rpms/kernel/FC-5 linux-2.6-ieee1394_host_register_fix.patch, NONE, 1.1 linux-2.6-ieee1394_video1394_dma_fix.patch, NONE, 1.1 linux-2.6-jfs_fix_deadlock.patch, NONE, 1.1 linux-2.6-md_md5_6_bio_too_big_fix.patch, NONE, 1.1 linux-2.6-md_md5_6_bio_too_big_fix_fix.patch, NONE, 1.1 linux-2.6-net_forcedeth_disable_msi.patch, NONE, 1.1 linux-2.6-net_xfrm_audit_log_oops_fix.patch, NONE, 1.1 linux-2.6-nfnetlink_log_null_deref_fix.patch.patch, NONE, 1.1 linux-2.6-nfnetlink_log_refcounting_fix.patch.patch, NONE, 1.1 linux-2.6-swiotlb_sync_single_bug.patch, NONE, 1.1 linux-2.6-usbnet_fix_failure_path_oops.patch, NONE, 1.1 kernel-2.6.spec, 1.2292, 1.2293
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Feb 19 00:21:27 UTC 2007
- Previous message (by thread): rpms/hal/devel .cvsignore, 1.42, 1.43 hal-device-manager.desktop, 1.1, 1.2 hal.spec, 1.117, 1.118 sources, 1.43, 1.44
- Next message (by thread): rpms/xorg-x11-drivers/devel xorg-x11-drivers.spec,1.16,1.17
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: cebbert
Update of /cvs/dist/rpms/kernel/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv19696
Modified Files:
kernel-2.6.spec
Added Files:
linux-2.6-ieee1394_host_register_fix.patch
linux-2.6-ieee1394_video1394_dma_fix.patch
linux-2.6-jfs_fix_deadlock.patch
linux-2.6-md_md5_6_bio_too_big_fix.patch
linux-2.6-md_md5_6_bio_too_big_fix_fix.patch
linux-2.6-net_forcedeth_disable_msi.patch
linux-2.6-net_xfrm_audit_log_oops_fix.patch
linux-2.6-nfnetlink_log_null_deref_fix.patch.patch
linux-2.6-nfnetlink_log_refcounting_fix.patch.patch
linux-2.6-swiotlb_sync_single_bug.patch
linux-2.6-usbnet_fix_failure_path_oops.patch
Log Message:
* Sun Feb 18 2007 Chuck Ebbert <cebbert at redhat.com>
- add 2.6.20 fixes
linux-2.6-ieee1394_host_register_fix.patch:
nodemgr.c | 24 ++++++++++++++++--------
1 files changed, 16 insertions(+), 8 deletions(-)
--- NEW FILE linux-2.6-ieee1394_host_register_fix.patch ---
Date: Tue, 6 Feb 2007 02:34:45 +0100 (CET)
From: Stefan Richter <stefanr at s5r6.in-berlin.de>
Since my commit 8252bbb1363b7fe963a3eb6f8a36da619a6f5a65 in 2.6.20-rc1,
host devices have a dummy driver attached. Alas the driver was not
registered before use if ieee1394 was loaded with disable_nodemgr=1.
This resulted in non-functional FireWire drivers or kernel lockup.
http://bugzilla.kernel.org/show_bug.cgi?id=7942
Signed-off-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
---
drivers/ieee1394/nodemgr.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
same as commit 91efa462054d44ae52b0c6c8325ed5e899f2cd17 in linux-2.6.20-git#
(Side note: The parameter disable_nodemgr=1 is merely an optional
tuning parameter for people who know what they are doing and who don't
need device discovery and bus management.)
