)]}'
{
  "log": [
    {
      "commit": "71e161a6a9fa021a280e564254fcda894e6fbd14",
      "tree": "df454328272a688e7a8a160c32ec4ab4f4ec7702",
      "parents": [
        "4b5b3ba16be1b195d2e1161746637acd4b9fed4f"
      ],
      "author": {
        "name": "Andy Adamson",
        "email": "andros@netapp.com",
        "time": "Thu Jan 06 02:04:25 2011 +0000"
      },
      "committer": {
        "name": "Trond Myklebust",
        "email": "Trond.Myklebust@netapp.com",
        "time": "Thu Jan 06 14:46:23 2011 -0500"
      },
      "message": "SUNRPC fix bc_send print\n\nSigned-off-by: Andy Adamson \u003candros@netapp.com\u003e\nSigned-off-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n"
    },
    {
      "commit": "4b5b3ba16be1b195d2e1161746637acd4b9fed4f",
      "tree": "6e58eb24836d73b8fd756d9dff7199a88a9ebafe",
      "parents": [
        "64c2ce8b72eceec4030b04bca32d098b3d1431bb"
      ],
      "author": {
        "name": "Andy Adamson",
        "email": "andros@netapp.com",
        "time": "Thu Jan 06 02:04:24 2011 +0000"
      },
      "committer": {
        "name": "Trond Myklebust",
        "email": "Trond.Myklebust@netapp.com",
        "time": "Thu Jan 06 14:46:23 2011 -0500"
      },
      "message": "SUNRPC move svc_drop to caller of svc_process_common\n\nThe NFSv4.1 shared back channel does not need to call svc_drop because the\ncallback service never outlives the single connection it services, and it\nreuses it\u0027s buffers and keeps the trasport.\n\nSigned-off-by: Andy Adamson \u003candros@netapp.com\u003e\nAcked-by: Bruce Fields \u003cbfields@redhat.com\u003e\nSigned-off-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n"
    },
    {
      "commit": "beb0f0a9fba1fa98b378329a9a5b0a73f25097ae",
      "tree": "33b5cdc0d628a48da74e2aadd0caafb6898d6350",
      "parents": [
        "51f128ea1c9224c1e3cf6c6a1498431d97699668"
      ],
      "author": {
        "name": "Trond Myklebust",
        "email": "Trond.Myklebust@netapp.com",
        "time": "Mon Dec 20 21:19:26 2010 +0000"
      },
      "committer": {
        "name": "Trond Myklebust",
        "email": "Trond.Myklebust@netapp.com",
        "time": "Tue Jan 04 13:10:38 2011 -0500"
      },
      "message": "kernel panic when mount NFSv4\n\nOn Tue, 2010-12-14 at 16:58 +0800, Mi Jinlong wrote:\n\u003e Hi,\n\u003e\n\u003e When testing NFSv4 at RHEL6 with kernel 2.6.32, I got a kernel panic\n\u003e at NFS client\u0027s __rpc_create_common function.\n\u003e\n\u003e The panic place is:\n\u003e   rpc_mkpipe\n\u003e     __rpc_lookup_create()          \u003c\u003d\u003d\u003d find pipefile *idmap*\n\u003e     __rpc_mkpipe()                 \u003c\u003d\u003d\u003d pipefile is *idmap*\n\u003e       __rpc_create_common()\n\u003e        ******  BUG_ON(!d_unhashed(dentry)); ******    *panic*\n\u003e\n\u003e It means that the dentry\u0027s d_flags have be set DCACHE_UNHASHED,\n\u003e but it should not be set here.\n\u003e\n\u003e Is someone known this bug? or give me some idea?\n\u003e\n\u003e A reproduce program is append, but it can\u0027t reproduce the bug every time.\n\u003e the export is: \"/nfsroot       *(rw,no_root_squash,fsid\u003d0,insecure)\"\n\u003e\n\u003e And the panic message is append.\n\u003e\n\u003e \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\u003e #!