summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Yamin <plasmaroo@gentoo.org>2005-08-15 16:58:58 +0000
committerTim Yamin <plasmaroo@gentoo.org>2005-08-15 16:58:58 +0000
commitefd7269fb4219d958feb03cbb2212e0cfa364eb4 (patch)
tree1794fb1d210a0ebb5f77c57865c29faa0c8525c4 /sys-kernel/usermode-sources
parentRemoving win4lin-sources; in need of maintainer due to security issues and no... (diff)
downloadhistorical-efd7269fb4219d958feb03cbb2212e0cfa364eb4.tar.gz
historical-efd7269fb4219d958feb03cbb2212e0cfa364eb4.tar.bz2
historical-efd7269fb4219d958feb03cbb2212e0cfa364eb4.zip
Remove 2.4 due to open security issues and lack of a maintainer.
Package-Manager: portage-2.0.51.22-r2
Diffstat (limited to 'sys-kernel/usermode-sources')
-rw-r--r--sys-kernel/usermode-sources/ChangeLog26
-rw-r--r--sys-kernel/usermode-sources/files/digest-usermode-sources-2.4.272
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.26.CAN-2004-0394.patch11
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.27.CAN-2004-1295.patch29
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.77094.patch12
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.77666.patch44
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.78362.patch274
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.78363.patch29
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0495.patch655
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0535.patch12
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0685.patch83
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1016.patch75
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1056.patch321
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1137.patch59
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.FPULockup-53804.patch11
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.XDRWrapFix.patch48
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.binfmt_a.out.patch63
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.binfmt_elf.patch85
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.brk-locked.patch258
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.cmdlineLeak.patch11
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.smbfs.patch97
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources-2.4.vma.patch246
-rw-r--r--sys-kernel/usermode-sources/files/usermode-sources.AF_UNIX.patch24
-rw-r--r--sys-kernel/usermode-sources/usermode-sources-2.4.27.ebuild47
24 files changed, 25 insertions, 2497 deletions
diff --git a/sys-kernel/usermode-sources/ChangeLog b/sys-kernel/usermode-sources/ChangeLog
index f93c1d3730f3..2035a1117ac7 100644
--- a/sys-kernel/usermode-sources/ChangeLog
+++ b/sys-kernel/usermode-sources/ChangeLog
@@ -1,6 +1,30 @@
# ChangeLog for sys-kernel/usermode-sources
# Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/ChangeLog,v 1.69 2005/07/13 14:55:54 dsd Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/ChangeLog,v 1.70 2005/08/15 16:58:58 plasmaroo Exp $
+
+ 15 Aug 2005; <plasmaroo@gentoo.org> -usermode-sources-2.4.27.ebuild,
+ -files/usermode-sources-2.4.26.CAN-2004-0394.patch,
+ -files/usermode-sources-2.4.27.CAN-2004-1295.patch,
+ -files/usermode-sources-2.4.77094.patch,
+ -files/usermode-sources-2.4.77666.patch,
+ -files/usermode-sources-2.4.78362.patch,
+ -files/usermode-sources-2.4.78363.patch,
+ -files/usermode-sources-2.4.CAN-2004-0495.patch,
+ -files/usermode-sources-2.4.CAN-2004-0535.patch,
+ -files/usermode-sources-2.4.CAN-2004-0685.patch,
+ -files/usermode-sources-2.4.CAN-2004-1016.patch,
+ -files/usermode-sources-2.4.CAN-2004-1056.patch,
+ -files/usermode-sources-2.4.CAN-2004-1137.patch,
+ -files/usermode-sources-2.4.FPULockup-53804.patch,
+ -files/usermode-sources-2.4.XDRWrapFix.patch,
+ -files/usermode-sources-2.4.binfmt_a.out.patch,
+ -files/usermode-sources-2.4.binfmt_elf.patch,
+ -files/usermode-sources-2.4.brk-locked.patch,
+ -files/usermode-sources-2.4.cmdlineLeak.patch,
+ -files/usermode-sources-2.4.smbfs.patch,
+ -files/usermode-sources-2.4.vma.patch,
+ -files/usermode-sources.AF_UNIX.patch:
+ Remove 2.4 due to open security issues and lack of a maintainer.
*usermode-sources-2.6.12-r1 (13 Jul 2005)
diff --git a/sys-kernel/usermode-sources/files/digest-usermode-sources-2.4.27 b/sys-kernel/usermode-sources/files/digest-usermode-sources-2.4.27
deleted file mode 100644
index 776bed92577e..000000000000
--- a/sys-kernel/usermode-sources/files/digest-usermode-sources-2.4.27
+++ /dev/null
@@ -1,2 +0,0 @@
-MD5 59a2e6fde1d110e2ffa20351ac8b4d9e linux-2.4.27.tar.bz2 30898453
-MD5 63178bbd3a383a1005738f4628ff583e uml-patch-2.4.27-1.bz2 206975
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.26.CAN-2004-0394.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.26.CAN-2004-0394.patch
deleted file mode 100644
index 273f1a52046f..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.26.CAN-2004-0394.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- linux-2.4.22-oM3-orig/kernel/panic.c Tue Mar 30 15:37:18 2004
-+++ linux-2.4.22-oM3-mod/kernel/panic.c Mon May 17 18:44:01 2004
-@@ -51,7 +51,7 @@
-
- bust_spinlocks(1);
- va_start(args, fmt);
-- vsprintf(buf, fmt, args);
-+ vsnprintf(buf, sizeof(buf), fmt, args);
- va_end(args);
- printk(KERN_EMERG "Kernel panic: %s\n",buf);
- if (in_interrupt())
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.27.CAN-2004-1295.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.27.CAN-2004-1295.patch
deleted file mode 100644
index 816bebdf9c8b..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.27.CAN-2004-1295.patch
+++ /dev/null
@@ -1,29 +0,0 @@
---- linux-2.4.27-1um.old/arch/um/drivers/slip_user.c 2005-03-07 09:59:14.000000000 -0500
-+++ linux-2.4.27-1um.new/arch/um/drivers/slip_user.c 2005-03-07 11:55:25.000000000 -0500
-@@ -108,6 +108,9 @@
- err = -EINVAL;
- }
- }
-+
-+ os_close_file(fds[0]);
-+
- return(err);
- }
-
-@@ -128,6 +131,7 @@
- sfd = os_open_file(ptsname(mfd), of_rdwr(OPENFLAGS()), 0);
- if(sfd < 0){
- printk("Couldn't open tty for slip line, err = %d\n", -sfd);
-+ os_close_file(mfd);
- return(sfd);
- }
- if(set_up_tty(sfd)) return(-1);
-@@ -175,7 +179,7 @@
-
- sprintf(version_buf, "%d", UML_NET_VERSION);
-
-- err = slip_tramp(argv, -1);
-+ err = slip_tramp(argv, pri->slave);
-
- if(err != 0)
- printk("slip_tramp failed - errno = %d\n", -err);
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.77094.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.77094.patch
deleted file mode 100644
index cc3a1552c83d..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.77094.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ur linux-2.4.28/drivers/char/random.c linux-2.4.28.plasmaroo/drivers/char/random.c
---- linux-2.4.28/drivers/char/random.c 2004-11-17 11:54:21.000000000 +0000
-+++ linux-2.4.28.plasmaroo/drivers/char/random.c 2005-01-08 02:54:49.198635736 +0000
-@@ -1787,7 +1787,7 @@
- void *oldval, size_t *oldlenp,
- void *newval, size_t newlen, void **context)
- {
-- int len;
-+ size_t len;
-
- sysctl_poolsize = random_state->poolinfo.POOLBYTES;
-
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.77666.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.77666.patch
deleted file mode 100644
index 6b687788f912..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.77666.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-# This is a BitKeeper generated diff -Nru style patch.
-#
-# ChangeSet
-# 2005/01/12 09:14:50-02:00 marcelo.tosatti@cyclades.com
-# [PATCH] Fix expand_stack() SMP race
-#
-# Description: Fix expand_stack() SMP race
-#
-# Two threads sharing the same VMA can race in expand_stack, resulting in incorrect VMA
-# size accounting and possibly a "uncovered-by-VMA" pte leak.
-#
-# Fix is to check if the stack has already been expanded after acquiring a lock which
-# guarantees exclusivity (page_table_lock in v2.4 and vma_anon lock in v2.6).
-#
-# include/linux/mm.h
-# 2005/01/07 14:51:21-02:00 marcelo.tosatti@cyclades.com +10 -3
-# Fix expand_stack() SMP race
-#
-diff -Nru a/include/linux/mm.h b/include/linux/mm.h
---- a/include/linux/mm.h 2005-01-13 04:59:30 -08:00
-+++ b/include/linux/mm.h 2005-01-13 04:59:30 -08:00
-@@ -648,12 +648,19 @@
- unsigned long grow;
-
- /*
-- * vma->vm_start/vm_end cannot change under us because the caller is required
-- * to hold the mmap_sem in write mode. We need to get the spinlock only
-- * before relocating the vma range ourself.
-+ * vma->vm_start/vm_end cannot change under us because the caller
-+ * is required to hold the mmap_sem in read mode. We need the
-+ * page_table_lock lock to serialize against concurrent expand_stacks.
- */
- address &= PAGE_MASK;
- spin_lock(&vma->vm_mm->page_table_lock);
-+
-+ /* already expanded while we were spinning? */
-+ if (vma->vm_start <= address) {
-+ spin_unlock(&vma->vm_mm->page_table_lock);
-+ return 0;
-+ }
-+
- grow = (vma->vm_start - address) >> PAGE_SHIFT;
- if (vma->vm_end - address > current->rlim[RLIMIT_STACK].rlim_cur ||
- ((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > current->rlim[RLIMIT_AS].rlim_cur) {
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.78362.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.78362.patch
deleted file mode 100644
index a55aba8a0938..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.78362.patch
+++ /dev/null
@@ -1,274 +0,0 @@
-# This is a BitKeeper generated diff -Nru style patch.
-#
-# ChangeSet
-# 2004/12/08 13:33:08-08:00 davem@nuts.davemloft.net
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-# Signed-off-by: David S. Miller <davem@davemloft.net>
-#
-# arch/ia64/ia32/sys_ia32.c
-# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -4
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-# arch/mips64/kernel/linux32.c
-# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +7 -5
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-# arch/parisc/kernel/sys_parisc32.c
-# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -5
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-# arch/ppc64/kernel/sys_ppc32.c
-# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -5
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-# arch/s390x/kernel/linux32.c
-# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -5
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-# arch/sparc64/kernel/sys_sparc32.c
-# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -5
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-# arch/x86_64/ia32/socket32.c
-# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +2 -5
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-# include/asm-x86_64/socket32.h
-# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +5 -0
-# [NET]: CMSG compat code needs signedness fixes too.
