From: Greg Kroah-Hartman Date: Mon, 26 Nov 2007 22:17:46 +0000 (-0800) Subject: some .23 patches added to the queue X-Git-Tag: v2.6.23.10~22 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c46a179eb3601af43c2aca78b5e796d4524a6c26;p=thirdparty%2Fkernel%2Fstable-queue.git some .23 patches added to the queue --- diff --git a/queue-2.6.23/libertas-properly-account-for-queue-commands.patch b/queue-2.6.23/libertas-properly-account-for-queue-commands.patch new file mode 100644 index 00000000000..577b082be42 --- /dev/null +++ b/queue-2.6.23/libertas-properly-account-for-queue-commands.patch @@ -0,0 +1,59 @@ +From stable-bounces@linux.kernel.org Tue Nov 20 10:55:25 2007 +From: Marcelo Tosatti +Date: Tue, 20 Nov 2007 13:54:52 -0500 +Subject: libertas: properly account for queue commands +To: stable@kernel.org +Cc: Marcelo Tosatti , Marcelo Tosatti , "John W. Linville" +Message-ID: <1195584892-2864-1-git-send-email-linville@tuxdriver.com> + + +From: Marcelo Tosatti + +patch 29f5f2a19b055feabfcc6f92e1d40ec092c373ea in mainline. + +Properly account for queue commands, this fixes a problem reported +by Holger Schurig when using the debugfs interface. + +Signed-off-by: Marcelo Tosatti +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/libertas/cmd.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +--- a/drivers/net/wireless/libertas/cmd.c ++++ b/drivers/net/wireless/libertas/cmd.c +@@ -881,6 +881,10 @@ static int wlan_cmd_mesh_access(wlan_pri + return 0; + } + ++/* ++ * Note: NEVER use libertas_queue_cmd() with addtail==0 other than for ++ * the command timer, because it does not account for queued commands. ++ */ + void libertas_queue_cmd(wlan_adapter * adapter, struct cmd_ctrl_node *cmdnode, u8 addtail) + { + unsigned long flags; +@@ -910,10 +914,11 @@ void libertas_queue_cmd(wlan_adapter * a + + spin_lock_irqsave(&adapter->driver_lock, flags); + +- if (addtail) ++ if (addtail) { + list_add_tail((struct list_head *)cmdnode, + &adapter->cmdpendingq); +- else ++ adapter->nr_cmd_pending++; ++ } else + list_add((struct list_head *)cmdnode, &adapter->cmdpendingq); + + spin_unlock_irqrestore(&adapter->driver_lock, flags); +@@ -1400,7 +1405,6 @@ int libertas_prepare_and_send_command(wl + cmdnode->cmdwaitqwoken = 0; + + libertas_queue_cmd(adapter, cmdnode, 1); +- adapter->nr_cmd_pending++; + wake_up_interruptible(&priv->mainthread.waitq); + + if (wait_option & cmd_option_waitforrsp) { diff --git a/queue-2.6.23/net-random-secure_tcp_sequence_number-should-not-assume-config_ktime_scalar.patch b/queue-2.6.23/net-random-secure_tcp_sequence_number-should-not-assume-config_ktime_scalar.patch new file mode 100644 index 00000000000..150eeca27ee --- /dev/null +++ b/queue-2.6.23/net-random-secure_tcp_sequence_number-should-not-assume-config_ktime_scalar.patch @@ -0,0 +1,62 @@ +From stable-bounces@linux.kernel.org Wed Nov 21 04:33:32 2007 +From: Eric Dumazet +Date: Wed, 21 Nov 2007 20:32:55 +0800 +Subject: NET: random : secure_tcp_sequence_number should not assume CONFIG_KTIME_SCALAR +To: stable@kernel.org, davem@davemloft.net +Message-ID: + +From: Eric Dumazet + +[NET] random : secure_tcp_sequence_number should not assume CONFIG_KTIME_SCALAR + +[ Upstream commit: 6dd10a62353a50b30b30e0c18653650975b29c71 ] + +All 32 bits machines but i386 dont have CONFIG_KTIME_SCALAR. On these +machines, ktime.tv64 is more than 4 times the (correct) result given +by ktime_to_ns() + +Again on these machines, using ktime_get_real().tv64 >> 6 give a +32bits rollover every 64 seconds, which is not wanted (less than the +120 s MSL) + +Using ktime_to_ns() is the portable way to get nsecs from a ktime, and +have correct code. + +Signed-off-by: Eric Dumazet +Signed-off-by: David S. Miller +Cc: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/random.