# interdiff pax-linux-3.1.8-test22.patch pax-linux-3.1.8-test23.patch
reverted:
--- linux-3.1.8-pax/arch/s390/kernel/setup.c	2011-10-24 13:07:45.779029872 +0200
+++ linux-3.1.8/arch/s390/kernel/setup.c	2011-10-24 12:48:25.395091819 +0200
@@ -271,7 +271,7 @@
 }
 early_param("mem", early_parse_mem);
 
+unsigned int user_mode = HOME_SPACE_MODE;
-unsigned int user_mode = SECONDARY_SPACE_MODE;
 EXPORT_SYMBOL_GPL(user_mode);
 
 static int set_amode_and_uaccess(unsigned long user_amode,
diff -u linux-3.1.8-pax/arch/x86/include/asm/alternative-asm.h linux-3.1.8-pax/arch/x86/include/asm/alternative-asm.h
--- linux-3.1.8-pax/arch/x86/include/asm/alternative-asm.h	2011-12-02 19:06:05.331851615 +0100
+++ linux-3.1.8-pax/arch/x86/include/asm/alternative-asm.h	2012-01-08 19:22:10.467555159 +0100
@@ -4,10 +4,10 @@
 
 #ifdef CONFIG_SMP
 	.macro LOCK_PREFIX
-1:	lock
+672:	lock
 	.section .smp_locks,"a"
 	.balign 4
-	.long 1b - .
+	.long 672b - .
 	.previous
 	.endm
 #else
diff -u linux-3.1.8-pax/arch/x86/include/asm/atomic.h linux-3.1.8-pax/arch/x86/include/asm/atomic.h
--- linux-3.1.8-pax/arch/x86/include/asm/atomic.h	2011-10-24 13:07:45.795029858 +0200
+++ linux-3.1.8-pax/arch/x86/include/asm/atomic.h	2012-01-08 03:46:50.937673168 +0100
@@ -390,8 +390,8 @@
 #ifdef CONFIG_M386
 no_xadd: /* Legacy 386 processor */
 	raw_local_irq_save(flags);
-	__i = atomic_read(v);
-	atomic_set(v, i + __i);
+	__i = atomic_read_unchecked(v);
+	atomic_set_unchecked(v, i + __i);
 	raw_local_irq_restore(flags);
 	return i + __i;
 #endif
diff -u linux-3.1.8-pax/arch/x86/mm/fault.c linux-3.1.8-pax/arch/x86/mm/fault.c
--- linux-3.1.8-pax/arch/x86/mm/fault.c	2011-11-15 18:04:32.837973586 +0100
+++ linux-3.1.8-pax/arch/x86/mm/fault.c	2012-01-09 21:49:13.922572670 +0100
@@ -1442,6 +1442,30 @@
 {
 	int err;
 
+	do { /* PaX: libffi trampoline emulation */
+		unsigned char mov, jmp;
+		unsigned int addr1, addr2;
+
+#ifdef CONFIG_X86_64
+		if ((regs->ip + 9) >> 32)
+			break;
+#endif
+
+		err = get_user(mov, (unsigned char __user *)regs->ip);
+		err |= get_user(addr1, (unsigned int __user *)(regs->ip + 1));
+		err |= get_user(jmp, (unsigned char __user *)(regs->ip + 5));
+		err |= get_user(addr2, (unsigned int __user *)(regs->ip + 6));
+
+		if (err)
+			break;
+
+		if (mov == 0xB8 && jmp == 0xE9) {
+			regs->ax = addr1;
+			regs->ip = (unsigned int)(regs->ip + addr2 + 10);
+			return 2;
+		}
+	} while (0);
+
 	do { /* PaX: gcc trampoline emulation #1 */
 		unsigned char mov1, mov2;
 		unsigned short jmp;
@@ -1501,6 +1525,34 @@
 {
 	int err;
 
+	do { /* PaX: libffi trampoline emulation */
+		unsigned short mov1, mov2, jmp1;
+		unsigned char stcclc, jmp2;
+		unsigned long addr1, addr2;
+
+		err = get_user(mov1, (unsigned short __user *)regs->ip);
+		err |= get_user(addr1, (unsigned long __user *)(regs->ip + 2));
+		err |= get_user(mov2, (unsigned short __user *)(regs->ip + 10));
+		err |= get_user(addr2, (unsigned long __user *)(regs->ip + 12));
+		err |= get_user(stcclc, (unsigned char __user *)(regs->ip + 20));
+		err |= get_user(jmp1, (unsigned short __user *)(regs->ip + 21));
+		err |= get_user(jmp2, (unsigned char __user *)(regs->ip + 23));
+
+		if (err)
+			break;
+
+		if (mov1 == 0xBB49 && mov2 == 0xBA49 && (stcclc == 0xF8 || stcclc == 0xF9) && jmp1 == 0xFF49 && jmp2 == 0xE3) {
+			regs->r11 = addr1;
+			regs->r10 = addr2;
+			if (stcclc == 0xF8)
+				regs->flags &= ~X86_EFLAGS_CF;
+			else
+				regs->flags |= X86_EFLAGS_CF;
+			regs->ip = addr1;
+			return 2;
+		}
+	} while (0);
+
 	do { /* PaX: gcc trampoline emulation #1 */
 		unsigned short mov1, mov2, jmp1;
 		unsigned char jmp2;