]>
Commit | Line | Data |
---|---|---|
f9ed720d GKH |
1 | From greg@quad.kroah.org Mon Aug 21 11:39:51 2006 |
2 | Message-Id: <20060821183818.155091391@quad.kroah.org> | |
3 | User-Agent: quilt/0.45-1 | |
4 | Date: Mon, 21 Aug 2006 11:38:18 -0700 | |
5 | From: Greg KH <gregkh@suse.de> | |
6 | To: linux-kernel@vger.kernel.org, | |
7 | stable@kernel.org | |
8 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
9 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
10 | Theodore Ts'o <tytso@mit.edu>, | |
11 | Randy Dunlap <rdunlap@xenotime.net>, | |
12 | Dave Jones <davej@redhat.com>, | |
13 | Chuck Wolber <chuckw@quantumlinux.com>, | |
14 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
15 | torvalds@osdl.org, | |
16 | akpm@osdl.org, | |
17 | alan@lxorguk.ukuu.org.uk | |
18 | Subject: [patch 00/20] 2.6.17-stable review | |
19 | Status: RO | |
20 | Content-Length: 738 | |
21 | Lines: 18 | |
22 | ||
23 | This is the start of the stable review cycle for the next 2.6.17.y | |
24 | release. There are 20 patches in this series, all will be posted as | |
25 | a response to this one. If anyone has any issues with these being | |
26 | applied, please let us know. If anyone is a maintainer of the proper | |
27 | subsystem, and wants to add a Signed-off-by: line to the patch, please | |
28 | respond with it. | |
29 | ||
30 | These patches are sent out with a number of different people on the Cc: | |
31 | line. If you wish to be a reviewer, please email stable@kernel.org to | |
32 | add your name to the list. If you want to be off the reviewer list, | |
33 | also email us. | |
34 | ||
35 | Responses should be made by Wed, Auguest 23, 18:00:00 UTC. Anything | |
36 | received after that time might be too late. | |
37 | ||
38 | thanks, | |
39 | ||
40 | the -stable release team | |
41 | ||
42 | From greg@quad.kroah.org Mon Aug 21 11:39:51 2006 | |
43 | Message-Id: <20060821183951.683191589@quad.kroah.org> | |
44 | References: <20060821183818.155091391@quad.kroah.org> | |
45 | User-Agent: quilt/0.45-1 | |
46 | Date: Mon, 21 Aug 2006 11:38:20 -0700 | |
47 | From: Greg KH <gregkh@suse.de> | |
48 | To: linux-kernel@vger.kernel.org, | |
49 | stable@kernel.org, | |
50 | Christoph Hellwig <hch@infradead.org>, | |
51 | Eric Sandeen <esandeen@redhat.com> | |
52 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
53 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
54 | Theodore Ts'o <tytso@mit.edu>, | |
55 | Randy Dunlap <rdunlap@xenotime.net>, | |
56 | Dave Jones <davej@redhat.com>, | |
57 | Chuck Wolber <chuckw@quantumlinux.com>, | |
58 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
59 | torvalds@osdl.org, | |
60 | akpm@osdl.org, | |
61 | alan@lxorguk.ukuu.org.uk, | |
62 | Eric Sandeen <sandeen@sandeen.net>, | |
63 | Greg Kroah-Hartman <gregkh@suse.de> | |
64 | Subject: [patch 01/20] Have ext3 reject file handles with bad inode numbers early | |
65 | Content-Disposition: inline; filename=have-ext3-reject-file-handles-with-bad-inode-numbers-early.patch | |
66 | Content-Length: 1752 | |
67 | Lines: 67 | |
68 | ||
69 | -stable review patch. If anyone has any objections, please let us know. | |
70 | ||
71 | ------------------ | |
72 | blatantly ripped off from Neil Brown's ext2 patch. | |
73 | ||
74 | ||
75 | Signed-off-by: Eric Sandeen <sandeen@sandeen.net> | |
76 | Acked-by: "Theodore Ts'o" <tytso@mit.edu> | |
77 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
78 | ||
79 | --- | |
80 | fs/ext3/super.c | 40 ++++++++++++++++++++++++++++++++++++++++ | |
81 | 1 file changed, 40 insertions(+) | |
82 | ||
83 | --- linux-2.6.17.8.orig/fs/ext3/super.c | |
84 | +++ linux-2.6.17.8/fs/ext3/super.c | |
85 | @@ -620,8 +620,48 @@ static struct super_operations ext3_sops | |
86 | #endif | |
87 | }; | |
88 | ||
89 | +static struct dentry *ext3_get_dentry(struct super_block *sb, void *vobjp) | |
90 | +{ | |
91 | + __u32 *objp = vobjp; | |
92 | + unsigned long ino = objp[0]; | |
93 | + __u32 generation = objp[1]; | |
94 | + struct inode *inode; | |
95 | + struct dentry *result; | |
96 | + | |
97 | + if (ino != EXT3_ROOT_INO && ino < EXT3_FIRST_INO(sb)) | |
98 | + return ERR_PTR(-ESTALE); | |
99 | + if (ino > le32_to_cpu(EXT3_SB(sb)->s_es->s_inodes_count)) | |
100 | + return ERR_PTR(-ESTALE); | |
101 | + | |
102 | + /* iget isn't really right if the inode is currently unallocated!! | |
103 | + * ext3_read_inode currently does appropriate checks, but | |
104 | + * it might be "neater" to call ext3_get_inode first and check | |
105 | + * if the inode is valid..... | |
106 | + */ | |
107 | + inode = iget(sb, ino); | |
108 | + if (inode == NULL) | |
109 | + return ERR_PTR(-ENOMEM); | |
110 | + if (is_bad_inode(inode) | |
111 | + || (generation && inode->i_generation != generation) | |
112 | + ) { | |
113 | + /* we didn't find the right inode.. */ | |
114 | + iput(inode); | |
115 | + return ERR_PTR(-ESTALE); | |
116 | + } | |
117 | + /* now to find a dentry. | |
118 | + * If possible, get a well-connected one | |
119 | + */ | |
120 | + result = d_alloc_anon(inode); | |
121 | + if (!result) { | |
122 | + iput(inode); | |
123 | + return ERR_PTR(-ENOMEM); | |
124 | + } | |
125 | + return result; | |
126 | +} | |
127 | + | |
128 | static struct export_operations ext3_export_ops = { | |
129 | .get_parent = ext3_get_parent, | |
130 | + .get_dentry = ext3_get_dentry, | |
131 | }; | |
132 | ||
133 | enum { | |
134 | ||
135 | -- | |
136 | ||
137 | From greg@quad.kroah.org Mon Aug 21 11:39:51 2006 | |
138 | Message-Id: <20060821183951.826004574@quad.kroah.org> | |
139 | References: <20060821183818.155091391@quad.kroah.org> | |
140 | User-Agent: quilt/0.45-1 | |
141 | Date: Mon, 21 Aug 2006 11:38:21 -0700 | |
142 | From: Greg KH <gregkh@suse.de> | |
143 | To: linux-kernel@vger.kernel.org, | |
144 | stable@kernel.org | |
145 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
146 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
147 | Theodore Ts'o <tytso@mit.edu>, | |
148 | Randy Dunlap <rdunlap@xenotime.net>, | |
149 | Dave Jones <davej@redhat.com>, | |
150 | Chuck Wolber <chuckw@quantumlinux.com>, | |
151 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
152 | torvalds@osdl.org, | |
153 | akpm@osdl.org, | |
154 | alan@lxorguk.ukuu.org.uk, | |
155 | Stephen Hemminger <shemminger@osdl.org>, | |
156 | Greg Kroah-Hartman <gregkh@suse.de> | |
157 | Subject: [patch 02/20] sky2: phy power problem on 88e805x | |
158 | Content-Disposition: inline; filename=sky2-phy-power-problem-on-88e805x.patch | |
159 | Content-Length: 1118 | |
160 | Lines: 39 | |
161 | ||
162 | -stable review patch. If anyone has any objections, please let us know. | |
163 | ||
164 | ------------------ | |
165 | From: Stephen Hemminger <shemminger@osdl.org> | |
166 | ||
167 | On the 88E805X chipsets (used in laptops), the PHY was not getting powered | |
168 | out of shutdown properly. The variable reg1 was getting reused incorrectly. | |
169 | This is probably the cause of the bug. | |
170 | http://bugzilla.kernel.org/show_bug.cgi?id=6471 | |
171 | ||
172 | Signed-off-by: Stephen Hemminger <shemminger@osdl.org> | |
173 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
174 | ||
175 | --- | |
176 | drivers/net/sky2.c | 4 ++-- | |
177 | 1 file changed, 2 insertions(+), 2 deletions(-) | |
178 | ||
179 | --- linux-2.6.17.8.orig/drivers/net/sky2.c | |
180 | +++ linux-2.6.17.8/drivers/net/sky2.c | |
181 | @@ -233,6 +233,8 @@ static void sky2_set_power_state(struct | |
182 | if (hw->ports > 1) | |
183 | reg1 |= PCI_Y2_PHY2_COMA; | |
184 | } | |
185 | + sky2_pci_write32(hw, PCI_DEV_REG1, reg1); | |
186 | + udelay(100); | |
187 | ||
188 | if (hw->chip_id == CHIP_ID_YUKON_EC_U) { | |
189 | sky2_write16(hw, B0_CTST, Y2_HW_WOL_ON); | |
190 | @@ -243,8 +245,6 @@ static void sky2_set_power_state(struct | |
191 | sky2_pci_write32(hw, PCI_DEV_REG5, 0); | |
192 | } | |
193 | ||
194 | - sky2_pci_write32(hw, PCI_DEV_REG1, reg1); | |
195 | - | |
196 | break; | |
197 | ||
198 | case PCI_D3hot: | |
199 | ||
200 | -- | |
201 | ||
202 | From greg@quad.kroah.org Mon Aug 21 11:39:52 2006 | |
203 | Message-Id: <20060821183951.965881860@quad.kroah.org> | |
204 | References: <20060821183818.155091391@quad.kroah.org> | |
205 | User-Agent: quilt/0.45-1 | |
206 | Date: Mon, 21 Aug 2006 11:38:22 -0700 | |
207 | From: Greg KH <gregkh@suse.de> | |
208 | To: linux-kernel@vger.kernel.org, | |
209 | stable@kernel.org | |
210 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
211 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
212 | Theodore Ts'o <tytso@mit.edu>, | |
213 | Randy Dunlap <rdunlap@xenotime.net>, | |
214 | Dave Jones <davej@redhat.com>, | |
215 | Chuck Wolber <chuckw@quantumlinux.com>, | |
216 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
217 | torvalds@osdl.org, | |
218 | akpm@osdl.org, | |
219 | alan@lxorguk.ukuu.org.uk, | |
220 | "David S. Miller" <davem@davemloft.net>, | |
221 | Greg Kroah-Hartman <gregkh@suse.de> | |
222 | Subject: [patch 03/20] Kill HASH_HIGHMEM from route cache hash sizing | |
223 | Content-Disposition: inline; filename=kill-hash_highmem-from-route-cache-hash-sizing.patch | |
224 | Content-Length: 1204 | |
225 | Lines: 40 | |
226 | ||
227 | -stable review patch. If anyone has any objections, please let us know. | |
228 | ||
229 | ------------------ | |
230 | From: Kirill Korotaev <dev@sw.ru> | |
231 | ||
232 | [IPV4]: Limit rt cache size properly. | |
233 | ||
234 | During OpenVZ stress testing we found that UDP traffic with random src | |
235 | can generate too much excessive rt hash growing leading finally to OOM | |
236 | and kernel panics. | |
