diff options
| author |   Carlos Silva <r3pek@gentoo.org> | 2005-05-09 16:28:18 +0000 |
|---|---|---|
| committer | Carlos Silva <r3pek@gentoo.org> | 2005-05-09 16:28:18 +0000 |
| commit | 2976614eaa1d3d9ad10ad71fc802f0899837d04b (patch) | |
| tree | c6a5da5281f56b607fb7441f0db7e0f6df02b2a2 /sys-kernel/uclinux-sources | |
| parent | Stable on amd64. (diff) | |
| download | historical-2976614eaa1d3d9ad10ad71fc802f0899837d04b.tar.gz historical-2976614eaa1d3d9ad10ad71fc802f0899837d04b.tar.bz2 historical-2976614eaa1d3d9ad10ad71fc802f0899837d04b.zip | |
Cleaning
Package-Manager: portage-2.0.51.19
Diffstat (limited to 'sys-kernel/uclinux-sources')
43 files changed, 0 insertions, 3858 deletions
diff --git a/sys-kernel/uclinux-sources/Manifest b/sys-kernel/uclinux-sources/Manifest index 426c77ec2129..6d5b421af66b 100644 --- a/sys-kernel/uclinux-sources/Manifest +++ b/sys-kernel/uclinux-sources/Manifest @@ -1,48 +1,6 @@ MD5 4b4052d3108fa64be48658f31ac1b5f2 ChangeLog 9701 MD5 c71d9b38c8cf82eb213754c9505e1cdd metadata.xml 299 -MD5 01bff29b5fe2d6b7952660aae9f74fc2 uclinux-sources-2.4.26_p0-r12.ebuild 3270 -MD5 b9af557700c063b4960c6d0e88c0e06e uclinux-sources-2.6.7_p0-r14.ebuild 3558 MD5 70ac398323a4c9a3d3c26f5cdb6a1533 uclinux-sources-2.4.29_p0.ebuild 767 MD5 e03374380b884cb2397929f689df749c uclinux-sources-2.6.11_p0.ebuild 857 MD5 adaa6b7222dee1108f256696d88d8590 files/digest-uclinux-sources-2.4.29_p0 139 MD5 2f6b34ba3171f77f3f7c89c34d321d25 files/digest-uclinux-sources-2.6.11_p0 207 -MD5 3f6f370e8be93508e492315860e508ac files/digest-uclinux-sources-2.6.7_p0-r14 287 -MD5 dbd2c0514e2320a3ce7cb18c43b07fda files/digest-uclinux-sources-2.4.26_p0-r12 304 -MD5 f4a1961e2ebf5d3463ff3802ea798d8e files/kernel-26-security-patches.tar.bz2 9206 -MD5 1d78b90e495e432432e095ee47bbc2fc files/uclinux-sources.77094.patch 452 -MD5 8204afea1d572b49a4a80d8da4eef0c9 files/uclinux-sources-2.6.CAN-2004-0596.patch 1033 -MD5 aa595005721b58929ee55e2e8f4b6ba0 files/uclinux-sources-2.6.CAN-2004-0816.patch 1693 -MD5 6aa8f7a7c2d55734389b53d3bcf78570 files/uclinux-sources-2.6.CAN-2004-1016.patch 2835 -MD5 c942eca63f26d0e933a366491340e95b files/uclinux-sources-2.6.CAN-2004-1056.patch 6187 -MD5 09e9f1cad6f2f28fe81682cbad8e3011 files/uclinux-sources-2.6.CAN-2004-1137.patch 2551 -MD5 6bcdd0bb63e2db559a5c6465c73a7f89 files/uclinux-sources-2.6.CAN-2004-1151.patch 1143 -MD5 4c0855099b2f8bd4b6e06b4903d5ba74 files/uclinux-sources-2.6.vma.patch 7578 -MD5 b0a1f80aff51d6601e8924329023b241 files/uclinux-sources.AF_UNIX.patch 515 -MD5 d4a740ae56c2049247083af387a22a85 files/uclinux-sources-2.4.26_p0.CAN-2004-0394.patch 350 -MD5 dc18e982f8149588a291956481885a8c files/uclinux-sources-2.4.26_p0.CAN-2004-0495.patch 17549 -MD5 0f66013f643c79c97fda489618a4e2fd files/uclinux-sources-2.4.26_p0.CAN-2004-0535.patch 476 -MD5 60d25ff310fc6abfdce39ec9e47345af files/uclinux-sources-2.4.26_p0.CAN-2004-0685.patch 2809 -MD5 6aa8f7a7c2d55734389b53d3bcf78570 files/uclinux-sources-2.4.26_p0.CAN-2004-1016.patch 2835 -MD5 757ee1239c3f14645ccea3640d551e11 files/uclinux-sources-2.4.26_p0.CAN-2004-1056.patch 11249 -MD5 8c35751caf824a9dacb02e80d6189b2e files/uclinux-sources-2.4.26_p0.CAN-2004-1137.patch 1764 -MD5 95708646470a95668e8789cd415844ed files/uclinux-sources.CAN-2004-0497.patch 846 -MD5 d1ccc2047be533c992f67270a150a210 files/uclinux-sources-2.4.26_p0.cmdlineLeak.patch 388 -MD5 c9da1bc82b906f6abc648c056e7bf662 files/uclinux-sources-2.4.26_p0.FPULockup-53804.patch 354 -MD5 c2510fe1891f5a9effb12c2196922206 files/uclinux-sources-2.6.cmdlineLeak.patch 281 -MD5 915e8d7a0618736caa44d96968015467 files/uclinux-sources-2.4.26_p0.binfmt_elf.patch 2346 -MD5 8aa9e251f67d0a96275be95e78cf93d7 files/uclinux-sources-2.4.26_p0.brk-locked.patch 9287 -MD5 1e1fe7bb98c80db4644f4b7fd7dd5d32 files/uclinux-sources-2.4.26_p0.smbfs.patch 3434 -MD5 a9991d6324d7404ed99e79be6e44e9de files/uclinux-sources-2.6.binfmt_elf.patch 2348 -MD5 4d656fa3f3a47df751c0d78b64ed8353 files/uclinux-sources-2.6.AF_UNIX.SELinux.patch 1761 -MD5 385d55defaf1fd0639113ac6cd0e6681 files/uclinux-sources-2.6.brk-locked.patch 10934 -MD5 025c80544aef14ce3a49024d791c5596 files/uclinux-sources-2.6.binfmt_a.out.patch 1763 -MD5 530630d25910e6bd9376b63ea099655f files/uclinux-sources-2.6.AF_UNIX.patch 469 -MD5 452e04a312368605e145428c35bd0e05 files/uclinux-sources-2.6.devPtmx.patch 572 -MD5 b9a94233e1457787352e5f85e3e3582d files/uclinux-sources-2.4.26_p0.binfmt_a.out.patch 2009 -MD5 2b3ddb8b8b15f8da35ade38544b57857 files/uclinux-sources-2.4.26_p0.XDRWrapFix.patch 1499 -MD5 39361f8d16b1fe5891aab62e92f8cd30 files/uclinux-sources-2.6.IPTables-RDoS.patch 390 -MD5 c27699e9d62f7d46213bd51f87636163 files/uclinux-sources-2.4.26_p0.vma.patch 8143 -MD5 b738cb0120a32aa92cfcfdbd564dd21f files/uclinux-sources-2.6.ProcPerms.patch 1368 -MD5 655251f31f0bdc85bdd0cd0280af22b7 files/uclinux-sources-2.6.75963.patch 979 -MD5 9eda91c0c7c7cd61ac3fbc4b309de3c0 files/uclinux-sources-2.6.77094.patch 5193 -MD5 8165de5e2ab6e0d3263ea35ce856fd1b files/uclinux-sources-2.6.smbfs.patch 3309 diff --git a/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.4.26_p0-r12 b/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.4.26_p0-r12 deleted file mode 100644 index b25afb4f6565..000000000000 --- a/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.4.26_p0-r12 +++ /dev/null @@ -1,4 +0,0 @@ -MD5 88d7aefa03c92739cb70298a0b486e2c linux-2.4.26.tar.bz2 30772389 -MD5 8c2a75543abe268ff71d59c85b7607ac uClinux-2.4.26-uc0.diff.gz 4062854 -MD5 dd070e146fc1938fef307386976eb87e uclinux-sources-2.4.26-CAN-2004-0415.patch 90160 -MD5 9125c4f4e6ebec00d72863adfabc3c71 linux-2.4.26-CAN-2004-0814.2.patch 147666 diff --git a/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r14 b/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r14 deleted file mode 100644 index 5e42e7666435..000000000000 --- a/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r14 +++ /dev/null @@ -1,4 +0,0 @@ -MD5 a74671ea68b0e3c609e8785ed8497c14 linux-2.6.7.tar.bz2 35092228 -MD5 9f8265eee2179199a81e0a00268eb1a6 linux-2.6.7-uc0.patch.gz 184811 -MD5 52996b643afbd6ed9ba38b9483c2cac3 linux-2.6.7-CAN-2004-0415.patch 112612 -MD5 d5d92b6a21743498ba6e62a51c759008 linux-2.6.7-CAN-2004-0814.patch 131572 diff --git a/sys-kernel/uclinux-sources/files/kernel-26-security-patches.tar.bz2 b/sys-kernel/uclinux-sources/files/kernel-26-security-patches.tar.bz2 Binary files differdeleted file mode 100644 index d7b746df3954..000000000000 --- a/sys-kernel/uclinux-sources/files/kernel-26-security-patches.tar.bz2 +++ /dev/null diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-0394.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-0394.patch deleted file mode 100644 index 273f1a52046f..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-0394.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- linux-2.4.22-oM3-orig/kernel/panic.c Tue Mar 30 15:37:18 2004 -+++ linux-2.4.22-oM3-mod/kernel/panic.c Mon May 17 18:44:01 2004 -@@ -51,7 +51,7 @@ - - bust_spinlocks(1); - va_start(args, fmt); -- vsprintf(buf, fmt, args); -+ vsnprintf(buf, sizeof(buf), fmt, args); - va_end(args); - printk(KERN_EMERG "Kernel panic: %s\n",buf); - if (in_interrupt()) diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-0495.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-0495.patch deleted file mode 100644 index bea80eac69a9..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-0495.patch +++ /dev/null @@ -1,655 +0,0 @@ ---- linux/net/decnet/dn_dev.c.bak Wed Jun 16 14:42:24 2004 -+++ linux/net/decnet/dn_dev.c Wed Jun 16 14:42:34 2004 -@@ -1070,31 +1070,39 @@ int dnet_gifconf(struct net_device *dev, - { - struct dn_dev *dn_db = (struct dn_dev *)dev->dn_ptr; - struct dn_ifaddr *ifa; -- struct ifreq *ifr = (struct ifreq *)buf; -+ char buffer[DN_IFREQ_SIZE]; -+ struct ifreq *ifr = (struct ifreq *)buffer; -+ struct sockaddr_dn *addr = (struct sockaddr_dn *)&ifr->ifr_addr; - int done = 0; - - if ((dn_db == NULL) || ((ifa = dn_db->ifa_list) == NULL)) - return 0; - - for(; ifa; ifa = ifa->ifa_next) { -- if (!ifr) { -+ if (!buf) { - done += sizeof(DN_IFREQ_SIZE); - continue; - } - if (len < DN_IFREQ_SIZE) - return done; -- memset(ifr, 0, DN_IFREQ_SIZE); -+ memset(buffer, 0, DN_IFREQ_SIZE); - - if (ifa->ifa_label) - strcpy(ifr->ifr_name, ifa->ifa_label); - else - strcpy(ifr->ifr_name, dev->name); - -- (*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_family = AF_DECnet; -- (*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_add.a_len = 2; -- (*(dn_address *)(*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_add.a_addr) = ifa->ifa_local; -+ addr->sdn_family = AF_DECnet; -+ addr->sdn_add.a_len = 2; -+ memcpy(addr->sdn_add.a_addr, &ifa->ifa_local, -+ sizeof(dn_address)); - -- ifr = (struct ifreq *)((char *)ifr + DN_IFREQ_SIZE); -+ if (copy_to_user(buf, buffer, DN_IFREQ_SIZE)) { -+ done = -EFAULT; -+ break; -+ } -+ -+ buf += DN_IFREQ_SIZE; - len -= DN_IFREQ_SIZE; - done += DN_IFREQ_SIZE; - } ---- linux-2.4.21/drivers/net/wireless/airo.c 2003-06-13 15:51:35.000000000 +0100 -+++ linux-2.4.21/drivers/net/wireless/airo.c.plasmaroo 2004-06-24 11:09:08.260352168 +0100 -@@ -3012,19 +3012,22 @@ - size_t len, - loff_t *offset ) - { -- int i; -- int pos; -+ loff_t pos = *offset; - struct proc_data *priv = (struct proc_data*)file->private_data; - -- if( !priv->rbuffer ) return -EINVAL; -+ if (!priv->rbuffer) -+ return -EINVAL; - -- pos = *offset; -- for( i = 0; i+pos < priv->readlen && i < len; i++ ) { -- if (put_user( priv->rbuffer[i+pos], buffer+i )) -- return -EFAULT; -- } -- *offset += i; -- return i; -+ if (pos < 0) -+ return -EINVAL; -+ if (pos >= priv->readlen) -+ return 0; -+ if (len > priv->readlen - pos) -+ len = priv->readlen - pos; -+ if (copy_to_user(buffer, priv->rbuffer + pos, len)) -+ return -EFAULT; -+ *offset = pos + len; -+ return len; - } - - /* -@@ -3036,24 +3039,24 @@ - size_t len, - loff_t *offset ) - { -- int i; -- int pos; -+ loff_t pos = *offset; - struct proc_data *priv = (struct proc_data*)file->private_data; - -- if ( !priv->wbuffer ) { -+ if (!priv->wbuffer) - return -EINVAL; -- } -- -- pos = *offset; - -- for( i = 0; i + pos < priv->maxwritelen && -- i < len; i++ ) { -- if (get_user( priv->wbuffer[i+pos], buffer + i )) -- return -EFAULT; -- } -- if ( i+pos > priv->writelen ) priv->writelen = i+file->f_pos; -- *offset += i; -- return i; -+ if (pos < 0) -+ return -EINVAL; -+ if (pos >= priv->maxwritelen) -+ return 0; -+ if (len > priv->maxwritelen - pos) -+ len = priv->maxwritelen - pos; -+ if (copy_from_user(priv->wbuffer + pos, buffer, len)) -+ return -EFAULT; -+ if (pos + len > priv->writelen) -+ priv->writelen = pos + len; -+ *offset = pos + len; -+ return len; - } - - static int proc_status_open( struct inode *inode, struct file *file ) { ---- linux/drivers/sound/mpu401.c.bak Wed Jun 16 14:42:24 2004 -+++ linux/drivers/sound/mpu401.c Wed Jun 16 14:42:34 2004 -@@ -1493,14 +1493,16 @@ static unsigned long mpu_timer_get_time( - static int mpu_timer_ioctl(int dev, unsigned int command, caddr_t arg) - { - int midi_dev = sound_timer_devs[dev]->devlink; -+ int *p = (int *)arg; - - switch (command) - { - case SNDCTL_TMR_SOURCE: - { - int parm; -- -- parm = *(int *) arg; -+ -+ if (get_user(parm, p)) -+ return -EFAULT; - parm &= timer_caps; - - if (parm != 0) -@@ -1512,7 +1514,9 @@ static int mpu_timer_ioctl(int dev, unsi - else if (timer_mode & TMR_MODE_SMPTE) - mpu_cmd(midi_dev, 0x3d, 0); /* Use SMPTE sync */ - } -- return (*(int *) arg = timer_mode); -+ if (put_user(timer_mode, p)) -+ return -EFAULT; -+ return timer_mode; - } - break; - -@@ -1537,10 +1541,13 @@ static int mpu_timer_ioctl(int dev, unsi - { - int val; - -- val = *(int *) arg; -+ if (get_user(val, p)) -+ return -EFAULT; - if (val) - set_timebase(midi_dev, val); -- return (*(int *) arg = curr_timebase); -+ if (put_user(curr_timebase, p)) -+ return -EFAULT; -+ return curr_timebase; - } - break; - -@@ -1549,7 +1556,8 @@ static int mpu_timer_ioctl(int dev, unsi - int val; - int ret; - -- val = *(int *) arg; -+ if (get_user(val, p)) -+ return -EFAULT; - - if (val) - { -@@ -1564,7 +1572,9 @@ static int mpu_timer_ioctl(int dev, unsi - } - curr_tempo = val; - } -- return (*(int *) arg = curr_tempo); -+ if (put_user(curr_tempo, p)) -+ return -EFAULT; -+ return curr_tempo; - } - break; - -@@ -1572,18 +1582,25 @@ static int mpu_timer_ioctl(int dev, unsi - { - int val; - -- val = *(int *) arg; -+ if (get_user(val, p)) -+ return -EFAULT; - if (val != 0) /* Can't change */ - return -EINVAL; -- return (*(int *) arg = ((curr_tempo * curr_timebase) + 30) / 60); -+ val = (curr_tempo * curr_timebase + 30) / 60; -+ if (put_user(val, p)) -+ return -EFAULT; -+ return val; - } - break; - - case SNDCTL_SEQ_GETTIME: -- return (*(int *) arg = curr_ticks); -+ if (put_user(curr_ticks, p)) -+ return -EFAULT; -+ return curr_ticks; - - case SNDCTL_TMR_METRONOME: -- metronome_mode = *(int *) arg; -+ if (get_user(metronome_mode, p)) -+ return -EFAULT; - setup_metronome(midi_dev); - return 0; - ---- linux/drivers/sound/msnd.c.bak Wed Jun 16 14:42:24 2004 -+++ linux/drivers/sound/msnd.c Wed Jun 16 14:42:34 2004 -@@ -155,13 +155,10 @@ void msnd_fifo_make_empty(msnd_fifo *f) - f->len = f->tail = f->head = 0; - } - --int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len, int user) -+int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len) - { - int count = 0; - -- if (f->len == f->n) -- return 0; -- - while ((count < len) && (f->len != f->n)) { - - int nwritten; -@@ -177,11 +174,7 @@ int msnd_fifo_write(msnd_fifo *f, const - nwritten = len - count; - } - -- if (user) { -- if (copy_from_user(f->data + f->tail, buf, nwritten)) -- return -EFAULT; -- } else -- isa_memcpy_fromio(f->data + f->tail, (unsigned long) buf, nwritten); -+ isa_memcpy_fromio(f->data + f->tail, (unsigned long) buf, nwritten); - - count += nwritten; - buf += nwritten; -@@ -193,13 +186,10 @@ int msnd_fifo_write(msnd_fifo *f, const - return count; - } - --int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len, int user) -+int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len) - { - int count = 0; - -- if (f->len == 0) -- return f->len; -- - while ((count < len) && (f->len > 0)) { - - int nread; -@@ -215,11 +205,7 @@ int msnd_fifo_read(msnd_fifo *f, char *b - nread = len - count; - } - -- if (user) { -- if (copy_to_user(buf, f->data + f->head, nread)) -- return -EFAULT; -- } else -- isa_memcpy_toio((unsigned long) buf, f->data + f->head, nread); -+ isa_memcpy_toio((unsigned long) buf, f->data + f->head, nread); - - count += nread; - buf += nread; ---- linux/drivers/sound/msnd.h.bak Wed Jun 16 14:42:24 2004 -+++ linux/drivers/sound/msnd.h Wed Jun 16 14:42:34 2004 -@@ -266,8 +266,8 @@ void msnd_fifo_init(msnd_fifo *f); - void msnd_fifo_free(msnd_fifo *f); - int msnd_fifo_alloc(msnd_fifo *f, size_t n); - void msnd_fifo_make_empty(msnd_fifo *f); --int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len, int user); --int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len, int user); -+int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len); -+int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len); - - int msnd_wait_TXDE(multisound_dev_t *dev); - int msnd_wait_HC0(multisound_dev_t *dev); ---- linux/drivers/sound/msnd_pinnacle.c.bak Wed Jun 16 14:42:24 2004 -+++ linux/drivers/sound/msnd_pinnacle.c Wed Jun 16 14:42:34 2004 -@@ -804,7 +804,7 @@ static int dev_release(struct inode *ino - - static __inline__ int pack_DARQ_to_DARF(register int bank) - { -- register int size, n, timeout = 3; -+ register int size, timeout = 3; - register WORD wTmp; - LPDAQD DAQD; - -@@ -825,13 +825,10 @@ static __inline__ int pack_DARQ_to_DARF( - /* Read data from the head (unprotected bank 1 access okay - since this is only called inside an interrupt) */ - outb(HPBLKSEL_1, dev.io + HP_BLKS); -- if ((n = msnd_fifo_write( -+ msnd_fifo_write( - &dev.DARF, - (char *)(dev.base + bank * DAR_BUFF_SIZE), -- size, 0)) <= 0) { -- outb(HPBLKSEL_0, dev.io + HP_BLKS); -- return n; -- } -+ size); - outb(HPBLKSEL_0, dev.io + HP_BLKS); - - return 1; -@@ -853,21 +850,16 @@ static __inline__ int pack_DAPF_to_DAPQ( - if (protect) { - /* Critical section: protect fifo in non-interrupt */ - spin_lock_irqsave(&dev.lock, flags); -- if ((n = msnd_fifo_read( -+ n = msnd_fifo_read( - &dev.DAPF, - (char *)(dev.base + bank_num * DAP_BUFF_SIZE), -- DAP_BUFF_SIZE, 0)) < 0) { -- spin_unlock_irqrestore(&dev.lock, flags); -- return n; -- } -+ DAP_BUFF_SIZE); - spin_unlock_irqrestore(&dev.lock, flags); - } else { -- if ((n = msnd_fifo_read( -+ n = msnd_fifo_read( - &dev.DAPF, - (char *)(dev.base + bank_num * DAP_BUFF_SIZE), -- DAP_BUFF_SIZE, 0)) < 0) { -- return n; -- } -+ DAP_BUFF_SIZE); - } - if (!n) - break; -@@ -894,30 +886,43 @@ static __inline__ int pack_DAPF_to_DAPQ( - static int dsp_read(char *buf, size_t len) - { - int count = len; -+ char *page = (char *)__get_free_page(PAGE_SIZE); -+ -+ if (!page) -+ return -ENOMEM; - - while (count > 0) { -- int n; -+ int n, k; - unsigned long flags; - -+ k = PAGE_SIZE; -+ if (k > count) -+ k = count; -+ - /* Critical section: protect fifo in non-interrupt */ - spin_lock_irqsave(&dev.lock, flags); -- if ((n = msnd_fifo_read(&dev.DARF, buf, count, 1)) < 0) { -- printk(KERN_WARNING LOGNAME ": FIFO read error\n"); -- spin_unlock_irqrestore(&dev.lock, flags); -- return n; -- } -+ n = msnd_fifo_read(&dev.DARF, page, k); - spin_unlock_irqrestore(&dev.lock, flags); -+ if (copy_to_user(buf, page, n)) { -+ free_page((unsigned long)page); -+ return -EFAULT; -+ } - buf += n; - count -= n; - -+ if (n == k && count) -+ continue; -+ - if (!test_bit(F_READING, &dev.flags) && dev.mode & FMODE_READ) { - dev.last_recbank = -1; - if (chk_send_dsp_cmd(&dev, HDEX_RECORD_START) == 0) - set_bit(F_READING, &dev.flags); - } - -- if (dev.rec_ndelay) -+ if (dev.rec_ndelay) { -+ free_page((unsigned long)page); - return count == len ? -EAGAIN : len - count; -+ } - - if (count > 0) { - set_bit(F_READBLOCK, &dev.flags); -@@ -926,41 +931,57 @@ static int dsp_read(char *buf, size_t le - get_rec_delay_jiffies(DAR_BUFF_SIZE))) - clear_bit(F_READING, &dev.flags); - clear_bit(F_READBLOCK, &dev.flags); -- if (signal_pending(current)) -+ if (signal_pending(current)) { -+ free_page((unsigned long)page); - return -EINTR; -+ } - } - } -- -+ free_page((unsigned long)page); - return len - count; - } - - static int dsp_write(const char *buf, size_t len) - { - int count = len; -+ char *page = (char *)__get_free_page(GFP_KERNEL); -+ -+ if (!page) -+ return -ENOMEM; - - while (count > 0) { -- int n; -+ int n, k; - unsigned long flags; - -+ k = PAGE_SIZE; -+ if (k > count) -+ k = count; -+ -+ if (copy_from_user(page, buf, k)) { -+ free_page((unsigned long)page); -+ return -EFAULT; -+ } -+ - /* Critical section: protect fifo in non-interrupt */ - spin_lock_irqsave(&dev.lock, flags); -- if ((n = msnd_fifo_write(&dev.DAPF, buf, count, 1)) < 0) { -- printk(KERN_WARNING LOGNAME ": FIFO write error\n"); -- spin_unlock_irqrestore(&dev.lock, flags); -- return n; -- } -+ n = msnd_fifo_write(&dev.DAPF, page, k); - spin_unlock_irqrestore(&dev.lock, flags); - buf += n; - count -= n; - -+ if (count && n == k) -+ continue; -+ - if (!test_bit(F_WRITING, &dev.flags) && (dev.mode & FMODE_WRITE)) { - dev.last_playbank = -1; - if (pack_DAPF_to_DAPQ(1) > 0) - set_bit(F_WRITING, &dev.flags); - } - -- if (dev.play_ndelay) -+ if (dev.play_ndelay) { -+ free_page((unsigned long)page); - return count == len ? -EAGAIN : len - count; -+ } - - if (count > 0) { - set_bit(F_WRITEBLOCK, &dev.flags); -@@ -968,11 +989,14 @@ static int dsp_write(const char *buf, si - &dev.writeblock, - get_play_delay_jiffies(DAP_BUFF_SIZE)); - clear_bit(F_WRITEBLOCK, &dev.flags); -- if (signal_pending(current)) -+ if (signal_pending(current)) { -+ free_page((unsigned long)page); - return -EINTR; -+ } - } - } - -+ free_page((unsigned long)page); - return len - count; - } - ---- linux/drivers/sound/pss.c.bak Wed Jun 16 14:42:24 2004 -+++ linux/drivers/sound/pss.c Wed Jun 16 14:42:34 2004 -@@ -450,20 +450,36 @@ static void pss_mixer_reset(pss_confdata - } - } - --static void arg_to_volume_mono(unsigned int volume, int *aleft) -+static int set_volume_mono(caddr_t p, int *aleft) - { - int left; -+ unsigned volume; -+ if (get_user(volume, (unsigned *)p)) -+ return -EFAULT; - -- left = volume & 0x00ff; -+ left = volume & 0xff; - if (left > 100) - left = 100; - *aleft = left; -+ return 0; - } - --static void arg_to_volume_stereo(unsigned int volume, int *aleft, int *aright) -+static int set_volume_stereo(caddr_t p, int *aleft, int *aright) - { -- arg_to_volume_mono(volume, aleft); -- arg_to_volume_mono(volume >> 8, aright); -+ int left, right; -+ unsigned volume; -+ if (get_user(volume, (unsigned *)p)) -+ return -EFAULT; -+ -+ left = volume & 0xff; -+ if (left > 100) -+ left = 100; -+ right = (volume >> 8) & 0xff; -+ if (right > 100) -+ right = 100; -+ *aleft = left; -+ *aright = right; -+ return 0; - } - - static int ret_vol_mono(int left) -@@ -510,33 +526,38 @@ static int pss_mixer_ioctl (int dev, uns - return call_ad_mixer(devc, cmd, arg); - else - { -- if (*(int *)arg != 0) -+ int v; -+ if (get_user(v, (int *)arg)) -+ return -EFAULT; -+ if (v != 0) - return -EINVAL; - return 0; - } - case SOUND_MIXER_VOLUME: -- arg_to_volume_stereo(*(unsigned int *)arg, &devc->mixer.volume_l, -- &devc->mixer.volume_r); -+ if (set_volume_stereo(arg, -+ &devc->mixer.volume_l, -+ &devc->mixer.volume_r)) -+ return -EFAULT; - set_master_volume(devc, devc->mixer.volume_l, - devc->mixer.volume_r); - return ret_vol_stereo(devc->mixer.volume_l, - devc->mixer.volume_r); - - case SOUND_MIXER_BASS: -- arg_to_volume_mono(*(unsigned int *)arg, -- &devc->mixer.bass); -+ if (set_volume_mono(arg, &devc->mixer.bass)) -+ return -EFAULT; - set_bass(devc, devc->mixer.bass); - return ret_vol_mono(devc->mixer.bass); - - case SOUND_MIXER_TREBLE: -- arg_to_volume_mono(*(unsigned int *)arg, -- &devc->mixer.treble); -+ if (set_volume_mono(arg, &devc->mixer.treble)) -+ return -EFAULT; - set_treble(devc, devc->mixer.treble); - return ret_vol_mono(devc->mixer.treble); - - case SOUND_MIXER_SYNTH: -- arg_to_volume_mono(*(unsigned int *)arg, -- &devc->mixer.synth); -+ if (set_volume_mono(arg, &devc->mixer.synth)) -+ return -EFAULT; - set_synth_volume(devc, devc->mixer.synth); - return ret_vol_mono(devc->mixer.synth); - -@@ -546,54 +567,67 @@ static int pss_mixer_ioctl (int dev, uns - } - else - { -+ int val, and_mask = 0, or_mask = 0; - /* - * Return parameters - */ - switch (cmdf) - { -- - case SOUND_MIXER_DEVMASK: - if (call_ad_mixer(devc, cmd, arg) == -EINVAL) -- *(int *)arg = 0; /* no mixer devices */ -- return (*(int *)arg |= SOUND_MASK_VOLUME | SOUND_MASK_BASS | SOUND_MASK_TREBLE | SOUND_MASK_SYNTH); -+ break; -+ and_mask = ~0; -+ or_mask = SOUND_MASK_VOLUME | SOUND_MASK_BASS | SOUND_MASK_TREBLE | SOUND_MASK_SYNTH; -+ break; - - case SOUND_MIXER_STEREODEVS: - if (call_ad_mixer(devc, cmd, arg) == -EINVAL) -- *(int *)arg = 0; /* no stereo devices */ -- return (*(int *)arg |= SOUND_MASK_VOLUME); -+ break; -+ and_mask = ~0; -+ or_mask = SOUND_MASK_VOLUME; -+ break; - - case SOUND_MIXER_RECMASK: - if (devc->ad_mixer_dev != NO_WSS_MIXER) - return call_ad_mixer(devc, cmd, arg); -- else -- return (*(int *)arg = 0); /* no record devices */ -+ break; - - case SOUND_MIXER_CAPS: - if (devc->ad_mixer_dev != NO_WSS_MIXER) - return call_ad_mixer(devc, cmd, arg); -- else -- return (*(int *)arg = SOUND_CAP_EXCL_INPUT); -+ or_mask = SOUND_CAP_EXCL_INPUT; -+ break; - - case SOUND_MIXER_RECSRC: - if (devc->ad_mixer_dev != NO_WSS_MIXER) - return call_ad_mixer(devc, cmd, arg); -- else -- return (*(int *)arg = 0); /* no record source */ -+ break; - - case SOUND_MIXER_VOLUME: -- return (*(int *)arg = ret_vol_stereo(devc->mixer.volume_l, devc->mixer.volume_r)); -+ or_mask = ret_vol_stereo(devc->mixer.volume_l, devc->mixer.volume_r); -+ break; - - case SOUND_MIXER_BASS: -- return (*(int *)arg = ret_vol_mono(devc->mixer.bass)); -+ or_mask = ret_vol_mono(devc->mixer.bass); -+ break; - - case SOUND_MIXER_TREBLE: -- return (*(int *)arg = ret_vol_mono(devc->mixer.treble)); -+ or_mask = ret_vol_mono(devc->mixer.treble); -+ break; - - case SOUND_MIXER_SYNTH: -- return (*(int *)arg = ret_vol_mono(devc->mixer.synth)); -+ or_mask = ret_vol_mono(devc->mixer.synth); -+ break; - default: - return -EINVAL; - } -+ if (get_user(val, (int *)arg)) -+ return -EFAULT; -+ val &= and_mask; -+ val |= or_mask; -+ if (put_user(val, (int *)arg)) -+ return -EFAULT; -+ return val; - } - } - diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-0535.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-0535.patch deleted file mode 100644 index 669fc5fd32fb..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-0535.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- drivers/net/e1000/e1000_ethtool.c 2003-06-13 15:51:34.000000000 +0100 -+++ drivers/net/e1000/e1000_ethtool.c.plasmaroo 2004-06-24 11:23:32.524963976 +0100 -@@ -468,6 +468,9 @@ - - if(copy_from_user(®s, addr, sizeof(regs))) - return -EFAULT; -+ memset(regs_buff, 0, sizeof(regs_buff)); -+ if (regs.len > E1000_REGS_LEN) -+ regs.len = E1000_REGS_LEN; - e1000_ethtool_gregs(adapter, ®s, regs_buff); - if(copy_to_user(addr, ®s, sizeof(regs))) - return -EFAULT; diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-0685.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-0685.patch deleted file mode 100644 index d1be834cc8a5..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-0685.patch +++ /dev/null @@ -1,83 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/07/26 19:14:16-03:00 mjc@redhat.com -# [PATCH] USB: more sparse fixes -# -# Back in October 2003 Arnaldo commited some fixes prior to 2.6 for some leaking info to userspace in the -# usb drivers: -# http://linux.bkbits.net:8080/linux-2.6/cset@3f986b35LyBKc-OxB8G6k22oOjgYTQ -# -# The corresponding changes have not been commited to 2.4, or included in -# the previous sparse fixes. -# -# drivers/usb/audio.c -# 2004/07/15 08:46:52-03:00 mjc@redhat.com +4 -0 -# USB: more sparse fixes -# -# drivers/usb/brlvger.c -# 2004/07/15 08:47:27-03:00 mjc@redhat.com +1 -0 -# USB: more sparse fixes -# -# drivers/usb/serial/io_edgeport.c -# 2004/07/15 08:48:06-03:00 mjc@redhat.com +1 -0 -# USB: more sparse fixes -# -# drivers/usb/vicam.c -# 2004/07/15 08:47:13-03:00 mjc@redhat.com +1 -0 -# USB: more sparse fixes -# -diff -Nru a/drivers/usb/audio.c b/drivers/usb/audio.c ---- a/drivers/usb/audio.c 2004-08-08 07:41:30 -07:00 -+++ b/drivers/usb/audio.c 2004-08-08 07:41:30 -07:00 -@@ -2141,6 +2141,8 @@ - - if (cmd == SOUND_MIXER_INFO) { - mixer_info info; -+ -+ memset(&info, 0, sizeof(info)); - strncpy(info.id, "USB_AUDIO", sizeof(info.id)); - strncpy(info.name, "USB Audio Class Driver", sizeof(info.name)); - info.modify_counter = ms->modcnt; -@@ -2150,6 +2152,8 @@ - } - if (cmd == SOUND_OLD_MIXER_INFO) { - _old_mixer_info info; -+ -+ memset(&info, 0, sizeof(info)); - strncpy(info.id, "USB_AUDIO", sizeof(info.id)); - strncpy(info.name, "USB Audio Class Driver", sizeof(info.name)); - if (copy_to_user((void *)arg, &info, sizeof(info))) -diff -Nru a/drivers/usb/brlvger.c b/drivers/usb/brlvger.c ---- a/drivers/usb/brlvger.c 2004-08-08 07:41:30 -07:00 -+++ b/drivers/usb/brlvger.c 2004-08-08 07:41:30 -07:00 -@@ -743,6 +743,7 @@ - case BRLVGER_GET_INFO: { - struct brlvger_info vi; - -+ memset(&vi, 0, sizeof(vi)); - strncpy(vi.driver_version, DRIVER_VERSION, - sizeof(vi.driver_version)); - vi.driver_version[sizeof(vi.driver_version)-1] = 0; -diff -Nru a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c ---- a/drivers/usb/serial/io_edgeport.c 2004-08-08 07:41:30 -07:00 -+++ b/drivers/usb/serial/io_edgeport.c 2004-08-08 07:41:30 -07:00 -@@ -1913,6 +1913,7 @@ - - case TIOCGICOUNT: - cnow = edge_port->icount; -+ memset(&icount, 0, sizeof(icount)); - icount.cts = cnow.cts; - icount.dsr = cnow.dsr; - icount.rng = cnow.rng; -diff -Nru a/drivers/usb/vicam.c b/drivers/usb/vicam.c ---- a/drivers/usb/vicam.c 2004-08-08 07:41:30 -07:00 -+++ b/drivers/usb/vicam.c 2004-08-08 07:41:30 -07:00 -@@ -481,6 +481,7 @@ - struct video_capability b; - - DBG("VIDIOCGCAP\n"); -+ memset(&b, 0, sizeof(b)); - strcpy(b.name, "ViCam-based Camera"); - b.type = VID_TYPE_CAPTURE; - b.channels = 1; diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-1016.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-1016.patch deleted file mode 100644 index aa25ac95ed61..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-1016.patch +++ /dev/null @@ -1,75 +0,0 @@ -===== include/linux/socket.h 1.12 vs edited ===== ---- 1.12/include/linux/socket.h 2004-09-09 06:40:01 +10:00 -+++ edited/include/linux/socket.h 2004-11-27 11:53:40 +11:00 -@@ -90,6 +90,10 @@ - (struct cmsghdr *)(ctl) : \ - (struct cmsghdr *)NULL) - #define CMSG_FIRSTHDR(msg) __CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen) -+#define CMSG_OK(mhdr, cmsg) ((cmsg)->cmsg_len >= sizeof(struct cmsghdr) && \ -+ (cmsg)->cmsg_len <= (unsigned long) \ -+ ((mhdr)->msg_controllen - \ -+ ((char *)(cmsg) - (char *)(mhdr)->msg_control))) - - /* - * This mess will go away with glibc -===== net/core/scm.c 1.10 vs edited ===== ---- 1.10/net/core/scm.c 2004-05-31 05:08:14 +10:00 -+++ edited/net/core/scm.c 2004-11-27 11:48:55 +11:00 -@@ -127,9 +127,7 @@ - for too short ancillary data object at all! Oops. - OK, let's add it... - */ -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) -+ if (!CMSG_OK(msg, cmsg)) - goto error; - - if (cmsg->cmsg_level != SOL_SOCKET) -===== net/ipv4/ip_sockglue.c 1.26 vs edited ===== ---- 1.26/net/ipv4/ip_sockglue.c 2004-07-01 06:10:53 +10:00 -+++ edited/net/ipv4/ip_sockglue.c 2004-11-27 11:49:45 +11:00 -@@ -146,11 +146,8 @@ - struct cmsghdr *cmsg; - - for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) - return -EINVAL; -- } - if (cmsg->cmsg_level != SOL_IP) - continue; - switch (cmsg->cmsg_type) { -===== net/ipv6/datagram.c 1.20 vs edited ===== ---- 1.20/net/ipv6/datagram.c 2004-11-10 17:57:03 +11:00 -+++ edited/net/ipv6/datagram.c 2004-11-27 11:51:15 +11:00 -@@ -427,9 +427,7 @@ - int addr_type; - struct net_device *dev = NULL; - -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) { - err = -EINVAL; - goto exit_f; - } -===== net/sctp/socket.c 1.129 vs edited ===== ---- 1.129/net/sctp/socket.c 2004-11-19 08:43:18 +11:00 -+++ edited/net/sctp/socket.c 2004-11-27 11:52:11 +11:00 -@@ -4098,12 +4098,8 @@ - for (cmsg = CMSG_FIRSTHDR(msg); - cmsg != NULL; - cmsg = CMSG_NXTHDR((struct msghdr*)msg, cmsg)) { -- /* Check for minimum length. The SCM code has this check. */ -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) - return -EINVAL; -- } - - /* Should we parse this header or ignore? */ - if (cmsg->cmsg_level != IPPROTO_SCTP) diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-1056.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-1056.patch deleted file mode 100644 index 53b777acaac5..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-1056.patch +++ /dev/null @@ -1,321 +0,0 @@ -diff -ur linux-2.4.28/drivers/char/drm/i810.h linux-2.4.28.plasmaroo/drivers/char/drm/i810.h ---- linux-2.4.28/drivers/char/drm/i810.h 2003-11-28 18:26:20.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm/i810.h 2004-12-23 16:26:31.000000000 +0000 -@@ -114,4 +114,14 @@ - #define DRIVER_AGP_BUFFERS_MAP( dev ) \ - ((drm_i810_private_t *)((dev)->dev_private))->buffer_map - -+#define LOCK_TEST_WITH_RETURN( dev ) \ -+do { \ -+ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ -+ dev->lock.pid != current->pid ) { \ -+ DRM_ERROR( "%s called without lock held\n", \ -+ __FUNCTION__ ); \ -+ return -EINVAL; \ -+ } \ -+} while (0) -+ - #endif -diff -ur linux-2.4.28/drivers/char/drm/i810_dma.c linux-2.4.28.plasmaroo/drivers/char/drm/i810_dma.c ---- linux-2.4.28/drivers/char/drm/i810_dma.c 2004-02-18 13:36:31.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm/i810_dma.c 2004-12-23 16:27:16.000000000 +0000 -@@ -948,10 +948,7 @@ - drm_file_t *priv = filp->private_data; - drm_device_t *dev = priv->dev; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_flush_ioctl called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_flush_queue(dev); - return 0; -@@ -973,10 +970,7 @@ - if (copy_from_user(&vertex, (drm_i810_vertex_t *)arg, sizeof(vertex))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma_vertex called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - if(vertex.idx < 0 || vertex.idx > dma->buf_count) return -EINVAL; - -@@ -1004,10 +998,7 @@ - if (copy_from_user(&clear, (drm_i810_clear_t *)arg, sizeof(clear))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_clear_bufs called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - /* GH: Someone's doing nasty things... */ - if (!dev->dev_private) { -@@ -1026,10 +1017,7 @@ - drm_file_t *priv = filp->private_data; - drm_device_t *dev = priv->dev; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_swap_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_dma_dispatch_swap( dev ); - return 0; -@@ -1064,10 +1052,7 @@ - if (copy_from_user(&d, (drm_i810_dma_t *)arg, sizeof(d))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - d.granted = 0; - -@@ -1174,11 +1159,7 @@ - if (copy_from_user(&mc, (drm_i810_mc_t *)arg, sizeof(mc))) - return -EFAULT; - -- -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma_mc called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_dma_dispatch_mc(dev, dma->buflist[mc.idx], mc.used, - mc.last_render ); -@@ -1223,10 +1204,7 @@ - drm_device_t *dev = priv->dev; - drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_fstatus called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - return I810_READ(0x30008); - } - -@@ -1237,10 +1215,7 @@ - drm_device_t *dev = priv->dev; - drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_ov0_flip called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - //Tell the overlay to update - I810_WRITE(0x30000,dev_priv->overlay_physical | 0x80000000); -diff -ur linux-2.4.28/drivers/char/drm/i830.h linux-2.4.28.plasmaroo/drivers/char/drm/i830.h ---- linux-2.4.28/drivers/char/drm/i830.h 2003-11-28 18:26:20.