--- /dev/null
+From stable-bounces@linux.kernel.org Thu Nov 29 04:08:45 2007
+From: chas williams <chas@cmf.nrl.navy.mil>
+Date: Thu, 29 Nov 2007 23:07:57 +1100
+Subject: ATM: [he] initialize lock and tasklet earlier
+To: stable@kernel.org, bunk@kernel.org, davem@davemloft.net
+Message-ID: <E1IxiBR-0007s0-00@gondolin.me.apana.org.au>
+
+
+From: chas williams <chas@cmf.nrl.navy.mil>
+
+[ATM]: [he] initialize lock and tasklet earlier
+
+[ Upstream commit: 8a8037ac9dbe4eb20ce50aa20244faf77444f4a3 ]
+
+if you are lucky (unlucky?) enough to have shared interrupts, the
+interrupt handler can be called before the tasklet and lock are ready
+for use.
+
+Signed-off-by: chas williams <chas@cmf.nrl.navy.mil>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: David Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/atm/he.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/drivers/atm/he.c
++++ b/drivers/atm/he.c
+@@ -394,6 +394,11 @@ he_init_one(struct pci_dev *pci_dev, con
+ he_dev->atm_dev->dev_data = he_dev;
+ atm_dev->dev_data = he_dev;
+ he_dev->number = atm_dev->number;
++#ifdef USE_TASKLET
++ tasklet_init(&he_dev->tasklet, he_tasklet, (unsigned long) he_dev);
++#endif
++ spin_lock_init(&he_dev->global_lock);
++
+ if (he_start(atm_dev)) {
+ he_stop(he_dev);
+ err = -ENODEV;
+@@ -1173,11 +1178,6 @@ he_start(struct atm_dev *dev)
+ if ((err = he_init_irq(he_dev)) != 0)
+ return err;
+
+-#ifdef USE_TASKLET
+- tasklet_init(&he_dev->tasklet, he_tasklet, (unsigned long) he_dev);
+-#endif
+- spin_lock_init(&he_dev->global_lock);
+-
+ /* 4.11 enable pci bus controller state machines */
+ host_cntl |= (OUTFF_ENB | CMDFF_ENB |
+ QUICK_RD_RETRY | QUICK_WR_RETRY | PERR_INT_ENB);
--- /dev/null
+From stable-bounces@linux.kernel.org Thu Nov 29 04:08:58 2007
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Thu, 29 Nov 2007 23:07:57 +1100
+Subject: CRYPTO api: Fix potential race in crypto_remove_spawn
+To: stable@kernel.org, davem@davemloft.net
+Message-ID: <E1IxiBR-0007s2-00@gondolin.me.apana.org.au>
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+[CRYPTO] api: Fix potential race in crypto_remove_spawn
+
+[ Upstream commit: 38cb2419f544ad413c7f7aa8c17fd7377610cdd8 ]
+
+As it is crypto_remove_spawn may try to unregister an instance which is
+yet to be registered. This patch fixes this by checking whether the
+instance has been registered before attempting to remove it.
+
+It also removes a bogus cra_destroy check in crypto_register_instance as
+1) it's outside the mutex;
+2) we have a check in __crypto_register_alg already.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: David Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ crypto/algapi.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/crypto/algapi.c
++++ b/crypto/algapi.c
+@@ -98,6 +98,9 @@ static void crypto_remove_spawn(struct c
+ return;
+
+ inst->alg.cra_flags |= CRYPTO_ALG_DEAD;
++ if (hlist_unhashed(&inst->list))
++ return;
++
+ if (!tmpl || !crypto_tmpl_get(tmpl))
+ return;
+
+@@ -333,9 +336,6 @@ int crypto_register_instance(struct cryp
+ LIST_HEAD(list);
+ int err = -EINVAL;
+
+- if (inst->alg.cra_destroy)
+- goto err;
+-
+ err = crypto_check_alg(&inst->alg);
+ if (err)
+ goto err;
--- /dev/null
+From stable-bounces@linux.kernel.org Thu Nov 29 04:08:37 2007
+From: Adrian Bunk <bunk@kernel.org>
+Date: Thu, 29 Nov 2007 23:07:57 +1100
+Subject: IPV4: Remove bogus ifdef mess in arp_process
+To: stable@kernel.org, bunk@kernel.org, davem@davemloft.net
+Message-ID: <E1IxiBR-0007s8-00@gondolin.me.apana.org.au>
+
+
+From: Adrian Bunk <bunk@kernel.org>
+
+[IPV4]: Remove bogus ifdef mess in arp_process
+
+[ Upstream commit: 3660019e5f96fd9a8b7d4214a96523c0bf7b676d ]
+
+The #ifdef's in arp_process() were not only a mess, they were also wrong
+in the CONFIG_NET_ETHERNET=n and (CONFIG_NETDEV_1000=y or
+CONFIG_NETDEV_10000=y) cases.
