]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - src/patches/backports-4.2.6-1-grsecurity.patch
projects / people / pmueller / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
squid 3.5.28: latest patches (01-02)
[people/pmueller/ipfire-2.x.git] / src / patches / backports-4.2.6-1-grsecurity.patch
1 diff -Naur backports-4.2.6-1.org/drivers/bluetooth/btwilink.c backports-4.2.6-1/drivers/bluetooth/btwilink.c
2 --- backports-4.2.6-1.org/drivers/bluetooth/btwilink.c 2015-11-15 22:19:40.000000000 +0100
3 +++ backports-4.2.6-1/drivers/bluetooth/btwilink.c 2016-01-27 12:26:16.319959957 +0100
4 @@ -288,7 +288,7 @@
5
6 static int bt_ti_probe(struct platform_device *pdev)
7 {
8 - static struct ti_st *hst;
9 + struct ti_st *hst;
10 struct hci_dev *hdev;
11 int err;
12
13 diff -Naur backports-4.2.6-1.org/drivers/media/dvb-core/dvbdev.c backports-4.2.6-1/drivers/media/dvb-core/dvbdev.c
14 --- backports-4.2.6-1.org/drivers/media/dvb-core/dvbdev.c 2015-11-15 22:19:39.000000000 +0100
15 +++ backports-4.2.6-1/drivers/media/dvb-core/dvbdev.c 2016-01-27 12:26:21.266626324 +0100
16 @@ -272,7 +272,7 @@
17 const struct dvb_device *template, void *priv, int type)
18 {
19 struct dvb_device *dvbdev;
20 - struct file_operations *dvbdevfops;
21 + file_operations_no_const *dvbdevfops;
22 struct device *clsdev;
23 int minor;
24 int id;
25 diff -Naur backports-4.2.6-1.org/drivers/media/dvb-frontends/af9033.h backports-4.2.6-1/drivers/media/dvb-frontends/af9033.h
26 --- backports-4.2.6-1.org/drivers/media/dvb-frontends/af9033.h 2015-11-15 22:19:38.000000000 +0100
27 +++ backports-4.2.6-1/drivers/media/dvb-frontends/af9033.h 2016-01-27 12:26:21.266626324 +0100
28 @@ -96,6 +96,6 @@
29 int (*pid_filter_ctrl)(struct dvb_frontend *fe, int onoff);
30 int (*pid_filter)(struct dvb_frontend *fe, int index, u16 pid,
31 int onoff);
32 -};
33 +} __no_const;
34
35 #endif /* AF9033_H */
36 diff -Naur backports-4.2.6-1.org/drivers/media/dvb-frontends/dib3000.h backports-4.2.6-1/drivers/media/dvb-frontends/dib3000.h
37 --- backports-4.2.6-1.org/drivers/media/dvb-frontends/dib3000.h 2015-11-15 22:19:38.000000000 +0100
38 +++ backports-4.2.6-1/drivers/media/dvb-frontends/dib3000.h 2016-01-27 12:26:21.266626324 +0100
39 @@ -39,7 +39,7 @@
40 int (*fifo_ctrl)(struct dvb_frontend *fe, int onoff);
41 int (*pid_ctrl)(struct dvb_frontend *fe, int index, int pid, int onoff);
42 int (*tuner_pass_ctrl)(struct dvb_frontend *fe, int onoff, u8 pll_ctrl);
43 -};
44 +} __no_const;
45
46 #if IS_REACHABLE(CPTCFG_DVB_DIB3000MB)
47 extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config,
48 diff -Naur backports-4.2.6-1.org/drivers/media/dvb-frontends/dib7000p.h backports-4.2.6-1/drivers/media/dvb-frontends/dib7000p.h
49 --- backports-4.2.6-1.org/drivers/media/dvb-frontends/dib7000p.h 2015-11-15 22:19:38.000000000 +0100
50 +++ backports-4.2.6-1/drivers/media/dvb-frontends/dib7000p.h 2016-01-27 12:26:21.266626324 +0100
51 @@ -64,7 +64,7 @@
52 int (*get_adc_power)(struct dvb_frontend *fe);
53 int (*slave_reset)(struct dvb_frontend *fe);
54 struct dvb_frontend *(*init)(struct i2c_adapter *i2c_adap, u8 i2c_addr, struct dib7000p_config *cfg);
55 -};
56 +} __no_const;
57
58 #if IS_REACHABLE(CPTCFG_DVB_DIB7000P)
59 void *dib7000p_attach(struct dib7000p_ops *ops);
60 diff -Naur backports-4.2.6-1.org/drivers/media/dvb-frontends/dib8000.h backports-4.2.6-1/drivers/media/dvb-frontends/dib8000.h
61 --- backports-4.2.6-1.org/drivers/media/dvb-frontends/dib8000.h 2015-11-15 22:19:38.000000000 +0100
62 +++ backports-4.2.6-1/drivers/media/dvb-frontends/dib8000.h 2016-01-27 12:26:21.266626324 +0100
63 @@ -61,7 +61,7 @@
64 int (*pid_filter_ctrl)(struct dvb_frontend *fe, u8 onoff);
65 int (*pid_filter)(struct dvb_frontend *fe, u8 id, u16 pid, u8 onoff);
66 struct dvb_frontend *(*init)(struct i2c_adapter *i2c_adap, u8 i2c_addr, struct dib8000_config *cfg);
67 -};
68 +} __no_const;
69
70 #if IS_REACHABLE(CPTCFG_DVB_DIB8000)
71 void *dib8000_attach(struct dib8000_ops *ops);
72 diff -Naur backports-4.2.6-1.org/drivers/media/pci/cx88/cx88-video.c backports-4.2.6-1/drivers/media/pci/cx88/cx88-video.c
73 --- backports-4.2.6-1.org/drivers/media/pci/cx88/cx88-video.c 2015-11-15 22:19:38.000000000 +0100
74 +++ backports-4.2.6-1/drivers/media/pci/cx88/cx88-video.c 2016-01-27 12:26:21.266626324 +0100
75 @@ -50,9 +50,9 @@
76
77 /* ------------------------------------------------------------------ */
78
79 -static unsigned int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
80 -static unsigned int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
81 -static unsigned int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
82 +static int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
83 +static int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
84 +static int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
85
86 module_param_array(video_nr, int, NULL, 0444);
87 module_param_array(vbi_nr, int, NULL, 0444);
88 diff -Naur backports-4.2.6-1.org/drivers/media/pci/ivtv/ivtv-driver.c backports-4.2.6-1/drivers/media/pci/ivtv/ivtv-driver.c
89 --- backports-4.2.6-1.org/drivers/media/pci/ivtv/ivtv-driver.c 2015-11-15 22:19:38.000000000 +0100
90 +++ backports-4.2.6-1/drivers/media/pci/ivtv/ivtv-driver.c 2016-01-27 12:26:21.266626324 +0100
91 @@ -83,7 +83,7 @@
92 MODULE_DEVICE_TABLE(pci,ivtv_pci_tbl);
93
94 /* ivtv instance counter */
95 -static atomic_t ivtv_instance = ATOMIC_INIT(0);
96 +static atomic_unchecked_t ivtv_instance = ATOMIC_INIT(0);
97
98 /* Parameter declarations */
99 static int cardtype[IVTV_MAX_CARDS];
100 diff -Naur backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-core.c backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-core.c
101 --- backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-core.c 2015-11-15 22:19:38.000000000 +0100
102 +++ backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-core.c 2016-01-27 12:26:21.266626324 +0100
103 @@ -424,7 +424,7 @@
104
105 static int solo_sysfs_init(struct solo_dev *solo_dev)
106 {
107 - struct bin_attribute *sdram_attr = &solo_dev->sdram_attr;
108 + bin_attribute_no_const *sdram_attr = &solo_dev->sdram_attr;
109 struct device *dev = &solo_dev->dev;
110 const char *driver;
111 int i;
112 diff -Naur backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-g723.c backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-g723.c
113 --- backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-g723.c 2015-11-15 22:19:38.000000000 +0100
114 +++ backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-g723.c 2016-01-27 12:26:21.266626324 +0100
115 @@ -351,7 +351,7 @@
116
117 int solo_g723_init(struct solo_dev *solo_dev)
118 {
119 - static struct snd_device_ops ops = { NULL };
120 + static struct snd_device_ops ops = { };
121 struct snd_card *card;
122 struct snd_kcontrol_new kctl;
123 char name[32];
124 diff -Naur backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10.h backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10.h
125 --- backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10.h 2015-11-15 22:19:38.000000000 +0100
126 +++ backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10.h 2016-01-27 12:26:21.266626324 +0100
127 @@ -218,7 +218,7 @@
128
129 /* P2M DMA Engine */
130 struct solo_p2m_dev p2m_dev[SOLO_NR_P2M];
131 - atomic_t p2m_count;
132 + atomic_unchecked_t p2m_count;
133 int p2m_jiffies;
134 unsigned int p2m_timeouts;
135
136 diff -Naur backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-p2m.c backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-p2m.c
137 --- backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-p2m.c 2015-11-15 22:19:38.000000000 +0100
138 +++ backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-p2m.c 2016-01-27 12:26:21.266626324 +0100
139 @@ -73,7 +73,7 @@
140
141 /* Get next ID. According to Softlogic, 6110 has problems on !=0 P2M */
142 if (solo_dev->type != SOLO_DEV_6110 && multi_p2m) {
143 - p2m_id = atomic_inc_return(&solo_dev->p2m_count) % SOLO_NR_P2M;
144 + p2m_id = atomic_inc_return_unchecked(&solo_dev->p2m_count) % SOLO_NR_P2M;
145 if (p2m_id < 0)
146 p2m_id = -p2m_id;
147 }
148 diff -Naur backports-4.2.6-1.org/drivers/media/pci/tw68/tw68-core.c backports-4.2.6-1/drivers/media/pci/tw68/tw68-core.c
149 --- backports-4.2.6-1.org/drivers/media/pci/tw68/tw68-core.c 2015-11-15 22:19:38.000000000 +0100
150 +++ backports-4.2.6-1/drivers/media/pci/tw68/tw68-core.c 2016-01-27 12:26:21.266626324 +0100
151 @@ -60,7 +60,7 @@
152 module_param_array(card, int, NULL, 0444);
153 MODULE_PARM_DESC(card, "card type");
154
155 -static atomic_t tw68_instance = ATOMIC_INIT(0);
156 +static atomic_unchecked_t tw68_instance = ATOMIC_INIT(0);
157
158 /* ------------------------------------------------------------------ */
159
160 diff -Naur backports-4.2.6-1.org/drivers/media/platform/omap/omap_vout.c backports-4.2.6-1/drivers/media/platform/omap/omap_vout.c
161 --- backports-4.2.6-1.org/drivers/media/platform/omap/omap_vout.c 2015-11-15 22:19:38.000000000 +0100
162 +++ backports-4.2.6-1/drivers/media/platform/omap/omap_vout.c 2016-01-27 12:26:21.266626324 +0100
163 @@ -63,7 +63,6 @@
164 OMAP_VIDEO2,
165 };
166
167 -static struct videobuf_queue_ops video_vbq_ops;
168 /* Variables configurable through module params*/
169 static u32 video1_numbuffers = 3;
170 static u32 video2_numbuffers = 3;
171 @@ -1008,6 +1007,12 @@
172 {
173 struct videobuf_queue *q;
174 struct omap_vout_device *vout = NULL;
175 + static struct videobuf_queue_ops video_vbq_ops = {
176 + .buf_setup = omap_vout_buffer_setup,
177 + .buf_prepare = omap_vout_buffer_prepare,
178 + .buf_release = omap_vout_buffer_release,
179 + .buf_queue = omap_vout_buffer_queue,
180 + };
181
182 vout = video_drvdata(file);
183 v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__);
184 @@ -1025,10 +1030,6 @@
185 vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT;
186
187 q = &vout->vbq;
188 - video_vbq_ops.buf_setup = omap_vout_buffer_setup;
189 - video_vbq_ops.buf_prepare = omap_vout_buffer_prepare;
190 - video_vbq_ops.buf_release = omap_vout_buffer_release;
191 - video_vbq_ops.buf_queue = omap_vout_buffer_queue;
192 spin_lock_init(&vout->vbq_lock);
193
194 videobuf_queue_dma_contig_init(q, &video_vbq_ops, q->dev,
195 diff -Naur backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_grp_layer.c backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_grp_layer.c
196 --- backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_grp_layer.c 2015-11-15 22:19:38.000000000 +0100
197 +++ backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_grp_layer.c 2016-01-27 12:26:21.266626324 +0100
198 @@ -235,7 +235,7 @@
199 {
200 struct mxr_layer *layer;
201 int ret;
202 - struct mxr_layer_ops ops = {
203 + static struct mxr_layer_ops ops = {
204 .release = mxr_graph_layer_release,
205 .buffer_set = mxr_graph_buffer_set,
206 .stream_set = mxr_graph_stream_set,
207 diff -Naur backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer.h backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer.h
208 --- backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer.h 2015-11-15 22:19:38.000000000 +0100
209 +++ backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer.h 2016-01-27 12:26:21.266626324 +0100
210 @@ -156,7 +156,7 @@
211 /** layer index (unique identifier) */
212 int idx;
213 /** callbacks for layer methods */
214 - struct mxr_layer_ops ops;
215 + struct mxr_layer_ops *ops;
216 /** format array */
217 const struct mxr_format **fmt_array;
218 /** size of format array */
219 diff -Naur backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_reg.c backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_reg.c
220 --- backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_reg.c 2015-11-15 22:19:38.000000000 +0100
221 +++ backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_reg.c 2016-01-27 12:26:21.266626324 +0100
222 @@ -276,7 +276,7 @@
223 layer->update_buf = next;
224 }
225
226 - layer->ops.buffer_set(layer, layer->update_buf);
227 + layer->ops->buffer_set(layer, layer->update_buf);
228
229 if (done && done != layer->shadow_buf)
230 vb2_buffer_done(&done->vb, VB2_BUF_STATE_DONE);
231 diff -Naur backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_video.c backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_video.c
232 --- backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_video.c 2015-11-15 22:19:38.000000000 +0100
233 +++ backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_video.c 2016-01-27 12:26:21.266626324 +0100
234 @@ -210,7 +210,7 @@
235 layer->geo.src.height = layer->geo.src.full_height;
236
237 mxr_geometry_dump(mdev, &layer->geo);
238 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
239 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
240 mxr_geometry_dump(mdev, &layer->geo);
241 }
242
243 @@ -228,7 +228,7 @@
244 layer->geo.dst.full_width = mbus_fmt.width;
245 layer->geo.dst.full_height = mbus_fmt.height;
246 layer->geo.dst.field = mbus_fmt.field;
247 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
248 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
249
250 mxr_geometry_dump(mdev, &layer->geo);
251 }
252 @@ -334,7 +334,7 @@
253 /* set source size to highest accepted value */
254 geo->src.full_width = max(geo->dst.full_width, pix->width);
255 geo->src.full_height = max(geo->dst.full_height, pix->height);
256 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
257 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
258 mxr_geometry_dump(mdev, &layer->geo);
259 /* set cropping to total visible screen */
260 geo->src.width = pix->width;
261 @@ -342,12 +342,12 @@
262 geo->src.x_offset = 0;
263 geo->src.y_offset = 0;
264 /* assure consistency of geometry */
265 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_CROP, MXR_NO_OFFSET);
266 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_CROP, MXR_NO_OFFSET);
267 mxr_geometry_dump(mdev, &layer->geo);
268 /* set full size to lowest possible value */
269 geo->src.full_width = 0;
270 geo->src.full_height = 0;
271 - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
272 + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
273 mxr_geometry_dump(mdev, &layer->geo);
274
275 /* returning results */
276 @@ -474,7 +474,7 @@
277 target->width = s->r.width;
278 target->height = s->r.height;
279
280 - layer->ops.fix_geometry(layer, stage, s->flags);
281 + layer->ops->fix_geometry(layer, stage, s->flags);
282
283 /* retrieve update selection rectangle */
284 res.left = target->x_offset;
285 @@ -938,13 +938,13 @@
286 mxr_output_get(mdev);
287
288 mxr_layer_update_output(layer);
289 - layer->ops.format_set(layer);
290 + layer->ops->format_set(layer);
291 /* enabling layer in hardware */
292 spin_lock_irqsave(&layer->enq_slock, flags);
293 layer->state = MXR_LAYER_STREAMING;
294 spin_unlock_irqrestore(&layer->enq_slock, flags);
295
296 - layer->ops.stream_set(layer, MXR_ENABLE);
297 + layer->ops->stream_set(layer, MXR_ENABLE);
298 mxr_streamer_get(mdev);
299
300 return 0;
301 @@ -1014,7 +1014,7 @@
302 spin_unlock_irqrestore(&layer->enq_slock, flags);
303
304 /* disabling layer in hardware */
305 - layer->ops.stream_set(layer, MXR_DISABLE);
306 + layer->ops->stream_set(layer, MXR_DISABLE);
307 /* remove one streamer */
308 mxr_streamer_put(mdev);
309 /* allow changes in output configuration */
310 @@ -1052,8 +1052,8 @@
311
312 void mxr_layer_release(struct mxr_layer *layer)
313 {
314 - if (layer->ops.release)
315 - layer->ops.release(layer);
316 + if (layer->ops->release)
317 + layer->ops->release(layer);
318 }
319
320 void mxr_base_layer_release(struct mxr_layer *layer)
321 @@ -1079,7 +1079,7 @@
322
323 layer->mdev = mdev;
324 layer->idx = idx;
325 - layer->ops = *ops;
326 + layer->ops = ops;
327
328 spin_lock_init(&layer->enq_slock);
329 INIT_LIST_HEAD(&layer->enq_list);
330 diff -Naur backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_vp_layer.c backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_vp_layer.c
331 --- backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_vp_layer.c 2015-11-15 22:19:38.000000000 +0100
332 +++ backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_vp_layer.c 2016-01-27 12:26:21.266626324 +0100
333 @@ -206,7 +206,7 @@
334 {
335 struct mxr_layer *layer;
336 int ret;
337 - struct mxr_layer_ops ops = {
338 + static struct mxr_layer_ops ops = {
339 .release = mxr_vp_layer_release,
340 .buffer_set = mxr_vp_buffer_set,
341 .stream_set = mxr_vp_stream_set,
342 diff -Naur backports-4.2.6-1.org/drivers/media/platform/vivid/vivid-osd.c backports-4.2.6-1/drivers/media/platform/vivid/vivid-osd.c
343 --- backports-4.2.6-1.org/drivers/media/platform/vivid/vivid-osd.c 2015-11-15 22:19:38.000000000 +0100
344 +++ backports-4.2.6-1/drivers/media/platform/vivid/vivid-osd.c 2016-01-27 12:26:21.269959657 +0100
345 @@ -85,6 +85,7 @@
346 case FBIOGET_VBLANK: {
347 struct fb_vblank vblank;
348
349 + memset(&vblank, 0, sizeof(vblank));
350 vblank.flags = FB_VBLANK_HAVE_COUNT | FB_VBLANK_HAVE_VCOUNT |
351 FB_VBLANK_HAVE_VSYNC;
352 vblank.count = 0;
353 diff -Naur backports-4.2.6-1.org/drivers/media/radio/radio-cadet.c backports-4.2.6-1/drivers/media/radio/radio-cadet.c
354 --- backports-4.2.6-1.org/drivers/media/radio/radio-cadet.c 2015-11-15 22:19:38.000000000 +0100
355 +++ backports-4.2.6-1/drivers/media/radio/radio-cadet.c 2016-01-27 12:26:21.269959657 +0100
356 @@ -333,6 +333,8 @@
357 unsigned char readbuf[RDS_BUFFER];
358 int i = 0;
359
360 + if (count > RDS_BUFFER)
361 + return -EFAULT;
362 mutex_lock(&dev->lock);
363 if (dev->rdsstat == 0)
364 cadet_start_rds(dev);
365 @@ -349,8 +351,9 @@
366 readbuf[i++] = dev->rdsbuf[dev->rdsout++];
367 mutex_unlock(&dev->lock);
368
369 - if (i && copy_to_user(data, readbuf, i))
370 - return -EFAULT;
371 + if (i > sizeof(readbuf) || (i && copy_to_user(data, readbuf, i)))
372 + i = -EFAULT;
373 +
374 return i;
375 }
376
377 diff -Naur backports-4.2.6-1.org/drivers/media/radio/radio-maxiradio.c backports-4.2.6-1/drivers/media/radio/radio-maxiradio.c
378 --- backports-4.2.6-1.org/drivers/media/radio/radio-maxiradio.c 2015-11-15 22:19:38.000000000 +0100
379 +++ backports-4.2.6-1/drivers/media/radio/radio-maxiradio.c 2016-01-27 12:26:21.269959657 +0100
380 @@ -61,7 +61,7 @@
381 /* TEA5757 pin mappings */