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm/i830.h 2004-12-23 16:31:33.000000000 +0000 -@@ -154,4 +154,14 @@ - #define DRIVER_AGP_BUFFERS_MAP( dev ) \ - ((drm_i830_private_t *)((dev)->dev_private))->buffer_map - -+#define LOCK_TEST_WITH_RETURN( dev ) \ -+do { \ -+ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ -+ dev->lock.pid != current->pid ) { \ -+ DRM_ERROR( "%s called without lock held\n", \ -+ __FUNCTION__ ); \ -+ return -EINVAL; \ -+ } \ -+} while (0) -+ - #endif -diff -ur linux-2.4.28/drivers/char/drm/i830_dma.c linux-2.4.28.plasmaroo/drivers/char/drm/i830_dma.c ---- linux-2.4.28/drivers/char/drm/i830_dma.c 2004-02-18 13:36:31.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm/i830_dma.c 2004-12-23 16:32:08.000000000 +0000 -@@ -1330,10 +1330,7 @@ - drm_file_t *priv = filp->private_data; - drm_device_t *dev = priv->dev; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_flush_ioctl called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i830_flush_queue(dev); - return 0; -@@ -1354,10 +1351,7 @@ - if (copy_from_user(&vertex, (drm_i830_vertex_t *)arg, sizeof(vertex))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_dma_vertex called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - DRM_DEBUG("i830 dma vertex, idx %d used %d discard %d\n", - vertex.idx, vertex.used, vertex.discard); -@@ -1384,10 +1378,7 @@ - if (copy_from_user(&clear, (drm_i830_clear_t *)arg, sizeof(clear))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_clear_bufs called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - /* GH: Someone's doing nasty things... */ - if (!dev->dev_private) { -@@ -1409,10 +1400,7 @@ - - DRM_DEBUG("i830_swap_bufs\n"); - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_swap_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i830_dma_dispatch_swap( dev ); - return 0; -@@ -1453,10 +1441,7 @@ - - DRM_DEBUG("%s\n", __FUNCTION__); - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_flip_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - if (!dev_priv->page_flipping) - i830_do_init_pageflip( dev ); -@@ -1495,10 +1480,7 @@ - if (copy_from_user(&d, (drm_i830_dma_t *)arg, sizeof(d))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - d.granted = 0; - -diff -ur linux-2.4.28/drivers/char/drm/i830_irq.c linux-2.4.28.plasmaroo/drivers/char/drm/i830_irq.c ---- linux-2.4.28/drivers/char/drm/i830_irq.c 2003-11-28 18:26:20.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm/i830_irq.c 2004-12-23 16:39:47.000000000 +0000 -@@ -130,10 +130,7 @@ - drm_i830_irq_emit_t emit; - int result; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_irq_emit called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - if ( !dev_priv ) { - DRM_ERROR( "%s called with no initialization\n", __FUNCTION__ ); -diff -ur linux-2.4.28/drivers/char/drm-4.0/drmP.h linux-2.4.28.plasmaroo/drivers/char/drm-4.0/drmP.h ---- linux-2.4.28/drivers/char/drm-4.0/drmP.h 2004-02-18 13:36:31.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm-4.0/drmP.h 2004-12-23 16:21:30.000000000 +0000 -@@ -294,6 +294,16 @@ - #define DRM_BUFCOUNT(x) ((x)->count - DRM_LEFTCOUNT(x)) - #define DRM_WAITCOUNT(dev,idx) DRM_BUFCOUNT(&dev->queuelist[idx]->waitlist) - -+#define LOCK_TEST_WITH_RETURN( dev ) \ -+do { \ -+ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ -+ dev->lock.pid != current->pid ) { \ -+ DRM_ERROR( "%s called without lock held\n", \ -+ __FUNCTION__ ); \ -+ return -EINVAL; \ -+ } \ -+} while (0) -+ - typedef int drm_ioctl_t(struct inode *inode, struct file *filp, - unsigned int cmd, unsigned long arg); - -diff -ur linux-2.4.28/drivers/char/drm-4.0/i810_dma.c linux-2.4.28.plasmaroo/drivers/char/drm-4.0/i810_dma.c ---- linux-2.4.28/drivers/char/drm-4.0/i810_dma.c 2004-02-18 13:36:31.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/drm-4.0/i810_dma.c 2004-12-23 16:21:30.000000000 +0000 -@@ -1249,10 +1249,7 @@ - drm_device_t *dev = priv->dev; - - DRM_DEBUG("i810_flush_ioctl\n"); -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_flush_ioctl called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_flush_queue(dev); - return 0; -@@ -1274,10 +1271,7 @@ - if (copy_from_user(&vertex, (drm_i810_vertex_t *)arg, sizeof(vertex))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma_vertex called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - DRM_DEBUG("i810 dma vertex, idx %d used %d discard %d\n", - vertex.idx, vertex.used, vertex.discard); -@@ -1308,10 +1302,7 @@ - if (copy_from_user(&clear, (drm_i810_clear_t *)arg, sizeof(clear))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_clear_bufs called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_dma_dispatch_clear( dev, clear.flags, - clear.clear_color, -@@ -1327,10 +1318,7 @@ - - DRM_DEBUG("i810_swap_bufs\n"); - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_swap_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - i810_dma_dispatch_swap( dev ); - return 0; -@@ -1366,10 +1354,7 @@ - if (copy_from_user(&d, (drm_i810_dma_t *)arg, sizeof(d))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - d.granted = 0; - -@@ -1399,10 +1384,7 @@ - drm_i810_buf_priv_t *buf_priv; - drm_device_dma_t *dma = dev->dma; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN(dev); - - if (copy_from_user(&d, (drm_i810_copy_t *)arg, sizeof(d))) - return -EFAULT; diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-1137.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-1137.patch deleted file mode 100644 index 161806ce79d7..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.CAN-2004-1137.patch +++ /dev/null @@ -1,59 +0,0 @@ ---- linux-2.4.28-orig/net/ipv4/igmp.c 2004-08-08 01:26:06.000000000 +0200 -+++ linux-2.4.28/net/ipv4/igmp.c 2004-12-15 22:12:48.000000000 +0100 -@@ -1757,12 +1757,12 @@ - goto done; - rv = !0; - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, -+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, - sizeof(__u32)); -- if (rv >= 0) -+ if (rv == 0) - break; - } -- if (!rv) /* source not found */ -+ if (rv) /* source not found */ - goto done; - - /* update the interface filter */ -@@ -1804,9 +1804,9 @@ - } - rv = 1; /* > 0 for insert logic below if sl_count is 0 */ - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, -+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, - sizeof(__u32)); -- if (rv >= 0) -+ if (rv == 0) - break; - } - if (rv == 0) /* address already there is an error */ ---- linux-2.4.28-orig/net/ipv6/mcast.c 2004-11-17 12:54:22.000000000 +0100 -+++ linux-2.4.28/net/ipv6/mcast.c 2004-12-15 22:14:07.000000000 +0100 -@@ -386,12 +386,12 @@ - goto done; - rv = !0; - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, group, -+ rv = memcmp(&psl->sl_addr[i], source, - sizeof(struct in6_addr)); -- if (rv >= 0) -+ if (rv == 0) - break; - } -- if (!rv) /* source not found */ -+ if (rv) /* source not found */ - goto done; - - /* update the interface filter */ -@@ -432,8 +432,8 @@ - } - rv = 1; /* > 0 for insert logic below if sl_count is 0 */ - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, group, sizeof(struct in6_addr)); -- if (rv >= 0) -+ rv = memcmp(&psl->sl_addr[i], source, sizeof(struct in6_addr)); -+ if (rv == 0) - break; - } - if (rv == 0) /* address already there is an error */ diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.FPULockup-53804.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.FPULockup-53804.patch deleted file mode 100644 index 1dd5ed87b520..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.FPULockup-53804.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- linux-2.4/include/asm-i386/i387.h 2004-06-13 20:06:05.044881328 +0100 -+++ linux-2.4/include/asm-i386/i387.h 2004-06-13 20:25:42.836829736 +0100 -@@ -34,7 +34,7 @@ - - #define clear_fpu( tsk ) do { \ - if ( tsk->flags & PF_USEDFPU ) { \ -- asm volatile("fwait"); \ -+ asm volatile("fnclex ; fwait"); \ - tsk->flags &= ~PF_USEDFPU; \ - stts(); \ - } \ diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.XDRWrapFix.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.XDRWrapFix.patch deleted file mode 100644 index 9a336ab7876a..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.XDRWrapFix.patch +++ /dev/null @@ -1,48 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/08/16 14:50:04-03:00 neilb@cse.unsw.edu.au -# [PATCH] Fixed possibly xdr parsing error if write size exceed 2^31 -# -# xdr_argsize_check needs to cope with the possibility that the -# pointer has wrapped and could be below buf->base. -# -# Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au> -# -# ### Diffstat output -# ./fs/nfsd/nfs3xdr.c | 2 +- -# ./include/linux/nfsd/xdr3.h | 2 +- -# 2 files changed, 2 insertions(+), 2 deletions(-) -# -# fs/nfsd/nfs3xdr.c -# 2004/08/14 00:23:06-03:00 neilb@cse.unsw.edu.au +1 -1 -# Fixed possibly xdr parsing error if write size exceed 2^31 -# -# include/linux/nfsd/xdr3.h -# 2004/08/15 20:48:43-03:00 neilb@cse.unsw.edu.au +1 -1 -# Fixed possibly xdr parsing error if write size exceed 2^31 -# -diff -Nru a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c ---- a/fs/nfsd/nfs3xdr.c 2004-09-06 11:20:28 -07:00 -+++ b/fs/nfsd/nfs3xdr.c 2004-09-06 11:20:28 -07:00 -@@ -273,7 +273,7 @@ - { - struct svc_buf *buf = &rqstp->rq_argbuf; - -- return p - buf->base <= buf->buflen; -+ return p >= buf->base && p <= buf->base + buf->buflen ; - } - - static inline int -diff -Nru a/include/linux/nfsd/xdr3.h b/include/linux/nfsd/xdr3.h ---- a/include/linux/nfsd/xdr3.h 2004-09-06 11:20:28 -07:00 -+++ b/include/linux/nfsd/xdr3.h 2004-09-06 11:20:28 -07:00 -@@ -41,7 +41,7 @@ - __u32 count; - int stable; - __u8 * data; -- int len; -+ __u32 len; - }; - - struct nfsd3_createargs { diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.binfmt_a.out.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.binfmt_a.out.patch deleted file mode 100644 index 4644ae28bce4..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.binfmt_a.out.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -Nru linux-2.4.28/fs/exec.c linux-2.4.28.plasmaroo/fs/exec.c ---- linux-2.4.28/fs/exec.c 2004-04-15 10:44:45 -07:00 -+++ linux-2.4.28.plasmaroo/fs/exec.c 2004-11-12 12:02:40 -08:00 -@@ -342,6 +342,7 @@ int setup_arg_pages(struct linux_binprm - - down_write(¤t->mm->mmap_sem); - { -+ struct vm_area_struct *vma; - mpnt->vm_mm = current->mm; - mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p; - mpnt->vm_end = STACK_TOP; -@@ -351,6 +352,12 @@ int setup_arg_pages(struct linux_binprm - mpnt->vm_pgoff = 0; - mpnt->vm_file = NULL; - mpnt->vm_private_data = (void *) 0; -+ vma = find_vma(current->mm, mpnt->vm_start); -+ if (vma) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return -ENOMEM; -+ } - insert_vm_struct(current->mm, mpnt); - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } -diff -Nru linux-2.4.28/fs/exec.c linux-2.4.28.plasmaroo/fs/exec.c ---- linux-2.4.28/fs/binfmt_aout.c 2002-02-04 23:54:04 -08:00 -+++ linux-2.4.28.plasmaroo/fs/binfmt_aout.c 2004-11-12 11:55:14 -08:00 -@@ -39,13 +39,18 @@ static struct linux_binfmt aout_format = - NULL, THIS_MODULE, load_aout_binary, load_aout_library, aout_core_dump, PAGE_SIZE - }; - --static void set_brk(unsigned long start, unsigned long end) -+#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) -+ -+static int set_brk(unsigned long start, unsigned long end) - { - start = PAGE_ALIGN(start); - end = PAGE_ALIGN(end); -- if (end <= start) -- return; -- do_brk(start, end - start); -+ if (end > start) { -+ unsigned long addr = do_brk(start, end - start); -+ if (BAD_ADDR(addr)) -+ return addr; -+ } -+ return 0; - } - - /* -@@ -405,7 +410,11 @@ static int load_aout_binary(struct linux - beyond_if: - set_binfmt(&aout_format); - -- set_brk(current->mm->start_brk, current->mm->brk); -+ retval = set_brk(current->mm->start_brk, current->mm->brk); -+ if (retval < 0) { -+ send_sig(SIGKILL, current, 0); -+ return retval; -+ } - - retval = setup_arg_pages(bprm); - if (retval < 0) { diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.binfmt_elf.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.binfmt_elf.patch deleted file mode 100644 index 9f4f44ee78f5..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.binfmt_elf.patch +++ /dev/null @@ -1,85 +0,0 @@ -diff -ur linux-2.4.27/fs/binfmt_elf.c linux-2.4.27.plasmaroo/fs/binfmt_elf.c ---- linux-2.4.27/fs/binfmt_elf.c 2004-04-14 14:05:40.000000000 +0100 -+++ linux-2.4.27.plasmaroo/fs/binfmt_elf.c 2004-11-19 21:30:26.745410824 +0000 -@@ -299,9 +299,12 @@ - goto out; - - retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size); -- error = retval; -- if (retval < 0) -+ error = -EIO; -+ if (retval != size) { -+ if (retval < 0) -+ error = retval; - goto out_close; -+ } - - eppnt = elf_phdata; - for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) { -@@ -475,8 +478,11 @@ - goto out; - - retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size); -- if (retval < 0) -+ if (retval != size) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_ph; -+ } - - files = current->files; /* Refcounted so ok */ - retval = unshare_files(); -@@ -513,7 +519,8 @@ - */ - - retval = -ENOMEM; -- if (elf_ppnt->p_filesz > PATH_MAX) -+ if (elf_ppnt->p_filesz > PATH_MAX || -+ elf_ppnt->p_filesz == 0) - goto out_free_file; - elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz, - GFP_KERNEL); -@@ -523,8 +530,16 @@ - retval = kernel_read(bprm->file, elf_ppnt->p_offset, - elf_interpreter, - elf_ppnt->p_filesz); -- if (retval < 0) -+ if (retval != elf_ppnt->p_filesz) { -+ if (retval >= 0) -+ retval = -EIO; -+ goto out_free_interp; -+ } -+ /* make sure path is NULL terminated */ -+ retval = -EINVAL; -+ if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0') - goto out_free_interp; -+ - /* If the program interpreter is one of these two, - * then assume an iBCS2 image. Otherwise assume - * a native linux image. -@@ -543,8 +558,11 @@ - if (IS_ERR(interpreter)) - goto out_free_interp; - retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE); -- if (retval < 0) -+ if (retval != BINPRM_BUF_SIZE) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_dentry; -+ } - - /* Get the exec headers */ - interp_ex = *((struct exec *) bprm->buf); -@@ -682,8 +700,10 @@ - } - - error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags); -- if (BAD_ADDR(error)) -- continue; -+ if (BAD_ADDR(error)) { -+ send_sig(SIGKILL, current, 0); -+ goto out_free_dentry; -+ } - - if (!load_addr_set) { - load_addr_set = 1; diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.brk-locked.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.brk-locked.patch deleted file mode 100644 index 210f3662389e..