--- /dev/null
+From stable-bounces@linux.kernel.org Tue Dec 5 07:16:43 2006
+Message-ID: <45758C16.5010905@redhat.com>
+Date: Tue, 05 Dec 2006 16:11:18 +0100
+From: Milan Broz <mbroz@redhat.com>
+To: stable@kernel.org
+Cc: device-mapper development <dm-devel@redhat.com>, Alasdair G Kergon <agk@redhat.com>
+Subject: dm snapshot: fix freeing pending exception
+
+Fix oops when removing full snapshot
+kernel bugzilla bug 7040
+
+If a snapshot became invalid (full) while there is outstanding
+pending_exception, pending_complete() forgets to remove
+the corresponding exception from its exception table before freeing it.
+
+Already fixed in 2.6.19.
+
+Signed-off-by: Milan Broz <mbroz@redhat.com>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+ drivers/md/dm-snap.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- linux-2.6.18.5.orig/drivers/md/dm-snap.c
++++ linux-2.6.18.5/drivers/md/dm-snap.c
+@@ -691,6 +691,7 @@ static void pending_complete(struct pend
+
+ free_exception(e);
+
++ remove_exception(&pe->e);
+ error_snapshot_bios(pe);
+ goto out;
+ }
netfilter-ip_tables-revision-support-for-compat-code.patch
pkt_sched-act_gact-division-by-zero.patch
sunhme-fix-for-sunhme-failures-on-x86.patch
+xfrm-use-output-device-disable_xfrm-for-forwarded-packets.patch
+dm-snapshot-fix-freeing-pending-exception.patch
--- /dev/null
+From stable-bounces@linux.kernel.org Mon Dec 4 20:06:40 2006
+Date: Mon, 04 Dec 2006 20:01:31 -0800 (PST)
+Message-Id: <20061204.200131.36665929.davem@davemloft.net>
+To: stable@kernel.org
+From: David Miller <davem@davemloft.net>
+Cc: bunk@stusta.de
+Subject: XFRM: Use output device disable_xfrm for forwarded packets
+
+Currently the behaviour of disable_xfrm is inconsistent between
+locally generated and forwarded packets. For locally generated
+packets disable_xfrm disables the policy lookup if it is set on
+the output device, for forwarded traffic however it looks at the
+input device. This makes it impossible to disable xfrm on all
+devices but a dummy device and use normal routing to direct
+traffic to that device.
+
+Always use the output device when checking disable_xfrm.
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+commit 9be2b4e36fb04bbc968693ef95a75acc17cf2931
+Author: Patrick McHardy <kaber@trash.net>
+Date: Mon Dec 4 19:59:00 2006 -0800
+
+ net/ipv4/route.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- linux-2.6.18.5.orig/net/ipv4/route.c
++++ linux-2.6.18.5/net/ipv4/route.c
+@@ -1775,7 +1775,7 @@ static inline int __mkroute_input(struct
+ #endif
+ if (in_dev->cnf.no_policy)
+ rth->u.dst.flags |= DST_NOPOLICY;
+- if (in_dev->cnf.no_xfrm)
++ if (out_dev->cnf.no_xfrm)
+ rth->u.dst.flags |= DST_NOXFRM;
+ rth->fl.fl4_dst = daddr;
+ rth->rt_dst = daddr;
softmac-fix-unbalanced-mutex_lock-unlock-in-ieee80211softmac_wx_set_mlme.patch
ib-ucm-fix-deadlock-in-cleanup.patch
do_coredump-and-not-stopping-rewrite-attacks.patch
+tokenring-remote-memory-corruptor-in-ibmtr.c.patch
+xfrm-use-output-device-disable_xfrm-for-forwarded-packets.patch
--- /dev/null
+From stable-bounces@linux.kernel.org Mon Dec 4 20:02:22 2006
+Date: Mon, 04 Dec 2006 19:57:11 -0800 (PST)
+Message-Id: <20061204.195711.45741021.davem@davemloft.net>
+To: stable@kernel.org
+From: David Miller <davem@davemloft.net>
+Subject: TOKENRING: Remote memory corruptor in ibmtr.c
+
+ip_summed changes last summer had missed that one. As the result,
+we have ip_summed interpreted as CHECKSUM_PARTIAL now. IOW,
+->csum is interpreted as offset of checksum in the packet. net/core/*
+will both read and modify the value as that offset, with obvious
+reasons. At the very least it's a remote memory corruptor.
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+commit b1875feda8c1735915e12d953acba85d96129f6a
+Author: Al Viro <viro@zeniv.linux.org.uk>
+Date: Mon Dec 4 19:37:42 2006 -0800
+
+ drivers/net/tokenring/ibmtr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- linux-2.6.19.orig/drivers/net/tokenring/ibmtr.c
++++ linux-2.6.19/drivers/net/tokenring/ibmtr.c
+@@ -1826,7 +1826,7 @@ static void tr_rx(struct net_device *dev
+ skb->protocol = tr_type_trans(skb, dev);
+ if (IPv4_p) {
+ skb->csum = chksum;
+- skb->ip_summed = 1;
++ skb->ip_summed = CHECKSUM_COMPLETE;
+ }
+ netif_rx(skb);
+ dev->last_rx = jiffies;
--- /dev/null
+From stable-bounces@linux.kernel.org Mon Dec 4 20:06:40 2006
+Date: Mon, 04 Dec 2006 20:01:31 -0800 (PST)
+Message-Id: <20061204.200131.36665929.davem@davemloft.net>
+To: stable@kernel.org
+From: David Miller <davem@davemloft.net>
+Cc: bunk@stusta.de
+Subject: XFRM: Use output device disable_xfrm for forwarded packets
+
+From: Patrick McHardy <kaber@trash.net>
+
+Currently the behaviour of disable_xfrm is inconsistent between
+locally generated and forwarded packets. For locally generated
+packets disable_xfrm disables the policy lookup if it is set on
+the output device, for forwarded traffic however it looks at the
+input device. This makes it impossible to disable xfrm on all
+devices but a dummy device and use normal routing to direct
+traffic to that device.
+
+Always use the output device when checking disable_xfrm.
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+---
+commit 9be2b4e36fb04bbc968693ef95a75acc17cf2931
+Author: Patrick McHardy <kaber@trash.net>
+Date: Mon Dec 4 19:59:00 2006 -0800
+
+ net/ipv4/route.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- linux-2.6.19.orig/net/ipv4/route.c
++++ linux-2.6.19/net/ipv4/route.c
+@@ -1784,7 +1784,7 @@ static inline int __mkroute_input(struct
+ #endif
+ if (in_dev->cnf.no_policy)
+ rth->u.dst.flags |= DST_NOPOLICY;
+- if (in_dev->cnf.no_xfrm)
++ if (out_dev->cnf.no_xfrm)
+ rth->u.dst.flags |= DST_NOXFRM;
+ rth->fl.fl4_dst = daddr;
+ rth->rt_dst = daddr;
projects / thirdparty / kernel / stable-queue.git / commitdiff
