plugins/stackleak_plugin.c
new file mode 100644
index 0000000..8b69bd4
--- /dev/null
-+++ b/tools/gcc/stackleak_plugin.c
++++ b/scripts/gcc-plugins/stackleak_plugin.c
@@ -0,0 +1,350 @@
+/*
+ * Copyright 2011-2016 by the PaX Team <pageexec@freemail.hu>
@@ -211895,11 +209183,11 @@ index 0000000..8b69bd4
+
+ return 0;
+}
-diff --git a/tools/gcc/structleak_plugin.c b/tools/gcc/structleak_plugin.c
+diff --git a/scripts/gcc-plugins/structleak_plugin.c b/scripts/gcc-plugins/structleak_plugin.c
new file mode 100644
index 0000000..d7596e6
--- /dev/null
-+++ b/tools/gcc/structleak_plugin.c
++++ b/scripts/gcc-plugins/structleak_plugin.c
@@ -0,0 +1,239 @@
+/*
+ * Copyright 2013-2016 by PaX Team <pageexec@freemail.hu>
@@ -212140,6 +209428,3450 @@ index 0000000..d7596e6
+
+ return 0;
+}
+diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh
+index fdebd66..a349e33 100755
+--- a/scripts/headers_install.sh
++++ b/scripts/headers_install.sh
+@@ -32,6 +32,7 @@ do
+ FILE="$(basename "$i")"
+ sed -r \
+ -e 's/([ \t(])(__user|__force|__iomem)[ \t]/\1/g' \
++ -e 's/__intentional_overflow\([- \t,0-9]*\)//g' \
+ -e 's/__attribute_const__([ \t]|$)/\1/g' \
+ -e 's@^#include <linux/compiler.h>@@' \
+ -e 's/(^|[^a-zA-Z0-9])__packed([^a-zA-Z0-9_]|$)/\1__attribute__((packed))\2/g' \
+diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c
+index 8fa81e8..a9ac144 100644
+--- a/scripts/kallsyms.c
++++ b/scripts/kallsyms.c
+@@ -89,7 +89,7 @@ static inline int is_arm_mapping_symbol(const char *str)
+ }
+
+ static int check_symbol_range(const char *sym, unsigned long long addr,
+- struct addr_range *ranges, int entries)
++ struct addr_range *ranges, size_t entries)
+ {
+ size_t i;
+ struct addr_range *ar;
+@@ -178,7 +178,7 @@ static int read_symbol(FILE *in, struct sym_entry *s)
+ }
+
+ static int symbol_in_range(struct sym_entry *s, struct addr_range *ranges,
+- int entries)
++ size_t entries)
+ {
+ size_t i;
+ struct addr_range *ar;
+diff --git a/scripts/kconfig/lkc.h b/scripts/kconfig/lkc.h
+index 91ca126..5f7cad6 100644
+--- a/scripts/kconfig/lkc.h
++++ b/scripts/kconfig/lkc.h
+@@ -108,7 +108,8 @@ void menu_add_expr(enum prop_type type, struct expr *expr, struct expr *dep);
+ void menu_add_symbol(enum prop_type type, struct symbol *sym, struct expr *dep);
+ void menu_add_option(int token, char *arg);
+ void menu_finalize(struct menu *parent);
+-void menu_set_type(int type);
++enum symbol_type;
++void menu_set_type(enum symbol_type type);
+
+ /* util.c */
+ struct file *file_lookup(const char *name);
+@@ -123,7 +124,7 @@ struct gstr {
+ * when max_width is not zero long lines in string s (if any) get
+ * wrapped not to exceed the max_width value
+ */
+- int max_width;
++ size_t max_width;
+ };
+ struct gstr str_new(void);
+ void str_free(struct gstr *gs);
+diff --git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c
+index aed678e..1a703de 100644
+--- a/scripts/kconfig/menu.c
++++ b/scripts/kconfig/menu.c
+@@ -109,7 +109,7 @@ void menu_add_dep(struct expr *dep)
+ current_entry->dep = expr_alloc_and(current_entry->dep, menu_check_dep(dep));
+ }
+
+-void menu_set_type(int type)
++void menu_set_type(enum symbol_type type)
+ {
+ struct symbol *sym = current_entry->sym;
+
+diff --git a/scripts/kconfig/symbol.c b/scripts/kconfig/symbol.c
+index 25cf0c2..eb178ce 100644
+--- a/scripts/kconfig/symbol.c
++++ b/scripts/kconfig/symbol.c
+@@ -956,7 +956,7 @@ const char *sym_escape_string_value(const char *in)
+
+ struct sym_match {
+ struct symbol *sym;
+- off_t so, eo;
++ regoff_t so, eo;
+ };
+
+ /* Compare matched symbols as thus:
+@@ -978,8 +978,8 @@ static int sym_rel_comp(const void *sym1, const void *sym2)
+ * exactly; if this is the case, we can't decide which comes first,
+ * and we fallback to sorting alphabetically.
+ */
+- exact1 = (s1->eo - s1->so) == strlen(s1->sym->name);
+- exact2 = (s2->eo - s2->so) == strlen(s2->sym->name);
++ exact1 = (s1->eo - s1->so) == (long)strlen(s1->sym->name);
++ exact2 = (s2->eo - s2->so) == (long)strlen(s2->sym->name);
+ if (exact1 && !exact2)
+ return -1;
+ if (!exact1 && exact2)
+diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
+index ba6c34e..ea10bce 100755
+--- a/scripts/link-vmlinux.sh
++++ b/scripts/link-vmlinux.sh
+@@ -179,7 +179,7 @@ else
+ fi;
+
+ # final build of init/
+-${MAKE} -f "${srctree}/scripts/Makefile.build" obj=init
++${MAKE} -f "${srctree}/scripts/Makefile.build" obj=init GCC_PLUGINS_CFLAGS="${GCC_PLUGINS_CFLAGS}" GCC_PLUGINS_AFLAGS="${GCC_PLUGINS_AFLAGS}"
+
+ kallsymso=""
+ kallsyms_vmlinux=""
+diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c
+index a915507..27c1b41 100644
+--- a/scripts/mod/file2alias.c
++++ b/scripts/mod/file2alias.c
+@@ -156,7 +156,7 @@ static void device_id_check(const char *modname, const char *device_id,
+ unsigned long size, unsigned long id_size,
+ void *symval)
+ {
+- int i;
++ unsigned int i;
+
+ if (size % id_size || size < id_size) {
+ fatal("%s: sizeof(struct %s_device_id)=%lu is not a modulo "
+@@ -185,7 +185,7 @@ static void device_id_check(const char *modname, const char *device_id,
+ /* USB is special because the bcdDevice can be matched against a numeric range */
+ /* Looks like "usb:vNpNdNdcNdscNdpNicNiscNipNinN" */
+ static void do_usb_entry(void *symval,
+- unsigned int bcdDevice_initial, int bcdDevice_initial_digits,
++ unsigned int bcdDevice_initial, unsigned int bcdDevice_initial_digits,
+ unsigned char range_lo, unsigned char range_hi,
+ unsigned char max, struct module *mod)
+ {
+@@ -295,7 +295,7 @@ static void do_usb_entry_multi(void *symval, struct module *mod)
+ {
+ unsigned int devlo, devhi;
+ unsigned char chi, clo, max;
+- int ndigits;
++ unsigned int ndigits;
+
+ DEF_FIELD(symval, usb_device_id, match_flags);
+ DEF_FIELD(symval, usb_device_id, idVendor);
+@@ -619,7 +619,7 @@ static void do_pnp_device_entry(void *symval, unsigned long size,
+ for (i = 0; i < count; i++) {
+ DEF_FIELD_ADDR(symval + i*id_size, pnp_device_id, id);
+ char acpi_id[sizeof(*id)];
+- int j;
++ unsigned int j;
+
+ buf_printf(&mod->dev_table_buf,
+ "MODULE_ALIAS(\"pnp:d%s*\");\n", *id);
+@@ -648,7 +648,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size,
+
+ for (j = 0; j < PNP_MAX_DEVICES; j++) {
+ const char *id = (char *)(*devs)[j].id;
+- int i2, j2;
++ unsigned int i2, j2;
+ int dup = 0;
+
+ if (!id[0])
+@@ -674,7 +674,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size,
+ /* add an individual alias for every device entry */
+ if (!dup) {
+ char acpi_id[PNP_ID_LEN];
+- int k;
++ unsigned int k;
+
+ buf_printf(&mod->dev_table_buf,
+ "MODULE_ALIAS(\"pnp:d%s*\");\n", id);
+@@ -999,7 +999,7 @@ static void dmi_ascii_filter(char *d, const char *s)
+ static int do_dmi_entry(const char *filename, void *symval,
+ char *alias)
+ {
+- int i, j;
++ unsigned int i, j;
+ DEF_FIELD_ADDR(symval, dmi_system_id, matches);
+ sprintf(alias, "dmi*");
+
+diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
+index 48958d3..d5ccb52 100644
+--- a/scripts/mod/modpost.c
++++ b/scripts/mod/modpost.c
+@@ -37,6 +37,7 @@ static int vmlinux_section_warnings = 1;
+ static int warn_unresolved = 0;
+ /* How a symbol is exported */
+ static int sec_mismatch_count = 0;
++static int writable_fptr_count = 0;
+ static int sec_mismatch_verbose = 1;
+ static int sec_mismatch_fatal = 0;
+ /* ignore missing files */
+@@ -947,6 +948,7 @@ enum mismatch {
+ ANY_EXIT_TO_ANY_INIT,
+ EXPORT_TO_INIT_EXIT,
+ EXTABLE_TO_NON_TEXT,
++ DATA_TO_TEXT
+ };
+
+ /**
+@@ -1073,6 +1075,12 @@ static const struct sectioncheck sectioncheck[] = {
+ .good_tosec = {ALL_TEXT_SECTIONS , NULL},
+ .mismatch = EXTABLE_TO_NON_TEXT,
+ .handler = extable_mismatch_handler,
++},
++/* Do not reference code from writable data */
++{
++ .fromsec = { DATA_SECTIONS, NULL },
++ .bad_tosec = { ALL_TEXT_SECTIONS, NULL },
++ .mismatch = DATA_TO_TEXT
+ }
+ };
+
+@@ -1222,10 +1230,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr,
+ continue;
+ if (ELF_ST_TYPE(sym->st_info) == STT_SECTION)
+ continue;
+- if (sym->st_value == addr)
+- return sym;
+ /* Find a symbol nearby - addr are maybe negative */
+ d = sym->st_value - addr;
++ if (d == 0)
++ return sym;
+ if (d < 0)
+ d = addr - sym->st_value;
+ if (d < distance) {
+@@ -1384,7 +1392,11 @@ static void report_sec_mismatch(const char *modname,
+ char *prl_from;
+ char *prl_to;
+
+- sec_mismatch_count++;
++ if (mismatch->mismatch == DATA_TO_TEXT)
++ writable_fptr_count++;
++ else
++ sec_mismatch_count++;
++
+ if (!sec_mismatch_verbose)
+ return;
+
+@@ -1508,6 +1520,14 @@ static void report_sec_mismatch(const char *modname,
+ fatal("There's a special handler for this mismatch type, "
+ "we should never get here.");
+ break;
++ case DATA_TO_TEXT:
++#if 0
++ fprintf(stderr,
++ "The %s %s:%s references\n"
++ "the %s %s:%s%s\n",
++ from, fromsec, fromsym, to, tosec, tosym, to_p);
++#endif
++ break;
+ }
+ fprintf(stderr, "\n");
+ }
+@@ -1897,7 +1917,7 @@ static void section_rel(const char *modname, struct elf_info *elf,
+ static void check_sec_ref(struct module *mod, const char *modname,
+ struct elf_info *elf)
+ {
+- int i;
++ unsigned int i;
+ Elf_Shdr *sechdrs = elf->sechdrs;
+
+ /* Walk through all sections */
+@@ -2028,7 +2048,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf,
+ va_end(ap);
+ }
+
+-void buf_write(struct buffer *buf, const char *s, int len)
++void buf_write(struct buffer *buf, const char *s, unsigned int len)
+ {
+ if (buf->size - buf->pos < len) {
+ buf->size += len + SZ;
+@@ -2258,7 +2278,7 @@ static void write_if_changed(struct buffer *b, const char *fname)
+ if (fstat(fileno(file), &st) < 0)
+ goto close_write;
+
+- if (st.st_size != b->pos)
++ if (st.st_size != (off_t)b->pos)
+ goto close_write;
+
+ tmp = NOFAIL(malloc(b->pos));
+@@ -2496,6 +2516,14 @@ int main(int argc, char **argv)
+ "Set CONFIG_SECTION_MISMATCH_WARN_ONLY=y to allow them.\n");
+ }
+ }
++ if (writable_fptr_count) {
++ if (!sec_mismatch_verbose) {
++ warn("modpost: Found %d writable function pointer(s).\n"
++ "To see full details build your kernel with:\n"
++ "'make CONFIG_DEBUG_SECTION_MISMATCH=y'\n",
++ writable_fptr_count);
++ }
++ }
+
+ return err;
+ }
+diff --git a/scripts/mod/modpost.h b/scripts/mod/modpost.h
+index 6a5e151..f2fbaf5 100644
+--- a/scripts/mod/modpost.h
++++ b/scripts/mod/modpost.h
+@@ -98,15 +98,15 @@ void *do_nofail(void *ptr, const char *expr);
+
+ struct buffer {
+ char *p;
+- int pos;
+- int size;
++ unsigned int pos;
++ unsigned int size;
+ };
+
+ void __attribute__((format(printf, 2, 3)))
+ buf_printf(struct buffer *buf, const char *fmt, ...);
+
+ void
+-buf_write(struct buffer *buf, const char *s, int len);
++buf_write(struct buffer *buf, const char *s, unsigned int len);
+
+ struct module {
+ struct module *next;
+diff --git a/scripts/mod/sumversion.c b/scripts/mod/sumversion.c
+index 944418d..15291e4 100644
+--- a/scripts/mod/sumversion.c
++++ b/scripts/mod/sumversion.c
+@@ -470,7 +470,7 @@ static void write_version(const char *filename, const char *sum,
+ goto out;
+ }
+
+- if (write(fd, sum, strlen(sum)+1) != strlen(sum)+1) {
++ if (write(fd, sum, strlen(sum)+1) != (ssize_t)strlen(sum)+1) {
+ warn("writing sum in %s failed: %s\n",
+ filename, strerror(errno));
+ goto out;
+diff --git a/scripts/module-common.lds b/scripts/module-common.lds
+index 73a2c7d..df11b31 100644
+--- a/scripts/module-common.lds
++++ b/scripts/module-common.lds
+@@ -6,6 +6,10 @@
+ SECTIONS {
+ /DISCARD/ : { *(.discard) }
+
++ .rodata 0: {
++ *(.rodata) *(.rodata.*)
++ *(.data..read_only)
++ }
+ __ksymtab 0 : { *(SORT(___ksymtab+*)) }
+ __ksymtab_gpl 0 : { *(SORT(___ksymtab_gpl+*)) }
+ __ksymtab_unused 0 : { *(SORT(___ksymtab_unused+*)) }
+diff --git a/scripts/package/Makefile b/scripts/package/Makefile
+index c2c7389..81b8117 100644
+--- a/scripts/package/Makefile
++++ b/scripts/package/Makefile
+@@ -40,7 +40,7 @@ if test "$(objtree)" != "$(srctree)"; then \
+ fi ; \
+ $(srctree)/scripts/setlocalversion --save-scmversion; \
+ ln -sf $(srctree) $(2); \
+-tar -cz $(RCS_TAR_IGNORE) -f $(2).tar.gz \
++tar --owner=root --group=root -cz $(RCS_TAR_IGNORE) -f $(2).tar.gz \
+ $(addprefix $(2)/,$(TAR_CONTENT) $(3)); \
+ rm -f $(2) $(objtree)/.scmversion
+
+diff --git a/scripts/package/builddeb b/scripts/package/builddeb
+index 6c3b038..4bac93f 100755
+--- a/scripts/package/builddeb
++++ b/scripts/package/builddeb
+@@ -326,6 +326,7 @@ fi
+ (cd $srctree; find arch/$SRCARCH -name module.lds -o -name Kbuild.platforms -o -name Platform) >> "$objtree/debian/hdrsrcfiles"
+ (cd $srctree; find $(find arch/$SRCARCH -name include -o -name scripts -type d) -type f) >> "$objtree/debian/hdrsrcfiles"
+ (cd $objtree; find arch/$SRCARCH/include Module.symvers include scripts -type f) >> "$objtree/debian/hdrobjfiles"
++(cd $objtree; find scripts/gcc-plugins -name \*.so -o -name gcc-common.h) >> "$objtree/debian/hdrobjfiles"
+ destdir=$kernel_headers_dir/usr/src/linux-headers-$version
+ mkdir -p "$destdir"
+ (cd $srctree; tar -c -f - -T -) < "$objtree/debian/hdrsrcfiles" | (cd $destdir; tar -xf -)
+diff --git a/scripts/package/mkspec b/scripts/package/mkspec
+index fe44d68..3874acb 100755
+--- a/scripts/package/mkspec
++++ b/scripts/package/mkspec
+@@ -120,29 +120,40 @@ echo 'rm -f $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE/{build,source}"
+ echo "mkdir -p "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE"
+ echo "EXCLUDES=\"$RCS_TAR_IGNORE --exclude .tmp_versions --exclude=*vmlinux* --exclude=*.o --exclude=*.ko --exclude=*.cmd --exclude=Documentation --exclude=firmware --exclude .config.old --exclude .missing-syscalls.d\""
+ echo "tar "'$EXCLUDES'" -cf- . | (cd "'$RPM_BUILD_ROOT'"/usr/src/kernels/$KERNELRELEASE;tar xvf -)"
+-echo 'cd $RPM_BUILD_ROOT'"/lib/modules/$KERNELRELEASE"
+-echo "ln -sf /usr/src/kernels/$KERNELRELEASE build"
+-echo "ln -sf /usr/src/kernels/$KERNELRELEASE source"
+ fi
+
+ echo ""
+ echo "%clean"
+ echo 'rm -rf $RPM_BUILD_ROOT'
+ echo ""
++echo "%pre"
++echo 'chmod -f 0500 /boot'
++echo 'if [ -d /lib/modules ]; then'
++echo 'chmod -f 0500 /lib/modules'
++echo 'fi'
++echo 'if [ -d /lib32/modules ]; then'
++echo 'chmod -f 0500 /lib32/modules'
++echo 'fi'
++echo 'if [ -d /lib64/modules ]; then'
++echo 'chmod -f 0500 /lib64/modules'
++echo 'fi'
++echo ""
++echo "%post devel"
++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/build"
++echo "ln -sf /usr/src/kernels/$KERNELRELEASE /lib/modules/$KERNELRELEASE/source"
++echo ""
+ echo "%post"
+-echo "if [ -x /sbin/installkernel -a -r /boot/vmlinuz-$KERNELRELEASE -a -r /boot/System.map-$KERNELRELEASE ]; then"
+-echo "cp /boot/vmlinuz-$KERNELRELEASE /boot/.vmlinuz-$KERNELRELEASE-rpm"
+-echo "cp /boot/System.map-$KERNELRELEASE /boot/.System.map-$KERNELRELEASE-rpm"
+-echo "rm -f /boot/vmlinuz-$KERNELRELEASE /boot/System.map-$KERNELRELEASE"
+-echo "/sbin/installkernel $KERNELRELEASE /boot/.vmlinuz-$KERNELRELEASE-rpm /boot/.System.map-$KERNELRELEASE-rpm"
+-echo "rm -f /boot/.vmlinuz-$KERNELRELEASE-rpm /boot/.System.map-$KERNELRELEASE-rpm"
++echo "if [ -x /sbin/dracut ]; then"
++echo '/sbin/new-kernel-pkg --dracut --mkinitrd --depmod --install --make-default '"$KERNELRELEASE"' || exit $?'
