]> git.ipfire.org Git - ipfire-2.x.git/blame - src/patches/backports-3.18.1-1-grsecurity.patch
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
core91: Add changed pppsetup.cgi and language files
[ipfire-2.x.git] / src / patches / backports-3.18.1-1-grsecurity.patch
CommitLineData
91e56a59
AF		 1diff -Naur backports-3.18.1-1.org/drivers/bluetooth/btwilink.c backports-3.18.1-1/drivers/bluetooth/btwilink.c
2--- backports-3.18.1-1.org/drivers/bluetooth/btwilink.c 2014-12-21 22:37:15.000000000 +0100
3+++ backports-3.18.1-1/drivers/bluetooth/btwilink.c 2014-12-28 14:10:09.480888533 +0100
4@@ -288,7 +288,7 @@
5
6 static int bt_ti_probe(struct platform_device *pdev)
7 {
8- static struct ti_st *hst;
9+ struct ti_st *hst;
10 struct hci_dev *hdev;
11 int err;
12
13diff -Naur backports-3.18.1-1.org/drivers/media/dvb-core/dvbdev.c backports-3.18.1-1/drivers/media/dvb-core/dvbdev.c
14--- backports-3.18.1-1.org/drivers/media/dvb-core/dvbdev.c 2014-12-21 22:37:14.000000000 +0100
15+++ backports-3.18.1-1/drivers/media/dvb-core/dvbdev.c 2014-12-28 14:10:09.528888772 +0100
16@@ -185,7 +185,7 @@
17 const struct dvb_device *template, void *priv, int type)
18 {
19 struct dvb_device *dvbdev;
20- struct file_operations *dvbdevfops;
21+ file_operations_no_const *dvbdevfops;
22 struct device *clsdev;
23 int minor;
24 int id;
25diff -Naur backports-3.18.1-1.org/drivers/media/dvb-frontends/af9033.h backports-3.18.1-1/drivers/media/dvb-frontends/af9033.h
26--- backports-3.18.1-1.org/drivers/media/dvb-frontends/af9033.h 2014-12-21 22:37:14.000000000 +0100
27+++ backports-3.18.1-1/drivers/media/dvb-frontends/af9033.h 2014-12-28 14:10:09.528888772 +0100
28@@ -96,6 +96,6 @@
29 int (*pid_filter_ctrl)(struct dvb_frontend *fe, int onoff);
30 int (*pid_filter)(struct dvb_frontend *fe, int index, u16 pid,
31 int onoff);
32-};
33+} __no_const;
34
35 #endif /* AF9033_H */
36diff -Naur backports-3.18.1-1.org/drivers/media/dvb-frontends/dib3000.h backports-3.18.1-1/drivers/media/dvb-frontends/dib3000.h
37--- backports-3.18.1-1.org/drivers/media/dvb-frontends/dib3000.h 2014-12-21 22:37:14.000000000 +0100
38+++ backports-3.18.1-1/drivers/media/dvb-frontends/dib3000.h 2014-12-28 14:10:09.528888772 +0100
39@@ -39,7 +39,7 @@
40 int (*fifo_ctrl)(struct dvb_frontend *fe, int onoff);
41 int (*pid_ctrl)(struct dvb_frontend *fe, int index, int pid, int onoff);
42 int (*tuner_pass_ctrl)(struct dvb_frontend *fe, int onoff, u8 pll_ctrl);
43-};
44+} __no_const;
45
46 #if IS_ENABLED(CPTCFG_DVB_DIB3000MB)
47 extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config,
48diff -Naur backports-3.18.1-1.org/drivers/media/dvb-frontends/dib7000p.h backports-3.18.1-1/drivers/media/dvb-frontends/dib7000p.h
49--- backports-3.18.1-1.org/drivers/media/dvb-frontends/dib7000p.h 2014-12-21 22:37:14.000000000 +0100
50+++ backports-3.18.1-1/drivers/media/dvb-frontends/dib7000p.h 2014-12-28 14:10:09.528888772 +0100
51@@ -64,7 +64,7 @@
52 int (*get_adc_power)(struct dvb_frontend *fe);
53 int (*slave_reset)(struct dvb_frontend *fe);
54 struct dvb_frontend *(*init)(struct i2c_adapter *i2c_adap, u8 i2c_addr, struct dib7000p_config *cfg);
55-};
56+} __no_const;
57
58 #if IS_ENABLED(CPTCFG_DVB_DIB7000P)
59 void *dib7000p_attach(struct dib7000p_ops *ops);
60diff -Naur backports-3.18.1-1.org/drivers/media/dvb-frontends/dib8000.h backports-3.18.1-1/drivers/media/dvb-frontends/dib8000.h
61--- backports-3.18.1-1.org/drivers/media/dvb-frontends/dib8000.h 2014-12-21 22:37:14.000000000 +0100
62+++ backports-3.18.1-1/drivers/media/dvb-frontends/dib8000.h 2014-12-28 14:10:09.528888772 +0100
63@@ -61,7 +61,7 @@
64 int (*pid_filter_ctrl)(struct dvb_frontend *fe, u8 onoff);
65 int (*pid_filter)(struct dvb_frontend *fe, u8 id, u16 pid, u8 onoff);
66 struct dvb_frontend *(*init)(struct i2c_adapter *i2c_adap, u8 i2c_addr, struct dib8000_config *cfg);
67-};
68+} __no_const;
69
70 #if IS_ENABLED(CPTCFG_DVB_DIB8000)
71 void *dib8000_attach(struct dib8000_ops *ops);
72diff -Naur backports-3.18.1-1.org/drivers/media/pci/cx88/cx88-video.c backports-3.18.1-1/drivers/media/pci/cx88/cx88-video.c
73--- backports-3.18.1-1.org/drivers/media/pci/cx88/cx88-video.c 2014-12-21 22:37:13.000000000 +0100
74+++ backports-3.18.1-1/drivers/media/pci/cx88/cx88-video.c 2014-12-28 14:10:09.528888772 +0100
75@@ -50,9 +50,9 @@
76
77 /* ------------------------------------------------------------------ */
78
79-static unsigned int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
80-static unsigned int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
81-static unsigned int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
82+static int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
83+static int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
84+static int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
85
86 module_param_array(video_nr, int, NULL, 0444);
87 module_param_array(vbi_nr, int, NULL, 0444);
88diff -Naur backports-3.18.1-1.org/drivers/media/pci/ivtv/ivtv-driver.c backports-3.18.1-1/drivers/media/pci/ivtv/ivtv-driver.c
89--- backports-3.18.1-1.org/drivers/media/pci/ivtv/ivtv-driver.c 2014-12-21 22:37:13.000000000 +0100
90+++ backports-3.18.1-1/drivers/media/pci/ivtv/ivtv-driver.c 2014-12-28 14:10:09.528888772 +0100
91@@ -83,7 +83,7 @@
92 MODULE_DEVICE_TABLE(pci,ivtv_pci_tbl);
93
94 /* ivtv instance counter */
95-static atomic_t ivtv_instance = ATOMIC_INIT(0);
96+static atomic_unchecked_t ivtv_instance = ATOMIC_INIT(0);
97
98 /* Parameter declarations */
99 static int cardtype[IVTV_MAX_CARDS];
100diff -Naur backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-core.c backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-core.c
101--- backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-core.c 2014-12-21 22:37:13.000000000 +0100
102+++ backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-core.c 2014-12-28 14:10:09.528888772 +0100
103@@ -424,7 +424,7 @@
104
105 static int solo_sysfs_init(struct solo_dev *solo_dev)
106 {
107- struct bin_attribute *sdram_attr = &solo_dev->sdram_attr;
108+ bin_attribute_no_const *sdram_attr = &solo_dev->sdram_attr;
109 struct device *dev = &solo_dev->dev;
110 const char *driver;
111 int i;
112diff -Naur backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-g723.c backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-g723.c
113--- backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-g723.c 2014-12-21 22:37:13.000000000 +0100
114+++ backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-g723.c 2014-12-28 14:10:09.528888772 +0100
115@@ -351,7 +351,7 @@
116
117 int solo_g723_init(struct solo_dev *solo_dev)
118 {
119- static struct snd_device_ops ops = { NULL };
120+ static struct snd_device_ops ops = { };
121 struct snd_card *card;
122 struct snd_kcontrol_new kctl;
123 char name[32];
124diff -Naur backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10.h backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10.h
125--- backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10.h 2014-12-21 22:37:13.000000000 +0100
126+++ backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10.h 2014-12-28 14:10:09.532888798 +0100
127@@ -219,7 +219,7 @@
128
129 /* P2M DMA Engine */
130 struct solo_p2m_dev p2m_dev[SOLO_NR_P2M];
131- atomic_t p2m_count;
132+ atomic_unchecked_t p2m_count;
133 int p2m_jiffies;
134 unsigned int p2m_timeouts;
135
136diff -Naur backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-p2m.c backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-p2m.c
137--- backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-p2m.c 2014-12-21 22:37:13.000000000 +0100
138+++ backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-p2m.c 2014-12-28 14:10:09.532888798 +0100
139@@ -73,7 +73,7 @@
140
141 /* Get next ID. According to Softlogic, 6110 has problems on !=0 P2M */
142 if (solo_dev->type != SOLO_DEV_6110 && multi_p2m) {
143- p2m_id = atomic_inc_return(&solo_dev->p2m_count) % SOLO_NR_P2M;
144+ p2m_id = atomic_inc_return_unchecked(&solo_dev->p2m_count) % SOLO_NR_P2M;
145 if (p2m_id < 0)
146 p2m_id = -p2m_id;
147 }
148diff -Naur backports-3.18.1-1.org/drivers/media/platform/omap/omap_vout.c backports-3.18.1-1/drivers/media/platform/omap/omap_vout.c
149--- backports-3.18.1-1.org/drivers/media/platform/omap/omap_vout.c 2014-12-21 22:37:13.000000000 +0100
150+++ backports-3.18.1-1/drivers/media/platform/omap/omap_vout.c 2014-12-28 14:10:09.532888798 +0100
151@@ -63,7 +63,6 @@
152 OMAP_VIDEO2,
153 };
154
155-static struct videobuf_queue_ops video_vbq_ops;
156 /* Variables configurable through module params*/
157 static u32 video1_numbuffers = 3;
158 static u32 video2_numbuffers = 3;
159@@ -1012,6 +1011,12 @@
160 {
161 struct videobuf_queue *q;
162 struct omap_vout_device *vout = NULL;
163+ static struct videobuf_queue_ops video_vbq_ops = {
164+ .buf_setup = omap_vout_buffer_setup,
165+ .buf_prepare = omap_vout_buffer_prepare,
166+ .buf_release = omap_vout_buffer_release,
167+ .buf_queue = omap_vout_buffer_queue,
168+ };
169
170 vout = video_drvdata(file);
171 v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__);
172@@ -1029,10 +1034,6 @@
173 vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT;
174
175 q = &vout->vbq;
176- video_vbq_ops.buf_setup = omap_vout_buffer_setup;
177- video_vbq_ops.buf_prepare = omap_vout_buffer_prepare;
178- video_vbq_ops.buf_release = omap_vout_buffer_release;
179- video_vbq_ops.buf_queue = omap_vout_buffer_queue;
180 spin_lock_init(&vout->vbq_lock);
181
182 videobuf_queue_dma_contig_init(q, &video_vbq_ops, q->dev,
183diff -Naur backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_grp_layer.c backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_grp_layer.c
184--- backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_grp_layer.c 2014-12-21 22:37:13.000000000 +0100
185+++ backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_grp_layer.c 2014-12-28 14:10:09.532888798 +0100
186@@ -235,7 +235,7 @@
187 {
188 struct mxr_layer *layer;
189 int ret;
190- struct mxr_layer_ops ops = {
191+ static struct mxr_layer_ops ops = {
192 .release = mxr_graph_layer_release,
193 .buffer_set = mxr_graph_buffer_set,
194 .stream_set = mxr_graph_stream_set,
195diff -Naur backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer.h backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer.h
196--- backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer.h 2014-12-21 22:37:13.000000000 +0100
197+++ backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer.h 2014-12-28 14:10:09.532888798 +0100
198@@ -156,7 +156,7 @@
199 /** layer index (unique identifier) */
200 int idx;
201 /** callbacks for layer methods */
202- struct mxr_layer_ops ops;
203+ struct mxr_layer_ops *ops;
204 /** format array */
205 const struct mxr_format **fmt_array;
206 /** size of format array */
207diff -Naur backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_reg.c backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_reg.c
208--- backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_reg.c 2014-12-21 22:37:13.000000000 +0100
209+++ backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_reg.c 2014-12-28 14:10:09.532888798 +0100
210@@ -276,7 +276,7 @@
211 layer->update_buf = next;
212 }
213
214- layer->ops.buffer_set(layer, layer->update_buf);
215+ layer->ops->buffer_set(layer, layer->update_buf);
216
217 if (done && done != layer->shadow_buf)
218 vb2_buffer_done(&done->vb, VB2_BUF_STATE_DONE);
219diff -Naur backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_video.c backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_video.c
220--- backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_video.c 2014-12-21 22:37:13.000000000 +0100
221+++ backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_video.c 2014-12-28 14:10:09.532888798 +0100
222@@ -210,7 +210,7 @@
223 layer->geo.src.height = layer->geo.src.full_height;
224
225 mxr_geometry_dump(mdev, &layer->geo);
226- layer->ops.fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
227+ layer->ops->fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
228 mxr_geometry_dump(mdev, &layer->geo);
229 }
230
231@@ -228,7 +228,7 @@
232 layer->geo.dst.full_width = mbus_fmt.width;
233 layer->geo.dst.full_height = mbus_fmt.height;
234 layer->geo.dst.field = mbus_fmt.field;
235- layer->ops.fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
236+ layer->ops->fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
237
238 mxr_geometry_dump(mdev, &layer->geo);
239 }
240@@ -334,7 +334,7 @@
241 /* set source size to highest accepted value */
242 geo->src.full_width = max(geo->dst.full_width, pix->width);
243 geo->src.full_height = max(geo->dst.full_height, pix->height);
244- layer->ops.fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
245+ layer->ops->fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
246 mxr_geometry_dump(mdev, &layer->geo);
247 /* set cropping to total visible screen */
248 geo->src.width = pix->width;
249@@ -342,12 +342,12 @@
250 geo->src.x_offset = 0;
251 geo->src.y_offset = 0;
252 /* assure consistency of geometry */
253- layer->ops.fix_geometry(layer, MXR_GEOMETRY_CROP, MXR_NO_OFFSET);
254+ layer->ops->fix_geometry(layer, MXR_GEOMETRY_CROP, MXR_NO_OFFSET);
255 mxr_geometry_dump(mdev, &layer->geo);
256 /* set full size to lowest possible value */
257 geo->src.full_width = 0;
258 geo->src.full_height = 0;
259- layer->ops.fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
260+ layer->ops->fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
261 mxr_geometry_dump(mdev, &layer->geo);
262
263 /* returning results */
264@@ -474,7 +474,7 @@
265 target->width = s->r.width;
266 target->height = s->r.height;
267
268- layer->ops.fix_geometry(layer, stage, s->flags);
269+ layer->ops->fix_geometry(layer, stage, s->flags);
270
271 /* retrieve update selection rectangle */
272 res.left = target->x_offset;
273@@ -954,13 +954,13 @@
274 mxr_output_get(mdev);
275
276 mxr_layer_update_output(layer);
277- layer->ops.format_set(layer);
278+ layer->ops->format_set(layer);
279 /* enabling layer in hardware */
280 spin_lock_irqsave(&layer->enq_slock, flags);
281 layer->state = MXR_LAYER_STREAMING;
282 spin_unlock_irqrestore(&layer->enq_slock, flags);
283
284- layer->ops.stream_set(layer, MXR_ENABLE);
285+ layer->ops->stream_set(layer, MXR_ENABLE);
286 mxr_streamer_get(mdev);
287
288 return 0;
289@@ -1030,7 +1030,7 @@
290 spin_unlock_irqrestore(&layer->enq_slock, flags);
291
292 /* disabling layer in hardware */
293- layer->ops.stream_set(layer, MXR_DISABLE);
294+ layer->ops->stream_set(layer, MXR_DISABLE);
295 /* remove one streamer */
296 mxr_streamer_put(mdev);
297 /* allow changes in output configuration */
298@@ -1068,8 +1068,8 @@
299
300 void mxr_layer_release(struct mxr_layer *layer)
301 {
302- if (layer->ops.release)
303- layer->ops.release(layer);
304+ if (layer->ops->release)
305+ layer->ops->release(layer);
306 }
307
308 void mxr_base_layer_release(struct mxr_layer *layer)
309@@ -1095,7 +1095,7 @@
310
311 layer->mdev = mdev;
312 layer->idx = idx;
313- layer->ops = *ops;
314+ layer->ops = ops;
315
316 spin_lock_init(&layer->enq_slock);
317 INIT_LIST_HEAD(&layer->enq_list);
318diff -Naur backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_vp_layer.c backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_vp_layer.c
319--- backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_vp_layer.c 2014-12-21 22:37:13.000000000 +0100
320+++ backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_vp_layer.c 2014-12-28 14:10:09.532888798 +0100
321@@ -206,7 +206,7 @@
322 {
323 struct mxr_layer *layer;
324 int ret;
325- struct mxr_layer_ops ops = {
326+ static struct mxr_layer_ops ops = {
327 .release = mxr_vp_layer_release,
328 .buffer_set = mxr_vp_buffer_set,
329 .stream_set = mxr_vp_stream_set,
330diff -Naur backports-3.18.1-1.org/drivers/media/radio/radio-cadet.c backports-3.18.1-1/drivers/media/radio/radio-cadet.c
331--- backports-3.18.1-1.org/drivers/media/radio/radio-cadet.c 2014-12-21 22:37:13.000000000 +0100
332+++ backports-3.18.1-1/drivers/media/radio/radio-cadet.c 2014-12-28 14:10:09.532888798 +0100
333@@ -333,6 +333,8 @@
334 unsigned char readbuf[RDS_BUFFER];
335 int i = 0;
336
337+ if (count > RDS_BUFFER)
338+ return -EFAULT;
339 mutex_lock(&dev->lock);
340 if (dev->rdsstat == 0)
341 cadet_start_rds(dev);
342@@ -349,8 +351,9 @@
343 readbuf[i++] = dev->rdsbuf[dev->rdsout++];
344 mutex_unlock(&dev->lock);
345
346- if (i && copy_to_user(data, readbuf, i))
347- return -EFAULT;
348+ if (i > sizeof(readbuf) || (i && copy_to_user(data, readbuf, i)))
349+ i = -EFAULT;
350+
351 return i;
352 }
353
354diff -Naur backports-3.18.1-1.org/drivers/media/radio/radio-maxiradio.c backports-3.18.1-1/drivers/media/radio/radio-maxiradio.c
