summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Yamin <plasmaroo@gentoo.org>2005-01-09 17:03:25 +0000
committerTim Yamin <plasmaroo@gentoo.org>2005-01-09 17:03:25 +0000
commit4b4d8dfdea941a87e43e95cbf3677b3eeff6ce70 (patch)
tree785ad2057b0695dadbe79ada3c0f8878bf145e40 /sys-kernel/xbox-sources/files
parentChangeLog fix. (diff)
downloadhistorical-4b4d8dfdea941a87e43e95cbf3677b3eeff6ce70.tar.gz
historical-4b4d8dfdea941a87e43e95cbf3677b3eeff6ce70.tar.bz2
historical-4b4d8dfdea941a87e43e95cbf3677b3eeff6ce70.zip
Security bump; fixes bugs #75963, #77025 and #77094.
Diffstat (limited to 'sys-kernel/xbox-sources/files')
-rw-r--r--sys-kernel/xbox-sources/files/digest-xbox-sources-2.4.28-r3 (renamed from sys-kernel/xbox-sources/files/digest-xbox-sources-2.4.28-r2)0
-rw-r--r--sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.10-r1 (renamed from sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.10)0
-rw-r--r--sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.8.1-r83
-rw-r--r--sys-kernel/xbox-sources/files/xbox-sources-2.4.28.77094.patch12
-rw-r--r--sys-kernel/xbox-sources/files/xbox-sources-2.4.28.brk-locked.patch247
-rw-r--r--sys-kernel/xbox-sources/files/xbox-sources-2.6.10.75963.patch32
-rw-r--r--sys-kernel/xbox-sources/files/xbox-sources-2.6.10.77094.patch163
-rw-r--r--sys-kernel/xbox-sources/files/xbox-sources-2.6.10.brk-locked.patch303
-rw-r--r--sys-kernel/xbox-sources/files/xbox-sources-2.6.10.smbfs.patch (renamed from sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.smbfs.patch)23
-rw-r--r--sys-kernel/xbox-sources/files/xbox-sources-2.6.7.cmdlineLeak.patch12
-rw-r--r--sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.AF_UNIX.SELinux.patch61
-rw-r--r--sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.AF_UNIX.patch24
-rw-r--r--sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1016.patch75
-rw-r--r--sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1137.patch77
-rw-r--r--sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1151.patch35
-rw-r--r--sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.binfmt_a.out.patch63
-rw-r--r--sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.binfmt_elf.patch85
-rw-r--r--sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.devPtmx.patch21
-rw-r--r--sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.vma.patch205
19 files changed, 758 insertions, 683 deletions
diff --git a/sys-kernel/xbox-sources/files/digest-xbox-sources-2.4.28-r2 b/sys-kernel/xbox-sources/files/digest-xbox-sources-2.4.28-r3
index 44a45c606aa5..44a45c606aa5 100644
--- a/sys-kernel/xbox-sources/files/digest-xbox-sources-2.4.28-r2
+++ b/sys-kernel/xbox-sources/files/digest-xbox-sources-2.4.28-r3
diff --git a/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.10 b/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.10-r1
index c6801f17ace1..c6801f17ace1 100644
--- a/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.10
+++ b/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.10-r1
diff --git a/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.8.1-r8 b/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.8.1-r8
deleted file mode 100644
index 088326d79b41..000000000000
--- a/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.8.1-r8
+++ /dev/null
@@ -1,3 +0,0 @@
-MD5 9517ca999e822b898fbdc7e72796b1aa linux-2.6.8.1.tar.bz2 35628066
-MD5 8b6d38cf36d9ef869e41761e3165b64a xboxpatches-2.6.8.1-20041104-r1.tar.bz2 155759
-MD5 a982d764db8b017f67f9d74912c15b41 linux-2.6.8.1-CAN-2004-0814.patch 130062
diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.4.28.77094.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.4.28.77094.patch
new file mode 100644
index 000000000000..cc3a1552c83d
--- /dev/null
+++ b/sys-kernel/xbox-sources/files/xbox-sources-2.4.28.77094.patch
@@ -0,0 +1,12 @@
+diff -ur linux-2.4.28/drivers/char/random.c linux-2.4.28.plasmaroo/drivers/char/random.c
+--- linux-2.4.28/drivers/char/random.c 2004-11-17 11:54:21.000000000 +0000
++++ linux-2.4.28.plasmaroo/drivers/char/random.c 2005-01-08 02:54:49.198635736 +0000
+@@ -1787,7 +1787,7 @@
+ void *oldval, size_t *oldlenp,
+ void *newval, size_t newlen, void **context)
+ {
+- int len;
++ size_t len;
+
+ sysctl_poolsize = random_state->poolinfo.POOLBYTES;
+
diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.4.28.brk-locked.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.4.28.brk-locked.patch
new file mode 100644
index 000000000000..1e1c198fd69d
--- /dev/null
+++ b/sys-kernel/xbox-sources/files/xbox-sources-2.4.28.brk-locked.patch
@@ -0,0 +1,247 @@
+diff -ur linux-2.4.28-gentoo-r4/arch/mips/kernel/irixelf.c linux-2.4.28-gentoo-r5/arch/mips/kernel/irixelf.c
+--- linux-2.4.28-gentoo-r4/arch/mips/kernel/irixelf.c 2005-01-07 20:33:12.000000000 +0000
++++ linux-2.4.28-gentoo-r5/arch/mips/kernel/irixelf.c 2005-01-07 20:20:32.000000000 +0000
+@@ -130,7 +130,7 @@
+ end = PAGE_ALIGN(end);
+ if (end <= start)
+ return;
+- do_brk(start, end - start);
++ do_brk_locked(start, end - start);
+ }
+
+
+@@ -379,7 +379,7 @@
+
+ /* Map the last of the bss segment */
+ if (last_bss > len) {
+- do_brk(len, (last_bss - len));
++ do_brk_locked(len, (last_bss - len));
+ }
+ kfree(elf_phdata);
+
+@@ -567,7 +567,7 @@
+ unsigned long v;
+ struct prda *pp;
+
+- v = do_brk (PRDA_ADDRESS, PAGE_SIZE);
++ v = do_brk_locked (PRDA_ADDRESS, PAGE_SIZE);
+
+ if (v < 0)
+ return;
+@@ -859,7 +859,7 @@
+ len = (elf_phdata->p_filesz + elf_phdata->p_vaddr+ 0xfff) & 0xfffff000;
+ bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
+ if (bss > len)
+- do_brk(len, bss-len);
++ do_brk_locked(len, bss-len);
+ kfree(elf_phdata);
+ return 0;
+ }
+diff -ur linux-2.4.28-gentoo-r4/arch/sparc64/kernel/binfmt_aout32.c linux-2.4.28-gentoo-r5/arch/sparc64/kernel/binfmt_aout32.c
+--- linux-2.4.28-gentoo-r4/arch/sparc64/kernel/binfmt_aout32.c 2005-01-07 20:33:12.000000000 +0000
++++ linux-2.4.28-gentoo-r5/arch/sparc64/kernel/binfmt_aout32.c 2005-01-07 20:20:32.000000000 +0000
+@@ -49,7 +49,7 @@
+ end = PAGE_ALIGN(end);
+ if (end <= start)
+ return;
+- do_brk(start, end - start);
++ do_brk_locked(start, end - start);
+ }
+
+ /*
+@@ -246,10 +246,10 @@
+ if (N_MAGIC(ex) == NMAGIC) {
+ loff_t pos = fd_offset;
+ /* Fuck me plenty... */
+- error = do_brk(N_TXTADDR(ex), ex.a_text);
++ error = do_brk_locked(N_TXTADDR(ex), ex.a_text);
+ bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex),
+ ex.a_text, &pos);
+- error = do_brk(N_DATADDR(ex), ex.a_data);
++ error = do_brk_locked(N_DATADDR(ex), ex.a_data);
+ bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex),
+ ex.a_data, &pos);
+ goto beyond_if;
+@@ -257,7 +257,7 @@
+
+ if (N_MAGIC(ex) == OMAGIC) {
+ loff_t pos = fd_offset;
+- do_brk(N_TXTADDR(ex) & PAGE_MASK,
++ do_brk_locked(N_TXTADDR(ex) & PAGE_MASK,
+ ex.a_text+ex.a_data + PAGE_SIZE - 1);
+ bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex),
+ ex.a_text+ex.a_data, &pos);
+@@ -272,7 +272,7 @@
+
+ if (!bprm->file->f_op->mmap) {
+ loff_t pos = fd_offset;
+- do_brk(0, ex.a_text+ex.a_data);
++ do_brk_locked(0, ex.a_text+ex.a_data);
+ bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex),
+ ex.a_text+ex.a_data, &pos);
+ goto beyond_if;
+@@ -388,7 +388,7 @@
+ len = PAGE_ALIGN(ex.a_text + ex.a_data);
+ bss = ex.a_text + ex.a_data + ex.a_bss;
