| From greg@quad.kroah.org Mon Aug 21 11:39:51 2006 |
| Message-Id: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:18 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk |
| Subject: [patch 00/20] 2.6.17-stable review |
| Status: RO |
| Content-Length: 738 |
| Lines: 18 |
| |
| This is the start of the stable review cycle for the next 2.6.17.y |
| release. There are 20 patches in this series, all will be posted as |
| a response to this one. If anyone has any issues with these being |
| applied, please let us know. If anyone is a maintainer of the proper |
| subsystem, and wants to add a Signed-off-by: line to the patch, please |
| respond with it. |
| |
| These patches are sent out with a number of different people on the Cc: |
| line. If you wish to be a reviewer, please email stable@kernel.org to |
| add your name to the list. If you want to be off the reviewer list, |
| also email us. |
| |
| Responses should be made by Wed, Auguest 23, 18:00:00 UTC. Anything |
| received after that time might be too late. |
| |
| thanks, |
| |
| the -stable release team |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:51 2006 |
| Message-Id: <20060821183951.683191589@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:20 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org, |
| Christoph Hellwig <hch@infradead.org>, |
| Eric Sandeen <esandeen@redhat.com> |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Eric Sandeen <sandeen@sandeen.net>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 01/20] Have ext3 reject file handles with bad inode numbers early |
| Content-Disposition: inline; filename=have-ext3-reject-file-handles-with-bad-inode-numbers-early.patch |
| Content-Length: 1752 |
| Lines: 67 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| blatantly ripped off from Neil Brown's ext2 patch. |
| |
| |
| Signed-off-by: Eric Sandeen <sandeen@sandeen.net> |
| Acked-by: "Theodore Ts'o" <tytso@mit.edu> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| fs/ext3/super.c | 40 ++++++++++++++++++++++++++++++++++++++++ |
| 1 file changed, 40 insertions(+) |
| |
| --- linux-2.6.17.8.orig/fs/ext3/super.c |
| +++ linux-2.6.17.8/fs/ext3/super.c |
| @@ -620,8 +620,48 @@ static struct super_operations ext3_sops |
| #endif |
| }; |
| |
| +static struct dentry *ext3_get_dentry(struct super_block *sb, void *vobjp) |
| +{ |
| + __u32 *objp = vobjp; |
| + unsigned long ino = objp[0]; |
| + __u32 generation = objp[1]; |
| + struct inode *inode; |
| + struct dentry *result; |
| + |
| + if (ino != EXT3_ROOT_INO && ino < EXT3_FIRST_INO(sb)) |
| + return ERR_PTR(-ESTALE); |
| + if (ino > le32_to_cpu(EXT3_SB(sb)->s_es->s_inodes_count)) |
| + return ERR_PTR(-ESTALE); |
| + |
| + /* iget isn't really right if the inode is currently unallocated!! |
| + * ext3_read_inode currently does appropriate checks, but |
| + * it might be "neater" to call ext3_get_inode first and check |
| + * if the inode is valid..... |
| + */ |
| + inode = iget(sb, ino); |
| + if (inode == NULL) |
| + return ERR_PTR(-ENOMEM); |
| + if (is_bad_inode(inode) |
| + || (generation && inode->i_generation != generation) |
| + ) { |
| + /* we didn't find the right inode.. */ |
| + iput(inode); |
| + return ERR_PTR(-ESTALE); |
| + } |
| + /* now to find a dentry. |
| + * If possible, get a well-connected one |
| + */ |
| + result = d_alloc_anon(inode); |
| + if (!result) { |
| + iput(inode); |
| + return ERR_PTR(-ENOMEM); |
| + } |
| + return result; |
| +} |
| + |
| static struct export_operations ext3_export_ops = { |
| .get_parent = ext3_get_parent, |
| + .get_dentry = ext3_get_dentry, |
| }; |
| |
| enum { |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:51 2006 |
| Message-Id: <20060821183951.826004574@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:21 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Stephen Hemminger <shemminger@osdl.org>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 02/20] sky2: phy power problem on 88e805x |
| Content-Disposition: inline; filename=sky2-phy-power-problem-on-88e805x.patch |
| Content-Length: 1118 |
| Lines: 39 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Stephen Hemminger <shemminger@osdl.org> |
| |
| On the 88E805X chipsets (used in laptops), the PHY was not getting powered |
| out of shutdown properly. The variable reg1 was getting reused incorrectly. |
| This is probably the cause of the bug. |
| http://bugzilla.kernel.org/show_bug.cgi?id=6471 |
| |
| Signed-off-by: Stephen Hemminger <shemminger@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/net/sky2.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| --- linux-2.6.17.8.orig/drivers/net/sky2.c |
| +++ linux-2.6.17.8/drivers/net/sky2.c |
| @@ -233,6 +233,8 @@ static void sky2_set_power_state(struct |
| if (hw->ports > 1) |
| reg1 |= PCI_Y2_PHY2_COMA; |
| } |
| + sky2_pci_write32(hw, PCI_DEV_REG1, reg1); |
| + udelay(100); |
| |
| if (hw->chip_id == CHIP_ID_YUKON_EC_U) { |
| sky2_write16(hw, B0_CTST, Y2_HW_WOL_ON); |
| @@ -243,8 +245,6 @@ static void sky2_set_power_state(struct |
| sky2_pci_write32(hw, PCI_DEV_REG5, 0); |
| } |
| |
| - sky2_pci_write32(hw, PCI_DEV_REG1, reg1); |
| - |
| break; |
| |
| case PCI_D3hot: |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:52 2006 |
| Message-Id: <20060821183951.965881860@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:22 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| "David S. Miller" <davem@davemloft.net>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 03/20] Kill HASH_HIGHMEM from route cache hash sizing |
| Content-Disposition: inline; filename=kill-hash_highmem-from-route-cache-hash-sizing.patch |
| Content-Length: 1204 |
| Lines: 40 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Kirill Korotaev <dev@sw.ru> |
| |
| [IPV4]: Limit rt cache size properly. |
| |
| During OpenVZ stress testing we found that UDP traffic with random src |
| can generate too much excessive rt hash growing leading finally to OOM |
| and kernel panics. |
| |
| It was found that for 4GB i686 system (having 1048576 total pages and |
| 225280 normal zone pages) kernel allocates the following route hash: |
| syslog: IP route cache hash table entries: 262144 (order: 8, 1048576 |
| bytes) => ip_rt_max_size = 4194304 entries, i.e. max rt size is |
| 4194304 * 256b = 1Gb of RAM > normal_zone |
| |
| Attached the patch which removes HASH_HIGHMEM flag from |
| alloc_large_system_hash() call. |
| |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| net/ipv4/route.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- linux-2.6.17.8.orig/net/ipv4/route.c |