355--- backports-3.18.1-1.org/drivers/media/radio/radio-maxiradio.c 2014-12-21 22:37:13.000000000 +0100
356+++ backports-3.18.1-1/drivers/media/radio/radio-maxiradio.c 2014-12-28 14:10:09.532888798 +0100
357@@ -61,7 +61,7 @@
358 /* TEA5757 pin mappings */
359 static const int clk = 1, data = 2, wren = 4, mo_st = 8, power = 16;
360
361-static atomic_t maxiradio_instance = ATOMIC_INIT(0);
362+static atomic_unchecked_t maxiradio_instance = ATOMIC_INIT(0);
363
364 #define PCI_VENDOR_ID_GUILLEMOT 0x5046
365 #define PCI_DEVICE_ID_GUILLEMOT_MAXIRADIO 0x1001
366diff -Naur backports-3.18.1-1.org/drivers/media/radio/radio-shark2.c backports-3.18.1-1/drivers/media/radio/radio-shark2.c
367--- backports-3.18.1-1.org/drivers/media/radio/radio-shark2.c 2014-12-21 22:37:13.000000000 +0100
368+++ backports-3.18.1-1/drivers/media/radio/radio-shark2.c 2014-12-28 14:10:09.532888798 +0100
369@@ -74,7 +74,7 @@
370 u8 *transfer_buffer;
371 };
372
373-static atomic_t shark_instance = ATOMIC_INIT(0);
374+static atomic_unchecked_t shark_instance = ATOMIC_INIT(0);
375
376 static int shark_write_reg(struct radio_tea5777 *tea, u64 reg)
377 {
378diff -Naur backports-3.18.1-1.org/drivers/media/radio/radio-shark.c backports-3.18.1-1/drivers/media/radio/radio-shark.c
379--- backports-3.18.1-1.org/drivers/media/radio/radio-shark.c 2014-12-21 22:37:13.000000000 +0100
380+++ backports-3.18.1-1/drivers/media/radio/radio-shark.c 2014-12-28 14:10:09.532888798 +0100
381@@ -79,7 +79,7 @@
382 u32 last_val;
383 };
384
385-static atomic_t shark_instance = ATOMIC_INIT(0);
386+static atomic_unchecked_t shark_instance = ATOMIC_INIT(0);
387
388 static void shark_write_val(struct snd_tea575x *tea, u32 val)
389 {
390diff -Naur backports-3.18.1-1.org/drivers/media/radio/radio-si476x.c backports-3.18.1-1/drivers/media/radio/radio-si476x.c
391--- backports-3.18.1-1.org/drivers/media/radio/radio-si476x.c 2014-12-21 22:37:13.000000000 +0100
392+++ backports-3.18.1-1/drivers/media/radio/radio-si476x.c 2014-12-28 14:10:09.532888798 +0100
393@@ -1445,7 +1445,7 @@
394 struct si476x_radio *radio;
395 struct v4l2_ctrl *ctrl;
396
397- static atomic_t instance = ATOMIC_INIT(0);
398+ static atomic_unchecked_t instance = ATOMIC_INIT(0);
399
400 radio = devm_kzalloc(&pdev->dev, sizeof(*radio), GFP_KERNEL);
401 if (!radio)
402diff -Naur backports-3.18.1-1.org/drivers/media/usb/dvb-usb/cinergyT2-core.c backports-3.18.1-1/drivers/media/usb/dvb-usb/cinergyT2-core.c
403--- backports-3.18.1-1.org/drivers/media/usb/dvb-usb/cinergyT2-core.c 2014-12-21 22:37:14.000000000 +0100
404+++ backports-3.18.1-1/drivers/media/usb/dvb-usb/cinergyT2-core.c 2014-12-28 14:10:09.532888798 +0100
405@@ -50,29 +50,73 @@
406
407 static int cinergyt2_streaming_ctrl(struct dvb_usb_adapter *adap, int enable)
408 {
409- char buf[] = { CINERGYT2_EP1_CONTROL_STREAM_TRANSFER, enable ? 1 : 0 };
410- char result[64];
411- return dvb_usb_generic_rw(adap->dev, buf, sizeof(buf), result,
412- sizeof(result), 0);
413+ char *buf;
414+ char *result;
415+ int retval;
416+
417+ buf = kmalloc(2, GFP_KERNEL);
418+ if (buf == NULL)
419+ return -ENOMEM;
420+ result = kmalloc(64, GFP_KERNEL);
421+ if (result == NULL) {
422+ kfree(buf);
423+ return -ENOMEM;
424+ }
425+
426+ buf[0] = CINERGYT2_EP1_CONTROL_STREAM_TRANSFER;
427+ buf[1] = enable ? 1 : 0;
428+
429+ retval = dvb_usb_generic_rw(adap->dev, buf, 2, result, 64, 0);
430+
431+ kfree(buf);
432+ kfree(result);
433+ return retval;
434 }
435
436 static int cinergyt2_power_ctrl(struct dvb_usb_device *d, int enable)
437 {
438- char buf[] = { CINERGYT2_EP1_SLEEP_MODE, enable ? 0 : 1 };
439- char state[3];
440- return dvb_usb_generic_rw(d, buf, sizeof(buf), state, sizeof(state), 0);
441+ char *buf;
442+ char *state;
443+ int retval;
444+
445+ buf = kmalloc(2, GFP_KERNEL);
446+ if (buf == NULL)
447+ return -ENOMEM;
448+ state = kmalloc(3, GFP_KERNEL);
449+ if (state == NULL) {
450+ kfree(buf);
451+ return -ENOMEM;
452+ }
453+
454+ buf[0] = CINERGYT2_EP1_SLEEP_MODE;
455+ buf[1] = enable ? 1 : 0;
456+
457+ retval = dvb_usb_generic_rw(d, buf, 2, state, 3, 0);
458+
459+ kfree(buf);
460+ kfree(state);
461+ return retval;
462 }
463
464 static int cinergyt2_frontend_attach(struct dvb_usb_adapter *adap)
465 {
466- char query[] = { CINERGYT2_EP1_GET_FIRMWARE_VERSION };
467- char state[3];
468+ char *query;
469+ char *state;
470 int ret;
471+ query = kmalloc(1, GFP_KERNEL);
472+ if (query == NULL)
473+ return -ENOMEM;
474+ state = kmalloc(3, GFP_KERNEL);
475+ if (state == NULL) {
476+ kfree(query);
477+ return -ENOMEM;
478+ }
479+
480+ query[0] = CINERGYT2_EP1_GET_FIRMWARE_VERSION;
481
482 adap->fe_adap[0].fe = cinergyt2_fe_attach(adap->dev);
483
484- ret = dvb_usb_generic_rw(adap->dev, query, sizeof(query), state,
485- sizeof(state), 0);
486+ ret = dvb_usb_generic_rw(adap->dev, query, 1, state, 3, 0);
487 if (ret < 0) {
488 deb_rc("cinergyt2_power_ctrl() Failed to retrieve sleep "
489 "state info\n");
490@@ -80,7 +124,8 @@
491
492 /* Copy this pointer as we are gonna need it in the release phase */
493 cinergyt2_usb_device = adap->dev;
494-
495+ kfree(query);
496+ kfree(state);
497 return 0;
498 }
499
500@@ -141,12 +186,23 @@
501 static int cinergyt2_rc_query(struct dvb_usb_device *d, u32 *event, int *state)
502 {
503 struct cinergyt2_state *st = d->priv;
504- u8 key[5] = {0, 0, 0, 0, 0}, cmd = CINERGYT2_EP1_GET_RC_EVENTS;
505+ u8 *key, *cmd;
506 int i;
507
508+ cmd = kmalloc(1, GFP_KERNEL);
509+ if (cmd == NULL)
510+ return -EINVAL;
511+ key = kzalloc(5, GFP_KERNEL);
512+ if (key == NULL) {
513+ kfree(cmd);
514+ return -EINVAL;
515+ }
516+
517+ cmd[0] = CINERGYT2_EP1_GET_RC_EVENTS;
518+
519 *state = REMOTE_NO_KEY_PRESSED;
520
521- dvb_usb_generic_rw(d, &cmd, 1, key, sizeof(key), 0);
522+ dvb_usb_generic_rw(d, cmd, 1, key, 5, 0);
523 if (key[4] == 0xff) {
524 /* key repeat */
525 st->rc_counter++;
526@@ -157,12 +213,12 @@
527 *event = d->last_event;
528 deb_rc("repeat key, event %x\n",
529 *event);
530- return 0;
531+ goto out;
532 }
533 }
534 deb_rc("repeated key (non repeatable)\n");
535 }
536- return 0;
537+ goto out;
538 }
539
540 /* hack to pass checksum on the custom field */
541@@ -174,6 +230,9 @@
542
543 deb_rc("key: %*ph\n", 5, key);
544 }
545+out:
546+ kfree(cmd);
547+ kfree(key);
548 return 0;
549 }
550
551diff -Naur backports-3.18.1-1.org/drivers/media/usb/dvb-usb/cinergyT2-fe.c backports-3.18.1-1/drivers/media/usb/dvb-usb/cinergyT2-fe.c
552--- backports-3.18.1-1.org/drivers/media/usb/dvb-usb/cinergyT2-fe.c 2014-12-21 22:37:14.000000000 +0100
553+++ backports-3.18.1-1/drivers/media/usb/dvb-usb/cinergyT2-fe.c 2014-12-28 14:10:09.532888798 +0100
554@@ -145,103 +145,176 @@
555 fe_status_t *status)
556 {
557 struct cinergyt2_fe_state *state = fe->demodulator_priv;
558- struct dvbt_get_status_msg result;
559- u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
560+ struct dvbt_get_status_msg *result;
561+ u8 *cmd;
562 int ret;
563
564- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&result,
565- sizeof(result), 0);
566+ cmd = kmalloc(1, GFP_KERNEL);
567+ if (cmd == NULL)
568+ return -ENOMEM;
569+ result = kmalloc(sizeof(*result), GFP_KERNEL);
570+ if (result == NULL) {
571+ kfree(cmd);
572+ return -ENOMEM;
573+ }
574+
575+ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
576+
577+ ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)result,
578+ sizeof(*result), 0);
579 if (ret < 0)
580- return ret;
581+ goto out;
582
583 *status = 0;
584
585- if (0xffff - le16_to_cpu(result.gain) > 30)
586+ if (0xffff - le16_to_cpu(result->gain) > 30)
587 *status |= FE_HAS_SIGNAL;
588- if (result.lock_bits & (1 << 6))
589+ if (result->lock_bits & (1 << 6))
590 *status |= FE_HAS_LOCK;
591- if (result.lock_bits & (1 << 5))
592+ if (result->lock_bits & (1 << 5))
593 *status |= FE_HAS_SYNC;
594- if (result.lock_bits & (1 << 4))
595+ if (result->lock_bits & (1 << 4))
596 *status |= FE_HAS_CARRIER;
597- if (result.lock_bits & (1 << 1))
598+ if (result->lock_bits & (1 << 1))
599 *status |= FE_HAS_VITERBI;
600
601 if ((*status & (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC)) !=
602 (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC))
603 *status &= ~FE_HAS_LOCK;
604
605- return 0;
606+out:
607+ kfree(cmd);
608+ kfree(result);
609+ return ret;
610 }
611
612 static int cinergyt2_fe_read_ber(struct dvb_frontend *fe, u32 *ber)
613 {
614 struct cinergyt2_fe_state *state = fe->demodulator_priv;
615- struct dvbt_get_status_msg status;
616- char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
617+ struct dvbt_get_status_msg *status;
618+ char *cmd;
619 int ret;
620
621- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
622- sizeof(status), 0);
623+ cmd = kmalloc(1, GFP_KERNEL);
624+ if (cmd == NULL)
625+ return -ENOMEM;
626+ status = kmalloc(sizeof(*status), GFP_KERNEL);
627+ if (status == NULL) {
628+ kfree(cmd);
629+ return -ENOMEM;
630+ }
631+
632+ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
633+
634+ ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
635+ sizeof(*status), 0);
636 if (ret < 0)
637- return ret;
638+ goto out;
639
640- *ber = le32_to_cpu(status.viterbi_error_rate);
641+ *ber = le32_to_cpu(status->viterbi_error_rate);
642+out:
643+ kfree(cmd);
644+ kfree(status);
645 return 0;
646 }
647
648 static int cinergyt2_fe_read_unc_blocks(struct dvb_frontend *fe, u32 *unc)
649 {
650 struct cinergyt2_fe_state *state = fe->demodulator_priv;
651- struct dvbt_get_status_msg status;
652- u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
653+ struct dvbt_get_status_msg *status;
654+ u8 *cmd;
655 int ret;
656
657- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&status,
658- sizeof(status), 0);
659+ cmd = kmalloc(1, GFP_KERNEL);
660+ if (cmd == NULL)
661+ return -ENOMEM;
662+ status = kmalloc(sizeof(*status), GFP_KERNEL);
663+ if (status == NULL) {
664+ kfree(cmd);
665+ return -ENOMEM;
666+ }
667+
668+ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
669+
670+ ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)status,
671+ sizeof(*status), 0);
672 if (ret < 0) {
673 err("cinergyt2_fe_read_unc_blocks() Failed! (Error=%d)\n",
674 ret);
675- return ret;
676+ goto out;
677 }
678- *unc = le32_to_cpu(status.uncorrected_block_count);
679- return 0;
680+ *unc = le32_to_cpu(status->uncorrected_block_count);
681+
682+out:
683+ kfree(cmd);
684+ kfree(status);
685+ return ret;
686 }
687
688 static int cinergyt2_fe_read_signal_strength(struct dvb_frontend *fe,
689 u16 *strength)
690 {
691 struct cinergyt2_fe_state *state = fe->demodulator_priv;
692- struct dvbt_get_status_msg status;
693- char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
694+ struct dvbt_get_status_msg *status;
695+ char *cmd;
696 int ret;
697
698- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
699- sizeof(status), 0);
700+ cmd = kmalloc(1, GFP_KERNEL);
701+ if (cmd == NULL)
702+ return -ENOMEM;
703+ status = kmalloc(sizeof(*status), GFP_KERNEL);
704+ if (status == NULL) {
705+ kfree(cmd);
706+ return -ENOMEM;
707+ }
708+
709+ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
710+
711+ ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
712+ sizeof(*status), 0);
713 if (ret < 0) {
714 err("cinergyt2_fe_read_signal_strength() Failed!"
715 " (Error=%d)\n", ret);
716- return ret;
717+ goto out;
718 }
719- *strength = (0xffff - le16_to_cpu(status.gain));
720+ *strength = (0xffff - le16_to_cpu(status->gain));
721+
722+out:
723+ kfree(cmd);
724+ kfree(status);
725 return 0;
726 }
727
728 static int cinergyt2_fe_read_snr(struct dvb_frontend *fe, u16 *snr)
729 {
730 struct cinergyt2_fe_state *state = fe->demodulator_priv;
731- struct dvbt_get_status_msg status;
732- char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
733+ struct dvbt_get_status_msg *status;
734+ char *cmd;
735 int ret;
736
737- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
738- sizeof(status), 0);
739+ cmd = kmalloc(1, GFP_KERNEL);
740+ if (cmd == NULL)
741+ return -ENOMEM;
742+ status = kmalloc(sizeof(*status), GFP_KERNEL);
743+ if (status == NULL) {
744+ kfree(cmd);
745+ return -ENOMEM;
746+ }
747+
748+ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
749+
750+ ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
751+ sizeof(*status), 0);
752 if (ret < 0) {
753 err("cinergyt2_fe_read_snr() Failed! (Error=%d)\n", ret);
754- return ret;
755+ goto out;
756 }
757- *snr = (status.snr << 8) | status.snr;
758- return 0;
759+ *snr = (status->snr << 8) | status->snr;
760+
761+out:
762+ kfree(cmd);
763+ kfree(status);
764+ return ret;
765 }
766
767 static int cinergyt2_fe_init(struct dvb_frontend *fe)
768@@ -266,35 +339,46 @@
769 {
770 struct dtv_frontend_properties *fep = &fe->dtv_property_cache;
771 struct cinergyt2_fe_state *state = fe->demodulator_priv;
772- struct dvbt_set_parameters_msg param;
773- char result[2];
774+ struct dvbt_set_parameters_msg *param;
775+ char *result;
776 int err;
777
778- param.cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS;
779- param.tps = cpu_to_le16(compute_tps(fep));
780- param.freq = cpu_to_le32(fep->frequency / 1000);
781- param.flags = 0;
782+ result = kmalloc(2, GFP_KERNEL);
783+ if (result == NULL)
784+ return -ENOMEM;
785+ param = kmalloc(sizeof(*param), GFP_KERNEL);
786+ if (param == NULL) {
787+ kfree(result);
788+ return -ENOMEM;
789+ }
790+
791+ param->cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS;
792+ param->tps = cpu_to_le16(compute_tps(fep));
793+ param->freq = cpu_to_le32(fep->frequency / 1000);
794+ param->flags = 0;
795
796 switch (fep->bandwidth_hz) {
797 default:
798 case 8000000:
799- param.bandwidth = 8;
800+ param->bandwidth = 8;
801 break;
802 case 7000000:
803- param.bandwidth = 7;
804+ param->bandwidth = 7;
805 break;
806 case 6000000:
807- param.bandwidth = 6;
808+ param->bandwidth = 6;
809 break;
810 }
811
812 err = dvb_usb_generic_rw(state->d,
813- (char *)&param, sizeof(param),
814- result, sizeof(result), 0);
815+ (char *)param, sizeof(*param),
816+ result, 2, 0);
817 if (err < 0)
818 err("cinergyt2_fe_set_frontend() Failed! err=%d\n", err);
819
820- return (err < 0) ? err : 0;
821+ kfree(result);
822+ kfree(param);
823+ return err;
824 }
825
826 static void cinergyt2_fe_release(struct dvb_frontend *fe)
827diff -Naur backports-3.18.1-1.org/drivers/media/usb/dvb-usb/dvb-usb-firmware.c backports-3.18.1-1/drivers/media/usb/dvb-usb/dvb-usb-firmware.c
828--- backports-3.18.1-1.org/drivers/media/usb/dvb-usb/dvb-usb-firmware.c 2014-12-21 22:37:14.000000000 +0100
829+++ backports-3.18.1-1/drivers/media/usb/dvb-usb/dvb-usb-firmware.c 2014-12-28 14:10:09.532888798 +0100
830@@ -35,42 +35,57 @@
831
832 int usb_cypress_load_firmware(struct usb_device *udev, const struct firmware *fw, int type)
833 {
834- struct hexline hx;
835- u8 reset;
836+ struct hexline *hx;
837+ u8 *reset;
838 int ret,pos=0;
839
840+ reset = kmalloc(1, GFP_KERNEL);
841+ if (reset == NULL)
842+ return -ENOMEM;
843+
844+ hx = kmalloc(sizeof(struct hexline), GFP_KERNEL);
845+ if (hx == NULL) {
846+ kfree(reset);
847+ return -ENOMEM;
848+ }
849+
850 /* stop the CPU */
851- reset = 1;
852- if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1)) != 1)
853+ reset[0] = 1;
854+ if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1)) != 1)
855 err("could not stop the USB controller CPU.");
856
857- while ((ret = dvb_usb_get_hexline(fw,&hx,&pos)) > 0) {
858- deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx.addr,hx.len,hx.chk);
859- ret = usb_cypress_writemem(udev,hx.addr,hx.data,hx.len);
860+ while ((ret = dvb_usb_get_hexline(fw,hx,&pos)) > 0) {
861+ deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx->addr,hx->len,hx->chk);
862+ ret = usb_cypress_writemem(udev,hx->addr,hx->data,hx->len);
863
864- if (ret != hx.len) {
865+ if (ret != hx->len) {
866 err("error while transferring firmware "
867 "(transferred size: %d, block size: %d)",
868- ret,hx.len);
869+ ret,hx->len);
870 ret = -EINVAL;
871 break;
872 }
873 }
874 if (ret < 0) {
875 err("firmware download failed at %d with %d",pos,ret);
876+ kfree(reset);
877+ kfree(hx);
878 return ret;
879 }
880
881 if (ret == 0) {
882 /* restart the CPU */
883- reset = 0;
884- if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1) != 1) {
885+ reset[0] = 0;
886+ if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1) != 1) {
887 err("could not restart the USB controller CPU.");
888 ret = -EINVAL;
889 }
890 } else
891 ret = -EIO;
892
893+ kfree(reset);
894+ kfree(hx);
895+
896 return ret;
897 }
898 EXPORT_SYMBOL(usb_cypress_load_firmware);
899diff -Naur backports-3.18.1-1.org/drivers/media/usb/dvb-usb/dw2102.c backports-3.18.1-1/drivers/media/usb/dvb-usb/dw2102.c
900--- backports-3.18.1-1.org/drivers/media/usb/dvb-usb/dw2102.c 2014-12-21 22:37:14.000000000 +0100
901+++ backports-3.18.1-1/drivers/media/usb/dvb-usb/dw2102.c 2014-12-28 14:10:09.536888811 +0100
