1 diff -Naur backports-3.18.1-1.org/drivers/bluetooth/btwilink.c backports-3.18.1-1/drivers/bluetooth/btwilink.c
2 --- backports-3.18.1-1.org/drivers/bluetooth/btwilink.c 2014-12-21 22:37:15.000000000 +0100
3 +++ backports-3.18.1-1/drivers/bluetooth/btwilink.c 2014-12-28 14:10:09.480888533 +0100
6 static int bt_ti_probe(struct platform_device *pdev)
8 - static struct ti_st *hst;
13 diff -Naur backports-3.18.1-1.org/drivers/media/dvb-core/dvbdev.c backports-3.18.1-1/drivers/media/dvb-core/dvbdev.c
14 --- backports-3.18.1-1.org/drivers/media/dvb-core/dvbdev.c 2014-12-21 22:37:14.000000000 +0100
15 +++ backports-3.18.1-1/drivers/media/dvb-core/dvbdev.c 2014-12-28 14:10:09.528888772 +0100
17 const struct dvb_device *template, void *priv, int type)
19 struct dvb_device *dvbdev;
20 - struct file_operations *dvbdevfops;
21 + file_operations_no_const *dvbdevfops;
22 struct device *clsdev;
25 diff -Naur backports-3.18.1-1.org/drivers/media/dvb-frontends/af9033.h backports-3.18.1-1/drivers/media/dvb-frontends/af9033.h
26 --- backports-3.18.1-1.org/drivers/media/dvb-frontends/af9033.h 2014-12-21 22:37:14.000000000 +0100
27 +++ backports-3.18.1-1/drivers/media/dvb-frontends/af9033.h 2014-12-28 14:10:09.528888772 +0100
29 int (*pid_filter_ctrl)(struct dvb_frontend *fe, int onoff);
30 int (*pid_filter)(struct dvb_frontend *fe, int index, u16 pid,
36 diff -Naur backports-3.18.1-1.org/drivers/media/dvb-frontends/dib3000.h backports-3.18.1-1/drivers/media/dvb-frontends/dib3000.h
37 --- backports-3.18.1-1.org/drivers/media/dvb-frontends/dib3000.h 2014-12-21 22:37:14.000000000 +0100
38 +++ backports-3.18.1-1/drivers/media/dvb-frontends/dib3000.h 2014-12-28 14:10:09.528888772 +0100
40 int (*fifo_ctrl)(struct dvb_frontend *fe, int onoff);
41 int (*pid_ctrl)(struct dvb_frontend *fe, int index, int pid, int onoff);
42 int (*tuner_pass_ctrl)(struct dvb_frontend *fe, int onoff, u8 pll_ctrl);
46 #if IS_ENABLED(CPTCFG_DVB_DIB3000MB)
47 extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config,
48 diff -Naur backports-3.18.1-1.org/drivers/media/dvb-frontends/dib7000p.h backports-3.18.1-1/drivers/media/dvb-frontends/dib7000p.h
49 --- backports-3.18.1-1.org/drivers/media/dvb-frontends/dib7000p.h 2014-12-21 22:37:14.000000000 +0100
50 +++ backports-3.18.1-1/drivers/media/dvb-frontends/dib7000p.h 2014-12-28 14:10:09.528888772 +0100
52 int (*get_adc_power)(struct dvb_frontend *fe);
53 int (*slave_reset)(struct dvb_frontend *fe);
54 struct dvb_frontend *(*init)(struct i2c_adapter *i2c_adap, u8 i2c_addr, struct dib7000p_config *cfg);
58 #if IS_ENABLED(CPTCFG_DVB_DIB7000P)
59 void *dib7000p_attach(struct dib7000p_ops *ops);
60 diff -Naur backports-3.18.1-1.org/drivers/media/dvb-frontends/dib8000.h backports-3.18.1-1/drivers/media/dvb-frontends/dib8000.h
61 --- backports-3.18.1-1.org/drivers/media/dvb-frontends/dib8000.h 2014-12-21 22:37:14.000000000 +0100
62 +++ backports-3.18.1-1/drivers/media/dvb-frontends/dib8000.h 2014-12-28 14:10:09.528888772 +0100
64 int (*pid_filter_ctrl)(struct dvb_frontend *fe, u8 onoff);
65 int (*pid_filter)(struct dvb_frontend *fe, u8 id, u16 pid, u8 onoff);
66 struct dvb_frontend *(*init)(struct i2c_adapter *i2c_adap, u8 i2c_addr, struct dib8000_config *cfg);
70 #if IS_ENABLED(CPTCFG_DVB_DIB8000)
71 void *dib8000_attach(struct dib8000_ops *ops);
72 diff -Naur backports-3.18.1-1.org/drivers/media/pci/cx88/cx88-video.c backports-3.18.1-1/drivers/media/pci/cx88/cx88-video.c
73 --- backports-3.18.1-1.org/drivers/media/pci/cx88/cx88-video.c 2014-12-21 22:37:13.000000000 +0100
74 +++ backports-3.18.1-1/drivers/media/pci/cx88/cx88-video.c 2014-12-28 14:10:09.528888772 +0100
77 /* ------------------------------------------------------------------ */
79 -static unsigned int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
80 -static unsigned int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
81 -static unsigned int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
82 +static int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
83 +static int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
84 +static int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
86 module_param_array(video_nr, int, NULL, 0444);
87 module_param_array(vbi_nr, int, NULL, 0444);
88 diff -Naur backports-3.18.1-1.org/drivers/media/pci/ivtv/ivtv-driver.c backports-3.18.1-1/drivers/media/pci/ivtv/ivtv-driver.c
89 --- backports-3.18.1-1.org/drivers/media/pci/ivtv/ivtv-driver.c 2014-12-21 22:37:13.000000000 +0100
90 +++ backports-3.18.1-1/drivers/media/pci/ivtv/ivtv-driver.c 2014-12-28 14:10:09.528888772 +0100
92 MODULE_DEVICE_TABLE(pci,ivtv_pci_tbl);
94 /* ivtv instance counter */
95 -static atomic_t ivtv_instance = ATOMIC_INIT(0);
96 +static atomic_unchecked_t ivtv_instance = ATOMIC_INIT(0);
98 /* Parameter declarations */
99 static int cardtype[IVTV_MAX_CARDS];
100 diff -Naur backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-core.c backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-core.c
101 --- backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-core.c 2014-12-21 22:37:13.000000000 +0100
102 +++ backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-core.c 2014-12-28 14:10:09.528888772 +0100
105 static int solo_sysfs_init(struct solo_dev *solo_dev)
107 - struct bin_attribute *sdram_attr = &solo_dev->sdram_attr;
108 + bin_attribute_no_const *sdram_attr = &solo_dev->sdram_attr;
109 struct device *dev = &solo_dev->dev;
112 diff -Naur backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-g723.c backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-g723.c
113 --- backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-g723.c 2014-12-21 22:37:13.000000000 +0100
114 +++ backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-g723.c 2014-12-28 14:10:09.528888772 +0100
117 int solo_g723_init(struct solo_dev *solo_dev)
119 - static struct snd_device_ops ops = { NULL };
120 + static struct snd_device_ops ops = { };
121 struct snd_card *card;
122 struct snd_kcontrol_new kctl;
124 diff -Naur backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10.h backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10.h
125 --- backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10.h 2014-12-21 22:37:13.000000000 +0100
126 +++ backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10.h 2014-12-28 14:10:09.532888798 +0100
130 struct solo_p2m_dev p2m_dev[SOLO_NR_P2M];
131 - atomic_t p2m_count;
132 + atomic_unchecked_t p2m_count;
134 unsigned int p2m_timeouts;
136 diff -Naur backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-p2m.c backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-p2m.c
137 --- backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-p2m.c 2014-12-21 22:37:13.000000000 +0100
138 +++ backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-p2m.c 2014-12-28 14:10:09.532888798 +0100
141 /* Get next ID. According to Softlogic, 6110 has problems on !=0 P2M */
142 if (solo_dev->type != SOLO_DEV_6110 && multi_p2m) {
143 - p2m_id = atomic_inc_return(&solo_dev->p2m_count) % SOLO_NR_P2M;
144 + p2m_id = atomic_inc_return_unchecked(&solo_dev->p2m_count) % SOLO_NR_P2M;
148 diff -Naur backports-3.18.1-1.org/drivers/media/platform/omap/omap_vout.c backports-3.18.1-1/drivers/media/platform/omap/omap_vout.c
149 --- backports-3.18.1-1.org/drivers/media/platform/omap/omap_vout.c 2014-12-21 22:37:13.000000000 +0100
150 +++ backports-3.18.1-1/drivers/media/platform/omap/omap_vout.c 2014-12-28 14:10:09.532888798 +0100
155 -static struct videobuf_queue_ops video_vbq_ops;
156 /* Variables configurable through module params*/
157 static u32 video1_numbuffers = 3;
158 static u32 video2_numbuffers = 3;
159 @@ -1012,6 +1011,12 @@
161 struct videobuf_queue *q;
162 struct omap_vout_device *vout = NULL;
163 + static struct videobuf_queue_ops video_vbq_ops = {
164 + .buf_setup = omap_vout_buffer_setup,
165 + .buf_prepare = omap_vout_buffer_prepare,
166 + .buf_release = omap_vout_buffer_release,
167 + .buf_queue = omap_vout_buffer_queue,
170 vout = video_drvdata(file);
171 v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__);
172 @@ -1029,10 +1034,6 @@
173 vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT;
176 - video_vbq_ops.buf_setup = omap_vout_buffer_setup;
177 - video_vbq_ops.buf_prepare = omap_vout_buffer_prepare;
178 - video_vbq_ops.buf_release = omap_vout_buffer_release;
179 - video_vbq_ops.buf_queue = omap_vout_buffer_queue;
180 spin_lock_init(&vout->vbq_lock);
182 videobuf_queue_dma_contig_init(q, &video_vbq_ops, q->dev,
183 diff -Naur backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_grp_layer.c backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_grp_layer.c
184 --- backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_grp_layer.c 2014-12-21 22:37:13.000000000 +0100
185 +++ backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_grp_layer.c 2014-12-28 14:10:09.532888798 +0100
188 struct mxr_layer *layer;
190 - struct mxr_layer_ops ops = {
191 + static struct mxr_layer_ops ops = {
192 .release = mxr_graph_layer_release,
193 .buffer_set = mxr_graph_buffer_set,
194 .stream_set = mxr_graph_stream_set,
195 diff -Naur backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer.h backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer.h
196 --- backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer.h 2014-12-21 22:37:13.000000000 +0100
197 +++ backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer.h 2014-12-28 14:10:09.532888798 +0100
199 /** layer index (unique identifier) */
201 /** callbacks for layer methods */
202 - struct mxr_layer_ops ops;
203 + struct mxr_layer_ops *ops;
205 const struct mxr_format **fmt_array;
206 /** size of format array */
207 diff -Naur backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_reg.c backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_reg.c
208 --- backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_reg.c 2014-12-21 22:37:13.000000000 +0100
209 +++ backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_reg.c 2014-12-28 14:10:09.532888798 +0100
211 layer->update_buf = next;
214 - layer->ops.buffer_set(layer, layer->update_buf);
215 + layer->ops->buffer_set(layer, layer->update_buf);
217 if (done && done != layer->shadow_buf)
218 vb2_buffer_done(&done->vb, VB2_BUF_STATE_DONE);
219 diff -Naur backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_video.c backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_video.c
220 --- backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_video.c 2014-12-21 22:37:13.000000000 +0100
221 +++ backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_video.c 2014-12-28 14:10:09.532888798 +0100
223 layer->geo.src.height = layer->geo.src.full_height;
225 mxr_geometry_dump(mdev, &layer->geo);
226 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
227 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
228 mxr_geometry_dump(mdev, &layer->geo);
232 layer->geo.dst.full_width = mbus_fmt.width;
233 layer->geo.dst.full_height = mbus_fmt.height;
234 layer->geo.dst.field = mbus_fmt.field;
235 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
236 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
238 mxr_geometry_dump(mdev, &layer->geo);
241 /* set source size to highest accepted value */
242 geo->src.full_width = max(geo->dst.full_width, pix->width);
243 geo->src.full_height = max(geo->dst.full_height, pix->height);
244 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
245 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
246 mxr_geometry_dump(mdev, &layer->geo);
247 /* set cropping to total visible screen */
248 geo->src.width = pix->width;
249 @@ -342,12 +342,12 @@
250 geo->src.x_offset = 0;
251 geo->src.y_offset = 0;
252 /* assure consistency of geometry */
253 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_CROP, MXR_NO_OFFSET);
254 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_CROP, MXR_NO_OFFSET);
255 mxr_geometry_dump(mdev, &layer->geo);
256 /* set full size to lowest possible value */
257 geo->src.full_width = 0;
258 geo->src.full_height = 0;
259 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
260 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
261 mxr_geometry_dump(mdev, &layer->geo);
263 /* returning results */
265 target->width = s->r.width;
266 target->height = s->r.height;
268 - layer->ops.fix_geometry(layer, stage, s->flags);
269 + layer->ops->fix_geometry(layer, stage, s->flags);
271 /* retrieve update selection rectangle */
272 res.left = target->x_offset;
273 @@ -954,13 +954,13 @@
274 mxr_output_get(mdev);
276 mxr_layer_update_output(layer);
277 - layer->ops.format_set(layer);
278 + layer->ops->format_set(layer);
279 /* enabling layer in hardware */
280 spin_lock_irqsave(&layer->enq_slock, flags);
281 layer->state = MXR_LAYER_STREAMING;
282 spin_unlock_irqrestore(&layer->enq_slock, flags);
284 - layer->ops.stream_set(layer, MXR_ENABLE);
285 + layer->ops->stream_set(layer, MXR_ENABLE);
286 mxr_streamer_get(mdev);
289 @@ -1030,7 +1030,7 @@
290 spin_unlock_irqrestore(&layer->enq_slock, flags);
292 /* disabling layer in hardware */
293 - layer->ops.stream_set(layer, MXR_DISABLE);
294 + layer->ops->stream_set(layer, MXR_DISABLE);
295 /* remove one streamer */
296 mxr_streamer_put(mdev);
297 /* allow changes in output configuration */
298 @@ -1068,8 +1068,8 @@
300 void mxr_layer_release(struct mxr_layer *layer)
302 - if (layer->ops.release)
303 - layer->ops.release(layer);
304 + if (layer->ops->release)
305 + layer->ops->release(layer);
308 void mxr_base_layer_release(struct mxr_layer *layer)
309 @@ -1095,7 +1095,7 @@
316 spin_lock_init(&layer->enq_slock);
317 INIT_LIST_HEAD(&layer->enq_list);
318 diff -Naur backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_vp_layer.c backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_vp_layer.c
319 --- backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_vp_layer.c 2014-12-21 22:37:13.000000000 +0100
320 +++ backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_vp_layer.c 2014-12-28 14:10:09.532888798 +0100
323 struct mxr_layer *layer;
325 - struct mxr_layer_ops ops = {
326 + static struct mxr_layer_ops ops = {
327 .release = mxr_vp_layer_release,
328 .buffer_set = mxr_vp_buffer_set,
