14 files changed, 391 insertions, 112 deletions
diff --git a/kernel/compat.c b/kernel/compat.c
index 1867290c37e3..8c9cd88b6785 100644
--- a/kernel/compat.c
+++ b/kernel/compat.c
@@ -23,7 +23,6 @@
 #include <linux/security.h>
 #include <asm/uaccess.h>
-#include <asm/bug.h>
 int get_compat_timespec(struct timespec *ts, const struct compat_timespec __user *cts)
 {
diff --git a/kernel/cpuset.c b/kernel/cpuset.c
index fe2f71f92ae0..ba42b0a76961 100644
--- a/kernel/cpuset.c
+++ b/kernel/cpuset.c
@@ -641,7 +641,7 @@ static void guarantee_online_mems(const struct cpuset *cs, nodemask_t *pmask)
 * task has been modifying its cpuset.
 */
-void cpuset_update_task_memory_state()
+void cpuset_update_task_memory_state(void)
 {
        int my_cpusets_mem_gen;
        struct task_struct *tsk = current;
diff --git a/kernel/fork.c b/kernel/fork.c
index 7f0ab5ee948c..8e88b374cee9 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -446,6 +446,55 @@ void mm_release(struct task_struct *tsk, struct mm_struct *mm)
        }
 }
+/*
+ * Allocate a new mm structure and copy contents from the
+ * mm structure of the passed in task structure.
+ */
+static struct mm_struct *dup_mm(struct task_struct *tsk)
+{
+        struct mm_struct *mm, *oldmm = current->mm;
+        int err;
+        if (!oldmm)
+                return NULL;
+        mm = allocate_mm();
+        if (!mm)
+                goto fail_nomem;
+        memcpy(mm, oldmm, sizeof(*mm));
+        if (!mm_init(mm))
+                goto fail_nomem;
+        if (init_new_context(tsk, mm))
+                goto fail_nocontext;
+        err = dup_mmap(mm, oldmm);
+        if (err)
+                goto free_pt;
+        mm->hiwater_rss = get_mm_rss(mm);
+        mm->hiwater_vm = mm->total_vm;
+        return mm;
+free_pt:
+        mmput(mm);
+fail_nomem:
+        return NULL;
+fail_nocontext:
+        /*
+         * If init_new_context() failed, we cannot use mmput() to free the mm
+         * because it calls destroy_context()
+         */
+        mm_free_pgd(mm);
+        free_mm(mm);
+        return NULL;
+}
 static int copy_mm(unsigned long clone_flags, struct task_struct * tsk)
 {
        struct mm_struct * mm, *oldmm;
@@ -473,43 +522,17 @@ static int copy_mm(unsigned long clone_flags, struct task_struct * tsk)
        }
        retval = -ENOMEM;
-        mm = allocate_mm();
+        mm = dup_mm(tsk);
        if (!mm)
                goto fail_nomem;
-        /* Copy the current MM stuff.. */
-        memcpy(mm, oldmm, sizeof(*mm));
-        if (!mm_init(mm))
-                goto fail_nomem;
-        if (init_new_context(tsk,mm))
-                goto fail_nocontext;
-        retval = dup_mmap(mm, oldmm);
-        if (retval)
-                goto free_pt;
-        mm->hiwater_rss = get_mm_rss(mm);
-        mm->hiwater_vm = mm->total_vm;
 good_mm:
        tsk->mm = mm;
        tsk->active_mm = mm;
        return 0;
-free_pt:
-        mmput(mm);
 fail_nomem:
        return retval;
-fail_nocontext:
-        /*
-         * If init_new_context() failed, we cannot use mmput() to free the mm
-         * because it calls destroy_context()
-         */
-        mm_free_pgd(mm);
-        free_mm(mm);
-        return retval;
 }
 static inline struct fs_struct *__copy_fs_struct(struct fs_struct *old)
@@ -597,32 +620,17 @@ out:
        return newf;
 }
-static int copy_files(unsigned long clone_flags, struct task_struct * tsk)
+/*
+ * Allocate a new files structure and copy contents from the
+ * passed in files structure.
