diff -Naur backports-4.2.6-1.org/drivers/bluetooth/btwilink.c backports-4.2.6-1/drivers/bluetooth/btwilink.c --- backports-4.2.6-1.org/drivers/bluetooth/btwilink.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/drivers/bluetooth/btwilink.c 2016-01-27 12:26:16.319959957 +0100 @@ -288,7 +288,7 @@ static int bt_ti_probe(struct platform_device *pdev) { - static struct ti_st *hst; + struct ti_st *hst; struct hci_dev *hdev; int err; diff -Naur backports-4.2.6-1.org/drivers/media/dvb-core/dvbdev.c backports-4.2.6-1/drivers/media/dvb-core/dvbdev.c --- backports-4.2.6-1.org/drivers/media/dvb-core/dvbdev.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/media/dvb-core/dvbdev.c 2016-01-27 12:26:21.266626324 +0100 @@ -272,7 +272,7 @@ const struct dvb_device *template, void *priv, int type) { struct dvb_device *dvbdev; - struct file_operations *dvbdevfops; + file_operations_no_const *dvbdevfops; struct device *clsdev; int minor; int id; diff -Naur backports-4.2.6-1.org/drivers/media/dvb-frontends/af9033.h backports-4.2.6-1/drivers/media/dvb-frontends/af9033.h --- backports-4.2.6-1.org/drivers/media/dvb-frontends/af9033.h 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/dvb-frontends/af9033.h 2016-01-27 12:26:21.266626324 +0100 @@ -96,6 +96,6 @@ int (*pid_filter_ctrl)(struct dvb_frontend *fe, int onoff); int (*pid_filter)(struct dvb_frontend *fe, int index, u16 pid, int onoff); -}; +} __no_const; #endif /* AF9033_H */ diff -Naur backports-4.2.6-1.org/drivers/media/dvb-frontends/dib3000.h backports-4.2.6-1/drivers/media/dvb-frontends/dib3000.h --- backports-4.2.6-1.org/drivers/media/dvb-frontends/dib3000.h 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/dvb-frontends/dib3000.h 2016-01-27 12:26:21.266626324 +0100 @@ -39,7 +39,7 @@ int (*fifo_ctrl)(struct dvb_frontend *fe, int onoff); int (*pid_ctrl)(struct dvb_frontend *fe, int index, int pid, int onoff); int (*tuner_pass_ctrl)(struct dvb_frontend *fe, int onoff, u8 pll_ctrl); -}; +} __no_const; #if IS_REACHABLE(CPTCFG_DVB_DIB3000MB) extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config, diff -Naur backports-4.2.6-1.org/drivers/media/dvb-frontends/dib7000p.h backports-4.2.6-1/drivers/media/dvb-frontends/dib7000p.h --- backports-4.2.6-1.org/drivers/media/dvb-frontends/dib7000p.h 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/dvb-frontends/dib7000p.h 2016-01-27 12:26:21.266626324 +0100 @@ -64,7 +64,7 @@ int (*get_adc_power)(struct dvb_frontend *fe); int (*slave_reset)(struct dvb_frontend *fe); struct dvb_frontend *(*init)(struct i2c_adapter *i2c_adap, u8 i2c_addr, struct dib7000p_config *cfg); -}; +} __no_const; #if IS_REACHABLE(CPTCFG_DVB_DIB7000P) void *dib7000p_attach(struct dib7000p_ops *ops); diff -Naur backports-4.2.6-1.org/drivers/media/dvb-frontends/dib8000.h backports-4.2.6-1/drivers/media/dvb-frontends/dib8000.h --- backports-4.2.6-1.org/drivers/media/dvb-frontends/dib8000.h 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/dvb-frontends/dib8000.h 2016-01-27 12:26:21.266626324 +0100 @@ -61,7 +61,7 @@ int (*pid_filter_ctrl)(struct dvb_frontend *fe, u8 onoff); int (*pid_filter)(struct dvb_frontend *fe, u8 id, u16 pid, u8 onoff); struct dvb_frontend *(*init)(struct i2c_adapter *i2c_adap, u8 i2c_addr, struct dib8000_config *cfg); -}; +} __no_const; #if IS_REACHABLE(CPTCFG_DVB_DIB8000) void *dib8000_attach(struct dib8000_ops *ops); diff -Naur backports-4.2.6-1.org/drivers/media/pci/cx88/cx88-video.c backports-4.2.6-1/drivers/media/pci/cx88/cx88-video.c --- backports-4.2.6-1.org/drivers/media/pci/cx88/cx88-video.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/pci/cx88/cx88-video.c 2016-01-27 12:26:21.266626324 +0100 @@ -50,9 +50,9 @@ /* ------------------------------------------------------------------ */ -static unsigned int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; -static unsigned int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; -static unsigned int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; +static int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; +static int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; +static int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET }; module_param_array(video_nr, int, NULL, 0444); module_param_array(vbi_nr, int, NULL, 0444); diff -Naur backports-4.2.6-1.org/drivers/media/pci/ivtv/ivtv-driver.c backports-4.2.6-1/drivers/media/pci/ivtv/ivtv-driver.c --- backports-4.2.6-1.org/drivers/media/pci/ivtv/ivtv-driver.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/pci/ivtv/ivtv-driver.c 2016-01-27 12:26:21.266626324 +0100 @@ -83,7 +83,7 @@ MODULE_DEVICE_TABLE(pci,ivtv_pci_tbl); /* ivtv instance counter */ -static atomic_t ivtv_instance = ATOMIC_INIT(0); +static atomic_unchecked_t ivtv_instance = ATOMIC_INIT(0); /* Parameter declarations */ static int cardtype[IVTV_MAX_CARDS]; diff -Naur backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-core.c backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-core.c --- backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-core.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-core.c 2016-01-27 12:26:21.266626324 +0100 @@ -424,7 +424,7 @@ static int solo_sysfs_init(struct solo_dev *solo_dev) { - struct bin_attribute *sdram_attr = &solo_dev->sdram_attr; + bin_attribute_no_const *sdram_attr = &solo_dev->sdram_attr; struct device *dev = &solo_dev->dev; const char *driver; int i; diff -Naur backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-g723.c backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-g723.c --- backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-g723.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-g723.c 2016-01-27 12:26:21.266626324 +0100 @@ -351,7 +351,7 @@ int solo_g723_init(struct solo_dev *solo_dev) { - static struct snd_device_ops ops = { NULL }; + static struct snd_device_ops ops = { }; struct snd_card *card; struct snd_kcontrol_new kctl; char name[32]; diff -Naur backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10.h backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10.h --- backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10.h 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10.h 2016-01-27 12:26:21.266626324 +0100 @@ -218,7 +218,7 @@ /* P2M DMA Engine */ struct solo_p2m_dev p2m_dev[SOLO_NR_P2M]; - atomic_t p2m_count; + atomic_unchecked_t p2m_count; int p2m_jiffies; unsigned int p2m_timeouts; diff -Naur backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-p2m.c backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-p2m.c --- backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-p2m.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-p2m.c 2016-01-27 12:26:21.266626324 +0100 @@ -73,7 +73,7 @@ /* Get next ID. According to Softlogic, 6110 has problems on !=0 P2M */ if (solo_dev->type != SOLO_DEV_6110 && multi_p2m) { - p2m_id = atomic_inc_return(&solo_dev->p2m_count) % SOLO_NR_P2M; + p2m_id = atomic_inc_return_unchecked(&solo_dev->p2m_count) % SOLO_NR_P2M; if (p2m_id < 0) p2m_id = -p2m_id; } diff -Naur backports-4.2.6-1.org/drivers/media/pci/tw68/tw68-core.c backports-4.2.6-1/drivers/media/pci/tw68/tw68-core.c --- backports-4.2.6-1.org/drivers/media/pci/tw68/tw68-core.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/pci/tw68/tw68-core.c 2016-01-27 12:26:21.266626324 +0100 @@ -60,7 +60,7 @@ module_param_array(card, int, NULL, 0444); MODULE_PARM_DESC(card, "card type"); -static atomic_t tw68_instance = ATOMIC_INIT(0); +static atomic_unchecked_t tw68_instance = ATOMIC_INIT(0); /* ------------------------------------------------------------------ */ diff -Naur backports-4.2.6-1.org/drivers/media/platform/omap/omap_vout.c backports-4.2.6-1/drivers/media/platform/omap/omap_vout.c --- backports-4.2.6-1.org/drivers/media/platform/omap/omap_vout.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/platform/omap/omap_vout.c 2016-01-27 12:26:21.266626324 +0100 @@ -63,7 +63,6 @@ OMAP_VIDEO2, }; -static struct videobuf_queue_ops video_vbq_ops; /* Variables configurable through module params*/ static u32 video1_numbuffers = 3; static u32 video2_numbuffers = 3; @@ -1008,6 +1007,12 @@ { struct videobuf_queue *q; struct omap_vout_device *vout = NULL; + static struct videobuf_queue_ops video_vbq_ops = { + .buf_setup = omap_vout_buffer_setup, + .buf_prepare = omap_vout_buffer_prepare, + .buf_release = omap_vout_buffer_release, + .buf_queue = omap_vout_buffer_queue, + }; vout = video_drvdata(file); v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__); @@ -1025,10 +1030,6 @@ vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT; q = &vout->vbq; - video_vbq_ops.buf_setup = omap_vout_buffer_setup; - video_vbq_ops.buf_prepare = omap_vout_buffer_prepare; - video_vbq_ops.buf_release = omap_vout_buffer_release; - video_vbq_ops.buf_queue = omap_vout_buffer_queue; spin_lock_init(&vout->vbq_lock); videobuf_queue_dma_contig_init(q, &video_vbq_ops, q->dev, diff -Naur backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_grp_layer.c backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_grp_layer.c --- backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_grp_layer.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_grp_layer.c 2016-01-27 12:26:21.266626324 +0100 @@ -235,7 +235,7 @@ { struct mxr_layer *layer; int ret; - struct mxr_layer_ops ops = { + static struct mxr_layer_ops ops = { .release = mxr_graph_layer_release, .buffer_set = mxr_graph_buffer_set, .stream_set = mxr_graph_stream_set, diff -Naur backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer.h backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer.h --- backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer.h 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer.h 2016-01-27 12:26:21.266626324 +0100 @@ -156,7 +156,7 @@ /** layer index (unique identifier) */ int idx; /** callbacks for layer methods */ - struct mxr_layer_ops ops; + struct mxr_layer_ops *ops; /** format array */ const struct mxr_format **fmt_array; /** size of format array */ diff -Naur backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_reg.c backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_reg.c --- backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_reg.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_reg.c 2016-01-27 12:26:21.266626324 +0100 @@ -276,7 +276,7 @@ layer->update_buf = next; } - layer->ops.buffer_set(layer, layer->update_buf); + layer->ops->buffer_set(layer, layer->update_buf); if (done && done != layer->shadow_buf) vb2_buffer_done(&done->vb, VB2_BUF_STATE_DONE); diff -Naur backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_video.c backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_video.c --- backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_video.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_video.c 2016-01-27 12:26:21.266626324 +0100 @@ -210,7 +210,7 @@ layer->geo.src.height = layer->geo.src.full_height; mxr_geometry_dump(mdev, &layer->geo); - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SINK, 0); + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SINK, 0); mxr_geometry_dump(mdev, &layer->geo); } @@ -228,7 +228,7 @@ layer->geo.dst.full_width = mbus_fmt.width; layer->geo.dst.full_height = mbus_fmt.height; layer->geo.dst.field = mbus_fmt.field; - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SINK, 0); + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SINK, 0); mxr_geometry_dump(mdev, &layer->geo); } @@ -334,7 +334,7 @@ /* set source size to highest accepted value */ geo->src.full_width = max(geo->dst.full_width, pix->width); geo->src.full_height = max(geo->dst.full_height, pix->height); - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0); + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0); mxr_geometry_dump(mdev, &layer->geo); /* set cropping to total visible screen */ geo->src.width = pix->width; @@ -342,12 +342,12 @@ geo->src.x_offset = 0; geo->src.y_offset = 0; /* assure consistency of geometry */ - layer->ops.fix_geometry(layer, MXR_GEOMETRY_CROP, MXR_NO_OFFSET); + layer->ops->fix_geometry(layer, MXR_GEOMETRY_CROP, MXR_NO_OFFSET); mxr_geometry_dump(mdev, &layer->geo); /* set full size to lowest possible value */ geo->src.full_width = 0; geo->src.full_height = 0; - layer->ops.fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0); + layer->ops->fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0); mxr_geometry_dump(mdev, &layer->geo); /* returning results */ @@ -474,7 +474,7 @@ target->width = s->r.width; target->height = s->r.height; - layer->ops.fix_geometry(layer, stage, s->flags); + layer->ops->fix_geometry(layer, stage, s->flags); /* retrieve update selection rectangle */ res.left = target->x_offset; @@ -938,13 +938,13 @@ mxr_output_get(mdev); mxr_layer_update_output(layer); - layer->ops.format_set(layer); + layer->ops->format_set(layer); /* enabling layer in hardware */ spin_lock_irqsave(&layer->enq_slock, flags); layer->state = MXR_LAYER_STREAMING; spin_unlock_irqrestore(&layer->enq_slock, flags); - layer->ops.stream_set(layer, MXR_ENABLE); + layer->ops->stream_set(layer, MXR_ENABLE); mxr_streamer_get(mdev); return 0; @@ -1014,7 +1014,7 @@ spin_unlock_irqrestore(&layer->enq_slock, flags); /* disabling layer in hardware */ - layer->ops.stream_set(layer, MXR_DISABLE); + layer->ops->stream_set(layer, MXR_DISABLE); /* remove one streamer */ mxr_streamer_put(mdev); /* allow changes in output configuration */ @@ -1052,8 +1052,8 @@ void mxr_layer_release(struct mxr_layer *layer) { - if (layer->ops.release) - layer->ops.release(layer); + if (layer->ops->release) + layer->ops->release(layer); } void mxr_base_layer_release(struct mxr_layer *layer) @@ -1079,7 +1079,7 @@ layer->mdev = mdev; layer->idx = idx; - layer->ops = *ops; + layer->ops = ops; spin_lock_init(&layer->enq_slock); INIT_LIST_HEAD(&layer->enq_list); diff -Naur backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_vp_layer.c backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_vp_layer.c --- backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_vp_layer.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_vp_layer.c 2016-01-27 12:26:21.266626324 +0100 @@ -206,7 +206,7 @@ { struct mxr_layer *layer; int ret; - struct mxr_layer_ops ops = { + static struct mxr_layer_ops ops = { .release = mxr_vp_layer_release, .buffer_set = mxr_vp_buffer_set, .stream_set = mxr_vp_stream_set, diff -Naur backports-4.2.6-1.org/drivers/media/platform/vivid/vivid-osd.c backports-4.2.6-1/drivers/media/platform/vivid/vivid-osd.c --- backports-4.2.6-1.org/drivers/media/platform/vivid/vivid-osd.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/platform/vivid/vivid-osd.c 2016-01-27 12:26:21.269959657 +0100 @@ -85,6 +85,7 @@ case FBIOGET_VBLANK: { struct fb_vblank vblank; + memset(&vblank, 0, sizeof(vblank)); vblank.flags = FB_VBLANK_HAVE_COUNT | FB_VBLANK_HAVE_VCOUNT | FB_VBLANK_HAVE_VSYNC; vblank.count = 0; diff -Naur backports-4.2.6-1.org/drivers/media/radio/radio-cadet.c backports-4.2.6-1/drivers/media/radio/radio-cadet.c --- backports-4.2.6-1.org/drivers/media/radio/radio-cadet.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/radio/radio-cadet.c 2016-01-27 12:26:21.269959657 +0100 @@ -333,6 +333,8 @@ unsigned char readbuf[RDS_BUFFER]; int i = 0; + if (count > RDS_BUFFER) + return -EFAULT; mutex_lock(&dev->lock); if (dev->rdsstat == 0) cadet_start_rds(dev); @@ -349,8 +351,9 @@ readbuf[i++] = dev->rdsbuf[dev->rdsout++]; mutex_unlock(&dev->lock); - if (i && copy_to_user(data, readbuf, i)) - return -EFAULT; + if (i > sizeof(readbuf) || (i && copy_to_user(data, readbuf, i))) + i = -EFAULT; + return i; } diff -Naur backports-4.2.6-1.org/drivers/media/radio/radio-maxiradio.c backports-4.2.6-1/drivers/media/radio/radio-maxiradio.c --- backports-4.2.6-1.org/drivers/media/radio/radio-maxiradio.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/radio/radio-maxiradio.c 2016-01-27 12:26:21.269959657 +0100 @@ -61,7 +61,7 @@ /* TEA5757 pin mappings */ static const int clk = 1, data = 2, wren = 4, mo_st = 8, power = 16; -static atomic_t maxiradio_instance = ATOMIC_INIT(0); +static atomic_unchecked_t maxiradio_instance = ATOMIC_INIT(0); #define PCI_VENDOR_ID_GUILLEMOT 0x5046 #define PCI_DEVICE_ID_GUILLEMOT_MAXIRADIO 0x1001 diff -Naur backports-4.2.6-1.org/drivers/media/radio/radio-shark2.c backports-4.2.6-1/drivers/media/radio/radio-shark2.c --- backports-4.2.6-1.org/drivers/media/radio/radio-shark2.