Commits on Feb 11, 2008
  1. @gregkh

    Linux 2.6.23.16

    gregkh committed Feb 10, 2008
  2. @gregkh

    splice: fix user pointer access in get_iovec_page_array()

    patch 712a30e in mainline.
    
    Commit 8811930 ("splice: missing user
    pointer access verification") added the proper access_ok() calls to
    copy_from_user_mmap_sem() which ensures we can copy the struct iovecs
    from userspace to the kernel.
    
    But we also must check whether we can access the actual memory region
    pointed to by the struct iovec to fix the access checks properly.
    
    Signed-off-by: Bastian Blank <waldi@debian.org>
    Acked-by: Oliver Pinter <oliver.pntr@gmail.com>
    Cc: Jens Axboe <jens.axboe@oracle.com>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Bastian Blank committed with gregkh Feb 10, 2008
Commits on Feb 8, 2008
  1. @gregkh

    Linux 2.6.23.15

    gregkh committed Feb 8, 2008
  2. @gregkh

    splice: missing user pointer access verification (CVE-2008-0009/10)

    patch 8811930 in mainline.
    
    vmsplice_to_user() must always check the user pointer and length
    with access_ok() before copying. Likewise, for the slow path of
    copy_from_user_mmap_sem() we need to check that we may read from
    the user region.
    
    Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
    Cc: Wojciech Purczynski <cliph@research.coseinc.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Jens Axboe committed with gregkh Feb 8, 2008
  3. @ian-abbott @gregkh

    PCI: Fix fakephp deadlock

    This patch works around a problem in the fakephp driver when a process
    writing "0" to a "power" sysfs file to fake removal of a PCI device ends
    up deadlocking itself in the sysfs code.
    
    The patch is functionally identical to the one in Linus' tree post 2.6.24:
    http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5c796ae7a7ebe56967ed9b9963d7c16d733635ff
    
    I have tested it on a 2.6.23 kernel.
    
    Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    ian-abbott committed with gregkh Feb 4, 2008
  4. @lenb @gregkh

    ACPI: sync blacklist w/ latest

    This patch is appropriate for supporting a 2.6.23-based products.
    
    Signed-off-by: Len Brown <len.brown@intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    lenb committed with gregkh Feb 4, 2008
  5. @gregkh

    atl1: fix frame length bug

    Upstream commit: 2a49128
    
    The driver sets up the hardware to accept a frame with max length
    equal to MTU + Ethernet header + FCS + VLAN tag, but we neglect to
    add the VLAN tag size to the ingress buffer.  When a VLAN-tagged
    frame arrives, the hardware passes it, but bad things happen
    because the buffer is too small.  This patch fixes that.
    
    Thanks to David Harris for reporting the bug and testing the fix.
    
    Signed-off-by: Jay Cliburn <jacliburn@bellsouth.net>
    Tested-by: David Harris <david.harris@cpni-inc.com>
    Signed-off-by: Jeff Garzik <jeff@garzik.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Jay Cliburn committed with gregkh Jan 30, 2008
  6. @gregkh

    forcedeth: mac address mcp77/79

    patch 2b91213 in mainline.
    
    This patch is a critical fix for MCP77 and MCP79 devices. The feature
    flags were missing the define for correct mac address
    (DEV_HAS_CORRECT_MACADDR).
    
    Signed-off-by: Ayaz Abdulla <aabdulla@nvidia.com>
    Signed-off-by: Jeff Garzik <jeff@garzik.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Ayaz Abdulla committed with gregkh Jan 28, 2008
  7. @dotdash @gregkh

    Fix dirty page accounting leak with ext3 data=journal

    patch a2b3456 in mainline.
    
    In 46d2277, try_to_free_buffers was
    changed to bail out if the page was dirty. That caused
    truncate_complete_page to leak massive amounts of memory, because the
    dirty bit was only cleared after the call to try_to_free_buffers. So the
    call to cancel_dirty_page was moved up to have the dirty bit cleared
    early in 3e67c09.
    