Index: linux-2.6.20.noarch/drivers/ieee1394/nodemgr.c
===================================================================
--- linux-2.6.20.noarch.orig/drivers/ieee1394/nodemgr.c 2007-02-04 13:44:54.000000000 -0500
+++ linux-2.6.20.noarch/drivers/ieee1394/nodemgr.c 2007-02-18 18:57:04.000000000 -0500
@@ -274,7 +274,6 @@
struct device nodemgr_dev_template_host = {
.bus = &ieee1394_bus_type,
.release = nodemgr_release_host,
- .driver = &nodemgr_mid_layer_driver,
};
@@ -1889,22 +1888,31 @@
error = class_register(&nodemgr_ne_class);
if (error)
- return error;
-
+ goto fail_ne;
error = class_register(&nodemgr_ud_class);
- if (error) {
- class_unregister(&nodemgr_ne_class);
- return error;
- }
+ if (error)
+ goto fail_ud;
error = driver_register(&nodemgr_mid_layer_driver);
+ if (error)
+ goto fail_ml;
+ /* This driver is not used if nodemgr is off (disable_nodemgr=1). */
+ nodemgr_dev_template_host.driver = &nodemgr_mid_layer_driver;
+
hpsb_register_highlevel(&nodemgr_highlevel);
return 0;
+
+fail_ml:
+ class_unregister(&nodemgr_ud_class);
+fail_ud:
+ class_unregister(&nodemgr_ne_class);
+fail_ne:
+ return error;
}
void cleanup_ieee1394_nodemgr(void)
{
hpsb_unregister_highlevel(&nodemgr_highlevel);
-
+ driver_unregister(&nodemgr_mid_layer_driver);
class_unregister(&nodemgr_ud_class);
class_unregister(&nodemgr_ne_class);
}
linux-2.6-ieee1394_video1394_dma_fix.patch:
video1394.c | 8 ++++++++
1 files changed, 8 insertions(+)
--- NEW FILE linux-2.6-ieee1394_video1394_dma_fix.patch ---
Date: Sat, 03 Feb 2007 03:09:09 -0500
From: David Moore <dcm at acm.org>
This together with the phys_to_virt fix in lib/swiotlb.c::swiotlb_sync_sg
fixes video1394 DMA on machines with DMA bounce buffers, especially Intel
x86-64 machines with > 3GB RAM.
Signed-off-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
Signed-off-by: David Moore <dcm at acm.org>
Tested-by: Nicolas Turro <Nicolas.Turro at inrialpes.fr>
---
drivers/ieee1394/video1394.c | 8 ++++++++
1 file changed, 8 insertions(+)
same as commit a5782010b4e75cba571357efaa27df22a89427c2 in linux-2.6.20-git#
Index: linux-2.6.20.noarch/drivers/ieee1394/video1394.c
===================================================================
--- linux-2.6.20.noarch.orig/drivers/ieee1394/video1394.c 2007-02-04 13:44:54.000000000 -0500
+++ linux-2.6.20.noarch/drivers/ieee1394/video1394.c 2007-02-18 18:57:04.000000000 -0500
@@ -489,6 +489,9 @@
reset_ir_status(d, i);
d->buffer_status[d->buffer_prg_assignment[i]] = VIDEO1394_BUFFER_READY;
do_gettimeofday(&d->buffer_time[d->buffer_prg_assignment[i]]);
+ dma_region_sync_for_cpu(&d->dma,
+ d->buffer_prg_assignment[i] * d->buf_size,
+ d->buf_size);
}
}
@@ -1096,6 +1099,8 @@
DBGMSG(ohci->host->id, "Starting iso transmit DMA ctx=%d",
d->ctx);
put_timestamp(ohci, d, d->last_buffer);
+ dma_region_sync_for_device(&d->dma,
+ v.buffer * d->buf_size, d->buf_size);
/* Tell the controller where the first program is */
reg_write(ohci, d->cmdPtr,
@@ -1111,6 +1116,9 @@
"Waking up iso transmit dma ctx=%d",
d->ctx);
put_timestamp(ohci, d, d->last_buffer);
+ dma_region_sync_for_device(&d->dma,
+ v.buffer * d->buf_size, d->buf_size);
+
reg_write(ohci, d->ctrlSet, 0x1000);
}
}
linux-2.6-jfs_fix_deadlock.patch:
jfs_lock.h | 2 +-
jfs_metapage.c | 2 +-
jfs_txnmgr.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
--- NEW FILE linux-2.6-jfs_fix_deadlock.patch ---
Gitweb: http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4aa0d230c2cfc1ac4bcf7c5466f9943cf14233a9
Commit: 4aa0d230c2cfc1ac4bcf7c5466f9943cf14233a9
Parent: 82d5b9a7c63054a9a2cd838ffd177697f86e7e34
Author: Dave Kleikamp <shaggy at linux.vnet.ibm.com>
AuthorDate: Wed Jan 17 21:18:35 2007 -0600
Committer: Dave Kleikamp <shaggy at linux.vnet.ibm.com>
CommitDate: Wed Jan 17 21:18:35 2007 -0600
JFS: call io_schedule() instead of schedule() to avoid deadlock
The introduction of Jens Axboe's explicit i/o plugging patches introduced a
deadlock in jfs. This was caused by the process initiating I/O not
unplugging the queue before waiting on the commit thread. The commit
thread itself was waiting for that I/O to complete. Calling io_schedule()
rather than schedule() unplugs the I/O queue avoiding the deadlock, and it
appears to be the right function to call in any case.