+ if (bss > len) {
+- error = do_brk(start_addr + len, bss - len);
++ error = do_brk_locked(start_addr + len, bss - len);
+ retval = error;
+ if (error != start_addr + len)
+ goto out;
+diff -ur linux-2.4.28-gentoo-r4/fs/binfmt_aout.c linux-2.4.28-gentoo-r5/fs/binfmt_aout.c
+--- linux-2.4.28-gentoo-r4/fs/binfmt_aout.c 2005-01-07 20:33:12.000000000 +0000
++++ linux-2.4.28-gentoo-r5/fs/binfmt_aout.c 2005-01-07 20:20:32.000000000 +0000
+@@ -46,7 +46,7 @@
+ start = PAGE_ALIGN(start);
+ end = PAGE_ALIGN(end);
+ if (end > start) {
+- unsigned long addr = do_brk(start, end - start);
++ unsigned long addr = do_brk_locked(start, end - start);
+ if (BAD_ADDR(addr))
+ return addr;
+ }
+@@ -341,10 +341,10 @@
+ loff_t pos = fd_offset;
+ /* Fuck me plenty... */
+ /* <AOL></AOL> */
+- error = do_brk(N_TXTADDR(ex), ex.a_text);
++ error = do_brk_locked(N_TXTADDR(ex), ex.a_text);
+ bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex),
+ ex.a_text, &pos);
+- error = do_brk(N_DATADDR(ex), ex.a_data);
++ error = do_brk_locked(N_DATADDR(ex), ex.a_data);
+ bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex),
+ ex.a_data, &pos);
+ goto beyond_if;
+@@ -365,7 +365,7 @@
+ map_size = ex.a_text+ex.a_data;
+ #endif
+
+- error = do_brk(text_addr & PAGE_MASK, map_size);
++ error = do_brk_locked(text_addr & PAGE_MASK, map_size);
+ if (error != (text_addr & PAGE_MASK)) {
+ send_sig(SIGKILL, current, 0);
+ return error;
+@@ -399,7 +399,7 @@
+
+ if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) {
+ loff_t pos = fd_offset;
+- do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);
++ do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data);
+ bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex),
+ ex.a_text+ex.a_data, &pos);
+ flush_icache_range((unsigned long) N_TXTADDR(ex),
+@@ -500,7 +500,7 @@
+ error_time = jiffies;
+ }
+
+- do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);
++ do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss);
+
+ file->f_op->read(file, (char *)start_addr,
+ ex.a_text + ex.a_data, &pos);
+@@ -524,7 +524,7 @@
+ len = PAGE_ALIGN(ex.a_text + ex.a_data);
+ bss = ex.a_text + ex.a_data + ex.a_bss;
+ if (bss > len) {
+- error = do_brk(start_addr + len, bss - len);
++ error = do_brk_locked(start_addr + len, bss - len);
+ retval = error;
+ if (error != start_addr + len)
+ goto out;
+diff -ur linux-2.4.28-gentoo-r4/fs/binfmt_elf.c linux-2.4.28-gentoo-r5/fs/binfmt_elf.c
+--- linux-2.4.28-gentoo-r4/fs/binfmt_elf.c 2005-01-07 20:33:12.000000000 +0000
++++ linux-2.4.28-gentoo-r5/fs/binfmt_elf.c 2005-01-07 20:20:46.000000000 +0000
+@@ -88,7 +88,7 @@
+ end = ELF_PAGEALIGN(end);
+ if (end <= start)
+ return;
+- do_brk(start, end - start);
++ do_brk_locked(start, end - start);
+ }
+
+
+@@ -370,7 +370,7 @@
+
+ /* Map the last of the bss segment */
+ if (last_bss > elf_bss)
+- do_brk(elf_bss, last_bss - elf_bss);
++ do_brk_locked(elf_bss, last_bss - elf_bss);
+
+ *interp_load_addr = load_addr;
+ error = ((unsigned long) interp_elf_ex->e_entry) + load_addr;
+@@ -407,7 +407,7 @@
+ goto out;
+ }
+
+- do_brk(0, text_data);
++ do_brk_locked(0, text_data);
+ if (!interpreter->f_op || !interpreter->f_op->read)
+ goto out;
+ if (interpreter->f_op->read(interpreter, addr, text_data, &offset) < 0)
+@@ -415,7 +415,7 @@
+ flush_icache_range((unsigned long)addr,
+ (unsigned long)addr + text_data);
+
+- do_brk(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1),
++ do_brk_locked(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1),
+ interp_ex->a_bss);
+ elf_entry = interp_ex->a_entry;
+
+@@ -1271,7 +1271,7 @@
+ len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1);
+ bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
+ if (bss > len)
+- do_brk(len, bss - len);
++ do_brk_locked(len, bss - len);
+ error = 0;
+
+ out_free_ph:
+diff -ur linux-2.4.28-gentoo-r4/include/linux/mm.h linux-2.4.28-gentoo-r5/include/linux/mm.h
+--- linux-2.4.28-gentoo-r4/include/linux/mm.h 2005-01-07 20:33:12.000000000 +0000
++++ linux-2.4.28-gentoo-r5/include/linux/mm.h 2005-01-07 20:20:32.000000000 +0000
+@@ -601,6 +601,7 @@
+ extern int do_munmap(struct mm_struct *, unsigned long, size_t);
+
+ extern unsigned long do_brk(unsigned long, unsigned long);
++extern unsigned long do_brk_locked(unsigned long, unsigned long);
+
+ static inline void __vma_unlink(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct * prev)
+ {
+diff -ur linux-2.4.28-gentoo-r4/kernel/ksyms.c linux-2.4.28-gentoo-r5/kernel/ksyms.c
+--- linux-2.4.28-gentoo-r4/kernel/ksyms.c 2005-01-07 20:33:12.000000000 +0000
++++ linux-2.4.28-gentoo-r5/kernel/ksyms.c 2005-01-07 20:20:32.000000000 +0000
+@@ -90,6 +90,7 @@
+ EXPORT_SYMBOL(__do_mmap_pgoff);
+ EXPORT_SYMBOL(do_munmap);
+ EXPORT_SYMBOL(do_brk);
++EXPORT_SYMBOL(do_brk_locked);
+ EXPORT_SYMBOL(exit_mm);
+ EXPORT_SYMBOL(exit_files);
+ EXPORT_SYMBOL(exit_fs);
+diff -ur linux-2.4.28-gentoo-r4/mm/mmap.c linux-2.4.28-gentoo-r5/mm/mmap.c
+--- linux-2.4.28-gentoo-r4/mm/mmap.c 2005-01-07 20:33:12.000000000 +0000
++++ linux-2.4.28-gentoo-r5/mm/mmap.c 2005-01-07 20:20:32.000000000 +0000
+@@ -1401,6 +1401,21 @@
+ return addr;
+ }
+
++/* locking version of do_brk. */
++unsigned long do_brk_locked(unsigned long addr, unsigned long len)
++{
++ unsigned long ret;
++
++ down_write(&current->mm->mmap_sem);
++ ret = do_brk(addr, len);
++ up_write(&current->mm->mmap_sem);
++
++ return ret;
++}
++
++
++
++
+ /* Build the RB tree corresponding to the VMA list. */
+ void build_mmap_rb(struct mm_struct * mm)
+ {
diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.75963.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.75963.patch
new file mode 100644
index 000000000000..80390f13bd73
--- /dev/null
+++ b/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.75963.patch
@@ -0,0 +1,32 @@
+--- linux-2.6.10/security/dummy.c 2004-12-24 21:34:26.000000000 +0000
++++ linux-2.6.10.plasmaroo/security/dummy.c 2005-01-07 20:13:50.763073872 +0000
+@@ -74,11 +74,8 @@
+
+ static int dummy_capable (struct task_struct *tsk, int cap)
+ {
+- if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0)
+- /* capability granted */
++ if (cap_raised (tsk->cap_effective, cap))
+ return 0;
+-
+- /* capability denied */
+ return -EPERM;
+ }
+
+@@ -191,6 +188,8 @@
+
+ current->suid = current->euid = current->fsuid = bprm->e_uid;
+ current->sgid = current->egid = current->fsgid = bprm->e_gid;
++
++ dummy_capget(current, &current->cap_effective, &current->cap_inheritable, &current->cap_permitted);
+ }
+
+ static int dummy_bprm_set_security (struct linux_binprm *bprm)
+@@ -550,6 +549,7 @@
+
+ static int dummy_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags)
+ {
++ dummy_capget(current, &current->cap_effective, &current->cap_inheritable, &current->cap_permitted);
+ return 0;
+ }
+
diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.77094.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.77094.patch
new file mode 100644
index 000000000000..bc4ba1a9a207
--- /dev/null
+++ b/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.77094.patch
@@ -0,0 +1,163 @@
+diff -urNp linux-2.6.10/drivers/char/moxa.c linux-2.6.10-new/drivers/char/moxa.c
+--- linux-2.6.10/drivers/char/moxa.c 2005-01-07 10:51:23 -0500
