--- /dev/null
+From gregkh@mini.kroah.org Thu Sep 10 17:30:38 2009
+Message-Id: <20090911003038.700143413@mini.kroah.org>
+User-Agent: quilt/0.48-1
+Date: Thu, 10 Sep 2009 17:29:24 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: stable-review@kernel.org,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ =?ISO-8859-15?q?Krzysztof=20Ha=C5=82asa?= <khc@pm.waw.pl>,
+ "David S. Miller" <davem@davemloft.net>
+Subject: [patch 1/4] E100: fix interaction with swiotlb on X86.
+References: <20090911002923.745284267@mini.kroah.org>
+Content-Disposition: inline; filename=e100-fix-interaction-with-swiotlb-on-x86.patch
+Content-Length: 1527
+Lines: 38
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+From: Krzysztof Hałasa <khc@pm.waw.pl>
+
+[ Upstream commit 6ff9c2e7fa8ca63a575792534b63c5092099c286 ]
+
+E100 places it's RX packet descriptors inside skb->data and uses them
+with bidirectional streaming DMA mapping. Data in descriptors is
+accessed simultaneously by the chip (writing status and size when
+a packet is received) and CPU (reading to check if the packet was
+received). This isn't a valid usage of PCI DMA API, which requires use
+of the coherent (consistent) memory for such purpose. Unfortunately e100
+chips working in "simplified" RX mode have to store received data
+directly after the descriptor. Fixing the driver to conform to the API
+would require using unsupported "flexible" RX mode or receiving data
+into a coherent memory and using CPU to copy it to network buffers.
+
+This patch, while not yet making the driver conform to the PCI DMA API,
+allows it to work correctly on X86 with swiotlb (while not breaking
+other architectures).
+
+Signed-off-by: Krzysztof Hałasa <khc@pm.waw.pl>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ drivers/net/e100.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/e100.c
++++ b/drivers/net/e100.c
+@@ -1842,7 +1842,7 @@ static int e100_rx_indicate(struct nic *
+ nic->ru_running = RU_SUSPENDED;
+ pci_dma_sync_single_for_device(nic->pdev, rx->dma_addr,
+ sizeof(struct rfd),
+- PCI_DMA_BIDIRECTIONAL);
++ PCI_DMA_FROMDEVICE);
+ return -ENODATA;
+ }
+
+
+
+From gregkh@mini.kroah.org Thu Sep 10 17:30:39 2009
+Message-Id: <20090911003038.870978807@mini.kroah.org>
+User-Agent: quilt/0.48-1
+Date: Thu, 10 Sep 2009 17:29:25 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: stable-review@kernel.org,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Eric Dumazet <eric.dumazet@gmail.com>,
+ Pavel Emelyanov <xemul@openvz.org>,
+ "David S. Miller" <davem@davemloft.net>
+Subject: [patch 2/4] net: net_assign_generic() fix
+References: <20090911002923.745284267@mini.kroah.org>
+Content-Disposition: inline; filename=net-net_assign_generic-fix.patch
+Content-Length: 851
+Lines: 27
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+From: Eric Dumazet <eric.dumazet@gmail.com>
+
+[ Upstream commit 144586301f6af5ae5943a002f030d8c626fa4fdd ]
+
+memcpy() should take into account size of pointers,
+not only number of pointers to copy.
+
+Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
+Acked-by: Pavel Emelyanov <xemul@openvz.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ net/core/net_namespace.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/core/net_namespace.c
++++ b/net/core/net_namespace.c
+@@ -446,7 +446,7 @@ int net_assign_generic(struct net *net,
+
+ ng->len = id;
+ INIT_RCU_HEAD(&ng->rcu);
+- memcpy(&ng->ptr, &old_ng->ptr, old_ng->len);
++ memcpy(&ng->ptr, &old_ng->ptr, old_ng->len * sizeof(void*));
+
+ rcu_assign_pointer(net->gen, ng);
+ call_rcu(&old_ng->rcu, net_generic_release);
+
+
+From gregkh@mini.kroah.org Thu Sep 10 17:30:39 2009
+Message-Id: <20090911003039.046646116@mini.kroah.org>
+User-Agent: quilt/0.48-1
+Date: Thu, 10 Sep 2009 17:29:26 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: stable-review@kernel.org,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Massimo Cirillo <maxcir@gmail.com>,
+ Artem Bityutskiy <Artem.Bityutskiy@nokia.com>,
+ David Woodhouse <David.Woodhouse@intel.com>
+Subject: [patch 3/4] JFFS2: add missing verify buffer allocation/deallocation
+References: <20090911002923.745284267@mini.kroah.org>
+Content-Disposition: inline; filename=jffs2-add-missing-verify-buffer-allocation-deallocation.patch
+Content-Length: 1287
+Lines: 45
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+From: Massimo Cirillo <maxcir@gmail.com>
+
+commit bc8cec0dff072f1a45ce7f6b2c5234bb3411ac51 upstream.
+
+The function jffs2_nor_wbuf_flash_setup() doesn't allocate the verify buffer
+if CONFIG_JFFS2_FS_WBUF_VERIFY is defined, so causing a kernel panic when
+that macro is enabled and the verify function is called. Similarly the
+jffs2_nor_wbuf_flash_cleanup() must free the buffer if
+CONFIG_JFFS2_FS_WBUF_VERIFY is enabled.