329 .stream_set = mxr_vp_stream_set,
330 diff -Naur backports-3.18.1-1.org/drivers/media/radio/radio-cadet.c backports-3.18.1-1/drivers/media/radio/radio-cadet.c
331 --- backports-3.18.1-1.org/drivers/media/radio/radio-cadet.c 2014-12-21 22:37:13.000000000 +0100
332 +++ backports-3.18.1-1/drivers/media/radio/radio-cadet.c 2014-12-28 14:10:09.532888798 +0100
334 unsigned char readbuf[RDS_BUFFER];
337 + if (count > RDS_BUFFER)
339 mutex_lock(&dev->lock);
340 if (dev->rdsstat == 0)
341 cadet_start_rds(dev);
343 readbuf[i++] = dev->rdsbuf[dev->rdsout++];
344 mutex_unlock(&dev->lock);
346 - if (i && copy_to_user(data, readbuf, i))
348 + if (i > sizeof(readbuf) || (i && copy_to_user(data, readbuf, i)))
354 diff -Naur backports-3.18.1-1.org/drivers/media/radio/radio-maxiradio.c backports-3.18.1-1/drivers/media/radio/radio-maxiradio.c
355 --- backports-3.18.1-1.org/drivers/media/radio/radio-maxiradio.c 2014-12-21 22:37:13.000000000 +0100
356 +++ backports-3.18.1-1/drivers/media/radio/radio-maxiradio.c 2014-12-28 14:10:09.532888798 +0100
358 /* TEA5757 pin mappings */
359 static const int clk = 1, data = 2, wren = 4, mo_st = 8, power = 16;
361 -static atomic_t maxiradio_instance = ATOMIC_INIT(0);
362 +static atomic_unchecked_t maxiradio_instance = ATOMIC_INIT(0);
364 #define PCI_VENDOR_ID_GUILLEMOT 0x5046
365 #define PCI_DEVICE_ID_GUILLEMOT_MAXIRADIO 0x1001
366 diff -Naur backports-3.18.1-1.org/drivers/media/radio/radio-shark2.c backports-3.18.1-1/drivers/media/radio/radio-shark2.c
367 --- backports-3.18.1-1.org/drivers/media/radio/radio-shark2.c 2014-12-21 22:37:13.000000000 +0100
368 +++ backports-3.18.1-1/drivers/media/radio/radio-shark2.c 2014-12-28 14:10:09.532888798 +0100
373 -static atomic_t shark_instance = ATOMIC_INIT(0);
374 +static atomic_unchecked_t shark_instance = ATOMIC_INIT(0);
376 static int shark_write_reg(struct radio_tea5777 *tea, u64 reg)
378 diff -Naur backports-3.18.1-1.org/drivers/media/radio/radio-shark.c backports-3.18.1-1/drivers/media/radio/radio-shark.c
379 --- backports-3.18.1-1.org/drivers/media/radio/radio-shark.c 2014-12-21 22:37:13.000000000 +0100
380 +++ backports-3.18.1-1/drivers/media/radio/radio-shark.c 2014-12-28 14:10:09.532888798 +0100
385 -static atomic_t shark_instance = ATOMIC_INIT(0);
386 +static atomic_unchecked_t shark_instance = ATOMIC_INIT(0);
388 static void shark_write_val(struct snd_tea575x *tea, u32 val)
390 diff -Naur backports-3.18.1-1.org/drivers/media/radio/radio-si476x.c backports-3.18.1-1/drivers/media/radio/radio-si476x.c
391 --- backports-3.18.1-1.org/drivers/media/radio/radio-si476x.c 2014-12-21 22:37:13.000000000 +0100
392 +++ backports-3.18.1-1/drivers/media/radio/radio-si476x.c 2014-12-28 14:10:09.532888798 +0100
393 @@ -1445,7 +1445,7 @@
394 struct si476x_radio *radio;
395 struct v4l2_ctrl *ctrl;
397 - static atomic_t instance = ATOMIC_INIT(0);
398 + static atomic_unchecked_t instance = ATOMIC_INIT(0);
400 radio = devm_kzalloc(&pdev->dev, sizeof(*radio), GFP_KERNEL);
402 diff -Naur backports-3.18.1-1.org/drivers/media/usb/dvb-usb/cinergyT2-core.c backports-3.18.1-1/drivers/media/usb/dvb-usb/cinergyT2-core.c
403 --- backports-3.18.1-1.org/drivers/media/usb/dvb-usb/cinergyT2-core.c 2014-12-21 22:37:14.000000000 +0100
404 +++ backports-3.18.1-1/drivers/media/usb/dvb-usb/cinergyT2-core.c 2014-12-28 14:10:09.532888798 +0100
407 static int cinergyt2_streaming_ctrl(struct dvb_usb_adapter *adap, int enable)
409 - char buf[] = { CINERGYT2_EP1_CONTROL_STREAM_TRANSFER, enable ? 1 : 0 };
411 - return dvb_usb_generic_rw(adap->dev, buf, sizeof(buf), result,
412 - sizeof(result), 0);
417 + buf = kmalloc(2, GFP_KERNEL);
420 + result = kmalloc(64, GFP_KERNEL);
421 + if (result == NULL) {
426 + buf[0] = CINERGYT2_EP1_CONTROL_STREAM_TRANSFER;
427 + buf[1] = enable ? 1 : 0;
429 + retval = dvb_usb_generic_rw(adap->dev, buf, 2, result, 64, 0);
436 static int cinergyt2_power_ctrl(struct dvb_usb_device *d, int enable)
438 - char buf[] = { CINERGYT2_EP1_SLEEP_MODE, enable ? 0 : 1 };
440 - return dvb_usb_generic_rw(d, buf, sizeof(buf), state, sizeof(state), 0);
445 + buf = kmalloc(2, GFP_KERNEL);
448 + state = kmalloc(3, GFP_KERNEL);
449 + if (state == NULL) {
454 + buf[0] = CINERGYT2_EP1_SLEEP_MODE;
455 + buf[1] = enable ? 1 : 0;
457 + retval = dvb_usb_generic_rw(d, buf, 2, state, 3, 0);
464 static int cinergyt2_frontend_attach(struct dvb_usb_adapter *adap)
466 - char query[] = { CINERGYT2_EP1_GET_FIRMWARE_VERSION };
471 + query = kmalloc(1, GFP_KERNEL);
474 + state = kmalloc(3, GFP_KERNEL);
475 + if (state == NULL) {
480 + query[0] = CINERGYT2_EP1_GET_FIRMWARE_VERSION;
482 adap->fe_adap[0].fe = cinergyt2_fe_attach(adap->dev);
484 - ret = dvb_usb_generic_rw(adap->dev, query, sizeof(query), state,
486 + ret = dvb_usb_generic_rw(adap->dev, query, 1, state, 3, 0);
488 deb_rc("cinergyt2_power_ctrl() Failed to retrieve sleep "
492 /* Copy this pointer as we are gonna need it in the release phase */
493 cinergyt2_usb_device = adap->dev;
500 @@ -141,12 +186,23 @@
501 static int cinergyt2_rc_query(struct dvb_usb_device *d, u32 *event, int *state)
503 struct cinergyt2_state *st = d->priv;
504 - u8 key[5] = {0, 0, 0, 0, 0}, cmd = CINERGYT2_EP1_GET_RC_EVENTS;
508 + cmd = kmalloc(1, GFP_KERNEL);
511 + key = kzalloc(5, GFP_KERNEL);
517 + cmd[0] = CINERGYT2_EP1_GET_RC_EVENTS;
519 *state = REMOTE_NO_KEY_PRESSED;
521 - dvb_usb_generic_rw(d, &cmd, 1, key, sizeof(key), 0);
522 + dvb_usb_generic_rw(d, cmd, 1, key, 5, 0);
523 if (key[4] == 0xff) {
526 @@ -157,12 +213,12 @@
527 *event = d->last_event;
528 deb_rc("repeat key, event %x\n",
534 deb_rc("repeated key (non repeatable)\n");
540 /* hack to pass checksum on the custom field */
543 deb_rc("key: %*ph\n", 5, key);
551 diff -Naur backports-3.18.1-1.org/drivers/media/usb/dvb-usb/cinergyT2-fe.c backports-3.18.1-1/drivers/media/usb/dvb-usb/cinergyT2-fe.c
552 --- backports-3.18.1-1.org/drivers/media/usb/dvb-usb/cinergyT2-fe.c 2014-12-21 22:37:14.000000000 +0100
553 +++ backports-3.18.1-1/drivers/media/usb/dvb-usb/cinergyT2-fe.c 2014-12-28 14:10:09.532888798 +0100
554 @@ -145,103 +145,176 @@
557 struct cinergyt2_fe_state *state = fe->demodulator_priv;
558 - struct dvbt_get_status_msg result;
559 - u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
560 + struct dvbt_get_status_msg *result;
564 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&result,
565 - sizeof(result), 0);
566 + cmd = kmalloc(1, GFP_KERNEL);
569 + result = kmalloc(sizeof(*result), GFP_KERNEL);
570 + if (result == NULL) {
575 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
577 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)result,
578 + sizeof(*result), 0);
585 - if (0xffff - le16_to_cpu(result.gain) > 30)
586 + if (0xffff - le16_to_cpu(result->gain) > 30)
587 *status |= FE_HAS_SIGNAL;
588 - if (result.lock_bits & (1 << 6))
589 + if (result->lock_bits & (1 << 6))
590 *status |= FE_HAS_LOCK;
591 - if (result.lock_bits & (1 << 5))
592 + if (result->lock_bits & (1 << 5))
593 *status |= FE_HAS_SYNC;
594 - if (result.lock_bits & (1 << 4))
595 + if (result->lock_bits & (1 << 4))
596 *status |= FE_HAS_CARRIER;
597 - if (result.lock_bits & (1 << 1))
598 + if (result->lock_bits & (1 << 1))
599 *status |= FE_HAS_VITERBI;
601 if ((*status & (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC)) !=
602 (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC))
603 *status &= ~FE_HAS_LOCK;
612 static int cinergyt2_fe_read_ber(struct dvb_frontend *fe, u32 *ber)
614 struct cinergyt2_fe_state *state = fe->demodulator_priv;
615 - struct dvbt_get_status_msg status;
616 - char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
617 + struct dvbt_get_status_msg *status;
621 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
622 - sizeof(status), 0);
623 + cmd = kmalloc(1, GFP_KERNEL);
626 + status = kmalloc(sizeof(*status), GFP_KERNEL);
627 + if (status == NULL) {
632 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
634 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
635 + sizeof(*status), 0);
640 - *ber = le32_to_cpu(status.viterbi_error_rate);
641 + *ber = le32_to_cpu(status->viterbi_error_rate);
648 static int cinergyt2_fe_read_unc_blocks(struct dvb_frontend *fe, u32 *unc)
650 struct cinergyt2_fe_state *state = fe->demodulator_priv;
651 - struct dvbt_get_status_msg status;
652 - u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
653 + struct dvbt_get_status_msg *status;
657 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&status,
658 - sizeof(status), 0);
659 + cmd = kmalloc(1, GFP_KERNEL);
662 + status = kmalloc(sizeof(*status), GFP_KERNEL);
663 + if (status == NULL) {
668 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
670 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)status,
671 + sizeof(*status), 0);
673 err("cinergyt2_fe_read_unc_blocks() Failed! (Error=%d)\n",
678 - *unc = le32_to_cpu(status.uncorrected_block_count);
680 + *unc = le32_to_cpu(status->uncorrected_block_count);
688 static int cinergyt2_fe_read_signal_strength(struct dvb_frontend *fe,
691 struct cinergyt2_fe_state *state = fe->demodulator_priv;
692 - struct dvbt_get_status_msg status;
693 - char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
694 + struct dvbt_get_status_msg *status;
698 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
699 - sizeof(status), 0);
700 + cmd = kmalloc(1, GFP_KERNEL);
703 + status = kmalloc(sizeof(*status), GFP_KERNEL);
704 + if (status == NULL) {
709 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
711 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
712 + sizeof(*status), 0);
714 err("cinergyt2_fe_read_signal_strength() Failed!"
715 " (Error=%d)\n", ret);
719 - *strength = (0xffff - le16_to_cpu(status.gain));
720 + *strength = (0xffff - le16_to_cpu(status->gain));
728 static int cinergyt2_fe_read_snr(struct dvb_frontend *fe, u16 *snr)
730 struct cinergyt2_fe_state *state = fe->demodulator_priv;
731 - struct dvbt_get_status_msg status;
732 - char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
733 + struct dvbt_get_status_msg *status;
737 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
738 - sizeof(status), 0);
739 + cmd = kmalloc(1, GFP_KERNEL);
742 + status = kmalloc(sizeof(*status), GFP_KERNEL);
743 + if (status == NULL) {
748 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
750 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
751 + sizeof(*status), 0);
753 err("cinergyt2_fe_read_snr() Failed! (Error=%d)\n", ret);
757 - *snr = (status.snr << 8) | status.snr;
759 + *snr = (status->snr << 8) | status->snr;
767 static int cinergyt2_fe_init(struct dvb_frontend *fe)
768 @@ -266,35 +339,46 @@
770 struct dtv_frontend_properties *fep = &fe->dtv_property_cache;
771 struct cinergyt2_fe_state *state = fe->demodulator_priv;
772 - struct dvbt_set_parameters_msg param;
774 + struct dvbt_set_parameters_msg *param;
778 - param.cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS;
779 - param.tps = cpu_to_le16(compute_tps(fep));
780 - param.freq = cpu_to_le32(fep->frequency / 1000);
782 + result = kmalloc(2, GFP_KERNEL);
783 + if (result == NULL)
785 + param = kmalloc(sizeof(*param), GFP_KERNEL);
786 + if (param == NULL) {
791 + param->cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS;
792 + param->tps = cpu_to_le16(compute_tps(fep));
793 + param->freq = cpu_to_le32(fep->frequency / 1000);
796 switch (fep->bandwidth_hz) {
799 - param.bandwidth = 8;
800 + param->bandwidth = 8;
803 - param.bandwidth = 7;
804 + param->bandwidth = 7;
807 - param.bandwidth = 6;
808 + param->bandwidth = 6;
812 err = dvb_usb_generic_rw(state->d,
813 - (char *)¶m, sizeof(param),
814 - result, sizeof(result), 0);
815 + (char *)param, sizeof(*param),
818 err("cinergyt2_fe_set_frontend() Failed! err=%d\n", err);
820 - return (err < 0) ? err : 0;
826 static void cinergyt2_fe_release(struct dvb_frontend *fe)
827 diff -Naur backports-3.18.1-1.org/drivers/media/usb/dvb-usb/dvb-usb-firmware.c backports-3.18.1-1/drivers/media/usb/dvb-usb/dvb-usb-firmware.c
828 --- backports-3.18.1-1.org/drivers/media/usb/dvb-usb/dvb-usb-firmware.c 2014-12-21 22:37:14.000000000 +0100
829 +++ backports-3.18.1-1/drivers/media/usb/dvb-usb/dvb-usb-firmware.c 2014-12-28 14:10:09.532888798 +0100
832 int usb_cypress_load_firmware(struct usb_device *udev, const struct firmware *fw, int type)
836 + struct hexline *hx;
840 + reset = kmalloc(1, GFP_KERNEL);
844 + hx = kmalloc(sizeof(struct hexline), GFP_KERNEL);
852 - if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1)) != 1)
854 + if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1)) != 1)
855 err("could not stop the USB controller CPU.");
857 - while ((ret = dvb_usb_get_hexline(fw,&hx,&pos)) > 0) {
858 - deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx.addr,hx.len,hx.chk);
859 - ret = usb_cypress_writemem(udev,hx.addr,hx.data,hx.len);
860 + while ((ret = dvb_usb_get_hexline(fw,hx,&pos)) > 0) {
861 + deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx->addr,hx->len,hx->chk);
862 + ret = usb_cypress_writemem(udev,hx->addr,hx->data,hx->len);
864 - if (ret != hx.len) {
865 + if (ret != hx->len) {
866 err("error while transferring firmware "
867 "(transferred size: %d, block size: %d)",
875 err("firmware download failed at %d with %d",pos,ret);
882 /* restart the CPU */
884 - if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1) != 1) {
886 + if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1) != 1) {
887 err("could not restart the USB controller CPU.");
898 EXPORT_SYMBOL(usb_cypress_load_firmware);
899 diff -Naur backports-3.18.1-1.org/drivers/media/usb/dvb-usb/dw2102.c backports-3.18.1-1/drivers/media/usb/dvb-usb/dw2102.c
900 --- backports-3.18.1-1.org/drivers/media/usb/dvb-usb/dw2102.c 2014-12-21 22:37:14.000000000 +0100
901 +++ backports-3.18.1-1/drivers/media/usb/dvb-usb/dw2102.c 2014-12-28 14:10:09.536888811 +0100
905 int (*old_set_voltage)(struct dvb_frontend *f, fe_sec_voltage_t v);
910 static int dvb_usb_dw2102_debug;
911 diff -Naur backports-3.18.1-1.org/drivers/media/usb/dvb-usb/technisat-usb2.c backports-3.18.1-1/drivers/media/usb/dvb-usb/technisat-usb2.c
912 --- backports-3.18.1-1.org/drivers/media/usb/dvb-usb/technisat-usb2.c 2014-12-21 22:37:14.000000000 +0100
913 +++ backports-3.18.1-1/drivers/media/usb/dvb-usb/technisat-usb2.c 2014-12-28 14:10:09.536888811 +0100
