diff options
author | Tim Yamin <plasmaroo@gentoo.org> | 2005-08-15 16:58:58 +0000 |
---|---|---|
committer | Tim Yamin <plasmaroo@gentoo.org> | 2005-08-15 16:58:58 +0000 |
commit | efd7269fb4219d958feb03cbb2212e0cfa364eb4 (patch) | |
tree | 1794fb1d210a0ebb5f77c57865c29faa0c8525c4 /sys-kernel/usermode-sources | |
parent | Removing win4lin-sources; in need of maintainer due to security issues and no... (diff) | |
download | historical-efd7269fb4219d958feb03cbb2212e0cfa364eb4.tar.gz historical-efd7269fb4219d958feb03cbb2212e0cfa364eb4.tar.bz2 historical-efd7269fb4219d958feb03cbb2212e0cfa364eb4.zip |
Remove 2.4 due to open security issues and lack of a maintainer.
Package-Manager: portage-2.0.51.22-r2
Diffstat (limited to 'sys-kernel/usermode-sources')
24 files changed, 25 insertions, 2497 deletions
diff --git a/sys-kernel/usermode-sources/ChangeLog b/sys-kernel/usermode-sources/ChangeLog index f93c1d3730f3..2035a1117ac7 100644 --- a/sys-kernel/usermode-sources/ChangeLog +++ b/sys-kernel/usermode-sources/ChangeLog @@ -1,6 +1,30 @@ # ChangeLog for sys-kernel/usermode-sources # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/ChangeLog,v 1.69 2005/07/13 14:55:54 dsd Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/ChangeLog,v 1.70 2005/08/15 16:58:58 plasmaroo Exp $ + + 15 Aug 2005; <plasmaroo@gentoo.org> -usermode-sources-2.4.27.ebuild, + -files/usermode-sources-2.4.26.CAN-2004-0394.patch, + -files/usermode-sources-2.4.27.CAN-2004-1295.patch, + -files/usermode-sources-2.4.77094.patch, + -files/usermode-sources-2.4.77666.patch, + -files/usermode-sources-2.4.78362.patch, + -files/usermode-sources-2.4.78363.patch, + -files/usermode-sources-2.4.CAN-2004-0495.patch, + -files/usermode-sources-2.4.CAN-2004-0535.patch, + -files/usermode-sources-2.4.CAN-2004-0685.patch, + -files/usermode-sources-2.4.CAN-2004-1016.patch, + -files/usermode-sources-2.4.CAN-2004-1056.patch, + -files/usermode-sources-2.4.CAN-2004-1137.patch, + -files/usermode-sources-2.4.FPULockup-53804.patch, + -files/usermode-sources-2.4.XDRWrapFix.patch, + -files/usermode-sources-2.4.binfmt_a.out.patch, + -files/usermode-sources-2.4.binfmt_elf.patch, + -files/usermode-sources-2.4.brk-locked.patch, + -files/usermode-sources-2.4.cmdlineLeak.patch, + -files/usermode-sources-2.4.smbfs.patch, + -files/usermode-sources-2.4.vma.patch, + -files/usermode-sources.AF_UNIX.patch: + Remove 2.4 due to open security issues and lack of a maintainer. *usermode-sources-2.6.12-r1 (13 Jul 2005) diff --git a/sys-kernel/usermode-sources/files/digest-usermode-sources-2.4.27 b/sys-kernel/usermode-sources/files/digest-usermode-sources-2.4.27 deleted file mode 100644 index 776bed92577e..000000000000 --- a/sys-kernel/usermode-sources/files/digest-usermode-sources-2.4.27 +++ /dev/null @@ -1,2 +0,0 @@ -MD5 59a2e6fde1d110e2ffa20351ac8b4d9e linux-2.4.27.tar.bz2 30898453 -MD5 63178bbd3a383a1005738f4628ff583e uml-patch-2.4.27-1.bz2 206975 diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.26.CAN-2004-0394.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.26.CAN-2004-0394.patch deleted file mode 100644 index 273f1a52046f..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.26.CAN-2004-0394.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- linux-2.4.22-oM3-orig/kernel/panic.c Tue Mar 30 15:37:18 2004 -+++ linux-2.4.22-oM3-mod/kernel/panic.c Mon May 17 18:44:01 2004 -@@ -51,7 +51,7 @@ - - bust_spinlocks(1); - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - printk(KERN_EMERG "Kernel panic: %s\n",buf); - if (in_interrupt()) diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.27.CAN-2004-1295.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.27.CAN-2004-1295.patch deleted file mode 100644 index 816bebdf9c8b..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.27.CAN-2004-1295.patch +++ /dev/null @@ -1,29 +0,0 @@ ---- linux-2.4.27-1um.old/arch/um/drivers/slip_user.c 2005-03-07 09:59:14.000000000 -0500 -+++ linux-2.4.27-1um.new/arch/um/drivers/slip_user.c 2005-03-07 11:55:25.000000000 -0500 -@@ -108,6 +108,9 @@ - err = -EINVAL; - } - } -+ -+ os_close_file(fds[0]); -+ - return(err); - } - -@@ -128,6 +131,7 @@ - sfd = os_open_file(ptsname(mfd), of_rdwr(OPENFLAGS()), 0); - if(sfd < 0){ - printk("Couldn't open tty for slip line, err = %d\n", -sfd); -+ os_close_file(mfd); - return(sfd); - } - if(set_up_tty(sfd)) return(-1); -@@ -175,7 +179,7 @@ - - sprintf(version_buf, "%d", UML_NET_VERSION); - -- err = slip_tramp(argv, -1); -+ err = slip_tramp(argv, pri->slave); - - if(err != 0) - printk("slip_tramp failed - errno = %d\n", -err); diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.77094.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.77094.patch deleted file mode 100644 index cc3a1552c83d..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.77094.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ur linux-2.4.28/drivers/char/random.c linux-2.4.28.plasmaroo/drivers/char/random.c ---- linux-2.4.28/drivers/char/random.c 2004-11-17 11:54:21.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/random.c 2005-01-08 02:54:49.198635736 +0000 -@@ -1787,7 +1787,7 @@ - void *oldval, size_t *oldlenp, - void *newval, size_t newlen, void **context) - { -- int len; -+ size_t len; - - sysctl_poolsize = random_state->poolinfo.POOLBYTES; - diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.77666.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.77666.patch deleted file mode 100644 index 6b687788f912..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.77666.patch +++ /dev/null @@ -1,44 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2005/01/12 09:14:50-02:00 marcelo.tosatti@cyclades.com -# [PATCH] Fix expand_stack() SMP race -# -# Description: Fix expand_stack() SMP race -# -# Two threads sharing the same VMA can race in expand_stack, resulting in incorrect VMA -# size accounting and possibly a "uncovered-by-VMA" pte leak. -# -# Fix is to check if the stack has already been expanded after acquiring a lock which -# guarantees exclusivity (page_table_lock in v2.4 and vma_anon lock in v2.6). -# -# include/linux/mm.h -# 2005/01/07 14:51:21-02:00 marcelo.tosatti@cyclades.com +10 -3 -# Fix expand_stack() SMP race -# -diff -Nru a/include/linux/mm.h b/include/linux/mm.h ---- a/include/linux/mm.h 2005-01-13 04:59:30 -08:00 -+++ b/include/linux/mm.h 2005-01-13 04:59:30 -08:00 -@@ -648,12 +648,19 @@ - unsigned long grow; - - /* -- * vma->vm_start/vm_end cannot change under us because the caller is required -- * to hold the mmap_sem in write mode. We need to get the spinlock only -- * before relocating the vma range ourself. -+ * vma->vm_start/vm_end cannot change under us because the caller -+ * is required to hold the mmap_sem in read mode. We need the -+ * page_table_lock lock to serialize against concurrent expand_stacks. - */ - address &= PAGE_MASK; - spin_lock(&vma->vm_mm->page_table_lock); -+ -+ /* already expanded while we were spinning? */ -+ if (vma->vm_start <= address) { -+ spin_unlock(&vma->vm_mm->page_table_lock); -+ return 0; -+ } -+ - grow = (vma->vm_start - address) >> PAGE_SHIFT; - if (vma->vm_end - address > current->rlim[RLIMIT_STACK].rlim_cur || - ((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > current->rlim[RLIMIT_AS].rlim_cur) { diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.78362.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.78362.patch deleted file mode 100644 index a55aba8a0938..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.78362.patch +++ /dev/null @@ -1,274 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/12/08 13:33:08-08:00 davem@nuts.davemloft.net -# [NET]: CMSG compat code needs signedness fixes too. -# -# Signed-off-by: David S. Miller <davem@davemloft.net> -# -# arch/ia64/ia32/sys_ia32.c -# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -4 -# [NET]: CMSG compat code needs signedness fixes too. -# -# arch/mips64/kernel/linux32.c -# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +7 -5 -# [NET]: CMSG compat code needs signedness fixes too. -# -# arch/parisc/kernel/sys_parisc32.c -# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -5 -# [NET]: CMSG compat code needs signedness fixes too. -# -# arch/ppc64/kernel/sys_ppc32.c -# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -5 -# [NET]: CMSG compat code needs signedness fixes too. -# -# arch/s390x/kernel/linux32.c -# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -5 -# [NET]: CMSG compat code needs signedness fixes too. -# -# arch/sparc64/kernel/sys_sparc32.c -# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -5 -# [NET]: CMSG compat code needs signedness fixes too. -# -# arch/x86_64/ia32/socket32.c -# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +2 -5 -# [NET]: CMSG compat code needs signedness fixes too. -# -# include/asm-x86_64/socket32.h -# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +5 -0 -# [NET]: CMSG compat code needs signedness fixes too. -# -# ChangeSet -# 2004/12/15 09:25:31-02:00 marcelo@logos.cnet -# [PATCH] Make sure VC resizing fits in s16 -# -# Noted by George Guninski -# -# drivers/char/console.c -# 2004/12/15 10:58:17-02:00 marcelo@logos.cnet +6 -0 -# Import patch vc-patch -# -diff -Nru a/arch/ia64/ia32/sys_ia32.c b/arch/ia64/ia32/sys_ia32.c ---- a/arch/ia64/ia32/sys_ia32.c 2005-02-15 11:50:28 -08:00 -+++ b/arch/ia64/ia32/sys_ia32.c 2005-02-15 11:50:28 -08:00 -@@ -1369,6 +1369,11 @@ - #define __CMSG32_FIRSTHDR(ctl,len) \ - ((len) >= sizeof(struct cmsghdr32) ? (struct cmsghdr32 *)(ctl) : (struct cmsghdr32 *)NULL) - #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen) -+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \ -+ ((ucmlen) >= sizeof(struct cmsghdr) && \ -+ (ucmlen) <= (unsigned long) \ -+ ((mhdr)->msg_controllen - \ -+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control))) - - static inline struct cmsghdr32 * - __cmsg32_nxthdr (void *ctl, __kernel_size_t size, struct cmsghdr32 *cmsg, int cmsg_len) -@@ -1429,10 +1434,7 @@ - return -EFAULT; - - /* Catch bogons. */ -- if (CMSG32_ALIGN(ucmlen) < CMSG32_ALIGN(sizeof(struct cmsghdr32))) -- return -EINVAL; -- if ((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control) + ucmlen) -- > kmsg->msg_controllen) -+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg)) - return -EINVAL; - - tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) + -diff -Nru