Signed-off-by: Dave Kleikamp <shaggy at austin.ibm.com>
---
fs/jfs/jfs_lock.h | 2 +-
fs/jfs/jfs_metapage.c | 2 +-
fs/jfs/jfs_txnmgr.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
Index: linux-2.6.20.noarch/fs/jfs/jfs_lock.h
===================================================================
--- linux-2.6.20.noarch.orig/fs/jfs/jfs_lock.h 2007-02-04 13:44:54.000000000 -0500
+++ linux-2.6.20.noarch/fs/jfs/jfs_lock.h 2007-02-18 18:57:04.000000000 -0500
@@ -42,7 +42,7 @@
if (cond) \
break; \
unlock_cmd; \
- schedule(); \
+ io_schedule(); \
lock_cmd; \
} \
current->state = TASK_RUNNING; \
Index: linux-2.6.20.noarch/fs/jfs/jfs_metapage.c
===================================================================
--- linux-2.6.20.noarch.orig/fs/jfs/jfs_metapage.c 2007-02-04 13:44:54.000000000 -0500
+++ linux-2.6.20.noarch/fs/jfs/jfs_metapage.c 2007-02-18 18:57:04.000000000 -0500
@@ -56,7 +56,7 @@
set_current_state(TASK_UNINTERRUPTIBLE);
if (metapage_locked(mp)) {
unlock_page(mp->page);
- schedule();
+ io_schedule();
lock_page(mp->page);
}
} while (trylock_metapage(mp));
Index: linux-2.6.20.noarch/fs/jfs/jfs_txnmgr.c
===================================================================
--- linux-2.6.20.noarch.orig/fs/jfs/jfs_txnmgr.c 2007-02-04 13:44:54.000000000 -0500
+++ linux-2.6.20.noarch/fs/jfs/jfs_txnmgr.c 2007-02-18 18:57:04.000000000 -0500
@@ -135,7 +135,7 @@
add_wait_queue(event, &wait);
set_current_state(TASK_UNINTERRUPTIBLE);
TXN_UNLOCK();
- schedule();
+ io_schedule();
current->state = TASK_RUNNING;
remove_wait_queue(event, &wait);
}
linux-2.6-md_md5_6_bio_too_big_fix.patch:
./drivers/md/raid5.c | 0
linux-2.6.20.noarch/drivers/md/raid5.c | 42 ++++++++++++++++++++++++++++++---
2 files changed, 39 insertions(+), 3 deletions(-)
--- NEW FILE linux-2.6-md_md5_6_bio_too_big_fix.patch ---
From: Neil Brown <neilb at suse.de>
On Sunday February 11, marcm at liquid-nexus.net wrote:
> > Greetings,
> >
> > I've been running md on my server for some time now and a few days ago one of
> > the (3) drives in the raid5 array starting giving read errors. The result was
> > usually system hangs and this was with kernel 2.6.17.13. I upgraded to the
> > latest production 2.6.20 kernel and experienced the same behaviour.
System hangs suggest a problem with the drive controller. However
this "kernel BUG" is something newly introduced in 2.6.20 which should
be fixed in 2.6.20.1. Patch is below.
If you still get hangs with this patch installed, then please report
detail, and probably copy to linux-ide at vger.kernel.org.
