]> git.ipfire.org Git - ipfire-2.x.git/blob - src/patches/backports-3.18.1-1-grsecurity.patch
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
strongswan: Update to 5.3.1
[ipfire-2.x.git] / src / patches / backports-3.18.1-1-grsecurity.patch
1 diff -Naur backports-3.18.1-1.org/drivers/bluetooth/btwilink.c backports-3.18.1-1/drivers/bluetooth/btwilink.c
2 --- backports-3.18.1-1.org/drivers/bluetooth/btwilink.c 2014-12-21 22:37:15.000000000 +0100
3 +++ backports-3.18.1-1/drivers/bluetooth/btwilink.c 2014-12-28 14:10:09.480888533 +0100
4 @@ -288,7 +288,7 @@
5
6 static int bt_ti_probe(struct platform_device *pdev)
7 {
8 - static struct ti_st *hst;
9 + struct ti_st *hst;
10 struct hci_dev *hdev;
11 int err;
12
13 diff -Naur backports-3.18.1-1.org/drivers/media/dvb-core/dvbdev.c backports-3.18.1-1/drivers/media/dvb-core/dvbdev.c
14 --- backports-3.18.1-1.org/drivers/media/dvb-core/dvbdev.c 2014-12-21 22:37:14.000000000 +0100
15 +++ backports-3.18.1-1/drivers/media/dvb-core/dvbdev.c 2014-12-28 14:10:09.528888772 +0100
16 @@ -185,7 +185,7 @@
17 const struct dvb_device *template, void *priv, int type)
18 {
19 struct dvb_device *dvbdev;
20 - struct file_operations *dvbdevfops;
21 + file_operations_no_const *dvbdevfops;
22 struct device *clsdev;
23 int minor;
24 int id;
25 diff -Naur backports-3.18.1-1.org/drivers/media/dvb-frontends/af9033.h backports-3.18.1-1/drivers/media/dvb-frontends/af9033.h
26 --- backports-3.18.1-1.org/drivers/media/dvb-frontends/af9033.h 2014-12-21 22:37:14.000000000 +0100
27 +++ backports-3.18.1-1/drivers/media/dvb-frontends/af9033.h 2014-12-28 14:10:09.528888772 +0100
28 @@ -96,6 +96,6 @@
29 int (*pid_filter_ctrl)(struct dvb_frontend *fe, int onoff);
30 int (*pid_filter)(struct dvb_frontend *fe, int index, u16 pid,
31 int onoff);
32 -};
33 +} __no_const;
34
35 #endif /* AF9033_H */
36 diff -Naur backports-3.18.1-1.org/drivers/media/dvb-frontends/dib3000.h backports-3.18.1-1/drivers/media/dvb-frontends/dib3000.h
37 --- backports-3.18.1-1.org/drivers/media/dvb-frontends/dib3000.h 2014-12-21 22:37:14.000000000 +0100
38 +++ backports-3.18.1-1/drivers/media/dvb-frontends/dib3000.h 2014-12-28 14:10:09.528888772 +0100
39 @@ -39,7 +39,7 @@
40 int (*fifo_ctrl)(struct dvb_frontend *fe, int onoff);
41 int (*pid_ctrl)(struct dvb_frontend *fe, int index, int pid, int onoff);
42 int (*tuner_pass_ctrl)(struct dvb_frontend *fe, int onoff, u8 pll_ctrl);
43 -};
44 +} __no_const;
45
46 #if IS_ENABLED(CPTCFG_DVB_DIB3000MB)
47 extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config,
48 diff -Naur backports-3.18.1-1.org/drivers/media/dvb-frontends/dib7000p.h backports-3.18.1-1/drivers/media/dvb-frontends/dib7000p.h
49 --- backports-3.18.1-1.org/drivers/media/dvb-frontends/dib7000p.h 2014-12-21 22:37:14.000000000 +0100
50 +++ backports-3.18.1-1/drivers/media/dvb-frontends/dib7000p.h 2014-12-28 14:10:09.528888772 +0100
51 @@ -64,7 +64,7 @@
52 int (*get_adc_power)(struct dvb_frontend *fe);
53 int (*slave_reset)(struct dvb_frontend *fe);
54 struct dvb_frontend *(*init)(struct i2c_adapter *i2c_adap, u8 i2c_addr, struct dib7000p_config *cfg);
55 -};
56 +} __no_const;
57
58 #if IS_ENABLED(CPTCFG_DVB_DIB7000P)
59 void *dib7000p_attach(struct dib7000p_ops *ops);
60 diff -Naur backports-3.18.1-1.org/drivers/media/dvb-frontends/dib8000.h backports-3.18.1-1/drivers/media/dvb-frontends/dib8000.h
61 --- backports-3.18.1-1.org/drivers/media/dvb-frontends/dib8000.h 2014-12-21 22:37:14.000000000 +0100
62 +++ backports-3.18.1-1/drivers/media/dvb-frontends/dib8000.h 2014-12-28 14:10:09.528888772 +0100
63 @@ -61,7 +61,7 @@
64 int (*pid_filter_ctrl)(struct dvb_frontend *fe, u8 onoff);
65 int (*pid_filter)(struct dvb_frontend *fe, u8 id, u16 pid, u8 onoff);
66 struct dvb_frontend *(*init)(struct i2c_adapter *i2c_adap, u8 i2c_addr, struct dib8000_config *cfg);
67 -};
68 +} __no_const;
69
70 #if IS_ENABLED(CPTCFG_DVB_DIB8000)
71 void *dib8000_attach(struct dib8000_ops *ops);
72 diff -Naur backports-3.18.1-1.org/drivers/media/pci/cx88/cx88-video.c backports-3.18.1-1/drivers/media/pci/cx88/cx88-video.c
73 --- backports-3.18.1-1.org/drivers/media/pci/cx88/cx88-video.c 2014-12-21 22:37:13.000000000 +0100
74 +++ backports-3.18.1-1/drivers/media/pci/cx88/cx88-video.c 2014-12-28 14:10:09.528888772 +0100
75 @@ -50,9 +50,9 @@
76
77 /* ------------------------------------------------------------------ */
78
79 -static unsigned int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
80 -static unsigned int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
81 -static unsigned int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
82 +static int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
83 +static int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
84 +static int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
85
86 module_param_array(video_nr, int, NULL, 0444);
87 module_param_array(vbi_nr, int, NULL, 0444);
88 diff -Naur backports-3.18.1-1.org/drivers/media/pci/ivtv/ivtv-driver.c backports-3.18.1-1/drivers/media/pci/ivtv/ivtv-driver.c
89 --- backports-3.18.1-1.org/drivers/media/pci/ivtv/ivtv-driver.c 2014-12-21 22:37:13.000000000 +0100
90 +++ backports-3.18.1-1/drivers/media/pci/ivtv/ivtv-driver.c 2014-12-28 14:10:09.528888772 +0100
91 @@ -83,7 +83,7 @@
92 MODULE_DEVICE_TABLE(pci,ivtv_pci_tbl);
93
94 /* ivtv instance counter */
95 -static atomic_t ivtv_instance = ATOMIC_INIT(0);
96 +static atomic_unchecked_t ivtv_instance = ATOMIC_INIT(0);
97
98 /* Parameter declarations */
99 static int cardtype[IVTV_MAX_CARDS];
100 diff -Naur backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-core.c backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-core.c
101 --- backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-core.c 2014-12-21 22:37:13.000000000 +0100
102 +++ backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-core.c 2014-12-28 14:10:09.528888772 +0100
103 @@ -424,7 +424,7 @@
104
105 static int solo_sysfs_init(struct solo_dev *solo_dev)
106 {
107 - struct bin_attribute *sdram_attr = &solo_dev->sdram_attr;
108 + bin_attribute_no_const *sdram_attr = &solo_dev->sdram_attr;
109 struct device *dev = &solo_dev->dev;
110 const char *driver;
111 int i;
112 diff -Naur backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-g723.c backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-g723.c
113 --- backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-g723.c 2014-12-21 22:37:13.000000000 +0100
114 +++ backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-g723.c 2014-12-28 14:10:09.528888772 +0100
115 @@ -351,7 +351,7 @@
116
117 int solo_g723_init(struct solo_dev *solo_dev)
118 {
119 - static struct snd_device_ops ops = { NULL };
120 + static struct snd_device_ops ops = { };
121 struct snd_card *card;
122 struct snd_kcontrol_new kctl;
123 char name[32];
124 diff -Naur backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10.h backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10.h
125 --- backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10.h 2014-12-21 22:37:13.000000000 +0100
126 +++ backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10.h 2014-12-28 14:10:09.532888798 +0100
127 @@ -219,7 +219,7 @@
128
129 /* P2M DMA Engine */
130 struct solo_p2m_dev p2m_dev[SOLO_NR_P2M];
131 - atomic_t p2m_count;
132 + atomic_unchecked_t p2m_count;
133 int p2m_jiffies;
134 unsigned int p2m_timeouts;
135
136 diff -Naur backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-p2m.c backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-p2m.c
137 --- backports-3.18.1-1.org/drivers/media/pci/solo6x10/solo6x10-p2m.c 2014-12-21 22:37:13.000000000 +0100
138 +++ backports-3.18.1-1/drivers/media/pci/solo6x10/solo6x10-p2m.c 2014-12-28 14:10:09.532888798 +0100
139 @@ -73,7 +73,7 @@
140
141 /* Get next ID. According to Softlogic, 6110 has problems on !=0 P2M */
142 if (solo_dev->type != SOLO_DEV_6110 && multi_p2m) {
143 - p2m_id = atomic_inc_return(&solo_dev->p2m_count) % SOLO_NR_P2M;
144 + p2m_id = atomic_inc_return_unchecked(&solo_dev->p2m_count) % SOLO_NR_P2M;
145 if (p2m_id < 0)
146 p2m_id = -p2m_id;
147 }
148 diff -Naur backports-3.18.1-1.org/drivers/media/platform/omap/omap_vout.c backports-3.18.1-1/drivers/media/platform/omap/omap_vout.c
149 --- backports-3.18.1-1.org/drivers/media/platform/omap/omap_vout.c 2014-12-21 22:37:13.000000000 +0100
150 +++ backports-3.18.1-1/drivers/media/platform/omap/omap_vout.c 2014-12-28 14:10:09.532888798 +0100
151 @@ -63,7 +63,6 @@
152 OMAP_VIDEO2,
153 };
154
155 -static struct videobuf_queue_ops video_vbq_ops;
156 /* Variables configurable through module params*/
157 static u32 video1_numbuffers = 3;
158 static u32 video2_numbuffers = 3;
159 @@ -1012,6 +1011,12 @@
160 {
161 struct videobuf_queue *q;
162 struct omap_vout_device *vout = NULL;
163 + static struct videobuf_queue_ops video_vbq_ops = {
164 + .buf_setup = omap_vout_buffer_setup,
165 + .buf_prepare = omap_vout_buffer_prepare,
166 + .buf_release = omap_vout_buffer_release,
167 + .buf_queue = omap_vout_buffer_queue,
168 + };
169
170 vout = video_drvdata(file);
171 v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__);
172 @@ -1029,10 +1034,6 @@
173 vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT;
174
175 q = &vout->vbq;
176 - video_vbq_ops.buf_setup = omap_vout_buffer_setup;
177 - video_vbq_ops.buf_prepare = omap_vout_buffer_prepare;
178 - video_vbq_ops.buf_release = omap_vout_buffer_release;
179 - video_vbq_ops.buf_queue = omap_vout_buffer_queue;
180 spin_lock_init(&vout->vbq_lock);
181
182 videobuf_queue_dma_contig_init(q, &video_vbq_ops, q->dev,
183 diff -Naur backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_grp_layer.c backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_grp_layer.c
184 --- backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_grp_layer.c 2014-12-21 22:37:13.000000000 +0100
185 +++ backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_grp_layer.c 2014-12-28 14:10:09.532888798 +0100
186 @@ -235,7 +235,7 @@
187 {
188 struct mxr_layer *layer;
189 int ret;
190 - struct mxr_layer_ops ops = {
191 + static struct mxr_layer_ops ops = {
192 .release = mxr_graph_layer_release,
193 .buffer_set = mxr_graph_buffer_set,
194 .stream_set = mxr_graph_stream_set,
195 diff -Naur backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer.h backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer.h
196 --- backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer.h 2014-12-21 22:37:13.000000000 +0100
197 +++ backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer.h 2014-12-28 14:10:09.532888798 +0100
198 @@ -156,7 +156,7 @@
199 /** layer index (unique identifier) */
200 int idx;
201 /** callbacks for layer methods */
202 - struct mxr_layer_ops ops;
203 + struct mxr_layer_ops *ops;
204 /** format array */
205 const struct mxr_format **fmt_array;
206 /** size of format array */
207 diff -Naur backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_reg.c backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_reg.c
208 --- backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_reg.c 2014-12-21 22:37:13.000000000 +0100
209 +++ backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_reg.c 2014-12-28 14:10:09.532888798 +0100
210 @@ -276,7 +276,7 @@
211 layer->update_buf = next;
212 }
213
214 - layer->ops.buffer_set(layer, layer->update_buf);
215 + layer->ops->buffer_set(layer, layer->update_buf);
216
217 if (done && done != layer->shadow_buf)
218 vb2_buffer_done(&done->vb, VB2_BUF_STATE_DONE);
219 diff -Naur backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_video.c backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_video.c
220 --- backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_video.c 2014-12-21 22:37:13.000000000 +0100
221 +++ backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_video.c 2014-12-28 14:10:09.532888798 +0100
222 @@ -210,7 +210,7 @@
223 layer->geo.src.height = layer->geo.src.full_height;
224
225 mxr_geometry_dump(mdev, &layer->geo);
226 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
227 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
228 mxr_geometry_dump(mdev, &layer->geo);
229 }
230
231 @@ -228,7 +228,7 @@
232 layer->geo.dst.full_width = mbus_fmt.width;
233 layer->geo.dst.full_height = mbus_fmt.height;
234 layer->geo.dst.field = mbus_fmt.field;
235 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
236 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
237
238 mxr_geometry_dump(mdev, &layer->geo);
239 }
240 @@ -334,7 +334,7 @@
241 /* set source size to highest accepted value */
242 geo->src.full_width = max(geo->dst.full_width, pix->width);
243 geo->src.full_height = max(geo->dst.full_height, pix->height);
244 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
245 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
246 mxr_geometry_dump(mdev, &layer->geo);
247 /* set cropping to total visible screen */
248 geo->src.width = pix->width;
249 @@ -342,12 +342,12 @@
250 geo->src.x_offset = 0;
251 geo->src.y_offset = 0;
252 /* assure consistency of geometry */
253 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_CROP, MXR_NO_OFFSET);
254 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_CROP, MXR_NO_OFFSET);
255 mxr_geometry_dump(mdev, &layer->geo);
256 /* set full size to lowest possible value */
257 geo->src.full_width = 0;
258 geo->src.full_height = 0;
259 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
260 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
261 mxr_geometry_dump(mdev, &layer->geo);
262
263 /* returning results */
264 @@ -474,7 +474,7 @@
265 target->width = s->r.width;
266 target->height = s->r.height;
267
268 - layer->ops.fix_geometry(layer, stage, s->flags);
269 + layer->ops->fix_geometry(layer, stage, s->flags);
270
271 /* retrieve update selection rectangle */
272 res.left = target->x_offset;
273 @@ -954,13 +954,13 @@
274 mxr_output_get(mdev);
275
276 mxr_layer_update_output(layer);
277 - layer->ops.format_set(layer);
278 + layer->ops->format_set(layer);
279 /* enabling layer in hardware */
280 spin_lock_irqsave(&layer->enq_slock, flags);
281 layer->state = MXR_LAYER_STREAMING;
282 spin_unlock_irqrestore(&layer->enq_slock, flags);
283
284 - layer->ops.stream_set(layer, MXR_ENABLE);
285 + layer->ops->stream_set(layer, MXR_ENABLE);
286 mxr_streamer_get(mdev);
287
288 return 0;
289 @@ -1030,7 +1030,7 @@
290 spin_unlock_irqrestore(&layer->enq_slock, flags);
291
292 /* disabling layer in hardware */
293 - layer->ops.stream_set(layer, MXR_DISABLE);
294 + layer->ops->stream_set(layer, MXR_DISABLE);
295 /* remove one streamer */
296 mxr_streamer_put(mdev);
297 /* allow changes in output configuration */
298 @@ -1068,8 +1068,8 @@
299
300 void mxr_layer_release(struct mxr_layer *layer)
301 {
302 - if (layer->ops.release)
303 - layer->ops.release(layer);
304 + if (layer->ops->release)
305 + layer->ops->release(layer);
306 }
307
308 void mxr_base_layer_release(struct mxr_layer *layer)
309 @@ -1095,7 +1095,7 @@
310
311 layer->mdev = mdev;
312 layer->idx = idx;
313 - layer->ops = *ops;
314 + layer->ops = ops;
315
316 spin_lock_init(&layer->enq_slock);
317 INIT_LIST_HEAD(&layer->enq_list);
318 diff -Naur backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_vp_layer.c backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_vp_layer.c
319 --- backports-3.18.1-1.org/drivers/media/platform/s5p-tv/mixer_vp_layer.c 2014-12-21 22:37:13.000000000 +0100
320 +++ backports-3.18.1-1/drivers/media/platform/s5p-tv/mixer_vp_layer.c 2014-12-28 14:10:09.532888798 +0100
321 @@ -206,7 +206,7 @@
322 {
323 struct mxr_layer *layer;
324 int ret;
325 - struct mxr_layer_ops ops = {
326 + static struct mxr_layer_ops ops = {
327 .release = mxr_vp_layer_release,
328 .buffer_set = mxr_vp_buffer_set,
329 .stream_set = mxr_vp_stream_set,
330 diff -Naur backports-3.18.1-1.org/drivers/media/radio/radio-cadet.c backports-3.18.1-1/drivers/media/radio/radio-cadet.c
331 --- backports-3.18.1-1.org/drivers/media/radio/radio-cadet.c 2014-12-21 22:37:13.000000000 +0100
332 +++ backports-3.18.1-1/drivers/media/radio/radio-cadet.c 2014-12-28 14:10:09.532888798 +0100
333 @@ -333,6 +333,8 @@
334 unsigned char readbuf[RDS_BUFFER];
335 int i = 0;
336
337 + if (count > RDS_BUFFER)
338 + return -EFAULT;
339 mutex_lock(&dev->lock);
340 if (dev->rdsstat == 0)
341 cadet_start_rds(dev);
342 @@ -349,8 +351,9 @@
343 readbuf[i++] = dev->rdsbuf[dev->rdsout++];
344 mutex_unlock(&dev->lock);
345
346 - if (i && copy_to_user(data, readbuf, i))
347 - return -EFAULT;
348 + if (i > sizeof(readbuf) || (i && copy_to_user(data, readbuf, i)))
349 + i = -EFAULT;
350 +
351 return i;
352 }
353
354 diff -Naur backports-3.18.1-1.org/drivers/media/radio/radio-maxiradio.c backports-3.18.1-1/drivers/media/radio/radio-maxiradio.c
355 --- backports-3.18.1-1.org/drivers/media/radio/radio-maxiradio.c 2014-12-21 22:37:13.000000000 +0100
356 +++ backports-3.18.1-1/drivers/media/radio/radio-maxiradio.c 2014-12-28 14:10:09.532888798 +0100