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.brk-locked.patch +++ /dev/null @@ -1,258 +0,0 @@ -diff -urp linux-2.4.26-uc0-r11/arch/mips/kernel/irixelf.c linux-2.4.26-uc0-r12/arch/mips/kernel/irixelf.c ---- linux-2.4.26-uc0-r11/arch/mips/kernel/irixelf.c 2003-08-25 12:44:40.000000000 +0100 -+++ linux-2.4.26-uc0-r12/arch/mips/kernel/irixelf.c 2005-01-09 10:13:45.047954792 +0000 -@@ -130,7 +130,7 @@ static void set_brk(unsigned long start, - end = PAGE_ALIGN(end); - if (end <= start) - return; -- do_brk(start, end - start); -+ do_brk_locked(start, end - start); - } - - -@@ -379,7 +379,7 @@ static unsigned int load_irix_interp(str - - /* Map the last of the bss segment */ - if (last_bss > len) { -- do_brk(len, (last_bss - len)); -+ do_brk_locked(len, (last_bss - len)); - } - kfree(elf_phdata); - -@@ -567,7 +567,7 @@ void irix_map_prda_page (void) - unsigned long v; - struct prda *pp; - -- v = do_brk (PRDA_ADDRESS, PAGE_SIZE); -+ v = do_brk_locked (PRDA_ADDRESS, PAGE_SIZE); - - if (v < 0) - return; -@@ -859,7 +859,7 @@ static int load_irix_library(struct file - len = (elf_phdata->p_filesz + elf_phdata->p_vaddr+ 0xfff) & 0xfffff000; - bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; - if (bss > len) -- do_brk(len, bss-len); -+ do_brk_locked(len, bss-len); - kfree(elf_phdata); - return 0; - } -diff -urp linux-2.4.26-uc0-r11/arch/sparc64/kernel/binfmt_aout32.c linux-2.4.26-uc0-r12/arch/sparc64/kernel/binfmt_aout32.c ---- linux-2.4.26-uc0-r11/arch/sparc64/kernel/binfmt_aout32.c 2002-08-03 01:39:43.000000000 +0100 -+++ linux-2.4.26-uc0-r12/arch/sparc64/kernel/binfmt_aout32.c 2005-01-09 10:13:45.054953728 +0000 -@@ -49,7 +49,7 @@ static void set_brk(unsigned long start, - end = PAGE_ALIGN(end); - if (end <= start) - return; -- do_brk(start, end - start); -+ do_brk_locked(start, end - start); - } - - /* -@@ -246,10 +246,10 @@ static int load_aout32_binary(struct lin - if (N_MAGIC(ex) == NMAGIC) { - loff_t pos = fd_offset; - /* Fuck me plenty... */ -- error = do_brk(N_TXTADDR(ex), ex.a_text); -+ error = do_brk_locked(N_TXTADDR(ex), ex.a_text); - bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), - ex.a_text, &pos); -- error = do_brk(N_DATADDR(ex), ex.a_data); -+ error = do_brk_locked(N_DATADDR(ex), ex.a_data); - bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex), - ex.a_data, &pos); - goto beyond_if; -@@ -257,7 +257,7 @@ static int load_aout32_binary(struct lin - - if (N_MAGIC(ex) == OMAGIC) { - loff_t pos = fd_offset; -- do_brk(N_TXTADDR(ex) & PAGE_MASK, -+ do_brk_locked(N_TXTADDR(ex) & PAGE_MASK, - ex.a_text+ex.a_data + PAGE_SIZE - 1); - bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), - ex.a_text+ex.a_data, &pos); -@@ -272,7 +272,7 @@ static int load_aout32_binary(struct lin - - if (!bprm->file->f_op->mmap) { - loff_t pos = fd_offset; -- do_brk(0, ex.a_text+ex.a_data); -+ do_brk_locked(0, ex.a_text+ex.a_data); - bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), - ex.a_text+ex.a_data, &pos); - goto beyond_if; -@@ -388,7 +388,7 @@ static int load_aout32_library(struct fi - len = PAGE_ALIGN(ex.a_text + ex.a_data); - bss = ex.a_text + ex.a_data + ex.a_bss; - if (bss > len) { -- error = do_brk(start_addr + len, bss - len); -+ error = do_brk_locked(start_addr + len, bss - len); - retval = error; - if (error != start_addr + len) - goto out; -diff -urp linux-2.4.26-uc0-r11/fs/binfmt_aout.c linux-2.4.26-uc0-r12/fs/binfmt_aout.c ---- linux-2.4.26-uc0-r11/fs/binfmt_aout.c 2005-01-09 10:09:44.000000000 +0000 -+++ linux-2.4.26-uc0-r12/fs/binfmt_aout.c 2005-01-09 10:13:45.000000000 +0000 -@@ -46,7 +46,7 @@ static int set_brk(unsigned long start, - start = PAGE_ALIGN(start); - end = PAGE_ALIGN(end); - if (end > start) { -- unsigned long addr = do_brk(start, end - start); -+ unsigned long addr = do_brk_locked(start, end - start); - if (BAD_ADDR(addr)) - return addr; - } -@@ -317,10 +317,10 @@ static int load_aout_binary(struct linux - loff_t pos = fd_offset; - /* Fuck me plenty... */ - /* <AOL></AOL> */ -- error = do_brk(N_TXTADDR(ex), ex.a_text); -+ error = do_brk_locked(N_TXTADDR(ex), ex.a_text); - bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), - ex.a_text, &pos); -- error = do_brk(N_DATADDR(ex), ex.a_data); -+ error = do_brk_locked(N_DATADDR(ex), ex.a_data); - bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex), - ex.a_data, &pos); - goto beyond_if; -@@ -341,7 +341,7 @@ static int load_aout_binary(struct linux - map_size = ex.a_text+ex.a_data; - #endif - -- error = do_brk(text_addr & PAGE_MASK, map_size); -+ error = do_brk_locked(text_addr & PAGE_MASK, map_size); - if (error != (text_addr & PAGE_MASK)) { - send_sig(SIGKILL, current, 0); - return error; -@@ -375,7 +375,7 @@ static int load_aout_binary(struct linux - - if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { - loff_t pos = fd_offset; -- do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); -+ do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data); - bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), - ex.a_text+ex.a_data, &pos); - flush_icache_range((unsigned long) N_TXTADDR(ex), -@@ -483,7 +483,7 @@ static int load_aout_library(struct file - error_time = jiffies; - } - -- do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); -+ do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss); - - file->f_op->read(file, (char *)start_addr, - ex.a_text + ex.a_data, &pos); -@@ -507,7 +507,7 @@ static int load_aout_library(struct file - len = PAGE_ALIGN(ex.a_text + ex.a_data); - bss = ex.a_text + ex.a_data + ex.a_bss; - if (bss > len) { -- error = do_brk(start_addr + len, bss - len); -+ error = do_brk_locked(start_addr + len, bss - len); - retval = error; - if (error != start_addr + len) - goto out; -diff -urp linux-2.4.26-uc0-r11/fs/binfmt_elf.c linux-2.4.26-uc0-r12/fs/binfmt_elf.c ---- linux-2.4.26-uc0-r11/fs/binfmt_elf.c 2005-01-09 10:09:44.000000000 +0000 -+++ linux-2.4.26-uc0-r12/fs/binfmt_elf.c 2005-01-09 10:13:45.000000000 +0000 -@@ -85,7 +85,7 @@ static void set_brk(unsigned long start, - end = ELF_PAGEALIGN(end); - if (end <= start) - return; -- do_brk(start, end - start); -+ do_brk_locked(start, end - start); - } - - -@@ -286,7 +286,9 @@ static unsigned long load_elf_interp(str - */ - if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr)) - goto out; -- if (interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr)) -+ -+ if (interp_elf_ex->e_phnum < 1 || -+ interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr)) - goto out; - - /* Now read in all of the header information */ -@@ -361,7 +363,7 @@ static unsigned long load_elf_interp(str - - /* Map the last of the bss segment */ - if (last_bss > elf_bss) -- do_brk(elf_bss, last_bss - elf_bss); -+ do_brk_locked(elf_bss, last_bss - elf_bss); - - *interp_load_addr = load_addr; - error = ((unsigned long) interp_elf_ex->e_entry) + load_addr; -@@ -399,7 +401,7 @@ static unsigned long load_aout_interp(st - goto out; - } - -- do_brk(0, text_data); -+ do_brk_locked(0, text_data); - retval = -ENOEXEC; - if (!interpreter->f_op || !interpreter->f_op->read) - goto out; -@@ -409,7 +411,7 @@ static unsigned long load_aout_interp(st - flush_icache_range((unsigned long)addr, - (unsigned long)addr + text_data); - -- do_brk(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), -+ do_brk_locked(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), - interp_ex->a_bss); - elf_entry = interp_ex->a_entry; - -@@ -923,7 +925,7 @@ static int load_elf_library(struct file - len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1); - bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; - if (bss > len) -- do_brk(len, bss - len); -+ do_brk_locked(len, bss - len); - error = 0; - - out_free_ph: -diff -urp linux-2.4.26-uc0-r11/include/linux/mm.h linux-2.4.26-uc0-r12/include/linux/mm.h ---- linux-2.4.26-uc0-r11/include/linux/mm.h 2005-01-09 10:09:44.000000000 +0000 -+++ linux-2.4.26-uc0-r12/include/linux/mm.h 2005-01-09 10:13:45.000000000 +0000 -@@ -616,6 +616,7 @@ out: - extern int do_munmap(struct mm_struct *, unsigned long, size_t); - - extern unsigned long do_brk(unsigned long, unsigned long); -+extern unsigned long do_brk_locked(unsigned long, unsigned long); - - static inline void __vma_unlink(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct * prev) - { -diff -urp linux-2.4.26-uc0-r11/kernel/ksyms.c linux-2.4.26-uc0-r12/kernel/ksyms.c ---- linux-2.4.26-uc0-r11/kernel/ksyms.c 2005-01-09 10:09:39.000000000 +0000 -+++ linux-2.4.26-uc0-r12/kernel/ksyms.c 2005-01-09 10:14:13.000000000 +0000 -@@ -89,6 +89,7 @@ EXPORT_SYMBOL(do_mmap_pgoff); - EXPORT_SYMBOL(do_munmap); - #ifndef NO_MM - EXPORT_SYMBOL(do_brk); -+EXPORT_SYMBOL(do_brk_locked); - #endif - EXPORT_SYMBOL(exit_mm); - EXPORT_SYMBOL(exit_files); -diff -urp linux-2.4.26-uc0-r11/mm/mmap.c linux-2.4.26-uc0-r12/mm/mmap.c ---- linux-2.4.26-uc0-r11/mm/mmap.c 2005-01-09 10:09:44.000000000 +0000 -+++ linux-2.4.26-uc0-r12/mm/mmap.c 2005-01-09 10:13:45.000000000 +0000 -@@ -1116,6 +1116,21 @@ out: - return addr; - } - -+/* locking version of do_brk. */ -+unsigned long do_brk_locked(unsigned long addr, unsigned long len) -+{ -+ unsigned long ret; -+ -+ down_write(¤t->mm->mmap_sem); -+ ret = do_brk(addr, len); -+ up_write(¤t->mm->mmap_sem); -+ -+ return ret; -+} -+ -+ -+ -+ - /* Build the RB tree corresponding to the VMA list. */ - void build_mmap_rb(struct mm_struct * mm) - { diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.cmdlineLeak.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.cmdlineLeak.patch deleted file mode 100644 index 5f26f7f388f6..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.cmdlineLeak.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- linux-2.4/fs/proc/base.c 2004-04-15 07:09:32.000000000 +0100 -+++ linux-2.4/fs/proc/base.c.plasmaroo 2004-08-09 23:30:43.869195800 +0100 -@@ -187,7 +187,7 @@ static int proc_pid_cmdline(struct task_ - if (mm) - atomic_inc(&mm->mm_users); - task_unlock(task); -- if (mm) { -+ if (mm && mm->arg_end) { - int len = mm->arg_end - mm->arg_start; - if (len > PAGE_SIZE) - len = PAGE_SIZE; diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.smbfs.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.smbfs.patch deleted file mode 100644 index 63c5ba30403f..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.smbfs.patch +++ /dev/null @@ -1,97 +0,0 @@ -diff -ur linux-2.4.27/fs/smbfs/proc.c linux-2.4.28/fs/smbfs/proc.c ---- linux-2.4.27/fs/smbfs/proc.c 2004-11-12 19:32:24.000000000 +0000 -+++ linux-2.4.28/fs/smbfs/proc.c 2004-11-19 20:18:27.000000000 +0000 -@@ -1289,10 +1289,12 @@ - data_len = WVAL(buf, 1); - - /* we can NOT simply trust the data_len given by the server ... */ -- if (data_len > server->packet_size - (buf+3 - server->packet)) { -- printk(KERN_ERR "smb_proc_read: invalid data length!! " -- "%d > %d - (%p - %p)\n", -- data_len, server->packet_size, buf+3, server->packet); -+ if (data_len > count || -+ (buf+3 - server->packet) + data_len > server->packet_size) { -+ printk(KERN_ERR "smb_proc_read: invalid data length/offset!! " -+ "%d > %d || (%p - %p) + %d > %d\n", -+ data_len, count, -+ buf+3, server->packet, data_len, server->packet_size); - result = -EIO; - goto out; - } -@@ -1378,10 +1380,12 @@ - buf = smb_base(server->packet) + data_off; - - /* we can NOT simply trust the info given by the server ... */ -- if (data_len > server->packet_size - (buf - server->packet)) { -- printk(KERN_ERR "smb_proc_read: invalid data length!! " -- "%d > %d - (%p - %p)\n", -- data_len, server->packet_size, buf, server->packet); -+ if (data_len > count || -+ (buf - server->packet) + data_len > server->packet_size) { -+ printk(KERN_ERR "smb_proc_readX: invalid data length/offset!! " -+ "%d > %d || (%p - %p) + %d > %d\n", -+ data_len, count, -+ buf, server->packet, data_len, server->packet_size); - result = -EIO; - goto out; - } -diff -ur linux-2.4.27/fs/smbfs/sock.c linux-2.4.28/fs/smbfs/sock.c ---- linux-2.4.27/fs/smbfs/sock.c 2004-11-12 19:32:24.000000000 +0000 -+++ linux-2.4.28/fs/smbfs/sock.c 2004-11-19 20:18:27.000000000 +0000 -@@ -571,7 +571,11 @@ - parm_disp, parm_offset, parm_count, - data_disp, data_offset, data_count); - *parm = base + parm_offset; -+ if (*parm - inbuf + parm_tot > server->packet_size) -+ goto out_bad_parm; - *data = base + data_offset; -+ if (*data - inbuf + data_tot > server->packet_size) -+ goto out_bad_data; - goto success; - } - -@@ -591,6 +595,8 @@ - rcv_buf = smb_vmalloc(buf_len); - if (!rcv_buf) - goto out_no_mem; -+ memset(rcv_buf, 0, buf_len); -+ - *parm = rcv_buf; - *data = rcv_buf + total_p; - } else if (data_tot > total_d || parm_tot > total_p) -@@ -598,8 +604,12 @@ - - if (parm_disp + parm_count > total_p) - goto out_bad_parm; -+ if (parm_offset + parm_count > server->packet_size) -+ goto out_bad_parm; - if (data_disp + data_count > total_d) - goto out_bad_data; -+ if (data_offset + data_count > server->packet_size) -+ goto out_bad_data; - memcpy(*parm + parm_disp, base + parm_offset, parm_count); - memcpy(*data + data_disp, base + data_offset, data_count); - -@@ -610,8 +620,11 @@ - * Check whether we've received all of the data. Note that - * we use the packet totals -- total lengths might shrink! - */ -- if (data_len >= data_tot && parm_len >= parm_tot) -+ if (data_len >= data_tot && parm_len >= parm_tot) { -+ data_len = data_tot; -+ parm_len = parm_tot; - break; -+ } - } - - /* -@@ -625,6 +638,9 @@ - server->packet = rcv_buf; - rcv_buf = inbuf; - } else { -+ if (parm_len + data_len > buf_len) -+ goto out_data_grew; -+ - PARANOIA("copying data, old size=%d, new size=%u\n", - server->packet_size, buf_len); - memcpy(inbuf, rcv_buf, parm_len + data_len); diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.vma.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.vma.patch deleted file mode 100644 index 2469dd5ab2c5..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.vma.patch +++ /dev/null @@ -1,246 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/12/17 21:45:58-02:00 chrisw@osdl.org -# [PATCH] Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). -# -# Backport of 2.6 fix to insert_vm_struct to make it return an error -# rather than BUG(). This eliminates a user triggerable BUG() when user -# created a large vma that overlapped with arg pages during exec (could be -# triggered with a.out on i386 and x86_64 and elf on ia64). -# -# Signed-off-by: Chris Wright <chrisw@osdl.org> -# -# ===== arch/ia64/ia32/binfmt_elf32.c 1.13 vs edited ===== -# -# arch/ia64/ia32/binfmt_elf32.c -# 2004/12/17 17:22:06-02:00 chrisw@osdl.org +16 -4 -# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). -# -# arch/ia64/mm/init.c -# 2004/12/17 15:25:47-02:00 chrisw@osdl.org +14 -2 -# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). -# -# arch/s390x/kernel/exec32.c -# 2004/12/17 15:32:42-02:00 chrisw@osdl.org +6 -2 -# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). This eliminates a user triggerable BUG() when user -# -# arch/x86_64/ia32/ia32_binfmt.c -# 2004/12/17 15:34:21-02:00 chrisw@osdl.org +6 -2 -# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). This eliminates a user triggerable BUG() when user -# -# fs/exec.c -# 2004/12/17 15:54:18-02:00 chrisw@osdl.org +6 -2 -# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). -# -# include/linux/mm.h -# 2004/12/16 20:38:37-02:00 chrisw@osdl.org +1 -1 -# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). This eliminates a user triggerable BUG() when user -# -# mm/mmap.c -# 2004/12/16 20:43:15-02:00 chrisw@osdl.org +3 -2 -# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). -# -diff -Nru a/arch/ia64/ia32/binfmt_elf32.c b/arch/ia64/ia32/binfmt_elf32.c ---- a/arch/ia64/ia32/binfmt_elf32.c 2004-12-19 07:39:49 -08:00 -+++ b/arch/ia64/ia32/binfmt_elf32.c 2004-12-19 07:39:49 -08:00 -@@ -95,7 +95,11 @@ - vma->vm_private_data = NULL; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -117,7 +121,11 @@ - vma->vm_private_data = NULL; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -164,7 +172,7 @@ - { - unsigned long stack_base; - struct vm_area_struct *mpnt; -- int i; -+ int i, ret; - - stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - -@@ -188,7 +196,11 @@ - mpnt->vm_pgoff = 0; - mpnt->vm_file = NULL; - mpnt->vm_private_data = 0; -- insert_vm_struct(current->mm, mpnt); -+ if ((ret = insert_vm_struct(current->mm, mpnt))) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -Nru a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c ---- a/arch/ia64/mm/init.c 2004-12-19 07:39:49 -08:00 -+++ b/arch/ia64/mm/init.c 2004-12-19 07:39:49 -08:00 -@@ -105,7 +105,13 @@ - vma->vm_pgoff = 0; - vma->vm_file = NULL; - vma->vm_private_data = NULL; -- insert_vm_struct(current->mm, vma); -+ down_write(¤t->mm->mmap_sem); -+ if (insert_vm_struct(current->mm, vma)) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return; -+ } -+ up_write(¤t->mm->mmap_sem); - } - - /* map NaT-page at address zero to speed up speculative dereferencing of NULL: */ -@@ -117,7 +123,13 @@ - vma->vm_end = PAGE_SIZE; - vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT); - vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO | VM_RESERVED; -- insert_vm_struct(current->mm, vma); -+ down_write(¤t->mm->mmap_sem); -+ if (insert_vm_struct(current->mm, vma)) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return; -+ } -+ up_write(¤t->mm->mmap_sem); - } - } - } -diff -Nru a/arch/s390x/kernel/exec32.c b/arch/s390x/kernel/exec32.c ---- a/arch/s390x/kernel/exec32.c 2004-12-19 07:39:49 -08:00 -+++ b/arch/s390x/kernel/exec32.c 2004-12-19 07:39:49 -08:00 -@@ -41,7 +41,7 @@ - { - unsigned long stack_base; - struct vm_area_struct *mpnt; -- int i; -+ int i, ret; - - stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - -@@ -65,7 +65,11 @@ - mpnt->vm_pgoff = 0; - mpnt->vm_file = NULL; - mpnt->vm_private_data = (void *) 0; -- insert_vm_struct(current->mm, mpnt); -+ if ((ret = insert_vm_struct(current->mm, mpnt))) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -Nru a/arch/x86_64/ia32/ia32_binfmt.c b/arch/x86_64/ia32/ia32_binfmt.c ---- a/arch/x86_64/ia32/ia32_binfmt.c 2004-12-19 07:39:49 -08:00 -+++ b/arch/x86_64/ia32/ia32_binfmt.c 2004-12-19 07:39:49 -08:00 -@@ -225,7 +225,7 @@ - { - unsigned long stack_base; - struct vm_area_struct *mpnt; -- int i; -+ int i, ret; - - stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - -@@ -250,7 +250,11 @@ - mpnt->vm_pgoff = 0; - mpnt->vm_file = NULL; - mpnt->vm_private_data = (void *) 0; -- insert_vm_struct(current->mm, mpnt); -+ if ((ret = insert_vm_struct(current->mm, mpnt))) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -Nru a/fs/exec.c b/fs/exec.c ---- a/fs/exec.c 2004-12-19 07:39:49 -08:00 -+++ b/fs/exec.c 2004-12-19 07:39:49 -08:00 -@@ -327,7 +327,7 @@ - { - unsigned long stack_base; - struct vm_area_struct *mpnt; -- int i; -+ int i, ret; - - stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - -@@ -387,7 +387,6 @@ - - down_write(¤t->mm->mmap_sem); - { -- struct vm_area_struct *vma; - mpnt->vm_mm = current->mm; - mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p; - mpnt->vm_end = STACK_TOP; -@@ -402,13 +401,11 @@ - mpnt->vm_pgoff = 0; - mpnt->vm_file = NULL; - mpnt->vm_private_data = (void *) 0; -- vma = find_vma(current->mm, mpnt->vm_start); -- if (vma) { -+ if ((ret = insert_vm_struct(current->mm, mpnt))) { - up_write(¤t->mm->mmap_sem); - kmem_cache_free(vm_area_cachep, mpnt); -- return -ENOMEM; -+ return ret; - } -- insert_vm_struct(current->mm, mpnt); - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -Nru a/include/linux/mm.h b/include/linux/mm.h ---- a/include/linux/mm.h 2004-12-19 07:39:49 -08:00 -+++ b/include/linux/mm.h 2004-12-19 07:39:49 -08:00 -@@ -548,7 +548,7 @@ - /* mmap.c */ - extern void lock_vma_mappings(struct vm_area_struct *); - extern void unlock_vma_mappings(struct vm_area_struct *); --extern void insert_vm_struct(struct mm_struct *, struct vm_area_struct *); -+extern int insert_vm_struct(struct mm_struct *, struct vm_area_struct *); - extern void __insert_vm_struct(struct mm_struct *, struct vm_area_struct *); - extern void build_mmap_rb(struct mm_struct *); - extern void exit_mmap(struct mm_struct *); -diff -Nru a/mm/mmap.c b/mm/mmap.c ---- a/mm/mmap.c 2004-12-19 07:39:49 -08:00 -+++ b/mm/mmap.c 2004-12-19 07:39:49 -08:00 -@@ -1193,14 +1193,15 @@ - validate_mm(mm); - } - --void insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) -+int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) - { - struct vm_area_struct * __vma, * prev; - rb_node_t ** rb_link, * rb_parent; - - __vma = find_vma_prepare(mm, vma->vm_start, &prev, &rb_link, &rb_parent); - if (__vma && __vma->vm_start < vma->vm_end) -- BUG(); -+ return -ENOMEM; - vma_link(mm, vma, prev, rb_link, rb_parent); - validate_mm(mm); -+ return 0; - } diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.75963.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.75963.patch deleted file mode 100644 index 80390f13bd73..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.75963.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- linux-2.6.10/security/dummy.c 2004-12-24 21:34:26.000000000 +0000 -+++ linux-2.6.10.plasmaroo/security/dummy.c 2005-01-07 20:13:50.763073872 +0000 -@@ -74,11 +74,8 @@ - - static int dummy_capable (struct task_struct *tsk, int cap) - { -- if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0) -- /* capability granted */ -+ if (cap_raised (tsk->cap_effective, cap)) - return 0; -- -- /* capability denied */ - return -EPERM; - } - -@@ -191,6 +188,8 @@ - - current->suid = current->euid = current->fsuid = bprm->e_uid; - current->sgid = current->egid = current->fsgid = bprm->e_gid; -+ -+ dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); - } - - static int dummy_bprm_set_security (struct linux_binprm *bprm) -@@ -550,6 +549,7 @@ - - static int dummy_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags) - { -+ dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); - return 0; - } - diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.77094.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.77094.patch deleted file mode 100644 index 6b2c7bdb2317..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.77094.patch +++ /dev/null @@ -1,142 +0,0 @@ -diff -urp linux-2.6.8.1-r7/drivers/block/scsi_ioctl.c linux-2.6.8.1-r8/drivers/block/scsi_ioctl.c ---- linux-2.6.8.1-r7/drivers/block/scsi_ioctl.c 2004-08-14 11:56:23.000000000 +0100 -+++ linux-2.6.8.1-r8/drivers/block/scsi_ioctl.c 2005-01-09 12:09:55.345308528 +0000 -@@ -304,7 +304,8 @@ static int sg_scsi_ioctl(struct file *fi - struct gendisk *bd_disk, Scsi_Ioctl_Command __user *sic) - { - struct request *rq; -- int err, in_len, out_len, bytes, opcode, cmdlen; -+ unsigned int in_len, out_len, bytes, opcode, cmdlen; -+ int err; - char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE]; - - /* -diff -urp linux-2.6.8.1-r7/drivers/char/moxa.c linux-2.6.8.1-r8/drivers/char/moxa.c ---- linux-2.6.8.1-r7/drivers/char/moxa.c 2005-01-09 12:06:21.000000000 +0000 -+++ linux-2.6.8.1-r8/drivers/char/moxa.c 2005-01-09 12:09:55.327311264 +0000 -@@ -1687,6 +1687,8 @@ int MoxaDriverIoctl(unsigned int cmd, un - return -EFAULT; - if(dltmp.cardno < 0 || dltmp.cardno >= MAX_BOARDS) - return -EINVAL; -+ if(dltmp.len < 0 || dltmp.len > sizeof(moxaBuff)) -+ return -EINVAL; - - switch(cmd) - { -@@ -2841,8 +2843,6 @@ static int moxaload320b(int cardno, unsi - unsigned long baseAddr; - int i; - -- if(len > sizeof(moxaBuff)) -- return -EINVAL; - if(copy_from_user(moxaBuff, tmp, len)) - return -EFAULT; - baseAddr = moxaBaseAddr[cardno]; -diff -urp linux-2.6.8.1-r7/drivers/char/random.c linux-2.6.8.1-r8/drivers/char/random.c ---- linux-2.6.8.1-r7/drivers/char/random.c 2004-08-14 11:54:48.000000000 +0100 -+++ linux-2.6.8.1-r8/drivers/char/random.c 2005-01-09 12:09:55.358306552 +0000 -@@ -1917,7 +1917,7 @@ static int poolsize_strategy(ctl_table * - void __user *oldval, size_t __user *oldlenp, - void __user *newval, size_t newlen, void **context) - { -- int len; -+ size_t len; - - sysctl_poolsize = random_state->poolinfo.POOLBYTES; - -diff -urp linux-2.6.8.1-r7/include/linux/writeback.h linux-2.6.8.1-r8/include/linux/writeback.h ---- linux-2.6.8.1-r7/include/linux/writeback.h 2004-08-14 11:54:49.000000000 +0100 -+++ linux-2.6.8.1-r8/include/linux/writeback.h 2005-01-09 12:09:55.000000000 +0000 -@@ -74,6 +74,7 @@ static inline void wait_on_inode(struct - int wakeup_bdflush(long nr_pages); - void laptop_io_completion(void); - void laptop_sync_completion(void); -+void throttle_vm_writeout(void); - - /* These are exported to sysctl. */ - extern int dirty_background_ratio; -diff -urp linux-2.6.8.1-r7/mm/mmap.c linux-2.6.8.1-r8/mm/mmap.c ---- linux-2.6.8.1-r7/mm/mmap.c 2005-01-09 12:06:23.000000000 +0000 -+++ linux-2.6.8.1-r8/mm/mmap.c 2005-01-09 12:09:55.000000000 +0000 -@@ -1223,6 +1223,13 @@ int expand_stack(struct vm_area_struct * - vm_unacct_memory(grow); - return -ENOMEM; - } -+ if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) && -+ ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > -+ current->rlim[RLIMIT_MEMLOCK].rlim_cur) { -+ anon_vma_unlock(vma); -+ vm_unacct_memory(grow); -+ return -ENOMEM; -+ } - vma->vm_end = address; - vma->vm_mm->total_vm += grow; - if (vma->vm_flags & VM_LOCKED) -@@ -1284,6 +1291,13 @@ int expand_stack(struct vm_area_struct * - vm_unacct_memory(grow); - return -ENOMEM; - } -+ if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) && -+ ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > -+ current->rlim[RLIMIT_MEMLOCK].rlim_cur) { -+ anon_vma_unlock(vma); -+ vm_unacct_memory(grow); -+ return -ENOMEM; -+ } - vma->vm_start = address; - vma->vm_pgoff -= grow; - vma->vm_mm->total_vm += grow; -diff -urp linux-2.6.8.1-r7/mm/page-writeback.c linux-2.6.8.1-r8/mm/page-writeback.c ---- linux-2.6.8.1-r7/mm/page-writeback.c 2004-08-14 11:55:47.000000000 +0100 -+++ linux-2.6.8.1-r8/mm/page-writeback.c 2005-01-09 12:09:55.000000000 +0000 -@@ -276,6 +276,28 @@ void balance_dirty_pages_ratelimited(str - } - EXPORT_SYMBOL(balance_dirty_pages_ratelimited); - -+void throttle_vm_writeout(void) -+{ -+ struct writeback_state wbs; -+ long background_thresh; -+ long dirty_thresh; -+ -+ for ( ; ; ) { -+ get_dirty_limits(&wbs, &background_thresh, &dirty_thresh); -+ -+ /* -+ * Boost the allowable dirty threshold a bit for page -+ * allocators so they don't get DoS'ed by heavy writers -+ */ -+ dirty_thresh += dirty_thresh / 10; /* wheeee... */ -+ -+ if (wbs.nr_unstable + wbs.nr_writeback <= dirty_thresh) -+ break; -+ blk_congestion_wait(WRITE, HZ/10); -+ } -+} -+ -+ - /* - * writeback at least _min_pages, and keep writing until the amount of dirty - * memory is less than the background threshold, or until we're all clean. -diff -urp linux-2.6.8.1-r7/mm/vmscan.c linux-2.6.8.1-r8/mm/vmscan.c ---- linux-2.6.8.1-r7/mm/vmscan.c 2004-08-14 11:54:50.000000000 +0100 -+++ linux-2.6.8.1-r8/mm/vmscan.c 2005-01-09 12:10:52.000000000 +0000 -@@ -362,9 +362,6 @@ static int shrink_list(struct list_head - - BUG_ON(PageActive(page)); - -- if (PageWriteback(page)) -- goto keep_locked; -- - sc->nr_scanned++; - /* Double the slab pressure for mapped and swapcache pages */ - if (page_mapped(page) || PageSwapCache(page)) -@@ -841,6 +838,8 @@ shrink_zone(struct zone *zone, struct sc - break; - } - } -+ -+ throttle_vm_writeout(); - } - - /* diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.AF_UNIX.SELinux.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.AF_UNIX.SELinux.patch deleted file mode 100644 index dbb8b2329a28..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.AF_UNIX.SELinux.patch +++ /dev/null @@ -1,61 +0,0 @@ ---- a/net/unix/af_unix.c 2004-10-18 22:54:37.000000000 +0100 -+++ b/net/unix/af_unix.c 2004-12-19 18:33:12.000000000 +0000 -@@ -477,6 +477,8 @@ - struct msghdr *, size_t, int); - static int unix_dgram_connect(struct socket *, struct sockaddr *, - int, int); -+static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *, -+ struct msghdr *, size_t); - - static struct proto_ops unix_stream_ops = { - .family = PF_UNIX, -@@ -535,7 +537,7 @@ - .shutdown = unix_shutdown, - .setsockopt = sock_no_setsockopt, - .getsockopt = sock_no_getsockopt, -- .sendmsg = unix_dgram_sendmsg, -+ .sendmsg = unix_seqpacket_sendmsg, - .recvmsg = unix_dgram_recvmsg, - .mmap = sock_no_mmap, - .sendpage = sock_no_sendpage, -@@ -1365,9 +1367,11 @@ - if (other->sk_shutdown & RCV_SHUTDOWN) - goto out_unlock; - -- err = security_unix_may_send(sk->sk_socket, other->sk_socket); -- if (err) -- goto out_unlock; -+ if (sk->sk_type != SOCK_SEQPACKET) { -+ err = security_unix_may_send(sk->sk_socket, other->sk_socket); -+ if (err) -+ goto out_unlock; -+ } - - if (unix_peer(other) != sk && - (skb_queue_len(&other->sk_receive_queue) > -@@ -1517,6 +1521,25 @@ - return sent ? : err; - } - -+static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock, -+ struct msghdr *msg, size_t len) -+{ -+ int err; -+ struct sock *sk = sock->sk; -+ -+ err = sock_error(sk); -+ if (err) -+ return err; -+ -+ if (sk->sk_state != TCP_ESTABLISHED) -+ return -ENOTCONN; -+ -+ if (msg->msg_namelen) -+ msg->msg_namelen = 0; -+ -+ return unix_dgram_sendmsg(kiocb, sock, msg, len); -+} -+ - static void unix_copy_addr(struct msghdr *msg, struct sock *sk) - { - struct unix_sock *u = unix_sk(sk); diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.AF_UNIX.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.AF_UNIX.patch deleted file mode 100644 index a95e94fd9362..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.AF_UNIX.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- linux-2.6.9/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00 -+++ linux-2.6.9.plasmaroo/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00 -@@ -1535,9 +1535,11 @@ - - msg->msg_namelen = 0; - -+ down(&u->readsem); -+ - skb = skb_recv_datagram(sk, flags, noblock, &err); - if (!skb) -- goto out; -+ goto out_unlock; - - wake_up_interruptible(&u->peer_wait); - -@@ -1587,6 +1589,8 @@ - - out_free: - skb_free_datagram(sk,skb); -+out_unlock: -+ up(&u->readsem); - out: - return err; - } diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-0596.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-0596.patch deleted file mode 100644 index 3e20a2e41372..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-0596.patch +++ /dev/null @@ -1,46 +0,0 @@ ---- 1.13/drivers/net/eql.c 2004-07-21 03:13:40 -07:00 -+++ 1.14/drivers/net/eql.c 2004-07-21 03:13:40 -07:00 -@@ -495,6 +495,8 @@ - return -EFAULT; - - slave_dev = dev_get_by_name(sc.slave_name); -+ if (!slave_dev) -+ return -ENODEV; - - ret = -EINVAL; - -@@ -527,11 +529,13 @@ - if (copy_from_user(&sc, scp, sizeof (slave_config_t))) - return -EFAULT; - -- eql = dev->priv; - slave_dev = dev_get_by_name(sc.slave_name); -+ if (!slave_dev) -+ return -ENODEV; - - ret = -EINVAL; - -+ eql = dev->priv; - spin_lock_bh(&eql->queue.lock); - if (eql_is_slave(slave_dev)) { - slave = __eql_find_slave_dev(&eql->queue, slave_dev); ---- 1.14/drivers/net/eql.c 2004-07-21 03:13:33 -07:00 -+++ 1.15/drivers/net/eql.c 2004-07-21 03:13:33 -07:00 -@@ -499,6 +499,8 @@ - return -ENODEV; - - ret = -EINVAL; -+ if (!slave_dev) -+ return ret; - - spin_lock_bh(&eql->queue.lock); - if (eql_is_slave(slave_dev)) { -@@ -534,6 +536,8 @@ - return -ENODEV; - - ret = -EINVAL; -+ if (!slave_dev) -+ return ret; - - eql = dev->priv; - spin_lock_bh(&eql->queue.lock); diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-0816.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-0816.patch deleted file mode 100644 index 13a9ea2f5aa4..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-0816.patch +++ /dev/null @@ -1,43 +0,0 @@ -Subject: Prevent ICMP crash in netfilter logging -From: Olaf Kirch <okir@suse.de> -References: 46016 - -This patch fixes a remotely triggerable crash in the netfilter code -when looking at ICMP unreachables. It dies when trying to copy -BIGNUM bytes... - -Index: linux-2.6.5/net/ipv4/netfilter/ipt_LOG.c -=================================================================== ---- linux-2.6.5.orig/net/ipv4/netfilter/ipt_LOG.c 2004-02-19 11:36:37.000000000 +0100 -+++ linux-2.6.5/net/ipv4/netfilter/ipt_LOG.c 2004-09-24 15:48:54.000000000 +0200 -@@ -71,7 +71,7 @@ - printk("FRAG:%u ", ntohs(iph.frag_off) & IP_OFFSET); - - if ((info->logflags & IPT_LOG_IPOPT) -- && iph.ihl * 4 != sizeof(struct iphdr)) { -+ && iph.ihl * 4 > sizeof(struct iphdr)) { - unsigned char opt[4 * 15 - sizeof(struct iphdr)]; - unsigned int i, optsize; - -@@ -138,7 +138,7 @@ - printk("URGP=%u ", ntohs(tcph.urg_ptr)); - - if ((info->logflags & IPT_LOG_TCPOPT) -- && tcph.doff * 4 != sizeof(struct tcphdr)) { -+ && tcph.doff * 4 > sizeof(struct tcphdr)) { - unsigned char opt[4 * 15 - sizeof(struct tcphdr)]; - unsigned int i, optsize; - -Index: linux-2.6.5/net/ipv6/netfilter/ip6t_LOG.c -=================================================================== ---- linux-2.6.5.orig/net/ipv6/netfilter/ip6t_LOG.c 2004-09-24 15:47:00.000000000 +0200 -+++ linux-2.6.5/net/ipv6/netfilter/ip6t_LOG.c 2004-09-24 15:48:35.000000000 +0200 -@@ -188,7 +188,7 @@ - printk("URGP=%u ", ntohs(tcph->urg_ptr)); - - if ((info->logflags & IP6T_LOG_TCPOPT) -- && tcph->doff * 4 != sizeof(struct tcphdr)) { -+ && tcph->doff * 4 > sizeof(struct tcphdr)) { - unsigned int i; - - /* Max length: 127 "OPT (" 15*4*2chars ") " */ diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-1016.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-1016.patch deleted file mode 100644 index aa25ac95ed61..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-1016.patch +++ /dev/null @@ -1,75 +0,0 @@ -===== include/linux/socket.h 1.12 vs edited ===== ---- 1.12/include/linux/socket.h 2004-09-09 06:40:01 +10:00 -+++ edited/include/linux/socket.h 2004-11-27 11:53:40 +11:00 -@@ -90,6 +90,10 @@ - (struct cmsghdr *)(ctl) : \ - (struct cmsghdr *)NULL) - #define CMSG_FIRSTHDR(msg) __CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen) -+#define CMSG_OK(mhdr, cmsg) ((cmsg)->cmsg_len >= sizeof(struct cmsghdr) && \ -+ (cmsg)->cmsg_len <= (unsigned long) \ -+ ((mhdr)->msg_controllen - \ -+ ((char *)(cmsg) - (char *)(mhdr)->msg_control))) - - /* - * This mess will go away with glibc -===== net/core/scm.c 1.10 vs edited ===== ---- 1.10/net/core/scm.c 2004-05-31 05:08:14 +10:00 -+++ edited/net/core/scm.c 2004-11-27 11:48:55 +11:00 -@@ -127,9 +127,7 @@ - for too short ancillary data object at all! Oops. - OK, let's add it... - */ -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) -+ if (!CMSG_OK(msg, cmsg)) - goto error; - - if (cmsg->cmsg_level != SOL_SOCKET) -===== net/ipv4/ip_sockglue.c 1.26 vs edited ===== ---- 1.26/net/ipv4/ip_sockglue.c 2004-07-01 06:10:53 +10:00 -+++ edited/net/ipv4/ip_sockglue.c 2004-11-27 11:49:45 +11:00 -@@ -146,11 +146,8 @@ - struct cmsghdr *cmsg; - - for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) - return -EINVAL; -- } - if (cmsg->cmsg_level != SOL_IP) - continue; - switch (cmsg->cmsg_type) { -===== net/ipv6/datagram.c 1.20 vs edited ===== ---- 1.20/net/ipv6/datagram.c 2004-11-10 17:57:03 +11:00 -+++ edited/net/ipv6/datagram.c 2004-11-27 11:51:15 +11:00 -@@ -427,9 +427,7 @@ - int addr_type; - struct net_device *dev = NULL; - -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) { - err = -EINVAL; - goto exit_f; - } -===== net/sctp/socket.c 1.129 vs edited ===== ---- 1.129/net/sctp/socket.c 2004-11-19 08:43:18 +11:00 -+++ edited/net/sctp/socket.c 2004-11-27 11:52:11 +11:00 -@@ -4098,12 +4098,8 @@ - for (cmsg = CMSG_FIRSTHDR(msg); - cmsg != NULL; - cmsg = CMSG_NXTHDR((struct msghdr*)msg, cmsg)) { -- /* Check for minimum length. The SCM code has this check. */ -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) - return -EINVAL; -- } - - /* Should we parse this header or ignore? */ - if (cmsg->cmsg_level != IPPROTO_SCTP) diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-1056.