diff -r -u fglrx-installer-8.771.orig/debian/changelog fglrx-installer-8.771/debian/changelog --- fglrx-installer-8.771.orig/debian/changelog 2010-09-22 21:14:19.000000000 -0400 +++ fglrx-installer-8.771/debian/changelog 2010-09-22 21:06:58.000000000 -0400 @@ -1,3 +1,12 @@ +fglrx-installer (2:8.771-0ubuntu1lumenary~lucid) lucid; urgency=low + + * Release (10.9). Changes: + - Implement Evan Broder's KCL_IOCTL_AllocUserSpace32 Patch + to work around FTBFS problems on kernels with fix for + CVE-2010-3081 (LP: #642518). + + -- Kevin Adams Wed, 22 Sep 2010 20:11 -0400 + fglrx-installer (2:8.771-0ubuntu0sarvatt~lucid) lucid; urgency=low * New upstream release (10.9). Changes: diff -r -u fglrx-installer-8.771.orig/debian/dkms.conf.in fglrx-installer-8.771/debian/dkms.conf.in --- fglrx-installer-8.771.orig/debian/dkms.conf.in 2010-09-22 19:30:44.000000000 -0400 +++ fglrx-installer-8.771/debian/dkms.conf.in 2010-09-22 21:34:21.000000000 -0400 @@ -9,6 +9,7 @@ PATCH_MATCH[0]="^2.6.28\-[0-9]*\-rt$" PATCH[1]="rt_preempt_31.patch" PATCH_MATCH[1]="^2.6.31\-[0-9]*\-rt$" +#PATCH[2]="fix_alloc_user_space32.patch" #PATCH[2]="fglrx-2.6.33.patch" #PATCH_MATCH[2]="2.6.3[34]" #PATCH[2]="arch_fglrx_2.6.34.patch" diff -r -u fglrx-installer-8.771.orig/lib/modules/fglrx/build_mod/2.6.x/Makefile fglrx-installer-8.771/lib/modules/fglrx/build_mod/2.6.x/Makefile --- fglrx-installer-8.771.orig/lib/modules/fglrx/build_mod/2.6.x/Makefile 2010-09-01 10:05:31.000000000 -0400 +++ fglrx-installer-8.771/lib/modules/fglrx/build_mod/2.6.x/Makefile 2010-09-22 21:53:14.000000000 -0400 @@ -66,7 +66,9 @@ -DFGL_GART_RESERVED_SLOT \ -DFGL_LINUX253P1_VMA_API \ -DPAGE_ATTR_FIX=$(PAGE_ATTR_FIX) \ + -DARCH_COMPAT_ALLOC_USER_SPACE=$(ARCH_COMPAT_ALLOC_USER_SPACE) \ + ifeq ($(KERNELRELEASE),) # on first call from remote location we get into this path # whilst on second call all is managed by the embedding kernel makefile diff -r -u fglrx-installer-8.771.orig/lib/modules/fglrx/build_mod/kcl_ioctl.c fglrx-installer-8.771/lib/modules/fglrx/build_mod/kcl_ioctl.c --- fglrx-installer-8.771.orig/lib/modules/fglrx/build_mod/kcl_ioctl.c 2010-09-01 10:05:31.000000000 -0400 +++ fglrx-installer-8.771/lib/modules/fglrx/build_mod/kcl_ioctl.c 2010-09-22 20:32:02.000000000 -0400 @@ -190,10 +190,28 @@ /** \brief Allocate user space for 32-bit app making 64-bit IOCTL * \param size [in] Number of bytes to allocate * \return Pointer to allocated memory + * \ + * \Modified by Kevin Adams (nx.kadams@gmail.com) to implement + * \Evan Broder's patch to work around kernels with fix for + * \CVE-2010-3081 */ void* ATI_API_CALL KCL_IOCTL_AllocUserSpace32(long size) { - return compat_alloc_user_space(size); + void __user *space; + +#if ARCH_COMPAT_ALLOC_USER_SPACE + space = arch_compat_alloc_user_space(size); +#else + space = compat_alloc_user_space(size); +#endif + + /* Avoid CVE-2010-3081 by checking access_ok ourselves */ + if (!access_ok(VERIFY_WRITE, space, size)) { + return NULL; + } + + return space; } #endif // __x86_64__ + diff -r -u fglrx-installer-8.771.orig/lib/modules/fglrx/build_mod/make.sh fglrx-installer-8.771/lib/modules/fglrx/build_mod/make.sh --- fglrx-installer-8.771.orig/lib/modules/fglrx/build_mod/make.sh 2010-09-01 10:05:31.000000000 -0400 +++ fglrx-installer-8.771/lib/modules/fglrx/build_mod/make.sh 2010-09-22 20:58:46.000000000 -0400 @@ -391,6 +391,26 @@ fi # ============================================================== +# resolve if we have compat_alloc_user_space is in linux/compat.h + +ARCH_COMPAT_ALLOC_USER_SPACE=0 + +src_file=$linuxincludes/linux/compat.h +if [ ! -e $src_file ]; +then + echo "Warning:" >> $logfile + echo "kernel includes at $linuxincludes not found or incomplete" >> $logfile + echo "file: $src_file" >> $logfile + echo "" >> $logfile +else + if grep -q compat_alloc_user_space $src_file; + then + ARCH_COMPAT_ALLOC_USER_SPACE=1 + echo "file $src_file says: ARCH_COMPAT_ALLOC_USER_SPACE=$ARCH_COMPAT_ALLOC_USER_SPACE" >> $logfile + fi +fi + +# ============================================================== # break down OsRelease string into its components major=`echo $OsRelease | sed -n -e s/"^\([[:digit:]]*\)\.\([[:digit:]]*\)\.\([[:digit:]]*\)\(.*\)"/"\\1"/p` @@ -429,6 +449,7 @@ MODFLAGS="-DMODULE -DATI -DFGL -DPAGE_ATTR_FIX=$PAGE_ATTR_FIX $def_smp $def_modversions" \ KVER=${uname_r} \ PAGE_ATTR_FIX=$PAGE_ATTR_FIX \ + ARCH_COMPAT_ALLOC_USER_SPACE=$ARCH_COMPAT_ALLOC_USER_SPACE \ > tlog 2>&1 res=$?