a/arch/mips64/kernel/linux32.c b/arch/mips64/kernel/linux32.c ---- a/arch/mips64/kernel/linux32.c 2005-02-15 11:50:28 -08:00 -+++ b/arch/mips64/kernel/linux32.c 2005-02-15 11:50:28 -08:00 -@@ -2483,6 +2483,12 @@ - (struct cmsghdr32 *)(ctl) : \ - (struct cmsghdr32 *)NULL) - #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen) -+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \ -+ ((ucmlen) >= sizeof(struct cmsghdr) && \ -+ (ucmlen) <= (unsigned long) \ -+ ((mhdr)->msg_controllen - \ -+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control))) -+ - - __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size, - struct cmsghdr32 *__cmsg, int __cmsg_len) -@@ -2623,11 +2629,7 @@ - return -EFAULT; - - /* Catch bogons. */ -- if(CMSG32_ALIGN(ucmlen) < -- CMSG32_ALIGN(sizeof(struct cmsghdr32))) -- return -ENOBUFS; -- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control) -- + ucmlen) > kmsg->msg_controllen) -+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg)) - return -EINVAL; - - tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) + -diff -Nru a/arch/parisc/kernel/sys_parisc32.c b/arch/parisc/kernel/sys_parisc32.c ---- a/arch/parisc/kernel/sys_parisc32.c 2005-02-15 11:50:28 -08:00 -+++ b/arch/parisc/kernel/sys_parisc32.c 2005-02-15 11:50:28 -08:00 -@@ -1814,6 +1814,11 @@ - (struct cmsghdr32 *)(ctl) : \ - (struct cmsghdr32 *)NULL) - #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen) -+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \ -+ ((ucmlen) >= sizeof(struct cmsghdr) && \ -+ (ucmlen) <= (unsigned long) \ -+ ((mhdr)->msg_controllen - \ -+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control))) - - __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size, - struct cmsghdr32 *__cmsg, int __cmsg_len) -@@ -1940,11 +1945,7 @@ - return -EFAULT; - - /* Catch bogons. */ -- if(CMSG32_ALIGN(ucmlen) < -- CMSG32_ALIGN(sizeof(struct cmsghdr32))) -- return -EINVAL; -- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control) -- + ucmlen) > kmsg->msg_controllen) -+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg)) - return -EINVAL; - - tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) + -diff -Nru a/arch/ppc64/kernel/sys_ppc32.c b/arch/ppc64/kernel/sys_ppc32.c ---- a/arch/ppc64/kernel/sys_ppc32.c 2005-02-15 11:50:28 -08:00 -+++ b/arch/ppc64/kernel/sys_ppc32.c 2005-02-15 11:50:28 -08:00 -@@ -3273,6 +3273,11 @@ - (struct cmsghdr32 *)(ctl) : \ - (struct cmsghdr32 *)NULL) - #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen) -+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \ -+ ((ucmlen) >= sizeof(struct cmsghdr) && \ -+ (ucmlen) <= (unsigned long) \ -+ ((mhdr)->msg_controllen - \ -+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control))) - - struct msghdr32 - { -@@ -3448,11 +3453,7 @@ - return -EFAULT; - - /* Catch bogons. */ -- if(CMSG32_ALIGN(ucmlen) < -- CMSG32_ALIGN(sizeof(struct cmsghdr32))) -- return -EINVAL; -- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control) -- + ucmlen) > kmsg->msg_controllen) -+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg)) - return -EINVAL; - - tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) + -diff -Nru a/arch/s390x/kernel/linux32.c b/arch/s390x/kernel/linux32.c ---- a/arch/s390x/kernel/linux32.c 2005-02-15 11:50:28 -08:00 -+++ b/arch/s390x/kernel/linux32.c 2005-02-15 11:50:28 -08:00 -@@ -2306,6 +2306,11 @@ - (struct cmsghdr32 *)(ctl) : \ - (struct cmsghdr32 *)NULL) - #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen) -+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \ -+ ((ucmlen) >= sizeof(struct cmsghdr) && \ -+ (ucmlen) <= (unsigned long) \ -+ ((mhdr)->msg_controllen - \ -+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control))) - - __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size, - struct cmsghdr32 *__cmsg, int __cmsg_len) -@@ -2432,11 +2437,7 @@ - return -EFAULT; - - /* Catch bogons. */ -- if(CMSG32_ALIGN(ucmlen) < -- CMSG32_ALIGN(sizeof(struct cmsghdr32))) -- return -EINVAL; -- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control) -- + ucmlen) > kmsg->msg_controllen) -+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg)) - return -EINVAL; - - tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) + -diff -Nru a/arch/sparc64/kernel/sys_sparc32.c b/arch/sparc64/kernel/sys_sparc32.c ---- a/arch/sparc64/kernel/sys_sparc32.c 2005-02-15 11:50:28 -08:00 -+++ b/arch/sparc64/kernel/sys_sparc32.c 2005-02-15 11:50:28 -08:00 -@@ -2354,6 +2354,11 @@ - (struct cmsghdr32 *)(ctl) : \ - (struct cmsghdr32 *)NULL) - #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen) -+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \ -+ ((ucmlen) >= sizeof(struct cmsghdr) && \ -+ (ucmlen) <= (unsigned long) \ -+ ((mhdr)->msg_controllen - \ -+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control))) - - __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size, - struct cmsghdr32 *__cmsg, int __cmsg_len) -@@ -2480,11 +2485,7 @@ - return -EFAULT; - - /* Catch bogons. */ -- if(CMSG32_ALIGN(ucmlen) < -- CMSG32_ALIGN(sizeof(struct cmsghdr32))) -- return -EINVAL; -- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control) -- + ucmlen) > kmsg->msg_controllen) -+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg)) - return -EINVAL; - - tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) + -diff -Nru a/arch/x86_64/ia32/socket32.c b/arch/x86_64/ia32/socket32.c ---- a/arch/x86_64/ia32/socket32.c 2005-02-15 11:50:28 -08:00 -+++ b/arch/x86_64/ia32/socket32.c 2005-02-15 11:50:28 -08:00 -@@ -136,12 +136,9 @@ - return -EFAULT; - - /* Catch bogons. */ -- if(CMSG32_ALIGN(ucmlen) < -- CMSG32_ALIGN(sizeof(struct cmsghdr32))) -- return -EINVAL; -- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control) -- + ucmlen) > kmsg->msg_controllen) -+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg)) - return -EINVAL; -+ - if (kmsg->msg_controllen > 65536) - return -EINVAL; - -diff -Nru a/include/asm-x86_64/socket32.h b/include/asm-x86_64/socket32.h ---- a/include/asm-x86_64/socket32.h 2005-02-15 11:50:28 -08:00 -+++ b/include/asm-x86_64/socket32.h 2005-02-15 11:50:28 -08:00 -@@ -45,6 +45,11 @@ - (struct cmsghdr32 *)(ctl) : \ - (struct cmsghdr32 *)NULL) - #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen) -+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \ -+ ((ucmlen) >= sizeof(struct cmsghdr) && \ -+ (ucmlen) <= (unsigned long) \ -+ ((mhdr)->msg_controllen - \ -+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control))) - - __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size, - struct cmsghdr32 *__cmsg, int __cmsg_len) -diff -Nru a/drivers/char/console.c b/drivers/char/console.c ---- a/drivers/char/console.c 2005-02-15 11:52:04 -08:00 -+++ b/drivers/char/console.c 2005-02-15 11:52:04 -08:00 -@@ -705,6 +705,9 @@ - return 0; - } - -+#define VC_RESIZE_MAXCOL (32767) -+#define VC_RESIZE_MAXROW (32767) -+ - /* - * Change # of rows and columns (0 means unchanged/the size of fg_console) - * [this is to be used together with some user program -@@ -716,6 +719,9 @@ - unsigned int cc, ll, ss, sr, todo = 0; - unsigned int currcons = fg_console, i; - unsigned short *newscreens[MAX_NR_CONSOLES]; -+ -+ if (cols > VC_RESIZE_MAXCOL || lines > VC_RESIZE_MAXROW) -+ return -EINVAL; - - cc = (cols ? cols : video_num_columns); - ll = (lines ? lines : video_num_lines); diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.78363.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.78363.patch deleted file mode 100644 index 852807ddc96f..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.78363.patch +++ /dev/null @@ -1,29 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/12/08 12:39:15-08:00 davem@nuts.davemloft.net -# [IPV4]: Do not leak IP options. -# -# If the user makes ip_cmsg_send call ip_options_get -# multiple times, we leak kmalloced IP options data. -# -# Noticed by Georgi Guninski. -# -# Signed-off-by: David S. Miller <davem@davemloft.net> -# -# net/ipv4/ip_options.c -# 2004/12/08 12:38:09-08:00 davem@nuts.davemloft.net +2 -0 -# [IPV4]: Do not leak IP options. -# -diff -Nru a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c ---- a/net/ipv4/ip_options.c 2005-02-15 11:47:16 -08:00 -+++ b/net/ipv4/ip_options.c 2005-02-15 11:47:16 -08:00 -@@ -515,6 +515,8 @@ - kfree(opt); - return -EINVAL; - } -+ if (*optp) -+ kfree(*optp); - *optp = opt; - return 0; - } diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0495.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0495.patch deleted file mode 100644 index bea80eac69a9..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0495.patch +++ /dev/null @@ -1,655 +0,0 @@ ---- linux/net/decnet/dn_dev.c.bak Wed Jun 16 14:42:24 2004 -+++ linux/net/decnet/dn_dev.c Wed Jun 16 14:42:34 2004 -@@ -1070,31 +1070,39 @@ int dnet_gifconf(struct net_device *dev, - { - struct dn_dev *dn_db = (struct dn_dev *)dev->dn_ptr; - struct dn_ifaddr *ifa; -- struct ifreq *ifr = (struct ifreq *)buf; -+ char buffer[DN_IFREQ_SIZE]; -+ struct ifreq *ifr = (struct ifreq *)buffer; -+ struct sockaddr_dn *addr = (struct sockaddr_dn *)&ifr->ifr_addr; - int done = 0; - - if ((dn_db == NULL) || ((ifa = dn_db->ifa_list) == NULL)) - return 0; - - for(; ifa; ifa = ifa->ifa_next) { -- if (!ifr) { -+ if (!buf) { - done += sizeof(DN_IFREQ_SIZE); - continue; - } - if (len < DN_IFREQ_SIZE) - return done; -- memset(ifr, 0, DN_IFREQ_SIZE); -+ memset(buffer, 0, DN_IFREQ_SIZE); - - if (ifa->ifa_label) - strcpy(ifr->ifr_name, ifa->ifa_label); - else - strcpy(ifr->ifr_name, dev->name); - -- (*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_family = AF_DECnet; -- (*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_add.a_len = 2; -- (*(dn_address *)(*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_add.a_addr) = ifa->ifa_local; -+ addr->sdn_family = AF_DECnet; -+ addr->sdn_add.a_len = 2; -+ memcpy(addr->sdn_add.a_addr, &ifa->ifa_local, -+ sizeof(dn_address)); - -- ifr = (struct ifreq *)((char *)ifr + DN_IFREQ_SIZE); -+ if (copy_to_user(buf, buffer, DN_IFREQ_SIZE)) { -+ done = -EFAULT; -+ break; -+ } -+ -+ buf += DN_IFREQ_SIZE; - len -= DN_IFREQ_SIZE; - done += DN_IFREQ_SIZE; - } ---- linux-2.4.21/drivers/net/wireless/airo.c 2003-06-13 15:51:35.000000000 +0100 -+++ linux-2.4.21/drivers/net/wireless/airo.c.plasmaroo 2004-06-24 11:09:08.260352168 +0100 -@@ -3012,19 +3012,22 @@ - size_t