From: Greg Kroah-Hartman Date: Thu, 13 Apr 2006 23:10:59 +0000 (-0700) Subject: 2.6.16.6 review cycle start X-Git-Tag: v2.6.16.6~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=df5f3196cba02fbbb9c26a8dd2cf15cb84142bc1;p=thirdparty%2Fkernel%2Fstable-queue.git 2.6.16.6 review cycle start --- diff --git a/queue-2.6.16/CIFS-Incorrect-signature-sent-on-SMB-Read.patch b/review-2.6.16/CIFS-Incorrect-signature-sent-on-SMB-Read.patch similarity index 100% rename from queue-2.6.16/CIFS-Incorrect-signature-sent-on-SMB-Read.patch rename to review-2.6.16/CIFS-Incorrect-signature-sent-on-SMB-Read.patch diff --git a/queue-2.6.16/Fix-suspend-with-traced-tasks.patch b/review-2.6.16/Fix-suspend-with-traced-tasks.patch similarity index 100% rename from queue-2.6.16/Fix-suspend-with-traced-tasks.patch rename to review-2.6.16/Fix-suspend-with-traced-tasks.patch diff --git a/queue-2.6.16/RLIMIT_CPU-fix-handling-of-a-zero-limit.patch b/review-2.6.16/RLIMIT_CPU-fix-handling-of-a-zero-limit.patch similarity index 100% rename from queue-2.6.16/RLIMIT_CPU-fix-handling-of-a-zero-limit.patch rename to review-2.6.16/RLIMIT_CPU-fix-handling-of-a-zero-limit.patch diff --git a/queue-2.6.16/XFS-Fix-utime-2-in-the-case-that-no-times-parameter-was-passed-in.patch b/review-2.6.16/XFS-Fix-utime-2-in-the-case-that-no-times-parameter-was-passed-in.patch similarity index 100% rename from queue-2.6.16/XFS-Fix-utime-2-in-the-case-that-no-times-parameter-was-passed-in.patch rename to review-2.6.16/XFS-Fix-utime-2-in-the-case-that-no-times-parameter-was-passed-in.patch diff --git a/queue-2.6.16/alpha-smp-boot-fixes.patch b/review-2.6.16/alpha-smp-boot-fixes.patch similarity index 100% rename from queue-2.6.16/alpha-smp-boot-fixes.patch rename to review-2.6.16/alpha-smp-boot-fixes.patch diff --git a/review-2.6.16/atm-clip-causes-unregister-hang.patch b/review-2.6.16/atm-clip-causes-unregister-hang.patch new file mode 100644 index 00000000000..c4ab3e09c2d --- /dev/null +++ b/review-2.6.16/atm-clip-causes-unregister-hang.patch @@ -0,0 +1,117 @@ +From stable-bounces@linux.kernel.org Wed Apr 12 14:53:57 2006 +Date: Wed, 12 Apr 2006 14:52:54 -0700 +From: Stephen Hemminger +To: Herbert Xu , davem@davemloft.net +Message-ID: <20060412145254.4dd21be6@localhost.localdomain> +Cc: chas@cmf.nrl.navy.mil, netdev@vger.kernel.org, + linux-atm-general@lists.sourceforge.net, stable@kernel.org +Subject: atm: clip causes unregister hang + +If Classical IP over ATM module is loaded, its neighbor table gets +populated when permanent neighbor entries are created; but these entries +are not flushed when the device is removed. Since the entry never gets +flushed the unregister of the network device never completes. + +This version of the patch also adds locking around the reference to +the atm arp daemon to avoid races with events and daemon state changes. +(Note: barrier() was never really safe) + +Bug-reference: http://bugzilla.kernel.org/show_bug.cgi?id=6295 + +Signed-off-by: Stephen Hemminger +Signed-off-by: Greg Kroah-Hartman + +--- + net/atm/clip.c | 42 +++++++++++++++++++++++++++--------------- + 1 file changed, 27 insertions(+), 15 deletions(-) + +--- linux-2.6.16.5.orig/net/atm/clip.c ++++ linux-2.6.16.5/net/atm/clip.c +@@ -613,12 +613,19 @@ static int clip_create(int number) + + + static int clip_device_event(struct notifier_block *this,unsigned long event, +- void *dev) ++ void *arg) + { ++ struct net_device *dev = arg; ++ ++ if (event == NETDEV_UNREGISTER) { ++ neigh_ifdown(&clip_tbl, dev); ++ return NOTIFY_DONE; ++ } ++ + /* ignore non-CLIP devices */ +- if (((struct net_device *) dev)->type != ARPHRD_ATM || +- ((struct net_device *) dev)->hard_start_xmit != clip_start_xmit) ++ if (dev->type != ARPHRD_ATM || dev->hard_start_xmit != clip_start_xmit) + return NOTIFY_DONE; ++ + switch (event) { + case NETDEV_UP: + DPRINTK("clip_device_event NETDEV_UP\n"); +@@ -686,14 +693,12 @@ static struct notifier_block clip_inet_n + static void atmarpd_close(struct atm_vcc *vcc) + { + DPRINTK("atmarpd_close\n"); +- atmarpd = NULL; /* assumed to be atomic */ +- barrier(); +- unregister_inetaddr_notifier(&clip_inet_notifier); +- unregister_netdevice_notifier(&clip_dev_notifier); +- if (skb_peek(&sk_atm(vcc)->sk_receive_queue)) +- printk(KERN_ERR "atmarpd_close: closing with requests " +- "pending\n"); ++ ++ rtnl_lock(); ++ atmarpd = NULL; + skb_queue_purge(&sk_atm(vcc)->sk_receive_queue); ++ rtnl_unlock(); ++ + DPRINTK("(done)\n"); + module_put(THIS_MODULE); + } +@@ -714,7 +719,12 @@ static struct atm_dev atmarpd_dev = { + + static int atm_init_atmarp(struct atm_vcc *vcc) + { +- if (atmarpd) return -EADDRINUSE; ++ rtnl_lock(); ++ if (atmarpd) { ++ rtnl_unlock(); ++ return -EADDRINUSE; ++ } ++ + if (start_timer) { + start_timer = 0; + init_timer(&idle_timer); +@@ -731,10 +741,7 @@ static int atm_init_atmarp(struct atm_vc + vcc->push = NULL; + vcc->pop = NULL; /* crash */ + vcc->push_oam = NULL; /* crash */ +- if (register_netdevice_notifier(&clip_dev_notifier)) +- printk(KERN_ERR "register_netdevice_notifier failed\n"); +- if (register_inetaddr_notifier(&clip_inet_notifier)) +- printk(KERN_ERR "register_inetaddr_notifier failed\n"); ++ rtnl_unlock(); + return 0; + } + +@@ -992,6 +999,8 @@ static int __init atm_clip_init(void) + + clip_tbl_hook = &clip_tbl; + register_atm_ioctl(&clip_ioctl_ops); ++ register_netdevice_notifier(&clip_dev_notifier); ++ register_inetaddr_notifier(&clip_inet_notifier); + + #ifdef CONFIG_PROC_FS + { +@@ -1012,6 +1021,9 @@ static void __exit atm_clip_exit(void) + + remove_proc_entry("arp", atm_proc_root); + ++ unregister_inetaddr_notifier(&clip_inet_notifier); ++ unregister_netdevice_notifier(&clip_dev_notifier); ++ + deregister_atm_ioctl(&clip_ioctl_ops); + + /* First, stop the idle timer, so it stops banging diff --git a/queue-2.6.16/cciss-bug-fix-for-crash-when-running-hpacucli.patch b/review-2.6.16/cciss-bug-fix-for-crash-when-running-hpacucli.patch similarity index 100% rename from queue-2.6.16/cciss-bug-fix-for-crash-when-running-hpacucli.patch rename to review-2.6.16/cciss-bug-fix-for-crash-when-running-hpacucli.patch diff --git a/queue-2.6.16/edac_752x-needs-config_hotplug.patch b/review-2.6.16/edac_752x-needs-config_hotplug.patch similarity index 100% rename from queue-2.6.16/edac_752x-needs-config_hotplug.patch rename to review-2.6.16/edac_752x-needs-config_hotplug.patch diff --git a/queue-2.6.16/ext3-fix-missed-mutex-unlock.patch b/review-2.6.16/ext3-fix-missed-mutex-unlock.patch similarity index 100% rename from queue-2.6.16/ext3-fix-missed-mutex-unlock.patch rename to review-2.6.16/ext3-fix-missed-mutex-unlock.patch diff --git a/queue-2.6.16/fix-block-device-symlink-name.patch b/review-2.6.16/fix-block-device-symlink-name.patch similarity index 100% rename from queue-2.6.16/fix-block-device-symlink-name.patch rename to review-2.6.16/fix-block-device-symlink-name.patch diff --git a/queue-2.6.16/fix-buddy-list-race-that-could-lead-to-page-lru-list-corruptions.patch b/review-2.6.16/fix-buddy-list-race-that-could-lead-to-page-lru-list-corruptions.patch similarity index 100% rename from queue-2.6.16/fix-buddy-list-race-that-could-lead-to-page-lru-list-corruptions.patch rename to review-2.6.16/fix-buddy-list-race-that-could-lead-to-page-lru-list-corruptions.patch diff --git a/review-2.6.16/fix-non-leader-exec-under-ptrace.patch b/review-2.6.16/fix-non-leader-exec-under-ptrace.patch new file mode 100644 index 00000000000..6328930f464 --- /dev/null +++ b/review-2.6.16/fix-non-leader-exec-under-ptrace.patch @@ -0,0 +1,59 @@ +From stable-bounces@linux.kernel.org Wed Apr 12 16:30:55 2006 +From: Roland McGrath +To: stable@kernel.org +Message-Id: <20060412233020.07E061809CB@magilla.sf.frob.com> +Date: Wed, 12 Apr 2006 16:30:20 -0700 (PDT) +Cc: Linus Torvalds , Andrea Arcangeli , + Oleg Nesterov +Subject: fix non-leader exec under ptrace + +This reverts most of commit 30e0fca6c1d7d26f3f2daa4dd2b12c51dadc778a. +It broke the case of non-leader MT exec when ptraced. +I think the bug it was intended to fix was already addressed by commit +788e05a67c343fa22f2ae1d3ca264e7f15c25eaf. + +Signed-off-by: Roland McGrath +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/ptrace.c | 7 ++----- + kernel/signal.c | 4 ++-- + 2 files changed, 4 insertions(+), 7 deletions(-) + +--- linux-2.6.16.5.orig/kernel/ptrace.c ++++ linux-2.6.16.5/kernel/ptrace.c +@@ -57,10 +57,6 @@ void ptrace_untrace(task_t *child) + signal_wake_up(child, 1); + } + } +- if (child->signal->flags & SIGNAL_GROUP_EXIT) { +- sigaddset(&child->pending.signal, SIGKILL); +- signal_wake_up(child, 1); +- } + spin_unlock(&child->sighand->siglock); + } + +@@ -82,7 +78,8 @@ void __ptrace_unlink(task_t *child) + SET_LINKS(child); + } + +- ptrace_untrace(child); ++ if (child->state == TASK_TRACED) ++ ptrace_untrace(child); + } + + /* +--- linux-2.6.16.5.orig/kernel/signal.c ++++ linux-2.6.16.5/kernel/signal.c +@@ -1942,9 +1942,9 @@ relock: + /* Let the debugger run. */ + ptrace_stop(signr, signr, info); + +- /* We're back. Did the debugger cancel the sig or group_exit? */ ++ /* We're back. Did the debugger cancel the sig? */ + signr = current->exit_code; +- if (signr == 0 || current->signal->flags & SIGNAL_GROUP_EXIT) ++ if (signr == 0) + continue; + + current->exit_code = 0; diff --git a/queue-2.6.16/fuse-fix-oops-in-fuse_send_readpages.patch b/review-2.6.16/fuse-fix-oops-in-fuse_send_readpages.patch similarity index 100% rename from queue-2.6.16/fuse-fix-oops-in-fuse_send_readpages.patch rename to review-2.6.16/fuse-fix-oops-in-fuse_send_readpages.patch diff --git a/queue-2.6.16/isd200-limit-to-blk_dev_ide.patch b/review-2.6.16/isd200-limit-to-blk_dev_ide.patch similarity index 100% rename from queue-2.6.16/isd200-limit-to-blk_dev_ide.patch rename to review-2.6.16/isd200-limit-to-blk_dev_ide.patch diff --git a/queue-2.6.16/m32r-fix-cpu_possible_map-and-cpu_present_map-initialization-for-smp-kernel.patch b/review-2.6.16/m32r-fix-cpu_possible_map-and-cpu_present_map-initialization-for-smp-kernel.patch similarity index 100% rename from queue-2.6.16/m32r-fix-cpu_possible_map-and-cpu_present_map-initialization-for-smp-kernel.patch rename to review-2.6.16/m32r-fix-cpu_possible_map-and-cpu_present_map-initialization-for-smp-kernel.patch diff --git a/queue-2.6.16/m32r-security-fix-of-get-put-_user-macros.patch b/review-2.6.16/m32r-security-fix-of-get-put-_user-macros.patch similarity index 100% rename from queue-2.6.16/m32r-security-fix-of-get-put-_user-macros.patch rename to review-2.6.16/m32r-security-fix-of-get-put-_user-macros.patch diff --git a/queue-2.6.16/mpbl0010-driver-sysfs-permissions-wide-open.patch b/review-2.6.16/mpbl0010-driver-sysfs-permissions-wide-open.patch similarity index 100% rename from queue-2.6.16/mpbl0010-driver-sysfs-permissions-wide-open.patch rename to review-2.6.16/mpbl0010-driver-sysfs-permissions-wide-open.patch diff --git a/queue-2.6.16/netfilter-fix-fragmentation-issues-with-bridge-netfilter.patch b/review-2.6.16/netfilter-fix-fragmentation-issues-with-bridge-netfilter.patch