From bb4b1d3ac990f1d8a2e643156cf114fae477a5a6 Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Mon, 21 May 2007 15:33:33 -0700 Subject: [PATCH] Push out existing queue-2.6.20 --- ...ule-pointer-before-freeing-algorithm.patch | 37 ++++ ...evt_attr-till-the-device-is-released.patch | 53 ++++++ queue-2.6.20/iop-fix-iop_getttimeoffset.patch | 53 ++++++ .../iop13xx-fix-i-o-address-translation.patch | 114 ++++++++++++ ...fy-corrupt-grev0-packets-through-nat.patch | 164 ++++++++++++++++++ .../ipv6-track-device-renames-in-snmp6.patch | 56 ++++++ ...x-race-waking-up-jfsio-kernel-thread.patch | 38 ++++ ...reads-that-share-mm-with-killed-task.patch | 39 +++++ .../sata_via-add-missing-pm-hooks.patch | 44 +++++ queue-2.6.20/series | 11 ++ ...ompilation-breakage-wjen-debug-is-on.patch | 30 ++++ ...-flush-all-pages-in-change_page_attr.patch | 40 +++++ 12 files changed, 679 insertions(+) create mode 100644 queue-2.6.20/crypto-api-read-module-pointer-before-freeing-algorithm.patch create mode 100644 queue-2.6.20/driver-core-don-t-free-devt_attr-till-the-device-is-released.patch create mode 100644 queue-2.6.20/iop-fix-iop_getttimeoffset.patch create mode 100644 queue-2.6.20/iop13xx-fix-i-o-address-translation.patch create mode 100644 queue-2.6.20/ip-nf-_nat_proto_gre-do-not-modify-corrupt-grev0-packets-through-nat.patch create mode 100644 queue-2.6.20/ipv6-track-device-renames-in-snmp6.patch create mode 100644 queue-2.6.20/jfs-fix-race-waking-up-jfsio-kernel-thread.patch create mode 100644 queue-2.6.20/oom-kill-all-threads-that-share-mm-with-killed-task.patch create mode 100644 queue-2.6.20/sata_via-add-missing-pm-hooks.patch create mode 100644 queue-2.6.20/series create mode 100644 queue-2.6.20/smc911x-fix-compilation-breakage-wjen-debug-is-on.patch create mode 100644 queue-2.6.20/x86-64-always-flush-all-pages-in-change_page_attr.patch diff --git a/queue-2.6.20/crypto-api-read-module-pointer-before-freeing-algorithm.patch b/queue-2.6.20/crypto-api-read-module-pointer-before-freeing-algorithm.patch new file mode 100644 index 00000000000..ea11c1e1357 --- /dev/null +++ b/queue-2.6.20/crypto-api-read-module-pointer-before-freeing-algorithm.patch @@ -0,0 +1,37 @@ +From stable-bounces@linux.kernel.org Fri May 18 21:59:38 2007 +Date: Sat, 19 May 2007 14:57:38 +1000 +From: Herbert Xu +To: stable@kernel.org +Message-ID: <20070519045738.GA4743@gondor.apana.org.au> +Subject: CRYPTO: api: Read module pointer before freeing algorithm + +The function crypto_mod_put first frees the algorithm and then drops +the reference to its module. Unfortunately we read the module pointer +which after freeing the algorithm and that pointer sits inside the +object that we just freed. + +So this patch reads the module pointer out before we free the object. + +Thanks to Luca Tettamanti for reporting this. + +Signed-off-by: Herbert Xu +Signed-off-by: Chris Wright + +--- + crypto/api.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- linux-2.6.20.11.orig/crypto/api.c ++++ linux-2.6.20.11/crypto/api.c +@@ -48,8 +48,10 @@ EXPORT_SYMBOL_GPL(crypto_mod_get); + + void crypto_mod_put(struct crypto_alg *alg) + { ++ struct module *module = alg->cra_module; ++ + crypto_alg_put(alg); +- module_put(alg->cra_module); ++ module_put(module); + } + EXPORT_SYMBOL_GPL(crypto_mod_put); + diff --git a/queue-2.6.20/driver-core-don-t-free-devt_attr-till-the-device-is-released.patch b/queue-2.6.20/driver-core-don-t-free-devt_attr-till-the-device-is-released.patch new file mode 100644 index 