902@@ -118,7 +118,7 @@
903
904 struct s6x0_state {
905 int (*old_set_voltage)(struct dvb_frontend *f, fe_sec_voltage_t v);
906-};
907+} __no_const;
908
909 /* debug */
910 static int dvb_usb_dw2102_debug;
911diff -Naur backports-3.18.1-1.org/drivers/media/usb/dvb-usb/technisat-usb2.c backports-3.18.1-1/drivers/media/usb/dvb-usb/technisat-usb2.c
912--- backports-3.18.1-1.org/drivers/media/usb/dvb-usb/technisat-usb2.c 2014-12-21 22:37:14.000000000 +0100
913+++ backports-3.18.1-1/drivers/media/usb/dvb-usb/technisat-usb2.c 2014-12-28 14:10:09.536888811 +0100
914@@ -87,8 +87,11 @@
915 static int technisat_usb2_i2c_access(struct usb_device *udev,
916 u8 device_addr, u8 *tx, u8 txlen, u8 *rx, u8 rxlen)
917 {
918- u8 b[64];
919- int ret, actual_length;
920+ u8 *b = kmalloc(64, GFP_KERNEL);
921+ int ret, actual_length, error = 0;
922+
923+ if (b == NULL)
924+ return -ENOMEM;
925
926 deb_i2c("i2c-access: %02x, tx: ", device_addr);
927 debug_dump(tx, txlen, deb_i2c);
928@@ -121,7 +124,8 @@
929
930 if (ret < 0) {
931 err("i2c-error: out failed %02x = %d", device_addr, ret);
932- return -ENODEV;
933+ error = -ENODEV;
934+ goto out;
935 }
936
937 ret = usb_bulk_msg(udev,
938@@ -129,7 +133,8 @@
939 b, 64, &actual_length, 1000);
940 if (ret < 0) {
941 err("i2c-error: in failed %02x = %d", device_addr, ret);
942- return -ENODEV;
943+ error = -ENODEV;
944+ goto out;
945 }
946
947 if (b[0] != I2C_STATUS_OK) {
948@@ -137,8 +142,10 @@
949 /* handle tuner-i2c-nak */
950 if (!(b[0] == I2C_STATUS_NAK &&
951 device_addr == 0x60
952- /* && device_is_technisat_usb2 */))
953- return -ENODEV;
954+ /* && device_is_technisat_usb2 */)) {
955+ error = -ENODEV;
956+ goto out;
957+ }
958 }
959
960 deb_i2c("status: %d, ", b[0]);
961@@ -152,7 +159,9 @@
962
963 deb_i2c("\n");
964
965- return 0;
966+out:
967+ kfree(b);
968+ return error;
969 }
970
971 static int technisat_usb2_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msg,
972@@ -224,14 +233,16 @@
973 {
974 int ret;
975
976- u8 led[8] = {
977- red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
978- 0
979- };
980+ u8 *led = kzalloc(8, GFP_KERNEL);
981+
982+ if (led == NULL)
983+ return -ENOMEM;
984
985 if (disable_led_control && state != TECH_LED_OFF)
986 return 0;
987
988+ led[0] = red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST;
989+
990 switch (state) {
991 case TECH_LED_ON:
992 led[1] = 0x82;
993@@ -263,16 +274,22 @@
994 red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
995 USB_TYPE_VENDOR | USB_DIR_OUT,
996 0, 0,
997- led, sizeof(led), 500);
998+ led, 8, 500);
999
1000 mutex_unlock(&d->i2c_mutex);
1001+
1002+ kfree(led);
1003+
1004 return ret;
1005 }
1006
1007 static int technisat_usb2_set_led_timer(struct dvb_usb_device *d, u8 red, u8 green)
1008 {
1009 int ret;
1010- u8 b = 0;
1011+ u8 *b = kzalloc(1, GFP_KERNEL);
1012+
1013+ if (b == NULL)
1014+ return -ENOMEM;
1015
1016 if (mutex_lock_interruptible(&d->i2c_mutex) < 0)
1017 return -EAGAIN;
1018@@ -281,10 +298,12 @@
1019 SET_LED_TIMER_DIVIDER_VENDOR_REQUEST,
1020 USB_TYPE_VENDOR | USB_DIR_OUT,
1021 (red << 8) | green, 0,
1022- &b, 1, 500);
1023+ b, 1, 500);
1024
1025 mutex_unlock(&d->i2c_mutex);
1026
1027+ kfree(b);
1028+
1029 return ret;
1030 }
1031
1032@@ -328,7 +347,7 @@
1033 struct dvb_usb_device_description **desc, int *cold)
1034 {
1035 int ret;
1036- u8 version[3];
1037+ u8 *version = kmalloc(3, GFP_KERNEL);
1038
1039 /* first select the interface */
1040 if (usb_set_interface(udev, 0, 1) != 0)
1041@@ -338,11 +357,14 @@
1042
1043 *cold = 0; /* by default do not download a firmware - just in case something is wrong */
1044
1045+ if (version == NULL)
1046+ return 0;
1047+
1048 ret = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
1049 GET_VERSION_INFO_VENDOR_REQUEST,
1050 USB_TYPE_VENDOR | USB_DIR_IN,
1051 0, 0,
1052- version, sizeof(version), 500);
1053+ version, 3, 500);
1054
1055 if (ret < 0)
1056 *cold = 1;
1057@@ -351,6 +373,8 @@
1058 *cold = 0;
1059 }
1060
1061+ kfree(version);
1062+
1063 return 0;
1064 }
1065
1066@@ -591,10 +615,15 @@
1067
1068 static int technisat_usb2_get_ir(struct dvb_usb_device *d)
1069 {
1070- u8 buf[62], *b;
1071+ u8 *buf, *b;
1072 int ret;
1073 struct ir_raw_event ev;
1074
1075+ buf = kmalloc(62, GFP_KERNEL);
1076+
1077+ if (buf == NULL)
1078+ return -ENOMEM;
1079+
1080 buf[0] = GET_IR_DATA_VENDOR_REQUEST;
1081 buf[1] = 0x08;
1082 buf[2] = 0x8f;
1083@@ -617,16 +646,20 @@
1084 GET_IR_DATA_VENDOR_REQUEST,
1085 USB_TYPE_VENDOR | USB_DIR_IN,
1086 0x8080, 0,
1087- buf, sizeof(buf), 500);
1088+ buf, 62, 500);
1089
1090 unlock:
1091 mutex_unlock(&d->i2c_mutex);
1092
1093- if (ret < 0)
1094+ if (ret < 0) {
1095+ kfree(buf);
1096 return ret;
1097+ }
1098
1099- if (ret == 1)
1100+ if (ret == 1) {
1101+ kfree(buf);
1102 return 0; /* no key pressed */
1103+ }
1104
1105 /* decoding */
1106 b = buf+1;
1107@@ -653,6 +686,8 @@
1108
1109 ir_raw_event_handle(d->rc_dev);
1110
1111+ kfree(buf);
1112+
1113 return 1;
1114 }
1115
1116diff -Naur backports-3.18.1-1.org/drivers/media/v4l2-core/v4l2-device.c backports-3.18.1-1/drivers/media/v4l2-core/v4l2-device.c
1117--- backports-3.18.1-1.org/drivers/media/v4l2-core/v4l2-device.c 2014-12-21 22:37:14.000000000 +0100
1118+++ backports-3.18.1-1/drivers/media/v4l2-core/v4l2-device.c 2014-12-28 14:10:09.536888811 +0100
1119@@ -75,9 +75,9 @@
1120 EXPORT_SYMBOL_GPL(v4l2_device_put);
1121
1122 int v4l2_device_set_name(struct v4l2_device *v4l2_dev, const char *basename,
1123- atomic_t *instance)
1124+ atomic_unchecked_t *instance)
1125 {
1126- int num = atomic_inc_return(instance) - 1;
1127+ int num = atomic_inc_return_unchecked(instance) - 1;
1128 int len = strlen(basename);
1129
1130 if (basename[len - 1] >= '0' && basename[len - 1] <= '9')
1131diff -Naur backports-3.18.1-1.org/drivers/media/v4l2-core/v4l2-ioctl.c backports-3.18.1-1/drivers/media/v4l2-core/v4l2-ioctl.c
1132--- backports-3.18.1-1.org/drivers/media/v4l2-core/v4l2-ioctl.c 2014-12-21 22:37:14.000000000 +0100
1133+++ backports-3.18.1-1/drivers/media/v4l2-core/v4l2-ioctl.c 2014-12-28 14:10:09.536888811 +0100
1134@@ -2142,7 +2142,8 @@
1135 struct file *file, void *fh, void *p);
1136 } u;
1137 void (*debug)(const void *arg, bool write_only);
1138-};
1139+} __do_const;
1140+typedef struct v4l2_ioctl_info __no_const v4l2_ioctl_info_no_const;
1141
1142 /* This control needs a priority check */
1143 #define INFO_FL_PRIO (1 << 0)
1144@@ -2326,7 +2327,7 @@
1145 struct video_device *vfd = video_devdata(file);
1146 const struct v4l2_ioctl_ops *ops = vfd->ioctl_ops;
1147 bool write_only = false;
1148- struct v4l2_ioctl_info default_info;
1149+ v4l2_ioctl_info_no_const default_info;
1150 const struct v4l2_ioctl_info *info;
1151 void *fh = file->private_data;
1152 struct v4l2_fh *vfh = NULL;
1153@@ -2413,7 +2414,7 @@
1154 ret = -EINVAL;
1155 break;
1156 }
1157- *user_ptr = (void __user *)buf->m.planes;
1158+ *user_ptr = (void __force_user *)buf->m.planes;
1159 *kernel_ptr = (void **)&buf->m.planes;
1160 *array_size = sizeof(struct v4l2_plane) * buf->length;
1161 ret = 1;
1162@@ -2430,7 +2431,7 @@
1163 ret = -EINVAL;
1164 break;
1165 }
1166- *user_ptr = (void __user *)edid->edid;
1167+ *user_ptr = (void __force_user *)edid->edid;
1168 *kernel_ptr = (void **)&edid->edid;
1169 *array_size = edid->blocks * 128;
1170 ret = 1;
1171@@ -2448,7 +2449,7 @@
1172 ret = -EINVAL;
1173 break;
1174 }
1175- *user_ptr = (void __user *)ctrls->controls;
1176+ *user_ptr = (void __force_user *)ctrls->controls;
1177 *kernel_ptr = (void **)&ctrls->controls;
1178 *array_size = sizeof(struct v4l2_ext_control)
1179 * ctrls->count;
1180@@ -2549,7 +2550,7 @@
1181 }
1182
1183 if (has_array_args) {
1184- *kernel_ptr = (void __force *)user_ptr;
1185+ *kernel_ptr = (void __force_kernel *)user_ptr;
1186 if (copy_to_user(user_ptr, mbuf, array_size))
1187 err = -EFAULT;
1188 goto out_array_args;
1189diff -Naur backports-3.18.1-1.org/drivers/net/ieee802154/fakehard.c backports-3.18.1-1/drivers/net/ieee802154/fakehard.c
1190--- backports-3.18.1-1.org/drivers/net/ieee802154/fakehard.c 2014-12-21 22:37:14.000000000 +0100
1191+++ backports-3.18.1-1/drivers/net/ieee802154/fakehard.c 2014-12-28 14:10:09.556888909 +0100
1192@@ -365,7 +365,7 @@
1193 phy->transmit_power = 0xbf;
1194
1195 dev->netdev_ops = &fake_ops;
1196- dev->ml_priv = &fake_mlme;
1197+ dev->ml_priv = (void *)&fake_mlme;
1198
1199 priv = netdev_priv(dev);
1200 priv->phy = phy;
1201diff -Naur backports-3.18.1-1.org/drivers/net/usb/sierra_net.c backports-3.18.1-1/drivers/net/usb/sierra_net.c
1202--- backports-3.18.1-1.org/drivers/net/usb/sierra_net.c 2014-12-21 22:37:14.000000000 +0100
1203+++ backports-3.18.1-1/drivers/net/usb/sierra_net.c 2014-12-28 14:10:09.560888936 +0100
1204@@ -51,7 +51,7 @@
1205 /* atomic counter partially included in MAC address to make sure 2 devices
1206 * do not end up with the same MAC - concept breaks in case of > 255 ifaces
1207 */
1208-static atomic_t iface_counter = ATOMIC_INIT(0);
1209+static atomic_unchecked_t iface_counter = ATOMIC_INIT(0);
1210
1211 /*
1212 * SYNC Timer Delay definition used to set the expiry time
1213@@ -697,7 +697,7 @@
1214 dev->net->netdev_ops = &sierra_net_device_ops;
1215
1216 /* change MAC addr to include, ifacenum, and to be unique */
1217- dev->net->dev_addr[ETH_ALEN-2] = atomic_inc_return(&iface_counter);
1218+ dev->net->dev_addr[ETH_ALEN-2] = atomic_inc_return_unchecked(&iface_counter);
1219 dev->net->dev_addr[ETH_ALEN-1] = ifacenum;
1220
1221 /* we will have to manufacture ethernet headers, prepare template */
1222diff -Naur backports-3.18.1-1.org/drivers/net/wireless/at76c50x-usb.c backports-3.18.1-1/drivers/net/wireless/at76c50x-usb.c
1223--- backports-3.18.1-1.org/drivers/net/wireless/at76c50x-usb.c 2014-12-21 22:37:14.000000000 +0100
1224+++ backports-3.18.1-1/drivers/net/wireless/at76c50x-usb.c 2014-12-28 14:10:09.560888936 +0100
1225@@ -353,7 +353,7 @@
1226 }
1227
1228 /* Convert timeout from the DFU status to jiffies */
1229-static inline unsigned long at76_get_timeout(struct dfu_status *s)
1230+static inline unsigned long __intentional_overflow(-1) at76_get_timeout(struct dfu_status *s)
1231 {
1232 return msecs_to_jiffies((s->poll_timeout[2] << 16)
1233 | (s->poll_timeout[1] << 8)
1234diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath10k/htc.c backports-3.18.1-1/drivers/net/wireless/ath/ath10k/htc.c
1235--- backports-3.18.1-1.org/drivers/net/wireless/ath/ath10k/htc.c 2014-12-21 22:37:14.000000000 +0100
1236+++ backports-3.18.1-1/drivers/net/wireless/ath/ath10k/htc.c 2014-12-28 14:10:09.560888936 +0100
1237@@ -848,7 +848,10 @@
1238 /* registered target arrival callback from the HIF layer */
1239 int ath10k_htc_init(struct ath10k *ar)
1240 {
1241- struct ath10k_hif_cb htc_callbacks;
1242+ static struct ath10k_hif_cb htc_callbacks = {
1243+ .rx_completion = ath10k_htc_rx_completion_handler,
1244+ .tx_completion = ath10k_htc_tx_completion_handler,
1245+ };
1246 struct ath10k_htc_ep *ep = NULL;
1247 struct ath10k_htc *htc = &ar->htc;
1248
1249@@ -857,8 +860,6 @@
1250 ath10k_htc_reset_endpoint_states(htc);
1251
1252 /* setup HIF layer callbacks */
1253- htc_callbacks.rx_completion = ath10k_htc_rx_completion_handler;
1254- htc_callbacks.tx_completion = ath10k_htc_tx_completion_handler;
1255 htc->ar = ar;
1256
1257 /* Get HIF default pipe for HTC message exchange */
1258diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath10k/htc.h backports-3.18.1-1/drivers/net/wireless/ath/ath10k/htc.h
1259--- backports-3.18.1-1.org/drivers/net/wireless/ath/ath10k/htc.h 2014-12-21 22:37:14.000000000 +0100
1260+++ backports-3.18.1-1/drivers/net/wireless/ath/ath10k/htc.h 2014-12-28 14:10:09.560888936 +0100
1261@@ -270,13 +270,13 @@
1262
1263 struct ath10k_htc_ops {
1264 void (*target_send_suspend_complete)(struct ath10k *ar);
1265-};
1266+} __no_const;
1267
1268 struct ath10k_htc_ep_ops {
1269 void (*ep_tx_complete)(struct ath10k *, struct sk_buff *);
1270 void (*ep_rx_complete)(struct ath10k *, struct sk_buff *);
1271 void (*ep_tx_credits)(struct ath10k *);
1272-};
1273+} __no_const;
1274
1275 /* service connection information */
1276 struct ath10k_htc_svc_conn_req {
1277diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/ar9002_mac.c backports-3.18.1-1/drivers/net/wireless/ath/ath9k/ar9002_mac.c
1278--- backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/ar9002_mac.c 2014-12-21 22:37:14.000000000 +0100
1279+++ backports-3.18.1-1/drivers/net/wireless/ath/ath9k/ar9002_mac.c 2014-12-28 14:10:09.560888936 +0100
1280@@ -220,8 +220,8 @@
1281 ads->ds_txstatus6 = ads->ds_txstatus7 = 0;
1282 ads->ds_txstatus8 = ads->ds_txstatus9 = 0;
1283
1284- ACCESS_ONCE(ads->ds_link) = i->link;
1285- ACCESS_ONCE(ads->ds_data) = i->buf_addr[0];
1286+ ACCESS_ONCE_RW(ads->ds_link) = i->link;
1287+ ACCESS_ONCE_RW(ads->ds_data) = i->buf_addr[0];
1288
1289 ctl1 = i->buf_len[0] | (i->is_last ? 0 : AR_TxMore);
1290 ctl6 = SM(i->keytype, AR_EncrType);
1291@@ -235,26 +235,26 @@
1292
1293 if ((i->is_first || i->is_last) &&
1294 i->aggr != AGGR_BUF_MIDDLE && i->aggr != AGGR_BUF_LAST) {
1295- ACCESS_ONCE(ads->ds_ctl2) = set11nTries(i->rates, 0)
1296+ ACCESS_ONCE_RW(ads->ds_ctl2) = set11nTries(i->rates, 0)
1297 | set11nTries(i->rates, 1)
1298 | set11nTries(i->rates, 2)
1299 | set11nTries(i->rates, 3)
1300 | (i->dur_update ? AR_DurUpdateEna : 0)
1301 | SM(0, AR_BurstDur);
1302
1303- ACCESS_ONCE(ads->ds_ctl3) = set11nRate(i->rates, 0)
1304+ ACCESS_ONCE_RW(ads->ds_ctl3) = set11nRate(i->rates, 0)
1305 | set11nRate(i->rates, 1)
1306 | set11nRate(i->rates, 2)
1307 | set11nRate(i->rates, 3);
1308 } else {
1309- ACCESS_ONCE(ads->ds_ctl2) = 0;
1310- ACCESS_ONCE(ads->ds_ctl3) = 0;
1311+ ACCESS_ONCE_RW(ads->ds_ctl2) = 0;
1312+ ACCESS_ONCE_RW(ads->ds_ctl3) = 0;
1313 }
1314
1315 if (!i->is_first) {
1316- ACCESS_ONCE(ads->ds_ctl0) = 0;
1317- ACCESS_ONCE(ads->ds_ctl1) = ctl1;
1318- ACCESS_ONCE(ads->ds_ctl6) = ctl6;
1319+ ACCESS_ONCE_RW(ads->ds_ctl0) = 0;
1320+ ACCESS_ONCE_RW(ads->ds_ctl1) = ctl1;
1321+ ACCESS_ONCE_RW(ads->ds_ctl6) = ctl6;
1322 return;
1323 }
1324
1325@@ -279,7 +279,7 @@
1326 break;
1327 }
1328
1329- ACCESS_ONCE(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen)
1330+ ACCESS_ONCE_RW(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen)
1331 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0)
1332 | SM(i->txpower, AR_XmitPower0)
1333 | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0)
1334@@ -289,27 +289,27 @@
1335 | (i->flags & ATH9K_TXDESC_RTSENA ? AR_RTSEnable :
1336 (i->flags & ATH9K_TXDESC_CTSENA ? AR_CTSEnable : 0));
1337
1338- ACCESS_ONCE(ads->ds_ctl1) = ctl1;
1339- ACCESS_ONCE(ads->ds_ctl6) = ctl6;
1340+ ACCESS_ONCE_RW(ads->ds_ctl1) = ctl1;
1341+ ACCESS_ONCE_RW(ads->ds_ctl6) = ctl6;
1342
1343 if (i->aggr == AGGR_BUF_MIDDLE || i->aggr == AGGR_BUF_LAST)
1344 return;
1345
1346- ACCESS_ONCE(ads->ds_ctl4) = set11nPktDurRTSCTS(i->rates, 0)
1347+ ACCESS_ONCE_RW(ads->ds_ctl4) = set11nPktDurRTSCTS(i->rates, 0)
1348 | set11nPktDurRTSCTS(i->rates, 1);
1349
1350- ACCESS_ONCE(ads->ds_ctl5) = set11nPktDurRTSCTS(i->rates, 2)
1351+ ACCESS_ONCE_RW(ads->ds_ctl5) = set11nPktDurRTSCTS(i->rates, 2)
1352 | set11nPktDurRTSCTS(i->rates, 3);
1353
1354- ACCESS_ONCE(ads->ds_ctl7) = set11nRateFlags(i->rates, 0)
1355+ ACCESS_ONCE_RW(ads->ds_ctl7) = set11nRateFlags(i->rates, 0)
1356 | set11nRateFlags(i->rates, 1)
1357 | set11nRateFlags(i->rates, 2)
1358 | set11nRateFlags(i->rates, 3)
1359 | SM(i->rtscts_rate, AR_RTSCTSRate);
1360
1361- ACCESS_ONCE(ads->ds_ctl9) = SM(i->txpower, AR_XmitPower1);
1362- ACCESS_ONCE(ads->ds_ctl10) = SM(i->txpower, AR_XmitPower2);
1363- ACCESS_ONCE(ads->ds_ctl11) = SM(i->txpower, AR_XmitPower3);
1364+ ACCESS_ONCE_RW(ads->ds_ctl9) = SM(i->txpower, AR_XmitPower1);
1365+ ACCESS_ONCE_RW(ads->ds_ctl10) = SM(i->txpower, AR_XmitPower2);
1366+ ACCESS_ONCE_RW(ads->ds_ctl11) = SM(i->txpower, AR_XmitPower3);
1367 }
1368
1369 static int ar9002_hw_proc_txdesc(struct ath_hw *ah, void *ds,
1370diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/ar9003_mac.c backports-3.18.1-1/drivers/net/wireless/ath/ath9k/ar9003_mac.c
1371--- backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/ar9003_mac.c 2014-12-21 22:37:14.000000000 +0100
1372+++ backports-3.18.1-1/drivers/net/wireless/ath/ath9k/ar9003_mac.c 2014-12-28 14:10:09.560888936 +0100
1373@@ -39,47 +39,47 @@
1374 (i->qcu << AR_TxQcuNum_S) | desc_len;
1375
1376 checksum += val;
1377- ACCESS_ONCE(ads->info) = val;
1378+ ACCESS_ONCE_RW(ads->info) = val;
1379
1380 checksum += i->link;
1381- ACCESS_ONCE(ads->link) = i->link;
1382+ ACCESS_ONCE_RW(ads->link) = i->link;
1383
1384 checksum += i->buf_addr[0];
1385- ACCESS_ONCE(ads->data0) = i->buf_addr[0];
1386+ ACCESS_ONCE_RW(ads->data0) = i->buf_addr[0];
1387 checksum += i->buf_addr[1];
1388- ACCESS_ONCE(ads->data1) = i->buf_addr[1];