++++ linux-2.6.10-new/drivers/char/moxa.c 2005-01-07 10:51:33 -0500
+@@ -1668,6 +1668,8 @@ int MoxaDriverIoctl(unsigned int cmd, un
+ return -EFAULT;
+ if(dltmp.cardno < 0 || dltmp.cardno >= MAX_BOARDS)
+ return -EINVAL;
++ if(dltmp.len < 0 || dltmp.len > sizeof(moxaBuff))
++ return -EINVAL;
+
+ switch(cmd)
+ {
+@@ -2822,8 +2824,6 @@ static int moxaload320b(int cardno, unsi
+ void __iomem *baseAddr;
+ int i;
+
+- if(len > sizeof(moxaBuff))
+- return -EINVAL;
+ if(copy_from_user(moxaBuff, tmp, len))
+ return -EFAULT;
+ baseAddr = moxaBaseAddr[cardno];
+diff -urNp linux-2.6.10/drivers/block/scsi_ioctl.c linux-2.6.10-new/drivers/block/scsi_ioctl.c
+--- linux-2.6.10/drivers/block/scsi_ioctl.c 2005-01-07 10:51:24 -0500
++++ linux-2.6.10-new/drivers/block/scsi_ioctl.c 2005-01-07 10:51:33 -0500
+@@ -339,7 +339,8 @@ static int sg_scsi_ioctl(struct file *fi
+ struct gendisk *bd_disk, Scsi_Ioctl_Command __user *sic)
+ {
+ struct request *rq;
+- int err, in_len, out_len, bytes, opcode, cmdlen;
++ unsigned int in_len, out_len, bytes, opcode, cmdlen;
++ int err;
+ char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE];
+
+ /*
+diff -urNp linux-2.6.10/include/linux/writeback.h linux-2.6.10-new/include/linux/writeback.h
+--- linux-2.6.10/include/linux/writeback.h 2005-01-07 10:51:22 -0500
++++ linux-2.6.10-new/include/linux/writeback.h 2005-01-07 10:51:33 -0500
+@@ -86,6 +86,7 @@ static inline void wait_on_inode(struct
+ int wakeup_bdflush(long nr_pages);
+ void laptop_io_completion(void);
+ void laptop_sync_completion(void);
++void throttle_vm_writeout(void);
+
+ /* These are exported to sysctl. */
+ extern int dirty_background_ratio;
+diff -urNp linux-2.6.10/drivers/char/random.c linux-2.6.10-new/drivers/char/random.c
+--- linux-2.6.10/drivers/char/random.c 2005-01-07 10:51:23 -0500
++++ linux-2.6.10-new/drivers/char/random.c 2005-01-07 10:51:33 -0500
+@@ -1912,7 +1912,7 @@ static int poolsize_strategy(ctl_table *
+ void __user *oldval, size_t __user *oldlenp,
+ void __user *newval, size_t newlen, void **context)
+ {
+- int len;
++ size_t len;
+
+ sysctl_poolsize = random_state->poolinfo.POOLBYTES;
+
+diff -urNp linux-2.6.10/mm/mmap.c linux-2.6.10-new/mm/mmap.c
+--- linux-2.6.10/mm/mmap.c 2004-12-24 22:35:00.000000000 +0100
++++ linux-2.6.10-new/mm/mmap.c 2004-12-27 16:37:47.000000000 +0100
+@@ -1360,6 +1360,13 @@ int expand_stack(struct vm_area_struct *
+ vm_unacct_memory(grow);
+ return -ENOMEM;
+ }
++ if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) &&
++ ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) >
++ current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) {
++ anon_vma_unlock(vma);
++ vm_unacct_memory(grow);
++ return -ENOMEM;
++ }
+ vma->vm_end = address;
+ vma->vm_mm->total_vm += grow;
+ if (vma->vm_flags & VM_LOCKED)
+@@ -1422,6 +1429,13 @@ int expand_stack(struct vm_area_struct *
+ vm_unacct_memory(grow);
+ return -ENOMEM;
+ }
++ if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) &&
++ ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) >
++ current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) {
++ anon_vma_unlock(vma);
++ vm_unacct_memory(grow);
++ return -ENOMEM;
++ }
+ vma->vm_start = address;
+ vma->vm_pgoff -= grow;
+ vma->vm_mm->total_vm += grow;
+diff -urNp linux-2.6.10/mm/page-writeback.c linux-2.6.10-new/mm/page-writeback.c
+--- linux-2.6.10/mm/page-writeback.c 2005-01-07 10:51:24 -0500
++++ linux-2.6.10-new/mm/page-writeback.c 2005-01-07 10:51:33 -0500
+@@ -276,6 +276,28 @@ void balance_dirty_pages_ratelimited(str
+ }
+ EXPORT_SYMBOL(balance_dirty_pages_ratelimited);
+
++void throttle_vm_writeout(void)
++{
++ struct writeback_state wbs;
++ long background_thresh;
++ long dirty_thresh;
++
++ for ( ; ; ) {
++ get_dirty_limits(&wbs, &background_thresh, &dirty_thresh);
++
++ /*
++ * Boost the allowable dirty threshold a bit for page
++ * allocators so they don't get DoS'ed by heavy writers
++ */
++ dirty_thresh += dirty_thresh / 10; /* wheeee... */
++
++ if (wbs.nr_unstable + wbs.nr_writeback <= dirty_thresh)
++ break;
++ blk_congestion_wait(WRITE, HZ/10);
++ }
++}
++
++
+ /*
+ * writeback at least _min_pages, and keep writing until the amount of dirty
+ * memory is less than the background threshold, or until we're all clean.
+diff -urNp linux-2.6.10/mm/vmscan.c linux-2.6.10-new/mm/vmscan.c
+--- linux-2.6.10/mm/vmscan.c 2005-01-07 10:51:24 -0500
++++ linux-2.6.10-new/mm/vmscan.c 2005-01-07 10:51:33 -0500
+@@ -369,14 +369,14 @@ static int shrink_list(struct list_head
+
+ BUG_ON(PageActive(page));
+
+- if (PageWriteback(page))
+- goto keep_locked;
+-
+ sc->nr_scanned++;
+ /* Double the slab pressure for mapped and swapcache pages */
+ if (page_mapped(page) || PageSwapCache(page))
+ sc->nr_scanned++;
+
++ if (PageWriteback(page))
++ goto keep_locked;
++
+ referenced = page_referenced(page, 1, sc->priority <= 0);
+ /* In active use or really unfreeable? Activate it. */
+ if (referenced && page_mapping_inuse(page))
+@@ -825,6 +825,8 @@ shrink_zone(struct zone *zone, struct sc
+ break;
+ }
+ }
++
++ throttle_vm_writeout();
+ }
+
+ /*
+diff -urNp linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_tcp.c linux-2.6.10-new/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+--- linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2005-01-07 10:51:24 -0500
++++ linux-2.6.10-new/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2005-01-07 10:51:33 -0500
+@@ -906,7 +906,8 @@ static int tcp_packet(struct ip_conntrac
+ if (index == TCP_RST_SET
+ && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)
+ && conntrack->proto.tcp.last_index <= TCP_SYNACK_SET)
+- || conntrack->proto.tcp.last_index == TCP_ACK_SET)
++ || (!test_bit(IPS_ASSURED_BIT, &conntrack->status)
++ && conntrack->proto.tcp.last_index == TCP_ACK_SET))
+ && after(ntohl(th->ack_seq),
+ conntrack->proto.tcp.last_seq)) {
+ /* Ignore RST closing down invalid SYN or ACK
diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.brk-locked.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.brk-locked.patch
new file mode 100644
index 000000000000..6095e844d5f1
--- /dev/null
+++ b/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.brk-locked.patch
@@ -0,0 +1,303 @@
+diff -ur linux-2.6.10/arch/mips/kernel/irixelf.c linux-2.6.10.plasmaroo/arch/mips/kernel/irixelf.c
+--- linux-2.6.10/arch/mips/kernel/irixelf.c 2004-12-24 21:35:50.000000000 +0000
++++ linux-2.6.10.plasmaroo/arch/mips/kernel/irixelf.c 2005-01-07 15:36:00.383356800 +0000
+@@ -127,7 +127,7 @@
+ end = PAGE_ALIGN(end);
+ if (end <= start)
+ return;
+- do_brk(start, end - start);
++ do_brk_locked(start, end - start);
+ }
+
+
+@@ -375,7 +375,7 @@
+
+ /* Map the last of the bss segment */
+ if (last_bss > len) {
+- do_brk(len, (last_bss - len));
++ do_brk_locked(len, (last_bss - len));
+ }
+ kfree(elf_phdata);
+
+@@ -562,7 +562,7 @@
+ unsigned long v;
+ struct prda *pp;
+
+- v = do_brk (PRDA_ADDRESS, PAGE_SIZE);
++ v = do_brk_locked (PRDA_ADDRESS, PAGE_SIZE);
+
+ if (v < 0)
+ return;
+@@ -853,7 +853,7 @@
+ len = (elf_phdata->p_filesz + elf_phdata->p_vaddr+ 0xfff) & 0xfffff000;
+ bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
+ if (bss > len)
+- do_brk(len, bss-len);
++ do_brk_locked(len, bss-len);
+ kfree(elf_phdata);
+ return 0;
+ }
