Sparseify MIPS.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>

arch/mips/Makefile

@@ -52,6 +52,21 @@ ifdef CONFIG_CROSSCOMPILE
 CROSS_COMPILE		:= $(tool-prefix)
 endif
 
+CHECKFLAGS-y				+= -D__linux__ -D__mips__ \
+					   -D_ABIO32=1 \
+					   -D_ABIN32=2 \
+					   -D_ABI64=3
+CHECKFLAGS-$(CONFIG_32BIT)		+= -D_MIPS_SIM=_ABIO32 \
+					   -D_MIPS_SZLONG=32 \
+					   -D__PTRDIFF_TYPE__=int
+CHECKFLAGS-$(CONFIG_64BIT)		+= -m64 -D_MIPS_SIM=_ABI64 \
+					   -D_MIPS_SZLONG=64 \
+					   -D__PTRDIFF_TYPE__="long int"
+CHECKFLAGS-$(CONFIG_CPU_BIG_ENDIAN)	+= -D__MIPSEB__
+CHECKFLAGS-$(CONFIG_CPU_LITTLE_ENDIAN)	+= -D__MIPSEL__
+
+CHECKFLAGS				= $(CHECKFLAGS-y)
+
 ifdef CONFIG_BUILD_ELF64
 gas-abi			= 64
 ld-emul			= $(64bit-emul)

arch/mips/kernel/i8259.c

@@ -321,7 +321,7 @@ void __init init_i8259_irqs (void)
 
 	for (i = 0; i < 16; i++) {
 		irq_desc[i].status = IRQ_DISABLED;
-		irq_desc[i].action = 0;
+		irq_desc[i].action = NULL;
 		irq_desc[i].depth = 1;
 		irq_desc[i].handler = &i8259A_irq_type;
 	}

arch/mips/kernel/irixelf.c

@@ -147,7 +147,7 @@ static void padzero(unsigned long elf_bss)
 	nbyte = elf_bss & (PAGE_SIZE-1);
 	if (nbyte) {
 		nbyte = PAGE_SIZE - nbyte;
-		clear_user((void *) elf_bss, nbyte);
+		clear_user((void __user *) elf_bss, nbyte);
 	}
 }
 
@@ -878,10 +878,10 @@ static int load_irix_library(struct file *file)
  * phdrs there are in the USER_PHDRP array.  We return the vaddr the
  * first phdr was successfully mapped to.
  */
-unsigned long irix_mapelf(int fd, struct elf_phdr *user_phdrp, int cnt)
+unsigned long irix_mapelf(int fd, struct elf_phdr __user *user_phdrp, int cnt)
 {
 	unsigned long type, vaddr, filesz, offset, flags;
-	struct elf_phdr *hp;
+	struct elf_phdr __user *hp;
 	struct file *filp;
 	int i, retval;
 
@@ -968,9 +968,9 @@ unsigned long irix_mapelf(int fd, struct elf_phdr *user_phdrp, int cnt)
 /* These are the only things you should do on a core-file: use only these
  * functions to write out all the necessary info.
  */
-static int dump_write(struct file *file, const void *addr, int nr)
+static int dump_write(struct file *file, const void __user *addr, int nr)
 {
-	return file->f_op->write(file, (const char *) addr, nr, &file->f_pos) == nr;
+	return file->f_op->write(file, (const char __user *) addr, nr, &file->f_pos) == nr;
 }
 
 static int dump_seek(struct file *file, off_t off)
@@ -1204,7 +1204,7 @@ static int irix_core_dump(long signr, struct pt_regs * regs, struct file *file)
 		len = current->mm->arg_end - current->mm->arg_start;
 		len = len >= ELF_PRARGSZ ? ELF_PRARGSZ : len;
 		(void *) copy_from_user(&psinfo.pr_psargs,
-			       (const char *)current->mm->arg_start, len);
+			       (const char __user *)current->mm->arg_start, len);
 		for (i = 0; i < len; i++)
 			if (psinfo.pr_psargs[i] == 0)
 				psinfo.pr_psargs[i] = ' ';
@@ -1301,7 +1301,7 @@ static int irix_core_dump(long signr, struct pt_regs * regs, struct file *file)
 #ifdef DEBUG
 		printk("elf_core_dump: writing %08lx %lx\n", addr, len);
 #endif
-		DUMP_WRITE((void *)addr, len);
+		DUMP_WRITE((void __user *)addr, len);
 	}
 
 	if ((off_t) file->f_pos != offset) {

arch/mips/kernel/irixinv.c

@@ -30,10 +30,10 @@ void add_to_inventory (int class, int type, int controller, int unit, int state)
 	inventory_items++;
 }
 
-int dump_inventory_to_user (void *userbuf, int size)
+int dump_inventory_to_user (void __user *userbuf, int size)
 {
 	inventory_t *inv  = &inventory [0];
-	inventory_t *user = userbuf;
+	inventory_t __user *user = userbuf;
 	int v;
 
 	if (!access_ok(VERIFY_WRITE, userbuf, size))
@@ -41,7 +41,8 @@ int dump_inventory_to_user (void *userbuf, int size)
 
 	for (v = 0; v < inventory_items; v++){
 		inv = &inventory [v];
-		copy_to_user (user, inv, sizeof (inventory_t));
+		if (copy_to_user (user, inv, sizeof (inventory_t)))
+			return -EFAULT;
 		user++;
 	}
 	return inventory_items * sizeof (inventory_t);

arch/mips/kernel/irixsig.c

@@ -76,36 +76,39 @@ static inline void dump_irix5_sigctx(struct sigctx_irix5 *c)
 }
 #endif
 
-static void setup_irix_frame(struct k_sigaction *ka, struct pt_regs *regs,
-			     int signr, sigset_t *oldmask)
+static int setup_irix_frame(struct k_sigaction *ka, struct pt_regs *regs,
+			    int signr, sigset_t *oldmask)
 {
+	struct sigctx_irix5 __user *ctx;
 	unsigned long sp;
-	struct sigctx_irix5 *ctx;
-	int i;
+	int error, i;
 
 	sp = regs->regs[29];
 	sp -= sizeof(struct sigctx_irix5);
 	sp &= ~(0xf);
-	ctx = (struct sigctx_irix5 *) sp;
+	ctx = (struct sigctx_irix5 __user *) sp;
 	if (!access_ok(VERIFY_WRITE, ctx, sizeof(*ctx)))
 		goto segv_and_exit;
 
-	__put_user(0, &ctx->weird_fpu_thing);
-	__put_user(~(0x00000001), &ctx->rmask);
-	__put_user(0, &ctx->regs[0]);
+	error = __put_user(0, &ctx->weird_fpu_thing);
+	error |= __put_user(~(0x00000001), &ctx->rmask);
+	error |= __put_user(0, &ctx->regs[0]);
 	for(i = 1; i < 32; i++)
-		__put_user((u64) regs->regs[i], &ctx->regs[i]);
+		error |= __put_user((u64) regs->regs[i], &ctx->regs[i]);
+
+	error |= __put_user((u64) regs->hi, &ctx->hi);
+	error |= __put_user((u64) regs->lo, &ctx->lo);
+	error |= __put_user((u64) regs->cp0_epc, &ctx->pc);
+	error |= __put_user(!!used_math(), &ctx->usedfp);
+	error |= __put_user((u64) regs->cp0_cause, &ctx->cp0_cause);
+	error |= __put_user((u64) regs->cp0_badvaddr, &ctx->cp0_badvaddr);
 
-	__put_user((u64) regs->hi, &ctx->hi);
-	__put_user((u64) regs->lo, &ctx->lo);
-	__put_user((u64) regs->cp0_epc, &ctx->pc);
-	__put_user(!!used_math(), &ctx->usedfp);
-	__put_user((u64) regs->cp0_cause, &ctx->cp0_cause);
-	__put_user((u64) regs->cp0_badvaddr, &ctx->cp0_badvaddr);
+	error |= __put_user(0, &ctx->sstk_flags); /* XXX sigstack unimp... todo... */
 
-	__put_user(0, &ctx->sstk_flags); /* XXX sigstack unimp... todo... */
+	error |= __copy_to_user(&ctx->sigset, oldmask, sizeof(irix_sigset_t)) ? -EFAULT : 0;
 
-	__copy_to_user(&ctx->sigset, oldmask, sizeof(irix_sigset_t));
+	if (error)
+		goto segv_and_exit;
 