++echo "else"
++echo '/sbin/new-kernel-pkg --mkinitrd --depmod --install --make-default '"$KERNELRELEASE"' || exit $?'
+ echo "fi"
+ echo ""
+ echo "%files"
+-echo '%defattr (-, root, root)'
+-echo "/lib/modules/$KERNELRELEASE"
++echo '%defattr (400, root, root, 500)'
+ echo "%exclude /lib/modules/$KERNELRELEASE/build"
+ echo "%exclude /lib/modules/$KERNELRELEASE/source"
++echo "/lib/modules/$KERNELRELEASE"
+ echo "/lib/firmware/$KERNELRELEASE"
+ echo "/boot/*"
+ echo ""
+@@ -152,9 +163,11 @@ echo "/usr/include"
+ echo ""
+ if ! $PREBUILT; then
+ echo "%files devel"
+-echo '%defattr (-, root, root)'
++echo '%defattr (400, root, root, 500)'
++echo "%dir /lib/modules/$KERNELRELEASE"
+ echo "/usr/src/kernels/$KERNELRELEASE"
+-echo "/lib/modules/$KERNELRELEASE/build"
+-echo "/lib/modules/$KERNELRELEASE/source"
++echo "%attr (500, root, root) /usr/src/kernels/$KERNELRELEASE/scripts/recordmcount"
++echo "%attr (500, root, root) /usr/src/kernels/$KERNELRELEASE/scripts/basic/fixdep"
++echo "%attr (500, root, root) /usr/src/kernels/$KERNELRELEASE/scripts/mod/modpost"
+ echo ""
+ fi
+diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c
+index 4718d78..9220d58 100644
+--- a/scripts/pnmtologo.c
++++ b/scripts/pnmtologo.c
+@@ -244,14 +244,14 @@ static void write_header(void)
+ fprintf(out, " * Linux logo %s\n", logoname);
+ fputs(" */\n\n", out);
+ fputs("#include <linux/linux_logo.h>\n\n", out);
+- fprintf(out, "static unsigned char %s_data[] __initdata = {\n",
++ fprintf(out, "static unsigned char %s_data[] = {\n",
+ logoname);
+ }
+
+ static void write_footer(void)
+ {
+ fputs("\n};\n\n", out);
+- fprintf(out, "const struct linux_logo %s __initconst = {\n", logoname);
++ fprintf(out, "const struct linux_logo %s = {\n", logoname);
+ fprintf(out, "\t.type\t\t= %s,\n", logo_types[logo_type]);
+ fprintf(out, "\t.width\t\t= %d,\n", logo_width);
+ fprintf(out, "\t.height\t\t= %d,\n", logo_height);
+@@ -381,7 +381,7 @@ static void write_logo_clut224(void)
+ fputs("\n};\n\n", out);
+
+ /* write logo clut */
+- fprintf(out, "static unsigned char %s_clut[] __initdata = {\n",
++ fprintf(out, "static unsigned char %s_clut[] = {\n",
+ logoname);
+ write_hex_cnt = 0;
+ for (i = 0; i < logo_clutsize; i++) {
+diff --git a/scripts/sortextable.h b/scripts/sortextable.h
+index ba87004..3f4852c 100644
+--- a/scripts/sortextable.h
++++ b/scripts/sortextable.h
+@@ -108,9 +108,9 @@ do_func(Elf_Ehdr *ehdr, char const *const fname, table_sort_t custom_sort)
+ const char *secstrtab;
+ const char *strtab;
+ char *extab_image;
+- int extab_index = 0;
+- int i;
+- int idx;
++ unsigned int extab_index = 0;
++ unsigned int i;
++ unsigned int idx;
+ unsigned int num_sections;
+ unsigned int secindex_strings;
+
+diff --git a/scripts/tags.sh b/scripts/tags.sh
+index 23ba1c6..cad2484 100755
+--- a/scripts/tags.sh
++++ b/scripts/tags.sh
+@@ -26,7 +26,7 @@ else
+ fi
+
+ # ignore userspace tools
+-ignore="$ignore ( -path ${tree}tools ) -prune -o"
++ignore="$ignore ( -path \"${tree}tools/[^g]*\" ) -prune -o"
+
+ # Find all available archs
+ find_all_archs()
+diff --git a/security/Kconfig b/security/Kconfig
+index e452378..8059bd2 100644
+--- a/security/Kconfig
++++ b/security/Kconfig
+@@ -4,6 +4,993 @@
+
+ menu "Security options"
+
++menu "Grsecurity"
++
++ config ARCH_TRACK_EXEC_LIMIT
++ bool
++
++ config PAX_KERNEXEC_PLUGIN
++ bool
++ depends on GCC_PLUGINS
++
++ config PAX_PER_CPU_PGD
++ bool
++
++ config TASK_SIZE_MAX_SHIFT
++ int
++ depends on X86_64
++ default 47 if !PAX_PER_CPU_PGD
++ default 42 if PAX_PER_CPU_PGD
++
++ config PAX_ENABLE_PAE
++ bool
++ default y if (X86_32 && (MPENTIUM4 || MK8 || MPSC || MCORE2 || MATOM))
++
++ config PAX_USERCOPY_SLABS
++ bool
++
++config GRKERNSEC
++ bool "Grsecurity"
++ select CRYPTO
++ select CRYPTO_SHA256
++ select PROC_FS
++ select STOP_MACHINE
++ select TTY
++ select DEBUG_KERNEL
++ select DEBUG_LIST
++ select MULTIUSER
++ help
++ If you say Y here, you will be able to configure many features
++ that will enhance the security of your system. It is highly
++ recommended that you say Y here and read through the help
++ for each option so that you fully understand the features and
++ can evaluate their usefulness for your machine.
++
++choice
++ prompt "Configuration Method"
++ depends on GRKERNSEC
++ default GRKERNSEC_CONFIG_CUSTOM
++ help
++
++config GRKERNSEC_CONFIG_AUTO
++ bool "Automatic"
++ help
++ If you choose this configuration method, you'll be able to answer a small
++ number of simple questions about how you plan to use this kernel.
++ The settings of grsecurity and PaX will be automatically configured for
++ the highest commonly-used settings within the provided constraints.
++
++ If you require additional configuration, custom changes can still be made
++ from the "custom configuration" menu.
++
++config GRKERNSEC_CONFIG_CUSTOM
++ bool "Custom"
++ help
++ If you choose this configuration method, you'll be able to configure all
++ grsecurity and PaX settings manually. Via this method, no options are
++ automatically enabled.
++
++ Take note that if menuconfig is exited with this configuration method
++ chosen, you will not be able to use the automatic configuration methods
++ without starting again with a kernel configuration with no grsecurity
++ or PaX options specified inside.
++
++endchoice
++
++choice
++ prompt "Usage Type"
++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO)
++ default GRKERNSEC_CONFIG_SERVER
++ help
++
++config GRKERNSEC_CONFIG_SERVER
++ bool "Server"
++ help
++ Choose this option if you plan to use this kernel on a server.
++
++config GRKERNSEC_CONFIG_DESKTOP
++ bool "Desktop"
++ help
++ Choose this option if you plan to use this kernel on a desktop.
++
++endchoice
++
++choice
++ prompt "Virtualization Type"
++ depends on (GRKERNSEC && X86 && GRKERNSEC_CONFIG_AUTO)
++ default GRKERNSEC_CONFIG_VIRT_NONE
++ help
++
++config GRKERNSEC_CONFIG_VIRT_NONE
++ bool "None"
++ help
++ Choose this option if this kernel will be run on bare metal.
++
++config GRKERNSEC_CONFIG_VIRT_GUEST
++ bool "Guest"
++ help
++ Choose this option if this kernel will be run as a VM guest.
++
++config GRKERNSEC_CONFIG_VIRT_HOST
++ bool "Host"
++ help
++ Choose this option if this kernel will be run as a VM host.
++
++endchoice
++
++choice
++ prompt "Virtualization Hardware"
++ depends on (GRKERNSEC && X86 && GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_GUEST || GRKERNSEC_CONFIG_VIRT_HOST))
++ help
++
++config GRKERNSEC_CONFIG_VIRT_EPT
++ bool "EPT/RVI Processor Support"
++ depends on X86
++ help
++ Choose this option if your CPU supports the EPT or RVI features of 2nd-gen
++ hardware virtualization. This allows for additional kernel hardening protections
++ to operate without additional performance impact.
++
++ To see if your Intel processor supports EPT, see:
++ http://ark.intel.com/Products/VirtualizationTechnology
++ (Most Core i3/5/7 support EPT)
++
++ To see if your AMD processor supports RVI, see:
++ http://support.amd.com/us/kbarticles/Pages/GPU120AMDRVICPUsHyperVWin8.aspx
++
++config GRKERNSEC_CONFIG_VIRT_SOFT
++ bool "First-gen/No Hardware Virtualization"
++ help
++ Choose this option if you use an Atom/Pentium/Core 2 processor that either doesn't
++ support hardware virtualization or doesn't support the EPT/RVI extensions.
++
++endchoice
++
++choice
++ prompt "Virtualization Software"
++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_GUEST || GRKERNSEC_CONFIG_VIRT_HOST))
++ help
++
++config GRKERNSEC_CONFIG_VIRT_XEN
++ bool "Xen"
++ help
++ Choose this option if this kernel is running as a Xen guest or host.
++
++config GRKERNSEC_CONFIG_VIRT_VMWARE
++ bool "VMWare"
++ help
++ Choose this option if this kernel is running as a VMWare guest or host.
++
++config GRKERNSEC_CONFIG_VIRT_KVM
++ bool "KVM"
++ help
++ Choose this option if this kernel is running as a KVM guest or host.
++
++config GRKERNSEC_CONFIG_VIRT_VIRTUALBOX
++ bool "VirtualBox"
++ help
++ Choose this option if this kernel is running as a VirtualBox guest or host.
++
++config GRKERNSEC_CONFIG_VIRT_HYPERV
++ bool "Hyper-V"
++ help
++ Choose this option if this kernel is running as a Hyper-V guest.
++
++endchoice
++
++choice
++ prompt "Required Priorities"
++ depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO)
++ default GRKERNSEC_CONFIG_PRIORITY_PERF
++ help
++
++config GRKERNSEC_CONFIG_PRIORITY_PERF
++ bool "Performance"
++ help
++ Choose this option if performance is of highest priority for this deployment
++ of grsecurity. Features like UDEREF on a 64bit kernel, kernel stack clearing,
++ clearing of structures intended for userland, and freed memory sanitizing will
++ be disabled.
++
++config GRKERNSEC_CONFIG_PRIORITY_SECURITY
++ bool "Security"
++ help
++ Choose this option if security is of highest priority for this deployment of
++ grsecurity. UDEREF, kernel stack clearing, clearing of structures intended
++ for userland, and freed memory sanitizing will be enabled for this kernel.
++ In a worst-case scenario, these features can introduce a 20% performance hit
++ (UDEREF on x64 contributing half of this hit).
++
++endchoice
++
++menu "Default Special Groups"
++depends on (GRKERNSEC && GRKERNSEC_CONFIG_AUTO)
++
++config GRKERNSEC_PROC_GID
++ int "GID exempted from /proc restrictions"
++ default 1001
++ help
++ Setting this GID determines which group will be exempted from
++ grsecurity's /proc restrictions, allowing users of the specified
++ group to view network statistics and the existence of other users'
++ processes on the system. This GID may also be chosen at boot time
++ via "grsec_proc_gid=" on the kernel commandline.
++
++config GRKERNSEC_TPE_UNTRUSTED_GID
++ int "GID for TPE-untrusted users"
++ depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
++ default 1005
++ help
++ Setting this GID determines which group untrusted users should
++ be added to. These users will be placed under grsecurity's Trusted Path
++ Execution mechanism, preventing them from executing their own binaries.
++ The users will only be able to execute binaries in directories owned and
++ writable only by the root user. If the sysctl option is enabled, a sysctl
++ option with name "tpe_gid" is created.
++
++config GRKERNSEC_TPE_TRUSTED_GID
++ int "GID for TPE-trusted users"
++ depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
++ default 1005
++ help
++ Setting this GID determines what group TPE restrictions will be
++ *disabled* for. If the sysctl option is enabled, a sysctl option
++ with name "tpe_gid" is created.
++
++config GRKERNSEC_SYMLINKOWN_GID
++ int "GID for users with kernel-enforced SymlinksIfOwnerMatch"
++ depends on GRKERNSEC_CONFIG_SERVER
++ default 1006
++ help
++ Setting this GID determines what group kernel-enforced
++ SymlinksIfOwnerMatch will be enabled for. If the sysctl option
++ is enabled, a sysctl option with name "symlinkown_gid" is created.
++
++
++endmenu
++
++menu "Customize Configuration"
++depends on GRKERNSEC
++
++menu "PaX"
++
++config PAX
++ bool "Enable various PaX features"
++ default y if GRKERNSEC_CONFIG_AUTO
++ depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS || PARISC || PPC || SPARC || X86)
++ help
++ This allows you to enable various PaX features. PaX adds
++ intrusion prevention mechanisms to the kernel that reduce
++ the risks posed by exploitable memory corruption bugs.
++
++menu "PaX Control"
++ depends on PAX
++
++config PAX_SOFTMODE
++ bool 'Support soft mode'
++ help
++ Enabling this option will allow you to run PaX in soft mode, that
++ is, PaX features will not be enforced by default, only on executables
++ marked explicitly. You must also enable PT_PAX_FLAGS or XATTR_PAX_FLAGS
++ support as they are the only way to mark executables for soft mode use.
++
++ Soft mode can be activated by using the "pax_softmode=1" kernel command
++ line option on boot. Furthermore you can control various PaX features
++ at runtime via the entries in /proc/sys/kernel/pax.
++
++config PAX_EI_PAX
++ bool 'Use legacy ELF header marking'
++ default y if GRKERNSEC_CONFIG_AUTO
++ help
++ Enabling this option will allow you to control PaX features on
++ a per executable basis via the 'chpax' utility available at
++ http://pax.grsecurity.net/. The control flags will be read from
++ an otherwise reserved part of the ELF header. This marking has
++ numerous drawbacks (no support for soft-mode, toolchain does not
++ know about the non-standard use of the ELF header) therefore it
++ has been deprecated in favour of PT_PAX_FLAGS and XATTR_PAX_FLAGS
++ support.
++
++ Note that if you enable PT_PAX_FLAGS or XATTR_PAX_FLAGS marking
++ support as well, they will override the legacy EI_PAX marks.
++
++ If you enable none of the marking options then all applications
++ will run with PaX enabled on them by default.
++
++config PAX_PT_PAX_FLAGS
++ bool 'Use ELF program header marking'
++ default y if GRKERNSEC_CONFIG_AUTO
++ help
++ Enabling this option will allow you to control PaX features on
++ a per executable basis via the 'paxctl' utility available at
++ http://pax.grsecurity.net/. The control flags will be read from
++ a PaX specific ELF program header (PT_PAX_FLAGS). This marking
++ has the benefits of supporting both soft mode and being fully
++ integrated into the toolchain (the binutils patch is available
++ from http://pax.grsecurity.net).
++
++ Note that if you enable the legacy EI_PAX marking support as well,
++ the EI_PAX marks will be overridden by the PT_PAX_FLAGS marks.
++
++ If you enable both PT_PAX_FLAGS and XATTR_PAX_FLAGS support then you
++ must make sure that the marks are the same if a binary has both marks.
++
++ If you enable none of the marking options then all applications
++ will run with PaX enabled on them by default.
++
++config PAX_XATTR_PAX_FLAGS
++ bool 'Use filesystem extended attributes marking'
++ default y if GRKERNSEC_CONFIG_AUTO
++ select CIFS_XATTR if CIFS
++ select EXT2_FS_XATTR if EXT2_FS
++ select EXT3_FS_XATTR if EXT3_FS
++ select F2FS_FS_XATTR if F2FS_FS
++ select JFFS2_FS_XATTR if JFFS2_FS
++ select REISERFS_FS_XATTR if REISERFS_FS
++ select SQUASHFS_XATTR if SQUASHFS
++ select TMPFS_XATTR if TMPFS
++ help
++ Enabling this option will allow you to control PaX features on
++ a per executable basis via the 'setfattr' utility. The control
++ flags will be read from the user.pax.flags extended attribute of
++ the file. This marking has the benefit of supporting binary-only
++ applications that self-check themselves (e.g., skype) and would
++ not tolerate chpax/paxctl changes. The main drawback is that
++ extended attributes are not supported by some filesystems (e.g.,
++ isofs, udf, vfat) so copying files through such filesystems will
++ lose the extended attributes and these PaX markings.
++
++ Note that if you enable the legacy EI_PAX marking support as well,
++ the EI_PAX marks will be overridden by the XATTR_PAX_FLAGS marks.
++
++ If you enable both PT_PAX_FLAGS and XATTR_PAX_FLAGS support then you
++ must make sure that the marks are the same if a binary has both marks.
++
++ If you enable none of the marking options then all applications
++ will run with PaX enabled on them by default.
++
++choice
++ prompt 'MAC system integration'
++ default PAX_HAVE_ACL_FLAGS
++ help
++ Mandatory Access Control systems have the option of controlling
++ PaX flags on a per executable basis, choose the method supported
++ by your particular system.
++
++ - "none": if your MAC system does not interact with PaX,
++ - "direct": if your MAC system defines pax_set_initial_flags() itself,
++ - "hook": if your MAC system uses the pax_set_initial_flags_func callback.
++
++ NOTE: this option is for developers/integrators only.
++
++ config PAX_NO_ACL_FLAGS
++ bool 'none'
++
++ config PAX_HAVE_ACL_FLAGS
++ bool 'direct'
++
++ config PAX_HOOK_ACL_FLAGS
++ bool 'hook'
++endchoice
++
++endmenu
++
++menu "Non-executable pages"
++ depends on PAX
++
++config PAX_NOEXEC
++ bool "Enforce non-executable pages"
++ default y if GRKERNSEC_CONFIG_AUTO
++ depends on ALPHA || (ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86
++ help
++ By design some architectures do not allow for protecting memory
++ pages against execution or even if they do, Linux does not make
++ use of this feature. In practice this means that if a page is
++ readable (such as the stack or heap) it is also executable.
