diff options
| author |   Daniel Drake <dsd@gentoo.org> | 2005-05-18 11:23:51 +0000 |
|---|---|---|
| committer | Daniel Drake <dsd@gentoo.org> | 2005-05-18 11:23:51 +0000 |
| commit | d484842754c8610d842fae94a103c9750f73e165 (patch) | |
| tree | 3358cd73335fa60dcf1a9434f7ef612c1577c922 /sys-kernel | |
| parent | fixes 93035, versioned jar, thanks too Josh Nichols <nichoj@alum.rpi.edu> (diff) | |
| download | gentoo-2-d484842754c8610d842fae94a103c9750f73e165.tar.gz gentoo-2-d484842754c8610d842fae94a103c9750f73e165.tar.bz2 gentoo-2-d484842754c8610d842fae94a103c9750f73e165.zip | |
Remove insecure version
(Portage version: 1.589-cvs)
Diffstat (limited to 'sys-kernel')
24 files changed, 26 insertions, 2083 deletions
diff --git a/sys-kernel/win4lin-sources/ChangeLog b/sys-kernel/win4lin-sources/ChangeLog index 9c06074e9750..ec6829d66a1b 100644 --- a/sys-kernel/win4lin-sources/ChangeLog +++ b/sys-kernel/win4lin-sources/ChangeLog @@ -1,6 +1,31 @@ # ChangeLog for sys-kernel/win4lin-sources # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/win4lin-sources/ChangeLog,v 1.53 2005/05/17 12:15:40 dsd Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/win4lin-sources/ChangeLog,v 1.54 2005/05/18 11:23:50 dsd Exp $ + + 18 May 2005; Daniel Drake <dsd@gentoo.org> + -files/win4lin-sources-2.6.9.74070.patch, + -files/win4lin-sources-2.6.9.75963.patch, + -files/win4lin-sources-2.6.9.77666.patch, + -files/win4lin-sources-2.6.9.77923.patch, + -files/win4lin-sources-2.6.9.78362.patch, + -files/win4lin-sources-2.6.9.78363.patch, + -files/win4lin-sources-2.6.9.81106.patch, + -files/win4lin-sources-2.6.9.82141.patch, + -files/win4lin-sources-2.6.9.AF_UNIX.SELinux.patch, + -files/win4lin-sources-2.6.9.AF_UNIX.patch, + -files/win4lin-sources-2.6.9.CAN-2004-1016.patch, + -files/win4lin-sources-2.6.9.CAN-2004-1056.patch, + -files/win4lin-sources-2.6.9.CAN-2004-1137.patch, + -files/win4lin-sources-2.6.9.CAN-2004-1151.patch, + -files/win4lin-sources-2.6.9.binfmt_a.out.patch, + -files/win4lin-sources-2.6.9.binfmt_elf.patch, + -files/win4lin-sources-2.6.9.brk-locked.patch, + -files/win4lin-sources-2.6.9.shmLocking.patch, + -files/win4lin-sources-2.6.9.smbfs.patch, + -files/win4lin-sources-2.6.9.vma.patch, + -files/win4lin-sources-2.6.binfmt_elf.patch, + -win4lin-sources-2.6.9-r7.ebuild: + Remove insecure version *win4lin-sources-2.6.11 (17 May 2005) diff --git a/sys-kernel/win4lin-sources/files/digest-win4lin-sources-2.6.9-r7 b/sys-kernel/win4lin-sources/files/digest-win4lin-sources-2.6.9-r7 deleted file mode 100644 index 12075686996a..000000000000 --- a/sys-kernel/win4lin-sources/files/digest-win4lin-sources-2.6.9-r7 +++ /dev/null @@ -1,3 +0,0 @@ -MD5 e921200f074ca97184e150ef5a4af825 linux-2.6.9.tar.bz2 36261440 -MD5 e7710f224fc986d041c5b5dd50e619ac mki-adapter26_1_3_8.patch 127088 -MD5 f5494c6878eb693f1fa61c2022574777 Kernel-Win4Lin3-2.6.9.patch 25139 diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.74070.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.74070.patch deleted file mode 100644 index 3b4ee332f9e9..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.74070.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- linux-2.6.10/net/sunrpc/svc.c.orig 2005-01-18 03:18:08.235362992 +0000 -+++ linux-2.6.10/net/sunrpc/svc.c 2005-01-18 03:18:28.532277392 +0000 -@@ -446,7 +446,7 @@ err_bad_auth: - err_bad_prog: - #ifdef RPC_PARANOIA - if (prog != 100227 || progp->pg_prog != 100003) -- printk("svc: unknown program %d (me %d)\n", prog, progp->pg_prog); -+ printk("svc: unknown program %d (me %d)\n", prog, serv->sv_program->pg_prog); - /* else it is just a Solaris client seeing if ACLs are supported */ - #endif - serv->sv_stats->rpcbadfmt++; diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.75963.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.75963.patch deleted file mode 100644 index 80390f13bd73..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.75963.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- linux-2.6.10/security/dummy.c 2004-12-24 21:34:26.000000000 +0000 -+++ linux-2.6.10.plasmaroo/security/dummy.c 2005-01-07 20:13:50.763073872 +0000 -@@ -74,11 +74,8 @@ - - static int dummy_capable (struct task_struct *tsk, int cap) - { -- if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0) -- /* capability granted */ -+ if (cap_raised (tsk->cap_effective, cap)) - return 0; -- -- /* capability denied */ - return -EPERM; - } - -@@ -191,6 +188,8 @@ - - current->suid = current->euid = current->fsuid = bprm->e_uid; - current->sgid = current->egid = current->fsgid = bprm->e_gid; -+ -+ dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); - } - - static int dummy_bprm_set_security (struct linux_binprm *bprm) -@@ -550,6 +549,7 @@ - - static int dummy_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags) - { -+ dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); - return 0; - } - diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.77666.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.77666.patch deleted file mode 100644 index 0ba387c4e78b..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.77666.patch +++ /dev/null @@ -1,158 +0,0 @@ -(vma->vm_start - address) >> PAGE_SHIFT--- linux-2.6.9/mm/mmap.c 2005-03-16 21:06:42.000000000 +0000 -+++ linux-2.6.9-plasmaroo/mm/mmap.c 2005-03-16 21:09:26.000000000 +0000 -@@ -1316,13 +1316,57 @@ out: - return prev ? prev->vm_next : vma; - } - -+/* -+ * Verify that the stack growth is acceptable and -+ * update accounting. This is shared with both the -+ * grow-up and grow-down cases. -+ */ -+static int acct_stack_growth(struct vm_area_struct * vma, unsigned long size, unsigned long grow) -+{ -+ struct mm_struct *mm = vma->vm_mm; -+ struct rlimit *rlim = current->rlim; -+ -+ /* address space limit tests */ -+ rlim = current->rlim; -+ if (mm->total_vm + grow > rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT) -+ return -ENOMEM; -+ -+ /* Stack limit test */ -+ if (size > rlim[RLIMIT_STACK].rlim_cur) -+ return -ENOMEM; -+ -+ /* mlock limit tests */ -+ if (vma->vm_flags & VM_LOCKED) { -+ unsigned long locked; -+ unsigned long limit; -+ locked = mm->locked_vm + grow; -+ limit = rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT; -+ if (locked > limit && !capable(CAP_IPC_LOCK)) -+ return -ENOMEM; -+ } -+ -+ /* -+ * Overcommit.. This must be the final test, as it will -+ * update security statistics. -+ */ -+ if (security_vm_enough_memory(grow)) -+ return -ENOMEM; -+ -+ /* Ok, everything looks good - let it rip */ -+ mm->total_vm += grow; -+ if (vma->vm_flags & VM_LOCKED) -+ mm->locked_vm += grow; -+ __vm_stat_account(mm, vma->vm_flags, vma->vm_file, grow); -+ return 0; -+} -+ - #ifdef CONFIG_STACK_GROWSUP - /* - * vma is the first one with address > vma->vm_end. Have to extend vma. - */ - int expand_stack(struct vm_area_struct * vma, unsigned long address) - { -- unsigned long grow; -+ int error; - - if (!(vma->vm_flags & VM_GROWSUP)) - return -EFAULT; -@@ -1342,28 +1386,24 @@ int expand_stack(struct vm_area_struct * - */ - address += 4 + PAGE_SIZE - 1; - address &= PAGE_MASK; -- grow = (address - vma->vm_end) >> PAGE_SHIFT; -+ error = 0; - -- /* Overcommit.. */ -- if (security_vm_enough_memory(grow)) { -- anon_vma_unlock(vma); -- return -ENOMEM; -- } -- -- if (address - vma->vm_start > current->rlim[RLIMIT_STACK].rlim_cur || -- ((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > -- current->rlim[RLIMIT_AS].rlim_cur) { -- anon_vma_unlock(vma); -- vm_unacct_memory(grow); -- return -ENOMEM; -+ /* Somebody else might have raced and expanded it already */ -+ if (address > vma->vm_end) { -+ unsigned long size, grow; -+ -+ size = address - vma->vm_start; -+ grow = (address - vma->vm_end) >> PAGE_SHIFT; -+ -+ error = acct_stack_growth(vma, size, grow); -+ if (!error) -+ vma->vm_end = address; - } -- vma->vm_end = address; -- vma->vm_mm->total_vm += grow; -- if (vma->vm_flags & VM_LOCKED) -- vma->vm_mm->locked_vm += grow; -+ error = acct_stack_growth(vma, size, grow); -+ if (!error) -+ vma->vm_end = address; -- __vm_stat_account(vma->vm_mm, vma->vm_flags, vma->vm_file, grow); - anon_vma_unlock(vma); -- return 0; -+ return error; - } - - struct vm_area_struct * -@@ -1395,7 +1436,7 @@ find_extend_vma(struct mm_struct *mm, un - */ - int expand_stack(struct vm_area_struct *vma, unsigned long address) - { -- unsigned long grow; -+ int error; - - /* - * We must make sure the anon_vma is allocated -@@ -1411,29 +1452,23 @@ int expand_stack(struct vm_area_struct * - * anon_vma lock to serialize against concurrent expand_stacks. - */ - address &= PAGE_MASK; -- grow = (vma->vm_start - address) >> PAGE_SHIFT; -+ error = 0; - -- /* Overcommit.. */ -- if (security_vm_enough_memory(grow)) { -- anon_vma_unlock(vma); -- return -ENOMEM; -- } -- -- if (vma->vm_end - address > current->rlim[RLIMIT_STACK].rlim_cur || -- ((vma->vm_mm->total_vm + grow) << PAGE_SHIFT) > -- current->rlim[RLIMIT_AS].rlim_cur) { -- anon_vma_unlock(vma); -- vm_unacct_memory(grow); -- return -ENOMEM; -+ /* Somebody else might have raced and expanded it already */ -+ if (address < vma->vm_start) { -+ unsigned long size, grow; -+ -+ size = vma->vm_end - address; -+ grow = (vma->vm_start - address) >> PAGE_SHIFT; -+ -+ error = acct_stack_growth(vma, size, grow); -+ if (!error) { -+ vma->vm_start = address; -+ vma->vm_pgoff -= grow; -+ } - } -- vma->vm_start = address; -- vma->vm_pgoff -= grow; -- vma->vm_mm->total_vm += grow; -- if (vma->vm_flags & VM_LOCKED) -- vma->vm_mm->locked_vm += grow; -- __vm_stat_account(vma->vm_mm, vma->vm_flags, vma->vm_file, grow); - anon_vma_unlock(vma); -- return 0; -+ return error; - } - - struct vm_area_struct * diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.77923.