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/radio/radio-shark2.c 2016-01-27 12:26:21.269959657 +0100 @@ -74,7 +74,7 @@ u8 *transfer_buffer; }; -static atomic_t shark_instance = ATOMIC_INIT(0); +static atomic_unchecked_t shark_instance = ATOMIC_INIT(0); static int shark_write_reg(struct radio_tea5777 *tea, u64 reg) { diff -Naur backports-4.2.6-1.org/drivers/media/radio/radio-shark.c backports-4.2.6-1/drivers/media/radio/radio-shark.c --- backports-4.2.6-1.org/drivers/media/radio/radio-shark.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/radio/radio-shark.c 2016-01-27 12:26:21.269959657 +0100 @@ -79,7 +79,7 @@ u32 last_val; }; -static atomic_t shark_instance = ATOMIC_INIT(0); +static atomic_unchecked_t shark_instance = ATOMIC_INIT(0); static void shark_write_val(struct snd_tea575x *tea, u32 val) { diff -Naur backports-4.2.6-1.org/drivers/media/radio/radio-si476x.c backports-4.2.6-1/drivers/media/radio/radio-si476x.c --- backports-4.2.6-1.org/drivers/media/radio/radio-si476x.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/radio/radio-si476x.c 2016-01-27 12:26:21.269959657 +0100 @@ -1445,7 +1445,7 @@ struct si476x_radio *radio; struct v4l2_ctrl *ctrl; - static atomic_t instance = ATOMIC_INIT(0); + static atomic_unchecked_t instance = ATOMIC_INIT(0); radio = devm_kzalloc(&pdev->dev, sizeof(*radio), GFP_KERNEL); if (!radio) diff -Naur backports-4.2.6-1.org/drivers/media/radio/wl128x/fmdrv_common.c backports-4.2.6-1/drivers/media/radio/wl128x/fmdrv_common.c --- backports-4.2.6-1.org/drivers/media/radio/wl128x/fmdrv_common.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/radio/wl128x/fmdrv_common.c 2016-01-27 12:26:21.269959657 +0100 @@ -71,7 +71,7 @@ MODULE_PARM_DESC(rds_buf, "RDS buffer entries"); /* Radio Nr */ -static u32 radio_nr = -1; +static int radio_nr = -1; module_param(radio_nr, int, 0444); MODULE_PARM_DESC(radio_nr, "Radio Nr"); diff -Naur backports-4.2.6-1.org/drivers/media/usb/dvb-usb/cinergyT2-core.c backports-4.2.6-1/drivers/media/usb/dvb-usb/cinergyT2-core.c --- backports-4.2.6-1.org/drivers/media/usb/dvb-usb/cinergyT2-core.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/media/usb/dvb-usb/cinergyT2-core.c 2016-01-27 12:26:21.269959657 +0100 @@ -50,29 +50,73 @@ static int cinergyt2_streaming_ctrl(struct dvb_usb_adapter *adap, int enable) { - char buf[] = { CINERGYT2_EP1_CONTROL_STREAM_TRANSFER, enable ? 1 : 0 }; - char result[64]; - return dvb_usb_generic_rw(adap->dev, buf, sizeof(buf), result, - sizeof(result), 0); + char *buf; + char *result; + int retval; + + buf = kmalloc(2, GFP_KERNEL); + if (buf == NULL) + return -ENOMEM; + result = kmalloc(64, GFP_KERNEL); + if (result == NULL) { + kfree(buf); + return -ENOMEM; + } + + buf[0] = CINERGYT2_EP1_CONTROL_STREAM_TRANSFER; + buf[1] = enable ? 1 : 0; + + retval = dvb_usb_generic_rw(adap->dev, buf, 2, result, 64, 0); + + kfree(buf); + kfree(result); + return retval; } static int cinergyt2_power_ctrl(struct dvb_usb_device *d, int enable) { - char buf[] = { CINERGYT2_EP1_SLEEP_MODE, enable ? 0 : 1 }; - char state[3]; - return dvb_usb_generic_rw(d, buf, sizeof(buf), state, sizeof(state), 0); + char *buf; + char *state; + int retval; + + buf = kmalloc(2, GFP_KERNEL); + if (buf == NULL) + return -ENOMEM; + state = kmalloc(3, GFP_KERNEL); + if (state == NULL) { + kfree(buf); + return -ENOMEM; + } + + buf[0] = CINERGYT2_EP1_SLEEP_MODE; + buf[1] = enable ? 1 : 0; + + retval = dvb_usb_generic_rw(d, buf, 2, state, 3, 0); + + kfree(buf); + kfree(state); + return retval; } static int cinergyt2_frontend_attach(struct dvb_usb_adapter *adap) { - char query[] = { CINERGYT2_EP1_GET_FIRMWARE_VERSION }; - char state[3]; + char *query; + char *state; int ret; + query = kmalloc(1, GFP_KERNEL); + if (query == NULL) + return -ENOMEM; + state = kmalloc(3, GFP_KERNEL); + if (state == NULL) { + kfree(query); + return -ENOMEM; + } + + query[0] = CINERGYT2_EP1_GET_FIRMWARE_VERSION; adap->fe_adap[0].fe = cinergyt2_fe_attach(adap->dev); - ret = dvb_usb_generic_rw(adap->dev, query, sizeof(query), state, - sizeof(state), 0); + ret = dvb_usb_generic_rw(adap->dev, query, 1, state, 3, 0); if (ret < 0) { deb_rc("cinergyt2_power_ctrl() Failed to retrieve sleep " "state info\n"); @@ -80,7 +124,8 @@ /* Copy this pointer as we are gonna need it in the release phase */ cinergyt2_usb_device = adap->dev; - + kfree(query); + kfree(state); return 0; } @@ -141,12 +186,23 @@ static int cinergyt2_rc_query(struct dvb_usb_device *d, u32 *event, int *state) { struct cinergyt2_state *st = d->priv; - u8 key[5] = {0, 0, 0, 0, 0}, cmd = CINERGYT2_EP1_GET_RC_EVENTS; + u8 *key, *cmd; int i; + cmd = kmalloc(1, GFP_KERNEL); + if (cmd == NULL) + return -EINVAL; + key = kzalloc(5, GFP_KERNEL); + if (key == NULL) { + kfree(cmd); + return -EINVAL; + } + + cmd[0] = CINERGYT2_EP1_GET_RC_EVENTS; + *state = REMOTE_NO_KEY_PRESSED; - dvb_usb_generic_rw(d, &cmd, 1, key, sizeof(key), 0); + dvb_usb_generic_rw(d, cmd, 1, key, 5, 0); if (key[4] == 0xff) { /* key repeat */ st->rc_counter++; @@ -157,12 +213,12 @@ *event = d->last_event; deb_rc("repeat key, event %x\n", *event); - return 0; + goto out; } } deb_rc("repeated key (non repeatable)\n"); } - return 0; + goto out; } /* hack to pass checksum on the custom field */ @@ -174,6 +230,9 @@ deb_rc("key: %*ph\n", 5, key); } +out: + kfree(cmd); + kfree(key); return 0; } diff -Naur backports-4.2.6-1.org/drivers/media/usb/dvb-usb/cinergyT2-fe.c backports-4.2.6-1/drivers/media/usb/dvb-usb/cinergyT2-fe.c --- backports-4.2.6-1.org/drivers/media/usb/dvb-usb/cinergyT2-fe.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/media/usb/dvb-usb/cinergyT2-fe.c 2016-01-27 12:26:21.269959657 +0100 @@ -145,103 +145,176 @@ enum fe_status *status) { struct cinergyt2_fe_state *state = fe->demodulator_priv; - struct dvbt_get_status_msg result; - u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS }; + struct dvbt_get_status_msg *result; + u8 *cmd; int ret; - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&result, - sizeof(result), 0); + cmd = kmalloc(1, GFP_KERNEL); + if (cmd == NULL) + return -ENOMEM; + result = kmalloc(sizeof(*result), GFP_KERNEL); + if (result == NULL) { + kfree(cmd); + return -ENOMEM; + } + + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS; + + ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)result, + sizeof(*result), 0); if (ret < 0) - return ret; + goto out; *status = 0; - if (0xffff - le16_to_cpu(result.gain) > 30) + if (0xffff - le16_to_cpu(result->gain) > 30) *status |= FE_HAS_SIGNAL; - if (result.lock_bits & (1 << 6)) + if (result->lock_bits & (1 << 6)) *status |= FE_HAS_LOCK; - if (result.lock_bits & (1 << 5)) + if (result->lock_bits & (1 << 5)) *status |= FE_HAS_SYNC; - if (result.lock_bits & (1 << 4)) + if (result->lock_bits & (1 << 4)) *status |= FE_HAS_CARRIER; - if (result.lock_bits & (1 << 1)) + if (result->lock_bits & (1 << 1)) *status |= FE_HAS_VITERBI; if ((*status & (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC)) != (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC)) *status &= ~FE_HAS_LOCK; - return 0; +out: + kfree(cmd); + kfree(result); + return ret; } static int cinergyt2_fe_read_ber(struct dvb_frontend *fe, u32 *ber) { struct cinergyt2_fe_state *state = fe->demodulator_priv; - struct dvbt_get_status_msg status; - char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS }; + struct dvbt_get_status_msg *status; + char *cmd; int ret; - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status, - sizeof(status), 0); + cmd = kmalloc(1, GFP_KERNEL); + if (cmd == NULL) + return -ENOMEM; + status = kmalloc(sizeof(*status), GFP_KERNEL); + if (status == NULL) { + kfree(cmd); + return -ENOMEM; + } + + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS; + + ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status, + sizeof(*status), 0); if (ret < 0) - return ret; + goto out; - *ber = le32_to_cpu(status.viterbi_error_rate); + *ber = le32_to_cpu(status->viterbi_error_rate); +out: + kfree(cmd); + kfree(status); return 0; } static int cinergyt2_fe_read_unc_blocks(struct dvb_frontend *fe, u32 *unc) { struct cinergyt2_fe_state *state = fe->demodulator_priv; - struct dvbt_get_status_msg status; - u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS }; + struct dvbt_get_status_msg *status; + u8 *cmd; int ret; - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&status, - sizeof(status), 0); + cmd = kmalloc(1, GFP_KERNEL); + if (cmd == NULL) + return -ENOMEM; + status = kmalloc(sizeof(*status), GFP_KERNEL); + if (status == NULL) { + kfree(cmd); + return -ENOMEM; + } + + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS; + + ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)status, + sizeof(*status), 0); if (ret < 0) { err("cinergyt2_fe_read_unc_blocks() Failed! (Error=%d)\n", ret); - return ret; + goto out; } - *unc = le32_to_cpu(status.uncorrected_block_count); - return 0; + *unc = le32_to_cpu(status->uncorrected_block_count); + +out: + kfree(cmd); + kfree(status); + return ret; } static int cinergyt2_fe_read_signal_strength(struct dvb_frontend *fe, u16 *strength) { struct cinergyt2_fe_state *state = fe->demodulator_priv; - struct dvbt_get_status_msg status; - char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS }; + struct dvbt_get_status_msg *status; + char *cmd; int ret; - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status, - sizeof(status), 0); + cmd = kmalloc(1, GFP_KERNEL); + if (cmd == NULL) + return -ENOMEM; + status = kmalloc(sizeof(*status), GFP_KERNEL); + if (status == NULL) { + kfree(cmd); + return -ENOMEM; + } + + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS; + + ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status, + sizeof(*status), 0); if (ret < 0) { err("cinergyt2_fe_read_signal_strength() Failed!" " (Error=%d)\n", ret); - return ret; + goto out; } - *strength = (0xffff - le16_to_cpu(status.gain)); + *strength = (0xffff - le16_to_cpu(status->gain)); + +out: + kfree(cmd); + kfree(status); return 0; } static int cinergyt2_fe_read_snr(struct dvb_frontend *fe, u16 *snr) { struct cinergyt2_fe_state *state = fe->demodulator_priv; - struct dvbt_get_status_msg status; - char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS }; + struct dvbt_get_status_msg *status; + char *cmd; int ret; - ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status, - sizeof(status), 0); + cmd = kmalloc(1, GFP_KERNEL); + if (cmd == NULL) + return -ENOMEM; + status = kmalloc(sizeof(*status), GFP_KERNEL); + if (status == NULL) { + kfree(cmd); + return -ENOMEM; + } + + cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS; + + ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status, + sizeof(*status), 0); if (ret < 0) { err("cinergyt2_fe_read_snr() Failed! (Error=%d)\n", ret); - return ret; + goto out; } - *snr = (status.snr << 8) | status.snr; - return 0; + *snr = (status->snr << 8) | status->snr; + +out: + kfree(cmd); + kfree(status); + return ret; } static int cinergyt2_fe_init(struct dvb_frontend *fe) @@ -266,35 +339,46 @@ { struct dtv_frontend_properties *fep = &fe->dtv_property_cache; struct cinergyt2_fe_state *state = fe->demodulator_priv; - struct dvbt_set_parameters_msg param; - char result[2]; + struct dvbt_set_parameters_msg *param; + char *result; int err; - param.cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS; - param.tps = cpu_to_le16(compute_tps(fep)); - param.freq = cpu_to_le32(fep->frequency / 1000); - param.flags = 0; + result = kmalloc(2, GFP_KERNEL); + if (result == NULL) + return -ENOMEM; + param = kmalloc(sizeof(*param), GFP_KERNEL); + if (param == NULL) { + kfree(result); + return -ENOMEM; + } + + param->cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS; + param->tps = cpu_to_le16(compute_tps(fep)); + param->freq = cpu_to_le32(fep->frequency / 1000); + param->flags = 0; switch (fep->bandwidth_hz) { default: case 8000000: - param.bandwidth = 8; + param->bandwidth = 8; break; case 7000000: - param.bandwidth = 7; + param->bandwidth = 7; break; case 6000000: - param.bandwidth = 6; + param->bandwidth = 6; break; } err = dvb_usb_generic_rw(state->d, - (char *)¶m, sizeof(param), - result, sizeof(result), 0); + (char *)param, sizeof(*param), + result, 2, 0); if (err < 0) err("cinergyt2_fe_set_frontend() Failed! err=%d\n", err); - return (err < 0) ? err : 0; + kfree(result); + kfree(param); + return err; } static void cinergyt2_fe_release(struct dvb_frontend *fe) diff -Naur backports-4.2.6-1.org/drivers/media/usb/dvb-usb/dvb-usb-firmware.c backports-4.2.6-1/drivers/media/usb/dvb-usb/dvb-usb-firmware.c --- backports-4.2.6-1.org/drivers/media/usb/dvb-usb/dvb-usb-firmware.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/media/usb/dvb-usb/dvb-usb-firmware.c 2016-01-27 12:26:21.269959657 +0100 @@ -35,42 +35,57 @@ int usb_cypress_load_firmware(struct usb_device *udev, const struct firmware *fw, int type) { - struct hexline hx; - u8 reset; + struct hexline *hx; + u8 *reset; int ret,pos=0; + reset = kmalloc(1, GFP_KERNEL); + if (reset == NULL) + return -ENOMEM; + + hx = kmalloc(sizeof(struct hexline), GFP_KERNEL); + if (hx == NULL) { + kfree(reset); + return -ENOMEM; + } + /* stop the CPU */ - reset = 1; - if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1)) != 1) + reset[0] = 1; + if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1)) != 1) err("could not stop the USB controller CPU."); - while ((ret = dvb_usb_get_hexline(fw,&hx,&pos)) > 0) { - deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx.addr,hx.len,hx.chk); - ret = usb_cypress_writemem(udev,hx.addr,hx.data,hx.len); + while ((ret = dvb_usb_get_hexline(fw,hx,&pos)) > 0) { + deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx->addr,hx->len,hx->chk); + ret = usb_cypress_writemem(udev,hx->addr,hx->data,hx->len); - if (ret != hx.len) { + if (ret != hx->len) { err("error while transferring firmware " "(transferred size: %d, block size: %d)", - ret,hx.len); + ret,hx->len); ret = -EINVAL; break; } } if (ret < 0) { err("firmware download failed at %d with %d",pos,ret); + kfree(reset); + kfree(hx); return ret; } if (ret == 0) { /* restart the CPU */ - reset = 0; - if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1) != 1) { + reset[0] = 0; + if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1) != 1) { err("could not restart the USB controller CPU."); ret = -EINVAL; } } else ret = -EIO; + kfree(reset); + kfree(hx); + return ret; } EXPORT_SYMBOL(usb_cypress_load_firmware); diff -Naur backports-4.2.6-1.org/drivers/media/usb/dvb-usb/technisat-usb2.c backports-4.2.6-1/drivers/media/usb/dvb-usb/technisat-usb2.c --- backports-4.2.6-1.org/drivers/media/usb/dvb-usb/technisat-usb2.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/media/usb/dvb-usb/technisat-usb2.c 2016-01-27 12:26:21.269959657 +0100 @@ -87,8 +87,11 @@ static int technisat_usb2_i2c_access(struct usb_device *udev, u8 device_addr, u8 *tx, u8 txlen, u8 *rx, u8 rxlen) { - u8 b[64]; - int ret, actual_length; + u8 *b = kmalloc(64, GFP_KERNEL); + int ret, actual_length, error = 0; + + if (b == NULL) + return -ENOMEM; deb_i2c("i2c-access: %02x, tx: ", device_addr); debug_dump(tx, txlen, deb_i2c); @@ -121,7 +124,8 @@ if (ret < 0) { err("i2c-error: out failed %02x = %d", device_addr, ret); - return -ENODEV; + error = -ENODEV; + goto out; } ret = usb_bulk_msg(udev, @@ -129,7 +133,8 @@ b, 64, &actual_length, 1000); if (ret < 0) { err("i2c-error: in failed %02x = %d", device_addr, ret); - return -ENODEV; + error = -ENODEV; + goto out; } if (b[0] != I2C_STATUS_OK) { @@ -137,8 +142,10 @@ /* handle tuner-i2c-nak */ if (!