| +++ linux-2.6.17.8/net/ipv4/route.c |
| @@ -3144,7 +3144,7 @@ int __init ip_rt_init(void) |
| rhash_entries, |
| (num_physpages >= 128 * 1024) ? |
| 15 : 17, |
| - HASH_HIGHMEM, |
| + 0, |
| &rt_hash_log, |
| &rt_hash_mask, |
| 0); |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:52 2006 |
| Message-Id: <20060821183952.107883692@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:23 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Dmitry Mishin <dim@openvz.org>, |
| Kirill Korotaev <dev@openvz.org>, |
| Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>, |
| "David S. Miller" <davem@davemloft.net>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 04/20] Fix timer race in dst GC code |
| Content-Disposition: inline; filename=fix-timer-race-in-dst-gc-code.patch |
| Content-Length: 2076 |
| Lines: 64 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Dmitry Mishin <dim@openvz.org> |
| |
| [NET]: add_timer -> mod_timer() in dst_run_gc() |
| |
| Patch from Dmitry Mishin <dim@openvz.org>: |
| |
| Replace add_timer() by mod_timer() in dst_run_gc |
| in order to avoid BUG message. |
| |
| CPU1 CPU2 |
| dst_run_gc() entered dst_run_gc() entered |
| spin_lock(&dst_lock) ..... |
| del_timer(&dst_gc_timer) fail to get lock |
| .... mod_timer() <--- puts |
| timer back |
| to the list |
| add_timer(&dst_gc_timer) <--- BUG because timer is in list already. |
| |
| Found during OpenVZ internal testing. |
| |
| At first we thought that it is OpenVZ specific as we |
| added dst_run_gc(0) call in dst_dev_event(), |
| but as Alexey pointed to me it is possible to trigger |
| this condition in mainstream kernel. |
| |
| F.e. timer has fired on CPU2, but the handler was preeempted |
| by an irq before dst_lock is tried. |
| Meanwhile, someone on CPU1 adds an entry to gc list and |
| starts the timer. |
| If CPU2 was preempted long enough, this timer can expire |
| simultaneously with resuming timer handler on CPU1, arriving |
| exactly to the situation described. |
| |
| Signed-off-by: Dmitry Mishin <dim@openvz.org> |
| Signed-off-by: Kirill Korotaev <dev@openvz.org> |
| Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| net/core/dst.c | 3 +-- |
| 1 file changed, 1 insertion(+), 2 deletions(-) |
| |
| --- linux-2.6.17.8.orig/net/core/dst.c |
| +++ linux-2.6.17.8/net/core/dst.c |
| @@ -95,12 +95,11 @@ static void dst_run_gc(unsigned long dum |
| dst_gc_timer_inc = DST_GC_INC; |
| dst_gc_timer_expires = DST_GC_MIN; |
| } |
| - dst_gc_timer.expires = jiffies + dst_gc_timer_expires; |
| #if RT_CACHE_DEBUG >= 2 |
| printk("dst_total: %d/%d %ld\n", |
| atomic_read(&dst_total), delayed, dst_gc_timer_expires); |
| #endif |
| - add_timer(&dst_gc_timer); |
| + mod_timer(&dst_gc_timer, jiffies + dst_gc_timer_expires); |
| |
| out: |
| spin_unlock(&dst_lock); |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:52 2006 |
| Message-Id: <20060821183952.249022317@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:24 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| "David S. Miller" <davem@davemloft.net>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 05/20] Fix IFLA_ADDRESS handling |
| Content-Disposition: inline; filename=fix-ifla_address-handling.patch |
| Content-Length: 1484 |
| Lines: 54 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: David Miller <davem@davemloft.net> |
| |
| [RTNETLINK]: Fix IFLA_ADDRESS handling. |
| |
| The ->set_mac_address handlers expect a pointer to a |
| sockaddr which contains the MAC address, whereas |
| IFLA_ADDRESS provides just the MAC address itself. |
| |
| So whip up a sockaddr to wrap around the netlink |
| attribute for the ->set_mac_address call. |
| |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| net/core/rtnetlink.c | 15 ++++++++++++++- |
| 1 file changed, 14 insertions(+), 1 deletion(-) |
| |
| --- linux-2.6.17.8.orig/net/core/rtnetlink.c |
| +++ linux-2.6.17.8/net/core/rtnetlink.c |
| @@ -395,6 +395,9 @@ static int do_setlink(struct sk_buff *sk |
| } |
| |
| if (ida[IFLA_ADDRESS - 1]) { |
| + struct sockaddr *sa; |
| + int len; |
| + |
| if (!dev->set_mac_address) { |
| err = -EOPNOTSUPP; |
| goto out; |
| @@ -406,7 +409,17 @@ static int do_setlink(struct sk_buff *sk |
| if (ida[IFLA_ADDRESS - 1]->rta_len != RTA_LENGTH(dev->addr_len)) |
| goto out; |
| |
| - err = dev->set_mac_address(dev, RTA_DATA(ida[IFLA_ADDRESS - 1])); |
| + len = sizeof(sa_family_t) + dev->addr_len; |
| + sa = kmalloc(len, GFP_KERNEL); |
| + if (!sa) { |
| + err = -ENOMEM; |
| + goto out; |
| + } |
| + sa->sa_family = dev->type; |
| + memcpy(sa->sa_data, RTA_DATA(ida[IFLA_ADDRESS - 1]), |
| + dev->addr_len); |
| + err = dev->set_mac_address(dev, sa); |
| + kfree(sa); |
| if (err) |
| goto out; |
| send_addr_notify = 1; |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:52 2006 |
| Message-Id: <20060821183952.389848998@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:25 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org, |
| torvalds@osdl.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Diego Calleja <diegocg@gmail.com>, |
| Jens Kilian <jjk@acm.org>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 06/20] Fix BeFS slab corruption |
| Content-Disposition: inline; filename=fix-befs-slab-corruption.patch |
| Content-Length: 2207 |
| Lines: 62 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Diego Calleja <diegocg@gmail.com> |
| |
| In bugzilla #6941, Jens Kilian reported: |
| |
| "The function befs_utf2nls (in fs/befs/linuxvfs.c) writes a 0 byte past the |
| end of a block of memory allocated via kmalloc(), leading to memory |
| corruption. This happens only for filenames which are pure ASCII and a |
| multiple of 4 bytes in length. [...] |
| |
| Without DEBUG_SLAB, this leads to further corruption and hard lockups; I |
| believe this is the bug which has made kernels later than 2.6.8 unusable |
| for me. (This must be due to changes in memory management, the bug has |
| been in the BeFS driver since the time it was introduced (AFAICT).) |
| |
| Steps to reproduce: |
| Create a directory (in BeOS, naturally :-) with files named, e.g., |
| "1", "22", "333", "4444", ... Mount it in Linux and do an "ls" or "find"" |
| |
| This patch implements the suggested fix. Credits to Jens Kilian for |
| debugging the problem and finding the right fix. |
| |
| Signed-off-by: Diego Calleja <diegocg@gmail.com> |
| Cc: Jens Kilian <jjk@acm.org> |
