--- /dev/null
+From stable-bounces@linux.kernel.org Fri Mar 16 18:33:38 2007
+From: Alexey Dobriyan <adobriyan@sw.ru>
+Date: Fri, 16 Mar 2007 18:32:09 -0700 (PDT)
+Subject: Copy over mac_len when cloning an skb
+To: stable@kernel.org
+Cc: bunk@stusta.de
+Message-ID: <20070316.183209.85412524.davem@davemloft.net>
+
+From: Alexey Dobriyan <adobriyan@sw.ru>
+
+[NET]: Copy mac_len in skb_clone() as well
+
+ANK says: "It is rarely used, that's wy it was not noticed.
+But in the places, where it is used, it should be disaster."
+
+Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/core/skbuff.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/core/skbuff.c
++++ b/net/core/skbuff.c
+@@ -464,6 +464,7 @@ struct sk_buff *skb_clone(struct sk_buff
+ memcpy(n->cb, skb->cb, sizeof(skb->cb));
+ C(len);
+ C(data_len);
++ C(mac_len);
+ C(csum);
+ C(local_df);
+ n->cloned = 1;
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Mar 16 18:29:15 2007
+From: Joy Latten <latten@austin.ibm.com>
+Date: Fri, 16 Mar 2007 18:27:51 -0700 (PDT)
+Subject: Fix extraneous IPSEC larval SA creation
+To: stable@kernel.org
+Cc: bunk@stusta.de
+Message-ID: <20070316.182751.71091097.davem@davemloft.net>
+
+From: Joy Latten <latten@austin.ibm.com>
+
+[XFRM]: Fix missing protocol comparison of larval SAs.
+
+I noticed that in xfrm_state_add we look for the larval SA in a few
+places without checking for protocol match. So when using both
+AH and ESP, whichever one gets added first, deletes the larval SA.
+It seems AH always gets added first and ESP is always the larval
+SA's protocol since the xfrm->tmpl has it first. Thus causing the
+additional km_query()
+
+Adding the check eliminates accidental double SA creation.
+
+Signed-off-by: Joy Latten <latten@austin.ibm.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/xfrm/xfrm_state.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/net/xfrm/xfrm_state.c
++++ b/net/xfrm/xfrm_state.c
+@@ -707,7 +707,8 @@ static struct xfrm_state *__find_acq_cor
+ x->props.mode != mode ||
+ x->props.family != family ||
+ x->km.state != XFRM_STATE_ACQ ||
+- x->id.spi != 0)
++ x->id.spi != 0 ||
++ x->id.proto != proto)
+ continue;
+
+ switch (family) {
+@@ -804,7 +805,8 @@ int xfrm_state_add(struct xfrm_state *x)
+
+ if (use_spi && x->km.seq) {
+ x1 = __xfrm_find_acq_byseq(x->km.seq);
+- if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) {
++ if (x1 && ((x1->id.proto != x->id.proto) ||
++ xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
+ xfrm_state_put(x1);
+ x1 = NULL;
+ }
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Mar 16 18:31:35 2007
+From: Robert Olsson <robert.olsson@its.uu.se>
+Date: Fri, 16 Mar 2007 18:30:13 -0700 (PDT)
+Subject: [stable] [PATCH]: Fix GFP_KERNEL with preemption disabled in fib_trie
+To: stable@kernel.org
+Cc: bunk@stusta.de
+Message-ID: <20070316.183013.78709573.davem@davemloft.net>
+
+From: Robert Olsson <robert.olsson@its.uu.se>
+
+[IPV4]: Do not disable preemption in trie_leaf_remove().
+
+Hello, Just discussed this Patrick...
+
+We have two users of trie_leaf_remove, fn_trie_flush and fn_trie_delete
+both are holding RTNL. So there shouldn't be need for this preempt stuff.
+This is assumed to a leftover from an older RCU-take.
+
+> Mhh .. I think I just remembered something - me incorrectly suggesting
+> to add it there while we were talking about this at OLS :) IIRC the
+> idea was to make sure tnode_free (which at that time didn't use
+> call_rcu) wouldn't free memory while still in use in a rcu read-side
+> critical section. It should have been synchronize_rcu of course,
+> but with tnode_free using call_rcu it seems to be completely
+> unnecessary. So I guess we can simply remove it.
