diff --git a/fs/namespace.c b/fs/namespace.c
index 6e76f2a72cfca0a691f125e2ffafaa569a585fd4..3a5b06f292b8b2d27a2aeb86be5df7797af728d9 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -200,6 +200,8 @@ static struct mount *alloc_vfsmnt(const char *name)
 		mnt->mnt_writers = 0;
 #endif
 
+		mnt->mnt.mnt_flags = 0;
+
 		INIT_HLIST_NODE(&mnt->mnt_hash);
 		INIT_LIST_HEAD(&mnt->mnt_child);
 		INIT_LIST_HEAD(&mnt->mnt_mounts);
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 1e7fe311cabe3ba7cbbac5c3dff9934639ae8808..11fa996383f36c659a700767a61aa63676ceabb2 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -22,7 +22,7 @@
 extern int file_caps_enabled;
 
 typedef struct kernel_cap_struct {
-	__u32 cap[_KERNEL_CAPABILITY_U32S];
+	__attribute__((pac_protected_data)) __u32 cap[_KERNEL_CAPABILITY_U32S];
 } kernel_cap_t;
 
 /* same as vfs_ns_cap_data but in cpu endian and always filled completely */
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 18639c069263fbe79dfd5a36163c656dca5da220..2e5d5ccd18e4c2db78c6b61e638f55a991c51056 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -125,14 +125,14 @@ struct cred {
 	kgid_t		egid;		/* effective GID of the task */
 	kuid_t		fsuid;		/* UID for VFS ops */
 	kgid_t		fsgid;		/* GID for VFS ops */
-	unsigned	securebits;	/* SUID-less security management */
+	__attribute__((pac_protected_data)) unsigned	securebits;	/* SUID-less security management */
 	kernel_cap_t	cap_inheritable; /* caps our children can inherit */
 	kernel_cap_t	cap_permitted;	/* caps we're permitted */
 	kernel_cap_t	cap_effective;	/* caps we can actually use */
 	kernel_cap_t	cap_bset;	/* capability bounding set */
 	kernel_cap_t	cap_ambient;	/* Ambient capability set */
 #ifdef CONFIG_KEYS
-	unsigned char	jit_keyring;	/* default keyring to attach requested
+	__attribute__((pac_protected_data)) unsigned char	jit_keyring;	/* default keyring to attach requested
 					 * keys to */
 	struct key	*session_keyring; /* keyring inherited over fork */
 	struct key	*process_keyring; /* keyring private to this process */
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 3e548c0d3e07c914f6870f692ad75273283ea756..c3036f5a9d12d55dfb39593643621ee0b615ea4d 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -696,7 +696,7 @@ struct inode {
 	struct address_space	i_data;
 	struct list_head	i_devices;
 	union {
-		struct pipe_inode_info	*i_pipe;
+		__attribute__((pac_protected_ptr)) struct pipe_inode_info	*i_pipe;
 		struct block_device	*i_bdev;
 		struct cdev		*i_cdev;
 		char			*i_link;
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h
index d86bc1d2dcc3c7e03076158e5eed317431c835ec..3eba8703e33084dd4687ebc70f5d659e7a43f2f8 100644
--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -424,7 +424,7 @@ struct mm_struct {
 #endif
 		unsigned long task_size;	/* size of task vm space */
 		unsigned long highest_vm_end;	/* highest vma end address */
-		pgd_t * pgd;
+		__attribute__((pac_protected_ptr)) pgd_t * pgd;
 #ifdef CONFIG_MEM_PURGEABLE
 		void *uxpgd;
 		spinlock_t uxpgd_lock;
@@ -511,7 +511,7 @@ struct mm_struct {
 		unsigned long data_vm;	   /* VM_WRITE & ~VM_SHARED & ~VM_STACK */
 		unsigned long exec_vm;	   /* VM_EXEC & ~VM_WRITE & ~VM_STACK */
 		unsigned long stack_vm;	   /* VM_STACK */
-		unsigned long def_flags;
+		__attribute__((pac_protected_data)) unsigned long def_flags;
 
 		/**
 		 * @write_protect_seq: Locked when any thread is write
diff --git a/include/linux/mount.h b/include/linux/mount.h
index aaf343b38671ce99f356e814cdb495fdd6551e18..811f727bc0febacd67bd52b7e7408c7ee011de1a 100644
--- a/include/linux/mount.h
+++ b/include/linux/mount.h
@@ -71,7 +71,7 @@ struct fs_context;
 struct vfsmount {
 	struct dentry *mnt_root;	/* root of the mounted tree */
 	struct super_block *mnt_sb;	/* pointer to superblock */
-	int mnt_flags;
+	__attribute__((pac_protected_data)) int mnt_flags;
 } __randomize_layout;
 
 struct file; /* forward dec */
diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h
index 120ef9f71914ccf2c21773a2ec4b4bad3a6ef94a..5917bf142110d68d52ee03a2e725b714d5eb0424 100644
--- a/include/linux/uidgid.h
+++ b/include/linux/uidgid.h
@@ -19,12 +19,12 @@ struct user_namespace;
 extern struct user_namespace init_user_ns;
 
 typedef struct {
-	uid_t val;
+	__attribute__((pac_protected_data)) uid_t val;
 } kuid_t;
 
 
 typedef struct {
-	gid_t val;
+	__attribute__((pac_protected_data)) gid_t val;
 } kgid_t;
 
 #define KUIDT_INIT(value) (kuid_t){ value }