summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKonstantin V. Arkhipov <voxus@gentoo.org>2005-02-14 16:25:55 +0000
committerKonstantin V. Arkhipov <voxus@gentoo.org>2005-02-14 16:25:55 +0000
commit277024ca1c34022ff7a1a15d65bee66d39cfde63 (patch)
tree7ca016e591f040a47a57ee962b10035b3aa70307 /sys-kernel/openmosix-sources/files
parentstable on amd64, see #81994 (diff)
downloadhistorical-277024ca1c34022ff7a1a15d65bee66d39cfde63.tar.gz
historical-277024ca1c34022ff7a1a15d65bee66d39cfde63.tar.bz2
historical-277024ca1c34022ff7a1a15d65bee66d39cfde63.zip
reverted .24-r10 sources. -* masked
Package-Manager: portage-2.0.51-r15
Diffstat (limited to 'sys-kernel/openmosix-sources/files')
-rw-r--r--sys-kernel/openmosix-sources/files/cmdline-proc-fix.patch11
-rw-r--r--sys-kernel/openmosix-sources/files/digest-openmosix-sources-2.4.24-r105
-rw-r--r--sys-kernel/openmosix-sources/files/openmosix-sources-2.4.24-smbfs.patch80
-rw-r--r--sys-kernel/openmosix-sources/files/openmosix-sources-2.4.27-smbfs.patch97
-rw-r--r--sys-kernel/openmosix-sources/files/openmosix-sources-af_unix.patch24
-rw-r--r--sys-kernel/openmosix-sources/files/openmosix-sources-binfmt_elf.patch85
-rw-r--r--sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2003-0985.patch13
-rw-r--r--sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0001.patch29
-rw-r--r--sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0010.patch200
-rw-r--r--sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0109.patch87
-rw-r--r--sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0177.patch10
-rw-r--r--sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0178.patch11
-rw-r--r--sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0181.patch38
-rw-r--r--sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0495.patch655
-rw-r--r--sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0497.patch23
-rw-r--r--sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0535.patch12
-rw-r--r--sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0685.patch83
-rw-r--r--sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0841-fix_ldisc_switch.patch34
18 files changed, 1497 insertions, 0 deletions
diff --git a/sys-kernel/openmosix-sources/files/cmdline-proc-fix.patch b/sys-kernel/openmosix-sources/files/cmdline-proc-fix.patch
new file mode 100644
index 000000000000..5f26f7f388f6
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/cmdline-proc-fix.patch
@@ -0,0 +1,11 @@
+--- linux-2.4/fs/proc/base.c 2004-04-15 07:09:32.000000000 +0100
++++ linux-2.4/fs/proc/base.c.plasmaroo 2004-08-09 23:30:43.869195800 +0100
+@@ -187,7 +187,7 @@ static int proc_pid_cmdline(struct task_
+ if (mm)
+ atomic_inc(&mm->mm_users);
+ task_unlock(task);
+- if (mm) {
++ if (mm && mm->arg_end) {
+ int len = mm->arg_end - mm->arg_start;
+ if (len > PAGE_SIZE)
+ len = PAGE_SIZE;
diff --git a/sys-kernel/openmosix-sources/files/digest-openmosix-sources-2.4.24-r10 b/sys-kernel/openmosix-sources/files/digest-openmosix-sources-2.4.24-r10
new file mode 100644
index 000000000000..e3b64d95ad6f
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/digest-openmosix-sources-2.4.24-r10
@@ -0,0 +1,5 @@
+MD5 1e055c42921b2396a559d84df4c3d9aa linux-2.4.24.tar.bz2 29837818
+MD5 1c9bc4f32a9fc793cb8f0a6d0f910cb7 openMosix-2.4.24-2.bz2 588330
+MD5 7e0e9f3d57bcc1b1bb7900ada383c129 linux-2.4.23-CAN-2004-0415.patch 89319
+MD5 d4c051e7c6062704be85192e25e2f5b2 linux-2.4.26-CAN-2004-0814.patch 81508
+MD5 5bbbb2201b338ebb74f0bf650b639475 linux-2.4.27-nfs3-xdr.patch.bz2 746
diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources-2.4.24-smbfs.patch b/sys-kernel/openmosix-sources/files/openmosix-sources-2.4.24-smbfs.patch
new file mode 100644
index 000000000000..1d93802f03be
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/openmosix-sources-2.4.24-smbfs.patch
@@ -0,0 +1,80 @@
+diff -ur linux-2.4.20/fs/smbfs/proc.c linux-2.4.20.plasmaroo/fs/smbfs/proc.c
+--- linux-2.4.20/fs/smbfs/proc.c 2004-08-14 18:15:42.000000000 +0100
++++ linux-2.4.20.plasmaroo/fs/smbfs/proc.c 2004-11-19 20:48:37.429884768 +0000
+@@ -1197,10 +1197,12 @@
+ data_len = WVAL(buf, 1);
+
+ /* we can NOT simply trust the data_len given by the server ... */
+- if (data_len > server->packet_size - (buf+3 - server->packet)) {
+- printk(KERN_ERR "smb_proc_read: invalid data length!! "
+- "%d > %d - (%p - %p)\n",
+- data_len, server->packet_size, buf+3, server->packet);
++ if (data_len > count ||
++ (buf+3 - server->packet) + data_len > server->packet_size) {
++ printk(KERN_ERR "smb_proc_read: invalid data length/offset!! "
++ "%d > %d || (%p - %p) + %d > %d\n",
++ data_len, count,
++ buf+3, server->packet, data_len, server->packet_size);
+ result = -EIO;
+ goto out;
+ }
+diff -ur linux-2.4.20/fs/smbfs/sock.c linux-2.4.20.plasmaroo/fs/smbfs/sock.c
+--- linux-2.4.20/fs/smbfs/sock.c 2004-08-14 18:15:42.000000000 +0100
++++ linux-2.4.20.plasmaroo/fs/smbfs/sock.c 2004-11-19 20:48:37.431884464 +0000
+@@ -571,7 +571,11 @@
+ parm_disp, parm_offset, parm_count,
+ data_disp, data_offset, data_count);
+ *parm = base + parm_offset;
++ if (*parm - inbuf + parm_tot > server->packet_size)
++ goto out_bad_parm;
+ *data = base + data_offset;
++ if (*data - inbuf + data_tot > server->packet_size)
++ goto out_bad_data;
+ goto success;
+ }
+
+@@ -591,6 +595,8 @@
+ rcv_buf = smb_vmalloc(buf_len);
+ if (!rcv_buf)
+ goto out_no_mem;
++ memset(rcv_buf, 0, buf_len);
++
+ *parm = rcv_buf;
+ *data = rcv_buf + total_p;
+ } else if (data_tot > total_d || parm_tot > total_p)
+@@ -598,8 +604,12 @@
+
+ if (parm_disp + parm_count > total_p)
+ goto out_bad_parm;
++ if (parm_offset + parm_count > server->packet_size)
++ goto out_bad_parm;
+ if (data_disp + data_count > total_d)
+ goto out_bad_data;
++ if (data_offset + data_count > server->packet_size)
++ goto out_bad_data;
+ memcpy(*parm + parm_disp, base + parm_offset, parm_count);
+ memcpy(*data + data_disp, base + data_offset, data_count);
+
+@@ -610,8 +620,11 @@
+ * Check whether we've received all of the data. Note that
+ * we use the packet totals -- total lengths might shrink!
