--- /dev/null
+From stable-bounces@linux.kernel.org Fri Sep 14 07:28:34 2007
+From: Neil Brown <neilb@suse.de>
+Date: Fri, 14 Sep 2007 10:28:08 -0400
+Subject: Correctly close old nfsd/lockd sockets.
+To: Linus Torvalds <torvalds@linux-foundation.org>, stable@kernel.org
+Cc: Neil Brown <neilb@suse.de>, nfs@lists.sourceforge.net, linux-kernel@vger.kernel.org, trond.myklebust@fys.uio.no
+Message-ID: <20070914142808.GD20606@fieldses.org>
+Content-Disposition: inline
+
+From: Neil Brown <neilb@suse.de>
+
+commit 7a1fa065a0264f6b3d3003ba5635289f6583c478 in mainline.
+
+Commit aaf68cfbf2241d24d46583423f6bff5c47e088b3 added a bias
+to sk_inuse, so this test for an unused socket now fails. So no
+sockets get closed because they are old (they might get closed
+if the client closed them).
+
+This bug has existed since 2.6.21-rc1.
+
+Thanks to Wolfgang Walter for finding and reporting the bug.
+
+Cc: Wolfgang Walter <wolfgang.walter@studentenwerk.mhn.de>
+Signed-off-by: Neil Brown <neilb@suse.de>
+Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/sunrpc/svcsock.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/sunrpc/svcsock.c
++++ b/net/sunrpc/svcsock.c
+@@ -1573,7 +1573,8 @@ svc_age_temp_sockets(unsigned long closu
+
+ if (!test_and_set_bit(SK_OLD, &svsk->sk_flags))
+ continue;
+- if (atomic_read(&svsk->sk_inuse) || test_bit(SK_BUSY, &svsk->sk_flags))
++ if (atomic_read(&svsk->sk_inuse) > 1
++ || test_bit(SK_BUSY, &svsk->sk_flags))
+ continue;
+ atomic_inc(&svsk->sk_inuse);
+ list_move(le, &to_be_aged);
--- /dev/null
+From stable-bounces@linux.kernel.org Mon Sep 10 19:36:16 2007
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Tue, 11 Sep 2007 10:31:59 +0800
+Subject: crypto: blkcipher_get_spot() handling of buffer at end of page
+To: Bob Gilligan <gilligan@vyatta.com>
+Cc: stable@kernel.org
+Message-ID: <20070911023159.GA2279@gondor.apana.org.au>
+Content-Disposition: inline
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+This corresponds to upstream changesets
+e4630f9fd8cdc14eb1caa08dafe649eb5ae09985 and
+32528d0fbda1093eeeaa7d0a2c498bbb5154099d.
+
+[CRYPTO] blkcipher: Fix handling of kmalloc page straddling
+
+The function blkcipher_get_spot tries to return a buffer of
+the specified length that does not straddle a page. It has
+an off-by-one bug so it may advance a page unnecessarily.
+
+What's worse, one of its callers doesn't provide a buffer
+that's sufficiently long for this operation.
+
+This patch fixes both problems. Thanks to Bob Gilligan for
+diagnosing this problem and providing a fix.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ crypto/blkcipher.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+--- a/crypto/blkcipher.c
++++ b/crypto/blkcipher.c
+@@ -59,11 +59,13 @@ static inline void blkcipher_unmap_dst(s
+ scatterwalk_unmap(walk->dst.virt.addr, 1);
+ }
+
++/* Get a spot of the specified length that does not straddle a page.
++ * The caller needs to ensure that there is enough space for this operation.
