commit 9e1c66a905bb1712c9ecb9659339b99a11c01ee6 Author: Greg Kroah-Hartman Date: Fri Sep 8 14:58:33 2006 -0700 Linux 2.6.17.12 commit b3c725e4a9a403d86770d43d57eb0f016f055fac Author: Stephen Hemminger Date: Wed Sep 6 10:17:58 2006 -0700 sky2: version 1.6.1 Since this code incorporates some of the fixes from 2.6.18, change the version number. Signed-off-by: Stephen Hemminger Signed-off-by: Greg Kroah-Hartman commit 983e6379274534e80c1bcf9ba8ed7ddb50e4eb17 Author: Stephen Hemminger Date: Wed Sep 6 10:17:57 2006 -0700 sky2: fix fiber support Fix support for fiber based devices. Needed to keep track of PMD type to add workaround in setup. Add support for gigabit half duplex fiber. Signed-off-by: Stephen Hemminger Signed-off-by: Greg Kroah-Hartman commit 3489a9e868343cb4c49a8bea541c324ae50366bc Author: Stephen Hemminger Date: Wed Sep 6 10:17:56 2006 -0700 sky2: MSI test timing The test for MSI IRQ could have timing issues. The PCI write needs to be pushed out before waiting, and the wait queue should be initialized before the IRQ. Signed-off-by: Stephen Hemminger Signed-off-by: Greg Kroah-Hartman commit f117ca328f2de3ca2db90d5775031152fe0c2496 Author: Stephen Hemminger Date: Wed Sep 6 10:17:55 2006 -0700 sky2: use dev_alloc_skb for receive buffers Several code paths assume an additional 16 bytes of header padding on the receive path. Use dev_alloc_skb to get that padding. Signed-off-by: Stephen Hemminger Signed-off-by: Greg Kroah-Hartman commit 15d658cb2010ec52e74920cfa64ef0427191ec3e Author: Stephen Hemminger Date: Wed Sep 6 10:17:54 2006 -0700 sky2: clear status IRQ after empty Don't clear status IRQ until list has been read to avoid causing status list wraparound. Clearing IRQ forces a Transmit Status update if it is pending. Signed-off-by: Stephen Hemminger Signed-off-by: Greg Kroah-Hartman commit 669763679043a814febae9ac1501bd2c9f848559 Author: Stephen Hemminger Date: Wed Sep 6 10:17:53 2006 -0700 sky2: accept flow control Don't program the GMAC to reject flow control packets. This maybe the cause of some of the transmit hangs. Signed-off-by: Stephen Hemminger Signed-off-by: Greg Kroah-Hartman commit e2b53b19856422ad050fadb5f30424c53698eb36 Author: Daniel Kobras Date: Sun Aug 27 01:23:24 2006 -0700 dm: Fix deadlock under high i/o load in raid1 setup. On an nForce4-equipped machine with two SATA disk in raid1 setup using dmraid, we experienced frequent deadlock of the system under high i/o load. 'cat /dev/zero > ~/zero' was the most reliable way to reproduce them: Randomly after a few GB, 'cp' would be left in 'D' state along with kjournald and kmirrord. The functions cp and kjournald were blocked in did vary, but kmirrord's wchan always pointed to 'mempool_alloc()'. We've seen this pattern on 2.6.15 and 2.6.17 kernels. http://lkml.org/lkml/2005/4/20/142 indicates that this problem has been around even before. So much for the facts, here's my interpretation: mempool_alloc() first tries to atomically allocate the requested memory, or falls back to hand out preallocated chunks from the mempool. If both fail, it puts the calling process (kmirrord in this case) on a private waitqueue until somebody refills the pool. Where the only 'somebody' is kmirrord itself, so we have a deadlock. I worked around this problem by falling back to a (blocking) kmalloc when before kmirrord would have ended up on the waitqueue. This defeats part of the benefits of using the mempool, but at least keeps the system running. And it could be done with a two-line change. Note that mempool_alloc() clears the GFP_NOIO flag internally, and only uses it to decide whether to wait or return an error if immediate allocation fails, so the attached patch doesn't change behaviour in the non-deadlocking