237 | ||
238 | It was found that for 4GB i686 system (having 1048576 total pages and | |
239 | 225280 normal zone pages) kernel allocates the following route hash: | |
240 | syslog: IP route cache hash table entries: 262144 (order: 8, 1048576 | |
241 | bytes) => ip_rt_max_size = 4194304 entries, i.e. max rt size is | |
242 | 4194304 * 256b = 1Gb of RAM > normal_zone | |
243 | ||
244 | Attached the patch which removes HASH_HIGHMEM flag from | |
245 | alloc_large_system_hash() call. | |
246 | ||
247 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
248 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
249 | ||
250 | --- | |
251 | net/ipv4/route.c | 2 +- | |
252 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
253 | ||
254 | --- linux-2.6.17.8.orig/net/ipv4/route.c | |
255 | +++ linux-2.6.17.8/net/ipv4/route.c | |
256 | @@ -3144,7 +3144,7 @@ int __init ip_rt_init(void) | |
257 | rhash_entries, | |
258 | (num_physpages >= 128 * 1024) ? | |
259 | 15 : 17, | |
260 | - HASH_HIGHMEM, | |
261 | + 0, | |
262 | &rt_hash_log, | |
263 | &rt_hash_mask, | |
264 | 0); | |
265 | ||
266 | -- | |
267 | ||
268 | From greg@quad.kroah.org Mon Aug 21 11:39:52 2006 | |
269 | Message-Id: <20060821183952.107883692@quad.kroah.org> | |
270 | References: <20060821183818.155091391@quad.kroah.org> | |
271 | User-Agent: quilt/0.45-1 | |
272 | Date: Mon, 21 Aug 2006 11:38:23 -0700 | |
273 | From: Greg KH <gregkh@suse.de> | |
274 | To: linux-kernel@vger.kernel.org, | |
275 | stable@kernel.org | |
276 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
277 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
278 | Theodore Ts'o <tytso@mit.edu>, | |
279 | Randy Dunlap <rdunlap@xenotime.net>, | |
280 | Dave Jones <davej@redhat.com>, | |
281 | Chuck Wolber <chuckw@quantumlinux.com>, | |
282 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
283 | torvalds@osdl.org, | |
284 | akpm@osdl.org, | |
285 | alan@lxorguk.ukuu.org.uk, | |
286 | Dmitry Mishin <dim@openvz.org>, | |
287 | Kirill Korotaev <dev@openvz.org>, | |
288 | Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>, | |
289 | "David S. Miller" <davem@davemloft.net>, | |
290 | Greg Kroah-Hartman <gregkh@suse.de> | |
291 | Subject: [patch 04/20] Fix timer race in dst GC code | |
292 | Content-Disposition: inline; filename=fix-timer-race-in-dst-gc-code.patch | |
293 | Content-Length: 2076 | |
294 | Lines: 64 | |
295 | ||
296 | -stable review patch. If anyone has any objections, please let us know. | |
297 | ||
298 | ------------------ | |
299 | From: Dmitry Mishin <dim@openvz.org> | |
300 | ||
301 | [NET]: add_timer -> mod_timer() in dst_run_gc() | |
302 | ||
303 | Patch from Dmitry Mishin <dim@openvz.org>: | |
304 | ||
305 | Replace add_timer() by mod_timer() in dst_run_gc | |
306 | in order to avoid BUG message. | |
307 | ||
308 | CPU1 CPU2 | |
309 | dst_run_gc() entered dst_run_gc() entered | |
310 | spin_lock(&dst_lock) ..... | |
311 | del_timer(&dst_gc_timer) fail to get lock | |
312 | .... mod_timer() <--- puts | |
313 | timer back | |
314 | to the list | |
315 | add_timer(&dst_gc_timer) <--- BUG because timer is in list already. | |
316 | ||
317 | Found during OpenVZ internal testing. | |
318 | ||
319 | At first we thought that it is OpenVZ specific as we | |
320 | added dst_run_gc(0) call in dst_dev_event(), | |
321 | but as Alexey pointed to me it is possible to trigger | |
322 | this condition in mainstream kernel. | |
323 | ||
324 | F.e. timer has fired on CPU2, but the handler was preeempted | |
325 | by an irq before dst_lock is tried. | |
326 | Meanwhile, someone on CPU1 adds an entry to gc list and | |
327 | starts the timer. | |
328 | If CPU2 was preempted long enough, this timer can expire | |
329 | simultaneously with resuming timer handler on CPU1, arriving | |
330 | exactly to the situation described. | |
331 | ||
332 | Signed-off-by: Dmitry Mishin <dim@openvz.org> | |
333 | Signed-off-by: Kirill Korotaev <dev@openvz.org> | |
334 | Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> | |
335 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
336 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
337 | ||
338 | --- | |
339 | net/core/dst.c | 3 +-- | |
340 | 1 file changed, 1 insertion(+), 2 deletions(-) | |
341 | ||
342 | --- linux-2.6.17.8.orig/net/core/dst.c | |
343 | +++ linux-2.6.17.8/net/core/dst.c | |
344 | @@ -95,12 +95,11 @@ static void dst_run_gc(unsigned long dum | |
345 | dst_gc_timer_inc = DST_GC_INC; | |
346 | dst_gc_timer_expires = DST_GC_MIN; | |
347 | } | |
348 | - dst_gc_timer.expires = jiffies + dst_gc_timer_expires; | |
349 | #if RT_CACHE_DEBUG >= 2 | |
350 | printk("dst_total: %d/%d %ld\n", | |
351 | atomic_read(&dst_total), delayed, dst_gc_timer_expires); | |
352 | #endif | |
353 | - add_timer(&dst_gc_timer); | |
354 | + mod_timer(&dst_gc_timer, jiffies + dst_gc_timer_expires); | |
355 | ||
356 | out: | |
357 | spin_unlock(&dst_lock); | |
358 | ||
359 | -- | |
360 | ||
361 | From greg@quad.kroah.org Mon Aug 21 11:39:52 2006 | |
362 | Message-Id: <20060821183952.249022317@quad.kroah.org> | |
363 | References: <20060821183818.155091391@quad.kroah.org> | |
364 | User-Agent: quilt/0.45-1 | |
365 | Date: Mon, 21 Aug 2006 11:38:24 -0700 | |
366 | From: Greg KH <gregkh@suse.de> | |
367 | To: linux-kernel@vger.kernel.org, | |
368 | stable@kernel.org | |
369 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
370 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
371 | Theodore Ts'o <tytso@mit.edu>, | |
372 | Randy Dunlap <rdunlap@xenotime.net>, | |
373 | Dave Jones <davej@redhat.com>, | |
374 | Chuck Wolber <chuckw@quantumlinux.com>, | |
375 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
376 | torvalds@osdl.org, | |
377 | akpm@osdl.org, | |
378 | alan@lxorguk.ukuu.org.uk, | |
379 | "David S. Miller" <davem@davemloft.net>, | |
380 | Greg Kroah-Hartman <gregkh@suse.de> | |
381 | Subject: [patch 05/20] Fix IFLA_ADDRESS handling | |
382 | Content-Disposition: inline; filename=fix-ifla_address-handling.patch | |
383 | Content-Length: 1484 | |
384 | Lines: 54 | |
385 | ||
386 | -stable review patch. If anyone has any objections, please let us know. | |
387 | ||
388 | ------------------ | |
389 | From: David Miller <davem@davemloft.net> | |
390 | ||
391 | [RTNETLINK]: Fix IFLA_ADDRESS handling. | |
392 | ||
393 | The ->set_mac_address handlers expect a pointer to a | |
394 | sockaddr which contains the MAC address, whereas | |
395 | IFLA_ADDRESS provides just the MAC address itself. | |
396 | ||
397 | So whip up a sockaddr to wrap around the netlink | |
398 | attribute for the ->set_mac_address call. | |
399 | ||
400 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
401 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
402 | ||
403 | --- | |
404 | net/core/rtnetlink.c | 15 ++++++++++++++- | |
405 | 1 file changed, 14 insertions(+), 1 deletion(-) | |
406 | ||
407 | --- linux-2.6.17.8.orig/net/core/rtnetlink.c | |
408 | +++ linux-2.6.17.8/net/core/rtnetlink.c | |
409 | @@ -395,6 +395,9 @@ static int do_setlink(struct sk_buff *sk | |
410 | } | |
411 | ||
412 | if (ida[IFLA_ADDRESS - 1]) { | |
413 | + struct sockaddr *sa; | |
414 | + int len; | |
415 | + | |
416 | if (!dev->set_mac_address) { | |
417 | err = -EOPNOTSUPP; | |
418 | goto out; | |
419 | @@ -406,7 +409,17 @@ static int do_setlink(struct sk_buff *sk | |
420 | if (ida[IFLA_ADDRESS - 1]->rta_len != RTA_LENGTH(dev->addr_len)) | |
421 | goto out; | |
422 | ||
423 | - err = dev->set_mac_address(dev, RTA_DATA(ida[IFLA_ADDRESS - 1])); | |
424 | + len = sizeof(sa_family_t) + dev->addr_len; | |
425 | + sa = kmalloc(len, GFP_KERNEL); | |
426 | + if (!sa) { | |
427 | + err = -ENOMEM; | |
428 | + goto out; | |
429 | + } | |
430 | + sa->sa_family = dev->type; | |
431 | + memcpy(sa->sa_data, RTA_DATA(ida[IFLA_ADDRESS - 1]), | |
432 | + dev->addr_len); | |
433 | + err = dev->set_mac_address(dev, sa); | |
434 | + kfree(sa); | |
435 | if (err) | |
436 | goto out; | |
437 | send_addr_notify = 1; | |
438 | ||
439 | -- | |
440 | ||
441 | From greg@quad.kroah.org Mon Aug 21 11:39:52 2006 | |
442 | Message-Id: <20060821183952.389848998@quad.kroah.org> | |
443 | References: <20060821183818.155091391@quad.kroah.org> | |
444 | User-Agent: quilt/0.45-1 | |
445 | Date: Mon, 21 Aug 2006 11:38:25 -0700 | |
446 | From: Greg KH <gregkh@suse.de> | |
447 | To: linux-kernel@vger.kernel.org, | |
448 | stable@kernel.org, | |
449 | torvalds@osdl.org | |
450 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
451 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
452 | Theodore Ts'o <tytso@mit.edu>, | |
453 | Randy Dunlap <rdunlap@xenotime.net>, | |
454 | Dave Jones <davej@redhat.com>, | |
455 | Chuck Wolber <chuckw@quantumlinux.com>, | |
456 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
457 | akpm@osdl.org, | |
458 | alan@lxorguk.ukuu.org.uk, | |
459 | Diego Calleja <diegocg@gmail.com>, | |
460 | Jens Kilian <jjk@acm.org>, | |
461 | Greg Kroah-Hartman <gregkh@suse.de> | |
462 | Subject: [patch 06/20] Fix BeFS slab corruption | |
463 | Content-Disposition: inline; filename=fix-befs-slab-corruption.patch | |
464 | Content-Length: 2207 | |
465 | Lines: 62 | |
466 | ||
467 | -stable review patch. If anyone has any objections, please let us know. | |
468 | ||
469 | ------------------ | |
470 | From: Diego Calleja <diegocg@gmail.com> | |
471 | ||
472 | In bugzilla #6941, Jens Kilian reported: | |
473 | ||
474 | "The function befs_utf2nls (in fs/befs/linuxvfs.c) writes a 0 byte past the | |
475 | end of a block of memory allocated via kmalloc(), leading to memory | |