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-1056.patch deleted file mode 100644 index f55ca8372e38..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-1056.patch +++ /dev/null @@ -1,202 +0,0 @@ -diff -ur linux-2.6.7/drivers/char/drm/i810_dma.c linux-2.6.7.drm.plasmaroo/drivers/char/drm/i810_dma.c ---- linux-2.6.7/drivers/char/drm/i810_dma.c 2004-06-16 06:19:12.000000000 +0100 -+++ linux-2.6.7.drm.plasmaroo/drivers/char/drm/i810_dma.c 2004-12-19 22:52:54.885438960 +0000 -@@ -1034,10 +1034,7 @@ - drm_file_t *priv = filp->private_data; - drm_device_t *dev = priv->dev; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_flush_ioctl called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - i810_flush_queue(dev); - return 0; -@@ -1059,10 +1056,7 @@ - if (copy_from_user(&vertex, (drm_i810_vertex_t *)arg, sizeof(vertex))) - return -EFAULT; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma_vertex called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - DRM_DEBUG("i810 dma vertex, idx %d used %d discard %d\n", - vertex.idx, vertex.used, vertex.discard); -@@ -1094,10 +1088,7 @@ - if (copy_from_user(&clear, (drm_i810_clear_t *)arg, sizeof(clear))) - return -EFAULT; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_clear_bufs called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - /* GH: Someone's doing nasty things... */ - if (!dev->dev_private) { -@@ -1118,10 +1109,8 @@ - - DRM_DEBUG("i810_swap_bufs\n"); - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_swap_buf called without lock held\n"); -- return -EINVAL; -- } -+ -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - i810_dma_dispatch_swap( dev ); - return 0; -@@ -1156,10 +1145,7 @@ - if (copy_from_user(&d, (drm_i810_dma_t *)arg, sizeof(d))) - return -EFAULT; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - d.granted = 0; - -@@ -1270,10 +1256,7 @@ - return -EFAULT; - - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma_mc called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if (mc.idx >= dma->buf_count || mc.idx < 0) - return -EINVAL; -@@ -1321,10 +1304,7 @@ - drm_device_t *dev = priv->dev; - drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_fstatus called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - return I810_READ(0x30008); - } - -@@ -1335,10 +1315,7 @@ - drm_device_t *dev = priv->dev; - drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_ov0_flip called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - //Tell the overlay to update - I810_WRITE(0x30000,dev_priv->overlay_physical | 0x80000000); -@@ -1380,10 +1357,7 @@ - - DRM_DEBUG("%s\n", __FUNCTION__); - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_flip_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if (!dev_priv->page_flipping) - i810_do_init_pageflip( dev ); -diff -ur linux-2.6.7/drivers/char/drm/i830_dma.c linux-2.6.7.drm.plasmaroo/drivers/char/drm/i830_dma.c ---- linux-2.6.7/drivers/char/drm/i830_dma.c 2004-06-16 06:18:57.000000000 +0100 -+++ linux-2.6.7.drm.plasmaroo/drivers/char/drm/i830_dma.c 2004-12-19 22:52:54.887438656 +0000 -@@ -1320,10 +1320,7 @@ - drm_file_t *priv = filp->private_data; - drm_device_t *dev = priv->dev; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_flush_ioctl called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - i830_flush_queue(dev); - return 0; -@@ -1344,10 +1341,7 @@ - if (copy_from_user(&vertex, (drm_i830_vertex_t __user *)arg, sizeof(vertex))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_dma_vertex called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - DRM_DEBUG("i830 dma vertex, idx %d used %d discard %d\n", - vertex.idx, vertex.used, vertex.discard); -@@ -1374,10 +1368,7 @@ - if (copy_from_user(&clear, (drm_i830_clear_t __user *)arg, sizeof(clear))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_clear_bufs called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - /* GH: Someone's doing nasty things... */ - if (!dev->dev_private) { -@@ -1399,10 +1390,7 @@ - - DRM_DEBUG("i830_swap_bufs\n"); - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_swap_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - i830_dma_dispatch_swap( dev ); - return 0; -@@ -1443,10 +1431,7 @@ - - DRM_DEBUG("%s\n", __FUNCTION__); - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_flip_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if (!dev_priv->page_flipping) - i830_do_init_pageflip( dev ); -@@ -1485,10 +1470,7 @@ - if (copy_from_user(&d, (drm_i830_dma_t __user *)arg, sizeof(d))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - d.granted = 0; - -diff -ur linux-2.6.7/drivers/char/drm/i830_irq.c linux-2.6.7.drm.plasmaroo/drivers/char/drm/i830_irq.c ---- linux-2.6.7/drivers/char/drm/i830_irq.c 2004-06-16 06:19:44.000000000 +0100 -+++ linux-2.6.7.drm.plasmaroo/drivers/char/drm/i830_irq.c 2004-12-19 22:52:54.887438656 +0000 -@@ -129,10 +129,7 @@ - drm_i830_irq_emit_t emit; - int result; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_irq_emit called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if ( !dev_priv ) { - DRM_ERROR( "%s called with no initialization\n", __FUNCTION__ ); diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-1137.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-1137.patch deleted file mode 100644 index 0a54680f6f4b..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-1137.patch +++ /dev/null @@ -1,77 +0,0 @@ -# ChangeSet -# 2004/12/14 11:06:25-08:00 chrisw@osdl.org -# [IPV4/IPV6]: IGMP source filter fixes -# -# When adding or deleting from the source list make sure to find matches -# by comparing against the new source address, not the group address. -# Also, check each addr in the list rather than just the first one. -# And, finally, only delete from list when there's a match rather than -# vice-versa. Drop the effort to keep list sorted, since it's not done -# on full-state api and can create an sl_addr entry that the delta api -# won't be able to delete. Without these fixes sl_count can be corrupted -# which can allow for kernel memory corruption. -# -# Signed-off-by: Chris Wright <chrisw@osdl.org> -# Signed-off-by: David S. Miller <davem@davemloft.net> -# -diff -Nru a/net/ipv4/igmp.c b/net/ipv4/igmp.c ---- a/net/ipv4/igmp.c 2004-12-20 11:32:15 -08:00 -+++ b/net/ipv4/igmp.c 2004-12-20 11:32:15 -08:00 -@@ -1778,12 +1778,12 @@ - goto done; - rv = !0; - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, -+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, - sizeof(__u32)); -- if (rv >= 0) -+ if (rv == 0) - break; - } -- if (!rv) /* source not found */ -+ if (rv) /* source not found */ - goto done; - - /* update the interface filter */ -@@ -1825,9 +1825,9 @@ - } - rv = 1; /* > 0 for insert logic below if sl_count is 0 */ - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, -+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, - sizeof(__u32)); -- if (rv >= 0) -+ if (rv == 0) - break; - } - if (rv == 0) /* address already there is an error */ -diff -Nru a/net/ipv6/mcast.c b/net/ipv6/mcast.c ---- a/net/ipv6/mcast.c 2004-12-20 11:32:15 -08:00 -+++ b/net/ipv6/mcast.c 2004-12-20 11:32:15 -08:00 -@@ -391,12 +391,12 @@ - goto done; - rv = !0; - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, group, -+ rv = memcmp(&psl->sl_addr[i], source, - sizeof(struct in6_addr)); -- if (rv >= 0) -+ if (rv == 0) - break; - } -- if (!rv) /* source not found */ -+ if (rv) /* source not found */ - goto done; - - /* update the interface filter */ -@@ -437,8 +437,8 @@ - } - rv = 1; /* > 0 for insert logic below if sl_count is 0 */ - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, group, sizeof(struct in6_addr)); -- if (rv >= 0) -+ rv = memcmp(&psl->sl_addr[i], source, sizeof(struct in6_addr)); -+ if (rv == 0) - break; - } - if (rv == 0) /* address already there is an error */ diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-1151.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-1151.patch deleted file mode 100644 index fc4289e4f444..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.CAN-2004-1151.patch +++ /dev/null @@ -1,35 +0,0 @@ ---- 1.74/arch/x86_64/ia32/sys_ia32.c 2004-12-19 10:58:02 -08:00 -+++ 1.75/arch/x86_64/ia32/sys_ia32.c 2004-12-19 10:58:02 -08:00 -@@ -525,11 +525,12 @@ - int sys32_ni_syscall(int call) - { - struct task_struct *me = current; -- static char lastcomm[8]; -- if (strcmp(lastcomm, me->comm)) { -- printk(KERN_INFO "IA32 syscall %d from %s not implemented\n", call, -- current->comm); -- strcpy(lastcomm, me->comm); -+ static char lastcomm[sizeof(me->comm)]; -+ -+ if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) { -+ printk(KERN_INFO "IA32 syscall %d from %s not implemented\n", -+ call, me->comm); -+ strncpy(lastcomm, me->comm, sizeof(lastcomm)); - } - return -ENOSYS; - } -@@ -1125,11 +1126,11 @@ - long sys32_vm86_warning(void) - { - struct task_struct *me = current; -- static char lastcomm[8]; -- if (strcmp(lastcomm, me->comm)) { -+ static char lastcomm[sizeof(me->comm)]; -+ if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) { - printk(KERN_INFO "%s: vm86 mode not supported on 64 bit kernel\n", - me->comm); -- strcpy(lastcomm, me->comm); -+ strncpy(lastcomm, me->comm, sizeof(lastcomm)); - } - return -ENOSYS; - } diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.IPTables-RDoS.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.IPTables-RDoS.patch deleted file mode 100644 index 8f89d1605c9a..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.IPTables-RDoS.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- net/ipv4/netfilter/ip_tables.c.orig 2004-04-04 05:36:47.000000000 +0200 -+++ net/ipv4/netfilter/ip_tables.c 2004-06-24 21:24:26.000000000 +0200 -@@ -1461,7 +1461,7 @@ - int *hotdrop) - { - /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ -- char opt[60 - sizeof(struct tcphdr)]; -+ u_int8_t opt[60 - sizeof(struct tcphdr)]; - unsigned int i; - - duprintf("tcp_match: finding option\n"); diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.ProcPerms.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.ProcPerms.patch deleted file mode 100644 index d90b8d1815d4..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.ProcPerms.patch +++ /dev/null @@ -1,49 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/07/02 18:48:26-07:00 chrisw@osdl.org -# [PATCH] check attr updates in /proc -# -# Any proc entry with default proc_file_inode_operations allow unauthorized -# attribute updates. This is very dangerous for proc entries that rely -# solely on file permissions for open/read/write. -# -# Signed-off-by: Chris Wright <chrisw@osdl.org> -# Signed-off-by: Linus Torvalds <torvalds@osdl.org> -# -# fs/proc/generic.c -# 2004/07/02 15:47:55-07:00 chrisw@osdl.org +14 -7 -# check attr updates in /proc -# -diff -Nru a/fs/proc/generic.c b/fs/proc/generic.c ---- a/fs/proc/generic.c 2004-07-08 17:03:20 -07:00 -+++ b/fs/proc/generic.c 2004-07-08 17:03:20 -07:00 -@@ -231,14 +231,21 @@ - static int proc_notify_change(struct dentry *dentry, struct iattr *iattr) - { - struct inode *inode = dentry->d_inode; -- int error = inode_setattr(inode, iattr); -- if (!error) { -- struct proc_dir_entry *de = PDE(inode); -- de->uid = inode->i_uid; -- de->gid = inode->i_gid; -- de->mode = inode->i_mode; -- } -+ struct proc_dir_entry *de = PDE(inode); -+ int error; - -+ error = inode_change_ok(inode, iattr); -+ if (error) -+ goto out; -+ -+ error = inode_setattr(inode, iattr); -+ if (error) -+ goto out; -+ -+ de->uid = inode->i_uid; -+ de->gid = inode->i_gid; -+ de->mode = inode->i_mode; -+out: - return error; - } - diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.binfmt_a.out.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.binfmt_a.out.patch deleted file mode 100644 index 89665ce8db42..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.binfmt_a.out.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -Nru linux-2.6.9/fs/exec.c linux-2.6.9.plasmaroo/fs/exec.c ---- linux-2.6.9/fs/exec.c 2004-11-27 08:30:03 -08:00 -+++ linux-2.6.9.plasmaroo/fs/exec.c 2004-11-27 08:30:03 -08:00 -@@ -413,6 +413,7 @@ - - down_write(&mm->mmap_sem); - { -+ struct vm_area_struct *vma; - mpnt->vm_mm = mm; - #ifdef CONFIG_STACK_GROWSUP - mpnt->vm_start = stack_base; -@@ -433,6 +434,12 @@ - mpnt->vm_flags = VM_STACK_FLAGS; - mpnt->vm_flags |= mm->def_flags; - mpnt->vm_page_prot = protection_map[mpnt->vm_flags & 0x7]; -+ vma = find_vma(mm, mpnt->vm_start); -+ if (vma) { -+ up_write(&mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return -ENOMEM; -+ } - insert_vm_struct(mm, mpnt); - mm->stack_vm = mm->total_vm = vma_pages(mpnt); - } -diff -Nru linux-2.6.9/fs/binfmt_aout.c linux-2.6.9.plasmaroo/fs/binfmt_aout.c ---- linux-2.6.9/fs/binfmt_aout.c 2004-11-27 08:31:43 -08:00 -+++ linux-2.6.9.plasmaroo/fs/binfmt_aout.c 2004-11-27 08:31:43 -08:00 -@@ -43,13 +43,18 @@ - .min_coredump = PAGE_SIZE - }; - --static void set_brk(unsigned long start, unsigned long end) -+#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) -+ -+static int set_brk(unsigned long start, unsigned long end) - { - start = PAGE_ALIGN(start); - end = PAGE_ALIGN(end); -- if (end <= start) -- return; -- do_brk(start, end - start); -+ if (end > start) { -+ unsigned long addr = do_brk(start, end - start); -+ if (BAD_ADDR(addr)) -+ return addr; -+ } -+ return 0; - } - - /* -@@ -413,7 +418,11 @@ - beyond_if: - set_binfmt(&aout_format); - -- set_brk(current->mm->start_brk, current->mm->brk); -+ retval = set_brk(current->mm->start_brk, current->mm->brk); -+ if (retval < 0) { -+ send_sig(SIGKILL, current, 0); -+ return retval; -+ } - - retval = setup_arg_pages(bprm, EXSTACK_DEFAULT); - if (retval < 0) { diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.binfmt_elf.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.binfmt_elf.patch deleted file mode 100644 index 87d05e7b5fa4..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.binfmt_elf.patch +++ /dev/null @@ -1,85 +0,0 @@ -diff -ur linux-2.6.8.1/fs/binfmt_elf.c linux-2.6.8.1.plasmaroo/fs/binfmt_elf.c ---- linux-2.6.8.1/fs/binfmt_elf.c 2004-08-14 11:55:23.000000000 +0100 -+++ linux-2.6.8.1.plasmaroo/fs/binfmt_elf.c 2004-11-19 23:07:08.375429000 +0000 -@@ -334,9 +334,12 @@ - goto out; - - retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size); -- error = retval; -- if (retval < 0) -+ error = -EIO; -+ if (retval != size) { -+ if (retval < 0) -+ error = retval; - goto out_close; -+ } - - eppnt = elf_phdata; - for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) { -@@ -523,8 +526,11 @@ - goto out; - - retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size); -- if (retval < 0) -+ if (retval != size) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_ph; -+ } - - files = current->files; /* Refcounted so ok */ - retval = unshare_files(); -@@ -561,7 +567,8 @@ - */ - - retval = -ENOMEM; -- if (elf_ppnt->p_filesz > PATH_MAX) -+ if (elf_ppnt->p_filesz > PATH_MAX || -+ elf_ppnt->p_filesz == 0) - goto out_free_file; - elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz, - GFP_KERNEL); -@@ -571,8 +578,16 @@ - retval = kernel_read(bprm->file, elf_ppnt->p_offset, - elf_interpreter, - elf_ppnt->p_filesz); -- if (retval < 0) -+ if (retval != elf_ppnt->p_filesz) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_interp; -+ } -+ /* make sure path is NULL terminated */ -+ retval = -EINVAL; -+ if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0') -+ goto out_free_interp; -+ - /* If the program interpreter is one of these two, - * then assume an iBCS2 image. Otherwise assume - * a native linux image. -@@ -607,8 +622,11 @@ - if (IS_ERR(interpreter)) - goto out_free_interp; - retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE); -- if (retval < 0) -+ if (retval != BINPRM_BUF_SIZE) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_dentry; -+ } - - /* Get the exec headers */ - interp_ex = *((struct exec *) bprm->buf); -@@ -765,8 +783,10 @@ - } - - error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags); -- if (BAD_ADDR(error)) -- continue; -+ if (BAD_ADDR(error)) { -+ send_sig(SIGKILL, current, 0); -+ goto out_free_dentry; -+ } - - if (!load_addr_set) { - load_addr_set = 1; diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.brk-locked.