1. 15 Nov, 2006 2 commits
  2. 11 Nov, 2006 4 commits
    • Adrian Bunk's avatar
      Linux 2.6.16.32-rc1 · ae92a0d0
      Adrian Bunk authored
      ae92a0d0
    • Christoph Lameter's avatar
      Fix longstanding load balancing bug in the scheduler · ef147950
      Christoph Lameter authored
      The scheduler will stop load balancing if the most busy processor contains
      processes pinned via processor affinity.
      
      The scheduler currently only does one search for busiest cpu.  If it cannot
      pull any tasks away from the busiest cpu because they were pinned then the
      scheduler goes into a corner and sulks leaving the idle processors idle.
      
      F.e.  If you have processor 0 busy running four tasks pinned via taskset,
      there are none on processor 1 and one just started two processes on
      processor 2 then the scheduler will not move one of the two processes away
      from processor 2.
      
      This patch fixes that issue by forcing the scheduler to come out of its
      corner and retrying the load balancing by considering other processors for
      load balancing.
      
      This patch was originally developed by John Hawkes and discussed at
      
          http://marc.theaimsgroup.com/?l=linux-kernel&m=113901368523205&w=2.
      
      I have removed extraneous material and gone back to equipping struct rq
      with the cpu the queue is associated with since this makes the patch much
      easier and it is likely that others in the future will have the same
      difficulty of figuring out which processor owns which runqueue.
      
      The overhead added through these patches is a single word on the stack if
      the kernel is configured to support 32 cpus or less (32 bit).  For 32 bit
      environments the maximum number of cpus that can be configued is 255 which
      would result in the use of 32 bytes additional on the stack.  On IA64 up to
      1k cpus can be configured which will result in the use of 128 additional
      bytes on the stack.  The maximum additional cache footprint is one
      cacheline.  Typically memory use will be much less than a cacheline and the
      additional cpumask will be placed on the stack in a cacheline that already
      contains other local variable.
      Signed-off-by: default avatarChristoph Lameter <clameter@sgi.com>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      ef147950
    • Tejun Heo's avatar
      sata_sil24: add a new PCI ID for SiI 3124 · f9a198cc
      Tejun Heo authored
      Add a new PCI ID for SiI 3124.  Reported by Silicon Image.
      Signed-off-by: default avatarTejun Heo <htejun@gmail.com>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      f9a198cc
    • Kirill Korotaev's avatar
      ia64/sparc: fix local DoS with corrupted ELFs (CVE-2006-4538) · 05c19c43
      Kirill Korotaev authored
      This patch prevents cross-region mappings
      on IA64 and SPARC which could lead to system crash.
      
      Adrian Bunk:
      Adapted to 2.6.16.
      Signed-Off-By: default avatarKirill Korotaev <dev@openvz.org>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      05c19c43
  3. 10 Nov, 2006 5 commits
  4. 09 Nov, 2006 8 commits
  5. 08 Nov, 2006 7 commits
  6. 07 Nov, 2006 10 commits
  7. 05 Nov, 2006 4 commits
    • Adrian Bunk's avatar
      Linux 2.6.16.31-rc1 · afaa018c
      Adrian Bunk authored
      afaa018c
    • Patrick McHardy's avatar
      [NETFILTER]: Fix ip6_tables extension header bypass bug (CVE-2006-4572) · 0ddfcc96
      Patrick McHardy authored
      As reported by Mark Dowd <Mark_Dowd@McAfee.com>, ip6_tables is susceptible
      to a fragmentation attack causing false negatives on extension header
      matches.
      
      When extension headers occur in the non-first fragment after the fragment
      header (possibly with an incorrect nexthdr value in the fragment header)
      a rule looking for this extension header will never match.
      
      Drop fragments that are at offset 0 and don't contain the final protocol
      header regardless of the ruleset, since this should not happen normally.
      Since all extension headers are before the protocol header this makes sure
      an extension header is either not present or in the first fragment, where
      we can properly parse it.
      
      With help from Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>.
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      0ddfcc96
    • Patrick McHardy's avatar
      [NETFILTER]: Fix ip6_tables protocol bypass bug (CVE-2006-4572) · 6ac62be8
      Patrick McHardy authored
      As reported by Mark Dowd <Mark_Dowd@McAfee.com>, ip6_tables is susceptible
      to a fragmentation attack causing false negatives on protocol matches.
      
      When the protocol header doesn't follow the fragment header immediately,
      the fragment header contains the protocol number of the next extension
      header. When the extension header and the protocol header are sent in
      a second fragment a rule like "ip6tables .. -p udp -j DROP" will never
      match.
      
      Drop fragments that are at offset 0 and don't contain the final protocol
      header regardless of the ruleset, since this should not happen normally.
      
      With help from Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>.
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      6ac62be8
    • Neil Brown's avatar
      knfsd: Fix race that can disable NFS server. · 0ac0a208
      Neil Brown authored
      This is a long standing bug that seems to have only recently become
      apparent, presumably due to increasing use of NFS over TCP - many
      distros seem to be making it the default.
      
      The SK_CONN bit gets set when a listening socket may be ready
      for an accept, just as SK_DATA is set when data may be available.
      
      It is entirely possible for svc_tcp_accept to be called with neither
      of these set.  It doesn't happen often but there is a small race in
      svc_sock_enqueue as SK_CONN and SK_DATA are tested outside the
      spin_lock.  They could be cleared immediately after the test and
      before the lock is gained.
      
      This normally shouldn't be a problem.  The sockets are non-blocking so
      trying to read() or accept() when ther is nothing to do is not a problem.
      
      However: svc_tcp_recvfrom makes the decision "Should I accept() or
      should I read()" based on whether SK_CONN is set or not.  This usually
      works but is not safe.  The decision should be based on whether it is
      a TCP_LISTEN socket or a TCP_CONNECTED socket.
      Signed-off-by: default avatarNeil Brown <neilb@suse.de>
      Signed-off-by: default avatarAdrian Bunk <bunk@stusta.de>
      0ac0a208