476 | corruption. This happens only for filenames which are pure ASCII and a | |
477 | multiple of 4 bytes in length. [...] | |
478 | ||
479 | Without DEBUG_SLAB, this leads to further corruption and hard lockups; I | |
480 | believe this is the bug which has made kernels later than 2.6.8 unusable | |
481 | for me. (This must be due to changes in memory management, the bug has | |
482 | been in the BeFS driver since the time it was introduced (AFAICT).) | |
483 | ||
484 | Steps to reproduce: | |
485 | Create a directory (in BeOS, naturally :-) with files named, e.g., | |
486 | "1", "22", "333", "4444", ... Mount it in Linux and do an "ls" or "find"" | |
487 | ||
488 | This patch implements the suggested fix. Credits to Jens Kilian for | |
489 | debugging the problem and finding the right fix. | |
490 | ||
491 | Signed-off-by: Diego Calleja <diegocg@gmail.com> | |
492 | Cc: Jens Kilian <jjk@acm.org> | |
493 | Signed-off-by: Andrew Morton <akpm@osdl.org> | |
494 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
495 | ||
496 | --- | |
497 | fs/befs/linuxvfs.c | 11 +++++++++-- | |
498 | 1 file changed, 9 insertions(+), 2 deletions(-) | |
499 | ||
500 | --- linux-2.6.17.8.orig/fs/befs/linuxvfs.c | |
501 | +++ linux-2.6.17.8/fs/befs/linuxvfs.c | |
502 | @@ -512,7 +512,11 @@ befs_utf2nls(struct super_block *sb, con | |
503 | wchar_t uni; | |
504 | int unilen, utflen; | |
505 | char *result; | |
506 | - int maxlen = in_len; /* The utf8->nls conversion can't make more chars */ | |
507 | + /* The utf8->nls conversion won't make the final nls string bigger | |
508 | + * than the utf one, but if the string is pure ascii they'll have the | |
509 | + * same width and an extra char is needed to save the additional \0 | |
510 | + */ | |
511 | + int maxlen = in_len + 1; | |
512 | ||
513 | befs_debug(sb, "---> utf2nls()"); | |
514 | ||
515 | @@ -588,7 +592,10 @@ befs_nls2utf(struct super_block *sb, con | |
516 | wchar_t uni; | |
517 | int unilen, utflen; | |
518 | char *result; | |
519 | - int maxlen = 3 * in_len; | |
520 | + /* There're nls characters that will translate to 3-chars-wide UTF-8 | |
521 | + * characters, a additional byte is needed to save the final \0 | |
522 | + * in special cases */ | |
523 | + int maxlen = (3 * in_len) + 1; | |
524 | ||
525 | befs_debug(sb, "---> nls2utf()\n"); | |
526 | ||
527 | ||
528 | -- | |
529 | ||
530 | From greg@quad.kroah.org Mon Aug 21 11:39:52 2006 | |
531 | Message-Id: <20060821183952.533635218@quad.kroah.org> | |
532 | References: <20060821183818.155091391@quad.kroah.org> | |
533 | User-Agent: quilt/0.45-1 | |
534 | Date: Mon, 21 Aug 2006 11:38:26 -0700 | |
535 | From: Greg KH <gregkh@suse.de> | |
536 | To: linux-kernel@vger.kernel.org, | |
537 | stable@kernel.org, | |
538 | torvalds@osdl.org | |
539 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
540 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
541 | Theodore Ts'o <tytso@mit.edu>, | |
542 | Randy Dunlap <rdunlap@xenotime.net>, | |
543 | Dave Jones <davej@redhat.com>, | |
544 | Chuck Wolber <chuckw@quantumlinux.com>, | |
545 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
546 | akpm@osdl.org, | |
547 | alan@lxorguk.ukuu.org.uk, | |
548 | Ingo Molnar <mingo@elte.hu>, | |
549 | Greg Kroah-Hartman <gregkh@suse.de> | |
550 | Subject: [patch 07/20] disable debugging version of write_lock() | |
551 | Content-Disposition: inline; filename=disable-debugging-version-of-write_lock.patch | |
552 | Content-Length: 1917 | |
553 | Lines: 72 | |
554 | ||
555 | -stable review patch. If anyone has any objections, please let us know. | |
556 | ||
557 | ------------------ | |
558 | From: Andrew Morton <akpm@osdl.org> | |
559 | ||
560 | We've confirmed that the debug version of write_lock() can get stuck for long | |
561 | enough to cause NMI watchdog timeouts and hence a crash. | |
562 | ||
563 | We don't know why, yet. Disable it for now. | |
564 | ||
565 | Also disable the similar read_lock() code. Just in case. | |
566 | ||
567 | Thanks to Dave Olson <olson@unixfolk.com> for reporting and testing. | |
568 | ||
569 | Acked-by: Ingo Molnar <mingo@elte.hu> | |
570 | Signed-off-by: Andrew Morton <akpm@osdl.org> | |
571 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
572 | ||
573 | --- | |
574 | lib/spinlock_debug.c | 10 ++++++---- | |
575 | 1 file changed, 6 insertions(+), 4 deletions(-) | |
576 | ||
577 | --- linux-2.6.17.8.orig/lib/spinlock_debug.c | |
578 | +++ linux-2.6.17.8/lib/spinlock_debug.c | |
579 | @@ -137,6 +137,7 @@ static void rwlock_bug(rwlock_t *lock, c | |
580 | ||
581 | #define RWLOCK_BUG_ON(cond, lock, msg) if (unlikely(cond)) rwlock_bug(lock, msg) | |
582 | ||
583 | +#if 0 /* __write_lock_debug() can lock up - maybe this can too? */ | |
584 | static void __read_lock_debug(rwlock_t *lock) | |
585 | { | |
586 | int print_once = 1; | |
587 | @@ -159,12 +160,12 @@ static void __read_lock_debug(rwlock_t * | |
588 | } | |
589 | } | |
590 | } | |
591 | +#endif | |
592 | ||
593 | void _raw_read_lock(rwlock_t *lock) | |
594 | { | |
595 | RWLOCK_BUG_ON(lock->magic != RWLOCK_MAGIC, lock, "bad magic"); | |
596 | - if (unlikely(!__raw_read_trylock(&lock->raw_lock))) | |
597 | - __read_lock_debug(lock); | |
598 | + __raw_read_lock(&lock->raw_lock); | |
599 | } | |
600 | ||
601 | int _raw_read_trylock(rwlock_t *lock) | |
602 | @@ -210,6 +211,7 @@ static inline void debug_write_unlock(rw | |
603 | lock->owner_cpu = -1; | |
604 | } | |
605 | ||
606 | +#if 0 /* This can cause lockups */ | |
607 | static void __write_lock_debug(rwlock_t *lock) | |
608 | { | |
609 | int print_once = 1; | |
610 | @@ -232,12 +234,12 @@ static void __write_lock_debug(rwlock_t | |
611 | } | |
612 | } | |
613 | } | |
614 | +#endif | |
615 | ||
616 | void _raw_write_lock(rwlock_t *lock) | |
617 | { | |
618 | debug_write_lock_before(lock); | |
619 | - if (unlikely(!__raw_write_trylock(&lock->raw_lock))) | |
620 | - __write_lock_debug(lock); | |
621 | + __raw_write_lock(&lock->raw_lock); | |
622 | debug_write_lock_after(lock); | |
623 | } | |
624 | ||
625 | ||
626 | -- | |
627 | ||
628 | From greg@quad.kroah.org Mon Aug 21 11:39:52 2006 | |
629 | Message-Id: <20060821183952.680112104@quad.kroah.org> | |
630 | References: <20060821183818.155091391@quad.kroah.org> | |
631 | User-Agent: quilt/0.45-1 | |
632 | Date: Mon, 21 Aug 2006 11:38:27 -0700 | |
633 | From: Greg KH <gregkh@suse.de> | |
634 | To: linux-kernel@vger.kernel.org, | |
635 | stable@kernel.org, | |
636 | David Miller <davem@davemloft.net> | |
637 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
638 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
639 | Theodore Ts'o <tytso@mit.edu>, | |
640 | Randy Dunlap <rdunlap@xenotime.net>, | |
641 | Dave Jones <davej@redhat.com>, | |
642 | Chuck Wolber <chuckw@quantumlinux.com>, | |
643 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
644 | torvalds@osdl.org, | |
645 | akpm@osdl.org, | |
646 | alan@lxorguk.ukuu.org.uk, | |
647 | netdev@vger.kernel.org, | |
648 | acme@ghostprotocols.net, | |
649 | Stephen Hemminger <shemminger@osdl.org> | |
650 | Subject: [patch 08/20] ipx: header length validation needed | |
651 | Content-Disposition: inline; filename=ipx-header-length-validation-needed.patch | |
652 | Content-Length: 882 | |
653 | Lines: 29 | |
654 | ||
655 | -stable review patch. If anyone has any objections, please let us know. | |
656 | ||
657 | ------------------ | |
658 | From: Stephen Hemminger <shemminger@osdl.org> | |
659 | ||
660 | This patch will linearize and check there is enough data. | |
661 | It handles the pprop case as well as avoiding a whole audit of | |
662 | the routing code. | |
663 | ||
664 | Signed-off-by: Stephen Hemminger <shemminger@osdl.org> | |
665 | ||
666 | --- | |
667 | net/ipx/af_ipx.c | 3 ++- | |
668 | 1 file changed, 2 insertions(+), 1 deletion(-) | |
669 | ||
670 | --- linux-2.6.17.8.orig/net/ipx/af_ipx.c | |
671 | +++ linux-2.6.17.8/net/ipx/af_ipx.c | |
672 | @@ -1647,7 +1647,8 @@ static int ipx_rcv(struct sk_buff *skb, | |
673 | ipx_pktsize = ntohs(ipx->ipx_pktsize); | |
674 | ||
675 | /* Too small or invalid header? */ | |
676 | - if (ipx_pktsize < sizeof(struct ipxhdr) || ipx_pktsize > skb->len) | |
677 | + if (ipx_pktsize < sizeof(struct ipxhdr) | |
678 | + || !pskb_may_pull(skb, ipx_pktsize)) | |
679 | goto drop; | |
680 | ||
681 | if (ipx->ipx_checksum != IPX_NO_CHECKSUM && | |
682 | ||
683 | -- | |
684 | ||
685 | From greg@quad.kroah.org Mon Aug 21 11:39:52 2006 | |
686 | Message-Id: <20060821183952.818275931@quad.kroah.org> | |
687 | References: <20060821183818.155091391@quad.kroah.org> | |
688 | User-Agent: quilt/0.45-1 | |
689 | Date: Mon, 21 Aug 2006 11:38:28 -0700 | |
690 | From: Greg KH <gregkh@suse.de> | |
691 | To: linux-kernel@vger.kernel.org, | |
692 | stable@kernel.org | |
693 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
694 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
695 | Theodore Ts'o <tytso@mit.edu>, | |
696 | Randy Dunlap <rdunlap@xenotime.net>, | |
697 | Dave Jones <davej@redhat.com>, | |
698 | Chuck Wolber <chuckw@quantumlinux.com>, | |
699 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
700 | torvalds@osdl.org, | |
701 | akpm@osdl.org, | |
702 | alan@lxorguk.ukuu.org.uk, | |
703 | Kylene Hall <kjhall@us.ibm.com>, | |
704 | Greg Kroah-Hartman <gregkh@suse.de> | |
705 | Subject: [patch 09/20] tpm: interrupt clear fix | |
706 | Content-Disposition: inline; filename=tpm-interrupt-clear-fix.patch | |
707 | Content-Length: 802 | |
708 | Lines: 27 | |
709 | ||
710 | -stable review patch. If anyone has any objections, please let us know. | |