+
+Signed-off-by: Robert Olsson <robert.olsson@its.uu.se>
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv4/fib_trie.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/net/ipv4/fib_trie.c
++++ b/net/ipv4/fib_trie.c
+@@ -1528,7 +1528,6 @@ static int trie_leaf_remove(struct trie
+ t->revision++;
+ t->size--;
+
+- preempt_disable();
+ tp = NODE_PARENT(n);
+ tnode_free((struct tnode *) n);
+
+@@ -1538,7 +1537,6 @@ static int trie_leaf_remove(struct trie
+ rcu_assign_pointer(t->trie, trie_rebalance(t, tp));
+ } else
+ rcu_assign_pointer(t->trie, NULL);
+- preempt_enable();
+
+ return 1;
+ }
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Mar 16 18:32:49 2007
+From: Masayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp>
+Date: Fri, 16 Mar 2007 18:31:22 -0700 (PDT)
+Subject: Fix ipv6 flow label inheritance
+To: stable@kernel.org
+Cc: bunk@stusta.de
+Message-ID: <20070316.183122.21595280.davem@davemloft.net>
+
+From: Masayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp>
+
+[IPV6]: ipv6_fl_socklist is inadvertently shared.
+
+The ipv6_fl_socklist from listening socket is inadvertently shared
+with new socket created for connection. This leads to a variety of
+interesting, but fatal, bugs. For example, removing one of the
+sockets may lead to the other socket's encountering a page fault
+when the now freed list is referenced.
+
+The fix is to not share the flow label list with the new socket.
+
+Signed-off-by: Masayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv6/tcp_ipv6.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/ipv6/tcp_ipv6.c
++++ b/net/ipv6/tcp_ipv6.c
+@@ -1453,6 +1453,7 @@ static struct sock * tcp_v6_syn_recv_soc
+ First: no IPv4 options.
+ */
+ newinet->opt = NULL;
++ newnp->ipv6_fl_list = NULL;
+
+ /* Clone RX bits */
+ newnp->rxopt.all = np->rxopt.all;
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Mar 16 18:52:21 2007
+From: David Miller <davem@davemloft.net>
+Date: Fri, 16 Mar 2007 18:51:00 -0700 (PDT)
+Subject: Fix page allocation debugging on sparc64
+To: stable@kernel.org
+Cc: bunk@stusta.de
+Message-ID: <20070316.185100.115910396.davem@davemloft.net>
+
+From: David Miller <davem@davemloft.net>
+
+[SPARC64]: Get DEBUG_PAGEALLOC working again.
+
+We have to make sure to use base-pagesize TLB entries even during the
+early transition period where we need TLB miss handling but don't have
+the kernel page tables setup yet for the linear region.
+
+Also, it is necessary therefore to not use the 4MB TSB for these
+translations, and instead use the normal kernel TSB. This allows us
+to also get rid of the 4MB tsb for debug builds which shrinks the
+kernel a little bit.
+
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/sparc64/kernel/ktlb.S | 8 +++++++-
+ arch/sparc64/mm/init.c | 30 ++++++++++++++++++++++++++++--
+ include/asm-sparc64/tsb.h | 2 ++
+ 3 files changed, 37 insertions(+), 3 deletions(-)
+
+--- a/arch/sparc64/kernel/ktlb.S
++++ b/arch/sparc64/kernel/ktlb.S
+@@ -138,9 +138,15 @@ kvmap_dtlb_4v:
+ brgez,pn %g4, kvmap_dtlb_nonlinear
+ nop
+
++#ifdef CONFIG_DEBUG_PAGEALLOC
++ /* Index through the base page size TSB even for linear
++ * mappings when using page allocation debugging.
++ */
++ KERN_TSB_LOOKUP_TL1(%g4, %g6, %g5, %g1, %g2, %g3, kvmap_dtlb_load)
++#else
+ /* Correct TAG_TARGET is already in %g6, check 4mb TSB. */
+ KERN_TSB4M_LOOKUP_TL1(%g6, %g5, %g1, %g2, %g3, kvmap_dtlb_load)
+-
++#endif
+ /* TSB entry address left in %g1, lookup linear PTE.
+ * Must preserve %g1 and %g6 (TAG).