++
++ There is a well known exploit technique that makes use of this
++ fact and a common programming mistake where an attacker can
++ introduce code of his choice somewhere in the attacked program's
++ memory (typically the stack or the heap) and then execute it.
++
++ If the attacked program was running with different (typically
++ higher) privileges than that of the attacker, then he can elevate
++ his own privilege level (e.g. get a root shell, write to files for
++ which he does not have write access to, etc).
++
++ Enabling this option will let you choose from various features
++ that prevent the injection and execution of 'foreign' code in
++ a program.
++
++ This will also break programs that rely on the old behaviour and
++ expect that dynamically allocated memory via the malloc() family
++ of functions is executable (which it is not). Notable examples
++ are the XFree86 4.x server, the java runtime and wine.
++
++config PAX_PAGEEXEC
++ bool "Paging based non-executable pages"
++ default y if GRKERNSEC_CONFIG_AUTO
++ depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MATOM || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7)
++ select ARCH_TRACK_EXEC_LIMIT if X86_32
++ help
++ This implementation is based on the paging feature of the CPU.
++ On i386 without hardware non-executable bit support there is a
++ variable but usually low performance impact, however on Intel's
++ P4 core based CPUs it is very high so you should not enable this
++ for kernels meant to be used on such CPUs.
++
++ On alpha, avr32, ia64, parisc, sparc, sparc64, x86_64 and i386
++ with hardware non-executable bit support there is no performance
++ impact, on ppc the impact is negligible.
++
++ Note that several architectures require various emulations due to
++ badly designed userland ABIs, this will cause a performance impact
++ but will disappear as soon as userland is fixed. For example, ppc
++ userland MUST have been built with secure-plt by a recent toolchain.
++
++config PAX_SEGMEXEC
++ bool "Segmentation based non-executable pages"
++ default y if GRKERNSEC_CONFIG_AUTO
++ depends on PAX_NOEXEC && X86_32
++ help
++ This implementation is based on the segmentation feature of the
++ CPU and has a very small performance impact, however applications
++ will be limited to a 1.5 GB address space instead of the normal
++ 3 GB.
++
++config PAX_EMUTRAMP
++ bool "Emulate trampolines"
++ default y if PARISC || GRKERNSEC_CONFIG_AUTO
++ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
++ help
++ There are some programs and libraries that for one reason or
++ another attempt to execute special small code snippets from
++ non-executable memory pages. Most notable examples are the
++ signal handler return code generated by the kernel itself and
++ the GCC trampolines.
++
++ If you enabled CONFIG_PAX_PAGEEXEC or CONFIG_PAX_SEGMEXEC then
++ such programs will no longer work under your kernel.
++
++ As a remedy you can say Y here and use the 'chpax' or 'paxctl'
++ utilities to enable trampoline emulation for the affected programs
++ yet still have the protection provided by the non-executable pages.
++
++ On parisc you MUST enable this option and EMUSIGRT as well, otherwise
++ your system will not even boot.
++
++ Alternatively you can say N here and use the 'chpax' or 'paxctl'
++ utilities to disable CONFIG_PAX_PAGEEXEC and CONFIG_PAX_SEGMEXEC
++ for the affected files.
++
++ NOTE: enabling this feature *may* open up a loophole in the
++ protection provided by non-executable pages that an attacker
++ could abuse. Therefore the best solution is to not have any
++ files on your system that would require this option. This can
++ be achieved by not using libc5 (which relies on the kernel
++ signal handler return code) and not using or rewriting programs
++ that make use of the nested function implementation of GCC.
++ Skilled users can just fix GCC itself so that it implements
++ nested function calls in a way that does not interfere with PaX.
++
++config PAX_EMUSIGRT
++ bool "Automatically emulate sigreturn trampolines"
++ depends on PAX_EMUTRAMP && PARISC
++ default y
++ help
++ Enabling this option will have the kernel automatically detect
++ and emulate signal return trampolines executing on the stack
++ that would otherwise lead to task termination.
++
++ This solution is intended as a temporary one for users with
++ legacy versions of libc (libc5, glibc 2.0, uClibc before 0.9.17,
++ Modula-3 runtime, etc) or executables linked to such, basically
++ everything that does not specify its own SA_RESTORER function in
++ normal executable memory like glibc 2.1+ does.
++
++ On parisc you MUST enable this option, otherwise your system will
++ not even boot.
++
++ NOTE: this feature cannot be disabled on a per executable basis
++ and since it *does* open up a loophole in the protection provided
++ by non-executable pages, the best solution is to not have any
++ files on your system that would require this option.
++
++config PAX_MPROTECT
++ bool "Restrict mprotect()"
++ default y if GRKERNSEC_CONFIG_AUTO
++ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC)
++ help
++ Enabling this option will prevent programs from
++ - changing the executable status of memory pages that were
++ not originally created as executable,
++ - making read-only executable pages writable again,
++ - creating executable pages from anonymous memory,
++ - making read-only-after-relocations (RELRO) data pages writable again.
++
++ You should say Y here to complete the protection provided by
++ the enforcement of non-executable pages.
++
++ NOTE: you can use the 'chpax' or 'paxctl' utilities to control
++ this feature on a per file basis.
++
++config PAX_MPROTECT_COMPAT
++ bool "Use legacy/compat protection demoting (read help)"
++ depends on PAX_MPROTECT
++ default n
++ help
++ The current implementation of PAX_MPROTECT denies RWX allocations/mprotects
++ by sending the proper error code to the application. For some older
++ userland, this can cause problems with applications that assume such
++ allocations will not be prevented by PaX or SELinux and other access
++ control systems and have no fallback mechanisms. For modern distros,
++ this option should generally be set to 'N'.
++
++config PAX_ELFRELOCS
++ bool "Allow ELF text relocations (read help)"
++ depends on PAX_MPROTECT
++ default n
++ help
++ Non-executable pages and mprotect() restrictions are effective
++ in preventing the introduction of new executable code into an
++ attacked task's address space. There remain only two venues
++ for this kind of attack: if the attacker can execute already
++ existing code in the attacked task then he can either have it
++ create and mmap() a file containing his code or have it mmap()
++ an already existing ELF library that does not have position
++ independent code in it and use mprotect() on it to make it
++ writable and copy his code there. While protecting against
++ the former approach is beyond PaX, the latter can be prevented
++ by having only PIC ELF libraries on one's system (which do not
++ need to relocate their code). If you are sure this is your case,
++ as is the case with all modern Linux distributions, then leave
++ this option disabled. You should say 'n' here.
++
++config PAX_ETEXECRELOCS
++ bool "Allow ELF ET_EXEC text relocations"
++ depends on PAX_MPROTECT && (ALPHA || IA64 || PARISC)
++ select PAX_ELFRELOCS
++ default y
++ help
++ On some architectures there are incorrectly created applications
++ that require text relocations and would not work without enabling
++ this option. If you are an alpha, ia64 or parisc user, you should
++ enable this option and disable it once you have made sure that
++ none of your applications need it.
++
++config PAX_EMUPLT
++ bool "Automatically emulate ELF PLT"
++ depends on PAX_MPROTECT && (ALPHA || PARISC || SPARC)
++ default y
++ help
++ Enabling this option will have the kernel automatically detect
++ and emulate the Procedure Linkage Table entries in ELF files.
++ On some architectures such entries are in writable memory, and
++ become non-executable leading to task termination. Therefore
++ it is mandatory that you enable this option on alpha, parisc,
++ sparc and sparc64, otherwise your system would not even boot.
++
++ NOTE: this feature *does* open up a loophole in the protection
++ provided by the non-executable pages, therefore the proper
++ solution is to modify the toolchain to produce a PLT that does
++ not need to be writable.
++
++config PAX_DLRESOLVE
++ bool 'Emulate old glibc resolver stub'
++ depends on PAX_EMUPLT && SPARC
++ default n
++ help
++ This option is needed if userland has an old glibc (before 2.4)
++ that puts a 'save' instruction into the runtime generated resolver
++ stub that needs special emulation.
++
++config PAX_KERNEXEC
++ bool "Enforce non-executable kernel pages"
++ default y if GRKERNSEC_CONFIG_AUTO && (!X86 || GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM))
++ depends on (X86 || (ARM && (CPU_V6 || CPU_V6K || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN
++ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
++ select PAX_KERNEXEC_PLUGIN if X86_64
++ select ARM_KERNMEM_PERMS if ARM
++ help
++ This is the kernel land equivalent of PAGEEXEC and MPROTECT,
++ that is, enabling this option will make it harder to inject
++ and execute 'foreign' code in kernel memory itself.
++
++ Note that on amd64, CONFIG_EFI enabled with "efi=old_map" on
++ the kernel command-line will result in an RWX physical map.
++
++ Likewise, the EFI runtime services are necessarily mapped as
++ RWX. If CONFIG_EFI is enabled on an EFI-capable system, it
++ is recommended that you boot with "noefi" on the kernel
++ command-line if possible to eliminate the mapping.
++
++choice
++ prompt "Return Address Instrumentation Method"
++ default PAX_KERNEXEC_PLUGIN_METHOD_BTS
++ depends on PAX_KERNEXEC_PLUGIN
++ help
++ Select the method used to instrument function pointer dereferences.
++ Note that binary modules cannot be instrumented by this approach.
++
++ Note that the implementation requires a gcc with plugin support,
++ i.e., gcc 4.5 or newer. You may need to install the supporting
++ headers explicitly in addition to the normal gcc package.
++
++ config PAX_KERNEXEC_PLUGIN_METHOD_BTS
++ bool "bts"
++ help
++ This method is compatible with binary only modules but has
++ a higher runtime overhead.
++
++ config PAX_KERNEXEC_PLUGIN_METHOD_OR
++ bool "or"
++ depends on !PARAVIRT
++ help
++ This method is incompatible with binary only modules but has
++ a lower runtime overhead.
++endchoice
++
++config PAX_KERNEXEC_PLUGIN_METHOD
++ string
++ default "bts" if PAX_KERNEXEC_PLUGIN_METHOD_BTS
++ default "or" if PAX_KERNEXEC_PLUGIN_METHOD_OR
++ default ""
++
++config PAX_KERNEXEC_MODULE_TEXT
++ int "Minimum amount of memory reserved for module code"
++ default "8" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER)
++ default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP)
++ depends on PAX_KERNEXEC && X86_32
++ help
++ Due to implementation details the kernel must reserve a fixed
++ amount of memory for runtime allocated code (such as modules)
++ at compile time that cannot be changed at runtime. Here you
++ can specify the minimum amount in MB that will be reserved.
++ Due to the same implementation details this size will always
++ be rounded up to the next 2/4 MB boundary (depends on PAE) so
++ the actually available memory for runtime allocated code will
++ usually be more than this minimum.
++
++ The default 4 MB should be enough for most users but if you have
++ an excessive number of modules (e.g., most distribution configs
++ compile many drivers as modules) or use huge modules such as
++ nvidia's kernel driver, you will need to adjust this amount.
++ A good rule of thumb is to look at your currently loaded kernel
++ modules and add up their sizes.
++
++endmenu
++
++menu "Address Space Layout Randomization"
++ depends on PAX
++
++config PAX_ASLR
++ bool "Address Space Layout Randomization"
++ default y if GRKERNSEC_CONFIG_AUTO
++ help
++ Many if not most exploit techniques rely on the knowledge of
++ certain addresses in the attacked program. The following options
++ will allow the kernel to apply a certain amount of randomization
++ to specific parts of the program thereby forcing an attacker to
++ guess them in most cases. Any failed guess will most likely crash
++ the attacked program which allows the kernel to detect such attempts
++ and react on them. PaX itself provides no reaction mechanisms,
++ instead it is strongly encouraged that you make use of grsecurity's
++ (http://www.grsecurity.net/) built-in crash detection features or
++ develop one yourself.
++
++ By saying Y here you can choose to randomize the following areas:
++ - top of the task's kernel stack
++ - top of the task's userland stack
++ - base address for mmap() requests that do not specify one
++ (this includes all libraries)
++ - base address of the main executable
++
++ It is strongly recommended to say Y here as address space layout
++ randomization has negligible impact on performance yet it provides
++ a very effective protection.
++
++ NOTE: you can use the 'chpax' or 'paxctl' utilities to control
++ this feature on a per file basis.
++
++config PAX_RANDKSTACK
++ bool "Randomize kernel stack base"
++ default y if GRKERNSEC_CONFIG_AUTO && !(GRKERNSEC_CONFIG_VIRT_HOST && GRKERNSEC_CONFIG_VIRT_VIRTUALBOX)
++ depends on X86_TSC && X86
++ help
++ By saying Y here the kernel will randomize every task's kernel
++ stack on every system call. This will not only force an attacker
++ to guess it but also prevent him from making use of possible
++ leaked information about it.
++
++ Since the kernel stack is a rather scarce resource, randomization
++ may cause unexpected stack overflows, therefore you should very
++ carefully test your system. Note that once enabled in the kernel
++ configuration, this feature cannot be disabled on a per file basis.
++
++config PAX_RANDUSTACK
++ bool
++
++config PAX_RANDMMAP
++ bool "Randomize user stack and mmap() bases"
++ default y if GRKERNSEC_CONFIG_AUTO
++ depends on PAX_ASLR
++ select PAX_RANDUSTACK
++ help
++ By saying Y here the kernel will randomize every task's userland
++ stack and use a randomized base address for mmap() requests that
++ do not specify one themselves.
++
++ The stack randomization is done in two steps where the second
++ one may apply a big amount of shift to the top of the stack and
++ cause problems for programs that want to use lots of memory (more
++ than 2.5 GB if SEGMEXEC is not active, or 1.25 GB when it is).
++
++ As a result of mmap randomization all dynamically loaded libraries
++ will appear at random addresses and therefore be harder to exploit
++ by a technique where an attacker attempts to execute library code
++ for his purposes (e.g. spawn a shell from an exploited program that
++ is running at an elevated privilege level).
++
++ Furthermore, if a program is relinked as a dynamic ELF file, its
++ base address will be randomized as well, completing the full
++ randomization of the address space layout. Attacking such programs
++ becomes a guess game. You can find an example of doing this at
++ http://pax.grsecurity.net/et_dyn.tar.gz and practical samples at
++ http://www.grsecurity.net/grsec-gcc-specs.tar.gz .
++
++ NOTE: you can use the 'chpax' or 'paxctl' utilities to control this
++ feature on a per file basis.
++
++endmenu
++
++menu "Miscellaneous hardening features"
++
++config PAX_MEMORY_SANITIZE
++ bool "Sanitize all freed memory"
++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY)
++ help
++ By saying Y here the kernel will erase memory pages and slab objects
++ as soon as they are freed. This in turn reduces the lifetime of data
++ stored in them, making it less likely that sensitive information such
++ as passwords, cryptographic secrets, etc stay in memory for too long.
++
++ This is especially useful for programs whose runtime is short, long
++ lived processes and the kernel itself benefit from this as long as
++ they ensure timely freeing of memory that may hold sensitive
++ information.
++
++ A nice side effect of the sanitization of slab objects is the
++ reduction of possible info leaks caused by padding bytes within the
++ leaky structures. Use-after-free bugs for structures containing
++ pointers can also be detected as dereferencing the sanitized pointer
++ will generate an access violation.
++
++ The tradeoff is performance impact, on a single CPU system kernel
++ compilation sees a 3% slowdown, other systems and workloads may vary
++ and you are advised to test this feature on your expected workload
++ before deploying it.
++
++ The slab sanitization feature excludes a few slab caches per default
++ for performance reasons. To extend the feature to cover those as
++ well, pass "pax_sanitize_slab=full" as kernel command line parameter.
++
++ To reduce the performance penalty by sanitizing pages only, albeit
++ limiting the effectiveness of this feature at the same time, slab
++ sanitization can be disabled with the kernel command line parameter
++ "pax_sanitize_slab=off".
++
++ Note that this feature does not protect data stored in live pages,
++ e.g., process memory swapped to disk may stay there for a long time.
++
++config PAX_MEMORY_STACKLEAK
++ bool "Sanitize kernel stack"
++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY)
++ depends on X86 && GCC_PLUGINS
++ help
++ By saying Y here the kernel will erase the kernel stack before it
++ returns from a system call. This in turn reduces the information
++ that a kernel stack leak bug can reveal.
++
++ Note that such a bug can still leak information that was put on
++ the stack by the current system call (the one eventually triggering
++ the bug) but traces of earlier system calls on the kernel stack
++ cannot leak anymore.
++
++ The tradeoff is performance impact: on a single CPU system kernel
++ compilation sees a 1% slowdown, other systems and workloads may vary
++ and you are advised to test this feature on your expected workload
++ before deploying it.
++
++ Note that the full feature requires a gcc with plugin support,
++ i.e., gcc 4.5 or newer. You may need to install the supporting
++ headers explicitly in addition to the normal gcc package. Using
++ older gcc versions means that functions with large enough stack
++ frames may leave uninitialized memory behind that may be exposed
++ to a later syscall leaking the stack.
++
++config PAX_MEMORY_STRUCTLEAK
++ bool "Forcibly initialize local variables copied to userland"
++ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY)
++ depends on GCC_PLUGINS
++ help
++ By saying Y here the kernel will zero initialize some local
++ variables that are going to be copied to userland. This in
++ turn prevents unintended information leakage from the kernel
++ stack should later code forget to explicitly set all parts of
++ the copied variable.
++
++ The tradeoff is less performance impact than PAX_MEMORY_STACKLEAK
++ at a much smaller coverage.
++
++ Note that the implementation requires a gcc with plugin support,
++ i.e., gcc 4.5 or newer. You may need to install the supporting
++ headers explicitly in addition to the normal gcc package.
++
++config PAX_MEMORY_UDEREF
++ bool "Prevent invalid userland pointer dereference"
++ default y if GRKERNSEC_CONFIG_AUTO && !(X86_64 && GRKERNSEC_CONFIG_PRIORITY_PERF) && !(X86_64 && GRKERNSEC_CONFIG_VIRT_HOST && GRKERNSEC_CONFIG_VIRT_VIRTUALBOX) && (!X86 || GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT)
++ depends on (X86 || (ARM && (CPU_V6 || CPU_V6K || CPU_V7) && !ARM_LPAE)) && !UML_X86 && !XEN
++ select PAX_PER_CPU_PGD if X86_64
++ help
++ By saying Y here the kernel will be prevented from dereferencing
++ userland pointers in contexts where the kernel expects only kernel
++ pointers. This is both a useful runtime debugging feature and a
++ security measure that prevents exploiting a class of kernel bugs.