len, - loff_t *offset ) - { -- int i; -- int pos; -+ loff_t pos = *offset; - struct proc_data *priv = (struct proc_data*)file->private_data; - -- if( !priv->rbuffer ) return -EINVAL; -+ if (!priv->rbuffer) -+ return -EINVAL; - -- pos = *offset; -- for( i = 0; i+pos < priv->readlen && i < len; i++ ) { -- if (put_user( priv->rbuffer[i+pos], buffer+i )) -- return -EFAULT; -- } -- *offset += i; -- return i; -+ if (pos < 0) -+ return -EINVAL; -+ if (pos >= priv->readlen) -+ return 0; -+ if (len > priv->readlen - pos) -+ len = priv->readlen - pos; -+ if (copy_to_user(buffer, priv->rbuffer + pos, len)) -+ return -EFAULT; -+ *offset = pos + len; -+ return len; - } - - /* -@@ -3036,24 +3039,24 @@ - size_t len, - loff_t *offset ) - { -- int i; -- int pos; -+ loff_t pos = *offset; - struct proc_data *priv = (struct proc_data*)file->private_data; - -- if ( !priv->wbuffer ) { -+ if (!priv->wbuffer) - return -EINVAL; -- } -- -- pos = *offset; - -- for( i = 0; i + pos < priv->maxwritelen && -- i < len; i++ ) { -- if (get_user( priv->wbuffer[i+pos], buffer + i )) -- return -EFAULT; -- } -- if ( i+pos > priv->writelen ) priv->writelen = i+file->f_pos; -- *offset += i; -- return i; -+ if (pos < 0) -+ return -EINVAL; -+ if (pos >= priv->maxwritelen) -+ return 0; -+ if (len > priv->maxwritelen - pos) -+ len = priv->maxwritelen - pos; -+ if (copy_from_user(priv->wbuffer + pos, buffer, len)) -+ return -EFAULT; -+ if (pos + len > priv->writelen) -+ priv->writelen = pos + len; -+ *offset = pos + len; -+ return len; - } - - static int proc_status_open( struct inode *inode, struct file *file ) { ---- linux/drivers/sound/mpu401.c.bak Wed Jun 16 14:42:24 2004 -+++ linux/drivers/sound/mpu401.c Wed Jun 16 14:42:34 2004 -@@ -1493,14 +1493,16 @@ static unsigned long mpu_timer_get_time( - static int mpu_timer_ioctl(int dev, unsigned int command, caddr_t arg) - { - int midi_dev = sound_timer_devs[dev]->devlink; -+ int *p = (int *)arg; - - switch (command) - { - case SNDCTL_TMR_SOURCE: - { - int parm; -- -- parm = *(int *) arg; -+ -+ if (get_user(parm, p)) -+ return -EFAULT; - parm &= timer_caps; - - if (parm != 0) -@@ -1512,7 +1514,9 @@ static int mpu_timer_ioctl(int dev, unsi - else if (timer_mode & TMR_MODE_SMPTE) - mpu_cmd(midi_dev, 0x3d, 0); /* Use SMPTE sync */ - } -- return (*(int *) arg = timer_mode); -+ if (put_user(timer_mode, p)) -+ return -EFAULT; -+ return timer_mode; - } - break; - -@@ -1537,10 +1541,13 @@ static int mpu_timer_ioctl(int dev, unsi - { - int val; - -- val = *(int *) arg; -+ if (get_user(val, p)) -+ return -EFAULT; - if (val) - set_timebase(midi_dev, val); -- return (*(int *) arg = curr_timebase); -+ if (put_user(curr_timebase, p)) -+ return -EFAULT; -+ return curr_timebase; - } - break; - -@@ -1549,7 +1556,8 @@ static int mpu_timer_ioctl(int dev, unsi - int val; - int ret; - -- val = *(int *) arg; -+ if (get_user(val, p)) -+ return -EFAULT; - - if (val) - { -@@ -1564,7 +1572,9 @@ static int mpu_timer_ioctl(int dev, unsi - } - curr_tempo = val; - } -- return (*(int *) arg = curr_tempo); -+ if (put_user(curr_tempo, p)) -+ return -EFAULT; -+ return curr_tempo; - } - break; - -@@ -1572,18 +1582,25 @@ static int mpu_timer_ioctl(int dev, unsi - { - int val; - -- val = *(int *) arg; -+ if (get_user(val, p)) -+ return -EFAULT; - if (val != 0) /* Can't change */ - return -EINVAL; -- return (*(int *) arg = ((curr_tempo * curr_timebase) + 30) / 60); -+ val = (curr_tempo * curr_timebase + 30) / 60; -+ if (put_user(val, p)) -+ return -EFAULT; -+ return val; - } - break; - - case SNDCTL_SEQ_GETTIME: -- return (*(int *) arg = curr_ticks); -+ if (put_user(curr_ticks, p)) -+ return -EFAULT; -+ return curr_ticks; - - case SNDCTL_TMR_METRONOME: -- metronome_mode = *(int *) arg; -+ if (get_user(metronome_mode, p)) -+ return -EFAULT; - setup_metronome(midi_dev); - return 0; - ---- linux/drivers/sound/msnd.c.bak Wed Jun 16 14:42:24 2004 -+++ linux/drivers/sound/msnd.c Wed Jun 16 14:42:34 2004 -@@ -155,13 +155,10 @@ void msnd_fifo_make_empty(msnd_fifo *f) - f->len = f->tail = f->head = 0; - } - --int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len, int user) -+int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len) - { - int count = 0; - -- if (f->len == f->n) -- return 0; -- - while ((count < len) && (f->len != f->n)) { - - int nwritten; -@@ -177,11 +174,7 @@ int msnd_fifo_write(msnd_fifo *f, const - nwritten = len - count; - } - -- if (user) { -- if (copy_from_user(f->data + f->tail, buf, nwritten)) -- return -EFAULT; -- } else -- isa_memcpy_fromio(f->data + f->tail, (unsigned long) buf, nwritten); -+ isa_memcpy_fromio(f->data + f->tail, (unsigned long) buf, nwritten); - - count += nwritten; - buf += nwritten; -@@ -193,13 +186,10 @@ int msnd_fifo_write(msnd_fifo *f, const - return count; - } - --int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len, int user) -+int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len) - { - int count = 0; - -- if (f->len == 0) -- return f->len; -- - while ((count < len) && (f->len > 0)) { - - int nread; -@@ -215,11 +205,7 @@ int msnd_fifo_read(msnd_fifo *f, char *b - nread = len - count; - } - -- if (user) { -- if (copy_to_user(buf, f->data + f->head, nread)) -- return -EFAULT; -- } else -- isa_memcpy_toio((unsigned long) buf, f->data + f->head, nread); -+ isa_memcpy_toio((unsigned long) buf, f->data + f->head, nread); - - count += nread; - buf += nread; ---- linux/drivers/sound/msnd.h.bak Wed Jun 16 14:42:24 2004 -+++ linux/drivers/sound/msnd.h Wed Jun 16 14:42:34 2004 -@@ -266,8 +266,8 @@ void msnd_fifo_init(msnd_fifo *f); - void msnd_fifo_free(msnd_fifo *f); - int msnd_fifo_alloc(msnd_fifo *f, size_t n); - void msnd_fifo_make_empty(msnd_fifo *f); --int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len, int user); --int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len, int user); -+int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len); -+int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len); - - int msnd_wait_TXDE(multisound_dev_t *dev); - int msnd_wait_HC0(multisound_dev_t *dev); ---- linux/drivers/sound/msnd_pinnacle.c.bak Wed Jun 16 14:42:24 2004 -+++ linux/drivers/sound/msnd_pinnacle.c Wed Jun 16 14:42:34 2004 -@@ -804,7 +804,7 @@ static int dev_release(struct inode *ino - - static __inline__ int pack_DARQ_to_DARF(register int bank) - { -- register int size, n, timeout = 3; -+ register int size, timeout = 3; - register WORD wTmp; - LPDAQD DAQD; - -@@ -825,13 +825,10 @@ static __inline__ int pack_DARQ_to_DARF( - /* Read data from the head (unprotected bank 1 access okay - since this is only called inside an interrupt) */ - outb(HPBLKSEL_1, dev.io + HP_BLKS); -- if ((n = msnd_fifo_write( -+ msnd_fifo_write( - &dev.DARF, - (char *)(dev.base + bank * DAR_BUFF_SIZE), -- size, 0)) <= 0) { -- outb(HPBLKSEL_0, dev.io + HP_BLKS); -- return n; -- } -+ size); - outb(HPBLKSEL_0, dev.io + HP_BLKS); - - return 1; -@@ -853,21 +850,16 @@ static __inline__ int pack_DAPF_to_DAPQ( - if (protect) { - /* Critical section: protect fifo in non-interrupt */ - spin_lock_irqsave(&dev.lock, flags); -- if ((n = msnd_fifo_read( -+ n = msnd_fifo_read( - &dev.DAPF, - (char *)(dev.base + bank_num * DAP_BUFF_SIZE), -- DAP_BUFF_SIZE, 0)) < 0) { -- spin_unlock_irqrestore(&dev.lock, flags); -- return n; -- } -+ DAP_BUFF_SIZE); - spin_unlock_irqrestore(&dev.lock, flags); - } else { -- if ((n = msnd_fifo_read( -+ n = msnd_fifo_read( - &dev.DAPF, - (char *)(dev.base + bank_num * DAP_BUFF_SIZE), -- DAP_BUFF_SIZE, 0)) < 0) { -- return n; -- } -+ DAP_BUFF_SIZE); - } - if (!n) - break; -@@ -894,30 +886,43 @@ static __inline__ int pack_DAPF_to_DAPQ( - static int dsp_read(char *buf, size_t len) - { - int count = len; -+ char *page = (char *)__get_free_page(PAGE_SIZE); -+ -+ if (!page) -+ return -ENOMEM; - - while (count > 0) { -- int n; -+ int n, k; - unsigned long flags; - -+ k = PAGE_SIZE; -+ if (k > count) -+ k = count; -+ - /* Critical section: protect fifo in non-interrupt */ - spin_lock_irqsave(&dev.lock, flags); -- if ((n = msnd_fifo_read(&dev.DARF, buf, count, 1)) < 0) { -- printk(KERN_WARNING LOGNAME ": FIFO read error\n"); -- spin_unlock_irqrestore(&dev.lock, flags); -- return n; -- } -+ n = msnd_fifo_read(&dev.DARF, page, k); - spin_unlock_irqrestore(&dev.lock, flags); -+ if (copy_to_user(buf, page, n)) { -+ free_page((unsigned long)page); -+ return -EFAULT; -+ } - buf += n; - count -= n; - -+ if (n == k && count) -+ continue; -+ - if (!test_bit(F_READING, &dev.flags) && dev.mode & FMODE_READ) { - dev.last_recbank = -1; - if (chk_send_dsp_cmd(&dev, HDEX_RECORD_START) == 0) - set_bit(F_READING, &dev.flags); - } - -- if (dev.rec_ndelay) -+ if (dev.rec_ndelay) { -+ free_page((unsigned long)page); - return count == len ? -EAGAIN : len - count; -+ } - - if (count > 0) { - set_bit(F_READBLOCK, &dev.flags); -@@ -926,41 +931,57 @@ static int dsp_read(char *buf, size_t le - get_rec_delay_jiffies(DAR_BUFF_SIZE))) - clear_bit(F_READING, &dev.flags); - clear_bit(F_READBLOCK, &dev.flags); -- if (signal_pending(current)) -+ if (signal_pending(current)) { -+ free_page((unsigned long)page); - return -EINTR; -+ } - } - } -- -+ free_page((unsigned long)page); - return len - count; - } - - static int dsp_write(const char *buf, size_t len) - { - int count = len; -+ char *page = (char *)__get_free_page(GFP_KERNEL); -+ -+ if (!page) -+ return -ENOMEM; - - while (count > 0) { -- int n; -+ int n, k; - unsigned long flags; - -+ k = PAGE_SIZE; -+ if (k > count) -+ k = count; -+ -+ if (copy_from_user(page, buf, k)) { -+ free_page((unsigned long)page); -+ return -EFAULT; -+ } -+ - /* Critical section: protect fifo in non-interrupt */ - spin_lock_irqsave(&dev.lock, flags); -- if ((n = msnd_fifo_write(&dev.DAPF, buf, count, 1)) < 0) { -- printk(KERN_WARNING LOGNAME ": FIFO write error\n"); -- spin_unlock_irqrestore(&dev.lock, flags); -- return n; -- } -+ n = msnd_fifo_write(&dev.DAPF, page, k); - spin_unlock_irqrestore(&dev.lock, flags); - buf += n; - count -= n; - -+ if (count && n == k) -+ continue; -+ - if (!test_bit(F_WRITING, &dev.flags) && (dev.mode & FMODE_WRITE)) { - dev.last_playbank = -1; - if (pack_DAPF_to_DAPQ(1) > 0) - set_bit(F_WRITING, &dev.flags); - } - -- if (dev.play_ndelay) -+ if (dev.play_ndelay) { -+ free_page((unsigned long)page); - return count == len ? -EAGAIN : len - count; -+ } - - if (count > 0) { - set_bit(F_WRITEBLOCK, &dev.flags); -@@ -968,11 +989,14 @@ static int dsp_write(const char *buf, si - &dev.writeblock, - get_play_delay_jiffies(DAP_BUFF_SIZE)); - clear_bit(F_WRITEBLOCK, &dev.flags); -- if (signal_pending(current)) -+ if (signal_pending(current)) { -+ free_page((unsigned long)page); - return -EINTR; -+ } - } - } - -+ free_page((unsigned long)page); - return len - count; - } - ---- linux/drivers/sound/pss.c.bak Wed Jun 16 14:42:24 2004 -+++ linux/drivers/sound/pss.c Wed Jun 16 14:42:34 2004 -@@ -450,20 +450,36 @@ static void pss_mixer_reset(pss_confdata - } - } - --static void arg_to_volume_mono(unsigned int volume, int *aleft) -+static int set_volume_mono(caddr_t p, int *aleft) - { - int left; -+ unsigned volume; -+ if (get_user(volume, (unsigned *)p)) -+ return -EFAULT; - -- left = volume & 0x00ff; -+ left = volume & 0xff; - if (left > 100) - left = 100; - *aleft = left; -+ return 0; - } - --static void arg_to_volume_stereo(unsigned int volume, int *aleft, int *aright) -+static int set_volume_stereo(caddr_t p, int *aleft, int *aright) - { -- arg_to_volume_mono(volume, aleft); -- arg_to_volume_mono(volume >> 8, aright); -+ int left, right; -+ unsigned volume; -+ if (get_user(volume, (unsigned *)p)) -+ return -EFAULT; -+ -+ left = volume & 0xff; -+ if (left > 100) -+ left = 100; -+ right = (volume >> 8) & 0xff; -+ if (right > 100) -+ right = 100; -+ *aleft = left; -+ *aright = right; -+ return 0; - } - - static int ret_vol_mono(int left) -@@ -510,33 +526,38 @@ static int pss_mixer_ioctl (int dev, uns - return call_ad_mixer(devc, cmd, arg); - else - { -- if (*(int *)arg != 0) -+ int v; -+ if (get_user(v, (int *)arg)) -+ return -EFAULT; -+ if (v != 0) - return -EINVAL; - return 0; - } - case SOUND_MIXER_VOLUME: -- arg_to_volume_stereo(*(unsigned int *)arg, &devc->mixer.volume_l, -- &devc->mixer.volume_r); -+ if (set_volume_stereo(arg, -+ &devc->mixer.volume_l, -+ &devc->mixer.volume_r)) -+ return -EFAULT; - set_master_volume(devc, devc->mixer.volume_l, - devc->mixer.volume_r); - return ret_vol_stereo(devc->mixer.volume_l, - devc->mixer.volume_r); - - case SOUND_MIXER_BASS: -- arg_to_volume_mono(*(unsigned int *)arg, -- &devc->mixer.bass); -+ if (set_volume_mono(arg, &devc->mixer.bass)) -+ return -EFAULT; - set_bass(devc, devc->mixer.bass); - return ret_vol_mono(devc->mixer.bass); - - case SOUND_MIXER_TREBLE: -- arg_to_volume_mono(*(unsigned int *)arg, -- &devc->mixer.treble); -+ if (set_volume_mono(arg, &devc->mixer.treble)) -+ return -EFAULT; - set_treble(devc, devc->mixer.treble); - return ret_vol_mono(devc->mixer.treble); - - case SOUND_MIXER_SYNTH: -- arg_to_volume_mono(*(unsigned int *)arg, -- &devc->mixer.synth); -+ if (set_volume_mono(arg, &devc->mixer.synth)) -+ return -EFAULT; - set_synth_volume(devc, devc->mixer.synth); - return ret_vol_mono(devc->mixer.synth); - -@@ -546,54 +567,67 @@ static int pss_mixer_ioctl (int dev, uns - } - else - { -+ int val, and_mask = 0, or_mask = 0; - /* - * Return parameters - */ - switch (cmdf) - { -- - case SOUND_MIXER_DEVMASK: - if (call_ad_mixer(devc, cmd, arg) == -EINVAL) -- *(int *)arg = 0; /* no mixer devices */ -- return (*(int *)arg |= SOUND_MASK_VOLUME | SOUND_MASK_BASS | SOUND_MASK_TREBLE | SOUND_MASK_SYNTH); -+ break; -+ and_mask = ~0; -+ or_mask = SOUND_MASK_VOLUME | SOUND_MASK_BASS | SOUND_MASK_TREBLE | SOUND_MASK_SYNTH; -+ break; - - case SOUND_MIXER_STEREODEVS: - if (call_ad_mixer(devc, cmd, arg) == -EINVAL) -- *(int *)arg = 0; /* no stereo devices */ -- return (*(int *)arg |= SOUND_MASK_VOLUME); -+ break; -+ and_mask = ~0; -+ or_mask = SOUND_MASK_VOLUME; -+ break; - - case SOUND_MIXER_RECMASK: - if (devc->ad_mixer_dev != NO_WSS_MIXER) - return call_ad_mixer(devc, cmd, arg); -- else -- return (*(int *)arg = 0); /* no record devices */ -+ break; - - case SOUND_MIXER_CAPS: - if (devc->ad_mixer_dev != NO_WSS_MIXER) - return call_ad_mixer(devc, cmd, arg); -- else -- return (*(int *)arg = SOUND_CAP_EXCL_INPUT); -+ or_mask = SOUND_CAP_EXCL_INPUT; -+ break; - - case SOUND_MIXER_RECSRC: - if (devc->ad_mixer_dev != NO_WSS_MIXER) - return call_ad_mixer(devc, cmd, arg); -- else -- return (*(int *)arg = 0); /* no record source */ -+ break; - - case SOUND_MIXER_VOLUME: -- return (*(int *)arg = ret_vol_stereo(devc->mixer.volume_l, devc->mixer.volume_r)); -+ or_mask = ret_vol_stereo(devc->mixer.volume_l, devc->mixer.volume_r); -+ break; - - case SOUND_MIXER_BASS: -- return (*(int *)arg = ret_vol_mono(devc->mixer.bass)); -+ or_mask = ret_vol_mono(devc->mixer.bass); -+ break; - - case SOUND_MIXER_TREBLE: -- return (*(int *)arg = ret_vol_mono(devc->mixer.treble)); -+ or_mask = ret_vol_mono(devc->mixer.treble); -+ break; - - case SOUND_MIXER_SYNTH: -- return (*(int *)arg = ret_vol_mono(devc->mixer.synth)); -+ or_mask = ret_vol_mono(devc->mixer.synth); -+ break; - default: - return -EINVAL; - } -+ if (get_user(val, (int *)arg)) -+ return -EFAULT; -+ val &= and_mask; -+ val |= or_mask; -+ if (put_user(val, (int *)arg)) -+ return -EFAULT; -+ return val; - } - } - diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0535.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0535.patch deleted file mode 100644 index 669fc5fd32fb..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0535.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- drivers/net/e1000/e1000_ethtool.c 2003-06-13 15:51:34.000000000 +0100 -+++ drivers/net/e1000/e1000_ethtool.c.plasmaroo 2004-06-24 11:23:32.524963976 +0100 -@@ -468,6 +468,9 @@ - - if(copy_from_user(®s, addr, sizeof(regs))) - return -EFAULT; -+ memset(regs_buff, 0, sizeof(regs_buff)); -+ if (regs.len > E1000_REGS_LEN) -+ regs.len = E1000_REGS_LEN; - e1000_ethtool_gregs(adapter, ®s, regs_buff); - if(copy_to_user(addr, ®s, sizeof(regs))) - return -EFAULT; diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0685.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0685.patch deleted file mode 100644 index d1be834cc8a5..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0685.patch +++ /dev/null @@ -1,83 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/07/26 19:14:16-03:00 mjc@redhat.com -# [PATCH] USB: more sparse fixes -# -# Back in October 2003 Arnaldo commited some fixes prior to 2.6 for some leaking info to userspace in the -# usb drivers: -# http://linux.bkbits.net:8080/linux-2.6/cset@3f986b35LyBKc-OxB8G6k22oOjgYTQ -# -# The corresponding changes have not been commited to 2.4, or included in -# the previous sparse fixes. -# -# drivers/usb/audio.c -# 2004/07/15 08:46:52-03:00 mjc@redhat.com +4 -0 -# USB: more sparse fixes -# -# drivers/usb/brlvger.c -# 2004/07/15 08:47:27-03:00 mjc@redhat.com +1 -0 -# USB: more sparse fixes -# -# drivers/usb/serial/io_edgeport.c -# 2004/07/15 08:48:06-03:00 mjc@redhat.com +1 -0 -# USB: more sparse fixes -# -# drivers/usb/vicam.c -# 2004/07/15 08:47:13-03:00 mjc@redhat.com +1 -0 -# USB: more sparse fixes -# -diff -Nru a/drivers/usb/audio.c b/drivers/usb/audio.c ---- a/drivers/usb/audio.c 2004-08-08 07:41:30 -07:00 -+++ b/drivers/usb/audio.c 2004-08-08 07:41:30 -07:00 -@@ -2141,6 +2141,8 @@ - - if (cmd == SOUND_MIXER_INFO) { - mixer_info info; -+ -+ memset(&info, 0, sizeof(info)); - strncpy(info.id, "USB_AUDIO", sizeof(info.id)); - strncpy(info.name, "USB Audio Class Driver", sizeof(info.name)); - info.modify_counter = ms->modcnt; -@@ -2150,6 +2152,8 @@ - } - if (cmd == SOUND_OLD_MIXER_INFO) { - _old_mixer_info info; -+ -+ memset(&info, 0, sizeof(info)); - strncpy(info.id, "USB_AUDIO", sizeof(info.id)); - strncpy(info.name, "USB Audio Class Driver", sizeof(info.name)); - if (copy_to_user((void *)arg, &info, sizeof(info))) -diff -Nru a/drivers/usb/brlvger.c b/drivers/usb/brlvger.c ---- a/drivers/usb/brlvger.c 2004-08-08 07:41:30 -07:00 -+++ b/drivers/usb/brlvger.c 2004-08-08 07:41:30 -07:00 -@@ -743,6 +743,7 @@ - case BRLVGER_GET_INFO: { - struct brlvger_info vi; - -+ memset(&vi, 0, sizeof(vi)); - strncpy(vi.driver_version, DRIVER_VERSION, - sizeof(vi.driver_version)); - vi.driver_version[sizeof(vi.driver_version)-1] = 0; -diff -Nru a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c ---- a/drivers/usb/serial/io_edgeport.c 2004-08-08 07:41:30 -07:00 -+++ b/drivers/usb/serial/io_edgeport.c 2004-08-08 07:41:30 -07:00 -@@ -1913,6 +1913,7 @@ - - case TIOCGICOUNT: - cnow = edge_port->icount; -+ memset(&icount, 0, sizeof(icount)); - icount.cts = cnow.cts; - icount.dsr = cnow.dsr; - icount.rng = cnow.rng; -diff -Nru a/drivers/usb/vicam.c b/drivers/usb/vicam.c ---- a/drivers/usb/vicam.c 2004-08-08 07:41:30 -07:00 -+++ b/drivers/usb/vicam.c 2004-08-08 07:41:30 -07:00 -@@ -481,6 +481,7 @@ - struct video_capability b; - - DBG("VIDIOCGCAP\n"); -+ memset(&b, 0, sizeof(b)); - strcpy(b.name, "ViCam-based Camera"); - b.type = VID_TYPE_CAPTURE; - b.channels = 1; diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1016.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1016.patch deleted file mode 100644 index aa25ac95ed61..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1016.patch +++ /dev/null @@ -1,75 +0,0 @@ -===== include/linux/socket.h 1.12 vs edited ===== ---- 1.12/include/linux/socket.h 2004-09-09 06:40:01 +10:00 -+++ edited/include/linux/socket.h 2004-11-27 11:53:40 +11:00 -@@ -90,6 +90,10 @@ - (struct cmsghdr *)(ctl) : \ - (struct cmsghdr *)NULL) - #define CMSG_FIRSTHDR(msg) __CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen) -+#define CMSG_OK(mhdr, cmsg) ((cmsg)->cmsg_len >= sizeof(struct cmsghdr) && \ -+ (cmsg)->cmsg_len <= (unsigned long) \ -+ ((mhdr)->msg_controllen - \ -+ ((char *)(cmsg) - (char *)(mhdr)->msg_control))) - - /* - * This mess will go away with glibc -===== net/core/scm.c 1.10 vs edited ===== ---- 1.10/net/core/scm.c 2004-05-31 05:08:14 +10:00 -+++ edited/net/core/scm.c 2004-11-27 11:48:55 +11:00 -@@ -127,9 +127,7 @@ - for too short ancillary data object at all! Oops. - OK, let's add it... - */ -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) -+ if (!CMSG_OK(msg, cmsg)) - goto error; - - if (cmsg->cmsg_level != SOL_SOCKET) -===== net/ipv4/ip_sockglue.c 1.26 vs edited ===== ---- 1.26/net/ipv4/ip_sockglue.c 2004-07-01 06:10:53 +10:00 -+++ edited/net/ipv4/ip_sockglue.c 2004-11-27 11:49:45 +11:00 -@@ -146,11 +146,8 @@ - struct cmsghdr *cmsg; - - for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) - return -EINVAL; -- } - if (cmsg->cmsg_level != SOL_IP) - continue; - switch (cmsg->cmsg_type) { -===== net/ipv6/datagram.c 1.20 vs edited ===== ---- 1.20/net/ipv6/datagram.c 2004-11-10 17:57:03 +11:00 -+++ edited/net/ipv6/datagram.c 2004-11-27 11:51:15 +11:00 -@@ -427,9 +427,7 @@ - int addr_type; - struct net_device *dev = NULL; - -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) { - err = -EINVAL; - goto exit_f; - } -===== net/sctp/socket.c 1.129 vs edited ===== ---- 1.129/net/sctp/socket.c 2004-11-19 08:43:18 +11:00 -+++ edited/net/sctp/socket.c 2004-11-27 11:52:11 +11:00 -@@ -4098,12 +4098,8 @@ - for (cmsg = CMSG_FIRSTHDR(msg); - cmsg != NULL; - cmsg = CMSG_NXTHDR((struct msghdr*)msg, cmsg)) { -- /* Check for minimum length. The SCM code has this check. */ -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) - return -EINVAL; -- } - - /* Should we parse this header or ignore? */ - if (cmsg->cmsg_level != IPPROTO_SCTP) diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1056.