diff options
author | Konstantin V. Arkhipov <voxus@gentoo.org> | 2005-02-14 16:25:55 +0000 |
---|---|---|
committer | Konstantin V. Arkhipov <voxus@gentoo.org> | 2005-02-14 16:25:55 +0000 |
commit | 277024ca1c34022ff7a1a15d65bee66d39cfde63 (patch) | |
tree | 7ca016e591f040a47a57ee962b10035b3aa70307 /sys-kernel/openmosix-sources/files | |
parent | stable on amd64, see #81994 (diff) | |
download | historical-277024ca1c34022ff7a1a15d65bee66d39cfde63.tar.gz historical-277024ca1c34022ff7a1a15d65bee66d39cfde63.tar.bz2 historical-277024ca1c34022ff7a1a15d65bee66d39cfde63.zip |
reverted .24-r10 sources. -* masked
Package-Manager: portage-2.0.51-r15
Diffstat (limited to 'sys-kernel/openmosix-sources/files')
18 files changed, 1497 insertions, 0 deletions
diff --git a/sys-kernel/openmosix-sources/files/cmdline-proc-fix.patch b/sys-kernel/openmosix-sources/files/cmdline-proc-fix.patch new file mode 100644 index 000000000000..5f26f7f388f6 --- /dev/null +++ b/sys-kernel/openmosix-sources/files/cmdline-proc-fix.patch @@ -0,0 +1,11 @@ +--- linux-2.4/fs/proc/base.c 2004-04-15 07:09:32.000000000 +0100 ++++ linux-2.4/fs/proc/base.c.plasmaroo 2004-08-09 23:30:43.869195800 +0100 +@@ -187,7 +187,7 @@ static int proc_pid_cmdline(struct task_ + if (mm) + atomic_inc(&mm->mm_users); + task_unlock(task); +- if (mm) { ++ if (mm && mm->arg_end) { + int len = mm->arg_end - mm->arg_start; + if (len > PAGE_SIZE) + len = PAGE_SIZE; diff --git a/sys-kernel/openmosix-sources/files/digest-openmosix-sources-2.4.24-r10 b/sys-kernel/openmosix-sources/files/digest-openmosix-sources-2.4.24-r10 new file mode 100644 index 000000000000..e3b64d95ad6f --- /dev/null +++ b/sys-kernel/openmosix-sources/files/digest-openmosix-sources-2.4.24-r10 @@ -0,0 +1,5 @@ +MD5 1e055c42921b2396a559d84df4c3d9aa linux-2.4.24.tar.bz2 29837818 +MD5 1c9bc4f32a9fc793cb8f0a6d0f910cb7 openMosix-2.4.24-2.bz2 588330 +MD5 7e0e9f3d57bcc1b1bb7900ada383c129 linux-2.4.23-CAN-2004-0415.patch 89319 +MD5 d4c051e7c6062704be85192e25e2f5b2 linux-2.4.26-CAN-2004-0814.patch 81508 +MD5 5bbbb2201b338ebb74f0bf650b639475 linux-2.4.27-nfs3-xdr.patch.bz2 746 diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources-2.4.24-smbfs.patch b/sys-kernel/openmosix-sources/files/openmosix-sources-2.4.24-smbfs.patch new file mode 100644 index 000000000000..1d93802f03be --- /dev/null +++ b/sys-kernel/openmosix-sources/files/openmosix-sources-2.4.24-smbfs.patch @@ -0,0 +1,80 @@ +diff -ur linux-2.4.20/fs/smbfs/proc.c linux-2.4.20.plasmaroo/fs/smbfs/proc.c +--- linux-2.4.20/fs/smbfs/proc.c 2004-08-14 18:15:42.000000000 +0100 ++++ linux-2.4.20.plasmaroo/fs/smbfs/proc.c 2004-11-19 20:48:37.429884768 +0000 +@@ -1197,10 +1197,12 @@ + data_len = WVAL(buf, 1); + + /* we can NOT simply trust the data_len given by the server ... */ +- if (data_len > server->packet_size - (buf+3 - server->packet)) { +- printk(KERN_ERR "smb_proc_read: invalid data length!! " +- "%d > %d - (%p - %p)\n", +- data_len, server->packet_size, buf+3, server->packet); ++ if (data_len > count || ++ (buf+3 - server->packet) + data_len > server->packet_size) { ++ printk(KERN_ERR "smb_proc_read: invalid data length/offset!! " ++ "%d > %d || (%p - %p) + %d > %d\n", ++ data_len, count, ++ buf+3, server->packet, data_len, server->packet_size); + result = -EIO; + goto out; + } +diff -ur linux-2.4.20/fs/smbfs/sock.c linux-2.4.20.plasmaroo/fs/smbfs/sock.c +--- linux-2.4.20/fs/smbfs/sock.c 2004-08-14 18:15:42.000000000 +0100 ++++ linux-2.4.20.plasmaroo/fs/smbfs/sock.c 2004-11-19 20:48:37.431884464 +0000 +@@ -571,7 +571,11 @@ + parm_disp, parm_offset, parm_count, + data_disp, data_offset, data_count); + *parm = base + parm_offset; ++ if (*parm - inbuf + parm_tot > server->packet_size) ++ goto out_bad_parm; + *data = base + data_offset; ++ if (*data - inbuf + data_tot > server->packet_size) ++ goto out_bad_data; + goto success; + } + +@@ -591,6 +595,8 @@ + rcv_buf = smb_vmalloc(buf_len); + if (!rcv_buf) + goto out_no_mem; ++ memset(rcv_buf, 0, buf_len); ++ + *parm = rcv_buf; + *data = rcv_buf + total_p; + } else if (data_tot > total_d || parm_tot > total_p) +@@ -598,8 +604,12 @@ + + if (parm_disp + parm_count > total_p) + goto out_bad_parm; ++ if (parm_offset + parm_count > server->packet_size) ++ goto out_bad_parm; + if (data_disp + data_count > total_d) + goto out_bad_data; ++ if (data_offset + data_count > server->packet_size) ++ goto out_bad_data; + memcpy(*parm + parm_disp, base + parm_offset, parm_count); + memcpy(*data + data_disp, base + data_offset, data_count); + +@@ -610,8 +620,11 @@ + * Check whether we've received all of the data. Note that + * we use the packet totals -- total lengths might shrink! + */ +- if (data_len >= data_tot && parm_len >= parm_tot) ++ if (data_len >= data_tot && parm_len >= parm_tot) { ++ data_len = data_tot; ++ parm_len = parm_tot; + break; ++ } + } + + /* +@@ -625,6 +638,9 @@ + server->packet = rcv_buf; + rcv_buf = inbuf; + } else { ++ if (parm_len + data_len > buf_len) ++ goto out_data_grew; ++ + PARANOIA("copying data, old size=%d, new size=%u\n", + server->packet_size, buf_len); + memcpy(inbuf, rcv_buf, parm_len + data_len); diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources-2.4.27-smbfs.patch b/sys-kernel/openmosix-sources/files/openmosix-sources-2.4.27-smbfs.patch new file mode 100644 index 000000000000..63c5ba30403f --- /dev/null +++ b/sys-kernel/openmosix-sources/files/openmosix-sources-2.4.27-smbfs.patch @@ -0,0 +1,97 @@ +diff -ur linux-2.4.27/fs/smbfs/proc.c linux-2.4.28/fs/smbfs/proc.c +--- linux-2.4.27/fs/smbfs/proc.c 2004-11-12 19:32:24.000000000 +0000 ++++ linux-2.4.28/fs/smbfs/proc.c 2004-11-19 20:18:27.000000000 +0000 +@@ -1289,10 +1289,12 @@ + data_len = WVAL(buf, 1); + + /* we can NOT simply trust the data_len given by the server ... */ +- if (data_len > server->packet_size - (buf+3 - server->packet)) { +- printk(KERN_ERR "smb_proc_read: invalid data length!! " +- "%d > %d - (%p - %p)\n", +- data_len, server->packet_size, buf+3, server->packet); ++ if (data_len > count || ++ (buf+3 - server->packet) + data_len > server->packet_size) { ++ printk(KERN_ERR "smb_proc_read: invalid data length/offset!! " ++ "%d > %d || (%p - %p) + %d > %d\n", ++ data_len, count, ++ buf+3, server->packet, data_len, server->packet_size); + result = -EIO; + goto out; + } +@@ -1378,10 +1380,12 @@ + buf = smb_base(server->packet) + data_off; + + /* we can NOT simply trust the info given by the server ... */ +- if (data_len > server->packet_size - (buf - server->packet)) { +- printk(KERN_ERR "smb_proc_read: invalid data length!! " +- "%d > %d - (%p - %p)\n", +- data_len, server->packet_size, buf, server->packet); ++ if (data_len > count || ++ (buf - server->packet) + data_len > server->packet_size) { ++ printk(KERN_ERR "smb_proc_readX: invalid data length/offset!! " ++ "%d > %d || (%p - %p) + %d > %d\n", ++ data_len, count, ++ buf, server->packet, data_len, server->packet_size); + result = -EIO; + goto out; + } +diff -ur linux-2.4.27/fs/smbfs/sock.c linux-2.4.28/fs/smbfs/sock.c +--- linux-2.4.27/fs/smbfs/sock.c 2004-11-12 19:32:24.000000000 +0000 ++++ linux-2.4.28/fs/smbfs/sock.c 2004-11-19 20:18:27.000000000 +0000 +@@ -571,7 +571,11 @@ + parm_disp, parm_offset, parm_count, + data_disp, data_offset, data_count); + *parm = base + parm_offset; ++ if (*parm - inbuf + parm_tot > server->packet_size) ++ goto out_bad_parm; + *data = base + data_offset; ++ if (*data - inbuf + data_tot > server->packet_size) ++ goto out_bad_data; + goto success; + } + +@@ -591,6 +595,8 @@ + rcv_buf = smb_vmalloc(buf_len); + if (!rcv_buf) + goto out_no_mem; ++ memset(rcv_buf, 0, buf_len); ++ + *parm = rcv_buf; + *data = rcv_buf + total_p; + } else if (data_tot > total_d || parm_tot > total_p) +@@ -598,8 +604,12 @@ + + if (parm_disp + parm_count > total_p) + goto out_bad_parm; ++ if (parm_offset + parm_count > server->packet_size) ++ goto out_bad_parm; + if (data_disp + data_count > total_d) + goto out_bad_data; ++ if (data_offset + data_count > server->packet_size) ++ goto out_bad_data; + memcpy(*parm + parm_disp, base + parm_offset, parm_count); + memcpy(*data + data_disp, base + data_offset, data_count); + +@@ -610,8 +620,11 @@ + * Check whether we've received all of the data. Note that + * we use the packet totals -- total lengths might shrink! + */ +- if (data_len >= data_tot && parm_len >= parm_tot) ++ if (data_len >= data_tot && parm_len >= parm_tot) { ++ data_len = data_tot; ++ parm_len = parm_tot; + break; ++ } + } + + /* +@@ -625,6 +638,9 @@ + server->packet = rcv_buf; + rcv_buf = inbuf; + } else { ++ if (parm_len + data_len > buf_len) ++ goto out_data_grew; ++ + PARANOIA("copying data, old size=%d, new size=%u\n", + server->packet_size, buf_len); + memcpy(inbuf, rcv_buf, parm_len + data_len); diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources-af_unix.patch b/sys-kernel/openmosix-sources/files/openmosix-sources-af_unix.patch new file mode 100644 index 000000000000..6ced78404a2d --- /dev/null +++ b/sys-kernel/openmosix-sources/files/openmosix-sources-af_unix.patch @@ -0,0 +1,24 @@ +--- linux-2.4.27/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00 ++++ linux-2.4.28/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00 +@@ -1403,9 +1403,11 @@ + + msg->msg_namelen = 0; + ++ down(&sk->protinfo.af_unix.readsem); ++ + skb = skb_recv_datagram(sk, flags, noblock, &err); + if (!skb) +- goto out; ++ goto out_unlock; + + wake_up_interruptible(&sk->protinfo.af_unix.peer_wait); + +@@ -1449,6 +1451,8 @@ + + out_free: + skb_free_datagram(sk,skb); ++out_unlock: ++ up(&sk->protinfo.af_unix.readsem); + out: + return err; + } diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources-binfmt_elf.patch b/sys-kernel/openmosix-sources/files/openmosix-sources-binfmt_elf.patch new file mode 100644 index 000000000000..9f4f44ee78f5 --- /dev/null +++ b/sys-kernel/openmosix-sources/files/openmosix-sources-binfmt_elf.patch @@ -0,0 +1,85 @@ +diff -ur linux-2.4.27/fs/binfmt_elf.c linux-2.4.27.plasmaroo/fs/binfmt_elf.c +--- linux-2.4.27/fs/binfmt_elf.c 2004-04-14 14:05:40.000000000 +0100 ++++ linux-2.4.27.plasmaroo/fs/binfmt_elf.c 2004-11-19 21:30:26.745410824 +0000 +@@ -299,9 +299,12 @@ + goto out; + + retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size); +- error = retval; +- if (retval < 0) ++ error = -EIO; ++ if (retval != size) { ++ if (retval < 0) ++ error = retval; + goto out_close; ++ } + + eppnt = elf_phdata; + for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) { +@@ -475,8 +478,11 @@ + goto out; + + retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size); +- if (retval < 0) ++ if (retval != size) { ++ if (retval >= 0) ++ retval = -EIO; + goto out_free_ph; ++ } + + files = current->files; /* Refcounted so ok */ + retval = unshare_files(); +@@ -513,7 +519,8 @@ + */ + + retval = -ENOMEM; +- if (elf_ppnt->p_filesz > PATH_MAX) ++ if (elf_ppnt->p_filesz > PATH_MAX || ++ elf_ppnt->p_filesz == 0) + goto out_free_file; + elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz, + GFP_KERNEL); +@@ -523,8 +530,16 @@ + retval = kernel_read(bprm->file, elf_ppnt->p_offset, + elf_interpreter, + elf_ppnt->p_filesz); +- if (retval < 0) ++ if (retval != elf_ppnt->p_filesz) { ++ if (retval >= 0) ++ retval = -EIO; ++ goto out_free_interp; ++ } ++ /* make sure path is NULL terminated */ ++ retval = -EINVAL; ++ if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0') + goto out_free_interp; ++ + /* If the program interpreter is one of these two, + * then assume an iBCS2 image. Otherwise assume + * a native linux image. +@@ -543,8 +558,11 @@ + if (IS_ERR(interpreter)) + goto out_free_interp; + retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE); +- if (retval < 0) ++ if (retval != BINPRM_BUF_SIZE) { ++ if (retval >= 0) ++ retval = -EIO; + goto out_free_dentry; ++ } + + /* Get the exec headers */ + interp_ex = *((struct exec *) bprm->buf); +@@ -682,8 +700,10 @@ + } + + error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags); +- if (BAD_ADDR(error)) +- continue; ++ if (BAD_ADDR(error)) { ++ send_sig(SIGKILL, current, 0); ++ goto out_free_dentry; ++ } + + if (!load_addr_set) { + load_addr_set = 1; diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2003-0985.