r2521 - in trunk/kernel-2.4/source: kernel-source-2.4.27-2.4.27/debian kernel-source-2.4.27-2.4.27/debian/patches kernel-source-2.4.27-2.4.27/debian/patches/series kernel-source-2.4.29-2.4.29/debian kernel-source-2.4.29-2.4.29/debian/patches kernel-source-2.4.29-2.4.29/debian/patches/series
Joshua Kwan
joshk@costa.debian.org
Fri, 18 Feb 2005 20:04:54 +0100
Author: joshk
Date: 2005-02-18 20:04:53 +0100 (Fri, 18 Feb 2005)
New Revision: 2521
Added:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/140_VM_IO.diff
trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/patches/100_VM_IO.diff
Modified:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9
trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/changelog
trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/patches/series/2.4.29-1
Log:
add VM_IO.diff for CAN-2004-1057
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-02-18 06:46:34 UTC (rev 2520)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-02-18 19:04:53 UTC (rev 2521)
@@ -23,11 +23,14 @@
* 138_amd64_syscall_vuln.diff: [CAN-2004--1144] fix the "int 0x80 hole"
that allowed overflow of the system call table. (Joshua Kwan)
-
+
* 139_sparc_context_switch.diff: fix FPU context switching dirtiness on
sparc32 SMP. (Joshua Kwan)
+
+ * 140_VM_IO.diff: [CAN-2004-1057] fix possible DoS from accessing freed
+ kernel pages by flagging VM_IO where necessary.
- -- Joshua Kwan <joshk@triplehelix.org> Thu, 17 Feb 2005 22:46:04 -0800
+ -- Joshua Kwan <joshk@triplehelix.org> Fri, 18 Feb 2005 11:04:10 -0800
kernel-source-2.4.27 (2.4.27-8) unstable; urgency=high
Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/140_VM_IO.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/140_VM_IO.diff 2005-02-18 06:46:34 UTC (rev 2520)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/140_VM_IO.diff 2005-02-18 19:04:53 UTC (rev 2521)
@@ -0,0 +1,306 @@
+# origin: http://www.kernel.org/pub/linux/kernel/people/andrea/kernels/v2.4/2.4.23aa3/00_VM_IO-4
+# description: VM_IO DoS fixes
+# inclusion: never happened!?
+# revision date: 2005-02-18
+
+diff -urN 2.4.19pre8/drivers/char/ftape/zftape/zftape-init.c vm-io/drivers/char/ftape/zftape/zftape-init.c
+--- 2.4.19pre8/drivers/char/ftape/zftape/zftape-init.c Tue Jan 22 18:53:29 2002
++++ vm-io/drivers/char/ftape/zftape/zftape-init.c Sat May 4 11:24:26 2002
+@@ -208,6 +208,7 @@
+ static struct vm_operations_struct dummy = { NULL, };
+ vma->vm_ops = &dummy;
+ #endif
++ vma->vm_flags &= ~VM_IO;
+ }
+ unlock_kernel();
+ current->blocked = old_sigmask; /* restore mask */
+diff -urN 2.4.19pre8/drivers/char/mem.c vm-io/drivers/char/mem.c
+--- 2.4.19pre8/drivers/char/mem.c Fri May 3 02:12:07 2002
++++ vm-io/drivers/char/mem.c Sat May 4 11:24:24 2002
+@@ -198,10 +198,10 @@
+ vma->vm_flags |= VM_RESERVED;
+
+ /*
+- * Don't dump addresses that are not real memory to a core file.
++ * Dump addresses that are real memory to a core file.