382 static const int clk = 1, data = 2, wren = 4, mo_st = 8, power = 16;
383
384 -static atomic_t maxiradio_instance = ATOMIC_INIT(0);
385 +static atomic_unchecked_t maxiradio_instance = ATOMIC_INIT(0);
386
387 #define PCI_VENDOR_ID_GUILLEMOT 0x5046
388 #define PCI_DEVICE_ID_GUILLEMOT_MAXIRADIO 0x1001
389 diff -Naur backports-4.2.6-1.org/drivers/media/radio/radio-shark2.c backports-4.2.6-1/drivers/media/radio/radio-shark2.c
390 --- backports-4.2.6-1.org/drivers/media/radio/radio-shark2.c 2015-11-15 22:19:38.000000000 +0100
391 +++ backports-4.2.6-1/drivers/media/radio/radio-shark2.c 2016-01-27 12:26:21.269959657 +0100
392 @@ -74,7 +74,7 @@
393 u8 *transfer_buffer;
394 };
395
396 -static atomic_t shark_instance = ATOMIC_INIT(0);
397 +static atomic_unchecked_t shark_instance = ATOMIC_INIT(0);
398
399 static int shark_write_reg(struct radio_tea5777 *tea, u64 reg)
400 {
401 diff -Naur backports-4.2.6-1.org/drivers/media/radio/radio-shark.c backports-4.2.6-1/drivers/media/radio/radio-shark.c
402 --- backports-4.2.6-1.org/drivers/media/radio/radio-shark.c 2015-11-15 22:19:38.000000000 +0100
403 +++ backports-4.2.6-1/drivers/media/radio/radio-shark.c 2016-01-27 12:26:21.269959657 +0100
404 @@ -79,7 +79,7 @@
405 u32 last_val;
406 };
407
408 -static atomic_t shark_instance = ATOMIC_INIT(0);
409 +static atomic_unchecked_t shark_instance = ATOMIC_INIT(0);
410
411 static void shark_write_val(struct snd_tea575x *tea, u32 val)
412 {
413 diff -Naur backports-4.2.6-1.org/drivers/media/radio/radio-si476x.c backports-4.2.6-1/drivers/media/radio/radio-si476x.c
414 --- backports-4.2.6-1.org/drivers/media/radio/radio-si476x.c 2015-11-15 22:19:38.000000000 +0100
415 +++ backports-4.2.6-1/drivers/media/radio/radio-si476x.c 2016-01-27 12:26:21.269959657 +0100
416 @@ -1445,7 +1445,7 @@
417 struct si476x_radio *radio;
418 struct v4l2_ctrl *ctrl;
419
420 - static atomic_t instance = ATOMIC_INIT(0);
421 + static atomic_unchecked_t instance = ATOMIC_INIT(0);
422
423 radio = devm_kzalloc(&pdev->dev, sizeof(*radio), GFP_KERNEL);
424 if (!radio)
425 diff -Naur backports-4.2.6-1.org/drivers/media/radio/wl128x/fmdrv_common.c backports-4.2.6-1/drivers/media/radio/wl128x/fmdrv_common.c
426 --- backports-4.2.6-1.org/drivers/media/radio/wl128x/fmdrv_common.c 2015-11-15 22:19:38.000000000 +0100
427 +++ backports-4.2.6-1/drivers/media/radio/wl128x/fmdrv_common.c 2016-01-27 12:26:21.269959657 +0100
428 @@ -71,7 +71,7 @@
429 MODULE_PARM_DESC(rds_buf, "RDS buffer entries");
430
431 /* Radio Nr */
432 -static u32 radio_nr = -1;
433 +static int radio_nr = -1;
434 module_param(radio_nr, int, 0444);
435 MODULE_PARM_DESC(radio_nr, "Radio Nr");
436
437 diff -Naur backports-4.2.6-1.org/drivers/media/usb/dvb-usb/cinergyT2-core.c backports-4.2.6-1/drivers/media/usb/dvb-usb/cinergyT2-core.c
438 --- backports-4.2.6-1.org/drivers/media/usb/dvb-usb/cinergyT2-core.c 2015-11-15 22:19:39.000000000 +0100
439 +++ backports-4.2.6-1/drivers/media/usb/dvb-usb/cinergyT2-core.c 2016-01-27 12:26:21.269959657 +0100
440 @@ -50,29 +50,73 @@
441
442 static int cinergyt2_streaming_ctrl(struct dvb_usb_adapter *adap, int enable)
443 {
444 - char buf[] = { CINERGYT2_EP1_CONTROL_STREAM_TRANSFER, enable ? 1 : 0 };
445 - char result[64];
446 - return dvb_usb_generic_rw(adap->dev, buf, sizeof(buf), result,
447 - sizeof(result), 0);
448 + char *buf;
449 + char *result;
450 + int retval;
451 +
452 + buf = kmalloc(2, GFP_KERNEL);
453 + if (buf == NULL)
454 + return -ENOMEM;
455 + result = kmalloc(64, GFP_KERNEL);
456 + if (result == NULL) {
457 + kfree(buf);
458 + return -ENOMEM;
459 + }
460 +
461 + buf[0] = CINERGYT2_EP1_CONTROL_STREAM_TRANSFER;
462 + buf[1] = enable ? 1 : 0;
463 +
464 + retval = dvb_usb_generic_rw(adap->dev, buf, 2, result, 64, 0);
465 +
466 + kfree(buf);
467 + kfree(result);
468 + return retval;
469 }
470
471 static int cinergyt2_power_ctrl(struct dvb_usb_device *d, int enable)
472 {
473 - char buf[] = { CINERGYT2_EP1_SLEEP_MODE, enable ? 0 : 1 };
474 - char state[3];
475 - return dvb_usb_generic_rw(d, buf, sizeof(buf), state, sizeof(state), 0);
476 + char *buf;
477 + char *state;
478 + int retval;
479 +
480 + buf = kmalloc(2, GFP_KERNEL);
481 + if (buf == NULL)
482 + return -ENOMEM;
483 + state = kmalloc(3, GFP_KERNEL);
484 + if (state == NULL) {
485 + kfree(buf);
486 + return -ENOMEM;
487 + }
488 +
489 + buf[0] = CINERGYT2_EP1_SLEEP_MODE;
490 + buf[1] = enable ? 1 : 0;
491 +
492 + retval = dvb_usb_generic_rw(d, buf, 2, state, 3, 0);
493 +
494 + kfree(buf);
495 + kfree(state);
496 + return retval;
497 }
498
499 static int cinergyt2_frontend_attach(struct dvb_usb_adapter *adap)
500 {
501 - char query[] = { CINERGYT2_EP1_GET_FIRMWARE_VERSION };
502 - char state[3];
503 + char *query;
504 + char *state;
505 int ret;
506 + query = kmalloc(1, GFP_KERNEL);
507 + if (query == NULL)
508 + return -ENOMEM;
509 + state = kmalloc(3, GFP_KERNEL);
510 + if (state == NULL) {
511 + kfree(query);
512 + return -ENOMEM;
513 + }
514 +
515 + query[0] = CINERGYT2_EP1_GET_FIRMWARE_VERSION;
516
517 adap->fe_adap[0].fe = cinergyt2_fe_attach(adap->dev);
518
519 - ret = dvb_usb_generic_rw(adap->dev, query, sizeof(query), state,
520 - sizeof(state), 0);
521 + ret = dvb_usb_generic_rw(adap->dev, query, 1, state, 3, 0);
522 if (ret < 0) {
523 deb_rc("cinergyt2_power_ctrl() Failed to retrieve sleep "
524 "state info\n");
525 @@ -80,7 +124,8 @@
526
527 /* Copy this pointer as we are gonna need it in the release phase */
528 cinergyt2_usb_device = adap->dev;
529 -
530 + kfree(query);
531 + kfree(state);
532 return 0;
533 }
534
535 @@ -141,12 +186,23 @@
536 static int cinergyt2_rc_query(struct dvb_usb_device *d, u32 *event, int *state)
537 {
538 struct cinergyt2_state *st = d->priv;
539 - u8 key[5] = {0, 0, 0, 0, 0}, cmd = CINERGYT2_EP1_GET_RC_EVENTS;
540 + u8 *key, *cmd;
541 int i;
542
543 + cmd = kmalloc(1, GFP_KERNEL);
544 + if (cmd == NULL)
545 + return -EINVAL;
546 + key = kzalloc(5, GFP_KERNEL);
547 + if (key == NULL) {
548 + kfree(cmd);
549 + return -EINVAL;
550 + }
551 +
552 + cmd[0] = CINERGYT2_EP1_GET_RC_EVENTS;
553 +
554 *state = REMOTE_NO_KEY_PRESSED;
555
556 - dvb_usb_generic_rw(d, &cmd, 1, key, sizeof(key), 0);
557 + dvb_usb_generic_rw(d, cmd, 1, key, 5, 0);
558 if (key[4] == 0xff) {
559 /* key repeat */
560 st->rc_counter++;
561 @@ -157,12 +213,12 @@
562 *event = d->last_event;
563 deb_rc("repeat key, event %x\n",
564 *event);
565 - return 0;
566 + goto out;
567 }
568 }
569 deb_rc("repeated key (non repeatable)\n");
570 }
571 - return 0;
572 + goto out;
573 }
574
575 /* hack to pass checksum on the custom field */
576 @@ -174,6 +230,9 @@
577
578 deb_rc("key: %*ph\n", 5, key);
579 }
580 +out:
581 + kfree(cmd);
582 + kfree(key);
583 return 0;
584 }
585
586 diff -Naur backports-4.2.6-1.org/drivers/media/usb/dvb-usb/cinergyT2-fe.c backports-4.2.6-1/drivers/media/usb/dvb-usb/cinergyT2-fe.c
587 --- backports-4.2.6-1.org/drivers/media/usb/dvb-usb/cinergyT2-fe.c 2015-11-15 22:19:39.000000000 +0100
588 +++ backports-4.2.6-1/drivers/media/usb/dvb-usb/cinergyT2-fe.c 2016-01-27 12:26:21.269959657 +0100
589 @@ -145,103 +145,176 @@
590 enum fe_status *status)
591 {
592 struct cinergyt2_fe_state *state = fe->demodulator_priv;
593 - struct dvbt_get_status_msg result;
594 - u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
595 + struct dvbt_get_status_msg *result;
596 + u8 *cmd;
597 int ret;
598
599 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&result,
600 - sizeof(result), 0);
601 + cmd = kmalloc(1, GFP_KERNEL);
602 + if (cmd == NULL)
603 + return -ENOMEM;
604 + result = kmalloc(sizeof(*result), GFP_KERNEL);
605 + if (result == NULL) {
606 + kfree(cmd);
607 + return -ENOMEM;
608 + }
609 +
610 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
611 +
612 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)result,
613 + sizeof(*result), 0);
614 if (ret < 0)
615 - return ret;
616 + goto out;
617
618 *status = 0;
619
620 - if (0xffff - le16_to_cpu(result.gain) > 30)
621 + if (0xffff - le16_to_cpu(result->gain) > 30)
622 *status |= FE_HAS_SIGNAL;
623 - if (result.lock_bits & (1 << 6))
624 + if (result->lock_bits & (1 << 6))
625 *status |= FE_HAS_LOCK;
626 - if (result.lock_bits & (1 << 5))
627 + if (result->lock_bits & (1 << 5))
628 *status |= FE_HAS_SYNC;
629 - if (result.lock_bits & (1 << 4))
630 + if (result->lock_bits & (1 << 4))
631 *status |= FE_HAS_CARRIER;
632 - if (result.lock_bits & (1 << 1))
633 + if (result->lock_bits & (1 << 1))
634 *status |= FE_HAS_VITERBI;
635
636 if ((*status & (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC)) !=
637 (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC))
638 *status &= ~FE_HAS_LOCK;
639
640 - return 0;
641 +out:
642 + kfree(cmd);
643 + kfree(result);
644 + return ret;
645 }
646
647 static int cinergyt2_fe_read_ber(struct dvb_frontend *fe, u32 *ber)
648 {
649 struct cinergyt2_fe_state *state = fe->demodulator_priv;
650 - struct dvbt_get_status_msg status;
651 - char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
652 + struct dvbt_get_status_msg *status;
653 + char *cmd;
654 int ret;
655
656 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
657 - sizeof(status), 0);
658 + cmd = kmalloc(1, GFP_KERNEL);
659 + if (cmd == NULL)
660 + return -ENOMEM;
661 + status = kmalloc(sizeof(*status), GFP_KERNEL);
662 + if (status == NULL) {
663 + kfree(cmd);
664 + return -ENOMEM;
665 + }
666 +
667 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
668 +
669 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
670 + sizeof(*status), 0);
671 if (ret < 0)
672 - return ret;
673 + goto out;
674
675 - *ber = le32_to_cpu(status.viterbi_error_rate);
676 + *ber = le32_to_cpu(status->viterbi_error_rate);
677 +out:
678 + kfree(cmd);
679 + kfree(status);
680 return 0;
681 }
682
683 static int cinergyt2_fe_read_unc_blocks(struct dvb_frontend *fe, u32 *unc)
684 {
685 struct cinergyt2_fe_state *state = fe->demodulator_priv;
686 - struct dvbt_get_status_msg status;
687 - u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
688 + struct dvbt_get_status_msg *status;
689 + u8 *cmd;
690 int ret;
691
692 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&status,
693 - sizeof(status), 0);
694 + cmd = kmalloc(1, GFP_KERNEL);
695 + if (cmd == NULL)
696 + return -ENOMEM;
697 + status = kmalloc(sizeof(*status), GFP_KERNEL);
698 + if (status == NULL) {
699 + kfree(cmd);
700 + return -ENOMEM;
701 + }
702 +
703 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
704 +
705 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)status,
706 + sizeof(*status), 0);
707 if (ret < 0) {
708 err("cinergyt2_fe_read_unc_blocks() Failed! (Error=%d)\n",
709 ret);
710 - return ret;
711 + goto out;
712 }
713 - *unc = le32_to_cpu(status.uncorrected_block_count);
714 - return 0;
715 + *unc = le32_to_cpu(status->uncorrected_block_count);
716 +
717 +out:
718 + kfree(cmd);
719 + kfree(status);
720 + return ret;
721 }
722
723 static int cinergyt2_fe_read_signal_strength(struct dvb_frontend *fe,
724 u16 *strength)
725 {
726 struct cinergyt2_fe_state *state = fe->demodulator_priv;
727 - struct dvbt_get_status_msg status;
728 - char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
729 + struct dvbt_get_status_msg *status;
730 + char *cmd;
731 int ret;
732
733 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
734 - sizeof(status), 0);
735 + cmd = kmalloc(1, GFP_KERNEL);
736 + if (cmd == NULL)
737 + return -ENOMEM;
738 + status = kmalloc(sizeof(*status), GFP_KERNEL);
739 + if (status == NULL) {
740 + kfree(cmd);
741 + return -ENOMEM;
742 + }
743 +
744 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
745 +
746 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
747 + sizeof(*status), 0);
748 if (ret < 0) {
749 err("cinergyt2_fe_read_signal_strength() Failed!"
750 " (Error=%d)\n", ret);
751 - return ret;
752 + goto out;
753 }
754 - *strength = (0xffff - le16_to_cpu(status.gain));
755 + *strength = (0xffff - le16_to_cpu(status->gain));
756 +
757 +out:
758 + kfree(cmd);
759 + kfree(status);
760 return 0;
761 }
762
763 static int cinergyt2_fe_read_snr(struct dvb_frontend *fe, u16 *snr)
764 {
765 struct cinergyt2_fe_state *state = fe->demodulator_priv;
766 - struct dvbt_get_status_msg status;
767 - char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
768 + struct dvbt_get_status_msg *status;
769 + char *cmd;
770 int ret;
771
772 - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
773 - sizeof(status), 0);
774 + cmd = kmalloc(1, GFP_KERNEL);
775 + if (cmd == NULL)
776 + return -ENOMEM;
777 + status = kmalloc(sizeof(*status), GFP_KERNEL);
778 + if (status == NULL) {
779 + kfree(cmd);
780 + return -ENOMEM;
781 + }
782 +
783 + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
784 +
785 + ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
786 + sizeof(*status), 0);
787 if (ret < 0) {
788 err("cinergyt2_fe_read_snr() Failed! (Error=%d)\n", ret);
789 - return ret;
790 + goto out;
791 }
792 - *snr = (status.snr << 8) | status.snr;
793 - return 0;
794 + *snr = (status->snr << 8) | status->snr;
795 +
796 +out:
797 + kfree(cmd);
798 + kfree(status);
799 + return ret;
800 }
801
802 static int cinergyt2_fe_init(struct dvb_frontend *fe)
803 @@ -266,35 +339,46 @@
804 {
805 struct dtv_frontend_properties *fep = &fe->dtv_property_cache;
806 struct cinergyt2_fe_state *state = fe->demodulator_priv;
807 - struct dvbt_set_parameters_msg param;
808 - char result[2];
809 + struct dvbt_set_parameters_msg *param;
810 + char *result;
811 int err;
812
813 - param.cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS;
814 - param.tps = cpu_to_le16(compute_tps(fep));
815 - param.freq = cpu_to_le32(fep->frequency / 1000);
816 - param.flags = 0;
817 + result = kmalloc(2, GFP_KERNEL);
818 + if (result == NULL)
819 + return -ENOMEM;
820 + param = kmalloc(sizeof(*param), GFP_KERNEL);
821 + if (param == NULL) {
822 + kfree(result);
823 + return -ENOMEM;
824 + }
825 +
826 + param->cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS;
827 + param->tps = cpu_to_le16(compute_tps(fep));
828 + param->freq = cpu_to_le32(fep->frequency / 1000);
829 + param->flags = 0;
830
831 switch (fep->bandwidth_hz) {
832 default:
833 case 8000000:
834 - param.bandwidth = 8;
835 + param->bandwidth = 8;
836 break;
837 case 7000000:
838 - param.bandwidth = 7;
839 + param->bandwidth = 7;
840 break;
841 case 6000000:
842 - param.bandwidth = 6;
843 + param->bandwidth = 6;
844 break;
845 }
846
847 err = dvb_usb_generic_rw(state->d,
848 - (char *)&param, sizeof(param),
849 - result, sizeof(result), 0);
850 + (char *)param, sizeof(*param),
851 + result, 2, 0);
852 if (err < 0)
853 err("cinergyt2_fe_set_frontend() Failed! err=%d\n", err);
854
855 - return (err < 0) ? err : 0;
856 + kfree(result);
857 + kfree(param);
858 + return err;
859 }
860
861 static void cinergyt2_fe_release(struct dvb_frontend *fe)
862 diff -Naur backports-4.2.6-1.org/drivers/media/usb/dvb-usb/dvb-usb-firmware.c backports-4.2.6-1/drivers/media/usb/dvb-usb/dvb-usb-firmware.c
863 --- backports-4.2.6-1.org/drivers/media/usb/dvb-usb/dvb-usb-firmware.c 2015-11-15 22:19:39.000000000 +0100
864 +++ backports-4.2.6-1/drivers/media/usb/dvb-usb/dvb-usb-firmware.c 2016-01-27 12:26:21.269959657 +0100
865 @@ -35,42 +35,57 @@
866
867 int usb_cypress_load_firmware(struct usb_device *udev, const struct firmware *fw, int type)
868 {
869 - struct hexline hx;
870 - u8 reset;
871 + struct hexline *hx;
872 + u8 *reset;
873 int ret,pos=0;
874
875 + reset = kmalloc(1, GFP_KERNEL);
876 + if (reset == NULL)
877 + return -ENOMEM;
878 +
879 + hx = kmalloc(sizeof(struct hexline), GFP_KERNEL);
880 + if (hx == NULL) {
881 + kfree(reset);
882 + return -ENOMEM;
883 + }
884 +
885 /* stop the CPU */
886 - reset = 1;
887 - if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1)) != 1)
888 + reset[0] = 1;
889 + if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1)) != 1)
890 err("could not stop the USB controller CPU.");
891
892 - while ((ret = dvb_usb_get_hexline(fw,&hx,&pos)) > 0) {
893 - deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx.addr,hx.len,hx.chk);
894 - ret = usb_cypress_writemem(udev,hx.addr,hx.data,hx.len);
895 + while ((ret = dvb_usb_get_hexline(fw,hx,&pos)) > 0) {
896 + deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx->addr,hx->len,hx->chk);
897 + ret = usb_cypress_writemem(udev,hx->addr,hx->data,hx->len);
898
899 - if (ret != hx.len) {
900 + if (ret != hx->len) {
901 err("error while transferring firmware "
902 "(transferred size: %d, block size: %d)",
903 - ret,hx.len);
904 + ret,hx->len);
905 ret = -EINVAL;
906 break;
907 }
908 }
909 if (ret < 0) {
910 err("firmware download failed at %d with %d",pos,ret);
911 + kfree(reset);
912 + kfree(hx);
913 return ret;
914 }
915
916 if (ret == 0) {
917 /* restart the CPU */
918 - reset = 0;
919 - if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1) != 1) {
920 + reset[0] = 0;
921 + if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1) != 1) {
922 err("could not restart the USB controller CPU.");
923 ret = -EINVAL;
924 }
925 } else
926 ret = -EIO;
927
928 + kfree(reset);
929 + kfree(hx);
930 +
931 return ret;
932 }
933 EXPORT_SYMBOL(usb_cypress_load_firmware);
934 diff -Naur backports-4.2.6-1.org/drivers/media/usb/dvb-usb/technisat-usb2.c backports-4.2.6-1/drivers/media/usb/dvb-usb/technisat-usb2.c
935 --- backports-4.2.6-1.org/drivers/media/usb/dvb-usb/technisat-usb2.c 2015-11-15 22:19:39.000000000 +0100
936 +++ backports-4.2.6-1/drivers/media/usb/dvb-usb/technisat-usb2.c 2016-01-27 12:26:21.269959657 +0100
937 @@ -87,8 +87,11 @@
938 static int technisat_usb2_i2c_access(struct usb_device *udev,
939 u8 device_addr, u8 *tx, u8 txlen, u8 *rx, u8 rxlen)
940 {
941 - u8 b[64];
942 - int ret, actual_length;
943 + u8 *b = kmalloc(64, GFP_KERNEL);
944 + int ret, actual_length, error = 0;
945 +
946 + if (b == NULL)
947 + return -ENOMEM;
948
949 deb_i2c("i2c-access: %02x, tx: ", device_addr);
950 debug_dump(tx, txlen, deb_i2c);
951 @@ -121,7 +124,8 @@
952
953 if (ret < 0) {
954 err("i2c-error: out failed %02x = %d", device_addr, ret);
955 - return -ENODEV;
956 + error = -ENODEV;
957 + goto out;
958 }
959
960 ret = usb_bulk_msg(udev,
961 @@ -129,7 +133,8 @@
962 b, 64, &actual_length, 1000);
963 if (ret < 0) {
964 err("i2c-error: in failed %02x = %d", device_addr, ret);
965 - return -ENODEV;
