-bk snapshot (patch-2.6.0-test11-bk5) ChangeSet@1.1512, 2003-12-06 14:34:40-08:00, torvalds@home.osdl.org Fix the PROT_EXEC breakage on anonymous mmap. Clean up the tests while at it. ChangeSet@1.1511, 2003-12-05 23:35:35-08:00, jgarzik@pobox.com [PATCH] remove manual driver poisoning of net_device From: Al Viro Such poisoning can cause oopses either because the refcount is not zero when the poisoning occurs, or due to kernel debugging options being enabled. ChangeSet@1.1510, 2003-12-05 23:34:00-08:00, jgarzik@pobox.com [PATCH] fix oops on unload in pcnet32 The driver was calling pci_unregister_driver for each _device_, and then again at the end of the module unload routine. Remove the call that's inside the loop, pci_unregister_driver should only be called once. Caught by Don Fry (and many others) ChangeSet@1.1509, 2003-12-05 23:32:14-08:00, jgarzik@pobox.com [PATCH] fix use-after-free in libata Fixes oops some were seeing on module unload. Caught by Jon Burgess. ChangeSet@1.1506.1.2, 2003-12-05 12:41:31-08:00, ja@ssi.bg [BRIDGE]: Provide correct TOS value to IPv4 routing. ChangeSet@1.1506.1.1, 2003-12-05 12:34:00-08:00, davem@nuts.ninka.net [NETFILTER]: In conntrack, do not fragment TSO packets by accident. ChangeSet@1.1507, 2003-12-04 22:26:06-08:00, drepper@redhat.com [PATCH] Fix 'noexec' behaviour We should not allow mmap() with PROT_EXEC on mounts marked "noexec", since otherwise there is no way for user-supplied executable loaders (like ld.so and emulator environments) to properly honour the "noexec"ness of the target. ChangeSet@1.1504.1.1, 2003-12-04 14:14:33-08:00, khali@linux-fr.org [PATCH] I2C: fix i2c_smbus_write_byte() for i2c-nforce2 This patch fixes i2c_smbus_write_byte() being broken for i2c-nforce2. This causes trouble when that module is used together with eeprom (which is also in 2.6). We have had three user reports about the problem. Credits go to Mark D. Studebaker for finding and fixing the problem. ChangeSet@1.1505, 2003-12-04 07:53:31-08:00, axboe@suse.de [PATCH] fix broken x86_64 rdtscll The scheduler is completed b0rked on x86_64, and I finally found out why. sched_clock() always returned 0, because rdtscll() always returned 0. The 'a' in the macro doesn't agree with the 'a' in the function, yippe :-) This is a show stopper for x86_64. ChangeSet@1.1500.1.1, 2003-12-03 12:59:12-08:00, mingo@elte.hu [PATCH] Fix /proc access to dead thread group list oops The pid_alive() check within the loop is incorrect. If we are within the tasklist lock and the thread group leader is valid then the thread chain will be fully intact. Instead, the check should be _outside_ the loop, since if the group leader no longer exists, the whole list is gone and we must not try to access it. Move the check around, and add comment. Bug-hunting and fix by Srivatsa Vaddagiri ChangeSet@1.1503, 2003-12-03 11:57:38-08:00, pavlin@icir.org [RTNETLINK]: Add RTPROT_XORP. ChangeSet@1.1502, 2003-12-03 11:57:05-08:00, laforge@netfilter.org [NETFILTER]: Sanitize ip_ct_tcp_timeout_close_wait value, from 2.4.x ChangeSet@1.1501, 2003-12-03 11:56:26-08:00, yoshfuji@linux-ipv6.org [IPV6]: Fix ipv4 mapped address calculation in udpv6_sendmsg(). ChangeSet@1.1500, 2003-12-02 19:04:01-08:00, torvalds@home.osdl.org