(b[0] == I2C_STATUS_NAK && device_addr == 0x60 - /* && device_is_technisat_usb2 */)) - return -ENODEV; + /* && device_is_technisat_usb2 */)) { + error = -ENODEV; + goto out; + } } deb_i2c("status: %d, ", b[0]); @@ -152,7 +159,9 @@ deb_i2c("\n"); - return 0; +out: + kfree(b); + return error; } static int technisat_usb2_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msg, @@ -224,14 +233,16 @@ { int ret; - u8 led[8] = { - red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST, - 0 - }; + u8 *led = kzalloc(8, GFP_KERNEL); + + if (led == NULL) + return -ENOMEM; if (disable_led_control && state != TECH_LED_OFF) return 0; + led[0] = red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST; + switch (state) { case TECH_LED_ON: led[1] = 0x82; @@ -263,16 +274,22 @@ red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST, USB_TYPE_VENDOR | USB_DIR_OUT, 0, 0, - led, sizeof(led), 500); + led, 8, 500); mutex_unlock(&d->i2c_mutex); + + kfree(led); + return ret; } static int technisat_usb2_set_led_timer(struct dvb_usb_device *d, u8 red, u8 green) { int ret; - u8 b = 0; + u8 *b = kzalloc(1, GFP_KERNEL); + + if (b == NULL) + return -ENOMEM; if (mutex_lock_interruptible(&d->i2c_mutex) < 0) return -EAGAIN; @@ -281,10 +298,12 @@ SET_LED_TIMER_DIVIDER_VENDOR_REQUEST, USB_TYPE_VENDOR | USB_DIR_OUT, (red << 8) | green, 0, - &b, 1, 500); + b, 1, 500); mutex_unlock(&d->i2c_mutex); + kfree(b); + return ret; } @@ -328,7 +347,7 @@ struct dvb_usb_device_description **desc, int *cold) { int ret; - u8 version[3]; + u8 *version = kmalloc(3, GFP_KERNEL); /* first select the interface */ if (usb_set_interface(udev, 0, 1) != 0) @@ -338,11 +357,14 @@ *cold = 0; /* by default do not download a firmware - just in case something is wrong */ + if (version == NULL) + return 0; + ret = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0), GET_VERSION_INFO_VENDOR_REQUEST, USB_TYPE_VENDOR | USB_DIR_IN, 0, 0, - version, sizeof(version), 500); + version, 3, 500); if (ret < 0) *cold = 1; @@ -351,6 +373,8 @@ *cold = 0; } + kfree(version); + return 0; } @@ -594,10 +618,15 @@ static int technisat_usb2_get_ir(struct dvb_usb_device *d) { - u8 buf[62], *b; + u8 *buf, *b; int ret; struct ir_raw_event ev; + buf = kmalloc(62, GFP_KERNEL); + + if (buf == NULL) + return -ENOMEM; + buf[0] = GET_IR_DATA_VENDOR_REQUEST; buf[1] = 0x08; buf[2] = 0x8f; @@ -620,16 +649,20 @@ GET_IR_DATA_VENDOR_REQUEST, USB_TYPE_VENDOR | USB_DIR_IN, 0x8080, 0, - buf, sizeof(buf), 500); + buf, 62, 500); unlock: mutex_unlock(&d->i2c_mutex); - if (ret < 0) + if (ret < 0) { + kfree(buf); return ret; + } - if (ret == 1) + if (ret == 1) { + kfree(buf); return 0; /* no key pressed */ + } /* decoding */ b = buf+1; @@ -656,6 +689,8 @@ ir_raw_event_handle(d->rc_dev); + kfree(buf); + return 1; } diff -Naur backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-compat-ioctl32.c backports-4.2.6-1/drivers/media/v4l2-core/v4l2-compat-ioctl32.c --- backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-compat-ioctl32.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/v4l2-core/v4l2-compat-ioctl32.c 2016-01-27 12:26:21.269959657 +0100 @@ -429,7 +429,7 @@ * by passing a very big num_planes value */ uplane = compat_alloc_user_space(num_planes * sizeof(struct v4l2_plane)); - kp->m.planes = (__force struct v4l2_plane *)uplane; + kp->m.planes = (__force_kernel struct v4l2_plane *)uplane; while (--num_planes >= 0) { ret = get_v4l2_plane32(uplane, uplane32, kp->memory); @@ -500,7 +500,7 @@ if (num_planes == 0) return 0; - uplane = (__force struct v4l2_plane __user *)kp->m.planes; + uplane = (struct v4l2_plane __force_user *)kp->m.planes; if (get_user(p, &up->m.planes)) return -EFAULT; uplane32 = compat_ptr(p); @@ -564,7 +564,7 @@ get_user(kp->flags, &up->flags) || copy_from_user(&kp->fmt, &up->fmt, sizeof(up->fmt))) return -EFAULT; - kp->base = (__force void *)compat_ptr(tmp); + kp->base = (__force_kernel void *)compat_ptr(tmp); return 0; } @@ -669,7 +669,7 @@ n * sizeof(struct v4l2_ext_control32))) return -EFAULT; kcontrols = compat_alloc_user_space(n * sizeof(struct v4l2_ext_control)); - kp->controls = (__force struct v4l2_ext_control *)kcontrols; + kp->controls = (__force_kernel struct v4l2_ext_control *)kcontrols; while (--n >= 0) { u32 id; @@ -696,7 +696,7 @@ { struct v4l2_ext_control32 __user *ucontrols; struct v4l2_ext_control __user *kcontrols = - (__force struct v4l2_ext_control __user *)kp->controls; + (struct v4l2_ext_control __force_user *)kp->controls; int n = kp->count; compat_caddr_t p; @@ -780,7 +780,7 @@ get_user(tmp, &up->edid) || copy_from_user(kp->reserved, up->reserved, sizeof(kp->reserved))) return -EFAULT; - kp->edid = (__force u8 *)compat_ptr(tmp); + kp->edid = (__force_kernel u8 *)compat_ptr(tmp); return 0; } diff -Naur backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-device.c backports-4.2.6-1/drivers/media/v4l2-core/v4l2-device.c --- backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-device.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/v4l2-core/v4l2-device.c 2016-01-27 12:26:21.269959657 +0100 @@ -74,9 +74,9 @@ EXPORT_SYMBOL_GPL(v4l2_device_put); int v4l2_device_set_name(struct v4l2_device *v4l2_dev, const char *basename, - atomic_t *instance) + atomic_unchecked_t *instance) { - int num = atomic_inc_return(instance) - 1; + int num = atomic_inc_return_unchecked(instance) - 1; int len = strlen(basename); if (basename[len - 1] >= '0' && basename[len - 1] <= '9') diff -Naur backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-ioctl.c backports-4.2.6-1/drivers/media/v4l2-core/v4l2-ioctl.c --- backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-ioctl.c 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/drivers/media/v4l2-core/v4l2-ioctl.c 2016-01-27 12:26:21.269959657 +0100 @@ -2341,7 +2341,8 @@ struct file *file, void *fh, void *p); } u; void (*debug)(const void *arg, bool write_only); -}; +} __do_const; +typedef struct v4l2_ioctl_info __no_const v4l2_ioctl_info_no_const; /* This control needs a priority check */ #define INFO_FL_PRIO (1 << 0) @@ -2525,7 +2526,7 @@ struct video_device *vfd = video_devdata(file); const struct v4l2_ioctl_ops *ops = vfd->ioctl_ops; bool write_only = false; - struct v4l2_ioctl_info default_info; + v4l2_ioctl_info_no_const default_info; const struct v4l2_ioctl_info *info; void *fh = file->private_data; struct v4l2_fh *vfh = NULL; @@ -2616,7 +2617,7 @@ ret = -EINVAL; break; } - *user_ptr = (void __user *)buf->m.planes; + *user_ptr = (void __force_user *)buf->m.planes; *kernel_ptr = (void **)&buf->m.planes; *array_size = sizeof(struct v4l2_plane) * buf->length; ret = 1; @@ -2633,7 +2634,7 @@ ret = -EINVAL; break; } - *user_ptr = (void __user *)edid->edid; + *user_ptr = (void __force_user *)edid->edid; *kernel_ptr = (void **)&edid->edid; *array_size = edid->blocks * 128; ret = 1; @@ -2651,7 +2652,7 @@ ret = -EINVAL; break; } - *user_ptr = (void __user *)ctrls->controls; + *user_ptr = (void __force_user *)ctrls->controls; *kernel_ptr = (void **)&ctrls->controls; *array_size = sizeof(struct v4l2_ext_control) * ctrls->count; @@ -2752,7 +2753,7 @@ } if (has_array_args) { - *kernel_ptr = (void __force *)user_ptr; + *kernel_ptr = (void __force_kernel *)user_ptr; if (copy_to_user(user_ptr, mbuf, array_size)) err = -EFAULT; goto out_array_args; diff -Naur backports-4.2.6-1.org/drivers/net/usb/sierra_net.c backports-4.2.6-1/drivers/net/usb/sierra_net.c --- backports-4.2.6-1.org/drivers/net/usb/sierra_net.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/usb/sierra_net.c 2016-01-27 12:26:21.283292990 +0100 @@ -51,7 +51,7 @@ /* atomic counter partially included in MAC address to make sure 2 devices * do not end up with the same MAC - concept breaks in case of > 255 ifaces */ -static atomic_t iface_counter = ATOMIC_INIT(0); +static atomic_unchecked_t iface_counter = ATOMIC_INIT(0); /* * SYNC Timer Delay definition used to set the expiry time @@ -697,7 +697,7 @@ dev->net->netdev_ops = &sierra_net_device_ops; /* change MAC addr to include, ifacenum, and to be unique */ - dev->net->dev_addr[ETH_ALEN-2] = atomic_inc_return(&iface_counter); + dev->net->dev_addr[ETH_ALEN-2] = atomic_inc_return_unchecked(&iface_counter); dev->net->dev_addr[ETH_ALEN-1] = ifacenum; /* we will have to manufacture ethernet headers, prepare template */ diff -Naur backports-4.2.6-1.org/drivers/net/wireless/airo.c backports-4.2.6-1/drivers/net/wireless/airo.c --- backports-4.2.6-1.org/drivers/net/wireless/airo.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/airo.c 2016-01-27 12:26:21.286626323 +0100 @@ -7846,7 +7846,7 @@ struct airo_info *ai = dev->ml_priv; int ridcode; int enabled; - static int (* writer)(struct airo_info *, u16 rid, const void *, int, int); + int (* writer)(struct airo_info *, u16 rid, const void *, int, int); unsigned char *iobuf; /* Only super-user can write RIDs */ diff -Naur backports-4.2.6-1.org/drivers/net/wireless/at76c50x-usb.c backports-4.2.6-1/drivers/net/wireless/at76c50x-usb.c --- backports-4.2.6-1.org/drivers/net/wireless/at76c50x-usb.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/at76c50x-usb.c 2016-01-27 12:26:21.286626323 +0100 @@ -353,7 +353,7 @@ } /* Convert timeout from the DFU status to jiffies */ -static inline unsigned long at76_get_timeout(struct dfu_status *s) +static inline unsigned long __intentional_overflow(-1) at76_get_timeout(struct dfu_status *s) { return msecs_to_jiffies((s->poll_timeout[2] << 16) | (s->poll_timeout[1] << 8) diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/ce.c backports-4.2.6-1/drivers/net/wireless/ath/ath10k/ce.c --- backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/ce.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/ath/ath10k/ce.c 2016-01-27 12:26:21.286626323 +0100 @@ -896,12 +896,12 @@ return 0; } -static struct ath10k_ce_ring * +static struct ath10k_ce_ring * __intentional_overflow(-1) ath10k_ce_alloc_src_ring(struct ath10k *ar, unsigned int ce_id, const struct ce_attr *attr) { struct ath10k_ce_ring *src_ring; - u32 nentries = attr->src_nentries; + unsigned long nentries = attr->src_nentries; dma_addr_t base_addr; nentries = roundup_pow_of_two(nentries); @@ -968,7 +968,7 @@ const struct ce_attr *attr) { struct ath10k_ce_ring *dest_ring; - u32 nentries; + unsigned long nentries; dma_addr_t base_addr; nentries = roundup_pow_of_two(attr->dest_nentries); diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/htc.c backports-4.2.6-1/drivers/net/wireless/ath/ath10k/htc.c --- backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/htc.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/ath/ath10k/htc.c 2016-01-27 12:26:21.286626323 +0100 @@ -841,7 +841,10 @@ /* registered target arrival callback from the HIF layer */ int ath10k_htc_init(struct ath10k *ar) { - struct ath10k_hif_cb htc_callbacks; + static struct ath10k_hif_cb htc_callbacks = { + .rx_completion = ath10k_htc_rx_completion_handler, + .tx_completion = ath10k_htc_tx_completion_handler, + }; struct ath10k_htc_ep *ep = NULL; struct ath10k_htc *htc = &ar->htc; @@ -850,8 +853,6 @@ ath10k_htc_reset_endpoint_states(htc); /* setup HIF layer callbacks */ - htc_callbacks.rx_completion = ath10k_htc_rx_completion_handler; - htc_callbacks.tx_completion = ath10k_htc_tx_completion_handler; htc->ar = ar; /* Get HIF default pipe for HTC message exchange */ diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/htc.h backports-4.2.6-1/drivers/net/wireless/ath/ath10k/htc.h --- backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/htc.h 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/ath/ath10k/htc.h 2016-01-27 12:26:21.286626323 +0100 @@ -270,13 +270,13 @@ struct ath10k_htc_ops { void (*target_send_suspend_complete)(struct ath10k *ar); -}; +} __no_const; struct ath10k_htc_ep_ops { void (*ep_tx_complete)(struct ath10k *, struct sk_buff *); void (*ep_rx_complete)(struct ath10k *, struct sk_buff *); void (*ep_tx_credits)(struct ath10k *); -}; +} __no_const; /* service connection information */ struct ath10k_htc_svc_conn_req { diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/ar9002_mac.c backports-4.2.6-1/drivers/net/wireless/ath/ath9k/ar9002_mac.c --- backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/ar9002_mac.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/ath/ath9k/ar9002_mac.c 2016-01-27 12:26:21.286626323 +0100 @@ -220,8 +220,8 @@ ads->ds_txstatus6 = ads->ds_txstatus7 = 0; ads->ds_txstatus8 = ads->ds_txstatus9 = 0; - ACCESS_ONCE(ads->ds_link) = i->link; - ACCESS_ONCE(ads->ds_data) = i->buf_addr[0]; + ACCESS_ONCE_RW(ads->ds_link) = i->link; + ACCESS_ONCE_RW(ads->ds_data) = i->buf_addr[0]; ctl1 = i->buf_len[0] | (i->is_last ? 0 : AR_TxMore); ctl6 = SM(i->keytype, AR_EncrType); @@ -235,26 +235,26 @@ if ((i->is_first || i->is_last) && i->aggr != AGGR_BUF_MIDDLE && i->aggr != AGGR_BUF_LAST) { - ACCESS_ONCE(ads->ds_ctl2) = set11nTries(i->rates, 0) + ACCESS_ONCE_RW(ads->ds_ctl2) = set11nTries(i->rates, 0) | set11nTries(i->rates, 1) | set11nTries(i->rates, 2) | set11nTries(i->rates, 3) | (i->dur_update ? AR_DurUpdateEna : 0) | SM(0, AR_BurstDur); - ACCESS_ONCE(ads->ds_ctl3) = set11nRate(i->rates, 0) + ACCESS_ONCE_RW(ads->ds_ctl3) = set11nRate(i->rates, 0) | set11nRate(i->rates, 1) | set11nRate(i->rates, 2) | set11nRate(i->rates, 3); } else { - ACCESS_ONCE(ads->ds_ctl2) = 0; - ACCESS_ONCE(ads->ds_ctl3) = 0; + ACCESS_ONCE_RW(ads->ds_ctl2) = 0; + ACCESS_ONCE_RW(ads->ds_ctl3) = 0; } if (!i->is_first) { - ACCESS_ONCE(ads->ds_ctl0) = 0; - ACCESS_ONCE(ads->ds_ctl1) = ctl1; - ACCESS_ONCE(ads->ds_ctl6) = ctl6; + ACCESS_ONCE_RW(ads->ds_ctl0) = 0; + ACCESS_ONCE_RW(ads->ds_ctl1) = ctl1; + ACCESS_ONCE_RW(ads->ds_ctl6) = ctl6; return; } @@ -279,7 +279,7 @@ break; } - ACCESS_ONCE(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen) + ACCESS_ONCE_RW(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen) | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0) | SM(i->txpower[0], AR_XmitPower0) | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0) @@ -289,27 +289,27 @@ | (i->flags & ATH9K_TXDESC_RTSENA ? AR_RTSEnable : (i->flags & ATH9K_TXDESC_CTSENA ? AR_CTSEnable : 0)); - ACCESS_ONCE(ads->ds_ctl1) = ctl1; - ACCESS_ONCE(ads->ds_ctl6) = ctl6; + ACCESS_ONCE_RW(ads->ds_ctl1) = ctl1; + ACCESS_ONCE_RW(ads->ds_ctl6) = ctl6; if (i->aggr == AGGR_BUF_MIDDLE || i->aggr == AGGR_BUF_LAST) return; - ACCESS_ONCE(ads->ds_ctl4) = set11nPktDurRTSCTS(i->rates, 0) + ACCESS_ONCE_RW(ads->ds_ctl4) = set11nPktDurRTSCTS(i->rates, 0) | set11nPktDurRTSCTS(i->rates, 1); - ACCESS_ONCE(ads->ds_ctl5) = set11nPktDurRTSCTS(i->rates, 2) + ACCESS_ONCE_RW(ads->ds_ctl5) = set11nPktDurRTSCTS(i->rates, 2) | set11nPktDurRTSCTS(i->rates, 3); - ACCESS_ONCE(ads->ds_ctl7) = set11nRateFlags(i->rates, 0) + ACCESS_ONCE_RW(ads->ds_ctl7) = set11nRateFlags(i->rates, 0) | set11nRateFlags(i->rates, 1) | set11nRateFlags(i->rates, 2) | set11nRateFlags(i->rates, 3) | SM(i->rtscts_rate, AR_RTSCTSRate); - ACCESS_ONCE(ads->ds_ctl9) = SM(i->txpower[1], AR_XmitPower1); - ACCESS_ONCE(ads->ds_ctl10) = SM(i->txpower[2], AR_XmitPower2); - ACCESS_ONCE(ads->ds_ctl11) = SM(i->txpower[3], AR_XmitPower3); + ACCESS_ONCE_RW(ads->ds_ctl9) = SM(i->txpower[1], AR_XmitPower1); + ACCESS_ONCE_RW(ads->ds_ctl10) = SM(i->txpower[2], AR_XmitPower2); + ACCESS_ONCE_RW(ads->ds_ctl11) = SM(i->txpower[3], AR_XmitPower3); } static int ar9002_hw_proc_txdesc(struct ath_hw *ah, void *ds, diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/ar9003_mac.c backports-4.2.6-1/drivers/net/wireless/ath/ath9k/ar9003_mac.c --- backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/ar9003_mac.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/ath/ath9k/ar9003_mac.c 2016-01-27 12:26:21.286626323 +0100 @@ -39,47 +39,47 @@ (i->qcu << AR_TxQcuNum_S) | desc_len; checksum += val; - ACCESS_ONCE(ads->info) = val; + ACCESS_ONCE_RW(ads->info) = val; checksum += i->link; - ACCESS_ONCE(ads->link) = i->link; + ACCESS_ONCE_RW(ads->link) = i->link; checksum += i->buf_addr[0]; - ACCESS_ONCE(ads->data0) = i->buf_addr[0]; + ACCESS_ONCE_RW(ads->data0) = i->buf_addr[0]; checksum += i->buf_addr[1]; - ACCESS_ONCE(ads->data1) = i->buf_addr[1]; + ACCESS_ONCE_RW(ads->data1) = i->buf_addr[1]; checksum += i->buf_addr[2]; - ACCESS_ONCE(ads->data2) = i->buf_addr[2]; + ACCESS_ONCE_RW(ads->data2) = i->buf_addr[2]; checksum += i->buf_addr[3]; - ACCESS_ONCE(ads->data3) = i->buf_addr[3]; + ACCESS_ONCE_RW(ads->data3) = i->buf_addr[3]; checksum += (val = (i->buf_len[0] << AR_BufLen_S) & AR_BufLen); - ACCESS_ONCE(ads->ctl3) = val; + ACCESS_ONCE_RW(ads->ctl3) = val; checksum += (val = (i->buf_len[1] << AR_BufLen_S) & AR_BufLen); - ACCESS_ONCE(ads->ctl5) = val; + ACCESS_ONCE_RW(ads->ctl5) = val; checksum += (val = (i->buf_len[2] << AR_BufLen_S) & AR_BufLen); - ACCESS_ONCE(ads->ctl7) = val; + ACCESS_ONCE_RW(ads->ctl7) = val; checksum += (val = (i->buf_len[3] << AR_BufLen_S) & AR_BufLen); - ACCESS_ONCE(ads->ctl9) = val; + ACCESS_ONCE_RW(ads->ctl9) = val; checksum = (u16) (((checksum & 0xffff) + (checksum >> 16)) & 0xffff); - ACCESS_ONCE(ads->ctl10) = checksum; + ACCESS_ONCE_RW(ads->ctl10) = checksum; if (i->is_first || i->is_last) { - ACCESS_ONCE(ads->ctl13) = set11nTries(i->rates, 0) + ACCESS_ONCE_RW(ads->ctl13) = set11nTries(i->rates, 0) | set11nTries(i->rates, 1) | set11nTries(i->rates, 2) | set11nTries(i->rates, 3) | (i->dur_update ? AR_DurUpdateEna : 0) | SM(0, AR_BurstDur); - ACCESS_ONCE(ads->ctl14) = set11nRate(i->rates, 0) + ACCESS_ONCE_RW(ads->ctl14) = set11nRate(i->rates, 0) | set11nRate(i->rates, 1) | set11nRate(i->rates, 2) | set11nRate(i->rates, 3); } else { - ACCESS_ONCE(ads->ctl13) = 0; - ACCESS_ONCE(ads->ctl14) = 0; + ACCESS_ONCE_RW(ads->ctl13) = 0; + ACCESS_ONCE_RW(ads->ctl14) = 0; } ads->ctl20 = 0; @@ -89,17 +89,17 @@ ctl17 = SM(i->keytype, AR_EncrType); if (!i->is_first) { - ACCESS_ONCE(ads->ctl11) = 0; - ACCESS_ONCE(ads->ctl12) = i->is_last ? 