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.brk-locked.patch deleted file mode 100644 index 0cd5033dab70..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.brk-locked.patch +++ /dev/null @@ -1,303 +0,0 @@ -diff -urp linux-2.6.7-uc0-r12/arch/mips/kernel/irixelf.c linux-2.6.7-uc0-r13/arch/mips/kernel/irixelf.c ---- linux-2.6.7-uc0-r12/arch/mips/kernel/irixelf.c 2004-06-16 06:20:26.000000000 +0100 -+++ linux-2.6.7-uc0-r13/arch/mips/kernel/irixelf.c 2005-01-09 10:26:47.144058112 +0000 -@@ -127,7 +127,7 @@ static void set_brk(unsigned long start, - end = PAGE_ALIGN(end); - if (end <= start) - return; -- do_brk(start, end - start); -+ do_brk_locked(start, end - start); - } - - -@@ -376,7 +376,7 @@ static unsigned int load_irix_interp(str - - /* Map the last of the bss segment */ - if (last_bss > len) { -- do_brk(len, (last_bss - len)); -+ do_brk_locked(len, (last_bss - len)); - } - kfree(elf_phdata); - -@@ -564,7 +564,7 @@ void irix_map_prda_page (void) - unsigned long v; - struct prda *pp; - -- v = do_brk (PRDA_ADDRESS, PAGE_SIZE); -+ v = do_brk_locked (PRDA_ADDRESS, PAGE_SIZE); - - if (v < 0) - return; -@@ -856,7 +856,7 @@ static int load_irix_library(struct file - len = (elf_phdata->p_filesz + elf_phdata->p_vaddr+ 0xfff) & 0xfffff000; - bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; - if (bss > len) -- do_brk(len, bss-len); -+ do_brk_locked(len, bss-len); - kfree(elf_phdata); - return 0; - } -diff -urp linux-2.6.7-uc0-r12/arch/sparc64/kernel/binfmt_aout32.c linux-2.6.7-uc0-r13/arch/sparc64/kernel/binfmt_aout32.c ---- linux-2.6.7-uc0-r12/arch/sparc64/kernel/binfmt_aout32.c 2004-06-16 06:19:23.000000000 +0100 -+++ linux-2.6.7-uc0-r13/arch/sparc64/kernel/binfmt_aout32.c 2005-01-09 10:30:53.078670368 +0000 -@@ -49,7 +49,7 @@ static void set_brk(unsigned long start, - end = PAGE_ALIGN(end); - if (end <= start) - return; -- do_brk(start, end - start); -+ do_brk_locked(start, end - start); - } - - /* -@@ -245,10 +245,10 @@ static int load_aout32_binary(struct lin - if (N_MAGIC(ex) == NMAGIC) { - loff_t pos = fd_offset; - /* Fuck me plenty... */ -- error = do_brk(N_TXTADDR(ex), ex.a_text); -+ error = do_brk_locked(N_TXTADDR(ex), ex.a_text); - bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), - ex.a_text, &pos); -- error = do_brk(N_DATADDR(ex), ex.a_data); -+ error = do_brk_locked(N_DATADDR(ex), ex.a_data); - bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex), - ex.a_data, &pos); - goto beyond_if; -@@ -256,7 +256,7 @@ static int load_aout32_binary(struct lin - - if (N_MAGIC(ex) == OMAGIC) { - loff_t pos = fd_offset; -- do_brk(N_TXTADDR(ex) & PAGE_MASK, -+ do_brk_locked(N_TXTADDR(ex) & PAGE_MASK, - ex.a_text+ex.a_data + PAGE_SIZE - 1); - bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), - ex.a_text+ex.a_data, &pos); -@@ -271,7 +271,7 @@ static int load_aout32_binary(struct lin - - if (!bprm->file->f_op->mmap) { - loff_t pos = fd_offset; -- do_brk(0, ex.a_text+ex.a_data); -+ do_brk_locked(0, ex.a_text+ex.a_data); - bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), - ex.a_text+ex.a_data, &pos); - goto beyond_if; -@@ -387,7 +387,7 @@ static int load_aout32_library(struct fi - len = PAGE_ALIGN(ex.a_text + ex.a_data); - bss = ex.a_text + ex.a_data + ex.a_bss; - if (bss > len) { -- error = do_brk(start_addr + len, bss - len); -+ error = do_brk_locked(start_addr + len, bss - len); - retval = error; - if (error != start_addr + len) - goto out; -diff -urp linux-2.6.7-uc0-r12/arch/x86_64/ia32/ia32_aout.c linux-2.6.7-uc0-r13/arch/x86_64/ia32/ia32_aout.c ---- linux-2.6.7-uc0-r12/arch/x86_64/ia32/ia32_aout.c 2004-06-16 06:20:26.000000000 +0100 -+++ linux-2.6.7-uc0-r13/arch/x86_64/ia32/ia32_aout.c 2005-01-09 10:26:47.189051272 +0000 -@@ -113,7 +113,7 @@ static void set_brk(unsigned long start, - end = PAGE_ALIGN(end); - if (end <= start) - return; -- do_brk(start, end - start); -+ do_brk_locked(start, end - start); - } - - #if CORE_DUMP -@@ -322,7 +322,7 @@ static int load_aout_binary(struct linux - pos = 32; - map_size = ex.a_text+ex.a_data; - -- error = do_brk(text_addr & PAGE_MASK, map_size); -+ error = do_brk_locked(text_addr & PAGE_MASK, map_size); - if (error != (text_addr & PAGE_MASK)) { - send_sig(SIGKILL, current, 0); - return error; -@@ -358,7 +358,7 @@ static int load_aout_binary(struct linux - - if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { - loff_t pos = fd_offset; -- do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); -+ do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data); - bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), - ex.a_text+ex.a_data, &pos); - flush_icache_range((unsigned long) N_TXTADDR(ex), -@@ -467,7 +467,7 @@ static int load_aout_library(struct file - } - #endif - -- do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); -+ do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss); - - file->f_op->read(file, (char *)start_addr, - ex.a_text + ex.a_data, &pos); -@@ -491,7 +491,7 @@ static int load_aout_library(struct file - len = PAGE_ALIGN(ex.a_text + ex.a_data); - bss = ex.a_text + ex.a_data + ex.a_bss; - if (bss > len) { -- error = do_brk(start_addr + len, bss - len); -+ error = do_brk_locked(start_addr + len, bss - len); - retval = error; - if (error != start_addr + len) - goto out; -diff -urp linux-2.6.7-uc0-r12/fs/binfmt_aout.c linux-2.6.7-uc0-r13/fs/binfmt_aout.c ---- linux-2.6.7-uc0-r12/fs/binfmt_aout.c 2005-01-09 10:22:05.000000000 +0000 -+++ linux-2.6.7-uc0-r13/fs/binfmt_aout.c 2005-01-09 10:33:36.000000000 +0000 -@@ -51,7 +51,7 @@ static int set_brk(unsigned long start, - start = PAGE_ALIGN(start); - end = PAGE_ALIGN(end); - if (end > start) { -- unsigned long addr = do_brk(start, end - start); -+ unsigned long addr = do_brk_locked(start, end - start); - if (BAD_ADDR(addr)) - return addr; - } -@@ -323,10 +323,10 @@ static int load_aout_binary(struct linux - loff_t pos = fd_offset; - /* Fuck me plenty... */ - /* <AOL></AOL> */ -- error = do_brk(N_TXTADDR(ex), ex.a_text); -+ error = do_brk_locked(N_TXTADDR(ex), ex.a_text); - bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), - ex.a_text, &pos); -- error = do_brk(N_DATADDR(ex), ex.a_data); -+ error = do_brk_locked(N_DATADDR(ex), ex.a_data); - bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex), - ex.a_data, &pos); - goto beyond_if; -@@ -347,7 +347,7 @@ static int load_aout_binary(struct linux - map_size = ex.a_text+ex.a_data; - #endif - -- error = do_brk(text_addr & PAGE_MASK, map_size); -+ error = do_brk_locked(text_addr & PAGE_MASK, map_size); - if (error != (text_addr & PAGE_MASK)) { - send_sig(SIGKILL, current, 0); - return error; -@@ -381,7 +381,7 @@ static int load_aout_binary(struct linux - - if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { - loff_t pos = fd_offset; -- do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); -+ do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data); - bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), - ex.a_text+ex.a_data, &pos); - flush_icache_range((unsigned long) N_TXTADDR(ex), -@@ -486,7 +486,7 @@ static int load_aout_library(struct file - error_time = jiffies; - } - -- do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); -+ do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss); - - file->f_op->read(file, (char *)start_addr, - ex.a_text + ex.a_data, &pos); -@@ -510,7 +510,7 @@ static int load_aout_library(struct file - len = PAGE_ALIGN(ex.a_text + ex.a_data); - bss = ex.a_text + ex.a_data + ex.a_bss; - if (bss > len) { -- error = do_brk(start_addr + len, bss - len); -+ error = do_brk_locked(start_addr + len, bss - len); - retval = error; - if (error != start_addr + len) - goto out; -diff -urp linux-2.6.7-uc0-r12/fs/binfmt_elf.c linux-2.6.7-uc0-r13/fs/binfmt_elf.c ---- linux-2.6.7-uc0-r12/fs/binfmt_elf.c 2005-01-09 10:22:04.000000000 +0000 -+++ linux-2.6.7-uc0-r13/fs/binfmt_elf.c 2005-01-09 10:26:47.000000000 +0000 -@@ -88,7 +88,7 @@ static int set_brk(unsigned long start, - start = ELF_PAGEALIGN(start); - end = ELF_PAGEALIGN(end); - if (end > start) { -- unsigned long addr = do_brk(start, end - start); -+ unsigned long addr = do_brk_locked(start, end - start); - if (BAD_ADDR(addr)) - return addr; - } -@@ -405,7 +405,7 @@ static unsigned long load_elf_interp(str - - /* Map the last of the bss segment */ - if (last_bss > elf_bss) { -- error = do_brk(elf_bss, last_bss - elf_bss); -+ error = do_brk_locked(elf_bss, last_bss - elf_bss); - if (BAD_ADDR(error)) - goto out_close; - } -@@ -445,7 +445,7 @@ static unsigned long load_aout_interp(st - goto out; - } - -- do_brk(0, text_data); -+ do_brk_locked(0, text_data); - if (!interpreter->f_op || !interpreter->f_op->read) - goto out; - if (interpreter->f_op->read(interpreter, addr, text_data, &offset) < 0) -@@ -453,7 +453,7 @@ static unsigned long load_aout_interp(st - flush_icache_range((unsigned long)addr, - (unsigned long)addr + text_data); - -- do_brk(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), -+ do_brk_locked(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), - interp_ex->a_bss); - elf_entry = interp_ex->a_entry; - -@@ -1004,7 +1004,7 @@ static int load_elf_library(struct file - len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1); - bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; - if (bss > len) -- do_brk(len, bss - len); -+ do_brk_locked(len, bss - len); - error = 0; - - out_free_ph: -diff -urp linux-2.6.7-uc0-r12/include/linux/mm.h linux-2.6.7-uc0-r13/include/linux/mm.h ---- linux-2.6.7-uc0-r12/include/linux/mm.h 2005-01-09 10:22:06.000000000 +0000 -+++ linux-2.6.7-uc0-r13/include/linux/mm.h 2005-01-09 10:26:47.000000000 +0000 -@@ -652,6 +652,7 @@ out: - extern int do_munmap(struct mm_struct *, unsigned long, size_t); - - extern unsigned long do_brk(unsigned long, unsigned long); -+extern unsigned long do_brk_locked(unsigned long, unsigned long); - - /* filemap.c */ - extern unsigned long page_unuse(struct page *); -diff -urp linux-2.6.7-uc0-r12/mm/mmap.c linux-2.6.7-uc0-r13/mm/mmap.c ---- linux-2.6.7-uc0-r12/mm/mmap.c 2005-01-09 10:22:06.000000000 +0000 -+++ linux-2.6.7-uc0-r13/mm/mmap.c 2005-01-09 10:26:47.000000000 +0000 -@@ -1675,6 +1675,20 @@ out: - - EXPORT_SYMBOL(do_brk); - -+/* locking version of do_brk. */ -+unsigned long do_brk_locked(unsigned long addr, unsigned long len) -+{ -+ unsigned long ret; -+ -+ down_write(¤t->mm->mmap_sem); -+ ret = do_brk(addr, len); -+ up_write(¤t->mm->mmap_sem); -+ -+ return ret; -+} -+ -+EXPORT_SYMBOL(do_brk_locked); -+ - /* Release all mmaps. */ - void exit_mmap(struct mm_struct *mm) - { -@@ -1804,3 +1818,4 @@ struct vm_area_struct *copy_vma(struct v - } - return new_vma; - } -+ -diff -urp linux-2.6.7-uc0-r12/mm/nommu.c linux-2.6.7-uc0-r13/mm/nommu.c ---- linux-2.6.7-uc0-r12/mm/nommu.c 2005-01-09 10:22:01.000000000 +0000 -+++ linux-2.6.7-uc0-r13/mm/nommu.c 2005-01-09 10:26:47.000000000 +0000 -@@ -548,6 +548,11 @@ unsigned long do_brk(unsigned long addr, - return -ENOMEM; - } - -+unsigned long do_brk_locked(unsigned long addr, unsigned long len) -+{ -+ return -ENOMEM; -+} -+ - struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long addr) - { - return NULL; diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.cmdlineLeak.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.cmdlineLeak.patch deleted file mode 100644 index 763f0cf64449..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.cmdlineLeak.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- linux-2.6.7/fs/proc/base.c~ 2004-08-05 10:35:04.411443536 +0200 -+++ linux-2.6.7/fs/proc/base.c 2004-08-05 10:35:04.412443384 +0200 -@@ -330,6 +330,9 @@ - if (!mm) - goto out; - -+ if (!mm->arg_end) -+ goto out; -+ - len = mm->arg_end - mm->arg_start; - - if (len > PAGE_SIZE) diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.devPtmx.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.devPtmx.patch deleted file mode 100644 index 2312a2bf5e3b..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.devPtmx.patch +++ /dev/null @@ -1,21 +0,0 @@ -Index: linux-2.6.5/fs/devpts/inode.c -=================================================================== ---- linux-2.6.5.orig/fs/devpts/inode.c -+++ linux-2.6.5/fs/devpts/inode.c -@@ -178,9 +178,13 @@ struct tty_struct *devpts_get_tty(int nu - { - struct dentry *dentry = get_node(number); - struct tty_struct *tty; -- -- tty = (IS_ERR(dentry) || !dentry->d_inode) ? NULL : -- dentry->d_inode->u.generic_ip; -+ -+ tty = NULL; -+ if (!IS_ERR(dentry)) { -+ if (dentry->d_inode) -+ tty = dentry->d_inode->u.generic_ip; -+ dput(dentry); -+ } - - up(&devpts_root->d_inode->i_sem); - diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.smbfs.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.smbfs.patch deleted file mode 100644 index 99401cf93a0e..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.smbfs.patch +++ /dev/null @@ -1,93 +0,0 @@ -diff -urN linux-2.6.8.1/fs/smbfs/proc.c linux-2.6.8.1.plasmaroo/fs/smbfs/proc.c ---- linux-2.6.8.1/fs/smbfs/proc.c 2004-08-24 17:15:57.000000000 +1000 -+++ linux-2.6.8.1.plasmaroo/fs/smbfs/proc.c 2004-11-06 11:27:20.000000000 +1100 -@@ -1427,9 +1427,9 @@ - * So we must first calculate the amount of padding used by the server. - */ - data_off -= hdrlen; -- if (data_off > SMB_READX_MAX_PAD) { -- PARANOIA("offset is larger than max pad!\n"); -- PARANOIA("%d > %d\n", data_off, SMB_READX_MAX_PAD); -+ if (data_off > SMB_READX_MAX_PAD || data_off < 0) { -+ PARANOIA("offset is larger than SMB_READX_MAX_PAD or negative!\n"); -+ PARANOIA("%d > %d || %d < 0\n", data_off, SMB_READX_MAX_PAD, data_off); - req->rq_rlen = req->rq_bufsize + 1; - return; - } -diff -urN linux-2.6.8.1/fs/smbfs/request.c linux-2.6.8.1.plasmaroo/fs/smbfs/request.c ---- linux-2.6.8.1/fs/smbfs/request.c 2004-11-06 11:27:51.000000000 +1100 -+++ linux-2.6.8.1.plasmaroo/fs/smbfs/request.c 2004-11-06 11:27:20.000000000 +1100 -@@ -588,6 +588,10 @@ - data_count = WVAL(inbuf, smb_drcnt); - - /* Modify offset for the split header/buffer we use */ -+ if (data_offset < hdrlen) -+ goto out_bad_data; -+ if (parm_offset < hdrlen) -+ goto out_bad_parm; - data_offset -= hdrlen; - parm_offset -= hdrlen; - -@@ -607,6 +611,10 @@ - req->rq_lparm = parm_count; - req->rq_data = req->rq_buffer + data_offset; - req->rq_parm = req->rq_buffer + parm_offset; -+ if (parm_offset + parm_count > req->rq_rlen) -+ goto out_bad_parm; -+ if (data_offset + data_count > req->rq_rlen) -+ goto out_bad_data; - return 0; - } - -@@ -634,6 +642,7 @@ - req->rq_trans2buffer = smb_kmalloc(buf_len, GFP_NOFS); - if (!req->rq_trans2buffer) - goto out_no_mem; -+ memset(req->rq_trans2buffer, 0, buf_len); - - req->rq_parm = req->rq_trans2buffer; - req->rq_data = req->rq_trans2buffer + parm_tot; -@@ -643,8 +652,12 @@ - - if (parm_disp + parm_count > req->rq_total_parm) - goto out_bad_parm; -+ if (parm_offset + parm_count > req->rq_rlen) -+ goto out_bad_parm; - if (data_disp + data_count > req->rq_total_data) - goto out_bad_data; -+ if (data_offset + data_count > req->rq_rlen) -+ goto out_bad_data; - - inbuf = req->rq_buffer; - memcpy(req->rq_parm + parm_disp, inbuf + parm_offset, parm_count); -@@ -657,8 +670,11 @@ - * Check whether we've received all of the data. Note that - * we use the packet totals -- total lengths might shrink! - */ -- if (req->rq_ldata >= data_tot && req->rq_lparm >= parm_tot) -+ if (req->rq_ldata >= data_tot && req->rq_lparm >= parm_tot) { -+ req->rq_ldata = data_tot; -+ req->rq_lparm = parm_tot; - return 0; -+ } - return 1; - - out_too_long: -@@ -676,13 +692,13 @@ - req->rq_errno = -EIO; - goto out; - out_bad_parm: -- printk(KERN_ERR "smb_trans2: invalid parms, disp=%d, cnt=%d, tot=%d\n", -- parm_disp, parm_count, parm_tot); -+ printk(KERN_ERR "smb_trans2: invalid parms, disp=%d, cnt=%d, tot=%d, ofs=%d\n", -+ parm_disp, parm_count, parm_tot, parm_offset); - req->rq_errno = -EIO; - goto out; - out_bad_data: -- printk(KERN_ERR "smb_trans2: invalid data, disp=%d, cnt=%d, tot=%d\n", -- data_disp, data_count, data_tot); -+ printk(KERN_ERR "smb_trans2: invalid data, disp=%d, cnt=%d, tot=%d, ofs=%d\n", -+ data_disp, data_count, data_tot, data_offset); - req->rq_errno = -EIO; - out: - return req->rq_errno; diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.vma.