1389+ ACCESS_ONCE_RW(ads->data1) = i->buf_addr[1];
1390 checksum += i->buf_addr[2];
1391- ACCESS_ONCE(ads->data2) = i->buf_addr[2];
1392+ ACCESS_ONCE_RW(ads->data2) = i->buf_addr[2];
1393 checksum += i->buf_addr[3];
1394- ACCESS_ONCE(ads->data3) = i->buf_addr[3];
1395+ ACCESS_ONCE_RW(ads->data3) = i->buf_addr[3];
1396
1397 checksum += (val = (i->buf_len[0] << AR_BufLen_S) & AR_BufLen);
1398- ACCESS_ONCE(ads->ctl3) = val;
1399+ ACCESS_ONCE_RW(ads->ctl3) = val;
1400 checksum += (val = (i->buf_len[1] << AR_BufLen_S) & AR_BufLen);
1401- ACCESS_ONCE(ads->ctl5) = val;
1402+ ACCESS_ONCE_RW(ads->ctl5) = val;
1403 checksum += (val = (i->buf_len[2] << AR_BufLen_S) & AR_BufLen);
1404- ACCESS_ONCE(ads->ctl7) = val;
1405+ ACCESS_ONCE_RW(ads->ctl7) = val;
1406 checksum += (val = (i->buf_len[3] << AR_BufLen_S) & AR_BufLen);
1407- ACCESS_ONCE(ads->ctl9) = val;
1408+ ACCESS_ONCE_RW(ads->ctl9) = val;
1409
1410 checksum = (u16) (((checksum & 0xffff) + (checksum >> 16)) & 0xffff);
1411- ACCESS_ONCE(ads->ctl10) = checksum;
1412+ ACCESS_ONCE_RW(ads->ctl10) = checksum;
1413
1414 if (i->is_first || i->is_last) {
1415- ACCESS_ONCE(ads->ctl13) = set11nTries(i->rates, 0)
1416+ ACCESS_ONCE_RW(ads->ctl13) = set11nTries(i->rates, 0)
1417 | set11nTries(i->rates, 1)
1418 | set11nTries(i->rates, 2)
1419 | set11nTries(i->rates, 3)
1420 | (i->dur_update ? AR_DurUpdateEna : 0)
1421 | SM(0, AR_BurstDur);
1422
1423- ACCESS_ONCE(ads->ctl14) = set11nRate(i->rates, 0)
1424+ ACCESS_ONCE_RW(ads->ctl14) = set11nRate(i->rates, 0)
1425 | set11nRate(i->rates, 1)
1426 | set11nRate(i->rates, 2)
1427 | set11nRate(i->rates, 3);
1428 } else {
1429- ACCESS_ONCE(ads->ctl13) = 0;
1430- ACCESS_ONCE(ads->ctl14) = 0;
1431+ ACCESS_ONCE_RW(ads->ctl13) = 0;
1432+ ACCESS_ONCE_RW(ads->ctl14) = 0;
1433 }
1434
1435 ads->ctl20 = 0;
1436@@ -89,17 +89,17 @@
1437
1438 ctl17 = SM(i->keytype, AR_EncrType);
1439 if (!i->is_first) {
1440- ACCESS_ONCE(ads->ctl11) = 0;
1441- ACCESS_ONCE(ads->ctl12) = i->is_last ? 0 : AR_TxMore;
1442- ACCESS_ONCE(ads->ctl15) = 0;
1443- ACCESS_ONCE(ads->ctl16) = 0;
1444- ACCESS_ONCE(ads->ctl17) = ctl17;
1445- ACCESS_ONCE(ads->ctl18) = 0;
1446- ACCESS_ONCE(ads->ctl19) = 0;
1447+ ACCESS_ONCE_RW(ads->ctl11) = 0;
1448+ ACCESS_ONCE_RW(ads->ctl12) = i->is_last ? 0 : AR_TxMore;
1449+ ACCESS_ONCE_RW(ads->ctl15) = 0;
1450+ ACCESS_ONCE_RW(ads->ctl16) = 0;
1451+ ACCESS_ONCE_RW(ads->ctl17) = ctl17;
1452+ ACCESS_ONCE_RW(ads->ctl18) = 0;
1453+ ACCESS_ONCE_RW(ads->ctl19) = 0;
1454 return;
1455 }
1456
1457- ACCESS_ONCE(ads->ctl11) = (i->pkt_len & AR_FrameLen)
1458+ ACCESS_ONCE_RW(ads->ctl11) = (i->pkt_len & AR_FrameLen)
1459 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0)
1460 | SM(i->txpower, AR_XmitPower0)
1461 | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0)
1462@@ -135,26 +135,26 @@
1463 val = (i->flags & ATH9K_TXDESC_PAPRD) >> ATH9K_TXDESC_PAPRD_S;
1464 ctl12 |= SM(val, AR_PAPRDChainMask);
1465
1466- ACCESS_ONCE(ads->ctl12) = ctl12;
1467- ACCESS_ONCE(ads->ctl17) = ctl17;
1468+ ACCESS_ONCE_RW(ads->ctl12) = ctl12;
1469+ ACCESS_ONCE_RW(ads->ctl17) = ctl17;
1470
1471- ACCESS_ONCE(ads->ctl15) = set11nPktDurRTSCTS(i->rates, 0)
1472+ ACCESS_ONCE_RW(ads->ctl15) = set11nPktDurRTSCTS(i->rates, 0)
1473 | set11nPktDurRTSCTS(i->rates, 1);
1474
1475- ACCESS_ONCE(ads->ctl16) = set11nPktDurRTSCTS(i->rates, 2)
1476+ ACCESS_ONCE_RW(ads->ctl16) = set11nPktDurRTSCTS(i->rates, 2)
1477 | set11nPktDurRTSCTS(i->rates, 3);
1478
1479- ACCESS_ONCE(ads->ctl18) = set11nRateFlags(i->rates, 0)
1480+ ACCESS_ONCE_RW(ads->ctl18) = set11nRateFlags(i->rates, 0)
1481 | set11nRateFlags(i->rates, 1)
1482 | set11nRateFlags(i->rates, 2)
1483 | set11nRateFlags(i->rates, 3)
1484 | SM(i->rtscts_rate, AR_RTSCTSRate);
1485
1486- ACCESS_ONCE(ads->ctl19) = AR_Not_Sounding;
1487+ ACCESS_ONCE_RW(ads->ctl19) = AR_Not_Sounding;
1488
1489- ACCESS_ONCE(ads->ctl20) = SM(i->txpower, AR_XmitPower1);
1490- ACCESS_ONCE(ads->ctl21) = SM(i->txpower, AR_XmitPower2);
1491- ACCESS_ONCE(ads->ctl22) = SM(i->txpower, AR_XmitPower3);
1492+ ACCESS_ONCE_RW(ads->ctl20) = SM(i->txpower, AR_XmitPower1);
1493+ ACCESS_ONCE_RW(ads->ctl21) = SM(i->txpower, AR_XmitPower2);
1494+ ACCESS_ONCE_RW(ads->ctl22) = SM(i->txpower, AR_XmitPower3);
1495 }
1496
1497 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads)
1498diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/hw.h backports-3.18.1-1/drivers/net/wireless/ath/ath9k/hw.h
1499--- backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/hw.h 2014-12-21 22:37:14.000000000 +0100
1500+++ backports-3.18.1-1/drivers/net/wireless/ath/ath9k/hw.h 2014-12-28 14:10:09.564888946 +0100
1501@@ -630,7 +630,7 @@
1502
1503 /* ANI */
1504 void (*ani_cache_ini_regs)(struct ath_hw *ah);
1505-};
1506+} __no_const;
1507
1508 /**
1509 * struct ath_spec_scan - parameters for Atheros spectral scan
1510@@ -708,7 +708,7 @@
1511 #ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT
1512 void (*set_bt_ant_diversity)(struct ath_hw *hw, bool enable);
1513 #endif
1514-};
1515+} __no_const;
1516
1517 struct ath_nf_limits {
1518 s16 max;
1519diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/main.c backports-3.18.1-1/drivers/net/wireless/ath/ath9k/main.c
1520--- backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/main.c 2014-12-21 22:37:14.000000000 +0100
1521+++ backports-3.18.1-1/drivers/net/wireless/ath/ath9k/main.c 2014-12-28 14:24:49.169250593 +0100
1522@@ -2454,16 +2454,18 @@
1523 if (!ath9k_is_chanctx_enabled())
1524 return;
1525
1526- ath9k_ops.hw_scan = ath9k_hw_scan;
1527- ath9k_ops.cancel_hw_scan = ath9k_cancel_hw_scan;
1528- ath9k_ops.remain_on_channel = ath9k_remain_on_channel;
1529- ath9k_ops.cancel_remain_on_channel = ath9k_cancel_remain_on_channel;
1530- ath9k_ops.add_chanctx = ath9k_add_chanctx;
1531- ath9k_ops.remove_chanctx = ath9k_remove_chanctx;
1532- ath9k_ops.change_chanctx = ath9k_change_chanctx;
1533- ath9k_ops.assign_vif_chanctx = ath9k_assign_vif_chanctx;
1534- ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx;
1535- ath9k_ops.mgd_prepare_tx = ath9k_mgd_prepare_tx;
1536+ pax_open_kernel();
1537+ *(void **)&ath9k_ops.hw_scan = ath9k_hw_scan;
1538+ *(void **)&ath9k_ops.cancel_hw_scan = ath9k_cancel_hw_scan;
1539+ *(void **)&ath9k_ops.remain_on_channel = ath9k_remain_on_channel;
1540+ *(void **)&ath9k_ops.cancel_remain_on_channel = ath9k_cancel_remain_on_channel;
1541+ *(void **)&ath9k_ops.add_chanctx = ath9k_add_chanctx;
1542+ *(void **)&ath9k_ops.remove_chanctx = ath9k_remove_chanctx;
1543+ *(void **)&ath9k_ops.change_chanctx = ath9k_change_chanctx;
1544+ *(void **)&ath9k_ops.assign_vif_chanctx = ath9k_assign_vif_chanctx;
1545+ *(void **)&ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx;
1546+ *(void **)&ath9k_ops.mgd_prepare_tx = ath9k_mgd_prepare_tx;
1547+ pax_close_kernel();
1548 }
1549
1550 #endif
1551diff -Naur backports-3.18.1-1.org/drivers/net/wireless/b43/phy_lp.c backports-3.18.1-1/drivers/net/wireless/b43/phy_lp.c
1552--- backports-3.18.1-1.org/drivers/net/wireless/b43/phy_lp.c 2014-12-21 22:37:14.000000000 +0100
1553+++ backports-3.18.1-1/drivers/net/wireless/b43/phy_lp.c 2014-12-28 14:10:09.564888946 +0100
1554@@ -2502,7 +2502,7 @@
1555 {
1556 struct ssb_bus *bus = dev->dev->sdev->bus;
1557
1558- static const struct b206x_channel *chandata = NULL;
1559+ const struct b206x_channel *chandata = NULL;
1560 u32 crystal_freq = bus->chipco.pmu.crystalfreq * 1000;
1561 u32 freqref, vco_freq, val1, val2, val3, timeout, timeoutref, count;
1562 u16 old_comm15, scale;
1563diff -Naur backports-3.18.1-1.org/drivers/net/wireless/iwlegacy/3945-mac.c backports-3.18.1-1/drivers/net/wireless/iwlegacy/3945-mac.c
1564--- backports-3.18.1-1.org/drivers/net/wireless/iwlegacy/3945-mac.c 2014-12-21 22:37:14.000000000 +0100
1565+++ backports-3.18.1-1/drivers/net/wireless/iwlegacy/3945-mac.c 2014-12-28 14:10:09.564888946 +0100
1566@@ -3633,7 +3633,9 @@
1567 */
1568 if (il3945_mod_params.disable_hw_scan) {
1569 D_INFO("Disabling hw_scan\n");
1570- il3945_mac_ops.hw_scan = NULL;
1571+ pax_open_kernel();
1572+ *(void **)&il3945_mac_ops.hw_scan = NULL;
1573+ pax_close_kernel();
1574 }
1575
1576 D_INFO("*** LOAD DRIVER ***\n");
1577diff -Naur backports-3.18.1-1.org/drivers/net/wireless/iwlwifi/dvm/debugfs.c backports-3.18.1-1/drivers/net/wireless/iwlwifi/dvm/debugfs.c
1578--- backports-3.18.1-1.org/drivers/net/wireless/iwlwifi/dvm/debugfs.c 2014-12-21 22:37:14.000000000 +0100
1579+++ backports-3.18.1-1/drivers/net/wireless/iwlwifi/dvm/debugfs.c 2014-12-28 14:10:09.564888946 +0100
1580@@ -188,7 +188,7 @@
1581 {
1582 struct iwl_priv *priv = file->private_data;
1583 char buf[64];
1584- int buf_size;
1585+ size_t buf_size;
1586 u32 offset, len;
1587
1588 memset(buf, 0, sizeof(buf));
1589@@ -458,7 +458,7 @@
1590 struct iwl_priv *priv = file->private_data;
1591
1592 char buf[8];
1593- int buf_size;
1594+ size_t buf_size;
1595 u32 reset_flag;
1596
1597 memset(buf, 0, sizeof(buf));
1598@@ -539,7 +539,7 @@
1599 {
1600 struct iwl_priv *priv = file->private_data;
1601 char buf[8];
1602- int buf_size;
1603+ size_t buf_size;
1604 int ht40;
1605
1606 memset(buf, 0, sizeof(buf));
1607@@ -591,7 +591,7 @@
1608 {
1609 struct iwl_priv *priv = file->private_data;
1610 char buf[8];
1611- int buf_size;
1612+ size_t buf_size;
1613 int value;
1614
1615 memset(buf, 0, sizeof(buf));
1616@@ -683,10 +683,10 @@
1617 DEBUGFS_READ_WRITE_FILE_OPS(sleep_level_override);
1618 DEBUGFS_READ_FILE_OPS(current_sleep_command);
1619
1620-static const char *fmt_value = " %-30s %10u\n";
1621-static const char *fmt_hex = " %-30s 0x%02X\n";
1622-static const char *fmt_table = " %-30s %10u %10u %10u %10u\n";
1623-static const char *fmt_header =
1624+static const char fmt_value[] = " %-30s %10u\n";
1625+static const char fmt_hex[] = " %-30s 0x%02X\n";
1626+static const char fmt_table[] = " %-30s %10u %10u %10u %10u\n";
1627+static const char fmt_header[] =
1628 "%-32s current cumulative delta max\n";
1629
1630 static int iwl_statistics_flag(struct iwl_priv *priv, char *buf, int bufsz)
1631@@ -1856,7 +1856,7 @@
1632 {
1633 struct iwl_priv *priv = file->private_data;
1634 char buf[8];
1635- int buf_size;
1636+ size_t buf_size;
1637 int clear;
1638
1639 memset(buf, 0, sizeof(buf));
1640@@ -1901,7 +1901,7 @@
1641 {
1642 struct iwl_priv *priv = file->private_data;
1643 char buf[8];
1644- int buf_size;
1645+ size_t buf_size;
1646 int trace;
1647
1648 memset(buf, 0, sizeof(buf));
1649@@ -1972,7 +1972,7 @@
1650 {
1651 struct iwl_priv *priv = file->private_data;
1652 char buf[8];
1653- int buf_size;
1654+ size_t buf_size;
1655 int missed;
1656
1657 memset(buf, 0, sizeof(buf));
1658@@ -2013,7 +2013,7 @@
1659
1660 struct iwl_priv *priv = file->private_data;
1661 char buf[8];
1662- int buf_size;
1663+ size_t buf_size;
1664 int plcp;
1665
1666 memset(buf, 0, sizeof(buf));
1667@@ -2073,7 +2073,7 @@
1668
1669 struct iwl_priv *priv = file->private_data;
1670 char buf[8];
1671- int buf_size;
1672+ size_t buf_size;
1673 int flush;
1674
1675 memset(buf, 0, sizeof(buf));
1676@@ -2163,7 +2163,7 @@
1677
1678 struct iwl_priv *priv = file->private_data;
1679 char buf[8];
1680- int buf_size;
1681+ size_t buf_size;
1682 int rts;
1683
1684 if (!priv->cfg->ht_params)
1685@@ -2204,7 +2204,7 @@
1686 {
1687 struct iwl_priv *priv = file->private_data;
1688 char buf[8];
1689- int buf_size;
1690+ size_t buf_size;
1691
1692 memset(buf, 0, sizeof(buf));
1693 buf_size = min(count, sizeof(buf) - 1);
1694@@ -2238,7 +2238,7 @@
1695 struct iwl_priv *priv = file->private_data;
1696 u32 event_log_flag;
1697 char buf[8];
1698- int buf_size;
1699+ size_t buf_size;
1700
1701 /* check that the interface is up */
1702 if (!iwl_is_ready(priv))
1703@@ -2292,7 +2292,7 @@
1704 struct iwl_priv *priv = file->private_data;
1705 char buf[8];
1706 u32 calib_disabled;
1707- int buf_size;
1708+ size_t buf_size;
1709
1710 memset(buf, 0, sizeof(buf));
1711 buf_size = min(count, sizeof(buf) - 1);
1712diff -Naur backports-3.18.1-1.org/drivers/net/wireless/iwlwifi/pcie/trans.c backports-3.18.1-1/drivers/net/wireless/iwlwifi/pcie/trans.c
1713--- backports-3.18.1-1.org/drivers/net/wireless/iwlwifi/pcie/trans.c 2014-12-21 22:37:14.000000000 +0100
1714+++ backports-3.18.1-1/drivers/net/wireless/iwlwifi/pcie/trans.c 2014-12-28 14:10:09.564888946 +0100
1715@@ -1689,7 +1689,7 @@
1716 struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
1717
1718 char buf[8];
1719- int buf_size;
1720+ size_t buf_size;
1721 u32 reset_flag;
1722
1723 memset(buf, 0, sizeof(buf));
1724@@ -1710,7 +1710,7 @@
1725 {
1726 struct iwl_trans *trans = file->private_data;
1727 char buf[8];
1728- int buf_size;
1729+ size_t buf_size;
1730 int csr;
1731
1732 memset(buf, 0, sizeof(buf));
1733diff -Naur backports-3.18.1-1.org/drivers/net/wireless/mac80211_hwsim.c backports-3.18.1-1/drivers/net/wireless/mac80211_hwsim.c
1734--- backports-3.18.1-1.org/drivers/net/wireless/mac80211_hwsim.c 2014-12-21 22:37:14.000000000 +0100
1735+++ backports-3.18.1-1/drivers/net/wireless/mac80211_hwsim.c 2014-12-28 14:10:09.568888967 +0100
1736@@ -2578,20 +2578,20 @@
1737 if (channels < 1)
1738 return -EINVAL;
1739
1740- mac80211_hwsim_mchan_ops = mac80211_hwsim_ops;
1741- mac80211_hwsim_mchan_ops.hw_scan = mac80211_hwsim_hw_scan;
1742- mac80211_hwsim_mchan_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan;
1743- mac80211_hwsim_mchan_ops.sw_scan_start = NULL;
1744- mac80211_hwsim_mchan_ops.sw_scan_complete = NULL;
1745- mac80211_hwsim_mchan_ops.remain_on_channel = mac80211_hwsim_roc;
1746- mac80211_hwsim_mchan_ops.cancel_remain_on_channel = mac80211_hwsim_croc;
1747- mac80211_hwsim_mchan_ops.add_chanctx = mac80211_hwsim_add_chanctx;
1748- mac80211_hwsim_mchan_ops.remove_chanctx = mac80211_hwsim_remove_chanctx;
1749- mac80211_hwsim_mchan_ops.change_chanctx = mac80211_hwsim_change_chanctx;
1750- mac80211_hwsim_mchan_ops.assign_vif_chanctx =
1751- mac80211_hwsim_assign_vif_chanctx;
1752- mac80211_hwsim_mchan_ops.unassign_vif_chanctx =
1753- mac80211_hwsim_unassign_vif_chanctx;
1754+ pax_open_kernel();
1755+ memcpy((void *)&mac80211_hwsim_mchan_ops, &mac80211_hwsim_ops, sizeof mac80211_hwsim_mchan_ops);
1756+ *(void **)&mac80211_hwsim_mchan_ops.hw_scan = mac80211_hwsim_hw_scan;
1757+ *(void **)&mac80211_hwsim_mchan_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan;
1758+ *(void **)&mac80211_hwsim_mchan_ops.sw_scan_start = NULL;
1759+ *(void **)&mac80211_hwsim_mchan_ops.sw_scan_complete = NULL;
1760+ *(void **)&mac80211_hwsim_mchan_ops.remain_on_channel = mac80211_hwsim_roc;
1761+ *(void **)&mac80211_hwsim_mchan_ops.cancel_remain_on_channel = mac80211_hwsim_croc;
1762+ *(void **)&mac80211_hwsim_mchan_ops.add_chanctx = mac80211_hwsim_add_chanctx;
1763+ *(void **)&mac80211_hwsim_mchan_ops.remove_chanctx = mac80211_hwsim_remove_chanctx;
1764+ *(void **)&mac80211_hwsim_mchan_ops.change_chanctx = mac80211_hwsim_change_chanctx;
1765+ *(void **)&mac80211_hwsim_mchan_ops.assign_vif_chanctx = mac80211_hwsim_assign_vif_chanctx;
1766+ *(void **)&mac80211_hwsim_mchan_ops.unassign_vif_chanctx = mac80211_hwsim_unassign_vif_chanctx;
1767+ pax_close_kernel();
1768
1769 spin_lock_init(&hwsim_radio_lock);
1770 INIT_LIST_HEAD(&hwsim_radios);
1771diff -Naur backports-3.18.1-1.org/drivers/net/wireless/rndis_wlan.c backports-3.18.1-1/drivers/net/wireless/rndis_wlan.c
1772--- backports-3.18.1-1.org/drivers/net/wireless/rndis_wlan.c 2014-12-21 22:37:14.000000000 +0100
1773+++ backports-3.18.1-1/drivers/net/wireless/rndis_wlan.c 2014-12-28 14:10:09.568888967 +0100
1774@@ -1236,7 +1236,7 @@
1775
1776 netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold);
1777
1778- if (rts_threshold < 0 || rts_threshold > 2347)
1779+ if (rts_threshold > 2347)
1780 rts_threshold = 2347;
1781
1782 tmp = cpu_to_le32(rts_threshold);
1783diff -Naur backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2x00.h backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2x00.h
1784--- backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2x00.h 2014-12-21 22:37:14.000000000 +0100
1785+++ backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2x00.h 2014-12-28 14:10:09.568888967 +0100
1786@@ -375,7 +375,7 @@
1787 * for hardware which doesn't support hardware
1788 * sequence counting.
1789 */
1790- atomic_t seqno;
1791+ atomic_unchecked_t seqno;
1792 };
1793
1794 static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif)
1795diff -Naur backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2x00queue.c backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2x00queue.c
1796--- backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2x00queue.c 2014-12-21 22:37:14.000000000 +0100
1797+++ backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2x00queue.c 2014-12-28 14:10:09.568888967 +0100
1798@@ -224,9 +224,9 @@
1799 * sequence counter given by mac80211.
