[PATCH] sparse: signal annotation

	ss_sp in struct sigaltstack made __user
	->si_addr and ->sival_ptr made __user
	your ->sa_restorer and ->sa_handler changes propagated
	users of these guys annotated on i386/amd64/alpha/sparc/sparc64

arch/alpha/kernel/osf_sys.c

@@ -588,7 +588,7 @@ osf_sigstack(struct sigstack __user *uss, struct sigstack __user *uoss)
 	int error;
 
 	if (uss) {
-		void *ss_sp;
+		void __user *ss_sp;
 
 		error = -EFAULT;
 		if (get_user(ss_sp, &uss->ss_sp))

arch/alpha/kernel/signal.c

@@ -304,7 +304,7 @@ do_sigreturn(struct sigcontext __user *sc, struct pt_regs *regs,
 		info.si_signo = SIGTRAP;
 		info.si_errno = 0;
 		info.si_code = TRAP_BRKPT;
-		info.si_addr = (void *) regs->pc;
+		info.si_addr = (void __user *) regs->pc;
 		info.si_trapno = 0;
 		send_sig_info(SIGTRAP, &info, current);
 	}
@@ -342,7 +342,7 @@ do_rt_sigreturn(struct rt_sigframe __user *frame, struct pt_regs *regs,
 		info.si_signo = SIGTRAP;
 		info.si_errno = 0;
 		info.si_code = TRAP_BRKPT;
-		info.si_addr = (void *) regs->pc;
+		info.si_addr = (void __user *) regs->pc;
 		info.si_trapno = 0;
 		send_sig_info(SIGTRAP, &info, current);
 	}

arch/alpha/kernel/traps.c

@@ -228,7 +228,7 @@ do_entArith(unsigned long summary, unsigned long write_mask,
 	info.si_signo = SIGFPE;
 	info.si_errno = 0;
 	info.si_code = si_code;
-	info.si_addr = (void *) regs->pc;
+	info.si_addr = (void __user *) regs->pc;
 	send_sig_info(SIGFPE, &info, current);
 }
 
@@ -256,7 +256,7 @@ do_entIF(unsigned long type, struct pt_regs *regs)
 		info.si_errno = 0;
 		info.si_code = TRAP_BRKPT;
 		info.si_trapno = 0;
-		info.si_addr = (void *) regs->pc;
+		info.si_addr = (void __user *) regs->pc;
 
 		if (ptrace_cancel_bpt(current)) {
 			regs->pc -= 4;	/* make pc point to former bpt */
@@ -269,13 +269,13 @@ do_entIF(unsigned long type, struct pt_regs *regs)
 		info.si_signo = SIGTRAP;
 		info.si_errno = 0;
 		info.si_code = __SI_FAULT;
-		info.si_addr = (void *) regs->pc;
+		info.si_addr = (void __user *) regs->pc;
 		info.si_trapno = 0;
 		send_sig_info(SIGTRAP, &info, current);
 		return;
 		
 	      case 2: /* gentrap */
-		info.si_addr = (void *) regs->pc;
+		info.si_addr = (void __user *) regs->pc;
 		info.si_trapno = regs->r16;
 		switch ((long) regs->r16) {
 		case GEN_INTOVF:
@@ -337,7 +337,7 @@ do_entIF(unsigned long type, struct pt_regs *regs)
 		info.si_signo = signo;
 		info.si_errno = 0;
 		info.si_code = code;
-		info.si_addr = (void *) regs->pc;
+		info.si_addr = (void __user *) regs->pc;
 		send_sig_info(signo, &info, current);
 		return;
 
@@ -365,7 +365,7 @@ do_entIF(unsigned long type, struct pt_regs *regs)
 				info.si_signo = SIGFPE;
 				info.si_errno = 0;
 				info.si_code = si_code;
-				info.si_addr = (void *) regs->pc;
+				info.si_addr = (void __user *) regs->pc;
 				send_sig_info(SIGFPE, &info, current);
 				return;
 			}
@@ -394,7 +394,7 @@ do_entIF(unsigned long type, struct pt_regs *regs)
 	info.si_signo = SIGILL;
 	info.si_errno = 0;
 	info.si_code = ILL_ILLOPC;
-	info.si_addr = (void *) regs->pc;
+	info.si_addr = (void __user *) regs->pc;
 	send_sig_info(SIGILL, &info, current);
 }
 
@@ -415,7 +415,7 @@ do_entDbg(struct pt_regs *regs)
 	info.si_signo = SIGILL;
 	info.si_errno = 0;
 	info.si_code = ILL_ILLOPC;
-	info.si_addr = (void *) regs->pc;
+	info.si_addr = (void __user *) regs->pc;
 	force_sig_info(SIGILL, &info, current);
 }
 