+ */
+- if (data_len >= data_tot && parm_len >= parm_tot)
++ if (data_len >= data_tot && parm_len >= parm_tot) {
++ data_len = data_tot;
++ parm_len = parm_tot;
+ break;
++ }
+ }
+
+ /*
+@@ -625,6 +638,9 @@
+ server->packet = rcv_buf;
+ rcv_buf = inbuf;
+ } else {
++ if (parm_len + data_len > buf_len)
++ goto out_data_grew;
++
+ PARANOIA("copying data, old size=%d, new size=%u\n",
+ server->packet_size, buf_len);
+ memcpy(inbuf, rcv_buf, parm_len + data_len);
diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources-2.4.27-smbfs.patch b/sys-kernel/openmosix-sources/files/openmosix-sources-2.4.27-smbfs.patch
new file mode 100644
index 000000000000..63c5ba30403f
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/openmosix-sources-2.4.27-smbfs.patch
@@ -0,0 +1,97 @@
+diff -ur linux-2.4.27/fs/smbfs/proc.c linux-2.4.28/fs/smbfs/proc.c
+--- linux-2.4.27/fs/smbfs/proc.c 2004-11-12 19:32:24.000000000 +0000
++++ linux-2.4.28/fs/smbfs/proc.c 2004-11-19 20:18:27.000000000 +0000
+@@ -1289,10 +1289,12 @@
+ data_len = WVAL(buf, 1);
+
+ /* we can NOT simply trust the data_len given by the server ... */
+- if (data_len > server->packet_size - (buf+3 - server->packet)) {
+- printk(KERN_ERR "smb_proc_read: invalid data length!! "
+- "%d > %d - (%p - %p)\n",
+- data_len, server->packet_size, buf+3, server->packet);
++ if (data_len > count ||
++ (buf+3 - server->packet) + data_len > server->packet_size) {
++ printk(KERN_ERR "smb_proc_read: invalid data length/offset!! "
++ "%d > %d || (%p - %p) + %d > %d\n",
++ data_len, count,
++ buf+3, server->packet, data_len, server->packet_size);
+ result = -EIO;
+ goto out;
+ }
+@@ -1378,10 +1380,12 @@
+ buf = smb_base(server->packet) + data_off;
+
+ /* we can NOT simply trust the info given by the server ... */
+- if (data_len > server->packet_size - (buf - server->packet)) {
+- printk(KERN_ERR "smb_proc_read: invalid data length!! "
+- "%d > %d - (%p - %p)\n",
+- data_len, server->packet_size, buf, server->packet);
++ if (data_len > count ||
++ (buf - server->packet) + data_len > server->packet_size) {
++ printk(KERN_ERR "smb_proc_readX: invalid data length/offset!! "
++ "%d > %d || (%p - %p) + %d > %d\n",
++ data_len, count,
++ buf, server->packet, data_len, server->packet_size);
+ result = -EIO;
+ goto out;
+ }
+diff -ur linux-2.4.27/fs/smbfs/sock.c linux-2.4.28/fs/smbfs/sock.c
+--- linux-2.4.27/fs/smbfs/sock.c 2004-11-12 19:32:24.000000000 +0000
++++ linux-2.4.28/fs/smbfs/sock.c 2004-11-19 20:18:27.000000000 +0000
+@@ -571,7 +571,11 @@
+ parm_disp, parm_offset, parm_count,
+ data_disp, data_offset, data_count);
+ *parm = base + parm_offset;
++ if (*parm - inbuf + parm_tot > server->packet_size)
++ goto out_bad_parm;
+ *data = base + data_offset;
++ if (*data - inbuf + data_tot > server->packet_size)
++ goto out_bad_data;
+ goto success;
+ }
+
+@@ -591,6 +595,8 @@
+ rcv_buf = smb_vmalloc(buf_len);
+ if (!rcv_buf)
+ goto out_no_mem;
++ memset(rcv_buf, 0, buf_len);
++
+ *parm = rcv_buf;
+ *data = rcv_buf + total_p;
+ } else if (data_tot > total_d || parm_tot > total_p)
+@@ -598,8 +604,12 @@
+
+ if (parm_disp + parm_count > total_p)
+ goto out_bad_parm;
++ if (parm_offset + parm_count > server->packet_size)
++ goto out_bad_parm;
+ if (data_disp + data_count > total_d)
+ goto out_bad_data;
++ if (data_offset + data_count > server->packet_size)
++ goto out_bad_data;
+ memcpy(*parm + parm_disp, base + parm_offset, parm_count);
+ memcpy(*data + data_disp, base + data_offset, data_count);
+
+@@ -610,8 +620,11 @@
+ * Check whether we've received all of the data. Note that
+ * we use the packet totals -- total lengths might shrink!
+ */
+- if (data_len >= data_tot && parm_len >= parm_tot)
++ if (data_len >= data_tot && parm_len >= parm_tot) {
++ data_len = data_tot;
++ parm_len = parm_tot;
+ break;
++ }
+ }
+
+ /*
+@@ -625,6 +638,9 @@
+ server->packet = rcv_buf;
+ rcv_buf = inbuf;
+ } else {
++ if (parm_len + data_len > buf_len)
++ goto out_data_grew;
++
+ PARANOIA("copying data, old size=%d, new size=%u\n",
+ server->packet_size, buf_len);
+ memcpy(inbuf, rcv_buf, parm_len + data_len);
diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources-af_unix.patch b/sys-kernel/openmosix-sources/files/openmosix-sources-af_unix.patch
new file mode 100644
index 000000000000..6ced78404a2d
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/openmosix-sources-af_unix.patch
@@ -0,0 +1,24 @@
+--- linux-2.4.27/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00
++++ linux-2.4.28/net/unix/af_unix.c 2004-11-24 08:23:21 -08:00
+@@ -1403,9 +1403,11 @@
+
+ msg->msg_namelen = 0;
+
++ down(&sk->protinfo.af_unix.readsem);
++
+ skb = skb_recv_datagram(sk, flags, noblock, &err);
+ if (!skb)
+- goto out;
++ goto out_unlock;
+
+ wake_up_interruptible(&sk->protinfo.af_unix.peer_wait);
+
+@@ -1449,6 +1451,8 @@
+
+ out_free:
+ skb_free_datagram(sk,skb);
++out_unlock:
++ up(&sk->protinfo.af_unix.readsem);
+ out:
+ return err;
+ }
diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources-binfmt_elf.patch b/sys-kernel/openmosix-sources/files/openmosix-sources-binfmt_elf.patch
new file mode 100644
index 000000000000..9f4f44ee78f5
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/openmosix-sources-binfmt_elf.patch
@@ -0,0 +1,85 @@
+diff -ur linux-2.4.27/fs/binfmt_elf.c linux-2.4.27.plasmaroo/fs/binfmt_elf.c
+--- linux-2.4.27/fs/binfmt_elf.c 2004-04-14 14:05:40.000000000 +0100
++++ linux-2.4.27.plasmaroo/fs/binfmt_elf.c 2004-11-19 21:30:26.745410824 +0000
+@@ -299,9 +299,12 @@
+ goto out;
+
+ retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size);
+- error = retval;
+- if (retval < 0)
++ error = -EIO;
++ if (retval != size) {
++ if (retval < 0)
++ error = retval;
+ goto out_close;
++ }
+
+ eppnt = elf_phdata;
+ for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) {
+@@ -475,8 +478,11 @@
+ goto out;
+
+ retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size);
+- if (retval < 0)
++ if (retval != size) {
++ if (retval >= 0)
++ retval = -EIO;
+ goto out_free_ph;
++ }
+
+ files = current->files; /* Refcounted so ok */
+ retval = unshare_files();
+@@ -513,7 +519,8 @@
+ */
+
+ retval = -ENOMEM;
+- if (elf_ppnt->p_filesz > PATH_MAX)
++ if (elf_ppnt->p_filesz > PATH_MAX ||
++ elf_ppnt->p_filesz == 0)
+ goto out_free_file;
+ elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz,
+ GFP_KERNEL);
+@@ -523,8 +530,16 @@
+ retval = kernel_read(bprm->file, elf_ppnt->p_offset,
+ elf_interpreter,
+ elf_ppnt->p_filesz);
+- if (retval < 0)
++ if (retval != elf_ppnt->p_filesz) {
++ if (retval >= 0)
++ retval = -EIO;
++ goto out_free_interp;
++ }
++ /* make sure path is NULL terminated */
++ retval = -EINVAL;
++ if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
+ goto out_free_interp;
++
+ /* If the program interpreter is one of these two,
+ * then assume an iBCS2 image. Otherwise assume
+ * a native linux image.
