Permalink
Commits on Feb 20, 2007
  1. Linux 2.6.19.4

    gregkh committed Feb 20, 2007
  2. [PATCH] Fix a free-wrong-pointer bug in nfs/acl server (CVE-2007-0772)

    Due to type confusion, when an nfsacl verison 2 'ACCESS' request
    finishes and tries to clean up, it calls fh_put on entiredly the
    wrong thing and this can cause an oops.
    
    Signed-off-by: Neil Brown <neilb@suse.de>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Greg Banks committed with gregkh Feb 19, 2007
Commits on Feb 5, 2007
  1. Linux 2.6.19.3

    chriswright committed Feb 5, 2007
  2. [PATCH] sched: fix cond_resched_softirq() offset

    Remove the __resched_legal() check: it is conceptually broken.  The biggest
    problem it had is that it can mask buggy cond_resched() calls.  A
    cond_resched() call is only legal if we are not in an atomic context, with
    two narrow exceptions:
    
     - if the system is booting
     - a reacquire_kernel_lock() down() done while PREEMPT_ACTIVE is set
    
    But __resched_legal() hid this and just silently returned whenever
    these primitives were called from invalid contexts. (Same goes for
    cond_resched_locked() and cond_resched_softirq()).
    
    Furthermore, the __legal_resched(0) call was buggy in that it caused
    unnecessarily long softirq latencies via cond_resched_softirq().  (which is
    only called from softirq-off sections, hence the code did nothing.)
    
    The fix is to resurrect the efficiency of the might_sleep checks and to
    only allow the narrow exceptions.
    
    Signed-off-by: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    [chrisw: backport to 2.6.19.2]
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Ingo Molnar committed with chriswright Dec 30, 2006
  3. [PATCH] move_task_off_dead_cpu() should be called with disabled ints

    move_task_off_dead_cpu() requires interrupts to be disabled, while
    migrate_dead() calls it with enabled interrupts.  Added appropriate
    comments to functions and added BUG_ON(!irqs_disabled()) into
    double_rq_lock() and double_lock_balance() which are the origin sources of
    such bugs.
    
    Signed-off-by: Kirill Korotaev <dev@openvz.org>
    Acked-by: Ingo Molnar <mingo@elte.hu>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@osdl.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Kirill Korotaev committed with chriswright Dec 10, 2006
  4. [PATCH] SUNRPC: Give cloned RPC clients their own rpc_pipefs directory

    This patch fixes a regression in 2.6.19 in which the use of multiple
    krb5 mounts against the same NFS server may result in an Oops on
    unmount. The Oops is due to the fact that multiple NFS krb5 clients may
    end up inadvertently sharing the same rpc_pipefs upcall pipe. The first
    client to 'umount' will unlink that shared pipe, causing an Oops.
    
    The solution is to give each client their own upcall pipe. This fix has
    been in mainline since 2.6.20-rc1.
    
    Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
    [chrisw: backport to 2.6.19.2]
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Trond Myklebust committed with chriswright Jan 25, 2007
  5. [PATCH] NETFILTER: xt_connbytes: fix division by zero

    When the packet counter of a connection is zero a division by zero
    occurs in div64_64(). Fix that by using zero as average value, which
    is correct as long as the packet counter didn't overflow, at which
    point we have lost anyway.
    
    Additionally we're probably going to go back to 64 bit counters
    in 2.6.21.
    
    Based on patch from Jonas Berlin <xkr47@outerspace.dyndns.org>,
    with suggestions from KOVACS Krisztian <hidden@balabit.hu>.
    
    Signed-off-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    kaber committed with chriswright Jan 31, 2007
  6. [PATCH] TCP: skb is unexpectedly freed.

    I encountered a kernel panic with my test program, which is a very
    simple IPv6 client-server program.
    
    The server side sets IPV6_RECVPKTINFO on a listening socket, and the
    client side just sends a message to the server.  Then the kernel panic
    occurs on the server.  (If you need the test program, please let me
    know. I can provide it.)
    
