diff options
author | Tim Yamin <plasmaroo@gentoo.org> | 2004-12-24 18:23:50 +0000 |
---|---|---|
committer | Tim Yamin <plasmaroo@gentoo.org> | 2004-12-24 18:23:50 +0000 |
commit | 0a50b4059624c198fdf50beb79af66647bb4cdac (patch) | |
tree | aa4f27b11985f6839bd4e121440f7cdb7f05e984 /sys-kernel | |
parent | DEPEND update closes bug #75349. (Manifest recommit) (diff) | |
download | gentoo-2-0a50b4059624c198fdf50beb79af66647bb4cdac.tar.gz gentoo-2-0a50b4059624c198fdf50beb79af66647bb4cdac.tar.bz2 gentoo-2-0a50b4059624c198fdf50beb79af66647bb4cdac.zip |
Security bump; bugs #72452, #74384, #74392, #74464.
Diffstat (limited to 'sys-kernel')
20 files changed, 1493 insertions, 22 deletions
diff --git a/sys-kernel/gentoo-sources/ChangeLog b/sys-kernel/gentoo-sources/ChangeLog index 7982063c70f6..ba6f749221c2 100644 --- a/sys-kernel/gentoo-sources/ChangeLog +++ b/sys-kernel/gentoo-sources/ChangeLog @@ -1,6 +1,24 @@ # ChangeLog for sys-kernel/gentoo-sources # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/ChangeLog,v 1.96 2004/11/27 20:57:39 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/ChangeLog,v 1.97 2004/12/24 18:23:50 plasmaroo Exp $ + +*gentoo-sources-2.4.22-r21 (24 Dec 2004) + + 24 Dec 2004; <plasmaroo@gentoo.org> -gentoo-sources-2.4.20-r29.ebuild, + +gentoo-sources-2.4.20-r30.ebuild, -gentoo-sources-2.4.22-r20.ebuild, + +gentoo-sources-2.4.22-r21.ebuild, -gentoo-sources-2.4.25-r13.ebuild, + +gentoo-sources-2.4.25-r14.ebuild, -gentoo-sources-2.4.26-r13.ebuild, + +gentoo-sources-2.4.26-r14.ebuild, -gentoo-sources-2.4.27-r5.ebuild, + +gentoo-sources-2.4.27-r6.ebuild, -gentoo-sources-2.4.28-r2.ebuild, + +gentoo-sources-2.4.28-r3.ebuild, + +files/gentoo-sources-2.4.20-CAN-2004-1056.patch, + +files/gentoo-sources-2.4.22-CAN-2004-1016.patch, + +files/gentoo-sources-2.4.22-vma.patch, + +files/gentoo-sources-2.4.CAN-2004-1016.patch, + +files/gentoo-sources-2.4.CAN-2004-1056.patch, + +files/gentoo-sources-2.4.CAN-2004-1137.patch, + +files/gentoo-sources-2.4.vma.patch: + Security bump; bugs #72452, #74384, #74392, #74464. *gentoo-sources-2.4.20-r29 (27 Nov 2004) diff --git a/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.20-r29 b/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.20-r30 index cf24929f42e8..cf24929f42e8 100644 --- a/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.20-r29 +++ b/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.20-r30 diff --git a/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.22-r20 b/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.22-r21 index ae62b02192ec..ae62b02192ec 100644 --- a/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.22-r20 +++ b/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.22-r21 diff --git a/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.25-r13 b/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.25-r14 index ddf72226d1b3..ddf72226d1b3 100644 --- a/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.25-r13 +++ b/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.25-r14 diff --git a/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.26-r13 b/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.26-r14 index 33596a1b91ba..33596a1b91ba 100644 --- a/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.26-r13 +++ b/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.26-r14 diff --git a/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.27-r5 b/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.27-r6 index cb0002e288c5..cb0002e288c5 100644 --- a/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.27-r5 +++ b/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.27-r6 diff --git a/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.28-r2 b/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.28-r3 index 400db3a891d3..400db3a891d3 100644 --- a/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.28-r2 +++ b/sys-kernel/gentoo-sources/files/digest-gentoo-sources-2.4.28-r3 diff --git a/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.20-CAN-2004-1056.patch b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.20-CAN-2004-1056.patch new file mode 100644 index 000000000000..b0b2a6d65598 --- /dev/null +++ b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.20-CAN-2004-1056.patch @@ -0,0 +1,319 @@ +diff -ur linux-2.4.22/drivers/char/drm/i810.h linux-2.4.22.plasmaroo/drivers/char/drm/i810.h +--- linux-2.4.22/drivers/char/drm/i810.h 2001-08-08 17:42:14.000000000 +0100 ++++ linux-2.4.22.plasmaroo/drivers/char/drm/i810.h 2004-12-24 14:56:13.644644456 +0000 +@@ -113,4 +113,14 @@ + #define DRIVER_AGP_BUFFERS_MAP( dev ) \ + ((drm_i810_private_t *)((dev)->dev_private))->buffer_map + ++#define LOCK_TEST_WITH_RETURN( dev ) \ ++do { \ ++ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ ++ dev->lock.pid != current->pid ) { \ ++ DRM_ERROR( "%s called without lock held\n", \ ++ __FUNCTION__ ); \ ++ return -EINVAL; \ ++ } \ ++} while (0) ++ + #endif +diff -ur linux-2.4.22/drivers/char/drm/i810_dma.c linux-2.4.22.plasmaroo/drivers/char/drm/i810_dma.c +--- linux-2.4.22/drivers/char/drm/i810_dma.c 2002-11-28 23:53:12.000000000 +0000 ++++ linux-2.4.22.plasmaroo/drivers/char/drm/i810_dma.c 2004-12-24 14:57:28.626245520 +0000 +@@ -1071,10 +1071,7 @@ + drm_device_t *dev = priv->dev; + + DRM_DEBUG("i810_flush_ioctl\n"); +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_flush_ioctl called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + i810_flush_queue(dev); + return 0; +@@ -1096,10 +1093,7 @@ + if (copy_from_user(&vertex, (drm_i810_vertex_t *)arg, sizeof(vertex))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_dma_vertex called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + DRM_DEBUG("i810 dma vertex, idx %d used %d discard %d\n", + vertex.idx, vertex.used, vertex.discard); +@@ -1130,10 +1124,7 @@ + if (copy_from_user(&clear, (drm_i810_clear_t *)arg, sizeof(clear))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_clear_bufs called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + /* GH: Someone's doing nasty things... */ + if (!dev->dev_private) { +@@ -1154,10 +1145,7 @@ + + DRM_DEBUG("i810_swap_bufs\n"); + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_swap_buf called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + i810_dma_dispatch_swap( dev ); + return 0; +@@ -1193,10 +1181,7 @@ + if (copy_from_user(&d, (drm_i810_dma_t *)arg, sizeof(d))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_dma called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + d.granted = 0; + +@@ -1226,10 +1211,7 @@ + drm_i810_buf_priv_t *buf_priv; + drm_device_dma_t *dma = dev->dma; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_dma called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + if (copy_from_user(&d, (drm_i810_copy_t *)arg, sizeof(d))) + return -EFAULT; +@@ -1334,11 +1316,7 @@ + if (copy_from_user(&mc, (drm_i810_mc_t *)arg, sizeof(mc))) + return -EFAULT; + +- +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_dma_mc called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + i810_dma_dispatch_mc(dev, dma->buflist[mc.idx], mc.used, + mc.last_render ); +@@ -1382,10 +1360,7 @@ + drm_device_t *dev = priv->dev; + drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_fstatus called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + return I810_READ(0x30008); + } + +@@ -1396,10 +1371,7 @@ + drm_device_t *dev = priv->dev; + drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_ov0_flip called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + //Tell the overlay to update + I810_WRITE(0x30000,dev_priv->overlay_physical | 0x80000000); +diff -ur linux-2.4.22/drivers/char/drm/i830.h linux-2.4.22.plasmaroo/drivers/char/drm/i830.h +--- linux-2.4.22/drivers/char/drm/i830.h 2002-11-28 23:53:12.000000000 +0000 ++++ linux-2.4.22.plasmaroo/drivers/char/drm/i830.h 2004-12-24 14:56:13.658642328 +0000 +@@ -113,4 +113,14 @@ + #define DRIVER_AGP_BUFFERS_MAP( dev ) \ + ((drm_i830_private_t *)((dev)->dev_private))->buffer_map + ++#define LOCK_TEST_WITH_RETURN( dev ) \ ++do { \ ++ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ ++ dev->lock.pid != current->pid ) { \ ++ DRM_ERROR( "%s called without lock held\n", \ ++ __FUNCTION__ ); \ ++ return -EINVAL; \ ++ } \ ++} while (0) ++ + #endif +diff -ur linux-2.4.22/drivers/char/drm/i830_dma.c linux-2.4.22.plasmaroo/drivers/char/drm/i830_dma.c +--- linux-2.4.22/drivers/char/drm/i830_dma.c 2002-11-28 23:53:12.000000000 +0000 ++++ linux-2.4.22.plasmaroo/drivers/char/drm/i830_dma.c 2004-12-24 14:57:55.225201864 +0000 +@@ -1187,10 +1187,8 @@ + drm_device_t *dev = priv->dev; + + DRM_DEBUG("i830_flush_ioctl\n"); +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i830_flush_ioctl called without lock held\n"); +- return -EINVAL; +- } ++ ++ LOCK_TEST_WITH_RETURN(dev); + + i830_flush_queue(dev); + return 0; +@@ -1211,10 +1209,7 @@ + if (copy_from_user(&vertex, (drm_i830_vertex_t *)arg, sizeof(vertex))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i830_dma_vertex called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + DRM_DEBUG("i830 dma vertex, idx %d used %d discard %d\n", + vertex.idx, vertex.used, vertex.discard); +@@ -1241,10 +1236,7 @@ + if (copy_from_user(&clear, (drm_i830_clear_t *)arg, sizeof(clear))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i830_clear_bufs called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + /* GH: Someone's doing nasty things... */ + if (!dev->dev_private) { +@@ -1266,10 +1258,7 @@ + + DRM_DEBUG("i830_swap_bufs\n"); + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i830_swap_buf called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + i830_dma_dispatch_swap( dev ); + return 0; +@@ -1305,10 +1294,7 @@ + if (copy_from_user(&d, (drm_i830_dma_t *)arg, sizeof(d))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i830_dma called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + d.granted = 0; + +@@ -1338,10 +1324,7 @@ + drm_i830_buf_priv_t *buf_priv; + drm_device_dma_t *dma = dev->dma; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i830_dma called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + if (copy_from_user(&d, (drm_i830_copy_t *)arg, sizeof(d))) + return -EFAULT; +diff -ur linux-2.4.22/drivers/char/drm-4.0/drmP.h linux-2.4.22.plasmaroo/drivers/char/drm-4.0/drmP.h +--- linux-2.4.22/drivers/char/drm-4.0/drmP.h 2002-02-25 19:37:57.000000000 +0000 ++++ linux-2.4.22.plasmaroo/drivers/char/drm-4.0/drmP.h 2004-12-24 14:56:16.389227216 +0000 +@@ -294,6 +294,16 @@ + #define DRM_BUFCOUNT(x) ((x)->count - DRM_LEFTCOUNT(x)) + #define DRM_WAITCOUNT(dev,idx) DRM_BUFCOUNT(&dev->queuelist[idx]->waitlist) + ++#define LOCK_TEST_WITH_RETURN( dev ) \ ++do { \ ++ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ ++ dev->lock.pid != current->pid ) { \ ++ DRM_ERROR( "%s called without lock held\n", \ ++ __FUNCTION__ ); \ ++ return -EINVAL; \ ++ } \ ++} while (0) ++ + typedef int drm_ioctl_t(struct inode *inode, struct file *filp, + unsigned int cmd, unsigned long arg); + +diff -ur linux-2.4.22/drivers/char/drm-4.0/i810_dma.c linux-2.4.22.plasmaroo/drivers/char/drm-4.0/i810_dma.c +--- linux-2.4.22/drivers/char/drm-4.0/i810_dma.c 2003-06-13 15:51:32.000000000 +0100 ++++ linux-2.4.22.plasmaroo/drivers/char/drm-4.0/i810_dma.c 2004-12-24 14:56:16.401225392 +0000 +@@ -1249,10 +1249,7 @@ + drm_device_t *dev = priv->dev; + + DRM_DEBUG("i810_flush_ioctl\n"); +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_flush_ioctl called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + i810_flush_queue(dev); + return 0; +@@ -1274,10 +1271,7 @@ + if (copy_from_user(&vertex, (drm_i810_vertex_t *)arg, sizeof(vertex))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_dma_vertex called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + DRM_DEBUG("i810 dma vertex, idx %d used %d discard %d\n", + vertex.idx, vertex.used, vertex.discard); +@@ -1308,10 +1302,7 @@ + if (copy_from_user(&clear, (drm_i810_clear_t *)arg, sizeof(clear))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_clear_bufs called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + i810_dma_dispatch_clear( dev, clear.flags, + clear.clear_color, +@@ -1327,10 +1318,7 @@ + + DRM_DEBUG("i810_swap_bufs\n"); + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_swap_buf called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + i810_dma_dispatch_swap( dev ); + return 0; +@@ -1366,10 +1354,7 @@ + if (copy_from_user(&d, (drm_i810_dma_t *)arg, sizeof(d))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_dma called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + d.granted = 0; + +@@ -1399,10 +1384,7 @@ + drm_i810_buf_priv_t *buf_priv; + drm_device_dma_t *dma = dev->dma; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_dma called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + if (copy_from_user(&d, (drm_i810_copy_t *)arg, sizeof(d))) + return -EFAULT; diff --git a/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.22-CAN-2004-1016.patch b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.22-CAN-2004-1016.patch new file mode 100644 index 000000000000..ad0b0dde0d47 --- /dev/null +++ b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.22-CAN-2004-1016.patch @@ -0,0 +1,58 @@ +===== include/linux/socket.h 1.12 vs edited ===== +--- 1.12/include/linux/socket.h 2004-09-09 06:40:01 +10:00 ++++ edited/include/linux/socket.h 2004-11-27 11:53:40 +11:00 +@@ -90,6 +90,10 @@ + (struct cmsghdr *)(ctl) : \ + (struct cmsghdr *)NULL) + #define CMSG_FIRSTHDR(msg) __CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen) ++#define CMSG_OK(mhdr, cmsg) ((cmsg)->cmsg_len >= sizeof(struct cmsghdr) && \ ++ (cmsg)->cmsg_len <= (unsigned long) \ ++ ((mhdr)->msg_controllen - \ ++ ((char *)(cmsg) - (char *)(mhdr)->msg_control))) + + /* + * This mess will go away with glibc +===== net/core/scm.c 1.10 vs edited ===== +--- 1.10/net/core/scm.c 2004-05-31 05:08:14 +10:00 ++++ edited/net/core/scm.c 2004-11-27 11:48:55 +11:00 +@@ -127,9 +127,7 @@ + for too short ancillary data object at all! Oops. + OK, let's add it... + */ +- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || +- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) +- + cmsg->cmsg_len) > msg->msg_controllen) ++ if (!CMSG_OK(msg, cmsg)) + goto error; + + if (cmsg->cmsg_level != SOL_SOCKET) +===== net/ipv4/ip_sockglue.c 1.26 vs edited ===== +--- 1.26/net/ipv4/ip_sockglue.c 2004-07-01 06:10:53 +10:00 ++++ edited/net/ipv4/ip_sockglue.c 2004-11-27 11:49:45 +11:00 +@@ -146,11 +146,8 @@ + struct cmsghdr *cmsg; + + for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { +- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || +- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) +- + cmsg->cmsg_len) > msg->msg_controllen) { ++ if (!CMSG_OK(msg, cmsg)) + return -EINVAL; +- } + if (cmsg->cmsg_level != SOL_IP) + continue; + switch (cmsg->cmsg_type) { +===== net/ipv6/datagram.c 1.20 vs edited ===== +--- 1.20/net/ipv6/datagram.c 2004-11-10 17:57:03 +11:00 ++++ edited/net/ipv6/datagram.c 2004-11-27 11:51:15 +11:00 +@@ -427,9 +427,7 @@ + int addr_type; + struct net_device *dev = NULL; + +- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || +- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) +- + cmsg->cmsg_len) > msg->msg_controllen) { ++ if (!CMSG_OK(msg, cmsg)) { + err = -EINVAL; + goto exit_f; + } diff --git a/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.22-vma.patch b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.22-vma.patch new file mode 100644 index 000000000000..2469dd5ab2c5 --- /dev/null +++ b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.22-vma.patch @@ -0,0 +1,246 @@ +# This is a BitKeeper generated diff -Nru style patch. +# +# ChangeSet +# 2004/12/17 21:45:58-02:00 chrisw@osdl.org +# [PATCH] Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). +# +# Backport of 2.6 fix to insert_vm_struct to make it return an error +# rather than BUG(). This eliminates a user triggerable BUG() when user +# created a large vma that overlapped with arg pages during exec (could be +# triggered with a.out on i386 and x86_64 and elf on ia64). +# +# Signed-off-by: Chris Wright <chrisw@osdl.org> +# +# ===== arch/ia64/ia32/binfmt_elf32.c 1.13 vs edited ===== +# +# arch/ia64/ia32/binfmt_elf32.c +# 2004/12/17 17:22:06-02:00 chrisw@osdl.org +16 -4 +# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). +# +# arch/ia64/mm/init.c +# 2004/12/17 15:25:47-02:00 chrisw@osdl.org +14 -2 +# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). +# +# arch/s390x/kernel/exec32.c +# 2004/12/17 15:32:42-02:00 chrisw@osdl.org +6 -2 +# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). This eliminates a user triggerable BUG() when user +# +# arch/x86_64/ia32/ia32_binfmt.c +# 2004/12/17 15:34:21-02:00 chrisw@osdl.org +6 -2 +# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). This eliminates a user triggerable BUG() when user +# +# fs/exec.c +# 2004/12/17 15:54:18-02:00 chrisw@osdl.org +6 -2 +# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). +# +# include/linux/mm.h +# 2004/12/16 20:38:37-02:00 chrisw@osdl.org +1 -1 +# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). This eliminates a user triggerable BUG() when user +# +# mm/mmap.c +# 2004/12/16 20:43:15-02:00 chrisw@osdl.org +3 -2 +# Backport of 2.6 fix to insert_vm_struct to make it return an error rather than BUG(). +# +diff -Nru a/arch/ia64/ia32/binfmt_elf32.c b/arch/ia64/ia32/binfmt_elf32.c +--- a/arch/ia64/ia32/binfmt_elf32.c 2004-12-19 07:39:49 -08:00 ++++ b/arch/ia64/ia32/binfmt_elf32.c 2004-12-19 07:39:49 -08:00 +@@ -95,7 +95,11 @@ + vma->vm_private_data = NULL; + down_write(¤t->mm->mmap_sem); + { +- insert_vm_struct(current->mm, vma); ++ if (insert_vm_struct(current->mm, vma)) { ++ kmem_cache_free(vm_area_cachep, vma); ++ up_write(¤t->mm->mmap_sem); ++ return; ++ } + } + up_write(¤t->mm->mmap_sem); + } +@@ -117,7 +121,11 @@ + vma->vm_private_data = NULL; + down_write(¤t->mm->mmap_sem); + { +- insert_vm_struct(current->mm, vma); ++ if (insert_vm_struct(current->mm, vma)) { ++ kmem_cache_free(vm_area_cachep, vma); ++ up_write(¤t->mm->mmap_sem); ++ return; ++ } + } + up_write(¤t->mm->mmap_sem); + } +@@ -164,7 +172,7 @@ + { + unsigned long stack_base; + struct vm_area_struct *mpnt; +- int i; ++ int i, ret; + + stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; + +@@ -188,7 +196,11 @@ + mpnt->vm_pgoff = 0; + mpnt->vm_file = NULL; + mpnt->vm_private_data = 0; +- insert_vm_struct(current->mm, mpnt); ++ if ((ret = insert_vm_struct(current->mm, mpnt))) { ++ up_write(¤t->mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, mpnt); ++ return ret; ++ } + current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; + } + +diff -Nru a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c +--- a/arch/ia64/mm/init.c 2004-12-19 07:39:49 -08:00 ++++ b/arch/ia64/mm/init.c 2004-12-19 07:39:49 -08:00 +@@ -105,7 +105,13 @@ + vma->vm_pgoff = 0; + vma->vm_file = NULL; + vma->vm_private_data = NULL; +- insert_vm_struct(current->mm, vma); ++ down_write(¤t->mm->mmap_sem); ++ if (insert_vm_struct(current->mm, vma)) { ++ up_write(¤t->mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, vma); ++ return; ++ } ++ up_write(¤t->mm->mmap_sem); + } + + /* map NaT-page at address zero to speed up speculative dereferencing of NULL: */ +@@ -117,7 +123,13 @@ + vma->vm_end = PAGE_SIZE; + vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT); + vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO | VM_RESERVED; +- insert_vm_struct(current->mm, vma); ++ down_write(¤t->mm->mmap_sem); ++ if (insert_vm_struct(current->mm, vma)) { ++ up_write(¤t->mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, vma); ++ return; ++ } ++ up_write(¤t->mm->mmap_sem); + } + } + } +diff -Nru a/arch/s390x/kernel/exec32.c b/arch/s390x/kernel/exec32.c +--- a/arch/s390x/kernel/exec32.c 2004-12-19 07:39:49 -08:00 ++++ b/arch/s390x/kernel/exec32.c 2004-12-19 07:39:49 -08:00 +@@ -41,7 +41,7 @@ + { + unsigned long stack_base; + struct vm_area_struct *mpnt; +- int i; ++ int i, ret; + + stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; + +@@ -65,7 +65,11 @@ + mpnt->vm_pgoff = 0; + mpnt->vm_file = NULL; + mpnt->vm_private_data = (void *) 0; +- insert_vm_struct(current->mm, mpnt); ++ if ((ret = insert_vm_struct(current->mm, mpnt))) { ++ up_write(¤t->mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, mpnt); ++ return ret; ++ } + current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; + } + +diff -Nru a/arch/x86_64/ia32/ia32_binfmt.c b/arch/x86_64/ia32/ia32_binfmt.c +--- a/arch/x86_64/ia32/ia32_binfmt.c 2004-12-19 07:39:49 -08:00 ++++ b/arch/x86_64/ia32/ia32_binfmt.c 2004-12-19 07:39:49 -08:00 +@@ -225,7 +225,7 @@ + { + unsigned long stack_base; + struct vm_area_struct *mpnt; +- int i; ++ int i, ret; + + stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; + +@@ -250,7 +250,11 @@ + mpnt->vm_pgoff = 0; + mpnt->vm_file = NULL; + mpnt->vm_private_data = (void *) 0; +- insert_vm_struct(current->mm, mpnt); ++ if ((ret = insert_vm_struct(current->mm, mpnt))) { ++ up_write(¤t->mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, mpnt); ++ return ret; ++ } + current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; + } + +diff -Nru a/fs/exec.c b/fs/exec.c +--- a/fs/exec.c 2004-12-19 07:39:49 -08:00 ++++ b/fs/exec.c 2004-12-19 07:39:49 -08:00 +@@ -327,7 +327,7 @@ + { + unsigned long stack_base; + struct vm_area_struct *mpnt; +- int i; ++ int i, ret; + + stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; + +@@ -387,7 +387,6 @@ + + down_write(¤t->mm->mmap_sem); + { +- struct vm_area_struct *vma; + mpnt->vm_mm = current->mm; + mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p; + mpnt->vm_end = STACK_TOP; +@@ -402,13 +401,11 @@ + mpnt->vm_pgoff = 0; + mpnt->vm_file = NULL; + mpnt->vm_private_data = (void *) 0; +- vma = find_vma(current->mm, mpnt->vm_start); +- if (vma) { ++ if ((ret = insert_vm_struct(current->mm, mpnt))) { + up_write(¤t->mm->mmap_sem); + kmem_cache_free(vm_area_cachep, mpnt); +- return -ENOMEM; ++ return ret; + } +- insert_vm_struct(current->mm, mpnt); + current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; + } + +diff -Nru a/include/linux/mm.h b/include/linux/mm.h +--- a/include/linux/mm.h 2004-12-19 07:39:49 -08:00 ++++ b/include/linux/mm.h 2004-12-19 07:39:49 -08:00 +@@ -548,7 +548,7 @@ + /* mmap.c */ + extern void lock_vma_mappings(struct vm_area_struct *); + extern void unlock_vma_mappings(struct vm_area_struct *); +-extern void insert_vm_struct(struct mm_struct *, struct vm_area_struct *); ++extern int insert_vm_struct(struct mm_struct *, struct vm_area_struct *); + extern void __insert_vm_struct(struct mm_struct *, struct vm_area_struct *); + extern void build_mmap_rb(struct mm_struct *); + extern void exit_mmap(struct mm_struct *); +diff -Nru a/mm/mmap.c b/mm/mmap.c +--- a/mm/mmap.c 2004-12-19 07:39:49 -08:00 ++++ b/mm/mmap.c 2004-12-19 07:39:49 -08:00 +@@ -1193,14 +1193,15 @@ + validate_mm(mm); + } + +-void insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) ++int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) + { + struct vm_area_struct * __vma, * prev; + rb_node_t ** rb_link, * rb_parent; + + __vma = find_vma_prepare(mm, vma->vm_start, &prev, &rb_link, &rb_parent); + if (__vma && __vma->vm_start < vma->vm_end) +- BUG(); ++ return -ENOMEM; + vma_link(mm, vma, prev, rb_link, rb_parent); + validate_mm(mm); ++ return 0; + } diff --git a/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2004-1016.patch b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2004-1016.patch new file mode 100644 index 000000000000..aa25ac95ed61 --- /dev/null +++ b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2004-1016.patch @@ -0,0 +1,75 @@ +===== include/linux/socket.h 1.12 vs edited ===== +--- 1.12/include/linux/socket.h 2004-09-09 06:40:01 +10:00 ++++ edited/include/linux/socket.h 2004-11-27 11:53:40 +11:00 +@@ -90,6 +90,10 @@ + (struct cmsghdr *)(ctl) : \ + (struct cmsghdr *)NULL) + #define CMSG_FIRSTHDR(msg) __CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen) ++#define CMSG_OK(mhdr, cmsg) ((cmsg)->cmsg_len >= sizeof(struct cmsghdr) && \ ++ (cmsg)->cmsg_len <= (unsigned long) \ ++ ((mhdr)->msg_controllen - \ ++ ((char *)(cmsg) - (char *)(mhdr)->msg_control))) + + /* + * This mess will go away with glibc +===== net/core/scm.c 1.10 vs edited ===== +--- 1.10/net/core/scm.c 2004-05-31 05:08:14 +10:00 ++++ edited/net/core/scm.c 2004-11-27 11:48:55 +11:00 +@@ -127,9 +127,7 @@ + for too short ancillary data object at all! Oops. + OK, let's add it... + */ +- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || +- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) +- + cmsg->cmsg_len) > msg->msg_controllen) ++ if (!CMSG_OK(msg, cmsg)) + goto error; + + if (cmsg->cmsg_level != SOL_SOCKET) +===== net/ipv4/ip_sockglue.c 1.26 vs edited ===== +--- 1.26/net/ipv4/ip_sockglue.c 2004-07-01 06:10:53 +10:00 ++++ edited/net/ipv4/ip_sockglue.c 2004-11-27 11:49:45 +11:00 +@@ -146,11 +146,8 @@ + struct cmsghdr *cmsg; + + for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { +- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || +- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) +- + cmsg->cmsg_len) > msg->msg_controllen) { ++ if (!CMSG_OK(msg, cmsg)) + return -EINVAL; +- } + if (cmsg->cmsg_level != SOL_IP) + continue; + switch (cmsg->cmsg_type) { +===== net/ipv6/datagram.c 1.20 vs edited ===== +--- 1.20/net/ipv6/datagram.c 2004-11-10 17:57:03 +11:00 ++++ edited/net/ipv6/datagram.c 2004-11-27 11:51:15 +11:00 +@@ -427,9 +427,7 @@ + int addr_type; + struct net_device *dev = NULL; + +- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || +- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) +- + cmsg->cmsg_len) > msg->msg_controllen) { ++ if (!CMSG_OK(msg, cmsg)) { + err = -EINVAL; + goto exit_f; + } +===== net/sctp/socket.c 1.129 vs edited ===== +--- 1.129/net/sctp/socket.c 2004-11-19 08:43:18 +11:00 ++++ edited/net/sctp/socket.c 2004-11-27 11:52:11 +11:00 +@@ -4098,12 +4098,8 @@ + for (cmsg = CMSG_FIRSTHDR(msg); + cmsg != NULL; + cmsg = CMSG_NXTHDR((struct msghdr*)msg, cmsg)) { +- /* Check for minimum length. The SCM code has this check. */ +- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || +- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) +- + cmsg->cmsg_len) > msg->msg_controllen) { ++ if (!CMSG_OK(msg, cmsg)) + return -EINVAL; +- } + + /* Should we parse this header or ignore? */ + if (cmsg->cmsg_level != IPPROTO_SCTP) diff --git a/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2004-1056.patch b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2004-1056.patch new file mode 100644 index 000000000000..53b777acaac5 --- /dev/null +++ b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2004-1056.patch @@ -0,0 +1,321 @@ +diff -ur linux-2.4.28/drivers/char/drm/i810.h linux-2.4.28.plasmaroo/drivers/char/drm/i810.h +--- linux-2.4.28/drivers/char/drm/i810.h 2003-11-28 18:26:20.000000000 +0000 ++++ linux-2.4.28.plasmaroo/drivers/char/drm/i810.h 2004-12-23 16:26:31.000000000 +0000 +@@ -114,4 +114,14 @@ + #define DRIVER_AGP_BUFFERS_MAP( dev ) \ + ((drm_i810_private_t *)((dev)->dev_private))->buffer_map + ++#define LOCK_TEST_WITH_RETURN( dev ) \ ++do { \ ++ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ ++ dev->lock.pid != current->pid ) { \ ++ DRM_ERROR( "%s called without lock held\n", \ ++ __FUNCTION__ ); \ ++ return -EINVAL; \ ++ } \ ++} while (0) ++ + #endif +diff -ur linux-2.4.28/drivers/char/drm/i810_dma.c linux-2.4.28.plasmaroo/drivers/char/drm/i810_dma.c +--- linux-2.4.28/drivers/char/drm/i810_dma.c 2004-02-18 13:36:31.000000000 +0000 ++++ linux-2.4.28.plasmaroo/drivers/char/drm/i810_dma.c 2004-12-23 16:27:16.000000000 +0000 +@@ -948,10 +948,7 @@ + drm_file_t *priv = filp->private_data; + drm_device_t *dev = priv->dev; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_flush_ioctl called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + i810_flush_queue(dev); + return 0; +@@ -973,10 +970,7 @@ + if (copy_from_user(&vertex, (drm_i810_vertex_t *)arg, sizeof(vertex))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_dma_vertex called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + if(vertex.idx < 0 || vertex.idx > dma->buf_count) return -EINVAL; + +@@ -1004,10 +998,7 @@ + if (copy_from_user(&clear, (drm_i810_clear_t *)arg, sizeof(clear))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_clear_bufs called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + /* GH: Someone's doing nasty things... */ + if (!dev->dev_private) { +@@ -1026,10 +1017,7 @@ + drm_file_t *priv = filp->private_data; + drm_device_t *dev = priv->dev; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_swap_buf called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + i810_dma_dispatch_swap( dev ); + return 0; +@@ -1064,10 +1052,7 @@ + if (copy_from_user(&d, (drm_i810_dma_t *)arg, sizeof(d))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_dma called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + d.granted = 0; + +@@ -1174,11 +1159,7 @@ + if (copy_from_user(&mc, (drm_i810_mc_t *)arg, sizeof(mc))) + return -EFAULT; + +- +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_dma_mc called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + i810_dma_dispatch_mc(dev, dma->buflist[mc.idx], mc.used, + mc.last_render ); +@@ -1223,10 +1204,7 @@ + drm_device_t *dev = priv->dev; + drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_fstatus called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + return I810_READ(0x30008); + } + +@@ -1237,10 +1215,7 @@ + drm_device_t *dev = priv->dev; + drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_ov0_flip called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + //Tell the overlay to update + I810_WRITE(0x30000,dev_priv->overlay_physical | 0x80000000); +diff -ur linux-2.4.28/drivers/char/drm/i830.h linux-2.4.28.plasmaroo/drivers/char/drm/i830.h +--- linux-2.4.28/drivers/char/drm/i830.h 2003-11-28 18:26:20.000000000 +0000 ++++ linux-2.4.28.plasmaroo/drivers/char/drm/i830.h 2004-12-23 16:31:33.000000000 +0000 +@@ -154,4 +154,14 @@ + #define DRIVER_AGP_BUFFERS_MAP( dev ) \ + ((drm_i830_private_t *)((dev)->dev_private))->buffer_map + ++#define LOCK_TEST_WITH_RETURN( dev ) \ ++do { \ ++ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ ++ dev->lock.pid != current->pid ) { \ ++ DRM_ERROR( "%s called without lock held\n", \ ++ __FUNCTION__ ); \ ++ return -EINVAL; \ ++ } \ ++} while (0) ++ + #endif +diff -ur linux-2.4.28/drivers/char/drm/i830_dma.c linux-2.4.28.plasmaroo/drivers/char/drm/i830_dma.c +--- linux-2.4.28/drivers/char/drm/i830_dma.c 2004-02-18 13:36:31.000000000 +0000 ++++ linux-2.4.28.plasmaroo/drivers/char/drm/i830_dma.c 2004-12-23 16:32:08.000000000 +0000 +@@ -1330,10 +1330,7 @@ + drm_file_t *priv = filp->private_data; + drm_device_t *dev = priv->dev; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i830_flush_ioctl called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + i830_flush_queue(dev); + return 0; +@@ -1354,10 +1351,7 @@ + if (copy_from_user(&vertex, (drm_i830_vertex_t *)arg, sizeof(vertex))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i830_dma_vertex called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + DRM_DEBUG("i830 dma vertex, idx %d used %d discard %d\n", + vertex.idx, vertex.used, vertex.discard); +@@ -1384,10 +1378,7 @@ + if (copy_from_user(&clear, (drm_i830_clear_t *)arg, sizeof(clear))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i830_clear_bufs called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + /* GH: Someone's doing nasty things... */ + if (!dev->dev_private) { +@@ -1409,10 +1400,7 @@ + + DRM_DEBUG("i830_swap_bufs\n"); + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i830_swap_buf called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + i830_dma_dispatch_swap( dev ); + return 0; +@@ -1453,10 +1441,7 @@ + + DRM_DEBUG("%s\n", __FUNCTION__); + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i830_flip_buf called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + if (!dev_priv->page_flipping) + i830_do_init_pageflip( dev ); +@@ -1495,10 +1480,7 @@ + if (copy_from_user(&d, (drm_i830_dma_t *)arg, sizeof(d))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i830_dma called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + d.granted = 0; + +diff -ur linux-2.4.28/drivers/char/drm/i830_irq.c linux-2.4.28.plasmaroo/drivers/char/drm/i830_irq.c +--- linux-2.4.28/drivers/char/drm/i830_irq.c 2003-11-28 18:26:20.000000000 +0000 ++++ linux-2.4.28.plasmaroo/drivers/char/drm/i830_irq.c 2004-12-23 16:39:47.000000000 +0000 +@@ -130,10 +130,7 @@ + drm_i830_irq_emit_t emit; + int result; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i830_irq_emit called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + if ( !dev_priv ) { + DRM_ERROR( "%s called with no initialization\n", __FUNCTION__ ); +diff -ur linux-2.4.28/drivers/char/drm-4.0/drmP.h linux-2.4.28.plasmaroo/drivers/char/drm-4.0/drmP.h +--- linux-2.4.28/drivers/char/drm-4.0/drmP.h 2004-02-18 13:36:31.000000000 +0000 ++++ linux-2.4.28.plasmaroo/drivers/char/drm-4.0/drmP.h 2004-12-23 16:21:30.000000000 +0000 +@@ -294,6 +294,16 @@ + #define DRM_BUFCOUNT(x) ((x)->count - DRM_LEFTCOUNT(x)) + #define DRM_WAITCOUNT(dev,idx) DRM_BUFCOUNT(&dev->queuelist[idx]->waitlist) + ++#define LOCK_TEST_WITH_RETURN( dev ) \ ++do { \ ++ if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ ++ dev->lock.pid != current->pid ) { \ ++ DRM_ERROR( "%s called without lock held\n", \ ++ __FUNCTION__ ); \ ++ return -EINVAL; \ ++ } \ ++} while (0) ++ + typedef int drm_ioctl_t(struct inode *inode, struct file *filp, + unsigned int cmd, unsigned long arg); + +diff -ur linux-2.4.28/drivers/char/drm-4.0/i810_dma.c linux-2.4.28.plasmaroo/drivers/char/drm-4.0/i810_dma.c +--- linux-2.4.28/drivers/char/drm-4.0/i810_dma.c 2004-02-18 13:36:31.000000000 +0000 ++++ linux-2.4.28.plasmaroo/drivers/char/drm-4.0/i810_dma.c 2004-12-23 16:21:30.000000000 +0000 +@@ -1249,10 +1249,7 @@ + drm_device_t *dev = priv->dev; + + DRM_DEBUG("i810_flush_ioctl\n"); +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_flush_ioctl called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + i810_flush_queue(dev); + return 0; +@@ -1274,10 +1271,7 @@ + if (copy_from_user(&vertex, (drm_i810_vertex_t *)arg, sizeof(vertex))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_dma_vertex called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + DRM_DEBUG("i810 dma vertex, idx %d used %d discard %d\n", + vertex.idx, vertex.used, vertex.discard); +@@ -1308,10 +1302,7 @@ + if (copy_from_user(&clear, (drm_i810_clear_t *)arg, sizeof(clear))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_clear_bufs called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + i810_dma_dispatch_clear( dev, clear.flags, + clear.clear_color, +@@ -1327,10 +1318,7 @@ + + DRM_DEBUG("i810_swap_bufs\n"); + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_swap_buf called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + i810_dma_dispatch_swap( dev ); + return 0; +@@ -1366,10 +1354,7 @@ + if (copy_from_user(&d, (drm_i810_dma_t *)arg, sizeof(d))) + return -EFAULT; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_dma called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + d.granted = 0; + +@@ -1399,10 +1384,7 @@ + drm_i810_buf_priv_t *buf_priv; + drm_device_dma_t *dma = dev->dma; + +- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { +- DRM_ERROR("i810_dma called without lock held\n"); +- return -EINVAL; +- } ++ LOCK_TEST_WITH_RETURN(dev); + + if (copy_from_user(&d, (drm_i810_copy_t *)arg, sizeof(d))) + return -EFAULT; diff --git a/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2004-1137.patch b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2004-1137.patch new file mode 100644 index 000000000000..161806ce79d7 --- /dev/null +++ b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2004-1137.patch @@ -0,0 +1,59 @@ +--- linux-2.4.28-orig/net/ipv4/igmp.c 2004-08-08 01:26:06.000000000 +0200 ++++ linux-2.4.28/net/ipv4/igmp.c 2004-12-15 22:12:48.000000000 +0100 +@@ -1757,12 +1757,12 @@ + goto done; + rv = !0; + for (i=0; i<psl->sl_count; i++) { +- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, ++ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, + sizeof(__u32)); +- if (rv >= 0) ++ if (rv == 0) + break; + } +- if (!rv) /* source not found */ ++ if (rv) /* source not found */ + goto done; + + /* update the interface filter */ +@@ -1804,9 +1804,9 @@ + } + rv = 1; /* > 0 for insert logic below if sl_count is 0 */ + for (i=0; i<psl->sl_count; i++) { +- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, ++ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, + sizeof(__u32)); +- if (rv >= 0) ++ if (rv == 0) + break; + } + if (rv == 0) /* address already there is an error */ +--- linux-2.4.28-orig/net/ipv6/mcast.c 2004-11-17 12:54:22.000000000 +0100 ++++ linux-2.4.28/net/ipv6/mcast.c 2004-12-15 22:14:07.000000000 +0100 +@@ -386,12 +386,12 @@ + goto done; + rv = !0; + for (i=0; i<psl->sl_count; i++) { +- rv = memcmp(&psl->sl_addr, group, ++ rv = memcmp(&psl->sl_addr[i], source, + sizeof(struct in6_addr)); +- if (rv >= 0) ++ if (rv == 0) + break; + } +- if (!rv) /* source not found */ ++ if (rv) /* source not found */ + goto done; + + /* update the interface filter */ +@@ -432,8 +432,8 @@ + } + rv = 1; /* > 0 for insert logic below if sl_count is 0 */ + for (i=0; i<psl->sl_count; i++) { +- rv = memcmp(&psl->sl_addr, group, sizeof(struct in6_addr)); +- if (rv >= 0) ++ rv = memcmp(&psl->sl_addr[i], source, sizeof(struct in6_addr)); ++ if (rv == 0) + break; + } + if (rv == 0) /* address already there is an error */ diff --git a/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.vma.patch b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.vma.patch new file mode 100644 index 000000000000..188da50f6655 --- /dev/null +++ b/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.vma.patch @@ -0,0 +1,352 @@ +diff -ur linux-2.4.28-gentoo-r2/arch/ia64/ia32/binfmt_elf32.c linux-2.4.28-gentoo-r3/arch/ia64/ia32/binfmt_elf32.c +--- linux-2.4.28-gentoo-r2/arch/ia64/ia32/binfmt_elf32.c 2004-11-27 20:50:07.000000000 +0000 ++++ linux-2.4.28-gentoo-r3/arch/ia64/ia32/binfmt_elf32.c 2004-12-24 14:34:29.531899728 +0000 +@@ -95,7 +95,11 @@ + vma->vm_private_data = NULL; + down_write(¤t->mm->mmap_sem); + { +- insert_vm_struct(current->mm, vma); ++ if (insert_vm_struct(current->mm, vma)) { ++ kmem_cache_free(vm_area_cachep, vma); ++ up_write(¤t->mm->mmap_sem); ++ return; ++ } + } + up_write(¤t->mm->mmap_sem); + } +@@ -117,7 +121,11 @@ + vma->vm_private_data = NULL; + down_write(¤t->mm->mmap_sem); + { +- insert_vm_struct(current->mm, vma); ++ if (insert_vm_struct(current->mm, vma)) { ++ kmem_cache_free(vm_area_cachep, vma); ++ up_write(¤t->mm->mmap_sem); ++ return; ++ } + } + up_write(¤t->mm->mmap_sem); + } +@@ -164,7 +172,7 @@ + { + unsigned long stack_base; + struct vm_area_struct *mpnt; +- int i; ++ int i, ret; + + stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; + +@@ -188,7 +196,11 @@ + mpnt->vm_pgoff = 0; + mpnt->vm_file = NULL; + mpnt->vm_private_data = 0; +- insert_vm_struct(current->mm, mpnt); ++ if ((ret = insert_vm_struct(current->mm, mpnt))) { ++ up_write(¤t->mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, mpnt); ++ return ret; ++ } + current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; + } + +diff -ur linux-2.4.28-gentoo-r2/arch/ia64/kernel/perfmon.c linux-2.4.28-gentoo-r3/arch/ia64/kernel/perfmon.c +--- linux-2.4.28-gentoo-r2/arch/ia64/kernel/perfmon.c 2004-11-27 20:50:07.000000000 +0000 ++++ linux-2.4.28-gentoo-r3/arch/ia64/kernel/perfmon.c 2004-12-24 14:34:29.534899272 +0000 +@@ -967,7 +967,8 @@ + * now insert the vma in the vm list for the process, must be + * done with mmap lock held + */ +- insert_vm_struct(mm, vma); ++ if(insert_vm_struct(mm, vma)) /* Handle -ENOMEM et al. */ ++ goto error; + + mm->total_vm += size >> PAGE_SHIFT; + +diff -ur linux-2.4.28-gentoo-r2/arch/ia64/mm/init.c linux-2.4.28-gentoo-r3/arch/ia64/mm/init.c +--- linux-2.4.28-gentoo-r2/arch/ia64/mm/init.c 2004-11-27 20:50:07.000000000 +0000 ++++ linux-2.4.28-gentoo-r3/arch/ia64/mm/init.c 2004-12-24 14:34:29.535899120 +0000 +@@ -105,7 +105,13 @@ + vma->vm_pgoff = 0; + vma->vm_file = NULL; + vma->vm_private_data = NULL; +- insert_vm_struct(current->mm, vma); ++ down_write(¤t->mm->mmap_sem); ++ if (insert_vm_struct(current->mm, vma)) { ++ up_write(¤t->mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, vma); ++ return; ++ } ++ up_write(¤t->mm->mmap_sem); + } + + /* map NaT-page at address zero to speed up speculative dereferencing of NULL: */ +@@ -117,7 +123,13 @@ + vma->vm_end = PAGE_SIZE; + vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT); + vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO | VM_RESERVED; +- insert_vm_struct(current->mm, vma); ++ down_write(¤t->mm->mmap_sem); ++ if (insert_vm_struct(current->mm, vma)) { ++ up_write(¤t->mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, vma); ++ return; ++ } ++ up_write(¤t->mm->mmap_sem); + } + } + } +diff -ur linux-2.4.28-gentoo-r2/arch/ppc/mm/fault.c linux-2.4.28-gentoo-r3/arch/ppc/mm/fault.c +--- linux-2.4.28-gentoo-r2/arch/ppc/mm/fault.c 2004-11-27 20:50:07.000000000 +0000 ++++ linux-2.4.28-gentoo-r3/arch/ppc/mm/fault.c 2004-12-24 14:34:29.543897904 +0000 +@@ -83,8 +83,10 @@ + nopage: pax_syscall_nopage, + }; + +-static void pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) ++static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) + { ++ int ret; ++ + vma->vm_mm = current->mm; + vma->vm_start = addr; + vma->vm_end = addr + PAGE_SIZE; +@@ -94,8 +96,15 @@ + vma->vm_pgoff = 0UL; + vma->vm_file = NULL; + vma->vm_private_data = NULL; +- insert_vm_struct(current->mm, vma); ++ ret = insert_vm_struct(current->mm, vma); ++ if(ret != 0) ++ { ++ up_write(¤t->mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, vma); ++ return ret; ++ } + ++current->mm->total_vm; ++ return 0; + } + #endif + +@@ -333,7 +342,8 @@ + return 1; + } + +- pax_insert_vma(vma, call_syscall); ++ if(pax_insert_vma(vma, call_syscall)) ++ return 1; /* VMA overlapping attempt; bye bye! */ + current->mm->call_syscall = call_syscall; + up_write(¤t->mm->mmap_sem); + +@@ -377,7 +387,8 @@ + return 1; + } + +- pax_insert_vma(vma, call_syscall); ++ if(pax_insert_vma(vma, call_syscall)) ++ return 1; /* VMA overlapping attempt; bye bye! */ + current->mm->call_syscall = call_syscall; + up_write(¤t->mm->mmap_sem); + +diff -ur linux-2.4.28-gentoo-r2/arch/s390x/kernel/exec32.c linux-2.4.28-gentoo-r3/arch/s390x/kernel/exec32.c +--- linux-2.4.28-gentoo-r2/arch/s390x/kernel/exec32.c 2004-11-27 20:50:07.000000000 +0000 ++++ linux-2.4.28-gentoo-r3/arch/s390x/kernel/exec32.c 2004-12-24 14:34:29.543897904 +0000 +@@ -41,7 +41,7 @@ + { + unsigned long stack_base; + struct vm_area_struct *mpnt; +- int i; ++ int i, ret; + + stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; + +@@ -65,7 +65,11 @@ + mpnt->vm_pgoff = 0; + mpnt->vm_file = NULL; + mpnt->vm_private_data = (void *) 0; +- insert_vm_struct(current->mm, mpnt); ++ if ((ret = insert_vm_struct(current->mm, mpnt))) { ++ up_write(¤t->mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, mpnt); ++ return ret; ++ } + current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; + } + +diff -ur linux-2.4.28-gentoo-r2/arch/sparc/mm/fault.c linux-2.4.28-gentoo-r3/arch/sparc/mm/fault.c +--- linux-2.4.28-gentoo-r2/arch/sparc/mm/fault.c 2004-11-27 20:50:07.000000000 +0000 ++++ linux-2.4.28-gentoo-r3/arch/sparc/mm/fault.c 2004-12-24 14:34:29.544897752 +0000 +@@ -250,8 +250,10 @@ + nopage: pax_emuplt_nopage, + }; + +-static void pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) ++static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) + { ++ int ret; ++ + vma->vm_mm = current->mm; + vma->vm_start = addr; + vma->vm_end = addr + PAGE_SIZE; +@@ -261,8 +263,15 @@ + vma->vm_pgoff = 0UL; + vma->vm_file = NULL; + vma->vm_private_data = NULL; +- insert_vm_struct(current->mm, vma); ++ ret = insert_vm_struct(current->mm, vma); ++ if(ret != 0) ++ { ++ up_write(¤t->mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, vma); ++ return ret; ++ } + ++current->mm->total_vm; ++ return 0; + } + + /* +@@ -423,7 +432,8 @@ + return 1; + } + +- pax_insert_vma(vma, call_dl_resolve); ++ if(pax_insert_vma(vma, call_dl_resolve)) ++ return 1; /* VMA overlapping attempt; bye bye! */ + current->mm->call_dl_resolve = call_dl_resolve; + up_write(¤t->mm->mmap_sem); + +diff -ur linux-2.4.28-gentoo-r2/arch/sparc64/mm/fault.c linux-2.4.28-gentoo-r3/arch/sparc64/mm/fault.c +--- linux-2.4.28-gentoo-r2/arch/sparc64/mm/fault.c 2004-11-27 20:50:07.000000000 +0000 ++++ linux-2.4.28-gentoo-r3/arch/sparc64/mm/fault.c 2004-12-24 14:34:29.559895472 +0000 +@@ -338,8 +338,10 @@ + nopage: pax_emuplt_nopage, + }; + +-static void pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) ++static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) + { ++ int ret; ++ + vma->vm_mm = current->mm; + vma->vm_start = addr; + vma->vm_end = addr + PAGE_SIZE; +@@ -349,8 +351,15 @@ + vma->vm_pgoff = 0UL; + vma->vm_file = NULL; + vma->vm_private_data = NULL; +- insert_vm_struct(current->mm, vma); ++ ret = insert_vm_struct(current->mm, vma); ++ if(ret != 0) ++ { ++ up_write(¤t->mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, vma); ++ return ret; ++ } + ++current->mm->total_vm; ++ return 0; + } + #endif + +@@ -609,7 +618,8 @@ + return 1; + } + +- pax_insert_vma(vma, call_dl_resolve); ++ if(pax_insert_vma(vma, call_dl_resolve)) ++ return 1; /* VMA overlapping attempt; bye bye! */ + current->mm->call_dl_resolve = call_dl_resolve; + up_write(¤t->mm->mmap_sem); + +diff -ur linux-2.4.28-gentoo-r2/arch/x86_64/ia32/ia32_binfmt.c linux-2.4.28-gentoo-r3/arch/x86_64/ia32/ia32_binfmt.c +--- linux-2.4.28-gentoo-r2/arch/x86_64/ia32/ia32_binfmt.c 2004-11-27 20:50:07.000000000 +0000 ++++ linux-2.4.28-gentoo-r3/arch/x86_64/ia32/ia32_binfmt.c 2004-12-24 14:34:29.559895472 +0000 +@@ -225,7 +225,7 @@ + { + unsigned long stack_base; + struct vm_area_struct *mpnt; +- int i; ++ int i, ret; + + stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; + +@@ -250,7 +250,11 @@ + mpnt->vm_pgoff = 0; + mpnt->vm_file = NULL; + mpnt->vm_private_data = (void *) 0; +- insert_vm_struct(current->mm, mpnt); ++ if ((ret = insert_vm_struct(current->mm, mpnt))) { ++ up_write(¤t->mm->mmap_sem); ++ kmem_cache_free(vm_area_cachep, mpnt); ++ return ret; ++ } + current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; + } + +diff -ur linux-2.4.28-gentoo-r2/fs/exec.c linux-2.4.28-gentoo-r3/fs/exec.c +--- linux-2.4.28-gentoo-r2/fs/exec.c 2004-11-27 20:50:07.000000000 +0000 ++++ linux-2.4.28-gentoo-r3/fs/exec.c 2004-12-24 14:35:52.000000000 +0000 +@@ -358,7 +358,7 @@ + { + unsigned long stack_base; + struct vm_area_struct *mpnt; +- int i; ++ int i, ret; + + #ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC + struct vm_area_struct *mpnt_m = NULL; +@@ -387,7 +387,6 @@ + + down_write(¤t->mm->mmap_sem); + { +- struct vm_area_struct *vma; + mpnt->vm_mm = current->mm; + mpnt->vm_start = PAGE_MASK & (unsigned long) bprm->p; + mpnt->vm_end = STACK_TOP; +@@ -402,13 +401,11 @@ + mpnt->vm_pgoff = 0; + mpnt->vm_file = NULL; + mpnt->vm_private_data = (void *) 0; +- vma = find_vma(current->mm, mpnt->vm_start); +- if (vma) { ++ if ((ret = insert_vm_struct(current->mm, mpnt))) { + up_write(¤t->mm->mmap_sem); + kmem_cache_free(vm_area_cachep, mpnt); +- return -ENOMEM; ++ return ret; + } +- insert_vm_struct(current->mm, mpnt); + current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; + + #ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC +diff -ur linux-2.4.28-gentoo-r2/include/linux/mm.h linux-2.4.28-gentoo-r3/include/linux/mm.h +--- linux-2.4.28-gentoo-r2/include/linux/mm.h 2004-11-27 20:50:07.000000000 +0000 ++++ linux-2.4.28-gentoo-r3/include/linux/mm.h 2004-12-24 14:34:29.000000000 +0000 +@@ -577,7 +577,7 @@ + /* mmap.c */ + extern void lock_vma_mappings(struct vm_area_struct *); + extern void unlock_vma_mappings(struct vm_area_struct *); +-extern void insert_vm_struct(struct mm_struct *, struct vm_area_struct *); ++extern int insert_vm_struct(struct mm_struct *, struct vm_area_struct *); + extern void __insert_vm_struct(struct mm_struct *, struct vm_area_struct *); + extern void build_mmap_rb(struct mm_struct *); + extern void exit_mmap(struct mm_struct *); +diff -ur linux-2.4.28-gentoo-r2/mm/mmap.c linux-2.4.28-gentoo-r3/mm/mmap.c +--- linux-2.4.28-gentoo-r2/mm/mmap.c 2004-11-27 20:50:07.000000000 +0000 ++++ linux-2.4.28-gentoo-r3/mm/mmap.c 2004-12-24 14:34:29.000000000 +0000 +@@ -1480,14 +1480,15 @@ + validate_mm(mm); + } + +-void insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) ++int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) + { + struct vm_area_struct * __vma, * prev; + rb_node_t ** rb_link, * rb_parent; + + __vma = find_vma_prepare(mm, vma->vm_start, &prev, &rb_link, &rb_parent); + if (__vma && __vma->vm_start < vma->vm_end) +- BUG(); ++ return -ENOMEM; + vma_link(mm, vma, prev, rb_link, rb_parent); + validate_mm(mm); ++ return 0; + } diff --git a/sys-kernel/gentoo-sources/gentoo-sources-2.4.20-r29.ebuild b/sys-kernel/gentoo-sources/gentoo-sources-2.4.20-r30.ebuild index 0148cfa68f03..fd26b75f8c2d 100644 --- a/sys-kernel/gentoo-sources/gentoo-sources-2.4.20-r29.ebuild +++ b/sys-kernel/gentoo-sources/gentoo-sources-2.4.20-r30.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.20-r29.ebuild,v 1.1 2004/11/27 20:57:39 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.20-r30.ebuild,v 1.1 2004/12/24 18:23:50 plasmaroo Exp $ IUSE="aavm crypt evms2 usagi" @@ -30,7 +30,7 @@ S=${WORKDIR}/linux-${KV} DESCRIPTION="Full sources for the Gentoo Kernel." SRC_URI="mirror://kernel/linux/kernel/v2.4/linux-${OKV}.tar.bz2 - http://dev.gentoo.org/~plasmaroo/patches/kernel/gentoo-sources/patches-${KV/29/28}.tar.bz2 + http://dev.gentoo.org/~plasmaroo/patches/kernel/gentoo-sources/patches-${KV/30/28}.tar.bz2 http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/${P}-CAN-2004-0415.patch http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/${P}-CAN-2004-0814.patch" HOMEPAGE="http://www.gentoo.org/ http://www.kernel.org/" @@ -42,7 +42,7 @@ src_unpack() { unpack ${A} mv linux-${OKV} linux-${KV} || die "Error moving kernel source tree to linux-${KV}" - cd ${WORKDIR}/${KV/r29/r28} + cd ${WORKDIR}/${KV/r30/r28} # This is the *ratified* aavm USE flag, enables aavm support in this kernel if ! use aavm; then @@ -153,6 +153,9 @@ src_unpack() { epatch ${FILESDIR}/${P}-smbfs.patch || die "Failed to apply the SMBFS patch!" epatch ${FILESDIR}/${PN}-2.4.AF_UNIX.patch || die "Failed to apply the AF_UNIX patch!" epatch ${FILESDIR}/${PN}-2.4.binfmt_a.out.patch || die "Failed to apply the binfmt_a.out patch!" + epatch ${FILESDIR}/${PN}-2.4.vma.patch || die "Failed to apply the VMA patch!" + epatch ${FILESDIR}/${PN}-2.4.22-CAN-2004-1016.patch || die "Failed to apply the CAN-2004-1016 patch!" + epatch ${FILESDIR}/${P}-CAN-2004-1056.patch || die "Failed to apply the CAN-2004-1056 patch!" } pkg_postinst() { diff --git a/sys-kernel/gentoo-sources/gentoo-sources-2.4.22-r20.ebuild b/sys-kernel/gentoo-sources/gentoo-sources-2.4.22-r21.ebuild index 6e2a4d115342..c38593ab7c7d 100644 --- a/sys-kernel/gentoo-sources/gentoo-sources-2.4.22-r20.ebuild +++ b/sys-kernel/gentoo-sources/gentoo-sources-2.4.22-r21.