+
+Since they are not required this patch removes them.
+
+Also removed are some #ifdef's around #include's that caused compile
+errors after this change.
+
+Signed-off-by: Adrian Bunk <bunk@kernel.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: David Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv4/arp.c | 19 -------------------
+ 1 file changed, 19 deletions(-)
+
+--- a/net/ipv4/arp.c
++++ b/net/ipv4/arp.c
+@@ -110,12 +110,8 @@
+ #include <net/tcp.h>
+ #include <net/sock.h>
+ #include <net/arp.h>
+-#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
+ #include <net/ax25.h>
+-#if defined(CONFIG_NETROM) || defined(CONFIG_NETROM_MODULE)
+ #include <net/netrom.h>
+-#endif
+-#endif
+ #if defined(CONFIG_ATM_CLIP) || defined(CONFIG_ATM_CLIP_MODULE)
+ #include <net/atmclip.h>
+ struct neigh_table *clip_tbl_hook;
+@@ -729,20 +725,10 @@ static int arp_process(struct sk_buff *s
+ htons(dev_type) != arp->ar_hrd)
+ goto out;
+ break;
+-#ifdef CONFIG_NET_ETHERNET
+ case ARPHRD_ETHER:
+-#endif
+-#ifdef CONFIG_TR
+ case ARPHRD_IEEE802_TR:
+-#endif
+-#ifdef CONFIG_FDDI
+ case ARPHRD_FDDI:
+-#endif
+-#ifdef CONFIG_NET_FC
+ case ARPHRD_IEEE802:
+-#endif
+-#if defined(CONFIG_NET_ETHERNET) || defined(CONFIG_TR) || \
+- defined(CONFIG_FDDI) || defined(CONFIG_NET_FC)
+ /*
+ * ETHERNET, Token Ring and Fibre Channel (which are IEEE 802
+ * devices, according to RFC 2625) devices will accept ARP
+@@ -757,21 +743,16 @@ static int arp_process(struct sk_buff *s
+ arp->ar_pro != htons(ETH_P_IP))
+ goto out;
+ break;
+-#endif
+-#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
+ case ARPHRD_AX25:
+ if (arp->ar_pro != htons(AX25_P_IP) ||
+ arp->ar_hrd != htons(ARPHRD_AX25))
+ goto out;
+ break;
+-#if defined(CONFIG_NETROM) || defined(CONFIG_NETROM_MODULE)
+ case ARPHRD_NETROM:
+ if (arp->ar_pro != htons(AX25_P_IP) ||
+ arp->ar_hrd != htons(ARPHRD_NETROM))
+ goto out;
+ break;
+-#endif
+-#endif
+ }
+
+ /* Understand only these message types */
--- /dev/null
+From stable-bounces@linux.kernel.org Thu Nov 29 04:08:31 2007
+From: Eric Dumazet <dada1@cosmosbay.com>
+Date: Thu, 29 Nov 2007 23:07:57 +1100
+Subject: NET: Corrects a bug in ip_rt_acct_read()
+To: stable@kernel.org, davem@davemloft.net
+Message-ID: <E1IxiBR-0007sE-00@gondolin.me.apana.org.au>
+
+From: Eric Dumazet <dada1@cosmosbay.com>
+
+[NET]: Corrects a bug in ip_rt_acct_read()
+
+[ Upstream commit: 483b23ffa3a5f44767038b0a676d757e0668437e ]
+
+It seems that stats of cpu 0 are counted twice, since
+for_each_possible_cpu() is looping on all possible cpus, including 0
+
+Before percpu conversion of ip_rt_acct, we should also remove the
+assumption that CPU 0 is online (or even possible)
+
+Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv4/route.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+--- a/net/ipv4/route.c
++++ b/net/ipv4/route.c
+@@ -2913,18 +2913,14 @@ static int ip_rt_acct_read(char *buffer,
+ offset /= sizeof(u32);
+
+ if (length > 0) {
+- u32 *src = ((u32 *) IP_RT_ACCT_CPU(0)) + offset;
+ u32 *dst = (u32 *) buffer;