+diff -ur linux-2.6.10/arch/sparc64/kernel/binfmt_aout32.c linux-2.6.10.plasmaroo/arch/sparc64/kernel/binfmt_aout32.c
+--- linux-2.6.10/arch/sparc64/kernel/binfmt_aout32.c 2004-12-24 21:34:45.000000000 +0000
++++ linux-2.6.10.plasmaroo/arch/sparc64/kernel/binfmt_aout32.c 2005-01-07 15:36:00.432349352 +0000
+@@ -49,7 +49,7 @@
+ end = PAGE_ALIGN(end);
+ if (end <= start)
+ return;
+- do_brk(start, end - start);
++ do_brk_locked(start, end - start);
+ }
+
+ /*
+@@ -246,10 +246,10 @@
+ if (N_MAGIC(ex) == NMAGIC) {
+ loff_t pos = fd_offset;
+ /* Fuck me plenty... */
+- error = do_brk(N_TXTADDR(ex), ex.a_text);
++ error = do_brk_locked(N_TXTADDR(ex), ex.a_text);
+ bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex),
+ ex.a_text, &pos);
+- error = do_brk(N_DATADDR(ex), ex.a_data);
++ error = do_brk_locked(N_DATADDR(ex), ex.a_data);
+ bprm->file->f_op->read(bprm->file, (char __user *)N_DATADDR(ex),
+ ex.a_data, &pos);
+ goto beyond_if;
+@@ -257,7 +257,7 @@
+
+ if (N_MAGIC(ex) == OMAGIC) {
+ loff_t pos = fd_offset;
+- do_brk(N_TXTADDR(ex) & PAGE_MASK,
++ do_brk_locked(N_TXTADDR(ex) & PAGE_MASK,
+ ex.a_text+ex.a_data + PAGE_SIZE - 1);
+ bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex),
+ ex.a_text+ex.a_data, &pos);
+@@ -272,7 +272,7 @@
+
+ if (!bprm->file->f_op->mmap) {
+ loff_t pos = fd_offset;
+- do_brk(0, ex.a_text+ex.a_data);
++ do_brk_locked(0, ex.a_text+ex.a_data);
+ bprm->file->f_op->read(bprm->file,
+ (char __user *)N_TXTADDR(ex),
+ ex.a_text+ex.a_data, &pos);
+@@ -389,7 +389,7 @@
+ len = PAGE_ALIGN(ex.a_text + ex.a_data);
+ bss = ex.a_text + ex.a_data + ex.a_bss;
+ if (bss > len) {
+- error = do_brk(start_addr + len, bss - len);
++ error = do_brk_locked(start_addr + len, bss - len);
+ retval = error;
+ if (error != start_addr + len)
+ goto out;
+diff -Nur linux-2.6.10/arch/x86_64/ia32/ia32_aout.c linux-2.6.10.plasmaroo/arch/x86_64/ia32/ia32_aout.c
+--- linux-2.6.10/arch/x86_64/ia32/ia32_aout.c 2005-01-03 16:17:04.000000000 -0200
++++ linux-2.6.10.plasmaroo/arch/x86_64/ia32/ia32_aout.c 2005-01-03 16:46:53.846823360 -0200
+@@ -115,7 +115,7 @@
+ end = PAGE_ALIGN(end);
+ if (end <= start)
+ return;
+- do_brk(start, end - start);
++ do_brk_locked(start, end - start);
+ }
+
+ #if CORE_DUMP
+@@ -325,7 +325,7 @@
+ pos = 32;
+ map_size = ex.a_text+ex.a_data;
+
+- error = do_brk(text_addr & PAGE_MASK, map_size);
++ error = do_brk_locked(text_addr & PAGE_MASK, map_size);
+ if (error != (text_addr & PAGE_MASK)) {
+ send_sig(SIGKILL, current, 0);
+ return error;
+@@ -361,7 +361,7 @@
+
+ if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) {
+ loff_t pos = fd_offset;
+- do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);
++ do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data);
+ bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex),
+ ex.a_text+ex.a_data, &pos);
+ flush_icache_range((unsigned long) N_TXTADDR(ex),
+@@ -470,7 +470,7 @@
+ }
+ #endif
+
+- do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);
++ do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss);
+
+ file->f_op->read(file, (char *)start_addr,
+ ex.a_text + ex.a_data, &pos);
+@@ -494,7 +494,7 @@
+ len = PAGE_ALIGN(ex.a_text + ex.a_data);
+ bss = ex.a_text + ex.a_data + ex.a_bss;
+ if (bss > len) {
+- error = do_brk(start_addr + len, bss - len);
++ error = do_brk_locked(start_addr + len, bss - len);
+ retval = error;
+ if (error != start_addr + len)
+ goto out;
+diff -ur linux-2.6.10/fs/binfmt_aout.c linux-2.6.10.plasmaroo/fs/binfmt_aout.c
+--- linux-2.6.10/fs/binfmt_aout.c 2004-12-24 21:35:50.000000000 +0000
++++ linux-2.6.10.plasmaroo/fs/binfmt_aout.c 2005-01-07 15:36:00.000000000 +0000
+@@ -50,7 +50,7 @@
+ start = PAGE_ALIGN(start);
+ end = PAGE_ALIGN(end);
+ if (end > start) {
+- unsigned long addr = do_brk(start, end - start);
++ unsigned long addr = do_brk_locked(start, end - start);
+ if (BAD_ADDR(addr))
+ return addr;
+ }
+@@ -323,10 +323,10 @@
+ loff_t pos = fd_offset;
+ /* Fuck me plenty... */
+ /* <AOL></AOL> */
+- error = do_brk(N_TXTADDR(ex), ex.a_text);
++ error = do_brk_locked(N_TXTADDR(ex), ex.a_text);
+ bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex),
+ ex.a_text, &pos);
+- error = do_brk(N_DATADDR(ex), ex.a_data);
++ error = do_brk_locked(N_DATADDR(ex), ex.a_data);
+ bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex),
+ ex.a_data, &pos);
+ goto beyond_if;
+@@ -347,7 +347,7 @@
+ map_size = ex.a_text+ex.a_data;
+ #endif
+
+- error = do_brk(text_addr & PAGE_MASK, map_size);
++ error = do_brk_locked(text_addr & PAGE_MASK, map_size);
+ if (error != (text_addr & PAGE_MASK)) {
+ send_sig(SIGKILL, current, 0);
+ return error;
+@@ -382,7 +382,7 @@
+
+ if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) {
+ loff_t pos = fd_offset;
+- do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);
++ do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data);
+ bprm->file->f_op->read(bprm->file,
+ (char __user *)N_TXTADDR(ex),
+ ex.a_text+ex.a_data, &pos);
+@@ -488,7 +488,7 @@
+ error_time = jiffies;
+ }
+
+- do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);
++ do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss);
+
+ file->f_op->read(file, (char __user *)start_addr,
+ ex.a_text + ex.a_data, &pos);
+@@ -512,7 +512,7 @@
+ len = PAGE_ALIGN(ex.a_text + ex.a_data);
+ bss = ex.a_text + ex.a_data + ex.a_bss;
+ if (bss > len) {
+- error = do_brk(start_addr + len, bss - len);
++ error = do_brk_locked(start_addr + len, bss - len);
+ retval = error;
+ if (error != start_addr + len)
+ goto out;
+diff -ur linux-2.6.10/fs/binfmt_elf.c linux-2.6.10.plasmaroo/fs/binfmt_elf.c
+--- linux-2.6.10/fs/binfmt_elf.c 2004-12-24 21:34:33.000000000 +0000
++++ linux-2.6.10.plasmaroo/fs/binfmt_elf.c 2005-01-07 15:36:00.000000000 +0000
+@@ -88,7 +88,7 @@
+ start = ELF_PAGEALIGN(start);
+ end = ELF_PAGEALIGN(end);
+ if (end > start) {
+- unsigned long addr = do_brk(start, end - start);
++ unsigned long addr = do_brk_locked(start, end - start);
+ if (BAD_ADDR(addr))
+ return addr;
+ }
+@@ -408,7 +408,7 @@
+
+ /* Map the last of the bss segment */
+ if (last_bss > elf_bss) {
+- error = do_brk(elf_bss, last_bss - elf_bss);
++ error = do_brk_locked(elf_bss, last_bss - elf_bss);
+ if (BAD_ADDR(error))
+ goto out_close;
+ }
+@@ -448,7 +448,7 @@
+ goto out;
+ }
+
+- do_brk(0, text_data);
++ do_brk_locked(0, text_data);
+ if (!interpreter->f_op || !interpreter->f_op->read)
+ goto out;
+ if (interpreter->f_op->read(interpreter, addr, text_data, &offset) < 0)
+@@ -456,7 +456,7 @@
+ flush_icache_range((unsigned long)addr,
+ (unsigned long)addr + text_data);
+
+- do_brk(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1),
++ do_brk_locked(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1),
+ interp_ex->a_bss);
+ elf_entry = interp_ex->a_entry;
+
+@@ -1025,7 +1025,7 @@
+ len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1);
+ bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
+ if (bss > len)
+- do_brk(len, bss - len);
++ do_brk_locked(len, bss - len);
+ error = 0;
+
+ out_free_ph:
+diff -ur linux-2.6.10/include/linux/mm.h linux-2.6.10.plasmaroo/include/linux/mm.h
+--- linux-2.6.10/include/linux/mm.h 2004-12-24 21:33:50.000000000 +0000
++++ linux-2.6.10.plasmaroo/include/linux/mm.h 2005-01-07 15:36:00.000000000 +0000
+@@ -704,6 +704,7 @@