Fix ide-scsi.c uninitialized variable ChangeSet@1.1499, 2003-12-02 18:41:48-08:00, torvalds@home.osdl.org Fix x86 kernel page fault error codes ChangeSet@1.1498, 2003-12-01 16:51:30-08:00, mingo@elte.hu [PATCH] Fix lost wakeups problem When doing sync wakeups we must not skip the notification of other cpus if the task is not on this runqueue. ChangeSet@1.1497, 2003-12-01 10:40:47-08:00, hirofumi@mail.parknet.co.jp [PATCH] Missing initialization of /proc/net/tcp seq_file We need to initialize st->state in tcp_seq_start(). Otherwise tcp_seq_stop() is run with previous st->state, and it calls the unneeded unlock etc, causing a kernel crash. ChangeSet@1.1496, 2003-11-26 12:38:22-08:00, torvalds@home.osdl.org Linux 2.6.0-test11 TAG: v2.6.0-test11 Makefile | 2 +- arch/i386/mm/fault.c | 3 ++- drivers/i2c/busses/i2c-nforce2.c | 2 +- drivers/net/pci-skeleton.c | 7 ------- drivers/net/pcnet32.c | 2 -- drivers/net/r8169.c | 4 ---- drivers/net/sis190.c | 4 ---- drivers/scsi/ide-scsi.c | 1 + drivers/scsi/libata-core.c | 3 +-- fs/proc/base.c | 10 +++++++--- include/asm-x86_64/msr.h | 6 +++--- include/linux/rtnetlink.h | 1 + kernel/sched.c | 2 +- mm/mmap.c | 10 ++++++++-- net/bridge/br_netfilter.c | 2 +- net/ipv4/netfilter/ip_conntrack_proto_tcp.c | 2 +- net/ipv4/netfilter/ip_conntrack_standalone.c | 3 ++- net/ipv4/tcp_ipv4.c | 1 + net/ipv6/udp.c | 2 +- 19 files changed, 32 insertions(+), 35 deletions(-) diff -puN arch/i386/mm/fault.c~linux-2.6.0-test11-bk5 arch/i386/mm/fault.c --- linux-2.6.0-test11/arch/i386/mm/fault.c~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.100079296 +0100 +++ linux-2.6.0-test11-root/arch/i386/mm/fault.c 2003-12-07 17:15:20.241057864 +0100 @@ -359,7 +359,8 @@ bad_area_nosemaphore: return; tsk->thread.cr2 = address; - tsk->thread.error_code = error_code; + /* Kernel addresses are always protection faults */ + tsk->thread.error_code = error_code | (address >= TASK_SIZE); tsk->thread.trap_no = 14; info.si_signo = SIGSEGV; info.si_errno = 0; diff -puN drivers/i2c/busses/i2c-nforce2.c~linux-2.6.0-test11-bk5 drivers/i2c/busses/i2c-nforce2.c --- linux-2.6.0-test11/drivers/i2c/busses/i2c-nforce2.c~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.110077776 +0100 +++ linux-2.6.0-test11-root/drivers/i2c/busses/i2c-nforce2.c 2003-12-07 17:15:20.242057712 +0100 @@ -147,7 +147,7 @@ static s32 nforce2_access(struct i2c_ada case I2C_SMBUS_BYTE: if (read_write == I2C_SMBUS_WRITE) - outb_p(data->byte, NVIDIA_SMB_DATA); + outb_p(command, NVIDIA_SMB_CMD); protocol |= NVIDIA_SMB_PRTCL_BYTE; break; diff -puN drivers/net/pci-skeleton.c~linux-2.6.0-test11-bk5 drivers/net/pci-skeleton.c --- linux-2.6.0-test11/drivers/net/pci-skeleton.c~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.113077320 +0100 +++ linux-2.6.0-test11-root/drivers/net/pci-skeleton.c 2003-12-07 17:15:20.243057560 +0100 @@ -864,13 +864,6 @@ static void __devexit netdrv_remove_one pci_release_regions (pdev); -#ifndef NETDRV_NDEBUG - /* poison memory before freeing */ - memset (dev, 0xBC, - sizeof (struct net_device) + - sizeof (struct netdrv_private)); -#endif /* NETDRV_NDEBUG */ - free_netdev (dev); pci_set_drvdata (pdev, NULL); diff -puN drivers/net/pcnet32.c~linux-2.6.0-test11-bk5 drivers/net/pcnet32.c --- linux-2.6.0-test11/drivers/net/pcnet32.c~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.117076712 +0100 +++ linux-2.6.0-test11-root/drivers/net/pcnet32.c 2003-12-07 17:15:20.250056496 +0100 @@ -1766,8 +1766,6 @@ static void __exit pcnet32_cleanup_modul next_dev = lp->next; unregister_netdev(pcnet32_dev); release_region(pcnet32_dev->base_addr, PCNET32_TOTAL_SIZE); - if (lp->pci_dev) - pci_unregister_driver(&pcnet32_driver); pci_free_consistent(lp->pci_dev, sizeof(*lp), lp, lp->dma_addr); free_netdev(pcnet32_dev); pcnet32_dev = next_dev; diff -puN drivers/net/r8169.c~linux-2.6.0-test11-bk5 drivers/net/r8169.c --- linux-2.6.0-test11/drivers/net/r8169.c~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.120076256 +0100 +++ linux-2.6.0-test11-root/drivers/net/r8169.c 2003-12-07 17:15:20.252056192 +0100 @@ -642,10 +642,6 @@ rtl8169_remove_one(struct pci_dev *pdev) iounmap(tp->mmio_addr); pci_release_regions(pdev); - // poison memory before freeing - memset(dev, 0xBC, - sizeof (struct net_device) + sizeof (struct rtl8169_private)); - pci_disable_device(pdev); free_netdev(dev); pci_set_drvdata(pdev, NULL); diff -puN drivers/net/sis190.c~linux-2.6.0-test11-bk5 drivers/net/sis190.c --- linux-2.6.0-test11/drivers/net/sis190.c~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.123075800 +0100 +++ linux-2.6.0-test11-root/drivers/net/sis190.c 2003-12-07 17:15:20.253056040 +0100 @@ -703,10 +703,6 @@ SiS190_remove_one(struct pci_dev *pdev) iounmap(tp->mmio_addr); pci_release_regions(pdev); - // poison memory before freeing - memset(dev, 0xBC, - sizeof (struct net_device) + sizeof (struct sis190_private)); - free_netdev(dev); pci_set_drvdata(pdev, NULL); } diff -puN drivers/scsi/ide-scsi.c~linux-2.6.0-test11-bk5 drivers/scsi/ide-scsi.c --- linux-2.6.0-test11/drivers/scsi/ide-scsi.c~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.126075344 +0100 +++ linux-2.6.0-test11-root/drivers/scsi/ide-scsi.c 2003-12-07 17:15:20.253056040 +0100 @@ -517,6 +517,7 @@ static ide_startstop_t idescsi_issue_pc pc->current_position=pc->buffer; bcount.all = IDE_MIN(pc->request_transfer, 63 * 1024); /* Request to transfer the entire buffer at once */ + feature.all = 0; if (drive->using_dma && rq->bio) { if (test_bit(PC_WRITING, &pc->flags)) feature.b.dma = !HWIF(drive)->ide_dma_write(drive); diff -puN drivers/scsi/libata-core.c~linux-2.6.0-test11-bk5 drivers/scsi/libata-core.c --- linux-2.6.0-test11/drivers/scsi/libata-core.c~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.129074888 +0100 +++ linux-2.6.0-test11-root/drivers/scsi/libata-core.c 2003-12-07 17:15:20.255055736 +0100 @@ -3224,8 +3224,6 @@ void ata_pci_remove_one (struct pci_dev scsi_host_put(ap->host); /* FIXME: check return val */ } - kfree(host_set); - pci_release_regions(pdev); for (i = 0; i < host_set->n_ports; i++) { @@ -3242,6 +3240,7 @@ void ata_pci_remove_one (struct pci_dev } } + kfree(host_set); pci_disable_device(pdev); pci_set_drvdata(pdev, NULL); } diff -puN fs/proc/base.c~linux-2.6.0-test11-bk5 fs/proc/base.c --- linux-2.6.0-test11/fs/proc/base.c~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.140073216 +0100 +++ linux-2.6.0-test11-root/fs/proc/base.c 2003-12-07 17:15:20.257055432 +0100 @@ -1666,10 +1666,14 @@ static int get_tid_list(int index, unsig index -= 2; read_lock(&tasklist_lock); - do { + /* + * The starting point task (leader_task) might be an already + * unlinked task, which cannot be used to access the task-list + * via next_thread(). + */ + if (pid_alive(task)) do { int tid = task->pid; - if (!pid_alive(task)) - continue; + if (--index >= 0) continue; tids[nr_tids] = tid; diff -puN include/asm-x86_64/msr.h~linux-2.6.0-test11-bk5 include/asm-x86_64/msr.h --- linux-2.6.0-test11/include/asm-x86_64/msr.h~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.143072760 +0100 +++ linux-2.6.0-test11-root/include/asm-x86_64/msr.h 2003-12-07 17:15:20.257055432 +0100 @@ -50,9 +50,9 @@ __asm__ __volatile__ ("rdtsc" : "=a" (low) : : "edx") #define rdtscll(val) do { \ - unsigned int a,d; \ - asm volatile("rdtsc" : "=a" (a), "=d" (d)); \ - (val) = ((unsigned long)a) | (((unsigned long)d)<<32); \ + unsigned int __a,__d; \ + asm volatile("rdtsc" : "=a" (__a), "=d" (__d)); \ + (val) = ((unsigned long)__a) | (((unsigned long)__d)<<32); \ } while(0) #define rdpmc(counter,low,high) \ diff -puN include/linux/rtnetlink.h~linux-2.6.0-test11-bk5 include/linux/rtnetlink.h --- linux-2.6.0-test11/include/linux/rtnetlink.h~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.146072304 +0100 +++ linux-2.6.0-test11-root/include/linux/rtnetlink.h 2003-12-07 17:15:20.258055280 +0100 @@ -138,6 +138,7 @@ enum #define RTPROT_ZEBRA 11 /* Zebra */ #define RTPROT_BIRD 12 /* BIRD */ #define RTPROT_DNROUTED 13 /* DECnet routing daemon */ +#define RTPROT_XORP 14 /* XORP */ /* rtm_scope diff -puN kernel/sched.c~linux-2.6.0-test11-bk5 kernel/sched.c --- linux-2.6.0-test11/kernel/sched.c~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.149071848 +0100 +++ linux-2.6.0-test11-root/kernel/sched.c 2003-12-07 17:15:20.259055128 +0100 @@ -646,7 +646,7 @@ repeat_lock_task: */ p->activated = -1; } - if (sync) + if (sync && (task_cpu(p) == smp_processor_id())) __activate_task(p, rq); else { activate_task(p, rq); diff -puN Makefile~linux-2.6.0-test11-bk5 Makefile --- linux-2.6.0-test11/Makefile~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.182066832 +0100 +++ linux-2.6.0-test11-root/Makefile 2003-12-07 17:18:08.373497848 +0100 @@ -1,7 +1,7 @@ VERSION = 2 PATCHLEVEL = 6 SUBLEVEL = 0 -EXTRAVERSION = -test11 +EXTRAVERSION = -test11-bk5 # *DOCUMENTATION* # To see a list of typical targets execute "make help" diff -puN mm/mmap.c~linux-2.6.0-test11-bk5 mm/mmap.c --- linux-2.6.0-test11/mm/mmap.c~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.185066376 +0100 +++ linux-2.6.0-test11-root/mm/mmap.c 2003-12-07 17:15:20.272053152 +0100 @@ -19,6 +19,7 @@ #include #include #include +#include #include #include @@ -474,8 +475,13 @@ unsigned long do_mmap_pgoff(struct file struct rb_node ** rb_link, * rb_parent; unsigned long charged = 0; - if (file && (!file->f_op || !file->f_op->mmap)) - return -ENODEV; + if (file) { + if (!file->f_op || !file->f_op->mmap) + return -ENODEV; + + if ((prot & PROT_EXEC) && (file->f_vfsmnt->mnt_flags & MNT_NOEXEC)) + return -EPERM; + } if (!len) return addr; diff -puN net/bridge/br_netfilter.c~linux-2.6.0-test11-bk5 net/bridge/br_netfilter.c --- linux-2.6.0-test11/net/bridge/br_netfilter.c~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.204063488 +0100 +++ linux-2.6.0-test11-root/net/bridge/br_netfilter.c 2003-12-07 17:15:20.274052848 +0100 @@ -180,7 +180,7 @@ static int br_nf_pre_routing_finish(stru struct rtable *rt; struct flowi fl = { .nl_u = { .ip4_u = { .daddr = iph->daddr, .saddr = 0 , - .tos = iph->tos} }, .proto = 0}; + .tos = RT_TOS(iph->tos)} }, .proto = 0}; if (!ip_route_output_key(&rt, &fl)) { /* Bridged-and-DNAT'ed traffic doesn't diff -puN net/ipv4/netfilter/ip_conntrack_proto_tcp.c~linux-2.6.0-test11-bk5 net/ipv4/netfilter/ip_conntrack_proto_tcp.c --- linux-2.6.0-test11/net/ipv4/netfilter/ip_conntrack_proto_tcp.c~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.207063032 +0100 +++ linux-2.6.0-test11-root/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2003-12-07 17:15:20.274052848 +0100 @@ -53,7 +53,7 @@ unsigned long ip_ct_tcp_timeout_syn_sent unsigned long ip_ct_tcp_timeout_syn_recv = 60 SECS; unsigned long ip_ct_tcp_timeout_established = 5 DAYS; unsigned long ip_ct_tcp_timeout_fin_wait = 2 MINS; -unsigned long ip_ct_tcp_timeout_close_wait = 3 DAYS; +unsigned long ip_ct_tcp_timeout_close_wait = 60 SECS; unsigned long ip_ct_tcp_timeout_last_ack = 30 SECS; unsigned long ip_ct_tcp_timeout_time_wait = 2 MINS; unsigned long ip_ct_tcp_timeout_close = 10 SECS; diff -puN net/ipv4/netfilter/ip_conntrack_standalone.c~linux-2.6.0-test11-bk5 net/ipv4/netfilter/ip_conntrack_standalone.c --- linux-2.6.0-test11/net/ipv4/netfilter/ip_conntrack_standalone.c~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.210062576 +0100 +++ linux-2.6.0-test11-root/net/ipv4/netfilter/ip_conntrack_standalone.c 2003-12-07 17:15:20.275052696 +0100 @@ -201,7 +201,8 @@ static unsigned int ip_refrag(unsigned i /* Local packets are never produced too large for their interface. We degfragment them at LOCAL_OUT, however, so we have to refragment them here. */ - if ((*pskb)->len > dst_pmtu(&rt->u.dst)) { + if ((*pskb)->len > dst_pmtu(&rt->u.dst) && + !skb_shinfo(*pskb)->tso_size) { /* No hook can be after us, so this should be OK. */ ip_fragment(*pskb, okfn); return NF_STOLEN; diff -puN net/ipv4/tcp_ipv4.c~linux-2.6.0-test11-bk5 net/ipv4/tcp_ipv4.c --- linux-2.6.0-test11/net/ipv4/tcp_ipv4.c~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.213062120 +0100 +++ linux-2.6.0-test11-root/net/ipv4/tcp_ipv4.c 2003-12-07 17:15:20.276052544 +0100 @@ -2356,6 +2356,7 @@ static void *tcp_get_idx(struct seq_file static void *tcp_seq_start(struct seq_file *seq, loff_t *pos) { struct tcp_iter_state* st = seq->private; + st->state = TCP_SEQ_STATE_LISTENING; st->num = 0; return *pos ? tcp_get_idx(seq, *pos - 1) : SEQ_START_TOKEN; } diff -puN net/ipv6/udp.c~linux-2.6.0-test11-bk5 net/ipv6/udp.c --- linux-2.6.0-test11/net/ipv6/udp.c~linux-2.6.0-test11-bk5 2003-12-07 17:15:20.216061664 +0100 +++ linux-2.6.0-test11-root/net/ipv6/udp.c 2003-12-07 17:15:20.277052392 +0100 @@ -825,7 +825,7 @@ static int udpv6_sendmsg(struct kiocb *i struct sockaddr_in sin; sin.sin_family = AF_INET; sin.sin_port = sin6 ? sin6->sin6_port : inet->dport; - sin.sin_addr.s_addr = daddr->s6_addr[3]; + sin.sin_addr.s_addr = daddr->s6_addr32[3]; msg->msg_name = &sin; msg->msg_namelen = sizeof(sin); do_udp_sendmsg: _