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.77923.patch deleted file mode 100644 index 30bed5b3fb0e..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.77923.patch +++ /dev/null @@ -1,31 +0,0 @@ -# ChangeSet -# 2005/01/04 15:57:25-08:00 brugolsky@telemetry-investments.com. -# [PATCH] NFS client O_DIRECT error case fix -# -# The NFS direct-io error return path for request sizes greater than -# MAX_DIRECTIO_SIZE fails to initialize the returned page struct array -# pointer to NULL. -# -# Discovered using AKPM's ext3-tools: odwrite -ko 0 16385 foo -# -# Signed-off-by: Bill Rugolsky <brugolsky@telemetry-investments.com> -# Signed-off-by: Linus Torvalds <torvalds@osdl.org> -# -# fs/nfs/direct.c -# 2005/01/04 13:55:37-08:00 brugolsky@telemetry-investments.com +3 -1 -# NFS client O_DIRECT error case fix -# -diff -Nru linux-2.6.10/fs/nfs/direct.c linux-2.6.10.plasmaroo/fs/nfs/direct.c ---- linux-2.6.10/fs/nfs/direct.c 2005-01-11 21:28:34 +01:00 -+++ linux-2.6.10.plasmaroo/fs/nfs/direct.c 2005-01-11 21:28:34 +01:00 -@@ -73,7 +73,10 @@ - - /* set an arbitrary limit to prevent arithmetic overflow */ - if (size > MAX_DIRECTIO_SIZE) -+ { -+ *pages = NULL; - return -EFBIG; -+ } - - page_count = (user_addr + size + PAGE_SIZE - 1) >> PAGE_SHIFT; - page_count -= user_addr >> PAGE_SHIFT; diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.78362.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.78362.patch deleted file mode 100644 index 77d32c3cc035..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.78362.patch +++ /dev/null @@ -1,73 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/12/08 13:03:03-08:00 davem@nuts.davemloft.net -# [NET]: CMSG compat code needs signedness fixes too. -# -# Signed-off-by: David S. Miller <davem@davemloft.net> -# -# net/compat.c -# 2004/12/08 13:02:32-08:00 davem@nuts.davemloft.net +7 -5 -# [NET]: CMSG compat code needs signedness fixes too. -# -# ChangeSet -# 2004/12/10 09:52:42-08:00 torvalds@ppc970.osdl.org -# Make sure VC resizing fits in s16. -# -# Noted by Georgi Guninski -# -# drivers/char/vt.c -# 2004/12/10 09:52:35-08:00 torvalds@ppc970.osdl.org +5 -0 -# Make sure VC resizing fits in s16. -# -diff -Nru a/net/compat.c b/net/compat.c ---- a/net/compat.c 2005-02-15 11:46:30 -08:00 -+++ b/net/compat.c 2005-02-15 11:46:30 -08:00 -@@ -124,6 +124,12 @@ - (struct compat_cmsghdr __user *)((msg)->msg_control) : \ - (struct compat_cmsghdr __user *)NULL) - -+#define CMSG_COMPAT_OK(ucmlen, ucmsg, mhdr) \ -+ ((ucmlen) >= sizeof(struct cmsghdr) && \ -+ (ucmlen) <= (unsigned long) \ -+ ((mhdr)->msg_controllen - \ -+ ((char *)(ucmsg) - (char *)(mhdr)->msg_control))) -+ - static inline struct compat_cmsghdr __user *cmsg_compat_nxthdr(struct msghdr *msg, - struct compat_cmsghdr __user *cmsg, int cmsg_len) - { -@@ -154,11 +160,7 @@ - return -EFAULT; - - /* Catch bogons. */ -- if(CMSG_COMPAT_ALIGN(ucmlen) < -- CMSG_COMPAT_ALIGN(sizeof(struct compat_cmsghdr))) -- return -EINVAL; -- if((unsigned long)(((char __user *)ucmsg - (char __user *)kmsg->msg_control) -- + ucmlen) > kmsg->msg_controllen) -+ if (!CMSG_COMPAT_OK(ucmlen, ucmsg, kmsg)) - return -EINVAL; - - tmp = ((ucmlen - CMSG_COMPAT_ALIGN(sizeof(*ucmsg))) + -diff -Nru a/drivers/char/vt.c b/drivers/char/vt.c ---- a/drivers/char/vt.c 2005-02-15 11:46:59 -08:00 -+++ b/drivers/char/vt.c 2005-02-15 11:46:59 -08:00 -@@ -768,6 +768,8 @@ - * [this is to be used together with some user program - * like resize that changes the hardware videomode] - */ -+#define VC_RESIZE_MAXCOL (32767) -+#define VC_RESIZE_MAXROW (32767) - int vc_resize(int currcons, unsigned int cols, unsigned int lines) - { - unsigned long old_origin, new_origin, new_scr_end, rlth, rrem, err = 0; -@@ -779,6 +781,9 @@ - - if (!vc_cons_allocated(currcons)) - return -ENXIO; -+ -+ if (cols > VC_RESIZE_MAXCOL || lines > VC_RESIZE_MAXROW) -+ return -EINVAL; - - new_cols = (cols ? cols : video_num_columns); - new_rows = (lines ? lines : video_num_lines); diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.78363.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.78363.patch deleted file mode 100644 index 852807ddc96f..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.78363.patch +++ /dev/null @@ -1,29 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/12/08 12:39:15-08:00 davem@nuts.davemloft.net -# [IPV4]: Do not leak IP options. -# -# If the user makes ip_cmsg_send call ip_options_get -# multiple times, we leak kmalloced IP options data. -# -# Noticed by Georgi Guninski. -# -# Signed-off-by: David S. Miller <davem@davemloft.net> -# -# net/ipv4/ip_options.c -# 2004/12/08 12:38:09-08:00 davem@nuts.davemloft.net +2 -0 -# [IPV4]: Do not leak IP options. -# -diff -Nru a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c ---- a/net/ipv4/ip_options.c 2005-02-15 11:47:16 -08:00 -+++ b/net/ipv4/ip_options.c 2005-02-15 11:47:16 -08:00 -@@ -515,6 +515,8 @@ - kfree(opt); - return -EINVAL; - } -+ if (*optp) -+ kfree(*optp); - *optp = opt; - return 0; - } diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.81106.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.81106.patch deleted file mode 100644 index 44abcbca1ac0..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.81106.patch +++ /dev/null @@ -1,32 +0,0 @@ -# ChangeSet -# 2005/01/25 10:10:51+00:00 aia21@cantab.net -# NTFS: Add printk rate limiting for ntfs_warning() and ntfs_error() when -# compiled without debug. This avoids a possible denial of service -# attack. Thanks to Carl-Daniel Hailfinger from SuSE for pointing this -# out. -# -diff -Nru a/fs/ntfs/debug.c b/fs/ntfs/debug.c ---- a/fs/ntfs/debug.c 2005-02-15 12:38:26 -08:00 -+++ b/fs/ntfs/debug.c 2005-02-15 12:38:26 -08:00 -@@ -53,6 +53,10 @@ - va_list args; - int flen = 0; - -+#ifndef DEBUG -+ if (!printk_ratelimit()) -+ return; -+#endif - if (function) - flen = strlen(function); - spin_lock(&err_buf_lock); -@@ -93,6 +97,10 @@ - va_list args; - int flen = 0; - -+#ifndef DEBUG -+ if (!printk_ratelimit()) -+ return; -+#endif - if (function) - flen = strlen(function); - spin_lock(&err_buf_lock); diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.82141.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.82141.patch deleted file mode 100644 index b4a02f7871fb..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.82141.patch +++ /dev/null @@ -1,191 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2005/02/02 17:41:06-08:00 guninski@guninski.com -# [PATCH] Fix sign checks in copy_from_read_buf() -# -# Fix signedness and remove the now unnecessary cast. -# -# Acked-by: Marcelo Tosatti <marcelo.tosatti@cyclades.com> -# Signed-off-by: Linus Torvalds <torvalds@osdl.org> -# -# drivers/char/n_tty.c -# 2005/01/30 07:56:05-08:00 guninski@guninski.com +2 -2 -# Fix sign checks in copy_from_read_buf() -# -# ChangeSet -# 2005/02/02 17:42:38-08:00 guninski@guninski.com -# [PATCH] Fix signed compare in fs/proc/generic.c::proc_file_read() -# -# Acked-by: Marcelo Tosatti <marcelo.tosatti@cyclades.com> -# Signed-off-by: Linus Torvalds <torvalds@osdl.org> -# -# fs/proc/generic.c -# 2005/01/30 07:58:00-08:00 guninski@guninski.com +1 -1 -# Fix signed compare in fs/proc/generic.c::proc_file_read() -# -# ChangeSet -# 2005/02/02 17:45:11-08:00 guninski@guninski.com -# [PATCH] reiserfs: use proper 64-bit clean types -# -# reiserfs_file_write() casts its (size_t) count parameter to int, which can become -# a problem on 64-bit architectures -# -# This attempts to fix this by changing the variables dealing with count -# and offset and the "min_t" comparisons to use "size_t" through-out. -# -# Acked-by: Marcelo Tosatti <marcelo.tosatti@cyclades.com> -# Signed-off-by: Linus Torvalds <torvalds@osdl.org> -# -# fs/reiserfs/file.c -# 2005/01/26 07:28:12-08:00 guninski@guninski.com +11 -12 -# reiserfs: use proper 64-bit clean types -# -# ChangeSet -# 2005/02/08 07:59:56-08:00 torvalds@ppc970.osdl.org -# Fix ATM copy-to-user usage. -# -# More of the Guninski "copy_to_user() takes a size_t" series. -# -# net/atm/addr.c -# 2005/02/08 07:59:48-08:00 torvalds@ppc970.osdl.org +1 -1 -# Fix ATM copy-to-user usage. -# -# More of the Guninski "copy_to_user() takes a size_t" series. -# -# net/atm/addr.h -# 2005/02/08 07:59:48-08:00 torvalds@ppc970.osdl.org +1 -1 -# Fix ATM copy-to-user usage. -# -# More of the Guninski "copy_to_user() takes a size_t" series. -# -diff -Nru a/drivers/char/n_tty.c b/drivers/char/n_tty.c ---- a/drivers/char/n_tty.c 2005-02-15 11:56:06 -08:00 -+++ b/drivers/char/n_tty.c 2005-02-15 11:56:06 -08:00 -@@ -1143,13 +1143,13 @@ - - { - int retval; -- ssize_t n; -+ size_t n; - unsigned long flags; - - retval = 0; - spin_lock_irqsave(&tty->read_lock, flags); - n = min(tty->read_cnt, N_TTY_BUF_SIZE - tty->read_tail); -- n = min((ssize_t)*nr, n); -+ n = min(*nr, n); - spin_unlock_irqrestore(&tty->read_lock, flags); - if (n) { - mb(); -diff -Nru a/fs/proc/generic.c b/fs/proc/generic.c ---- a/fs/proc/generic.c 2005-02-15 11:55:35 -08:00 -+++ b/fs/proc/generic.c 2005-02-15 11:55:35 -08:00 -@@ -60,7 +60,7 @@ - return -ENOMEM; - - while ((nbytes > 0) && !eof) { -- count = min_t(ssize_t, PROC_BLOCK_SIZE, nbytes); -+ count = min_t(size_t, PROC_BLOCK_SIZE, nbytes); - - start = NULL; - if (dp->get_info) { -diff -Nru a/fs/reiserfs/file.c b/fs/reiserfs/file.c ---- a/fs/reiserfs/file.c 2005-02-15 11:56:07 -08:00 -+++ b/fs/reiserfs/file.c 2005-02-15 11:56:07 -08:00 -@@ -588,7 +588,7 @@ - - /* Unlock pages prepared by reiserfs_prepare_file_region_for_write */ - void reiserfs_unprepare_pages(struct page **prepared_pages, /* list of locked pages */ -- int num_pages /* amount of pages */) { -+ size_t num_pages /* amount of pages */) { - int i; // loop counter - - for (i=0; i < num_pages ; i++) { -@@ -619,7 +619,7 @@ - int offset; // offset in page - - for ( i = 0, offset = (pos & (PAGE_CACHE_SIZE-1)); i < num_pages ; i++,offset=0) { -- int count = min_t(int,PAGE_CACHE_SIZE-offset,write_bytes); // How much of bytes to write to this page -+ size_t count = min_t(size_t,PAGE_CACHE_SIZE-offset,write_bytes); // How much of bytes to write to this page - struct page *page=prepared_pages[i]; // Current page we process. - - fault_in_pages_readable( buf, count); -@@ -718,8 +718,8 @@ - struct reiserfs_transaction_handle *th, - struct inode *inode, - loff_t pos, /* Writing position offset */ -- int num_pages, /* Number of pages to write */ -- int write_bytes, /* number of bytes to write */ -+ size_t num_pages, /* Number of pages to write */ -+ size_t write_bytes, /* number of bytes to write */ - struct page **prepared_pages /* list of pages */ - ) - { -@@ -854,9 +854,9 @@ - static int reiserfs_prepare_file_region_for_write( - struct inode *inode /* Inode of the file */, - loff_t pos, /* position in the file */ -- int num_pages, /* number of pages to -+ size_t num_pages, /* number of pages to - prepare */ -- int write_bytes, /* Amount of bytes to be -+ size_t write_bytes, /* Amount of bytes to be - overwritten from - @pos */ - struct page **prepared_pages /* pointer to array -@@ -1252,10 +1252,9 @@ - while ( count > 0) { - /* This is the main loop in which we running until some error occures - or until we write all of the data. */ -- int num_pages;/* amount of pages we are going to write this iteration */ -- int write_bytes; /* amount of bytes to write during this iteration */ -- int blocks_to_allocate; /* how much blocks we need to allocate for -- this iteration */ -+ size_t num_pages;/* amount of pages we are going to write this iteration */ -+ size_t write_bytes; /* amount of bytes to write during this iteration */ -+ size_t blocks_to_allocate; /* how much blocks we need to allocate for this iteration */ - - /* (pos & (PAGE_CACHE_SIZE-1)) is an idiom for offset into a page of pos*/ - num_pages = !!((pos+count) & (PAGE_CACHE_SIZE - 1)) + /* round up partial -@@ -1269,7 +1268,7 @@ - /* If we were asked to write more data than we want to or if there - is not that much space, then we shorten amount of data to write - for this iteration. */ -- num_pages = min_t(int, REISERFS_WRITE_PAGES_AT_A_TIME, reiserfs_can_fit_pages(inode->i_sb)); -+ num_pages = min_t(size_t, REISERFS_WRITE_PAGES_AT_A_TIME, reiserfs_can_fit_pages(inode->i_sb)); - /* Also we should not forget to set size in bytes accordingly */ - write_bytes = (num_pages << PAGE_CACHE_SHIFT) - - (pos & (PAGE_CACHE_SIZE-1)); -@@ -1295,7 +1294,7 @@ - // But overwriting files on absolutelly full volumes would not - // be very efficient. Well, people are not supposed to fill - // 100% of disk space anyway. -- write_bytes = min_t(int, count, inode->i_sb->s_blocksize - (pos & (inode->i_sb->s_blocksize - 1))); -+ write_bytes = min_t(size_t, count, inode->i_sb->s_blocksize - (pos & (inode->i_sb->s_blocksize - 1))); - num_pages = 1; - // No blocks were claimed before, so do it now. - reiserfs_claim_blocks_to_be_allocated(inode->i_sb, 1 << (PAGE_CACHE_SHIFT - inode->i_blkbits)); -diff -Nru a/net/atm/addr.c b/net/atm/addr.c ---- a/net/atm/addr.c 2005-02-15 11:56:16 -08:00 -+++ b/net/atm/addr.c 2005-02-15 11:56:16 -08:00 -@@ -114,7 +114,7 @@ - } - - --int atm_get_addr(struct atm_dev *dev,struct sockaddr_atmsvc __user *buf,int size) -+int atm_get_addr(struct atm_dev *dev,struct sockaddr_atmsvc __user *buf,size_t size) - { - unsigned long flags; - struct atm_dev_addr *walk; -diff -Nru a/net/atm/addr.h b/net/atm/addr.h ---- a/net/atm/addr.h 2005-02-15 11:56:16 -08:00 -+++ b/net/atm/addr.h 2005-02-15 11:56:16 -08:00 -@@ -13,6 +13,6 @@ - void atm_reset_addr(struct atm_dev *dev); - int atm_add_addr(struct atm_dev *dev,struct sockaddr_atmsvc *addr); - int atm_del_addr(struct atm_dev *dev,struct sockaddr_atmsvc *addr); --int atm_get_addr(struct atm_dev *dev,struct sockaddr_atmsvc __user *buf,int size); -+int atm_get_addr(struct atm_dev *dev,struct sockaddr_atmsvc __user *buf,size_t size); - - #endif diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.AF_UNIX.SELinux.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.AF_UNIX.SELinux.patch deleted file mode 100644 index dbb8b2329a28..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.AF_UNIX.SELinux.patch +++ /dev/null @@ -1,61 +0,0 @@ ---- a/net/unix/af_unix.c 2004-10-18 22:54:37.000000000 +0100 -+++ b/net/unix/af_unix.c 2004-12-19 18:33:12.000000000 +0000 -@@ -477,6 +477,8 @@ - struct msghdr *, size_t, int); - static int unix_dgram_connect(struct socket *, struct sockaddr *, - int, int); -+static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *, -+ struct msghdr *, size_t); - - static struct proto_ops unix_stream_ops = { - .family = PF_UNIX, -@@ -535,7 +537,7 @@ - .shutdown = unix_shutdown, - .setsockopt = sock_no_setsockopt, - .getsockopt = sock_no_getsockopt, -- .sendmsg = unix_dgram_sendmsg, -+ .sendmsg = unix_seqpacket_sendmsg, - .recvmsg = unix_dgram_recvmsg, - .mmap = sock_no_mmap, - .sendpage = sock_no_sendpage, -@@ -1365,9 +1367,11 @@ - if (other->sk_shutdown & RCV_SHUTDOWN) - goto out_unlock; - -- err = security_unix_may_send(sk->sk_socket, other->sk_socket); -- if (err) -- goto out_unlock; -+ if (sk->sk_type != SOCK_SEQPACKET) { -+ err = security_unix_may_send(sk->sk_socket, other->sk_socket); -+ if (err) -+ goto out_unlock; -+ } - - if (unix_peer(other) != sk && - (skb_queue_len(&other->sk_receive_queue) > -@@ -1517,6 +1521,25 @@ - return sent ? : err; - } - -+static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock, -+ struct msghdr *msg, size_t len) -+{ -+ int err; -+ struct sock *sk = sock->sk; -+ -+ err = sock_error(sk); -+ if (err) -+ return err; -+ -+ if (sk->sk_state != TCP_ESTABLISHED) -+ return -ENOTCONN; -+ -+ if (msg->msg_namelen) -+ msg->msg_namelen = 0; -+ -+ return unix_dgram_sendmsg(kiocb, sock, msg, len); -+} -+ - static void unix_copy_addr(struct msghdr *msg, struct sock *sk) - { - struct unix_sock *u = unix_sk(sk); diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.AF_UNIX.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.AF_UNIX.patch deleted file mode 100644 index a95e94fd9362..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.AF_UNIX.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- linux-2.6.9/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00 -+++ linux-2.6.9.plasmaroo/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00 -@@ -1535,9 +1535,11 @@ - - msg->msg_namelen = 0; - -+ down(&u->readsem); -+ - skb = skb_recv_datagram(sk, flags, noblock, &err); - if (!skb) -- goto out; -+ goto out_unlock; - - wake_up_interruptible(&u->peer_wait); - -@@ -1587,6 +1589,8 @@ - - out_free: - skb_free_datagram(sk,skb); -+out_unlock: -+ up(&u->readsem); - out: - return err; - } diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1016.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1016.patch deleted file mode 100644 index aa25ac95ed61..