NeilBrown
Fix various bugs with aligned reads in RAID5.
It is possible for raid5 to be sent a bio that is too big
for an underlying device. So if it is a READ that we
pass stright down to a device, it will fail and confuse
RAID5.
So in 'chunk_aligned_read' we check that the bio fits within the
parameters for the target device and if it doesn't fit, fall back
on reading through the stripe cache and making lots of one-page
requests.
Note that this is the earliest time we can check against the device
because earlier we don't have a lock on the device, so it could change
underneath us.
Also, the code for handling a retry through the cache when a read
fails has not been tested and was badly broken. This patch fixes that
code.
Signed-off-by: Neil Brown <neilb at suse.de>
### Diffstat output
./drivers/md/raid5.c | 42 +++++++++++++++++++++++++++++++++++++++---
1 file changed, 39 insertions(+), 3 deletions(-)
diff .prev/drivers/md/raid5.c ./drivers/md/raid5.c
Index: linux-2.6.20.noarch/drivers/md/raid5.c
===================================================================
--- linux-2.6.20.noarch.orig/drivers/md/raid5.c 2007-02-04 13:44:54.000000000 -0500
+++ linux-2.6.20.noarch/drivers/md/raid5.c 2007-02-18 18:57:04.000000000 -0500
@@ -2620,7 +2620,7 @@
}
bi = conf->retry_read_aligned_list;
if(bi) {
- conf->retry_read_aligned = bi->bi_next;
+ conf->retry_read_aligned_list = bi->bi_next;
bi->bi_next = NULL;
bi->bi_phys_segments = 1; /* biased count of active stripes */
bi->bi_hw_segments = 0; /* count of processed stripes */
@@ -2669,6 +2669,27 @@
return 0;
}
+static int bio_fits_rdev(struct bio *bi)
+{
+ request_queue_t *q = bdev_get_queue(bi->bi_bdev);
+
+ if ((bi->bi_size>>9) > q->max_sectors)
+ return 0;
+ blk_recount_segments(q, bi);
+ if (bi->bi_phys_segments > q->max_phys_segments ||
+ bi->bi_hw_segments > q->max_hw_segments)
+ return 0;
+
+ if (q->merge_bvec_fn)
+ /* it's too hard to apply the merge_bvec_fn at this stage,
+ * just just give up
+ */
+ return 0;
+
+ return 1;
+}
+
+
static int chunk_aligned_read(request_queue_t *q, struct bio * raid_bio)
{
mddev_t *mddev = q->queuedata;
@@ -2715,6 +2736,13 @@
align_bi->bi_flags &= ~(1 << BIO_SEG_VALID);
align_bi->bi_sector += rdev->data_offset;
+ if (!bio_fits_rdev(align_bi)) {
+ /* too big in some way */
+ bio_put(align_bi);
+ rdev_dec_pending(rdev, mddev);
+ return 0;
+ }
+
spin_lock_irq(&conf->device_lock);
wait_event_lock_irq(conf->wait_for_stripe,
conf->quiesce == 0,
@@ -3107,7 +3135,9 @@
last_sector = raid_bio->bi_sector + (raid_bio->bi_size>>9);
for (; logical_sector < last_sector;
- logical_sector += STRIPE_SECTORS, scnt++) {
+ logical_sector += STRIPE_SECTORS,
+ sector += STRIPE_SECTORS,
+ scnt++) {
if (scnt < raid_bio->bi_hw_segments)
/* already done this stripe */
@@ -3123,7 +3153,13 @@
}
set_bit(R5_ReadError, &sh->dev[dd_idx].flags);
- add_stripe_bio(sh, raid_bio, dd_idx, 0);
+ if (!add_stripe_bio(sh, raid_bio, dd_idx, 0)) {
+ release_stripe(sh);
+ raid_bio->bi_hw_segments = scnt;
+ conf->retry_read_aligned = raid_bio;
+ return handled;
+ }
+
handle_stripe(sh, NULL);
release_stripe(sh);
handled++;
linux-2.6-md_md5_6_bio_too_big_fix_fix.patch:
ll_rw_blk.c | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE linux-2.6-md_md5_6_bio_too_big_fix_fix.patch ---
From: Neil Brown <neilb at suse.de>
On Monday February 12, marcm at liquid-nexus.net wrote:
> >
> > Thanks for the quick response Neil unfortunately the kernel doesn't build with
> > this patch due to a missing symbol:
> >
> > WARNING: "blk_recount_segments" [drivers/md/raid456.ko] undefined!