| Signed-off-by: Andrew Morton <akpm@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| fs/befs/linuxvfs.c | 11 +++++++++-- |
| 1 file changed, 9 insertions(+), 2 deletions(-) |
| |
| --- linux-2.6.17.8.orig/fs/befs/linuxvfs.c |
| +++ linux-2.6.17.8/fs/befs/linuxvfs.c |
| @@ -512,7 +512,11 @@ befs_utf2nls(struct super_block *sb, con |
| wchar_t uni; |
| int unilen, utflen; |
| char *result; |
| - int maxlen = in_len; /* The utf8->nls conversion can't make more chars */ |
| + /* The utf8->nls conversion won't make the final nls string bigger |
| + * than the utf one, but if the string is pure ascii they'll have the |
| + * same width and an extra char is needed to save the additional \0 |
| + */ |
| + int maxlen = in_len + 1; |
| |
| befs_debug(sb, "---> utf2nls()"); |
| |
| @@ -588,7 +592,10 @@ befs_nls2utf(struct super_block *sb, con |
| wchar_t uni; |
| int unilen, utflen; |
| char *result; |
| - int maxlen = 3 * in_len; |
| + /* There're nls characters that will translate to 3-chars-wide UTF-8 |
| + * characters, a additional byte is needed to save the final \0 |
| + * in special cases */ |
| + int maxlen = (3 * in_len) + 1; |
| |
| befs_debug(sb, "---> nls2utf()\n"); |
| |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:52 2006 |
| Message-Id: <20060821183952.533635218@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:26 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org, |
| torvalds@osdl.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Ingo Molnar <mingo@elte.hu>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 07/20] disable debugging version of write_lock() |
| Content-Disposition: inline; filename=disable-debugging-version-of-write_lock.patch |
| Content-Length: 1917 |
| Lines: 72 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Andrew Morton <akpm@osdl.org> |
| |
| We've confirmed that the debug version of write_lock() can get stuck for long |
| enough to cause NMI watchdog timeouts and hence a crash. |
| |
| We don't know why, yet. Disable it for now. |
| |
| Also disable the similar read_lock() code. Just in case. |
| |
| Thanks to Dave Olson <olson@unixfolk.com> for reporting and testing. |
| |
| Acked-by: Ingo Molnar <mingo@elte.hu> |
| Signed-off-by: Andrew Morton <akpm@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| lib/spinlock_debug.c | 10 ++++++---- |
| 1 file changed, 6 insertions(+), 4 deletions(-) |
| |
| --- linux-2.6.17.8.orig/lib/spinlock_debug.c |
| +++ linux-2.6.17.8/lib/spinlock_debug.c |
| @@ -137,6 +137,7 @@ static void rwlock_bug(rwlock_t *lock, c |
| |
| #define RWLOCK_BUG_ON(cond, lock, msg) if (unlikely(cond)) rwlock_bug(lock, msg) |
| |
| +#if 0 /* __write_lock_debug() can lock up - maybe this can too? */ |
| static void __read_lock_debug(rwlock_t *lock) |
| { |
| int print_once = 1; |
| @@ -159,12 +160,12 @@ static void __read_lock_debug(rwlock_t * |
| } |
| } |
| } |
| +#endif |
| |
| void _raw_read_lock(rwlock_t *lock) |
| { |
| RWLOCK_BUG_ON(lock->magic != RWLOCK_MAGIC, lock, "bad magic"); |
| - if (unlikely(!__raw_read_trylock(&lock->raw_lock))) |
| - __read_lock_debug(lock); |
| + __raw_read_lock(&lock->raw_lock); |
| } |
| |
| int _raw_read_trylock(rwlock_t *lock) |
| @@ -210,6 +211,7 @@ static inline void debug_write_unlock(rw |
| lock->owner_cpu = -1; |
| } |
| |
| +#if 0 /* This can cause lockups */ |
| static void __write_lock_debug(rwlock_t *lock) |
| { |
| int print_once = 1; |
| @@ -232,12 +234,12 @@ static void __write_lock_debug(rwlock_t |
| } |
| } |
| } |
| +#endif |
| |
| void _raw_write_lock(rwlock_t *lock) |
| { |
| debug_write_lock_before(lock); |
| - if (unlikely(!__raw_write_trylock(&lock->raw_lock))) |
| - __write_lock_debug(lock); |
| + __raw_write_lock(&lock->raw_lock); |
| debug_write_lock_after(lock); |
| } |
| |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:52 2006 |
| Message-Id: <20060821183952.680112104@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:27 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org, |
| David Miller <davem@davemloft.net> |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| netdev@vger.kernel.org, |
| acme@ghostprotocols.net, |
| Stephen Hemminger <shemminger@osdl.org> |
| Subject: [patch 08/20] ipx: header length validation needed |
| Content-Disposition: inline; filename=ipx-header-length-validation-needed.patch |
| Content-Length: 882 |
| Lines: 29 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Stephen Hemminger <shemminger@osdl.org> |
| |
| This patch will linearize and check there is enough data. |
| It handles the pprop case as well as avoiding a whole audit of |
| the routing code. |
| |
| Signed-off-by: Stephen Hemminger <shemminger@osdl.org> |
| |
| --- |
| net/ipx/af_ipx.c | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| --- linux-2.6.17.8.orig/net/ipx/af_ipx.c |
| +++ linux-2.6.17.8/net/ipx/af_ipx.c |
| @@ -1647,7 +1647,8 @@ static int ipx_rcv(struct sk_buff *skb, |
| ipx_pktsize = ntohs(ipx->ipx_pktsize); |
| |
| /* Too small or invalid header? */ |
| - if (ipx_pktsize < sizeof(struct ipxhdr) || ipx_pktsize > skb->len) |
| + if (ipx_pktsize < sizeof(struct ipxhdr) |
| + || !pskb_may_pull(skb, ipx_pktsize)) |
| goto drop; |
| |
| if (ipx->ipx_checksum != IPX_NO_CHECKSUM && |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:52 2006 |
| Message-Id: <20060821183952.818275931@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:28 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Kylene Hall <kjhall@us.ibm.com>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 09/20] tpm: interrupt clear fix |
| Content-Disposition: inline; filename=tpm-interrupt-clear-fix.patch |
| Content-Length: 802 |
| Lines: 27 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Kylene Jo Hall <kjhall@us.ibm.com> |
| |
| Under stress testing I found that the interrupt is not always cleared. |
| This is a bug and this patch should go into 2.6.18 and 2.6.17.x. |
| |
| Signed-off-by: Kylene Hall <kjhall@us.ibm.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/char/tpm/tpm_tis.c | 1 + |
| 1 file changed, 1 insertion(+) |
| |
| --- linux-2.6.17.8.orig/drivers/char/tpm/tpm_tis.c |
| +++ linux-2.6.17.8/drivers/char/tpm/tpm_tis.c |
| @@ -424,6 +424,7 @@ static irqreturn_t tis_int_handler(int i |
| iowrite32(interrupt, |
| chip->vendor.iobase + |
| TPM_INT_STATUS(chip->vendor.locality)); |
| + ioread32(chip->vendor.iobase + TPM_INT_STATUS(chip->vendor.locality)); |
| return IRQ_HANDLED; |
| } |
| |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:53 2006 |
