+++ /dev/null
-From stable-bounces@linux.kernel.org Tue Apr 12 10:45:24 2005
-To: akpm@osdl.org
-From: blaisorblade@yahoo.it
-Date: Tue, 12 Apr 2005 19:52:08 +0200
-Cc: blaisorblade@yahoo.it, linux-kernel@vger.kernel.org,
- user-mode-linux-devel@lists.sourceforge.net, stable@kernel.org
-Subject: [patch] uml: add nfsd syscall when nfsd is modular
-
-CC: <stable@kernel.org>
-
-This trick is useless, because sys_ni.c will handle this problem by itself,
-like it does even on UML for other syscalls.
-Also, it does not provide the NFSD syscall when NFSD is compiled as a module,
-which is a big problem.
-
-This should be merged currently in both 2.6.11-stable and the current tree.
-
-Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
-Signed-off-by: Chris Wright <chrisw@osdl.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
----
-
- clean-linux-2.6.11-paolo/arch/um/kernel/sys_call_table.c | 8 +-------
- 1 files changed, 1 insertion(+), 7 deletions(-)
-
-diff -puN arch/um/kernel/sys_call_table.c~uml-nfsd-syscall arch/um/kernel/sys_call_table.c
---- clean-linux-2.6.11/arch/um/kernel/sys_call_table.c~uml-nfsd-syscall 2005-04-10 13:50:29.000000000 +0200
-+++ clean-linux-2.6.11-paolo/arch/um/kernel/sys_call_table.c 2005-04-10 13:51:19.000000000 +0200
-@@ -14,12 +14,6 @@
- #include "sysdep/syscalls.h"
- #include "kern_util.h"
-
--#ifdef CONFIG_NFSD
--#define NFSSERVCTL sys_nfsservctl
--#else
--#define NFSSERVCTL sys_ni_syscall
--#endif
--
- #define LAST_GENERIC_SYSCALL __NR_keyctl
-
- #if LAST_GENERIC_SYSCALL > LAST_ARCH_SYSCALL
-@@ -190,7 +184,7 @@ syscall_handler_t *sys_call_table[] = {
- [ __NR_getresuid ] = (syscall_handler_t *) sys_getresuid16,
- [ __NR_query_module ] = (syscall_handler_t *) sys_ni_syscall,
- [ __NR_poll ] = (syscall_handler_t *) sys_poll,
-- [ __NR_nfsservctl ] = (syscall_handler_t *) NFSSERVCTL,
-+ [ __NR_nfsservctl ] = (syscall_handler_t *) sys_nfsservctl,
- [ __NR_setresgid ] = (syscall_handler_t *) sys_setresgid16,
- [ __NR_getresgid ] = (syscall_handler_t *) sys_getresgid16,
- [ __NR_prctl ] = (syscall_handler_t *) sys_prctl,
-_
+++ /dev/null
-From stable-bounces@linux.kernel.org Tue Apr 12 10:45:24 2005
-To: foo.foo.org
-From: Kai.Makisara@kolumbus.fi
-Date: Tue, 12 Apr 2005 19:52:08 +0200
-Cc: James.Bottomley@SteelEye.com
-Subject: [PATCH] SCSI tape security: require CAP_ADMIN for SG_IO etc.
-
-The kernel currently allows any user permitted to access the tape device file
-to send the tape drive commands that may either make the tape drivers internal
-state inconsistent or to change the drive parameters so that other users find
-the drive to be unusable. This patch changes ioctl handling so that SG_IO,
-SCSI_IOCTL_COMMAND, etc. require CAP_ADMIN. This solves the consistency
-problems for SCSI tapes. The st driver provides user-accessible commands to
-change the drive parameters that users may need to access.
-
-The SCSI command permissions were discussed widely on the linux lists but this
-did not result in any useful refinement of the permissions. It may very well
-be that the tape drives are the only devices that users are sometimes given
-permissions to access and that have security problems with the current command
-filtering. This patch solves the problem for tapes and no more elaborate
-patches are needed.
-
-Signed-off-by: Kai Makisara <kai.makisara@kolumbus.fi>
-Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
-
-diff -Naru a/drivers/scsi/st.c b/drivers/scsi/st.c
---- a/drivers/scsi/st.c 2005-04-27 09:50:24 -07:00
-+++ b/drivers/scsi/st.c 2005-04-27 09:50:24 -07:00
-@@ -3461,11 +3461,17 @@
- case SCSI_IOCTL_GET_BUS_NUMBER:
- break;
- default:
-- i = scsi_cmd_ioctl(file, STp->disk, cmd_in, p);
-+ if (!capable(CAP_SYS_ADMIN))
-+ i = -EPERM;
-+ else
-+ i = scsi_cmd_ioctl(file, STp->disk, cmd_in, p);
- if (i != -ENOTTY)
- return i;
- break;
- }
-+ if (!capable(CAP_SYS_ADMIN) &&
-+ (cmd_in == SCSI_IOCTL_START_UNIT || cmd_in == SCSI_IOCTL_STOP_UNIT))
-+ return -EPERM;
- return scsi_ioctl(STp->device, cmd_in, p);
-
- out:
+++ /dev/null
-From stable-bounces@linux.kernel.org Fri Dec 2 12:44:38 2005
-Message-ID: <4390B210.1010703@gentoo.org>
-Date: Fri, 02 Dec 2005 20:44:00 +0000
-From: Daniel Drake <dsd@gentoo.org>
-To: stable@kernel.org
-Cc: venkatesh.pallipadi@intel.com
-Subject: ACPI: Add support for FADT P_LVL2_UP flag
-X-Git-Tag: v2.6.15-rc4
-X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=4c0335526c95d90a1d958e0059f40a5745fc7c5d
-
-From: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
-
-[ACPI] Add support for FADT P_LVL2_UP flag
-which tells us if C2 is valid for UP-only, or SMP.
-
-As there is no separate bit for C3, use P_LVL2_UP
-bit to cover both C2 and C3.
-
-http://bugzilla.kernel.org/show_bug.cgi?id=5165
-
-(cherry picked from 28b86b368af3944eb383078fc5797caf2dc8ce44 commit)
-
-Signed-off-by: Venkatesh Pallipadi<venkatesh.pallipadi@intel.com>
-Signed-off-by: Len Brown <len.brown@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
----
- drivers/acpi/processor_idle.c | 19 +++++++++++++++++++
- 1 file changed, 19 insertions(+)
-
---- linux-2.6.14.4.orig/drivers/acpi/processor_idle.c
-+++ linux-2.6.14.4/drivers/acpi/processor_idle.c
-@@ -261,6 +261,16 @@ static void acpi_processor_idle(void)
-
- cx->usage++;
-
-+#ifdef CONFIG_HOTPLUG_CPU
-+ /*
-+ * Check for P_LVL2_UP flag before entering C2 and above on
-+ * an SMP system. We do it here instead of doing it at _CST/P_LVL
-+ * detection phase, to work cleanly with logical CPU hotplug.
-+ */
-+ if ((cx->type != ACPI_STATE_C1) && (num_online_cpus() > 1) &&
-+ !pr->flags.has_cst && acpi_fadt.plvl2_up)
-+ cx->type = ACPI_STATE_C1;
-+#endif
- /*
- * Sleep:
- * ------
-@@ -527,6 +537,15 @@ static int acpi_processor_get_power_info
- pr->power.states[ACPI_STATE_C0].valid = 1;
- pr->power.states[ACPI_STATE_C1].valid = 1;
-
-+#ifndef CONFIG_HOTPLUG_CPU
-+ /*
-+ * Check for P_LVL2_UP flag before entering C2 and above on
-+ * an SMP system.
-+ */
-+ if ((num_online_cpus() > 1) && acpi_fadt.plvl2_up)
-+ return_VALUE(-ENODEV);
-+#endif
-+
- /* determine C2 and C3 address from pblk */
- pr->power.states[ACPI_STATE_C2].address = pr->pblk + 4;
- pr->power.states[ACPI_STATE_C3].address = pr->pblk + 5;
+++ /dev/null
-From stable-bounces@linux.kernel.org Fri Dec 2 12:49:56 2005
-Message-ID: <4390B271.2080909@gentoo.org>
-Date: Fri, 02 Dec 2005 20:45:37 +0000
-From: Daniel Drake <dsd@gentoo.org>
-To: stable@kernel.org
-Cc: venkatesh.pallipadi@intel.com
-Subject: ACPI: Prefer _CST over FADT for C-state capabilities
-X-Git-Tag: v2.6.15-rc4
-X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=6d93c64803a5fea84839789aae13290419c62d92
-
-From: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
-
-[ACPI] Prefer _CST over FADT for C-state capabilities
-
-Note: This ACPI standard compliance may cause regression
-on some system, if they have _CST present, but _CST value
-is bogus. "nocst" module parameter should workaround
-that regression.
-
-http://bugzilla.kernel.org/show_bug.cgi?id=5165
-
-(cherry picked from 883baf7f7e81cca26f4683ae0d25ba48f094cc08 commit)
-
-Signed-off-by: Venkatesh Pallipadi<venkatesh.pallipadi@intel.com>
-Signed-off-by: Len Brown <len.brown@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
----
- drivers/acpi/processor_idle.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
---- linux-2.6.14.4.orig/drivers/acpi/processor_idle.c
-+++ linux-2.6.14.4/drivers/acpi/processor_idle.c
-@@ -706,7 +706,7 @@ static int acpi_processor_get_power_info
-
- /* Validate number of power states discovered */
- if (pr->power.count < 2)
-- status = -ENODEV;
-+ status = -EFAULT;
-
- end:
- acpi_os_free(buffer.pointer);
-@@ -857,11 +857,11 @@ static int acpi_processor_get_power_info
- * this function */
-
- result = acpi_processor_get_power_info_cst(pr);
-- if ((result) || (acpi_processor_power_verify(pr) < 2)) {
-+ if (result == -ENODEV)
- result = acpi_processor_get_power_info_fadt(pr);
-- if ((result) || (acpi_processor_power_verify(pr) < 2))
-- result = acpi_processor_get_power_info_default_c1(pr);
-- }
-+
-+ if ((result) || (acpi_processor_power_verify(pr) < 2))
-+ result = acpi_processor_get_power_info_default_c1(pr);
-
- /*
- * Set Default Policy
+++ /dev/null
-From 40599072dca3ec7d4c9ff8271978be169f974638 Mon Sep 17 00:00:00 2001
-From: Pavel Machek <pavel@suse.cz>
-Date: Tue, 25 Nov 2008 12:05:08 +0100
-Subject: ACPI: scheduling in atomic via acpi_evaluate_integer ()
-
-From: Pavel Machek <pavel@suse.cz>
-
-commit 40599072dca3ec7d4c9ff8271978be169f974638 upstream.
-
-Now I know why I had strange "scheduling in atomic" problems:
-acpi_evaluate_integer() does malloc(..., irqs_disabled() ? GFP_ATOMIC
-: GFP_KERNEL)... which is (of course) broken.
-
-There's no way to reliably tell if we need GFP_ATOMIC or not from
-code, this one for example fails to detect spinlocks held.
-
-Fortunately, allocation seems small enough to be done on stack.
-
-Signed-off-by: Pavel Machek <pavel@suse.cz>
-Acked-by: Bob Moore <robert.moore@intel.com>
-Signed-off-by: Len Brown <len.brown@intel.com>
-Cc: Rafael J. Wysocki <rjw@sisk.pl>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
----
- drivers/acpi/utils.c | 16 ++++------------
- 1 file changed, 4 insertions(+), 12 deletions(-)
-
---- a/drivers/acpi/utils.c
-+++ b/drivers/acpi/utils.c
-@@ -259,34 +259,26 @@ acpi_evaluate_integer(acpi_handle handle
- struct acpi_object_list *arguments, unsigned long *data)
- {
- acpi_status status = AE_OK;
-- union acpi_object *element;
-+ union acpi_object element;
- struct acpi_buffer buffer = { 0, NULL };
-
--
- if (!data)
- return AE_BAD_PARAMETER;
-
-- element = kzalloc(sizeof(union acpi_object), irqs_disabled() ? GFP_ATOMIC: GFP_KERNEL);
-- if (!element)
-- return AE_NO_MEMORY;
--
- buffer.length = sizeof(union acpi_object);
-- buffer.pointer = element;
-+ buffer.pointer = &element;
- status = acpi_evaluate_object(handle, pathname, arguments, &buffer);
- if (ACPI_FAILURE(status)) {
- acpi_util_eval_error(handle, pathname, status);
-- kfree(element);
- return status;
- }
-
-- if (element->type != ACPI_TYPE_INTEGER) {
-+ if (element.type != ACPI_TYPE_INTEGER) {
- acpi_util_eval_error(handle, pathname, AE_BAD_DATA);
-- kfree(element);
- return AE_BAD_DATA;
- }
-
-- *data = element->integer.value;
-- kfree(element);
-+ *data = element.integer.value;
-
- ACPI_DEBUG_PRINT((ACPI_DB_INFO, "Return value [%lu]\n", *data));
-
+++ /dev/null
-From stable-bounces@linux.kernel.org Wed May 14 20:06:08 2008
-From: Kay Sievers <kay.sievers@vrfy.org>
-Date: Wed, 14 May 2008 19:20:21 GMT
-Subject: block: do_mounts - accept root=<non-existant partition>
-To: jejb@kernel.org, stable@kernel.org
-Message-ID: <200805141920.m4EJKL00019620@hera.kernel.org>
-
-From: Kay Sievers <kay.sievers@vrfy.org>
-
-commit 30f2f0eb4bd2c43d10a8b0d872c6e5ad8f31c9a0 upstream
-
-Some devices, like md, may create partitions only at first access,
-so allow root= to be set to a valid non-existant partition of an
-existing disk. This applies only to non-initramfs root mounting.