++
++ The tradeoff is that some virtualization solutions may experience
++ a huge slowdown and therefore you should not enable this feature
++ for kernels meant to run in such environments. Whether a given VM
++ solution is affected or not is best determined by simply trying it
++ out, the performance impact will be obvious right on boot as this
++ mechanism engages from very early on. A good rule of thumb is that
++ VMs running on CPUs without hardware virtualization support (i.e.,
++ the majority of IA-32 CPUs) will likely experience the slowdown.
++
++ On X86_64 the kernel will make use of PCID support when available
++ (Intel's Westmere, Sandy Bridge, etc) for better security (default)
++ or performance impact. Pass pax_weakuderef on the kernel command
++ line to choose the latter.
++
++config PAX_REFCOUNT
++ bool "Prevent various kernel object reference counter overflows"
++ default y if GRKERNSEC_CONFIG_AUTO
++ depends on GRKERNSEC && ((ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || MIPS || PPC || SPARC64 || X86)
++ help
++ By saying Y here the kernel will detect and prevent overflowing
++ various (but not all) kinds of object reference counters. Such
++ overflows can normally occur due to bugs only and are often, if
++ not always, exploitable.
++
++ The tradeoff is that data structures protected by an overflowed
++ refcount will never be freed and therefore will leak memory. Note
++ that this leak also happens even without this protection but in
++ that case the overflow can eventually trigger the freeing of the
++ data structure while it is still being used elsewhere, resulting
++ in the exploitable situation that this feature prevents.
++
++ Since this has a negligible performance impact, you should enable
++ this feature.
++
++config PAX_CONSTIFY_PLUGIN
++ bool "Automatically constify eligible structures"
++ default y
++ depends on !UML && PAX_KERNEXEC
++ help
++ By saying Y here the compiler will automatically constify a class
++ of types that contain only function pointers. This reduces the
++ kernel's attack surface and also produces a better memory layout.
++
++ Note that the implementation requires a gcc with plugin support,
++ i.e., gcc 4.5 or newer. You may need to install the supporting
++ headers explicitly in addition to the normal gcc package.
++
++ Note that if some code really has to modify constified variables
++ then the source code will have to be patched to allow it. Examples
++ can be found in PaX itself (the no_const attribute) and for some
++ out-of-tree modules at http://www.grsecurity.net/~paxguy1/ .
++
++config PAX_USERCOPY
++ bool "Harden heap object copies between kernel and userland"
++ default y if GRKERNSEC_CONFIG_AUTO
++ depends on ARM || IA64 || PPC || SPARC || X86
++ depends on GRKERNSEC && (SLAB || SLUB || SLOB)
++ select PAX_USERCOPY_SLABS
++ help
++ By saying Y here the kernel will enforce the size of heap objects
++ when they are copied in either direction between the kernel and
++ userland, even if only a part of the heap object is copied.
++
++ Specifically, this checking prevents information leaking from the
++ kernel heap during kernel to userland copies (if the kernel heap
++ object is otherwise fully initialized) and prevents kernel heap
++ overflows during userland to kernel copies.
++
++ Note that the current implementation provides the strictest bounds
++ checks for the SLUB allocator.
++
++ Enabling this option also enables per-slab cache protection against
++ data in a given cache being copied into/out of via userland
++ accessors. Though the whitelist of regions will be reduced over
++ time, it notably protects important data structures like task structs.
++
++ If frame pointers are enabled on x86, this option will also restrict
++ copies into and out of the kernel stack to local variables within a
++ single frame.
++
++ Since this has a negligible performance impact, you should enable
++ this feature.
++
++config PAX_USERCOPY_DEBUG
++ bool
++ depends on X86 && PAX_USERCOPY
++ default n
++
++config PAX_SIZE_OVERFLOW
++ bool "Prevent various integer overflows in function size parameters"
++ default y if GRKERNSEC_CONFIG_AUTO
++ depends on GCC_PLUGINS
++ help
++ By saying Y here the kernel recomputes expressions of function
++ arguments marked by a size_overflow attribute with double integer
++ precision (DImode/TImode for 32/64 bit integer types).
++
++ The recomputed argument is checked against TYPE_MAX and an event
++ is logged on overflow and the triggering process is killed.
++
++ Homepage: https://github.com/ephox-gcc-plugins
++
++ Note that the implementation requires a gcc with plugin support,
++ i.e., gcc 4.5 or newer. You may need to install the supporting
++ headers explicitly in addition to the normal gcc package.
++
++config PAX_LATENT_ENTROPY
++ bool "Generate some entropy during boot and runtime"
++ default y if GRKERNSEC_CONFIG_AUTO
++ depends on GCC_PLUGINS
++ help
++ By saying Y here the kernel will instrument some kernel code to
++ extract some entropy from both original and artificially created
++ program state. This will help especially embedded systems where
++ there is little 'natural' source of entropy normally. The cost
++ is some slowdown of the boot process and fork and irq processing.
++
++ When pax_extra_latent_entropy is passed on the kernel command line,
++ entropy will be extracted from up to the first 4GB of RAM while the
++ runtime memory allocator is being initialized. This costs even more
++ slowdown of the boot process.
++
++ Note that the implementation requires a gcc with plugin support,
++ i.e., gcc 4.5 or newer. You may need to install the supporting
++ headers explicitly in addition to the normal gcc package.
++
++ Note that entropy extracted this way is not cryptographically
++ secure!
++
++config PAX_RAP
++ bool "Prevent code reuse attacks"
++ depends on X86_64
++ default y if GRKERNSEC_CONFIG_AUTO
++ help
++ By saying Y here the kernel will check indirect control transfers
++ in order to detect and prevent attacks that try to hijack control
++ flow by overwriting code pointers.
++
++ Note that binary modules cannot be instrumented by this approach.
++
++ Note that the implementation requires a gcc with plugin support,
++ i.e., gcc 4.5 or newer. You may need to install the supporting
++ headers explicitly in addition to the normal gcc package.
++
++endmenu
++
++endmenu
++
++source grsecurity/Kconfig
++
++endmenu
++
++endmenu
++
+ source security/keys/Kconfig
+
+ config SECURITY_DMESG_RESTRICT
+@@ -104,7 +1091,7 @@ config INTEL_TXT
+ config LSM_MMAP_MIN_ADDR
+ int "Low address space for LSM to protect from user allocation"
+ depends on SECURITY && SECURITY_SELINUX
+- default 32768 if ARM || (ARM64 && COMPAT)
++ default 32768 if ALPHA || ARM || (ARM64 && COMPAT) || PARISC || SPARC32
+ default 65536
+ help
+ This is the portion of low virtual memory which should be protected
+diff --git a/security/apparmor/file.c b/security/apparmor/file.c
+index 913f377..6e392d5 100644
+--- a/security/apparmor/file.c
++++ b/security/apparmor/file.c
+@@ -348,8 +348,8 @@ static inline bool xindex_is_subset(u32 link, u32 target)
+ int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
+ struct path *new_dir, struct dentry *new_dentry)
+ {
+- struct path link = { new_dir->mnt, new_dentry };
+- struct path target = { new_dir->mnt, old_dentry };
++ struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry };
++ struct path target = { .mnt = new_dir->mnt, .dentry = old_dentry };
+ struct path_cond cond = {
+ d_backing_inode(old_dentry)->i_uid,
+ d_backing_inode(old_dentry)->i_mode
+diff --git a/security/apparmor/include/policy.h b/security/apparmor/include/policy.h
+index c28b0f2..3b9fee0 100644
+--- a/security/apparmor/include/policy.h
++++ b/security/apparmor/include/policy.h
+@@ -134,7 +134,7 @@ struct aa_namespace {
+ struct aa_ns_acct acct;
+ struct aa_profile *unconfined;
+ struct list_head sub_ns;
+- atomic_t uniq_null;
++ atomic_unchecked_t uniq_null;
+ long uniq_id;
+
+ struct dentry *dents[AAFS_NS_SIZEOF];
+diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
+index dec607c..37fe357 100644
+--- a/security/apparmor/lsm.c
++++ b/security/apparmor/lsm.c
+@@ -176,7 +176,7 @@ static int common_perm_dir_dentry(int op, struct path *dir,
+ struct dentry *dentry, u32 mask,
+ struct path_cond *cond)
+ {
+- struct path path = { dir->mnt, dentry };
++ struct path path = { .mnt = dir->mnt, .dentry = dentry };
+
+ return common_perm(op, &path, mask, cond);
+ }
+@@ -193,7 +193,7 @@ static int common_perm_dir_dentry(int op, struct path *dir,
+ static int common_perm_mnt_dentry(int op, struct vfsmount *mnt,
+ struct dentry *dentry, u32 mask)
+ {
+- struct path path = { mnt, dentry };
++ struct path path = { .mnt = mnt, .dentry = dentry };
+ struct path_cond cond = { d_backing_inode(dentry)->i_uid,
+ d_backing_inode(dentry)->i_mode
+ };
+@@ -315,8 +315,8 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
+
+ profile = aa_current_profile();
+ if (!unconfined(profile)) {
+- struct path old_path = { old_dir->mnt, old_dentry };
+- struct path new_path = { new_dir->mnt, new_dentry };
++ struct path old_path = { .mnt = old_dir->mnt, .dentry = old_dentry };
++ struct path new_path = { .mnt = new_dir->mnt, .dentry = new_dentry };
+ struct path_cond cond = { d_backing_inode(old_dentry)->i_uid,
+ d_backing_inode(old_dentry)->i_mode
+ };
+@@ -677,11 +677,11 @@ static const struct kernel_param_ops param_ops_aalockpolicy = {
+ .get = param_get_aalockpolicy
+ };
+
+-static int param_set_audit(const char *val, struct kernel_param *kp);
+-static int param_get_audit(char *buffer, struct kernel_param *kp);
++static int param_set_audit(const char *val, const struct kernel_param *kp);
++static int param_get_audit(char *buffer, const struct kernel_param *kp);
+
+-static int param_set_mode(const char *val, struct kernel_param *kp);
+-static int param_get_mode(char *buffer, struct kernel_param *kp);
++static int param_set_mode(const char *val, const struct kernel_param *kp);
++static int param_get_mode(char *buffer, const struct kernel_param *kp);
+
+ /* Flag values, also controllable via /sys/module/apparmor/parameters
+ * We define special types as we want to do additional mediation.
+@@ -791,7 +791,7 @@ static int param_get_aauint(char *buffer, const struct kernel_param *kp)
+ return param_get_uint(buffer, kp);
+ }
+
+-static int param_get_audit(char *buffer, struct kernel_param *kp)
++static int param_get_audit(char *buffer, const struct kernel_param *kp)
+ {
+ if (!capable(CAP_MAC_ADMIN))
+ return -EPERM;
+@@ -802,7 +802,7 @@ static int param_get_audit(char *buffer, struct kernel_param *kp)
+ return sprintf(buffer, "%s", audit_mode_names[aa_g_audit]);
+ }
+
+-static int param_set_audit(const char *val, struct kernel_param *kp)
++static int param_set_audit(const char *val, const struct kernel_param *kp)
+ {
+ int i;
+ if (!capable(CAP_MAC_ADMIN))
+@@ -824,7 +824,7 @@ static int param_set_audit(const char *val, struct kernel_param *kp)
+ return -EINVAL;
+ }
+
+-static int param_get_mode(char *buffer, struct kernel_param *kp)
++static int param_get_mode(char *buffer, const struct kernel_param *kp)
+ {
+ if (!capable(CAP_MAC_ADMIN))
+ return -EPERM;
+@@ -835,7 +835,7 @@ static int param_get_mode(char *buffer, struct kernel_param *kp)
+ return sprintf(buffer, "%s", aa_profile_mode_names[aa_g_profile_mode]);
+ }
+
+-static int param_set_mode(const char *val, struct kernel_param *kp)
++static int param_set_mode(const char *val, const struct kernel_param *kp)
+ {
+ int i;
+ if (!capable(CAP_MAC_ADMIN))
+diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
+index 705c287..81257f1 100644
+--- a/security/apparmor/policy.c
++++ b/security/apparmor/policy.c
+@@ -298,7 +298,7 @@ static struct aa_namespace *alloc_namespace(const char *prefix,
+ /* ns and ns->unconfined share ns->unconfined refcount */
+ ns->unconfined->ns = ns;
+
+- atomic_set(&ns->uniq_null, 0);
++ atomic_set_unchecked(&ns->uniq_null, 0);
+
+ return ns;
+
+@@ -689,7 +689,7 @@ struct aa_profile *aa_new_null_profile(struct aa_profile *parent, int hat)
+ {
+ struct aa_profile *profile = NULL;
+ char *name;
+- int uniq = atomic_inc_return(&parent->ns->uniq_null);
++ int uniq = atomic_inc_return_unchecked(&parent->ns->uniq_null);
+
+ /* freed below */
+ name = kmalloc(strlen(parent->base.hname) + 2 + 7 + 8, GFP_KERNEL);
+diff --git a/security/commoncap.c b/security/commoncap.c
+index 48071ed..b805e0f 100644
+--- a/security/commoncap.c
++++ b/security/commoncap.c
+@@ -438,6 +438,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
+ return 0;
+ }
+
++/* returns:
++ 1 for suid privilege
++ 2 for sgid privilege
++ 3 for fscap privilege
++*/
++int is_privileged_binary(const struct dentry *dentry)
++{
++ struct cpu_vfs_cap_data capdata;
++ struct inode *inode = dentry->d_inode;
++
++ if (!inode || S_ISDIR(inode->i_mode))
++ return 0;
++
++ if (inode->i_mode & S_ISUID)
++ return 1;
++ if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))
++ return 2;
++
++ if (!get_vfs_caps_from_disk(dentry, &capdata)) {
++ if (!cap_isclear(capdata.inheritable) || !cap_isclear(capdata.permitted))
++ return 3;
++ }
++
++ return 0;
++}
++
+ /*
+ * Attempt to get the on-exec apply capability sets for an executable file from
+ * its xattrs and, if present, apply them to the proposed credentials being
+@@ -628,6 +654,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm)
+ const struct cred *cred = current_cred();
+ kuid_t root_uid = make_kuid(cred->user_ns, 0);
+
++ if (gr_acl_enable_at_secure())
++ return 1;
++
+ if (!uid_eq(cred->uid, root_uid)) {
+ if (bprm->cap_effective)
+ return 1;
+diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
+index 585af61..b7d35ff 100644
+--- a/security/integrity/ima/ima.h
++++ b/security/integrity/ima/ima.h
+@@ -125,8 +125,8 @@ int ima_init_template(void);
+ extern spinlock_t ima_queue_lock;
+
+ struct ima_h_table {
+- atomic_long_t len; /* number of stored measurements in the list */
+- atomic_long_t violations;
++ atomic_long_unchecked_t len; /* number of stored measurements in the list */
++ atomic_long_unchecked_t violations;
+ struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE];
+ };
+ extern struct ima_h_table ima_htable;
+diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
+index 1d950fb..a8f4eab 100644
+--- a/security/integrity/ima/ima_api.c
++++ b/security/integrity/ima/ima_api.c
+@@ -137,7 +137,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
+ int result;
+
+ /* can overflow, only indicator */
+- atomic_long_inc(&ima_htable.violations);
++ atomic_long_inc_unchecked(&ima_htable.violations);
+
+ result = ima_alloc_init_template(&event_data, &entry);
+ if (result < 0) {
+diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
+index f355231..c71f640 100644
+--- a/security/integrity/ima/ima_fs.c
++++ b/security/integrity/ima/ima_fs.c
+@@ -30,12 +30,12 @@ static DEFINE_MUTEX(ima_write_mutex);
+ static int valid_policy = 1;
+ #define TMPBUFLEN 12
+ static ssize_t ima_show_htable_value(char __user *buf, size_t count,
+- loff_t *ppos, atomic_long_t *val)
++ loff_t *ppos, atomic_long_unchecked_t *val)
+ {
+ char tmpbuf[TMPBUFLEN];
+ ssize_t len;
+
+- len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read(val));
++ len = scnprintf(tmpbuf, TMPBUFLEN, "%li\n", atomic_long_read_unchecked(val));
+ return simple_read_from_buffer(buf, count, ppos, tmpbuf, len);
+ }
+
+diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
+index 552705d..9920f4fb 100644
+--- a/security/integrity/ima/ima_queue.c
++++ b/security/integrity/ima/ima_queue.c
+@@ -83,7 +83,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry)
+ INIT_LIST_HEAD(&qe->later);
+ list_add_tail_rcu(&qe->later, &ima_measurements);
+
+- atomic_long_inc(&ima_htable.len);
++ atomic_long_inc_unchecked(&ima_htable.len);
+ key = ima_hash_key(entry->digest);
+ hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]);
+ return 0;
+diff --git a/security/keys/internal.h b/security/keys/internal.h
+index 5105c2c..a5010e6 100644
+--- a/security/keys/internal.h
++++ b/security/keys/internal.h
+@@ -90,12 +90,16 @@ extern void key_type_put(struct key_type *ktype);
+
+ extern int __key_link_begin(struct key *keyring,
+ const struct keyring_index_key *index_key,
+- struct assoc_array_edit **_edit);
++ struct assoc_array_edit **_edit)
++ __acquires(&keyring->sem)
++ __acquires(&keyring_serialise_link_sem);
+ extern int __key_link_check_live_key(struct key *keyring, struct key *key);
+ extern void __key_link(struct key *key, struct assoc_array_edit **_edit);
+ extern void __key_link_end(struct key *keyring,
+ const struct keyring_index_key *index_key,
+- struct assoc_array_edit *edit);
++ struct assoc_array_edit *edit)
++ __releases(&keyring->sem)
++ __releases(&keyring_serialise_link_sem);
+
+ extern key_ref_t find_key_to_update(key_ref_t keyring_ref,
+ const struct keyring_index_key *index_key);
+@@ -191,7 +195,7 @@ struct request_key_auth {