+ */
+- if (offset >= __pa(high_memory) || (file->f_flags & O_SYNC))
+- vma->vm_flags |= VM_IO;
++ if (offset < __pa(high_memory) && !(file->f_flags & O_SYNC))
++ vma->vm_flags &= ~VM_IO;
+
+ if (remap_page_range(vma->vm_start, offset, vma->vm_end-vma->vm_start,
+ vma->vm_page_prot))
+@@ -473,6 +473,7 @@
+ return shmem_zero_setup(vma);
+ if (zeromap_page_range(vma->vm_start, vma->vm_end - vma->vm_start, vma->vm_page_prot))
+ return -EAGAIN;
++ vma->vm_flags &= ~VM_IO;
+ return 0;
+ }
+
+diff -urN 2.4.19pre8/drivers/media/video/videodev.c vm-io/drivers/media/video/videodev.c
+--- 2.4.19pre8/drivers/media/video/videodev.c Fri May 3 02:12:08 2002
++++ vm-io/drivers/media/video/videodev.c Sat May 4 11:24:24 2002
+@@ -228,6 +228,7 @@
+ lock_kernel();
+ ret = vfl->mmap(vfl, (char *)vma->vm_start,
+ (unsigned long)(vma->vm_end-vma->vm_start));
++ vma->vm_flags &= ~VM_IO;
+ unlock_kernel();
+ }
+ return ret;
+diff -urN 2.4.19pre8/drivers/sound/cmpci.c vm-io/drivers/sound/cmpci.c
+--- 2.4.19pre8/drivers/sound/cmpci.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/cmpci.c Sat May 4 11:24:24 2002
+@@ -1754,6 +1754,7 @@
+ ret = -EINVAL;
+ if (remap_page_range(vma->vm_start, virt_to_phys(db->rawbuf), size, vma->vm_page_prot))
+ goto out;
++ vma->vm_flags &= ~VM_IO;
+ db->mapped = 1;
+ ret = 0;
+ out:
+diff -urN 2.4.19pre8/drivers/sound/cs4281/cs4281m.c vm-io/drivers/sound/cs4281/cs4281m.c
+--- 2.4.19pre8/drivers/sound/cs4281/cs4281m.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/cs4281/cs4281m.c Sat May 4 11:24:24 2002
+@@ -3228,6 +3228,7 @@
+ if (remap_page_range
+ (vma->vm_start, virt_to_phys(db->rawbuf), size,
+ vma->vm_page_prot)) return -EAGAIN;
++ vma->vm_flags &= ~VM_IO;
+ db->mapped = 1;
+
+ CS_DBGOUT(CS_FUNCTION | CS_PARMS | CS_OPEN, 4,
+diff -urN 2.4.19pre8/drivers/sound/cs46xx.c vm-io/drivers/sound/cs46xx.c
+--- 2.4.19pre8/drivers/sound/cs46xx.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/cs46xx.c Sat May 4 11:24:24 2002
+@@ -2468,6 +2468,7 @@
+ ret = -EAGAIN;
+ goto out;
+ }
++ vma->vm_flags &= ~VM_IO;
+ dmabuf->mapped = 1;
+
+ CS_DBGOUT(CS_FUNCTION, 2, printk("cs46xx: cs_mmap()-\n") );
+diff -urN 2.4.19pre8/drivers/sound/es1370.c vm-io/drivers/sound/es1370.c
+--- 2.4.19pre8/drivers/sound/es1370.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/es1370.c Sat May 4 11:24:24 2002
+@@ -1377,6 +1377,7 @@
+ ret = -EAGAIN;
+ goto out;
+ }
++ vma->vm_flags &= ~VM_IO;
+ db->mapped = 1;
+ out:
+ up(&s->sem);
+diff -urN 2.4.19pre8/drivers/sound/es1371.c vm-io/drivers/sound/es1371.c
+--- 2.4.19pre8/drivers/sound/es1371.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/es1371.c Sat May 4 11:24:24 2002
+@@ -1566,6 +1566,7 @@
+ ret = -EAGAIN;
+ goto out;
+ }
++ vma->vm_flags &= ~VM_IO;
+ db->mapped = 1;
+ out:
+ up(&s->sem);
+@@ -2133,6 +2134,7 @@
+ ret = -EAGAIN;
+ if (remap_page_range(vma->vm_start, virt_to_phys(s->dma_dac1.rawbuf), size, vma->vm_page_prot))
+ goto out;
++ vma->vm_flags &= ~VM_IO;
+ s->dma_dac1.mapped = 1;
+ ret = 0;
+ out:
+diff -urN 2.4.19pre8/drivers/sound/esssolo1.c vm-io/drivers/sound/esssolo1.c
+--- 2.4.19pre8/drivers/sound/esssolo1.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/esssolo1.c Sat May 4 11:24:24 2002
+@@ -1247,6 +1247,7 @@
+ ret = -EAGAIN;
+ if (remap_page_range(vma->vm_start, virt_to_phys(db->rawbuf), size, vma->vm_page_prot))
+ goto out;