+ */
+static struct files_struct *dup_fd(struct files_struct *oldf, int *errorp)
 {
-        struct files_struct *oldf, *newf;
+        struct files_struct *newf;
        struct file **old_fds, **new_fds;
-        int open_files, size, i, error = 0, expand;
+        int open_files, size, i, expand;
        struct fdtable *old_fdt, *new_fdt;
-        /*
-         * A background process may not have any files ...
-         */
-        oldf = current->files;
-        if (!oldf)
-                goto out;
-        if (clone_flags & CLONE_FILES) {
-                atomic_inc(&oldf->count);
-                goto out;
-        }
-        /*
-         * Note: we may be using current for both targets (See exec.c)
-         * This works because we cache current->files (old) as oldf. Don't
-         * break this.
-         */
-        tsk->files = NULL;
-        error = -ENOMEM;
        newf = alloc_files();
        if (!newf)
                goto out;
@@ -651,9 +659,9 @@ static int copy_files(unsigned long clone_flags, struct task_struct * tsk)
        if (expand) {
                spin_unlock(&oldf->file_lock);
                spin_lock(&newf->file_lock);
-                error = expand_files(newf, open_files-1);
+                *errorp = expand_files(newf, open_files-1);
                spin_unlock(&newf->file_lock);
-                if (error < 0)
+                if (*errorp < 0)
                        goto out_release;
                new_fdt = files_fdtable(newf);
                /*
@@ -702,10 +710,8 @@ static int copy_files(unsigned long clone_flags, struct task_struct * tsk)
                memset(&new_fdt->close_on_exec->fds_bits[start], 0, left);
        }
-        tsk->files = newf;
-        error = 0;
 out:
-        return error;
+        return newf;
 out_release:
        free_fdset (new_fdt->close_on_exec, new_fdt->max_fdset);
@@ -715,6 +721,40 @@ out_release:
        goto out;
 }
+static int copy_files(unsigned long clone_flags, struct task_struct * tsk)
+{
+        struct files_struct *oldf, *newf;
+        int error = 0;
+        /*
+         * A background process may not have any files ...
+         */
+        oldf = current->files;
+        if (!oldf)
+                goto out;
+        if (clone_flags & CLONE_FILES) {
+                atomic_inc(&oldf->count);
+                goto out;
+        }
+        /*
+         * Note: we may be using current for both targets (See exec.c)
+         * This works because we cache current->files (old) as oldf. Don't
+         * break this.
+         */
+        tsk->files = NULL;
+        error = -ENOMEM;
+        newf = dup_fd(oldf, &error);
+        if (!newf)
+                goto out;
+        tsk->files = newf;
+        error = 0;
+out:
+        return error;
+}
 /*
 *      Helper to unshare the files of the current task.
 *      We don't want to expose copy_files internals to
@@ -1323,3 +1363,249 @@ void __init proc_caches_init(void)
                        sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
                        SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL);
 }
+/*
+ * Check constraints on flags passed to the unshare system call and
+ * force unsharing of additional process context as appropriate.
+ */
+static inline void check_unshare_flags(unsigned long *flags_ptr)
+{
+        /*
+         * If unsharing a thread from a thread group, must also
+         * unshare vm.
+         */
+        if (*flags_ptr & CLONE_THREAD)
+                *flags_ptr |= CLONE_VM;
+        /*
+         * If unsharing vm, must also unshare signal handlers.
+         */
+        if (*flags_ptr & CLONE_VM)
+                *flags_ptr |= CLONE_SIGHAND;
+        /*
+         * If unsharing signal handlers and the task was created
+         * using CLONE_THREAD, then must unshare the thread
+         */
+        if ((*flags_ptr & CLONE_SIGHAND) &&
+            (atomic_read(&current->signal->count) > 1))
+                *flags_ptr |= CLONE_THREAD;
+        /*
+         * If unsharing namespace, must also unshare filesystem information.
