--- /dev/null
+From stable-bounces@linux.kernel.org Thu Jan 31 23:06:27 2008
+From: Al Viro <viro@ZenIV.linux.org.uk>
+Date: Fri, 1 Feb 2008 07:05:44 +0000
+Subject: Fix dl2k constants
+To: Jeff Garzik <jgarzik@pobox.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>, stable@kernel.org
+Message-ID: <20080201070544.GL27894@ZenIV.linux.org.uk>
+Content-Disposition: inline
+
+
+patch 9c52fab2f187636b39afb0dcf562872ed42ab608 in mainline.
+
+The MSSR constants didn't match the reality - bitfield declarations
+used to be correct (1000BT_FD - bit 11, 1000BT_HD - bit 10), but enum
+had them the other way round. Went unnoticed until the switch from
+the bitfields use to the explicit arithmetics and I hadn't caught that one
+when verifying correctness of change...
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/dl2k.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/dl2k.h
++++ b/drivers/net/dl2k.h
+@@ -388,8 +388,8 @@ enum _mii_mssr {
+ MII_MSSR_CFG_RES = 0x4000,
+ MII_MSSR_LOCAL_RCV_STATUS = 0x2000,
+ MII_MSSR_REMOTE_RCVR = 0x1000,
+- MII_MSSR_LP_1000BT_HD = 0x0800,
+- MII_MSSR_LP_1000BT_FD = 0x0400,
++ MII_MSSR_LP_1000BT_FD = 0x0800,
++ MII_MSSR_LP_1000BT_HD = 0x0400,
+ MII_MSSR_IDLE_ERR_COUNT = 0x00ff,
+ };
+
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Feb 8 04:19:17 2008
+From: Nishanth Aravamudan <nacc@us.ibm.com>
+Date: Fri, 08 Feb 2008 04:18:18 -0800
+Subject: hugetlb: add locking for overcommit sysctl
+To: torvalds@linux-foundation.org
+Cc: wli@holomorphy.com, agl@us.ibm.com, nacc@us.ibm.com, akpm@linux-foundation.org, stable@kernel.org, david@gibson.dropbear.id.au
+Message-ID: <200802081217.m18CHxwe023557@imap1.linux-foundation.org>
+
+
+From: Nishanth Aravamudan <nacc@us.ibm.com>
+
+patch a3d0c6aa1bb342b9b2c7b123b52ac2f48a4d4d0a in mainline.
+
+When I replaced hugetlb_dynamic_pool with nr_overcommit_hugepages I used
+proc_doulongvec_minmax() directly. However, hugetlb.c's locking rules
+require that all counter modifications occur under the hugetlb_lock. Add a
+callback into the hugetlb code similar to the one for nr_hugepages. Grab
+the lock around the manipulation of nr_overcommit_hugepages in
+proc_doulongvec_minmax().
+
+Signed-off-by: Nishanth Aravamudan <nacc@us.ibm.com>
+Acked-by: Adam Litke <agl@us.ibm.com>
+Cc: David Gibson <david@gibson.dropbear.id.au>
+Cc: William Lee Irwin III <wli@holomorphy.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ include/linux/hugetlb.h | 1 +
+ kernel/sysctl.c | 2 +-
+ mm/hugetlb.c | 10 ++++++++++
+ 3 files changed, 12 insertions(+), 1 deletion(-)
+
+--- a/include/linux/hugetlb.h
++++ b/include/linux/hugetlb.h
+@@ -17,6 +17,7 @@ static inline int is_vm_hugetlb_page(str
+ }
+
+ int hugetlb_sysctl_handler(struct ctl_table *, int, struct file *, void __user *, size_t *, loff_t *);
++int hugetlb_overcommit_handler(struct ctl_table *, int, struct file *, void __user *, size_t *, loff_t *);
+ int hugetlb_treat_movable_handler(struct ctl_table *, int, struct file *, void __user *, size_t *, loff_t *);
+ int copy_hugetlb_page_range(struct mm_struct *, struct mm_struct *, struct vm_area_struct *);
+ int follow_hugetlb_page(struct mm_struct *, struct vm_area_struct *, struct page **, struct vm_area_struct **, unsigned long *, int *, int, int);
+--- a/kernel/sysctl.c
++++ b/kernel/sysctl.c
+@@ -910,7 +910,7 @@ static struct ctl_table vm_table[] = {
+ .data = &nr_overcommit_huge_pages,
+ .maxlen = sizeof(nr_overcommit_huge_pages),
+ .mode = 0644,