711 | ||
712 | ------------------ | |
713 | From: Kylene Jo Hall <kjhall@us.ibm.com> | |
714 | ||
715 | Under stress testing I found that the interrupt is not always cleared. | |
716 | This is a bug and this patch should go into 2.6.18 and 2.6.17.x. | |
717 | ||
718 | Signed-off-by: Kylene Hall <kjhall@us.ibm.com> | |
719 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
720 | ||
721 | --- | |
722 | drivers/char/tpm/tpm_tis.c | 1 + | |
723 | 1 file changed, 1 insertion(+) | |
724 | ||
725 | --- linux-2.6.17.8.orig/drivers/char/tpm/tpm_tis.c | |
726 | +++ linux-2.6.17.8/drivers/char/tpm/tpm_tis.c | |
727 | @@ -424,6 +424,7 @@ static irqreturn_t tis_int_handler(int i | |
728 | iowrite32(interrupt, | |
729 | chip->vendor.iobase + | |
730 | TPM_INT_STATUS(chip->vendor.locality)); | |
731 | + ioread32(chip->vendor.iobase + TPM_INT_STATUS(chip->vendor.locality)); | |
732 | return IRQ_HANDLED; | |
733 | } | |
734 | ||
735 | ||
736 | -- | |
737 | ||
738 | From greg@quad.kroah.org Mon Aug 21 11:39:53 2006 | |
739 | Message-Id: <20060821183952.958397241@quad.kroah.org> | |
740 | References: <20060821183818.155091391@quad.kroah.org> | |
741 | User-Agent: quilt/0.45-1 | |
742 | Date: Mon, 21 Aug 2006 11:38:29 -0700 | |
743 | From: Greg KH <gregkh@suse.de> | |
744 | To: linux-kernel@vger.kernel.org, | |
745 | stable@kernel.org | |
746 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
747 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
748 | Theodore Ts'o <tytso@mit.edu>, | |
749 | Randy Dunlap <rdunlap@xenotime.net>, | |
750 | Dave Jones <davej@redhat.com>, | |
751 | Chuck Wolber <chuckw@quantumlinux.com>, | |
752 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
753 | torvalds@osdl.org, | |
754 | akpm@osdl.org, | |
755 | alan@lxorguk.ukuu.org.uk, | |
756 | Adrian Bunk <bunk@stusta.de>, | |
757 | Mark Huang <mlhuang@cs.princeton.edu>, | |
758 | Patrick McHardy <kaber@trash.net>, | |
759 | Greg Kroah-Hartman <gregkh@suse.de> | |
760 | Subject: [patch 10/20] : ulog: fix panic on SMP kernels | |
761 | Content-Disposition: inline; filename=ulog-fix-panic-on-smp-kernels.patch | |
762 | Content-Length: 2114 | |
763 | Lines: 67 | |
764 | ||
765 | -stable review patch. If anyone has any objections, please let us know. | |
766 | ||
767 | ------------------ | |
768 | From: Mark Huang <mlhuang@cs.princeton.edu> | |
769 | ||
770 | [NETFILTER]: ulog: fix panic on SMP kernels | |
771 | ||
772 | Fix kernel panic on various SMP machines. The culprit is a null | |
773 | ub->skb in ulog_send(). If ulog_timer() has already been scheduled on | |
774 | one CPU and is spinning on the lock, and ipt_ulog_packet() flushes the | |
775 | queue on another CPU by calling ulog_send() right before it exits, | |
776 | there will be no skbuff when ulog_timer() acquires the lock and calls | |
777 | ulog_send(). Cancelling the timer in ulog_send() doesn't help because | |
778 | it has already been scheduled and is running on the first CPU. | |
779 | ||
780 | Similar problem exists in ebt_ulog.c and nfnetlink_log.c. | |
781 | ||
782 | Signed-off-by: Mark Huang <mlhuang@cs.princeton.edu> | |
783 | Signed-off-by: Patrick McHardy <kaber@trash.net> | |
784 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
785 | ||
786 | --- | |
787 | net/bridge/netfilter/ebt_ulog.c | 3 +++ | |
788 | net/ipv4/netfilter/ipt_ULOG.c | 5 +++++ | |
789 | net/netfilter/nfnetlink_log.c | 3 +++ | |
790 | 3 files changed, 11 insertions(+) | |
791 | ||
792 | --- linux-2.6.17.9.orig/net/bridge/netfilter/ebt_ulog.c | |
793 | +++ linux-2.6.17.9/net/bridge/netfilter/ebt_ulog.c | |
794 | @@ -75,6 +75,9 @@ static void ulog_send(unsigned int nlgro | |
795 | if (timer_pending(&ub->timer)) | |
796 | del_timer(&ub->timer); | |
797 | ||
798 | + if (!ub->skb) | |
799 | + return; | |
800 | + | |
801 | /* last nlmsg needs NLMSG_DONE */ | |
802 | if (ub->qlen > 1) | |
803 | ub->lastnlh->nlmsg_type = NLMSG_DONE; | |
804 | --- linux-2.6.17.9.orig/net/ipv4/netfilter/ipt_ULOG.c | |
805 | +++ linux-2.6.17.9/net/ipv4/netfilter/ipt_ULOG.c | |
806 | @@ -116,6 +116,11 @@ static void ulog_send(unsigned int nlgro | |
807 | del_timer(&ub->timer); | |
808 | } | |
809 | ||
810 | + if (!ub->skb) { | |
811 | + DEBUGP("ipt_ULOG: ulog_send: nothing to send\n"); | |
812 | + return; | |
813 | + } | |
814 | + | |
815 | /* last nlmsg needs NLMSG_DONE */ | |
816 | if (ub->qlen > 1) | |
817 | ub->lastnlh->nlmsg_type = NLMSG_DONE; | |
818 | --- linux-2.6.17.9.orig/net/netfilter/nfnetlink_log.c | |
819 | +++ linux-2.6.17.9/net/netfilter/nfnetlink_log.c | |
820 | @@ -366,6 +366,9 @@ __nfulnl_send(struct nfulnl_instance *in | |
821 | if (timer_pending(&inst->timer)) | |
822 | del_timer(&inst->timer); | |
823 | ||
824 | + if (!inst->skb) | |
825 | + return 0; | |
826 | + | |
827 | if (inst->qlen > 1) | |
828 | inst->lastnlh->nlmsg_type = NLMSG_DONE; | |
829 | ||
830 | ||
831 | -- | |
832 | ||
833 | From greg@quad.kroah.org Mon Aug 21 11:39:53 2006 | |
834 | Message-Id: <20060821183953.101027612@quad.kroah.org> | |
835 | References: <20060821183818.155091391@quad.kroah.org> | |
836 | User-Agent: quilt/0.45-1 | |
837 | Date: Mon, 21 Aug 2006 11:38:30 -0700 | |
838 | From: Greg KH <gregkh@suse.de> | |
839 | To: linux-kernel@vger.kernel.org, | |
840 | stable@kernel.org | |
841 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
842 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
843 | Theodore Ts'o <tytso@mit.edu>, | |
844 | Randy Dunlap <rdunlap@xenotime.net>, | |
845 | Dave Jones <davej@redhat.com>, | |
846 | Chuck Wolber <chuckw@quantumlinux.com>, | |
847 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
848 | torvalds@osdl.org, | |
849 | akpm@osdl.org, | |
850 | alan@lxorguk.ukuu.org.uk, | |
851 | dev@openvz.org, | |
852 | haveblue@us.ibm.com, | |
853 | dev@sw.ru, | |
854 | oleg@tv-sign.ru, | |
855 | Greg Kroah-Hartman <gregkh@suse.de> | |
856 | Subject: [patch 11/20] sys_getppid oopses on debug kernel | |
857 | Content-Disposition: inline; filename=sys_getppid-oopses-on-debug-kernel.patch | |
858 | Content-Length: 2427 | |
859 | Lines: 81 | |
860 | ||
861 | -stable review patch. If anyone has any objections, please let us know. | |
862 | ||
863 | ------------------ | |
864 | From: Kirill Korotaev <dev@sw.ru> | |
865 | ||
866 | sys_getppid() optimization can access a freed memory. On kernels with | |
867 | DEBUG_SLAB turned ON, this results in Oops. As Dave Hansen noted, this | |
868 | optimization is also unsafe for memory hotplug. | |
869 | ||
870 | So this patch always takes the lock to be safe. | |
871 | ||
872 | [oleg@tv-sign.ru: simplifications] | |
873 | ||
874 | Signed-off-by: Kirill Korotaev <dev@openvz.org> | |
875 | Cc: Dave Hansen <haveblue@us.ibm.com> | |
876 | Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru> | |
877 | Signed-off-by: Andrew Morton <akpm@osdl.org> | |
878 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
879 | ||
880 | --- | |
881 | kernel/timer.c | 41 +++++++---------------------------------- | |
882 | 1 file changed, 7 insertions(+), 34 deletions(-) | |
883 | ||
884 | --- linux-2.6.17.9.orig/kernel/timer.c | |
885 | +++ linux-2.6.17.9/kernel/timer.c | |
886 | @@ -975,46 +975,19 @@ asmlinkage long sys_getpid(void) | |
887 | } | |
888 | ||
889 | /* | |
890 | - * Accessing ->group_leader->real_parent is not SMP-safe, it could | |
891 | - * change from under us. However, rather than getting any lock | |
892 | - * we can use an optimistic algorithm: get the parent | |
893 | - * pid, and go back and check that the parent is still | |
894 | - * the same. If it has changed (which is extremely unlikely | |
895 | - * indeed), we just try again.. | |
896 | - * | |
897 | - * NOTE! This depends on the fact that even if we _do_ | |
898 | - * get an old value of "parent", we can happily dereference | |
899 | - * the pointer (it was and remains a dereferencable kernel pointer | |
900 | - * no matter what): we just can't necessarily trust the result | |
901 | - * until we know that the parent pointer is valid. | |
902 | - * | |
903 | - * NOTE2: ->group_leader never changes from under us. | |
904 | + * Accessing ->real_parent is not SMP-safe, it could | |
905 | + * change from under us. However, we can use a stale | |
906 | + * value of ->real_parent under rcu_read_lock(), see | |
907 | + * release_task()->call_rcu(delayed_put_task_struct). | |
908 | */ | |
909 | asmlinkage long sys_getppid(void) | |
910 | { | |
911 | int pid; | |
912 | - struct task_struct *me = current; | |
913 | - struct task_struct *parent; | |
914 | ||
915 | - parent = me->group_leader->real_parent; | |
916 | - for (;;) { | |
917 | - pid = parent->tgid; | |
918 | -#if defined(CONFIG_SMP) || defined(CONFIG_PREEMPT) | |
919 | -{ | |
920 | - struct task_struct *old = parent; | |
921 | + rcu_read_lock(); | |
922 | + pid = rcu_dereference(current->real_parent)->tgid; | |
923 | + rcu_read_unlock(); | |
924 | ||
925 | - /* | |
926 | - * Make sure we read the pid before re-reading the | |
927 | - * parent pointer: | |
928 | - */ | |
929 | - smp_rmb(); | |
930 | - parent = me->group_leader->real_parent; | |
931 | - if (old != parent) | |
932 | - continue; | |
933 | -} | |
934 | -#endif | |
935 | - break; | |
936 | - } | |
937 | return pid; | |
938 | } | |
939 | ||
940 | ||
941 | -- | |
942 | ||
943 | From greg@quad.kroah.org Mon Aug 21 11:39:53 2006 | |
944 | Message-Id: <20060821183953.239986945@quad.kroah.org> | |
945 | References: <20060821183818.155091391@quad.kroah.org> | |
946 | User-Agent: quilt/0.45-1 | |
947 | Date: Mon, 21 Aug 2006 11:38:31 -0700 | |