00000000000..d3b111880a3 --- /dev/null +++ b/queue-2.6.20/driver-core-don-t-free-devt_attr-till-the-device-is-released.patch @@ -0,0 +1,53 @@ +From stable-bounces@linux.kernel.org Thu May 10 07:47:30 2007 +Message-ID: <46432FFD.1040304@gmail.com> +Date: Thu, 10 May 2007 16:45:17 +0200 +From: Tejun Heo +To: Greg KH +Cc: stable@kernel.org, Alan Stern , linux-usb-devel@lists.sourceforge.net, Chris Rankin +Subject: driver-core: don't free devt_attr till the device is released + +Currently, devt_attr for the "dev" file is freed immediately on device +removal, but if the "dev" sysfs file is open when a device is removed, +sysfs will access its attribute structure for further access including +close resulting in jumping to garbled address. Fix it by postponing +freeing devt_attr to device release time. + +Note that devt_attr for class_device is already freed on release. + +This bug is reported by Chris Rankin as bugzilla bug#8198. + +Signed-off-by: Tejun Heo +Cc: Chris Rankin +Signed-off-by: Chris Wright +--- +Applies well to 2.6.20 and 21. As sysfs-immediate-disconnect doesn't +seem to be included in 2.6.22, this should be included in linus#master +too (applies well there as well). + + drivers/base/core.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- linux-2.6.20.11.orig/drivers/base/core.c ++++ linux-2.6.20.11/drivers/base/core.c +@@ -93,6 +93,9 @@ static void device_release(struct kobjec + { + struct device * dev = to_dev(kobj); + ++ kfree(dev->devt_attr); ++ dev->devt_attr = NULL; ++ + if (dev->release) + dev->release(dev); + else if (dev->class && dev->class->dev_release) +@@ -650,10 +653,8 @@ void device_del(struct device * dev) + + if (parent) + klist_del(&dev->knode_parent); +- if (dev->devt_attr) { ++ if (dev->devt_attr) + device_remove_file(dev, dev->devt_attr); +- kfree(dev->devt_attr); +- } + if (dev->class) { + sysfs_remove_link(&dev->kobj, "subsystem"); + /* If this is not a "fake" compatible device, remove the diff --git a/queue-2.6.20/iop-fix-iop_getttimeoffset.patch b/queue-2.6.20/iop-fix-iop_getttimeoffset.patch new file mode 100644 index 00000000000..ab10f5da919 --- /dev/null +++ b/queue-2.6.20/iop-fix-iop_getttimeoffset.patch @@ -0,0 +1,53 @@ +From stable-bounces@linux.kernel.org Wed May 2 11:45:45 2007 +From: Dan Williams +To: stable@kernel.org +Date: Wed, 02 May 2007 11:43:14 -0700 +Message-ID: <20070502184314.10289.8158.stgit@dwillia2-linux.ch.intel.com> +Cc: rmk@arm.linux.org.uk +Subject: [stable] [PATCH 1/2] iop: fix iop_getttimeoffset + +Fix a typo which causes a necessary cpwait to be missed on iop3xx, Michael +Brunner + +Save a register in the assembly routine, rmk + +Cc: Lennert Buytenhek +Cc: Russell King +Signed-off-by: Dan Williams +Signed-off-by: Chris Wright +--- + + arch/arm/plat-iop/time.c | 8 ++++---- + 1 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/arch/arm/plat-iop/time.c b/arch/arm/plat-iop/time.c +index 16300ad..0cc26da 100644 +--- a/arch/arm/plat-iop/time.c ++++ b/arch/arm/plat-iop/time.c +@@ -32,22 +32,22 @@ static unsigned long next_jiffy_time; + + unsigned long iop_gettimeoffset(void) + { +- unsigned long offset, temp1, temp2; ++ unsigned long offset, temp; + + /* enable cp6, if necessary, to avoid taking the overhead of an + * undefined instruction trap + */ + asm volatile ( + "mrc p15, 0, %0, c15, c1, 0\n\t" +- "ands %1, %0, #(1 << 6)\n\t" ++ "tst %0, #(1 << 6)\n\t" + "orreq %0, %0, #(1 << 6)\n\t" + "mcreq p15, 0, %0, c15, c1, 0\n\t" +-#ifdef CONFIG_XSCALE ++#ifdef