    The problem with that fix is, that the page can be redirtied after
    cancel_dirty_page was called, eg. like this:
    
    truncate_complete_page()
      cancel_dirty_page() // PG_dirty cleared, decr. dirty pages
      do_invalidatepage()
        ext3_invalidatepage()
          journal_invalidatepage()
            journal_unmap_buffer()
              __dispose_buffer()
                __journal_unfile_buffer()
                  __journal_temp_unlink_buffer()
                    mark_buffer_dirty(); // PG_dirty set, incr. dirty pages
    
    And then we end up with dirty pages being wrongly accounted.
    
    In ecdfc97 the changes to
    try_to_free_buffers were reverted, so the original reason for the
    massive memory leak is gone, so we can also revert the move of
    the call to cancel_dirty_page from truncate_complete_page and get the
    accounting right again.
    
    Signed-off-by: Björn Steinbrink <B.Steinbrink@gmx.de>
    Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
    Tested-by: Zaid D. <zaid.box@gmail.com>
    Cc: Jan Kara <jack@ucw.cz>
    Cc: Nick Piggin <nickpiggin@yahoo.com.au>
    Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
    Cc: Thomas Osterried <osterried@jesse.de>
    Cc: Kerin Millar <kerframil@gmail.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    dotdash committed with gregkh Feb 3, 2008
  8. @kaber @gregkh

    Netfilter: bridge-netfilter: fix net_device refcnt leaks

    [NETFILTER]: bridge-netfilter: fix net_device refcnt leaks
    
    Upstream commit 2dc2f20
    
    When packets are flood-forwarded to multiple output devices, the
    bridge-netfilter code reuses skb->nf_bridge for each clone to store
    the bridge port. When queueing packets using NFQUEUE netfilter takes
    a reference to skb->nf_bridge->physoutdev, which is overwritten
    when the packet is forwarded to the second port. This causes
    refcount unterflows for the first device and refcount leaks for all
    others. Additionally this provides incorrect data to the iptables
    physdev match.
    
    Unshare skb->nf_bridge by copying it if it is shared before assigning
    the physoutdev device.
    
    Reported, tested and based on initial patch by
    Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>.
    
    Signed-off-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    kaber committed with gregkh Jan 29, 2008
  9. @kaber @gregkh

    Netfilter: bridge: fix double POST_ROUTING invocation

    [NETFILTER]: bridge: fix double POST_ROUTING invocation
    
    Upstream commit 2948d2e
    
    The bridge code incorrectly causes two POST_ROUTING hook invocations
    for DNATed packets that end up on the same bridge device. This
    happens because packets with a changed destination address are passed
    to dst_output() to make them go through the neighbour output function
    again to build a new destination MAC address, before they will continue
    through the IP hooks simulated by bridge netfilter.
    
    The resulting hook order is:
     PREROUTING (bridge netfilter)
     POSTROUTING        (dst_output -> ip_output)
     FORWARD    (bridge netfilter)
     POSTROUTING        (bridge netfilter)
    
    The deferred hooks used to abort the first POST_ROUTING invocation,
    but since the only thing bridge netfilter actually really wants is
    a new MAC address, we can avoid going through the IP stack completely
    by simply calling the neighbour output function directly.
    
    Tested, reported and lots of data provided by: Damien Thebault <damien.thebault@gmail.com>
    
    Signed-off-by: Patrick McHardy <kaber@trash.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    kaber committed with gregkh Jan 29, 2008
  10. @gregkh

    fix oops on rmmod capidrv

    patch eb36f4f in mainline.
    
    Fix overwriting the stack with the version string
    (it is currently 10 bytes + zero) when unloading the
    capidrv module. Safeguard against overwriting it
    should the version string grow in the future.
    
    Should fix Kernel Bug Tracker Bug 9696.
    
    Signed-off-by: Gerd v. Egidy <gerd.von.egidy@intra2net.com>
    Acked-by: Karsten Keil <kkeil@suse.de>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Karsten Keil committed with gregkh Jan 25, 2008
  11. @htejun @gregkh

    libata: port and host should be stopped before hardware resources are…

    … released
    
    This is backport of 32ebbc0 and fixes
    oops on driver module unload.
    