+
+- /* Copy first cpu. */
+ *start = buffer;
+- memcpy(dst, src, length);
++ memset(dst, 0, length);
+
+- /* Add the other cpus in, one int at a time */
+ for_each_possible_cpu(i) {
+ unsigned int j;
+-
+- src = ((u32 *) IP_RT_ACCT_CPU(i)) + offset;
++ u32 *src = ((u32 *) IP_RT_ACCT_CPU(i)) + offset;
+
+ for (j = 0; j < length/4; j++)
+ dst[j] += src[j];
--- /dev/null
+From stable-bounces@linux.kernel.org Thu Nov 29 04:34:48 2007
+From: Charles Hardin <chardin@2wire.com>
+Date: Thu, 29 Nov 2007 23:07:57 +1100
+Subject: PFKEY: Sending an SADB_GET responds with an SADB_GET
+To: stable@kernel.org, bunk@kernel.org, <davem@davemloft.net>
+Message-ID: <E1IxiBR-0007sf-00@gondolin.me.apana.org.au>
+
+
+From: Charles Hardin <chardin@2wire.com>
+
+[PFKEY]: Sending an SADB_GET responds with an SADB_GET
+
+[ Upstream commit: 435000bebd94aae3a7a50078d142d11683d3b193 ]
+
+Kernel needs to respond to an SADB_GET with the same message type to
+conform to the RFC 2367 Section 3.1.5
+
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/key/af_key.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/key/af_key.c
++++ b/net/key/af_key.c
+@@ -1546,7 +1546,7 @@ static int pfkey_get(struct sock *sk, st
+
+ out_hdr = (struct sadb_msg *) out_skb->data;
+ out_hdr->sadb_msg_version = hdr->sadb_msg_version;
+- out_hdr->sadb_msg_type = SADB_DUMP;
++ out_hdr->sadb_msg_type = SADB_GET;
+ out_hdr->sadb_msg_satype = pfkey_proto2satype(proto);
+ out_hdr->sadb_msg_errno = 0;
+ out_hdr->sadb_msg_reserved = 0;
nf_nat-fix-memset-error.patch
netfilter-fix-kernel-panic-with-redirect-target.patch
create-sys-...-power-when-config_pm-is-set.patch
+net-corrects-a-bug-in-ip_rt_acct_read.patch
+ipv4-remove-bogus-ifdef-mess-in-arp_process.patch
+atm-initialize-lock-and-tasklet-earlier.patch
+tcp-problem-bug-with-sysctl_tcp_congestion_control-function.patch
+crypto-api-fix-potential-race-in-crypto_remove_spawn.patch
+tcp-fix-tcp-header-misalignment.patch
+tcp-mtuprobe-fix-potential-sk_send_head-corruption.patch
+pfkey-sending-an-sadb_get-responds-with-an-sadb_get.patch
--- /dev/null
+From stable-bounces@linux.kernel.org Thu Nov 29 04:09:05 2007
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Thu, 29 Nov 2007 23:07:58 +1100
+Subject: TCP: Fix TCP header misalignment
+To: stable@kernel.org, davem@davemloft.net
+Message-ID: <E1IxiBS-0007sy-00@gondolin.me.apana.org.au>
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+[TCP]: Fix TCP header misalignment
+
+[ Upstream commit: 21df56c6e2372e09c916111efb6c14c372a5ab2e ]
+
+Indeed my previous change to alloc_pskb has made it possible
+for the TCP header to be misaligned iff the MTU is not a multiple
+of 4 (and less than a page). So I suspect the optimised IPsec
+MTU calculation is giving you just such an MTU :)
+
+This patch fixes it by changing alloc_pskb to make sure that
+the size is at least 32-bit aligned. This does not cause the
+problem fixed by the previous patch because max_header is always
+32-bit aligned which means that in the SG/NOTSO case this will
+be a no-op.