++ vma->vm_flags &= ~VM_IO;
+ db->mapped = 1;
+ ret = 0;
+ out:
+diff -urN 2.4.19pre8/drivers/sound/i810_audio.c vm-io/drivers/sound/i810_audio.c
+--- 2.4.19pre8/drivers/sound/i810_audio.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/i810_audio.c Sat May 4 11:24:24 2002
+@@ -1679,6 +1679,7 @@
+ if (remap_page_range(vma->vm_start, virt_to_phys(dmabuf->rawbuf),
+ size, vma->vm_page_prot))
+ goto out;
++ vma->vm_flags &= ~VM_IO;
+ dmabuf->mapped = 1;
+ dmabuf->trigger = 0;
+ ret = 0;
+diff -urN 2.4.19pre8/drivers/sound/ite8172.c vm-io/drivers/sound/ite8172.c
+--- 2.4.19pre8/drivers/sound/ite8172.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/ite8172.c Sat May 4 11:24:24 2002
+@@ -1313,6 +1313,7 @@
+ unlock_kernel();
+ return -EAGAIN;
+ }
++ vma->vm_flags &= ~VM_IO;
+ db->mapped = 1;
+ unlock_kernel();
+ return 0;
+diff -urN 2.4.19pre8/drivers/sound/maestro.c vm-io/drivers/sound/maestro.c
+--- 2.4.19pre8/drivers/sound/maestro.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/maestro.c Sat May 4 11:24:24 2002
+@@ -2512,6 +2512,7 @@
+ ret = -EAGAIN;
+ if (remap_page_range(vma->vm_start, virt_to_phys(db->rawbuf), size, vma->vm_page_prot))
+ goto out;
++ vma->vm_flags &= ~VM_IO;
+ db->mapped = 1;
+ ret = 0;
+ out:
+diff -urN 2.4.19pre8/drivers/sound/maestro3.c vm-io/drivers/sound/maestro3.c
+--- 2.4.19pre8/drivers/sound/maestro3.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/maestro3.c Sat May 4 11:24:24 2002
+@@ -1557,6 +1557,7 @@
+ ret = -EAGAIN;
+ if (remap_page_range(vma->vm_start, virt_to_phys(db->rawbuf), size, vma->vm_page_prot))
+ goto out;
++ vma->vm_flags &= ~VM_IO;
+
+ db->mapped = 1;
+ ret = 0;
+diff -urN 2.4.19pre8/drivers/sound/rme96xx.c vm-io/drivers/sound/rme96xx.c
+--- 2.4.19pre8/drivers/sound/rme96xx.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/rme96xx.c Sat May 4 11:24:24 2002
+@@ -1690,7 +1690,7 @@
+
+
+ /* this is the mapping */
+-
++ vma->vm_flags &= ~VM_IO;
+ dma->mmapped = 1;
+ unlock_kernel();
+ return 0;
+diff -urN 2.4.19pre8/drivers/sound/sonicvibes.c vm-io/drivers/sound/sonicvibes.c
+--- 2.4.19pre8/drivers/sound/sonicvibes.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/sonicvibes.c Sat May 4 11:24:24 2002
+@@ -1551,6 +1551,7 @@
+ ret = -EAGAIN;
+ if (remap_page_range(vma->vm_start, virt_to_phys(db->rawbuf), size, vma->vm_page_prot))
+ goto out;
++ vma->vm_flags &= ~VM_IO;
+ db->mapped = 1;
+ ret = 0;
+ out:
+diff -urN 2.4.19pre8/drivers/sound/soundcard.c vm-io/drivers/sound/soundcard.c
+--- 2.4.19pre8/drivers/sound/soundcard.c Tue Jan 22 18:54:23 2002
++++ vm-io/drivers/sound/soundcard.c Sat May 4 11:24:24 2002
+@@ -481,6 +481,7 @@
+ return -EAGAIN;
+ }
+
++ vma->vm_flags &= ~VM_IO;
+ dmap->mapping_flags |= DMA_MAP_MAPPED;
+
+ if( audio_devs[dev]->d->mmap)
+diff -urN 2.4.19pre8/drivers/sound/trident.c vm-io/drivers/sound/trident.c
+--- 2.4.19pre8/drivers/sound/trident.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/trident.c Sat May 4 11:24:24 2002
+@@ -2077,6 +2077,7 @@
+ if (remap_page_range(vma->vm_start, virt_to_phys(dmabuf->rawbuf),
+ size, vma->vm_page_prot))
+ goto out;
++ vma->vm_flags &= ~VM_IO;
+ dmabuf->mapped = 1;
+ ret = 0;
+ out:
+diff -urN 2.4.19pre8/drivers/sound/ymfpci.c vm-io/drivers/sound/ymfpci.c
+--- 2.4.19pre8/drivers/sound/ymfpci.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/ymfpci.c Sat May 4 11:24:24 2002
+@@ -1536,6 +1536,7 @@