@@ -765,7 +765,7 @@ static int unauser_reg_offsets[32] = {
 #undef R
 
 asmlinkage void
-do_entUnaUser(void * va, unsigned long opcode,
+do_entUnaUser(void __user * va, unsigned long opcode,
 	      unsigned long reg, struct pt_regs *regs)
 {
 	static int cnt = 0;

arch/alpha/mm/fault.c

@@ -211,7 +211,7 @@ do_page_fault(unsigned long address, unsigned long mmcsr,
 	info.si_signo = SIGBUS;
 	info.si_errno = 0;
 	info.si_code = BUS_ADRERR;
-	info.si_addr = (void *) address;
+	info.si_addr = (void __user *) address;
 	force_sig_info(SIGBUS, &info, current);
 	if (!user_mode(regs))
 		goto no_context;
@@ -221,7 +221,7 @@ do_page_fault(unsigned long address, unsigned long mmcsr,
 	info.si_signo = SIGSEGV;
 	info.si_errno = 0;
 	info.si_code = si_code;
-	info.si_addr = (void *) address;
+	info.si_addr = (void __user *) address;
 	force_sig_info(SIGSEGV, &info, current);
 	return;
 

arch/i386/kernel/i8259.c

@@ -320,11 +320,11 @@ void init_8259A(int auto_eoi)
 
 static irqreturn_t math_error_irq(int cpl, void *dev_id, struct pt_regs *regs)
 {
-	extern void math_error(void *);
+	extern void math_error(void __user *);
 	outb(0,0xF0);
 	if (ignore_fpu_irq || !boot_cpu_data.hard_math)
 		return IRQ_NONE;
-	math_error((void *)regs->eip);
+	math_error((void __user *)regs->eip);
 	return IRQ_HANDLED;
 }
 

arch/i386/kernel/signal.c

@@ -336,12 +336,13 @@ get_sigframe(struct k_sigaction *ka, struct pt_regs * regs, size_t frame_size)
 
 /* These symbols are defined with the addresses in the vsyscall page.
    See vsyscall-sigreturn.S.  */
-extern void __kernel_sigreturn, __kernel_rt_sigreturn;
+extern void __user __kernel_sigreturn;
+extern void __user __kernel_rt_sigreturn;
 
 static void setup_frame(int sig, struct k_sigaction *ka,
 			sigset_t *set, struct pt_regs * regs)
 {
-	void *restorer;
+	void __user *restorer;
 	struct sigframe __user *frame;
 	int err = 0;
 
@@ -418,7 +419,7 @@ static void setup_frame(int sig, struct k_sigaction *ka,
 static void setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
 			   sigset_t *set, struct pt_regs * regs)
 {
-	void *restorer;
+	void __user *restorer;
 	struct rt_sigframe __user *frame;
 	int err = 0;
 

arch/i386/kernel/traps.c

@@ -397,7 +397,7 @@ asmlinkage void do_##name(struct pt_regs * regs, long error_code) \
 	info.si_signo = signr; \
 	info.si_errno = 0; \
 	info.si_code = sicode; \
-	info.si_addr = (void *)siaddr; \
+	info.si_addr = (void __user *)siaddr; \
 	do_trap(trapnr, signr, str, 0, regs, error_code, &info); \
 }
 
@@ -414,7 +414,7 @@ asmlinkage void do_##name(struct pt_regs * regs, long error_code) \
 	info.si_signo = signr; \
 	info.si_errno = 0; \
 	info.si_code = sicode; \
-	info.si_addr = (void *)siaddr; \
+	info.si_addr = (void __user *)siaddr; \
 	do_trap(trapnr, signr, str, 1, regs, error_code, &info); \
 }
 
@@ -630,8 +630,8 @@ asmlinkage void do_debug(struct pt_regs * regs, long error_code)
 	/* If this is a kernel mode trap, save the user PC on entry to 
 	 * the kernel, that's what the debugger can make sense of.
 	 */
-	info.si_addr = ((regs->xcs & 3) == 0) ? (void *)tsk->thread.eip : 
-	                                        (void *)regs->eip;
+	info.si_addr = ((regs->xcs & 3) == 0) ? (void __user *)tsk->thread.eip
+	                                      : (void __user *)regs->eip;
 	force_sig_info(SIGTRAP, &info, tsk);
 
 	/* Disable additional traps. They'll be re-enabled when
@@ -659,7 +659,7 @@ asmlinkage void do_debug(struct pt_regs * regs, long error_code)
  * the correct behaviour even in the presence of the asynchronous
  * IRQ13 behaviour
  */
-void math_error(void *eip)
+void math_error(void __user *eip)
 {
 	struct task_struct * task;
 	siginfo_t info;
@@ -718,10 +718,10 @@ void math_error(void *eip)
 asmlinkage void do_coprocessor_error(struct pt_regs * regs, long error_code)
 {
 	ignore_fpu_irq = 1;
-	math_error((void *)regs->eip);
+	math_error((void __user *)regs->eip);
 }
 
-void simd_math_error(void *eip)
+void simd_math_error(void __user *eip)
 {
 	struct task_struct * task;
 	siginfo_t info;
@@ -775,7 +775,7 @@ asmlinkage void do_simd_coprocessor_error(struct pt_regs * regs,
 	if (cpu_has_xmm) {
 		/* Handle SIMD FPU exceptions on PIII+ processors. */
 		ignore_fpu_irq = 1;
-		simd_math_error((void *)regs->eip);
+		simd_math_error((void __user *)regs->eip);
 	} else {
 		/*
 		 * Handle strange cache flush from user space exception

