diff options
| author |   Tim Yamin <plasmaroo@gentoo.org> | 2005-01-08 12:57:23 +0000 |
|---|---|---|
| committer | Tim Yamin <plasmaroo@gentoo.org> | 2005-01-08 12:57:23 +0000 |
| commit | f46211766f309a7891229d76961937f9f676044a (patch) | |
| tree | 76bd76ca293e9449f6946e3b5d102ebdcfdec42d /sys-kernel/ac-sources | |
| parent | Version bump. Removed old ebuilds. (diff) | |
| download | historical-f46211766f309a7891229d76961937f9f676044a.tar.gz historical-f46211766f309a7891229d76961937f9f676044a.tar.bz2 historical-f46211766f309a7891229d76961937f9f676044a.zip | |
Security bump; bugs #75963, #77025, #77094.
Diffstat (limited to 'sys-kernel/ac-sources')
14 files changed, 501 insertions, 865 deletions
diff --git a/sys-kernel/ac-sources/ChangeLog b/sys-kernel/ac-sources/ChangeLog index 77c3ca55745c..980dae0c96bd 100644 --- a/sys-kernel/ac-sources/ChangeLog +++ b/sys-kernel/ac-sources/ChangeLog @@ -1,6 +1,20 @@ # ChangeLog for sys-kernel/ac-sources # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ac-sources/ChangeLog,v 1.49 2005/01/08 12:23:33 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ac-sources/ChangeLog,v 1.50 2005/01/08 12:57:23 plasmaroo Exp $ + +*ac-sources-2.6.10-r7 (08 Jan 2005) + + 08 Jan 2005; <plasmaroo@gentoo.org> -ac-sources-2.6.10-r6.ebuild, + +ac-sources-2.6.10-r7.ebuild, +files/ac-sources-2.6.10.75963.patch, + +files/ac-sources-2.6.10.77094.patch, + +files/ac-sources-2.6.10.brk-locked.patch, + -files/ac-sources-2.6.9.CAN-2004-1016.patch, + -files/ac-sources-2.6.9.CAN-2004-1056.patch, + -files/ac-sources-2.6.9.CAN-2004-1137.patch, + -files/ac-sources-2.6.9.CAN-2004-1151.patch, + -files/ac-sources-2.6.9.binfmt_elf.patch, + -files/ac-sources-2.6.9.shmLocking.patch, -files/ac-sources-2.6.9.vma.patch: + Security bump; bugs #75963, #77025, #77094. *ac-sources-2.6.10-r6 (08 Jan 2005) diff --git a/sys-kernel/ac-sources/Manifest b/sys-kernel/ac-sources/Manifest index 14d4ac799e09..c4ee29d908b3 100644 --- a/sys-kernel/ac-sources/Manifest +++ b/sys-kernel/ac-sources/Manifest @@ -1,14 +1,10 @@ -MD5 1fd131397f6afb50b237cbb77c04b66b ChangeLog 2729 +MD5 c67970aeb91bc0085b18b127e38ef841 ChangeLog 3347 MD5 2b0cfdcefc398952a818684668e808f1 metadata.xml 384 MD5 b2900ef65ee74df83641a1e0dcc0d04d ac-sources-2.6.9-r16.ebuild 1069 -MD5 9439d457915826c36b75b62544b34f02 ac-sources-2.6.10-r6.ebuild 1047 -MD5 f211ff52010dfc1d94d2dcfc06636fd9 files/ac-sources-2.6.9.shmLocking.patch 1757 +MD5 689b00a9aacf37fc3cd1823748ca7b62 ac-sources-2.6.10-r7.ebuild 1144 MD5 2c667e2fa7172f460e6e9c2699acded2 files/2.6.9-ac1-fix-extraversion.patch 1288 +MD5 98dc2cdd5a9c277afe4732183f144d6b files/ac-sources-2.6.10.77094.patch 5074 +MD5 cd0a7533c43364e377348613c6d76bb7 files/ac-sources-2.6.10.brk-locked.patch 9736 MD5 cc9defa9a150cb44f0a42b4ca29b569a files/digest-ac-sources-2.6.9-r16 131 -MD5 6aa8f7a7c2d55734389b53d3bcf78570 files/ac-sources-2.6.9.CAN-2004-1016.patch 2835 -MD5 09e9f1cad6f2f28fe81682cbad8e3011 files/ac-sources-2.6.9.CAN-2004-1137.patch 2551 -MD5 42b42f2a4f260fad2fef264b82aff2ae files/ac-sources-2.6.9.vma.patch 8952 -MD5 d9127fc038c80114d40b69d761803ed2 files/ac-sources-2.6.9.binfmt_elf.patch 1929 -MD5 6bcdd0bb63e2db559a5c6465c73a7f89 files/ac-sources-2.6.9.CAN-2004-1151.patch 1143 -MD5 001b0a631c9fc28133013a1f8f78f74c files/ac-sources-2.6.9.CAN-2004-1056.patch 8458 -MD5 56011b36c9457d90940a19ff73aa1c42 files/digest-ac-sources-2.6.10-r6 132 +MD5 0f05a322e5157eacd940a3f0dfb402cf files/digest-ac-sources-2.6.10-r7 132 +MD5 655251f31f0bdc85bdd0cd0280af22b7 files/ac-sources-2.6.10.75963.patch 979 diff --git a/sys-kernel/ac-sources/ac-sources-2.6.10-r6.ebuild b/sys-kernel/ac-sources/ac-sources-2.6.10-r7.ebuild index 76e6da369eca..8be5222b4320 100644 --- a/sys-kernel/ac-sources/ac-sources-2.6.10-r6.ebuild +++ b/sys-kernel/ac-sources/ac-sources-2.6.10-r7.ebuild @@ -1,8 +1,12 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ac-sources/ac-sources-2.6.10-r6.ebuild,v 1.1 2005/01/08 12:23:33 plasmaroo Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ac-sources/ac-sources-2.6.10-r7.ebuild,v 1.1 2005/01/08 12:57:23 plasmaroo Exp $ -UNIPATCH_LIST="${DISTDIR}/patch-${KV}.bz2" +UNIPATCH_LIST=" + ${DISTDIR}/patch-${KV}.bz2 + ${FILESDIR}/${P}.75963.patch + ${FILESDIR}/${P}.77094.patch + ${FILESDIR}/${P}.brk-locked.patch" K_PREPATCHED="yes" UNIPATCH_STRICTORDER="yes" diff --git a/sys-kernel/ac-sources/files/ac-sources-2.6.10.75963.patch b/sys-kernel/ac-sources/files/ac-sources-2.6.10.75963.patch new file mode 100644 index 000000000000..80390f13bd73 --- /dev/null +++ b/sys-kernel/ac-sources/files/ac-sources-2.6.10.75963.patch @@ -0,0 +1,32 @@ +--- linux-2.6.10/security/dummy.c 2004-12-24 21:34:26.000000000 +0000 ++++ linux-2.6.10.plasmaroo/security/dummy.c 2005-01-07 20:13:50.763073872 +0000 +@@ -74,11 +74,8 @@ + + static int dummy_capable (struct task_struct *tsk, int cap) + { +- if (cap_is_fs_cap (cap) ? tsk->fsuid == 0 : tsk->euid == 0) +- /* capability granted */ ++ if (cap_raised (tsk->cap_effective, cap)) + return 0; +- +- /* capability denied */ + return -EPERM; + } + +@@ -191,6 +188,8 @@ + + current->suid = current->euid = current->fsuid = bprm->e_uid; + current->sgid = current->egid = current->fsgid = bprm->e_gid; ++ ++ dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); + } + + static int dummy_bprm_set_security (struct linux_binprm *bprm) +@@ -550,6 +549,7 @@ + + static int dummy_task_post_setuid (uid_t id0, uid_t id1, uid_t id2, int flags) + { ++ dummy_capget(current, ¤t->cap_effective, ¤t->cap_inheritable, ¤t->cap_permitted); + return 0; + } + diff --git a/sys-kernel/ac-sources/files/ac-sources-2.6.10.77094.patch b/sys-kernel/ac-sources/files/ac-sources-2.6.10.77094.patch new file mode 100644 index 000000000000..ff7123d43482 --- /dev/null +++ b/sys-kernel/ac-sources/files/ac-sources-2.6.10.77094.patch @@ -0,0 +1,138 @@ +diff -urNp linux-2.6.10/drivers/char/moxa.c linux-2.6.10-new/drivers/char/moxa.c +--- linux-2.6.10/drivers/char/moxa.c 2005-01-07 10:51:23 -0500 ++++ linux-2.6.10-new/drivers/char/moxa.c 2005-01-07 