CONFIG_CPU_XSCALE + "mrceq p15, 0, %0, c15, c1, 0\n\t" + "moveq %0, %0\n\t" + "subeq pc, pc, #4\n\t" + #endif +- : "=r"(temp1), "=r"(temp2) : : "cc"); ++ : "=r"(temp) : : "cc"); + + offset = next_jiffy_time - read_tcr1(); + diff --git a/queue-2.6.20/iop13xx-fix-i-o-address-translation.patch b/queue-2.6.20/iop13xx-fix-i-o-address-translation.patch new file mode 100644 index 00000000000..85e6364855d --- /dev/null +++ b/queue-2.6.20/iop13xx-fix-i-o-address-translation.patch @@ -0,0 +1,114 @@ +From stable-bounces@linux.kernel.org Wed May 2 11:45:25 2007 +From: Dan Williams +To: stable@kernel.org +Date: Wed, 02 May 2007 11:43:19 -0700 +Message-ID: <20070502184319.10289.25924.stgit@dwillia2-linux.ch.intel.com> +Cc: rmk@arm.linux.org.uk +Subject: iop13xx: fix i/o address translation + +PCI devices were being programmed with an incorrect base address value. +This patch moves I/O space into a 16-bit addressable region and corrects +the i/o offset. + +Much thanks to Martin Michlmayr for tracking this issue and testing +debug patches. + +Cc: Martin Michlmayr +Cc: Russell King +Signed-off-by: Dan Williams +Signed-off-by: Chris Wright +--- + + arch/arm/mach-iop13xx/pci.c | 8 ++++---- + include/asm-arm/arch-iop13xx/iop13xx.h | 22 +++++++++++++--------- + 2 files changed, 17 insertions(+), 13 deletions(-) + +--- linux-2.6.20.11.orig/arch/arm/mach-iop13xx/pci.c ++++ linux-2.6.20.11/arch/arm/mach-iop13xx/pci.c +@@ -1023,7 +1023,7 @@ int iop13xx_pci_setup(int nr, struct pci + << IOP13XX_ATUX_PCIXSR_FUNC_NUM; + __raw_writel(pcixsr, IOP13XX_ATUX_PCIXSR); + +- res[0].start = IOP13XX_PCIX_LOWER_IO_PA; ++ res[0].start = IOP13XX_PCIX_LOWER_IO_PA + IOP13XX_PCIX_IO_BUS_OFFSET; + res[0].end = IOP13XX_PCIX_UPPER_IO_PA; + res[0].name = "IQ81340 ATUX PCI I/O Space"; + res[0].flags = IORESOURCE_IO; +@@ -1033,7 +1033,7 @@ int iop13xx_pci_setup(int nr, struct pci + res[1].name = "IQ81340 ATUX PCI Memory Space"; + res[1].flags = IORESOURCE_MEM; + sys->mem_offset = IOP13XX_PCIX_MEM_OFFSET; +- sys->io_offset = IOP13XX_PCIX_IO_OFFSET; ++ sys->io_offset = IOP13XX_PCIX_LOWER_IO_PA; + break; + case IOP13XX_INIT_ATU_ATUE: + /* Note: the function number field in the PCSR is ro */ +@@ -1044,7 +1044,7 @@ int iop13xx_pci_setup(int nr, struct pci + + __raw_writel(pcsr, IOP13XX_ATUE_PCSR); + +- res[0].start = IOP13XX_PCIE_LOWER_IO_PA; ++ res[0].start = IOP13XX_PCIE_LOWER_IO_PA + IOP13XX_PCIE_IO_BUS_OFFSET; + res[0].end = IOP13XX_PCIE_UPPER_IO_PA; + res[0].name = "IQ81340 ATUE PCI I/O Space"; + res[0].flags = IORESOURCE_IO; +@@ -1054,7 +1054,7 @@ int iop13xx_pci_setup(int nr, struct pci + res[1].name = "IQ81340 ATUE PCI Memory Space"; + res[1].flags = IORESOURCE_MEM; + sys->mem_offset = IOP13XX_PCIE_MEM_OFFSET; +- sys->io_offset = IOP13XX_PCIE_IO_OFFSET; ++ sys->io_offset = IOP13XX_PCIE_LOWER_IO_PA; + sys->map_irq = iop13xx_pcie_map_irq; + break; + default: +--- linux-2.6.20.11.orig/include/asm-arm/arch-iop13xx/iop13xx.h ++++ linux-2.6.20.11/include/asm-arm/arch-iop13xx/iop13xx.h +@@ -55,19 +55,24 @@ static inline int iop13xx_cpu_id(void) + #define IOP13XX_PCI_OFFSET IOP13XX_MAX_RAM_SIZE + + /* PCI MAP +- * 0x0000.0000 - 0x8000.0000 1:1 mapping with Physical RAM +- * 0x8000.0000 - 0x8800.0000 PCIX/PCIE memory window (128MB) +-*/ ++ * bus range cpu phys cpu virt note ++ * 0x0000.0000 + 2GB (n/a) (n/a) inbound, 1:1 mapping with Physical RAM ++ * 0x8000.0000 + 928M 0x1.8000.0000 (ioremap) PCIX outbound memory window ++ * 0x8000.0000 + 928M 0x2.8000.0000 (ioremap) PCIE outbound