+@@ -543,8 +558,11 @@
+ if (IS_ERR(interpreter))
+ goto out_free_interp;
+ retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE);
+- if (retval < 0)
++ if (retval != BINPRM_BUF_SIZE) {
++ if (retval >= 0)
++ retval = -EIO;
+ goto out_free_dentry;
++ }
+
+ /* Get the exec headers */
+ interp_ex = *((struct exec *) bprm->buf);
+@@ -682,8 +700,10 @@
+ }
+
+ error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags);
+- if (BAD_ADDR(error))
+- continue;
++ if (BAD_ADDR(error)) {
++ send_sig(SIGKILL, current, 0);
++ goto out_free_dentry;
++ }
+
+ if (!load_addr_set) {
+ load_addr_set = 1;
diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2003-0985.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2003-0985.patch
new file mode 100644
index 000000000000..dacf6ed810f9
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2003-0985.patch
@@ -0,0 +1,13 @@
+--- linux/mm/mremap.c.orig 2004-01-05 17:01:21.382104120 +0000
++++ linux/mm/mremap.c 2004-01-05 17:15:25.689749848 +0000
+@@ -315,6 +315,10 @@
+ old_len = PAGE_ALIGN(old_len);
+ new_len = PAGE_ALIGN(new_len);
+
++ /* Don't allow the degenerate cases */
++ if (!old_len || !new_len)
++ goto out;
++
+ /* new_addr is only valid if MREMAP_FIXED is specified */
+ if (flags & MREMAP_FIXED) {
+ if (new_addr & ~PAGE_MASK)
diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0001.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0001.patch
new file mode 100644
index 000000000000..bb51f9aa9a62
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0001.patch
@@ -0,0 +1,29 @@
+diff -u linux/arch/x86_64/ia32/ptrace32.c-PTRACE linux/arch/x86_64/ia32/ptrace32.c
+--- linux/arch/x86_64/ia32/ptrace32.c-PTRACE 2003-06-16 13:03:58.000000000 +0200
++++ linux/arch/x86_64/ia32/ptrace32.c 2004-01-07 18:04:43.000000000 +0100
+@@ -25,6 +25,10 @@
+ #include <asm/fpu32.h>
+ #include <linux/mm.h>
+
++/* determines which flags the user has access to. */
++/* 1 = access 0 = no access */
++#define FLAG_MASK 0x44dd5UL
++
+ #define R32(l,q) \
+ case offsetof(struct user32, regs.l): stack[offsetof(struct pt_regs, q)/8] = val; break
+
+@@ -69,9 +73,12 @@
+ R32(eip, rip);
+ R32(esp, rsp);
+
+- case offsetof(struct user32, regs.eflags):
+- stack[offsetof(struct pt_regs, eflags)/8] = val & 0x44dd5;
++ case offsetof(struct user32, regs.eflags): {
++ __u64 *flags = &stack[offsetof(struct pt_regs, eflags)/8];
++ val &= FLAG_MASK;
++ *flags = val | (*flags & ~FLAG_MASK);
+ break;
++ }
+
+ case offsetof(struct user32, u_debugreg[4]):
+ case offsetof(struct user32, u_debugreg[5]):
diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0010.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0010.patch
new file mode 100644
index 000000000000..6b4b1cefa49e
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0010.patch
@@ -0,0 +1,200 @@
+diff -urN linux-2.4.25-pre6/fs/ncpfs/dir.c linux-2.4.25-pre7/fs/ncpfs/dir.c
+--- linux-2.4.25-pre6/fs/ncpfs/dir.c 2002-11-28 15:53:15.000000000 -0800
++++ linux-2.4.25-pre7/fs/ncpfs/dir.c 2004-01-23 10:53:26.000000000 -0800
+@@ -266,8 +266,8 @@
+ struct ncp_server *server;
+ struct inode *dir = dentry->d_parent->d_inode;
+ struct ncp_entry_info finfo;
+- int res, val = 0, len = dentry->d_name.len + 1;
+- __u8 __name[len];
++ int res, val = 0, len;
++ __u8 __name[NCP_MAXPATHLEN + 1];
+
+ if (!dentry->d_inode || !dir)
+ goto finished;
+@@ -291,14 +291,15 @@
+ dentry->d_parent->d_name.name, dentry->d_name.name,
+ NCP_GET_AGE(dentry));
+
++ len = sizeof(__name);
+ if (ncp_is_server_root(dir)) {
+ res = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+- len-1, 1);
++ dentry->d_name.len, 1);
+ if (!res)
+ res = ncp_lookup_volume(server, __name, &(finfo.i));
+ } else {
+ res = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+- len-1, !ncp_preserve_case(dir));
++ dentry->d_name.len, !ncp_preserve_case(dir));
+ if (!res)
+ res = ncp_obtain_info(server, dir, __name, &(finfo.i));
+ }
+@@ -548,9 +549,9 @@
+ int valid = 0;
+ int hashed = 0;
+ ino_t ino = 0;
+- __u8 __name[256];
++ __u8 __name[NCP_MAXPATHLEN + 1];
+
+- qname.len = 256;
++ qname.len = sizeof(__name);
+ if (ncp_vol2io(NCP_SERVER(inode), __name, &qname.len,
+ entry->i.entryName, entry->i.nameLen,
+ !ncp_preserve_entry_case(inode, entry->i.NSCreator)))
+@@ -705,16 +706,19 @@
+ {
+ struct ncp_server* server = NCP_SBP(sb);
+ struct nw_info_struct i;
+- int result, len = strlen(server->m.mounted_vol) + 1;
+- __u8 __name[len];
++ int result;
+
+ if (ncp_single_volume(server)) {
++ int len;
+ struct dentry* dent;
++ __u8 __name[NCP_MAXPATHLEN + 1];
+
+- result = -ENOENT;
+- if (ncp_io2vol(server, __name, &len, server->m.mounted_vol,
+- len-1, 1))
++ len = sizeof(__name);
++ result = ncp_io2vol(server, __name, &len, server->m.mounted_vol,
++ strlen(server->m.mounted_vol), 1);
++ if (result)
+ goto out;
++ result = -ENOENT;
+ if (ncp_lookup_volume(server, __name, &i)) {
+ PPRINTK("ncp_conn_logged_in: %s not found\n",
+ server->m.mounted_vol);
+@@ -745,8 +749,8 @@
+ struct ncp_server *server = NCP_SERVER(dir);
+ struct inode *inode = NULL;
+ struct ncp_entry_info finfo;
+- int error, res, len = dentry->d_name.len + 1;
+- __u8 __name[len];
++ int error, res, len;
++ __u8 __name[NCP_MAXPATHLEN + 1];
+
+ error = -EIO;
+ if (!ncp_conn_valid(server))
+@@ -755,14 +759,15 @@
+ PPRINTK("ncp_lookup: server lookup for %s/%s\n",
+ dentry->d_parent->d_name.name, dentry->d_name.name);
+
++ len = sizeof(__name);
+ if (ncp_is_server_root(dir)) {
+ res = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+- len-1, 1);
++ dentry->d_name.len, 1);
+ if (!res)
+ res = ncp_lookup_volume(server, __name, &(finfo.i));
+ } else {
+ res = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+- len-1, !ncp_preserve_case(dir));
++ dentry->d_name.len, !ncp_preserve_case(dir));
+ if (!res)
+ res = ncp_obtain_info(server, dir, __name, &(finfo.i));
+ }
+@@ -825,9 +830,9 @@
+ {
+ struct ncp_server *server = NCP_SERVER(dir);
+ struct ncp_entry_info finfo;
+- int error, result, len = dentry->d_name.len + 1;
++ int error, result, len;
+ int opmode;
+- __u8 __name[len];
++ __u8 __name[NCP_MAXPATHLEN + 1];
+
+ PPRINTK("ncp_create_new: creating %s/%s, mode=%x\n",