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2003-0985.patch new file mode 100644 index 000000000000..dacf6ed810f9 --- /dev/null +++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2003-0985.patch @@ -0,0 +1,13 @@ +--- linux/mm/mremap.c.orig 2004-01-05 17:01:21.382104120 +0000 ++++ linux/mm/mremap.c 2004-01-05 17:15:25.689749848 +0000 +@@ -315,6 +315,10 @@ + old_len = PAGE_ALIGN(old_len); + new_len = PAGE_ALIGN(new_len); + ++ /* Don't allow the degenerate cases */ ++ if (!old_len || !new_len) ++ goto out; ++ + /* new_addr is only valid if MREMAP_FIXED is specified */ + if (flags & MREMAP_FIXED) { + if (new_addr & ~PAGE_MASK) diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0001.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0001.patch new file mode 100644 index 000000000000..bb51f9aa9a62 --- /dev/null +++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0001.patch @@ -0,0 +1,29 @@ +diff -u linux/arch/x86_64/ia32/ptrace32.c-PTRACE linux/arch/x86_64/ia32/ptrace32.c +--- linux/arch/x86_64/ia32/ptrace32.c-PTRACE 2003-06-16 13:03:58.000000000 +0200 ++++ linux/arch/x86_64/ia32/ptrace32.c 2004-01-07 18:04:43.000000000 +0100 +@@ -25,6 +25,10 @@ + #include <asm/fpu32.h> + #include <linux/mm.h> + ++/* determines which flags the user has access to. */ ++/* 1 = access 0 = no access */ ++#define FLAG_MASK 0x44dd5UL ++ + #define R32(l,q) \ + case offsetof(struct user32, regs.l): stack[offsetof(struct pt_regs, q)/8] = val; break + +@@ -69,9 +73,12 @@ + R32(eip, rip); + R32(esp, rsp); + +- case offsetof(struct user32, regs.eflags): +- stack[offsetof(struct pt_regs, eflags)/8] = val & 0x44dd5; ++ case offsetof(struct user32, regs.eflags): { ++ __u64 *flags = &stack[offsetof(struct pt_regs, eflags)/8]; ++ val &= FLAG_MASK; ++ *flags = val | (*flags & ~FLAG_MASK); + break; ++ } + + case offsetof(struct user32, u_debugreg[4]): + case offsetof(struct user32, u_debugreg[5]): diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0010.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0010.patch new file mode 100644 index 000000000000..6b4b1cefa49e --- /dev/null +++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0010.patch @@ -0,0 +1,200 @@ +diff -urN linux-2.4.25-pre6/fs/ncpfs/dir.c linux-2.4.25-pre7/fs/ncpfs/dir.c +--- linux-2.4.25-pre6/fs/ncpfs/dir.c 2002-11-28 15:53:15.000000000 -0800 ++++ linux-2.4.25-pre7/fs/ncpfs/dir.c 2004-01-23 10:53:26.000000000 -0800 +@@ -266,8 +266,8 @@ + struct ncp_server *server; + struct inode *dir = dentry->d_parent->d_inode; + struct ncp_entry_info finfo; +- int res, val = 0, len = dentry->d_name.len + 1; +- __u8 __name[len]; ++ int res, val = 0, len; ++ __u8 __name[NCP_MAXPATHLEN + 1]; + + if (!dentry->d_inode || !dir) + goto finished; +@@ -291,14 +291,15 @@ + dentry->d_parent->d_name.name, dentry->d_name.name, + NCP_GET_AGE(dentry)); + ++ len = sizeof(__name); + if (ncp_is_server_root(dir)) { + res = ncp_io2vol(server, __name, &len, dentry->d_name.name, +- len-1, 1); ++ dentry->d_name.len, 1); + if (!res) + res = ncp_lookup_volume(server, __name, &(finfo.i)); + } else { + res = ncp_io2vol(server, __name, &len, dentry->d_name.name, +- len-1, !ncp_preserve_case(dir)); ++ dentry->d_name.len, !ncp_preserve_case(dir)); + if (!res) + res = ncp_obtain_info(server, dir, __name, &(finfo.i)); + } +@@ -548,9 +549,9 @@ + int valid = 0; + int hashed = 0; + ino_t ino = 0; +- __u8 __name[256]; ++ __u8 __name[NCP_MAXPATHLEN + 1]; + +- qname.len = 256; ++ qname.len = sizeof(__name); + if (ncp_vol2io(NCP_SERVER(inode), __name, &qname.len, + entry->i.entryName, entry->i.nameLen, + !ncp_preserve_entry_case(inode, entry->i.NSCreator))) +@@ -705,16 +706,19 @@ + { + struct ncp_server* server = NCP_SBP(sb); + struct nw_info_struct i; +- int result, len = strlen(server->m.mounted_vol) + 1; +- __u8 __name[len]; ++ int result; + + if (ncp_single_volume(server)) { ++ int len; + struct dentry* dent; ++ __u8 __name[NCP_MAXPATHLEN + 1]; + +- result = -ENOENT; +- if (ncp_io2vol(server, __name, &len, server->m.mounted_vol, +- len-1, 1)) ++ len = sizeof(__name); ++ result = ncp_io2vol(server, __name, &len, server->m.mounted_vol, ++ strlen(server->m.mounted_vol), 1); ++ if (result) + goto out; ++ result = -ENOENT; + if (ncp_lookup_volume(server, __name, &i)) { + PPRINTK("ncp_conn_logged_in: %s not found\n", + server->m.mounted_vol); +@@ -745,8 +749,8 @@ + struct ncp_server *server = NCP_SERVER(dir); + struct inode *inode = NULL; + struct ncp_entry_info finfo; +- int error, res, len = dentry->d_name.len + 1; +- __u8 __name[len]; ++ int error, res, len; ++ __u8 __name[NCP_MAXPATHLEN + 1]; + + error = -EIO; + if (!ncp_conn_valid(server)) +@@ -755,14 +759,15 @@ + PPRINTK("ncp_lookup: server lookup for %s/%s\n", + dentry->d_parent->d_name.name, dentry->d_name.name); + ++ len = sizeof(__name); + if (ncp_is_server_root(dir)) { + res = ncp_io2vol(server, __name, &len, dentry->d_name.name, +- len-1, 1); ++ dentry->d_name.len, 1); + if (!res) + res = ncp_lookup_volume(server, __name, &(finfo.i)); + } else { + res = ncp_io2vol(server, __name, &len, dentry->d_name.name, +- len-1, !ncp_preserve_case(dir)); ++ dentry->d_name.len, !ncp_preserve_case(dir)); + if (!res) + res = ncp_obtain_info(server, dir, __name, &(finfo.i)); + } +@@ -825,9 +830,9 @@ + { + struct ncp_server *server = NCP_SERVER(dir); + struct ncp_entry_info finfo; +- int error, result, len = dentry->d_name.len + 1; ++ int error, result, len; + int opmode; +- __u8 __name[len]; ++ __u8 __name[NCP_MAXPATHLEN + 1]; + + PPRINTK("ncp_create_new: creating %s/%s, mode=%x\n", + dentry->d_parent->d_name.name, dentry->d_name.name, mode); +@@ -836,8 +841,9 @@ + goto out; + + ncp_age_dentry(server, dentry); ++ len = sizeof(__name); + error = ncp_io2vol(server, __name, &len, dentry->d_name.name, +- len-1, !ncp_preserve_case(dir)); ++ dentry->d_name.len, !ncp_preserve_case(dir)); + if (error) + goto out; + +@@ -880,8 +886,8 @@ + { + struct ncp_entry_info finfo; + struct ncp_server *server = NCP_SERVER(dir); +- int error, len = dentry->d_name.len + 