.24 patches

8 files changed, 405 insertions, 0 deletions

diff --git a/queue-2.6.24/fix-dl2k-constants.patch b/queue-2.6.24/fix-dl2k-constants.patch
new file mode 100644
index 0000000..09d5bc7
--- /dev/null
+++ b/queue-2.6.24/fix-dl2k-constants.patch
@@ -0,0 +1,39 @@
+From stable-bounces@linux.kernel.org Thu Jan 31 23:06:27 2008
+From: Al Viro <viro@ZenIV.linux.org.uk>
+Date: Fri, 1 Feb 2008 07:05:44 +0000
+Subject: Fix dl2k constants
+To: Jeff Garzik <jgarzik@pobox.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>, stable@kernel.org
+Message-ID: <20080201070544.GL27894@ZenIV.linux.org.uk>
+Content-Disposition: inline
+
+
+patch 9c52fab2f187636b39afb0dcf562872ed42ab608 in mainline.
+
+The MSSR constants didn't match the reality - bitfield declarations
+used to be correct (1000BT_FD - bit 11, 1000BT_HD - bit 10), but enum
+had them the other way round.  Went unnoticed until the switch from
+the bitfields use to the explicit arithmetics and I hadn't caught that one
+when verifying correctness of change...
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/net/dl2k.h |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/dl2k.h
++++ b/drivers/net/dl2k.h
+@@ -388,8 +388,8 @@ enum _mii_mssr {
+ 	MII_MSSR_CFG_RES = 0x4000,
+ 	MII_MSSR_LOCAL_RCV_STATUS = 0x2000,
+ 	MII_MSSR_REMOTE_RCVR = 0x1000,
+-	MII_MSSR_LP_1000BT_HD = 0x0800,
+-	MII_MSSR_LP_1000BT_FD = 0x0400,
++	MII_MSSR_LP_1000BT_FD = 0x0800,
++	MII_MSSR_LP_1000BT_HD = 0x0400,
+ 	MII_MSSR_IDLE_ERR_COUNT = 0x00ff,
+ };
+ 
diff --git a/queue-2.6.24/hugetlb-add-locking-for-overcommit-sysctl.patch b/queue-2.6.24/hugetlb-add-locking-for-overcommit-sysctl.patch
new file mode 100644
index 0000000..a9bd9ea
--- /dev/null
+++ b/queue-2.6.24/hugetlb-add-locking-for-overcommit-sysctl.patch
@@ -0,0 +1,75 @@
+From stable-bounces@linux.kernel.org Fri Feb  8 04:19:17 2008
+From: Nishanth Aravamudan <nacc@us.ibm.com>
+Date: Fri, 08 Feb 2008 04:18:18 -0800
+Subject: hugetlb: add locking for overcommit sysctl
+To: torvalds@linux-foundation.org
+Cc: wli@holomorphy.com, agl@us.ibm.com, nacc@us.ibm.com, akpm@linux-foundation.org, stable@kernel.org, david@gibson.dropbear.id.au
+Message-ID: <200802081217.m18CHxwe023557@imap1.linux-foundation.org>
+
+
+From: Nishanth Aravamudan <nacc@us.ibm.com>
+
+patch a3d0c6aa1bb342b9b2c7b123b52ac2f48a4d4d0a in mainline.
+
+When I replaced hugetlb_dynamic_pool with nr_overcommit_hugepages I used
+proc_doulongvec_minmax() directly.  However, hugetlb.c's locking rules
+require that all counter modifications occur under the hugetlb_lock.  Add a
+callback into the hugetlb code similar to the one for nr_hugepages.  Grab
+the lock around the manipulation of nr_overcommit_hugepages in
+proc_doulongvec_minmax().