+ dentry->d_parent->d_name.name, dentry->d_name.name, mode);
+@@ -836,8 +841,9 @@
+ goto out;
+
+ ncp_age_dentry(server, dentry);
++ len = sizeof(__name);
+ error = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+- len-1, !ncp_preserve_case(dir));
++ dentry->d_name.len, !ncp_preserve_case(dir));
+ if (error)
+ goto out;
+
+@@ -880,8 +886,8 @@
+ {
+ struct ncp_entry_info finfo;
+ struct ncp_server *server = NCP_SERVER(dir);
+- int error, len = dentry->d_name.len + 1;
+- __u8 __name[len];
++ int error, len;
++ __u8 __name[NCP_MAXPATHLEN + 1];
+
+ DPRINTK("ncp_mkdir: making %s/%s\n",
+ dentry->d_parent->d_name.name, dentry->d_name.name);
+@@ -890,8 +896,9 @@
+ goto out;
+
+ ncp_age_dentry(server, dentry);
++ len = sizeof(__name);
+ error = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+- len-1, !ncp_preserve_case(dir));
++ dentry->d_name.len, !ncp_preserve_case(dir));
+ if (error)
+ goto out;
+
+@@ -909,8 +916,8 @@
+ static int ncp_rmdir(struct inode *dir, struct dentry *dentry)
+ {
+ struct ncp_server *server = NCP_SERVER(dir);
+- int error, result, len = dentry->d_name.len + 1;
+- __u8 __name[len];
++ int error, result, len;
++ __u8 __name[NCP_MAXPATHLEN + 1];
+
+ DPRINTK("ncp_rmdir: removing %s/%s\n",
+ dentry->d_parent->d_name.name, dentry->d_name.name);
+@@ -923,8 +930,9 @@
+ if (!d_unhashed(dentry))
+ goto out;
+
++ len = sizeof(__name);
+ error = ncp_io2vol(server, __name, &len, dentry->d_name.name,
+- len-1, !ncp_preserve_case(dir));
++ dentry->d_name.len, !ncp_preserve_case(dir));
+ if (error)
+ goto out;
+
+@@ -1022,9 +1030,8 @@
+ {
+ struct ncp_server *server = NCP_SERVER(old_dir);
+ int error;
+- int old_len = old_dentry->d_name.len + 1;
+- int new_len = new_dentry->d_name.len + 1;
+- __u8 __old_name[old_len], __new_name[new_len];
++ int old_len, new_len;
++ __u8 __old_name[NCP_MAXPATHLEN + 1], __new_name[NCP_MAXPATHLEN + 1];
+
+ DPRINTK("ncp_rename: %s/%s to %s/%s\n",
+ old_dentry->d_parent->d_name.name, old_dentry->d_name.name,
+@@ -1037,15 +1044,17 @@
+ ncp_age_dentry(server, old_dentry);
+ ncp_age_dentry(server, new_dentry);
+
++ old_len = sizeof(__old_name);
+ error = ncp_io2vol(server, __old_name, &old_len,
+- old_dentry->d_name.name, old_len-1,
+- !ncp_preserve_case(old_dir));
++ old_dentry->d_name.name, old_dentry->d_name.len,
++ !ncp_preserve_case(old_dir));
+ if (error)
+ goto out;
+
++ new_len = sizeof(__new_name);
+ error = ncp_io2vol(server, __new_name, &new_len,
+- new_dentry->d_name.name, new_len-1,
+- !ncp_preserve_case(new_dir));
++ new_dentry->d_name.name, new_dentry->d_name.len,
++ !ncp_preserve_case(new_dir));
+ if (error)
+ goto out;
+
+
diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0109.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0109.patch
new file mode 100644
index 000000000000..d02b51c57fc6
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0109.patch
@@ -0,0 +1,87 @@
+--- linux/fs/isofs/rock.c.orig
++++ linux/fs/isofs/rock.c
+@@ -14,6 +14,7 @@
+ #include <linux/slab.h>
+ #include <linux/pagemap.h>
+ #include <linux/smp_lock.h>
++#include <asm/page.h>
+
+ #include "rock.h"
+
+@@ -419,7 +420,7 @@
+ return 0;
+ }
+
+-static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr)
++static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit)
+ {
+ int slen;
+ int rootflag;
+@@ -431,16 +432,25 @@
+ rootflag = 0;
+ switch (slp->flags & ~1) {
+ case 0:
++ if (slp->len > plimit - rpnt)
++ return NULL;
+ memcpy(rpnt, slp->text, slp->len);
+ rpnt+=slp->len;
+ break;
++ case 2:
++ if (rpnt >= plimit)
++ return NULL;
++ *rpnt++='.';
++ break;
+ case 4:
++ if (2 > plimit - rpnt)
++ return NULL;
+ *rpnt++='.';
+- /* fallthru */
+- case 2:
+ *rpnt++='.';
+ break;
+ case 8:
++ if (rpnt >= plimit)
++ return NULL;
+ rootflag = 1;
+ *rpnt++='/';
+ break;
+@@ -457,17 +467,23 @@
+ * If there is another SL record, and this component
+ * record isn't continued, then add a slash.
+ */
+- if ((!rootflag) && (rr->u.SL.flags & 1) && !(oldslp->flags & 1))
++ if ((!rootflag) && (rr->u.SL.flags & 1) &&
++ !(oldslp->flags & 1)) {
++ if (rpnt >= plimit)
++ return NULL;
+ *rpnt++='/';
++ }
+ break;
+ }
+
+ /*
+ * If this component record isn't continued, then append a '/'.
+ */
+- if (!rootflag && !(oldslp->flags & 1))
++ if (!rootflag && !(oldslp->flags & 1)) {
++ if (rpnt >= plimit)
++ return NULL;
+ *rpnt++='/';
+-
++ }
+ }
+ return rpnt;
+ }
+@@ -548,7 +564,10 @@
+ CHECK_SP(goto out);
+ break;
+ case SIG('S', 'L'):
+- rpnt = get_symlink_chunk(rpnt, rr);
++ rpnt = get_symlink_chunk(rpnt, rr,
++ link + (PAGE_SIZE - 1));
++ if (rpnt == NULL)
++ goto out;
+ break;
+ case SIG('C', 'E'):
+ /* This tells is if there is a continuation record */
+
diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0177.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0177.patch
new file mode 100644
index 000000000000..da6b7e190685
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0177.patch
@@ -0,0 +1,10 @@
+--- linux-2.4.26-pre3/fs/jbd/journal.c 2004-02-18 05:36:31.000000000 -0800
++++ linux-2.4.26-pre4/fs/jbd/journal.c 2004-03-16 09:59:36.000000000 -0800
+@@ -671,6 +671,7 @@
+
+ bh = getblk(journal->j_dev, blocknr, journal->j_blocksize);
+ lock_buffer(bh);
++ memset(bh->b_data, 0, journal->j_blocksize);
+ BUFFER_TRACE(bh, "return this buffer");
+ return journal_add_journal_head(bh);
+ }
diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0178.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0178.patch
new file mode 100644
index 000000000000..19e57268c2fa
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0178.patch
@@ -0,0 +1,11 @@
+--- linux-2.4.26-pre2/drivers/sound/sb_audio.c 2002-02-25 11:38:06.000000000 -0800
++++ linux-2.4.26-pre3/drivers/sound/sb_audio.c 2004-03-13 07:43:23.000000000 -0800
+@@ -879,7 +879,7 @@
+ c -= locallen; p += locallen;
+ }
+ /* used = ( samples * 16 bits size ) */
+- *used = len << 1;
++ *used = max_in > ( max_out << 1) ? (max_out << 1) : max_in;
+ /* returned = ( samples * 8 bits size ) */
+ *returned = len;
+ }
diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0181.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0181.patch
new file mode 100644