arch/i386/mm/fault.c

@@ -389,7 +389,7 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code)
 		info.si_signo = SIGSEGV;
 		info.si_errno = 0;
 		/* info.si_code has been set above */
-		info.si_addr = (void *)address;
+		info.si_addr = (void __user *)address;
 		force_sig_info(SIGSEGV, &info, tsk);
 		return;
 	}
@@ -499,7 +499,7 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code)
 	info.si_signo = SIGBUS;
 	info.si_errno = 0;
 	info.si_code = BUS_ADRERR;
-	info.si_addr = (void *)address;
+	info.si_addr = (void __user *)address;
 	force_sig_info(SIGBUS, &info, tsk);
 	return;
 

arch/sparc/kernel/signal.c

@@ -439,7 +439,7 @@ setup_frame(struct sigaction *sa, struct pt_regs *regs, int signr, sigset_t *old
 	unsigned long pc = regs->pc;
 	unsigned long npc = regs->npc;
 	struct thread_info *tp = current_thread_info();
-	void *sig_address;
+	void __user *sig_address;
 	int sig_code;
 
 	synchronize_user_stack();

arch/sparc/kernel/sys_sparc.c

@@ -375,7 +375,7 @@ sparc_breakpoint (struct pt_regs *regs)
 	info.si_signo = SIGTRAP;
 	info.si_errno = 0;
 	info.si_code = TRAP_BRKPT;
-	info.si_addr = (void *)regs->pc;
+	info.si_addr = (void __user *)regs->pc;
 	info.si_trapno = 0;
 	force_sig_info(SIGTRAP, &info, current);
 

arch/sparc/kernel/sys_sunos.c

@@ -505,7 +505,7 @@ asmlinkage int sunos_nosys(void)
 	info.si_signo = SIGSYS;
 	info.si_errno = 0;
 	info.si_code = __SI_FAULT|0x100;
-	info.si_addr = (void *)regs->pc;
+	info.si_addr = (void __user *)regs->pc;
 	info.si_trapno = regs->u_regs[UREG_G1];
 	send_sig_info(SIGSYS, &info, current);
 	if (cnt++ < 4) {

arch/sparc/kernel/traps.c

@@ -147,7 +147,7 @@ void do_hw_interrupt(struct pt_regs *regs, unsigned long type)
 	info.si_signo = SIGILL;
 	info.si_errno = 0;
 	info.si_code = ILL_ILLTRP;
-	info.si_addr = (void *)regs->pc;
+	info.si_addr = (void __user *)regs->pc;
 	info.si_trapno = type - 0x80;
 	force_sig_info(SIGILL, &info, current);
 }
@@ -170,7 +170,7 @@ void do_illegal_instruction(struct pt_regs *regs, unsigned long pc, unsigned lon
 	info.si_signo = SIGILL;
 	info.si_errno = 0;
 	info.si_code = ILL_ILLOPC;
-	info.si_addr = (void *)pc;
+	info.si_addr = (void __user *)pc;
 	info.si_trapno = 0;
 	send_sig_info(SIGILL, &info, current);
 }
@@ -185,7 +185,7 @@ void do_priv_instruction(struct pt_regs *regs, unsigned long pc, unsigned long n
 	info.si_signo = SIGILL;
 	info.si_errno = 0;
 	info.si_code = ILL_PRVOPC;
-	info.si_addr = (void *)pc;
+	info.si_addr = (void __user *)pc;
 	info.si_trapno = 0;
 	send_sig_info(SIGILL, &info, current);
 }
@@ -354,7 +354,7 @@ void do_fpe_trap(struct pt_regs *regs, unsigned long pc, unsigned long npc,
 	fsr = fpt->thread.fsr;
 	info.si_signo = SIGFPE;
 	info.si_errno = 0;
-	info.si_addr = (void *)pc;
+	info.si_addr = (void __user *)pc;
 	info.si_trapno = 0;
 	info.si_code = __SI_FAULT;
 	if ((fsr & 0x1c000) == (1 << 14)) {
@@ -388,7 +388,7 @@ void handle_tag_overflow(struct pt_regs *regs, unsigned long pc, unsigned long n
 	info.si_signo = SIGEMT;
 	info.si_errno = 0;
 	info.si_code = EMT_TAGOVF;
-	info.si_addr = (void *)pc;
+	info.si_addr = (void __user *)pc;
 	info.si_trapno = 0;
 	send_sig_info(SIGEMT, &info, current);
 }
@@ -417,7 +417,7 @@ void handle_reg_access(struct pt_regs *regs, unsigned long pc, unsigned long npc
 	info.si_signo = SIGBUS;
 	info.si_errno = 0;
 	info.si_code = BUS_OBJERR;
-	info.si_addr = (void *)pc;
+	info.si_addr = (void __user *)pc;
 	info.si_trapno = 0;
 	force_sig_info(SIGBUS, &info, current);
 }
@@ -430,7 +430,7 @@ void handle_cp_disabled(struct pt_regs *regs, unsigned long pc, unsigned long np
 	info.si_signo = SIGILL;
 	info.si_errno = 0;
 	info.si_code = ILL_COPROC;
-	info.si_addr = (void *)pc;
+	info.si_addr = (void __user *)pc;
 	info.si_trapno = 0;
 	send_sig_info(SIGILL, &info, current);
 }
@@ -447,7 +447,7 @@ void handle_cp_exception(struct pt_regs *regs, unsigned long pc, unsigned long n
 	info.si_signo = SIGILL;
 	info.si_errno = 0;
 	info.si_code = ILL_COPROC;
-	info.si_addr = (void *)pc;
+	info.si_addr = (void __user *)pc;
 	info.si_trapno = 0;
 	send_sig_info(SIGILL, &info, current);
 }
@@ -460,7 +460,7 @@ void handle_hw_divzero(struct pt_regs *regs, unsigned long pc, unsigned long npc
 	info.si_signo = SIGFPE;
 	info.si_errno = 0;
 	info.si_code = FPE_INTDIV;
-	info.si_addr = (void *)pc;
+	info.si_addr = (void __user *)pc;
 	info.si_trapno = 0;
 	send_sig_info(SIGFPE, &info, current);
 }