357 @@ -61,7 +61,7 @@
358 /* TEA5757 pin mappings */
359 static const int clk = 1, data = 2, wren = 4, mo_st = 8, power = 16;
360
361 -static atomic_t maxiradio_instance = ATOMIC_INIT(0);
362 +static atomic_unchecked_t maxiradio_instance = ATOMIC_INIT(0);
363
364 #define PCI_VENDOR_ID_GUILLEMOT 0x5046
365 #define PCI_DEVICE_ID_GUILLEMOT_MAXIRADIO 0x1001
366 diff -Naur backports-3.18.1-1.org/drivers/media/radio/radio-shark2.c backports-3.18.1-1/drivers/media/radio/radio-shark2.c
367 --- backports-3.18.1-1.org/drivers/media/radio/radio-shark2.c 2014-12-21 22:37:13.000000000 +0100
368 +++ backports-3.18.1-1/drivers/media/radio/radio-shark2.c 2014-12-28 14:10:09.532888798 +0100
369 @@ -74,7 +74,7 @@
370 u8 *transfer_buffer;
371 };
372
373 -static atomic_t shark_instance = ATOMIC_INIT(0);
374 +static atomic_unchecked_t shark_instance = ATOMIC_INIT(0);
375
376 static int shark_write_reg(struct radio_tea5777 *tea, u64 reg)
377 {
378 diff -Naur backports-3.18.1-1.org/drivers/media/radio/radio-shark.c backports-3.18.1-1/drivers/media/radio/radio-shark.c
379 --- backports-3.18.1-1.org/drivers/media/radio/radio-shark.c 2014-12-21 22:37:13.000000000 +0100
380 +++ backports-3.18.1-1/drivers/media/radio/radio-shark.c 2014-12-28 14:10:09.532888798 +0100
381 @@ -79,7 +79,7 @@
382 u32 last_val;
383 };
384
385 -static atomic_t shark_instance = ATOMIC_INIT(0);
386 +static atomic_unchecked_t shark_instance = ATOMIC_INIT(0);
387
388 static void shark_write_val(struct snd_tea575x *tea, u32 val)
389 {
390 diff -Naur backports-3.18.1-1.org/drivers/media/radio/radio-si476x.c backports-3.18.1-1/drivers/media/radio/radio-si476x.c
391 --- backports-3.18.1-1.org/drivers/media/radio/radio-si476x.c 2014-12-21 22:37:13.000000000 +0100
392 +++ backports-3.18.1-1/drivers/media/radio/radio-si476x.c 2014-12-28 14:10:09.532888798 +0100
393 @@ -1445,7 +1445,7 @@
394 struct si476x_radio *radio;
395 struct v4l2_ctrl *ctrl;
396
397 - static atomic_t instance = ATOMIC_INIT(0);
398 + static atomic_unchecked_t instance = ATOMIC_INIT(0);
399
400 radio = devm_kzalloc(&pdev->dev, sizeof(*radio), GFP_KERNEL);
401 if (!radio)
402 diff -Naur backports-3.18.1-1.org/drivers/media/usb/dvb-usb/cinergyT2-core.c backports-3.18.1-1/drivers/media/usb/dvb-usb/cinergyT2-core.c
403 --- backports-3.18.1-1.org/drivers/media/usb/dvb-usb/cinergyT2-core.c 2014-12-21 22:37:14.000000000 +0100
404 +++ backports-3.18.1-1/drivers/media/usb/dvb-usb/cinergyT2-core.c 2014-12-28 14:10:09.532888798 +0100
405 @@ -50,29 +50,73 @@
406
407 static int cinergyt2_streaming_ctrl(struct dvb_usb_adapter *adap, int enable)
408 {
409 - char buf[] = { CINERGYT2_EP1_CONTROL_STREAM_TRANSFER, enable ? 1 : 0 };
410 - char result[64];
411 - return dvb_usb_generic_rw(adap->dev, buf, sizeof(buf), result,
412 - sizeof(result), 0);
413 + char *buf;
414 + char *result;
415 + int retval;
416 +
417 + buf = kmalloc(2, GFP_KERNEL);
418 + if (buf == NULL)
419 + return -ENOMEM;
420 + result = kmalloc(64, GFP_KERNEL);
421 + if (result == NULL) {
422 + kfree(buf);
423 + return -ENOMEM;
424 + }
425 +
426 + buf[0] = CINERGYT2_EP1_CONTROL_STREAM_TRANSFER;
427 + buf[1] = enable ? 1 : 0;
428 +
429 + retval = dvb_usb_generic_rw(adap->dev, buf, 2, result, 64, 0);
430 +
431 + kfree(buf);
432 + kfree(result);
433 + return retval;
434 }
435
436 static int cinergyt2_power_ctrl(struct dvb_usb_device *d, int enable)
437 {
438 - char buf[] = { CINERGYT2_EP1_SLEEP_MODE, enable ? 0 : 1 };
439 - char state[3];
440 - return dvb_usb_generic_rw(d, buf, sizeof(buf), state, sizeof(state), 0);
441 + char *buf;
442 + char *state;
443 + int retval;
444 +
445 + buf = kmalloc(2, GFP_KERNEL);
446 + if (buf == NULL)
447 + return -ENOMEM;
448 + state = kmalloc(3, GFP_KERNEL);
449 + if (state == NULL) {
450 + kfree(buf);
451 + return -ENOMEM;
452 + }
453 +
454 + buf[0] = CINERGYT2_EP1_SLEEP_MODE;
455 + buf[1] = enable ? 1 : 0;
456 +
457 + retval = dvb_usb_generic_rw(d, buf, 2, state, 3, 0);
458 +
459 + kfree(buf);
460 + kfree(state);
461 + return retval;
462 }
463
464 static int cinergyt2_frontend_attach(struct dvb_usb_adapter *adap)
465 {
466 - char query[] = { CINERGYT2_EP1_GET_FIRMWARE_VERSION };
467 - char state[3];
468 + char *query;
469 + char *state;
470 int ret;
471 + query = kmalloc(1, GFP_KERNEL);
472 + if (query == NULL)
473 + return -ENOMEM;
474 + state = kmalloc(3, GFP_KERNEL);
475 + if (state == NULL) {
476 + kfree(query);
477 + return -ENOMEM;
478 + }
479 +
480 + query[0] = CINERGYT2_EP1_GET_FIRMWARE_VERSION;
481
482 adap->fe_adap[0].fe = cinergyt2_fe_attach(adap->dev);
483
484 - ret = dvb_usb_generic_rw(adap->dev, query, sizeof(query), state,
485 - sizeof(state), 0);
486 + ret = dvb_usb_generic_rw(adap->dev, query, 1, state, 3, 0);
487 if (ret < 0) {
488 deb_rc("cinergyt2_power_ctrl() Failed to retrieve sleep "
489 "state info\n");
490 @@ -80,7 +124,8 @@
491
492 /* Copy this pointer as we are gonna need it in the release phase */
493 cinergyt2_usb_device = adap->dev;
494 -
495 + kfree(query);
496 + kfree(state);
497 return 0;
498 }
499
500 @@ -141,12 +186,23 @@
501 static int cinergyt2_rc_query(struct dvb_usb_device *d, u32 *event, int *state)
502 {
503 struct cinergyt2_state *st = d->priv;
504 - u8 key[5] = {0, 0, 0, 0, 0}, cmd = CINERGYT2_EP1_GET_RC_EVENTS;
505 + u8 *key, *cmd;
506 int i;
507
508 + cmd = kmalloc(1, GFP_KERNEL);
509 + if (cmd == NULL)
510 + return -EINVAL;
511 + key = kzalloc(5, GFP_KERNEL);
512 + if (key == NULL) {
513 + kfree(cmd);
514 + return -EINVAL;
515 + }
516 +
517 + cmd[0] = CINERGYT2_EP1_GET_RC_EVENTS;
518 +
519 *state = REMOTE_NO_KEY_PRESSED;
520
521 - dvb_usb_generic_rw(d, &cmd, 1, key, sizeof(key), 0);
522 + dvb_usb_generic_rw(d, cmd, 1, key, 5, 0);
523 if (key[4] == 0xff) {
524 /* key repeat */
525 st->rc_counter++;
526 @@ -157,12 +213,12 @@
527 *event = d->last_event;
528 deb_rc("repeat key, event %x\n",
529 *event);
530 - return 0;
531 + goto out;
532 }
533 }
534 deb_rc("repeated key (non repeatable)\n");
535 }
536 - return 0;
537 + goto out;
538 }
539
540 /* hack to pass checksum on the custom field */
541 @@ -174,6 +230,9 @@
542
543 deb_rc("key: %*ph\n", 5, key);
544 }
545 +out:
546 + kfree(cmd);
547 + kfree(key);
548 return 0;
549 }
550
551 diff -Naur backports-3.18.1-1.org/drivers/media/usb/dvb-usb/cinergyT2-fe.c backports-3.18.1-1/drivers/media/usb/dvb-usb/cinergyT2-fe.c
552 --- backports-3.18.1-1.org/drivers/media/usb/dvb-usb/cinergyT2-fe.c 2014-12-21 22:37:14.000000000 +0100
553 +++ backports-3.18.1-1/drivers/media/usb/dvb-usb/cinergyT2-fe.c 2014-12-28 14:10:09.532888798 +0100
554 @@ -145,103 +145,176 @@
555 fe_status_t *status)
556 {
557 struct cinergyt2_fe_state *state = fe->demodulator_priv;
558 - struct dvbt_get_status_msg result;
559 - u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
560 + struct dvbt_get_status_msg *result;
561 + u8 *cmd;
562 int ret;
563
564 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&result,
565 - sizeof(result), 0);
566 + cmd = kmalloc(1, GFP_KERNEL);
567 + if (cmd == NULL)
568 + return -ENOMEM;
569 + result = kmalloc(sizeof(*result), GFP_KERNEL);
570 + if (result == NULL) {
571 + kfree(cmd);
572 + return -ENOMEM;
573 + }
574 +
575 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
576 +
577 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)result,
578 + sizeof(*result), 0);
579 if (ret < 0)
580 - return ret;
581 + goto out;
582
583 *status = 0;
584
585 - if (0xffff - le16_to_cpu(result.gain) > 30)
586 + if (0xffff - le16_to_cpu(result->gain) > 30)
587 *status |= FE_HAS_SIGNAL;
588 - if (result.lock_bits & (1 << 6))
589 + if (result->lock_bits & (1 << 6))
590 *status |= FE_HAS_LOCK;
591 - if (result.lock_bits & (1 << 5))
592 + if (result->lock_bits & (1 << 5))
593 *status |= FE_HAS_SYNC;
594 - if (result.lock_bits & (1 << 4))
595 + if (result->lock_bits & (1 << 4))
596 *status |= FE_HAS_CARRIER;
597 - if (result.lock_bits & (1 << 1))
598 + if (result->lock_bits & (1 << 1))
599 *status |= FE_HAS_VITERBI;
600
601 if ((*status & (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC)) !=
602 (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC))
603 *status &= ~FE_HAS_LOCK;
604
605 - return 0;
606 +out:
607 + kfree(cmd);
608 + kfree(result);
609 + return ret;
610 }
611
612 static int cinergyt2_fe_read_ber(struct dvb_frontend *fe, u32 *ber)
613 {
614 struct cinergyt2_fe_state *state = fe->demodulator_priv;
615 - struct dvbt_get_status_msg status;
616 - char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
617 + struct dvbt_get_status_msg *status;
618 + char *cmd;
619 int ret;
620
621 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
622 - sizeof(status), 0);
623 + cmd = kmalloc(1, GFP_KERNEL);
624 + if (cmd == NULL)
625 + return -ENOMEM;
626 + status = kmalloc(sizeof(*status), GFP_KERNEL);
627 + if (status == NULL) {
628 + kfree(cmd);
629 + return -ENOMEM;
630 + }
631 +
632 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
633 +
634 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
635 + sizeof(*status), 0);
636 if (ret < 0)
637 - return ret;
638 + goto out;
639
640 - *ber = le32_to_cpu(status.viterbi_error_rate);
641 + *ber = le32_to_cpu(status->viterbi_error_rate);
642 +out:
643 + kfree(cmd);
644 + kfree(status);
645 return 0;
646 }
647
648 static int cinergyt2_fe_read_unc_blocks(struct dvb_frontend *fe, u32 *unc)
649 {
650 struct cinergyt2_fe_state *state = fe->demodulator_priv;
651 - struct dvbt_get_status_msg status;
652 - u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
653 + struct dvbt_get_status_msg *status;
654 + u8 *cmd;
655 int ret;
656
657 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&status,
658 - sizeof(status), 0);
659 + cmd = kmalloc(1, GFP_KERNEL);
660 + if (cmd == NULL)
661 + return -ENOMEM;
662 + status = kmalloc(sizeof(*status), GFP_KERNEL);
663 + if (status == NULL) {
664 + kfree(cmd);
665 + return -ENOMEM;
666 + }
667 +
668 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
669 +
670 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)status,
671 + sizeof(*status), 0);
672 if (ret < 0) {
673 err("cinergyt2_fe_read_unc_blocks() Failed! (Error=%d)\n",
674 ret);
675 - return ret;
676 + goto out;
677 }
678 - *unc = le32_to_cpu(status.uncorrected_block_count);
679 - return 0;
680 + *unc = le32_to_cpu(status->uncorrected_block_count);
681 +
682 +out:
683 + kfree(cmd);
684 + kfree(status);
685 + return ret;
686 }
687
688 static int cinergyt2_fe_read_signal_strength(struct dvb_frontend *fe,
689 u16 *strength)
690 {
691 struct cinergyt2_fe_state *state = fe->demodulator_priv;
692 - struct dvbt_get_status_msg status;
693 - char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
694 + struct dvbt_get_status_msg *status;
695 + char *cmd;
696 int ret;
697
698 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
699 - sizeof(status), 0);
700 + cmd = kmalloc(1, GFP_KERNEL);
701 + if (cmd == NULL)
702 + return -ENOMEM;
703 + status = kmalloc(sizeof(*status), GFP_KERNEL);
704 + if (status == NULL) {
705 + kfree(cmd);
706 + return -ENOMEM;
707 + }
708 +
709 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
710 +
711 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
712 + sizeof(*status), 0);
713 if (ret < 0) {
714 err("cinergyt2_fe_read_signal_strength() Failed!"
715 " (Error=%d)\n", ret);
716 - return ret;
717 + goto out;
718 }
719 - *strength = (0xffff - le16_to_cpu(status.gain));
720 + *strength = (0xffff - le16_to_cpu(status->gain));
721 +
722 +out:
723 + kfree(cmd);
724 + kfree(status);
725 return 0;
726 }
727
728 static int cinergyt2_fe_read_snr(struct dvb_frontend *fe, u16 *snr)
729 {
730 struct cinergyt2_fe_state *state = fe->demodulator_priv;
731 - struct dvbt_get_status_msg status;
732 - char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
733 + struct dvbt_get_status_msg *status;
734 + char *cmd;
735 int ret;
736
737 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
738 - sizeof(status), 0);
739 + cmd = kmalloc(1, GFP_KERNEL);
740 + if (cmd == NULL)
741 + return -ENOMEM;
742 + status = kmalloc(sizeof(*status), GFP_KERNEL);
743 + if (status == NULL) {
744 + kfree(cmd);
745 + return -ENOMEM;
746 + }
747 +
748 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
749 +
750 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
751 + sizeof(*status), 0);
752 if (ret < 0) {
753 err("cinergyt2_fe_read_snr() Failed! (Error=%d)\n", ret);
754 - return ret;
755 + goto out;
756 }
757 - *snr = (status.snr << 8) | status.snr;
758 - return 0;
759 + *snr = (status->snr << 8) | status->snr;
760 +
761 +out:
762 + kfree(cmd);
763 + kfree(status);
764 + return ret;
765 }
766
767 static int cinergyt2_fe_init(struct dvb_frontend *fe)
768 @@ -266,35 +339,46 @@
769 {
770 struct dtv_frontend_properties *fep = &fe->dtv_property_cache;
771 struct cinergyt2_fe_state *state = fe->demodulator_priv;
772 - struct dvbt_set_parameters_msg param;
773 - char result[2];
774 + struct dvbt_set_parameters_msg *param;
775 + char *result;
776 int err;
777
778 - param.cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS;
779 - param.tps = cpu_to_le16(compute_tps(fep));
780 - param.freq = cpu_to_le32(fep->frequency / 1000);
781 - param.flags = 0;
782 + result = kmalloc(2, GFP_KERNEL);
783 + if (result == NULL)
784 + return -ENOMEM;
785 + param = kmalloc(sizeof(*param), GFP_KERNEL);
786 + if (param == NULL) {
787 + kfree(result);
788 + return -ENOMEM;
789 + }
790 +
791 + param->cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS;
792 + param->tps = cpu_to_le16(compute_tps(fep));
793 + param->freq = cpu_to_le32(fep->frequency / 1000);
794 + param->flags = 0;
795
796 switch (fep->bandwidth_hz) {
797 default:
798 case 8000000:
799 - param.bandwidth = 8;
800 + param->bandwidth = 8;
801 break;
802 case 7000000:
803 - param.bandwidth = 7;
804 + param->bandwidth = 7;
805 break;
806 case 6000000:
807 - param.bandwidth = 6;
808 + param->bandwidth = 6;
809 break;
810 }
811
812 err = dvb_usb_generic_rw(state->d,
813 - (char *)&param, sizeof(param),
814 - result, sizeof(result), 0);
815 + (char *)param, sizeof(*param),
816 + result, 2, 0);
817 if (err < 0)
818 err("cinergyt2_fe_set_frontend() Failed! err=%d\n", err);
819
820 - return (err < 0) ? err : 0;
821 + kfree(result);
822 + kfree(param);
823 + return err;
824 }
825
826 static void cinergyt2_fe_release(struct dvb_frontend *fe)
827 diff -Naur backports-3.18.1-1.org/drivers/media/usb/dvb-usb/dvb-usb-firmware.c backports-3.18.1-1/drivers/media/usb/dvb-usb/dvb-usb-firmware.c
828 --- backports-3.18.1-1.org/drivers/media/usb/dvb-usb/dvb-usb-firmware.c 2014-12-21 22:37:14.000000000 +0100
829 +++ backports-3.18.1-1/drivers/media/usb/dvb-usb/dvb-usb-firmware.c 2014-12-28 14:10:09.532888798 +0100
830 @@ -35,42 +35,57 @@
831
832 int usb_cypress_load_firmware(struct usb_device *udev, const struct firmware *fw, int type)
833 {
834 - struct hexline hx;
835 - u8 reset;
836 + struct hexline *hx;
837 + u8 *reset;
838 int ret,pos=0;
839
840 + reset = kmalloc(1, GFP_KERNEL);
841 + if (reset == NULL)
842 + return -ENOMEM;
843 +
844 + hx = kmalloc(sizeof(struct hexline), GFP_KERNEL);
845 + if (hx == NULL) {
846 + kfree(reset);
847 + return -ENOMEM;
848 + }
849 +
850 /* stop the CPU */
851 - reset = 1;
852 - if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1)) != 1)
853 + reset[0] = 1;
854 + if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1)) != 1)
855 err("could not stop the USB controller CPU.");
856
857 - while ((ret = dvb_usb_get_hexline(fw,&hx,&pos)) > 0) {
858 - deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx.addr,hx.len,hx.chk);
859 - ret = usb_cypress_writemem(udev,hx.addr,hx.data,hx.len);
860 + while ((ret = dvb_usb_get_hexline(fw,hx,&pos)) > 0) {
861 + deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx->addr,hx->len,hx->chk);
862 + ret = usb_cypress_writemem(udev,hx->addr,hx->data,hx->len);
863
864 - if (ret != hx.len) {
865 + if (ret != hx->len) {
866 err("error while transferring firmware "
867 "(transferred size: %d, block size: %d)",
868 - ret,hx.len);
869 + ret,hx->len);
870 ret = -EINVAL;
871 break;
872 }
873 }
874 if (ret < 0) {
875 err("firmware download failed at %d with %d",pos,ret);
876 + kfree(reset);
877 + kfree(hx);
878 return ret;
879 }
880
881 if (ret == 0) {
882 /* restart the CPU */
883 - reset = 0;
884 - if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1) != 1) {
885 + reset[0] = 0;
886 + if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1) != 1) {
887 err("could not restart the USB controller CPU.");
888 ret = -EINVAL;
889 }
890 } else
891 ret = -EIO;
892
893 + kfree(reset);
894 + kfree(hx);
895 +
896 return ret;
897 }
898 EXPORT_SYMBOL(usb_cypress_load_firmware);
899 diff -Naur backports-3.18.1-1.org/drivers/media/usb/dvb-usb/dw2102.c backports-3.18.1-1/drivers/media/usb/dvb-usb/dw2102.c
900 --- backports-3.18.1-1.org/drivers/media/usb/dvb-usb/dw2102.c 2014-12-21 22:37:14.000000000 +0100
901 +++ backports-3.18.1-1/drivers/media/usb/dvb-usb/dw2102.c 2014-12-28 14:10:09.536888811 +0100