+
+I thought about putting this in the callers but all the current
+callers are from TCP. If and when we get a non-TCP caller we
+can always create a TCP wrapper for this function and move the
+alignment over there.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/net/sock.h | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/include/net/sock.h
++++ b/include/net/sock.h
+@@ -1200,6 +1200,9 @@ static inline struct sk_buff *sk_stream_
+ {
+ struct sk_buff *skb;
+
++ /* The TCP header must be at least 32-bit aligned. */
++ size = ALIGN(size, 4);
++
+ skb = alloc_skb_fclone(size + sk->sk_prot->max_header, gfp);
+ if (skb) {
+ skb->truesize += mem;
--- /dev/null
+From stable-bounces@linux.kernel.org Thu Nov 29 04:34:25 2007
+From: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
+Date: Thu, 29 Nov 2007 23:07:58 +1100
+Subject: TCP: MTUprobe: fix potential sk_send_head corruption
+To: stable@kernel.org, davem@davemloft.net
+Message-ID: <E1IxiBS-0007st-00@gondolin.me.apana.org.au>
+
+From: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
+
+[TCP] MTUprobe: fix potential sk_send_head corruption
+
+[ Upstream commit: 6e42141009ff18297fe19d19296738b742f861db ]
+
+When the abstraction functions got added, conversion here was
+made incorrectly. As a result, the skb may end up pointing
+to skb which got included to the probe skb and then was freed.
+For it to trigger, however, skb_transmit must fail sending as
+well.
+
+Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/net/tcp.h | 3 +++
+ net/ipv4/tcp_output.c | 1 -
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+--- a/include/net/tcp.h
++++ b/include/net/tcp.h
+@@ -1256,6 +1256,9 @@ static inline void tcp_insert_write_queu
+ struct sock *sk)
+ {
+ __skb_insert(new, skb->prev, skb, &sk->sk_write_queue);
++
++ if (sk->sk_send_head == skb)
++ sk->sk_send_head = new;
+ }
+
+ static inline void tcp_unlink_write_queue(struct sk_buff *skb, struct sock *sk)
+--- a/net/ipv4/tcp_output.c
++++ b/net/ipv4/tcp_output.c
+@@ -1287,7 +1287,6 @@ static int tcp_mtu_probe(struct sock *sk
+
+ skb = tcp_send_head(sk);
+ tcp_insert_write_queue_before(nskb, skb, sk);
+- tcp_advance_send_head(sk, skb);
+
+ TCP_SKB_CB(nskb)->seq = TCP_SKB_CB(skb)->seq;
+ TCP_SKB_CB(nskb)->end_seq = TCP_SKB_CB(skb)->seq + probe_size;
--- /dev/null
+From stable-bounces@linux.kernel.org Thu Nov 29 04:08:53 2007
+From: Sam Jansen <sjansen@google.com>
+Date: Thu, 29 Nov 2007 23:07:57 +1100
+Subject: TCP: Problem bug with sysctl_tcp_congestion_control function
+To: stable@kernel.org, davem@davemloft.net
+Message-ID: <E1IxiBR-0007sl-00@gondolin.me.apana.org.au>
+
+
+From: Sam Jansen <sjansen@google.com>
+
+[TCP]: Problem bug with sysctl_tcp_congestion_control function
+
+[ Upstream commit: 5487796f0c9475586277a0a7a91211ce5746fa6a ]
+
+sysctl_tcp_congestion_control seems to have a bug that prevents it
+from actually calling the tcp_set_default_congestion_control
+function. This is not so apparent because it does not return an error
+and generally the /proc interface is used to configure the default TCP
+congestion control algorithm. This is present in 2.6.18 onwards and
+probably earlier, though I have not inspected 2.6.15--2.6.17.
+
+sysctl_tcp_congestion_control calls sysctl_string and expects a successful
+return code of 0. In such a case it actually sets the congestion control
+algorithm with tcp_set_default_congestion_control. Otherwise, it returns the
+value returned by sysctl_string. This was correct in 2.6.14, as sysctl_string
+returned 0 on success. However, sysctl_string was updated to return 1 on
+success around about 2.6.15 and sysctl_tcp_congestion_control was not updated.
+Even though sysctl_tcp_congestion_control returns 1, do_sysctl_strategy
+converts this return code to '0', so the caller never notices the error.
+
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv4/sysctl_net_ipv4.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv4/sysctl_net_ipv4.c
++++ b/net/ipv4/sysctl_net_ipv4.c
+@@ -121,7 +121,7 @@ static int sysctl_tcp_congestion_control
+
+ tcp_get_default_congestion_control(val);
+ ret = sysctl_string(&tbl, name, nlen, oldval, oldlenp, newval, newlen);
+- if (ret == 0 && newval && newlen)
++ if (ret == 1 && newval && newlen)
+ ret = tcp_set_default_congestion_control(val);
+ return ret;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