+ */
+--- a/arch/sparc64/mm/init.c
++++ b/arch/sparc64/mm/init.c
+@@ -59,8 +59,10 @@ unsigned long kern_linear_pte_xor[2] __r
+ */
+ unsigned long kpte_linear_bitmap[KPTE_BITMAP_BYTES / sizeof(unsigned long)];
+
++#ifndef CONFIG_DEBUG_PAGEALLOC
+ /* A special kernel TSB for 4MB and 256MB linear mappings. */
+ struct tsb swapper_4m_tsb[KERNEL_TSB4M_NENTRIES];
++#endif
+
+ #define MAX_BANKS 32
+
+@@ -1301,7 +1303,12 @@ static void __init tsb_phys_patch(void)
+ }
+
+ /* Don't mark as init, we give this to the Hypervisor. */
+-static struct hv_tsb_descr ktsb_descr[2];
++#ifndef CONFIG_DEBUG_PAGEALLOC
++#define NUM_KTSB_DESCR 2
++#else
++#define NUM_KTSB_DESCR 1
++#endif
++static struct hv_tsb_descr ktsb_descr[NUM_KTSB_DESCR];
+ extern struct tsb swapper_tsb[KERNEL_TSB_NENTRIES];
+
+ static void __init sun4v_ktsb_init(void)
+@@ -1340,6 +1347,7 @@ static void __init sun4v_ktsb_init(void)
+ ktsb_descr[0].tsb_base = ktsb_pa;
+ ktsb_descr[0].resv = 0;
+
++#ifndef CONFIG_DEBUG_PAGEALLOC
+ /* Second KTSB for 4MB/256MB mappings. */
+ ktsb_pa = (kern_base +
+ ((unsigned long)&swapper_4m_tsb[0] - KERNBASE));
+@@ -1352,6 +1360,7 @@ static void __init sun4v_ktsb_init(void)
+ ktsb_descr[1].ctx_idx = 0;
+ ktsb_descr[1].tsb_base = ktsb_pa;
+ ktsb_descr[1].resv = 0;
++#endif
+ }
+
+ void __cpuinit sun4v_ktsb_register(void)
+@@ -1364,7 +1373,7 @@ void __cpuinit sun4v_ktsb_register(void)
+ pa = kern_base + ((unsigned long)&ktsb_descr[0] - KERNBASE);
+
+ func = HV_FAST_MMU_TSB_CTX0;
+- arg0 = 2;
++ arg0 = NUM_KTSB_DESCR;
+ arg1 = pa;
+ __asm__ __volatile__("ta %6"
+ : "=&r" (func), "=&r" (arg0), "=&r" (arg1)
+@@ -1393,7 +1402,9 @@ void __init paging_init(void)
+
+ /* Invalidate both kernel TSBs. */
+ memset(swapper_tsb, 0x40, sizeof(swapper_tsb));
++#ifndef CONFIG_DEBUG_PAGEALLOC
+ memset(swapper_4m_tsb, 0x40, sizeof(swapper_4m_tsb));
++#endif
+
+ if (tlb_type == hypervisor)
+ sun4v_pgprot_init();
+@@ -1725,8 +1736,13 @@ static void __init sun4u_pgprot_init(voi
+ pg_iobits = (_PAGE_VALID | _PAGE_PRESENT_4U | __DIRTY_BITS_4U |
+ __ACCESS_BITS_4U | _PAGE_E_4U);
+
++#ifdef CONFIG_DEBUG_PAGEALLOC
++ kern_linear_pte_xor[0] = (_PAGE_VALID | _PAGE_SZBITS_4U) ^
++ 0xfffff80000000000;
++#else
+ kern_linear_pte_xor[0] = (_PAGE_VALID | _PAGE_SZ4MB_4U) ^
+ 0xfffff80000000000;
++#endif
+ kern_linear_pte_xor[0] |= (_PAGE_CP_4U | _PAGE_CV_4U |
+ _PAGE_P_4U | _PAGE_W_4U);
+
+@@ -1769,13 +1785,23 @@ static void __init sun4v_pgprot_init(voi
+ _PAGE_E = _PAGE_E_4V;
+ _PAGE_CACHE = _PAGE_CACHE_4V;
+
++#ifdef CONFIG_DEBUG_PAGEALLOC
++ kern_linear_pte_xor[0] = (_PAGE_VALID | _PAGE_SZBITS_4V) ^
++ 0xfffff80000000000;
++#else
+ kern_linear_pte_xor[0] = (_PAGE_VALID | _PAGE_SZ4MB_4V) ^
+ 0xfffff80000000000;
++#endif
+ kern_linear_pte_xor[0] |= (_PAGE_CP_4V | _PAGE_CV_4V |
+ _PAGE_P_4V | _PAGE_W_4V);
+
++#ifdef CONFIG_DEBUG_PAGEALLOC
++ kern_linear_pte_xor[1] = (_PAGE_VALID | _PAGE_SZBITS_4V) ^
++ 0xfffff80000000000;
++#else
+ kern_linear_pte_xor[1] = (_PAGE_VALID | _PAGE_SZ256MB_4V) ^
+ 0xfffff80000000000;
++#endif
+ kern_linear_pte_xor[1] |= (_PAGE_CP_4V | _PAGE_CV_4V |
+ _PAGE_P_4V | _PAGE_W_4V);
+
+--- a/include/asm-sparc64/tsb.h
++++ b/include/asm-sparc64/tsb.h
+@@ -264,6 +264,7 @@ extern struct tsb_phys_patch_entry __tsb
+ be,a,pt %xcc, OK_LABEL; \
+ mov REG4, REG1;
+
++#ifndef CONFIG_DEBUG_PAGEALLOC
+ /* This version uses a trick, the TAG is already (VADDR >> 22) so
+ * we can make use of that for the index computation.