902 @@ -118,7 +118,7 @@
903
904 struct s6x0_state {
905 int (*old_set_voltage)(struct dvb_frontend *f, fe_sec_voltage_t v);
906 -};
907 +} __no_const;
908
909 /* debug */
910 static int dvb_usb_dw2102_debug;
911 diff -Naur backports-3.18.1-1.org/drivers/media/usb/dvb-usb/technisat-usb2.c backports-3.18.1-1/drivers/media/usb/dvb-usb/technisat-usb2.c
912 --- backports-3.18.1-1.org/drivers/media/usb/dvb-usb/technisat-usb2.c 2014-12-21 22:37:14.000000000 +0100
913 +++ backports-3.18.1-1/drivers/media/usb/dvb-usb/technisat-usb2.c 2014-12-28 14:10:09.536888811 +0100
914 @@ -87,8 +87,11 @@
915 static int technisat_usb2_i2c_access(struct usb_device *udev,
916 u8 device_addr, u8 *tx, u8 txlen, u8 *rx, u8 rxlen)
917 {
918 - u8 b[64];
919 - int ret, actual_length;
920 + u8 *b = kmalloc(64, GFP_KERNEL);
921 + int ret, actual_length, error = 0;
922 +
923 + if (b == NULL)
924 + return -ENOMEM;
925
926 deb_i2c("i2c-access: %02x, tx: ", device_addr);
927 debug_dump(tx, txlen, deb_i2c);
928 @@ -121,7 +124,8 @@
929
930 if (ret < 0) {
931 err("i2c-error: out failed %02x = %d", device_addr, ret);
932 - return -ENODEV;
933 + error = -ENODEV;
934 + goto out;
935 }
936
937 ret = usb_bulk_msg(udev,
938 @@ -129,7 +133,8 @@
939 b, 64, &actual_length, 1000);
940 if (ret < 0) {
941 err("i2c-error: in failed %02x = %d", device_addr, ret);
942 - return -ENODEV;
943 + error = -ENODEV;
944 + goto out;
945 }
946
947 if (b[0] != I2C_STATUS_OK) {
948 @@ -137,8 +142,10 @@
949 /* handle tuner-i2c-nak */
950 if (!(b[0] == I2C_STATUS_NAK &&
951 device_addr == 0x60
952 - /* && device_is_technisat_usb2 */))
953 - return -ENODEV;
954 + /* && device_is_technisat_usb2 */)) {
955 + error = -ENODEV;
956 + goto out;
957 + }
958 }
959
960 deb_i2c("status: %d, ", b[0]);
961 @@ -152,7 +159,9 @@
962
963 deb_i2c("\n");
964
965 - return 0;
966 +out:
967 + kfree(b);
968 + return error;
969 }
970
971 static int technisat_usb2_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msg,
972 @@ -224,14 +233,16 @@
973 {
974 int ret;
975
976 - u8 led[8] = {
977 - red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
978 - 0
979 - };
980 + u8 *led = kzalloc(8, GFP_KERNEL);
981 +
982 + if (led == NULL)
983 + return -ENOMEM;
984
985 if (disable_led_control && state != TECH_LED_OFF)
986 return 0;
987
988 + led[0] = red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST;
989 +
990 switch (state) {
991 case TECH_LED_ON:
992 led[1] = 0x82;
993 @@ -263,16 +274,22 @@
994 red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
995 USB_TYPE_VENDOR | USB_DIR_OUT,
996 0, 0,
997 - led, sizeof(led), 500);
998 + led, 8, 500);
999
1000 mutex_unlock(&d->i2c_mutex);
1001 +
1002 + kfree(led);
1003 +
1004 return ret;
1005 }
1006
1007 static int technisat_usb2_set_led_timer(struct dvb_usb_device *d, u8 red, u8 green)
1008 {
1009 int ret;
1010 - u8 b = 0;
1011 + u8 *b = kzalloc(1, GFP_KERNEL);
1012 +
1013 + if (b == NULL)
1014 + return -ENOMEM;
1015
1016 if (mutex_lock_interruptible(&d->i2c_mutex) < 0)
1017 return -EAGAIN;
1018 @@ -281,10 +298,12 @@
1019 SET_LED_TIMER_DIVIDER_VENDOR_REQUEST,
1020 USB_TYPE_VENDOR | USB_DIR_OUT,
1021 (red << 8) | green, 0,
1022 - &b, 1, 500);
1023 + b, 1, 500);
1024
1025 mutex_unlock(&d->i2c_mutex);
1026
1027 + kfree(b);
1028 +
1029 return ret;
1030 }
1031
1032 @@ -328,7 +347,7 @@
1033 struct dvb_usb_device_description **desc, int *cold)
1034 {
1035 int ret;
1036 - u8 version[3];
1037 + u8 *version = kmalloc(3, GFP_KERNEL);
1038
1039 /* first select the interface */
1040 if (usb_set_interface(udev, 0, 1) != 0)
1041 @@ -338,11 +357,14 @@
1042
1043 *cold = 0; /* by default do not download a firmware - just in case something is wrong */
1044
1045 + if (version == NULL)
1046 + return 0;
1047 +
1048 ret = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
1049 GET_VERSION_INFO_VENDOR_REQUEST,
1050 USB_TYPE_VENDOR | USB_DIR_IN,
1051 0, 0,
1052 - version, sizeof(version), 500);
1053 + version, 3, 500);
1054
1055 if (ret < 0)
1056 *cold = 1;
1057 @@ -351,6 +373,8 @@
1058 *cold = 0;
1059 }
1060
1061 + kfree(version);
1062 +
1063 return 0;
1064 }
1065
1066 @@ -591,10 +615,15 @@
1067
1068 static int technisat_usb2_get_ir(struct dvb_usb_device *d)
1069 {
1070 - u8 buf[62], *b;
1071 + u8 *buf, *b;
1072 int ret;
1073 struct ir_raw_event ev;
1074
1075 + buf = kmalloc(62, GFP_KERNEL);
1076 +
1077 + if (buf == NULL)
1078 + return -ENOMEM;
1079 +
1080 buf[0] = GET_IR_DATA_VENDOR_REQUEST;
1081 buf[1] = 0x08;
1082 buf[2] = 0x8f;
1083 @@ -617,16 +646,20 @@
1084 GET_IR_DATA_VENDOR_REQUEST,
1085 USB_TYPE_VENDOR | USB_DIR_IN,
1086 0x8080, 0,
1087 - buf, sizeof(buf), 500);
1088 + buf, 62, 500);
1089
1090 unlock:
1091 mutex_unlock(&d->i2c_mutex);
1092
1093 - if (ret < 0)
1094 + if (ret < 0) {
1095 + kfree(buf);
1096 return ret;
1097 + }
1098
1099 - if (ret == 1)
1100 + if (ret == 1) {
1101 + kfree(buf);
1102 return 0; /* no key pressed */
1103 + }
1104
1105 /* decoding */
1106 b = buf+1;
1107 @@ -653,6 +686,8 @@
1108
1109 ir_raw_event_handle(d->rc_dev);
1110
1111 + kfree(buf);
1112 +
1113 return 1;
1114 }
1115
1116 diff -Naur backports-3.18.1-1.org/drivers/media/v4l2-core/v4l2-device.c backports-3.18.1-1/drivers/media/v4l2-core/v4l2-device.c
1117 --- backports-3.18.1-1.org/drivers/media/v4l2-core/v4l2-device.c 2014-12-21 22:37:14.000000000 +0100
1118 +++ backports-3.18.1-1/drivers/media/v4l2-core/v4l2-device.c 2014-12-28 14:10:09.536888811 +0100
1119 @@ -75,9 +75,9 @@
1120 EXPORT_SYMBOL_GPL(v4l2_device_put);
1121
1122 int v4l2_device_set_name(struct v4l2_device *v4l2_dev, const char *basename,
1123 - atomic_t *instance)
1124 + atomic_unchecked_t *instance)
1125 {
1126 - int num = atomic_inc_return(instance) - 1;
1127 + int num = atomic_inc_return_unchecked(instance) - 1;
1128 int len = strlen(basename);
1129
1130 if (basename[len - 1] >= '0' && basename[len - 1] <= '9')
1131 diff -Naur backports-3.18.1-1.org/drivers/media/v4l2-core/v4l2-ioctl.c backports-3.18.1-1/drivers/media/v4l2-core/v4l2-ioctl.c
1132 --- backports-3.18.1-1.org/drivers/media/v4l2-core/v4l2-ioctl.c 2014-12-21 22:37:14.000000000 +0100
1133 +++ backports-3.18.1-1/drivers/media/v4l2-core/v4l2-ioctl.c 2014-12-28 14:10:09.536888811 +0100
1134 @@ -2142,7 +2142,8 @@
1135 struct file *file, void *fh, void *p);
1136 } u;
1137 void (*debug)(const void *arg, bool write_only);
1138 -};
1139 +} __do_const;
1140 +typedef struct v4l2_ioctl_info __no_const v4l2_ioctl_info_no_const;
1141
1142 /* This control needs a priority check */
1143 #define INFO_FL_PRIO (1 << 0)
1144 @@ -2326,7 +2327,7 @@
1145 struct video_device *vfd = video_devdata(file);
1146 const struct v4l2_ioctl_ops *ops = vfd->ioctl_ops;
1147 bool write_only = false;
1148 - struct v4l2_ioctl_info default_info;
1149 + v4l2_ioctl_info_no_const default_info;
1150 const struct v4l2_ioctl_info *info;
1151 void *fh = file->private_data;
1152 struct v4l2_fh *vfh = NULL;
1153 @@ -2413,7 +2414,7 @@
1154 ret = -EINVAL;
1155 break;
1156 }
1157 - *user_ptr = (void __user *)buf->m.planes;
1158 + *user_ptr = (void __force_user *)buf->m.planes;
1159 *kernel_ptr = (void **)&buf->m.planes;
1160 *array_size = sizeof(struct v4l2_plane) * buf->length;
1161 ret = 1;
1162 @@ -2430,7 +2431,7 @@
1163 ret = -EINVAL;
1164 break;
1165 }
1166 - *user_ptr = (void __user *)edid->edid;
1167 + *user_ptr = (void __force_user *)edid->edid;
1168 *kernel_ptr = (void **)&edid->edid;
1169 *array_size = edid->blocks * 128;
1170 ret = 1;
1171 @@ -2448,7 +2449,7 @@
1172 ret = -EINVAL;
1173 break;
1174 }
1175 - *user_ptr = (void __user *)ctrls->controls;
1176 + *user_ptr = (void __force_user *)ctrls->controls;
1177 *kernel_ptr = (void **)&ctrls->controls;
1178 *array_size = sizeof(struct v4l2_ext_control)
1179 * ctrls->count;
1180 @@ -2549,7 +2550,7 @@
1181 }
1182
1183 if (has_array_args) {
1184 - *kernel_ptr = (void __force *)user_ptr;
1185 + *kernel_ptr = (void __force_kernel *)user_ptr;
1186 if (copy_to_user(user_ptr, mbuf, array_size))
1187 err = -EFAULT;
1188 goto out_array_args;
1189 diff -Naur backports-3.18.1-1.org/drivers/net/ieee802154/fakehard.c backports-3.18.1-1/drivers/net/ieee802154/fakehard.c
1190 --- backports-3.18.1-1.org/drivers/net/ieee802154/fakehard.c 2014-12-21 22:37:14.000000000 +0100
1191 +++ backports-3.18.1-1/drivers/net/ieee802154/fakehard.c 2014-12-28 14:10:09.556888909 +0100
1192 @@ -365,7 +365,7 @@
1193 phy->transmit_power = 0xbf;
1194
1195 dev->netdev_ops = &fake_ops;
1196 - dev->ml_priv = &fake_mlme;
1197 + dev->ml_priv = (void *)&fake_mlme;
1198
1199 priv = netdev_priv(dev);
1200 priv->phy = phy;
1201 diff -Naur backports-3.18.1-1.org/drivers/net/usb/sierra_net.c backports-3.18.1-1/drivers/net/usb/sierra_net.c
1202 --- backports-3.18.1-1.org/drivers/net/usb/sierra_net.c 2014-12-21 22:37:14.000000000 +0100
1203 +++ backports-3.18.1-1/drivers/net/usb/sierra_net.c 2014-12-28 14:10:09.560888936 +0100
1204 @@ -51,7 +51,7 @@
1205 /* atomic counter partially included in MAC address to make sure 2 devices
1206 * do not end up with the same MAC - concept breaks in case of > 255 ifaces
1207 */
1208 -static atomic_t iface_counter = ATOMIC_INIT(0);
1209 +static atomic_unchecked_t iface_counter = ATOMIC_INIT(0);
1210
1211 /*
1212 * SYNC Timer Delay definition used to set the expiry time
1213 @@ -697,7 +697,7 @@
1214 dev->net->netdev_ops = &sierra_net_device_ops;
1215
1216 /* change MAC addr to include, ifacenum, and to be unique */
1217 - dev->net->dev_addr[ETH_ALEN-2] = atomic_inc_return(&iface_counter);
1218 + dev->net->dev_addr[ETH_ALEN-2] = atomic_inc_return_unchecked(&iface_counter);
1219 dev->net->dev_addr[ETH_ALEN-1] = ifacenum;
1220
1221 /* we will have to manufacture ethernet headers, prepare template */
1222 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/at76c50x-usb.c backports-3.18.1-1/drivers/net/wireless/at76c50x-usb.c
1223 --- backports-3.18.1-1.org/drivers/net/wireless/at76c50x-usb.c 2014-12-21 22:37:14.000000000 +0100
1224 +++ backports-3.18.1-1/drivers/net/wireless/at76c50x-usb.c 2014-12-28 14:10:09.560888936 +0100
1225 @@ -353,7 +353,7 @@
1226 }
1227
1228 /* Convert timeout from the DFU status to jiffies */
1229 -static inline unsigned long at76_get_timeout(struct dfu_status *s)
1230 +static inline unsigned long __intentional_overflow(-1) at76_get_timeout(struct dfu_status *s)
1231 {
1232 return msecs_to_jiffies((s->poll_timeout[2] << 16)
1233 | (s->poll_timeout[1] << 8)
1234 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath10k/htc.c backports-3.18.1-1/drivers/net/wireless/ath/ath10k/htc.c
1235 --- backports-3.18.1-1.org/drivers/net/wireless/ath/ath10k/htc.c 2014-12-21 22:37:14.000000000 +0100
1236 +++ backports-3.18.1-1/drivers/net/wireless/ath/ath10k/htc.c 2014-12-28 14:10:09.560888936 +0100
1237 @@ -848,7 +848,10 @@
1238 /* registered target arrival callback from the HIF layer */
1239 int ath10k_htc_init(struct ath10k *ar)
1240 {
1241 - struct ath10k_hif_cb htc_callbacks;
1242 + static struct ath10k_hif_cb htc_callbacks = {
1243 + .rx_completion = ath10k_htc_rx_completion_handler,
1244 + .tx_completion = ath10k_htc_tx_completion_handler,
1245 + };
1246 struct ath10k_htc_ep *ep = NULL;
1247 struct ath10k_htc *htc = &ar->htc;
1248
1249 @@ -857,8 +860,6 @@
1250 ath10k_htc_reset_endpoint_states(htc);
1251
1252 /* setup HIF layer callbacks */
1253 - htc_callbacks.rx_completion = ath10k_htc_rx_completion_handler;
1254 - htc_callbacks.tx_completion = ath10k_htc_tx_completion_handler;
1255 htc->ar = ar;
1256
1257 /* Get HIF default pipe for HTC message exchange */
1258 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath10k/htc.h backports-3.18.1-1/drivers/net/wireless/ath/ath10k/htc.h
1259 --- backports-3.18.1-1.org/drivers/net/wireless/ath/ath10k/htc.h 2014-12-21 22:37:14.000000000 +0100
1260 +++ backports-3.18.1-1/drivers/net/wireless/ath/ath10k/htc.h 2014-12-28 14:10:09.560888936 +0100
1261 @@ -270,13 +270,13 @@
1262
1263 struct ath10k_htc_ops {
1264 void (*target_send_suspend_complete)(struct ath10k *ar);
1265 -};
1266 +} __no_const;
1267
1268 struct ath10k_htc_ep_ops {
1269 void (*ep_tx_complete)(struct ath10k *, struct sk_buff *);
1270 void (*ep_rx_complete)(struct ath10k *, struct sk_buff *);
1271 void (*ep_tx_credits)(struct ath10k *);
1272 -};
1273 +} __no_const;
1274
1275 /* service connection information */
1276 struct ath10k_htc_svc_conn_req {
1277 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/ar9002_mac.c backports-3.18.1-1/drivers/net/wireless/ath/ath9k/ar9002_mac.c
1278 --- backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/ar9002_mac.c 2014-12-21 22:37:14.000000000 +0100
1279 +++ backports-3.18.1-1/drivers/net/wireless/ath/ath9k/ar9002_mac.c 2014-12-28 14:10:09.560888936 +0100
1280 @@ -220,8 +220,8 @@
1281 ads->ds_txstatus6 = ads->ds_txstatus7 = 0;
1282 ads->ds_txstatus8 = ads->ds_txstatus9 = 0;
1283
1284 - ACCESS_ONCE(ads->ds_link) = i->link;
1285 - ACCESS_ONCE(ads->ds_data) = i->buf_addr[0];
1286 + ACCESS_ONCE_RW(ads->ds_link) = i->link;
1287 + ACCESS_ONCE_RW(ads->ds_data) = i->buf_addr[0];
1288
1289 ctl1 = i->buf_len[0] | (i->is_last ? 0 : AR_TxMore);
1290 ctl6 = SM(i->keytype, AR_EncrType);
1291 @@ -235,26 +235,26 @@
1292
1293 if ((i->is_first || i->is_last) &&
1294 i->aggr != AGGR_BUF_MIDDLE && i->aggr != AGGR_BUF_LAST) {
1295 - ACCESS_ONCE(ads->ds_ctl2) = set11nTries(i->rates, 0)
1296 + ACCESS_ONCE_RW(ads->ds_ctl2) = set11nTries(i->rates, 0)
1297 | set11nTries(i->rates, 1)
1298 | set11nTries(i->rates, 2)
1299 | set11nTries(i->rates, 3)
1300 | (i->dur_update ? AR_DurUpdateEna : 0)
1301 | SM(0, AR_BurstDur);
1302
1303 - ACCESS_ONCE(ads->ds_ctl3) = set11nRate(i->rates, 0)
1304 + ACCESS_ONCE_RW(ads->ds_ctl3) = set11nRate(i->rates, 0)
1305 | set11nRate(i->rates, 1)
1306 | set11nRate(i->rates, 2)
1307 | set11nRate(i->rates, 3);
1308 } else {
1309 - ACCESS_ONCE(ads->ds_ctl2) = 0;
1310 - ACCESS_ONCE(ads->ds_ctl3) = 0;
1311 + ACCESS_ONCE_RW(ads->ds_ctl2) = 0;
1312 + ACCESS_ONCE_RW(ads->ds_ctl3) = 0;
1313 }
1314
1315 if (!i->is_first) {
1316 - ACCESS_ONCE(ads->ds_ctl0) = 0;
1317 - ACCESS_ONCE(ads->ds_ctl1) = ctl1;
1318 - ACCESS_ONCE(ads->ds_ctl6) = ctl6;
1319 + ACCESS_ONCE_RW(ads->ds_ctl0) = 0;
1320 + ACCESS_ONCE_RW(ads->ds_ctl1) = ctl1;
1321 + ACCESS_ONCE_RW(ads->ds_ctl6) = ctl6;
1322 return;
1323 }
1324
1325 @@ -279,7 +279,7 @@
1326 break;
1327 }
1328
1329 - ACCESS_ONCE(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen)
1330 + ACCESS_ONCE_RW(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen)
1331 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0)
1332 | SM(i->txpower, AR_XmitPower0)
1333 | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0)
1334 @@ -289,27 +289,27 @@
1335 | (i->flags & ATH9K_TXDESC_RTSENA ? AR_RTSEnable :
1336 (i->flags & ATH9K_TXDESC_CTSENA ? AR_CTSEnable : 0));
1337
1338 - ACCESS_ONCE(ads->ds_ctl1) = ctl1;
1339 - ACCESS_ONCE(ads->ds_ctl6) = ctl6;
1340 + ACCESS_ONCE_RW(ads->ds_ctl1) = ctl1;
1341 + ACCESS_ONCE_RW(ads->ds_ctl6) = ctl6;
1342
1343 if (i->aggr == AGGR_BUF_MIDDLE || i->aggr == AGGR_BUF_LAST)
1344 return;
1345
1346 - ACCESS_ONCE(ads->ds_ctl4) = set11nPktDurRTSCTS(i->rates, 0)
1347 + ACCESS_ONCE_RW(ads->ds_ctl4) = set11nPktDurRTSCTS(i->rates, 0)
1348 | set11nPktDurRTSCTS(i->rates, 1);
1349
1350 - ACCESS_ONCE(ads->ds_ctl5) = set11nPktDurRTSCTS(i->rates, 2)
1351 + ACCESS_ONCE_RW(ads->ds_ctl5) = set11nPktDurRTSCTS(i->rates, 2)
1352 | set11nPktDurRTSCTS(i->rates, 3);
1353
1354 - ACCESS_ONCE(ads->ds_ctl7) = set11nRateFlags(i->rates, 0)
1355 + ACCESS_ONCE_RW(ads->ds_ctl7) = set11nRateFlags(i->rates, 0)
1356 | set11nRateFlags(i->rates, 1)
1357 | set11nRateFlags(i->rates, 2)
1358 | set11nRateFlags(i->rates, 3)
1359 | SM(i->rtscts_rate, AR_RTSCTSRate);
1360
1361 - ACCESS_ONCE(ads->ds_ctl9) = SM(i->txpower, AR_XmitPower1);
1362 - ACCESS_ONCE(ads->ds_ctl10) = SM(i->txpower, AR_XmitPower2);
1363 - ACCESS_ONCE(ads->ds_ctl11) = SM(i->txpower, AR_XmitPower3);
1364 + ACCESS_ONCE_RW(ads->ds_ctl9) = SM(i->txpower, AR_XmitPower1);
1365 + ACCESS_ONCE_RW(ads->ds_ctl10) = SM(i->txpower, AR_XmitPower2);
1366 + ACCESS_ONCE_RW(ads->ds_ctl11) = SM(i->txpower, AR_XmitPower3);
1367 }
1368
1369 static int ar9002_hw_proc_txdesc(struct ath_hw *ah, void *ds,
1370 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/ar9003_mac.c backports-3.18.1-1/drivers/net/wireless/ath/ath9k/ar9003_mac.c
1371 --- backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/ar9003_mac.c 2014-12-21 22:37:14.000000000 +0100
1372 +++ backports-3.18.1-1/drivers/net/wireless/ath/ath9k/ar9003_mac.c 2014-12-28 14:10:09.560888936 +0100
1373 @@ -39,47 +39,47 @@
1374 (i->qcu << AR_TxQcuNum_S) | desc_len;
1375
1376 checksum += val;
1377 - ACCESS_ONCE(ads->info) = val;
1378 + ACCESS_ONCE_RW(ads->info) = val;
1379
1380 checksum += i->link;
1381 - ACCESS_ONCE(ads->link) = i->link;
1382 + ACCESS_ONCE_RW(ads->link) = i->link;
1383
1384 checksum += i->buf_addr[0];
1385 - ACCESS_ONCE(ads->data0) = i->buf_addr[0];
1386 + ACCESS_ONCE_RW(ads->data0) = i->buf_addr[0];
1387 checksum += i->buf_addr[1];
