diff --git a/Makefile b/Makefile index 1fa7e53..6e34293 100644 Index: linux-2.6.14-ck6/Makefile =================================================================== --- linux-2.6.14-ck6.orig/Makefile +++ linux-2.6.14-ck6/Makefile @@ -1,7 +1,7 @@ VERSION = 2 PATCHLEVEL = 6 SUBLEVEL = 14 -EXTRAVERSION = +EXTRAVERSION = .3 NAME=Affluent Albatross # *DOCUMENTATION* Index: linux-2.6.14-ck6/arch/i386/kernel/cpu/mtrr/main.c =================================================================== --- linux-2.6.14-ck6.orig/arch/i386/kernel/cpu/mtrr/main.c +++ linux-2.6.14-ck6/arch/i386/kernel/cpu/mtrr/main.c @@ -626,6 +626,14 @@ void __init mtrr_bp_init(void) if (cpuid_eax(0x80000000) >= 0x80000008) { u32 phys_addr; phys_addr = cpuid_eax(0x80000008) & 0xff; + /* CPUID workaround for Intel 0F33/0F34 CPU */ + if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && + boot_cpu_data.x86 == 0xF && + boot_cpu_data.x86_model == 0x3 && + (boot_cpu_data.x86_mask == 0x3 || + boot_cpu_data.x86_mask == 0x4)) + phys_addr = 36; + size_or_mask = ~((1 << (phys_addr - PAGE_SHIFT)) - 1); size_and_mask = ~size_or_mask & 0xfff00000; } else if (boot_cpu_data.x86_vendor == X86_VENDOR_CENTAUR && Index: linux-2.6.14-ck6/arch/ppc64/Kconfig =================================================================== --- linux-2.6.14-ck6.orig/arch/ppc64/Kconfig +++ linux-2.6.14-ck6/arch/ppc64/Kconfig @@ -234,6 +234,10 @@ config HMT This option enables hardware multithreading on RS64 cpus. pSeries systems p620 and p660 have such a cpu type. +config NUMA + bool "NUMA support" + default y if DISCONTIGMEM || SPARSEMEM + config ARCH_SELECT_MEMORY_MODEL def_bool y @@ -249,9 +253,6 @@ config ARCH_DISCONTIGMEM_DEFAULT def_bool y depends on ARCH_DISCONTIGMEM_ENABLE -config ARCH_FLATMEM_ENABLE - def_bool y - config ARCH_SPARSEMEM_ENABLE def_bool y depends on ARCH_DISCONTIGMEM_ENABLE @@ -274,10 +275,6 @@ config NODES_SPAN_OTHER_NODES def_bool y depends on NEED_MULTIPLE_NODES -config NUMA - bool "NUMA support" - default y if DISCONTIGMEM || SPARSEMEM - config SCHED_SMT bool "SMT (Hyperthreading) scheduler support" depends on SMP Index: linux-2.6.14-ck6/arch/s390/appldata/appldata_base.c =================================================================== --- linux-2.6.14-ck6.orig/arch/s390/appldata/appldata_base.c +++ linux-2.6.14-ck6/arch/s390/appldata/appldata_base.c @@ -592,12 +592,15 @@ int appldata_register_ops(struct appldat */ void appldata_unregister_ops(struct appldata_ops *ops) { + void *table; spin_lock(&appldata_ops_lock); - unregister_sysctl_table(ops->sysctl_header); list_del(&ops->list); - kfree(ops->ctl_table); + /* at that point any incoming access will fail */ + table = ops->ctl_table; ops->ctl_table = NULL; spin_unlock(&appldata_ops_lock); + unregister_sysctl_table(ops->sysctl_header); + kfree(table); P_INFO("%s-ops unregistered!\n", ops->name); } /********************** module-ops management **************************/ Index: linux-2.6.14-ck6/arch/x86_64/kernel/setup.c =================================================================== --- linux-2.6.14-ck6.orig/arch/x86_64/kernel/setup.c +++ linux-2.6.14-ck6/arch/x86_64/kernel/setup.c @@ -993,6 +993,11 @@ static void __cpuinit init_intel(struct unsigned eax = cpuid_eax(0x80000008); c->x86_virt_bits = (eax >> 8) & 0xff; c->x86_phys_bits = eax & 0xff; + /* CPUID workaround for Intel 0F34 CPU */ + if (c->x86_vendor == X86_VENDOR_INTEL && + c->x86 == 0xF && c->x86_model == 0x3 && + c->x86_mask == 0x4) + c->x86_phys_bits = 36; } if (c->x86 == 15) Index: linux-2.6.14-ck6/drivers/block/cfq-iosched.c =================================================================== --- linux-2.6.14-ck6.orig/drivers/block/cfq-iosched.c +++ linux-2.6.14-ck6/drivers/block/cfq-iosched.c @@ -2260,10 +2260,8 @@ static void cfq_put_cfqd(struct cfq_data if (!atomic_dec_and_test(&cfqd->ref)) return; - blk_put_queue(q); - cfq_shutdown_timer_wq(cfqd); - q->elevator->elevator_data = NULL; + blk_put_queue(q); mempool_destroy(cfqd->crq_pool); kfree(cfqd->crq_hash); Index: linux-2.6.14-ck6/drivers/block/pktcdvd.c =================================================================== --- linux-2.6.14-ck6.orig/drivers/block/pktcdvd.c +++ linux-2.6.14-ck6/drivers/block/pktcdvd.c @@ -1191,7 +1191,7 @@ static void pkt_count_states(struct pktc struct packet_data *pkt; int i; - for (i = 0; i <= PACKET_NUM_STATES; i++) + for (i = 0; i < PACKET_NUM_STATES; i++) states[i] = 0; spin_lock(&pd->cdrw.active_list_lock); Index: linux-2.6.14-ck6/drivers/char/rtc.c =================================================================== --- linux-2.6.14-ck6.orig/drivers/char/rtc.c +++ linux-2.6.14-ck6/drivers/char/rtc.c @@ -149,8 +149,22 @@ static void get_rtc_alm_time (struct rtc #ifdef RTC_IRQ static void rtc_dropped_irq(unsigned long data); -static void set_rtc_irq_bit(unsigned char bit); -static void mask_rtc_irq_bit(unsigned char bit); +static void set_rtc_irq_bit_locked(unsigned char bit); +static void mask_rtc_irq_bit_locked(unsigned char bit); + +static inline void set_rtc_irq_bit(unsigned char bit) +{ + spin_lock_irq(&rtc_lock); + set_rtc_irq_bit_locked(bit); + spin_unlock_irq(&rtc_lock); +} + +static void mask_rtc_irq_bit(unsigned char bit) +{ + spin_lock_irq(&rtc_lock); + mask_rtc_irq_bit_locked(bit); + spin_unlock_irq(&rtc_lock); +} #endif static int rtc_proc_open(struct inode *inode, struct file *file); @@ -401,18 +415,19 @@ static int rtc_do_ioctl(unsigned int cmd } case RTC_PIE_OFF: /* Mask periodic int. enab. bit */ { - mask_rtc_irq_bit(RTC_PIE); + unsigned long flags; /* can be called from isr via rtc_control() */ + spin_lock_irqsave (&rtc_lock, flags); + mask_rtc_irq_bit_locked(RTC_PIE); if (rtc_status & RTC_TIMER_ON) { - spin_lock_irq (&rtc_lock); rtc_status &= ~RTC_TIMER_ON; del_timer(&rtc_irq_timer); - spin_unlock_irq (&rtc_lock); } + spin_unlock_irqrestore (&rtc_lock, flags); return 0; } case RTC_PIE_ON: /* Allow periodic ints */ { - + unsigned long flags; /* can be called from isr via rtc_control() */ /* * We don't really want Joe User enabling more * than 64Hz of interrupts on a multi-user machine. @@ -421,14 +436,14 @@ static int rtc_do_ioctl(unsigned int cmd (!capable(CAP_SYS_RESOURCE))) return -EACCES; + spin_lock_irqsave (&rtc_lock, flags); if (!