10:51:33 -0500 +@@ -1668,6 +1668,8 @@ int MoxaDriverIoctl(unsigned int cmd, un + return -EFAULT; + if(dltmp.cardno < 0 || dltmp.cardno >= MAX_BOARDS) + return -EINVAL; ++ if(dltmp.len < 0 || dltmp.len > sizeof(moxaBuff)) ++ return -EINVAL; + + switch(cmd) + { +@@ -2822,8 +2824,6 @@ static int moxaload320b(int cardno, unsi + void __iomem *baseAddr; + int i; + +- if(len > sizeof(moxaBuff)) +- return -EINVAL; + if(copy_from_user(moxaBuff, tmp, len)) + return -EFAULT; + baseAddr = moxaBaseAddr[cardno]; +diff -urNp linux-2.6.10/include/linux/writeback.h linux-2.6.10-new/include/linux/writeback.h +--- linux-2.6.10/include/linux/writeback.h 2005-01-07 10:51:22 -0500 ++++ linux-2.6.10-new/include/linux/writeback.h 2005-01-07 10:51:33 -0500 +@@ -86,6 +86,7 @@ static inline void wait_on_inode(struct + int wakeup_bdflush(long nr_pages); + void laptop_io_completion(void); + void laptop_sync_completion(void); ++void throttle_vm_writeout(void); + + /* These are exported to sysctl. */ + extern int dirty_background_ratio; +diff -urNp linux-2.6.10/mm/mmap.c linux-2.6.10-new/mm/mmap.c +--- linux-2.6.10/mm/mmap.c 2004-12-24 22:35:00.000000000 +0100 ++++ linux-2.6.10-new/mm/mmap.c 2004-12-27 16:37:47.000000000 +0100 +@@ -1360,6 +1360,13 @@ int expand_stack(struct vm_area_struct * + vm_unacct_memory(grow); + return -ENOMEM; + } ++ if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) && ++ ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > ++ current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) { ++ anon_vma_unlock(vma); ++ vm_unacct_memory(grow); ++ return -ENOMEM; ++ } + vma->vm_end = address; + vma->vm_mm->total_vm += grow; + if (vma->vm_flags & VM_LOCKED) +@@ -1422,6 +1429,13 @@ int expand_stack(struct vm_area_struct * + vm_unacct_memory(grow); + return -ENOMEM; + } ++ if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) && ++ ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > ++ current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) { ++ anon_vma_unlock(vma); ++ vm_unacct_memory(grow); ++ return -ENOMEM; ++ } + vma->vm_start = address; + vma->vm_pgoff -= grow; + vma->vm_mm->total_vm += grow; +diff -urNp linux-2.6.10/mm/page-writeback.c linux-2.6.10-new/mm/page-writeback.c +--- linux-2.6.10/mm/page-writeback.c 2005-01-07 10:51:24 -0500 ++++ linux-2.6.10-new/mm/page-writeback.c 2005-01-07 10:51:33 -0500 +@@ -276,6 +276,28 @@ void balance_dirty_pages_ratelimited(str + } + EXPORT_SYMBOL(balance_dirty_pages_ratelimited); + ++void throttle_vm_writeout(void) ++{ ++ struct writeback_state wbs; ++ long background_thresh; ++ long dirty_thresh; ++ ++ for ( ; ; ) { ++ get_dirty_limits(&wbs, &background_thresh, &dirty_thresh); ++ ++ /* ++ * Boost the allowable dirty threshold a bit for page ++ * allocators so they don't get DoS'ed by heavy writers ++ */ ++ dirty_thresh += dirty_thresh / 10; /* wheeee... */ ++ ++ if (wbs.nr_unstable + wbs.nr_writeback <= dirty_thresh) ++ break; ++ blk_congestion_wait(WRITE, HZ/10); ++ } ++} ++ ++ + /* + * writeback at least _min_pages, and keep writing until the amount of dirty + * memory is less than the background threshold, or until we're all clean. +diff -urNp linux-2.6.10/mm/vmscan.c linux-2.6.10-new/mm/vmscan.c +--- linux-2.6.10/mm/vmscan.c 2005-01-07 10:51:24 -0500 ++++ linux-2.6.10-new/mm/vmscan.c 2005-01-07 10:51:33 -0500 +@@ -369,14 +369,14 @@ static int shrink_list(struct list_head + + BUG_ON(PageActive(page)); + +- if (PageWriteback(page)) +- goto keep_locked; +- + sc->nr_scanned++; + /* Double the slab pressure for mapped and swapcache pages */ + if (page_mapped(page) || PageSwapCache(page)) + sc->nr_scanned++; + ++ if (PageWriteback(page)) ++ goto keep_locked; ++ + referenced = page_referenced(page, 1, sc->priority <= 0); + /* In active use or really unfreeable? Activate it. */ + if (referenced && page_mapping_inuse(page)) +@@ -825,6 +825,8 @@ shrink_zone(struct zone *zone, struct sc + break; + } + } ++ ++ throttle_vm_writeout(); + } + + /* +diff -urNp linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_tcp.c linux-2.6.10-new/net/ipv4/netfilter/ip_conntrack_proto_tcp.c +--- linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2005-01-07 10:51:24 -0500 ++++ linux-2.6.10-new/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2005-01-07 10:51:33 -0500 +@@ -906,7 +906,8 @@ static int tcp_packet(struct ip_conntrac + if (index == TCP_RST_SET + && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status) + && conntrack->proto.tcp.last_index <= TCP_SYNACK_SET) +- || conntrack->proto.tcp.last_index == TCP_ACK_SET) ++ || (!test_bit(IPS_ASSURED_BIT, &conntrack->status) ++ && conntrack->proto.tcp.last_index == TCP_ACK_SET)) + && after(ntohl(th->ack_seq), + conntrack->proto.tcp.last_seq)) { + /* Ignore RST closing down invalid SYN or ACK diff --git a/sys-kernel/ac-sources/files/ac-sources-2.6.10.brk-locked.patch b/sys-kernel/ac-sources/files/ac-sources-2.6.10.brk-locked.patch new file mode 100644 index 000000000000..6095e844d5f1 --- /dev/null +++ b/sys-kernel/ac-sources/files/ac-sources-2.6.10.brk-locked.patch @@ -0,0 +1,303 @@ +diff -ur linux-2.6.10/arch/mips/kernel/irixelf.c linux-2.6.10.plasmaroo/arch/mips/kernel/irixelf.c +--- linux-2.6.10/arch/mips/kernel/irixelf.c 2004-12-24 21:35:50.000000000 +0000 ++++ linux-2.6.10.plasmaroo/arch/mips/kernel/irixelf.c 2005-01-07 15:36:00.383356800 +0000 +@@ -127,7 +127,7 @@ + end = PAGE_ALIGN(end); + if (end <= start) + return; +- do_brk(start, end - start); ++ do_brk_locked(start, end - start); + } + + +@@ -375,7 +375,7 @@ + + /* Map the last of the bss segment */ + if (last_bss > len) { +- do_brk(len, (last_bss - len)); ++ do_brk_locked(len, (last_bss - len)); + } + kfree(elf_phdata); + +@@ -562,7 +562,7 @@ + unsigned long v; + struct prda *pp; + +- v = do_brk (PRDA_ADDRESS, PAGE_SIZE); ++ v = do_brk_locked (PRDA_ADDRESS, PAGE_SIZE); + + if (v < 0) + return; +@@ -853,7 +853,7 @@ + len = (elf_phdata->p_filesz + elf_phdata->p_vaddr+ 0xfff) & 0xfffff000; + bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; + if (bss > len) +- do_brk(len, bss-len); ++ do_brk_locked(len, bss-len); + kfree(elf_phdata); + return 0; + } +diff -ur linux-2.6.10/arch/sparc64/kernel/binfmt_aout32.c linux-2.6.10.plasmaroo/arch/sparc64/kernel/binfmt_aout32.c +--- linux-2.6.10/arch/sparc64/kernel/binfmt_aout32.c 2004-12-24 21:34:45.000000000 +0000 ++++ linux-2.6.10.plasmaroo/arch/sparc64/kernel/binfmt_aout32.c 2005-01-07 15:36:00.432349352 +0000 +@@ -49,7 +49,7 @@ + end = PAGE_ALIGN(end); + if (end <= start) + return; +- do_brk(start, end - start); ++ do_brk_locked(start, end - start); + } + + /* +@@ -246,10 +246,10 @@ + if (N_MAGIC(ex) == NMAGIC) { + loff_t pos = fd_offset; + /* Fuck me plenty... */ +- error = do_brk(N_TXTADDR(ex), ex.a_text); ++ error = do_brk_locked(N_TXTADDR(ex), ex.a_text); + bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex), + ex.a_text, &pos); +- error = do_brk(N_DATADDR(ex), ex.a_data); ++ error = do_brk_locked(N_DATADDR(ex), ex.a_data); + bprm->file->f_op->read(bprm->file, (char __user *)N_DATADDR(ex), + ex.a_data, &pos); + goto beyond_if; +@@ -257,7 +257,7 @@ + + if (N_MAGIC(ex) == OMAGIC) { + loff_t pos = fd_offset; +- do_brk(N_TXTADDR(ex) & PAGE_MASK, ++ do_brk_locked(N_TXTADDR(ex) & PAGE_MASK, + ex.a_text+ex.a_data + PAGE_SIZE - 1); + bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex), + ex.a_text+ex.a_data, &pos); +@@ -272,7 +272,7 @@ + + if (!bprm->file->f_op->mmap) { + loff_t pos = fd_offset; +- do_brk(0, ex.a_text+ex.a_data); ++ do_brk_locked(0, ex.a_text+ex.a_data); + bprm->file->f_op->read(bprm->file, + (char __user *)N_TXTADDR(ex), + ex.a_text+ex.a_data, &pos); +@@ -389,7 +389,7 @@ + len = PAGE_ALIGN(ex.a_text + ex.a_data); + bss = ex.a_text + ex.a_data + ex.a_bss; + if (bss > len) { +- error = do_brk(start_addr + len, bss - len); ++ error = do_brk_locked(start_addr + len, bss - len); + retval = error; + if (error != start_addr + len) + goto out; +diff -Nur linux-2.6.10/arch/x86_64/ia32/ia32_aout.c linux-2.6.10.plasmaroo/arch/x86_64/ia32/ia32_aout.c +--- linux-2.6.10/arch/x86_64/ia32/ia32_aout.c 2005-01-03 16:17:04.000000000 -0200 ++++ linux-2.6.10.plasmaroo/arch/x86_64/ia32/ia32_aout.c 2005-01-03 16:46:53.846823360 -0200 +@@ -115,7 +115,7 @@ + end = PAGE_ALIGN(end); + if (end <= start) + return; +- do_brk(start, end - start); ++ do_brk_locked(start, end - start); + } + + #if CORE_DUMP +@@ -325,7 +325,7 @@ + pos = 32; + map_size = ex.a_text+ex.a_data; + +- error = do_brk(text_addr & PAGE_MASK, map_size); ++ error = do_brk_locked(text_addr & PAGE_MASK, map_size); + if (error != (text_addr & PAGE_MASK)) { + send_sig(SIGKILL, current, 0); + return error; +@@ -361,7 +361,7 @@ + + if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { + loff_t pos = fd_offset; +- do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); ++ do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data); + bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), + ex.a_text+ex.a_data, &pos); + flush_icache_range((unsigned long) N_TXTADDR(ex), +@@ -470,7 +470,7 @@ + } + #endif + +- do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); ++ do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss); + + file->f_op->read(file, (char *)start_addr, + ex.a_text + ex.a_data, &pos); +@@ -494,7 +494,7 @@ + len = PAGE_ALIGN(ex.a_text + ex.a_data); + bss = ex.a_text + ex.a_data + ex.a_bss; + if (bss > len) { +- error = do_brk(start_addr + len, bss - len); ++ error = do_brk_locked(start_addr + len, bss - len); + retval = error; + if (error != start_addr + len) + goto out; +diff -ur linux-2.6.10/fs/binfmt_aout.c linux-2.6.10.plasmaroo/fs/binfmt_aout.c +--- linux-2.6.10/fs/binfmt_aout.c 2004-12-24 21:35:50.000000000 +0000 ++++ linux-2.6.10.plasmaroo/fs/binfmt_aout.c 2005-01-07 15:36:00.000000000 +0000 +@@ -50,7 +50,7 @@ + start = PAGE_ALIGN(start); + end = PAGE_ALIGN(end); + if (end > start) { +- unsigned long addr = do_brk(start, end - start); ++ unsigned long addr = do_brk_locked(start, end - start); + if (BAD_ADDR(addr)) + return addr; + } +@@ -323,10 +323,10 @@ + loff_t pos = fd_offset; + /* Fuck me plenty... */ + /* <AOL></AOL> */ +- error = do_brk(N_TXTADDR(ex), ex.a_text); ++ error = do_brk_locked(N_TXTADDR(ex), ex.a_text); + bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), + ex.a_text, &pos); +- error = do_brk(N_DATADDR(ex), ex.a_data); ++ error = do_brk_locked(N_DATADDR(ex), ex.a_data); + bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex), + ex.a_data, &pos); + goto beyond_if; +@@ -347,7 +347,7 @@ + map_size = ex.a_text+ex.a_data; + #endif + +- error = do_brk(text_addr & PAGE_MASK, map_size); ++ error = do_brk_locked(text_addr & PAGE_MASK, map_size); + if (error != (text_addr & PAGE_MASK)) { + send_sig(SIGKILL, current, 0); + return error; +@@ -382,7 +382,7 @@ + + if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { + loff_t pos = fd_offset; +- do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); ++ do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data); + bprm->file->f_op->read(bprm->file, + (char __user *)N_TXTADDR(ex), + ex.a_text+ex.a_data, &pos); +@@ -488,7 +488,7 @@ + error_time = jiffies; + } + +- do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); ++ do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss); + + file->f_op->read(file, (char __user *)start_addr, + ex.a_text + ex.a_data, &pos); +@@ -512,7 +512,7 @@ + len = PAGE_ALIGN(ex.a_text + ex.a_data); + bss = ex.a_text + ex.a_data + ex.a_bss; + if (bss > len) { +- error = do_brk(start_addr + len, bss - len); ++ error = do_brk_locked(start_addr + len, bss - len); + retval = error; + if (error != start_addr + len) + goto out; +diff -ur linux-2.6.10/fs/binfmt_elf.c linux-2.6.10.plasmaroo/fs/binfmt_elf.c +--- linux-2.6.10/fs/binfmt_elf.c 2004-12-24 21:34:33.000000000 +0000 ++++ linux-2.6.10.plasmaroo/fs/binfmt_elf.c 2005-01-07 15:36:00.000000000 +0000 +@@ -88,7 +88,7 @@ + start = ELF_PAGEALIGN(start); + end = ELF_PAGEALIGN(end); + if (end > start) { +- unsigned long addr = do_brk(start, end - start); ++ unsigned long addr = do_brk_locked(start, end - start); + if (BAD_ADDR(addr)) + return addr; + } +@@ -408,7 +408,7 @@ + + /* Map the last of the bss segment */ + if (last_bss > elf_bss) { +- error = do_brk(elf_bss, last_bss - elf_bss); ++ error = do_brk_locked(elf_bss, last_bss - elf_bss); + if (BAD_ADDR(error)) + goto out_close; + } +@@ -448,7 +448,7 @@ + goto out; + } + +- do_brk(0, text_data); ++ do_brk_locked(0, text_data); + if (!interpreter->f_op || !interpreter->f_op->read) + goto out; + if (interpreter->f_op->read(interpreter, addr, text_data, &offset) < 0) +@@ -456,7 +456,7 @@ + flush_icache_range((unsigned long)addr, + (unsigned long)addr + text_data); + +- do_brk(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), ++ do_brk_locked(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), + interp_ex->a_bss); + elf_entry = interp_ex->a_entry; + +@@ -1025,7 +1025,7 @@ + len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1); + bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; + if (bss > len) +- do_brk(len, bss - len); ++ do_brk_locked(len, bss - len); + error = 0; + + out_free_ph: +diff -ur linux-2.6.10/include/linux/mm.h linux-2.6.10.plasmaroo/include/linux/mm.h +--- linux-2.6.10/include/linux/mm.h 2004-12-24 21:33:50.000000000 +0000 ++++ linux-2.6.10.plasmaroo/include/linux/mm.h 2005-01-07 15:36:00.000000000 +0000 +@@ -704,6 +704,7 @@ + extern int do_munmap(struct mm_struct *, unsigned long, size_t); + + extern unsigned long do_brk(unsigned long, unsigned long); ++extern unsigned long do_brk_locked(unsigned long, unsigned long); + + /* filemap.c */ + extern unsigned long page_unuse(struct page *); +diff -ur linux-2.6.10/mm/mmap.c linux-2.6.10.plasmaroo/mm/mmap.c +--- linux-2.6.10/mm/mmap.c 2004-12-24 21:35:00.000000000 +0000 ++++ linux-2.6.10.plasmaroo/mm/mmap.c 2005-01-07 15:36:04.000000000 +0000 +@@ -1826,6 +1826,20 @@ + + EXPORT_SYMBOL(do_brk); + ++/* locking version of do_brk. */ ++unsigned long do_brk_locked(unsigned long addr, unsigned long len) ++{ ++ unsigned long ret; ++ ++ down_write(¤t->mm->mmap_sem); ++ ret = do_brk(addr, len); ++ up_write(¤t->mm->mmap_sem); ++ ++ return ret; ++} ++ ++EXPORT_SYMBOL(do_brk_locked); ++ + /* Release all mmaps. */ + void exit_mmap(struct mm_struct *mm) + { +@@ -1952,3 +1966,4 @@ + } + return new_vma; + } ++ +diff -ur linux-2.6.10/mm/nommu.c linux-2.6.10.plasmaroo/mm/nommu.c +--- linux-2.6.10/mm/nommu.c 2004-12-24 21:35:25.000000000 +0000 ++++ linux-2.6.10.plasmaroo/mm/nommu.c 2005-01-07 15:30:24.000000000 +0000 +@@ -557,6 +557,11 @@ + return -ENOMEM; + } + ++unsigned long do_brk_locked(unsigned long addr, unsigned long len) ++{ ++ return -ENOMEM; ++} ++ + struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long addr) + { + return NULL; diff --git a/sys-kernel/ac-sources/files/ac-sources-2.6.9.CAN-2004-1016.patch b/sys-kernel/ac-sources/files/ac-sources-2.6.9.CAN-2004-1016.patch deleted file mode 100644 index aa25ac95ed61..000000000000 --- a/sys-kernel/ac-sources/files/ac-sources-2.6.9.CAN-2004-1016.patch +++ /dev/null @@ -1,75 +0,0 @@ -===== include/linux/socket.h 1.12 vs edited ===== ---- 1.12/include/linux/socket.h 2004-09-09 06:40:01 +10:00 -+++ edited/include/linux/socket.h 2004-11-27 11:53:40 +11:00 -@@ -90,6 +90,10 @@ - (struct cmsghdr *)(ctl) : \ - (struct cmsghdr *)NULL) - #define CMSG_FIRSTHDR(msg) __CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen) -+#define CMSG_OK(mhdr, cmsg) ((cmsg)->cmsg_len >= sizeof(struct cmsghdr) && \ -+ (cmsg)->cmsg_len <= (unsigned long) \ -+ ((mhdr)->msg_controllen - \ -+ ((char *)(cmsg) - (char *)(mhdr)->msg_control))) - - /* - * This mess will go away with glibc -===== net/core/scm.c 1.10 vs edited ===== ---- 1.10/net/core/scm.c 2004-05-31 05:08:14 +10:00 -+++ edited/net/core/scm.c 2004-11-27 11:48:55 +11:00 -@@ -127,9 +127,7 @@ - for too short ancillary data object at all! Oops. - OK, let's add it... - */ -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) -+ if (!CMSG_OK(msg, cmsg)) - goto error; - - if (cmsg->cmsg_level != SOL_SOCKET) -===== net/ipv4/ip_sockglue.c 1.26 vs edited ===== ---- 1.26/net/ipv4/ip_sockglue.c 2004-07-01 06:10:53 +10:00 -+++ edited/net/ipv4/ip_sockglue.c 2004-11-27 11:49:45 +11:00 -@@ -146,11 +146,8 @@ - struct cmsghdr *cmsg; - - for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) - return -EINVAL; -- } - if (cmsg->cmsg_level != SOL_IP) - continue; - switch (cmsg->cmsg_type) { -===== net/ipv6/datagram.c 1.20 vs edited ===== ---- 1.20/net/ipv6/datagram.c 2004-11-10 17:57:03 +11:00 -+++ edited/net/ipv6/datagram.c 2004-11-27 11:51:15 +11:00 -@@ -427,9 +427,7 @@ - int addr_type; - struct net_device *dev = NULL; - -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) { - err = -EINVAL; - goto exit_f; - } -===== net/sctp/socket.c 1.129 vs edited ===== ---- 1.129/net/sctp/socket.c 2004-11-19 08:43:18 +11:00 -+++ edited/net/sctp/socket.c 2004-11-27 11:52:11 +11:00 -@@ -4098,12 +4098,8 @@ - for (cmsg = CMSG_FIRSTHDR(msg); - cmsg != NULL; - cmsg = CMSG_NXTHDR((struct msghdr*)msg, cmsg)) { -- /* Check for minimum length. The SCM code has this check. */ -- if (cmsg->cmsg_len < sizeof(struct cmsghdr) || -- (unsigned long)(((char*)cmsg - (char*)msg->msg_control) -- + cmsg->cmsg_len) > msg->msg_controllen) { -+ if (!CMSG_OK(msg, cmsg)) - return -EINVAL; -- } - - /* Should we parse this header or ignore? */ - if (cmsg->cmsg_level != IPPROTO_SCTP) diff --git a/sys-kernel/ac-sources/files/ac-sources-2.6.9.CAN-2004-1056.patch b/sys-kernel/ac-sources/files/ac-sources-2.6.9.CAN-2004-1056.patch deleted file mode 100644 index cd8d7af324c2..000000000000 --- a/sys-kernel/ac-sources/files/ac-sources-2.6.9.CAN-2004-1056.patch +++ /dev/null @@ -1,268 +0,0 @@ -diff -ur linux-2.6.9/drivers/char/drm/i810_dma.c linux-2.6.9.drm.plasmaroo/drivers/char/drm/i810_dma.c ---- linux-2.6.9/drivers/char/drm/i810_dma.c 2004-10-18 22:53:46.000000000 +0100 -+++ linux-2.6.9.drm.plasmaroo/drivers/char/drm/i810_dma.c 2004-12-19 22:46:33.317446112 +0000 -@@ -1030,10 +1030,7 @@ - drm_file_t *priv = filp->private_data; - drm_device_t *dev = priv->dev; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_flush_ioctl called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - i810_flush_queue(dev); - return 0; -@@ -1055,10 +1052,7 @@ - if (copy_from_user(&vertex, (drm_i810_vertex_t __user *)arg, sizeof(vertex))) - return -EFAULT; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma_vertex called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - DRM_DEBUG("i810 dma vertex, idx %d used %d discard %d\n", - vertex.idx, vertex.used, vertex.discard); -@@ -1090,10 +1084,7 @@ - if (copy_from_user(&clear, (drm_i810_clear_t __user *)arg, sizeof(clear))) - return -EFAULT; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_clear_bufs called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - /* GH: Someone's doing nasty things... */ - if (!dev->dev_private) { -@@ -1114,10 +1105,8 @@ - - DRM_DEBUG("i810_swap_bufs\n"); - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_swap_buf called without lock held\n"); -- return -EINVAL; -- } -+ -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - i810_dma_dispatch_swap( dev ); - return 0; -@@ -1152,10 +1141,7 @@ - if (copy_from_user(&d, (drm_i810_dma_t __user *)arg, sizeof(d))) - return -EFAULT; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - d.granted = 0; - -@@ -1266,10 +1252,7 @@ - return -EFAULT; - - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_dma_mc called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if (mc.idx >= dma->buf_count || mc.idx < 0) - return -EINVAL; -@@ -1317,10 +1300,7 @@ - drm_device_t *dev = priv->dev; - drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_fstatus called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - return I810_READ(0x30008); - } - -@@ -1331,10 +1311,7 @@ - drm_device_t *dev = priv->dev; - drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_ov0_flip called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - //Tell the overlay to update - I810_WRITE(0x30000,dev_priv->overlay_physical | 0x80000000); -@@ -1376,10 +1353,7 @@ - - DRM_DEBUG("%s\n", __FUNCTION__); - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i810_flip_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if (!dev_priv->page_flipping) - i810_do_init_pageflip( dev ); -diff -ur linux-2.6.9/drivers/char/drm/i830_dma.c linux-2.6.9.drm.plasmaroo/drivers/char/drm/i830_dma.c ---- linux-2.6.9/drivers/char/drm/i830_dma.c 2004-10-18 22:53:12.000000000 +0100 -+++ linux-2.6.9.drm.plasmaroo/drivers/char/drm/i830_dma.c 2004-12-19 22:46:33.319445808 +0000 -@@ -1319,10 +1319,7 @@ - drm_file_t *priv = filp->private_data; - drm_device_t *dev = priv->dev; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_flush_ioctl called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - i830_flush_queue(dev); - return 0; -@@ -1343,10 +1340,7 @@ - if (copy_from_user(&vertex, (drm_i830_vertex_t __user *)arg, sizeof(vertex))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_dma_vertex called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - DRM_DEBUG("i830 dma vertex, idx %d used %d discard %d\n", - vertex.idx, vertex.used, vertex.discard); -@@ -1373,10 +1367,7 @@ - if (copy_from_user(&clear, (drm_i830_clear_t __user *)arg, sizeof(clear))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_clear_bufs called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - /* GH: Someone's doing nasty things... */ - if (!dev->dev_private) { -@@ -1398,10 +1389,7 @@ - - DRM_DEBUG("i830_swap_bufs\n"); - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_swap_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - i830_dma_dispatch_swap( dev ); - return 0; -@@ -1442,10 +1430,7 @@ - - DRM_DEBUG("%s\n", __FUNCTION__); - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_flip_buf called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if (!dev_priv->page_flipping) - i830_do_init_pageflip( dev ); -@@ -1484,10 +1469,7 @@ - if (copy_from_user(&d, (drm_i830_dma_t __user *)arg, sizeof(d))) - return -EFAULT; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_dma called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - d.granted = 0; - -diff -ur linux-2.6.9/drivers/char/drm/i830_irq.c linux-2.6.9.drm.plasmaroo/drivers/char/drm/i830_irq.c ---- linux-2.6.9/drivers/char/drm/i830_irq.c 2004-10-18 22:54:54.000000000 +0100 -+++ linux-2.6.9.drm.plasmaroo/drivers/char/drm/i830_irq.c 2004-12-19 22:46:33.320445656 +0000 -@@ -129,10 +129,7 @@ - drm_i830_irq_emit_t emit; - int result; - -- if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i830_irq_emit called without lock held\n"); -- return -EINVAL; -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if ( !dev_priv ) { - DRM_ERROR( "%s called with no initialization\n", __FUNCTION__ ); -diff -ur linux-2.6.9/drivers/char/drm/i915_dma.c linux-2.6.9.drm.plasmaroo/drivers/char/drm/i915_dma.c ---- linux-2.6.9/drivers/char/drm/i915_dma.c 2004-10-18 22:53:51.000000000 +0100 -+++ linux-2.6.9.drm.plasmaroo/drivers/char/drm/i915_dma.c 2004-12-19 22:46:33.321445504 +0000 -@@ -545,10 +545,7 @@ - { - DRM_DEVICE; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i915_flush_ioctl called without lock held\n"); -- return DRM_ERR(EINVAL); -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - return i915_quiescent(dev); - } -@@ -574,10 +571,7 @@ - DRM_DEBUG("i915 batchbuffer, start %x used %d cliprects %d\n", - batch.start, batch.used, batch.num_cliprects); - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i915_batchbuffer called without lock held\n"); -- return DRM_ERR(EINVAL); -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if (batch.num_cliprects && DRM_VERIFYAREA_READ(batch.cliprects, - batch.num_cliprects * -@@ -606,10 +600,7 @@ - DRM_DEBUG("i915 cmdbuffer, buf %p sz %d cliprects %d\n", - cmdbuf.buf, cmdbuf.sz, cmdbuf.num_cliprects); - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i915_cmdbuffer called without lock held\n"); -- return DRM_ERR(EINVAL); -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if (cmdbuf.num_cliprects && - DRM_VERIFYAREA_READ(cmdbuf.cliprects, -@@ -645,10 +636,7 @@ - DRM_DEVICE; - - DRM_DEBUG("%s\n", __FUNCTION__); -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i915_flip_buf called without lock held\n"); -- return DRM_ERR(EINVAL); -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - return i915_dispatch_flip(dev); - } -diff -ur linux-2.6.9/drivers/char/drm/i915_irq.c linux-2.6.9.drm.plasmaroo/drivers/char/drm/i915_irq.c ---- linux-2.6.9/drivers/char/drm/i915_irq.c 2004-10-18 22:53:51.000000000 +0100 -+++ linux-2.6.9.drm.plasmaroo/drivers/char/drm/i915_irq.c 2004-12-19 22:46:33.321445504 +0000 -@@ -92,10 +92,7 @@ - drm_i915_irq_emit_t emit; - int result; - -- if (!