++ */
+ static inline u8 *blkcipher_get_spot(u8 *start, unsigned int len)
+ {
+- if (offset_in_page(start + len) < len)
+- return (u8 *)((unsigned long)(start + len) & PAGE_MASK);
+- return start;
++ u8 *end_page = (u8 *)(((unsigned long)(start + len - 1)) & PAGE_MASK);
++ return start > end_page ? start : end_page;
+ }
+
+ static inline unsigned int blkcipher_done_slow(struct crypto_blkcipher *tfm,
+@@ -155,7 +157,8 @@ static inline int blkcipher_next_slow(st
+ if (walk->buffer)
+ goto ok;
+
+- n = bsize * 2 + (alignmask & ~(crypto_tfm_ctx_alignment() - 1));
++ n = bsize * 3 - (alignmask + 1) +
++ (alignmask & ~(crypto_tfm_ctx_alignment() - 1));
+ walk->buffer = kmalloc(n, GFP_ATOMIC);
+ if (!walk->buffer)
+ return blkcipher_walk_done(desc, walk, -ENOMEM);
--- /dev/null
+From stable-bounces@linux.kernel.org Tue Sep 18 22:52:11 2007
+From: Eric Sandeen <sandeen@redhat.com>
+Date: Tue, 18 Sep 2007 22:46:38 -0700
+Subject: dir_index: error out instead of BUG on corrupt dx dirs
+To: torvalds@linux-foundation.org
+Cc: sandeen@redhat.com, akpm@linux-foundation.org, tytso@mit.edu, duaneg@dghda.com, stable@kernel.org
+Message-ID: <200709190546.l8J5kcLm009336@imap1.linux-foundation.org>
+
+
+From: Eric Sandeen <sandeen@redhat.com>
+
+commit 3d82abae9523c33d4a16fdfdfd2bdde316d7b56a in mainline.
+
+Convert asserts (BUGs) in dx_probe from bad on-disk data to recoverable
+errors with helpful warnings. With help catching other asserts from Duane
+Griffin <duaneg@dghda.com>
+
+Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+Acked-by: Duane Griffin <duaneg@dghda.com>
+Acked-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/ext3/namei.c | 34 ++++++++++++++++++++++++++++++----
+ fs/ext4/namei.c | 34 ++++++++++++++++++++++++++++++----
+ 2 files changed, 60 insertions(+), 8 deletions(-)
+
+--- a/fs/ext3/namei.c
++++ b/fs/ext3/namei.c
+@@ -380,13 +380,28 @@ dx_probe(struct dentry *dentry, struct i
+
+ entries = (struct dx_entry *) (((char *)&root->info) +
+ root->info.info_length);
+- assert(dx_get_limit(entries) == dx_root_limit(dir,
+- root->info.info_length));
++
++ if (dx_get_limit(entries) != dx_root_limit(dir,
++ root->info.info_length)) {
++ ext3_warning(dir->i_sb, __FUNCTION__,
++ "dx entry: limit != root limit");
++ brelse(bh);
++ *err = ERR_BAD_DX_DIR;
++ goto fail;
++ }
++
+ dxtrace (printk("Look up %x", hash));
+ while (1)
+ {
+ count = dx_get_count(entries);
+- assert (count && count <= dx_get_limit(entries));
++ if (!count || count > dx_get_limit(entries)) {
++ ext3_warning(dir->i_sb, __FUNCTION__,
++ "dx entry: no count or count > limit");
++ brelse(bh);
++ *err = ERR_BAD_DX_DIR;
++ goto fail2;
++ }
++
+ p = entries + 1;
+ q = entries + count - 1;
+ while (p <= q)
+@@ -424,8 +439,15 @@ dx_probe(struct dentry *dentry, struct i
+ if (!(bh = ext3_bread (NULL,dir, dx_get_block(at), 0, err)))
+ goto fail2;
+ at = entries = ((struct dx_node *) bh->b_data)->entries;
+- assert (dx_get_limit(entries) == dx_node_limit (dir));
++ if (dx_get_limit(entries) != dx_node_limit (dir)) {
++ ext3_warning(dir->i_sb, __FUNCTION__,
++ "dx entry: limit != node limit");
++ brelse(bh);
++ *err = ERR_BAD_DX_DIR;
++ goto fail2;
++ }
+ frame++;
++ frame->bh = NULL;
+ }
+ fail2:
+ while (frame >= frame_in) {
+@@ -433,6 +455,10 @@ fail2:
+ frame--;
+ }
+ fail:
++ if (*err == ERR_BAD_DX_DIR)
++ ext3_warning(dir->i_sb, __FUNCTION__,