(rtc_status & RTC_TIMER_ON)) { - spin_lock_irq (&rtc_lock); rtc_irq_timer.expires = jiffies + HZ/rtc_freq + 2*HZ/100; add_timer(&rtc_irq_timer); rtc_status |= RTC_TIMER_ON; - spin_unlock_irq (&rtc_lock); } - set_rtc_irq_bit(RTC_PIE); + set_rtc_irq_bit_locked(RTC_PIE); + spin_unlock_irqrestore (&rtc_lock, flags); return 0; } case RTC_UIE_OFF: /* Mask ints from RTC updates. */ @@ -609,6 +624,7 @@ static int rtc_do_ioctl(unsigned int cmd { int tmp = 0; unsigned char val; + unsigned long flags; /* can be called from isr via rtc_control() */ /* * The max we can do is 8192Hz. @@ -631,9 +647,9 @@ static int rtc_do_ioctl(unsigned int cmd if (arg != (1<update_lock); + switch (nr) { + case 0: data->fan_div[nr] = reg & 0x07; break; + case 1: data->fan_div[nr] = (reg >> 3) & 0x07; break; + case 2: data->fan_div[nr] = (reg & 0x40) ? 3 : 1; break; + } + data->fan_min[nr] = FAN_TO_REG(val, DIV_FROM_REG(data->fan_div[nr])); it87_write_value(client, IT87_REG_FAN_MIN(nr), data->fan_min[nr]); up(&data->update_lock); Index: linux-2.6.14-ck6/drivers/hwmon/lm78.c =================================================================== --- linux-2.6.14-ck6.orig/drivers/hwmon/lm78.c +++ linux-2.6.14-ck6/drivers/hwmon/lm78.c @@ -451,7 +451,7 @@ static DEVICE_ATTR(fan3_div, S_IRUGO, sh static ssize_t show_vid(struct device *dev, struct device_attribute *attr, char *buf) { struct lm78_data *data = lm78_update_device(dev); - return sprintf(buf, "%d\n", vid_from_reg(82, data->vid)); + return sprintf(buf, "%d\n", vid_from_reg(data->vid, 82)); } static DEVICE_ATTR(cpu0_vid, S_IRUGO, show_vid, NULL); Index: linux-2.6.14-ck6/drivers/hwmon/w83627hf.c =================================================================== --- linux-2.6.14-ck6.orig/drivers/hwmon/w83627hf.c +++ linux-2.6.14-ck6/drivers/hwmon/w83627hf.c @@ -454,7 +454,9 @@ static ssize_t store_regs_in_min0(struct (w83627thf == data->type || w83637hf == data->type)) /* use VRM9 calculation */ - data->in_min[0] = (u8)(((val * 100) - 70000 + 244) / 488); + data->in_min[0] = + SENSORS_LIMIT(((val * 100) - 70000 + 244) / 488, 0, + 255); else /* use VRM8 (standard) calculation */ data->in_min[0] = IN_TO_REG(val); @@ -479,7 +481,9 @@ static ssize_t store_regs_in_max0(struct (w83627thf == data->type || w83637hf == data->type)) /* use VRM9 calculation */ - data->in_max[0] = (u8)(((val * 100) - 70000 + 244) / 488); + data->in_max[0] = + SENSORS_LIMIT(((val * 100) - 70000 + 244) / 488, 0, + 255); else /* use VRM8 (standard) calculation */ data->in_max[0] = IN_TO_REG(val); Index: linux-2.6.14-ck6/drivers/isdn/hardware/eicon/os_4bri.c =================================================================== --- linux-2.6.14-ck6.orig/drivers/isdn/hardware/eicon/os_4bri.c +++ linux-2.6.14-ck6/drivers/isdn/hardware/eicon/os_4bri.c @@ -16,6 +16,7 @@ #include "diva_pci.h" #include "mi_pc.h" #include "dsrv4bri.h" +#include "helpers.h" static void *diva_xdiLoadFileFile = NULL; static dword diva_xdiLoadFileLength = 0; @@ -815,7 +816,7 @@ diva_4bri_cmd_card_proc(struct _diva_os_ return (ret); } -void *xdiLoadFile(char *FileName, unsigned long *FileLength, +void *xdiLoadFile(char *FileName, dword *FileLength, unsigned long lim) { void *ret = diva_xdiLoadFileFile; Index: linux-2.6.14-ck6/drivers/net/wan/hdlc_cisco.c =================================================================== --- linux-2.6.14-ck6.orig/drivers/net/wan/hdlc_cisco.c +++ linux-2.6.14-ck6/drivers/net/wan/hdlc_cisco.c @@ -192,7 +192,9 @@ static int cisco_rx(struct sk_buff *skb) "uptime %ud%uh%um%us)\n", dev->name, days, hrs, min, sec); +#if 0 netif_carrier_on(dev); +#endif hdlc->state.cisco.up = 1; } } @@ -225,7 +227,9 @@ static void cisco_timer(unsigned long ar hdlc->state.cisco.settings.timeout * HZ)) { hdlc->state.cisco.up = 0; printk(KERN_INFO "%s: Link down\n", dev->name); +#if 0 netif_carrier_off(dev); +#endif } cisco_keepalive_send(dev, CISCO_KEEPALIVE_REQ, @@ -261,8 +265,10 @@ static void cisco_stop(struct net_device { hdlc_device *hdlc = dev_to_hdlc(dev); del_timer_sync(&hdlc->state.cisco.timer); +#if 0 if (netif_carrier_ok(dev)) netif_carrier_off(dev); +#endif hdlc->state.cisco.up = 0; hdlc->state.cisco.request_sent = 0; } Index: linux-2.6.14-ck6/drivers/net/wan/hdlc_fr.c =================================================================== --- linux-2.6.14-ck6.orig/drivers/net/wan/hdlc_fr.c +++ linux-2.6.14-ck6/drivers/net/wan/hdlc_fr.c @@ -545,8 +545,10 @@ static void fr_set_link_state(int reliab hdlc->state.fr.reliable = reliable; if (reliable) { +#if 0 if (!netif_carrier_ok(dev)) netif_carrier_on(dev); +#endif hdlc->state.fr.n391cnt = 0; /* Request full status */ hdlc->state.fr.dce_changed = 1; @@ -560,8 +562,10 @@ static void fr_set_link_state(int reliab } } } else { +#if 0 if (netif_carrier_ok(dev)) netif_carrier_off(dev); +#endif while (pvc) { /* Deactivate all PVCs */ pvc_carrier(0, pvc); Index: linux-2.6.14-ck6/drivers/net/wan/hdlc_generic.c =================================================================== --- linux-2.6.14-ck6.orig/drivers/net/wan/hdlc_generic.c +++ linux-2.6.14-ck6/drivers/net/wan/hdlc_generic.c @@ -79,11 +79,13 @@ static void __hdlc_set_carrier_on(struct hdlc_device *hdlc = dev_to_hdlc(dev); if (hdlc->proto.start) return hdlc->proto.start(dev); +#if 0 #ifdef DEBUG_LINK if (netif_carrier_ok(dev)) printk(KERN_ERR "hdlc_set_carrier_on(): already on\n"); #endif netif_carrier_on(dev); +#endif } @@ -94,11 +96,13 @@ static void __hdlc_set_carrier_off(struc if (hdlc->proto.stop) return hdlc->proto.stop(dev); +#if 0 #ifdef DEBUG_LINK if (!netif_carrier_ok(dev)) printk(KERN_ERR "hdlc_set_carrier_off(): already off\n"); #endif netif_carrier_off(dev); +#endif } @@ -294,8 +298,10 @@ int register_hdlc_device(struct net_devi if (result != 0) return -EIO; +#if 0 if (netif_carrier_ok(dev)) netif_carrier_off(dev); /* no carrier until DCD goes up */ +#endif return 0; } Index: linux-2.6.14-ck6/drivers/net/wireless/airo.c =================================================================== --- linux-2.6.14-ck6.orig/drivers/net/wireless/airo.c +++ linux-2.6.14-ck6/drivers/net/wireless/airo.c @@ -46,6 +46,8 @@ #include #include +#include "airo.h" + #ifdef CONFIG_PCI static struct pci_device_id card_ids[] = { { 0x14b9, 1, PCI_ANY_ID, PCI_ANY_ID, }, Index: linux-2.6.14-ck6/drivers/net/wireless/airo.h =================================================================== --- /dev/null +++ linux-2.6.14-ck6/drivers/net/wireless/airo.h @@ -0,0 +1,9 @@ +#ifndef _AIRO_H_ +#define _AIRO_H_ + +struct net_device *init_airo_card(unsigned short irq, int port, int is_pcmcia, + struct device *dmdev); +int reset_airo_card(struct net_device *dev); +void stop_airo_card(struct net_device *dev, int freeres); + +#endif /* _AIRO_H_ */ Index: linux-2.6.14-ck6/drivers/net/wireless/airo_cs.c =================================================================== --- linux-2.6.14-ck6.orig/drivers/net/wireless/airo_cs.c +++ linux-2.6.14-ck6/drivers/net/wireless/airo_cs.c @@ -42,6 +42,8 @@ #include #include +#include "airo.h" + /* All the PCMCIA modules use PCMCIA_DEBUG to control debugging. If you do not define PCMCIA_DEBUG at all, all the debug code will be @@ -78,10 +80,6 @@ MODULE_SUPPORTED_DEVICE("Aironet 4500, 4 event handler. */ -struct net_device *init_airo_card( int, int, int, struct device * ); -void stop_airo_card( struct net_device *, int ); -int reset_airo_card( struct net_device * ); - static void airo_config(dev_link_t *link); static void airo_release(dev_link_t *link); static int airo_event(event_t event, int priority, Index: linux-2.6.14-ck6/drivers/net/wireless/prism54/islpci_eth.c =================================================================== --- linux-2.6.14-ck6.orig/drivers/net/wireless/prism54/islpci_eth.c +++ linux-2.6.14-ck6/drivers/net/wireless/prism54/islpci_eth.c @@ -97,12 +97,6 @@ islpci_eth_transmit(struct sk_buff *skb, /* lock the driver code */ spin_lock_irqsave(&priv->slock, flags); - /* determine the amount of fragments needed to store the frame */ - - frame_size = skb->len < ETH_ZLEN ? ETH_ZLEN : skb->len; - if (init_wds) - frame_size += 6; - /* check whether the destination queue has enough fragments for the frame */ curr_frag = le32_to_cpu(cb->driver_curr_frag[ISL38XX_CB_TX_DATA_LQ]); if (unlikely(curr_frag - priv->free_data_tx >= ISL38XX_CB_TX_QSIZE)) { @@ -213,6 +207,7 @@ islpci_eth_transmit(struct sk_buff *skb, /* store the skb address for future freeing */ priv->data_low_tx[index] = skb; /* set the proper fragment start address and size information */ + frame_size = skb->len; fragment->size = cpu_to_le16(frame_size); fragment->flags = cpu_to_le16(0); /* set to 1 if more fragments */ fragment->address = cpu_to_le32(pci_map_address); Index: linux-2.6.14-ck6/drivers/usb/core/sysfs.c =================================================================== --- linux-2.6.14-ck6.orig/drivers/usb/core/sysfs.c +++ linux-2.6.14-ck6/drivers/usb/core/sysfs.c @@ -292,30 +292,23 @@ static ssize_t show_modalias(struct devi { struct usb_interface *intf; struct usb_device *udev; - int len; + struct usb_host_interface *alt; intf = to_usb_interface(dev); udev = interface_to_usbdev(intf); + alt = intf->cur_altsetting; - len = sprintf(buf, "usb:v%04Xp%04Xd%04Xdc%02Xdsc%02Xdp%02Xic", - le16_to_cpu(udev->descriptor.idVendor), - le16_to_cpu(udev->descriptor.idProduct), - le16_to_cpu(udev->descriptor.bcdDevice), - udev->descriptor.bDeviceClass, - udev->descriptor.bDeviceSubClass, - udev->descriptor.bDeviceProtocol); - buf += len; - - if (udev->descriptor.bDeviceClass == 0) { - struct usb_host_interface *alt = intf->cur_altsetting; - - return len + sprintf(buf, "%02Xisc%02Xip%02X\n", - alt->desc.bInterfaceClass, - alt->desc.bInterfaceSubClass, - alt->desc.bInterfaceProtocol); - } else { - return len + sprintf(buf, "*isc*ip*\n"); - } + return sprintf(buf, "usb:v%04Xp%04Xd%04Xdc%02Xdsc%02Xdp%02X" + "ic%02Xisc%02Xip%02X\n", + le16_to_cpu(udev->descriptor.idVendor), + le16_to_cpu(udev->descriptor.idProduct), + le16_to_cpu(udev->descriptor.bcdDevice), + udev->descriptor.bDeviceClass, + udev->descriptor.bDeviceSubClass, + udev->descriptor.bDeviceProtocol, + alt->desc.bInterfaceClass, + alt->desc.bInterfaceSubClass, + alt->desc.bInterfaceProtocol); } static DEVICE_ATTR(modalias, S_IRUGO, show_modalias, NULL); Index: linux-2.6.14-ck6/drivers/usb/core/usb.c =================================================================== --- linux-2.6.14-ck6.orig/drivers/usb/core/usb.c +++ linux-2.6.14-ck6/drivers/usb/core/usb.c @@ -557,6 +557,7 @@ static int usb_hotplug (struct device *d { struct usb_interface *intf; struct usb_device *usb_dev; + struct usb_host_interface *alt; int i = 0; int length = 0; @@ -573,7 +574,8 @@ static int usb_hotplug (struct device *d intf = to_usb_interface(dev); usb_dev = interface_to_usbdev (intf); - + alt = intf->cur_altsetting; + if (usb_dev->devnum < 0) { pr_debug ("usb %s: already deleted?