/bin/sh\n\u003e\n\u003e LOOPTOTAL\u003d768\n\u003e LOOPCOUNT\u003d0\n\u003e ret\u003d0\n\u003e\n\u003e while [ $LOOPCOUNT -ne $LOOPTOTAL ]\n\u003e do\n\u003e \t((LOOPCOUNT +\u003d 1))\n\u003e \tservice nfs restart\n\u003e \t/usr/sbin/rpc.idmapd\n\u003e \tmount -t nfs4 127.0.0.1:/ /mnt|| return 1;\n\u003e \tls -l /var/lib/nfs/rpc_pipefs/nfs/*/\n\u003e \tumount /mnt\n\u003e \techo $LOOPCOUNT\n\u003e done\n\u003e\n\u003e \u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\n\u003e Code: af 60 01 00 00 89 fa 89 f0 e8 64 cf 89 f0 e8 5c 7c 64 cf 31 c0 8b 5c 24 10 8b\n\u003e 74 24 14 8b 7c 24 18 8b 6c 24 1c 83 c4 20 c3 \u003c0f\u003e 0b eb fc 8b 46 28 c7 44 24 08 20\n\u003e de ee f0 c7 44 24 04 56 ea\n\u003e EIP:[\u003cf0ee92ea\u003e] __rpc_create_common+0x8a/0xc0 [sunrpc] SS:ESP 0068:eccb5d28\n\u003e ---[ end trace 8f5606cd08928ed2]---\n\u003e Kernel panic - not syncing: Fatal exception\n\u003e Pid:7131, comm: mount.nfs4 Tainted: G     D   -------------------2.6.32 #1\n\u003e Call Trace:\n\u003e  [\u003cc080ad18\u003e] ? panic+0x42/0xed\n\u003e  [\u003cc080e42c\u003e] ? oops_end+0xbc/0xd0\n\u003e  [\u003cc040b090\u003e] ? do_invalid_op+0x0/0x90\n\u003e  [\u003cc040b10f\u003e] ? do_invalid_op+0x7f/0x90\n\u003e  [\u003cf0ee92ea\u003e] ? __rpc_create_common+0x8a/0xc0[sunrpc]\n\u003e  [\u003cf0edc433\u003e] ? rpc_free_task+0x33/0x70[sunrpc]\n\u003e  [\u003cf0ed6508\u003e] ? prc_call_sync+0x48/0x60[sunrpc]\n\u003e  [\u003cf0ed656e\u003e] ? rpc_ping+0x4e/0x60[sunrpc]\n\u003e  [\u003cf0ed6eaf\u003e] ? rpc_create+0x38f/0x4f0[sunrpc]\n\u003e  [\u003cc080d80b\u003e] ? error_code+0x73/0x78\n\u003e  [\u003cf0ee92ea\u003e] ? __rpc_create_common+0x8a/0xc0[sunrpc]\n\u003e  [\u003cc0532bda\u003e] ? d_lookup+0x2a/0x40\n\u003e  [\u003cf0ee94b1\u003e] ? rpc_mkpipe+0x111/0x1b0[sunrpc]\n\u003e  [\u003cf10a59f4\u003e] ? nfs_create_rpc_client+0xb4/0xf0[nfs]\n\u003e  [\u003cf10d6c6d\u003e] ? nfs_fscache_get_client_cookie+0x1d/0x50[nfs]\n\u003e  [\u003cf10d3fcb\u003e] ? nfs_idmap_new+0x7b/0x140[nfs]\n\u003e  [\u003cc05e76aa\u003e] ? strlcpy+0x3a/0x60\n\u003e  [\u003cf10a60ca\u003e] ? nfs4_set_client+0xea/0x2b0[nfs]\n\u003e  [\u003cf10a6d0c\u003e] ? nfs4_create_server+0xac/0x1b0[nfs]\n\u003e  [\u003cc04f1400\u003e] ? krealloc+0x40/0x50\n\u003e  [\u003cf10b0e8b\u003e] ? nfs4_remote_get_sb+0x6b/0x250[nfs]\n\u003e  [\u003cc04f14ec\u003e] ? kstrdup+0x3c/0x60\n\u003e  [\u003cc0520739\u003e] ? vfs_kern_mount+0x69/0x170\n\u003e  [\u003cf10b1a3c\u003e] ? nfs_do_root_mount+0x6c/0xa0[nfs]\n\u003e  [\u003cf10b1b47\u003e] ? nfs4_try_mount+0x37/0xa0[nfs]\n\u003e  [\u003cf10afe6d\u003e] ? nfs4_validate_text_mount_data+-x7d/0xf0[nfs]\n\u003e  [\u003cf10b1c42\u003e] ? nfs4_get_sb+0x92/0x2f0\n\u003e  [\u003cc0520739\u003e] ? vfs_kern_mount+0x69/0x170\n\u003e  [\u003cc05366d2\u003e] ? get_fs_type+0x32/0xb0\n\u003e  [\u003cc052089f\u003e] ? do_kern_mount+0x3f/0xe0\n\u003e  [\u003cc053954f\u003e] ? do_mount+0x2ef/0x740\n\u003e  [\u003cc0537740\u003e] ? copy_mount_options+0xb0/0x120\n\u003e  [\u003cc0539a0e\u003e] ? sys_mount+0x6e/0xa0\n\nHi,\n\nDoes the following patch fix the problem?\n\nCheers\n  Trond\n\n--------------------------\nSUNRPC: Fix a BUG in __rpc_create_common\n\nFrom: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n\nMi Jinlong reports:\n\nWhen testing NFSv4 at RHEL6 with kernel 2.6.32, I got a kernel panic\nat NFS client\u0027s __rpc_create_common function.\n\nThe panic place is:\n  rpc_mkpipe\n      __rpc_lookup_create()          \u003c\u003d\u003d\u003d find pipefile *idmap*\n      __rpc_mkpipe()                 \u003c\u003d\u003d\u003d pipefile is *idmap*\n        __rpc_create_common()\n         ******  BUG_ON(!d_unhashed(dentry)); ****** *panic*\n\nThe test is wrong: we can find ourselves with a hashed negative dentry here\nif the idmapper tried to look up the file before we got round to creating\nit.\n\nJust replace the BUG_ON() with a d_drop(dentry).\n\nReported-by: Mi Jinlong \u003cmijinlong@cn.fujitsu.com\u003e\nSigned-off-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n"