-#
-# ChangeSet
-# 2004/12/15 09:25:31-02:00 marcelo@logos.cnet
-# [PATCH] Make sure VC resizing fits in s16
-#
-# Noted by George Guninski
-#
-# drivers/char/console.c
-# 2004/12/15 10:58:17-02:00 marcelo@logos.cnet +6 -0
-# Import patch vc-patch
-#
-diff -Nru a/arch/ia64/ia32/sys_ia32.c b/arch/ia64/ia32/sys_ia32.c
---- a/arch/ia64/ia32/sys_ia32.c 2005-02-15 11:50:28 -08:00
-+++ b/arch/ia64/ia32/sys_ia32.c 2005-02-15 11:50:28 -08:00
-@@ -1369,6 +1369,11 @@
- #define __CMSG32_FIRSTHDR(ctl,len) \
- ((len) >= sizeof(struct cmsghdr32) ? (struct cmsghdr32 *)(ctl) : (struct cmsghdr32 *)NULL)
- #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
-+ ((ucmlen) >= sizeof(struct cmsghdr) && \
-+ (ucmlen) <= (unsigned long) \
-+ ((mhdr)->msg_controllen - \
-+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
-
- static inline struct cmsghdr32 *
- __cmsg32_nxthdr (void *ctl, __kernel_size_t size, struct cmsghdr32 *cmsg, int cmsg_len)
-@@ -1429,10 +1434,7 @@
- return -EFAULT;
-
- /* Catch bogons. */
-- if (CMSG32_ALIGN(ucmlen) < CMSG32_ALIGN(sizeof(struct cmsghdr32)))
-- return -EINVAL;
-- if ((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control) + ucmlen)
-- > kmsg->msg_controllen)
-+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
- return -EINVAL;
-
- tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
-diff -Nru a/arch/mips64/kernel/linux32.c b/arch/mips64/kernel/linux32.c
---- a/arch/mips64/kernel/linux32.c 2005-02-15 11:50:28 -08:00
-+++ b/arch/mips64/kernel/linux32.c 2005-02-15 11:50:28 -08:00
-@@ -2483,6 +2483,12 @@
- (struct cmsghdr32 *)(ctl) : \
- (struct cmsghdr32 *)NULL)
- #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
-+ ((ucmlen) >= sizeof(struct cmsghdr) && \
-+ (ucmlen) <= (unsigned long) \
-+ ((mhdr)->msg_controllen - \
-+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
-+
-
- __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size,
- struct cmsghdr32 *__cmsg, int __cmsg_len)
-@@ -2623,11 +2629,7 @@
- return -EFAULT;
-
- /* Catch bogons. */
-- if(CMSG32_ALIGN(ucmlen) <
-- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
-- return -ENOBUFS;
-- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
-- + ucmlen) > kmsg->msg_controllen)
-+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
- return -EINVAL;
-
- tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
-diff -Nru a/arch/parisc/kernel/sys_parisc32.c b/arch/parisc/kernel/sys_parisc32.c
---- a/arch/parisc/kernel/sys_parisc32.c 2005-02-15 11:50:28 -08:00
-+++ b/arch/parisc/kernel/sys_parisc32.c 2005-02-15 11:50:28 -08:00
-@@ -1814,6 +1814,11 @@
- (struct cmsghdr32 *)(ctl) : \
- (struct cmsghdr32 *)NULL)
- #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
-+ ((ucmlen) >= sizeof(struct cmsghdr) && \
-+ (ucmlen) <= (unsigned long) \
-+ ((mhdr)->msg_controllen - \
-+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
-
- __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size,
- struct cmsghdr32 *__cmsg, int __cmsg_len)
-@@ -1940,11 +1945,7 @@
- return -EFAULT;
-
- /* Catch bogons. */
-- if(CMSG32_ALIGN(ucmlen) <
-- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
-- return -EINVAL;
-- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
-- + ucmlen) > kmsg->msg_controllen)
-+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
- return -EINVAL;
-
- tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
-diff -Nru a/arch/ppc64/kernel/sys_ppc32.c b/arch/ppc64/kernel/sys_ppc32.c
---- a/arch/ppc64/kernel/sys_ppc32.c 2005-02-15 11:50:28 -08:00
-+++ b/arch/ppc64/kernel/sys_ppc32.c 2005-02-15 11:50:28 -08:00
-@@ -3273,6 +3273,11 @@
- (struct cmsghdr32 *)(ctl) : \
- (struct cmsghdr32 *)NULL)
- #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
-+ ((ucmlen) >= sizeof(struct cmsghdr) && \
-+ (ucmlen) <= (unsigned long) \
-+ ((mhdr)->msg_controllen - \
-+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
-
- struct msghdr32
- {
-@@ -3448,11 +3453,7 @@
- return -EFAULT;
-
- /* Catch bogons. */
-- if(CMSG32_ALIGN(ucmlen) <
-- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
-- return -EINVAL;
-- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
-- + ucmlen) > kmsg->msg_controllen)
-+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
- return -EINVAL;
-
- tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
-diff -Nru a/arch/s390x/kernel/linux32.c b/arch/s390x/kernel/linux32.c
---- a/arch/s390x/kernel/linux32.c 2005-02-15 11:50:28 -08:00
-+++ b/arch/s390x/kernel/linux32.c 2005-02-15 11:50:28 -08:00
-@@ -2306,6 +2306,11 @@
- (struct cmsghdr32 *)(ctl) : \
- (struct cmsghdr32 *)NULL)
- #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
-+ ((ucmlen) >= sizeof(struct cmsghdr) && \
-+ (ucmlen) <= (unsigned long) \
-+ ((mhdr)->msg_controllen - \
-+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
-
- __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size,
- struct cmsghdr32 *__cmsg, int __cmsg_len)
-@@ -2432,11 +2437,7 @@
- return -EFAULT;
-
- /* Catch bogons. */
-- if(CMSG32_ALIGN(ucmlen) <
-- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
-- return -EINVAL;
-- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
-- + ucmlen) > kmsg->msg_controllen)
-+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
- return -EINVAL;
-
- tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
-diff -Nru a/arch/sparc64/kernel/sys_sparc32.c b/arch/sparc64/kernel/sys_sparc32.c
---- a/arch/sparc64/kernel/sys_sparc32.c 2005-02-15 11:50:28 -08:00
-+++ b/arch/sparc64/kernel/sys_sparc32.c 2005-02-15 11:50:28 -08:00
-@@ -2354,6 +2354,11 @@
- (struct cmsghdr32 *)(ctl) : \
- (struct cmsghdr32 *)NULL)
- #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
-+ ((ucmlen) >= sizeof(struct cmsghdr) && \
-+ (ucmlen) <= (unsigned long) \
-+ ((mhdr)->msg_controllen - \
-+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
-
- __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size,
- struct cmsghdr32 *__cmsg, int __cmsg_len)
-@@ -2480,11 +2485,7 @@
- return -EFAULT;
-
- /* Catch bogons. */
-- if(CMSG32_ALIGN(ucmlen) <
-- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
-- return -EINVAL;
-- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
-- + ucmlen) > kmsg->msg_controllen)
-+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
- return -EINVAL;
-
- tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
-diff -Nru a/arch/x86_64/ia32/socket32.c b/arch/x86_64/ia32/socket32.c
---- a/arch/x86_64/ia32/socket32.c 2005-02-15 11:50:28 -08:00
-+++ b/arch/x86_64/ia32/socket32.c 2005-02-15 11:50:28 -08:00
-@@ -136,12 +136,9 @@
- return -EFAULT;
-
- /* Catch bogons. */
-- if(CMSG32_ALIGN(ucmlen) <
-- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
-- return -EINVAL;
-- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
-- + ucmlen) > kmsg->msg_controllen)
-+ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
- return -EINVAL;
-+
- if (kmsg->msg_controllen > 65536)
- return -EINVAL;
-
-diff -Nru a/include/asm-x86_64/socket32.h b/include/asm-x86_64/socket32.h
---- a/include/asm-x86_64/socket32.h 2005-02-15 11:50:28 -08:00
-+++ b/include/asm-x86_64/socket32.h 2005-02-15 11:50:28 -08:00
-@@ -45,6 +45,11 @@
- (struct cmsghdr32 *)(ctl) : \
- (struct cmsghdr32 *)NULL)
- #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-+#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
-+ ((ucmlen) >= sizeof(struct cmsghdr) && \
-+ (ucmlen) <= (unsigned long) \
-+ ((mhdr)->msg_controllen - \
-+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
-
- __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size,
- struct cmsghdr32 *__cmsg, int __cmsg_len)
-diff -Nru a/drivers/char/console.c b/drivers/char/console.c
---- a/drivers/char/console.c 2005-02-15 11:52:04 -08:00
-+++ b/drivers/char/console.c 2005-02-15 11:52:04 -08:00
-@@ -705,6 +705,9 @@
- return 0;
- }
-
-+#define VC_RESIZE_MAXCOL (32767)
-+#define VC_RESIZE_MAXROW (32767)
-+
- /*
- * Change # of rows and columns (0 means unchanged/the size of fg_console)
- * [this is to be used together with some user program
-@@ -716,6 +719,9 @@
- unsigned int cc, ll, ss, sr, todo = 0;
- unsigned int currcons = fg_console, i;
- unsigned short *newscreens[MAX_NR_CONSOLES];
-+
-+ if (cols > VC_RESIZE_MAXCOL || lines > VC_RESIZE_MAXROW)
-+ return -EINVAL;
-
- cc = (cols ? cols : video_num_columns);
- ll = (lines ? lines : video_num_lines);
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.78363.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.78363.patch
deleted file mode 100644
index 852807ddc96f..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.78363.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-# This is a BitKeeper generated diff -Nru style patch.
-#
-# ChangeSet
-# 2004/12/08 12:39:15-08:00 davem@nuts.davemloft.net
-# [IPV4]: Do not leak IP options.
-#
-# If the user makes ip_cmsg_send call ip_options_get
-# multiple times, we leak kmalloced IP options data.
-#
-# Noticed by Georgi Guninski.
-#
-# Signed-off-by: David S. Miller <davem@davemloft.net>
-#
-# net/ipv4/ip_options.c
-# 2004/12/08 12:38:09-08:00 davem@nuts.davemloft.net +2 -0
-# [IPV4]: Do not leak IP options.
-#
-diff -Nru a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
---- a/net/ipv4/ip_options.c 2005-02-15 11:47:16 -08:00
-+++ b/net/ipv4/ip_options.c 2005-02-15 11:47:16 -08:00
-@@ -515,6 +515,8 @@
- kfree(opt);
- return -EINVAL;
- }
-+ if (*optp)
-+ kfree(*optp);
- *optp = opt;
- return 0;
- }
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0495.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0495.patch
deleted file mode 100644
index bea80eac69a9..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0495.patch
+++ /dev/null
@@ -1,655 +0,0 @@
---- linux/net/decnet/dn_dev.c.bak Wed Jun 16 14:42:24 2004
-+++ linux/net/decnet/dn_dev.c Wed Jun 16 14:42:34 2004
-@@ -1070,31 +1070,39 @@ int dnet_gifconf(struct net_device *dev,
- {
- struct dn_dev *dn_db = (struct dn_dev *)dev->dn_ptr;
- struct dn_ifaddr *ifa;
-- struct ifreq *ifr = (struct ifreq *)buf;
-+ char buffer[DN_IFREQ_SIZE];
-+ struct ifreq *ifr = (struct ifreq *)buffer;
-+ struct sockaddr_dn *addr = (struct sockaddr_dn *)&ifr->ifr_addr;
- int done = 0;
-
- if ((dn_db == NULL) || ((ifa = dn_db->ifa_list) == NULL))
- return 0;
-
- for(; ifa; ifa = ifa->ifa_next) {
-- if (!ifr) {
-+ if (!buf) {
- done += sizeof(DN_IFREQ_SIZE);
- continue;
- }
- if (len < DN_IFREQ_SIZE)
- return done;
-- memset(ifr, 0, DN_IFREQ_SIZE);
-+ memset(buffer, 0, DN_IFREQ_SIZE);
-
- if (ifa->ifa_label)
- strcpy(ifr->ifr_name, ifa->ifa_label);
- else