\n", dev->bus_id); return -ENODEV; @@ -615,46 +617,27 @@ static int usb_hotplug (struct device *d usb_dev->descriptor.bDeviceProtocol)) return -ENOMEM; - if (usb_dev->descriptor.bDeviceClass == 0) { - struct usb_host_interface *alt = intf->cur_altsetting; + if (add_hotplug_env_var(envp, num_envp, &i, + buffer, buffer_size, &length, + "INTERFACE=%d/%d/%d", + alt->desc.bInterfaceClass, + alt->desc.bInterfaceSubClass, + alt->desc.bInterfaceProtocol)) + return -ENOMEM; - /* 2.4 only exposed interface zero. in 2.5, hotplug - * agents are called for all interfaces, and can use - * $DEVPATH/bInterfaceNumber if necessary. - */ - if (add_hotplug_env_var(envp, num_envp, &i, - buffer, buffer_size, &length, - "INTERFACE=%d/%d/%d", - alt->desc.bInterfaceClass, - alt->desc.bInterfaceSubClass, - alt->desc.bInterfaceProtocol)) - return -ENOMEM; - - if (add_hotplug_env_var(envp, num_envp, &i, - buffer, buffer_size, &length, - "MODALIAS=usb:v%04Xp%04Xd%04Xdc%02Xdsc%02Xdp%02Xic%02Xisc%02Xip%02X", - le16_to_cpu(usb_dev->descriptor.idVendor), - le16_to_cpu(usb_dev->descriptor.idProduct), - le16_to_cpu(usb_dev->descriptor.bcdDevice), - usb_dev->descriptor.bDeviceClass, - usb_dev->descriptor.bDeviceSubClass, - usb_dev->descriptor.bDeviceProtocol, - alt->desc.bInterfaceClass, - alt->desc.bInterfaceSubClass, - alt->desc.bInterfaceProtocol)) - return -ENOMEM; - } else { - if (add_hotplug_env_var(envp, num_envp, &i, - buffer, buffer_size, &length, - "MODALIAS=usb:v%04Xp%04Xd%04Xdc%02Xdsc%02Xdp%02Xic*isc*ip*", - le16_to_cpu(usb_dev->descriptor.idVendor), - le16_to_cpu(usb_dev->descriptor.idProduct), - le16_to_cpu(usb_dev->descriptor.bcdDevice), - usb_dev->descriptor.bDeviceClass, - usb_dev->descriptor.bDeviceSubClass, - usb_dev->descriptor.bDeviceProtocol)) - return -ENOMEM; - } + if (add_hotplug_env_var(envp, num_envp, &i, + buffer, buffer_size, &length, + "MODALIAS=usb:v%04Xp%04Xd%04Xdc%02Xdsc%02Xdp%02Xic%02Xisc%02Xip%02X", + le16_to_cpu(usb_dev->descriptor.idVendor), + le16_to_cpu(usb_dev->descriptor.idProduct), + le16_to_cpu(usb_dev->descriptor.bcdDevice), + usb_dev->descriptor.bDeviceClass, + usb_dev->descriptor.bDeviceSubClass, + usb_dev->descriptor.bDeviceProtocol, + alt->desc.bInterfaceClass, + alt->desc.bInterfaceSubClass, + alt->desc.bInterfaceProtocol)) + return -ENOMEM; envp[i] = NULL; Index: linux-2.6.14-ck6/fs/exec.c =================================================================== --- linux-2.6.14-ck6.orig/fs/exec.c +++ linux-2.6.14-ck6/fs/exec.c @@ -593,6 +593,7 @@ static inline int de_thread(struct task_ struct signal_struct *sig = tsk->signal; struct sighand_struct *newsighand, *oldsighand = tsk->sighand; spinlock_t *lock = &oldsighand->siglock; + struct task_struct *leader = NULL; int count; /* @@ -668,7 +669,7 @@ static inline int de_thread(struct task_ * and to assume its PID: */ if (!thread_group_leader(current)) { - struct task_struct *leader = current->group_leader, *parent; + struct task_struct *parent; struct dentry *proc_dentry1, *proc_dentry2; unsigned long exit_state, ptrace; @@ -677,6 +678,7 @@ static inline int de_thread(struct task_ * It should already be zombie at this point, most * of the time. */ + leader = current->group_leader; while (leader->exit_state != EXIT_ZOMBIE) yield(); @@ -736,7 +738,6 @@ static inline int de_thread(struct task_ proc_pid_flush(proc_dentry2); BUG_ON(exit_state != EXIT_ZOMBIE); - release_task(leader); } /* @@ -746,8 +747,11 @@ static inline int de_thread(struct task_ sig->flags = 0; no_thread_group: - BUG_ON(atomic_read(&sig->count) != 1); exit_itimers(sig); + if (leader) + release_task(leader); + + BUG_ON(atomic_read(&sig->count) != 1); if (atomic_read(&oldsighand->count) == 1) { /* Index: linux-2.6.14-ck6/fs/locks.c =================================================================== --- linux-2.6.14-ck6.orig/fs/locks.c +++ linux-2.6.14-ck6/fs/locks.c @@ -1418,7 +1418,7 @@ int fcntl_setlease(unsigned int fd, stru lock_kernel(); error = __setlease(filp, arg, &flp); - if (error) + if (error || arg == F_UNLCK) goto out_unlock; error = fasync_helper(fd, filp, 1, &flp->fl_fasync); Index: linux-2.6.14-ck6/fs/xfs/Kconfig =================================================================== --- linux-2.6.14-ck6.orig/fs/xfs/Kconfig +++ linux-2.6.14-ck6/fs/xfs/Kconfig @@ -24,7 +24,7 @@ config XFS_EXPORT default y config XFS_QUOTA - tristate "XFS Quota support" + bool "XFS Quota support" depends on XFS_FS help If you say Y here, you will be able to set limits for disk usage on Index: linux-2.6.14-ck6/include/asm-alpha/barrier.h =================================================================== --- linux-2.6.14-ck6.orig/include/asm-alpha/barrier.h +++ linux-2.6.14-ck6/include/asm-alpha/barrier.h @@ -1,6 +1,8 @@ #ifndef __BARRIER_H #define __BARRIER_H +#include + #define mb() \ __asm__ __volatile__("mb": : :"memory") Index: linux-2.6.14-ck6/include/linux/proc_fs.h =================================================================== --- linux-2.6.14-ck6.orig/include/linux/proc_fs.h +++ linux-2.6.14-ck6/include/linux/proc_fs.h @@ -66,6 +66,7 @@ struct proc_dir_entry { write_proc_t *write_proc; atomic_t count; /* use count */ int deleted; /* delete flag */ + void *set; }; struct kcore_list { Index: linux-2.6.14-ck6/include/linux/sysctl.h =================================================================== --- linux-2.6.14-ck6.orig/include/linux/sysctl.h +++ linux-2.6.14-ck6/include/linux/sysctl.h @@ -24,6 +24,7 @@ #include struct file; +struct completion; #define CTL_MAXNAME 10 /* how many path components do we allow in a call to sysctl? In other words, what is @@ -930,6 +931,8 @@ struct ctl_table_header { ctl_table *ctl_table; struct list_head ctl_entry; + int used; + struct completion *unregistering; }; struct ctl_table_header * register_sysctl_table(ctl_table * table, Index: linux-2.6.14-ck6/include/net/ipv6.h =================================================================== --- linux-2.6.14-ck6.orig/include/net/ipv6.h +++ linux-2.6.14-ck6/include/net/ipv6.h @@ -237,6 +237,8 @@ extern struct ipv6_txoptions * ipv6_rene int newtype, struct ipv6_opt_hdr __user *newopt, int newoptlen); +struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, + struct ipv6_txoptions *opt); extern int ip6_frag_nqueues; extern atomic_t ip6_frag_mem; Index: linux-2.6.14-ck6/kernel/ptrace.c =================================================================== --- linux-2.6.14-ck6.orig/kernel/ptrace.c +++ linux-2.6.14-ck6/kernel/ptrace.c @@ -152,7 +152,7 @@ int ptrace_attach(struct task_struct *ta retval = -EPERM; if (task->pid <= 1) goto bad; - if (task == current) + if (task->tgid == current->tgid) goto bad; /* the same process cannot be attached many times */ if (task->ptrace & PT_PTRACED) Index: linux-2.6.14-ck6/kernel/signal.c =================================================================== --- linux-2.6.14-ck6.orig/kernel/signal.c +++ linux-2.6.14-ck6/kernel/signal.c @@ -406,6 +406,8 @@ void __exit_signal(struct task_struct *t void exit_signal(struct task_struct *tsk) { + atomic_dec(&tsk->signal->live); + write_lock_irq(&tasklist_lock); __exit_signal(tsk); write_unlock_irq(&tasklist_lock); @@ -1522,7 +1524,7 @@ void do_notify_parent(struct task_struct psig = tsk->parent->sighand; spin_lock_irqsave(&psig->siglock, flags); - if (sig == SIGCHLD && + if (!tsk->ptrace && sig == SIGCHLD && (psig->action[SIGCHLD-1].sa.sa_handler == SIG_IGN || (psig->action[SIGCHLD-1].sa.sa_flags & SA_NOCLDWAIT))) { /* Index: linux-2.6.14-ck6/kernel/sysctl.c =================================================================== --- linux-2.6.14-ck6.orig/kernel/sysctl.c +++ linux-2.6.14-ck6/kernel/sysctl.c @@ -169,7 +169,7 @@ struct file_operations proc_sys_file_ope extern struct proc_dir_entry *proc_sys_root; -static void register_proc_table(ctl_table *, struct proc_dir_entry *); +static void register_proc_table(ctl_table *, struct proc_dir_entry *, void *); static void unregister_proc_table(ctl_table *, struct proc_dir_entry *); #endif @@ -1038,10 +1038,51 @@ static ctl_table dev_table[] = { extern void init_irq_proc (void); +static DEFINE_SPINLOCK(sysctl_lock); + +/* called under sysctl_lock */ +static int use_table(struct ctl_table_header *p) +{ + if (unlikely(p->unregistering)) + return 0; + p->used++; + return 1; +} + +/* called under sysctl_lock */ +static void unuse_table(struct ctl_table_header *p) +{ + if (!--p->used) + if (unlikely(p->unregistering)) + complete(p->unregistering); +} + +/* called under sysctl_lock, will reacquire if has to wait */ +static void start_unregistering(struct ctl_table_header *p) +{ + /* + * if p->used is 0, nobody will ever touch that entry again; + * we'll eliminate all paths to it before dropping sysctl_lock + */ + if (unlikely(p->used)) { + struct completion wait; + init_completion(&wait); + p->unregistering = &wait; + spin_unlock(&sysctl_lock); + wait_for_completion(&wait); + spin_lock(&sysctl_lock); + } + /* + * do not remove from the list until nobody holds it; walking the + * list in do_sysctl() relies on that. + */ + list_del_init(&p->ctl_entry); +} + void __init sysctl_init(void) { #ifdef CONFIG_PROC_FS - register_proc_table(root_table, proc_sys_root); + register_proc_table(root_table, proc_sys_root, &root_table_header); init_irq_proc(); #endif } @@ -1050,6 +1091,7 @@ int do_sysctl(int __user *name, int nlen void __user *newval, size_t newlen) { struct list_head *tmp; + int error = -ENOTDIR; if (nlen <= 0 || nlen >= CTL_MAXNAME) return -ENOTDIR; @@ -1058,20 +1100,30 @@ int do_sysctl(int __user *name, int nlen if (!oldlenp || get_user(old_len, oldlenp)) return -EFAULT; } + spin_lock(&sysctl_lock); tmp = &root_table_header.ctl_entry; do { struct ctl_table_header *head = list_entry(tmp, struct ctl_table_header, ctl_entry); void *context = NULL; - int error = parse_table(name, nlen, oldval, oldlenp, + + if (!use_table(head)) + continue; + + spin_unlock(&sysctl_lock); + + error = parse_table(name, nlen, oldval, oldlenp, newval, newlen, head->ctl_table, &context); kfree(context); + + spin_lock(&sysctl_lock); + unuse_table(head); if (error != -ENOTDIR) - return error; - tmp = tmp->next; - } while (tmp != &root_table_header.ctl_entry); - return -ENOTDIR; + break; + } while ((tmp = tmp->next) != &root_table_header.ctl_entry); + spin_unlock(&sysctl_lock); + return error; } asmlinkage long sys_sysctl(struct __sysctl_args __user *args) @@ -1282,12 +1334,16 @@ struct ctl_table_header *register_sysctl return NULL; tmp->ctl_table = table; INIT_LIST_HEAD(&tmp->ctl_entry); + tmp->used = 0; + tmp->unregistering = NULL; + spin_lock(&sysctl_lock); if (insert_at_head) list_add(&tmp->ctl_entry, &root_table_header.ctl_entry); else