| Message-Id: <20060821183952.958397241@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:29 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Adrian Bunk <bunk@stusta.de>, |
| Mark Huang <mlhuang@cs.princeton.edu>, |
| Patrick McHardy <kaber@trash.net>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 10/20] : ulog: fix panic on SMP kernels |
| Content-Disposition: inline; filename=ulog-fix-panic-on-smp-kernels.patch |
| Content-Length: 2114 |
| Lines: 67 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Mark Huang <mlhuang@cs.princeton.edu> |
| |
| [NETFILTER]: ulog: fix panic on SMP kernels |
| |
| Fix kernel panic on various SMP machines. The culprit is a null |
| ub->skb in ulog_send(). If ulog_timer() has already been scheduled on |
| one CPU and is spinning on the lock, and ipt_ulog_packet() flushes the |
| queue on another CPU by calling ulog_send() right before it exits, |
| there will be no skbuff when ulog_timer() acquires the lock and calls |
| ulog_send(). Cancelling the timer in ulog_send() doesn't help because |
| it has already been scheduled and is running on the first CPU. |
| |
| Similar problem exists in ebt_ulog.c and nfnetlink_log.c. |
| |
| Signed-off-by: Mark Huang <mlhuang@cs.princeton.edu> |
| Signed-off-by: Patrick McHardy <kaber@trash.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| net/bridge/netfilter/ebt_ulog.c | 3 +++ |
| net/ipv4/netfilter/ipt_ULOG.c | 5 +++++ |
| net/netfilter/nfnetlink_log.c | 3 +++ |
| 3 files changed, 11 insertions(+) |
| |
| --- linux-2.6.17.9.orig/net/bridge/netfilter/ebt_ulog.c |
| +++ linux-2.6.17.9/net/bridge/netfilter/ebt_ulog.c |
| @@ -75,6 +75,9 @@ static void ulog_send(unsigned int nlgro |
| if (timer_pending(&ub->timer)) |
| del_timer(&ub->timer); |
| |
| + if (!ub->skb) |
| + return; |
| + |
| /* last nlmsg needs NLMSG_DONE */ |
| if (ub->qlen > 1) |
| ub->lastnlh->nlmsg_type = NLMSG_DONE; |
| --- linux-2.6.17.9.orig/net/ipv4/netfilter/ipt_ULOG.c |
| +++ linux-2.6.17.9/net/ipv4/netfilter/ipt_ULOG.c |
| @@ -116,6 +116,11 @@ static void ulog_send(unsigned int nlgro |
| del_timer(&ub->timer); |
| } |
| |
| + if (!ub->skb) { |
| + DEBUGP("ipt_ULOG: ulog_send: nothing to send\n"); |
| + return; |
| + } |
| + |
| /* last nlmsg needs NLMSG_DONE */ |
| if (ub->qlen > 1) |
| ub->lastnlh->nlmsg_type = NLMSG_DONE; |
| --- linux-2.6.17.9.orig/net/netfilter/nfnetlink_log.c |
| +++ linux-2.6.17.9/net/netfilter/nfnetlink_log.c |
| @@ -366,6 +366,9 @@ __nfulnl_send(struct nfulnl_instance *in |
| if (timer_pending(&inst->timer)) |
| del_timer(&inst->timer); |
| |
| + if (!inst->skb) |
| + return 0; |
| + |
| if (inst->qlen > 1) |
| inst->lastnlh->nlmsg_type = NLMSG_DONE; |
| |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:53 2006 |
| Message-Id: <20060821183953.101027612@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:30 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| dev@openvz.org, |
| haveblue@us.ibm.com, |
| dev@sw.ru, |
| oleg@tv-sign.ru, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 11/20] sys_getppid oopses on debug kernel |
| Content-Disposition: inline; filename=sys_getppid-oopses-on-debug-kernel.patch |
| Content-Length: 2427 |
| Lines: 81 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Kirill Korotaev <dev@sw.ru> |
| |
| sys_getppid() optimization can access a freed memory. On kernels with |
| DEBUG_SLAB turned ON, this results in Oops. As Dave Hansen noted, this |
| optimization is also unsafe for memory hotplug. |
| |
| So this patch always takes the lock to be safe. |
| |
| [oleg@tv-sign.ru: simplifications] |
| |
| Signed-off-by: Kirill Korotaev <dev@openvz.org> |
| Cc: Dave Hansen <haveblue@us.ibm.com> |
| Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> |
| Signed-off-by: Andrew Morton <akpm@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| kernel/timer.c | 41 +++++++---------------------------------- |
| 1 file changed, 7 insertions(+), 34 deletions(-) |
| |
| --- linux-2.6.17.9.orig/kernel/timer.c |
| +++ linux-2.6.17.9/kernel/timer.c |
| @@ -975,46 +975,19 @@ asmlinkage long sys_getpid(void) |
| } |
| |
| /* |
| - * Accessing ->group_leader->real_parent is not SMP-safe, it could |
| - * change from under us. However, rather than getting any lock |
| - * we can use an optimistic algorithm: get the parent |
| - * pid, and go back and check that the parent is still |
| - * the same. If it has changed (which is extremely unlikely |
| - * indeed), we just try again.. |
| - * |
| - * NOTE! This depends on the fact that even if we _do_ |
| - * get an old value of "parent", we can happily dereference |
| - * the pointer (it was and remains a dereferencable kernel pointer |
| - * no matter what): we just can't necessarily trust the result |
| - * until we know that the parent pointer is valid. |
| - * |
| - * NOTE2: ->group_leader never changes from under us. |
| + * Accessing ->real_parent is not SMP-safe, it could |
| + * change from under us. However, we can use a stale |
| + * value of ->real_parent under rcu_read_lock(), see |
| + * release_task()->call_rcu(delayed_put_task_struct). |
| */ |
| asmlinkage long sys_getppid(void) |
| { |
| int pid; |
| - struct task_struct *me = current; |
| - struct task_struct *parent; |
| |
| - parent = me->group_leader->real_parent; |
| - for (;;) { |
| - pid = parent->tgid; |
| -#if defined(CONFIG_SMP) || defined(CONFIG_PREEMPT) |
| -{ |
| - struct task_struct *old = parent; |
| + rcu_read_lock(); |
| + pid = rcu_dereference(current->real_parent)->tgid; |
| + rcu_read_unlock(); |
| |
| - /* |
| - * Make sure we read the pid before re-reading the |
| - * parent pointer: |
| - */ |
| - smp_rmb(); |
| - parent = me->group_leader->real_parent; |
| - if (old != parent) |
| - continue; |
| -} |
| -#endif |
| - break; |
| - } |
| return pid; |
| } |
| |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:53 2006 |
| Message-Id: <20060821183953.239986945@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:31 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org, |
| bunk@stusta.de, |
| maks@sternwelten.at |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Olaf Hering <olh@suse.de>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 12/20] SERIAL: icom: select FW_LOADER |
| Content-Disposition: inline; filename=serial-icom-select-fw_loader.patch |
| Content-Length: 827 |
| Lines: 29 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Olaf Hering <olaf@aepfle.de> |
| |
| The icom driver uses request_firmware() |
| and thus needs to select FW_LOADER. |
| |
| Signed-off-by: maximilian attems <maks@sternwelten.at> |
