From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Fri, 22 Feb 2008 23:25:04 +0000 (-0800)
Subject: .24 patches
X-Git-Tag: v2.6.22.19~6
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1880f3b86fe30981691c9a155bf6f742e3b30c17;p=thirdparty%2Fkernel%2Fstable-queue.git

.24 patches
---

diff --git a/queue-2.6.24/bonding-fix-null-pointer-deref-in-startup-processing.patch b/queue-2.6.24/bonding-fix-null-pointer-deref-in-startup-processing.patch
new file mode 100644
index 00000000000..5b9f16a7f45
--- /dev/null
+++ b/queue-2.6.24/bonding-fix-null-pointer-deref-in-startup-processing.patch
@@ -0,0 +1,51 @@
+From stable-bounces@linux.kernel.org Fri Feb 15 10:01:30 2008
+From: Jay Vosburgh <fubar@us.ibm.com>
+Date: Fri, 15 Feb 2008 10:00:41 -0800
+Subject: bonding: fix NULL pointer deref in startup processing
+To: stable@kernel.org
+Message-ID: <26347.1203098441@death>
+
+
+From: Jay Vosburgh <fubar@us.ibm.com>
+
+patch 4fe4763cd8cacd81d892193efb48b99c99c15323 in mainline.
+
+	Fix the "are we creating a duplicate" check to not compare
+the name if the name is NULL (meaning that the system should select
+a name).  Bug reported by Benny Amorsen <benny+usenet@amorsen.dk>.
+
+Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
+Signed-off-by: Jeff Garzik <jeff@garzik.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/bonding/bond_main.c |   16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+--- a/drivers/net/bonding/bond_main.c
++++ b/drivers/net/bonding/bond_main.c
+@@ -4883,14 +4883,16 @@ int bond_create(char *name, struct bond_
+ 	down_write(&bonding_rwsem);
+ 
+ 	/* Check to see if the bond already exists. */
+-	list_for_each_entry_safe(bond, nxt, &bond_dev_list, bond_list)
+-		if (strnicmp(bond->dev->name, name, IFNAMSIZ) == 0) {
+-			printk(KERN_ERR DRV_NAME
++	if (name) {
++		list_for_each_entry_safe(bond, nxt, &bond_dev_list, bond_list)
++			if (strnicmp(bond->dev->name, name, IFNAMSIZ) == 0) {
++				printk(KERN_ERR DRV_NAME
+ 			       ": cannot add bond %s; it already exists\n",
+-			       name);
+-			res = -EPERM;
+-			goto out_rtnl;
+-		}
++				       name);
++				res = -EPERM;
++				goto out_rtnl;
++			}
++	}
+ 
+ 	bond_dev = alloc_netdev(sizeof(struct bonding), name ? name : "",
+ 				ether_setup);
diff --git a/queue-2.6.24/series b/queue-2.6.24/series
index e5f8f965c20..d4adc2bb80e 100644
--- a/queue-2.6.24/series
+++ b/queue-2.6.24/series
@@ -34,3 +34,5 @@ scsi-gdth-scan-for-scsi-devices.patch
 kbuild-allow-fstack-protector-to-take-effect.patch
 pcmcia-fix-station-address-detection-in-smc.patch
 powerpc-revert-chrp_pci_fixup_vt8231_ata-devinit-to-fix-libata-on-pegasos.patch
+bonding-fix-null-pointer-deref-in-startup-processing.patch
+x86_64-cpa-fix-cache-attribute-inconsistency-bug.patch
diff --git a/queue-2.6.24/x86_64-cpa-fix-cache-attribute-inconsistency-bug.patch b/queue-2.6.24/x86_64-cpa-fix-cache-attribute-inconsistency-bug.patch
new file mode 100644
index 00000000000..ac39dfdd722
--- /dev/null
+++ b/queue-2.6.24/x86_64-cpa-fix-cache-attribute-inconsistency-bug.patch
@@ -0,0 +1,61 @@
+From linux-kernel-owner+greg=40kroah.com-S1761610AbYBOUA1@vger.kernel.org Fri Feb 15 12:00:56 2008
+From: Ingo Molnar <mingo@elte.hu>
+Date: Fri, 15 Feb 2008 20:59:33 +0100
+Subject: x86_64: CPA, fix cache attribute inconsistency bug
+To: stable@kernel.org
+Cc: linux-kernel@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>, Andi Kleen <andi@firstfloor.org>
+Message-ID: <20080215195933.GC15432@elte.hu>
+Content-Disposition: inline
+
+From: Ingo Molnar <mingo@elte.hu>
+
+(no matching git id as the upstream code is rewritten)
+
+fix CPA cache attribute bug in v2.6.24. When phys_base is nonzero (when 
+CONFIG_RELOCATABLE=y) then change_page_attr_addr() miscalculates the 
+secondary alias address by -14 MB (depending on the configured offset).
+
+The default 64-bit kernels of Fedora and Ubuntu are affected:
+
+   $ grep RELOCA /boot/config-2.6.23.9-85.fc8
+     CONFIG_RELOCATABLE=y
+
+   $ grep RELOC /boot/config-2.6.22-14-generic
+     CONFIG_RELOCATABLE=y
+
+and probably on many other distros as well.
+
+the bug affects all pages in the first 40 MB of physical RAM that
+are allocated by some subsystem that does ioremap_nocache() on them:
+
+       if (__pa(address) < KERNEL_TEXT_SIZE) {
+
+Hence we might leave page table entries with inconsistent cache
+attributes around (pages mapped at both UnCacheable and Write-Back),
+and we can also set the wrong kernel text pages to UnCacheable.
+
+the effects of this bug can be random slowdowns and other misbehavior.
+If for example AGP allocates its aperture pages into the first 40 MB
+of physical RAM, then the -14 MB bug might mark random kernel texto
+pages as uncacheable, slowing down a random portion of the 64-bit
+kernel until the AGP driver is unloaded.
+
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Acked-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/mm/pageattr_64.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/mm/pageattr_64.c
++++ b/arch/x86/mm/pageattr_64.c
+@@ -207,7 +207,7 @@ int change_page_attr_addr(unsigned long 
+ 		if (__pa(address) < KERNEL_TEXT_SIZE) {
+ 			unsigned long addr2;
+ 			pgprot_t prot2;
+-			addr2 = __START_KERNEL_map + __pa(address);
++			addr2 = __START_KERNEL_map + __pa(address) - phys_base;
+ 			/* Make sure the kernel mappings stay executable */
+ 			prot2 = pte_pgprot(pte_mkexec(pfn_pte(0, prot)));
+ 			err = __change_page_attr(addr2, pfn, prot2,