case. Path is against current git (2.6.18-rc4), but should apply to earlier versions as well. I've tested on 2.6.15, where this patch makes the difference between random lockup and a stable system. Signed-off-by: Daniel Kobras Acked-by: Alasdair G Kergon Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit eeae03f8f7842d4a981e54b5a2a76b5dbacee82e Author: Yingchao Zhou Date: Sun Aug 27 01:23:46 2006 -0700 Remove redundant up() in stop_machine() An up() is called in kernel/stop_machine.c on failure, and also in the caller (unconditionally). Signed-off-by: Zhou Yingchao Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 1a9546a59f5792d2baeedb6b290a9449e3c43f9e Author: Alan Cox Date: Wed Aug 30 11:35:49 2006 -0700 Missing PCI id update for VIA IDE The following change from -mm is important to 2.6.18 (actually to 2.6.17 but its too late for that). This was contributed over three months ago by VIA to Bartlomiej and nothing happened. As a result the new chipset is now out and Linux won't run on it. By the time 2.6.18 is finalised this will be the defacto standard VIA chipset so support would be a good plan. Tested in -mm for a while, its essentially a PCI ident update but for the bridge chip because VIA do things in weird ways. Signed-off-by: Greg Kroah-Hartman commit f3658cfac5012abbb8bed0bb027983e1cdf168bc Author: Chen-Li Tien Date: Tue Sep 5 22:15:08 2006 +0200 PKTGEN: Fix oops when used with balance-tlb bonding Signed-off-by: Chen-Li Tien Signed-off-by: David S. Miller Signed-off-by: Adrian Bunk commit ee2abb104a850954eb54b2bf6579463fad146634 Author: David S. Miller Date: Wed Sep 6 06:42:02 2006 -0700 PKTGEN: Make sure skb->{nh,h} are initialized in fill_packet_ipv6() too. [PKTGEN]: Make sure skb->{nh,h} are initialized in fill_packet_ipv6() too. Mirror the bug fix from fill_packet_ipv4() Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit d6b7fe9e1d58514758c6dfe54f949333e830485e Author: Robin Holt Date: Fri Sep 1 10:41:39 2006 -0500 Silent data corruption caused by XPC Jack Steiner identified a problem where XPC can cause a silent data corruption. On module load, the placement may cause the xpc_remote_copy_buffer to span two physical pages. DMA transfers are done to the start virtual address translated to physical. This patch changes the buffer from a statically allocated buffer to a kmalloc'd buffer. Dean Nelson reviewed this before posting. I have tested it in the configuration that was showing the memory corruption and verified it works. I also added a BUG_ON statement to help catch this if a similar situation is encountered. Signed-off-by: Robin Holt Signed-off-by: Dean Nelson Signed-off-by: Jack Steiner Signed-off-by: Tony Luck Signed-off-by: Greg Kroah-Hartman commit 4ccc9a4b06b170b88d25bfd2d50fce487ed1471c Author: Alan Stern Date: Thu Aug 31 14:18:39 2006 -0400 uhci-hcd: fix list access bug When skipping to the last TD of an URB, go to the _last_ entry in the list instead of the _first_ entry (as780). This fixes Bugzilla #6747 and possibly others. Signed-off-by: Alan Stern Signed-off-by: Greg Kroah-Hartman commit 4be6107d35a5b5f8eac9b92eef1e243a033a3f39 Author: Ernie Petrides Date: Sat Aug 26 10:20:45 2006 -0400 binfmt_elf: fix checks for bad address Fix check for bad address; use macro instead of open-coding two checks. Taken from RHEL4 kernel update. For background, the BAD_ADDR() macro should return TRUE if the address is TASK_SIZE, because that's the lowest address that is *not* valid for user-space mappings. The macro was correct in binfmt_aout.c but was wrong for the "equal to" case in binfmt_elf.c. There were two in-line validations of user-space addresses in binfmt_elf.c, which have been appropriately converted to use the corrected