+ */
+@@ -277,5 +278,6 @@ extern struct tsb_phys_patch_entry __tsb
+ cmp REG3, TAG; \
+ be,a,pt %xcc, OK_LABEL; \
+ mov REG4, REG1;
++#endif
+
+ #endif /* !(_SPARC64_TSB_H) */
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Mar 16 18:50:32 2007
+From: David Miller <davem@davemloft.net>
+Date: Fri, 16 Mar 2007 18:49:06 -0700 (PDT)
+Subject: Fix sparc64 hugepage bugs
+To: stable@kernel.org
+Cc: bunk@stusta.de
+Message-ID: <20070316.184906.39158526.davem@davemloft.net>
+
+From: David Miller <davem@davemloft.net>
+
+[SPARC64]: Add missing HPAGE_MASK masks on address parameters.
+
+These pte loops all assume the passed in address is HPAGE
+aligned, make sure that is actually true.
+
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/sparc64/mm/hugetlbpage.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/arch/sparc64/mm/hugetlbpage.c
++++ b/arch/sparc64/mm/hugetlbpage.c
+@@ -248,6 +248,7 @@ void set_huge_pte_at(struct mm_struct *m
+ if (!pte_present(*ptep) && pte_present(entry))
+ mm->context.huge_pte_count++;
+
++ addr &= HPAGE_MASK;
+ for (i = 0; i < (1 << HUGETLB_PAGE_ORDER); i++) {
+ set_pte_at(mm, addr, ptep, entry);
+ ptep++;
+@@ -266,6 +267,8 @@ pte_t huge_ptep_get_and_clear(struct mm_
+ if (pte_present(entry))
+ mm->context.huge_pte_count--;
+
++ addr &= HPAGE_MASK;
++
+ for (i = 0; i < (1 << HUGETLB_PAGE_ORDER); i++) {
+ pte_clear(mm, addr, ptep);
+ addr += PAGE_SIZE;
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Mar 16 19:06:12 2007
+From: Samuel Ortiz <samuel@sortiz.org>
+Date: Sat, 17 Mar 2007 04:04:27 +0200
+Subject: IrDA: irttp_dup spin_lock initialisation
+To: "David S. Miller" <davem@davemloft.net>
+Cc: netdev@vger.kernel.org, Guennadi Liakhovetski <gl@dsa-ac.de>, stable@kernel.org, irda-users@lists.sourceforge.net
+Message-ID: <20070317020427.GF3429@sortiz.org>
+Content-Disposition: inline
+
+From: Samuel Ortiz <samuel@sortiz.org>
+
+Without this initialization one gets
+
+kernel BUG at kernel/rtmutex_common.h:80!
+
+This patch should also be included in the -stable kernel.
+
+Signed-off-by: G. Liakhovetski <gl@dsa-ac.de>
+Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
+Cc: David Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/irda/irttp.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/irda/irttp.c
++++ b/net/irda/irttp.c
+@@ -1455,6 +1455,7 @@ struct tsap_cb *irttp_dup(struct tsap_cb
+
+ /* Not everything should be copied */
+ new->notify.instance = instance;
++ spin_lock_init(&new->lock);
+ init_timer(&new->todo_timer);
+
+ skb_queue_head_init(&new->rx_queue);
fix-mtime_sec_max-on-32-bit.patch
fix-read-past-end-of-array-in-md-linear.c.patch
r8169-fix-a-race-between-pci-probe-and-dev_open.patch
+fix-extraneous-ipsec-larval-sa-creation.patch
+fix-gfp_kernel-with-preemption-disabled-in-fib_trie.patch
+fix-ipv6-flow-label-inheritance.patch
+copy-over-mac_len-when-cloning-an-skb.patch
+fix-sparc64-hugepage-bugs.patch
+fix-page-allocation-debugging-on-sparc64.patch
+irda-irttp_dup-spin_lock-initialisation.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