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1056.patch deleted file mode 100644 index 53b777acaac5..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1056.patch +++ /dev/null @@ -1,321 +0,0 @@ -diff -ur linux-2.4.28/drivers/char/drm/i810.h linux-2.4.28.plasmaroo/drivers/char/drm/i810.h ---- linux-2.4.28/drivers/char/drm/i810.h 2003-11-28 18:26:20.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm/i810.h 2004-12-23 16:26:31.000000000 +0000 -@@ -114,4 +114,14 @@ - #define DRIVER_AGP_BUFFERS_MAP( dev ) \ - ((drm_i810_private_t *)((dev)->dev_private))->buffer_map - -+#define LOCK_TEST_WITH_RETURN( dev ) \ -+do { \ -+ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ -+ dev->lock.pid != current->pid ) { \ -+ DRM_ERROR( "%s called without lock held\n", \ -+ __FUNCTION__ ); \ -+ return -EINVAL; \ -+ } \ -+} while (0) -+ - #endif -diff -ur linux-2.4.28/drivers/char/drm/i810_dma.c linux-2.4.28.plasmaroo/drivers/char/drm/i810_dma.c ---- linux-2.4.28/drivers/char/drm/i810_dma.c 2004-02-18 13:36:31.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm/i810_dma.c 2004-12-23 16:27:16.000000000 +0000 -@@ -948,10 +948,7 @@ - drm_file_t *priv = filp->private_data; - drm_device_t *dev = priv->dev; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_flush_ioctl called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_flush_queue(dev); - return 0; -@@ -973,10 +970,7 @@ - if (copy_from_user(&vertex, (drm_i810_vertex_t *)arg, sizeof(vertex))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma_vertex called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - if(vertex.idx < 0 || vertex.idx > dma->buf_count) return -EINVAL; - -@@ -1004,10 +998,7 @@ - if (copy_from_user(&clear, (drm_i810_clear_t *)arg, sizeof(clear))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_clear_bufs called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - /* GH: Someone's doing nasty things... */ - if (!dev->dev_private) { -@@ -1026,10 +1017,7 @@ - drm_file_t *priv = filp->private_data; - drm_device_t *dev = priv->dev; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_swap_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_dma_dispatch_swap( dev ); - return 0; -@@ -1064,10 +1052,7 @@ - if (copy_from_user(&d, (drm_i810_dma_t *)arg, sizeof(d))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - d.granted = 0; - -@@ -1174,11 +1159,7 @@ - if (copy_from_user(&mc, (drm_i810_mc_t *)arg, sizeof(mc))) - return -EFAULT; - -- -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma_mc called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_dma_dispatch_mc(dev, dma->buflist[mc.idx], mc.used, - mc.last_render ); -@@ -1223,10 +1204,7 @@ - drm_device_t *dev = priv->dev; - drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_fstatus called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - return I810_READ(0x30008); - } - -@@ -1237,10 +1215,7 @@ - drm_device_t *dev = priv->dev; - drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_ov0_flip called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - //Tell the overlay to update - I810_WRITE(0x30000,dev_priv->overlay_physical | 0x80000000); -diff -ur linux-2.4.28/drivers/char/drm/i830.h linux-2.4.28.plasmaroo/drivers/char/drm/i830.h ---- linux-2.4.28/drivers/char/drm/i830.h 2003-11-28 18:26:20.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm/i830.h 2004-12-23 16:31:33.000000000 +0000 -@@ -154,4 +154,14 @@ - #define DRIVER_AGP_BUFFERS_MAP( dev ) \ - ((drm_i830_private_t *)((dev)->dev_private))->buffer_map - -+#define LOCK_TEST_WITH_RETURN( dev ) \ -+do { \ -+ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ -+ dev->lock.pid != current->pid ) { \ -+ DRM_ERROR( "%s called without lock held\n", \ -+ __FUNCTION__ ); \ -+ return -EINVAL; \ -+ } \ -+} while (0) -+ - #endif -diff -ur linux-2.4.28/drivers/char/drm/i830_dma.c linux-2.4.28.plasmaroo/drivers/char/drm/i830_dma.c ---- linux-2.4.28/drivers/char/drm/i830_dma.c 2004-02-18 13:36:31.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm/i830_dma.c 2004-12-23 16:32:08.000000000 +0000 -@@ -1330,10 +1330,7 @@ - drm_file_t *priv = filp->private_data; - drm_device_t *dev = priv->dev; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_flush_ioctl called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i830_flush_queue(dev); - return 0; -@@ -1354,10 +1351,7 @@ - if (copy_from_user(&vertex, (drm_i830_vertex_t *)arg, sizeof(vertex))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_dma_vertex called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - DRM_DEBUG("i830 dma vertex, idx %d used %d discard %d\n", - vertex.idx, vertex.used, vertex.discard); -@@ -1384,10 +1378,7 @@ - if (copy_from_user(&clear, (drm_i830_clear_t *)arg, sizeof(clear))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_clear_bufs called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - /* GH: Someone's doing nasty things... */ - if (!dev->dev_private) { -@@ -1409,10 +1400,7 @@ - - DRM_DEBUG("i830_swap_bufs\n"); - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_swap_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i830_dma_dispatch_swap( dev ); - return 0; -@@ -1453,10 +1441,7 @@ - - DRM_DEBUG("%s\n", __FUNCTION__); - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_flip_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - if (!dev_priv->page_flipping) - i830_do_init_pageflip( dev ); -@@ -1495,10 +1480,7 @@ - if (copy_from_user(&d, (drm_i830_dma_t *)arg, sizeof(d))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - d.granted = 0; - -diff -ur linux-2.4.28/drivers/char/drm/i830_irq.c linux-2.4.28.plasmaroo/drivers/char/drm/i830_irq.c ---- linux-2.4.28/drivers/char/drm/i830_irq.c 2003-11-28 18:26:20.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm/i830_irq.c 2004-12-23 16:39:47.000000000 +0000 -@@ -130,10 +130,7 @@ - drm_i830_irq_emit_t emit; - int result; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_irq_emit called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - if ( !dev_priv ) { - DRM_ERROR( "%s called with no initialization\n", __FUNCTION__ ); -diff -ur linux-2.4.28/drivers/char/drm-4.0/drmP.h linux-2.4.28.plasmaroo/drivers/char/drm-4.0/drmP.h ---- linux-2.4.28/drivers/char/drm-4.0/drmP.h 2004-02-18 13:36:31.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm-4.0/drmP.h 2004-12-23 16:21:30.000000000 +0000 -@@ -294,6 +294,16 @@ - #define DRM_BUFCOUNT(x) ((x)->count - DRM_LEFTCOUNT(x)) - #define DRM_WAITCOUNT(dev,idx) DRM_BUFCOUNT(&dev->queuelist[idx]->waitlist) - -+#define LOCK_TEST_WITH_RETURN( dev ) \ -+do { \ -+ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ -+ dev->lock.pid != current->pid ) { \ -+ DRM_ERROR( "%s called without lock held\n", \ -+ __FUNCTION__ ); \ -+ return -EINVAL; \ -+ } \ -+} while (0) -+ - typedef int drm_ioctl_t(struct inode *inode, struct file *filp, - unsigned int cmd, unsigned long arg); - -diff -ur linux-2.4.28/drivers/char/drm-4.0/i810_dma.c linux-2.4.28.plasmaroo/drivers/char/drm-4.0/i810_dma.c ---- linux-2.4.28/drivers/char/drm-4.0/i810_dma.c 2004-02-18 13:36:31.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm-4.0/i810_dma.c 2004-12-23 16:21:30.000000000 +0000 -@@ -1249,10 +1249,7 @@ - drm_device_t *dev = priv->dev; - - DRM_DEBUG("i810_flush_ioctl\n"); -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_flush_ioctl called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_flush_queue(dev); - return 0; -@@ -1274,10 +1271,7 @@ - if (copy_from_user(&vertex, (drm_i810_vertex_t *)arg, sizeof(vertex))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma_vertex called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - DRM_DEBUG("i810 dma vertex, idx %d used %d discard %d\n", - vertex.idx, vertex.used, vertex.discard); -@@ -1308,10 +1302,7 @@ - if (copy_from_user(&clear, (drm_i810_clear_t *)arg, sizeof(clear))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_clear_bufs called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_dma_dispatch_clear( dev, clear.flags, - clear.clear_color, -@@ -1327,10 +1318,7 @@ - - DRM_DEBUG("i810_swap_bufs\n"); - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_swap_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_dma_dispatch_swap( dev ); - return 0; -@@ -1366,10 +1354,7 @@ - if (copy_from_user(&d, (drm_i810_dma_t *)arg, sizeof(d))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - d.granted = 0; - -@@ -1399,10 +1384,7 @@ - drm_i810_buf_priv_t *buf_priv; - drm_device_dma_t *dma = dev->dma; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - if (copy_from_user(&d, (drm_i810_copy_t *)arg, sizeof(d))) - return -EFAULT; diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1137.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1137.patch deleted file mode 100644 index 161806ce79d7..