+         */
+        if (*flags_ptr & CLONE_NEWNS)
+                *flags_ptr |= CLONE_FS;
+}
+/*
+ * Unsharing of tasks created with CLONE_THREAD is not supported yet
+ */
+static int unshare_thread(unsigned long unshare_flags)
+{
+        if (unshare_flags & CLONE_THREAD)
+                return -EINVAL;
+        return 0;
+}
+/*
+ * Unshare the filesystem structure if it is being shared
+ */
+static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
+{
+        struct fs_struct *fs = current->fs;
+        if ((unshare_flags & CLONE_FS) &&
+            (fs && atomic_read(&fs->count) > 1)) {
+                *new_fsp = __copy_fs_struct(current->fs);
+                if (!*new_fsp)
+                        return -ENOMEM;
+        }
+        return 0;
+}
+/*
+ * Unshare the namespace structure if it is being shared
+ */
+static int unshare_namespace(unsigned long unshare_flags, struct namespace **new_nsp, struct fs_struct *new_fs)
+{
+        struct namespace *ns = current->namespace;
+        if ((unshare_flags & CLONE_NEWNS) &&
+            (ns && atomic_read(&ns->count) > 1)) {
+                if (!capable(CAP_SYS_ADMIN))
+                        return -EPERM;
+                *new_nsp = dup_namespace(current, new_fs ? new_fs : current->fs);
+                if (!*new_nsp)
+                        return -ENOMEM;
+        }
+        return 0;
+}
+/*
+ * Unsharing of sighand for tasks created with CLONE_SIGHAND is not
+ * supported yet
+ */
+static int unshare_sighand(unsigned long unshare_flags, struct sighand_struct **new_sighp)
+{
+        struct sighand_struct *sigh = current->sighand;
+        if ((unshare_flags & CLONE_SIGHAND) &&
+            (sigh && atomic_read(&sigh->count) > 1))
+                return -EINVAL;
+        else
+                return 0;
+}
+/*
+ * Unshare vm if it is being shared
+ */
+static int unshare_vm(unsigned long unshare_flags, struct mm_struct **new_mmp)
+{
+        struct mm_struct *mm = current->mm;
+        if ((unshare_flags & CLONE_VM) &&
+            (mm && atomic_read(&mm->mm_users) > 1)) {
+                *new_mmp = dup_mm(current);
+                if (!*new_mmp)
+                        return -ENOMEM;
+        }
+        return 0;
+}
+/*
+ * Unshare file descriptor table if it is being shared
+ */
+static int unshare_fd(unsigned long unshare_flags, struct files_struct **new_fdp)
+{
+        struct files_struct *fd = current->files;
+        int error = 0;
+        if ((unshare_flags & CLONE_FILES) &&
+            (fd && atomic_read(&fd->count) > 1)) {
+                *new_fdp = dup_fd(fd, &error);
+                if (!*new_fdp)
+                        return error;
+        }
+        return 0;
+}
+/*
+ * Unsharing of semundo for tasks created with CLONE_SYSVSEM is not
+ * supported yet
+ */
+static int unshare_semundo(unsigned long unshare_flags, struct sem_undo_list **new_ulistp)
+{
+        if (unshare_flags & CLONE_SYSVSEM)
+                return -EINVAL;
+        return 0;
+}
+/*
+ * unshare allows a process to 'unshare' part of the process
+ * context which was originally shared using clone.  copy_*
+ * functions used by do_fork() cannot be used here directly
+ * because they modify an inactive task_struct that is being
+ * constructed. Here we are modifying the current, active,
+ * task_struct.