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1016.patch +++ /dev/null @@ -1,75 +0,0 @@ -===== include/linux/socket.h 1.12 vs edited ===== ---- 1.12/include/linux/socket.h 2004-09-09 06:40:01 +10:00 -+++ edited/include/linux/socket.h 2004-11-27 11:53:40 +11:00 -@@ -90,6 +90,10 @@ - (struct cmsghdr *)(ctl) : \ - (struct cmsghdr *)NULL) - #define CMSG_FIRSTHDR(msg) __CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen) -+#define CMSG_OK(mhdr, cmsg) ((cmsg)->cmsg_len >= sizeof(struct cmsghdr) && \ -+ (cmsg)->cmsg_len <= (unsigned long) \ -+ ((mhdr)->msg_controllen - \ -+ ((char *)(cmsg) - (char *)(mhdr)->msg_control))) - - /* - * This mess will go away with glibc -===== net/core/scm.c 1.10 vs edited ===== ---- 1.10/net/core/scm.c 2004-05-31 05:08:14 +10:00 -+++ edited/net/core/scm.c 2004-11-27 11:48:55 +11:00 -@@ -127,9 +127,7 @@ - for too short ancillary data object at all! Oops. - OK, let's add it... - */ -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) -+ if (!CMSG_OK(msg, cmsg)) - goto error; - - if (cmsg->cmsg_level != SOL_SOCKET) -===== net/ipv4/ip_sockglue.c 1.26 vs edited ===== ---- 1.26/net/ipv4/ip_sockglue.c 2004-07-01 06:10:53 +10:00 -+++ edited/net/ipv4/ip_sockglue.c 2004-11-27 11:49:45 +11:00 -@@ -146,11 +146,8 @@ - struct cmsghdr *cmsg; - - for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) - return -EINVAL; -- } - if (cmsg->cmsg_level != SOL_IP) - continue; - switch (cmsg->cmsg_type) { -===== net/ipv6/datagram.c 1.20 vs edited ===== ---- 1.20/net/ipv6/datagram.c 2004-11-10 17:57:03 +11:00 -+++ edited/net/ipv6/datagram.c 2004-11-27 11:51:15 +11:00 -@@ -427,9 +427,7 @@ - int addr_type; - struct net_device *dev = NULL; - -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) { - err = -EINVAL; - goto exit_f; - } -===== net/sctp/socket.c 1.129 vs edited ===== ---- 1.129/net/sctp/socket.c 2004-11-19 08:43:18 +11:00 -+++ edited/net/sctp/socket.c 2004-11-27 11:52:11 +11:00 -@@ -4098,12 +4098,8 @@ - for (cmsg = CMSG_FIRSTHDR(msg); - cmsg != NULL; - cmsg = CMSG_NXTHDR((struct msghdr*)msg, cmsg)) { -- /* Check for minimum length. The SCM code has this check. */ -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) - return -EINVAL; -- } - - /* Should we parse this header or ignore? */ - if (cmsg->cmsg_level != IPPROTO_SCTP) diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1056.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1056.patch deleted file mode 100644 index cd8d7af324c2..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1056.patch +++ /dev/null @@ -1,268 +0,0 @@ -diff -ur linux-2.6.9/drivers/char/drm/i810_dma.c linux-2.6.9.drm.plasmaroo/drivers/char/drm/i810_dma.c ---- linux-2.6.9/drivers/char/drm/i810_dma.c 2004-10-18 22:53:46.000000000 +0100 -+++ linux-2.6.9.drm.plasmaroo/drivers/char/drm/i810_dma.c 2004-12-19 22:46:33.317446112 +0000 -@@ -1030,10 +1030,7 @@ - drm_file_t *priv = filp->private_data; - drm_device_t *dev = priv->dev; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_flush_ioctl called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - i810_flush_queue(dev); - return 0; -@@ -1055,10 +1052,7 @@ - if (copy_from_user(&vertex, (drm_i810_vertex_t __user *)arg, sizeof(vertex))) - return -EFAULT; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma_vertex called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - DRM_DEBUG("i810 dma vertex, idx %d used %d discard %d\n", - vertex.idx, vertex.used, vertex.discard); -@@ -1090,10 +1084,7 @@ - if (copy_from_user(&clear, (drm_i810_clear_t __user *)arg, sizeof(clear))) - return -EFAULT; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_clear_bufs called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - /* GH: Someone's doing nasty things... */ - if (!dev->dev_private) { -@@ -1114,10 +1105,8 @@ - - DRM_DEBUG("i810_swap_bufs\n"); - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_swap_buf called without lock held\n"); -- return -EINVAL; -- } -+ -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - i810_dma_dispatch_swap( dev ); - return 0; -@@ -1152,10 +1141,7 @@ - if (copy_from_user(&d, (drm_i810_dma_t __user *)arg, sizeof(d))) - return -EFAULT; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - d.granted = 0; - -@@ -1266,10 +1252,7 @@ - return -EFAULT; - - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma_mc called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if (mc.idx >= dma->buf_count || mc.idx < 0) - return -EINVAL; -@@ -1317,10 +1300,7 @@ - drm_device_t *dev = priv->dev; - drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_fstatus called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - return I810_READ(0x30008); - } - -@@ -1331,10 +1311,7 @@ - drm_device_t *dev = priv->dev; - drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_ov0_flip called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - //Tell the overlay to update - I810_WRITE(0x30000,dev_priv->overlay_physical | 0x80000000); -@@ -1376,10 +1353,7 @@ - - DRM_DEBUG("%s\n", __FUNCTION__); - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_flip_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if (!dev_priv->page_flipping) - i810_do_init_pageflip( dev ); -diff -ur linux-2.6.9/drivers/char/drm/i830_dma.c linux-2.6.9.drm.plasmaroo/drivers/char/drm/i830_dma.c ---- linux-2.6.9/drivers/char/drm/i830_dma.c 2004-10-18 22:53:12.000000000 +0100 -+++ linux-2.6.9.drm.plasmaroo/drivers/char/drm/i830_dma.c 2004-12-19 22:46:33.319445808 +0000 -@@ -1319,10 +1319,7 @@ - drm_file_t *priv = filp->private_data; - drm_device_t *dev = priv->dev; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_flush_ioctl called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - i830_flush_queue(dev); - return 0; -@@ -1343,10 +1340,7 @@ - if (copy_from_user(&vertex, (drm_i830_vertex_t __user *)arg, sizeof(vertex))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_dma_vertex called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - DRM_DEBUG("i830 dma vertex, idx %d used %d discard %d\n", - vertex.idx, vertex.used, vertex.discard); -@@ -1373,10 +1367,7 @@ - if (copy_from_user(&clear, (drm_i830_clear_t __user *)arg, sizeof(clear))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_clear_bufs called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - /* GH: Someone's doing nasty things... */ - if (!dev->dev_private) { -@@ -1398,10 +1389,7 @@ - - DRM_DEBUG("i830_swap_bufs\n"); - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_swap_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - i830_dma_dispatch_swap( dev ); - return 0; -@@ -1442,10 +1430,7 @@ - - DRM_DEBUG("%s\n", __FUNCTION__); - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_flip_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if (!dev_priv->page_flipping) - i830_do_init_pageflip( dev ); -@@ -1484,10 +1469,7 @@ - if (copy_from_user(&d, (drm_i830_dma_t __user *)arg, sizeof(d))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - d.granted = 0; - -diff -ur linux-2.6.9/drivers/char/drm/i830_irq.c linux-2.6.9.drm.plasmaroo/drivers/char/drm/i830_irq.c ---- linux-2.6.9/drivers/char/drm/i830_irq.c 2004-10-18 22:54:54.000000000 +0100 -+++ linux-2.6.9.drm.plasmaroo/drivers/char/drm/i830_irq.c 2004-12-19 22:46:33.320445656 +0000 -@@ -129,10 +129,7 @@ - drm_i830_irq_emit_t emit; - int result; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_irq_emit called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if ( !dev_priv ) { - DRM_ERROR( "%s called with no initialization\n", __FUNCTION__ ); -diff -ur linux-2.6.9/drivers/char/drm/i915_dma.c linux-2.6.9.drm.plasmaroo/drivers/char/drm/i915_dma.c ---- linux-2.6.9/drivers/char/drm/i915_dma.c 2004-10-18 22:53:51.000000000 +0100 -+++ linux-2.6.9.drm.plasmaroo/drivers/char/drm/i915_dma.c 2004-12-19 22:46:33.321445504 +0000 -@@ -545,10 +545,7 @@ - { - DRM_DEVICE; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i915_flush_ioctl called without lock held\n"); -- return DRM_ERR(EINVAL); -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - return i915_quiescent(dev); - } -@@ -574,10 +571,7 @@ - DRM_DEBUG("i915 batchbuffer, start %x used %d cliprects %d\n", - batch.start, batch.used, batch.num_cliprects); - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i915_batchbuffer called without lock held\n"); -- return DRM_ERR(EINVAL); -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if (batch.num_cliprects && DRM_VERIFYAREA_READ(batch.cliprects, - batch.num_cliprects * -@@ -606,10 +600,7 @@ - DRM_DEBUG("i915 cmdbuffer, buf %p sz %d cliprects %d\n", - cmdbuf.buf, cmdbuf.sz, cmdbuf.num_cliprects); - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i915_cmdbuffer called without lock held\n"); -- return DRM_ERR(EINVAL); -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if (cmdbuf.num_cliprects && - DRM_VERIFYAREA_READ(cmdbuf.cliprects, -@@ -645,10 +636,7 @@ - DRM_DEVICE; - - DRM_DEBUG("%s\n", __FUNCTION__); -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i915_flip_buf called without lock held\n"); -- return DRM_ERR(EINVAL); -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - return i915_dispatch_flip(dev); - } -diff -ur linux-2.6.9/drivers/char/drm/i915_irq.c linux-2.6.9.drm.plasmaroo/drivers/char/drm/i915_irq.c ---- linux-2.6.9/drivers/char/drm/i915_irq.c 2004-10-18 22:53:51.000000000 +0100 -+++ linux-2.6.9.drm.plasmaroo/drivers/char/drm/i915_irq.c 2004-12-19 22:46:33.321445504 +0000 -@@ -92,10 +92,7 @@ - drm_i915_irq_emit_t emit; - int result; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i915_irq_emit called without lock held\n"); -- return DRM_ERR(EINVAL); -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if (!dev_priv) { - DRM_ERROR("%s called with no initialization\n", __FUNCTION__); diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1137.