    Port / host stop calls used to be made from ata_host_release() which
    is called after all hardware resources acquired after host allocation
    are released.  This is wrong as port and host stop routines often
    access the hardware.
    
    Add separate devres for port / host stop which is invoked right after
    IRQ is released but with all other hardware resources intact.  The
    devres is added iff ->host_stop and/or ->port_stop exist.
    
    This problem has been spotted by Mark Lord.
    
    Signed-off-by: Tejun Heo <htejun@gmail.com>
    Cc: Mark Lord <liml@rtr.ca>
    Signed-off-by: Jeff Garzik <jeff@garzik.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    htejun committed with gregkh Jan 18, 2008
  12. @gregkh

    spi: omap2_mcspi PIO RX fix

    patch feed9ba in mainline.
    
    Before transmission of the last word in PIO RX_ONLY mode rx+tx mode
    is enabled:
    
    	/* prevent last RX_ONLY read from triggering
    	 * more word i/o: switch to rx+tx
    	 */
    	if (c == 0 && tx == NULL)
    		mcspi_write_cs_reg(spi,
    				OMAP2_MCSPI_CHCONF0, l);
    
    But because c is decremented after the test, c will never be zero and
    rx+tx will not be enabled. This breaks RX_ONLY mode PIO transfers.
    
    Fix it by decrementing c in the beginning of the various I/O loops.
    
    Signed-off-by: Kalle Valo <kalle.valo@nokia.com>
    Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Kalle Valo committed with gregkh Jan 24, 2008
  13. @gregkh

    Fix unbalanced helper_lock in kernel/kmod.c

    patch 7846803 in mainline.
    
    call_usermodehelper_exec() has an exit path that can leave the
    helper_lock() call at the top of the routine unbalanced.  The attached
    patch fixes this issue.
    
    Signed-off-by: Nigel Cunningham <nigel@tuxonice.net>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Nigel Cunningham committed with gregkh Jan 17, 2008
  14. @gregkh

    ia64: Fix unaligned handler for floating point instructions with base…

    … update
    
    commit 1a49915 in mainline.
    
    [IA64] Fix unaligned handler for floating point instructions with base update
    
    The compiler team did the hard work for this distilling a problem in
    large fortran application which showed up when applied to a 290MB input
    data set down to this instruction:
    
    	ldfd f34=[r17],-8
    
    Which they noticed incremented r17 by 0x10 rather than decrementing it
    by 8 when the value in r17 caused an unaligned data fault.  I tracked
    it down to some bad instruction decoding in unaligned.c. The code
    assumes that the 'x' bit can determine whether the instruction is
    an "ldf" or "ldfp" ... which it is for opcode=6 (see table 4-29 on
    page 3:302 of the SDM).  But for opcode=7 the 'x' bit is irrelevent,
    all variants are "ldf" instructions (see table 4-36 on page 3:306).
    
    Note also that interpreting the instruction as "ldfp" means that the
    "paired" floating point register (f35 in the example here) will also
    be corrupted.
    
    Signed-off-by: Tony Luck <tony.luck@intel.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Luck, Tony committed with gregkh Jan 16, 2008
  15. @gregkh

    sata_promise: ASIC PRD table bug workaround

    patch 03116d6 in mainline.
    
    Second-generation Promise SATA controllers have an ASIC bug
    which can trigger if the last PRD entry is larger than 164 bytes,
    resulting in intermittent errors and possible data corruption.
    
    Work around this by replacing calls to ata_qc_prep() with a
    private version that fills the PRD, checks the size of the
    last entry, and if necessary splits it to avoid the bug.
    Also reduce sg_tablesize by 1 to accommodate the new entry.
    
    Tested on the second-generation SATA300 TX4 and SATA300 TX2plus,
    and the first-generation PDC20378.
    
    Thanks to Alexander Sabourenkov for verifying the bug by
    studying the vendor driver, and for writing the initial patch
    upon which this one is based.
    