+ extern int do_munmap(struct mm_struct *, unsigned long, size_t);
+
+ extern unsigned long do_brk(unsigned long, unsigned long);
++extern unsigned long do_brk_locked(unsigned long, unsigned long);
+
+ /* filemap.c */
+ extern unsigned long page_unuse(struct page *);
+diff -ur linux-2.6.10/mm/mmap.c linux-2.6.10.plasmaroo/mm/mmap.c
+--- linux-2.6.10/mm/mmap.c 2004-12-24 21:35:00.000000000 +0000
++++ linux-2.6.10.plasmaroo/mm/mmap.c 2005-01-07 15:36:04.000000000 +0000
+@@ -1826,6 +1826,20 @@
+
+ EXPORT_SYMBOL(do_brk);
+
++/* locking version of do_brk. */
++unsigned long do_brk_locked(unsigned long addr, unsigned long len)
++{
++ unsigned long ret;
++
++ down_write(&current->mm->mmap_sem);
++ ret = do_brk(addr, len);
++ up_write(&current->mm->mmap_sem);
++
++ return ret;
++}
++
++EXPORT_SYMBOL(do_brk_locked);
++
+ /* Release all mmaps. */
+ void exit_mmap(struct mm_struct *mm)
+ {
+@@ -1952,3 +1966,4 @@
+ }
+ return new_vma;
+ }
++
+diff -ur linux-2.6.10/mm/nommu.c linux-2.6.10.plasmaroo/mm/nommu.c
+--- linux-2.6.10/mm/nommu.c 2004-12-24 21:35:25.000000000 +0000
++++ linux-2.6.10.plasmaroo/mm/nommu.c 2005-01-07 15:30:24.000000000 +0000
+@@ -557,6 +557,11 @@
+ return -ENOMEM;
+ }
+
++unsigned long do_brk_locked(unsigned long addr, unsigned long len)
++{
++ return -ENOMEM;
++}
++
+ struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long addr)
+ {
+ return NULL;
diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.smbfs.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.smbfs.patch
index 99401cf93a0e..f10cfedfab16 100644
--- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.smbfs.patch
+++ b/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.smbfs.patch
@@ -38,15 +38,7 @@ diff -urN linux-2.6.8.1/fs/smbfs/request.c linux-2.6.8.1.plasmaroo/fs/smbfs/requ
+ goto out_bad_data;
return 0;
}
-
-@@ -634,6 +642,7 @@
- req->rq_trans2buffer = smb_kmalloc(buf_len, GFP_NOFS);
- if (!req->rq_trans2buffer)
- goto out_no_mem;
-+ memset(req->rq_trans2buffer, 0, buf_len);
-
- req->rq_parm = req->rq_trans2buffer;
- req->rq_data = req->rq_trans2buffer + parm_tot;
+
@@ -643,8 +652,12 @@
if (parm_disp + parm_count > req->rq_total_parm)
@@ -60,19 +52,6 @@ diff -urN linux-2.6.8.1/fs/smbfs/request.c linux-2.6.8.1.plasmaroo/fs/smbfs/requ
inbuf = req->rq_buffer;
memcpy(req->rq_parm + parm_disp, inbuf + parm_offset, parm_count);
-@@ -657,8 +670,11 @@
- * Check whether we've received all of the data. Note that
- * we use the packet totals -- total lengths might shrink!
- */
-- if (req->rq_ldata >= data_tot && req->rq_lparm >= parm_tot)
-+ if (req->rq_ldata >= data_tot && req->rq_lparm >= parm_tot) {
-+ req->rq_ldata = data_tot;
-+ req->rq_lparm = parm_tot;
- return 0;
-+ }
- return 1;
-
- out_too_long:
@@ -676,13 +692,13 @@
req->rq_errno = -EIO;
goto out;
diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.7.cmdlineLeak.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.7.cmdlineLeak.patch
deleted file mode 100644
index 763f0cf64449..000000000000
--- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.7.cmdlineLeak.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- linux-2.6.7/fs/proc/base.c~ 2004-08-05 10:35:04.411443536 +0200
-+++ linux-2.6.7/fs/proc/base.c 2004-08-05 10:35:04.412443384 +0200
-@@ -330,6 +330,9 @@
- if (!mm)
- goto out;
-
-+ if (!mm->arg_end)
-+ goto out;
-+
- len = mm->arg_end - mm->arg_start;
-
- if (len > PAGE_SIZE)
diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.AF_UNIX.SELinux.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.AF_UNIX.SELinux.patch
deleted file mode 100644
index dbb8b2329a28..000000000000
--- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.AF_UNIX.SELinux.patch
+++ /dev/null
@@ -1,61 +0,0 @@
---- a/net/unix/af_unix.c 2004-10-18 22:54:37.000000000 +0100
-+++ b/net/unix/af_unix.c 2004-12-19 18:33:12.000000000 +0000
-@@ -477,6 +477,8 @@
- struct msghdr *, size_t, int);
- static int unix_dgram_connect(struct socket *, struct sockaddr *,
- int, int);
-+static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *,
-+ struct msghdr *, size_t);
-
- static struct proto_ops unix_stream_ops = {
- .family = PF_UNIX,
-@@ -535,7 +537,7 @@
- .shutdown = unix_shutdown,
- .setsockopt = sock_no_setsockopt,
- .getsockopt = sock_no_getsockopt,
-- .sendmsg = unix_dgram_sendmsg,
-+ .sendmsg = unix_seqpacket_sendmsg,
- .recvmsg = unix_dgram_recvmsg,
- .mmap = sock_no_mmap,
- .sendpage = sock_no_sendpage,
-@@ -1365,9 +1367,11 @@
- if (other->sk_shutdown & RCV_SHUTDOWN)
- goto out_unlock;
-
-- err = security_unix_may_send(sk->sk_socket, other->sk_socket);
-- if (err)
-- goto out_unlock;
-+ if (sk->sk_type != SOCK_SEQPACKET) {
-+ err = security_unix_may_send(sk->sk_socket, other->sk_socket);
-+ if (err)
-+ goto out_unlock;
-+ }
-
- if (unix_peer(other) != sk &&
- (skb_queue_len(&other->sk_receive_queue) >
-@@ -1517,6 +1521,25 @@
- return sent ? : err;
- }
-
-+static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock,
-+ struct msghdr *msg, size_t len)
-+{
-+ int err;
-+ struct sock *sk = sock->sk;
-+
-+ err = sock_error(sk);
-+ if (err)
-+ return err;
-+
-+ if (sk->sk_state != TCP_ESTABLISHED)
-+ return -ENOTCONN;
-+
-+ if (msg->msg_namelen)
-+ msg->msg_namelen = 0;
-+
-+ return unix_dgram_sendmsg(kiocb, sock, msg, len);
-+}
-+
- static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
- {
- struct unix_sock *u = unix_sk(sk);
diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.AF_UNIX.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.AF_UNIX.patch
deleted file mode 100644
index a95e94fd9362..000000000000
--- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.AF_UNIX.patch
+++ /dev/null
@@ -1,24 +0,0 @@
---- linux-2.6.9/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00
-+++ linux-2.6.9.plasmaroo/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00
-@@ -1535,9 +1535,11 @@
-
- msg->msg_namelen = 0;
-
-+ down(&u->readsem);
-+
- skb = skb_recv_datagram(sk, flags, noblock, &err);
- if (!skb)
-- goto out;
-+ goto out_unlock;
-
- wake_up_interruptible(&u->peer_wait);
-
-@@ -1587,6 +1589,8 @@
-
- out_free:
- skb_free_datagram(sk,skb);
-+out_unlock:
-+ up(&u->readsem);
- out:
- return err;
- }
diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1016.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1016.patch
deleted file mode 100644
index aa25ac95ed61..000000000000
--- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1016.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-===== include/linux/socket.h 1.12 vs edited =====
---- 1.12/include/linux/socket.h 2004-09-09 06:40:01 +10:00
-+++ edited/include/linux/socket.h 2004-11-27 11:53:40 +11:00
-@@ -90,6 +90,10 @@
- (struct cmsghdr *)(ctl) : \
- (struct cmsghdr *)NULL)
- #define CMSG_FIRSTHDR(msg) __CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
-+#define CMSG_OK(mhdr, cmsg) ((cmsg)->cmsg_len >= sizeof(struct cmsghdr) && \
-+ (cmsg)->cmsg_len <= (unsigned long) \
-+ ((mhdr)->msg_controllen - \
-+ ((char *)(cmsg) - (char *)(mhdr)->msg_control)))
-
- /*
- * This mess will go away with glibc
-===== net/core/scm.c 1.10 vs edited =====
---- 1.10/net/core/scm.c 2004-05-31 05:08:14 +10:00
-+++ edited/net/core/scm.c 2004-11-27 11:48:55 +11:00
-@@ -127,9 +127,7 @@
- for too short ancillary data object at all! Oops.