0 : AR_TxMore; - ACCESS_ONCE(ads->ctl15) = 0; - ACCESS_ONCE(ads->ctl16) = 0; - ACCESS_ONCE(ads->ctl17) = ctl17; - ACCESS_ONCE(ads->ctl18) = 0; - ACCESS_ONCE(ads->ctl19) = 0; + ACCESS_ONCE_RW(ads->ctl11) = 0; + ACCESS_ONCE_RW(ads->ctl12) = i->is_last ? 0 : AR_TxMore; + ACCESS_ONCE_RW(ads->ctl15) = 0; + ACCESS_ONCE_RW(ads->ctl16) = 0; + ACCESS_ONCE_RW(ads->ctl17) = ctl17; + ACCESS_ONCE_RW(ads->ctl18) = 0; + ACCESS_ONCE_RW(ads->ctl19) = 0; return; } - ACCESS_ONCE(ads->ctl11) = (i->pkt_len & AR_FrameLen) + ACCESS_ONCE_RW(ads->ctl11) = (i->pkt_len & AR_FrameLen) | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0) | SM(i->txpower[0], AR_XmitPower0) | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0) @@ -135,26 +135,26 @@ val = (i->flags & ATH9K_TXDESC_PAPRD) >> ATH9K_TXDESC_PAPRD_S; ctl12 |= SM(val, AR_PAPRDChainMask); - ACCESS_ONCE(ads->ctl12) = ctl12; - ACCESS_ONCE(ads->ctl17) = ctl17; + ACCESS_ONCE_RW(ads->ctl12) = ctl12; + ACCESS_ONCE_RW(ads->ctl17) = ctl17; - ACCESS_ONCE(ads->ctl15) = set11nPktDurRTSCTS(i->rates, 0) + ACCESS_ONCE_RW(ads->ctl15) = set11nPktDurRTSCTS(i->rates, 0) | set11nPktDurRTSCTS(i->rates, 1); - ACCESS_ONCE(ads->ctl16) = set11nPktDurRTSCTS(i->rates, 2) + ACCESS_ONCE_RW(ads->ctl16) = set11nPktDurRTSCTS(i->rates, 2) | set11nPktDurRTSCTS(i->rates, 3); - ACCESS_ONCE(ads->ctl18) = set11nRateFlags(i->rates, 0) + ACCESS_ONCE_RW(ads->ctl18) = set11nRateFlags(i->rates, 0) | set11nRateFlags(i->rates, 1) | set11nRateFlags(i->rates, 2) | set11nRateFlags(i->rates, 3) | SM(i->rtscts_rate, AR_RTSCTSRate); - ACCESS_ONCE(ads->ctl19) = AR_Not_Sounding; + ACCESS_ONCE_RW(ads->ctl19) = AR_Not_Sounding; - ACCESS_ONCE(ads->ctl20) = SM(i->txpower[1], AR_XmitPower1); - ACCESS_ONCE(ads->ctl21) = SM(i->txpower[2], AR_XmitPower2); - ACCESS_ONCE(ads->ctl22) = SM(i->txpower[3], AR_XmitPower3); + ACCESS_ONCE_RW(ads->ctl20) = SM(i->txpower[1], AR_XmitPower1); + ACCESS_ONCE_RW(ads->ctl21) = SM(i->txpower[2], AR_XmitPower2); + ACCESS_ONCE_RW(ads->ctl22) = SM(i->txpower[3], AR_XmitPower3); } static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/hw.h backports-4.2.6-1/drivers/net/wireless/ath/ath9k/hw.h --- backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/hw.h 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/ath/ath9k/hw.h 2016-01-27 12:33:44.649931973 +0100 @@ -671,7 +671,7 @@ #ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT bool (*is_aic_enabled)(struct ath_hw *ah); #endif /* CPTCFG_ATH9K_BTCOEX_SUPPORT */ -}; +} __no_const; /** * struct ath_spec_scan - parameters for Atheros spectral scan @@ -747,7 +747,7 @@ #ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT void (*set_bt_ant_diversity)(struct ath_hw *hw, bool enable); #endif -}; +} __no_const; struct ath_nf_limits { s16 max; diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/Kconfig backports-4.2.6-1/drivers/net/wireless/ath/ath9k/Kconfig --- backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/Kconfig 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/ath/ath9k/Kconfig 2016-01-27 12:34:48.923262299 +0100 @@ -5,7 +5,6 @@ tristate depends on m select ATH_COMMON - depends on DEBUG_FS depends on RELAY config ATH9K_DFS_DEBUGFS def_bool y diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/main.c backports-4.2.6-1/drivers/net/wireless/ath/ath9k/main.c --- backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/main.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/ath/ath9k/main.c 2016-01-27 12:26:21.289959656 +0100 @@ -2574,16 +2574,18 @@ if (!ath9k_is_chanctx_enabled()) return; - ath9k_ops.hw_scan = ath9k_hw_scan; - ath9k_ops.cancel_hw_scan = ath9k_cancel_hw_scan; - ath9k_ops.remain_on_channel = ath9k_remain_on_channel; - ath9k_ops.cancel_remain_on_channel = ath9k_cancel_remain_on_channel; - ath9k_ops.add_chanctx = ath9k_add_chanctx; - ath9k_ops.remove_chanctx = ath9k_remove_chanctx; - ath9k_ops.change_chanctx = ath9k_change_chanctx; - ath9k_ops.assign_vif_chanctx = ath9k_assign_vif_chanctx; - ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx; - ath9k_ops.mgd_prepare_tx = ath9k_mgd_prepare_tx; + pax_open_kernel(); + *(void **)&ath9k_ops.hw_scan = ath9k_hw_scan; + *(void **)&ath9k_ops.cancel_hw_scan = ath9k_cancel_hw_scan; + *(void **)&ath9k_ops.remain_on_channel = ath9k_remain_on_channel; + *(void **)&ath9k_ops.cancel_remain_on_channel = ath9k_cancel_remain_on_channel; + *(void **)&ath9k_ops.add_chanctx = ath9k_add_chanctx; + *(void **)&ath9k_ops.remove_chanctx = ath9k_remove_chanctx; + *(void **)&ath9k_ops.change_chanctx = ath9k_change_chanctx; + *(void **)&ath9k_ops.assign_vif_chanctx = ath9k_assign_vif_chanctx; + *(void **)&ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx; + *(void **)&ath9k_ops.mgd_prepare_tx = ath9k_mgd_prepare_tx; + pax_close_kernel(); } #endif diff -Naur backports-4.2.6-1.org/drivers/net/wireless/b43/phy_lp.c backports-4.2.6-1/drivers/net/wireless/b43/phy_lp.c --- backports-4.2.6-1.org/drivers/net/wireless/b43/phy_lp.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/b43/phy_lp.c 2016-01-27 12:26:21.289959656 +0100 @@ -2502,7 +2502,7 @@ { struct ssb_bus *bus = dev->dev->sdev->bus; - static const struct b206x_channel *chandata = NULL; + const struct b206x_channel *chandata = NULL; u32 crystal_freq = bus->chipco.pmu.crystalfreq * 1000; u32 freqref, vco_freq, val1, val2, val3, timeout, timeoutref, count; u16 old_comm15, scale; diff -Naur backports-4.2.6-1.org/drivers/net/wireless/iwlegacy/3945-mac.c backports-4.2.6-1/drivers/net/wireless/iwlegacy/3945-mac.c --- backports-4.2.6-1.org/drivers/net/wireless/iwlegacy/3945-mac.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/iwlegacy/3945-mac.c 2016-01-27 12:26:21.289959656 +0100 @@ -3633,7 +3633,9 @@ */ if (il3945_mod_params.disable_hw_scan) { D_INFO("Disabling hw_scan\n"); - il3945_mac_ops.hw_scan = NULL; + pax_open_kernel(); + *(void **)&il3945_mac_ops.hw_scan = NULL; + pax_close_kernel(); } D_INFO("*** LOAD DRIVER ***\n"); diff -Naur backports-4.2.6-1.org/drivers/net/wireless/iwlwifi/dvm/debugfs.c backports-4.2.6-1/drivers/net/wireless/iwlwifi/dvm/debugfs.c --- backports-4.2.6-1.org/drivers/net/wireless/iwlwifi/dvm/debugfs.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/iwlwifi/dvm/debugfs.c 2016-01-27 12:26:21.289959656 +0100 @@ -188,7 +188,7 @@ { struct iwl_priv *priv = file->private_data; char buf[64]; - int buf_size; + size_t buf_size; u32 offset, len; memset(buf, 0, sizeof(buf)); @@ -458,7 +458,7 @@ struct iwl_priv *priv = file->private_data; char buf[8]; - int buf_size; + size_t buf_size; u32 reset_flag; memset(buf, 0, sizeof(buf)); @@ -539,7 +539,7 @@ { struct iwl_priv *priv = file->private_data; char buf[8]; - int buf_size; + size_t buf_size; int ht40; memset(buf, 0, sizeof(buf)); @@ -591,7 +591,7 @@ { struct iwl_priv *priv = file->private_data; char buf[8]; - int buf_size; + size_t buf_size; int value; memset(buf, 0, sizeof(buf)); @@ -683,10 +683,10 @@ DEBUGFS_READ_WRITE_FILE_OPS(sleep_level_override); DEBUGFS_READ_FILE_OPS(current_sleep_command); -static const char *fmt_value = " %-30s %10u\n"; -static const char *fmt_hex = " %-30s 0x%02X\n"; -static const char *fmt_table = " %-30s %10u %10u %10u %10u\n"; -static const char *fmt_header = +static const char fmt_value[] = " %-30s %10u\n"; +static const char fmt_hex[] = " %-30s 0x%02X\n"; +static const char fmt_table[] = " %-30s %10u %10u %10u %10u\n"; +static const char fmt_header[] = "%-32s current cumulative delta max\n"; static int iwl_statistics_flag(struct iwl_priv *priv, char *buf, int bufsz) @@ -1856,7 +1856,7 @@ { struct iwl_priv *priv = file->private_data; char buf[8]; - int buf_size; + size_t buf_size; int clear; memset(buf, 0, sizeof(buf)); @@ -1901,7 +1901,7 @@ { struct iwl_priv *priv = file->private_data; char buf[8]; - int buf_size; + size_t buf_size; int trace; memset(buf, 0, sizeof(buf)); @@ -1972,7 +1972,7 @@ { struct iwl_priv *priv = file->private_data; char buf[8]; - int buf_size; + size_t buf_size; int missed; memset(buf, 0, sizeof(buf)); @@ -2013,7 +2013,7 @@ struct iwl_priv *priv = file->private_data; char buf[8]; - int buf_size; + size_t buf_size; int plcp; memset(buf, 0, sizeof(buf)); @@ -2073,7 +2073,7 @@ struct iwl_priv *priv = file->private_data; char buf[8]; - int buf_size; + size_t buf_size; int flush; memset(buf, 0, sizeof(buf)); @@ -2163,7 +2163,7 @@ struct iwl_priv *priv = file->private_data; char buf[8]; - int buf_size; + size_t buf_size; int rts; if (!priv->cfg->ht_params) @@ -2204,7 +2204,7 @@ { struct iwl_priv *priv = file->private_data; char buf[8]; - int buf_size; + size_t buf_size; memset(buf, 0, sizeof(buf)); buf_size = min(count, sizeof(buf) - 1); @@ -2238,7 +2238,7 @@ struct iwl_priv *priv = file->private_data; u32 event_log_flag; char buf[8]; - int buf_size; + size_t buf_size; /* check that the interface is up */ if (!iwl_is_ready(priv)) @@ -2292,7 +2292,7 @@ struct iwl_priv *priv = file->private_data; char buf[8]; u32 calib_disabled; - int buf_size; + size_t buf_size; memset(buf, 0, sizeof(buf)); buf_size = min(count, sizeof(buf) - 1); diff -Naur backports-4.2.6-1.org/drivers/net/wireless/iwlwifi/pcie/trans.c backports-4.2.6-1/drivers/net/wireless/iwlwifi/pcie/trans.c --- backports-4.2.6-1.org/drivers/net/wireless/iwlwifi/pcie/trans.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/iwlwifi/pcie/trans.c 2016-01-27 12:26:21.289959656 +0100 @@ -1950,7 +1950,7 @@ struct isr_statistics *isr_stats = &trans_pcie->isr_stats; char buf[8]; - int buf_size; + size_t buf_size; u32 reset_flag; memset(buf, 0, sizeof(buf)); @@ -1971,7 +1971,7 @@ { struct iwl_trans *trans = file->private_data; char buf[8]; - int buf_size; + size_t buf_size; int csr; memset(buf, 0, sizeof(buf)); diff -Naur backports-4.2.6-1.org/drivers/net/wireless/mac80211_hwsim.c backports-4.2.6-1/drivers/net/wireless/mac80211_hwsim.c --- backports-4.2.6-1.org/drivers/net/wireless/mac80211_hwsim.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/mac80211_hwsim.c 2016-01-27 12:26:21.289959656 +0100 @@ -3150,20 +3150,20 @@ if (channels < 1) return -EINVAL; - mac80211_hwsim_mchan_ops = mac80211_hwsim_ops; - mac80211_hwsim_mchan_ops.hw_scan = mac80211_hwsim_hw_scan; - mac80211_hwsim_mchan_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan; - mac80211_hwsim_mchan_ops.sw_scan_start = NULL; - mac80211_hwsim_mchan_ops.sw_scan_complete = NULL; - mac80211_hwsim_mchan_ops.remain_on_channel = mac80211_hwsim_roc; - mac80211_hwsim_mchan_ops.cancel_remain_on_channel = mac80211_hwsim_croc; - mac80211_hwsim_mchan_ops.add_chanctx = mac80211_hwsim_add_chanctx; - mac80211_hwsim_mchan_ops.remove_chanctx = mac80211_hwsim_remove_chanctx; - mac80211_hwsim_mchan_ops.change_chanctx = mac80211_hwsim_change_chanctx; - mac80211_hwsim_mchan_ops.assign_vif_chanctx = - mac80211_hwsim_assign_vif_chanctx; - mac80211_hwsim_mchan_ops.unassign_vif_chanctx = - mac80211_hwsim_unassign_vif_chanctx; + pax_open_kernel(); + memcpy((void *)&mac80211_hwsim_mchan_ops, &mac80211_hwsim_ops, sizeof mac80211_hwsim_mchan_ops); + *(void **)&mac80211_hwsim_mchan_ops.hw_scan = mac80211_hwsim_hw_scan; + *(void **)&mac80211_hwsim_mchan_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan; + *(void **)&mac80211_hwsim_mchan_ops.sw_scan_start = NULL; + *(void **)&mac80211_hwsim_mchan_ops.sw_scan_complete = NULL; + *(void **)&mac80211_hwsim_mchan_ops.remain_on_channel = mac80211_hwsim_roc; + *(void **)&mac80211_hwsim_mchan_ops.cancel_remain_on_channel = mac80211_hwsim_croc; + *(void **)&mac80211_hwsim_mchan_ops.add_chanctx = mac80211_hwsim_add_chanctx; + *(void **)&mac80211_hwsim_mchan_ops.remove_chanctx = mac80211_hwsim_remove_chanctx; + *(void **)&mac80211_hwsim_mchan_ops.change_chanctx = mac80211_hwsim_change_chanctx; + *(void **)&mac80211_hwsim_mchan_ops.assign_vif_chanctx = mac80211_hwsim_assign_vif_chanctx; + *(void **)&mac80211_hwsim_mchan_ops.unassign_vif_chanctx = mac80211_hwsim_unassign_vif_chanctx; + pax_close_kernel(); spin_lock_init(&hwsim_radio_lock); INIT_LIST_HEAD(&hwsim_radios); diff -Naur backports-4.2.6-1.org/drivers/net/wireless/rndis_wlan.c backports-4.2.6-1/drivers/net/wireless/rndis_wlan.c --- backports-4.2.6-1.org/drivers/net/wireless/rndis_wlan.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/rndis_wlan.c 2016-01-27 12:26:21.293292990 +0100 @@ -1236,7 +1236,7 @@ netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold); - if (rts_threshold < 0 || rts_threshold > 2347) + if (rts_threshold > 2347) rts_threshold = 2347; tmp = cpu_to_le32(rts_threshold); diff -Naur backports-4.2.6-1.org/drivers/net/wireless/rt2x00/rt2x00.h backports-4.2.6-1/drivers/net/wireless/rt2x00/rt2x00.h --- backports-4.2.6-1.org/drivers/net/wireless/rt2x00/rt2x00.h 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/rt2x00/rt2x00.h 2016-01-27 12:26:21.293292990 +0100 @@ -375,7 +375,7 @@ * for hardware which doesn't support hardware * sequence counting. */ - atomic_t seqno; + atomic_unchecked_t seqno; }; static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif) diff -Naur backports-4.2.6-1.org/drivers/net/wireless/rt2x00/rt2x00queue.c backports-4.2.6-1/drivers/net/wireless/rt2x00/rt2x00queue.c --- backports-4.2.6-1.org/drivers/net/wireless/rt2x00/rt2x00queue.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/rt2x00/rt2x00queue.c 2016-01-27 12:26:21.293292990 +0100 @@ -224,9 +224,9 @@ * sequence counter given by mac80211. */ if (test_bit(ENTRY_TXD_FIRST_FRAGMENT, &txdesc->flags)) - seqno = atomic_add_return(0x10, &intf->seqno); + seqno = atomic_add_return_unchecked(0x10, &intf->seqno); else - seqno = atomic_read(&intf->seqno); + seqno = atomic_read_unchecked(&intf->seqno); hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG); hdr->seq_ctrl |= cpu_to_le16(seqno); diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ti/wl1251/sdio.c backports-4.2.6-1/drivers/net/wireless/ti/wl1251/sdio.c --- backports-4.2.6-1.org/drivers/net/wireless/ti/wl1251/sdio.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/ti/wl1251/sdio.c 2016-01-27 12:26:21.293292990 +0100 @@ -282,13 +282,17 @@ irq_set_irq_type(wl->irq, IRQ_TYPE_EDGE_RISING); - wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq; - wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq; + pax_open_kernel(); + *(void **)&wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq; + *(void **)&wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq; + pax_close_kernel(); wl1251_info("using dedicated interrupt line"); } else { - wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq; - wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq; + pax_open_kernel(); + *(void **)&wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq; + *(void **)&wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq; + pax_close_kernel(); wl1251_info("using SDIO interrupt"); } diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ti/wl12xx/main.c backports-4.2.6-1/drivers/net/wireless/ti/wl12xx/main.c --- backports-4.2.6-1.org/drivers/net/wireless/ti/wl12xx/main.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/ti/wl12xx/main.c 2016-01-27 12:26:21.293292990 +0100 @@ -655,7 +655,9 @@ sizeof(wl->conf.mem)); /* read data preparation is only needed by wl127x */ - wl->ops->prepare_read = wl127x_prepare_read; + pax_open_kernel(); + *(void **)&wl->ops->prepare_read = wl127x_prepare_read; + pax_close_kernel(); wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER, WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER, @@ -680,7 +682,9 @@ sizeof(wl->conf.mem)); /* read data preparation is only needed by wl127x */ - wl->ops->prepare_read = wl127x_prepare_read; + pax_open_kernel(); + *(void **)&wl->ops->prepare_read = wl127x_prepare_read; + pax_close_kernel(); wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER, WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER, diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ti/wl18xx/main.c backports-4.2.6-1/drivers/net/wireless/ti/wl18xx/main.c --- backports-4.2.6-1.org/drivers/net/wireless/ti/wl18xx/main.