    },
    {
      "commit": "b3bcedadf23264c3b7afcbfbfe1965a17ef1352c",
      "tree": "119c1b242836023b2fca36a7ec7d9642780d2908",
      "parents": [
        "aa69947399a119d7f1b35bbcd62c849839b35449"
      ],
      "author": {
        "name": "Joe Perches",
        "email": "joe@perches.com",
        "time": "Tue Dec 21 10:52:24 2010 -0500"
      },
      "committer": {
        "name": "Trond Myklebust",
        "email": "Trond.Myklebust@netapp.com",
        "time": "Tue Dec 21 11:51:26 2010 -0500"
      },
      "message": "net/sunrpc/clnt.c: Convert sprintf_symbol to %ps\n\nSigned-off-by: Joe Perches \u003cjoe@perches.com\u003e\nSigned-off-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n"
    },
    {
      "commit": "bf2695516db982e90a22fc94f93491b481796bb1",
      "tree": "367bf134ef892bfc3fcd2c4fe676b14102d97467",
      "parents": [
        "9f06c719f474be7003763284a990bed6377bb0d4"
      ],
      "author": {
        "name": "Chuck Lever",
        "email": "chuck.lever@oracle.com",
        "time": "Tue Dec 14 14:59:29 2010 +0000"
      },
      "committer": {
        "name": "Trond Myklebust",
        "email": "Trond.Myklebust@netapp.com",
        "time": "Thu Dec 16 12:37:25 2010 -0500"
      },
      "message": "SUNRPC: New xdr_streams XDR decoder API\n\nNow that all client-side XDR decoder routines use xdr_streams, there\nshould be no need to support the legacy calling sequence [rpc_rqst *,\n__be32 *, RPC res *] anywhere.  We can construct an xdr_stream in the\ngeneric RPC code, instead of in each decoder function.\n\nThis is a refactoring change.  It should not cause different behavior.\n\nSigned-off-by: Chuck Lever \u003cchuck.lever@oracle.com\u003e\nTested-by: J. Bruce Fields \u003cbfields@redhat.com\u003e\nSigned-off-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n"
    },
    {
      "commit": "9f06c719f474be7003763284a990bed6377bb0d4",
      "tree": "409ebc3505f943bfdb933ab0acd76ffb5347b372",
      "parents": [
        "1ac7c23e4af5e83525137661595000099f1ce94f"
      ],
      "author": {
        "name": "Chuck Lever",
        "email": "chuck.lever@oracle.com",
        "time": "Tue Dec 14 14:59:18 2010 +0000"
      },
      "committer": {
        "name": "Trond Myklebust",
        "email": "Trond.Myklebust@netapp.com",
        "time": "Thu Dec 16 12:37:25 2010 -0500"
      },
      "message": "SUNRPC: New xdr_streams XDR encoder API\n\nNow that all client-side XDR encoder routines use xdr_streams, there\nshould be no need to support the legacy calling sequence [rpc_rqst *,\n__be32 *, RPC arg *] anywhere.  We can construct an xdr_stream in the\ngeneric RPC code, instead of in each encoder function.\n\nAlso, all the client-side encoder functions return 0 now, making a\nreturn value superfluous.  Take this opportunity to convert them to\nreturn void instead.\n\nThis is a refactoring change.  It should not cause different behavior.\n\nSigned-off-by: Chuck Lever \u003cchuck.lever@oracle.com\u003e\nTested-by: J. Bruce Fields \u003cbfields@redhat.com\u003e\nSigned-off-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n"
    },
    {
      "commit": "1ac7c23e4af5e83525137661595000099f1ce94f",
      "tree": "36038cc6261b15abee63b6d20641ada06aa5bcd7",
      "parents": [