- OK, let's add it...
- */
-- if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
-- (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
-- + cmsg->cmsg_len) > msg->msg_controllen)
-+ if (!CMSG_OK(msg, cmsg))
- goto error;
-
- if (cmsg->cmsg_level != SOL_SOCKET)
-===== net/ipv4/ip_sockglue.c 1.26 vs edited =====
---- 1.26/net/ipv4/ip_sockglue.c 2004-07-01 06:10:53 +10:00
-+++ edited/net/ipv4/ip_sockglue.c 2004-11-27 11:49:45 +11:00
-@@ -146,11 +146,8 @@
- struct cmsghdr *cmsg;
-
- for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
-- if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
-- (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
-- + cmsg->cmsg_len) > msg->msg_controllen) {
-+ if (!CMSG_OK(msg, cmsg))
- return -EINVAL;
-- }
- if (cmsg->cmsg_level != SOL_IP)
- continue;
- switch (cmsg->cmsg_type) {
-===== net/ipv6/datagram.c 1.20 vs edited =====
---- 1.20/net/ipv6/datagram.c 2004-11-10 17:57:03 +11:00
-+++ edited/net/ipv6/datagram.c 2004-11-27 11:51:15 +11:00
-@@ -427,9 +427,7 @@
- int addr_type;
- struct net_device *dev = NULL;
-
-- if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
-- (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
-- + cmsg->cmsg_len) > msg->msg_controllen) {
-+ if (!CMSG_OK(msg, cmsg)) {
- err = -EINVAL;
- goto exit_f;
- }
-===== net/sctp/socket.c 1.129 vs edited =====
---- 1.129/net/sctp/socket.c 2004-11-19 08:43:18 +11:00
-+++ edited/net/sctp/socket.c 2004-11-27 11:52:11 +11:00
-@@ -4098,12 +4098,8 @@
- for (cmsg = CMSG_FIRSTHDR(msg);
- cmsg != NULL;
- cmsg = CMSG_NXTHDR((struct msghdr*)msg, cmsg)) {
-- /* Check for minimum length. The SCM code has this check. */
-- if (cmsg->cmsg_len < sizeof(struct cmsghdr) ||
-- (unsigned long)(((char*)cmsg - (char*)msg->msg_control)
-- + cmsg->cmsg_len) > msg->msg_controllen) {
-+ if (!CMSG_OK(msg, cmsg))
- return -EINVAL;
-- }
-
- /* Should we parse this header or ignore? */
- if (cmsg->cmsg_level != IPPROTO_SCTP)
diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1137.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1137.patch
deleted file mode 100644
index 0a54680f6f4b..000000000000
--- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1137.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-# ChangeSet
-# 2004/12/14 11:06:25-08:00 chrisw@osdl.org
-# [IPV4/IPV6]: IGMP source filter fixes
-#
-# When adding or deleting from the source list make sure to find matches
-# by comparing against the new source address, not the group address.
-# Also, check each addr in the list rather than just the first one.
-# And, finally, only delete from list when there's a match rather than
-# vice-versa. Drop the effort to keep list sorted, since it's not done
-# on full-state api and can create an sl_addr entry that the delta api
-# won't be able to delete. Without these fixes sl_count can be corrupted
-# which can allow for kernel memory corruption.
-#
-# Signed-off-by: Chris Wright <chrisw@osdl.org>
-# Signed-off-by: David S. Miller <davem@davemloft.net>
-#
-diff -Nru a/net/ipv4/igmp.c b/net/ipv4/igmp.c
---- a/net/ipv4/igmp.c 2004-12-20 11:32:15 -08:00
-+++ b/net/ipv4/igmp.c 2004-12-20 11:32:15 -08:00
-@@ -1778,12 +1778,12 @@
- goto done;
- rv = !0;
- for (i=0; i<psl->sl_count; i++) {
-- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr,
-+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr,
- sizeof(__u32));
-- if (rv >= 0)
-+ if (rv == 0)
- break;
- }
-- if (!rv) /* source not found */
-+ if (rv) /* source not found */
- goto done;
-
- /* update the interface filter */
-@@ -1825,9 +1825,9 @@
- }
- rv = 1; /* > 0 for insert logic below if sl_count is 0 */
- for (i=0; i<psl->sl_count; i++) {
-- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr,
-+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr,
- sizeof(__u32));
-- if (rv >= 0)
-+ if (rv == 0)
- break;
- }
- if (rv == 0) /* address already there is an error */
-diff -Nru a/net/ipv6/mcast.c b/net/ipv6/mcast.c
---- a/net/ipv6/mcast.c 2004-12-20 11:32:15 -08:00
-+++ b/net/ipv6/mcast.c 2004-12-20 11:32:15 -08:00
-@@ -391,12 +391,12 @@
- goto done;
- rv = !0;
- for (i=0; i<psl->sl_count; i++) {
-- rv = memcmp(&psl->sl_addr, group,
-+ rv = memcmp(&psl->sl_addr[i], source,
- sizeof(struct in6_addr));
-- if (rv >= 0)
-+ if (rv == 0)
- break;
- }
-- if (!rv) /* source not found */
-+ if (rv) /* source not found */
- goto done;
-
- /* update the interface filter */
-@@ -437,8 +437,8 @@
- }
- rv = 1; /* > 0 for insert logic below if sl_count is 0 */
- for (i=0; i<psl->sl_count; i++) {
-- rv = memcmp(&psl->sl_addr, group, sizeof(struct in6_addr));
-- if (rv >= 0)
-+ rv = memcmp(&psl->sl_addr[i], source, sizeof(struct in6_addr));
-+ if (rv == 0)
- break;
- }
- if (rv == 0) /* address already there is an error */
diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1151.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1151.patch
deleted file mode 100644
index fc4289e4f444..000000000000
--- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1151.patch
+++ /dev/null
@@ -1,35 +0,0 @@
---- 1.74/arch/x86_64/ia32/sys_ia32.c 2004-12-19 10:58:02 -08:00
-+++ 1.75/arch/x86_64/ia32/sys_ia32.c 2004-12-19 10:58:02 -08:00
-@@ -525,11 +525,12 @@
- int sys32_ni_syscall(int call)
- {
- struct task_struct *me = current;
-- static char lastcomm[8];
-- if (strcmp(lastcomm, me->comm)) {
-- printk(KERN_INFO "IA32 syscall %d from %s not implemented\n", call,
-- current->comm);
-- strcpy(lastcomm, me->comm);
-+ static char lastcomm[sizeof(me->comm)];
-+
-+ if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) {
-+ printk(KERN_INFO "IA32 syscall %d from %s not implemented\n",
-+ call, me->comm);
-+ strncpy(lastcomm, me->comm, sizeof(lastcomm));
- }
- return -ENOSYS;
- }
-@@ -1125,11 +1126,11 @@
- long sys32_vm86_warning(void)
- {
- struct task_struct *me = current;
-- static char lastcomm[8];
-- if (strcmp(lastcomm, me->comm)) {
-+ static char lastcomm[sizeof(me->comm)];
-+ if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) {
- printk(KERN_INFO "%s: vm86 mode not supported on 64 bit kernel\n",
- me->comm);
-- strcpy(lastcomm, me->comm);
-+ strncpy(lastcomm, me->comm, sizeof(lastcomm));
- }
- return -ENOSYS;
- }
diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.binfmt_a.out.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.binfmt_a.out.patch
deleted file mode 100644
index 89665ce8db42..000000000000
--- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.binfmt_a.out.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-diff -Nru linux-2.6.9/fs/exec.c linux-2.6.9.plasmaroo/fs/exec.c
---- linux-2.6.9/fs/exec.c 2004-11-27 08:30:03 -08:00
-+++ linux-2.6.9.plasmaroo/fs/exec.c 2004-11-27 08:30:03 -08:00
-@@ -413,6 +413,7 @@
-
- down_write(&mm->mmap_sem);
- {