915 static int technisat_usb2_i2c_access(struct usb_device *udev,
916 u8 device_addr, u8 *tx, u8 txlen, u8 *rx, u8 rxlen)
919 - int ret, actual_length;
920 + u8 *b = kmalloc(64, GFP_KERNEL);
921 + int ret, actual_length, error = 0;
926 deb_i2c("i2c-access: %02x, tx: ", device_addr);
927 debug_dump(tx, txlen, deb_i2c);
931 err("i2c-error: out failed %02x = %d", device_addr, ret);
937 ret = usb_bulk_msg(udev,
939 b, 64, &actual_length, 1000);
941 err("i2c-error: in failed %02x = %d", device_addr, ret);
947 if (b[0] != I2C_STATUS_OK) {
949 /* handle tuner-i2c-nak */
950 if (!(b[0] == I2C_STATUS_NAK &&
952 - /* && device_is_technisat_usb2 */))
954 + /* && device_is_technisat_usb2 */)) {
960 deb_i2c("status: %d, ", b[0]);
971 static int technisat_usb2_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msg,
972 @@ -224,14 +233,16 @@
977 - red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
980 + u8 *led = kzalloc(8, GFP_KERNEL);
985 if (disable_led_control && state != TECH_LED_OFF)
988 + led[0] = red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST;
993 @@ -263,16 +274,22 @@
994 red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
995 USB_TYPE_VENDOR | USB_DIR_OUT,
997 - led, sizeof(led), 500);
1000 mutex_unlock(&d->i2c_mutex);
1007 static int technisat_usb2_set_led_timer(struct dvb_usb_device *d, u8 red, u8 green)
1011 + u8 *b = kzalloc(1, GFP_KERNEL);
1016 if (mutex_lock_interruptible(&d->i2c_mutex) < 0)
1018 @@ -281,10 +298,12 @@
1019 SET_LED_TIMER_DIVIDER_VENDOR_REQUEST,
1020 USB_TYPE_VENDOR | USB_DIR_OUT,
1021 (red << 8) | green, 0,
1025 mutex_unlock(&d->i2c_mutex);
1033 struct dvb_usb_device_description **desc, int *cold)
1037 + u8 *version = kmalloc(3, GFP_KERNEL);
1039 /* first select the interface */
1040 if (usb_set_interface(udev, 0, 1) != 0)
1041 @@ -338,11 +357,14 @@
1043 *cold = 0; /* by default do not download a firmware - just in case something is wrong */
1045 + if (version == NULL)
1048 ret = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
1049 GET_VERSION_INFO_VENDOR_REQUEST,
1050 USB_TYPE_VENDOR | USB_DIR_IN,
1052 - version, sizeof(version), 500);
1066 @@ -591,10 +615,15 @@
1068 static int technisat_usb2_get_ir(struct dvb_usb_device *d)
1073 struct ir_raw_event ev;
1075 + buf = kmalloc(62, GFP_KERNEL);
1080 buf[0] = GET_IR_DATA_VENDOR_REQUEST;
1083 @@ -617,16 +646,20 @@
1084 GET_IR_DATA_VENDOR_REQUEST,
1085 USB_TYPE_VENDOR | USB_DIR_IN,
1087 - buf, sizeof(buf), 500);
1091 mutex_unlock(&d->i2c_mutex);
1102 return 0; /* no key pressed */
1109 ir_raw_event_handle(d->rc_dev);
1116 diff -Naur backports-3.18.1-1.org/drivers/media/v4l2-core/v4l2-device.c backports-3.18.1-1/drivers/media/v4l2-core/v4l2-device.c
1117 --- backports-3.18.1-1.org/drivers/media/v4l2-core/v4l2-device.c 2014-12-21 22:37:14.000000000 +0100
1118 +++ backports-3.18.1-1/drivers/media/v4l2-core/v4l2-device.c 2014-12-28 14:10:09.536888811 +0100
1120 EXPORT_SYMBOL_GPL(v4l2_device_put);
1122 int v4l2_device_set_name(struct v4l2_device *v4l2_dev, const char *basename,
1123 - atomic_t *instance)
1124 + atomic_unchecked_t *instance)
1126 - int num = atomic_inc_return(instance) - 1;
1127 + int num = atomic_inc_return_unchecked(instance) - 1;
1128 int len = strlen(basename);
1130 if (basename[len - 1] >= '0' && basename[len - 1] <= '9')
1131 diff -Naur backports-3.18.1-1.org/drivers/media/v4l2-core/v4l2-ioctl.c backports-3.18.1-1/drivers/media/v4l2-core/v4l2-ioctl.c
1132 --- backports-3.18.1-1.org/drivers/media/v4l2-core/v4l2-ioctl.c 2014-12-21 22:37:14.000000000 +0100
1133 +++ backports-3.18.1-1/drivers/media/v4l2-core/v4l2-ioctl.c 2014-12-28 14:10:09.536888811 +0100
1134 @@ -2142,7 +2142,8 @@
1135 struct file *file, void *fh, void *p);
1137 void (*debug)(const void *arg, bool write_only);
1140 +typedef struct v4l2_ioctl_info __no_const v4l2_ioctl_info_no_const;
1142 /* This control needs a priority check */
1143 #define INFO_FL_PRIO (1 << 0)
1144 @@ -2326,7 +2327,7 @@
1145 struct video_device *vfd = video_devdata(file);
1146 const struct v4l2_ioctl_ops *ops = vfd->ioctl_ops;
1147 bool write_only = false;
1148 - struct v4l2_ioctl_info default_info;
1149 + v4l2_ioctl_info_no_const default_info;
1150 const struct v4l2_ioctl_info *info;
1151 void *fh = file->private_data;
1152 struct v4l2_fh *vfh = NULL;
1153 @@ -2413,7 +2414,7 @@
1157 - *user_ptr = (void __user *)buf->m.planes;
1158 + *user_ptr = (void __force_user *)buf->m.planes;
1159 *kernel_ptr = (void **)&buf->m.planes;
1160 *array_size = sizeof(struct v4l2_plane) * buf->length;
1162 @@ -2430,7 +2431,7 @@
1166 - *user_ptr = (void __user *)edid->edid;
1167 + *user_ptr = (void __force_user *)edid->edid;
1168 *kernel_ptr = (void **)&edid->edid;
1169 *array_size = edid->blocks * 128;
1171 @@ -2448,7 +2449,7 @@
1175 - *user_ptr = (void __user *)ctrls->controls;
1176 + *user_ptr = (void __force_user *)ctrls->controls;
1177 *kernel_ptr = (void **)&ctrls->controls;
1178 *array_size = sizeof(struct v4l2_ext_control)
1180 @@ -2549,7 +2550,7 @@
1183 if (has_array_args) {
1184 - *kernel_ptr = (void __force *)user_ptr;
1185 + *kernel_ptr = (void __force_kernel *)user_ptr;
1186 if (copy_to_user(user_ptr, mbuf, array_size))
1188 goto out_array_args;
1189 diff -Naur backports-3.18.1-1.org/drivers/net/ieee802154/fakehard.c backports-3.18.1-1/drivers/net/ieee802154/fakehard.c
1190 --- backports-3.18.1-1.org/drivers/net/ieee802154/fakehard.c 2014-12-21 22:37:14.000000000 +0100
1191 +++ backports-3.18.1-1/drivers/net/ieee802154/fakehard.c 2014-12-28 14:10:09.556888909 +0100
1193 phy->transmit_power = 0xbf;
1195 dev->netdev_ops = &fake_ops;
1196 - dev->ml_priv = &fake_mlme;
1197 + dev->ml_priv = (void *)&fake_mlme;
1199 priv = netdev_priv(dev);
1201 diff -Naur backports-3.18.1-1.org/drivers/net/usb/sierra_net.c backports-3.18.1-1/drivers/net/usb/sierra_net.c
1202 --- backports-3.18.1-1.org/drivers/net/usb/sierra_net.c 2014-12-21 22:37:14.000000000 +0100
1203 +++ backports-3.18.1-1/drivers/net/usb/sierra_net.c 2014-12-28 14:10:09.560888936 +0100
1205 /* atomic counter partially included in MAC address to make sure 2 devices
1206 * do not end up with the same MAC - concept breaks in case of > 255 ifaces
1208 -static atomic_t iface_counter = ATOMIC_INIT(0);
1209 +static atomic_unchecked_t iface_counter = ATOMIC_INIT(0);
1212 * SYNC Timer Delay definition used to set the expiry time
1214 dev->net->netdev_ops = &sierra_net_device_ops;
1216 /* change MAC addr to include, ifacenum, and to be unique */
1217 - dev->net->dev_addr[ETH_ALEN-2] = atomic_inc_return(&iface_counter);
1218 + dev->net->dev_addr[ETH_ALEN-2] = atomic_inc_return_unchecked(&iface_counter);
1219 dev->net->dev_addr[ETH_ALEN-1] = ifacenum;
1221 /* we will have to manufacture ethernet headers, prepare template */
1222 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/at76c50x-usb.c backports-3.18.1-1/drivers/net/wireless/at76c50x-usb.c
1223 --- backports-3.18.1-1.org/drivers/net/wireless/at76c50x-usb.c 2014-12-21 22:37:14.000000000 +0100
1224 +++ backports-3.18.1-1/drivers/net/wireless/at76c50x-usb.c 2014-12-28 14:10:09.560888936 +0100
1228 /* Convert timeout from the DFU status to jiffies */
1229 -static inline unsigned long at76_get_timeout(struct dfu_status *s)
1230 +static inline unsigned long __intentional_overflow(-1) at76_get_timeout(struct dfu_status *s)
1232 return msecs_to_jiffies((s->poll_timeout[2] << 16)
1233 | (s->poll_timeout[1] << 8)
1234 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath10k/htc.c backports-3.18.1-1/drivers/net/wireless/ath/ath10k/htc.c
1235 --- backports-3.18.1-1.org/drivers/net/wireless/ath/ath10k/htc.c 2014-12-21 22:37:14.000000000 +0100
1236 +++ backports-3.18.1-1/drivers/net/wireless/ath/ath10k/htc.c 2014-12-28 14:10:09.560888936 +0100
1237 @@ -848,7 +848,10 @@
1238 /* registered target arrival callback from the HIF layer */
1239 int ath10k_htc_init(struct ath10k *ar)
1241 - struct ath10k_hif_cb htc_callbacks;
1242 + static struct ath10k_hif_cb htc_callbacks = {
1243 + .rx_completion = ath10k_htc_rx_completion_handler,
1244 + .tx_completion = ath10k_htc_tx_completion_handler,
1246 struct ath10k_htc_ep *ep = NULL;
1247 struct ath10k_htc *htc = &ar->htc;
1250 ath10k_htc_reset_endpoint_states(htc);
1252 /* setup HIF layer callbacks */
1253 - htc_callbacks.rx_completion = ath10k_htc_rx_completion_handler;
1254 - htc_callbacks.tx_completion = ath10k_htc_tx_completion_handler;
1257 /* Get HIF default pipe for HTC message exchange */
1258 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath10k/htc.h backports-3.18.1-1/drivers/net/wireless/ath/ath10k/htc.h
1259 --- backports-3.18.1-1.org/drivers/net/wireless/ath/ath10k/htc.h 2014-12-21 22:37:14.000000000 +0100
1260 +++ backports-3.18.1-1/drivers/net/wireless/ath/ath10k/htc.h 2014-12-28 14:10:09.560888936 +0100
1261 @@ -270,13 +270,13 @@
1263 struct ath10k_htc_ops {
1264 void (*target_send_suspend_complete)(struct ath10k *ar);
1268 struct ath10k_htc_ep_ops {
1269 void (*ep_tx_complete)(struct ath10k *, struct sk_buff *);
1270 void (*ep_rx_complete)(struct ath10k *, struct sk_buff *);
1271 void (*ep_tx_credits)(struct ath10k *);
1275 /* service connection information */
1276 struct ath10k_htc_svc_conn_req {
1277 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/ar9002_mac.c backports-3.18.1-1/drivers/net/wireless/ath/ath9k/ar9002_mac.c
1278 --- backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/ar9002_mac.c 2014-12-21 22:37:14.000000000 +0100
1279 +++ backports-3.18.1-1/drivers/net/wireless/ath/ath9k/ar9002_mac.c 2014-12-28 14:10:09.560888936 +0100
1281 ads->ds_txstatus6 = ads->ds_txstatus7 = 0;
1282 ads->ds_txstatus8 = ads->ds_txstatus9 = 0;
1284 - ACCESS_ONCE(ads->ds_link) = i->link;
1285 - ACCESS_ONCE(ads->ds_data) = i->buf_addr[0];
1286 + ACCESS_ONCE_RW(ads->ds_link) = i->link;
1287 + ACCESS_ONCE_RW(ads->ds_data) = i->buf_addr[0];
1289 ctl1 = i->buf_len[0] | (i->is_last ? 0 : AR_TxMore);
1290 ctl6 = SM(i->keytype, AR_EncrType);
1291 @@ -235,26 +235,26 @@
1293 if ((i->is_first || i->is_last) &&
1294 i->aggr != AGGR_BUF_MIDDLE && i->aggr != AGGR_BUF_LAST) {
1295 - ACCESS_ONCE(ads->ds_ctl2) = set11nTries(i->rates, 0)
1296 + ACCESS_ONCE_RW(ads->ds_ctl2) = set11nTries(i->rates, 0)
1297 | set11nTries(i->rates, 1)
1298 | set11nTries(i->rates, 2)
1299 | set11nTries(i->rates, 3)
1300 | (i->dur_update ? AR_DurUpdateEna : 0)
1301 | SM(0, AR_BurstDur);
1303 - ACCESS_ONCE(ads->ds_ctl3) = set11nRate(i->rates, 0)
1304 + ACCESS_ONCE_RW(ads->ds_ctl3) = set11nRate(i->rates, 0)
1305 | set11nRate(i->rates, 1)
1306 | set11nRate(i->rates, 2)
1307 | set11nRate(i->rates, 3);
1309 - ACCESS_ONCE(ads->ds_ctl2) = 0;
1310 - ACCESS_ONCE(ads->ds_ctl3) = 0;
1311 + ACCESS_ONCE_RW(ads->ds_ctl2) = 0;
1312 + ACCESS_ONCE_RW(ads->ds_ctl3) = 0;
1316 - ACCESS_ONCE(ads->ds_ctl0) = 0;
1317 - ACCESS_ONCE(ads->ds_ctl1) = ctl1;
1318 - ACCESS_ONCE(ads->ds_ctl6) = ctl6;
1319 + ACCESS_ONCE_RW(ads->ds_ctl0) = 0;
1320 + ACCESS_ONCE_RW(ads->ds_ctl1) = ctl1;
1321 + ACCESS_ONCE_RW(ads->ds_ctl6) = ctl6;
1329 - ACCESS_ONCE(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen)
1330 + ACCESS_ONCE_RW(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen)
1331 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0)
1332 | SM(i->txpower, AR_XmitPower0)
1333 | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0)
1334 @@ -289,27 +289,27 @@
1335 | (i->flags & ATH9K_TXDESC_RTSENA ? AR_RTSEnable :
1336 (i->flags & ATH9K_TXDESC_CTSENA ? AR_CTSEnable : 0));
1338 - ACCESS_ONCE(ads->ds_ctl1) = ctl1;
1339 - ACCESS_ONCE(ads->ds_ctl6) = ctl6;
1340 + ACCESS_ONCE_RW(ads->ds_ctl1) = ctl1;
1341 + ACCESS_ONCE_RW(ads->ds_ctl6) = ctl6;
1343 if (i->aggr == AGGR_BUF_MIDDLE || i->aggr == AGGR_BUF_LAST)
1346 - ACCESS_ONCE(ads->ds_ctl4) = set11nPktDurRTSCTS(i->rates, 0)
1347 + ACCESS_ONCE_RW(ads->ds_ctl4) = set11nPktDurRTSCTS(i->rates, 0)
1348 | set11nPktDurRTSCTS(i->rates, 1);
1350 - ACCESS_ONCE(ads->ds_ctl5) = set11nPktDurRTSCTS(i->rates, 2)
1351 + ACCESS_ONCE_RW(ads->ds_ctl5) = set11nPktDurRTSCTS(i->rates, 2)
1352 | set11nPktDurRTSCTS(i->rates, 3);
1354 - ACCESS_ONCE(ads->ds_ctl7) = set11nRateFlags(i->rates, 0)
1355 + ACCESS_ONCE_RW(ads->ds_ctl7) = set11nRateFlags(i->rates, 0)
1356 | set11nRateFlags(i->rates, 1)
1357 | set11nRateFlags(i->rates, 2)
1358 | set11nRateFlags(i->rates, 3)
1359 | SM(i->rtscts_rate, AR_RTSCTSRate);
1361 - ACCESS_ONCE(ads->ds_ctl9) = SM(i->txpower, AR_XmitPower1);
1362 - ACCESS_ONCE(ads->ds_ctl10) = SM(i->txpower, AR_XmitPower2);
1363 - ACCESS_ONCE(ads->ds_ctl11) = SM(i->txpower, AR_XmitPower3);
1364 + ACCESS_ONCE_RW(ads->ds_ctl9) = SM(i->txpower, AR_XmitPower1);
1365 + ACCESS_ONCE_RW(ads->ds_ctl10) = SM(i->txpower, AR_XmitPower2);
1366 + ACCESS_ONCE_RW(ads->ds_ctl11) = SM(i->txpower, AR_XmitPower3);
1369 static int ar9002_hw_proc_txdesc(struct ath_hw *ah, void *ds,
1370 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/ar9003_mac.c backports-3.18.1-1/drivers/net/wireless/ath/ath9k/ar9003_mac.c
1371 --- backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/ar9003_mac.c 2014-12-21 22:37:14.000000000 +0100
1372 +++ backports-3.18.1-1/drivers/net/wireless/ath/ath9k/ar9003_mac.c 2014-12-28 14:10:09.560888936 +0100
1374 (i->qcu << AR_TxQcuNum_S) | desc_len;
1377 - ACCESS_ONCE(ads->info) = val;
1378 + ACCESS_ONCE_RW(ads->info) = val;
1380 checksum += i->link;
1381 - ACCESS_ONCE(ads->link) = i->link;
1382 + ACCESS_ONCE_RW(ads->link) = i->link;
1384 checksum += i->buf_addr[0];
1385 - ACCESS_ONCE(ads->data0) = i->buf_addr[0];
1386 + ACCESS_ONCE_RW(ads->data0) = i->buf_addr[0];
1387 checksum += i->buf_addr[1];
1388 - ACCESS_ONCE(ads->data1) = i->buf_addr[1];
1389 + ACCESS_ONCE_RW(ads->data1) = i->buf_addr[1];
1390 checksum += i->buf_addr[2];
1391 - ACCESS_ONCE(ads->data2) = i->buf_addr[2];
1392 + ACCESS_ONCE_RW(ads->data2) = i->buf_addr[2];
1393 checksum += i->buf_addr[3];
1394 - ACCESS_ONCE(ads->data3) = i->buf_addr[3];
1395 + ACCESS_ONCE_RW(ads->data3) = i->buf_addr[3];
1397 checksum += (val = (i->buf_len[0] << AR_BufLen_S) & AR_BufLen);
1398 - ACCESS_ONCE(ads->ctl3) = val;
1399 + ACCESS_ONCE_RW(ads->ctl3) = val;
1400 checksum += (val = (i->buf_len[1] << AR_BufLen_S) & AR_BufLen);
1401 - ACCESS_ONCE(ads->ctl5) = val;
1402 + ACCESS_ONCE_RW(ads->ctl5) = val;