- strcpy(ifr->ifr_name, dev->name);
-
-- (*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_family = AF_DECnet;
-- (*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_add.a_len = 2;
-- (*(dn_address *)(*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_add.a_addr) = ifa->ifa_local;
-+ addr->sdn_family = AF_DECnet;
-+ addr->sdn_add.a_len = 2;
-+ memcpy(addr->sdn_add.a_addr, &ifa->ifa_local,
-+ sizeof(dn_address));
-
-- ifr = (struct ifreq *)((char *)ifr + DN_IFREQ_SIZE);
-+ if (copy_to_user(buf, buffer, DN_IFREQ_SIZE)) {
-+ done = -EFAULT;
-+ break;
-+ }
-+
-+ buf += DN_IFREQ_SIZE;
- len -= DN_IFREQ_SIZE;
- done += DN_IFREQ_SIZE;
- }
---- linux-2.4.21/drivers/net/wireless/airo.c 2003-06-13 15:51:35.000000000 +0100
-+++ linux-2.4.21/drivers/net/wireless/airo.c.plasmaroo 2004-06-24 11:09:08.260352168 +0100
-@@ -3012,19 +3012,22 @@
- size_t len,
- loff_t *offset )
- {
-- int i;
-- int pos;
-+ loff_t pos = *offset;
- struct proc_data *priv = (struct proc_data*)file->private_data;
-
-- if( !priv->rbuffer ) return -EINVAL;
-+ if (!priv->rbuffer)
-+ return -EINVAL;
-
-- pos = *offset;
-- for( i = 0; i+pos < priv->readlen && i < len; i++ ) {
-- if (put_user( priv->rbuffer[i+pos], buffer+i ))
-- return -EFAULT;
-- }
-- *offset += i;
-- return i;
-+ if (pos < 0)
-+ return -EINVAL;
-+ if (pos >= priv->readlen)
-+ return 0;
-+ if (len > priv->readlen - pos)
-+ len = priv->readlen - pos;
-+ if (copy_to_user(buffer, priv->rbuffer + pos, len))
-+ return -EFAULT;
-+ *offset = pos + len;
-+ return len;
- }
-
- /*
-@@ -3036,24 +3039,24 @@
- size_t len,
- loff_t *offset )
- {
-- int i;
-- int pos;
-+ loff_t pos = *offset;
- struct proc_data *priv = (struct proc_data*)file->private_data;
-
-- if ( !priv->wbuffer ) {
-+ if (!priv->wbuffer)
- return -EINVAL;
-- }
--
-- pos = *offset;
-
-- for( i = 0; i + pos < priv->maxwritelen &&
-- i < len; i++ ) {
-- if (get_user( priv->wbuffer[i+pos], buffer + i ))
-- return -EFAULT;
-- }
-- if ( i+pos > priv->writelen ) priv->writelen = i+file->f_pos;
-- *offset += i;
-- return i;
-+ if (pos < 0)
-+ return -EINVAL;
-+ if (pos >= priv->maxwritelen)
-+ return 0;
-+ if (len > priv->maxwritelen - pos)
-+ len = priv->maxwritelen - pos;
-+ if (copy_from_user(priv->wbuffer + pos, buffer, len))
-+ return -EFAULT;
-+ if (pos + len > priv->writelen)
-+ priv->writelen = pos + len;
-+ *offset = pos + len;
-+ return len;
- }
-
- static int proc_status_open( struct inode *inode, struct file *file ) {
---- linux/drivers/sound/mpu401.c.bak Wed Jun 16 14:42:24 2004
-+++ linux/drivers/sound/mpu401.c Wed Jun 16 14:42:34 2004
-@@ -1493,14 +1493,16 @@ static unsigned long mpu_timer_get_time(
- static int mpu_timer_ioctl(int dev, unsigned int command, caddr_t arg)
- {
- int midi_dev = sound_timer_devs[dev]->devlink;
-+ int *p = (int *)arg;
-
- switch (command)
- {
- case SNDCTL_TMR_SOURCE:
- {
- int parm;
--
-- parm = *(int *) arg;
-+
-+ if (get_user(parm, p))
-+ return -EFAULT;
- parm &= timer_caps;
-
- if (parm != 0)
-@@ -1512,7 +1514,9 @@ static int mpu_timer_ioctl(int dev, unsi
- else if (timer_mode & TMR_MODE_SMPTE)
- mpu_cmd(midi_dev, 0x3d, 0); /* Use SMPTE sync */
- }
-- return (*(int *) arg = timer_mode);
-+ if (put_user(timer_mode, p))
-+ return -EFAULT;
-+ return timer_mode;
- }
- break;
-
-@@ -1537,10 +1541,13 @@ static int mpu_timer_ioctl(int dev, unsi
- {
- int val;
-
-- val = *(int *) arg;
-+ if (get_user(val, p))
-+ return -EFAULT;
- if (val)
- set_timebase(midi_dev, val);
-- return (*(int *) arg = curr_timebase);
-+ if (put_user(curr_timebase, p))
-+ return -EFAULT;
-+ return curr_timebase;
- }
- break;
-
-@@ -1549,7 +1556,8 @@ static int mpu_timer_ioctl(int dev, unsi
- int val;
- int ret;
-
-- val = *(int *) arg;
-+ if (get_user(val, p))
-+ return -EFAULT;
-
- if (val)
- {
-@@ -1564,7 +1572,9 @@ static int mpu_timer_ioctl(int dev, unsi
- }
- curr_tempo = val;
- }
-- return (*(int *) arg = curr_tempo);
-+ if (put_user(curr_tempo, p))
-+ return -EFAULT;
-+ return curr_tempo;
- }
- break;
-
-@@ -1572,18 +1582,25 @@ static int mpu_timer_ioctl(int dev, unsi
- {
- int val;
-
-- val = *(int *) arg;
-+ if (get_user(val, p))
-+ return -EFAULT;
- if (val != 0) /* Can't change */
- return -EINVAL;
-- return (*(int *) arg = ((curr_tempo * curr_timebase) + 30) / 60);
-+ val = (curr_tempo * curr_timebase + 30) / 60;
-+ if (put_user(val, p))
-+ return -EFAULT;
-+ return val;
- }
- break;
-
- case SNDCTL_SEQ_GETTIME:
-- return (*(int *) arg = curr_ticks);
-+ if (put_user(curr_ticks, p))
-+ return -EFAULT;
-+ return curr_ticks;
-
- case SNDCTL_TMR_METRONOME:
-- metronome_mode = *(int *) arg;
-+ if (get_user(metronome_mode, p))
-+ return -EFAULT;
- setup_metronome(midi_dev);
- return 0;
-
---- linux/drivers/sound/msnd.c.bak Wed Jun 16 14:42:24 2004
-+++ linux/drivers/sound/msnd.c Wed Jun 16 14:42:34 2004
-@@ -155,13 +155,10 @@ void msnd_fifo_make_empty(msnd_fifo *f)
- f->len = f->tail = f->head = 0;
- }
-
--int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len, int user)
-+int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len)
- {
- int count = 0;
-
-- if (f->len == f->n)
-- return 0;
--
- while ((count < len) && (f->len != f->n)) {
-
- int nwritten;
-@@ -177,11 +174,7 @@ int msnd_fifo_write(msnd_fifo *f, const
- nwritten = len - count;
- }
-
-- if (user) {
-- if (copy_from_user(f->data + f->tail, buf, nwritten))
-- return -EFAULT;
-- } else
-- isa_memcpy_fromio(f->data + f->tail, (unsigned long) buf, nwritten);
-+ isa_memcpy_fromio(f->data + f->tail, (unsigned long) buf, nwritten);
-
- count += nwritten;
- buf += nwritten;
-@@ -193,13 +186,10 @@ int msnd_fifo_write(msnd_fifo *f, const
- return count;
- }
-
--int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len, int user)
-+int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len)
- {
- int count = 0;
-
-- if (f->len == 0)
-- return f->len;
--
- while ((count < len) && (f->len > 0)) {
-
- int nread;
-@@ -215,11 +205,7 @@ int msnd_fifo_read(msnd_fifo *f, char *b
- nread = len - count;
- }
-
-- if (user) {
-- if (copy_to_user(buf, f->data + f->head, nread))
-- return -EFAULT;
-- } else
-- isa_memcpy_toio((unsigned long) buf, f->data + f->head, nread);
-+ isa_memcpy_toio((unsigned long) buf, f->data + f->head, nread);
-
- count += nread;
- buf += nread;
---- linux/drivers/sound/msnd.h.bak Wed Jun 16 14:42:24 2004
-+++ linux/drivers/sound/msnd.h Wed Jun 16 14:42:34 2004
-@@ -266,8 +266,8 @@ void msnd_fifo_init(msnd_fifo *f);
- void msnd_fifo_free(msnd_fifo *f);
- int msnd_fifo_alloc(msnd_fifo *f, size_t n);
- void msnd_fifo_make_empty(msnd_fifo *f);
--int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len, int user);
--int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len, int user);
-+int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len);
-+int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len);
-
- int msnd_wait_TXDE(multisound_dev_t *dev);
- int msnd_wait_HC0(multisound_dev_t *dev);
---- linux/drivers/sound/msnd_pinnacle.c.bak Wed Jun 16 14:42:24 2004
-+++ linux/drivers/sound/msnd_pinnacle.c Wed Jun 16 14:42:34 2004
-@@ -804,7 +804,7 @@ static int dev_release(struct inode *ino
-
- static __inline__ int pack_DARQ_to_DARF(register int bank)
- {
-- register int size, n, timeout = 3;
-+ register int size, timeout = 3;
- register WORD wTmp;
- LPDAQD DAQD;
-
-@@ -825,13 +825,10 @@ static __inline__ int pack_DARQ_to_DARF(
- /* Read data from the head (unprotected bank 1 access okay
- since this is only called inside an interrupt) */
- outb(HPBLKSEL_1, dev.io + HP_BLKS);
-- if ((n = msnd_fifo_write(
-+ msnd_fifo_write(
- &dev.DARF,
- (char *)(dev.base + bank * DAR_BUFF_SIZE),
-- size, 0)) <= 0) {
-- outb(HPBLKSEL_0, dev.io + HP_BLKS);
-- return n;
-- }
-+ size);
- outb(HPBLKSEL_0, dev.io + HP_BLKS);
-
- return 1;
-@@ -853,21 +850,16 @@ static __inline__ int pack_DAPF_to_DAPQ(
- if (protect) {
- /* Critical section: protect fifo in non-interrupt */
- spin_lock_irqsave(&dev.lock, flags);
-- if ((n = msnd_fifo_read(
-+ n = msnd_fifo_read(
- &dev.DAPF,
- (char *)(dev.base + bank_num * DAP_BUFF_SIZE),
-- DAP_BUFF_SIZE, 0)) < 0) {
-- spin_unlock_irqrestore(&dev.lock, flags);
-- return n;
-- }
-+ DAP_BUFF_SIZE);
- spin_unlock_irqrestore(&dev.lock, flags);
- } else {
-- if ((n = msnd_fifo_read(
-+ n = msnd_fifo_read(
- &dev.DAPF,
- (char *)(dev.base + bank_num * DAP_BUFF_SIZE),
-- DAP_BUFF_SIZE, 0)) < 0) {
-- return n;
-- }
-+ DAP_BUFF_SIZE);
- }
- if (!n)
- break;
-@@ -894,30 +886,43 @@ static __inline__ int pack_DAPF_to_DAPQ(
- static int dsp_read(char *buf, size_t len)
- {
- int count = len;
-+ char *page = (char *)__get_free_page(PAGE_SIZE);
-+
-+ if (!page)
-+ return -ENOMEM;
-
- while (count > 0) {
-- int n;
-+ int n, k;
- unsigned long flags;
-
-+ k = PAGE_SIZE;
-+ if (k > count)
-+ k = count;
-+
- /* Critical section: protect fifo in non-interrupt */
- spin_lock_irqsave(&dev.lock, flags);
-- if ((n = msnd_fifo_read(&dev.DARF, buf, count, 1)) < 0) {
-- printk(KERN_WARNING LOGNAME ": FIFO read error\n");
-- spin_unlock_irqrestore(&dev.lock, flags);
-- return n;
-- }
-+ n = msnd_fifo_read(&dev.DARF, page, k);
- spin_unlock_irqrestore(&dev.lock, flags);
-+ if (copy_to_user(buf, page, n)) {
-+ free_page((unsigned long)page);
-+ return -EFAULT;
-+ }
- buf += n;
- count -= n;
-
-+ if (n == k && count)
-+ continue;
-+
- if (!test_bit(F_READING, &dev.flags) && dev.mode & FMODE_READ) {
- dev.last_recbank = -1;
- if (chk_send_dsp_cmd(&dev, HDEX_RECORD_START) == 0)
- set_bit(F_READING, &dev.flags);
- }
-
-- if (dev.rec_ndelay)
-+ if (dev.rec_ndelay) {
-+ free_page((unsigned long)page);
- return count == len ? -EAGAIN : len - count;
-+ }
-
- if (count > 0) {
- set_bit(F_READBLOCK, &dev.flags);
-@@ -926,41 +931,57 @@ static int dsp_read(char *buf, size_t le
- get_rec_delay_jiffies(DAR_BUFF_SIZE)))
- clear_bit(F_READING, &dev.flags);
- clear_bit(F_READBLOCK, &dev.flags);
-- if (signal_pending(current))
-+ if (signal_pending(current)) {
-+ free_page((unsigned long)page);
- return -EINTR;
-+ }
- }
- }
--
-+ free_page((unsigned long)page);
- return len - count;
- }
-
- static int dsp_write(const char *buf, size_t len)
- {
- int count = len;
-+ char *page = (char *)__get_free_page(GFP_KERNEL);
-+
-+ if (!page)
-+ return -ENOMEM;
-
- while (count > 0) {
-- int n;
-+ int n, k;
- unsigned long flags;
-
-+ k = PAGE_SIZE;
-+ if (k > count)
-+ k = count;
-+
-+ if (copy_from_user(page, buf, k)) {
-+ free_page((unsigned long)page);
-+ return -EFAULT;
-+ }
-+
- /* Critical section: protect fifo in non-interrupt */
- spin_lock_irqsave(&dev.lock, flags);