 #ifdef DEBUG_SIG
 	dump_irix5_sigctx(ctx);
@@ -117,13 +120,14 @@ static void setup_irix_frame(struct k_sigaction *ka, struct pt_regs *regs,
 	regs->regs[7] = (unsigned long) ka->sa.sa_handler;
 	regs->regs[25] = regs->cp0_epc = (unsigned long) ka->sa_restorer;
 
-	return;
+	return 1;
 
 segv_and_exit:
 	force_sigsegv(signr, current);
+	return 0;
 }
 
-static void inline
+static int inline
 setup_irix_rt_frame(struct k_sigaction * ka, struct pt_regs *regs,
                int signr, sigset_t *oldmask, siginfo_t *info)
 {
@@ -131,9 +135,11 @@ setup_irix_rt_frame(struct k_sigaction * ka, struct pt_regs *regs,
 	do_exit(SIGSEGV);
 }
 
-static inline void handle_signal(unsigned long sig, siginfo_t *info,
+static inline int handle_signal(unsigned long sig, siginfo_t *info,
 	struct k_sigaction *ka, sigset_t *oldset, struct pt_regs * regs)
 {
+	int ret;
+
 	switch(regs->regs[0]) {
 	case ERESTARTNOHAND:
 		regs->regs[2] = EINTR;
@@ -151,9 +157,9 @@ static inline void handle_signal(unsigned long sig, siginfo_t *info,
 	regs->regs[0] = 0;		/* Don't deal with this again.  */
 
 	if (ka->sa.sa_flags & SA_SIGINFO)
-		setup_irix_rt_frame(ka, regs, sig, oldset, info);
+		ret = setup_irix_rt_frame(ka, regs, sig, oldset, info);
 	else
-		setup_irix_frame(ka, regs, sig, oldset);
+		ret = setup_irix_frame(ka, regs, sig, oldset);
 
 	spin_lock_irq(&current->sighand->siglock);
 	sigorsets(&current->blocked,&current->blocked,&ka->sa.sa_mask);
@@ -161,6 +167,8 @@ static inline void handle_signal(unsigned long sig, siginfo_t *info,
 		sigaddset(&current->blocked,sig);
 	recalc_sigpending();
 	spin_unlock_irq(&current->sighand->siglock);
+
+	return ret;
 }
 
 asmlinkage int do_irix_signal(sigset_t *oldset, struct pt_regs *regs)
@@ -184,10 +192,8 @@ asmlinkage int do_irix_signal(sigset_t *oldset, struct pt_regs *regs)
 		oldset = &current->blocked;
 
 	signr = get_signal_to_deliver(&info, &ka, regs, NULL);
-	if (signr > 0) {
-		handle_signal(signr, &info, &ka, oldset, regs);
-		return 1;
-	}
+	if (signr > 0)
+		return handle_signal(signr, &info, &ka, oldset, regs);
 
 no_signal:
 	/*
@@ -208,10 +214,11 @@ no_signal:
 asmlinkage void
 irix_sigreturn(struct pt_regs *regs)
 {
-	struct sigctx_irix5 *context, *magic;
+	struct sigctx_irix5 __user *context, *magic;
 	unsigned long umask, mask;
 	u64 *fregs;
-	int sig, i, base = 0;
+	u32 usedfp;
+	int error, sig, i, base = 0;
 	sigset_t blocked;
 
 	/* Always make any pending restarted system calls return -EINTR */
@@ -220,8 +227,8 @@ irix_sigreturn(struct pt_regs *regs)
 	if (regs->regs[2] == 1000)
 		base = 1;
 
-	context = (struct sigctx_irix5 *) regs->regs[base + 4];
-	magic = (struct sigctx_irix5 *) regs->regs[base + 5];
+	context = (struct sigctx_irix5 __user *) regs->regs[base + 4];
+	magic = (struct sigctx_irix5 __user *) regs->regs[base + 5];
 	sig = (int) regs->regs[base + 6];
 #ifdef DEBUG_SIG
 	printk("[%s:%d] IRIX sigreturn(scp[%p],ucp[%p],sig[%d])\n",
@@ -236,25 +243,31 @@ irix_sigreturn(struct pt_regs *regs)
 	dump_irix5_sigctx(context);
 #endif
 
-	__get_user(regs->cp0_epc, &context->pc);
-	umask = context->rmask; mask = 2;
+	error = __get_user(regs->cp0_epc, &context->pc);
+	error |= __get_user(umask, &context->rmask);
+
+	mask = 2;
 	for (i = 1; i < 32; i++, mask <<= 1) {
-		if(umask & mask)
-			__get_user(regs->regs[i], &context->regs[i]);
+		if (umask & mask)
+			error |= __get_user(regs->regs[i], &context->regs[i]);
 	}
-	__get_user(regs->hi, &context->hi);
-	__get_user(regs->lo, &context->lo);
+	error |= __get_user(regs->hi, &context->hi);
+	error |= __get_user(regs->lo, &context->lo);
 
-	if ((umask & 1) && context->usedfp) {
+	error |= __get_user(usedfp, &context->usedfp);
+	if ((umask & 1) && usedfp) {
 		fregs = (u64 *) &current->thread.fpu;
+
 		for(i = 0; i < 32; i++)
-			fregs[i] = (u64) context->fpregs[i];
-		__get_user(current->thread.fpu.hard.fcr31, &context->fpcsr);
+			error |= __get_user(fregs[i], &context->fpregs[i]);
+		error |= __get_user(current->thread.fpu.hard.fcr31, &context->fpcsr);
 	}
 
 	/* XXX do sigstack crapola here... XXX */
 
-	if (__copy_from_user(&blocked, &context->sigset, sizeof(blocked)))
+	error |= __copy_from_user(&blocked, &context->sigset, sizeof(blocked)) ? -EFAULT : 0;
+
+	if (error)
 		goto badframe;
 
 	sigdelsetmask(&blocked, ~_BLOCKABLE);
@@ -296,8 +309,8 @@ static inline void dump_sigact_irix5(struct sigact_irix5 *p)
 #endif
 
 asmlinkage int
-irix_sigaction(int sig, const struct sigaction *act,
-	      struct sigaction *oact, void *trampoline)
+irix_sigaction(int sig, const struct sigaction __user *act,
+	      struct sigaction __user *oact, void __user *trampoline)
 {
 	struct k_sigaction new_ka, old_ka;
 	int ret;
@@ -311,12 +324,16 @@ irix_sigaction(int sig, const struct sigaction *act,
 #endif
 	if (act) {
 		sigset_t mask;
-		if (!access_ok(VERIFY_READ, act, sizeof(*act)) ||
-		    __get_user(new_ka.sa.sa_handler, &act->sa_handler) ||
-		    __get_user(new_ka.sa.sa_flags, &act->sa_flags))
+		int err;
+
+		if (!access_ok(VERIFY_READ, act, sizeof(*act)))
 			return -EFAULT;
+		err = __get_user(new_ka.sa.sa_handler, &act->sa_handler);
+		err |= __get_user(new_ka.sa.sa_flags, &act->sa_flags);
 
-		__copy_from_user(&mask, &act->sa_mask, sizeof(sigset_t));
+		err |= __copy_from_user(&mask, &act->sa_mask, sizeof(sigset_t)) ? -EFAULT : 0;
+		if (err)
+			return err;
 
 		/*
 		 * Hmmm... methinks IRIX libc always passes a valid trampoline
@@ -330,30 +347,37 @@ irix_sigaction(int sig, const struct sigaction *act,
 	ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
 
 	if (!ret && oact) {
-		if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)) ||
-		    __put_user(old_ka.sa.sa_handler, &oact->sa_handler) ||
-		    __put_user(old_ka.sa.sa_flags, &oact->sa_flags))
+		int err;
+
+		if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)))
+			return -EFAULT;
+
+		err = __put_user(old_ka.sa.sa_handler, &oact->sa_handler);
+		err |= __put_user(old_ka.sa.sa_flags, &oact->sa_flags);
+		err |= __copy_to_user(&oact->sa_mask, &old_ka.sa.sa_mask,
+		               sizeof(sigset_t)) ? -EFAULT : 0;
+		if (err)
 			return -EFAULT;
-		__copy_to_user(&old_ka.sa.sa_mask, &oact->sa_mask,
-		               sizeof(sigset_t));
 	}
 
 	return ret;
 }
 
-asmlinkage int irix_sigpending(irix_sigset_t *set)
+asmlinkage int irix_sigpending(irix_sigset_t __user *set)
 {
 	return do_sigpending(set, sizeof(*set));
 }
 