1800 */
1801 if (test_bit(ENTRY_TXD_FIRST_FRAGMENT, &txdesc->flags))
1802- seqno = atomic_add_return(0x10, &intf->seqno);
1803+ seqno = atomic_add_return_unchecked(0x10, &intf->seqno);
1804 else
1805- seqno = atomic_read(&intf->seqno);
1806+ seqno = atomic_read_unchecked(&intf->seqno);
1807
1808 hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
1809 hdr->seq_ctrl |= cpu_to_le16(seqno);
1810diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ti/wl1251/sdio.c backports-3.18.1-1/drivers/net/wireless/ti/wl1251/sdio.c
1811--- backports-3.18.1-1.org/drivers/net/wireless/ti/wl1251/sdio.c 2014-12-21 22:37:14.000000000 +0100
1812+++ backports-3.18.1-1/drivers/net/wireless/ti/wl1251/sdio.c 2014-12-28 14:10:09.568888967 +0100
1813@@ -282,13 +282,17 @@
1814
1815 irq_set_irq_type(wl->irq, IRQ_TYPE_EDGE_RISING);
1816
1817- wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq;
1818- wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq;
1819+ pax_open_kernel();
1820+ *(void **)&wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq;
1821+ *(void **)&wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq;
1822+ pax_close_kernel();
1823
1824 wl1251_info("using dedicated interrupt line");
1825 } else {
1826- wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq;
1827- wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq;
1828+ pax_open_kernel();
1829+ *(void **)&wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq;
1830+ *(void **)&wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq;
1831+ pax_close_kernel();
1832
1833 wl1251_info("using SDIO interrupt");
1834 }
1835diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ti/wl12xx/main.c backports-3.18.1-1/drivers/net/wireless/ti/wl12xx/main.c
1836--- backports-3.18.1-1.org/drivers/net/wireless/ti/wl12xx/main.c 2014-12-21 22:37:14.000000000 +0100
1837+++ backports-3.18.1-1/drivers/net/wireless/ti/wl12xx/main.c 2014-12-28 14:10:09.568888967 +0100
1838@@ -656,7 +656,9 @@
1839 sizeof(wl->conf.mem));
1840
1841 /* read data preparation is only needed by wl127x */
1842- wl->ops->prepare_read = wl127x_prepare_read;
1843+ pax_open_kernel();
1844+ *(void **)&wl->ops->prepare_read = wl127x_prepare_read;
1845+ pax_close_kernel();
1846
1847 wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER,
1848 WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER,
1849@@ -681,7 +683,9 @@
1850 sizeof(wl->conf.mem));
1851
1852 /* read data preparation is only needed by wl127x */
1853- wl->ops->prepare_read = wl127x_prepare_read;
1854+ pax_open_kernel();
1855+ *(void **)&wl->ops->prepare_read = wl127x_prepare_read;
1856+ pax_close_kernel();
1857
1858 wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER,
1859 WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER,
1860diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ti/wl18xx/main.c backports-3.18.1-1/drivers/net/wireless/ti/wl18xx/main.c
1861--- backports-3.18.1-1.org/drivers/net/wireless/ti/wl18xx/main.c 2014-12-21 22:37:14.000000000 +0100
1862+++ backports-3.18.1-1/drivers/net/wireless/ti/wl18xx/main.c 2014-12-28 14:10:09.568888967 +0100
1863@@ -1916,8 +1916,10 @@
1864 }
1865
1866 if (!checksum_param) {
1867- wl18xx_ops.set_rx_csum = NULL;
1868- wl18xx_ops.init_vif = NULL;
1869+ pax_open_kernel();
1870+ *(void **)&wl18xx_ops.set_rx_csum = NULL;
1871+ *(void **)&wl18xx_ops.init_vif = NULL;
1872+ pax_close_kernel();
1873 }
1874
1875 /* Enable 11a Band only if we have 5G antennas */
1876diff -Naur backports-3.18.1-1.org/drivers/net/wireless/zd1211rw/zd_usb.c backports-3.18.1-1/drivers/net/wireless/zd1211rw/zd_usb.c
1877--- backports-3.18.1-1.org/drivers/net/wireless/zd1211rw/zd_usb.c 2014-12-21 22:37:14.000000000 +0100
1878+++ backports-3.18.1-1/drivers/net/wireless/zd1211rw/zd_usb.c 2014-12-28 14:10:09.568888967 +0100
1879@@ -385,7 +385,7 @@
1880 {
1881 struct zd_usb *usb = urb->context;
1882 struct zd_usb_interrupt *intr = &usb->intr;
1883- int len;
1884+ unsigned int len;
1885 u16 int_num;
1886
1887 ZD_ASSERT(in_interrupt());
1888diff -Naur backports-3.18.1-1.org/drivers/nfc/nfcwilink.c backports-3.18.1-1/drivers/nfc/nfcwilink.c
1889--- backports-3.18.1-1.org/drivers/nfc/nfcwilink.c 2014-12-21 22:37:14.000000000 +0100
1890+++ backports-3.18.1-1/drivers/nfc/nfcwilink.c 2014-12-28 14:10:09.568888967 +0100
1891@@ -497,7 +497,7 @@
1892
1893 static int nfcwilink_probe(struct platform_device *pdev)
1894 {
1895- static struct nfcwilink *drv;
1896+ struct nfcwilink *drv;
1897 int rc;
1898 __u32 protocols;
1899
1900diff -Naur backports-3.18.1-1.org/include/linux/gracl_compat.h backports-3.18.1-1/include/linux/gracl_compat.h
1901--- backports-3.18.1-1.org/include/linux/gracl_compat.h 1970-01-01 01:00:00.000000000 +0100
1902+++ backports-3.18.1-1/include/linux/gracl_compat.h 2014-12-28 14:10:09.684889542 +0100
1903@@ -0,0 +1,156 @@
1904+#ifndef GR_ACL_COMPAT_H
1905+#define GR_ACL_COMPAT_H
1906+
1907+#include <linux/resource.h>
1908+#include <asm/resource.h>
1909+
1910+struct sprole_pw_compat {
1911+ compat_uptr_t rolename;
1912+ unsigned char salt[GR_SALT_LEN];
1913+ unsigned char sum[GR_SHA_LEN];
1914+};
1915+
1916+struct gr_hash_struct_compat {
1917+ compat_uptr_t table;
1918+ compat_uptr_t nametable;
1919+ compat_uptr_t first;
1920+ __u32 table_size;
1921+ __u32 used_size;
1922+ int type;
1923+};
1924+
1925+struct acl_subject_label_compat {
1926+ compat_uptr_t filename;
1927+ compat_ino_t inode;
1928+ __u32 device;
1929+ __u32 mode;
1930+ kernel_cap_t cap_mask;
1931+ kernel_cap_t cap_lower;
1932+ kernel_cap_t cap_invert_audit;
1933+
1934+ struct compat_rlimit res[GR_NLIMITS];
1935+ __u32 resmask;
1936+
1937+ __u8 user_trans_type;
1938+ __u8 group_trans_type;
1939+ compat_uptr_t user_transitions;
1940+ compat_uptr_t group_transitions;
1941+ __u16 user_trans_num;
1942+ __u16 group_trans_num;
1943+
1944+ __u32 sock_families[2];
1945+ __u32 ip_proto[8];
1946+ __u32 ip_type;
1947+ compat_uptr_t ips;
1948+ __u32 ip_num;
1949+ __u32 inaddr_any_override;
1950+
1951+ __u32 crashes;
1952+ compat_ulong_t expires;
1953+
1954+ compat_uptr_t parent_subject;
1955+ compat_uptr_t hash;
1956+ compat_uptr_t prev;
1957+ compat_uptr_t next;
1958+
1959+ compat_uptr_t obj_hash;
1960+ __u32 obj_hash_size;
1961+ __u16 pax_flags;
1962+};
1963+
1964+struct role_allowed_ip_compat {
1965+ __u32 addr;
1966+ __u32 netmask;
1967+
1968+ compat_uptr_t prev;
1969+ compat_uptr_t next;
1970+};
1971+
1972+struct role_transition_compat {
1973+ compat_uptr_t rolename;
1974+
1975+ compat_uptr_t prev;
1976+ compat_uptr_t next;
1977+};
1978+
1979+struct acl_role_label_compat {
1980+ compat_uptr_t rolename;
1981+ uid_t uidgid;
1982+ __u16 roletype;
1983+
1984+ __u16 auth_attempts;
1985+ compat_ulong_t expires;
1986+
1987+ compat_uptr_t root_label;
1988+ compat_uptr_t hash;
1989+
1990+ compat_uptr_t prev;
1991+ compat_uptr_t next;
1992+
1993+ compat_uptr_t transitions;
1994+ compat_uptr_t allowed_ips;
1995+ compat_uptr_t domain_children;
1996+ __u16 domain_child_num;
1997+
1998+ umode_t umask;
1999+
2000+ compat_uptr_t subj_hash;
2001+ __u32 subj_hash_size;
2002+};
2003+
2004+struct user_acl_role_db_compat {
2005+ compat_uptr_t r_table;
2006+ __u32 num_pointers;
2007+ __u32 num_roles;
2008+ __u32 num_domain_children;
2009+ __u32 num_subjects;
2010+ __u32 num_objects;
2011+};
2012+
2013+struct acl_object_label_compat {
2014+ compat_uptr_t filename;
2015+ compat_ino_t inode;
2016+ __u32 device;
2017+ __u32 mode;
2018+
2019+ compat_uptr_t nested;
2020+ compat_uptr_t globbed;
2021+
2022+ compat_uptr_t prev;
2023+ compat_uptr_t next;
2024+};
2025+
2026+struct acl_ip_label_compat {
2027+ compat_uptr_t iface;
2028+ __u32 addr;
2029+ __u32 netmask;
2030+ __u16 low, high;
2031+ __u8 mode;
2032+ __u32 type;
2033+ __u32 proto[8];
2034+
2035+ compat_uptr_t prev;
2036+ compat_uptr_t next;
2037+};
2038+
2039+struct gr_arg_compat {
2040+ struct user_acl_role_db_compat role_db;
2041+ unsigned char pw[GR_PW_LEN];
2042+ unsigned char salt[GR_SALT_LEN];
2043+ unsigned char sum[GR_SHA_LEN];
2044+ unsigned char sp_role[GR_SPROLE_LEN];
2045+ compat_uptr_t sprole_pws;
2046+ __u32 segv_device;
2047+ compat_ino_t segv_inode;
2048+ uid_t segv_uid;
2049+ __u16 num_sprole_pws;
2050+ __u16 mode;
2051+};
2052+
2053+struct gr_arg_wrapper_compat {
2054+ compat_uptr_t arg;
2055+ __u32 version;
2056+ __u32 size;
2057+};
2058+
2059+#endif
2060diff -Naur backports-3.18.1-1.org/include/linux/gracl.h backports-3.18.1-1/include/linux/gracl.h
2061--- backports-3.18.1-1.org/include/linux/gracl.h 1970-01-01 01:00:00.000000000 +0100
2062+++ backports-3.18.1-1/include/linux/gracl.h 2014-12-28 14:10:09.684889542 +0100
2063@@ -0,0 +1,340 @@
2064+#ifndef GR_ACL_H
2065+#define GR_ACL_H
2066+
2067+#include <linux/grdefs.h>
2068+#include <linux/resource.h>
2069+#include <linux/capability.h>
2070+#include <linux/dcache.h>
2071+#include <asm/resource.h>
2072+
2073+/* Major status information */
2074+
2075+#define GR_VERSION "grsecurity 3.0"
2076+#define GRSECURITY_VERSION 0x3000
2077+
2078+enum {
2079+ GR_SHUTDOWN = 0,
2080+ GR_ENABLE = 1,
2081+ GR_SPROLE = 2,
2082+ GR_OLDRELOAD = 3,
2083+ GR_SEGVMOD = 4,
2084+ GR_STATUS = 5,
2085+ GR_UNSPROLE = 6,
2086+ GR_PASSSET = 7,
2087+ GR_SPROLEPAM = 8,
2088+ GR_RELOAD = 9,
2089+};
2090+
2091+/* Password setup definitions
2092+ * kernel/grhash.c */
2093+enum {
2094+ GR_PW_LEN = 128,
2095+ GR_SALT_LEN = 16,
2096+ GR_SHA_LEN = 32,
2097+};
2098+
2099+enum {
2100+ GR_SPROLE_LEN = 64,
2101+};
2102+
2103+enum {
2104+ GR_NO_GLOB = 0,
2105+ GR_REG_GLOB,
2106+ GR_CREATE_GLOB
2107+};
2108+
2109+#define GR_NLIMITS 32
2110+
2111+/* Begin Data Structures */
2112+
2113+struct sprole_pw {
2114+ unsigned char *rolename;
2115+ unsigned char salt[GR_SALT_LEN];
2116+ unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */
2117+};
2118+
2119+struct name_entry {
2120+ __u32 key;
2121+ ino_t inode;
2122+ dev_t device;
2123+ char *name;
2124+ __u16 len;
2125+ __u8 deleted;
2126+ struct name_entry *prev;
2127+ struct name_entry *next;
2128+};
2129+
2130+struct inodev_entry {
2131+ struct name_entry *nentry;
2132+ struct inodev_entry *prev;
2133+ struct inodev_entry *next;
2134+};
2135+
2136+struct acl_role_db {
2137+ struct acl_role_label **r_hash;
2138+ __u32 r_size;
2139+};
2140+
2141+struct inodev_db {
2142+ struct inodev_entry **i_hash;
2143+ __u32 i_size;
2144+};
2145+
2146+struct name_db {
2147+ struct name_entry **n_hash;
2148+ __u32 n_size;
2149+};
2150+
2151+struct crash_uid {
2152+ uid_t uid;
2153+ unsigned long expires;
2154+};
2155+
2156+struct gr_hash_struct {
2157+ void **table;
2158+ void **nametable;
2159+ void *first;
2160+ __u32 table_size;
2161+ __u32 used_size;
2162+ int type;
2163+};
2164+
2165+/* Userspace Grsecurity ACL data structures */
2166+
2167+struct acl_subject_label {
2168+ char *filename;
2169+ ino_t inode;
2170+ dev_t device;
2171+ __u32 mode;
2172+ kernel_cap_t cap_mask;
2173+ kernel_cap_t cap_lower;
2174+ kernel_cap_t cap_invert_audit;
2175+
2176+ struct rlimit res[GR_NLIMITS];
2177+ __u32 resmask;
2178+
2179+ __u8 user_trans_type;
2180+ __u8 group_trans_type;
2181+ uid_t *user_transitions;
2182+ gid_t *group_transitions;
2183+ __u16 user_trans_num;
2184+ __u16 group_trans_num;
2185+
2186+ __u32 sock_families[2];
2187+ __u32 ip_proto[8];
2188+ __u32 ip_type;
2189+ struct acl_ip_label **ips;
2190+ __u32 ip_num;
2191+ __u32 inaddr_any_override;
2192+
2193+ __u32 crashes;
2194+ unsigned long expires;
2195+
2196+ struct acl_subject_label *parent_subject;
2197+ struct gr_hash_struct *hash;
2198+ struct acl_subject_label *prev;
2199+ struct acl_subject_label *next;
2200+
2201+ struct acl_object_label **obj_hash;
2202+ __u32 obj_hash_size;
2203+ __u16 pax_flags;
2204+};
2205+
2206+struct role_allowed_ip {
2207+ __u32 addr;
2208+ __u32 netmask;
2209+
2210+ struct role_allowed_ip *prev;
2211+ struct role_allowed_ip *next;
2212+};
2213+
2214+struct role_transition {
2215+ char *rolename;
2216+
2217+ struct role_transition *prev;
2218+ struct role_transition *next;
2219+};
2220+
2221+struct acl_role_label {
2222+ char *rolename;
2223+ uid_t uidgid;
2224+ __u16 roletype;
2225+
2226+ __u16 auth_attempts;
2227+ unsigned long expires;
2228+
2229+ struct acl_subject_label *root_label;
2230+ struct gr_hash_struct *hash;
2231+
2232+ struct acl_role_label *prev;
2233+ struct acl_role_label *next;
2234+
2235+ struct role_transition *transitions;
2236+ struct role_allowed_ip *allowed_ips;
2237+ uid_t *domain_children;
2238+ __u16 domain_child_num;
2239+
2240+ umode_t umask;
2241+
2242+ struct acl_subject_label **subj_hash;
2243+ __u32 subj_hash_size;
2244+};
2245+
2246+struct user_acl_role_db {
2247+ struct acl_role_label **r_table;
2248+ __u32 num_pointers; /* Number of allocations to track */
2249+ __u32 num_roles; /* Number of roles */
2250+ __u32 num_domain_children; /* Number of domain children */
2251+ __u32 num_subjects; /* Number of subjects */
2252+ __u32 num_objects; /* Number of objects */
2253+};
2254+
2255+struct acl_object_label {
2256+ char *filename;
2257+ ino_t inode;
2258+ dev_t device;
2259+ __u32 mode;
2260+
2261+ struct acl_subject_label *nested;
2262+ struct acl_object_label *globbed;
2263+
2264+ /* next two structures not used */
2265+
2266+ struct acl_object_label *prev;
2267+ struct acl_object_label *next;
2268+};
2269+
2270+struct acl_ip_label {
2271+ char *iface;
2272+ __u32 addr;
2273+ __u32 netmask;
2274+ __u16 low, high;
2275+ __u8 mode;
2276+ __u32 type;
2277+ __u32 proto[8];
2278+
2279+ /* next two structures not used */
2280+
2281+ struct acl_ip_label *prev;
2282+ struct acl_ip_label *next;
2283+};
2284+
2285+struct gr_arg {
2286+ struct user_acl_role_db role_db;
2287+ unsigned char pw[GR_PW_LEN];
2288+ unsigned char salt[GR_SALT_LEN];
2289+ unsigned char sum[GR_SHA_LEN];
2290+ unsigned char sp_role[GR_SPROLE_LEN];
2291+ struct sprole_pw *sprole_pws;
2292+ dev_t segv_device;
2293+ ino_t segv_inode;
2294+ uid_t segv_uid;
2295+ __u16 num_sprole_pws;
2296+ __u16 mode;
2297+};
2298+
2299+struct gr_arg_wrapper {
2300+ struct gr_arg *arg;
2301+ __u32 version;
2302+ __u32 size;
2303+};
2304+
2305+struct subject_map {
2306+ struct acl_subject_label *user;
2307+ struct acl_subject_label *kernel;
2308+ struct subject_map *prev;
2309+ struct subject_map *next;
2310+};
2311+
2312+struct acl_subj_map_db {
2313+ struct subject_map **s_hash;
2314+ __u32 s_size;
2315+};
2316+
2317+struct gr_policy_state {
2318+ struct sprole_pw **acl_special_roles;
2319+ __u16 num_sprole_pws;
2320+ struct acl_role_label *kernel_role;
2321+ struct acl_role_label *role_list;
2322+ struct acl_role_label *default_role;
2323+ struct acl_role_db acl_role_set;
2324+ struct acl_subj_map_db subj_map_set;
2325+ struct name_db name_set;
2326+ struct inodev_db inodev_set;
2327+};
2328+
2329+struct gr_alloc_state {
2330+ unsigned long alloc_stack_next;
2331+ unsigned long alloc_stack_size;
2332+ void **alloc_stack;
2333+};
2334+
2335+struct gr_reload_state {
2336+ struct gr_policy_state oldpolicy;
2337+ struct gr_alloc_state oldalloc;
2338+ struct gr_policy_state newpolicy;
2339+ struct gr_alloc_state newalloc;
2340+ struct gr_policy_state *oldpolicy_ptr;
2341+ struct gr_alloc_state *oldalloc_ptr;
2342+ unsigned char oldmode;
2343+};
2344+
2345+/* End Data Structures Section */
2346+
2347+/* Hash functions generated by empirical testing by Brad Spengler
2348+ Makes good use of the low bits of the inode. Generally 0-1 times
2349+ in loop for successful match. 0-3 for unsuccessful match.
2350+ Shift/add algorithm with modulus of table size and an XOR*/
2351+
2352+static __inline__ unsigned int
2353+gr_rhash(const uid_t uid, const __u16 type, const unsigned int sz)
2354+{
2355+ return ((((uid + type) << (16 + type)) ^ uid) % sz);
2356+}
2357+
2358+ static __inline__ unsigned int
2359+gr_shash(const struct acl_subject_label *userp, const unsigned int sz)
2360+{
2361+ return ((const unsigned long)userp % sz);
2362+}
2363+
2364+static __inline__ unsigned int
2365+gr_fhash(const ino_t ino, const dev_t dev, const unsigned int sz)
2366+{
2367+ return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz);
2368+}
2369+
2370+static __inline__ unsigned int
2371+gr_nhash(const char *name, const __u16 len, const unsigned int sz)
2372+{
2373+ return full_name_hash((const unsigned char *)name, len) % sz;
2374+}
2375+
2376+#define FOR_EACH_SUBJECT_START(role,subj,iter) \
2377+ subj = NULL; \
2378+ iter = 0; \
2379+ while (iter < role->subj_hash_size) { \
2380+ if (subj == NULL) \
2381+ subj = role->subj_hash[iter]; \
2382+ if (subj == NULL) { \
2383+ iter++; \
2384+ continue; \
2385+ }
2386+
2387+#define FOR_EACH_SUBJECT_END(subj,iter) \
2388+ subj = subj->next; \
2389+ if (subj == NULL) \
2390+ iter++; \
2391+ }
2392+
2393+
2394+#define FOR_EACH_NESTED_SUBJECT_START(role,subj) \
2395+ subj = role->hash->first; \
2396+ while (subj != NULL) {
2397+
2398+#define FOR_EACH_NESTED_SUBJECT_END(subj) \
2399+ subj = subj->next; \
2400+ }
2401+
2402+#endif
2403+
2404diff -Naur backports-3.18.1-1.org/include/linux/gralloc.h backports-3.18.1-1/include/linux/gralloc.h
2405--- backports-3.18.1-1.org/include/linux/gralloc.h 1970-01-01 01:00:00.000000000 +0100
2406+++ backports-3.18.1-1/include/linux/gralloc.h 2014-12-28 14:10:09.684889542 +0100
2407@@ -0,0 +1,9 @@
2408+#ifndef __GRALLOC_H
2409+#define __GRALLOC_H
2410+
2411+void acl_free_all(void);
2412+int acl_alloc_stack_init(unsigned long size);
2413+void *acl_alloc(unsigned long len);
2414+void *acl_alloc_num(unsigned long num, unsigned long len);
2415+
2416+#endif
2417diff -Naur backports-3.18.1-1.org/include/linux/grdefs.h backports-3.18.1-1/include/linux/grdefs.h
2418--- backports-3.18.1-1.org/include/linux/grdefs.h 1970-01-01 01:00:00.000000000 +0100
2419+++ backports-3.18.1-1/include/linux/grdefs.h 2014-12-28 14:10:09.688889562 +0100
2420@@ -0,0 +1,140 @@
2421+#ifndef GRDEFS_H
2422+#define GRDEFS_H
2423+
2424+/* Begin grsecurity status declarations */
2425+
2426+enum {
2427+ GR_READY = 0x01,
2428+ GR_STATUS_INIT = 0x00 // disabled state
2429+};
2430+
2431+/* Begin ACL declarations */
2432+
2433+/* Role flags */
2434+
2435+enum {
2436+ GR_ROLE_USER = 0x0001,
2437+ GR_ROLE_GROUP = 0x0002,
2438+ GR_ROLE_DEFAULT = 0x0004,
2439+ GR_ROLE_SPECIAL = 0x0008,
2440+ GR_ROLE_AUTH = 0x0010,
2441+ GR_ROLE_NOPW = 0x0020,
2442+ GR_ROLE_GOD = 0x0040,
2443+ GR_ROLE_LEARN = 0x0080,
2444+ GR_ROLE_TPE = 0x0100,
2445+ GR_ROLE_DOMAIN = 0x0200,
2446+ GR_ROLE_PAM = 0x0400,
2447+ GR_ROLE_PERSIST = 0x0800
2448+};
2449+
2450+/* ACL Subject and Object mode flags */
2451+enum {
2452+ GR_DELETED = 0x80000000
2453+};
2454+
2455+/* ACL Object-only mode flags */
2456+enum {
2457+ GR_READ = 0x00000001,
2458+ GR_APPEND = 0x00000002,
2459+ GR_WRITE = 0x00000004,
2460+ GR_EXEC = 0x00000008,
2461+ GR_FIND = 0x00000010,
2462+ GR_INHERIT = 0x00000020,
2463+ GR_SETID = 0x00000040,
2464+ GR_CREATE = 0x00000080,
2465+ GR_DELETE = 0x00000100,
2466+ GR_LINK = 0x00000200,
2467+ GR_AUDIT_READ = 0x00000400,
2468+ GR_AUDIT_APPEND = 0x00000800,
2469+ GR_AUDIT_WRITE = 0x00001000,
2470+ GR_AUDIT_EXEC = 0x00002000,
2471+ GR_AUDIT_FIND = 0x00004000,
2472+ GR_AUDIT_INHERIT= 0x00008000,
2473+ GR_AUDIT_SETID = 0x00010000,
2474+ GR_AUDIT_CREATE = 0x00020000,
2475+ GR_AUDIT_DELETE = 0x00040000,
2476+ GR_AUDIT_LINK = 0x00080000,
2477+ GR_PTRACERD = 0x00100000,
2478+ GR_NOPTRACE = 0x00200000,
2479+ GR_SUPPRESS = 0x00400000,
2480+ GR_NOLEARN = 0x00800000,
2481+ GR_INIT_TRANSFER= 0x01000000
2482+};
2483+
2484+#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \
2485+ GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \
2486+ GR_AUDIT_CREATE | GR_AUDIT_DELETE | GR_AUDIT_LINK)
2487+
2488+/* ACL subject-only mode flags */
2489+enum {
2490+ GR_KILL = 0x00000001,
2491+ GR_VIEW = 0x00000002,
2492+ GR_PROTECTED = 0x00000004,
2493+ GR_LEARN = 0x00000008,
2494+ GR_OVERRIDE = 0x00000010,
2495+ /* just a placeholder, this mode is only used in userspace */
2496+ GR_DUMMY = 0x00000020,
2497+ GR_PROTSHM = 0x00000040,
2498+ GR_KILLPROC = 0x00000080,
2499+ GR_KILLIPPROC = 0x00000100,
2500+ /* just a placeholder, this mode is only used in userspace */
2501+ GR_NOTROJAN = 0x00000200,
2502+ GR_PROTPROCFD = 0x00000400,
2503+ GR_PROCACCT = 0x00000800,
2504+ GR_RELAXPTRACE = 0x00001000,
2505+ //GR_NESTED = 0x00002000,
2506+ GR_INHERITLEARN = 0x00004000,
2507+ GR_PROCFIND = 0x00008000,
2508+ GR_POVERRIDE = 0x00010000,
2509+ GR_KERNELAUTH = 0x00020000,
2510+ GR_ATSECURE = 0x00040000,
2511+ GR_SHMEXEC = 0x00080000
2512+};
2513+
2514+enum {
2515+ GR_PAX_ENABLE_SEGMEXEC = 0x0001,
2516+ GR_PAX_ENABLE_PAGEEXEC = 0x0002,
2517+ GR_PAX_ENABLE_MPROTECT = 0x0004,
2518+ GR_PAX_ENABLE_RANDMMAP = 0x0008,
2519+ GR_PAX_ENABLE_EMUTRAMP = 0x0010,
2520+ GR_PAX_DISABLE_SEGMEXEC = 0x0100,
2521+ GR_PAX_DISABLE_PAGEEXEC = 0x0200,
2522+ GR_PAX_DISABLE_MPROTECT = 0x0400,
2523+ GR_PAX_DISABLE_RANDMMAP = 0x0800,
2524+ GR_PAX_DISABLE_EMUTRAMP = 0x1000,
2525+};
2526+
2527+enum {
2528+ GR_ID_USER = 0x01,
2529+ GR_ID_GROUP = 0x02,
2530+};
2531+
2532+enum {
2533+ GR_ID_ALLOW = 0x01,
2534+ GR_ID_DENY = 0x02,
2535+};
2536+
2537+#define GR_CRASH_RES 31
2538+#define GR_UIDTABLE_MAX 500
2539+
2540+/* begin resource learning section */
2541+enum {
2542+ GR_RLIM_CPU_BUMP = 60,
2543+ GR_RLIM_FSIZE_BUMP = 50000,
2544+ GR_RLIM_DATA_BUMP = 10000,
2545+ GR_RLIM_STACK_BUMP = 1000,
2546+ GR_RLIM_CORE_BUMP = 10000,
2547+ GR_RLIM_RSS_BUMP = 500000,
2548+ GR_RLIM_NPROC_BUMP = 1,
2549+ GR_RLIM_NOFILE_BUMP = 5,
2550+ GR_RLIM_MEMLOCK_BUMP = 50000,
2551+ GR_RLIM_AS_BUMP = 500000,
2552+ GR_RLIM_LOCKS_BUMP = 2,
2553+ GR_RLIM_SIGPENDING_BUMP = 5,
2554+ GR_RLIM_MSGQUEUE_BUMP = 10000,
2555+ GR_RLIM_NICE_BUMP = 1,
2556+ GR_RLIM_RTPRIO_BUMP = 1,
2557+ GR_RLIM_RTTIME_BUMP = 1000000
2558+};
2559+
2560+#endif
2561diff -Naur backports-3.18.1-1.org/include/linux/grinternal.h backports-3.18.1-1/include/linux/grinternal.h
2562--- backports-3.18.1-1.org/include/linux/grinternal.h 1970-01-01 01:00:00.000000000 +0100
2563+++ backports-3.18.1-1/include/linux/grinternal.h 2014-12-28 14:10:09.688889562 +0100
2564@@ -0,0 +1,229 @@
2565+#ifndef __GRINTERNAL_H
2566+#define __GRINTERNAL_H
2567+
2568+#ifdef CONFIG_GRKERNSEC
2569+
2570+#include <linux/fs.h>
2571+#include <linux/mnt_namespace.h>
2572+#include <linux/nsproxy.h>
2573+#include <linux/gracl.h>
2574+#include <linux/grdefs.h>
2575+#include <linux/grmsg.h>
2576+
2577+void gr_add_learn_entry(const char *fmt, ...)