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -1494,7 +1494,7 @@ __u32 secure_tcpv6_sequence_number(__be3 + seq = twothirdsMD4Transform((const __u32 *)daddr, hash) & HASH_MASK; + seq += keyptr->count; + +- seq += ktime_get_real().tv64; ++ seq += ktime_to_ns(ktime_get_real()); + + return seq; + } +@@ -1556,7 +1556,7 @@ __u32 secure_tcp_sequence_number(__be32 + * overlaps less than one time per MSL (2 minutes). + * Choosing a clock of 64 ns period is OK. (period of 274 s) + */ +- seq += ktime_get_real().tv64 >> 6; ++ seq += ktime_to_ns(ktime_get_real()) >> 6; + #if 0 + printk("init_seq(%lx, %lx, %d, %d) = %d\n", + saddr, daddr, sport, dport, seq); +@@ -1616,7 +1616,7 @@ u64 secure_dccp_sequence_number(__be32 s + seq = half_md4_transform(hash, keyptr->secret); + seq |= ((u64)keyptr->count) << (32 - HASH_BITS); + +- seq += ktime_get_real().tv64; ++ seq += ktime_to_ns(ktime_get_real()); + seq &= (1ull << 48) - 1; + #if 0 + printk("dccp init_seq(%lx, %lx, %d, %d) = %d\n", diff --git a/queue-2.6.23/netfilter-fix-null-pointer-dereference-in-nf_nat_move_storage.patch b/queue-2.6.23/netfilter-fix-null-pointer-dereference-in-nf_nat_move_storage.patch new file mode 100644 index 00000000000..91ff755c6e6 --- /dev/null +++ b/queue-2.6.23/netfilter-fix-null-pointer-dereference-in-nf_nat_move_storage.patch @@ -0,0 +1,51 @@ +From stable-bounces@linux.kernel.org Wed Nov 21 04:33:42 2007 +From: Evgeniy Polyakov +Date: Wed, 21 Nov 2007 20:32:56 +0800 +Subject: NETFILTER: Fix NULL pointer dereference in nf_nat_move_storage() +To: stable@kernel.org, davem@davemloft.net +Message-ID: + +From: Evgeniy Polyakov + +[NETFILTER]: Fix NULL pointer dereference in nf_nat_move_storage() + +[ Upstream commit: 7799652557d966e49512479f4d3b9079bbc01fff ] + +Reported by Chuck Ebbert as: + + https://bugzilla.redhat.com/show_bug.cgi?id=259501#c14 + +This routine is called each time hash should be replaced, nf_conn has +extension list which contains pointers to connection tracking users +(like nat, which is right now the only such user), so when replace takes +place it should copy own extensions. Loop above checks for own +extension, but tries to move higer-layer one, which can lead to above +oops. + +Signed-off-by: Evgeniy Polyakov +Signed-off-by: David S. Miller +Cc: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- a/net/netfilter/nf_conntrack_extend.c ++++ b/net/netfilter/nf_conntrack_extend.c +@@ -109,7 +109,7 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp) + rcu_read_lock(); + t = rcu_dereference(nf_ct_ext_types[i]); + if (t && t->move) +- t->move(ct, ct->ext + ct->ext->offset[id]); ++ t->move(ct, ct->ext + ct->ext->offset[i]); + rcu_read_unlock(); + } + kfree(ct->ext); +-- +Visit Openswan at http://www.openswan.org/ +Email: Herbert Xu ~{PmV>HI~} +Home Page: http://gondor.apana.org.au/~herbert/ +PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt + +_______________________________________________ +stable mailing list +stable@linux.kernel.org +http://linux.kernel.org/mailman/listinfo/stable + diff --git a/queue-2.6.23/rd-fix-data-corruption-on-memory-pressure.patch b/queue-2.6.23/rd-fix-data-corruption-on-memory-pressure.patch new file mode 100644 index 00000000000..0601d5ae3ac --- /dev/null +++ b/queue-2.6.23/rd-fix-data-corruption-on-memory-pressure.patch @@ -0,0 +1,73 @@ +From jack+f-061107@ucw.cz Tue Nov 6 03:26:18 2007 +From: Christian Borntraeger +Date: Tue, 6 Nov 2007 12:26:15 +0100 +Subject: rd: fix data corruption on memory pressure +Subject: Re: Future of Linux 2.6.22.y series +To: Greg Kroah-Hartman +Cc: linux-kernel@vger.kernel.org, Christian Borntraeger +Message-ID: <20071106112615.GG32704@atrey.karlin.mff.cuni.cz> +Content-Disposition: inline + +From: Christian Borntraeger + +commit 5d0360ee96a5ef953dbea45873c2a8c87e77d59b upstream. + +We have seen ramdisk based install systems, where some pages of mapped +libraries and programs were suddendly zeroed under memory pressure. This +should not happen, as the ramdisk avoids freeing its pages by keeping +them dirty all the time. + +It turns out that there is a case, where the VM makes a ramdisk page +clean, without telling the ramdisk driver. On memory pressure +shrink_zone runs and it starts to run shrink_active_list. There is a +check for buffer_heads_over_limit, and if true, pagevec_strip is called. +pagevec_strip calls try_to_release_page. If the mapping has no +releasepage callback, try_to_free_buffers is called. try_to_free_buffers +has now a special logic for some file systems to make a dirty page +clean, if all buffers are clean. Thats what happened in our test case. + +The simplest solution is to provide a noop-releasepage callback for the +ramdisk driver. This avoids try_to_free_buffers for ramdisk pages. + +Signed-off-by: Christian Borntraeger +Signed-off-by: Jan Kara +Acked-by: Nick Piggin +Cc: "Eric W. Biederman" +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + + +--- + drivers/block/rd.