+- .proc_handler = &proc_doulongvec_minmax,
++ .proc_handler = &hugetlb_overcommit_handler,
+ },
+ #endif
+ {
+--- a/mm/hugetlb.c
++++ b/mm/hugetlb.c
+@@ -605,6 +605,16 @@ int hugetlb_treat_movable_handler(struct
+ return 0;
+ }
+
++int hugetlb_overcommit_handler(struct ctl_table *table, int write,
++ struct file *file, void __user *buffer,
++ size_t *length, loff_t *ppos)
++{
++ spin_lock(&hugetlb_lock);
++ proc_doulongvec_minmax(table, write, file, buffer, length, ppos);
++ spin_unlock(&hugetlb_lock);
++ return 0;
++}
++
+ #endif /* CONFIG_SYSCTL */
+
+ int hugetlb_report_meminfo(char *buf)
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Feb 8 04:19:02 2008
+From: Ulisses Furquim <ulissesf@gmail.com>
+Date: Fri, 08 Feb 2008 04:18:16 -0800
+Subject: inotify: fix check for one-shot watches before destroying them
+To: torvalds@linux-foundation.org
+Cc: rlove@google.com, clem.taylor@gmail.com, stable@kernel.org, amy.griffis@hp.com, ttb@tentacle.dhs.org, akpm@linux-foundation.org, ulissesf@gmail.com
+Message-ID: <200802081217.m18CHvXc023553@imap1.linux-foundation.org>
+
+From: Ulisses Furquim <ulissesf@gmail.com>
+
+patch ac74c00e499ed276a965e5b5600667d5dc04a84a in mainline.
+
+As the IN_ONESHOT bit is never set when an event is sent we must check it
+in the watch's mask and not in the event's mask.
+
+Signed-off-by: Ulisses Furquim <ulissesf@gmail.com>
+Reported-by: "Clem Taylor" <clem.taylor@gmail.com>
+Tested-by: "Clem Taylor" <clem.taylor@gmail.com>
+Cc: Amy Griffis <amy.griffis@hp.com>
+Cc: Robert Love <rlove@google.com>
+Cc: John McCutchan <ttb@tentacle.dhs.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ fs/inotify_user.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/inotify_user.c
++++ b/fs/inotify_user.c
+@@ -269,7 +269,7 @@ static void inotify_dev_queue_event(stru
+ /* we can safely put the watch as we don't reference it while
+ * generating the event
+ */
+- if (mask & IN_IGNORED || mask & IN_ONESHOT)
++ if (mask & IN_IGNORED || w->mask & IN_ONESHOT)
+ put_inotify_watch(w); /* final put */
+
+ /* coalescing: drop this event if it is a dupe of the previous */
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Feb 8 11:02:37 2008
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Fri, 08 Feb 2008 14:01:02 -0500
+Subject: NFS: Fix a potential file corruption issue when writing
+To: stable@kernel.org
+Message-ID: <1202497262.8383.8.camel@heimdal.trondhjem.org>
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+patch 5d47a35600270e7115061cb1320ee60ae9bcb6b8 in mainline.
+
+If the inode is flagged as having an invalid mapping, then we can't rely on
+the PageUptodate() flag. Ensure that we don't use the "anti-fragmentation"
+write optimisation in nfs_updatepage(), since that will cause NFS to write
+out areas of the page that are no longer guaranteed to be up to date.
+
+A potential corruption could occur in the following scenario:
+
+client 1 client 2
+=============== ===============
+ fd=open("f",O_CREAT|O_WRONLY,0644);
+ write(fd,"fubar\n",6); // cache last page
+ close(fd);
+fd=open("f",O_WRONLY|O_APPEND);
+write(fd,"foo\n",4);
+close(fd);
+
+ fd=open("f",O_WRONLY|O_APPEND);
+ write(fd,"bar\n",4);
+ close(fd);
+-----
+The bug may lead to the file "f" reading 'fubar\n\0\0\0\nbar\n' because
+client 2 does not update the cached page after re-opening the file for
+write. Instead it keeps it marked as PageUptodate() until someone calls
+invalidate_inode_pages2() (typically by calling read()).
