commit b8f212953417021b3b92a250babacca6dd7784ea Author: Chris Wright Date: Fri Aug 5 00:04:37 2005 -0700 Linux 2.6.12.4 commit 2d0c661b972f94baa8fd5f80b3f49e76056fdf79 Author: Dave Jones Date: Sat Jul 30 21:30:30 2005 +0100 [PATCH] Fix powernow oops on dual-core athlon Date: Thu, 28 Jul 2005 16:38:21 +0000 (-0700) Subject: powernow-k8 requires that a data structure for X-Git-Tag: v2.6.13-rc4 X-Git-Url: http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=03938c3f1062b0f279a0ef937a471d4db83702ed powernow-k8 requires that a data structure for each core be created in the _cpu_init function call. The cpufreq infrastructure doesn't call _cpu_init for the second core in each processor. Some systems crashed when _get was called with an odd-numbered core because it tried to dereference a NULL pointer since the data structure had not been created. The attached patch solves the problem by initializing data structures for all shared cores in the _cpu_init function. It should apply to 2.6.12-rc6 and has been tested by AMD and Sun. Signed-off-by: Mark Langsdorf Signed-off-by: Dave Jones Signed-off-by: Chris Wright commit 31278a7db3987f5d1b487f11637096e1169582d1 Author: Tommy Christensen Date: Sat Jul 30 21:25:10 2005 +0100 [PATCH] Fix early vlan adding leads to not functional device X-Git-Url: http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f4637b55ba960d9987a836617271659e9b7b0de8 [VLAN]: Fix early vlan adding leads to not functional device OK, I can see what's happening here. eth0 doesn't detect link-up until after a few seconds, so when the vlan interface is opened immediately after eth0 has been opened, it inherits the link-down state. Subsequently the vlan interface is never properly activated and are thus unable to transmit any packets. dev->state bits are not supposed to be manipulated directly. Something similar is probably needed for the netif_device_present() bit, although I don't know how this is meant to work for a virtual device. Signed-off-by: David S. Miller Signed-off-by: Chris Wright commit 685dd5ff54ea9b3333df75427bd91d9601813c23 Author: Blaisorblade Date: Sat Jul 30 21:07:02 2005 +0200 [PATCH] sys_get_thread_area does not clear the returned argument CC: sys_get_thread_area does not memset to 0 its struct user_desc info before copying it to user space... since sizeof(struct user_desc) is 16 while the actual datas which are filled are only 12 bytes + 9 bits (across the bitfields), there is a (small) information leak. This was already committed to Linus' repository. Signed-off-by: Paolo 'Blaisorblade' Giarrusso Signed-off-by: Chris Wright commit 60372783e59079bdfd3ba0477e1907669249a489 Author: Andrew Morton Date: Thu Jul 28 11:02:26 2005 -0700 [PATCH] Fw: [PATCH] bio_clone fix [PATCH] bio_clone fix Fix bug introduced in 2.6.11-rc2: when we clone a BIO we need to copy over the current index into it as well. It corrupts data with some MD setups. See http://bugzilla.kernel.org/show_bug.cgi?id=4946 Huuuuuuuuge thanks to Matthew Stapleton for doggedly chasing this one down. Acked-by: Jens Axboe Cc: Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Chris Wright commit e7cd6bfe6c56856eecb79a8cfd3d60599a8b280f Author: Herbert Xu Date: Tue Jul 26 16:40:31 2005 -0700 [PATCH] Fix possible overflow of sock->sk_policy [XFRM]: Fix possible overflow of sock->sk_policy Spotted by, and original patch by, Balazs Scheidler. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 1541b785b9c11b639ba5f60f4c5de5bff235f7d8 Author: Patrick McHardy Date: Fri Jul 22 09:35:51 2005 +0200 [PATCH] Wait until all references to ip_conntrack_untracked are dropped on unload [NETFILTER]: Wait until all references to ip_conntrack_untracked are dropped on unload Fixes a crash when unloading ip_conntrack. Signed-off-by: Patrick McHardy Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 634823cdc51b1cacba504b29d6de9a25e1ee41af Author: Patrick McHardy Date: Fri Jul 22 09:35:43 2005 +0200 [PATCH] Fix potential memory corruption in NAT code (aka memory NAT) [NETFILTER]: Fix potential memory corruption in NAT code (aka memory