| Signed-off-by: Olaf Hering <olh@suse.de> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| |
| --- |
| drivers/serial/Kconfig | 1 + |
| 1 file changed, 1 insertion(+) |
| |
| --- linux-2.6.17.9.orig/drivers/serial/Kconfig |
| +++ linux-2.6.17.9/drivers/serial/Kconfig |
| @@ -803,6 +803,7 @@ config SERIAL_MPC52xx |
| tristate "Freescale MPC52xx family PSC serial support" |
| depends on PPC_MPC52xx |
| select SERIAL_CORE |
| + select FW_LOADER |
| help |
| This drivers support the MPC52xx PSC serial ports. If you would |
| like to use them, you must answer Y or M to this option. Not that |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:53 2006 |
| Message-Id: <20060821183953.381397963@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:32 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org, |
| Greg KH <gregkh@suse.de>, |
| Andrew Morton <akpm@osdl.org> |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Jean Delvare <khali@linux-fr.org>, |
| Daniel Ritz <daniel.ritz@gmx.ch> |
| Subject: [patch 13/20] PCI: fix ICH6 quirks |
| Content-Disposition: inline; filename=pci-fix-ich6-quirks.patch |
| Content-Length: 1720 |
| Lines: 40 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Daniel Ritz <daniel.ritz-ml@swissonline.ch> |
| |
| [PATCH] PCI: fix ICH6 quirks |
| |
| - add the ICH6(R) LPC to the ICH6 ACPI quirks. currently only the ICH6-M is |
| handled. [ PCI_DEVICE_ID_INTEL_ICH6_1 is the ICH6-M LPC, ICH6_0 is the ICH6(R) ] |
| - remove the wrong quirk calling asus_hides_smbus_lpc() for ICH6. the register |
| modified in asus_hides_smbus_lpc() has a different meaning in ICH6. |
| |
| Signed-off-by: Daniel Ritz <daniel.ritz@gmx.ch> |
| Cc: Jean Delvare <khali@linux-fr.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/pci/quirks.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- linux-2.6.17.9.orig/drivers/pci/quirks.c |
| +++ linux-2.6.17.9/drivers/pci/quirks.c |
| @@ -427,6 +427,7 @@ static void __devinit quirk_ich6_lpc_acp |
| pci_read_config_dword(dev, 0x48, ®ion); |
| quirk_io_region(dev, region, 64, PCI_BRIDGE_RESOURCES+1, "ICH6 GPIO"); |
| } |
| +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH6_0, quirk_ich6_lpc_acpi ); |
| DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH6_1, quirk_ich6_lpc_acpi ); |
| |
| /* |
| @@ -1043,7 +1044,6 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_I |
| DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82801CA_12, asus_hides_smbus_lpc ); |
| DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82801DB_12, asus_hides_smbus_lpc ); |
| DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82801EB_0, asus_hides_smbus_lpc ); |
| -DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH6_1, asus_hides_smbus_lpc ); |
| |
| static void __init asus_hides_smbus_lpc_ich6(struct pci_dev *dev) |
| { |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:53 2006 |
| Message-Id: <20060821183953.525133544@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:33 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Adrian Bunk <bunk@stusta.de>, |
| Patrick McHardy <kaber@trash.net>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 14/20] : ip_tables: fix table locking in ipt_do_table |
| Content-Disposition: inline; filename=ip_tables-fix-table-locking-in-ipt_do_table.patch |
| Content-Length: 1989 |
| Lines: 58 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Patrick McHardy <kaber@trash.net> |
| |
| [NETFILTER]: ip_tables: fix table locking in ipt_do_table |
| |
| table->private might change because of ruleset changes, don't use it without |
| holding the lock. |
| |
| Signed-off-by: Patrick McHardy <kaber@trash.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| net/ipv4/netfilter/arp_tables.c | 3 ++- |
| net/ipv4/netfilter/ip_tables.c | 3 ++- |
| 2 files changed, 4 insertions(+), 2 deletions(-) |
| |
| --- linux-2.6.17.9.orig/net/ipv4/netfilter/arp_tables.c |
| +++ linux-2.6.17.9/net/ipv4/netfilter/arp_tables.c |
| @@ -237,7 +237,7 @@ unsigned int arpt_do_table(struct sk_buf |
| struct arpt_entry *e, *back; |
| const char *indev, *outdev; |
| void *table_base; |
| - struct xt_table_info *private = table->private; |
| + struct xt_table_info *private; |
| |
| /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ |
| if (!pskb_may_pull((*pskb), (sizeof(struct arphdr) + |
| @@ -249,6 +249,7 @@ unsigned int arpt_do_table(struct sk_buf |
| outdev = out ? out->name : nulldevname; |
| |
| read_lock_bh(&table->lock); |
| + private = table->private; |
| table_base = (void *)private->entries[smp_processor_id()]; |
| e = get_entry(table_base, private->hook_entry[hook]); |
| back = get_entry(table_base, private->underflow[hook]); |
| --- linux-2.6.17.9.orig/net/ipv4/netfilter/ip_tables.c |
| +++ linux-2.6.17.9/net/ipv4/netfilter/ip_tables.c |
| @@ -231,7 +231,7 @@ ipt_do_table(struct sk_buff **pskb, |
| const char *indev, *outdev; |
| void *table_base; |
| struct ipt_entry *e, *back; |
| - struct xt_table_info *private = table->private; |
| + struct xt_table_info *private; |
| |
| /* Initialization */ |
| ip = (*pskb)->nh.iph; |
| @@ -248,6 +248,7 @@ ipt_do_table(struct sk_buff **pskb, |
| |
| read_lock_bh(&table->lock); |
| IP_NF_ASSERT(table->valid_hooks & (1 << hook)); |
| + private = table->private; |
| table_base = (void *)private->entries[smp_processor_id()]; |
| e = get_entry(table_base, private->hook_entry[hook]); |
| |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:53 2006 |
| Message-Id: <20060821183953.663500743@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:34 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Pavel Emelianov <xemul@openvz.org>, |
| Kirill Korotaev <dev@openvz.org>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 15/20] IA64: local DoS with corrupted ELFs |
| Content-Disposition: inline; filename=ia64-local-dos-with-corrupted-elfs.patch |
| Status: RO |
| Content-Length: 7804 |
| Lines: 283 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Kirill Korotaev <dev@sw.ru> |
| |
| This patch prevents cross-region mappings |
| on IA64 and SPARC which could lead to system crash. |
| |
| davem@ confirmed: "This looks fine to me." :) |
| |
| Signed-Off-By: Pavel Emelianov <xemul@openvz.org> |
| Signed-Off-By: Kirill Korotaev <dev@openvz.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| |
| --- |
| arch/ia64/kernel/sys_ia64.c | 28 ++++++++++++++++------------ |
| arch/sparc/kernel/sys_sparc.c | 27 +++++++++++++++------------ |
| arch/sparc64/kernel/sys_sparc.c | 36 ++++++++++++++++++++---------------- |
| include/asm-generic/mman.h | 6 ++++++ |