2578+ __attribute__ ((format (printf, 1, 2)));
2579+__u32 gr_search_file(const struct dentry *dentry, const __u32 mode,
2580+ const struct vfsmount *mnt);
2581+__u32 gr_check_create(const struct dentry *new_dentry,
2582+ const struct dentry *parent,
2583+ const struct vfsmount *mnt, const __u32 mode);
2584+int gr_check_protected_task(const struct task_struct *task);
2585+__u32 to_gr_audit(const __u32 reqmode);
2586+int gr_set_acls(const int type);
2587+int gr_acl_is_enabled(void);
2588+char gr_roletype_to_char(void);
2589+
2590+void gr_handle_alertkill(struct task_struct *task);
2591+char *gr_to_filename(const struct dentry *dentry,
2592+ const struct vfsmount *mnt);
2593+char *gr_to_filename1(const struct dentry *dentry,
2594+ const struct vfsmount *mnt);
2595+char *gr_to_filename2(const struct dentry *dentry,
2596+ const struct vfsmount *mnt);
2597+char *gr_to_filename3(const struct dentry *dentry,
2598+ const struct vfsmount *mnt);
2599+
2600+extern int grsec_enable_ptrace_readexec;
2601+extern int grsec_enable_harden_ptrace;
2602+extern int grsec_enable_link;
2603+extern int grsec_enable_fifo;
2604+extern int grsec_enable_execve;
2605+extern int grsec_enable_shm;
2606+extern int grsec_enable_execlog;
2607+extern int grsec_enable_signal;
2608+extern int grsec_enable_audit_ptrace;
2609+extern int grsec_enable_forkfail;
2610+extern int grsec_enable_time;
2611+extern int grsec_enable_rofs;
2612+extern int grsec_deny_new_usb;
2613+extern int grsec_enable_chroot_shmat;
2614+extern int grsec_enable_chroot_mount;
2615+extern int grsec_enable_chroot_double;
2616+extern int grsec_enable_chroot_pivot;
2617+extern int grsec_enable_chroot_chdir;
2618+extern int grsec_enable_chroot_chmod;
2619+extern int grsec_enable_chroot_mknod;
2620+extern int grsec_enable_chroot_fchdir;
2621+extern int grsec_enable_chroot_nice;
2622+extern int grsec_enable_chroot_execlog;
2623+extern int grsec_enable_chroot_caps;
2624+extern int grsec_enable_chroot_sysctl;
2625+extern int grsec_enable_chroot_unix;
2626+extern int grsec_enable_symlinkown;
2627+extern kgid_t grsec_symlinkown_gid;
2628+extern int grsec_enable_tpe;
2629+extern kgid_t grsec_tpe_gid;
2630+extern int grsec_enable_tpe_all;
2631+extern int grsec_enable_tpe_invert;
2632+extern int grsec_enable_socket_all;
2633+extern kgid_t grsec_socket_all_gid;
2634+extern int grsec_enable_socket_client;
2635+extern kgid_t grsec_socket_client_gid;
2636+extern int grsec_enable_socket_server;
2637+extern kgid_t grsec_socket_server_gid;
2638+extern kgid_t grsec_audit_gid;
2639+extern int grsec_enable_group;
2640+extern int grsec_enable_log_rwxmaps;
2641+extern int grsec_enable_mount;
2642+extern int grsec_enable_chdir;
2643+extern int grsec_resource_logging;
2644+extern int grsec_enable_blackhole;
2645+extern int grsec_lastack_retries;
2646+extern int grsec_enable_brute;
2647+extern int grsec_enable_harden_ipc;
2648+extern int grsec_lock;
2649+
2650+extern spinlock_t grsec_alert_lock;
2651+extern unsigned long grsec_alert_wtime;
2652+extern unsigned long grsec_alert_fyet;
2653+
2654+extern spinlock_t grsec_audit_lock;
2655+
2656+extern rwlock_t grsec_exec_file_lock;
2657+
2658+#define gr_task_fullpath(tsk) ((tsk)->exec_file ? \
2659+ gr_to_filename2((tsk)->exec_file->f_path.dentry, \
2660+ (tsk)->exec_file->f_path.mnt) : "/")
2661+
2662+#define gr_parent_task_fullpath(tsk) ((tsk)->real_parent->exec_file ? \
2663+ gr_to_filename3((tsk)->real_parent->exec_file->f_path.dentry, \
2664+ (tsk)->real_parent->exec_file->f_path.mnt) : "/")
2665+
2666+#define gr_task_fullpath0(tsk) ((tsk)->exec_file ? \
2667+ gr_to_filename((tsk)->exec_file->f_path.dentry, \
2668+ (tsk)->exec_file->f_path.mnt) : "/")
2669+
2670+#define gr_parent_task_fullpath0(tsk) ((tsk)->real_parent->exec_file ? \
2671+ gr_to_filename1((tsk)->real_parent->exec_file->f_path.dentry, \
2672+ (tsk)->real_parent->exec_file->f_path.mnt) : "/")
2673+
2674+#define proc_is_chrooted(tsk_a) ((tsk_a)->gr_is_chrooted)
2675+
2676+#define have_same_root(tsk_a,tsk_b) ((tsk_a)->gr_chroot_dentry == (tsk_b)->gr_chroot_dentry)
2677+
2678+static inline bool gr_is_same_file(const struct file *file1, const struct file *file2)
2679+{
2680+ if (file1 && file2) {
2681+ const struct inode *inode1 = file1->f_path.dentry->d_inode;
2682+ const struct inode *inode2 = file2->f_path.dentry->d_inode;
2683+ if (inode1->i_ino == inode2->i_ino && inode1->i_sb->s_dev == inode2->i_sb->s_dev)
2684+ return true;
2685+ }
2686+
2687+ return false;
2688+}
2689+
2690+#define GR_CHROOT_CAPS {{ \
2691+ CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \
2692+ CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \
2693+ CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
2694+ CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
2695+ CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
2696+ CAP_TO_MASK(CAP_IPC_OWNER) | CAP_TO_MASK(CAP_SETFCAP), \
2697+ CAP_TO_MASK(CAP_SYSLOG) | CAP_TO_MASK(CAP_MAC_ADMIN) }}
2698+
2699+#define security_learn(normal_msg,args...) \
2700+({ \
2701+ read_lock(&grsec_exec_file_lock); \
2702+ gr_add_learn_entry(normal_msg "\n", ## args); \
2703+ read_unlock(&grsec_exec_file_lock); \
2704+})
2705+
2706+enum {
2707+ GR_DO_AUDIT,
2708+ GR_DONT_AUDIT,
2709+ /* used for non-audit messages that we shouldn't kill the task on */
2710+ GR_DONT_AUDIT_GOOD
2711+};
2712+
2713+enum {
2714+ GR_TTYSNIFF,
2715+ GR_RBAC,
2716+ GR_RBAC_STR,
2717+ GR_STR_RBAC,
2718+ GR_RBAC_MODE2,
2719+ GR_RBAC_MODE3,
2720+ GR_FILENAME,
2721+ GR_SYSCTL_HIDDEN,
2722+ GR_NOARGS,
2723+ GR_ONE_INT,
2724+ GR_ONE_INT_TWO_STR,
2725+ GR_ONE_STR,
2726+ GR_STR_INT,
2727+ GR_TWO_STR_INT,
2728+ GR_TWO_INT,
2729+ GR_TWO_U64,
2730+ GR_THREE_INT,
2731+ GR_FIVE_INT_TWO_STR,
2732+ GR_TWO_STR,
2733+ GR_THREE_STR,
2734+ GR_FOUR_STR,
2735+ GR_STR_FILENAME,
2736+ GR_FILENAME_STR,
2737+ GR_FILENAME_TWO_INT,
2738+ GR_FILENAME_TWO_INT_STR,
2739+ GR_TEXTREL,
2740+ GR_PTRACE,
2741+ GR_RESOURCE,
2742+ GR_CAP,
2743+ GR_SIG,
2744+ GR_SIG2,
2745+ GR_CRASH1,
2746+ GR_CRASH2,
2747+ GR_PSACCT,
2748+ GR_RWXMAP,
2749+ GR_RWXMAPVMA
2750+};
2751+
2752+#define gr_log_hidden_sysctl(audit, msg, str) gr_log_varargs(audit, msg, GR_SYSCTL_HIDDEN, str)
2753+#define gr_log_ttysniff(audit, msg, task) gr_log_varargs(audit, msg, GR_TTYSNIFF, task)
2754+#define gr_log_fs_rbac_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_RBAC, dentry, mnt)
2755+#define gr_log_fs_rbac_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_RBAC_STR, dentry, mnt, str)
2756+#define gr_log_fs_str_rbac(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_RBAC, str, dentry, mnt)
2757+#define gr_log_fs_rbac_mode2(audit, msg, dentry, mnt, str1, str2) gr_log_varargs(audit, msg, GR_RBAC_MODE2, dentry, mnt, str1, str2)
2758+#define gr_log_fs_rbac_mode3(audit, msg, dentry, mnt, str1, str2, str3) gr_log_varargs(audit, msg, GR_RBAC_MODE3, dentry, mnt, str1, str2, str3)
2759+#define gr_log_fs_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_FILENAME, dentry, mnt)
2760+#define gr_log_noargs(audit, msg) gr_log_varargs(audit, msg, GR_NOARGS)
2761+#define gr_log_int(audit, msg, num) gr_log_varargs(audit, msg, GR_ONE_INT, num)
2762+#define gr_log_int_str2(audit, msg, num, str1, str2) gr_log_varargs(audit, msg, GR_ONE_INT_TWO_STR, num, str1, str2)
2763+#define gr_log_str(audit, msg, str) gr_log_varargs(audit, msg, GR_ONE_STR, str)
2764+#define gr_log_str_int(audit, msg, str, num) gr_log_varargs(audit, msg, GR_STR_INT, str, num)
2765+#define gr_log_int_int(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_INT, num1, num2)
2766+#define gr_log_two_u64(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_U64, num1, num2)
2767+#define gr_log_int3(audit, msg, num1, num2, num3) gr_log_varargs(audit, msg, GR_THREE_INT, num1, num2, num3)
2768+#define gr_log_int5_str2(audit, msg, num1, num2, str1, str2) gr_log_varargs(audit, msg, GR_FIVE_INT_TWO_STR, num1, num2, str1, str2)
2769+#define gr_log_str_str(audit, msg, str1, str2) gr_log_varargs(audit, msg, GR_TWO_STR, str1, str2)
2770+#define gr_log_str2_int(audit, msg, str1, str2, num) gr_log_varargs(audit, msg, GR_TWO_STR_INT, str1, str2, num)
2771+#define gr_log_str3(audit, msg, str1, str2, str3) gr_log_varargs(audit, msg, GR_THREE_STR, str1, str2, str3)
2772+#define gr_log_str4(audit, msg, str1, str2, str3, str4) gr_log_varargs(audit, msg, GR_FOUR_STR, str1, str2, str3, str4)
2773+#define gr_log_str_fs(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_FILENAME, str, dentry, mnt)
2774+#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str)
2775+#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2)
2776+#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str)
2777+#define gr_log_textrel_ulong_ulong(audit, msg, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, file, ulong1, ulong2)
2778+#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task)
2779+#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2)
2780+#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str)
2781+#define gr_log_sig_addr(audit, msg, str, addr) gr_log_varargs(audit, msg, GR_SIG, str, addr)
2782+#define gr_log_sig_task(audit, msg, task, num) gr_log_varargs(audit, msg, GR_SIG2, task, num)
2783+#define gr_log_crash1(audit, msg, task, ulong) gr_log_varargs(audit, msg, GR_CRASH1, task, ulong)
2784+#define gr_log_crash2(audit, msg, task, ulong1) gr_log_varargs(audit, msg, GR_CRASH2, task, ulong1)
2785+#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9)
2786+#define gr_log_rwxmap(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAP, str)
2787+#define gr_log_rwxmap_vma(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAPVMA, str)
2788+
2789+void gr_log_varargs(int audit, const char *msg, int argtypes, ...);
2790+
2791+#endif
2792+
2793+#endif
2794diff -Naur backports-3.18.1-1.org/include/linux/grmsg.h backports-3.18.1-1/include/linux/grmsg.h
2795--- backports-3.18.1-1.org/include/linux/grmsg.h 1970-01-01 01:00:00.000000000 +0100
2796+++ backports-3.18.1-1/include/linux/grmsg.h 2014-12-28 14:10:09.688889562 +0100
2797@@ -0,0 +1,117 @@
2798+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
2799+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
2800+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
2801+#define GR_STOPMOD_MSG "denied modification of module state by "
2802+#define GR_ROFS_BLOCKWRITE_MSG "denied write to block device %.950s by "
2803+#define GR_ROFS_MOUNT_MSG "denied writable mount of %.950s by "
2804+#define GR_IOPERM_MSG "denied use of ioperm() by "
2805+#define GR_IOPL_MSG "denied use of iopl() by "
2806+#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by "
2807+#define GR_UNIX_CHROOT_MSG "denied connect() to abstract AF_UNIX socket outside of chroot by "
2808+#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by "
2809+#define GR_MEM_READWRITE_MSG "denied access of range %Lx -> %Lx in /dev/mem by "
2810+#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by "
2811+#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%pI4"
2812+#define GR_ID_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%c\t%d\t%d\t%d\t%pI4"
2813+#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by "
2814+#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by "
2815+#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by "
2816+#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by "
2817+#define GR_MKNOD_CHROOT_MSG "denied mknod of %.950s from chroot by "
2818+#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by "
2819+#define GR_UNIXCONNECT_ACL_MSG "%s connect() to the unix domain socket %.950s by "
2820+#define GR_TTYSNIFF_ACL_MSG "terminal being sniffed by IP:%pI4 %.480s[%.16s:%d], parent %.480s[%.16s:%d] against "
2821+#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by "
2822+#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by "
2823+#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by "
2824+#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by "
2825+#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for "
2826+#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by "
2827+#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by "
2828+#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by "
2829+#define GR_UNSAFESHARE_EXEC_ACL_MSG "denied exec with cloned fs of %.950s by "
2830+#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by "
2831+#define GR_EXEC_ACL_MSG "%s execution of %.950s by "
2832+#define GR_EXEC_TPE_MSG "denied untrusted exec (due to %.70s) of %.950s by "
2833+#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds"
2834+#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution for %lu seconds"
2835+#define GR_MOUNT_CHROOT_MSG "denied mount of %.256s as %.930s from chroot by "
2836+#define GR_PIVOT_CHROOT_MSG "denied pivot_root from chroot by "
2837+#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by "
2838+#define GR_ATIME_ACL_MSG "%s access time change of %.950s by "
2839+#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by "
2840+#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by "
2841+#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by "
2842+#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
2843+#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
2844+#define GR_CHROOT_FHANDLE_MSG "denied use of file handles inside chroot by "
2845+#define GR_CHOWN_ACL_MSG "%s chown of %.950s by "
2846+#define GR_SETXATTR_ACL_MSG "%s setting extended attribute of %.950s by "
2847+#define GR_REMOVEXATTR_ACL_MSG "%s removing extended attribute of %.950s by "
2848+#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by "
2849+#define GR_INITF_ACL_MSG "init_variables() failed %s by "
2850+#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader"
2851+#define GR_DEV_ACL_MSG "/dev/grsec: %d bytes sent %d required, being fed garbage by "
2852+#define GR_SHUTS_ACL_MSG "shutdown auth success for "
2853+#define GR_SHUTF_ACL_MSG "shutdown auth failure for "
2854+#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for "
2855+#define GR_SEGVMODS_ACL_MSG "segvmod auth success for "
2856+#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for "
2857+#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for "
2858+#define GR_ENABLE_ACL_MSG "%s RBAC system loaded by "
2859+#define GR_ENABLEF_ACL_MSG "unable to load %s for "
2860+#define GR_RELOADI_ACL_MSG "ignoring reload request for disabled RBAC system"
2861+#define GR_RELOAD_ACL_MSG "%s RBAC system reloaded by "
2862+#define GR_RELOADF_ACL_MSG "failed reload of %s for "
2863+#define GR_SPROLEI_ACL_MSG "ignoring change to special role for disabled RBAC system for "
2864+#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by "
2865+#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by "
2866+#define GR_SPROLEF_ACL_MSG "special role %s failure for "
2867+#define GR_UNSPROLEI_ACL_MSG "ignoring unauth of special role for disabled RBAC system for "
2868+#define GR_UNSPROLES_ACL_MSG "successful unauth of special role %s (id %d) by "
2869+#define GR_INVMODE_ACL_MSG "invalid mode %d by "
2870+#define GR_PRIORITY_CHROOT_MSG "denied priority change of process (%.16s:%d) by "
2871+#define GR_FAILFORK_MSG "failed fork with errno %s by "
2872+#define GR_NICE_CHROOT_MSG "denied priority change by "
2873+#define GR_UNISIGLOG_MSG "%.32s occurred at %p in "
2874+#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by "
2875+#define GR_SIG_ACL_MSG "denied send of signal %d to protected task " DEFAULTSECMSG " by "
2876+#define GR_SYSCTL_MSG "denied modification of grsecurity sysctl value : %.32s by "
2877+#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by "
2878+#define GR_TIME_MSG "time set by "
2879+#define GR_DEFACL_MSG "fatal: unable to find subject for (%.16s:%d), loaded by "
2880+#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by "
2881+#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by "
2882+#define GR_SOCK_MSG "denied socket(%.16s,%.16s,%.16s) by "
2883+#define GR_SOCK_NOINET_MSG "denied socket(%.16s,%.16s,%d) by "
2884+#define GR_BIND_MSG "denied bind() by "
2885+#define GR_CONNECT_MSG "denied connect() by "
2886+#define GR_BIND_ACL_MSG "denied bind() to %pI4 port %u sock type %.16s protocol %.16s by "
2887+#define GR_CONNECT_ACL_MSG "denied connect() to %pI4 port %u sock type %.16s protocol %.16s by "
2888+#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4"
2889+#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process "
2890+#define GR_CAP_ACL_MSG "use of %s denied for "
2891+#define GR_CAP_CHROOT_MSG "use of %s in chroot denied for "
2892+#define GR_CAP_ACL_MSG2 "use of %s permitted for "
2893+#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for "
2894+#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for "
2895+#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by "
2896+#define GR_UNMOUNT_AUDIT_MSG "unmount of %.256s by "
2897+#define GR_MOUNT_AUDIT_MSG "mount of %.256s to %.256s by "
2898+#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by "
2899+#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.128s) by "
2900+#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for "
2901+#define GR_RWXMMAP_MSG "denied RWX mmap of %.950s by "
2902+#define GR_RWXMPROTECT_MSG "denied RWX mprotect of %.950s by "
2903+#define GR_TEXTREL_AUDIT_MSG "denied text relocation in %.950s, VMA:0x%08lx 0x%08lx by "
2904+#define GR_PTGNUSTACK_MSG "denied marking stack executable as requested by PT_GNU_STACK marking in %.950s by "
2905+#define GR_VM86_MSG "denied use of vm86 by "
2906+#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by "
2907+#define GR_PTRACE_READEXEC_MSG "denied ptrace of unreadable binary %.950s by "
2908+#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by "
2909+#define GR_BADPROCPID_MSG "denied read of sensitive /proc/pid/%s entry via fd passed across exec by "
2910+#define GR_SYMLINKOWNER_MSG "denied following symlink %.950s since symlink owner %u does not match target owner %u, by "
2911+#define GR_BRUTE_DAEMON_MSG "bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for "
2912+#define GR_BRUTE_SUID_MSG "bruteforce prevention initiated due to crash of %.950s against uid %u, banning suid/sgid execs for %u minutes. Please investigate the crash report for "
2913+#define GR_IPC_DENIED_MSG "denied %s of overly-permissive IPC object with creator uid %u by "
2914+#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
2915diff -Naur backports-3.18.1-1.org/include/linux/grsecurity.h backports-3.18.1-1/include/linux/grsecurity.h
2916--- backports-3.18.1-1.org/include/linux/grsecurity.h 1970-01-01 01:00:00.000000000 +0100
2917+++ backports-3.18.1-1/include/linux/grsecurity.h 2014-12-28 14:10:09.688889562 +0100
2918@@ -0,0 +1,254 @@
2919+#ifndef GR_SECURITY_H
2920+#define GR_SECURITY_H
2921+#include <linux/fs.h>
2922+#include <linux/fs_struct.h>
2923+#include <linux/binfmts.h>
2924+#include <linux/gracl.h>
2925+
2926+/* notify of brain-dead configs */
2927+#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
2928+#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled."