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/ti/wl18xx/main.c 2016-01-27 12:26:21.293292990 +0100 @@ -1952,8 +1952,10 @@ } if (!checksum_param) { - wl18xx_ops.set_rx_csum = NULL; - wl18xx_ops.init_vif = NULL; + pax_open_kernel(); + *(void **)&wl18xx_ops.set_rx_csum = NULL; + *(void **)&wl18xx_ops.init_vif = NULL; + pax_close_kernel(); } /* Enable 11a Band only if we have 5G antennas */ diff -Naur backports-4.2.6-1.org/drivers/net/wireless/zd1211rw/zd_usb.c backports-4.2.6-1/drivers/net/wireless/zd1211rw/zd_usb.c --- backports-4.2.6-1.org/drivers/net/wireless/zd1211rw/zd_usb.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/net/wireless/zd1211rw/zd_usb.c 2016-01-27 12:26:21.293292990 +0100 @@ -385,7 +385,7 @@ { struct zd_usb *usb = urb->context; struct zd_usb_interrupt *intr = &usb->intr; - int len; + unsigned int len; u16 int_num; ZD_ASSERT(in_interrupt()); diff -Naur backports-4.2.6-1.org/drivers/nfc/nfcwilink.c backports-4.2.6-1/drivers/nfc/nfcwilink.c --- backports-4.2.6-1.org/drivers/nfc/nfcwilink.c 2015-11-15 22:19:39.000000000 +0100 +++ backports-4.2.6-1/drivers/nfc/nfcwilink.c 2016-01-27 12:26:21.293292990 +0100 @@ -497,7 +497,7 @@ static int nfcwilink_probe(struct platform_device *pdev) { - static struct nfcwilink *drv; + struct nfcwilink *drv; int rc; __u32 protocols; diff -Naur backports-4.2.6-1.org/include/linux/gracl_compat.h backports-4.2.6-1/include/linux/gracl_compat.h --- backports-4.2.6-1.org/include/linux/gracl_compat.h 1970-01-01 01:00:00.000000000 +0100 +++ backports-4.2.6-1/include/linux/gracl_compat.h 2016-01-27 12:26:26.289959354 +0100 @@ -0,0 +1,156 @@ +#ifndef GR_ACL_COMPAT_H +#define GR_ACL_COMPAT_H + +#include +#include + +struct sprole_pw_compat { + compat_uptr_t rolename; + unsigned char salt[GR_SALT_LEN]; + unsigned char sum[GR_SHA_LEN]; +}; + +struct gr_hash_struct_compat { + compat_uptr_t table; + compat_uptr_t nametable; + compat_uptr_t first; + __u32 table_size; + __u32 used_size; + int type; +}; + +struct acl_subject_label_compat { + compat_uptr_t filename; + compat_u64 inode; + __u32 device; + __u32 mode; + kernel_cap_t cap_mask; + kernel_cap_t cap_lower; + kernel_cap_t cap_invert_audit; + + struct compat_rlimit res[GR_NLIMITS]; + __u32 resmask; + + __u8 user_trans_type; + __u8 group_trans_type; + compat_uptr_t user_transitions; + compat_uptr_t group_transitions; + __u16 user_trans_num; + __u16 group_trans_num; + + __u32 sock_families[2]; + __u32 ip_proto[8]; + __u32 ip_type; + compat_uptr_t ips; + __u32 ip_num; + __u32 inaddr_any_override; + + __u32 crashes; + compat_ulong_t expires; + + compat_uptr_t parent_subject; + compat_uptr_t hash; + compat_uptr_t prev; + compat_uptr_t next; + + compat_uptr_t obj_hash; + __u32 obj_hash_size; + __u16 pax_flags; +}; + +struct role_allowed_ip_compat { + __u32 addr; + __u32 netmask; + + compat_uptr_t prev; + compat_uptr_t next; +}; + +struct role_transition_compat { + compat_uptr_t rolename; + + compat_uptr_t prev; + compat_uptr_t next; +}; + +struct acl_role_label_compat { + compat_uptr_t rolename; + uid_t uidgid; + __u16 roletype; + + __u16 auth_attempts; + compat_ulong_t expires; + + compat_uptr_t root_label; + compat_uptr_t hash; + + compat_uptr_t prev; + compat_uptr_t next; + + compat_uptr_t transitions; + compat_uptr_t allowed_ips; + compat_uptr_t domain_children; + __u16 domain_child_num; + + umode_t umask; + + compat_uptr_t subj_hash; + __u32 subj_hash_size; +}; + +struct user_acl_role_db_compat { + compat_uptr_t r_table; + __u32 num_pointers; + __u32 num_roles; + __u32 num_domain_children; + __u32 num_subjects; + __u32 num_objects; +}; + +struct acl_object_label_compat { + compat_uptr_t filename; + compat_u64 inode; + __u32 device; + __u32 mode; + + compat_uptr_t nested; + compat_uptr_t globbed; + + compat_uptr_t prev; + compat_uptr_t next; +}; + +struct acl_ip_label_compat { + compat_uptr_t iface; + __u32 addr; + __u32 netmask; + __u16 low, high; + __u8 mode; + __u32 type; + __u32 proto[8]; + + compat_uptr_t prev; + compat_uptr_t next; +}; + +struct gr_arg_compat { + struct user_acl_role_db_compat role_db; + unsigned char pw[GR_PW_LEN]; + unsigned char salt[GR_SALT_LEN]; + unsigned char sum[GR_SHA_LEN]; + unsigned char sp_role[GR_SPROLE_LEN]; + compat_uptr_t sprole_pws; + __u32 segv_device; + compat_u64 segv_inode; + uid_t segv_uid; + __u16 num_sprole_pws; + __u16 mode; +}; + +struct gr_arg_wrapper_compat { + compat_uptr_t arg; + __u32 version; + __u32 size; +}; + +#endif diff -Naur backports-4.2.6-1.org/include/linux/gracl.h backports-4.2.6-1/include/linux/gracl.h --- backports-4.2.6-1.org/include/linux/gracl.h 1970-01-01 01:00:00.000000000 +0100 +++ backports-4.2.6-1/include/linux/gracl.h 2016-01-27 12:26:26.289959354 +0100 @@ -0,0 +1,342 @@ +#ifndef GR_ACL_H +#define GR_ACL_H + +#include +#include +#include +#include +#include + +/* Major status information */ + +#define GR_VERSION "grsecurity 3.1" +#define GRSECURITY_VERSION 0x3100 + +enum { + GR_SHUTDOWN = 0, + GR_ENABLE = 1, + GR_SPROLE = 2, + GR_OLDRELOAD = 3, + GR_SEGVMOD = 4, + GR_STATUS = 5, + GR_UNSPROLE = 6, + GR_PASSSET = 7, + GR_SPROLEPAM = 8, + GR_RELOAD = 9, +}; + +/* Password setup definitions + * kernel/grhash.c */ +enum { + GR_PW_LEN = 128, + GR_SALT_LEN = 16, + GR_SHA_LEN = 32, +}; + +enum { + GR_SPROLE_LEN = 64, +}; + +enum { + GR_NO_GLOB = 0, + GR_REG_GLOB, + GR_CREATE_GLOB +}; + +#define GR_NLIMITS 32 + +/* Begin Data Structures */ + +struct sprole_pw { + unsigned char *rolename; + unsigned char salt[GR_SALT_LEN]; + unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */ +}; + +struct name_entry { + __u32 key; + u64 inode; + dev_t device; + char *name; + __u16 len; + __u8 deleted; + struct name_entry *prev; + struct name_entry *next; +}; + +struct inodev_entry { + struct name_entry *nentry; + struct inodev_entry *prev; + struct inodev_entry *next; +}; + +struct acl_role_db { + struct acl_role_label **r_hash; + __u32 r_size; +}; + +struct inodev_db { + struct inodev_entry **i_hash; + __u32 i_size; +}; + +struct name_db { + struct name_entry **n_hash; + __u32 n_size; +}; + +struct crash_uid { + uid_t uid; + unsigned long expires; +}; + +struct gr_hash_struct { + void **table; + void **nametable; + void *first; + __u32 table_size; + __u32 used_size; + int type; +}; + +/* Userspace Grsecurity ACL data structures */ + +struct acl_subject_label { + char *filename; + u64 inode; + dev_t device; + __u32 mode; + kernel_cap_t cap_mask; + kernel_cap_t cap_lower; + kernel_cap_t cap_invert_audit; + + struct rlimit res[GR_NLIMITS]; + __u32 resmask; + + __u8 user_trans_type; + __u8 group_trans_type; + uid_t *user_transitions; + gid_t *group_transitions; + __u16 user_trans_num; + __u16 group_trans_num; + + __u32 sock_families[2]; + __u32 ip_proto[8]; + __u32 ip_type; + struct acl_ip_label **ips; + __u32 ip_num; + __u32 inaddr_any_override; + + __u32 crashes; + unsigned long expires; + + struct acl_subject_label *parent_subject; + struct gr_hash_struct *hash; + struct acl_subject_label *prev; + struct acl_subject_label *next; + + struct acl_object_label **obj_hash; + __u32 obj_hash_size; + __u16 pax_flags; +}; + +struct role_allowed_ip { + __u32 addr; + __u32 netmask; + + struct role_allowed_ip *prev; + struct role_allowed_ip *next; +}; + +struct role_transition { + char *rolename; + + struct role_transition *prev; + struct role_transition *next; +}; + +struct acl_role_label { + char *rolename; + uid_t uidgid; + __u16 roletype; + + __u16 auth_attempts; + unsigned long expires; + + struct acl_subject_label *root_label; + struct gr_hash_struct *hash; + + struct acl_role_label *prev; + struct acl_role_label *next; + + struct role_transition *transitions; + struct role_allowed_ip *allowed_ips; + uid_t *domain_children; + __u16 domain_child_num; + + umode_t umask; + + struct acl_subject_label **subj_hash; + __u32 subj_hash_size; +}; + +struct user_acl_role_db { + struct acl_role_label **r_table; + __u32 num_pointers; /* Number of allocations to track */ + __u32 num_roles; /* Number of roles */ + __u32 num_domain_children; /* Number of domain children */ + __u32 num_subjects; /* Number of subjects */ + __u32 num_objects; /* Number of objects */ +}; + +struct acl_object_label { + char *filename; + u64 inode; + dev_t device; + __u32 mode; + + struct acl_subject_label *nested; + struct acl_object_label *globbed; + + /* next two structures not used */ + + struct acl_object_label *prev; + struct acl_object_label *next; +}; + +struct acl_ip_label { + char *iface; + __u32 addr; + __u32 netmask; + __u16 low, high; + __u8 mode; + __u32 type; + __u32 proto[8]; + + /* next two structures not used */ + + struct acl_ip_label *prev; + struct acl_ip_label *next; +}; + +struct gr_arg { + struct user_acl_role_db role_db; + unsigned char pw[GR_PW_LEN]; + unsigned char salt[GR_SALT_LEN]; + unsigned char sum[GR_SHA_LEN]; + unsigned char sp_role[GR_SPROLE_LEN]; + struct sprole_pw *sprole_pws; + dev_t segv_device; + u64 segv_inode; + uid_t segv_uid; + __u16 num_sprole_pws; + __u16 mode; +}; + +struct gr_arg_wrapper { + struct gr_arg *arg; + __u32 version; + __u32 size; +}; + +struct subject_map { + struct acl_subject_label *user; + struct acl_subject_label *kernel; + struct subject_map *prev; + struct subject_map *next; +}; + +struct acl_subj_map_db { + struct subject_map **s_hash; + __u32 s_size; +}; + +struct gr_policy_state { + struct sprole_pw **acl_special_roles; + __u16 num_sprole_pws; + struct acl_role_label *kernel_role; + struct acl_role_label *role_list; + struct acl_role_label *default_role; + struct acl_role_db acl_role_set; + struct acl_subj_map_db subj_map_set; + struct name_db name_set; + struct inodev_db inodev_set; +}; + +struct gr_alloc_state { + unsigned long alloc_stack_next; + unsigned long alloc_stack_size; + void **alloc_stack; +}; + +struct gr_reload_state { + struct gr_policy_state oldpolicy; + struct gr_alloc_state oldalloc; + struct gr_policy_state newpolicy; + struct gr_alloc_state newalloc; + struct gr_policy_state *oldpolicy_ptr; + struct gr_alloc_state *oldalloc_ptr; + unsigned char oldmode; +}; + +/* End Data Structures Section */ + +/* Hash functions generated by empirical testing by Brad Spengler + Makes good use of the low bits of the inode. Generally 0-1 times + in loop for successful match. 0-3 for unsuccessful match. + Shift/add algorithm with modulus of table size and an XOR*/ + +static __inline__ unsigned int +gr_rhash(const uid_t uid, const __u16 type, const unsigned int sz) +{ + return ((((uid + type) << (16 + type)) ^ uid) % sz); +} + + static __inline__ unsigned int +gr_shash(const struct acl_subject_label *userp, const unsigned int sz) +{ + return ((const unsigned long)userp % sz); +} + +static __inline__ unsigned int +gr_fhash(const u64 ino, const dev_t dev, const unsigned int sz) +{ + unsigned int rem; + div_u64_rem((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9)), sz, &rem); + return rem; +} + +static __inline__ unsigned int +gr_nhash(const char *name, const __u16 len, const unsigned int sz) +{ + return full_name_hash((const unsigned char *)name, len) % sz; +} + +#define FOR_EACH_SUBJECT_START(role,subj,iter) \ + subj = NULL; \ + iter = 0; \ + while (iter < role->subj_hash_size) { \ + if (subj == NULL) \ + subj = role->subj_hash[iter]; \ + if (subj == NULL) { \ + iter++; \ + continue; \ + } + +#define FOR_EACH_SUBJECT_END(subj,iter) \ + subj = subj->next; \ + if (subj == NULL) \ + iter++; \ + } + + +#define FOR_EACH_NESTED_SUBJECT_START(role,subj) \ + subj = role->hash->first; \ + while (subj != NULL) { + +#define FOR_EACH_NESTED_SUBJECT_END(subj) \ + subj = subj->next; \ + } + +#endif + diff -Naur backports-4.2.6-1.org/include/linux/gralloc.h backports-4.2.6-1/include/linux/gralloc.h --- backports-4.2.6-1.org/include/linux/gralloc.h 1970-01-01 01:00:00.000000000 +0100 +++ backports-4.2.6-1/include/linux/gralloc.h 2016-01-27 12:26:26.289959354 +0100 @@ -0,0 +1,9 @@ +#ifndef __GRALLOC_H +#define __GRALLOC_H + +void acl_free_all(void); +int acl_alloc_stack_init(unsigned long size); +void *acl_alloc(unsigned long len); +void *acl_alloc_num(unsigned long num, unsigned long len); + +#endif diff -Naur backports-4.2.6-1.org/include/linux/grdefs.h backports-4.2.6-1/include/linux/grdefs.h --- backports-4.2.6-1.org/include/linux/grdefs.h 1970-01-01 01:00:00.000000000 +0100 +++ backports-4.2.6-1/include/linux/grdefs.h 2016-01-27 12:26:26.289959354 +0100 @@ -0,0 +1,140 @@ +#ifndef GRDEFS_H +#define GRDEFS_H + +/* Begin grsecurity status declarations */ + +enum { + GR_READY = 0x01, + GR_STATUS_INIT = 0x00 // disabled state +}; + +/* Begin ACL declarations */ + +/* Role flags */ + +enum { + GR_ROLE_USER = 0x0001, + GR_ROLE_GROUP = 0x0002, + GR_ROLE_DEFAULT = 0x0004, + GR_ROLE_SPECIAL = 0x0008, + GR_ROLE_AUTH = 0x0010, + GR_ROLE_NOPW = 0x0020, + GR_ROLE_GOD = 0x0040, + GR_ROLE_LEARN = 0x0080, + GR_ROLE_TPE = 0x0100, + GR_ROLE_DOMAIN = 0x0200, + GR_ROLE_PAM = 0x0400, + GR_ROLE_PERSIST = 0x0800 +}; + +/* ACL Subject and Object mode flags */ +enum { + GR_DELETED = 0x80000000 +}; + +/* ACL Object-only mode flags */ +enum { + GR_READ = 0x00000001, + GR_APPEND = 0x00000002, + GR_WRITE = 0x00000004, + GR_EXEC = 0x00000008, + GR_FIND = 0x00000010, + GR_INHERIT = 0x00000020, + GR_SETID = 0x00000040, + GR_CREATE = 0x00000080, + GR_DELETE = 0x00000100, + GR_LINK = 0x00000200, + GR_AUDIT_READ = 0x00000400, + GR_AUDIT_APPEND = 0x00000800, + GR_AUDIT_WRITE = 0x00001000, + GR_AUDIT_EXEC = 0x00002000, + GR_AUDIT_FIND = 0x00004000, + GR_AUDIT_INHERIT= 0x00008000, + GR_AUDIT_SETID = 0x00010000, + GR_AUDIT_CREATE = 0x00020000, + GR_AUDIT_DELETE = 0x00040000, + GR_AUDIT_LINK = 0x00080000, + GR_PTRACERD = 0x00100000, + GR_NOPTRACE = 0x00200000, + GR_SUPPRESS = 0x00400000, + GR_NOLEARN = 0x00800000, + GR_INIT_TRANSFER= 0x01000000 +}; + +#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \ + GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \ + GR_AUDIT_CREATE | GR_AUDIT_DELETE | GR_AUDIT_LINK) + +/* ACL subject-only mode flags */ +enum { + GR_KILL = 0x00000001, + GR_VIEW = 0x00000002, + GR_PROTECTED = 0x00000004, + GR_LEARN = 0x00000008, + GR_OVERRIDE = 0x00000010, + /* just a placeholder, this mode is only used in userspace */ + GR_DUMMY = 0x00000020, + GR_PROTSHM = 0x00000040, + GR_KILLPROC = 0x00000080, + GR_KILLIPPROC = 0x00000100, + /* just a placeholder, this mode is only used in userspace */ + GR_NOTROJAN = 0x00000200, + GR_PROTPROCFD = 0x00000400, + GR_PROCACCT = 0x00000800, + GR_RELAXPTRACE = 0x00001000, + //GR_NESTED = 0x00002000, + GR_INHERITLEARN = 0x00004000, + GR_PROCFIND = 0x00008000, + GR_POVERRIDE = 0x00010000, + GR_KERNELAUTH = 0x00020000, + GR_ATSECURE = 0x00040000, + GR_SHMEXEC = 0x00080000 +}; + +enum { + GR_PAX_ENABLE_SEGMEXEC = 0x0001, + GR_PAX_ENABLE_PAGEEXEC = 0x0002, + GR_PAX_ENABLE_MPROTECT = 0x0004, + GR_PAX_ENABLE_RANDMMAP = 0x0008, + GR_PAX_ENABLE_EMUTRAMP = 0x0010, + GR_PAX_DISABLE_SEGMEXEC = 0x0100, + GR_PAX_DISABLE_PAGEEXEC = 0x0200, + GR_PAX_DISABLE_MPROTECT = 0x0400, + GR_PAX_DISABLE_RANDMMAP = 0x0800, + GR_PAX_DISABLE_EMUTRAMP = 0x1000, +}; + +enum { + GR_ID_USER = 0x01, + GR_ID_GROUP = 0x02, +}; + +enum { + GR_ID_ALLOW = 0x01, + GR_ID_DENY = 0x02, +}; + +#define GR_CRASH_RES 31 +#define GR_UIDTABLE_MAX 500 + +/* begin resource learning section */ +enum { + GR_RLIM_CPU_BUMP = 60, + GR_RLIM_FSIZE_BUMP = 50000, + GR_RLIM_DATA_BUMP = 10000, + GR_RLIM_STACK_BUMP = 1000, + GR_RLIM_CORE_BUMP = 10000, + GR_RLIM_RSS_BUMP = 500000, + GR_RLIM_NPROC_BUMP = 1, + GR_RLIM_NOFILE_BUMP = 5, + GR_RLIM_MEMLOCK_BUMP = 50000, + GR_RLIM_AS_BUMP = 500000, + GR_RLIM_LOCKS_BUMP = 2, + GR_RLIM_SIGPENDING_BUMP = 5, + GR_RLIM_MSGQUEUE_BUMP = 10000, + GR_RLIM_NICE_BUMP = 1, + GR_RLIM_RTPRIO_BUMP = 1, + GR_RLIM_RTTIME_BUMP = 1000000 +}; + +#endif diff -Naur backports-4.2.6-1.org/include/linux/grinternal.h backports-4.2.6-1/include/linux/grinternal.h --- backports-4.2.6-1.org/include/linux/grinternal.h 1970-01-01 01:00:00.000000000 +0100 +++ backports-4.2.6-1/include/linux/grinternal.h 2016-01-27 12:26:26.289959354 +0100 @@ -0,0 +1,230 @@ +#ifndef __GRINTERNAL_H +#define __GRINTERNAL_H + +#ifdef CONFIG_GRKERNSEC + +#include +#include +#include +#include +#include +#include + +void gr_add_learn_entry(const char *fmt, ...) + __attribute__ ((format (printf, 1, 2))); +__u32 gr_search_file(const struct dentry *dentry, const __u32 mode, + const struct vfsmount *mnt); +__u32 gr_check_create(const struct dentry *new_dentry, + const struct dentry *parent, + const struct vfsmount *mnt, const __u32 mode); +int gr_check_protected_task(const