-asmlinkage int irix_sigprocmask(int how, irix_sigset_t *new, irix_sigset_t *old)
+asmlinkage int irix_sigprocmask(int how, irix_sigset_t __user *new,
+	irix_sigset_t __user *old)
 {
 	sigset_t oldbits, newbits;
 
 	if (new) {
 		if (!access_ok(VERIFY_READ, new, sizeof(*new)))
 			return -EFAULT;
-		__copy_from_user(&newbits, new, sizeof(unsigned long)*4);
+		if (__copy_from_user(&newbits, new, sizeof(unsigned long)*4))
+			return -EFAULT;
 		sigdelsetmask(&newbits, ~_BLOCKABLE);
 
 		spin_lock_irq(&current->sighand->siglock);
@@ -381,20 +405,19 @@ asmlinkage int irix_sigprocmask(int how, irix_sigset_t *new, irix_sigset_t *old)
 		recalc_sigpending();
 		spin_unlock_irq(&current->sighand->siglock);
 	}
-	if(old) {
-		if (!access_ok(VERIFY_WRITE, old, sizeof(*old)))
-			return -EFAULT;
-		__copy_to_user(old, &current->blocked, sizeof(unsigned long)*4);
-	}
+	if (old)
+		return copy_to_user(old, &current->blocked,
+		                  sizeof(unsigned long)*4) ? -EFAULT : 0;
 
 	return 0;
 }
 
 asmlinkage int irix_sigsuspend(struct pt_regs *regs)
 {
-	sigset_t *uset, saveset, newset;
+	sigset_t saveset, newset;
+	sigset_t __user *uset;
 
-	uset = (sigset_t *) regs->regs[4];
+	uset = (sigset_t __user *) regs->regs[4];
 	if (copy_from_user(&newset, uset, sizeof(sigset_t)))
 		return -EFAULT;
 	sigdelsetmask(&newset, ~_BLOCKABLE);
@@ -440,12 +463,13 @@ struct irix5_siginfo {
 	} stuff;
 };
 
-asmlinkage int irix_sigpoll_sys(unsigned long *set, struct irix5_siginfo *info,
-				struct timespec *tp)
+asmlinkage int irix_sigpoll_sys(unsigned long __user *set,
+	struct irix5_siginfo __user *info, struct timespec __user *tp)
 {
 	long expire = MAX_SCHEDULE_TIMEOUT;
 	sigset_t kset;
 	int i, sig, error, timeo = 0;
+	struct timespec ktp;
 
 #ifdef DEBUG_SIG
 	printk("[%s:%d] irix_sigpoll_sys(%p,%p,%p)\n",
@@ -456,14 +480,8 @@ asmlinkage int irix_sigpoll_sys(unsigned long *set, struct irix5_siginfo *info,
 	if (!set)
 		return -EINVAL;
 
-	if (!access_ok(VERIFY_READ, set, sizeof(kset))) {
-		error = -EFAULT;
-		goto out;
-	}
-
-	__copy_from_user(&kset, set, sizeof(set));
-	if (error)
-		goto out;
+	if (copy_from_user(&kset, set, sizeof(set)))
+		return -EFAULT;
 
 	if (info && clear_user(info, sizeof(*info))) {
 		error = -EFAULT;
@@ -471,19 +489,21 @@ asmlinkage int irix_sigpoll_sys(unsigned long *set, struct irix5_siginfo *info,
 	}
 
 	if (tp) {
-		if (!access_ok(VERIFY_READ, tp, sizeof(*tp)))
+		if (copy_from_user(&ktp, tp, sizeof(*tp)))
 			return -EFAULT;
-		if (!tp->tv_sec && !tp->tv_nsec) {
-			error = -EINVAL;
-			goto out;
-		}
-		expire = timespec_to_jiffies(tp) + (tp->tv_sec||tp->tv_nsec);
+
+		if (!ktp.tv_sec && !ktp.tv_nsec)
+			return -EINVAL;
+
+		expire = timespec_to_jiffies(&ktp) +
+		         (ktp.tv_sec || ktp.tv_nsec);
 	}
 
 	while(1) {
 		long tmp = 0;
 
-		expire = schedule_timeout_interruptible(expire);
+		current->state = TASK_INTERRUPTIBLE;
+		expire = schedule_timeout(expire);
 
 		for (i=0; i<=4; i++)
 			tmp |= (current->pending.signal.sig[i] & kset.sig[i]);
@@ -500,15 +520,14 @@ asmlinkage int irix_sigpoll_sys(unsigned long *set, struct irix5_siginfo *info,
 	if (timeo)
 		return -EAGAIN;
 
-	for(sig = 1; i <= 65 /* IRIX_NSIG */; sig++) {
+	for (sig = 1; i <= 65 /* IRIX_NSIG */; sig++) {
 		if (sigismember (&kset, sig))
 			continue;
 		if (sigismember (&current->pending.signal, sig)) {
 			/* XXX need more than this... */
 			if (info)
-				info->sig = sig;
-			error = 0;
-			goto out;
+				return copy_to_user(&info->sig, &sig, sizeof(sig));
+			return 0;
 		}
 	}
 
@@ -534,8 +553,9 @@ extern int getrusage(struct task_struct *, int, struct rusage __user *);
 
 #define W_MASK      (W_EXITED | W_TRAPPED | W_STOPPED | W_CONT | W_NOHANG)
 
-asmlinkage int irix_waitsys(int type, int pid, struct irix5_siginfo *info,
-			    int options, struct rusage *ru)
+asmlinkage int irix_waitsys(int type, int pid,
+	struct irix5_siginfo __user *info, int options,
+	struct rusage __user *ru)
 {
 	int flag, retval;
 	DECLARE_WAITQUEUE(wait, current);
@@ -543,28 +563,22 @@ asmlinkage int irix_waitsys(int type, int pid, struct irix5_siginfo *info,
 	struct task_struct *p;
 	struct list_head *_p;
 
-	if (!info) {
-		retval = -EINVAL;
-		goto out;
-	}
-	if (!access_ok(VERIFY_WRITE, info, sizeof(*info))) {
-		retval = -EFAULT;
-		goto out;
-	}
-	if (ru) {
-		if (!access_ok(VERIFY_WRITE, ru, sizeof(*ru))) {
-			retval = -EFAULT;
-			goto out;
-		}
-	}
-	if (options & ~(W_MASK)) {
-		retval = -EINVAL;
-		goto out;
-	}
-	if (type != IRIX_P_PID && type != IRIX_P_PGID && type != IRIX_P_ALL) {
-		retval = -EINVAL;
-		goto out;
-	}
+	if (!info)
+		return -EINVAL;
+
+	if (!access_ok(VERIFY_WRITE, info, sizeof(*info)))
+		return -EFAULT;
+
+	if (ru)
+		if (!access_ok(VERIFY_WRITE, ru, sizeof(*ru)))
+			return -EFAULT;
+
+	if (options & ~W_MASK)
+		return -EINVAL;
+
+	if (type != IRIX_P_PID && type != IRIX_P_PGID && type != IRIX_P_ALL)
+		return -EINVAL;
+
 	add_wait_queue(&current->signal->wait_chldexit, &wait);
 repeat:
 	flag = 0;
@@ -595,18 +609,20 @@ repeat:
 			add_parent(p, p->parent);
 			write_unlock_irq(&tasklist_lock);
 			retval = ru ? getrusage(p, RUSAGE_BOTH, ru) : 0;
-			if (!retval && ru) {
-				retval |= __put_user(SIGCHLD, &info->sig);
-				retval |= __put_user(0, &info->code);
-				retval |= __put_user(p->pid, &info->stuff.procinfo.pid);
-				retval |= __put_user((p->exit_code >> 8) & 0xff,
-				           &info->stuff.procinfo.procdata.child.status);
-				retval |= __put_user(p->utime, &info->stuff.procinfo.procdata.child.utime);
-				retval |= __put_user(p->stime, &info->stuff.procinfo.procdata.child.stime);
-			}
-			if (!retval) {
-				p->exit_code = 0;
-			}
+			if (retval)
+				goto end_waitsys;
+
+			retval = __put_user(SIGCHLD, &info->sig);
+			retval |= __put_user(0, &info->code);
+			retval |= __put_user(p->pid, &info->stuff.procinfo.pid);
+			retval |= __put_user((p->exit_code >> 8) & 0xff,
+			           &info->stuff.procinfo.procdata.child.status);
+			retval |= __put_user(p->utime, &info->stuff.procinfo.procdata.child.utime);
+			retval |= __put_user(p->stime, &info->stuff.procinfo.procdata.child.stime);
+			if (retval)
+				goto end_waitsys;
+
+			p->exit_code = 0;
 			goto end_waitsys;
 