1; +- __u8 __name[len]; ++ int error, len; ++ __u8 __name[NCP_MAXPATHLEN + 1]; + + DPRINTK("ncp_mkdir: making %s/%s\n", + dentry->d_parent->d_name.name, dentry->d_name.name); +@@ -890,8 +896,9 @@ + goto out; + + ncp_age_dentry(server, dentry); ++ len = sizeof(__name); + error = ncp_io2vol(server, __name, &len, dentry->d_name.name, +- len-1, !ncp_preserve_case(dir)); ++ dentry->d_name.len, !ncp_preserve_case(dir)); + if (error) + goto out; + +@@ -909,8 +916,8 @@ + static int ncp_rmdir(struct inode *dir, struct dentry *dentry) + { + struct ncp_server *server = NCP_SERVER(dir); +- int error, result, len = dentry->d_name.len + 1; +- __u8 __name[len]; ++ int error, result, len; ++ __u8 __name[NCP_MAXPATHLEN + 1]; + + DPRINTK("ncp_rmdir: removing %s/%s\n", + dentry->d_parent->d_name.name, dentry->d_name.name); +@@ -923,8 +930,9 @@ + if (!d_unhashed(dentry)) + goto out; + ++ len = sizeof(__name); + error = ncp_io2vol(server, __name, &len, dentry->d_name.name, +- len-1, !ncp_preserve_case(dir)); ++ dentry->d_name.len, !ncp_preserve_case(dir)); + if (error) + goto out; + +@@ -1022,9 +1030,8 @@ + { + struct ncp_server *server = NCP_SERVER(old_dir); + int error; +- int old_len = old_dentry->d_name.len + 1; +- int new_len = new_dentry->d_name.len + 1; +- __u8 __old_name[old_len], __new_name[new_len]; ++ int old_len, new_len; ++ __u8 __old_name[NCP_MAXPATHLEN + 1], __new_name[NCP_MAXPATHLEN + 1]; + + DPRINTK("ncp_rename: %s/%s to %s/%s\n", + old_dentry->d_parent->d_name.name, old_dentry->d_name.name, +@@ -1037,15 +1044,17 @@ + ncp_age_dentry(server, old_dentry); + ncp_age_dentry(server, new_dentry); + ++ old_len = sizeof(__old_name); + error = ncp_io2vol(server, __old_name, &old_len, +- old_dentry->d_name.name, old_len-1, +- !ncp_preserve_case(old_dir)); ++ old_dentry->d_name.name, old_dentry->d_name.len, ++ !ncp_preserve_case(old_dir)); + if (error) + goto out; + ++ new_len = sizeof(__new_name); + error = ncp_io2vol(server, __new_name, &new_len, +- new_dentry->d_name.name, new_len-1, +- !ncp_preserve_case(new_dir)); ++ new_dentry->d_name.name, new_dentry->d_name.len, ++ !ncp_preserve_case(new_dir)); + if (error) + goto out; + + diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0109.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0109.patch new file mode 100644 index 000000000000..d02b51c57fc6 --- /dev/null +++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0109.patch @@ -0,0 +1,87 @@ +--- linux/fs/isofs/rock.c.orig ++++ linux/fs/isofs/rock.c +@@ -14,6 +14,7 @@ + #include <linux/slab.h> + #include <linux/pagemap.h> + #include <linux/smp_lock.h> ++#include <asm/page.h> + + #include "rock.h" + +@@ -419,7 +420,7 @@ + return 0; + } + +-static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr) ++static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit) + { + int slen; + int rootflag; +@@ -431,16 +432,25 @@ + rootflag = 0; + switch (slp->flags & ~1) { + case 0: ++ if (slp->len > plimit - rpnt) ++ return NULL; + memcpy(rpnt, slp->text, slp->len); + rpnt+=slp->len; + break; ++ case 2: ++ if (rpnt >= plimit) ++ return NULL; ++ *rpnt++='.'; ++ break; + case 4: ++ if (2 > plimit - rpnt) ++ return NULL; + *rpnt++='.'; +- /* fallthru */ +- case 2: + *rpnt++='.'; + break; + case 8: ++ if (rpnt >= plimit) ++ return NULL; + rootflag = 1; + *rpnt++='/'; + break; +@@ -457,17 +467,23 @@ + * If there is another SL record, and this component + * record isn't continued, then add a slash. + */ +- if ((!rootflag) && (rr->u.SL.flags & 1) && !(oldslp->flags & 1)) ++ if ((!rootflag) && (rr->u.SL.flags & 1) && ++ !(oldslp->flags & 1)) { ++ if (rpnt >= plimit) ++ return NULL; + *rpnt++='/'; ++ } + break; + } + + /* + * If this component record isn't continued, then append a '/'. + */ +- if (!rootflag && !(oldslp->flags & 1)) ++ if (!rootflag && !(oldslp->flags & 1)) { ++ if (rpnt >= plimit) ++ return NULL; + *rpnt++='/'; +- ++ } + } + return rpnt; + } +@@ -548,7 +564,10 @@ + CHECK_SP(goto out); + break; + case SIG('S', 'L'): +- rpnt = get_symlink_chunk(rpnt, rr); ++ rpnt = get_symlink_chunk(rpnt, rr, ++ link + (PAGE_SIZE - 1)); ++ if (rpnt == NULL) ++ goto out; + break; + case SIG('C', 'E'): + /* This tells is if there is a continuation record */ + diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0177.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0177.patch new file mode 100644 index 000000000000..da6b7e190685 --- /dev/null +++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0177.patch @@ -0,0 +1,10 @@ +--- linux-2.4.26-pre3/fs/jbd/journal.c 2004-02-18 05:36:31.000000000 -0800 ++++ linux-2.4.26-pre4/fs/jbd/journal.c 2004-03-16 09:59:36.000000000 -0800 +@@ -671,6 +671,7 @@ + + bh = getblk(journal->j_dev, blocknr, journal->j_blocksize); + lock_buffer(bh); ++ memset(bh->b_data, 0, journal->j_blocksize); + BUFFER_TRACE(bh, "return this buffer"); + return journal_add_journal_head(bh); + } diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0178.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0178.patch new file mode 100644 index 000000000000..19e57268c2fa --- /dev/null +++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0178.patch @@ -0,0 +1,11 @@ +--- linux-2.4.26-pre2/drivers/sound/sb_audio.c 2002-02-25 11:38:06.000000000 -0800 ++++ linux-2.4.26-pre3/drivers/sound/sb_audio.c 2004-03-13 07:43:23.000000000 -0800 +@@ -879,7 +879,7 @@ + c -= locallen; p += locallen; + } + /* used = ( samples * 16 bits size ) */ +- *used = len << 1; ++ *used = max_in > ( max_out << 1) ? (max_out << 1) : max_in; + /* returned = ( samples * 8 bits size ) */ + *returned = len; + } diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0181.