+ if (remap_page_range(vma->vm_start, virt_to_phys(dmabuf->rawbuf),
+ size, vma->vm_page_prot))
+ return -EAGAIN;
++ vma->vm_flags &= ~VM_IO;
+ dmabuf->mapped = 1;
+
+ /* P3 */ printk(KERN_INFO "ymfpci: using memory mapped sound, untested!\n");
+diff -urN 2.4.19pre8/drivers/usb/audio.c vm-io/drivers/usb/audio.c
+--- 2.4.19pre8/drivers/usb/audio.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/usb/audio.c Sat May 4 11:24:24 2002
+@@ -2341,6 +2341,7 @@
+ if (vma->vm_pgoff != 0)
+ goto out;
+
++ vma->vm_flags &= ~VM_IO;
+ ret = dmabuf_mmap(db, vma->vm_start, vma->vm_end - vma->vm_start, vma->vm_page_prot);
+ out:
+ unlock_kernel();
+diff -urN 2.4.19pre8/fs/ncpfs/mmap.c vm-io/fs/ncpfs/mmap.c
+--- 2.4.19pre8/fs/ncpfs/mmap.c Tue Jan 22 18:53:53 2002
++++ vm-io/fs/ncpfs/mmap.c Sat May 4 11:24:24 2002
+@@ -119,5 +119,6 @@
+ }
+
+ vma->vm_ops = &ncp_file_mmap;
++ vma->vm_flags &= ~VM_IO;
+ return 0;
+ }
+diff -urN 2.4.19pre8/ipc/shm.c vm-io/ipc/shm.c
+--- 2.4.19pre8/ipc/shm.c Fri May 3 02:12:29 2002
++++ vm-io/ipc/shm.c Sat May 4 11:24:24 2002
+@@ -159,6 +159,7 @@
+ {
+ UPDATE_ATIME(file->f_dentry->d_inode);
+ vma->vm_ops = &shm_vm_ops;
++ vma->vm_flags &= ~VM_IO;
+ shm_inc(file->f_dentry->d_inode->i_ino);
+ return 0;
+ }
+diff -urN 2.4.19pre8/mm/filemap.c vm-io/mm/filemap.c
+--- 2.4.19pre8/mm/filemap.c Fri May 3 02:12:29 2002
++++ vm-io/mm/filemap.c Sat May 4 11:24:24 2002
+@@ -2176,6 +2176,7 @@
+ return -ENOEXEC;
+ UPDATE_ATIME(inode);
+ vma->vm_ops = &generic_file_vm_ops;
++ vma->vm_flags &= ~VM_IO;
+ return 0;
+ }
+
+diff -urN 2.4.19pre8/mm/mmap.c vm-io/mm/mmap.c
+--- 2.4.19pre8/mm/mmap.c Fri May 3 02:12:29 2002
++++ vm-io/mm/mmap.c Sat May 4 11:24:24 2002
+@@ -534,6 +534,11 @@
+ }
+ vma->vm_file = file;
+ get_file(file);
++ /*
++ * Subdrivers can clear VM_IO if their mappings are
++ * valid pages inside mem_map[]
++ */
++ vma->vm_flags |= VM_IO;
+ error = file->f_op->mmap(file, vma);
+ if (error)
+ goto unmap_and_free_vma;
+diff -urN 2.4.19pre8/mm/shmem.c vm-io/mm/shmem.c
+--- 2.4.19pre8/mm/shmem.c Fri May 3 02:12:31 2002
++++ vm-io/mm/shmem.c Sat May 4 11:24:24 2002
+@@ -657,6 +657,7 @@
+ return -EACCES;
+ UPDATE_ATIME(inode);
+ vma->vm_ops = ops;
++ vma->vm_flags &= ~VM_IO;
+ return 0;
+ }
+
+diff -urN 2.4.19pre8/net/socket.c vm-io/net/socket.c
+--- 2.4.19pre8/net/socket.c Fri May 3 02:12:32 2002
++++ vm-io/net/socket.c Sat May 4 11:24:24 2002
+@@ -695,6 +695,7 @@
+ {
+ struct socket *sock = socki_lookup(file->f_dentry->d_inode);
+
++ vma->vm_flags &= ~VM_IO;
+ return sock->ops->mmap(file, sock, vma);
+ }
+
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9 2005-02-18 06:46:34 UTC (rev 2520)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9 2005-02-18 19:04:53 UTC (rev 2521)
@@ -4,3 +4,4 @@
+ 137_io_edgeport_overflow.diff
+ 138_amd64_syscall_vuln.diff
+ 139_sparc_context_switch.diff
++ 140_VM_IO.diff
Modified: trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/changelog 2005-02-18 06:46:34 UTC (rev 2520)
+++ trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/changelog 2005-02-18 19:04:53 UTC (rev 2521)
@@ -12,12 +12,14 @@
- 097_ipsec.diff (Herbert's backport)
- 098_skb_reset_ip_summed.diff: resolve checksumming exploit in
fragmented packet forwarding
+ - 099_io_edgeport_overflow.diff: [CAN-2004-1017] fix buffer overflow
+ (underflow, really) that opens multiple attack vectors.