1388 - ACCESS_ONCE(ads->data1) = i->buf_addr[1];
1389 + ACCESS_ONCE_RW(ads->data1) = i->buf_addr[1];
1390 checksum += i->buf_addr[2];
1391 - ACCESS_ONCE(ads->data2) = i->buf_addr[2];
1392 + ACCESS_ONCE_RW(ads->data2) = i->buf_addr[2];
1393 checksum += i->buf_addr[3];
1394 - ACCESS_ONCE(ads->data3) = i->buf_addr[3];
1395 + ACCESS_ONCE_RW(ads->data3) = i->buf_addr[3];
1396
1397 checksum += (val = (i->buf_len[0] << AR_BufLen_S) & AR_BufLen);
1398 - ACCESS_ONCE(ads->ctl3) = val;
1399 + ACCESS_ONCE_RW(ads->ctl3) = val;
1400 checksum += (val = (i->buf_len[1] << AR_BufLen_S) & AR_BufLen);
1401 - ACCESS_ONCE(ads->ctl5) = val;
1402 + ACCESS_ONCE_RW(ads->ctl5) = val;
1403 checksum += (val = (i->buf_len[2] << AR_BufLen_S) & AR_BufLen);
1404 - ACCESS_ONCE(ads->ctl7) = val;
1405 + ACCESS_ONCE_RW(ads->ctl7) = val;
1406 checksum += (val = (i->buf_len[3] << AR_BufLen_S) & AR_BufLen);
1407 - ACCESS_ONCE(ads->ctl9) = val;
1408 + ACCESS_ONCE_RW(ads->ctl9) = val;
1409
1410 checksum = (u16) (((checksum & 0xffff) + (checksum >> 16)) & 0xffff);
1411 - ACCESS_ONCE(ads->ctl10) = checksum;
1412 + ACCESS_ONCE_RW(ads->ctl10) = checksum;
1413
1414 if (i->is_first || i->is_last) {
1415 - ACCESS_ONCE(ads->ctl13) = set11nTries(i->rates, 0)
1416 + ACCESS_ONCE_RW(ads->ctl13) = set11nTries(i->rates, 0)
1417 | set11nTries(i->rates, 1)
1418 | set11nTries(i->rates, 2)
1419 | set11nTries(i->rates, 3)
1420 | (i->dur_update ? AR_DurUpdateEna : 0)
1421 | SM(0, AR_BurstDur);
1422
1423 - ACCESS_ONCE(ads->ctl14) = set11nRate(i->rates, 0)
1424 + ACCESS_ONCE_RW(ads->ctl14) = set11nRate(i->rates, 0)
1425 | set11nRate(i->rates, 1)
1426 | set11nRate(i->rates, 2)
1427 | set11nRate(i->rates, 3);
1428 } else {
1429 - ACCESS_ONCE(ads->ctl13) = 0;
1430 - ACCESS_ONCE(ads->ctl14) = 0;
1431 + ACCESS_ONCE_RW(ads->ctl13) = 0;
1432 + ACCESS_ONCE_RW(ads->ctl14) = 0;
1433 }
1434
1435 ads->ctl20 = 0;
1436 @@ -89,17 +89,17 @@
1437
1438 ctl17 = SM(i->keytype, AR_EncrType);
1439 if (!i->is_first) {
1440 - ACCESS_ONCE(ads->ctl11) = 0;
1441 - ACCESS_ONCE(ads->ctl12) = i->is_last ? 0 : AR_TxMore;
1442 - ACCESS_ONCE(ads->ctl15) = 0;
1443 - ACCESS_ONCE(ads->ctl16) = 0;
1444 - ACCESS_ONCE(ads->ctl17) = ctl17;
1445 - ACCESS_ONCE(ads->ctl18) = 0;
1446 - ACCESS_ONCE(ads->ctl19) = 0;
1447 + ACCESS_ONCE_RW(ads->ctl11) = 0;
1448 + ACCESS_ONCE_RW(ads->ctl12) = i->is_last ? 0 : AR_TxMore;
1449 + ACCESS_ONCE_RW(ads->ctl15) = 0;
1450 + ACCESS_ONCE_RW(ads->ctl16) = 0;
1451 + ACCESS_ONCE_RW(ads->ctl17) = ctl17;
1452 + ACCESS_ONCE_RW(ads->ctl18) = 0;
1453 + ACCESS_ONCE_RW(ads->ctl19) = 0;
1454 return;
1455 }
1456
1457 - ACCESS_ONCE(ads->ctl11) = (i->pkt_len & AR_FrameLen)
1458 + ACCESS_ONCE_RW(ads->ctl11) = (i->pkt_len & AR_FrameLen)
1459 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0)
1460 | SM(i->txpower, AR_XmitPower0)
1461 | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0)
1462 @@ -135,26 +135,26 @@
1463 val = (i->flags & ATH9K_TXDESC_PAPRD) >> ATH9K_TXDESC_PAPRD_S;
1464 ctl12 |= SM(val, AR_PAPRDChainMask);
1465
1466 - ACCESS_ONCE(ads->ctl12) = ctl12;
1467 - ACCESS_ONCE(ads->ctl17) = ctl17;
1468 + ACCESS_ONCE_RW(ads->ctl12) = ctl12;
1469 + ACCESS_ONCE_RW(ads->ctl17) = ctl17;
1470
1471 - ACCESS_ONCE(ads->ctl15) = set11nPktDurRTSCTS(i->rates, 0)
1472 + ACCESS_ONCE_RW(ads->ctl15) = set11nPktDurRTSCTS(i->rates, 0)
1473 | set11nPktDurRTSCTS(i->rates, 1);
1474
1475 - ACCESS_ONCE(ads->ctl16) = set11nPktDurRTSCTS(i->rates, 2)
1476 + ACCESS_ONCE_RW(ads->ctl16) = set11nPktDurRTSCTS(i->rates, 2)
1477 | set11nPktDurRTSCTS(i->rates, 3);
1478
1479 - ACCESS_ONCE(ads->ctl18) = set11nRateFlags(i->rates, 0)
1480 + ACCESS_ONCE_RW(ads->ctl18) = set11nRateFlags(i->rates, 0)
1481 | set11nRateFlags(i->rates, 1)
1482 | set11nRateFlags(i->rates, 2)
1483 | set11nRateFlags(i->rates, 3)
1484 | SM(i->rtscts_rate, AR_RTSCTSRate);
1485
1486 - ACCESS_ONCE(ads->ctl19) = AR_Not_Sounding;
1487 + ACCESS_ONCE_RW(ads->ctl19) = AR_Not_Sounding;
1488
1489 - ACCESS_ONCE(ads->ctl20) = SM(i->txpower, AR_XmitPower1);
1490 - ACCESS_ONCE(ads->ctl21) = SM(i->txpower, AR_XmitPower2);
1491 - ACCESS_ONCE(ads->ctl22) = SM(i->txpower, AR_XmitPower3);
1492 + ACCESS_ONCE_RW(ads->ctl20) = SM(i->txpower, AR_XmitPower1);
1493 + ACCESS_ONCE_RW(ads->ctl21) = SM(i->txpower, AR_XmitPower2);
1494 + ACCESS_ONCE_RW(ads->ctl22) = SM(i->txpower, AR_XmitPower3);
1495 }
1496
1497 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads)
1498 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/hw.h backports-3.18.1-1/drivers/net/wireless/ath/ath9k/hw.h
1499 --- backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/hw.h 2014-12-21 22:37:14.000000000 +0100
1500 +++ backports-3.18.1-1/drivers/net/wireless/ath/ath9k/hw.h 2014-12-28 14:10:09.564888946 +0100
1501 @@ -630,7 +630,7 @@
1502
1503 /* ANI */
1504 void (*ani_cache_ini_regs)(struct ath_hw *ah);
1505 -};
1506 +} __no_const;
1507
1508 /**
1509 * struct ath_spec_scan - parameters for Atheros spectral scan
1510 @@ -708,7 +708,7 @@
1511 #ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT
1512 void (*set_bt_ant_diversity)(struct ath_hw *hw, bool enable);
1513 #endif
1514 -};
1515 +} __no_const;
1516
1517 struct ath_nf_limits {
1518 s16 max;
1519 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/main.c backports-3.18.1-1/drivers/net/wireless/ath/ath9k/main.c
1520 --- backports-3.18.1-1.org/drivers/net/wireless/ath/ath9k/main.c 2014-12-21 22:37:14.000000000 +0100
1521 +++ backports-3.18.1-1/drivers/net/wireless/ath/ath9k/main.c 2014-12-28 14:24:49.169250593 +0100
1522 @@ -2454,16 +2454,18 @@
1523 if (!ath9k_is_chanctx_enabled())
1524 return;
1525
1526 - ath9k_ops.hw_scan = ath9k_hw_scan;
1527 - ath9k_ops.cancel_hw_scan = ath9k_cancel_hw_scan;
1528 - ath9k_ops.remain_on_channel = ath9k_remain_on_channel;
1529 - ath9k_ops.cancel_remain_on_channel = ath9k_cancel_remain_on_channel;
1530 - ath9k_ops.add_chanctx = ath9k_add_chanctx;
1531 - ath9k_ops.remove_chanctx = ath9k_remove_chanctx;
1532 - ath9k_ops.change_chanctx = ath9k_change_chanctx;
1533 - ath9k_ops.assign_vif_chanctx = ath9k_assign_vif_chanctx;
1534 - ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx;
1535 - ath9k_ops.mgd_prepare_tx = ath9k_mgd_prepare_tx;
1536 + pax_open_kernel();
1537 + *(void **)&ath9k_ops.hw_scan = ath9k_hw_scan;
1538 + *(void **)&ath9k_ops.cancel_hw_scan = ath9k_cancel_hw_scan;
1539 + *(void **)&ath9k_ops.remain_on_channel = ath9k_remain_on_channel;
1540 + *(void **)&ath9k_ops.cancel_remain_on_channel = ath9k_cancel_remain_on_channel;
1541 + *(void **)&ath9k_ops.add_chanctx = ath9k_add_chanctx;
1542 + *(void **)&ath9k_ops.remove_chanctx = ath9k_remove_chanctx;
1543 + *(void **)&ath9k_ops.change_chanctx = ath9k_change_chanctx;
1544 + *(void **)&ath9k_ops.assign_vif_chanctx = ath9k_assign_vif_chanctx;
1545 + *(void **)&ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx;
1546 + *(void **)&ath9k_ops.mgd_prepare_tx = ath9k_mgd_prepare_tx;
1547 + pax_close_kernel();
1548 }
1549
1550 #endif
1551 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/b43/phy_lp.c backports-3.18.1-1/drivers/net/wireless/b43/phy_lp.c
1552 --- backports-3.18.1-1.org/drivers/net/wireless/b43/phy_lp.c 2014-12-21 22:37:14.000000000 +0100
1553 +++ backports-3.18.1-1/drivers/net/wireless/b43/phy_lp.c 2014-12-28 14:10:09.564888946 +0100
1554 @@ -2502,7 +2502,7 @@
1555 {
1556 struct ssb_bus *bus = dev->dev->sdev->bus;
1557
1558 - static const struct b206x_channel *chandata = NULL;
1559 + const struct b206x_channel *chandata = NULL;
1560 u32 crystal_freq = bus->chipco.pmu.crystalfreq * 1000;
1561 u32 freqref, vco_freq, val1, val2, val3, timeout, timeoutref, count;
1562 u16 old_comm15, scale;
1563 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/iwlegacy/3945-mac.c backports-3.18.1-1/drivers/net/wireless/iwlegacy/3945-mac.c
1564 --- backports-3.18.1-1.org/drivers/net/wireless/iwlegacy/3945-mac.c 2014-12-21 22:37:14.000000000 +0100
1565 +++ backports-3.18.1-1/drivers/net/wireless/iwlegacy/3945-mac.c 2014-12-28 14:10:09.564888946 +0100
1566 @@ -3633,7 +3633,9 @@
1567 */
1568 if (il3945_mod_params.disable_hw_scan) {
1569 D_INFO("Disabling hw_scan\n");
1570 - il3945_mac_ops.hw_scan = NULL;
1571 + pax_open_kernel();
1572 + *(void **)&il3945_mac_ops.hw_scan = NULL;
1573 + pax_close_kernel();
1574 }
1575
1576 D_INFO("*** LOAD DRIVER ***\n");
1577 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/iwlwifi/dvm/debugfs.c backports-3.18.1-1/drivers/net/wireless/iwlwifi/dvm/debugfs.c
1578 --- backports-3.18.1-1.org/drivers/net/wireless/iwlwifi/dvm/debugfs.c 2014-12-21 22:37:14.000000000 +0100
1579 +++ backports-3.18.1-1/drivers/net/wireless/iwlwifi/dvm/debugfs.c 2014-12-28 14:10:09.564888946 +0100
1580 @@ -188,7 +188,7 @@
1581 {
1582 struct iwl_priv *priv = file->private_data;
1583 char buf[64];
1584 - int buf_size;
1585 + size_t buf_size;
1586 u32 offset, len;
1587
1588 memset(buf, 0, sizeof(buf));
1589 @@ -458,7 +458,7 @@
1590 struct iwl_priv *priv = file->private_data;
1591
1592 char buf[8];
1593 - int buf_size;
1594 + size_t buf_size;
1595 u32 reset_flag;
1596
1597 memset(buf, 0, sizeof(buf));
1598 @@ -539,7 +539,7 @@
1599 {
1600 struct iwl_priv *priv = file->private_data;
1601 char buf[8];
1602 - int buf_size;
1603 + size_t buf_size;
1604 int ht40;
1605
1606 memset(buf, 0, sizeof(buf));
1607 @@ -591,7 +591,7 @@
1608 {
1609 struct iwl_priv *priv = file->private_data;
1610 char buf[8];
1611 - int buf_size;
1612 + size_t buf_size;
1613 int value;
1614
1615 memset(buf, 0, sizeof(buf));
1616 @@ -683,10 +683,10 @@
1617 DEBUGFS_READ_WRITE_FILE_OPS(sleep_level_override);
1618 DEBUGFS_READ_FILE_OPS(current_sleep_command);
1619
1620 -static const char *fmt_value = " %-30s %10u\n";
1621 -static const char *fmt_hex = " %-30s 0x%02X\n";
1622 -static const char *fmt_table = " %-30s %10u %10u %10u %10u\n";
1623 -static const char *fmt_header =
1624 +static const char fmt_value[] = " %-30s %10u\n";
1625 +static const char fmt_hex[] = " %-30s 0x%02X\n";
1626 +static const char fmt_table[] = " %-30s %10u %10u %10u %10u\n";
1627 +static const char fmt_header[] =
1628 "%-32s current cumulative delta max\n";
1629
1630 static int iwl_statistics_flag(struct iwl_priv *priv, char *buf, int bufsz)
1631 @@ -1856,7 +1856,7 @@
1632 {
1633 struct iwl_priv *priv = file->private_data;
1634 char buf[8];
1635 - int buf_size;
1636 + size_t buf_size;
1637 int clear;
1638
1639 memset(buf, 0, sizeof(buf));
1640 @@ -1901,7 +1901,7 @@
1641 {
1642 struct iwl_priv *priv = file->private_data;
1643 char buf[8];
1644 - int buf_size;
1645 + size_t buf_size;
1646 int trace;
1647
1648 memset(buf, 0, sizeof(buf));
1649 @@ -1972,7 +1972,7 @@
1650 {
1651 struct iwl_priv *priv = file->private_data;
1652 char buf[8];
1653 - int buf_size;
1654 + size_t buf_size;
1655 int missed;
1656
1657 memset(buf, 0, sizeof(buf));
1658 @@ -2013,7 +2013,7 @@
1659
1660 struct iwl_priv *priv = file->private_data;
1661 char buf[8];
1662 - int buf_size;
1663 + size_t buf_size;
1664 int plcp;
1665
1666 memset(buf, 0, sizeof(buf));
1667 @@ -2073,7 +2073,7 @@
1668
1669 struct iwl_priv *priv = file->private_data;
1670 char buf[8];
1671 - int buf_size;
1672 + size_t buf_size;
1673 int flush;
1674
1675 memset(buf, 0, sizeof(buf));
1676 @@ -2163,7 +2163,7 @@
1677
1678 struct iwl_priv *priv = file->private_data;
1679 char buf[8];
1680 - int buf_size;
1681 + size_t buf_size;
1682 int rts;
1683
1684 if (!priv->cfg->ht_params)
1685 @@ -2204,7 +2204,7 @@
1686 {
1687 struct iwl_priv *priv = file->private_data;
1688 char buf[8];
1689 - int buf_size;
1690 + size_t buf_size;
1691
1692 memset(buf, 0, sizeof(buf));
1693 buf_size = min(count, sizeof(buf) - 1);
1694 @@ -2238,7 +2238,7 @@
1695 struct iwl_priv *priv = file->private_data;
1696 u32 event_log_flag;
1697 char buf[8];
1698 - int buf_size;
1699 + size_t buf_size;
1700
1701 /* check that the interface is up */
1702 if (!iwl_is_ready(priv))
1703 @@ -2292,7 +2292,7 @@
1704 struct iwl_priv *priv = file->private_data;
1705 char buf[8];
1706 u32 calib_disabled;
1707 - int buf_size;
1708 + size_t buf_size;
1709
1710 memset(buf, 0, sizeof(buf));
1711 buf_size = min(count, sizeof(buf) - 1);
1712 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/iwlwifi/pcie/trans.c backports-3.18.1-1/drivers/net/wireless/iwlwifi/pcie/trans.c
1713 --- backports-3.18.1-1.org/drivers/net/wireless/iwlwifi/pcie/trans.c 2014-12-21 22:37:14.000000000 +0100
1714 +++ backports-3.18.1-1/drivers/net/wireless/iwlwifi/pcie/trans.c 2014-12-28 14:10:09.564888946 +0100
1715 @@ -1689,7 +1689,7 @@
1716 struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
1717
1718 char buf[8];
1719 - int buf_size;
1720 + size_t buf_size;
1721 u32 reset_flag;
1722
1723 memset(buf, 0, sizeof(buf));
1724 @@ -1710,7 +1710,7 @@
1725 {
1726 struct iwl_trans *trans = file->private_data;
1727 char buf[8];
1728 - int buf_size;
1729 + size_t buf_size;
1730 int csr;
1731
1732 memset(buf, 0, sizeof(buf));
1733 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/mac80211_hwsim.c backports-3.18.1-1/drivers/net/wireless/mac80211_hwsim.c
1734 --- backports-3.18.1-1.org/drivers/net/wireless/mac80211_hwsim.c 2014-12-21 22:37:14.000000000 +0100
1735 +++ backports-3.18.1-1/drivers/net/wireless/mac80211_hwsim.c 2014-12-28 14:10:09.568888967 +0100
1736 @@ -2578,20 +2578,20 @@
1737 if (channels < 1)
1738 return -EINVAL;
1739
1740 - mac80211_hwsim_mchan_ops = mac80211_hwsim_ops;
1741 - mac80211_hwsim_mchan_ops.hw_scan = mac80211_hwsim_hw_scan;
1742 - mac80211_hwsim_mchan_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan;
1743 - mac80211_hwsim_mchan_ops.sw_scan_start = NULL;
1744 - mac80211_hwsim_mchan_ops.sw_scan_complete = NULL;
1745 - mac80211_hwsim_mchan_ops.remain_on_channel = mac80211_hwsim_roc;
1746 - mac80211_hwsim_mchan_ops.cancel_remain_on_channel = mac80211_hwsim_croc;
1747 - mac80211_hwsim_mchan_ops.add_chanctx = mac80211_hwsim_add_chanctx;
1748 - mac80211_hwsim_mchan_ops.remove_chanctx = mac80211_hwsim_remove_chanctx;
1749 - mac80211_hwsim_mchan_ops.change_chanctx = mac80211_hwsim_change_chanctx;
1750 - mac80211_hwsim_mchan_ops.assign_vif_chanctx =
1751 - mac80211_hwsim_assign_vif_chanctx;
1752 - mac80211_hwsim_mchan_ops.unassign_vif_chanctx =
1753 - mac80211_hwsim_unassign_vif_chanctx;
1754 + pax_open_kernel();
1755 + memcpy((void *)&mac80211_hwsim_mchan_ops, &mac80211_hwsim_ops, sizeof mac80211_hwsim_mchan_ops);
1756 + *(void **)&mac80211_hwsim_mchan_ops.hw_scan = mac80211_hwsim_hw_scan;
1757 + *(void **)&mac80211_hwsim_mchan_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan;
1758 + *(void **)&mac80211_hwsim_mchan_ops.sw_scan_start = NULL;
1759 + *(void **)&mac80211_hwsim_mchan_ops.sw_scan_complete = NULL;
1760 + *(void **)&mac80211_hwsim_mchan_ops.remain_on_channel = mac80211_hwsim_roc;
1761 + *(void **)&mac80211_hwsim_mchan_ops.cancel_remain_on_channel = mac80211_hwsim_croc;
1762 + *(void **)&mac80211_hwsim_mchan_ops.add_chanctx = mac80211_hwsim_add_chanctx;
1763 + *(void **)&mac80211_hwsim_mchan_ops.remove_chanctx = mac80211_hwsim_remove_chanctx;
1764 + *(void **)&mac80211_hwsim_mchan_ops.change_chanctx = mac80211_hwsim_change_chanctx;
1765 + *(void **)&mac80211_hwsim_mchan_ops.assign_vif_chanctx = mac80211_hwsim_assign_vif_chanctx;
1766 + *(void **)&mac80211_hwsim_mchan_ops.unassign_vif_chanctx = mac80211_hwsim_unassign_vif_chanctx;
1767 + pax_close_kernel();
1768
1769 spin_lock_init(&hwsim_radio_lock);
1770 INIT_LIST_HEAD(&hwsim_radios);
1771 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/rndis_wlan.c backports-3.18.1-1/drivers/net/wireless/rndis_wlan.c
1772 --- backports-3.18.1-1.org/drivers/net/wireless/rndis_wlan.c 2014-12-21 22:37:14.000000000 +0100
1773 +++ backports-3.18.1-1/drivers/net/wireless/rndis_wlan.c 2014-12-28 14:10:09.568888967 +0100
1774 @@ -1236,7 +1236,7 @@
1775
1776 netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold);
1777
1778 - if (rts_threshold < 0 || rts_threshold > 2347)
1779 + if (rts_threshold > 2347)
1780 rts_threshold = 2347;
1781
1782 tmp = cpu_to_le32(rts_threshold);
1783 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2x00.h backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2x00.h
1784 --- backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2x00.h 2014-12-21 22:37:14.000000000 +0100
1785 +++ backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2x00.h 2014-12-28 14:10:09.568888967 +0100
1786 @@ -375,7 +375,7 @@
1787 * for hardware which doesn't support hardware
1788 * sequence counting.
1789 */
1790 - atomic_t seqno;
1791 + atomic_unchecked_t seqno;
1792 };
1793
1794 static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif)
1795 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2x00queue.c backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2x00queue.c
1796 --- backports-3.18.1-1.org/drivers/net/wireless/rt2x00/rt2x00queue.c 2014-12-21 22:37:14.000000000 +0100
1797 +++ backports-3.18.1-1/drivers/net/wireless/rt2x00/rt2x00queue.c 2014-12-28 14:10:09.568888967 +0100
1798 @@ -224,9 +224,9 @@
1799 * sequence counter given by mac80211.