    Signed-off-by: Mikael Pettersson <mikpe@it.uu.se>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Mikael Pettersson committed with gregkh Jan 16, 2008
  16. @gregkh

    vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-200…

    …8-0007)
    
    Drivers that register a ->fault handler, but do not range-check the
    offset argument, must set VM_DONTEXPAND in the vm_flags in order to
    prevent an expanding mremap from overflowing the resource.
    
    I've audited the tree and attempted to fix these problems (usually by
    adding VM_DONTEXPAND where it is not obvious).
    
    Signed-off-by: Nick Piggin <npiggin@suse.de>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Nick Piggin committed with gregkh Feb 2, 2008
  17. @neilbrown @gregkh

    knfsd: Allow NFSv2/3 WRITE calls to succeed when krb5i etc is used.

    patch ba67a39 in mainline.
    
    When RPCSEC/GSS and krb5i is used, requests are padded, typically to a multiple
    of 8 bytes.  This can make the request look slightly longer than it
    really is.
    
    As of
    
    	f34b956 "The NFSv2/NFSv3 server does not handle zero
    		length WRITE request correctly",
    
    the xdr decode routines for NFSv2 and NFSv3 reject requests that aren't
    the right length, so krb5i (for example) WRITE requests can get lost.
    
    This patch relaxes the appropriate test and enhances the related comment.
    
    Signed-off-by: Neil Brown <neilb@suse.de>
    Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
    Cc: Peter Staubach <staubach@redhat.com>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    neilbrown committed with gregkh Jan 11, 2008
  18. @djbw @gregkh

    md: fix data corruption when a degraded raid5 array is reshaped

    patch 0f94e87 in mainline.
    
    We currently do not wait for the block from the missing device to be
    computed from parity before copying data to the new stripe layout.
    
    The change in the raid6 code is not techincally needed as we don't delay
    data block recovery in the same way for raid6 yet.  But making the change
    now is safer long-term.
    
    This bug exists in 2.6.23 and 2.6.24-rc
    
    Signed-off-by: Dan Williams <dan.j.williams@intel.com>
    Acked-by: Neil Brown <neilb@suse.de>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    djbw committed with gregkh Jan 8, 2008
  19. @eparis @gregkh

    security: protect from stack expantion into low vm addresses

    patch 8869477 in mainline.
    
    Add security checks to make sure we are not attempting to expand the
    stack into memory protected by mmap_min_addr
    
    Signed-off-by: Eric Paris <eparis@redhat.com>
    Signed-off-by: James Morris <jmorris@namei.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    eparis committed with gregkh Nov 26, 2007
  20. @eparis @gregkh

    VM/Security: add security hook to do_brk (CVE-2007-6434)

    patch ecaf18c in mainline.
    
    VM/Security: add security hook to do_brk
    
    Given a specifically crafted binary do_brk() can be used to get low pages
    available in userspace virtual memory and can thus be used to circumvent
    the mmap_min_addr low memory protection.  Add security checks in do_brk().
    
    Signed-off-by: Eric Paris <eparis@redhat.com>
    Acked-by: Alan Cox <alan@redhat.com>
    Cc: Stephen Smalley <sds@tycho.nsa.gov>
    Cc: James Morris <jmorris@namei.org>
    Cc: Chris Wright <chrisw@sous-sol.org>
    Cc: maximilian attems <max@stro.at>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    eparis committed with gregkh Dec 19, 2007
  21. @gregkh

    m68k: Export cachectl.h

    patch e92042e in mainline.
    
    m68k: Export cachectl.h
    
    libffi in GCC 4.2 needs cachectl.h to do its cache flushing.  But we
    don't currently export it.  I believe this patch should do the trick.
    
    Signed-off-by: Matthew Wilcox <matthew@wil.cx>
    Cc: maximilian attems <max@stro.at>
    Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Matthew Wilcox committed with gregkh Dec 18, 2007
  22. @gregkh

    CIFS: Respect umask when using POSIX mkdir

    patch a8cd925 in mainline.
    