similarity index 100% rename from queue-2.6.16/netfilter-fix-fragmentation-issues-with-bridge-netfilter.patch rename to review-2.6.16/netfilter-fix-fragmentation-issues-with-bridge-netfilter.patch diff --git a/queue-2.6.16/powerpc-fix-incorrect-sa_onstack-behaviour-for-64-bit-processes.patch b/review-2.6.16/powerpc-fix-incorrect-sa_onstack-behaviour-for-64-bit-processes.patch similarity index 100% rename from queue-2.6.16/powerpc-fix-incorrect-sa_onstack-behaviour-for-64-bit-processes.patch rename to review-2.6.16/powerpc-fix-incorrect-sa_onstack-behaviour-for-64-bit-processes.patch diff --git a/queue-2.6.16/powerpc-iseries-needs-slb_initialize-to-be-called.patch b/review-2.6.16/powerpc-iseries-needs-slb_initialize-to-be-called.patch similarity index 100% rename from queue-2.6.16/powerpc-iseries-needs-slb_initialize-to-be-called.patch rename to review-2.6.16/powerpc-iseries-needs-slb_initialize-to-be-called.patch diff --git a/review-2.6.16/send.mbox b/review-2.6.16/send.mbox new file mode 100644 index 00000000000..0bc0ef63273 --- /dev/null +++ b/review-2.6.16/send.mbox @@ -0,0 +1,2819 @@ +From greg@quad.kroah.org Thu Apr 13 16:03:12 2006 +Message-Id: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:41 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk +Subject: [patch 00/22] -stable review +Content-Length: 736 +Lines: 17 + +This is the start of the stable review cycle for the 2.6.16.6 release. +There are 22 patches in this series, all will be posted as a response to +this one. If anyone has any issues with these being applied, please let +us know. If anyone is a maintainer of the proper subsystem, and wants +to add a signed-off-by: line to the patch, please respond with it. + +These patches are sent out with a number of different people on the Cc: +line. If you wish to be a reviewer, please email stable@kernel.org to +add your name to the list. If you want to be off the reviewer list, +also email us. + +Responses should be made by Saturday, April 15, 22:00:00 UTC. Anything +received after that time, might be too late. + +thanks, + +the -stable release team + +From greg@quad.kroah.org Thu Apr 13 16:03:12 2006 +Message-Id: <20060413230312.529933000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:42 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + paulus@samba.org, + anton@samba.org, + Stephen Rothwell , + Greg Kroah-Hartman +Subject: [patch 01/22] powerpc: iSeries needs slb_initialize to be called +Content-Disposition: inline; filename=powerpc-iseries-needs-slb_initialize-to-be-called.patch +Content-Length: 1328 +Lines: 40 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ +Since the powerpc 64k pages patch went in, systems that have SLBs +(like Power4 iSeries) needed to have slb_initialize called to set up +some variables for the SLB miss handler. This was not being called +on the boot processor on iSeries, so on single cpu iSeries machines, +we would get apparent memory curruption as soon as we entered user mode. + +This patch fixes that by calling slb_initialize on the boot cpu if the +processor has an SLB. + +Signed-off-by: Stephen Rothwell +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/setup_64.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +--- linux-2.6.16.5.orig/arch/powerpc/kernel/setup_64.c ++++ linux-2.6.16.5/arch/powerpc/kernel/setup_64.c +@@ -256,12 +256,10 @@ void __init early_setup(unsigned long dt + /* + * Initialize stab / SLB management except on iSeries + */ +- if (!firmware_has_feature(FW_FEATURE_ISERIES)) { +- if (cpu_has_feature(CPU_FTR_SLB)) +- slb_initialize(); +- else +- stab_initialize(lpaca->stab_real); +- } ++ if (cpu_has_feature(CPU_FTR_SLB)) ++ slb_initialize(); ++ else if (!firmware_has_feature(FW_FEATURE_ISERIES)) ++ stab_initialize(lpaca->stab_real); + + DBG(" <- early_setup()\n"); + } + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:12 2006 +Message-Id: <20060413230312.671559000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:43 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + Laurent Meyer , + Paul Mackerras , + Greg Kroah-Hartman +Subject: [patch 02/22] powerpc: fix incorrect SA_ONSTACK behaviour for 64-bit processes +Content-Disposition: inline; filename=powerpc-fix-incorrect-sa_onstack-behaviour-for-64-bit-processes.patch +Content-Length: 1353 +Lines: 40 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ +From: Laurent MEYER + +*) When setting a sighandler using sigaction() call, if the flag +SA_ONSTACK is set and no alternate stack is provided via sigaltstack(), +the kernel still try to install the alternate stack. This behavior is +the opposite of the one which is documented in Single Unix +Specifications V3. + +*) Also when setting an alternate stack using sigaltstack() with the +flag SS_DISABLE, the kernel try to install the alternate stack on +signal delivery. + +These two use cases makes the process crash at signal delivery. + +This fixes it. + +Signed-off-by: Laurent Meyer +Signed-off-by: Paul Mackerras +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/signal_64.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- linux-2.6.16.5.orig/arch/powerpc/kernel/signal_64.c ++++ linux-2.6.16.5/arch/powerpc/kernel/signal_64.c +@@ -213,7 +213,7 @@ static inline void __user * get_sigframe + /* Default to using normal stack */ + newsp = regs->gpr[1]; + +- if (ka->sa.sa_flags & SA_ONSTACK) { ++ if ((ka->sa.sa_flags & SA_ONSTACK) && current->sas_ss_size) { + if (! on_sig_stack(regs->gpr[1])) + newsp = (current->sas_ss_sp + current->sas_ss_size); + } + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:12 2006 +Message-Id: <20060413230312.814603000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:44 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + mbellon@mvista.com, + mark.gross@intel.com +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + Greg Kroah-Hartman +Subject: [patch 03/22] MPBL0010 driver sysfs permissions wide open +Content-Disposition: inline; filename=mpbl0010-driver-sysfs-permissions-wide-open.patch +Content-Length: 6501 +Lines: 187 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ +From: Mark Bellon + +The MPBL0010 Telco clock driver (drivers/char/tlclk.c) uses 0222 (anyone +can write) permissions on its writable sysfs entries. Alter the +permissions to 0220 (owner and group can write). + +The use case for this driver is to configure the fail over behavior of the +clock hardware. That should be done by the more privileged users. + +Signed-off-by: Mark Bellon +Acked-by: Gross Mark +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/tlclk.c | 36 ++++++++++++++++++------------------ + 1 file changed, 18 insertions(+), 18 deletions(-) + +--- linux-2.6.16.5.orig/drivers/char/tlclk.c ++++ linux-2.6.16.5/drivers/char/tlclk.c +@@ -327,7 +327,7 @@ static ssize_t store_received_ref_clk3a( + return strnlen(buf, count); + } + +-static DEVICE_ATTR(received_ref_clk3a, S_IWUGO, NULL, ++static DEVICE_ATTR(received_ref_clk3a, (S_IWUSR|S_IWGRP), NULL, + store_received_ref_clk3a); + + +@@ -349,7 +349,7 @@ static ssize_t store_received_ref_clk3b( + return strnlen(buf, count); + } + +-static DEVICE_ATTR(received_ref_clk3b, S_IWUGO, NULL, ++static DEVICE_ATTR(received_ref_clk3b, (S_IWUSR|S_IWGRP), NULL, + store_received_ref_clk3b); + + +@@ -371,7 +371,7 @@ static ssize_t store_enable_clk3b_output + return strnlen(buf, count); + } + +-static DEVICE_ATTR(enable_clk3b_output, S_IWUGO, NULL, ++static DEVICE_ATTR(enable_clk3b_output, (S_IWUSR|S_IWGRP), NULL, + store_enable_clk3b_output); + + static ssize_t store_enable_clk3a_output(struct device *d, +@@ -392,7 +392,7 @@ static ssize_t store_enable_clk3a_output + return strnlen(buf, count); + } + +-static DEVICE_ATTR(enable_clk3a_output, S_IWUGO, NULL, ++static DEVICE_ATTR(enable_clk3a_output, (S_IWUSR|S_IWGRP), NULL, + store_enable_clk3a_output); + + static ssize_t store_enable_clkb1_output(struct device *d, +@@ -413,7 +413,7 @@ static ssize_t store_enable_clkb1_output + return strnlen(buf, count); + } + +-static DEVICE_ATTR(enable_clkb1_output, S_IWUGO, NULL, ++static DEVICE_ATTR(enable_clkb1_output, (S_IWUSR|S_IWGRP), NULL, + store_enable_clkb1_output); + + +@@ -435,7 +435,7 @@ static ssize_t store_enable_clka1_output + return strnlen(buf, count); + } + +-static DEVICE_ATTR(enable_clka1_output, S_IWUGO, NULL, ++static DEVICE_ATTR(enable_clka1_output, (S_IWUSR|S_IWGRP), NULL, + store_enable_clka1_output); + + static ssize_t store_enable_clkb0_output(struct device *d, +@@ -456,7 +456,7 @@ static ssize_t store_enable_clkb0_output + return strnlen(buf, count); + } + +-static DEVICE_ATTR(enable_clkb0_output, S_IWUGO, NULL, ++static DEVICE_ATTR(enable_clkb0_output, (S_IWUSR|S_IWGRP), NULL, + store_enable_clkb0_output); + + static ssize_t store_enable_clka0_output(struct device *d, +@@ -477,7 +477,7 @@ static ssize_t store_enable_clka0_output + return strnlen(buf, count); + } + +-static DEVICE_ATTR(enable_clka0_output, S_IWUGO, NULL, ++static DEVICE_ATTR(enable_clka0_output, (S_IWUSR|S_IWGRP), NULL, + store_enable_clka0_output); + + static ssize_t store_select_amcb2_transmit_clock(struct device *d, +@@ -519,7 +519,7 @@ static ssize_t store_select_amcb2_transm + return strnlen(buf, count); + } + +-static DEVICE_ATTR(select_amcb2_transmit_clock, S_IWUGO, NULL, ++static DEVICE_ATTR(select_amcb2_transmit_clock, (S_IWUSR|S_IWGRP), NULL, + store_select_amcb2_transmit_clock); + + static ssize_t store_select_amcb1_transmit_clock(struct device *d, +@@ -560,7 +560,7 @@ static ssize_t store_select_amcb1_transm + return strnlen(buf, count); + } + +-static DEVICE_ATTR(select_amcb1_transmit_clock, S_IWUGO, NULL, ++static DEVICE_ATTR(select_amcb1_transmit_clock, (S_IWUSR|S_IWGRP), NULL, + store_select_amcb1_transmit_clock); + + static ssize_t store_select_redundant_clock(struct device *d, +@@ -581,7 +581,7 @@ static ssize_t store_select_redundant_cl + return strnlen(buf, count); + } + +-static DEVICE_ATTR(select_redundant_clock, S_IWUGO, NULL, ++static DEVICE_ATTR(select_redundant_clock, (S_IWUSR|S_IWGRP), NULL, + store_select_redundant_clock); + + static ssize_t store_select_ref_frequency(struct device *d, +@@ -602,7 +602,7 @@ static ssize_t store_select_ref_frequenc + return strnlen(buf, count); + } + +-static DEVICE_ATTR(select_ref_frequency, S_IWUGO, NULL, ++static DEVICE_ATTR(select_ref_frequency, (S_IWUSR|S_IWGRP), NULL, + store_select_ref_frequency); + + static ssize_t store_filter_select(struct device *d, +@@ -623,7 +623,7 @@ static ssize_t store_filter_select(struc + return strnlen(buf, count); + } + +-static DEVICE_ATTR(filter_select, S_IWUGO, NULL, store_filter_select); ++static DEVICE_ATTR(filter_select, (S_IWUSR|S_IWGRP), NULL, store_filter_select); + + static ssize_t store_hardware_switching_mode(struct device *d, + struct device_attribute *attr, const char *buf, size_t count) +@@ -643,7 +643,7 @@ static ssize_t store_hardware_switching_ + return strnlen(buf, count); + } + +-static DEVICE_ATTR(hardware_switching_mode, S_IWUGO, NULL, ++static