memory window ++ * ++ * IO MAP ++ * 0x1000 + 64K 0x0.fffb.1000 0xfec6.1000 PCIX outbound i/o window ++ * 0x1000 + 64K 0x0.fffd.1000 0xfed7.1000 PCIE outbound i/o window ++ */ + #define IOP13XX_PCIX_IO_WINDOW_SIZE 0x10000UL + #define IOP13XX_PCIX_LOWER_IO_PA 0xfffb0000UL + #define IOP13XX_PCIX_LOWER_IO_VA 0xfec60000UL +-#define IOP13XX_PCIX_LOWER_IO_BA 0x0fff0000UL ++#define IOP13XX_PCIX_LOWER_IO_BA 0x0UL /* OIOTVR */ ++#define IOP13XX_PCIX_IO_BUS_OFFSET 0x1000UL + #define IOP13XX_PCIX_UPPER_IO_PA (IOP13XX_PCIX_LOWER_IO_PA +\ + IOP13XX_PCIX_IO_WINDOW_SIZE - 1) + #define IOP13XX_PCIX_UPPER_IO_VA (IOP13XX_PCIX_LOWER_IO_VA +\ + IOP13XX_PCIX_IO_WINDOW_SIZE - 1) +-#define IOP13XX_PCIX_IO_OFFSET (IOP13XX_PCIX_LOWER_IO_VA -\ +- IOP13XX_PCIX_LOWER_IO_BA) + #define IOP13XX_PCIX_IO_PHYS_TO_VIRT(addr) (u32) ((u32) addr -\ + (IOP13XX_PCIX_LOWER_IO_PA\ + - IOP13XX_PCIX_LOWER_IO_VA)) +@@ -93,15 +98,14 @@ static inline int iop13xx_cpu_id(void) + #define IOP13XX_PCIE_IO_WINDOW_SIZE 0x10000UL + #define IOP13XX_PCIE_LOWER_IO_PA 0xfffd0000UL + #define IOP13XX_PCIE_LOWER_IO_VA 0xfed70000UL +-#define IOP13XX_PCIE_LOWER_IO_BA 0x0fff0000UL ++#define IOP13XX_PCIE_LOWER_IO_BA 0x0UL /* OIOTVR */ ++#define IOP13XX_PCIE_IO_BUS_OFFSET 0x1000UL + #define IOP13XX_PCIE_UPPER_IO_PA (IOP13XX_PCIE_LOWER_IO_PA +\ + IOP13XX_PCIE_IO_WINDOW_SIZE - 1) + #define IOP13XX_PCIE_UPPER_IO_VA (IOP13XX_PCIE_LOWER_IO_VA +\ + IOP13XX_PCIE_IO_WINDOW_SIZE - 1) + #define IOP13XX_PCIE_UPPER_IO_BA (IOP13XX_PCIE_LOWER_IO_BA +\ + IOP13XX_PCIE_IO_WINDOW_SIZE - 1) +-#define IOP13XX_PCIE_IO_OFFSET (IOP13XX_PCIE_LOWER_IO_VA -\ +- IOP13XX_PCIE_LOWER_IO_BA) + #define IOP13XX_PCIE_IO_PHYS_TO_VIRT(addr) (u32) ((u32) addr -\ + (IOP13XX_PCIE_LOWER_IO_PA\ + - IOP13XX_PCIE_LOWER_IO_VA)) diff --git a/queue-2.6.20/ip-nf-_nat_proto_gre-do-not-modify-corrupt-grev0-packets-through-nat.patch b/queue-2.6.20/ip-nf-_nat_proto_gre-do-not-modify-corrupt-grev0-packets-through-nat.patch new file mode 100644 index 00000000000..93d82a5d832 --- /dev/null +++ b/queue-2.6.20/ip-nf-_nat_proto_gre-do-not-modify-corrupt-grev0-packets-through-nat.patch @@ -0,0 +1,164 @@ +From stable-bounces@linux.kernel.org Wed May 2 21:13:25 2007 +Message-ID: <46393773.60005@trash.net> +Date: Thu, 03 May 2007 03:14:27 +0200 +From: Patrick McHardy +To: "stable@kernel.org" +Cc: "David S. Miller" , Adrian Bunk +Subject: [NETFILTER]: {ip, nf}_nat_proto_gre: do not modify/corrupt GREv0 packets through NAT + +From: Jorge Boncompte + +While porting some changes of the 2.6.21-rc7 pptp/proto_gre conntrack +and nat modules to a 2.4.32 kernel I noticed that the gre_key function +returns a wrong pointer to the GRE key of a version 0 packet thus +corrupting the packet payload. + +The intended behaviour for GREv0 packets is to act like +nf_conntrack_proto_generic/nf_nat_proto_unknown so I have ripped the +offending functions (not used anymore) and modified the +nf_nat_proto_gre modules to not touch version 0 (non PPTP) packets. + +Signed-off-by: Jorge Boncompte +Signed-off-by: Patrick McHardy +Signed-off-by: Chris Wright + +--- +commit 244c67aee5750eb3a79c727d09c01a500e68bbbe +tree 29bbce944bba681886a6d58c0c6b7bca3858c0e1 +parent 8d8b10482fffcb72b15515231bb942e2ad6395c9 +author Jorge Boncompte Thu, 03 May 2007 02:50:51 +0200 +committer Patrick McHardy Thu, 03 May 2007 02:50:51 +0200 + + include/linux/netfilter/nf_conntrack_proto_gre.h | 18 ---------------- + include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h | 19 ----------------- + net/ipv4/netfilter/ip_nat_proto_gre.c | 20 +++++++----------- + net/ipv4/netfilter/nf_nat_proto_gre.c | 20 +++++++----------- + 4 files changed, 16 insertions(+), 61 deletions(-) + +--- linux-2.6.20.11.orig/include/linux/netfilter/nf_conntrack_proto_gre.h ++++ linux-2.6.20.11/include/linux/netfilter/nf_conntrack_proto_gre.h +@@ -87,24 +87,6 @@ int nf_ct_gre_keymap_add(struct nf_conn + /* delete keymap entries */ + void nf_ct_gre_keymap_destroy(struct nf_conn *ct); + +-/* get pointer to gre key, if present */ +-static inline __be32 *gre_key(struct gre_hdr *greh) +-{ +- if (!greh->key) +- return NULL; +- if (greh->csum || greh->routing) +- return (__be32 *)(greh+sizeof(*greh)+4); +- return (__be32 *)(greh+sizeof(*greh)); +-} +- +-/* get pointer ot gre csum, if present */ +-static inline __sum16 *gre_csum(struct gre_hdr *greh) +-{ +- if (!greh->csum) +- return NULL; +- return (__sum16 *)(greh+sizeof(*greh)); +-} +- + extern void nf_ct_gre_keymap_flush(void); + extern void nf_nat_need_gre(void); + +--- linux-2.6.20.11.orig/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h ++++ linux-2.6.20.11/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h +@@ -90,25 +90,6 @@ int ip_ct_gre_keymap_add(struct ip_connt + /* delete keymap entries */ + void ip_ct_gre_keymap_destroy(struct ip_conntrack *ct); + +- +-/* get pointer to gre key, if present */ +-static inline __be32 *gre_key(struct gre_hdr *greh) +-{ +- if (!greh->key) +- return NULL; +- if (greh->csum || greh->routing) +- return (__be32 *) (greh+sizeof(*greh)+4); +- return (__be32 *) (greh+sizeof(*greh)); +-} +- +-/* get pointer ot gre csum, if present */ +-static inline __sum16 *gre_csum(struct gre_hdr *greh) +-{ +- if (!greh->csum) +- return NULL; +- return (__sum16 *) (greh+sizeof(*greh)); +-} +- + #endif /* __KERNEL__ */ + + #endif /* _CONNTRACK_PROTO_GRE_H */ +--- linux-2.6.20.11.orig/net/ipv4/netfilter/ip_nat_proto_gre.c ++++ linux-2.6.20.11/net/ipv4/netfilter/ip_nat_proto_gre.c +@@ -70,6 +70,11 @@ gre_unique_tuple(struct ip_conntrack_tup + __be16 *keyptr; + unsigned int min, i, range_size; + ++ /* If there is no master conntrack we are not PPTP, ++ do not change tuples */ ++ if (!conntrack->master) ++ return 0; ++ + if (maniptype == IP_NAT_MANIP_SRC) + keyptr = &tuple->src.u.gre.key; + else +@@ -122,18 +127,9 @@ gre_manip_pkt(struct sk_buff **pskb, + if (maniptype == IP_NAT_MANIP_DST) { + /* key manipulation is always dest */ + switch (greh->version) { +- case 0: +- if (!greh->key) { +- DEBUGP("can't nat GRE w/o key\n"); +- break; +- } +- if (greh->csum) { +- /* FIXME: Never tested this code... */ +- nf_proto_csum_replace4(gre_csum(greh), *pskb, +- *(gre_key(greh)), +- tuple->dst.u.gre.key, 0); +- } +- *(gre_key(greh)) = tuple->dst.u.gre.key; ++ case GRE_VERSION_1701: ++ /* We do not currently NAT any GREv0 packets. ++ * Try to behave like "ip_nat_proto_unknown" */ + break; + case GRE_VERSION_PPTP: + DEBUGP("call_id -> 0x%04x\n", +--- linux-2.6.20.11.orig/net/ipv4/netfilter/nf_nat_proto_gre.c ++++ linux-2.6.20.11/net/ipv4/netfilter/nf_nat_proto_gre.c +@@ -72,6 +72,11 @@ gre_unique_tuple(struct nf_conntrack_tup + __be16 *keyptr; + unsigned int min, i, range_size; + ++ /* If there is no master conntrack we are not PPTP, ++ do not change tuples */ ++ if (!conntrack->master) ++ return 0; ++ + if (maniptype == IP_NAT_MANIP_SRC) + keyptr = &tuple->src.u.gre.key; + else +@@ -122,18 +127,9 @@ gre_manip_pkt(struct sk_buff **pskb, uns + if (maniptype != IP_NAT_MANIP_DST) + return 