1403 checksum += (val = (i->buf_len[2] << AR_BufLen_S) & AR_BufLen);
1404 - ACCESS_ONCE(ads->ctl7) = val;
1405 + ACCESS_ONCE_RW(ads->ctl7) = val;
1406 checksum += (val = (i->buf_len[3] << AR_BufLen_S) & AR_BufLen);
1407 - ACCESS_ONCE(ads->ctl9) = val;
1408 + ACCESS_ONCE_RW(ads->ctl9) = val;
1410 checksum = (u16) (((checksum & 0xffff) + (checksum >> 16)) & 0xffff);
1411 - ACCESS_ONCE(ads->ctl10) = checksum;
1412 + ACCESS_ONCE_RW(ads->ctl10) = checksum;
1414 if (i->is_first || i->is_last) {
1415 - ACCESS_ONCE(ads->ctl13) = set11nTries(i->rates, 0)
1416 + ACCESS_ONCE_RW(ads->ctl13) = set11nTries(i->rates, 0)
1417 | set11nTries(i->rates, 1)
1418 | set11nTries(i->rates, 2)
1419 | set11nTries(i->rates, 3)
1420 | (i->dur_update ? AR_DurUpdateEna : 0)
1421 | SM(0, AR_BurstDur);
1423 - ACCESS_ONCE(ads->ctl14) = set11nRate(i->rates, 0)
1424 + ACCESS_ONCE_RW(ads->ctl14) = set11nRate(i->rates, 0)
1425 | set11nRate(i->rates, 1)
1426 | set11nRate(i->rates, 2)
1427 | set11nRate(i->rates, 3);
1429 - ACCESS_ONCE(ads->ctl13) = 0;
1430 - ACCESS_ONCE(ads->ctl14) = 0;
1431 + ACCESS_ONCE_RW(ads->ctl13) = 0;
1432 + ACCESS_ONCE_RW(ads->ctl14) = 0;
1438 ctl17 = SM(i->keytype, AR_EncrType);
1440 - ACCESS_ONCE(ads->ctl11) = 0;
1441 - ACCESS_ONCE(ads->ctl12) = i->is_last ? 0 : AR_TxMore;
1442 - ACCESS_ONCE(ads->ctl15) = 0;
1443 - ACCESS_ONCE(ads->ctl16) = 0;
1444 - ACCESS_ONCE(ads->ctl17) = ctl17;
1445 - ACCESS_ONCE(ads->ctl18) = 0;
1446 - ACCESS_ONCE(ads->ctl19) = 0;
1447 + ACCESS_ONCE_RW(ads->ctl11) = 0;
1448 + ACCESS_ONCE_RW(ads->ctl12) = i->is_last ? 0 : AR_TxMore;
1449 + ACCESS_ONCE_RW(ads->ctl15) = 0;
1450 + ACCESS_ONCE_RW(ads->ctl16) = 0;
1451 + ACCESS_ONCE_RW(ads->ctl17) = ctl17;
1452 + ACCESS_ONCE_RW(ads->ctl18) = 0;
1453 + ACCESS_ONCE_RW(ads->ctl19) = 0;
1457 - ACCESS_ONCE(ads->ctl11) = (i->pkt_len & AR_FrameLen)
1458 + ACCESS_ONCE_RW(ads->ctl11) = (i->pkt_len & AR_FrameLen)
1459 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0)
1460 | SM(i->txpower, AR_XmitPower0)
1461 | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0)
1462 @@ -135,26 +135,26 @@
1463 val = (i->flags & ATH9K_TXDESC_PAPRD) >> ATH9K_TXDESC_PAPRD_S;
1464 ctl12 |= SM(val, AR_PAPRDChainMask);
1466 - ACCESS_ONCE(ads->ctl12) = ctl12;
1467 - ACCESS_ONCE(ads->ctl17) = ctl17;
1468 + ACCESS_ONCE_RW(ads->ctl12) = ctl12;
1469 + ACCESS_ONCE_RW(ads->ctl17) = ctl17;
1471 - ACCESS_ONCE(ads->ctl15) = set11nPktDurRTSCTS(i->rates, 0)
1472 + ACCESS_ONCE_RW(ads->ctl15) = set11nPktDurRTSCTS(i->rates, 0)
1473 | set11nPktDurRTSCTS(i->rates, 1);
1475 - ACCESS_ONCE(ads->ctl16) = set11nPktDurRTSCTS(i->rates, 2)
1476 + ACCESS_ONCE_RW(ads->ctl16) = set11nPktDurRTSCTS(i->rates, 2)
1477 | set11nPktDurRTSCTS(i->rates, 3);
1479 - ACCESS_ONCE(ads->ctl18) = set11nRateFlags(i->rates, 0)
1480 + ACCESS_ONCE_RW(ads->ctl18) = set11nRateFlags(i->rates, 0)
1481 | set11nRateFlags(i->rates, 1)
1482 | set11nRateFlags(i->rates, 2)
1483 | set11nRateFlags(i->rates, 3)
1484 | SM(i->rtscts_rate, AR_RTSCTSRate);
1486 - ACCESS_ONCE(ads->ctl19) = AR_Not_Sounding;
1487 + ACCESS_ONCE_RW(ads->ctl19) = AR_Not_Sounding;
1489 - ACCESS_ONCE(ads->ctl20) = SM(i->txpower, AR_XmitPower1);
1490 - ACCESS_ONCE(ads->ctl21) = SM(i->txpower, AR_XmitPower2);
1491 - ACCESS_ONCE(ads->ctl22) = SM(i->txpower, AR_XmitPower3);
1492 + ACCESS_ONCE_RW(ads->ctl20) = SM(i->txpower, AR_XmitPower1);
1493 + ACCESS_ONCE_RW(ads->ctl21) = SM(i->txpower, AR_XmitPower2);
1494 + ACCESS_ONCE_RW(ads->ctl22) = SM(i->txpower, AR_XmitPower3);
1497 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads)
1498 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/hw.h backports-3.18.1-1/drivers/net/wireless/ath/ath9k/hw.h
1499 --- backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/hw.h 2014-12-21 22:37:14.000000000 +0100
1500 +++ backports-3.18.1-1/drivers/net/wireless/ath/ath9k/hw.h 2014-12-28 14:10:09.564888946 +0100
1504 void (*ani_cache_ini_regs)(struct ath_hw *ah);
1509 * struct ath_spec_scan - parameters for Atheros spectral scan
1511 #ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT
1512 void (*set_bt_ant_diversity)(struct ath_hw *hw, bool enable);
1517 struct ath_nf_limits {
1519 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/main.c backports-3.18.1-1/drivers/net/wireless/ath/ath9k/main.c
1520 --- backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/main.c 2014-12-21 22:37:14.000000000 +0100
1521 +++ backports-3.18.1-1/drivers/net/wireless/ath/ath9k/main.c 2014-12-28 14:24:49.169250593 +0100
1522 @@ -2454,16 +2454,18 @@
1523 if (!ath9k_is_chanctx_enabled())
1526 - ath9k_ops.hw_scan = ath9k_hw_scan;
1527 - ath9k_ops.cancel_hw_scan = ath9k_cancel_hw_scan;
1528 - ath9k_ops.remain_on_channel = ath9k_remain_on_channel;
1529 - ath9k_ops.cancel_remain_on_channel = ath9k_cancel_remain_on_channel;
1530 - ath9k_ops.add_chanctx = ath9k_add_chanctx;
1531 - ath9k_ops.remove_chanctx = ath9k_remove_chanctx;
1532 - ath9k_ops.change_chanctx = ath9k_change_chanctx;
1533 - ath9k_ops.assign_vif_chanctx = ath9k_assign_vif_chanctx;
1534 - ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx;
1535 - ath9k_ops.mgd_prepare_tx = ath9k_mgd_prepare_tx;
1536 + pax_open_kernel();
1537 + *(void **)&ath9k_ops.hw_scan = ath9k_hw_scan;
1538 + *(void **)&ath9k_ops.cancel_hw_scan = ath9k_cancel_hw_scan;
1539 + *(void **)&ath9k_ops.remain_on_channel = ath9k_remain_on_channel;
1540 + *(void **)&ath9k_ops.cancel_remain_on_channel = ath9k_cancel_remain_on_channel;
1541 + *(void **)&ath9k_ops.add_chanctx = ath9k_add_chanctx;
1542 + *(void **)&ath9k_ops.remove_chanctx = ath9k_remove_chanctx;
1543 + *(void **)&ath9k_ops.change_chanctx = ath9k_change_chanctx;
1544 + *(void **)&ath9k_ops.assign_vif_chanctx = ath9k_assign_vif_chanctx;
1545 + *(void **)&ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx;
1546 + *(void **)&ath9k_ops.mgd_prepare_tx = ath9k_mgd_prepare_tx;
1547 + pax_close_kernel();
1551 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/b43/phy_lp.c backports-3.18.1-1/drivers/net/wireless/b43/phy_lp.c
1552 --- backports-3.18.1-1.org/drivers/net/wireless/b43/phy_lp.c 2014-12-21 22:37:14.000000000 +0100
1553 +++ backports-3.18.1-1/drivers/net/wireless/b43/phy_lp.c 2014-12-28 14:10:09.564888946 +0100
1554 @@ -2502,7 +2502,7 @@
1556 struct ssb_bus *bus = dev->dev->sdev->bus;
1558 - static const struct b206x_channel *chandata = NULL;
1559 + const struct b206x_channel *chandata = NULL;
1560 u32 crystal_freq = bus->chipco.pmu.crystalfreq * 1000;
1561 u32 freqref, vco_freq, val1, val2, val3, timeout, timeoutref, count;
1562 u16 old_comm15, scale;
1563 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/iwlegacy/3945-mac.c backports-3.18.1-1/drivers/net/wireless/iwlegacy/3945-mac.c
1564 --- backports-3.18.1-1.org/drivers/net/wireless/iwlegacy/3945-mac.c 2014-12-21 22:37:14.000000000 +0100
1565 +++ backports-3.18.1-1/drivers/net/wireless/iwlegacy/3945-mac.c 2014-12-28 14:10:09.564888946 +0100
1566 @@ -3633,7 +3633,9 @@
1568 if (il3945_mod_params.disable_hw_scan) {
1569 D_INFO("Disabling hw_scan\n");
1570 - il3945_mac_ops.hw_scan = NULL;
1571 + pax_open_kernel();
1572 + *(void **)&il3945_mac_ops.hw_scan = NULL;
1573 + pax_close_kernel();
1576 D_INFO("*** LOAD DRIVER ***\n");
1577 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/iwlwifi/dvm/debugfs.c backports-3.18.1-1/drivers/net/wireless/iwlwifi/dvm/debugfs.c
1578 --- backports-3.18.1-1.org/drivers/net/wireless/iwlwifi/dvm/debugfs.c 2014-12-21 22:37:14.000000000 +0100
1579 +++ backports-3.18.1-1/drivers/net/wireless/iwlwifi/dvm/debugfs.c 2014-12-28 14:10:09.564888946 +0100
1582 struct iwl_priv *priv = file->private_data;
1588 memset(buf, 0, sizeof(buf));
1590 struct iwl_priv *priv = file->private_data;
1597 memset(buf, 0, sizeof(buf));
1600 struct iwl_priv *priv = file->private_data;
1606 memset(buf, 0, sizeof(buf));
1609 struct iwl_priv *priv = file->private_data;
1615 memset(buf, 0, sizeof(buf));
1616 @@ -683,10 +683,10 @@
1617 DEBUGFS_READ_WRITE_FILE_OPS(sleep_level_override);
1618 DEBUGFS_READ_FILE_OPS(current_sleep_command);
1620 -static const char *fmt_value = " %-30s %10u\n";
1621 -static const char *fmt_hex = " %-30s 0x%02X\n";
1622 -static const char *fmt_table = " %-30s %10u %10u %10u %10u\n";
1623 -static const char *fmt_header =
1624 +static const char fmt_value[] = " %-30s %10u\n";
1625 +static const char fmt_hex[] = " %-30s 0x%02X\n";
1626 +static const char fmt_table[] = " %-30s %10u %10u %10u %10u\n";
1627 +static const char fmt_header[] =
1628 "%-32s current cumulative delta max\n";
1630 static int iwl_statistics_flag(struct iwl_priv *priv, char *buf, int bufsz)
1631 @@ -1856,7 +1856,7 @@
1633 struct iwl_priv *priv = file->private_data;
1639 memset(buf, 0, sizeof(buf));
1640 @@ -1901,7 +1901,7 @@
1642 struct iwl_priv *priv = file->private_data;
1648 memset(buf, 0, sizeof(buf));
1649 @@ -1972,7 +1972,7 @@
1651 struct iwl_priv *priv = file->private_data;
1657 memset(buf, 0, sizeof(buf));
1658 @@ -2013,7 +2013,7 @@
1660 struct iwl_priv *priv = file->private_data;
1666 memset(buf, 0, sizeof(buf));
1667 @@ -2073,7 +2073,7 @@
1669 struct iwl_priv *priv = file->private_data;
1675 memset(buf, 0, sizeof(buf));
1676 @@ -2163,7 +2163,7 @@
1678 struct iwl_priv *priv = file->private_data;
1684 if (!priv->cfg->ht_params)
1685 @@ -2204,7 +2204,7 @@
1687 struct iwl_priv *priv = file->private_data;
1692 memset(buf, 0, sizeof(buf));
1693 buf_size = min(count, sizeof(buf) - 1);
1694 @@ -2238,7 +2238,7 @@
1695 struct iwl_priv *priv = file->private_data;
1701 /* check that the interface is up */
1702 if (!iwl_is_ready(priv))
1703 @@ -2292,7 +2292,7 @@
1704 struct iwl_priv *priv = file->private_data;
1710 memset(buf, 0, sizeof(buf));
1711 buf_size = min(count, sizeof(buf) - 1);
1712 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/iwlwifi/pcie/trans.c backports-3.18.1-1/drivers/net/wireless/iwlwifi/pcie/trans.c
1713 --- backports-3.18.1-1.org/drivers/net/wireless/iwlwifi/pcie/trans.c 2014-12-21 22:37:14.000000000 +0100
1714 +++ backports-3.18.1-1/drivers/net/wireless/iwlwifi/pcie/trans.c 2014-12-28 14:10:09.564888946 +0100
1715 @@ -1689,7 +1689,7 @@
1716 struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
1723 memset(buf, 0, sizeof(buf));
1724 @@ -1710,7 +1710,7 @@
1726 struct iwl_trans *trans = file->private_data;
1732 memset(buf, 0, sizeof(buf));
1733 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/mac80211_hwsim.c backports-3.18.1-1/drivers/net/wireless/mac80211_hwsim.c
1734 --- backports-3.18.1-1.org/drivers/net/wireless/mac80211_hwsim.c 2014-12-21 22:37:14.000000000 +0100
1735 +++ backports-3.18.1-1/drivers/net/wireless/mac80211_hwsim.c 2014-12-28 14:10:09.568888967 +0100
1736 @@ -2578,20 +2578,20 @@
1740 - mac80211_hwsim_mchan_ops = mac80211_hwsim_ops;
1741 - mac80211_hwsim_mchan_ops.hw_scan = mac80211_hwsim_hw_scan;
1742 - mac80211_hwsim_mchan_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan;
1743 - mac80211_hwsim_mchan_ops.sw_scan_start = NULL;
1744 - mac80211_hwsim_mchan_ops.sw_scan_complete = NULL;
1745 - mac80211_hwsim_mchan_ops.remain_on_channel = mac80211_hwsim_roc;
1746 - mac80211_hwsim_mchan_ops.cancel_remain_on_channel = mac80211_hwsim_croc;
1747 - mac80211_hwsim_mchan_ops.add_chanctx = mac80211_hwsim_add_chanctx;
1748 - mac80211_hwsim_mchan_ops.remove_chanctx = mac80211_hwsim_remove_chanctx;
1749 - mac80211_hwsim_mchan_ops.change_chanctx = mac80211_hwsim_change_chanctx;
1750 - mac80211_hwsim_mchan_ops.assign_vif_chanctx =
1751 - mac80211_hwsim_assign_vif_chanctx;
1752 - mac80211_hwsim_mchan_ops.unassign_vif_chanctx =
1753 - mac80211_hwsim_unassign_vif_chanctx;
1754 + pax_open_kernel();
1755 + memcpy((void *)&mac80211_hwsim_mchan_ops, &mac80211_hwsim_ops, sizeof mac80211_hwsim_mchan_ops);
1756 + *(void **)&mac80211_hwsim_mchan_ops.hw_scan = mac80211_hwsim_hw_scan;
1757 + *(void **)&mac80211_hwsim_mchan_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan;
1758 + *(void **)&mac80211_hwsim_mchan_ops.sw_scan_start = NULL;
1759 + *(void **)&mac80211_hwsim_mchan_ops.sw_scan_complete = NULL;
1760 + *(void **)&mac80211_hwsim_mchan_ops.remain_on_channel = mac80211_hwsim_roc;
1761 + *(void **)&mac80211_hwsim_mchan_ops.cancel_remain_on_channel = mac80211_hwsim_croc;
1762 + *(void **)&mac80211_hwsim_mchan_ops.add_chanctx = mac80211_hwsim_add_chanctx;
1763 + *(void **)&mac80211_hwsim_mchan_ops.remove_chanctx = mac80211_hwsim_remove_chanctx;
1764 + *(void **)&mac80211_hwsim_mchan_ops.change_chanctx = mac80211_hwsim_change_chanctx;
1765 + *(void **)&mac80211_hwsim_mchan_ops.assign_vif_chanctx = mac80211_hwsim_assign_vif_chanctx;
1766 + *(void **)&mac80211_hwsim_mchan_ops.unassign_vif_chanctx = mac80211_hwsim_unassign_vif_chanctx;
1767 + pax_close_kernel();
1769 spin_lock_init(&hwsim_radio_lock);
1770 INIT_LIST_HEAD(&hwsim_radios);
1771 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/rndis_wlan.c backports-3.18.1-1/drivers/net/wireless/rndis_wlan.c
1772 --- backports-3.18.1-1.org/drivers/net/wireless/rndis_wlan.c 2014-12-21 22:37:14.000000000 +0100
1773 +++ backports-3.18.1-1/drivers/net/wireless/rndis_wlan.c 2014-12-28 14:10:09.568888967 +0100
1774 @@ -1236,7 +1236,7 @@
1776 netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold);
1778 - if (rts_threshold < 0 || rts_threshold > 2347)
1779 + if (rts_threshold > 2347)
1780 rts_threshold = 2347;
1782 tmp = cpu_to_le32(rts_threshold);
1783 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2x00.h backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2x00.h
1784 --- backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2x00.h 2014-12-21 22:37:14.000000000 +0100
1785 +++ backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2x00.h 2014-12-28 14:10:09.568888967 +0100
1787 * for hardware which doesn't support hardware
1788 * sequence counting.
1791 + atomic_unchecked_t seqno;
1794 static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif)
1795 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2x00queue.c backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2x00queue.c
1796 --- backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2x00queue.c 2014-12-21 22:37:14.000000000 +0100
1797 +++ backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2x00queue.c 2014-12-28 14:10:09.568888967 +0100
1799 * sequence counter given by mac80211.