948 | From: Greg KH <gregkh@suse.de> | |
949 | To: linux-kernel@vger.kernel.org, | |
950 | stable@kernel.org, | |
951 | bunk@stusta.de, | |
952 | maks@sternwelten.at | |
953 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
954 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
955 | Theodore Ts'o <tytso@mit.edu>, | |
956 | Randy Dunlap <rdunlap@xenotime.net>, | |
957 | Dave Jones <davej@redhat.com>, | |
958 | Chuck Wolber <chuckw@quantumlinux.com>, | |
959 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
960 | torvalds@osdl.org, | |
961 | akpm@osdl.org, | |
962 | alan@lxorguk.ukuu.org.uk, | |
963 | Olaf Hering <olh@suse.de>, | |
964 | Greg Kroah-Hartman <gregkh@suse.de> | |
965 | Subject: [patch 12/20] SERIAL: icom: select FW_LOADER | |
966 | Content-Disposition: inline; filename=serial-icom-select-fw_loader.patch | |
967 | Content-Length: 827 | |
968 | Lines: 29 | |
969 | ||
970 | -stable review patch. If anyone has any objections, please let us know. | |
971 | ||
972 | ------------------ | |
973 | From: Olaf Hering <olaf@aepfle.de> | |
974 | ||
975 | The icom driver uses request_firmware() | |
976 | and thus needs to select FW_LOADER. | |
977 | ||
978 | Signed-off-by: maximilian attems <maks@sternwelten.at> | |
979 | Signed-off-by: Olaf Hering <olh@suse.de> | |
980 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
981 | ||
982 | ||
983 | --- | |
984 | drivers/serial/Kconfig | 1 + | |
985 | 1 file changed, 1 insertion(+) | |
986 | ||
987 | --- linux-2.6.17.9.orig/drivers/serial/Kconfig | |
988 | +++ linux-2.6.17.9/drivers/serial/Kconfig | |
989 | @@ -803,6 +803,7 @@ config SERIAL_MPC52xx | |
990 | tristate "Freescale MPC52xx family PSC serial support" | |
991 | depends on PPC_MPC52xx | |
992 | select SERIAL_CORE | |
993 | + select FW_LOADER | |
994 | help | |
995 | This drivers support the MPC52xx PSC serial ports. If you would | |
996 | like to use them, you must answer Y or M to this option. Not that | |
997 | ||
998 | -- | |
999 | ||
1000 | From greg@quad.kroah.org Mon Aug 21 11:39:53 2006 | |
1001 | Message-Id: <20060821183953.381397963@quad.kroah.org> | |
1002 | References: <20060821183818.155091391@quad.kroah.org> | |
1003 | User-Agent: quilt/0.45-1 | |
1004 | Date: Mon, 21 Aug 2006 11:38:32 -0700 | |
1005 | From: Greg KH <gregkh@suse.de> | |
1006 | To: linux-kernel@vger.kernel.org, | |
1007 | stable@kernel.org, | |
1008 | Greg KH <gregkh@suse.de>, | |
1009 | Andrew Morton <akpm@osdl.org> | |
1010 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
1011 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
1012 | Theodore Ts'o <tytso@mit.edu>, | |
1013 | Randy Dunlap <rdunlap@xenotime.net>, | |
1014 | Dave Jones <davej@redhat.com>, | |
1015 | Chuck Wolber <chuckw@quantumlinux.com>, | |
1016 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
1017 | torvalds@osdl.org, | |
1018 | alan@lxorguk.ukuu.org.uk, | |
1019 | Jean Delvare <khali@linux-fr.org>, | |
1020 | Daniel Ritz <daniel.ritz@gmx.ch> | |
1021 | Subject: [patch 13/20] PCI: fix ICH6 quirks | |
1022 | Content-Disposition: inline; filename=pci-fix-ich6-quirks.patch | |
1023 | Content-Length: 1720 | |
1024 | Lines: 40 | |
1025 | ||
1026 | -stable review patch. If anyone has any objections, please let us know. | |
1027 | ||
1028 | ------------------ | |
1029 | From: Daniel Ritz <daniel.ritz-ml@swissonline.ch> | |
1030 | ||
1031 | [PATCH] PCI: fix ICH6 quirks | |
1032 | ||
1033 | - add the ICH6(R) LPC to the ICH6 ACPI quirks. currently only the ICH6-M is | |
1034 | handled. [ PCI_DEVICE_ID_INTEL_ICH6_1 is the ICH6-M LPC, ICH6_0 is the ICH6(R) ] | |
1035 | - remove the wrong quirk calling asus_hides_smbus_lpc() for ICH6. the register | |
1036 | modified in asus_hides_smbus_lpc() has a different meaning in ICH6. | |
1037 | ||
1038 | Signed-off-by: Daniel Ritz <daniel.ritz@gmx.ch> | |
1039 | Cc: Jean Delvare <khali@linux-fr.org> | |
1040 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
1041 | ||
1042 | --- | |
1043 | drivers/pci/quirks.c | 2 +- | |
1044 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
1045 | ||
1046 | --- linux-2.6.17.9.orig/drivers/pci/quirks.c | |
1047 | +++ linux-2.6.17.9/drivers/pci/quirks.c | |
1048 | @@ -427,6 +427,7 @@ static void __devinit quirk_ich6_lpc_acp | |
1049 | pci_read_config_dword(dev, 0x48, ®ion); | |
1050 | quirk_io_region(dev, region, 64, PCI_BRIDGE_RESOURCES+1, "ICH6 GPIO"); | |
1051 | } | |
1052 | +DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH6_0, quirk_ich6_lpc_acpi ); | |
1053 | DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH6_1, quirk_ich6_lpc_acpi ); | |
1054 | ||
1055 | /* | |
1056 | @@ -1043,7 +1044,6 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_I | |
1057 | DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82801CA_12, asus_hides_smbus_lpc ); | |
1058 | DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82801DB_12, asus_hides_smbus_lpc ); | |
1059 | DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82801EB_0, asus_hides_smbus_lpc ); | |
1060 | -DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH6_1, asus_hides_smbus_lpc ); | |
1061 | ||
1062 | static void __init asus_hides_smbus_lpc_ich6(struct pci_dev *dev) | |
1063 | { | |
1064 | ||
1065 | -- | |
1066 | ||
1067 | From greg@quad.kroah.org Mon Aug 21 11:39:53 2006 | |
1068 | Message-Id: <20060821183953.525133544@quad.kroah.org> | |
1069 | References: <20060821183818.155091391@quad.kroah.org> | |
1070 | User-Agent: quilt/0.45-1 | |
1071 | Date: Mon, 21 Aug 2006 11:38:33 -0700 | |
1072 | From: Greg KH <gregkh@suse.de> | |
1073 | To: linux-kernel@vger.kernel.org, | |
1074 | stable@kernel.org | |
1075 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
1076 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
1077 | Theodore Ts'o <tytso@mit.edu>, | |
1078 | Randy Dunlap <rdunlap@xenotime.net>, | |
1079 | Dave Jones <davej@redhat.com>, | |
1080 | Chuck Wolber <chuckw@quantumlinux.com>, | |
1081 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
1082 | torvalds@osdl.org, | |
1083 | akpm@osdl.org, | |
1084 | alan@lxorguk.ukuu.org.uk, | |
1085 | Adrian Bunk <bunk@stusta.de>, | |
1086 | Patrick McHardy <kaber@trash.net>, | |
1087 | Greg Kroah-Hartman <gregkh@suse.de> | |
1088 | Subject: [patch 14/20] : ip_tables: fix table locking in ipt_do_table | |
1089 | Content-Disposition: inline; filename=ip_tables-fix-table-locking-in-ipt_do_table.patch | |
1090 | Content-Length: 1989 | |
1091 | Lines: 58 | |
1092 | ||
1093 | -stable review patch. If anyone has any objections, please let us know. | |
1094 | ||
1095 | ------------------ | |
1096 | From: Patrick McHardy <kaber@trash.net> | |
1097 | ||
1098 | [NETFILTER]: ip_tables: fix table locking in ipt_do_table | |
1099 | ||
1100 | table->private might change because of ruleset changes, don't use it without | |
1101 | holding the lock. | |
1102 | ||
1103 | Signed-off-by: Patrick McHardy <kaber@trash.net> | |
1104 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
1105 | ||
1106 | --- | |
1107 | net/ipv4/netfilter/arp_tables.c | 3 ++- | |
1108 | net/ipv4/netfilter/ip_tables.c | 3 ++- | |
1109 | 2 files changed, 4 insertions(+), 2 deletions(-) | |
1110 | ||
1111 | --- linux-2.6.17.9.orig/net/ipv4/netfilter/arp_tables.c | |
1112 | +++ linux-2.6.17.9/net/ipv4/netfilter/arp_tables.c | |
1113 | @@ -237,7 +237,7 @@ unsigned int arpt_do_table(struct sk_buf | |
1114 | struct arpt_entry *e, *back; | |
1115 | const char *indev, *outdev; | |
1116 | void *table_base; | |
1117 | - struct xt_table_info *private = table->private; | |
1118 | + struct xt_table_info *private; | |
1119 | ||
1120 | /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ | |
1121 | if (!pskb_may_pull((*pskb), (sizeof(struct arphdr) + | |
1122 | @@ -249,6 +249,7 @@ unsigned int arpt_do_table(struct sk_buf | |
1123 | outdev = out ? out->name : nulldevname; | |
1124 | ||
1125 | read_lock_bh(&table->lock); | |
1126 | + private = table->private; | |
1127 | table_base = (void *)private->entries[smp_processor_id()]; | |
1128 | e = get_entry(table_base, private->hook_entry[hook]); | |
1129 | back = get_entry(table_base, private->underflow[hook]); | |
1130 | --- linux-2.6.17.9.orig/net/ipv4/netfilter/ip_tables.c | |
1131 | +++ linux-2.6.17.9/net/ipv4/netfilter/ip_tables.c | |
1132 | @@ -231,7 +231,7 @@ ipt_do_table(struct sk_buff **pskb, | |
1133 | const char *indev, *outdev; | |
1134 | void *table_base; | |
1135 | struct ipt_entry *e, *back; | |
1136 | - struct xt_table_info *private = table->private; | |
1137 | + struct xt_table_info *private; | |
1138 | ||
1139 | /* Initialization */ | |
1140 | ip = (*pskb)->nh.iph; | |
1141 | @@ -248,6 +248,7 @@ ipt_do_table(struct sk_buff **pskb, | |
1142 | ||
1143 | read_lock_bh(&table->lock); | |
1144 | IP_NF_ASSERT(table->valid_hooks & (1 << hook)); | |
1145 | + private = table->private; | |
1146 | table_base = (void *)private->entries[smp_processor_id()]; | |
1147 | e = get_entry(table_base, private->hook_entry[hook]); | |
1148 | ||
1149 | ||
1150 | -- | |
1151 | ||
1152 | From greg@quad.kroah.org Mon Aug 21 11:39:53 2006 | |
1153 | Message-Id: <20060821183953.663500743@quad.kroah.org> | |
1154 | References: <20060821183818.155091391@quad.kroah.org> | |
1155 | User-Agent: quilt/0.45-1 | |
1156 | Date: Mon, 21 Aug 2006 11:38:34 -0700 | |
1157 | From: Greg KH <gregkh@suse.de> | |
1158 | To: linux-kernel@vger.kernel.org, | |
1159 | stable@kernel.org | |
1160 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
1161 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
1162 | Theodore Ts'o <tytso@mit.edu>, | |
1163 | Randy Dunlap <rdunlap@xenotime.net>, | |