1; + switch (greh->version) { +- case 0: +- if (!greh->key) { +- DEBUGP("can't nat GRE w/o key\n"); +- break; +- } +- if (greh->csum) { +- /* FIXME: Never tested this code... */ +- nf_proto_csum_replace4(gre_csum(greh), *pskb, +- *(gre_key(greh)), +- tuple->dst.u.gre.key, 0); +- } +- *(gre_key(greh)) = tuple->dst.u.gre.key; ++ case GRE_VERSION_1701: ++ /* We do not currently NAT any GREv0 packets. ++ * Try to behave like "nf_nat_proto_unknown" */ + break; + case GRE_VERSION_PPTP: + DEBUGP("call_id -> 0x%04x\n", ntohs(tuple->dst.u.gre.key)); diff --git a/queue-2.6.20/ipv6-track-device-renames-in-snmp6.patch b/queue-2.6.20/ipv6-track-device-renames-in-snmp6.patch new file mode 100644 index 00000000000..9bac23a1169 --- /dev/null +++ b/queue-2.6.20/ipv6-track-device-renames-in-snmp6.patch @@ -0,0 +1,56 @@ +From stable-bounces@linux.kernel.org Fri Apr 27 11:20:15 2007 +Date: Fri, 27 Apr 2007 11:17:57 -0700 +From: Stephen Hemminger +To: Greg KH +Message-ID: <20070427111757.35ac3a52@freekitty> +Cc: yoshfuji@linux-ipv6.org, "David S. Miller" , stable@kernel.org +Subject: pv6: track device renames in snmp6 + +When network device's are renamed, the IPV6 snmp6 code +gets confused. It doesn't track name changes so it will OOPS +when network device's are removed. + +The fix is trivial, just unregister/re-register in notify handler. + +Signed-off-by: Stephen Hemminger +Signed-off-by: Chris Wright + +--- + net/ipv6/addrconf.c | 6 ++++-- + net/ipv6/proc.c | 1 + + 2 files changed, 5 insertions(+), 2 deletions(-) + +--- linux-2.6.20.11.orig/net/ipv6/addrconf.c ++++ linux-2.6.20.11/net/ipv6/addrconf.c +@@ -2338,8 +2338,9 @@ static int addrconf_notify(struct notifi + break; + + case NETDEV_CHANGENAME: +-#ifdef CONFIG_SYSCTL + if (idev) { ++ snmp6_unregister_dev(idev); ++#ifdef CONFIG_SYSCTL + addrconf_sysctl_unregister(&idev->cnf); + neigh_sysctl_unregister(idev->nd_parms); + neigh_sysctl_register(dev, idev->nd_parms, +@@ -2347,8 +2348,9 @@ static int addrconf_notify(struct notifi + &ndisc_ifinfo_sysctl_change, + NULL); + addrconf_sysctl_register(idev, &idev->cnf); +- } + #endif ++ snmp6_register_dev(idev); ++ } + break; + }; + +--- linux-2.6.20.11.orig/net/ipv6/proc.c ++++ linux-2.6.20.11/net/ipv6/proc.c +@@ -237,6 +237,7 @@ int snmp6_unregister_dev(struct inet6_de + return -EINVAL; + remove_proc_entry(idev->stats.proc_dir_entry->name, + proc_net_devsnmp6); ++ idev->stats.proc_dir_entry = NULL; + return 0; + } + diff --git a/queue-2.6.20/jfs-fix-race-waking-up-jfsio-kernel-thread.patch b/queue-2.6.20/jfs-fix-race-waking-up-jfsio-kernel-thread.patch new file mode 100644 index 00000000000..2f20605e982 --- /dev/null +++ b/queue-2.6.20/jfs-fix-race-waking-up-jfsio-kernel-thread.patch @@ -0,0 +1,38 @@ +From stable-bounces@linux.kernel.org Tue May 15 20:55:43 2007 +From: Dave Kleikamp +To: stable@kernel.org +Date: Tue, 15 May 2007 22:53:36 -0500 +Message-Id: <1179287616.8339.8.camel@kleikamp.austin.ibm.com> +Cc: linux-kernel +Subject: JFS: Fix race waking up jfsIO kernel thread + +It's possible for a journal I/O request to be added to the log_redrive +queue and the jfsIO thread to be awakened after the thread releases +log_redrive_lock but before it sets its state to TASK_INTERRUPTIBLE. + +The jfsIO thread should set the state before giving up the spinlock, so +the waking thread will really wake it. + +Signed-off-by: Dave Kleikamp +Signed-off-by: Chris Wright +--- + fs/jfs/jfs_logmgr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- linux-2.6.20.11.orig/fs/jfs/jfs_logmgr.c ++++ linux-2.6.20.11/fs/jfs/jfs_logmgr.c +@@ -2354,12 +2354,13 @@ int jfsIOWait(void *arg) + lbmStartIO(bp); + spin_lock_irq(&log_redrive_lock); + } +- spin_unlock_irq(&log_redrive_lock); + + if (freezing(current)) { ++ spin_unlock_irq(&log_redrive_lock); + refrigerator(); + } else { + set_current_state(TASK_INTERRUPTIBLE); ++ spin_unlock_irq(&log_redrive_lock); + schedule(); + current->state = TASK_RUNNING; + } diff --git a/queue-2.6.20/oom-kill-all-threads-that-share-mm-with-killed-task.patch b/queue-2.6.20/oom-kill-all-threads-that-share-mm-with-killed-task.patch new file mode 100644 index 00000000000..615b63d0d4c --- /dev/null +++ b/queue-2.6.20/oom-kill-all-threads-that-share-mm-with-killed-task.patch @@ -0,0 +1,39 @@ +From stable-bounces@linux.kernel.org Fri Apr 27 09:13:13 2007 +Message-ID: <4632209E.7090502@redhat.com> +Date: Fri, 27 Apr 2007 12:11:10 -0400 +From: Chuck Ebbert +To: linux-stable +Cc: Nick Piggin , David Rientjes +Subject: oom: kill all threads that share mm with killed task + +From: David Rientjes + +oom_kill_task() calls __oom_kill_task() to OOM kill a selected task. +When finding other threads that share an mm with that task, we need to +kill those individual threads and not the same one. + +(Bug introduced by f2a2a7108aa0039ba7a5fe7a0d2ecef2219a7584) + +Acked-by: William Irwin +Acked-by: Christoph Lameter +Cc: Nick Piggin +Cc: Andrew Morton +Cc: Andi Kleen +Signed-off-by: David Rientjes +Signed-off-by: Linus Torvalds +Signed-off-by: Chris Wright +--- + mm/oom_kill.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- linux-2.6.20.11.orig/mm/oom_kill.c ++++ linux-2.6.20.11/mm/oom_kill.c +@@ -335,7 +335,7 @@ static int oom_kill_task(struct task_str + */ + do_each_thread(g, q) { + if (q->mm == mm && q->tgid != p->tgid) +- force_sig(SIGKILL, p); ++ force_sig(SIGKILL, q); + } while_each_thread(g, q); + + return 0; diff --git a/queue-2.6.20/sata_via-add-missing-pm-hooks.patch b/queue-2.6.20/sata_via-add-missing-pm-hooks.patch new file mode 100644 index 00000000000..33a66dbe186 --- /dev/null +++ b/queue-2.6.20/sata_via-add-missing-pm-hooks.patch @@ -0,0 +1,44 @@ +From stable-bounces@linux.kernel.org Fri May 4 06:32:42 2007 +Message-ID: <463B357A.4090703@gmail.com> +Date: Fri, 04 May 2007 15:30:34 +0200 +From: Tejun Heo +To: Jeff Garzik , IDE/ATA development list , stable@kernel.org +Cc: Jeroen Janssen +Subject: sata_via: add missing PM hooks + +For some reason, sata_via is missing PM hooks. Add them. Spotted by +Jeroen Janssen . + +Signed-off-by: Tejun Heo +Cc: Jeroen Janssen +Signed-off-by: Chris Wright +--- +[chrisw: trivial 2.6.20 backport] + + drivers/ata/sata_via.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- linux-2.6.20.11.orig/drivers/ata/sata_via.c ++++ linux-2.6.20.11/drivers/ata/sata_via.c +@@ -90,6 +90,10 @@ static struct pci_driver svia_pci_driver + .name = DRV_NAME, + .id_table = svia_pci_tbl, + .probe = svia_init_one, ++#ifdef CONFIG_PM ++ .suspend = ata_pci_device_suspend, ++ .resume = ata_pci_device_resume, ++#endif + .remove = ata_pci_remove_one, + }; + +@@ -109,6 +113,10 @@ static struct scsi_host_template svia_sh + .slave_configure = ata_scsi_slave_config, + .slave_destroy = ata_scsi_slave_destroy, + .bios_param = ata_std_bios_param, ++#ifdef CONFIG_PM ++ .suspend = ata_scsi_device_suspend, ++ .resume = ata_scsi_device_resume, ++#endif + }; + + static const struct ata_port_operations vt6420_sata_ops = { diff --git a/queue-2.6.20/series b/queue-2.6.20/series