-
-This fixes a regression from 2.6.24 which did allow this to happen and
-broke some users machines :(
-
-Acked-by: Neil Brown <neilb@suse.de>
-Tested-by: Joao Luis Meloni Assirati <assirati@nonada.if.usp.br>
-Signed-off-by: Kay Sievers <kay.sievers@vrfy.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-Signed-off-by: Chris Wright <chrisw@sous-sol.org>
-
----
- block/genhd.c | 9 ++++++---
- include/linux/genhd.h | 4 ++--
- init/do_mounts.c | 27 ++++++++++++++++++++++++++-
- 3 files changed, 34 insertions(+), 6 deletions(-)
-
---- a/block/genhd.c
-+++ b/block/genhd.c
-@@ -645,7 +645,7 @@ void genhd_media_change_notify(struct ge
- EXPORT_SYMBOL_GPL(genhd_media_change_notify);
- #endif /* 0 */
-
--dev_t blk_lookup_devt(const char *name)
-+dev_t blk_lookup_devt(const char *name, int part)
- {
- struct device *dev;
- dev_t devt = MKDEV(0, 0);
-@@ -653,7 +653,11 @@ dev_t blk_lookup_devt(const char *name)
- mutex_lock(&block_class_lock);
- list_for_each_entry(dev, &block_class.devices, node) {
- if (strcmp(dev->bus_id, name) == 0) {
-- devt = dev->devt;
-+ struct gendisk *disk = dev_to_disk(dev);
-+
-+ if (part < disk->minors)
-+ devt = MKDEV(MAJOR(dev->devt),
-+ MINOR(dev->devt) + part);
- break;
- }
- }
-@@ -661,7 +665,6 @@ dev_t blk_lookup_devt(const char *name)
-
- return devt;
- }
--
- EXPORT_SYMBOL(blk_lookup_devt);
-
- struct gendisk *alloc_disk(int minors)
---- a/include/linux/genhd.h
-+++ b/include/linux/genhd.h
-@@ -524,7 +524,7 @@ struct unixware_disklabel {
- #define ADDPART_FLAG_RAID 1
- #define ADDPART_FLAG_WHOLEDISK 2
-
--extern dev_t blk_lookup_devt(const char *name);
-+extern dev_t blk_lookup_devt(const char *name, int part);
- extern char *disk_name (struct gendisk *hd, int part, char *buf);
-
- extern int rescan_partitions(struct gendisk *disk, struct block_device *bdev);
-@@ -552,7 +552,7 @@ static inline struct block_device *bdget
-
- static inline void printk_all_partitions(void) { }
-
--static inline dev_t blk_lookup_devt(const char *name)
-+static inline dev_t blk_lookup_devt(const char *name, int part)
- {
- dev_t devt = MKDEV(0, 0);
- return devt;
---- a/init/do_mounts.c
-+++ b/init/do_mounts.c
-@@ -76,6 +76,7 @@ dev_t name_to_dev_t(char *name)
- char s[32];
- char *p;
- dev_t res = 0;
-+ int part;
-
- if (strncmp(name, "/dev/", 5) != 0) {
- unsigned maj, min;
-@@ -106,7 +107,31 @@ dev_t name_to_dev_t(char *name)
- for (p = s; *p; p++)
- if (*p == '/')
- *p = '!';
-- res = blk_lookup_devt(s);
-+ res = blk_lookup_devt(s, 0);
-+ if (res)
-+ goto done;
-+
-+ /*
-+ * try non-existant, but valid partition, which may only exist
-+ * after revalidating the disk, like partitioned md devices
-+ */
-+ while (p > s && isdigit(p[-1]))
-+ p--;
-+ if (p == s || !*p || *p == '0')
-+ goto fail;
-+
-+ /* try disk name without <part number> */
-+ part = simple_strtoul(p, NULL, 10);
-+ *p = '\0';
-+ res = blk_lookup_devt(s, part);
-+ if (res)
-+ goto done;
-+
-+ /* try disk name without p<part number> */
-+ if (p < s + 2 || !isdigit(p[-2]) || p[-1] != 'p')
-+ goto fail;
-+ p[-1] = '\0';
-+ res = blk_lookup_devt(s, part);
- if (res)
- goto done;
-
+++ /dev/null
-From stable-bounces@linux.kernel.org Sat May 24 16:56:28 2008
-Date: Sat, 24 May 2008 17:40:11 GMT
-Message-Id: <200805241740.m4OHeBZZ021298@hera.kernel.org>
-From: jejb@kernel.org
-To: jejb@kernel.org, stable@kernel.org
-Subject: brd: don't show ramdisks in /proc/partitions
-
-From: Marcin Krol <hawk@pld-linux.org>
-
-upstream commit: 53978d0a7a27eb036b9bf33c4caa06257a9dbed7
-
-In 2.6.25, ramdisk devices show up in /proc/partitions, which is a
-behaviour change from the old rd.c. Add GENHD_FL_SUPPRESS_PARTITION_INFO,
-which was present in rd.c.
-
-All kernels prior to 2.6.25 weren't displaying ramdisks in
-/proc/partitions. Since there are many userspace tools using information
-from /proc/partitions some of them may now behave incorrectly (I didn't
-tested any though). For example before 2.6.25 /proc/partitions was empty
-if no block devices like hard disks and such were detected by kernel. Now
-all 16 ramdisks are always visible there. Some software may rely on such
-information (I mean, on empty /proc/partitions).
-
-There was quite similar situation back in 2004, and ramdisks were excluded
-back from displaying. Thats why I called this a regression (maybe a bit
-unfortunate). See this patch for info:
-http://kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.3-rc2/2.6.3-rc2-mm1/broken-out/nbd-proc-partitions-fix.patch
-
-I also think that someone somewhere (long time ago) excluded ramdisks from
-/proc/partitions for good reasons. It is possible that now such new
-"feature" is harmless, but I think there are more chances that someone
-will say "hey, /proc/partitions has changed, now my software doesn't work"
-then "hey where did my new 2.6.25 feature go". nbd devices are also
-excluded, maybe for very same (unknown to me) reasons.
-
-Signed-off-by: Marcin Krol <hawk@pld-linux.org>
-Signed-off-by: Nick Piggin <npiggin@suse.de>
-Cc: <stable@kernel.org>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Chris Wright <chrisw@sous-sol.org>
----
- drivers/block/brd.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/drivers/block/brd.c
-+++ b/drivers/block/brd.c
-@@ -442,6 +442,7 @@ static struct brd_device *brd_alloc(int
- disk->fops = &brd_fops;
- disk->private_data = brd;
- disk->queue = brd->brd_queue;
-+ disk->flags |= GENHD_FL_SUPPRESS_PARTITION_INFO;
- sprintf(disk->disk_name, "ram%d", i);
- set_capacity(disk, rd_size * 2);
-
+++ /dev/null
-From stable-bounces@linux.kernel.org Tue Mar 6 02:48:36 2007
-From: Joerg Dorchain <joerg@dorchain.net>
-Date: Tue, 06 Mar 2007 02:46:54 -0800
-Subject: bug in gdth.c crashing machine
-To: James.Bottomley@steeleye.com
-Cc: Achim_Leubner@adaptec.com, akpm@linux-foundation.org, joerg@dorchain.net, linux-scsi@vger.kernel.org, stable@kernel.org
-Message-ID: <200703061046.l26AksTi020093@shell0.pdx.osdl.net>
-
-
-From: Joerg Dorchain <joerg@dorchain.net>
-
-Undocumented...
-
-Signed-off-by: Joerg Dorchain <joerg@dorchain.net>
-Acked-by: Achim Leubner <Achim_Leubner@adaptec.com>
-Cc: James Bottomley <James.Bottomley@steeleye.com>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
----
- drivers/scsi/gdth.c | 2 ++
- 1 file changed, 2 insertions(+)
-
---- linux-2.6.20.1.orig/drivers/scsi/gdth.c
-+++ linux-2.6.20.1/drivers/scsi/gdth.c
-@@ -3092,6 +3092,7 @@ static int gdth_fill_raw_cmd(int hanum,S
- cmdp->u.raw64.direction =
- gdth_direction_tab[scp->cmnd[0]]==DOU ? GDTH_DATA_OUT:GDTH_DATA_IN;
- memcpy(cmdp->u.raw64.cmd,scp->cmnd,16);
-+ cmdp->u.raw64.sg_ranz = 0;
- } else {
- cmdp->u.raw.reserved = 0;
- cmdp->u.raw.mdisc_time = 0;
-@@ -3108,6 +3109,7 @@ static int gdth_fill_raw_cmd(int hanum,S
- cmdp->u.raw.direction =
- gdth_direction_tab[scp->cmnd[0]]==DOU ? GDTH_DATA_OUT:GDTH_DATA_IN;
- memcpy(cmdp->u.raw.cmd,scp->cmnd,12);
-+ cmdp->u.raw.sg_ranz = 0;
- }
-
- if (scp->use_sg) {
+++ /dev/null
-From stable-bounces@linux.kernel.org Thu Feb 7 12:04:11 2008
-From: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
-Date: Thu, 7 Feb 2008 21:03:14 +0100
-Subject: cciss: Panic in blk_rq_map_sg() from CCISS driver
-Message-ID: <6101e8c40802071203t29fcb4fk11ff1e7169bafdbd@mail.gmail.com>
-Content-Disposition: inline
-
-
-From: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
-
-mainline: a683d652d334a546be9175b894f42dbd8e399536
-
-New scatter/gather list chaining [sg_next()] treats 'page' member of
-struct scatterlist with low bit set [0x01] as a chain pointer to
-another struct scatterlist [array]. The CCISS driver request function
-passes an uninitialized, temporary, on-stack scatterlist array to
-blk_rq_map_sq(). sg_next() interprets random data on the stack as a
-chain pointer and eventually tries to de-reference an invalid pointer,
-resulting in:
-
-[<ffffffff8031dd70>] blk_rq_map_sg+0x70/0x170
-PGD 6090c3067 PUD 0
-Oops: 0000 [1] SMP
-last sysfs file: /block/cciss!c0d0/cciss!c0d0p1/dev
-CPU 6
-Modules linked in: ehci_hcd ohci_hcd uhci_hcd
-Pid: 1, comm: init Not tainted 2.6.23-rc6-mm1 #3
-RIP: 0010:[<ffffffff8031dd70>] [<ffffffff8031dd70>] blk_rq_map_sg+0x70/0x170
-RSP: 0018:ffff81060901f768 EFLAGS: 00010206
-RAX: 000000040b161000 RBX: ffff81060901f7d8 RCX: 000000040b162c00
-RDX: 0000000000000000 RSI: ffff81060b13a260 RDI: ffff81060b139600
-RBP: 0000000000001400 R08: 00000000fffffffe R09: 0000000000000400
-R10: 0000000000000000 R11: 000000040b163000 R12: ffff810102fe0000
-R13: 0000000000000001 R14: 0000000000000001 R15: 00001e0000000000
-FS: 00000000026108f0(0063) GS:ffff810409000b80(0000) knlGS:0000000000000000
-CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
-CR2: 000000010000001e CR3: 00000006090c6000 CR4: 00000000000006e0
-DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
-DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
-Process init (pid: 1, threadinfo ffff81060901e000, task ffff810409020800)
-last branch before last exception/interrupt
-from [<ffffffff8031de0a>] blk_rq_map_sg+0x10a/0x170
-to [<ffffffff8031dd70>] blk_rq_map_sg+0x70/0x170
-Stack: 000000018068ea00 ffff810102fe0000 0000000000000000 ffff810011400000
-0000000000000002 0000000000000000 ffff81040b172000 ffffffff803acd3d
-0000000000003ec1 ffff8106090d5000 ffff8106090d5000 ffff810102fe0000
-Call Trace:
-[<ffffffff803acd3d>] do_cciss_request+0x15d/0x4c0
-[<ffffffff80298968>] new_slab+0x1c8/0x270
-[<ffffffff80298ffd>] __slab_alloc+0x22d/0x470
-[<ffffffff8027327b>] mempool_alloc+0x4b/0x130
-[<ffffffff8032b21e>] cfq_set_request+0xee/0x380
-[<ffffffff8027327b>] mempool_alloc+0x4b/0x130
-[<ffffffff8031ff98>] get_request+0x168/0x360
-[<ffffffff80331b0d>] rb_insert_color+0x8d/0x110
-[<ffffffff8031cfd8>] elv_rb_add+0x58/0x60
-[<ffffffff8032a329>] cfq_add_rq_rb+0x69/0xa0
-[<ffffffff8031c1ab>] elv_merged_request+0x5b/0x60
-[<ffffffff803224fd>] __make_request+0x23d/0x650
-[<ffffffff80298ffd>] __slab_alloc+0x22d/0x470
-[<ffffffff80270000>] generic_write_checks+0x140/0x190
-[<ffffffff8031f012>] generic_make_request+0x1c2/0x3a0
-<etc>
-Kernel panic - not syncing: Attempted to kill init!
-
-This patch initializes the tmp_sg array to zeroes. Perhaps not the ultimate
-fix, but an effective work-around. I can now boot 23-rc6-mm1 on an HP
-Proliant x86_64 with CCISS boot disk.
-
-Signed-off-by: Lee Schermerhorn <lee.schermerhorn@hp.com>
-CC: Oliver Pinter <oliver.pntr@gmail.com>
-Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
----
- drivers/block/cciss.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/drivers/block/cciss.c
-+++ b/drivers/block/cciss.c
-@@ -2568,6 +2568,7 @@ static void do_cciss_request(request_que
- (int)creq->nr_sectors);
- #endif /* CCISS_DEBUG */
-
-+ memset(tmp_sg, 0, sizeof(tmp_sg));
- seg = blk_rq_map_sg(q, creq, tmp_sg);
-
- /* get the DMA records for the setup */
+++ /dev/null
-From stable-bounces@linux.kernel.org Sun Sep 18 00:30:56 2005
-Date: Sun, 18 Sep 2005 00:30:50 -0700 (PDT)
-To: stable@kernel.org
-From: "David S. Miller" <davem@davemloft.net>
-Cc:
-Subject: [PATCH] check connect(2) status for IPv6 UDP socket
-
-From: Mitsuru KANDA <mk@linux-ipv6.org>
-
-I think we should cache the per-socket route(dst_entry) only when the
-IPv6 UDP socket is connect(2)'ed.
-(which is same as IPv4 UDP send behavior)
-
-Signed-off-by: Mitsuru KANDA <mk@linux-ipv6.org>
-Signed-off-by: Chris Wright <chrisw@osdl.org>
----
- net/ipv6/udp.c | 10 ++++++++--
- 1 files changed, 8 insertions(+), 2 deletions(-)
-
-Index: linux-2.6.13.y/net/ipv6/udp.c
-===================================================================
---- linux-2.6.13.y.orig/net/ipv6/udp.c
-+++ linux-2.6.13.y/net/ipv6/udp.c
-@@ -638,6 +638,7 @@ static int udpv6_sendmsg(struct kiocb *i
- int hlimit = -1;
- int corkreq = up->corkflag || msg->msg_flags&MSG_MORE;
- int err;
-+ int connected = 0;
-
- /* destination address check */
- if (sin6) {
-@@ -747,6 +748,7 @@ do_udp_sendmsg:
- fl->fl_ip_dport = inet->dport;
- daddr = &np->daddr;
- fl->fl6_flowlabel = np->flow_label;
-+ connected = 1;
- }
-
- if (!fl->oif)
-@@ -769,6 +771,7 @@ do_udp_sendmsg:
- }
- if (!(opt->opt_nflen|opt->opt_flen))
- opt = NULL;
-+ connected = 0;
- }
- if (opt == NULL)
- opt = np->opt;
-@@ -787,10 +790,13 @@ do_udp_sendmsg:
- ipv6_addr_copy(&final, &fl->fl6_dst);
- ipv6_addr_copy(&fl->fl6_dst, rt0->addr);
- final_p = &final;
-+ connected = 0;
- }
-
-- if (!fl->oif && ipv6_addr_is_multicast(&fl->fl6_dst))
-+ if (!fl->oif && ipv6_addr_is_multicast(&fl->fl6_dst)) {
- fl->oif = np->mcast_oif;
-+ connected = 0;
-+ }
-
- err = ip6_dst_lookup(sk, &dst, fl);
- if (err)
-@@ -841,7 +847,7 @@ do_append_data:
- else if (!corkreq)
- err = udp_v6_push_pending_frames(sk, up);
-
-- if (dst)
-+ if (dst&&connected)
- ip6_dst_store(sk, dst,
- ipv6_addr_equal(&fl->fl6_dst, &np->daddr) ?