    This problem happens because a skb is forcibly freed in
    tcp_rcv_state_process().
    
    When a socket in listening state(TCP_LISTEN) receives a syn packet,
    then tcp_v6_conn_request() will be called from
    tcp_rcv_state_process().  If the tcp_v6_conn_request() successfully
    returns, the skb would be discarded by __kfree_skb().
    
    However, in case of a listening socket which was already set
    IPV6_RECVPKTINFO, an address of the skb will be stored in
    treq->pktopts and a ref count of the skb will be incremented in
    tcp_v6_conn_request().  But, even if the skb is still in use, the skb
    will be freed.  Then someone still using the freed skb will cause the
    kernel panic.
    
    I suggest to use kfree_skb() instead of __kfree_skb().
    
    Signed-off-by: Masayuki Nakagawa <nakagawa.msy@ncos.nec.co.jp>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Masayuki Nakagawa committed with chriswright Feb 2, 2007
  7. [PATCH] TCP: Fix sorting of SACK blocks.

    The sorting of SACK blocks actually munges them rather than sort,
    causing the TCP stack to ignore some SACK information and breaking the
    assumption of ordered SACK blocks after sorting.
    
    The sort takes the data from a second buffer which isn't moved causing
    subsequent data moves to occur from the wrong location. The fix is to
    use a temporary buffer as a normal sort does.
    
    Signed-off-By: Baruch Even <baruch@ev-en.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    baruch committed with chriswright Feb 2, 2007
  8. [PATCH] TCP: rare bad TCP checksum with 2.6.19

    The patch "Replace CHECKSUM_HW by CHECKSUM_PARTIAL/CHECKSUM_COMPLETE"
    changed to unconditional copying of ip_summed field from collapsed
    skb. This patch reverts this change.
    
    The majority of substantial work including heavy testing
    and diagnosing by: Michael Tokarev <mjt@tls.msk.ru>
    Possible reasons pointed by: Herbert Xu and Patrick McHardy.
    
    Signed-off-by: Jarek Poplawski <jarkao2@o2.pl>
    Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Jarek Poplawski committed with chriswright Feb 2, 2007
  9. [PATCH] AF_PACKET: Check device down state before hard header callbacks.

    If the device is down, invoking the device hard header callbacks
    is not legal, so check it early.
    
    Based upon a shaper OOPS report from Frederik Deweerdt.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    David S. Miller committed with chriswright Feb 2, 2007
  10. [PATCH] AF_PACKET: Fix BPF handling.

    This fixes a bug introduced by:
    
    commit fda9ef5
    Author: Dmitry Mishin <dim@openvz.org>
    Date:   Thu Aug 31 15:28:39 2006 -0700
    
        [NET]: Fix sk->sk_filter field access
    
    sk_run_filter() returns either 0 or an unsigned 32-bit
    length which says how much of the packet to retain.
    If that 32-bit unsigned integer is larger than the packet,
    this is fine we just leave the packet unchanged.
    
    The above commit caused all filter return values which
    were negative when interpreted as a signed integer to
    indicate a packet drop, which is wrong.
    
    Based upon a report and initial patch by Raivis Bucis.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    David S. Miller committed with chriswright Feb 2, 2007
  11. [PATCH] IPV4: Fix single-entry /proc/net/fib_trie output.

    When main table is just a single leaf this gets printed as belonging to the
    local table in /proc/net/fib_trie. A fix is below.
    
    Signed-off-by: Robert Olsson <robert.olsson@its.uu.se>
    Acked-by: Eric W. Biederman <ebiederm@xmission.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Robert Olsson committed with chriswright Feb 2, 2007
  12. [PATCH] IPV4: Fix the fib trie iterator to work with a single entry r…

    …outing tables
    
    In a kernel with trie routing enabled I had a simple routing setup
    with only a single route to the outside world and no default
    route. "ip route table list main" showed my the route just fine but
    /proc/net/route was an empty file.  What was going on?
    