966 + error = -ENODEV;
967 + goto out;
968 }
969
970 if (b[0] != I2C_STATUS_OK) {
971 @@ -137,8 +142,10 @@
972 /* handle tuner-i2c-nak */
973 if (!(b[0] == I2C_STATUS_NAK &&
974 device_addr == 0x60
975 - /* && device_is_technisat_usb2 */))
976 - return -ENODEV;
977 + /* && device_is_technisat_usb2 */)) {
978 + error = -ENODEV;
979 + goto out;
980 + }
981 }
982
983 deb_i2c("status: %d, ", b[0]);
984 @@ -152,7 +159,9 @@
985
986 deb_i2c("\n");
987
988 - return 0;
989 +out:
990 + kfree(b);
991 + return error;
992 }
993
994 static int technisat_usb2_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msg,
995 @@ -224,14 +233,16 @@
996 {
997 int ret;
998
999 - u8 led[8] = {
1000 - red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
1001 - 0
1002 - };
1003 + u8 *led = kzalloc(8, GFP_KERNEL);
1004 +
1005 + if (led == NULL)
1006 + return -ENOMEM;
1007
1008 if (disable_led_control && state != TECH_LED_OFF)
1009 return 0;
1010
1011 + led[0] = red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST;
1012 +
1013 switch (state) {
1014 case TECH_LED_ON:
1015 led[1] = 0x82;
1016 @@ -263,16 +274,22 @@
1017 red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
1018 USB_TYPE_VENDOR | USB_DIR_OUT,
1019 0, 0,
1020 - led, sizeof(led), 500);
1021 + led, 8, 500);
1022
1023 mutex_unlock(&d->i2c_mutex);
1024 +
1025 + kfree(led);
1026 +
1027 return ret;
1028 }
1029
1030 static int technisat_usb2_set_led_timer(struct dvb_usb_device *d, u8 red, u8 green)
1031 {
1032 int ret;
1033 - u8 b = 0;
1034 + u8 *b = kzalloc(1, GFP_KERNEL);
1035 +
1036 + if (b == NULL)
1037 + return -ENOMEM;
1038
1039 if (mutex_lock_interruptible(&d->i2c_mutex) < 0)
1040 return -EAGAIN;
1041 @@ -281,10 +298,12 @@
1042 SET_LED_TIMER_DIVIDER_VENDOR_REQUEST,
1043 USB_TYPE_VENDOR | USB_DIR_OUT,
1044 (red << 8) | green, 0,
1045 - &b, 1, 500);
1046 + b, 1, 500);
1047
1048 mutex_unlock(&d->i2c_mutex);
1049
1050 + kfree(b);
1051 +
1052 return ret;
1053 }
1054
1055 @@ -328,7 +347,7 @@
1056 struct dvb_usb_device_description **desc, int *cold)
1057 {
1058 int ret;
1059 - u8 version[3];
1060 + u8 *version = kmalloc(3, GFP_KERNEL);
1061
1062 /* first select the interface */
1063 if (usb_set_interface(udev, 0, 1) != 0)
1064 @@ -338,11 +357,14 @@
1065
1066 *cold = 0; /* by default do not download a firmware - just in case something is wrong */
1067
1068 + if (version == NULL)
1069 + return 0;
1070 +
1071 ret = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
1072 GET_VERSION_INFO_VENDOR_REQUEST,
1073 USB_TYPE_VENDOR | USB_DIR_IN,
1074 0, 0,
1075 - version, sizeof(version), 500);
1076 + version, 3, 500);
1077
1078 if (ret < 0)
1079 *cold = 1;
1080 @@ -351,6 +373,8 @@
1081 *cold = 0;
1082 }
1083
1084 + kfree(version);
1085 +
1086 return 0;
1087 }
1088
1089 @@ -594,10 +618,15 @@
1090
1091 static int technisat_usb2_get_ir(struct dvb_usb_device *d)
1092 {
1093 - u8 buf[62], *b;
1094 + u8 *buf, *b;
1095 int ret;
1096 struct ir_raw_event ev;
1097
1098 + buf = kmalloc(62, GFP_KERNEL);
1099 +
1100 + if (buf == NULL)
1101 + return -ENOMEM;
1102 +
1103 buf[0] = GET_IR_DATA_VENDOR_REQUEST;
1104 buf[1] = 0x08;
1105 buf[2] = 0x8f;
1106 @@ -620,16 +649,20 @@
1107 GET_IR_DATA_VENDOR_REQUEST,
1108 USB_TYPE_VENDOR | USB_DIR_IN,
1109 0x8080, 0,
1110 - buf, sizeof(buf), 500);
1111 + buf, 62, 500);
1112
1113 unlock:
1114 mutex_unlock(&d->i2c_mutex);
1115
1116 - if (ret < 0)
1117 + if (ret < 0) {
1118 + kfree(buf);
1119 return ret;
1120 + }
1121
1122 - if (ret == 1)
1123 + if (ret == 1) {
1124 + kfree(buf);
1125 return 0; /* no key pressed */
1126 + }
1127
1128 /* decoding */
1129 b = buf+1;
1130 @@ -656,6 +689,8 @@
1131
1132 ir_raw_event_handle(d->rc_dev);
1133
1134 + kfree(buf);
1135 +
1136 return 1;
1137 }
1138
1139 diff -Naur backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-compat-ioctl32.c backports-4.2.6-1/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
1140 --- backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-compat-ioctl32.c 2015-11-15 22:19:38.000000000 +0100
1141 +++ backports-4.2.6-1/drivers/media/v4l2-core/v4l2-compat-ioctl32.c 2016-01-27 12:26:21.269959657 +0100
1142 @@ -429,7 +429,7 @@
1143 * by passing a very big num_planes value */
1144 uplane = compat_alloc_user_space(num_planes *
1145 sizeof(struct v4l2_plane));
1146 - kp->m.planes = (__force struct v4l2_plane *)uplane;
1147 + kp->m.planes = (__force_kernel struct v4l2_plane *)uplane;
1148
1149 while (--num_planes >= 0) {
1150 ret = get_v4l2_plane32(uplane, uplane32, kp->memory);
1151 @@ -500,7 +500,7 @@
1152 if (num_planes == 0)
1153 return 0;
1154
1155 - uplane = (__force struct v4l2_plane __user *)kp->m.planes;
1156 + uplane = (struct v4l2_plane __force_user *)kp->m.planes;
1157 if (get_user(p, &up->m.planes))
1158 return -EFAULT;
1159 uplane32 = compat_ptr(p);
1160 @@ -564,7 +564,7 @@
1161 get_user(kp->flags, &up->flags) ||
1162 copy_from_user(&kp->fmt, &up->fmt, sizeof(up->fmt)))
1163 return -EFAULT;
1164 - kp->base = (__force void *)compat_ptr(tmp);
1165 + kp->base = (__force_kernel void *)compat_ptr(tmp);
1166 return 0;
1167 }
1168
1169 @@ -669,7 +669,7 @@
1170 n * sizeof(struct v4l2_ext_control32)))
1171 return -EFAULT;
1172 kcontrols = compat_alloc_user_space(n * sizeof(struct v4l2_ext_control));
1173 - kp->controls = (__force struct v4l2_ext_control *)kcontrols;
1174 + kp->controls = (__force_kernel struct v4l2_ext_control *)kcontrols;
1175 while (--n >= 0) {
1176 u32 id;
1177
1178 @@ -696,7 +696,7 @@
1179 {
1180 struct v4l2_ext_control32 __user *ucontrols;
1181 struct v4l2_ext_control __user *kcontrols =
1182 - (__force struct v4l2_ext_control __user *)kp->controls;
1183 + (struct v4l2_ext_control __force_user *)kp->controls;
1184 int n = kp->count;
1185 compat_caddr_t p;
1186
1187 @@ -780,7 +780,7 @@
1188 get_user(tmp, &up->edid) ||
1189 copy_from_user(kp->reserved, up->reserved, sizeof(kp->reserved)))
1190 return -EFAULT;
1191 - kp->edid = (__force u8 *)compat_ptr(tmp);
1192 + kp->edid = (__force_kernel u8 *)compat_ptr(tmp);
1193 return 0;
1194 }
1195
1196 diff -Naur backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-device.c backports-4.2.6-1/drivers/media/v4l2-core/v4l2-device.c
1197 --- backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-device.c 2015-11-15 22:19:38.000000000 +0100
1198 +++ backports-4.2.6-1/drivers/media/v4l2-core/v4l2-device.c 2016-01-27 12:26:21.269959657 +0100
1199 @@ -74,9 +74,9 @@
1200 EXPORT_SYMBOL_GPL(v4l2_device_put);
1201
1202 int v4l2_device_set_name(struct v4l2_device *v4l2_dev, const char *basename,
1203 - atomic_t *instance)
1204 + atomic_unchecked_t *instance)
1205 {
1206 - int num = atomic_inc_return(instance) - 1;
1207 + int num = atomic_inc_return_unchecked(instance) - 1;
1208 int len = strlen(basename);
1209
1210 if (basename[len - 1] >= '0' && basename[len - 1] <= '9')
1211 diff -Naur backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-ioctl.c backports-4.2.6-1/drivers/media/v4l2-core/v4l2-ioctl.c
1212 --- backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-ioctl.c 2015-11-15 22:19:38.000000000 +0100
1213 +++ backports-4.2.6-1/drivers/media/v4l2-core/v4l2-ioctl.c 2016-01-27 12:26:21.269959657 +0100
1214 @@ -2341,7 +2341,8 @@
1215 struct file *file, void *fh, void *p);
1216 } u;
1217 void (*debug)(const void *arg, bool write_only);
1218 -};
1219 +} __do_const;
1220 +typedef struct v4l2_ioctl_info __no_const v4l2_ioctl_info_no_const;
1221
1222 /* This control needs a priority check */
1223 #define INFO_FL_PRIO (1 << 0)
1224 @@ -2525,7 +2526,7 @@
1225 struct video_device *vfd = video_devdata(file);
1226 const struct v4l2_ioctl_ops *ops = vfd->ioctl_ops;
1227 bool write_only = false;
1228 - struct v4l2_ioctl_info default_info;
1229 + v4l2_ioctl_info_no_const default_info;
1230 const struct v4l2_ioctl_info *info;
1231 void *fh = file->private_data;
1232 struct v4l2_fh *vfh = NULL;
1233 @@ -2616,7 +2617,7 @@
1234 ret = -EINVAL;
1235 break;
1236 }
1237 - *user_ptr = (void __user *)buf->m.planes;
1238 + *user_ptr = (void __force_user *)buf->m.planes;
1239 *kernel_ptr = (void **)&buf->m.planes;
1240 *array_size = sizeof(struct v4l2_plane) * buf->length;
1241 ret = 1;
1242 @@ -2633,7 +2634,7 @@
1243 ret = -EINVAL;
1244 break;
1245 }
1246 - *user_ptr = (void __user *)edid->edid;
1247 + *user_ptr = (void __force_user *)edid->edid;
1248 *kernel_ptr = (void **)&edid->edid;
1249 *array_size = edid->blocks * 128;
1250 ret = 1;
1251 @@ -2651,7 +2652,7 @@
1252 ret = -EINVAL;
1253 break;
1254 }
1255 - *user_ptr = (void __user *)ctrls->controls;
1256 + *user_ptr = (void __force_user *)ctrls->controls;
1257 *kernel_ptr = (void **)&ctrls->controls;
1258 *array_size = sizeof(struct v4l2_ext_control)
1259 * ctrls->count;
1260 @@ -2752,7 +2753,7 @@
1261 }
1262
1263 if (has_array_args) {
1264 - *kernel_ptr = (void __force *)user_ptr;
1265 + *kernel_ptr = (void __force_kernel *)user_ptr;
1266 if (copy_to_user(user_ptr, mbuf, array_size))
1267 err = -EFAULT;
1268 goto out_array_args;
1269 diff -Naur backports-4.2.6-1.org/drivers/net/usb/sierra_net.c backports-4.2.6-1/drivers/net/usb/sierra_net.c
1270 --- backports-4.2.6-1.org/drivers/net/usb/sierra_net.c 2015-11-15 22:19:39.000000000 +0100
1271 +++ backports-4.2.6-1/drivers/net/usb/sierra_net.c 2016-01-27 12:26:21.283292990 +0100
1272 @@ -51,7 +51,7 @@
1273 /* atomic counter partially included in MAC address to make sure 2 devices
1274 * do not end up with the same MAC - concept breaks in case of > 255 ifaces
1275 */
1276 -static atomic_t iface_counter = ATOMIC_INIT(0);
1277 +static atomic_unchecked_t iface_counter = ATOMIC_INIT(0);
1278
1279 /*
1280 * SYNC Timer Delay definition used to set the expiry time
1281 @@ -697,7 +697,7 @@
1282 dev->net->netdev_ops = &sierra_net_device_ops;
1283
1284 /* change MAC addr to include, ifacenum, and to be unique */
1285 - dev->net->dev_addr[ETH_ALEN-2] = atomic_inc_return(&iface_counter);
1286 + dev->net->dev_addr[ETH_ALEN-2] = atomic_inc_return_unchecked(&iface_counter);
1287 dev->net->dev_addr[ETH_ALEN-1] = ifacenum;
1288
1289 /* we will have to manufacture ethernet headers, prepare template */
1290 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/airo.c backports-4.2.6-1/drivers/net/wireless/airo.c
1291 --- backports-4.2.6-1.org/drivers/net/wireless/airo.c 2015-11-15 22:19:39.000000000 +0100
1292 +++ backports-4.2.6-1/drivers/net/wireless/airo.c 2016-01-27 12:26:21.286626323 +0100
1293 @@ -7846,7 +7846,7 @@
1294 struct airo_info *ai = dev->ml_priv;
1295 int ridcode;
1296 int enabled;
1297 - static int (* writer)(struct airo_info *, u16 rid, const void *, int, int);
1298 + int (* writer)(struct airo_info *, u16 rid, const void *, int, int);
1299 unsigned char *iobuf;
1300
1301 /* Only super-user can write RIDs */
1302 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/at76c50x-usb.c backports-4.2.6-1/drivers/net/wireless/at76c50x-usb.c
1303 --- backports-4.2.6-1.org/drivers/net/wireless/at76c50x-usb.c 2015-11-15 22:19:39.000000000 +0100
1304 +++ backports-4.2.6-1/drivers/net/wireless/at76c50x-usb.c 2016-01-27 12:26:21.286626323 +0100
1305 @@ -353,7 +353,7 @@
1306 }
1307
1308 /* Convert timeout from the DFU status to jiffies */
1309 -static inline unsigned long at76_get_timeout(struct dfu_status *s)
1310 +static inline unsigned long __intentional_overflow(-1) at76_get_timeout(struct dfu_status *s)
1311 {
1312 return msecs_to_jiffies((s->poll_timeout[2] << 16)
1313 | (s->poll_timeout[1] << 8)
1314 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/ce.c backports-4.2.6-1/drivers/net/wireless/ath/ath10k/ce.c
1315 --- backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/ce.c 2015-11-15 22:19:40.000000000 +0100
1316 +++ backports-4.2.6-1/drivers/net/wireless/ath/ath10k/ce.c 2016-01-27 12:26:21.286626323 +0100
1317 @@ -896,12 +896,12 @@
1318 return 0;
1319 }
1320
1321 -static struct ath10k_ce_ring *
1322 +static struct ath10k_ce_ring * __intentional_overflow(-1)
1323 ath10k_ce_alloc_src_ring(struct ath10k *ar, unsigned int ce_id,
1324 const struct ce_attr *attr)
1325 {
1326 struct ath10k_ce_ring *src_ring;
1327 - u32 nentries = attr->src_nentries;
1328 + unsigned long nentries = attr->src_nentries;
1329 dma_addr_t base_addr;
1330
1331 nentries = roundup_pow_of_two(nentries);
1332 @@ -968,7 +968,7 @@
1333 const struct ce_attr *attr)
1334 {
1335 struct ath10k_ce_ring *dest_ring;
1336 - u32 nentries;
1337 + unsigned long nentries;
1338 dma_addr_t base_addr;
1339
1340 nentries = roundup_pow_of_two(attr->dest_nentries);
1341 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/htc.c backports-4.2.6-1/drivers/net/wireless/ath/ath10k/htc.c
1342 --- backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/htc.c 2015-11-15 22:19:40.000000000 +0100
1343 +++ backports-4.2.6-1/drivers/net/wireless/ath/ath10k/htc.c 2016-01-27 12:26:21.286626323 +0100
1344 @@ -841,7 +841,10 @@
1345 /* registered target arrival callback from the HIF layer */
1346 int ath10k_htc_init(struct ath10k *ar)
1347 {
1348 - struct ath10k_hif_cb htc_callbacks;
1349 + static struct ath10k_hif_cb htc_callbacks = {
1350 + .rx_completion = ath10k_htc_rx_completion_handler,
1351 + .tx_completion = ath10k_htc_tx_completion_handler,
1352 + };
1353 struct ath10k_htc_ep *ep = NULL;
1354 struct ath10k_htc *htc = &ar->htc;
1355
1356 @@ -850,8 +853,6 @@
1357 ath10k_htc_reset_endpoint_states(htc);
1358
1359 /* setup HIF layer callbacks */
1360 - htc_callbacks.rx_completion = ath10k_htc_rx_completion_handler;
1361 - htc_callbacks.tx_completion = ath10k_htc_tx_completion_handler;
1362 htc->ar = ar;
1363
1364 /* Get HIF default pipe for HTC message exchange */
1365 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/htc.h backports-4.2.6-1/drivers/net/wireless/ath/ath10k/htc.h
1366 --- backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/htc.h 2015-11-15 22:19:40.000000000 +0100
1367 +++ backports-4.2.6-1/drivers/net/wireless/ath/ath10k/htc.h 2016-01-27 12:26:21.286626323 +0100
1368 @@ -270,13 +270,13 @@
1369
1370 struct ath10k_htc_ops {
1371 void (*target_send_suspend_complete)(struct ath10k *ar);
1372 -};
1373 +} __no_const;
1374
1375 struct ath10k_htc_ep_ops {
1376 void (*ep_tx_complete)(struct ath10k *, struct sk_buff *);
1377 void (*ep_rx_complete)(struct ath10k *, struct sk_buff *);
1378 void (*ep_tx_credits)(struct ath10k *);
1379 -};
1380 +} __no_const;
1381
1382 /* service connection information */
1383 struct ath10k_htc_svc_conn_req {
1384 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/ar9002_mac.c backports-4.2.6-1/drivers/net/wireless/ath/ath9k/ar9002_mac.c
1385 --- backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/ar9002_mac.c 2015-11-15 22:19:39.000000000 +0100
1386 +++ backports-4.2.6-1/drivers/net/wireless/ath/ath9k/ar9002_mac.c 2016-01-27 12:26:21.286626323 +0100
1387 @@ -220,8 +220,8 @@
1388 ads->ds_txstatus6 = ads->ds_txstatus7 = 0;
1389 ads->ds_txstatus8 = ads->ds_txstatus9 = 0;
1390
1391 - ACCESS_ONCE(ads->ds_link) = i->link;
1392 - ACCESS_ONCE(ads->ds_data) = i->buf_addr[0];
1393 + ACCESS_ONCE_RW(ads->ds_link) = i->link;
1394 + ACCESS_ONCE_RW(ads->ds_data) = i->buf_addr[0];
1395
1396 ctl1 = i->buf_len[0] | (i->is_last ? 0 : AR_TxMore);
1397 ctl6 = SM(i->keytype, AR_EncrType);
1398 @@ -235,26 +235,26 @@
1399
1400 if ((i->is_first || i->is_last) &&
1401 i->aggr != AGGR_BUF_MIDDLE && i->aggr != AGGR_BUF_LAST) {
1402 - ACCESS_ONCE(ads->ds_ctl2) = set11nTries(i->rates, 0)
1403 + ACCESS_ONCE_RW(ads->ds_ctl2) = set11nTries(i->rates, 0)
1404 | set11nTries(i->rates, 1)
1405 | set11nTries(i->rates, 2)
1406 | set11nTries(i->rates, 3)
1407 | (i->dur_update ? AR_DurUpdateEna : 0)
1408 | SM(0, AR_BurstDur);
1409
1410 - ACCESS_ONCE(ads->ds_ctl3) = set11nRate(i->rates, 0)
1411 + ACCESS_ONCE_RW(ads->ds_ctl3) = set11nRate(i->rates, 0)
1412 | set11nRate(i->rates, 1)
1413 | set11nRate(i->rates, 2)
1414 | set11nRate(i->rates, 3);
1415 } else {
1416 - ACCESS_ONCE(ads->ds_ctl2) = 0;
1417 - ACCESS_ONCE(ads->ds_ctl3) = 0;
1418 + ACCESS_ONCE_RW(ads->ds_ctl2) = 0;
1419 + ACCESS_ONCE_RW(ads->ds_ctl3) = 0;
1420 }
1421
1422 if (!i->is_first) {
1423 - ACCESS_ONCE(ads->ds_ctl0) = 0;
1424 - ACCESS_ONCE(ads->ds_ctl1) = ctl1;
1425 - ACCESS_ONCE(ads->ds_ctl6) = ctl6;
1426 + ACCESS_ONCE_RW(ads->ds_ctl0) = 0;
1427 + ACCESS_ONCE_RW(ads->ds_ctl1) = ctl1;
1428 + ACCESS_ONCE_RW(ads->ds_ctl6) = ctl6;
1429 return;
1430 }
1431
1432 @@ -279,7 +279,7 @@
1433 break;
1434 }
1435
1436 - ACCESS_ONCE(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen)
1437 + ACCESS_ONCE_RW(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen)
1438 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0)
1439 | SM(i->txpower[0], AR_XmitPower0)
1440 | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0)
1441 @@ -289,27 +289,27 @@
1442 | (i->flags & ATH9K_TXDESC_RTSENA ? AR_RTSEnable :
1443 (i->flags & ATH9K_TXDESC_CTSENA ? AR_CTSEnable : 0));
1444
1445 - ACCESS_ONCE(ads->ds_ctl1) = ctl1;
1446 - ACCESS_ONCE(ads->ds_ctl6) = ctl6;
1447 + ACCESS_ONCE_RW(ads->ds_ctl1) = ctl1;
1448 + ACCESS_ONCE_RW(ads->ds_ctl6) = ctl6;
1449
1450 if (i->aggr == AGGR_BUF_MIDDLE || i->aggr == AGGR_BUF_LAST)
1451 return;
1452
1453 - ACCESS_ONCE(ads->ds_ctl4) = set11nPktDurRTSCTS(i->rates, 0)
1454 + ACCESS_ONCE_RW(ads->ds_ctl4) = set11nPktDurRTSCTS(i->rates, 0)
1455 | set11nPktDurRTSCTS(i->rates, 1);
1456
1457 - ACCESS_ONCE(ads->ds_ctl5) = set11nPktDurRTSCTS(i->rates, 2)
1458 + ACCESS_ONCE_RW(ads->ds_ctl5) = set11nPktDurRTSCTS(i->rates, 2)
1459 | set11nPktDurRTSCTS(i->rates, 3);
1460
1461 - ACCESS_ONCE(ads->ds_ctl7) = set11nRateFlags(i->rates, 0)
1462 + ACCESS_ONCE_RW(ads->ds_ctl7) = set11nRateFlags(i->rates, 0)
1463 | set11nRateFlags(i->rates, 1)
1464 | set11nRateFlags(i->rates, 2)
1465 | set11nRateFlags(i->rates, 3)
1466 | SM(i->rtscts_rate, AR_RTSCTSRate);
1467
1468 - ACCESS_ONCE(ads->ds_ctl9) = SM(i->txpower[1], AR_XmitPower1);
1469 - ACCESS_ONCE(ads->ds_ctl10) = SM(i->txpower[2], AR_XmitPower2);
1470 - ACCESS_ONCE(ads->ds_ctl11) = SM(i->txpower[3], AR_XmitPower3);
1471 + ACCESS_ONCE_RW(ads->ds_ctl9) = SM(i->txpower[1], AR_XmitPower1);
1472 + ACCESS_ONCE_RW(ads->ds_ctl10) = SM(i->txpower[2], AR_XmitPower2);
1473 + ACCESS_ONCE_RW(ads->ds_ctl11) = SM(i->txpower[3], AR_XmitPower3);
1474 }
1475
1476 static int ar9002_hw_proc_txdesc(struct ath_hw *ah, void *ds,
1477 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/ar9003_mac.c backports-4.2.6-1/drivers/net/wireless/ath/ath9k/ar9003_mac.c