+
+Signed-off-by: Nishanth Aravamudan <nacc@us.ibm.com>
+Acked-by: Adam Litke <agl@us.ibm.com>
+Cc: David Gibson <david@gibson.dropbear.id.au>
+Cc: William Lee Irwin III <wli@holomorphy.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ include/linux/hugetlb.h |    1 +
+ kernel/sysctl.c         |    2 +-
+ mm/hugetlb.c            |   10 ++++++++++
+ 3 files changed, 12 insertions(+), 1 deletion(-)
+
+--- a/include/linux/hugetlb.h
++++ b/include/linux/hugetlb.h
+@@ -17,6 +17,7 @@ static inline int is_vm_hugetlb_page(str
+ }
+ 
+ int hugetlb_sysctl_handler(struct ctl_table *, int, struct file *, void __user *, size_t *, loff_t *);
++int hugetlb_overcommit_handler(struct ctl_table *, int, struct file *, void __user *, size_t *, loff_t *);
+ int hugetlb_treat_movable_handler(struct ctl_table *, int, struct file *, void __user *, size_t *, loff_t *);
+ int copy_hugetlb_page_range(struct mm_struct *, struct mm_struct *, struct vm_area_struct *);
+ int follow_hugetlb_page(struct mm_struct *, struct vm_area_struct *, struct page **, struct vm_area_struct **, unsigned long *, int *, int, int);
+--- a/kernel/sysctl.c
++++ b/kernel/sysctl.c
+@@ -910,7 +910,7 @@ static struct ctl_table vm_table[] = {
+ 		.data		= &nr_overcommit_huge_pages,
+ 		.maxlen		= sizeof(nr_overcommit_huge_pages),
+ 		.mode		= 0644,
+-		.proc_handler	= &proc_doulongvec_minmax,
++		.proc_handler	= &hugetlb_overcommit_handler,
+ 	},
+ #endif
+ 	{
+--- a/mm/hugetlb.c
++++ b/mm/hugetlb.c
+@@ -605,6 +605,16 @@ int hugetlb_treat_movable_handler(struct
+ 	return 0;
+ }
+ 
++int hugetlb_overcommit_handler(struct ctl_table *table, int write,
++			struct file *file, void __user *buffer,
++			size_t *length, loff_t *ppos)
++{
++	spin_lock(&hugetlb_lock);
++	proc_doulongvec_minmax(table, write, file, buffer, length, ppos);
++	spin_unlock(&hugetlb_lock);
++	return 0;
++}
++
+ #endif /* CONFIG_SYSCTL */
+ 
+ int hugetlb_report_meminfo(char *buf)
diff --git a/queue-2.6.24/inotify-fix-check-for-one-shot-watches-before-destroying-them.patch b/queue-2.6.24/inotify-fix-check-for-one-shot-watches-before-destroying-them.patch
new file mode 100644
index 0000000..2d3f5c6
--- /dev/null
+++ b/queue-2.6.24/inotify-fix-check-for-one-shot-watches-before-destroying-them.patch
@@ -0,0 +1,41 @@
+From stable-bounces@linux.kernel.org Fri Feb  8 04:19:02 2008
+From: Ulisses Furquim <ulissesf@gmail.com>
+Date: Fri, 08 Feb 2008 04:18:16 -0800
+Subject: inotify: fix check for one-shot watches before destroying them
+To: torvalds@linux-foundation.org
+Cc: rlove@google.com, clem.taylor@gmail.com, stable@kernel.org, amy.griffis@hp.com, ttb@tentacle.dhs.org, akpm@linux-foundation.org, ulissesf@gmail.com
+Message-ID: <200802081217.m18CHvXc023553@imap1.linux-foundation.org>
+
+From: Ulisses Furquim <ulissesf@gmail.com>
+
+patch ac74c00e499ed276a965e5b5600667d5dc04a84a in mainline.
+
+As the IN_ONESHOT bit is never set when an event is sent we must check it
+in the watch's mask and not in the event's mask.