index 000000000000..5f7f1441b268
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0181.patch
@@ -0,0 +1,38 @@
+--- linux-2.4.22/fs/jfs/jfs_logmgr.c.jfs-sec 2004-03-23 12:30:35.000000000 -0700
++++ linux-2.4.22/fs/jfs/jfs_logmgr.c 2004-03-23 13:01:51.000000000 -0700
+@@ -1693,7 +1693,7 @@
+ if (lbuf == 0)
+ goto error;
+ lbuf->l_bh.b_data = lbuf->l_ldata =
+- (char *) __get_free_page(GFP_KERNEL);
++ (char *) get_zeroed_page(GFP_KERNEL);
+ if (lbuf->l_ldata == 0) {
+ kfree(lbuf);
+ goto error;
+--- linux-2.4.22/fs/jfs/jfs_metapage.c.jfs-sec 2004-03-23 12:30:48.000000000 -0700
++++ linux-2.4.22/fs/jfs/jfs_metapage.c 2004-03-23 13:01:51.000000000 -0700
+@@ -375,6 +375,10 @@
+ }
+ mp->data = kmap(mp->page) + page_offset;
+ }
++
++ if (new)
++ memset(mp->data, 0, PSIZE);
++
+ jfs_info("__get_metapage: returning = 0x%p", mp);
+ return mp;
+
+--- linux-2.4.22/fs/jfs/super.c.jfs-sec 2004-03-23 12:31:10.000000000 -0700
++++ linux-2.4.22/fs/jfs/super.c 2004-03-23 13:01:51.000000000 -0700
+@@ -423,10 +423,10 @@
+
+ if ((flags & (SLAB_CTOR_VERIFY | SLAB_CTOR_CONSTRUCTOR)) ==
+ SLAB_CTOR_CONSTRUCTOR) {
++ memset(jfs_ip, 0, sizeof(struct jfs_inode_info));
+ INIT_LIST_HEAD(&jfs_ip->anon_inode_list);
+ init_rwsem(&jfs_ip->rdwrlock);
+ init_MUTEX(&jfs_ip->commit_sem);
+- jfs_ip->atlhead = 0;
+ jfs_ip->active_ag = -1;
+ }
+ }
diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0495.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0495.patch
new file mode 100644
index 000000000000..bea80eac69a9
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0495.patch
@@ -0,0 +1,655 @@
+--- linux/net/decnet/dn_dev.c.bak Wed Jun 16 14:42:24 2004
++++ linux/net/decnet/dn_dev.c Wed Jun 16 14:42:34 2004
+@@ -1070,31 +1070,39 @@ int dnet_gifconf(struct net_device *dev,
+ {
+ struct dn_dev *dn_db = (struct dn_dev *)dev->dn_ptr;
+ struct dn_ifaddr *ifa;
+- struct ifreq *ifr = (struct ifreq *)buf;
++ char buffer[DN_IFREQ_SIZE];
++ struct ifreq *ifr = (struct ifreq *)buffer;
++ struct sockaddr_dn *addr = (struct sockaddr_dn *)&ifr->ifr_addr;
+ int done = 0;
+
+ if ((dn_db == NULL) || ((ifa = dn_db->ifa_list) == NULL))
+ return 0;
+
+ for(; ifa; ifa = ifa->ifa_next) {
+- if (!ifr) {
++ if (!buf) {
+ done += sizeof(DN_IFREQ_SIZE);
+ continue;
+ }
+ if (len < DN_IFREQ_SIZE)
+ return done;
+- memset(ifr, 0, DN_IFREQ_SIZE);
++ memset(buffer, 0, DN_IFREQ_SIZE);
+
+ if (ifa->ifa_label)
+ strcpy(ifr->ifr_name, ifa->ifa_label);
+ else
+ strcpy(ifr->ifr_name, dev->name);
+
+- (*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_family = AF_DECnet;
+- (*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_add.a_len = 2;
+- (*(dn_address *)(*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_add.a_addr) = ifa->ifa_local;
++ addr->sdn_family = AF_DECnet;
++ addr->sdn_add.a_len = 2;
++ memcpy(addr->sdn_add.a_addr, &ifa->ifa_local,
++ sizeof(dn_address));
+
+- ifr = (struct ifreq *)((char *)ifr + DN_IFREQ_SIZE);
++ if (copy_to_user(buf, buffer, DN_IFREQ_SIZE)) {
++ done = -EFAULT;
++ break;
++ }
++
++ buf += DN_IFREQ_SIZE;
+ len -= DN_IFREQ_SIZE;
+ done += DN_IFREQ_SIZE;
+ }
+--- linux-2.4.21/drivers/net/wireless/airo.c 2003-06-13 15:51:35.000000000 +0100
++++ linux-2.4.21/drivers/net/wireless/airo.c.plasmaroo 2004-06-24 11:09:08.260352168 +0100
+@@ -3012,19 +3012,22 @@
+ size_t len,
+ loff_t *offset )
+ {
+- int i;
+- int pos;
++ loff_t pos = *offset;
+ struct proc_data *priv = (struct proc_data*)file->private_data;
+
+- if( !priv->rbuffer ) return -EINVAL;
++ if (!priv->rbuffer)
++ return -EINVAL;
+
+- pos = *offset;
+- for( i = 0; i+pos < priv->readlen && i < len; i++ ) {
+- if (put_user( priv->rbuffer[i+pos], buffer+i ))
+- return -EFAULT;
+- }
+- *offset += i;
+- return i;
++ if (pos < 0)
++ return -EINVAL;
++ if (pos >= priv->readlen)
++ return 0;
++ if (len > priv->readlen - pos)
++ len = priv->readlen - pos;
++ if (copy_to_user(buffer, priv->rbuffer + pos, len))
++ return -EFAULT;
++ *offset = pos + len;
++ return len;
+ }
+
+ /*
+@@ -3036,24 +3039,24 @@
+ size_t len,
+ loff_t *offset )
+ {
+- int i;
+- int pos;
++ loff_t pos = *offset;
+ struct proc_data *priv = (struct proc_data*)file->private_data;
+
+- if ( !priv->wbuffer ) {
++ if (!priv->wbuffer)
+ return -EINVAL;
+- }
+-
+- pos = *offset;
+
+- for( i = 0; i + pos < priv->maxwritelen &&
+- i < len; i++ ) {
+- if (get_user( priv->wbuffer[i+pos], buffer + i ))
+- return -EFAULT;
+- }
+- if ( i+pos > priv->writelen ) priv->writelen = i+file->f_pos;
+- *offset += i;
+- return i;
++ if (pos < 0)
++ return -EINVAL;
++ if (pos >= priv->maxwritelen)
++ return 0;
++ if (len > priv->maxwritelen - pos)
++ len = priv->maxwritelen - pos;
++ if (copy_from_user(priv->wbuffer + pos, buffer, len))
++ return -EFAULT;
++ if (pos + len > priv->writelen)
++ priv->writelen = pos + len;
++ *offset = pos + len;
++ return len;
+ }
+
+ static int proc_status_open( struct inode *inode, struct file *file ) {
+--- linux/drivers/sound/mpu401.c.bak Wed Jun 16 14:42:24 2004
++++ linux/drivers/sound/mpu401.c Wed Jun 16 14:42:34 2004
+@@ -1493,14 +1493,16 @@ static unsigned long mpu_timer_get_time(
+ static int mpu_timer_ioctl(int dev, unsigned int command, caddr_t arg)
+ {
+ int midi_dev = sound_timer_devs[dev]->devlink;
++ int *p = (int *)arg;
+
+ switch (command)
+ {
+ case SNDCTL_TMR_SOURCE:
+ {
+ int parm;
+-
+- parm = *(int *) arg;
++
++ if (get_user(parm, p))
++ return -EFAULT;
+ parm &= timer_caps;
+
+ if (parm != 0)
+@@ -1512,7 +1514,9 @@ static int mpu_timer_ioctl(int dev, unsi
+ else if (timer_mode & TMR_MODE_SMPTE)
+ mpu_cmd(midi_dev, 0x3d, 0); /* Use SMPTE sync */
+ }
+- return (*(int *) arg = timer_mode);
++ if (put_user(timer_mode, p))
++ return -EFAULT;
++ return timer_mode;
+ }
+ break;
+
+@@ -1537,10 +1541,13 @@ static int mpu_timer_ioctl(int dev, unsi
+ {
+ int val;
+
+- val = *(int *) arg;
++ if (get_user(val, p))
++ return -EFAULT;
+ if (val)
+ set_timebase(midi_dev, val);
+- return (*(int *) arg = curr_timebase);
++ if (put_user(curr_timebase, p))
++ return -EFAULT;
++ return curr_timebase;
+ }
+ break;
+
+@@ -1549,7 +1556,8 @@ static int mpu_timer_ioctl(int dev, unsi
+ int val;
+ int ret;
+
+- val = *(int *) arg;