+The following patch fixes the problem.
+The following patch applies to 2.6.30 kernel.
+
+Signed-off-by: Massimo Cirillo <maxcir@gmail.com>
+Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
+Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/jffs2/wbuf.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/fs/jffs2/wbuf.c
++++ b/fs/jffs2/wbuf.c
+@@ -1271,10 +1271,20 @@ int jffs2_nor_wbuf_flash_setup(struct jf
+ if (!c->wbuf)
+ return -ENOMEM;
+
++#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
++ c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
++ if (!c->wbuf_verify) {
++ kfree(c->wbuf);
++ return -ENOMEM;
++ }
++#endif
+ return 0;
+ }
+
+ void jffs2_nor_wbuf_flash_cleanup(struct jffs2_sb_info *c) {
++#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
++ kfree(c->wbuf_verify);
++#endif
+ kfree(c->wbuf);
+ }
+
+
+
+From gregkh@mini.kroah.org Thu Sep 10 17:30:39 2009
+Message-Id: <20090911003039.190636068@mini.kroah.org>
+User-Agent: quilt/0.48-1
+Date: Thu, 10 Sep 2009 17:29:27 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: stable-review@kernel.org,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk,
+ Eric Dumazet <eric.dumazet@gmail.com>,
+ "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
+ Pekka Enberg <penberg@cs.helsinki.fi>
+Subject: [patch 4/4] slub: Fix kmem_cache_destroy() with SLAB_DESTROY_BY_RCU
+References: <20090911002923.745284267@mini.kroah.org>
+Content-Disposition: inline; filename=slub-fix-kmem_cache_destroy-with-slab_destroy_by_rcu.patch
+Content-Length: 1275
+Lines: 42
+
+2.6.27-stable review patch. If anyone has any objections, please let us know.
+
+------------------
+From: Eric Dumazet <eric.dumazet@gmail.com>
+
+commit d76b1590e06a63a3d8697168cd0aabf1c4b3cb3a upstream.
+
+kmem_cache_destroy() should call rcu_barrier() *after* kmem_cache_close() and
+*before* sysfs_slab_remove() or risk rcu_free_slab() being called after
+kmem_cache is deleted (kfreed).
+
+rmmod nf_conntrack can crash the machine because it has to kmem_cache_destroy()
+a SLAB_DESTROY_BY_RCU enabled cache.
+
+Reported-by: Zdenek Kabelac <zdenek.kabelac@gmail.com>
+Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
+Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ mm/slub.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/mm/slub.c
++++ b/mm/slub.c
+@@ -2447,8 +2447,6 @@ static inline int kmem_cache_close(struc
+ */
+ void kmem_cache_destroy(struct kmem_cache *s)
+ {
+- if (s->flags & SLAB_DESTROY_BY_RCU)
+- rcu_barrier();
+ down_write(&slub_lock);
+ s->refcount--;
+ if (!s->refcount) {
+@@ -2459,6 +2457,8 @@ void kmem_cache_destroy(struct kmem_cach
+ "still has objects.\n", s->name, __func__);
+ dump_stack();
+ }
++ if (s->flags & SLAB_DESTROY_BY_RCU)
++ rcu_barrier();
+ sysfs_slab_remove(s);
+ } else
+ up_write(&slub_lock);
+
+
+From gregkh@mini.kroah.org Thu Sep 10 17:30:38 2009
+Message-Id: <20090911002923.745284267@mini.kroah.org>
+User-Agent: quilt/0.48-1
+Date: Thu, 10 Sep 2009 17:29:23 -0700
+From: Greg KH <gregkh@suse.de>
+To: linux-kernel@vger.kernel.org,
+ stable@kernel.org
+Cc: stable-review@kernel.org,
+ torvalds@linux-foundation.org,
+ akpm@linux-foundation.org,
+ alan@lxorguk.ukuu.org.uk
+Subject: [patch 0/4] 2.6.27.34-stable review
+Content-Length: 1145
+Lines: 31
+
+This is the start of the stable review cycle for the 2.6.27.34 release.
+There are 4 patches in this series, all will be posted as a response to
+this one. If anyone has any issues with these being applied, please let
+us know. If anyone is a maintainer of the proper subsystem, and wants
+to add a Signed-off-by: line to the patch, please respond with it.
+
+These patches are sent out with a number of different people on the Cc:
+line. If you wish to be a reviewer, please email stable@kernel.org to
+add your name to the list. If you want to be off the reviewer list,
+also email us.
+
+Responses should be made by Sunday, September 12, 2009 00:00:00 UTC.
+Anything received after that time might be too late.
+
+The whole patch series can be found in one patch at:
+ kernel.org/pub/linux/kernel/v2.6/stable-review/patch-2.6.27.34-rc1.gz
+and the diffstat can be found below.
+
+
+thanks,
+
+greg k-h
+
+-------------
+
+ Makefile | 2 +-
+ drivers/net/e100.c | 2 +-
+ fs/jffs2/wbuf.c | 10 ++++++++++
+ mm/slub.c | 4 ++--
+ net/core/net_namespace.c | 2 +-
+ 5 files changed, 15 insertions(+), 5 deletions(-)
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