2929+#endif
2930+#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
2931+#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled"
2932+#endif
2933+#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
2934+#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
2935+#endif
2936+#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP)
2937+#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled."
2938+#endif
2939+#if defined(CONFIG_PAX) && !defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_ASLR)
2940+#error "CONFIG_PAX enabled, but no PaX options are enabled."
2941+#endif
2942+
2943+int gr_handle_new_usb(void);
2944+
2945+void gr_handle_brute_attach(int dumpable);
2946+void gr_handle_brute_check(void);
2947+void gr_handle_kernel_exploit(void);
2948+
2949+char gr_roletype_to_char(void);
2950+
2951+int gr_proc_is_restricted(void);
2952+
2953+int gr_acl_enable_at_secure(void);
2954+
2955+int gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs);
2956+int gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs);
2957+
2958+int gr_learn_cap(const struct task_struct *task, const struct cred *cred, const int cap);
2959+
2960+void gr_del_task_from_ip_table(struct task_struct *p);
2961+
2962+int gr_pid_is_chrooted(struct task_struct *p);
2963+int gr_handle_chroot_fowner(struct pid *pid, enum pid_type type);
2964+int gr_handle_chroot_nice(void);
2965+int gr_handle_chroot_sysctl(const int op);
2966+int gr_handle_chroot_setpriority(struct task_struct *p,
2967+ const int niceval);
2968+int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
2969+int gr_chroot_fhandle(void);
2970+int gr_handle_chroot_chroot(const struct dentry *dentry,
2971+ const struct vfsmount *mnt);
2972+void gr_handle_chroot_chdir(const struct path *path);
2973+int gr_handle_chroot_chmod(const struct dentry *dentry,
2974+ const struct vfsmount *mnt, const int mode);
2975+int gr_handle_chroot_mknod(const struct dentry *dentry,
2976+ const struct vfsmount *mnt, const int mode);
2977+int gr_handle_chroot_mount(const struct dentry *dentry,
2978+ const struct vfsmount *mnt,
2979+ const char *dev_name);
2980+int gr_handle_chroot_pivot(void);
2981+int gr_handle_chroot_unix(const pid_t pid);
2982+
2983+int gr_handle_rawio(const struct inode *inode);
2984+
2985+void gr_handle_ioperm(void);
2986+void gr_handle_iopl(void);
2987+void gr_handle_msr_write(void);
2988+
2989+umode_t gr_acl_umask(void);
2990+
2991+int gr_tpe_allow(const struct file *file);
2992+
2993+void gr_set_chroot_entries(struct task_struct *task, const struct path *path);
2994+void gr_clear_chroot_entries(struct task_struct *task);
2995+
2996+void gr_log_forkfail(const int retval);
2997+void gr_log_timechange(void);
2998+void gr_log_signal(const int sig, const void *addr, const struct task_struct *t);
2999+void gr_log_chdir(const struct dentry *dentry,
3000+ const struct vfsmount *mnt);
3001+void gr_log_chroot_exec(const struct dentry *dentry,
3002+ const struct vfsmount *mnt);
3003+void gr_log_remount(const char *devname, const int retval);
3004+void gr_log_unmount(const char *devname, const int retval);
3005+void gr_log_mount(const char *from, const char *to, const int retval);
3006+void gr_log_textrel(struct vm_area_struct *vma);
3007+void gr_log_ptgnustack(struct file *file);
3008+void gr_log_rwxmmap(struct file *file);
3009+void gr_log_rwxmprotect(struct vm_area_struct *vma);
3010+
3011+int gr_handle_follow_link(const struct inode *parent,
3012+ const struct inode *inode,
3013+ const struct dentry *dentry,
3014+ const struct vfsmount *mnt);
3015+int gr_handle_fifo(const struct dentry *dentry,
3016+ const struct vfsmount *mnt,
3017+ const struct dentry *dir, const int flag,
3018+ const int acc_mode);
3019+int gr_handle_hardlink(const struct dentry *dentry,
3020+ const struct vfsmount *mnt,
3021+ struct inode *inode,
3022+ const int mode, const struct filename *to);
3023+
3024+int gr_is_capable(const int cap);
3025+int gr_is_capable_nolog(const int cap);
3026+int gr_task_is_capable(const struct task_struct *task, const struct cred *cred, const int cap);
3027+int gr_task_is_capable_nolog(const struct task_struct *task, const int cap);
3028+
3029+void gr_copy_label(struct task_struct *tsk);
3030+void gr_handle_crash(struct task_struct *task, const int sig);
3031+int gr_handle_signal(const struct task_struct *p, const int sig);
3032+int gr_check_crash_uid(const kuid_t uid);
3033+int gr_check_protected_task(const struct task_struct *task);
3034+int gr_check_protected_task_fowner(struct pid *pid, enum pid_type type);
3035+int gr_acl_handle_mmap(const struct file *file,
3036+ const unsigned long prot);
3037+int gr_acl_handle_mprotect(const struct file *file,
3038+ const unsigned long prot);
3039+int gr_check_hidden_task(const struct task_struct *tsk);
3040+__u32 gr_acl_handle_truncate(const struct dentry *dentry,
3041+ const struct vfsmount *mnt);
3042+__u32 gr_acl_handle_utime(const struct dentry *dentry,
3043+ const struct vfsmount *mnt);
3044+__u32 gr_acl_handle_access(const struct dentry *dentry,
3045+ const struct vfsmount *mnt, const int fmode);
3046+__u32 gr_acl_handle_chmod(const struct dentry *dentry,
3047+ const struct vfsmount *mnt, umode_t *mode);
3048+__u32 gr_acl_handle_chown(const struct dentry *dentry,
3049+ const struct vfsmount *mnt);
3050+__u32 gr_acl_handle_setxattr(const struct dentry *dentry,
3051+ const struct vfsmount *mnt);
3052+__u32 gr_acl_handle_removexattr(const struct dentry *dentry,
3053+ const struct vfsmount *mnt);
3054+int gr_handle_ptrace(struct task_struct *task, const long request);
3055+int gr_handle_proc_ptrace(struct task_struct *task);
3056+__u32 gr_acl_handle_execve(const struct dentry *dentry,
3057+ const struct vfsmount *mnt);
3058+int gr_check_crash_exec(const struct file *filp);
3059+int gr_acl_is_enabled(void);
3060+void gr_set_role_label(struct task_struct *task, const kuid_t uid,
3061+ const kgid_t gid);
3062+int gr_set_proc_label(const struct dentry *dentry,
3063+ const struct vfsmount *mnt,
3064+ const int unsafe_flags);
3065+__u32 gr_acl_handle_hidden_file(const struct dentry *dentry,
3066+ const struct vfsmount *mnt);
3067+__u32 gr_acl_handle_open(const struct dentry *dentry,
3068+ const struct vfsmount *mnt, int acc_mode);
3069+__u32 gr_acl_handle_creat(const struct dentry *dentry,
3070+ const struct dentry *p_dentry,
3071+ const struct vfsmount *p_mnt,
3072+ int open_flags, int acc_mode, const int imode);
3073+void gr_handle_create(const struct dentry *dentry,
3074+ const struct vfsmount *mnt);
3075+void gr_handle_proc_create(const struct dentry *dentry,
3076+ const struct inode *inode);
3077+__u32 gr_acl_handle_mknod(const struct dentry *new_dentry,
3078+ const struct dentry *parent_dentry,
3079+ const struct vfsmount *parent_mnt,
3080+ const int mode);
3081+__u32 gr_acl_handle_mkdir(const struct dentry *new_dentry,
3082+ const struct dentry *parent_dentry,
3083+ const struct vfsmount *parent_mnt);
3084+__u32 gr_acl_handle_rmdir(const struct dentry *dentry,
3085+ const struct vfsmount *mnt);
3086+void gr_handle_delete(const ino_t ino, const dev_t dev);
3087+__u32 gr_acl_handle_unlink(const struct dentry *dentry,
3088+ const struct vfsmount *mnt);
3089+__u32 gr_acl_handle_symlink(const struct dentry *new_dentry,
3090+ const struct dentry *parent_dentry,
3091+ const struct vfsmount *parent_mnt,
3092+ const struct filename *from);
3093+__u32 gr_acl_handle_link(const struct dentry *new_dentry,
3094+ const struct dentry *parent_dentry,
3095+ const struct vfsmount *parent_mnt,
3096+ const struct dentry *old_dentry,
3097+ const struct vfsmount *old_mnt, const struct filename *to);
3098+int gr_handle_symlink_owner(const struct path *link, const struct inode *target);
3099+int gr_acl_handle_rename(struct dentry *new_dentry,
3100+ struct dentry *parent_dentry,
3101+ const struct vfsmount *parent_mnt,
3102+ struct dentry *old_dentry,
3103+ struct inode *old_parent_inode,
3104+ struct vfsmount *old_mnt, const struct filename *newname, unsigned int flags);
3105+void gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
3106+ struct dentry *old_dentry,
3107+ struct dentry *new_dentry,
3108+ struct vfsmount *mnt, const __u8 replace, unsigned int flags);
3109+__u32 gr_check_link(const struct dentry *new_dentry,
3110+ const struct dentry *parent_dentry,
3111+ const struct vfsmount *parent_mnt,
3112+ const struct dentry *old_dentry,
3113+ const struct vfsmount *old_mnt);
3114+int gr_acl_handle_filldir(const struct file *file, const char *name,
3115+ const unsigned int namelen, const ino_t ino);
3116+
3117+__u32 gr_acl_handle_unix(const struct dentry *dentry,
3118+ const struct vfsmount *mnt);
3119+void gr_acl_handle_exit(void);
3120+void gr_acl_handle_psacct(struct task_struct *task, const long code);
3121+int gr_acl_handle_procpidmem(const struct task_struct *task);
3122+int gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags);
3123+int gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode);
3124+void gr_audit_ptrace(struct task_struct *task);
3125+dev_t gr_get_dev_from_dentry(struct dentry *dentry);
3126+void gr_put_exec_file(struct task_struct *task);
3127+
3128+int gr_ptrace_readexec(struct file *file, int unsafe_flags);
3129+
3130+#if defined(CONFIG_GRKERNSEC) && (defined(CONFIG_GRKERNSEC_RESLOG) || !defined(CONFIG_GRKERNSEC_NO_RBAC))
3131+extern void gr_learn_resource(const struct task_struct *task, const int res,
3132+ const unsigned long wanted, const int gt);
3133+#else
3134+static inline void gr_learn_resource(const struct task_struct *task, const int res,
3135+ const unsigned long wanted, const int gt)
3136+{
3137+}
3138+#endif
3139+
3140+#ifdef CONFIG_GRKERNSEC_RESLOG
3141+extern void gr_log_resource(const struct task_struct *task, const int res,
3142+ const unsigned long wanted, const int gt);
3143+#else
3144+static inline void gr_log_resource(const struct task_struct *task, const int res,
3145+ const unsigned long wanted, const int gt)
3146+{
3147+}
3148+#endif
3149+
3150+#ifdef CONFIG_GRKERNSEC
3151+void task_grsec_rbac(struct seq_file *m, struct task_struct *p);
3152+void gr_handle_vm86(void);
3153+void gr_handle_mem_readwrite(u64 from, u64 to);
3154+
3155+void gr_log_badprocpid(const char *entry);
3156+
3157+extern int grsec_enable_dmesg;
3158+extern int grsec_disable_privio;
3159+
3160+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
3161+extern kgid_t grsec_proc_gid;
3162+#endif
3163+
3164+#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
3165+extern int grsec_enable_chroot_findtask;
3166+#endif
3167+#ifdef CONFIG_GRKERNSEC_SETXID
3168+extern int grsec_enable_setxid;
3169+#endif
3170+#endif
3171+
3172+#endif
3173diff -Naur backports-3.18.1-1.org/include/linux/grsock.h backports-3.18.1-1/include/linux/grsock.h
3174--- backports-3.18.1-1.org/include/linux/grsock.h 1970-01-01 01:00:00.000000000 +0100
3175+++ backports-3.18.1-1/include/linux/grsock.h 2014-12-28 14:10:09.688889562 +0100
3176@@ -0,0 +1,19 @@
3177+#ifndef __GRSOCK_H
3178+#define __GRSOCK_H
3179+
3180+extern void gr_attach_curr_ip(const struct sock *sk);
3181+extern int gr_handle_sock_all(const int family, const int type,
3182+ const int protocol);
3183+extern int gr_handle_sock_server(const struct sockaddr *sck);
3184+extern int gr_handle_sock_server_other(const struct sock *sck);
3185+extern int gr_handle_sock_client(const struct sockaddr *sck);
3186+extern int gr_search_connect(struct socket * sock,
3187+ struct sockaddr_in * addr);
3188+extern int gr_search_bind(struct socket * sock,
3189+ struct sockaddr_in * addr);
3190+extern int gr_search_listen(struct socket * sock);
3191+extern int gr_search_accept(struct socket * sock);
3192+extern int gr_search_socket(const int domain, const int type,
3193+ const int protocol);
3194+
3195+#endif
3196diff -Naur backports-3.18.1-1.org/include/linux/unaligned/access_ok.h backports-3.18.1-1/include/linux/unaligned/access_ok.h
3197--- backports-3.18.1-1.org/include/linux/unaligned/access_ok.h 2014-12-21 22:37:13.000000000 +0100
3198+++ backports-3.18.1-1/include/linux/unaligned/access_ok.h 2014-12-28 14:10:09.712889681 +0100
3199@@ -4,34 +4,34 @@
3200 #include <linux/kernel.h>
3201 #include <asm/byteorder.h>
3202
3203-static inline u16 get_unaligned_le16(const void *p)
3204+static inline u16 __intentional_overflow(-1) get_unaligned_le16(const void *p)
3205 {
3206- return le16_to_cpup((__le16 *)p);
3207+ return le16_to_cpup((const __le16 *)p);
3208 }
3209
3210-static inline u32 get_unaligned_le32(const void *p)
3211+static inline u32 __intentional_overflow(-1) get_unaligned_le32(const void *p)
3212 {
3213- return le32_to_cpup((__le32 *)p);
3214+ return le32_to_cpup((const __le32 *)p);
3215 }
3216
3217-static inline u64 get_unaligned_le64(const void *p)
3218+static inline u64 __intentional_overflow(-1) get_unaligned_le64(const void *p)
3219 {
3220- return le64_to_cpup((__le64 *)p);
3221+ return le64_to_cpup((const __le64 *)p);
3222 }
3223
3224-static inline u16 get_unaligned_be16(const void *p)
3225+static inline u16 __intentional_overflow(-1) get_unaligned_be16(const void *p)
3226 {
3227- return be16_to_cpup((__be16 *)p);
3228+ return be16_to_cpup((const __be16 *)p);
3229 }
3230
3231-static inline u32 get_unaligned_be32(const void *p)
3232+static inline u32 __intentional_overflow(-1) get_unaligned_be32(const void *p)
3233 {
3234- return be32_to_cpup((__be32 *)p);
3235+ return be32_to_cpup((const __be32 *)p);
3236 }
3237
3238-static inline u64 get_unaligned_be64(const void *p)
3239+static inline u64 __intentional_overflow(-1) get_unaligned_be64(const void *p)
3240 {
3241- return be64_to_cpup((__be64 *)p);
3242+ return be64_to_cpup((const __be64 *)p);
3243 }
3244
3245 static inline void put_unaligned_le16(u16 val, void *p)
3246diff -Naur backports-3.18.1-1.org/include/media/v4l2-dev.h backports-3.18.1-1/include/media/v4l2-dev.h
3247--- backports-3.18.1-1.org/include/media/v4l2-dev.h 2014-12-21 22:37:13.000000000 +0100
3248+++ backports-3.18.1-1/include/media/v4l2-dev.h 2014-12-28 14:10:09.716889709 +0100
3249@@ -75,7 +75,7 @@
3250 int (*mmap) (struct file *, struct vm_area_struct *);
3251 int (*open) (struct file *);
3252 int (*release) (struct file *);
3253-};
3254+} __do_const;
3255
3256 /*
3257 * Newer version of video_device, handled by videodev2.c
3258diff -Naur backports-3.18.1-1.org/include/media/v4l2-device.h backports-3.18.1-1/include/media/v4l2-device.h
3259--- backports-3.18.1-1.org/include/media/v4l2-device.h 2014-12-21 22:37:13.000000000 +0100
3260+++ backports-3.18.1-1/include/media/v4l2-device.h 2014-12-28 14:10:09.716889709 +0100
3261@@ -95,7 +95,7 @@
3262 this function returns 0. If the name ends with a digit (e.g. cx18),
3263 then the name will be set to cx18-0 since cx180 looks really odd. */
3264 int v4l2_device_set_name(struct v4l2_device *v4l2_dev, const char *basename,
3265- atomic_t *instance);
3266+ atomic_unchecked_t *instance);
3267
3268 /* Set v4l2_dev->dev to NULL. Call when the USB parent disconnects.