++ if (get_user(val, p))
++ return -EFAULT;
+
+ if (val)
+ {
+@@ -1564,7 +1572,9 @@ static int mpu_timer_ioctl(int dev, unsi
+ }
+ curr_tempo = val;
+ }
+- return (*(int *) arg = curr_tempo);
++ if (put_user(curr_tempo, p))
++ return -EFAULT;
++ return curr_tempo;
+ }
+ break;
+
+@@ -1572,18 +1582,25 @@ static int mpu_timer_ioctl(int dev, unsi
+ {
+ int val;
+
+- val = *(int *) arg;
++ if (get_user(val, p))
++ return -EFAULT;
+ if (val != 0) /* Can't change */
+ return -EINVAL;
+- return (*(int *) arg = ((curr_tempo * curr_timebase) + 30) / 60);
++ val = (curr_tempo * curr_timebase + 30) / 60;
++ if (put_user(val, p))
++ return -EFAULT;
++ return val;
+ }
+ break;
+
+ case SNDCTL_SEQ_GETTIME:
+- return (*(int *) arg = curr_ticks);
++ if (put_user(curr_ticks, p))
++ return -EFAULT;
++ return curr_ticks;
+
+ case SNDCTL_TMR_METRONOME:
+- metronome_mode = *(int *) arg;
++ if (get_user(metronome_mode, p))
++ return -EFAULT;
+ setup_metronome(midi_dev);
+ return 0;
+
+--- linux/drivers/sound/msnd.c.bak Wed Jun 16 14:42:24 2004
++++ linux/drivers/sound/msnd.c Wed Jun 16 14:42:34 2004
+@@ -155,13 +155,10 @@ void msnd_fifo_make_empty(msnd_fifo *f)
+ f->len = f->tail = f->head = 0;
+ }
+
+-int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len, int user)
++int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len)
+ {
+ int count = 0;
+
+- if (f->len == f->n)
+- return 0;
+-
+ while ((count < len) && (f->len != f->n)) {
+
+ int nwritten;
+@@ -177,11 +174,7 @@ int msnd_fifo_write(msnd_fifo *f, const
+ nwritten = len - count;
+ }
+
+- if (user) {
+- if (copy_from_user(f->data + f->tail, buf, nwritten))
+- return -EFAULT;
+- } else
+- isa_memcpy_fromio(f->data + f->tail, (unsigned long) buf, nwritten);
++ isa_memcpy_fromio(f->data + f->tail, (unsigned long) buf, nwritten);
+
+ count += nwritten;
+ buf += nwritten;
+@@ -193,13 +186,10 @@ int msnd_fifo_write(msnd_fifo *f, const
+ return count;
+ }
+
+-int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len, int user)
++int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len)
+ {
+ int count = 0;
+
+- if (f->len == 0)
+- return f->len;
+-
+ while ((count < len) && (f->len > 0)) {
+
+ int nread;
+@@ -215,11 +205,7 @@ int msnd_fifo_read(msnd_fifo *f, char *b
+ nread = len - count;
+ }
+
+- if (user) {
+- if (copy_to_user(buf, f->data + f->head, nread))
+- return -EFAULT;
+- } else
+- isa_memcpy_toio((unsigned long) buf, f->data + f->head, nread);
++ isa_memcpy_toio((unsigned long) buf, f->data + f->head, nread);
+
+ count += nread;
+ buf += nread;
+--- linux/drivers/sound/msnd.h.bak Wed Jun 16 14:42:24 2004
++++ linux/drivers/sound/msnd.h Wed Jun 16 14:42:34 2004
+@@ -266,8 +266,8 @@ void msnd_fifo_init(msnd_fifo *f);
+ void msnd_fifo_free(msnd_fifo *f);
+ int msnd_fifo_alloc(msnd_fifo *f, size_t n);
+ void msnd_fifo_make_empty(msnd_fifo *f);
+-int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len, int user);
+-int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len, int user);
++int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len);
++int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len);
+
+ int msnd_wait_TXDE(multisound_dev_t *dev);
+ int msnd_wait_HC0(multisound_dev_t *dev);
+--- linux/drivers/sound/msnd_pinnacle.c.bak Wed Jun 16 14:42:24 2004
++++ linux/drivers/sound/msnd_pinnacle.c Wed Jun 16 14:42:34 2004
+@@ -804,7 +804,7 @@ static int dev_release(struct inode *ino
+
+ static __inline__ int pack_DARQ_to_DARF(register int bank)
+ {
+- register int size, n, timeout = 3;
++ register int size, timeout = 3;
+ register WORD wTmp;
+ LPDAQD DAQD;
+
+@@ -825,13 +825,10 @@ static __inline__ int pack_DARQ_to_DARF(
+ /* Read data from the head (unprotected bank 1 access okay
+ since this is only called inside an interrupt) */
+ outb(HPBLKSEL_1, dev.io + HP_BLKS);
+- if ((n = msnd_fifo_write(
++ msnd_fifo_write(
+ &dev.DARF,
+ (char *)(dev.base + bank * DAR_BUFF_SIZE),
+- size, 0)) <= 0) {
+- outb(HPBLKSEL_0, dev.io + HP_BLKS);
+- return n;
+- }
++ size);
+ outb(HPBLKSEL_0, dev.io + HP_BLKS);
+
+ return 1;
+@@ -853,21 +850,16 @@ static __inline__ int pack_DAPF_to_DAPQ(
+ if (protect) {
+ /* Critical section: protect fifo in non-interrupt */
+ spin_lock_irqsave(&dev.lock, flags);
+- if ((n = msnd_fifo_read(
++ n = msnd_fifo_read(
+ &dev.DAPF,
+ (char *)(dev.base + bank_num * DAP_BUFF_SIZE),
+- DAP_BUFF_SIZE, 0)) < 0) {
+- spin_unlock_irqrestore(&dev.lock, flags);
+- return n;
+- }
++ DAP_BUFF_SIZE);
+ spin_unlock_irqrestore(&dev.lock, flags);
+ } else {
+- if ((n = msnd_fifo_read(
++ n = msnd_fifo_read(
+ &dev.DAPF,
+ (char *)(dev.base + bank_num * DAP_BUFF_SIZE),
+- DAP_BUFF_SIZE, 0)) < 0) {
+- return n;
+- }
++ DAP_BUFF_SIZE);
+ }
+ if (!n)
+ break;
+@@ -894,30 +886,43 @@ static __inline__ int pack_DAPF_to_DAPQ(
+ static int dsp_read(char *buf, size_t len)
+ {
+ int count = len;
++ char *page = (char *)__get_free_page(PAGE_SIZE);
++
++ if (!page)
++ return -ENOMEM;
+
+ while (count > 0) {
+- int n;
++ int n, k;
+ unsigned long flags;
+
++ k = PAGE_SIZE;
++ if (k > count)
++ k = count;
++
+ /* Critical section: protect fifo in non-interrupt */
+ spin_lock_irqsave(&dev.lock, flags);
+- if ((n = msnd_fifo_read(&dev.DARF, buf, count, 1)) < 0) {
+- printk(KERN_WARNING LOGNAME ": FIFO read error\n");
+- spin_unlock_irqrestore(&dev.lock, flags);
+- return n;
+- }
++ n = msnd_fifo_read(&dev.DARF, page, k);
+ spin_unlock_irqrestore(&dev.lock, flags);
++ if (copy_to_user(buf, page, n)) {
++ free_page((unsigned long)page);
++ return -EFAULT;
++ }
+ buf += n;
+ count -= n;
+
++ if (n == k && count)
++ continue;
++
+ if (!test_bit(F_READING, &dev.flags) && dev.mode & FMODE_READ) {
+ dev.last_recbank = -1;
+ if (chk_send_dsp_cmd(&dev, HDEX_RECORD_START) == 0)
+ set_bit(F_READING, &dev.flags);
+ }
+
+- if (dev.rec_ndelay)
++ if (dev.rec_ndelay) {
++ free_page((unsigned long)page);
+ return count == len ? -EAGAIN : len - count;
++ }
+
+ if (count > 0) {
+ set_bit(F_READBLOCK, &dev.flags);
+@@ -926,41 +931,57 @@ static int dsp_read(char *buf, size_t le
+ get_rec_delay_jiffies(DAR_BUFF_SIZE)))
+ clear_bit(F_READING, &dev.flags);
+ clear_bit(F_READBLOCK, &dev.flags);