 		case EXIT_ZOMBIE:
@@ -614,16 +630,18 @@ repeat:
 			current->signal->cstime += p->stime + p->signal->cstime;
 			if (ru != NULL)
 				getrusage(p, RUSAGE_BOTH, ru);
-			__put_user(SIGCHLD, &info->sig);
-			__put_user(1, &info->code);      /* CLD_EXITED */
-			__put_user(p->pid, &info->stuff.procinfo.pid);
-			__put_user((p->exit_code >> 8) & 0xff,
+			retval = __put_user(SIGCHLD, &info->sig);
+			retval |= __put_user(1, &info->code);      /* CLD_EXITED */
+			retval |= __put_user(p->pid, &info->stuff.procinfo.pid);
+			retval |= __put_user((p->exit_code >> 8) & 0xff,
 			           &info->stuff.procinfo.procdata.child.status);
-			__put_user(p->utime,
+			retval |= __put_user(p->utime,
 			           &info->stuff.procinfo.procdata.child.utime);
-			__put_user(p->stime,
+			retval |= __put_user(p->stime,
 			           &info->stuff.procinfo.procdata.child.stime);
-			retval = 0;
+			if (retval)
+				return retval;
+
 			if (p->real_parent != p->parent) {
 				write_lock_irq(&tasklist_lock);
 				remove_parent(p);
@@ -656,7 +674,6 @@ end_waitsys:
 	current->state = TASK_RUNNING;
 	remove_wait_queue(&current->signal->wait_chldexit, &wait);
 
-out:
 	return retval;
 }
 
@@ -675,39 +692,39 @@ struct irix5_context {
 
 asmlinkage int irix_getcontext(struct pt_regs *regs)
 {
-	int i, base = 0;
-	struct irix5_context *ctx;
+	int error, i, base = 0;
+	struct irix5_context __user *ctx;
 	unsigned long flags;
 
 	if (regs->regs[2] == 1000)
 		base = 1;
-	ctx = (struct irix5_context *) regs->regs[base + 4];
+	ctx = (struct irix5_context __user *) regs->regs[base + 4];
 
 #ifdef DEBUG_SIG
 	printk("[%s:%d] irix_getcontext(%p)\n",
 	       current->comm, current->pid, ctx);
 #endif
 
-	if (!access_ok(VERIFY_WRITE, ctx, sizeof(*ctx)))
+	if (!access_ok(VERIFY_WRITE, ctx, sizeof(*ctx)));
 		return -EFAULT;
 
-	__put_user(current->thread.irix_oldctx, &ctx->link);
+	error = __put_user(current->thread.irix_oldctx, &ctx->link);
 
-	__copy_to_user(&ctx->sigmask, &current->blocked, sizeof(irix_sigset_t));
+	error |= __copy_to_user(&ctx->sigmask, &current->blocked, sizeof(irix_sigset_t)) ? -EFAULT : 0;
 
 	/* XXX Do sigstack stuff someday... */
-	__put_user(0, &ctx->stack.sp);
-	__put_user(0, &ctx->stack.size);
-	__put_user(0, &ctx->stack.flags);
+	error |= __put_user(0, &ctx->stack.sp);
+	error |= __put_user(0, &ctx->stack.size);
+	error |= __put_user(0, &ctx->stack.flags);
 
-	__put_user(0, &ctx->weird_graphics_thing);
-	__put_user(0, &ctx->regs[0]);
+	error |= __put_user(0, &ctx->weird_graphics_thing);
+	error |= __put_user(0, &ctx->regs[0]);
 	for (i = 1; i < 32; i++)
-		__put_user(regs->regs[i], &ctx->regs[i]);
-	__put_user(regs->lo, &ctx->regs[32]);
-	__put_user(regs->hi, &ctx->regs[33]);
-	__put_user(regs->cp0_cause, &ctx->regs[34]);
-	__put_user(regs->cp0_epc, &ctx->regs[35]);
+		error |= __put_user(regs->regs[i], &ctx->regs[i]);
+	error |= __put_user(regs->lo, &ctx->regs[32]);
+	error |= __put_user(regs->hi, &ctx->regs[33]);
+	error |= __put_user(regs->cp0_cause, &ctx->regs[34]);
+	error |= __put_user(regs->cp0_epc, &ctx->regs[35]);
 
 	flags = 0x0f;
 	if (!used_math()) {
@@ -716,119 +733,124 @@ asmlinkage int irix_getcontext(struct pt_regs *regs)
 		/* XXX wheee... */
 		printk("Wheee, no code for saving IRIX FPU context yet.\n");
 	}
-	__put_user(flags, &ctx->flags);
+	error |= __put_user(flags, &ctx->flags);
 
-	return 0;
+	return error;
 }
 
-asmlinkage unsigned long irix_setcontext(struct pt_regs *regs)
+asmlinkage void irix_setcontext(struct pt_regs *regs)
 {
-	int error, base = 0;
-	struct irix5_context *ctx;
+	struct irix5_context __user *ctx;
+	int err, base = 0;
+	u32 flags;
 
-	if(regs->regs[2] == 1000)
+	if (regs->regs[2] == 1000)
 		base = 1;
-	ctx = (struct irix5_context *) regs->regs[base + 4];
+	ctx = (struct irix5_context __user *) regs->regs[base + 4];
 
 #ifdef DEBUG_SIG
 	printk("[%s:%d] irix_setcontext(%p)\n",
 	       current->comm, current->pid, ctx);
 #endif
 
-	if (!access_ok(VERIFY_READ, ctx, sizeof(*ctx))) {
-		error = -EFAULT;
-		goto out;
-	}
+	if (!access_ok(VERIFY_READ, ctx, sizeof(*ctx)))
+		goto segv_and_exit;
 
-	if (ctx->flags & 0x02) {
+	err = __get_user(flags, &ctx->flags);
+	if (flags & 0x02) {
 		/* XXX sigstack garbage, todo... */
 		printk("Wheee, cannot do sigstack stuff in setcontext\n");
 	}
 
-	if (ctx->flags & 0x04) {
+	if (flags & 0x04) {
 		int i;
 
 		/* XXX extra control block stuff... todo... */
-		for(i = 1; i < 32; i++)
-			regs->regs[i] = ctx->regs[i];
-		regs->lo = ctx->regs[32];
-		regs->hi = ctx->regs[33];
-		regs->cp0_epc = ctx->regs[35];
+		for (i = 1; i < 32; i++)
+			err |= __get_user(regs->regs[i], &ctx->regs[i]);
+		err |= __get_user(regs->lo, &ctx->regs[32]);
+		err |= __get_user(regs->hi, &ctx->regs[33]);
+		err |= __get_user(regs->cp0_epc, &ctx->regs[35]);
 	}
 
-	if (ctx->flags & 0x08) {
+	if (flags & 0x08)
 		/* XXX fpu context, blah... */
-		printk("Wheee, cannot restore FPU context yet...\n");
-	}
-	current->thread.irix_oldctx = ctx->link;
-	error = regs->regs[2];
+		printk(KERN_ERR "Wheee, cannot restore FPU context yet...\n");
 
-out:
-	return error;
+	err |= __get_user(current->thread.irix_oldctx, &ctx->link);
+	if (err)
+		goto segv_and_exit;
+
+	/*
+	 * Don't let your children do this ...
+	 */
+	if (current_thread_info()->flags & TIF_SYSCALL_TRACE)
+		do_syscall_trace(regs, 1);
+	__asm__ __volatile__(
+		"move\t$29,%0\n\t"
+		"j\tsyscall_exit"
+		:/* no outputs */
+		:"r" (&regs));
+		/* Unreached */
+
+segv_and_exit:
+	force_sigsegv(SIGSEGV, current);
 }
 
-struct irix_sigstack { unsigned long sp; int status; };
+struct irix_sigstack {
+	unsigned long sp;
+	int status;
+};
 
-asmlinkage int irix_sigstack(struct irix_sigstack *new, struct irix_sigstack *old)
+asmlinkage int irix_sigstack(struct irix_sigstack __user *new,
+	struct irix_sigstack __user *old)
 {
-	int error = -EFAULT;
-
 #ifdef DEBUG_SIG
 	printk("[%s:%d] irix_sigstack(%p,%p)\n",
 	       current->comm, current->pid, new, old);
 #endif
-	if(new) {
+	if (new) {
 		if (!access_ok(VERIFY_READ, new, sizeof(*new)))
-			goto out;
+			return -EFAULT;
 	}
 