| include/asm-ia64/mman.h | 6 ++++++ |
| include/asm-sparc/mman.h | 6 ++++++ |
| include/asm-sparc64/mman.h | 6 ++++++ |
| mm/mmap.c | 13 +++++++++++-- |
| 8 files changed, 86 insertions(+), 42 deletions(-) |
| |
| --- linux-2.6.17.9.orig/arch/ia64/kernel/sys_ia64.c |
| +++ linux-2.6.17.9/arch/ia64/kernel/sys_ia64.c |
| @@ -164,10 +164,25 @@ sys_pipe (void) |
| return retval; |
| } |
| |
| +int ia64_map_check_rgn(unsigned long addr, unsigned long len, |
| + unsigned long flags) |
| +{ |
| + unsigned long roff; |
| + |
| + /* |
| + * Don't permit mappings into unmapped space, the virtual page table |
| + * of a region, or across a region boundary. Note: RGN_MAP_LIMIT is |
| + * equal to 2^n-PAGE_SIZE (for some integer n <= 61) and len > 0. |
| + */ |
| + roff = REGION_OFFSET(addr); |
| + if ((len > RGN_MAP_LIMIT) || (roff > (RGN_MAP_LIMIT - len))) |
| + return -EINVAL; |
| + return 0; |
| +} |
| + |
| static inline unsigned long |
| do_mmap2 (unsigned long addr, unsigned long len, int prot, int flags, int fd, unsigned long pgoff) |
| { |
| - unsigned long roff; |
| struct file *file = NULL; |
| |
| flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE); |
| @@ -189,17 +204,6 @@ do_mmap2 (unsigned long addr, unsigned l |
| goto out; |
| } |
| |
| - /* |
| - * Don't permit mappings into unmapped space, the virtual page table of a region, |
| - * or across a region boundary. Note: RGN_MAP_LIMIT is equal to 2^n-PAGE_SIZE |
| - * (for some integer n <= 61) and len > 0. |
| - */ |
| - roff = REGION_OFFSET(addr); |
| - if ((len > RGN_MAP_LIMIT) || (roff > (RGN_MAP_LIMIT - len))) { |
| - addr = -EINVAL; |
| - goto out; |
| - } |
| - |
| down_write(¤t->mm->mmap_sem); |
| addr = do_mmap_pgoff(file, addr, len, prot, flags, pgoff); |
| up_write(¤t->mm->mmap_sem); |
| --- linux-2.6.17.9.orig/arch/sparc/kernel/sys_sparc.c |
| +++ linux-2.6.17.9/arch/sparc/kernel/sys_sparc.c |
| @@ -219,6 +219,21 @@ out: |
| return err; |
| } |
| |
| +int sparc_mmap_check(unsigned long addr, unsigned long len, unsigned long flags) |
| +{ |
| + if (ARCH_SUN4C_SUN4 && |
| + (len > 0x20000000 || |
| + ((flags & MAP_FIXED) && |
| + addr < 0xe0000000 && addr + len > 0x20000000))) |
| + return -EINVAL; |
| + |
| + /* See asm-sparc/uaccess.h */ |
| + if (len > TASK_SIZE - PAGE_SIZE || addr + len > TASK_SIZE - PAGE_SIZE) |
| + return -EINVAL; |
| + |
| + return 0; |
| +} |
| + |
| /* Linux version of mmap */ |
| static unsigned long do_mmap2(unsigned long addr, unsigned long len, |
| unsigned long prot, unsigned long flags, unsigned long fd, |
| @@ -233,25 +248,13 @@ static unsigned long do_mmap2(unsigned l |
| goto out; |
| } |
| |
| - retval = -EINVAL; |
| len = PAGE_ALIGN(len); |
| - if (ARCH_SUN4C_SUN4 && |
| - (len > 0x20000000 || |
| - ((flags & MAP_FIXED) && |
| - addr < 0xe0000000 && addr + len > 0x20000000))) |
| - goto out_putf; |
| - |
| - /* See asm-sparc/uaccess.h */ |
| - if (len > TASK_SIZE - PAGE_SIZE || addr + len > TASK_SIZE - PAGE_SIZE) |
| - goto out_putf; |
| - |
| flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE); |
| |
| down_write(¤t->mm->mmap_sem); |
| retval = do_mmap_pgoff(file, addr, len, prot, flags, pgoff); |
| up_write(¤t->mm->mmap_sem); |
| |
| -out_putf: |
| if (file) |
| fput(file); |
| out: |
| --- linux-2.6.17.9.orig/arch/sparc64/kernel/sys_sparc.c |
| +++ linux-2.6.17.9/arch/sparc64/kernel/sys_sparc.c |
| @@ -549,6 +549,26 @@ asmlinkage long sparc64_personality(unsi |
| return ret; |
| } |
| |
| +int sparc64_mmap_check(unsigned long addr, unsigned long len, |
| + unsigned long flags) |
| +{ |
| + if (test_thread_flag(TIF_32BIT)) { |
| + if (len >= STACK_TOP32) |
| + return -EINVAL; |
| + |
| + if ((flags & MAP_FIXED) && addr > STACK_TOP32 - len) |
| + return -EINVAL; |
| + } else { |
| + if (len >= VA_EXCLUDE_START) |
| + return -EINVAL; |
| + |
| + if ((flags & MAP_FIXED) && invalid_64bit_range(addr, len)) |
| + return -EINVAL; |
| + } |
| + |
| + return 0; |
| +} |
| + |
| /* Linux version of mmap */ |
| asmlinkage unsigned long sys_mmap(unsigned long addr, unsigned long len, |
| unsigned long prot, unsigned long flags, unsigned long fd, |
| @@ -564,27 +584,11 @@ asmlinkage unsigned long sys_mmap(unsign |
| } |
| flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE); |
| len = PAGE_ALIGN(len); |
| - retval = -EINVAL; |
| - |
| - if (test_thread_flag(TIF_32BIT)) { |
| - if (len >= STACK_TOP32) |
| - goto out_putf; |
| - |
| - if ((flags & MAP_FIXED) && addr > STACK_TOP32 - len) |
| - goto out_putf; |
| - } else { |
| - if (len >= VA_EXCLUDE_START) |
| - goto out_putf; |
| - |
| - if ((flags & MAP_FIXED) && invalid_64bit_range(addr, len)) |
| - goto out_putf; |
| - } |
| |
| down_write(¤t->mm->mmap_sem); |
| retval = do_mmap(file, addr, len, prot, flags, off); |
| up_write(¤t->mm->mmap_sem); |
| |
| -out_putf: |
| if (file) |
| fput(file); |
| out: |
| --- linux-2.6.17.9.orig/include/asm-generic/mman.h |
| +++ linux-2.6.17.9/include/asm-generic/mman.h |
| @@ -39,4 +39,10 @@ |
| #define MAP_ANON MAP_ANONYMOUS |
| #define MAP_FILE 0 |
| |
| +#ifdef __KERNEL__ |
| +#ifndef arch_mmap_check |
| +#define arch_mmap_check(addr, len, flags) (0) |
| +#endif |
| +#endif |
| + |
| #endif |
| --- linux-2.6.17.9.orig/include/asm-ia64/mman.h |
| +++ linux-2.6.17.9/include/asm-ia64/mman.h |
| @@ -8,6 +8,12 @@ |
| * David Mosberger-Tang <davidm@hpl.hp.com>, Hewlett-Packard Co |
| */ |
| |
| +#ifdef __KERNEL__ |
| +#define arch_mmap_check ia64_map_check_rgn |
| +int ia64_map_check_rgn(unsigned long addr, unsigned long len, |
| + unsigned long flags); |
| +#endif |
| + |
| #include <asm-generic/mman.h> |
| |
| #define MAP_GROWSDOWN 0x00100 /* stack-like segment */ |
| --- linux-2.6.17.9.orig/include/asm-sparc/mman.h |
| +++ linux-2.6.17.9/include/asm-sparc/mman.h |
| @@ -2,6 +2,12 @@ |
| #ifndef __SPARC_MMAN_H__ |
| #define __SPARC_MMAN_H__ |
| |
| +#ifdef __KERNEL__ |
| +#define arch_mmap_check sparc_mmap_check |
| +int sparc_mmap_check(unsigned long addr, unsigned long len, |
| + unsigned long flags); |
| +#endif |
| + |
| #include <asm-generic/mman.h> |
| |
| /* SunOS'ified... */ |
| --- linux-2.6.17.9.orig/include/asm-sparc64/mman.h |
| +++ linux-2.6.17.9/include/asm-sparc64/mman.h |
| @@ -2,6 +2,12 @@ |
| #ifndef __SPARC64_MMAN_H__ |
| #define __SPARC64_MMAN_H__ |
| |
| +#ifdef __KERNEL__ |
| +#define arch_mmap_check sparc64_mmap_check |
| +int sparc64_mmap_check(unsigned long addr, unsigned long len, |
| + unsigned long flags); |
| +#endif |
| + |
| #include <asm-generic/mman.h> |
| |
| /* SunOS'ified... */ |