struct task_struct *task); +__u32 to_gr_audit(const __u32 reqmode); +int gr_set_acls(const int type); +int gr_acl_is_enabled(void); +char gr_roletype_to_char(void); + +void gr_handle_alertkill(struct task_struct *task); +char *gr_to_filename(const struct dentry *dentry, + const struct vfsmount *mnt); +char *gr_to_filename1(const struct dentry *dentry, + const struct vfsmount *mnt); +char *gr_to_filename2(const struct dentry *dentry, + const struct vfsmount *mnt); +char *gr_to_filename3(const struct dentry *dentry, + const struct vfsmount *mnt); + +extern int grsec_enable_ptrace_readexec; +extern int grsec_enable_harden_ptrace; +extern int grsec_enable_link; +extern int grsec_enable_fifo; +extern int grsec_enable_execve; +extern int grsec_enable_shm; +extern int grsec_enable_execlog; +extern int grsec_enable_signal; +extern int grsec_enable_audit_ptrace; +extern int grsec_enable_forkfail; +extern int grsec_enable_time; +extern int grsec_enable_rofs; +extern int grsec_deny_new_usb; +extern int grsec_enable_chroot_shmat; +extern int grsec_enable_chroot_mount; +extern int grsec_enable_chroot_double; +extern int grsec_enable_chroot_pivot; +extern int grsec_enable_chroot_chdir; +extern int grsec_enable_chroot_chmod; +extern int grsec_enable_chroot_mknod; +extern int grsec_enable_chroot_fchdir; +extern int grsec_enable_chroot_nice; +extern int grsec_enable_chroot_execlog; +extern int grsec_enable_chroot_caps; +extern int grsec_enable_chroot_rename; +extern int grsec_enable_chroot_sysctl; +extern int grsec_enable_chroot_unix; +extern int grsec_enable_symlinkown; +extern kgid_t grsec_symlinkown_gid; +extern int grsec_enable_tpe; +extern kgid_t grsec_tpe_gid; +extern int grsec_enable_tpe_all; +extern int grsec_enable_tpe_invert; +extern int grsec_enable_socket_all; +extern kgid_t grsec_socket_all_gid; +extern int grsec_enable_socket_client; +extern kgid_t grsec_socket_client_gid; +extern int grsec_enable_socket_server; +extern kgid_t grsec_socket_server_gid; +extern kgid_t grsec_audit_gid; +extern int grsec_enable_group; +extern int grsec_enable_log_rwxmaps; +extern int grsec_enable_mount; +extern int grsec_enable_chdir; +extern int grsec_resource_logging; +extern int grsec_enable_blackhole; +extern int grsec_lastack_retries; +extern int grsec_enable_brute; +extern int grsec_enable_harden_ipc; +extern int grsec_lock; + +extern spinlock_t grsec_alert_lock; +extern unsigned long grsec_alert_wtime; +extern unsigned long grsec_alert_fyet; + +extern spinlock_t grsec_audit_lock; + +extern rwlock_t grsec_exec_file_lock; + +#define gr_task_fullpath(tsk) ((tsk)->exec_file ? \ + gr_to_filename2((tsk)->exec_file->f_path.dentry, \ + (tsk)->exec_file->f_path.mnt) : "/") + +#define gr_parent_task_fullpath(tsk) ((tsk)->real_parent->exec_file ? \ + gr_to_filename3((tsk)->real_parent->exec_file->f_path.dentry, \ + (tsk)->real_parent->exec_file->f_path.mnt) : "/") + +#define gr_task_fullpath0(tsk) ((tsk)->exec_file ? \ + gr_to_filename((tsk)->exec_file->f_path.dentry, \ + (tsk)->exec_file->f_path.mnt) : "/") + +#define gr_parent_task_fullpath0(tsk) ((tsk)->real_parent->exec_file ? \ + gr_to_filename1((tsk)->real_parent->exec_file->f_path.dentry, \ + (tsk)->real_parent->exec_file->f_path.mnt) : "/") + +#define proc_is_chrooted(tsk_a) ((tsk_a)->gr_is_chrooted) + +#define have_same_root(tsk_a,tsk_b) ((tsk_a)->gr_chroot_dentry == (tsk_b)->gr_chroot_dentry) + +static inline bool gr_is_same_file(const struct file *file1, const struct file *file2) +{ + if (file1 && file2) { + const struct inode *inode1 = file1->f_path.dentry->d_inode; + const struct inode *inode2 = file2->f_path.dentry->d_inode; + if (inode1->i_ino == inode2->i_ino && inode1->i_sb->s_dev == inode2->i_sb->s_dev) + return true; + } + + return false; +} + +#define GR_CHROOT_CAPS {{ \ + CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \ + CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \ + CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \ + CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \ + CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \ + CAP_TO_MASK(CAP_IPC_OWNER) | CAP_TO_MASK(CAP_SETFCAP), \ + CAP_TO_MASK(CAP_SYSLOG) | CAP_TO_MASK(CAP_MAC_ADMIN) }} + +#define security_learn(normal_msg,args...) \ +({ \ + read_lock(&grsec_exec_file_lock); \ + gr_add_learn_entry(normal_msg "\n", ## args); \ + read_unlock(&grsec_exec_file_lock); \ +}) + +enum { + GR_DO_AUDIT, + GR_DONT_AUDIT, + /* used for non-audit messages that we shouldn't kill the task on */ + GR_DONT_AUDIT_GOOD +}; + +enum { + GR_TTYSNIFF, + GR_RBAC, + GR_RBAC_STR, + GR_STR_RBAC, + GR_RBAC_MODE2, + GR_RBAC_MODE3, + GR_FILENAME, + GR_SYSCTL_HIDDEN, + GR_NOARGS, + GR_ONE_INT, + GR_ONE_INT_TWO_STR, + GR_ONE_STR, + GR_STR_INT, + GR_TWO_STR_INT, + GR_TWO_INT, + GR_TWO_U64, + GR_THREE_INT, + GR_FIVE_INT_TWO_STR, + GR_TWO_STR, + GR_THREE_STR, + GR_FOUR_STR, + GR_STR_FILENAME, + GR_FILENAME_STR, + GR_FILENAME_TWO_INT, + GR_FILENAME_TWO_INT_STR, + GR_TEXTREL, + GR_PTRACE, + GR_RESOURCE, + GR_CAP, + GR_SIG, + GR_SIG2, + GR_CRASH1, + GR_CRASH2, + GR_PSACCT, + GR_RWXMAP, + GR_RWXMAPVMA +}; + +#define gr_log_hidden_sysctl(audit, msg, str) gr_log_varargs(audit, msg, GR_SYSCTL_HIDDEN, str) +#define gr_log_ttysniff(audit, msg, task) gr_log_varargs(audit, msg, GR_TTYSNIFF, task) +#define gr_log_fs_rbac_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_RBAC, dentry, mnt) +#define gr_log_fs_rbac_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_RBAC_STR, dentry, mnt, str) +#define gr_log_fs_str_rbac(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_RBAC, str, dentry, mnt) +#define gr_log_fs_rbac_mode2(audit, msg, dentry, mnt, str1, str2) gr_log_varargs(audit, msg, GR_RBAC_MODE2, dentry, mnt, str1, str2) +#define gr_log_fs_rbac_mode3(audit, msg, dentry, mnt, str1, str2, str3) gr_log_varargs(audit, msg, GR_RBAC_MODE3, dentry, mnt, str1, str2, str3) +#define gr_log_fs_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_FILENAME, dentry, mnt) +#define gr_log_noargs(audit, msg) gr_log_varargs(audit, msg, GR_NOARGS) +#define gr_log_int(audit, msg, num) gr_log_varargs(audit, msg, GR_ONE_INT, num) +#define gr_log_int_str2(audit, msg, num, str1, str2) gr_log_varargs(audit, msg, GR_ONE_INT_TWO_STR, num, str1, str2) +#define gr_log_str(audit, msg, str) gr_log_varargs(audit, msg, GR_ONE_STR, str) +#define gr_log_str_int(audit, msg, str, num) gr_log_varargs(audit, msg, GR_STR_INT, str, num) +#define gr_log_int_int(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_INT, num1, num2) +#define gr_log_two_u64(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_U64, num1, num2) +#define gr_log_int3(audit, msg, num1, num2, num3) gr_log_varargs(audit, msg, GR_THREE_INT, num1, num2, num3) +#define gr_log_int5_str2(audit, msg, num1, num2, str1, str2) gr_log_varargs(audit, msg, GR_FIVE_INT_TWO_STR, num1, num2, str1, str2) +#define gr_log_str_str(audit, msg, str1, str2) gr_log_varargs(audit, msg, GR_TWO_STR, str1, str2) +#define gr_log_str2_int(audit, msg, str1, str2, num) gr_log_varargs(audit, msg, GR_TWO_STR_INT, str1, str2, num) +#define gr_log_str3(audit, msg, str1, str2, str3) gr_log_varargs(audit, msg, GR_THREE_STR, str1, str2, str3) +#define gr_log_str4(audit, msg, str1, str2, str3, str4) gr_log_varargs(audit, msg, GR_FOUR_STR, str1, str2, str3, str4) +#define gr_log_str_fs(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_FILENAME, str, dentry, mnt) +#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str) +#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2) +#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str) +#define gr_log_textrel_ulong_ulong(audit, msg, str, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, str, file, ulong1, ulong2) +#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task) +#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2) +#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str) +#define gr_log_sig_addr(audit, msg, str, addr) gr_log_varargs(audit, msg, GR_SIG, str, addr) +#define gr_log_sig_task(audit, msg, task, num) gr_log_varargs(audit, msg, GR_SIG2, task, num) +#define gr_log_crash1(audit, msg, task, ulong) gr_log_varargs(audit, msg, GR_CRASH1, task, ulong) +#define gr_log_crash2(audit, msg, task, ulong1) gr_log_varargs(audit, msg, GR_CRASH2, task, ulong1) +#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) +#define gr_log_rwxmap(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAP, str) +#define gr_log_rwxmap_vma(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAPVMA, str) + +void gr_log_varargs(int audit, const char *msg, int argtypes, ...); + +#endif + +#endif diff -Naur backports-4.2.6-1.org/include/linux/grmsg.h backports-4.2.6-1/include/linux/grmsg.h --- backports-4.2.6-1.org/include/linux/grmsg.h 1970-01-01 01:00:00.000000000 +0100 +++ backports-4.2.6-1/include/linux/grmsg.h 2016-01-27 12:26:26.289959354 +0100 @@ -0,0 +1,118 @@ +#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u" +#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u" +#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by " +#define GR_STOPMOD_MSG "denied modification of module state by " +#define GR_ROFS_BLOCKWRITE_MSG "denied write to block device %.950s by " +#define GR_ROFS_MOUNT_MSG "denied writable mount of %.950s by " +#define GR_IOPERM_MSG "denied use of ioperm() by " +#define GR_IOPL_MSG "denied use of iopl() by " +#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by " +#define GR_UNIX_CHROOT_MSG "denied connect() to abstract AF_UNIX socket outside of chroot by " +#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by " +#define GR_MEM_READWRITE_MSG "denied access of range %Lx -> %Lx in /dev/mem by " +#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by " +#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%pI4" +#define GR_ID_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%c\t%d\t%d\t%d\t%pI4" +#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by " +#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by " +#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by " +#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by " +#define GR_MKNOD_CHROOT_MSG "denied mknod of %.950s from chroot by " +#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by " +#define GR_UNIXCONNECT_ACL_MSG "%s connect() to the unix domain socket %.950s by " +#define GR_TTYSNIFF_ACL_MSG "terminal being sniffed by IP:%pI4 %.480s[%.16s:%d], parent %.480s[%.16s:%d] against " +#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by " +#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by " +#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by " +#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by " +#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for " +#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by " +#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by " +#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by " +#define GR_UNSAFESHARE_EXEC_ACL_MSG "denied exec with cloned fs of %.950s by " +#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by " +#define GR_EXEC_ACL_MSG "%s execution of %.950s by " +#define GR_EXEC_TPE_MSG "denied untrusted exec (due to %.70s) of %.950s by " +#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds" +#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution for %lu seconds" +#define GR_MOUNT_CHROOT_MSG "denied mount of %.256s as %.930s from chroot by " +#define GR_PIVOT_CHROOT_MSG "denied pivot_root from chroot by " +#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by " +#define GR_ATIME_ACL_MSG "%s access time change of %.950s by " +#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by " +#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by " +#define GR_CHROOT_RENAME_MSG "denied bad rename of %.950s out of a chroot by " +#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by " +#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by " +#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by " +#define GR_CHROOT_FHANDLE_MSG "denied use of file handles inside chroot by " +#define GR_CHOWN_ACL_MSG "%s chown of %.950s by " +#define GR_SETXATTR_ACL_MSG "%s setting extended attribute of %.950s by " +#define GR_REMOVEXATTR_ACL_MSG "%s removing extended attribute of %.950s by " +#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by " +#define GR_INITF_ACL_MSG "init_variables() failed %s by " +#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use gracl=off from your boot loader" +#define GR_DEV_ACL_MSG "/dev/grsec: %d bytes sent %d required, being fed garbage by " +#define GR_SHUTS_ACL_MSG "shutdown auth success for " +#define GR_SHUTF_ACL_MSG "shutdown auth failure for " +#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for " +#define GR_SEGVMODS_ACL_MSG "segvmod auth success for " +#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for " +#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for " +#define GR_ENABLE_ACL_MSG "%s RBAC system loaded by " +#define GR_ENABLEF_ACL_MSG "unable to load %s for " +#define GR_RELOADI_ACL_MSG "ignoring reload request for disabled RBAC system" +#define GR_RELOAD_ACL_MSG "%s RBAC system reloaded by " +#define GR_RELOADF_ACL_MSG "failed reload of %s for " +#define GR_SPROLEI_ACL_MSG "ignoring change to special role for disabled RBAC system for " +#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by " +#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by " +#define GR_SPROLEF_ACL_MSG "special role %s failure for " +#define GR_UNSPROLEI_ACL_MSG "ignoring unauth of special role for disabled RBAC system for " +#define GR_UNSPROLES_ACL_MSG "successful unauth of special role %s (id %d) by " +#define GR_INVMODE_ACL_MSG "invalid mode %d by " +#define GR_PRIORITY_CHROOT_MSG "denied priority change of process (%.16s:%d) by " +#define GR_FAILFORK_MSG "failed fork with errno %s by " +#define GR_NICE_CHROOT_MSG "denied priority change by " +#define GR_UNISIGLOG_MSG "%.32s occurred at %p in " +#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by " +#define GR_SIG_ACL_MSG "denied send of signal %d to protected task " DEFAULTSECMSG " by " +#define GR_SYSCTL_MSG "denied modification of grsecurity sysctl value : %.32s by " +#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by " +#define GR_TIME_MSG "time set by " +#define GR_DEFACL_MSG "fatal: unable to find subject for (%.16s:%d), loaded by " +#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by " +#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by " +#define GR_SOCK_MSG "denied socket(%.16s,%.16s,%.16s) by " +#define GR_SOCK_NOINET_MSG "denied socket(%.16s,%.16s,%d) by " +#define GR_BIND_MSG "denied bind() by " +#define GR_CONNECT_MSG "denied connect() by " +#define GR_BIND_ACL_MSG "denied bind() to %pI4 port %u sock type %.16s protocol %.16s by " +#define GR_CONNECT_ACL_MSG "denied connect() to %pI4 port %u sock type %.16s protocol %.16s by " +#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4" +#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process " +#define GR_CAP_ACL_MSG "use of %s denied for " +#define GR_CAP_CHROOT_MSG "use of %s in chroot denied for " +#define GR_CAP_ACL_MSG2 "use of %s permitted for " +#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for " +#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for " +#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by " +#define GR_UNMOUNT_AUDIT_MSG "unmount of %.256s by " +#define GR_MOUNT_AUDIT_MSG "mount of %.256s to %.256s by " +#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by " +#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.128s) by " +#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for " +#define GR_RWXMMAP_MSG "denied RWX mmap of %.950s by " +#define GR_RWXMPROTECT_MSG "denied RWX mprotect of %.950s by " +#define GR_TEXTREL_AUDIT_MSG "allowed %s text relocation transition in %.950s, VMA:0x%08lx 0x%08lx by " +#define GR_PTGNUSTACK_MSG "denied marking stack executable as requested by PT_GNU_STACK marking in %.950s by " +#define GR_VM86_MSG "denied use of vm86 by " +#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by " +#define GR_PTRACE_READEXEC_MSG "denied ptrace of unreadable binary %.950s by " +#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by " +#define GR_BADPROCPID_MSG "denied read of sensitive /proc/pid/%s entry via fd passed across exec by " +#define GR_SYMLINKOWNER_MSG "denied following symlink %.950s since symlink owner %u