- &np->daddr : NULL);
+++ /dev/null
-From tytso@mit.edu Mon Apr 19 10:23:42 2010
-From: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
-Date: Mon, 15 Mar 2010 20:26:04 -0400
-Subject: ext4: Fix file fragmentation during large file write.
-To: stable@kernel.org
-Cc: Ext4 Developers List <linux-ext4@vger.kernel.org>, "Theodore Ts'o" <tytso@mit.edu>, "Jayson R. King" <dev@jaysonking.com>, "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
-Message-ID: <1268699165-17461-11-git-send-email-tytso@mit.edu>
-
-
-From: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
-
-commit 22208dedbd7626e5fc4339c417f8d24cc21f79d7 upstream.
-
-The range_cyclic writeback mode uses the address_space writeback_index
-as the start index for writeback. With delayed allocation we were
-updating writeback_index wrongly resulting in highly fragmented file.
-This patch reduces the number of extents reduced from 4000 to 27 for a
-3GB file.
-
-Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-[dev@jaysonking.com: Some changed lines from the original version of this patch were dropped, since they were rolled up with another cherry-picked patch applied to 2.6.27.y earlier.]
-Signed-off-by: Jayson R. King <dev@jaysonking.com>
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
----
- fs/ext4/inode.c | 88 +++++++++++++++++++++++++++++++++++---------------------
- 1 file changed, 55 insertions(+), 33 deletions(-)
-
---- a/fs/ext4/inode.c
-+++ b/fs/ext4/inode.c
-@@ -1721,7 +1721,11 @@ static int mpage_da_submit_io(struct mpa
-
- pages_skipped = mpd->wbc->pages_skipped;
- err = mapping->a_ops->writepage(page, mpd->wbc);
-- if (!err)
-+ if (!err && (pages_skipped == mpd->wbc->pages_skipped))
-+ /*
-+ * have successfully written the page
-+ * without skipping the same
-+ */
- mpd->pages_written++;
- /*
- * In error case, we have to continue because
-@@ -2175,7 +2179,6 @@ static int mpage_da_writepages(struct ad
- struct writeback_control *wbc,
- struct mpage_da_data *mpd)
- {
-- long to_write;
- int ret;
-
- if (!mpd->get_block)
-@@ -2190,19 +2193,18 @@ static int mpage_da_writepages(struct ad
- mpd->pages_written = 0;
- mpd->retval = 0;
-
-- to_write = wbc->nr_to_write;
--
- ret = write_cache_pages(mapping, wbc, __mpage_da_writepage, mpd);
--
- /*
- * Handle last extent of pages
- */
- if (!mpd->io_done && mpd->next_page != mpd->first_page) {
- if (mpage_da_map_blocks(mpd) == 0)
- mpage_da_submit_io(mpd);
-- }
-
-- wbc->nr_to_write = to_write - mpd->pages_written;
-+ mpd->io_done = 1;
-+ ret = MPAGE_DA_EXTENT_TAIL;
-+ }
-+ wbc->nr_to_write -= mpd->pages_written;
- return ret;
- }
-
-@@ -2447,11 +2449,14 @@ static int ext4_da_writepages_trans_bloc
- static int ext4_da_writepages(struct address_space *mapping,
- struct writeback_control *wbc)
- {
-+ pgoff_t index;
-+ int range_whole = 0;
- handle_t *handle = NULL;
- struct mpage_da_data mpd;
- struct inode *inode = mapping->host;
-+ int no_nrwrite_index_update;
-+ long pages_written = 0, pages_skipped;
- int needed_blocks, ret = 0, nr_to_writebump = 0;
-- long to_write, pages_skipped = 0;
- struct ext4_sb_info *sbi = EXT4_SB(mapping->host->i_sb);
-
- /*
-@@ -2485,16 +2490,26 @@ static int ext4_da_writepages(struct add
- nr_to_writebump = sbi->s_mb_stream_request - wbc->nr_to_write;
- wbc->nr_to_write = sbi->s_mb_stream_request;
- }
-+ if (wbc->range_start == 0 && wbc->range_end == LLONG_MAX)
-+ range_whole = 1;
-
--
-- pages_skipped = wbc->pages_skipped;
-+ if (wbc->range_cyclic)
-+ index = mapping->writeback_index;
-+ else
-+ index = wbc->range_start >> PAGE_CACHE_SHIFT;
-
- mpd.wbc = wbc;
- mpd.inode = mapping->host;
-
--restart_loop:
-- to_write = wbc->nr_to_write;
-- while (!ret && to_write > 0) {
-+ /*
-+ * we don't want write_cache_pages to update
-+ * nr_to_write and writeback_index
-+ */
-+ no_nrwrite_index_update = wbc->no_nrwrite_index_update;
-+ wbc->no_nrwrite_index_update = 1;
-+ pages_skipped = wbc->pages_skipped;
-+
-+ while (!ret && wbc->nr_to_write > 0) {
-
- /*
- * we insert one extent at a time. So we need
-@@ -2527,46 +2542,53 @@ restart_loop:
- goto out_writepages;
- }
- }
-- to_write -= wbc->nr_to_write;
--
- mpd.get_block = ext4_da_get_block_write;
- ret = mpage_da_writepages(mapping, wbc, &mpd);
-
- ext4_journal_stop(handle);
-
-- if (mpd.retval == -ENOSPC)
-+ if (mpd.retval == -ENOSPC) {
-+ /* commit the transaction which would
-+ * free blocks released in the transaction
-+ * and try again
-+ */
- jbd2_journal_force_commit_nested(sbi->s_journal);
--
-- /* reset the retry count */
-- if (ret == MPAGE_DA_EXTENT_TAIL) {
-+ wbc->pages_skipped = pages_skipped;
-+ ret = 0;
-+ } else if (ret == MPAGE_DA_EXTENT_TAIL) {
- /*
- * got one extent now try with
- * rest of the pages
- */
-- to_write += wbc->nr_to_write;
-+ pages_written += mpd.pages_written;
-+ wbc->pages_skipped = pages_skipped;
- ret = 0;
-- } else if (wbc->nr_to_write) {
-+ } else if (wbc->nr_to_write)
- /*
- * There is no more writeout needed
- * or we requested for a noblocking writeout
- * and we found the device congested
- */
-- to_write += wbc->nr_to_write;
- break;
-- }
-- wbc->nr_to_write = to_write;
-- }
--
-- if (!wbc->range_cyclic && (pages_skipped != wbc->pages_skipped)) {
-- /* We skipped pages in this loop */
-- wbc->nr_to_write = to_write +
-- wbc->pages_skipped - pages_skipped;
-- wbc->pages_skipped = pages_skipped;
-- goto restart_loop;
- }
-+ if (pages_skipped != wbc->pages_skipped)
-+ printk(KERN_EMERG "This should not happen leaving %s "
-+ "with nr_to_write = %ld ret = %d\n",
-+ __func__, wbc->nr_to_write, ret);
-+
-+ /* Update index */
-+ index += pages_written;
-+ if (wbc->range_cyclic || (range_whole && wbc->nr_to_write > 0))
-+ /*
-+ * set the writeback_index so that range_cyclic
-+ * mode will write it back later
-+ */
-+ mapping->writeback_index = index;
-
- out_writepages:
-- wbc->nr_to_write = to_write - nr_to_writebump;
-+ if (!no_nrwrite_index_update)
-+ wbc->no_nrwrite_index_update = 0;
-+ wbc->nr_to_write -= nr_to_writebump;
- return ret;
- }
-
+++ /dev/null
-From tytso@mit.edu Mon Apr 19 10:24:03 2010
-From: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
-Date: Mon, 15 Mar 2010 20:26:05 -0400
-Subject: ext4: Implement range_cyclic in ext4_da_writepages instead of write_cache_pages
-To: stable@kernel.org
-Cc: Ext4 Developers List <linux-ext4@vger.kernel.org>, "Theodore Ts'o" <tytso@mit.edu>, "Jayson R. King" <dev@jaysonking.com>, "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
-Message-ID: <1268699165-17461-12-git-send-email-tytso@mit.edu>
-
-
-From: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
-
-commit 2acf2c261b823d9d9ed954f348b97620297a36b5 upstream.
-
-With delayed allocation we lock the page in write_cache_pages() and
-try to build an in memory extent of contiguous blocks. This is needed
-so that we can get large contiguous blocks request. If range_cyclic
-mode is enabled, write_cache_pages() will loop back to the 0 index if
-no I/O has been done yet, and try to start writing from the beginning
-of the range. That causes an attempt to take the page lock of lower
-index page while holding the page lock of higher index page, which can
-cause a dead lock with another writeback thread.
-
-The solution is to implement the range_cyclic behavior in
-ext4_da_writepages() instead.
-
-http://bugzilla.kernel.org/show_bug.cgi?id=12579
-
-Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
-Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
-Signed-off-by: Jayson R. King <dev@jaysonking.com>
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
----
- fs/ext4/inode.c | 21 +++++++++++++++++++--
- 1 file changed, 19 insertions(+), 2 deletions(-)
-
---- a/fs/ext4/inode.c
-+++ b/fs/ext4/inode.c
-@@ -2456,6 +2456,7 @@ static int ext4_da_writepages(struct add
- struct inode *inode = mapping->host;
- int no_nrwrite_index_update;
- long pages_written = 0, pages_skipped;
-+ int range_cyclic, cycled = 1, io_done = 0;
- int needed_blocks, ret = 0, nr_to_writebump = 0;
- struct ext4_sb_info *sbi = EXT4_SB(mapping->host->i_sb);
-
-@@ -2493,9 +2494,15 @@ static int ext4_da_writepages(struct add
- if (wbc->range_start == 0 && wbc->range_end == LLONG_MAX)
- range_whole = 1;
-
-- if (wbc->range_cyclic)
-+ range_cyclic = wbc->range_cyclic;
-+ if (wbc->range_cyclic) {
- index = mapping->writeback_index;
-- else
-+ if (index)
-+ cycled = 0;
-+ wbc->range_start = index << PAGE_CACHE_SHIFT;
-+ wbc->range_end = LLONG_MAX;
-+ wbc->range_cyclic = 0;
-+ } else
- index = wbc->range_start >> PAGE_CACHE_SHIFT;
-
- mpd.wbc = wbc;
-@@ -2509,6 +2516,7 @@ static int ext4_da_writepages(struct add
- wbc->no_nrwrite_index_update = 1;
- pages_skipped = wbc->pages_skipped;
-
-+retry:
- while (!ret && wbc->nr_to_write > 0) {
-
- /*
-@@ -2563,6 +2571,7 @@ static int ext4_da_writepages(struct add
- pages_written += mpd.pages_written;
- wbc->pages_skipped = pages_skipped;
- ret = 0;
-+ io_done = 1;
- } else if (wbc->nr_to_write)
- /*
- * There is no more writeout needed
-@@ -2571,6 +2580,13 @@ static int ext4_da_writepages(struct add
- */
- break;
- }
-+ if (!io_done && !cycled) {
-+ cycled = 1;
-+ index = 0;
-+ wbc->range_start = index << PAGE_CACHE_SHIFT;
-+ wbc->range_end = mapping->writeback_index - 1;
-+ goto retry;
-+ }
- if (pages_skipped != wbc->pages_skipped)
- printk(KERN_EMERG "This should not happen leaving %s "
- "with nr_to_write = %ld ret = %d\n",
-@@ -2578,6 +2594,7 @@ static int ext4_da_writepages(struct add
-
- /* Update index */
- index += pages_written;
-+ wbc->range_cyclic = range_cyclic;
- if (wbc->range_cyclic || (range_whole && wbc->nr_to_write > 0))
- /*
- * set the writeback_index so that range_cyclic
+++ /dev/null
-From stable-bounces@linux.kernel.org Fri Jun 30 19:10:22 2006
-Date: Fri, 23 Jun 2006 06:10:02 GMT
-Message-Id: <200606230610.k5N6A2PQ015237@hera.kernel.org>
-From: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
-To: git-commits-head@vger.kernel.org
-Cc:
-Subject: [CPUFREQ] Fix ondemand vs suspend deadlock
-
-From: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
-
-[CPUFREQ] Fix ondemand vs suspend deadlock
-
-Rootcaused the bug to a deadlock in cpufreq and ondemand. Due to non-existent
-ordering between cpu_hotplug lock and dbs_mutex. Basically a race condition
-between cpu_down() and do_dbs_timer().
-
-cpu_down() flow:
-* cpu_down() call for CPU 1
-* Takes hot plug lock
-* Calls pre down notifier
-* cpufreq notifier handler calls cpufreq_driver_target() which takes
- cpu_hotplug lock again. OK as cpu_hotplug lock is recursive in same
- process context
-* CPU 1 goes down
-* Calls post down notifier
-* cpufreq notifier handler calls ondemand event stop which takes dbs_mutex
-
-So, cpu_hotplug lock is taken before dbs_mutex in this flow.
-
-do_dbs_timer is triggerred by a periodic timer event.
-It first takes dbs_mutex and then takes cpu_hotplug lock in
-cpufreq_driver_target().
-Note the reverse order here compared to above. So, if this timer event happens
-at right moment during cpu_down, system will deadlok.
-
-Attached patch fixes the issue for both ondemand and conservative.