+
+Signed-off-by: Ulisses Furquim <ulissesf@gmail.com>
+Reported-by: "Clem Taylor" <clem.taylor@gmail.com>
+Tested-by: "Clem Taylor" <clem.taylor@gmail.com>
+Cc: Amy Griffis <amy.griffis@hp.com>
+Cc: Robert Love <rlove@google.com>
+Cc: John McCutchan <ttb@tentacle.dhs.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+
+---
+ fs/inotify_user.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/inotify_user.c
++++ b/fs/inotify_user.c
+@@ -269,7 +269,7 @@ static void inotify_dev_queue_event(stru
+ 	/* we can safely put the watch as we don't reference it while
+ 	 * generating the event
+ 	 */
+-	if (mask & IN_IGNORED || mask & IN_ONESHOT)
++	if (mask & IN_IGNORED || w->mask & IN_ONESHOT)
+ 		put_inotify_watch(w); /* final put */
+ 
+ 	/* coalescing: drop this event if it is a dupe of the previous */
diff --git a/queue-2.6.24/nfs-fix-a-potential-file-corruption-issue-when-writing.patch b/queue-2.6.24/nfs-fix-a-potential-file-corruption-issue-when-writing.patch
new file mode 100644
index 0000000..a094906
--- /dev/null
+++ b/queue-2.6.24/nfs-fix-a-potential-file-corruption-issue-when-writing.patch
@@ -0,0 +1,83 @@
+From stable-bounces@linux.kernel.org Fri Feb  8 11:02:37 2008
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Fri, 08 Feb 2008 14:01:02 -0500
+Subject: NFS: Fix a potential file corruption issue when writing
+To: stable@kernel.org
+Message-ID: <1202497262.8383.8.camel@heimdal.trondhjem.org>
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+patch 5d47a35600270e7115061cb1320ee60ae9bcb6b8 in mainline.
+
+If the inode is flagged as having an invalid mapping, then we can't rely on
+the PageUptodate() flag. Ensure that we don't use the "anti-fragmentation"
+write optimisation in nfs_updatepage(), since that will cause NFS to write
+out areas of the page that are no longer guaranteed to be up to date.
+
+A potential corruption could occur in the following scenario:
+
+client 1			client 2
+===============			===============
+				fd=open("f",O_CREAT|O_WRONLY,0644);
+				write(fd,"fubar\n",6);	// cache last page
+				close(fd);
+fd=open("f",O_WRONLY|O_APPEND);
+write(fd,"foo\n",4);
+close(fd);
+
+				fd=open("f",O_WRONLY|O_APPEND);
+				write(fd,"bar\n",4);
+				close(fd);
+-----
+The bug may lead to the file "f" reading 'fubar\n\0\0\0\nbar\n' because
+client 2 does not update the cached page after re-opening the file for
+write. Instead it keeps it marked as PageUptodate() until someone calls
+invalidate_inode_pages2() (typically by calling read()).
+
+The bug was introduced by commit 44b11874ff583b6e766a05856b04f3c492c32b84
+"NFS: Separate metadata and page cache revalidation mechanisms"
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/nfs/write.c |   20 +++++++++++++++++---
+ 1 file changed, 17 insertions(+), 3 deletions(-)
+
+--- a/fs/nfs/write.c
++++ b/fs/nfs/write.c
+@@ -701,6 +701,17 @@ int nfs_flush_incompatible(struct file *
+ }
+ 
+ /*
++ * If the page cache is marked as unsafe or invalid, then we can't rely on
++ * the PageUptodate() flag. In this case, we will need to turn off
++ * write optimisations that depend on the page contents being correct.
++ */
++static int nfs_write_pageuptodate(struct page *page, struct inode *inode)
++{
++	return PageUptodate(page) &&
++		!(NFS_I(inode)->cache_validity & (NFS_INO_REVAL_PAGECACHE|NFS_INO_INVALID_DATA));
++}
++
++/*
+  * Update and possibly write a cached page of an NFS file.
+  *
+  * XXX: Keep an eye on generic_file_read to make sure it doesn't do bad
+@@ -721,10 +732,13 @@ int nfs_updatepage(struct file *file, st
+ 		(long long)(page_offset(page) +offset));
+ 
+ 	/* If we're not using byte range locks, and we know the page
+-	 * is entirely in cache, it may be more efficient to avoid
+-	 * fragmenting write requests.
++	 * is up to date, it may be more efficient to extend the write
++	 * to cover the entire page in order to avoid fragmentation
++	 * inefficiencies.