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1137.patch deleted file mode 100644 index 0a54680f6f4b..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1137.patch +++ /dev/null @@ -1,77 +0,0 @@ -# ChangeSet -# 2004/12/14 11:06:25-08:00 chrisw@osdl.org -# [IPV4/IPV6]: IGMP source filter fixes -# -# When adding or deleting from the source list make sure to find matches -# by comparing against the new source address, not the group address. -# Also, check each addr in the list rather than just the first one. -# And, finally, only delete from list when there's a match rather than -# vice-versa. Drop the effort to keep list sorted, since it's not done -# on full-state api and can create an sl_addr entry that the delta api -# won't be able to delete. Without these fixes sl_count can be corrupted -# which can allow for kernel memory corruption. -# -# Signed-off-by: Chris Wright <chrisw@osdl.org> -# Signed-off-by: David S. Miller <davem@davemloft.net> -# -diff -Nru a/net/ipv4/igmp.c b/net/ipv4/igmp.c ---- a/net/ipv4/igmp.c 2004-12-20 11:32:15 -08:00 -+++ b/net/ipv4/igmp.c 2004-12-20 11:32:15 -08:00 -@@ -1778,12 +1778,12 @@ - goto done; - rv = !0; - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, -+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, - sizeof(__u32)); -- if (rv >= 0) -+ if (rv == 0) - break; - } -- if (!rv) /* source not found */ -+ if (rv) /* source not found */ - goto done; - - /* update the interface filter */ -@@ -1825,9 +1825,9 @@ - } - rv = 1; /* > 0 for insert logic below if sl_count is 0 */ - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, -+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, - sizeof(__u32)); -- if (rv >= 0) -+ if (rv == 0) - break; - } - if (rv == 0) /* address already there is an error */ -diff -Nru a/net/ipv6/mcast.c b/net/ipv6/mcast.c ---- a/net/ipv6/mcast.c 2004-12-20 11:32:15 -08:00 -+++ b/net/ipv6/mcast.c 2004-12-20 11:32:15 -08:00 -@@ -391,12 +391,12 @@ - goto done; - rv = !0; - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, group, -+ rv = memcmp(&psl->sl_addr[i], source, - sizeof(struct in6_addr)); -- if (rv >= 0) -+ if (rv == 0) - break; - } -- if (!rv) /* source not found */ -+ if (rv) /* source not found */ - goto done; - - /* update the interface filter */ -@@ -437,8 +437,8 @@ - } - rv = 1; /* > 0 for insert logic below if sl_count is 0 */ - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, group, sizeof(struct in6_addr)); -- if (rv >= 0) -+ rv = memcmp(&psl->sl_addr[i], source, sizeof(struct in6_addr)); -+ if (rv == 0) - break; - } - if (rv == 0) /* address already there is an error */ diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1151.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1151.patch deleted file mode 100644 index fc4289e4f444..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.CAN-2004-1151.patch +++ /dev/null @@ -1,35 +0,0 @@ ---- 1.74/arch/x86_64/ia32/sys_ia32.c 2004-12-19 10:58:02 -08:00 -+++ 1.75/arch/x86_64/ia32/sys_ia32.c 2004-12-19 10:58:02 -08:00 -@@ -525,11 +525,12 @@ - int sys32_ni_syscall(int call) - { - struct task_struct *me = current; -- static char lastcomm[8]; -- if (strcmp(lastcomm, me->comm)) { -- printk(KERN_INFO "IA32 syscall %d from %s not implemented\n", call, -- current->comm); -- strcpy(lastcomm, me->comm); -+ static char lastcomm[sizeof(me->comm)]; -+ -+ if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) { -+ printk(KERN_INFO "IA32 syscall %d from %s not implemented\n", -+ call, me->comm); -+ strncpy(lastcomm, me->comm, sizeof(lastcomm)); - } - return -ENOSYS; - } -@@ -1125,11 +1126,11 @@ - long sys32_vm86_warning(void) - { - struct task_struct *me = current; -- static char lastcomm[8]; -- if (strcmp(lastcomm, me->comm)) { -+ static char lastcomm[sizeof(me->comm)]; -+ if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) { - printk(KERN_INFO "%s: vm86 mode not supported on 64 bit kernel\n", - me->comm); -- strcpy(lastcomm, me->comm); -+ strncpy(lastcomm, me->comm, sizeof(lastcomm)); - } - return -ENOSYS; - } diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.binfmt_a.out.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.binfmt_a.out.patch deleted file mode 100644 index 89665ce8db42..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.binfmt_a.out.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -Nru linux-2.6.9/fs/exec.c linux-2.6.9.plasmaroo/fs/exec.c ---- linux-2.6.9/fs/exec.c 2004-11-27 08:30:03 -08:00 -+++ linux-2.6.9.plasmaroo/fs/exec.c 2004-11-27 08:30:03 -08:00 -@@ -413,6 +413,7 @@ - - down_write(&mm->mmap_sem); - { -+ struct vm_area_struct *vma; - mpnt->vm_mm = mm; - #ifdef CONFIG_STACK_GROWSUP - mpnt->vm_start = stack_base; -@@ -433,6 +434,12 @@ - mpnt->vm_flags = VM_STACK_FLAGS; - mpnt->vm_flags |= mm->def_flags; - mpnt->vm_page_prot = protection_map[mpnt->vm_flags & 0x7]; -+ vma = find_vma(mm, mpnt->vm_start); -+ if (vma) { -+ up_write(&mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return -ENOMEM; -+ } - insert_vm_struct(mm, mpnt); - mm->stack_vm = mm->total_vm = vma_pages(mpnt); - } -diff -Nru linux-2.6.9/fs/binfmt_aout.c linux-2.6.9.plasmaroo/fs/binfmt_aout.c ---- linux-2.6.9/fs/binfmt_aout.c 2004-11-27 08:31:43 -08:00 -+++ linux-2.6.9.plasmaroo/fs/binfmt_aout.c 2004-11-27 08:31:43 -08:00 -@@ -43,13 +43,18 @@ - .min_coredump = PAGE_SIZE - }; - --static void set_brk(unsigned long start, unsigned long end) -+#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) -+ -+static int set_brk(unsigned long start, unsigned long end) - { - start = PAGE_ALIGN(start); - end = PAGE_ALIGN(end); -- if (end <= start) -- return; -- do_brk(start, end - start); -+ if (end > start) { -+ unsigned long addr = do_brk(start, end - start); -+ if (BAD_ADDR(addr)) -+ return addr; -+ } -+ return 0; - } - - /* -@@ -413,7 +418,11 @@ - beyond_if: - set_binfmt(&aout_format); - -- set_brk(current->mm->start_brk, current->mm->brk); -+ retval = set_brk(current->mm->start_brk, current->mm->brk); -+ if (retval < 0) { -+ send_sig(SIGKILL, current, 0); -+ return retval; -+ } - - retval = setup_arg_pages(bprm, EXSTACK_DEFAULT); - if (retval < 0) { diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.binfmt_elf.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.binfmt_elf.patch deleted file mode 100644 index a836201deca1..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.binfmt_elf.patch +++ /dev/null @@ -1,85 +0,0 @@ -diff -ur linux-2.6.9/fs/binfmt_elf.c linux-2.6.9.plasmaroo/fs/binfmt_elf.c ---- linux-2.6.9/fs/binfmt_elf.c 2004-10-24 14:58:48.000000000 +0100 -+++ linux-2.6.9.plasmaroo/fs/binfmt_elf.c 2004-11-19 20:11:36.000000000 +0000 -@@ -335,9 +335,12 @@ - goto out; - - retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size); -- error = retval; -- if (retval < 0) -+ error = -EIO; -+ if (retval != size) { -+ if (retval < 0) -+ error = retval; - goto out_close; -+ } - - eppnt = elf_phdata; - for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) { -@@ -532,8 +535,11 @@ - goto out; - - retval = kernel_read(bprm->file, loc->elf_ex.e_phoff, (char *) elf_phdata, size); -- if (retval < 0) -+ if (retval != size) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_ph; -+ } - - files = current->files; /* Refcounted so ok */ - retval = unshare_files(); -@@ -570,7 +576,8 @@ - */ - - retval = -ENOMEM; -- if (elf_ppnt->p_filesz > PATH_MAX) -+ if (elf_ppnt->p_filesz > PATH_MAX || -+ elf_ppnt->p_filesz == 0) - goto out_free_file; - elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz, - GFP_KERNEL); -@@ -580,8 +587,16 @@ - retval = kernel_read(bprm->file, elf_ppnt->p_offset, - elf_interpreter, - elf_ppnt->p_filesz); -- if (retval < 0) -+ if (retval != elf_ppnt->p_filesz) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_interp; -+ } -+ /* make sure path is NULL terminated */ -+ retval = -EINVAL; -+ if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0') -+ goto out_free_interp; -+ - /* If the program interpreter is one of these two, - * then assume an iBCS2 image. Otherwise assume - * a native linux image. -@@ -616,8 +631,11 @@ - if (IS_ERR(interpreter)) - goto out_free_interp; - retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE); -- if (retval < 0) -+ if (retval != BINPRM_BUF_SIZE) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_dentry; -+ } - - /* Get the exec headers */ - loc->interp_ex = *((struct exec *) bprm->buf); -@@ -776,8 +794,10 @@ - } - - error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags); -- if (BAD_ADDR(error)) -- continue; -+ if (BAD_ADDR(error)) { -+ send_sig(SIGKILL, current, 0); -+ goto out_free_dentry; -+ } - - if (!load_addr_set) { - load_addr_set = 1; diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.brk-locked.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.brk-locked.patch deleted file mode 100644 index 6095e844d5f1..