ChangeSet@1.1518, 2003-12-12 14:20:08-08:00, torvalds@home.osdl.org
Fix subtle bug in "finish_wait()", which can cause kernel stack
corruption on SMP because of another CPU still accessing a waitqueue
even after it was de-allocated.
Use a careful version of the list emptiness check to make sure we
don't de-allocate the stack frame before the waitqueue is all done.
ChangeSet@1.1517, 2003-12-09 09:03:05-08:00, axboe@suse.de
[PATCH] scsi_ioctl memcpy'ing user address
James reported a bug in scsi_ioctl.c where it mem copies a user pointer
instead of using copy_from_user(). I inadvertently introduced this one
when getting rid of CDROM_SEND_PACKET. Here's a trivial patch to fix it.
ChangeSet@1.1516, 2003-12-08 21:40:01-08:00, acme@conectiva.com.br
[IPV6]: Fix TCP socket leak.
TCP IPV6 ->hash() method should not grab a socket reference.
ChangeSet@1.1515, 2003-12-07 21:57:40-08:00, James_McMechan@hotmail.com
[PATCH] tmpfs oops fix
The problem was that the cursor was in the list being walked, and when
the pointer pointed to the cursor the list_del/list_add_tail pair would
oops trying to find the entry pointed to by the prev pointer of the
deleted cursor element.
The solution I found was to move the list_del earlier, before the
beginning of the list walk. since it is not used during the list walk and
should not count in the list enumeration it can be deleted, then the
list pointer cannot point to it so it can be added safely with the
list_add_tail without oopsing, and everything works as expected.
I am unable to oops this version with any of my test programs.
Patch acked by Al Viro.
ChangeSet@1.1512.1.2, 2003-12-07 19:33:36-08:00, devik@cdi.cz
[PKT_SCHED]: In HTB, filters must be destroyed before the classes.
ChangeSet@1.1512.1.1, 2003-12-07 19:31:37-08:00, davem@nuts.ninka.net
[PKT_SCHED]: Do not dereference the special pointer value 'HTB_DIRECT'.
Based upon a patch from devik.
ChangeSet@1.1513, 2003-12-07 11:00:48-08:00, jgarzik@pobox.com
[PATCH] wireless airo oops fix
From Javier Achirica:
Delay MIC activation to prevent Oops
ChangeSet@1.1512, 2003-12-06 14:34:40-08:00, torvalds@home.osdl.org
Fix the PROT_EXEC breakage on anonymous mmap.
Clean up the tests while at it.
ChangeSet@1.1511, 2003-12-05 23:35:35-08:00, jgarzik@pobox.com
[PATCH] remove manual driver poisoning of net_device
From: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Such poisoning can cause oopses either because the refcount is not
zero when the poisoning occurs, or due to kernel debugging options
being enabled.
ChangeSet@1.1510, 2003-12-05 23:34:00-08:00, jgarzik@pobox.com
[PATCH] fix oops on unload in pcnet32
The driver was calling pci_unregister_driver for each _device_, and then
again at the end of the module unload routine. Remove the call that's
inside the loop, pci_unregister_driver should only be called once.
Caught by Don Fry (and many others)
ChangeSet@1.1509, 2003-12-05 23:32:14-08:00, jgarzik@pobox.com
[PATCH] fix use-after-free in libata
Fixes oops some were seeing on module unload.
Caught by Jon Burgess.
ChangeSet@1.1506.1.2, 2003-12-05 12:41:31-08:00, ja@ssi.bg
[BRIDGE]: Provide correct TOS value to IPv4 routing.
ChangeSet@1.1506.1.1, 2003-12-05 12:34:00-08:00, davem@nuts.ninka.net
[NETFILTER]: In conntrack, do not fragment TSO packets by accident.
ChangeSet@1.1507, 2003-12-04 22:26:06-08:00, drepper@redhat.com
[PATCH] Fix 'noexec' behaviour
We should not allow mmap() with PROT_EXEC on mounts marked "noexec",
since otherwise there is no way for user-supplied executable loaders
(like ld.so and emulator environments) to properly honour the
"noexec"ness of the target.
ChangeSet@1.1504.1.1, 2003-12-04 14:14:33-08:00, khali@linux-fr.org
[PATCH] I2C: fix i2c_smbus_write_byte() for i2c-nforce2
This patch fixes i2c_smbus_write_byte() being broken for i2c-nforce2.
This causes trouble when that module is used together with eeprom (which
is also in 2.6). We have had three user reports about the problem.
Credits go to Mark D. Studebaker for finding and fixing the problem.
ChangeSet@1.1505, 2003-12-04 07:53:31-08:00, axboe@suse.de
[PATCH] fix broken x86_64 rdtscll
The scheduler is completed b0rked on x86_64, and I finally found out
why. sched_clock() always returned 0, because rdtscll() always returned
0. The 'a' in the macro doesn't agree with the 'a' in the function,
yippe :-)
This is a show stopper for x86_64.
ChangeSet@1.1500.1.1, 2003-12-03 12:59:12-08:00, mingo@elte.hu
[PATCH] Fix /proc access to dead thread group list oops
The pid_alive() check within the loop is incorrect. If we are within
the tasklist lock and the thread group leader is valid then the thread
chain will be fully intact.
Instead, the check should be _outside_ the loop, since if the group
leader no longer exists, the whole list is gone and we must not try
to access it.
Move the check around, and add comment.
Bug-hunting and fix by Srivatsa Vaddagiri
ChangeSet@1.1503, 2003-12-03 11:57:38-08:00, pavlin@icir.org
[RTNETLINK]: Add RTPROT_XORP.
ChangeSet@1.1502, 2003-12-03 11:57:05-08:00, laforge@netfilter.org
[NETFILTER]: Sanitize ip_ct_tcp_timeout_close_wait value, from 2.4.x
ChangeSet@1.1501, 2003-12-03 11:56:26-08:00, yoshfuji@linux-ipv6.org
[IPV6]: Fix ipv4 mapped address calculation in udpv6_sendmsg().
ChangeSet@1.1500, 2003-12-02 19:04:01-08:00, torvalds@home.osdl.org
Fix ide-scsi.c uninitialized variable
ChangeSet@1.1499, 2003-12-02 18:41:48-08:00, torvalds@home.osdl.org
Fix x86 kernel page fault error codes
ChangeSet@1.1498, 2003-12-01 16:51:30-08:00, mingo@elte.hu
[PATCH] Fix lost wakeups problem
When doing sync wakeups we must not skip the notification of other cpus
if the task is not on this runqueue.
ChangeSet@1.1497, 2003-12-01 10:40:47-08:00, hirofumi@mail.parknet.co.jp
[PATCH] Missing initialization of /proc/net/tcp seq_file
We need to initialize st->state in tcp_seq_start(). Otherwise
tcp_seq_stop() is run with previous st->state, and it calls the unneeded
unlock etc, causing a kernel crash.
ChangeSet@1.1496, 2003-11-26 12:38:22-08:00, torvalds@home.osdl.org
Linux 2.6.0-test11
TAG: v2.6.0-test11