+ void *callout_info;
+ size_t callout_len;
+ pid_t pid;
+-};
++} __randomize_layout;
+
+ extern struct key_type key_type_request_key_auth;
+ extern struct key *request_key_auth_new(struct key *target,
+diff --git a/security/keys/key.c b/security/keys/key.c
+index 09ef276..ab2894f 100644
+--- a/security/keys/key.c
++++ b/security/keys/key.c
+@@ -283,7 +283,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
+
+ atomic_set(&key->usage, 1);
+ init_rwsem(&key->sem);
+- lockdep_set_class(&key->sem, &type->lock_class);
++ lockdep_set_class(&key->sem, (struct lock_class_key *)&type->lock_class);
+ key->index_key.type = type;
+ key->user = user;
+ key->quotalen = quotalen;
+@@ -1077,7 +1077,9 @@ int register_key_type(struct key_type *ktype)
+ struct key_type *p;
+ int ret;
+
+- memset(&ktype->lock_class, 0, sizeof(ktype->lock_class));
++ pax_open_kernel();
++ memset((void *)&ktype->lock_class, 0, sizeof(ktype->lock_class));
++ pax_close_kernel();
+
+ ret = -EEXIST;
+ down_write(&key_types_sem);
+@@ -1089,7 +1091,7 @@ int register_key_type(struct key_type *ktype)
+ }
+
+ /* store the type */
+- list_add(&ktype->link, &key_types_list);
++ pax_list_add((struct list_head *)&ktype->link, &key_types_list);
+
+ pr_notice("Key type %s registered\n", ktype->name);
+ ret = 0;
+@@ -1111,7 +1113,7 @@ EXPORT_SYMBOL(register_key_type);
+ void unregister_key_type(struct key_type *ktype)
+ {
+ down_write(&key_types_sem);
+- list_del_init(&ktype->link);
++ pax_list_del_init((struct list_head *)&ktype->link);
+ downgrade_write(&key_types_sem);
+ key_gc_keytype(ktype);
+ pr_notice("Key type %s unregistered\n", ktype->name);
+@@ -1129,10 +1131,10 @@ void __init key_init(void)
+ 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
+
+ /* add the special key types */
+- list_add_tail(&key_type_keyring.link, &key_types_list);
+- list_add_tail(&key_type_dead.link, &key_types_list);
+- list_add_tail(&key_type_user.link, &key_types_list);
+- list_add_tail(&key_type_logon.link, &key_types_list);
++ pax_list_add_tail((struct list_head *)&key_type_keyring.link, &key_types_list);
++ pax_list_add_tail((struct list_head *)&key_type_dead.link, &key_types_list);
++ pax_list_add_tail((struct list_head *)&key_type_user.link, &key_types_list);
++ pax_list_add_tail((struct list_head *)&key_type_logon.link, &key_types_list);
+
+ /* record the root user tracking */
+ rb_link_node(&root_key_user.node,
+diff --git a/security/keys/keyring.c b/security/keys/keyring.c
+index f931ccf..ed9cd36 100644
+--- a/security/keys/keyring.c
++++ b/security/keys/keyring.c
+@@ -1071,8 +1071,6 @@ static int keyring_detect_cycle(struct key *A, struct key *B)
+ int __key_link_begin(struct key *keyring,
+ const struct keyring_index_key *index_key,
+ struct assoc_array_edit **_edit)
+- __acquires(&keyring->sem)
+- __acquires(&keyring_serialise_link_sem)
+ {
+ struct assoc_array_edit *edit;
+ int ret;
+@@ -1172,8 +1170,6 @@ void __key_link(struct key *key, struct assoc_array_edit **_edit)
+ void __key_link_end(struct key *keyring,
+ const struct keyring_index_key *index_key,
+ struct assoc_array_edit *edit)
+- __releases(&keyring->sem)
+- __releases(&keyring_serialise_link_sem)
+ {
+ BUG_ON(index_key->type == NULL);
+ kenter("%d,%s,", keyring->serial, index_key->type->name);
+diff --git a/security/min_addr.c b/security/min_addr.c
+index f728728..6457a0c 100644
+--- a/security/min_addr.c
++++ b/security/min_addr.c
+@@ -14,6 +14,7 @@ unsigned long dac_mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
+ */
+ static void update_mmap_min_addr(void)
+ {
++#ifndef SPARC
+ #ifdef CONFIG_LSM_MMAP_MIN_ADDR
+ if (dac_mmap_min_addr > CONFIG_LSM_MMAP_MIN_ADDR)
+ mmap_min_addr = dac_mmap_min_addr;
+@@ -22,6 +23,7 @@ static void update_mmap_min_addr(void)
+ #else
+ mmap_min_addr = dac_mmap_min_addr;
+ #endif
++#endif
+ }
+
+ /*
+diff --git a/security/selinux/avc.c b/security/selinux/avc.c
+index e60c79d..41fb721 100644
+--- a/security/selinux/avc.c
++++ b/security/selinux/avc.c
+@@ -71,7 +71,7 @@ struct avc_xperms_node {
+ struct avc_cache {
+ struct hlist_head slots[AVC_CACHE_SLOTS]; /* head for avc_node->list */
+ spinlock_t slots_lock[AVC_CACHE_SLOTS]; /* lock for writes */
+- atomic_t lru_hint; /* LRU hint for reclaim scan */
++ atomic_unchecked_t lru_hint; /* LRU hint for reclaim scan */
+ atomic_t active_nodes;
+ u32 latest_notif; /* latest revocation notification */
+ };
+@@ -183,7 +183,7 @@ void __init avc_init(void)
+ spin_lock_init(&avc_cache.slots_lock[i]);
+ }
+ atomic_set(&avc_cache.active_nodes, 0);
+- atomic_set(&avc_cache.lru_hint, 0);
++ atomic_set_unchecked(&avc_cache.lru_hint, 0);
+
+ avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node),
+ 0, SLAB_PANIC, NULL);
+@@ -521,7 +521,7 @@ static inline int avc_reclaim_node(void)
+ spinlock_t *lock;
+
+ for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) {
+- hvalue = atomic_inc_return(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1);
++ hvalue = atomic_inc_return_unchecked(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1);
+ head = &avc_cache.slots[hvalue];
+ lock = &avc_cache.slots_lock[hvalue];
+
+diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
+index 1450f85..a91e0bc 100644
+--- a/security/selinux/include/xfrm.h
++++ b/security/selinux/include/xfrm.h
+@@ -48,7 +48,7 @@ static inline void selinux_xfrm_notify_policyload(void)
+
+ rtnl_lock();
+ for_each_net(net) {
+- atomic_inc(&net->xfrm.flow_cache_genid);
++ atomic_inc_unchecked(&net->xfrm.flow_cache_genid);
+ rt_genid_bump_all(net);
+ }
+ rtnl_unlock();
+diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
+index 2367b10..a0c3c51 100644
+--- a/security/tomoyo/file.c
++++ b/security/tomoyo/file.c
+@@ -692,7 +692,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path,
+ {
+ struct tomoyo_request_info r;
+ struct tomoyo_obj_info obj = {
+- .path1 = *path,
++ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
+ };
+ int error = -ENOMEM;
+ struct tomoyo_path_info buf;
+@@ -740,7 +740,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
+ struct tomoyo_path_info buf;
+ struct tomoyo_request_info r;
+ struct tomoyo_obj_info obj = {
+- .path1 = *path,
++ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
+ };
+ int idx;
+
+@@ -786,7 +786,7 @@ int tomoyo_path_perm(const u8 operation, const struct path *path, const char *ta
+ {
+ struct tomoyo_request_info r;
+ struct tomoyo_obj_info obj = {
+- .path1 = *path,
++ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
+ };
+ int error;
+ struct tomoyo_path_info buf;
+@@ -843,7 +843,7 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path,
+ {
+ struct tomoyo_request_info r;
+ struct tomoyo_obj_info obj = {
+- .path1 = *path,
++ .path1 = { .mnt = path->mnt, .dentry = path->dentry },
+ };
+ int error = -ENOMEM;
+ struct tomoyo_path_info buf;
+@@ -890,8 +890,8 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
+ struct tomoyo_path_info buf2;
+ struct tomoyo_request_info r;
+ struct tomoyo_obj_info obj = {
+- .path1 = *path1,
+- .path2 = *path2,
++ .path1 = { .mnt = path1->mnt, .dentry = path1->dentry },
++ .path2 = { .mnt = path2->mnt, .dentry = path2->dentry }
+ };
+ int idx;
+
+diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
+index 390c646..f2f8db3 100644
+--- a/security/tomoyo/mount.c
++++ b/security/tomoyo/mount.c
+@@ -118,6 +118,10 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r,
+ type == tomoyo_mounts[TOMOYO_MOUNT_MOVE]) {
+ need_dev = -1; /* dev_name is a directory */
+ } else {
++ if (!capable(CAP_SYS_ADMIN)) {
++ error = -EPERM;
++ goto out;
++ }
+ fstype = get_fs_type(type);
+ if (!fstype) {
+ error = -ENODEV;
+diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
+index cbf3df4..22b11df 100644
+--- a/security/tomoyo/tomoyo.c
++++ b/security/tomoyo/tomoyo.c
+@@ -165,7 +165,7 @@ static int tomoyo_path_truncate(struct path *path)
+ */
+ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
+ {
+- struct path path = { parent->mnt, dentry };
++ struct path path = { .mnt = parent->mnt, .dentry = dentry };
+ return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
+ }
+
+@@ -181,7 +181,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
+ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
+ umode_t mode)
+ {
+- struct path path = { parent->mnt, dentry };
++ struct path path = { .mnt = parent->mnt, .dentry = dentry };
+ return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
+ mode & S_IALLUGO);
+ }
+@@ -196,7 +196,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
+ */
+ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
+ {
+- struct path path = { parent->mnt, dentry };
++ struct path path = { .mnt = parent->mnt, .dentry = dentry };
+ return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
+ }
+
+@@ -212,7 +212,7 @@ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
+ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
+ const char *old_name)
+ {
+- struct path path = { parent->mnt, dentry };
++ struct path path = { .mnt = parent->mnt, .dentry = dentry };
+ return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
+ }
+
+@@ -229,7 +229,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
+ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
+ umode_t mode, unsigned int dev)
+ {
+- struct path path = { parent->mnt, dentry };
++ struct path path = { .mnt = parent->mnt, .dentry = dentry };
+ int type = TOMOYO_TYPE_CREATE;
+ const unsigned int perm = mode & S_IALLUGO;
+
+@@ -268,8 +268,8 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
+ static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
+ struct dentry *new_dentry)
+ {
+- struct path path1 = { new_dir->mnt, old_dentry };
+- struct path path2 = { new_dir->mnt, new_dentry };
++ struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry };
++ struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry };
+ return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
+ }
+
+@@ -288,8 +288,8 @@ static int tomoyo_path_rename(struct path *old_parent,
+ struct path *new_parent,
+ struct dentry *new_dentry)
+ {
+- struct path path1 = { old_parent->mnt, old_dentry };
+- struct path path2 = { new_parent->mnt, new_dentry };
++ struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry };
++ struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry };
+ return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
+ }
+
+@@ -417,7 +417,7 @@ static int tomoyo_sb_mount(const char *dev_name, struct path *path,
+ */
+ static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
+ {
+- struct path path = { mnt, mnt->mnt_root };
++ struct path path = { .mnt = mnt, .dentry = mnt->mnt_root };
+ return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
+ }
+
+diff --git a/security/yama/Kconfig b/security/yama/Kconfig
+index 90c605e..bf3a29a 100644
+--- a/security/yama/Kconfig
++++ b/security/yama/Kconfig
+@@ -1,6 +1,6 @@
+ config SECURITY_YAMA
+ bool "Yama support"
+- depends on SECURITY
++ depends on SECURITY && !GRKERNSEC
+ default n
+ help
+ This selects Yama, which extends DAC support with additional
+diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
+index cb6ed10..fb00554 100644
+--- a/security/yama/yama_lsm.c
++++ b/security/yama/yama_lsm.c
+@@ -357,7 +357,7 @@ static struct security_hook_list yama_hooks[] = {
+ static int yama_dointvec_minmax(struct ctl_table *table, int write,
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+ {
+- struct ctl_table table_copy;
++ ctl_table_no_const table_copy;
+
+ if (write && !capable(CAP_SYS_PTRACE))
+ return -EPERM;
+diff --git a/sound/aoa/codecs/onyx.c b/sound/aoa/codecs/onyx.c
+index a04edff..6811b91 100644
+--- a/sound/aoa/codecs/onyx.c
++++ b/sound/aoa/codecs/onyx.c
+@@ -54,7 +54,7 @@ struct onyx {
+ spdif_locked:1,
+ analog_locked:1,
+ original_mute:2;
+- int open_count;
++ local_t open_count;
+ struct codec_info *codec_info;
+
+ /* mutex serializes concurrent access to the device
+@@ -747,7 +747,7 @@ static int onyx_open(struct codec_info_item *cii,
+ struct onyx *onyx = cii->codec_data;
+
+ mutex_lock(&onyx->mutex);
+- onyx->open_count++;
++ local_inc(&onyx->open_count);
+ mutex_unlock(&onyx->mutex);
+
+ return 0;
+@@ -759,8 +759,7 @@ static int onyx_close(struct codec_info_item *cii,
+ struct onyx *onyx = cii->codec_data;
+
+ mutex_lock(&onyx->mutex);
+- onyx->open_count--;
+- if (!onyx->open_count)
++ if (local_dec_and_test(&onyx->open_count))
+ onyx->spdif_locked = onyx->analog_locked = 0;
+ mutex_unlock(&onyx->mutex);
+
+diff --git a/sound/aoa/codecs/onyx.h b/sound/aoa/codecs/onyx.h
+index ffd2025..df062c9 100644
+--- a/sound/aoa/codecs/onyx.h
++++ b/sound/aoa/codecs/onyx.h
+@@ -11,6 +11,7 @@
+ #include <linux/i2c.h>
+ #include <asm/pmac_low_i2c.h>
+ #include <asm/prom.h>
++#include <asm/local.h>
+
+ /* PCM3052 register definitions */
+
+diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
+index ebc9fdf..61f491e 100644
+--- a/sound/core/oss/pcm_oss.c
++++ b/sound/core/oss/pcm_oss.c
+@@ -1193,10 +1193,10 @@ snd_pcm_sframes_t snd_pcm_oss_write3(struct snd_pcm_substream *substream, const
+ if (in_kernel) {
+ mm_segment_t fs;
+ fs = snd_enter_user();
+- ret = snd_pcm_lib_write(substream, (void __force __user *)ptr, frames);
++ ret = snd_pcm_lib_write(substream, (void __force_user *)ptr, frames);
+ snd_leave_user(fs);
+ } else {
+- ret = snd_pcm_lib_write(substream, (void __force __user *)ptr, frames);
++ ret = snd_pcm_lib_write(substream, (void __force_user *)ptr, frames);
+ }
+ if (ret != -EPIPE && ret != -ESTRPIPE)
+ break;
+@@ -1236,10 +1236,10 @@ snd_pcm_sframes_t snd_pcm_oss_read3(struct snd_pcm_substream *substream, char *p
+ if (in_kernel) {
+ mm_segment_t fs;
+ fs = snd_enter_user();
+- ret = snd_pcm_lib_read(substream, (void __force __user *)ptr, frames);
++ ret = snd_pcm_lib_read(substream, (void __force_user *)ptr, frames);
+ snd_leave_user(fs);
+ } else {
+- ret = snd_pcm_lib_read(substream, (void __force __user *)ptr, frames);
++ ret = snd_pcm_lib_read(substream, (void __force_user *)ptr, frames);
+ }
+ if (ret == -EPIPE) {
+ if (runtime->status->state == SNDRV_PCM_STATE_DRAINING) {
+@@ -1335,7 +1335,7 @@ static ssize_t snd_pcm_oss_write2(struct snd_pcm_substream *substream, const cha
+ struct snd_pcm_plugin_channel *channels;
+ size_t oss_frame_bytes = (runtime->oss.plugin_first->src_width * runtime->oss.plugin_first->src_format.channels) / 8;
+ if (!in_kernel) {
+- if (copy_from_user(runtime->oss.buffer, (const char __force __user *)buf, bytes))
++ if (copy_from_user(runtime->oss.buffer, (const char __force_user *)buf, bytes))
+ return -EFAULT;
+ buf = runtime->oss.buffer;
+ }
+@@ -1405,7 +1405,7 @@ static ssize_t snd_pcm_oss_write1(struct snd_pcm_substream *substream, const cha
+ }
+ } else {
+ tmp = snd_pcm_oss_write2(substream,
+- (const char __force *)buf,
++ (const char __force_kernel *)buf,
+ runtime->oss.period_bytes, 0);
+ if (tmp <= 0)
+ goto err;
+@@ -1431,7 +1431,7 @@ static ssize_t snd_pcm_oss_read2(struct snd_pcm_substream *substream, char *buf,
+ struct snd_pcm_runtime *runtime = substream->runtime;
+ snd_pcm_sframes_t frames, frames1;
+ #ifdef CONFIG_SND_PCM_OSS_PLUGINS
+- char __user *final_dst = (char __force __user *)buf;
++ char __user *final_dst = (char __force_user *)buf;
+ if (runtime->oss.plugin_first) {
+ struct snd_pcm_plugin_channel *channels;
+ size_t oss_frame_bytes = (runtime->oss.plugin_last->dst_width * runtime->oss.plugin_last->dst_format.channels) / 8;
+@@ -1493,7 +1493,7 @@ static ssize_t snd_pcm_oss_read1(struct snd_pcm_substream *substream, char __use
+ xfer += tmp;
+ runtime->oss.buffer_used -= tmp;
+ } else {
+- tmp = snd_pcm_oss_read2(substream, (char __force *)buf,
++ tmp = snd_pcm_oss_read2(substream, (char __force_kernel *)buf,
+ runtime->oss.period_bytes, 0);
+ if (tmp <= 0)
+ goto err;
+@@ -1662,7 +1662,7 @@ static int snd_pcm_oss_sync(struct snd_pcm_oss_file *pcm_oss_file)
+ size1);
+ size1 /= runtime->channels; /* frames */
+ fs = snd_enter_user();
+- snd_pcm_lib_write(substream, (void __force __user *)runtime->oss.buffer, size1);
++ snd_pcm_lib_write(substream, (void __force_user *)runtime->oss.buffer, size1);
+ snd_leave_user(fs);
+ }
+ } else if (runtime->access == SNDRV_PCM_ACCESS_RW_NONINTERLEAVED) {
+diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c
+index 1f64ab0..26a7233 100644
+--- a/sound/core/pcm_compat.c
++++ b/sound/core/pcm_compat.c
+@@ -31,7 +31,7 @@ static int snd_pcm_ioctl_delay_compat(struct snd_pcm_substream *substream,
+ int err;
+
+ fs = snd_enter_user();
+- err = snd_pcm_delay(substream, &delay);
++ err = snd_pcm_delay(substream, (snd_pcm_sframes_t __force_user *)&delay);
+ snd_leave_user(fs);
+ if (err < 0)
+ return err;
+diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c
+index 3a9b66c..2b38b21 100644
+--- a/sound/core/pcm_lib.c
++++ b/sound/core/pcm_lib.c
+@@ -1867,8 +1867,9 @@ EXPORT_SYMBOL(snd_pcm_lib_ioctl);
+ * Even if more than one periods have elapsed since the last call, you
+ * have to call this only once.