1478 --- backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/ar9003_mac.c 2015-11-15 22:19:39.000000000 +0100
1479 +++ backports-4.2.6-1/drivers/net/wireless/ath/ath9k/ar9003_mac.c 2016-01-27 12:26:21.286626323 +0100
1480 @@ -39,47 +39,47 @@
1481 (i->qcu << AR_TxQcuNum_S) | desc_len;
1482
1483 checksum += val;
1484 - ACCESS_ONCE(ads->info) = val;
1485 + ACCESS_ONCE_RW(ads->info) = val;
1486
1487 checksum += i->link;
1488 - ACCESS_ONCE(ads->link) = i->link;
1489 + ACCESS_ONCE_RW(ads->link) = i->link;
1490
1491 checksum += i->buf_addr[0];
1492 - ACCESS_ONCE(ads->data0) = i->buf_addr[0];
1493 + ACCESS_ONCE_RW(ads->data0) = i->buf_addr[0];
1494 checksum += i->buf_addr[1];
1495 - ACCESS_ONCE(ads->data1) = i->buf_addr[1];
1496 + ACCESS_ONCE_RW(ads->data1) = i->buf_addr[1];
1497 checksum += i->buf_addr[2];
1498 - ACCESS_ONCE(ads->data2) = i->buf_addr[2];
1499 + ACCESS_ONCE_RW(ads->data2) = i->buf_addr[2];
1500 checksum += i->buf_addr[3];
1501 - ACCESS_ONCE(ads->data3) = i->buf_addr[3];
1502 + ACCESS_ONCE_RW(ads->data3) = i->buf_addr[3];
1503
1504 checksum += (val = (i->buf_len[0] << AR_BufLen_S) & AR_BufLen);
1505 - ACCESS_ONCE(ads->ctl3) = val;
1506 + ACCESS_ONCE_RW(ads->ctl3) = val;
1507 checksum += (val = (i->buf_len[1] << AR_BufLen_S) & AR_BufLen);
1508 - ACCESS_ONCE(ads->ctl5) = val;
1509 + ACCESS_ONCE_RW(ads->ctl5) = val;
1510 checksum += (val = (i->buf_len[2] << AR_BufLen_S) & AR_BufLen);
1511 - ACCESS_ONCE(ads->ctl7) = val;
1512 + ACCESS_ONCE_RW(ads->ctl7) = val;
1513 checksum += (val = (i->buf_len[3] << AR_BufLen_S) & AR_BufLen);
1514 - ACCESS_ONCE(ads->ctl9) = val;
1515 + ACCESS_ONCE_RW(ads->ctl9) = val;
1516
1517 checksum = (u16) (((checksum & 0xffff) + (checksum >> 16)) & 0xffff);
1518 - ACCESS_ONCE(ads->ctl10) = checksum;
1519 + ACCESS_ONCE_RW(ads->ctl10) = checksum;
1520
1521 if (i->is_first || i->is_last) {
1522 - ACCESS_ONCE(ads->ctl13) = set11nTries(i->rates, 0)
1523 + ACCESS_ONCE_RW(ads->ctl13) = set11nTries(i->rates, 0)
1524 | set11nTries(i->rates, 1)
1525 | set11nTries(i->rates, 2)
1526 | set11nTries(i->rates, 3)
1527 | (i->dur_update ? AR_DurUpdateEna : 0)
1528 | SM(0, AR_BurstDur);
1529
1530 - ACCESS_ONCE(ads->ctl14) = set11nRate(i->rates, 0)
1531 + ACCESS_ONCE_RW(ads->ctl14) = set11nRate(i->rates, 0)
1532 | set11nRate(i->rates, 1)
1533 | set11nRate(i->rates, 2)
1534 | set11nRate(i->rates, 3);
1535 } else {
1536 - ACCESS_ONCE(ads->ctl13) = 0;
1537 - ACCESS_ONCE(ads->ctl14) = 0;
1538 + ACCESS_ONCE_RW(ads->ctl13) = 0;
1539 + ACCESS_ONCE_RW(ads->ctl14) = 0;
1540 }
1541
1542 ads->ctl20 = 0;
1543 @@ -89,17 +89,17 @@
1544
1545 ctl17 = SM(i->keytype, AR_EncrType);
1546 if (!i->is_first) {
1547 - ACCESS_ONCE(ads->ctl11) = 0;
1548 - ACCESS_ONCE(ads->ctl12) = i->is_last ? 0 : AR_TxMore;
1549 - ACCESS_ONCE(ads->ctl15) = 0;
1550 - ACCESS_ONCE(ads->ctl16) = 0;
1551 - ACCESS_ONCE(ads->ctl17) = ctl17;
1552 - ACCESS_ONCE(ads->ctl18) = 0;
1553 - ACCESS_ONCE(ads->ctl19) = 0;
1554 + ACCESS_ONCE_RW(ads->ctl11) = 0;
1555 + ACCESS_ONCE_RW(ads->ctl12) = i->is_last ? 0 : AR_TxMore;
1556 + ACCESS_ONCE_RW(ads->ctl15) = 0;
1557 + ACCESS_ONCE_RW(ads->ctl16) = 0;
1558 + ACCESS_ONCE_RW(ads->ctl17) = ctl17;
1559 + ACCESS_ONCE_RW(ads->ctl18) = 0;
1560 + ACCESS_ONCE_RW(ads->ctl19) = 0;
1561 return;
1562 }
1563
1564 - ACCESS_ONCE(ads->ctl11) = (i->pkt_len & AR_FrameLen)
1565 + ACCESS_ONCE_RW(ads->ctl11) = (i->pkt_len & AR_FrameLen)
1566 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0)
1567 | SM(i->txpower[0], AR_XmitPower0)
1568 | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0)
1569 @@ -135,26 +135,26 @@
1570 val = (i->flags & ATH9K_TXDESC_PAPRD) >> ATH9K_TXDESC_PAPRD_S;
1571 ctl12 |= SM(val, AR_PAPRDChainMask);
1572
1573 - ACCESS_ONCE(ads->ctl12) = ctl12;
1574 - ACCESS_ONCE(ads->ctl17) = ctl17;
1575 + ACCESS_ONCE_RW(ads->ctl12) = ctl12;
1576 + ACCESS_ONCE_RW(ads->ctl17) = ctl17;
1577
1578 - ACCESS_ONCE(ads->ctl15) = set11nPktDurRTSCTS(i->rates, 0)
1579 + ACCESS_ONCE_RW(ads->ctl15) = set11nPktDurRTSCTS(i->rates, 0)
1580 | set11nPktDurRTSCTS(i->rates, 1);
1581
1582 - ACCESS_ONCE(ads->ctl16) = set11nPktDurRTSCTS(i->rates, 2)
1583 + ACCESS_ONCE_RW(ads->ctl16) = set11nPktDurRTSCTS(i->rates, 2)
1584 | set11nPktDurRTSCTS(i->rates, 3);
1585
1586 - ACCESS_ONCE(ads->ctl18) = set11nRateFlags(i->rates, 0)
1587 + ACCESS_ONCE_RW(ads->ctl18) = set11nRateFlags(i->rates, 0)
1588 | set11nRateFlags(i->rates, 1)
1589 | set11nRateFlags(i->rates, 2)
1590 | set11nRateFlags(i->rates, 3)
1591 | SM(i->rtscts_rate, AR_RTSCTSRate);
1592
1593 - ACCESS_ONCE(ads->ctl19) = AR_Not_Sounding;
1594 + ACCESS_ONCE_RW(ads->ctl19) = AR_Not_Sounding;
1595
1596 - ACCESS_ONCE(ads->ctl20) = SM(i->txpower[1], AR_XmitPower1);
1597 - ACCESS_ONCE(ads->ctl21) = SM(i->txpower[2], AR_XmitPower2);
1598 - ACCESS_ONCE(ads->ctl22) = SM(i->txpower[3], AR_XmitPower3);
1599 + ACCESS_ONCE_RW(ads->ctl20) = SM(i->txpower[1], AR_XmitPower1);
1600 + ACCESS_ONCE_RW(ads->ctl21) = SM(i->txpower[2], AR_XmitPower2);
1601 + ACCESS_ONCE_RW(ads->ctl22) = SM(i->txpower[3], AR_XmitPower3);
1602 }
1603
1604 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads)
1605 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/hw.h backports-4.2.6-1/drivers/net/wireless/ath/ath9k/hw.h
1606 --- backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/hw.h 2015-11-15 22:19:39.000000000 +0100
1607 +++ backports-4.2.6-1/drivers/net/wireless/ath/ath9k/hw.h 2016-01-27 12:33:44.649931973 +0100
1608 @@ -671,7 +671,7 @@
1609 #ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT
1610 bool (*is_aic_enabled)(struct ath_hw *ah);
1611 #endif /* CPTCFG_ATH9K_BTCOEX_SUPPORT */
1612 -};
1613 +} __no_const;
1614
1615 /**
1616 * struct ath_spec_scan - parameters for Atheros spectral scan
1617 @@ -747,7 +747,7 @@
1618 #ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT
1619 void (*set_bt_ant_diversity)(struct ath_hw *hw, bool enable);
1620 #endif
1621 -};
1622 +} __no_const;
1623
1624 struct ath_nf_limits {
1625 s16 max;
1626 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/Kconfig backports-4.2.6-1/drivers/net/wireless/ath/ath9k/Kconfig
1627 --- backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/Kconfig 2015-11-15 22:19:40.000000000 +0100
1628 +++ backports-4.2.6-1/drivers/net/wireless/ath/ath9k/Kconfig 2016-01-27 12:34:48.923262299 +0100
1629 @@ -5,7 +5,6 @@
1630 tristate
1631 depends on m
1632 select ATH_COMMON
1633 - depends on DEBUG_FS
1634 depends on RELAY
1635 config ATH9K_DFS_DEBUGFS
1636 def_bool y
1637 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/main.c backports-4.2.6-1/drivers/net/wireless/ath/ath9k/main.c
1638 --- backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/main.c 2015-11-15 22:19:39.000000000 +0100
1639 +++ backports-4.2.6-1/drivers/net/wireless/ath/ath9k/main.c 2016-01-27 12:26:21.289959656 +0100
1640 @@ -2574,16 +2574,18 @@
1641 if (!ath9k_is_chanctx_enabled())
1642 return;
1643
1644 - ath9k_ops.hw_scan = ath9k_hw_scan;
1645 - ath9k_ops.cancel_hw_scan = ath9k_cancel_hw_scan;
1646 - ath9k_ops.remain_on_channel = ath9k_remain_on_channel;
1647 - ath9k_ops.cancel_remain_on_channel = ath9k_cancel_remain_on_channel;
1648 - ath9k_ops.add_chanctx = ath9k_add_chanctx;
1649 - ath9k_ops.remove_chanctx = ath9k_remove_chanctx;
1650 - ath9k_ops.change_chanctx = ath9k_change_chanctx;
1651 - ath9k_ops.assign_vif_chanctx = ath9k_assign_vif_chanctx;
1652 - ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx;
1653 - ath9k_ops.mgd_prepare_tx = ath9k_mgd_prepare_tx;
1654 + pax_open_kernel();
1655 + *(void **)&ath9k_ops.hw_scan = ath9k_hw_scan;
1656 + *(void **)&ath9k_ops.cancel_hw_scan = ath9k_cancel_hw_scan;
1657 + *(void **)&ath9k_ops.remain_on_channel = ath9k_remain_on_channel;
1658 + *(void **)&ath9k_ops.cancel_remain_on_channel = ath9k_cancel_remain_on_channel;
1659 + *(void **)&ath9k_ops.add_chanctx = ath9k_add_chanctx;
1660 + *(void **)&ath9k_ops.remove_chanctx = ath9k_remove_chanctx;
1661 + *(void **)&ath9k_ops.change_chanctx = ath9k_change_chanctx;
1662 + *(void **)&ath9k_ops.assign_vif_chanctx = ath9k_assign_vif_chanctx;
1663 + *(void **)&ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx;
1664 + *(void **)&ath9k_ops.mgd_prepare_tx = ath9k_mgd_prepare_tx;
1665 + pax_close_kernel();
1666 }
1667
1668 #endif
1669 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/b43/phy_lp.c backports-4.2.6-1/drivers/net/wireless/b43/phy_lp.c
1670 --- backports-4.2.6-1.org/drivers/net/wireless/b43/phy_lp.c 2015-11-15 22:19:39.000000000 +0100
1671 +++ backports-4.2.6-1/drivers/net/wireless/b43/phy_lp.c 2016-01-27 12:26:21.289959656 +0100
1672 @@ -2502,7 +2502,7 @@
1673 {
1674 struct ssb_bus *bus = dev->dev->sdev->bus;
1675
1676 - static const struct b206x_channel *chandata = NULL;
1677 + const struct b206x_channel *chandata = NULL;
1678 u32 crystal_freq = bus->chipco.pmu.crystalfreq * 1000;
1679 u32 freqref, vco_freq, val1, val2, val3, timeout, timeoutref, count;
1680 u16 old_comm15, scale;
1681 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/iwlegacy/3945-mac.c backports-4.2.6-1/drivers/net/wireless/iwlegacy/3945-mac.c
1682 --- backports-4.2.6-1.org/drivers/net/wireless/iwlegacy/3945-mac.c 2015-11-15 22:19:40.000000000 +0100
1683 +++ backports-4.2.6-1/drivers/net/wireless/iwlegacy/3945-mac.c 2016-01-27 12:26:21.289959656 +0100
1684 @@ -3633,7 +3633,9 @@
1685 */
1686 if (il3945_mod_params.disable_hw_scan) {
1687 D_INFO("Disabling hw_scan\n");
1688 - il3945_mac_ops.hw_scan = NULL;
1689 + pax_open_kernel();
1690 + *(void **)&il3945_mac_ops.hw_scan = NULL;
1691 + pax_close_kernel();
1692 }
1693
1694 D_INFO("*** LOAD DRIVER ***\n");
1695 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/iwlwifi/dvm/debugfs.c backports-4.2.6-1/drivers/net/wireless/iwlwifi/dvm/debugfs.c
1696 --- backports-4.2.6-1.org/drivers/net/wireless/iwlwifi/dvm/debugfs.c 2015-11-15 22:19:39.000000000 +0100
1697 +++ backports-4.2.6-1/drivers/net/wireless/iwlwifi/dvm/debugfs.c 2016-01-27 12:26:21.289959656 +0100
1698 @@ -188,7 +188,7 @@
1699 {
1700 struct iwl_priv *priv = file->private_data;
1701 char buf[64];
1702 - int buf_size;
1703 + size_t buf_size;
1704 u32 offset, len;
1705
1706 memset(buf, 0, sizeof(buf));
1707 @@ -458,7 +458,7 @@
1708 struct iwl_priv *priv = file->private_data;
1709
1710 char buf[8];
1711 - int buf_size;
1712 + size_t buf_size;
1713 u32 reset_flag;
1714
1715 memset(buf, 0, sizeof(buf));
1716 @@ -539,7 +539,7 @@
1717 {
1718 struct iwl_priv *priv = file->private_data;
1719 char buf[8];
1720 - int buf_size;
1721 + size_t buf_size;
1722 int ht40;
1723
1724 memset(buf, 0, sizeof(buf));
1725 @@ -591,7 +591,7 @@
1726 {
1727 struct iwl_priv *priv = file->private_data;
1728 char buf[8];
1729 - int buf_size;
1730 + size_t buf_size;
1731 int value;
1732
1733 memset(buf, 0, sizeof(buf));
1734 @@ -683,10 +683,10 @@
1735 DEBUGFS_READ_WRITE_FILE_OPS(sleep_level_override);
1736 DEBUGFS_READ_FILE_OPS(current_sleep_command);
1737
1738 -static const char *fmt_value = " %-30s %10u\n";
1739 -static const char *fmt_hex = " %-30s 0x%02X\n";
1740 -static const char *fmt_table = " %-30s %10u %10u %10u %10u\n";
1741 -static const char *fmt_header =
1742 +static const char fmt_value[] = " %-30s %10u\n";
1743 +static const char fmt_hex[] = " %-30s 0x%02X\n";
1744 +static const char fmt_table[] = " %-30s %10u %10u %10u %10u\n";
1745 +static const char fmt_header[] =
1746 "%-32s current cumulative delta max\n";
1747
1748 static int iwl_statistics_flag(struct iwl_priv *priv, char *buf, int bufsz)
1749 @@ -1856,7 +1856,7 @@
1750 {
1751 struct iwl_priv *priv = file->private_data;
1752 char buf[8];
1753 - int buf_size;
1754 + size_t buf_size;
1755 int clear;
1756
1757 memset(buf, 0, sizeof(buf));
1758 @@ -1901,7 +1901,7 @@
1759 {
1760 struct iwl_priv *priv = file->private_data;
1761 char buf[8];
1762 - int buf_size;
1763 + size_t buf_size;
1764 int trace;
1765
1766 memset(buf, 0, sizeof(buf));
1767 @@ -1972,7 +1972,7 @@
1768 {
1769 struct iwl_priv *priv = file->private_data;
1770 char buf[8];
1771 - int buf_size;
1772 + size_t buf_size;
1773 int missed;
1774
1775 memset(buf, 0, sizeof(buf));
1776 @@ -2013,7 +2013,7 @@
1777
1778 struct iwl_priv *priv = file->private_data;
1779 char buf[8];
1780 - int buf_size;
1781 + size_t buf_size;
1782 int plcp;
1783
1784 memset(buf, 0, sizeof(buf));
1785 @@ -2073,7 +2073,7 @@
1786
1787 struct iwl_priv *priv = file->private_data;
1788 char buf[8];
1789 - int buf_size;
1790 + size_t buf_size;
1791 int flush;
1792
1793 memset(buf, 0, sizeof(buf));
1794 @@ -2163,7 +2163,7 @@
1795
1796 struct iwl_priv *priv = file->private_data;
1797 char buf[8];
1798 - int buf_size;
1799 + size_t buf_size;
1800 int rts;
1801
1802 if (!priv->cfg->ht_params)
1803 @@ -2204,7 +2204,7 @@
1804 {
1805 struct iwl_priv *priv = file->private_data;
1806 char buf[8];
1807 - int buf_size;
1808 + size_t buf_size;
1809
1810 memset(buf, 0, sizeof(buf));
1811 buf_size = min(count, sizeof(buf) - 1);
1812 @@ -2238,7 +2238,7 @@
1813 struct iwl_priv *priv = file->private_data;
1814 u32 event_log_flag;
1815 char buf[8];
1816 - int buf_size;
1817 + size_t buf_size;
1818
1819 /* check that the interface is up */
1820 if (!iwl_is_ready(priv))
1821 @@ -2292,7 +2292,7 @@
1822 struct iwl_priv *priv = file->private_data;
1823 char buf[8];
1824 u32 calib_disabled;
1825 - int buf_size;
1826 + size_t buf_size;
1827
1828 memset(buf, 0, sizeof(buf));
1829 buf_size = min(count, sizeof(buf) - 1);
1830 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/iwlwifi/pcie/trans.c backports-4.2.6-1/drivers/net/wireless/iwlwifi/pcie/trans.c
1831 --- backports-4.2.6-1.org/drivers/net/wireless/iwlwifi/pcie/trans.c 2015-11-15 22:19:39.000000000 +0100
1832 +++ backports-4.2.6-1/drivers/net/wireless/iwlwifi/pcie/trans.c 2016-01-27 12:26:21.289959656 +0100
1833 @@ -1950,7 +1950,7 @@
1834 struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
1835
1836 char buf[8];
1837 - int buf_size;
1838 + size_t buf_size;
1839 u32 reset_flag;
1840
1841 memset(buf, 0, sizeof(buf));
1842 @@ -1971,7 +1971,7 @@
1843 {
1844 struct iwl_trans *trans = file->private_data;
1845 char buf[8];
1846 - int buf_size;
1847 + size_t buf_size;
1848 int csr;
1849
1850 memset(buf, 0, sizeof(buf));
1851 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/mac80211_hwsim.c backports-4.2.6-1/drivers/net/wireless/mac80211_hwsim.c
1852 --- backports-4.2.6-1.org/drivers/net/wireless/mac80211_hwsim.c 2015-11-15 22:19:39.000000000 +0100
1853 +++ backports-4.2.6-1/drivers/net/wireless/mac80211_hwsim.c 2016-01-27 12:26:21.289959656 +0100
1854 @@ -3150,20 +3150,20 @@
1855 if (channels < 1)
1856 return -EINVAL;
1857
1858 - mac80211_hwsim_mchan_ops = mac80211_hwsim_ops;
1859 - mac80211_hwsim_mchan_ops.hw_scan = mac80211_hwsim_hw_scan;
1860 - mac80211_hwsim_mchan_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan;
1861 - mac80211_hwsim_mchan_ops.sw_scan_start = NULL;
1862 - mac80211_hwsim_mchan_ops.sw_scan_complete = NULL;
1863 - mac80211_hwsim_mchan_ops.remain_on_channel = mac80211_hwsim_roc;
1864 - mac80211_hwsim_mchan_ops.cancel_remain_on_channel = mac80211_hwsim_croc;
1865 - mac80211_hwsim_mchan_ops.add_chanctx = mac80211_hwsim_add_chanctx;
1866 - mac80211_hwsim_mchan_ops.remove_chanctx = mac80211_hwsim_remove_chanctx;
1867 - mac80211_hwsim_mchan_ops.change_chanctx = mac80211_hwsim_change_chanctx;
1868 - mac80211_hwsim_mchan_ops.assign_vif_chanctx =
1869 - mac80211_hwsim_assign_vif_chanctx;
1870 - mac80211_hwsim_mchan_ops.unassign_vif_chanctx =
1871 - mac80211_hwsim_unassign_vif_chanctx;
1872 + pax_open_kernel();
1873 + memcpy((void *)&mac80211_hwsim_mchan_ops, &mac80211_hwsim_ops, sizeof mac80211_hwsim_mchan_ops);
1874 + *(void **)&mac80211_hwsim_mchan_ops.hw_scan = mac80211_hwsim_hw_scan;
1875 + *(void **)&mac80211_hwsim_mchan_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan;
1876 + *(void **)&mac80211_hwsim_mchan_ops.sw_scan_start = NULL;
1877 + *(void **)&mac80211_hwsim_mchan_ops.sw_scan_complete = NULL;
1878 + *(void **)&mac80211_hwsim_mchan_ops.remain_on_channel = mac80211_hwsim_roc;
1879 + *(void **)&mac80211_hwsim_mchan_ops.cancel_remain_on_channel = mac80211_hwsim_croc;
1880 + *(void **)&mac80211_hwsim_mchan_ops.add_chanctx = mac80211_hwsim_add_chanctx;
1881 + *(void **)&mac80211_hwsim_mchan_ops.remove_chanctx = mac80211_hwsim_remove_chanctx;
1882 + *(void **)&mac80211_hwsim_mchan_ops.change_chanctx = mac80211_hwsim_change_chanctx;
1883 + *(void **)&mac80211_hwsim_mchan_ops.assign_vif_chanctx = mac80211_hwsim_assign_vif_chanctx;
1884 + *(void **)&mac80211_hwsim_mchan_ops.unassign_vif_chanctx = mac80211_hwsim_unassign_vif_chanctx;
1885 + pax_close_kernel();
1886
1887 spin_lock_init(&hwsim_radio_lock);
1888 INIT_LIST_HEAD(&hwsim_radios);
1889 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/rndis_wlan.c backports-4.2.6-1/drivers/net/wireless/rndis_wlan.c
1890 --- backports-4.2.6-1.org/drivers/net/wireless/rndis_wlan.c 2015-11-15 22:19:39.000000000 +0100
1891 +++ backports-4.2.6-1/drivers/net/wireless/rndis_wlan.c 2016-01-27 12:26:21.293292990 +0100
1892 @@ -1236,7 +1236,7 @@
1893
1894 netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold);
1895
1896 - if (rts_threshold < 0 || rts_threshold > 2347)
1897 + if (rts_threshold > 2347)
1898 rts_threshold = 2347;
1899
1900 tmp = cpu_to_le32(rts_threshold);
1901 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/rt2x00/rt2x00.h backports-4.2.6-1/drivers/net/wireless/rt2x00/rt2x00.h
1902 --- backports-4.2.6-1.org/drivers/net/wireless/rt2x00/rt2x00.h 2015-11-15 22:19:39.000000000 +0100
1903 +++ backports-4.2.6-1/drivers/net/wireless/rt2x00/rt2x00.h 2016-01-27 12:26:21.293292990 +0100
1904 @@ -375,7 +375,7 @@
1905 * for hardware which doesn't support hardware
1906 * sequence counting.
1907 */
1908 - atomic_t seqno;
1909 + atomic_unchecked_t seqno;
1910 };
1911
1912 static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif)
1913 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/rt2x00/rt2x00queue.c backports-4.2.6-1/drivers/net/wireless/rt2x00/rt2x00queue.c
1914 --- backports-4.2.6-1.org/drivers/net/wireless/rt2x00/rt2x00queue.c 2015-11-15 22:19:39.000000000 +0100
1915 +++ backports-4.2.6-1/drivers/net/wireless/rt2x00/rt2x00queue.c 2016-01-27 12:26:21.293292990 +0100
1916 @@ -224,9 +224,9 @@
1917 * sequence counter given by mac80211.