arch/sparc/kernel/unaligned.c

@@ -473,7 +473,7 @@ void user_mna_trap_fault(struct pt_regs *regs, unsigned int insn)
 	info.si_signo = SIGBUS;
 	info.si_errno = 0;
 	info.si_code = BUS_ADRALN;
-	info.si_addr = (void *)safe_compute_effective_address(regs, insn);
+	info.si_addr = (void __user *)safe_compute_effective_address(regs, insn);
 	info.si_trapno = 0;
 	send_sig_info(SIGBUS, &info, current);
 }

arch/sparc/mm/fault.c

@@ -326,7 +326,7 @@ asmlinkage void do_sparc_fault(struct pt_regs *regs, int text_fault, int write,
 		info.si_errno = 0;
 		/* info.si_code set above to make clear whether
 		   this was a SEGV_MAPERR or SEGV_ACCERR fault.  */
-		info.si_addr = (void *) compute_si_addr(regs, text_fault);
+		info.si_addr = (void __user *)compute_si_addr(regs, text_fault);
 		info.si_trapno = 0;
 		force_sig_info (SIGSEGV, &info, tsk);
 		return;
@@ -380,7 +380,7 @@ asmlinkage void do_sparc_fault(struct pt_regs *regs, int text_fault, int write,
 	info.si_signo = SIGBUS;
 	info.si_errno = 0;
 	info.si_code = BUS_ADRERR;
-	info.si_addr = (void *) compute_si_addr(regs, text_fault);
+	info.si_addr = (void __user *) compute_si_addr(regs, text_fault);
 	info.si_trapno = 0;
 	force_sig_info (SIGBUS, &info, tsk);
 	if (!from_user)
@@ -549,7 +549,7 @@ inline void force_user_fault(unsigned long address, int write)
 	info.si_errno = 0;
 	/* info.si_code set above to make clear whether
 	   this was a SEGV_MAPERR or SEGV_ACCERR fault.  */
-	info.si_addr = (void *) address;
+	info.si_addr = (void __user *) address;
 	info.si_trapno = 0;
 	force_sig_info (SIGSEGV, &info, tsk);
 	return;
@@ -559,7 +559,7 @@ inline void force_user_fault(unsigned long address, int write)
 	info.si_signo = SIGBUS;
 	info.si_errno = 0;
 	info.si_code = BUS_ADRERR;
-	info.si_addr = (void *) address;
+	info.si_addr = (void __user *) address;
 	info.si_trapno = 0;
 	force_sig_info (SIGBUS, &info, tsk);
 }

arch/sparc64/kernel/signal32.c

@@ -461,7 +461,7 @@ asmlinkage void do_rt_sigreturn32(struct pt_regs *regs)
 		err |= restore_fpu_state32(regs, &sf->fpu_state);
 	err |= copy_from_user(&seta, &sf->mask, sizeof(compat_sigset_t));
 	err |= __get_user(u_ss_sp, &sf->stack.ss_sp);
-	st.ss_sp = (void *) (long) u_ss_sp;
+	st.ss_sp = compat_ptr(u_ss_sp);
 	err |= __get_user(st.ss_flags, &sf->stack.ss_flags);
 	err |= __get_user(st.ss_size, &sf->stack.ss_size);
 	if (err)
@@ -520,7 +520,7 @@ setup_frame32(struct sigaction *sa, struct pt_regs *regs, int signr, sigset_t *o
 	struct sigcontext32 __user *sc;
 	unsigned int seta[_COMPAT_NSIG_WORDS];
 	int err = 0;
-	void *sig_address;
+	void __user *sig_address;
 	int sig_code;
 	unsigned long pc = regs->tpc;
 	unsigned long npc = regs->tnpc;
@@ -1031,7 +1031,7 @@ asmlinkage int svr4_setcontext(svr4_ucontext_t __user *c, struct pt_regs *regs)
 		set.sig[1] = setv.sigbits[2] | (((long)setv.sigbits[3]) << 32);
 	
 	err |= __get_user(u_ss_sp, &c->stack.sp);
-	st.ss_sp = (void *) (long) u_ss_sp;
+	st.ss_sp = compat_ptr(u_ss_sp);
 	err |= __get_user(st.ss_flags, &c->stack.flags);
 	err |= __get_user(st.ss_size, &c->stack.size);
 	if (err)
@@ -1360,7 +1360,7 @@ asmlinkage long do_sys32_sigaltstack(u32 ussa, u32 uossa, unsigned long sp)
 		    __get_user(uss.ss_flags, &((stack_t32 __user *)(long)ussa)->ss_flags) ||
 		    __get_user(uss.ss_size, &((stack_t32 __user *)(long)ussa)->ss_size)))
 		return -EFAULT;
-	uss.ss_sp = (void *) (long) u_ss_sp;
+	uss.ss_sp = compat_ptr(u_ss_sp);
 	old_fs = get_fs();
 	set_fs(KERNEL_DS);
 	ret = do_sigaltstack(ussa ? (stack_t __user *) &uss : NULL,