1801 if (test_bit(ENTRY_TXD_FIRST_FRAGMENT, &txdesc->flags))
1802 - seqno = atomic_add_return(0x10, &intf->seqno);
1803 + seqno = atomic_add_return_unchecked(0x10, &intf->seqno);
1805 - seqno = atomic_read(&intf->seqno);
1806 + seqno = atomic_read_unchecked(&intf->seqno);
1808 hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
1809 hdr->seq_ctrl |= cpu_to_le16(seqno);
1810 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ti/wl1251/sdio.c backports-3.18.1-1/drivers/net/wireless/ti/wl1251/sdio.c
1811 --- backports-3.18.1-1.org/drivers/net/wireless/ti/wl1251/sdio.c 2014-12-21 22:37:14.000000000 +0100
1812 +++ backports-3.18.1-1/drivers/net/wireless/ti/wl1251/sdio.c 2014-12-28 14:10:09.568888967 +0100
1813 @@ -282,13 +282,17 @@
1815 irq_set_irq_type(wl->irq, IRQ_TYPE_EDGE_RISING);
1817 - wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq;
1818 - wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq;
1819 + pax_open_kernel();
1820 + *(void **)&wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq;
1821 + *(void **)&wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq;
1822 + pax_close_kernel();
1824 wl1251_info("using dedicated interrupt line");
1826 - wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq;
1827 - wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq;
1828 + pax_open_kernel();
1829 + *(void **)&wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq;
1830 + *(void **)&wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq;
1831 + pax_close_kernel();
1833 wl1251_info("using SDIO interrupt");
1835 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ti/wl12xx/main.c backports-3.18.1-1/drivers/net/wireless/ti/wl12xx/main.c
1836 --- backports-3.18.1-1.org/drivers/net/wireless/ti/wl12xx/main.c 2014-12-21 22:37:14.000000000 +0100
1837 +++ backports-3.18.1-1/drivers/net/wireless/ti/wl12xx/main.c 2014-12-28 14:10:09.568888967 +0100
1839 sizeof(wl->conf.mem));
1841 /* read data preparation is only needed by wl127x */
1842 - wl->ops->prepare_read = wl127x_prepare_read;
1843 + pax_open_kernel();
1844 + *(void **)&wl->ops->prepare_read = wl127x_prepare_read;
1845 + pax_close_kernel();
1847 wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER,
1848 WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER,
1850 sizeof(wl->conf.mem));
1852 /* read data preparation is only needed by wl127x */
1853 - wl->ops->prepare_read = wl127x_prepare_read;
1854 + pax_open_kernel();
1855 + *(void **)&wl->ops->prepare_read = wl127x_prepare_read;
1856 + pax_close_kernel();
1858 wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER,
1859 WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER,
1860 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ti/wl18xx/main.c backports-3.18.1-1/drivers/net/wireless/ti/wl18xx/main.c
1861 --- backports-3.18.1-1.org/drivers/net/wireless/ti/wl18xx/main.c 2014-12-21 22:37:14.000000000 +0100
1862 +++ backports-3.18.1-1/drivers/net/wireless/ti/wl18xx/main.c 2014-12-28 14:10:09.568888967 +0100
1863 @@ -1916,8 +1916,10 @@
1866 if (!checksum_param) {
1867 - wl18xx_ops.set_rx_csum = NULL;
1868 - wl18xx_ops.init_vif = NULL;
1869 + pax_open_kernel();
1870 + *(void **)&wl18xx_ops.set_rx_csum = NULL;
1871 + *(void **)&wl18xx_ops.init_vif = NULL;
1872 + pax_close_kernel();
1875 /* Enable 11a Band only if we have 5G antennas */
1876 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/zd1211rw/zd_usb.c backports-3.18.1-1/drivers/net/wireless/zd1211rw/zd_usb.c
1877 --- backports-3.18.1-1.org/drivers/net/wireless/zd1211rw/zd_usb.c 2014-12-21 22:37:14.000000000 +0100
1878 +++ backports-3.18.1-1/drivers/net/wireless/zd1211rw/zd_usb.c 2014-12-28 14:10:09.568888967 +0100
1881 struct zd_usb *usb = urb->context;
1882 struct zd_usb_interrupt *intr = &usb->intr;
1887 ZD_ASSERT(in_interrupt());
1888 diff -Naur backports-3.18.1-1.org/drivers/nfc/nfcwilink.c backports-3.18.1-1/drivers/nfc/nfcwilink.c
1889 --- backports-3.18.1-1.org/drivers/nfc/nfcwilink.c 2014-12-21 22:37:14.000000000 +0100
1890 +++ backports-3.18.1-1/drivers/nfc/nfcwilink.c 2014-12-28 14:10:09.568888967 +0100
1893 static int nfcwilink_probe(struct platform_device *pdev)
1895 - static struct nfcwilink *drv;
1896 + struct nfcwilink *drv;
1900 diff -Naur backports-3.18.1-1.org/include/linux/gracl_compat.h backports-3.18.1-1/include/linux/gracl_compat.h
1901 --- backports-3.18.1-1.org/include/linux/gracl_compat.h 1970-01-01 01:00:00.000000000 +0100
1902 +++ backports-3.18.1-1/include/linux/gracl_compat.h 2014-12-28 14:10:09.684889542 +0100
1904 +#ifndef GR_ACL_COMPAT_H
1905 +#define GR_ACL_COMPAT_H
1907 +#include <linux/resource.h>
1908 +#include <asm/resource.h>
1910 +struct sprole_pw_compat {
1911 + compat_uptr_t rolename;
1912 + unsigned char salt[GR_SALT_LEN];
1913 + unsigned char sum[GR_SHA_LEN];
1916 +struct gr_hash_struct_compat {
1917 + compat_uptr_t table;
1918 + compat_uptr_t nametable;
1919 + compat_uptr_t first;
1925 +struct acl_subject_label_compat {
1926 + compat_uptr_t filename;
1927 + compat_ino_t inode;
1930 + kernel_cap_t cap_mask;
1931 + kernel_cap_t cap_lower;
1932 + kernel_cap_t cap_invert_audit;
1934 + struct compat_rlimit res[GR_NLIMITS];
1937 + __u8 user_trans_type;
1938 + __u8 group_trans_type;
1939 + compat_uptr_t user_transitions;
1940 + compat_uptr_t group_transitions;
1941 + __u16 user_trans_num;
1942 + __u16 group_trans_num;
1944 + __u32 sock_families[2];
1945 + __u32 ip_proto[8];
1947 + compat_uptr_t ips;
1949 + __u32 inaddr_any_override;
1952 + compat_ulong_t expires;
1954 + compat_uptr_t parent_subject;
1955 + compat_uptr_t hash;
1956 + compat_uptr_t prev;
1957 + compat_uptr_t next;
1959 + compat_uptr_t obj_hash;
1960 + __u32 obj_hash_size;
1964 +struct role_allowed_ip_compat {
1968 + compat_uptr_t prev;
1969 + compat_uptr_t next;
1972 +struct role_transition_compat {
1973 + compat_uptr_t rolename;
1975 + compat_uptr_t prev;
1976 + compat_uptr_t next;
1979 +struct acl_role_label_compat {
1980 + compat_uptr_t rolename;
1984 + __u16 auth_attempts;
1985 + compat_ulong_t expires;
1987 + compat_uptr_t root_label;
1988 + compat_uptr_t hash;
1990 + compat_uptr_t prev;
1991 + compat_uptr_t next;
1993 + compat_uptr_t transitions;
1994 + compat_uptr_t allowed_ips;
1995 + compat_uptr_t domain_children;
1996 + __u16 domain_child_num;
2000 + compat_uptr_t subj_hash;
2001 + __u32 subj_hash_size;
2004 +struct user_acl_role_db_compat {
2005 + compat_uptr_t r_table;
2006 + __u32 num_pointers;
2008 + __u32 num_domain_children;
2009 + __u32 num_subjects;
2010 + __u32 num_objects;
2013 +struct acl_object_label_compat {
2014 + compat_uptr_t filename;
2015 + compat_ino_t inode;
2019 + compat_uptr_t nested;
2020 + compat_uptr_t globbed;
2022 + compat_uptr_t prev;
2023 + compat_uptr_t next;
2026 +struct acl_ip_label_compat {
2027 + compat_uptr_t iface;
2035 + compat_uptr_t prev;
2036 + compat_uptr_t next;
2039 +struct gr_arg_compat {
2040 + struct user_acl_role_db_compat role_db;
2041 + unsigned char pw[GR_PW_LEN];
2042 + unsigned char salt[GR_SALT_LEN];
2043 + unsigned char sum[GR_SHA_LEN];
2044 + unsigned char sp_role[GR_SPROLE_LEN];
2045 + compat_uptr_t sprole_pws;
2046 + __u32 segv_device;
2047 + compat_ino_t segv_inode;
2049 + __u16 num_sprole_pws;
2053 +struct gr_arg_wrapper_compat {
2054 + compat_uptr_t arg;
2060 diff -Naur backports-3.18.1-1.org/include/linux/gracl.h backports-3.18.1-1/include/linux/gracl.h
2061 --- backports-3.18.1-1.org/include/linux/gracl.h 1970-01-01 01:00:00.000000000 +0100
2062 +++ backports-3.18.1-1/include/linux/gracl.h 2014-12-28 14:10:09.684889542 +0100
2067 +#include <linux/grdefs.h>
2068 +#include <linux/resource.h>
2069 +#include <linux/capability.h>
2070 +#include <linux/dcache.h>
2071 +#include <asm/resource.h>
2073 +/* Major status information */
2075 +#define GR_VERSION "grsecurity 3.0"
2076 +#define GRSECURITY_VERSION 0x3000
2091 +/* Password setup definitions
2092 + * kernel/grhash.c */
2100 + GR_SPROLE_LEN = 64,
2109 +#define GR_NLIMITS 32
2111 +/* Begin Data Structures */
2114 + unsigned char *rolename;
2115 + unsigned char salt[GR_SALT_LEN];
2116 + unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */
2119 +struct name_entry {
2126 + struct name_entry *prev;
2127 + struct name_entry *next;
2130 +struct inodev_entry {
2131 + struct name_entry *nentry;
2132 + struct inodev_entry *prev;
2133 + struct inodev_entry *next;
2136 +struct acl_role_db {
2137 + struct acl_role_label **r_hash;
2142 + struct inodev_entry **i_hash;
2147 + struct name_entry **n_hash;
2153 + unsigned long expires;
2156 +struct gr_hash_struct {
2165 +/* Userspace Grsecurity ACL data structures */
2167 +struct acl_subject_label {
2172 + kernel_cap_t cap_mask;
2173 + kernel_cap_t cap_lower;
2174 + kernel_cap_t cap_invert_audit;
2176 + struct rlimit res[GR_NLIMITS];
2179 + __u8 user_trans_type;
2180 + __u8 group_trans_type;
2181 + uid_t *user_transitions;
2182 + gid_t *group_transitions;
2183 + __u16 user_trans_num;
2184 + __u16 group_trans_num;
2186 + __u32 sock_families[2];
2187 + __u32 ip_proto[8];
2189 + struct acl_ip_label **ips;
2191 + __u32 inaddr_any_override;
2194 + unsigned long expires;
2196 + struct acl_subject_label *parent_subject;
2197 + struct gr_hash_struct *hash;
2198 + struct acl_subject_label *prev;
2199 + struct acl_subject_label *next;
2201 + struct acl_object_label **obj_hash;
2202 + __u32 obj_hash_size;
2206 +struct role_allowed_ip {
2210 + struct role_allowed_ip *prev;
2211 + struct role_allowed_ip *next;
2214 +struct role_transition {
2217 + struct role_transition *prev;
2218 + struct role_transition *next;
2221 +struct acl_role_label {
2226 + __u16 auth_attempts;
2227 + unsigned long expires;
2229 + struct acl_subject_label *root_label;
2230 + struct gr_hash_struct *hash;
2232 + struct acl_role_label *prev;
2233 + struct acl_role_label *next;
2235 + struct role_transition *transitions;
2236 + struct role_allowed_ip *allowed_ips;
2237 + uid_t *domain_children;
2238 + __u16 domain_child_num;
2242 + struct acl_subject_label **subj_hash;
2243 + __u32 subj_hash_size;
2246 +struct user_acl_role_db {
2247 + struct acl_role_label **r_table;
2248 + __u32 num_pointers; /* Number of allocations to track */
2249 + __u32 num_roles; /* Number of roles */
2250 + __u32 num_domain_children; /* Number of domain children */
2251 + __u32 num_subjects; /* Number of subjects */
2252 + __u32 num_objects; /* Number of objects */
2255 +struct acl_object_label {
2261 + struct acl_subject_label *nested;
2262 + struct acl_object_label *globbed;
2264 + /* next two structures not used */
2266 + struct acl_object_label *prev;
2267 + struct acl_object_label *next;
2270 +struct acl_ip_label {
2279 + /* next two structures not used */
2281 + struct acl_ip_label *prev;
2282 + struct acl_ip_label *next;
2286 + struct user_acl_role_db role_db;
2287 + unsigned char pw[GR_PW_LEN];
2288 + unsigned char salt[GR_SALT_LEN];
2289 + unsigned char sum[GR_SHA_LEN];
2290 + unsigned char sp_role[GR_SPROLE_LEN];
2291 + struct sprole_pw *sprole_pws;
2292 + dev_t segv_device;
2295 + __u16 num_sprole_pws;
2299 +struct gr_arg_wrapper {
2300 + struct gr_arg *arg;
2305 +struct subject_map {
2306 + struct acl_subject_label *user;
2307 + struct acl_subject_label *kernel;
2308 + struct subject_map *prev;
2309 + struct subject_map *next;
2312 +struct acl_subj_map_db {
2313 + struct subject_map **s_hash;
2317 +struct gr_policy_state {
2318 + struct sprole_pw **acl_special_roles;
2319 + __u16 num_sprole_pws;
2320 + struct acl_role_label *kernel_role;
2321 + struct acl_role_label *role_list;
2322 + struct acl_role_label *default_role;
2323 + struct acl_role_db acl_role_set;
2324 + struct acl_subj_map_db subj_map_set;
2325 + struct name_db name_set;
2326 + struct inodev_db inodev_set;
2329 +struct gr_alloc_state {
2330 + unsigned long alloc_stack_next;
2331 + unsigned long alloc_stack_size;
2332 + void **alloc_stack;
2335 +struct gr_reload_state {
2336 + struct gr_policy_state oldpolicy;
2337 + struct gr_alloc_state oldalloc;
2338 + struct gr_policy_state newpolicy;
2339 + struct gr_alloc_state newalloc;
2340 + struct gr_policy_state *oldpolicy_ptr;
2341 + struct gr_alloc_state *oldalloc_ptr;
2342 + unsigned char oldmode;
2345 +/* End Data Structures Section */
2347 +/* Hash functions generated by empirical testing by Brad Spengler
2348 + Makes good use of the low bits of the inode. Generally 0-1 times
2349 + in loop for successful match. 0-3 for unsuccessful match.
2350 + Shift/add algorithm with modulus of table size and an XOR*/
2352 +static __inline__ unsigned int
2353 +gr_rhash(const uid_t uid, const __u16 type, const unsigned int sz)
2355 + return ((((uid + type) << (16 + type)) ^ uid) % sz);
2358 + static __inline__ unsigned int
2359 +gr_shash(const struct acl_subject_label *userp, const unsigned int sz)
2361 + return ((const unsigned long)userp % sz);
2364 +static __inline__ unsigned int
2365 +gr_fhash(const ino_t ino, const dev_t dev, const unsigned int sz)
2367 + return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz);
2370 +static __inline__ unsigned int
2371 +gr_nhash(const char *name, const __u16 len, const unsigned int sz)
2373 + return full_name_hash((const unsigned char *)name, len) % sz;
2376 +#define FOR_EACH_SUBJECT_START(role,subj,iter) \
2379 + while (iter < role->subj_hash_size) { \
2380 + if (subj == NULL) \
2381 + subj = role->subj_hash[iter]; \
2382 + if (subj == NULL) { \
2387 +#define FOR_EACH_SUBJECT_END(subj,iter) \
2388 + subj = subj->next; \
2389 + if (subj == NULL) \
2394 +#define FOR_EACH_NESTED_SUBJECT_START(role,subj) \
2395 + subj = role->hash->first; \
2396 + while (subj != NULL) {
2398 +#define FOR_EACH_NESTED_SUBJECT_END(subj) \
2399 + subj = subj->next; \
2404 diff -Naur backports-3.18.1-1.org/include/linux/gralloc.h backports-3.18.1-1/include/linux/gralloc.h
2405 --- backports-3.18.1-1.org/include/linux/gralloc.h 1970-01-01 01:00:00.000000000 +0100
2406 +++ backports-3.18.1-1/include/linux/gralloc.h 2014-12-28 14:10:09.684889542 +0100
2408 +#ifndef __GRALLOC_H
2409 +#define __GRALLOC_H
2411 +void acl_free_all(void);
2412 +int acl_alloc_stack_init(unsigned long size);
2413 +void *acl_alloc(unsigned long len);
2414 +void *acl_alloc_num(unsigned long num, unsigned long len);
2417 diff -Naur backports-3.18.1-1.org/include/linux/grdefs.h backports-3.18.1-1/include/linux/grdefs.h
2418 --- backports-3.18.1-1.org/include/linux/grdefs.h 1970-01-01 01:00:00.000000000 +0100
2419 +++ backports-3.18.1-1/include/linux/grdefs.h 2014-12-28 14:10:09.688889562 +0100
2424 +/* Begin grsecurity status declarations */
2428 + GR_STATUS_INIT = 0x00 // disabled state
2431 +/* Begin ACL declarations */
2436 + GR_ROLE_USER = 0x0001,
2437 + GR_ROLE_GROUP = 0x0002,
2438 + GR_ROLE_DEFAULT = 0x0004,
2439 + GR_ROLE_SPECIAL = 0x0008,
2440 + GR_ROLE_AUTH = 0x0010,
2441 + GR_ROLE_NOPW = 0x0020,
2442 + GR_ROLE_GOD = 0x0040,
2443 + GR_ROLE_LEARN = 0x0080,
2444 + GR_ROLE_TPE = 0x0100,
2445 + GR_ROLE_DOMAIN = 0x0200,
2446 + GR_ROLE_PAM = 0x0400,
2447 + GR_ROLE_PERSIST = 0x0800
2450 +/* ACL Subject and Object mode flags */
2452 + GR_DELETED = 0x80000000
2455 +/* ACL Object-only mode flags */
2457 + GR_READ = 0x00000001,
2458 + GR_APPEND = 0x00000002,
2459 + GR_WRITE = 0x00000004,
2460 + GR_EXEC = 0x00000008,
2461 + GR_FIND = 0x00000010,
2462 + GR_INHERIT = 0x00000020,
2463 + GR_SETID = 0x00000040,
2464 + GR_CREATE = 0x00000080,
2465 + GR_DELETE = 0x00000100,
2466 + GR_LINK = 0x00000200,
2467 + GR_AUDIT_READ = 0x00000400,
2468 + GR_AUDIT_APPEND = 0x00000800,
2469 + GR_AUDIT_WRITE = 0x00001000,
2470 + GR_AUDIT_EXEC = 0x00002000,
2471 + GR_AUDIT_FIND = 0x00004000,
2472 + GR_AUDIT_INHERIT= 0x00008000,
2473 + GR_AUDIT_SETID = 0x00010000,
2474 + GR_AUDIT_CREATE = 0x00020000,
2475 + GR_AUDIT_DELETE = 0x00040000,
2476 + GR_AUDIT_LINK = 0x00080000,
2477 + GR_PTRACERD = 0x00100000,
2478 + GR_NOPTRACE = 0x00200000,
2479 + GR_SUPPRESS = 0x00400000,
2480 + GR_NOLEARN = 0x00800000,
2481 + GR_INIT_TRANSFER= 0x01000000
2484 +#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \
2485 + GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \
2486 + GR_AUDIT_CREATE | GR_AUDIT_DELETE | GR_AUDIT_LINK)
2488 +/* ACL subject-only mode flags */
2490 + GR_KILL = 0x00000001,
2491 + GR_VIEW = 0x00000002,
2492 + GR_PROTECTED = 0x00000004,
2493 + GR_LEARN = 0x00000008,
2494 + GR_OVERRIDE = 0x00000010,
2495 + /* just a placeholder, this mode is only used in userspace */
2496 + GR_DUMMY = 0x00000020,
2497 + GR_PROTSHM = 0x00000040,
2498 + GR_KILLPROC = 0x00000080,
2499 + GR_KILLIPPROC = 0x00000100,
2500 + /* just a placeholder, this mode is only used in userspace */
2501 + GR_NOTROJAN = 0x00000200,
2502 + GR_PROTPROCFD = 0x00000400,
2503 + GR_PROCACCT = 0x00000800,
2504 + GR_RELAXPTRACE = 0x00001000,
2505 + //GR_NESTED = 0x00002000,
2506 + GR_INHERITLEARN = 0x00004000,
2507 + GR_PROCFIND = 0x00008000,
2508 + GR_POVERRIDE = 0x00010000,
2509 + GR_KERNELAUTH = 0x00020000,
2510 + GR_ATSECURE = 0x00040000,
2511 + GR_SHMEXEC = 0x00080000
2515 + GR_PAX_ENABLE_SEGMEXEC = 0x0001,
2516 + GR_PAX_ENABLE_PAGEEXEC = 0x0002,
2517 + GR_PAX_ENABLE_MPROTECT = 0x0004,
2518 + GR_PAX_ENABLE_RANDMMAP = 0x0008,
2519 + GR_PAX_ENABLE_EMUTRAMP = 0x0010,
2520 + GR_PAX_DISABLE_SEGMEXEC = 0x0100,
2521 + GR_PAX_DISABLE_PAGEEXEC = 0x0200,
2522 + GR_PAX_DISABLE_MPROTECT = 0x0400,
2523 + GR_PAX_DISABLE_RANDMMAP = 0x0800,
2524 + GR_PAX_DISABLE_EMUTRAMP = 0x1000,
2528 + GR_ID_USER = 0x01,
2529 + GR_ID_GROUP = 0x02,
2533 + GR_ID_ALLOW = 0x01,
2534 + GR_ID_DENY = 0x02,
2537 +#define GR_CRASH_RES 31
2538 +#define GR_UIDTABLE_MAX 500
2540 +/* begin resource learning section */
2542 + GR_RLIM_CPU_BUMP = 60,
2543 + GR_RLIM_FSIZE_BUMP = 50000,
2544 + GR_RLIM_DATA_BUMP = 10000,
2545 + GR_RLIM_STACK_BUMP = 1000,
2546 + GR_RLIM_CORE_BUMP = 10000,
2547 + GR_RLIM_RSS_BUMP = 500000,
2548 + GR_RLIM_NPROC_BUMP = 1,
2549 + GR_RLIM_NOFILE_BUMP = 5,
2550 + GR_RLIM_MEMLOCK_BUMP = 50000,
2551 + GR_RLIM_AS_BUMP = 500000,
2552 + GR_RLIM_LOCKS_BUMP = 2,
2553 + GR_RLIM_SIGPENDING_BUMP = 5,
2554 + GR_RLIM_MSGQUEUE_BUMP = 10000,
2555 + GR_RLIM_NICE_BUMP = 1,
2556 + GR_RLIM_RTPRIO_BUMP = 1,
2557 + GR_RLIM_RTTIME_BUMP = 1000000
2561 diff -Naur backports-3.18.1-1.org/include/linux/grinternal.h backports-3.18.1-1/include/linux/grinternal.h
2562 --- backports-3.18.1-1.org/include/linux/grinternal.h 1970-01-01 01:00:00.000000000 +0100
2563 +++ backports-3.18.1-1/include/linux/grinternal.h 2014-12-28 14:10:09.688889562 +0100
2565 +#ifndef __GRINTERNAL_H
2566 +#define __GRINTERNAL_H
2568 +#ifdef CONFIG_GRKERNSEC
2570 +#include <linux/fs.h>
2571 +#include <linux/mnt_namespace.h>
2572 +#include <linux/nsproxy.h>
2573 +#include <linux/gracl.h>
2574 +#include <linux/grdefs.h>
2575 +#include <linux/grmsg.h>
2577 +void gr_add_learn_entry(const char *fmt, ...)