does not match target owner %u, by " +#define GR_BRUTE_DAEMON_MSG "bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for " +#define GR_BRUTE_SUID_MSG "bruteforce prevention initiated due to crash of %.950s against uid %u, banning suid/sgid execs for %u minutes. Please investigate the crash report for " +#define GR_IPC_DENIED_MSG "denied %s of overly-permissive IPC object with creator uid %u by " +#define GR_MSRWRITE_MSG "denied write to CPU MSR by " diff -Naur backports-4.2.6-1.org/include/linux/grsecurity.h backports-4.2.6-1/include/linux/grsecurity.h --- backports-4.2.6-1.org/include/linux/grsecurity.h 1970-01-01 01:00:00.000000000 +0100 +++ backports-4.2.6-1/include/linux/grsecurity.h 2016-01-27 12:26:26.289959354 +0100 @@ -0,0 +1,255 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include +#include +#include +#include + +/* notify of brain-dead configs */ +#if defined(CONFIG_DEBUG_FS) && defined(CONFIG_GRKERNSEC_KMEM) +#error "CONFIG_DEBUG_FS being enabled is a security risk when CONFIG_GRKERNSEC_KMEM is enabled" +#endif +#if defined(CONFIG_PROC_PAGE_MONITOR) && defined(CONFIG_GRKERNSEC) +#error "CONFIG_PROC_PAGE_MONITOR is a security risk" +#endif +#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP) +#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled." +#endif +#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP) +#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled" +#endif +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC) +#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled." +#endif +#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP) +#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled." +#endif +#if defined(CONFIG_PAX) && !defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_ASLR) +#error "CONFIG_PAX enabled, but no PaX options are enabled." +#endif + +int gr_handle_new_usb(void); + +void gr_handle_brute_attach(int dumpable); +void gr_handle_brute_check(void); +void gr_handle_kernel_exploit(void); + +char gr_roletype_to_char(void); + +int gr_proc_is_restricted(void); + +int gr_acl_enable_at_secure(void); + +int gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs); +int gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs); + +int gr_learn_cap(const struct task_struct *task, const struct cred *cred, const int cap); + +void gr_del_task_from_ip_table(struct task_struct *p); + +int gr_pid_is_chrooted(struct task_struct *p); +int gr_handle_chroot_fowner(struct pid *pid, enum pid_type type); +int gr_handle_chroot_nice(void); +int gr_handle_chroot_sysctl(const int op); +int gr_handle_chroot_setpriority(struct task_struct *p, + const int niceval); +int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt); +int gr_chroot_fhandle(void); +int gr_handle_chroot_chroot(const struct dentry *dentry, + const struct vfsmount *mnt); +void gr_handle_chroot_chdir(const struct path *path); +int gr_handle_chroot_chmod(const struct dentry *dentry, + const struct vfsmount *mnt, const int mode); +int gr_handle_chroot_mknod(const struct dentry *dentry, + const struct vfsmount *mnt, const int mode); +int gr_handle_chroot_mount(const struct dentry *dentry, + const struct vfsmount *mnt, + const char *dev_name); +int gr_handle_chroot_pivot(void); +int gr_handle_chroot_unix(const pid_t pid); + +int gr_handle_rawio(const struct inode *inode); + +void gr_handle_ioperm(void); +void gr_handle_iopl(void); +void gr_handle_msr_write(void); + +umode_t gr_acl_umask(void); + +int gr_tpe_allow(const struct file *file); + +void gr_set_chroot_entries(struct task_struct *task, const struct path *path); +void gr_clear_chroot_entries(struct task_struct *task); + +void gr_log_forkfail(const int retval); +void gr_log_timechange(void); +void gr_log_signal(const int sig, const void *addr, const struct task_struct *t); +void gr_log_chdir(const struct dentry *dentry, + const struct vfsmount *mnt); +void gr_log_chroot_exec(const struct dentry *dentry, + const struct vfsmount *mnt); +void gr_log_remount(const char *devname, const int retval); +void gr_log_unmount(const char *devname, const int retval); +void gr_log_mount(const char *from, struct path *to, const int retval); +void gr_log_textrel(struct vm_area_struct *vma, bool is_textrel_rw); +void gr_log_ptgnustack(struct file *file); +void gr_log_rwxmmap(struct file *file); +void gr_log_rwxmprotect(struct vm_area_struct *vma); + +int gr_handle_follow_link(const struct dentry *dentry, + const struct vfsmount *mnt); +int gr_handle_fifo(const struct dentry *dentry, + const struct vfsmount *mnt, + const struct dentry *dir, const int flag, + const int acc_mode); +int gr_handle_hardlink(const struct dentry *dentry, + const struct vfsmount *mnt, + const struct filename *to); + +int gr_is_capable(const int cap); +int gr_is_capable_nolog(const int cap); +int gr_task_is_capable(const struct task_struct *task, const struct cred *cred, const int cap); +int gr_task_is_capable_nolog(const struct task_struct *task, const int cap); + +void gr_copy_label(struct task_struct *tsk); +void gr_handle_crash(struct task_struct *task, const int sig); +int gr_handle_signal(const struct task_struct *p, const int sig); +int gr_check_crash_uid(const kuid_t uid); +int gr_check_protected_task(const struct task_struct *task); +int gr_check_protected_task_fowner(struct pid *pid, enum pid_type type); +int gr_acl_handle_mmap(const struct file *file, + const unsigned long prot); +int gr_acl_handle_mprotect(const struct file *file, + const unsigned long prot); +int gr_check_hidden_task(const struct task_struct *tsk); +__u32 gr_acl_handle_truncate(const struct dentry *dentry, + const struct vfsmount *mnt); +__u32 gr_acl_handle_utime(const struct dentry *dentry, + const struct vfsmount *mnt); +__u32 gr_acl_handle_access(const struct dentry *dentry, + const struct vfsmount *mnt, const int fmode); +__u32 gr_acl_handle_chmod(const struct dentry *dentry, + const struct vfsmount *mnt, umode_t *mode); +__u32 gr_acl_handle_chown(const struct dentry *dentry, + const struct vfsmount *mnt); +__u32 gr_acl_handle_setxattr(const struct dentry *dentry, + const struct vfsmount *mnt); +__u32 gr_acl_handle_removexattr(const struct dentry *dentry, + const struct vfsmount *mnt); +int gr_handle_ptrace(struct task_struct *task, const long request); +int gr_handle_proc_ptrace(struct task_struct *task); +__u32 gr_acl_handle_execve(const struct dentry *dentry, + const struct vfsmount *mnt); +int gr_check_crash_exec(const struct file *filp); +int gr_acl_is_enabled(void); +void gr_set_role_label(struct task_struct *task, const kuid_t uid, + const kgid_t gid); +int gr_set_proc_label(const struct dentry *dentry, + const struct vfsmount *mnt, + const int unsafe_flags); +__u32 gr_acl_handle_hidden_file(const struct dentry *dentry, + const struct vfsmount *mnt); +__u32 gr_acl_handle_open(const struct dentry *dentry, + const struct vfsmount *mnt, int acc_mode); +__u32 gr_acl_handle_creat(const struct dentry *dentry, + const struct dentry *p_dentry, + const struct vfsmount *p_mnt, + int open_flags, int acc_mode, const int imode); +void gr_handle_create(const struct dentry *dentry, + const struct vfsmount *mnt); +void gr_handle_proc_create(const struct dentry *dentry, + const struct inode *inode); +__u32 gr_acl_handle_mknod(const struct dentry *new_dentry, + const struct dentry *parent_dentry, + const struct vfsmount *parent_mnt, + const int mode); +__u32 gr_acl_handle_mkdir(const struct dentry *new_dentry, + const struct dentry *parent_dentry, + const struct vfsmount *parent_mnt); +__u32 gr_acl_handle_rmdir(const struct dentry *dentry, + const struct vfsmount *mnt); +void gr_handle_delete(const u64 ino, const dev_t dev); +__u32 gr_acl_handle_unlink(const struct dentry *dentry, + const struct vfsmount *mnt); +__u32 gr_acl_handle_symlink(const struct dentry *new_dentry, + const struct dentry *parent_dentry, + const struct vfsmount *parent_mnt, + const struct filename *from); +__u32 gr_acl_handle_link(const struct dentry *new_dentry, + const struct dentry *parent_dentry, + const struct vfsmount *parent_mnt, + const struct dentry *old_dentry, + const struct vfsmount *old_mnt, const struct filename *to); +int gr_handle_symlink_owner(const struct path *link, const struct inode *target); +int gr_acl_handle_rename(struct dentry *new_dentry, + struct dentry *parent_dentry, + const struct vfsmount *parent_mnt, + struct dentry *old_dentry, + struct inode *old_parent_inode, + struct vfsmount *old_mnt, const struct filename *newname, unsigned int flags); +void gr_handle_rename(struct inode *old_dir, struct inode *new_dir, + struct dentry *old_dentry, + struct dentry *new_dentry, + struct vfsmount *mnt, const __u8 replace, unsigned int flags); +__u32 gr_check_link(const struct dentry *new_dentry, + const struct dentry *parent_dentry, + const struct vfsmount *parent_mnt, + const struct dentry *old_dentry, + const struct vfsmount *old_mnt); +int gr_acl_handle_filldir(const struct file *file, const char *name, + const unsigned int namelen, const u64 ino); + +__u32 gr_acl_handle_unix(const struct dentry *dentry, + const struct vfsmount *mnt); +void gr_acl_handle_exit(void); +void gr_acl_handle_psacct(struct task_struct *task, const long code); +int gr_acl_handle_procpidmem(const struct task_struct *task); +int gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags); +int gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode); +void gr_audit_ptrace(struct task_struct *task); +dev_t gr_get_dev_from_dentry(struct dentry *dentry); +u64 gr_get_ino_from_dentry(struct dentry *dentry); +void gr_put_exec_file(struct task_struct *task); + +int gr_get_symlinkown_enabled(void); + +int gr_ptrace_readexec(struct file *file, int unsafe_flags); + +void gr_inc_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt); +void gr_dec_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt); +int gr_bad_chroot_rename(struct dentry *olddentry, struct vfsmount *oldmnt, + struct dentry *newdentry, struct vfsmount *newmnt); + +#ifdef CONFIG_GRKERNSEC_RESLOG +extern void gr_log_resource(const struct task_struct *task, const int res, + const unsigned long wanted, const int gt); +#else +static inline void gr_log_resource(const struct task_struct *task, const int res, + const unsigned long wanted, const int gt) +{ +} +#endif + +#ifdef CONFIG_GRKERNSEC +void task_grsec_rbac(struct seq_file *m, struct task_struct *p); +void gr_handle_vm86(void); +void gr_handle_mem_readwrite(u64 from, u64 to); + +void gr_log_badprocpid(const char *entry); + +extern int grsec_enable_dmesg; +extern int grsec_disable_privio; + +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP +extern kgid_t grsec_proc_gid; +#endif + +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK +extern int grsec_enable_chroot_findtask; +#endif +#ifdef CONFIG_GRKERNSEC_SETXID +extern int grsec_enable_setxid; +#endif +#endif + +#endif diff -Naur backports-4.2.6-1.org/include/linux/grsock.h backports-4.2.6-1/include/linux/grsock.h --- backports-4.2.6-1.org/include/linux/grsock.h 1970-01-01 01:00:00.000000000 +0100 +++ backports-4.2.6-1/include/linux/grsock.h 2016-01-27 12:26:26.289959354 +0100 @@ -0,0 +1,19 @@ +#ifndef __GRSOCK_H +#define __GRSOCK_H + +extern void gr_attach_curr_ip(const struct sock *sk); +extern int gr_handle_sock_all(const int family, const int type, + const int protocol); +extern int gr_handle_sock_server(const struct sockaddr *sck); +extern int gr_handle_sock_server_other(const struct sock *sck); +extern int gr_handle_sock_client(const struct sockaddr *sck); +extern int gr_search_connect(struct socket * sock, + struct sockaddr_in * addr); +extern int gr_search_bind(struct socket * sock, + struct sockaddr_in * addr); +extern int gr_search_listen(struct socket * sock); +extern int gr_search_accept(struct socket * sock); +extern int gr_search_socket(const int domain, const int type, + const int protocol); + +#endif diff -Naur backports-4.2.6-1.org/include/linux/netfilter/xt_gradm.h backports-4.2.6-1/include/linux/netfilter/xt_gradm.h --- backports-4.2.6-1.org/include/linux/netfilter/xt_gradm.h 1970-01-01 01:00:00.000000000 +0100 +++ backports-4.2.6-1/include/linux/netfilter/xt_gradm.h 2016-01-27 12:26:31.209959056 +0100 @@ -0,0 +1,9 @@ +#ifndef _LINUX_NETFILTER_XT_GRADM_H +#define _LINUX_NETFILTER_XT_GRADM_H 1 + +struct xt_gradm_mtinfo { + __u16 flags; + __u16 invflags; +}; + +#endif diff -Naur backports-4.2.6-1.org/include/linux/unaligned/access_ok.h backports-4.2.6-1/include/linux/unaligned/access_ok.h --- backports-4.2.6-1.org/include/linux/unaligned/access_ok.h 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/include/linux/unaligned/access_ok.h 2016-01-27 12:26:31.219959057 +0100 @@ -4,34 +4,34 @@ #include #include -static inline u16 get_unaligned_le16(const void *p) +static inline u16 __intentional_overflow(-1) get_unaligned_le16(const void *p) { - return le16_to_cpup((__le16 *)p); + return le16_to_cpup((const __le16 *)p); } -static inline u32 get_unaligned_le32(const void *p) +static inline u32 __intentional_overflow(-1) get_unaligned_le32(const void *p) { - return le32_to_cpup((__le32 *)p); + return le32_to_cpup((const __le32 *)p); } -static inline u64 get_unaligned_le64(const void *p) +static inline u64 __intentional_overflow(-1) get_unaligned_le64(const void *p) { - return le64_to_cpup((__le64 *)p); + return le64_to_cpup((const __le64 *)p); } -static inline u16 get_unaligned_be16(const void *p) +static inline u16 __intentional_overflow(-1) get_unaligned_be16(const void *p) { - return be16_to_cpup((__be16 *)p); + return be16_to_cpup((const __be16 *)p); } -static inline u32 get_unaligned_be32(const void *p) +static inline u32 __intentional_overflow(-1) get_unaligned_be32(const void *p) { - return be32_to_cpup((__be32 *)p); + return be32_to_cpup((const __be32 *)p); } -static inline u64 get_unaligned_be64(const void *p) +static inline u64 __intentional_overflow(-1) get_unaligned_be64(const void *p) { - return be64_to_cpup((__be64 *)p); + return be64_to_cpup((const __be64 *)p); } static inline void put_unaligned_le16(u16 val, void *p) diff -Naur backports-4.2.6-1.org/include/media/v4l2-dev.h backports-4.2.6-1/include/media/v4l2-dev.h --- backports-4.2.6-1.org/include/media/v4l2-dev.h 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/include/media/v4l2-dev.h 2016-01-27 12:26:31.219959057 +0100 @@ -74,7 +74,7 @@ int (*mmap) (struct file *, struct vm_area_struct *); int (*open) (struct file *); int (*release) (struct file *); -}; +} __do_const; /* * Newer version of video_device, handled by videodev2.c diff -Naur backports-4.2.6-1.org/include/media/v4l2-device.h backports-4.2.6-1/include/media/v4l2-device.h --- backports-4.2.6-1.org/include/media/v4l2-device.h 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/include/media/v4l2-device.h 2016-01-27 12:26:31.219959057 +0100 @@ -93,7 +93,7 @@ this function returns 0. If the name ends with a digit (e.g. cx18), then the name will be set to cx18-0 since cx180 looks really odd. */ int v4l2_device_set_name(struct v4l2_device *v4l2_dev, const char *basename, - atomic_t *instance); + atomic_unchecked_t *instance); /* Set v4l2_dev->dev to NULL. Call when the USB parent disconnects. Since the parent disappears this ensures that v4l2_dev doesn't have an diff -Naur backports-4.2.6-1.org/include/net/bluetooth/l2cap.h backports-4.2.6-1/include/net/bluetooth/l2cap.h --- backports-4.2.6-1.org/include/net/bluetooth/l2cap.h 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/include/net/bluetooth/l2cap.h 2016-01-27 12:31:52.866600109 +0100 @@ -615,7 +615,7 @@ struct iovec *iov, int len); #endif -}; +} __do_const; struct l2cap_conn { struct hci_conn *hcon; diff -Naur backports-4.2.6-1.org/include/net/mac80211.h backports-4.2.6-1/include/net/mac80211.h --- backports-4.2.6-1.org/include/net/mac80211.h 2015-11-15 22:19:38.000000000 +0100 +++ backports-4.2.6-1/include/net/mac80211.h 2016-01-27 12:26:31.223292389 +0100 @@ -5106,7 +5106,7 @@ struct sk_buff *skb; struct ieee80211_tx_rate reported_rate; bool rts, short_preamble; - u8 max_rate_idx; + s8 max_rate_idx; u32 rate_idx_mask; u8 *rate_idx_mcs_mask; bool bss; @@ -5143,7 +5143,7 @@ void (*remove_sta_debugfs)(void *priv, void *priv_sta); u32 (*get_expected_throughput)(void *priv_sta); -}; +} __do_const; static inline int rate_supported(struct ieee80211_sta *sta, enum ieee80211_band band, diff -Naur backports-4.2.6-1.org/include/trace/events/fs.h backports-4.2.6-1/include/trace/events/fs.h --- backports-4.2.6-1.org/include/trace/events/fs.h 1970-01-01 01:00:00.000000000 +0100 +++ backports-4.2.6-1/include/trace/events/fs.h 2016-01-27 12:26:31.226625722 +0100 @@ -0,0 +1,53 @@ +#undef TRACE_SYSTEM +#define TRACE_SYSTEM fs + +#if !defined(_TRACE_FS_H) || defined(TRACE_HEADER_MULTI_READ) +#define _TRACE_FS_H + +#include +#include + +TRACE_EVENT(do_sys_open, + + TP_PROTO(const char *filename, int flags, int mode), + + TP_ARGS(filename, flags, mode), + + TP_STRUCT__entry( + __string( filename, filename ) + __field( int, flags ) + __field( int, mode ) + ), + + TP_fast_assign( + __assign_str(filename, filename); + __entry->flags = flags; + __entry->mode = mode; + ), + + TP_printk("\"%s\" %x %o", + __get_str(filename), __entry->flags, __entry->mode) +); + +TRACE_EVENT(open_exec, + + TP_PROTO(const char *filename), + + TP_ARGS(filename), + + TP_STRUCT__entry( + __string( filename, filename ) + ), + + TP_fast_assign( + __assign_str(filename, filename); + ), + + TP_printk("\"%s\"", + __get_str(filename)) +); + +#endif /* _TRACE_FS_H */ + +/* This part must be outside protection */ +#include diff -Naur backports-4.2.6-1.org/net/bluetooth/hci_sock.c backports-4.2.6-1/net/bluetooth/hci_sock.c --- backports-4.2.6-1.org/net/bluetooth/hci_sock.