-	if(old) {
+	if (old) {
 		if (!access_ok(VERIFY_WRITE, old, sizeof(*old)))
-			goto out;
+			return -EFAULT;
 	}
-	error = 0;
 
-out:
-	return error;
+	return 0;
 }
 
 struct irix_sigaltstack { unsigned long sp; int size; int status; };
 
-asmlinkage int irix_sigaltstack(struct irix_sigaltstack *new,
-				struct irix_sigaltstack *old)
+asmlinkage int irix_sigaltstack(struct irix_sigaltstack __user *new,
+				struct irix_sigaltstack __user *old)
 {
-	int error = -EFAULT;
-
 #ifdef DEBUG_SIG
 	printk("[%s:%d] irix_sigaltstack(%p,%p)\n",
 	       current->comm, current->pid, new, old);
 #endif
-	if (new) {
+	if (new)
 		if (!access_ok(VERIFY_READ, new, sizeof(*new)))
-			goto out;
-	}
+			return -EFAULT;
 
 	if (old) {
 		if (!access_ok(VERIFY_WRITE, old, sizeof(*old)))
-			goto out;
+			return -EFAULT;
 	}
-	error = 0;
-
-out:
-	error = 0;
 
-	return error;
+	return 0;
 }
 
 struct irix_procset {
 	int cmd, ltype, lid, rtype, rid;
 };
 
-asmlinkage int irix_sigsendset(struct irix_procset *pset, int sig)
+asmlinkage int irix_sigsendset(struct irix_procset __user *pset, int sig)
 {
 	if (!access_ok(VERIFY_READ, pset, sizeof(*pset)))
 		return -EFAULT;
-
 #ifdef DEBUG_SIG
 	printk("[%s:%d] irix_sigsendset([%d,%d,%d,%d,%d],%d)\n",
 	       current->comm, current->pid,

arch/mips/kernel/process.c

@@ -38,14 +38,6 @@
 #include <asm/isadep.h>
 #include <asm/inst.h>
 
-/*
- * We use this if we don't have any better idle routine..
- * (This to kill: kernel/platform.c.
- */
-void default_idle (void)
-{
-}
-
 /*
  * The idle thread. There's no useful work to be done, so just try to conserve
  * power and have a low exit latency (ie sit in a loop waiting for somebody to

arch/mips/kernel/ptrace.c

@@ -103,7 +103,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 		ret = -EIO;
 		if (copied != sizeof(tmp))
 			break;
-		ret = put_user(tmp,(unsigned long *) data);
+		ret = put_user(tmp,(unsigned long __user *) data);
 		break;
 	}
 
@@ -180,7 +180,7 @@ asmlinkage int sys_ptrace(long request, long pid, long addr, long data)
 			ret = -EIO;
 			goto out_tsk;
 		}
-		ret = put_user(tmp, (unsigned long *) data);
+		ret = put_user(tmp, (unsigned long __user *) data);
 		break;
 	}
 

arch/mips/kernel/signal.c

@@ -47,9 +47,10 @@ save_static_function(sys_sigsuspend);
 __attribute_used__ noinline static int
 _sys_sigsuspend(nabi_no_regargs struct pt_regs regs)
 {
-	sigset_t *uset, saveset, newset;
+	sigset_t saveset, newset;
+	sigset_t __user *uset;
 
-	uset = (sigset_t *) regs.regs[4];
+	uset = (sigset_t __user *) regs.regs[4];
 	if (copy_from_user(&newset, uset, sizeof(sigset_t)))
 		return -EFAULT;
 	sigdelsetmask(&newset, ~_BLOCKABLE);
@@ -75,7 +76,8 @@ save_static_function(sys_rt_sigsuspend);
 __attribute_used__ noinline static int
 _sys_rt_sigsuspend(nabi_no_regargs struct pt_regs regs)
 {
-	sigset_t *unewset, saveset, newset;
+	sigset_t saveset, newset;
+	sigset_t __user *unewset;
 	size_t sigsetsize;
 
 	/* XXX Don't preclude handling different sized sigset_t's.  */
@@ -83,7 +85,7 @@ _sys_rt_sigsuspend(nabi_no_regargs struct pt_regs regs)
 	if (sigsetsize != sizeof(sigset_t))
 		return -EINVAL;
 
-	unewset = (sigset_t *) regs.regs[4];
+	unewset = (sigset_t __user *) regs.regs[4];
 	if (copy_from_user(&newset, unewset, sizeof(newset)))
 		return -EFAULT;
 	sigdelsetmask(&newset, ~_BLOCKABLE);
@@ -147,8 +149,8 @@ asmlinkage int sys_sigaction(int sig, const struct sigaction *act,
 
 asmlinkage int sys_sigaltstack(nabi_no_regargs struct pt_regs regs)
 {
-	const stack_t *uss = (const stack_t *) regs.regs[4];
-	stack_t *uoss = (stack_t *) regs.regs[5];
+	const stack_t __user *uss = (const stack_t __user *) regs.regs[4];
+	stack_t __user *uoss = (stack_t __user *) regs.regs[5];
 	unsigned long usp = regs.regs[29];
 
 	return do_sigaltstack(uss, uoss, usp);

arch/mips/kernel/traps.c

@@ -339,9 +339,9 @@ asmlinkage void do_be(struct pt_regs *regs)
 
 static inline int get_insn_opcode(struct pt_regs *regs, unsigned int *opcode)
 {
-	unsigned int *epc;
+	unsigned int __user *epc;
 
-	epc = (unsigned int *) regs->cp0_epc +
+	epc = (unsigned int __user *) regs->cp0_epc +
 	      ((regs->cp0_cause & CAUSEF_BD) != 0);
 	if (!get_user(*opcode, epc))
 		return 0;
@@ -371,7 +371,7 @@ static struct task_struct *ll_task = NULL;
 
 static inline void simulate_ll(struct pt_regs *regs, unsigned int opcode)
 {
-	unsigned long value, *vaddr;
+	unsigned long value, __user *vaddr;
 	long offset;
 	int signal = 0;
 
@@ -385,7 +385,8 @@ static inline void simulate_ll(struct pt_regs *regs, unsigned int opcode)
 	offset <<= 16;
 	offset >>= 16;
 
-	vaddr = (unsigned long *)((long)(regs->regs[(opcode & BASE) >> 21]) + offset);
+	vaddr = (unsigned long __user *)
+	        ((unsigned long)(regs->regs[(opcode & BASE) >> 21]) + offset);
 
 	if ((unsigned long)vaddr & 3) {
 		signal = SIGBUS;
@@ -418,7 +419,8 @@ sig:
 
 static inline void simulate_sc(struct pt_regs *regs, unsigned int opcode)
 {
-	unsigned long *vaddr, reg;
+	unsigned long __user *vaddr;
+	unsigned long reg;
 	long offset;
 	int signal = 0;
 
@@ -432,7 +434,8 @@ static inline void simulate_sc(struct pt_regs *regs, unsigned int opcode)
 	offset <<= 16;
 	offset >>= 16;
 
-	vaddr = (unsigned long *)((long)(regs->regs[(opcode & BASE) >> 21]) + offset);
+	vaddr = (unsigned long __user *)
+	        ((unsigned long)(regs->regs[(opcode & BASE) >> 21]) + offset);
 	reg = (opcode & RT) >> 16;
 
 	if ((unsigned long)vaddr & 3) {
@@ -498,7 +501,7 @@ asmlinkage void do_ov(struct pt_regs *regs)
 	info.si_code = FPE_INTOVF;
 	info.si_signo = SIGFPE;
 	info.si_errno = 0;
-	info.si_addr = (void *)regs->cp0_epc;
+	info.si_addr = (void __user *) regs->cp0_epc;
 	force_sig_info(SIGFPE, &info, current);
 }
 