-
-Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
-Signed-off-by: Dave Jones <davej@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
----
- drivers/cpufreq/cpufreq_conservative.c | 12 ++++++++++++
- drivers/cpufreq/cpufreq_ondemand.c | 12 ++++++++++++
- 2 files changed, 24 insertions(+)
-
---- linux-2.6.17.4.orig/drivers/cpufreq/cpufreq_conservative.c
-+++ linux-2.6.17.4/drivers/cpufreq/cpufreq_conservative.c
-@@ -72,6 +72,14 @@ static DEFINE_PER_CPU(struct cpu_dbs_inf
-
- static unsigned int dbs_enable; /* number of CPUs using this policy */
-
-+/*
-+ * DEADLOCK ALERT! There is a ordering requirement between cpu_hotplug
-+ * lock and dbs_mutex. cpu_hotplug lock should always be held before
-+ * dbs_mutex. If any function that can potentially take cpu_hotplug lock
-+ * (like __cpufreq_driver_target()) is being called with dbs_mutex taken, then
-+ * cpu_hotplug lock should be taken before that. Note that cpu_hotplug lock
-+ * is recursive for the same process. -Venki
-+ */
- static DEFINE_MUTEX (dbs_mutex);
- static DECLARE_WORK (dbs_work, do_dbs_timer, NULL);
-
-@@ -414,12 +422,14 @@ static void dbs_check_cpu(int cpu)
- static void do_dbs_timer(void *data)
- {
- int i;
-+ lock_cpu_hotplug();
- mutex_lock(&dbs_mutex);
- for_each_online_cpu(i)
- dbs_check_cpu(i);
- schedule_delayed_work(&dbs_work,
- usecs_to_jiffies(dbs_tuners_ins.sampling_rate));
- mutex_unlock(&dbs_mutex);
-+ unlock_cpu_hotplug();
- }
-
- static inline void dbs_timer_init(void)
-@@ -514,6 +524,7 @@ static int cpufreq_governor_dbs(struct c
- break;
-
- case CPUFREQ_GOV_LIMITS:
-+ lock_cpu_hotplug();
- mutex_lock(&dbs_mutex);
- if (policy->max < this_dbs_info->cur_policy->cur)
- __cpufreq_driver_target(
-@@ -524,6 +535,7 @@ static int cpufreq_governor_dbs(struct c
- this_dbs_info->cur_policy,
- policy->min, CPUFREQ_RELATION_L);
- mutex_unlock(&dbs_mutex);
-+ unlock_cpu_hotplug();
- break;
- }
- return 0;
---- linux-2.6.17.4.orig/drivers/cpufreq/cpufreq_ondemand.c
-+++ linux-2.6.17.4/drivers/cpufreq/cpufreq_ondemand.c
-@@ -71,6 +71,14 @@ static DEFINE_PER_CPU(struct cpu_dbs_inf
-
- static unsigned int dbs_enable; /* number of CPUs using this policy */
-
-+/*
-+ * DEADLOCK ALERT! There is a ordering requirement between cpu_hotplug
-+ * lock and dbs_mutex. cpu_hotplug lock should always be held before
-+ * dbs_mutex. If any function that can potentially take cpu_hotplug lock
-+ * (like __cpufreq_driver_target()) is being called with dbs_mutex taken, then
-+ * cpu_hotplug lock should be taken before that. Note that cpu_hotplug lock
-+ * is recursive for the same process. -Venki
-+ */
- static DEFINE_MUTEX (dbs_mutex);
- static DECLARE_WORK (dbs_work, do_dbs_timer, NULL);
-
-@@ -363,12 +371,14 @@ static void dbs_check_cpu(int cpu)
- static void do_dbs_timer(void *data)
- {
- int i;
-+ lock_cpu_hotplug();
- mutex_lock(&dbs_mutex);
- for_each_online_cpu(i)
- dbs_check_cpu(i);
- queue_delayed_work(dbs_workq, &dbs_work,
- usecs_to_jiffies(dbs_tuners_ins.sampling_rate));
- mutex_unlock(&dbs_mutex);
-+ unlock_cpu_hotplug();
- }
-
- static inline void dbs_timer_init(void)
-@@ -469,6 +479,7 @@ static int cpufreq_governor_dbs(struct c
- break;
-
- case CPUFREQ_GOV_LIMITS:
-+ lock_cpu_hotplug();
- mutex_lock(&dbs_mutex);
- if (policy->max < this_dbs_info->cur_policy->cur)
- __cpufreq_driver_target(
-@@ -479,6 +490,7 @@ static int cpufreq_governor_dbs(struct c
- this_dbs_info->cur_policy,
- policy->min, CPUFREQ_RELATION_L);
- mutex_unlock(&dbs_mutex);
-+ unlock_cpu_hotplug();
- break;
- }
- return 0;
+++ /dev/null
-From stable-bounces@linux.kernel.org Fri May 18 01:05:40 2007
-From: Rolf Eike Beer <eike-kernel@sf-tec.de>
-To: linux-kernel@vger.kernel.org
-Date: Thu, 17 May 2007 23:56:56 +0200
-Message-Id: <200705172356.57620.eike-kernel@sf-tec.de>
-Cc: akpm@linux-foundation.org, torvalds@linux-foundation.org, stable@kernel.org
-Subject: Fix roundup_pow_of_two(1)
-
-Fix roundup_pow_of_two(1)
-
-1 is a power of two, therefore roundup_pow_of_two(1) should return 1. It does
-in case the argument is a variable but in case it's a constant it behaves
-wrong and returns 0. Probably nobody ever did it so this was never noticed.
-
-Signed-off-by: Rolf Eike Beer <eike-kernel@sf-tec.de>
-Signed-off-by: Chris Wright <chrisw@sous-sol.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
----
-
- include/linux/log2.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- linux-2.6.21.4.orig/include/linux/log2.h
-+++ linux-2.6.21.4/include/linux/log2.h
-@@ -159,7 +159,7 @@ unsigned long __roundup_pow_of_two(unsig
- #define roundup_pow_of_two(n) \
- ( \
- __builtin_constant_p(n) ? ( \
-- (n == 1) ? 0 : \
-+ (n == 1) ? 1 : \
- (1UL << (ilog2((n) - 1) + 1)) \
- ) : \
- __roundup_pow_of_two(n) \
+++ /dev/null
-From stable-bounces@linux.kernel.org Wed Feb 15 15:55:47 2006
-Date: Wed, 15 Feb 2006 15:51:31 -0800
-From: Andrew Morton <akpm@osdl.org>
-To: stable@kernel.org
-Cc: Ashok Raj <ashok.raj@intel.com>
-Subject: [PATCH] i386/x86-64: Don't IPI to offline cpus on shutdown
-
-From: Eric W. Biederman <ebiederm@xmission.com>
-
-So why are we calling smp_send_stop from machine_halt?
-
-We don't.
-
-Looking more closely at the bug report the problem here
-is that halt -p is called which triggers not a halt but
-an attempt to power off.
-
-machine_power_off calls machine_shutdown which calls smp_send_stop.
-
-If pm_power_off is set we should never make it out machine_power_off
-to the call of do_exit. So pm_power_off must not be set in this case.
-When pm_power_off is not set we expect machine_power_off to devolve
-into machine_halt.
-
-So how do we fix this?
-
-Playing too much with smp_send_stop is dangerous because it
-must also be safe to be called from panic.
-
-It looks like the obviously correct fix is to only call
-machine_shutdown when pm_power_off is defined. Doing
-that will make Andi's assumption about not scheduling
-true and generally simplify what must be supported.
-
-This turns machine_power_off into a noop like machine_halt
-when pm_power_off is not defined.
-
-If the expected behavior is that sys_reboot(LINUX_REBOOT_CMD_POWER_OFF)
-becomes sys_reboot(LINUX_REBOOT_CMD_HALT) if pm_power_off is NULL
-this is not quite a comprehensive fix as we pass a different parameter
-to the reboot notifier and we set system_state to a different value
-before calling device_shutdown().
-
-Unfortunately any fix more comprehensive I can think of is not
-obviously correct. The core problem is that there is no architecture
-independent way to detect if machine_power will become a noop, without
-calling it.
-
-Signed-off-by: Andi Kleen <ak@suse.de>
-Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-Signed-off-by: Chris Wright <chrisw@sous-sol.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
----
-
- arch/i386/kernel/reboot.c | 7 ++++---
- arch/x86_64/kernel/reboot.c | 10 ++++++----
- 2 files changed, 10 insertions(+), 7 deletions(-)
-
-diff --git a/arch/i386/kernel/reboot.c b/arch/i386/kernel/reboot.c
-index 2fa5803..d207242 100644
---- linux-2.6.15.4.orig/arch/i386/kernel/reboot.c
-+++ linux-2.6.15.4/arch/i386/kernel/reboot.c
-@@ -12,6 +12,7 @@
- #include <linux/efi.h>
- #include <linux/dmi.h>
- #include <linux/ctype.h>
-+#include <linux/pm.h>
- #include <asm/uaccess.h>
- #include <asm/apic.h>
- #include <asm/desc.h>
-@@ -355,10 +356,10 @@ void machine_halt(void)
-
- void machine_power_off(void)
- {
-- machine_shutdown();
--
-- if (pm_power_off)
-+ if (pm_power_off) {
-+ machine_shutdown();
- pm_power_off();
-+ }
- }
-
-
---- linux-2.6.15.4.orig/arch/x86_64/kernel/reboot.c
-+++ linux-2.6.15.4/arch/x86_64/kernel/reboot.c
-@@ -6,6 +6,7 @@
- #include <linux/kernel.h>
- #include <linux/ctype.h>
- #include <linux/string.h>
-+#include <linux/pm.h>
- #include <asm/io.h>
- #include <asm/kdebug.h>
- #include <asm/delay.h>
-@@ -154,10 +155,11 @@ void machine_halt(void)
-
- void machine_power_off(void)
- {
-- if (!reboot_force) {
-- machine_shutdown();
-- }
-- if (pm_power_off)
-+ if (pm_power_off) {
-+ if (!reboot_force) {
-+ machine_shutdown();
-+ }
- pm_power_off();
-+ }
- }
-
+++ /dev/null
-From nobody Mon Sep 17 00:00:00 2001
-From: Andi Kleen <ak@suse.de>
-Date: Mon, 15 May 2006 18:19:41 +0200
-Subject: [PATCH] i386/x86_64: Force pci=noacpi on HP XW9300
-
-This is needed to see all devices.
-
-The system has multiple PCI segments and we don't handle that properly
-yet in PCI and ACPI. Short term before this is fixed blacklist it to
-pci=noacpi.
-
-Acked-by: len.brown@intel.com
-Signed-off-by: Andi Kleen <ak@suse.de>
-Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-Signed-off-by: Chris Wright <chrisw@sous-sol.org>
-
----
- arch/i386/kernel/acpi/boot.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
---- linux-2.6.16.16.orig/arch/i386/kernel/acpi/boot.c
-+++ linux-2.6.16.16/arch/i386/kernel/acpi/boot.c
-@@ -1060,6 +1060,14 @@ static struct dmi_system_id __initdata a
- DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 360"),
- },
- },
-+ {
-+ .callback = disable_acpi_pci,
-+ .ident = "HP xw9300",
-+ .matches = {
-+ DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"),
-+ DMI_MATCH(DMI_PRODUCT_NAME, "HP xw9300 Workstation"),
-+ },
-+ },
- {}
- };
-
+++ /dev/null
-From stable-bounces@linux.kernel.org Wed Nov 21 14:12:51 2007
-From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-Date: Wed, 21 Nov 2007 17:12:26 -0500
-Subject: Input: ALPS - add signature for ThinkPad R61
-To: linux-stable <stable@kernel.org>
-Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-Message-ID: <4744AD4A.7000307@redhat.com>
-
-From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
-changeset f493018ebc3f94d64e12bc848db0906700bf73a2 in mainline.
-
-Input: ALPS - add signature for ThinkPad R61
-
-Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
-Cc: Chuck Ebbert <cebbert@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
----
- drivers/input/mouse/alps.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/drivers/input/mouse/alps.c
-+++ b/drivers/input/mouse/alps.c
-@@ -48,6 +48,7 @@ static const struct alps_model_info alps
- { { 0x63, 0x02, 0x50 }, 0xef, 0xef, ALPS_FW_BK_1 }, /* NEC Versa L320 */
- { { 0x63, 0x02, 0x64 }, 0xf8, 0xf8, 0 },
- { { 0x63, 0x03, 0xc8 }, 0xf8, 0xf8, ALPS_PASS }, /* Dell Latitude D800 */
-+ { { 0x73, 0x00, 0x0a }, 0xf8, 0xf8, ALPS_DUALPOINT }, /* ThinkPad R61 8918-5QG */
- { { 0x73, 0x02, 0x0a }, 0xf8, 0xf8, 0 },
- { { 0x73, 0x02, 0x14 }, 0xf8, 0xf8, ALPS_FW_BK_2 }, /* Ahtec Laptop */
- { { 0x20, 0x02, 0x0e }, 0xf8, 0xf8, ALPS_PASS | ALPS_DUALPOINT }, /* XXX */
+++ /dev/null
-From stable-bounces@linux.kernel.org Fri Sep 8 09:49:41 2006
-Message-Id: <200609081648.k88Gmesc007335@shell0.pdx.osdl.net>
-To: torvalds@osdl.org
-From: Andrew Morton <akpm@osdl.org>
-Date: Fri, 08 Sep 2006 09:48:38 -0700
-Cc: akpm@osdl.org, hugh@veritas.com, stable@kernel.org,
- nickpiggin@yahoo.com.au
-Subject: invalidate_complete_page() race fix
-
-From: Andrew Morton <akpm@osdl.org>
-
-If a CPU faults this page into pagetables after invalidate_mapping_pages()
-checked page_mapped(), invalidate_complete_page() will still proceed to remove
-the page from pagecache. This leaves the page-faulting process with a
-detached page. If it was MAP_SHARED then file data loss will ensue.
-
-Fix that up by checking the page's refcount after taking tree_lock.
-
-Cc: Nick Piggin <nickpiggin@yahoo.com.au>
-Cc: Hugh Dickins <hugh@veritas.com>
-Signed-off-by: Andrew Morton <akpm@osdl.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
----
- mm/truncate.c | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
---- linux-2.6.17.13.orig/mm/truncate.c
-+++ linux-2.6.17.13/mm/truncate.c
-@@ -68,10 +68,10 @@ invalidate_complete_page(struct address_
- return 0;
-
- write_lock_irq(&mapping->tree_lock);
-- if (PageDirty(page)) {
-- write_unlock_irq(&mapping->tree_lock);
-- return 0;
-- }
-+ if (PageDirty(page))
-+ goto failed;
-+ if (page_count(page) != 2) /* caller's ref + pagecache ref */
-+ goto failed;
-
- BUG_ON(PagePrivate(page));
- __remove_from_page_cache(page);
-@@ -79,6 +79,9 @@ invalidate_complete_page(struct address_
- ClearPageUptodate(page);
- page_cache_release(page); /* pagecache ref */
- return 1;
-+failed:
-+ write_unlock_irq(&mapping->tree_lock);
-+ return 0;
- }
-
- /**
+++ /dev/null
-From stable-bounces@linux.kernel.org Sun Jun 25 03:05:24 2006
-Date: Sun, 25 Jun 2006 12:04:36 +0200
-From: Sam Ravnborg <sam@ravnborg.org>
-To: stable@kernel.org
-Cc:
-Subject: kbuild: Fix 100% initramfs bloat in 2.6.17 versus 2.6.16
-
-From: Nix <nix@esperi.org.uk>
-
-When I built 2.6.17 for the first time I was a little surprised to see
-my kernel putting on >500Kb in weight.
-
-It didn't take long to work out that this was because my initramfs's
-contents were being included twice in the cpio image.
-
-A make V=1 makes the problem obvious:
-
-/bin/sh /usr/packages/linux/versions/i686-loki/scripts/gen_initramfs_list.sh -l "usr/initramfs" > usr/.initramfs_data.cpio.gz.d
- /bin/sh /usr/packages/linux/versions/i686-loki/scripts/gen_initramfs_list.sh -o usr/initramfs_data.cpio.gz -u 0 -g 0 "usr/initramfs" "usr/initramfs"
-
-Note that doubling-up of the "usr/initramfs", which leads to
-gen_initramfs_list.sh dumping the thing into the cpio archive twice.
-
-The cause is an obvious pasto, fixed thusly:
-
-Signed-off-by: Nick Alcock <nix@esperi.org.uk>
-Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
-Signed-off-by: Chris Wright <chrisw@sous-sol.org>
----
- usr/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- linux-2.6.17.1.orig/usr/Makefile
-+++ linux-2.6.17.1/usr/Makefile
-@@ -33,7 +33,7 @@ ifneq ($(wildcard $(obj)/.initramfs_data
- endif
-
- quiet_cmd_initfs = GEN $@
-- cmd_initfs = $(initramfs) -o $@ $(ramfs-args) $(ramfs-input)
-+ cmd_initfs = $(initramfs) -o $@ $(ramfs-args)
-
- targets := initramfs_data.cpio.gz
- $(deps_initramfs): klibcdirs
+++ /dev/null
-From stable-bounces@linux.kernel.org Sat Sep 17 14:57:44 2005
-Date: Wed, 14 Sep 2005 11:56:16 -0700 (PDT)
-To: linux-kernel@vger.kernel.org
-CC: akpm@osdl.org, torvalds@osdl.org
-Subject: [PATCH]: Missing acct/mm calls in compat_do_execve()
-From: "David S. Miller" <davem@davemloft.net>
-
-As I do periodically, I checked to see how far out of sync
-compat_do_execve() has gotten from do_execve(). And as usual there
-was some missing stuff in the former. Perhaps we need some tighter
-consolidation of these two routines to make this less likely to happen
-in the future.