1918 */
1919 if (test_bit(ENTRY_TXD_FIRST_FRAGMENT, &txdesc->flags))
1920 - seqno = atomic_add_return(0x10, &intf->seqno);
1921 + seqno = atomic_add_return_unchecked(0x10, &intf->seqno);
1922 else
1923 - seqno = atomic_read(&intf->seqno);
1924 + seqno = atomic_read_unchecked(&intf->seqno);
1925
1926 hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
1927 hdr->seq_ctrl |= cpu_to_le16(seqno);
1928 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ti/wl1251/sdio.c backports-4.2.6-1/drivers/net/wireless/ti/wl1251/sdio.c
1929 --- backports-4.2.6-1.org/drivers/net/wireless/ti/wl1251/sdio.c 2015-11-15 22:19:39.000000000 +0100
1930 +++ backports-4.2.6-1/drivers/net/wireless/ti/wl1251/sdio.c 2016-01-27 12:26:21.293292990 +0100
1931 @@ -282,13 +282,17 @@
1932
1933 irq_set_irq_type(wl->irq, IRQ_TYPE_EDGE_RISING);
1934
1935 - wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq;
1936 - wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq;
1937 + pax_open_kernel();
1938 + *(void **)&wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq;
1939 + *(void **)&wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq;
1940 + pax_close_kernel();
1941
1942 wl1251_info("using dedicated interrupt line");
1943 } else {
1944 - wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq;
1945 - wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq;
1946 + pax_open_kernel();
1947 + *(void **)&wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq;
1948 + *(void **)&wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq;
1949 + pax_close_kernel();
1950
1951 wl1251_info("using SDIO interrupt");
1952 }
1953 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ti/wl12xx/main.c backports-4.2.6-1/drivers/net/wireless/ti/wl12xx/main.c
1954 --- backports-4.2.6-1.org/drivers/net/wireless/ti/wl12xx/main.c 2015-11-15 22:19:39.000000000 +0100
1955 +++ backports-4.2.6-1/drivers/net/wireless/ti/wl12xx/main.c 2016-01-27 12:26:21.293292990 +0100
1956 @@ -655,7 +655,9 @@
1957 sizeof(wl->conf.mem));
1958
1959 /* read data preparation is only needed by wl127x */
1960 - wl->ops->prepare_read = wl127x_prepare_read;
1961 + pax_open_kernel();
1962 + *(void **)&wl->ops->prepare_read = wl127x_prepare_read;
1963 + pax_close_kernel();
1964
1965 wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER,
1966 WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER,
1967 @@ -680,7 +682,9 @@
1968 sizeof(wl->conf.mem));
1969
1970 /* read data preparation is only needed by wl127x */
1971 - wl->ops->prepare_read = wl127x_prepare_read;
1972 + pax_open_kernel();
1973 + *(void **)&wl->ops->prepare_read = wl127x_prepare_read;
1974 + pax_close_kernel();
1975
1976 wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER,
1977 WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER,
1978 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ti/wl18xx/main.c backports-4.2.6-1/drivers/net/wireless/ti/wl18xx/main.c
1979 --- backports-4.2.6-1.org/drivers/net/wireless/ti/wl18xx/main.c 2015-11-15 22:19:39.000000000 +0100
1980 +++ backports-4.2.6-1/drivers/net/wireless/ti/wl18xx/main.c 2016-01-27 12:26:21.293292990 +0100
1981 @@ -1952,8 +1952,10 @@
1982 }
1983
1984 if (!checksum_param) {
1985 - wl18xx_ops.set_rx_csum = NULL;
1986 - wl18xx_ops.init_vif = NULL;
1987 + pax_open_kernel();
1988 + *(void **)&wl18xx_ops.set_rx_csum = NULL;
1989 + *(void **)&wl18xx_ops.init_vif = NULL;
1990 + pax_close_kernel();
1991 }
1992
1993 /* Enable 11a Band only if we have 5G antennas */
1994 diff -Naur backports-4.2.6-1.org/drivers/net/wireless/zd1211rw/zd_usb.c backports-4.2.6-1/drivers/net/wireless/zd1211rw/zd_usb.c
1995 --- backports-4.2.6-1.org/drivers/net/wireless/zd1211rw/zd_usb.c 2015-11-15 22:19:39.000000000 +0100
1996 +++ backports-4.2.6-1/drivers/net/wireless/zd1211rw/zd_usb.c 2016-01-27 12:26:21.293292990 +0100
1997 @@ -385,7 +385,7 @@
1998 {
1999 struct zd_usb *usb = urb->context;
2000 struct zd_usb_interrupt *intr = &usb->intr;
2001 - int len;
2002 + unsigned int len;
2003 u16 int_num;
2004
2005 ZD_ASSERT(in_interrupt());
2006 diff -Naur backports-4.2.6-1.org/drivers/nfc/nfcwilink.c backports-4.2.6-1/drivers/nfc/nfcwilink.c
2007 --- backports-4.2.6-1.org/drivers/nfc/nfcwilink.c 2015-11-15 22:19:39.000000000 +0100
2008 +++ backports-4.2.6-1/drivers/nfc/nfcwilink.c 2016-01-27 12:26:21.293292990 +0100
2009 @@ -497,7 +497,7 @@
2010
2011 static int nfcwilink_probe(struct platform_device *pdev)
2012 {
2013 - static struct nfcwilink *drv;
2014 + struct nfcwilink *drv;
2015 int rc;
2016 __u32 protocols;
2017
2018 diff -Naur backports-4.2.6-1.org/include/linux/gracl_compat.h backports-4.2.6-1/include/linux/gracl_compat.h
2019 --- backports-4.2.6-1.org/include/linux/gracl_compat.h 1970-01-01 01:00:00.000000000 +0100
2020 +++ backports-4.2.6-1/include/linux/gracl_compat.h 2016-01-27 12:26:26.289959354 +0100
2021 @@ -0,0 +1,156 @@
2022 +#ifndef GR_ACL_COMPAT_H
2023 +#define GR_ACL_COMPAT_H
2024 +
2025 +#include <linux/resource.h>
2026 +#include <asm/resource.h>
2027 +
2028 +struct sprole_pw_compat {
2029 + compat_uptr_t rolename;
2030 + unsigned char salt[GR_SALT_LEN];
2031 + unsigned char sum[GR_SHA_LEN];
2032 +};
2033 +
2034 +struct gr_hash_struct_compat {
2035 + compat_uptr_t table;
2036 + compat_uptr_t nametable;
2037 + compat_uptr_t first;
2038 + __u32 table_size;
2039 + __u32 used_size;
2040 + int type;
2041 +};
2042 +
2043 +struct acl_subject_label_compat {
2044 + compat_uptr_t filename;
2045 + compat_u64 inode;
2046 + __u32 device;
2047 + __u32 mode;
2048 + kernel_cap_t cap_mask;
2049 + kernel_cap_t cap_lower;
2050 + kernel_cap_t cap_invert_audit;
2051 +
2052 + struct compat_rlimit res[GR_NLIMITS];
2053 + __u32 resmask;
2054 +
2055 + __u8 user_trans_type;
2056 + __u8 group_trans_type;
2057 + compat_uptr_t user_transitions;
2058 + compat_uptr_t group_transitions;
2059 + __u16 user_trans_num;
2060 + __u16 group_trans_num;
2061 +
2062 + __u32 sock_families[2];
2063 + __u32 ip_proto[8];
2064 + __u32 ip_type;
2065 + compat_uptr_t ips;
2066 + __u32 ip_num;
2067 + __u32 inaddr_any_override;
2068 +
2069 + __u32 crashes;
2070 + compat_ulong_t expires;
2071 +
2072 + compat_uptr_t parent_subject;
2073 + compat_uptr_t hash;
2074 + compat_uptr_t prev;
2075 + compat_uptr_t next;
2076 +
2077 + compat_uptr_t obj_hash;
2078 + __u32 obj_hash_size;
2079 + __u16 pax_flags;
2080 +};
2081 +
2082 +struct role_allowed_ip_compat {
2083 + __u32 addr;
2084 + __u32 netmask;
2085 +
2086 + compat_uptr_t prev;
2087 + compat_uptr_t next;
2088 +};
2089 +
2090 +struct role_transition_compat {
2091 + compat_uptr_t rolename;
2092 +
2093 + compat_uptr_t prev;
2094 + compat_uptr_t next;
2095 +};
2096 +
2097 +struct acl_role_label_compat {
2098 + compat_uptr_t rolename;
2099 + uid_t uidgid;
2100 + __u16 roletype;
2101 +
2102 + __u16 auth_attempts;
2103 + compat_ulong_t expires;
2104 +
2105 + compat_uptr_t root_label;
2106 + compat_uptr_t hash;
2107 +
2108 + compat_uptr_t prev;
2109 + compat_uptr_t next;
2110 +
2111 + compat_uptr_t transitions;
2112 + compat_uptr_t allowed_ips;
2113 + compat_uptr_t domain_children;
2114 + __u16 domain_child_num;
2115 +
2116 + umode_t umask;
2117 +
2118 + compat_uptr_t subj_hash;
2119 + __u32 subj_hash_size;
2120 +};
2121 +
2122 +struct user_acl_role_db_compat {
2123 + compat_uptr_t r_table;
2124 + __u32 num_pointers;
2125 + __u32 num_roles;
2126 + __u32 num_domain_children;
2127 + __u32 num_subjects;
2128 + __u32 num_objects;
2129 +};
2130 +
2131 +struct acl_object_label_compat {
2132 + compat_uptr_t filename;
2133 + compat_u64 inode;
2134 + __u32 device;
2135 + __u32 mode;
2136 +
2137 + compat_uptr_t nested;
2138 + compat_uptr_t globbed;
2139 +
2140 + compat_uptr_t prev;
2141 + compat_uptr_t next;
2142 +};
2143 +
2144 +struct acl_ip_label_compat {
2145 + compat_uptr_t iface;
2146 + __u32 addr;
2147 + __u32 netmask;
2148 + __u16 low, high;
2149 + __u8 mode;
2150 + __u32 type;
2151 + __u32 proto[8];
2152 +
2153 + compat_uptr_t prev;
2154 + compat_uptr_t next;
2155 +};
2156 +
2157 +struct gr_arg_compat {
2158 + struct user_acl_role_db_compat role_db;
2159 + unsigned char pw[GR_PW_LEN];
2160 + unsigned char salt[GR_SALT_LEN];
2161 + unsigned char sum[GR_SHA_LEN];
2162 + unsigned char sp_role[GR_SPROLE_LEN];
2163 + compat_uptr_t sprole_pws;
2164 + __u32 segv_device;
2165 + compat_u64 segv_inode;
2166 + uid_t segv_uid;
2167 + __u16 num_sprole_pws;
2168 + __u16 mode;
2169 +};
2170 +
2171 +struct gr_arg_wrapper_compat {
2172 + compat_uptr_t arg;
2173 + __u32 version;
2174 + __u32 size;
2175 +};
2176 +
2177 +#endif
2178 diff -Naur backports-4.2.6-1.org/include/linux/gracl.h backports-4.2.6-1/include/linux/gracl.h
2179 --- backports-4.2.6-1.org/include/linux/gracl.h 1970-01-01 01:00:00.000000000 +0100
2180 +++ backports-4.2.6-1/include/linux/gracl.h 2016-01-27 12:26:26.289959354 +0100
2181 @@ -0,0 +1,342 @@
2182 +#ifndef GR_ACL_H
2183 +#define GR_ACL_H
2184 +
2185 +#include <linux/grdefs.h>
2186 +#include <linux/resource.h>
2187 +#include <linux/capability.h>
2188 +#include <linux/dcache.h>
2189 +#include <asm/resource.h>
2190 +
2191 +/* Major status information */
2192 +
2193 +#define GR_VERSION "grsecurity 3.1"
2194 +#define GRSECURITY_VERSION 0x3100
2195 +
2196 +enum {
2197 + GR_SHUTDOWN = 0,
2198 + GR_ENABLE = 1,
2199 + GR_SPROLE = 2,
2200 + GR_OLDRELOAD = 3,
2201 + GR_SEGVMOD = 4,
2202 + GR_STATUS = 5,
2203 + GR_UNSPROLE = 6,
2204 + GR_PASSSET = 7,
2205 + GR_SPROLEPAM = 8,
2206 + GR_RELOAD = 9,
2207 +};
2208 +
2209 +/* Password setup definitions
2210 + * kernel/grhash.c */
2211 +enum {
2212 + GR_PW_LEN = 128,
2213 + GR_SALT_LEN = 16,
2214 + GR_SHA_LEN = 32,
2215 +};
2216 +
2217 +enum {
2218 + GR_SPROLE_LEN = 64,
2219 +};
2220 +
2221 +enum {
2222 + GR_NO_GLOB = 0,
2223 + GR_REG_GLOB,
2224 + GR_CREATE_GLOB
2225 +};
2226 +
2227 +#define GR_NLIMITS 32
2228 +
2229 +/* Begin Data Structures */
2230 +
2231 +struct sprole_pw {
2232 + unsigned char *rolename;
2233 + unsigned char salt[GR_SALT_LEN];
2234 + unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */
2235 +};
2236 +
2237 +struct name_entry {
2238 + __u32 key;
2239 + u64 inode;
2240 + dev_t device;
2241 + char *name;
2242 + __u16 len;
2243 + __u8 deleted;
2244 + struct name_entry *prev;
2245 + struct name_entry *next;
2246 +};
2247 +
2248 +struct inodev_entry {
2249 + struct name_entry *nentry;
2250 + struct inodev_entry *prev;
2251 + struct inodev_entry *next;
2252 +};
2253 +
2254 +struct acl_role_db {
2255 + struct acl_role_label **r_hash;
2256 + __u32 r_size;
2257 +};
2258 +
2259 +struct inodev_db {
2260 + struct inodev_entry **i_hash;
2261 + __u32 i_size;
2262 +};
2263 +
2264 +struct name_db {
2265 + struct name_entry **n_hash;
2266 + __u32 n_size;
2267 +};
2268 +
2269 +struct crash_uid {
2270 + uid_t uid;
2271 + unsigned long expires;
2272 +};
2273 +
2274 +struct gr_hash_struct {
2275 + void **table;
2276 + void **nametable;
2277 + void *first;
2278 + __u32 table_size;
2279 + __u32 used_size;
2280 + int type;
2281 +};
2282 +
2283 +/* Userspace Grsecurity ACL data structures */
2284 +
2285 +struct acl_subject_label {
2286 + char *filename;
2287 + u64 inode;
2288 + dev_t device;
2289 + __u32 mode;
2290 + kernel_cap_t cap_mask;
2291 + kernel_cap_t cap_lower;
2292 + kernel_cap_t cap_invert_audit;
2293 +
2294 + struct rlimit res[GR_NLIMITS];
2295 + __u32 resmask;
2296 +
2297 + __u8 user_trans_type;
2298 + __u8 group_trans_type;
2299 + uid_t *user_transitions;
2300 + gid_t *group_transitions;
2301 + __u16 user_trans_num;
2302 + __u16 group_trans_num;
2303 +
2304 + __u32 sock_families[2];
2305 + __u32 ip_proto[8];
2306 + __u32 ip_type;
2307 + struct acl_ip_label **ips;
2308 + __u32 ip_num;
2309 + __u32 inaddr_any_override;
2310 +
2311 + __u32 crashes;
2312 + unsigned long expires;
2313 +
2314 + struct acl_subject_label *parent_subject;
2315 + struct gr_hash_struct *hash;
2316 + struct acl_subject_label *prev;
2317 + struct acl_subject_label *next;
2318 +
2319 + struct acl_object_label **obj_hash;
2320 + __u32 obj_hash_size;
2321 + __u16 pax_flags;
2322 +};
2323 +
2324 +struct role_allowed_ip {
2325 + __u32 addr;
2326 + __u32 netmask;
2327 +
2328 + struct role_allowed_ip *prev;
2329 + struct role_allowed_ip *next;
2330 +};
2331 +
2332 +struct role_transition {
2333 + char *rolename;
2334 +
2335 + struct role_transition *prev;
2336 + struct role_transition *next;
2337 +};
2338 +
2339 +struct acl_role_label {
2340 + char *rolename;
2341 + uid_t uidgid;
2342 + __u16 roletype;
2343 +
2344 + __u16 auth_attempts;
2345 + unsigned long expires;
2346 +
2347 + struct acl_subject_label *root_label;
2348 + struct gr_hash_struct *hash;
2349 +
2350 + struct acl_role_label *prev;
2351 + struct acl_role_label *next;
2352 +
2353 + struct role_transition *transitions;
2354 + struct role_allowed_ip *allowed_ips;
2355 + uid_t *domain_children;
2356 + __u16 domain_child_num;
2357 +
2358 + umode_t umask;
2359 +
2360 + struct acl_subject_label **subj_hash;
2361 + __u32 subj_hash_size;
2362 +};
2363 +
2364 +struct user_acl_role_db {
2365 + struct acl_role_label **r_table;
2366 + __u32 num_pointers; /* Number of allocations to track */
2367 + __u32 num_roles; /* Number of roles */
2368 + __u32 num_domain_children; /* Number of domain children */
2369 + __u32 num_subjects; /* Number of subjects */
2370 + __u32 num_objects; /* Number of objects */
2371 +};
2372 +
2373 +struct acl_object_label {
2374 + char *filename;
2375 + u64 inode;
2376 + dev_t device;
2377 + __u32 mode;
2378 +
2379 + struct acl_subject_label *nested;
2380 + struct acl_object_label *globbed;
2381 +
2382 + /* next two structures not used */
2383 +
2384 + struct acl_object_label *prev;
2385 + struct acl_object_label *next;
2386 +};
2387 +
2388 +struct acl_ip_label {
2389 + char *iface;
2390 + __u32 addr;
2391 + __u32 netmask;
2392 + __u16 low, high;
2393 + __u8 mode;
2394 + __u32 type;
2395 + __u32 proto[8];
2396 +
2397 + /* next two structures not used */
2398 +
2399 + struct acl_ip_label *prev;
2400 + struct acl_ip_label *next;
2401 +};
2402 +
2403 +struct gr_arg {
2404 + struct user_acl_role_db role_db;
2405 + unsigned char pw[GR_PW_LEN];
2406 + unsigned char salt[GR_SALT_LEN];
2407 + unsigned char sum[GR_SHA_LEN];
2408 + unsigned char sp_role[GR_SPROLE_LEN];
2409 + struct sprole_pw *sprole_pws;
2410 + dev_t segv_device;
2411 + u64 segv_inode;
2412 + uid_t segv_uid;
2413 + __u16 num_sprole_pws;
2414 + __u16 mode;
2415 +};
2416 +
2417 +struct gr_arg_wrapper {
2418 + struct gr_arg *arg;
2419 + __u32 version;
2420 + __u32 size;
2421 +};
2422 +
2423 +struct subject_map {
2424 + struct acl_subject_label *user;
2425 + struct acl_subject_label *kernel;
2426 + struct subject_map *prev;
2427 + struct subject_map *next;
2428 +};
2429 +
2430 +struct acl_subj_map_db {
2431 + struct subject_map **s_hash;
2432 + __u32 s_size;
2433 +};
2434 +
2435 +struct gr_policy_state {
2436 + struct sprole_pw **acl_special_roles;
2437 + __u16 num_sprole_pws;
2438 + struct acl_role_label *kernel_role;
2439 + struct acl_role_label *role_list;
2440 + struct acl_role_label *default_role;
2441 + struct acl_role_db acl_role_set;
2442 + struct acl_subj_map_db subj_map_set;
2443 + struct name_db name_set;
2444 + struct inodev_db inodev_set;
2445 +};
2446 +
2447 +struct gr_alloc_state {
2448 + unsigned long alloc_stack_next;
2449 + unsigned long alloc_stack_size;
2450 + void **alloc_stack;
2451 +};
2452 +
2453 +struct gr_reload_state {
2454 + struct gr_policy_state oldpolicy;
2455 + struct gr_alloc_state oldalloc;
2456 + struct gr_policy_state newpolicy;
2457 + struct gr_alloc_state newalloc;
2458 + struct gr_policy_state *oldpolicy_ptr;
2459 + struct gr_alloc_state *oldalloc_ptr;
2460 + unsigned char oldmode;
2461 +};
2462 +
2463 +/* End Data Structures Section */
2464 +
2465 +/* Hash functions generated by empirical testing by Brad Spengler
2466 + Makes good use of the low bits of the inode. Generally 0-1 times
2467 + in loop for successful match. 0-3 for unsuccessful match.
2468 + Shift/add algorithm with modulus of table size and an XOR*/
2469 +
2470 +static __inline__ unsigned int
2471 +gr_rhash(const uid_t uid, const __u16 type, const unsigned int sz)
2472 +{
2473 + return ((((uid + type) << (16 + type)) ^ uid) % sz);
2474 +}
2475 +
2476 + static __inline__ unsigned int
2477 +gr_shash(const struct acl_subject_label *userp, const unsigned int sz)
2478 +{
2479 + return ((const unsigned long)userp % sz);
2480 +}
2481 +
2482 +static __inline__ unsigned int
2483 +gr_fhash(const u64 ino, const dev_t dev, const unsigned int sz)
2484 +{
2485 + unsigned int rem;
2486 + div_u64_rem((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9)), sz, &rem);
2487 + return rem;
2488 +}
2489 +
2490 +static __inline__ unsigned int
2491 +gr_nhash(const char *name, const __u16 len, const unsigned int sz)
2492 +{
2493 + return full_name_hash((const unsigned char *)name, len) % sz;
2494 +}
2495 +
2496 +#define FOR_EACH_SUBJECT_START(role,subj,iter) \
2497 + subj = NULL; \
2498 + iter = 0; \
2499 + while (iter < role->subj_hash_size) { \
2500 + if (subj == NULL) \
2501 + subj = role->subj_hash[iter]; \
2502 + if (subj == NULL) { \
2503 + iter++; \
2504 + continue; \
2505 + }
2506 +
2507 +#define FOR_EACH_SUBJECT_END(subj,iter) \
2508 + subj = subj->next; \
2509 + if (subj == NULL) \
2510 + iter++; \
2511 + }
2512 +
2513 +
2514 +#define FOR_EACH_NESTED_SUBJECT_START(role,subj) \
2515 + subj = role->hash->first; \
2516 + while (subj != NULL) {
2517 +
2518 +#define FOR_EACH_NESTED_SUBJECT_END(subj) \
2519 + subj = subj->next; \
2520 + }
2521 +
2522 +#endif
2523 +
2524 diff -Naur backports-4.2.6-1.org/include/linux/gralloc.h backports-4.2.6-1/include/linux/gralloc.h
2525 --- backports-4.2.6-1.org/include/linux/gralloc.h 1970-01-01 01:00:00.000000000 +0100
2526 +++ backports-4.2.6-1/include/linux/gralloc.h 2016-01-27 12:26:26.289959354 +0100
2527 @@ -0,0 +1,9 @@
2528 +#ifndef __GRALLOC_H
2529 +#define __GRALLOC_H
2530 +
2531 +void acl_free_all(void);
2532 +int acl_alloc_stack_init(unsigned long size);
2533 +void *acl_alloc(unsigned long len);
2534 +void *acl_alloc_num(unsigned long num, unsigned long len);
2535 +
2536 +#endif
2537 diff -Naur backports-4.2.6-1.org/include/linux/grdefs.h backports-4.2.6-1/include/linux/grdefs.h
2538 --- backports-4.2.6-1.org/include/linux/grdefs.h 1970-01-01 01:00:00.000000000 +0100
2539 +++ backports-4.2.6-1/include/linux/grdefs.h 2016-01-27 12:26:26.289959354 +0100
2540 @@ -0,0 +1,140 @@
2541 +#ifndef GRDEFS_H
2542 +#define GRDEFS_H
2543 +
2544 +/* Begin grsecurity status declarations */
2545 +
2546 +enum {
2547 + GR_READY = 0x01,
2548 + GR_STATUS_INIT = 0x00 // disabled state
2549 +};
2550 +
2551 +/* Begin ACL declarations */
2552 +
2553 +/* Role flags */
2554 +
2555 +enum {
2556 + GR_ROLE_USER = 0x0001,
2557 + GR_ROLE_GROUP = 0x0002,
2558 + GR_ROLE_DEFAULT = 0x0004,
2559 + GR_ROLE_SPECIAL = 0x0008,
2560 + GR_ROLE_AUTH = 0x0010,
2561 + GR_ROLE_NOPW = 0x0020,
2562 + GR_ROLE_GOD = 0x0040,
2563 + GR_ROLE_LEARN = 0x0080,
2564 + GR_ROLE_TPE = 0x0100,
2565 + GR_ROLE_DOMAIN = 0x0200,
2566 + GR_ROLE_PAM = 0x0400,
2567 + GR_ROLE_PERSIST = 0x0800
2568 +};
2569 +
2570 +/* ACL Subject and Object mode flags */
2571 +enum {
2572 + GR_DELETED = 0x80000000
2573 +};
2574 +
2575 +/* ACL Object-only mode flags */
2576 +enum {
2577 + GR_READ = 0x00000001,
2578 + GR_APPEND = 0x00000002,
2579 + GR_WRITE = 0x00000004,
2580 + GR_EXEC = 0x00000008,
2581 + GR_FIND = 0x00000010,
2582 + GR_INHERIT = 0x00000020,
2583 + GR_SETID = 0x00000040,
2584 + GR_CREATE = 0x00000080,
2585 + GR_DELETE = 0x00000100,
2586 + GR_LINK = 0x00000200,
2587 + GR_AUDIT_READ = 0x00000400,
2588 + GR_AUDIT_APPEND = 0x00000800,
2589 + GR_AUDIT_WRITE = 0x00001000,
2590 + GR_AUDIT_EXEC = 0x00002000,
2591 + GR_AUDIT_FIND = 0x00004000,
2592 + GR_AUDIT_INHERIT= 0x00008000,
2593 + GR_AUDIT_SETID = 0x00010000,
2594 + GR_AUDIT_CREATE = 0x00020000,
2595 + GR_AUDIT_DELETE = 0x00040000,
2596 + GR_AUDIT_LINK = 0x00080000,
2597 + GR_PTRACERD = 0x00100000,
2598 + GR_NOPTRACE = 0x00200000,
2599 + GR_SUPPRESS = 0x00400000,
2600 + GR_NOLEARN = 0x00800000,
2601 + GR_INIT_TRANSFER= 0x01000000
2602 +};
2603 +
2604 +#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \
2605 + GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \
2606 + GR_AUDIT_CREATE | GR_AUDIT_DELETE | GR_AUDIT_LINK)
2607 +
2608 +/* ACL subject-only mode flags */
2609 +enum {
2610 + GR_KILL = 0x00000001,
2611 + GR_VIEW = 0x00000002,
2612 + GR_PROTECTED = 0x00000004,
2613 + GR_LEARN = 0x00000008,
2614 + GR_OVERRIDE = 0x00000010,
2615 + /* just a placeholder, this mode is only used in userspace */
2616 + GR_DUMMY = 0x00000020,
2617 + GR_PROTSHM = 0x00000040,
2618 + GR_KILLPROC = 0x00000080,
2619 + GR_KILLIPPROC = 0x00000100,
2620 + /* just a placeholder, this mode is only used in userspace */
2621 + GR_NOTROJAN = 0x00000200,
2622 + GR_PROTPROCFD = 0x00000400,
2623 + GR_PROCACCT = 0x00000800,
2624 + GR_RELAXPTRACE = 0x00001000,
2625 + //GR_NESTED = 0x00002000,
2626 + GR_INHERITLEARN = 0x00004000,
2627 + GR_PROCFIND = 0x00008000,
2628 + GR_POVERRIDE = 0x00010000,
2629 + GR_KERNELAUTH = 0x00020000,
2630 + GR_ATSECURE = 0x00040000,
2631 + GR_SHMEXEC = 0x00080000
2632 +};
2633 +
2634 +enum {
2635 + GR_PAX_ENABLE_SEGMEXEC = 0x0001,
2636 + GR_PAX_ENABLE_PAGEEXEC = 0x0002,
2637 + GR_PAX_ENABLE_MPROTECT = 0x0004,
2638 + GR_PAX_ENABLE_RANDMMAP = 0x0008,
2639 + GR_PAX_ENABLE_EMUTRAMP = 0x0010,
2640 + GR_PAX_DISABLE_SEGMEXEC = 0x0100,
2641 + GR_PAX_DISABLE_PAGEEXEC = 0x0200,
2642 + GR_PAX_DISABLE_MPROTECT = 0x0400,
2643 + GR_PAX_DISABLE_RANDMMAP = 0x0800,
2644 + GR_PAX_DISABLE_EMUTRAMP = 0x1000,
2645 +};
2646 +
2647 +enum {
2648 + GR_ID_USER = 0x01,
2649 + GR_ID_GROUP = 0x02,
2650 +};
2651 +
2652 +enum {
2653 + GR_ID_ALLOW = 0x01,
2654 + GR_ID_DENY = 0x02,
2655 +};
2656 +
2657 +#define GR_CRASH_RES 31
2658 +#define GR_UIDTABLE_MAX 500
2659 +
2660 +/* begin resource learning section */
2661 +enum {
2662 + GR_RLIM_CPU_BUMP = 60,
2663 + GR_RLIM_FSIZE_BUMP = 50000,
2664 + GR_RLIM_DATA_BUMP = 10000,
2665 + GR_RLIM_STACK_BUMP = 1000,
2666 + GR_RLIM_CORE_BUMP = 10000,
2667 + GR_RLIM_RSS_BUMP = 500000,
2668 + GR_RLIM_NPROC_BUMP = 1,
2669 + GR_RLIM_NOFILE_BUMP = 5,
2670 + GR_RLIM_MEMLOCK_BUMP = 50000,
2671 + GR_RLIM_AS_BUMP = 500000,
2672 + GR_RLIM_LOCKS_BUMP = 2,
2673 + GR_RLIM_SIGPENDING_BUMP = 5,
2674 + GR_RLIM_MSGQUEUE_BUMP = 10000,
2675 + GR_RLIM_NICE_BUMP = 1,
2676 + GR_RLIM_RTPRIO_BUMP = 1,
2677 + GR_RLIM_RTTIME_BUMP = 1000000
2678 +};
2679 +
2680 +#endif
2681 diff -Naur backports-4.2.6-1.org/include/linux/grinternal.h backports-4.2.6-1/include/linux/grinternal.h
2682 --- backports-4.2.6-1.org/include/linux/grinternal.h 1970-01-01 01:00:00.000000000 +0100
2683 +++ backports-4.2.6-1/include/linux/grinternal.h 2016-01-27 12:26:26.289959354 +0100
2684 @@ -0,0 +1,230 @@
2685 +#ifndef __GRINTERNAL_H
2686 +#define __GRINTERNAL_H
2687 +
2688 +#ifdef CONFIG_GRKERNSEC
2689 +
2690 +#include <linux/fs.h>
2691 +#include <linux/mnt_namespace.h>
2692 +#include <linux/nsproxy.h>
2693 +#include <linux/gracl.h>
2694 +#include <linux/grdefs.h>
2695 +#include <linux/grmsg.h>
2696 +
2697 +void gr_add_learn_entry(const char *fmt, ...)