    [CIFS] Respect umask when using POSIX mkdir
    
    When making a directory with POSIX mkdir calls, cifs_mkdir does not
    respect the umask.  This patch causes the new POSIX mkdir to create with
    the right mode
    
    Signed-off-by: Jeff Layton <jlayton@redhat.com>
    Signed-off-by: Steve French <sfrench@us.ibm.com>
    Cc: maximilian attems <max@stro.at>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Steve French committed with gregkh Dec 17, 2007
  23. @gregkh

    Input: fix open count handling in input interfaces

    patch 0644501 in mainline.
    
    If input_open_device() fails we should not leave interfaces marked
    as opened.
    
    Signed-off-by: Oliver Neukum <oneukum@suse.de>
    Cc: Al Viro <viro@ZenIV.linux.org.uk>
    Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Oliver Neukum committed with gregkh Oct 12, 2007
  24. @dtor @gregkh

    Input: tsdev - implement proper locking

    patch b9d2d11 in mainline.
    
    Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
    Cc: Al Viro <viro@ZenIV.linux.org.uk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    dtor committed with gregkh Aug 30, 2007
  25. @dtor @gregkh

    Input: joydev - implement proper locking

    patch b126207 in mainline.
    
    Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
    Cc: Al Viro <viro@ZenIV.linux.org.uk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    dtor committed with gregkh Aug 30, 2007
  26. @dtor @gregkh

    Input: mousedev - implement proper locking

    patch 464b241 in mainline.
    
    Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
    Cc: Al Viro <viro@ZenIV.linux.org.uk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    dtor committed with gregkh Aug 30, 2007
  27. @dtor @gregkh

    Input: evdev - implement proper locking

    patch 6addb1d in mainline.
    
    Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
    Cc: Al Viro <viro@ZenIV.linux.org.uk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    dtor committed with gregkh Aug 30, 2007
  28. @dtor @gregkh

    Input: implement proper locking in input core

    patch 8006479 in mainline.
    
    Also add some kerneldoc documentation to input.h
    
    Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
    Cc: Al Viro <viro@ZenIV.linux.org.uk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    dtor committed with gregkh Aug 30, 2007
  29. @gregkh

    cxgb: fix stats

    patch e0348b9 in mainline.
    
    Fix MAC stats accounting.
    Fix get_stats.
    
    Signed-off-by: Divy Le Ray <divy@chelsio.com>
    Signed-off-by: Jeff Garzik <jeff@garzik.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Divy Le Ray committed with gregkh Dec 18, 2007
  30. @gregkh

    cxgb: fix T2 GSO

    patch 7832ee0 in mainline.
    
    The patch ensures that a GSO skb has enough headroom
    to push an encapsulating cpl_tx_pkt_lso header.
    
    Signed-off-by: Divy Le Ray <divy@chelsio.com>
    Signed-off-by: Jeff Garzik <jeff@garzik.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Divy Le Ray committed with gregkh Dec 18, 2007
  31. @gregkh

    chelsio: Fix skb->dev setting

    patch 7de6af0 in mainline.
    
    eth_type_trans() now sets skb->dev.
    Access skb->def after it gets set.
    
    Signed-off-by: Divy Le Ray <divy@chelsio.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Divy Le Ray committed with gregkh Dec 18, 2007
  32. @gregkh

    quicklists: Only consider memory that can be used with GFP_KERNEL

    patch 96990a4 in mainline.
    
    Quicklists calculates the size of the quicklists based on the number of
    free pages.  This must be the number of free pages that can be allocated
    with GFP_KERNEL.  node_page_state() includes the pages in ZONE_HIGHMEM and
    ZONE_MOVABLE which may lead the quicklists to become too large causing OOM.
    
    Signed-off-by: Christoph Lameter <clameter@sgi.com>
    Tested-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Christoph Lameter committed with gregkh Jan 16, 2008
  33. @gregkh

    quicklists: do not release off node pages early

    patch ed367fc in mainline.
    
    quicklists must keep even off node pages on the quicklists until the TLB
    flush has been completed.
    
    Signed-off-by: Christoph Lameter <clameter@sgi.com>
    Cc: Dhaval Giani <dhaval@linux.vnet.ibm.com>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
    Christoph Lameter committed with gregkh Dec 22, 2007