diff options
author | Tim Yamin <plasmaroo@gentoo.org> | 2005-01-09 17:03:25 +0000 |
---|---|---|
committer | Tim Yamin <plasmaroo@gentoo.org> | 2005-01-09 17:03:25 +0000 |
commit | 4b4d8dfdea941a87e43e95cbf3677b3eeff6ce70 (patch) | |
tree | 785ad2057b0695dadbe79ada3c0f8878bf145e40 /sys-kernel/xbox-sources/files | |
parent | ChangeLog fix. (diff) | |
download | historical-4b4d8dfdea941a87e43e95cbf3677b3eeff6ce70.tar.gz historical-4b4d8dfdea941a87e43e95cbf3677b3eeff6ce70.tar.bz2 historical-4b4d8dfdea941a87e43e95cbf3677b3eeff6ce70.zip |
Security bump; fixes bugs #75963, #77025 and #77094.
Diffstat (limited to 'sys-kernel/xbox-sources/files')
19 files changed, 758 insertions, 683 deletions
diff --git a/sys-kernel/xbox-sources/files/digest-xbox-sources-2.4.28-r2 b/sys-kernel/xbox-sources/files/digest-xbox-sources-2.4.28-r3 index 44a45c606aa5..44a45c606aa5 100644 --- a/sys-kernel/xbox-sources/files/digest-xbox-sources-2.4.28-r2 +++ b/sys-kernel/xbox-sources/files/digest-xbox-sources-2.4.28-r3 diff --git a/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.10 b/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.10-r1 index c6801f17ace1..c6801f17ace1 100644 --- a/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.10 +++ b/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.10-r1 diff --git a/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.8.1-r8 b/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.8.1-r8 deleted file mode 100644 index 088326d79b41..000000000000 --- a/sys-kernel/xbox-sources/files/digest-xbox-sources-2.6.8.1-r8 +++ /dev/null @@ -1,3 +0,0 @@ -MD5 9517ca999e822b898fbdc7e72796b1aa linux-2.6.8.1.tar.bz2 35628066 -MD5 8b6d38cf36d9ef869e41761e3165b64a xboxpatches-2.6.8.1-20041104-r1.tar.bz2 155759 -MD5 a982d764db8b017f67f9d74912c15b41 linux-2.6.8.1-CAN-2004-0814.patch 130062 diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.4.28.77094.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.4.28.77094.patch new file mode 100644 index 000000000000..cc3a1552c83d --- /dev/null +++ b/sys-kernel/xbox-sources/files/xbox-sources-2.4.28.77094.patch @@ -0,0 +1,12 @@ +diff -ur linux-2.4.28/drivers/char/random.c linux-2.4.28.plasmaroo/drivers/char/random.c +--- linux-2.4.28/drivers/char/random.c 2004-11-17 11:54:21.000000000 +0000 ++++ linux-2.4.28.plasmaroo/drivers/char/random.c 2005-01-08 02:54:49.198635736 +0000 +@@ -1787,7 +1787,7 @@ + void *oldval, size_t *oldlenp, + void *newval, size_t newlen, void **context) + { +- int len; ++ size_t len; + + sysctl_poolsize = random_state->poolinfo.POOLBYTES; + diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.4.28.brk-locked.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.4.28.brk-locked.patch new file mode 100644 index 000000000000..1e1c198fd69d --- /dev/null +++ b/sys-kernel/xbox-sources/files/xbox-sources-2.4.28.brk-locked.patch @@ -0,0 +1,247 @@ +diff -ur linux-2.4.28-gentoo-r4/arch/mips/kernel/irixelf.c linux-2.4.28-gentoo-r5/arch/mips/kernel/irixelf.c +--- linux-2.4.28-gentoo-r4/arch/mips/kernel/irixelf.c 2005-01-07 20:33:12.000000000 +0000 ++++ linux-2.4.28-gentoo-r5/arch/mips/kernel/irixelf.c 2005-01-07 20:20:32.000000000 +0000 +@@ -130,7 +130,7 @@ + end = PAGE_ALIGN(end); + if (end <= start) + return; +- do_brk(start, end - start); ++ do_brk_locked(start, end - start); + } + + +@@ -379,7 +379,7 @@ + + /* Map the last of the bss segment */ + if (last_bss > len) { +- do_brk(len, (last_bss - len)); ++ do_brk_locked(len, (last_bss - len)); + } + kfree(elf_phdata); + +@@ -567,7 +567,7 @@ + unsigned long v; + struct prda *pp; + +- v = do_brk (PRDA_ADDRESS, PAGE_SIZE); ++ v = do_brk_locked (PRDA_ADDRESS, PAGE_SIZE); + + if (v < 0) + return; +@@ -859,7 +859,7 @@ + len = (elf_phdata->p_filesz + elf_phdata->p_vaddr+ 0xfff) & 0xfffff000; + bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; + if (bss > len) +- do_brk(len, bss-len); ++ do_brk_locked(len, bss-len); + kfree(elf_phdata); + return 0; + } +diff -ur linux-2.4.28-gentoo-r4/arch/sparc64/kernel/binfmt_aout32.c linux-2.4.28-gentoo-r5/arch/sparc64/kernel/binfmt_aout32.c +--- linux-2.4.28-gentoo-r4/arch/sparc64/kernel/binfmt_aout32.c 2005-01-07 20:33:12.000000000 +0000 ++++ linux-2.4.28-gentoo-r5/arch/sparc64/kernel/binfmt_aout32.c 2005-01-07 20:20:32.000000000 +0000 +@@ -49,7 +49,7 @@ + end = PAGE_ALIGN(end); + if (end <= start) + return; +- do_brk(start, end - start); ++ do_brk_locked(start, end - start); + } + + /* +@@ -246,10 +246,10 @@ + if (N_MAGIC(ex) == NMAGIC) { + loff_t pos = fd_offset; + /* Fuck me plenty... */ +- error = do_brk(N_TXTADDR(ex), ex.a_text); ++ error = do_brk_locked(N_TXTADDR(ex), ex.a_text); + bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), + ex.a_text, &pos); +- error = do_brk(N_DATADDR(ex), ex.a_data); ++ error = do_brk_locked(N_DATADDR(ex), ex.a_data); + bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex), + ex.a_data, &pos); + goto beyond_if; +@@ -257,7 +257,7 @@ + + if (N_MAGIC(ex) == OMAGIC) { + loff_t pos = fd_offset; +- do_brk(N_TXTADDR(ex) & PAGE_MASK, ++ do_brk_locked(N_TXTADDR(ex) & PAGE_MASK, + ex.a_text+ex.a_data + PAGE_SIZE - 1); + bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), + ex.a_text+ex.a_data, &pos); +@@ -272,7 +272,7 @@ + + if (!bprm->file->f_op->mmap) { + loff_t pos = fd_offset; +- do_brk(0, ex.a_text+ex.a_data); ++ do_brk_locked(0, ex.a_text+ex.a_data); + bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), + ex.a_text+ex.a_data, &pos); + goto beyond_if; +@@ -388,7 +388,7 @@ + len = PAGE_ALIGN(ex.a_text + ex.a_data); + bss = ex.a_text + ex.a_data + ex.a_bss; + if (bss > len) { +- error = do_brk(start_addr + len, bss - len); ++ error = do_brk_locked(start_addr + len, bss - len); + retval = error; + if (error != start_addr + len) + goto out; +diff -ur linux-2.4.28-gentoo-r4/fs/binfmt_aout.c linux-2.4.28-gentoo-r5/fs/binfmt_aout.c +--- linux-2.4.28-gentoo-r4/fs/binfmt_aout.c 2005-01-07 20:33:12.000000000 +0000 ++++ linux-2.4.28-gentoo-r5/fs/binfmt_aout.c 2005-01-07 20:20:32.000000000 +0000 +@@ -46,7 +46,7 @@ + start = PAGE_ALIGN(start); + end = PAGE_ALIGN(end); + if (end > start) { +- unsigned long addr = do_brk(start, end - start); ++ unsigned long addr = do_brk_locked(start, end - start); + if (BAD_ADDR(addr)) + return addr; + } +@@ -341,10 +341,10 @@ + loff_t pos = fd_offset; + /* Fuck me plenty... */ + /* <AOL></AOL> */ +- error = do_brk(N_TXTADDR(ex), ex.a_text); ++ error = do_brk_locked(N_TXTADDR(ex), ex.a_text); + bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), + ex.a_text, &pos); +- error = do_brk(N_DATADDR(ex), ex.a_data); ++ error = do_brk_locked(N_DATADDR(ex), ex.a_data); + bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex), + ex.a_data, &pos); + goto beyond_if; +@@ -365,7 +365,7 @@ + map_size = ex.a_text+ex.a_data; + #endif + +- error = do_brk(text_addr & PAGE_MASK, map_size); ++ error = do_brk_locked(text_addr & PAGE_MASK, map_size); + if (error != (text_addr & PAGE_MASK)) { + send_sig(SIGKILL, current, 0); + return error; +@@ -399,7 +399,7 @@ + + if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { + loff_t pos = fd_offset; +- do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); ++ do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data); + bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), + ex.a_text+ex.a_data, &pos); + flush_icache_range((unsigned long) N_TXTADDR(ex), +@@ -500,7 +500,7 @@ + error_time = jiffies; + } + +- do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); ++ do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss); + + file->f_op->read(file, (char *)start_addr, + ex.a_text + ex.a_data, &pos); +@@ -524,7 +524,7 @@ + len = PAGE_ALIGN(ex.a_text + ex.a_data); + bss = ex.a_text + ex.a_data + ex.a_bss; + if (bss > len) { +- error = do_brk(start_addr + len, bss - len); ++ error = do_brk_locked(start_addr + len, bss - len); + retval = error; + if (error != start_addr + len) + goto out; +diff -ur linux-2.4.28-gentoo-r4/fs/binfmt_elf.c linux-2.4.28-gentoo-r5/fs/binfmt_elf.c +--- linux-2.4.28-gentoo-r4/fs/binfmt_elf.c 2005-01-07 20:33:12.000000000 +0000 ++++ linux-2.4.28-gentoo-r5/fs/binfmt_elf.c 2005-01-07 20:20:46.000000000 +0000 +@@ -88,7 +88,7 @@ + end = ELF_PAGEALIGN(end); + if (end <= start) + return; +- do_brk(start, end - start); ++ do_brk_locked(start, end - start); + } + + +@@ -370,7 +370,7 @@ + + /* Map the last of the bss segment */ + if (last_bss > elf_bss) +- do_brk(elf_bss, last_bss - elf_bss); ++ do_brk_locked(elf_bss, last_bss - elf_bss); + + *interp_load_addr = load_addr; + error = ((unsigned long) interp_elf_ex->e_entry) + load_addr; +@@ -407,7 +407,7 @@ + goto out; + } + +- do_brk(0, text_data); ++ do_brk_locked(0, text_data); + if (!interpreter->f_op || !interpreter->f_op->read) + goto out; + if (interpreter->f_op->read(interpreter, addr, text_data, &offset) < 0) +@@ -415,7 +415,7 @@ + flush_icache_range((unsigned long)addr, + (unsigned long)addr + text_data); + +- do_brk(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), ++ do_brk_locked(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), + interp_ex->a_bss); + elf_entry = interp_ex->a_entry; + +@@ -1271,7 +1271,7 @@ + len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1); + bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; + if (bss > len) +- do_brk(len, bss - len); ++ do_brk_locked(len, bss - len); + error = 0; + + out_free_ph: +diff -ur linux-2.4.28-gentoo-r4/include/linux/mm.h linux-2.4.28-gentoo-r5/include/linux/mm.h +--- linux-2.4.28-gentoo-r4/include/linux/mm.h 2005-01-07 20:33:12.000000000 +0000 ++++ linux-2.4.28-gentoo-r5/include/linux/mm.h 2005-01-07 20:20:32.000000000 +0000 +@@ -601,6 +601,7 @@ + extern int do_munmap(struct mm_struct *, unsigned long, size_t); + + extern unsigned long do_brk(unsigned long, unsigned long); ++extern unsigned long do_brk_locked(unsigned long, unsigned long); + + static inline void __vma_unlink(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct * prev) + { +diff -ur linux-2.4.28-gentoo-r4/kernel/ksyms.c linux-2.4.28-gentoo-r5/kernel/ksyms.c +--- linux-2.4.28-gentoo-r4/kernel/ksyms.c 2005-01-07 20:33:12.000000000 +0000 ++++ linux-2.4.28-gentoo-r5/kernel/ksyms.c 2005-01-07 20:20:32.000000000 +0000 +@@ -90,6 +90,7 @@ + EXPORT_SYMBOL(__do_mmap_pgoff); + EXPORT_SYMBOL(do_munmap); + EXPORT_SYMBOL(do_brk); ++EXPORT_SYMBOL(do_brk_locked); + EXPORT_SYMBOL(exit_mm); + EXPORT_SYMBOL(exit_files); + EXPORT_SYMBOL(exit_fs); +diff -ur linux-2.4.28-gentoo-r4/mm/mmap.c linux-2.4.28-gentoo-r5/mm/mmap.c +--- linux-2.4.28-gentoo-r4/mm/mmap.c 2005-01-07 20:33:12.000000000 +0000 ++++ linux-2.4.28-gentoo-r5/mm/mmap.c 2005-01-07 20:20:32.000000000 +0000 +@@ -1401,6 +1401,21 @@ + return addr; + } + ++/* locking version of do_brk. */ ++unsigned long do_brk_locked(unsigned long addr, unsigned long len) ++{ ++ unsigned long ret; ++ ++ down_write(¤t->mm->mmap_sem); ++ ret = do_brk(addr, len); ++ up_write(¤t->mm->mmap_sem); ++ ++ return ret; ++} ++ ++ ++ ++ + /* Build the RB tree corresponding to the VMA list. */ + void build_mmap_rb(struct mm_struct * mm) + { diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.75963.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.75963.patch new file mode 100644 index 000000000000..80390f13bd73 --- /dev/null +++ b/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.75963.patch @@ -0,0 +1,32 @@ +--- linux-2.6.10/security/dummy.c 2004-12-24 21:34:26.000000000 +0000 ++++ linux-2.6.10.plasmaroo/security/dummy.c 2005-01-07 20:13:50.763073872 +0000 +@@ -74,11 +74,8 @@ + + static int dummy_capable (struct task_struct *tsk, int cap) + { +- if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0) +- /* capability granted */ ++ if (cap_raised (tsk->cap_effective, cap)) + return 0; +- +- /* capability denied */ + return -EPERM; + } + +@@ -191,6 +188,8 @@ + + current->suid = current->euid = current->fsuid = bprm->e_uid; + current->sgid = current->egid = current->fsgid = bprm->e_gid; ++ ++ dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); + } + + static int dummy_bprm_set_security (struct linux_binprm *bprm) +@@ -550,6 +549,7 @@ + + static int dummy_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags) + { ++ dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); + return 0; + } + diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.77094.