2698 + __attribute__ ((format (printf, 1, 2)));
2699 +__u32 gr_search_file(const struct dentry *dentry, const __u32 mode,
2700 + const struct vfsmount *mnt);
2701 +__u32 gr_check_create(const struct dentry *new_dentry,
2702 + const struct dentry *parent,
2703 + const struct vfsmount *mnt, const __u32 mode);
2704 +int gr_check_protected_task(const struct task_struct *task);
2705 +__u32 to_gr_audit(const __u32 reqmode);
2706 +int gr_set_acls(const int type);
2707 +int gr_acl_is_enabled(void);
2708 +char gr_roletype_to_char(void);
2709 +
2710 +void gr_handle_alertkill(struct task_struct *task);
2711 +char *gr_to_filename(const struct dentry *dentry,
2712 + const struct vfsmount *mnt);
2713 +char *gr_to_filename1(const struct dentry *dentry,
2714 + const struct vfsmount *mnt);
2715 +char *gr_to_filename2(const struct dentry *dentry,
2716 + const struct vfsmount *mnt);
2717 +char *gr_to_filename3(const struct dentry *dentry,
2718 + const struct vfsmount *mnt);
2719 +
2720 +extern int grsec_enable_ptrace_readexec;
2721 +extern int grsec_enable_harden_ptrace;
2722 +extern int grsec_enable_link;
2723 +extern int grsec_enable_fifo;
2724 +extern int grsec_enable_execve;
2725 +extern int grsec_enable_shm;
2726 +extern int grsec_enable_execlog;
2727 +extern int grsec_enable_signal;
2728 +extern int grsec_enable_audit_ptrace;
2729 +extern int grsec_enable_forkfail;
2730 +extern int grsec_enable_time;
2731 +extern int grsec_enable_rofs;
2732 +extern int grsec_deny_new_usb;
2733 +extern int grsec_enable_chroot_shmat;
2734 +extern int grsec_enable_chroot_mount;
2735 +extern int grsec_enable_chroot_double;
2736 +extern int grsec_enable_chroot_pivot;
2737 +extern int grsec_enable_chroot_chdir;
2738 +extern int grsec_enable_chroot_chmod;
2739 +extern int grsec_enable_chroot_mknod;
2740 +extern int grsec_enable_chroot_fchdir;
2741 +extern int grsec_enable_chroot_nice;
2742 +extern int grsec_enable_chroot_execlog;
2743 +extern int grsec_enable_chroot_caps;
2744 +extern int grsec_enable_chroot_rename;
2745 +extern int grsec_enable_chroot_sysctl;
2746 +extern int grsec_enable_chroot_unix;
2747 +extern int grsec_enable_symlinkown;
2748 +extern kgid_t grsec_symlinkown_gid;
2749 +extern int grsec_enable_tpe;
2750 +extern kgid_t grsec_tpe_gid;
2751 +extern int grsec_enable_tpe_all;
2752 +extern int grsec_enable_tpe_invert;
2753 +extern int grsec_enable_socket_all;
2754 +extern kgid_t grsec_socket_all_gid;
2755 +extern int grsec_enable_socket_client;
2756 +extern kgid_t grsec_socket_client_gid;
2757 +extern int grsec_enable_socket_server;
2758 +extern kgid_t grsec_socket_server_gid;
2759 +extern kgid_t grsec_audit_gid;
2760 +extern int grsec_enable_group;
2761 +extern int grsec_enable_log_rwxmaps;
2762 +extern int grsec_enable_mount;
2763 +extern int grsec_enable_chdir;
2764 +extern int grsec_resource_logging;
2765 +extern int grsec_enable_blackhole;
2766 +extern int grsec_lastack_retries;
2767 +extern int grsec_enable_brute;
2768 +extern int grsec_enable_harden_ipc;
2769 +extern int grsec_lock;
2770 +
2771 +extern spinlock_t grsec_alert_lock;
2772 +extern unsigned long grsec_alert_wtime;
2773 +extern unsigned long grsec_alert_fyet;
2774 +
2775 +extern spinlock_t grsec_audit_lock;
2776 +
2777 +extern rwlock_t grsec_exec_file_lock;
2778 +
2779 +#define gr_task_fullpath(tsk) ((tsk)->exec_file ? \
2780 + gr_to_filename2((tsk)->exec_file->f_path.dentry, \
2781 + (tsk)->exec_file->f_path.mnt) : "/")
2782 +
2783 +#define gr_parent_task_fullpath(tsk) ((tsk)->real_parent->exec_file ? \
2784 + gr_to_filename3((tsk)->real_parent->exec_file->f_path.dentry, \
2785 + (tsk)->real_parent->exec_file->f_path.mnt) : "/")
2786 +
2787 +#define gr_task_fullpath0(tsk) ((tsk)->exec_file ? \
2788 + gr_to_filename((tsk)->exec_file->f_path.dentry, \
2789 + (tsk)->exec_file->f_path.mnt) : "/")
2790 +
2791 +#define gr_parent_task_fullpath0(tsk) ((tsk)->real_parent->exec_file ? \
2792 + gr_to_filename1((tsk)->real_parent->exec_file->f_path.dentry, \
2793 + (tsk)->real_parent->exec_file->f_path.mnt) : "/")
2794 +
2795 +#define proc_is_chrooted(tsk_a) ((tsk_a)->gr_is_chrooted)
2796 +
2797 +#define have_same_root(tsk_a,tsk_b) ((tsk_a)->gr_chroot_dentry == (tsk_b)->gr_chroot_dentry)
2798 +
2799 +static inline bool gr_is_same_file(const struct file *file1, const struct file *file2)
2800 +{
2801 + if (file1 && file2) {
2802 + const struct inode *inode1 = file1->f_path.dentry->d_inode;
2803 + const struct inode *inode2 = file2->f_path.dentry->d_inode;
2804 + if (inode1->i_ino == inode2->i_ino && inode1->i_sb->s_dev == inode2->i_sb->s_dev)
2805 + return true;
2806 + }
2807 +
2808 + return false;
2809 +}
2810 +
2811 +#define GR_CHROOT_CAPS {{ \
2812 + CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \
2813 + CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \
2814 + CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
2815 + CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
2816 + CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
2817 + CAP_TO_MASK(CAP_IPC_OWNER) | CAP_TO_MASK(CAP_SETFCAP), \
2818 + CAP_TO_MASK(CAP_SYSLOG) | CAP_TO_MASK(CAP_MAC_ADMIN) }}
2819 +
2820 +#define security_learn(normal_msg,args...) \
2821 +({ \
2822 + read_lock(&grsec_exec_file_lock); \
2823 + gr_add_learn_entry(normal_msg "\n", ## args); \
2824 + read_unlock(&grsec_exec_file_lock); \
2825 +})
2826 +
2827 +enum {
2828 + GR_DO_AUDIT,
2829 + GR_DONT_AUDIT,
2830 + /* used for non-audit messages that we shouldn't kill the task on */
2831 + GR_DONT_AUDIT_GOOD
2832 +};
2833 +
2834 +enum {
2835 + GR_TTYSNIFF,
2836 + GR_RBAC,
2837 + GR_RBAC_STR,
2838 + GR_STR_RBAC,
2839 + GR_RBAC_MODE2,
2840 + GR_RBAC_MODE3,
2841 + GR_FILENAME,
2842 + GR_SYSCTL_HIDDEN,
2843 + GR_NOARGS,
2844 + GR_ONE_INT,
2845 + GR_ONE_INT_TWO_STR,
2846 + GR_ONE_STR,
2847 + GR_STR_INT,
2848 + GR_TWO_STR_INT,
2849 + GR_TWO_INT,
2850 + GR_TWO_U64,
2851 + GR_THREE_INT,
2852 + GR_FIVE_INT_TWO_STR,
2853 + GR_TWO_STR,
2854 + GR_THREE_STR,
2855 + GR_FOUR_STR,
2856 + GR_STR_FILENAME,
2857 + GR_FILENAME_STR,
2858 + GR_FILENAME_TWO_INT,
2859 + GR_FILENAME_TWO_INT_STR,
2860 + GR_TEXTREL,
2861 + GR_PTRACE,
2862 + GR_RESOURCE,
2863 + GR_CAP,
2864 + GR_SIG,
2865 + GR_SIG2,
2866 + GR_CRASH1,
2867 + GR_CRASH2,
2868 + GR_PSACCT,
2869 + GR_RWXMAP,
2870 + GR_RWXMAPVMA
2871 +};
2872 +
2873 +#define gr_log_hidden_sysctl(audit, msg, str) gr_log_varargs(audit, msg, GR_SYSCTL_HIDDEN, str)
2874 +#define gr_log_ttysniff(audit, msg, task) gr_log_varargs(audit, msg, GR_TTYSNIFF, task)
2875 +#define gr_log_fs_rbac_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_RBAC, dentry, mnt)
2876 +#define gr_log_fs_rbac_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_RBAC_STR, dentry, mnt, str)
2877 +#define gr_log_fs_str_rbac(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_RBAC, str, dentry, mnt)
2878 +#define gr_log_fs_rbac_mode2(audit, msg, dentry, mnt, str1, str2) gr_log_varargs(audit, msg, GR_RBAC_MODE2, dentry, mnt, str1, str2)
2879 +#define gr_log_fs_rbac_mode3(audit, msg, dentry, mnt, str1, str2, str3) gr_log_varargs(audit, msg, GR_RBAC_MODE3, dentry, mnt, str1, str2, str3)
2880 +#define gr_log_fs_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_FILENAME, dentry, mnt)
2881 +#define gr_log_noargs(audit, msg) gr_log_varargs(audit, msg, GR_NOARGS)
2882 +#define gr_log_int(audit, msg, num) gr_log_varargs(audit, msg, GR_ONE_INT, num)
2883 +#define gr_log_int_str2(audit, msg, num, str1, str2) gr_log_varargs(audit, msg, GR_ONE_INT_TWO_STR, num, str1, str2)
2884 +#define gr_log_str(audit, msg, str) gr_log_varargs(audit, msg, GR_ONE_STR, str)
2885 +#define gr_log_str_int(audit, msg, str, num) gr_log_varargs(audit, msg, GR_STR_INT, str, num)
2886 +#define gr_log_int_int(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_INT, num1, num2)
2887 +#define gr_log_two_u64(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_U64, num1, num2)
2888 +#define gr_log_int3(audit, msg, num1, num2, num3) gr_log_varargs(audit, msg, GR_THREE_INT, num1, num2, num3)
2889 +#define gr_log_int5_str2(audit, msg, num1, num2, str1, str2) gr_log_varargs(audit, msg, GR_FIVE_INT_TWO_STR, num1, num2, str1, str2)
2890 +#define gr_log_str_str(audit, msg, str1, str2) gr_log_varargs(audit, msg, GR_TWO_STR, str1, str2)
2891 +#define gr_log_str2_int(audit, msg, str1, str2, num) gr_log_varargs(audit, msg, GR_TWO_STR_INT, str1, str2, num)
2892 +#define gr_log_str3(audit, msg, str1, str2, str3) gr_log_varargs(audit, msg, GR_THREE_STR, str1, str2, str3)
2893 +#define gr_log_str4(audit, msg, str1, str2, str3, str4) gr_log_varargs(audit, msg, GR_FOUR_STR, str1, str2, str3, str4)
2894 +#define gr_log_str_fs(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_FILENAME, str, dentry, mnt)
2895 +#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str)
2896 +#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2)
2897 +#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str)
2898 +#define gr_log_textrel_ulong_ulong(audit, msg, str, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, str, file, ulong1, ulong2)
2899 +#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task)
2900 +#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2)
2901 +#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str)
2902 +#define gr_log_sig_addr(audit, msg, str, addr) gr_log_varargs(audit, msg, GR_SIG, str, addr)
2903 +#define gr_log_sig_task(audit, msg, task, num) gr_log_varargs(audit, msg, GR_SIG2, task, num)
2904 +#define gr_log_crash1(audit, msg, task, ulong) gr_log_varargs(audit, msg, GR_CRASH1, task, ulong)
2905 +#define gr_log_crash2(audit, msg, task, ulong1) gr_log_varargs(audit, msg, GR_CRASH2, task, ulong1)
2906 +#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9)
2907 +#define gr_log_rwxmap(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAP, str)
2908 +#define gr_log_rwxmap_vma(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAPVMA, str)
2909 +
2910 +void gr_log_varargs(int audit, const char *msg, int argtypes, ...);
2911 +
2912 +#endif
2913 +
2914 +#endif
2915 diff -Naur backports-4.2.6-1.org/include/linux/grmsg.h backports-4.2.6-1/include/linux/grmsg.h
2916 --- backports-4.2.6-1.org/include/linux/grmsg.h 1970-01-01 01:00:00.000000000 +0100
2917 +++ backports-4.2.6-1/include/linux/grmsg.h 2016-01-27 12:26:26.289959354 +0100
2918 @@ -0,0 +1,118 @@
2919 +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
2920 +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
2921 +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
2922 +#define GR_STOPMOD_MSG "denied modification of module state by "
2923 +#define GR_ROFS_BLOCKWRITE_MSG "denied write to block device %.950s by "
2924 +#define GR_ROFS_MOUNT_MSG "denied writable mount of %.950s by "
2925 +#define GR_IOPERM_MSG "denied use of ioperm() by "
2926 +#define GR_IOPL_MSG "denied use of iopl() by "
2927 +#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by "
2928 +#define GR_UNIX_CHROOT_MSG "denied connect() to abstract AF_UNIX socket outside of chroot by "
2929 +#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by "
2930 +#define GR_MEM_READWRITE_MSG "denied access of range %Lx -> %Lx in /dev/mem by "
2931 +#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by "
2932 +#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%pI4"
2933 +#define GR_ID_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%c\t%d\t%d\t%d\t%pI4"
2934 +#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by "
2935 +#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by "
2936 +#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by "
2937 +#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by "
2938 +#define GR_MKNOD_CHROOT_MSG "denied mknod of %.950s from chroot by "
2939 +#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by "
2940 +#define GR_UNIXCONNECT_ACL_MSG "%s connect() to the unix domain socket %.950s by "
2941 +#define GR_TTYSNIFF_ACL_MSG "terminal being sniffed by IP:%pI4 %.480s[%.16s:%d], parent %.480s[%.16s:%d] against "
2942 +#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by "
2943 +#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by "
2944 +#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by "
2945 +#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by "
2946 +#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for "
2947 +#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by "
2948 +#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by "
2949 +#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by "
2950 +#define GR_UNSAFESHARE_EXEC_ACL_MSG "denied exec with cloned fs of %.950s by "
2951 +#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by "
2952 +#define GR_EXEC_ACL_MSG "%s execution of %.950s by "
2953 +#define GR_EXEC_TPE_MSG "denied untrusted exec (due to %.70s) of %.950s by "
2954 +#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds"
2955 +#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution for %lu seconds"
2956 +#define GR_MOUNT_CHROOT_MSG "denied mount of %.256s as %.930s from chroot by "
2957 +#define GR_PIVOT_CHROOT_MSG "denied pivot_root from chroot by "
2958 +#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by "
2959 +#define GR_ATIME_ACL_MSG "%s access time change of %.950s by "
2960 +#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by "
2961 +#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by "
2962 +#define GR_CHROOT_RENAME_MSG "denied bad rename of %.950s out of a chroot by "
2963 +#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by "
2964 +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
2965 +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
2966 +#define GR_CHROOT_FHANDLE_MSG "denied use of file handles inside chroot by "
2967 +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by "
2968 +#define GR_SETXATTR_ACL_MSG "%s setting extended attribute of %.950s by "
2969 +#define GR_REMOVEXATTR_ACL_MSG "%s removing extended attribute of %.950s by "
2970 +#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by "
2971 +#define GR_INITF_ACL_MSG "init_variables() failed %s by "
2972 +#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader"
2973 +#define GR_DEV_ACL_MSG "/dev/grsec: %d bytes sent %d required, being fed garbage by "
2974 +#define GR_SHUTS_ACL_MSG "shutdown auth success for "
2975 +#define GR_SHUTF_ACL_MSG "shutdown auth failure for "
2976 +#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for "
2977 +#define GR_SEGVMODS_ACL_MSG "segvmod auth success for "
2978 +#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for "
2979 +#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for "
2980 +#define GR_ENABLE_ACL_MSG "%s RBAC system loaded by "
2981 +#define GR_ENABLEF_ACL_MSG "unable to load %s for "
2982 +#define GR_RELOADI_ACL_MSG "ignoring reload request for disabled RBAC system"
2983 +#define GR_RELOAD_ACL_MSG "%s RBAC system reloaded by "
2984 +#define GR_RELOADF_ACL_MSG "failed reload of %s for "
2985 +#define GR_SPROLEI_ACL_MSG "ignoring change to special role for disabled RBAC system for "
2986 +#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by "
2987 +#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by "
2988 +#define GR_SPROLEF_ACL_MSG "special role %s failure for "
2989 +#define GR_UNSPROLEI_ACL_MSG "ignoring unauth of special role for disabled RBAC system for "
2990 +#define GR_UNSPROLES_ACL_MSG "successful unauth of special role %s (id %d) by "
2991 +#define GR_INVMODE_ACL_MSG "invalid mode %d by "
2992 +#define GR_PRIORITY_CHROOT_MSG "denied priority change of process (%.16s:%d) by "
2993 +#define GR_FAILFORK_MSG "failed fork with errno %s by "
2994 +#define GR_NICE_CHROOT_MSG "denied priority change by "
2995 +#define GR_UNISIGLOG_MSG "%.32s occurred at %p in "
2996 +#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by "
2997 +#define GR_SIG_ACL_MSG "denied send of signal %d to protected task " DEFAULTSECMSG " by "
2998 +#define GR_SYSCTL_MSG "denied modification of grsecurity sysctl value : %.32s by "
2999 +#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by "
3000 +#define GR_TIME_MSG "time set by "
3001 +#define GR_DEFACL_MSG "fatal: unable to find subject for (%.16s:%d), loaded by "
3002 +#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by "
3003 +#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by "
3004 +#define GR_SOCK_MSG "denied socket(%.16s,%.16s,%.16s) by "
3005 +#define GR_SOCK_NOINET_MSG "denied socket(%.16s,%.16s,%d) by "
3006 +#define GR_BIND_MSG "denied bind() by "
3007 +#define GR_CONNECT_MSG "denied connect() by "
3008 +#define GR_BIND_ACL_MSG "denied bind() to %pI4 port %u sock type %.16s protocol %.16s by "
3009 +#define GR_CONNECT_ACL_MSG "denied connect() to %pI4 port %u sock type %.16s protocol %.16s by "
3010 +#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4"
3011 +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process "
3012 +#define GR_CAP_ACL_MSG "use of %s denied for "
3013 +#define GR_CAP_CHROOT_MSG "use of %s in chroot denied for "
3014 +#define GR_CAP_ACL_MSG2 "use of %s permitted for "
3015 +#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for "
3016 +#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for "
3017 +#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by "
3018 +#define GR_UNMOUNT_AUDIT_MSG "unmount of %.256s by "
3019 +#define GR_MOUNT_AUDIT_MSG "mount of %.256s to %.256s by "
3020 +#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by "
3021 +#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.128s) by "
3022 +#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for "
3023 +#define GR_RWXMMAP_MSG "denied RWX mmap of %.950s by "
3024 +#define GR_RWXMPROTECT_MSG "denied RWX mprotect of %.950s by "
3025 +#define GR_TEXTREL_AUDIT_MSG "allowed %s text relocation transition in %.950s, VMA:0x%08lx 0x%08lx by "
3026 +#define GR_PTGNUSTACK_MSG "denied marking stack executable as requested by PT_GNU_STACK marking in %.950s by "
3027 +#define GR_VM86_MSG "denied use of vm86 by "
3028 +#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by "
3029 +#define GR_PTRACE_READEXEC_MSG "denied ptrace of unreadable binary %.950s by "
3030 +#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by "
3031 +#define GR_BADPROCPID_MSG "denied read of sensitive /proc/pid/%s entry via fd passed across exec by "
3032 +#define GR_SYMLINKOWNER_MSG "denied following symlink %.950s since symlink owner %u does not match target owner %u, by "
3033 +#define GR_BRUTE_DAEMON_MSG "bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for "
3034 +#define GR_BRUTE_SUID_MSG "bruteforce prevention initiated due to crash of %.950s against uid %u, banning suid/sgid execs for %u minutes. Please investigate the crash report for "
3035 +#define GR_IPC_DENIED_MSG "denied %s of overly-permissive IPC object with creator uid %u by "
3036 +#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
3037 diff -Naur backports-4.2.6-1.org/include/linux/grsecurity.h backports-4.2.6-1/include/linux/grsecurity.h
3038 --- backports-4.2.6-1.org/include/linux/grsecurity.h 1970-01-01 01:00:00.000000000 +0100
3039 +++ backports-4.2.6-1/include/linux/grsecurity.h 2016-01-27 12:26:26.289959354 +0100
3040 @@ -0,0 +1,255 @@
3041 +#ifndef GR_SECURITY_H
3042 +#define GR_SECURITY_H
3043 +#include <linux/fs.h>
3044 +#include <linux/fs_struct.h>
3045 +#include <linux/binfmts.h>
3046 +#include <linux/gracl.h>
3047 +
3048 +/* notify of brain-dead configs */
3049 +#if defined(CONFIG_DEBUG_FS) && defined(CONFIG_GRKERNSEC_KMEM)
3050 +#error "CONFIG_DEBUG_FS being enabled is a security risk when CONFIG_GRKERNSEC_KMEM is enabled"
3051 +#endif
3052 +#if defined(CONFIG_PROC_PAGE_MONITOR) && defined(CONFIG_GRKERNSEC)
3053 +#error "CONFIG_PROC_PAGE_MONITOR is a security risk"
3054 +#endif
3055 +#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
3056 +#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled."