+ - 100_VM_IO.diff: [CAN-2004-1057] fix possible DoS from accessing freed
+ kernel pages by flagging VM_IO where necessary.
- 101-503: add Willy Tarreau's hotfix patchset (2.4.29-hf2), addressing
some new security issues and bugs in 2.4.29
- - 137_io_edgeport_overflow.diff: [CAN-2004-1017] fix buffer overflow
- (underflow, really) that opens multiple attack vectors. (Joshua Kwan)
- -- Joshua Kwan <joshk@triplehelix.org> Thu, 17 Feb 2005 13:06:12 -0800
+ -- Joshua Kwan <joshk@triplehelix.org> Fri, 18 Feb 2005 11:02:54 -0800
kernel-source-2.4.28 (2.4.28-1) unstable; urgency=low
Added: trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/patches/100_VM_IO.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/patches/100_VM_IO.diff 2005-02-18 06:46:34 UTC (rev 2520)
+++ trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/patches/100_VM_IO.diff 2005-02-18 19:04:53 UTC (rev 2521)
@@ -0,0 +1,306 @@
+# origin: http://www.kernel.org/pub/linux/kernel/people/andrea/kernels/v2.4/2.4.23aa3/00_VM_IO-4
+# description: VM_IO DoS fixes
+# inclusion: never happened!?
+# revision date: 2005-02-18
+
+diff -urN 2.4.19pre8/drivers/char/ftape/zftape/zftape-init.c vm-io/drivers/char/ftape/zftape/zftape-init.c
+--- 2.4.19pre8/drivers/char/ftape/zftape/zftape-init.c Tue Jan 22 18:53:29 2002
++++ vm-io/drivers/char/ftape/zftape/zftape-init.c Sat May 4 11:24:26 2002
+@@ -208,6 +208,7 @@
+ static struct vm_operations_struct dummy = { NULL, };
+ vma->vm_ops = &dummy;
+ #endif
++ vma->vm_flags &= ~VM_IO;
+ }
+ unlock_kernel();
+ current->blocked = old_sigmask; /* restore mask */
+diff -urN 2.4.19pre8/drivers/char/mem.c vm-io/drivers/char/mem.c
+--- 2.4.19pre8/drivers/char/mem.c Fri May 3 02:12:07 2002
++++ vm-io/drivers/char/mem.c Sat May 4 11:24:24 2002
+@@ -198,10 +198,10 @@
+ vma->vm_flags |= VM_RESERVED;
+
+ /*
+- * Don't dump addresses that are not real memory to a core file.
++ * Dump addresses that are real memory to a core file.
+ */
+- if (offset >= __pa(high_memory) || (file->f_flags & O_SYNC))
+- vma->vm_flags |= VM_IO;
++ if (offset < __pa(high_memory) && !(file->f_flags & O_SYNC))
++ vma->vm_flags &= ~VM_IO;
+
+ if (remap_page_range(vma->vm_start, offset, vma->vm_end-vma->vm_start,
+ vma->vm_page_prot))
+@@ -473,6 +473,7 @@
+ return shmem_zero_setup(vma);
+ if (zeromap_page_range(vma->vm_start, vma->vm_end - vma->vm_start, vma->vm_page_prot))
+ return -EAGAIN;
++ vma->vm_flags &= ~VM_IO;
+ return 0;
+ }
+
+diff -urN 2.4.19pre8/drivers/media/video/videodev.c vm-io/drivers/media/video/videodev.c
+--- 2.4.19pre8/drivers/media/video/videodev.c Fri May 3 02:12:08 2002
++++ vm-io/drivers/media/video/videodev.c Sat May 4 11:24:24 2002
+@@ -228,6 +228,7 @@
+ lock_kernel();
+ ret = vfl->mmap(vfl, (char *)vma->vm_start,
+ (unsigned long)(vma->vm_end-vma->vm_start));
++ vma->vm_flags &= ~VM_IO;
+ unlock_kernel();
+ }
+ return ret;
+diff -urN 2.4.19pre8/drivers/sound/cmpci.c vm-io/drivers/sound/cmpci.c