    Thinking it was a bug in something I did and I looked deeper.  Eventually
    I setup a second route and everything looked correct, huh?  Finally I
    realized that the it was just the iterator pair in fib_trie_get_first,
    fib_trie_get_next just could not handle a routing table with a single entry.
    
    So to save myself and others further confusion, here is a simple fix for
    the fib proc iterator so it works even when there is only a single route
    in a routing table.
    
    Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
    Signed-off-by: Robert Olsson <robert.olsson@its.uu.se>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    ebiederm committed with chriswright Feb 2, 2007
  13. [PATCH] SPARC32: Fix over-optimization by GCC near ip_fast_csum.

    In some cases such as:
    	iph->check = 0;
    	iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl);
    GCC may optimize out the previous store.
    
    Observed as a failure of NFS over udp (bad checksums on ip fragments)
    when compiled with GCC 3.4.2.
    
    Signed-off-by: Bob Breuer <breuerr@mc.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    breuerr committed with chriswright Feb 2, 2007
  14. [PATCH] DECNET: Handle a failure in neigh_parms_alloc (take 2)

    While enhancing the neighbour code to handle multiple network
    namespaces I noticed that decnet is assuming neigh_parms_alloc
    will allways succeed, which is clearly wrong.  So handle the
    failure.
    
    Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
    Acked-by: Steven Whitehouse <steve@chygwyn.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    ebiederm committed with chriswright Feb 2, 2007
  15. [PATCH] jmicron: 40/80pin primary detection

    jmicron module detects all JMB36x as JMB361 and PATA0 has wrong pin status
    of XICBLID.
    
    Cc: Jeff Garzik <jeff@garzik.org>
    Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
    Cc: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
    Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    
    cebbert@redhat.com: I folded in the warning fix (a51545a) because
    otherwise it makes the tester think the patch caused the warning
    that was already there.
    
    Cc: Dave Jones <davej@redhat.com>
    Signed-off-by: Chuck Ebbert <cebbert@redhat.com>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    ethanhsiao@jmicron.com committed with chriswright Jan 30, 2007
  16. [PATCH] bonding: ARP monitoring broken on x86_64

    While working with the latest bonding code I noticed a nasty problem that
    will prevent arp monitoring from always functioning correctly on x86_64
    systems.  Comparing ints to longs and expecting reliable results on x86_64
    is a bad idea.  With this patch, arp monitoring works correctly again.
    
    Signed-off-by: Andy Gospodarek <andy@greyhouse.net>
    Cc: "David S. Miller" <davem@davemloft.net>
    Cc: Stephen Hemminger <shemminger@osdl.org>
    Cc: Jeff Garzik <jeff@garzik.org>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Jeff Garzik <jeff@garzik.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    gospo committed with chriswright Jan 29, 2007
  17. [PATCH] uml: fix signal frame alignment

    Use the same signal frame alignment calculations as the underlying
    architecture.  x86_64 appeared to do this, but the "- 8" was really
    subtracting 8 * sizeof(struct rt_sigframe) rather than 8 bytes.
    
    UML/i386 might have been OK, but I changed the calculation to match
    i386 just to be sure.
    
    Signed-off-by: Jeff Dike <jdike@addtoit.com>
    Cc: <stable@kernel.org>
    Cc: Adrian Bunk <bunk@stusta.de>
    Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
    Acked-by: Antoine Martin <antoine@nagafix.co.uk>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Jeff Dike committed with chriswright Jan 30, 2007
  18. [PATCH] Don't allow the stack to grow into hugetlb reserved regions

    When expanding the stack, we don't currently check if the VMA will cross
    into an area of the address space that is reserved for hugetlb pages.
    Subsequent faults on the expanded portion of such a VMA will confuse the
    low-level MMU code, resulting in an OOPS.  Check for this.
    