1164 | Dave Jones <davej@redhat.com>, | |
1165 | Chuck Wolber <chuckw@quantumlinux.com>, | |
1166 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
1167 | torvalds@osdl.org, | |
1168 | akpm@osdl.org, | |
1169 | alan@lxorguk.ukuu.org.uk, | |
1170 | Pavel Emelianov <xemul@openvz.org>, | |
1171 | Kirill Korotaev <dev@openvz.org>, | |
1172 | Greg Kroah-Hartman <gregkh@suse.de> | |
1173 | Subject: [patch 15/20] IA64: local DoS with corrupted ELFs | |
1174 | Content-Disposition: inline; filename=ia64-local-dos-with-corrupted-elfs.patch | |
1175 | Status: RO | |
1176 | Content-Length: 7804 | |
1177 | Lines: 283 | |
1178 | ||
1179 | -stable review patch. If anyone has any objections, please let us know. | |
1180 | ||
1181 | ------------------ | |
1182 | From: Kirill Korotaev <dev@sw.ru> | |
1183 | ||
1184 | This patch prevents cross-region mappings | |
1185 | on IA64 and SPARC which could lead to system crash. | |
1186 | ||
1187 | davem@ confirmed: "This looks fine to me." :) | |
1188 | ||
1189 | Signed-Off-By: Pavel Emelianov <xemul@openvz.org> | |
1190 | Signed-Off-By: Kirill Korotaev <dev@openvz.org> | |
1191 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
1192 | ||
1193 | ||
1194 | --- | |
1195 | arch/ia64/kernel/sys_ia64.c | 28 ++++++++++++++++------------ | |
1196 | arch/sparc/kernel/sys_sparc.c | 27 +++++++++++++++------------ | |
1197 | arch/sparc64/kernel/sys_sparc.c | 36 ++++++++++++++++++++---------------- | |
1198 | include/asm-generic/mman.h | 6 ++++++ | |
1199 | include/asm-ia64/mman.h | 6 ++++++ | |
1200 | include/asm-sparc/mman.h | 6 ++++++ | |
1201 | include/asm-sparc64/mman.h | 6 ++++++ | |
1202 | mm/mmap.c | 13 +++++++++++-- | |
1203 | 8 files changed, 86 insertions(+), 42 deletions(-) | |
1204 | ||
1205 | --- linux-2.6.17.9.orig/arch/ia64/kernel/sys_ia64.c | |
1206 | +++ linux-2.6.17.9/arch/ia64/kernel/sys_ia64.c | |
1207 | @@ -164,10 +164,25 @@ sys_pipe (void) | |
1208 | return retval; | |
1209 | } | |
1210 | ||
1211 | +int ia64_map_check_rgn(unsigned long addr, unsigned long len, | |
1212 | + unsigned long flags) | |
1213 | +{ | |
1214 | + unsigned long roff; | |
1215 | + | |
1216 | + /* | |
1217 | + * Don't permit mappings into unmapped space, the virtual page table | |
1218 | + * of a region, or across a region boundary. Note: RGN_MAP_LIMIT is | |
1219 | + * equal to 2^n-PAGE_SIZE (for some integer n <= 61) and len > 0. | |
1220 | + */ | |
1221 | + roff = REGION_OFFSET(addr); | |
1222 | + if ((len > RGN_MAP_LIMIT) || (roff > (RGN_MAP_LIMIT - len))) | |
1223 | + return -EINVAL; | |
1224 | + return 0; | |
1225 | +} | |
1226 | + | |
1227 | static inline unsigned long | |
1228 | do_mmap2 (unsigned long addr, unsigned long len, int prot, int flags, int fd, unsigned long pgoff) | |
1229 | { | |
1230 | - unsigned long roff; | |
1231 | struct file *file = NULL; | |
1232 | ||
1233 | flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE); | |
1234 | @@ -189,17 +204,6 @@ do_mmap2 (unsigned long addr, unsigned l | |
1235 | goto out; | |
1236 | } | |
1237 | ||
1238 | - /* | |
1239 | - * Don't permit mappings into unmapped space, the virtual page table of a region, | |
1240 | - * or across a region boundary. Note: RGN_MAP_LIMIT is equal to 2^n-PAGE_SIZE | |
1241 | - * (for some integer n <= 61) and len > 0. | |
1242 | - */ | |
1243 | - roff = REGION_OFFSET(addr); | |
1244 | - if ((len > RGN_MAP_LIMIT) || (roff > (RGN_MAP_LIMIT - len))) { | |
1245 | - addr = -EINVAL; | |
1246 | - goto out; | |
1247 | - } | |
1248 | - | |
1249 | down_write(¤t->mm->mmap_sem); | |
1250 | addr = do_mmap_pgoff(file, addr, len, prot, flags, pgoff); | |
1251 | up_write(¤t->mm->mmap_sem); | |
1252 | --- linux-2.6.17.9.orig/arch/sparc/kernel/sys_sparc.c | |
1253 | +++ linux-2.6.17.9/arch/sparc/kernel/sys_sparc.c | |
1254 | @@ -219,6 +219,21 @@ out: | |
1255 | return err; | |
1256 | } | |
1257 | ||
1258 | +int sparc_mmap_check(unsigned long addr, unsigned long len, unsigned long flags) | |
1259 | +{ | |
1260 | + if (ARCH_SUN4C_SUN4 && | |
1261 | + (len > 0x20000000 || | |
1262 | + ((flags & MAP_FIXED) && | |
1263 | + addr < 0xe0000000 && addr + len > 0x20000000))) | |
1264 | + return -EINVAL; | |
1265 | + | |
1266 | + /* See asm-sparc/uaccess.h */ | |
1267 | + if (len > TASK_SIZE - PAGE_SIZE || addr + len > TASK_SIZE - PAGE_SIZE) | |
1268 | + return -EINVAL; | |
1269 | + | |
1270 | + return 0; | |
1271 | +} | |
1272 | + | |
1273 | /* Linux version of mmap */ | |
1274 | static unsigned long do_mmap2(unsigned long addr, unsigned long len, | |
1275 | unsigned long prot, unsigned long flags, unsigned long fd, | |
1276 | @@ -233,25 +248,13 @@ static unsigned long do_mmap2(unsigned l | |
1277 | goto out; | |
1278 | } | |
1279 | ||
1280 | - retval = -EINVAL; | |
1281 | len = PAGE_ALIGN(len); | |
1282 | - if (ARCH_SUN4C_SUN4 && | |
1283 | - (len > 0x20000000 || | |
1284 | - ((flags & MAP_FIXED) && | |
1285 | - addr < 0xe0000000 && addr + len > 0x20000000))) | |
1286 | - goto out_putf; | |
1287 | - | |
1288 | - /* See asm-sparc/uaccess.h */ | |
1289 | - if (len > TASK_SIZE - PAGE_SIZE || addr + len > TASK_SIZE - PAGE_SIZE) | |
1290 | - goto out_putf; | |
1291 | - | |
1292 | flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE); | |
1293 | ||
1294 | down_write(¤t->mm->mmap_sem); | |
1295 | retval = do_mmap_pgoff(file, addr, len, prot, flags, pgoff); | |
1296 | up_write(¤t->mm->mmap_sem); | |
1297 | ||
1298 | -out_putf: | |
1299 | if (file) | |
1300 | fput(file); | |
1301 | out: | |
1302 | --- linux-2.6.17.9.orig/arch/sparc64/kernel/sys_sparc.c | |
1303 | +++ linux-2.6.17.9/arch/sparc64/kernel/sys_sparc.c | |
1304 | @@ -549,6 +549,26 @@ asmlinkage long sparc64_personality(unsi | |
1305 | return ret; | |
1306 | } | |
1307 | ||
1308 | +int sparc64_mmap_check(unsigned long addr, unsigned long len, | |
1309 | + unsigned long flags) | |
1310 | +{ | |
1311 | + if (test_thread_flag(TIF_32BIT)) { | |
1312 | + if (len >= STACK_TOP32) | |
1313 | + return -EINVAL; | |
1314 | + | |
1315 | + if ((flags & MAP_FIXED) && addr > STACK_TOP32 - len) | |
1316 | + return -EINVAL; | |
1317 | + } else { | |
1318 | + if (len >= VA_EXCLUDE_START) | |
1319 | + return -EINVAL; | |
1320 | + | |
1321 | + if ((flags & MAP_FIXED) && invalid_64bit_range(addr, len)) | |
1322 | + return -EINVAL; | |
1323 | + } | |
1324 | + | |
1325 | + return 0; | |
1326 | +} | |
1327 | + | |
1328 | /* Linux version of mmap */ | |
1329 | asmlinkage unsigned long sys_mmap(unsigned long addr, unsigned long len, | |
1330 | unsigned long prot, unsigned long flags, unsigned long fd, | |
1331 | @@ -564,27 +584,11 @@ asmlinkage unsigned long sys_mmap(unsign | |
1332 | } | |
1333 | flags &= ~(MAP_EXECUTABLE | MAP_DENYWRITE); | |
1334 | len = PAGE_ALIGN(len); | |
1335 | - retval = -EINVAL; | |
1336 | - | |
1337 | - if (test_thread_flag(TIF_32BIT)) { | |
1338 | - if (len >= STACK_TOP32) | |
1339 | - goto out_putf; | |
1340 | - | |
1341 | - if ((flags & MAP_FIXED) && addr > STACK_TOP32 - len) | |
1342 | - goto out_putf; | |
1343 | - } else { | |
1344 | - if (len >= VA_EXCLUDE_START) | |
1345 | - goto out_putf; | |
1346 | - | |
1347 | - if ((flags & MAP_FIXED) && invalid_64bit_range(addr, len)) | |
1348 | - goto out_putf; | |
1349 | - } | |
1350 | ||
1351 | down_write(¤t->mm->mmap_sem); | |
1352 | retval = do_mmap(file, addr, len, prot, flags, off); | |
1353 | up_write(¤t->mm->mmap_sem); | |
1354 | ||
1355 | -out_putf: | |
1356 | if (file) | |
1357 | fput(file); | |
1358 | out: | |
1359 | --- linux-2.6.17.9.orig/include/asm-generic/mman.h | |
1360 | +++ linux-2.6.17.9/include/asm-generic/mman.h | |
1361 | @@ -39,4 +39,10 @@ | |
1362 | #define MAP_ANON MAP_ANONYMOUS | |
1363 | #define MAP_FILE 0 | |
1364 | ||
1365 | +#ifdef __KERNEL__ | |
1366 | +#ifndef arch_mmap_check | |
1367 | +#define arch_mmap_check(addr, len, flags) (0) | |
1368 | +#endif | |
1369 | +#endif | |
1370 | + | |
1371 | #endif | |
1372 | --- linux-2.6.17.9.orig/include/asm-ia64/mman.h | |
1373 | +++ linux-2.6.17.9/include/asm-ia64/mman.h | |
1374 | @@ -8,6 +8,12 @@ | |
1375 | * David Mosberger-Tang <davidm@hpl.hp.com>, Hewlett-Packard Co | |
1376 | */ | |
1377 | ||
1378 | +#ifdef __KERNEL__ | |
1379 | +#define arch_mmap_check ia64_map_check_rgn | |
1380 | +int ia64_map_check_rgn(unsigned long addr, unsigned long len, | |
1381 | + unsigned long flags); | |
1382 | +#endif | |
1383 | + | |
1384 | #include <asm-generic/mman.h> | |
1385 | ||
1386 | #define MAP_GROWSDOWN 0x00100 /* stack-like segment */ | |
1387 | --- linux-2.6.17.9.orig/include/asm-sparc/mman.h | |
1388 | +++ linux-2.6.17.9/include/asm-sparc/mman.h | |
1389 | @@ -2,6 +2,12 @@ | |
1390 | #ifndef __SPARC_MMAN_H__ | |
1391 | #define __SPARC_MMAN_H__ | |
1392 | ||
1393 | +#ifdef __KERNEL__ | |
1394 | +#define arch_mmap_check sparc_mmap_check | |
1395 | +int sparc_mmap_check(unsigned long addr, unsigned long len, | |
1396 | + unsigned long flags); | |
1397 | +#endif | |
1398 | + | |
1399 | #include <asm-generic/mman.h> | |
1400 | ||
1401 | /* SunOS'ified... */ | |
1402 | --- linux-2.6.17.9.orig/include/asm-sparc64/mman.h | |
1403 | +++ linux-2.6.17.9/include/asm-sparc64/mman.h | |
1404 | @@ -2,6 +2,12 @@ | |
1405 | #ifndef __SPARC64_MMAN_H__ | |
1406 | #define __SPARC64_MMAN_H__ | |
1407 | ||
1408 | +#ifdef __KERNEL__ | |
1409 | +#define arch_mmap_check sparc64_mmap_check | |
1410 | +int sparc64_mmap_check(unsigned long addr, unsigned long len, | |
1411 | + unsigned long flags); | |
1412 | +#endif | |
1413 | + | |
1414 | #include <asm-generic/mman.h> | |
1415 | ||
1416 | /* SunOS'ified... */ | |
1417 | --- linux-2.6.17.9.orig/mm/mmap.c | |