+
+The bug was introduced by commit 44b11874ff583b6e766a05856b04f3c492c32b84
+"NFS: Separate metadata and page cache revalidation mechanisms"
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/nfs/write.c | 20 +++++++++++++++++---
+ 1 file changed, 17 insertions(+), 3 deletions(-)
+
+--- a/fs/nfs/write.c
++++ b/fs/nfs/write.c
+@@ -701,6 +701,17 @@ int nfs_flush_incompatible(struct file *
+ }
+
+ /*
++ * If the page cache is marked as unsafe or invalid, then we can't rely on
++ * the PageUptodate() flag. In this case, we will need to turn off
++ * write optimisations that depend on the page contents being correct.
++ */
++static int nfs_write_pageuptodate(struct page *page, struct inode *inode)
++{
++ return PageUptodate(page) &&
++ !(NFS_I(inode)->cache_validity & (NFS_INO_REVAL_PAGECACHE|NFS_INO_INVALID_DATA));
++}
++
++/*
+ * Update and possibly write a cached page of an NFS file.
+ *
+ * XXX: Keep an eye on generic_file_read to make sure it doesn't do bad
+@@ -721,10 +732,13 @@ int nfs_updatepage(struct file *file, st
+ (long long)(page_offset(page) +offset));
+
+ /* If we're not using byte range locks, and we know the page
+- * is entirely in cache, it may be more efficient to avoid
+- * fragmenting write requests.
++ * is up to date, it may be more efficient to extend the write
++ * to cover the entire page in order to avoid fragmentation
++ * inefficiencies.
+ */
+- if (PageUptodate(page) && inode->i_flock == NULL && !(file->f_mode & O_SYNC)) {
++ if (nfs_write_pageuptodate(page, inode) &&
++ inode->i_flock == NULL &&
++ !(file->f_mode & O_SYNC)) {
+ count = max(count + offset, nfs_page_length(page));
+ offset = 0;
+ }
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Feb 8 04:30:29 2008
+From: Jan Kara <jack@suse.cz>
+Date: Fri, 08 Feb 2008 04:22:13 -0800
+Subject: quota: turn quotas off when remounting read-only
+To: torvalds@linux-foundation.org
+Cc: akpm@linux-foundation.org, jack@suse.cz, stable@kernel.org
+Message-ID: <200802081221.m18CLtGt024628@imap1.linux-foundation.org>
+
+
+From: Jan Kara <jack@suse.cz>
+
+patch 66191dc622f5ff0a541524c4e96fdacfacfda206 in mainline.
+
+Turn off quotas before filesystem is remounted read only. Otherwise quota
+will try to write to read-only filesystem which does no good... We could
+also just refuse to remount ro when quota is enabled but turning quota off
+is consistent with what we do on umount.
+
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/super.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/super.c
++++ b/fs/super.c
+@@ -603,6 +603,7 @@ int do_remount_sb(struct super_block *sb
+ mark_files_ro(sb);
+ else if (!fs_may_remount_ro(sb))
+ return -EBUSY;
++ DQUOT_OFF(sb);
+ }
+
+ if (sb->s_op->remount_fs) {
--- /dev/null
+From 366c246de9cec909c5eba4f784c92d1e75b4dc38 Mon Sep 17 00:00:00 2001
+From: James Bottomley <James.Bottomley@HansenPartnership.com>
+Date: Sat, 2 Feb 2008 16:06:23 -0600
+Subject: SCSI: sd: handle bad lba in sense information
+
+From: James Bottomley <James.Bottomley@HansenPartnership.com>
+
+patch 366c246de9cec909c5eba4f784c92d1e75b4dc38 in mainline.
+
+Some devices report medium error locations incorrectly. Add guards to
+make sure the reported bad lba is actually in the request that caused
+it. Additionally remove the large case statment for sector sizes and
+replace it with the proper u64 divisions.