> >
> > Is that in another file that needs patching or within raid5.c?
Yes. I keep forgetting about that bit. Sorry.
Signed-off-by: Neil Brown <neilb at suse.de>
Index: linux-2.6.20.noarch/block/ll_rw_blk.c
===================================================================
--- linux-2.6.20.noarch.orig/block/ll_rw_blk.c 2007-02-04 13:44:54.000000000 -0500
+++ linux-2.6.20.noarch/block/ll_rw_blk.c 2007-02-18 18:57:04.000000000 -0500
@@ -1264,7 +1264,7 @@
bio->bi_hw_segments = nr_hw_segs;
bio->bi_flags |= (1 << BIO_SEG_VALID);
}
-
+EXPORT_SYMBOL(blk_recount_segments);
static int blk_phys_contig_segment(request_queue_t *q, struct bio *bio,
struct bio *nxt)
linux-2.6-net_forcedeth_disable_msi.patch:
forcedeth.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE linux-2.6-net_forcedeth_disable_msi.patch ---
Index: linux-2.6.20.noarch/drivers/net/forcedeth.c
===================================================================
--- linux-2.6.20.noarch.orig/drivers/net/forcedeth.c 2007-02-04 13:44:54.000000000 -0500
+++ linux-2.6.20.noarch/drivers/net/forcedeth.c 2007-02-18 18:57:05.000000000 -0500
@@ -816,7 +816,7 @@
NV_MSI_INT_DISABLED,
NV_MSI_INT_ENABLED
};
-static int msi = NV_MSI_INT_ENABLED;
+static int msi = NV_MSI_INT_DISABLED;
/*
* MSIX interrupts
@@ -825,7 +825,7 @@
NV_MSIX_INT_DISABLED,
NV_MSIX_INT_ENABLED
};
-static int msix = NV_MSIX_INT_ENABLED;
+static int msix = NV_MSIX_INT_DISABLED;
/*
* DMA 64bit
linux-2.6-net_xfrm_audit_log_oops_fix.patch:
key/af_key.c | 11 ++++++-----
xfrm/xfrm_policy.c | 7 ++++++-
xfrm/xfrm_user.c | 12 +++++++-----
3 files changed, 19 insertions(+), 11 deletions(-)
--- NEW FILE linux-2.6-net_xfrm_audit_log_oops_fix.patch ---
From: Joy Latten <latten at austin.ibm.com>
Date: Mon, 12 Feb 2007 11:44:30 -0600
> > This is similar to another bug reported last month.
> > Here is the patch I sent out then. Please let me know
> > how it goes.
> >
> > Signed-off-by: Joy Latten <latten at austin.ibm.com>
This whole interface is a complete mess.
Calling xfrm_audit_log() without the proper object being non-NULL
should be a bug. And that's exactly what you fixed in the xfrm_user
case, so there is zero reason to silently allow this condition, we
should just BUG() on it.
But the logging function has this "result" thing, that in some cases
is set to 1 if "xp" or "x" is not-NULL by the callers, this is just
silly.
You can't log the event if the proper object is NULL, so the "result"
parameter and log information is useless in those cases.
Also, you missed the same exact identical bug in the AF_KEY code.
Thus, below is the patch I will use to fix this bug:
1) Calling xfrm_audit_log() with a NULL object is a BUG()
2) Setting "result" based upon NULL'ness of the object makes no
sense, either set it to "1" in these cases or use an appropriate
error check.
How does this look to others?
Index: linux-2.6.20.noarch/net/key/af_key.c
===================================================================
--- linux-2.6.20.noarch.orig/net/key/af_key.c 2007-02-04 13:44:54.000000000 -0500
+++ linux-2.6.20.noarch/net/key/af_key.c 2007-02-18 18:57:05.000000000 -0500
@@ -2297,16 +2297,17 @@
&sel, tmp.security, 1);
security_xfrm_policy_free(&tmp);
- xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
- AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL);
-
if (xp == NULL)
return -ENOENT;
- err = 0;
+ err = security_xfrm_policy_delete(xp);
- if ((err = security_xfrm_policy_delete(xp)))
+ xfrm_audit_log(audit_get_loginuid(current->audit_context), 0,
+ AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
+
+ if (err)
goto out;
+
c.seq = hdr->sadb_msg_seq;
c.pid = hdr->sadb_msg_pid;
c.event = XFRM_MSG_DELPOLICY;
Index: linux-2.6.20.noarch/net/xfrm/xfrm_policy.c
===================================================================
--- linux-2.6.20.noarch.orig/net/xfrm/xfrm_policy.c 2007-02-04 13:44:54.000000000 -0500
+++ linux-2.6.20.noarch/net/xfrm/xfrm_policy.c 2007-02-18 18:57:05.000000000 -0500
@@ -1997,9 +1997,14 @@
if (audit_enabled == 0)
return;
+ BUG_ON((type == AUDIT_MAC_IPSEC_ADDSA ||
+ type == AUDIT_MAC_IPSEC_DELSA) && !x);
+ BUG_ON((type == AUDIT_MAC_IPSEC_ADDSPD ||
+ type == AUDIT_MAC_IPSEC_DELSPD) && !xp);
+
audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC, type);
if (audit_buf == NULL)
- return;
+ return;
switch(type) {
case AUDIT_MAC_IPSEC_ADDSA:
Index: linux-2.6.20.noarch/net/xfrm/xfrm_user.c
===================================================================
--- linux-2.6.20.noarch.orig/net/xfrm/xfrm_user.c 2007-02-04 13:44:54.000000000 -0500
+++ linux-2.6.20.noarch/net/xfrm/xfrm_user.c 2007-02-18 18:57:05.000000000 -0500
@@ -1273,10 +1273,6 @@
xp = xfrm_policy_bysel_ctx(type, p->dir, &p->sel, tmp.security, delete);
security_xfrm_policy_free(&tmp);
}
- if (delete)
- xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
- AUDIT_MAC_IPSEC_DELSPD, (xp) ? 1 : 0, xp, NULL);
-
if (xp == NULL)
return -ENOENT;
@@ -1292,8 +1288,14 @@
MSG_DONTWAIT);
}
} else {
- if ((err = security_xfrm_policy_delete(xp)) != 0)
+ err = security_xfrm_policy_delete(xp);
+
+ xfrm_audit_log(NETLINK_CB(skb).loginuid, NETLINK_CB(skb).sid,
+ AUDIT_MAC_IPSEC_DELSPD, err ? 0 : 1, xp, NULL);
+
+ if (err != 0)
goto out;
+
c.data.byid = p->index;
c.event = nlh->nlmsg_type;
c.seq = nlh->nlmsg_seq;
linux-2.6-nfnetlink_log_null_deref_fix.patch.patch:
nfnetlink_log.c | 3 +++
1 files changed, 3 insertions(+)
--- NEW FILE linux-2.6-nfnetlink_log_null_deref_fix.patch.patch ---
Eliminate possible NULL pointer dereference in nfulnl_recv_config().
Signed-off-by: Michał Mirosław <mirq-linux at rere.qmqm.pl>
Index: linux-2.6.20.noarch/net/netfilter/nfnetlink_log.c
===================================================================
--- linux-2.6.20.noarch.orig/net/netfilter/nfnetlink_log.c 2007-02-04 13:44:54.000000000 -0500
+++ linux-2.6.20.noarch/net/netfilter/nfnetlink_log.c 2007-02-18 18:57:05.000000000 -0500
@@ -856,6 +856,9 @@
ret = -EINVAL;
break;
}
+
+ if (!inst)
+ goto out_null;
} else {
if (!inst) {
UDEBUG("no config command, and no instance for "
linux-2.6-nfnetlink_log_refcounting_fix.patch.patch:
nfnetlink_log.c | 15 ++++++++++++---
1 files changed, 12 insertions(+), 3 deletions(-)
--- NEW FILE linux-2.6-nfnetlink_log_refcounting_fix.patch.patch ---
Fix reference counting (memory leak) problem in __nfulnl_send() and callers
related to packet queueing.