-
-Anyways, on the success path of compat_do_execve() we forget
-to call acct_update_integrals() and update_mem_hiwater(), as
-is done in do_execve().
-
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Chris Wright <chrisw@osdl.org>
----
- fs/compat.c | 4 ++++
- 1 files changed, 4 insertions(+)
-
-Index: linux-2.6.13.y/fs/compat.c
-===================================================================
---- linux-2.6.13.y.orig/fs/compat.c
-+++ linux-2.6.13.y/fs/compat.c
-@@ -44,6 +44,8 @@
- #include <linux/nfsd/syscall.h>
- #include <linux/personality.h>
- #include <linux/rwsem.h>
-+#include <linux/acct.h>
-+#include <linux/mm.h>
-
- #include <net/sock.h> /* siocdevprivate_ioctl */
-
-@@ -1567,6 +1569,8 @@ int compat_do_execve(char * filename,
-
- /* execve success */
- security_bprm_free(bprm);
-+ acct_update_integrals(current);
-+ update_mem_hiwater(current);
- kfree(bprm);
- return retval;
- }
+++ /dev/null
-From 00a62ce91e554198ef28234c91c36f850f5a3bc9 Mon Sep 17 00:00:00 2001
-From: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
-Date: Thu, 30 Apr 2009 15:08:51 -0700
-Subject: mm: fix Committed_AS underflow on large NR_CPUS environment
-
-From: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
-
-commit 00a62ce91e554198ef28234c91c36f850f5a3bc9 upstream.
-
-The Committed_AS field can underflow in certain situations:
-
-> # while true; do cat /proc/meminfo | grep _AS; sleep 1; done | uniq -c
-> 1 Committed_AS: 18446744073709323392 kB
-> 11 Committed_AS: 18446744073709455488 kB
-> 6 Committed_AS: 35136 kB
-> 5 Committed_AS: 18446744073709454400 kB
-> 7 Committed_AS: 35904 kB
-> 3 Committed_AS: 18446744073709453248 kB
-> 2 Committed_AS: 34752 kB
-> 9 Committed_AS: 18446744073709453248 kB
-> 8 Committed_AS: 34752 kB
-> 3 Committed_AS: 18446744073709320960 kB
-> 7 Committed_AS: 18446744073709454080 kB
-> 3 Committed_AS: 18446744073709320960 kB
-> 5 Committed_AS: 18446744073709454080 kB
-> 6 Committed_AS: 18446744073709320960 kB
-
-Because NR_CPUS can be greater than 1000 and meminfo_proc_show() does
-not check for underflow.
-
-But NR_CPUS proportional isn't good calculation. In general,
-possibility of lock contention is proportional to the number of online
-cpus, not theorical maximum cpus (NR_CPUS).
-
-The current kernel has generic percpu-counter stuff. using it is right
-way. it makes code simplify and percpu_counter_read_positive() don't
-make underflow issue.
-
-Reported-by: Dave Hansen <dave@linux.vnet.ibm.com>
-Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
-Cc: Eric B Munson <ebmunson@us.ibm.com>
-Cc: Mel Gorman <mel@csn.ul.ie>
-Cc: Christoph Lameter <cl@linux-foundation.org>
-Cc: <stable@kernel.org>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
----
- fs/proc/meminfo.c | 2 +-
- include/linux/mman.h | 9 +++------
- mm/mmap.c | 12 ++++++------
- mm/nommu.c | 13 +++++++------
- mm/swap.c | 46 ----------------------------------------------
- 5 files changed, 17 insertions(+), 65 deletions(-)
-
---- a/fs/proc/meminfo.c
-+++ b/fs/proc/meminfo.c
-@@ -35,7 +35,7 @@ static int meminfo_proc_show(struct seq_
- #define K(x) ((x) << (PAGE_SHIFT - 10))
- si_meminfo(&i);
- si_swapinfo(&i);
-- committed = atomic_long_read(&vm_committed_space);
-+ committed = percpu_counter_read_positive(&vm_committed_as);
- allowed = ((totalram_pages - hugetlb_total_pages())
- * sysctl_overcommit_ratio / 100) + total_swap_pages;
-
---- a/include/linux/mman.h
-+++ b/include/linux/mman.h
-@@ -12,21 +12,18 @@
-
- #ifdef __KERNEL__
- #include <linux/mm.h>
-+#include <linux/percpu_counter.h>
-
- #include <asm/atomic.h>
-
- extern int sysctl_overcommit_memory;
- extern int sysctl_overcommit_ratio;
--extern atomic_long_t vm_committed_space;
-+extern struct percpu_counter vm_committed_as;
-
--#ifdef CONFIG_SMP
--extern void vm_acct_memory(long pages);
--#else
- static inline void vm_acct_memory(long pages)
- {
-- atomic_long_add(pages, &vm_committed_space);
-+ percpu_counter_add(&vm_committed_as, pages);
- }
--#endif
-
- static inline void vm_unacct_memory(long pages)
- {
---- a/mm/mmap.c
-+++ b/mm/mmap.c
-@@ -84,7 +84,7 @@ EXPORT_SYMBOL(vm_get_page_prot);
- int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */
- int sysctl_overcommit_ratio = 50; /* default is 50% */
- int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
--atomic_long_t vm_committed_space = ATOMIC_LONG_INIT(0);
-+struct percpu_counter vm_committed_as;
-
- /*
- * Check that a process has enough memory to allocate a new virtual
-@@ -178,11 +178,7 @@ int __vm_enough_memory(struct mm_struct
- if (mm)
- allowed -= mm->total_vm / 32;
-
-- /*
-- * cast `allowed' as a signed long because vm_committed_space
-- * sometimes has a negative value
-- */
-- if (atomic_long_read(&vm_committed_space) < (long)allowed)
-+ if (percpu_counter_read_positive(&vm_committed_as) < allowed)
- return 0;
- error:
- vm_unacct_memory(pages);
-@@ -2262,6 +2258,10 @@ static int special_mapping_fault(struct
- */
- static void special_mapping_close(struct vm_area_struct *vma)
- {
-+ int ret;
-+
-+ ret = percpu_counter_init(&vm_committed_as, 0);
-+ VM_BUG_ON(ret);
- }
-
- static struct vm_operations_struct special_mapping_vmops = {
---- a/mm/nommu.c
-+++ b/mm/nommu.c
-@@ -62,7 +62,7 @@ void *high_memory;
- struct page *mem_map;
- unsigned long max_mapnr;
- unsigned long num_physpages;
--atomic_long_t vm_committed_space = ATOMIC_LONG_INIT(0);
-+struct percpu_counter vm_committed_as;
- int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */
- int sysctl_overcommit_ratio = 50; /* default is 50% */
- int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT;
-@@ -463,6 +463,10 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
- */
- void __init mmap_init(void)
- {
-+ int ret;
-+
-+ ret = percpu_counter_init(&vm_committed_as, 0);
-+ VM_BUG_ON(ret);
- vm_region_jar = kmem_cache_create("vm_region_jar",
- sizeof(struct vm_region), 0,
- SLAB_PANIC, NULL);
-@@ -1849,12 +1853,9 @@ int __vm_enough_memory(struct mm_struct
- if (mm)
- allowed -= mm->total_vm / 32;
-
-- /*
-- * cast `allowed' as a signed long because vm_committed_space
-- * sometimes has a negative value
-- */
-- if (atomic_long_read(&vm_committed_space) < (long)allowed)
-+ if (percpu_counter_read_positive(&vm_committed_as) < allowed)
- return 0;
-+
- error:
- vm_unacct_memory(pages);
-
---- a/mm/swap.c
-+++ b/mm/swap.c
-@@ -514,49 +514,6 @@ unsigned pagevec_lookup_tag(struct pagev
-
- EXPORT_SYMBOL(pagevec_lookup_tag);
-
--#ifdef CONFIG_SMP
--/*
-- * We tolerate a little inaccuracy to avoid ping-ponging the counter between
-- * CPUs
-- */
--#define ACCT_THRESHOLD max(16, NR_CPUS * 2)
--
--static DEFINE_PER_CPU(long, committed_space);
--
--void vm_acct_memory(long pages)
--{
-- long *local;
--
-- preempt_disable();
-- local = &__get_cpu_var(committed_space);
-- *local += pages;
-- if (*local > ACCT_THRESHOLD || *local < -ACCT_THRESHOLD) {
-- atomic_long_add(*local, &vm_committed_space);
-- *local = 0;
-- }
-- preempt_enable();
--}
--
--#ifdef CONFIG_HOTPLUG_CPU
--
--/* Drop the CPU's cached committed space back into the central pool. */
--static int cpu_swap_callback(struct notifier_block *nfb,
-- unsigned long action,
-- void *hcpu)
--{
-- long *committed;
--
-- committed = &per_cpu(committed_space, (long)hcpu);
-- if (action == CPU_DEAD || action == CPU_DEAD_FROZEN) {
-- atomic_long_add(*committed, &vm_committed_space);
-- *committed = 0;
-- drain_cpu_pagevecs((long)hcpu);
-- }
-- return NOTIFY_OK;
--}
--#endif /* CONFIG_HOTPLUG_CPU */
--#endif /* CONFIG_SMP */
--
- /*
- * Perform any setup for the swap system
- */
-@@ -577,7 +534,4 @@ void __init swap_setup(void)
- * Right now other parts of the system means that we
- * _really_ don't want to cluster much more
- */
--#ifdef CONFIG_HOTPLUG_CPU
-- hotcpu_notifier(cpu_swap_callback, 0);
--#endif
- }
+++ /dev/null
-From stable-bounces@linux.kernel.org Mon Apr 3 08:46:35 2006
-Date: Mon, 3 Apr 2006 18:47:41 +0300
-From: "Michael S. Tsirkin" <mst@mellanox.co.il>
-To: stable@kernel.org, openib-general@openib.org, Adrian Bunk <bunk@stusta.de>
-Message-ID: <20060403154741.GB14808@mellanox.co.il>
-Content-Disposition: inline
-Cc:
-Subject: IPOB: Move destructor from neigh->ops to neigh_param
-
-From: Michael S. Tsirkin <mst@mellanox.co.il>
-
-struct neigh_ops currently has a destructor field, but not a constructor field.
-The infiniband/ulp/ipoib in-tree driver stashes some info in the neighbour
-structure (the results of the second-stage lookup from ARP results to real
-link-level path), and it uses neigh->ops->destructor to get a callback so it can
-clean up this extra info when a neighbour is freed. We've run into problems
-with this: since the destructor is in an ops field that is shared between
-neighbours that may belong to different net devices, there's no way to set/clear
-it safely.
-
-The following patch moves this field to neigh_parms where it can be safely set,
-together with its twin neigh_setup, and switches the only two in-kernel users
-(ipoib and clip) to this interface.
-
-Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il>
-Signed-off-by: Roland Dreier <rolandd@cisco.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
----
- drivers/infiniband/ulp/ipoib/ipoib_main.c | 16 +---------------
- drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 1 -
- include/net/neighbour.h | 2 +-
- net/atm/clip.c | 2 +-
- net/core/neighbour.c | 4 ++--
- 5 files changed, 5 insertions(+), 20 deletions(-)
-
---- linux-2.6.16.1.orig/drivers/infiniband/ulp/ipoib/ipoib_main.c
-+++ linux-2.6.16.1/drivers/infiniband/ulp/ipoib/ipoib_main.c
-@@ -247,7 +247,6 @@ static void path_free(struct net_device
- if (neigh->ah)
- ipoib_put_ah(neigh->ah);
- *to_ipoib_neigh(neigh->neighbour) = NULL;
-- neigh->neighbour->ops->destructor = NULL;
- kfree(neigh);
- }
-
-@@ -530,7 +529,6 @@ static void neigh_add_path(struct sk_buf
- err:
- *to_ipoib_neigh(skb->dst->neighbour) = NULL;
- list_del(&neigh->list);
-- neigh->neighbour->ops->destructor = NULL;
- kfree(neigh);
-
- ++priv->stats.tx_dropped;
-@@ -769,21 +767,9 @@ static void ipoib_neigh_destructor(struc
- ipoib_put_ah(ah);
- }
-
--static int ipoib_neigh_setup(struct neighbour *neigh)
--{
-- /*
-- * Is this kosher? I can't find anybody in the kernel that
-- * sets neigh->destructor, so we should be able to set it here
-- * without trouble.
-- */
-- neigh->ops->destructor = ipoib_neigh_destructor;
--
-- return 0;
--}
--
- static int ipoib_neigh_setup_dev(struct net_device *dev, struct neigh_parms *parms)
- {
-- parms->neigh_setup = ipoib_neigh_setup;
-+ parms->neigh_destructor = ipoib_neigh_destructor;
-
- return 0;
- }
---- linux-2.6.16.1.orig/drivers/infiniband/ulp/ipoib/ipoib_multicast.c
-+++ linux-2.6.16.1/drivers/infiniband/ulp/ipoib/ipoib_multicast.c
-@@ -115,7 +115,6 @@ static void ipoib_mcast_free(struct ipoi
- if (neigh->ah)
- ipoib_put_ah(neigh->ah);
- *to_ipoib_neigh(neigh->neighbour) = NULL;
-- neigh->neighbour->ops->destructor = NULL;
- kfree(neigh);
- }
-
---- linux-2.6.16.1.orig/include/net/neighbour.h
-+++ linux-2.6.16.1/include/net/neighbour.h
-@@ -68,6 +68,7 @@ struct neigh_parms
- struct net_device *dev;
- struct neigh_parms *next;
- int (*neigh_setup)(struct neighbour *);
-+ void (*neigh_destructor)(struct neighbour *);
- struct neigh_table *tbl;
-
- void *sysctl_table;
-@@ -145,7 +146,6 @@ struct neighbour
- struct neigh_ops
- {
- int family;
-- void (*destructor)(struct neighbour *);
- void (*solicit)(struct neighbour *, struct sk_buff*);
- void (*error_report)(struct neighbour *, struct sk_buff*);
- int (*output)(struct sk_buff*);
---- linux-2.6.16.1.orig/net/atm/clip.c
-+++ linux-2.6.16.1/net/atm/clip.c
-@@ -289,7 +289,6 @@ static void clip_neigh_error(struct neig
-
- static struct neigh_ops clip_neigh_ops = {
- .family = AF_INET,
-- .destructor = clip_neigh_destroy,
- .solicit = clip_neigh_solicit,
- .error_report = clip_neigh_error,
- .output = dev_queue_xmit,
-@@ -346,6 +345,7 @@ static struct neigh_table clip_tbl = {
-
- /* parameters are copied from ARP ... */
- .parms = {
-+ .neigh_destructor = clip_neigh_destroy,
- .tbl = &clip_tbl,
- .base_reachable_time = 30 * HZ,
- .retrans_time = 1 * HZ,
---- linux-2.6.16.1.orig/net/core/neighbour.c
-+++ linux-2.6.16.1/net/core/neighbour.c
-@@ -586,8 +586,8 @@ void neigh_destroy(struct neighbour *nei
- kfree(hh);
- }
-
-- if (neigh->ops && neigh->ops->destructor)
-- (neigh->ops->destructor)(neigh);
-+ if (neigh->parms->neigh_destructor)
-+ (neigh->parms->neigh_destructor)(neigh);
-
- skb_queue_purge(&neigh->arp_queue);
-
+++ /dev/null
-From stable-bounces@linux.kernel.org Tue Jun 28 16:07:25 2005
-Date: Tue, 28 Jun 2005 16:06:39 -0700 (PDT)
-Message-Id: <20050628.160639.130608735.davem@davemloft.net>
-To: stable@kernel.org
-From: "David S. Miller" <davem@davemloft.net>
-Subject: [NETFILTER]: Fix connection tracking bug in 2.6.12
-
-In 2.6.12 we started dropping the conntrack reference when a packet
-leaves the IP layer. This broke connection tracking on a bridge,
-because bridge-netfilter defers calling some NF_IP_* hooks to the bridge
-layer for locally generated packets going out a bridge, where the
-conntrack reference is no longer available. This patch keeps the
-reference in this case as a temporary solution, long term we will
-remove the defered hook calling. No attempt is made to drop the
-reference in the bridge-code when it is no longer needed, tc actions
-could already have sent the packet anywhere.
-
-Signed-off-by: Patrick McHardy <kaber@trash.net>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Chris Wright <chrisw@osdl.org>
----
-
-Index: linux-2.6.12.y/net/bridge/br_netfilter.c
-===================================================================
---- linux-2.6.12.y.orig/net/bridge/br_netfilter.c
-+++ linux-2.6.12.y/net/bridge/br_netfilter.c
-@@ -882,7 +882,7 @@ static unsigned int ip_sabotage_out(unsi
- * doesn't use the bridge parent of the indev by using
- * the BRNF_DONT_TAKE_PARENT mask. */
- if (hook == NF_IP_FORWARD && nf_bridge->physindev == NULL) {
-- nf_bridge->mask &= BRNF_DONT_TAKE_PARENT;
-+ nf_bridge->mask |= BRNF_DONT_TAKE_PARENT;
- nf_bridge->physindev = (struct net_device *)in;
- }
- #if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE)
-Index: linux-2.6.12.y/net/ipv4/ip_output.c
-===================================================================
---- linux-2.6.12.y.orig/net/ipv4/ip_output.c
-+++ linux-2.6.12.y/net/ipv4/ip_output.c
-@@ -196,7 +196,13 @@ static inline int ip_finish_output2(stru
- nf_debug_ip_finish_output2(skb);
- #endif /*CONFIG_NETFILTER_DEBUG*/
-
-- nf_reset(skb);
-+#ifdef CONFIG_BRIDGE_NETFILTER
-+ /* bridge-netfilter defers calling some IP hooks to the bridge layer
-+ * and still needs the conntrack reference.
-+ */
-+ if (skb->nf_bridge == NULL)
-+#endif
-+ nf_reset(skb);
-
- if (hh) {
- int hh_alen;
+++ /dev/null
-From a5ee4eb75413c145334c30e43f1af9875dad6fd7 Mon Sep 17 00:00:00 2001
-From: Clemens Ladisch <clemens@ladisch.de>
-Date: Mon, 22 Mar 2010 09:52:16 +0100
-Subject: PCI quirk: RS780/RS880: work around missing MSI initialization
-
-From: Clemens Ladisch <clemens@ladisch.de>
-
-commit a5ee4eb75413c145334c30e43f1af9875dad6fd7 upstream.
-
-AMD says in section 2.5.4 (GFX MSI Enable) of #43291 (AMD 780G Family
-Register Programming Requirements):
-
- The SBIOS must enable internal graphics MSI capability in GCCFG by
- setting the following: NBCFG.NB_CNTL.STRAP_MSI_ENABLE='1'
-
-Quite a few BIOS writers misinterpret this sentence and think that
-enabling MSI is an optional feature. However, clearing that bit just
-prevents delivery of MSI messages but does not remove the MSI PCI
-capabilities registers, and so leaves these devices unusable for any
-driver that attempts to use MSI.
-
-Setting that bit is not possible after the BIOS has locked down the
-configuration registers, so we have to manually disable MSI for the
-affected devices.
-
-This fixes the codec communication errors in the HDA driver when
-accessing the HDMI audio device, and allows us to get rid of the
-overcautious quirk in radeon_irq_kms.c.
-
-Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
-Tested-by: Alex Deucher <alexdeucher@gamil.com>
-Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
----
- drivers/pci/quirks.c | 33 +++++++++++++++++++++++++++++++++
- 1 file changed, 33 insertions(+)
-
---- a/drivers/pci/quirks.c
-+++ b/drivers/pci/quirks.c
-@@ -2463,6 +2463,39 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_AT
- DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, 0x4375,
- quirk_msi_intx_disable_bug);
-
-+/*
-+ * MSI does not work with the AMD RS780/RS880 internal graphics and HDMI audio
-+ * devices unless the BIOS has initialized the nb_cntl.strap_msi_enable bit.
-+ */
-+static void __init rs780_int_gfx_disable_msi(struct pci_dev *int_gfx_bridge)
-+{
-+ u32 nb_cntl;
-+
-+ if (!int_gfx_bridge->subordinate)
-+ return;
-+
-+ pci_bus_write_config_dword(int_gfx_bridge->bus, PCI_DEVFN(0, 0),
-+ 0x60, 0);
-+ pci_bus_read_config_dword(int_gfx_bridge->bus, PCI_DEVFN(0, 0),
-+ 0x64, &nb_cntl);
-+
-+ if (!(nb_cntl & BIT(10))) {
-+ dev_warn(&int_gfx_bridge->dev,
-+ FW_WARN "RS780: MSI for internal graphics disabled\n");
-+ int_gfx_bridge->subordinate->bus_flags |= PCI_BUS_FLAGS_NO_MSI;
-+ }
-+}
-+
-+#define PCI_DEVICE_ID_AMD_RS780_P2P_INT_GFX 0x9602
-+
-+DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_AMD,
-+ PCI_DEVICE_ID_AMD_RS780_P2P_INT_GFX,
-+ rs780_int_gfx_disable_msi);
-+/* wrong vendor ID on M4A785TD motherboard: */
-+DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ASUSTEK,
-+ PCI_DEVICE_ID_AMD_RS780_P2P_INT_GFX,
-+ rs780_int_gfx_disable_msi);
-+
- #endif /* CONFIG_PCI_MSI */
-
- #ifdef CONFIG_PCI_IOV
+++ /dev/null
-From stable-bounces@linux.kernel.org Thu Sep 21 20:11:55 2006
-Message-Id: <200609220310.k8M3AvBe027426@shell0.pdx.osdl.net>
-To: mm-commits@vger.kernel.org
-From: Andrew Morton <akpm@osdl.org>
-Date: Thu, 21 Sep 2006 20:10:57 -0700
-Cc: akpm@osdl.org, kmannth@gmail.com, clameter@engr.sgi.com, stable@kernel.org, kamezawa.hiroyu@jp.fujitsu.com
-Subject: process_zones(): fix error handling
-
-
-From: Andrew Morton <akpm@osdl.org>
-
-If the kmalloc() fails we can leave some of this zone's per-cpu-pages pointers
-holding uninitialised memory. Later, free_zone_pagesets() will pass that
-uninitialised memory to kfree() as a pointer, with suboptimal results.
-
-Cc: Keith Mannthey <kmannth@gmail.com>
-Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
-Cc: Christoph Lameter <clameter@engr.sgi.com>
-Signed-off-by: Andrew Morton <akpm@osdl.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
-
----
- mm/page_alloc.c | 20 +++++++++++---------
- 1 file changed, 11 insertions(+), 9 deletions(-)
-
---- linux-2.6.18.orig/mm/page_alloc.c
-+++ linux-2.6.18/mm/page_alloc.c
-@@ -1811,11 +1811,14 @@ static struct per_cpu_pageset boot_pages
- */
- static int __cpuinit process_zones(int cpu)
- {
-- struct zone *zone, *dzone;
-+ struct zone *zone;
-
-- for_each_zone(zone) {
-+ for_each_zone(zone)
-+ zone_pcp(zone, cpu) = NULL;
-
-- zone_pcp(zone, cpu) = kmalloc_node(sizeof(struct per_cpu_pageset),
-+ for_each_zone(zone) {
-+ zone_pcp(zone, cpu) =
-+ kmalloc_node(sizeof(struct per_cpu_pageset),
- GFP_KERNEL, cpu_to_node(cpu));
- if (!zone_pcp(zone, cpu))
- goto bad;
-@@ -1824,17 +1827,16 @@ static int __cpuinit process_zones(int c
-
- if (percpu_pagelist_fraction)
- setup_pagelist_highmark(zone_pcp(zone, cpu),
-- (zone->present_pages / percpu_pagelist_fraction));
-+ (zone->present_pages / percpu_pagelist_fraction));
- }
-
- return 0;
- bad:
-- for_each_zone(dzone) {
-- if (dzone == zone)
-- break;
-- kfree(zone_pcp(dzone, cpu));
-- zone_pcp(dzone, cpu) = NULL;
-+ for_each_zone(zone) {
-+ kfree(zone_pcp(zone, cpu));
-+ zone_pcp(zone, cpu) = NULL;
- }
-+ printk(KERN_EMERG "%s: kmalloc() failed\n", __FUNCTION__);
- return -ENOMEM;
- }
-
+++ /dev/null
-From stable-bounces@linux.kernel.org Mon Dec 17 16:32:25 2007
-From: Christoph Lameter <clameter@sgi.com>
-Date: Mon, 17 Dec 2007 16:20:27 -0800
-Subject: quicklist: Set tlb->need_flush if pages are remaining in quicklist 0
-To: torvalds@linux-foundation.org
-Cc: stable@kernel.org, akpm@linux-foundation.org, dhaval@linux.vnet.ibm.com, clameter@sgi.com
-Message-ID: <200712180020.lBI0KSKF010011@imap1.linux-foundation.org>
-
-
-From: Christoph Lameter <clameter@sgi.com>
-
-patch 421d99193537a6522aac2148286f08792167d5fd in mainline.
-
-This ensures that the quicklists are drained. Otherwise draining may only
-occur when the processor reaches an idle state.
-
-Fixes fatal leakage of pgd_t's on 2.6.22 and later.
-
-Signed-off-by: Christoph Lameter <clameter@sgi.com>
-Reported-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
-
----
- include/asm-generic/tlb.h | 4 ++++
- 1 file changed, 4 insertions(+)
-
---- a/include/asm-generic/tlb.h
-+++ b/include/asm-generic/tlb.h
-@@ -14,6 +14,7 @@
- #define _ASM_GENERIC__TLB_H
-
- #include <linux/swap.h>
-+#include <linux/quicklist.h>
- #include <asm/pgalloc.h>
- #include <asm/tlbflush.h>
-
-@@ -85,6 +86,9 @@ tlb_flush_mmu(struct mmu_gather *tlb, un
- static inline void
- tlb_finish_mmu(struct mmu_gather *tlb, unsigned long start, unsigned long end)
- {
-+#ifdef CONFIG_QUICKLIST
-+ tlb->need_flush += &__get_cpu_var(quicklist)[0].nr_pages != 0;
-+#endif
- tlb_flush_mmu(tlb, start, end);
-
- /* keep the page table cache within bounds */
+++ /dev/null
-From stable-bounces@linux.kernel.org Sun Nov 5 03:41:17 2006
-Date: Sun, 5 Nov 2006 12:39:51 +0100
-From: Jens Axboe <jens.axboe@oracle.com>
-To: stable@kernel.org
-Subject: splice: fix problem introduced with inode diet
-
-After the inode slimming patch that unionised i_pipe/i_bdev/i_cdev, it's
-no longer enough to check for existance of ->i_pipe to verify that this
-is a pipe.
-
-Original patch from Eric Dumazet <dada1@cosmosbay.com>
-Final solution suggested by Linus.
-
-Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
-Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-Signed-off-by: Chris Wright <chrisw@sous-sol.org>
----
-
- fs/splice.c | 26 ++++++++++++++++++++------
- 1 file changed, 20 insertions(+), 6 deletions(-)
-
---- linux-2.6.18.2.orig/fs/splice.c
-+++ linux-2.6.18.2/fs/splice.c
-@@ -1042,6 +1042,19 @@ out_release:
- EXPORT_SYMBOL(do_splice_direct);
-
- /*
-+ * After the inode slimming patch, i_pipe/i_bdev/i_cdev share the same
-+ * location, so checking ->i_pipe is not enough to verify that this is a
-+ * pipe.
-+ */
-+static inline struct pipe_inode_info *pipe_info(struct inode *inode)
-+{
-+ if (S_ISFIFO(inode->i_mode))
-+ return inode->i_pipe;
-+
-+ return NULL;
-+}
-+
-+/*
- * Determine where to splice to/from.
- */
- static long do_splice(struct file *in, loff_t __user *off_in,
-@@ -1052,7 +1065,7 @@ static long do_splice(struct file *in, l
- loff_t offset, *off;
- long ret;
-
-- pipe = in->f_dentry->d_inode->i_pipe;
-+ pipe = pipe_info(in->f_dentry->d_inode);
- if (pipe) {
- if (off_in)
- return -ESPIPE;
-@@ -1073,7 +1086,7 @@ static long do_splice(struct file *in, l
- return ret;
- }
-
-- pipe = out->f_dentry->d_inode->i_pipe;
-+ pipe = pipe_info(out->f_dentry->d_inode);
- if (pipe) {
- if (off_out)
- return -ESPIPE;
-@@ -1231,7 +1244,7 @@ static int get_iovec_page_array(const st
- static long do_vmsplice(struct file *file, const struct iovec __user *iov,
- unsigned long nr_segs, unsigned int flags)
- {
-- struct pipe_inode_info *pipe = file->f_dentry->d_inode->i_pipe;
-+ struct pipe_inode_info *pipe;
- struct page *pages[PIPE_BUFFERS];
- struct partial_page partial[PIPE_BUFFERS];
- struct splice_pipe_desc spd = {
-@@ -1241,7 +1254,8 @@ static long do_vmsplice(struct file *fil
- .ops = &user_page_pipe_buf_ops,
- };
-
-- if (unlikely(!pipe))
-+ pipe = pipe_info(file->f_dentry->d_inode);
-+ if (!pipe)
- return -EBADF;
- if (unlikely(nr_segs > UIO_MAXIOV))
- return -EINVAL;
-@@ -1475,8 +1489,8 @@ static int link_pipe(struct pipe_inode_i
- static long do_tee(struct file *in, struct file *out, size_t len,
- unsigned int flags)
- {
-- struct pipe_inode_info *ipipe = in->f_dentry->d_inode->i_pipe;
-- struct pipe_inode_info *opipe = out->f_dentry->d_inode->i_pipe;
-+ struct pipe_inode_info *ipipe = pipe_info(in->f_dentry->d_inode);
-+ struct pipe_inode_info *opipe = pipe_info(out->f_dentry->d_inode);
- int ret = -EINVAL;
-
- /*
+++ /dev/null
-Submitted after 2.6.11.2
-Rejected as per Alan Cox and other's comments on lkml.
-
-
-From akpm@osdl.org Fri Mar 4 13:22:11 2005
-Return-Path: <akpm@osdl.org>
-Subject: [patch 5/5] make st seekable again
-To: greg@kroah.com
-Cc: linux-kernel@vger.kernel.org, akpm@osdl.org, kai.makisara@kolumbus.fi
-From: akpm@osdl.org
-Date: Fri, 04 Mar 2005 13:16:58 -0800
-Lines: 71
-
-
-From: Kai Makisara <kai.makisara@kolumbus.fi>
-
-Apparently `tar' errors out if it cannot perform lseek() against a tape. Work
-around that in-kernel.
-
-Signed-off-by: Kai Makisara <kai.makisara@kolumbus.fi>
-Signed-off-by: Andrew Morton <akpm@osdl.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
----
-
- 25-akpm/drivers/ide/ide-tape.c | 8 +++++++-
- 25-akpm/drivers/scsi/osst.c | 8 +++++++-
- 25-akpm/drivers/scsi/st.c | 8 +++++++-
- 3 files changed, 21 insertions(+), 3 deletions(-)
-
-diff -puN drivers/ide/ide-tape.c~make-st-seekable-again drivers/ide/ide-tape.c
---- 25/drivers/ide/ide-tape.c~make-st-seekable-again 2005-03-04 13:16:32.000000000 -0800
-+++ 25-akpm/drivers/ide/ide-tape.c 2005-03-04 13:16:32.000000000 -0800
-@@ -4100,7 +4100,13 @@ static int idetape_chrdev_open (struct i
- idetape_pc_t pc;
- int retval;
-
-- nonseekable_open(inode, filp);
-+ /*
-+ * We really want to do nonseekable_open(inode, filp); here, but some
-+ * versions of tar incorrectly call lseek on tapes and bail out if that
-+ * fails. So we disallow pread() and pwrite(), but permit lseeks.
-+ */
-+ filp->f_mode &= ~(FMODE_PREAD | FMODE_PWRITE);
-+
- #if IDETAPE_DEBUG_LOG
- printk(KERN_INFO "ide-tape: Reached idetape_chrdev_open\n");
- #endif /* IDETAPE_DEBUG_LOG */
-diff -puN drivers/scsi/st.c~make-st-seekable-again drivers/scsi/st.c
---- 25/drivers/scsi/st.c~make-st-seekable-again 2005-03-04 13:16:32.000000000 -0800
-+++ 25-akpm/drivers/scsi/st.c 2005-03-04 13:16:32.000000000 -0800
-@@ -1004,7 +1004,13 @@ static int st_open(struct inode *inode,
- int dev = TAPE_NR(inode);
- char *name;
-
-- nonseekable_open(inode, filp);
-+ /*
-+ * We really want to do nonseekable_open(inode, filp); here, but some
-+ * versions of tar incorrectly call lseek on tapes and bail out if that
-+ * fails. So we disallow pread() and pwrite(), but permit lseeks.
-+ */
-+ filp->f_mode &= ~(FMODE_PREAD | FMODE_PWRITE);
-+
- write_lock(&st_dev_arr_lock);
- if (dev >= st_dev_max || scsi_tapes == NULL ||
- ((STp = scsi_tapes[dev]) == NULL)) {
-diff -puN drivers/scsi/osst.c~make-st-seekable-again drivers/scsi/osst.c
---- 25/drivers/scsi/osst.c~make-st-seekable-again 2005-03-04 13:16:32.000000000 -0800
-+++ 25-akpm/drivers/scsi/osst.c 2005-03-04 13:16:32.000000000 -0800
-@@ -4318,7 +4318,13 @@ static int os_scsi_tape_open(struct inod
- int dev = TAPE_NR(inode);
- int mode = TAPE_MODE(inode);
-
-- nonseekable_open(inode, filp);
-+ /*
-+ * We really want to do nonseekable_open(inode, filp); here, but some
-+ * versions of tar incorrectly call lseek on tapes and bail out if that
-+ * fails. So we disallow pread() and pwrite(), but permit lseeks.
-+ */
-+ filp->f_mode &= ~(FMODE_PREAD | FMODE_PWRITE);
-+
- write_lock(&os_scsi_tapes_lock);
- if (dev >= osst_max_dev || os_scsi_tapes == NULL ||
- (STp = os_scsi_tapes[dev]) == NULL || !STp->device) {
-_
-
+++ /dev/null
-From stable-bounces@linux.kernel.org Mon May 21 19:34:01 2007
-From: Eric Sandeen <sandeen@sandeen.net>
-Date: Mon, 21 May 2007 21:32:40 -0500
-Subject: sysfs: store sysfs inode nrs in s_ino to avoid readdir oopses
-To: Eric Sandeen <sandeen@redhat.com>
-Cc: stable@kernel.org, Andrew Morton <akpm@linux-foundation.org>, Tejun Heo <htejun@gmail.com>, Linux Kernel Mailing List <linux-kernel@vger.kernel.org>, Maneesh Soni <maneesh@in.ibm.com>
-Message-ID: <46525648.8050807@sandeen.net>
-
-
-Backport of
-ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.22-rc1/2.6.22-rc1-mm1/broken-out/gregkh-driver-sysfs-allocate-inode-number-using-ida.patch
-
-For regular files in sysfs, sysfs_readdir wants to traverse
-sysfs_dirent->s_dentry->d_inode->i_ino to get to the inode number.
-But, the dentry can be reclaimed under memory pressure, and there
-is no synchronization with readdir. This patch follows Tejun's
-scheme of allocating and storing an inode number in the new s_ino
-member of a sysfs_dirent, when dirents are created, and retrieving
-it from there for readdir, so that the pointer chain doesn't have
-to be traversed.
-
-Tejun's upstream patch uses a new-ish "ida" allocator which brings along
-some extra complexity; this -stable patch has a brain-dead incrementing
-counter which does not guarantee uniqueness, but because sysfs doesn't
-hash inodes as iunique expects, uniqueness wasn't guaranteed today anyway.
-
-Signed-off-by: Eric Sandeen <sandeen@redhat.com>
-Cc: Tejun Heo <htejun@gmail.com>
-Cc: Maneesh Soni <maneesh@in.ibm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
----
- fs/sysfs/dir.c | 16 +++++++++++-----
- fs/sysfs/inode.c | 1 +
- fs/sysfs/mount.c | 1 +
- fs/sysfs/sysfs.h | 1 +
- 4 files changed, 14 insertions(+), 5 deletions(-)
-
---- a/fs/sysfs/dir.c
-+++ b/fs/sysfs/dir.c
-@@ -30,6 +30,14 @@ static struct dentry_operations sysfs_de
- .d_iput = sysfs_d_iput,
- };
-
-+static unsigned int sysfs_inode_counter;
-+ino_t sysfs_get_inum(void)
-+{
-+ if (unlikely(sysfs_inode_counter < 3))
-+ sysfs_inode_counter = 3;
-+ return sysfs_inode_counter++;
-+}
-+
- /*
- * Allocates a new sysfs_dirent and links it to the parent sysfs_dirent
- */
-@@ -41,6 +49,7 @@ static struct sysfs_dirent * __sysfs_new
- if (!sd)
- return NULL;
-
-+ sd->s_ino = sysfs_get_inum();
- atomic_set(&sd->s_count, 1);
- atomic_set(&sd->s_event, 1);
- INIT_LIST_HEAD(&sd->s_children);
-@@ -509,7 +518,7 @@ static int sysfs_readdir(struct file * f
-
- switch (i) {
- case 0:
-- ino = dentry->d_inode->i_ino;
-+ ino = parent_sd->s_ino;
- if (filldir(dirent, ".", 1, i, ino, DT_DIR) < 0)
- break;
- filp->f_pos++;
-@@ -538,10 +547,7 @@ static int sysfs_readdir(struct file * f
-
- name = sysfs_get_name(next);
- len = strlen(name);
-- if (next->s_dentry)
-- ino = next->s_dentry->d_inode->i_ino;
-- else
-- ino = iunique(sysfs_sb, 2);
-+ ino = next->s_ino;
-
- if (filldir(dirent, name, len, filp->f_pos, ino,
- dt_type(next)) < 0)
---- a/fs/sysfs/inode.c
-+++ b/fs/sysfs/inode.c
-@@ -140,6 +140,7 @@ struct inode * sysfs_new_inode(mode_t mo
- inode->i_mapping->a_ops = &sysfs_aops;
- inode->i_mapping->backing_dev_info = &sysfs_backing_dev_info;
- inode->i_op = &sysfs_inode_operations;
-+ inode->i_ino = sd->s_ino;
- lockdep_set_class(&inode->i_mutex, &sysfs_inode_imutex_key);
-
- if (sd->s_iattr) {
---- a/fs/sysfs/mount.c
-+++ b/fs/sysfs/mount.c
-@@ -33,6 +33,7 @@ static struct sysfs_dirent sysfs_root =
- .s_element = NULL,
- .s_type = SYSFS_ROOT,
- .s_iattr = NULL,
-+ .s_ino = 1,
- };
-
- static void sysfs_clear_inode(struct inode *inode)
---- a/fs/sysfs/sysfs.h
-+++ b/fs/sysfs/sysfs.h
-@@ -5,6 +5,7 @@ struct sysfs_dirent {
- void * s_element;
- int s_type;
- umode_t s_mode;
-+ ino_t s_ino;
- struct dentry * s_dentry;
- struct iattr * s_iattr;
- atomic_t s_event;
+++ /dev/null
-From foo@baz Tue Apr 9 12:12:43 2002
-Date: Fri, 11 Mar 2005 21:46:29 +0000
-From: Ralf Baechle DL5RB <ralf@linux-mips.org>
-To: stable@kernel.org
-Subject: [PATCH] Timercode race in AX.25
-
-When destroying a socket ax25_destroy_socket tries to stop the protocol's
-T1 timer before freeing the memory. If things are just right using the
-non-sync variant of del_timer means the timer will continue to run even
-after the del_timer because it's adding itself again which is likely to
-result in a crash when the timer is executed again a few seconds later.
-
-del_timer_sync can be expensive, so I don't want this one to go into 2.6
-mainline where I'll try to cook something that is less intrusive than
-regular calls to del_timer_sync.
-
-Signed-off-by: Ralf Baechle DL5RB <ralf@linux-mips.org>
-Signed-off-by: Chris Wright <chrisw@osdl.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
---- bk-afu.orig/net/ax25/ax25_timer.c 2005-03-08 13:54:06.000000000 +0000
-+++ bk-afu/net/ax25/ax25_timer.c 2005-03-08 16:43:34.790532976 +0000
-@@ -106,7 +106,7 @@
-
- void ax25_stop_t1timer(ax25_cb *ax25)
- {
-- del_timer(&ax25->t1timer);
-+ del_timer_sync(&ax25->t1timer);
- }
-
- void ax25_stop_t2timer(ax25_cb *ax25)
+++ /dev/null
-From stable-bounces@linux.kernel.org Wed Jul 12 16:39:52 2006
-Date: Wed, 12 Jul 2006 14:33:14 -0700
-From: "Randy.Dunlap" <rdunlap@xenotime.net>
-To: stable@kernel.org
-Message-Id: <20060712143314.48952105.rdunlap@xenotime.net>
-Cc:
-Subject: tpm: interrupt clear fix
-
-From: Kylene Jo Hall <kjhall@us.ibm.com>
-
-Under stress testing I found that the interrupt is not always cleared.
-This is a bug and this patch should go into 2.6.18 and 2.6.17.x.
-
-Signed-off-by: Kylene Hall <kjhall@us.ibm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
----
- drivers/char/tpm/tpm_tis.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- linux-2.6.17.6.orig/drivers/char/tpm/tpm_tis.c
-+++ linux-2.6.17.6/drivers/char/tpm/tpm_tis.c
-@@ -424,6 +424,7 @@ static irqreturn_t tis_int_handler(int i
- iowrite32(interrupt,
- chip->vendor.iobase +
- TPM_INT_STATUS(chip->vendor.locality));
-+ mb();
- return IRQ_HANDLED;
- }
-
+++ /dev/null
-From tytso@mit.edu Mon Apr 19 10:23:14 2010
-From: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
-Date: Mon, 15 Mar 2010 20:26:03 -0400
-Subject: vfs: Add no_nrwrite_index_update writeback control flag
-To: stable@kernel.org
-Cc: linux-fsdevel@vger.kernel.org, Ext4 Developers List <linux-ext4@vger.kernel.org>, "Theodore Ts'o" <tytso@mit.edu>, "Jayson R. King" <dev@jaysonking.com>, "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
-Message-ID: <1268699165-17461-10-git-send-email-tytso@mit.edu>
-
-
-From: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
-
-commit 17bc6c30cf6bfffd816bdc53682dd46fc34a2cf4 upstream.
-
-If no_nrwrite_index_update is set we don't update nr_to_write and
-address space writeback_index in write_cache_pages. This change
-enables a file system to skip these updates in write_cache_pages and do
-them in the writepages() callback. This patch will be followed by an
-ext4 patch that make use of these new flags.
-
-Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
-Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
-CC: linux-fsdevel@vger.kernel.org
-[dev@jaysonking.com: Modified the patch to account for subsequent changes in mainline being cherry-picked earlier for 2.6.27.y.]
-Signed-off-by: Jayson R. King <dev@jaysonking.com>
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
----
- include/linux/writeback.h | 9 +++++++++
- mm/page-writeback.c | 14 +++++++++-----
- 2 files changed, 18 insertions(+), 5 deletions(-)
-
---- a/include/linux/writeback.h
-+++ b/include/linux/writeback.h
-@@ -62,6 +62,15 @@ struct writeback_control {
- unsigned for_writepages:1; /* This is a writepages() call */
- unsigned range_cyclic:1; /* range_start is cyclic */
- unsigned more_io:1; /* more io to be dispatched */
-+ /*
-+ * write_cache_pages() won't update wbc->nr_to_write and
-+ * mapping->writeback_index if no_nrwrite_index_update
-+ * is set. write_cache_pages() may write more than we
-+ * requested and we want to make sure nr_to_write and
-+ * writeback_index are updated in a consistent manner
-+ * so we use a single control to update them
-+ */
-+ unsigned no_nrwrite_index_update:1;
- };
-
- /*
---- a/mm/page-writeback.c
-+++ b/mm/page-writeback.c
-@@ -878,6 +878,7 @@ int write_cache_pages(struct address_spa
- pgoff_t done_index;
- int cycled;
- int range_whole = 0;
-+ long nr_to_write = wbc->nr_to_write;
-
- if (wbc->nonblocking && bdi_write_congested(bdi)) {
- wbc->encountered_congestion = 1;
-@@ -985,9 +986,9 @@ continue_unlock:
- }
- }
-
-- if (wbc->nr_to_write > 0) {
-- wbc->nr_to_write--;
-- if (wbc->nr_to_write == 0 &&
-+ if (nr_to_write > 0) {
-+ nr_to_write--;
-+ if (nr_to_write == 0 &&
- wbc->sync_mode == WB_SYNC_NONE) {
- /*
- * We stop writing back only if we are
-@@ -1024,8 +1025,11 @@ continue_unlock:
- end = writeback_index - 1;
- goto retry;
- }
-- if (wbc->range_cyclic || (range_whole && wbc->nr_to_write > 0))
-- mapping->writeback_index = done_index;
-+ if (!wbc->no_nrwrite_index_update) {
-+ if (wbc->range_cyclic || (range_whole && nr_to_write > 0))
-+ mapping->writeback_index = done_index;
-+ wbc->nr_to_write = nr_to_write;
-+ }
-
- return ret;
- }
+++ /dev/null
-Subject: x86: replace LOCK_PREFIX in futex.h
-From: Thomas Gleixner <tglx@linutronix.de>
-Date: Thu, 07 Feb 2008 13:06:02 +0100
-
-From: Thomas Gleixner <tglx@linutronix.de>
-
-The exception fixup for the futex macros __futex_atomic_op1/2 and
-futex_atomic_cmpxchg_inatomic() is missing an entry when the lock
-prefix is replaced by a NOP via SMP alternatives.