2578 + __attribute__ ((format (printf, 1, 2)));
2579 +__u32 gr_search_file(const struct dentry *dentry, const __u32 mode,
2580 + const struct vfsmount *mnt);
2581 +__u32 gr_check_create(const struct dentry *new_dentry,
2582 + const struct dentry *parent,
2583 + const struct vfsmount *mnt, const __u32 mode);
2584 +int gr_check_protected_task(const struct task_struct *task);
2585 +__u32 to_gr_audit(const __u32 reqmode);
2586 +int gr_set_acls(const int type);
2587 +int gr_acl_is_enabled(void);
2588 +char gr_roletype_to_char(void);
2590 +void gr_handle_alertkill(struct task_struct *task);
2591 +char *gr_to_filename(const struct dentry *dentry,
2592 + const struct vfsmount *mnt);
2593 +char *gr_to_filename1(const struct dentry *dentry,
2594 + const struct vfsmount *mnt);
2595 +char *gr_to_filename2(const struct dentry *dentry,
2596 + const struct vfsmount *mnt);
2597 +char *gr_to_filename3(const struct dentry *dentry,
2598 + const struct vfsmount *mnt);
2600 +extern int grsec_enable_ptrace_readexec;
2601 +extern int grsec_enable_harden_ptrace;
2602 +extern int grsec_enable_link;
2603 +extern int grsec_enable_fifo;
2604 +extern int grsec_enable_execve;
2605 +extern int grsec_enable_shm;
2606 +extern int grsec_enable_execlog;
2607 +extern int grsec_enable_signal;
2608 +extern int grsec_enable_audit_ptrace;
2609 +extern int grsec_enable_forkfail;
2610 +extern int grsec_enable_time;
2611 +extern int grsec_enable_rofs;
2612 +extern int grsec_deny_new_usb;
2613 +extern int grsec_enable_chroot_shmat;
2614 +extern int grsec_enable_chroot_mount;
2615 +extern int grsec_enable_chroot_double;
2616 +extern int grsec_enable_chroot_pivot;
2617 +extern int grsec_enable_chroot_chdir;
2618 +extern int grsec_enable_chroot_chmod;
2619 +extern int grsec_enable_chroot_mknod;
2620 +extern int grsec_enable_chroot_fchdir;
2621 +extern int grsec_enable_chroot_nice;
2622 +extern int grsec_enable_chroot_execlog;
2623 +extern int grsec_enable_chroot_caps;
2624 +extern int grsec_enable_chroot_sysctl;
2625 +extern int grsec_enable_chroot_unix;
2626 +extern int grsec_enable_symlinkown;
2627 +extern kgid_t grsec_symlinkown_gid;
2628 +extern int grsec_enable_tpe;
2629 +extern kgid_t grsec_tpe_gid;
2630 +extern int grsec_enable_tpe_all;
2631 +extern int grsec_enable_tpe_invert;
2632 +extern int grsec_enable_socket_all;
2633 +extern kgid_t grsec_socket_all_gid;
2634 +extern int grsec_enable_socket_client;
2635 +extern kgid_t grsec_socket_client_gid;
2636 +extern int grsec_enable_socket_server;
2637 +extern kgid_t grsec_socket_server_gid;
2638 +extern kgid_t grsec_audit_gid;
2639 +extern int grsec_enable_group;
2640 +extern int grsec_enable_log_rwxmaps;
2641 +extern int grsec_enable_mount;
2642 +extern int grsec_enable_chdir;
2643 +extern int grsec_resource_logging;
2644 +extern int grsec_enable_blackhole;
2645 +extern int grsec_lastack_retries;
2646 +extern int grsec_enable_brute;
2647 +extern int grsec_enable_harden_ipc;
2648 +extern int grsec_lock;
2650 +extern spinlock_t grsec_alert_lock;
2651 +extern unsigned long grsec_alert_wtime;
2652 +extern unsigned long grsec_alert_fyet;
2654 +extern spinlock_t grsec_audit_lock;
2656 +extern rwlock_t grsec_exec_file_lock;
2658 +#define gr_task_fullpath(tsk) ((tsk)->exec_file ? \
2659 + gr_to_filename2((tsk)->exec_file->f_path.dentry, \
2660 + (tsk)->exec_file->f_path.mnt) : "/")
2662 +#define gr_parent_task_fullpath(tsk) ((tsk)->real_parent->exec_file ? \
2663 + gr_to_filename3((tsk)->real_parent->exec_file->f_path.dentry, \
2664 + (tsk)->real_parent->exec_file->f_path.mnt) : "/")
2666 +#define gr_task_fullpath0(tsk) ((tsk)->exec_file ? \
2667 + gr_to_filename((tsk)->exec_file->f_path.dentry, \
2668 + (tsk)->exec_file->f_path.mnt) : "/")
2670 +#define gr_parent_task_fullpath0(tsk) ((tsk)->real_parent->exec_file ? \
2671 + gr_to_filename1((tsk)->real_parent->exec_file->f_path.dentry, \
2672 + (tsk)->real_parent->exec_file->f_path.mnt) : "/")
2674 +#define proc_is_chrooted(tsk_a) ((tsk_a)->gr_is_chrooted)
2676 +#define have_same_root(tsk_a,tsk_b) ((tsk_a)->gr_chroot_dentry == (tsk_b)->gr_chroot_dentry)
2678 +static inline bool gr_is_same_file(const struct file *file1, const struct file *file2)
2680 + if (file1 && file2) {
2681 + const struct inode *inode1 = file1->f_path.dentry->d_inode;
2682 + const struct inode *inode2 = file2->f_path.dentry->d_inode;
2683 + if (inode1->i_ino == inode2->i_ino && inode1->i_sb->s_dev == inode2->i_sb->s_dev)
2690 +#define GR_CHROOT_CAPS {{ \
2691 + CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \
2692 + CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \
2693 + CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
2694 + CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
2695 + CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
2696 + CAP_TO_MASK(CAP_IPC_OWNER) | CAP_TO_MASK(CAP_SETFCAP), \
2697 + CAP_TO_MASK(CAP_SYSLOG) | CAP_TO_MASK(CAP_MAC_ADMIN) }}
2699 +#define security_learn(normal_msg,args...) \
2701 + read_lock(&grsec_exec_file_lock); \
2702 + gr_add_learn_entry(normal_msg "\n", ## args); \
2703 + read_unlock(&grsec_exec_file_lock); \
2709 + /* used for non-audit messages that we shouldn't kill the task on */
2710 + GR_DONT_AUDIT_GOOD
2724 + GR_ONE_INT_TWO_STR,
2731 + GR_FIVE_INT_TWO_STR,
2737 + GR_FILENAME_TWO_INT,
2738 + GR_FILENAME_TWO_INT_STR,
2752 +#define gr_log_hidden_sysctl(audit, msg, str) gr_log_varargs(audit, msg, GR_SYSCTL_HIDDEN, str)
2753 +#define gr_log_ttysniff(audit, msg, task) gr_log_varargs(audit, msg, GR_TTYSNIFF, task)
2754 +#define gr_log_fs_rbac_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_RBAC, dentry, mnt)
2755 +#define gr_log_fs_rbac_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_RBAC_STR, dentry, mnt, str)
2756 +#define gr_log_fs_str_rbac(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_RBAC, str, dentry, mnt)
2757 +#define gr_log_fs_rbac_mode2(audit, msg, dentry, mnt, str1, str2) gr_log_varargs(audit, msg, GR_RBAC_MODE2, dentry, mnt, str1, str2)
2758 +#define gr_log_fs_rbac_mode3(audit, msg, dentry, mnt, str1, str2, str3) gr_log_varargs(audit, msg, GR_RBAC_MODE3, dentry, mnt, str1, str2, str3)
2759 +#define gr_log_fs_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_FILENAME, dentry, mnt)
2760 +#define gr_log_noargs(audit, msg) gr_log_varargs(audit, msg, GR_NOARGS)
2761 +#define gr_log_int(audit, msg, num) gr_log_varargs(audit, msg, GR_ONE_INT, num)
2762 +#define gr_log_int_str2(audit, msg, num, str1, str2) gr_log_varargs(audit, msg, GR_ONE_INT_TWO_STR, num, str1, str2)
2763 +#define gr_log_str(audit, msg, str) gr_log_varargs(audit, msg, GR_ONE_STR, str)
2764 +#define gr_log_str_int(audit, msg, str, num) gr_log_varargs(audit, msg, GR_STR_INT, str, num)
2765 +#define gr_log_int_int(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_INT, num1, num2)
2766 +#define gr_log_two_u64(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_U64, num1, num2)
2767 +#define gr_log_int3(audit, msg, num1, num2, num3) gr_log_varargs(audit, msg, GR_THREE_INT, num1, num2, num3)
2768 +#define gr_log_int5_str2(audit, msg, num1, num2, str1, str2) gr_log_varargs(audit, msg, GR_FIVE_INT_TWO_STR, num1, num2, str1, str2)
2769 +#define gr_log_str_str(audit, msg, str1, str2) gr_log_varargs(audit, msg, GR_TWO_STR, str1, str2)
2770 +#define gr_log_str2_int(audit, msg, str1, str2, num) gr_log_varargs(audit, msg, GR_TWO_STR_INT, str1, str2, num)
2771 +#define gr_log_str3(audit, msg, str1, str2, str3) gr_log_varargs(audit, msg, GR_THREE_STR, str1, str2, str3)
2772 +#define gr_log_str4(audit, msg, str1, str2, str3, str4) gr_log_varargs(audit, msg, GR_FOUR_STR, str1, str2, str3, str4)
2773 +#define gr_log_str_fs(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_FILENAME, str, dentry, mnt)
2774 +#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str)
2775 +#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2)
2776 +#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str)
2777 +#define gr_log_textrel_ulong_ulong(audit, msg, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, file, ulong1, ulong2)
2778 +#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task)
2779 +#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2)
2780 +#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str)
2781 +#define gr_log_sig_addr(audit, msg, str, addr) gr_log_varargs(audit, msg, GR_SIG, str, addr)
2782 +#define gr_log_sig_task(audit, msg, task, num) gr_log_varargs(audit, msg, GR_SIG2, task, num)
2783 +#define gr_log_crash1(audit, msg, task, ulong) gr_log_varargs(audit, msg, GR_CRASH1, task, ulong)
2784 +#define gr_log_crash2(audit, msg, task, ulong1) gr_log_varargs(audit, msg, GR_CRASH2, task, ulong1)
2785 +#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9)
2786 +#define gr_log_rwxmap(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAP, str)
2787 +#define gr_log_rwxmap_vma(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAPVMA, str)
2789 +void gr_log_varargs(int audit, const char *msg, int argtypes, ...);
2794 diff -Naur backports-3.18.1-1.org/include/linux/grmsg.h backports-3.18.1-1/include/linux/grmsg.h
2795 --- backports-3.18.1-1.org/include/linux/grmsg.h 1970-01-01 01:00:00.000000000 +0100
2796 +++ backports-3.18.1-1/include/linux/grmsg.h 2014-12-28 14:10:09.688889562 +0100
2798 +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
2799 +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
2800 +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
2801 +#define GR_STOPMOD_MSG "denied modification of module state by "
2802 +#define GR_ROFS_BLOCKWRITE_MSG "denied write to block device %.950s by "
2803 +#define GR_ROFS_MOUNT_MSG "denied writable mount of %.950s by "
2804 +#define GR_IOPERM_MSG "denied use of ioperm() by "
2805 +#define GR_IOPL_MSG "denied use of iopl() by "
2806 +#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by "
2807 +#define GR_UNIX_CHROOT_MSG "denied connect() to abstract AF_UNIX socket outside of chroot by "
2808 +#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by "
2809 +#define GR_MEM_READWRITE_MSG "denied access of range %Lx -> %Lx in /dev/mem by "
2810 +#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by "
2811 +#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%pI4"
2812 +#define GR_ID_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%c\t%d\t%d\t%d\t%pI4"
2813 +#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by "
2814 +#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by "
2815 +#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by "
2816 +#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by "
2817 +#define GR_MKNOD_CHROOT_MSG "denied mknod of %.950s from chroot by "
2818 +#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by "
2819 +#define GR_UNIXCONNECT_ACL_MSG "%s connect() to the unix domain socket %.950s by "
2820 +#define GR_TTYSNIFF_ACL_MSG "terminal being sniffed by IP:%pI4 %.480s[%.16s:%d], parent %.480s[%.16s:%d] against "
2821 +#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by "
2822 +#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by "
2823 +#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by "
2824 +#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by "
2825 +#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for "
2826 +#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by "
2827 +#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by "
2828 +#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by "
2829 +#define GR_UNSAFESHARE_EXEC_ACL_MSG "denied exec with cloned fs of %.950s by "
2830 +#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by "
2831 +#define GR_EXEC_ACL_MSG "%s execution of %.950s by "
2832 +#define GR_EXEC_TPE_MSG "denied untrusted exec (due to %.70s) of %.950s by "
2833 +#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds"
2834 +#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution for %lu seconds"
2835 +#define GR_MOUNT_CHROOT_MSG "denied mount of %.256s as %.930s from chroot by "
2836 +#define GR_PIVOT_CHROOT_MSG "denied pivot_root from chroot by "
2837 +#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by "
2838 +#define GR_ATIME_ACL_MSG "%s access time change of %.950s by "
2839 +#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by "
2840 +#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by "
2841 +#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by "
2842 +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
2843 +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
2844 +#define GR_CHROOT_FHANDLE_MSG "denied use of file handles inside chroot by "
2845 +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by "
2846 +#define GR_SETXATTR_ACL_MSG "%s setting extended attribute of %.950s by "
2847 +#define GR_REMOVEXATTR_ACL_MSG "%s removing extended attribute of %.950s by "
2848 +#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by "
2849 +#define GR_INITF_ACL_MSG "init_variables() failed %s by "
2850 +#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader"
2851 +#define GR_DEV_ACL_MSG "/dev/grsec: %d bytes sent %d required, being fed garbage by "
2852 +#define GR_SHUTS_ACL_MSG "shutdown auth success for "
2853 +#define GR_SHUTF_ACL_MSG "shutdown auth failure for "
2854 +#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for "
2855 +#define GR_SEGVMODS_ACL_MSG "segvmod auth success for "
2856 +#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for "
2857 +#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for "
2858 +#define GR_ENABLE_ACL_MSG "%s RBAC system loaded by "
2859 +#define GR_ENABLEF_ACL_MSG "unable to load %s for "
2860 +#define GR_RELOADI_ACL_MSG "ignoring reload request for disabled RBAC system"
2861 +#define GR_RELOAD_ACL_MSG "%s RBAC system reloaded by "
2862 +#define GR_RELOADF_ACL_MSG "failed reload of %s for "
2863 +#define GR_SPROLEI_ACL_MSG "ignoring change to special role for disabled RBAC system for "
2864 +#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by "
2865 +#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by "
2866 +#define GR_SPROLEF_ACL_MSG "special role %s failure for "
2867 +#define GR_UNSPROLEI_ACL_MSG "ignoring unauth of special role for disabled RBAC system for "
2868 +#define GR_UNSPROLES_ACL_MSG "successful unauth of special role %s (id %d) by "
2869 +#define GR_INVMODE_ACL_MSG "invalid mode %d by "
2870 +#define GR_PRIORITY_CHROOT_MSG "denied priority change of process (%.16s:%d) by "
2871 +#define GR_FAILFORK_MSG "failed fork with errno %s by "
2872 +#define GR_NICE_CHROOT_MSG "denied priority change by "
2873 +#define GR_UNISIGLOG_MSG "%.32s occurred at %p in "
2874 +#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by "
2875 +#define GR_SIG_ACL_MSG "denied send of signal %d to protected task " DEFAULTSECMSG " by "
2876 +#define GR_SYSCTL_MSG "denied modification of grsecurity sysctl value : %.32s by "
2877 +#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by "
2878 +#define GR_TIME_MSG "time set by "
2879 +#define GR_DEFACL_MSG "fatal: unable to find subject for (%.16s:%d), loaded by "
2880 +#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by "
2881 +#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by "
2882 +#define GR_SOCK_MSG "denied socket(%.16s,%.16s,%.16s) by "
2883 +#define GR_SOCK_NOINET_MSG "denied socket(%.16s,%.16s,%d) by "
2884 +#define GR_BIND_MSG "denied bind() by "
2885 +#define GR_CONNECT_MSG "denied connect() by "
2886 +#define GR_BIND_ACL_MSG "denied bind() to %pI4 port %u sock type %.16s protocol %.16s by "
2887 +#define GR_CONNECT_ACL_MSG "denied connect() to %pI4 port %u sock type %.16s protocol %.16s by "
2888 +#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4"
2889 +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process "
2890 +#define GR_CAP_ACL_MSG "use of %s denied for "
2891 +#define GR_CAP_CHROOT_MSG "use of %s in chroot denied for "
2892 +#define GR_CAP_ACL_MSG2 "use of %s permitted for "
2893 +#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for "
2894 +#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for "
2895 +#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by "
2896 +#define GR_UNMOUNT_AUDIT_MSG "unmount of %.256s by "
2897 +#define GR_MOUNT_AUDIT_MSG "mount of %.256s to %.256s by "
2898 +#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by "
2899 +#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.128s) by "
2900 +#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for "
2901 +#define GR_RWXMMAP_MSG "denied RWX mmap of %.950s by "
2902 +#define GR_RWXMPROTECT_MSG "denied RWX mprotect of %.950s by "
2903 +#define GR_TEXTREL_AUDIT_MSG "denied text relocation in %.950s, VMA:0x%08lx 0x%08lx by "
2904 +#define GR_PTGNUSTACK_MSG "denied marking stack executable as requested by PT_GNU_STACK marking in %.950s by "
2905 +#define GR_VM86_MSG "denied use of vm86 by "
2906 +#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by "
2907 +#define GR_PTRACE_READEXEC_MSG "denied ptrace of unreadable binary %.950s by "
2908 +#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by "
2909 +#define GR_BADPROCPID_MSG "denied read of sensitive /proc/pid/%s entry via fd passed across exec by "
2910 +#define GR_SYMLINKOWNER_MSG "denied following symlink %.950s since symlink owner %u does not match target owner %u, by "
2911 +#define GR_BRUTE_DAEMON_MSG "bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for "
2912 +#define GR_BRUTE_SUID_MSG "bruteforce prevention initiated due to crash of %.950s against uid %u, banning suid/sgid execs for %u minutes. Please investigate the crash report for "
2913 +#define GR_IPC_DENIED_MSG "denied %s of overly-permissive IPC object with creator uid %u by "
2914 +#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
2915 diff -Naur backports-3.18.1-1.org/include/linux/grsecurity.h backports-3.18.1-1/include/linux/grsecurity.h
2916 --- backports-3.18.1-1.org/include/linux/grsecurity.h 1970-01-01 01:00:00.000000000 +0100
2917 +++ backports-3.18.1-1/include/linux/grsecurity.h 2014-12-28 14:10:09.688889562 +0100
2919 +#ifndef GR_SECURITY_H
2920 +#define GR_SECURITY_H
2921 +#include <linux/fs.h>
2922 +#include <linux/fs_struct.h>
2923 +#include <linux/binfmts.h>
2924 +#include <linux/gracl.h>
2926 +/* notify of brain-dead configs */
2927 +#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
2928 +#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled."