+ */
+-void snd_pcm_period_elapsed(struct snd_pcm_substream *substream)
++void snd_pcm_period_elapsed(void *_substream)
+ {
++ struct snd_pcm_substream *substream = _substream;
+ struct snd_pcm_runtime *runtime;
+ unsigned long flags;
+
+diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
+index 9106d8e..e7e2e3c 100644
+--- a/sound/core/pcm_native.c
++++ b/sound/core/pcm_native.c
+@@ -3014,11 +3014,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
+ switch (substream->stream) {
+ case SNDRV_PCM_STREAM_PLAYBACK:
+ result = snd_pcm_playback_ioctl1(NULL, substream, cmd,
+- (void __user *)arg);
++ (void __force_user *)arg);
+ break;
+ case SNDRV_PCM_STREAM_CAPTURE:
+ result = snd_pcm_capture_ioctl1(NULL, substream, cmd,
+- (void __user *)arg);
++ (void __force_user *)arg);
+ break;
+ default:
+ result = -EINVAL;
+diff --git a/sound/core/rawmidi.c b/sound/core/rawmidi.c
+index 795437b..3650746 100644
+--- a/sound/core/rawmidi.c
++++ b/sound/core/rawmidi.c
+@@ -871,9 +871,10 @@ static int snd_rawmidi_control_ioctl(struct snd_card *card,
+ *
+ * Return: The size of read data, or a negative error code on failure.
+ */
+-int snd_rawmidi_receive(struct snd_rawmidi_substream *substream,
+- const unsigned char *buffer, int count)
++int snd_rawmidi_receive(void *_substream, const void *_buffer, int count)
+ {
++ struct snd_rawmidi_substream *substream = _substream;
++ const unsigned char *buffer = _buffer;
+ unsigned long flags;
+ int result = 0, count1;
+ struct snd_rawmidi_runtime *runtime = substream->runtime;
+diff --git a/sound/core/seq/oss/seq_oss_synth.c b/sound/core/seq/oss/seq_oss_synth.c
+index b16dbef04..8eb05a4 100644
+--- a/sound/core/seq/oss/seq_oss_synth.c
++++ b/sound/core/seq/oss/seq_oss_synth.c
+@@ -653,8 +653,8 @@ snd_seq_oss_synth_info_read(struct snd_info_buffer *buf)
+ rec->synth_type, rec->synth_subtype,
+ rec->nr_voices);
+ snd_iprintf(buf, " capabilities : ioctl %s / load_patch %s\n",
+- enabled_str((long)rec->oper.ioctl),
+- enabled_str((long)rec->oper.load_patch));
++ enabled_str(!!rec->oper.ioctl),
++ enabled_str(!!rec->oper.load_patch));
+ snd_use_lock_free(&rec->use_lock);
+ }
+ }
+diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c
+index 58e79e0..19751d1 100644
+--- a/sound/core/seq/seq_clientmgr.c
++++ b/sound/core/seq/seq_clientmgr.c
+@@ -416,7 +416,7 @@ static ssize_t snd_seq_read(struct file *file, char __user *buf, size_t count,
+ if (!client->accept_input || (fifo = client->data.user.fifo) == NULL)
+ return -ENXIO;
+
+- if (atomic_read(&fifo->overflow) > 0) {
++ if (atomic_read_unchecked(&fifo->overflow) > 0) {
+ /* buffer overflow is detected */
+ snd_seq_fifo_clear(fifo);
+ /* return error code */
+@@ -446,7 +446,7 @@ static ssize_t snd_seq_read(struct file *file, char __user *buf, size_t count,
+ count -= sizeof(struct snd_seq_event);
+ buf += sizeof(struct snd_seq_event);
+ err = snd_seq_expand_var_event(&cell->event, count,
+- (char __force *)buf, 0,
++ (char __force_kernel *)buf, 0,
+ sizeof(struct snd_seq_event));
+ if (err < 0)
+ break;
+@@ -1062,13 +1062,13 @@ static ssize_t snd_seq_write(struct file *file, const char __user *buf,
+ }
+ /* set user space pointer */
+ event.data.ext.len = extlen | SNDRV_SEQ_EXT_USRPTR;
+- event.data.ext.ptr = (char __force *)buf
++ event.data.ext.ptr = (char __force_kernel *)buf
+ + sizeof(struct snd_seq_event);
+ len += extlen; /* increment data length */
+ } else {
+ #ifdef CONFIG_COMPAT
+ if (client->convert32 && snd_seq_ev_is_varusr(&event)) {
+- void *ptr = (void __force *)compat_ptr(event.data.raw32.d[1]);
++ void *ptr = (void __force_kernel *)compat_ptr(event.data.raw32.d[1]);
+ event.data.ext.ptr = ptr;
+ }
+ #endif
+@@ -2423,7 +2423,7 @@ int snd_seq_kernel_client_ctl(int clientid, unsigned int cmd, void *arg)
+ if (client == NULL)
+ return -ENXIO;
+ fs = snd_enter_user();
+- result = snd_seq_do_ioctl(client, cmd, (void __force __user *)arg);
++ result = snd_seq_do_ioctl(client, cmd, (void __force_user *)arg);
+ snd_leave_user(fs);
+ return result;
+ }
+diff --git a/sound/core/seq/seq_compat.c b/sound/core/seq/seq_compat.c
+index 6517590..9905cee 100644
+--- a/sound/core/seq/seq_compat.c
++++ b/sound/core/seq/seq_compat.c
+@@ -60,7 +60,7 @@ static int snd_seq_call_port_info_ioctl(struct snd_seq_client *client, unsigned
+ data->kernel = NULL;
+
+ fs = snd_enter_user();
+- err = snd_seq_do_ioctl(client, cmd, data);
++ err = snd_seq_do_ioctl(client, cmd, (void __force_user *)data);
+ snd_leave_user(fs);
+ if (err < 0)
+ goto error;
+diff --git a/sound/core/seq/seq_fifo.c b/sound/core/seq/seq_fifo.c
+index 1d5acbe..5f55223 100644
+--- a/sound/core/seq/seq_fifo.c
++++ b/sound/core/seq/seq_fifo.c
+@@ -50,7 +50,7 @@ struct snd_seq_fifo *snd_seq_fifo_new(int poolsize)
+ spin_lock_init(&f->lock);
+ snd_use_lock_init(&f->use_lock);
+ init_waitqueue_head(&f->input_sleep);
+- atomic_set(&f->overflow, 0);
++ atomic_set_unchecked(&f->overflow, 0);
+
+ f->head = NULL;
+ f->tail = NULL;
+@@ -96,7 +96,7 @@ void snd_seq_fifo_clear(struct snd_seq_fifo *f)
+ unsigned long flags;
+
+ /* clear overflow flag */
+- atomic_set(&f->overflow, 0);
++ atomic_set_unchecked(&f->overflow, 0);
+
+ snd_use_lock_sync(&f->use_lock);
+ spin_lock_irqsave(&f->lock, flags);
+@@ -123,7 +123,7 @@ int snd_seq_fifo_event_in(struct snd_seq_fifo *f,
+ err = snd_seq_event_dup(f->pool, event, &cell, 1, NULL); /* always non-blocking */
+ if (err < 0) {
+ if ((err == -ENOMEM) || (err == -EAGAIN))
+- atomic_inc(&f->overflow);
++ atomic_inc_unchecked(&f->overflow);
+ snd_use_lock_free(&f->use_lock);
+ return err;
+ }
+diff --git a/sound/core/seq/seq_fifo.h b/sound/core/seq/seq_fifo.h
+index 062c446..a4b6f4c 100644
+--- a/sound/core/seq/seq_fifo.h
++++ b/sound/core/seq/seq_fifo.h
+@@ -35,7 +35,7 @@ struct snd_seq_fifo {
+ spinlock_t lock;
+ snd_use_lock_t use_lock;
+ wait_queue_head_t input_sleep;
+- atomic_t overflow;
++ atomic_unchecked_t overflow;
+
+ };
+
+diff --git a/sound/core/seq/seq_memory.c b/sound/core/seq/seq_memory.c
+index c850345..ec0a853 100644
+--- a/sound/core/seq/seq_memory.c
++++ b/sound/core/seq/seq_memory.c
+@@ -87,7 +87,7 @@ int snd_seq_dump_var_event(const struct snd_seq_event *event,
+
+ if (event->data.ext.len & SNDRV_SEQ_EXT_USRPTR) {
+ char buf[32];
+- char __user *curptr = (char __force __user *)event->data.ext.ptr;
++ char __user *curptr = (char __force_user *)event->data.ext.ptr;
+ while (len > 0) {
+ int size = sizeof(buf);
+ if (len < size)
+@@ -126,15 +126,19 @@ EXPORT_SYMBOL(snd_seq_dump_var_event);
+ * expand the variable length event to linear buffer space.
+ */
+
+-static int seq_copy_in_kernel(char **bufptr, const void *src, int size)
++static int seq_copy_in_kernel(void *_bufptr, const void *src, int size)
+ {
++ char **bufptr = (char **)_bufptr;
++
+ memcpy(*bufptr, src, size);
+ *bufptr += size;
+ return 0;
+ }
+
+-static int seq_copy_in_user(char __user **bufptr, const void *src, int size)
++static int seq_copy_in_user(void *_bufptr, const void *src, int size)
+ {
++ char __user **bufptr = (char __user **)_bufptr;
++
+ if (copy_to_user(*bufptr, src, size))
+ return -EFAULT;
+ *bufptr += size;
+@@ -158,13 +162,13 @@ int snd_seq_expand_var_event(const struct snd_seq_event *event, int count, char
+ if (event->data.ext.len & SNDRV_SEQ_EXT_USRPTR) {
+ if (! in_kernel)
+ return -EINVAL;
+- if (copy_from_user(buf, (void __force __user *)event->data.ext.ptr, len))
++ if (copy_from_user(buf, (void __force_user *)event->data.ext.ptr, len))
+ return -EFAULT;
+ return newlen;
+ }
+ err = snd_seq_dump_var_event(event,
+- in_kernel ? (snd_seq_dump_func_t)seq_copy_in_kernel :
+- (snd_seq_dump_func_t)seq_copy_in_user,
++ in_kernel ? seq_copy_in_kernel :
++ seq_copy_in_user,
+ &buf);
+ return err < 0 ? err : newlen;
+ }
+@@ -344,7 +348,7 @@ int snd_seq_event_dup(struct snd_seq_pool *pool, struct snd_seq_event *event,
+ tmp->event = src->event;
+ src = src->next;
+ } else if (is_usrptr) {
+- if (copy_from_user(&tmp->event, (char __force __user *)buf, size)) {
++ if (copy_from_user(&tmp->event, (char __force_user *)buf, size)) {
+ err = -EFAULT;
+ goto __error;
+ }
+diff --git a/sound/core/seq/seq_midi.c b/sound/core/seq/seq_midi.c
+index 5dd0ee2..0208e35 100644
+--- a/sound/core/seq/seq_midi.c
++++ b/sound/core/seq/seq_midi.c
+@@ -111,8 +111,9 @@ static void snd_midi_input_event(struct snd_rawmidi_substream *substream)
+ }
+ }
+
+-static int dump_midi(struct snd_rawmidi_substream *substream, const char *buf, int count)
++static int dump_midi(void *_substream, const void *buf, int count)
+ {
++ struct snd_rawmidi_substream *substream = _substream;
+ struct snd_rawmidi_runtime *runtime;
+ int tmp;
+
+@@ -148,7 +149,7 @@ static int event_process_midi(struct snd_seq_event *ev, int direct,
+ pr_debug("ALSA: seq_midi: invalid sysex event flags = 0x%x\n", ev->flags);
+ return 0;
+ }
+- snd_seq_dump_var_event(ev, (snd_seq_dump_func_t)dump_midi, substream);
++ snd_seq_dump_var_event(ev, dump_midi, substream);
+ snd_midi_event_reset_decode(msynth->parser);
+ } else {
+ if (msynth->parser == NULL)
+diff --git a/sound/core/seq/seq_virmidi.c b/sound/core/seq/seq_virmidi.c
+index c82ed3e..e11d039 100644
+--- a/sound/core/seq/seq_virmidi.c
++++ b/sound/core/seq/seq_virmidi.c
+@@ -90,7 +90,7 @@ static int snd_virmidi_dev_receive_event(struct snd_virmidi_dev *rdev,
+ if (ev->type == SNDRV_SEQ_EVENT_SYSEX) {
+ if ((ev->flags & SNDRV_SEQ_EVENT_LENGTH_MASK) != SNDRV_SEQ_EVENT_LENGTH_VARIABLE)
+ continue;
+- snd_seq_dump_var_event(ev, (snd_seq_dump_func_t)snd_rawmidi_receive, vmidi->substream);
++ snd_seq_dump_var_event(ev, snd_rawmidi_receive, vmidi->substream);
+ } else {
+ len = snd_midi_event_decode(vmidi->parser, msg, sizeof(msg), ev);
+ if (len > 0)
+diff --git a/sound/core/sound.c b/sound/core/sound.c
+index 175f9e4..3518d31 100644
+--- a/sound/core/sound.c
++++ b/sound/core/sound.c
+@@ -86,7 +86,7 @@ static void snd_request_other(int minor)
+ case SNDRV_MINOR_TIMER: str = "snd-timer"; break;
+ default: return;
+ }
+- request_module(str);
++ request_module("%s", str);
+ }
+
+ #endif /* modular kernel */
+diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c
+index 2a008a9..a1efb3f 100644
+--- a/sound/drivers/mts64.c
++++ b/sound/drivers/mts64.c
+@@ -29,6 +29,7 @@
+ #include <sound/initval.h>
+ #include <sound/rawmidi.h>
+ #include <sound/control.h>
++#include <asm/local.h>
+
+ #define CARD_NAME "Miditerminal 4140"
+ #define DRIVER_NAME "MTS64"
+@@ -67,7 +68,7 @@ struct mts64 {
+ struct pardevice *pardev;
+ int pardev_claimed;
+
+- int open_count;
++ local_t open_count;
+ int current_midi_output_port;
+ int current_midi_input_port;
+ u8 mode[MTS64_NUM_INPUT_PORTS];
+@@ -687,7 +688,7 @@ static int snd_mts64_rawmidi_open(struct snd_rawmidi_substream *substream)
+ {
+ struct mts64 *mts = substream->rmidi->private_data;
+
+- if (mts->open_count == 0) {
++ if (local_read(&mts->open_count) == 0) {
+ /* We don't need a spinlock here, because this is just called
+ if the device has not been opened before.