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +--- a/drivers/block/rd.c ++++ b/drivers/block/rd.c +@@ -189,6 +189,18 @@ static int ramdisk_set_page_dirty(struct + return 0; + } + ++/* ++ * releasepage is called by pagevec_strip/try_to_release_page if ++ * buffers_heads_over_limit is true. Without a releasepage function ++ * try_to_free_buffers is called instead. That can unset the dirty ++ * bit of our ram disk pages, which will be eventually freed, even ++ * if the page is still in use. ++ */ ++static int ramdisk_releasepage(struct page *page, gfp_t dummy) ++{ ++ return 0; ++} ++ + static const struct address_space_operations ramdisk_aops = { + .readpage = ramdisk_readpage, + .prepare_write = ramdisk_prepare_write, +@@ -196,6 +208,7 @@ static const struct address_space_operat + .writepage = ramdisk_writepage, + .set_page_dirty = ramdisk_set_page_dirty, + .writepages = ramdisk_writepages, ++ .releasepage = ramdisk_releasepage, + }; + + static int rd_blkdev_pagecache_IO(int rw, struct bio_vec *vec, sector_t sector, diff --git a/queue-2.6.23/sched-some-proc-entries-are-missed-in-sched_domain-sys_ctl-debug-code.patch b/queue-2.6.23/sched-some-proc-entries-are-missed-in-sched_domain-sys_ctl-debug-code.patch new file mode 100644 index 00000000000..b828b3d2dc0 --- /dev/null +++ b/queue-2.6.23/sched-some-proc-entries-are-missed-in-sched_domain-sys_ctl-debug-code.patch @@ -0,0 +1,47 @@ +From ace8b3d633f93da8535921bf3e3679db3c619578 Mon Sep 17 00:00:00 2001 +From: Zou Nan hai +Date: Mon, 15 Oct 2007 17:00:14 +0200 +Subject: sched: some proc entries are missed in sched_domain sys_ctl debug code + +From: Zou Nan hai + +patch ace8b3d633f93da8535921bf3e3679db3c619578 in mainline. + +cache_nice_tries and flags entry do not appear in proc fs sched_domain +directory, because ctl_table entry is skipped. + +This patch fixes the issue. + +Signed-off-by: Zou Nan hai +Signed-off-by: Andrew Morton +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/sched.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/kernel/sched.c ++++ b/kernel/sched.c +@@ -5306,7 +5306,7 @@ set_table_entry(struct ctl_table *entry, + static struct ctl_table * + sd_alloc_ctl_domain_table(struct sched_domain *sd) + { +- struct ctl_table *table = sd_alloc_ctl_entry(14); ++ struct ctl_table *table = sd_alloc_ctl_entry(12); + + set_table_entry(&table[0], "min_interval", &sd->min_interval, + sizeof(long), 0644, proc_doulongvec_minmax); +@@ -5326,10 +5326,10 @@ sd_alloc_ctl_domain_table(struct sched_d + sizeof(int), 0644, proc_dointvec_minmax); + set_table_entry(&table[8], "imbalance_pct", &sd->imbalance_pct, + sizeof(int), 0644, proc_dointvec_minmax); +- set_table_entry(&table[10], "cache_nice_tries", ++ set_table_entry(&table[9], "cache_nice_tries", + &sd->cache_nice_tries, + sizeof(int), 0644, proc_dointvec_minmax); +- set_table_entry(&table[12], "flags", &sd->flags, ++ set_table_entry(&table[10], "flags", &sd->flags, + sizeof(int), 0644, proc_dointvec_minmax); + + return table; diff --git a/queue-2.6.23/series b/queue-2.6.23/series new file mode 100644 index 00000000000..9d135f9c3e3 --- /dev/null +++ b/queue-2.6.23/series @@ -0,0 +1,5 @@ +libertas-properly-account-for-queue-commands.patch +net-random-secure_tcp_sequence_number-should-not-assume-config_ktime_scalar.patch +netfilter-fix-null-pointer-dereference-in-nf_nat_move_storage.patch +rd-fix-data-corruption-on-memory-pressure.patch +sched-some-proc-entries-are-missed-in-sched_domain-sys_ctl-debug-code.patch