    Signed-off-by: Adam Litke <agl@us.ibm.com>
    Cc: David Gibson <david@gibson.dropbear.id.au>
    Cc: William Lee Irwin III <wli@holomorphy.com>
    Cc: Hugh Dickins <hugh@veritas.com>
    Cc: <stable@kernel.org>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Adam Litke committed with chriswright Jan 30, 2007
  19. [PATCH] libata: use kmap_atomic(KM_IRQ0) in SCSI simulator

    We are inside spin_lock_irqsave().  quoth akpm's debug facility:
    
     [  231.948000] SCSI device sda: 195371568 512-byte hdwr sectors (100030 MB)
     [  232.232000] ata1.00: configured for UDMA/33
     [  232.404000] WARNING (1) at arch/i386/mm/highmem.c:47 kmap_atomic()
     [  232.404000]  [<c01162e6>] kmap_atomic+0xa9/0x1ab
     [  232.404000]  [<c0242c81>] ata_scsi_rbuf_get+0x1c/0x30
     [  232.404000]  [<c0242caf>] ata_scsi_rbuf_fill+0x1a/0x87
     [  232.404000]  [<c0243ab2>] ata_scsiop_mode_sense+0x0/0x309
     [  232.404000]  [<c01729d5>] end_bio_bh_io_sync+0x0/0x37
     [  232.404000]  [<c02311c6>] scsi_done+0x0/0x16
     [  232.404000]  [<c02311c6>] scsi_done+0x0/0x16
     [  232.404000]  [<c0242dcc>] ata_scsi_simulate+0xb0/0x13f
    [...]
    
    Signed-off-by: Jeff Garzik <jeff@garzik.org>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Jeff Garzik committed with chriswright Dec 11, 2006
  20. [PATCH] md: fix potential memalloc deadlock in md

    If a GFP_KERNEL allocation is attempted in md while the mddev_lock is
    held, it is possible for a deadlock to eventuate.
    This happens if the array was marked 'clean', and the memalloc triggers
    a write-out to the md device.
    For the writeout to succeed, the array must be marked 'dirty', and that
    requires getting the mddev_lock.
    
    So, before attempting a GFP_KERNEL alloction while holding the lock,
    make sure the array is marked 'dirty' (unless it is currently read-only).
    
    Signed-off-by: Neil Brown <neilb@suse.de>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    neilbrown committed with chriswright Jan 25, 2007
  21. [PATCH] md: fix a few problems with the interface (sysfs and ioctl) t…

    …o md.
    
    While developing more functionality in mdadm I found some bugs in md...
    
    - When we remove a device from an inactive array (write 'remove' to
      the 'state' sysfs file - see 'state_store') would should not
      update the superblock information - as we may not have
      read and processed it all properly yet.
    
    - initialise all raid_disk entries to '-1' else the 'slot sysfs file
      will claim '0' for all devices in an array before the array is
      started.
    
    - all '\n' not to be present at the end of words written to
      sysfs files
    - when we use SET_ARRAY_INFO to set the md metadata version,
      set the flag to say that there is persistant metadata.
    - allow GET_BITMAP_FILE to be called on an array that hasn't
      been started yet.
    
    Signed-off-by: Neil Brown <neilb@suse.de>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    neilbrown committed with chriswright Jan 25, 2007
  22. [PATCH] md: make 'repair' actually work for raid1.

    When 'repair' finds a block that is different one the various
    parts of the mirror. it is meant to write a chosen good version
    to the others.  However it currently writes out the original data
    to each. The memcpy to make all the data the same is missing.
    
    Signed-off-by: Neil Brown <neilb@suse.de>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    neilbrown committed with chriswright Jan 25, 2007
  23. [PATCH] md: assorted md and raid1 one-liners

    Fix few bugs that meant that:
      - superblocks weren't alway written at exactly the right time (this
        could show up if the array was not written to - writting to the array
        causes lots of superblock updates and so hides these errors).
    
      - restarting device recovery after a clean shutdown (version-1 metadata
        only) didn't work as intended (or at all).
    