2930 +#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
2931 +#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled"
2933 +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
2934 +#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
2936 +#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP)
2937 +#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled."
2939 +#if defined(CONFIG_PAX) && !defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_ASLR)
2940 +#error "CONFIG_PAX enabled, but no PaX options are enabled."
2943 +int gr_handle_new_usb(void);
2945 +void gr_handle_brute_attach(int dumpable);
2946 +void gr_handle_brute_check(void);
2947 +void gr_handle_kernel_exploit(void);
2949 +char gr_roletype_to_char(void);
2951 +int gr_proc_is_restricted(void);
2953 +int gr_acl_enable_at_secure(void);
2955 +int gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs);
2956 +int gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs);
2958 +int gr_learn_cap(const struct task_struct *task, const struct cred *cred, const int cap);
2960 +void gr_del_task_from_ip_table(struct task_struct *p);
2962 +int gr_pid_is_chrooted(struct task_struct *p);
2963 +int gr_handle_chroot_fowner(struct pid *pid, enum pid_type type);
2964 +int gr_handle_chroot_nice(void);
2965 +int gr_handle_chroot_sysctl(const int op);
2966 +int gr_handle_chroot_setpriority(struct task_struct *p,
2967 + const int niceval);
2968 +int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
2969 +int gr_chroot_fhandle(void);
2970 +int gr_handle_chroot_chroot(const struct dentry *dentry,
2971 + const struct vfsmount *mnt);
2972 +void gr_handle_chroot_chdir(const struct path *path);
2973 +int gr_handle_chroot_chmod(const struct dentry *dentry,
2974 + const struct vfsmount *mnt, const int mode);
2975 +int gr_handle_chroot_mknod(const struct dentry *dentry,
2976 + const struct vfsmount *mnt, const int mode);
2977 +int gr_handle_chroot_mount(const struct dentry *dentry,
2978 + const struct vfsmount *mnt,
2979 + const char *dev_name);
2980 +int gr_handle_chroot_pivot(void);
2981 +int gr_handle_chroot_unix(const pid_t pid);
2983 +int gr_handle_rawio(const struct inode *inode);
2985 +void gr_handle_ioperm(void);
2986 +void gr_handle_iopl(void);
2987 +void gr_handle_msr_write(void);
2989 +umode_t gr_acl_umask(void);
2991 +int gr_tpe_allow(const struct file *file);
2993 +void gr_set_chroot_entries(struct task_struct *task, const struct path *path);
2994 +void gr_clear_chroot_entries(struct task_struct *task);
2996 +void gr_log_forkfail(const int retval);
2997 +void gr_log_timechange(void);
2998 +void gr_log_signal(const int sig, const void *addr, const struct task_struct *t);
2999 +void gr_log_chdir(const struct dentry *dentry,
3000 + const struct vfsmount *mnt);
3001 +void gr_log_chroot_exec(const struct dentry *dentry,
3002 + const struct vfsmount *mnt);
3003 +void gr_log_remount(const char *devname, const int retval);
3004 +void gr_log_unmount(const char *devname, const int retval);
3005 +void gr_log_mount(const char *from, const char *to, const int retval);
3006 +void gr_log_textrel(struct vm_area_struct *vma);
3007 +void gr_log_ptgnustack(struct file *file);
3008 +void gr_log_rwxmmap(struct file *file);
3009 +void gr_log_rwxmprotect(struct vm_area_struct *vma);
3011 +int gr_handle_follow_link(const struct inode *parent,
3012 + const struct inode *inode,
3013 + const struct dentry *dentry,
3014 + const struct vfsmount *mnt);
3015 +int gr_handle_fifo(const struct dentry *dentry,
3016 + const struct vfsmount *mnt,
3017 + const struct dentry *dir, const int flag,
3018 + const int acc_mode);
3019 +int gr_handle_hardlink(const struct dentry *dentry,
3020 + const struct vfsmount *mnt,
3021 + struct inode *inode,
3022 + const int mode, const struct filename *to);
3024 +int gr_is_capable(const int cap);
3025 +int gr_is_capable_nolog(const int cap);
3026 +int gr_task_is_capable(const struct task_struct *task, const struct cred *cred, const int cap);
3027 +int gr_task_is_capable_nolog(const struct task_struct *task, const int cap);
3029 +void gr_copy_label(struct task_struct *tsk);
3030 +void gr_handle_crash(struct task_struct *task, const int sig);
3031 +int gr_handle_signal(const struct task_struct *p, const int sig);
3032 +int gr_check_crash_uid(const kuid_t uid);
3033 +int gr_check_protected_task(const struct task_struct *task);
3034 +int gr_check_protected_task_fowner(struct pid *pid, enum pid_type type);
3035 +int gr_acl_handle_mmap(const struct file *file,
3036 + const unsigned long prot);
3037 +int gr_acl_handle_mprotect(const struct file *file,
3038 + const unsigned long prot);
3039 +int gr_check_hidden_task(const struct task_struct *tsk);
3040 +__u32 gr_acl_handle_truncate(const struct dentry *dentry,
3041 + const struct vfsmount *mnt);
3042 +__u32 gr_acl_handle_utime(const struct dentry *dentry,
3043 + const struct vfsmount *mnt);
3044 +__u32 gr_acl_handle_access(const struct dentry *dentry,
3045 + const struct vfsmount *mnt, const int fmode);
3046 +__u32 gr_acl_handle_chmod(const struct dentry *dentry,
3047 + const struct vfsmount *mnt, umode_t *mode);
3048 +__u32 gr_acl_handle_chown(const struct dentry *dentry,
3049 + const struct vfsmount *mnt);
3050 +__u32 gr_acl_handle_setxattr(const struct dentry *dentry,
3051 + const struct vfsmount *mnt);
3052 +__u32 gr_acl_handle_removexattr(const struct dentry *dentry,
3053 + const struct vfsmount *mnt);
3054 +int gr_handle_ptrace(struct task_struct *task, const long request);
3055 +int gr_handle_proc_ptrace(struct task_struct *task);
3056 +__u32 gr_acl_handle_execve(const struct dentry *dentry,
3057 + const struct vfsmount *mnt);
3058 +int gr_check_crash_exec(const struct file *filp);
3059 +int gr_acl_is_enabled(void);
3060 +void gr_set_role_label(struct task_struct *task, const kuid_t uid,
3061 + const kgid_t gid);
3062 +int gr_set_proc_label(const struct dentry *dentry,
3063 + const struct vfsmount *mnt,
3064 + const int unsafe_flags);
3065 +__u32 gr_acl_handle_hidden_file(const struct dentry *dentry,
3066 + const struct vfsmount *mnt);
3067 +__u32 gr_acl_handle_open(const struct dentry *dentry,
3068 + const struct vfsmount *mnt, int acc_mode);
3069 +__u32 gr_acl_handle_creat(const struct dentry *dentry,
3070 + const struct dentry *p_dentry,
3071 + const struct vfsmount *p_mnt,
3072 + int open_flags, int acc_mode, const int imode);
3073 +void gr_handle_create(const struct dentry *dentry,
3074 + const struct vfsmount *mnt);
3075 +void gr_handle_proc_create(const struct dentry *dentry,
3076 + const struct inode *inode);
3077 +__u32 gr_acl_handle_mknod(const struct dentry *new_dentry,
3078 + const struct dentry *parent_dentry,
3079 + const struct vfsmount *parent_mnt,
3081 +__u32 gr_acl_handle_mkdir(const struct dentry *new_dentry,
3082 + const struct dentry *parent_dentry,
3083 + const struct vfsmount *parent_mnt);
3084 +__u32 gr_acl_handle_rmdir(const struct dentry *dentry,
3085 + const struct vfsmount *mnt);
3086 +void gr_handle_delete(const ino_t ino, const dev_t dev);
3087 +__u32 gr_acl_handle_unlink(const struct dentry *dentry,
3088 + const struct vfsmount *mnt);
3089 +__u32 gr_acl_handle_symlink(const struct dentry *new_dentry,
3090 + const struct dentry *parent_dentry,
3091 + const struct vfsmount *parent_mnt,
3092 + const struct filename *from);
3093 +__u32 gr_acl_handle_link(const struct dentry *new_dentry,
3094 + const struct dentry *parent_dentry,
3095 + const struct vfsmount *parent_mnt,
3096 + const struct dentry *old_dentry,
3097 + const struct vfsmount *old_mnt, const struct filename *to);
3098 +int gr_handle_symlink_owner(const struct path *link, const struct inode *target);
3099 +int gr_acl_handle_rename(struct dentry *new_dentry,
3100 + struct dentry *parent_dentry,
3101 + const struct vfsmount *parent_mnt,
3102 + struct dentry *old_dentry,
3103 + struct inode *old_parent_inode,
3104 + struct vfsmount *old_mnt, const struct filename *newname, unsigned int flags);
3105 +void gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
3106 + struct dentry *old_dentry,
3107 + struct dentry *new_dentry,
3108 + struct vfsmount *mnt, const __u8 replace, unsigned int flags);
3109 +__u32 gr_check_link(const struct dentry *new_dentry,
3110 + const struct dentry *parent_dentry,
3111 + const struct vfsmount *parent_mnt,
3112 + const struct dentry *old_dentry,
3113 + const struct vfsmount *old_mnt);
3114 +int gr_acl_handle_filldir(const struct file *file, const char *name,
3115 + const unsigned int namelen, const ino_t ino);
3117 +__u32 gr_acl_handle_unix(const struct dentry *dentry,
3118 + const struct vfsmount *mnt);
3119 +void gr_acl_handle_exit(void);
3120 +void gr_acl_handle_psacct(struct task_struct *task, const long code);
3121 +int gr_acl_handle_procpidmem(const struct task_struct *task);
3122 +int gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags);
3123 +int gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode);
3124 +void gr_audit_ptrace(struct task_struct *task);
3125 +dev_t gr_get_dev_from_dentry(struct dentry *dentry);
3126 +void gr_put_exec_file(struct task_struct *task);
3128 +int gr_ptrace_readexec(struct file *file, int unsafe_flags);
3130 +#if defined(CONFIG_GRKERNSEC) && (defined(CONFIG_GRKERNSEC_RESLOG) || !defined(CONFIG_GRKERNSEC_NO_RBAC))
3131 +extern void gr_learn_resource(const struct task_struct *task, const int res,
3132 + const unsigned long wanted, const int gt);
3134 +static inline void gr_learn_resource(const struct task_struct *task, const int res,
3135 + const unsigned long wanted, const int gt)
3140 +#ifdef CONFIG_GRKERNSEC_RESLOG
3141 +extern void gr_log_resource(const struct task_struct *task, const int res,
3142 + const unsigned long wanted, const int gt);
3144 +static inline void gr_log_resource(const struct task_struct *task, const int res,
3145 + const unsigned long wanted, const int gt)
3150 +#ifdef CONFIG_GRKERNSEC
3151 +void task_grsec_rbac(struct seq_file *m, struct task_struct *p);
3152 +void gr_handle_vm86(void);
3153 +void gr_handle_mem_readwrite(u64 from, u64 to);
3155 +void gr_log_badprocpid(const char *entry);
3157 +extern int grsec_enable_dmesg;
3158 +extern int grsec_disable_privio;
3160 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
3161 +extern kgid_t grsec_proc_gid;
3164 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
3165 +extern int grsec_enable_chroot_findtask;
3167 +#ifdef CONFIG_GRKERNSEC_SETXID
3168 +extern int grsec_enable_setxid;
3173 diff -Naur backports-3.18.1-1.org/include/linux/grsock.h backports-3.18.1-1/include/linux/grsock.h
3174 --- backports-3.18.1-1.org/include/linux/grsock.h 1970-01-01 01:00:00.000000000 +0100
3175 +++ backports-3.18.1-1/include/linux/grsock.h 2014-12-28 14:10:09.688889562 +0100
3180 +extern void gr_attach_curr_ip(const struct sock *sk);
3181 +extern int gr_handle_sock_all(const int family, const int type,
3182 + const int protocol);
3183 +extern int gr_handle_sock_server(const struct sockaddr *sck);
3184 +extern int gr_handle_sock_server_other(const struct sock *sck);
3185 +extern int gr_handle_sock_client(const struct sockaddr *sck);
3186 +extern int gr_search_connect(struct socket * sock,
3187 + struct sockaddr_in * addr);
3188 +extern int gr_search_bind(struct socket * sock,
3189 + struct sockaddr_in * addr);
3190 +extern int gr_search_listen(struct socket * sock);
3191 +extern int gr_search_accept(struct socket * sock);
3192 +extern int gr_search_socket(const int domain, const int type,
3193 + const int protocol);
3196 diff -Naur backports-3.18.1-1.org/include/linux/unaligned/access_ok.h backports-3.18.1-1/include/linux/unaligned/access_ok.h
3197 --- backports-3.18.1-1.org/include/linux/unaligned/access_ok.h 2014-12-21 22:37:13.000000000 +0100
3198 +++ backports-3.18.1-1/include/linux/unaligned/access_ok.h 2014-12-28 14:10:09.712889681 +0100
3200 #include <linux/kernel.h>
3201 #include <asm/byteorder.h>
3203 -static inline u16 get_unaligned_le16(const void *p)
3204 +static inline u16 __intentional_overflow(-1) get_unaligned_le16(const void *p)
3206 - return le16_to_cpup((__le16 *)p);
3207 + return le16_to_cpup((const __le16 *)p);
3210 -static inline u32 get_unaligned_le32(const void *p)
3211 +static inline u32 __intentional_overflow(-1) get_unaligned_le32(const void *p)
3213 - return le32_to_cpup((__le32 *)p);
3214 + return le32_to_cpup((const __le32 *)p);
3217 -static inline u64 get_unaligned_le64(const void *p)
3218 +static inline u64 __intentional_overflow(-1) get_unaligned_le64(const void *p)
3220 - return le64_to_cpup((__le64 *)p);
3221 + return le64_to_cpup((const __le64 *)p);
3224 -static inline u16 get_unaligned_be16(const void *p)
3225 +static inline u16 __intentional_overflow(-1) get_unaligned_be16(const void *p)
3227 - return be16_to_cpup((__be16 *)p);
3228 + return be16_to_cpup((const __be16 *)p);
3231 -static inline u32 get_unaligned_be32(const void *p)
3232 +static inline u32 __intentional_overflow(-1) get_unaligned_be32(const void *p)
3234 - return be32_to_cpup((__be32 *)p);
3235 + return be32_to_cpup((const __be32 *)p);
3238 -static inline u64 get_unaligned_be64(const void *p)
3239 +static inline u64 __intentional_overflow(-1) get_unaligned_be64(const void *p)
3241 - return be64_to_cpup((__be64 *)p);
3242 + return be64_to_cpup((const __be64 *)p);
3245 static inline void put_unaligned_le16(u16 val, void *p)
3246 diff -Naur backports-3.18.1-1.org/include/media/v4l2-dev.h backports-3.18.1-1/include/media/v4l2-dev.h
3247 --- backports-3.18.1-1.org/include/media/v4l2-dev.h 2014-12-21 22:37:13.000000000 +0100
3248 +++ backports-3.18.1-1/include/media/v4l2-dev.h 2014-12-28 14:10:09.716889709 +0100
3250 int (*mmap) (struct file *, struct vm_area_struct *);
3251 int (*open) (struct file *);
3252 int (*release) (struct file *);
3257 * Newer version of video_device, handled by videodev2.c
3258 diff -Naur backports-3.18.1-1.org/include/media/v4l2-device.h backports-3.18.1-1/include/media/v4l2-device.h
3259 --- backports-3.18.1-1.org/include/media/v4l2-device.h 2014-12-21 22:37:13.000000000 +0100
3260 +++ backports-3.18.1-1/include/media/v4l2-device.h 2014-12-28 14:10:09.716889709 +0100
3262 this function returns 0. If the name ends with a digit (e.g. cx18),
3263 then the name will be set to cx18-0 since cx180 looks really odd. */
3264 int v4l2_device_set_name(struct v4l2_device *v4l2_dev, const char *basename,
3265 - atomic_t *instance);
3266 + atomic_unchecked_t *instance);
3268 /* Set v4l2_dev->dev to NULL. Call when the USB parent disconnects.