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1137.patch +++ /dev/null @@ -1,59 +0,0 @@ ---- linux-2.4.28-orig/net/ipv4/igmp.c 2004-08-08 01:26:06.000000000 +0200 -+++ linux-2.4.28/net/ipv4/igmp.c 2004-12-15 22:12:48.000000000 +0100 -@@ -1757,12 +1757,12 @@ - goto done; - rv = !0; - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, -+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, - sizeof(__u32)); -- if (rv >= 0) -+ if (rv == 0) - break; - } -- if (!rv) /* source not found */ -+ if (rv) /* source not found */ - goto done; - - /* update the interface filter */ -@@ -1804,9 +1804,9 @@ - } - rv = 1; /* > 0 for insert logic below if sl_count is 0 */ - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, -+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, - sizeof(__u32)); -- if (rv >= 0) -+ if (rv == 0) - break; - } - if (rv == 0) /* address already there is an error */ ---- linux-2.4.28-orig/net/ipv6/mcast.c 2004-11-17 12:54:22.000000000 +0100 -+++ linux-2.4.28/net/ipv6/mcast.c 2004-12-15 22:14:07.000000000 +0100 -@@ -386,12 +386,12 @@ - goto done; - rv = !0; - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, group, -+ rv = memcmp(&psl->sl_addr[i], source, - sizeof(struct in6_addr)); -- if (rv >= 0) -+ if (rv == 0) - break; - } -- if (!rv) /* source not found */ -+ if (rv) /* source not found */ - goto done; - - /* update the interface filter */ -@@ -432,8 +432,8 @@ - } - rv = 1; /* > 0 for insert logic below if sl_count is 0 */ - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, group, sizeof(struct in6_addr)); -- if (rv >= 0) -+ rv = memcmp(&psl->sl_addr[i], source, sizeof(struct in6_addr)); -+ if (rv == 0) - break; - } - if (rv == 0) /* address already there is an error */ diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.FPULockup-53804.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.FPULockup-53804.patch deleted file mode 100644 index 1dd5ed87b520..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.FPULockup-53804.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- linux-2.4/include/asm-i386/i387.h 2004-06-13 20:06:05.044881328 +0100 -+++ linux-2.4/include/asm-i386/i387.h 2004-06-13 20:25:42.836829736 +0100 -@@ -34,7 +34,7 @@ - - #define clear_fpu( tsk ) do { \ - if ( tsk->flags & PF_USEDFPU ) { \ -- asm volatile("fwait"); \ -+ asm volatile("fnclex ; fwait"); \ - tsk->flags &= ~PF_USEDFPU; \ - stts(); \ - } \ diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.XDRWrapFix.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.XDRWrapFix.patch deleted file mode 100644 index 9a336ab7876a..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.XDRWrapFix.patch +++ /dev/null @@ -1,48 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/08/16 14:50:04-03:00 neilb@cse.unsw.edu.au -# [PATCH] Fixed possibly xdr parsing error if write size exceed 2^31 -# -# xdr_argsize_check needs to cope with the possibility that the -# pointer has wrapped and could be below buf->base. -# -# Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> -# -# ### Diffstat output -# ./fs/nfsd/nfs3xdr.c | 2 +- -# ./include/linux/nfsd/xdr3.h | 2 +- -# 2 files changed, 2 insertions(+), 2 deletions(-) -# -# fs/nfsd/nfs3xdr.c -# 2004/08/14 00:23:06-03:00 neilb@cse.unsw.edu.au +1 -1 -# Fixed possibly xdr parsing error if write size exceed 2^31 -# -# include/linux/nfsd/xdr3.h -# 2004/08/15 20:48:43-03:00 neilb@cse.unsw.edu.au +1 -1 -# Fixed possibly xdr parsing error if write size exceed 2^31 -# -diff -Nru a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c ---- a/fs/nfsd/nfs3xdr.c 2004-09-06 11:20:28 -07:00 -+++ b/fs/nfsd/nfs3xdr.c 2004-09-06 11:20:28 -07:00 -@@ -273,7 +273,7 @@ - { - struct svc_buf *buf = &rqstp->rq_argbuf; - -- return p - buf->base <= buf->buflen; -+ return p >= buf->base && p <= buf->base + buf->buflen ; - } - - static inline int -diff -Nru a/include/linux/nfsd/xdr3.h b/include/linux/nfsd/xdr3.h ---- a/include/linux/nfsd/xdr3.h 2004-09-06 11:20:28 -07:00 -+++ b/include/linux/nfsd/xdr3.h 2004-09-06 11:20:28 -07:00 -@@ -41,7 +41,7 @@ - __u32 count; - int stable; - __u8 * data; -- int len; -+ __u32 len; - }; - - struct nfsd3_createargs { diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.binfmt_a.out.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.binfmt_a.out.patch deleted file mode 100644 index 4644ae28bce4..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.binfmt_a.out.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -Nru linux-2.4.28/fs/exec.c linux-2.4.28.plasmaroo/fs/exec.c ---- linux-2.4.28/fs/exec.c 2004-04-15 10:44:45 -07:00 -+++ linux-2.4.28.plasmaroo/fs/exec.c 2004-11-12 12:02:40 -08:00 -@@ -342,6 +342,7 @@ int setup_arg_pages(struct linux_binprm - - down_write(¤t->mm->mmap_sem); - { -+ struct vm_area_struct *vma; - mpnt->vm_mm = current->mm; - mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p; - mpnt->vm_end = STACK_TOP; -@@ -351,6 +352,12 @@ int setup_arg_pages(struct linux_binprm - mpnt->vm_pgoff = 0; - mpnt->vm_file = NULL; - mpnt->vm_private_data = (void *) 0; -+ vma = find_vma(current->mm, mpnt->vm_start); -+ if (vma) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return -ENOMEM; -+ } - insert_vm_struct(current->mm, mpnt); - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } -diff -Nru linux-2.4.28/fs/exec.c linux-2.4.28.plasmaroo/fs/exec.c ---- linux-2.4.28/fs/binfmt_aout.c 2002-02-04 23:54:04 -08:00 -+++ linux-2.4.28.plasmaroo/fs/binfmt_aout.c 2004-11-12 11:55:14 -08:00 -@@ -39,13 +39,18 @@ static struct linux_binfmt aout_format = - NULL, THIS_MODULE, load_aout_binary, load_aout_library, aout_core_dump, PAGE_SIZE - }; - --static void set_brk(unsigned long start, unsigned long end) -+#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) -+ -+static int set_brk(unsigned long start, unsigned long end) - { - start = PAGE_ALIGN(start); - end = PAGE_ALIGN(end); -- if (end <= start) -- return; -- do_brk(start, end - start); -+ if (end > start) { -+ unsigned long addr = do_brk(start, end - start); -+ if (BAD_ADDR(addr)) -+ return addr; -+ } -+ return 0; - } - - /* -@@ -405,7 +410,11 @@ static int load_aout_binary(struct linux - beyond_if: - set_binfmt(&aout_format); - -- set_brk(current->mm->start_brk, current->mm->brk); -+ retval = set_brk(current->mm->start_brk, current->mm->brk); -+ if (retval < 0) { -+ send_sig(SIGKILL, current, 0); -+ return retval; -+ } - - retval = setup_arg_pages(bprm); - if (retval < 0) { diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.binfmt_elf.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.binfmt_elf.patch deleted file mode 100644 index 9f4f44ee78f5..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.binfmt_elf.patch +++ /dev/null @@ -1,85 +0,0 @@ -diff -ur linux-2.4.27/fs/binfmt_elf.c linux-2.4.27.plasmaroo/fs/binfmt_elf.c ---- linux-2.4.27/fs/binfmt_elf.c 2004-04-14 14:05:40.000000000 +0100 -+++ linux-2.4.27.plasmaroo/fs/binfmt_elf.c 2004-11-19 21:30:26.745410824 +0000 -@@ -299,9 +299,12 @@ - goto out; - - retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size); -- error = retval; -- if (retval < 0) -+ error = -EIO; -+ if (retval != size) { -+ if (retval < 0) -+ error = retval; - goto out_close; -+ } - - eppnt = elf_phdata; - for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) { -@@ -475,8 +478,11 @@ - goto out; - - retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size); -- if (retval < 0) -+ if (retval != size) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_ph; -+ } - - files = current->files; /* Refcounted so ok */ - retval = unshare_files(); -@@ -513,7 +519,8 @@ - */ - - retval = -ENOMEM; -- if (elf_ppnt->p_filesz > PATH_MAX) -+ if (elf_ppnt->p_filesz > PATH_MAX || -+ elf_ppnt->p_filesz == 0) - goto out_free_file; - elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz, - GFP_KERNEL); -@@ -523,8 +530,16 @@ - retval = kernel_read(bprm->file, elf_ppnt->p_offset, - elf_interpreter, - elf_ppnt->p_filesz); -- if (retval < 0) -+ if (retval != elf_ppnt->p_filesz) { -+ if (retval >= 0) -+ retval = -EIO; -+ goto out_free_interp; -+ } -+ /* make sure path is NULL terminated */ -+ retval = -EINVAL; -+ if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0') - goto out_free_interp; -+ - /* If the program interpreter is one of these two, - * then assume an iBCS2 image. Otherwise assume - * a native linux image. -@@ -543,8 +558,11 @@ - if (IS_ERR(interpreter)) - goto out_free_interp; - retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE); -- if (retval < 0) -+ if (retval != BINPRM_BUF_SIZE) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_dentry; -+ } - - /* Get the exec headers */ - interp_ex = *((struct exec *) bprm->buf); -@@ -682,8 +700,10 @@ - } - - error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags); -- if (BAD_ADDR(error)) -- continue; -+ if (BAD_ADDR(error)) { -+ send_sig(SIGKILL, current, 0); -+ goto out_free_dentry; -+ } - - if (!load_addr_set) { - load_addr_set = 1; diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.brk-locked.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.brk-locked.patch deleted file mode 100644 index 4a1a249464e1..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.brk-locked.patch +++ /dev/null @@ -1,258 +0,0 @@ -diff -ur linux-2.4.28-gentoo-r4/arch/mips/kernel/irixelf.c linux-2.4.28-gentoo-r5/arch/mips/kernel/irixelf.c ---- linux-2.4.28-gentoo-r4/arch/mips/kernel/irixelf.c 2005-01-07 20:33:12.000000000 +0000 -+++ linux-2.4.28-gentoo-r5/arch/mips/kernel/irixelf.c 2005-01-07 20:20:32.000000000 +0000 -@@ -130,7 +130,7 @@ - end = PAGE_ALIGN(end); - if (end <= start) - return; -- do_brk(start, end - start); -+ do_brk_locked(start, end - start); - } - - -@@ -379,7 +379,7 @@ - - /* Map the last of the bss segment */ - if (last_bss > len) { -- do_brk(len, (last_bss - len)); -+ do_brk_locked(len, (last_bss - len)); - } - kfree(elf_phdata); - -@@ -567,7 +567,7 @@ - unsigned long v; - struct prda *pp; - -- v = do_brk (PRDA_ADDRESS, PAGE_SIZE); -+ v = do_brk_locked (PRDA_ADDRESS, PAGE_SIZE); - - if (v < 0) - return; -@@ -859,7 +859,7 @@ - len = (elf_phdata->p_filesz + elf_phdata->p_vaddr+ 0xfff) & 0xfffff000; - bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; - if (bss > len) -- do_brk(len, bss-len); -+ do_brk_locked(len, bss-len); - kfree(elf_phdata); - return 0; - } -diff -ur linux-2.4.28-gentoo-r4/arch/sparc64/kernel/binfmt_aout32.c linux-2.4.28-gentoo-r5/arch/sparc64/kernel/binfmt_aout32.c ---- linux-2.4.28-gentoo-r4/arch/sparc64/kernel/binfmt_aout32.c 2005-01-07 20:33:12.000000000 +0000 -+++ linux-2.4.28-gentoo-r5/arch/sparc64/kernel/binfmt_aout32.c 2005-01-07 20:20:32.000000000 +0000 -@@ -49,7 +49,7 @@ - end = PAGE_ALIGN(end); - if (end <= start) - return; -- do_brk(start, end - start); -+ do_brk_locked(start, end - start); - } - - /* -@@ -246,10 +246,10 @@ - if (N_MAGIC(ex) == NMAGIC) { - loff_t pos = fd_offset; - /* Fuck me plenty... */ -- error = do_brk(N_TXTADDR(ex), ex.a_text); -+ error = do_brk_locked(N_TXTADDR(ex), ex.a_text); - bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), - ex.a_text, &pos); -- error = do_brk(N_DATADDR(ex), ex.a_data); -+ error = do_brk_locked(N_DATADDR(ex), ex.a_data); - bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex), - ex.a_data, &pos); - goto beyond_if; -@@ -257,7 +257,7 @@ - - if (N_MAGIC(ex) == OMAGIC) { - loff_t pos = fd_offset; -- do_brk(N_TXTADDR(ex) & PAGE_MASK, -+ do_brk_locked(N_TXTADDR(ex) & PAGE_MASK, - ex.a_text+ex.a_data + PAGE_SIZE - 1); - bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), - ex.a_text+ex.a_data, &pos); -@@ -272,7 +272,7 @@ - - if (!bprm->file->f_op->mmap) { - loff_t pos = fd_offset; -- do_brk(0, ex.a_text+ex.a_data); -+ do_brk_locked(0, ex.a_text+ex.a_data); - bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), - ex.a_text+ex.a_data, &pos); - goto beyond_if; -@@ -388,7 +388,7 @@ - len = PAGE_ALIGN(ex.a_text + ex.a_data); - bss = ex.a_text + ex.a_data + ex.a_bss; - if (bss > len) { -- error = do_brk(start_addr + len, bss - len); -+ error = do_brk_locked(start_addr + len, bss - len); - retval = error; - if (error != start_addr + len) - goto out; -diff -ur linux-2.4.28-gentoo-r4/fs/binfmt_aout.c linux-2.4.28-gentoo-r5/fs/binfmt_aout.c ---- linux-2.4.28-gentoo-r4/fs/binfmt_aout.c 2005-01-07 20:33:12.000000000 +0000 -+++ linux-2.4.28-gentoo-r5/fs/binfmt_aout.c 2005-01-07 20:20:32.000000000 +0000 -@@ -46,7 +46,7 @@ - start = PAGE_ALIGN(start); - end = PAGE_ALIGN(end); - if (end > start) { -- unsigned long addr = do_brk(start, end - start); -+ unsigned long addr = do_brk_locked(start, end - start); - if (BAD_ADDR(addr)) - return addr; - } -@@ -341,10 +341,10 @@ - loff_t pos = fd_offset; - /* Fuck me plenty... */ - /* <AOL></AOL> */ -- error = do_brk(N_TXTADDR(ex), ex.a_text); -+ error = do_brk_locked(N_TXTADDR(ex), ex.a_text); - bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), - ex.a_text, &pos); -- error = do_brk(N_DATADDR(ex), ex.a_data); -+ error = do_brk_locked(N_DATADDR(ex), ex.a_data); - bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex), - ex.a_data, &pos); - goto beyond_if; -@@ -365,7 +365,7 @@ - map_size = ex.a_text+ex.a_data; - #endif - -- error = do_brk(text_addr & PAGE_MASK, map_size); -+ error = do_brk_locked(text_addr & PAGE_MASK, map_size); - if (error != (text_addr & PAGE_MASK)) { - send_sig(SIGKILL, current, 0); - return error; -@@ -399,7 +399,7 @@ - - if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { - loff_t pos = fd_offset; -- do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); -+ do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data); - bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), - ex.a_text+ex.a_data, &pos); - flush_icache_range((unsigned long) N_TXTADDR(ex), -@@ -500,7 +500,7 @@ - error_time = jiffies; - } - -- do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); -+ do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss); - - file->f_op->read(file, (char *)start_addr, - ex.a_text + ex.a_data, &pos); -@@ -524,7 +524,7 @@ - len = PAGE_ALIGN(ex.a_text + ex.a_data); - bss = ex.a_text + ex.a_data + ex.a_bss; - if (bss > len) { -- error = do_brk(start_addr + len, bss - len); -+ error = do_brk_locked(start_addr + len, bss - len); - retval = error; - if (error != start_addr + len) - goto out; -diff -ur linux-2.4.28-gentoo-r4/fs/binfmt_elf.c linux-2.4.28-gentoo-r5/fs/binfmt_elf.c ---- linux-2.4.28-gentoo-r4/fs/binfmt_elf.c 2005-01-07 20:33:12.000000000 +0000 -+++ linux-2.4.28-gentoo-r5/fs/binfmt_elf.c 2005-01-07 20:20:46.000000000 +0000 -@@ -130,7 +130,7 @@ - end = PAGE_ALIGN(end); - if (end <= start) - return; -- do_brk(start, end - start); -+ do_brk_locked(start, end - start); - } - - -@@ -295,7 +297,9 @@ static unsigned long load_elf_interp(str - */ - if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr)) - goto out; -- if (interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr)) -+ -+ if (interp_elf_ex->e_phnum < 1 || -+ interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr)) - goto out; - - /* Now read in all of the header information */ -@@ -370,7 +370,7 @@ - - /* Map the last of the bss segment */ - if (last_bss > elf_bss) -- do_brk(elf_bss, last_bss - elf_bss); -+ do_brk_locked(elf_bss, last_bss - elf_bss); - - *interp_load_addr = load_addr; - error = ((unsigned long) interp_elf_ex->e_entry) + load_addr; -@@ -407,7 +407,7 @@ - goto out; - } - -- do_brk(0, text_data); -+ do_brk_locked(0, text_data); - retval = -ENOEXEC; - if (!interpreter->f_op || !interpreter->f_op->read) - goto out; -@@ -415,7 +415,7 @@ - flush_icache_range((unsigned long)addr, - (unsigned long)addr + text_data); - -- do_brk(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), -+ do_brk_locked(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), - interp_ex->a_bss); - elf_entry = interp_ex->a_entry; - -@@ -1271,7 +1271,7 @@ - len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1); - bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; - if (bss > len) -- do_brk(len, bss - len); -+ do_brk_locked(len, bss - len); - error = 0; - - out_free_ph: -diff -ur linux-2.4.28-gentoo-r4/include/linux/mm.h linux-2.4.28-gentoo-r5/include/linux/mm.h ---- linux-2.4.28-gentoo-r4/include/linux/mm.h 2005-01-07 20:33:12.000000000 +0000 -+++ linux-2.4.28-gentoo-r5/include/linux/mm.h 2005-01-07 20:20:32.000000000 +0000 -@@ -601,6 +601,7 @@ - extern int do_munmap(struct mm_struct *, unsigned long, size_t); - - extern unsigned long do_brk(unsigned long, unsigned long); -+extern unsigned long do_brk_locked(unsigned long, unsigned long); - - static inline void __vma_unlink(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct * prev) - { -diff -ur linux-2.4.28-gentoo-r4/kernel/ksyms.c linux-2.4.28-gentoo-r5/kernel/ksyms.c ---- linux-2.4.28-gentoo-r4/kernel/ksyms.c 2005-01-07 20:33:12.000000000 +0000 -+++ linux-2.4.28-gentoo-r5/kernel/ksyms.c 2005-01-07 20:20:32.000000000 +0000 -@@ -90,6 +90,7 @@ - EXPORT_SYMBOL(__do_mmap_pgoff); - EXPORT_SYMBOL(do_munmap); - EXPORT_SYMBOL(do_brk); -+EXPORT_SYMBOL(do_brk_locked); - EXPORT_SYMBOL(exit_mm); - EXPORT_SYMBOL(exit_files); - EXPORT_SYMBOL(exit_fs); -diff -ur linux-2.4.28-gentoo-r4/mm/mmap.c linux-2.4.28-gentoo-r5/mm/mmap.c ---- linux-2.4.28-gentoo-r4/mm/mmap.c 2005-01-07 20:33:12.000000000 +0000 -+++ linux-2.4.28-gentoo-r5/mm/mmap.c 2005-01-07 20:20:32.000000000 +0000 -@@ -1401,6 +1401,21 @@ - return addr; - } - -+/* locking version of do_brk. */ -+unsigned long do_brk_locked(unsigned long addr, unsigned long len) -+{ -+ unsigned long ret; -+ -+ down_write(¤t->mm->mmap_sem); -+ ret = do_brk(addr, len); -+ up_write(¤t->mm->mmap_sem); -+ -+ return ret; -+} -+ -+ -+ -+ - /* Build the RB tree corresponding to the VMA list. */ - void build_mmap_rb(struct mm_struct * mm) - { diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.cmdlineLeak.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.cmdlineLeak.patch deleted file mode 100644 index 5f26f7f388f6..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.cmdlineLeak.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- linux-2.4/fs/proc/base.c 2004-04-15 07:09:32.000000000 +0100 -+++ linux-2.4/fs/proc/base.c.plasmaroo 2004-08-09 23:30:43.869195800 +0100 -@@ -187,7 +187,7 @@ static int proc_pid_cmdline(struct task_ - if (mm) - atomic_inc(&mm->mm_users); - task_unlock(task); -- if (mm) { -+ if (mm && mm->arg_end) { - int len = mm->arg_end - mm->arg_start; - if (len > PAGE_SIZE) - len = PAGE_SIZE; diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.smbfs.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.smbfs.patch deleted file mode 100644 index 63c5ba30403f..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.smbfs.patch +++ /dev/null @@ -1,97 +0,0 @@ -diff -ur linux-2.4.27/fs/smbfs/proc.c linux-2.4.28/fs/smbfs/proc.c ---- linux-2.4.27/fs/smbfs/proc.c 2004-11-12 19:32:24.000000000 +0000 -+++ linux-2.4.28/fs/smbfs/proc.c 2004-11-19 20:18:27.000000000 +0000 -@@ -1289,10 +1289,12 @@ - data_len = WVAL(buf, 1); - - /* we can NOT simply trust the data_len given by the server ... */ -- if (data_len > server->packet_size - (buf+3 - server->packet)) { -- printk(KERN_ERR "smb_proc_read: invalid data length!! " -- "%d > %d - (%p - %p)\n", -- data_len, server->packet_size, buf+3, server->packet); -+ if (data_len > count || -+ (buf+3 - server->packet) + data_len > server->packet_size) { -+ printk(KERN_ERR "smb_proc_read: invalid data length/offset!! " -+ "%d > %d || (%p - %p) + %d > %d\n", -+ data_len, count, -+ buf+3, server->packet, data_len, server->packet_size); - result = -EIO; - goto out; - } -@@ -1378,10 +1380,12 @@ - buf = smb_base(server->packet) + data_off; - - /* we can NOT simply trust the info given by the server ... */ -- if (data_len > server->packet_size - (buf - server->packet)) { -- printk(KERN_ERR "smb_proc_read: invalid data length!! " -- "%d > %d - (%p - %p)\n", -- data_len, server->packet_size, buf, server->packet); -+ if (data_len > count || -+ (buf - server->packet) + data_len > server->packet_size) { -+ printk(KERN_ERR "smb_proc_readX: invalid data length/offset!! " -+ "%d > %d || (%p - %p) + %d > %d\n", -+ data_len, count, -+ buf, server->packet, data_len, server->packet_size); - result = -EIO; - goto out; - } -diff -ur linux-2.4.27/fs/smbfs/sock.c linux-2.4.28/fs/smbfs/sock.c ---- linux-2.4.27/fs/smbfs/sock.c 2004-11-12 19:32:24.000000000 +0000 -+++ linux-2.4.28/fs/smbfs/sock.c 2004-11-19 20:18:27.000000000 +0000 -@@ -571,7 +571,11 @@ - parm_disp, parm_offset, parm_count, - data_disp, data_offset, data_count); - *parm = base + parm_offset; -+ if (*parm - inbuf + parm_tot > server->packet_size) -+ goto out_bad_parm; - *data = base + data_offset; -+ if (*data - inbuf + data_tot > server->packet_size) -+ goto out_bad_data; - goto success; - } - -@@ -591,6 +595,8 @@ - rcv_buf = smb_vmalloc(buf_len); - if (!rcv_buf) - goto out_no_mem; -+ memset(rcv_buf, 0, buf_len); -+ - *parm = rcv_buf; - *data = rcv_buf + total_p; - } else if (data_tot > total_d || parm_tot > total_p) -@@ -598,8 +604,12 @@ - - if (parm_disp + parm_count > total_p) - goto out_bad_parm; -+ if (parm_offset + parm_count > server->packet_size) -+ goto out_bad_parm; - if (data_disp + data_count > total_d) - goto out_bad_data; -+ if (data_offset + data_count > server->packet_size) -+ goto out_bad_data; - memcpy(*parm + parm_disp, base + parm_offset, parm_count); - memcpy(*data + data_disp, base + data_offset, data_count); - -@@ -610,8 +620,11 @@ - * Check whether we've received all of the data. Note that - * we use the packet totals -- total lengths might shrink! - */ -- if (data_len >= data_tot && parm_len >= parm_tot) -+ if (data_len >= data_tot && parm_len >= parm_tot) { -+ data_len = data_tot; -+ parm_len = parm_tot; - break; -+ } - } - - /* -@@ -625,6 +638,9 @@ - server->packet = rcv_buf; - rcv_buf = inbuf; - } else { -+ if (parm_len + data_len > buf_len) -+ goto out_data_grew; -+ - PARANOIA("copying data, old size=%d, new size=%u\n", - server->packet_size, buf_len); - memcpy(inbuf, rcv_buf, parm_len + data_len); diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.vma.