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.77094.patch new file mode 100644 index 000000000000..bc4ba1a9a207 --- /dev/null +++ b/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.77094.patch @@ -0,0 +1,163 @@ +diff -urNp linux-2.6.10/drivers/char/moxa.c linux-2.6.10-new/drivers/char/moxa.c +--- linux-2.6.10/drivers/char/moxa.c 2005-01-07 10:51:23 -0500 ++++ linux-2.6.10-new/drivers/char/moxa.c 2005-01-07 10:51:33 -0500 +@@ -1668,6 +1668,8 @@ int MoxaDriverIoctl(unsigned int cmd, un + return -EFAULT; + if(dltmp.cardno < 0 || dltmp.cardno >= MAX_BOARDS) + return -EINVAL; ++ if(dltmp.len < 0 || dltmp.len > sizeof(moxaBuff)) ++ return -EINVAL; + + switch(cmd) + { +@@ -2822,8 +2824,6 @@ static int moxaload320b(int cardno, unsi + void __iomem *baseAddr; + int i; + +- if(len > sizeof(moxaBuff)) +- return -EINVAL; + if(copy_from_user(moxaBuff, tmp, len)) + return -EFAULT; + baseAddr = moxaBaseAddr[cardno]; +diff -urNp linux-2.6.10/drivers/block/scsi_ioctl.c linux-2.6.10-new/drivers/block/scsi_ioctl.c +--- linux-2.6.10/drivers/block/scsi_ioctl.c 2005-01-07 10:51:24 -0500 ++++ linux-2.6.10-new/drivers/block/scsi_ioctl.c 2005-01-07 10:51:33 -0500 +@@ -339,7 +339,8 @@ static int sg_scsi_ioctl(struct file *fi + struct gendisk *bd_disk, Scsi_Ioctl_Command __user *sic) + { + struct request *rq; +- int err, in_len, out_len, bytes, opcode, cmdlen; ++ unsigned int in_len, out_len, bytes, opcode, cmdlen; ++ int err; + char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE]; + + /* +diff -urNp linux-2.6.10/include/linux/writeback.h linux-2.6.10-new/include/linux/writeback.h +--- linux-2.6.10/include/linux/writeback.h 2005-01-07 10:51:22 -0500 ++++ linux-2.6.10-new/include/linux/writeback.h 2005-01-07 10:51:33 -0500 +@@ -86,6 +86,7 @@ static inline void wait_on_inode(struct + int wakeup_bdflush(long nr_pages); + void laptop_io_completion(void); + void laptop_sync_completion(void); ++void throttle_vm_writeout(void); + + /* These are exported to sysctl. */ + extern int dirty_background_ratio; +diff -urNp linux-2.6.10/drivers/char/random.c linux-2.6.10-new/drivers/char/random.c +--- linux-2.6.10/drivers/char/random.c 2005-01-07 10:51:23 -0500 ++++ linux-2.6.10-new/drivers/char/random.c 2005-01-07 10:51:33 -0500 +@@ -1912,7 +1912,7 @@ static int poolsize_strategy(ctl_table * + void __user *oldval, size_t __user *oldlenp, + void __user *newval, size_t newlen, void **context) + { +- int len; ++ size_t len; + + sysctl_poolsize = random_state->poolinfo.POOLBYTES; + +diff -urNp linux-2.6.10/mm/mmap.c linux-2.6.10-new/mm/mmap.c +--- linux-2.6.10/mm/mmap.c 2004-12-24 22:35:00.000000000 +0100 ++++ linux-2.6.10-new/mm/mmap.c 2004-12-27 16:37:47.000000000 +0100 +@@ -1360,6 +1360,13 @@ int expand_stack(struct vm_area_struct * + vm_unacct_memory(grow); + return -ENOMEM; + } ++ if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) && ++ ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > ++ current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) { ++ anon_vma_unlock(vma); ++ vm_unacct_memory(grow); ++ return -ENOMEM; ++ } + vma->vm_end = address; + vma->vm_mm->total_vm += grow; + if (vma->vm_flags & VM_LOCKED) +@@ -1422,6 +1429,13 @@ int expand_stack(struct vm_area_struct * + vm_unacct_memory(grow); + return -ENOMEM; + } ++ if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) && ++ ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > ++ current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) { ++ anon_vma_unlock(vma); ++ vm_unacct_memory(grow); ++ return -ENOMEM; ++ } + vma->vm_start = address; + vma->vm_pgoff -= grow; + vma->vm_mm->total_vm += grow; +diff -urNp linux-2.6.10/mm/page-writeback.c linux-2.6.10-new/mm/page-writeback.c +--- linux-2.6.10/mm/page-writeback.c 2005-01-07 10:51:24 -0500 ++++ linux-2.6.10-new/mm/page-writeback.c 2005-01-07 10:51:33 -0500 +@@ -276,6 +276,28 @@ void balance_dirty_pages_ratelimited(str + } + EXPORT_SYMBOL(balance_dirty_pages_ratelimited); + ++void throttle_vm_writeout(void) ++{ ++ struct writeback_state wbs; ++ long background_thresh; ++ long dirty_thresh; ++ ++ for ( ; ; ) { ++ get_dirty_limits(&wbs, &background_thresh, &dirty_thresh); ++ ++ /* ++ * Boost the allowable dirty threshold a bit for page ++ * allocators so they don't get DoS'ed by heavy writers ++ */ ++ dirty_thresh += dirty_thresh / 10; /* wheeee... */ ++ ++ if (wbs.nr_unstable + wbs.nr_writeback <= dirty_thresh) ++ break; ++ blk_congestion_wait(WRITE, HZ/10); ++ } ++} ++ ++ + /* + * writeback at least _min_pages, and keep writing until the amount of dirty + * memory is less than the background threshold, or until we're all clean. +diff -urNp linux-2.6.10/mm/vmscan.c linux-2.6.10-new/mm/vmscan.c +--- linux-2.6.10/mm/vmscan.c 2005-01-07 10:51:24 -0500 ++++ linux-2.6.10-new/mm/vmscan.c 2005-01-07 10:51:33 -0500 +@@ -369,14 +369,14 @@ static int shrink_list(struct list_head + + BUG_ON(PageActive(page)); + +- if (PageWriteback(page)) +- goto keep_locked; +- + sc->nr_scanned++; + /* Double the slab pressure for mapped and swapcache pages */ + if (page_mapped(page) || PageSwapCache(page)) + sc->nr_scanned++; + ++ if (PageWriteback(page)) ++ goto keep_locked; ++ + referenced = page_referenced(page, 1, sc->priority <= 0); + /* In active use or really unfreeable? Activate it. */ + if (referenced && page_mapping_inuse(page)) +@@ -825,6 +825,8 @@ shrink_zone(struct zone *zone, struct sc + break; + } + } ++ ++ throttle_vm_writeout(); + } + + /* +diff -urNp linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_tcp.c linux-2.6.10-new/net/ipv4/netfilter/ip_conntrack_proto_tcp.c +--- linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2005-01-07 10:51:24 -0500 ++++ linux-2.6.10-new/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2005-01-07 10:51:33 -0500 +@@ -906,7 +906,8 @@ static int tcp_packet(struct ip_conntrac + if (index == TCP_RST_SET + && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status) + && conntrack->proto.tcp.last_index <= TCP_SYNACK_SET) +- || conntrack->proto.tcp.last_index == TCP_ACK_SET) ++ || (!test_bit(IPS_ASSURED_BIT, &conntrack->status) ++ && conntrack->proto.tcp.last_index == TCP_ACK_SET)) + && after(ntohl(th->ack_seq), + conntrack->proto.tcp.last_seq)) { + /* Ignore RST closing down invalid SYN or ACK diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.brk-locked.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.brk-locked.patch new file mode 100644 index 000000000000..6095e844d5f1 --- /dev/null +++ b/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.brk-locked.patch @@ -0,0 +1,303 @@ +diff -ur linux-2.6.10/arch/mips/kernel/irixelf.c linux-2.6.10.plasmaroo/arch/mips/kernel/irixelf.c +--- linux-2.6.10/arch/mips/kernel/irixelf.c 2004-12-24 21:35:50.000000000 +0000 ++++ linux-2.6.10.plasmaroo/arch/mips/kernel/irixelf.c 2005-01-07 15:36:00.383356800 +0000 +@@ -127,7 +127,7 @@ + end = PAGE_ALIGN(end); + if (end <= start) + return; +- do_brk(start, end - start); ++ do_brk_locked(start, end - start); + } + + +@@ -375,7 +375,7 @@ + + /* Map the last of the bss segment */ + if (last_bss > len) { +- do_brk(len, (last_bss - len)); ++ do_brk_locked(len, (last_bss - len)); + } + kfree(elf_phdata); + +@@ -562,7 +562,7 @@ + unsigned long v; + struct prda *pp; + +- v = do_brk (PRDA_ADDRESS, PAGE_SIZE); ++ v = do_brk_locked (PRDA_ADDRESS, PAGE_SIZE); + + if (v < 0) + return; +@@ -853,7 +853,7 @@ + len = (elf_phdata->p_filesz + elf_phdata->p_vaddr+ 0xfff) & 0xfffff000; + bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; + if (bss > len) +- do_brk(len, bss-len); ++ do_brk_locked(len, bss-len); + kfree(elf_phdata); + return 0; + } +diff -ur linux-2.6.10/arch/sparc64/kernel/binfmt_aout32.c linux-2.6.10.plasmaroo/arch/sparc64/kernel/binfmt_aout32.c +--- linux-2.6.10/arch/sparc64/kernel/binfmt_aout32.c 2004-12-24 21:34:45.000000000 +0000 ++++ linux-2.6.10.plasmaroo/arch/sparc64/kernel/binfmt_aout32.c 2005-01-07 15:36:00.432349352 +0000 +@@ -49,7 +49,7 @@ + end = PAGE_ALIGN(end); + if (end <= start) + return; +- do_brk(start, end - start); ++ do_brk_locked(start, end - start); + } + + /* +@@ -246,10 +246,10 @@ + if (N_MAGIC(ex) == NMAGIC) { + loff_t pos = fd_offset; + /* Fuck me plenty... */ +- error = do_brk(N_TXTADDR(ex), ex.a_text); ++ error = do_brk_locked(N_TXTADDR(ex), ex.a_text); + bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex), + ex.a_text, &pos); +- error = do_brk(N_DATADDR(ex), ex.a_data); ++ error = do_brk_locked(N_DATADDR(ex), ex.a_data); + bprm->file->f_op->read(bprm->file, (char __user *)N_DATADDR(ex), + ex.a_data, &pos); + goto beyond_if; +@@ -257,7 +257,7 @@ + + if (N_MAGIC(ex) == OMAGIC) { + loff_t pos = fd_offset; +- do_brk(N_TXTADDR(ex) & PAGE_MASK, ++ do_brk_locked(N_TXTADDR(ex) & PAGE_MASK, + ex.a_text+ex.a_data + PAGE_SIZE - 1); + bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex), + ex.a_text+ex.a_data, &pos); +@@ -272,7 +272,7 @@ + + if (!bprm->file->f_op->mmap) { + loff_t pos = fd_offset; +- do_brk(0, ex.a_text+ex.a_data); ++ do_brk_locked(0, ex.a_text+ex.a_data); + bprm->file->f_op->read(bprm->file, + (char __user *)N_TXTADDR(ex), + ex.a_text+ex.a_data, &pos); +@@ -389,7 +389,7 @@ + len = PAGE_ALIGN(ex.a_text + ex.a_data); + bss = ex.a_text + ex.a_data + ex.a_bss; + if (bss > len) { +- error = do_brk(start_addr + len, bss - len); ++ error = do_brk_locked(start_addr + len, bss - len); + retval = error; + if (error != start_addr + len) + goto out; +diff -Nur linux-2.6.10/arch/x86_64/ia32/ia32_aout.c linux-2.6.10.plasmaroo/arch/x86_64/ia32/ia32_aout.c +--- linux-2.6.10/arch/x86_64/ia32/ia32_aout.c 2005-01-03 16:17:04.000000000 -0200 ++++ linux-2.6.10.plasmaroo/arch/x86_64/ia32/ia32_aout.c 2005-01-03 16:46:53.846823360 -0200 +@@ -115,7 +115,7 @@ + end = PAGE_ALIGN(end); + if (end <= start) + return; +- do_brk(start, end - start); ++ do_brk_locked(start, end - start); + } + + #if CORE_DUMP +@@ -325,7 +325,7 @@ + pos = 32; + map_size = ex.a_text+ex.a_data; + +- error = do_brk(text_addr & PAGE_MASK, map_size); ++ error = do_brk_locked(text_addr & PAGE_MASK, map_size); + if (error != (text_addr & PAGE_MASK)) { + send_sig(SIGKILL, current, 0); + return error; +@@ -361,7 +361,7 @@ + + if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { + loff_t pos = fd_offset; +- do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); ++ do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data); + bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), + ex.a_text+ex.a_data, &pos); + flush_icache_range((unsigned long) N_TXTADDR(ex), +@@ -470,7 +470,7 @@ + } + #endif + +- do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); ++ do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss); + + file->f_op->read(file, (char *)start_addr, + ex.a_text + ex.a_data, &pos); +@@ -494,7 +494,7 @@ + len = PAGE_ALIGN(ex.a_text + ex.a_data); + bss = ex.a_text + ex.a_data + ex.a_bss; + if (bss > len) { +- error = do_brk(start_addr + len, bss - len); ++ error = do_brk_locked(start_addr + len, bss - len); + retval = error; + if (error != start_addr + len) + goto out; +diff -ur linux-2.6.10/fs/binfmt_aout.c linux-2.6.10.plasmaroo/fs/binfmt_aout.c +--- linux-2.6.10/fs/binfmt_aout.c 2004-12-24 21:35:50.000000000 +0000 ++++ linux-2.6.10.plasmaroo/fs/binfmt_aout.c 2005-01-07 15:36:00.000000000 +0000 +@@ -50,7 +50,7 @@ + start = PAGE_ALIGN(start); + end = PAGE_ALIGN(end); + if (end > start) { +- unsigned long addr = do_brk(start, end - start); ++ unsigned long addr = do_brk_locked(start, end - start); + if (BAD_ADDR(addr)) + return addr; + } +@@ -323,10 +323,10 @@ + loff_t pos = fd_offset; + /* Fuck me plenty... */ + /* <AOL></AOL> */ +- error = do_brk(N_TXTADDR(ex), ex.a_text); ++ error = do_brk_locked(N_TXTADDR(ex), ex.a_text); + bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), + ex.a_text, &pos); +- error = do_brk(N_DATADDR(ex), ex.a_data); ++ error = do_brk_locked(N_DATADDR(ex), ex.a_data); + bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex), + ex.a_data, &pos); + goto beyond_if; +@@ -347,7 +347,7 @@ + map_size = ex.a_text+ex.a_data; + #endif + +- error = do_brk(text_addr & PAGE_MASK, map_size); ++ error = do_brk_locked(text_addr & PAGE_MASK, map_size); + if (error != (text_addr & PAGE_MASK)) { + send_sig(SIGKILL, current, 0); + return error; +@@ -382,7 +382,7 @@ + + if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { + loff_t pos = fd_offset; +- do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); ++ do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data); + bprm->file->f_op->read(bprm->file, + (char __user *)N_TXTADDR(ex), + ex.a_text+ex.a_data, &pos); +@@ -488,7 +488,7 @@ + error_time = jiffies; + } + +- do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); ++ do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss); + + file->f_op->read(file, (char __user *)start_addr, + ex.a_text + ex.a_data, &pos); +@@ -512,7 +512,7 @@ + len = PAGE_ALIGN(ex.a_text + ex.a_data); + bss = ex.a_text + ex.a_data + ex.a_bss; + if (bss > len) { +- error = do_brk(start_addr + len, bss - len); ++ error = do_brk_locked(start_addr + len, bss - len); + retval = error; + if (error != start_addr + len) + goto out; +diff -ur linux-2.6.10/fs/binfmt_elf.c linux-2.6.10.plasmaroo/fs/binfmt_elf.c +--- linux-2.6.10/fs/binfmt_elf.c 2004-12-24 21:34:33.000000000 +0000 ++++ linux-2.6.10.plasmaroo/fs/binfmt_elf.c 2005-01-07 15:36:00.000000000 +0000 +@@ -88,7 +88,7 @@ + start = ELF_PAGEALIGN(start); + end = ELF_PAGEALIGN(end); + if (end > start) { +- unsigned long addr = do_brk(start, end - start); ++ unsigned long addr = do_brk_locked(start, end - start); + if (BAD_ADDR(addr)) + return addr; + } +@@ -408,7 +408,7 @@ + + /* Map the last of the bss segment */ + if (last_bss > elf_bss) { +- error = do_brk(elf_bss, last_bss - elf_bss); ++ error = do_brk_locked(elf_bss, last_bss - elf_bss); + if (BAD_ADDR(error)) + goto out_close; + } +@@ -448,7 +448,7 @@ + goto out; + } + +- do_brk(0, text_data); ++ do_brk_locked(0, text_data); + if (!interpreter->f_op || !interpreter->f_op->read) + goto out; + if (interpreter->f_op->read(interpreter, addr, text_data, &offset) < 0) +@@ -456,7 +456,7 @@ + flush_icache_range((unsigned long)addr, + (unsigned long)addr + text_data); + +- do_brk(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), ++ do_brk_locked(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), + interp_ex->a_bss); + elf_entry = interp_ex->a_entry; + +@@ -1025,7 +1025,7 @@ + len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1); + bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; + if (bss > len) +- do_brk(len, bss - len); ++ do_brk_locked(len, bss - len); + error = 0; + + out_free_ph: +diff -ur linux-2.6.10/include/linux/mm.h linux-2.6.10.plasmaroo/include/linux/mm.h +--- linux-2.6.10/include/linux/mm.h 2004-12-24 21:33:50.000000000 +0000 ++++ linux-2.6.10.plasmaroo/include/linux/mm.h 2005-01-07 15:36:00.000000000 +0000 +@@ -704,6 +704,7 @@ + extern int do_munmap(struct mm_struct *, unsigned long, size_t); + + extern unsigned long do_brk(unsigned long, unsigned long); ++extern unsigned long do_brk_locked(unsigned long, unsigned long); + + /* filemap.c */ + extern unsigned long page_unuse(struct page *); +diff -ur linux-2.6.10/mm/mmap.c linux-2.6.10.plasmaroo/mm/mmap.c +--- linux-2.6.10/mm/mmap.c 2004-12-24 21:35:00.000000000 +0000 ++++ linux-2.6.10.plasmaroo/mm/mmap.c 2005-01-07 15:36:04.000000000 +0000 +@@ -1826,6 +1826,20 @@ + + EXPORT_SYMBOL(do_brk); + ++/* locking version of do_brk. */ ++unsigned long do_brk_locked(unsigned long addr, unsigned long len) ++{ ++ unsigned long ret; ++ ++ down_write(¤t->mm->mmap_sem); ++ ret = do_brk(addr, len); ++ up_write(¤t->mm->mmap_sem); ++ ++ return ret; ++} ++ ++EXPORT_SYMBOL(do_brk_locked); ++ + /* Release all mmaps. */ + void exit_mmap(struct mm_struct *mm) + { +@@ -1952,3 +1966,4 @@ + } + return new_vma; + } ++ +diff -ur linux-2.6.10/mm/nommu.c linux-2.6.10.plasmaroo/mm/nommu.c +--- linux-2.6.10/mm/nommu.c 2004-12-24 21:35:25.000000000 +0000 ++++ linux-2.6.10.plasmaroo/mm/nommu.c 2005-01-07 15:30:24.000000000 +0000 +@@ -557,6 +557,11 @@ + return -ENOMEM; + } + ++unsigned long do_brk_locked(unsigned long addr, unsigned long len) ++{ ++ return -ENOMEM; ++} ++ + struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long addr) + { + return NULL; diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.smbfs.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.smbfs.patch index 99401cf93a0e..f10cfedfab16 100644 --- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.smbfs.patch +++ b/sys-kernel/xbox-sources/files/xbox-sources-2.6.10.smbfs.patch @@ -38,15 +38,7 @@ diff -urN linux-2.6.8.1/fs/smbfs/request.c linux-2.6.8.1.plasmaroo/fs/smbfs/requ + goto out_bad_data; return 0; } - -@@ -634,6 +642,7 @@ - req->rq_trans2buffer = smb_kmalloc(buf_len, GFP_NOFS); - if (!req->rq_trans2buffer) - goto out_no_mem; -+ memset(req->rq_trans2buffer, 0, buf_len); - - req->rq_parm = req->rq_trans2buffer; - req->rq_data = req->rq_trans2buffer + parm_tot; + @@ -643,8 +652,12 @@ if (parm_disp + parm_count > req->rq_total_parm) @@ -60,19 +52,6 @@ diff -urN linux-2.6.8.1/fs/smbfs/request.c linux-2.6.8.1.plasmaroo/fs/smbfs/requ inbuf = req->rq_buffer; memcpy(req->rq_parm + parm_disp, inbuf + parm_offset, parm_count); -@@ -657,8 +670,11 @@ - * Check whether we've received all of the data. Note that - * we use the packet totals -- total lengths might shrink! - */ -- if (req->rq_ldata >= data_tot && req->rq_lparm >= parm_tot) -+ if (req->rq_ldata >= data_tot && req->rq_lparm >= parm_tot) { -+ req->rq_ldata = data_tot; -+ req->rq_lparm = parm_tot; - return 0; -+ } - return 1; - - out_too_long: @@ -676,13 +692,13 @@ req->rq_errno = -EIO; goto out; diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.7.cmdlineLeak.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.7.cmdlineLeak.patch deleted file mode 100644 index 763f0cf64449..000000000000 --- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.7.cmdlineLeak.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- linux-2.6.7/fs/proc/base.c~ 2004-08-05 10:35:04.411443536 +0200 -+++ linux-2.6.7/fs/proc/base.c 2004-08-05 10:35:04.412443384 +0200 -@@ -330,6 +330,9 @@ - if (!mm) - goto out; - -+ if (!mm->arg_end) -+ goto out; -+ - len = mm->arg_end - mm->arg_start; - - if (len > PAGE_SIZE) diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.AF_UNIX.SELinux.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.AF_UNIX.SELinux.patch deleted file mode 100644 index dbb8b2329a28..000000000000 --- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.AF_UNIX.SELinux.patch +++ /dev/null @@ -1,61 +0,0 @@ ---- a/net/unix/af_unix.c 2004-10-18 22:54:37.000000000 +0100 -+++ b/net/unix/af_unix.c 2004-12-19 18:33:12.000000000 +0000 -@@ -477,6 +477,8 @@ - struct msghdr *, size_t, int); - static int unix_dgram_connect(struct socket *, struct sockaddr *, - int, int); -+static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *, -+ struct msghdr *, size_t); - - static struct proto_ops unix_stream_ops = { - .family = PF_UNIX, -@@ -535,7 +537,7 @@ - .shutdown = unix_shutdown, - .setsockopt = sock_no_setsockopt, - .getsockopt = sock_no_getsockopt, -- .sendmsg = unix_dgram_sendmsg, -+ .sendmsg = unix_seqpacket_sendmsg, - .recvmsg = unix_dgram_recvmsg, - .mmap = sock_no_mmap, - .sendpage = sock_no_sendpage, -@@ -1365,9 +1367,11 @@ - if (other->sk_shutdown & RCV_SHUTDOWN) - goto out_unlock; - -- err = security_unix_may_send(sk->sk_socket, other->sk_socket); -- if (err) -- goto out_unlock; -+ if (sk->sk_type != SOCK_SEQPACKET) { -+ err = security_unix_may_send(sk->sk_socket, other->sk_socket); -+ if (err) -+ goto out_unlock; -+ } - - if (unix_peer(other) != sk && - (skb_queue_len(&other->sk_receive_queue) > -@@ -1517,6 +1521,25 @@ - return sent ? : err; - } - -+static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock, -+ struct msghdr *msg, size_t len) -+{ -+ int err; -+ struct sock *sk = sock->sk; -+ -+ err = sock_error(sk); -+ if (err) -+ return err; -+ -+ if (sk->sk_state != TCP_ESTABLISHED) -+ return -ENOTCONN; -+ -+ if (msg->msg_namelen) -+ msg->msg_namelen = 0; -+ -+ return unix_dgram_sendmsg(kiocb, sock, msg, len); -+} -+ - static void unix_copy_addr(struct msghdr *msg, struct sock *sk) - { - struct unix_sock *u = unix_sk(sk); diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.AF_UNIX.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.AF_UNIX.patch deleted file mode 100644 index a95e94fd9362..000000000000 --- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.AF_UNIX.