BAD_ADDR() macro in the patch you posted yesterday. Note that the size checks against TASK_SIZE are okay as coded. The additional changes that I propose are below. These are in the error paths for bad ELF entry addresses once load_elf_binary() has already committed to exec'ing the new image (following the tearing down of the task's original address space). The 1st hunk deals with the interp-side of the outer "if". There were two problems here. The printk() should be removed because this path can be triggered at will by a bogus interpreter image created and used by a malicious user. Further, the error code should not be ENOEXEC, because that causes the loop in search_binary_handler() to continue trying other exec handlers (twice, in fact). But it's too late for this to work correctly, because the user address space has already been torn down, and an exec() failure cannot be returned to the user code because the code no longer exists. The only recovery is to force a SIGSEGV, but it's best to terminate the search loop immediately. I somewhat arbitrarily chose EINVAL as a fallback error code, but any error returned by load_elf_interp() will override that (but this value will never be seen by user-space). The 2nd hunk deals with the non-interp-side of the outer "if". There were two problems here as well. The SIGSEGV needs to be forced, because a prior sigaction() syscall might have set the associated disposition to SIG_IGN. And the ENOEXEC should be changed to EINVAL as described above. Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com> Signed-off-by: Greg Kroah-Hartman commit 2cd6b01ad38d34b805a0a052725ec3f37e387ecd Author: Christian Borntraeger Date: Wed Aug 30 07:38:11 2006 +0200 bug in futex unqueue_me This patch adds a barrier() in futex unqueue_me to avoid aliasing of two pointers. On my s390x system I saw the following oops: Unable to handle kernel pointer dereference at virtual kernel address 0000000000000000 Oops: 0004 [#1] CPU: 0 Not tainted Process mytool (pid: 13613, task: 000000003ecb6ac0, ksp: 00000000366bdbd8) Krnl PSW : 0704d00180000000 00000000003c9ac2 (_spin_lock+0xe/0x30) Krnl GPRS: 00000000ffffffff 000000003ecb6ac0 0000000000000000 0700000000000000 0000000000000000 0000000000000000 000001fe00002028 00000000000c091f 000001fe00002054 000001fe00002054 0000000000000000 00000000366bddc0 00000000005ef8c0 00000000003d00e8 0000000000144f91 00000000366bdcb8 Krnl Code: ba 4e 20 00 12 44 b9 16 00 3e a7 84 00 08 e3 e0 f0 88 00 04 Call Trace: ([<0000000000144f90>] unqueue_me+0x40/0xe4) [<0000000000145a0c>] do_futex+0x33c/0xc40 [<000000000014643e>] sys_futex+0x12e/0x144 [<000000000010bb00>] sysc_noemu+0x10/0x16 [<000002000003741c>] 0x2000003741c The code in question is: static int unqueue_me(struct futex_q *q) { int ret = 0; spinlock_t *lock_ptr; /* In the common case we don't take the spinlock, which is nice. */ retry: lock_ptr = q->lock_ptr; if (lock_ptr != 0) { spin_lock(lock_ptr); /* * q->lock_ptr can change between reading it and * spin_lock(), causing us to take the wrong lock. This * corrects the race condition. [...] and my compiler (gcc 4.1.0) makes the following out of it: 00000000000003c8 : 3c8: eb bf f0 70 00 24 stmg %r11,%r15,112(%r15) 3ce: c0 d0 00 00 00 00 larl %r13,3ce 3d0: R_390_PC32DBL .rodata+0x2a 3d4: a7 f1 1e 00 tml %r15,7680 3d8: a7 84 00 01 je 3da 3dc: b9 04 00 ef lgr %r14,%r15 3e0: a7 fb ff d0 aghi %r15,-48 3e4: b9 04 00 b2 lgr %r11,%r2 3e8: e3 e0 f0 98 00 24 stg %r14,152(%r15) 3ee: e3 c0 b0 28 00 04 lg %r12,40(%r11) /* write q->lock_ptr in r12 */ 3f4: b9 02 00 cc ltgr %r12,%r12 3f8: a7 84 00 4b je 48e /* if r12 is zero then jump over the code.... */ 3fc: e3 20 b0 28 00 04 lg %r2,40(%r11) /* write q->lock_ptr in r2 */ 402: c0 e5 00 00 00 