DEVICE_ATTR(hardware_switching_mode, (S_IWUSR|S_IWGRP), NULL, + store_hardware_switching_mode); + + static ssize_t store_hardware_switching(struct device *d, +@@ -664,7 +664,7 @@ static ssize_t store_hardware_switching( + return strnlen(buf, count); + } + +-static DEVICE_ATTR(hardware_switching, S_IWUGO, NULL, ++static DEVICE_ATTR(hardware_switching, (S_IWUSR|S_IWGRP), NULL, + store_hardware_switching); + + static ssize_t store_refalign (struct device *d, +@@ -684,7 +684,7 @@ static ssize_t store_refalign (struct de + return strnlen(buf, count); + } + +-static DEVICE_ATTR(refalign, S_IWUGO, NULL, store_refalign); ++static DEVICE_ATTR(refalign, (S_IWUSR|S_IWGRP), NULL, store_refalign); + + static ssize_t store_mode_select (struct device *d, + struct device_attribute *attr, const char *buf, size_t count) +@@ -704,7 +704,7 @@ static ssize_t store_mode_select (struct + return strnlen(buf, count); + } + +-static DEVICE_ATTR(mode_select, S_IWUGO, NULL, store_mode_select); ++static DEVICE_ATTR(mode_select, (S_IWUSR|S_IWGRP), NULL, store_mode_select); + + static ssize_t store_reset (struct device *d, + struct device_attribute *attr, const char *buf, size_t count) +@@ -724,7 +724,7 @@ static ssize_t store_reset (struct devic + return strnlen(buf, count); + } + +-static DEVICE_ATTR(reset, S_IWUGO, NULL, store_reset); ++static DEVICE_ATTR(reset, (S_IWUSR|S_IWGRP), NULL, store_reset); + + static struct attribute *tlclk_sysfs_entries[] = { + &dev_attr_current_ref.attr, + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:13 2006 +Message-Id: <20060413230312.952777000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:45 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + Greg Kroah-Hartman +Subject: [patch 04/22] isd200: limit to BLK_DEV_IDE +Content-Disposition: inline; filename=isd200-limit-to-blk_dev_ide.patch +Content-Length: 944 +Lines: 31 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Randy Dunlap + +Limit USB_STORAGE_ISD200 to whatever BLK_DEV_IDE and USB_STORAGE +are set to (y, m) since isd200 calls ide_fix_driveid() in the +BLK_DEV_IDE code. + +Signed-off-by: Randy Dunlap +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/storage/Kconfig | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- linux-2.6.16.5.orig/drivers/usb/storage/Kconfig ++++ linux-2.6.16.5/drivers/usb/storage/Kconfig +@@ -48,7 +48,8 @@ config USB_STORAGE_FREECOM + + config USB_STORAGE_ISD200 + bool "ISD-200 USB/ATA Bridge support" +- depends on USB_STORAGE && BLK_DEV_IDE ++ depends on USB_STORAGE ++ depends on BLK_DEV_IDE=y || BLK_DEV_IDE=USB_STORAGE + ---help--- + Say Y here if you want to use USB Mass Store devices based + on the In-Systems Design ISD-200 USB/ATA bridge. + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:13 2006 +Message-Id: <20060413230313.094496000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:46 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + Jeff Garzik +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + netdev@vger.kernel.org, + Stephen Hemminger , + Greg Kroah-Hartman +Subject: [patch 05/22] sky2: bad memory reference on dual port cards +Content-Disposition: inline; filename=sky2-bad-memory-reference-on-dual-port-cards.patch +Content-Length: 1317 +Lines: 41 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ +Sky2 driver will oops referencing bad memory if used on +a dual port card. The problem is accessing past end of +MIB counter space. + +Signed-off-by: Stephen Hemminger +Signed-off-by: Greg Kroah-Hartman + + +--- + drivers/net/sky2.c | 4 ++-- + drivers/net/sky2.h | 1 + + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- linux-2.6.16.5.orig/drivers/net/sky2.c ++++ linux-2.6.16.5/drivers/net/sky2.c +@@ -579,8 +579,8 @@ static void sky2_mac_init(struct sky2_hw + reg = gma_read16(hw, port, GM_PHY_ADDR); + gma_write16(hw, port, GM_PHY_ADDR, reg | GM_PAR_MIB_CLR); + +- for (i = 0; i < GM_MIB_CNT_SIZE; i++) +- gma_read16(hw, port, GM_MIB_CNT_BASE + 8 * i); ++ for (i = GM_MIB_CNT_BASE; i <= GM_MIB_CNT_END; i += 4) ++ gma_read16(hw, port, i); + gma_write16(hw, port, GM_PHY_ADDR, reg); + + /* transmit control */ +--- linux-2.6.16.5.orig/drivers/net/sky2.h ++++ linux-2.6.16.5/drivers/net/sky2.h +@@ -1380,6 +1380,7 @@ enum { + /* MIB Counters */ + #define GM_MIB_CNT_BASE 0x0100 /* Base Address of MIB Counters */ + #define GM_MIB_CNT_SIZE 44 /* Number of MIB Counters */ ++#define GM_MIB_CNT_END 0x025C /* Last MIB counter */ + + /* + * MIB Counters base address definitions (low word) - + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:13 2006 +Message-Id: <20060413230313.235378000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:47 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + davem@davemloft.net, + Patrick McHardy , + Greg Kroah-Hartman +Subject: [patch 06/22] NETFILTER: Fix fragmentation issues with bridge netfilter +Content-Disposition: inline; filename=netfilter-fix-fragmentation-issues-with-bridge-netfilter.patch +Content-Length: 3335 +Lines: 96 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ +[NETFILTER]: Fix fragmentation issues with bridge netfilter + +The conntrack code doesn't do re-fragmentation of defragmented packets +anymore but relies on fragmentation in the IP layer. Purely bridged +packets don't pass through the IP layer, so the bridge netfilter code +needs to take care of fragmentation itself. + +Signed-off-by: Patrick McHardy +Signed-off-by: Greg Kroah-Hartman + +--- + include/net/ip.h | 1 + + net/bridge/br_netfilter.c | 13 +++++++++++-- + net/ipv4/ip_output.c | 6 +++--- + 3 files changed, 15 insertions(+), 5 deletions(-) + +--- linux-2.6.16.5.orig/include/net/ip.h ++++ linux-2.6.16.5/include/net/ip.h +@@ -95,6 +95,7 @@ extern int ip_local_deliver(struct sk_b + extern int ip_mr_input(struct sk_buff *skb); + extern int ip_output(struct sk_buff *skb); + extern int ip_mc_output(struct sk_buff *skb); ++extern int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)); + extern int ip_do_nat(struct sk_buff *skb); + extern void ip_send_check(struct iphdr *ip); + extern int ip_queue_xmit(struct sk_buff *skb, int ipfragok); +--- linux-2.6.16.5.orig/net/bridge/br_netfilter.c ++++ linux-2.6.16.5/net/bridge/br_netfilter.c +@@ -739,6 +739,15 @@ out: + return NF_STOLEN; + } + ++static int br_nf_dev_queue_xmit(struct sk_buff *skb) ++{ ++ if (skb->protocol == htons(ETH_P_IP) && ++ skb->len > skb->dev->mtu && ++ !(skb_shinfo(skb)->ufo_size || skb_shinfo(skb)->tso_size)) ++ return ip_fragment(skb, br_dev_queue_push_xmit); ++ else ++ return br_dev_queue_push_xmit(skb); ++} + + /* PF_BRIDGE/POST_ROUTING ********************************************/ + static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb, +@@ -798,7 +807,7 @@ static unsigned int br_nf_post_routing(u + realoutdev = nf_bridge->netoutdev; + #endif + NF_HOOK(pf, NF_IP_POST_ROUTING, skb, NULL, realoutdev, +- br_dev_queue_push_xmit); ++ br_nf_dev_queue_xmit); + + return NF_STOLEN; + +@@ -843,7 +852,7 @@ static unsigned int ip_sabotage_out(unsi + if ((out->hard_start_xmit == br_dev_xmit && + okfn != br_nf_forward_finish && + okfn != br_nf_local_out_finish && +- okfn != br_dev_queue_push_xmit) ++ okfn != br_nf_dev_queue_xmit) + #if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE) + || ((out->priv_flags & IFF_802_1Q_VLAN) && + VLAN_DEV_INFO(out)->real_dev->hard_start_xmit == br_dev_xmit) +--- linux-2.6.16.5.orig/net/ipv4/ip_output.c ++++ linux-2.6.16.5/net/ipv4/ip_output.c +@@ -86,8 +86,6 @@ + + int sysctl_ip_default_ttl = IPDEFTTL; + +-static int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*)); +- + /* Generate a checksum for an outgoing IP datagram. */ + __inline__ void ip_send_check(struct iphdr *iph) + { +@@ -421,7 +419,7 @@ static void ip_copy_metadata(struct sk_b + * single device frame, and queue such a frame for sending. + */ + +-static int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*)) ++int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*)) + { + struct iphdr *iph; + int raw = 0; +@@ -673,6 +671,8 @@ fail: + return err; + } + ++EXPORT_SYMBOL(ip_fragment); ++ + int + ip_generic_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) + { + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:13 2006 +Message-Id: <20060413230313.380042000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:48 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + torvalds@osdl.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + takata@linux-m32r.org, + gniibe@fsij.org, + Greg Kroah-Hartman +Subject: [patch 07/22] m32r: security fix of {get, put}_user macros +Content-Disposition: inline; filename=m32r-security-fix-of-get-put-_user-macros.patch +Content-Length: 17799 +Lines: 640 + + +-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Hirokazu Takata + +Update {get,put}_user macros for m32r kernel. +- Modify get_user to use __get_user_asm macro, instead of __get_user_x macro. +- Remove arch/m32r/lib/{get,put}user.S. +- Some cosmetic updates. + +I would like to thank NIIBE Yutaka for his reporting about the m32r kernel's +security problem in {get,put}_user macros. + +There were no address checking for user space access in {get,put}_user macros. + ;-) + +Signed-off-by: Hirokazu Takata +Cc: NIIBE Yutaka +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + + arch/m32r/kernel/m32r_ksyms.c | 4 + arch/m32r/lib/Makefile | 4 + arch/m32r/lib/getuser.S | 88 ------------- + arch/m32r/lib/putuser.S | 84 ------------- + include/asm-m32r/uaccess.h | 266 ++++++++++++++++++------------------------ + 5 files changed, 117 insertions(+), 329 deletions(-) + +--- linux-2.6.16.5.orig/arch/m32r/kernel/m32r_ksyms.c ++++ linux-2.6.16.5/arch/m32r/kernel/m32r_ksyms.c +@@ -38,10 +38,6 @@ EXPORT_SYMBOL(__udelay); + EXPORT_SYMBOL(__delay); + EXPORT_SYMBOL(__const_udelay); + +-EXPORT_SYMBOL(__get_user_1); +-EXPORT_SYMBOL(__get_user_2); +-EXPORT_SYMBOL(__get_user_4); +- + EXPORT_SYMBOL(strpbrk); + EXPORT_SYMBOL(strstr); + +--- linux-2.6.16.5.orig/arch/m32r/lib/Makefile ++++ linux-2.6.16.5/arch/m32r/lib/Makefile +@@ -2,6 +2,6 @@ + # Makefile for M32R-specific library files.. + # + +-lib-y := checksum.o ashxdi3.o memset.o memcpy.o getuser.o \ +- putuser.o delay.o strlen.o usercopy.o csum_partial_copy.o ++lib-y := checksum.o ashxdi3.o memset.o memcpy.o \ ++ delay.o strlen.o usercopy.o csum_partial_copy.o + +--- linux-2.6.16.5.orig/arch/m32r/lib/getuser.S ++++ /dev/null +@@ -1,88 +0,0 @@ +-/* +- * __get_user functions. +- * +- * (C) Copyright 2001 Hirokazu Takata +- * +- * These functions have a non-standard call interface +- * to make them more efficient, especially as they +- * return an error value in addition to the "real" +- * return value. +- */ +- +-#include +- +-/* +- * __get_user_X +- * +- * Inputs: r0 contains the address +- * +- * Outputs: r0 is error code (0 or -EFAULT) +- * r1 contains zero-extended value +- * +- * These functions should not modify any other registers, +- * as they get called from within inline assembly. +- */ +- +-#ifdef CONFIG_ISA_DUAL_ISSUE +- +- .text +- .balign 4 +- .globl __get_user_1 +-__get_user_1: +-1: ldub r1, @r0 || ldi r0, #0 +- jmp r14 +- +- .balign 4 +- .globl __get_user_2 +-__get_user_2: +-2: lduh r1, @r0 || ldi r0, #0 +- jmp r14 +- +- .balign 4 +- .globl __get_user_4 +-__get_user_4: +-3: ld r1, @r0 || ldi r0, #0 +- jmp r14 +- +-bad_get_user: +- ldi r1, #0 || ldi r0, #-14 +- jmp r14 +- +-#else /* not CONFIG_ISA_DUAL_ISSUE */ +- +- .text +- .balign 4 +- .globl __get_user_1 +-__get_user_1: +-1: ldub r1, @r0 +- ldi r0, #0 +- jmp r14 +- +- .balign 4 +- .globl __get_user_2 +-__get_user_2: +-2: lduh r1, @r0 +- ldi r0, #0 +- jmp r14 +- +- .balign 4 +- .globl __get_user_4 +-__get_user_4: +-3: ld r1, @r0 +- ldi r0, #0 +- jmp r14 +- +-bad_get_user: +- ldi r1, #0 +- ldi r0, #-14 +- jmp r14 +- +-#endif /* not CONFIG_ISA_DUAL_ISSUE */ +- +-.section __ex_table,"a" +- .long 1b,bad_get_user +- .long 2b,bad_get_user +- .long 3b,bad_get_user +-.previous +- +- .end +--- linux-2.6.16.5.orig/arch/m32r/lib/putuser.S ++++ /dev/null +@@ -1,84 +0,0 @@ +-/* +- * __put_user functions. +- * +- * (C) Copyright 1998 Linus Torvalds +- * (C) Copyright 2001 Hirokazu Takata +- * +- * These functions have a non-standard call interface +- * to make them more efficient. +- */ +- +-#include +- +-/* +- * __put_user_X +- * +- * Inputs: r0 contains the address +- * r1 contains the value +- * +- * Outputs: r0 is error code (0 or -EFAULT) +- * r1 is corrupted (will contain "current_task"). +- * +- * These functions should not modify any other registers, +- * as they get called from within inline assembly. +- */ +- +-#ifdef CONFIG_ISA_DUAL_ISSUE +- +- .text +- .balign 4 +- .globl __put_user_1 +-__put_user_1: +-1: stb r1, @r0 || ldi r0, #0 +- jmp r14 +- +- .balign 4 +- .globl __put_user_2 +-__put_user_2: +-2: sth r1, @r0 || ldi r0, #0 +- jmp r14 +- +- .balign 4 +- .globl __put_user_4 +-__put_user_4: +-3: st r1, @r0 || ldi r0, #0 +- jmp r14 +- +-bad_put_user: +- ldi r0, #-14 || jmp r14 +- +-#else /* not CONFIG_ISA_DUAL_ISSUE */ +- +- .text +- .balign 4 +- .globl __put_user_1 +-__put_user_1: +-1: stb r1, @r0 +- ldi r0, #0 +- jmp r14 +- +- .balign 4 +- .globl __put_user_2 +-__put_user_2: +-2: sth r1, @r0 +- ldi r0, #0 +- jmp r14 +- +- .balign 4 +- .globl __put_user_4 +-__put_user_4: +-3: st r1, @r0 +- ldi r0, #0 +- jmp r14 +- +-bad_put_user: +- ldi r0, #-14 +- jmp r14 +- +-#endif /* not CONFIG_ISA_DUAL_ISSUE */ +- +-.section __ex_table,"a" +- .long 1b,bad_put_user +- .long 2b,bad_put_user +- .long 3b,bad_put_user +-.previous +--- linux-2.6.16.5.orig/include/asm-m32r/uaccess.h ++++ linux-2.6.16.5/include/asm-m32r/uaccess.h +@@ -5,17 +5,9 @@ + * linux/include/asm-m32r/uaccess.h + * + * M32R version. +- * Copyright (C) 2004 Hirokazu Takata ++ * Copyright (C) 2004, 2006 Hirokazu Takata + */ + +-#undef UACCESS_DEBUG +- +-#ifdef UACCESS_DEBUG +-#define UAPRINTK(args...) printk(args) +-#else +-#define UAPRINTK(args...) +-#endif /* UACCESS_DEBUG */ +- + /* + * User space memory access functions + */ +@@ -38,27 +30,29 @@ + #define MAKE_MM_SEG(s) ((mm_segment_t) { (s) }) + + #ifdef CONFIG_MMU ++ + #define KERNEL_DS MAKE_MM_SEG(0xFFFFFFFF) + #define USER_DS MAKE_MM_SEG(PAGE_OFFSET) +-#else +-#define KERNEL_DS MAKE_MM_SEG(0xFFFFFFFF) +-#define USER_DS MAKE_MM_SEG(0xFFFFFFFF) +-#endif /* CONFIG_MMU */ +- + #define get_ds() (KERNEL_DS) +-#ifdef CONFIG_MMU + #define get_fs() (current_thread_info()->addr_limit) + #define set_fs(x) (current_thread_info()->addr_limit = (x)) +-#else ++ ++#else /* not CONFIG_MMU */ ++ ++#define KERNEL_DS MAKE_MM_SEG(0xFFFFFFFF) ++#define USER_DS MAKE_MM_SEG(0xFFFFFFFF) ++#define get_ds() (KERNEL_DS) ++ + static inline mm_segment_t get_fs(void) + { +- return USER_DS; ++ return USER_DS; + } + + static inline void set_fs(mm_segment_t s) + { + } +-#endif /* CONFIG_MMU */ ++ ++#endif /* not CONFIG_MMU */ + + #define segment_eq(a,b) ((a).seg == (b).seg) + +@@ -83,9 +77,9 @@ static inline void set_fs(mm_segment_t s + " subx %0, %0\n" \ + " cmpu %4, %1\n" \ + " subx %0, %5\n" \ +- : "=&r"(flag), "=r"(sum) \ +- : "1"(addr), "r"((int)(size)), \ +- "r"(current_thread_info()->addr_limit.seg), "r"(0) \ ++ : "=&r" (flag), "=r" (sum) \ ++ : "1" (addr), "r" ((int)(size)), \ ++ "r" (current_thread_info()->addr_limit.seg), "r" (0) \ + : "cbit" ); \ + flag; }) + +@@ -113,10 +107,10 @@ static inline void set_fs(mm_segment_t s + #else + static inline int access_ok(int type, const void *addr, unsigned long size) + { +- extern unsigned long memory_start, memory_end; +- unsigned long val = (unsigned long)addr; ++ extern unsigned long memory_start, memory_end; ++ unsigned long val = (unsigned long)addr; + +- return ((val >= memory_start) && ((val + size) < memory_end)); ++ return ((val >= memory_start) && ((val + size) < memory_end)); + } + #endif /* CONFIG_MMU */ + +@@ -155,39 +149,6 @@ extern int fixup_exception(struct pt_reg + * accesses to the same area of user memory). + */ + +-extern void __get_user_1(void); +-extern void __get_user_2(void); +-extern void __get_user_4(void); +- +-#ifndef MODULE +-#define __get_user_x(size,ret,x,ptr) \ +- __asm__ __volatile__( \ +- " mv r0, %0\n" \ +- " mv r1, %1\n" \ +- " bl __get_user_" #size "\n" \ +- " mv %0, r0\n" \ +- " mv %1, r1\n" \ +- : "=r"(ret), "=r"(x) \ +- : "0"(ptr) \ +- : "r0", "r1", "r14" ) +-#else /* MODULE */ +-/* +- * Use "jl" instead of "bl" for MODULE +- */ +-#define __get_user_x(size,ret,x,ptr) \ +- __asm__ __volatile__( \ +- " mv r0, %0\n" \ +- " mv r1, %1\n" \ +- " seth lr, #high(__get_user_" #size ")\n" \ +- " or3 lr, lr, #low(__get_user_" #size ")\n" \ +- " jl lr\n" \ +- " mv %0, r0\n" \ +- " mv %1, r1\n" \ +- : "=r"(ret), "=r"(x) \ +- : "0"(ptr) \ +- : "r0", "r1", "r14" ) +-#endif +- + /* Careful: we have to cast the result to the type of the pointer for sign + reasons */ + /** +@@ -208,20 +169,7 @@ extern void __get_user_4(void); + * On error, the variable @x is set to zero. + */ + #define get_user(x,ptr) \ +-({ int __ret_gu; \ +- unsigned long __val_gu; \ +- __chk_user_ptr(ptr); \ +- switch(sizeof (*(ptr))) { \ +- case 1: __get_user_x(1,__ret_gu,__val_gu,ptr); break; \ +- case 2: __get_user_x(2,__ret_gu,__val_gu,ptr); break; \ +- case 4: __get_user_x(4,__ret_gu,__val_gu,ptr); break; \ +- default: __get_user_x(X,__ret_gu,__val_gu,ptr); break; \ +- } \ +- (x) = (__typeof__(*(ptr)))__val_gu; \ +- __ret_gu; \ +-}) +- +-extern void __put_user_bad(void); ++ __get_user_check((x),(ptr),sizeof(*(ptr))) + + /** + * put_user: - Write a simple value into user space. +@@ -240,8 +188,7 @@ extern void __put_user_bad(void); + * Returns zero on success, or -EFAULT on error. + */ + #define put_user(x,ptr) \ +- __put_user_check((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr))) +- ++ __put_user_check((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr))) + + /** + * __get_user: - Get a simple variable from user space, with less checking. +@@ -264,8 +211,64 @@ extern void __put_user_bad(void); + * On error, the variable @x is set to zero. + */ + #define __get_user(x,ptr) \ +- __get_user_nocheck((x),(ptr),sizeof(*(ptr))) ++ __get_user_nocheck((x),(ptr),sizeof(*(ptr))) + ++#define __get_user_nocheck(x,ptr,size) \ ++({ \ ++ long __gu_err = 0; \ ++ unsigned long __gu_val; \ ++ might_sleep(); \ ++ __get_user_size(__gu_val,(ptr),(size),__gu_err); \ ++ (x) = (__typeof__(*(ptr)))__gu_val; \ ++ __gu_err; \ ++}) ++ ++#define __get_user_check(x,ptr,size) \ ++({ \ ++ long __gu_err = -EFAULT; \ ++ unsigned long __gu_val = 0; \ ++ const __typeof__(*(ptr)) __user *__gu_addr = (ptr); \ ++ might_sleep(); \ ++ if (access_ok(VERIFY_READ,__gu_addr,size)) \ ++ __get_user_size(__gu_val,__gu_addr,(size),__gu_err); \ ++ (x) = (__typeof__(*(ptr)))__gu_val; \ ++ __gu_err; \ ++}) ++ ++extern long __get_user_bad(void); ++ ++#define __get_user_size(x,ptr,size,retval) \ ++do { \ ++ retval = 0; \ ++ __chk_user_ptr(ptr); \ ++ switch (size) { \ ++ case 1: __get_user_asm(x,ptr,retval,"ub"); break; \ ++ case 2: __get_user_asm(x,ptr,retval,"uh"); break; \ ++ case 4: __get_user_asm(x,ptr,retval,""); break; \ ++ default: (x) = __get_user_bad(); \ ++ } \ ++} while (0) ++ ++#define __get_user_asm(x, addr, err, itype) \ ++ __asm__ __volatile__( \ ++ " .fillinsn\n" \ ++ "1: ld"itype" %1,@%2\n" \ ++ " .fillinsn\n" \ ++ "2:\n" \ ++ ".section .fixup,\"ax\"\n" \ ++ " .balign 4\n" \ ++ "3: ldi %0,%3\n" \ ++ " seth r14,#high(2b)\n" \ ++ " or3 r14,r14,#low(2b)\n" \ ++ " jmp r14\n" \ ++ ".previous\n" \ ++ ".section __ex_table,\"a\"\n" \ ++ " .balign 4\n" \ ++ " .long 1b,3b\n" \ ++ ".previous" \ ++ : "=&r" (err), "=&r" (x) \ ++ : "r" (addr), "i" (-EFAULT), "0" (err) \ ++ : "r14", "memory") + + /** + * __put_user: - Write a simple value into user space, with less checking. +@@ -287,11 +290,13 @@ extern void __put_user_bad(void); + * Returns zero on success, or -EFAULT on error. + */ + #define __put_user(x,ptr) \ +- __put_user_nocheck((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr))) ++ __put_user_nocheck((__typeof__(*(ptr)))(x),(ptr),sizeof(*(ptr))) ++ + + #define __put_user_nocheck(x,ptr,size) \ + ({ \ + long __pu_err; \ ++ might_sleep(); \ + __put_user_size((x),(ptr),(size),__pu_err); \ + __pu_err; \ + }) +@@ -308,28 +313,28 @@ extern void __put_user_bad(void); + }) + + #if defined(__LITTLE_ENDIAN__) +-#define __put_user_u64(x, addr, err) \ +- __asm__ __volatile__( \ +- " .fillinsn\n" \ +- "1: st %L1,@%2\n" \ +- " .fillinsn\n" \ +- "2: st %H1,@(4,%2)\n" \ +- " .fillinsn\n" \ +- "3:\n" \ +- ".section .fixup,\"ax\"\n" \ +- " .balign 4\n" \ +- "4: ldi %0,%3\n" \ +- " seth r14,#high(3b)\n" \ +- " or3 r14,r14,#low(3b)\n" \ +- " jmp r14\n" \ +- ".previous\n" \ +- ".section __ex_table,\"a\"\n" \ +- " .balign 4\n" \ +- " .long 1b,4b\n" \ +- " .long 2b,4b\n" \ +- ".previous" \ +- : "=&r"(err) \ +- : "r"(x), "r"(addr), "i"(-EFAULT), "0"(err) \ ++#define __put_user_u64(x, addr, err) \ ++ __asm__ __volatile__( \ ++ " .fillinsn\n" \ ++ "1: st %L1,@%2\n" \ ++ " .fillinsn\n" \ ++ "2: st %H1,@(4,%2)\n" \ ++ " .fillinsn\n" \ ++ "3:\n" \ ++ ".section .fixup,\"ax\"\n" \ ++ " .balign 4\n" \ ++ "4: ldi %0,%3\n" \ ++ " seth r14,#high(3b)\n" \ ++ " or3 r14,r14,#low(3b)\n" \ ++ " jmp r14\n" \ ++ ".previous\n" \ ++ ".section __ex_table,\"a\"\n" \ ++ " .balign 4\n" \ ++ " .long 1b,4b\n" \ ++ " .long 2b,4b\n" \ ++ ".previous" \ ++ : "=&r" (err) \ ++ : "r" (x), "r" (addr), "i" (-EFAULT), "0" (err) \ + : "r14", "memory") + + #elif defined(__BIG_ENDIAN__) +@@ -353,13 +358,15 @@ extern void __put_user_bad(void); + " .long 1b,4b\n" \ + " .long 2b,4b\n" \ + ".previous" \ +- : "=&r"(err) \ +- : "r"(x), "r"(addr), "i"(-EFAULT), "0"(err) \ ++ : "=&r" (err) \ ++ : "r" (x), "r" (addr), "i" (-EFAULT), "0" (err) \ + : "r14", "memory") + #else + #error no endian defined + #endif + ++extern void __put_user_bad(void); ++ + #define __put_user_size(x,ptr,size,retval) \ + do { \ + retval = 0; \ +@@ -398,52 +405,8 @@ struct __large_struct { unsigned long bu + " .balign 4\n" \ + " .long 1b,3b\n" \ + ".previous" \ +- : "=&r"(err) \ +- : "r"(x), "r"(addr), "i"(-EFAULT), "0"(err) \ +- : "r14", "memory") +- +-#define __get_user_nocheck(x,ptr,size) \ +-({ \ +- long __gu_err; \ +- unsigned