++ "Corrupt dir inode %ld, running e2fsck is "
++ "recommended.", dir->i_ino);
+ return NULL;
+ }
+
+--- a/fs/ext4/namei.c
++++ b/fs/ext4/namei.c
+@@ -380,13 +380,28 @@ dx_probe(struct dentry *dentry, struct i
+
+ entries = (struct dx_entry *) (((char *)&root->info) +
+ root->info.info_length);
+- assert(dx_get_limit(entries) == dx_root_limit(dir,
+- root->info.info_length));
++
++ if (dx_get_limit(entries) != dx_root_limit(dir,
++ root->info.info_length)) {
++ ext4_warning(dir->i_sb, __FUNCTION__,
++ "dx entry: limit != root limit");
++ brelse(bh);
++ *err = ERR_BAD_DX_DIR;
++ goto fail;
++ }
++
+ dxtrace (printk("Look up %x", hash));
+ while (1)
+ {
+ count = dx_get_count(entries);
+- assert (count && count <= dx_get_limit(entries));
++ if (!count || count > dx_get_limit(entries)) {
++ ext4_warning(dir->i_sb, __FUNCTION__,
++ "dx entry: no count or count > limit");
++ brelse(bh);
++ *err = ERR_BAD_DX_DIR;
++ goto fail2;
++ }
++
+ p = entries + 1;
+ q = entries + count - 1;
+ while (p <= q)
+@@ -424,8 +439,15 @@ dx_probe(struct dentry *dentry, struct i
+ if (!(bh = ext4_bread (NULL,dir, dx_get_block(at), 0, err)))
+ goto fail2;
+ at = entries = ((struct dx_node *) bh->b_data)->entries;
+- assert (dx_get_limit(entries) == dx_node_limit (dir));
++ if (dx_get_limit(entries) != dx_node_limit (dir)) {
++ ext4_warning(dir->i_sb, __FUNCTION__,
++ "dx entry: limit != node limit");
++ brelse(bh);
++ *err = ERR_BAD_DX_DIR;
++ goto fail2;
++ }
+ frame++;
++ frame->bh = NULL;
+ }
+ fail2:
+ while (frame >= frame_in) {
+@@ -433,6 +455,10 @@ fail2:
+ frame--;
+ }
+ fail:
++ if (*err == ERR_BAD_DX_DIR)
++ ext4_warning(dir->i_sb, __FUNCTION__,
++ "Corrupt dir inode %ld, running e2fsck is "
++ "recommended.", dir->i_ino);
+ return NULL;
+ }
+
--- /dev/null
+From stable-bounces@linux.kernel.org Thu Sep 20 15:20:07 2007
+From: Patrick McHardy <kaber@trash.net>
+Date: Thu, 20 Sep 2007 12:32:09 -0700 (PDT)
+Subject: Fix decnet device address listing.
+To: stable@kernel.org
+Cc: bunk@kernel.org
+Message-ID: <20070920.123209.56054625.davem@davemloft.net>
+
+
+From: Patrick McHardy <kaber@trash.net>
+
+commit a2221f308dabb95abb914ad858d36c2462705558 in mainline.
+
+Not all are listed, same as the IPV4 devinet bug.
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/decnet/dn_dev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/decnet/dn_dev.c
++++ b/net/decnet/dn_dev.c
+@@ -815,7 +815,7 @@ static int dn_nl_dump_ifaddr(struct sk_b
+ for (ifa = dn_db->ifa_list, dn_idx = 0; ifa;
+ ifa = ifa->ifa_next, dn_idx++) {
+ if (dn_idx < skip_naddr)
+- goto cont;
++ continue;
+
+ if (dn_nl_fill_ifaddr(skb, ifa, NETLINK_CB(cb->skb).pid,
+ cb->nlh->nlmsg_seq, RTM_NEWADDR,
--- /dev/null
+From stable-bounces@linux.kernel.org Thu Sep 20 15:20:29 2007
+From: Stephen Hemminger <shemminger@linux-foundation.org>
+Date: Thu, 20 Sep 2007 12:31:22 -0700 (PDT)
+Subject: Fix device address listing for ipv4.
+To: stable@kernel.org
+Cc: bunk@kernel.org
+Message-ID: <20070920.123122.32722737.davem@davemloft.net>
+
+
+From: Stephen Hemminger <shemminger@linux-foundation.org>
+
+commit 596e41509550447b030f7b16adaeb0138ab585a8 in mainline
+
+Bug: http://bugzilla.kernel.org/show_bug.cgi?id=8876
+
+Not all ips are shown by "ip addr show" command when IPs number assigned to an
+interface is more than 60-80 (in fact it depends on broadcast/label etc
+presence on each address).