arch/sparc64/kernel/sys_sparc.c

@@ -448,7 +448,7 @@ asmlinkage void sparc_breakpoint(struct pt_regs *regs)
 	info.si_signo = SIGTRAP;
 	info.si_errno = 0;
 	info.si_code = TRAP_BRKPT;
-	info.si_addr = (void *)regs->tpc;
+	info.si_addr = (void __user *)regs->tpc;
 	info.si_trapno = 0;
 	force_sig_info(SIGTRAP, &info, current);
 #ifdef DEBUG_SPARC_BREAKPOINT

arch/sparc64/kernel/sys_sparc32.c

@@ -1293,9 +1293,9 @@ asmlinkage long compat_sys_sigaction(int sig, struct old_sigaction32 __user *act
 		u32 u_handler, u_restorer;
 		
 		ret = get_user(u_handler, &act->sa_handler);
-		new_ka.sa.sa_handler = (void *) (long) u_handler;
+		new_ka.sa.sa_handler =  compat_ptr(u_handler);
 		ret |= __get_user(u_restorer, &act->sa_restorer);
-		new_ka.sa.sa_restorer = (void *) (long) u_restorer;
+		new_ka.sa.sa_restorer = compat_ptr(u_restorer);
 		ret |= __get_user(new_ka.sa.sa_flags, &act->sa_flags);
 		ret |= __get_user(mask, &act->sa_mask);
 		if (ret)
@@ -1340,7 +1340,7 @@ asmlinkage long compat_sys_rt_sigaction(int sig,
 
 		new_ka.ka_restorer = restorer;
 		ret = get_user(u_handler, &act->sa_handler);
-		new_ka.sa.sa_handler = (void *) (long) u_handler;
+		new_ka.sa.sa_handler =  compat_ptr(u_handler);
 		ret |= __copy_from_user(&set32, &act->sa_mask, sizeof(compat_sigset_t));
 		switch (_NSIG_WORDS) {
 		case 4: new_ka.sa.sa_mask.sig[3] = set32.sig[6] | (((long)set32.sig[7]) << 32);
@@ -1350,7 +1350,7 @@ asmlinkage long compat_sys_rt_sigaction(int sig,
 		}
 		ret |= __get_user(new_ka.sa.sa_flags, &act->sa_flags);
 		ret |= __get_user(u_restorer, &act->sa_restorer);
-		new_ka.sa.sa_restorer = (void *) (long) u_restorer;
+		new_ka.sa.sa_restorer = compat_ptr(u_restorer);
                 if (ret)
                 	return -EFAULT;
 	}

arch/sparc64/kernel/sys_sunos32.c

@@ -465,7 +465,7 @@ asmlinkage int sunos_nosys(void)
 	info.si_signo = SIGSYS;
 	info.si_errno = 0;
 	info.si_code = __SI_FAULT|0x100;
-	info.si_addr = (void *)regs->tpc;
+	info.si_addr = (void __user *)regs->tpc;
 	info.si_trapno = regs->u_regs[UREG_G1];
 	send_sig_info(SIGSYS, &info, current);
 	if (cnt++ < 4) {
@@ -1280,7 +1280,7 @@ asmlinkage int sunos_sigaction (int sig,
 		if (get_user(u_handler, &act->sa_handler) ||
 		    __get_user(new_ka.sa.sa_flags, &act->sa_flags))
 			return -EFAULT;
-		new_ka.sa.sa_handler = (void *) (long) u_handler;
+		new_ka.sa.sa_handler = compat_ptr(u_handler);
 		__get_user(mask, &act->sa_mask);
 		new_ka.sa.sa_restorer = NULL;
 		new_ka.ka_restorer = NULL;