-+ struct vm_area_struct *vma;
- mpnt->vm_mm = mm;
- #ifdef CONFIG_STACK_GROWSUP
- mpnt->vm_start = stack_base;
-@@ -433,6 +434,12 @@
- mpnt->vm_flags = VM_STACK_FLAGS;
- mpnt->vm_flags |= mm->def_flags;
- mpnt->vm_page_prot = protection_map[mpnt->vm_flags & 0x7];
-+ vma = find_vma(mm, mpnt->vm_start);
-+ if (vma) {
-+ up_write(&mm->mmap_sem);
-+ kmem_cache_free(vm_area_cachep, mpnt);
-+ return -ENOMEM;
-+ }
- insert_vm_struct(mm, mpnt);
- mm->stack_vm = mm->total_vm = vma_pages(mpnt);
- }
-diff -Nru linux-2.6.9/fs/binfmt_aout.c linux-2.6.9.plasmaroo/fs/binfmt_aout.c
---- linux-2.6.9/fs/binfmt_aout.c 2004-11-27 08:31:43 -08:00
-+++ linux-2.6.9.plasmaroo/fs/binfmt_aout.c 2004-11-27 08:31:43 -08:00
-@@ -43,13 +43,18 @@
- .min_coredump = PAGE_SIZE
- };
-
--static void set_brk(unsigned long start, unsigned long end)
-+#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
-+
-+static int set_brk(unsigned long start, unsigned long end)
- {
- start = PAGE_ALIGN(start);
- end = PAGE_ALIGN(end);
-- if (end <= start)
-- return;
-- do_brk(start, end - start);
-+ if (end > start) {
-+ unsigned long addr = do_brk(start, end - start);
-+ if (BAD_ADDR(addr))
-+ return addr;
-+ }
-+ return 0;
- }
-
- /*
-@@ -413,7 +418,11 @@
- beyond_if:
- set_binfmt(&aout_format);
-
-- set_brk(current->mm->start_brk, current->mm->brk);
-+ retval = set_brk(current->mm->start_brk, current->mm->brk);
-+ if (retval < 0) {
-+ send_sig(SIGKILL, current, 0);
-+ return retval;
-+ }
-
- retval = setup_arg_pages(bprm, EXSTACK_DEFAULT);
- if (retval < 0) {
diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.binfmt_elf.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.binfmt_elf.patch
deleted file mode 100644
index 87d05e7b5fa4..000000000000
--- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.binfmt_elf.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-diff -ur linux-2.6.8.1/fs/binfmt_elf.c linux-2.6.8.1.plasmaroo/fs/binfmt_elf.c
---- linux-2.6.8.1/fs/binfmt_elf.c 2004-08-14 11:55:23.000000000 +0100
-+++ linux-2.6.8.1.plasmaroo/fs/binfmt_elf.c 2004-11-19 23:07:08.375429000 +0000
-@@ -334,9 +334,12 @@
- goto out;
-
- retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size);
-- error = retval;
-- if (retval < 0)
-+ error = -EIO;
-+ if (retval != size) {
-+ if (retval < 0)
-+ error = retval;
- goto out_close;
-+ }
-
- eppnt = elf_phdata;
- for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) {
-@@ -523,8 +526,11 @@
- goto out;
-
- retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size);
-- if (retval < 0)
-+ if (retval != size) {
-+ if (retval >= 0)
-+ retval = -EIO;
- goto out_free_ph;
-+ }
-
- files = current->files; /* Refcounted so ok */
- retval = unshare_files();
-@@ -561,7 +567,8 @@
- */
-
- retval = -ENOMEM;
-- if (elf_ppnt->p_filesz > PATH_MAX)
-+ if (elf_ppnt->p_filesz > PATH_MAX ||
-+ elf_ppnt->p_filesz == 0)
- goto out_free_file;
- elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz,
- GFP_KERNEL);
-@@ -571,8 +578,16 @@
- retval = kernel_read(bprm->file, elf_ppnt->p_offset,
- elf_interpreter,
- elf_ppnt->p_filesz);
-- if (retval < 0)
-+ if (retval != elf_ppnt->p_filesz) {
-+ if (retval >= 0)
-+ retval = -EIO;
- goto out_free_interp;
-+ }
-+ /* make sure path is NULL terminated */
-+ retval = -EINVAL;
-+ if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
-+ goto out_free_interp;
-+
- /* If the program interpreter is one of these two,
- * then assume an iBCS2 image. Otherwise assume
- * a native linux image.
-@@ -607,8 +622,11 @@
- if (IS_ERR(interpreter))
- goto out_free_interp;
- retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE);
-- if (retval < 0)
-+ if (retval != BINPRM_BUF_SIZE) {
-+ if (retval >= 0)
-+ retval = -EIO;
- goto out_free_dentry;
-+ }
-
- /* Get the exec headers */
- interp_ex = *((struct exec *) bprm->buf);
-@@ -765,8 +783,10 @@
- }
-
- error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags);
-- if (BAD_ADDR(error))
-- continue;
-+ if (BAD_ADDR(error)) {
-+ send_sig(SIGKILL, current, 0);
-+ goto out_free_dentry;
-+ }
-
- if (!load_addr_set) {
- load_addr_set = 1;
diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.devPtmx.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.devPtmx.patch
deleted file mode 100644
index 2312a2bf5e3b..000000000000
--- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.devPtmx.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Index: linux-2.6.5/fs/devpts/inode.c
-===================================================================
---- linux-2.6.5.orig/fs/devpts/inode.c
-+++ linux-2.6.5/fs/devpts/inode.c
-@@ -178,9 +178,13 @@ struct tty_struct *devpts_get_tty(int nu
- {
- struct dentry *dentry = get_node(number);
- struct tty_struct *tty;
--
-- tty = (IS_ERR(dentry) || !dentry->d_inode) ? NULL :
-- dentry->d_inode->u.generic_ip;
-+
-+ tty = NULL;
-+ if (!IS_ERR(dentry)) {
-+ if (dentry->d_inode)
-+ tty = dentry->d_inode->u.generic_ip;
-+ dput(dentry);
-+ }
-
- up(&devpts_root->d_inode->i_sem);
-
diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.vma.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.vma.patch
deleted file mode 100644
index 53ca070ca333..000000000000
--- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.vma.patch
+++ /dev/null
@@ -1,205 +0,0 @@
-diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/arch/ia64/ia32/binfmt_elf32.c linux-dsd/arch/ia64/ia32/binfmt_elf32.c
---- linux-2.6.8-gentoo-r11/arch/ia64/ia32/binfmt_elf32.c 2004-08-14 06:37:42.000000000 +0100
-+++ linux-dsd/arch/ia64/ia32/binfmt_elf32.c 2004-12-03 01:22:18.416099008 +0000
-@@ -84,7 +84,11 @@ ia64_elf32_init (struct pt_regs *regs)
- vma->vm_ops = &ia32_shared_page_vm_ops;
- down_write(&current->mm->mmap_sem);
- {
-- insert_vm_struct(current->mm, vma);
-+ if (insert_vm_struct(current->mm, vma)) {
-+ kmem_cache_free(vm_area_cachep, vma);
-+ up_write(&current->mm->mmap_sem);
-+ return;
-+ }
- }
- up_write(&current->mm->mmap_sem);
- }
-@@ -103,7 +107,11 @@ ia64_elf32_init (struct pt_regs *regs)
- vma->vm_flags = VM_READ|VM_WRITE|VM_MAYREAD|VM_MAYWRITE;
- down_write(&current->mm->mmap_sem);
- {
-- insert_vm_struct(current->mm, vma);
-+ if (insert_vm_struct(current->mm, vma)) {
-+ kmem_cache_free(vm_area_cachep, vma);
-+ up_write(&current->mm->mmap_sem);
-+ return;
-+ }
- }
- up_write(&current->mm->mmap_sem);
- }
-@@ -151,7 +159,7 @@ ia32_setup_arg_pages (struct linux_binpr
- unsigned long stack_base;
- struct vm_area_struct *mpnt;
- struct mm_struct *mm = current->mm;
-- int i;
-+ int i, ret;
-
- stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;
- mm->arg_start = bprm->p + stack_base;
-@@ -186,7 +194,11 @@ ia32_setup_arg_pages (struct linux_binpr
- mpnt->vm_flags = VM_STACK_FLAGS;
- mpnt->vm_page_prot = (mpnt->vm_flags & VM_EXEC)?