+
+Tested-by: Mike Snitzer <snitzer@gmail.com>
+Cc: Stable Tree <stable@kernel.org>
+Cc: Tony Battersby <tonyb@cybernetics.com>
+Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/scsi/sd.c | 34 ++++++++++++++++------------------
+ 1 file changed, 16 insertions(+), 18 deletions(-)
+
+--- a/drivers/scsi/sd.c
++++ b/drivers/scsi/sd.c
+@@ -907,6 +907,7 @@ static int sd_done(struct scsi_cmnd *SCp
+ unsigned int xfer_size = SCpnt->request_bufflen;
+ unsigned int good_bytes = result ? 0 : xfer_size;
+ u64 start_lba = SCpnt->request->sector;
++ u64 end_lba = SCpnt->request->sector + (xfer_size / 512);
+ u64 bad_lba;
+ struct scsi_sense_hdr sshdr;
+ int sense_valid = 0;
+@@ -945,26 +946,23 @@ static int sd_done(struct scsi_cmnd *SCp
+ goto out;
+ if (xfer_size <= SCpnt->device->sector_size)
+ goto out;
+- switch (SCpnt->device->sector_size) {
+- case 256:
++ if (SCpnt->device->sector_size < 512) {
++ /* only legitimate sector_size here is 256 */
+ start_lba <<= 1;
+- break;
+- case 512:
+- break;
+- case 1024:
+- start_lba >>= 1;
+- break;
+- case 2048:
+- start_lba >>= 2;
+- break;
+- case 4096:
+- start_lba >>= 3;
+- break;
+- default:
+- /* Print something here with limiting frequency. */
+- goto out;
+- break;
++ end_lba <<= 1;
++ } else {
++ /* be careful ... don't want any overflows */
++ u64 factor = SCpnt->device->sector_size / 512;
++ do_div(start_lba, factor);
++ do_div(end_lba, factor);
+ }
++
++ if (bad_lba < start_lba || bad_lba >= end_lba)
++ /* the bad lba was reported incorrectly, we have
++ * no idea where the error is
++ */
++ goto out;
++
+ /* This computation should always be done in terms of
+ * the resolution of the device's medium.
+ */
--- /dev/null
+nfs-fix-a-potential-file-corruption-issue-when-writing.patch
+inotify-fix-check-for-one-shot-watches-before-destroying-them.patch
+hugetlb-add-locking-for-overcommit-sysctl.patch
+quota-turn-quotas-off-when-remounting-read-only.patch
+xfs-fix-oops-in-xfs_file_readdir.patch
+fix-dl2k-constants.patch
+scsi-sd-handle-bad-lba-in-sense-information.patch
--- /dev/null
+From stable-bounces@linux.kernel.org Tue Feb 5 15:52:50 2008
+From: David Chinner <dgc@sgi.com>
+Date: Wed, 6 Feb 2008 10:52:15 +1100
+Subject: XFS: Fix oops in xfs_file_readdir()
+To: stable@kernel.org
+Cc: greg@kroah.com, chris@sous-sol.org
+Message-ID: <20080205235215.GY155259@sgi.com>
+Content-Disposition: inline
+
+From: David Chinner <dgc@sgi.com>
+
+patch 450790a2c51e6d9d47ed30dbdcf486656b8e186f in mainline.
+
+Several occurrences of oops in xfs_file_readdir() on ia32 have been
+reported since 2.6.24 was released. This is a regression introduced
+in 2.6.24 and is relatively easy to hit. The patch below fixes the
+problem.
+
+
+Signed-off-by: Dave Chinner <dgc@sgi.com>
+Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/xfs/linux-2.6/xfs_file.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/fs/xfs/linux-2.6/xfs_file.c
++++ b/fs/xfs/linux-2.6/xfs_file.c
+@@ -350,8 +350,8 @@ xfs_file_readdir(
+
+ size = buf.used;
+ de = (struct hack_dirent *)buf.dirent;
+- curr_offset = de->offset /* & 0x7fffffff */;
+ while (size > 0) {
++ curr_offset = de->offset /* & 0x7fffffff */;
+ if (filldir(dirent, de->name, de->namlen,
+ curr_offset & 0x7fffffff,
+ de->ino, de->d_type)) {
+@@ -362,7 +362,6 @@ xfs_file_readdir(
+ sizeof(u64));
+ size -= reclen;
+ de = (struct hack_dirent *)((char *)de + reclen);
+- curr_offset = de->offset /* & 0x7fffffff */;
+ }
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