    1/ Ensure superblock is updated when a new device is added.
    2/ Remove an inappropriate test on MD_RECOVERY_SYNC in md_do_sync.
       The body of this if takes one of two branches depending on whether
       MD_RECOVERY_SYNC is set, so testing it in the clause of the if
       is wrong.
    3/ Flag superblock for updating after a resync/recovery finishes.
    4/ If we find the neeed to restart a recovery in the middle (version-1
       metadata only) make sure a full recovery (not just as guided by
       bitmaps) does get done.
    
    Signed-off-by: Neil Brown <neilb@suse.de>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    neilbrown committed with chriswright Jan 25, 2007
  24. [PATCH] knfsd: fix up some bit-rot in exp_export

    The nfsservctl systemcall isn't used but recent nfs-utils releases for
    exporting filesystems, and consequently the code that is uses -
    exp_export - has suffered some bitrot.
    
    Particular:
      - some newly added fields in 'struct svc_export' are being initialised
        properly.
      - the return value is now always -ENOMEM ...
    
    This patch fixes both these problems.
    
    Signed-off-by: Neil Brown <neilb@suse.de>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    neilbrown committed with chriswright Jan 25, 2007
  25. [PATCH] knfsd: fix type mismatch with filldir_t used by nfsd.

    nfsd defines a type 'encode_dent_fn' which is much like 'filldir_t'
    except that the first pointer is 'struct readdir_cd *' rather than
    'void *'.  It then casts encode_dent_fn points to 'filldir_t' as
    needed.  This hides any other type mismatches between the two such as
    the fact that the 'ino' arg recently changed from ino_t to u64.
    
    So: get rid of 'encode_dent_fn', get rid of the cast of the function
    type, change the first arg of various functions from 'struct readdir_cd *'
    to 'void *', and live with the fact that we have a little less type
    checking on the calling of these functions now.
    Less internal (to nfsd) checking offset by more external checking, which
    is more important.
    
    Thanks to Gabriel Paubert <paubert@iram.es> for discovering this and
    providing an initial patch.
    
    Signed-off-by: Gabriel Paubert <paubert@iram.es>
    Signed-off-by: Neil Brown <neilb@suse.de>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    neilbrown committed with chriswright Jan 25, 2007
  26. [PATCH] knfsd: fix an NFSD bug with full sized, non-page-aligned reads.

    NFSd assumes that largest number of pages that will be needed
    for a request+response is 2+N where N pages is the size of the largest
    permitted read/write request.  The '2' are 1 for the non-data part of
    the request, and 1 for the non-data part of the reply.
    
    However, when a read request is not page-aligned, and we choose to use
    ->sendfile to send it directly from the page cache, we may need N+1
    pages to hold the whole reply.  This can overflow and array and cause
    an Oops.
    
    This patch increases size of the array for holding pages by one and
    makes sure that entry is NULL when it is not in use.
    
    Signed-off-by: Neil Brown <neilb@suse.de>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    neilbrown committed with chriswright Jan 25, 2007
  27. [PATCH] knfsd: fix setting of ACL server versions.

    Due to silly typos, if the nfs versions are explicitly set,
    no NFSACL versions get enabled.
    
    Also improve an error message that would have made this bug
    a little easier to find.
    
    Signed-off-by: Neil Brown <neilb@suse.de>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    neilbrown committed with chriswright Jan 25, 2007
  28. [PATCH] sis190: failure to set the MAC address from EEPROM

    Fix from http://bugzilla.kernel.org/show_bug.cgi?id=7747
    
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Cc: <sleepy@mike-neko.net>
    Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
    Signed-off-by: Jeff Garzik <jeff@garzik.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Francois Romieu committed with chriswright Jan 18, 2007
  29. [PATCH] SPARC64: Set g4/g5 properly in sun4v dtlb-prot handling.

    Mirror the logic in the sun4u handler, we have to update
    both registers even when we branch out to window fault
    fixup handling.
    