NAT) The portptr pointing to the port in the conntrack tuple is declared static, which could result in memory corruption when two packets of the same protocol are NATed at the same time and one conntrack goes away. Signed-off-by: Patrick McHardy Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 2311be883f42fad2170ce288cfa477dc0ddb97be Author: Patrick McHardy Date: Fri Jul 22 09:35:34 2005 +0200 [PATCH] Fix deadlock in ip6_queue [NETFILTER]: Fix deadlock in ip6_queue Already fixed in ip_queue, ip6_queue was missed. Signed-off-by: Patrick McHardy Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e Author: Patrick McHardy Date: Mon Jul 18 06:52:50 2005 +0200 [PATCH] Fix signedness issues in net/core/filter.c This is the code to load packet data into a register: k = fentry->k; if (k < 0) { ... } else { u32 _tmp, *p; p = skb_header_pointer(skb, k, 4, &_tmp); if (p != NULL) { A = ntohl(*p); continue; } } skb_header_pointer checks if the requested data is within the linear area: int hlen = skb_headlen(skb); if (offset + len <= hlen) return skb->data + offset; When offset is within [INT_MAX-len+1..INT_MAX] the addition will result in a negative number which is <= hlen. I couldn't trigger a crash on my AMD64 with 2GB of memory, but a coworker tried on his x86 machine and it crashed immediately. This patch fixes the check in skb_header_pointer to handle large positive offsets similar to skb_copy_bits. Invalid data can still be accessed using negative offsets (also similar to skb_copy_bits), anyone using negative offsets needs to verify them himself. Thanks to Thomas Vögtle for verifying the problem by crashing his machine and providing me with an Oops. Signed-off-by: Patrick McHardy Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 691162d638928856e23f21d122aa39de47a494e4 Author: Siddha, Suresh B Date: Fri Jul 15 19:17:44 2005 -0700 [PATCH] x86_64 memleak from malicious 32bit elf program malicious 32bit app can have an elf section at 0xffffe000. During exec of this app, we will have a memory leak as insert_vm_struct() is not checking for return value in syscall32_setup_pages() and thus not freeing the vma allocated for the vsyscall page. Check the return value and free the vma incase of failure. Signed-off-by: Suresh Siddha Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit e0b02eec6f8371d993c4aca134d728d3510f7c8a Author: Michal Ostrowski Date: Thu Jul 14 16:46:26 2005 -0700 [PATCH] rocket.c: Fix ldisc ref count handling If bailing out because there is nothing to receive in rp_do_receive(), tty_ldisc_deref is not called. Failure to do so increases the ref count=20 and causes release_dev() to hang since it can't get the ref count to 0. Signed-off-by: Michal Ostrowski Signed-off-by: Andrew Morton Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit 50eb930a92e7070f6a110789245398bff4061059 Author: Andrew Vasquez Date: Thu Jul 14 16:40:04 2005 -0700 [PATCH] qla2xxx: Correct handling of fc_remote_port_add() failure case. Correct handling of fc_remote_port_add() failure case. Immediately return if fc_remote_port_add() fails to allocate resources for the rport. Original code would result in NULL pointer dereference upon failure. Reported-by: Michael Reed Signed-off-by: Andrew Vasquez Signed-off-by: Chris Wright Signed-off-by: Greg Kroah-Hartman commit ab998a6790272b6f45a63d9ef763efd435eae23a Author: Tom Rini Date: Wed Jul 13 11:49:55 2005 -0700 [PATCH] kbuild: build TAGS problem with O= For inclusion into 2.6.12.stable, extracted from current Linus git: [PATCH] kbuild: build TAGS problem with O= make O=/dir TAGS fails with: MAKE TAGS find: security/selinux/include: No such file or directory find: include: No such file or directory find: include/asm-i386: No such file or directory find: include/asm-generic: No such file or directory The problem is in this line: ifeq ($(KBUILD_OUTPUT),) KBUILD_OUTPUT is not defined (ever) after make reruns itself. This line is used in the TAGS, tags, and cscope makes. Signed-off-by: George Anzinger Cc: Sam Ravnborg Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman