--- /dev/null
+From gregkh@mini.kroah.org Wed Dec 12 22:46:18 2007
+Message-Id: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:18 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk
+Subject: [patch 00/60] 2.6.23-stable review
+Content-Length: 715
+Lines: 17
+
+This is the start of the stable review cycle for the 2.6.23.10 release.
+There are 60 patches in this series, all will be posted as a response to
+this one. If anyone has any issues with these being applied, please let
+us know. If anyone is a maintainer of the proper subsystem, and wants
+to add a Signed-off-by: line to the patch, please respond with it.
+
+These patches are sent out with a number of different people on the Cc:
+line. If you wish to be a reviewer, please email stable@kernel.org to
+add your name to the list. If you want to be off the reviewer list,
+also email us.
+
+Responses should be made by Friday, Dec 14 20:00:00 UTC. Anything
+received after that time might be too late.
+
+thanks,
+
+greg k-h
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:19 2007
+Message-Id: <20071213064618.919657506@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:19 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Marcelo Tosatti <marcelo@kvack.org>,
+ Marcelo Tosatti <mtosatti@redhat.com>,
+ "John W. Linville" <linville@tuxdriver.com>
+Subject: [patch 01/60] libertas: properly account for queue commands
+Content-Disposition: inline; filename=libertas-properly-account-for-queue-commands.patch
+Content-Length: 1697
+Lines: 57
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Marcelo Tosatti <marcelo@kvack.org>
+
+patch 29f5f2a19b055feabfcc6f92e1d40ec092c373ea in mainline.
+
+Properly account for queue commands, this fixes a problem reported
+by Holger Schurig when using the debugfs interface.
+
+Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
+Signed-off-by: John W. Linville <linville@tuxdriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/wireless/libertas/cmd.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+--- a/drivers/net/wireless/libertas/cmd.c
++++ b/drivers/net/wireless/libertas/cmd.c
+@@ -881,6 +881,10 @@ static int wlan_cmd_mesh_access(wlan_pri
+ return 0;
+ }
+
++/*
++ * Note: NEVER use libertas_queue_cmd() with addtail==0 other than for
++ * the command timer, because it does not account for queued commands.
++ */
+ void libertas_queue_cmd(wlan_adapter * adapter, struct cmd_ctrl_node *cmdnode, u8 addtail)
+ {
+ unsigned long flags;
+@@ -910,10 +914,11 @@ void libertas_queue_cmd(wlan_adapter * a
+
+ spin_lock_irqsave(&adapter->driver_lock, flags);
+
+- if (addtail)
++ if (addtail) {
+ list_add_tail((struct list_head *)cmdnode,
+ &adapter->cmdpendingq);
+- else
++ adapter->nr_cmd_pending++;
++ } else
+ list_add((struct list_head *)cmdnode, &adapter->cmdpendingq);
+
+ spin_unlock_irqrestore(&adapter->driver_lock, flags);
+@@ -1400,7 +1405,6 @@ int libertas_prepare_and_send_command(wl
+ cmdnode->cmdwaitqwoken = 0;
+
+ libertas_queue_cmd(adapter, cmdnode, 1);
+- adapter->nr_cmd_pending++;
+ wake_up_interruptible(&priv->mainthread.waitq);
+
+ if (wait_option & cmd_option_waitforrsp) {
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:19 2007
+Message-Id: <20071213064619.073487218@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:20 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ davem@davemloft.net
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Eric Dumazet <dada1@cosmosbay.com>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 02/60] NET: random : secure_tcp_sequence_number should not assume CONFIG_KTIME_SCALAR
+Content-Disposition: inline; filename=net-random-secure_tcp_sequence_number-should-not-assume-config_ktime_scalar.patch
+Content-Length: 1969
+Lines: 61
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Eric Dumazet <dada1@cosmosbay.com>
+
+[NET] random : secure_tcp_sequence_number should not assume CONFIG_KTIME_SCALAR
+
+[ Upstream commit: 6dd10a62353a50b30b30e0c18653650975b29c71 ]
+
+All 32 bits machines but i386 dont have CONFIG_KTIME_SCALAR. On these
+machines, ktime.tv64 is more than 4 times the (correct) result given
+by ktime_to_ns()
+
+Again on these machines, using ktime_get_real().tv64 >> 6 give a
+32bits rollover every 64 seconds, which is not wanted (less than the
+120 s MSL)
+
+Using ktime_to_ns() is the portable way to get nsecs from a ktime, and
+have correct code.
+
+Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/char/random.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -1494,7 +1494,7 @@ __u32 secure_tcpv6_sequence_number(__be3
+ seq = twothirdsMD4Transform((const __u32 *)daddr, hash) & HASH_MASK;
+ seq += keyptr->count;
+
+- seq += ktime_get_real().tv64;
++ seq += ktime_to_ns(ktime_get_real());
+
+ return seq;
+ }
+@@ -1556,7 +1556,7 @@ __u32 secure_tcp_sequence_number(__be32
+ * overlaps less than one time per MSL (2 minutes).
+ * Choosing a clock of 64 ns period is OK. (period of 274 s)
+ */
+- seq += ktime_get_real().tv64 >> 6;
++ seq += ktime_to_ns(ktime_get_real()) >> 6;
+ #if 0
+ printk("init_seq(%lx, %lx, %d, %d) = %d\n",
+ saddr, daddr, sport, dport, seq);
+@@ -1616,7 +1616,7 @@ u64 secure_dccp_sequence_number(__be32 s
+ seq = half_md4_transform(hash, keyptr->secret);
+ seq |= ((u64)keyptr->count) << (32 - HASH_BITS);
+
+- seq += ktime_get_real().tv64;
++ seq += ktime_to_ns(ktime_get_real());
+ seq &= (1ull << 48) - 1;
+ #if 0
+ printk("dccp init_seq(%lx, %lx, %d, %d) = %d\n",
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:19 2007
+Message-Id: <20071213064619.227658405@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:21 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ davem@davemloft.net
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Evgeniy Polyakov <johnpol@2ka.mipt.ru>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 03/60] NETFILTER: Fix NULL pointer dereference in nf_nat_move_storage()
+Content-Disposition: inline; filename=netfilter-fix-null-pointer-dereference-in-nf_nat_move_storage.patch
+Content-Length: 1684
+Lines: 49
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
+
+[NETFILTER]: Fix NULL pointer dereference in nf_nat_move_storage()
+
+[ Upstream commit: 7799652557d966e49512479f4d3b9079bbc01fff ]
+
+Reported by Chuck Ebbert as:
+
+ https://bugzilla.redhat.com/show_bug.cgi?id=259501#c14
+
+This routine is called each time hash should be replaced, nf_conn has
+extension list which contains pointers to connection tracking users
+(like nat, which is right now the only such user), so when replace takes
+place it should copy own extensions. Loop above checks for own
+extension, but tries to move higer-layer one, which can lead to above
+oops.
+
+Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+--- a/net/netfilter/nf_conntrack_extend.c
++++ b/net/netfilter/nf_conntrack_extend.c
+@@ -109,7 +109,7 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)
+ rcu_read_lock();
+ t = rcu_dereference(nf_ct_ext_types[i]);
+ if (t && t->move)
+- t->move(ct, ct->ext + ct->ext->offset[id]);
++ t->move(ct, ct->ext + ct->ext->offset[i]);
+ rcu_read_unlock();
+ }
+ kfree(ct->ext);
+--
+Visit Openswan at http://www.openswan.org/
+Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
+Home Page: http://gondor.apana.org.au/~herbert/
+PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
+
+_______________________________________________
+stable mailing list
+stable@linux.kernel.org
+http://linux.kernel.org/mailman/listinfo/stable
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:19 2007
+Message-Id: <20071213064619.383808447@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:22 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Christian Borntraeger <borntraeger@de.ibm.com>,
+ Jan Kara <jack@suse.cz>,
+ Nick Piggin <npiggin@suse.de>,
+ "Eric W. Biederman" <ebiederm@xmission.com>
+Subject: [patch 04/60] rd: fix data corruption on memory pressure Future of Linux 2.6.22.y series
+Content-Disposition: inline; filename=rd-fix-data-corruption-on-memory-pressure.patch
+Content-Length: 2551
+Lines: 69
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Christian Borntraeger <borntraeger@de.ibm.com>
+
+commit 5d0360ee96a5ef953dbea45873c2a8c87e77d59b upstream.
+
+We have seen ramdisk based install systems, where some pages of mapped
+libraries and programs were suddendly zeroed under memory pressure. This
+should not happen, as the ramdisk avoids freeing its pages by keeping
+them dirty all the time.
+
+It turns out that there is a case, where the VM makes a ramdisk page
+clean, without telling the ramdisk driver. On memory pressure
+shrink_zone runs and it starts to run shrink_active_list. There is a
+check for buffer_heads_over_limit, and if true, pagevec_strip is called.
+pagevec_strip calls try_to_release_page. If the mapping has no
+releasepage callback, try_to_free_buffers is called. try_to_free_buffers
+has now a special logic for some file systems to make a dirty page
+clean, if all buffers are clean. Thats what happened in our test case.
+
+The simplest solution is to provide a noop-releasepage callback for the
+ramdisk driver. This avoids try_to_free_buffers for ramdisk pages.
+
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Acked-by: Nick Piggin <npiggin@suse.de>
+Cc: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ drivers/block/rd.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+--- a/drivers/block/rd.c
++++ b/drivers/block/rd.c
+@@ -189,6 +189,18 @@ static int ramdisk_set_page_dirty(struct
+ return 0;
+ }
+
++/*
++ * releasepage is called by pagevec_strip/try_to_release_page if
++ * buffers_heads_over_limit is true. Without a releasepage function
++ * try_to_free_buffers is called instead. That can unset the dirty
++ * bit of our ram disk pages, which will be eventually freed, even
++ * if the page is still in use.
++ */
++static int ramdisk_releasepage(struct page *page, gfp_t dummy)
++{
++ return 0;
++}
++
+ static const struct address_space_operations ramdisk_aops = {
+ .readpage = ramdisk_readpage,
+ .prepare_write = ramdisk_prepare_write,
+@@ -196,6 +208,7 @@ static const struct address_space_operat
+ .writepage = ramdisk_writepage,
+ .set_page_dirty = ramdisk_set_page_dirty,
+ .writepages = ramdisk_writepages,
++ .releasepage = ramdisk_releasepage,
+ };
+
+ static int rd_blkdev_pagecache_IO(int rw, struct bio_vec *vec, sector_t sector,
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:19 2007
+Message-Id: <20071213064619.538038513@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:23 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Zou Nan hai <nanhai.zou@intel.com>,
+ Ingo Molnar <mingo@elte.hu>
+Subject: [patch 05/60] sched: some proc entries are missed in sched_domain sys_ctl debug code
+Content-Disposition: inline; filename=sched-some-proc-entries-are-missed-in-sched_domain-sys_ctl-debug-code.patch
+Content-Length: 1602
+Lines: 48
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Zou Nan hai <nanhai.zou@intel.com>
+
+patch ace8b3d633f93da8535921bf3e3679db3c619578 in mainline.
+
+cache_nice_tries and flags entry do not appear in proc fs sched_domain
+directory, because ctl_table entry is skipped.
+
+This patch fixes the issue.
+
+Signed-off-by: Zou Nan hai <nanhai.zou@intel.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/sched.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/kernel/sched.c
++++ b/kernel/sched.c
+@@ -5306,7 +5306,7 @@ set_table_entry(struct ctl_table *entry,
+ static struct ctl_table *
+ sd_alloc_ctl_domain_table(struct sched_domain *sd)
+ {
+- struct ctl_table *table = sd_alloc_ctl_entry(14);
++ struct ctl_table *table = sd_alloc_ctl_entry(12);
+
+ set_table_entry(&table[0], "min_interval", &sd->min_interval,
+ sizeof(long), 0644, proc_doulongvec_minmax);
+@@ -5326,10 +5326,10 @@ sd_alloc_ctl_domain_table(struct sched_d
+ sizeof(int), 0644, proc_dointvec_minmax);
+ set_table_entry(&table[8], "imbalance_pct", &sd->imbalance_pct,
+ sizeof(int), 0644, proc_dointvec_minmax);
+- set_table_entry(&table[10], "cache_nice_tries",
++ set_table_entry(&table[9], "cache_nice_tries",
+ &sd->cache_nice_tries,
+ sizeof(int), 0644, proc_dointvec_minmax);
+- set_table_entry(&table[12], "flags", &sd->flags,
++ set_table_entry(&table[10], "flags", &sd->flags,
+ sizeof(int), 0644, proc_dointvec_minmax);
+
+ return table;
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:19 2007
+Message-Id: <20071213064619.693054268@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:24 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ davem@davemloft.net
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 06/60] PKT_SCHED: Check subqueue status before calling hard_start_xmit
+Content-Disposition: inline; filename=pkt_sched-check-subqueue-status-before-calling-hard_start_xmit.patch
+Content-Length: 1941
+Lines: 54
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>
+
+[PKT_SCHED]: Check subqueue status before calling hard_start_xmit
+
+[ Upstream commit: 5f1a485d5905aa641f33009019b3699076666a4c ]
+
+The only qdiscs that check subqueue state before dequeue'ing are PRIO
+and RR. The other qdiscs, including the default pfifo_fast qdisc,
+will allow traffic bound for subqueue 0 through to hard_start_xmit.
+The check for netif_queue_stopped() is done above in pkt_sched.h, so
+it is unnecessary for qdisc_restart(). However, if the underlying
+driver is multiqueue capable, and only sets queue states on subqueues,
+this will allow packets to enter the driver when it's currently unable
+to process packets, resulting in expensive requeues and driver
+entries. This patch re-adds the check for the subqueue status before
+calling hard_start_xmit, so we can try and avoid the driver entry when
+the queues are stopped.
+
+Signed-off-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/sched/sch_generic.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/net/sched/sch_generic.c
++++ b/net/sched/sch_generic.c
+@@ -135,7 +135,7 @@ static inline int qdisc_restart(struct n
+ struct Qdisc *q = dev->qdisc;
+ struct sk_buff *skb;
+ unsigned lockless;
+- int ret;
++ int ret = NETDEV_TX_BUSY;
+
+ /* Dequeue packet */
+ if (unlikely((skb = dev_dequeue_skb(dev, q)) == NULL))
+@@ -158,7 +158,8 @@ static inline int qdisc_restart(struct n
+ /* And release queue */
+ spin_unlock(&dev->queue_lock);
+
+- ret = dev_hard_start_xmit(skb, dev);
++ if (!netif_subqueue_stopped(dev, skb->queue_mapping))
++ ret = dev_hard_start_xmit(skb, dev);
+
+ if (!lockless)
+ netif_tx_unlock(dev);
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:19 2007
+Message-Id: <20071213064619.848826307@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:25 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Thomas Gleixner <tglx@linutronix.de>,
+ Herbert Xu <herbert@gondor.apana.org.au>,
+ Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Subject: [patch 07/60] Fix synchronize_irq races with IRQ handler
+Content-Disposition: inline; filename=fix-synchronize_irq-races-with-irq-handler.patch
+Content-Length: 2196
+Lines: 80
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+patch a98ce5c6feead6bfedefabd46cb3d7f5be148d9a in mainline.
+
+Fix synchronize_irq races with IRQ handler
+
+As it is some callers of synchronize_irq rely on memory barriers
+to provide synchronisation against the IRQ handlers. For example,
+the tg3 driver does
+
+tp->irq_sync = 1;
+smp_mb();
+synchronize_irq();
+
+and then in the IRQ handler:
+
+if (!tp->irq_sync)
+ netif_rx_schedule(dev, &tp->napi);
+
+Unfortunately memory barriers only work well when they come in
+pairs. Because we don't actually have memory barriers on the
+IRQ path, the memory barrier before the synchronize_irq() doesn't
+actually protect us.
+
+In particular, synchronize_irq() may return followed by the
+result of netif_rx_schedule being made visible.
+
+This patch (mostly written by Linus) fixes this by using spin
+locks instead of memory barries on the synchronize_irq() path.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Chuck Ebbert <cebbert@redhat.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/irq/manage.c | 20 ++++++++++++++++++--
+ 1 file changed, 18 insertions(+), 2 deletions(-)
+
+--- a/kernel/irq/manage.c
++++ b/kernel/irq/manage.c
+@@ -29,12 +29,28 @@
+ void synchronize_irq(unsigned int irq)
+ {
+ struct irq_desc *desc = irq_desc + irq;
++ unsigned int status;
+
+ if (irq >= NR_IRQS)
+ return;
+
+- while (desc->status & IRQ_INPROGRESS)
+- cpu_relax();
++ do {
++ unsigned long flags;
++
++ /*
++ * Wait until we're out of the critical section. This might
++ * give the wrong answer due to the lack of memory barriers.
++ */
++ while (desc->status & IRQ_INPROGRESS)
++ cpu_relax();
++
++ /* Ok, that indicated we're done: double-check carefully. */
++ spin_lock_irqsave(&desc->lock, flags);
++ status = desc->status;
++ spin_unlock_irqrestore(&desc->lock, flags);
++
++ /* Oops, that failed? */
++ } while (status & IRQ_INPROGRESS);
+ }
+ EXPORT_SYMBOL(synchronize_irq);
+
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:20 2007
+Message-Id: <20071213064620.003730310@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:26 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Dmitry Torokhov <dmitry.torokhov@gmail.com>,
+ William Pettersson <william.pettersson@gmail.com>,
+ Dmitry Torokhov <dtor@mail.ru>
+Subject: [patch 08/60] Input: ALPS - add support for model found in Dell Vostro 1400
+Content-Disposition: inline; filename=input-alps-add-support-for-model-found-in-dell-vostro-1400.patch
+Content-Length: 1014
+Lines: 31
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: William Pettersson <william.pettersson@gmail.com>
+
+changeset dac4ae0daa1be36ab015973ed9e9dc04a2684395 in mainline.
+
+Input: ALPS - add support for model found in Dell Vostro 1400
+
+Signed-off-by: William Pettersson <william.pettersson@gmail.com>
+Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
+Cc: Chuck Ebbert <cebbert@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/input/mouse/alps.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/input/mouse/alps.c
++++ b/drivers/input/mouse/alps.c
+@@ -53,6 +53,7 @@ static const struct alps_model_info alps
+ { { 0x20, 0x02, 0x0e }, 0xf8, 0xf8, ALPS_PASS | ALPS_DUALPOINT }, /* XXX */
+ { { 0x22, 0x02, 0x0a }, 0xf8, 0xf8, ALPS_PASS | ALPS_DUALPOINT },
+ { { 0x22, 0x02, 0x14 }, 0xff, 0xff, ALPS_PASS | ALPS_DUALPOINT }, /* Dell Latitude D600 */
++ { { 0x73, 0x02, 0x50 }, 0xcf, 0xff, ALPS_FW_BK_1 } /* Dell Vostro 1400 */
+ };
+
+ /*
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:20 2007
+Message-Id: <20071213064620.165216320@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:27 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Dmitry Torokhov <dmitry.torokhov@gmail.com>,
+ Dmitry Torokhov <dtor@mail.ru>
+Subject: [patch 09/60] Input: ALPS - add signature for ThinkPad R61
+Content-Disposition: inline; filename=input-alps-add-signature-for-thinkpad-r61.patch
+Content-Length: 1077
+Lines: 30
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+
+changeset f493018ebc3f94d64e12bc848db0906700bf73a2 in mainline.
+
+Input: ALPS - add signature for ThinkPad R61
+
+Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
+Cc: Chuck Ebbert <cebbert@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/input/mouse/alps.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/input/mouse/alps.c
++++ b/drivers/input/mouse/alps.c
+@@ -48,6 +48,7 @@ static const struct alps_model_info alps
+ { { 0x63, 0x02, 0x50 }, 0xef, 0xef, ALPS_FW_BK_1 }, /* NEC Versa L320 */
+ { { 0x63, 0x02, 0x64 }, 0xf8, 0xf8, 0 },
+ { { 0x63, 0x03, 0xc8 }, 0xf8, 0xf8, ALPS_PASS }, /* Dell Latitude D800 */
++ { { 0x73, 0x00, 0x0a }, 0xf8, 0xf8, ALPS_DUALPOINT }, /* ThinkPad R61 8918-5QG */
+ { { 0x73, 0x02, 0x0a }, 0xf8, 0xf8, 0 },
+ { { 0x73, 0x02, 0x14 }, 0xf8, 0xf8, ALPS_FW_BK_2 }, /* Ahtec Laptop */
+ { { 0x20, 0x02, 0x0e }, 0xf8, 0xf8, ALPS_PASS | ALPS_DUALPOINT }, /* XXX */
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:20 2007
+Message-Id: <20071213064620.318443897@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:28 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ linux-usb@vger.kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Oliver Neukum <oneukum@suse.de>
+Subject: [patch 10/60] USB: make the microtek driver and HAL cooperate
+Content-Disposition: inline; filename=usb-make-the-microtek-driver-and-hal-cooperate.patch
+Content-Length: 832
+Lines: 32
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Oliver Neukum <oliver@neukum.org>
+
+patch 5cf1973a44bd298e3cfce6f6af8faa8c9d0a6d55 in mainline
+
+to make HAL like the microtek driver's devices the parent must be
+correctly set.
+
+Signed-off-by: Oliver Neukum <oneukum@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/image/microtek.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/usb/image/microtek.c
++++ b/drivers/usb/image/microtek.c
+@@ -824,7 +824,7 @@ static int mts_usb_probe(struct usb_inte
+ goto out_kfree2;
+
+ new_desc->host->hostdata[0] = (unsigned long)new_desc;
+- if (scsi_add_host(new_desc->host, NULL)) {
++ if (scsi_add_host(new_desc->host, &dev->dev)) {
+ err_retval = -EIO;
+ goto out_host_put;
+ }
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:20 2007
+Message-Id: <20071213064620.473408805@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:29 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ linux-usb@vger.kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ David Brownell <dbrownell@users.sourceforge.net>,
+ Dave Miller <davem@davemloft.net>,
+ Dely Sy <dely.l.sy@intel.com>,
+ Alan Stern <stern@rowland.harvard.edu>
+Subject: [patch 11/60] USB: fix up EHCI startup synchronization
+Content-Disposition: inline; filename=usb-fix-up-ehci-startup-synchronization.patch
+Content-Length: 1756
+Lines: 46
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: David Brownell <david-b@pacbell.net>
+
+patch 1cb52658b4f5b10a9e91f8e1c21ca2bcc1b9a3ca in mainline.
+
+A recent patch added software synchronization during EHCI startup,
+so ports aren't switched away from the companion controllers after
+resets have started. This patch adds a short delay letting hardware
+finish that port switching before any new resets begin ... so both
+ends of that hardware race window are closed.
+
+Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
+Cc: Dave Miller <davem@davemloft.net>
+Cc: Dely Sy <dely.l.sy@intel.com>
+Cc: Alan Stern <stern@rowland.harvard.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/host/ehci-hcd.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/host/ehci-hcd.c
++++ b/drivers/usb/host/ehci-hcd.c
+@@ -575,12 +575,15 @@ static int ehci_run (struct usb_hcd *hcd
+ * from the companions to the EHCI controller. If any of the
+ * companions are in the middle of a port reset at the time, it
+ * could cause trouble. Write-locking ehci_cf_port_reset_rwsem
+- * guarantees that no resets are in progress.
++ * guarantees that no resets are in progress. After we set CF,
++ * a short delay lets the hardware catch up; new resets shouldn't
++ * be started before the port switching actions could complete.
+ */
+ down_write(&ehci_cf_port_reset_rwsem);
+ hcd->state = HC_STATE_RUNNING;
+ ehci_writel(ehci, FLAG_CF, &ehci->regs->configured_flag);
+ ehci_readl(ehci, &ehci->regs->command); /* unblock posted writes */
++ msleep(5);
+ up_write(&ehci_cf_port_reset_rwsem);
+
+ temp = HC_VERSION(ehci_readl(ehci, &ehci->caps->hc_capbase));
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:20 2007
+Message-Id: <20071213064620.633010460@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:30 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Adrian Bunk <bunk@kernel.org>,
+ Willy Tarreau <wtarreau@hera.kernel.org>,
+ Hugh Dickins <hugh@veritas.com>
+Subject: [patch 12/60] tmpfs: restore missing clear_highpage
+Content-Disposition: inline; filename=tmpfs-restore-missing-clear_highpage.patch
+Content-Length: 1454
+Lines: 50
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Hugh Dickins <hugh@veritas.com>
+
+patch e84e2e132c9c66d8498e7710d4ea532d1feaaac5 in mainline
+
+tmpfs was misconverted to __GFP_ZERO in 2.6.11. There's an unusual case in
+which shmem_getpage receives the page from its caller instead of allocating.
+We must cover this case by clear_highpage before SetPageUptodate, as before.
+
+Signed-off-by: Hugh Dickins <hugh@veritas.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ mm/shmem.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/mm/shmem.c
++++ b/mm/shmem.c
+@@ -1071,7 +1071,7 @@ shmem_alloc_page(gfp_t gfp, struct shmem
+ pvma.vm_policy = mpol_shared_policy_lookup(&info->policy, idx);
+ pvma.vm_pgoff = idx;
+ pvma.vm_end = PAGE_SIZE;
+- page = alloc_page_vma(gfp | __GFP_ZERO, &pvma, 0);
++ page = alloc_page_vma(gfp, &pvma, 0);
+ mpol_free(pvma.vm_policy);
+ return page;
+ }
+@@ -1091,7 +1091,7 @@ shmem_swapin(struct shmem_inode_info *in
+ static inline struct page *
+ shmem_alloc_page(gfp_t gfp,struct shmem_inode_info *info, unsigned long idx)
+ {
+- return alloc_page(gfp | __GFP_ZERO);
++ return alloc_page(gfp);
+ }
+ #endif
+
+@@ -1304,6 +1304,7 @@ repeat:
+
+ info->alloced++;
+ spin_unlock(&info->lock);
++ clear_highpage(filepage);
+ flush_dcache_page(filepage);
+ SetPageUptodate(filepage);
+ }
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:20 2007
+Message-Id: <20071213064620.786650403@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:31 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ adlab@venustech.com.cn,
+ kkeil@suse.de
+Subject: [patch 13/60] I4L: fix isdn_ioctl memory overrun vulnerability
+Content-Disposition: inline; filename=i4l-fix-isdn_ioctl-memory-overrun-vulnerability.patch
+Content-Length: 1994
+Lines: 59
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Karsten Keil <kkeil@suse.de>
+
+patch eafe1aa37e6ec2d56f14732b5240c4dd09f0613a in mainline.
+
+Fix possible memory overrun issue in the isdn ioctl code. Found by ADLAB
+<adlab@venustech.com.cn>
+
+Signed-off-by: Karsten Keil <kkeil@suse.de>
+Cc: ADLAB <adlab@venustech.com.cn>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/isdn/i4l/isdn_common.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/isdn/i4l/isdn_common.c
++++ b/drivers/isdn/i4l/isdn_common.c
+@@ -1515,6 +1515,7 @@ isdn_ioctl(struct inode *inode, struct f
+ if (copy_from_user(&iocts, argp,
+ sizeof(isdn_ioctl_struct)))
+ return -EFAULT;
++ iocts.drvid[sizeof(iocts.drvid)-1] = 0;
+ if (strlen(iocts.drvid)) {
+ if ((p = strchr(iocts.drvid, ',')))
+ *p = 0;
+@@ -1599,6 +1600,7 @@ isdn_ioctl(struct inode *inode, struct f
+ if (copy_from_user(&iocts, argp,
+ sizeof(isdn_ioctl_struct)))
+ return -EFAULT;
++ iocts.drvid[sizeof(iocts.drvid)-1] = 0;
+ if (strlen(iocts.drvid)) {
+ drvidx = -1;
+ for (i = 0; i < ISDN_MAX_DRIVERS; i++)
+@@ -1643,7 +1645,7 @@ isdn_ioctl(struct inode *inode, struct f
+ } else {
+ p = (char __user *) iocts.arg;
+ for (i = 0; i < 10; i++) {
+- sprintf(bname, "%s%s",
++ snprintf(bname, sizeof(bname), "%s%s",
+ strlen(dev->drv[drvidx]->msn2eaz[i]) ?
+ dev->drv[drvidx]->msn2eaz[i] : "_",
+ (i < 9) ? "," : "\0");
+@@ -1673,6 +1675,7 @@ isdn_ioctl(struct inode *inode, struct f
+ char *p;
+ if (copy_from_user(&iocts, argp, sizeof(isdn_ioctl_struct)))
+ return -EFAULT;
++ iocts.drvid[sizeof(iocts.drvid)-1] = 0;
+ if (strlen(iocts.drvid)) {
+ if ((p = strchr(iocts.drvid, ',')))
+ *p = 0;
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:21 2007
+Message-Id: <20071213064620.941726086@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:32 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Ayaz Abdulla <aabdulla@nvidia.com>,
+ Jeff Garzik <jgarzik@redhat.com>
+Subject: [patch 14/60] forcedeth: new mcp79 pci ids
+Content-Disposition: inline; filename=forcedeth-new-mcp79-pci-ids.patch
+Content-Length: 2866
+Lines: 61
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Ayaz Abdulla <aabdulla@nvidia.com>
+
+patch 490dde8990c55662596a4be71b5070bd7d382d4a in mainline.
+
+This patch adds new device ids and features for mcp79 devices into the
+forcedeth driver.
+
+Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com>
+Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+index 92ce2e3..f9ba0ac 100644
+---
+ drivers/net/forcedeth.c | 16 ++++++++++++++++
+ include/linux/pci_ids.h | 4 ++++
+ 2 files changed, 20 insertions(+)
+
+--- a/drivers/net/forcedeth.c
++++ b/drivers/net/forcedeth.c
+@@ -5582,6 +5582,22 @@ static struct pci_device_id pci_tbl[] =
+ PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_35),
+ .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
+ },
++ { /* MCP79 Ethernet Controller */
++ PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_36),
++ .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
++ },
++ { /* MCP79 Ethernet Controller */
++ PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_37),
++ .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
++ },
++ { /* MCP79 Ethernet Controller */
++ PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_38),
++ .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
++ },
++ { /* MCP79 Ethernet Controller */
++ PCI_DEVICE(PCI_VENDOR_ID_NVIDIA, PCI_DEVICE_ID_NVIDIA_NVENET_39),
++ .driver_data = DEV_NEED_TIMERIRQ|DEV_NEED_LINKTIMER|DEV_HAS_CHECKSUM|DEV_HAS_HIGH_DMA|DEV_HAS_MSI|DEV_HAS_POWER_CNTRL|DEV_HAS_PAUSEFRAME_TX|DEV_HAS_STATISTICS_V2|DEV_HAS_TEST_EXTENDED|DEV_HAS_MGMT_UNIT,
++ },
+ {0,},
+ };
+
+--- a/include/linux/pci_ids.h
++++ b/include/linux/pci_ids.h
+@@ -1237,6 +1237,10 @@
+ #define PCI_DEVICE_ID_NVIDIA_NVENET_33 0x0761
+ #define PCI_DEVICE_ID_NVIDIA_NVENET_34 0x0762
+ #define PCI_DEVICE_ID_NVIDIA_NVENET_35 0x0763
++#define PCI_DEVICE_ID_NVIDIA_NVENET_36 0x0AB0
++#define PCI_DEVICE_ID_NVIDIA_NVENET_37 0x0AB1
++#define PCI_DEVICE_ID_NVIDIA_NVENET_38 0x0AB2
++#define PCI_DEVICE_ID_NVIDIA_NVENET_39 0x0AB3
+
+ #define PCI_VENDOR_ID_IMS 0x10e0
+ #define PCI_DEVICE_ID_IMS_TT128 0x9128
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:21 2007
+Message-Id: <20071213064621.093824754@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:33 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Ayaz Abdulla <aabdulla@nvidia.com>,
+ Alex Howells <astinus@gentoo.org>,
+ Jeff Garzik <jeff@garzik.org>
+Subject: [patch 15/60] forcedeth boot delay fix
+Content-Disposition: inline; filename=forcedeth-boot-delay-fix.patch
+Content-Length: 2161
+Lines: 58
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Ayaz Abdulla <aabdulla@nvidia.com>
+
+patch 9e555930bd873d238f5f7b9d76d3bf31e6e3ce93 in mainline.
+
+Fix a long boot delay in the forcedeth driver. During initialization, the
+timeout for the handshake between mgmt unit and driver can be very long.
+The patch reduces the timeout by eliminating a extra loop around the
+timeout logic.
+
+Addresses http://bugzilla.kernel.org/show_bug.cgi?id=9308
+
+Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com>
+Cc: Alex Howells <astinus@gentoo.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Jeff Garzik <jeff@garzik.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/forcedeth.c | 22 +++++++++-------------
+ 1 file changed, 9 insertions(+), 13 deletions(-)
+
+--- a/drivers/net/forcedeth.c
++++ b/drivers/net/forcedeth.c
+@@ -5280,19 +5280,15 @@ static int __devinit nv_probe(struct pci
+ if (readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_SYNC_PHY_INIT) {
+ np->mac_in_use = readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_MGMT_ST;
+ dprintk(KERN_INFO "%s: mgmt unit is running. mac in use %x.\n", pci_name(pci_dev), np->mac_in_use);
+- for (i = 0; i < 5000; i++) {
+- msleep(1);
+- if (nv_mgmt_acquire_sema(dev)) {
+- /* management unit setup the phy already? */
+- if ((readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_SYNC_MASK) ==
+- NVREG_XMITCTL_SYNC_PHY_INIT) {
+- /* phy is inited by mgmt unit */
+- phyinitialized = 1;
+- dprintk(KERN_INFO "%s: Phy already initialized by mgmt unit.\n", pci_name(pci_dev));
+- } else {
+- /* we need to init the phy */
+- }
+- break;
++ if (nv_mgmt_acquire_sema(dev)) {
++ /* management unit setup the phy already? */
++ if ((readl(base + NvRegTransmitterControl) & NVREG_XMITCTL_SYNC_MASK) ==
++ NVREG_XMITCTL_SYNC_PHY_INIT) {
++ /* phy is inited by mgmt unit */
++ phyinitialized = 1;
++ dprintk(KERN_INFO "%s: Phy already initialized by mgmt unit.\n", pci_name(pci_dev));
++ } else {
++ /* we need to init the phy */
+ }
+ }
+ }
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:21 2007
+Message-Id: <20071213064621.248614350@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:34 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Thomas Gleixner <tglx@linutronix.de>,
+ Ingo Molnar <mingo@elte.hu>
+Subject: [patch 16/60] hrtimers: avoid overflow for large relative timeouts (CVE-2007-5966)
+Content-Disposition: inline; filename=hrtimers-avoid-overflow-for-large-relative-timeouts.patch
+Content-Length: 1516
+Lines: 48
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Thomas Gleixner <tglx@linutronix.de>
+
+patch 62f0f61e6673e67151a7c8c0f9a09c7ea43fe2b5 in mainline
+
+Relative hrtimers with a large timeout value might end up as negative
+timer values, when the current time is added in hrtimer_start().
+
+This in turn is causing the clockevents_set_next() function to set an
+huge timeout and sleep for quite a long time when we have a clock
+source which is capable of long sleeps like HPET. With PIT this almost
+goes unnoticed as the maximum delta is ~27ms. The non-hrt/nohz code
+sorts this out in the next timer interrupt, so we never noticed that
+problem which has been there since the first day of hrtimers.
+
+This bug became more apparent in 2.6.24 which activates HPET on more
+hardware.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/hrtimer.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/kernel/hrtimer.c
++++ b/kernel/hrtimer.c
+@@ -826,6 +826,14 @@ hrtimer_start(struct hrtimer *timer, kti
+ #ifdef CONFIG_TIME_LOW_RES
+ tim = ktime_add(tim, base->resolution);
+ #endif
++ /*
++ * Careful here: User space might have asked for a
++ * very long sleep, so the add above might result in a
++ * negative number, which enqueues the timer in front
++ * of the queue.
++ */
++ if (tim.tv64 < 0)
++ tim.tv64 = KTIME_MAX;
+ }
+ timer->expires = tim;
+
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:21 2007
+Message-Id: <20071213064621.403941335@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:35 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ kvm-devel@lists.sourceforge.net,
+ Sheng Yang <sheng.yang@intel.com>,
+ Avi Kivity <avi@qumranet.com>
+Subject: [patch 17/60] KVM: x86 emulator: implement movnti mem, reg
+Content-Disposition: inline; filename=kvm-x86-emulator-implement-movnti-mem-reg.patch
+Content-Length: 1352
+Lines: 48
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Sheng Yang <sheng.yang@intel.com>
+
+patch a012e65aee48379a7a87eadafa74f878b61522b9 in mainline.
+
+Implement emulation of instruction:
+ movnti m32/m64, r32/r64
+ opcode: 0x0f 0xc3
+
+Needed to support Linux 2.6.16 as guest (used for mmio).
+
+Signed-off-by: Sheng Yang <sheng.yang@intel.com>
+Signed-off-by: Avi Kivity <avi@qumranet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/kvm/x86_emulate.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/drivers/kvm/x86_emulate.c
++++ b/drivers/kvm/x86_emulate.c
+@@ -198,7 +198,8 @@ static u16 twobyte_table[256] = {
+ 0, 0, ByteOp | DstReg | SrcMem | ModRM | Mov,
+ DstReg | SrcMem16 | ModRM | Mov,
+ /* 0xC0 - 0xCF */
+- 0, 0, 0, 0, 0, 0, 0, ImplicitOps | ModRM, 0, 0, 0, 0, 0, 0, 0, 0,
++ 0, 0, 0, DstMem | SrcReg | ModRM | Mov, 0, 0, 0, ImplicitOps | ModRM,
++ 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 0xD0 - 0xDF */
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ /* 0xE0 - 0xEF */
+@@ -1324,6 +1325,10 @@ twobyte_insn:
+ dst.bytes = op_bytes;
+ dst.val = (d & ByteOp) ? (s8) src.val : (s16) src.val;
+ break;
++ case 0xc3: /* movnti */
++ dst.bytes = op_bytes;
++ dst.val = (op_bytes == 4) ? (u32) src.val : (u64) src.val;
++ break;
+ }
+ goto writeback;
+
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:21 2007
+Message-Id: <20071213064621.558669397@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:36 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ kvm-devel@lists.sourceforge.net,
+ Avi Kivity <avi@qumranet.com>,
+ Aurelien Jarno <aurelien@aurel32.net>
+Subject: [patch 18/60] KVM: x86 emulator: fix access registers for instructions with ModR/M byte and Mod = 3
+Content-Disposition: inline; filename=kvm-x86-emulator-fix-access-registers-for-instructions-with-modr-m-byte-and-mod-3.patch
+Content-Length: 1585
+Lines: 59
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Aurelien Jarno <aurelien@aurel32.net>
+
+patch 4e62417bf317504c0b85e0d7abd236f334f54eaf in mainline.
+
+The patch belows changes the access type to register from memory for
+instructions that are declared as SrcMem or DstMem, but have a
+ModR/M byte with Mod = 3.
+
+It fixes (at least) the lmsw and smsw instructions on an AMD64 CPU,
+which are needed for FreeBSD.
+
+Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
+Signed-off-by: Avi Kivity <avi@qumranet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/kvm/x86_emulate.c | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+
+--- a/drivers/kvm/x86_emulate.c
++++ b/drivers/kvm/x86_emulate.c
+@@ -773,6 +773,14 @@ done_prefixes:
+ case SrcMem:
+ src.bytes = (d & ByteOp) ? 1 : op_bytes;
+ srcmem_common:
++ /*
++ * For instructions with a ModR/M byte, switch to register
++ * access if Mod = 3.
++ */
++ if ((d & ModRM) && modrm_mod == 3) {
++ src.type = OP_REG;
++ break;
++ }
+ src.type = OP_MEM;
+ src.ptr = (unsigned long *)cr2;
+ if ((rc = ops->read_emulated((unsigned long)src.ptr,
+@@ -839,6 +847,15 @@ done_prefixes:
+ dst.type = OP_MEM;
+ dst.ptr = (unsigned long *)cr2;
+ dst.bytes = (d & ByteOp) ? 1 : op_bytes;
++ dst.val = 0;
++ /*
++ * For instructions with a ModR/M byte, switch to register
++ * access if Mod = 3.
++ */
++ if ((d & ModRM) && modrm_mod == 3) {
++ dst.type = OP_REG;
++ break;
++ }
+ if (d & BitOp) {
+ unsigned long mask = ~(dst.bytes * 8 - 1);
+
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:21 2007
+Message-Id: <20071213064621.713606157@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:37 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ kvm-devel@lists.sourceforge.net,
+ Avi Kivity <avi@qumranet.com>
+Subject: [patch 19/60] KVM: x86 emulator: invd instruction
+Content-Disposition: inline; filename=kvm-x86-emulator-invd-instruction.patch
+Content-Length: 1101
+Lines: 39
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Avi Kivity <avi@qumranet.com>
+
+patch 651a3e29b3d19418d7a8a9787906061f9be7cc5f in mainline.
+
+Emulate the 'invd' instruction (opcode 0f 08).
+
+Signed-off-by: Avi Kivity <avi@qumranet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/kvm/x86_emulate.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/kvm/x86_emulate.c
++++ b/drivers/kvm/x86_emulate.c
+@@ -156,7 +156,7 @@ static u8 opcode_table[256] = {
+ static u16 twobyte_table[256] = {
+ /* 0x00 - 0x0F */
+ 0, SrcMem | ModRM | DstReg, 0, 0, 0, 0, ImplicitOps, 0,
+- 0, ImplicitOps, 0, 0, 0, ImplicitOps | ModRM, 0, 0,
++ ImplicitOps, ImplicitOps, 0, 0, 0, ImplicitOps | ModRM, 0, 0,
+ /* 0x10 - 0x1F */
+ 0, 0, 0, 0, 0, 0, 0, 0, ImplicitOps | ModRM, 0, 0, 0, 0, 0, 0, 0,
+ /* 0x20 - 0x2F */
+@@ -1353,6 +1353,8 @@ twobyte_special_insn:
+ /* Disable writeback. */
+ no_wb = 1;
+ switch (b) {
++ case 0x08: /* invd */
++ break;
+ case 0x09: /* wbinvd */
+ break;
+ case 0x0d: /* GrpP (prefetch) */
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:22 2007
+Message-Id: <20071213064621.868712082@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:38 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ kvm-devel@lists.sourceforge.net,
+ Avi Kivity <avi@qumranet.com>
+Subject: [patch 20/60] KVM: SVM: Intercept the invd and wbinvd instructions
+Content-Disposition: inline; filename=kvm-svm-intercept-the-invd-and-wbinvd-instructions.patch
+Content-Length: 1907
+Lines: 56
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Avi Kivity <avi@qumranet.com>
+
+patch cf5a94d1331b411b84414c13e43f578260942d6b in mainline.
+
+'invd' can destroy host data, and 'wbinvd' allows the guest to induce
+long (milliseconds) latencies.
+
+Noted by Ben Serebrin.
+
+Signed-off-by: Avi Kivity <avi@qumranet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/kvm/svm.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/kvm/svm.c
++++ b/drivers/kvm/svm.c
+@@ -506,6 +506,7 @@ static void init_vmcb(struct vmcb *vmcb)
+ */
+ /* (1ULL << INTERCEPT_SELECTIVE_CR0) | */
+ (1ULL << INTERCEPT_CPUID) |
++ (1ULL << INTERCEPT_INVD) |
+ (1ULL << INTERCEPT_HLT) |
+ (1ULL << INTERCEPT_INVLPGA) |
+ (1ULL << INTERCEPT_IOIO_PROT) |
+@@ -519,6 +520,7 @@ static void init_vmcb(struct vmcb *vmcb)
+ (1ULL << INTERCEPT_STGI) |
+ (1ULL << INTERCEPT_CLGI) |
+ (1ULL << INTERCEPT_SKINIT) |
++ (1ULL << INTERCEPT_WBINVD) |
+ (1ULL << INTERCEPT_MONITOR) |
+ (1ULL << INTERCEPT_MWAIT);
+
+@@ -1319,6 +1321,7 @@ static int (*svm_exit_handlers[])(struct
+ [SVM_EXIT_VINTR] = interrupt_window_interception,
+ /* [SVM_EXIT_CR0_SEL_WRITE] = emulate_on_interception, */
+ [SVM_EXIT_CPUID] = cpuid_interception,
++ [SVM_EXIT_INVD] = emulate_on_interception,
+ [SVM_EXIT_HLT] = halt_interception,
+ [SVM_EXIT_INVLPG] = emulate_on_interception,
+ [SVM_EXIT_INVLPGA] = invalid_op_interception,
+@@ -1333,6 +1336,7 @@ static int (*svm_exit_handlers[])(struct
+ [SVM_EXIT_STGI] = invalid_op_interception,
+ [SVM_EXIT_CLGI] = invalid_op_interception,
+ [SVM_EXIT_SKINIT] = invalid_op_interception,
++ [SVM_EXIT_WBINVD] = emulate_on_interception,
+ [SVM_EXIT_MONITOR] = invalid_op_interception,
+ [SVM_EXIT_MWAIT] = invalid_op_interception,
+ };
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:22 2007
+Message-Id: <20071213064622.022586985@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:39 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ kvm-devel@lists.sourceforge.net,
+ Amit Shah <amit.shah@qumranet.com>,
+ Avi Kivity <avi@qumranet.com>
+Subject: [patch 21/60] KVM: x86 emulator: Use emulator_write_emulated and not emulator_write_std
+Content-Disposition: inline; filename=kvm-x86-emulator-use-emulator_write_emulated-and-not-emulator_write_std.patch
+Content-Length: 987
+Lines: 35
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Amit Shah <amit.shah@qumranet.com>
+
+patch 00b2ef475d4728ca53a2bc788c7978042907e354 in mainline.
+
+emulator_write_std() is not implemented, and calling write_emulated should
+work just as well in place of write_std.
+
+Fixes emulator failures with the push r/m instruction.
+
+Signed-off-by: Amit Shah <amit.shah@qumranet.com>
+Signed-off-by: Avi Kivity <avi@qumranet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/kvm/x86_emulate.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/kvm/x86_emulate.c
++++ b/drivers/kvm/x86_emulate.c
+@@ -1066,7 +1066,7 @@ done_prefixes:
+ }
+ register_address_increment(_regs[VCPU_REGS_RSP],
+ -dst.bytes);
+- if ((rc = ops->write_std(
++ if ((rc = ops->write_emulated(
+ register_address(ctxt->ss_base,
+ _regs[VCPU_REGS_RSP]),
+ &dst.val, dst.bytes, ctxt)) != 0)
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:22 2007
+Message-Id: <20071213064622.175366365@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:40 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ kvm-devel@lists.sourceforge.net,
+ Marko Kohtala <marko.kohtala@gmail.com>,
+ Avi Kivity <avi@qumranet.com>
+Subject: [patch 22/60] KVM: Fix hang on uniprocessor
+Content-Disposition: inline; filename=kvm-fix-hang-on-uniprocessor.patch
+Content-Length: 1062
+Lines: 38
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Marko Kohtala <marko.kohtala@gmail.com>
+
+This is not in mainline, as it was fixed differently in that tree.
+
+first_cpu(cpus) returns the only CPU when NR_CPUS is 1 regardless of
+the cpus mask. Therefore we avoid a kernel hang in
+KVM_SET_MEMORY_REGION ioctl on uniprocessor by not entering the loop at
+all.
+
+Signed-off-by: Marko Kohtala <marko.kohtala@gmail.com>
+Signed-off-by: Avi Kivity <avi@qumranet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/kvm/kvm_main.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/kvm/kvm_main.c
++++ b/drivers/kvm/kvm_main.c
+@@ -273,6 +273,11 @@ void kvm_flush_remote_tlbs(struct kvm *k
+ }
+ }
+
++ /* Uniprocessor kernel does not respect cpus in first_cpu. So
++ * do not go there if we have nothing to do. */
++ if (cpus_empty(cpus))
++ return;
++
+ /*
+ * We really want smp_call_function_mask() here. But that's not
+ * available, so ipi all cpus in parallel and wait for them
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:22 2007
+Message-Id: <20071213064622.330044697@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:41 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ kvm-devel@lists.sourceforge.net,
+ Amit Shah <amit.shah@qumranet.com>,
+ Avi Kivity <avi@qumranet.com>
+Subject: [patch 23/60] KVM: SVM: Fix FPU leak while emulating clts
+Content-Disposition: inline; filename=kvm-svm-fix-fpu-leak-while-emulating-clts.patch
+Content-Length: 983
+Lines: 37
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Amit Shah <amit.shah@qumranet.com>
+
+patch 404fb881b82cf0cf6981832f8d31a7484e4dee81 in mainline.
+
+The clts code didn't use set_cr0 properly, so our lazy FPU
+processing wasn't being done by the clts instruction at all.
+
+(this isn't called on Intel as the hardware does the decode for us)
+
+Signed-off-by: Amit Shah <amit.shah@qumranet.com>
+Signed-off-by: Avi Kivity <avi@qumranet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/kvm/kvm_main.c | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+--- a/drivers/kvm/kvm_main.c
++++ b/drivers/kvm/kvm_main.c
+@@ -1163,10 +1163,7 @@ int emulate_invlpg(struct kvm_vcpu *vcpu
+
+ int emulate_clts(struct kvm_vcpu *vcpu)
+ {
+- unsigned long cr0;
+-
+- cr0 = vcpu->cr0 & ~CR0_TS_MASK;
+- kvm_arch_ops->set_cr0(vcpu, cr0);
++ kvm_arch_ops->set_cr0(vcpu, vcpu->cr0 & ~X86_CR0_TS);
+ return X86EMUL_CONTINUE;
+ }
+
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:22 2007
+Message-Id: <20071213064622.487370794@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:42 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ kvm-devel@lists.sourceforge.net,
+ Avi Kivity <avi@qumranet.com>
+Subject: [patch 24/60] KVM: Skip pio instruction when it is emulated, not executed
+Content-Disposition: inline; filename=kvm-skip-pio-instruction-when-it-is-emulated-not-executed.patch
+Content-Length: 1582
+Lines: 53
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Avi Kivity <avi@qumranet.com>
+
+patch 0967b7bf1c22b55777aba46ff616547feed0b141 in mainline.
+
+If we defer updating rip until pio instructions are executed, we have a
+problem with reset: a pio reset updates rip, and when the instruction
+completes we skip the emulated instruction, pointing rip somewhere completely
+unrelated.
+
+Fix by updating rip when we see decode the instruction, not after emulation.
+
+Signed-off-by: Avi Kivity <avi@qumranet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/kvm/kvm_main.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/kvm/kvm_main.c
++++ b/drivers/kvm/kvm_main.c
+@@ -1757,8 +1757,6 @@ static int complete_pio(struct kvm_vcpu
+ io->count -= io->cur_count;
+ io->cur_count = 0;
+
+- if (!io->count)
+- kvm_arch_ops->skip_emulated_instruction(vcpu);
+ return 0;
+ }
+
+@@ -1804,6 +1802,7 @@ int kvm_setup_pio(struct kvm_vcpu *vcpu,
+
+ pio_dev = vcpu_find_pio_dev(vcpu, port);
+ if (!string) {
++ kvm_arch_ops->skip_emulated_instruction(vcpu);
+ kvm_arch_ops->cache_regs(vcpu);
+ memcpy(vcpu->pio_data, &vcpu->regs[VCPU_REGS_RAX], 4);
+ kvm_arch_ops->decache_regs(vcpu);
+@@ -1850,6 +1849,9 @@ int kvm_setup_pio(struct kvm_vcpu *vcpu,
+ vcpu->run->io.count = now;
+ vcpu->pio.cur_count = now;
+
++ if (now == count)
++ kvm_arch_ops->skip_emulated_instruction(vcpu);
++
+ for (i = 0; i < nr_pages; ++i) {
+ spin_lock(&vcpu->kvm->lock);
+ page = gva_to_page(vcpu, address + i * PAGE_SIZE);
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:22 2007
+Message-Id: <20071213064622.644929475@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:43 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ kvm-devel@lists.sourceforge.net,
+ Avi Kivity <avi@qumranet.com>
+Subject: [patch 25/60] KVM: VMX: Force vm86 mode if setting flags during real mode
+Content-Disposition: inline; filename=kvm-vmx-force-vm86-mode-if-setting-flags-during-real-mode.patch
+Content-Length: 767
+Lines: 31
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Avi Kivity <avi@qumranet.com>
+
+patch 78f7826868da8e27d097802139a3fec39f47f3b8 in mainline.
+
+When resetting from userspace, we need to handle the flags being cleared
+even after we are in real mode.
+
+Signed-off-by: Avi Kivity <avi@qumranet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/kvm/vmx.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/kvm/vmx.c
++++ b/drivers/kvm/vmx.c
+@@ -463,6 +463,8 @@ static unsigned long vmx_get_rflags(stru
+
+ static void vmx_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags)
+ {
++ if (vcpu->rmode.active)
++ rflags |= IOPL_MASK | X86_EFLAGS_VM;
+ vmcs_writel(GUEST_RFLAGS, rflags);
+ }
+
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:22 2007
+Message-Id: <20071213064622.799139006@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:44 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ kvm-devel@lists.sourceforge.net,
+ Avi Kivity <avi@qumranet.com>,
+ Eddie Dong <eddie.dong@intel.com>,
+ Qing He <qing.he@intel.com>
+Subject: [patch 26/60] KVM: VMX: Reset mmu context when entering real mode
+Content-Disposition: inline; filename=kvm-vmx-reset-mmu-context-when-entering-real-mode.patch
+Content-Length: 1310
+Lines: 48
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Eddie Dong <eddie.dong@intel.com>
+
+patch 8668a3c468ed55d19514117a5a959d91d3d03823 in mainline.
+
+Resetting an SMP guest will force AP enter real mode (RESET) with
+paging enabled in protected mode. While current enter_rmode() can
+only handle mode switch from nonpaging mode to real mode which leads
+to SMP reboot failure.
+
+Fix by reloading the mmu context on entering real mode.
+
+Signed-off-by: Yaozu (Eddie) Dong <eddie.dong@intel.com>
+Signed-off-by: Qing He <qing.he@intel.com>
+Signed-off-by: Avi Kivity <avi@qumranet.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/kvm/mmu.c | 1 +
+ drivers/kvm/vmx.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+--- a/drivers/kvm/mmu.c
++++ b/drivers/kvm/mmu.c
+@@ -1066,6 +1066,7 @@ int kvm_mmu_reset_context(struct kvm_vcp
+ destroy_kvm_mmu(vcpu);
+ return init_kvm_mmu(vcpu);
+ }
++EXPORT_SYMBOL_GPL(kvm_mmu_reset_context);
+
+ int kvm_mmu_load(struct kvm_vcpu *vcpu)
+ {
+--- a/drivers/kvm/vmx.c
++++ b/drivers/kvm/vmx.c
+@@ -957,6 +957,7 @@ static void enter_rmode(struct kvm_vcpu
+ fix_rmode_seg(VCPU_SREG_GS, &vcpu->rmode.gs);
+ fix_rmode_seg(VCPU_SREG_FS, &vcpu->rmode.fs);
+
++ kvm_mmu_reset_context(vcpu);
+ init_rmode_tss(vcpu->kvm);
+ }
+
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:23 2007
+Message-Id: <20071213064622.959170000@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:45 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ Michael Tokarev <mjt@tls.msk.ru>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ "H. Peter Anvin" <hpa@zytor.com>
+Subject: [patch 27/60] x86 setup: add a near jump to serialize %cr0 on 386/486
+Content-Disposition: inline; filename=x86-setup-add-a-near-jump-to-serialize-cr0-on-386-486.patch
+Content-Length: 979
+Lines: 39
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: H. Peter Anvin <hpa@zytor.com>
+
+patch 7ed192906a2144ebc8ca2925a85d27b9c5355668 in mainline.
+
+The 386 and 486 needs a jump immediately after setting %cr0 in order
+to serialize the pipeline.
+
+Signed-off-by: H. Peter Anvin <hpa@zytor.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/i386/boot/pmjump.S | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/i386/boot/pmjump.S
++++ b/arch/i386/boot/pmjump.S
+@@ -31,14 +31,14 @@ protected_mode_jump:
+ xorl %ebx, %ebx # Flag to indicate this is a boot
+ movl %edx, %esi # Pointer to boot_params table
+ movl %eax, 2f # Patch ljmpl instruction
+- jmp 1f # Short jump to flush instruction q.
+
+-1:
+ movw $__BOOT_DS, %cx
+
+ movl %cr0, %edx
+ orb $1, %dl # Protected mode (PE) bit
+ movl %edx, %cr0
++ jmp 1f # Short jump to serialize on 386/486
++1:
+
+ movw %cx, %ds
+ movw %cx, %es
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:23 2007
+Message-Id: <20071213064623.112281425@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:46 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Karsten Keil <kkeil@suse.de>
+Subject: [patch 28/60] isdn: avoid copying overly-long strings
+Content-Disposition: inline; filename=isdn-avoid-copying-overly-long-strings.patch
+Content-Length: 1771
+Lines: 59
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Karsten Keil <kkeil@suse.de>
+
+patch 0f13864e5b24d9cbe18d125d41bfa4b726a82e40 in mainline.
+
+Addresses http://bugzilla.kernel.org/show_bug.cgi?id=9416
+
+Signed-off-by: Karsten Keil <kkeil@suse.de>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/isdn/i4l/isdn_net.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/isdn/i4l/isdn_net.c
++++ b/drivers/isdn/i4l/isdn_net.c
+@@ -2126,7 +2126,7 @@ isdn_net_find_icall(int di, int ch, int
+ u_long flags;
+ isdn_net_dev *p;
+ isdn_net_phone *n;
+- char nr[32];
++ char nr[ISDN_MSNLEN];
+ char *my_eaz;
+
+ /* Search name in netdev-chain */
+@@ -2135,7 +2135,7 @@ isdn_net_find_icall(int di, int ch, int
+ nr[1] = '\0';
+ printk(KERN_INFO "isdn_net: Incoming call without OAD, assuming '0'\n");
+ } else
+- strcpy(nr, setup->phone);
++ strlcpy(nr, setup->phone, ISDN_MSNLEN);
+ si1 = (int) setup->si1;
+ si2 = (int) setup->si2;
+ if (!setup->eazmsn[0]) {
+@@ -2802,7 +2802,7 @@ isdn_net_setcfg(isdn_net_ioctl_cfg * cfg
+ chidx = -1;
+ }
+ }
+- strcpy(lp->msn, cfg->eaz);
++ strlcpy(lp->msn, cfg->eaz, sizeof(lp->msn));
+ lp->pre_device = drvidx;
+ lp->pre_channel = chidx;
+ lp->onhtime = cfg->onhtime;
+@@ -2951,7 +2951,7 @@ isdn_net_addphone(isdn_net_ioctl_phone *
+ if (p) {
+ if (!(n = kmalloc(sizeof(isdn_net_phone), GFP_KERNEL)))
+ return -ENOMEM;
+- strcpy(n->num, phone->phone);
++ strlcpy(n->num, phone->phone, sizeof(n->num));
+ n->next = p->local->phone[phone->outgoing & 1];
+ p->local->phone[phone->outgoing & 1] = n;
+ return 0;
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:23 2007
+Message-Id: <20071213064623.270391394@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:47 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Steven Rostedt <srostedt@redhat.com>,
+ Ingo Molnar <mingo@elte.hu>,
+ Thomas Gleixner <tglx@linutronix.de>
+Subject: [patch 29/60] futex: fix for futex_wait signal stack corruption
+Content-Disposition: inline; filename=futex-fix-for-futex_wait-signal-stack-corruption.patch
+Content-Length: 7255
+Lines: 217
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+>From Steven Rostedt <srostedt@redhat.com>
+
+patch ce6bd420f43b28038a2c6e8fbb86ad24014727b6 in mainline.
+
+David Holmes found a bug in the -rt tree with respect to
+pthread_cond_timedwait. After trying his test program on the latest git
+from mainline, I found the bug was there too. The bug he was seeing
+that his test program showed, was that if one were to do a "Ctrl-Z" on a
+process that was in the pthread_cond_timedwait, and then did a "bg" on
+that process, it would return with a "-ETIMEDOUT" but early. That is,
+the timer would go off early.
+
+Looking into this, I found the source of the problem. And it is a rather
+nasty bug at that.
+
+Here's the relevant code from kernel/futex.c: (not in order in the file)
+
+[...]
+smlinkage long sys_futex(u32 __user *uaddr, int op, u32 val,
+ struct timespec __user *utime, u32 __user *uaddr2,
+ u32 val3)
+{
+ struct timespec ts;
+ ktime_t t, *tp = NULL;
+ u32 val2 = 0;
+ int cmd = op & FUTEX_CMD_MASK;
+
+ if (utime && (cmd == FUTEX_WAIT || cmd == FUTEX_LOCK_PI)) {
+ if (copy_from_user(&ts, utime, sizeof(ts)) != 0)
+ return -EFAULT;
+ if (!timespec_valid(&ts))
+ return -EINVAL;
+
+ t = timespec_to_ktime(ts);
+ if (cmd == FUTEX_WAIT)
+ t = ktime_add(ktime_get(), t);
+ tp = &t;
+ }
+[...]
+ return do_futex(uaddr, op, val, tp, uaddr2, val2, val3);
+}
+
+[...]
+
+long do_futex(u32 __user *uaddr, int op, u32 val, ktime_t *timeout,
+ u32 __user *uaddr2, u32 val2, u32 val3)
+{
+ int ret;
+ int cmd = op & FUTEX_CMD_MASK;
+ struct rw_semaphore *fshared = NULL;
+
+ if (!(op & FUTEX_PRIVATE_FLAG))
+ fshared = ¤t->mm->mmap_sem;
+
+ switch (cmd) {
+ case FUTEX_WAIT:
+ ret = futex_wait(uaddr, fshared, val, timeout);
+
+[...]
+
+static int futex_wait(u32 __user *uaddr, struct rw_semaphore *fshared,
+ u32 val, ktime_t *abs_time)
+{
+[...]
+ struct restart_block *restart;
+ restart = ¤t_thread_info()->restart_block;
+ restart->fn = futex_wait_restart;
+ restart->arg0 = (unsigned long)uaddr;
+ restart->arg1 = (unsigned long)val;
+ restart->arg2 = (unsigned long)abs_time;
+ restart->arg3 = 0;
+ if (fshared)
+ restart->arg3 |= ARG3_SHARED;
+ return -ERESTART_RESTARTBLOCK;
+[...]
+
+static long futex_wait_restart(struct restart_block *restart)
+{
+ u32 __user *uaddr = (u32 __user *)restart->arg0;
+ u32 val = (u32)restart->arg1;
+ ktime_t *abs_time = (ktime_t *)restart->arg2;
+ struct rw_semaphore *fshared = NULL;
+
+ restart->fn = do_no_restart_syscall;
+ if (restart->arg3 & ARG3_SHARED)
+ fshared = ¤t->mm->mmap_sem;
+ return (long)futex_wait(uaddr, fshared, val, abs_time);
+}
+
+So when the futex_wait is interrupt by a signal we break out of the
+hrtimer code and set up or return from signal. This code does not return
+back to userspace, so we set up a RESTARTBLOCK. The bug here is that we
+save the "abs_time" which is a pointer to the stack variable "ktime_t t"
+from sys_futex.
+
+This returns and unwinds the stack before we get to call our signal. On
+return from the signal we go to futex_wait_restart, where we update all
+the parameters for futex_wait and call it. But here we have a problem
+where abs_time is no longer valid.
+
+I verified this with print statements, and sure enough, what abs_time
+was set to ends up being garbage when we get to futex_wait_restart.
+
+The solution I did to solve this (with input from Linus Torvalds)
+was to add unions to the restart_block to allow system calls to
+use the restart with specific parameters. This way the futex code now
+saves the time in a 64bit value in the restart block instead of storing
+it on the stack.
+
+Note: I'm a bit nervious to add "linux/types.h" and use u32 and u64
+in thread_info.h, when there's a #ifdef __KERNEL__ just below that.
+Not sure what that is there for. If this turns out to be a problem, I've
+tested this with using "unsigned int" for u32 and "unsigned long long" for
+u64 and it worked just the same. I'm using u32 and u64 just to be
+consistent with what the futex code uses.
+
+Signed-off-by: Steven Rostedt <srostedt@redhat.com>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/linux/thread_info.h | 17 +++++++++++++++--
+ kernel/futex.c | 25 +++++++++++++------------
+ 2 files changed, 28 insertions(+), 14 deletions(-)
+
+--- a/include/linux/thread_info.h
++++ b/include/linux/thread_info.h
+@@ -7,12 +7,25 @@
+ #ifndef _LINUX_THREAD_INFO_H
+ #define _LINUX_THREAD_INFO_H
+
++#include <linux/types.h>
++
+ /*
+- * System call restart block.
++ * System call restart block.
+ */
+ struct restart_block {
+ long (*fn)(struct restart_block *);
+- unsigned long arg0, arg1, arg2, arg3;
++ union {
++ struct {
++ unsigned long arg0, arg1, arg2, arg3;
++ };
++ /* For futex_wait */
++ struct {
++ u32 *uaddr;
++ u32 val;
++ u32 flags;
++ u64 time;
++ } futex;
++ };
+ };
+
+ extern long do_no_restart_syscall(struct restart_block *parm);
+--- a/kernel/futex.c
++++ b/kernel/futex.c
+@@ -1149,9 +1149,9 @@ static int fixup_pi_state_owner(u32 __us
+
+ /*
+ * In case we must use restart_block to restart a futex_wait,
+- * we encode in the 'arg3' shared capability
++ * we encode in the 'flags' shared capability
+ */
+-#define ARG3_SHARED 1
++#define FLAGS_SHARED 1
+
+ static long futex_wait_restart(struct restart_block *restart);
+
+@@ -1290,12 +1290,13 @@ static int futex_wait(u32 __user *uaddr,
+ struct restart_block *restart;
+ restart = ¤t_thread_info()->restart_block;
+ restart->fn = futex_wait_restart;
+- restart->arg0 = (unsigned long)uaddr;
+- restart->arg1 = (unsigned long)val;
+- restart->arg2 = (unsigned long)abs_time;
+- restart->arg3 = 0;
++ restart->futex.uaddr = (u32 *)uaddr;
++ restart->futex.val = val;
++ restart->futex.time = abs_time->tv64;
++ restart->futex.flags = 0;
++
+ if (fshared)
+- restart->arg3 |= ARG3_SHARED;
++ restart->futex.flags |= FLAGS_SHARED;
+ return -ERESTART_RESTARTBLOCK;
+ }
+
+@@ -1310,15 +1311,15 @@ static int futex_wait(u32 __user *uaddr,
+
+ static long futex_wait_restart(struct restart_block *restart)
+ {
+- u32 __user *uaddr = (u32 __user *)restart->arg0;
+- u32 val = (u32)restart->arg1;
+- ktime_t *abs_time = (ktime_t *)restart->arg2;
++ u32 __user *uaddr = (u32 __user *)restart->futex.uaddr;
+ struct rw_semaphore *fshared = NULL;
++ ktime_t t;
+
++ t.tv64 = restart->futex.time;
+ restart->fn = do_no_restart_syscall;
+- if (restart->arg3 & ARG3_SHARED)
++ if (restart->futex.flags & FLAGS_SHARED)
+ fshared = ¤t->mm->mmap_sem;
+- return (long)futex_wait(uaddr, fshared, val, abs_time);
++ return (long)futex_wait(uaddr, fshared, restart->futex.val, &t);
+ }
+
+
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:23 2007
+Message-Id: <20071213064623.425820354@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:48 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ "Rafael J. Wysocki" <rjw@sisk.pl>,
+ Pavel Machek <pavel@ucw.cz>,
+ Franck Bui-Huu <vagabon.xyz@gmail.com>,
+ Nigel Cunningham <nigel@nigel.suspend2.net>,
+ Len Brown <len.brown@intel.com>
+Subject: [patch 30/60] Freezer: Fix APM emulation breakage
+Content-Disposition: inline; filename=freezer-fix-apm-emulation-breakage.patch
+Content-Length: 2349
+Lines: 75
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Rafael J. Wysocki <rjw@sisk.pl>
+
+patch cb43c54ca05c01533c45e4d3abfe8f99b7acf624 in mainline.
+
+The APM emulation is currently broken as a result of commit
+831441862956fffa17b9801db37e6ea1650b0f69
+"Freezer: make kernel threads nonfreezable by default"
+that removed the PF_NOFREEZE annotations from apm_ioctl() without adding
+the appropriate freezer hooks. Fix it and remove the unnecessary variable flags
+from apm_ioctl().
+
+Special thanks to Franck Bui-Huu <vagabon.xyz@gmail.com> for pointing out the
+problem.
+
+Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
+Cc: Pavel Machek <pavel@ucw.cz>
+Cc: Franck Bui-Huu <vagabon.xyz@gmail.com>
+Cc: Nigel Cunningham <nigel@nigel.suspend2.net>
+Signed-off-by: Len Brown <len.brown@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/char/apm-emulation.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+--- a/drivers/char/apm-emulation.c
++++ b/drivers/char/apm-emulation.c
+@@ -295,7 +295,6 @@ static int
+ apm_ioctl(struct inode * inode, struct file *filp, u_int cmd, u_long arg)
+ {
+ struct apm_user *as = filp->private_data;
+- unsigned long flags;
+ int err = -EINVAL;
+
+ if (!as->suser || !as->writer)
+@@ -331,10 +330,16 @@ apm_ioctl(struct inode * inode, struct f
+ * Wait for the suspend/resume to complete. If there
+ * are pending acknowledges, we wait here for them.
+ */
+- flags = current->flags;
++ freezer_do_not_count();
+
+ wait_event(apm_suspend_waitqueue,
+ as->suspend_state == SUSPEND_DONE);
++
++ /*
++ * Since we are waiting until the suspend is done, the
++ * try_to_freeze() in freezer_count() will not trigger
++ */
++ freezer_count();
+ } else {
+ as->suspend_state = SUSPEND_WAIT;
+ mutex_unlock(&state_lock);
+@@ -362,14 +367,10 @@ apm_ioctl(struct inode * inode, struct f
+ * Wait for the suspend/resume to complete. If there
+ * are pending acknowledges, we wait here for them.
+ */
+- flags = current->flags;
+-
+- wait_event_interruptible(apm_suspend_waitqueue,
++ wait_event_freezable(apm_suspend_waitqueue,
+ as->suspend_state == SUSPEND_DONE);
+ }
+
+- current->flags = flags;
+-
+ mutex_lock(&state_lock);
+ err = as->suspend_result;
+ as->suspend_state = SUSPEND_NONE;
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:23 2007
+Message-Id: <20071213064623.582270102@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:49 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ trenn@suse.de,
+ yakui.zhao@intel.com,
+ shaohua.li@intel.com,
+ bjorn.helgaas@hp.com
+Subject: [patch 31/60] PNP: increase the maximum number of resources
+Content-Disposition: inline; filename=pnp-increase-the-maximum-number-of-resources.patch
+Content-Length: 2850
+Lines: 91
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Zhao Yakui <yakui.zhao@intel.com>
+
+patch a7839e960675b549f06209d18283d5cee2ce9261 in mainline.
+
+On some systems the number of resources(IO,MEM) returnedy by PNP device is
+greater than the PNP constant, for example motherboard devices. It brings
+that some resources can't be reserved and resource confilicts. This will
+cause PCI resources are assigned wrongly in some systems, and cause hang.
+This is a regression since we deleted ACPI motherboard driver and use PNP
+system driver.
+
+[akpm@linux-foundation.org: fix text and coding-style a bit]
+Signed-off-by: Li Shaohua <shaohua.li@intel.com>
+Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
+Cc: Bjorn Helgaas <bjorn.helgaas@hp.com>
+Cc: Thomas Renninger <trenn@suse.de>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/pnp/pnpacpi/rsparser.c | 15 +++++++++++++--
+ include/linux/pnp.h | 4 ++--
+ 2 files changed, 15 insertions(+), 4 deletions(-)
+
+--- a/drivers/pnp/pnpacpi/rsparser.c
++++ b/drivers/pnp/pnpacpi/rsparser.c
+@@ -82,9 +82,11 @@ static void pnpacpi_parse_allocated_irqr
+ while (!(res->irq_resource[i].flags & IORESOURCE_UNSET) &&
+ i < PNP_MAX_IRQ)
+ i++;
+- if (i >= PNP_MAX_IRQ)
++ if (i >= PNP_MAX_IRQ) {
++ printk(KERN_ERR "pnpacpi: exceeded the max number of IRQ "
++ "resources: %d \n", PNP_MAX_IRQ);
+ return;
+-
++ }
+ res->irq_resource[i].flags = IORESOURCE_IRQ; // Also clears _UNSET flag
+ res->irq_resource[i].flags |= irq_flags(triggering, polarity);
+ irq = acpi_register_gsi(gsi, triggering, polarity);
+@@ -163,6 +165,9 @@ static void pnpacpi_parse_allocated_dmar
+ }
+ res->dma_resource[i].start = dma;
+ res->dma_resource[i].end = dma;
++ } else {
++ printk(KERN_ERR "pnpacpi: exceeded the max number of DMA "
++ "resources: %d \n", PNP_MAX_DMA);
+ }
+ }
+
+@@ -184,6 +189,9 @@ static void pnpacpi_parse_allocated_iore
+ }
+ res->port_resource[i].start = io;
+ res->port_resource[i].end = io + len - 1;
++ } else {
++ printk(KERN_ERR "pnpacpi: exceeded the max number of IO "
++ "resources: %d \n", PNP_MAX_PORT);
+ }
+ }
+
+@@ -207,6 +215,9 @@ static void pnpacpi_parse_allocated_memr
+
+ res->mem_resource[i].start = mem;
+ res->mem_resource[i].end = mem + len - 1;
++ } else {
++ printk(KERN_ERR "pnpacpi: exceeded the max number of mem "
++ "resources: %d\n", PNP_MAX_MEM);
+ }
+ }
+
+--- a/include/linux/pnp.h
++++ b/include/linux/pnp.h
+@@ -13,8 +13,8 @@
+ #include <linux/errno.h>
+ #include <linux/mod_devicetable.h>
+
+-#define PNP_MAX_PORT 8
+-#define PNP_MAX_MEM 4
++#define PNP_MAX_PORT 24
++#define PNP_MAX_MEM 12
+ #define PNP_MAX_IRQ 2
+ #define PNP_MAX_DMA 2
+ #define PNP_NAME_LEN 50
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:23 2007
+Message-Id: <20071213064623.739377793@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:50 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ oleg@tv-sign.ru,
+ roland@redhat.com,
+ scott@ubuntu.com
+Subject: [patch 32/60] wait_task_stopped(): pass correct exit_code to wait_noreap_copyout()
+Content-Disposition: inline; filename=wait_task_stopped-pass-correct-exit_code-to-wait_noreap_copyout.patch
+Content-Length: 1463
+Lines: 45
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Scott James Remnant <scott@ubuntu.com>
+
+patch e6ceb32aa25fc33f21af84cc7a32fe289b3e860c in mainline.
+
+In wait_task_stopped() exit_code already contains the right value for the
+si_status member of siginfo, and this is simply set in the non WNOWAIT
+case.
+
+If you call waitid() with a stopped or traced process, you'll get the signal
+in siginfo.si_status as expected -- however if you call waitid(WNOWAIT) at the
+same time, you'll get the signal << 8 | 0x7f
+
+Pass it unchanged to wait_noreap_copyout(); we would only need to shift it
+and add 0x7f if we were returning it in the user status field and that
+isn't used for any function that permits WNOWAIT.
+
+Signed-off-by: Scott James Remnant <scott@ubuntu.com>
+Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
+Cc: Roland McGrath <roland@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/exit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/exit.c
++++ b/kernel/exit.c
+@@ -1365,7 +1365,7 @@ static int wait_task_stopped(struct task
+ if (unlikely(!exit_code) || unlikely(p->exit_state))
+ goto bail_ref;
+ return wait_noreap_copyout(p, pid, uid,
+- why, (exit_code << 8) | 0x7f,
++ why, exit_code,
+ infop, ru);
+ }
+
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:24 2007
+Message-Id: <20071213064623.894140289@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:51 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ rleigh@whinlatter.ukfsn.org,
+ benh@kernel.crashing.org,
+ mb@bu3sch.de,
+ khali@linux-fr.org,
+ adaplas@pol.net
+Subject: [patch 33/60] fb_ddc: fix DDC lines quirk
+Content-Disposition: inline; filename=fb_ddc-fix-ddc-lines-quirk.patch
+Content-Length: 3258
+Lines: 90
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Jean Delvare <khali@linux-fr.org>
+
+patch b64d70825abbf706bbe80be1b11b09514b71f45e in mainline.
+
+The code in fb_ddc_read() is said to be based on the implementation of the
+radeon driver:
+http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=fc5891c8a3ba284f13994d7bc1f1bfa8283982de
+
+However, comparing the old radeon driver code with the new fb_ddc code
+reveals some differences. Most notably, the I2C bus lines are held at the
+end of the function, while the original code was releasing them (as the
+comment above correctly says.)
+
+There are a few other differences, which appear to be responsible for read
+failures on my system. While tracing low-level I2C code in i2c-algo-bit, I
+noticed that the initial attempt to read the EDID always failed. It takes
+one retry for the read to succeed. As we are about to remove this
+automatic retry property from i2c-algo-bit, reading the EDID would really
+fail.
+
+As a summary, the I2C lines quirk which is supposedly needed to read EDID
+on some older monitors is currently breaking the (first) read on all other
+monitors (and might not even work with older ones - did anyone try since
+October 2006?)
+
+After applying the patch below, which makes the code in fb_ddc_read()
+really similar to what the radeon driver used to have, the first EDID read
+succeeds again.
+
+On top of that, as it appears that this code has been broken for one year
+now and nobody seems to have complained, I'm curious if it makes sense to
+keep this quirk in place. It makes the code more complex and slower just
+for the sake of monitors which I guess nobody uses anymore. Can't we just
+get rid of it?
+
+Signed-off-by: Jean Delvare <khali@linux-fr.org>
+Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Tested-by: Roger Leigh <rleigh@whinlatter.ukfsn.org>
+Tested-by: Michael Buesch <mb@bu3sch.de>
+Cc: "Antonino A. Daplas" <adaplas@pol.net>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/video/fb_ddc.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/video/fb_ddc.c
++++ b/drivers/video/fb_ddc.c
+@@ -56,13 +56,12 @@ unsigned char *fb_ddc_read(struct i2c_ad
+ int i, j;
+
+ algo_data->setscl(algo_data->data, 1);
+- algo_data->setscl(algo_data->data, 0);
+
+ for (i = 0; i < 3; i++) {
+ /* For some old monitors we need the
+ * following process to initialize/stop DDC
+ */
+- algo_data->setsda(algo_data->data, 0);
++ algo_data->setsda(algo_data->data, 1);
+ msleep(13);
+
+ algo_data->setscl(algo_data->data, 1);
+@@ -97,14 +96,15 @@ unsigned char *fb_ddc_read(struct i2c_ad
+ algo_data->setsda(algo_data->data, 1);
+ msleep(15);
+ algo_data->setscl(algo_data->data, 0);
++ algo_data->setsda(algo_data->data, 0);
+ if (edid)
+ break;
+ }
+ /* Release the DDC lines when done or the Apple Cinema HD display
+ * will switch off
+ */
+- algo_data->setsda(algo_data->data, 0);
+- algo_data->setscl(algo_data->data, 0);
++ algo_data->setsda(algo_data->data, 1);
++ algo_data->setscl(algo_data->data, 1);
+
+ return edid;
+ }
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:24 2007
+Message-Id: <20071213064624.049316967@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:52 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ James.Bottomley@SteelEye.com,
+ matthew@wil.cx,
+ fujita.tomonori@lab.ntt.co.jp,
+ anders.henke@1und1.de,
+ mark_salyzyn@adaptec.com
+Subject: [patch 34/60] revert "dpt_i2o: convert to SCSI hotplug model"
+Content-Disposition: inline; filename=revert-dpt_i2o-convert-to-scsi-hotplug-model.patch
+Content-Length: 9078
+Lines: 312
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Andrew Morton <akpm@linux-foundation.org>
+
+patch 24601bbcacb3356657747f2e64317923feb7a1a2 in mainline.
+
+revert
+
+ commit 55d9fcf57ba5ec427544fca7abc335cf3da78160
+ Author: Matthew Wilcox <matthew@wil.cx>
+ Date: Mon Jul 30 15:19:18 2007 -0600
+
+ [SCSI] dpt_i2o: convert to SCSI hotplug model
+
+ - Delete refereces to HOSTS_C
+ - Switch to module_init/module_exit instead of detect/release
+ - Don't pass around the host template and rename it to adpt_template
+ - Switch from scsi_register/scsi_unregister to scsi_host_alloc,
+ scsi_add_host, scsi_scan_host and scsi_host_put.
+
+Because it caused (for unknown reasons) Andres' all-data-reads-as-zeroes
+problem, reported at
+http://groups.google.com/group/fa.linux.kernel/msg/083a9acff0330234
+
+Cc: Matthew Wilcox <matthew@wil.cx>
+Cc: Mark Salyzyn <mark_salyzyn@adaptec.com>
+Cc: James Bottomley <James.Bottomley@SteelEye.com>
+Acked-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
+Cc: Anders Henke <anders.henke@1und1.de>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/scsi/dpt_i2o.c | 132 ++++++++++++++++++++++---------------------------
+ drivers/scsi/dpti.h | 9 ++-
+ 2 files changed, 68 insertions(+), 73 deletions(-)
+
+--- a/drivers/scsi/dpt_i2o.c
++++ b/drivers/scsi/dpt_i2o.c
+@@ -173,20 +173,20 @@ static struct pci_device_id dptids[] = {
+ };
+ MODULE_DEVICE_TABLE(pci,dptids);
+
+-static void adpt_exit(void);
+-
+-static int adpt_detect(void)
++static int adpt_detect(struct scsi_host_template* sht)
+ {
+ struct pci_dev *pDev = NULL;
+ adpt_hba* pHba;
+
++ adpt_init();
++
+ PINFO("Detecting Adaptec I2O RAID controllers...\n");
+
+ /* search for all Adatpec I2O RAID cards */
+ while ((pDev = pci_get_device( PCI_DPT_VENDOR_ID, PCI_ANY_ID, pDev))) {
+ if(pDev->device == PCI_DPT_DEVICE_ID ||
+ pDev->device == PCI_DPT_RAPTOR_DEVICE_ID){
+- if(adpt_install_hba(pDev) ){
++ if(adpt_install_hba(sht, pDev) ){
+ PERROR("Could not Init an I2O RAID device\n");
+ PERROR("Will not try to detect others.\n");
+ return hba_count-1;
+@@ -248,33 +248,34 @@ rebuild_sys_tab:
+ }
+
+ for (pHba = hba_chain; pHba; pHba = pHba->next) {
+- if (adpt_scsi_register(pHba) < 0) {
++ if( adpt_scsi_register(pHba,sht) < 0){
+ adpt_i2o_delete_hba(pHba);
+ continue;
+ }
+ pHba->initialized = TRUE;
+ pHba->state &= ~DPTI_STATE_RESET;
+- scsi_scan_host(pHba->host);
+ }
+
+ // Register our control device node
+ // nodes will need to be created in /dev to access this
+ // the nodes can not be created from within the driver
+ if (hba_count && register_chrdev(DPTI_I2O_MAJOR, DPT_DRIVER, &adpt_fops)) {
+- adpt_exit();
++ adpt_i2o_sys_shutdown();
+ return 0;
+ }
+ return hba_count;
+ }
+
+
+-static int adpt_release(adpt_hba *pHba)
++/*
++ * scsi_unregister will be called AFTER we return.
++ */
++static int adpt_release(struct Scsi_Host *host)
+ {
+- struct Scsi_Host *shost = pHba->host;
+- scsi_remove_host(shost);
++ adpt_hba* pHba = (adpt_hba*) host->hostdata[0];
+ // adpt_i2o_quiesce_hba(pHba);
+ adpt_i2o_delete_hba(pHba);
+- scsi_host_put(shost);
++ scsi_unregister(host);
+ return 0;
+ }
+
+@@ -881,7 +882,7 @@ static int adpt_reboot_event(struct noti
+ #endif
+
+
+-static int adpt_install_hba(struct pci_dev* pDev)
++static int adpt_install_hba(struct scsi_host_template* sht, struct pci_dev* pDev)
+ {
+
+ adpt_hba* pHba = NULL;
+@@ -1030,6 +1031,8 @@ static void adpt_i2o_delete_hba(adpt_hba
+
+
+ mutex_lock(&adpt_configuration_lock);
++ // scsi_unregister calls our adpt_release which
++ // does a quiese
+ if(pHba->host){
+ free_irq(pHba->host->irq, pHba);
+ }
+@@ -1081,6 +1084,17 @@ static void adpt_i2o_delete_hba(adpt_hba
+ }
+
+
++static int adpt_init(void)
++{
++ printk("Loading Adaptec I2O RAID: Version " DPT_I2O_VERSION "\n");
++#ifdef REBOOT_NOTIFIER
++ register_reboot_notifier(&adpt_reboot_notifier);
++#endif
++
++ return 0;
++}
++
++
+ static struct adpt_device* adpt_find_device(adpt_hba* pHba, u32 chan, u32 id, u32 lun)
+ {
+ struct adpt_device* d;
+@@ -2166,6 +2180,37 @@ static s32 adpt_scsi_to_i2o(adpt_hba* pH
+ }
+
+
++static s32 adpt_scsi_register(adpt_hba* pHba,struct scsi_host_template * sht)
++{
++ struct Scsi_Host *host = NULL;
++
++ host = scsi_register(sht, sizeof(adpt_hba*));
++ if (host == NULL) {
++ printk ("%s: scsi_register returned NULL\n",pHba->name);
++ return -1;
++ }
++ host->hostdata[0] = (unsigned long)pHba;
++ pHba->host = host;
++
++ host->irq = pHba->pDev->irq;
++ /* no IO ports, so don't have to set host->io_port and
++ * host->n_io_port
++ */
++ host->io_port = 0;
++ host->n_io_port = 0;
++ /* see comments in scsi_host.h */
++ host->max_id = 16;
++ host->max_lun = 256;
++ host->max_channel = pHba->top_scsi_channel + 1;
++ host->cmd_per_lun = 1;
++ host->unique_id = (uint) pHba;
++ host->sg_tablesize = pHba->sg_tablesize;
++ host->can_queue = pHba->post_fifo_size;
++
++ return 0;
++}
++
++
+ static s32 adpt_i2o_to_scsi(void __iomem *reply, struct scsi_cmnd* cmd)
+ {
+ adpt_hba* pHba;
+@@ -3284,10 +3329,12 @@ static static void adpt_delay(int millis
+
+ #endif
+
+-static struct scsi_host_template adpt_template = {
++static struct scsi_host_template driver_template = {
+ .name = "dpt_i2o",
+ .proc_name = "dpt_i2o",
+ .proc_info = adpt_proc_info,
++ .detect = adpt_detect,
++ .release = adpt_release,
+ .info = adpt_info,
+ .queuecommand = adpt_queue,
+ .eh_abort_handler = adpt_abort,
+@@ -3301,62 +3348,5 @@ static struct scsi_host_template adpt_te
+ .cmd_per_lun = 1,
+ .use_clustering = ENABLE_CLUSTERING,
+ };
+-
+-static s32 adpt_scsi_register(adpt_hba* pHba)
+-{
+- struct Scsi_Host *host;
+-
+- host = scsi_host_alloc(&adpt_template, sizeof(adpt_hba*));
+- if (host == NULL) {
+- printk ("%s: scsi_host_alloc returned NULL\n",pHba->name);
+- return -1;
+- }
+- host->hostdata[0] = (unsigned long)pHba;
+- pHba->host = host;
+-
+- host->irq = pHba->pDev->irq;
+- /* no IO ports, so don't have to set host->io_port and
+- * host->n_io_port
+- */
+- host->io_port = 0;
+- host->n_io_port = 0;
+- /* see comments in scsi_host.h */
+- host->max_id = 16;
+- host->max_lun = 256;
+- host->max_channel = pHba->top_scsi_channel + 1;
+- host->cmd_per_lun = 1;
+- host->unique_id = (uint) pHba;
+- host->sg_tablesize = pHba->sg_tablesize;
+- host->can_queue = pHba->post_fifo_size;
+-
+- if (scsi_add_host(host, &pHba->pDev->dev)) {
+- scsi_host_put(host);
+- return -1;
+- }
+-
+- return 0;
+-}
+-
+-static int __init adpt_init(void)
+-{
+- int count;
+-
+- printk("Loading Adaptec I2O RAID: Version " DPT_I2O_VERSION "\n");
+-#ifdef REBOOT_NOTIFIER
+- register_reboot_notifier(&adpt_reboot_notifier);
+-#endif
+-
+- count = adpt_detect();
+-
+- return count > 0 ? 0 : -ENODEV;
+-}
+-
+-static void __exit adpt_exit(void)
+-{
+- while (hba_chain)
+- adpt_release(hba_chain);
+-}
+-
+-module_init(adpt_init);
+-module_exit(adpt_exit);
++#include "scsi_module.c"
+ MODULE_LICENSE("GPL");
+--- a/drivers/scsi/dpti.h
++++ b/drivers/scsi/dpti.h
+@@ -28,9 +28,11 @@
+ * SCSI interface function Prototypes
+ */
+
++static int adpt_detect(struct scsi_host_template * sht);
+ static int adpt_queue(struct scsi_cmnd * cmd, void (*cmdcomplete) (struct scsi_cmnd *));
+ static int adpt_abort(struct scsi_cmnd * cmd);
+ static int adpt_reset(struct scsi_cmnd* cmd);
++static int adpt_release(struct Scsi_Host *host);
+ static int adpt_slave_configure(struct scsi_device *);
+
+ static const char *adpt_info(struct Scsi_Host *pSHost);
+@@ -47,6 +49,8 @@ static int adpt_device_reset(struct scsi
+
+ #define DPT_DRIVER_NAME "Adaptec I2O RAID"
+
++#ifndef HOSTS_C
++
+ #include "dpt/sys_info.h"
+ #include <linux/wait.h>
+ #include "dpt/dpti_i2o.h"
+@@ -285,7 +289,7 @@ static s32 adpt_i2o_init_outbound_q(adpt
+ static s32 adpt_i2o_hrt_get(adpt_hba* pHba);
+ static s32 adpt_scsi_to_i2o(adpt_hba* pHba, struct scsi_cmnd* cmd, struct adpt_device* dptdevice);
+ static s32 adpt_i2o_to_scsi(void __iomem *reply, struct scsi_cmnd* cmd);
+-static s32 adpt_scsi_register(adpt_hba* pHba);
++static s32 adpt_scsi_register(adpt_hba* pHba,struct scsi_host_template * sht);
+ static s32 adpt_hba_reset(adpt_hba* pHba);
+ static s32 adpt_i2o_reset_hba(adpt_hba* pHba);
+ static s32 adpt_rescan(adpt_hba* pHba);
+@@ -295,7 +299,7 @@ static void adpt_i2o_delete_hba(adpt_hba
+ static void adpt_inquiry(adpt_hba* pHba);
+ static void adpt_fail_posted_scbs(adpt_hba* pHba);
+ static struct adpt_device* adpt_find_device(adpt_hba* pHba, u32 chan, u32 id, u32 lun);
+-static int adpt_install_hba(struct pci_dev* pDev) ;
++static int adpt_install_hba(struct scsi_host_template* sht, struct pci_dev* pDev) ;
+ static int adpt_i2o_online_hba(adpt_hba* pHba);
+ static void adpt_i2o_post_wait_complete(u32, int);
+ static int adpt_i2o_systab_send(adpt_hba* pHba);
+@@ -339,4 +343,5 @@ static void adpt_i386_info(sysInfo_S* si
+ #define FW_DEBUG_BLED_OFFSET 8
+
+ #define FW_DEBUG_FLAGS_NO_HEADERS_B 0x01
++#endif /* !HOSTS_C */
+ #endif /* _DPT_H */
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:24 2007
+Message-Id: <20071213064624.206487309@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:53 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ torvalds@linux-foundation.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ James.Bottomley@steeleye.com,
+ davem@davemloft.net,
+ macro@linux-mips.org
+Subject: [patch 35/60] esp_scsi: fix reset cleanup spinlock recursion
+Content-Disposition: inline; filename=esp_scsi-fix-reset-cleanup-spinlock-recursion.patch
+Content-Length: 4189
+Lines: 112
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: "Maciej W. Rozycki" <macro@linux-mips.org>
+
+patch 522939d45c293388e6a360210905f9230298df16 in mainline.
+
+The esp_reset_cleanup() function is called with the host lock held and
+invokes starget_for_each_device() which wants to take it too. Here is a
+fix along the lines of shost_for_each_device()/__shost_for_each_device()
+adding a __starget_for_each_device() counterpart which assumes the lock
+has already been taken.
+
+Eventually, I think the driver should get modified so that more work is
+done as a softirq rather than in the interrupt context, but for now it
+fixes a bug that causes the spinlock debugger to fire.
+
+While at it, it fixes a small number of cosmetic problems with
+starget_for_each_device() too.
+
+Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org>
+Acked-by: David S. Miller <davem@davemloft.net>
+Cc: James Bottomley <James.Bottomley@steeleye.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/scsi/esp_scsi.c | 4 ++--
+ drivers/scsi/scsi.c | 31 +++++++++++++++++++++++++++++--
+ include/scsi/scsi_device.h | 3 +++
+ 3 files changed, 34 insertions(+), 4 deletions(-)
+
+--- a/drivers/scsi/esp_scsi.c
++++ b/drivers/scsi/esp_scsi.c
+@@ -2026,8 +2026,8 @@ static void esp_reset_cleanup(struct esp
+ tp->flags |= ESP_TGT_CHECK_NEGO;
+
+ if (tp->starget)
+- starget_for_each_device(tp->starget, NULL,
+- esp_clear_hold);
++ __starget_for_each_device(tp->starget, NULL,
++ esp_clear_hold);
+ }
+ esp->flags &= ~ESP_FLAG_RESETTING;
+ }
+--- a/drivers/scsi/scsi.c
++++ b/drivers/scsi/scsi.c
+@@ -886,11 +886,11 @@ EXPORT_SYMBOL(__scsi_iterate_devices);
+ * starget_for_each_device - helper to walk all devices of a target
+ * @starget: target whose devices we want to iterate over.
+ *
+- * This traverses over each devices of @shost. The devices have
++ * This traverses over each device of @starget. The devices have
+ * a reference that must be released by scsi_host_put when breaking
+ * out of the loop.
+ */
+-void starget_for_each_device(struct scsi_target *starget, void * data,
++void starget_for_each_device(struct scsi_target *starget, void *data,
+ void (*fn)(struct scsi_device *, void *))
+ {
+ struct Scsi_Host *shost = dev_to_shost(starget->dev.parent);
+@@ -905,6 +905,33 @@ void starget_for_each_device(struct scsi
+ EXPORT_SYMBOL(starget_for_each_device);
+
+ /**
++ * __starget_for_each_device - helper to walk all devices of a target
++ * (UNLOCKED)
++ * @starget: target whose devices we want to iterate over.
++ *
++ * This traverses over each device of @starget. It does _not_
++ * take a reference on the scsi_device, so the whole loop must be
++ * protected by shost->host_lock.
++ *
++ * Note: The only reason why drivers would want to use this is because
++ * they need to access the device list in irq context. Otherwise you
++ * really want to use starget_for_each_device instead.
++ **/
++void __starget_for_each_device(struct scsi_target *starget, void *data,
++ void (*fn)(struct scsi_device *, void *))
++{
++ struct Scsi_Host *shost = dev_to_shost(starget->dev.parent);
++ struct scsi_device *sdev;
++
++ __shost_for_each_device(sdev, shost) {
++ if ((sdev->channel == starget->channel) &&
++ (sdev->id == starget->id))
++ fn(sdev, data);
++ }
++}
++EXPORT_SYMBOL(__starget_for_each_device);
++
++/**
+ * __scsi_device_lookup_by_target - find a device given the target (UNLOCKED)
+ * @starget: SCSI target pointer
+ * @lun: SCSI Logical Unit Number
+--- a/include/scsi/scsi_device.h
++++ b/include/scsi/scsi_device.h
+@@ -222,6 +222,9 @@ extern struct scsi_device *__scsi_device
+ uint);
+ extern void starget_for_each_device(struct scsi_target *, void *,
+ void (*fn)(struct scsi_device *, void *));
++extern void __starget_for_each_device(struct scsi_target *, void *,
++ void (*fn)(struct scsi_device *,
++ void *));
+
+ /* only exposed to implement shost_for_each_device */
+ extern struct scsi_device *__scsi_iterate_devices(struct Scsi_Host *,
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:24 2007
+Message-Id: <20071213064624.361468770@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:54 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Netfilter Development Mailinglist <netfilter-devel@vger.kernel.org>,
+ "David S. Miller" <davem@davemloft.net>,
+ Li Zefan <lizf@cn.fujitsu.com>,
+ Patrick McHardy <kaber@trash.net>
+Subject: [patch 36/60] nf_nat: fix memset error
+Content-Disposition: inline; filename=nf_nat-fix-memset-error.patch
+Content-Length: 1154
+Lines: 41
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Li Zefan <lizf@cn.fujitsu.com>
+
+This patch fixes an incorrect memset in the NAT code, causing
+misbehaviour when unloading and reloading the NAT module.
+Applies to stable-2.6.22 and stable-2.6.23.
+
+Please apply, thanks.
+[NETFILTER]: nf_nat: fix memset error
+
+Upstream commit e0bf9cf15fc30d300b7fbd821c6bc975531fab44
+
+The size passing to memset is the size of a pointer. Fixes
+misbehaviour when unloading and reloading the NAT module.