-- if ((n = msnd_fifo_write(&dev.DAPF, buf, count, 1)) < 0) {
-- printk(KERN_WARNING LOGNAME ": FIFO write error\n");
-- spin_unlock_irqrestore(&dev.lock, flags);
-- return n;
-- }
-+ n = msnd_fifo_write(&dev.DAPF, page, k);
- spin_unlock_irqrestore(&dev.lock, flags);
- buf += n;
- count -= n;
-
-+ if (count && n == k)
-+ continue;
-+
- if (!test_bit(F_WRITING, &dev.flags) && (dev.mode & FMODE_WRITE)) {
- dev.last_playbank = -1;
- if (pack_DAPF_to_DAPQ(1) > 0)
- set_bit(F_WRITING, &dev.flags);
- }
-
-- if (dev.play_ndelay)
-+ if (dev.play_ndelay) {
-+ free_page((unsigned long)page);
- return count == len ? -EAGAIN : len - count;
-+ }
-
- if (count > 0) {
- set_bit(F_WRITEBLOCK, &dev.flags);
-@@ -968,11 +989,14 @@ static int dsp_write(const char *buf, si
- &dev.writeblock,
- get_play_delay_jiffies(DAP_BUFF_SIZE));
- clear_bit(F_WRITEBLOCK, &dev.flags);
-- if (signal_pending(current))
-+ if (signal_pending(current)) {
-+ free_page((unsigned long)page);
- return -EINTR;
-+ }
- }
- }
-
-+ free_page((unsigned long)page);
- return len - count;
- }
-
---- linux/drivers/sound/pss.c.bak Wed Jun 16 14:42:24 2004
-+++ linux/drivers/sound/pss.c Wed Jun 16 14:42:34 2004
-@@ -450,20 +450,36 @@ static void pss_mixer_reset(pss_confdata
- }
- }
-
--static void arg_to_volume_mono(unsigned int volume, int *aleft)
-+static int set_volume_mono(caddr_t p, int *aleft)
- {
- int left;
-+ unsigned volume;
-+ if (get_user(volume, (unsigned *)p))
-+ return -EFAULT;
-
-- left = volume & 0x00ff;
-+ left = volume & 0xff;
- if (left > 100)
- left = 100;
- *aleft = left;
-+ return 0;
- }
-
--static void arg_to_volume_stereo(unsigned int volume, int *aleft, int *aright)
-+static int set_volume_stereo(caddr_t p, int *aleft, int *aright)
- {
-- arg_to_volume_mono(volume, aleft);
-- arg_to_volume_mono(volume >> 8, aright);
-+ int left, right;
-+ unsigned volume;
-+ if (get_user(volume, (unsigned *)p))
-+ return -EFAULT;
-+
-+ left = volume & 0xff;
-+ if (left > 100)
-+ left = 100;
-+ right = (volume >> 8) & 0xff;
-+ if (right > 100)
-+ right = 100;
-+ *aleft = left;
-+ *aright = right;
-+ return 0;
- }
-
- static int ret_vol_mono(int left)
-@@ -510,33 +526,38 @@ static int pss_mixer_ioctl (int dev, uns
- return call_ad_mixer(devc, cmd, arg);
- else
- {
-- if (*(int *)arg != 0)
-+ int v;
-+ if (get_user(v, (int *)arg))
-+ return -EFAULT;
-+ if (v != 0)
- return -EINVAL;
- return 0;
- }
- case SOUND_MIXER_VOLUME:
-- arg_to_volume_stereo(*(unsigned int *)arg, &devc->mixer.volume_l,
-- &devc->mixer.volume_r);
-+ if (set_volume_stereo(arg,
-+ &devc->mixer.volume_l,
-+ &devc->mixer.volume_r))
-+ return -EFAULT;
- set_master_volume(devc, devc->mixer.volume_l,
- devc->mixer.volume_r);
- return ret_vol_stereo(devc->mixer.volume_l,
- devc->mixer.volume_r);
-
- case SOUND_MIXER_BASS:
-- arg_to_volume_mono(*(unsigned int *)arg,
-- &devc->mixer.bass);
-+ if (set_volume_mono(arg, &devc->mixer.bass))
-+ return -EFAULT;
- set_bass(devc, devc->mixer.bass);
- return ret_vol_mono(devc->mixer.bass);
-
- case SOUND_MIXER_TREBLE:
-- arg_to_volume_mono(*(unsigned int *)arg,
-- &devc->mixer.treble);
-+ if (set_volume_mono(arg, &devc->mixer.treble))
-+ return -EFAULT;
- set_treble(devc, devc->mixer.treble);
- return ret_vol_mono(devc->mixer.treble);
-
- case SOUND_MIXER_SYNTH:
-- arg_to_volume_mono(*(unsigned int *)arg,
-- &devc->mixer.synth);
-+ if (set_volume_mono(arg, &devc->mixer.synth))
-+ return -EFAULT;
- set_synth_volume(devc, devc->mixer.synth);
- return ret_vol_mono(devc->mixer.synth);
-
-@@ -546,54 +567,67 @@ static int pss_mixer_ioctl (int dev, uns
- }
- else
- {
-+ int val, and_mask = 0, or_mask = 0;
- /*
- * Return parameters
- */
- switch (cmdf)
- {
--
- case SOUND_MIXER_DEVMASK:
- if (call_ad_mixer(devc, cmd, arg) == -EINVAL)
-- *(int *)arg = 0; /* no mixer devices */
-- return (*(int *)arg |= SOUND_MASK_VOLUME | SOUND_MASK_BASS | SOUND_MASK_TREBLE | SOUND_MASK_SYNTH);
-+ break;
-+ and_mask = ~0;
-+ or_mask = SOUND_MASK_VOLUME | SOUND_MASK_BASS | SOUND_MASK_TREBLE | SOUND_MASK_SYNTH;
-+ break;
-
- case SOUND_MIXER_STEREODEVS:
- if (call_ad_mixer(devc, cmd, arg) == -EINVAL)
-- *(int *)arg = 0; /* no stereo devices */
-- return (*(int *)arg |= SOUND_MASK_VOLUME);
-+ break;
-+ and_mask = ~0;
-+ or_mask = SOUND_MASK_VOLUME;
-+ break;
-
- case SOUND_MIXER_RECMASK:
- if (devc->ad_mixer_dev != NO_WSS_MIXER)
- return call_ad_mixer(devc, cmd, arg);
-- else
-- return (*(int *)arg = 0); /* no record devices */
-+ break;
-
- case SOUND_MIXER_CAPS:
- if (devc->ad_mixer_dev != NO_WSS_MIXER)
- return call_ad_mixer(devc, cmd, arg);
-- else
-- return (*(int *)arg = SOUND_CAP_EXCL_INPUT);
-+ or_mask = SOUND_CAP_EXCL_INPUT;
-+ break;
-
- case SOUND_MIXER_RECSRC:
- if (devc->ad_mixer_dev != NO_WSS_MIXER)
- return call_ad_mixer(devc, cmd, arg);
-- else
-- return (*(int *)arg = 0); /* no record source */
-+ break;
-
- case SOUND_MIXER_VOLUME:
-- return (*(int *)arg = ret_vol_stereo(devc->mixer.volume_l, devc->mixer.volume_r));
-+ or_mask = ret_vol_stereo(devc->mixer.volume_l, devc->mixer.volume_r);
-+ break;
-
- case SOUND_MIXER_BASS:
-- return (*(int *)arg = ret_vol_mono(devc->mixer.bass));
-+ or_mask = ret_vol_mono(devc->mixer.bass);
-+ break;
-
- case SOUND_MIXER_TREBLE:
-- return (*(int *)arg = ret_vol_mono(devc->mixer.treble));
-+ or_mask = ret_vol_mono(devc->mixer.treble);
-+ break;
-
- case SOUND_MIXER_SYNTH:
-- return (*(int *)arg = ret_vol_mono(devc->mixer.synth));
-+ or_mask = ret_vol_mono(devc->mixer.synth);
-+ break;
- default:
- return -EINVAL;
- }
-+ if (get_user(val, (int *)arg))
-+ return -EFAULT;
-+ val &= and_mask;
-+ val |= or_mask;
-+ if (put_user(val, (int *)arg))
-+ return -EFAULT;
-+ return val;
- }
- }
-
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0535.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0535.patch
deleted file mode 100644
index 669fc5fd32fb..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0535.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- drivers/net/e1000/e1000_ethtool.c 2003-06-13 15:51:34.000000000 +0100
-+++ drivers/net/e1000/e1000_ethtool.c.plasmaroo 2004-06-24 11:23:32.524963976 +0100
-@@ -468,6 +468,9 @@
-
- if(copy_from_user(&regs, addr, sizeof(regs)))
- return -EFAULT;
-+ memset(regs_buff, 0, sizeof(regs_buff));
-+ if (regs.len > E1000_REGS_LEN)
-+ regs.len = E1000_REGS_LEN;
- e1000_ethtool_gregs(adapter, &regs, regs_buff);
- if(copy_to_user(addr, &regs, sizeof(regs)))
- return -EFAULT;
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0685.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0685.patch
deleted file mode 100644
index d1be834cc8a5..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-0685.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-# This is a BitKeeper generated diff -Nru style patch.
-#
-# ChangeSet
-# 2004/07/26 19:14:16-03:00 mjc@redhat.com
-# [PATCH] USB: more sparse fixes
-#
-# Back in October 2003 Arnaldo commited some fixes prior to 2.6 for some leaking info to userspace in the
-# usb drivers:
-# http://linux.bkbits.net:8080/linux-2.6/cset@3f986b35LyBKc-OxB8G6k22oOjgYTQ
-#
-# The corresponding changes have not been commited to 2.4, or included in
-# the previous sparse fixes.
-#
-# drivers/usb/audio.c
-# 2004/07/15 08:46:52-03:00 mjc@redhat.com +4 -0
-# USB: more sparse fixes
-#
-# drivers/usb/brlvger.c
-# 2004/07/15 08:47:27-03:00 mjc@redhat.com +1 -0
-# USB: more sparse fixes
-#
-# drivers/usb/serial/io_edgeport.c
-# 2004/07/15 08:48:06-03:00 mjc@redhat.com +1 -0
-# USB: more sparse fixes
-#
-# drivers/usb/vicam.c
-# 2004/07/15 08:47:13-03:00 mjc@redhat.com +1 -0
-# USB: more sparse fixes
-#
-diff -Nru a/drivers/usb/audio.c b/drivers/usb/audio.c
---- a/drivers/usb/audio.c 2004-08-08 07:41:30 -07:00
-+++ b/drivers/usb/audio.c 2004-08-08 07:41:30 -07:00
-@@ -2141,6 +2141,8 @@
-
- if (cmd == SOUND_MIXER_INFO) {
- mixer_info info;
-+
-+ memset(&info, 0, sizeof(info));
- strncpy(info.id, "USB_AUDIO", sizeof(info.id));
- strncpy(info.name, "USB Audio Class Driver", sizeof(info.name));
- info.modify_counter = ms->modcnt;
-@@ -2150,6 +2152,8 @@
- }
- if (cmd == SOUND_OLD_MIXER_INFO) {
- _old_mixer_info info;
-+
-+ memset(&info, 0, sizeof(info));
- strncpy(info.id, "USB_AUDIO", sizeof(info.id));
- strncpy(info.name, "USB Audio Class Driver", sizeof(info.name));
- if (copy_to_user((void *)arg, &info, sizeof(info)))
-diff -Nru a/drivers/usb/brlvger.c b/drivers/usb/brlvger.c
---- a/drivers/usb/brlvger.c 2004-08-08 07:41:30 -07:00
-+++ b/drivers/usb/brlvger.c 2004-08-08 07:41:30 -07:00
-@@ -743,6 +743,7 @@
- case BRLVGER_GET_INFO: {
- struct brlvger_info vi;
-
-+ memset(&vi, 0, sizeof(vi));
- strncpy(vi.driver_version, DRIVER_VERSION,
- sizeof(vi.driver_version));
- vi.driver_version[sizeof(vi.driver_version)-1] = 0;
-diff -Nru a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c
---- a/drivers/usb/serial/io_edgeport.c 2004-08-08 07:41:30 -07:00
-+++ b/drivers/usb/serial/io_edgeport.c 2004-08-08 07:41:30 -07:00
-@@ -1913,6 +1913,7 @@
-
- case TIOCGICOUNT:
- cnow = edge_port->icount;
-+ memset(&icount, 0, sizeof(icount));
- icount.cts = cnow.cts;
- icount.dsr = cnow.dsr;
- icount.rng = cnow.rng;
-diff -Nru a/drivers/usb/vicam.c b/drivers/usb/vicam.c
---- a/drivers/usb/vicam.c 2004-08-08 07:41:30 -07:00
-+++ b/drivers/usb/vicam.c 2004-08-08 07:41:30 -07:00
-@@ -481,6 +481,7 @@
- struct video_capability b;
-
- DBG("VIDIOCGCAP\n");
-+ memset(&b, 0, sizeof(b));
- strcpy(b.name, "ViCam-based Camera");
- b.type = VID_TYPE_CAPTURE;
- b.channels = 1;
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1016.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1016.patch
deleted file mode 100644
index aa25ac95ed61..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1016.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-===== include/linux/socket.h 1.12 vs edited =====
---- 1.12/include/linux/socket.h 2004-09-09 06:40:01 +10:00
-+++ edited/include/linux/socket.h 2004-11-27 11:53:40 +11:00
-@@ -90,6 +90,10 @@
- (struct cmsghdr *)(ctl) : \
- (struct cmsghdr *)NULL)
- #define CMSG_FIRSTHDR(msg) __CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-+#define CMSG_OK(mhdr, cmsg) ((cmsg)->cmsg_len >= sizeof(struct cmsghdr) && \
-+ (cmsg)->cmsg_len <= (unsigned long) \
-+ ((mhdr)->msg_controllen - \
-+ ((char *)(cmsg) - (char *)(mhdr)->msg_control)))
-
- /*
- * This mess will go away with glibc
-===== net/core/scm.c 1.10 vs edited =====
---- 1.10/net/core/scm.c 2004-05-31 05:08:14 +10:00
-+++ edited/net/core/scm.c 2004-11-27 11:48:55 +11:00
-@@ -127,9 +127,7 @@
- for too short ancillary data object at all! Oops.
- OK, let's add it...