1418 | +++ linux-2.6.17.9/mm/mmap.c | |
1419 | @@ -913,6 +913,10 @@ unsigned long do_mmap_pgoff(struct file | |
1420 | if (!len) | |
1421 | return -EINVAL; | |
1422 | ||
1423 | + error = arch_mmap_check(addr, len, flags); | |
1424 | + if (error) | |
1425 | + return error; | |
1426 | + | |
1427 | /* Careful about overflows.. */ | |
1428 | len = PAGE_ALIGN(len); | |
1429 | if (!len || len > TASK_SIZE) | |
1430 | @@ -1852,6 +1856,7 @@ unsigned long do_brk(unsigned long addr, | |
1431 | unsigned long flags; | |
1432 | struct rb_node ** rb_link, * rb_parent; | |
1433 | pgoff_t pgoff = addr >> PAGE_SHIFT; | |
1434 | + int error; | |
1435 | ||
1436 | len = PAGE_ALIGN(len); | |
1437 | if (!len) | |
1438 | @@ -1860,6 +1865,12 @@ unsigned long do_brk(unsigned long addr, | |
1439 | if ((addr + len) > TASK_SIZE || (addr + len) < addr) | |
1440 | return -EINVAL; | |
1441 | ||
1442 | + flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; | |
1443 | + | |
1444 | + error = arch_mmap_check(addr, len, flags); | |
1445 | + if (error) | |
1446 | + return error; | |
1447 | + | |
1448 | /* | |
1449 | * mlock MCL_FUTURE? | |
1450 | */ | |
1451 | @@ -1900,8 +1911,6 @@ unsigned long do_brk(unsigned long addr, | |
1452 | if (security_vm_enough_memory(len >> PAGE_SHIFT)) | |
1453 | return -ENOMEM; | |
1454 | ||
1455 | - flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; | |
1456 | - | |
1457 | /* Can we just expand an old private anonymous mapping? */ | |
1458 | if (vma_merge(mm, prev, addr, addr + len, flags, | |
1459 | NULL, NULL, pgoff, NULL)) | |
1460 | ||
1461 | -- | |
1462 | ||
1463 | From greg@quad.kroah.org Mon Aug 21 11:39:53 2006 | |
1464 | Message-Id: <20060821183953.809086225@quad.kroah.org> | |
1465 | References: <20060821183818.155091391@quad.kroah.org> | |
1466 | User-Agent: quilt/0.45-1 | |
1467 | Date: Mon, 21 Aug 2006 11:38:35 -0700 | |
1468 | From: Greg KH <gregkh@suse.de> | |
1469 | To: linux-kernel@vger.kernel.org, | |
1470 | stable@kernel.org | |
1471 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
1472 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
1473 | Theodore Ts'o <tytso@mit.edu>, | |
1474 | Randy Dunlap <rdunlap@xenotime.net>, | |
1475 | Dave Jones <davej@redhat.com>, | |
1476 | Chuck Wolber <chuckw@quantumlinux.com>, | |
1477 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
1478 | torvalds@osdl.org, | |
1479 | akpm@osdl.org, | |
1480 | alan@lxorguk.ukuu.org.uk, | |
1481 | Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>, | |
1482 | "David S. Miller" <davem@davemloft.net>, | |
1483 | Greg Kroah-Hartman <gregkh@suse.de> | |
1484 | Subject: [patch 16/20] Fix ipv4 routing locking bug | |
1485 | Content-Disposition: inline; filename=fix-ipv4-routing-locking-bug.patch | |
1486 | Content-Length: 2499 | |
1487 | Lines: 82 | |
1488 | ||
1489 | -stable review patch. If anyone has any objections, please let us know. | |
1490 | ||
1491 | ------------------ | |
1492 | ||
1493 | From: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> | |
1494 | ||
1495 | [IPV4]: severe locking bug in fib_semantics.c | |
1496 | ||
1497 | Found in 2.4 by Yixin Pan <yxpan@hotmail.com>. | |
1498 | ||
1499 | > When I read fib_semantics.c of Linux-2.4.32, write_lock(&fib_info_lock) = | |
1500 | > is used in fib_release_info() instead of write_lock_bh(&fib_info_lock). = | |
1501 | > Is the following case possible: a BH interrupts fib_release_info() while = | |
1502 | > holding the write lock, and calls ip_check_fib_default() which calls = | |
1503 | > read_lock(&fib_info_lock), and spin forever. | |
1504 | ||
1505 | Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> | |
1506 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
1507 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
1508 | ||
1509 | --- | |
1510 | net/ipv4/fib_semantics.c | 12 ++++++------ | |
1511 | 1 file changed, 6 insertions(+), 6 deletions(-) | |
1512 | ||
1513 | --- linux-2.6.17.9.orig/net/ipv4/fib_semantics.c | |
1514 | +++ linux-2.6.17.9/net/ipv4/fib_semantics.c | |
1515 | @@ -160,7 +160,7 @@ void free_fib_info(struct fib_info *fi) | |
1516 | ||
1517 | void fib_release_info(struct fib_info *fi) | |
1518 | { | |
1519 | - write_lock(&fib_info_lock); | |
1520 | + write_lock_bh(&fib_info_lock); | |
1521 | if (fi && --fi->fib_treeref == 0) { | |
1522 | hlist_del(&fi->fib_hash); | |
1523 | if (fi->fib_prefsrc) | |
1524 | @@ -173,7 +173,7 @@ void fib_release_info(struct fib_info *f | |
1525 | fi->fib_dead = 1; | |
1526 | fib_info_put(fi); | |
1527 | } | |
1528 | - write_unlock(&fib_info_lock); | |
1529 | + write_unlock_bh(&fib_info_lock); | |
1530 | } | |
1531 | ||
1532 | static __inline__ int nh_comp(const struct fib_info *fi, const struct fib_info *ofi) | |
1533 | @@ -599,7 +599,7 @@ static void fib_hash_move(struct hlist_h | |
1534 | unsigned int old_size = fib_hash_size; | |
1535 | unsigned int i, bytes; | |
1536 | ||
1537 | - write_lock(&fib_info_lock); | |
1538 | + write_lock_bh(&fib_info_lock); | |
1539 | old_info_hash = fib_info_hash; | |
1540 | old_laddrhash = fib_info_laddrhash; | |
1541 | fib_hash_size = new_size; | |
1542 | @@ -640,7 +640,7 @@ static void fib_hash_move(struct hlist_h | |
1543 | } | |
1544 | fib_info_laddrhash = new_laddrhash; | |
1545 | ||
1546 | - write_unlock(&fib_info_lock); | |
1547 | + write_unlock_bh(&fib_info_lock); | |
1548 | ||
1549 | bytes = old_size * sizeof(struct hlist_head *); | |
1550 | fib_hash_free(old_info_hash, bytes); | |
1551 | @@ -822,7 +822,7 @@ link_it: | |
1552 | ||
1553 | fi->fib_treeref++; | |
1554 | atomic_inc(&fi->fib_clntref); | |
1555 | - write_lock(&fib_info_lock); | |
1556 | + write_lock_bh(&fib_info_lock); | |
1557 | hlist_add_head(&fi->fib_hash, | |
1558 | &fib_info_hash[fib_info_hashfn(fi)]); | |
1559 | if (fi->fib_prefsrc) { | |
1560 | @@ -841,7 +841,7 @@ link_it: | |
1561 | head = &fib_info_devhash[hash]; | |
1562 | hlist_add_head(&nh->nh_hash, head); | |
1563 | } endfor_nexthops(fi) | |
1564 | - write_unlock(&fib_info_lock); | |
1565 | + write_unlock_bh(&fib_info_lock); | |
1566 | return fi; | |
1567 | ||
1568 | err_inval: | |
1569 | ||
1570 | -- | |
1571 | ||
1572 | From greg@quad.kroah.org Mon Aug 21 11:39:54 2006 | |
1573 | Message-Id: <20060821183953.950097468@quad.kroah.org> | |
1574 | References: <20060821183818.155091391@quad.kroah.org> | |
1575 | User-Agent: quilt/0.45-1 | |
1576 | Date: Mon, 21 Aug 2006 11:38:36 -0700 | |
1577 | From: Greg KH <gregkh@suse.de> | |
1578 | To: linux-kernel@vger.kernel.org, | |
1579 | stable@kernel.org | |
1580 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
1581 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
1582 | Theodore Ts'o <tytso@mit.edu>, | |
1583 | Randy Dunlap <rdunlap@xenotime.net>, | |
1584 | Dave Jones <davej@redhat.com>, | |
1585 | Chuck Wolber <chuckw@quantumlinux.com>, | |
1586 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
1587 | torvalds@osdl.org, | |
1588 | akpm@osdl.org, | |
1589 | alan@lxorguk.ukuu.org.uk, | |
1590 | agk@redhat.com, | |
1591 | mirq-linux@rere.qmqm.pl, | |
1592 | Greg Kroah-Hartman <gregkh@suse.de> | |
1593 | Subject: [patch 17/20] dm: BUG/OOPS fix | |
1594 | Content-Disposition: inline; filename=dm-bug-oops-fix.patch | |
1595 | Content-Length: 2568 | |
1596 | Lines: 69 | |
1597 | ||
1598 | -stable review patch. If anyone has any objections, please let us know. | |
1599 | ||
1600 | ------------------ | |
1601 | From: Michal Miroslaw <mirq-linux@rere.qmqm.pl> | |
1602 | ||
1603 | Fix BUG I tripped on while testing failover and multipathing. | |
1604 | ||
1605 | BUG shows up on error path in multipath_ctr() when parse_priority_group() | |
1606 | fails after returning at least once without error. The fix is to | |
1607 | initialize m->ti early - just after alloc()ing it. | |
1608 | ||
1609 | BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000 | |
1610 | printing eip: | |
1611 | c027c3d2 | |
1612 | *pde = 00000000 | |
1613 | Oops: 0000 [#3] | |
1614 | Modules linked in: qla2xxx ext3 jbd mbcache sg ide_cd cdrom floppy | |
1615 | CPU: 0 | |
1616 | EIP: 0060:[<c027c3d2>] Not tainted VLI | |
1617 | EFLAGS: 00010202 (2.6.17.3 #1) | |
1618 | EIP is at dm_put_device+0xf/0x3b | |
1619 | eax: 00000001 ebx: ee4fcac0 ecx: 00000000 edx: ee4fcac0 | |
1620 | esi: ee4fc4e0 edi: ee4fc4e0 ebp: 00000000 esp: c5db3e78 | |
1621 | ds: 007b es: 007b ss: 0068 | |
1622 | Process multipathd (pid: 15912, threadinfo=c5db2000 task=ef485a90) | |
1623 | Stack: ec4eda40 c02816bd ee4fc4c0 00000000 f7e89498 f883e0bc c02816f6 f7e89480 | |
1624 | f7e8948c c0281801 ffffffea f7e89480 f883e080 c0281ffe 00000001 00000000 | |
1625 | 00000004 dfe9cab8 f7a693c0 f883e080 f883e0c0 ca4b99c0 c027c6ee 01400000 | |
1626 | Call Trace: | |
1627 | <c02816bd> free_pgpaths+0x31/0x45 <c02816f6> free_priority_group+0x25/0x2e | |
1628 | <c0281801> free_multipath+0x35/0x67 <c0281ffe> multipath_ctr+0x123/0x12d | |
1629 | <c027c6ee> dm_table_add_target+0x11e/0x18b <c027e5b4> populate_table+0x8a/0xaf | |
1630 | <c027e62b> table_load+0x52/0xf9 <c027ec23> ctl_ioctl+0xca/0xfc | |
1631 | <c027e5d9> table_load+0x0/0xf9 <c0152146> do_ioctl+0x3e/0x43 | |
1632 | <c0152360> vfs_ioctl+0x16c/0x178 <c01523b4> sys_ioctl+0x48/0x60 | |
1633 | <c01029b3> syscall_call+0x7/0xb | |
1634 | Code: 97 f0 00 00 00 89 c1 83 c9 01 80 e2 01 0f 44 c1 88 43 14 8b 04 24 59 5b 5e 5f 5d c3 53 89 c1 89 d3 ff 4a 08 0f 94 c0 84 c0 74 2a <8b> 01 8b 10 89 d8 e8 f6 fb ff ff 8b 03 8b 53 04 89 50 04 89 02 | |
1635 | EIP: [<c027c3d2>] dm_put_device+0xf/0x3b SS:ESP 0068:c5db3e78 | |
1636 | ||
1637 | Signed-off-by: Michal Miroslaw <mirq-linux@rere.qmqm.pl> | |