long __gu_val; \ +- __get_user_size(__gu_val,(ptr),(size),__gu_err); \ +- (x) = (__typeof__(*(ptr)))__gu_val; \ +- __gu_err; \ +-}) +- +-extern long __get_user_bad(void); +- +-#define __get_user_size(x,ptr,size,retval) \ +-do { \ +- retval = 0; \ +- __chk_user_ptr(ptr); \ +- switch (size) { \ +- case 1: __get_user_asm(x,ptr,retval,"ub"); break; \ +- case 2: __get_user_asm(x,ptr,retval,"uh"); break; \ +- case 4: __get_user_asm(x,ptr,retval,""); break; \ +- default: (x) = __get_user_bad(); \ +- } \ +-} while (0) +- +-#define __get_user_asm(x, addr, err, itype) \ +- __asm__ __volatile__( \ +- " .fillinsn\n" \ +- "1: ld"itype" %1,@%2\n" \ +- " .fillinsn\n" \ +- "2:\n" \ +- ".section .fixup,\"ax\"\n" \ +- " .balign 4\n" \ +- "3: ldi %0,%3\n" \ +- " seth r14,#high(2b)\n" \ +- " or3 r14,r14,#low(2b)\n" \ +- " jmp r14\n" \ +- ".previous\n" \ +- ".section __ex_table,\"a\"\n" \ +- " .balign 4\n" \ +- " .long 1b,3b\n" \ +- ".previous" \ +- : "=&r"(err), "=&r"(x) \ +- : "r"(addr), "i"(-EFAULT), "0"(err) \ ++ : "=&r" (err) \ ++ : "r" (x), "r" (addr), "i" (-EFAULT), "0" (err) \ + : "r14", "memory") + + /* +@@ -453,7 +416,6 @@ do { \ + * anything, so this is accurate. + */ + +- + /* + * Copy To/From Userspace + */ +@@ -511,8 +473,9 @@ do { \ + " .long 2b,9b\n" \ + " .long 3b,9b\n" \ + ".previous\n" \ +- : "=&r"(__dst), "=&r"(__src), "=&r"(size), "=&r"(__c) \ +- : "0"(to), "1"(from), "2"(size), "3"(size / 4) \ ++ : "=&r" (__dst), "=&r" (__src), "=&r" (size), \ ++ "=&r" (__c) \ ++ : "0" (to), "1" (from), "2" (size), "3" (size / 4) \ + : "r14", "memory"); \ + } while (0) + +@@ -573,8 +536,9 @@ do { \ + " .long 2b,7b\n" \ + " .long 3b,7b\n" \ + ".previous\n" \ +- : "=&r"(__dst), "=&r"(__src), "=&r"(size), "=&r"(__c) \ +- : "0"(to), "1"(from), "2"(size), "3"(size / 4) \ ++ : "=&r" (__dst), "=&r" (__src), "=&r" (size), \ ++ "=&r" (__c) \ ++ : "0" (to), "1" (from), "2" (size), "3" (size / 4) \ + : "r14", "memory"); \ + } while (0) + +@@ -676,7 +640,7 @@ unsigned long __generic_copy_from_user(v + #define copy_from_user(to,from,n) \ + ({ \ + might_sleep(); \ +-__generic_copy_from_user((to),(from),(n)); \ ++ __generic_copy_from_user((to),(from),(n)); \ + }) + + long __must_check strncpy_from_user(char *dst, const char __user *src, + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:13 2006 +Message-Id: <20060413230313.522340000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:49 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + torvalds@osdl.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + takata@linux-m32r.org, + fujiwara.hayato@renesas.com, + Greg Kroah-Hartman +Subject: [patch 08/22] m32r: Fix cpu_possible_map and cpu_present_map initialization for SMP kernel +Content-Disposition: inline; filename=m32r-fix-cpu_possible_map-and-cpu_present_map-initialization-for-smp-kernel.patch +Content-Length: 4237 +Lines: 150 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Hirokazu Takata + +This patch fixes a boot problem of the m32r SMP kernel 2.6.16-rc1-mm3 or +later. + +In this patch, cpu_possible_map is statically initialized, and cpu_present_map +is also copied from cpu_possible_map in smp_prepare_cpus(), because the m32r +architecture has not supported CPU hotplug yet. + +Signed-off-by: Hayato Fujiwara +Signed-off-by: Hirokazu Takata +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + arch/m32r/kernel/setup.c | 12 +++++------- + arch/m32r/kernel/smpboot.c | 19 ++++++++++--------- + include/asm-m32r/smp.h | 3 ++- + 3 files changed, 17 insertions(+), 17 deletions(-) + +--- linux-2.6.16.5.orig/arch/m32r/kernel/setup.c ++++ linux-2.6.16.5/arch/m32r/kernel/setup.c +@@ -9,6 +9,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -218,8 +219,6 @@ static unsigned long __init setup_memory + extern unsigned long setup_memory(void); + #endif /* CONFIG_DISCONTIGMEM */ + +-#define M32R_PCC_PCATCR 0x00ef7014 /* will move to m32r.h */ +- + void __init setup_arch(char **cmdline_p) + { + ROOT_DEV = old_decode_dev(ORIG_ROOT_DEV); +@@ -268,15 +267,14 @@ void __init setup_arch(char **cmdline_p) + paging_init(); + } + +-static struct cpu cpu[NR_CPUS]; ++static struct cpu cpu_devices[NR_CPUS]; + + static int __init topology_init(void) + { +- int cpu_id; ++ int i; + +- for (cpu_id = 0; cpu_id < NR_CPUS; cpu_id++) +- if (cpu_possible(cpu_id)) +- register_cpu(&cpu[cpu_id], cpu_id, NULL); ++ for_each_present_cpu(i) ++ register_cpu(&cpu_devices[i], i, NULL); + + return 0; + } +--- linux-2.6.16.5.orig/arch/m32r/kernel/smpboot.c ++++ linux-2.6.16.5/arch/m32r/kernel/smpboot.c +@@ -39,8 +39,10 @@ + * Martin J. Bligh : Added support for multi-quad systems + */ + ++#include + #include + #include ++#include + #include + #include + #include +@@ -72,11 +74,15 @@ physid_mask_t phys_cpu_present_map; + + /* Bitmask of currently online CPUs */ + cpumask_t cpu_online_map; ++EXPORT_SYMBOL(cpu_online_map); + + cpumask_t cpu_bootout_map; + cpumask_t cpu_bootin_map; +-cpumask_t cpu_callout_map; + static cpumask_t cpu_callin_map; ++cpumask_t cpu_callout_map; ++EXPORT_SYMBOL(cpu_callout_map); ++cpumask_t cpu_possible_map = CPU_MASK_ALL; ++EXPORT_SYMBOL(cpu_possible_map); + + /* Per CPU bogomips and other parameters */ + struct cpuinfo_m32r cpu_data[NR_CPUS] __cacheline_aligned; +@@ -110,7 +116,6 @@ static unsigned int calibration_result; + + void smp_prepare_boot_cpu(void); + void smp_prepare_cpus(unsigned int); +-static void smp_tune_scheduling(void); + static void init_ipi_lock(void); + static void do_boot_cpu(int); + int __cpu_up(unsigned int); +@@ -177,6 +182,9 @@ void __init smp_prepare_cpus(unsigned in + } + for (phys_id = 0 ; phys_id < nr_cpu ; phys_id++) + physid_set(phys_id, phys_cpu_present_map); ++#ifndef CONFIG_HOTPLUG_CPU ++ cpu_present_map = cpu_possible_map; ++#endif + + show_mp_info(nr_cpu); + +@@ -186,7 +194,6 @@ void __init smp_prepare_cpus(unsigned in + * Setup boot CPU information + */ + smp_store_cpu_info(0); /* Final full version of the data */ +- smp_tune_scheduling(); + + /* + * If SMP should be disabled, then really disable it! +@@ -230,11 +237,6 @@ smp_done: + Dprintk("Boot done.\n"); + } + +-static void __init smp_tune_scheduling(void) +-{ +- /* Nothing to do. */ +-} +- + /* + * init_ipi_lock : Initialize IPI locks. + */ +@@ -629,4 +631,3 @@ static void __init unmap_cpu_to_physid(i + physid_2_cpu[phys_id] = -1; + cpu_2_physid[cpu_id] = -1; + } +- +--- linux-2.6.16.5.orig/include/asm-m32r/smp.h ++++ linux-2.6.16.5/include/asm-m32r/smp.h +@@ -67,7 +67,8 @@ extern volatile int cpu_2_physid[NR_CPUS + #define raw_smp_processor_id() (current_thread_info()->cpu) + + extern cpumask_t cpu_callout_map; +-#define cpu_possible_map cpu_callout_map ++extern cpumask_t cpu_possible_map; ++extern cpumask_t cpu_present_map; + + static __inline__ int hard_smp_processor_id(void) + { + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:13 2006 +Message-Id: <20060413230313.663254000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:50 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + Miklos Szeredi , + Greg Kroah-Hartman +Subject: [patch 09/22] fuse: fix oops in fuse_send_readpages() +Content-Disposition: inline; filename=fuse-fix-oops-in-fuse_send_readpages.patch +Content-Length: 1194 +Lines: 41 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ +During heavy parallel filesystem activity it was possible to Oops the +kernel. The reason is that read_cache_pages() could skip pages which +have already been inserted into the cache by another task. +Occasionally this may result in zero pages actually being sent, while +fuse_send_readpages() relies on at least one page being in the +request. + +So check this corner case and just free the request instead of trying +to send it. + +Reported and tested by Konstantin Isakov. + +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fuse/file.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- linux-2.6.16.5.orig/fs/fuse/file.c ++++ linux-2.6.16.5/fs/fuse/file.c +@@ -397,8 +397,12 @@ static int fuse_readpages(struct file *f + return -EINTR; + + err = read_cache_pages(mapping, pages, fuse_readpages_fill, &data); +- if (!err) +- fuse_send_readpages(data.req, file, inode); ++ if (!err) { ++ if (data.req->num_pages) ++ fuse_send_readpages(data.req, file, inode); ++ else ++ fuse_put_request(fc, data.req); ++ } + return err; + } + + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:13 2006 +Message-Id: <20060413230313.809382000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:51 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + Martin Bligh , + Rohit Seth , + Nick Piggin , + KAMEZAWA Hiroyuki , + Greg Kroah-Hartman +Subject: [patch 10/22] Fix buddy list race that could lead to page lru list corruptions +Content-Disposition: inline; filename=fix-buddy-list-race-that-could-lead-to-page-lru-list-corruptions.patch +Content-Length: 5919 +Lines: 161 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Nick Piggin + +[PATCH] Fix buddy list race that could lead to page lru list corruptions + +Rohit found an obscure bug causing buddy list corruption. + +page_is_buddy is using a non-atomic test (PagePrivate && page_count == 0) +to determine whether or not a free page's buddy is itself free and in the +buddy lists. + +Each of the conjuncts may be true at different times due to unrelated +conditions, so the non-atomic page_is_buddy test may find each conjunct to +be true even if they were not both true at the same time (ie. the page was +not on the buddy lists). + +Signed-off-by: Martin Bligh +Signed-off-by: Rohit Seth +Signed-off-by: Nick Piggin +Signed-off-by: KAMEZAWA Hiroyuki +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/mm.h | 5 ++--- + include/linux/page-flags.h | 8 +++++++- + mm/page_alloc.c | 31 ++++++++++++++++++------------- + 3 files changed, 27 insertions(+), 17 deletions(-) + +--- linux-2.6.16.5.orig/include/linux/mm.h ++++ linux-2.6.16.5/include/linux/mm.h +@@ -229,10 +229,9 @@ struct page { + unsigned long private; /* Mapping-private opaque data: + * usually used for buffer_heads + * if PagePrivate set; used for +- * swp_entry_t if PageSwapCache. +- * When page is free, this ++ * swp_entry_t if PageSwapCache; + * indicates order in the buddy +- * system. ++ * system if PG_buddy is set. + */ + struct address_space *mapping; /* If low bit clear, points to + * inode address_space, or NULL. +--- linux-2.6.16.5.orig/include/linux/page-flags.h ++++ linux-2.6.16.5/include/linux/page-flags.h +@@ -74,7 +74,9 @@ + #define PG_mappedtodisk 16 /* Has blocks allocated on-disk */ + #define PG_reclaim 17 /* To be reclaimed asap */ + #define PG_nosave_free 18 /* Free, should not be written */ +-#define PG_uncached 19 /* Page has been mapped as uncached */ ++#define PG_buddy 19 /* Page is free, on buddy lists */ ++ ++#define PG_uncached 20 /* Page has been mapped as uncached */ + + /* + * Global page accounting. One instance per CPU. Only unsigned longs are +@@ -319,6 +321,10 @@ extern void __mod_page_state_offset(unsi + #define SetPageNosaveFree(page) set_bit(PG_nosave_free, &(page)->flags) + #define