3057 +#endif
3058 +#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
3059 +#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled"
3060 +#endif
3061 +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
3062 +#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
3063 +#endif
3064 +#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP)
3065 +#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled."
3066 +#endif
3067 +#if defined(CONFIG_PAX) && !defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_ASLR)
3068 +#error "CONFIG_PAX enabled, but no PaX options are enabled."
3069 +#endif
3070 +
3071 +int gr_handle_new_usb(void);
3072 +
3073 +void gr_handle_brute_attach(int dumpable);
3074 +void gr_handle_brute_check(void);
3075 +void gr_handle_kernel_exploit(void);
3076 +
3077 +char gr_roletype_to_char(void);
3078 +
3079 +int gr_proc_is_restricted(void);
3080 +
3081 +int gr_acl_enable_at_secure(void);
3082 +
3083 +int gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs);
3084 +int gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs);
3085 +
3086 +int gr_learn_cap(const struct task_struct *task, const struct cred *cred, const int cap);
3087 +
3088 +void gr_del_task_from_ip_table(struct task_struct *p);
3089 +
3090 +int gr_pid_is_chrooted(struct task_struct *p);
3091 +int gr_handle_chroot_fowner(struct pid *pid, enum pid_type type);
3092 +int gr_handle_chroot_nice(void);
3093 +int gr_handle_chroot_sysctl(const int op);
3094 +int gr_handle_chroot_setpriority(struct task_struct *p,
3095 + const int niceval);
3096 +int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
3097 +int gr_chroot_fhandle(void);
3098 +int gr_handle_chroot_chroot(const struct dentry *dentry,
3099 + const struct vfsmount *mnt);
3100 +void gr_handle_chroot_chdir(const struct path *path);
3101 +int gr_handle_chroot_chmod(const struct dentry *dentry,
3102 + const struct vfsmount *mnt, const int mode);
3103 +int gr_handle_chroot_mknod(const struct dentry *dentry,
3104 + const struct vfsmount *mnt, const int mode);
3105 +int gr_handle_chroot_mount(const struct dentry *dentry,
3106 + const struct vfsmount *mnt,
3107 + const char *dev_name);
3108 +int gr_handle_chroot_pivot(void);
3109 +int gr_handle_chroot_unix(const pid_t pid);
3110 +
3111 +int gr_handle_rawio(const struct inode *inode);
3112 +
3113 +void gr_handle_ioperm(void);
3114 +void gr_handle_iopl(void);
3115 +void gr_handle_msr_write(void);
3116 +
3117 +umode_t gr_acl_umask(void);
3118 +
3119 +int gr_tpe_allow(const struct file *file);
3120 +
3121 +void gr_set_chroot_entries(struct task_struct *task, const struct path *path);
3122 +void gr_clear_chroot_entries(struct task_struct *task);
3123 +
3124 +void gr_log_forkfail(const int retval);
3125 +void gr_log_timechange(void);
3126 +void gr_log_signal(const int sig, const void *addr, const struct task_struct *t);
3127 +void gr_log_chdir(const struct dentry *dentry,
3128 + const struct vfsmount *mnt);
3129 +void gr_log_chroot_exec(const struct dentry *dentry,
3130 + const struct vfsmount *mnt);
3131 +void gr_log_remount(const char *devname, const int retval);
3132 +void gr_log_unmount(const char *devname, const int retval);
3133 +void gr_log_mount(const char *from, struct path *to, const int retval);
3134 +void gr_log_textrel(struct vm_area_struct *vma, bool is_textrel_rw);
3135 +void gr_log_ptgnustack(struct file *file);
3136 +void gr_log_rwxmmap(struct file *file);
3137 +void gr_log_rwxmprotect(struct vm_area_struct *vma);
3138 +
3139 +int gr_handle_follow_link(const struct dentry *dentry,
3140 + const struct vfsmount *mnt);
3141 +int gr_handle_fifo(const struct dentry *dentry,
3142 + const struct vfsmount *mnt,
3143 + const struct dentry *dir, const int flag,
3144 + const int acc_mode);
3145 +int gr_handle_hardlink(const struct dentry *dentry,
3146 + const struct vfsmount *mnt,
3147 + const struct filename *to);
3148 +
3149 +int gr_is_capable(const int cap);
3150 +int gr_is_capable_nolog(const int cap);
3151 +int gr_task_is_capable(const struct task_struct *task, const struct cred *cred, const int cap);
3152 +int gr_task_is_capable_nolog(const struct task_struct *task, const int cap);
3153 +
3154 +void gr_copy_label(struct task_struct *tsk);
3155 +void gr_handle_crash(struct task_struct *task, const int sig);
3156 +int gr_handle_signal(const struct task_struct *p, const int sig);
3157 +int gr_check_crash_uid(const kuid_t uid);
3158 +int gr_check_protected_task(const struct task_struct *task);
3159 +int gr_check_protected_task_fowner(struct pid *pid, enum pid_type type);
3160 +int gr_acl_handle_mmap(const struct file *file,
3161 + const unsigned long prot);
3162 +int gr_acl_handle_mprotect(const struct file *file,
3163 + const unsigned long prot);
3164 +int gr_check_hidden_task(const struct task_struct *tsk);
3165 +__u32 gr_acl_handle_truncate(const struct dentry *dentry,
3166 + const struct vfsmount *mnt);
3167 +__u32 gr_acl_handle_utime(const struct dentry *dentry,
3168 + const struct vfsmount *mnt);
3169 +__u32 gr_acl_handle_access(const struct dentry *dentry,
3170 + const struct vfsmount *mnt, const int fmode);
3171 +__u32 gr_acl_handle_chmod(const struct dentry *dentry,
3172 + const struct vfsmount *mnt, umode_t *mode);
3173 +__u32 gr_acl_handle_chown(const struct dentry *dentry,
3174 + const struct vfsmount *mnt);
3175 +__u32 gr_acl_handle_setxattr(const struct dentry *dentry,
3176 + const struct vfsmount *mnt);
3177 +__u32 gr_acl_handle_removexattr(const struct dentry *dentry,
3178 + const struct vfsmount *mnt);
3179 +int gr_handle_ptrace(struct task_struct *task, const long request);
3180 +int gr_handle_proc_ptrace(struct task_struct *task);
3181 +__u32 gr_acl_handle_execve(const struct dentry *dentry,
3182 + const struct vfsmount *mnt);
3183 +int gr_check_crash_exec(const struct file *filp);
3184 +int gr_acl_is_enabled(void);
3185 +void gr_set_role_label(struct task_struct *task, const kuid_t uid,
3186 + const kgid_t gid);
3187 +int gr_set_proc_label(const struct dentry *dentry,
3188 + const struct vfsmount *mnt,
3189 + const int unsafe_flags);
3190 +__u32 gr_acl_handle_hidden_file(const struct dentry *dentry,
3191 + const struct vfsmount *mnt);
3192 +__u32 gr_acl_handle_open(const struct dentry *dentry,
3193 + const struct vfsmount *mnt, int acc_mode);
3194 +__u32 gr_acl_handle_creat(const struct dentry *dentry,
3195 + const struct dentry *p_dentry,
3196 + const struct vfsmount *p_mnt,
3197 + int open_flags, int acc_mode, const int imode);
3198 +void gr_handle_create(const struct dentry *dentry,
3199 + const struct vfsmount *mnt);
3200 +void gr_handle_proc_create(const struct dentry *dentry,
3201 + const struct inode *inode);
3202 +__u32 gr_acl_handle_mknod(const struct dentry *new_dentry,
3203 + const struct dentry *parent_dentry,
3204 + const struct vfsmount *parent_mnt,
3205 + const int mode);
3206 +__u32 gr_acl_handle_mkdir(const struct dentry *new_dentry,
3207 + const struct dentry *parent_dentry,
3208 + const struct vfsmount *parent_mnt);
3209 +__u32 gr_acl_handle_rmdir(const struct dentry *dentry,
3210 + const struct vfsmount *mnt);
3211 +void gr_handle_delete(const u64 ino, const dev_t dev);
3212 +__u32 gr_acl_handle_unlink(const struct dentry *dentry,
3213 + const struct vfsmount *mnt);
3214 +__u32 gr_acl_handle_symlink(const struct dentry *new_dentry,
3215 + const struct dentry *parent_dentry,
3216 + const struct vfsmount *parent_mnt,
3217 + const struct filename *from);
3218 +__u32 gr_acl_handle_link(const struct dentry *new_dentry,
3219 + const struct dentry *parent_dentry,
3220 + const struct vfsmount *parent_mnt,
3221 + const struct dentry *old_dentry,
3222 + const struct vfsmount *old_mnt, const struct filename *to);
3223 +int gr_handle_symlink_owner(const struct path *link, const struct inode *target);
3224 +int gr_acl_handle_rename(struct dentry *new_dentry,
3225 + struct dentry *parent_dentry,
3226 + const struct vfsmount *parent_mnt,
3227 + struct dentry *old_dentry,
3228 + struct inode *old_parent_inode,
3229 + struct vfsmount *old_mnt, const struct filename *newname, unsigned int flags);
3230 +void gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
3231 + struct dentry *old_dentry,
3232 + struct dentry *new_dentry,
3233 + struct vfsmount *mnt, const __u8 replace, unsigned int flags);
3234 +__u32 gr_check_link(const struct dentry *new_dentry,
3235 + const struct dentry *parent_dentry,
3236 + const struct vfsmount *parent_mnt,
3237 + const struct dentry *old_dentry,
3238 + const struct vfsmount *old_mnt);
3239 +int gr_acl_handle_filldir(const struct file *file, const char *name,
3240 + const unsigned int namelen, const u64 ino);
3241 +
3242 +__u32 gr_acl_handle_unix(const struct dentry *dentry,
3243 + const struct vfsmount *mnt);
3244 +void gr_acl_handle_exit(void);
3245 +void gr_acl_handle_psacct(struct task_struct *task, const long code);
3246 +int gr_acl_handle_procpidmem(const struct task_struct *task);
3247 +int gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags);
3248 +int gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode);
3249 +void gr_audit_ptrace(struct task_struct *task);
3250 +dev_t gr_get_dev_from_dentry(struct dentry *dentry);
3251 +u64 gr_get_ino_from_dentry(struct dentry *dentry);
3252 +void gr_put_exec_file(struct task_struct *task);
3253 +
3254 +int gr_get_symlinkown_enabled(void);
3255 +
3256 +int gr_ptrace_readexec(struct file *file, int unsafe_flags);
3257 +
3258 +void gr_inc_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt);
3259 +void gr_dec_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt);
3260 +int gr_bad_chroot_rename(struct dentry *olddentry, struct vfsmount *oldmnt,
3261 + struct dentry *newdentry, struct vfsmount *newmnt);
3262 +
3263 +#ifdef CONFIG_GRKERNSEC_RESLOG
3264 +extern void gr_log_resource(const struct task_struct *task, const int res,
3265 + const unsigned long wanted, const int gt);
3266 +#else
3267 +static inline void gr_log_resource(const struct task_struct *task, const int res,
3268 + const unsigned long wanted, const int gt)
3269 +{
3270 +}
3271 +#endif
3272 +
3273 +#ifdef CONFIG_GRKERNSEC
3274 +void task_grsec_rbac(struct seq_file *m, struct task_struct *p);
3275 +void gr_handle_vm86(void);
3276 +void gr_handle_mem_readwrite(u64 from, u64 to);
3277 +
3278 +void gr_log_badprocpid(const char *entry);
3279 +
3280 +extern int grsec_enable_dmesg;
3281 +extern int grsec_disable_privio;
3282 +
3283 +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
3284 +extern kgid_t grsec_proc_gid;
3285 +#endif
3286 +
3287 +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
3288 +extern int grsec_enable_chroot_findtask;
3289 +#endif
3290 +#ifdef CONFIG_GRKERNSEC_SETXID
3291 +extern int grsec_enable_setxid;
3292 +#endif
3293 +#endif
3294 +
3295 +#endif
3296 diff -Naur backports-4.2.6-1.org/include/linux/grsock.h backports-4.2.6-1/include/linux/grsock.h
3297 --- backports-4.2.6-1.org/include/linux/grsock.h 1970-01-01 01:00:00.000000000 +0100
3298 +++ backports-4.2.6-1/include/linux/grsock.h 2016-01-27 12:26:26.289959354 +0100
3299 @@ -0,0 +1,19 @@
3300 +#ifndef __GRSOCK_H
3301 +#define __GRSOCK_H
3302 +
3303 +extern void gr_attach_curr_ip(const struct sock *sk);
3304 +extern int gr_handle_sock_all(const int family, const int type,
3305 + const int protocol);
3306 +extern int gr_handle_sock_server(const struct sockaddr *sck);
3307 +extern int gr_handle_sock_server_other(const struct sock *sck);
3308 +extern int gr_handle_sock_client(const struct sockaddr *sck);
3309 +extern int gr_search_connect(struct socket * sock,
3310 + struct sockaddr_in * addr);
3311 +extern int gr_search_bind(struct socket * sock,
3312 + struct sockaddr_in * addr);
3313 +extern int gr_search_listen(struct socket * sock);
3314 +extern int gr_search_accept(struct socket * sock);
3315 +extern int gr_search_socket(const int domain, const int type,
3316 + const int protocol);
3317 +
3318 +#endif
3319 diff -Naur backports-4.2.6-1.org/include/linux/netfilter/xt_gradm.h backports-4.2.6-1/include/linux/netfilter/xt_gradm.h
3320 --- backports-4.2.6-1.org/include/linux/netfilter/xt_gradm.h 1970-01-01 01:00:00.000000000 +0100
3321 +++ backports-4.2.6-1/include/linux/netfilter/xt_gradm.h 2016-01-27 12:26:31.209959056 +0100
3322 @@ -0,0 +1,9 @@
3323 +#ifndef _LINUX_NETFILTER_XT_GRADM_H
3324 +#define _LINUX_NETFILTER_XT_GRADM_H 1
3325 +
3326 +struct xt_gradm_mtinfo {
3327 + __u16 flags;
3328 + __u16 invflags;
3329 +};
3330 +
3331 +#endif
3332 diff -Naur backports-4.2.6-1.org/include/linux/unaligned/access_ok.h backports-4.2.6-1/include/linux/unaligned/access_ok.h
3333 --- backports-4.2.6-1.org/include/linux/unaligned/access_ok.h 2015-11-15 22:19:38.000000000 +0100
3334 +++ backports-4.2.6-1/include/linux/unaligned/access_ok.h 2016-01-27 12:26:31.219959057 +0100
3335 @@ -4,34 +4,34 @@
3336 #include <linux/kernel.h>
3337 #include <asm/byteorder.h>
3338
3339 -static inline u16 get_unaligned_le16(const void *p)
3340 +static inline u16 __intentional_overflow(-1) get_unaligned_le16(const void *p)
3341 {
3342 - return le16_to_cpup((__le16 *)p);
3343 + return le16_to_cpup((const __le16 *)p);
3344 }
3345
3346 -static inline u32 get_unaligned_le32(const void *p)
3347 +static inline u32 __intentional_overflow(-1) get_unaligned_le32(const void *p)
3348 {
3349 - return le32_to_cpup((__le32 *)p);
3350 + return le32_to_cpup((const __le32 *)p);
3351 }
3352
3353 -static inline u64 get_unaligned_le64(const void *p)
3354 +static inline u64 __intentional_overflow(-1) get_unaligned_le64(const void *p)
3355 {
3356 - return le64_to_cpup((__le64 *)p);
3357 + return le64_to_cpup((const __le64 *)p);
3358 }
3359
3360 -static inline u16 get_unaligned_be16(const void *p)
3361 +static inline u16 __intentional_overflow(-1) get_unaligned_be16(const void *p)
3362 {
3363 - return be16_to_cpup((__be16 *)p);
3364 + return be16_to_cpup((const __be16 *)p);
3365 }
3366
3367 -static inline u32 get_unaligned_be32(const void *p)
3368 +static inline u32 __intentional_overflow(-1) get_unaligned_be32(const void *p)
3369 {
3370 - return be32_to_cpup((__be32 *)p);
3371 + return be32_to_cpup((const __be32 *)p);
3372 }
3373
3374 -static inline u64 get_unaligned_be64(const void *p)
3375 +static inline u64 __intentional_overflow(-1) get_unaligned_be64(const void *p)
3376 {
3377 - return be64_to_cpup((__be64 *)p);
3378 + return be64_to_cpup((const __be64 *)p);
3379 }
3380
3381 static inline void put_unaligned_le16(u16 val, void *p)
3382 diff -Naur backports-4.2.6-1.org/include/media/v4l2-dev.h backports-4.2.6-1/include/media/v4l2-dev.h
3383 --- backports-4.2.6-1.org/include/media/v4l2-dev.h 2015-11-15 22:19:38.000000000 +0100
3384 +++ backports-4.2.6-1/include/media/v4l2-dev.h 2016-01-27 12:26:31.219959057 +0100
3385 @@ -74,7 +74,7 @@
3386 int (*mmap) (struct file *, struct vm_area_struct *);
3387 int (*open) (struct file *);
3388 int (*release) (struct file *);
3389 -};
3390 +} __do_const;
3391
3392 /*
3393 * Newer version of video_device, handled by videodev2.c
3394 diff -Naur backports-4.2.6-1.org/include/media/v4l2-device.h backports-4.2.6-1/include/media/v4l2-device.h
3395 --- backports-4.2.6-1.org/include/media/v4l2-device.h 2015-11-15 22:19:38.000000000 +0100
3396 +++ backports-4.2.6-1/include/media/v4l2-device.h 2016-01-27 12:26:31.219959057 +0100
3397 @@ -93,7 +93,7 @@
3398 this function returns 0. If the name ends with a digit (e.g. cx18),
3399 then the name will be set to cx18-0 since cx180 looks really odd. */
3400 int v4l2_device_set_name(struct v4l2_device *v4l2_dev, const char *basename,
3401 - atomic_t *instance);
3402 + atomic_unchecked_t *instance);
3403
3404 /* Set v4l2_dev->dev to NULL. Call when the USB parent disconnects.