-
-Chuck Ebert tracked this down from the information provided in:
-https://bugzilla.redhat.com/show_bug.cgi?id=429412
-
-A possible solution would be to add another fixup after the
-LOCK_PREFIX, so both the LOCK and NOP case have their own entry in the
-exception table, but it's not really worth the trouble.
-
-Simply replace LOCK_PREFIX with lock and keep those untouched by SMP
-alternatives.
-
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
----
- include/asm-x86/futex_32.h | 6 +++---
- include/asm-x86/futex_64.h | 6 +++---
- 2 files changed, 6 insertions(+), 6 deletions(-)
-
---- a/include/asm-x86/futex_32.h
-+++ b/include/asm-x86/futex_32.h
-@@ -28,7 +28,7 @@
- "1: movl %2, %0\n\
- movl %0, %3\n" \
- insn "\n" \
--"2: " LOCK_PREFIX "cmpxchgl %3, %2\n\
-+"2: lock cmpxchgl %3, %2\n\
- jnz 1b\n\
- 3: .section .fixup,\"ax\"\n\
- 4: mov %5, %1\n\
-@@ -68,7 +68,7 @@ futex_atomic_op_inuser (int encoded_op,
- #endif
- switch (op) {
- case FUTEX_OP_ADD:
-- __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret,
-+ __futex_atomic_op1("lock xaddl %0, %2", ret,
- oldval, uaddr, oparg);
- break;
- case FUTEX_OP_OR:
-@@ -111,7 +111,7 @@ futex_atomic_cmpxchg_inatomic(int __user
- return -EFAULT;
-
- __asm__ __volatile__(
-- "1: " LOCK_PREFIX "cmpxchgl %3, %1 \n"
-+ "1: lock cmpxchgl %3, %1 \n"
-
- "2: .section .fixup, \"ax\" \n"
- "3: mov %2, %0 \n"
---- a/include/asm-x86/futex_64.h
-+++ b/include/asm-x86/futex_64.h
-@@ -27,7 +27,7 @@
- "1: movl %2, %0\n\
- movl %0, %3\n" \
- insn "\n" \
--"2: " LOCK_PREFIX "cmpxchgl %3, %2\n\
-+"2: "lock cmpxchgl %3, %2\n\
- jnz 1b\n\
- 3: .section .fixup,\"ax\"\n\
- 4: mov %5, %1\n\
-@@ -62,7 +62,7 @@ futex_atomic_op_inuser (int encoded_op,
- __futex_atomic_op1("xchgl %0, %2", ret, oldval, uaddr, oparg);
- break;
- case FUTEX_OP_ADD:
-- __futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret, oldval,
-+ __futex_atomic_op1("lock xaddl %0, %2", ret, oldval,
- uaddr, oparg);
- break;
- case FUTEX_OP_OR:
-@@ -101,7 +101,7 @@ futex_atomic_cmpxchg_inatomic(int __user
- return -EFAULT;
-
- __asm__ __volatile__(
-- "1: " LOCK_PREFIX "cmpxchgl %3, %1 \n"
-+ "1: lock cmpxchgl %3, %1 \n"
-
- "2: .section .fixup, \"ax\" \n"
- "3: mov %2, %0 \n"
+++ /dev/null
-From stable-bounces@linux.kernel.org Wed Jun 29 18:12:49 2005
-To: stable@kernel.org
-From: akpm@osdl.org
-Date: Wed, 29 Jun 2005 18:12:01 -0700
-Cc: akpm@osdl.org, ak@muc.de, nanhai.zou@intel.com, suresh.b.siddha@intel.com
-Subject: [patch x86_64: TASK_SIZE fixes for compatibility mode processes
-
-From: Suresh Siddha <suresh.b.siddha@intel.com>
-
-Appended patch will setup compatibility mode TASK_SIZE properly. This will
-fix atleast three known bugs that can be encountered while running
-compatibility mode apps.
-
-a) A malicious 32bit app can have an elf section at 0xffffe000. During
- exec of this app, we will have a memory leak as insert_vm_struct() is
- not checking for return value in syscall32_setup_pages() and thus not
- freeing the vma allocated for the vsyscall page. And instead of exec
- failing (as it has addresses > TASK_SIZE), we were allowing it to
- succeed previously.
-
-b) With a 32bit app, hugetlb_get_unmapped_area/arch_get_unmapped_area
- may return addresses beyond 32bits, ultimately causing corruption
- because of wrap-around and resulting in SEGFAULT, instead of returning
- ENOMEM.
-
-c) 32bit app doing this below mmap will now fail.
-
- mmap((void *)(0xFFFFE000UL), 0x10000UL, PROT_READ|PROT_WRITE,
- MAP_FIXED|MAP_PRIVATE|MAP_ANON, 0, 0);
-
-Signed-off-by: Zou Nan hai <nanhai.zou@intel.com>
-Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
-Cc: Andi Kleen <ak@muc.de>
-Signed-off-by: Andrew Morton <akpm@osdl.org>
-Signed-off-by: Chris Wright <chrisw@osdl.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
----
- arch/x86_64/ia32/ia32_binfmt.c | 5 +----
- arch/x86_64/kernel/process.c | 4 ++--
- arch/x86_64/kernel/ptrace.c | 17 ++++++++++-------
- arch/x86_64/kernel/sys_x86_64.c | 14 ++++----------
- arch/x86_64/mm/fault.c | 2 +-
- include/asm-x86_64/a.out.h | 2 +-
- include/asm-x86_64/processor.h | 11 ++++++-----
- 7 files changed, 25 insertions(+), 30 deletions(-)
-
---- linux-2.6.12.2.orig/arch/x86_64/ia32/ia32_binfmt.c 2005-06-17 12:48:29.000000000 -0700
-+++ linux-2.6.12.2/arch/x86_64/ia32/ia32_binfmt.c 2005-07-13 10:56:37.000000000 -0700
-@@ -46,7 +46,7 @@
-
- #define IA32_EMULATOR 1
-
--#define ELF_ET_DYN_BASE (TASK_UNMAPPED_32 + 0x1000000)
-+#define ELF_ET_DYN_BASE (TASK_UNMAPPED_BASE + 0x1000000)
-
- #undef ELF_ARCH
- #define ELF_ARCH EM_386
-@@ -307,9 +307,6 @@
-
- #define elf_addr_t __u32
-
--#undef TASK_SIZE
--#define TASK_SIZE 0xffffffff
--
- static void elf32_init(struct pt_regs *);
-
- #define ARCH_HAS_SETUP_ADDITIONAL_PAGES 1
---- linux-2.6.12.2.orig/arch/x86_64/kernel/process.c 2005-06-17 12:48:29.000000000 -0700
-+++ linux-2.6.12.2/arch/x86_64/kernel/process.c 2005-07-13 10:56:37.000000000 -0700
-@@ -656,7 +656,7 @@
-
- switch (code) {
- case ARCH_SET_GS:
-- if (addr >= TASK_SIZE)
-+ if (addr >= TASK_SIZE_OF(task))
- return -EPERM;
- cpu = get_cpu();
- /* handle small bases via the GDT because that's faster to
-@@ -682,7 +682,7 @@
- case ARCH_SET_FS:
- /* Not strictly needed for fs, but do it for symmetry
- with gs */
-- if (addr >= TASK_SIZE)
-+ if (addr >= TASK_SIZE_OF(task))
- return -EPERM;
- cpu = get_cpu();
- /* handle small bases via the GDT because that's faster to
---- linux-2.6.12.2.orig/arch/x86_64/kernel/ptrace.c 2005-06-17 12:48:29.000000000 -0700
-+++ linux-2.6.12.2/arch/x86_64/kernel/ptrace.c 2005-07-13 10:56:37.000000000 -0700
-@@ -257,12 +257,12 @@
- value &= 0xffff;
- return 0;
- case offsetof(struct user_regs_struct,fs_base):
-- if (value >= TASK_SIZE)
-+ if (value >= TASK_SIZE_OF(child))
- return -EIO;
- child->thread.fs = value;
- return 0;
- case offsetof(struct user_regs_struct,gs_base):
-- if (value >= TASK_SIZE)
-+ if (value >= TASK_SIZE_OF(child))
- return -EIO;
- child->thread.gs = value;
- return 0;
-@@ -279,7 +279,7 @@
- break;
- case offsetof(struct user_regs_struct, rip):
- /* Check if the new RIP address is canonical */
-- if (value >= TASK_SIZE)
-+ if (value >= TASK_SIZE_OF(child))
- return -EIO;
- break;
- }
-@@ -419,6 +419,8 @@
- break;
-
- case PTRACE_POKEUSR: /* write the word at location addr in the USER area */
-+ {
-+ int dsize = test_tsk_thread_flag(child, TIF_IA32) ? 3 : 7;
- ret = -EIO;
- if ((addr & 7) ||
- addr > sizeof(struct user) - 7)
-@@ -430,22 +432,22 @@
- break;
- /* Disallows to set a breakpoint into the vsyscall */
- case offsetof(struct user, u_debugreg[0]):
-- if (data >= TASK_SIZE-7) break;
-+ if (data >= TASK_SIZE_OF(child) - dsize) break;
- child->thread.debugreg0 = data;
- ret = 0;
- break;
- case offsetof(struct user, u_debugreg[1]):
-- if (data >= TASK_SIZE-7) break;
-+ if (data >= TASK_SIZE_OF(child) - dsize) break;
- child->thread.debugreg1 = data;
- ret = 0;
- break;
- case offsetof(struct user, u_debugreg[2]):
-- if (data >= TASK_SIZE-7) break;
-+ if (data >= TASK_SIZE_OF(child) - dsize) break;
- child->thread.debugreg2 = data;
- ret = 0;
- break;
- case offsetof(struct user, u_debugreg[3]):
-- if (data >= TASK_SIZE-7) break;
-+ if (data >= TASK_SIZE_OF(child) - dsize) break;
- child->thread.debugreg3 = data;
- ret = 0;
- break;
-@@ -469,6 +471,7 @@
- break;
- }
- break;
-+ }
- case PTRACE_SYSCALL: /* continue and stop at next (return from) syscall */
- case PTRACE_CONT: /* restart after signal. */
-
---- linux-2.6.12.2.orig/arch/x86_64/kernel/sys_x86_64.c 2005-06-17 12:48:29.000000000 -0700
-+++ linux-2.6.12.2/arch/x86_64/kernel/sys_x86_64.c 2005-07-13 10:56:37.000000000 -0700
-@@ -68,13 +68,7 @@
- static void find_start_end(unsigned long flags, unsigned long *begin,
- unsigned long *end)
- {
--#ifdef CONFIG_IA32_EMULATION
-- if (test_thread_flag(TIF_IA32)) {
-- *begin = TASK_UNMAPPED_32;
-- *end = IA32_PAGE_OFFSET;
-- } else
--#endif
-- if (flags & MAP_32BIT) {
-+ if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT)) {
- /* This is usually used needed to map code in small
- model, so it needs to be in the first 31bit. Limit
- it to that. This means we need to move the
-@@ -84,10 +78,10 @@
- of playground for now. -AK */
- *begin = 0x40000000;
- *end = 0x80000000;
-- } else {
-- *begin = TASK_UNMAPPED_64;
-+ } else {
-+ *begin = TASK_UNMAPPED_BASE;
- *end = TASK_SIZE;
-- }
-+ }
- }
-
- unsigned long
---- linux-2.6.12.2.orig/arch/x86_64/mm/fault.c 2005-06-17 12:48:29.000000000 -0700
-+++ linux-2.6.12.2/arch/x86_64/mm/fault.c 2005-07-13 10:56:37.000000000 -0700
-@@ -350,7 +350,7 @@
- * (error_code & 4) == 0, and that the fault was not a
- * protection error (error_code & 1) == 0.
- */
-- if (unlikely(address >= TASK_SIZE)) {
-+ if (unlikely(address >= TASK_SIZE64)) {
- if (!(error_code & 5) &&
- ((address >= VMALLOC_START && address < VMALLOC_END) ||
- (address >= MODULES_VADDR && address < MODULES_END))) {
---- linux-2.6.12.2.orig/include/asm-x86_64/a.out.h 2005-06-17 12:48:29.000000000 -0700
-+++ linux-2.6.12.2/include/asm-x86_64/a.out.h 2005-07-13 10:56:37.000000000 -0700
-@@ -21,7 +21,7 @@
-
- #ifdef __KERNEL__
- #include <linux/thread_info.h>
--#define STACK_TOP (test_thread_flag(TIF_IA32) ? IA32_PAGE_OFFSET : TASK_SIZE)
-+#define STACK_TOP TASK_SIZE
- #endif
-
- #endif /* __A_OUT_GNU_H__ */
---- linux-2.6.12.2.orig/include/asm-x86_64/processor.h 2005-06-17 12:48:29.000000000 -0700
-+++ linux-2.6.12.2/include/asm-x86_64/processor.h 2005-07-13 10:56:37.000000000 -0700
-@@ -160,16 +160,17 @@
- /*
- * User space process size. 47bits minus one guard page.
- */
--#define TASK_SIZE (0x800000000000UL - 4096)
-+#define TASK_SIZE64 (0x800000000000UL - 4096)
-
- /* This decides where the kernel will search for a free chunk of vm
- * space during mmap's.
- */
- #define IA32_PAGE_OFFSET ((current->personality & ADDR_LIMIT_3GB) ? 0xc0000000 : 0xFFFFe000)
--#define TASK_UNMAPPED_32 PAGE_ALIGN(IA32_PAGE_OFFSET/3)
--#define TASK_UNMAPPED_64 PAGE_ALIGN(TASK_SIZE/3)
--#define TASK_UNMAPPED_BASE \
-- (test_thread_flag(TIF_IA32) ? TASK_UNMAPPED_32 : TASK_UNMAPPED_64)
-+
-+#define TASK_SIZE (test_thread_flag(TIF_IA32) ? IA32_PAGE_OFFSET : TASK_SIZE64)
-+#define TASK_SIZE_OF(child) ((test_tsk_thread_flag(child, TIF_IA32)) ? IA32_PAGE_OFFSET : TASK_SIZE64)
-+
-+#define TASK_UNMAPPED_BASE PAGE_ALIGN(TASK_SIZE/3)
-
- /*
- * Size of io_bitmap.
projects / thirdparty / kernel / stable-queue.git / commitdiff