@@ -584,7 +587,7 @@ asmlinkage void do_bp(struct pt_regs *regs)
 			info.si_code = FPE_INTOVF;
 		info.si_signo = SIGFPE;
 		info.si_errno = 0;
-		info.si_addr = (void *)regs->cp0_epc;
+		info.si_addr = (void __user *) regs->cp0_epc;
 		force_sig_info(SIGFPE, &info, current);
 		break;
 	default:
@@ -621,7 +624,7 @@ asmlinkage void do_tr(struct pt_regs *regs)
 			info.si_code = FPE_INTOVF;
 		info.si_signo = SIGFPE;
 		info.si_errno = 0;
-		info.si_addr = (void *)regs->cp0_epc;
+		info.si_addr = (void __user *) regs->cp0_epc;
 		force_sig_info(SIGFPE, &info, current);
 		break;
 	default:

arch/mips/kernel/unaligned.c

@@ -94,7 +94,7 @@ unsigned long unaligned_instructions;
 #endif
 
 static inline int emulate_load_store_insn(struct pt_regs *regs,
-	void *addr, unsigned long pc,
+	void __user *addr, unsigned int __user *pc,
 	unsigned long **regptr, unsigned long *newvalue)
 {
 	union mips_instruction insn;
@@ -107,7 +107,7 @@ static inline int emulate_load_store_insn(struct pt_regs *regs,
 	/*
 	 * This load never faults.
 	 */
-	__get_user(insn.word, (unsigned int *)pc);
+	__get_user(insn.word, pc);
 
 	switch (insn.i_format.opcode) {
 	/*
@@ -494,8 +494,8 @@ asmlinkage void do_ade(struct pt_regs *regs)
 {
 	unsigned long *regptr, newval;
 	extern int do_dsemulret(struct pt_regs *);
+	unsigned int __user *pc;
 	mm_segment_t seg;
-	unsigned long pc;
 
 	/*
 	 * Address errors may be deliberately induced by the FPU emulator to
@@ -515,7 +515,7 @@ asmlinkage void do_ade(struct pt_regs *regs)
 	if ((regs->cp0_badvaddr == regs->cp0_epc) || (regs->cp0_epc & 0x1))
 		goto sigbus;
 
-	pc = exception_epc(regs);
+	pc = (unsigned int __user *) exception_epc(regs);
 	if ((current->thread.mflags & MF_FIXADE) == 0)
 		goto sigbus;
 
@@ -526,7 +526,7 @@ asmlinkage void do_ade(struct pt_regs *regs)
 	seg = get_fs();
 	if (!user_mode(regs))
 		set_fs(KERNEL_DS);
-	if (!emulate_load_store_insn(regs, (void *)regs->cp0_badvaddr, pc,
+	if (!emulate_load_store_insn(regs, (void __user *)regs->cp0_badvaddr, pc,
 	                             &regptr, &newval)) {
 		compute_return_epc(regs);
 		/*

arch/mips/lib/csum_partial_copy.c

@@ -33,7 +33,7 @@ unsigned int csum_partial_copy_nocheck(const unsigned char *src,
  * Copy from userspace and compute checksum.  If we catch an exception
  * then zero the rest of the buffer.
  */
-unsigned int csum_partial_copy_from_user (const unsigned char *src,
+unsigned int csum_partial_copy_from_user (const unsigned char __user *src,
 	unsigned char *dst, int len, unsigned int sum, int *err_ptr)
 {
 	int missing;

arch/mips/mm/c-r4k.c

@@ -456,8 +456,8 @@ static void r4k_flush_data_cache_page(unsigned long addr)
 }
 
 struct flush_icache_range_args {
-	unsigned long start;
-	unsigned long end;
+	unsigned long __user start;
+	unsigned long __user end;
 };
 
 static inline void local_r4k_flush_icache_range(void *args)
@@ -519,7 +519,8 @@ static inline void local_r4k_flush_icache_range(void *args)
 	}
 }
 
-static void r4k_flush_icache_range(unsigned long start, unsigned long end)
+static void r4k_flush_icache_range(unsigned long __user start,
+	unsigned long __user end)
 {
 	struct flush_icache_range_args args;
 

arch/mips/mm/cache.c

@@ -24,7 +24,8 @@ void (*flush_cache_mm)(struct mm_struct *mm);
 void (*flush_cache_range)(struct vm_area_struct *vma, unsigned long start,
 	unsigned long end);
 void (*flush_cache_page)(struct vm_area_struct *vma, unsigned long page, unsigned long pfn);
-void (*flush_icache_range)(unsigned long start, unsigned long end);
+void (*flush_icache_range)(unsigned long __user start,
+	unsigned long __user end);
 void (*flush_icache_page)(struct vm_area_struct *vma, struct page *page);
 
 /* MIPS specific cache operations */
@@ -49,10 +50,10 @@ EXPORT_SYMBOL(_dma_cache_inv);
  * We could optimize the case where the cache argument is not BCACHE but
  * that seems very atypical use ...
  */
-asmlinkage int sys_cacheflush(unsigned long addr, unsigned long int bytes,
-	unsigned int cache)
+asmlinkage int sys_cacheflush(unsigned long __user addr,
+	unsigned long bytes, unsigned int cache)
 {
-	if (!access_ok(VERIFY_WRITE, (void *) addr, bytes))
+	if (!access_ok(VERIFY_WRITE, (void __user *) addr, bytes))
 		return -EFAULT;
 
 	flush_icache_range(addr, addr + bytes);

arch/mips/mm/fault.c

@@ -141,7 +141,7 @@ bad_area_nosemaphore:
 		info.si_signo = SIGSEGV;
 		info.si_errno = 0;
 		/* info.si_code has been set above */
-		info.si_addr = (void *) address;
+		info.si_addr = (void __user *) address;
 		force_sig_info(SIGSEGV, &info, tsk);
 		return;
 	}
@@ -197,7 +197,7 @@ do_sigbus:
 	info.si_signo = SIGBUS;
 	info.si_errno = 0;
 	info.si_code = BUS_ADRERR;
-	info.si_addr = (void *) address;
+	info.si_addr = (void __user *) address;
 	force_sig_info(SIGBUS, &info, tsk);
 
 	return;

include/asm-mips/cacheflush.h

@@ -49,7 +49,8 @@ static inline void flush_dcache_page(struct page *page)
 
 extern void (*flush_icache_page)(struct vm_area_struct *vma,
 	struct page *page);
-extern void (*flush_icache_range)(unsigned long start, unsigned long end);
+extern void (*flush_icache_range)(unsigned long __user start,
+	unsigned long __user end);
 #define flush_cache_vmap(start, end)		flush_cache_all()
 #define flush_cache_vunmap(start, end)		flush_cache_all()
 

include/asm-mips/checksum.h

@@ -34,8 +34,9 @@ unsigned int csum_partial(const unsigned char *buff, int len, unsigned int sum);
  * this is a new version of the above that records errors it finds in *errp,
  * but continues and zeros the rest of the buffer.
  */
-unsigned int csum_partial_copy_from_user(const unsigned char *src, unsigned char *dst, int len,
-                                         unsigned int sum, int *errp);
+unsigned int csum_partial_copy_from_user(const unsigned char __user *src,
+					 unsigned char *dst, int len,
+					 unsigned int sum, int *errp);
 
 /*
  * Copy and checksum to user

include/asm-mips/io.h

@@ -25,6 +25,7 @@
 #include <asm/page.h>
 #include <asm/pgtable-bits.h>
 #include <asm/processor.h>
+#include <asm/string.h>
 
 #include <mangle-port.h>
 
@@ -217,7 +218,7 @@ static inline void __iomem * __ioremap_mode(phys_t offset, unsigned long size,
 		 */
 		if (flags == _CACHE_UNCACHED)
 			base = (u64) IO_BASE;
-		return (void *) (unsigned long) (base + offset);
+		return (void __iomem *) (unsigned long) (base + offset);
 	}
 
 	return __ioremap(offset, size, flags);
@@ -486,9 +487,18 @@ BUILDSTRING(q, u64)
 /* Depends on MIPS II instruction set */
 #define mmiowb() asm volatile ("sync" ::: "memory")
 
-#define memset_io(a,b,c)	memset((void *)(a),(b),(c))
-#define memcpy_fromio(a,b,c)	memcpy((a),(void *)(b),(c))
-#define memcpy_toio(a,b,c)	memcpy((void *)(a),(b),(c))
+static inline void memset_io(volatile void __iomem *addr, unsigned char val, int count)
+{
+	memset((void __force *) addr, val, count);
+}
+static inline void memcpy_fromio(void *dst, const volatile void __iomem *src, int count)
+{
+	memcpy(dst, (void __force *) src, count);
+}
+static inline void memcpy_toio(volatile void __iomem *dst, const void *src, int count)
+{
+	memcpy((void __force *) dst, src, count);
+}
 
 /*
  * Memory Mapped I/O

include/asm-mips/irq.h

@@ -24,11 +24,9 @@ static inline int irq_canonicalize(int irq)
 
 struct pt_regs;
 