+--- 2.4.19pre8/drivers/sound/cmpci.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/cmpci.c Sat May 4 11:24:24 2002
+@@ -1754,6 +1754,7 @@
+ ret = -EINVAL;
+ if (remap_page_range(vma->vm_start, virt_to_phys(db->rawbuf), size, vma->vm_page_prot))
+ goto out;
++ vma->vm_flags &= ~VM_IO;
+ db->mapped = 1;
+ ret = 0;
+ out:
+diff -urN 2.4.19pre8/drivers/sound/cs4281/cs4281m.c vm-io/drivers/sound/cs4281/cs4281m.c
+--- 2.4.19pre8/drivers/sound/cs4281/cs4281m.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/cs4281/cs4281m.c Sat May 4 11:24:24 2002
+@@ -3228,6 +3228,7 @@
+ if (remap_page_range
+ (vma->vm_start, virt_to_phys(db->rawbuf), size,
+ vma->vm_page_prot)) return -EAGAIN;
++ vma->vm_flags &= ~VM_IO;
+ db->mapped = 1;
+
+ CS_DBGOUT(CS_FUNCTION | CS_PARMS | CS_OPEN, 4,
+diff -urN 2.4.19pre8/drivers/sound/cs46xx.c vm-io/drivers/sound/cs46xx.c
+--- 2.4.19pre8/drivers/sound/cs46xx.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/cs46xx.c Sat May 4 11:24:24 2002
+@@ -2468,6 +2468,7 @@
+ ret = -EAGAIN;
+ goto out;
+ }
++ vma->vm_flags &= ~VM_IO;
+ dmabuf->mapped = 1;
+
+ CS_DBGOUT(CS_FUNCTION, 2, printk("cs46xx: cs_mmap()-\n") );
+diff -urN 2.4.19pre8/drivers/sound/es1370.c vm-io/drivers/sound/es1370.c
+--- 2.4.19pre8/drivers/sound/es1370.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/es1370.c Sat May 4 11:24:24 2002
+@@ -1377,6 +1377,7 @@
+ ret = -EAGAIN;
+ goto out;
+ }
++ vma->vm_flags &= ~VM_IO;
+ db->mapped = 1;
+ out:
+ up(&s->sem);
+diff -urN 2.4.19pre8/drivers/sound/es1371.c vm-io/drivers/sound/es1371.c
+--- 2.4.19pre8/drivers/sound/es1371.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/es1371.c Sat May 4 11:24:24 2002
+@@ -1566,6 +1566,7 @@
+ ret = -EAGAIN;
+ goto out;
+ }
++ vma->vm_flags &= ~VM_IO;
+ db->mapped = 1;
+ out:
+ up(&s->sem);
+@@ -2133,6 +2134,7 @@
+ ret = -EAGAIN;
+ if (remap_page_range(vma->vm_start, virt_to_phys(s->dma_dac1.rawbuf), size, vma->vm_page_prot))
+ goto out;
++ vma->vm_flags &= ~VM_IO;
+ s->dma_dac1.mapped = 1;
+ ret = 0;
+ out:
+diff -urN 2.4.19pre8/drivers/sound/esssolo1.c vm-io/drivers/sound/esssolo1.c
+--- 2.4.19pre8/drivers/sound/esssolo1.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/esssolo1.c Sat May 4 11:24:24 2002
+@@ -1247,6 +1247,7 @@
+ ret = -EAGAIN;
+ if (remap_page_range(vma->vm_start, virt_to_phys(db->rawbuf), size, vma->vm_page_prot))
+ goto out;
++ vma->vm_flags &= ~VM_IO;
+ db->mapped = 1;
+ ret = 0;
+ out:
+diff -urN 2.4.19pre8/drivers/sound/i810_audio.c vm-io/drivers/sound/i810_audio.c
+--- 2.4.19pre8/drivers/sound/i810_audio.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/i810_audio.c Sat May 4 11:24:24 2002
+@@ -1679,6 +1679,7 @@
+ if (remap_page_range(vma->vm_start, virt_to_phys(dmabuf->rawbuf),
+ size, vma->vm_page_prot))
+ goto out;
++ vma->vm_flags &= ~VM_IO;
+ dmabuf->mapped = 1;
+ dmabuf->trigger = 0;
+ ret = 0;
+diff -urN 2.4.19pre8/drivers/sound/ite8172.c vm-io/drivers/sound/ite8172.c