        "4129ccf303593a1922a934697f99e682ff491504"
      ],
      "author": {
        "name": "Chuck Lever",
        "email": "chuck.lever@oracle.com",
        "time": "Tue Dec 14 14:59:09 2010 +0000"
      },
      "committer": {
        "name": "Trond Myklebust",
        "email": "Trond.Myklebust@netapp.com",
        "time": "Thu Dec 16 12:37:25 2010 -0500"
      },
      "message": "SUNRPC: Determine value of \"nrprocs\" automatically\n\nClean up.\n\nJust fixed a panic where the nrprocs field in a different upper layer\nclient was set by hand incorrectly.  Use the compiler-generated method\nused by the other upper layer protocols.\n\nSigned-off-by: Chuck Lever \u003cchuck.lever@oracle.com\u003e\nSigned-off-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n"
    },
    {
      "commit": "4129ccf303593a1922a934697f99e682ff491504",
      "tree": "e0ad1d8e560b19b8e214f69a2608eccd0f791423",
      "parents": [
        "b43cd8c153f6902100ed50c1f7e11a470c73a73f"
      ],
      "author": {
        "name": "Chuck Lever",
        "email": "chuck.lever@oracle.com",
        "time": "Tue Dec 14 14:58:59 2010 +0000"
      },
      "committer": {
        "name": "Trond Myklebust",
        "email": "Trond.Myklebust@netapp.com",
        "time": "Thu Dec 16 12:37:25 2010 -0500"
      },
      "message": "SUNRPC: Avoid return code checking in rpcbind XDR encoder functions\n\nClean up.\n\nThe trend in the other XDR encoder functions is to BUG() when encoding\nproblems occur, since a problem here is always due to a local coding\nerror.  Then, instead of a status, zero is unconditionally returned.\n\nUpdate the rpcbind XDR encoders to behave this way.\n\nTo finish the update, use the new-style be32_to_cpup() and\ncpu_to_be32() macros, and compute the buffer sizes using raw integers\ninstead of sizeof().  This matches the conventions used in other XDR\nfunctions.\n\nSigned-off-by: Chuck Lever \u003cchuck.lever@oracle.com\u003e\nTested-by: J. Bruce Fields \u003cbfields@redhat.com\u003e\nSigned-off-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n"
    },
    {
      "commit": "b4fe2a03422e6bd20bd8df5e428109a85c9ea961",
      "tree": "b6505c0599251421fef39c9fa0655f255aac9ed6",
      "parents": [
        "85cb7f1264c4d9e60ccdce52740238222e77ccd0",
        "2a27a03d3a891e87ca33d27a858b4db734a4cbab"
      ],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Tue Dec 14 17:33:40 2010 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Tue Dec 14 17:33:40 2010 -0800"
      },
      "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (75 commits)\n  pppoe.c: Fix kernel panic caused by __pppoe_xmit\n  WAN: Fix a TX IRQ causing BUG() in PC300 and PCI200SYN drivers.\n  bnx2x: Advance a version number to 1.60.01-0\n  bnx2x: Fixed a compilation warning\n  bnx2x: LSO code was broken on BE platforms\n  qlge: Fix deadlock when cancelling worker.\n  net: fix skb_defer_rx_timestamp()\n  cxgb4vf: Ingress Queue Entry Size needs to be 64 bytes\n  phy: add the IC+ IP1001 driver\n  atm: correct sysfs \u0027device\u0027 link creation and parent relationships\n  MAINTAINERS: remove me from tulip\n  SCTP: Fix SCTP_SET_PEER_PRIMARY_ADDR to accpet v4mapped address\n  enic: Bug Fix: Pass napi reference to the isr that services receive queue\n  ipv6: fix nl group when advertising a new link\n  connector: add module alias\n  net: Document the kernel_recvmsg() function\n  r8169: Fix runtime power management\n  hso: IP checksuming doesn\u0027t work on GE0301 option cards\n  xfrm: Fix xfrm_state_migrate leak\n  net: Convert netpoll blocking api in bonding driver to be a counter\n  ...\n"