-#ifdef CONFIG_PREEMPT
-
 extern asmlinkage unsigned int do_IRQ(unsigned int irq, struct pt_regs *regs);
 
-#else
+#ifdef CONFIG_PREEMPT
 
 /*
  * do_IRQ handles all normal device IRQ's (the special

include/asm-mips/sibyte/sb1250.h

@@ -58,6 +58,6 @@ extern void prom_printf(char *fmt, ...);
 
 #endif
 
-#define IOADDR(a) ((void *)(IO_BASE + (a)))
+#define IOADDR(a) ((volatile void __iomem *)(IO_BASE + (a)))
 
 #endif

include/asm-mips/uaccess.h

@@ -196,63 +196,56 @@
 	__get_user_nocheck((x),(ptr),sizeof(*(ptr)))
 
 struct __large_struct { unsigned long buf[100]; };
-#define __m(x) (*(struct __large_struct *)(x))
+#define __m(x) (*(struct __large_struct __user *)(x))
 
 /*
  * Yuck.  We need two variants, one for 64bit operation and one
  * for 32 bit mode and old iron.
  */
 #ifdef __mips64
-#define __GET_USER_DW(__gu_err) __get_user_asm("ld", __gu_err)
+#define __GET_USER_DW(ptr) __get_user_asm("ld", ptr)
 #else
-#define __GET_USER_DW(__gu_err) __get_user_asm_ll32(__gu_err)
+#define __GET_USER_DW(ptr) __get_user_asm_ll32(ptr)
 #endif
 
 #define __get_user_nocheck(x,ptr,size)					\
 ({									\
-	__typeof(*(ptr)) __gu_val = 0;					\
-	long __gu_addr;							\
+	__typeof(*(ptr)) __gu_val =  (__typeof(*(ptr))) 0;		\
 	long __gu_err = 0;						\
 									\
 	might_sleep();							\
-	__gu_addr = (long) (ptr);					\
 	switch (size) {							\
-	case 1: __get_user_asm("lb", __gu_err); break;			\
-	case 2: __get_user_asm("lh", __gu_err); break;			\
-	case 4: __get_user_asm("lw", __gu_err); break;			\
-	case 8: __GET_USER_DW(__gu_err); break;				\
+	case 1: __get_user_asm("lb", ptr); break;			\
+	case 2: __get_user_asm("lh", ptr); break;			\
+	case 4: __get_user_asm("lw", ptr); break;			\
+	case 8: __GET_USER_DW(ptr); break;				\
 	default: __get_user_unknown(); break;				\
 	}								\
-	x = (__typeof__(*(ptr))) __gu_val;				\
+	(x) = (__typeof__(*(ptr))) __gu_val;				\
 	__gu_err;							\
 })
 
 #define __get_user_check(x,ptr,size)					\
 ({									\
+	const __typeof__(*(ptr)) __user * __gu_addr = (ptr);		\
 	__typeof__(*(ptr)) __gu_val = 0;				\
-	long __gu_addr;							\
-	long __gu_err;							\
+	long __gu_err = -EFAULT;					\
 									\
-	might_sleep();							\
-	__gu_addr = (long) (ptr);					\
-	__gu_err = access_ok(VERIFY_READ, (void *) __gu_addr, size)	\
-				? 0 : -EFAULT;				\
-									\
-	if (likely(!__gu_err)) {					\
+	if (likely(access_ok(VERIFY_READ,  __gu_addr, size))) {		\
 		switch (size) {						\
-		case 1: __get_user_asm("lb", __gu_err); break;		\
-		case 2: __get_user_asm("lh", __gu_err); break;		\
-		case 4: __get_user_asm("lw", __gu_err); break;		\
-		case 8: __GET_USER_DW(__gu_err); break;			\
+		case 1: __get_user_asm("lb", __gu_addr); break;		\
+		case 2: __get_user_asm("lh", __gu_addr); break;		\
+		case 4: __get_user_asm("lw", __gu_addr); break;		\
+		case 8: __GET_USER_DW(__gu_addr); break;		\
 		default: __get_user_unknown(); break;			\
 		}							\
 	}								\
-	x = (__typeof__(*(ptr))) __gu_val;				\
+	(x) = (__typeof__(*(ptr))) __gu_val;				\
 	__gu_err;							\
 })
 
-#define __get_user_asm(insn,__gu_err)					\
-({									\
+#define __get_user_asm(insn, addr)					\
+{									\
 	__asm__ __volatile__(						\
 	"1:	" insn "	%1, %3				\n"	\
 	"2:							\n"	\
@@ -264,20 +257,20 @@ struct __large_struct { unsigned long buf[100]; };
 	"	"__UA_ADDR "\t1b, 3b				\n"	\
 	"	.previous					\n"	\
 	: "=r" (__gu_err), "=r" (__gu_val)				\
-	: "0" (__gu_err), "o" (__m(__gu_addr)), "i" (-EFAULT));		\
-})
+	: "0" (0), "o" (__m(addr)), "i" (-EFAULT));			\
+}
 
 /*
  * Get a long long 64 using 32 bit registers.
  */
-#define __get_user_asm_ll32(__gu_err)					\
-({									\
+#define __get_user_asm_ll32(addr)					\
+{									\
 	__asm__ __volatile__(						\
-	"1:	lw	%1, %3					\n"	\
-	"2:	lw	%D1, %4					\n"	\
+	"1:	lw	%1, (%3)				\n"	\
+	"2:	lw	%D1, 4(%3)				\n"	\
 	"	move	%0, $0					\n"	\
 	"3:	.section	.fixup,\"ax\"			\n"	\
-	"4:	li	%0, %5					\n"	\
+	"4:	li	%0, %4					\n"	\
 	"	move	%1, $0					\n"	\
 	"	move	%D1, $0					\n"	\
 	"	j	3b					\n"	\
@@ -287,9 +280,8 @@ struct __large_struct { unsigned long buf[100]; };
 	"	" __UA_ADDR "	2b, 4b				\n"	\
 	"	.previous					\n"	\
 	: "=r" (__gu_err), "=&r" (__gu_val)				\
-	: "0" (__gu_err), "o" (__m(__gu_addr)),				\
-	  "o" (__m(__gu_addr + 4)), "i" (-EFAULT));			\
-})
+	: "0" (0), "r" (addr), "i" (-EFAULT));				\
+}
 
 extern void __get_user_unknown(void);
 
@@ -298,25 +290,23 @@ extern void __get_user_unknown(void);
  * for 32 bit mode and old iron.
  */
 #ifdef __mips64
-#define __PUT_USER_DW(__pu_val) __put_user_asm("sd", __pu_val)
+#define __PUT_USER_DW(ptr) __put_user_asm("sd", ptr)
 #else
-#define __PUT_USER_DW(__pu_val) __put_user_asm_ll32(__pu_val)
+#define __PUT_USER_DW(ptr) __put_user_asm_ll32(ptr)
 #endif
 
 #define __put_user_nocheck(x,ptr,size)					\
 ({									\
 	__typeof__(*(ptr)) __pu_val;					\
-	long __pu_addr;							\
 	long __pu_err = 0;						\
 									\
 	might_sleep();							\
 	__pu_val = (x);							\
-	__pu_addr = (long) (ptr);					\
 	switch (size) {							\
-	case 1: __put_user_asm("sb", __pu_val); break;			\
-	case 2: __put_user_asm("sh", __pu_val); break;			\
-	case 4: __put_user_asm("sw", __pu_val); break;			\
-	case 8: __PUT_USER_DW(__pu_val); break;				\
+	case 1: __put_user_asm("sb", ptr); break;			\
+	case 2: __put_user_asm("sh", ptr); break;			\
+	case 4: __put_user_asm("sw", ptr); break;			\
+	case 8: __PUT_USER_DW(ptr); break;				\
 	default: __put_user_unknown(); break;				\
 	}								\
 	__pu_err;							\
@@ -324,30 +314,24 @@ extern void __get_user_unknown(void);
 