+
+Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ net/ipv4/netfilter/nf_nat_core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv4/netfilter/nf_nat_core.c
++++ b/net/ipv4/netfilter/nf_nat_core.c
+@@ -681,7 +681,7 @@ static int clean_nat(struct nf_conn *i,
+
+ if (!nat)
+ return 0;
+- memset(nat, 0, sizeof(nat));
++ memset(nat, 0, sizeof(*nat));
+ i->status &= ~(IPS_NAT_MASK | IPS_NAT_DONE_MASK | IPS_SEQ_ADJUST);
+ return 0;
+ }
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:24 2007
+Message-Id: <20071213064624.515058355@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:55 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Netfilter Development Mailinglist <netfilter-devel@vger.kernel.org>,
+ "David S. Miller" <davem@davemloft.net>,
+ Evgeniy Polyakov <johnpol@2ka.mipt.ru>,
+ Patrick McHardy <kaber@trash.net>
+Subject: [patch 37/60] netfilter: Fix kernel panic with REDIRECT target.
+Content-Disposition: inline; filename=netfilter-fix-kernel-panic-with-redirect-target.patch
+Content-Length: 2284
+Lines: 66
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
+
+This patch fixes a NAT regression in 2.6.23, resulting in a
+crash when a connection is NATed and matches a conntrack
+helper after NAT.
+
+Please apply, thanks.
+[NETFILTER]: Fix kernel panic with REDIRECT target.
+
+Upstream commit 1f305323ff5b9ddc1a4346d36072bcdb58f3f68a
+
+When connection tracking entry (nf_conn) is about to copy itself it can
+have some of its extension users (like nat) as being already freed and
+thus not required to be copied.
+
+Actually looking at this function I suspect it was copied from
+nf_nat_setup_info() and thus bug was introduced.
+
+Report and testing from David <david@unsolicited.net>.
+
+[ Patrick McHardy states:
+
+ I now understand whats happening:
+
+ - new connection is allocated without helper
+ - connection is REDIRECTed to localhost
+ - nf_nat_setup_info adds NAT extension, but doesn't initialize it yet
+ - nf_conntrack_alter_reply performs a helper lookup based on the
+ new tuple, finds the SIP helper and allocates a helper extension,
+ causing reallocation because of too little space
+ - nf_nat_move_storage is called with the uninitialized nat extension
+
+ So your fix is entirely correct, thanks a lot :) ]
+
+Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
+Acked-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv4/netfilter/nf_nat_core.c | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+--- a/net/ipv4/netfilter/nf_nat_core.c
++++ b/net/ipv4/netfilter/nf_nat_core.c
+@@ -607,13 +607,10 @@ static void nf_nat_move_storage(struct n
+ struct nf_conn_nat *new_nat = nf_ct_ext_find(conntrack, NF_CT_EXT_NAT);
+ struct nf_conn_nat *old_nat = (struct nf_conn_nat *)old;
+ struct nf_conn *ct = old_nat->ct;
+- unsigned int srchash;
+
+- if (!(ct->status & IPS_NAT_DONE_MASK))
++ if (!ct || !(ct->status & IPS_NAT_DONE_MASK))
+ return;
+
+- srchash = hash_by_src(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
+-
+ write_lock_bh(&nf_nat_lock);
+ hlist_replace_rcu(&old_nat->bysource, &new_nat->bysource);
+ new_nat->ct = ct;
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:24 2007
+Message-Id: <20071213064624.672034876@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:56 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Daniel Drake <dsd@gentoo.org>,
+ "Rafael J. Wysocki" <rjw@sisk.pl>,
+ Alan Stern <stern@rowland.harvard.edu>,
+ Kay Sievers <kay.sievers@vrfy.org>
+Subject: [patch 38/60] create /sys/.../power when CONFIG_PM is set
+Content-Disposition: inline; filename=create-sys-...-power-when-config_pm-is-set.patch
+Content-Length: 3950
+Lines: 144
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Daniel Drake <dsd@gentoo.org>
+
+patch dec13c15445fec29ca9087890895718450e80b95 in mainline.
+
+The CONFIG_SUSPEND changes in 2.6.23 caused a regression under certain
+configuration conditions (SUSPEND=n, USB_AUTOSUSPEND=y) where all USB
+device attributes in sysfs (idVendor, idProduct, ...) silently disappeared,
+causing udev breakage and more.
+
+The cause of this is that the /sys/.../power subdirectory is now only
+created when CONFIG_PM_SLEEP is set, however, it should be created whenever
+CONFIG_PM is set to handle the above situation. The following patch fixes
+the regression.
+
+Signed-off-by: Daniel Drake <dsd@gentoo.org>
+Acked-by: Rafael J. Wysocki <rjw@sisk.pl>
+Cc: Alan Stern <stern@rowland.harvard.edu>
+Cc: Kay Sievers <kay.sievers@vrfy.org>
+Cc: stable <stable@kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/base/core.c | 4 +++-
+ drivers/base/power/Makefile | 3 ++-
+ drivers/base/power/main.c | 8 +-------
+ drivers/base/power/power.h | 25 ++++++++++++++++++-------
+ 4 files changed, 24 insertions(+), 16 deletions(-)
+
+--- a/drivers/base/core.c
++++ b/drivers/base/core.c
+@@ -814,9 +814,10 @@ int device_add(struct device *dev)
+ error = device_add_attrs(dev);
+ if (error)
+ goto AttrsError;
+- error = device_pm_add(dev);
++ error = dpm_sysfs_add(dev);
+ if (error)
+ goto PMError;
++ device_pm_add(dev);
+ error = bus_add_device(dev);
+ if (error)
+ goto BusError;
+@@ -841,6 +842,7 @@ int device_add(struct device *dev)
+ return error;
+ BusError:
+ device_pm_remove(dev);
++ dpm_sysfs_remove(dev);
+ PMError:
+ if (dev->bus)
+ blocking_notifier_call_chain(&dev->bus->bus_notifier,
+--- a/drivers/base/power/Makefile
++++ b/drivers/base/power/Makefile
+@@ -1,5 +1,6 @@
+ obj-y := shutdown.o
+-obj-$(CONFIG_PM_SLEEP) += main.o suspend.o resume.o sysfs.o
++obj-$(CONFIG_PM) += sysfs.o
++obj-$(CONFIG_PM_SLEEP) += main.o suspend.o resume.o
+ obj-$(CONFIG_PM_TRACE) += trace.o
+
+ ifeq ($(CONFIG_DEBUG_DRIVER),y)
+--- a/drivers/base/power/main.c
++++ b/drivers/base/power/main.c
+@@ -33,20 +33,14 @@ DEFINE_MUTEX(dpm_list_mtx);
+
+ int (*platform_enable_wakeup)(struct device *dev, int is_on);
+
+-int device_pm_add(struct device *dev)
++void device_pm_add(struct device *dev)
+ {
+- int error;
+-
+ pr_debug("PM: Adding info for %s:%s\n",
+ dev->bus ? dev->bus->name : "No Bus",
+ kobject_name(&dev->kobj));
+ mutex_lock(&dpm_list_mtx);
+ list_add_tail(&dev->power.entry, &dpm_active);
+- error = dpm_sysfs_add(dev);
+- if (error)
+- list_del(&dev->power.entry);
+ mutex_unlock(&dpm_list_mtx);
+- return error;
+ }
+
+ void device_pm_remove(struct device *dev)
+--- a/drivers/base/power/power.h
++++ b/drivers/base/power/power.h
+@@ -34,14 +34,26 @@ static inline struct dev_pm_info * to_pm
+ return container_of(entry, struct dev_pm_info, entry);
+ }
+
+-static inline struct device * to_device(struct list_head * entry)
++static inline struct device *to_device(struct list_head *entry)
+ {
+ return container_of(to_pm_info(entry), struct device, power);
+ }
+
+-extern int device_pm_add(struct device *);
++extern void device_pm_add(struct device *);
+ extern void device_pm_remove(struct device *);
+
++#else /* CONFIG_PM_SLEEP */
++
++static inline void device_pm_add(struct device *dev)
++{
++}
++
++static inline void device_pm_remove(struct device *dev)
++{
++}
++#endif
++
++#ifdef CONFIG_PM
+ /*
+ * sysfs.c
+ */
+@@ -62,16 +74,15 @@ extern int resume_device(struct device *
+ */
+ extern int suspend_device(struct device *, pm_message_t);
+
+-#else /* CONFIG_PM_SLEEP */
+-
++#else /* CONFIG_PM */
+
+-static inline int device_pm_add(struct device * dev)
++static inline int dpm_sysfs_add(struct device *dev)
+ {
+ return 0;
+ }
+-static inline void device_pm_remove(struct device * dev)
+-{
+
++static inline void dpm_sysfs_remove(struct device *dev)
++{
+ }
+
+ #endif
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:24 2007
+Message-Id: <20071213064624.827008235@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:57 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ davem@davemloft.net
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Eric Dumazet <dada1@cosmosbay.com>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 39/60] NET: Corrects a bug in ip_rt_acct_read()
+Content-Disposition: inline; filename=net-corrects-a-bug-in-ip_rt_acct_read.patch
+Content-Length: 1391
+Lines: 50
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Eric Dumazet <dada1@cosmosbay.com>
+
+[NET]: Corrects a bug in ip_rt_acct_read()
+
+[ Upstream commit: 483b23ffa3a5f44767038b0a676d757e0668437e ]
+
+It seems that stats of cpu 0 are counted twice, since
+for_each_possible_cpu() is looping on all possible cpus, including 0
+
+Before percpu conversion of ip_rt_acct, we should also remove the
+assumption that CPU 0 is online (or even possible)
+
+Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv4/route.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+--- a/net/ipv4/route.c
++++ b/net/ipv4/route.c
+@@ -2913,18 +2913,14 @@ static int ip_rt_acct_read(char *buffer,
+ offset /= sizeof(u32);
+
+ if (length > 0) {
+- u32 *src = ((u32 *) IP_RT_ACCT_CPU(0)) + offset;
+ u32 *dst = (u32 *) buffer;
+
+- /* Copy first cpu. */
+ *start = buffer;
+- memcpy(dst, src, length);
++ memset(dst, 0, length);
+
+- /* Add the other cpus in, one int at a time */
+ for_each_possible_cpu(i) {
+ unsigned int j;
+-
+- src = ((u32 *) IP_RT_ACCT_CPU(i)) + offset;
++ u32 *src = ((u32 *) IP_RT_ACCT_CPU(i)) + offset;
+
+ for (j = 0; j < length/4; j++)
+ dst[j] += src[j];
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:25 2007
+Message-Id: <20071213064624.984639556@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:58 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ bunk@kernel.org,
+ davem@davemloft.net
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 40/60] IPV4: Remove bogus ifdef mess in arp_process
+Content-Disposition: inline; filename=ipv4-remove-bogus-ifdef-mess-in-arp_process.patch
+Content-Length: 2438
+Lines: 89
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Adrian Bunk <bunk@kernel.org>
+
+[IPV4]: Remove bogus ifdef mess in arp_process
+
+[ Upstream commit: 3660019e5f96fd9a8b7d4214a96523c0bf7b676d ]
+
+The #ifdef's in arp_process() were not only a mess, they were also wrong
+in the CONFIG_NET_ETHERNET=n and (CONFIG_NETDEV_1000=y or
+CONFIG_NETDEV_10000=y) cases.
+
+Since they are not required this patch removes them.
+
+Also removed are some #ifdef's around #include's that caused compile
+errors after this change.
+
+Signed-off-by: Adrian Bunk <bunk@kernel.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: David Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv4/arp.c | 19 -------------------
+ 1 file changed, 19 deletions(-)
+
+--- a/net/ipv4/arp.c
++++ b/net/ipv4/arp.c
+@@ -110,12 +110,8 @@
+ #include <net/tcp.h>
+ #include <net/sock.h>
+ #include <net/arp.h>
+-#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
+ #include <net/ax25.h>
+-#if defined(CONFIG_NETROM) || defined(CONFIG_NETROM_MODULE)
+ #include <net/netrom.h>
+-#endif
+-#endif
+ #if defined(CONFIG_ATM_CLIP) || defined(CONFIG_ATM_CLIP_MODULE)
+ #include <net/atmclip.h>
+ struct neigh_table *clip_tbl_hook;
+@@ -729,20 +725,10 @@ static int arp_process(struct sk_buff *s
+ htons(dev_type) != arp->ar_hrd)
+ goto out;
+ break;
+-#ifdef CONFIG_NET_ETHERNET
+ case ARPHRD_ETHER:
+-#endif
+-#ifdef CONFIG_TR
+ case ARPHRD_IEEE802_TR:
+-#endif
+-#ifdef CONFIG_FDDI
+ case ARPHRD_FDDI:
+-#endif
+-#ifdef CONFIG_NET_FC
+ case ARPHRD_IEEE802:
+-#endif
+-#if defined(CONFIG_NET_ETHERNET) || defined(CONFIG_TR) || \
+- defined(CONFIG_FDDI) || defined(CONFIG_NET_FC)
+ /*
+ * ETHERNET, Token Ring and Fibre Channel (which are IEEE 802
+ * devices, according to RFC 2625) devices will accept ARP
+@@ -757,21 +743,16 @@ static int arp_process(struct sk_buff *s
+ arp->ar_pro != htons(ETH_P_IP))
+ goto out;
+ break;
+-#endif
+-#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
+ case ARPHRD_AX25:
+ if (arp->ar_pro != htons(AX25_P_IP) ||
+ arp->ar_hrd != htons(ARPHRD_AX25))
+ goto out;
+ break;
+-#if defined(CONFIG_NETROM) || defined(CONFIG_NETROM_MODULE)
+ case ARPHRD_NETROM:
+ if (arp->ar_pro != htons(AX25_P_IP) ||
+ arp->ar_hrd != htons(ARPHRD_NETROM))
+ goto out;
+ break;
+-#endif
+-#endif
+ }
+
+ /* Understand only these message types */
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:25 2007
+Message-Id: <20071213064625.140792252@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:45:59 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ bunk@kernel.org,
+ davem@davemloft.net
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ chas williams <chas@cmf.nrl.navy.mil>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 41/60] ATM: initialize lock and tasklet earlier
+Content-Disposition: inline; filename=atm-initialize-lock-and-tasklet-earlier.patch
+Content-Length: 1513
+Lines: 52
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: chas williams <chas@cmf.nrl.navy.mil>
+
+[ATM]: [he] initialize lock and tasklet earlier
+
+[ Upstream commit: 8a8037ac9dbe4eb20ce50aa20244faf77444f4a3 ]
+
+if you are lucky (unlucky?) enough to have shared interrupts, the
+interrupt handler can be called before the tasklet and lock are ready
+for use.
+
+Signed-off-by: chas williams <chas@cmf.nrl.navy.mil>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: David Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/atm/he.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/drivers/atm/he.c
++++ b/drivers/atm/he.c
+@@ -394,6 +394,11 @@ he_init_one(struct pci_dev *pci_dev, con
+ he_dev->atm_dev->dev_data = he_dev;
+ atm_dev->dev_data = he_dev;
+ he_dev->number = atm_dev->number;
++#ifdef USE_TASKLET
++ tasklet_init(&he_dev->tasklet, he_tasklet, (unsigned long) he_dev);
++#endif
++ spin_lock_init(&he_dev->global_lock);
++
+ if (he_start(atm_dev)) {
+ he_stop(he_dev);
+ err = -ENODEV;
+@@ -1173,11 +1178,6 @@ he_start(struct atm_dev *dev)
+ if ((err = he_init_irq(he_dev)) != 0)
+ return err;
+
+-#ifdef USE_TASKLET
+- tasklet_init(&he_dev->tasklet, he_tasklet, (unsigned long) he_dev);
+-#endif
+- spin_lock_init(&he_dev->global_lock);
+-
+ /* 4.11 enable pci bus controller state machines */
+ host_cntl |= (OUTFF_ENB | CMDFF_ENB |
+ QUICK_RD_RETRY | QUICK_WR_RETRY | PERR_INT_ENB);
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:25 2007
+Message-Id: <20071213064625.298317687@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:00 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ davem@davemloft.net
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 42/60] TCP: Problem bug with sysctl_tcp_congestion_control function
+Content-Disposition: inline; filename=tcp-problem-bug-with-sysctl_tcp_congestion_control-function.patch
+Content-Length: 1898
+Lines: 48
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Sam Jansen <sjansen@google.com>
+
+[TCP]: Problem bug with sysctl_tcp_congestion_control function
+
+[ Upstream commit: 5487796f0c9475586277a0a7a91211ce5746fa6a ]
+
+sysctl_tcp_congestion_control seems to have a bug that prevents it
+from actually calling the tcp_set_default_congestion_control
+function. This is not so apparent because it does not return an error
+and generally the /proc interface is used to configure the default TCP
+congestion control algorithm. This is present in 2.6.18 onwards and
+probably earlier, though I have not inspected 2.6.15--2.6.17.
+
+sysctl_tcp_congestion_control calls sysctl_string and expects a successful
+return code of 0. In such a case it actually sets the congestion control
+algorithm with tcp_set_default_congestion_control. Otherwise, it returns the
+value returned by sysctl_string. This was correct in 2.6.14, as sysctl_string
+returned 0 on success. However, sysctl_string was updated to return 1 on
+success around about 2.6.15 and sysctl_tcp_congestion_control was not updated.
+Even though sysctl_tcp_congestion_control returns 1, do_sysctl_strategy
+converts this return code to '0', so the caller never notices the error.
+
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv4/sysctl_net_ipv4.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv4/sysctl_net_ipv4.c
++++ b/net/ipv4/sysctl_net_ipv4.c
+@@ -121,7 +121,7 @@ static int sysctl_tcp_congestion_control
+
+ tcp_get_default_congestion_control(val);
+ ret = sysctl_string(&tbl, name, nlen, oldval, oldlenp, newval, newlen);
+- if (ret == 0 && newval && newlen)
++ if (ret == 1 && newval && newlen)
+ ret = tcp_set_default_congestion_control(val);
+ return ret;
+ }
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:25 2007
+Message-Id: <20071213064625.455183363@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:01 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ davem@davemloft.net
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 43/60] CRYPTO api: Fix potential race in crypto_remove_spawn
+Content-Disposition: inline; filename=crypto-api-fix-potential-race-in-crypto_remove_spawn.patch
+Content-Length: 1328
+Lines: 50
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+[CRYPTO] api: Fix potential race in crypto_remove_spawn
+
+[ Upstream commit: 38cb2419f544ad413c7f7aa8c17fd7377610cdd8 ]
+
+As it is crypto_remove_spawn may try to unregister an instance which is
+yet to be registered. This patch fixes this by checking whether the
+instance has been registered before attempting to remove it.
+
+It also removes a bogus cra_destroy check in crypto_register_instance as
+1) it's outside the mutex;
+2) we have a check in __crypto_register_alg already.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: David Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ crypto/algapi.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/crypto/algapi.c
++++ b/crypto/algapi.c
+@@ -98,6 +98,9 @@ static void crypto_remove_spawn(struct c
+ return;
+
+ inst->alg.cra_flags |= CRYPTO_ALG_DEAD;
++ if (hlist_unhashed(&inst->list))
++ return;
++
+ if (!tmpl || !crypto_tmpl_get(tmpl))
+ return;
+
+@@ -333,9 +336,6 @@ int crypto_register_instance(struct cryp
+ LIST_HEAD(list);
+ int err = -EINVAL;
+
+- if (inst->alg.cra_destroy)
+- goto err;
+-
+ err = crypto_check_alg(&inst->alg);
+ if (err)
+ goto err;
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:25 2007
+Message-Id: <20071213064625.608334110@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:02 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ davem@davemloft.net
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 44/60] TCP: Fix TCP header misalignment
+Content-Disposition: inline; filename=tcp-fix-tcp-header-misalignment.patch
+Content-Length: 1524
+Lines: 48
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+[TCP]: Fix TCP header misalignment
+
+[ Upstream commit: 21df56c6e2372e09c916111efb6c14c372a5ab2e ]
+
+Indeed my previous change to alloc_pskb has made it possible
+for the TCP header to be misaligned iff the MTU is not a multiple
+of 4 (and less than a page). So I suspect the optimised IPsec
+MTU calculation is giving you just such an MTU :)
+
+This patch fixes it by changing alloc_pskb to make sure that
+the size is at least 32-bit aligned. This does not cause the
+problem fixed by the previous patch because max_header is always
+32-bit aligned which means that in the SG/NOTSO case this will
+be a no-op.