+- if (signal_pending(current))
++ if (signal_pending(current)) {
++ free_page((unsigned long)page);
+ return -EINTR;
++ }
+ }
+ }
+-
++ free_page((unsigned long)page);
+ return len - count;
+ }
+
+ static int dsp_write(const char *buf, size_t len)
+ {
+ int count = len;
++ char *page = (char *)__get_free_page(GFP_KERNEL);
++
++ if (!page)
++ return -ENOMEM;
+
+ while (count > 0) {
+- int n;
++ int n, k;
+ unsigned long flags;
+
++ k = PAGE_SIZE;
++ if (k > count)
++ k = count;
++
++ if (copy_from_user(page, buf, k)) {
++ free_page((unsigned long)page);
++ return -EFAULT;
++ }
++
+ /* Critical section: protect fifo in non-interrupt */
+ spin_lock_irqsave(&dev.lock, flags);
+- if ((n = msnd_fifo_write(&dev.DAPF, buf, count, 1)) < 0) {
+- printk(KERN_WARNING LOGNAME ": FIFO write error\n");
+- spin_unlock_irqrestore(&dev.lock, flags);
+- return n;
+- }
++ n = msnd_fifo_write(&dev.DAPF, page, k);
+ spin_unlock_irqrestore(&dev.lock, flags);
+ buf += n;
+ count -= n;
+
++ if (count && n == k)
++ continue;
++
+ if (!test_bit(F_WRITING, &dev.flags) && (dev.mode & FMODE_WRITE)) {
+ dev.last_playbank = -1;
+ if (pack_DAPF_to_DAPQ(1) > 0)
+ set_bit(F_WRITING, &dev.flags);
+ }
+
+- if (dev.play_ndelay)
++ if (dev.play_ndelay) {
++ free_page((unsigned long)page);
+ return count == len ? -EAGAIN : len - count;
++ }
+
+ if (count > 0) {
+ set_bit(F_WRITEBLOCK, &dev.flags);
+@@ -968,11 +989,14 @@ static int dsp_write(const char *buf, si
+ &dev.writeblock,
+ get_play_delay_jiffies(DAP_BUFF_SIZE));
+ clear_bit(F_WRITEBLOCK, &dev.flags);
+- if (signal_pending(current))
++ if (signal_pending(current)) {
++ free_page((unsigned long)page);
+ return -EINTR;
++ }
+ }
+ }
+
++ free_page((unsigned long)page);
+ return len - count;
+ }
+
+--- linux/drivers/sound/pss.c.bak Wed Jun 16 14:42:24 2004
++++ linux/drivers/sound/pss.c Wed Jun 16 14:42:34 2004
+@@ -450,20 +450,36 @@ static void pss_mixer_reset(pss_confdata
+ }
+ }
+
+-static void arg_to_volume_mono(unsigned int volume, int *aleft)
++static int set_volume_mono(caddr_t p, int *aleft)
+ {
+ int left;
++ unsigned volume;
++ if (get_user(volume, (unsigned *)p))
++ return -EFAULT;
+
+- left = volume & 0x00ff;
++ left = volume & 0xff;
+ if (left > 100)
+ left = 100;
+ *aleft = left;
++ return 0;
+ }
+
+-static void arg_to_volume_stereo(unsigned int volume, int *aleft, int *aright)
++static int set_volume_stereo(caddr_t p, int *aleft, int *aright)
+ {
+- arg_to_volume_mono(volume, aleft);
+- arg_to_volume_mono(volume >> 8, aright);
++ int left, right;
++ unsigned volume;
++ if (get_user(volume, (unsigned *)p))
++ return -EFAULT;
++
++ left = volume & 0xff;
++ if (left > 100)
++ left = 100;
++ right = (volume >> 8) & 0xff;
++ if (right > 100)
++ right = 100;
++ *aleft = left;
++ *aright = right;
++ return 0;
+ }
+
+ static int ret_vol_mono(int left)
+@@ -510,33 +526,38 @@ static int pss_mixer_ioctl (int dev, uns
+ return call_ad_mixer(devc, cmd, arg);
+ else
+ {
+- if (*(int *)arg != 0)
++ int v;
++ if (get_user(v, (int *)arg))
++ return -EFAULT;
++ if (v != 0)
+ return -EINVAL;
+ return 0;
+ }
+ case SOUND_MIXER_VOLUME:
+- arg_to_volume_stereo(*(unsigned int *)arg, &devc->mixer.volume_l,
+- &devc->mixer.volume_r);
++ if (set_volume_stereo(arg,
++ &devc->mixer.volume_l,
++ &devc->mixer.volume_r))
++ return -EFAULT;
+ set_master_volume(devc, devc->mixer.volume_l,
+ devc->mixer.volume_r);
+ return ret_vol_stereo(devc->mixer.volume_l,
+ devc->mixer.volume_r);
+
+ case SOUND_MIXER_BASS:
+- arg_to_volume_mono(*(unsigned int *)arg,
+- &devc->mixer.bass);
++ if (set_volume_mono(arg, &devc->mixer.bass))
++ return -EFAULT;
+ set_bass(devc, devc->mixer.bass);
+ return ret_vol_mono(devc->mixer.bass);
+
+ case SOUND_MIXER_TREBLE:
+- arg_to_volume_mono(*(unsigned int *)arg,
+- &devc->mixer.treble);
++ if (set_volume_mono(arg, &devc->mixer.treble))
++ return -EFAULT;
+ set_treble(devc, devc->mixer.treble);
+ return ret_vol_mono(devc->mixer.treble);
+
+ case SOUND_MIXER_SYNTH:
+- arg_to_volume_mono(*(unsigned int *)arg,
+- &devc->mixer.synth);
++ if (set_volume_mono(arg, &devc->mixer.synth))
++ return -EFAULT;
+ set_synth_volume(devc, devc->mixer.synth);
+ return ret_vol_mono(devc->mixer.synth);
+
+@@ -546,54 +567,67 @@ static int pss_mixer_ioctl (int dev, uns
+ }
+ else
+ {
++ int val, and_mask = 0, or_mask = 0;
+ /*
+ * Return parameters
+ */
+ switch (cmdf)
+ {
+-
+ case SOUND_MIXER_DEVMASK:
+ if (call_ad_mixer(devc, cmd, arg) == -EINVAL)
+- *(int *)arg = 0; /* no mixer devices */
+- return (*(int *)arg |= SOUND_MASK_VOLUME | SOUND_MASK_BASS | SOUND_MASK_TREBLE | SOUND_MASK_SYNTH);
++ break;
++ and_mask = ~0;
++ or_mask = SOUND_MASK_VOLUME | SOUND_MASK_BASS | SOUND_MASK_TREBLE | SOUND_MASK_SYNTH;
++ break;
+
+ case SOUND_MIXER_STEREODEVS:
+ if (call_ad_mixer(devc, cmd, arg) == -EINVAL)
+- *(int *)arg = 0; /* no stereo devices */
+- return (*(int *)arg |= SOUND_MASK_VOLUME);
++ break;
++ and_mask = ~0;
++ or_mask = SOUND_MASK_VOLUME;
++ break;
+
+ case SOUND_MIXER_RECMASK:
+ if (devc->ad_mixer_dev != NO_WSS_MIXER)
+ return call_ad_mixer(devc, cmd, arg);
+- else
+- return (*(int *)arg = 0); /* no record devices */
++ break;
+
+ case SOUND_MIXER_CAPS:
+ if (devc->ad_mixer_dev != NO_WSS_MIXER)
+ return call_ad_mixer(devc, cmd, arg);
+- else
+- return (*(int *)arg = SOUND_CAP_EXCL_INPUT);
++ or_mask = SOUND_CAP_EXCL_INPUT;
++ break;
+
+ case SOUND_MIXER_RECSRC:
+ if (devc->ad_mixer_dev != NO_WSS_MIXER)
+ return call_ad_mixer(devc, cmd, arg);
+- else
+- return (*(int *)arg = 0); /* no record source */
++ break;
+
+ case SOUND_MIXER_VOLUME:
+- return (*(int *)arg = ret_vol_stereo(devc->mixer.volume_l, devc->mixer.volume_r));
++ or_mask = ret_vol_stereo(devc->mixer.volume_l, devc->mixer.volume_r);
++ break;
+
+ case SOUND_MIXER_BASS:
+- return (*(int *)arg = ret_vol_mono(devc->mixer.bass));
++ or_mask = ret_vol_mono(devc->mixer.bass);
++ break;
+
+ case SOUND_MIXER_TREBLE:
+- return (*(int *)arg = ret_vol_mono(devc->mixer.treble));
++ or_mask = ret_vol_mono(devc->mixer.treble);
++ break;
+
+ case SOUND_MIXER_SYNTH:
+- return (*(int *)arg = ret_vol_mono(devc->mixer.synth));
++ or_mask = ret_vol_mono(devc->mixer.synth);