list_add_tail(&tmp->ctl_entry, &root_table_header.ctl_entry); + spin_unlock(&sysctl_lock); #ifdef CONFIG_PROC_FS - register_proc_table(table, proc_sys_root); + register_proc_table(table, proc_sys_root, tmp); #endif return tmp; } @@ -1301,10 +1357,13 @@ struct ctl_table_header *register_sysctl */ void unregister_sysctl_table(struct ctl_table_header * header) { - list_del(&header->ctl_entry); + might_sleep(); + spin_lock(&sysctl_lock); + start_unregistering(header); #ifdef CONFIG_PROC_FS unregister_proc_table(header->ctl_table, proc_sys_root); #endif + spin_unlock(&sysctl_lock); kfree(header); } @@ -1315,7 +1374,7 @@ void unregister_sysctl_table(struct ctl_ #ifdef CONFIG_PROC_FS /* Scan the sysctl entries in table and add them all into /proc */ -static void register_proc_table(ctl_table * table, struct proc_dir_entry *root) +static void register_proc_table(ctl_table * table, struct proc_dir_entry *root, void *set) { struct proc_dir_entry *de; int len; @@ -1351,13 +1410,14 @@ static void register_proc_table(ctl_tabl de = create_proc_entry(table->procname, mode, root); if (!de) continue; + de->set = set; de->data = (void *) table; if (table->proc_handler) de->proc_fops = &proc_sys_file_operations; } table->de = de; if (de->mode & S_IFDIR) - register_proc_table(table->child, de); + register_proc_table(table->child, de, set); } } @@ -1382,6 +1442,13 @@ static void unregister_proc_table(ctl_ta continue; } + /* + * In any case, mark the entry as goner; we'll keep it + * around if it's busy, but we'll know to do nothing with + * its fields. We are under sysctl_lock here. + */ + de->data = NULL; + /* Don't unregister proc entries that are still being used.. */ if (atomic_read(&de->count)) continue; @@ -1395,27 +1462,38 @@ static ssize_t do_rw_proc(int write, str size_t count, loff_t *ppos) { int op; - struct proc_dir_entry *de; + struct proc_dir_entry *de = PDE(file->f_dentry->d_inode); struct ctl_table *table; size_t res; - ssize_t error; - - de = PDE(file->f_dentry->d_inode); - if (!de || !de->data) - return -ENOTDIR; - table = (struct ctl_table *) de->data; - if (!table || !table->proc_handler) - return -ENOTDIR; - op = (write ? 002 : 004); - if (ctl_perm(table, op)) - return -EPERM; + ssize_t error = -ENOTDIR; - res = count; - - error = (*table->proc_handler) (table, write, file, buf, &res, ppos); - if (error) - return error; - return res; + spin_lock(&sysctl_lock); + if (de && de->data && use_table(de->set)) { + /* + * at that point we know that sysctl was not unregistered + * and won't be until we finish + */ + spin_unlock(&sysctl_lock); + table = (struct ctl_table *) de->data; + if (!table || !table->proc_handler) + goto out; + error = -EPERM; + op = (write ? 002 : 004); + if (ctl_perm(table, op)) + goto out; + + /* careful: calling conventions are nasty here */ + res = count; + error = (*table->proc_handler)(table, write, file, + buf, &res, ppos); + if (!error) + error = res; + out: + spin_lock(&sysctl_lock); + unuse_table(de->set); + } + spin_unlock(&sysctl_lock); + return error; } static int proc_opensys(struct inode *inode, struct file *file) Index: linux-2.6.14-ck6/net/core/datagram.c =================================================================== --- linux-2.6.14-ck6.orig/net/core/datagram.c +++ linux-2.6.14-ck6/net/core/datagram.c @@ -213,6 +213,10 @@ int skb_copy_datagram_iovec(const struct { int i, err, fraglen, end = 0; struct sk_buff *next = skb_shinfo(skb)->frag_list; + + if (!len) + return 0; + next_skb: fraglen = skb_headlen(skb); i = -1; Index: linux-2.6.14-ck6/net/ipv4/ipvs/ip_vs_core.c =================================================================== --- linux-2.6.14-ck6.orig/net/ipv4/ipvs/ip_vs_core.c +++ linux-2.6.14-ck6/net/ipv4/ipvs/ip_vs_core.c @@ -1009,11 +1009,10 @@ ip_vs_in(unsigned int hooknum, struct sk if (sysctl_ip_vs_expire_nodest_conn) { /* try to expire the connection immediately */ ip_vs_conn_expire_now(cp); - } else { - /* don't restart its timer, and silently - drop the packet. */ - __ip_vs_conn_put(cp); } + /* don't restart its timer, and silently + drop the packet. */ + __ip_vs_conn_put(cp); return NF_DROP; } Index: linux-2.6.14-ck6/net/ipv4/netfilter/ip_conntrack_ftp.c =================================================================== --- linux-2.6.14-ck6.orig/net/ipv4/netfilter/ip_conntrack_ftp.c +++ linux-2.6.14-ck6/net/ipv4/netfilter/ip_conntrack_ftp.c @@ -29,9 +29,9 @@ static char *ftp_buffer; static DEFINE_SPINLOCK(ip_ftp_lock); #define MAX_PORTS 8 -static short ports[MAX_PORTS]; +static unsigned short ports[MAX_PORTS]; static int ports_c; -module_param_array(ports, short, &ports_c, 0400); +module_param_array(ports, ushort, &ports_c, 0400); static int loose; module_param(loose, int, 0600); Index: linux-2.6.14-ck6/net/ipv4/netfilter/ip_conntrack_irc.c =================================================================== --- linux-2.6.14-ck6.orig/net/ipv4/netfilter/ip_conntrack_irc.c +++ linux-2.6.14-ck6/net/ipv4/netfilter/ip_conntrack_irc.c @@ -34,7 +34,7 @@ #include #define MAX_PORTS 8 -static short ports[MAX_PORTS]; +static unsigned short ports[MAX_PORTS]; static int ports_c; static int max_dcc_channels = 8; static unsigned int dcc_timeout = 300; @@ -52,7 +52,7 @@ EXPORT_SYMBOL_GPL(ip_nat_irc_hook); MODULE_AUTHOR("Harald Welte "); MODULE_DESCRIPTION("IRC (DCC) connection tracking helper"); MODULE_LICENSE("GPL"); -module_param_array(ports, short, &ports_c, 0400); +module_param_array(ports, ushort, &ports_c, 0400); MODULE_PARM_DESC(ports, "port numbers of IRC servers"); module_param(max_dcc_channels, int, 