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.22-r20.ebuild,v 1.1 2004/11/27 20:57:39 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.22-r21.ebuild,v 1.1 2004/12/24 18:23:50 plasmaroo Exp $ ETYPE="sources" @@ -9,7 +9,7 @@ detect_version UNIPATCH_STRICTORDER='Y' UNIPATCH_LIST=" - ${DISTDIR}/gentoo-sources-${PVR/20/5}.patch.bz2 + ${DISTDIR}/gentoo-sources-${PVR/21/5}.patch.bz2 ${FILESDIR}/${PN}-2.4.munmap.patch ${FILESDIR}/${PN}-2.4.CAN-2004-0001.patch ${FILESDIR}/${PN}-2.4.CAN-2004-0010.patch @@ -32,13 +32,17 @@ UNIPATCH_LIST=" ${FILESDIR}/${PN}-2.4.binfmt_elf.patch ${FILESDIR}/${PN}-2.4.20-smbfs.patch ${FILESDIR}/${PN}-2.4.AF_UNIX.patch - ${FILESDIR}/${PN}-2.4.binfmt_a.out.patch" + ${FILESDIR}/${PN}-2.4.binfmt_a.out.patch + ${FILESDIR}/${P}-vma.patch + ${FILESDIR}/${P}-CAN-2004-1016.patch + ${FILESDIR}/${PN}-2.4.CAN-2004-1056.patch + ${FILESDIR}/${PN}-2.4.CAN-2004-1137.patch" S=${WORKDIR}/linux-${KV} DESCRIPTION="Full sources for the Gentoo Kernel." SRC_URI="mirror://kernel/linux/kernel/v2.4/linux-${OKV}.tar.bz2 - http://dev.gentoo.org/~iggy/gentoo-sources-${PVR/20/5}.patch.bz2 + http://dev.gentoo.org/~iggy/gentoo-sources-${PVR/21/5}.patch.bz2 http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-${OKV}-CAN-2004-0415.patch http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/${P}-CAN-2004-0814.patch" KEYWORDS="x86 -*" diff --git a/sys-kernel/gentoo-sources/gentoo-sources-2.4.25-r13.ebuild b/sys-kernel/gentoo-sources/gentoo-sources-2.4.25-r14.ebuild index 837a2638b082..68b38553d6a8 100644 --- a/sys-kernel/gentoo-sources/gentoo-sources-2.4.25-r13.ebuild +++ b/sys-kernel/gentoo-sources/gentoo-sources-2.4.25-r14.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.25-r13.ebuild,v 1.1 2004/11/27 20:57:39 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.25-r14.ebuild,v 1.1 2004/12/24 18:23:50 plasmaroo Exp $ ETYPE="sources" inherit kernel-2 @@ -31,7 +31,11 @@ UNIPATCH_LIST=" ${DISTDIR}/linux-2.4.26-CAN-2004-0415.patch ${DISTDIR}/${PN}-2.4.22-CAN-2004-0814.patch ${FILESDIR}/${PN}-2.4.AF_UNIX.patch - ${FILESDIR}/${PN}-2.4.binfmt_a.out.patch" + ${FILESDIR}/${PN}-2.4.binfmt_a.out.patch + ${FILESDIR}/${PN}-2.4.vma.patch + ${FILESDIR}/${PN}-2.4.CAN-2004-1016.patch + ${FILESDIR}/${PN}-2.4.CAN-2004-1056.patch + ${FILESDIR}/${PN}-2.4.CAN-2004-1137.patch" DESCRIPTION="Full sources including the gentoo patchset for the ${KV_MAJOR}.${KV_MINOR} kernel tree" SRC_URI="${KERNEL_URI} http://dev.gentoo.org/~livewire/${P}.patch.bz2 diff --git a/sys-kernel/gentoo-sources/gentoo-sources-2.4.26-r13.ebuild b/sys-kernel/gentoo-sources/gentoo-sources-2.4.26-r14.ebuild index e006b39ffa1b..bb032d1257ad 100644 --- a/sys-kernel/gentoo-sources/gentoo-sources-2.4.26-r13.ebuild +++ b/sys-kernel/gentoo-sources/gentoo-sources-2.4.26-r14.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.26-r13.ebuild,v 1.1 2004/11/27 20:57:39 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.26-r14.ebuild,v 1.1 2004/12/24 18:23:50 plasmaroo Exp $ ETYPE="sources" inherit kernel-2 @@ -11,7 +11,7 @@ IUSE='' UNIPATCH_STRICTORDER='Y' UNIPATCH_LIST=" - ${DISTDIR}/${PF/r13/r6}.tar.bz2 + ${DISTDIR}/${PF/r14/r6}.tar.bz2 ${FILESDIR}/${PN}-2.4.CAN-2004-0495.patch ${FILESDIR}/${PN}-2.4.CAN-2004-0497.patch ${FILESDIR}/${PN}-2.4.CAN-2004-0535.patch @@ -25,9 +25,13 @@ UNIPATCH_LIST=" ${DISTDIR}/linux-${OKV}-CAN-2004-0415.patch ${DISTDIR}/${PN}-2.4.22-CAN-2004-0814.patch ${FILESDIR}/${PN}-2.4.AF_UNIX.patch - ${FILESDIR}/${PN}-2.4.binfmt_a.out.patch" + ${FILESDIR}/${PN}-2.4.binfmt_a.out.patch + ${FILESDIR}/${PN}-2.4.vma.patch + ${FILESDIR}/${PN}-2.4.CAN-2004-1016.patch + ${FILESDIR}/${PN}-2.4.CAN-2004-1056.patch + ${FILESDIR}/${PN}-2.4.CAN-2004-1137.patch" DESCRIPTION="Full sources including the Gentoo patchset for the ${KV_MAJOR}.${KV_MINOR} kernel tree" -SRC_URI="${KERNEL_URI} http://dev.gentoo.org/~plasmaroo/patches/kernel/gentoo-sources/${PF/r13/r6}.tar.bz2 +SRC_URI="${KERNEL_URI} http://dev.gentoo.org/~plasmaroo/patches/kernel/gentoo-sources/${PF/r14/r6}.tar.bz2 http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-${OKV}-CAN-2004-0415.patch http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/${PN}-2.4.22-CAN-2004-0814.patch" diff --git a/sys-kernel/gentoo-sources/gentoo-sources-2.4.27-r5.ebuild b/sys-kernel/gentoo-sources/gentoo-sources-2.4.27-r6.ebuild index e110180e81e7..78a6b5785229 100644 --- a/sys-kernel/gentoo-sources/gentoo-sources-2.4.27-r5.ebuild +++ b/sys-kernel/gentoo-sources/gentoo-sources-2.4.27-r6.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.27-r5.ebuild,v 1.1 2004/11/27 20:57:39 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.27-r6.ebuild,v 1.1 2004/12/24 18:23:50 plasmaroo Exp $ ETYPE="sources" inherit kernel-2 @@ -10,16 +10,20 @@ KEYWORDS="~x86 -ppc" IUSE='' UNIPATCH_STRICTORDER='Y' -UNIPATCH_LIST="${DISTDIR}/${PF/r5/r1}.tar.bz2 +UNIPATCH_LIST="${DISTDIR}/${PF/r6/r1}.tar.bz2 ${DISTDIR}/${PN}-2.4.22-CAN-2004-0814.patch ${FILESDIR}/${PN}-2.4.cmdlineLeak.patch ${FILESDIR}/${PN}-2.4.XDRWrapFix.patch ${FILESDIR}/${PN}-2.4.binfmt_elf.patch ${FILESDIR}/${PN}-2.4.smbfs.patch ${FILESDIR}/${PN}-2.4.AF_UNIX.patch - ${FILESDIR}/${PN}-2.4.binfmt_a.out.patch" + ${FILESDIR}/${PN}-2.4.binfmt_a.out.patch + ${FILESDIR}/${PN}-2.4.vma.patch + ${FILESDIR}/${PN}-2.4.CAN-2004-1016.patch + ${FILESDIR}/${PN}-2.4.CAN-2004-1056.patch + ${FILESDIR}/${PN}-2.4.CAN-2004-1137.patch" DESCRIPTION="Full sources including the Gentoo patchset for the ${KV_MAJOR}.${KV_MINOR} kernel tree" -SRC_URI="${KERNEL_URI} http://dev.gentoo.org/~plasmaroo/patches/kernel/gentoo-sources/${PF/r5/r1}.tar.bz2 +SRC_URI="${KERNEL_URI} http://dev.gentoo.org/~plasmaroo/patches/kernel/gentoo-sources/${PF/r6/r1}.tar.bz2 http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/${PN}-2.4.22-CAN-2004-0814.patch" diff --git a/sys-kernel/gentoo-sources/gentoo-sources-2.4.28-r2.ebuild b/sys-kernel/gentoo-sources/gentoo-sources-2.4.28-r3.ebuild index be683d4194bd..81c28a2bc57c 100644 --- a/sys-kernel/gentoo-sources/gentoo-sources-2.4.28-r2.ebuild +++ b/sys-kernel/gentoo-sources/gentoo-sources-2.4.28-r3.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.28-r2.ebuild,v 1.1 2004/11/27 20:57:39 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/gentoo-sources/gentoo-sources-2.4.28-r3.ebuild,v 1.1 2004/12/24 18:23:50 plasmaroo Exp $ ETYPE="sources" inherit kernel-2 @@ -10,11 +10,15 @@ KEYWORDS="~x86 -ppc" IUSE='' UNIPATCH_STRICTORDER='Y' -UNIPATCH_LIST="${DISTDIR}/${PF/r2/r1}.tar.bz2 +UNIPATCH_LIST="${DISTDIR}/${PF/r3/r1}.tar.bz2 ${DISTDIR}/${PN}-2.4.22-CAN-2004-0814.patch ${FILESDIR}/${PN}-2.4.cmdlineLeak.patch - ${FILESDIR}/${PN}-2.4.binfmt_a.out.patch" + ${FILESDIR}/${PN}-2.4.binfmt_a.out.patch + ${FILESDIR}/${PN}-2.4.vma.patch + ${FILESDIR}/${PN}-2.4.CAN-2004-1016.patch + ${FILESDIR}/${PN}-2.4.CAN-2004-1056.patch + ${FILESDIR}/${PN}-2.4.CAN-2004-1137.patch" DESCRIPTION="Full sources including the Gentoo patchset for the ${KV_MAJOR}.${KV_MINOR} kernel tree" -SRC_URI="${KERNEL_URI} http://dev.gentoo.org/~plasmaroo/patches/kernel/gentoo-sources/${PF/r2/r1}.tar.bz2 +SRC_URI="${KERNEL_URI} http://dev.gentoo.org/~plasmaroo/patches/kernel/gentoo-sources/${PF/r3/r1}.tar.bz2 http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/${PN}-2.4.22-CAN-2004-0814.patch" |