new file mode 100644 index 00000000000..f2cbc81012e --- /dev/null +++ b/queue-2.6.20/series @@ -0,0 +1,11 @@ +ipv6-track-device-renames-in-snmp6.patch +oom-kill-all-threads-that-share-mm-with-killed-task.patch +x86-64-always-flush-all-pages-in-change_page_attr.patch +smc911x-fix-compilation-breakage-wjen-debug-is-on.patch +iop13xx-fix-i-o-address-translation.patch +ip-nf-_nat_proto_gre-do-not-modify-corrupt-grev0-packets-through-nat.patch +sata_via-add-missing-pm-hooks.patch +driver-core-don-t-free-devt_attr-till-the-device-is-released.patch +jfs-fix-race-waking-up-jfsio-kernel-thread.patch +crypto-api-read-module-pointer-before-freeing-algorithm.patch +iop-fix-iop_getttimeoffset.patch diff --git a/queue-2.6.20/smc911x-fix-compilation-breakage-wjen-debug-is-on.patch b/queue-2.6.20/smc911x-fix-compilation-breakage-wjen-debug-is-on.patch new file mode 100644 index 00000000000..233dc5bd1c7 --- /dev/null +++ b/queue-2.6.20/smc911x-fix-compilation-breakage-wjen-debug-is-on.patch @@ -0,0 +1,30 @@ +From stable-bounces@linux.kernel.org Sat Apr 28 08:34:17 2007 +Message-ID: <46336900.5060007@pobox.com> +Date: Sat, 28 Apr 2007 11:32:16 -0400 +From: Jeff Garzik +To: stable@kernel.org +Cc: vwool@ru.mvista.com, dustin@sensoria.com +Subject: smc911x: fix compilation breakage wjen debug is on + +From: Vitaly Wool + +the patch below fixes compilation breakage of smc911x driver when ENABLE_SMC_DEBUG_PKTS equals to 1. + +Signed-off-by: Vitaly Wool +Signed-off-by: Chris Wright +--- + + drivers/net/smc911x.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- linux-2.6.20.11.orig/drivers/net/smc911x.c ++++ linux-2.6.20.11/drivers/net/smc911x.c +@@ -499,7 +499,7 @@ static inline void smc911x_rcv(struct n + SMC_SET_RX_CFG(RX_CFG_RX_END_ALGN4_ | ((2<<8) & RX_CFG_RXDOFF_)); + SMC_PULL_DATA(data, pkt_len+2+3); + +- DBG(SMC_DEBUG_PKTS, "%s: Received packet\n", dev->name,); ++ DBG(SMC_DEBUG_PKTS, "%s: Received packet\n", dev->name); + PRINT_PKT(data, ((pkt_len - 4) <= 64) ? pkt_len - 4 : 64); + dev->last_rx = jiffies; + skb->dev = dev; diff --git a/queue-2.6.20/x86-64-always-flush-all-pages-in-change_page_attr.patch b/queue-2.6.20/x86-64-always-flush-all-pages-in-change_page_attr.patch new file mode 100644 index 00000000000..0b0963e6c9e --- /dev/null +++ b/queue-2.6.20/x86-64-always-flush-all-pages-in-change_page_attr.patch @@ -0,0 +1,40 @@ +From stable-bounces@linux.kernel.org Fri Apr 27 09:50:55 2007 +Message-ID: <46322976.8080900@redhat.com> +Date: Fri, 27 Apr 2007 12:48:54 -0400 +From: Chuck Ebbert +To: linux-stable +Cc: Andi Kleen +Subject: x86-64: Always flush all pages in change_page_attr + +From: Andi Kleen + +change_page_attr on x86-64 only flushed the TLB for pages that got +reverted. That's not correct: it has to be flushed in all cases. + +This bug was added in some earlier changes. + +Just flush all pages for now. + +This could be done more efficiently, but for this late in the release +this seem to be the best fix. + +Pointed out by Jan Beulich + +Signed-off-by: Andi Kleen +Signed-off-by: Chris Wright +--- + arch/x86_64/mm/pageattr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- linux-2.6.20.11.orig/arch/x86_64/mm/pageattr.c ++++ linux-2.6.20.11/arch/x86_64/mm/pageattr.c +@@ -81,8 +81,8 @@ static void flush_kernel_map(void *arg) + void *adr = page_address(pg); + if (cpu_has_clflush) + cache_flush_page(adr); +- __flush_tlb_one(adr); + } ++ __flush_tlb_all(); + } + + static inline void flush_map(struct list_head *l) -- 2.47.3