arch/sparc64/kernel/traps.c

@@ -93,7 +93,7 @@ void bad_trap (struct pt_regs *regs, long lvl)
 	info.si_signo = SIGILL;
 	info.si_errno = 0;
 	info.si_code = ILL_ILLTRP;
-	info.si_addr = (void *)regs->tpc;
+	info.si_addr = (void __user *)regs->tpc;
 	info.si_trapno = lvl;
 	force_sig_info(SIGILL, &info, current);
 }
@@ -133,7 +133,7 @@ void instruction_access_exception(struct pt_regs *regs,
 	info.si_signo = SIGSEGV;
 	info.si_errno = 0;
 	info.si_code = SEGV_MAPERR;
-	info.si_addr = (void *)regs->tpc;
+	info.si_addr = (void __user *)regs->tpc;
 	info.si_trapno = 0;
 	force_sig_info(SIGSEGV, &info, current);
 }
@@ -176,7 +176,7 @@ void data_access_exception (struct pt_regs *regs,
 	info.si_signo = SIGSEGV;
 	info.si_errno = 0;
 	info.si_code = SEGV_MAPERR;
-	info.si_addr = (void *)sfar;
+	info.si_addr = (void __user *)sfar;
 	info.si_trapno = 0;
 	force_sig_info(SIGSEGV, &info, current);
 }
@@ -1617,7 +1617,7 @@ void do_fpe_common(struct pt_regs *regs)
 		}
 		info.si_signo = SIGFPE;
 		info.si_errno = 0;
-		info.si_addr = (void *)regs->tpc;
+		info.si_addr = (void __user *)regs->tpc;
 		info.si_trapno = 0;
 		info.si_code = __SI_FAULT;
 		if ((fsr & 0x1c000) == (1 << 14)) {
@@ -1672,7 +1672,7 @@ void do_tof(struct pt_regs *regs)
 	info.si_signo = SIGEMT;
 	info.si_errno = 0;
 	info.si_code = EMT_TAGOVF;
-	info.si_addr = (void *)regs->tpc;
+	info.si_addr = (void __user *)regs->tpc;
 	info.si_trapno = 0;
 	force_sig_info(SIGEMT, &info, current);
 }
@@ -1690,7 +1690,7 @@ void do_div0(struct pt_regs *regs)
 	info.si_signo = SIGFPE;
 	info.si_errno = 0;
 	info.si_code = FPE_INTDIV;
-	info.si_addr = (void *)regs->tpc;
+	info.si_addr = (void __user *)regs->tpc;
 	info.si_trapno = 0;
 	force_sig_info(SIGFPE, &info, current);
 }
@@ -1850,7 +1850,7 @@ void do_illegal_instruction(struct pt_regs *regs)
 	info.si_signo = SIGILL;
 	info.si_errno = 0;
 	info.si_code = ILL_ILLOPC;
-	info.si_addr = (void *)pc;
+	info.si_addr = (void __user *)pc;
 	info.si_trapno = 0;
 	force_sig_info(SIGILL, &info, current);
 }
@@ -1872,7 +1872,7 @@ void mem_address_unaligned(struct pt_regs *regs, unsigned long sfar, unsigned lo
 	info.si_signo = SIGBUS;
 	info.si_errno = 0;
 	info.si_code = BUS_ADRALN;
-	info.si_addr = (void *)sfar;
+	info.si_addr = (void __user *)sfar;
 	info.si_trapno = 0;
 	force_sig_info(SIGBUS, &info, current);
 }
@@ -1888,7 +1888,7 @@ void do_privop(struct pt_regs *regs)
 	info.si_signo = SIGILL;
 	info.si_errno = 0;
 	info.si_code = ILL_PRVOPC;
-	info.si_addr = (void *)regs->tpc;
+	info.si_addr = (void __user *)regs->tpc;
 	info.si_trapno = 0;
 	force_sig_info(SIGILL, &info, current);
 }

arch/sparc64/mm/fault.c

@@ -218,9 +218,9 @@ static void do_fault_siginfo(int code, int sig, struct pt_regs *regs,
 	info.si_signo = sig;
 	info.si_errno = 0;
 	if (fault_code & FAULT_CODE_ITLB)
-		info.si_addr = (void *) regs->tpc;
+		info.si_addr = (void __user *) regs->tpc;
 	else
-		info.si_addr = (void *)
+		info.si_addr = (void __user *)
 			compute_effective_address(regs, insn, 0);
 	info.si_trapno = 0;
 	force_sig_info(sig, &info, current);

arch/x86_64/ia32/ia32_signal.c

@@ -109,7 +109,7 @@ int ia32_copy_siginfo_from_user(siginfo_t *to, siginfo_t32 __user *from)
 	err |= __get_user(to->si_pid, &from->si_pid);
 	err |= __get_user(to->si_uid, &from->si_uid);
 	err |= __get_user(ptr32, &from->si_ptr);
-	to->si_ptr = (void*)(u64)ptr32;
+	to->si_ptr = compat_ptr(ptr32);
 
 	return err;
 }
@@ -146,12 +146,12 @@ sys32_sigaltstack(const stack_ia32_t __user *uss_ptr,
 	if (uss_ptr) { 
 		u32 ptr;
 		memset(&uss,0,sizeof(stack_t));
-	if (!access_ok(VERIFY_READ,uss_ptr,sizeof(stack_ia32_t)) ||
-		    __get_user(ptr, &uss_ptr->ss_sp) ||
-		    __get_user(uss.ss_flags, &uss_ptr->ss_flags) ||
-		    __get_user(uss.ss_size, &uss_ptr->ss_size))
-		return -EFAULT;
-		uss.ss_sp = (void *)(u64)ptr;
+		if (!access_ok(VERIFY_READ,uss_ptr,sizeof(stack_ia32_t)) ||
+			    __get_user(ptr, &uss_ptr->ss_sp) ||
+			    __get_user(uss.ss_flags, &uss_ptr->ss_flags) ||
+			    __get_user(uss.ss_size, &uss_ptr->ss_size))
+			return -EFAULT;
+		uss.ss_sp = compat_ptr(ptr);
 	}
 	seg = get_fs(); 
 	set_fs(KERNEL_DS); 
@@ -448,7 +448,7 @@ void ia32_setup_frame(int sig, struct k_sigaction *ka,
 