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { -- DRM_ERROR("i915_irq_emit called without lock held\n"); -- return DRM_ERR(EINVAL); -- } -+ LOCK_TEST_WITH_RETURN( dev, filp ); - - if (!dev_priv) { - DRM_ERROR("%s called with no initialization\n", __FUNCTION__); diff --git a/sys-kernel/ac-sources/files/ac-sources-2.6.9.CAN-2004-1137.patch b/sys-kernel/ac-sources/files/ac-sources-2.6.9.CAN-2004-1137.patch deleted file mode 100644 index 0a54680f6f4b..000000000000 --- a/sys-kernel/ac-sources/files/ac-sources-2.6.9.CAN-2004-1137.patch +++ /dev/null @@ -1,77 +0,0 @@ -# ChangeSet -# 2004/12/14 11:06:25-08:00 chrisw@osdl.org -# [IPV4/IPV6]: IGMP source filter fixes -# -# When adding or deleting from the source list make sure to find matches -# by comparing against the new source address, not the group address. -# Also, check each addr in the list rather than just the first one. -# And, finally, only delete from list when there's a match rather than -# vice-versa. Drop the effort to keep list sorted, since it's not done -# on full-state api and can create an sl_addr entry that the delta api -# won't be able to delete. Without these fixes sl_count can be corrupted -# which can allow for kernel memory corruption. -# -# Signed-off-by: Chris Wright <chrisw@osdl.org> -# Signed-off-by: David S. Miller <davem@davemloft.net> -# -diff -Nru a/net/ipv4/igmp.c b/net/ipv4/igmp.c ---- a/net/ipv4/igmp.c 2004-12-20 11:32:15 -08:00 -+++ b/net/ipv4/igmp.c 2004-12-20 11:32:15 -08:00 -@@ -1778,12 +1778,12 @@ - goto done; - rv = !0; - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, -+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, - sizeof(__u32)); -- if (rv >= 0) -+ if (rv == 0) - break; - } -- if (!rv) /* source not found */ -+ if (rv) /* source not found */ - goto done; - - /* update the interface filter */ -@@ -1825,9 +1825,9 @@ - } - rv = 1; /* > 0 for insert logic below if sl_count is 0 */ - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, -+ rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, - sizeof(__u32)); -- if (rv >= 0) -+ if (rv == 0) - break; - } - if (rv == 0) /* address already there is an error */ -diff -Nru a/net/ipv6/mcast.c b/net/ipv6/mcast.c ---- a/net/ipv6/mcast.c 2004-12-20 11:32:15 -08:00 -+++ b/net/ipv6/mcast.c 2004-12-20 11:32:15 -08:00 -@@ -391,12 +391,12 @@ - goto done; - rv = !0; - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, group, -+ rv = memcmp(&psl->sl_addr[i], source, - sizeof(struct in6_addr)); -- if (rv >= 0) -+ if (rv == 0) - break; - } -- if (!rv) /* source not found */ -+ if (rv) /* source not found */ - goto done; - - /* update the interface filter */ -@@ -437,8 +437,8 @@ - } - rv = 1; /* > 0 for insert logic below if sl_count is 0 */ - for (i=0; i<psl->sl_count; i++) { -- rv = memcmp(&psl->sl_addr, group, sizeof(struct in6_addr)); -- if (rv >= 0) -+ rv = memcmp(&psl->sl_addr[i], source, sizeof(struct in6_addr)); -+ if (rv == 0) - break; - } - if (rv == 0) /* address already there is an error */ diff --git a/sys-kernel/ac-sources/files/ac-sources-2.6.9.CAN-2004-1151.patch b/sys-kernel/ac-sources/files/ac-sources-2.6.9.CAN-2004-1151.patch deleted file mode 100644 index fc4289e4f444..000000000000 --- a/sys-kernel/ac-sources/files/ac-sources-2.6.9.CAN-2004-1151.patch +++ /dev/null @@ -1,35 +0,0 @@ ---- 1.74/arch/x86_64/ia32/sys_ia32.c 2004-12-19 10:58:02 -08:00 -+++ 1.75/arch/x86_64/ia32/sys_ia32.c 2004-12-19 10:58:02 -08:00 -@@ -525,11 +525,12 @@ - int sys32_ni_syscall(int call) - { - struct task_struct *me = current; -- static char lastcomm[8]; -- if (strcmp(lastcomm, me->comm)) { -- printk(KERN_INFO "IA32 syscall %d from %s not implemented\n", call, -- current->comm); -- strcpy(lastcomm, me->comm); -+ static char lastcomm[sizeof(me->comm)]; -+ -+ if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) { -+ printk(KERN_INFO "IA32 syscall %d from %s not implemented\n", -+ call, me->comm); -+ strncpy(lastcomm, me->comm, sizeof(lastcomm)); - } - return -ENOSYS; - } -@@ -1125,11 +1126,11 @@ - long sys32_vm86_warning(void) - { - struct task_struct *me = current; -- static char lastcomm[8]; -- if (strcmp(lastcomm, me->comm)) { -+ static char lastcomm[sizeof(me->comm)]; -+ if (strncmp(lastcomm, me->comm, sizeof(lastcomm))) { - printk(KERN_INFO "%s: vm86 mode not supported on 64 bit kernel\n", - me->comm); -- strcpy(lastcomm, me->comm); -+ strncpy(lastcomm, me->comm, sizeof(lastcomm)); - } - return -ENOSYS; - } diff --git a/sys-kernel/ac-sources/files/ac-sources-2.6.9.binfmt_elf.patch b/sys-kernel/ac-sources/files/ac-sources-2.6.9.binfmt_elf.patch deleted file mode 100644 index c4cc8a82d3fb..000000000000 --- a/sys-kernel/ac-sources/files/ac-sources-2.6.9.binfmt_elf.patch +++ /dev/null @@ -1,72 +0,0 @@ ---- linux-2.6.9/fs/binfmt_elf.c 2004-11-10 12:25:16 -08:00 -+++ linux-2.6.9-plasmaroo/fs/binfmt_elf.c 2004-11-10 12:25:16 -08:00 -@@ -335,9 +335,12 @@ - goto out; - - retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size); -- error = retval; -- if (retval < 0) -+ error = -EIO; -+ if (retval != size) { -+ if (retval < 0) -+ error = retval; - goto out_close; -+ } - - eppnt = elf_phdata; - for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) { -@@ -532,8 +535,11 @@ - goto out; - - retval = kernel_read(bprm->file, loc->elf_ex.e_phoff, (char *) elf_phdata, size); -- if (retval < 0) -+ if (retval != size) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_ph; -+ } - - files = current->files; /* Refcounted so ok */ - retval = unshare_files(); -@@ -580,8 +586,14 @@ - retval = kernel_read(bprm->file, elf_ppnt->p_offset, - elf_interpreter, - elf_ppnt->p_filesz); -- if (retval < 0) -+ if (retval != elf_ppnt->p_filesz) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_interp; -+ } -+ /* make sure path is NULL terminated */ -+ elf_interpreter[elf_ppnt->p_filesz - 1] = '\0'; -+ - /* If the program interpreter is one of these two, - * then assume an iBCS2 image. Otherwise assume - * a native linux image. -@@ -616,8 +628,11 @@ - if (IS_ERR(interpreter)) - goto out_free_interp; - retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE); -- if (retval < 0) -+ if (retval != BINPRM_BUF_SIZE) { -+ if (retval >= 0) -+ retval = -EIO; - goto out_free_dentry; -+ } - - /* Get the exec headers */ - loc->interp_ex = *((struct exec *) bprm->buf); -@@ -776,8 +791,10 @@ - } - - error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags); -- if (BAD_ADDR(error)) -- continue; -+ if (BAD_ADDR(error)) { -+ send_sig(SIGKILL, current, 0); -+ goto out_free_dentry; -+ } - - if (!load_addr_set) { - load_addr_set = 1; diff --git a/sys-kernel/ac-sources/files/ac-sources-2.6.9.shmLocking.patch b/sys-kernel/ac-sources/files/ac-sources-2.6.9.shmLocking.patch deleted file mode 100644 index 66e4520909ed..000000000000 --- a/sys-kernel/ac-sources/files/ac-sources-2.6.9.shmLocking.patch +++ /dev/null @@ -1,56 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/12/13 08:30:17-08:00 hugh@veritas.com -# [PATCH] shmctl SHM_LOCK perms -# -# Michael Kerrisk has observed that at present any process can SHM_LOCK any -# shm segment of size within process RLIMIT_MEMLOCK, despite having no -# permissions on the segment: surprising, though not obviously evil. And any -# process can SHM_UNLOCK any shm segment, despite no permissions on it: that -# is surely wrong. -# -# Unless CAP_IPC_LOCK, restrict both SHM_LOCK and SHM_UNLOCK to when the -# process euid matches the shm owner or creator: that seems the least -# surprising behaviour, which could be relaxed if a need appears later. -# -# Signed-off-by: Hugh Dickins <hugh@veritas.com> -# Signed-off-by: Andrew Morton <akpm@osdl.org> -# Signed-off-by: Linus Torvalds <torvalds@osdl.org> -# -# ipc/shm.c -# 2004/12/13 02:47:27-08:00 hugh@veritas.com +10 -5 -# shmctl SHM_LOCK perms -# -diff -Nru a/ipc/shm.c b/ipc/shm.c ---- a/ipc/shm.c 2004-12-20 10:32:59 -08:00 -+++ b/ipc/shm.c 2004-12-20 10:32:59 -08:00 -@@ -511,11 +511,6 @@ - case SHM_LOCK: - case SHM_UNLOCK: - { -- /* Allow superuser to lock segment in memory */ -- if (!can_do_mlock() && cmd == SHM_LOCK) { -- err = -EPERM; -- goto out; -- } - shp = shm_lock(shmid); - if(shp==NULL) { - err = -EINVAL; -@@ -524,6 +519,16 @@ - err = shm_checkid(shp,shmid); - if(err) - goto out_unlock; -+ -+ if (!capable(CAP_IPC_LOCK)) { -+ err = -EPERM; -+ if (current->euid != shp->shm_perm.uid && -+ current->euid != shp->shm_perm.cuid) -+ goto out_unlock; -+ if (cmd == SHM_LOCK && -+ !current->rlim[RLIMIT_MEMLOCK].rlim_cur) -+ goto out_unlock; -+ } - - err = security_shm_shmctl(shp, cmd); - if (err) diff --git a/sys-kernel/ac-sources/files/ac-sources-2.6.9.vma.patch b/sys-kernel/ac-sources/files/ac-sources-2.6.9.vma.patch deleted file mode 100644 index a335bfc2e269..000000000000 --- a/sys-kernel/ac-sources/files/ac-sources-2.6.9.vma.patch +++ /dev/null @@ -1,268 +0,0 @@ -# This is a BitKeeper generated diff -Nru style patch. -# -# ChangeSet -# 2004/11/25 16:00:28-08:00 nanhai.zou@intel.com -# [PATCH] ia64/x86_64/s390 overlapping vma fix -# -# IA64 is also vulnerable to the huge-vma-in-executable bug in 64 bit elf -# support, it just insert a vma of zero page without checking overlap, so user -# can construct a elf with section begin from 0x0 to trigger this BUGON(). -# -# However, I think it's safe to check overlap before we actually insert a vma -# into vma list. And I also feel check vma overlap everywhere is unnecessary, -# because invert_vm_struct will check it again, so the check is duplicated. -# It's better to have invert_vm_struct return a value then let caller check if -# it successes. Here is a patch against 2.6.10.rc2-mm3 I have tested it on -# i386, x86_64 and ia64 machines. -# -# Signed-off-by: Tony Luck <tony.luck@intel.com> -# Signed-off-by: Zou Nan hai <Nanhai.zou@intel.com> -# Signed-off-by: Andrew Morton <akpm@osdl.org> -# Signed-off-by: Linus Torvalds <torvalds@osdl.org> -# -# arch/ia64/ia32/binfmt_elf32.c -# 2004/11/24 22:42:43-08:00 nanhai.zou@intel.com +21 -5 -# ia64/x86_64/s390 overlapping vma fix -# -# arch/ia64/mm/init.c -# 2004/11/24 22:42:43-08:00 nanhai.zou@intel.com +14 -2 -# ia64/x86_64/s390 overlapping vma fix -# -# arch/s390/kernel/compat_exec.c -# 2004/11/24 22:42:43-08:00 nanhai.zou@intel.com +6 -2 -# ia64/x86_64/s390 overlapping vma fix -# -# arch/x86_64/ia32/ia32_binfmt.c -# 2004/11/24 22:42:43-08:00 nanhai.zou@intel.com +6 -2 -# ia64/x86_64/s390 overlapping vma fix -# -# fs/exec.c -# 2004/11/24 22:42:43-08:00 nanhai.zou@intel.com +3 -6 -# ia64/x86_64/s390 overlapping vma fix -# -# include/linux/mm.h -# 2004/11/24 22:42:43-08:00 nanhai.zou@intel.com +1 -1 -# ia64/x86_64/s390 overlapping vma fix -# -# mm/mmap.c -# 2004/11/24 22:42:43-08:00 nanhai.zou@intel.com +3 -2 -# ia64/x86_64/s390 overlapping vma fix -# -diff -Nru a/arch/ia64/ia32/binfmt_elf32.c b/arch/ia64/ia32/binfmt_elf32.c ---- a/arch/ia64/ia32/binfmt_elf32.c 2004-12-03 12:01:20 -08:00 -+++ b/arch/ia64/ia32/binfmt_elf32.c 2004-12-03 12:01:20 -08:00 -@@ -100,7 +100,11 @@ - vma->vm_ops = &ia32_shared_page_vm_ops; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -123,7 +127,11 @@ - vma->vm_ops = &ia32_gate_page_vm_ops; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -142,7 +150,11 @@ - vma->vm_flags = VM_READ|VM_WRITE|VM_MAYREAD|VM_MAYWRITE; - down_write(¤t->mm->mmap_sem); - { -- insert_vm_struct(current->mm, vma); -+ if (insert_vm_struct(current->mm, vma)) { -+ kmem_cache_free(vm_area_cachep, vma); -+ up_write(¤t->mm->mmap_sem); -+ return; -+ } - } - up_write(¤t->mm->mmap_sem); - } -@@ -190,7 +202,7 @@ - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - - stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - mm->arg_start = bprm->p + stack_base; -@@ -225,7 +237,11 @@ - mpnt->vm_flags = VM_STACK_FLAGS; - mpnt->vm_page_prot = (mpnt->vm_flags & VM_EXEC)? - PAGE_COPY_EXEC: PAGE_COPY; -- insert_vm_struct(current->mm, mpnt); -+ if ((ret = insert_vm_struct(current->mm, mpnt))) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - current->mm->stack_vm = current->mm->total_vm = vma_pages(mpnt); - } - -diff -Nru a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c ---- a/arch/ia64/mm/init.c 2004-12-03 12:01:20 -08:00 -+++ b/arch/ia64/mm/init.c 2004-12-03 12:01:20 -08:00 -@@ -131,7 +131,13 @@ - vma->vm_end = vma->vm_start + PAGE_SIZE; - vma->vm_page_prot = protection_map[VM_DATA_DEFAULT_FLAGS & 0x7]; - vma->vm_flags = VM_DATA_DEFAULT_FLAGS | VM_GROWSUP; -- insert_vm_struct(current->mm, vma); -+ down_write(¤t->mm->mmap_sem); -+ if (insert_vm_struct(current->mm, vma)) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return; -+ } -+ up_write(¤t->mm->mmap_sem); - } - - /* map NaT-page at address zero to speed up speculative dereferencing of NULL: */ -@@ -143,7 +149,13 @@ - vma->vm_end = PAGE_SIZE; - vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT); - vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO | VM_RESERVED; -- insert_vm_struct(current->mm, vma); -+ down_write(¤t->mm->mmap_sem); -+ if (insert_vm_struct(current->mm, vma)) { -+ up_write(¤t->mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, vma); -+ return; -+ } -+ up_write(¤t->mm->mmap_sem); - } - } - } -diff -Nru a/arch/s390/kernel/compat_exec.c b/arch/s390/kernel/compat_exec.c ---- a/arch/s390/kernel/compat_exec.c 2004-12-03 12:01:20 -08:00 -+++ b/arch/s390/kernel/compat_exec.c 2004-12-03 12:01:20 -08:00 -@@ -39,7 +39,7 @@ - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - - stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; - mm->arg_start = bprm->p + stack_base; -@@ -68,7 +68,11 @@ - /* executable stack setting would be applied here */ - mpnt->vm_page_prot = PAGE_COPY; - mpnt->vm_flags = VM_STACK_FLAGS; -- insert_vm_struct(mm, mpnt); -+ if ((ret = insert_vm_struct(mm, mpnt))) { -+ up_write(&mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - mm->stack_vm = mm->total_vm = vma_pages(mpnt); - } - -diff -Nru a/arch/x86_64/ia32/ia32_binfmt.c b/arch/x86_64/ia32/ia32_binfmt.c ---- a/arch/x86_64/ia32/ia32_binfmt.c 2004-12-03 12:01:20 -08:00 -+++ b/arch/x86_64/ia32/ia32_binfmt.c 2004-12-03 12:01:20 -08:00 -@@ -334,7 +334,7 @@ - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - - stack_base = IA32_STACK_TOP - MAX_ARG_PAGES * PAGE_SIZE; - mm->arg_start = bprm->p + stack_base; -@@ -368,7 +368,11 @@ - mpnt->vm_flags = VM_STACK_FLAGS; - mpnt->vm_page_prot = (mpnt->vm_flags & VM_EXEC) ? - PAGE_COPY_EXEC : PAGE_COPY; -- insert_vm_struct(mm, mpnt); -+ if ((ret = insert_vm_struct(mm, mpnt))) { -+ up_write(&mm->mmap_sem); -+ kmem_cache_free(vm_area_cachep, mpnt); -+ return ret; -+ } - mm->stack_vm = mm->total_vm = vma_pages(mpnt); - } - -diff -Nru a/fs/exec.c b/fs/exec.c ---- a/fs/exec.c 2004-12-03 12:01:20 -08:00 -+++ b/fs/exec.c 2004-12-03 12:01:20 -08:00 -@@ -342,7 +342,7 @@ - unsigned long stack_base; - struct vm_area_struct *mpnt; - struct mm_struct *mm = current->mm; -- int i; -+ int i, ret; - long arg_size; - - #ifdef CONFIG_STACK_GROWSUP -@@ -413,7 +413,6 @@ - - down_write(&mm->mmap_sem); - { -- struct vm_area_struct *vma; - mpnt->vm_mm = mm; - #ifdef CONFIG_STACK_GROWSUP - mpnt->vm_start = stack_base; -@@ -434,13 +433,11 @@ - mpnt->vm_flags = VM_STACK_FLAGS; - mpnt->vm_flags |= mm->def_flags; - mpnt->vm_page_prot = protection_map[mpnt->vm_flags & 0x7]; -- vma = find_vma(mm, mpnt->vm_start); -- if (vma) { -+ if ((ret = insert_vm_struct(mm, mpnt))) { - up_write(&mm->mmap_sem); - kmem_cache_free(vm_area_cachep, mpnt); -- return -ENOMEM; -+ return ret; - } -- insert_vm_struct(mm, mpnt); - mm->stack_vm = mm->total_vm = vma_pages(mpnt); - } - -diff -Nru a/include/linux/mm.h b/include/linux/mm.h ---- a/include/linux/mm.h 2004-12-03 12:01:20 -08:00 -+++ b/include/linux/mm.h 2004-12-03 12:01:20 -08:00 -@@ -675,7 +675,7 @@ - extern struct anon_vma *find_mergeable_anon_vma(struct vm_area_struct *); - extern int split_vma(struct mm_struct *, - struct vm_area_struct *, unsigned long addr, int new_below); --extern void insert_vm_struct(struct mm_struct *, struct vm_area_struct *); -+extern int insert_vm_struct(struct mm_struct *, struct vm_area_struct *); - extern void __vma_link_rb(struct mm_struct *, struct vm_area_struct *, - struct rb_node **, struct rb_node *); - extern struct vm_area_struct *copy_vma(struct vm_area_struct **, -diff -Nru a/mm/mmap.c b/mm/mmap.c ---- a/mm/mmap.c 2004-12-03 12:01:20 -08:00 -+++ b/mm/mmap.c 2004-12-03 12:01:20 -08:00 -@@ -1871,7 +1871,7 @@ - * and into the inode's i_mmap tree. If vm_file is non-NULL - * then i_mmap_lock is taken here. - */ --void insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) -+int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) - { - struct vm_area_struct * __vma, * prev; - struct rb_node ** rb_link, * rb_parent; -@@ -1894,8 +1894,9 @@ - } - __vma = find_vma_prepare(mm,vma->vm_start,&prev,&rb_link,&rb_parent); - if (__vma && __vma->vm_start < vma->vm_end) -- BUG(); -+ return -ENOMEM; - vma_link(mm, vma, prev, rb_link, rb_parent); -+ return 0; - } - - /* diff --git a/sys-kernel/ac-sources/files/digest-ac-sources-2.6.10-r6 b/sys-kernel/ac-sources/files/digest-ac-sources-2.6.10-r7 index 915613f226b3..a1e7b52a6122 100644 --- a/sys-kernel/ac-sources/files/digest-ac-sources-2.6.10-r6 +++ b/sys-kernel/ac-sources/files/digest-ac-sources-2.6.10-r7 @@ -1,2 +1,2 @@ MD5 cffcd2919d9c8ef793ce1ac07a440eda linux-2.6.10.tar.bz2 36533484 -MD5 5998f3aab2abd81278e3a621d2831600 patch-2.6.10-ac6.bz2 140846 +MD5 d42a9214278535a859a4fab21237b269 patch-2.6.10-ac7.bz2 141249 |