1638 | Acked-by: Alasdair G Kergon <agk@redhat.com> | |
1639 | Signed-off-by: Andrew Morton <akpm@osdl.org> | |
1640 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
1641 | ||
1642 | --- | |
1643 | drivers/md/dm-mpath.c | 3 ++- | |
1644 | 1 file changed, 2 insertions(+), 1 deletion(-) | |
1645 | ||
1646 | --- linux-2.6.17.9.orig/drivers/md/dm-mpath.c | |
1647 | +++ linux-2.6.17.9/drivers/md/dm-mpath.c | |
1648 | @@ -711,6 +711,8 @@ static int multipath_ctr(struct dm_targe | |
1649 | return -EINVAL; | |
1650 | } | |
1651 | ||
1652 | + m->ti = ti; | |
1653 | + | |
1654 | r = parse_features(&as, m, ti); | |
1655 | if (r) | |
1656 | goto bad; | |
1657 | @@ -752,7 +754,6 @@ static int multipath_ctr(struct dm_targe | |
1658 | } | |
1659 | ||
1660 | ti->private = m; | |
1661 | - m->ti = ti; | |
1662 | ||
1663 | return 0; | |
1664 | ||
1665 | ||
1666 | -- | |
1667 | ||
1668 | From greg@quad.kroah.org Mon Aug 21 11:39:54 2006 | |
1669 | Message-Id: <20060821183954.092592169@quad.kroah.org> | |
1670 | References: <20060821183818.155091391@quad.kroah.org> | |
1671 | User-Agent: quilt/0.45-1 | |
1672 | Date: Mon, 21 Aug 2006 11:38:37 -0700 | |
1673 | From: Greg KH <gregkh@suse.de> | |
1674 | To: linux-kernel@vger.kernel.org, | |
1675 | stable@kernel.org, | |
1676 | mm-commits@vger.kernel.org | |
1677 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
1678 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
1679 | Theodore Ts'o <tytso@mit.edu>, | |
1680 | Randy Dunlap <rdunlap@xenotime.net>, | |
1681 | Dave Jones <davej@redhat.com>, | |
1682 | Chuck Wolber <chuckw@quantumlinux.com>, | |
1683 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
1684 | torvalds@osdl.org, | |
1685 | akpm@osdl.org, | |
1686 | alan@lxorguk.ukuu.org.uk, | |
1687 | rjw@sisk.pl, | |
1688 | hugh@veritas.com, | |
1689 | pavel@suse.cz, | |
1690 | Greg Kroah-Hartman <gregkh@suse.de> | |
1691 | Subject: [patch 18/20] swsusp: Fix swap_type_of | |
1692 | Content-Disposition: inline; filename=swsusp-fix-swap_type_of.patch | |
1693 | Content-Length: 1061 | |
1694 | Lines: 36 | |
1695 | ||
1696 | -stable review patch. If anyone has any objections, please let us know. | |
1697 | ||
1698 | ------------------ | |
1699 | From: "Rafael J. Wysocki" <rjw@sisk.pl> | |
1700 | ||
1701 | There is a bug in mm/swapfile.c#swap_type_of() that makes swsusp only be | |
1702 | able to use the first active swap partition as the resume device. Fix it. | |
1703 | ||
1704 | Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> | |
1705 | Cc: Hugh Dickins <hugh@veritas.com> | |
1706 | Acked-by: Pavel Machek <pavel@suse.cz> | |
1707 | Signed-off-by: Andrew Morton <akpm@osdl.org> | |
1708 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
1709 | ||
1710 | --- | |
1711 | mm/swapfile.c | 3 ++- | |
1712 | 1 file changed, 2 insertions(+), 1 deletion(-) | |
1713 | ||
1714 | --- linux-2.6.17.9.orig/mm/swapfile.c | |
1715 | +++ linux-2.6.17.9/mm/swapfile.c | |
1716 | @@ -440,11 +440,12 @@ int swap_type_of(dev_t device) | |
1717 | ||
1718 | if (!(swap_info[i].flags & SWP_WRITEOK)) | |
1719 | continue; | |
1720 | + | |
1721 | if (!device) { | |
1722 | spin_unlock(&swap_lock); | |
1723 | return i; | |
1724 | } | |
1725 | - inode = swap_info->swap_file->f_dentry->d_inode; | |
1726 | + inode = swap_info[i].swap_file->f_dentry->d_inode; | |
1727 | if (S_ISBLK(inode->i_mode) && | |
1728 | device == MKDEV(imajor(inode), iminor(inode))) { | |
1729 | spin_unlock(&swap_lock); | |
1730 | ||
1731 | -- | |
1732 | ||
1733 | From greg@quad.kroah.org Mon Aug 21 11:39:54 2006 | |
1734 | Message-Id: <20060821183954.233744517@quad.kroah.org> | |
1735 | References: <20060821183818.155091391@quad.kroah.org> | |
1736 | User-Agent: quilt/0.45-1 | |
1737 | Date: Mon, 21 Aug 2006 11:38:38 -0700 | |
1738 | From: Greg KH <gregkh@suse.de> | |
1739 | To: linux-kernel@vger.kernel.org, | |
1740 | stable@kernel.org | |
1741 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
1742 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
1743 | Theodore Ts'o <tytso@mit.edu>, | |
1744 | Randy Dunlap <rdunlap@xenotime.net>, | |
1745 | Dave Jones <davej@redhat.com>, | |
1746 | Chuck Wolber <chuckw@quantumlinux.com>, | |
1747 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
1748 | torvalds@osdl.org, | |
1749 | akpm@osdl.org, | |
1750 | alan@lxorguk.ukuu.org.uk, | |
1751 | linux-raid@vger.kernel.org, | |
1752 | Neil Brown <neilb@suse.de>, | |
1753 | Greg Kroah-Hartman <gregkh@suse.de> | |
1754 | Subject: [patch 19/20] MD: Fix a potential NULL dereference in md/raid1 | |
1755 | Content-Disposition: inline; filename=md-fix-a-potential-null-dereference-in-md-raid1.patch | |
1756 | Content-Length: 1297 | |
1757 | Lines: 43 | |
1758 | ||
1759 | -stable review patch. If anyone has any objections, please let us know. | |
1760 | ||
1761 | ------------------ | |
1762 | From: NeilBrown <neilb@suse.de> | |
1763 | ||
1764 | At the point where this 'atomic_add' is, rdev could be NULL, as seen by | |
1765 | the fact that we test for this in the very next statement. | |
1766 | ||
1767 | Further is it is really the wrong place of the add. We could add to the | |
1768 | count of corrected errors once the are sure it was corrected, not before | |
1769 | trying to correct it. | |
1770 | ||
1771 | Signed-off-by: Neil Brown <neilb@suse.de> | |
1772 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
1773 | ||
1774 | ||
1775 | diff .prev/drivers/md/raid1.c ./drivers/md/raid1.c | |
1776 | --- | |
1777 | drivers/md/raid1.c | 4 +++- | |
1778 | 1 file changed, 3 insertions(+), 1 deletion(-) | |
1779 | ||
1780 | --- linux-2.6.17.9.orig/drivers/md/raid1.c | |
1781 | +++ linux-2.6.17.9/drivers/md/raid1.c | |
1782 | @@ -1486,7 +1486,6 @@ static void raid1d(mddev_t *mddev) | |
1783 | d = conf->raid_disks; | |
1784 | d--; | |
1785 | rdev = conf->mirrors[d].rdev; | |
1786 | - atomic_add(s, &rdev->corrected_errors); | |
1787 | if (rdev && | |
1788 | test_bit(In_sync, &rdev->flags)) { | |
1789 | if (sync_page_io(rdev->bdev, | |
1790 | @@ -1509,6 +1508,9 @@ static void raid1d(mddev_t *mddev) | |
1791 | s<<9, conf->tmppage, READ) == 0) | |
1792 | /* Well, this device is dead */ | |
1793 | md_error(mddev, rdev); | |
1794 | + else | |
1795 | + atomic_add(s, &rdev->corrected_errors); | |
1796 | + | |
1797 | } | |
1798 | } | |
1799 | } else { | |
1800 | ||
1801 | -- | |
1802 | ||
1803 | From greg@quad.kroah.org Mon Aug 21 11:39:54 2006 | |
1804 | Message-Id: <20060821183954.380028812@quad.kroah.org> | |
1805 | References: <20060821183818.155091391@quad.kroah.org> | |
1806 | User-Agent: quilt/0.45-1 | |
1807 | Date: Mon, 21 Aug 2006 11:38:39 -0700 | |
1808 | From: Greg KH <gregkh@suse.de> | |
1809 | To: linux-kernel@vger.kernel.org, | |
1810 | stable@kernel.org, | |
1811 | mm-commits@vger.kernel.org | |
1812 | Cc: Justin Forbes <jmforbes@linuxtx.org>, | |
1813 | Zwane Mwaikambo <zwane@arm.linux.org.uk>, | |
1814 | Theodore Ts'o <tytso@mit.edu>, | |
1815 | Randy Dunlap <rdunlap@xenotime.net>, | |
1816 | Dave Jones <davej@redhat.com>, | |
1817 | Chuck Wolber <chuckw@quantumlinux.com>, | |
1818 | Chris Wedgwood <reviews@ml.cw.f00f.org>, | |
1819 | torvalds@osdl.org, | |
1820 | akpm@osdl.org, | |
1821 | alan@lxorguk.ukuu.org.uk, | |
1822 | scjody@modernduck.com, | |
1823 | bcollins@ubuntu.com, | |
1824 | benh@kernel.crashing.org, | |
1825 | obiwan@mailmij.org, | |
1826 | stefanr@s5r6.in-berlin.de, | |
1827 | Greg Kroah-Hartman <gregkh@suse.de> | |
1828 | Subject: [patch 20/20] 1394: fix for recently added firewire patch that breaks things on ppc | |
1829 | Content-Disposition: inline; filename=1394-fix-for-recently-added-firewire-patch-that-breaks-things-on-ppc.patch | |
1830 | Content-Length: 1371 | |
1831 | Lines: 46 | |
1832 | ||
1833 | -stable review patch. If anyone has any objections, please let us know. | |
1834 | ||
1835 | ------------------ | |
1836 | From: Danny Tholen <obiwan@mailmij.org> | |
1837 | ||
1838 | Recently a patch was added for preliminary suspend/resume handling on | |
1839 | !PPC_PMAC. However, this broke both suspend and firewire on powerpc | |
1840 | because it saves the pci state after the device has already been disabled. | |
1841 | ||
1842 | This moves the save state to before the pmac specific code. | |
1843 | ||
1844 | Signed-off-by: Danny Tholen <obiwan@mailmij.org> | |
1845 | Cc: Stefan Richter <stefanr@s5r6.in-berlin.de> | |
1846 | Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> | |
1847 | Cc: Ben Collins <bcollins@ubuntu.com> | |
1848 | Cc: Jody McIntyre <scjody@modernduck.com> | |
1849 | Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> | |
1850 | Signed-off-by: Andrew Morton <akpm@osdl.org> | |
1851 | Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> | |
1852 | ||
1853 | --- | |
1854 | drivers/ieee1394/ohci1394.c | 4 ++-- | |
1855 | 1 file changed, 2 insertions(+), 2 deletions(-) | |
1856 | ||
1857 | --- linux-2.6.17.9.orig/drivers/ieee1394/ohci1394.c | |
1858 | +++ linux-2.6.17.9/drivers/ieee1394/ohci1394.c | |
1859 | @@ -3548,6 +3548,8 @@ static int ohci1394_pci_resume (struct p | |
1860 | ||
1861 | static int ohci1394_pci_suspend (struct pci_dev *pdev, pm_message_t state) | |
1862 | { | |
1863 | + pci_save_state(pdev); | |
1864 | + | |
1865 | #ifdef CONFIG_PPC_PMAC | |
1866 | if (machine_is(powermac)) { | |
1867 | struct device_node *of_node; | |
1868 | @@ -3559,8 +3561,6 @@ static int ohci1394_pci_suspend (struct | |
1869 | } | |
1870 | #endif | |
1871 | ||
1872 | - pci_save_state(pdev); | |
1873 | - | |
1874 | return 0; | |
1875 | } | |
1876 | ||
1877 | ||
1878 | -- | |
1879 |