+ */
+asmlinkage long sys_unshare(unsigned long unshare_flags)
+{
+        int err = 0;
+        struct fs_struct *fs, *new_fs = NULL;
+        struct namespace *ns, *new_ns = NULL;
+        struct sighand_struct *sigh, *new_sigh = NULL;
+        struct mm_struct *mm, *new_mm = NULL, *active_mm = NULL;
+        struct files_struct *fd, *new_fd = NULL;
+        struct sem_undo_list *new_ulist = NULL;
+        check_unshare_flags(&unshare_flags);
+        if ((err = unshare_thread(unshare_flags)))
+                goto bad_unshare_out;
+        if ((err = unshare_fs(unshare_flags, &new_fs)))
+                goto bad_unshare_cleanup_thread;
+        if ((err = unshare_namespace(unshare_flags, &new_ns, new_fs)))
+                goto bad_unshare_cleanup_fs;
+        if ((err = unshare_sighand(unshare_flags, &new_sigh)))
+                goto bad_unshare_cleanup_ns;
+        if ((err = unshare_vm(unshare_flags, &new_mm)))
+                goto bad_unshare_cleanup_sigh;
+        if ((err = unshare_fd(unshare_flags, &new_fd)))
+                goto bad_unshare_cleanup_vm;
+        if ((err = unshare_semundo(unshare_flags, &new_ulist)))
+                goto bad_unshare_cleanup_fd;
+        if (new_fs || new_ns || new_sigh || new_mm || new_fd || new_ulist) {
+                task_lock(current);
+                if (new_fs) {
+                        fs = current->fs;
+                        current->fs = new_fs;
+                        new_fs = fs;
+                }
+                if (new_ns) {
+                        ns = current->namespace;
+                        current->namespace = new_ns;
+                        new_ns = ns;
+                }
+                if (new_sigh) {
+                        sigh = current->sighand;
+                        current->sighand = new_sigh;
+                        new_sigh = sigh;
+                }
+                if (new_mm) {
+                        mm = current->mm;
+                        active_mm = current->active_mm;
+                        current->mm = new_mm;
+                        current->active_mm = new_mm;
+                        activate_mm(active_mm, new_mm);
+                        new_mm = mm;
+                }
+                if (new_fd) {
+                        fd = current->files;
+                        current->files = new_fd;
+                        new_fd = fd;
+                }
+                task_unlock(current);
+        }
+bad_unshare_cleanup_fd:
+        if (new_fd)
+                put_files_struct(new_fd);
+bad_unshare_cleanup_vm:
+        if (new_mm)
+                mmput(new_mm);
+bad_unshare_cleanup_sigh:
+        if (new_sigh)
+                if (atomic_dec_and_test(&new_sigh->count))
+                        kmem_cache_free(sighand_cachep, new_sigh);
+bad_unshare_cleanup_ns:
+        if (new_ns)
+                put_namespace(new_ns);
+bad_unshare_cleanup_fs:
+        if (new_fs)
+                put_fs_struct(new_fs);
+bad_unshare_cleanup_thread:
+bad_unshare_out:
+        return err;
+}
diff --git a/kernel/intermodule.c b/kernel/intermodule.c
index 0cbe633420fb..55b1e5b85db9 100644
--- a/kernel/intermodule.c
+++ b/kernel/intermodule.c
@@ -179,3 +179,6 @@ EXPORT_SYMBOL(inter_module_register);
 EXPORT_SYMBOL(inter_module_unregister);
 EXPORT_SYMBOL(inter_module_get_request);
 EXPORT_SYMBOL(inter_module_put);
+MODULE_LICENSE("GPL");
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index 3ea6325228da..fef1af8a73ce 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -344,23 +344,6 @@ void __kprobes kprobe_flush_task(struct task_struct *tk)
        spin_unlock_irqrestore(&kretprobe_lock, flags);
 }
-/*
- * This kprobe pre_handler is registered with every kretprobe. When probe
- * hits it will set up the return probe.
- */
-static int __kprobes pre_handler_kretprobe(struct kprobe *p,
-                                           struct pt_regs *regs)
-{
-        struct kretprobe *rp = container_of(p, struct kretprobe, kp);
-        unsigned long flags = 0;
-        /*TODO: consider to only swap the RA after the last pre_handler fired */
-        spin_lock_irqsave(&kretprobe_lock, flags);
-        arch_prepare_kretprobe(rp, regs);
-        spin_unlock_irqrestore(&kretprobe_lock, flags);
-        return 0;
-}
 static inline void free_rp_inst(struct kretprobe *rp)
 {
        struct kretprobe_instance *ri;
@@ -578,6 +561,23 @@ void __kprobes unregister_jprobe(struct jprobe *jp)
 #ifdef ARCH_SUPPORTS_KRETPROBES
+/*
+ * This kprobe pre_handler is registered with every kretprobe. When probe
+ * hits it will set up the return probe.