+ 	 */
+-	if (PageUptodate(page) && inode->i_flock == NULL && !(file->f_mode & O_SYNC)) {
++	if (nfs_write_pageuptodate(page, inode) &&
++			inode->i_flock == NULL &&
++			!(file->f_mode & O_SYNC)) {
+ 		count = max(count + offset, nfs_page_length(page));
+ 		offset = 0;
+ 	}
diff --git a/queue-2.6.24/quota-turn-quotas-off-when-remounting-read-only.patch b/queue-2.6.24/quota-turn-quotas-off-when-remounting-read-only.patch
new file mode 100644
index 0000000..c6b0b72
--- /dev/null
+++ b/queue-2.6.24/quota-turn-quotas-off-when-remounting-read-only.patch
@@ -0,0 +1,37 @@
+From stable-bounces@linux.kernel.org Fri Feb  8 04:30:29 2008
+From: Jan Kara <jack@suse.cz>
+Date: Fri, 08 Feb 2008 04:22:13 -0800
+Subject: quota: turn quotas off when remounting read-only
+To: torvalds@linux-foundation.org
+Cc: akpm@linux-foundation.org, jack@suse.cz, stable@kernel.org
+Message-ID: <200802081221.m18CLtGt024628@imap1.linux-foundation.org>
+
+
+From: Jan Kara <jack@suse.cz>
+
+patch 66191dc622f5ff0a541524c4e96fdacfacfda206 in mainline.
+
+Turn off quotas before filesystem is remounted read only.  Otherwise quota
+will try to write to read-only filesystem which does no good...  We could
+also just refuse to remount ro when quota is enabled but turning quota off
+is consistent with what we do on umount.
+
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/super.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/super.c
++++ b/fs/super.c
+@@ -603,6 +603,7 @@ int do_remount_sb(struct super_block *sb
+ 			mark_files_ro(sb);
+ 		else if (!fs_may_remount_ro(sb))
+ 			return -EBUSY;
++		DQUOT_OFF(sb);
+ 	}
+ 
+ 	if (sb->s_op->remount_fs) {
diff --git a/queue-2.6.24/scsi-sd-handle-bad-lba-in-sense-information.patch b/queue-2.6.24/scsi-sd-handle-bad-lba-in-sense-information.patch
new file mode 100644
index 0000000..3443f63
--- /dev/null
+++ b/queue-2.6.24/scsi-sd-handle-bad-lba-in-sense-information.patch
@@ -0,0 +1,76 @@
+From 366c246de9cec909c5eba4f784c92d1e75b4dc38 Mon Sep 17 00:00:00 2001
+From: James Bottomley <James.Bottomley@HansenPartnership.com>
+Date: Sat, 2 Feb 2008 16:06:23 -0600
+Subject: SCSI: sd: handle bad lba in sense information
+
+From: James Bottomley <James.Bottomley@HansenPartnership.com>
+
+patch 366c246de9cec909c5eba4f784c92d1e75b4dc38 in mainline.
+
+Some devices report medium error locations incorrectly.  Add guards to
+make sure the reported bad lba is actually in the request that caused
+it.  Additionally remove the large case statment for sector sizes and
+replace it with the proper u64 divisions.
+
+Tested-by: Mike Snitzer <snitzer@gmail.com>
+Cc: Stable Tree <stable@kernel.org>
+Cc: Tony Battersby <tonyb@cybernetics.com>
+Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/scsi/sd.c |   34 ++++++++++++++++------------------
+ 1 file changed, 16 insertions(+), 18 deletions(-)
+
+--- a/drivers/scsi/sd.c
++++ b/drivers/scsi/sd.c
+@@ -907,6 +907,7 @@ static int sd_done(struct scsi_cmnd *SCp
+  	unsigned int xfer_size = SCpnt->request_bufflen;
+  	unsigned int good_bytes = result ? 0 : xfer_size;
+  	u64 start_lba = SCpnt->request->sector;
++	u64 end_lba = SCpnt->request->sector + (xfer_size / 512);
+  	u64 bad_lba;
+ 	struct scsi_sense_hdr sshdr;
+ 	int sense_valid = 0;
+@@ -945,26 +946,23 @@ static int sd_done(struct scsi_cmnd *SCp
+ 			goto out;
+ 		if (xfer_size <= SCpnt->device->sector_size)
+ 			goto out;
+-		switch (SCpnt->device->sector_size) {
+-		case 256:
++		if (SCpnt->device->sector_size < 512) {
++			/* only legitimate sector_size here is 256 */
+ 			start_lba <<= 1;
+-			break;
+-		case 512:
+-			break;
+-		case 1024:
+-			start_lba >>= 1;
+-			break;
+-		case 2048:
+-			start_lba >>= 2;
+-			break;
+-		case 4096:
+-			start_lba >>= 3;
+-			break;
+-		default:
+-			/* Print something here with limiting frequency. */
+-			goto out;
+-			break;
++			end_lba <<= 1;
++		} else {
++			/* be careful ... don't want any overflows */
++			u64 factor = SCpnt->device->sector_size / 512;
++			do_div(start_lba, factor);
++			do_div(end_lba, factor);
+ 		}
++
++		if (bad_lba < start_lba  || bad_lba >= end_lba)
++			/* the bad lba was reported incorrectly, we have
++			 * no idea where the error is
++			 */
++			goto out;
++
+ 		/* This computation should always be done in terms of
+ 		 * the resolution of the device's medium.