00 brasl %r14,402 404: R_390_PC32DBL _spin_lock+0x2 /* use r2 as parameter for spin_lock */ So the code becomes more or less: if (q->lock_ptr != 0) spin_lock(q->lock_ptr) instead of if (lock_ptr != 0) spin_lock(lock_ptr) Which caused the oops from above. After adding a barrier gcc creates code without this problem: [...] (the same) 3ee: e3 c0 b0 28 00 04 lg %r12,40(%r11) 3f4: b9 02 00 cc ltgr %r12,%r12 3f8: b9 04 00 2c lgr %r2,%r12 3fc: a7 84 00 48 je 48c 400: c0 e5 00 00 00 00 brasl %r14,400 402: R_390_PC32DBL _spin_lock+0x2 As a general note, this code of unqueue_me seems a bit fishy. The retry logic of unqueue_me only works if we can guarantee, that the original value of q->lock_ptr is always a spinlock (Otherwise we overwrite kernel memory). We know that q->lock_ptr can change. I dont know what happens with the original spinlock, as I am not an expert with the futex code. Cc: Martin Schwidefsky Cc: Rusty Russell Acked-by: Ingo Molnar Cc: Thomas Gleixner Signed-off-by: Christian Borntraeger Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit f4eb9f37abad092ac27fabc7d451d6980fff8fb1 Author: Trond Myklebust Date: Tue Aug 29 02:15:54 2006 -0400 fcntl(F_SETSIG) fix fcntl(F_SETSIG) no longer works on leases because lease_release_private_callback() gets called as the lease is copied in order to initialise it. The problem is that lease_alloc() performs an unnecessary initialisation, which sets the lease_manager_ops. Avoid the problem by allocating the target lease structure using locks_alloc_lock(). Signed-off-by: Trond Myklebust Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit a13aeb6eb26f3457e47f0c604104e30ed8262ca9 Author: YOSHIFUJI Hideaki Date: Thu Aug 31 16:06:16 2006 -0700 IPV6 OOPS'er triggerable by any user [IPV6]: Fix kernel OOPs when setting sticky socket options. Bug noticed by Remi Denis-Courmont . Signed-off-by: YOSHIFUJI Hideaki Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit e564f8a9cc64ebc06794d716e3240538b4a61f28 Author: Sridhar Samudrala Date: Mon Aug 28 13:55:32 2006 -0700 SCTP: Fix sctp_primitive_ABORT() call in sctp_close(). With the recent fix, the callers of sctp_primitive_ABORT() need to create an ABORT chunk and pass it as an argument rather than msghdr that was passed earlier. Signed-off-by: Sridhar Samudrala Signed-off-by: David S. Miller commit 24e2c32c847ab496bd79d417265534ff3da7b009 Author: David S. Miller Date: Mon Aug 28 00:40:40 2006 -0700 SPARC64: Fix X server crashes on sparc64 [SPARC64]: Fix X server hangs due to large pages. This problem was introduced by changeset 14778d9072e53d2171f66ffd9657daff41acfaed Unlike the hugetlb code paths, the normal fault code is not setup to propagate PTE changes for large page sizes correctly like the ones we make for I/O mappings in io_remap_pfn_range(). It is absolutely necessary to update all sub-ptes of a largepage mapping on a fault. Adding special handling for this would add considerably complexity to tlb_batch_add(). So let's just side-step the issue and forcefully dirty any writable PTEs created by io_remap_pfn_range(). The only other real option would be to disable to large PTE code of io_remap_pfn_range() and we really don't want to do that. Much thanks to Mikael Pettersson for tracking down this problem and testing debug patches. Signed-off-by: David S. Miller commit 88704f0be8a67a1676b3a00b7e25d718ae2f4957 Author: Michael Chan Date: Fri Aug 25 14:54:13 2006 -0700 TG3: Disable TSO by default Disable TSO by default on some chips due to hardware errata. Enabling TSO can lead to tx timeouts in some cases when the TSO header size exceeds 80 bytes on the affected chips. This limit can be exceeded when the TCP header contains the timestamp option plus 2 SACK blocks, for