Signed-off-by: Michał Mirosław <mirq-linux at rere.qmqm.pl>
Index: linux-2.6.20.noarch/net/netfilter/nfnetlink_log.c
===================================================================
--- linux-2.6.20.noarch.orig/net/netfilter/nfnetlink_log.c 2007-02-18 18:57:05.000000000 -0500
+++ linux-2.6.20.noarch/net/netfilter/nfnetlink_log.c 2007-02-18 18:57:05.000000000 -0500
@@ -217,6 +217,11 @@
spin_lock_bh(&inst->lock);
if (inst->skb) {
+ /* timer "holds" one reference (we have one more) */
+ if (timer_pending(&inst->timer)) {
+ del_timer(&inst->timer);
+ instance_put(inst);
+ }
if (inst->qlen)
__nfulnl_send(inst);
if (inst->skb) {
@@ -363,9 +368,6 @@
{
int status;
- if (timer_pending(&inst->timer))
- del_timer(&inst->timer);
-
if (!inst->skb)
return 0;
@@ -392,6 +394,8 @@
UDEBUG("timer function called, flushing buffer\n");
spin_lock_bh(&inst->lock);
+ if (timer_pending(&inst->timer)) /* is it always true or false here? */
+ del_timer(&inst->timer);
__nfulnl_send(inst);
instance_put(inst);
spin_unlock_bh(&inst->lock);
@@ -689,6 +693,11 @@
* enough room in the skb left. flush to userspace. */
UDEBUG("flushing old skb\n");
+ /* timer "holds" one reference (we have another one) */
+ if (timer_pending(&inst->timer)) {
+ del_timer(&inst->timer);
+ instance_put(inst);
+ }
__nfulnl_send(inst);
if (!(inst->skb = nfulnl_alloc_skb(nlbufsiz, size))) {
linux-2.6-swiotlb_sync_single_bug.patch:
swiotlb.c | 2 +-
1 files changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE linux-2.6-swiotlb_sync_single_bug.patch ---
Date: Sun, 04 Feb 2007 13:39:40 -0500
From: David Moore <dcm at acm.org>
Adds missing call to phys_to_virt() in the
lib/swiotlb.c:swiotlb_sync_sg() function. Without this change, a kernel
panic will always occur whenever a SWIOTLB bounce buffer from a
scatter-gather list gets synced.
Signed-off-by: David Moore <dcm at acm.org>
Signed-off-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
---
This is a fraction of patch "[IA64] swiotlb bug fixes" in 2.6.20-git#,
commit cde14bbfb3aa79b479db35bd29e6c083513d8614. Unlike its heading
suggests, it is also important for EM64T.
Example crashes caused by swiotlb_sync_sg:
http://lists.opensuse.org/opensuse-bugs/2006-12/msg02943.html
http://qa.mandriva.com/show_bug.cgi?id=28224
http://www.pchdtv.com/forum/viewtopic.php?t=2063&sid=a959a14a4c2db0eebaab7b0df56103ce
Index: linux-2.6.20.noarch/lib/swiotlb.c
===================================================================
--- linux-2.6.20.noarch.orig/lib/swiotlb.c 2007-02-04 13:44:54.000000000 -0500
+++ linux-2.6.20.noarch/lib/swiotlb.c 2007-02-18 18:57:05.000000000 -0500
@@ -750,7 +750,7 @@
for (i = 0; i < nelems; i++, sg++)
if (sg->dma_address != SG_ENT_PHYS_ADDRESS(sg))
- sync_single(hwdev, (void *) sg->dma_address,
+ sync_single(hwdev, phys_to_virt(sg->dma_address),
sg->dma_length, dir, target);
}
linux-2.6-usbnet_fix_failure_path_oops.patch:
usbnet.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
--- NEW FILE linux-2.6-usbnet_fix_failure_path_oops.patch ---
Index: linux-2.6.20.noarch/drivers/usb/net/usbnet.c
===================================================================
--- linux-2.6.20.noarch.orig/drivers/usb/net/usbnet.c 2007-02-04 13:44:54.000000000 -0500
+++ linux-2.6.20.noarch/drivers/usb/net/usbnet.c 2007-02-18 18:57:05.000000000 -0500
@@ -1182,6 +1182,9 @@
// NOTE net->name still not usable ...
if (info->bind) {
status = info->bind (dev, udev);
+ if (status < 0)
+ goto out1;
+
// heuristic: "usb%d" for links we know are two-host,
// else "eth%d" when there's reasonable doubt. userspace
// can rename the link if it knows better.