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/net/bluetooth/hci_sock.c 2016-01-27 12:26:36.269958751 +0100 @@ -1266,7 +1266,7 @@ uf.event_mask[1] = *((u32 *) f->event_mask + 1); } - len = min_t(unsigned int, len, sizeof(uf)); + len = min((size_t)len, sizeof(uf)); if (copy_from_user(&uf, optval, len)) { err = -EFAULT; break; diff -Naur backports-4.2.6-1.org/net/bluetooth/l2cap_core.c backports-4.2.6-1/net/bluetooth/l2cap_core.c --- backports-4.2.6-1.org/net/bluetooth/l2cap_core.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/net/bluetooth/l2cap_core.c 2016-01-27 12:26:36.269958751 +0100 @@ -3547,8 +3547,10 @@ break; case L2CAP_CONF_RFC: - if (olen == sizeof(rfc)) - memcpy(&rfc, (void *)val, olen); + if (olen != sizeof(rfc)) + break; + + memcpy(&rfc, (void *)val, olen); if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && rfc.mode != chan->mode) diff -Naur backports-4.2.6-1.org/net/bluetooth/l2cap_sock.c backports-4.2.6-1/net/bluetooth/l2cap_sock.c --- backports-4.2.6-1.org/net/bluetooth/l2cap_sock.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/net/bluetooth/l2cap_sock.c 2016-01-27 12:26:36.269958751 +0100 @@ -633,7 +633,8 @@ struct sock *sk = sock->sk; struct l2cap_chan *chan = l2cap_pi(sk)->chan; struct l2cap_options opts; - int len, err = 0; + int err = 0; + size_t len = optlen; u32 opt; BT_DBG("sk %p", sk); @@ -660,7 +661,7 @@ opts.max_tx = chan->max_tx; opts.txwin_size = chan->tx_win; - len = min_t(unsigned int, sizeof(opts), optlen); + len = min(sizeof(opts), len); if (copy_from_user((char *) &opts, optval, len)) { err = -EFAULT; break; @@ -747,7 +748,8 @@ struct bt_security sec; struct bt_power pwr; struct l2cap_conn *conn; - int len, err = 0; + int err = 0; + size_t len = optlen; u32 opt; BT_DBG("sk %p", sk); @@ -771,7 +773,7 @@ sec.level = BT_SECURITY_LOW; - len = min_t(unsigned int, sizeof(sec), optlen); + len = min(sizeof(sec), len); if (copy_from_user((char *) &sec, optval, len)) { err = -EFAULT; break; @@ -867,7 +869,7 @@ pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; - len = min_t(unsigned int, sizeof(pwr), optlen); + len = min(sizeof(pwr), len); if (copy_from_user((char *) &pwr, optval, len)) { err = -EFAULT; break; diff -Naur backports-4.2.6-1.org/net/bluetooth/rfcomm/sock.c backports-4.2.6-1/net/bluetooth/rfcomm/sock.c --- backports-4.2.6-1.org/net/bluetooth/rfcomm/sock.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/net/bluetooth/rfcomm/sock.c 2016-01-27 12:26:36.269958751 +0100 @@ -713,7 +713,7 @@ struct sock *sk = sock->sk; struct bt_security sec; int err = 0; - size_t len; + size_t len = optlen; u32 opt; BT_DBG("sk %p", sk); @@ -735,7 +735,7 @@ sec.level = BT_SECURITY_LOW; - len = min_t(unsigned int, sizeof(sec), optlen); + len = min(sizeof(sec), len); if (copy_from_user((char *) &sec, optval, len)) { err = -EFAULT; break; diff -Naur backports-4.2.6-1.org/net/bluetooth/rfcomm/tty.c backports-4.2.6-1/net/bluetooth/rfcomm/tty.c --- backports-4.2.6-1.org/net/bluetooth/rfcomm/tty.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/net/bluetooth/rfcomm/tty.c 2016-01-27 12:26:36.269958751 +0100 @@ -752,7 +752,7 @@ BT_DBG("tty %p id %d", tty, tty->index); BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst, - dev->channel, dev->port.count); + dev->channel, atomic_read(&dev->port.count)); err = tty_port_open(&dev->port, tty, filp); if (err) @@ -775,7 +775,7 @@ struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data; BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, - dev->port.count); + atomic_read(&dev->port.count)); tty_port_close(&dev->port, tty, filp); } diff -Naur backports-4.2.6-1.org/net/ieee802154/6lowpan/core.c backports-4.2.6-1/net/ieee802154/6lowpan/core.c --- backports-4.2.6-1.org/net/ieee802154/6lowpan/core.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/net/ieee802154/6lowpan/core.c 2016-01-27 12:26:36.273292083 +0100 @@ -191,7 +191,7 @@ dev_put(real_dev); } -static struct rtnl_link_ops lowpan_link_ops __read_mostly = { +static struct rtnl_link_ops lowpan_link_ops = { .kind = "lowpan", .priv_size = sizeof(struct lowpan_dev_info), .setup = lowpan_setup, diff -Naur backports-4.2.6-1.org/net/ieee802154/6lowpan/reassembly.c backports-4.2.6-1/net/ieee802154/6lowpan/reassembly.c --- backports-4.2.6-1.org/net/ieee802154/6lowpan/reassembly.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/net/ieee802154/6lowpan/reassembly.c 2016-01-27 12:26:36.273292083 +0100 @@ -435,14 +435,13 @@ static int __net_init lowpan_frags_ns_sysctl_register(struct net *net) { - struct ctl_table *table; + ctl_table_no_const *table = NULL; struct ctl_table_header *hdr; struct netns_ieee802154_lowpan *ieee802154_lowpan = net_ieee802154_lowpan(net); - table = lowpan_frags_ns_ctl_table; if (!net_eq(net, &init_net)) { - table = kmemdup(table, sizeof(lowpan_frags_ns_ctl_table), + table = kmemdup(lowpan_frags_ns_ctl_table, sizeof(lowpan_frags_ns_ctl_table), GFP_KERNEL); if (table == NULL) goto err_alloc; @@ -457,9 +456,9 @@ /* Don't export sysctls to unprivileged users */ if (net->user_ns != &init_user_ns) table[0].procname = NULL; - } - - hdr = register_net_sysctl(net, "net/ieee802154/6lowpan", table); + hdr = register_net_sysctl(net, "net/ieee802154/6lowpan", table); + } else + hdr = register_net_sysctl(net, "net/ieee802154/6lowpan", lowpan_frags_ns_ctl_table); if (hdr == NULL) goto err_reg; @@ -467,8 +466,7 @@ return 0; err_reg: - if (!net_eq(net, &init_net)) - kfree(table); + kfree(table); err_alloc: return -ENOMEM; } diff -Naur backports-4.2.6-1.org/net/mac80211/cfg.c backports-4.2.6-1/net/mac80211/cfg.c --- backports-4.2.6-1.org/net/mac80211/cfg.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/net/mac80211/cfg.c 2016-01-27 12:26:36.286625417 +0100 @@ -580,7 +580,7 @@ ret = ieee80211_vif_use_channel(sdata, chandef, IEEE80211_CHANCTX_EXCLUSIVE); } - } else if (local->open_count == local->monitors) { + } else if (local_read(&local->open_count) == local->monitors) { local->_oper_chandef = *chandef; ieee80211_hw_config(local, 0); } @@ -3488,7 +3488,7 @@ else local->probe_req_reg--; - if (!local->open_count) + if (!local_read(&local->open_count)) break; ieee80211_queue_work(&local->hw, &local->reconfig_filter); @@ -3637,8 +3637,8 @@ if (chanctx_conf) { *chandef = sdata->vif.bss_conf.chandef; ret = 0; - } else if (local->open_count > 0 && - local->open_count == local->monitors && + } else if (local_read(&local->open_count) > 0 && + local_read(&local->open_count) == local->monitors && sdata->vif.type == NL80211_IFTYPE_MONITOR) { if (local->use_chanctx) *chandef = local->monitor_chandef; diff -Naur backports-4.2.6-1.org/net/mac80211/ieee80211_i.h backports-4.2.6-1/net/mac80211/ieee80211_i.h --- backports-4.2.6-1.org/net/mac80211/ieee80211_i.h 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/net/mac80211/ieee80211_i.h 2016-01-27 12:26:36.289958749 +0100 @@ -30,6 +30,7 @@ #include #include #include +#include #include "key.h" #include "sta_info.h" #include "debug.h" @@ -1112,7 +1113,7 @@ /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ spinlock_t queue_stop_reason_lock; - int open_count; + local_t open_count; int monitors, cooked_mntrs; /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, diff -Naur backports-4.2.6-1.org/net/mac80211/iface.c backports-4.2.6-1/net/mac80211/iface.c --- backports-4.2.6-1.org/net/mac80211/iface.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/net/mac80211/iface.c 2016-01-27 12:26:36.289958749 +0100 @@ -550,7 +550,7 @@ break; } - if (local->open_count == 0) { + if (local_read(&local->open_count) == 0) { res = drv_start(local); if (res) goto err_del_bss; @@ -597,7 +597,7 @@ res = drv_add_interface(local, sdata); if (res) goto err_stop; - } else if (local->monitors == 0 && local->open_count == 0) { + } else if (local->monitors == 0 && local_read(&local->open_count) == 0) { res = ieee80211_add_virtual_monitor(local); if (res) goto err_stop; @@ -704,7 +704,7 @@ atomic_inc(&local->iff_allmultis); if (coming_up) - local->open_count++; + local_inc(&local->open_count); if (hw_reconf_flags) ieee80211_hw_config(local, hw_reconf_flags); @@ -742,7 +742,7 @@ err_del_interface: drv_remove_interface(local, sdata); err_stop: - if (!local->open_count) + if (!local_read(&local->open_count)) drv_stop(local); err_del_bss: sdata->bss = NULL; @@ -909,7 +909,7 @@ } if (going_down) - local->open_count--; + local_dec(&local->open_count); switch (sdata->vif.type) { case NL80211_IFTYPE_AP_VLAN: @@ -978,7 +978,7 @@ atomic_set(&sdata->txqs_len[txqi->txq.ac], 0); } - if (local->open_count == 0) + if (local_read(&local->open_count) == 0) ieee80211_clear_tx_pending(local); /* @@ -1021,7 +1021,7 @@ if (cancel_scan) flush_delayed_work(&local->scan_work); - if (local->open_count == 0) { + if (local_read(&local->open_count) == 0) { ieee80211_stop_device(local); /* no reconfiguring after stop! */ @@ -1032,7 +1032,7 @@ ieee80211_configure_filter(local); ieee80211_hw_config(local, hw_reconf_flags); - if (local->monitors == local->open_count) + if (local->monitors == local_read(&local->open_count)) ieee80211_add_virtual_monitor(local); } @@ -1905,8 +1905,8 @@ */ cfg80211_shutdown_all_interfaces(local->hw.wiphy); - WARN(local->open_count, "%s: open count remains %d\n", - wiphy_name(local->hw.wiphy), local->open_count); + WARN(local_read(&local->open_count), "%s: open count remains %ld\n", + wiphy_name(local->hw.wiphy), local_read(&local->open_count)); mutex_lock(&local->iflist_mtx); list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) { diff -Naur backports-4.2.6-1.org/net/mac80211/main.c backports-4.2.6-1/net/mac80211/main.c --- backports-4.2.6-1.org/net/mac80211/main.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/net/mac80211/main.c 2016-01-27 12:26:36.289958749 +0100 @@ -172,7 +172,7 @@ changed &= ~(IEEE80211_CONF_CHANGE_CHANNEL | IEEE80211_CONF_CHANGE_POWER); - if (changed && local->open_count) { + if (changed && local_read(&local->open_count)) { ret = drv_config(local, changed); /* * Goal: diff -Naur backports-4.2.6-1.org/net/mac80211/pm.c backports-4.2.6-1/net/mac80211/pm.c --- backports-4.2.6-1.org/net/mac80211/pm.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/net/mac80211/pm.c 2016-01-27 12:26:36.289958749 +0100 @@ -12,7 +12,7 @@ struct ieee80211_sub_if_data *sdata; struct sta_info *sta; - if (!local->open_count) + if (!local_read(&local->open_count)) goto suspend; ieee80211_scan_cancel(local); @@ -166,7 +166,7 @@ WARN_ON(!list_empty(&local->chanctx_list)); /* stop hardware - this must stop RX */ - if (local->open_count) + if (local_read(&local->open_count)) ieee80211_stop_device(local); suspend: diff -Naur backports-4.2.6-1.org/net/mac80211/rate.c backports-4.2.6-1/net/mac80211/rate.c --- backports-4.2.6-1.org/net/mac80211/rate.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/net/mac80211/rate.c 2016-01-27 12:26:36.289958749 +0100 @@ -730,7 +730,7 @@ ASSERT_RTNL(); - if (local->open_count) + if (local_read(&local->open_count)) return -EBUSY; if (ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL)) { diff -Naur backports-4.2.6-1.org/net/mac80211/sta_info.c backports-4.2.6-1/net/mac80211/sta_info.c --- backports-4.2.6-1.org/net/mac80211/sta_info.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/net/mac80211/sta_info.c 2016-01-27 12:26:36.289958749 +0100 @@ -341,7 +341,7 @@ int size = sizeof(struct txq_info) + ALIGN(hw->txq_data_size, sizeof(void *)); - txq_data = kcalloc(ARRAY_SIZE(sta->sta.txq), size, gfp); + txq_data = kcalloc(size, ARRAY_SIZE(sta->sta.txq), gfp); if (!txq_data) goto free; diff -Naur backports-4.2.6-1.org/net/mac80211/util.c backports-4.2.6-1/net/mac80211/util.c --- backports-4.2.6-1.org/net/mac80211/util.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/net/mac80211/util.c 2016-01-27 12:26:36.289958749 +0100 @@ -1761,7 +1761,7 @@ bool sched_scan_stopped = false; /* nothing to do if HW shouldn't run */ - if (!local->open_count) + if (!local_read(&local->open_count)) goto wake_up; #ifdef CONFIG_PM @@ -2033,7 +2033,7 @@ local->in_reconfig = false; barrier(); - if (local->monitors == local->open_count && local->monitors > 0) + if (local->monitors == local_read(&local->open_count) && local->monitors > 0) ieee80211_add_virtual_monitor(local); /* @@ -2088,7 +2088,7 @@ * If this is for hw restart things are still running. * We may want to change that later, however. */ - if (local->open_count && (!local->suspended || reconfig_due_to_wowlan)) + if (local_read(&local->open_count) && (!local->suspended || reconfig_due_to_wowlan)) drv_reconfig_complete(local, IEEE80211_RECONFIG_TYPE_RESTART); if (!local->suspended) @@ -2112,7 +2112,7 @@ flush_delayed_work(&local->scan_work); } - if (local->open_count && !reconfig_due_to_wowlan) + if (local_read(&local->open_count) && !reconfig_due_to_wowlan) drv_reconfig_complete(local, IEEE80211_RECONFIG_TYPE_SUSPEND); list_for_each_entry(sdata, &local->interfaces, list) { diff -Naur backports-4.2.6-1.org/net/wireless/wext-core.c backports-4.2.6-1/net/wireless/wext-core.c --- backports-4.2.6-1.org/net/wireless/wext-core.c 2015-11-15 22:19:40.000000000 +0100 +++ backports-4.2.6-1/net/wireless/wext-core.c 2016-01-27 12:26:36.303292082 +0100 @@ -748,8 +748,7 @@ */ /* Support for very large requests */ - if ((descr->flags & IW_DESCR_FLAG_NOMAX) && - (user_length > descr->max_tokens)) { + if (user_length > descr->max_tokens) { /* Allow userspace to GET more than max so * we can support any size GET requests. * There is still a limit : -ENOMEM. @@ -788,22 +787,6 @@ } } - if (IW_IS_GET(cmd) && !(descr->flags & IW_DESCR_FLAG_NOMAX)) { - /* - * If this is a GET, but not NOMAX, it means that the extra - * data is not bounded by userspace, but by max_tokens. Thus - * set the length to max_tokens. This matches the extra data - * allocation. - * The driver should fill it with the number of tokens it - * provided, and it may check iwp->length rather than having - * knowledge of max_tokens. If the driver doesn't change the - * iwp->length, this ioctl just copies back max_token tokens - * filled with zeroes. Hopefully the driver isn't claiming - * them to be valid data. - */ - iwp->length = descr->max_tokens; - } - err = handler(dev, info, (union iwreq_data *) iwp, extra); iwp->length += essid_compat; diff -Naur backports-4.2.6-1.org/scripts/gcc-plugin.sh backports-4.2.6-1/scripts/gcc-plugin.sh --- backports-4.2.6-1.org/scripts/gcc-plugin.sh 1970-01-01 01:00:00.000000000 +0100 +++ backports-4.2.6-1/scripts/gcc-plugin.sh 2016-01-27 12:26:36.303292082 +0100 @@ -0,0 +1,51 @@ +#!/bin/sh +srctree=$(dirname "$0") +gccplugins_dir=$($3 -print-file-name=plugin) +plugincc=$($1 -E -x c++ - -o /dev/null -I"${srctree}"/../tools/gcc -I"${gccplugins_dir}"/include 2>&1 <= 4008 || defined(ENABLE_BUILD_WITH_CXX) +#warning $2 CXX +#else +#warning $1 CC +#endif +EOF +) + +if [ $? -ne 0 ] +then + exit 1 +fi + +case "$plugincc" in + *"$1 CC"*) + echo "$1" + exit 0 + ;; + + *"$2 CXX"*) + # the c++ compiler needs another test, see below + ;; + + *) + exit 1 + ;; +esac + +# we need a c++ compiler that supports the designated initializer GNU extension +plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I"${srctree}"/../tools/gcc -I"${gccplugins_dir}"/include 2>&1 <