3405 Since the parent disappears this ensures that v4l2_dev doesn't have an
3406 diff -Naur backports-4.2.6-1.org/include/net/bluetooth/l2cap.h backports-4.2.6-1/include/net/bluetooth/l2cap.h
3407 --- backports-4.2.6-1.org/include/net/bluetooth/l2cap.h 2015-11-15 22:19:38.000000000 +0100
3408 +++ backports-4.2.6-1/include/net/bluetooth/l2cap.h 2016-01-27 12:31:52.866600109 +0100
3409 @@ -615,7 +615,7 @@
3410 struct iovec *iov,
3411 int len);
3412 #endif
3413 -};
3414 +} __do_const;
3415
3416 struct l2cap_conn {
3417 struct hci_conn *hcon;
3418 diff -Naur backports-4.2.6-1.org/include/net/mac80211.h backports-4.2.6-1/include/net/mac80211.h
3419 --- backports-4.2.6-1.org/include/net/mac80211.h 2015-11-15 22:19:38.000000000 +0100
3420 +++ backports-4.2.6-1/include/net/mac80211.h 2016-01-27 12:26:31.223292389 +0100
3421 @@ -5106,7 +5106,7 @@
3422 struct sk_buff *skb;
3423 struct ieee80211_tx_rate reported_rate;
3424 bool rts, short_preamble;
3425 - u8 max_rate_idx;
3426 + s8 max_rate_idx;
3427 u32 rate_idx_mask;
3428 u8 *rate_idx_mcs_mask;
3429 bool bss;
3430 @@ -5143,7 +5143,7 @@
3431 void (*remove_sta_debugfs)(void *priv, void *priv_sta);
3432
3433 u32 (*get_expected_throughput)(void *priv_sta);
3434 -};
3435 +} __do_const;
3436
3437 static inline int rate_supported(struct ieee80211_sta *sta,
3438 enum ieee80211_band band,
3439 diff -Naur backports-4.2.6-1.org/include/trace/events/fs.h backports-4.2.6-1/include/trace/events/fs.h
3440 --- backports-4.2.6-1.org/include/trace/events/fs.h 1970-01-01 01:00:00.000000000 +0100
3441 +++ backports-4.2.6-1/include/trace/events/fs.h 2016-01-27 12:26:31.226625722 +0100
3442 @@ -0,0 +1,53 @@
3443 +#undef TRACE_SYSTEM
3444 +#define TRACE_SYSTEM fs
3445 +
3446 +#if !defined(_TRACE_FS_H) || defined(TRACE_HEADER_MULTI_READ)
3447 +#define _TRACE_FS_H
3448 +
3449 +#include <linux/fs.h>
3450 +#include <linux/tracepoint.h>
3451 +
3452 +TRACE_EVENT(do_sys_open,
3453 +
3454 + TP_PROTO(const char *filename, int flags, int mode),
3455 +
3456 + TP_ARGS(filename, flags, mode),
3457 +
3458 + TP_STRUCT__entry(
3459 + __string( filename, filename )
3460 + __field( int, flags )
3461 + __field( int, mode )
3462 + ),
3463 +
3464 + TP_fast_assign(
3465 + __assign_str(filename, filename);
3466 + __entry->flags = flags;
3467 + __entry->mode = mode;
3468 + ),
3469 +
3470 + TP_printk("\"%s\" %x %o",
3471 + __get_str(filename), __entry->flags, __entry->mode)
3472 +);
3473 +
3474 +TRACE_EVENT(open_exec,
3475 +
3476 + TP_PROTO(const char *filename),
3477 +
3478 + TP_ARGS(filename),
3479 +
3480 + TP_STRUCT__entry(
3481 + __string( filename, filename )
3482 + ),
3483 +
3484 + TP_fast_assign(
3485 + __assign_str(filename, filename);
3486 + ),
3487 +
3488 + TP_printk("\"%s\"",
3489 + __get_str(filename))
3490 +);
3491 +
3492 +#endif /* _TRACE_FS_H */
3493 +
3494 +/* This part must be outside protection */
3495 +#include <trace/define_trace.h>
3496 diff -Naur backports-4.2.6-1.org/net/bluetooth/hci_sock.c backports-4.2.6-1/net/bluetooth/hci_sock.c
3497 --- backports-4.2.6-1.org/net/bluetooth/hci_sock.c 2015-11-15 22:19:40.000000000 +0100
3498 +++ backports-4.2.6-1/net/bluetooth/hci_sock.c 2016-01-27 12:26:36.269958751 +0100
3499 @@ -1266,7 +1266,7 @@
3500 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
3501 }
3502
3503 - len = min_t(unsigned int, len, sizeof(uf));
3504 + len = min((size_t)len, sizeof(uf));
3505 if (copy_from_user(&uf, optval, len)) {
3506 err = -EFAULT;
3507 break;
3508 diff -Naur backports-4.2.6-1.org/net/bluetooth/l2cap_core.c backports-4.2.6-1/net/bluetooth/l2cap_core.c
3509 --- backports-4.2.6-1.org/net/bluetooth/l2cap_core.c 2015-11-15 22:19:40.000000000 +0100
3510 +++ backports-4.2.6-1/net/bluetooth/l2cap_core.c 2016-01-27 12:26:36.269958751 +0100
3511 @@ -3547,8 +3547,10 @@
3512 break;
3513
3514 case L2CAP_CONF_RFC:
3515 - if (olen == sizeof(rfc))
3516 - memcpy(&rfc, (void *)val, olen);
3517 + if (olen != sizeof(rfc))
3518 + break;
3519 +
3520 + memcpy(&rfc, (void *)val, olen);
3521
3522 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
3523 rfc.mode != chan->mode)
3524 diff -Naur backports-4.2.6-1.org/net/bluetooth/l2cap_sock.c backports-4.2.6-1/net/bluetooth/l2cap_sock.c
3525 --- backports-4.2.6-1.org/net/bluetooth/l2cap_sock.c 2015-11-15 22:19:40.000000000 +0100
3526 +++ backports-4.2.6-1/net/bluetooth/l2cap_sock.c 2016-01-27 12:26:36.269958751 +0100
3527 @@ -633,7 +633,8 @@
3528 struct sock *sk = sock->sk;
3529 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3530 struct l2cap_options opts;
3531 - int len, err = 0;
3532 + int err = 0;
3533 + size_t len = optlen;
3534 u32 opt;
3535
3536 BT_DBG("sk %p", sk);
3537 @@ -660,7 +661,7 @@
3538 opts.max_tx = chan->max_tx;
3539 opts.txwin_size = chan->tx_win;
3540
3541 - len = min_t(unsigned int, sizeof(opts), optlen);
3542 + len = min(sizeof(opts), len);
3543 if (copy_from_user((char *) &opts, optval, len)) {
3544 err = -EFAULT;
3545 break;
3546 @@ -747,7 +748,8 @@
3547 struct bt_security sec;
3548 struct bt_power pwr;
3549 struct l2cap_conn *conn;
3550 - int len, err = 0;
3551 + int err = 0;
3552 + size_t len = optlen;
3553 u32 opt;
3554
3555 BT_DBG("sk %p", sk);
3556 @@ -771,7 +773,7 @@
3557
3558 sec.level = BT_SECURITY_LOW;
3559
3560 - len = min_t(unsigned int, sizeof(sec), optlen);
3561 + len = min(sizeof(sec), len);
3562 if (copy_from_user((char *) &sec, optval, len)) {
3563 err = -EFAULT;
3564 break;
3565 @@ -867,7 +869,7 @@
3566
3567 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
3568
3569 - len = min_t(unsigned int, sizeof(pwr), optlen);
3570 + len = min(sizeof(pwr), len);
3571 if (copy_from_user((char *) &pwr, optval, len)) {
3572 err = -EFAULT;
3573 break;
3574 diff -Naur backports-4.2.6-1.org/net/bluetooth/rfcomm/sock.c backports-4.2.6-1/net/bluetooth/rfcomm/sock.c
3575 --- backports-4.2.6-1.org/net/bluetooth/rfcomm/sock.c 2015-11-15 22:19:40.000000000 +0100
3576 +++ backports-4.2.6-1/net/bluetooth/rfcomm/sock.c 2016-01-27 12:26:36.269958751 +0100
3577 @@ -713,7 +713,7 @@
3578 struct sock *sk = sock->sk;
3579 struct bt_security sec;
3580 int err = 0;
3581 - size_t len;
3582 + size_t len = optlen;
3583 u32 opt;
3584
3585 BT_DBG("sk %p", sk);
3586 @@ -735,7 +735,7 @@
3587
3588 sec.level = BT_SECURITY_LOW;
3589
3590 - len = min_t(unsigned int, sizeof(sec), optlen);
3591 + len = min(sizeof(sec), len);
3592 if (copy_from_user((char *) &sec, optval, len)) {
3593 err = -EFAULT;
3594 break;
3595 diff -Naur backports-4.2.6-1.org/net/bluetooth/rfcomm/tty.c backports-4.2.6-1/net/bluetooth/rfcomm/tty.c
3596 --- backports-4.2.6-1.org/net/bluetooth/rfcomm/tty.c 2015-11-15 22:19:40.000000000 +0100
3597 +++ backports-4.2.6-1/net/bluetooth/rfcomm/tty.c 2016-01-27 12:26:36.269958751 +0100
3598 @@ -752,7 +752,7 @@
3599 BT_DBG("tty %p id %d", tty, tty->index);
3600
3601 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
3602 - dev->channel, dev->port.count);
3603 + dev->channel, atomic_read(&dev->port.count));
3604
3605 err = tty_port_open(&dev->port, tty, filp);
3606 if (err)
3607 @@ -775,7 +775,7 @@
3608 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
3609
3610 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
3611 - dev->port.count);
3612 + atomic_read(&dev->port.count));
3613
3614 tty_port_close(&dev->port, tty, filp);
3615 }
3616 diff -Naur backports-4.2.6-1.org/net/ieee802154/6lowpan/core.c backports-4.2.6-1/net/ieee802154/6lowpan/core.c
3617 --- backports-4.2.6-1.org/net/ieee802154/6lowpan/core.c 2015-11-15 22:19:40.000000000 +0100
3618 +++ backports-4.2.6-1/net/ieee802154/6lowpan/core.c 2016-01-27 12:26:36.273292083 +0100
3619 @@ -191,7 +191,7 @@
3620 dev_put(real_dev);
3621 }
3622
3623 -static struct rtnl_link_ops lowpan_link_ops __read_mostly = {
3624 +static struct rtnl_link_ops lowpan_link_ops = {
3625 .kind = "lowpan",
3626 .priv_size = sizeof(struct lowpan_dev_info),
3627 .setup = lowpan_setup,
3628 diff -Naur backports-4.2.6-1.org/net/ieee802154/6lowpan/reassembly.c backports-4.2.6-1/net/ieee802154/6lowpan/reassembly.c
3629 --- backports-4.2.6-1.org/net/ieee802154/6lowpan/reassembly.c 2015-11-15 22:19:40.000000000 +0100
3630 +++ backports-4.2.6-1/net/ieee802154/6lowpan/reassembly.c 2016-01-27 12:26:36.273292083 +0100
3631 @@ -435,14 +435,13 @@
3632
3633 static int __net_init lowpan_frags_ns_sysctl_register(struct net *net)
3634 {
3635 - struct ctl_table *table;
3636 + ctl_table_no_const *table = NULL;
3637 struct ctl_table_header *hdr;
3638 struct netns_ieee802154_lowpan *ieee802154_lowpan =
3639 net_ieee802154_lowpan(net);
3640
3641 - table = lowpan_frags_ns_ctl_table;
3642 if (!net_eq(net, &init_net)) {
3643 - table = kmemdup(table, sizeof(lowpan_frags_ns_ctl_table),
3644 + table = kmemdup(lowpan_frags_ns_ctl_table, sizeof(lowpan_frags_ns_ctl_table),
3645 GFP_KERNEL);
3646 if (table == NULL)
3647 goto err_alloc;
3648 @@ -457,9 +456,9 @@
3649 /* Don't export sysctls to unprivileged users */
3650 if (net->user_ns != &init_user_ns)
3651 table[0].procname = NULL;
3652 - }
3653 -
3654 - hdr = register_net_sysctl(net, "net/ieee802154/6lowpan", table);
3655 + hdr = register_net_sysctl(net, "net/ieee802154/6lowpan", table);
3656 + } else
3657 + hdr = register_net_sysctl(net, "net/ieee802154/6lowpan", lowpan_frags_ns_ctl_table);
3658 if (hdr == NULL)
3659 goto err_reg;
3660
3661 @@ -467,8 +466,7 @@
3662 return 0;
3663
3664 err_reg:
3665 - if (!net_eq(net, &init_net))
3666 - kfree(table);
3667 + kfree(table);
3668 err_alloc:
3669 return -ENOMEM;
3670 }
3671 diff -Naur backports-4.2.6-1.org/net/mac80211/cfg.c backports-4.2.6-1/net/mac80211/cfg.c
3672 --- backports-4.2.6-1.org/net/mac80211/cfg.c 2015-11-15 22:19:40.000000000 +0100
3673 +++ backports-4.2.6-1/net/mac80211/cfg.c 2016-01-27 12:26:36.286625417 +0100
3674 @@ -580,7 +580,7 @@
3675 ret = ieee80211_vif_use_channel(sdata, chandef,
3676 IEEE80211_CHANCTX_EXCLUSIVE);
3677 }
3678 - } else if (local->open_count == local->monitors) {
3679 + } else if (local_read(&local->open_count) == local->monitors) {
3680 local->_oper_chandef = *chandef;
3681 ieee80211_hw_config(local, 0);
3682 }
3683 @@ -3488,7 +3488,7 @@
3684 else
3685 local->probe_req_reg--;
3686
3687 - if (!local->open_count)
3688 + if (!local_read(&local->open_count))
3689 break;
3690
3691 ieee80211_queue_work(&local->hw, &local->reconfig_filter);
3692 @@ -3637,8 +3637,8 @@
3693 if (chanctx_conf) {
3694 *chandef = sdata->vif.bss_conf.chandef;
3695 ret = 0;
3696 - } else if (local->open_count > 0 &&
3697 - local->open_count == local->monitors &&
3698 + } else if (local_read(&local->open_count) > 0 &&
3699 + local_read(&local->open_count) == local->monitors &&
3700 sdata->vif.type == NL80211_IFTYPE_MONITOR) {
3701 if (local->use_chanctx)
3702 *chandef = local->monitor_chandef;
3703 diff -Naur backports-4.2.6-1.org/net/mac80211/ieee80211_i.h backports-4.2.6-1/net/mac80211/ieee80211_i.h
3704 --- backports-4.2.6-1.org/net/mac80211/ieee80211_i.h 2015-11-15 22:19:40.000000000 +0100
3705 +++ backports-4.2.6-1/net/mac80211/ieee80211_i.h 2016-01-27 12:26:36.289958749 +0100
3706 @@ -30,6 +30,7 @@
3707 #include <net/ieee80211_radiotap.h>
3708 #include <net/cfg80211.h>
3709 #include <net/mac80211.h>
3710 +#include <asm/local.h>
3711 #include "key.h"
3712 #include "sta_info.h"
3713 #include "debug.h"
3714 @@ -1112,7 +1113,7 @@
3715 /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
3716 spinlock_t queue_stop_reason_lock;
3717
3718 - int open_count;
3719 + local_t open_count;
3720 int monitors, cooked_mntrs;
3721 /* number of interfaces with corresponding FIF_ flags */
3722 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
3723 diff -Naur backports-4.2.6-1.org/net/mac80211/iface.c backports-4.2.6-1/net/mac80211/iface.c
3724 --- backports-4.2.6-1.org/net/mac80211/iface.c 2015-11-15 22:19:40.000000000 +0100
3725 +++ backports-4.2.6-1/net/mac80211/iface.c 2016-01-27 12:26:36.289958749 +0100
3726 @@ -550,7 +550,7 @@
3727 break;
3728 }
3729
3730 - if (local->open_count == 0) {
3731 + if (local_read(&local->open_count) == 0) {
3732 res = drv_start(local);
3733 if (res)
3734 goto err_del_bss;
3735 @@ -597,7 +597,7 @@
3736 res = drv_add_interface(local, sdata);
3737 if (res)
3738 goto err_stop;
3739 - } else if (local->monitors == 0 && local->open_count == 0) {
3740 + } else if (local->monitors == 0 && local_read(&local->open_count) == 0) {
3741 res = ieee80211_add_virtual_monitor(local);
3742 if (res)
3743 goto err_stop;
3744 @@ -704,7 +704,7 @@
3745 atomic_inc(&local->iff_allmultis);
3746
3747 if (coming_up)
3748 - local->open_count++;
3749 + local_inc(&local->open_count);
3750
3751 if (hw_reconf_flags)
3752 ieee80211_hw_config(local, hw_reconf_flags);
3753 @@ -742,7 +742,7 @@
3754 err_del_interface:
3755 drv_remove_interface(local, sdata);
3756 err_stop:
3757 - if (!local->open_count)
3758 + if (!local_read(&local->open_count))
3759 drv_stop(local);
3760 err_del_bss:
3761 sdata->bss = NULL;
3762 @@ -909,7 +909,7 @@
3763 }
3764
3765 if (going_down)
3766 - local->open_count--;
3767 + local_dec(&local->open_count);
3768
3769 switch (sdata->vif.type) {
3770 case NL80211_IFTYPE_AP_VLAN:
3771 @@ -978,7 +978,7 @@
3772 atomic_set(&sdata->txqs_len[txqi->txq.ac], 0);
3773 }
3774
3775 - if (local->open_count == 0)
3776 + if (local_read(&local->open_count) == 0)
3777 ieee80211_clear_tx_pending(local);
3778
3779 /*
3780 @@ -1021,7 +1021,7 @@
3781 if (cancel_scan)
3782 flush_delayed_work(&local->scan_work);
3783
3784 - if (local->open_count == 0) {
3785 + if (local_read(&local->open_count) == 0) {
3786 ieee80211_stop_device(local);
3787
3788 /* no reconfiguring after stop! */
3789 @@ -1032,7 +1032,7 @@
3790 ieee80211_configure_filter(local);
3791 ieee80211_hw_config(local, hw_reconf_flags);
3792
3793 - if (local->monitors == local->open_count)
3794 + if (local->monitors == local_read(&local->open_count))
3795 ieee80211_add_virtual_monitor(local);
3796 }
3797
3798 @@ -1905,8 +1905,8 @@
3799 */
3800 cfg80211_shutdown_all_interfaces(local->hw.wiphy);
3801
3802 - WARN(local->open_count, "%s: open count remains %d\n",
3803 - wiphy_name(local->hw.wiphy), local->open_count);
3804 + WARN(local_read(&local->open_count), "%s: open count remains %ld\n",
3805 + wiphy_name(local->hw.wiphy), local_read(&local->open_count));
3806
3807 mutex_lock(&local->iflist_mtx);
3808 list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
3809 diff -Naur backports-4.2.6-1.org/net/mac80211/main.c backports-4.2.6-1/net/mac80211/main.c
3810 --- backports-4.2.6-1.org/net/mac80211/main.c 2015-11-15 22:19:40.000000000 +0100
3811 +++ backports-4.2.6-1/net/mac80211/main.c 2016-01-27 12:26:36.289958749 +0100
3812 @@ -172,7 +172,7 @@
3813 changed &= ~(IEEE80211_CONF_CHANGE_CHANNEL |
3814 IEEE80211_CONF_CHANGE_POWER);
3815
3816 - if (changed && local->open_count) {
3817 + if (changed && local_read(&local->open_count)) {
3818 ret = drv_config(local, changed);
3819 /*
3820 * Goal:
3821 diff -Naur backports-4.2.6-1.org/net/mac80211/pm.c backports-4.2.6-1/net/mac80211/pm.c
3822 --- backports-4.2.6-1.org/net/mac80211/pm.c 2015-11-15 22:19:40.000000000 +0100
3823 +++ backports-4.2.6-1/net/mac80211/pm.c 2016-01-27 12:26:36.289958749 +0100
3824 @@ -12,7 +12,7 @@
3825 struct ieee80211_sub_if_data *sdata;
3826 struct sta_info *sta;
3827
3828 - if (!local->open_count)
3829 + if (!local_read(&local->open_count))
3830 goto suspend;
3831
3832 ieee80211_scan_cancel(local);
3833 @@ -166,7 +166,7 @@
3834 WARN_ON(!list_empty(&local->chanctx_list));
3835
3836 /* stop hardware - this must stop RX */
3837 - if (local->open_count)
3838 + if (local_read(&local->open_count))
3839 ieee80211_stop_device(local);
3840
3841 suspend:
3842 diff -Naur backports-4.2.6-1.org/net/mac80211/rate.c backports-4.2.6-1/net/mac80211/rate.c
3843 --- backports-4.2.6-1.org/net/mac80211/rate.c 2015-11-15 22:19:40.000000000 +0100
3844 +++ backports-4.2.6-1/net/mac80211/rate.c 2016-01-27 12:26:36.289958749 +0100
3845 @@ -730,7 +730,7 @@
3846
3847 ASSERT_RTNL();
3848
3849 - if (local->open_count)
3850 + if (local_read(&local->open_count))
3851 return -EBUSY;
3852
3853 if (ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL)) {
3854 diff -Naur backports-4.2.6-1.org/net/mac80211/sta_info.c backports-4.2.6-1/net/mac80211/sta_info.c
3855 --- backports-4.2.6-1.org/net/mac80211/sta_info.c 2015-11-15 22:19:40.000000000 +0100
3856 +++ backports-4.2.6-1/net/mac80211/sta_info.c 2016-01-27 12:26:36.289958749 +0100
3857 @@ -341,7 +341,7 @@
3858 int size = sizeof(struct txq_info) +
3859 ALIGN(hw->txq_data_size, sizeof(void *));
3860
3861 - txq_data = kcalloc(ARRAY_SIZE(sta->sta.txq), size, gfp);
3862 + txq_data = kcalloc(size, ARRAY_SIZE(sta->sta.txq), gfp);
3863 if (!txq_data)
3864 goto free;
3865
3866 diff -Naur backports-4.2.6-1.org/net/mac80211/util.c backports-4.2.6-1/net/mac80211/util.c
3867 --- backports-4.2.6-1.org/net/mac80211/util.c 2015-11-15 22:19:40.000000000 +0100
3868 +++ backports-4.2.6-1/net/mac80211/util.c 2016-01-27 12:26:36.289958749 +0100
3869 @@ -1761,7 +1761,7 @@
3870 bool sched_scan_stopped = false;
3871
3872 /* nothing to do if HW shouldn't run */
3873 - if (!local->open_count)
3874 + if (!local_read(&local->open_count))
3875 goto wake_up;
3876
3877 #ifdef CONFIG_PM
3878 @@ -2033,7 +2033,7 @@
3879 local->in_reconfig = false;
3880 barrier();
3881
3882 - if (local->monitors == local->open_count && local->monitors > 0)
3883 + if (local->monitors == local_read(&local->open_count) && local->monitors > 0)
3884 ieee80211_add_virtual_monitor(local);
3885
3886 /*
3887 @@ -2088,7 +2088,7 @@
3888 * If this is for hw restart things are still running.
3889 * We may want to change that later, however.
3890 */
3891 - if (local->open_count && (!local->suspended || reconfig_due_to_wowlan))
3892 + if (local_read(&local->open_count) && (!local->suspended || reconfig_due_to_wowlan))
3893 drv_reconfig_complete(local, IEEE80211_RECONFIG_TYPE_RESTART);
3894
3895 if (!local->suspended)
3896 @@ -2112,7 +2112,7 @@
3897 flush_delayed_work(&local->scan_work);
3898 }
3899
3900 - if (local->open_count && !reconfig_due_to_wowlan)
3901 + if (local_read(&local->open_count) && !reconfig_due_to_wowlan)
3902 drv_reconfig_complete(local, IEEE80211_RECONFIG_TYPE_SUSPEND);
3903
3904 list_for_each_entry(sdata, &local->interfaces, list) {
3905 diff -Naur backports-4.2.6-1.org/net/wireless/wext-core.c backports-4.2.6-1/net/wireless/wext-core.c
3906 --- backports-4.2.6-1.org/net/wireless/wext-core.c 2015-11-15 22:19:40.000000000 +0100
3907 +++ backports-4.2.6-1/net/wireless/wext-core.c 2016-01-27 12:26:36.303292082 +0100
3908 @@ -748,8 +748,7 @@
3909 */
3910
3911 /* Support for very large requests */
3912 - if ((descr->flags & IW_DESCR_FLAG_NOMAX) &&
3913 - (user_length > descr->max_tokens)) {
3914 + if (user_length > descr->max_tokens) {
3915 /* Allow userspace to GET more than max so
3916 * we can support any size GET requests.
3917 * There is still a limit : -ENOMEM.
3918 @@ -788,22 +787,6 @@
3919 }
3920 }
3921
3922 - if (IW_IS_GET(cmd) && !(descr->flags & IW_DESCR_FLAG_NOMAX)) {
3923 - /*
3924 - * If this is a GET, but not NOMAX, it means that the extra
3925 - * data is not bounded by userspace, but by max_tokens. Thus
3926 - * set the length to max_tokens. This matches the extra data
3927 - * allocation.
3928 - * The driver should fill it with the number of tokens it
3929 - * provided, and it may check iwp->length rather than having
3930 - * knowledge of max_tokens. If the driver doesn't change the
3931 - * iwp->length, this ioctl just copies back max_token tokens
3932 - * filled with zeroes. Hopefully the driver isn't claiming
3933 - * them to be valid data.
3934 - */
3935 - iwp->length = descr->max_tokens;
3936 - }
3937 -
3938 err = handler(dev, info, (union iwreq_data *) iwp, extra);
3939
3940 iwp->length += essid_compat;
3941 diff -Naur backports-4.2.6-1.org/scripts/gcc-plugin.sh backports-4.2.6-1/scripts/gcc-plugin.sh
3942 --- backports-4.2.6-1.org/scripts/gcc-plugin.sh 1970-01-01 01:00:00.000000000 +0100
3943 +++ backports-4.2.6-1/scripts/gcc-plugin.sh 2016-01-27 12:26:36.303292082 +0100
3944 @@ -0,0 +1,51 @@
3945 +#!/bin/sh
3946 +srctree=$(dirname "$0")
3947 +gccplugins_dir=$($3 -print-file-name=plugin)
3948 +plugincc=$($1 -E -x c++ - -o /dev/null -I"${srctree}"/../tools/gcc -I"${gccplugins_dir}"/include 2>&1 <<EOF
3949 +#include "gcc-common.h"
3950 +#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX)
3951 +#warning $2 CXX
3952 +#else
3953 +#warning $1 CC
3954 +#endif
3955 +EOF
3956 +)
3957 +
3958 +if [ $? -ne 0 ]
3959 +then
3960 + exit 1
3961 +fi
3962 +
3963 +case "$plugincc" in
3964 + *"$1 CC"*)
3965 + echo "$1"
3966 + exit 0
3967 + ;;
3968 +
3969 + *"$2 CXX"*)
3970 + # the c++ compiler needs another test, see below
3971 + ;;
3972 +
3973 + *)
3974 + exit 1
3975 + ;;
3976 +esac
3977 +
3978 +# we need a c++ compiler that supports the designated initializer GNU extension
3979 +plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I"${srctree}"/../tools/gcc -I"${gccplugins_dir}"/include 2>&1 <<EOF
3980 +#include "gcc-common.h"
3981 +class test {
3982 +public:
3983 + int test;
3984 +} test = {
3985 + .test = 1
3986 +};
3987 +EOF
3988 +)
3989 +
3990 +if [ $? -eq 0 ]
3991 +then
3992 + echo "$2"
3993 + exit 0
3994 +fi
3995 +exit 1
Peter's tree of IPFire 2.x