- */
-- if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
-- (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
-- + cmsg->cmsg_len) > msg->msg_controllen)
-+ if (!CMSG_OK(msg, cmsg))
- goto error;
-
- if (cmsg->cmsg_level != SOL_SOCKET)
-===== net/ipv4/ip_sockglue.c 1.26 vs edited =====
---- 1.26/net/ipv4/ip_sockglue.c 2004-07-01 06:10:53 +10:00
-+++ edited/net/ipv4/ip_sockglue.c 2004-11-27 11:49:45 +11:00
-@@ -146,11 +146,8 @@
- struct cmsghdr *cmsg;
-
- for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
-- if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
-- (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
-- + cmsg->cmsg_len) > msg->msg_controllen) {
-+ if (!CMSG_OK(msg, cmsg))
- return -EINVAL;
-- }
- if (cmsg->cmsg_level != SOL_IP)
- continue;
- switch (cmsg->cmsg_type) {
-===== net/ipv6/datagram.c 1.20 vs edited =====
---- 1.20/net/ipv6/datagram.c 2004-11-10 17:57:03 +11:00
-+++ edited/net/ipv6/datagram.c 2004-11-27 11:51:15 +11:00
-@@ -427,9 +427,7 @@
- int addr_type;
- struct net_device *dev = NULL;
-
-- if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
-- (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
-- + cmsg->cmsg_len) > msg->msg_controllen) {
-+ if (!CMSG_OK(msg, cmsg)) {
- err = -EINVAL;
- goto exit_f;
- }
-===== net/sctp/socket.c 1.129 vs edited =====
---- 1.129/net/sctp/socket.c 2004-11-19 08:43:18 +11:00
-+++ edited/net/sctp/socket.c 2004-11-27 11:52:11 +11:00
-@@ -4098,12 +4098,8 @@
- for (cmsg = CMSG_FIRSTHDR(msg);
- cmsg != NULL;
- cmsg = CMSG_NXTHDR((struct msghdr*)msg, cmsg)) {
-- /* Check for minimum length. The SCM code has this check. */
-- if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
-- (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
-- + cmsg->cmsg_len) > msg->msg_controllen) {
-+ if (!CMSG_OK(msg, cmsg))
- return -EINVAL;
-- }
-
- /* Should we parse this header or ignore? */
- if (cmsg->cmsg_level != IPPROTO_SCTP)
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1056.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1056.patch
deleted file mode 100644
index 53b777acaac5..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1056.patch
+++ /dev/null
@@ -1,321 +0,0 @@
-diff -ur linux-2.4.28/drivers/char/drm/i810.h linux-2.4.28.plasmaroo/drivers/char/drm/i810.h
---- linux-2.4.28/drivers/char/drm/i810.h 2003-11-28 18:26:20.000000000 +0000
-+++ linux-2.4.28.plasmaroo/drivers/char/drm/i810.h 2004-12-23 16:26:31.000000000 +0000
-@@ -114,4 +114,14 @@
- #define DRIVER_AGP_BUFFERS_MAP( dev ) \
- ((drm_i810_private_t *)((dev)->dev_private))->buffer_map
-
-+#define LOCK_TEST_WITH_RETURN( dev ) \
-+do { \
-+ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \
-+ dev->lock.pid != current->pid ) { \
-+ DRM_ERROR( "%s called without lock held\n", \
-+ __FUNCTION__ ); \
-+ return -EINVAL; \
-+ } \
-+} while (0)
-+
- #endif
-diff -ur linux-2.4.28/drivers/char/drm/i810_dma.c linux-2.4.28.plasmaroo/drivers/char/drm/i810_dma.c
---- linux-2.4.28/drivers/char/drm/i810_dma.c 2004-02-18 13:36:31.000000000 +0000
-+++ linux-2.4.28.plasmaroo/drivers/char/drm/i810_dma.c 2004-12-23 16:27:16.000000000 +0000
-@@ -948,10 +948,7 @@
- drm_file_t *priv = filp->private_data;
- drm_device_t *dev = priv->dev;
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i810_flush_ioctl called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- i810_flush_queue(dev);
- return 0;
-@@ -973,10 +970,7 @@
- if (copy_from_user(&vertex, (drm_i810_vertex_t *)arg, sizeof(vertex)))
- return -EFAULT;
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i810_dma_vertex called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- if(vertex.idx < 0 || vertex.idx > dma->buf_count) return -EINVAL;
-
-@@ -1004,10 +998,7 @@
- if (copy_from_user(&clear, (drm_i810_clear_t *)arg, sizeof(clear)))
- return -EFAULT;
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i810_clear_bufs called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- /* GH: Someone's doing nasty things... */
- if (!dev->dev_private) {
-@@ -1026,10 +1017,7 @@
- drm_file_t *priv = filp->private_data;
- drm_device_t *dev = priv->dev;
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i810_swap_buf called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- i810_dma_dispatch_swap( dev );
- return 0;
-@@ -1064,10 +1052,7 @@
- if (copy_from_user(&d, (drm_i810_dma_t *)arg, sizeof(d)))
- return -EFAULT;
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i810_dma called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- d.granted = 0;
-
-@@ -1174,11 +1159,7 @@
- if (copy_from_user(&mc, (drm_i810_mc_t *)arg, sizeof(mc)))
- return -EFAULT;
-
--
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i810_dma_mc called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- i810_dma_dispatch_mc(dev, dma->buflist[mc.idx], mc.used,
- mc.last_render );
-@@ -1223,10 +1204,7 @@
- drm_device_t *dev = priv->dev;
- drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private;
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i810_fstatus called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
- return I810_READ(0x30008);
- }
-
-@@ -1237,10 +1215,7 @@
- drm_device_t *dev = priv->dev;
- drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private;
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i810_ov0_flip called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- //Tell the overlay to update
- I810_WRITE(0x30000,dev_priv->overlay_physical | 0x80000000);
-diff -ur linux-2.4.28/drivers/char/drm/i830.h linux-2.4.28.plasmaroo/drivers/char/drm/i830.h
---- linux-2.4.28/drivers/char/drm/i830.h 2003-11-28 18:26:20.000000000 +0000
-+++ linux-2.4.28.plasmaroo/drivers/char/drm/i830.h 2004-12-23 16:31:33.000000000 +0000
-@@ -154,4 +154,14 @@
- #define DRIVER_AGP_BUFFERS_MAP( dev ) \
- ((drm_i830_private_t *)((dev)->dev_private))->buffer_map
-
-+#define LOCK_TEST_WITH_RETURN( dev ) \
-+do { \
-+ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \
-+ dev->lock.pid != current->pid ) { \
-+ DRM_ERROR( "%s called without lock held\n", \
-+ __FUNCTION__ ); \
-+ return -EINVAL; \
-+ } \
-+} while (0)
-+
- #endif
-diff -ur linux-2.4.28/drivers/char/drm/i830_dma.c linux-2.4.28.plasmaroo/drivers/char/drm/i830_dma.c
---- linux-2.4.28/drivers/char/drm/i830_dma.c 2004-02-18 13:36:31.000000000 +0000
-+++ linux-2.4.28.plasmaroo/drivers/char/drm/i830_dma.c 2004-12-23 16:32:08.000000000 +0000
-@@ -1330,10 +1330,7 @@
- drm_file_t *priv = filp->private_data;
- drm_device_t *dev = priv->dev;
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i830_flush_ioctl called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- i830_flush_queue(dev);
- return 0;
-@@ -1354,10 +1351,7 @@
- if (copy_from_user(&vertex, (drm_i830_vertex_t *)arg, sizeof(vertex)))
- return -EFAULT;
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i830_dma_vertex called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- DRM_DEBUG("i830 dma vertex, idx %d used %d discard %d\n",
- vertex.idx, vertex.used, vertex.discard);
-@@ -1384,10 +1378,7 @@
- if (copy_from_user(&clear, (drm_i830_clear_t *)arg, sizeof(clear)))
- return -EFAULT;
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i830_clear_bufs called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- /* GH: Someone's doing nasty things... */
- if (!dev->dev_private) {
-@@ -1409,10 +1400,7 @@
-
- DRM_DEBUG("i830_swap_bufs\n");
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i830_swap_buf called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- i830_dma_dispatch_swap( dev );
- return 0;
-@@ -1453,10 +1441,7 @@
-
- DRM_DEBUG("%s\n", __FUNCTION__);
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i830_flip_buf called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- if (!dev_priv->page_flipping)
- i830_do_init_pageflip( dev );
-@@ -1495,10 +1480,7 @@
- if (copy_from_user(&d, (drm_i830_dma_t *)arg, sizeof(d)))
- return -EFAULT;
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i830_dma called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- d.granted = 0;
-
-diff -ur linux-2.4.28/drivers/char/drm/i830_irq.c linux-2.4.28.plasmaroo/drivers/char/drm/i830_irq.c
---- linux-2.4.28/drivers/char/drm/i830_irq.c 2003-11-28 18:26:20.000000000 +0000
-+++ linux-2.4.28.plasmaroo/drivers/char/drm/i830_irq.c 2004-12-23 16:39:47.000000000 +0000
-@@ -130,10 +130,7 @@
- drm_i830_irq_emit_t emit;
- int result;
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i830_irq_emit called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- if ( !dev_priv ) {
- DRM_ERROR( "%s called with no initialization\n", __FUNCTION__ );
-diff -ur linux-2.4.28/drivers/char/drm-4.0/drmP.h linux-2.4.28.plasmaroo/drivers/char/drm-4.0/drmP.h
---- linux-2.4.28/drivers/char/drm-4.0/drmP.h 2004-02-18 13:36:31.000000000 +0000
-+++ linux-2.4.28.plasmaroo/drivers/char/drm-4.0/drmP.h 2004-12-23 16:21:30.000000000 +0000
-@@ -294,6 +294,16 @@
- #define DRM_BUFCOUNT(x) ((x)->count - DRM_LEFTCOUNT(x))
- #define DRM_WAITCOUNT(dev,idx) DRM_BUFCOUNT(&dev->queuelist[idx]->waitlist)
-
-+#define LOCK_TEST_WITH_RETURN( dev ) \
-+do { \
-+ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \
-+ dev->lock.pid != current->pid ) { \
-+ DRM_ERROR( "%s called without lock held\n", \
-+ __FUNCTION__ ); \
-+ return -EINVAL; \
-+ } \
-+} while (0)
-+
- typedef int drm_ioctl_t(struct inode *inode, struct file *filp,
- unsigned int cmd, unsigned long arg);
-
-diff -ur linux-2.4.28/drivers/char/drm-4.0/i810_dma.c linux-2.4.28.plasmaroo/drivers/char/drm-4.0/i810_dma.c
---- linux-2.4.28/drivers/char/drm-4.0/i810_dma.c 2004-02-18 13:36:31.000000000 +0000
-+++ linux-2.4.28.plasmaroo/drivers/char/drm-4.0/i810_dma.c 2004-12-23 16:21:30.000000000 +0000
-@@ -1249,10 +1249,7 @@
- drm_device_t *dev = priv->dev;
-
- DRM_DEBUG("i810_flush_ioctl\n");
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i810_flush_ioctl called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- i810_flush_queue(dev);
- return 0;
-@@ -1274,10 +1271,7 @@
- if (copy_from_user(&vertex, (drm_i810_vertex_t *)arg, sizeof(vertex)))
- return -EFAULT;
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i810_dma_vertex called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- DRM_DEBUG("i810 dma vertex, idx %d used %d discard %d\n",
- vertex.idx, vertex.used, vertex.discard);
-@@ -1308,10 +1302,7 @@
- if (copy_from_user(&clear, (drm_i810_clear_t *)arg, sizeof(clear)))
- return -EFAULT;
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i810_clear_bufs called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- i810_dma_dispatch_clear( dev, clear.flags,
- clear.clear_color,
-@@ -1327,10 +1318,7 @@
-
- DRM_DEBUG("i810_swap_bufs\n");
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i810_swap_buf called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- i810_dma_dispatch_swap( dev );
- return 0;
-@@ -1366,10 +1354,7 @@
- if (copy_from_user(&d, (drm_i810_dma_t *)arg, sizeof(d)))
- return -EFAULT;
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i810_dma called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- d.granted = 0;
-
-@@ -1399,10 +1384,7 @@
- drm_i810_buf_priv_t *buf_priv;
- drm_device_dma_t *dma = dev->dma;
-
-- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) {
-- DRM_ERROR("i810_dma called without lock held\n");
-- return -EINVAL;
-- }
-+ LOCK_TEST_WITH_RETURN(dev);
-
- if (copy_from_user(&d, (drm_i810_copy_t *)arg, sizeof(d)))
- return -EFAULT;
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1137.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1137.patch
deleted file mode 100644
index 161806ce79d7..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.CAN-2004-1137.patch
+++ /dev/null
@@ -1,59 +0,0 @@
---- linux-2.4.28-orig/net/ipv4/igmp.c 2004-08-08 01:26:06.000000000 +0200
-+++ linux-2.4.28/net/ipv4/igmp.c 2004-12-15 22:12:48.000000000 +0100
-@@ -1757,12 +1757,12 @@
- goto done;
- rv = !0;
- for (i=0; i<psl->sl_count; i++) {
-- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr,
-+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr,
- sizeof(__u32));
-- if (rv >= 0)
-+ if (rv == 0)
- break;
- }
-- if (!rv) /* source not found */
-+ if (rv) /* source not found */
- goto done;
-
- /* update the interface filter */
-@@ -1804,9 +1804,9 @@
- }
- rv = 1; /* > 0 for insert logic below if sl_count is 0 */
- for (i=0; i<psl->sl_count; i++) {
-- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr,
-+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr,
- sizeof(__u32));
-- if (rv >= 0)
-+ if (rv == 0)
- break;
- }
- if (rv == 0) /* address already there is an error */
---- linux-2.4.28-orig/net/ipv6/mcast.c 2004-11-17 12:54:22.000000000 +0100
-+++ linux-2.4.28/net/ipv6/mcast.c 2004-12-15 22:14:07.000000000 +0100
-@@ -386,12 +386,12 @@
- goto done;
- rv = !0;
- for (i=0; i<psl->sl_count; i++) {
-- rv = memcmp(&psl->sl_addr, group,
-+ rv = memcmp(&psl->sl_addr[i], source,
- sizeof(struct in6_addr));
-- if (rv >= 0)
-+ if (rv == 0)
- break;
- }
-- if (!rv) /* source not found */
-+ if (rv) /* source not found */
- goto done;
-
- /* update the interface filter */
-@@ -432,8 +432,8 @@
- }
- rv = 1; /* > 0 for insert logic below if sl_count is 0 */
- for (i=0; i<psl->sl_count; i++) {
-- rv = memcmp(&psl->sl_addr, group, sizeof(struct in6_addr));
-- if (rv >= 0)
-+ rv = memcmp(&psl->sl_addr[i], source, sizeof(struct in6_addr));
-+ if (rv == 0)
- break;
- }
- if (rv == 0) /* address already there is an error */
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.FPULockup-53804.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.FPULockup-53804.patch
deleted file mode 100644
index 1dd5ed87b520..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.FPULockup-53804.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- linux-2.4/include/asm-i386/i387.h 2004-06-13 20:06:05.044881328 +0100
-+++ linux-2.4/include/asm-i386/i387.h 2004-06-13 20:25:42.836829736 +0100
-@@ -34,7 +34,7 @@
-
- #define clear_fpu( tsk ) do { \
- if ( tsk->flags & PF_USEDFPU ) { \
-- asm volatile("fwait"); \
-+ asm volatile("fnclex ; fwait"); \
- tsk->flags &= ~PF_USEDFPU; \
- stts(); \
- } \
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.XDRWrapFix.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.XDRWrapFix.patch
deleted file mode 100644
index 9a336ab7876a..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.XDRWrapFix.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-# This is a BitKeeper generated diff -Nru style patch.