3269 Since the parent disappears this ensures that v4l2_dev doesn't have an
3270 diff -Naur backports-3.18.1-1.org/include/net/bluetooth/l2cap.h backports-3.18.1-1/include/net/bluetooth/l2cap.h
3271 --- backports-3.18.1-1.org/include/net/bluetooth/l2cap.h 2014-12-21 22:37:13.000000000 +0100
3272 +++ backports-3.18.1-1/include/net/bluetooth/l2cap.h 2014-12-28 14:10:09.716889709 +0100
3274 unsigned char *kdata,
3281 struct hci_conn *hcon;
3282 diff -Naur backports-3.18.1-1.org/include/net/mac80211.h backports-3.18.1-1/include/net/mac80211.h
3283 --- backports-3.18.1-1.org/include/net/mac80211.h 2014-12-21 22:37:13.000000000 +0100
3284 +++ backports-3.18.1-1/include/net/mac80211.h 2014-12-28 14:10:09.724889743 +0100
3285 @@ -4648,7 +4648,7 @@
3286 void (*remove_sta_debugfs)(void *priv, void *priv_sta);
3288 u32 (*get_expected_throughput)(void *priv_sta);
3292 static inline int rate_supported(struct ieee80211_sta *sta,
3293 enum ieee80211_band band,
3294 diff -Naur backports-3.18.1-1.org/include/trace/events/fs.h backports-3.18.1-1/include/trace/events/fs.h
3295 --- backports-3.18.1-1.org/include/trace/events/fs.h 1970-01-01 01:00:00.000000000 +0100
3296 +++ backports-3.18.1-1/include/trace/events/fs.h 2014-12-28 14:10:09.728889769 +0100
3298 +#undef TRACE_SYSTEM
3299 +#define TRACE_SYSTEM fs
3301 +#if !defined(_TRACE_FS_H) || defined(TRACE_HEADER_MULTI_READ)
3302 +#define _TRACE_FS_H
3304 +#include <linux/fs.h>
3305 +#include <linux/tracepoint.h>
3307 +TRACE_EVENT(do_sys_open,
3309 + TP_PROTO(const char *filename, int flags, int mode),
3311 + TP_ARGS(filename, flags, mode),
3314 + __string( filename, filename )
3315 + __field( int, flags )
3316 + __field( int, mode )
3320 + __assign_str(filename, filename);
3321 + __entry->flags = flags;
3322 + __entry->mode = mode;
3325 + TP_printk("\"%s\" %x %o",
3326 + __get_str(filename), __entry->flags, __entry->mode)
3329 +TRACE_EVENT(open_exec,
3331 + TP_PROTO(const char *filename),
3333 + TP_ARGS(filename),
3336 + __string( filename, filename )
3340 + __assign_str(filename, filename);
3343 + TP_printk("\"%s\"",
3344 + __get_str(filename))
3347 +#endif /* _TRACE_FS_H */
3349 +/* This part must be outside protection */
3350 +#include <trace/define_trace.h>
3351 diff -Naur backports-3.18.1-1.org/net/bluetooth/6lowpan.c backports-3.18.1-1/net/bluetooth/6lowpan.c
3352 --- backports-3.18.1-1.org/net/bluetooth/6lowpan.c 2014-12-21 22:37:15.000000000 +0100
3353 +++ backports-3.18.1-1/net/bluetooth/6lowpan.c 2014-12-28 14:10:09.784890034 +0100
3357 dev->stats.rx_dropped++;
3362 diff -Naur backports-3.18.1-1.org/net/bluetooth/bnep/core.c backports-3.18.1-1/net/bluetooth/bnep/core.c
3363 --- backports-3.18.1-1.org/net/bluetooth/bnep/core.c 2014-12-21 22:37:15.000000000 +0100
3364 +++ backports-3.18.1-1/net/bluetooth/bnep/core.c 2014-12-28 14:10:09.784890034 +0100
3369 + if (!l2cap_is_socket(sock))
3372 baswap((void *) dst, &l2cap_pi(sock->sk)->chan->dst);
3373 baswap((void *) src, &l2cap_pi(sock->sk)->chan->src);
3375 diff -Naur backports-3.18.1-1.org/net/bluetooth/cmtp/core.c backports-3.18.1-1/net/bluetooth/cmtp/core.c
3376 --- backports-3.18.1-1.org/net/bluetooth/cmtp/core.c 2014-12-21 22:37:15.000000000 +0100
3377 +++ backports-3.18.1-1/net/bluetooth/cmtp/core.c 2014-12-28 14:10:09.784890034 +0100
3382 + if (!l2cap_is_socket(sock))
3385 session = kzalloc(sizeof(struct cmtp_session), GFP_KERNEL);
3388 diff -Naur backports-3.18.1-1.org/net/bluetooth/hci_sock.c backports-3.18.1-1/net/bluetooth/hci_sock.c
3389 --- backports-3.18.1-1.org/net/bluetooth/hci_sock.c 2014-12-21 22:37:15.000000000 +0100
3390 +++ backports-3.18.1-1/net/bluetooth/hci_sock.c 2014-12-28 14:10:09.784890034 +0100
3391 @@ -1067,7 +1067,7 @@
3392 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
3395 - len = min_t(unsigned int, len, sizeof(uf));
3396 + len = min((size_t)len, sizeof(uf));
3397 if (copy_from_user(&uf, optval, len)) {
3400 diff -Naur backports-3.18.1-1.org/net/bluetooth/hidp/core.c backports-3.18.1-1/net/bluetooth/hidp/core.c
3401 --- backports-3.18.1-1.org/net/bluetooth/hidp/core.c 2014-12-21 22:37:15.000000000 +0100
3402 +++ backports-3.18.1-1/net/bluetooth/hidp/core.c 2014-12-28 14:10:09.784890034 +0100
3403 @@ -1322,13 +1322,14 @@
3405 struct hidp_session *session;
3406 struct l2cap_conn *conn;
3407 - struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
3408 + struct l2cap_chan *chan;
3411 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
3415 + chan = l2cap_pi(ctrl_sock->sk)->chan;
3417 l2cap_chan_lock(chan);
3419 diff -Naur backports-3.18.1-1.org/net/bluetooth/l2cap_core.c backports-3.18.1-1/net/bluetooth/l2cap_core.c
3420 --- backports-3.18.1-1.org/net/bluetooth/l2cap_core.c 2014-12-21 22:37:15.000000000 +0100
3421 +++ backports-3.18.1-1/net/bluetooth/l2cap_core.c 2014-12-28 14:10:09.784890034 +0100
3422 @@ -3512,8 +3512,10 @@
3425 case L2CAP_CONF_RFC:
3426 - if (olen == sizeof(rfc))
3427 - memcpy(&rfc, (void *)val, olen);
3428 + if (olen != sizeof(rfc))
3431 + memcpy(&rfc, (void *)val, olen);
3433 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
3434 rfc.mode != chan->mode)
3435 diff -Naur backports-3.18.1-1.org/net/bluetooth/l2cap_sock.c backports-3.18.1-1/net/bluetooth/l2cap_sock.c
3436 --- backports-3.18.1-1.org/net/bluetooth/l2cap_sock.c 2014-12-21 22:37:15.000000000 +0100
3437 +++ backports-3.18.1-1/net/bluetooth/l2cap_sock.c 2014-12-28 14:10:09.788890064 +0100
3439 struct sock *sk = sock->sk;
3440 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3441 struct l2cap_options opts;
3444 + size_t len = optlen;
3447 BT_DBG("sk %p", sk);
3449 opts.max_tx = chan->max_tx;
3450 opts.txwin_size = chan->tx_win;
3452 - len = min_t(unsigned int, sizeof(opts), optlen);
3453 + len = min(sizeof(opts), len);
3454 if (copy_from_user((char *) &opts, optval, len)) {
3458 struct bt_security sec;
3459 struct bt_power pwr;
3460 struct l2cap_conn *conn;
3463 + size_t len = optlen;
3466 BT_DBG("sk %p", sk);
3469 sec.level = BT_SECURITY_LOW;
3471 - len = min_t(unsigned int, sizeof(sec), optlen);
3472 + len = min(sizeof(sec), len);
3473 if (copy_from_user((char *) &sec, optval, len)) {
3478 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
3480 - len = min_t(unsigned int, sizeof(pwr), optlen);
3481 + len = min(sizeof(pwr), len);
3482 if (copy_from_user((char *) &pwr, optval, len)) {
3485 diff -Naur backports-3.18.1-1.org/net/bluetooth/rfcomm/sock.c backports-3.18.1-1/net/bluetooth/rfcomm/sock.c
3486 --- backports-3.18.1-1.org/net/bluetooth/rfcomm/sock.c 2014-12-21 22:37:15.000000000 +0100
3487 +++ backports-3.18.1-1/net/bluetooth/rfcomm/sock.c 2014-12-28 14:10:09.788890064 +0100
3489 struct sock *sk = sock->sk;
3490 struct bt_security sec;
3493 + size_t len = optlen;
3496 BT_DBG("sk %p", sk);
3499 sec.level = BT_SECURITY_LOW;
3501 - len = min_t(unsigned int, sizeof(sec), optlen);
3502 + len = min(sizeof(sec), len);
3503 if (copy_from_user((char *) &sec, optval, len)) {
3506 diff -Naur backports-3.18.1-1.org/net/bluetooth/rfcomm/tty.c backports-3.18.1-1/net/bluetooth/rfcomm/tty.c
3507 --- backports-3.18.1-1.org/net/bluetooth/rfcomm/tty.c 2014-12-21 22:37:15.000000000 +0100
3508 +++ backports-3.18.1-1/net/bluetooth/rfcomm/tty.c 2014-12-28 14:10:09.788890064 +0100
3510 BT_DBG("tty %p id %d", tty, tty->index);
3512 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
3513 - dev->channel, dev->port.count);
3514 + dev->channel, atomic_read(&dev->port.count));
3516 err = tty_port_open(&dev->port, tty, filp);
3519 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
3521 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
3523 + atomic_read(&dev->port.count));
3525 tty_port_close(&dev->port, tty, filp);
3527 diff -Naur backports-3.18.1-1.org/net/ieee802154/6lowpan_rtnl.c backports-3.18.1-1/net/ieee802154/6lowpan_rtnl.c
3528 --- backports-3.18.1-1.org/net/ieee802154/6lowpan_rtnl.c 2014-12-21 22:37:15.000000000 +0100
3529 +++ backports-3.18.1-1/net/ieee802154/6lowpan_rtnl.c 2014-12-28 14:10:09.796890100 +0100
3534 -static struct rtnl_link_ops lowpan_link_ops __read_mostly = {
3535 +static struct rtnl_link_ops lowpan_link_ops = {
3537 .priv_size = sizeof(struct lowpan_dev_info),
3538 .setup = lowpan_setup,
3539 diff -Naur backports-3.18.1-1.org/net/ieee802154/reassembly.c backports-3.18.1-1/net/ieee802154/reassembly.c
3540 --- backports-3.18.1-1.org/net/ieee802154/reassembly.c 2014-12-21 22:37:15.000000000 +0100
3541 +++ backports-3.18.1-1/net/ieee802154/reassembly.c 2014-12-28 14:10:09.796890100 +0100
3542 @@ -460,14 +460,13 @@
3544 static int __net_init lowpan_frags_ns_sysctl_register(struct net *net)
3546 - struct ctl_table *table;
3547 + ctl_table_no_const *table = NULL;
3548 struct ctl_table_header *hdr;
3549 struct netns_ieee802154_lowpan *ieee802154_lowpan =
3550 net_ieee802154_lowpan(net);
3552 - table = lowpan_frags_ns_ctl_table;
3553 if (!net_eq(net, &init_net)) {
3554 - table = kmemdup(table, sizeof(lowpan_frags_ns_ctl_table),
3555 + table = kmemdup(lowpan_frags_ns_ctl_table, sizeof(lowpan_frags_ns_ctl_table),
3563 - if (!net_eq(net, &init_net))
3569 diff -Naur backports-3.18.1-1.org/net/mac80211/cfg.c backports-3.18.1-1/net/mac80211/cfg.c
3570 --- backports-3.18.1-1.org/net/mac80211/cfg.c 2014-12-21 22:37:15.000000000 +0100
3571 +++ backports-3.18.1-1/net/mac80211/cfg.c 2014-12-28 14:10:09.812890175 +0100
3573 ret = ieee80211_vif_use_channel(sdata, chandef,
3574 IEEE80211_CHANCTX_EXCLUSIVE);
3576 - } else if (local->open_count == local->monitors) {
3577 + } else if (local_read(&local->open_count) == local->monitors) {
3578 local->_oper_chandef = *chandef;
3579 ieee80211_hw_config(local, 0);
3581 @@ -3326,7 +3326,7 @@
3583 local->probe_req_reg--;
3585 - if (!local->open_count)
3586 + if (!local_read(&local->open_count))
3589 ieee80211_queue_work(&local->hw, &local->reconfig_filter);
3590 @@ -3460,8 +3460,8 @@
3592 *chandef = sdata->vif.bss_conf.chandef;
3594 - } else if (local->open_count > 0 &&
3595 - local->open_count == local->monitors &&
3596 + } else if (local_read(&local->open_count) > 0 &&
3597 + local_read(&local->open_count) == local->monitors &&
3598 sdata->vif.type == NL80211_IFTYPE_MONITOR) {
3599 if (local->use_chanctx)
3600 *chandef = local->monitor_chandef;
3601 diff -Naur backports-3.18.1-1.org/net/mac80211/ieee80211_i.h backports-3.18.1-1/net/mac80211/ieee80211_i.h
3602 --- backports-3.18.1-1.org/net/mac80211/ieee80211_i.h 2014-12-21 22:37:15.000000000 +0100
3603 +++ backports-3.18.1-1/net/mac80211/ieee80211_i.h 2014-12-28 14:10:09.812890175 +0100
3605 #include <net/ieee80211_radiotap.h>
3606 #include <net/cfg80211.h>
3607 #include <net/mac80211.h>
3608 +#include <asm/local.h>
3610 #include "sta_info.h"
3612 @@ -1057,7 +1058,7 @@
3613 /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
3614 spinlock_t queue_stop_reason_lock;
3617 + local_t open_count;
3618 int monitors, cooked_mntrs;
3619 /* number of interfaces with corresponding FIF_ flags */
3620 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
3621 diff -Naur backports-3.18.1-1.org/net/mac80211/iface.c backports-3.18.1-1/net/mac80211/iface.c
3622 --- backports-3.18.1-1.org/net/mac80211/iface.c 2014-12-21 22:37:15.000000000 +0100
3623 +++ backports-3.18.1-1/net/mac80211/iface.c 2014-12-28 14:10:09.812890175 +0100
3628 - if (local->open_count == 0) {
3629 + if (local_read(&local->open_count) == 0) {
3630 res = drv_start(local);
3634 res = drv_add_interface(local, sdata);
3637 - } else if (local->monitors == 0 && local->open_count == 0) {
3638 + } else if (local->monitors == 0 && local_read(&local->open_count) == 0) {
3639 res = ieee80211_add_virtual_monitor(local);
3643 atomic_inc(&local->iff_promiscs);
3646 - local->open_count++;
3647 + local_inc(&local->open_count);
3649 if (hw_reconf_flags)
3650 ieee80211_hw_config(local, hw_reconf_flags);
3653 drv_remove_interface(local, sdata);
3655 - if (!local->open_count)
3656 + if (!local_read(&local->open_count))
3664 - local->open_count--;
3665 + local_dec(&local->open_count);
3667 switch (sdata->vif.type) {
3668 case NL80211_IFTYPE_AP_VLAN:
3671 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
3673 - if (local->open_count == 0)
3674 + if (local_read(&local->open_count) == 0)
3675 ieee80211_clear_tx_pending(local);
3680 flush_delayed_work(&local->scan_work);
3682 - if (local->open_count == 0) {
3683 + if (local_read(&local->open_count) == 0) {
3684 ieee80211_stop_device(local);
3686 /* no reconfiguring after stop! */
3687 @@ -1008,7 +1008,7 @@
3688 ieee80211_configure_filter(local);
3689 ieee80211_hw_config(local, hw_reconf_flags);
3691 - if (local->monitors == local->open_count)
3692 + if (local->monitors == local_read(&local->open_count))
3693 ieee80211_add_virtual_monitor(local);
3696 diff -Naur backports-3.18.1-1.org/net/mac80211/main.c backports-3.18.1-1/net/mac80211/main.c
3697 --- backports-3.18.1-1.org/net/mac80211/main.c 2014-12-21 22:37:15.000000000 +0100
3698 +++ backports-3.18.1-1/net/mac80211/main.c 2014-12-28 14:10:09.812890175 +0100
3700 changed &= ~(IEEE80211_CONF_CHANGE_CHANNEL |
3701 IEEE80211_CONF_CHANGE_POWER);
3703 - if (changed && local->open_count) {
3704 + if (changed && local_read(&local->open_count)) {
3705 ret = drv_config(local, changed);
3708 diff -Naur backports-3.18.1-1.org/net/mac80211/pm.c backports-3.18.1-1/net/mac80211/pm.c
3709 --- backports-3.18.1-1.org/net/mac80211/pm.c 2014-12-21 22:37:15.000000000 +0100
3710 +++ backports-3.18.1-1/net/mac80211/pm.c 2014-12-28 14:10:09.812890175 +0100
3712 struct ieee80211_sub_if_data *sdata;
3713 struct sta_info *sta;
3715 - if (!local->open_count)
3716 + if (!local_read(&local->open_count))
3719 ieee80211_scan_cancel(local);
3721 cancel_work_sync(&local->dynamic_ps_enable_work);
3722 del_timer_sync(&local->dynamic_ps_timer);
3724 - local->wowlan = wowlan && local->open_count;
3725 + local->wowlan = wowlan && local_read(&local->open_count);
3726 if (local->wowlan) {
3727 int err = drv_suspend(local, wowlan);
3730 WARN_ON(!list_empty(&local->chanctx_list));
3732 /* stop hardware - this must stop RX */
3733 - if (local->open_count)
3734 + if (local_read(&local->open_count))
3735 ieee80211_stop_device(local);
3738 diff -Naur backports-3.18.1-1.org/net/mac80211/rate.c backports-3.18.1-1/net/mac80211/rate.c
3739 --- backports-3.18.1-1.org/net/mac80211/rate.c 2014-12-21 22:37:15.000000000 +0100
3740 +++ backports-3.18.1-1/net/mac80211/rate.c 2014-12-28 14:10:09.812890175 +0100
3745 - if (local->open_count)
3746 + if (local_read(&local->open_count))
3749 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) {
3750 diff -Naur backports-3.18.1-1.org/net/mac80211/util.c backports-3.18.1-1/net/mac80211/util.c
3751 --- backports-3.18.1-1.org/net/mac80211/util.c 2014-12-21 22:37:15.000000000 +0100
3752 +++ backports-3.18.1-1/net/mac80211/util.c 2014-12-28 14:10:09.816890209 +0100
3753 @@ -1669,7 +1669,7 @@
3756 /* everything else happens only if HW was up & running */
3757 - if (!local->open_count)
3758 + if (!local_read(&local->open_count))
3762 @@ -1895,7 +1895,7 @@
3763 local->in_reconfig = false;
3766 - if (local->monitors == local->open_count && local->monitors > 0)
3767 + if (local->monitors == local_read(&local->open_count) && local->monitors > 0)
3768 ieee80211_add_virtual_monitor(local);
3771 diff -Naur backports-3.18.1-1.org/net/wireless/wext-core.c backports-3.18.1-1/net/wireless/wext-core.c
3772 --- backports-3.18.1-1.org/net/wireless/wext-core.c 2014-12-21 22:37:15.000000000 +0100
3773 +++ backports-3.18.1-1/net/wireless/wext-core.c 2014-12-28 14:10:09.832890290 +0100
3777 /* Support for very large requests */
3778 - if ((descr->flags & IW_DESCR_FLAG_NOMAX) &&
3779 - (user_length > descr->max_tokens)) {
3780 + if (user_length > descr->max_tokens) {
3781 /* Allow userspace to GET more than max so
3782 * we can support any size GET requests.
3783 * There is still a limit : -ENOMEM.
3784 @@ -788,22 +787,6 @@
3788 - if (IW_IS_GET(cmd) && !(descr->flags & IW_DESCR_FLAG_NOMAX)) {
3790 - * If this is a GET, but not NOMAX, it means that the extra
3791 - * data is not bounded by userspace, but by max_tokens. Thus
3792 - * set the length to max_tokens. This matches the extra data
3794 - * The driver should fill it with the number of tokens it
3795 - * provided, and it may check iwp->length rather than having
3796 - * knowledge of max_tokens. If the driver doesn't change the
3797 - * iwp->length, this ioctl just copies back max_token tokens
3798 - * filled with zeroes. Hopefully the driver isn't claiming
3799 - * them to be valid data.
3801 - iwp->length = descr->max_tokens;
3804 err = handler(dev, info, (union iwreq_data *) iwp, extra);
3806 iwp->length += essid_compat;