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0181.patch new file mode 100644 index 000000000000..5f7f1441b268 --- /dev/null +++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0181.patch @@ -0,0 +1,38 @@ +--- linux-2.4.22/fs/jfs/jfs_logmgr.c.jfs-sec 2004-03-23 12:30:35.000000000 -0700 ++++ linux-2.4.22/fs/jfs/jfs_logmgr.c 2004-03-23 13:01:51.000000000 -0700 +@@ -1693,7 +1693,7 @@ + if (lbuf == 0) + goto error; + lbuf->l_bh.b_data = lbuf->l_ldata = +- (char *) __get_free_page(GFP_KERNEL); ++ (char *) get_zeroed_page(GFP_KERNEL); + if (lbuf->l_ldata == 0) { + kfree(lbuf); + goto error; +--- linux-2.4.22/fs/jfs/jfs_metapage.c.jfs-sec 2004-03-23 12:30:48.000000000 -0700 ++++ linux-2.4.22/fs/jfs/jfs_metapage.c 2004-03-23 13:01:51.000000000 -0700 +@@ -375,6 +375,10 @@ + } + mp->data = kmap(mp->page) + page_offset; + } ++ ++ if (new) ++ memset(mp->data, 0, PSIZE); ++ + jfs_info("__get_metapage: returning = 0x%p", mp); + return mp; + +--- linux-2.4.22/fs/jfs/super.c.jfs-sec 2004-03-23 12:31:10.000000000 -0700 ++++ linux-2.4.22/fs/jfs/super.c 2004-03-23 13:01:51.000000000 -0700 +@@ -423,10 +423,10 @@ + + if ((flags & (SLAB_CTOR_VERIFY | SLAB_CTOR_CONSTRUCTOR)) == + SLAB_CTOR_CONSTRUCTOR) { ++ memset(jfs_ip, 0, sizeof(struct jfs_inode_info)); + INIT_LIST_HEAD(&jfs_ip->anon_inode_list); + init_rwsem(&jfs_ip->rdwrlock); + init_MUTEX(&jfs_ip->commit_sem); +- jfs_ip->atlhead = 0; + jfs_ip->active_ag = -1; + } + } diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0495.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0495.patch new file mode 100644 index 000000000000..bea80eac69a9 --- /dev/null +++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0495.patch @@ -0,0 +1,655 @@ +--- linux/net/decnet/dn_dev.c.bak Wed Jun 16 14:42:24 2004 ++++ linux/net/decnet/dn_dev.c Wed Jun 16 14:42:34 2004 +@@ -1070,31 +1070,39 @@ int dnet_gifconf(struct net_device *dev, + { + struct dn_dev *dn_db = (struct dn_dev *)dev->dn_ptr; + struct dn_ifaddr *ifa; +- struct ifreq *ifr = (struct ifreq *)buf; ++ char buffer[DN_IFREQ_SIZE]; ++ struct ifreq *ifr = (struct ifreq *)buffer; ++ struct sockaddr_dn *addr = (struct sockaddr_dn *)&ifr->ifr_addr; + int done = 0; + + if ((dn_db == NULL) || ((ifa = dn_db->ifa_list) == NULL)) + return 0; + + for(; ifa; ifa = ifa->ifa_next) { +- if (!ifr) { ++ if (!buf) { + done += sizeof(DN_IFREQ_SIZE); + continue; + } + if (len < DN_IFREQ_SIZE) + return done; +- memset(ifr, 0, DN_IFREQ_SIZE); ++ memset(buffer, 0, DN_IFREQ_SIZE); + + if (ifa->ifa_label) + strcpy(ifr->ifr_name, ifa->ifa_label); + else + strcpy(ifr->ifr_name, dev->name); + +- (*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_family = AF_DECnet; +- (*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_add.a_len = 2; +- (*(dn_address *)(*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_add.a_addr) = ifa->ifa_local; ++ addr->sdn_family = AF_DECnet; ++ addr->sdn_add.a_len = 2; ++ memcpy(addr->sdn_add.a_addr, &ifa->ifa_local, ++ sizeof(dn_address)); + +- ifr = (struct ifreq *)((char *)ifr + DN_IFREQ_SIZE); ++ if (copy_to_user(buf, buffer, DN_IFREQ_SIZE)) { ++ done = -EFAULT; ++ break; ++ } ++ ++ buf += DN_IFREQ_SIZE; + len -= DN_IFREQ_SIZE; + done += DN_IFREQ_SIZE; + } +--- linux-2.4.21/drivers/net/wireless/airo.c 2003-06-13 15:51:35.000000000 +0100 ++++ linux-2.4.21/drivers/net/wireless/airo.c.plasmaroo 2004-06-24 11:09:08.260352168 +0100 +@@ -3012,19 +3012,22 @@ + size_t len, + loff_t *offset ) + { +- int i; +- int pos; ++ loff_t pos = *offset; + struct proc_data *priv = (struct proc_data*)file->private_data; + +- if( !priv->rbuffer ) return -EINVAL; ++ if (!priv->rbuffer) ++ return -EINVAL; + +- pos = *offset; +- for( i = 0; i+pos < priv->readlen && i < len; i++ ) { +- if (put_user( priv->rbuffer[i+pos], buffer+i )) +- return -EFAULT; +- } +- *offset += i; +- return i; ++ if (pos < 0) ++ return -EINVAL; ++ if (pos >= priv->readlen) ++ return 0; ++ if (len > priv->readlen - pos) ++ len = priv->readlen - pos; ++ if (copy_to_user(buffer, priv->rbuffer + pos, len)) ++ return -EFAULT; ++ *offset = pos + len; ++ return len; + } + + /* +@@ -3036,24 +3039,24 @@ + size_t len, + loff_t *offset ) + { +- int i; +- int pos; ++ loff_t pos = *offset; + struct proc_data *priv = (struct proc_data*)file->private_data; + +- if ( !priv->wbuffer ) { ++ if (!priv->wbuffer) + return -EINVAL; +- } +- +- pos = *offset; + +- for( i = 0; i + pos < priv->maxwritelen && +- i < len; i++ ) { +- if (get_user( priv->wbuffer[i+pos], buffer + i )) +- return -EFAULT; +- } +- if ( i+pos > priv->writelen ) priv->writelen = i+file->f_pos; +- *offset += i; +- return i; ++ if (pos < 0) ++ return -EINVAL; ++ if (pos >= priv->maxwritelen) ++ return 0; ++ if (len > priv->maxwritelen - pos) ++ len = priv->maxwritelen - pos; ++ if (copy_from_user(priv->wbuffer + pos, buffer, len)) ++ return -EFAULT; ++ if (pos + len > priv->writelen) ++ priv->writelen = pos + len; ++ *offset = pos + len; ++ return len; + } + + static int proc_status_open( struct inode *inode, struct file *file ) { +--- linux/drivers/sound/mpu401.c.bak Wed Jun 16 14:42:24 2004 ++++ linux/drivers/sound/mpu401.c Wed Jun 16 14:42:34 2004 +@@ -1493,14 +1493,16 @@ static unsigned long mpu_timer_get_time( + static int mpu_timer_ioctl(int dev, unsigned int command, caddr_t arg) + { + int midi_dev = sound_timer_devs[dev]->devlink; ++ int *p = (int *)arg; + + switch (command) + { + case SNDCTL_TMR_SOURCE: + { + int parm; +- +- parm = *(int *) arg; ++ ++ if (get_user(parm, p)) ++ return -EFAULT; + parm &= timer_caps; + + if (parm != 0) +@@ -1512,7 +1514,9 @@ static int mpu_timer_ioctl(int dev, unsi + else if (timer_mode & TMR_MODE_SMPTE) + mpu_cmd(midi_dev, 0x3d, 0); /* Use SMPTE sync */ + } +- return (*(int *) arg = timer_mode); ++ if (put_user(timer_mode, p)) ++ return -EFAULT; ++ return timer_mode; + } + break; + +@@ -1537,10 +1541,13 @@ static int mpu_timer_ioctl(int dev, unsi + { + int val; + +- val = *(int *) arg; ++ if (get_user(val, p)) ++ return -EFAULT; + if (val) + set_timebase(midi_dev, val); +- return (*(int *) arg = curr_timebase); ++ if (put_user(curr_timebase, p)) ++ return -EFAULT; ++ return curr_timebase; + } + break; + +@@ -1549,7 +1556,8 @@ static int mpu_timer_ioctl(int dev, unsi + int val; + int ret; + +- val = *(int *) arg; ++ if (get_user(val, p)) ++ return -EFAULT; + + if (val) + { +@@ -1564,7 +1572,9 @@ static int mpu_timer_ioctl(int dev, unsi + } + curr_tempo = val; + } +- return (*(int *) arg = curr_tempo); ++ if (put_user(curr_tempo, p)) ++ return -EFAULT; ++ return curr_tempo; + } + break; + +@@ -1572,18 +1582,25 @@ static int mpu_timer_ioctl(int dev, unsi + { + int val; + +- val = *(int *) arg; ++ if (get_user(val, p)) ++ return -EFAULT; + if (val != 0) /* Can't change */ + return -EINVAL; +- return (*(int *) arg = ((curr_tempo * curr_timebase) + 30) / 60); ++ val = (curr_tempo * curr_timebase + 30) / 60; ++ if (put_user(val, p)) ++ return -EFAULT; ++ return val; + } + break; + + case SNDCTL_SEQ_GETTIME: +- return (*(int *) arg = curr_ticks); ++ if (put_user(curr_ticks, p)) ++ return -EFAULT; ++ return curr_ticks; + + case SNDCTL_TMR_METRONOME: +- metronome_mode = *(int *) arg; ++ if (get_user(metronome_mode, p)) ++ return -EFAULT; + setup_metronome(midi_dev); + return 0; + +--- linux/drivers/sound/msnd.c.bak Wed Jun 16 14:42:24 2004 ++++ linux/drivers/sound/msnd.c Wed Jun 16 14:42:34 2004 +@@ -155,13 +155,10 @@ void msnd_fifo_make_empty(msnd_fifo *f) + f->len = f->tail = f->head = 0; + } + +-int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len, int user) ++int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len) + { + int count = 0; + +- if (f->len == f->n) +- return 0; +- + while ((count < len) && (f->len != f->n)) { + + int nwritten; +@@ -177,11 +174,7 @@ int msnd_fifo_write(msnd_fifo *f, const + nwritten = len - count; + } + +- if (user) { +- if (copy_from_user(f->data + f->tail, buf, nwritten)) +- return -EFAULT; +- } else +- isa_memcpy_fromio(f->data + f->tail, (unsigned long) buf, nwritten); ++ isa_memcpy_fromio(f->data + f->tail, (unsigned long) buf, nwritten); + + count += nwritten; + buf += nwritten; +@@ -193,13 +186,10 @@ int msnd_fifo_write(msnd_fifo *f, const + return count; + } + +-int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len, int user) ++int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len) + { + int count = 0; + +- if (f->len == 0) +- return f->len; +- + while ((count < len) && (f->len > 0)) { + + int nread; +@@ -215,11 +205,7 @@ int msnd_fifo_read(msnd_fifo *f, char *b + nread = len - count; + } + +- if (user) { +- if (copy_to_user(buf, f->data + f->head, nread)) +- return -EFAULT; +- } else +- isa_memcpy_toio((unsigned long) buf, f->data + f->head, nread); ++ isa_memcpy_toio((unsigned long) buf, f->data + f->head, nread); + + count += nread; + buf += nread; +--- linux/drivers/sound/msnd.h.bak Wed Jun 16 14:42:24 2004 ++++ linux/drivers/sound/msnd.h Wed Jun 16 14:42:34 2004 +@@ -266,8 +266,8 @@ void msnd_fifo_init(msnd_fifo *f); + void msnd_fifo_free(msnd_fifo *f); + int msnd_fifo_alloc(msnd_fifo *f, size_t n); + void msnd_fifo_make_empty(msnd_fifo *f); +-int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len, int user); +-int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len, int user); ++int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len); ++int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len); + + int msnd_wait_TXDE(multisound_dev_t *dev); + int msnd_wait_HC0(multisound_dev_t *dev); +--- linux/drivers/sound/msnd_pinnacle.c.bak Wed Jun 16 14:42:24 2004 ++++ linux/drivers/sound/msnd_pinnacle.c Wed Jun 16 14:42:34 2004 +@@ -804,7 +804,7 @@ static int dev_release(struct inode *ino + + static __inline__ int pack_DARQ_to_DARF(register int bank) + { +- register int size, n, timeout = 3; ++ register int size, timeout = 3; + register WORD wTmp; + LPDAQD DAQD; + +@@ -825,13 +825,10 @@ static __inline__ int pack_DARQ_to_DARF( + /* Read data from the head (unprotected bank 1 access okay + since this is only called inside an interrupt) */ + outb(HPBLKSEL_1, dev.io + HP_BLKS); +- if ((n = msnd_fifo_write( ++ msnd_fifo_write( + &dev.DARF, + (char *)(dev.base + bank * DAR_BUFF_SIZE), +- size, 0)) <= 0) { +- outb(HPBLKSEL_0, dev.io + HP_BLKS); +- return n; +- } ++ size); + outb(HPBLKSEL_0, dev.io + HP_BLKS); + + return 1; +@@ -853,21 +850,16 @@ static __inline__ int pack_DAPF_to_DAPQ( + if (protect) { + /* Critical section: protect fifo in non-interrupt */ + spin_lock_irqsave(&dev.lock, flags); +- if ((n = msnd_fifo_read( ++ n = msnd_fifo_read( + &dev.DAPF, + (char *)(dev.base + bank_num * DAP_BUFF_SIZE), +- DAP_BUFF_SIZE, 0)) < 0) { +- spin_unlock_irqrestore(&dev.lock, flags); +- return n; +- } ++ DAP_BUFF_SIZE); + spin_unlock_irqrestore(&dev.lock, flags); + } else { +- if ((n = msnd_fifo_read( ++ n = msnd_fifo_read( + &dev.DAPF, + (char *)(dev.base + bank_num * DAP_BUFF_SIZE), +- DAP_BUFF_SIZE, 0)) < 0) { +- return n; +- } ++ DAP_BUFF_SIZE); + } + if (!n) + break; +@@ -894,30 +886,43 @@ static __inline__ int pack_DAPF_to_DAPQ( + static int dsp_read(char *buf, size_t len) + { + int count = len; ++ char *page = (char *)__get_free_page(PAGE_SIZE); ++ ++ if (!page) ++ return -ENOMEM; + + while (count > 0) { +- int n; ++ int n, k; + unsigned long flags; + ++ k = PAGE_SIZE; ++ if (k > count) ++ k = count; ++ + /* Critical section: protect fifo in non-interrupt */ + spin_lock_irqsave(&dev.lock, flags); +- if ((n = msnd_fifo_read(&dev.DARF, buf, count, 1)) < 0) { +- printk(KERN_WARNING LOGNAME ": FIFO read error\n"); +- spin_unlock_irqrestore(&dev.lock, flags); +- return n; +- } ++ n = msnd_fifo_read(&dev.DARF, page, k); + spin_unlock_irqrestore(&dev.lock, flags); ++ if (copy_to_user(buf, page, n)) { ++ free_page((unsigned long)page); ++ return -EFAULT; ++ } + buf += n; + count -= n; + ++ if (n == k && count) ++ continue; ++ + if (!test_bit(F_READING, &dev.flags) && dev.mode & FMODE_READ) { + dev.last_recbank = -1; + if (chk_send_dsp_cmd(&dev, HDEX_RECORD_START) == 0) + set_bit(F_READING, &dev.flags); + } + +- if (dev.rec_ndelay) ++ if (dev.rec_ndelay) { ++ free_page((unsigned long)page); + return count == len ? -EAGAIN : len - count; ++ } + + if (count > 0) { + set_bit(F_READBLOCK, &dev.flags); +@@ -926,41 +931,57 @@ static int dsp_read(char *buf, size_t le + get_rec_delay_jiffies(DAR_BUFF_SIZE))) + clear_bit(F_READING, &dev.flags); + clear_bit(F_READBLOCK, &dev.flags); +- if (signal_pending(current)) ++ if (signal_pending(current)) { ++ free_page((unsigned long)page); + return -EINTR; ++ } + } + } +- ++ free_page((unsigned long)page); + return