 #define __put_user_check(x,ptr,size)					\
 ({									\
-	__typeof__(*(ptr)) __pu_val;					\
-	long __pu_addr;							\
-	long __pu_err;							\
+	__typeof__(*(ptr)) __user *__pu_addr = (ptr);			\
+	__typeof__(*(ptr)) __pu_val = (x);				\
+	long __pu_err = -EFAULT;					\
 									\
-	might_sleep();							\
-	__pu_val = (x);							\
-	__pu_addr = (long) (ptr);					\
-	__pu_err = access_ok(VERIFY_WRITE, (void *) __pu_addr, size)	\
-				? 0 : -EFAULT;				\
-									\
-	if (likely(!__pu_err)) {					\
+	if (likely(access_ok(VERIFY_WRITE,  __pu_addr, size))) {	\
 		switch (size) {						\
-		case 1: __put_user_asm("sb", __pu_val); break;		\
-		case 2: __put_user_asm("sh", __pu_val); break;		\
-		case 4: __put_user_asm("sw", __pu_val); break;		\
-		case 8: __PUT_USER_DW(__pu_val); break;			\
+		case 1: __put_user_asm("sb", __pu_addr); break;		\
+		case 2: __put_user_asm("sh", __pu_addr); break;		\
+		case 4: __put_user_asm("sw", __pu_addr); break;		\
+		case 8: __PUT_USER_DW(__pu_addr); break;		\
 		default: __put_user_unknown(); break;			\
 		}							\
 	}								\
 	__pu_err;							\
 })
 
-#define __put_user_asm(insn, __pu_val)					\
-({									\
+#define __put_user_asm(insn, ptr)					\
+{									\
 	__asm__ __volatile__(						\
 	"1:	" insn "	%z2, %3		# __put_user_asm\n"	\
 	"2:							\n"	\
@@ -359,18 +343,18 @@ extern void __get_user_unknown(void);
 	"	" __UA_ADDR "	1b, 3b				\n"	\
 	"	.previous					\n"	\
 	: "=r" (__pu_err)						\
-	: "0" (__pu_err), "Jr" (__pu_val), "o" (__m(__pu_addr)),	\
+	: "0" (0), "Jr" (__pu_val), "o" (__m(ptr)),			\
 	  "i" (-EFAULT));						\
-})
+}
 
-#define __put_user_asm_ll32(__pu_val)					\
-({									\
+#define __put_user_asm_ll32(ptr)					\
+{									\
 	__asm__ __volatile__(						\
-	"1:	sw	%2, %3		# __put_user_asm_ll32	\n"	\
-	"2:	sw	%D2, %4					\n"	\
+	"1:	sw	%2, (%3)	# __put_user_asm_ll32	\n"	\
+	"2:	sw	%D2, 4(%3)				\n"	\
 	"3:							\n"	\
 	"	.section	.fixup,\"ax\"			\n"	\
-	"4:	li	%0, %5					\n"	\
+	"4:	li	%0, %4					\n"	\
 	"	j	3b					\n"	\
 	"	.previous					\n"	\
 	"	.section	__ex_table,\"a\"		\n"	\
@@ -378,9 +362,9 @@ extern void __get_user_unknown(void);
 	"	" __UA_ADDR "	2b, 4b				\n"	\
 	"	.previous"						\
 	: "=r" (__pu_err)						\
-	: "0" (__pu_err), "r" (__pu_val), "o" (__m(__pu_addr)),		\
-	  "o" (__m(__pu_addr + 4)), "i" (-EFAULT));			\
-})
+	: "0" (0), "r" (__pu_val), "r" (ptr),				\
+	  "i" (-EFAULT));						\
+}
 
 extern void __put_user_unknown(void);
 
@@ -403,7 +387,7 @@ extern size_t __copy_user(void *__to, const void *__from, size_t __n);
 
 #define __invoke_copy_to_user(to,from,n)				\
 ({									\
-	register void *__cu_to_r __asm__ ("$4");			\
+	register void __user *__cu_to_r __asm__ ("$4");			\
 	register const void *__cu_from_r __asm__ ("$5");		\
 	register long __cu_len_r __asm__ ("$6");			\
 									\
@@ -435,7 +419,7 @@ extern size_t __copy_user(void *__to, const void *__from, size_t __n);
  */
 #define __copy_to_user(to,from,n)					\
 ({									\
-	void *__cu_to;							\
+	void __user *__cu_to;						\
 	const void *__cu_from;						\
 	long __cu_len;							\
 									\
@@ -465,7 +449,7 @@ extern size_t __copy_user(void *__to, const void *__from, size_t __n);
  */
 #define copy_to_user(to,from,n)						\
 ({									\
-	void *__cu_to;							\
+	void __user *__cu_to;						\
 	const void *__cu_from;						\
 	long __cu_len;							\
 									\
@@ -482,7 +466,7 @@ extern size_t __copy_user(void *__to, const void *__from, size_t __n);
 #define __invoke_copy_from_user(to,from,n)				\
 ({									\
 	register void *__cu_to_r __asm__ ("$4");			\
-	register const void *__cu_from_r __asm__ ("$5");		\
+	register const void __user *__cu_from_r __asm__ ("$5");		\
 	register long __cu_len_r __asm__ ("$6");			\
 									\
 	__cu_to_r = (to);						\
@@ -521,7 +505,7 @@ extern size_t __copy_user(void *__to, const void *__from, size_t __n);
 #define __copy_from_user(to,from,n)					\
 ({									\
 	void *__cu_to;							\
-	const void *__cu_from;						\
+	const void __user *__cu_from;					\
 	long __cu_len;							\
 									\
 	might_sleep();							\
@@ -552,7 +536,7 @@ extern size_t __copy_user(void *__to, const void *__from, size_t __n);
 #define copy_from_user(to,from,n)					\
 ({									\
 	void *__cu_to;							\
-	const void *__cu_from;						\
+	const void __user *__cu_from;					\
 	long __cu_len;							\
 									\
 	might_sleep();							\
@@ -569,8 +553,8 @@ extern size_t __copy_user(void *__to, const void *__from, size_t __n);
 
 #define copy_in_user(to,from,n)						\
 ({									\
-	void *__cu_to;							\
-	const void *__cu_from;						\
+	void __user *__cu_to;						\
+	const void __user *__cu_from;					\
 	long __cu_len;							\
 									\
 	might_sleep();							\
@@ -596,7 +580,7 @@ extern size_t __copy_user(void *__to, const void *__from, size_t __n);
  * On success, this will be zero.
  */
 static inline __kernel_size_t
-__clear_user(void *addr, __kernel_size_t size)
+__clear_user(void __user *addr, __kernel_size_t size)
 {
 	__kernel_size_t res;
 
@@ -616,7 +600,7 @@ __clear_user(void *addr, __kernel_size_t size)
 
 #define clear_user(addr,n)						\
 ({									\
-	void * __cl_addr = (addr);					\
+	void __user * __cl_addr = (addr);				\
 	unsigned long __cl_size = (n);					\
 	if (__cl_size && access_ok(VERIFY_WRITE,			\
 		((unsigned long)(__cl_addr)), __cl_size))		\
@@ -645,7 +629,7 @@ __clear_user(void *addr, __kernel_size_t size)
  * and returns @count.
  */
 static inline long
-__strncpy_from_user(char *__to, const char *__from, long __len)
+__strncpy_from_user(char *__to, const char __user *__from, long __len)
 {
 	long res;
 
@@ -682,7 +666,7 @@ __strncpy_from_user(char *__to, const char *__from, long __len)
  * and returns @count.
  */
 static inline long
-strncpy_from_user(char *__to, const char *__from, long __len)
+strncpy_from_user(char *__to, const char __user *__from, long __len)
 {
 	long res;
 
@@ -701,7 +685,7 @@ strncpy_from_user(char *__to, const char *__from, long __len)
 }
 
 /* Returns: 0 if bad, string length+1 (memory size) of string if ok */
-static inline long __strlen_user(const char *s)
+static inline long __strlen_user(const char __user *s)
 {
 	long res;
 
@@ -731,7 +715,7 @@ static inline long __strlen_user(const char *s)
  * If there is a limit on the length of a valid string, you may wish to
  * consider using strnlen_user() instead.
  */
-static inline long strlen_user(const char *s)
+static inline long strlen_user(const char __user *s)
 {
 	long res;
 
@@ -748,7 +732,7 @@ static inline long strlen_user(const char *s)
 }
 
 /* Returns: 0 if bad, string length+1 (memory size) of string if ok */
-static inline long __strnlen_user(const char *s, long n)
+static inline long __strnlen_user(const char __user *s, long n)
 {
 	long res;
 
@@ -779,7 +763,7 @@ static inline long __strnlen_user(const char *s, long n)
  * If there is a limit on the length of a valid string, you may wish to
  * consider using strnlen_user() instead.
  */
-static inline long strnlen_user(const char *s, long n)
+static inline long strnlen_user(const char __user *s, long n)
 {
 	long res;