1800 */
1801 if (test_bit(ENTRY_TXD_FIRST_FRAGMENT, &txdesc->flags))
1802 - seqno = atomic_add_return(0x10, &intf->seqno);
1803 + seqno = atomic_add_return_unchecked(0x10, &intf->seqno);
1804 else
1805 - seqno = atomic_read(&intf->seqno);
1806 + seqno = atomic_read_unchecked(&intf->seqno);
1807
1808 hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
1809 hdr->seq_ctrl |= cpu_to_le16(seqno);
1810 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ti/wl1251/sdio.c backports-3.18.1-1/drivers/net/wireless/ti/wl1251/sdio.c
1811 --- backports-3.18.1-1.org/drivers/net/wireless/ti/wl1251/sdio.c 2014-12-21 22:37:14.000000000 +0100
1812 +++ backports-3.18.1-1/drivers/net/wireless/ti/wl1251/sdio.c 2014-12-28 14:10:09.568888967 +0100
1813 @@ -282,13 +282,17 @@
1814
1815 irq_set_irq_type(wl->irq, IRQ_TYPE_EDGE_RISING);
1816
1817 - wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq;
1818 - wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq;
1819 + pax_open_kernel();
1820 + *(void **)&wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq;
1821 + *(void **)&wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq;
1822 + pax_close_kernel();
1823
1824 wl1251_info("using dedicated interrupt line");
1825 } else {
1826 - wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq;
1827 - wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq;
1828 + pax_open_kernel();
1829 + *(void **)&wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq;
1830 + *(void **)&wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq;
1831 + pax_close_kernel();
1832
1833 wl1251_info("using SDIO interrupt");
1834 }
1835 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ti/wl12xx/main.c backports-3.18.1-1/drivers/net/wireless/ti/wl12xx/main.c
1836 --- backports-3.18.1-1.org/drivers/net/wireless/ti/wl12xx/main.c 2014-12-21 22:37:14.000000000 +0100
1837 +++ backports-3.18.1-1/drivers/net/wireless/ti/wl12xx/main.c 2014-12-28 14:10:09.568888967 +0100
1838 @@ -656,7 +656,9 @@
1839 sizeof(wl->conf.mem));
1840
1841 /* read data preparation is only needed by wl127x */
1842 - wl->ops->prepare_read = wl127x_prepare_read;
1843 + pax_open_kernel();
1844 + *(void **)&wl->ops->prepare_read = wl127x_prepare_read;
1845 + pax_close_kernel();
1846
1847 wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER,
1848 WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER,
1849 @@ -681,7 +683,9 @@
1850 sizeof(wl->conf.mem));
1851
1852 /* read data preparation is only needed by wl127x */
1853 - wl->ops->prepare_read = wl127x_prepare_read;
1854 + pax_open_kernel();
1855 + *(void **)&wl->ops->prepare_read = wl127x_prepare_read;
1856 + pax_close_kernel();
1857
1858 wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER,
1859 WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER,
1860 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/ti/wl18xx/main.c backports-3.18.1-1/drivers/net/wireless/ti/wl18xx/main.c
1861 --- backports-3.18.1-1.org/drivers/net/wireless/ti/wl18xx/main.c 2014-12-21 22:37:14.000000000 +0100
1862 +++ backports-3.18.1-1/drivers/net/wireless/ti/wl18xx/main.c 2014-12-28 14:10:09.568888967 +0100
1863 @@ -1916,8 +1916,10 @@
1864 }
1865
1866 if (!checksum_param) {
1867 - wl18xx_ops.set_rx_csum = NULL;
1868 - wl18xx_ops.init_vif = NULL;
1869 + pax_open_kernel();
1870 + *(void **)&wl18xx_ops.set_rx_csum = NULL;
1871 + *(void **)&wl18xx_ops.init_vif = NULL;
1872 + pax_close_kernel();
1873 }
1874
1875 /* Enable 11a Band only if we have 5G antennas */
1876 diff -Naur backports-3.18.1-1.org/drivers/net/wireless/zd1211rw/zd_usb.c backports-3.18.1-1/drivers/net/wireless/zd1211rw/zd_usb.c
1877 --- backports-3.18.1-1.org/drivers/net/wireless/zd1211rw/zd_usb.c 2014-12-21 22:37:14.000000000 +0100
1878 +++ backports-3.18.1-1/drivers/net/wireless/zd1211rw/zd_usb.c 2014-12-28 14:10:09.568888967 +0100
1879 @@ -385,7 +385,7 @@
1880 {
1881 struct zd_usb *usb = urb->context;
1882 struct zd_usb_interrupt *intr = &usb->intr;
1883 - int len;
1884 + unsigned int len;
1885 u16 int_num;
1886
1887 ZD_ASSERT(in_interrupt());
1888 diff -Naur backports-3.18.1-1.org/drivers/nfc/nfcwilink.c backports-3.18.1-1/drivers/nfc/nfcwilink.c
1889 --- backports-3.18.1-1.org/drivers/nfc/nfcwilink.c 2014-12-21 22:37:14.000000000 +0100
1890 +++ backports-3.18.1-1/drivers/nfc/nfcwilink.c 2014-12-28 14:10:09.568888967 +0100
1891 @@ -497,7 +497,7 @@
1892
1893 static int nfcwilink_probe(struct platform_device *pdev)
1894 {
1895 - static struct nfcwilink *drv;
1896 + struct nfcwilink *drv;
1897 int rc;
1898 __u32 protocols;
1899
1900 diff -Naur backports-3.18.1-1.org/include/linux/gracl_compat.h backports-3.18.1-1/include/linux/gracl_compat.h
1901 --- backports-3.18.1-1.org/include/linux/gracl_compat.h 1970-01-01 01:00:00.000000000 +0100
1902 +++ backports-3.18.1-1/include/linux/gracl_compat.h 2014-12-28 14:10:09.684889542 +0100
1903 @@ -0,0 +1,156 @@
1904 +#ifndef GR_ACL_COMPAT_H
1905 +#define GR_ACL_COMPAT_H
1906 +
1907 +#include <linux/resource.h>
1908 +#include <asm/resource.h>
1909 +
1910 +struct sprole_pw_compat {
1911 + compat_uptr_t rolename;
1912 + unsigned char salt[GR_SALT_LEN];
1913 + unsigned char sum[GR_SHA_LEN];
1914 +};
1915 +
1916 +struct gr_hash_struct_compat {
1917 + compat_uptr_t table;
1918 + compat_uptr_t nametable;
1919 + compat_uptr_t first;
1920 + __u32 table_size;
1921 + __u32 used_size;
1922 + int type;
1923 +};
1924 +
1925 +struct acl_subject_label_compat {
1926 + compat_uptr_t filename;
1927 + compat_ino_t inode;
1928 + __u32 device;
1929 + __u32 mode;
1930 + kernel_cap_t cap_mask;
1931 + kernel_cap_t cap_lower;
1932 + kernel_cap_t cap_invert_audit;
1933 +
1934 + struct compat_rlimit res[GR_NLIMITS];
1935 + __u32 resmask;
1936 +
1937 + __u8 user_trans_type;
1938 + __u8 group_trans_type;
1939 + compat_uptr_t user_transitions;
1940 + compat_uptr_t group_transitions;
1941 + __u16 user_trans_num;
1942 + __u16 group_trans_num;
1943 +
1944 + __u32 sock_families[2];
1945 + __u32 ip_proto[8];
1946 + __u32 ip_type;
1947 + compat_uptr_t ips;
1948 + __u32 ip_num;
1949 + __u32 inaddr_any_override;
1950 +
1951 + __u32 crashes;
1952 + compat_ulong_t expires;
1953 +
1954 + compat_uptr_t parent_subject;
1955 + compat_uptr_t hash;
1956 + compat_uptr_t prev;
1957 + compat_uptr_t next;
1958 +
1959 + compat_uptr_t obj_hash;
1960 + __u32 obj_hash_size;
1961 + __u16 pax_flags;
1962 +};
1963 +
1964 +struct role_allowed_ip_compat {
1965 + __u32 addr;
1966 + __u32 netmask;
1967 +
1968 + compat_uptr_t prev;
1969 + compat_uptr_t next;
1970 +};
1971 +
1972 +struct role_transition_compat {
1973 + compat_uptr_t rolename;
1974 +
1975 + compat_uptr_t prev;
1976 + compat_uptr_t next;
1977 +};
1978 +
1979 +struct acl_role_label_compat {
1980 + compat_uptr_t rolename;
1981 + uid_t uidgid;
1982 + __u16 roletype;
1983 +
1984 + __u16 auth_attempts;
1985 + compat_ulong_t expires;
1986 +
1987 + compat_uptr_t root_label;
1988 + compat_uptr_t hash;
1989 +
1990 + compat_uptr_t prev;
1991 + compat_uptr_t next;
1992 +
1993 + compat_uptr_t transitions;
1994 + compat_uptr_t allowed_ips;
1995 + compat_uptr_t domain_children;
1996 + __u16 domain_child_num;
1997 +
1998 + umode_t umask;
1999 +
2000 + compat_uptr_t subj_hash;
2001 + __u32 subj_hash_size;
2002 +};
2003 +
2004 +struct user_acl_role_db_compat {
2005 + compat_uptr_t r_table;
2006 + __u32 num_pointers;
2007 + __u32 num_roles;
2008 + __u32 num_domain_children;
2009 + __u32 num_subjects;
2010 + __u32 num_objects;
2011 +};
2012 +
2013 +struct acl_object_label_compat {
2014 + compat_uptr_t filename;
2015 + compat_ino_t inode;
2016 + __u32 device;
2017 + __u32 mode;
2018 +
2019 + compat_uptr_t nested;
2020 + compat_uptr_t globbed;
2021 +
2022 + compat_uptr_t prev;
2023 + compat_uptr_t next;
2024 +};
2025 +
2026 +struct acl_ip_label_compat {
2027 + compat_uptr_t iface;
2028 + __u32 addr;
2029 + __u32 netmask;
2030 + __u16 low, high;
2031 + __u8 mode;
2032 + __u32 type;
2033 + __u32 proto[8];
2034 +
2035 + compat_uptr_t prev;
2036 + compat_uptr_t next;
2037 +};
2038 +
2039 +struct gr_arg_compat {
2040 + struct user_acl_role_db_compat role_db;
2041 + unsigned char pw[GR_PW_LEN];
2042 + unsigned char salt[GR_SALT_LEN];
2043 + unsigned char sum[GR_SHA_LEN];
2044 + unsigned char sp_role[GR_SPROLE_LEN];
2045 + compat_uptr_t sprole_pws;
2046 + __u32 segv_device;
2047 + compat_ino_t segv_inode;
2048 + uid_t segv_uid;
2049 + __u16 num_sprole_pws;
2050 + __u16 mode;
2051 +};
2052 +
2053 +struct gr_arg_wrapper_compat {
2054 + compat_uptr_t arg;
2055 + __u32 version;
2056 + __u32 size;
2057 +};
2058 +
2059 +#endif
2060 diff -Naur backports-3.18.1-1.org/include/linux/gracl.h backports-3.18.1-1/include/linux/gracl.h
2061 --- backports-3.18.1-1.org/include/linux/gracl.h 1970-01-01 01:00:00.000000000 +0100
2062 +++ backports-3.18.1-1/include/linux/gracl.h 2014-12-28 14:10:09.684889542 +0100
2063 @@ -0,0 +1,340 @@
2064 +#ifndef GR_ACL_H
2065 +#define GR_ACL_H
2066 +
2067 +#include <linux/grdefs.h>
2068 +#include <linux/resource.h>
2069 +#include <linux/capability.h>
2070 +#include <linux/dcache.h>
2071 +#include <asm/resource.h>
2072 +
2073 +/* Major status information */
2074 +
2075 +#define GR_VERSION "grsecurity 3.0"
2076 +#define GRSECURITY_VERSION 0x3000
2077 +
2078 +enum {
2079 + GR_SHUTDOWN = 0,
2080 + GR_ENABLE = 1,
2081 + GR_SPROLE = 2,
2082 + GR_OLDRELOAD = 3,
2083 + GR_SEGVMOD = 4,
2084 + GR_STATUS = 5,
2085 + GR_UNSPROLE = 6,
2086 + GR_PASSSET = 7,
2087 + GR_SPROLEPAM = 8,
2088 + GR_RELOAD = 9,
2089 +};
2090 +
2091 +/* Password setup definitions
2092 + * kernel/grhash.c */
2093 +enum {
2094 + GR_PW_LEN = 128,
2095 + GR_SALT_LEN = 16,
2096 + GR_SHA_LEN = 32,
2097 +};
2098 +
2099 +enum {
2100 + GR_SPROLE_LEN = 64,
2101 +};
2102 +
2103 +enum {
2104 + GR_NO_GLOB = 0,
2105 + GR_REG_GLOB,
2106 + GR_CREATE_GLOB
2107 +};
2108 +
2109 +#define GR_NLIMITS 32
2110 +
2111 +/* Begin Data Structures */
2112 +
2113 +struct sprole_pw {
2114 + unsigned char *rolename;
2115 + unsigned char salt[GR_SALT_LEN];
2116 + unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */
2117 +};
2118 +
2119 +struct name_entry {
2120 + __u32 key;
2121 + ino_t inode;
2122 + dev_t device;
2123 + char *name;
2124 + __u16 len;
2125 + __u8 deleted;
2126 + struct name_entry *prev;
2127 + struct name_entry *next;
2128 +};
2129 +
2130 +struct inodev_entry {
2131 + struct name_entry *nentry;
2132 + struct inodev_entry *prev;
2133 + struct inodev_entry *next;
2134 +};
2135 +
2136 +struct acl_role_db {
2137 + struct acl_role_label **r_hash;
2138 + __u32 r_size;
2139 +};
2140 +
2141 +struct inodev_db {
2142 + struct inodev_entry **i_hash;
2143 + __u32 i_size;
2144 +};
2145 +
2146 +struct name_db {
2147 + struct name_entry **n_hash;
2148 + __u32 n_size;
2149 +};
2150 +
2151 +struct crash_uid {
2152 + uid_t uid;
2153 + unsigned long expires;
2154 +};
2155 +
2156 +struct gr_hash_struct {
2157 + void **table;
2158 + void **nametable;
2159 + void *first;
2160 + __u32 table_size;
2161 + __u32 used_size;
2162 + int type;
2163 +};
2164 +
2165 +/* Userspace Grsecurity ACL data structures */
2166 +
2167 +struct acl_subject_label {
2168 + char *filename;
2169 + ino_t inode;
2170 + dev_t device;
2171 + __u32 mode;
2172 + kernel_cap_t cap_mask;
2173 + kernel_cap_t cap_lower;
2174 + kernel_cap_t cap_invert_audit;
2175 +
2176 + struct rlimit res[GR_NLIMITS];
2177 + __u32 resmask;
2178 +
2179 + __u8 user_trans_type;
2180 + __u8 group_trans_type;
2181 + uid_t *user_transitions;
2182 + gid_t *group_transitions;
2183 + __u16 user_trans_num;
2184 + __u16 group_trans_num;
2185 +
2186 + __u32 sock_families[2];
2187 + __u32 ip_proto[8];
2188 + __u32 ip_type;
2189 + struct acl_ip_label **ips;
2190 + __u32 ip_num;
2191 + __u32 inaddr_any_override;
2192 +
2193 + __u32 crashes;
2194 + unsigned long expires;
2195 +
2196 + struct acl_subject_label *parent_subject;
2197 + struct gr_hash_struct *hash;
2198 + struct acl_subject_label *prev;
2199 + struct acl_subject_label *next;
2200 +
2201 + struct acl_object_label **obj_hash;
2202 + __u32 obj_hash_size;
2203 + __u16 pax_flags;
2204 +};
2205 +
2206 +struct role_allowed_ip {
2207 + __u32 addr;
2208 + __u32 netmask;
2209 +
2210 + struct role_allowed_ip *prev;
2211 + struct role_allowed_ip *next;
2212 +};
2213 +
2214 +struct role_transition {
2215 + char *rolename;
2216 +
2217 + struct role_transition *prev;
2218 + struct role_transition *next;
2219 +};
2220 +
2221 +struct acl_role_label {
2222 + char *rolename;
2223 + uid_t uidgid;
2224 + __u16 roletype;
2225 +
2226 + __u16 auth_attempts;
2227 + unsigned long expires;
2228 +
2229 + struct acl_subject_label *root_label;
2230 + struct gr_hash_struct *hash;
2231 +
2232 + struct acl_role_label *prev;
2233 + struct acl_role_label *next;
2234 +
2235 + struct role_transition *transitions;
2236 + struct role_allowed_ip *allowed_ips;
2237 + uid_t *domain_children;
2238 + __u16 domain_child_num;
2239 +
2240 + umode_t umask;
2241 +
2242 + struct acl_subject_label **subj_hash;
2243 + __u32 subj_hash_size;
2244 +};
2245 +
2246 +struct user_acl_role_db {
2247 + struct acl_role_label **r_table;
2248 + __u32 num_pointers; /* Number of allocations to track */
2249 + __u32 num_roles; /* Number of roles */
2250 + __u32 num_domain_children; /* Number of domain children */
2251 + __u32 num_subjects; /* Number of subjects */
2252 + __u32 num_objects; /* Number of objects */
2253 +};
2254 +
2255 +struct acl_object_label {
2256 + char *filename;
2257 + ino_t inode;
2258 + dev_t device;
2259 + __u32 mode;
2260 +
2261 + struct acl_subject_label *nested;
2262 + struct acl_object_label *globbed;
2263 +
2264 + /* next two structures not used */
2265 +
2266 + struct acl_object_label *prev;
2267 + struct acl_object_label *next;
2268 +};
2269 +
2270 +struct acl_ip_label {
2271 + char *iface;
2272 + __u32 addr;
2273 + __u32 netmask;
2274 + __u16 low, high;
2275 + __u8 mode;
2276 + __u32 type;
2277 + __u32 proto[8];
2278 +
2279 + /* next two structures not used */
2280 +
2281 + struct acl_ip_label *prev;
2282 + struct acl_ip_label *next;
2283 +};
2284 +
2285 +struct gr_arg {
2286 + struct user_acl_role_db role_db;
2287 + unsigned char pw[GR_PW_LEN];
2288 + unsigned char salt[GR_SALT_LEN];
2289 + unsigned char sum[GR_SHA_LEN];
2290 + unsigned char sp_role[GR_SPROLE_LEN];
2291 + struct sprole_pw *sprole_pws;
2292 + dev_t segv_device;
2293 + ino_t segv_inode;
2294 + uid_t segv_uid;
2295 + __u16 num_sprole_pws;
2296 + __u16 mode;
2297 +};
2298 +
2299 +struct gr_arg_wrapper {
2300 + struct gr_arg *arg;
2301 + __u32 version;
2302 + __u32 size;
2303 +};
2304 +
2305 +struct subject_map {
2306 + struct acl_subject_label *user;
2307 + struct acl_subject_label *kernel;
2308 + struct subject_map *prev;
2309 + struct subject_map *next;
2310 +};
2311 +
2312 +struct acl_subj_map_db {
2313 + struct subject_map **s_hash;
2314 + __u32 s_size;
2315 +};
2316 +
2317 +struct gr_policy_state {
2318 + struct sprole_pw **acl_special_roles;
2319 + __u16 num_sprole_pws;
2320 + struct acl_role_label *kernel_role;
2321 + struct acl_role_label *role_list;
2322 + struct acl_role_label *default_role;
2323 + struct acl_role_db acl_role_set;
2324 + struct acl_subj_map_db subj_map_set;
2325 + struct name_db name_set;
2326 + struct inodev_db inodev_set;
2327 +};
2328 +
2329 +struct gr_alloc_state {
2330 + unsigned long alloc_stack_next;
2331 + unsigned long alloc_stack_size;
2332 + void **alloc_stack;
2333 +};
2334 +
2335 +struct gr_reload_state {
2336 + struct gr_policy_state oldpolicy;
2337 + struct gr_alloc_state oldalloc;
2338 + struct gr_policy_state newpolicy;
2339 + struct gr_alloc_state newalloc;
2340 + struct gr_policy_state *oldpolicy_ptr;
2341 + struct gr_alloc_state *oldalloc_ptr;
2342 + unsigned char oldmode;
2343 +};
2344 +
2345 +/* End Data Structures Section */
2346 +
2347 +/* Hash functions generated by empirical testing by Brad Spengler
2348 + Makes good use of the low bits of the inode. Generally 0-1 times
2349 + in loop for successful match. 0-3 for unsuccessful match.
2350 + Shift/add algorithm with modulus of table size and an XOR*/
2351 +
2352 +static __inline__ unsigned int
2353 +gr_rhash(const uid_t uid, const __u16 type, const unsigned int sz)
2354 +{
2355 + return ((((uid + type) << (16 + type)) ^ uid) % sz);
2356 +}
2357 +
2358 + static __inline__ unsigned int
2359 +gr_shash(const struct acl_subject_label *userp, const unsigned int sz)
2360 +{
2361 + return ((const unsigned long)userp % sz);
2362 +}
2363 +
2364 +static __inline__ unsigned int
2365 +gr_fhash(const ino_t ino, const dev_t dev, const unsigned int sz)
2366 +{
2367 + return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz);
2368 +}
2369 +
2370 +static __inline__ unsigned int
2371 +gr_nhash(const char *name, const __u16 len, const unsigned int sz)
2372 +{
2373 + return full_name_hash((const unsigned char *)name, len) % sz;
2374 +}
2375 +
2376 +#define FOR_EACH_SUBJECT_START(role,subj,iter) \
2377 + subj = NULL; \
2378 + iter = 0; \
2379 + while (iter < role->subj_hash_size) { \
2380 + if (subj == NULL) \
2381 + subj = role->subj_hash[iter]; \
2382 + if (subj == NULL) { \
2383 + iter++; \
2384 + continue; \
2385 + }
2386 +
2387 +#define FOR_EACH_SUBJECT_END(subj,iter) \
2388 + subj = subj->next; \
2389 + if (subj == NULL) \
2390 + iter++; \
2391 + }
2392 +
2393 +
2394 +#define FOR_EACH_NESTED_SUBJECT_START(role,subj) \
2395 + subj = role->hash->first; \
2396 + while (subj != NULL) {
2397 +
2398 +#define FOR_EACH_NESTED_SUBJECT_END(subj) \
2399 + subj = subj->next; \
2400 + }
2401 +
2402 +#endif
2403 +
2404 diff -Naur backports-3.18.1-1.org/include/linux/gralloc.h backports-3.18.1-1/include/linux/gralloc.h
2405 --- backports-3.18.1-1.org/include/linux/gralloc.h 1970-01-01 01:00:00.000000000 +0100
2406 +++ backports-3.18.1-1/include/linux/gralloc.h 2014-12-28 14:10:09.684889542 +0100
2407 @@ -0,0 +1,9 @@
2408 +#ifndef __GRALLOC_H
2409 +#define __GRALLOC_H
2410 +
2411 +void acl_free_all(void);
2412 +int acl_alloc_stack_init(unsigned long size);
2413 +void *acl_alloc(unsigned long len);
2414 +void *acl_alloc_num(unsigned long num, unsigned long len);
2415 +
2416 +#endif
2417 diff -Naur backports-3.18.1-1.org/include/linux/grdefs.h backports-3.18.1-1/include/linux/grdefs.h
2418 --- backports-3.18.1-1.org/include/linux/grdefs.h 1970-01-01 01:00:00.000000000 +0100
2419 +++ backports-3.18.1-1/include/linux/grdefs.h 2014-12-28 14:10:09.688889562 +0100
2420 @@ -0,0 +1,140 @@
2421 +#ifndef GRDEFS_H
2422 +#define GRDEFS_H
2423 +
2424 +/* Begin grsecurity status declarations */
2425 +
2426 +enum {
2427 + GR_READY = 0x01,
2428 + GR_STATUS_INIT = 0x00 // disabled state
2429 +};
2430 +
2431 +/* Begin ACL declarations */
2432 +
2433 +/* Role flags */
2434 +
2435 +enum {
2436 + GR_ROLE_USER = 0x0001,
2437 + GR_ROLE_GROUP = 0x0002,
2438 + GR_ROLE_DEFAULT = 0x0004,
2439 + GR_ROLE_SPECIAL = 0x0008,
2440 + GR_ROLE_AUTH = 0x0010,
2441 + GR_ROLE_NOPW = 0x0020,
2442 + GR_ROLE_GOD = 0x0040,
2443 + GR_ROLE_LEARN = 0x0080,
2444 + GR_ROLE_TPE = 0x0100,
2445 + GR_ROLE_DOMAIN = 0x0200,
2446 + GR_ROLE_PAM = 0x0400,
2447 + GR_ROLE_PERSIST = 0x0800
2448 +};
2449 +
2450 +/* ACL Subject and Object mode flags */
2451 +enum {
2452 + GR_DELETED = 0x80000000
2453 +};
2454 +
2455 +/* ACL Object-only mode flags */
2456 +enum {
2457 + GR_READ = 0x00000001,
2458 + GR_APPEND = 0x00000002,
2459 + GR_WRITE = 0x00000004,
2460 + GR_EXEC = 0x00000008,
2461 + GR_FIND = 0x00000010,
2462 + GR_INHERIT = 0x00000020,
2463 + GR_SETID = 0x00000040,
2464 + GR_CREATE = 0x00000080,
2465 + GR_DELETE = 0x00000100,
2466 + GR_LINK = 0x00000200,
2467 + GR_AUDIT_READ = 0x00000400,
2468 + GR_AUDIT_APPEND = 0x00000800,
2469 + GR_AUDIT_WRITE = 0x00001000,
2470 + GR_AUDIT_EXEC = 0x00002000,
2471 + GR_AUDIT_FIND = 0x00004000,
2472 + GR_AUDIT_INHERIT= 0x00008000,
2473 + GR_AUDIT_SETID = 0x00010000,
2474 + GR_AUDIT_CREATE = 0x00020000,
2475 + GR_AUDIT_DELETE = 0x00040000,
2476 + GR_AUDIT_LINK = 0x00080000,
2477 + GR_PTRACERD = 0x00100000,
2478 + GR_NOPTRACE = 0x00200000,
2479 + GR_SUPPRESS = 0x00400000,
2480 + GR_NOLEARN = 0x00800000,
2481 + GR_INIT_TRANSFER= 0x01000000
2482 +};
2483 +
2484 +#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \
2485 + GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \
2486 + GR_AUDIT_CREATE | GR_AUDIT_DELETE | GR_AUDIT_LINK)
2487 +
2488 +/* ACL subject-only mode flags */
2489 +enum {
2490 + GR_KILL = 0x00000001,
2491 + GR_VIEW = 0x00000002,
2492 + GR_PROTECTED = 0x00000004,
2493 + GR_LEARN = 0x00000008,
2494 + GR_OVERRIDE = 0x00000010,
2495 + /* just a placeholder, this mode is only used in userspace */
2496 + GR_DUMMY = 0x00000020,
2497 + GR_PROTSHM = 0x00000040,
2498 + GR_KILLPROC = 0x00000080,
2499 + GR_KILLIPPROC = 0x00000100,
2500 + /* just a placeholder, this mode is only used in userspace */
2501 + GR_NOTROJAN = 0x00000200,
2502 + GR_PROTPROCFD = 0x00000400,
2503 + GR_PROCACCT = 0x00000800,
2504 + GR_RELAXPTRACE = 0x00001000,
2505 + //GR_NESTED = 0x00002000,
2506 + GR_INHERITLEARN = 0x00004000,
2507 + GR_PROCFIND = 0x00008000,
2508 + GR_POVERRIDE = 0x00010000,
2509 + GR_KERNELAUTH = 0x00020000,
2510 + GR_ATSECURE = 0x00040000,
2511 + GR_SHMEXEC = 0x00080000
2512 +};
2513 +
2514 +enum {
2515 + GR_PAX_ENABLE_SEGMEXEC = 0x0001,
2516 + GR_PAX_ENABLE_PAGEEXEC = 0x0002,
2517 + GR_PAX_ENABLE_MPROTECT = 0x0004,
2518 + GR_PAX_ENABLE_RANDMMAP = 0x0008,
2519 + GR_PAX_ENABLE_EMUTRAMP = 0x0010,
2520 + GR_PAX_DISABLE_SEGMEXEC = 0x0100,
2521 + GR_PAX_DISABLE_PAGEEXEC = 0x0200,
2522 + GR_PAX_DISABLE_MPROTECT = 0x0400,
2523 + GR_PAX_DISABLE_RANDMMAP = 0x0800,
2524 + GR_PAX_DISABLE_EMUTRAMP = 0x1000,
2525 +};
2526 +
2527 +enum {
2528 + GR_ID_USER = 0x01,
2529 + GR_ID_GROUP = 0x02,
2530 +};
2531 +
2532 +enum {
2533 + GR_ID_ALLOW = 0x01,
2534 + GR_ID_DENY = 0x02,
2535 +};
2536 +
2537 +#define GR_CRASH_RES 31
2538 +#define GR_UIDTABLE_MAX 500
2539 +
2540 +/* begin resource learning section */
2541 +enum {
2542 + GR_RLIM_CPU_BUMP = 60,
2543 + GR_RLIM_FSIZE_BUMP = 50000,
2544 + GR_RLIM_DATA_BUMP = 10000,
2545 + GR_RLIM_STACK_BUMP = 1000,
2546 + GR_RLIM_CORE_BUMP = 10000,
2547 + GR_RLIM_RSS_BUMP = 500000,
2548 + GR_RLIM_NPROC_BUMP = 1,
2549 + GR_RLIM_NOFILE_BUMP = 5,
2550 + GR_RLIM_MEMLOCK_BUMP = 50000,
2551 + GR_RLIM_AS_BUMP = 500000,
2552 + GR_RLIM_LOCKS_BUMP = 2,
2553 + GR_RLIM_SIGPENDING_BUMP = 5,
2554 + GR_RLIM_MSGQUEUE_BUMP = 10000,
2555 + GR_RLIM_NICE_BUMP = 1,
2556 + GR_RLIM_RTPRIO_BUMP = 1,
2557 + GR_RLIM_RTTIME_BUMP = 1000000
2558 +};
2559 +
2560 +#endif
2561 diff -Naur backports-3.18.1-1.org/include/linux/grinternal.h backports-3.18.1-1/include/linux/grinternal.h
2562 --- backports-3.18.1-1.org/include/linux/grinternal.h 1970-01-01 01:00:00.000000000 +0100
2563 +++ backports-3.18.1-1/include/linux/grinternal.h 2014-12-28 14:10:09.688889562 +0100
2564 @@ -0,0 +1,229 @@
2565 +#ifndef __GRINTERNAL_H
2566 +#define __GRINTERNAL_H
2567 +
2568 +#ifdef CONFIG_GRKERNSEC
2569 +
2570 +#include <linux/fs.h>
2571 +#include <linux/mnt_namespace.h>
2572 +#include <linux/nsproxy.h>
2573 +#include <linux/gracl.h>
2574 +#include <linux/grdefs.h>
2575 +#include <linux/grmsg.h>
2576 +
2577 +void gr_add_learn_entry(const char *fmt, ...)