+
+I thought about putting this in the callers but all the current
+callers are from TCP. If and when we get a non-TCP caller we
+can always create a TCP wrapper for this function and move the
+alignment over there.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/net/sock.h | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/include/net/sock.h
++++ b/include/net/sock.h
+@@ -1200,6 +1200,9 @@ static inline struct sk_buff *sk_stream_
+ {
+ struct sk_buff *skb;
+
++ /* The TCP header must be at least 32-bit aligned. */
++ size = ALIGN(size, 4);
++
+ skb = alloc_skb_fclone(size + sk->sk_prot->max_header, gfp);
+ if (skb) {
+ skb->truesize += mem;
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:26 2007
+Message-Id: <20071213064625.921227390@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:04 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ bunk@kernel.org,
+ <davem@davemloft.net>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 46/60] PFKEY: Sending an SADB_GET responds with an SADB_GET
+Content-Disposition: inline; filename=pfkey-sending-an-sadb_get-responds-with-an-sadb_get.patch
+Content-Length: 1026
+Lines: 35
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Charles Hardin <chardin@2wire.com>
+
+[PFKEY]: Sending an SADB_GET responds with an SADB_GET
+
+[ Upstream commit: 435000bebd94aae3a7a50078d142d11683d3b193 ]
+
+Kernel needs to respond to an SADB_GET with the same message type to
+conform to the RFC 2367 Section 3.1.5
+
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/key/af_key.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/key/af_key.c
++++ b/net/key/af_key.c
+@@ -1546,7 +1546,7 @@ static int pfkey_get(struct sock *sk, st
+
+ out_hdr = (struct sadb_msg *) out_skb->data;
+ out_hdr->sadb_msg_version = hdr->sadb_msg_version;
+- out_hdr->sadb_msg_type = SADB_DUMP;
++ out_hdr->sadb_msg_type = SADB_GET;
+ out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
+ out_hdr->sadb_msg_errno = 0;
+ out_hdr->sadb_msg_reserved = 0;
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:26 2007
+Message-Id: <20071213064626.081029711@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:05 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ bunk@kernel.org,
+ <davem@davemloft.net>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Pavel Emelyanov <xemul@openvz.org>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 47/60] BRIDGE: Lost call to br_fdb_fini() in br_init() error path
+Content-Disposition: inline; filename=bridge-lost-call-to-br_fdb_fini-in-br_init-error-path.patch
+Content-Length: 1026
+Lines: 45
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Pavel Emelyanov <xemul@openvz.org>
+
+[BRIDGE]: Lost call to br_fdb_fini() in br_init() error path
+
+[ Upstream commit: 17efdd45755c0eb8d1418a1368ef7c7ebbe98c6e ]
+
+In case the br_netfilter_init() (or any subsequent call)
+fails, the br_fdb_fini() must be called to free the allocated
+in br_fdb_init() br_fdb_cache kmem cache.
+
+Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/bridge/br.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/net/bridge/br.c
++++ b/net/bridge/br.c
+@@ -39,7 +39,7 @@ static int __init br_init(void)
+
+ err = br_fdb_init();
+ if (err)
+- goto err_out1;
++ goto err_out;
+
+ err = br_netfilter_init();
+ if (err)
+@@ -65,6 +65,8 @@ err_out3:
+ err_out2:
+ br_netfilter_fini();
+ err_out1:
++ br_fdb_fini();
++err_out:
+ llc_sap_put(br_stp_sap);
+ return err;
+ }
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:26 2007
+Message-Id: <20071213064626.236959391@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:06 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ <davem@davemloft.net>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ David Howells <dhowells@redhat.com>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 48/60] RXRPC: Add missing select on CRYPTO
+Content-Disposition: inline; filename=rxrpc-add-missing-select-on-crypto.patch
+Content-Length: 806
+Lines: 33
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: David Howells <dhowells@redhat.com>
+
+[RXRPC]: Add missing select on CRYPTO
+
+[ Upstream commit: d5a784b3719ae364f49ecff12a0248f6e4252720 ]
+
+AF_RXRPC uses the crypto services, so should depend on or select CRYPTO.
+
+Signed-off-by: David Howells <dhowells@redhat.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/rxrpc/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/rxrpc/Kconfig
++++ b/net/rxrpc/Kconfig
+@@ -5,6 +5,7 @@
+ config AF_RXRPC
+ tristate "RxRPC session sockets"
+ depends on INET && EXPERIMENTAL
++ select CRYPTO
+ select KEYS
+ help
+ Say Y or M here to include support for RxRPC session sockets (just
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:26 2007
+Message-Id: <20071213064626.402071628@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:07 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ <davem@davemloft.net>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Pablo Neira Ayuso <pablo@netfilter.org>,
+ Patrick McHardy <kaber@trash.net>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 49/60] TEXTSEARCH: Do not allow zero length patterns in the textsearch infrastructure
+Content-Disposition: inline; filename=textsearch-do-not-allow-zero-length-patterns-in-the-textsearch-infrastructure.patch
+Content-Length: 1726
+Lines: 56
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+[TEXTSEARCH]: Do not allow zero length patterns in the textsearch infrastructure
+
+[ Upstream commit: e03ba84adb62fbc6049325a5bc00ef6932fa5e39 ]
+
+If a zero length pattern is passed then return EINVAL.
+Avoids infinite loops (bm) or invalid memory accesses (kmp).
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ lib/textsearch.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/lib/textsearch.c
++++ b/lib/textsearch.c
+@@ -7,7 +7,7 @@
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Thomas Graf <tgraf@suug.ch>
+- * Pablo Neira Ayuso <pablo@eurodev.net>
++ * Pablo Neira Ayuso <pablo@netfilter.org>
+ *
+ * ==========================================================================
+ *
+@@ -250,7 +250,8 @@ unsigned int textsearch_find_continuous(
+ * the various search algorithms.
+ *
+ * Returns a new textsearch configuration according to the specified
+- * parameters or a ERR_PTR().
++ * parameters or a ERR_PTR(). If a zero length pattern is passed, this
++ * function returns EINVAL.
+ */
+ struct ts_config *textsearch_prepare(const char *algo, const void *pattern,
+ unsigned int len, gfp_t gfp_mask, int flags)
+@@ -259,6 +260,9 @@ struct ts_config *textsearch_prepare(con
+ struct ts_config *conf;
+ struct ts_ops *ops;
+
++ if (len == 0)
++ return ERR_PTR(-EINVAL);
++
+ ops = lookup_ts_algo(algo);
+ #ifdef CONFIG_KMOD
+ /*
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:26 2007
+Message-Id: <20071213064626.560266390@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:08 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ bunk@kernel.org,
+ <davem@davemloft.net>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Joonwoo Park <joonwpark81@gmail.com>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 50/60] VLAN: Fix nested VLAN transmit bug
+Content-Disposition: inline; filename=vlan-fix-nested-vlan-transmit-bug.patch
+Content-Length: 977
+Lines: 35
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Joonwoo Park <joonwpark81@gmail.com>
+
+[VLAN]: Fix nested VLAN transmit bug
+
+[ Upstream commit: 6ab3b487db77fa98a24560f11a5a8e744b98d877 ]
+
+Fix misbehavior of vlan_dev_hard_start_xmit() for recursive encapsulations.
+
+Signed-off-by: Joonwoo Park <joonwpark81@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/8021q/vlan_dev.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/8021q/vlan_dev.c
++++ b/net/8021q/vlan_dev.c
+@@ -459,7 +459,8 @@ int vlan_dev_hard_start_xmit(struct sk_b
+ * OTHER THINGS LIKE FDDI/TokenRing/802.3 SNAPs...
+ */
+
+- if (veth->h_vlan_proto != htons(ETH_P_8021Q)) {
++ if (veth->h_vlan_proto != htons(ETH_P_8021Q) ||
++ VLAN_DEV_INFO(dev)->flags & VLAN_FLAG_REORDER_HDR) {
+ int orig_headroom = skb_headroom(skb);
+ unsigned short veth_TCI;
+
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:26 2007
+Message-Id: <20071213064626.720280691@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:09 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ <davem@davemloft.net>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Pavel Emelyanov <xemul@openvz.org>,
+ Steven Whitehouse <swhiteho@redhat.com>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 51/60] DECNET: dn_nl_deladdr() almost always returns no error
+Content-Disposition: inline; filename=decnet-dn_nl_deladdr-almost-always-returns-no-error.patch
+Content-Length: 1451
+Lines: 51
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Pavel Emelyanov <xemul@openvz.org>
+
+[DECNET]: dn_nl_deladdr() almost always returns no error
+
+[ Upstream commit: 3ccd86241b277249d5ac08e91eddfade47184520 ]
+
+As far as I see from the err variable initialization
+the dn_nl_deladdr() routine was designed to report errors
+like "EADDRNOTAVAIL" and probaby "ENODEV".
+
+But the code sets this err to 0 after the first nlmsg_parse
+and goes on, returning this 0 in any case.
+
+Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
+Acked-by: Steven Whitehouse <swhiteho@redhat.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/decnet/dn_dev.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/net/decnet/dn_dev.c
++++ b/net/decnet/dn_dev.c
+@@ -650,16 +650,18 @@ static int dn_nl_deladdr(struct sk_buff
+ struct dn_dev *dn_db;
+ struct ifaddrmsg *ifm;
+ struct dn_ifaddr *ifa, **ifap;
+- int err = -EADDRNOTAVAIL;
++ int err;
+
+ err = nlmsg_parse(nlh, sizeof(*ifm), tb, IFA_MAX, dn_ifa_policy);
+ if (err < 0)
+ goto errout;
+
++ err = -ENODEV;
+ ifm = nlmsg_data(nlh);
+ if ((dn_db = dn_dev_by_index(ifm->ifa_index)) == NULL)
+ goto errout;
+
++ err = -EADDRNOTAVAIL;
+ for (ifap = &dn_db->ifa_list; (ifa = *ifap); ifap = &ifa->ifa_next) {
+ if (tb[IFA_LOCAL] &&
+ nla_memcmp(tb[IFA_LOCAL], &ifa->ifa_local, 2))
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:27 2007
+Message-Id: <20071213064626.882557840@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:10 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ bunk@kernel.org,
+ <davem@davemloft.net>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Evgeniy Polyakov <johnpol@2ka.mipt.ru>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 52/60] IPV6: Restore IPv6 when MTU is big enough
+Content-Disposition: inline; filename=ipv6-restore-ipv6-when-mtu-is-big-enough.patch
+Content-Length: 1632
+Lines: 64
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
+
+[IPV6]: Restore IPv6 when MTU is big enough
+
+[ Upstream commit: d31c7b8fa303eb81311f27b80595b8d2cbeef950 ]
+
+Avaid provided test application, so bug got fixed.
+
+IPv6 addrconf removes ipv6 inner device from netdev each time cmu
+changes and new value is less than IPV6_MIN_MTU (1280 bytes).
+When mtu is changed and new value is greater than IPV6_MIN_MTU,
+it does not add ipv6 addresses and inner device bac.
+
+This patch fixes that.
+
+Tested with Avaid's application, which works ok now.
+
+Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv6/addrconf.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/net/ipv6/addrconf.c
++++ b/net/ipv6/addrconf.c
+@@ -2281,6 +2281,9 @@ static int addrconf_notify(struct notifi
+ break;
+ }
+
++ if (!idev && dev->mtu >= IPV6_MIN_MTU)
++ idev = ipv6_add_dev(dev);
++
+ if (idev)
+ idev->if_flags |= IF_READY;
+ } else {
+@@ -2345,12 +2348,18 @@ static int addrconf_notify(struct notifi
+ break;
+
+ case NETDEV_CHANGEMTU:
+- if ( idev && dev->mtu >= IPV6_MIN_MTU) {
++ if (idev && dev->mtu >= IPV6_MIN_MTU) {
+ rt6_mtu_change(dev, dev->mtu);
+ idev->cnf.mtu6 = dev->mtu;
+ break;
+ }
+
++ if (!idev && dev->mtu >= IPV6_MIN_MTU) {
++ idev = ipv6_add_dev(dev);
++ if (idev)
++ break;
++ }
++
+ /* MTU falled under IPV6_MIN_MTU. Stop IPv6 on this interface. */
+
+ case NETDEV_DOWN:
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:27 2007
+Message-Id: <20071213064627.036645491@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:11 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ <davem@davemloft.net>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Stephen Hemminger <shemminger@linux-foundation.org>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 53/60] TCP: illinois: Incorrect beta usage
+Content-Disposition: inline; filename=tcp-illinois-incorrect-beta-usage.patch
+Content-Length: 1344
+Lines: 44
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Stephen Hemminger <shemminger@linux-foundation.org>
+
+[TCP] illinois: Incorrect beta usage
+
+[ Upstream commit: a357dde9df33f28611e6a3d4f88265e39bcc8880 ]
+
+Lachlan Andrew observed that my TCP-Illinois implementation uses the
+beta value incorrectly:
+The parameter beta in the paper specifies the amount to decrease
+*by*: that is, on loss,
+ W <- W - beta*W
+but in tcp_illinois_ssthresh() uses beta as the amount
+to decrease *to*: W <- beta*W
+
+This bug makes the Linux TCP-Illinois get less-aggressive on uncongested network,
+hurting performance. Note: since the base beta value is .5, it has no
+impact on a congested network.
+
+Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv4/tcp_illinois.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv4/tcp_illinois.c
++++ b/net/ipv4/tcp_illinois.c
+@@ -298,7 +298,7 @@ static u32 tcp_illinois_ssthresh(struct
+ struct illinois *ca = inet_csk_ca(sk);
+
+ /* Multiplicative decrease */
+- return max((tp->snd_cwnd * ca->beta) >> BETA_SHIFT, 2U);
++ return max(tp->snd_cwnd - ((tp->snd_cwnd * ca->beta) >> BETA_SHIFT), 2U);
+ }
+
+
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:27 2007
+Message-Id: <20071213064627.201314140@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:12 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ bunk@kernel.org,
+ <davem@davemloft.net>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Florian Zumbiehl <florz@florz.de>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 54/60] UNIX: EOF on non-blocking SOCK_SEQPACKET
+Content-Disposition: inline; filename=unix-eof-on-non-blocking-sock_seqpacket.patch
+Content-Length: 2413
+Lines: 86
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Florian Zumbiehl <florz@florz.de>
+
+[UNIX]: EOF on non-blocking SOCK_SEQPACKET
+
+[ Upstream commit: 0a11225887fe6cbccd882404dc36ddc50f47daf9 ]
+
+I am not absolutely sure whether this actually is a bug (as in: I've got
+no clue what the standards say or what other implementations do), but at
+least I was pretty surprised when I noticed that a recv() on a
+non-blocking unix domain socket of type SOCK_SEQPACKET (which is connection
+oriented, after all) where the remote end has closed the connection
+returned -1 (EAGAIN) rather than 0 to indicate end of file.
+
+This is a test case:
+
+| #include <sys/types.h>
+| #include <unistd.h>
+| #include <sys/socket.h>
+| #include <sys/un.h>
+| #include <fcntl.h>
+| #include <string.h>
+| #include <stdlib.h>
+|
+| int main(){
+| int sock;
+| struct sockaddr_un addr;
+| char buf[4096];
+| int pfds[2];
+|
+| pipe(pfds);
+| sock=socket(PF_UNIX,SOCK_SEQPACKET,0);
+| addr.sun_family=AF_UNIX;
+| strcpy(addr.sun_path,"/tmp/foobar_testsock");
+| bind(sock,(struct sockaddr *)&addr,sizeof(addr));
+| listen(sock,1);
+| if(fork()){
+| close(sock);
+| sock=socket(PF_UNIX,SOCK_SEQPACKET,0);
+| connect(sock,(struct sockaddr *)&addr,sizeof(addr));
+| fcntl(sock,F_SETFL,fcntl(sock,F_GETFL)|O_NONBLOCK);
+| close(pfds[1]);
+| read(pfds[0],buf,sizeof(buf));
+| recv(sock,buf,sizeof(buf),0); // <-- this one
+| }else accept(sock,NULL,NULL);
+| exit(0);
+| }
+
+If you try it, make sure /tmp/foobar_testsock doesn't exist.
+
+The marked recv() returns -1 (EAGAIN) on 2.6.23.9. Below you find a
+patch that fixes that.
+
+Signed-off-by: Florian Zumbiehl <florz@florz.de>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/unix/af_unix.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/net/unix/af_unix.c
++++ b/net/unix/af_unix.c
+@@ -1632,8 +1632,15 @@ static int unix_dgram_recvmsg(struct kio
+ mutex_lock(&u->readlock);
+
+ skb = skb_recv_datagram(sk, flags, noblock, &err);
+- if (!skb)
++ if (!skb) {
++ unix_state_lock(sk);
++ /* Signal EOF on disconnected non-blocking SEQPACKET socket. */
++ if (sk->sk_type == SOCK_SEQPACKET && err == -EAGAIN &&
++ (sk->sk_shutdown & RCV_SHUTDOWN))
++ err = 0;
++ unix_state_unlock(sk);
+ goto out_unlock;
++ }
+
+ wake_up_interruptible(&u->peer_wait);
+
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:27 2007
+Message-Id: <20071213064627.359112251@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:13 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ <davem@davemloft.net>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Jan Engelhardt <jengelh@computergmbh.de>,
+ Patrick McHardy <kaber@trash.net>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 55/60] NETFILTER: fix forgotten module release in xt_CONNMARK and xt_CONNSECMARK
+Content-Disposition: inline; filename=netfilter-fix-forgotten-module-release-in-xt_connmark-and-xt_connsecmark.patch
+Content-Length: 2640
+Lines: 85
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Jan Engelhardt <jengelh@computergmbh.de>
+
+[NETFILTER]: fix forgotten module release in xt_CONNMARK and xt_CONNSECMARK
+
+[ Upstream commit: 67b4af297033f5f65999885542f95ba7b562848a ]
+
+Fix forgotten module release in xt_CONNMARK and xt_CONNSECMARK
+
+When xt_CONNMARK is used outside the mangle table and the user specified
+"--restore-mark", the connmark_tg_check() function will (correctly)
+error out, but (incorrectly) forgets to release the L3 conntrack module.
+Same for xt_CONNSECMARK.
+
+Fix is to move the call to acquire the L3 module after the basic
+constraint checks.