+--- 2.4.19pre8/drivers/sound/ite8172.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/ite8172.c Sat May 4 11:24:24 2002
+@@ -1313,6 +1313,7 @@
+ unlock_kernel();
+ return -EAGAIN;
+ }
++ vma->vm_flags &= ~VM_IO;
+ db->mapped = 1;
+ unlock_kernel();
+ return 0;
+diff -urN 2.4.19pre8/drivers/sound/maestro.c vm-io/drivers/sound/maestro.c
+--- 2.4.19pre8/drivers/sound/maestro.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/maestro.c Sat May 4 11:24:24 2002
+@@ -2512,6 +2512,7 @@
+ ret = -EAGAIN;
+ if (remap_page_range(vma->vm_start, virt_to_phys(db->rawbuf), size, vma->vm_page_prot))
+ goto out;
++ vma->vm_flags &= ~VM_IO;
+ db->mapped = 1;
+ ret = 0;
+ out:
+diff -urN 2.4.19pre8/drivers/sound/maestro3.c vm-io/drivers/sound/maestro3.c
+--- 2.4.19pre8/drivers/sound/maestro3.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/maestro3.c Sat May 4 11:24:24 2002
+@@ -1557,6 +1557,7 @@
+ ret = -EAGAIN;
+ if (remap_page_range(vma->vm_start, virt_to_phys(db->rawbuf), size, vma->vm_page_prot))
+ goto out;
++ vma->vm_flags &= ~VM_IO;
+
+ db->mapped = 1;
+ ret = 0;
+diff -urN 2.4.19pre8/drivers/sound/rme96xx.c vm-io/drivers/sound/rme96xx.c
+--- 2.4.19pre8/drivers/sound/rme96xx.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/rme96xx.c Sat May 4 11:24:24 2002
+@@ -1690,7 +1690,7 @@
+
+
+ /* this is the mapping */
+-
++ vma->vm_flags &= ~VM_IO;
+ dma->mmapped = 1;
+ unlock_kernel();
+ return 0;
+diff -urN 2.4.19pre8/drivers/sound/sonicvibes.c vm-io/drivers/sound/sonicvibes.c
+--- 2.4.19pre8/drivers/sound/sonicvibes.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/sonicvibes.c Sat May 4 11:24:24 2002
+@@ -1551,6 +1551,7 @@
+ ret = -EAGAIN;
+ if (remap_page_range(vma->vm_start, virt_to_phys(db->rawbuf), size, vma->vm_page_prot))
+ goto out;
++ vma->vm_flags &= ~VM_IO;
+ db->mapped = 1;
+ ret = 0;
+ out:
+diff -urN 2.4.19pre8/drivers/sound/soundcard.c vm-io/drivers/sound/soundcard.c
+--- 2.4.19pre8/drivers/sound/soundcard.c Tue Jan 22 18:54:23 2002
++++ vm-io/drivers/sound/soundcard.c Sat May 4 11:24:24 2002
+@@ -481,6 +481,7 @@
+ return -EAGAIN;
+ }
+
++ vma->vm_flags &= ~VM_IO;
+ dmap->mapping_flags |= DMA_MAP_MAPPED;
+
+ if( audio_devs[dev]->d->mmap)
+diff -urN 2.4.19pre8/drivers/sound/trident.c vm-io/drivers/sound/trident.c
+--- 2.4.19pre8/drivers/sound/trident.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/trident.c Sat May 4 11:24:24 2002
+@@ -2077,6 +2077,7 @@
+ if (remap_page_range(vma->vm_start, virt_to_phys(dmabuf->rawbuf),
+ size, vma->vm_page_prot))
+ goto out;
++ vma->vm_flags &= ~VM_IO;
+ dmabuf->mapped = 1;
+ ret = 0;
+ out:
+diff -urN 2.4.19pre8/drivers/sound/ymfpci.c vm-io/drivers/sound/ymfpci.c
+--- 2.4.19pre8/drivers/sound/ymfpci.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/sound/ymfpci.c Sat May 4 11:24:24 2002
+@@ -1536,6 +1536,7 @@
+ if (remap_page_range(vma->vm_start, virt_to_phys(dmabuf->rawbuf),
+ size, vma->vm_page_prot))
+ return -EAGAIN;
++ vma->vm_flags &= ~VM_IO;
+ dmabuf->mapped = 1;
+