| --- linux-2.6.17.9.orig/mm/mmap.c |
| +++ linux-2.6.17.9/mm/mmap.c |
| @@ -913,6 +913,10 @@ unsigned long do_mmap_pgoff(struct file |
| if (!len) |
| return -EINVAL; |
| |
| + error = arch_mmap_check(addr, len, flags); |
| + if (error) |
| + return error; |
| + |
| /* Careful about overflows.. */ |
| len = PAGE_ALIGN(len); |
| if (!len || len > TASK_SIZE) |
| @@ -1852,6 +1856,7 @@ unsigned long do_brk(unsigned long addr, |
| unsigned long flags; |
| struct rb_node ** rb_link, * rb_parent; |
| pgoff_t pgoff = addr >> PAGE_SHIFT; |
| + int error; |
| |
| len = PAGE_ALIGN(len); |
| if (!len) |
| @@ -1860,6 +1865,12 @@ unsigned long do_brk(unsigned long addr, |
| if ((addr + len) > TASK_SIZE || (addr + len) < addr) |
| return -EINVAL; |
| |
| + flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; |
| + |
| + error = arch_mmap_check(addr, len, flags); |
| + if (error) |
| + return error; |
| + |
| /* |
| * mlock MCL_FUTURE? |
| */ |
| @@ -1900,8 +1911,6 @@ unsigned long do_brk(unsigned long addr, |
| if (security_vm_enough_memory(len >> PAGE_SHIFT)) |
| return -ENOMEM; |
| |
| - flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; |
| - |
| /* Can we just expand an old private anonymous mapping? */ |
| if (vma_merge(mm, prev, addr, addr + len, flags, |
| NULL, NULL, pgoff, NULL)) |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:53 2006 |
| Message-Id: <20060821183953.809086225@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:35 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>, |
| "David S. Miller" <davem@davemloft.net>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 16/20] Fix ipv4 routing locking bug |
| Content-Disposition: inline; filename=fix-ipv4-routing-locking-bug.patch |
| Content-Length: 2499 |
| Lines: 82 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| |
| From: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> |
| |
| [IPV4]: severe locking bug in fib_semantics.c |
| |
| Found in 2.4 by Yixin Pan <yxpan@hotmail.com>. |
| |
| > When I read fib_semantics.c of Linux-2.4.32, write_lock(&fib_info_lock) = |
| > is used in fib_release_info() instead of write_lock_bh(&fib_info_lock). = |
| > Is the following case possible: a BH interrupts fib_release_info() while = |
| > holding the write lock, and calls ip_check_fib_default() which calls = |
| > read_lock(&fib_info_lock), and spin forever. |
| |
| Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| net/ipv4/fib_semantics.c | 12 ++++++------ |
| 1 file changed, 6 insertions(+), 6 deletions(-) |
| |
| --- linux-2.6.17.9.orig/net/ipv4/fib_semantics.c |
| +++ linux-2.6.17.9/net/ipv4/fib_semantics.c |
| @@ -160,7 +160,7 @@ void free_fib_info(struct fib_info *fi) |
| |
| void fib_release_info(struct fib_info *fi) |
| { |
| - write_lock(&fib_info_lock); |
| + write_lock_bh(&fib_info_lock); |
| if (fi && --fi->fib_treeref == 0) { |
| hlist_del(&fi->fib_hash); |
| if (fi->fib_prefsrc) |
| @@ -173,7 +173,7 @@ void fib_release_info(struct fib_info *f |
| fi->fib_dead = 1; |
| fib_info_put(fi); |
| } |
| - write_unlock(&fib_info_lock); |
| + write_unlock_bh(&fib_info_lock); |
| } |
| |
| static __inline__ int nh_comp(const struct fib_info *fi, const struct fib_info *ofi) |
| @@ -599,7 +599,7 @@ static void fib_hash_move(struct hlist_h |
| unsigned int old_size = fib_hash_size; |
| unsigned int i, bytes; |
| |
| - write_lock(&fib_info_lock); |
| + write_lock_bh(&fib_info_lock); |
| old_info_hash = fib_info_hash; |
| old_laddrhash = fib_info_laddrhash; |
| fib_hash_size = new_size; |
| @@ -640,7 +640,7 @@ static void fib_hash_move(struct hlist_h |
| } |
| fib_info_laddrhash = new_laddrhash; |
| |
| - write_unlock(&fib_info_lock); |
| + write_unlock_bh(&fib_info_lock); |
| |
| bytes = old_size * sizeof(struct hlist_head *); |
| fib_hash_free(old_info_hash, bytes); |
| @@ -822,7 +822,7 @@ link_it: |
| |
| fi->fib_treeref++; |
| atomic_inc(&fi->fib_clntref); |
| - write_lock(&fib_info_lock); |
| + write_lock_bh(&fib_info_lock); |
| hlist_add_head(&fi->fib_hash, |
| &fib_info_hash[fib_info_hashfn(fi)]); |
| if (fi->fib_prefsrc) { |
| @@ -841,7 +841,7 @@ link_it: |
| head = &fib_info_devhash[hash]; |
| hlist_add_head(&nh->nh_hash, head); |
| } endfor_nexthops(fi) |
| - write_unlock(&fib_info_lock); |
| + write_unlock_bh(&fib_info_lock); |
| return fi; |
| |
| err_inval: |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:54 2006 |
| Message-Id: <20060821183953.950097468@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:36 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| agk@redhat.com, |
| mirq-linux@rere.qmqm.pl, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 17/20] dm: BUG/OOPS fix |
| Content-Disposition: inline; filename=dm-bug-oops-fix.patch |
| Content-Length: 2568 |
| Lines: 69 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Michal Miroslaw <mirq-linux@rere.qmqm.pl> |
| |
| Fix BUG I tripped on while testing failover and multipathing. |
| |
| BUG shows up on error path in multipath_ctr() when parse_priority_group() |
| fails after returning at least once without error. The fix is to |
| initialize m->ti early - just after alloc()ing it. |
| |
| BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000 |
| printing eip: |
| c027c3d2 |
| *pde = 00000000 |
| Oops: 0000 [#3] |
| Modules linked in: qla2xxx ext3 jbd mbcache sg ide_cd cdrom floppy |
| CPU: 0 |
| EIP: 0060:[<c027c3d2>] Not tainted VLI |
| EFLAGS: 00010202 (2.6.17.3 #1) |
| EIP is at dm_put_device+0xf/0x3b |
| eax: 00000001 ebx: ee4fcac0 ecx: 00000000 edx: ee4fcac0 |
| esi: ee4fc4e0 edi: ee4fc4e0 ebp: 00000000 esp: c5db3e78 |
| ds: 007b es: 007b ss: 0068 |
| Process multipathd (pid: 15912, threadinfo=c5db2000 task=ef485a90) |
| Stack: ec4eda40 c02816bd ee4fc4c0 00000000 f7e89498 f883e0bc c02816f6 f7e89480 |
| f7e8948c c0281801 ffffffea f7e89480 f883e080 c0281ffe 00000001 00000000 |
| 00000004 dfe9cab8 f7a693c0 f883e080 f883e0c0 ca4b99c0 c027c6ee 01400000 |
| Call Trace: |
| <c02816bd> free_pgpaths+0x31/0x45 <c02816f6> free_priority_group+0x25/0x2e |
| <c0281801> free_multipath+0x35/0x67 <c0281ffe> multipath_ctr+0x123/0x12d |
| <c027c6ee> dm_table_add_target+0x11e/0x18b <c027e5b4> populate_table+0x8a/0xaf |
| <c027e62b> table_load+0x52/0xf9 <c027ec23> ctl_ioctl+0xca/0xfc |
| <c027e5d9> table_load+0x0/0xf9 <c0152146> do_ioctl+0x3e/0x43 |
| <c0152360> vfs_ioctl+0x16c/0x178 <c01523b4> sys_ioctl+0x48/0x60 |
| <c01029b3> syscall_call+0x7/0xb |
| Code: 97 f0 00 00 00 89 c1 83 c9 01 80 e2 01 0f 44 c1 88 43 14 8b 04 24 59 5b 5e 5f 5d c3 53 89 c1 89 d3 ff 4a 08 0f 94 c0 84 c0 74 2a <8b> 01 8b 10 89 d8 e8 f6 fb ff ff 8b 03 8b 53 04 89 50 04 89 02 |
