--- /dev/null
+From stable-bounces@linux.kernel.org Wed Oct 11 04:24:26 2006
+Date: Wed, 11 Oct 2006 13:23:48 +0200
+From: Vasily Tarasov <vtaras@openvz.org>
+To: stable@kernel.org
+Message-ID: <20061011112348.GQ6515@kernel.dk>
+Content-Disposition: inline
+Subject: block layer: elv_iosched_show should get elv_list_lock
+
+From: Vasily Tarasov <vtaras@openvz.org>
+
+elv_iosched_show function iterates other elv_list,
+hence elv_list_lock should be got.
+
+Also the question is: in elv_iosched_show, elv_iosched_store
+q->elevator->elevator_type construction is used without locking q->queue_lock.
+Is it expected?..
+
+Signed-off-by: Vasily Tarasov <vtaras@openvz.org>
+Cc: Jens Axboe <jens.axboe@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ block/elevator.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- linux-2.6.18.orig/block/elevator.c
++++ linux-2.6.18/block/elevator.c
+@@ -892,7 +892,7 @@ ssize_t elv_iosched_show(request_queue_t
+ struct list_head *entry;
+ int len = 0;
+
+- spin_lock_irq(q->queue_lock);
++ spin_lock_irq(&elv_list_lock);
+ list_for_each(entry, &elv_list) {
+ struct elevator_type *__e;
+
+@@ -902,7 +902,7 @@ ssize_t elv_iosched_show(request_queue_t
+ else
+ len += sprintf(name+len, "%s ", __e->elevator_name);
+ }
+- spin_unlock_irq(q->queue_lock);
++ spin_unlock_irq(&elv_list_lock);
+
+ len += sprintf(len+name, "\n");
+ return len;
--- /dev/null
+From stable-bounces@linux.kernel.org Wed Oct 11 01:54:01 2006
+Date: Wed, 11 Oct 2006 01:53:26 -0700 (PDT)
+Message-Id: <20061011.015326.25157718.davem@davemloft.net>
+To: stable@kernel.org
+From: Patrick McHardy <kaber@trash.net>
+Subject: NETFILTER: NAT: fix NOTRACK checksum handling
+
+From: Patrick McHardy <kaber@trash.net>
+
+The whole idea with the NOTRACK netfilter target is that
+you can force the netfilter code to avoid connection
+tracking, and all costs assosciated with it, by making
+traffic match a NOTRACK rule.
+
+But this is totally broken by the fact that we do a checksum
+calculation over the packet before we do the NOTRACK bypass
+check, which is very expensive. People setup NOTRACK rules
+explicitly to avoid all of these kinds of costs.
+
+This patch from Patrick, already in Linus's tree, fixes the
+bug.
+
+Move the check for ip_conntrack_untracked before the call to
+skb_checksum_help to fix NOTRACK excemptions from NAT. Pre-2.6.19
+NAT code breaks TSO by invalidating hardware checksums for every
+packet, even if explicitly excluded from NAT through NOTRACK.
+
+2.6.19 includes a fix that makes NAT and TSO live in harmony,
+but the performance degradation caused by this deserves making
+at least the workaround work properly in -stable.
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv4/netfilter/ip_nat_standalone.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+--- linux-2.6.18.orig/net/ipv4/netfilter/ip_nat_standalone.c
++++ linux-2.6.18/net/ipv4/netfilter/ip_nat_standalone.c
+@@ -110,12 +110,17 @@ ip_nat_fn(unsigned int hooknum,
+ IP_NF_ASSERT(!((*pskb)->nh.iph->frag_off
+ & htons(IP_MF|IP_OFFSET)));
+
++ ct = ip_conntrack_get(*pskb, &ctinfo);
++
++ /* Don't try to NAT if this packet is not conntracked */
++ if (ct == &ip_conntrack_untracked)
++ return NF_ACCEPT;
++
+ /* If we had a hardware checksum before, it's now invalid */
+ if ((*pskb)->ip_summed == CHECKSUM_HW)
+ if (skb_checksum_help(*pskb, (out == NULL)))
+ return NF_DROP;
+
+- ct = ip_conntrack_get(*pskb, &ctinfo);
+ /* Can't track? It's not due to stress, or conntrack would
+ have dropped it. Hence it's the user's responsibilty to
+ packet filter it out, or implement conntrack/NAT for that
+@@ -137,10 +142,6 @@ ip_nat_fn(unsigned int hooknum,
+ return NF_ACCEPT;
+ }
+
+- /* Don't try to NAT if this packet is not conntracked */
+- if (ct == &ip_conntrack_untracked)
+- return NF_ACCEPT;
+-
+ switch (ctinfo) {
+ case IP_CT_RELATED:
+ case IP_CT_RELATED+IP_CT_IS_REPLY:
projects / thirdparty / kernel / stable-queue.git / commitdiff