len - count; + } + + static int dsp_write(const char *buf, size_t len) + { + int count = len; ++ char *page = (char *)__get_free_page(GFP_KERNEL); ++ ++ if (!page) ++ return -ENOMEM; + + while (count > 0) { +- int n; ++ int n, k; + unsigned long flags; + ++ k = PAGE_SIZE; ++ if (k > count) ++ k = count; ++ ++ if (copy_from_user(page, buf, k)) { ++ free_page((unsigned long)page); ++ return -EFAULT; ++ } ++ + /* Critical section: protect fifo in non-interrupt */ + spin_lock_irqsave(&dev.lock, flags); +- if ((n = msnd_fifo_write(&dev.DAPF, buf, count, 1)) < 0) { +- printk(KERN_WARNING LOGNAME ": FIFO write error\n"); +- spin_unlock_irqrestore(&dev.lock, flags); +- return n; +- } ++ n = msnd_fifo_write(&dev.DAPF, page, k); + spin_unlock_irqrestore(&dev.lock, flags); + buf += n; + count -= n; + ++ if (count && n == k) ++ continue; ++ + if (!test_bit(F_WRITING, &dev.flags) && (dev.mode & FMODE_WRITE)) { + dev.last_playbank = -1; + if (pack_DAPF_to_DAPQ(1) > 0) + set_bit(F_WRITING, &dev.flags); + } + +- if (dev.play_ndelay) ++ if (dev.play_ndelay) { ++ free_page((unsigned long)page); + return count == len ? -EAGAIN : len - count; ++ } + + if (count > 0) { + set_bit(F_WRITEBLOCK, &dev.flags); +@@ -968,11 +989,14 @@ static int dsp_write(const char *buf, si + &dev.writeblock, + get_play_delay_jiffies(DAP_BUFF_SIZE)); + clear_bit(F_WRITEBLOCK, &dev.flags); +- if (signal_pending(current)) ++ if (signal_pending(current)) { ++ free_page((unsigned long)page); + return -EINTR; ++ } + } + } + ++ free_page((unsigned long)page); + return len - count; + } + +--- linux/drivers/sound/pss.c.bak Wed Jun 16 14:42:24 2004 ++++ linux/drivers/sound/pss.c Wed Jun 16 14:42:34 2004 +@@ -450,20 +450,36 @@ static void pss_mixer_reset(pss_confdata + } + } + +-static void arg_to_volume_mono(unsigned int volume, int *aleft) ++static int set_volume_mono(caddr_t p, int *aleft) + { + int left; ++ unsigned volume; ++ if (get_user(volume, (unsigned *)p)) ++ return -EFAULT; + +- left = volume & 0x00ff; ++ left = volume & 0xff; + if (left > 100) + left = 100; + *aleft = left; ++ return 0; + } + +-static void arg_to_volume_stereo(unsigned int volume, int *aleft, int *aright) ++static int set_volume_stereo(caddr_t p, int *aleft, int *aright) + { +- arg_to_volume_mono(volume, aleft); +- arg_to_volume_mono(volume >> 8, aright); ++ int left, right; ++ unsigned volume; ++ if (get_user(volume, (unsigned *)p)) ++ return -EFAULT; ++ ++ left = volume & 0xff; ++ if (left > 100) ++ left = 100; ++ right = (volume >> 8) & 0xff; ++ if (right > 100) ++ right = 100; ++ *aleft = left; ++ *aright = right; ++ return 0; + } + + static int ret_vol_mono(int left) +@@ -510,33 +526,38 @@ static int pss_mixer_ioctl (int dev, uns + return call_ad_mixer(devc, cmd, arg); + else + { +- if (*(int *)arg != 0) ++ int v; ++ if (get_user(v, (int *)arg)) ++ return -EFAULT; ++ if (v != 0) + return -EINVAL; + return 0; + } + case SOUND_MIXER_VOLUME: +- arg_to_volume_stereo(*(unsigned int *)arg, &devc->mixer.volume_l, +- &devc->mixer.volume_r); ++ if (set_volume_stereo(arg, ++ &devc->mixer.volume_l, ++ &devc->mixer.volume_r)) ++ return -EFAULT; + set_master_volume(devc, devc->mixer.volume_l, + devc->mixer.volume_r); + return ret_vol_stereo(devc->mixer.volume_l, + devc->mixer.volume_r); + + case SOUND_MIXER_BASS: +- arg_to_volume_mono(*(unsigned int *)arg, +- &devc->mixer.bass); ++ if (set_volume_mono(arg, &devc->mixer.bass)) ++ return -EFAULT; + set_bass(devc, devc->mixer.bass); + return ret_vol_mono(devc->mixer.bass); + + case SOUND_MIXER_TREBLE: +- arg_to_volume_mono(*(unsigned int *)arg, +- &devc->mixer.treble); ++ if (set_volume_mono(arg, &devc->mixer.treble)) ++ return -EFAULT; + set_treble(devc, devc->mixer.treble); + return ret_vol_mono(devc->mixer.treble); + + case SOUND_MIXER_SYNTH: +- arg_to_volume_mono(*(unsigned int *)arg, +- &devc->mixer.synth); ++ if (set_volume_mono(arg, &devc->mixer.synth)) ++ return -EFAULT; + set_synth_volume(devc, devc->mixer.synth); + return ret_vol_mono(devc->mixer.synth); + +@@ -546,54 +567,67 @@ static int pss_mixer_ioctl (int dev, uns + } + else + { ++ int val, and_mask = 0, or_mask = 0; + /* + * Return parameters + */ + switch (cmdf) + { +- + case SOUND_MIXER_DEVMASK: + if (call_ad_mixer(devc, cmd, arg) == -EINVAL) +- *(int *)arg = 0; /* no mixer devices */ +- return (*(int *)arg |= SOUND_MASK_VOLUME | SOUND_MASK_BASS | SOUND_MASK_TREBLE | SOUND_MASK_SYNTH); ++ break; ++ and_mask = ~0; ++ or_mask = SOUND_MASK_VOLUME | SOUND_MASK_BASS | SOUND_MASK_TREBLE | SOUND_MASK_SYNTH; ++ break; + + case SOUND_MIXER_STEREODEVS: + if (call_ad_mixer(devc, cmd, arg) == -EINVAL) +- *(int *)arg = 0; /* no stereo devices */ +- return (*(int *)arg |= SOUND_MASK_VOLUME); ++ break; ++ and_mask = ~0; ++ or_mask = SOUND_MASK_VOLUME; ++ break; + + case SOUND_MIXER_RECMASK: + if (devc->ad_mixer_dev != NO_WSS_MIXER) + return call_ad_mixer(devc, cmd, arg); +- else +- return (*(int *)arg = 0); /* no record devices */ ++ break; + + case SOUND_MIXER_CAPS: + if (devc->ad_mixer_dev != NO_WSS_MIXER) + return call_ad_mixer(devc, cmd, arg); +- else +- return (*(int *)arg = SOUND_CAP_EXCL_INPUT); ++ or_mask = SOUND_CAP_EXCL_INPUT; ++ break; + + case SOUND_MIXER_RECSRC: + if (devc->ad_mixer_dev != NO_WSS_MIXER) + return call_ad_mixer(devc, cmd, arg); +- else +- return (*(int *)arg = 0); /* no record source */ ++ break; + + case SOUND_MIXER_VOLUME: +- return (*(int *)arg = ret_vol_stereo(devc->mixer.volume_l, devc->mixer.volume_r)); ++ or_mask = ret_vol_stereo(devc->mixer.volume_l, devc->mixer.volume_r); ++ break; + + case SOUND_MIXER_BASS: +- return (*(int *)arg = ret_vol_mono(devc->mixer.bass)); ++ or_mask = ret_vol_mono(devc->mixer.bass); ++ break; + + case SOUND_MIXER_TREBLE: +- return (*(int *)arg = ret_vol_mono(devc->mixer.treble)); ++ or_mask = ret_vol_mono(devc->mixer.treble); ++ break; + + case SOUND_MIXER_SYNTH: +- return (*(int *)arg = ret_vol_mono(devc->mixer.synth)); ++ or_mask = ret_vol_mono(devc->mixer.synth); ++ break; + default: + return -EINVAL; + } ++ if (get_user(val, (int *)arg)) ++ return -EFAULT; ++ val &= and_mask; ++ val |= or_mask; ++ if (put_user(val, (int *)arg)) ++ return -EFAULT; ++ return val; + } + } + diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0497.