 	/* Return stub is in 32bit vsyscall page */
 	{ 
-		void *restorer = VSYSCALL32_SIGRETURN; 
+		void __user *restorer = VSYSCALL32_SIGRETURN; 
 		if (ka->sa.sa_flags & SA_RESTORER)
 			restorer = ka->sa.sa_restorer;       
 		err |= __put_user(ptr_to_u32(restorer), &frame->pretcode);
@@ -541,7 +541,7 @@ void ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info,
 
 	
 	{ 
-		void *restorer = VSYSCALL32_RTSIGRETURN; 
+		void __user *restorer = VSYSCALL32_RTSIGRETURN; 
 		if (ka->sa.sa_flags & SA_RESTORER)
 			restorer = ka->sa.sa_restorer;       
 		err |= __put_user(ptr_to_u32(restorer), &frame->pretcode);

arch/x86_64/kernel/traps.c

@@ -448,7 +448,7 @@ asmlinkage void do_##name(struct pt_regs * regs, long error_code) \
 	info.si_signo = signr; \
 	info.si_errno = 0; \
 	info.si_code = sicode; \
-	info.si_addr = (void *)siaddr; \
+	info.si_addr = (void __user *)siaddr; \
 	if (notify_die(DIE_TRAP, str, regs, error_code, trapnr, signr) == NOTIFY_BAD) \
 		return; \
 	do_trap(trapnr, signr, str, regs, error_code, &info); \
@@ -662,7 +662,7 @@ asmlinkage void *do_debug(struct pt_regs * regs, unsigned long error_code)
 	if ((regs->cs & 3) == 0) 
 		goto clear_dr7; 
 
-	info.si_addr = (void *)regs->rip;
+	info.si_addr = (void __user *)regs->rip;
 	force_sig_info(SIGTRAP, &info, tsk);	
 clear_dr7:
 	asm volatile("movq %0,%%db7"::"r"(0UL));
@@ -686,7 +686,7 @@ asmlinkage void *do_debug(struct pt_regs * regs, unsigned long error_code)
  * the correct behaviour even in the presence of the asynchronous
  * IRQ13 behaviour
  */
-void math_error(void *rip)
+void math_error(void __user *rip)
 {
 	struct task_struct * task;
 	siginfo_t info;
@@ -743,7 +743,7 @@ void math_error(void *rip)
 asmlinkage void do_coprocessor_error(struct pt_regs * regs)
 {
 	conditional_sti(regs);
-	math_error((void *)regs->rip);
+	math_error((void __user *)regs->rip);
 }
 
 asmlinkage void bad_intr(void)
@@ -751,7 +751,7 @@ asmlinkage void bad_intr(void)
 	printk("bad interrupt"); 
 }
 
-static inline void simd_math_error(void *rip)
+static inline void simd_math_error(void __user *rip)
 {
 	struct task_struct * task;
 	siginfo_t info;
@@ -802,7 +802,7 @@ static inline void simd_math_error(void *rip)
 asmlinkage void do_simd_coprocessor_error(struct pt_regs * regs)
 {
 	conditional_sti(regs);
-		simd_math_error((void *)regs->rip);
+		simd_math_error((void __user *)regs->rip);
 }
 
 asmlinkage void do_spurious_interrupt_bug(struct pt_regs * regs)

arch/x86_64/mm/fault.c

@@ -389,7 +389,7 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code)
 		info.si_signo = SIGSEGV;
 		info.si_errno = 0;
 		/* info.si_code has been set above */
-		info.si_addr = (void *)address;
+		info.si_addr = (void __user *)address;
 		force_sig_info(SIGSEGV, &info, tsk);
 		return;
 	}
@@ -463,7 +463,7 @@ asmlinkage void do_page_fault(struct pt_regs *regs, unsigned long error_code)
 	info.si_signo = SIGBUS;
 	info.si_errno = 0;
 	info.si_code = BUS_ADRERR;
-	info.si_addr = (void *)address;
+	info.si_addr = (void __user *)address;
 	force_sig_info(SIGBUS, &info, tsk);
 	return;
 

drivers/usb/core/devio.c

@@ -269,7 +269,7 @@ static void async_completed(struct urb *urb, struct pt_regs *regs)
 		sinfo.si_signo = as->signr;
 		sinfo.si_errno = as->urb->status;
 		sinfo.si_code = SI_ASYNCIO;
-		sinfo.si_addr = (void *)as->userurb;
+		sinfo.si_addr = as->userurb;
 		send_sig_info(as->signr, &sinfo, as->task);
 	}
         wake_up(&ps->wait);

include/asm-alpha/signal.h

@@ -128,7 +128,11 @@ typedef unsigned long sigset_t;
 #define SIG_SETMASK        3	/* for setting the signal mask */
 
 /* Type of a signal handler.  */
-typedef void (*__sighandler_t)(int);
+typedef void __signalfn_t(int);
+typedef __signalfn_t __user *__sighandler_t;
+
+typedef void __restorefn_t(void);
+typedef __restorefn_t __user *__sigrestore_t;
 