+
+Steps to reproduce:
+It's terribly simple to reproduce:
+
+# for i in $(seq 1 100); do ip ad add 10.0.$i.1/24 dev eth10 ; done
+# ip addr show
+
+this will _not_ show all IPs.
+Looks like the problem is in netlink/ipv4 message processing.
+
+This is fix from bug submitter, it looks correct.
+
+Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv4/devinet.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv4/devinet.c
++++ b/net/ipv4/devinet.c
+@@ -1194,7 +1194,7 @@ static int inet_dump_ifaddr(struct sk_bu
+ for (ifa = in_dev->ifa_list, ip_idx = 0; ifa;
+ ifa = ifa->ifa_next, ip_idx++) {
+ if (ip_idx < s_ip_idx)
+- goto cont;
++ continue;
+ if (inet_fill_ifaddr(skb, ifa, NETLINK_CB(cb->skb).pid,
+ cb->nlh->nlmsg_seq,
+ RTM_NEWADDR, NLM_F_MULTI) <= 0)
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Sep 14 00:58:45 2007
+From: Jens Axboe <jens.axboe@oracle.com>
+Date: Fri, 14 Sep 2007 09:57:54 +0200
+Subject: Fix race with shared tag queue maps
+To: stable@kernel.org
+Message-ID: <20070914075754.GX25592@kernel.dk>
+Content-Disposition: inline
+
+From: Jens Axboe <jens.axboe@oracle.com>
+
+The commit in Linus upstream git tree is
+f3da54ba140c6427fa4a32913e1bf406f41b5dda.
+
+Fix race with shared tag queue maps
+
+There's a race condition in blk_queue_end_tag() for shared tag maps,
+users include stex (promise supertrak thingy) and qla2xxx. The former
+at least has reported bugs in this area, not sure why we haven't seen
+any for the latter. It could be because the window is narrow and that
+other conditions in the qla2xxx code hide this. It's a real bug,
+though, as the stex smp users can attest.
+
+We need to ensure two things - the tag bit clearing needs to happen
+AFTER we cleared the tag pointer, as the tag bit clearing/setting is
+what protects this map. Secondly, we need to ensure that the visibility
+of the tag pointer and tag bit clear are ordered properly.
+
+[ I removed the SMP barriers - "test_and_clear_bit()" already implies
+ all the required barriers. -- Linus ]
+
+Also see http://bugzilla.kernel.org/show_bug.cgi?id=7842
+
+Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ block/ll_rw_blk.c | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+--- a/block/ll_rw_blk.c
++++ b/block/ll_rw_blk.c
+@@ -1081,12 +1081,6 @@ void blk_queue_end_tag(request_queue_t *
+ */
+ return;
+
+- if (unlikely(!__test_and_clear_bit(tag, bqt->tag_map))) {
+- printk(KERN_ERR "%s: attempt to clear non-busy tag (%d)\n",
+- __FUNCTION__, tag);
+- return;
+- }
+-
+ list_del_init(&rq->queuelist);
+ rq->cmd_flags &= ~REQ_QUEUED;
+ rq->tag = -1;
+@@ -1096,6 +1090,13 @@ void blk_queue_end_tag(request_queue_t *
+ __FUNCTION__, tag);
+
+ bqt->tag_index[tag] = NULL;
++
++ if (unlikely(!test_and_clear_bit(tag, bqt->tag_map))) {
++ printk(KERN_ERR "%s: attempt to clear non-busy tag (%d)\n",
++ __FUNCTION__, tag);
++ return;
++ }
++
+ bqt->busy--;
+ }
+
--- /dev/null
+From ba685fb2abd71162bea6895a99449c1071b01402 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Thu, 23 Aug 2007 21:35:41 +0200
+Subject: [PATCH] fix realtek phy id in forcedeth
+
+From: Willy Tarreau <w@1wt.eu>
+
+commit ba685fb2abd71162bea6895a99449c1071b01402 in mainline.
+
+As noticed by Chuck Ebbert, commit c5e3ae8823693b260ce1f217adca8add1bc0b3de
+introduced a copy-paste typo, as realtek phy is 0x732 and not 0x1c1. Obvious
+fix below suggested by Ayaz Abdulla.