example. A more complete workaround is available in the next 2.6.18 kernel. Signed-off-by: Michael Chan Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 8135c5c1b9f88c5e1147a5275cd07782c3a54761 Author: Neil Brown Date: Mon Jun 26 00:27:26 2006 -0700 dm: mirror sector offset fix The device-mapper core does not perform any remapping of bios before passing them to the targets. If a particular mapping begins part-way into a device, targets obtain the sector relative to the start of the mapping by subtracting ti->begin. The dm-raid1 target didn't do this everywhere: this patch fixes it, taking care to subtract ti->begin exactly once for each bio. [akpm: too late for 2.6.17 - suitable for 2.6.17.x after it has settled] Signed-off-by: Neil Brown Signed-off-by: Alasdair G Kergon Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 16470822339528fff62338f8cd87a7c48ef2cfa2 Author: Jeff Mahoney Date: Mon Jun 26 00:27:25 2006 -0700 dm: fix block device initialisation In alloc_dev(), we register the device with the block layer and then continue to initialize the device. But register_disk() makes the device available to be opened before we have completed initialising it. This patch moves the final bits of the initialization above the disk registration. [akpm: too late for 2.6.17 - suitable for 2.6.17.x after it has settled] Signed-off-by: Jeff Mahoney Signed-off-by: Alasdair G Kergon Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 659a8ced33c4e01ff0807ba42ca6697a81fd26eb Author: Jeff Mahoney Date: Mon Jun 26 00:27:25 2006 -0700 dm: add module ref counting The reference counting on dm-mod is zero if no mapped devices are open. This is incorrect, and can lead to an oops if the module is unloaded while mapped devices exist. This patch claims a reference to the module whenever a device is created, and drops it again when the device is freed. Devices must be removed before dm-mod is unloaded. [akpm: too late for 2.6.17 - suitable for 2.6.17.x after it has settled] Signed-off-by: Jeff Mahoney Signed-off-by: Alasdair G Kergon Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 6731637067000c92d8957ddec764f31720c89c15 Author: Jeff Mahoney Date: Mon Jun 26 00:27:24 2006 -0700 dm: fix mapped device ref counting To avoid races, _minor_lock must be held while changing mapped device reference counts. There are a few paths where a mapped_device pointer is returned before a reference is taken. This patch fixes them. [akpm: too late for 2.6.17 - suitable for 2.6.17.x after it has settled] Signed-off-by: Jeff Mahoney Signed-off-by: Alasdair G Kergon Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 1d62e5eb23afbc3a36795a165fe2ffae6268b57f Author: Jeff Mahoney Date: Mon Jun 26 00:27:23 2006 -0700 dm: add DMF_FREEING There is a chicken and egg problem between the block layer and dm in which the gendisk associated with a mapping keeps a reference-less pointer to the mapped_device. This patch uses a new flag DMF_FREEING to indicate when the mapped_device is no longer valid. This is checked to prevent any attempt to open the device from succeeding while the device is being destroyed. [akpm: too late for 2.6.17 - suitable for 2.6.17.x after it has settled] Signed-off-by: Jeff Mahoney Signed-off-by: Alasdair G Kergon Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 5fcee2b37b0bcec3862c8a20ad9c260b795f18de Author: Jeff Mahoney Date: Mon Jun 26 00:27:22 2006 -0700 dm: change minor_lock to spinlock While removing a device, another another thread might attempt to resurrect it. This patch replaces the _minor_lock mutex with a spinlock and uses atomic_dec_and_lock() to serialize reference counting in dm_put(). [akpm: too late for 2.6.17 - suitable for 2.6.17.x after it has settled] Signed-off-by: Jeff Mahoney Signed-off-by: Alasdair G Kergon Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit cb352363ced7914a6d7d2c17d86e746c4bd582dc Author: Jeff Mahoney Date: Mon Jun 26 00:27:21 2006 -0700 dm: move idr_pre_get idr_pre_get() can sleep while allocating memory. The next patch will change _minor_lock into a spinlock, so this patch moves idr_pre_get() outside the lock in preparation. [akpm: too late for 2.6.17 - suitable for 2.6.17.x after it has settled] Signed-off-by: Jeff Mahoney Signed-off-by: Alasdair G Kergon Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 84d73ab65454d09d4547c8d5357f237902b81189 Author: Jeff Mahoney Date: Mon Jun 26 00:27:21 2006 -0700 dm: fix idr minor allocation One part of the system can attempt to use a mapped device before another has finished initialising it or while it is being freed. This patch introduces a place holder value, MINOR_ALLOCED, to mark the minor as allocated but in a state where it can't be used, such as mid-allocation or mid-free. At the end of the initialization, it replaces the place holder with the pointer to the mapped_device, making it available to the rest of the dm subsystem. [akpm: too late for 2.6.17 - suitable for 2.6.17.x after it has settled] Signed-off-by: Jeff Mahoney Signed-off-by: Alasdair G Kergon Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 208b2761fe4610452ac076630e241a95dcf79725 Author: Alasdair G Kergon Date: Mon Jun 26 00:27:18 2006 -0700 dm snapshot: unify chunk_size Persistent snapshots currently store a private copy of the chunk size. Userspace also supplies the chunk size when loading a snapshot. Ensure consistency by only storing the chunk_size in one place instead of two. Currently the two sizes will differ if the chunk size supplied by userspace does not match the chunk size an existing snapshot actually uses. Amongst other problems, this causes an incorrect 'percentage full' to be reported. The patch ensures consistency by only storing the chunk_size in one place, removing it from struct pstore. Some initialisation is delayed until the correct chunk_size is known. If read_header() discovers that the wrong chunk size was supplied, the 'area' buffer (which the header already got read into) is reinitialised to the correct size. [akpm: too late for 2.6.17 - suitable for 2.6.17.x after it has settled] Signed-off-by: Alasdair G Kergon Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 2336231e06979e7073132c22b121c34123f295a6 Author: Neil Brown Date: Fri Aug 4 10:53:40 2006 +1000 Have ext2 reject file handles with bad inode numbers early. This prevents bad inode numbers from triggering errors in ext2_get_inode. Signed-off-by: Neil Brown Signed-off-by: Greg Kroah-Hartman commit 31e8b3a3708f75d9e012e2c2ed2b9d6d69ad0491 Author: Stephen Hemminger Date: Tue Aug 22 00:10:07 2006 -0700 Allow per-route window scale limiting There are black box devices out there, routers and firewalls and whatnot, that simply cannot grok the TCP window scaling option correctly. People should and do bark at the site running the device causing the problems, but in the mean time folks do want a way to deal with the problem. We don't want them to turn off window scaling completely as that hurts performance of connections that would run just fine with window scaling enabled. So give a way to do this on a per-route basis by limiting the window scaling by the per-connection window clamp. Stephen's changelog message explains how to do this using a route metric. [TCP]: Limit window scaling if window is clamped. This small change allows for easy per-route workarounds for broken hosts or middleboxes that are not compliant with TCP standards for window scaling. Rather than having to turn off window scaling