-#
-# ChangeSet
-# 2004/08/16 14:50:04-03:00 neilb@cse.unsw.edu.au
-# [PATCH] Fixed possibly xdr parsing error if write size exceed 2^31
-#
-# xdr_argsize_check needs to cope with the possibility that the
-# pointer has wrapped and could be below buf->base.
-#
-# Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
-#
-# ### Diffstat output
-# ./fs/nfsd/nfs3xdr.c | 2 +-
-# ./include/linux/nfsd/xdr3.h | 2 +-
-# 2 files changed, 2 insertions(+), 2 deletions(-)
-#
-# fs/nfsd/nfs3xdr.c
-# 2004/08/14 00:23:06-03:00 neilb@cse.unsw.edu.au +1 -1
-# Fixed possibly xdr parsing error if write size exceed 2^31
-#
-# include/linux/nfsd/xdr3.h
-# 2004/08/15 20:48:43-03:00 neilb@cse.unsw.edu.au +1 -1
-# Fixed possibly xdr parsing error if write size exceed 2^31
-#
-diff -Nru a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c
---- a/fs/nfsd/nfs3xdr.c 2004-09-06 11:20:28 -07:00
-+++ b/fs/nfsd/nfs3xdr.c 2004-09-06 11:20:28 -07:00
-@@ -273,7 +273,7 @@
- {
- struct svc_buf *buf = &rqstp->rq_argbuf;
-
-- return p - buf->base <= buf->buflen;
-+ return p >= buf->base && p <= buf->base + buf->buflen ;
- }
-
- static inline int
-diff -Nru a/include/linux/nfsd/xdr3.h b/include/linux/nfsd/xdr3.h
---- a/include/linux/nfsd/xdr3.h 2004-09-06 11:20:28 -07:00
-+++ b/include/linux/nfsd/xdr3.h 2004-09-06 11:20:28 -07:00
-@@ -41,7 +41,7 @@
- __u32 count;
- int stable;
- __u8 * data;
-- int len;
-+ __u32 len;
- };
-
- struct nfsd3_createargs {
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.binfmt_a.out.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.binfmt_a.out.patch
deleted file mode 100644
index 4644ae28bce4..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.binfmt_a.out.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-diff -Nru linux-2.4.28/fs/exec.c linux-2.4.28.plasmaroo/fs/exec.c
---- linux-2.4.28/fs/exec.c 2004-04-15 10:44:45 -07:00
-+++ linux-2.4.28.plasmaroo/fs/exec.c 2004-11-12 12:02:40 -08:00
-@@ -342,6 +342,7 @@ int setup_arg_pages(struct linux_binprm
-
- down_write(&current->mm->mmap_sem);
- {
-+ struct vm_area_struct *vma;
- mpnt->vm_mm = current->mm;
- mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p;
- mpnt->vm_end = STACK_TOP;
-@@ -351,6 +352,12 @@ int setup_arg_pages(struct linux_binprm
- mpnt->vm_pgoff = 0;
- mpnt->vm_file = NULL;
- mpnt->vm_private_data = (void *) 0;
-+ vma = find_vma(current->mm, mpnt->vm_start);
-+ if (vma) {
-+ up_write(&current->mm->mmap_sem);
-+ kmem_cache_free(vm_area_cachep, mpnt);
-+ return -ENOMEM;
-+ }
- insert_vm_struct(current->mm, mpnt);
- current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
- }
-diff -Nru linux-2.4.28/fs/exec.c linux-2.4.28.plasmaroo/fs/exec.c
---- linux-2.4.28/fs/binfmt_aout.c 2002-02-04 23:54:04 -08:00
-+++ linux-2.4.28.plasmaroo/fs/binfmt_aout.c 2004-11-12 11:55:14 -08:00
-@@ -39,13 +39,18 @@ static struct linux_binfmt aout_format =
- NULL, THIS_MODULE, load_aout_binary, load_aout_library, aout_core_dump, PAGE_SIZE
- };
-
--static void set_brk(unsigned long start, unsigned long end)
-+#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
-+
-+static int set_brk(unsigned long start, unsigned long end)
- {
- start = PAGE_ALIGN(start);
- end = PAGE_ALIGN(end);
-- if (end <= start)
-- return;
-- do_brk(start, end - start);
-+ if (end > start) {
-+ unsigned long addr = do_brk(start, end - start);
-+ if (BAD_ADDR(addr))
-+ return addr;
-+ }
-+ return 0;
- }
-
- /*
-@@ -405,7 +410,11 @@ static int load_aout_binary(struct linux
- beyond_if:
- set_binfmt(&aout_format);
-
-- set_brk(current->mm->start_brk, current->mm->brk);
-+ retval = set_brk(current->mm->start_brk, current->mm->brk);
-+ if (retval < 0) {
-+ send_sig(SIGKILL, current, 0);
-+ return retval;
-+ }
-
- retval = setup_arg_pages(bprm);
- if (retval < 0) {
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.binfmt_elf.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.binfmt_elf.patch
deleted file mode 100644
index 9f4f44ee78f5..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.binfmt_elf.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-diff -ur linux-2.4.27/fs/binfmt_elf.c linux-2.4.27.plasmaroo/fs/binfmt_elf.c
---- linux-2.4.27/fs/binfmt_elf.c 2004-04-14 14:05:40.000000000 +0100
-+++ linux-2.4.27.plasmaroo/fs/binfmt_elf.c 2004-11-19 21:30:26.745410824 +0000
-@@ -299,9 +299,12 @@
- goto out;
-
- retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size);
-- error = retval;
-- if (retval < 0)
-+ error = -EIO;
-+ if (retval != size) {
-+ if (retval < 0)
-+ error = retval;
- goto out_close;
-+ }
-
- eppnt = elf_phdata;
- for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) {
-@@ -475,8 +478,11 @@
- goto out;
-
- retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size);
-- if (retval < 0)
-+ if (retval != size) {
-+ if (retval >= 0)
-+ retval = -EIO;
- goto out_free_ph;
-+ }
-
- files = current->files; /* Refcounted so ok */
- retval = unshare_files();
-@@ -513,7 +519,8 @@
- */
-
- retval = -ENOMEM;
-- if (elf_ppnt->p_filesz > PATH_MAX)
-+ if (elf_ppnt->p_filesz > PATH_MAX ||
-+ elf_ppnt->p_filesz == 0)
- goto out_free_file;
- elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz,
- GFP_KERNEL);
-@@ -523,8 +530,16 @@
- retval = kernel_read(bprm->file, elf_ppnt->p_offset,
- elf_interpreter,
- elf_ppnt->p_filesz);
-- if (retval < 0)
-+ if (retval != elf_ppnt->p_filesz) {
-+ if (retval >= 0)
-+ retval = -EIO;
-+ goto out_free_interp;
-+ }
-+ /* make sure path is NULL terminated */
-+ retval = -EINVAL;
-+ if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
- goto out_free_interp;
-+
- /* If the program interpreter is one of these two,
- * then assume an iBCS2 image. Otherwise assume
- * a native linux image.
-@@ -543,8 +558,11 @@
- if (IS_ERR(interpreter))
- goto out_free_interp;
- retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE);
-- if (retval < 0)
-+ if (retval != BINPRM_BUF_SIZE) {
-+ if (retval >= 0)
-+ retval = -EIO;
- goto out_free_dentry;
-+ }
-
- /* Get the exec headers */
- interp_ex = *((struct exec *) bprm->buf);
-@@ -682,8 +700,10 @@
- }
-
- error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags);
-- if (BAD_ADDR(error))
-- continue;
-+ if (BAD_ADDR(error)) {
-+ send_sig(SIGKILL, current, 0);
-+ goto out_free_dentry;
-+ }
-
- if (!load_addr_set) {
- load_addr_set = 1;
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.brk-locked.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.brk-locked.patch
deleted file mode 100644
index 4a1a249464e1..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.brk-locked.patch
+++ /dev/null
@@ -1,258 +0,0 @@
-diff -ur linux-2.4.28-gentoo-r4/arch/mips/kernel/irixelf.c linux-2.4.28-gentoo-r5/arch/mips/kernel/irixelf.c
---- linux-2.4.28-gentoo-r4/arch/mips/kernel/irixelf.c 2005-01-07 20:33:12.000000000 +0000
-+++ linux-2.4.28-gentoo-r5/arch/mips/kernel/irixelf.c 2005-01-07 20:20:32.000000000 +0000
-@@ -130,7 +130,7 @@
- end = PAGE_ALIGN(end);
- if (end <= start)
- return;
-- do_brk(start, end - start);
-+ do_brk_locked(start, end - start);
- }
-
-
-@@ -379,7 +379,7 @@
-
- /* Map the last of the bss segment */
- if (last_bss > len) {
-- do_brk(len, (last_bss - len));
-+ do_brk_locked(len, (last_bss - len));
- }
- kfree(elf_phdata);
-
-@@ -567,7 +567,7 @@
- unsigned long v;
- struct prda *pp;
-
-- v = do_brk (PRDA_ADDRESS, PAGE_SIZE);
-+ v = do_brk_locked (PRDA_ADDRESS, PAGE_SIZE);
-
- if (v < 0)
- return;
-@@ -859,7 +859,7 @@
- len = (elf_phdata->p_filesz + elf_phdata->p_vaddr+ 0xfff) & 0xfffff000;
- bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
- if (bss > len)
-- do_brk(len, bss-len);
-+ do_brk_locked(len, bss-len);
- kfree(elf_phdata);
- return 0;
- }
-diff -ur linux-2.4.28-gentoo-r4/arch/sparc64/kernel/binfmt_aout32.c linux-2.4.28-gentoo-r5/arch/sparc64/kernel/binfmt_aout32.c
---- linux-2.4.28-gentoo-r4/arch/sparc64/kernel/binfmt_aout32.c 2005-01-07 20:33:12.000000000 +0000
-+++ linux-2.4.28-gentoo-r5/arch/sparc64/kernel/binfmt_aout32.c 2005-01-07 20:20:32.000000000 +0000
-@@ -49,7 +49,7 @@
- end = PAGE_ALIGN(end);
- if (end <= start)
- return;
-- do_brk(start, end - start);
-+ do_brk_locked(start, end - start);
- }
-
- /*
-@@ -246,10 +246,10 @@
- if (N_MAGIC(ex) == NMAGIC) {
- loff_t pos = fd_offset;
- /* Fuck me plenty... */
-- error = do_brk(N_TXTADDR(ex), ex.a_text);
-+ error = do_brk_locked(N_TXTADDR(ex), ex.a_text);
- bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex),
- ex.a_text, &pos);
-- error = do_brk(N_DATADDR(ex), ex.a_data);
-+ error = do_brk_locked(N_DATADDR(ex), ex.a_data);
- bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex),
- ex.a_data, &pos);
- goto beyond_if;
-@@ -257,7 +257,7 @@
-
- if (N_MAGIC(ex) == OMAGIC) {
- loff_t pos = fd_offset;
-- do_brk(N_TXTADDR(ex) & PAGE_MASK,
-+ do_brk_locked(N_TXTADDR(ex) & PAGE_MASK,
- ex.a_text+ex.a_data + PAGE_SIZE - 1);
- bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex),
- ex.a_text+ex.a_data, &pos);
-@@ -272,7 +272,7 @@
-
- if (!bprm->file->f_op->mmap) {
- loff_t pos = fd_offset;
-- do_brk(0, ex.a_text+ex.a_data);
-+ do_brk_locked(0, ex.a_text+ex.a_data);
- bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex),
- ex.a_text+ex.a_data, &pos);
- goto beyond_if;
-@@ -388,7 +388,7 @@
- len = PAGE_ALIGN(ex.a_text + ex.a_data);
- bss = ex.a_text + ex.a_data + ex.a_bss;
- if (bss > len) {
-- error = do_brk(start_addr + len, bss - len);
-+ error = do_brk_locked(start_addr + len, bss - len);
- retval = error;
- if (error != start_addr + len)
- goto out;
-diff -ur linux-2.4.28-gentoo-r4/fs/binfmt_aout.c linux-2.4.28-gentoo-r5/fs/binfmt_aout.c
---- linux-2.4.28-gentoo-r4/fs/binfmt_aout.c 2005-01-07 20:33:12.000000000 +0000
-+++ linux-2.4.28-gentoo-r5/fs/binfmt_aout.c 2005-01-07 20:20:32.000000000 +0000
-@@ -46,7 +46,7 @@
- start = PAGE_ALIGN(start);
- end = PAGE_ALIGN(end);
- if (end > start) {
-- unsigned long addr = do_brk(start, end - start);
-+ unsigned long addr = do_brk_locked(start, end - start);
- if (BAD_ADDR(addr))
- return addr;
- }
-@@ -341,10 +341,10 @@
- loff_t pos = fd_offset;
- /* Fuck me plenty... */
- /* <AOL></AOL> */