    },
    {
      "commit": "a19faf0250e09b16cac169354126404bc8aa342b",
      "tree": "1d77cd6906181069ef3b5d1508c99c9a02f3e340",
      "parents": [
        "c710245caa41060e983cc9cb5ffcc020e02ca45f"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "eric.dumazet@gmail.com",
        "time": "Sun Dec 05 18:50:32 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Dec 10 16:20:56 2010 -0800"
      },
      "message": "net: fix skb_defer_rx_timestamp()\n\nAfter commit c1f19b51d1d8 (net: support time stamping in phy devices.),\nkernel might crash if CONFIG_NETWORK_PHY_TIMESTAMPING\u003dy and\nskb_defer_rx_timestamp() handles a packet without an ethernet header.\n\nFixes kernel bugzilla #24102\n\nReference: https://bugzilla.kernel.org/show_bug.cgi?id\u003d24102\nReported-and-tested-by: Andrew Watts \u003cakwatts@ymail.com\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "d9ca676bcb26e1fdff9265a3e70f697cd381c889",
      "tree": "72ab0bf8cb22291eb4e1a57329bb8e1df2b7649f",
      "parents": [
        "fb890ae7d615f4b4f5689144b6832230ab2046aa"
      ],
      "author": {
        "name": "Dan Williams",
        "email": "dcbw@redhat.com",
        "time": "Wed Dec 08 19:40:47 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Dec 10 15:45:05 2010 -0800"
      },
      "message": "atm: correct sysfs \u0027device\u0027 link creation and parent relationships\n\nThe ATM subsystem was incorrectly creating the \u0027device\u0027 link for ATM\nnodes in sysfs.  This led to incorrect device/parent relationships\nexposed by sysfs and udev.  Instead of rolling the \u0027device\u0027 link by hand\nin the generic ATM code, pass each ATM driver\u0027s bus device down to the\nsysfs code and let sysfs do this stuff correctly.\n\nSigned-off-by: Dan Williams \u003cdcbw@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "40a010395cd66053f07bffeb3da5e44683bac30e",
      "tree": "f734e8da3145553bd47416d27c33e62435a39e52",
      "parents": [
        "79aeec5822cea63cf732bbc0c9f3337542352616"
      ],
      "author": {
        "name": "Wei Yongjun",
        "email": "yjwei@cn.fujitsu.com",
        "time": "Tue Dec 07 17:11:09 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Dec 10 15:29:49 2010 -0800"
      },
      "message": "SCTP: Fix SCTP_SET_PEER_PRIMARY_ADDR to accpet v4mapped address\n\nSCTP_SET_PEER_PRIMARY_ADDR does not accpet v4mapped address, using\nv4mapped address in SCTP_SET_PEER_PRIMARY_ADDR socket option will\nget -EADDRNOTAVAIL error if v4map is enabled. This patch try to\nfix it by mapping v4mapped address to v4 address if allowed.\n\nSigned-off-by: Wei Yongjun \u003cyjwei@cn.fujitsu.com\u003e\nAcked-by: Vlad Yasevich \u003cvladislav.yasevich@hp.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "e91db5cd6f2203ef2a93ce8770f2728e9107c4f7",
      "tree": "210668b645b5d63cecf6c876c011b2cf3f9a5122",
      "parents": [
        "5f75a1042feca37c0a436ba42a4b1f7f75c35778",
        "0a54917c3fc295cb61f3fb52373c173fd3b69f48"
      ],
      "author": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Dec 10 12:51:02 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Dec 10 12:51:02 2010 -0800"
      },
      "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6\n"
    },
    {
      "commit": "5f75a1042feca37c0a436ba42a4b1f7f75c35778",
      "tree": "6738a8642df1f0f7c18a90368da2d80d33f092a5",
      "parents": [
        "3700c3c2934467d53d443682f020cc5c1f75f1f2"
      ],
      "author": {
        "name": "Nicolas Dichtel",