- PAGE_COPY_EXEC: PAGE_COPY;
-- insert_vm_struct(current->mm, mpnt);
-+ if ((ret = insert_vm_struct(current->mm, mpnt))) {
-+ up_write(&current->mm->mmap_sem);
-+ kmem_cache_free(vm_area_cachep, mpnt);
-+ return ret;
-+ }
- current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
- }
-
-diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/arch/ia64/mm/init.c linux-dsd/arch/ia64/mm/init.c
---- linux-2.6.8-gentoo-r11/arch/ia64/mm/init.c 2004-08-14 06:36:56.000000000 +0100
-+++ linux-dsd/arch/ia64/mm/init.c 2004-12-03 01:20:32.714168144 +0000
-@@ -131,7 +131,13 @@ ia64_init_addr_space (void)
- vma->vm_end = vma->vm_start + PAGE_SIZE;
- vma->vm_page_prot = protection_map[VM_DATA_DEFAULT_FLAGS & 0x7];
- vma->vm_flags = VM_DATA_DEFAULT_FLAGS | VM_GROWSUP;
-- insert_vm_struct(current->mm, vma);
-+ down_write(&current->mm->mmap_sem);
-+ if (insert_vm_struct(current->mm, vma)) {
-+ up_write(&current->mm->mmap_sem);
-+ kmem_cache_free(vm_area_cachep, vma);
-+ return;
-+ }
-+ up_write(&current->mm->mmap_sem);
- }
-
- /* map NaT-page at address zero to speed up speculative dereferencing of NULL: */
-@@ -143,7 +149,13 @@ ia64_init_addr_space (void)
- vma->vm_end = PAGE_SIZE;
- vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT);
- vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO | VM_RESERVED;
-- insert_vm_struct(current->mm, vma);
-+ down_write(&current->mm->mmap_sem);
-+ if (insert_vm_struct(current->mm, vma)) {
-+ up_write(&current->mm->mmap_sem);
-+ kmem_cache_free(vm_area_cachep, vma);
-+ return;
-+ }
-+ up_write(&current->mm->mmap_sem);
- }
- }
- }
-diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/arch/s390/kernel/compat_exec.c linux-dsd/arch/s390/kernel/compat_exec.c
---- linux-2.6.8-gentoo-r11/arch/s390/kernel/compat_exec.c 2004-08-14 06:37:40.000000000 +0100
-+++ linux-dsd/arch/s390/kernel/compat_exec.c 2004-12-03 01:23:39.196818472 +0000
-@@ -39,7 +39,7 @@ int setup_arg_pages32(struct linux_binpr
- unsigned long stack_base;
- struct vm_area_struct *mpnt;
- struct mm_struct *mm = current->mm;
-- int i;
-+ int i, ret;
-
- stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE;
- mm->arg_start = bprm->p + stack_base;
-@@ -68,7 +68,11 @@ int setup_arg_pages32(struct linux_binpr
- /* executable stack setting would be applied here */
- mpnt->vm_page_prot = PAGE_COPY;
- mpnt->vm_flags = VM_STACK_FLAGS;
-- insert_vm_struct(mm, mpnt);
-+ if ((ret = insert_vm_struct(mm, mpnt))) {
-+ up_write(&mm->mmap_sem);
-+ kmem_cache_free(vm_area_cachep, mpnt);
-+ return ret;
-+ }
- mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
- }
-
-diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/arch/x86_64/ia32/ia32_binfmt.c linux-dsd/arch/x86_64/ia32/ia32_binfmt.c
---- linux-2.6.8-gentoo-r11/arch/x86_64/ia32/ia32_binfmt.c 2004-08-14 06:36:12.000000000 +0100
-+++ linux-dsd/arch/x86_64/ia32/ia32_binfmt.c 2004-12-03 01:25:24.771768640 +0000
-@@ -330,7 +330,7 @@ int setup_arg_pages(struct linux_binprm
- unsigned long stack_base;
- struct vm_area_struct *mpnt;
- struct mm_struct *mm = current->mm;
-- int i;
-+ int i, ret;
-
- stack_base = IA32_STACK_TOP - MAX_ARG_PAGES * PAGE_SIZE;
- mm->arg_start = bprm->p + stack_base;
-@@ -364,7 +364,11 @@ int setup_arg_pages(struct linux_binprm
- mpnt->vm_flags = vm_stack_flags32;
- mpnt->vm_page_prot = (mpnt->vm_flags & VM_EXEC) ?
- PAGE_COPY_EXEC : PAGE_COPY;
-- insert_vm_struct(mm, mpnt);
-+ if ((ret = insert_vm_struct(mm, mpnt))) {
-+ up_write(&mm->mmap_sem);
-+ kmem_cache_free(vm_area_cachep, mpnt);
-+ return ret;
-+ }
- mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
- }
-
-diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/fs/exec.c linux-dsd/fs/exec.c
---- linux-2.6.8-gentoo-r11/fs/exec.c 2004-12-03 01:13:58.502097488 +0000
-+++ linux-dsd/fs/exec.c 2004-12-03 01:26:47.749154160 +0000
-@@ -341,7 +341,7 @@ int setup_arg_pages(struct linux_binprm
- unsigned long stack_base;
- struct vm_area_struct *mpnt;
- struct mm_struct *mm = current->mm;
-- int i;
-+ int i, ret;
- long arg_size;
-
- #ifdef CONFIG_STACK_GROWSUP
-@@ -412,7 +412,6 @@ int setup_arg_pages(struct linux_binprm
-
- down_write(&mm->mmap_sem);
- {
-- struct vm_area_struct *vma;
- mpnt->vm_mm = mm;
- #ifdef CONFIG_STACK_GROWSUP
- mpnt->vm_start = stack_base;
-@@ -433,13 +432,11 @@ int setup_arg_pages(struct linux_binprm
- mpnt->vm_flags = VM_STACK_FLAGS;
- mpnt->vm_flags |= mm->def_flags;
- mpnt->vm_page_prot = protection_map[mpnt->vm_flags & 0x7];
-- vma = find_vma(mm, mpnt->vm_start);
-- if (vma) {
-+ if ((ret = insert_vm_struct(mm, mpnt))) {
- up_write(&mm->mmap_sem);
- kmem_cache_free(vm_area_cachep, mpnt);
-- return -ENOMEM;
-+ return ret;
- }
-- insert_vm_struct(mm, mpnt);
- mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT;
- }
-
-diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/include/linux/mm.h linux-dsd/include/linux/mm.h
---- linux-2.6.8-gentoo-r11/include/linux/mm.h 2004-08-14 06:36:13.000000000 +0100
-+++ linux-dsd/include/linux/mm.h 2004-12-03 01:20:32.718167536 +0000
-@@ -624,7 +624,7 @@ extern struct vm_area_struct *vma_merge(
- extern struct anon_vma *find_mergeable_anon_vma(struct vm_area_struct *);
- extern int split_vma(struct mm_struct *,
- struct vm_area_struct *, unsigned long addr, int new_below);
--extern void insert_vm_struct(struct mm_struct *, struct vm_area_struct *);
-+extern int insert_vm_struct(struct mm_struct *, struct vm_area_struct *);
- extern void __vma_link_rb(struct mm_struct *, struct vm_area_struct *,
- struct rb_node **, struct rb_node *);
- extern struct vm_area_struct *copy_vma(struct vm_area_struct **,
-diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/mm/mmap.c linux-dsd/mm/mmap.c
---- linux-2.6.8-gentoo-r11/mm/mmap.c 2004-08-14 06:37:15.000000000 +0100
-+++ linux-dsd/mm/mmap.c 2004-12-03 01:20:32.720167232 +0000
-@@ -1740,7 +1740,7 @@ void exit_mmap(struct mm_struct *mm)
- * and into the inode's i_mmap tree. If vm_file is non-NULL
- * then i_mmap_lock is taken here.
- */
--void insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
-+int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
- {
- struct vm_area_struct * __vma, * prev;
- struct rb_node ** rb_link, * rb_parent;
-@@ -1763,8 +1763,9 @@ void insert_vm_struct(struct mm_struct *
- }
- __vma = find_vma_prepare(mm,vma->vm_start,&prev,&rb_link,&rb_parent);
- if (__vma && __vma->vm_start < vma->vm_end)
-- BUG();
-+ return -ENOMEM;
- vma_link(mm, vma, prev, rb_link, rb_parent);
-+ return 0;
- }
-
- /*