ClearPageNosaveFree(page) clear_bit(PG_nosave_free, &(page)->flags) + ++#define PageBuddy(page) test_bit(PG_buddy, &(page)->flags) ++#define __SetPageBuddy(page) __set_bit(PG_buddy, &(page)->flags) ++#define __ClearPageBuddy(page) __clear_bit(PG_buddy, &(page)->flags) ++ + #define PageMappedToDisk(page) test_bit(PG_mappedtodisk, &(page)->flags) + #define SetPageMappedToDisk(page) set_bit(PG_mappedtodisk, &(page)->flags) + #define ClearPageMappedToDisk(page) clear_bit(PG_mappedtodisk, &(page)->flags) +--- linux-2.6.16.5.orig/mm/page_alloc.c ++++ linux-2.6.16.5/mm/page_alloc.c +@@ -153,7 +153,8 @@ static void bad_page(struct page *page) + 1 << PG_reclaim | + 1 << PG_slab | + 1 << PG_swapcache | +- 1 << PG_writeback ); ++ 1 << PG_writeback | ++ 1 << PG_buddy ); + set_page_count(page, 0); + reset_page_mapcount(page); + page->mapping = NULL; +@@ -224,12 +225,12 @@ static inline unsigned long page_order(s + + static inline void set_page_order(struct page *page, int order) { + set_page_private(page, order); +- __SetPagePrivate(page); ++ __SetPageBuddy(page); + } + + static inline void rmv_page_order(struct page *page) + { +- __ClearPagePrivate(page); ++ __ClearPageBuddy(page); + set_page_private(page, 0); + } + +@@ -268,11 +269,13 @@ __find_combined_index(unsigned long page + * This function checks whether a page is free && is the buddy + * we can do coalesce a page and its buddy if + * (a) the buddy is not in a hole && +- * (b) the buddy is free && +- * (c) the buddy is on the buddy system && +- * (d) a page and its buddy have the same order. +- * for recording page's order, we use page_private(page) and PG_private. ++ * (b) the buddy is in the buddy system && ++ * (c) a page and its buddy have the same order. ++ * ++ * For recording whether a page is in the buddy system, we use PG_buddy. ++ * Setting, clearing, and testing PG_buddy is serialized by zone->lock. + * ++ * For recording page's order, we use page_private(page). + */ + static inline int page_is_buddy(struct page *page, int order) + { +@@ -281,10 +284,10 @@ static inline int page_is_buddy(struct p + return 0; + #endif + +- if (PagePrivate(page) && +- (page_order(page) == order) && +- page_count(page) == 0) ++ if (PageBuddy(page) && page_order(page) == order) { ++ BUG_ON(page_count(page) != 0); + return 1; ++ } + return 0; + } + +@@ -301,7 +304,7 @@ static inline int page_is_buddy(struct p + * as necessary, plus some accounting needed to play nicely with other + * parts of the VM system. + * At each level, we keep a list of pages, which are heads of continuous +- * free pages of length of (1 << order) and marked with PG_Private.Page's ++ * free pages of length of (1 << order) and marked with PG_buddy. Page's + * order is recorded in page_private(page) field. + * So when we are allocating or freeing one, we can derive the state of the + * other. That is, if we allocate a small block, and both were +@@ -364,7 +367,8 @@ static inline int free_pages_check(struc + 1 << PG_slab | + 1 << PG_swapcache | + 1 << PG_writeback | +- 1 << PG_reserved )))) ++ 1 << PG_reserved | ++ 1 << PG_buddy )))) + bad_page(page); + if (PageDirty(page)) + __ClearPageDirty(page); +@@ -522,7 +526,8 @@ static int prep_new_page(struct page *pa + 1 << PG_slab | + 1 << PG_swapcache | + 1 << PG_writeback | +- 1 << PG_reserved )))) ++ 1 << PG_reserved | ++ 1 << PG_buddy )))) + bad_page(page); + + /* + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:14 2006 +Message-Id: <20060413230313.945803000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:52 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + sfr@canb.auug.org.au, + hch@lst.de +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + Al Viro , + Greg Kroah-Hartman +Subject: [patch 11/22] Fix block device symlink name +Content-Disposition: inline; filename=fix-block-device-symlink-name.patch +Content-Length: 1172 +Lines: 43 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Stephen Rothwell + +As noted further on the this file, some block devices have a / in their +name, so fix the "block:..." symlink name the same as the /sys/block name. + +Signed-off-by: Stephen Rothwell +Cc: Al Viro +Cc: Christoph Hellwig +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + + +--- + fs/partitions/check.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- linux-2.6.16.5.orig/fs/partitions/check.c ++++ linux-2.6.16.5/fs/partitions/check.c +@@ -345,6 +345,7 @@ static char *make_block_name(struct gend + char *name; + static char *block_str = "block:"; + int size; ++ char *s; + + size = strlen(block_str) + strlen(disk->disk_name) + 1; + name = kmalloc(size, GFP_KERNEL); +@@ -352,6 +353,10 @@ static char *make_block_name(struct gend + return NULL; + strcpy(name, block_str); + strcat(name, disk->disk_name); ++ /* ewww... some of these buggers have / in name... */ ++ s = strchr(name, '/'); ++ if (s) ++ *s = '!'; + return name; + } + + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:14 2006 +Message-Id: <20060413230314.089064000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:53 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + torvalds@osdl.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + leonid.i.ananiev@intel.com, + Greg Kroah-Hartman +Subject: [patch 12/22] ext3: Fix missed mutex unlock +Content-Disposition: inline; filename=ext3-fix-missed-mutex-unlock.patch +Content-Length: 781 +Lines: 28 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: "Ananiev, Leonid I" + +Missed unlock_super()call is added in error condition code path. + +Signed-off-by: Leonid Ananiev +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext3/resize.c | 1 + + 1 file changed, 1 insertion(+) + +--- linux-2.6.16.5.orig/fs/ext3/resize.c ++++ linux-2.6.16.5/fs/ext3/resize.c +@@ -974,6 +974,7 @@ int ext3_group_extend(struct super_block + if (o_blocks_count != le32_to_cpu(es->s_blocks_count)) { + ext3_warning(sb, __FUNCTION__, + "multiple resizers run on filesystem!"); ++ unlock_super(sb); + err = -EBUSY; + goto exit_put; + } + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:14 2006 +Message-Id: <20060413230314.229276000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:54 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + Adrian Bunk , + Greg Kroah-Hartman +Subject: [patch 13/22] edac_752x needs CONFIG_HOTPLUG +Content-Disposition: inline; filename=edac_752x-needs-config_hotplug.patch +Content-Length: 996 +Lines: 35 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Randy Dunlap + +EDAC_752X uses pci_scan_single_device(), which is only available +if CONFIG_HOTPLUG is enabled, so limit this driver with HOTPLUG. + +This patch was already included in Linus' tree. + +Adrian Bunk: +Rediffed for 2.6.16.x due to unrelated context changes. + +Signed-off-by: Randy Dunlap +Signed-off-by: Adrian Bunk +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/edac/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- linux-2.6.16.5.orig/drivers/edac/Kconfig ++++ linux-2.6.16.5/drivers/edac/Kconfig +@@ -71,7 +71,7 @@ config EDAC_E7XXX + + config EDAC_E752X + tristate "Intel e752x (e7520, e7525, e7320)" +- depends on EDAC_MM_EDAC && PCI ++ depends on EDAC_MM_EDAC && PCI && HOTPLUG + help + Support for error detection and correction on the Intel + E7520, E7525, E7320 server chipsets. + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:14 2006 +Message-Id: <20060413230314.367503000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:55 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + mikem@beardog.cca.cpqcorp.net, + mike.miller@hp.com +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + Stephen Cameron , + Greg Kroah-Hartman +Subject: [patch 14/22] cciss: bug fix for crash when running hpacucli +Content-Disposition: inline; filename=cciss-bug-fix-for-crash-when-running-hpacucli.patch +Content-Length: 4353 +Lines: 151 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: "Mike Miller" + +Fix a crash when running hpacucli with multiple logical volumes on a cciss +controller. We were not properly initializing the disk->queue and causing +a fault. + +Thanks to Hasso Tepper for reporting the problem. Thanks to Steve Cameron +for root causing the problem. Most of the patch just moves things around. +The fix is a one-liner. + +Signed-off-by: Mike Miller +Signed-off-by: Stephen Cameron +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/block/cciss.c | 96 +++++++++++++++++++++++++------------------------- + 1 file changed, 49 insertions(+), 47 deletions(-) + +--- linux-2.6.16.5.orig/drivers/block/cciss.c ++++ linux-2.6.16.5/drivers/block/cciss.c +@@ -1181,6 +1181,53 @@ static int revalidate_allvol(ctlr_info_t + return 0; + } + ++static inline void complete_buffers(struct bio *bio, int status) ++{ ++ while (bio) { ++ struct bio *xbh = bio->bi_next; ++ int nr_sectors = bio_sectors(bio); ++ ++ bio->bi_next = NULL; ++ blk_finished_io(len); ++ bio_endio(bio, nr_sectors << 9, status ? 0 : -EIO); ++ bio = xbh; ++ } ++ ++} ++ ++static void cciss_softirq_done(struct request *rq) ++{ ++ CommandList_struct *cmd = rq->completion_data; ++ ctlr_info_t *h = hba[cmd->ctlr]; ++ unsigned long flags; ++ u64bit temp64; ++ int i, ddir; ++ ++ if (cmd->Request.Type.Direction == XFER_READ) ++ ddir = PCI_DMA_FROMDEVICE; ++ else ++ ddir = PCI_DMA_TODEVICE; ++ ++ /* command did not need to be retried */ ++ /* unmap the DMA mapping for all the scatter gather elements */ ++ for(i=0; iHeader.SGList; i++) { ++ temp64.val32.lower = cmd->SG[i].Addr.lower; ++ temp64.val32.upper = cmd->SG[i].Addr.upper; ++ pci_unmap_page(h->pdev, temp64.val, cmd->SG[i].Len, ddir); ++ } ++ ++ complete_buffers(rq->bio, rq->errors); ++ ++#ifdef CCISS_DEBUG ++ printk("Done with %p\n", rq); ++#endif /* CCISS_DEBUG */ ++ ++ spin_lock_irqsave(&h->lock, flags); ++ end_that_request_last(rq, rq->errors); ++ cmd_free(h, cmd,1); ++ spin_unlock_irqrestore(&h->lock, flags); ++} ++ + /* This function will check the usage_count of the drive to be updated/added. + * If the usage_count is zero then the drive information will be updated and + * the disk will be re-registered with the kernel. If not then it will be +@@ -1249,6 +1296,8 @@ static void cciss_update_drive_info(int + + blk_queue_max_sectors(disk->queue, 512); + ++ blk_queue_softirq_done(disk->queue, cciss_softirq_done); ++ + disk->queue->queuedata = hba[ctlr]; + + blk_queue_hardsect_size(disk->queue, +@@ -2148,20 +2197,6 @@ static void start_io( ctlr_info_t *h) + addQ (&(h->cmpQ), c); + } + } +- +-static inline void complete_buffers(struct bio *bio, int status) +-{ +- while (bio) { +- struct bio *xbh = bio->bi_next; +- int nr_sectors = bio_sectors(bio); +- +- bio->bi_next = NULL; +- blk_finished_io(len); +- bio_endio(bio, nr_sectors << 9, status ? 