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.vma.patch deleted file mode 100644 index 2469dd5ab2c5..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.vma.patch +++ /dev/null @@ -1,246 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/12/17 21:45:58-02:00 chrisw@osdl.org -# [PATCH] Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). -# -# Backport of 2.6 fix to insert_vm_struct to make it return an error -# rather than BUG(). This eliminates a user triggerable BUG() when user -# created a large vma that overlapped with arg pages during exec (could be -# triggered with a.out on i386 and x86_64 and elf on ia64). -# -# Signed-off-by: Chris Wright <chrisw@osdl.org> -# -# ===== arch/ia64/ia32/binfmt_elf32.c 1.13 vs edited ===== -# -# arch/ia64/ia32/binfmt_elf32.c -# 2004/12/17 17:22:06-02:00 chrisw@osdl.org +16 -4 -# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). -# -# arch/ia64/mm/init.c -# 2004/12/17 15:25:47-02:00 chrisw@osdl.org +14 -2 -# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). -# -# arch/s390x/kernel/exec32.c -# 2004/12/17 15:32:42-02:00 chrisw@osdl.org +6 -2 -# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). This eliminates a user triggerable BUG() when user -# -# arch/x86_64/ia32/ia32_binfmt.c -# 2004/12/17 15:34:21-02:00 chrisw@osdl.org +6 -2 -# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). This eliminates a user triggerable BUG() when user -# -# fs/exec.c -# 2004/12/17 15:54:18-02:00 chrisw@osdl.org +6 -2 -# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). -# -# include/linux/mm.h -# 2004/12/16 20:38:37-02:00 chrisw@osdl.org +1 -1 -# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). This eliminates a user triggerable BUG() when user -# -# mm/mmap.c -# 2004/12/16 20:43:15-02:00 chrisw@osdl.org +3 -2 -# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). -# -diff -Nru a/arch/ia64/ia32/binfmt_elf32.c b/arch/ia64/ia32/binfmt_elf32.c ---- a/arch/ia64/ia32/binfmt_elf32.c 2004-12-19 07:39:49 -08:00 -+++ b/arch/ia64/ia32/binfmt_elf32.c 2004-12-19 07:39:49 -08:00 -@@ -95,7 +95,11 @@ - vma->vm_private_data = NULL; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -117,7 +121,11 @@ - vma->vm_private_data = NULL; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -164,7 +172,7 @@ - { - unsigned long stack_base; - struct vm_area_struct *mpnt; -- int i; -+ int i, ret; - - stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - -@@ -188,7 +196,11 @@ - mpnt->vm_pgoff = 0; - mpnt->vm_file = NULL; - mpnt->vm_private_data = 0; -- insert_vm_struct(current->mm, mpnt); -+ if ((ret = insert_vm_struct(current->mm, mpnt))) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -Nru a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c ---- a/arch/ia64/mm/init.c 2004-12-19 07:39:49 -08:00 -+++ b/arch/ia64/mm/init.c 2004-12-19 07:39:49 -08:00 -@@ -105,7 +105,13 @@ - vma->vm_pgoff = 0; - vma->vm_file = NULL; - vma->vm_private_data = NULL; -- insert_vm_struct(current->mm, vma); -+ down_write(¤t->mm->mmap_sem); -+ if (insert_vm_struct(current->mm, vma)) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return; -+ } -+ up_write(¤t->mm->mmap_sem); - } - - /* map NaT-page at address zero to speed up speculative dereferencing of NULL: */ -@@ -117,7 +123,13 @@ - vma->vm_end = PAGE_SIZE; - vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT); - vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO | VM_RESERVED; -- insert_vm_struct(current->mm, vma); -+ down_write(¤t->mm->mmap_sem); -+ if (insert_vm_struct(current->mm, vma)) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return; -+ } -+ up_write(¤t->mm->mmap_sem); - } - } - } -diff -Nru a/arch/s390x/kernel/exec32.c b/arch/s390x/kernel/exec32.c ---- a/arch/s390x/kernel/exec32.c 2004-12-19 07:39:49 -08:00 -+++ b/arch/s390x/kernel/exec32.c 2004-12-19 07:39:49 -08:00 -@@ -41,7 +41,7 @@ - { - unsigned long stack_base; - struct vm_area_struct *mpnt; -- int i; -+ int i, ret; - - stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - -@@ -65,7 +65,11 @@ - mpnt->vm_pgoff = 0; - mpnt->vm_file = NULL; - mpnt->vm_private_data = (void *) 0; -- insert_vm_struct(current->mm, mpnt); -+ if ((ret = insert_vm_struct(current->mm, mpnt))) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -Nru a/arch/x86_64/ia32/ia32_binfmt.c b/arch/x86_64/ia32/ia32_binfmt.c ---- a/arch/x86_64/ia32/ia32_binfmt.c 2004-12-19 07:39:49 -08:00 -+++ b/arch/x86_64/ia32/ia32_binfmt.c 2004-12-19 07:39:49 -08:00 -@@ -225,7 +225,7 @@ - { - unsigned long stack_base; - struct vm_area_struct *mpnt; -- int i; -+ int i, ret; - - stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - -@@ -250,7 +250,11 @@ - mpnt->vm_pgoff = 0; - mpnt->vm_file = NULL; - mpnt->vm_private_data = (void *) 0; -- insert_vm_struct(current->mm, mpnt); -+ if ((ret = insert_vm_struct(current->mm, mpnt))) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -Nru a/fs/exec.c b/fs/exec.c ---- a/fs/exec.c 2004-12-19 07:39:49 -08:00 -+++ b/fs/exec.c 2004-12-19 07:39:49 -08:00 -@@ -327,7 +327,7 @@ - { - unsigned long stack_base; - struct vm_area_struct *mpnt; -- int i; -+ int i, ret; - - stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - -@@ -387,7 +387,6 @@ - - down_write(¤t->mm->mmap_sem); - { -- struct vm_area_struct *vma; - mpnt->vm_mm = current->mm; - mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p; - mpnt->vm_end = STACK_TOP; -@@ -402,13 +401,11 @@ - mpnt->vm_pgoff = 0; - mpnt->vm_file = NULL; - mpnt->vm_private_data = (void *) 0; -- vma = find_vma(current->mm, mpnt->vm_start); -- if (vma) { -+ if ((ret = insert_vm_struct(current->mm, mpnt))) { - up_write(¤t->mm->mmap_sem); - kmem_cache_free(vm_area_cachep, mpnt); -- return -ENOMEM; -+ return ret; - } -- insert_vm_struct(current->mm, mpnt); - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -Nru a/include/linux/mm.h b/include/linux/mm.h ---- a/include/linux/mm.h 2004-12-19 07:39:49 -08:00 -+++ b/include/linux/mm.h 2004-12-19 07:39:49 -08:00 -@@ -548,7 +548,7 @@ - /* mmap.c */ - extern void lock_vma_mappings(struct vm_area_struct *); - extern void unlock_vma_mappings(struct vm_area_struct *); --extern void insert_vm_struct(struct mm_struct *, struct vm_area_struct *); -+extern int insert_vm_struct(struct mm_struct *, struct vm_area_struct *); - extern void __insert_vm_struct(struct mm_struct *, struct vm_area_struct *); - extern void build_mmap_rb(struct mm_struct *); - extern void exit_mmap(struct mm_struct *); -diff -Nru a/mm/mmap.c b/mm/mmap.c ---- a/mm/mmap.c 2004-12-19 07:39:49 -08:00 -+++ b/mm/mmap.c 2004-12-19 07:39:49 -08:00 -@@ -1193,14 +1193,15 @@ - validate_mm(mm); - } - --void insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) -+int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) - { - struct vm_area_struct * __vma, * prev; - rb_node_t ** rb_link, * rb_parent; - - __vma = find_vma_prepare(mm, vma->vm_start, &prev, &rb_link, &rb_parent); - if (__vma && __vma->vm_start < vma->vm_end) -- BUG(); -+ return -ENOMEM; - vma_link(mm, vma, prev, rb_link, rb_parent); - validate_mm(mm); -+ return 0; - } diff --git a/sys-kernel/usermode-sources/files/usermode-sources.AF_UNIX.patch b/sys-kernel/usermode-sources/files/usermode-sources.AF_UNIX.patch deleted file mode 100644 index 6ced78404a2d..000000000000 --- a/sys-kernel/usermode-sources/files/usermode-sources.AF_UNIX.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- linux-2.4.27/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00 -+++ linux-2.4.28/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00 -@@ -1403,9 +1403,11 @@ - - msg->msg_namelen = 0; - -+ down(&sk->protinfo.af_unix.readsem); -+ - skb = skb_recv_datagram(sk, flags, noblock, &err); - if (!skb) -- goto out; -+ goto out_unlock; - - wake_up_interruptible(&sk->protinfo.af_unix.peer_wait); - -@@ -1449,6 +1451,8 @@ - - out_free: - skb_free_datagram(sk,skb); -+out_unlock: -+ up(&sk->protinfo.af_unix.readsem); - out: - return err; - } diff --git a/sys-kernel/usermode-sources/usermode-sources-2.4.27.ebuild b/sys-kernel/usermode-sources/usermode-sources-2.4.27.ebuild deleted file mode 100644 index beb6c06da986..000000000000 --- a/sys-kernel/usermode-sources/usermode-sources-2.4.27.ebuild +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/usermode-sources-2.4.27.ebuild,v 1.1 2005/04/13 15:10:37 johnm Exp $ - -ETYPE="sources" -inherit kernel-2 -detect_version - -EXTRAVERSION="${EXTRAVERSION/usermode/uml1}" -KV_FULL="${KV_FULL/usermode/uml1}" - -UML_PATCH="uml-patch-${OKV}-1" - -DESCRIPTION="Full (vanilla) sources for the User Mode Linux kernel" -SRC_URI="${KERNEL_URI} mirror://sourceforge/user-mode-linux/${UML_PATCH}.bz2" -HOMEPAGE="http://www.kernel.org/ http://user-mode-linux.sourceforge.net" -LICENSE="GPL-2" -KEYWORDS="x86 -ppc" -RESTRICT="nomirror" - -UNIPATCH_LIST="${DISTDIR}/${UML_PATCH}.bz2 - ${FILESDIR}/${P}.CAN-2004-1295.patch - ${FILESDIR}/${PN}-2.4.cmdlineLeak.patch - ${FILESDIR}/${PN}-2.4.XDRWrapFix.patch - ${FILESDIR}/${PN}-2.4.binfmt_elf.patch - ${FILESDIR}/${PN}-2.4.smbfs.patch - ${FILESDIR}/${PN}-2.4.binfmt_a.out.patch - ${FILESDIR}/${PN}.AF_UNIX.patch - ${FILESDIR}/${PN}-2.4.vma.patch - ${FILESDIR}/${PN}-2.4.CAN-2004-1016.patch - ${FILESDIR}/${PN}-2.4.CAN-2004-1056.patch - ${FILESDIR}/${PN}-2.4.CAN-2004-1137.patch - ${FILESDIR}/${PN}-2.4.brk-locked.patch - ${FILESDIR}/${PN}-2.4.77094.patch - ${FILESDIR}/${PN}-2.4.77666.patch - ${FILESDIR}/${PN}-2.4.78362.patch - ${FILESDIR}/${PN}-2.4.78363.patch" - -K_EXTRAEINFO="Since you are using UML, you may want to read the Gentoo Linux -Developer's guide to system testing with User-Mode Linux that -can be fount at http://www.gentoo.org/doc/en/uml.xml" - -src_install() { - kernel-2_src_install - mkdir -p ${D}/usr/src/uml - mv ${D}/usr/src/linux-${KV_FULL} ${D}/usr/src/uml/ -} |