+ */
+static int __kprobes pre_handler_kretprobe(struct kprobe *p,
+                                           struct pt_regs *regs)
+{
+        struct kretprobe *rp = container_of(p, struct kretprobe, kp);
+        unsigned long flags = 0;
+        /*TODO: consider to only swap the RA after the last pre_handler fired */
+        spin_lock_irqsave(&kretprobe_lock, flags);
+        arch_prepare_kretprobe(rp, regs);
+        spin_unlock_irqrestore(&kretprobe_lock, flags);
+        return 0;
+}
 int __kprobes register_kretprobe(struct kretprobe *rp)
 {
        int ret = 0;
@@ -631,12 +631,12 @@ void __kprobes unregister_kretprobe(struct kretprobe *rp)
        unregister_kprobe(&rp->kp);
        /* No race here */
        spin_lock_irqsave(&kretprobe_lock, flags);
-        free_rp_inst(rp);
        while ((ri = get_used_rp_inst(rp)) != NULL) {
                ri->rp = NULL;
                hlist_del(&ri->uflist);
        }
        spin_unlock_irqrestore(&kretprobe_lock, flags);
+        free_rp_inst(rp);
 }
 static int __init init_kprobes(void)
diff --git a/kernel/module.c b/kernel/module.c
index 618ed6e23ecc..5aad477ddc79 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1670,6 +1670,9 @@ static struct module *load_module(void __user *umod,
                goto free_mod;
        }
+        /* Userspace could have altered the string after the strlen_user() */
+        args[arglen - 1] = '\0';
        if (find_module(mod->name)) {
                err = -EEXIST;
                goto free_mod;
@@ -2092,7 +2095,8 @@ static unsigned long mod_find_symname(struct module *mod, const char *name)
        unsigned int i;
        for (i = 0; i < mod->num_symtab; i++)
-                if (strcmp(name, mod->strtab+mod->symtab[i].st_name) == 0)
+                if (strcmp(name, mod->strtab+mod->symtab[i].st_name) == 0 &&
+                    mod->symtab[i].st_info != 'U')
                        return mod->symtab[i].st_value;
        return 0;
 }
diff --git a/kernel/power/console.c b/kernel/power/console.c
index 579d239d129f..623786d44159 100644
--- a/kernel/power/console.c
+++ b/kernel/power/console.c
@@ -9,7 +9,9 @@
 #include <linux/console.h>
 #include "power.h"
-#ifdef SUSPEND_CONSOLE
+#if defined(CONFIG_VT) && defined(CONFIG_VT_CONSOLE)
+#define SUSPEND_CONSOLE (MAX_NR_CONSOLES-1)
 static int orig_fgconsole, orig_kmsg;
 int pm_prepare_console(void)
diff --git a/kernel/power/power.h b/kernel/power/power.h
index d8f0d1a76bae..388dba680841 100644
--- a/kernel/power/power.h
+++ b/kernel/power/power.h
@@ -1,14 +1,6 @@
 #include <linux/suspend.h>
 #include <linux/utsname.h>
-/* With SUSPEND_CONSOLE defined suspend looks *really* cool, but
-   we probably do not take enough locks for switching consoles, etc,
-   so bad things might happen.
-*/
-#if defined(CONFIG_VT) && defined(CONFIG_VT_CONSOLE)
-#define SUSPEND_CONSOLE (MAX_NR_CONSOLES-1)
-#endif
 struct swsusp_info {
        struct new_utsname      uts;
        u32                     version_code;
@@ -42,14 +34,6 @@ static struct subsys_attribute _name##_attr = {	\
 extern struct subsystem power_subsys;
-#ifdef SUSPEND_CONSOLE
-extern int pm_prepare_console(void);
-extern void pm_restore_console(void);
-#else
-static int pm_prepare_console(void) { return 0; }
-static void pm_restore_console(void) {}
-#endif
 /* References to section boundaries */
 extern const void __nosave_begin, __nosave_end;
diff --git a/kernel/power/swsusp.c b/kernel/power/swsusp.c
index 59c91c148e82..4e90905f0e87 100644
--- a/kernel/power/swsusp.c
+++ b/kernel/power/swsusp.c
@@ -743,7 +743,6 @@ static int submit(int rw, pgoff_t page_off, void *page)
        if (!bio)
                return -ENOMEM;
        bio->bi_sector = page_off * (PAGE_SIZE >> 9);
-        bio_get(bio);
        bio->bi_bdev = resume_bdev;
        bio->bi_end_io = end_io;