+ So there aren't any IRQs from the device */
+@@ -695,7 +696,7 @@ static int snd_mts64_rawmidi_open(struct snd_rawmidi_substream *substream)
+
+ msleep(50);
+ }
+- ++(mts->open_count);
++ local_inc(&mts->open_count);
+
+ return 0;
+ }
+@@ -705,8 +706,7 @@ static int snd_mts64_rawmidi_close(struct snd_rawmidi_substream *substream)
+ struct mts64 *mts = substream->rmidi->private_data;
+ unsigned long flags;
+
+- --(mts->open_count);
+- if (mts->open_count == 0) {
++ if (local_dec_return(&mts->open_count) == 0) {
+ /* We need the spinlock_irqsave here because we can still
+ have IRQs at this point */
+ spin_lock_irqsave(&mts->lock, flags);
+@@ -715,8 +715,8 @@ static int snd_mts64_rawmidi_close(struct snd_rawmidi_substream *substream)
+
+ msleep(500);
+
+- } else if (mts->open_count < 0)
+- mts->open_count = 0;
++ } else if (local_read(&mts->open_count) < 0)
++ local_set(&mts->open_count, 0);
+
+ return 0;
+ }
+diff --git a/sound/drivers/opl4/opl4_lib.c b/sound/drivers/opl4/opl4_lib.c
+index 89c7aa0..6d75e49 100644
+--- a/sound/drivers/opl4/opl4_lib.c
++++ b/sound/drivers/opl4/opl4_lib.c
+@@ -29,7 +29,7 @@ MODULE_AUTHOR("Clemens Ladisch <clemens@ladisch.de>");
+ MODULE_DESCRIPTION("OPL4 driver");
+ MODULE_LICENSE("GPL");
+
+-static void inline snd_opl4_wait(struct snd_opl4 *opl4)
++static inline void snd_opl4_wait(struct snd_opl4 *opl4)
+ {
+ int timeout = 10;
+ while ((inb(opl4->fm_port) & OPL4_STATUS_BUSY) && --timeout > 0)
+diff --git a/sound/drivers/portman2x4.c b/sound/drivers/portman2x4.c
+index 464385a..46ab3f6 100644
+--- a/sound/drivers/portman2x4.c
++++ b/sound/drivers/portman2x4.c
+@@ -48,6 +48,7 @@
+ #include <sound/initval.h>
+ #include <sound/rawmidi.h>
+ #include <sound/control.h>
++#include <asm/local.h>
+
+ #define CARD_NAME "Portman 2x4"
+ #define DRIVER_NAME "portman"
+@@ -85,7 +86,7 @@ struct portman {
+ struct pardevice *pardev;
+ int pardev_claimed;
+
+- int open_count;
++ local_t open_count;
+ int mode[PORTMAN_NUM_INPUT_PORTS];
+ struct snd_rawmidi_substream *midi_input[PORTMAN_NUM_INPUT_PORTS];
+ };
+diff --git a/sound/firewire/amdtp-am824.c b/sound/firewire/amdtp-am824.c
+index bebddc6..f5976be 100644
+--- a/sound/firewire/amdtp-am824.c
++++ b/sound/firewire/amdtp-am824.c
+@@ -314,7 +314,7 @@ void amdtp_am824_midi_trigger(struct amdtp_stream *s, unsigned int port,
+ struct amdtp_am824 *p = s->protocol;
+
+ if (port < p->midi_ports)
+- ACCESS_ONCE(p->midi[port]) = midi;
++ ACCESS_ONCE_RW(p->midi[port]) = midi;
+ }
+ EXPORT_SYMBOL_GPL(amdtp_am824_midi_trigger);
+
+diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c
+index ed29026..933d2ae 100644
+--- a/sound/firewire/amdtp-stream.c
++++ b/sound/firewire/amdtp-stream.c
+@@ -344,7 +344,7 @@ static void update_pcm_pointers(struct amdtp_stream *s,
+ ptr = s->pcm_buffer_pointer + frames;
+ if (ptr >= pcm->runtime->buffer_size)
+ ptr -= pcm->runtime->buffer_size;
+- ACCESS_ONCE(s->pcm_buffer_pointer) = ptr;
++ ACCESS_ONCE_RW(s->pcm_buffer_pointer) = ptr;
+
+ s->pcm_period_pointer += frames;
+ if (s->pcm_period_pointer >= pcm->runtime->period_size) {
+@@ -811,7 +811,7 @@ EXPORT_SYMBOL(amdtp_stream_pcm_pointer);
+ void amdtp_stream_update(struct amdtp_stream *s)
+ {
+ /* Precomputing. */
+- ACCESS_ONCE(s->source_node_id_field) =
++ ACCESS_ONCE_RW(s->source_node_id_field) =
+ (fw_parent_device(s->unit)->card->node_id << CIP_SID_SHIFT) &
+ CIP_SID_MASK;
+ }
+diff --git a/sound/firewire/amdtp-stream.h b/sound/firewire/amdtp-stream.h
+index 8775704..8fea566 100644
+--- a/sound/firewire/amdtp-stream.h
++++ b/sound/firewire/amdtp-stream.h
+@@ -215,7 +215,7 @@ static inline bool amdtp_stream_pcm_running(struct amdtp_stream *s)
+ static inline void amdtp_stream_pcm_trigger(struct amdtp_stream *s,
+ struct snd_pcm_substream *pcm)
+ {
+- ACCESS_ONCE(s->pcm) = pcm;
++ ACCESS_ONCE_RW(s->pcm) = pcm;
+ }
+
+ static inline bool cip_sfc_is_base_44100(enum cip_sfc sfc)
+diff --git a/sound/firewire/digi00x/amdtp-dot.c b/sound/firewire/digi00x/amdtp-dot.c
+index 0ac92ab..a2081aa 100644
+--- a/sound/firewire/digi00x/amdtp-dot.c
++++ b/sound/firewire/digi00x/amdtp-dot.c
+@@ -365,7 +365,7 @@ void amdtp_dot_midi_trigger(struct amdtp_stream *s, unsigned int port,
+ struct amdtp_dot *p = s->protocol;
+
+ if (port < p->midi_ports)
+- ACCESS_ONCE(p->midi[port]) = midi;
++ ACCESS_ONCE_RW(p->midi[port]) = midi;
+ }
+
+ static unsigned int process_tx_data_blocks(struct amdtp_stream *s,
+diff --git a/sound/firewire/isight.c b/sound/firewire/isight.c
+index 48d6dca..a0266c23 100644
+--- a/sound/firewire/isight.c
++++ b/sound/firewire/isight.c
+@@ -96,7 +96,7 @@ static void isight_update_pointers(struct isight *isight, unsigned int count)
+ ptr += count;
+ if (ptr >= runtime->buffer_size)
+ ptr -= runtime->buffer_size;
+- ACCESS_ONCE(isight->buffer_pointer) = ptr;
++ ACCESS_ONCE_RW(isight->buffer_pointer) = ptr;
+
+ isight->period_counter += count;
+ if (isight->period_counter >= runtime->period_size) {
+@@ -293,7 +293,7 @@ static int isight_hw_params(struct snd_pcm_substream *substream,
+ if (err < 0)
+ return err;
+
+- ACCESS_ONCE(isight->pcm_active) = true;
++ ACCESS_ONCE_RW(isight->pcm_active) = true;
+
+ return 0;
+ }
+@@ -331,7 +331,7 @@ static int isight_hw_free(struct snd_pcm_substream *substream)
+ {
+ struct isight *isight = substream->private_data;
+
+- ACCESS_ONCE(isight->pcm_active) = false;
++ ACCESS_ONCE_RW(isight->pcm_active) = false;
+
+ mutex_lock(&isight->mutex);
+ isight_stop_streaming(isight);
+@@ -424,10 +424,10 @@ static int isight_trigger(struct snd_pcm_substream *substream, int cmd)
+
+ switch (cmd) {
+ case SNDRV_PCM_TRIGGER_START:
+- ACCESS_ONCE(isight->pcm_running) = true;
++ ACCESS_ONCE_RW(isight->pcm_running) = true;
+ break;
+ case SNDRV_PCM_TRIGGER_STOP:
+- ACCESS_ONCE(isight->pcm_running) = false;
++ ACCESS_ONCE_RW(isight->pcm_running) = false;
+ break;
+ default:
+ return -EINVAL;
+diff --git a/sound/firewire/oxfw/oxfw-scs1x.c b/sound/firewire/oxfw/oxfw-scs1x.c
+index bb53eb3..670cd89 100644
+--- a/sound/firewire/oxfw/oxfw-scs1x.c
++++ b/sound/firewire/oxfw/oxfw-scs1x.c
+@@ -278,9 +278,9 @@ static void midi_capture_trigger(struct snd_rawmidi_substream *stream, int up)
+
+ if (up) {
+ scs->input_escape_count = 0;
+- ACCESS_ONCE(scs->input) = stream;
++ ACCESS_ONCE_RW(scs->input) = stream;
+ } else {
+- ACCESS_ONCE(scs->input) = NULL;
++ ACCESS_ONCE_RW(scs->input) = NULL;
+ }
+ }
+
+@@ -310,10 +310,10 @@ static void midi_playback_trigger(struct snd_rawmidi_substream *stream, int up)
+ scs->output_escaped = false;
+ scs->output_idle = false;
+
+- ACCESS_ONCE(scs->output) = stream;
++ ACCESS_ONCE_RW(scs->output) = stream;
+ tasklet_schedule(&scs->tasklet);
+ } else {
+- ACCESS_ONCE(scs->output) = NULL;
++ ACCESS_ONCE_RW(scs->output) = NULL;
+ }
+ }
+ static void midi_playback_drain(struct snd_rawmidi_substream *stream)
+diff --git a/sound/oss/sb_audio.c b/sound/oss/sb_audio.c
+index dc91072..d85a10a 100644
+--- a/sound/oss/sb_audio.c
++++ b/sound/oss/sb_audio.c
+@@ -900,7 +900,7 @@ sb16_copy_from_user(int dev,
+ buf16 = (signed short *)(localbuf + localoffs);
+ while (c)
+ {
+- locallen = (c >= LBUFCOPYSIZE ? LBUFCOPYSIZE : c);
++ locallen = ((unsigned)c >= LBUFCOPYSIZE ? LBUFCOPYSIZE : c);
+ if (copy_from_user(lbuf8,
+ userbuf+useroffs + p,
+ locallen))
+diff --git a/sound/oss/swarm_cs4297a.c b/sound/oss/swarm_cs4297a.c
+index 213a416..aeab5c9 100644
+--- a/sound/oss/swarm_cs4297a.c
++++ b/sound/oss/swarm_cs4297a.c
+@@ -2623,7 +2623,6 @@ static int __init cs4297a_init(void)
+ {
+ struct cs4297a_state *s;
+ u32 pwr, id;
+- mm_segment_t fs;
+ int rval;
+ u64 cfg;
+ int mdio_val;
+@@ -2709,22 +2708,23 @@ static int __init cs4297a_init(void)
+ if (!rval) {
+ char *sb1250_duart_present;
+
++#if 0
++ mm_segment_t fs;
+ fs = get_fs();
+ set_fs(KERNEL_DS);
+-#if 0
+ val = SOUND_MASK_LINE;
+ mixer_ioctl(s, SOUND_MIXER_WRITE_RECSRC, (unsigned long) &val);
+ for (i = 0; i < ARRAY_SIZE(initvol); i++) {
+ val = initvol[i].vol;
+ mixer_ioctl(s, initvol[i].mixch, (unsigned long) &val);
+ }
++ set_fs(fs);
+ // cs4297a_write_ac97(s, 0x18, 0x0808);
+ #else
+ // cs4297a_write_ac97(s, 0x5e, 0x180);
+ cs4297a_write_ac97(s, 0x02, 0x0808);
+ cs4297a_write_ac97(s, 0x18, 0x0808);
+ #endif
+- set_fs(fs);
+
+ list_add(&s->list, &cs4297a_devs);
+
+diff --git a/sound/pci/als300.c b/sound/pci/als300.c
+index add3176..c9394d9 100644
+--- a/sound/pci/als300.c
++++ b/sound/pci/als300.c
+@@ -647,7 +647,7 @@ static int snd_als300_create(struct snd_card *card,
+ struct snd_als300 **rchip)
+ {
+ struct snd_als300 *chip;
+- void *irq_handler;
++ irq_handler_t irq_handler;
+ int err;
+
+ static struct snd_device_ops ops = {
+diff --git a/sound/pci/aw2/aw2-alsa.c b/sound/pci/aw2/aw2-alsa.c
+index 1677143..85aca1d 100644
+--- a/sound/pci/aw2/aw2-alsa.c
++++ b/sound/pci/aw2/aw2-alsa.c
+@@ -458,7 +458,6 @@ static int snd_aw2_pcm_prepare_playback(struct snd_pcm_substream *substream)
+
+ /* Define Interrupt callback */
+ snd_aw2_saa7146_define_it_playback_callback(pcm_device->stream_number,
+- (snd_aw2_saa7146_it_cb)
+ snd_pcm_period_elapsed,
+ (void *)substream);
+
+@@ -487,7 +486,6 @@ static int snd_aw2_pcm_prepare_capture(struct snd_pcm_substream *substream)
+
+ /* Define Interrupt callback */
+ snd_aw2_saa7146_define_it_capture_callback(pcm_device->stream_number,
+- (snd_aw2_saa7146_it_cb)
+ snd_pcm_period_elapsed,
+ (void *)substream);
+
+diff --git a/sound/pci/aw2/aw2-saa7146.c b/sound/pci/aw2/aw2-saa7146.c
+index 1d78904..d9c1056 100644
+--- a/sound/pci/aw2/aw2-saa7146.c
++++ b/sound/pci/aw2/aw2-saa7146.c
+@@ -262,7 +262,7 @@ void snd_aw2_saa7146_define_it_playback_callback(unsigned int stream_number,
+ {
+ if (stream_number < NB_STREAM_PLAYBACK) {
+ arr_substream_it_playback_cb[stream_number].p_it_callback =
+- (snd_aw2_saa7146_it_cb) p_it_callback;
++ p_it_callback;
+ arr_substream_it_playback_cb[stream_number].p_callback_param =
+ (void *)p_callback_param;
+ }
+@@ -275,7 +275,7 @@ void snd_aw2_saa7146_define_it_capture_callback(unsigned int stream_number,
+ {
+ if (stream_number < NB_STREAM_CAPTURE) {
+ arr_substream_it_capture_cb[stream_number].p_it_callback =
+- (snd_aw2_saa7146_it_cb) p_it_callback;
++ p_it_callback;
+ arr_substream_it_capture_cb[stream_number].p_callback_param =
+ (void *)p_callback_param;
+ }
+diff --git a/sound/pci/ctxfi/ctamixer.c b/sound/pci/ctxfi/ctamixer.c
+index 5fcbb06..f4b85df 100644
+--- a/sound/pci/ctxfi/ctamixer.c
++++ b/sound/pci/ctxfi/ctamixer.c
+@@ -297,8 +297,9 @@ static int put_amixer_rsc(struct amixer_mgr *mgr, struct amixer *amixer)
+ return 0;
+ }
+
+-int amixer_mgr_create(struct hw *hw, struct amixer_mgr **ramixer_mgr)
++int amixer_mgr_create(struct hw *hw, void **_ramixer_mgr)
+ {
++ struct amixer_mgr **ramixer_mgr = (struct amixer_mgr **)_ramixer_mgr;
+ int err;
+ struct amixer_mgr *amixer_mgr;
+
+@@ -326,8 +327,10 @@ error:
+ return err;
+ }
+
+-int amixer_mgr_destroy(struct amixer_mgr *amixer_mgr)
++int amixer_mgr_destroy(void *_amixer_mgr)
+ {
++ struct amixer_mgr *amixer_mgr = _amixer_mgr;
++
+ rsc_mgr_uninit(&amixer_mgr->mgr);
+ kfree(amixer_mgr);
+ return 0;
+@@ -452,8 +455,9 @@ static int put_sum_rsc(struct sum_mgr *mgr, struct sum *sum)
+ return 0;
+ }
+
+-int sum_mgr_create(struct hw *hw, struct sum_mgr **rsum_mgr)
++int sum_mgr_create(struct hw *hw, void **_rsum_mgr)
+ {
++ struct sum_mgr **rsum_mgr = (struct sum_mgr **)_rsum_mgr;
+ int err;
+ struct sum_mgr *sum_mgr;
+
+@@ -481,8 +485,10 @@ error:
+ return err;
+ }
+
+-int sum_mgr_destroy(struct sum_mgr *sum_mgr)
++int sum_mgr_destroy(void *_sum_mgr)
+ {
++ struct sum_mgr *sum_mgr = _sum_mgr;
++
+ rsc_mgr_uninit(&sum_mgr->mgr);
+ kfree(sum_mgr);
+ return 0;
+diff --git a/sound/pci/ctxfi/ctamixer.h b/sound/pci/ctxfi/ctamixer.h
+index 2de18aa..2fbd01b 100644
+--- a/sound/pci/ctxfi/ctamixer.h
++++ b/sound/pci/ctxfi/ctamixer.h
+@@ -47,8 +47,8 @@ struct sum_mgr {
+ };
+
+ /* Constructor and destructor of daio resource manager */
+-int sum_mgr_create(struct hw *hw, struct sum_mgr **rsum_mgr);
+-int sum_mgr_destroy(struct sum_mgr *sum_mgr);
++int sum_mgr_create(struct hw *hw, void **rsum_mgr);
++int sum_mgr_destroy(void *sum_mgr);
+
+ /* Define the descriptor of a amixer resource */
+ struct amixer_rsc_ops;
+@@ -93,7 +93,7 @@ struct amixer_mgr {
+ };
+
+ /* Constructor and destructor of amixer resource manager */
+-int amixer_mgr_create(struct hw *hw, struct amixer_mgr **ramixer_mgr);
+-int amixer_mgr_destroy(struct amixer_mgr *amixer_mgr);
++int amixer_mgr_create(struct hw *hw, void **ramixer_mgr);
++int amixer_mgr_destroy(void *amixer_mgr);
+
+ #endif /* CTAMIXER_H */
+diff --git a/sound/pci/ctxfi/ctatc.c b/sound/pci/ctxfi/ctatc.c
+index 977a598..a787004 100644
+--- a/sound/pci/ctxfi/ctatc.c
++++ b/sound/pci/ctxfi/ctatc.c
+@@ -113,16 +113,16 @@ static struct {
+ int (*create)(struct hw *hw, void **rmgr);
+ int (*destroy)(void *mgr);
+ } rsc_mgr_funcs[NUM_RSCTYP] = {
+- [SRC] = { .create = (create_t)src_mgr_create,
+- .destroy = (destroy_t)src_mgr_destroy },
+- [SRCIMP] = { .create = (create_t)srcimp_mgr_create,
+- .destroy = (destroy_t)srcimp_mgr_destroy },
+- [AMIXER] = { .create = (create_t)amixer_mgr_create,
+- .destroy = (destroy_t)amixer_mgr_destroy },
+- [SUM] = { .create = (create_t)sum_mgr_create,
+- .destroy = (destroy_t)sum_mgr_destroy },
+- [DAIO] = { .create = (create_t)daio_mgr_create,
+- .destroy = (destroy_t)daio_mgr_destroy }
++ [SRC] = { .create = src_mgr_create,
++ .destroy = src_mgr_destroy },
++ [SRCIMP] = { .create = srcimp_mgr_create,
++ .destroy = srcimp_mgr_destroy },
++ [AMIXER] = { .create = amixer_mgr_create,
++ .destroy = amixer_mgr_destroy },
++ [SUM] = { .create = sum_mgr_create,
++ .destroy = sum_mgr_destroy },
++ [DAIO] = { .create = daio_mgr_create,
++ .destroy = daio_mgr_destroy }
+ };
+
+ static int
+diff --git a/sound/pci/ctxfi/ctdaio.c b/sound/pci/ctxfi/ctdaio.c
+index 7f089cb..6bea28e 100644
+--- a/sound/pci/ctxfi/ctdaio.c
++++ b/sound/pci/ctxfi/ctdaio.c
+@@ -687,8 +687,9 @@ static int daio_mgr_commit_write(struct daio_mgr *mgr)
+ return 0;
+ }
+
+-int daio_mgr_create(struct hw *hw, struct daio_mgr **rdaio_mgr)
++int daio_mgr_create(struct hw *hw, void **_rdaio_mgr)
+ {
++ struct daio_mgr **rdaio_mgr = (struct daio_mgr **)_rdaio_mgr;
+ int err, i;
+ struct daio_mgr *daio_mgr;
+ struct imapper *entry;
+@@ -741,8 +742,9 @@ error1:
+ return err;
+ }
+
+-int daio_mgr_destroy(struct daio_mgr *daio_mgr)
++int daio_mgr_destroy(void *_daio_mgr)
+ {
++ struct daio_mgr *daio_mgr = _daio_mgr;
+ unsigned long flags;
+
+ /* free daio input mapper list */
+diff --git a/sound/pci/ctxfi/ctdaio.h b/sound/pci/ctxfi/ctdaio.h
+index a30be73..91b8dbd 100644
+--- a/sound/pci/ctxfi/ctdaio.h
++++ b/sound/pci/ctxfi/ctdaio.h
+@@ -119,7 +119,7 @@ struct daio_mgr {
+ };
+
+ /* Constructor and destructor of daio resource manager */
+-int daio_mgr_create(struct hw *hw, struct daio_mgr **rdaio_mgr);
+-int daio_mgr_destroy(struct daio_mgr *daio_mgr);
++int daio_mgr_create(struct hw *hw, void **rdaio_mgr);
++int daio_mgr_destroy(void *daio_mgr);
+
+ #endif /* CTDAIO_H */