 #define SIG_DFL	((__sighandler_t)0)	/* default signal handling */
 #define SIG_IGN	((__sighandler_t)1)	/* ignore signal */
@@ -149,7 +153,7 @@ struct sigaction {
 
 struct k_sigaction {
 	struct sigaction sa;
-	void (*ka_restorer)(void);
+	__sigrestore_t ka_restorer;
 };
 #else
 /* Here we must cater to libcs that poke about in kernel headers.  */
@@ -169,7 +173,7 @@ struct sigaction {
 #endif /* __KERNEL__ */
 
 typedef struct sigaltstack {
-	void *ss_sp;
+	void __user *ss_sp;
 	int ss_flags;
 	size_t ss_size;
 } stack_t;
@@ -179,7 +183,7 @@ typedef struct sigaltstack {
    implemented here for OSF/1 compatibility.  */
 
 struct sigstack {
-	void *ss_sp;
+	void __user *ss_sp;
 	int ss_onstack;
 };
 

include/asm-generic/siginfo.h

@@ -6,7 +6,7 @@
 
 typedef union sigval {
 	int sival_int;
-	void *sival_ptr;
+	void __user *sival_ptr;
 } sigval_t;
 
 /*
@@ -78,7 +78,7 @@ typedef struct siginfo {
 
 		/* SIGILL, SIGFPE, SIGSEGV, SIGBUS */
 		struct {
-			void *_addr; /* faulting insn/memory ref. */
+			void __user *_addr; /* faulting insn/memory ref. */
 #ifdef __ARCH_SI_TRAPNO
 			int _trapno;	/* TRAP # which caused the signal */
 #endif

include/asm-sparc64/signal.h

@@ -186,9 +186,14 @@ struct sigstack {
 
 /* Type of a signal handler.  */
 #ifdef __KERNEL__
-typedef void (*__sighandler_t)(int, struct sigcontext *);
+typedef void __signalfn_t(int);
+typedef __signalfn_t __user *__sighandler_t;
+
+typedef void __restorefn_t(void);
+typedef __restorefn_t __user *__sigrestore_t;
 #else
 typedef void (*__sighandler_t)(int);
+typedef void (*__sigrestore_t)(void);
 #endif
 
 #define SIG_DFL	((__sighandler_t)0)	/* default signal handling */
@@ -198,7 +203,7 @@ typedef void (*__sighandler_t)(int);
 struct __new_sigaction {
 	__sighandler_t		sa_handler;
 	unsigned long		sa_flags;
-	void 			(*sa_restorer)(void);     /* not used by Linux/SPARC yet */
+	__sigrestore_t 		sa_restorer;  /* not used by Linux/SPARC yet */
 	__new_sigset_t		sa_mask;
 };
 
@@ -233,7 +238,7 @@ struct __old_sigaction32 {
 #endif
 
 typedef struct sigaltstack {
-	void			*ss_sp;
+	void			__user *ss_sp;
 	int			ss_flags;
 	size_t			ss_size;
 } stack_t;

include/asm-x86_64/signal.h

@@ -136,7 +136,11 @@ typedef unsigned long sigset_t;
 
 #ifndef __ASSEMBLY__
 /* Type of a signal handler.  */
-typedef void (*__sighandler_t)(int);
+typedef void __signalfn_t(int);
+typedef __signalfn_t __user *__sighandler_t;
+
+typedef void __restorefn_t(void);
+typedef __restorefn_t __user *__sigrestore_t;
 
 #define SIG_DFL	((__sighandler_t)0)	/* default signal handling */
 #define SIG_IGN	((__sighandler_t)1)	/* ignore signal */
@@ -145,7 +149,7 @@ typedef void (*__sighandler_t)(int);
 struct sigaction {
 	__sighandler_t sa_handler;
 	unsigned long sa_flags;
-	void (*sa_restorer)(void);
+	__sigrestore_t sa_restorer;
 	sigset_t sa_mask;		/* mask last for extensibility */
 };
 
@@ -154,7 +158,7 @@ struct k_sigaction {
 };
 
 typedef struct sigaltstack {
-	void *ss_sp;
+	void __user *ss_sp;
 	int ss_flags;
 	size_t ss_size;
 } stack_t;

include/asm-x86_64/vsyscall32.h

@@ -13,8 +13,8 @@
 
 #define VSYSCALL32_VSYSCALL ((void *)VSYSCALL32_BASE + 0x400) 
 #define VSYSCALL32_SYSEXIT ((void *)VSYSCALL32_BASE + 0x410)
-#define VSYSCALL32_SIGRETURN ((void *)VSYSCALL32_BASE + 0x500) 
-#define VSYSCALL32_RTSIGRETURN ((void *)VSYSCALL32_BASE + 0x600) 
+#define VSYSCALL32_SIGRETURN ((void __user *)VSYSCALL32_BASE + 0x500) 
+#define VSYSCALL32_RTSIGRETURN ((void __user *)VSYSCALL32_BASE + 0x600) 
 #endif
 
 #endif

kernel/exit.c

@@ -296,7 +296,7 @@ int allow_signal(int sig)
 		   Let the signal code know it'll be handled, so
 		   that they don't get converted to SIGKILL or
 		   just silently dropped */
-		current->sighand->action[(sig)-1].sa.sa_handler = (void *)2;
+		current->sighand->action[(sig)-1].sa.sa_handler = (void __user *)2;
 	}
 	recalc_sigpending();
 	spin_unlock_irq(&current->sighand->siglock);