| EIP: [<c027c3d2>] dm_put_device+0xf/0x3b SS:ESP 0068:c5db3e78 |
| |
| Signed-off-by: Michal Miroslaw <mirq-linux@rere.qmqm.pl> |
| Acked-by: Alasdair G Kergon <agk@redhat.com> |
| Signed-off-by: Andrew Morton <akpm@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/md/dm-mpath.c | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| --- linux-2.6.17.9.orig/drivers/md/dm-mpath.c |
| +++ linux-2.6.17.9/drivers/md/dm-mpath.c |
| @@ -711,6 +711,8 @@ static int multipath_ctr(struct dm_targe |
| return -EINVAL; |
| } |
| |
| + m->ti = ti; |
| + |
| r = parse_features(&as, m, ti); |
| if (r) |
| goto bad; |
| @@ -752,7 +754,6 @@ static int multipath_ctr(struct dm_targe |
| } |
| |
| ti->private = m; |
| - m->ti = ti; |
| |
| return 0; |
| |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:54 2006 |
| Message-Id: <20060821183954.092592169@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:37 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org, |
| mm-commits@vger.kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| rjw@sisk.pl, |
| hugh@veritas.com, |
| pavel@suse.cz, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 18/20] swsusp: Fix swap_type_of |
| Content-Disposition: inline; filename=swsusp-fix-swap_type_of.patch |
| Content-Length: 1061 |
| Lines: 36 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: "Rafael J. Wysocki" <rjw@sisk.pl> |
| |
| There is a bug in mm/swapfile.c#swap_type_of() that makes swsusp only be |
| able to use the first active swap partition as the resume device. Fix it. |
| |
| Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> |
| Cc: Hugh Dickins <hugh@veritas.com> |
| Acked-by: Pavel Machek <pavel@suse.cz> |
| Signed-off-by: Andrew Morton <akpm@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| mm/swapfile.c | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| --- linux-2.6.17.9.orig/mm/swapfile.c |
| +++ linux-2.6.17.9/mm/swapfile.c |
| @@ -440,11 +440,12 @@ int swap_type_of(dev_t device) |
| |
| if (!(swap_info[i].flags & SWP_WRITEOK)) |
| continue; |
| + |
| if (!device) { |
| spin_unlock(&swap_lock); |
| return i; |
| } |
| - inode = swap_info->swap_file->f_dentry->d_inode; |
| + inode = swap_info[i].swap_file->f_dentry->d_inode; |
| if (S_ISBLK(inode->i_mode) && |
| device == MKDEV(imajor(inode), iminor(inode))) { |
| spin_unlock(&swap_lock); |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:54 2006 |
| Message-Id: <20060821183954.233744517@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:38 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| linux-raid@vger.kernel.org, |
| Neil Brown <neilb@suse.de>, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 19/20] MD: Fix a potential NULL dereference in md/raid1 |
| Content-Disposition: inline; filename=md-fix-a-potential-null-dereference-in-md-raid1.patch |
| Content-Length: 1297 |
| Lines: 43 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: NeilBrown <neilb@suse.de> |
| |
| At the point where this 'atomic_add' is, rdev could be NULL, as seen by |
| the fact that we test for this in the very next statement. |
| |
| Further is it is really the wrong place of the add. We could add to the |
| count of corrected errors once the are sure it was corrected, not before |
| trying to correct it. |
| |
| Signed-off-by: Neil Brown <neilb@suse.de> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| |
| diff .prev/drivers/md/raid1.c ./drivers/md/raid1.c |
| --- |
| drivers/md/raid1.c | 4 +++- |
| 1 file changed, 3 insertions(+), 1 deletion(-) |
| |
| --- linux-2.6.17.9.orig/drivers/md/raid1.c |
| +++ linux-2.6.17.9/drivers/md/raid1.c |
| @@ -1486,7 +1486,6 @@ static void raid1d(mddev_t *mddev) |
| d = conf->raid_disks; |
| d--; |
| rdev = conf->mirrors[d].rdev; |
| - atomic_add(s, &rdev->corrected_errors); |
| if (rdev && |
| test_bit(In_sync, &rdev->flags)) { |
| if (sync_page_io(rdev->bdev, |
| @@ -1509,6 +1508,9 @@ static void raid1d(mddev_t *mddev) |
| s<<9, conf->tmppage, READ) == 0) |
| /* Well, this device is dead */ |
| md_error(mddev, rdev); |
| + else |
| + atomic_add(s, &rdev->corrected_errors); |
| + |
| } |
| } |
| } else { |
| |
| -- |
| |
| From greg@quad.kroah.org Mon Aug 21 11:39:54 2006 |
| Message-Id: <20060821183954.380028812@quad.kroah.org> |
| References: <20060821183818.155091391@quad.kroah.org> |
| User-Agent: quilt/0.45-1 |
| Date: Mon, 21 Aug 2006 11:38:39 -0700 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org, |
| mm-commits@vger.kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| Chris Wedgwood <reviews@ml.cw.f00f.org>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, |
| scjody@modernduck.com, |
| bcollins@ubuntu.com, |
| benh@kernel.crashing.org, |
| obiwan@mailmij.org, |
| stefanr@s5r6.in-berlin.de, |
| Greg Kroah-Hartman <gregkh@suse.de> |
| Subject: [patch 20/20] 1394: fix for recently added firewire patch that breaks things on ppc |
| Content-Disposition: inline; filename=1394-fix-for-recently-added-firewire-patch-that-breaks-things-on-ppc.patch |
| Content-Length: 1371 |
| Lines: 46 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Danny Tholen <obiwan@mailmij.org> |
| |
| Recently a patch was added for preliminary suspend/resume handling on |
| !PPC_PMAC. However, this broke both suspend and firewire on powerpc |
| because it saves the pci state after the device has already been disabled. |
| |
| This moves the save state to before the pmac specific code. |
| |
| Signed-off-by: Danny Tholen <obiwan@mailmij.org> |
| Cc: Stefan Richter <stefanr@s5r6.in-berlin.de> |
| Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> |
| Cc: Ben Collins <bcollins@ubuntu.com> |
| Cc: Jody McIntyre <scjody@modernduck.com> |
| Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> |
| Signed-off-by: Andrew Morton <akpm@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/ieee1394/ohci1394.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| --- linux-2.6.17.9.orig/drivers/ieee1394/ohci1394.c |
| +++ linux-2.6.17.9/drivers/ieee1394/ohci1394.c |
| @@ -3548,6 +3548,8 @@ static int ohci1394_pci_resume (struct p |
| |
| static int ohci1394_pci_suspend (struct pci_dev *pdev, pm_message_t state) |
| { |
| + pci_save_state(pdev); |
| + |
| #ifdef CONFIG_PPC_PMAC |
| if (machine_is(powermac)) { |
| struct device_node *of_node; |
| @@ -3559,8 +3561,6 @@ static int ohci1394_pci_suspend (struct |
| } |
| #endif |
| |
| - pci_save_state(pdev); |
| - |
| return 0; |
| } |
| |
| |
| -- |
| |