+diff --git a/sound/pci/ctxfi/ctsrc.c b/sound/pci/ctxfi/ctsrc.c
+index a5a72df..f86edb8 100644
+--- a/sound/pci/ctxfi/ctsrc.c
++++ b/sound/pci/ctxfi/ctsrc.c
+@@ -544,8 +544,9 @@ static int src_mgr_commit_write(struct src_mgr *mgr)
+ return 0;
+ }
+
+-int src_mgr_create(struct hw *hw, struct src_mgr **rsrc_mgr)
++int src_mgr_create(struct hw *hw, void **_rsrc_mgr)
+ {
++ struct src_mgr **rsrc_mgr = (struct src_mgr **)_rsrc_mgr;
+ int err, i;
+ struct src_mgr *src_mgr;
+
+@@ -584,8 +585,10 @@ error1:
+ return err;
+ }
+
+-int src_mgr_destroy(struct src_mgr *src_mgr)
++int src_mgr_destroy(void *_src_mgr)
+ {
++ struct src_mgr *src_mgr = _src_mgr;
++
+ rsc_mgr_uninit(&src_mgr->mgr);
+ kfree(src_mgr);
+
+@@ -828,8 +831,9 @@ static int srcimp_imap_delete(struct srcimp_mgr *mgr, struct imapper *entry)
+ return err;
+ }
+
+-int srcimp_mgr_create(struct hw *hw, struct srcimp_mgr **rsrcimp_mgr)
++int srcimp_mgr_create(struct hw *hw, void **_rsrcimp_mgr)
+ {
++ struct srcimp_mgr **rsrcimp_mgr = (struct srcimp_mgr **)_rsrcimp_mgr;
+ int err;
+ struct srcimp_mgr *srcimp_mgr;
+ struct imapper *entry;
+@@ -873,8 +877,9 @@ error1:
+ return err;
+ }
+
+-int srcimp_mgr_destroy(struct srcimp_mgr *srcimp_mgr)
++int srcimp_mgr_destroy(void *_srcimp_mgr)
+ {
++ struct srcimp_mgr *srcimp_mgr = _srcimp_mgr;
+ unsigned long flags;
+
+ /* free src input mapper list */
+diff --git a/sound/pci/ctxfi/ctsrc.h b/sound/pci/ctxfi/ctsrc.h
+index 92944a0..fc78ed4 100644
+--- a/sound/pci/ctxfi/ctsrc.h
++++ b/sound/pci/ctxfi/ctsrc.h
+@@ -143,10 +143,10 @@ struct srcimp_mgr {
+ };
+
+ /* Constructor and destructor of SRC resource manager */
+-int src_mgr_create(struct hw *hw, struct src_mgr **rsrc_mgr);
+-int src_mgr_destroy(struct src_mgr *src_mgr);
++int src_mgr_create(struct hw *hw, void **rsrc_mgr);
++int src_mgr_destroy(void *src_mgr);
+ /* Constructor and destructor of SRCIMP resource manager */
+-int srcimp_mgr_create(struct hw *hw, struct srcimp_mgr **rsrc_mgr);
+-int srcimp_mgr_destroy(struct srcimp_mgr *srcimp_mgr);
++int srcimp_mgr_create(struct hw *hw, void **rsrc_mgr);
++int srcimp_mgr_destroy(void *srcimp_mgr);
+
+ #endif /* CTSRC_H */
+diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
+index 8374188..f073778 100644
+--- a/sound/pci/hda/hda_codec.c
++++ b/sound/pci/hda/hda_codec.c
+@@ -1743,7 +1743,7 @@ static int get_kctl_0dB_offset(struct hda_codec *codec,
+ /* FIXME: set_fs() hack for obtaining user-space TLV data */
+ mm_segment_t fs = get_fs();
+ set_fs(get_ds());
+- if (!kctl->tlv.c(kctl, 0, sizeof(_tlv), _tlv))
++ if (!kctl->tlv.c(kctl, 0, sizeof(_tlv), (unsigned int __force_user *)_tlv))
+ tlv = _tlv;
+ set_fs(fs);
+ } else if (kctl->vd[0].access & SNDRV_CTL_ELEM_ACCESS_TLV_READ)
+diff --git a/sound/pci/ymfpci/ymfpci.h b/sound/pci/ymfpci/ymfpci.h
+index 149d4cb..7784769 100644
+--- a/sound/pci/ymfpci/ymfpci.h
++++ b/sound/pci/ymfpci/ymfpci.h
+@@ -358,7 +358,7 @@ struct snd_ymfpci {
+ spinlock_t reg_lock;
+ spinlock_t voice_lock;
+ wait_queue_head_t interrupt_sleep;
+- atomic_t interrupt_sleep_count;
++ atomic_unchecked_t interrupt_sleep_count;
+ struct snd_info_entry *proc_entry;
+ const struct firmware *dsp_microcode;
+ const struct firmware *controller_microcode;
+diff --git a/sound/pci/ymfpci/ymfpci_main.c b/sound/pci/ymfpci/ymfpci_main.c
+index 4c26076..a13f370 100644
+--- a/sound/pci/ymfpci/ymfpci_main.c
++++ b/sound/pci/ymfpci/ymfpci_main.c
+@@ -204,8 +204,8 @@ static void snd_ymfpci_hw_stop(struct snd_ymfpci *chip)
+ if ((snd_ymfpci_readl(chip, YDSXGR_STATUS) & 2) == 0)
+ break;
+ }
+- if (atomic_read(&chip->interrupt_sleep_count)) {
+- atomic_set(&chip->interrupt_sleep_count, 0);
++ if (atomic_read_unchecked(&chip->interrupt_sleep_count)) {
++ atomic_set_unchecked(&chip->interrupt_sleep_count, 0);
+ wake_up(&chip->interrupt_sleep);
+ }
+ __end:
+@@ -789,7 +789,7 @@ static void snd_ymfpci_irq_wait(struct snd_ymfpci *chip)
+ continue;
+ init_waitqueue_entry(&wait, current);
+ add_wait_queue(&chip->interrupt_sleep, &wait);
+- atomic_inc(&chip->interrupt_sleep_count);
++ atomic_inc_unchecked(&chip->interrupt_sleep_count);
+ schedule_timeout_uninterruptible(msecs_to_jiffies(50));
+ remove_wait_queue(&chip->interrupt_sleep, &wait);
+ }
+@@ -827,8 +827,8 @@ static irqreturn_t snd_ymfpci_interrupt(int irq, void *dev_id)
+ snd_ymfpci_writel(chip, YDSXGR_MODE, mode);
+ spin_unlock(&chip->reg_lock);
+
+- if (atomic_read(&chip->interrupt_sleep_count)) {
+- atomic_set(&chip->interrupt_sleep_count, 0);
++ if (atomic_read_unchecked(&chip->interrupt_sleep_count)) {
++ atomic_set_unchecked(&chip->interrupt_sleep_count, 0);
+ wake_up(&chip->interrupt_sleep);
+ }
+ }
+@@ -2384,7 +2384,7 @@ int snd_ymfpci_create(struct snd_card *card,
+ spin_lock_init(&chip->reg_lock);
+ spin_lock_init(&chip->voice_lock);
+ init_waitqueue_head(&chip->interrupt_sleep);
+- atomic_set(&chip->interrupt_sleep_count, 0);
++ atomic_set_unchecked(&chip->interrupt_sleep_count, 0);
+ chip->card = card;
+ chip->pci = pci;
+ chip->irq = -1;
+diff --git a/sound/soc/codecs/cx20442.c b/sound/soc/codecs/cx20442.c
+index d6f4abb..5d59f0c 100644
+--- a/sound/soc/codecs/cx20442.c
++++ b/sound/soc/codecs/cx20442.c
+@@ -263,6 +263,12 @@ static int v253_hangup(struct tty_struct *tty)
+ return 0;
+ }
+
++static int v253_hw_write(void *client, const char *buf, int count)
++{
++ struct tty_struct *tty = client;
++ return tty->ops->write(client, buf, count);
++}
++
+ /* Line discipline .receive_buf() */
+ static void v253_receive(struct tty_struct *tty,
+ const unsigned char *cp, char *fp, int count)
+@@ -280,7 +286,7 @@ static void v253_receive(struct tty_struct *tty,
+
+ /* Set up codec driver access to modem controls */
+ cx20442->control_data = tty;
+- codec->hw_write = (hw_write_t)tty->ops->write;
++ codec->hw_write = v253_hw_write;
+ codec->component.card->pop_time = 1;
+ }
+ }
+diff --git a/sound/soc/codecs/sti-sas.c b/sound/soc/codecs/sti-sas.c
+index 160d61a..cd7a4ac 100644
+--- a/sound/soc/codecs/sti-sas.c
++++ b/sound/soc/codecs/sti-sas.c
+@@ -591,11 +591,13 @@ static int sti_sas_driver_probe(struct platform_device *pdev)
+ sti_sas_dai[STI_SAS_DAI_ANALOG_OUT].ops = drvdata->dev_data->dac_ops;
+
+ /* Set dapms*/
+- sti_sas_driver.dapm_widgets = drvdata->dev_data->dapm_widgets;
+- sti_sas_driver.num_dapm_widgets = drvdata->dev_data->num_dapm_widgets;
++ pax_open_kernel();
++ const_cast(sti_sas_driver.dapm_widgets) = drvdata->dev_data->dapm_widgets;
++ const_cast(sti_sas_driver.num_dapm_widgets) = drvdata->dev_data->num_dapm_widgets;
+
+- sti_sas_driver.dapm_routes = drvdata->dev_data->dapm_routes;
+- sti_sas_driver.num_dapm_routes = drvdata->dev_data->num_dapm_routes;
++ const_cast(sti_sas_driver.dapm_routes) = drvdata->dev_data->dapm_routes;
++ const_cast(sti_sas_driver.num_dapm_routes) = drvdata->dev_data->num_dapm_routes;
++ pax_close_kernel();
+
+ /* Store context */
+ dev_set_drvdata(&pdev->dev, drvdata);
+diff --git a/sound/soc/codecs/tlv320dac33.c b/sound/soc/codecs/tlv320dac33.c
+index f7a6ce7..82310c8 100644
+--- a/sound/soc/codecs/tlv320dac33.c
++++ b/sound/soc/codecs/tlv320dac33.c
+@@ -1375,13 +1375,18 @@ static int dac33_set_dai_fmt(struct snd_soc_dai *codec_dai,
+ return 0;
+ }
+
++static int dac33_hw_write(void *client, const char *buf, int count)
++{
++ return i2c_master_send(client, buf, count);
++}
++
+ static int dac33_soc_probe(struct snd_soc_codec *codec)
+ {
+ struct tlv320dac33_priv *dac33 = snd_soc_codec_get_drvdata(codec);
+ int ret = 0;
+
+ codec->control_data = dac33->control_data;
+- codec->hw_write = (hw_write_t) i2c_master_send;
++ codec->hw_write = dac33_hw_write;
+ dac33->codec = codec;
+
+ /* Read the tlv320dac33 ID registers */
+diff --git a/sound/soc/codecs/uda1380.c b/sound/soc/codecs/uda1380.c
+index 35f0469..7c25cd5 100644
+--- a/sound/soc/codecs/uda1380.c
++++ b/sound/soc/codecs/uda1380.c
+@@ -687,6 +687,11 @@ static struct snd_soc_dai_driver uda1380_dai[] = {
+ },
+ };
+
++static int uda1380_hw_write(void *client, const char *buf, int count)
++{
++ return i2c_master_send(client, buf, count);
++}
++
+ static int uda1380_probe(struct snd_soc_codec *codec)
+ {
+ struct uda1380_platform_data *pdata =codec->dev->platform_data;
+@@ -695,7 +700,7 @@ static int uda1380_probe(struct snd_soc_codec *codec)
+
+ uda1380->codec = codec;
+
+- codec->hw_write = (hw_write_t)i2c_master_send;
++ codec->hw_write = uda1380_hw_write;
+ codec->control_data = uda1380->control_data;
+
+ if (!pdata)
+diff --git a/sound/soc/intel/skylake/skl-sst-dsp.h b/sound/soc/intel/skylake/skl-sst-dsp.h
+index cbb4075..edda3dd 100644
+--- a/sound/soc/intel/skylake/skl-sst-dsp.h
++++ b/sound/soc/intel/skylake/skl-sst-dsp.h
+@@ -117,14 +117,14 @@ struct skl_dsp_fw_ops {
+ int (*load_mod)(struct sst_dsp *ctx, u16 mod_id, char *mod_name);
+ int (*unload_mod)(struct sst_dsp *ctx, u16 mod_id);
+
+-};
++} __no_const;
+
+ struct skl_dsp_loader_ops {
+ int (*alloc_dma_buf)(struct device *dev,
+ struct snd_dma_buffer *dmab, size_t size);
+ int (*free_dma_buf)(struct device *dev,
+ struct snd_dma_buffer *dmab);
+-};
++} __no_const;
+
+ struct skl_load_module_info {
+ u16 mod_id;
+diff --git a/sound/soc/soc-ac97.c b/sound/soc/soc-ac97.c
+index 7e0acd8..b4b2acb 100644
+--- a/sound/soc/soc-ac97.c
++++ b/sound/soc/soc-ac97.c
+@@ -416,8 +416,10 @@ int snd_soc_set_ac97_ops_of_reset(struct snd_ac97_bus_ops *ops,
+ if (ret)
+ return ret;
+
+- ops->warm_reset = snd_soc_ac97_warm_reset;
+- ops->reset = snd_soc_ac97_reset;
++ pax_open_kernel();
++ const_cast(ops->warm_reset) = snd_soc_ac97_warm_reset;
++ const_cast(ops->reset) = snd_soc_ac97_reset;
++ pax_close_kernel();
+
+ snd_ac97_rst_cfg = cfg;
+ return 0;
+diff --git a/sound/soc/xtensa/xtfpga-i2s.c b/sound/soc/xtensa/xtfpga-i2s.c
+index 8382ffa..86af7d0 100644
+--- a/sound/soc/xtensa/xtfpga-i2s.c
++++ b/sound/soc/xtensa/xtfpga-i2s.c
+@@ -437,7 +437,7 @@ static int xtfpga_pcm_trigger(struct snd_pcm_substream *substream, int cmd)
+ case SNDRV_PCM_TRIGGER_START:
+ case SNDRV_PCM_TRIGGER_RESUME:
+ case SNDRV_PCM_TRIGGER_PAUSE_RELEASE:
+- ACCESS_ONCE(i2s->tx_ptr) = 0;
++ ACCESS_ONCE_RW(i2s->tx_ptr) = 0;
+ rcu_assign_pointer(i2s->tx_substream, substream);
+ xtfpga_pcm_refill_fifo(i2s);
+ break;
+diff --git a/sound/synth/emux/emux_seq.c b/sound/synth/emux/emux_seq.c
+index a020920..55579f6 100644
+--- a/sound/synth/emux/emux_seq.c
++++ b/sound/synth/emux/emux_seq.c
+@@ -33,13 +33,13 @@ static int snd_emux_unuse(void *private_data, struct snd_seq_port_subscribe *inf
+ * MIDI emulation operators
+ */
+ static struct snd_midi_op emux_ops = {
+- snd_emux_note_on,
+- snd_emux_note_off,
+- snd_emux_key_press,
+- snd_emux_terminate_note,
+- snd_emux_control,
+- snd_emux_nrpn,
+- snd_emux_sysex,
++ .note_on = snd_emux_note_on,
++ .note_off = snd_emux_note_off,
++ .key_press = snd_emux_key_press,
++ .note_terminate = snd_emux_terminate_note,
++ .control = snd_emux_control,
++ .nrpn = snd_emux_nrpn,
++ .sysex = snd_emux_sysex,
+ };
+
+
+diff --git a/sound/usb/line6/driver.c b/sound/usb/line6/driver.c
+index 81b7da8..bb2676f 100644
+--- a/sound/usb/line6/driver.c
++++ b/sound/usb/line6/driver.c
+@@ -307,7 +307,7 @@ int line6_read_data(struct usb_line6 *line6, unsigned address, void *data,
+ {
+ struct usb_device *usbdev = line6->usbdev;
+ int ret;
+- unsigned char len;
++ unsigned char *plen;
+ unsigned count;
+
+ if (address > 0xffff || datalen > 0xff)
+@@ -324,6 +324,10 @@ int line6_read_data(struct usb_line6 *line6, unsigned address, void *data,
+ return ret;
+ }
+
++ plen = kmalloc(1, GFP_KERNEL);
++ if (plen == NULL)
++ return -ENOMEM;
++
+ /* Wait for data length. We'll get 0xff until length arrives. */
+ for (count = 0; count < LINE6_READ_WRITE_MAX_RETRIES; count++) {
+ mdelay(LINE6_READ_WRITE_STATUS_DELAY);
+@@ -331,30 +335,35 @@ int line6_read_data(struct usb_line6 *line6, unsigned address, void *data,
+ ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE |
+ USB_DIR_IN,
+- 0x0012, 0x0000, &len, 1,
++ 0x0012, 0x0000, plen, 1,
+ LINE6_TIMEOUT * HZ);
+ if (ret < 0) {
+ dev_err(line6->ifcdev,
+ "receive length failed (error %d)\n", ret);
++ kfree(plen);
+ return ret;
+ }
+
+- if (len != 0xff)
++ if (*plen != 0xff)
+ break;
+ }
+
+- if (len == 0xff) {
++ if (*plen == 0xff) {
+ dev_err(line6->ifcdev, "read failed after %d retries\n",
+ count);
++ kfree(plen);
+ return -EIO;
+- } else if (len != datalen) {
++ } else if (*plen != datalen) {
+ /* should be equal or something went wrong */
+ dev_err(line6->ifcdev,
+ "length mismatch (expected %d, got %d)\n",
+- (int)datalen, (int)len);
++ (int)datalen, (int)*plen);
++ kfree(plen);
+ return -EIO;
+ }
+
++ kfree(plen);
++
+ /* receive the result: */
+ ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN,
+@@ -378,7 +387,7 @@ int line6_write_data(struct usb_line6 *line6, unsigned address, void *data,
+ {
+ struct usb_device *usbdev = line6->usbdev;
+ int ret;
+- unsigned char status;
++ unsigned char *status;
+ int count;
+
+ if (address > 0xffff || datalen > 0xffff)
+@@ -395,6 +404,10 @@ int line6_write_data(struct usb_line6 *line6, unsigned address, void *data,
+ return ret;
+ }
+
++ status = kmalloc(1, GFP_KERNEL);
++ if (status == NULL)
++ return -ENOMEM;
++
+ for (count = 0; count < LINE6_READ_WRITE_MAX_RETRIES; count++) {
+ mdelay(LINE6_READ_WRITE_STATUS_DELAY);
+
+@@ -403,27 +416,32 @@ int line6_write_data(struct usb_line6 *line6, unsigned address, void *data,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE |
+ USB_DIR_IN,
+ 0x0012, 0x0000,
+- &status, 1, LINE6_TIMEOUT * HZ);
++ status, 1, LINE6_TIMEOUT * HZ);
+
+ if (ret < 0) {
+ dev_err(line6->ifcdev,
+ "receiving status failed (error %d)\n", ret);
++ kfree(status);
+ return ret;
+ }
+
+- if (status != 0xff)
++ if (*status != 0xff)
+ break;
+ }
+
+- if (status == 0xff) {
++ if (*status == 0xff) {
+ dev_err(line6->ifcdev, "write failed after %d retries\n",
+ count);
++ kfree(status);
+ return -EIO;
+- } else if (status != 0) {
++ } else if (*status != 0) {
+ dev_err(line6->ifcdev, "write failed (error %d)\n", ret);
++ kfree(status);
+ return -EIO;
+ }
+
++ kfree(status);
++
+ return 0;
+ }
+ EXPORT_SYMBOL_GPL(line6_write_data);
+diff --git a/sound/usb/line6/toneport.c b/sound/usb/line6/toneport.c
+index 6d4c50c..aa658c8 100644
+--- a/sound/usb/line6/toneport.c
++++ b/sound/usb/line6/toneport.c
+@@ -367,13 +367,19 @@ static bool toneport_has_source_select(struct usb_line6_toneport *toneport)
+ */
+ static void toneport_setup(struct usb_line6_toneport *toneport)
+ {
+- int ticks;
++ int *ticks;
+ struct usb_line6 *line6 = &toneport->line6;
+ struct usb_device *usbdev = line6->usbdev;
+
++ ticks = kmalloc(sizeof(int), GFP_KERNEL);
++ if (ticks == NULL)
++ return;
++
+ /* sync time on device with host: */
+- ticks = (int)get_seconds();
+- line6_write_data(line6, 0x80c6, &ticks, 4);
++ *ticks = (int)get_seconds();
++ line6_write_data(line6, 0x80c6, ticks, sizeof(int));
++
++ kfree(ticks);
+
+ /* enable device: */
+ toneport_send_cmd(usbdev, 0x0301, 0x0000);
diff --git a/tools/include/linux/compiler.h b/tools/include/linux/compiler.h
index fa7208a..d568e71 100644
--- a/tools/include/linux/compiler.h