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- linux-2.6.9/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00 -+++ linux-2.6.9.plasmaroo/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00 -@@ -1535,9 +1535,11 @@ - - msg->msg_namelen = 0; - -+ down(&u->readsem); -+ - skb = skb_recv_datagram(sk, flags, noblock, &err); - if (!skb) -- goto out; -+ goto out_unlock; - - wake_up_interruptible(&u->peer_wait); - -@@ -1587,6 +1589,8 @@ - - out_free: - skb_free_datagram(sk,skb); -+out_unlock: -+ up(&u->readsem); - out: - return err; - } diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1016.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1016.patch deleted file mode 100644 index aa25ac95ed61..000000000000 --- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1016.patch +++ /dev/null @@ -1,75 +0,0 @@ -===== include/linux/socket.h 1.12 vs edited ===== ---- 1.12/include/linux/socket.h 2004-09-09 06:40:01 +10:00 -+++ edited/include/linux/socket.h 2004-11-27 11:53:40 +11:00 -@@ -90,6 +90,10 @@ - (struct cmsghdr *)(ctl) : \ - (struct cmsghdr *)NULL) - #define CMSG_FIRSTHDR(msg) __CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen) -+#define CMSG_OK(mhdr, cmsg) ((cmsg)->cmsg_len >= sizeof(struct cmsghdr) && \ -+ (cmsg)->cmsg_len <= (unsigned long) \ -+ ((mhdr)->msg_controllen - \ -+ ((char *)(cmsg) - (char *)(mhdr)->msg_control))) - - /* - * This mess will go away with glibc -===== net/core/scm.c 1.10 vs edited ===== ---- 1.10/net/core/scm.c 2004-05-31 05:08:14 +10:00 -+++ edited/net/core/scm.c 2004-11-27 11:48:55 +11:00 -@@ -127,9 +127,7 @@ - for too short ancillary data object at all! Oops. - OK, let's add it... - */ -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) -+ if (!CMSG_OK(msg, cmsg)) - goto error; - - if (cmsg->cmsg_level != SOL_SOCKET) -===== net/ipv4/ip_sockglue.c 1.26 vs edited ===== ---- 1.26/net/ipv4/ip_sockglue.c 2004-07-01 06:10:53 +10:00 -+++ edited/net/ipv4/ip_sockglue.c 2004-11-27 11:49:45 +11:00 -@@ -146,11 +146,8 @@ - struct cmsghdr *cmsg; - - for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) - return -EINVAL; -- } - if (cmsg->cmsg_level != SOL_IP) - continue; - switch (cmsg->cmsg_type) { -===== net/ipv6/datagram.c 1.20 vs edited ===== ---- 1.20/net/ipv6/datagram.c 2004-11-10 17:57:03 +11:00 -+++ edited/net/ipv6/datagram.c 2004-11-27 11:51:15 +11:00 -@@ -427,9 +427,7 @@ - int addr_type; - struct net_device *dev = NULL; - -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) { - err = -EINVAL; - goto exit_f; - } -===== net/sctp/socket.c 1.129 vs edited ===== ---- 1.129/net/sctp/socket.c 2004-11-19 08:43:18 +11:00 -+++ edited/net/sctp/socket.c 2004-11-27 11:52:11 +11:00 -@@ -4098,12 +4098,8 @@ - for (cmsg = CMSG_FIRSTHDR(msg); - cmsg != NULL; - cmsg = CMSG_NXTHDR((struct msghdr*)msg, cmsg)) { -- /* Check for minimum length. The SCM code has this check. */ -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) - return -EINVAL; -- } - - /* Should we parse this header or ignore? */ - if (cmsg->cmsg_level != IPPROTO_SCTP) diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1137.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1137.patch deleted file mode 100644 index 0a54680f6f4b..000000000000 --- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1137.patch +++ /dev/null @@ -1,77 +0,0 @@ -# ChangeSet -# 2004/12/14 11:06:25-08:00 chrisw@osdl.org -# [IPV4/IPV6]: IGMP source filter fixes -# -# When adding or deleting from the source list make sure to find matches -# by comparing against the new source address, not the group address. -# Also, check each addr in the list rather than just the first one. -# And, finally, only delete from list when there's a match rather than -# vice-versa. Drop the effort to keep list sorted, since it's not done -# on full-state api and can create an sl_addr entry that the delta api -# won't be able to delete. Without these fixes sl_count can be corrupted -# which can allow for kernel memory corruption. -# -# Signed-off-by: Chris Wright <chrisw@osdl.org> -# Signed-off-by: David S. Miller <davem@davemloft.net> -# -diff -Nru a/net/ipv4/igmp.c b/net/ipv4/igmp.c ---- a/net/ipv4/igmp.c 2004-12-20 11:32:15 -08:00 -+++ b/net/ipv4/igmp.c 2004-12-20 11:32:15 -08:00 -@@ -1778,12 +1778,12 @@ - goto done; - rv = !0; - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, -+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, - sizeof(__u32)); -- if (rv >= 0) -+ if (rv == 0) - break; - } -- if (!rv) /* source not found */ -+ if (rv) /* source not found */ - goto done; - - /* update the interface filter */ -@@ -1825,9 +1825,9 @@ - } - rv = 1; /* > 0 for insert logic below if sl_count is 0 */ - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, -+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, - sizeof(__u32)); -- if (rv >= 0) -+ if (rv == 0) - break; - } - if (rv == 0) /* address already there is an error */ -diff -Nru a/net/ipv6/mcast.c b/net/ipv6/mcast.c ---- a/net/ipv6/mcast.c 2004-12-20 11:32:15 -08:00 -+++ b/net/ipv6/mcast.c 2004-12-20 11:32:15 -08:00 -@@ -391,12 +391,12 @@ - goto done; - rv = !0; - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, group, -+ rv = memcmp(&psl->sl_addr[i], source, - sizeof(struct in6_addr)); -- if (rv >= 0) -+ if (rv == 0) - break; - } -- if (!rv) /* source not found */ -+ if (rv) /* source not found */ - goto done; - - /* update the interface filter */ -@@ -437,8 +437,8 @@ - } - rv = 1; /* > 0 for insert logic below if sl_count is 0 */ - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, group, sizeof(struct in6_addr)); -- if (rv >= 0) -+ rv = memcmp(&psl->sl_addr[i], source, sizeof(struct in6_addr)); -+ if (rv == 0) - break; - } - if (rv == 0) /* address already there is an error */ diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1151.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1151.patch deleted file mode 100644 index fc4289e4f444..000000000000 --- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.CAN-2004-1151.patch +++ /dev/null @@ -1,35 +0,0 @@ ---- 1.74/arch/x86_64/ia32/sys_ia32.c 2004-12-19 10:58:02 -08:00 -+++ 1.75/arch/x86_64/ia32/sys_ia32.c 2004-12-19 10:58:02 -08:00 -@@ -525,11 +525,12 @@ - int sys32_ni_syscall(int call) - { - struct task_struct *me = current; -- static char lastcomm[8]; -- if (strcmp(lastcomm, me->comm)) { -- printk(KERN_INFO "IA32 syscall %d from %s not implemented\n", call, -- current->comm); -- strcpy(lastcomm, me->comm); -+ static char lastcomm[sizeof(me->comm)]; -+ -+ if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) { -+ printk(KERN_INFO "IA32 syscall %d from %s not implemented\n", -+ call, me->comm); -+ strncpy(lastcomm, me->comm, sizeof(lastcomm)); - } - return -ENOSYS; - } -@@ -1125,11 +1126,11 @@ - long sys32_vm86_warning(void) - { - struct task_struct *me = current; -- static char lastcomm[8]; -- if (strcmp(lastcomm, me->comm)) { -+ static char lastcomm[sizeof(me->comm)]; -+ if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) { - printk(KERN_INFO "%s: vm86 mode not supported on 64 bit kernel\n", - me->comm); -- strcpy(lastcomm, me->comm); -+ strncpy(lastcomm, me->comm, sizeof(lastcomm)); - } - return -ENOSYS; - } diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.binfmt_a.out.