2578 + __attribute__ ((format (printf, 1, 2)));
2579 +__u32 gr_search_file(const struct dentry *dentry, const __u32 mode,
2580 + const struct vfsmount *mnt);
2581 +__u32 gr_check_create(const struct dentry *new_dentry,
2582 + const struct dentry *parent,
2583 + const struct vfsmount *mnt, const __u32 mode);
2584 +int gr_check_protected_task(const struct task_struct *task);
2585 +__u32 to_gr_audit(const __u32 reqmode);
2586 +int gr_set_acls(const int type);
2587 +int gr_acl_is_enabled(void);
2588 +char gr_roletype_to_char(void);
2589 +
2590 +void gr_handle_alertkill(struct task_struct *task);
2591 +char *gr_to_filename(const struct dentry *dentry,
2592 + const struct vfsmount *mnt);
2593 +char *gr_to_filename1(const struct dentry *dentry,
2594 + const struct vfsmount *mnt);
2595 +char *gr_to_filename2(const struct dentry *dentry,
2596 + const struct vfsmount *mnt);
2597 +char *gr_to_filename3(const struct dentry *dentry,
2598 + const struct vfsmount *mnt);
2599 +
2600 +extern int grsec_enable_ptrace_readexec;
2601 +extern int grsec_enable_harden_ptrace;
2602 +extern int grsec_enable_link;
2603 +extern int grsec_enable_fifo;
2604 +extern int grsec_enable_execve;
2605 +extern int grsec_enable_shm;
2606 +extern int grsec_enable_execlog;
2607 +extern int grsec_enable_signal;
2608 +extern int grsec_enable_audit_ptrace;
2609 +extern int grsec_enable_forkfail;
2610 +extern int grsec_enable_time;
2611 +extern int grsec_enable_rofs;
2612 +extern int grsec_deny_new_usb;
2613 +extern int grsec_enable_chroot_shmat;
2614 +extern int grsec_enable_chroot_mount;
2615 +extern int grsec_enable_chroot_double;
2616 +extern int grsec_enable_chroot_pivot;
2617 +extern int grsec_enable_chroot_chdir;
2618 +extern int grsec_enable_chroot_chmod;
2619 +extern int grsec_enable_chroot_mknod;
2620 +extern int grsec_enable_chroot_fchdir;
2621 +extern int grsec_enable_chroot_nice;
2622 +extern int grsec_enable_chroot_execlog;
2623 +extern int grsec_enable_chroot_caps;
2624 +extern int grsec_enable_chroot_sysctl;
2625 +extern int grsec_enable_chroot_unix;
2626 +extern int grsec_enable_symlinkown;
2627 +extern kgid_t grsec_symlinkown_gid;
2628 +extern int grsec_enable_tpe;
2629 +extern kgid_t grsec_tpe_gid;
2630 +extern int grsec_enable_tpe_all;
2631 +extern int grsec_enable_tpe_invert;
2632 +extern int grsec_enable_socket_all;
2633 +extern kgid_t grsec_socket_all_gid;
2634 +extern int grsec_enable_socket_client;
2635 +extern kgid_t grsec_socket_client_gid;
2636 +extern int grsec_enable_socket_server;
2637 +extern kgid_t grsec_socket_server_gid;
2638 +extern kgid_t grsec_audit_gid;
2639 +extern int grsec_enable_group;
2640 +extern int grsec_enable_log_rwxmaps;
2641 +extern int grsec_enable_mount;
2642 +extern int grsec_enable_chdir;
2643 +extern int grsec_resource_logging;
2644 +extern int grsec_enable_blackhole;
2645 +extern int grsec_lastack_retries;
2646 +extern int grsec_enable_brute;
2647 +extern int grsec_enable_harden_ipc;
2648 +extern int grsec_lock;
2649 +
2650 +extern spinlock_t grsec_alert_lock;
2651 +extern unsigned long grsec_alert_wtime;
2652 +extern unsigned long grsec_alert_fyet;
2653 +
2654 +extern spinlock_t grsec_audit_lock;
2655 +
2656 +extern rwlock_t grsec_exec_file_lock;
2657 +
2658 +#define gr_task_fullpath(tsk) ((tsk)->exec_file ? \
2659 + gr_to_filename2((tsk)->exec_file->f_path.dentry, \
2660 + (tsk)->exec_file->f_path.mnt) : "/")
2661 +
2662 +#define gr_parent_task_fullpath(tsk) ((tsk)->real_parent->exec_file ? \
2663 + gr_to_filename3((tsk)->real_parent->exec_file->f_path.dentry, \
2664 + (tsk)->real_parent->exec_file->f_path.mnt) : "/")
2665 +
2666 +#define gr_task_fullpath0(tsk) ((tsk)->exec_file ? \
2667 + gr_to_filename((tsk)->exec_file->f_path.dentry, \
2668 + (tsk)->exec_file->f_path.mnt) : "/")
2669 +
2670 +#define gr_parent_task_fullpath0(tsk) ((tsk)->real_parent->exec_file ? \
2671 + gr_to_filename1((tsk)->real_parent->exec_file->f_path.dentry, \
2672 + (tsk)->real_parent->exec_file->f_path.mnt) : "/")
2673 +
2674 +#define proc_is_chrooted(tsk_a) ((tsk_a)->gr_is_chrooted)
2675 +
2676 +#define have_same_root(tsk_a,tsk_b) ((tsk_a)->gr_chroot_dentry == (tsk_b)->gr_chroot_dentry)
2677 +
2678 +static inline bool gr_is_same_file(const struct file *file1, const struct file *file2)
2679 +{
2680 + if (file1 && file2) {
2681 + const struct inode *inode1 = file1->f_path.dentry->d_inode;
2682 + const struct inode *inode2 = file2->f_path.dentry->d_inode;
2683 + if (inode1->i_ino == inode2->i_ino && inode1->i_sb->s_dev == inode2->i_sb->s_dev)
2684 + return true;
2685 + }
2686 +
2687 + return false;
2688 +}
2689 +
2690 +#define GR_CHROOT_CAPS {{ \
2691 + CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \
2692 + CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \
2693 + CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
2694 + CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
2695 + CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
2696 + CAP_TO_MASK(CAP_IPC_OWNER) | CAP_TO_MASK(CAP_SETFCAP), \
2697 + CAP_TO_MASK(CAP_SYSLOG) | CAP_TO_MASK(CAP_MAC_ADMIN) }}
2698 +
2699 +#define security_learn(normal_msg,args...) \
2700 +({ \
2701 + read_lock(&grsec_exec_file_lock); \
2702 + gr_add_learn_entry(normal_msg "\n", ## args); \
2703 + read_unlock(&grsec_exec_file_lock); \
2704 +})
2705 +
2706 +enum {
2707 + GR_DO_AUDIT,
2708 + GR_DONT_AUDIT,
2709 + /* used for non-audit messages that we shouldn't kill the task on */
2710 + GR_DONT_AUDIT_GOOD
2711 +};
2712 +
2713 +enum {
2714 + GR_TTYSNIFF,
2715 + GR_RBAC,
2716 + GR_RBAC_STR,
2717 + GR_STR_RBAC,
2718 + GR_RBAC_MODE2,
2719 + GR_RBAC_MODE3,
2720 + GR_FILENAME,
2721 + GR_SYSCTL_HIDDEN,
2722 + GR_NOARGS,
2723 + GR_ONE_INT,
2724 + GR_ONE_INT_TWO_STR,
2725 + GR_ONE_STR,
2726 + GR_STR_INT,
2727 + GR_TWO_STR_INT,
2728 + GR_TWO_INT,
2729 + GR_TWO_U64,
2730 + GR_THREE_INT,
2731 + GR_FIVE_INT_TWO_STR,
2732 + GR_TWO_STR,
2733 + GR_THREE_STR,
2734 + GR_FOUR_STR,
2735 + GR_STR_FILENAME,
2736 + GR_FILENAME_STR,
2737 + GR_FILENAME_TWO_INT,
2738 + GR_FILENAME_TWO_INT_STR,
2739 + GR_TEXTREL,
2740 + GR_PTRACE,
2741 + GR_RESOURCE,
2742 + GR_CAP,
2743 + GR_SIG,
2744 + GR_SIG2,
2745 + GR_CRASH1,
2746 + GR_CRASH2,
2747 + GR_PSACCT,
2748 + GR_RWXMAP,
2749 + GR_RWXMAPVMA
2750 +};
2751 +
2752 +#define gr_log_hidden_sysctl(audit, msg, str) gr_log_varargs(audit, msg, GR_SYSCTL_HIDDEN, str)
2753 +#define gr_log_ttysniff(audit, msg, task) gr_log_varargs(audit, msg, GR_TTYSNIFF, task)
2754 +#define gr_log_fs_rbac_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_RBAC, dentry, mnt)
2755 +#define gr_log_fs_rbac_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_RBAC_STR, dentry, mnt, str)
2756 +#define gr_log_fs_str_rbac(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_RBAC, str, dentry, mnt)
2757 +#define gr_log_fs_rbac_mode2(audit, msg, dentry, mnt, str1, str2) gr_log_varargs(audit, msg, GR_RBAC_MODE2, dentry, mnt, str1, str2)
2758 +#define gr_log_fs_rbac_mode3(audit, msg, dentry, mnt, str1, str2, str3) gr_log_varargs(audit, msg, GR_RBAC_MODE3, dentry, mnt, str1, str2, str3)
2759 +#define gr_log_fs_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_FILENAME, dentry, mnt)
2760 +#define gr_log_noargs(audit, msg) gr_log_varargs(audit, msg, GR_NOARGS)
2761 +#define gr_log_int(audit, msg, num) gr_log_varargs(audit, msg, GR_ONE_INT, num)
2762 +#define gr_log_int_str2(audit, msg, num, str1, str2) gr_log_varargs(audit, msg, GR_ONE_INT_TWO_STR, num, str1, str2)
2763 +#define gr_log_str(audit, msg, str) gr_log_varargs(audit, msg, GR_ONE_STR, str)
2764 +#define gr_log_str_int(audit, msg, str, num) gr_log_varargs(audit, msg, GR_STR_INT, str, num)
2765 +#define gr_log_int_int(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_INT, num1, num2)
2766 +#define gr_log_two_u64(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_U64, num1, num2)
2767 +#define gr_log_int3(audit, msg, num1, num2, num3) gr_log_varargs(audit, msg, GR_THREE_INT, num1, num2, num3)
2768 +#define gr_log_int5_str2(audit, msg, num1, num2, str1, str2) gr_log_varargs(audit, msg, GR_FIVE_INT_TWO_STR, num1, num2, str1, str2)
2769 +#define gr_log_str_str(audit, msg, str1, str2) gr_log_varargs(audit, msg, GR_TWO_STR, str1, str2)
2770 +#define gr_log_str2_int(audit, msg, str1, str2, num) gr_log_varargs(audit, msg, GR_TWO_STR_INT, str1, str2, num)
2771 +#define gr_log_str3(audit, msg, str1, str2, str3) gr_log_varargs(audit, msg, GR_THREE_STR, str1, str2, str3)
2772 +#define gr_log_str4(audit, msg, str1, str2, str3, str4) gr_log_varargs(audit, msg, GR_FOUR_STR, str1, str2, str3, str4)
2773 +#define gr_log_str_fs(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_FILENAME, str, dentry, mnt)
2774 +#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str)
2775 +#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2)
2776 +#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str)
2777 +#define gr_log_textrel_ulong_ulong(audit, msg, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, file, ulong1, ulong2)
2778 +#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task)
2779 +#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2)
2780 +#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str)
2781 +#define gr_log_sig_addr(audit, msg, str, addr) gr_log_varargs(audit, msg, GR_SIG, str, addr)
2782 +#define gr_log_sig_task(audit, msg, task, num) gr_log_varargs(audit, msg, GR_SIG2, task, num)
2783 +#define gr_log_crash1(audit, msg, task, ulong) gr_log_varargs(audit, msg, GR_CRASH1, task, ulong)
2784 +#define gr_log_crash2(audit, msg, task, ulong1) gr_log_varargs(audit, msg, GR_CRASH2, task, ulong1)
2785 +#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9)
2786 +#define gr_log_rwxmap(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAP, str)
2787 +#define gr_log_rwxmap_vma(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAPVMA, str)
2788 +
2789 +void gr_log_varargs(int audit, const char *msg, int argtypes, ...);
2790 +
2791 +#endif
2792 +
2793 +#endif
2794 diff -Naur backports-3.18.1-1.org/include/linux/grmsg.h backports-3.18.1-1/include/linux/grmsg.h
2795 --- backports-3.18.1-1.org/include/linux/grmsg.h 1970-01-01 01:00:00.000000000 +0100
2796 +++ backports-3.18.1-1/include/linux/grmsg.h 2014-12-28 14:10:09.688889562 +0100
2797 @@ -0,0 +1,117 @@
2798 +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
2799 +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
2800 +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
2801 +#define GR_STOPMOD_MSG "denied modification of module state by "
2802 +#define GR_ROFS_BLOCKWRITE_MSG "denied write to block device %.950s by "
2803 +#define GR_ROFS_MOUNT_MSG "denied writable mount of %.950s by "
2804 +#define GR_IOPERM_MSG "denied use of ioperm() by "
2805 +#define GR_IOPL_MSG "denied use of iopl() by "
2806 +#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by "
2807 +#define GR_UNIX_CHROOT_MSG "denied connect() to abstract AF_UNIX socket outside of chroot by "
2808 +#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by "
2809 +#define GR_MEM_READWRITE_MSG "denied access of range %Lx -> %Lx in /dev/mem by "
2810 +#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by "
2811 +#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%pI4"
2812 +#define GR_ID_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%c\t%d\t%d\t%d\t%pI4"
2813 +#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by "
2814 +#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by "
2815 +#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by "
2816 +#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by "
2817 +#define GR_MKNOD_CHROOT_MSG "denied mknod of %.950s from chroot by "
2818 +#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by "
2819 +#define GR_UNIXCONNECT_ACL_MSG "%s connect() to the unix domain socket %.950s by "
2820 +#define GR_TTYSNIFF_ACL_MSG "terminal being sniffed by IP:%pI4 %.480s[%.16s:%d], parent %.480s[%.16s:%d] against "
2821 +#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by "
2822 +#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by "
2823 +#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by "
2824 +#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by "
2825 +#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for "
2826 +#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by "
2827 +#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by "
2828 +#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by "
2829 +#define GR_UNSAFESHARE_EXEC_ACL_MSG "denied exec with cloned fs of %.950s by "
2830 +#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by "
2831 +#define GR_EXEC_ACL_MSG "%s execution of %.950s by "
2832 +#define GR_EXEC_TPE_MSG "denied untrusted exec (due to %.70s) of %.950s by "
2833 +#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds"
2834 +#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution for %lu seconds"
2835 +#define GR_MOUNT_CHROOT_MSG "denied mount of %.256s as %.930s from chroot by "
2836 +#define GR_PIVOT_CHROOT_MSG "denied pivot_root from chroot by "
2837 +#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by "
2838 +#define GR_ATIME_ACL_MSG "%s access time change of %.950s by "
2839 +#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by "
2840 +#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by "
2841 +#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by "
2842 +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
2843 +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
2844 +#define GR_CHROOT_FHANDLE_MSG "denied use of file handles inside chroot by "
2845 +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by "
2846 +#define GR_SETXATTR_ACL_MSG "%s setting extended attribute of %.950s by "
2847 +#define GR_REMOVEXATTR_ACL_MSG "%s removing extended attribute of %.950s by "
2848 +#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by "
2849 +#define GR_INITF_ACL_MSG "init_variables() failed %s by "
2850 +#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader"
2851 +#define GR_DEV_ACL_MSG "/dev/grsec: %d bytes sent %d required, being fed garbage by "
2852 +#define GR_SHUTS_ACL_MSG "shutdown auth success for "
2853 +#define GR_SHUTF_ACL_MSG "shutdown auth failure for "
2854 +#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for "
2855 +#define GR_SEGVMODS_ACL_MSG "segvmod auth success for "
2856 +#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for "
2857 +#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for "
2858 +#define GR_ENABLE_ACL_MSG "%s RBAC system loaded by "
2859 +#define GR_ENABLEF_ACL_MSG "unable to load %s for "
2860 +#define GR_RELOADI_ACL_MSG "ignoring reload request for disabled RBAC system"
2861 +#define GR_RELOAD_ACL_MSG "%s RBAC system reloaded by "
2862 +#define GR_RELOADF_ACL_MSG "failed reload of %s for "
2863 +#define GR_SPROLEI_ACL_MSG "ignoring change to special role for disabled RBAC system for "
2864 +#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by "
2865 +#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by "
2866 +#define GR_SPROLEF_ACL_MSG "special role %s failure for "
2867 +#define GR_UNSPROLEI_ACL_MSG "ignoring unauth of special role for disabled RBAC system for "
2868 +#define GR_UNSPROLES_ACL_MSG "successful unauth of special role %s (id %d) by "
2869 +#define GR_INVMODE_ACL_MSG "invalid mode %d by "
2870 +#define GR_PRIORITY_CHROOT_MSG "denied priority change of process (%.16s:%d) by "
2871 +#define GR_FAILFORK_MSG "failed fork with errno %s by "
2872 +#define GR_NICE_CHROOT_MSG "denied priority change by "
2873 +#define GR_UNISIGLOG_MSG "%.32s occurred at %p in "
2874 +#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by "
2875 +#define GR_SIG_ACL_MSG "denied send of signal %d to protected task " DEFAULTSECMSG " by "
2876 +#define GR_SYSCTL_MSG "denied modification of grsecurity sysctl value : %.32s by "
2877 +#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by "
2878 +#define GR_TIME_MSG "time set by "
2879 +#define GR_DEFACL_MSG "fatal: unable to find subject for (%.16s:%d), loaded by "
2880 +#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by "
2881 +#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by "
2882 +#define GR_SOCK_MSG "denied socket(%.16s,%.16s,%.16s) by "
2883 +#define GR_SOCK_NOINET_MSG "denied socket(%.16s,%.16s,%d) by "
2884 +#define GR_BIND_MSG "denied bind() by "
2885 +#define GR_CONNECT_MSG "denied connect() by "
2886 +#define GR_BIND_ACL_MSG "denied bind() to %pI4 port %u sock type %.16s protocol %.16s by "
2887 +#define GR_CONNECT_ACL_MSG "denied connect() to %pI4 port %u sock type %.16s protocol %.16s by "
2888 +#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4"
2889 +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process "
2890 +#define GR_CAP_ACL_MSG "use of %s denied for "
2891 +#define GR_CAP_CHROOT_MSG "use of %s in chroot denied for "
2892 +#define GR_CAP_ACL_MSG2 "use of %s permitted for "
2893 +#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for "
2894 +#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for "
2895 +#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by "
2896 +#define GR_UNMOUNT_AUDIT_MSG "unmount of %.256s by "
2897 +#define GR_MOUNT_AUDIT_MSG "mount of %.256s to %.256s by "
2898 +#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by "
2899 +#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.128s) by "
2900 +#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for "
2901 +#define GR_RWXMMAP_MSG "denied RWX mmap of %.950s by "
2902 +#define GR_RWXMPROTECT_MSG "denied RWX mprotect of %.950s by "
2903 +#define GR_TEXTREL_AUDIT_MSG "denied text relocation in %.950s, VMA:0x%08lx 0x%08lx by "
2904 +#define GR_PTGNUSTACK_MSG "denied marking stack executable as requested by PT_GNU_STACK marking in %.950s by "
2905 +#define GR_VM86_MSG "denied use of vm86 by "
2906 +#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by "
2907 +#define GR_PTRACE_READEXEC_MSG "denied ptrace of unreadable binary %.950s by "
2908 +#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by "
2909 +#define GR_BADPROCPID_MSG "denied read of sensitive /proc/pid/%s entry via fd passed across exec by "
2910 +#define GR_SYMLINKOWNER_MSG "denied following symlink %.950s since symlink owner %u does not match target owner %u, by "
2911 +#define GR_BRUTE_DAEMON_MSG "bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for "
2912 +#define GR_BRUTE_SUID_MSG "bruteforce prevention initiated due to crash of %.950s against uid %u, banning suid/sgid execs for %u minutes. Please investigate the crash report for "
2913 +#define GR_IPC_DENIED_MSG "denied %s of overly-permissive IPC object with creator uid %u by "
2914 +#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
2915 diff -Naur backports-3.18.1-1.org/include/linux/grsecurity.h backports-3.18.1-1/include/linux/grsecurity.h
2916 --- backports-3.18.1-1.org/include/linux/grsecurity.h 1970-01-01 01:00:00.000000000 +0100
2917 +++ backports-3.18.1-1/include/linux/grsecurity.h 2014-12-28 14:10:09.688889562 +0100
2918 @@ -0,0 +1,254 @@
2919 +#ifndef GR_SECURITY_H
2920 +#define GR_SECURITY_H
2921 +#include <linux/fs.h>
2922 +#include <linux/fs_struct.h>
2923 +#include <linux/binfmts.h>
2924 +#include <linux/gracl.h>
2925 +
2926 +/* notify of brain-dead configs */
2927 +#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
2928 +#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled."