-- error = do_brk(N_TXTADDR(ex), ex.a_text);
-+ error = do_brk_locked(N_TXTADDR(ex), ex.a_text);
- bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex),
- ex.a_text, &pos);
-- error = do_brk(N_DATADDR(ex), ex.a_data);
-+ error = do_brk_locked(N_DATADDR(ex), ex.a_data);
- bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex),
- ex.a_data, &pos);
- goto beyond_if;
-@@ -365,7 +365,7 @@
- map_size = ex.a_text+ex.a_data;
- #endif
-
-- error = do_brk(text_addr & PAGE_MASK, map_size);
-+ error = do_brk_locked(text_addr & PAGE_MASK, map_size);
- if (error != (text_addr & PAGE_MASK)) {
- send_sig(SIGKILL, current, 0);
- return error;
-@@ -399,7 +399,7 @@
-
- if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) {
- loff_t pos = fd_offset;
-- do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);
-+ do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data);
- bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex),
- ex.a_text+ex.a_data, &pos);
- flush_icache_range((unsigned long) N_TXTADDR(ex),
-@@ -500,7 +500,7 @@
- error_time = jiffies;
- }
-
-- do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);
-+ do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss);
-
- file->f_op->read(file, (char *)start_addr,
- ex.a_text + ex.a_data, &pos);
-@@ -524,7 +524,7 @@
- len = PAGE_ALIGN(ex.a_text + ex.a_data);
- bss = ex.a_text + ex.a_data + ex.a_bss;
- if (bss > len) {
-- error = do_brk(start_addr + len, bss - len);
-+ error = do_brk_locked(start_addr + len, bss - len);
- retval = error;
- if (error != start_addr + len)
- goto out;
-diff -ur linux-2.4.28-gentoo-r4/fs/binfmt_elf.c linux-2.4.28-gentoo-r5/fs/binfmt_elf.c
---- linux-2.4.28-gentoo-r4/fs/binfmt_elf.c 2005-01-07 20:33:12.000000000 +0000
-+++ linux-2.4.28-gentoo-r5/fs/binfmt_elf.c 2005-01-07 20:20:46.000000000 +0000
-@@ -130,7 +130,7 @@
- end = PAGE_ALIGN(end);
- if (end <= start)
- return;
-- do_brk(start, end - start);
-+ do_brk_locked(start, end - start);
- }
-
-
-@@ -295,7 +297,9 @@ static unsigned long load_elf_interp(str
- */
- if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr))
- goto out;
-- if (interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
-+
-+ if (interp_elf_ex->e_phnum < 1 ||
-+ interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
- goto out;
-
- /* Now read in all of the header information */
-@@ -370,7 +370,7 @@
-
- /* Map the last of the bss segment */
- if (last_bss > elf_bss)
-- do_brk(elf_bss, last_bss - elf_bss);
-+ do_brk_locked(elf_bss, last_bss - elf_bss);
-
- *interp_load_addr = load_addr;
- error = ((unsigned long) interp_elf_ex->e_entry) + load_addr;
-@@ -407,7 +407,7 @@
- goto out;
- }
-
-- do_brk(0, text_data);
-+ do_brk_locked(0, text_data);
- retval = -ENOEXEC;
- if (!interpreter->f_op || !interpreter->f_op->read)
- goto out;
-@@ -415,7 +415,7 @@
- flush_icache_range((unsigned long)addr,
- (unsigned long)addr + text_data);
-
-- do_brk(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1),
-+ do_brk_locked(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1),
- interp_ex->a_bss);
- elf_entry = interp_ex->a_entry;
-
-@@ -1271,7 +1271,7 @@
- len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1);
- bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
- if (bss > len)
-- do_brk(len, bss - len);
-+ do_brk_locked(len, bss - len);
- error = 0;
-
- out_free_ph:
-diff -ur linux-2.4.28-gentoo-r4/include/linux/mm.h linux-2.4.28-gentoo-r5/include/linux/mm.h
---- linux-2.4.28-gentoo-r4/include/linux/mm.h 2005-01-07 20:33:12.000000000 +0000
-+++ linux-2.4.28-gentoo-r5/include/linux/mm.h 2005-01-07 20:20:32.000000000 +0000
-@@ -601,6 +601,7 @@
- extern int do_munmap(struct mm_struct *, unsigned long, size_t);
-
- extern unsigned long do_brk(unsigned long, unsigned long);
-+extern unsigned long do_brk_locked(unsigned long, unsigned long);
-
- static inline void __vma_unlink(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct * prev)
- {
-diff -ur linux-2.4.28-gentoo-r4/kernel/ksyms.c linux-2.4.28-gentoo-r5/kernel/ksyms.c
---- linux-2.4.28-gentoo-r4/kernel/ksyms.c 2005-01-07 20:33:12.000000000 +0000
-+++ linux-2.4.28-gentoo-r5/kernel/ksyms.c 2005-01-07 20:20:32.000000000 +0000
-@@ -90,6 +90,7 @@
- EXPORT_SYMBOL(__do_mmap_pgoff);
- EXPORT_SYMBOL(do_munmap);
- EXPORT_SYMBOL(do_brk);
-+EXPORT_SYMBOL(do_brk_locked);
- EXPORT_SYMBOL(exit_mm);
- EXPORT_SYMBOL(exit_files);
- EXPORT_SYMBOL(exit_fs);
-diff -ur linux-2.4.28-gentoo-r4/mm/mmap.c linux-2.4.28-gentoo-r5/mm/mmap.c
---- linux-2.4.28-gentoo-r4/mm/mmap.c 2005-01-07 20:33:12.000000000 +0000
-+++ linux-2.4.28-gentoo-r5/mm/mmap.c 2005-01-07 20:20:32.000000000 +0000
-@@ -1401,6 +1401,21 @@
- return addr;
- }
-
-+/* locking version of do_brk. */
-+unsigned long do_brk_locked(unsigned long addr, unsigned long len)
-+{
-+ unsigned long ret;
-+
-+ down_write(&current->mm->mmap_sem);
-+ ret = do_brk(addr, len);
-+ up_write(&current->mm->mmap_sem);
-+
-+ return ret;
-+}
-+
-+
-+
-+
- /* Build the RB tree corresponding to the VMA list. */
- void build_mmap_rb(struct mm_struct * mm)
- {
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.cmdlineLeak.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.cmdlineLeak.patch
deleted file mode 100644
index 5f26f7f388f6..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.cmdlineLeak.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- linux-2.4/fs/proc/base.c 2004-04-15 07:09:32.000000000 +0100
-+++ linux-2.4/fs/proc/base.c.plasmaroo 2004-08-09 23:30:43.869195800 +0100
-@@ -187,7 +187,7 @@ static int proc_pid_cmdline(struct task_
- if (mm)
- atomic_inc(&mm->mm_users);
- task_unlock(task);
-- if (mm) {
-+ if (mm && mm->arg_end) {
- int len = mm->arg_end - mm->arg_start;
- if (len > PAGE_SIZE)
- len = PAGE_SIZE;
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.smbfs.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.smbfs.patch
deleted file mode 100644
index 63c5ba30403f..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.smbfs.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-diff -ur linux-2.4.27/fs/smbfs/proc.c linux-2.4.28/fs/smbfs/proc.c
---- linux-2.4.27/fs/smbfs/proc.c 2004-11-12 19:32:24.000000000 +0000
-+++ linux-2.4.28/fs/smbfs/proc.c 2004-11-19 20:18:27.000000000 +0000
-@@ -1289,10 +1289,12 @@
- data_len = WVAL(buf, 1);
-
- /* we can NOT simply trust the data_len given by the server ... */
-- if (data_len > server->packet_size - (buf+3 - server->packet)) {
-- printk(KERN_ERR "smb_proc_read: invalid data length!! "
-- "%d > %d - (%p - %p)\n",
-- data_len, server->packet_size, buf+3, server->packet);
-+ if (data_len > count ||
-+ (buf+3 - server->packet) + data_len > server->packet_size) {
-+ printk(KERN_ERR "smb_proc_read: invalid data length/offset!! "
-+ "%d > %d || (%p - %p) + %d > %d\n",
-+ data_len, count,
-+ buf+3, server->packet, data_len, server->packet_size);
- result = -EIO;
- goto out;
- }
-@@ -1378,10 +1380,12 @@
- buf = smb_base(server->packet) + data_off;
-
- /* we can NOT simply trust the info given by the server ... */
-- if (data_len > server->packet_size - (buf - server->packet)) {
-- printk(KERN_ERR "smb_proc_read: invalid data length!! "
-- "%d > %d - (%p - %p)\n",
-- data_len, server->packet_size, buf, server->packet);
-+ if (data_len > count ||
-+ (buf - server->packet) + data_len > server->packet_size) {
-+ printk(KERN_ERR "smb_proc_readX: invalid data length/offset!! "
-+ "%d > %d || (%p - %p) + %d > %d\n",
-+ data_len, count,
-+ buf, server->packet, data_len, server->packet_size);
- result = -EIO;
- goto out;
- }
-diff -ur linux-2.4.27/fs/smbfs/sock.c linux-2.4.28/fs/smbfs/sock.c
---- linux-2.4.27/fs/smbfs/sock.c 2004-11-12 19:32:24.000000000 +0000
-+++ linux-2.4.28/fs/smbfs/sock.c 2004-11-19 20:18:27.000000000 +0000
-@@ -571,7 +571,11 @@
- parm_disp, parm_offset, parm_count,
- data_disp, data_offset, data_count);
- *parm = base + parm_offset;
-+ if (*parm - inbuf + parm_tot > server->packet_size)
-+ goto out_bad_parm;
- *data = base + data_offset;
-+ if (*data - inbuf + data_tot > server->packet_size)
-+ goto out_bad_data;
- goto success;
- }
-
-@@ -591,6 +595,8 @@
- rcv_buf = smb_vmalloc(buf_len);
- if (!rcv_buf)
- goto out_no_mem;
-+ memset(rcv_buf, 0, buf_len);
-+
- *parm = rcv_buf;
- *data = rcv_buf + total_p;
- } else if (data_tot > total_d || parm_tot > total_p)
-@@ -598,8 +604,12 @@
-
- if (parm_disp + parm_count > total_p)
- goto out_bad_parm;
-+ if (parm_offset + parm_count > server->packet_size)
-+ goto out_bad_parm;
- if (data_disp + data_count > total_d)
- goto out_bad_data;
-+ if (data_offset + data_count > server->packet_size)
-+ goto out_bad_data;
- memcpy(*parm + parm_disp, base + parm_offset, parm_count);
- memcpy(*data + data_disp, base + data_offset, data_count);
-
-@@ -610,8 +620,11 @@
- * Check whether we've received all of the data. Note that
- * we use the packet totals -- total lengths might shrink!
- */
-- if (data_len >= data_tot && parm_len >= parm_tot)
-+ if (data_len >= data_tot && parm_len >= parm_tot) {
-+ data_len = data_tot;
-+ parm_len = parm_tot;
- break;
-+ }
- }
-
- /*
-@@ -625,6 +638,9 @@
- server->packet = rcv_buf;
- rcv_buf = inbuf;
- } else {
-+ if (parm_len + data_len > buf_len)
-+ goto out_data_grew;
-+
- PARANOIA("copying data, old size=%d, new size=%u\n",
- server->packet_size, buf_len);
- memcpy(inbuf, rcv_buf, parm_len + data_len);
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.4.vma.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.4.vma.patch
deleted file mode 100644
index 2469dd5ab2c5..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources-2.4.vma.patch
+++ /dev/null
@@ -1,246 +0,0 @@
-# This is a BitKeeper generated diff -Nru style patch.
-#
-# ChangeSet
-# 2004/12/17 21:45:58-02:00 chrisw@osdl.org
-# [PATCH] Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG().
-#
-# Backport of 2.6 fix to insert_vm_struct to make it return an error
-# rather than BUG(). This eliminates a user triggerable BUG() when user
-# created a large vma that overlapped with arg pages during exec (could be
-# triggered with a.out on i386 and x86_64 and elf on ia64).