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.binfmt_a.out.patch deleted file mode 100644 index 89665ce8db42..000000000000 --- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.binfmt_a.out.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -Nru linux-2.6.9/fs/exec.c linux-2.6.9.plasmaroo/fs/exec.c ---- linux-2.6.9/fs/exec.c 2004-11-27 08:30:03 -08:00 -+++ linux-2.6.9.plasmaroo/fs/exec.c 2004-11-27 08:30:03 -08:00 -@@ -413,6 +413,7 @@ - - down_write(&mm->mmap_sem); - { -+ struct vm_area_struct *vma; - mpnt->vm_mm = mm; - #ifdef CONFIG_STACK_GROWSUP - mpnt->vm_start = stack_base; -@@ -433,6 +434,12 @@ - mpnt->vm_flags = VM_STACK_FLAGS; - mpnt->vm_flags |= mm->def_flags; - mpnt->vm_page_prot = protection_map[mpnt->vm_flags & 0x7]; -+ vma = find_vma(mm, mpnt->vm_start); -+ if (vma) { -+ up_write(&mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return -ENOMEM; -+ } - insert_vm_struct(mm, mpnt); - mm->stack_vm = mm->total_vm = vma_pages(mpnt); - } -diff -Nru linux-2.6.9/fs/binfmt_aout.c linux-2.6.9.plasmaroo/fs/binfmt_aout.c ---- linux-2.6.9/fs/binfmt_aout.c 2004-11-27 08:31:43 -08:00 -+++ linux-2.6.9.plasmaroo/fs/binfmt_aout.c 2004-11-27 08:31:43 -08:00 -@@ -43,13 +43,18 @@ - .min_coredump = PAGE_SIZE - }; - --static void set_brk(unsigned long start, unsigned long end) -+#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) -+ -+static int set_brk(unsigned long start, unsigned long end) - { - start = PAGE_ALIGN(start); - end = PAGE_ALIGN(end); -- if (end <= start) -- return; -- do_brk(start, end - start); -+ if (end > start) { -+ unsigned long addr = do_brk(start, end - start); -+ if (BAD_ADDR(addr)) -+ return addr; -+ } -+ return 0; - } - - /* -@@ -413,7 +418,11 @@ - beyond_if: - set_binfmt(&aout_format); - -- set_brk(current->mm->start_brk, current->mm->brk); -+ retval = set_brk(current->mm->start_brk, current->mm->brk); -+ if (retval < 0) { -+ send_sig(SIGKILL, current, 0); -+ return retval; -+ } - - retval = setup_arg_pages(bprm, EXSTACK_DEFAULT); - if (retval < 0) { diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.binfmt_elf.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.binfmt_elf.patch deleted file mode 100644 index 87d05e7b5fa4..000000000000 --- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.binfmt_elf.patch +++ /dev/null @@ -1,85 +0,0 @@ -diff -ur linux-2.6.8.1/fs/binfmt_elf.c linux-2.6.8.1.plasmaroo/fs/binfmt_elf.c ---- linux-2.6.8.1/fs/binfmt_elf.c 2004-08-14 11:55:23.000000000 +0100 -+++ linux-2.6.8.1.plasmaroo/fs/binfmt_elf.c 2004-11-19 23:07:08.375429000 +0000 -@@ -334,9 +334,12 @@ - goto out; - - retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size); -- error = retval; -- if (retval < 0) -+ error = -EIO; -+ if (retval != size) { -+ if (retval < 0) -+ error = retval; - goto out_close; -+ } - - eppnt = elf_phdata; - for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) { -@@ -523,8 +526,11 @@ - goto out; - - retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size); -- if (retval < 0) -+ if (retval != size) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_ph; -+ } - - files = current->files; /* Refcounted so ok */ - retval = unshare_files(); -@@ -561,7 +567,8 @@ - */ - - retval = -ENOMEM; -- if (elf_ppnt->p_filesz > PATH_MAX) -+ if (elf_ppnt->p_filesz > PATH_MAX || -+ elf_ppnt->p_filesz == 0) - goto out_free_file; - elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz, - GFP_KERNEL); -@@ -571,8 +578,16 @@ - retval = kernel_read(bprm->file, elf_ppnt->p_offset, - elf_interpreter, - elf_ppnt->p_filesz); -- if (retval < 0) -+ if (retval != elf_ppnt->p_filesz) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_interp; -+ } -+ /* make sure path is NULL terminated */ -+ retval = -EINVAL; -+ if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0') -+ goto out_free_interp; -+ - /* If the program interpreter is one of these two, - * then assume an iBCS2 image. Otherwise assume - * a native linux image. -@@ -607,8 +622,11 @@ - if (IS_ERR(interpreter)) - goto out_free_interp; - retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE); -- if (retval < 0) -+ if (retval != BINPRM_BUF_SIZE) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_dentry; -+ } - - /* Get the exec headers */ - interp_ex = *((struct exec *) bprm->buf); -@@ -765,8 +783,10 @@ - } - - error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags); -- if (BAD_ADDR(error)) -- continue; -+ if (BAD_ADDR(error)) { -+ send_sig(SIGKILL, current, 0); -+ goto out_free_dentry; -+ } - - if (!load_addr_set) { - load_addr_set = 1; diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.devPtmx.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.devPtmx.patch deleted file mode 100644 index 2312a2bf5e3b..000000000000 --- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.devPtmx.patch +++ /dev/null @@ -1,21 +0,0 @@ -Index: linux-2.6.5/fs/devpts/inode.c -=================================================================== ---- linux-2.6.5.orig/fs/devpts/inode.c -+++ linux-2.6.5/fs/devpts/inode.c -@@ -178,9 +178,13 @@ struct tty_struct *devpts_get_tty(int nu - { - struct dentry *dentry = get_node(number); - struct tty_struct *tty; -- -- tty = (IS_ERR(dentry) || !dentry->d_inode) ? NULL : -- dentry->d_inode->u.generic_ip; -+ -+ tty = NULL; -+ if (!IS_ERR(dentry)) { -+ if (dentry->d_inode) -+ tty = dentry->d_inode->u.generic_ip; -+ dput(dentry); -+ } - - up(&devpts_root->d_inode->i_sem); - diff --git a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.vma.patch b/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.vma.patch deleted file mode 100644 index 53ca070ca333..000000000000 --- a/sys-kernel/xbox-sources/files/xbox-sources-2.6.8.1.vma.patch +++ /dev/null @@ -1,205 +0,0 @@ -diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/arch/ia64/ia32/binfmt_elf32.c linux-dsd/arch/ia64/ia32/binfmt_elf32.c ---- linux-2.6.8-gentoo-r11/arch/ia64/ia32/binfmt_elf32.c 2004-08-14 06:37:42.000000000 +0100 -+++ linux-dsd/arch/ia64/ia32/binfmt_elf32.c 2004-12-03 01:22:18.416099008 +0000 -@@ -84,7 +84,11 @@ ia64_elf32_init (struct pt_regs *regs) - vma->vm_ops = &ia32_shared_page_vm_ops; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -103,7 +107,11 @@ ia64_elf32_init (struct pt_regs *regs) - vma->vm_flags = VM_READ|VM_WRITE|VM_MAYREAD|VM_MAYWRITE; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -151,7 +159,7 @@ ia32_setup_arg_pages (struct linux_binpr - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - - stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - mm->arg_start = bprm->p + stack_base; -@@ -186,7 +194,11 @@ ia32_setup_arg_pages (struct linux_binpr - mpnt->vm_flags = VM_STACK_FLAGS; - mpnt->vm_page_prot = (mpnt->vm_flags & VM_EXEC)? - PAGE_COPY_EXEC: PAGE_COPY; -- insert_vm_struct(current->mm, mpnt); -+ if ((ret = insert_vm_struct(current->mm, mpnt))) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/arch/ia64/mm/init.c linux-dsd/arch/ia64/mm/init.c ---- linux-2.6.8-gentoo-r11/arch/ia64/mm/init.c 2004-08-14 06:36:56.000000000 +0100 -+++ linux-dsd/arch/ia64/mm/init.c 2004-12-03 01:20:32.714168144 +0000 -@@ -131,7 +131,13 @@ ia64_init_addr_space (void) - vma->vm_end = vma->vm_start + PAGE_SIZE; - vma->vm_page_prot = protection_map[VM_DATA_DEFAULT_FLAGS & 0x7]; - vma->vm_flags = VM_DATA_DEFAULT_FLAGS | VM_GROWSUP; -- insert_vm_struct(current->mm, vma); -+ down_write(¤t->mm->mmap_sem); -+ if (insert_vm_struct(current->mm, vma)) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return; -+ } -+ up_write(¤t->mm->mmap_sem); - } - - /* map NaT-page at address zero to speed up speculative dereferencing of NULL: */ -@@ -143,7 +149,13 @@ ia64_init_addr_space (void) - vma->vm_end = PAGE_SIZE; - vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT); - vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO | VM_RESERVED; -- insert_vm_struct(current->mm, vma); -+ down_write(¤t->mm->mmap_sem); -+ if (insert_vm_struct(current->mm, vma)) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return; -+ } -+ up_write(¤t->mm->mmap_sem); - } - } - } -diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/arch/s390/kernel/compat_exec.c linux-dsd/arch/s390/kernel/compat_exec.c ---- linux-2.6.8-gentoo-r11/arch/s390/kernel/compat_exec.c 2004-08-14 06:37:40.000000000 +0100 -+++ linux-dsd/arch/s390/kernel/compat_exec.c 2004-12-03 01:23:39.196818472 +0000 -@@ -39,7 +39,7 @@ int setup_arg_pages32(struct linux_binpr - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - - stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - mm->arg_start = bprm->p + stack_base; -@@ -68,7 +68,11 @@ int setup_arg_pages32(struct linux_binpr - /* executable stack setting would be applied here */ - mpnt->vm_page_prot = PAGE_COPY; - mpnt->vm_flags = VM_STACK_FLAGS; -- insert_vm_struct(mm, mpnt); -+ if ((ret = insert_vm_struct(mm, mpnt))) { -+ up_write(&mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/arch/x86_64/ia32/ia32_binfmt.c linux-dsd/arch/x86_64/ia32/ia32_binfmt.c ---- linux-2.6.8-gentoo-r11/arch/x86_64/ia32/ia32_binfmt.c 2004-08-14 06:36:12.000000000 +0100 -+++ linux-dsd/arch/x86_64/ia32/ia32_binfmt.c 2004-12-03 01:25:24.771768640 +0000 -@@ -330,7 +330,7 @@ int setup_arg_pages(struct linux_binprm - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - - stack_base = IA32_STACK_TOP - MAX_ARG_PAGES * PAGE_SIZE; - mm->arg_start = bprm->p + stack_base; -@@ -364,7 +364,11 @@ int setup_arg_pages(struct linux_binprm - mpnt->vm_flags = vm_stack_flags32; - mpnt->vm_page_prot = (mpnt->vm_flags & VM_EXEC) ? - PAGE_COPY_EXEC : PAGE_COPY; -- insert_vm_struct(mm, mpnt); -+ if ((ret = insert_vm_struct(mm, mpnt))) { -+ up_write(&mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/fs/exec.c linux-dsd/fs/exec.c ---- linux-2.6.8-gentoo-r11/fs/exec.c 2004-12-03 01:13:58.502097488 +0000 -+++ linux-dsd/fs/exec.c 2004-12-03 01:26:47.749154160 +0000 -@@ -341,7 +341,7 @@ int setup_arg_pages(struct linux_binprm - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - long arg_size; - - #ifdef CONFIG_STACK_GROWSUP -@@ -412,7 +412,6 @@ int setup_arg_pages(struct linux_binprm - - down_write(&mm->mmap_sem); - { -- struct vm_area_struct *vma; - mpnt->vm_mm = mm; - #ifdef CONFIG_STACK_GROWSUP - mpnt->vm_start = stack_base; -@@ -433,13 +432,11 @@ int setup_arg_pages(struct linux_binprm - mpnt->vm_flags = VM_STACK_FLAGS; - mpnt->vm_flags |= mm->def_flags; - mpnt->vm_page_prot = protection_map[mpnt->vm_flags & 0x7]; -- vma = find_vma(mm, mpnt->vm_start); -- if (vma) { -+ if ((ret = insert_vm_struct(mm, mpnt))) { - up_write(&mm->mmap_sem); - kmem_cache_free(vm_area_cachep, mpnt); -- return -ENOMEM; -+ return ret; - } -- insert_vm_struct(mm, mpnt); - mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; - } - -diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/include/linux/mm.h linux-dsd/include/linux/mm.h ---- linux-2.6.8-gentoo-r11/include/linux/mm.h 2004-08-14 06:36:13.000000000 +0100 -+++ linux-dsd/include/linux/mm.h 2004-12-03 01:20:32.718167536 +0000 -@@ -624,7 +624,7 @@ extern struct vm_area_struct *vma_merge( - extern struct anon_vma *find_mergeable_anon_vma(struct vm_area_struct *); - extern int split_vma(struct mm_struct *, - struct vm_area_struct *, unsigned long addr, int new_below); --extern void insert_vm_struct(struct mm_struct *, struct vm_area_struct *); -+extern int insert_vm_struct(struct mm_struct *, struct vm_area_struct *); - extern void __vma_link_rb(struct mm_struct *, struct vm_area_struct *, - struct rb_node **, struct rb_node *); - extern struct vm_area_struct *copy_vma(struct vm_area_struct **, -diff -urNp -X /usr/src/dontdiff linux-2.6.8-gentoo-r11/mm/mmap.c linux-dsd/mm/mmap.c ---- linux-2.6.8-gentoo-r11/mm/mmap.c 2004-08-14 06:37:15.000000000 +0100 -+++ linux-dsd/mm/mmap.c 2004-12-03 01:20:32.720167232 +0000 -@@ -1740,7 +1740,7 @@ void exit_mmap(struct mm_struct *mm) - * and into the inode's i_mmap tree. If vm_file is non-NULL - * then i_mmap_lock is taken here. - */ --void insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) -+int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) - { - struct vm_area_struct * __vma, * prev; - struct rb_node ** rb_link, * rb_parent; -@@ -1763,8 +1763,9 @@ void insert_vm_struct(struct mm_struct * - } - __vma = find_vma_prepare(mm,vma->vm_start,&prev,&rb_link,&rb_parent); - if (__vma && __vma->vm_start < vma->vm_end) -- BUG(); -+ return -ENOMEM; - vma_link(mm, vma, prev, rb_link, rb_parent); -+ return 0; - } - - /* |