@@ -1208,12 +1211,12 @@
if (status == 0 && dev->status)
status = init_status (dev, udev);
if (status < 0)
- goto out1;
+ goto out3;
if (!dev->rx_urb_size)
dev->rx_urb_size = dev->hard_mtu;
dev->maxpacket = usb_maxpacket (dev->udev, dev->out, 1);
-
+
SET_NETDEV_DEV(net, &udev->dev);
status = register_netdev (net);
if (status)
Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/FC-5/kernel-2.6.spec,v
retrieving revision 1.2292
retrieving revision 1.2293
diff -u -r1.2292 -r1.2293
--- kernel-2.6.spec 17 Feb 2007 03:57:31 -0000 1.2292
+++ kernel-2.6.spec 19 Feb 2007 00:21:25 -0000 1.2293
@@ -435,7 +435,21 @@
Patch1750: linux-2.6-usb-storage-reboot.patch
Patch1770: linux-2.6-optimise-spinlock-debug.patch
Patch1771: linux-2.6-silence-noise.patch
-Patch1790: linux-2.6-drivers-add-qlogic-firmware.patch
+Patch1780: linux-2.6-drivers-add-qlogic-firmware.patch
+
+# 2.6.20 fixes for testing
+Patch1788: linux-2.6-ieee1394_host_register_fix.patch
+Patch1789: linux-2.6-ieee1394_video1394_dma_fix.patch
+Patch1790: linux-2.6-jfs_fix_deadlock.patch
+Patch1791: linux-2.6-md_md5_6_bio_too_big_fix_fix.patch
+Patch1792: linux-2.6-md_md5_6_bio_too_big_fix.patch
+Patch1793: linux-2.6-net_forcedeth_disable_msi.patch
+Patch1794: linux-2.6-net_xfrm_audit_log_oops_fix.patch
+Patch1795: linux-2.6-nfnetlink_log_null_deref_fix.patch.patch
+Patch1796: linux-2.6-nfnetlink_log_refcounting_fix.patch.patch
+Patch1797: linux-2.6-swiotlb_sync_single_bug.patch
+Patch1798: linux-2.6-usbnet_fix_failure_path_oops.patch
+
# SELinux/audit patches.
Patch1801: linux-2.6-selinux-mprotect-checks.patch
@@ -1005,7 +1019,20 @@
# Silence some useless messages that still get printed with 'quiet'
%patch1771 -p1
# qlogic firmware
+%patch1780 -p1
+
+# 2.6.20 test fixes
+%patch1788 -p1
+%patch1789 -p1
%patch1790 -p1
+%patch1791 -p1
+%patch1792 -p1
+%patch1793 -p1
+%patch1794 -p1
+%patch1795 -p1
+%patch1796 -p1
+%patch1797 -p1
+%patch1798 -p1
# Fix the SELinux mprotect checks on executable mappings
%patch1801 -p1
@@ -1756,6 +1783,9 @@
%endif
%changelog
+* Sun Feb 18 2007 Chuck Ebbert <cebbert at redhat.com>
+- add 2.6.20 fixes
+
* Thu Feb 15 2007 Chuck Ebbert <cebbert at redhat.com>
- rebase to linux kernel 2.6.20
- Previous message (by thread): rpms/hal/devel .cvsignore, 1.42, 1.43 hal-device-manager.desktop, 1.1, 1.2 hal.spec, 1.117, 1.118 sources, 1.43, 1.44
- Next message (by thread): rpms/xorg-x11-drivers/devel xorg-x11-drivers.spec,1.16,1.17
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list