From f267c9e42aa1780f26bebd641b53fc2182f3bd12 Mon Sep 17 00:00:00 2001 From: Alberto Milone Date: Mon, 20 Sep 2010 17:47:27 +0200 Subject: [PATCH 1/1] Get the driver to build again despite the fix for CVE-2010-3081 Work around the lack of compat_alloc_user_space() in asm/compat.h after the fix for CVE-2010-3081. Thanks to Evan Broder and Stefan Bader for the patch. Signed-off-by: Alberto Milone --- 2.6.x/Makefile | 5 +++++ kcl_ioctl.c | 17 ++++++++++++++++- make.sh | 21 +++++++++++++++++++++ 3 files changed, 42 insertions(+), 1 deletions(-) diff -Naur fglrx-install.orig/common/lib/modules/fglrx/build_mod/2.6.x/Makefile fglrx-install.patched/common/lib/modules/fglrx/build_mod/2.6.x/Makefile --- fglrx-install.orig/common/lib/modules/fglrx/build_mod/2.6.x/Makefile 2010-09-01 16:05:31.000000000 +0200 +++ fglrx-install.patched/common/lib/modules/fglrx/build_mod/2.6.x/Makefile 2010-10-01 03:40:24.000000000 +0200 @@ -67,6 +67,11 @@ -DFGL_LINUX253P1_VMA_API \ -DPAGE_ATTR_FIX=$(PAGE_ATTR_FIX) \ + +ifeq ($(ARCH_COMPAT_ALLOC_USER_SPACE), 1) + EXTRA_CFLAGS +=-DARCH_COMPAT_ALLOC_USER_SPACE +endif + ifeq ($(KERNELRELEASE),) # on first call from remote location we get into this path # whilst on second call all is managed by the embedding kernel makefile diff -Naur fglrx-install.orig/common/lib/modules/fglrx/build_mod/kcl_ioctl.c fglrx-install.patched/common/lib/modules/fglrx/build_mod/kcl_ioctl.c --- fglrx-install.orig/common/lib/modules/fglrx/build_mod/kcl_ioctl.c 2010-09-01 16:05:31.000000000 +0200 +++ fglrx-install.patched/common/lib/modules/fglrx/build_mod/kcl_ioctl.c 2010-10-01 03:40:24.000000000 +0200 @@ -193,7 +193,22 @@ */ void* ATI_API_CALL KCL_IOCTL_AllocUserSpace32(long size) { - return compat_alloc_user_space(size); + void __user *ptr; + + /* If len occupies more than half of the entire compat space... */ + if (unlikely(((unsigned long) size) > (((compat_uptr_t)~0) >> 1))) + return NULL; + +#ifdef ARCH_COMPAT_ALLOC_USER_SPACE + ptr = arch_compat_alloc_user_space(size); +#else + ptr = compat_alloc_user_space(size); +#endif + + if (unlikely(!access_ok(VERIFY_WRITE, ptr, size))) + return NULL; + + return ptr; } #endif // __x86_64__ diff -Naur fglrx-install.orig/common/lib/modules/fglrx/build_mod/make.sh fglrx-install.patched/common/lib/modules/fglrx/build_mod/make.sh --- fglrx-install.orig/common/lib/modules/fglrx/build_mod/make.sh 2010-09-01 16:05:31.000000000 +0200 +++ fglrx-install.patched/common/lib/modules/fglrx/build_mod/make.sh 2010-10-01 03:40:24.000000000 +0200 @@ -391,6 +391,26 @@ fi # ============================================================== +# resolve if we have compat_alloc_user_space is in linux/compat.h + +ARCH_COMPAT_ALLOC_USER_SPACE=0 + +src_file=$linuxincludes/linux/compat.h +if [ ! -e $src_file ]; +then + echo "Warning:" >> $logfile + echo "kernel includes at $linuxincludes not found or incomplete" >> $logfile + echo "file: $src_file" >> $logfile + echo "" >> $logfile +else + if grep -q compat_alloc_user_space $src_file; + then + ARCH_COMPAT_ALLOC_USER_SPACE=1 + echo "file $src_file says: ARCH_COMPAT_ALLOC_USER_SPACE=$ARCH_COMPAT_ALLOC_USER_SPACE" >> $logfile + fi +fi + +# ============================================================== # break down OsRelease string into its components major=`echo $OsRelease | sed -n -e s/"^\([[:digit:]]*\)\.\([[:digit:]]*\)\.\([[:digit:]]*\)\(.*\)"/"\\1"/p` @@ -429,6 +449,7 @@ MODFLAGS="-DMODULE -DATI -DFGL -DPAGE_ATTR_FIX=$PAGE_ATTR_FIX $def_smp $def_modversions" \ KVER=${uname_r} \ PAGE_ATTR_FIX=$PAGE_ATTR_FIX \ + ARCH_COMPAT_ALLOC_USER_SPACE=$ARCH_COMPAT_ALLOC_USER_SPACE \ > tlog 2>&1 res=$?