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0497.patch new file mode 100644 index 000000000000..9503e9efe57b --- /dev/null +++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0497.patch @@ -0,0 +1,23 @@ +# ChangeSet +# +# fs/attr.c +# 2004/07/03 18:28:30-03:00 marcelo@logos.cnet +1 -0 +# Thomas Biege: Fix missing DAC check on sys_chown +# +# fs/attr.c +# 2004/07/03 19:28:29-03:00 marcelo@logos.cnet +1 -1 +# Add missing bracket to inode_change_ok() fix +# +diff -Nru a/fs/attr.c b.plasmaroo/fs/attr.c +--- a/fs/attr.c 2004-07-08 17:05:20 -07:00 ++++ b.plasmaroo/fs/attr.c 2004-07-08 17:05:20 -07:00 +@@ -35,7 +35,8 @@ + + /* Make sure caller can chgrp. */ + if ((ia_valid & ATTR_GID) && +- (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid) && ++ (current->fsuid != inode->i_uid || ++ (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && + !capable(CAP_CHOWN)) + goto error; + diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0535.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0535.patch new file mode 100644 index 000000000000..669fc5fd32fb --- /dev/null +++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0535.patch @@ -0,0 +1,12 @@ +--- drivers/net/e1000/e1000_ethtool.c 2003-06-13 15:51:34.000000000 +0100 ++++ drivers/net/e1000/e1000_ethtool.c.plasmaroo 2004-06-24 11:23:32.524963976 +0100 +@@ -468,6 +468,9 @@ + + if(copy_from_user(®s, addr, sizeof(regs))) + return -EFAULT; ++ memset(regs_buff, 0, sizeof(regs_buff)); ++ if (regs.len > E1000_REGS_LEN) ++ regs.len = E1000_REGS_LEN; + e1000_ethtool_gregs(adapter, ®s, regs_buff); + if(copy_to_user(addr, ®s, sizeof(regs))) + return -EFAULT; diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0685.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0685.patch new file mode 100644 index 000000000000..d1be834cc8a5 --- /dev/null +++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0685.patch @@ -0,0 +1,83 @@ +# This is a BitKeeper generated diff -Nru style patch. +# +# ChangeSet +# 2004/07/26 19:14:16-03:00 mjc@redhat.com +# [PATCH] USB: more sparse fixes +# +# Back in October 2003 Arnaldo commited some fixes prior to 2.6 for some leaking info to userspace in the +# usb drivers: +# http://linux.bkbits.net:8080/linux-2.6/cset@3f986b35LyBKc-OxB8G6k22oOjgYTQ +# +# The corresponding changes have not been commited to 2.4, or included in +# the previous sparse fixes. +# +# drivers/usb/audio.c +# 2004/07/15 08:46:52-03:00 mjc@redhat.com +4 -0 +# USB: more sparse fixes +# +# drivers/usb/brlvger.c +# 2004/07/15 08:47:27-03:00 mjc@redhat.com +1 -0 +# USB: more sparse fixes +# +# drivers/usb/serial/io_edgeport.c +# 2004/07/15 08:48:06-03:00 mjc@redhat.com +1 -0 +# USB: more sparse fixes +# +# drivers/usb/vicam.c +# 2004/07/15 08:47:13-03:00 mjc@redhat.com +1 -0 +# USB: more sparse fixes +# +diff -Nru a/drivers/usb/audio.c b/drivers/usb/audio.c +--- a/drivers/usb/audio.c 2004-08-08 07:41:30 -07:00 ++++ b/drivers/usb/audio.c 2004-08-08 07:41:30 -07:00 +@@ -2141,6 +2141,8 @@ + + if (cmd == SOUND_MIXER_INFO) { + mixer_info info; ++ ++ memset(&info, 0, sizeof(info)); + strncpy(info.id, "USB_AUDIO", sizeof(info.id)); + strncpy(info.name, "USB Audio Class Driver", sizeof(info.name)); + info.modify_counter = ms->modcnt; +@@ -2150,6 +2152,8 @@ + } + if (cmd == SOUND_OLD_MIXER_INFO) { + _old_mixer_info info; ++ ++ memset(&info, 0, sizeof(info)); + strncpy(info.id, "USB_AUDIO", sizeof(info.id)); + strncpy(info.name, "USB Audio Class Driver", sizeof(info.name)); + if (copy_to_user((void *)arg, &info, sizeof(info))) +diff -Nru a/drivers/usb/brlvger.c b/drivers/usb/brlvger.c +--- a/drivers/usb/brlvger.c 2004-08-08 07:41:30 -07:00 ++++ b/drivers/usb/brlvger.c 2004-08-08 07:41:30 -07:00 +@@ -743,6 +743,7 @@ + case BRLVGER_GET_INFO: { + struct brlvger_info vi; + ++ memset(&vi, 0, sizeof(vi)); + strncpy(vi.driver_version, DRIVER_VERSION, + sizeof(vi.driver_version)); + vi.driver_version[sizeof(vi.driver_version)-1] = 0; +diff -Nru a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c +--- a/drivers/usb/serial/io_edgeport.c 2004-08-08 07:41:30 -07:00 ++++ b/drivers/usb/serial/io_edgeport.c 2004-08-08 07:41:30 -07:00 +@@ -1913,6 +1913,7 @@ + + case TIOCGICOUNT: + cnow = edge_port->icount; ++ memset(&icount, 0, sizeof(icount)); + icount.cts = cnow.cts; + icount.dsr = cnow.dsr; + icount.rng = cnow.rng; +diff -Nru a/drivers/usb/vicam.c b/drivers/usb/vicam.c +--- a/drivers/usb/vicam.c 2004-08-08 07:41:30 -07:00 ++++ b/drivers/usb/vicam.c 2004-08-08 07:41:30 -07:00 +@@ -481,6 +481,7 @@ + struct video_capability b; + + DBG("VIDIOCGCAP\n"); ++ memset(&b, 0, sizeof(b)); + strcpy(b.name, "ViCam-based Camera"); + b.type = VID_TYPE_CAPTURE; + b.channels = 1; diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0841-fix_ldisc_switch.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0841-fix_ldisc_switch.patch new file mode 100644 index 000000000000..771a07876c72 --- /dev/null +++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0841-fix_ldisc_switch.patch @@ -0,0 +1,34 @@ +--- drivers/char/tty_io.c~ 2004-11-16 13:44:03.027542320 +0300 ++++ drivers/char/tty_io.c 2004-11-16 13:45:53.229789032 +0300 +@@ -763,31 +763,6 @@ + spin_unlock_irqrestore(&tty_termios_lock, flags); + } + +- /* Defer ldisc switch */ +- /* tty_deferred_ldisc_switch(N_TTY); +- +- read_lock(&tasklist_lock); +-#ifdef CONFIG_MOSIX +- for_each_local_task(p) { +-#else +- for_each_task(p) { +-#endif /* CONFIG_MOSIX */ +- if ((tty->session > 0) && (p->session == tty->session) && +- p->leader) { +- send_sig(SIGHUP,p,1); +- send_sig(SIGCONT,p,1); +- if (tty->pgrp > 0) +- p->tty_old_pgrp = tty->pgrp; +- } +- if (p->tty == tty) +- p->tty = NULL; +- } +- read_unlock(&tasklist_lock); +- +- tty->flags = 0; +- tty->session = 0; +- tty->pgrp = -1; +- tty->ctrl_status = 0; + /* + * If one of the devices matches a console pointer, we + * cannot just call hangup() because that will cause |