        "email": "nicolas.dichtel@6wind.com",
        "time": "Tue Dec 07 23:38:31 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Dec 10 12:49:36 2010 -0800"
      },
      "message": "ipv6: fix nl group when advertising a new link\n\nNew idev are advertised with NL group RTNLGRP_IPV6_IFADDR, but\nshould use RTNLGRP_IPV6_IFINFO.\nBug was introduced by commit 8d7a76c9.\n\nSigned-off-by: Wang Xuefu \u003cxuefu.wang@6wind.com\u003e\nSigned-off-by: Nicolas Dichtel \u003cnicolas.dichtel@6wind.com\u003e\nAcked-by: Thomas Graf \u003ctgraf@infradead.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "c1249c0aae4c93a753c70496ab2e9a51430a6f02",
      "tree": "4e2905d99365e3d7cc1a09cd8681b1e7dd31b867",
      "parents": [
        "e4fbce740f078bbc925ba5c86648d9c883968479"
      ],
      "author": {
        "name": "Martin Lucina",
        "email": "mato@kotelna.sk",
        "time": "Fri Dec 10 00:04:05 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Dec 10 11:13:18 2010 -0800"
      },
      "message": "net: Document the kernel_recvmsg() function\n\nSigned-off-by: Martin Lucina \u003cmato@kotelna.sk\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "78347c8c6b2ddf20535bc1b18d749a3bbdea2a60",
      "tree": "2aa2048f11a93c4319b023e938eee387d19c96f4",
      "parents": [
        "fb4fa76a1fa59340154c42d998d700e1f8bf21e0"
      ],
      "author": {
        "name": "Thomas Egerer",
        "email": "thomas.egerer@secunet.com",
        "time": "Mon Dec 06 23:28:56 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Thu Dec 09 20:35:27 2010 -0800"
      },
      "message": "xfrm: Fix xfrm_state_migrate leak\n\nxfrm_state_migrate calls kfree instead of xfrm_state_put to free\na failed state. According to git commit 553f9118 this can cause\nmemory leaks.\n\nSigned-off-by: Thomas Egerer \u003cthomas.egerer@secunet.com\u003e\nSigned-off-by: Steffen Klassert \u003csteffen.klassert@secunet.com\u003e\nAcked-by: Herbert Xu \u003cherbert@gondor.apana.org.au\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "4e085e76cbe558b79b54cbab772f61185879bc64",
      "tree": "d70aa6d1045a2759bfc67b4eafbb0199f5877b1c",
      "parents": [
        "f19872575ff7819a3723154657a497d9bca66b33"
      ],
      "author": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Dec 08 18:42:23 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Dec 08 20:51:15 2010 -0800"
      },
      "message": "econet: Fix crash in aun_incoming().\n\nUnconditional use of skb-\u003edev won\u0027t work here,\ntry to fetch the econet device via skb_dst()-\u003edev\ninstead.\n\nSuggested by Eric Dumazet.\n\nReported-by: Nelson Elhage \u003cnelhage@ksplice.com\u003e\nTested-by: Nelson Elhage \u003cnelhage@ksplice.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "f19872575ff7819a3723154657a497d9bca66b33",
      "tree": "3c84b591c773611a6c4c00589f69a6639e83b8e0",
      "parents": [
        "ad9f4f50fe9288bbe65b7dfd76d8820afac6a24c"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "eric.dumazet@gmail.com",
        "time": "Tue Dec 07 12:20:47 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Dec 08 12:34:09 2010 -0800"
      },
      "message": "tcp: protect sysctl_tcp_cookie_size reads\n\nMake sure sysctl_tcp_cookie_size is read once in\ntcp_cookie_size_check(), or we might return an illegal value to caller\nif sysctl_tcp_cookie_size is changed by another cpu.\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nCc: Ben Hutchings \u003cbhutchings@solarflare.com\u003e\nCc: William Allen Simpson \u003cwilliam.allen.simpson@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "ad9f4f50fe9288bbe65b7dfd76d8820afac6a24c",