2929 +#endif
2930 +#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
2931 +#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled"
2932 +#endif
2933 +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
2934 +#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
2935 +#endif
2936 +#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP)
2937 +#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled."
2938 +#endif
2939 +#if defined(CONFIG_PAX) && !defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_ASLR)
2940 +#error "CONFIG_PAX enabled, but no PaX options are enabled."
2941 +#endif
2942 +
2943 +int gr_handle_new_usb(void);
2944 +
2945 +void gr_handle_brute_attach(int dumpable);
2946 +void gr_handle_brute_check(void);
2947 +void gr_handle_kernel_exploit(void);
2948 +
2949 +char gr_roletype_to_char(void);
2950 +
2951 +int gr_proc_is_restricted(void);
2952 +
2953 +int gr_acl_enable_at_secure(void);
2954 +
2955 +int gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs);
2956 +int gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs);
2957 +
2958 +int gr_learn_cap(const struct task_struct *task, const struct cred *cred, const int cap);
2959 +
2960 +void gr_del_task_from_ip_table(struct task_struct *p);
2961 +
2962 +int gr_pid_is_chrooted(struct task_struct *p);
2963 +int gr_handle_chroot_fowner(struct pid *pid, enum pid_type type);
2964 +int gr_handle_chroot_nice(void);
2965 +int gr_handle_chroot_sysctl(const int op);
2966 +int gr_handle_chroot_setpriority(struct task_struct *p,
2967 + const int niceval);
2968 +int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
2969 +int gr_chroot_fhandle(void);
2970 +int gr_handle_chroot_chroot(const struct dentry *dentry,
2971 + const struct vfsmount *mnt);
2972 +void gr_handle_chroot_chdir(const struct path *path);
2973 +int gr_handle_chroot_chmod(const struct dentry *dentry,
2974 + const struct vfsmount *mnt, const int mode);
2975 +int gr_handle_chroot_mknod(const struct dentry *dentry,
2976 + const struct vfsmount *mnt, const int mode);
2977 +int gr_handle_chroot_mount(const struct dentry *dentry,
2978 + const struct vfsmount *mnt,
2979 + const char *dev_name);
2980 +int gr_handle_chroot_pivot(void);
2981 +int gr_handle_chroot_unix(const pid_t pid);
2982 +
2983 +int gr_handle_rawio(const struct inode *inode);
2984 +
2985 +void gr_handle_ioperm(void);
2986 +void gr_handle_iopl(void);
2987 +void gr_handle_msr_write(void);
2988 +
2989 +umode_t gr_acl_umask(void);
2990 +
2991 +int gr_tpe_allow(const struct file *file);
2992 +
2993 +void gr_set_chroot_entries(struct task_struct *task, const struct path *path);
2994 +void gr_clear_chroot_entries(struct task_struct *task);
2995 +
2996 +void gr_log_forkfail(const int retval);
2997 +void gr_log_timechange(void);
2998 +void gr_log_signal(const int sig, const void *addr, const struct task_struct *t);
2999 +void gr_log_chdir(const struct dentry *dentry,
3000 + const struct vfsmount *mnt);
3001 +void gr_log_chroot_exec(const struct dentry *dentry,
3002 + const struct vfsmount *mnt);
3003 +void gr_log_remount(const char *devname, const int retval);
3004 +void gr_log_unmount(const char *devname, const int retval);
3005 +void gr_log_mount(const char *from, const char *to, const int retval);
3006 +void gr_log_textrel(struct vm_area_struct *vma);
3007 +void gr_log_ptgnustack(struct file *file);
3008 +void gr_log_rwxmmap(struct file *file);
3009 +void gr_log_rwxmprotect(struct vm_area_struct *vma);
3010 +
3011 +int gr_handle_follow_link(const struct inode *parent,
3012 + const struct inode *inode,
3013 + const struct dentry *dentry,
3014 + const struct vfsmount *mnt);
3015 +int gr_handle_fifo(const struct dentry *dentry,
3016 + const struct vfsmount *mnt,
3017 + const struct dentry *dir, const int flag,
3018 + const int acc_mode);
3019 +int gr_handle_hardlink(const struct dentry *dentry,
3020 + const struct vfsmount *mnt,
3021 + struct inode *inode,
3022 + const int mode, const struct filename *to);
3023 +
3024 +int gr_is_capable(const int cap);
3025 +int gr_is_capable_nolog(const int cap);
3026 +int gr_task_is_capable(const struct task_struct *task, const struct cred *cred, const int cap);
3027 +int gr_task_is_capable_nolog(const struct task_struct *task, const int cap);
3028 +
3029 +void gr_copy_label(struct task_struct *tsk);
3030 +void gr_handle_crash(struct task_struct *task, const int sig);
3031 +int gr_handle_signal(const struct task_struct *p, const int sig);
3032 +int gr_check_crash_uid(const kuid_t uid);
3033 +int gr_check_protected_task(const struct task_struct *task);
3034 +int gr_check_protected_task_fowner(struct pid *pid, enum pid_type type);
3035 +int gr_acl_handle_mmap(const struct file *file,
3036 + const unsigned long prot);
3037 +int gr_acl_handle_mprotect(const struct file *file,
3038 + const unsigned long prot);
3039 +int gr_check_hidden_task(const struct task_struct *tsk);
3040 +__u32 gr_acl_handle_truncate(const struct dentry *dentry,
3041 + const struct vfsmount *mnt);
3042 +__u32 gr_acl_handle_utime(const struct dentry *dentry,
3043 + const struct vfsmount *mnt);
3044 +__u32 gr_acl_handle_access(const struct dentry *dentry,
3045 + const struct vfsmount *mnt, const int fmode);
3046 +__u32 gr_acl_handle_chmod(const struct dentry *dentry,
3047 + const struct vfsmount *mnt, umode_t *mode);
3048 +__u32 gr_acl_handle_chown(const struct dentry *dentry,
3049 + const struct vfsmount *mnt);
3050 +__u32 gr_acl_handle_setxattr(const struct dentry *dentry,
3051 + const struct vfsmount *mnt);
3052 +__u32 gr_acl_handle_removexattr(const struct dentry *dentry,
3053 + const struct vfsmount *mnt);
3054 +int gr_handle_ptrace(struct task_struct *task, const long request);
3055 +int gr_handle_proc_ptrace(struct task_struct *task);
3056 +__u32 gr_acl_handle_execve(const struct dentry *dentry,
3057 + const struct vfsmount *mnt);
3058 +int gr_check_crash_exec(const struct file *filp);
3059 +int gr_acl_is_enabled(void);
3060 +void gr_set_role_label(struct task_struct *task, const kuid_t uid,
3061 + const kgid_t gid);
3062 +int gr_set_proc_label(const struct dentry *dentry,
3063 + const struct vfsmount *mnt,
3064 + const int unsafe_flags);
3065 +__u32 gr_acl_handle_hidden_file(const struct dentry *dentry,
3066 + const struct vfsmount *mnt);
3067 +__u32 gr_acl_handle_open(const struct dentry *dentry,
3068 + const struct vfsmount *mnt, int acc_mode);
3069 +__u32 gr_acl_handle_creat(const struct dentry *dentry,
3070 + const struct dentry *p_dentry,
3071 + const struct vfsmount *p_mnt,
3072 + int open_flags, int acc_mode, const int imode);
3073 +void gr_handle_create(const struct dentry *dentry,
3074 + const struct vfsmount *mnt);
3075 +void gr_handle_proc_create(const struct dentry *dentry,
3076 + const struct inode *inode);
3077 +__u32 gr_acl_handle_mknod(const struct dentry *new_dentry,
3078 + const struct dentry *parent_dentry,
3079 + const struct vfsmount *parent_mnt,
3080 + const int mode);
3081 +__u32 gr_acl_handle_mkdir(const struct dentry *new_dentry,
3082 + const struct dentry *parent_dentry,
3083 + const struct vfsmount *parent_mnt);
3084 +__u32 gr_acl_handle_rmdir(const struct dentry *dentry,
3085 + const struct vfsmount *mnt);
3086 +void gr_handle_delete(const ino_t ino, const dev_t dev);
3087 +__u32 gr_acl_handle_unlink(const struct dentry *dentry,
3088 + const struct vfsmount *mnt);
3089 +__u32 gr_acl_handle_symlink(const struct dentry *new_dentry,
3090 + const struct dentry *parent_dentry,
3091 + const struct vfsmount *parent_mnt,
3092 + const struct filename *from);
3093 +__u32 gr_acl_handle_link(const struct dentry *new_dentry,
3094 + const struct dentry *parent_dentry,
3095 + const struct vfsmount *parent_mnt,
3096 + const struct dentry *old_dentry,
3097 + const struct vfsmount *old_mnt, const struct filename *to);
3098 +int gr_handle_symlink_owner(const struct path *link, const struct inode *target);
3099 +int gr_acl_handle_rename(struct dentry *new_dentry,
3100 + struct dentry *parent_dentry,
3101 + const struct vfsmount *parent_mnt,
3102 + struct dentry *old_dentry,
3103 + struct inode *old_parent_inode,
3104 + struct vfsmount *old_mnt, const struct filename *newname, unsigned int flags);
3105 +void gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
3106 + struct dentry *old_dentry,
3107 + struct dentry *new_dentry,
3108 + struct vfsmount *mnt, const __u8 replace, unsigned int flags);
3109 +__u32 gr_check_link(const struct dentry *new_dentry,
3110 + const struct dentry *parent_dentry,
3111 + const struct vfsmount *parent_mnt,
3112 + const struct dentry *old_dentry,
3113 + const struct vfsmount *old_mnt);
3114 +int gr_acl_handle_filldir(const struct file *file, const char *name,
3115 + const unsigned int namelen, const ino_t ino);
3116 +
3117 +__u32 gr_acl_handle_unix(const struct dentry *dentry,
3118 + const struct vfsmount *mnt);
3119 +void gr_acl_handle_exit(void);
3120 +void gr_acl_handle_psacct(struct task_struct *task, const long code);
3121 +int gr_acl_handle_procpidmem(const struct task_struct *task);
3122 +int gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags);
3123 +int gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode);
3124 +void gr_audit_ptrace(struct task_struct *task);
3125 +dev_t gr_get_dev_from_dentry(struct dentry *dentry);
3126 +void gr_put_exec_file(struct task_struct *task);
3127 +
3128 +int gr_ptrace_readexec(struct file *file, int unsafe_flags);
3129 +
3130 +#if defined(CONFIG_GRKERNSEC) && (defined(CONFIG_GRKERNSEC_RESLOG) || !defined(CONFIG_GRKERNSEC_NO_RBAC))
3131 +extern void gr_learn_resource(const struct task_struct *task, const int res,
3132 + const unsigned long wanted, const int gt);
3133 +#else
3134 +static inline void gr_learn_resource(const struct task_struct *task, const int res,
3135 + const unsigned long wanted, const int gt)
3136 +{
3137 +}
3138 +#endif
3139 +
3140 +#ifdef CONFIG_GRKERNSEC_RESLOG
3141 +extern void gr_log_resource(const struct task_struct *task, const int res,
3142 + const unsigned long wanted, const int gt);
3143 +#else
3144 +static inline void gr_log_resource(const struct task_struct *task, const int res,
3145 + const unsigned long wanted, const int gt)
3146 +{
3147 +}
3148 +#endif
3149 +
3150 +#ifdef CONFIG_GRKERNSEC
3151 +void task_grsec_rbac(struct seq_file *m, struct task_struct *p);
3152 +void gr_handle_vm86(void);
3153 +void gr_handle_mem_readwrite(u64 from, u64 to);
3154 +
3155 +void gr_log_badprocpid(const char *entry);
3156 +
3157 +extern int grsec_enable_dmesg;
3158 +extern int grsec_disable_privio;
3159 +
3160 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
3161 +extern kgid_t grsec_proc_gid;
3162 +#endif
3163 +
3164 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
3165 +extern int grsec_enable_chroot_findtask;
3166 +#endif
3167 +#ifdef CONFIG_GRKERNSEC_SETXID
3168 +extern int grsec_enable_setxid;
3169 +#endif
3170 +#endif
3171 +
3172 +#endif
3173 diff -Naur backports-3.18.1-1.org/include/linux/grsock.h backports-3.18.1-1/include/linux/grsock.h
3174 --- backports-3.18.1-1.org/include/linux/grsock.h 1970-01-01 01:00:00.000000000 +0100
3175 +++ backports-3.18.1-1/include/linux/grsock.h 2014-12-28 14:10:09.688889562 +0100
3176 @@ -0,0 +1,19 @@
3177 +#ifndef __GRSOCK_H
3178 +#define __GRSOCK_H
3179 +
3180 +extern void gr_attach_curr_ip(const struct sock *sk);
3181 +extern int gr_handle_sock_all(const int family, const int type,
3182 + const int protocol);
3183 +extern int gr_handle_sock_server(const struct sockaddr *sck);
3184 +extern int gr_handle_sock_server_other(const struct sock *sck);
3185 +extern int gr_handle_sock_client(const struct sockaddr *sck);
3186 +extern int gr_search_connect(struct socket * sock,
3187 + struct sockaddr_in * addr);
3188 +extern int gr_search_bind(struct socket * sock,
3189 + struct sockaddr_in * addr);
3190 +extern int gr_search_listen(struct socket * sock);
3191 +extern int gr_search_accept(struct socket * sock);
3192 +extern int gr_search_socket(const int domain, const int type,
3193 + const int protocol);
3194 +
3195 +#endif
3196 diff -Naur backports-3.18.1-1.org/include/linux/unaligned/access_ok.h backports-3.18.1-1/include/linux/unaligned/access_ok.h
3197 --- backports-3.18.1-1.org/include/linux/unaligned/access_ok.h 2014-12-21 22:37:13.000000000 +0100
3198 +++ backports-3.18.1-1/include/linux/unaligned/access_ok.h 2014-12-28 14:10:09.712889681 +0100
3199 @@ -4,34 +4,34 @@
3200 #include <linux/kernel.h>
3201 #include <asm/byteorder.h>
3202
3203 -static inline u16 get_unaligned_le16(const void *p)
3204 +static inline u16 __intentional_overflow(-1) get_unaligned_le16(const void *p)
3205 {
3206 - return le16_to_cpup((__le16 *)p);
3207 + return le16_to_cpup((const __le16 *)p);
3208 }
3209
3210 -static inline u32 get_unaligned_le32(const void *p)
3211 +static inline u32 __intentional_overflow(-1) get_unaligned_le32(const void *p)
3212 {
3213 - return le32_to_cpup((__le32 *)p);
3214 + return le32_to_cpup((const __le32 *)p);
3215 }
3216
3217 -static inline u64 get_unaligned_le64(const void *p)
3218 +static inline u64 __intentional_overflow(-1) get_unaligned_le64(const void *p)
3219 {
3220 - return le64_to_cpup((__le64 *)p);
3221 + return le64_to_cpup((const __le64 *)p);
3222 }
3223
3224 -static inline u16 get_unaligned_be16(const void *p)
3225 +static inline u16 __intentional_overflow(-1) get_unaligned_be16(const void *p)
3226 {
3227 - return be16_to_cpup((__be16 *)p);
3228 + return be16_to_cpup((const __be16 *)p);
3229 }
3230
3231 -static inline u32 get_unaligned_be32(const void *p)
3232 +static inline u32 __intentional_overflow(-1) get_unaligned_be32(const void *p)
3233 {
3234 - return be32_to_cpup((__be32 *)p);
3235 + return be32_to_cpup((const __be32 *)p);
3236 }
3237
3238 -static inline u64 get_unaligned_be64(const void *p)
3239 +static inline u64 __intentional_overflow(-1) get_unaligned_be64(const void *p)
3240 {
3241 - return be64_to_cpup((__be64 *)p);
3242 + return be64_to_cpup((const __be64 *)p);
3243 }
3244
3245 static inline void put_unaligned_le16(u16 val, void *p)
3246 diff -Naur backports-3.18.1-1.org/include/media/v4l2-dev.h backports-3.18.1-1/include/media/v4l2-dev.h
3247 --- backports-3.18.1-1.org/include/media/v4l2-dev.h 2014-12-21 22:37:13.000000000 +0100
3248 +++ backports-3.18.1-1/include/media/v4l2-dev.h 2014-12-28 14:10:09.716889709 +0100
3249 @@ -75,7 +75,7 @@
3250 int (*mmap) (struct file *, struct vm_area_struct *);
3251 int (*open) (struct file *);
3252 int (*release) (struct file *);
3253 -};
3254 +} __do_const;
3255
3256 /*
3257 * Newer version of video_device, handled by videodev2.c
3258 diff -Naur backports-3.18.1-1.org/include/media/v4l2-device.h backports-3.18.1-1/include/media/v4l2-device.h
3259 --- backports-3.18.1-1.org/include/media/v4l2-device.h 2014-12-21 22:37:13.000000000 +0100
3260 +++ backports-3.18.1-1/include/media/v4l2-device.h 2014-12-28 14:10:09.716889709 +0100
3261 @@ -95,7 +95,7 @@
3262 this function returns 0. If the name ends with a digit (e.g. cx18),
3263 then the name will be set to cx18-0 since cx180 looks really odd. */
3264 int v4l2_device_set_name(struct v4l2_device *v4l2_dev, const char *basename,
3265 - atomic_t *instance);
3266 + atomic_unchecked_t *instance);
3267
3268 /* Set v4l2_dev->dev to NULL. Call when the USB parent disconnects.