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.brk-locked.patch +++ /dev/null @@ -1,303 +0,0 @@ -diff -ur linux-2.6.10/arch/mips/kernel/irixelf.c linux-2.6.10.plasmaroo/arch/mips/kernel/irixelf.c ---- linux-2.6.10/arch/mips/kernel/irixelf.c 2004-12-24 21:35:50.000000000 +0000 -+++ linux-2.6.10.plasmaroo/arch/mips/kernel/irixelf.c 2005-01-07 15:36:00.383356800 +0000 -@@ -127,7 +127,7 @@ - end = PAGE_ALIGN(end); - if (end <= start) - return; -- do_brk(start, end - start); -+ do_brk_locked(start, end - start); - } - - -@@ -375,7 +375,7 @@ - - /* Map the last of the bss segment */ - if (last_bss > len) { -- do_brk(len, (last_bss - len)); -+ do_brk_locked(len, (last_bss - len)); - } - kfree(elf_phdata); - -@@ -562,7 +562,7 @@ - unsigned long v; - struct prda *pp; - -- v = do_brk (PRDA_ADDRESS, PAGE_SIZE); -+ v = do_brk_locked (PRDA_ADDRESS, PAGE_SIZE); - - if (v < 0) - return; -@@ -853,7 +853,7 @@ - len = (elf_phdata->p_filesz + elf_phdata->p_vaddr+ 0xfff) & 0xfffff000; - bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; - if (bss > len) -- do_brk(len, bss-len); -+ do_brk_locked(len, bss-len); - kfree(elf_phdata); - return 0; - } -diff -ur linux-2.6.10/arch/sparc64/kernel/binfmt_aout32.c linux-2.6.10.plasmaroo/arch/sparc64/kernel/binfmt_aout32.c ---- linux-2.6.10/arch/sparc64/kernel/binfmt_aout32.c 2004-12-24 21:34:45.000000000 +0000 -+++ linux-2.6.10.plasmaroo/arch/sparc64/kernel/binfmt_aout32.c 2005-01-07 15:36:00.432349352 +0000 -@@ -49,7 +49,7 @@ - end = PAGE_ALIGN(end); - if (end <= start) - return; -- do_brk(start, end - start); -+ do_brk_locked(start, end - start); - } - - /* -@@ -246,10 +246,10 @@ - if (N_MAGIC(ex) == NMAGIC) { - loff_t pos = fd_offset; - /* Fuck me plenty... */ -- error = do_brk(N_TXTADDR(ex), ex.a_text); -+ error = do_brk_locked(N_TXTADDR(ex), ex.a_text); - bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex), - ex.a_text, &pos); -- error = do_brk(N_DATADDR(ex), ex.a_data); -+ error = do_brk_locked(N_DATADDR(ex), ex.a_data); - bprm->file->f_op->read(bprm->file, (char __user *)N_DATADDR(ex), - ex.a_data, &pos); - goto beyond_if; -@@ -257,7 +257,7 @@ - - if (N_MAGIC(ex) == OMAGIC) { - loff_t pos = fd_offset; -- do_brk(N_TXTADDR(ex) & PAGE_MASK, -+ do_brk_locked(N_TXTADDR(ex) & PAGE_MASK, - ex.a_text+ex.a_data + PAGE_SIZE - 1); - bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex), - ex.a_text+ex.a_data, &pos); -@@ -272,7 +272,7 @@ - - if (!bprm->file->f_op->mmap) { - loff_t pos = fd_offset; -- do_brk(0, ex.a_text+ex.a_data); -+ do_brk_locked(0, ex.a_text+ex.a_data); - bprm->file->f_op->read(bprm->file, - (char __user *)N_TXTADDR(ex), - ex.a_text+ex.a_data, &pos); -@@ -389,7 +389,7 @@ - len = PAGE_ALIGN(ex.a_text + ex.a_data); - bss = ex.a_text + ex.a_data + ex.a_bss; - if (bss > len) { -- error = do_brk(start_addr + len, bss - len); -+ error = do_brk_locked(start_addr + len, bss - len); - retval = error; - if (error != start_addr + len) - goto out; -diff -Nur linux-2.6.10/arch/x86_64/ia32/ia32_aout.c linux-2.6.10.plasmaroo/arch/x86_64/ia32/ia32_aout.c ---- linux-2.6.10/arch/x86_64/ia32/ia32_aout.c 2005-01-03 16:17:04.000000000 -0200 -+++ linux-2.6.10.plasmaroo/arch/x86_64/ia32/ia32_aout.c 2005-01-03 16:46:53.846823360 -0200 -@@ -115,7 +115,7 @@ - end = PAGE_ALIGN(end); - if (end <= start) - return; -- do_brk(start, end - start); -+ do_brk_locked(start, end - start); - } - - #if CORE_DUMP -@@ -325,7 +325,7 @@ - pos = 32; - map_size = ex.a_text+ex.a_data; - -- error = do_brk(text_addr & PAGE_MASK, map_size); -+ error = do_brk_locked(text_addr & PAGE_MASK, map_size); - if (error != (text_addr & PAGE_MASK)) { - send_sig(SIGKILL, current, 0); - return error; -@@ -361,7 +361,7 @@ - - if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { - loff_t pos = fd_offset; -- do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); -+ do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data); - bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), - ex.a_text+ex.a_data, &pos); - flush_icache_range((unsigned long) N_TXTADDR(ex), -@@ -470,7 +470,7 @@ - } - #endif - -- do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); -+ do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss); - - file->f_op->read(file, (char *)start_addr, - ex.a_text + ex.a_data, &pos); -@@ -494,7 +494,7 @@ - len = PAGE_ALIGN(ex.a_text + ex.a_data); - bss = ex.a_text + ex.a_data + ex.a_bss; - if (bss > len) { -- error = do_brk(start_addr + len, bss - len); -+ error = do_brk_locked(start_addr + len, bss - len); - retval = error; - if (error != start_addr + len) - goto out; -diff -ur linux-2.6.10/fs/binfmt_aout.c linux-2.6.10.plasmaroo/fs/binfmt_aout.c ---- linux-2.6.10/fs/binfmt_aout.c 2004-12-24 21:35:50.000000000 +0000 -+++ linux-2.6.10.plasmaroo/fs/binfmt_aout.c 2005-01-07 15:36:00.000000000 +0000 -@@ -50,7 +50,7 @@ - start = PAGE_ALIGN(start); - end = PAGE_ALIGN(end); - if (end > start) { -- unsigned long addr = do_brk(start, end - start); -+ unsigned long addr = do_brk_locked(start, end - start); - if (BAD_ADDR(addr)) - return addr; - } -@@ -323,10 +323,10 @@ - loff_t pos = fd_offset; - /* Fuck me plenty... */ - /* <AOL></AOL> */ -- error = do_brk(N_TXTADDR(ex), ex.a_text); -+ error = do_brk_locked(N_TXTADDR(ex), ex.a_text); - bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), - ex.a_text, &pos); -- error = do_brk(N_DATADDR(ex), ex.a_data); -+ error = do_brk_locked(N_DATADDR(ex), ex.a_data); - bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex), - ex.a_data, &pos); - goto beyond_if; -@@ -347,7 +347,7 @@ - map_size = ex.a_text+ex.a_data; - #endif - -- error = do_brk(text_addr & PAGE_MASK, map_size); -+ error = do_brk_locked(text_addr & PAGE_MASK, map_size); - if (error != (text_addr & PAGE_MASK)) { - send_sig(SIGKILL, current, 0); - return error; -@@ -382,7 +382,7 @@ - - if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { - loff_t pos = fd_offset; -- do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); -+ do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data); - bprm->file->f_op->read(bprm->file, - (char __user *)N_TXTADDR(ex), - ex.a_text+ex.a_data, &pos); -@@ -488,7 +488,7 @@ - error_time = jiffies; - } - -- do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); -+ do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss); - - file->f_op->read(file, (char __user *)start_addr, - ex.a_text + ex.a_data, &pos); -@@ -512,7 +512,7 @@ - len = PAGE_ALIGN(ex.a_text + ex.a_data); - bss = ex.a_text + ex.a_data + ex.a_bss; - if (bss > len) { -- error = do_brk(start_addr + len, bss - len); -+ error = do_brk_locked(start_addr + len, bss - len); - retval = error; - if (error != start_addr + len) - goto out; -diff -ur linux-2.6.10/fs/binfmt_elf.c linux-2.6.10.plasmaroo/fs/binfmt_elf.c ---- linux-2.6.10/fs/binfmt_elf.c 2004-12-24 21:34:33.000000000 +0000 -+++ linux-2.6.10.plasmaroo/fs/binfmt_elf.c 2005-01-07 15:36:00.000000000 +0000 -@@ -88,7 +88,7 @@ - start = ELF_PAGEALIGN(start); - end = ELF_PAGEALIGN(end); - if (end > start) { -- unsigned long addr = do_brk(start, end - start); -+ unsigned long addr = do_brk_locked(start, end - start); - if (BAD_ADDR(addr)) - return addr; - } -@@ -408,7 +408,7 @@ - - /* Map the last of the bss segment */ - if (last_bss > elf_bss) { -- error = do_brk(elf_bss, last_bss - elf_bss); -+ error = do_brk_locked(elf_bss, last_bss - elf_bss); - if (BAD_ADDR(error)) - goto out_close; - } -@@ -448,7 +448,7 @@ - goto out; - } - -- do_brk(0, text_data); -+ do_brk_locked(0, text_data); - if (!interpreter->f_op || !interpreter->f_op->read) - goto out; - if (interpreter->f_op->read(interpreter, addr, text_data, &offset) < 0) -@@ -456,7 +456,7 @@ - flush_icache_range((unsigned long)addr, - (unsigned long)addr + text_data); - -- do_brk(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), -+ do_brk_locked(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), - interp_ex->a_bss); - elf_entry = interp_ex->a_entry; - -@@ -1025,7 +1025,7 @@ - len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1); - bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; - if (bss > len) -- do_brk(len, bss - len); -+ do_brk_locked(len, bss - len); - error = 0; - - out_free_ph: -diff -ur linux-2.6.10/include/linux/mm.h linux-2.6.10.plasmaroo/include/linux/mm.h ---- linux-2.6.10/include/linux/mm.h 2004-12-24 21:33:50.000000000 +0000 -+++ linux-2.6.10.plasmaroo/include/linux/mm.h 2005-01-07 15:36:00.000000000 +0000 -@@ -704,6 +704,7 @@ - extern int do_munmap(struct mm_struct *, unsigned long, size_t); - - extern unsigned long do_brk(unsigned long, unsigned long); -+extern unsigned long do_brk_locked(unsigned long, unsigned long); - - /* filemap.c */ - extern unsigned long page_unuse(struct page *); -diff -ur linux-2.6.10/mm/mmap.c linux-2.6.10.plasmaroo/mm/mmap.c ---- linux-2.6.10/mm/mmap.c 2004-12-24 21:35:00.000000000 +0000 -+++ linux-2.6.10.plasmaroo/mm/mmap.c 2005-01-07 15:36:04.000000000 +0000 -@@ -1826,6 +1826,20 @@ - - EXPORT_SYMBOL(do_brk); - -+/* locking version of do_brk. */ -+unsigned long do_brk_locked(unsigned long addr, unsigned long len) -+{ -+ unsigned long ret; -+ -+ down_write(¤t->mm->mmap_sem); -+ ret = do_brk(addr, len); -+ up_write(¤t->mm->mmap_sem); -+ -+ return ret; -+} -+ -+EXPORT_SYMBOL(do_brk_locked); -+ - /* Release all mmaps. */ - void exit_mmap(struct mm_struct *mm) - { -@@ -1952,3 +1966,4 @@ - } - return new_vma; - } -+ -diff -ur linux-2.6.10/mm/nommu.c linux-2.6.10.plasmaroo/mm/nommu.c ---- linux-2.6.10/mm/nommu.c 2004-12-24 21:35:25.000000000 +0000 -+++ linux-2.6.10.plasmaroo/mm/nommu.c 2005-01-07 15:30:24.000000000 +0000 -@@ -557,6 +557,11 @@ - return -ENOMEM; - } - -+unsigned long do_brk_locked(unsigned long addr, unsigned long len) -+{ -+ return -ENOMEM; -+} -+ - struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long addr) - { - return NULL; diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.shmLocking.