    The way it works is that if we are in etrap processing a
    fault already, g4/g5 holds the original fault information.
    If we take a window spill fault while doing etrap, then
    we put the window spill fault info into g4/g5 and this is
    what the top-level fault handler ends up processing first.
    
    Then we retry the originally faulting instruction, and
    process the original fault at that time.
    
    This is all necessary because of how constrained the trap
    registers are in these code paths.  These cases trigger
    very rarely, so even if there is some performance implication
    it's doesn't happen very often.  In fact the rarity is why
    it took so long to trigger and find this particular bug.
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    David S. Miller committed with chriswright Jan 27, 2007
  30. [PATCH] remove __devinit markings from rtc_sysfs_add_device()

    rtc_sysfs_add_device is needed even after dev initialization, so drop __devinit.
    
    Signed-off-by: Mike Frysinger <vapier@gentoo.org>
    Acked-by: Alessandro Zummo <a.zummo@towertech.it>
    Cc: <stable@kernel.org>
    Signed-off-by: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    vapier committed with chriswright Jan 26, 2007
  31. [PATCH] Revert "[PATCH] Fix up mmap_kmem"

    This reverts commit 99a10a6.
    
    As per Hugh Dickins:
    
      "Nadia Derbey has reported that mmap of /dev/kmem no longer works with
       the kernel virtual address as offset, and Franck has confirmed that
       his patch came from a misunderstanding of what an offset means to
       /dev/kmem - whereas his patch description seems to say that he was
       correcting the offset on a few plaforms, there was no such problem to
       correct, and his patch was in fact changing its API on all platforms."
    
    Suggested-by: Hugh Dickins <hugh@veritas.com>
    Cc: Franck Bui-Huu <fbuihuu@gmail.com>
    Cc: Nadia Derbey <Nadia.Derbey@bull.net>
    Cc: Andi Kleen <ak@suse.de>
    Cc: Arjan van de Ven <arjan@infradead.org>
    Cc: Andrew Morton <akpm@osdl.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Linus Torvalds committed with chriswright Jan 22, 2007
  32. [PATCH] elevator: move clearing of unplug flag earlier

    A flag was recently added to the elevator code to avoid
    performing an unplug when reuests are being re-queued.
    The goal of this flag was to avoid a deep recursion that
    can occur when re-queueing requests after a SCSI device/host
    reset.  See http://lkml.org/lkml/2006/5/17/254
    
    However, that fix added the flag near the bottom of a case
    statement, where an earlier break (in an if statement) could
    transport one out of the case, without setting the flag.
    This patch sets the flag earlier in the case statement.
    
    I re-discovered the deep recursion recently during testing;
    I was told that it was a known problem, and the fix to it was
    in the kernel I was testing. Indeed it was ... but it didn't
    fix the bug. With the patch below, I no longer see the bug.
    
    Signed-off by: Linas Vepstas <linas@austin.ibm.com>
    Signed-off-by: Jens Axboe <axboe@suse.de>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    Linas Vepstas committed with chriswright Jan 23, 2007
  33. [PATCH] NETFILTER: Fix iptables ABI breakage on (at least) CRIS

    With the introduction of x_tables we accidentally broke compatibility
    by defining IPT_TABLE_MAXNAMELEN to XT_FUNCTION_MAXNAMELEN instead of
    XT_TABLE_MAXNAMELEN, which is two bytes larger.
    
    On most architectures it doesn't really matter since we don't have
    any tables with names that long in the kernel and the structure
    layout didn't change because of alignment requirements of following
    members. On CRIS however (and other architectures that don't align
    data) this changed the structure layout and thus broke compatibility
    with old iptables binaries.
    
    Changing it back will break compatibility with binaries compiled
    against recent kernels again, but since the breakage has only been
    there for three releases this seems like the better choice.
    
    Spotted by Jonas Berlin <xkr47@outerspace.dyndns.org>.
    
    Signed-off-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: Chris Wright <chrisw@sous-sol.org>
    kaber committed with chriswright Jan 24, 2007