globally. This patch allows reducing or disabling window scaling if window clamp is present. Example: Mark Lord reported a problem with 2.6.17 kernel being unable to access http://www.everymac.com # ip route add 216.145.246.23/32 via 10.8.0.1 window 65535 Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 9d3925d7a0eb89385cfef62020578baff230dfce Author: Stephen Hemminger Date: Tue Aug 22 17:19:28 2006 -0700 bridge-netfilter: don't overwrite memory outside of skb The bridge netfilter code needs to check for space at the front of the skb before overwriting; otherwise if skb from device doesn't have headroom, then it will cause random memory corruption. Signed-off-by: Stephen Hemminger Signed-off-by: Greg Kroah-Hartman commit 7cadd43d5a72cb042e09fed4816d818615b2ca73 Author: Fernando Vazquez Date: Fri Aug 25 17:13:07 2006 +0900 fix compilation error on IA64 The commit 8833ebaa3f4325820fe3338ccf6fae04f6669254 introduced a change that broke IA64 compilation as shown below: gcc -Wp,-MD,arch/ia64/kernel/.entry.o.d -nostdinc -isystem /usr/lib/gcc/ia64-linux-gnu/4.1.2/include -D__KERNEL__ -Iinclude -include include/linux/autoconf.h -DHAVE_WORKING_TEXT_ALIGN -DHAVE_MODEL_SMALL_ATTRIBUTE -DHAVE_SERIALIZE_DIRECTIVE -D__ASSEMBLY__ -mconstant-gp -c -o arch/ia64/kernel/entry.o arch/ia64/kernel/entry.S include/asm/mman.h: Assembler messages: include/asm/mman.h:13: Error: Unknown opcode `int ia64_map_check_rgn(unsigned long addr,unsigned long len,' include/asm/mman.h:14: Error: Unknown opcode `unsigned long flags)' make[1]: *** [arch/ia64/kernel/entry.o] Error 1 make: *** [arch/ia64/kernel] Error 2 The reason is that "asm/mman.h" is being included from entry.S indirectly through "asm/pgtable.h" (see code snips below). * arch/ia64/kernel/entry.S: ... #include ... * include/asm-ia64/pgtable.h: ... #include ... * include/asm-ia64/mman.h ... #ifdef __KERNEL__ #define arch_mmap_check ia64_map_check_rgn int ia64_map_check_rgn(unsigned long addr, unsigned long len, unsigned long flags); #endif ... Signed-off-by: Fernando Vazquez Signed-off-by: Greg Kroah-Hartman commit ea624f5adfb84678011dd39422fe1366440a978b Author: Herbert Xu Date: Tue Aug 22 13:41:18 2006 -0700 Fix output framentation of paged-skbs [INET]: Use pskb_trim_unique when trimming paged unique skbs The IPv4/IPv6 datagram output path was using skb_trim to trim paged packets because they know that the packet has not been cloned yet (since the packet hasn't been given to anything else in the system). This broke because skb_trim no longer allows paged packets to be trimmed. Paged packets must be given to one of the pskb_trim functions instead. This patch adds a new pskb_trim_unique function to cover the IPv4/IPv6 datagram output path scenario and replaces the corresponding skb_trim calls with it. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 35d2f110af2b9415dec490a0f59303ee7b3ba41c Author: Richard Purdie Date: Tue Aug 22 17:17:05 2006 -0700 spectrum_cs: Fix firmware uploading errors This fixes firmware upload failures which prevent the driver from working. Signed-off-by: Richard Purdie Cc: Dominik Brodowski Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman commit 940d7bceb97c8989e700de946b0514acc9b739c5 Author: Michael Rash Date: Tue Aug 22 04:07:57 2006 +0200 TEXTSEARCH: Fix Boyer Moore initialization bug [TEXTSEARCH]: Fix Boyer Moore initialization bug The pattern is set after trying to compute the prefix table, which tries to use it. Initialize it before calling compute_prefix_tbl, make compute_prefix_tbl consistently use only the data from struct ts_bm and remove the now unnecessary arguments. Signed-off-by: Michael Rash Signed-off-by: Patrick McHardy Acked-by: David Miller Signed-off-by: Greg Kroah-Hartman