+
+Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/netfilter/xt_CONNMARK.c | 10 +++++-----
+ net/netfilter/xt_CONNSECMARK.c | 10 +++++-----
+ 2 files changed, 10 insertions(+), 10 deletions(-)
+
+--- a/net/netfilter/xt_CONNMARK.c
++++ b/net/netfilter/xt_CONNMARK.c
+@@ -85,11 +85,6 @@ checkentry(const char *tablename,
+ {
+ const struct xt_connmark_target_info *matchinfo = targinfo;
+
+- if (nf_ct_l3proto_try_module_get(target->family) < 0) {
+- printk(KERN_WARNING "can't load conntrack support for "
+- "proto=%d\n", target->family);
+- return false;
+- }
+ if (matchinfo->mode == XT_CONNMARK_RESTORE) {
+ if (strcmp(tablename, "mangle") != 0) {
+ printk(KERN_WARNING "CONNMARK: restore can only be "
+@@ -102,6 +97,11 @@ checkentry(const char *tablename,
+ printk(KERN_WARNING "CONNMARK: Only supports 32bit mark\n");
+ return false;
+ }
++ if (nf_ct_l3proto_try_module_get(target->family) < 0) {
++ printk(KERN_WARNING "can't load conntrack support for "
++ "proto=%d\n", target->family);
++ return false;
++ }
+ return true;
+ }
+
+--- a/net/netfilter/xt_CONNSECMARK.c
++++ b/net/netfilter/xt_CONNSECMARK.c
+@@ -91,11 +91,6 @@ static bool checkentry(const char *table
+ {
+ const struct xt_connsecmark_target_info *info = targinfo;
+
+- if (nf_ct_l3proto_try_module_get(target->family) < 0) {
+- printk(KERN_WARNING "can't load conntrack support for "
+- "proto=%d\n", target->family);
+- return false;
+- }
+ switch (info->mode) {
+ case CONNSECMARK_SAVE:
+ case CONNSECMARK_RESTORE:
+@@ -106,6 +101,11 @@ static bool checkentry(const char *table
+ return false;
+ }
+
++ if (nf_ct_l3proto_try_module_get(target->family) < 0) {
++ printk(KERN_WARNING "can't load conntrack support for "
++ "proto=%d\n", target->family);
++ return false;
++ }
+ return true;
+ }
+
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:27 2007
+Message-Id: <20071213064627.518748549@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:14 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ IDE/ATA development list <linux-ide@vger.kernel.org>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Michael Tokarev <mjt@tls.msk.ru>,
+ Jeff Garzik <jeff@garzik.org>,
+ Diego Torres <dtorres@coral.dnsalias.org>,
+ Tejun Heo <htejun@gmail.com>
+Subject: [patch 56/60] libata: kill spurious NCQ completion detection
+Content-Disposition: inline; filename=libata-kill-spurious-ncq-completion-detection.patch
+Content-Length: 6324
+Lines: 175
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Tejun Heo <htejun@gmail.com>
+
+patch 459ad68893a84fb0881e57919340b97edbbc3dc7 in mainline.
+
+Spurious NCQ completion detection implemented in ahci was incorrect.
+On AHCI receving and processing FISes and raising interrupts are not
+interlocked and spurious interrupts are expected.
+
+For example, if an interrupt occurs while interrupt handler is running
+and the running interrupt handler handles the event the new IRQ
+indicated, after IRQ handler finishes, it will be executed again
+because IRQ pending bit is set by the new interrupt but there won't be
+anything to process.
+
+Please read the following message for more information.
+
+ http://article.gmane.org/gmane.linux.ide/26012
+
+This patch...
+
+* Removes all spurious IRQ whining from ahci. Spurious NCQ completion
+ detection was completely wrong. Spurious D2H Register FIS taught us
+ that some early drives send spurious D2H Register FIS with I bit set
+ while NCQ commands are in progress but none of recent drives does
+ that and even the ones which show such behavior can do NCQ fine.
+
+* Kills all NCQ blacklist entries which were added because of spurious
+ NCQ completions. I tracked down each commit and verified all
+ removed ones are actually added because of spurious completions.
+
+ WD740ADFD-00NLR1 wasn't deleted but moved upward because the drive
+ not only had spurious NCQ completions but also is slow on sequential
+ data transfers if NCQ is enabled.
+
+ Maxtor 7V300F0 was added by 0e3dbc01d53940fe10e5a5cfec15ede3e929c918
+ from Alan Cox. I can only find evidences that the drive only had
+ troubles with spuruious completions by searching the mailing list.
+ This entry needs to be verified and removed if it doesn't have other
+ NCQ related problems.
+
+Signed-off-by: Tejun Heo <htejun@gmail.com>
+Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
+Signed-off-by: Jeff Garzik <jeff@garzik.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/ata/ahci.c | 65 ----------------------------------------------
+ drivers/ata/libata-core.c | 17 ------------
+ 2 files changed, 2 insertions(+), 80 deletions(-)
+
+--- a/drivers/ata/ahci.c
++++ b/drivers/ata/ahci.c
+@@ -1432,7 +1432,7 @@ static void ahci_port_intr(struct ata_po
+ struct ata_eh_info *ehi = &ap->eh_info;
+ struct ahci_port_priv *pp = ap->private_data;
+ u32 status, qc_active;
+- int rc, known_irq = 0;
++ int rc;
+
+ status = readl(port_mmio + PORT_IRQ_STAT);
+ writel(status, port_mmio + PORT_IRQ_STAT);
+@@ -1448,74 +1448,11 @@ static void ahci_port_intr(struct ata_po
+ qc_active = readl(port_mmio + PORT_CMD_ISSUE);
+
+ rc = ata_qc_complete_multiple(ap, qc_active, NULL);
+- if (rc > 0)
+- return;
+ if (rc < 0) {
+ ehi->err_mask |= AC_ERR_HSM;
+ ehi->action |= ATA_EH_SOFTRESET;
+ ata_port_freeze(ap);
+- return;
+- }
+-
+- /* hmmm... a spurious interupt */
+-
+- /* if !NCQ, ignore. No modern ATA device has broken HSM
+- * implementation for non-NCQ commands.
+- */
+- if (!ap->sactive)
+- return;
+-
+- if (status & PORT_IRQ_D2H_REG_FIS) {
+- if (!pp->ncq_saw_d2h)
+- ata_port_printk(ap, KERN_INFO,
+- "D2H reg with I during NCQ, "
+- "this message won't be printed again\n");
+- pp->ncq_saw_d2h = 1;
+- known_irq = 1;
+- }
+-
+- if (status & PORT_IRQ_DMAS_FIS) {
+- if (!pp->ncq_saw_dmas)
+- ata_port_printk(ap, KERN_INFO,
+- "DMAS FIS during NCQ, "
+- "this message won't be printed again\n");
+- pp->ncq_saw_dmas = 1;
+- known_irq = 1;
+- }
+-
+- if (status & PORT_IRQ_SDB_FIS) {
+- const __le32 *f = pp->rx_fis + RX_FIS_SDB;
+-
+- if (le32_to_cpu(f[1])) {
+- /* SDB FIS containing spurious completions
+- * might be dangerous, whine and fail commands
+- * with HSM violation. EH will turn off NCQ
+- * after several such failures.
+- */
+- ata_ehi_push_desc(ehi,
+- "spurious completions during NCQ "
+- "issue=0x%x SAct=0x%x FIS=%08x:%08x",
+- readl(port_mmio + PORT_CMD_ISSUE),
+- readl(port_mmio + PORT_SCR_ACT),
+- le32_to_cpu(f[0]), le32_to_cpu(f[1]));
+- ehi->err_mask |= AC_ERR_HSM;
+- ehi->action |= ATA_EH_SOFTRESET;
+- ata_port_freeze(ap);
+- } else {
+- if (!pp->ncq_saw_sdb)
+- ata_port_printk(ap, KERN_INFO,
+- "spurious SDB FIS %08x:%08x during NCQ, "
+- "this message won't be printed again\n",
+- le32_to_cpu(f[0]), le32_to_cpu(f[1]));
+- pp->ncq_saw_sdb = 1;
+- }
+- known_irq = 1;
+ }
+-
+- if (!known_irq)
+- ata_port_printk(ap, KERN_INFO, "spurious interrupt "
+- "(irq_stat 0x%x active_tag 0x%x sactive 0x%x)\n",
+- status, ap->active_tag, ap->sactive);
+ }
+
+ static void ahci_irq_clear(struct ata_port *ap)
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -3772,6 +3772,7 @@ static const struct ata_blacklist_entry
+ /* Devices where NCQ should be avoided */
+ /* NCQ is slow */
+ { "WDC WD740ADFD-00", NULL, ATA_HORKAGE_NONCQ },
++ { "WDC WD740ADFD-00NLR1", NULL, ATA_HORKAGE_NONCQ, },
+ /* http://thread.gmane.org/gmane.linux.ide/14907 */
+ { "FUJITSU MHT2060BH", NULL, ATA_HORKAGE_NONCQ },
+ /* NCQ is broken */
+@@ -3790,22 +3791,6 @@ static const struct ata_blacklist_entry
+ { "HTS541060G9SA00", "MB3OC60D", ATA_HORKAGE_NONCQ, },
+ { "HTS541080G9SA00", "MB4OC60D", ATA_HORKAGE_NONCQ, },
+ { "HTS541010G9SA00", "MBZOC60D", ATA_HORKAGE_NONCQ, },
+- /* Drives which do spurious command completion */
+- { "HTS541680J9SA00", "SB2IC7EP", ATA_HORKAGE_NONCQ, },
+- { "HTS541612J9SA00", "SBDIC7JP", ATA_HORKAGE_NONCQ, },
+- { "HDT722516DLA380", "V43OA96A", ATA_HORKAGE_NONCQ, },
+- { "Hitachi HTS541616J9SA00", "SB4OC70P", ATA_HORKAGE_NONCQ, },
+- { "Hitachi HTS542525K9SA00", "BBFOC31P", ATA_HORKAGE_NONCQ, },
+- { "WDC WD740ADFD-00NLR1", NULL, ATA_HORKAGE_NONCQ, },
+- { "WDC WD3200AAJS-00RYA0", "12.01B01", ATA_HORKAGE_NONCQ, },
+- { "FUJITSU MHV2080BH", "00840028", ATA_HORKAGE_NONCQ, },
+- { "ST9120822AS", "3.CLF", ATA_HORKAGE_NONCQ, },
+- { "ST9160821AS", "3.CLF", ATA_HORKAGE_NONCQ, },
+- { "ST9160821AS", "3.ALD", ATA_HORKAGE_NONCQ, },
+- { "ST9160821AS", "3.CCD", ATA_HORKAGE_NONCQ, },
+- { "ST3160812AS", "3.ADJ", ATA_HORKAGE_NONCQ, },
+- { "ST980813AS", "3.ADB", ATA_HORKAGE_NONCQ, },
+- { "SAMSUNG HD401LJ", "ZZ100-15", ATA_HORKAGE_NONCQ, },
+
+ /* devices which puke on READ_NATIVE_MAX */
+ { "HDS724040KLSA80", "KFAOA20N", ATA_HORKAGE_BROKEN_HPA, },
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:27 2007
+Message-Id: <20071213064627.677027405@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:15 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ davem@davemloft.net
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Patrick McHardy <kaber@trash.net>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 57/60] XFRM: Fix leak of expired xfrm_states
+Content-Disposition: inline; filename=xfrm-fix-leak-of-expired-xfrm_states.patch
+Content-Length: 1124
+Lines: 38
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Patrick McHardy <kaber@trash.net>
+
+[XFRM]: Fix leak of expired xfrm_states
+
+[ Upstream commit: 5dba4797115c8fa05c1a4d12927a6ae0b33ffc41 ]
+
+The xfrm_timer calls __xfrm_state_delete, which drops the final reference
+manually without triggering destruction of the state. Change it to use
+xfrm_state_put to add the state to the gc list when we're dropping the
+last reference. The timer function may still continue to use the state
+safely since the final destruction does a del_timer_sync().
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/xfrm/xfrm_state.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/xfrm/xfrm_state.c
++++ b/net/xfrm/xfrm_state.c
+@@ -370,7 +370,7 @@ int __xfrm_state_delete(struct xfrm_stat
+ * The xfrm_state_alloc call gives a reference, and that
+ * is what we are dropping here.
+ */
+- __xfrm_state_put(x);
++ xfrm_state_put(x);
+ err = 0;
+ }
+
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:27 2007
+Message-Id: <20071213064627.834431030@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:16 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ Greg KH <greg@kroah.com>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ <davem@davemloft.net>,
+ Patrick McHardy <kaber@trash.net>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 58/60] NETFILTER: xt_TCPMSS: remove network triggerable WARN_ON
+Content-Disposition: inline; filename=netfilter-xt_tcpmss-remove-network-triggerable-warn_on.patch
+Content-Length: 1004
+Lines: 37
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Patrick McHardy <kaber@trash.net>
+
+[NETFILTER]: xt_TCPMSS: remove network triggerable WARN_ON
+
+[ Upstream commit: 9dc0564e862b1b9a4677dec2c736b12169e03e99 ]
+
+ipv6_skip_exthdr() returns -1 for invalid packets. don't WARN_ON
+that.
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/netfilter/xt_TCPMSS.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/net/netfilter/xt_TCPMSS.c
++++ b/net/netfilter/xt_TCPMSS.c
+@@ -178,10 +178,8 @@ xt_tcpmss_target6(struct sk_buff **pskb,
+
+ nexthdr = ipv6h->nexthdr;
+ tcphoff = ipv6_skip_exthdr(*pskb, sizeof(*ipv6h), &nexthdr);
+- if (tcphoff < 0) {
+- WARN_ON(1);
++ if (tcphoff < 0)
+ return NF_DROP;
+- }
+ ret = tcpmss_mangle_packet(pskb, targinfo, tcphoff,
+ sizeof(*ipv6h) + sizeof(struct tcphdr));
+ if (ret < 0)
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:28 2007
+Message-Id: <20071213064627.989808374@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:17 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ Greg KH <greg@kroah.com>
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ bunk@kernel.org,
+ <davem@davemloft.net>,
+ Pavel Emelyanov <xemul@openvz.org>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 59/60] BRIDGE: Properly dereference the br_should_route_hook
+Content-Disposition: inline; filename=bridge-properly-dereference-the-br_should_route_hook.patch
+Content-Length: 2038
+Lines: 74
+
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Pavel Emelyanov <xemul@openvz.org>
+
+[BRIDGE]: Properly dereference the br_should_route_hook
+
+[ Upstream commit: 82de382ce8e1c7645984616728dc7aaa057821e4 ]
+
+This hook is protected with the RCU, so simple
+
+if (br_should_route_hook)
+ br_should_route_hook(...)
+
+is not enough on some architectures.
+
+Use the rcu_dereference/rcu_assign_pointer in this case.
+
+Fixed Stephen's comment concerning using the typeof().
+
+Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/bridge/br_input.c | 7 ++++---
+ net/bridge/netfilter/ebtable_broute.c | 4 ++--
+ 2 files changed, 6 insertions(+), 5 deletions(-)
+
+--- a/net/bridge/br_input.c
++++ b/net/bridge/br_input.c
+@@ -122,6 +122,7 @@ static inline int is_link_local(const un
+ struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb)
+ {
+ const unsigned char *dest = eth_hdr(skb)->h_dest;
++ int (*rhook)(struct sk_buff **pskb);
+
+ if (!is_valid_ether_addr(eth_hdr(skb)->h_source))
+ goto drop;
+@@ -143,9 +144,9 @@ struct sk_buff *br_handle_frame(struct n
+
+ switch (p->state) {
+ case BR_STATE_FORWARDING:
+-
+- if (br_should_route_hook) {
+- if (br_should_route_hook(&skb))
++ rhook = rcu_dereference(br_should_route_hook);
++ if (rhook != NULL) {
++ if (rhook(&skb))
+ return skb;
+ dest = eth_hdr(skb)->h_dest;
+ }
+--- a/net/bridge/netfilter/ebtable_broute.c
++++ b/net/bridge/netfilter/ebtable_broute.c
+@@ -70,13 +70,13 @@ static int __init ebtable_broute_init(vo
+ if (ret < 0)
+ return ret;
+ /* see br_input.c */
+- br_should_route_hook = ebt_broute;
++ rcu_assign_pointer(br_should_route_hook, ebt_broute);
+ return ret;
+ }
+
+ static void __exit ebtable_broute_fini(void)
+ {
+- br_should_route_hook = NULL;
++ rcu_assign_pointer(br_should_route_hook, NULL);
+ synchronize_net();
+ ebt_unregister_table(&broute_table);
+ }
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:28 2007
+Message-Id: <20071213064628.148300328@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:18 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ "Rafael J. Wysocki" <rjw@sisk.pl>,
+ David Chinner <dgc@sgi.com>,
+ Lachlan McIlroy <lachlan@sgi.com>,
+ Oliver Pintr <oliver.pntr@gmail.com>
+Subject: [patch 60/60] XFS: Make xfsbufd threads freezable
+Content-Disposition: inline; filename=xfs-make-xfsbufd-threads-freezable.patch
+Content-Length: 980
+Lines: 38
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Rafael J. Wysocki <rjw@sisk.pl>
+
+patch 978c7b2ff49597ab76ff7529a933bd366941ac25 in mainline
+
+Fix breakage caused by commit 831441862956fffa17b9801db37e6ea1650b0f69
+that did not introduce the necessary call to set_freezable() in
+xfs/linux-2.6/xfs_buf.c .
+
+SGI-PV: 974224
+SGI-Modid: xfs-linux-melb:xfs-kern:30203a
+
+Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
+Signed-off-by: David Chinner <dgc@sgi.com>
+Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
+Cc: Oliver Pintr <oliver.pntr@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/xfs/linux-2.6/xfs_buf.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/xfs/linux-2.6/xfs_buf.c
++++ b/fs/xfs/linux-2.6/xfs_buf.c
+@@ -1744,6 +1744,8 @@ xfsbufd(
+
+ current->flags |= PF_MEMALLOC;
+
++ set_freezable();
++
+ do {
+ if (unlikely(freezing(current))) {
+ set_bit(XBT_FORCE_SLEEP, &target->bt_flags);
+
+--
+
+From gregkh@mini.kroah.org Wed Dec 12 22:46:25 2007
+Message-Id: <20071213064625.763266261@mini.kroah.org>
+References: <20071213064518.328162328@mini.kroah.org>
+User-Agent: quilt/0.46-1
+Date: Wed, 12 Dec 2007 22:46:03 -0800
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org,
+ davem@davemloft.net
+Cc: Justin Forbes <jmforbes@linuxtx.org>,
+ Zwane Mwaikambo <zwane@arm.linux.org.uk>,
+ Theodore Ts'o <tytso@mit.edu>,
+ Randy Dunlap <rdunlap@xenotime.net>,
+ Dave Jones <davej@redhat.com>,
+ Chuck Wolber <chuckw@quantumlinux.com>,
+ Chris Wedgwood <reviews@ml.cw.f00f.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ Chuck Ebbert <cebbert@redhat.com>,
+ Domenico Andreoli <cavokz@gmail.com>,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ =?ISO-8859-15?q?Ilpo=20J=E4rvinen?= <ilpo.jarvinen@helsinki.fi>,
+ Herbert Xu <herbert@gondor.apana.org.au>
+Subject: [patch 45/60] TCP: MTUprobe: fix potential sk_send_head corruption
+Content-Disposition: inline; filename=tcp-mtuprobe-fix-potential-sk_send_head-corruption.patch
+Content-Length: 1540
+Lines: 50
+
+2.6.23-stable review patch. If anyone has any objections, please let us
+know.
+
+------------------
+From: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
+
+[TCP] MTUprobe: fix potential sk_send_head corruption
+
+[ Upstream commit: 6e42141009ff18297fe19d19296738b742f861db ]
+
+When the abstraction functions got added, conversion here was
+made incorrectly. As a result, the skb may end up pointing
+to skb which got included to the probe skb and then was freed.
+For it to trigger, however, skb_transmit must fail sending as
+well.
+
+Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/net/tcp.h | 3 +++
+ net/ipv4/tcp_output.c | 1 -
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+--- a/include/net/tcp.h
++++ b/include/net/tcp.h
+@@ -1256,6 +1256,9 @@ static inline void tcp_insert_write_queu
+ struct sock *sk)
+ {
+ __skb_insert(new, skb->prev, skb, &sk->sk_write_queue);
++
++ if (sk->sk_send_head == skb)
++ sk->sk_send_head = new;
+ }
+
+ static inline void tcp_unlink_write_queue(struct sk_buff *skb, struct sock *sk)
+--- a/net/ipv4/tcp_output.c
++++ b/net/ipv4/tcp_output.c
+@@ -1287,7 +1287,6 @@ static int tcp_mtu_probe(struct sock *sk
+
+ skb = tcp_send_head(sk);
+ tcp_insert_write_queue_before(nskb, skb, sk);
+- tcp_advance_send_head(sk, skb);
+
+ TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(skb)->seq;
+ TCP_SKB_CB(nskb)->end_seq = TCP_SKB_CB(skb)->seq + probe_size;
+
+--
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
