From f267c9e42aa1780f26bebd641b53fc2182f3bd12 Mon Sep 17 00:00:00 2001
From: Alberto Milone <alberto.milone@canonical.com>
Date: Mon, 20 Sep 2010 17:47:27 +0200
Subject: [PATCH 1/1] Get the driver to build again despite the fix for CVE-2010-3081

Work around the lack of compat_alloc_user_space() in asm/compat.h
after the fix for CVE-2010-3081.

Thanks to Evan Broder and Stefan Bader for the patch.

Signed-off-by: Alberto Milone <alberto.milone@canonical.com>
---
 2.6.x/Makefile |    5 +++++
 kcl_ioctl.c    |   17 ++++++++++++++++-
 make.sh        |   21 +++++++++++++++++++++
 3 files changed, 42 insertions(+), 1 deletions(-)

diff --git a/2.6.x/Makefile b/2.6.x/Makefile
index eede066..18d4a1a 100644
--- a/2.6.x/Makefile
+++ b/2.6.x/Makefile
@@ -67,6 +67,11 @@ EXTRA_CFLAGS    += \
                 -DFGL_LINUX253P1_VMA_API \
                 -DPAGE_ATTR_FIX=$(PAGE_ATTR_FIX) \
 
+
+ifeq ($(ARCH_COMPAT_ALLOC_USER_SPACE), 1)
+	EXTRA_CFLAGS +=-DARCH_COMPAT_ALLOC_USER_SPACE
+endif
+
 ifeq ($(KERNELRELEASE),)
 # on first call from remote location we get into this path
 # whilst on second call all is managed by the embedding kernel makefile
diff --git a/kcl_ioctl.c b/kcl_ioctl.c
index a639074..65ef682 100644
--- a/kcl_ioctl.c
+++ b/kcl_ioctl.c
@@ -193,7 +193,22 @@ void ATI_API_CALL KCL_IOCTL_UnregisterConversion32(unsigned int cmd)
  */
 void* ATI_API_CALL KCL_IOCTL_AllocUserSpace32(long size)
 {
-    return compat_alloc_user_space(size);
+    void __user *ptr;
+
+    /* If len occupies more than half of the entire compat space... */
+    if (unlikely(((unsigned long) size) > (((compat_uptr_t)~0) >> 1)))
+        return NULL;
+
+#ifdef ARCH_COMPAT_ALLOC_USER_SPACE
+    ptr = arch_compat_alloc_user_space(size);
+#else
+    ptr = compat_alloc_user_space(size);
+#endif
+
+    if (unlikely(!access_ok(VERIFY_WRITE, ptr, size)))
+        return NULL;
+
+    return ptr;
 }
 
 #endif // __x86_64__
diff --git a/make.sh b/make.sh
index 6038b24..2e5d6b0 100755
--- a/make.sh
+++ b/make.sh
@@ -391,6 +391,26 @@ then
 fi
 
 # ==============================================================
+# resolve if we have compat_alloc_user_space is in linux/compat.h
+
+ARCH_COMPAT_ALLOC_USER_SPACE=0
+
+src_file=$linuxincludes/linux/compat.h
+if [ ! -e $src_file ];
+then
+  echo "Warning:"                                                  >> $logfile
+  echo "kernel includes at $linuxincludes not found or incomplete" >> $logfile
+  echo "file: $src_file"                                           >> $logfile
+  echo ""                                                          >> $logfile
+else
+  if grep -q compat_alloc_user_space $src_file;
+  then
+    ARCH_COMPAT_ALLOC_USER_SPACE=1
+    echo "file $src_file says: ARCH_COMPAT_ALLOC_USER_SPACE=$ARCH_COMPAT_ALLOC_USER_SPACE" >> $logfile
+  fi
+fi
+
+# ==============================================================
 # break down OsRelease string into its components
 
 major=`echo $OsRelease | sed -n -e s/"^\([[:digit:]]*\)\.\([[:digit:]]*\)\.\([[:digit:]]*\)\(.*\)"/"\\1"/p`
@@ -429,6 +449,7 @@ make CC=${CC} \
     MODFLAGS="-DMODULE -DATI -DFGL -DPAGE_ATTR_FIX=$PAGE_ATTR_FIX $def_smp $def_modversions" \
     KVER=${uname_r} \
     PAGE_ATTR_FIX=$PAGE_ATTR_FIX \
+    ARCH_COMPAT_ALLOC_USER_SPACE=$ARCH_COMPAT_ALLOC_USER_SPACE \
     > tlog 2>&1 
 
 res=$?
-- 
1.7.1