3269 Since the parent disappears this ensures that v4l2_dev doesn't have an
3270 diff -Naur backports-3.18.1-1.org/include/net/bluetooth/l2cap.h backports-3.18.1-1/include/net/bluetooth/l2cap.h
3271 --- backports-3.18.1-1.org/include/net/bluetooth/l2cap.h 2014-12-21 22:37:13.000000000 +0100
3272 +++ backports-3.18.1-1/include/net/bluetooth/l2cap.h 2014-12-28 14:10:09.716889709 +0100
3273 @@ -608,7 +608,7 @@
3274 unsigned char *kdata,
3275 struct iovec *iov,
3276 int len);
3277 -};
3278 +} __do_const;
3279
3280 struct l2cap_conn {
3281 struct hci_conn *hcon;
3282 diff -Naur backports-3.18.1-1.org/include/net/mac80211.h backports-3.18.1-1/include/net/mac80211.h
3283 --- backports-3.18.1-1.org/include/net/mac80211.h 2014-12-21 22:37:13.000000000 +0100
3284 +++ backports-3.18.1-1/include/net/mac80211.h 2014-12-28 14:10:09.724889743 +0100
3285 @@ -4648,7 +4648,7 @@
3286 void (*remove_sta_debugfs)(void *priv, void *priv_sta);
3287
3288 u32 (*get_expected_throughput)(void *priv_sta);
3289 -};
3290 +} __do_const;
3291
3292 static inline int rate_supported(struct ieee80211_sta *sta,
3293 enum ieee80211_band band,
3294 diff -Naur backports-3.18.1-1.org/include/trace/events/fs.h backports-3.18.1-1/include/trace/events/fs.h
3295 --- backports-3.18.1-1.org/include/trace/events/fs.h 1970-01-01 01:00:00.000000000 +0100
3296 +++ backports-3.18.1-1/include/trace/events/fs.h 2014-12-28 14:10:09.728889769 +0100
3297 @@ -0,0 +1,53 @@
3298 +#undef TRACE_SYSTEM
3299 +#define TRACE_SYSTEM fs
3300 +
3301 +#if !defined(_TRACE_FS_H) || defined(TRACE_HEADER_MULTI_READ)
3302 +#define _TRACE_FS_H
3303 +
3304 +#include <linux/fs.h>
3305 +#include <linux/tracepoint.h>
3306 +
3307 +TRACE_EVENT(do_sys_open,
3308 +
3309 + TP_PROTO(const char *filename, int flags, int mode),
3310 +
3311 + TP_ARGS(filename, flags, mode),
3312 +
3313 + TP_STRUCT__entry(
3314 + __string( filename, filename )
3315 + __field( int, flags )
3316 + __field( int, mode )
3317 + ),
3318 +
3319 + TP_fast_assign(
3320 + __assign_str(filename, filename);
3321 + __entry->flags = flags;
3322 + __entry->mode = mode;
3323 + ),
3324 +
3325 + TP_printk("\"%s\" %x %o",
3326 + __get_str(filename), __entry->flags, __entry->mode)
3327 +);
3328 +
3329 +TRACE_EVENT(open_exec,
3330 +
3331 + TP_PROTO(const char *filename),
3332 +
3333 + TP_ARGS(filename),
3334 +
3335 + TP_STRUCT__entry(
3336 + __string( filename, filename )
3337 + ),
3338 +
3339 + TP_fast_assign(
3340 + __assign_str(filename, filename);
3341 + ),
3342 +
3343 + TP_printk("\"%s\"",
3344 + __get_str(filename))
3345 +);
3346 +
3347 +#endif /* _TRACE_FS_H */
3348 +
3349 +/* This part must be outside protection */
3350 +#include <trace/define_trace.h>
3351 diff -Naur backports-3.18.1-1.org/net/bluetooth/6lowpan.c backports-3.18.1-1/net/bluetooth/6lowpan.c
3352 --- backports-3.18.1-1.org/net/bluetooth/6lowpan.c 2014-12-21 22:37:15.000000000 +0100
3353 +++ backports-3.18.1-1/net/bluetooth/6lowpan.c 2014-12-28 14:10:09.784890034 +0100
3354 @@ -367,7 +367,6 @@
3355
3356 drop:
3357 dev->stats.rx_dropped++;
3358 - kfree_skb(skb);
3359 return NET_RX_DROP;
3360 }
3361
3362 diff -Naur backports-3.18.1-1.org/net/bluetooth/bnep/core.c backports-3.18.1-1/net/bluetooth/bnep/core.c
3363 --- backports-3.18.1-1.org/net/bluetooth/bnep/core.c 2014-12-21 22:37:15.000000000 +0100
3364 +++ backports-3.18.1-1/net/bluetooth/bnep/core.c 2014-12-28 14:10:09.784890034 +0100
3365 @@ -533,6 +533,9 @@
3366
3367 BT_DBG("");
3368
3369 + if (!l2cap_is_socket(sock))
3370 + return -EBADFD;
3371 +
3372 baswap((void *) dst, &l2cap_pi(sock->sk)->chan->dst);
3373 baswap((void *) src, &l2cap_pi(sock->sk)->chan->src);
3374
3375 diff -Naur backports-3.18.1-1.org/net/bluetooth/cmtp/core.c backports-3.18.1-1/net/bluetooth/cmtp/core.c
3376 --- backports-3.18.1-1.org/net/bluetooth/cmtp/core.c 2014-12-21 22:37:15.000000000 +0100
3377 +++ backports-3.18.1-1/net/bluetooth/cmtp/core.c 2014-12-28 14:10:09.784890034 +0100
3378 @@ -334,6 +334,9 @@
3379
3380 BT_DBG("");
3381
3382 + if (!l2cap_is_socket(sock))
3383 + return -EBADFD;
3384 +
3385 session = kzalloc(sizeof(struct cmtp_session), GFP_KERNEL);
3386 if (!session)
3387 return -ENOMEM;
3388 diff -Naur backports-3.18.1-1.org/net/bluetooth/hci_sock.c backports-3.18.1-1/net/bluetooth/hci_sock.c
3389 --- backports-3.18.1-1.org/net/bluetooth/hci_sock.c 2014-12-21 22:37:15.000000000 +0100
3390 +++ backports-3.18.1-1/net/bluetooth/hci_sock.c 2014-12-28 14:10:09.784890034 +0100
3391 @@ -1067,7 +1067,7 @@
3392 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
3393 }
3394
3395 - len = min_t(unsigned int, len, sizeof(uf));
3396 + len = min((size_t)len, sizeof(uf));
3397 if (copy_from_user(&uf, optval, len)) {
3398 err = -EFAULT;
3399 break;
3400 diff -Naur backports-3.18.1-1.org/net/bluetooth/hidp/core.c backports-3.18.1-1/net/bluetooth/hidp/core.c
3401 --- backports-3.18.1-1.org/net/bluetooth/hidp/core.c 2014-12-21 22:37:15.000000000 +0100
3402 +++ backports-3.18.1-1/net/bluetooth/hidp/core.c 2014-12-28 14:10:09.784890034 +0100
3403 @@ -1322,13 +1322,14 @@
3404 {
3405 struct hidp_session *session;
3406 struct l2cap_conn *conn;
3407 - struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
3408 + struct l2cap_chan *chan;
3409 int ret;
3410
3411 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
3412 if (ret)
3413 return ret;
3414
3415 + chan = l2cap_pi(ctrl_sock->sk)->chan;
3416 conn = NULL;
3417 l2cap_chan_lock(chan);
3418 if (chan->conn)
3419 diff -Naur backports-3.18.1-1.org/net/bluetooth/l2cap_core.c backports-3.18.1-1/net/bluetooth/l2cap_core.c
3420 --- backports-3.18.1-1.org/net/bluetooth/l2cap_core.c 2014-12-21 22:37:15.000000000 +0100
3421 +++ backports-3.18.1-1/net/bluetooth/l2cap_core.c 2014-12-28 14:10:09.784890034 +0100
3422 @@ -3512,8 +3512,10 @@
3423 break;
3424
3425 case L2CAP_CONF_RFC:
3426 - if (olen == sizeof(rfc))
3427 - memcpy(&rfc, (void *)val, olen);
3428 + if (olen != sizeof(rfc))
3429 + break;
3430 +
3431 + memcpy(&rfc, (void *)val, olen);
3432
3433 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
3434 rfc.mode != chan->mode)
3435 diff -Naur backports-3.18.1-1.org/net/bluetooth/l2cap_sock.c backports-3.18.1-1/net/bluetooth/l2cap_sock.c
3436 --- backports-3.18.1-1.org/net/bluetooth/l2cap_sock.c 2014-12-21 22:37:15.000000000 +0100
3437 +++ backports-3.18.1-1/net/bluetooth/l2cap_sock.c 2014-12-28 14:10:09.788890064 +0100
3438 @@ -628,7 +628,8 @@
3439 struct sock *sk = sock->sk;
3440 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3441 struct l2cap_options opts;
3442 - int len, err = 0;
3443 + int err = 0;
3444 + size_t len = optlen;
3445 u32 opt;
3446
3447 BT_DBG("sk %p", sk);
3448 @@ -655,7 +656,7 @@
3449 opts.max_tx = chan->max_tx;
3450 opts.txwin_size = chan->tx_win;
3451
3452 - len = min_t(unsigned int, sizeof(opts), optlen);
3453 + len = min(sizeof(opts), len);
3454 if (copy_from_user((char *) &opts, optval, len)) {
3455 err = -EFAULT;
3456 break;
3457 @@ -742,7 +743,8 @@
3458 struct bt_security sec;
3459 struct bt_power pwr;
3460 struct l2cap_conn *conn;
3461 - int len, err = 0;
3462 + int err = 0;
3463 + size_t len = optlen;
3464 u32 opt;
3465
3466 BT_DBG("sk %p", sk);
3467 @@ -766,7 +768,7 @@
3468
3469 sec.level = BT_SECURITY_LOW;
3470
3471 - len = min_t(unsigned int, sizeof(sec), optlen);
3472 + len = min(sizeof(sec), len);
3473 if (copy_from_user((char *) &sec, optval, len)) {
3474 err = -EFAULT;
3475 break;
3476 @@ -862,7 +864,7 @@
3477
3478 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
3479
3480 - len = min_t(unsigned int, sizeof(pwr), optlen);
3481 + len = min(sizeof(pwr), len);
3482 if (copy_from_user((char *) &pwr, optval, len)) {
3483 err = -EFAULT;
3484 break;
3485 diff -Naur backports-3.18.1-1.org/net/bluetooth/rfcomm/sock.c backports-3.18.1-1/net/bluetooth/rfcomm/sock.c
3486 --- backports-3.18.1-1.org/net/bluetooth/rfcomm/sock.c 2014-12-21 22:37:15.000000000 +0100
3487 +++ backports-3.18.1-1/net/bluetooth/rfcomm/sock.c 2014-12-28 14:10:09.788890064 +0100
3488 @@ -695,7 +695,7 @@
3489 struct sock *sk = sock->sk;
3490 struct bt_security sec;
3491 int err = 0;
3492 - size_t len;
3493 + size_t len = optlen;
3494 u32 opt;
3495
3496 BT_DBG("sk %p", sk);
3497 @@ -717,7 +717,7 @@
3498
3499 sec.level = BT_SECURITY_LOW;
3500
3501 - len = min_t(unsigned int, sizeof(sec), optlen);
3502 + len = min(sizeof(sec), len);
3503 if (copy_from_user((char *) &sec, optval, len)) {
3504 err = -EFAULT;
3505 break;
3506 diff -Naur backports-3.18.1-1.org/net/bluetooth/rfcomm/tty.c backports-3.18.1-1/net/bluetooth/rfcomm/tty.c
3507 --- backports-3.18.1-1.org/net/bluetooth/rfcomm/tty.c 2014-12-21 22:37:15.000000000 +0100
3508 +++ backports-3.18.1-1/net/bluetooth/rfcomm/tty.c 2014-12-28 14:10:09.788890064 +0100
3509 @@ -752,7 +752,7 @@
3510 BT_DBG("tty %p id %d", tty, tty->index);
3511
3512 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
3513 - dev->channel, dev->port.count);
3514 + dev->channel, atomic_read(&dev->port.count));
3515
3516 err = tty_port_open(&dev->port, tty, filp);
3517 if (err)
3518 @@ -775,7 +775,7 @@
3519 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
3520
3521 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
3522 - dev->port.count);
3523 + atomic_read(&dev->port.count));
3524
3525 tty_port_close(&dev->port, tty, filp);
3526 }
3527 diff -Naur backports-3.18.1-1.org/net/ieee802154/6lowpan_rtnl.c backports-3.18.1-1/net/ieee802154/6lowpan_rtnl.c
3528 --- backports-3.18.1-1.org/net/ieee802154/6lowpan_rtnl.c 2014-12-21 22:37:15.000000000 +0100
3529 +++ backports-3.18.1-1/net/ieee802154/6lowpan_rtnl.c 2014-12-28 14:10:09.796890100 +0100
3530 @@ -639,7 +639,7 @@
3531 dev_put(real_dev);
3532 }
3533
3534 -static struct rtnl_link_ops lowpan_link_ops __read_mostly = {
3535 +static struct rtnl_link_ops lowpan_link_ops = {
3536 .kind = "lowpan",
3537 .priv_size = sizeof(struct lowpan_dev_info),
3538 .setup = lowpan_setup,
3539 diff -Naur backports-3.18.1-1.org/net/ieee802154/reassembly.c backports-3.18.1-1/net/ieee802154/reassembly.c
3540 --- backports-3.18.1-1.org/net/ieee802154/reassembly.c 2014-12-21 22:37:15.000000000 +0100
3541 +++ backports-3.18.1-1/net/ieee802154/reassembly.c 2014-12-28 14:10:09.796890100 +0100
3542 @@ -460,14 +460,13 @@
3543
3544 static int __net_init lowpan_frags_ns_sysctl_register(struct net *net)
3545 {
3546 - struct ctl_table *table;
3547 + ctl_table_no_const *table = NULL;
3548 struct ctl_table_header *hdr;
3549 struct netns_ieee802154_lowpan *ieee802154_lowpan =
3550 net_ieee802154_lowpan(net);
3551
3552 - table = lowpan_frags_ns_ctl_table;
3553 if (!net_eq(net, &init_net)) {
3554 - table = kmemdup(table, sizeof(lowpan_frags_ns_ctl_table),
3555 + table = kmemdup(lowpan_frags_ns_ctl_table, sizeof(lowpan_frags_ns_ctl_table),
3556 GFP_KERNEL);
3557 if (table == NULL)
3558 goto err_alloc;
3559 @@ -494,8 +493,7 @@
3560 return 0;
3561
3562 err_reg:
3563 - if (!net_eq(net, &init_net))
3564 - kfree(table);
3565 + kfree(table);
3566 err_alloc:
3567 return -ENOMEM;
3568 }
3569 diff -Naur backports-3.18.1-1.org/net/mac80211/cfg.c backports-3.18.1-1/net/mac80211/cfg.c
3570 --- backports-3.18.1-1.org/net/mac80211/cfg.c 2014-12-21 22:37:15.000000000 +0100
3571 +++ backports-3.18.1-1/net/mac80211/cfg.c 2014-12-28 14:10:09.812890175 +0100
3572 @@ -541,7 +541,7 @@
3573 ret = ieee80211_vif_use_channel(sdata, chandef,
3574 IEEE80211_CHANCTX_EXCLUSIVE);
3575 }
3576 - } else if (local->open_count == local->monitors) {
3577 + } else if (local_read(&local->open_count) == local->monitors) {
3578 local->_oper_chandef = *chandef;
3579 ieee80211_hw_config(local, 0);
3580 }
3581 @@ -3326,7 +3326,7 @@
3582 else
3583 local->probe_req_reg--;
3584
3585 - if (!local->open_count)
3586 + if (!local_read(&local->open_count))
3587 break;
3588
3589 ieee80211_queue_work(&local->hw, &local->reconfig_filter);
3590 @@ -3460,8 +3460,8 @@
3591 if (chanctx_conf) {
3592 *chandef = sdata->vif.bss_conf.chandef;
3593 ret = 0;
3594 - } else if (local->open_count > 0 &&
3595 - local->open_count == local->monitors &&
3596 + } else if (local_read(&local->open_count) > 0 &&
3597 + local_read(&local->open_count) == local->monitors &&
3598 sdata->vif.type == NL80211_IFTYPE_MONITOR) {
3599 if (local->use_chanctx)
3600 *chandef = local->monitor_chandef;
3601 diff -Naur backports-3.18.1-1.org/net/mac80211/ieee80211_i.h backports-3.18.1-1/net/mac80211/ieee80211_i.h
3602 --- backports-3.18.1-1.org/net/mac80211/ieee80211_i.h 2014-12-21 22:37:15.000000000 +0100
3603 +++ backports-3.18.1-1/net/mac80211/ieee80211_i.h 2014-12-28 14:10:09.812890175 +0100
3604 @@ -29,6 +29,7 @@
3605 #include <net/ieee80211_radiotap.h>
3606 #include <net/cfg80211.h>
3607 #include <net/mac80211.h>
3608 +#include <asm/local.h>
3609 #include "key.h"
3610 #include "sta_info.h"
3611 #include "debug.h"
3612 @@ -1057,7 +1058,7 @@
3613 /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
3614 spinlock_t queue_stop_reason_lock;
3615
3616 - int open_count;
3617 + local_t open_count;
3618 int monitors, cooked_mntrs;
3619 /* number of interfaces with corresponding FIF_ flags */
3620 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
3621 diff -Naur backports-3.18.1-1.org/net/mac80211/iface.c backports-3.18.1-1/net/mac80211/iface.c
3622 --- backports-3.18.1-1.org/net/mac80211/iface.c 2014-12-21 22:37:15.000000000 +0100
3623 +++ backports-3.18.1-1/net/mac80211/iface.c 2014-12-28 14:10:09.812890175 +0100
3624 @@ -532,7 +532,7 @@
3625 break;
3626 }
3627
3628 - if (local->open_count == 0) {
3629 + if (local_read(&local->open_count) == 0) {
3630 res = drv_start(local);
3631 if (res)
3632 goto err_del_bss;
3633 @@ -579,7 +579,7 @@
3634 res = drv_add_interface(local, sdata);
3635 if (res)
3636 goto err_stop;
3637 - } else if (local->monitors == 0 && local->open_count == 0) {
3638 + } else if (local->monitors == 0 && local_read(&local->open_count) == 0) {
3639 res = ieee80211_add_virtual_monitor(local);
3640 if (res)
3641 goto err_stop;
3642 @@ -688,7 +688,7 @@
3643 atomic_inc(&local->iff_promiscs);
3644
3645 if (coming_up)
3646 - local->open_count++;
3647 + local_inc(&local->open_count);
3648
3649 if (hw_reconf_flags)
3650 ieee80211_hw_config(local, hw_reconf_flags);
3651 @@ -726,7 +726,7 @@
3652 err_del_interface:
3653 drv_remove_interface(local, sdata);
3654 err_stop:
3655 - if (!local->open_count)
3656 + if (!local_read(&local->open_count))
3657 drv_stop(local);
3658 err_del_bss:
3659 sdata->bss = NULL;
3660 @@ -892,7 +892,7 @@
3661 }
3662
3663 if (going_down)
3664 - local->open_count--;
3665 + local_dec(&local->open_count);
3666
3667 switch (sdata->vif.type) {
3668 case NL80211_IFTYPE_AP_VLAN:
3669 @@ -954,7 +954,7 @@
3670 }
3671 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
3672
3673 - if (local->open_count == 0)
3674 + if (local_read(&local->open_count) == 0)
3675 ieee80211_clear_tx_pending(local);
3676
3677 /*
3678 @@ -997,7 +997,7 @@
3679 if (cancel_scan)
3680 flush_delayed_work(&local->scan_work);
3681
3682 - if (local->open_count == 0) {
3683 + if (local_read(&local->open_count) == 0) {
3684 ieee80211_stop_device(local);
3685
3686 /* no reconfiguring after stop! */
3687 @@ -1008,7 +1008,7 @@
3688 ieee80211_configure_filter(local);
3689 ieee80211_hw_config(local, hw_reconf_flags);
3690
3691 - if (local->monitors == local->open_count)
3692 + if (local->monitors == local_read(&local->open_count))
3693 ieee80211_add_virtual_monitor(local);
3694 }
3695
3696 diff -Naur backports-3.18.1-1.org/net/mac80211/main.c backports-3.18.1-1/net/mac80211/main.c
3697 --- backports-3.18.1-1.org/net/mac80211/main.c 2014-12-21 22:37:15.000000000 +0100
3698 +++ backports-3.18.1-1/net/mac80211/main.c 2014-12-28 14:10:09.812890175 +0100
3699 @@ -175,7 +175,7 @@
3700 changed &= ~(IEEE80211_CONF_CHANGE_CHANNEL |
3701 IEEE80211_CONF_CHANGE_POWER);
3702
3703 - if (changed && local->open_count) {
3704 + if (changed && local_read(&local->open_count)) {
3705 ret = drv_config(local, changed);
3706 /*
3707 * Goal:
3708 diff -Naur backports-3.18.1-1.org/net/mac80211/pm.c backports-3.18.1-1/net/mac80211/pm.c
3709 --- backports-3.18.1-1.org/net/mac80211/pm.c 2014-12-21 22:37:15.000000000 +0100
3710 +++ backports-3.18.1-1/net/mac80211/pm.c 2014-12-28 14:10:09.812890175 +0100
3711 @@ -12,7 +12,7 @@
3712 struct ieee80211_sub_if_data *sdata;
3713 struct sta_info *sta;
3714
3715 - if (!local->open_count)
3716 + if (!local_read(&local->open_count))
3717 goto suspend;
3718
3719 ieee80211_scan_cancel(local);
3720 @@ -59,7 +59,7 @@
3721 cancel_work_sync(&local->dynamic_ps_enable_work);
3722 del_timer_sync(&local->dynamic_ps_timer);
3723
3724 - local->wowlan = wowlan && local->open_count;
3725 + local->wowlan = wowlan && local_read(&local->open_count);
3726 if (local->wowlan) {
3727 int err = drv_suspend(local, wowlan);
3728 if (err < 0) {
3729 @@ -125,7 +125,7 @@
3730 WARN_ON(!list_empty(&local->chanctx_list));
3731
3732 /* stop hardware - this must stop RX */
3733 - if (local->open_count)
3734 + if (local_read(&local->open_count))
3735 ieee80211_stop_device(local);
3736
3737 suspend:
3738 diff -Naur backports-3.18.1-1.org/net/mac80211/rate.c backports-3.18.1-1/net/mac80211/rate.c
3739 --- backports-3.18.1-1.org/net/mac80211/rate.c 2014-12-21 22:37:15.000000000 +0100
3740 +++ backports-3.18.1-1/net/mac80211/rate.c 2014-12-28 14:10:09.812890175 +0100
3741 @@ -720,7 +720,7 @@
3742
3743 ASSERT_RTNL();
3744
3745 - if (local->open_count)
3746 + if (local_read(&local->open_count))
3747 return -EBUSY;
3748
3749 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) {
3750 diff -Naur backports-3.18.1-1.org/net/mac80211/util.c backports-3.18.1-1/net/mac80211/util.c
3751 --- backports-3.18.1-1.org/net/mac80211/util.c 2014-12-21 22:37:15.000000000 +0100
3752 +++ backports-3.18.1-1/net/mac80211/util.c 2014-12-28 14:10:09.816890209 +0100
3753 @@ -1669,7 +1669,7 @@
3754 }
3755 #endif
3756 /* everything else happens only if HW was up & running */
3757 - if (!local->open_count)
3758 + if (!local_read(&local->open_count))
3759 goto wake_up;
3760
3761 /*
3762 @@ -1895,7 +1895,7 @@
3763 local->in_reconfig = false;
3764 barrier();
3765
3766 - if (local->monitors == local->open_count && local->monitors > 0)
3767 + if (local->monitors == local_read(&local->open_count) && local->monitors > 0)
3768 ieee80211_add_virtual_monitor(local);
3769
3770 /*
3771 diff -Naur backports-3.18.1-1.org/net/wireless/wext-core.c backports-3.18.1-1/net/wireless/wext-core.c
3772 --- backports-3.18.1-1.org/net/wireless/wext-core.c 2014-12-21 22:37:15.000000000 +0100
3773 +++ backports-3.18.1-1/net/wireless/wext-core.c 2014-12-28 14:10:09.832890290 +0100
3774 @@ -748,8 +748,7 @@
3775 */
3776
3777 /* Support for very large requests */
3778 - if ((descr->flags & IW_DESCR_FLAG_NOMAX) &&
3779 - (user_length > descr->max_tokens)) {
3780 + if (user_length > descr->max_tokens) {
3781 /* Allow userspace to GET more than max so
3782 * we can support any size GET requests.
3783 * There is still a limit : -ENOMEM.
3784 @@ -788,22 +787,6 @@
3785 }
3786 }
3787
3788 - if (IW_IS_GET(cmd) && !(descr->flags & IW_DESCR_FLAG_NOMAX)) {
3789 - /*
3790 - * If this is a GET, but not NOMAX, it means that the extra
3791 - * data is not bounded by userspace, but by max_tokens. Thus
3792 - * set the length to max_tokens. This matches the extra data
3793 - * allocation.
3794 - * The driver should fill it with the number of tokens it
3795 - * provided, and it may check iwp->length rather than having
3796 - * knowledge of max_tokens. If the driver doesn't change the
3797 - * iwp->length, this ioctl just copies back max_token tokens
3798 - * filled with zeroes. Hopefully the driver isn't claiming
3799 - * them to be valid data.
3800 - */
3801 - iwp->length = descr->max_tokens;
3802 - }
3803 -
3804 err = handler(dev, info, (union iwreq_data *) iwp, extra);
3805
3806 iwp->length += essid_compat;
IPFire 2.x development tree