3269 Since the parent disappears this ensures that v4l2_dev doesn't have an
3270diff -Naur backports-3.18.1-1.org/include/net/bluetooth/l2cap.h backports-3.18.1-1/include/net/bluetooth/l2cap.h
3271--- backports-3.18.1-1.org/include/net/bluetooth/l2cap.h 2014-12-21 22:37:13.000000000 +0100
3272+++ backports-3.18.1-1/include/net/bluetooth/l2cap.h 2014-12-28 14:10:09.716889709 +0100
3273@@ -608,7 +608,7 @@
3274 unsigned char *kdata,
3275 struct iovec *iov,
3276 int len);
3277-};
3278+} __do_const;
3279
3280 struct l2cap_conn {
3281 struct hci_conn *hcon;
3282diff -Naur backports-3.18.1-1.org/include/net/mac80211.h backports-3.18.1-1/include/net/mac80211.h
3283--- backports-3.18.1-1.org/include/net/mac80211.h 2014-12-21 22:37:13.000000000 +0100
3284+++ backports-3.18.1-1/include/net/mac80211.h 2014-12-28 14:10:09.724889743 +0100
3285@@ -4648,7 +4648,7 @@
3286 void (*remove_sta_debugfs)(void *priv, void *priv_sta);
3287
3288 u32 (*get_expected_throughput)(void *priv_sta);
3289-};
3290+} __do_const;
3291
3292 static inline int rate_supported(struct ieee80211_sta *sta,
3293 enum ieee80211_band band,
3294diff -Naur backports-3.18.1-1.org/include/trace/events/fs.h backports-3.18.1-1/include/trace/events/fs.h
3295--- backports-3.18.1-1.org/include/trace/events/fs.h 1970-01-01 01:00:00.000000000 +0100
3296+++ backports-3.18.1-1/include/trace/events/fs.h 2014-12-28 14:10:09.728889769 +0100
3297@@ -0,0 +1,53 @@
3298+#undef TRACE_SYSTEM
3299+#define TRACE_SYSTEM fs
3300+
3301+#if !defined(_TRACE_FS_H) || defined(TRACE_HEADER_MULTI_READ)
3302+#define _TRACE_FS_H
3303+
3304+#include <linux/fs.h>
3305+#include <linux/tracepoint.h>
3306+
3307+TRACE_EVENT(do_sys_open,
3308+
3309+ TP_PROTO(const char *filename, int flags, int mode),
3310+
3311+ TP_ARGS(filename, flags, mode),
3312+
3313+ TP_STRUCT__entry(
3314+ __string( filename, filename )
3315+ __field( int, flags )
3316+ __field( int, mode )
3317+ ),
3318+
3319+ TP_fast_assign(
3320+ __assign_str(filename, filename);
3321+ __entry->flags = flags;
3322+ __entry->mode = mode;
3323+ ),
3324+
3325+ TP_printk("\"%s\" %x %o",
3326+ __get_str(filename), __entry->flags, __entry->mode)
3327+);
3328+
3329+TRACE_EVENT(open_exec,
3330+
3331+ TP_PROTO(const char *filename),
3332+
3333+ TP_ARGS(filename),
3334+
3335+ TP_STRUCT__entry(
3336+ __string( filename, filename )
3337+ ),
3338+
3339+ TP_fast_assign(
3340+ __assign_str(filename, filename);
3341+ ),
3342+
3343+ TP_printk("\"%s\"",
3344+ __get_str(filename))
3345+);
3346+
3347+#endif /* _TRACE_FS_H */
3348+
3349+/* This part must be outside protection */
3350+#include <trace/define_trace.h>
3351diff -Naur backports-3.18.1-1.org/net/bluetooth/6lowpan.c backports-3.18.1-1/net/bluetooth/6lowpan.c
3352--- backports-3.18.1-1.org/net/bluetooth/6lowpan.c 2014-12-21 22:37:15.000000000 +0100
3353+++ backports-3.18.1-1/net/bluetooth/6lowpan.c 2014-12-28 14:10:09.784890034 +0100
3354@@ -367,7 +367,6 @@
3355
3356 drop:
3357 dev->stats.rx_dropped++;
3358- kfree_skb(skb);
3359 return NET_RX_DROP;
3360 }
3361
3362diff -Naur backports-3.18.1-1.org/net/bluetooth/bnep/core.c backports-3.18.1-1/net/bluetooth/bnep/core.c
3363--- backports-3.18.1-1.org/net/bluetooth/bnep/core.c 2014-12-21 22:37:15.000000000 +0100
3364+++ backports-3.18.1-1/net/bluetooth/bnep/core.c 2014-12-28 14:10:09.784890034 +0100
3365@@ -533,6 +533,9 @@
3366
3367 BT_DBG("");
3368
3369+ if (!l2cap_is_socket(sock))
3370+ return -EBADFD;
3371+
3372 baswap((void *) dst, &l2cap_pi(sock->sk)->chan->dst);
3373 baswap((void *) src, &l2cap_pi(sock->sk)->chan->src);
3374
3375diff -Naur backports-3.18.1-1.org/net/bluetooth/cmtp/core.c backports-3.18.1-1/net/bluetooth/cmtp/core.c
3376--- backports-3.18.1-1.org/net/bluetooth/cmtp/core.c 2014-12-21 22:37:15.000000000 +0100
3377+++ backports-3.18.1-1/net/bluetooth/cmtp/core.c 2014-12-28 14:10:09.784890034 +0100
3378@@ -334,6 +334,9 @@
3379
3380 BT_DBG("");
3381
3382+ if (!l2cap_is_socket(sock))
3383+ return -EBADFD;
3384+
3385 session = kzalloc(sizeof(struct cmtp_session), GFP_KERNEL);
3386 if (!session)
3387 return -ENOMEM;
3388diff -Naur backports-3.18.1-1.org/net/bluetooth/hci_sock.c backports-3.18.1-1/net/bluetooth/hci_sock.c
3389--- backports-3.18.1-1.org/net/bluetooth/hci_sock.c 2014-12-21 22:37:15.000000000 +0100
3390+++ backports-3.18.1-1/net/bluetooth/hci_sock.c 2014-12-28 14:10:09.784890034 +0100
3391@@ -1067,7 +1067,7 @@
3392 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
3393 }
3394
3395- len = min_t(unsigned int, len, sizeof(uf));
3396+ len = min((size_t)len, sizeof(uf));
3397 if (copy_from_user(&uf, optval, len)) {
3398 err = -EFAULT;
3399 break;
3400diff -Naur backports-3.18.1-1.org/net/bluetooth/hidp/core.c backports-3.18.1-1/net/bluetooth/hidp/core.c
3401--- backports-3.18.1-1.org/net/bluetooth/hidp/core.c 2014-12-21 22:37:15.000000000 +0100
3402+++ backports-3.18.1-1/net/bluetooth/hidp/core.c 2014-12-28 14:10:09.784890034 +0100
3403@@ -1322,13 +1322,14 @@
3404 {
3405 struct hidp_session *session;
3406 struct l2cap_conn *conn;
3407- struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
3408+ struct l2cap_chan *chan;
3409 int ret;
3410
3411 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
3412 if (ret)
3413 return ret;
3414
3415+ chan = l2cap_pi(ctrl_sock->sk)->chan;
3416 conn = NULL;
3417 l2cap_chan_lock(chan);
3418 if (chan->conn)
3419diff -Naur backports-3.18.1-1.org/net/bluetooth/l2cap_core.c backports-3.18.1-1/net/bluetooth/l2cap_core.c
3420--- backports-3.18.1-1.org/net/bluetooth/l2cap_core.c 2014-12-21 22:37:15.000000000 +0100
3421+++ backports-3.18.1-1/net/bluetooth/l2cap_core.c 2014-12-28 14:10:09.784890034 +0100
3422@@ -3512,8 +3512,10 @@
3423 break;
3424
3425 case L2CAP_CONF_RFC:
3426- if (olen == sizeof(rfc))
3427- memcpy(&rfc, (void *)val, olen);
3428+ if (olen != sizeof(rfc))
3429+ break;
3430+
3431+ memcpy(&rfc, (void *)val, olen);
3432
3433 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
3434 rfc.mode != chan->mode)
3435diff -Naur backports-3.18.1-1.org/net/bluetooth/l2cap_sock.c backports-3.18.1-1/net/bluetooth/l2cap_sock.c
3436--- backports-3.18.1-1.org/net/bluetooth/l2cap_sock.c 2014-12-21 22:37:15.000000000 +0100
3437+++ backports-3.18.1-1/net/bluetooth/l2cap_sock.c 2014-12-28 14:10:09.788890064 +0100
3438@@ -628,7 +628,8 @@
3439 struct sock *sk = sock->sk;
3440 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3441 struct l2cap_options opts;
3442- int len, err = 0;
3443+ int err = 0;
3444+ size_t len = optlen;
3445 u32 opt;
3446
3447 BT_DBG("sk %p", sk);
3448@@ -655,7 +656,7 @@
3449 opts.max_tx = chan->max_tx;
3450 opts.txwin_size = chan->tx_win;
3451
3452- len = min_t(unsigned int, sizeof(opts), optlen);
3453+ len = min(sizeof(opts), len);
3454 if (copy_from_user((char *) &opts, optval, len)) {
3455 err = -EFAULT;
3456 break;
3457@@ -742,7 +743,8 @@
3458 struct bt_security sec;
3459 struct bt_power pwr;
3460 struct l2cap_conn *conn;
3461- int len, err = 0;
3462+ int err = 0;
3463+ size_t len = optlen;
3464 u32 opt;
3465
3466 BT_DBG("sk %p", sk);
3467@@ -766,7 +768,7 @@
3468
3469 sec.level = BT_SECURITY_LOW;
3470
3471- len = min_t(unsigned int, sizeof(sec), optlen);
3472+ len = min(sizeof(sec), len);
3473 if (copy_from_user((char *) &sec, optval, len)) {
3474 err = -EFAULT;
3475 break;
3476@@ -862,7 +864,7 @@
3477
3478 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
3479
3480- len = min_t(unsigned int, sizeof(pwr), optlen);
3481+ len = min(sizeof(pwr), len);
3482 if (copy_from_user((char *) &pwr, optval, len)) {
3483 err = -EFAULT;
3484 break;
3485diff -Naur backports-3.18.1-1.org/net/bluetooth/rfcomm/sock.c backports-3.18.1-1/net/bluetooth/rfcomm/sock.c
3486--- backports-3.18.1-1.org/net/bluetooth/rfcomm/sock.c 2014-12-21 22:37:15.000000000 +0100
3487+++ backports-3.18.1-1/net/bluetooth/rfcomm/sock.c 2014-12-28 14:10:09.788890064 +0100
3488@@ -695,7 +695,7 @@
3489 struct sock *sk = sock->sk;
3490 struct bt_security sec;
3491 int err = 0;
3492- size_t len;
3493+ size_t len = optlen;
3494 u32 opt;
3495
3496 BT_DBG("sk %p", sk);
3497@@ -717,7 +717,7 @@
3498
3499 sec.level = BT_SECURITY_LOW;
3500
3501- len = min_t(unsigned int, sizeof(sec), optlen);
3502+ len = min(sizeof(sec), len);
3503 if (copy_from_user((char *) &sec, optval, len)) {
3504 err = -EFAULT;
3505 break;
3506diff -Naur backports-3.18.1-1.org/net/bluetooth/rfcomm/tty.c backports-3.18.1-1/net/bluetooth/rfcomm/tty.c
3507--- backports-3.18.1-1.org/net/bluetooth/rfcomm/tty.c 2014-12-21 22:37:15.000000000 +0100
3508+++ backports-3.18.1-1/net/bluetooth/rfcomm/tty.c 2014-12-28 14:10:09.788890064 +0100
3509@@ -752,7 +752,7 @@
3510 BT_DBG("tty %p id %d", tty, tty->index);
3511
3512 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
3513- dev->channel, dev->port.count);
3514+ dev->channel, atomic_read(&dev->port.count));
3515
3516 err = tty_port_open(&dev->port, tty, filp);
3517 if (err)
3518@@ -775,7 +775,7 @@
3519 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
3520
3521 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
3522- dev->port.count);
3523+ atomic_read(&dev->port.count));
3524
3525 tty_port_close(&dev->port, tty, filp);
3526 }
3527diff -Naur backports-3.18.1-1.org/net/ieee802154/6lowpan_rtnl.c backports-3.18.1-1/net/ieee802154/6lowpan_rtnl.c
3528--- backports-3.18.1-1.org/net/ieee802154/6lowpan_rtnl.c 2014-12-21 22:37:15.000000000 +0100
3529+++ backports-3.18.1-1/net/ieee802154/6lowpan_rtnl.c 2014-12-28 14:10:09.796890100 +0100
3530@@ -639,7 +639,7 @@
3531 dev_put(real_dev);
3532 }
3533
3534-static struct rtnl_link_ops lowpan_link_ops __read_mostly = {
3535+static struct rtnl_link_ops lowpan_link_ops = {
3536 .kind = "lowpan",
3537 .priv_size = sizeof(struct lowpan_dev_info),
3538 .setup = lowpan_setup,
3539diff -Naur backports-3.18.1-1.org/net/ieee802154/reassembly.c backports-3.18.1-1/net/ieee802154/reassembly.c
3540--- backports-3.18.1-1.org/net/ieee802154/reassembly.c 2014-12-21 22:37:15.000000000 +0100
3541+++ backports-3.18.1-1/net/ieee802154/reassembly.c 2014-12-28 14:10:09.796890100 +0100
3542@@ -460,14 +460,13 @@
3543
3544 static int __net_init lowpan_frags_ns_sysctl_register(struct net *net)
3545 {
3546- struct ctl_table *table;
3547+ ctl_table_no_const *table = NULL;
3548 struct ctl_table_header *hdr;
3549 struct netns_ieee802154_lowpan *ieee802154_lowpan =
3550 net_ieee802154_lowpan(net);
3551
3552- table = lowpan_frags_ns_ctl_table;
3553 if (!net_eq(net, &init_net)) {
3554- table = kmemdup(table, sizeof(lowpan_frags_ns_ctl_table),
3555+ table = kmemdup(lowpan_frags_ns_ctl_table, sizeof(lowpan_frags_ns_ctl_table),
3556 GFP_KERNEL);
3557 if (table == NULL)
3558 goto err_alloc;
3559@@ -494,8 +493,7 @@
3560 return 0;
3561
3562 err_reg:
3563- if (!net_eq(net, &init_net))
3564- kfree(table);
3565+ kfree(table);
3566 err_alloc:
3567 return -ENOMEM;
3568 }
3569diff -Naur backports-3.18.1-1.org/net/mac80211/cfg.c backports-3.18.1-1/net/mac80211/cfg.c
3570--- backports-3.18.1-1.org/net/mac80211/cfg.c 2014-12-21 22:37:15.000000000 +0100
3571+++ backports-3.18.1-1/net/mac80211/cfg.c 2014-12-28 14:10:09.812890175 +0100
3572@@ -541,7 +541,7 @@
3573 ret = ieee80211_vif_use_channel(sdata, chandef,
3574 IEEE80211_CHANCTX_EXCLUSIVE);
3575 }
3576- } else if (local->open_count == local->monitors) {
3577+ } else if (local_read(&local->open_count) == local->monitors) {
3578 local->_oper_chandef = *chandef;
3579 ieee80211_hw_config(local, 0);
3580 }
3581@@ -3326,7 +3326,7 @@
3582 else
3583 local->probe_req_reg--;
3584
3585- if (!local->open_count)
3586+ if (!local_read(&local->open_count))
3587 break;
3588
3589 ieee80211_queue_work(&local->hw, &local->reconfig_filter);
3590@@ -3460,8 +3460,8 @@
3591 if (chanctx_conf) {
3592 *chandef = sdata->vif.bss_conf.chandef;
3593 ret = 0;
3594- } else if (local->open_count > 0 &&
3595- local->open_count == local->monitors &&
3596+ } else if (local_read(&local->open_count) > 0 &&
3597+ local_read(&local->open_count) == local->monitors &&
3598 sdata->vif.type == NL80211_IFTYPE_MONITOR) {
3599 if (local->use_chanctx)
3600 *chandef = local->monitor_chandef;
3601diff -Naur backports-3.18.1-1.org/net/mac80211/ieee80211_i.h backports-3.18.1-1/net/mac80211/ieee80211_i.h
3602--- backports-3.18.1-1.org/net/mac80211/ieee80211_i.h 2014-12-21 22:37:15.000000000 +0100
3603+++ backports-3.18.1-1/net/mac80211/ieee80211_i.h 2014-12-28 14:10:09.812890175 +0100
3604@@ -29,6 +29,7 @@
3605 #include <net/ieee80211_radiotap.h>
3606 #include <net/cfg80211.h>
3607 #include <net/mac80211.h>
3608+#include <asm/local.h>
3609 #include "key.h"
3610 #include "sta_info.h"
3611 #include "debug.h"
3612@@ -1057,7 +1058,7 @@
3613 /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
3614 spinlock_t queue_stop_reason_lock;
3615
3616- int open_count;
3617+ local_t open_count;
3618 int monitors, cooked_mntrs;
3619 /* number of interfaces with corresponding FIF_ flags */
3620 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
3621diff -Naur backports-3.18.1-1.org/net/mac80211/iface.c backports-3.18.1-1/net/mac80211/iface.c
3622--- backports-3.18.1-1.org/net/mac80211/iface.c 2014-12-21 22:37:15.000000000 +0100
3623+++ backports-3.18.1-1/net/mac80211/iface.c 2014-12-28 14:10:09.812890175 +0100
3624@@ -532,7 +532,7 @@
3625 break;
3626 }
3627
3628- if (local->open_count == 0) {
3629+ if (local_read(&local->open_count) == 0) {
3630 res = drv_start(local);
3631 if (res)
3632 goto err_del_bss;
3633@@ -579,7 +579,7 @@
3634 res = drv_add_interface(local, sdata);
3635 if (res)
3636 goto err_stop;
3637- } else if (local->monitors == 0 && local->open_count == 0) {
3638+ } else if (local->monitors == 0 && local_read(&local->open_count) == 0) {
3639 res = ieee80211_add_virtual_monitor(local);
3640 if (res)
3641 goto err_stop;
3642@@ -688,7 +688,7 @@
3643 atomic_inc(&local->iff_promiscs);
3644
3645 if (coming_up)
3646- local->open_count++;
3647+ local_inc(&local->open_count);
3648
3649 if (hw_reconf_flags)
3650 ieee80211_hw_config(local, hw_reconf_flags);
3651@@ -726,7 +726,7 @@
3652 err_del_interface:
3653 drv_remove_interface(local, sdata);
3654 err_stop:
3655- if (!local->open_count)
3656+ if (!local_read(&local->open_count))
3657 drv_stop(local);
3658 err_del_bss:
3659 sdata->bss = NULL;
3660@@ -892,7 +892,7 @@
3661 }
3662
3663 if (going_down)
3664- local->open_count--;
3665+ local_dec(&local->open_count);
3666
3667 switch (sdata->vif.type) {
3668 case NL80211_IFTYPE_AP_VLAN:
3669@@ -954,7 +954,7 @@
3670 }
3671 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
3672
3673- if (local->open_count == 0)
3674+ if (local_read(&local->open_count) == 0)
3675 ieee80211_clear_tx_pending(local);
3676
3677 /*
3678@@ -997,7 +997,7 @@
3679 if (cancel_scan)
3680 flush_delayed_work(&local->scan_work);
3681
3682- if (local->open_count == 0) {
3683+ if (local_read(&local->open_count) == 0) {
3684 ieee80211_stop_device(local);
3685
3686 /* no reconfiguring after stop! */
3687@@ -1008,7 +1008,7 @@
3688 ieee80211_configure_filter(local);
3689 ieee80211_hw_config(local, hw_reconf_flags);
3690
3691- if (local->monitors == local->open_count)
3692+ if (local->monitors == local_read(&local->open_count))
3693 ieee80211_add_virtual_monitor(local);
3694 }
3695
3696diff -Naur backports-3.18.1-1.org/net/mac80211/main.c backports-3.18.1-1/net/mac80211/main.c
3697--- backports-3.18.1-1.org/net/mac80211/main.c 2014-12-21 22:37:15.000000000 +0100
3698+++ backports-3.18.1-1/net/mac80211/main.c 2014-12-28 14:10:09.812890175 +0100
3699@@ -175,7 +175,7 @@
3700 changed &= ~(IEEE80211_CONF_CHANGE_CHANNEL |
3701 IEEE80211_CONF_CHANGE_POWER);
3702
3703- if (changed && local->open_count) {
3704+ if (changed && local_read(&local->open_count)) {
3705 ret = drv_config(local, changed);
3706 /*
3707 * Goal:
3708diff -Naur backports-3.18.1-1.org/net/mac80211/pm.c backports-3.18.1-1/net/mac80211/pm.c
3709--- backports-3.18.1-1.org/net/mac80211/pm.c 2014-12-21 22:37:15.000000000 +0100
3710+++ backports-3.18.1-1/net/mac80211/pm.c 2014-12-28 14:10:09.812890175 +0100
3711@@ -12,7 +12,7 @@
3712 struct ieee80211_sub_if_data *sdata;
3713 struct sta_info *sta;
3714
3715- if (!local->open_count)
3716+ if (!local_read(&local->open_count))
3717 goto suspend;
3718
3719 ieee80211_scan_cancel(local);
3720@@ -59,7 +59,7 @@
3721 cancel_work_sync(&local->dynamic_ps_enable_work);
3722 del_timer_sync(&local->dynamic_ps_timer);
3723
3724- local->wowlan = wowlan && local->open_count;
3725+ local->wowlan = wowlan && local_read(&local->open_count);
3726 if (local->wowlan) {
3727 int err = drv_suspend(local, wowlan);
3728 if (err < 0) {
3729@@ -125,7 +125,7 @@
3730 WARN_ON(!list_empty(&local->chanctx_list));
3731
3732 /* stop hardware - this must stop RX */
3733- if (local->open_count)
3734+ if (local_read(&local->open_count))
3735 ieee80211_stop_device(local);
3736
3737 suspend:
3738diff -Naur backports-3.18.1-1.org/net/mac80211/rate.c backports-3.18.1-1/net/mac80211/rate.c
3739--- backports-3.18.1-1.org/net/mac80211/rate.c 2014-12-21 22:37:15.000000000 +0100
3740+++ backports-3.18.1-1/net/mac80211/rate.c 2014-12-28 14:10:09.812890175 +0100
3741@@ -720,7 +720,7 @@
3742
3743 ASSERT_RTNL();
3744
3745- if (local->open_count)
3746+ if (local_read(&local->open_count))
3747 return -EBUSY;
3748
3749 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) {
3750diff -Naur backports-3.18.1-1.org/net/mac80211/util.c backports-3.18.1-1/net/mac80211/util.c
3751--- backports-3.18.1-1.org/net/mac80211/util.c 2014-12-21 22:37:15.000000000 +0100
3752+++ backports-3.18.1-1/net/mac80211/util.c 2014-12-28 14:10:09.816890209 +0100
3753@@ -1669,7 +1669,7 @@
3754 }
3755 #endif
3756 /* everything else happens only if HW was up & running */
3757- if (!local->open_count)
3758+ if (!local_read(&local->open_count))
3759 goto wake_up;
3760
3761 /*
3762@@ -1895,7 +1895,7 @@
3763 local->in_reconfig = false;
3764 barrier();
3765
3766- if (local->monitors == local->open_count && local->monitors > 0)
3767+ if (local->monitors == local_read(&local->open_count) && local->monitors > 0)
3768 ieee80211_add_virtual_monitor(local);
3769
3770 /*
3771diff -Naur backports-3.18.1-1.org/net/wireless/wext-core.c backports-3.18.1-1/net/wireless/wext-core.c
3772--- backports-3.18.1-1.org/net/wireless/wext-core.c 2014-12-21 22:37:15.000000000 +0100
3773+++ backports-3.18.1-1/net/wireless/wext-core.c 2014-12-28 14:10:09.832890290 +0100
3774@@ -748,8 +748,7 @@
3775 */
3776
3777 /* Support for very large requests */
3778- if ((descr->flags & IW_DESCR_FLAG_NOMAX) &&
3779- (user_length > descr->max_tokens)) {
3780+ if (user_length > descr->max_tokens) {
3781 /* Allow userspace to GET more than max so
3782 * we can support any size GET requests.
3783 * There is still a limit : -ENOMEM.
3784@@ -788,22 +787,6 @@
3785 }
3786 }
3787
3788- if (IW_IS_GET(cmd) && !(descr->flags & IW_DESCR_FLAG_NOMAX)) {
3789- /*
3790- * If this is a GET, but not NOMAX, it means that the extra
3791- * data is not bounded by userspace, but by max_tokens. Thus
3792- * set the length to max_tokens. This matches the extra data
3793- * allocation.
3794- * The driver should fill it with the number of tokens it
3795- * provided, and it may check iwp->length rather than having
3796- * knowledge of max_tokens. If the driver doesn't change the
3797- * iwp->length, this ioctl just copies back max_token tokens
3798- * filled with zeroes. Hopefully the driver isn't claiming
3799- * them to be valid data.
3800- */
3801- iwp->length = descr->max_tokens;
3802- }
3803-
3804 err = handler(dev, info, (union iwreq_data *) iwp, extra);
3805
3806 iwp->length += essid_compat;
IPFire 2.x development tree