0400); MODULE_PARM_DESC(max_dcc_channels, "max number of expected DCC channels per IRC session"); Index: linux-2.6.14-ck6/net/ipv4/netfilter/ip_conntrack_netlink.c =================================================================== --- linux-2.6.14-ck6.orig/net/ipv4/netfilter/ip_conntrack_netlink.c +++ linux-2.6.14-ck6/net/ipv4/netfilter/ip_conntrack_netlink.c @@ -58,14 +58,17 @@ ctnetlink_dump_tuples_proto(struct sk_bu const struct ip_conntrack_tuple *tuple) { struct ip_conntrack_protocol *proto; + int ret = 0; NFA_PUT(skb, CTA_PROTO_NUM, sizeof(u_int8_t), &tuple->dst.protonum); proto = ip_conntrack_proto_find_get(tuple->dst.protonum); - if (proto && proto->tuple_to_nfattr) - return proto->tuple_to_nfattr(skb, tuple); + if (likely(proto && proto->tuple_to_nfattr)) { + ret = proto->tuple_to_nfattr(skb, tuple); + ip_conntrack_proto_put(proto); + } - return 0; + return ret; nfattr_failure: return -1; Index: linux-2.6.14-ck6/net/ipv4/netfilter/ip_conntrack_proto_icmp.c =================================================================== --- linux-2.6.14-ck6.orig/net/ipv4/netfilter/ip_conntrack_proto_icmp.c +++ linux-2.6.14-ck6/net/ipv4/netfilter/ip_conntrack_proto_icmp.c @@ -296,7 +296,8 @@ static int icmp_nfattr_to_tuple(struct n struct ip_conntrack_tuple *tuple) { if (!tb[CTA_PROTO_ICMP_TYPE-1] - || !tb[CTA_PROTO_ICMP_CODE-1]) + || !tb[CTA_PROTO_ICMP_CODE-1] + || !tb[CTA_PROTO_ICMP_ID-1]) return -1; tuple->dst.u.icmp.type = Index: linux-2.6.14-ck6/net/ipv4/netfilter/ip_conntrack_proto_tcp.c =================================================================== --- linux-2.6.14-ck6.orig/net/ipv4/netfilter/ip_conntrack_proto_tcp.c +++ linux-2.6.14-ck6/net/ipv4/netfilter/ip_conntrack_proto_tcp.c @@ -362,6 +362,11 @@ static int nfattr_to_tcp(struct nfattr * struct nfattr *attr = cda[CTA_PROTOINFO_TCP-1]; struct nfattr *tb[CTA_PROTOINFO_TCP_MAX]; + /* updates could not contain anything about the private + * protocol info, in that case skip the parsing */ + if (!attr) + return 0; + if (nfattr_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr) < 0) goto nfattr_failure; @@ -813,6 +818,7 @@ static u8 tcp_valid_flags[(TH_FIN|TH_SYN { [TH_SYN] = 1, [TH_SYN|TH_ACK] = 1, + [TH_SYN|TH_PUSH] = 1, [TH_SYN|TH_ACK|TH_PUSH] = 1, [TH_RST] = 1, [TH_RST|TH_ACK] = 1, Index: linux-2.6.14-ck6/net/ipv4/netfilter/ip_conntrack_tftp.c =================================================================== --- linux-2.6.14-ck6.orig/net/ipv4/netfilter/ip_conntrack_tftp.c +++ linux-2.6.14-ck6/net/ipv4/netfilter/ip_conntrack_tftp.c @@ -26,9 +26,9 @@ MODULE_DESCRIPTION("tftp connection trac MODULE_LICENSE("GPL"); #define MAX_PORTS 8 -static short ports[MAX_PORTS]; +static unsigned short ports[MAX_PORTS]; static int ports_c; -module_param_array(ports, short, &ports_c, 0400); +module_param_array(ports, ushort, &ports_c, 0400); MODULE_PARM_DESC(ports, "port numbers of tftp servers"); #if 0 Index: linux-2.6.14-ck6/net/ipv4/netfilter/ip_nat_core.c =================================================================== --- linux-2.6.14-ck6.orig/net/ipv4/netfilter/ip_nat_core.c +++ linux-2.6.14-ck6/net/ipv4/netfilter/ip_nat_core.c @@ -66,10 +66,8 @@ ip_nat_proto_find_get(u_int8_t protonum) * removed until we've grabbed the reference */ preempt_disable(); p = __ip_nat_proto_find(protonum); - if (p) { - if (!try_module_get(p->me)) - p = &ip_nat_unknown_protocol; - } + if (!try_module_get(p->me)) + p = &ip_nat_unknown_protocol; preempt_enable(); return p; Index: linux-2.6.14-ck6/net/ipv4/netfilter/ip_nat_helper_pptp.c =================================================================== --- linux-2.6.14-ck6.orig/net/ipv4/netfilter/ip_nat_helper_pptp.c +++ linux-2.6.14-ck6/net/ipv4/netfilter/ip_nat_helper_pptp.c @@ -73,6 +73,7 @@ static void pptp_nat_expected(struct ip_ struct ip_conntrack_tuple t; struct ip_ct_pptp_master *ct_pptp_info; struct ip_nat_pptp *nat_pptp_info; + struct ip_nat_range range; ct_pptp_info = &master->help.ct_pptp_info; nat_pptp_info = &master->nat.help.nat_pptp_info; @@ -110,7 +111,30 @@ static void pptp_nat_expected(struct ip_ DEBUGP("not found!\n"); } - ip_nat_follow_master(ct, exp); + /* This must be a fresh one. */ + BUG_ON(ct->status & IPS_NAT_DONE_MASK); + + /* Change src to where master sends to */ + range.flags = IP_NAT_RANGE_MAP_IPS; + range.min_ip = range.max_ip + = ct->master->tuplehash[!exp->dir].tuple.dst.ip; + if (exp->dir == IP_CT_DIR_ORIGINAL) { + range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED; + range.min = range.max = exp->saved_proto; + } + /* hook doesn't matter, but it has to do source manip */ + ip_nat_setup_info(ct, &range, NF_IP_POST_ROUTING); + + /* For DST manip, map port here to where it's expected. */ + range.flags = IP_NAT_RANGE_MAP_IPS; + range.min_ip = range.max_ip + = ct->master->tuplehash[!exp->dir].tuple.src.ip; + if (exp->dir == IP_CT_DIR_REPLY) { + range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED; + range.min = range.max = exp->saved_proto; + } + /* hook doesn't matter, but it has to do destination manip */ + ip_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING); } /* outbound packets == from PNS to PAC */ @@ -213,7 +237,7 @@ pptp_exp_gre(struct ip_conntrack_expect /* alter expectation for PNS->PAC direction */ invert_tuplepr(&inv_t, &expect_orig->tuple); - expect_orig->saved_proto.gre.key = htons(nat_pptp_info->pac_call_id); + expect_orig->saved_proto.gre.key = htons(ct_pptp_info->pns_call_id); expect_orig->tuple.src.u.gre.key = htons(nat_pptp_info->pns_call_id); expect_orig->tuple.dst.u.gre.key = htons(ct_pptp_info->pac_call_id); inv_t.src.ip = reply_t->src.ip; Index: linux-2.6.14-ck6/net/ipv4/netfilter/ip_nat_proto_gre.c =================================================================== --- linux-2.6.14-ck6.orig/net/ipv4/netfilter/ip_nat_proto_gre.c +++ linux-2.6.14-ck6/net/ipv4/netfilter/ip_nat_proto_gre.c @@ -139,8 +139,8 @@ gre_manip_pkt(struct sk_buff **pskb, break; case GRE_VERSION_PPTP: DEBUGP("call_id -> 0x%04x\n", - ntohl(tuple->dst.u.gre.key)); - pgreh->call_id = htons(ntohl(tuple->dst.u.gre.key)); + ntohs(tuple->dst.u.gre.key)); + pgreh->call_id = tuple->dst.u.gre.key; break; default: DEBUGP("can't nat unknown GRE version\n"); Index: linux-2.6.14-ck6/net/ipv4/netfilter/ip_nat_proto_unknown.c =================================================================== --- linux-2.6.14-ck6.orig/net/ipv4/netfilter/ip_nat_proto_unknown.c +++ linux-2.6.14-ck6/net/ipv4/netfilter/ip_nat_proto_unknown.c @@ -62,7 +62,7 @@ unknown_print_range(char *buffer, const struct ip_nat_protocol ip_nat_unknown_protocol = { .name = "unknown", - .me = THIS_MODULE, + /* .me isn't set: getting a ref to this cannot fail. */ .manip_pkt = unknown_manip_pkt, .in_range = unknown_in_range, .unique_tuple = unknown_unique_tuple, Index: linux-2.6.14-ck6/net/ipv4/tcp_bic.c =================================================================== --- linux-2.6.14-ck6.orig/net/ipv4/tcp_bic.c +++ linux-2.6.14-ck6/net/ipv4/tcp_bic.c @@ -27,7 +27,7 @@ */ static int fast_convergence = 1; -static int max_increment = 32; +static int max_increment = 16; static int low_window = 14; static int beta = 819; /* = 819/1024 (BICTCP_BETA_SCALE) */ static int low_utilization_threshold = 153; Index: linux-2.6.14-ck6/net/ipv6/datagram.c =================================================================== --- linux-2.6.14-ck6.orig/net/ipv6/datagram.c +++ linux-2.6.14-ck6/net/ipv6/datagram.c @@ -437,7 +437,7 @@ int datagram_recv_ctl(struct sock *sk, s break; case IPPROTO_AH: nexthdr = ptr[0]; - len = (ptr[1] + 1) << 2; + len = (ptr[1] + 2) << 2; break; default: nexthdr = ptr[0]; Index: linux-2.6.14-ck6/net/ipv6/exthdrs.c =================================================================== --- linux-2.6.14-ck6.orig/net/ipv6/exthdrs.c +++ linux-2.6.14-ck6/net/ipv6/exthdrs.c @@ -628,6 +628,7 @@ ipv6_renew_options(struct sock *sk, stru if (!tot_len) return NULL; + tot_len += sizeof(*opt2); opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC); if (!opt2) return ERR_PTR(-ENOBUFS); @@ -668,7 +669,26 @@ ipv6_renew_options(struct sock *sk, stru return opt2; out: - sock_kfree_s(sk, p, tot_len); + sock_kfree_s(sk, opt2, opt2->tot_len); return ERR_PTR(err); } +struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, + struct ipv6_txoptions *opt) +{ + /* + * ignore the dest before srcrt unless srcrt is being included. + * --yoshfuji + */ + if (opt && opt->dst0opt && !opt->srcrt) { + if (opt_space != opt) { + memcpy(opt_space, opt, sizeof(*opt_space)); + opt = opt_space; + } + opt->opt_nflen -= ipv6_optlen(opt->dst0opt); + opt->dst0opt = NULL; + } + + return opt; +} + Index: linux-2.6.14-ck6/net/ipv6/ip6_flowlabel.c =================================================================== --- linux-2.6.14-ck6.orig/net/ipv6/ip6_flowlabel.c +++ linux-2.6.14-ck6/net/ipv6/ip6_flowlabel.c @@ -225,20 +225,16 @@ struct ipv6_txoptions *fl6_merge_options struct ip6_flowlabel * fl, struct ipv6_txoptions * fopt) { - struct ipv6_txoptions * fl_opt = fl ? fl->opt : NULL; + struct ipv6_txoptions * fl_opt = fl->opt; - if (fopt == NULL || fopt->opt_flen == 0) { - if (!fl_opt || !fl_opt->dst0opt || fl_opt->srcrt) - return fl_opt; - } + if (fopt == NULL || fopt->opt_flen == 0) + return fl_opt; if (fl_opt != NULL) { opt_space->hopopt = fl_opt->hopopt; - opt_space->dst0opt = fl_opt->srcrt ? fl_opt->dst0opt : NULL; + opt_space->dst0opt = fl_opt->dst0opt; opt_space->srcrt = fl_opt->srcrt; opt_space->opt_nflen = fl_opt->opt_nflen; - if (fl_opt->dst0opt && !fl_opt->srcrt) - opt_space->opt_nflen -= ipv6_optlen(fl_opt->dst0opt); } else { if (fopt->opt_nflen == 0) return fopt; Index: linux-2.6.14-ck6/net/ipv6/raw.c =================================================================== --- linux-2.6.14-ck6.orig/net/ipv6/raw.c +++ linux-2.6.14-ck6/net/ipv6/raw.c @@ -756,7 +756,9 @@ static int rawv6_sendmsg(struct kiocb *i } if (opt == NULL) opt = np->opt; - opt = fl6_merge_options(&opt_space, flowlabel, opt); + if (flowlabel) + opt = fl6_merge_options(&opt_space, flowlabel, opt); + opt = ipv6_fixup_options(&opt_space, opt); fl.proto = proto; rawv6_probe_proto_opt(&fl, msg); Index: linux-2.6.14-ck6/net/ipv6/udp.c =================================================================== --- linux-2.6.14-ck6.orig/net/ipv6/udp.c +++ linux-2.6.14-ck6/net/ipv6/udp.c @@ -778,7 +778,9 @@ do_udp_sendmsg: } if (opt == NULL) opt = np->opt; - opt = fl6_merge_options(&opt_space, flowlabel, opt); + if (flowlabel) + opt = fl6_merge_options(&opt_space, flowlabel, opt); + opt = ipv6_fixup_options(&opt_space, opt); fl->proto = IPPROTO_UDP; ipv6_addr_copy(&fl->fl6_dst, daddr); Index: linux-2.6.14-ck6/net/netfilter/nf_queue.c =================================================================== --- linux-2.6.14-ck6.orig/net/netfilter/nf_queue.c +++ linux-2.6.14-ck6/net/netfilter/nf_queue.c @@ -117,7 +117,7 @@ int nf_queue(struct sk_buff **skb, /* QUEUE == DROP if noone is waiting, to be safe. */ read_lock(&queue_handler_lock); - if (!queue_handler[pf]->outfn) { + if (!queue_handler[pf] || !queue_handler[pf]->outfn) { read_unlock(&queue_handler_lock); kfree_skb(*skb); return 1;