From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Wed, 11 Oct 2006 20:42:25 +0000 (-0700)
Subject: two more stable patches for .18
X-Git-Tag: v2.6.17.14~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bb3240a14c98dd7814971b9c24d1e5c69fe283dc;p=thirdparty%2Fkernel%2Fstable-queue.git

two more stable patches for .18
---

diff --git a/queue-2.6.18/block-layer-elv_iosched_show-should-get-elv_list_lock.patch b/queue-2.6.18/block-layer-elv_iosched_show-should-get-elv_list_lock.patch
new file mode 100644
index 00000000000..194562a0561
--- /dev/null
+++ b/queue-2.6.18/block-layer-elv_iosched_show-should-get-elv_list_lock.patch
@@ -0,0 +1,46 @@
+From stable-bounces@linux.kernel.org Wed Oct 11 04:24:26 2006
+Date: Wed, 11 Oct 2006 13:23:48 +0200
+From: Vasily Tarasov <vtaras@openvz.org>
+To: stable@kernel.org
+Message-ID: <20061011112348.GQ6515@kernel.dk>
+Content-Disposition: inline
+Subject: block layer: elv_iosched_show should get elv_list_lock
+
+From: Vasily Tarasov <vtaras@openvz.org>
+
+elv_iosched_show function iterates other elv_list,
+hence elv_list_lock should be got.
+
+Also the question is: in elv_iosched_show, elv_iosched_store
+q->elevator->elevator_type construction is used without locking q->queue_lock.
+Is it expected?..
+
+Signed-off-by: Vasily Tarasov <vtaras@openvz.org>
+Cc: Jens Axboe <jens.axboe@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ block/elevator.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- linux-2.6.18.orig/block/elevator.c
++++ linux-2.6.18/block/elevator.c
+@@ -892,7 +892,7 @@ ssize_t elv_iosched_show(request_queue_t
+ 	struct list_head *entry;
+ 	int len = 0;
+ 
+-	spin_lock_irq(q->queue_lock);
++	spin_lock_irq(&elv_list_lock);
+ 	list_for_each(entry, &elv_list) {
+ 		struct elevator_type *__e;
+ 
+@@ -902,7 +902,7 @@ ssize_t elv_iosched_show(request_queue_t
+ 		else
+ 			len += sprintf(name+len, "%s ", __e->elevator_name);
+ 	}
+-	spin_unlock_irq(q->queue_lock);
++	spin_unlock_irq(&elv_list_lock);
+ 
+ 	len += sprintf(len+name, "\n");
+ 	return len;
diff --git a/queue-2.6.18/netfilter-nat-fix-notrack-checksum-handling.patch b/queue-2.6.18/netfilter-nat-fix-notrack-checksum-handling.patch
new file mode 100644
index 00000000000..ff7e326e197
--- /dev/null
+++ b/queue-2.6.18/netfilter-nat-fix-notrack-checksum-handling.patch
@@ -0,0 +1,71 @@
+From stable-bounces@linux.kernel.org Wed Oct 11 01:54:01 2006
+Date: Wed, 11 Oct 2006 01:53:26 -0700 (PDT)
+Message-Id: <20061011.015326.25157718.davem@davemloft.net>
+To: stable@kernel.org
+From: Patrick McHardy <kaber@trash.net>
+Subject: NETFILTER: NAT: fix NOTRACK checksum handling
+
+From: Patrick McHardy <kaber@trash.net>
+
+The whole idea with the NOTRACK netfilter target is that
+you can force the netfilter code to avoid connection
+tracking, and all costs assosciated with it, by making
+traffic match a NOTRACK rule.
+
+But this is totally broken by the fact that we do a checksum
+calculation over the packet before we do the NOTRACK bypass
+check, which is very expensive.  People setup NOTRACK rules
+explicitly to avoid all of these kinds of costs.
+
+This patch from Patrick, already in Linus's tree, fixes the
+bug.
+
+Move the check for ip_conntrack_untracked before the call to
+skb_checksum_help to fix NOTRACK excemptions from NAT. Pre-2.6.19
+NAT code breaks TSO by invalidating hardware checksums for every
+packet, even if explicitly excluded from NAT through NOTRACK.
+
+2.6.19 includes a fix that makes NAT and TSO live in harmony,
+but the performance degradation caused by this deserves making
+at least the workaround work properly in -stable.
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/ipv4/netfilter/ip_nat_standalone.c |   11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+--- linux-2.6.18.orig/net/ipv4/netfilter/ip_nat_standalone.c
++++ linux-2.6.18/net/ipv4/netfilter/ip_nat_standalone.c
+@@ -110,12 +110,17 @@ ip_nat_fn(unsigned int hooknum,
+ 	IP_NF_ASSERT(!((*pskb)->nh.iph->frag_off
+ 		       & htons(IP_MF|IP_OFFSET)));
+ 
++	ct = ip_conntrack_get(*pskb, &ctinfo);
++
++	/* Don't try to NAT if this packet is not conntracked */
++	if (ct == &ip_conntrack_untracked)
++		return NF_ACCEPT;
++
+ 	/* If we had a hardware checksum before, it's now invalid */
+ 	if ((*pskb)->ip_summed == CHECKSUM_HW)
+ 		if (skb_checksum_help(*pskb, (out == NULL)))
+ 			return NF_DROP;
+ 
+-	ct = ip_conntrack_get(*pskb, &ctinfo);
+ 	/* Can't track?  It's not due to stress, or conntrack would
+ 	   have dropped it.  Hence it's the user's responsibilty to
+ 	   packet filter it out, or implement conntrack/NAT for that
+@@ -137,10 +142,6 @@ ip_nat_fn(unsigned int hooknum,
+ 		return NF_ACCEPT;
+ 	}
+ 
+-	/* Don't try to NAT if this packet is not conntracked */
+-	if (ct == &ip_conntrack_untracked)
+-		return NF_ACCEPT;
+-
+ 	switch (ctinfo) {
+ 	case IP_CT_RELATED:
+ 	case IP_CT_RELATED+IP_CT_IS_REPLY:
diff --git a/queue-2.6.18/series b/queue-2.6.18/series
index bbec683863f..011f2b036af 100644
--- a/queue-2.6.18/series
+++ b/queue-2.6.18/series
@@ -63,3 +63,5 @@ scx200_hrt-fix-precedence-bug-manifesting-as-27x-clock-in-1-mhz-mode.patch
 ide-generic-jmicron-fix.patch
 x86-64-calgary-iommu-fix-off-by-one-when-calculating-register-space-location.patch
 bcm43xx-fix-regressions-in-2.6.18.patch
+netfilter-nat-fix-notrack-checksum-handling.patch
+block-layer-elv_iosched_show-should-get-elv_list_lock.patch