@@ -753,14 +752,13 @@ static int submit(int rw, pgoff_t page_off, void *page)
                goto Done;
        }
-        if (rw == WRITE)
-                bio_set_pages_dirty(bio);
        atomic_set(&io_done, 1);
        submit_bio(rw | (1 << BIO_RW_SYNC), bio);
        while (atomic_read(&io_done))
                yield();
+        if (rw == READ)
+                bio_set_pages_dirty(bio);
 Done:
        bio_put(bio);
        return error;
diff --git a/kernel/sched.c b/kernel/sched.c
index f77f23f8f479..bc38804e40dd 100644
--- a/kernel/sched.c
+++ b/kernel/sched.c
@@ -5551,13 +5551,15 @@ static void calibrate_migration_costs(const cpumask_t *cpu_map)
                        -1
 #endif
                );
-        printk("migration_cost=");
+        if (system_state == SYSTEM_BOOTING) {
-        for (distance = 0; distance <= max_distance; distance++) {
+                printk("migration_cost=");
-                if (distance)
+                for (distance = 0; distance <= max_distance; distance++) {
-                        printk(",");
+                        if (distance)
-                printk("%ld", (long)migration_cost[distance] / 1000);
+                                printk(",");
+                        printk("%ld", (long)migration_cost[distance] / 1000);
+                }
+                printk("\n");
        }
-        printk("\n");
        j1 = jiffies;
        if (migration_debug)
                printk("migration: %ld seconds\n", (j1-j0)/HZ);
@@ -6109,7 +6111,7 @@ void __init sched_init(void)
        runqueue_t *rq;
        int i, j, k;
-        for (i = 0; i < NR_CPUS; i++) {
+        for_each_cpu(i) {
                prio_array_t *array;
                rq = cpu_rq(i);
diff --git a/kernel/signal.c b/kernel/signal.c
index d3efafd8109a..b373fc2420da 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -283,7 +283,7 @@ static struct sigqueue *__sigqueue_alloc(struct task_struct *t, gfp_t flags,
        return(q);
 }
-static inline void __sigqueue_free(struct sigqueue *q)
+static void __sigqueue_free(struct sigqueue *q)
 {
        if (q->flags & SIGQUEUE_PREALLOC)
                return;
diff --git a/kernel/sys.c b/kernel/sys.c
index 0929c698affc..f91218a5463e 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -428,7 +428,7 @@ void kernel_kexec(void)
 {
 #ifdef CONFIG_KEXEC
        struct kimage *image;
-        image = xchg(&kexec_image, 0);
+        image = xchg(&kexec_image, NULL);
        if (!image) {
                return;
        }
diff --git a/kernel/time.c b/kernel/time.c
index 1f23e683d6aa..804539165d8b 100644
--- a/kernel/time.c
+++ b/kernel/time.c
@@ -637,15 +637,16 @@ void set_normalized_timespec(struct timespec *ts, time_t sec, long nsec)
 *
 * Returns the timespec representation of the nsec parameter.
 */
-inline struct timespec ns_to_timespec(const nsec_t nsec)
+struct timespec ns_to_timespec(const nsec_t nsec)
 {
        struct timespec ts;
-        if (nsec)
+        if (!nsec)
-                ts.tv_sec = div_long_long_rem_signed(nsec, NSEC_PER_SEC,
+                return (struct timespec) {0, 0};
-                                                     &ts.tv_nsec);
-        else
+        ts.tv_sec = div_long_long_rem_signed(nsec, NSEC_PER_SEC, &ts.tv_nsec);
-                ts.tv_sec = ts.tv_nsec = 0;
+        if (unlikely(nsec < 0))
+                set_normalized_timespec(&ts, ts.tv_sec, ts.tv_nsec);
        return ts;
 }
diff --git a/kernel/timer.c b/kernel/timer.c
index 4f1cb0ab5251..b9dad3994676 100644
--- a/kernel/timer.c
+++ b/kernel/timer.c
@@ -495,7 +495,7 @@ unsigned long next_timer_interrupt(void)
        base = &__get_cpu_var(tvec_bases);
        spin_lock(&base->t_base.lock);
        expires = base->timer_jiffies + (LONG_MAX >> 1);
-        list = 0;
+        list = NULL;
        /* Look for timer events in tv1. */
        j = base->timer_jiffies & TVR_MASK;