+ 		 */
diff --git a/queue-2.6.24/series b/queue-2.6.24/series
new file mode 100644
index 0000000..cff23a3
--- /dev/null
+++ b/queue-2.6.24/series
@@ -0,0 +1,7 @@
+nfs-fix-a-potential-file-corruption-issue-when-writing.patch
+inotify-fix-check-for-one-shot-watches-before-destroying-them.patch
+hugetlb-add-locking-for-overcommit-sysctl.patch
+quota-turn-quotas-off-when-remounting-read-only.patch
+xfs-fix-oops-in-xfs_file_readdir.patch
+fix-dl2k-constants.patch
+scsi-sd-handle-bad-lba-in-sense-information.patch
diff --git a/queue-2.6.24/xfs-fix-oops-in-xfs_file_readdir.patch b/queue-2.6.24/xfs-fix-oops-in-xfs_file_readdir.patch
new file mode 100644
index 0000000..5174981
--- /dev/null
+++ b/queue-2.6.24/xfs-fix-oops-in-xfs_file_readdir.patch
@@ -0,0 +1,47 @@
+From stable-bounces@linux.kernel.org Tue Feb  5 15:52:50 2008
+From: David Chinner <dgc@sgi.com>
+Date: Wed, 6 Feb 2008 10:52:15 +1100
+Subject: XFS: Fix oops in xfs_file_readdir()
+To: stable@kernel.org
+Cc: greg@kroah.com, chris@sous-sol.org
+Message-ID: <20080205235215.GY155259@sgi.com>
+Content-Disposition: inline
+
+From: David Chinner <dgc@sgi.com>
+
+patch 450790a2c51e6d9d47ed30dbdcf486656b8e186f in mainline.
+
+Several occurrences of oops in xfs_file_readdir() on ia32 have been
+reported since 2.6.24 was released. This is a regression introduced
+in 2.6.24 and is relatively easy to hit. The patch below fixes the
+problem.
+
+
+Signed-off-by: Dave Chinner <dgc@sgi.com>
+Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/xfs/linux-2.6/xfs_file.c |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/fs/xfs/linux-2.6/xfs_file.c
++++ b/fs/xfs/linux-2.6/xfs_file.c
+@@ -350,8 +350,8 @@ xfs_file_readdir(
+ 
+ 		size = buf.used;
+ 		de = (struct hack_dirent *)buf.dirent;
+-		curr_offset = de->offset /* & 0x7fffffff */;
+ 		while (size > 0) {
++			curr_offset = de->offset /* & 0x7fffffff */;
+ 			if (filldir(dirent, de->name, de->namlen,
+ 					curr_offset & 0x7fffffff,
+ 					de->ino, de->d_type)) {
+@@ -362,7 +362,6 @@ xfs_file_readdir(
+ 				       sizeof(u64));
+ 			size -= reclen;
+ 			de = (struct hack_dirent *)((char *)de + reclen);
+-			curr_offset = de->offset /* & 0x7fffffff */;
+ 		}
+ 	}
+