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.shmLocking.patch deleted file mode 100644 index 66e4520909ed..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.shmLocking.patch +++ /dev/null @@ -1,56 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/12/13 08:30:17-08:00 hugh@veritas.com -# [PATCH] shmctl SHM_LOCK perms -# -# Michael Kerrisk has observed that at present any process can SHM_LOCK any -# shm segment of size within process RLIMIT_MEMLOCK, despite having no -# permissions on the segment: surprising, though not obviously evil. And any -# process can SHM_UNLOCK any shm segment, despite no permissions on it: that -# is surely wrong. -# -# Unless CAP_IPC_LOCK, restrict both SHM_LOCK and SHM_UNLOCK to when the -# process euid matches the shm owner or creator: that seems the least -# surprising behaviour, which could be relaxed if a need appears later. -# -# Signed-off-by: Hugh Dickins <hugh@veritas.com> -# Signed-off-by: Andrew Morton <akpm@osdl.org> -# Signed-off-by: Linus Torvalds <torvalds@osdl.org> -# -# ipc/shm.c -# 2004/12/13 02:47:27-08:00 hugh@veritas.com +10 -5 -# shmctl SHM_LOCK perms -# -diff -Nru a/ipc/shm.c b/ipc/shm.c ---- a/ipc/shm.c 2004-12-20 10:32:59 -08:00 -+++ b/ipc/shm.c 2004-12-20 10:32:59 -08:00 -@@ -511,11 +511,6 @@ - case SHM_LOCK: - case SHM_UNLOCK: - { -- /* Allow superuser to lock segment in memory */ -- if (!can_do_mlock() && cmd == SHM_LOCK) { -- err = -EPERM; -- goto out; -- } - shp = shm_lock(shmid); - if(shp==NULL) { - err = -EINVAL; -@@ -524,6 +519,16 @@ - err = shm_checkid(shp,shmid); - if(err) - goto out_unlock; -+ -+ if (!capable(CAP_IPC_LOCK)) { -+ err = -EPERM; -+ if (current->euid != shp->shm_perm.uid && -+ current->euid != shp->shm_perm.cuid) -+ goto out_unlock; -+ if (cmd == SHM_LOCK && -+ !current->rlim[RLIMIT_MEMLOCK].rlim_cur) -+ goto out_unlock; -+ } - - err = security_shm_shmctl(shp, cmd); - if (err) diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.smbfs.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.smbfs.patch deleted file mode 100644 index f10cfedfab16..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.smbfs.patch +++ /dev/null @@ -1,72 +0,0 @@ -diff -urN linux-2.6.8.1/fs/smbfs/proc.c linux-2.6.8.1.plasmaroo/fs/smbfs/proc.c ---- linux-2.6.8.1/fs/smbfs/proc.c 2004-08-24 17:15:57.000000000 +1000 -+++ linux-2.6.8.1.plasmaroo/fs/smbfs/proc.c 2004-11-06 11:27:20.000000000 +1100 -@@ -1427,9 +1427,9 @@ - * So we must first calculate the amount of padding used by the server. - */ - data_off -= hdrlen; -- if (data_off > SMB_READX_MAX_PAD) { -- PARANOIA("offset is larger than max pad!\n"); -- PARANOIA("%d > %d\n", data_off, SMB_READX_MAX_PAD); -+ if (data_off > SMB_READX_MAX_PAD || data_off < 0) { -+ PARANOIA("offset is larger than SMB_READX_MAX_PAD or negative!\n"); -+ PARANOIA("%d > %d || %d < 0\n", data_off, SMB_READX_MAX_PAD, data_off); - req->rq_rlen = req->rq_bufsize + 1; - return; - } -diff -urN linux-2.6.8.1/fs/smbfs/request.c linux-2.6.8.1.plasmaroo/fs/smbfs/request.c ---- linux-2.6.8.1/fs/smbfs/request.c 2004-11-06 11:27:51.000000000 +1100 -+++ linux-2.6.8.1.plasmaroo/fs/smbfs/request.c 2004-11-06 11:27:20.000000000 +1100 -@@ -588,6 +588,10 @@ - data_count = WVAL(inbuf, smb_drcnt); - - /* Modify offset for the split header/buffer we use */ -+ if (data_offset < hdrlen) -+ goto out_bad_data; -+ if (parm_offset < hdrlen) -+ goto out_bad_parm; - data_offset -= hdrlen; - parm_offset -= hdrlen; - -@@ -607,6 +611,10 @@ - req->rq_lparm = parm_count; - req->rq_data = req->rq_buffer + data_offset; - req->rq_parm = req->rq_buffer + parm_offset; -+ if (parm_offset + parm_count > req->rq_rlen) -+ goto out_bad_parm; -+ if (data_offset + data_count > req->rq_rlen) -+ goto out_bad_data; - return 0; - } - -@@ -643,8 +652,12 @@ - - if (parm_disp + parm_count > req->rq_total_parm) - goto out_bad_parm; -+ if (parm_offset + parm_count > req->rq_rlen) -+ goto out_bad_parm; - if (data_disp + data_count > req->rq_total_data) - goto out_bad_data; -+ if (data_offset + data_count > req->rq_rlen) -+ goto out_bad_data; - - inbuf = req->rq_buffer; - memcpy(req->rq_parm + parm_disp, inbuf + parm_offset, parm_count); -@@ -676,13 +692,13 @@ - req->rq_errno = -EIO; - goto out; - out_bad_parm: -- printk(KERN_ERR "smb_trans2: invalid parms, disp=%d, cnt=%d, tot=%d\n", -- parm_disp, parm_count, parm_tot); -+ printk(KERN_ERR "smb_trans2: invalid parms, disp=%d, cnt=%d, tot=%d, ofs=%d\n", -+ parm_disp, parm_count, parm_tot, parm_offset); - req->rq_errno = -EIO; - goto out; - out_bad_data: -- printk(KERN_ERR "smb_trans2: invalid data, disp=%d, cnt=%d, tot=%d\n", -- data_disp, data_count, data_tot); -+ printk(KERN_ERR "smb_trans2: invalid data, disp=%d, cnt=%d, tot=%d, ofs=%d\n", -+ data_disp, data_count, data_tot, data_offset); - req->rq_errno = -EIO; - out: - return req->rq_errno; diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.vma.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.vma.patch deleted file mode 100644 index a335bfc2e269..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.9.vma.patch +++ /dev/null @@ -1,268 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/11/25 16:00:28-08:00 nanhai.zou@intel.com -# [PATCH] ia64/x86_64/s390 overlapping vma fix -# -# IA64 is also vulnerable to the huge-vma-in-executable bug in 64 bit elf -# support, it just insert a vma of zero page without checking overlap, so user -# can construct a elf with section begin from 0x0 to trigger this BUGON(). -# -# However, I think it's safe to check overlap before we actually insert a vma -# into vma list. And I also feel check vma overlap everywhere is unnecessary, -# because invert_vm_struct will check it again, so the check is duplicated. -# It's better to have invert_vm_struct return a value then let caller check if -# it successes. Here is a patch against 2.6.10.rc2-mm3 I have tested it on -# i386, x86_64 and ia64 machines. -# -# Signed-off-by: Tony Luck <tony.luck@intel.com> -# Signed-off-by: Zou Nan hai <Nanhai.zou@intel.com> -# Signed-off-by: Andrew Morton <akpm@osdl.org> -# Signed-off-by: Linus Torvalds <torvalds@osdl.org> -# -# arch/ia64/ia32/binfmt_elf32.c -# 2004/11/24 22:42:43-08:00 nanhai.zou@intel.com +21 -5 -# ia64/x86_64/s390 overlapping vma fix -# -# arch/ia64/mm/init.c -# 2004/11/24 22:42:43-08:00 nanhai.zou@intel.com +14 -2 -# ia64/x86_64/s390 overlapping vma fix -# -# arch/s390/kernel/compat_exec.c -# 2004/11/24 22:42:43-08:00 nanhai.zou@intel.com +6 -2 -# ia64/x86_64/s390 overlapping vma fix -# -# arch/x86_64/ia32/ia32_binfmt.c -# 2004/11/24 22:42:43-08:00 nanhai.zou@intel.com +6 -2 -# ia64/x86_64/s390 overlapping vma fix -# -# fs/exec.c -# 2004/11/24 22:42:43-08:00 nanhai.zou@intel.com +3 -6 -# ia64/x86_64/s390 overlapping vma fix -# -# include/linux/mm.h -# 2004/11/24 22:42:43-08:00 nanhai.zou@intel.com +1 -1 -# ia64/x86_64/s390 overlapping vma fix -# -# mm/mmap.c -# 2004/11/24 22:42:43-08:00 nanhai.zou@intel.com +3 -2 -# ia64/x86_64/s390 overlapping vma fix -# -diff -Nru a/arch/ia64/ia32/binfmt_elf32.c b/arch/ia64/ia32/binfmt_elf32.c ---- a/arch/ia64/ia32/binfmt_elf32.c 2004-12-03 12:01:20 -08:00 -+++ b/arch/ia64/ia32/binfmt_elf32.c 2004-12-03 12:01:20 -08:00 -@@ -100,7 +100,11 @@ - vma->vm_ops = &ia32_shared_page_vm_ops; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -123,7 +127,11 @@ - vma->vm_ops = &ia32_gate_page_vm_ops; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -142,7 +150,11 @@ - vma->vm_flags = VM_READ|VM_WRITE|VM_MAYREAD|VM_MAYWRITE; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -190,7 +202,7 @@ - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - - stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - mm->arg_start = bprm->p + stack_base; -@@ -225,7 +237,11 @@ - mpnt->vm_flags = VM_STACK_FLAGS; - mpnt->vm_page_prot = (mpnt->vm_flags & VM_EXEC)? - PAGE_COPY_EXEC: PAGE_COPY; -- insert_vm_struct(current->mm, mpnt); -+ if ((ret = insert_vm_struct(current->mm, mpnt))) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - current->mm->stack_vm = current->mm->total_vm = vma_pages(mpnt); - } - -diff -Nru a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c ---- a/arch/ia64/mm/init.c 2004-12-03 12:01:20 -08:00 -+++ b/arch/ia64/mm/init.c 2004-12-03 12:01:20 -08:00 -@@ -131,7 +131,13 @@ - vma->vm_end = vma->vm_start + PAGE_SIZE; - vma->vm_page_prot = protection_map[VM_DATA_DEFAULT_FLAGS & 0x7]; - vma->vm_flags = VM_DATA_DEFAULT_FLAGS | VM_GROWSUP; -- insert_vm_struct(current->mm, vma); -+ down_write(¤t->mm->mmap_sem); -+ if (insert_vm_struct(current->mm, vma)) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return; -+ } -+ up_write(¤t->mm->mmap_sem); - } - - /* map NaT-page at address zero to speed up speculative dereferencing of NULL: */ -@@ -143,7 +149,13 @@ - vma->vm_end = PAGE_SIZE; - vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT); - vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO | VM_RESERVED; -- insert_vm_struct(current->mm, vma); -+ down_write(¤t->mm->mmap_sem); -+ if (insert_vm_struct(current->mm, vma)) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return; -+ } -+ up_write(¤t->mm->mmap_sem); - } - } - } -diff -Nru a/arch/s390/kernel/compat_exec.c b/arch/s390/kernel/compat_exec.c ---- a/arch/s390/kernel/compat_exec.c 2004-12-03 12:01:20 -08:00 -+++ b/arch/s390/kernel/compat_exec.c 2004-12-03 12:01:20 -08:00 -@@ -39,7 +39,7 @@ - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - - stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - mm->arg_start = bprm->p + stack_base; -@@ -68,7 +68,11 @@ - /* executable stack setting would be applied here */ - mpnt->vm_page_prot = PAGE_COPY; - mpnt->vm_flags = VM_STACK_FLAGS; -- insert_vm_struct(mm, mpnt); -+ if ((ret = insert_vm_struct(mm, mpnt))) { -+ up_write(&mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - mm->stack_vm = mm->total_vm = vma_pages(mpnt); - } - -diff -Nru a/arch/x86_64/ia32/ia32_binfmt.c b/arch/x86_64/ia32/ia32_binfmt.c ---- a/arch/x86_64/ia32/ia32_binfmt.c 2004-12-03 12:01:20 -08:00 -+++ b/arch/x86_64/ia32/ia32_binfmt.c 2004-12-03 12:01:20 -08:00 -@@ -334,7 +334,7 @@ - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - - stack_base = IA32_STACK_TOP - MAX_ARG_PAGES * PAGE_SIZE; - mm->arg_start = bprm->p + stack_base; -@@ -368,7 +368,11 @@ - mpnt->vm_flags = VM_STACK_FLAGS; - mpnt->vm_page_prot = (mpnt->vm_flags & VM_EXEC) ? - PAGE_COPY_EXEC : PAGE_COPY; -- insert_vm_struct(mm, mpnt); -+ if ((ret = insert_vm_struct(mm, mpnt))) { -+ up_write(&mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - mm->stack_vm = mm->total_vm = vma_pages(mpnt); - } - -diff -Nru a/fs/exec.c b/fs/exec.c ---- a/fs/exec.c 2004-12-03 12:01:20 -08:00 -+++ b/fs/exec.c 2004-12-03 12:01:20 -08:00 -@@ -342,7 +342,7 @@ - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - long arg_size; - - #ifdef CONFIG_STACK_GROWSUP -@@ -413,7 +413,6 @@ - - down_write(&mm->mmap_sem); - { -- struct vm_area_struct *vma; - mpnt->vm_mm = mm; - #ifdef CONFIG_STACK_GROWSUP - mpnt->vm_start = stack_base; -@@ -434,13 +433,11 @@ - mpnt->vm_flags = VM_STACK_FLAGS; - mpnt->vm_flags |= mm->def_flags; - mpnt->vm_page_prot = protection_map[mpnt->vm_flags & 0x7]; -- vma = find_vma(mm, mpnt->vm_start); -- if (vma) { -+ if ((ret = insert_vm_struct(mm, mpnt))) { - up_write(&mm->mmap_sem); - kmem_cache_free(vm_area_cachep, mpnt); -- return -ENOMEM; -+ return ret; - } -- insert_vm_struct(mm, mpnt); - mm->stack_vm = mm->total_vm = vma_pages(mpnt); - } - -diff -Nru a/include/linux/mm.h b/include/linux/mm.h ---- a/include/linux/mm.h 2004-12-03 12:01:20 -08:00 -+++ b/include/linux/mm.h 2004-12-03 12:01:20 -08:00 -@@ -675,7 +675,7 @@ - extern struct anon_vma *find_mergeable_anon_vma(struct vm_area_struct *); - extern int split_vma(struct mm_struct *, - struct vm_area_struct *, unsigned long addr, int new_below); --extern void insert_vm_struct(struct mm_struct *, struct vm_area_struct *); -+extern int insert_vm_struct(struct mm_struct *, struct vm_area_struct *); - extern void __vma_link_rb(struct mm_struct *, struct vm_area_struct *, - struct rb_node **, struct rb_node *); - extern struct vm_area_struct *copy_vma(struct vm_area_struct **, -diff -Nru a/mm/mmap.c b/mm/mmap.c ---- a/mm/mmap.c 2004-12-03 12:01:20 -08:00 -+++ b/mm/mmap.c 2004-12-03 12:01:20 -08:00 -@@ -1871,7 +1871,7 @@ - * and into the inode's i_mmap tree. If vm_file is non-NULL - * then i_mmap_lock is taken here. - */ --void insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) -+int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) - { - struct vm_area_struct * __vma, * prev; - struct rb_node ** rb_link, * rb_parent; -@@ -1894,8 +1894,9 @@ - } - __vma = find_vma_prepare(mm,vma->vm_start,&prev,&rb_link,&rb_parent); - if (__vma && __vma->vm_start < vma->vm_end) -- BUG(); -+ return -ENOMEM; - vma_link(mm, vma, prev, rb_link, rb_parent); -+ return 0; - } - - /* diff --git a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.binfmt_elf.patch b/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.binfmt_elf.patch deleted file mode 100644 index 87d05e7b5fa4..000000000000 --- a/sys-kernel/win4lin-sources/files/win4lin-sources-2.6.binfmt_elf.patch +++ /dev/null @@ -1,85 +0,0 @@ -diff -ur linux-2.6.8.1/fs/binfmt_elf.c linux-2.6.8.1.plasmaroo/fs/binfmt_elf.c ---- linux-2.6.8.1/fs/binfmt_elf.c 2004-08-14 11:55:23.000000000 +0100 -+++ linux-2.6.8.1.plasmaroo/fs/binfmt_elf.c 2004-11-19 23:07:08.375429000 +0000 -@@ -334,9 +334,12 @@ - goto out; - - retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size); -- error = retval; -- if (retval < 0) -+ error = -EIO; -+ if (retval != size) { -+ if (retval < 0) -+ error = retval; - goto out_close; -+ } - - eppnt = elf_phdata; - for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) { -@@ -523,8 +526,11 @@ - goto out; - - retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size); -- if (retval < 0) -+ if (retval != size) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_ph; -+ } - - files = current->files; /* Refcounted so ok */ - retval = unshare_files(); -@@ -561,7 +567,8 @@ - */ - - retval = -ENOMEM; -- if (elf_ppnt->p_filesz > PATH_MAX) -+ if (elf_ppnt->p_filesz > PATH_MAX || -+ elf_ppnt->p_filesz == 0) - goto out_free_file; - elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz, - GFP_KERNEL); -@@ -571,8 +578,16 @@ - retval = kernel_read(bprm->file, elf_ppnt->p_offset, - elf_interpreter, - elf_ppnt->p_filesz); -- if (retval < 0) -+ if (retval != elf_ppnt->p_filesz) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_interp; -+ } -+ /* make sure path is NULL terminated */ -+ retval = -EINVAL; -+ if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0') -+ goto out_free_interp; -+ - /* If the program interpreter is one of these two, - * then assume an iBCS2 image. Otherwise assume - * a native linux image. -@@ -607,8 +622,11 @@ - if (IS_ERR(interpreter)) - goto out_free_interp; - retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE); -- if (retval < 0) -+ if (retval != BINPRM_BUF_SIZE) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_dentry; -+ } - - /* Get the exec headers */ - interp_ex = *((struct exec *) bprm->buf); -@@ -765,8 +783,10 @@ - } - - error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags); -- if (BAD_ADDR(error)) -- continue; -+ if (BAD_ADDR(error)) { -+ send_sig(SIGKILL, current, 0); -+ goto out_free_dentry; -+ } - - if (!load_addr_set) { - load_addr_set = 1; diff --git a/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r7.ebuild b/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r7.ebuild deleted file mode 100644 index 9282e38189a6..000000000000 --- a/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r7.ebuild +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 1999-2005 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/win4lin-sources/win4lin-sources-2.6.9-r7.ebuild,v 1.2 2005/04/13 19:47:09 plasmaroo Exp $ - -ETYPE="sources" -inherit kernel-2 -detect_version - -MKI_VERSION='1_3_8' -UNIPATCH_LIST=" - ${DISTDIR}/Kernel-Win4Lin3-${OKV}.patch - ${DISTDIR}/mki-adapter26_${MKI_VERSION}.patch:1 - ${FILESDIR}/${P}.binfmt_elf.patch - ${FILESDIR}/${P}.binfmt_a.out.patch - ${FILESDIR}/${P}.smbfs.patch - ${FILESDIR}/${P}.AF_UNIX.patch - ${FILESDIR}/${P}.AF_UNIX.SELinux.patch - ${FILESDIR}/${P}.CAN-2004-1151.patch - ${FILESDIR}/${P}.vma.patch - ${FILESDIR}/${P}.CAN-2004-1016.patch - ${FILESDIR}/${P}.CAN-2004-1056.patch - ${FILESDIR}/${P}.CAN-2004-1137.patch - ${FILESDIR}/${P}.CAN-2004-1151.patch - ${FILESDIR}/${P}.shmLocking.patch - ${FILESDIR}/${P}.75963.patch - ${FILESDIR}/${P}.brk-locked.patch - ${FILESDIR}/${P}.74070.patch - ${FILESDIR}/${P}.77666.patch - ${FILESDIR}/${P}.77923.patch - ${FILESDIR}/${P}.78362.patch - ${FILESDIR}/${P}.78363.patch - ${FILESDIR}/${P}.81106.patch - ${FILESDIR}/${P}.82141.patch" - -S=${WORKDIR}/linux-${KV} - -DESCRIPTION="Full sources for the 2.6 of the Linux kernel with the Win4Lin patches" -SRC_URI="mirror://kernel/linux/kernel/v2.6/linux-${OKV}.tar.bz2 - ftp://ftp.netraverse.com/pub/testing/kernel/patches/mki-adapter26_${MKI_VERSION}.patch - ftp://ftp.netraverse.com/pub/testing/kernel/patches/Kernel-Win4Lin3-${OKV}.patch" - -# Best to keep "~x86" until Win4Lin-5.1.10 is in the tree and stable; -# bug #55587. -KEYWORDS="~x86 -*" -SLOT="${KV}" - -K_EXTRAEINFO="If there are issues with this kernel, search http://bugs.gentoo.org/ for an -existing bug. Only create a new bug if you have not found one that matches -your issue. It is best to do an advanced search as the initial search has a -very low yield. Please assign your bugs to x86-kernel@gentoo.org." |