++ break;
+ default:
+ return -EINVAL;
+ }
++ if (get_user(val, (int *)arg))
++ return -EFAULT;
++ val &= and_mask;
++ val |= or_mask;
++ if (put_user(val, (int *)arg))
++ return -EFAULT;
++ return val;
+ }
+ }
+
diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0497.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0497.patch
new file mode 100644
index 000000000000..9503e9efe57b
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0497.patch
@@ -0,0 +1,23 @@
+# ChangeSet
+#
+# fs/attr.c
+# 2004/07/03 18:28:30-03:00 marcelo@logos.cnet +1 -0
+# Thomas Biege: Fix missing DAC check on sys_chown
+#
+# fs/attr.c
+# 2004/07/03 19:28:29-03:00 marcelo@logos.cnet +1 -1
+# Add missing bracket to inode_change_ok() fix
+#
+diff -Nru a/fs/attr.c b.plasmaroo/fs/attr.c
+--- a/fs/attr.c 2004-07-08 17:05:20 -07:00
++++ b.plasmaroo/fs/attr.c 2004-07-08 17:05:20 -07:00
+@@ -35,7 +35,8 @@
+
+ /* Make sure caller can chgrp. */
+ if ((ia_valid & ATTR_GID) &&
+- (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid) &&
++ (current->fsuid != inode->i_uid ||
++ (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) &&
+ !capable(CAP_CHOWN))
+ goto error;
+
diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0535.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0535.patch
new file mode 100644
index 000000000000..669fc5fd32fb
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0535.patch
@@ -0,0 +1,12 @@
+--- drivers/net/e1000/e1000_ethtool.c 2003-06-13 15:51:34.000000000 +0100
++++ drivers/net/e1000/e1000_ethtool.c.plasmaroo 2004-06-24 11:23:32.524963976 +0100
+@@ -468,6 +468,9 @@
+
+ if(copy_from_user(&regs, addr, sizeof(regs)))
+ return -EFAULT;
++ memset(regs_buff, 0, sizeof(regs_buff));
++ if (regs.len > E1000_REGS_LEN)
++ regs.len = E1000_REGS_LEN;
+ e1000_ethtool_gregs(adapter, &regs, regs_buff);
+ if(copy_to_user(addr, &regs, sizeof(regs)))
+ return -EFAULT;
diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0685.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0685.patch
new file mode 100644
index 000000000000..d1be834cc8a5
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0685.patch
@@ -0,0 +1,83 @@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2004/07/26 19:14:16-03:00 mjc@redhat.com
+# [PATCH] USB: more sparse fixes
+#
+# Back in October 2003 Arnaldo commited some fixes prior to 2.6 for some leaking info to userspace in the
+# usb drivers:
+# http://linux.bkbits.net:8080/linux-2.6/cset@3f986b35LyBKc-OxB8G6k22oOjgYTQ
+#
+# The corresponding changes have not been commited to 2.4, or included in
+# the previous sparse fixes.
+#
+# drivers/usb/audio.c
+# 2004/07/15 08:46:52-03:00 mjc@redhat.com +4 -0
+# USB: more sparse fixes
+#
+# drivers/usb/brlvger.c
+# 2004/07/15 08:47:27-03:00 mjc@redhat.com +1 -0
+# USB: more sparse fixes
+#
+# drivers/usb/serial/io_edgeport.c
+# 2004/07/15 08:48:06-03:00 mjc@redhat.com +1 -0
+# USB: more sparse fixes
+#
+# drivers/usb/vicam.c
+# 2004/07/15 08:47:13-03:00 mjc@redhat.com +1 -0
+# USB: more sparse fixes
+#
+diff -Nru a/drivers/usb/audio.c b/drivers/usb/audio.c
+--- a/drivers/usb/audio.c 2004-08-08 07:41:30 -07:00
++++ b/drivers/usb/audio.c 2004-08-08 07:41:30 -07:00
+@@ -2141,6 +2141,8 @@
+
+ if (cmd == SOUND_MIXER_INFO) {
+ mixer_info info;
++
++ memset(&info, 0, sizeof(info));
+ strncpy(info.id, "USB_AUDIO", sizeof(info.id));
+ strncpy(info.name, "USB Audio Class Driver", sizeof(info.name));
+ info.modify_counter = ms->modcnt;
+@@ -2150,6 +2152,8 @@
+ }
+ if (cmd == SOUND_OLD_MIXER_INFO) {
+ _old_mixer_info info;
++
++ memset(&info, 0, sizeof(info));
+ strncpy(info.id, "USB_AUDIO", sizeof(info.id));
+ strncpy(info.name, "USB Audio Class Driver", sizeof(info.name));
+ if (copy_to_user((void *)arg, &info, sizeof(info)))
+diff -Nru a/drivers/usb/brlvger.c b/drivers/usb/brlvger.c
+--- a/drivers/usb/brlvger.c 2004-08-08 07:41:30 -07:00
++++ b/drivers/usb/brlvger.c 2004-08-08 07:41:30 -07:00
+@@ -743,6 +743,7 @@
+ case BRLVGER_GET_INFO: {
+ struct brlvger_info vi;
+
++ memset(&vi, 0, sizeof(vi));
+ strncpy(vi.driver_version, DRIVER_VERSION,
+ sizeof(vi.driver_version));
+ vi.driver_version[sizeof(vi.driver_version)-1] = 0;
+diff -Nru a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c
+--- a/drivers/usb/serial/io_edgeport.c 2004-08-08 07:41:30 -07:00
++++ b/drivers/usb/serial/io_edgeport.c 2004-08-08 07:41:30 -07:00
+@@ -1913,6 +1913,7 @@
+
+ case TIOCGICOUNT:
+ cnow = edge_port->icount;
++ memset(&icount, 0, sizeof(icount));
+ icount.cts = cnow.cts;
+ icount.dsr = cnow.dsr;
+ icount.rng = cnow.rng;
+diff -Nru a/drivers/usb/vicam.c b/drivers/usb/vicam.c
+--- a/drivers/usb/vicam.c 2004-08-08 07:41:30 -07:00
++++ b/drivers/usb/vicam.c 2004-08-08 07:41:30 -07:00
+@@ -481,6 +481,7 @@
+ struct video_capability b;
+
+ DBG("VIDIOCGCAP\n");
++ memset(&b, 0, sizeof(b));
+ strcpy(b.name, "ViCam-based Camera");
+ b.type = VID_TYPE_CAPTURE;
+ b.channels = 1;
diff --git a/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0841-fix_ldisc_switch.patch b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0841-fix_ldisc_switch.patch
new file mode 100644
index 000000000000..771a07876c72
--- /dev/null
+++ b/sys-kernel/openmosix-sources/files/openmosix-sources.CAN-2004-0841-fix_ldisc_switch.patch
@@ -0,0 +1,34 @@
+--- drivers/char/tty_io.c~ 2004-11-16 13:44:03.027542320 +0300
++++ drivers/char/tty_io.c 2004-11-16 13:45:53.229789032 +0300
+@@ -763,31 +763,6 @@
+ spin_unlock_irqrestore(&tty_termios_lock, flags);
+ }
+
+- /* Defer ldisc switch */
+- /* tty_deferred_ldisc_switch(N_TTY);
+-
+- read_lock(&tasklist_lock);
+-#ifdef CONFIG_MOSIX
+- for_each_local_task(p) {
+-#else
+- for_each_task(p) {
+-#endif /* CONFIG_MOSIX */
+- if ((tty->session > 0) && (p->session == tty->session) &&
+- p->leader) {
+- send_sig(SIGHUP,p,1);
+- send_sig(SIGCONT,p,1);
+- if (tty->pgrp > 0)
+- p->tty_old_pgrp = tty->pgrp;
+- }
+- if (p->tty == tty)
+- p->tty = NULL;
+- }
+- read_unlock(&tasklist_lock);
+-
+- tty->flags = 0;
+- tty->session = 0;
+- tty->pgrp = -1;
+- tty->ctrl_status = 0;
+ /*
+ * If one of the devices matches a console pointer, we
+ * cannot just call hangup() because that will cause