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.vma.patch deleted file mode 100644 index c700a9c71832..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.vma.patch +++ /dev/null @@ -1,191 +0,0 @@ -diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/arch/ia64/ia32/binfmt_elf32.c linux-dsd/arch/ia64/ia32/binfmt_elf32.c ---- linux-2.6.7-gentoo-r19/arch/ia64/ia32/binfmt_elf32.c 2004-12-02 23:32:15.424906248 +0000 -+++ linux-dsd/arch/ia64/ia32/binfmt_elf32.c 2004-12-02 23:35:26.813810712 +0000 -@@ -82,7 +82,11 @@ ia64_elf32_init (struct pt_regs *regs) - vma->vm_ops = &ia32_shared_page_vm_ops; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -101,7 +105,11 @@ ia64_elf32_init (struct pt_regs *regs) - vma->vm_flags = VM_READ|VM_WRITE|VM_MAYREAD|VM_MAYWRITE; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -149,7 +157,7 @@ ia32_setup_arg_pages (struct linux_binpr - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - - stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - mm->arg_start = bprm->p + stack_base; -@@ -182,8 +190,12 @@ ia32_setup_arg_pages (struct linux_binpr - else - mpnt->vm_flags = VM_STACK_FLAGS; - mpnt->vm_page_prot = (mpnt->vm_flags & VM_EXEC)? -- PAGE_COPY_EXEC: PAGE_COPY; -- insert_vm_struct(current->mm, mpnt); -+ PAGE_COPY_EXEC: PAGE_COPY; -+ if ((ret = insert_vm_struct(current->mm, mpnt))) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/arch/ia64/mm/init.c linux-dsd/arch/ia64/mm/init.c ---- linux-2.6.7-gentoo-r19/arch/ia64/mm/init.c 2004-12-02 23:32:15.425906096 +0000 -+++ linux-dsd/arch/ia64/mm/init.c 2004-12-02 23:36:46.937630040 +0000 -@@ -129,7 +129,13 @@ ia64_init_addr_space (void) - vma->vm_end = vma->vm_start + PAGE_SIZE; - vma->vm_page_prot = protection_map[VM_DATA_DEFAULT_FLAGS & 0x7]; - vma->vm_flags = VM_READ|VM_WRITE|VM_MAYREAD|VM_MAYWRITE|VM_GROWSUP; -- insert_vm_struct(current->mm, vma); -+ down_write(¤t->mm->mmap_sem); -+ if (insert_vm_struct(current->mm, vma)) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return; -+ } -+ up_write(¤t->mm->mmap_sem); - } - - /* map NaT-page at address zero to speed up speculative dereferencing of NULL: */ -@@ -141,7 +147,13 @@ ia64_init_addr_space (void) - vma->vm_end = PAGE_SIZE; - vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT); - vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO | VM_RESERVED; -- insert_vm_struct(current->mm, vma); -+ down_write(¤t->mm->mmap_sem); -+ if (insert_vm_struct(current->mm, vma)) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return; -+ } -+ up_write(¤t->mm->mmap_sem); - } - } - } -diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/arch/s390/kernel/compat_exec.c linux-dsd/arch/s390/kernel/compat_exec.c ---- linux-2.6.7-gentoo-r19/arch/s390/kernel/compat_exec.c 2004-12-02 23:32:15.426905944 +0000 -+++ linux-dsd/arch/s390/kernel/compat_exec.c 2004-12-02 23:39:18.846536376 +0000 -@@ -39,7 +39,7 @@ int setup_arg_pages32(struct linux_binpr - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - - stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - mm->arg_start = bprm->p + stack_base; -@@ -68,7 +68,11 @@ int setup_arg_pages32(struct linux_binpr - /* executable stack setting would be applied here */ - mpnt->vm_page_prot = PAGE_COPY; - mpnt->vm_flags = VM_STACK_FLAGS; -- insert_vm_struct(mm, mpnt); -+ if ((ret = insert_vm_struct(mm, mpnt))) { -+ up_write(&mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/arch/x86_64/ia32/ia32_binfmt.c linux-dsd/arch/x86_64/ia32/ia32_binfmt.c ---- linux-2.6.7-gentoo-r19/arch/x86_64/ia32/ia32_binfmt.c 2004-12-02 23:32:15.427905792 +0000 -+++ linux-dsd/arch/x86_64/ia32/ia32_binfmt.c 2004-12-02 23:41:30.438531352 +0000 -@@ -330,7 +330,7 @@ int setup_arg_pages(struct linux_binprm - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - - stack_base = IA32_STACK_TOP - MAX_ARG_PAGES * PAGE_SIZE; - mm->arg_start = bprm->p + stack_base; -@@ -364,7 +364,11 @@ int setup_arg_pages(struct linux_binprm - mpnt->vm_flags = vm_stack_flags32; - mpnt->vm_page_prot = (mpnt->vm_flags & VM_EXEC) ? - PAGE_COPY_EXEC : PAGE_COPY; -- insert_vm_struct(mm, mpnt); -+ if ((ret = insert_vm_struct(mm, mpnt))) { -+ up_write(&mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/fs/exec.c linux-dsd/fs/exec.c ---- linux-2.6.7-gentoo-r19/fs/exec.c 2004-12-02 23:32:15.428905640 +0000 -+++ linux-dsd/fs/exec.c 2004-12-02 23:33:06.941074600 +0000 -@@ -342,7 +342,7 @@ int setup_arg_pages(struct linux_binprm - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - long arg_size; - - #ifdef CONFIG_STACK_GROWSUP -@@ -413,7 +413,6 @@ int setup_arg_pages(struct linux_binprm - - down_write(&mm->mmap_sem); - { -- struct vm_area_struct *vma; - mpnt->vm_mm = mm; - #ifdef CONFIG_STACK_GROWSUP - mpnt->vm_start = stack_base; -diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/include/linux/mm.h linux-dsd/include/linux/mm.h ---- linux-2.6.7-gentoo-r19/include/linux/mm.h 2004-12-02 23:32:15.430905336 +0000 -+++ linux-dsd/include/linux/mm.h 2004-12-02 23:33:06.942074448 +0000 -@@ -623,7 +623,7 @@ extern struct vm_area_struct *vma_merge( - extern struct anon_vma *find_mergeable_anon_vma(struct vm_area_struct *); - extern int split_vma(struct mm_struct *, - struct vm_area_struct *, unsigned long addr, int new_below); --extern void insert_vm_struct(struct mm_struct *, struct vm_area_struct *); -+extern int insert_vm_struct(struct mm_struct *, struct vm_area_struct *); - extern void __vma_link_rb(struct mm_struct *, struct vm_area_struct *, - struct rb_node **, struct rb_node *); - extern struct vm_area_struct *copy_vma(struct vm_area_struct **, -diff -urNp -X /usr/src/dontdiff linux-2.6.7-gentoo-r19/mm/mmap.c linux-dsd/mm/mmap.c ---- linux-2.6.7-gentoo-r19/mm/mmap.c 2004-12-02 23:32:15.432905032 +0000 -+++ linux-dsd/mm/mmap.c 2004-12-02 23:33:06.944074144 +0000 -@@ -1722,7 +1722,7 @@ void exit_mmap(struct mm_struct *mm) - * and into the inode's i_mmap tree. If vm_file is non-NULL - * then i_mmap_lock is taken here. - */ --void insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) -+int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) - { - struct vm_area_struct * __vma, * prev; - struct rb_node ** rb_link, * rb_parent; -@@ -1745,8 +1745,9 @@ void insert_vm_struct(struct mm_struct * - } - __vma = find_vma_prepare(mm,vma->vm_start,&prev,&rb_link,&rb_parent); - if (__vma && __vma->vm_start < vma->vm_end) -- BUG(); -+ return -ENOMEM; - vma_link(mm, vma, prev, rb_link, rb_parent); -+ return 0; - } - - /* diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources.77094.patch b/sys-kernel/uclinux-sources/files/uclinux-sources.77094.patch deleted file mode 100644 index cc3a1552c83d..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources.77094.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ur linux-2.4.28/drivers/char/random.c linux-2.4.28.plasmaroo/drivers/char/random.c ---- linux-2.4.28/drivers/char/random.c 2004-11-17 11:54:21.000000000 +0000 -+++ linux-2.4.28.plasmaroo/drivers/char/random.c 2005-01-08 02:54:49.198635736 +0000 -@@ -1787,7 +1787,7 @@ - void *oldval, size_t *oldlenp, - void *newval, size_t newlen, void **context) - { -- int len; -+ size_t len; - - sysctl_poolsize = random_state->poolinfo.POOLBYTES; - diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources.AF_UNIX.patch b/sys-kernel/uclinux-sources/files/uclinux-sources.AF_UNIX.patch deleted file mode 100644 index 6ced78404a2d..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources.AF_UNIX.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- linux-2.4.27/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00 -+++ linux-2.4.28/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00 -@@ -1403,9 +1403,11 @@ - - msg->msg_namelen = 0; - -+ down(&sk->protinfo.af_unix.readsem); -+ - skb = skb_recv_datagram(sk, flags, noblock, &err); - if (!skb) -- goto out; -+ goto out_unlock; - - wake_up_interruptible(&sk->protinfo.af_unix.peer_wait); - -@@ -1449,6 +1451,8 @@ - - out_free: - skb_free_datagram(sk,skb); -+out_unlock: -+ up(&sk->protinfo.af_unix.readsem); - out: - return err; - } diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources.CAN-2004-0497.patch b/sys-kernel/uclinux-sources/files/uclinux-sources.CAN-2004-0497.patch deleted file mode 100644 index 41b3196f84ea..000000000000 --- a/sys-kernel/uclinux-sources/files/uclinux-sources.CAN-2004-0497.patch +++ /dev/null @@ -1,26 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/07/02 20:55:04-07:00 chrisw@osdl.org -# [PATCH] chown permission check fix for ATTR_GID -# -# SuSE discovered this problem with chown and ATTR_GID. Make sure user -# is authorized to change the group, CAN-2004-0497. -# -# fs/attr.c -# 2004/07/02 09:07:32-07:00 chrisw@osdl.org +2 -1 -# chown permission check fix for ATTR_GID -# -diff -Nru a/fs/attr.c b/fs/attr.c ---- a/fs/attr.c 2004-07-08 16:35:57 -07:00 -+++ b/fs/attr.c 2004-07-08 16:35:57 -07:00 -@@ -35,7 +35,8 @@ - - /* Make sure caller can chgrp. */ - if ((ia_valid & ATTR_GID) && -- (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid) && -+ (current->fsuid != inode->i_uid || -+ (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && - !capable(CAP_CHOWN)) - goto error; - diff --git a/sys-kernel/uclinux-sources/uclinux-sources-2.4.26_p0-r12.ebuild b/sys-kernel/uclinux-sources/uclinux-sources-2.4.26_p0-r12.ebuild deleted file mode 100644 index f436328f962b..000000000000 --- a/sys-kernel/uclinux-sources/uclinux-sources-2.4.26_p0-r12.ebuild +++ /dev/null @@ -1,73 +0,0 @@ -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/uclinux-sources-2.4.26_p0-r12.ebuild,v 1.1 2005/01/09 10:59:22 plasmaroo Exp $ - -IUSE="" - -ETYPE="sources" -inherit kernel eutils -OKV="`echo ${PV}|sed -e 's:^\([0-9]\+\.[0-9]\+\.[0-9]\+\).*:\1:'`" -POV="${PN}-${OKV}" - -EXTRAVERSION="uc${PV/*_p/}" -[ ! "${PR}" == "r0" ] && EXTRAVERSION="${EXTRAVERSION}-${PR}" -KV="${OKV}-${EXTRAVERSION}" - -# Get the major & minor kernel version -MMV=`echo $PV | awk -F. '{print $1"."$2}'` - -patch="diff" -base="uClinux" -if [ ${MMV} == "2.6" ]; then - patch="patch" - base="linux" -fi - -MY_P=linux-${PV/_p/-uc} - -S=${WORKDIR}/linux-${KV} -DESCRIPTION="uCLinux kernel patches for CPUs without MMUs" -SRC_URI="mirror://kernel/v${MMV}/linux-${OKV}.tar.bz2 - http://www.uclinux.org/pub/uClinux/uClinux-${MMV}.x/${MY_P/linux/${base}}.${patch}.gz - http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/${POV}-CAN-2004-0415.patch - http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-${OKV}-CAN-2004-0814.2.patch" - -HOMEPAGE="http://www.uclinux.org/" -KEYWORDS="~x86 -ppc" -SLOT="${KV}" - -src_unpack() { - unpack ${A} - mv linux-${OKV} linux-${KV} || die - - cd linux-${KV} - epatch ../${MY_P/linux/${base}}.${patch} || die "Failed to apply uClinux patch!" - - set MY_ARCH=${ARCH} - unset ARCH - rm ../${MY_P/linux/${base}}.${patch} - - epatch ${FILESDIR}/${P}.CAN-2004-0394.patch || die "Failed to add the CAN-2004-0394 patch!" - epatch ${DISTDIR}/${POV}-CAN-2004-0415.patch || die "Failed to add the CAN-2004-0415 patch!" - epatch ${FILESDIR}/${P}.CAN-2004-0495.patch || die "Failed to add the CAN-2004-0495 patch!" - epatch ${FILESDIR}/${PN}.CAN-2004-0497.patch || die "Failed to add the CAN-2004-0497 patch!" - epatch ${FILESDIR}/${P}.CAN-2004-0535.patch || die "Failed to add the CAN-2004-0535 patch!" - epatch ${FILESDIR}/${P}.CAN-2004-0685.patch || die "Failed to add the CAN-2004-0685 patch!" - epatch ${DISTDIR}/linux-${OKV}-CAN-2004-0814.patch || die "Failed to add the CAN-2004-0814 patch!" - epatch ${FILESDIR}/${P}.FPULockup-53804.patch || die "Failed to apply FPU-lockup patch!" - epatch ${FILESDIR}/${P}.cmdlineLeak.patch || die "Failed to apply the /proc/cmdline patch!" - epatch ${FILESDIR}/${P}.XDRWrapFix.patch || die "Failed to apply the kNFSd XDR patch!" - epatch ${FILESDIR}/${P}.binfmt_elf.patch || die "Failed to apply the binfmt_elf patch!" - epatch ${FILESDIR}/${P}.smbfs.patch || die "Failed to apply the SMBFS patch!" - epatch ${FILESDIR}/${PN}.AF_UNIX.patch || die "Failed to apply the AF_UNIX patch!" - epatch ${FILESDIR}/${P}.binfmt_a.out.patch || die "Failed to apply the a.out patch!" - epatch ${FILESDIR}/${P}.vma.patch || die "Failed to apply the VMA patch!" - epatch ${FILESDIR}/${P}.CAN-2004-1016.patch || die "Failed to apply the CAN-2004-1016 patch!" - epatch ${FILESDIR}/${P}.CAN-2004-1056.patch || die "Failed to apply the CAN-2004-1056 patch!" - epatch ${FILESDIR}/${P}.CAN-2004-1137.patch || die "Failed to apply the CAN-2004-1137 patch!" - epatch ${FILESDIR}/${PN}.77094.patch || die "Failed to apply bug #77094 patch!" - epatch ${FILESDIR}/${P}.brk-locked.patch || die "Failed to apply do_brk_locked() patch!" - - kernel_universal_unpack - set ARCH=${MY_ARCH} -} diff --git a/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r14.ebuild b/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r14.ebuild deleted file mode 100644 index 4e19d56c3872..000000000000 --- a/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r14.ebuild +++ /dev/null @@ -1,73 +0,0 @@ -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r14.ebuild,v 1.1 2005/01/09 11:18:40 plasmaroo Exp $ - -IUSE="" - -ETYPE="sources" -inherit kernel eutils -OKV="`echo ${PV}|sed -e 's:^\([0-9]\+\.[0-9]\+\.[0-9]\+\).*:\1:'`" - -EXTRAVERSION="uc${PV/*_p/}" -[ "${PR}" != "r0" ] && EXTRAVERSION="${EXTRAVERSION}-${PR}" -KV="${OKV}-${EXTRAVERSION}" - -# Get the major & minor kernel version -MMV=`echo $PV | awk -F. '{print $1"."$2}'` - -patch="diff" -base="uClinux" -if [ ${MMV} == "2.6" ]; then - patch="patch" - base="linux" -fi - -MY_P=linux-${PV/_p/-uc} - -S=${WORKDIR}/linux-${KV} -DESCRIPTION="uCLinux kernel patches for CPUs without MMUs" -SRC_URI="mirror://kernel/v${MMV}/linux-${OKV}.tar.bz2 - http://www.uclinux.org/pub/uClinux/uClinux-${MMV}.x/${MY_P/linux/${base}}.${patch}.gz - http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-${OKV}-CAN-2004-0415.patch - http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-${OKV}-CAN-2004-0814.patch" - -HOMEPAGE="http://www.uclinux.org/" -KEYWORDS="~x86 -ppc" -SLOT="${KV}" - -src_unpack() { - unpack ${A} - mv linux-${OKV} linux-${KV} || die - - cd linux-${KV} - epatch ../${MY_P/linux/${base}}.${patch} || die "Failed to apply uClinux patch!" - epatch ${DISTDIR}/linux-${OKV}-CAN-2004-0415.patch || die "Failed to add the CAN-2004-0415 patch!" - epatch ${FILESDIR}/${PN}.CAN-2004-0497.patch || die "Failed to add the CAN-2004-0497 patch!" - epatch ${FILESDIR}/${PN}-2.6.CAN-2004-0596.patch || die "Failed to apply the CAN-2004-0596 security patch!" - epatch ${DISTDIR}/linux-${OKV}-CAN-2004-0814.patch || die "Failed to add the CAN-2004-0814 patch!" - epatch ${FILESDIR}/${PN}-2.6.IPTables-RDoS.patch || die "Failed to apply the IPTables RDoS security patch!" - epatch ${FILESDIR}/${PN}-2.6.ProcPerms.patch || die "Failed to apply the /proc permissions security patch!" - epatch ${FILESDIR}/${PN}-2.6.cmdlineLeak.patch || die "Failed to apply the /proc/cmdline patch!" - epatch ${FILESDIR}/${PN}-2.6.CAN-2004-0816.patch || die "Failed to apply the CAN-2004-0816 patch!" - epatch ${FILESDIR}/${PN}-2.6.devPtmx.patch || die "Failed to apply /dev/ptmx patch!" - epatch ${FILESDIR}/${PN}-2.6.binfmt_elf.patch || die "Failed to apply binfmt_elf patch!" - epatch ${FILESDIR}/${PN}-2.6.smbfs.patch || die "Failed to apply SMBFS patch!" - epatch ${FILESDIR}/${PN}-2.6.AF_UNIX.patch || die "Failed to apply the AF_UNIX patch!" - epatch ${FILESDIR}/${PN}-2.6.AF_UNIX.SELinux.patch || die "Failed to apply the AF_UNIX SELinux-fix patch!" - epatch ${FILESDIR}/${PN}-2.6.binfmt_a.out.patch || die "Failed to apply the a.out patch!" - epatch ${FILESDIR}/${PN}-2.6.vma.patch || die "Failed to apply the VMA patch!" - epatch ${FILESDIR}/${PN}-2.6.CAN-2004-1016.patch || die "Failed to apply the CAN-2004-1016 patch!" - epatch ${FILESDIR}/${PN}-2.6.CAN-2004-1056.patch || die "Failed to apply the CAN-2004-1056 patch!" - epatch ${FILESDIR}/${PN}-2.6.CAN-2004-1137.patch || die "Failed to apply the CAN-2004-1137 patch!" - epatch ${FILESDIR}/${PN}-2.6.CAN-2004-1151.patch || die "Failed to apply the CAN-2004-1151 patch!" - epatch ${FILESDIR}/${PN}-2.6.77094.patch || die "Failed to apply bug #77094 patch!" - epatch ${FILESDIR}/${PN}-2.6.brk-locked.patch || die "Failed to apply do_brk_locked() patch!" - epatch ${FILESDIR}/${PN}-2.6.75963.patch || die "Failed to apply bug #75963 patch!" - - set MY_ARCH=${ARCH} - unset ARCH - rm ../${MY_P/linux/${base}}.${patch} - - kernel_universal_unpack - set ARCH=${MY_ARCH} -} |