-#
-# Signed-off-by: Chris Wright <chrisw@osdl.org>
-#
-# ===== arch/ia64/ia32/binfmt_elf32.c 1.13 vs edited =====
-#
-# arch/ia64/ia32/binfmt_elf32.c
-# 2004/12/17 17:22:06-02:00 chrisw@osdl.org +16 -4
-# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG().
-#
-# arch/ia64/mm/init.c
-# 2004/12/17 15:25:47-02:00 chrisw@osdl.org +14 -2
-# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG().
-#
-# arch/s390x/kernel/exec32.c
-# 2004/12/17 15:32:42-02:00 chrisw@osdl.org +6 -2
-# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). This eliminates a user triggerable BUG() when user
-#
-# arch/x86_64/ia32/ia32_binfmt.c
-# 2004/12/17 15:34:21-02:00 chrisw@osdl.org +6 -2
-# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). This eliminates a user triggerable BUG() when user
-#
-# fs/exec.c
-# 2004/12/17 15:54:18-02:00 chrisw@osdl.org +6 -2
-# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG().
-#
-# include/linux/mm.h
-# 2004/12/16 20:38:37-02:00 chrisw@osdl.org +1 -1
-# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). This eliminates a user triggerable BUG() when user
-#
-# mm/mmap.c
-# 2004/12/16 20:43:15-02:00 chrisw@osdl.org +3 -2
-# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG().
-#
-diff -Nru a/arch/ia64/ia32/binfmt_elf32.c b/arch/ia64/ia32/binfmt_elf32.c
---- a/arch/ia64/ia32/binfmt_elf32.c 2004-12-19 07:39:49 -08:00
-+++ b/arch/ia64/ia32/binfmt_elf32.c 2004-12-19 07:39:49 -08:00
-@@ -95,7 +95,11 @@
- vma->vm_private_data = NULL;
- down_write(&current->mm->mmap_sem);
- {
-- insert_vm_struct(current->mm, vma);
-+ if (insert_vm_struct(current->mm, vma)) {
-+ kmem_cache_free(vm_area_cachep, vma);
-+ up_write(&current->mm->mmap_sem);
-+ return;
-+ }
- }
- up_write(&current->mm->mmap_sem);
- }
-@@ -117,7 +121,11 @@
- vma->vm_private_data = NULL;
- down_write(&current->mm->mmap_sem);
- {
-- insert_vm_struct(current->mm, vma);
-+ if (insert_vm_struct(current->mm, vma)) {
-+ kmem_cache_free(vm_area_cachep, vma);
-+ up_write(&current->mm->mmap_sem);
-+ return;
-+ }
- }
- up_write(&current->mm->mmap_sem);
- }
-@@ -164,7 +172,7 @@
- {
- unsigned long stack_base;
- struct vm_area_struct *mpnt;
-- int i;
-+ int i, ret;
-
- stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;
-
-@@ -188,7 +196,11 @@
- mpnt->vm_pgoff = 0;
- mpnt->vm_file = NULL;
- mpnt->vm_private_data = 0;
-- insert_vm_struct(current->mm, mpnt);
-+ if ((ret = insert_vm_struct(current->mm, mpnt))) {
-+ up_write(&current->mm->mmap_sem);
-+ kmem_cache_free(vm_area_cachep, mpnt);
-+ return ret;
-+ }
- current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
- }
-
-diff -Nru a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c
---- a/arch/ia64/mm/init.c 2004-12-19 07:39:49 -08:00
-+++ b/arch/ia64/mm/init.c 2004-12-19 07:39:49 -08:00
-@@ -105,7 +105,13 @@
- vma->vm_pgoff = 0;
- vma->vm_file = NULL;
- vma->vm_private_data = NULL;
-- insert_vm_struct(current->mm, vma);
-+ down_write(&current->mm->mmap_sem);
-+ if (insert_vm_struct(current->mm, vma)) {
-+ up_write(&current->mm->mmap_sem);
-+ kmem_cache_free(vm_area_cachep, vma);
-+ return;
-+ }
-+ up_write(&current->mm->mmap_sem);
- }
-
- /* map NaT-page at address zero to speed up speculative dereferencing of NULL: */
-@@ -117,7 +123,13 @@
- vma->vm_end = PAGE_SIZE;
- vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT);
- vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO | VM_RESERVED;
-- insert_vm_struct(current->mm, vma);
-+ down_write(&current->mm->mmap_sem);
-+ if (insert_vm_struct(current->mm, vma)) {
-+ up_write(&current->mm->mmap_sem);
-+ kmem_cache_free(vm_area_cachep, vma);
-+ return;
-+ }
-+ up_write(&current->mm->mmap_sem);
- }
- }
- }
-diff -Nru a/arch/s390x/kernel/exec32.c b/arch/s390x/kernel/exec32.c
---- a/arch/s390x/kernel/exec32.c 2004-12-19 07:39:49 -08:00
-+++ b/arch/s390x/kernel/exec32.c 2004-12-19 07:39:49 -08:00
-@@ -41,7 +41,7 @@
- {
- unsigned long stack_base;
- struct vm_area_struct *mpnt;
-- int i;
-+ int i, ret;
-
- stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;
-
-@@ -65,7 +65,11 @@
- mpnt->vm_pgoff = 0;
- mpnt->vm_file = NULL;
- mpnt->vm_private_data = (void *) 0;
-- insert_vm_struct(current->mm, mpnt);
-+ if ((ret = insert_vm_struct(current->mm, mpnt))) {
-+ up_write(&current->mm->mmap_sem);
-+ kmem_cache_free(vm_area_cachep, mpnt);
-+ return ret;
-+ }
- current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
- }
-
-diff -Nru a/arch/x86_64/ia32/ia32_binfmt.c b/arch/x86_64/ia32/ia32_binfmt.c
---- a/arch/x86_64/ia32/ia32_binfmt.c 2004-12-19 07:39:49 -08:00
-+++ b/arch/x86_64/ia32/ia32_binfmt.c 2004-12-19 07:39:49 -08:00
-@@ -225,7 +225,7 @@
- {
- unsigned long stack_base;
- struct vm_area_struct *mpnt;
-- int i;
-+ int i, ret;
-
- stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;
-
-@@ -250,7 +250,11 @@
- mpnt->vm_pgoff = 0;
- mpnt->vm_file = NULL;
- mpnt->vm_private_data = (void *) 0;
-- insert_vm_struct(current->mm, mpnt);
-+ if ((ret = insert_vm_struct(current->mm, mpnt))) {
-+ up_write(&current->mm->mmap_sem);
-+ kmem_cache_free(vm_area_cachep, mpnt);
-+ return ret;
-+ }
- current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
- }
-
-diff -Nru a/fs/exec.c b/fs/exec.c
---- a/fs/exec.c 2004-12-19 07:39:49 -08:00
-+++ b/fs/exec.c 2004-12-19 07:39:49 -08:00
-@@ -327,7 +327,7 @@
- {
- unsigned long stack_base;
- struct vm_area_struct *mpnt;
-- int i;
-+ int i, ret;
-
- stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;
-
-@@ -387,7 +387,6 @@
-
- down_write(&current->mm->mmap_sem);
- {
-- struct vm_area_struct *vma;
- mpnt->vm_mm = current->mm;
- mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p;
- mpnt->vm_end = STACK_TOP;
-@@ -402,13 +401,11 @@
- mpnt->vm_pgoff = 0;
- mpnt->vm_file = NULL;
- mpnt->vm_private_data = (void *) 0;
-- vma = find_vma(current->mm, mpnt->vm_start);
-- if (vma) {
-+ if ((ret = insert_vm_struct(current->mm, mpnt))) {
- up_write(&current->mm->mmap_sem);
- kmem_cache_free(vm_area_cachep, mpnt);
-- return -ENOMEM;
-+ return ret;
- }
-- insert_vm_struct(current->mm, mpnt);
- current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
- }
-
-diff -Nru a/include/linux/mm.h b/include/linux/mm.h
---- a/include/linux/mm.h 2004-12-19 07:39:49 -08:00
-+++ b/include/linux/mm.h 2004-12-19 07:39:49 -08:00
-@@ -548,7 +548,7 @@
- /* mmap.c */
- extern void lock_vma_mappings(struct vm_area_struct *);
- extern void unlock_vma_mappings(struct vm_area_struct *);
--extern void insert_vm_struct(struct mm_struct *, struct vm_area_struct *);
-+extern int insert_vm_struct(struct mm_struct *, struct vm_area_struct *);
- extern void __insert_vm_struct(struct mm_struct *, struct vm_area_struct *);
- extern void build_mmap_rb(struct mm_struct *);
- extern void exit_mmap(struct mm_struct *);
-diff -Nru a/mm/mmap.c b/mm/mmap.c
---- a/mm/mmap.c 2004-12-19 07:39:49 -08:00
-+++ b/mm/mmap.c 2004-12-19 07:39:49 -08:00
-@@ -1193,14 +1193,15 @@
- validate_mm(mm);
- }
-
--void insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
-+int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
- {
- struct vm_area_struct * __vma, * prev;
- rb_node_t ** rb_link, * rb_parent;
-
- __vma = find_vma_prepare(mm, vma->vm_start, &prev, &rb_link, &rb_parent);
- if (__vma && __vma->vm_start < vma->vm_end)
-- BUG();
-+ return -ENOMEM;
- vma_link(mm, vma, prev, rb_link, rb_parent);
- validate_mm(mm);
-+ return 0;
- }
diff --git a/sys-kernel/usermode-sources/files/usermode-sources.AF_UNIX.patch b/sys-kernel/usermode-sources/files/usermode-sources.AF_UNIX.patch
deleted file mode 100644
index 6ced78404a2d..000000000000
--- a/sys-kernel/usermode-sources/files/usermode-sources.AF_UNIX.patch
+++ /dev/null
@@ -1,24 +0,0 @@
---- linux-2.4.27/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00
-+++ linux-2.4.28/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00
-@@ -1403,9 +1403,11 @@
-
- msg->msg_namelen = 0;
-
-+ down(&sk->protinfo.af_unix.readsem);
-+
- skb = skb_recv_datagram(sk, flags, noblock, &err);
- if (!skb)
-- goto out;
-+ goto out_unlock;
-
- wake_up_interruptible(&sk->protinfo.af_unix.peer_wait);
-
-@@ -1449,6 +1451,8 @@
-
- out_free:
- skb_free_datagram(sk,skb);
-+out_unlock:
-+ up(&sk->protinfo.af_unix.readsem);
- out:
- return err;
- }
diff --git a/sys-kernel/usermode-sources/usermode-sources-2.4.27.ebuild b/sys-kernel/usermode-sources/usermode-sources-2.4.27.ebuild
deleted file mode 100644
index beb6c06da986..000000000000
--- a/sys-kernel/usermode-sources/usermode-sources-2.4.27.ebuild
+++ /dev/null
@@ -1,47 +0,0 @@
-# Copyright 1999-2005 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/usermode-sources-2.4.27.ebuild,v 1.1 2005/04/13 15:10:37 johnm Exp $
-
-ETYPE="sources"
-inherit kernel-2
-detect_version
-
-EXTRAVERSION="${EXTRAVERSION/usermode/uml1}"
-KV_FULL="${KV_FULL/usermode/uml1}"
-
-UML_PATCH="uml-patch-${OKV}-1"
-
-DESCRIPTION="Full (vanilla) sources for the User Mode Linux kernel"
-SRC_URI="${KERNEL_URI} mirror://sourceforge/user-mode-linux/${UML_PATCH}.bz2"
-HOMEPAGE="http://www.kernel.org/ http://user-mode-linux.sourceforge.net"
-LICENSE="GPL-2"
-KEYWORDS="x86 -ppc"
-RESTRICT="nomirror"
-
-UNIPATCH_LIST="${DISTDIR}/${UML_PATCH}.bz2
- ${FILESDIR}/${P}.CAN-2004-1295.patch
- ${FILESDIR}/${PN}-2.4.cmdlineLeak.patch
- ${FILESDIR}/${PN}-2.4.XDRWrapFix.patch
- ${FILESDIR}/${PN}-2.4.binfmt_elf.patch
- ${FILESDIR}/${PN}-2.4.smbfs.patch
- ${FILESDIR}/${PN}-2.4.binfmt_a.out.patch
- ${FILESDIR}/${PN}.AF_UNIX.patch
- ${FILESDIR}/${PN}-2.4.vma.patch
- ${FILESDIR}/${PN}-2.4.CAN-2004-1016.patch
- ${FILESDIR}/${PN}-2.4.CAN-2004-1056.patch
- ${FILESDIR}/${PN}-2.4.CAN-2004-1137.patch
- ${FILESDIR}/${PN}-2.4.brk-locked.patch
- ${FILESDIR}/${PN}-2.4.77094.patch
- ${FILESDIR}/${PN}-2.4.77666.patch
- ${FILESDIR}/${PN}-2.4.78362.patch
- ${FILESDIR}/${PN}-2.4.78363.patch"
-
-K_EXTRAEINFO="Since you are using UML, you may want to read the Gentoo Linux
-Developer's guide to system testing with User-Mode Linux that
-can be fount at http://www.gentoo.org/doc/en/uml.xml"
-
-src_install() {
- kernel-2_src_install
- mkdir -p ${D}/usr/src/uml
- mv ${D}/usr/src/linux-${KV_FULL} ${D}/usr/src/uml/
-}