0 : -EIO); +- bio = xbh; +- } +- +-} + /* Assumes that CCISS_LOCK(h->ctlr) is held. */ + /* Zeros out the error record and then resends the command back */ + /* to the controller */ +@@ -2179,39 +2214,6 @@ static inline void resend_cciss_cmd( ctl + start_io(h); + } + +-static void cciss_softirq_done(struct request *rq) +-{ +- CommandList_struct *cmd = rq->completion_data; +- ctlr_info_t *h = hba[cmd->ctlr]; +- unsigned long flags; +- u64bit temp64; +- int i, ddir; +- +- if (cmd->Request.Type.Direction == XFER_READ) +- ddir = PCI_DMA_FROMDEVICE; +- else +- ddir = PCI_DMA_TODEVICE; +- +- /* command did not need to be retried */ +- /* unmap the DMA mapping for all the scatter gather elements */ +- for(i=0; iHeader.SGList; i++) { +- temp64.val32.lower = cmd->SG[i].Addr.lower; +- temp64.val32.upper = cmd->SG[i].Addr.upper; +- pci_unmap_page(h->pdev, temp64.val, cmd->SG[i].Len, ddir); +- } +- +- complete_buffers(rq->bio, rq->errors); +- +-#ifdef CCISS_DEBUG +- printk("Done with %p\n", rq); +-#endif /* CCISS_DEBUG */ +- +- spin_lock_irqsave(&h->lock, flags); +- end_that_request_last(rq, rq->errors); +- cmd_free(h, cmd,1); +- spin_unlock_irqrestore(&h->lock, flags); +-} +- + /* checks the status of the job and calls complete buffers to mark all + * buffers for the completed job. Note that this function does not need + * to hold the hba/queue lock. + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:14 2006 +Message-Id: <20060413230314.509684000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:56 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + torvalds@osdl.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + buhrain@rosettastone.com, + ink@jurassic.park.msu.ru, + Richard Henderson , + Greg Kroah-Hartman +Subject: [patch 15/22] alpha: SMP boot fixes +Content-Disposition: inline; filename=alpha-smp-boot-fixes.patch +Content-Length: 3678 +Lines: 111 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ + +From: Brian Uhrain says: + +I've encountered two problems with 2.6.16 and newer kernels on my API CS20 +(dual 833MHz Alpha 21264b processors). The first is the kernel OOPSing +because of a NULL pointer dereference while trying to populate SysFS with the +CPU information. The other is that only one processor was being brought up. +I've included a small Alpha-specific patch that fixes both problems. + +The first problem was caused by the CPUs never being properly registered using +register_cpu(), the way it's done on other architectures. + +The second problem has to do with the removal of hwrpb_cpu_present_mask in +arch/alpha/kernel/smp.c. In setup_smp() in the 2.6.15 kernel sources, +hwrpb_cpu_present_mask has a bit set for each processor that is probed, and +afterwards cpu_present_mask is set to the cpumask for the boot CPU. In the +same function of the same file in the 2.6.16 sources, instead of +hwrpb_cpu_present_mask being set, cpu_possible_map is updated for each probed +CPU. cpu_present_mask is still set to the cpumask of the boot CPU afterwards. + The problem lies in include/asm-alpha/smp.h, where cpu_possible_map is +#define'd to be cpu_present_mask. + +Cleanups from: Ivan Kokshaysky + + - cpu_present_mask and cpu_possible_map are essentially the same thing + on alpha, as it doesn't support CPU hotplug; + - allocate "struct cpu" only for present CPUs, like sparc64 does. + Static array of "struct cpu" is just a waste of memory. + +Signed-off-by: Brian Uhrain +Cc: Richard Henderson +Cc: Ivan Kokshaysky +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + arch/alpha/kernel/setup.c | 17 +++++++++++++++++ + arch/alpha/kernel/smp.c | 8 +++----- + 2 files changed, 20 insertions(+), 5 deletions(-) + +--- linux-2.6.16.5.orig/arch/alpha/kernel/setup.c ++++ linux-2.6.16.5/arch/alpha/kernel/setup.c +@@ -24,6 +24,7 @@ + #include /* CONFIG_ALPHA_LCA etc */ + #include + #include ++#include + #include + #include + #include +@@ -477,6 +478,22 @@ page_is_ram(unsigned long pfn) + #undef PFN_PHYS + #undef PFN_MAX + ++static int __init ++register_cpus(void) ++{ ++ int i; ++ ++ for_each_possible_cpu(i) { ++ struct cpu *p = kzalloc(sizeof(*p), GFP_KERNEL); ++ if (!p) ++ return -ENOMEM; ++ register_cpu(p, i, NULL); ++ } ++ return 0; ++} ++ ++arch_initcall(register_cpus); ++ + void __init + setup_arch(char **cmdline_p) + { +--- linux-2.6.16.5.orig/arch/alpha/kernel/smp.c ++++ linux-2.6.16.5/arch/alpha/kernel/smp.c +@@ -439,7 +439,7 @@ setup_smp(void) + if ((cpu->flags & 0x1cc) == 0x1cc) { + smp_num_probed++; + /* Assume here that "whami" == index */ +- cpu_set(i, cpu_possible_map); ++ cpu_set(i, cpu_present_mask); + cpu->pal_revision = boot_cpu_palrev; + } + +@@ -450,9 +450,8 @@ setup_smp(void) + } + } else { + smp_num_probed = 1; +- cpu_set(boot_cpuid, cpu_possible_map); ++ cpu_set(boot_cpuid, cpu_present_mask); + } +- cpu_present_mask = cpumask_of_cpu(boot_cpuid); + + printk(KERN_INFO "SMP: %d CPUs probed -- cpu_present_mask = %lx\n", + smp_num_probed, cpu_possible_map.bits[0]); +@@ -488,9 +487,8 @@ void __devinit + smp_prepare_boot_cpu(void) + { + /* +- * Mark the boot cpu (current cpu) as both present and online ++ * Mark the boot cpu (current cpu) as online + */ +- cpu_set(smp_processor_id(), cpu_present_mask); + cpu_set(smp_processor_id(), cpu_online_map); + } + + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:14 2006 +Message-Id: <20060413230314.653098000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:57 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + Jes Sorensen , + Nathan Scott +Subject: [patch 16/22] Fix utime(2) in the case that no times parameter was passed in. +Content-Disposition: inline; filename=XFS-Fix-utime-2-in-the-case-that-no-times-parameter-was-passed-in.patch +Content-Length: 792 +Lines: 30 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ + +SGI-PV: 949858 +SGI-Modid: xfs-linux-melb:xfs-kern:25717a + +Signed-off-by: Jes Sorensen +Signed-off-by: Nathan Scott + +--- + + fs/xfs/linux-2.6/xfs_iops.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +8c0b5113a55c698f3190ec85925815640f1c2049 +--- linux-2.6.16.5.orig/fs/xfs/linux-2.6/xfs_iops.c ++++ linux-2.6.16.5/fs/xfs/linux-2.6/xfs_iops.c +@@ -673,8 +673,7 @@ linvfs_setattr( + if (ia_valid & ATTR_ATIME) { + vattr.va_mask |= XFS_AT_ATIME; + vattr.va_atime = attr->ia_atime; +- if (ia_valid & ATTR_ATIME_SET) +- inode->i_atime = attr->ia_atime; ++ inode->i_atime = attr->ia_atime; + } + if (ia_valid & ATTR_MTIME) { + vattr.va_mask |= XFS_AT_MTIME; + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:14 2006 +Message-Id: <20060413230314.793450000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:58 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + Martin Schwidefsky , + Ulrich Weigand , + Cliff Wickman , + Ingo Molnar +Subject: [patch 17/22] RLIMIT_CPU: fix handling of a zero limit +Content-Disposition: inline; filename=RLIMIT_CPU-fix-handling-of-a-zero-limit.patch +Content-Length: 1835 +Lines: 53 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ + +At present the kernel doesn't honour an attempt to set RLIMIT_CPU to zero +seconds. But the spec says it should, and that's what 2.4.x does. + +Fixing this for real would involve some complexity (such as adding a new +it-has-been-set flag to the task_struct, and testing that everwhere, instead +of overloading the value of it_prof_expires). + +Given that a 2.4 kernel won't actually send the signal until one second has +expired anyway, let's just handle this case by treating the caller's +zero-seconds as one second. + +Cc: Martin Schwidefsky +Cc: Ulrich Weigand +Cc: Cliff Wickman +Acked-by: Ingo Molnar +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds + +--- + + kernel/sys.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +e0661111e5441995f7a69dc4336c9f131cb9bc58 +--- linux-2.6.16.5.orig/kernel/sys.c ++++ linux-2.6.16.5/kernel/sys.c +@@ -1657,7 +1657,19 @@ asmlinkage long sys_setrlimit(unsigned i + (cputime_eq(current->signal->it_prof_expires, cputime_zero) || + new_rlim.rlim_cur <= cputime_to_secs( + current->signal->it_prof_expires))) { +- cputime_t cputime = secs_to_cputime(new_rlim.rlim_cur); ++ unsigned long rlim_cur = new_rlim.rlim_cur; ++ cputime_t cputime; ++ ++ if (rlim_cur == 0) { ++ /* ++ * The caller is asking for an immediate RLIMIT_CPU ++ * expiry. But we use the zero value to mean "it was ++ * never set". So let's cheat and make it one second ++ * instead ++ */ ++ rlim_cur = 1; ++ } ++ cputime = secs_to_cputime(rlim_cur); + read_lock(&tasklist_lock); + spin_lock_irq(¤t->sighand->siglock); + set_process_cpu_timer(current, CPUCLOCK_PROF, + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:15 2006 +Message-Id: <20060413230314.936225000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:01:59 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + Steve French , + Greg Kroah-Hartman +Subject: [patch 18/22] Incorrect signature sent on SMB Read +Content-Disposition: inline; filename=CIFS-Incorrect-signature-sent-on-SMB-Read.patch +Content-Length: 3201 +Lines: 90 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ +Fixes Samba bug 3621 and kernel.org bug 6147 + +For servers which require SMB/CIFS packet signing, we were sending the +wrong signature (all zeros) on SMB Read request. The new cifs routine +to do signatures across an iovec was not complete - and SMB Read, unlike +the new SMBWrite2, did not fall back to the older routine (ie use +SendReceive vs. the more efficient SendReceive2 ie used the older +cifs_sign_smb vs. the disabled cifs_sign_smb2) for calculating signatures. + +This finishes up cifs_sign_smb2/cifs_calc_signature2 so that the callers +of SendReceive2 can get SMB/CIFS packet signatures. + +Now that cifs_sign_smb2 is supported, we could start using it in +the write path but this smaller fix does not include the change +to use SMBWrite2 when signatures are required (which when enabled +will make more Writes more efficient and alloc less memory). +Currently Write2 is only used when signatures are not +required at the moment but after more testing we will enable +that as well). + +Thanks to James Slepicka and Sam Flory for initial investigation. + +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/cifsencrypt.c | 36 +++++++++++++++++++++++------------- + 1 file changed, 23 insertions(+), 13 deletions(-) + +--- linux-2.6.16.5.orig/fs/cifs/cifsencrypt.c ++++ linux-2.6.16.5/fs/cifs/cifsencrypt.c +@@ -56,9 +56,6 @@ int cifs_sign_smb(struct smb_hdr * cifs_ + int rc = 0; + char smb_signature[20]; + +- /* BB remember to initialize sequence number elsewhere and initialize mac_signing key elsewhere BB */ +- /* BB remember to add code to save expected sequence number in midQ entry BB */ +- + if((cifs_pdu == NULL) || (server == NULL)) + return -EINVAL; + +@@ -85,20 +82,33 @@ int cifs_sign_smb(struct smb_hdr * cifs_ + static int cifs_calc_signature2(const struct kvec * iov, int n_vec, + const char * key, char * signature) + { +- struct MD5Context context; +- +- if((iov == NULL) || (signature == NULL)) +- return -EINVAL; ++ struct MD5Context context; ++ int i; + +- MD5Init(&context); +- MD5Update(&context,key,CIFS_SESSION_KEY_SIZE+16); ++ if((iov == NULL) || (signature == NULL)) ++ return -EINVAL; + +-/* MD5Update(&context,cifs_pdu->Protocol,cifs_pdu->smb_buf_length); */ /* BB FIXME BB */ ++ MD5Init(&context); ++ MD5Update(&context,key,CIFS_SESSION_KEY_SIZE+16); ++ for(i=0;i +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:02:00 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + Pavel Machek , + Greg Kroah-Hartman +Subject: [patch 19/22] Fix suspend with traced tasks +Content-Disposition: inline; filename=Fix-suspend-with-traced-tasks.patch +Content-Length: 1361 +Lines: 42 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ +strace /bin/bash misbehaves after resume; this fixes it. + +(akpm: it's scary calling refrigerator() in state TASK_TRACED, but it seems to +do the right thing). + +Signed-off-by: Pavel Machek +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/power/process.c | 3 +-- + kernel/signal.c | 1 + + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- linux-2.6.16.5.orig/kernel/power/process.c ++++ linux-2.6.16.5/kernel/power/process.c +@@ -25,8 +25,7 @@ static inline int freezeable(struct task + (p->flags & PF_NOFREEZE) || + (p->exit_state == EXIT_ZOMBIE) || + (p->exit_state == EXIT_DEAD) || +- (p->state == TASK_STOPPED) || +- (p->state == TASK_TRACED)) ++ (p->state == TASK_STOPPED)) + return 0; + return 1; + } +--- linux-2.6.16.5.orig/kernel/signal.c ++++ linux-2.6.16.5/kernel/signal.c +@@ -1688,6 +1688,7 @@ static void ptrace_stop(int exit_code, i + /* Let the debugger run. */ + set_current_state(TASK_TRACED); + spin_unlock_irq(¤t->sighand->siglock); ++ try_to_freeze(); + read_lock(&tasklist_lock); + if (likely(current->ptrace & PT_PTRACED) && + likely(current->parent != current->real_parent || + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:15 2006 +Message-Id: <20060413230315.223538000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:02:01 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + Paul Fulghum +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + GregKH +Subject: [patch 20/22] USB: remove __init from usb_console_setup +Content-Disposition: inline; filename=usb-remove-__init-from-usb_console_setup.patch +Content-Length: 843 +Lines: 27 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ +From: Paul Fulghum + +This prevents an Oops if booted with "console=ttyUSB0" but without a +USB-serial dongle, and plugged one in afterwards. + +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/console.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- linux-2.6.16.5.orig/drivers/usb/serial/console.c ++++ linux-2.6.16.5/drivers/usb/serial/console.c +@@ -54,7 +54,7 @@ static struct console usbcons; + * serial.c code, except that the specifier is "ttyUSB" instead + * of "ttyS". + */ +-static int __init usb_console_setup(struct console *co, char *options) ++static int usb_console_setup(struct console *co, char *options) + { + struct usbcons_info *info = &usbcons_info; + int baud = 9600; + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:15 2006 +Message-Id: <20060413230315.357982000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:02:02 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + Andrea Arcangeli , + Roland McGrath , + Greg Kroah-Hartman +Subject: [patch 21/22] fix non-leader exec under ptrace +Content-Disposition: inline; filename=fix-non-leader-exec-under-ptrace.patch +Content-Length: 1541 +Lines: 56 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ + +This reverts most of commit 30e0fca6c1d7d26f3f2daa4dd2b12c51dadc778a. +It broke the case of non-leader MT exec when ptraced. +I think the bug it was intended to fix was already addressed by commit +788e05a67c343fa22f2ae1d3ca264e7f15c25eaf. + +Signed-off-by: Roland McGrath +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/ptrace.c | 7 ++----- + kernel/signal.c | 4 ++-- + 2 files changed, 4 insertions(+), 7 deletions(-) + +--- linux-2.6.16.5.orig/kernel/ptrace.c ++++ linux-2.6.16.5/kernel/ptrace.c +@@ -57,10 +57,6 @@ void ptrace_untrace(task_t *child) + signal_wake_up(child, 1); + } + } +- if (child->signal->flags & SIGNAL_GROUP_EXIT) { +- sigaddset(&child->pending.signal, SIGKILL); +- signal_wake_up(child, 1); +- } + spin_unlock(&child->sighand->siglock); + } + +@@ -82,7 +78,8 @@ void __ptrace_unlink(task_t *child) + SET_LINKS(child); + } + +- ptrace_untrace(child); ++ if (child->state == TASK_TRACED) ++ ptrace_untrace(child); + } + + /* +--- linux-2.6.16.5.orig/kernel/signal.c ++++ linux-2.6.16.5/kernel/signal.c +@@ -1942,9 +1942,9 @@ relock: + /* Let the debugger run. */ + ptrace_stop(signr, signr, info); + +- /* We're back. Did the debugger cancel the sig or group_exit? */ ++ /* We're back. Did the debugger cancel the sig? */ + signr = current->exit_code; +- if (signr == 0 || current->signal->flags & SIGNAL_GROUP_EXIT) ++ if (signr == 0) + continue; + + current->exit_code = 0; + +-- + +From greg@quad.kroah.org Thu Apr 13 16:03:15 2006 +Message-Id: <20060413230315.502782000@quad.kroah.org> +References: <20060413230141.330705000@quad.kroah.org> +User-Agent: quilt/0.44-1 +Date: Thu, 13 Apr 2006 16:02:03 -0700 +From: Greg KH +To: linux-kernel@vger.kernel.org, + stable@kernel.org, + Herbert Xu , + davem@davemloft.net +Cc: Justin Forbes , + Zwane Mwaikambo , + Theodore Ts'o , + Randy Dunlap , + Dave Jones , + Chuck Wolber , + torvalds@osdl.org, + akpm@osdl.org, + alan@lxorguk.ukuu.org.uk, + chas@cmf.nrl.navy.mil, + netdev@vger.kernel.org, + Stephen Hemminger , + Greg Kroah-Hartman +Subject: [patch 22/22] atm: clip causes unregister hang +Content-Disposition: inline; filename=atm-clip-causes-unregister-hang.patch +Content-Length: 3445 +Lines: 114 + +-stable review patch. If anyone has any objections, please let us know. + +------------------ + +If Classical IP over ATM module is loaded, its neighbor table gets +populated when permanent neighbor entries are created; but these entries +are not flushed when the device is removed. Since the entry never gets +flushed the unregister of the network device never completes. + +This version of the patch also adds locking around the reference to +the atm arp daemon to avoid races with events and daemon state changes. +(Note: barrier() was never really safe) + +Bug-reference: http://bugzilla.kernel.org/show_bug.cgi?id=6295 + +Signed-off-by: Stephen Hemminger +Signed-off-by: Greg Kroah-Hartman + +--- + net/atm/clip.c | 42 +++++++++++++++++++++++++++--------------- + 1 file changed, 27 insertions(+), 15 deletions(-) + +--- linux-2.6.16.5.orig/net/atm/clip.c ++++ linux-2.6.16.5/net/atm/clip.c +@@ -613,12 +613,19 @@ static int clip_create(int number) + + + static int clip_device_event(struct notifier_block *this,unsigned long event, +- void *dev) ++ void *arg) + { ++ struct net_device *dev = arg; ++ ++ if (event == NETDEV_UNREGISTER) { ++ neigh_ifdown(&clip_tbl, dev); ++ return NOTIFY_DONE; ++ } ++ + /* ignore non-CLIP devices */ +- if (((struct net_device *) dev)->type != ARPHRD_ATM || +- ((struct net_device *) dev)->hard_start_xmit != clip_start_xmit) ++ if (dev->type != ARPHRD_ATM || dev->hard_start_xmit != clip_start_xmit) + return NOTIFY_DONE; ++ + switch (event) { + case NETDEV_UP: + DPRINTK("clip_device_event NETDEV_UP\n"); +@@ -686,14 +693,12 @@ static struct notifier_block clip_inet_n + static void atmarpd_close(struct atm_vcc *vcc) + { + DPRINTK("atmarpd_close\n"); +- atmarpd = NULL; /* assumed to be atomic */ +- barrier(); +- unregister_inetaddr_notifier(&clip_inet_notifier); +- unregister_netdevice_notifier(&clip_dev_notifier); +- if (skb_peek(&sk_atm(vcc)->sk_receive_queue)) +- printk(KERN_ERR "atmarpd_close: closing with requests " +- "pending\n"); ++ ++ rtnl_lock(); ++ atmarpd = NULL; + skb_queue_purge(&sk_atm(vcc)->sk_receive_queue); ++ rtnl_unlock(); ++ + DPRINTK("(done)\n"); + module_put(THIS_MODULE); + } +@@ -714,7 +719,12 @@ static struct atm_dev atmarpd_dev = { + + static int atm_init_atmarp(struct atm_vcc *vcc) + { +- if (atmarpd) return -EADDRINUSE; ++ rtnl_lock(); ++ if (atmarpd) { ++ rtnl_unlock(); ++ return -EADDRINUSE; ++ } ++ + if (start_timer) { + start_timer = 0; + init_timer(&idle_timer); +@@ -731,10 +741,7 @@ static int atm_init_atmarp(struct atm_vc + vcc->push = NULL; + vcc->pop = NULL; /* crash */ + vcc->push_oam = NULL; /* crash */ +- if (register_netdevice_notifier(&clip_dev_notifier)) +- printk(KERN_ERR "register_netdevice_notifier failed\n"); +- if (register_inetaddr_notifier(&clip_inet_notifier)) +- printk(KERN_ERR "register_inetaddr_notifier failed\n"); ++ rtnl_unlock(); + return 0; + } + +@@ -992,6 +999,8 @@ static int __init atm_clip_init(void) + + clip_tbl_hook = &clip_tbl; + register_atm_ioctl(&clip_ioctl_ops); ++ register_netdevice_notifier(&clip_dev_notifier); ++ register_inetaddr_notifier(&clip_inet_notifier); + + #ifdef CONFIG_PROC_FS + { +@@ -1012,6 +1021,9 @@ static void __exit atm_clip_exit(void) + + remove_proc_entry("arp", atm_proc_root); + ++ unregister_inetaddr_notifier(&clip_inet_notifier); ++ unregister_netdevice_notifier(&clip_dev_notifier); ++ + deregister_atm_ioctl(&clip_ioctl_ops); + + /* First, stop the idle timer, so it stops banging + +-- + diff --git a/queue-2.6.16/series b/review-2.6.16/series similarity index 88% rename from queue-2.6.16/series rename to review-2.6.16/series index 8223475264d..0561b4b206c 100644 --- a/queue-2.6.16/series +++ b/review-2.6.16/series @@ -17,3 +17,6 @@ XFS-Fix-utime-2-in-the-case-that-no-times-parameter-was-passed-in.patch RLIMIT_CPU-fix-handling-of-a-zero-limit.patch CIFS-Incorrect-signature-sent-on-SMB-Read.patch Fix-suspend-with-traced-tasks.patch +usb-remove-__init-from-usb_console_setup.patch +fix-non-leader-exec-under-ptrace.patch +atm-clip-causes-unregister-hang.patch diff --git a/queue-2.6.16/sky2-bad-memory-reference-on-dual-port-cards.patch b/review-2.6.16/sky2-bad-memory-reference-on-dual-port-cards.patch similarity index 100% rename from queue-2.6.16/sky2-bad-memory-reference-on-dual-port-cards.patch rename to review-2.6.16/sky2-bad-memory-reference-on-dual-port-cards.patch diff --git a/review-2.6.16/usb-remove-__init-from-usb_console_setup.patch b/review-2.6.16/usb-remove-__init-from-usb_console_setup.patch new file mode 100644 index 00000000000..f907d993de5 --- /dev/null +++ b/review-2.6.16/usb-remove-__init-from-usb_console_setup.patch @@ -0,0 +1,30 @@ +From stable-bounces@linux.kernel.org Wed Apr 12 14:42:27 2006 +Date: Wed, 12 Apr 2006 23:41:59 +0200 (CEST) +From: Guennadi Liakhovetski +To: Paul Fulghum +Message-ID: +Cc: GregKH +Subject: USB: remove __init from usb_console_setup + +From: Paul Fulghum + +This prevents an Oops if booted with "console=ttyUSB0" but without a +USB-serial dongle, and plugged one in afterwards. + +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/console.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- linux-2.6.16.5.orig/drivers/usb/serial/console.c ++++ linux-2.6.16.5/drivers/usb/serial/console.c +@@ -54,7 +54,7 @@ static struct console usbcons; + * serial.c code, except that the specifier is "ttyUSB" instead + * of "ttyS". + */ +-static int __init usb_console_setup(struct console *co, char *options) ++static int usb_console_setup(struct console *co, char *options) + { + struct usbcons_info *info = &usbcons_info; + int baud = 9600;