+
+Signed-off-by: Willy Tarreau <w@1wt.eu>
+Cc: Ayaz Abdulla <aabdulla@nvidia.com>
+Cc: Chuck Ebbert <cebbert@redhat.com>
+Signed-off-by: Jeff Garzik <jeff@garzik.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/forcedeth.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/forcedeth.c
++++ b/drivers/net/forcedeth.c
+@@ -551,7 +551,7 @@ union ring_type {
+ #define PHY_OUI_MARVELL 0x5043
+ #define PHY_OUI_CICADA 0x03f1
+ #define PHY_OUI_VITESSE 0x01c1
+-#define PHY_OUI_REALTEK 0x01c1
++#define PHY_OUI_REALTEK 0x0732
+ #define PHYID1_OUI_MASK 0x03ff
+ #define PHYID1_OUI_SHFT 6
+ #define PHYID2_OUI_MASK 0xfc00
--- /dev/null
+From stable-bounces@linux.kernel.org Thu Sep 20 23:11:41 2007
+From: Stefan Richter <stefanr@s5r6.in-berlin.de>
+Date: Fri, 21 Sep 2007 08:11:08 +0200 (CEST)
+Subject: ieee1394: ohci1394: fix initialization if built non-modular
+To: stable@kernel.org
+Cc: Willy Tarreau <w@1wt.eu>, linux-kernel@vger.kernel.org
+Message-ID: <tkrat.e46434c80b622f2b@s5r6.in-berlin.de>
+Content-Disposition: INLINE
+
+From: Stefan Richter <stefanr@s5r6.in-berlin.de>
+
+Initialization of ohci1394 was broken according to one reporter if the
+driver was statically linked, i.e. not built as loadable module. Dmesg:
+
+ PCI: Device 0000:02:07.0 not available because of resource collisions
+ ohci1394: Failed to enable OHCI hardware.
+
+This was reported for a Toshiba Satellite 5100-503. The cause is commit
+8df4083c5291b3647e0381d3c69ab2196f5dd3b7 in Linux 2.6.19-rc1 which only
+served purposes of early remote debugging via FireWire. This
+functionality is better provided by the currently out-of-tree driver
+ohci1394_earlyinit. Reversal of the commit was OK'd by Andi Kleen.
+
+Same as pre-2.6.23 commit be7963b7e7f08a149e247c0bf29a4abd174e0929.
+
+Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/ieee1394/ieee1394_core.c | 2 +-
+ drivers/ieee1394/ohci1394.c | 4 +---
+ 2 files changed, 2 insertions(+), 4 deletions(-)
+
+--- a/drivers/ieee1394/ieee1394_core.c
++++ b/drivers/ieee1394/ieee1394_core.c
+@@ -1279,7 +1279,7 @@ static void __exit ieee1394_cleanup(void
+ unregister_chrdev_region(IEEE1394_CORE_DEV, 256);
+ }
+
+-fs_initcall(ieee1394_init); /* same as ohci1394 */
++module_init(ieee1394_init);
+ module_exit(ieee1394_cleanup);
+
+ /* Exported symbols */
+--- a/drivers/ieee1394/ohci1394.c
++++ b/drivers/ieee1394/ohci1394.c
+@@ -3773,7 +3773,5 @@ static int __init ohci1394_init(void)
+ return pci_register_driver(&ohci1394_pci_driver);
+ }
+
+-/* Register before most other device drivers.
+- * Useful for remote debugging via physical DMA, e.g. using firescope. */
+-fs_initcall(ohci1394_init);
++module_init(ohci1394_init);
+ module_exit(ohci1394_cleanup);
leases-can-be-hidden-by-flocks.patch
ext34-ensure-do_split-leaves-enough-free-space-in-both-blocks.patch
nfs-fix-oops-re-sysctls-and-v4-support.patch
+dir_index-error-out-instead-of-bug-on-corrupt-dx-dirs.patch
+ieee1394-ohci1394-fix-initialization-if-built-non-modular.patch
+correctly-close-old-nfsd-lockd-sockets.patch
+fix-race-with-shared-tag-queue-maps.patch
+crypto-blkcipher_get_spot-handling-of-buffer-at-end-of-page.patch
+fix-realtek-phy-id-in-forcedeth.patch
+fix-decnet-device-address-listing.patch
+fix-device-address-listing-for-ipv4.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