+ /* P3 */ printk(KERN_INFO "ymfpci: using memory mapped sound, untested!\n");
+diff -urN 2.4.19pre8/drivers/usb/audio.c vm-io/drivers/usb/audio.c
+--- 2.4.19pre8/drivers/usb/audio.c Fri May 3 02:12:17 2002
++++ vm-io/drivers/usb/audio.c Sat May 4 11:24:24 2002
+@@ -2341,6 +2341,7 @@
+ if (vma->vm_pgoff != 0)
+ goto out;
+
++ vma->vm_flags &= ~VM_IO;
+ ret = dmabuf_mmap(db, vma->vm_start, vma->vm_end - vma->vm_start, vma->vm_page_prot);
+ out:
+ unlock_kernel();
+diff -urN 2.4.19pre8/fs/ncpfs/mmap.c vm-io/fs/ncpfs/mmap.c
+--- 2.4.19pre8/fs/ncpfs/mmap.c Tue Jan 22 18:53:53 2002
++++ vm-io/fs/ncpfs/mmap.c Sat May 4 11:24:24 2002
+@@ -119,5 +119,6 @@
+ }
+
+ vma->vm_ops = &ncp_file_mmap;
++ vma->vm_flags &= ~VM_IO;
+ return 0;
+ }
+diff -urN 2.4.19pre8/ipc/shm.c vm-io/ipc/shm.c
+--- 2.4.19pre8/ipc/shm.c Fri May 3 02:12:29 2002
++++ vm-io/ipc/shm.c Sat May 4 11:24:24 2002
+@@ -159,6 +159,7 @@
+ {
+ UPDATE_ATIME(file->f_dentry->d_inode);
+ vma->vm_ops = &shm_vm_ops;
++ vma->vm_flags &= ~VM_IO;
+ shm_inc(file->f_dentry->d_inode->i_ino);
+ return 0;
+ }
+diff -urN 2.4.19pre8/mm/filemap.c vm-io/mm/filemap.c
+--- 2.4.19pre8/mm/filemap.c Fri May 3 02:12:29 2002
++++ vm-io/mm/filemap.c Sat May 4 11:24:24 2002
+@@ -2176,6 +2176,7 @@
+ return -ENOEXEC;
+ UPDATE_ATIME(inode);
+ vma->vm_ops = &generic_file_vm_ops;
++ vma->vm_flags &= ~VM_IO;
+ return 0;
+ }
+
+diff -urN 2.4.19pre8/mm/mmap.c vm-io/mm/mmap.c
+--- 2.4.19pre8/mm/mmap.c Fri May 3 02:12:29 2002
++++ vm-io/mm/mmap.c Sat May 4 11:24:24 2002
+@@ -534,6 +534,11 @@
+ }
+ vma->vm_file = file;
+ get_file(file);
++ /*
++ * Subdrivers can clear VM_IO if their mappings are
++ * valid pages inside mem_map[]
++ */
++ vma->vm_flags |= VM_IO;
+ error = file->f_op->mmap(file, vma);
+ if (error)
+ goto unmap_and_free_vma;
+diff -urN 2.4.19pre8/mm/shmem.c vm-io/mm/shmem.c
+--- 2.4.19pre8/mm/shmem.c Fri May 3 02:12:31 2002
++++ vm-io/mm/shmem.c Sat May 4 11:24:24 2002
+@@ -657,6 +657,7 @@
+ return -EACCES;
+ UPDATE_ATIME(inode);
+ vma->vm_ops = ops;
++ vma->vm_flags &= ~VM_IO;
+ return 0;
+ }
+
+diff -urN 2.4.19pre8/net/socket.c vm-io/net/socket.c
+--- 2.4.19pre8/net/socket.c Fri May 3 02:12:32 2002
++++ vm-io/net/socket.c Sat May 4 11:24:24 2002
+@@ -695,6 +695,7 @@
+ {
+ struct socket *sock = socki_lookup(file->f_dentry->d_inode);
+
++ vma->vm_flags &= ~VM_IO;
+ return sock->ops->mmap(file, sock, vma);
+ }
+
Modified: trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/patches/series/2.4.29-1
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/patches/series/2.4.29-1 2005-02-18 06:46:34 UTC (rev 2520)
+++ trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/patches/series/2.4.29-1 2005-02-18 19:04:53 UTC (rev 2521)
@@ -91,6 +91,7 @@
+ 097_ipsec.diff
+ 098_skb_reset_ip_summed.diff
+ 099_io_edgeport_overflow.diff
++ 100_VM_IO.diff
+ 101-2.4.29-flash_erase-checks-cap_sys_admin-1.diff
+ 102-2.4.29-rw_verify_area-against-file-offset-overflow-2.diff
+ 103-2.4.29-rw_verify_area-missing-f_maxcount-1.diff