      "tree": "f3f3100da8d042607bbbab31c1f8a060ba2b5f15",
      "parents": [
        "c7757fdb41dfcf6add9f8a4576eb85aa5e77a4eb"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "eric.dumazet@gmail.com",
        "time": "Tue Dec 07 12:03:55 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Dec 08 12:34:08 2010 -0800"
      },
      "message": "tcp: avoid a possible divide by zero\n\nsysctl_tcp_tso_win_divisor might be set to zero while one cpu runs in\ntcp_tso_should_defer(). Make sure we dont allow a divide by zero by\nreading sysctl_tcp_tso_win_divisor exactly once.\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "7e2447075690860e2cea96b119fc9cadbaa7e83c",
      "tree": "1bede27944240867d96e0440fbadb254b04368cd",
      "parents": [
        "f933ebed7888a9a7d73ebeeb6bcbb3f710c423b4"
      ],
      "author": {
        "name": "Helmut Schaa",
        "email": "helmut.schaa@googlemail.com",
        "time": "Thu Dec 02 18:44:09 2010 +0100"
      },
      "committer": {
        "name": "John W. Linville",
        "email": "linville@tuxdriver.com",
        "time": "Wed Dec 08 15:23:48 2010 -0500"
      },
      "message": "mac80211: Fix BUG in pskb_expand_head when transmitting shared skbs\n\nmac80211 doesn\u0027t handle shared skbs correctly at the moment. As a result\na possible resize can trigger a BUG in pskb_expand_head.\n\n[  676.030000] Kernel bug detected[#1]:\n[  676.030000] Cpu 0\n[  676.030000] $ 0   : 00000000 00000000 819662ff 00000002\n[  676.030000] $ 4   : 81966200 00000020 00000000 00000020\n[  676.030000] $ 8   : 819662e0 800043c0 00000002 00020000\n[  676.030000] $12   : 3b9aca00 00000000 00000000 00470000\n[  676.030000] $16   : 80ea2000 00000000 00000000 00000000\n[  676.030000] $20   : 818aa200 80ea2018 80ea2000 00000008\n[  676.030000] $24   : 00000002 800ace5c\n[  676.030000] $28   : 8199a000 8199bd20 81938f88 80f180d4\n[  676.030000] Hi    : 0000026e\n[  676.030000] Lo    : 0000757e\n[  676.030000] epc   : 801245e4 pskb_expand_head+0x44/0x1d8\n[  676.030000]     Not tainted\n[  676.030000] ra    : 80f180d4 ieee80211_skb_resize+0xb0/0x114 [mac80211]\n[  676.030000] Status: 1000a403    KERNEL EXL IE\n[  676.030000] Cause : 10800024\n[  676.030000] PrId  : 0001964c (MIPS 24Kc)\n[  676.030000] Modules linked in: mac80211_hwsim rt2800lib rt2x00soc rt2x00pci rt2x00lib mac80211 crc_itu_t crc_ccitt cfg80211 compat arc4 aes_generic deflate ecb cbc [last unloaded: rt2800pci]\n[  676.030000] Process kpktgend_0 (pid: 97, threadinfo\u003d8199a000, task\u003d81879f48, tls\u003d00000000)\n[  676.030000] Stack : ffffffff 00000000 00000000 00000014 00000004 80ea2000 00000000 00000000\n[  676.030000]         818aa200 80f180d4 ffffffff 0000000a 81879f78 81879f48 81879f48 00000018\n[  676.030000]         81966246 80ea2000 818432e0 80f1a420 80203050 81814d98 00000001 81879f48\n[  676.030000]         81879f48 00000018 81966246 818432e0 0000001a 8199bdd4 0000001c 80f1b72c\n[  676.030000]         80203020 8001292c 80ef4aa2 7f10b55d 801ab5b8 81879f48 00000188 80005c90\n[  676.030000]         ...\n[  676.030000] Call Trace:\n[  676.030000] [\u003c801245e4\u003e] pskb_expand_head+0x44/0x1d8\n[  676.030000] [\u003c80f180d4\u003e] ieee80211_skb_resize+0xb0/0x114 [mac80211]\n[  676.030000] [\u003c80f1a420\u003e] ieee80211_xmit+0x150/0x22c [mac80211]\n[  676.030000] [\u003c80f1b72c\u003e] ieee80211_subif_start_xmit+0x6f4/0x73c [mac80211]\n[  676.030000] [\u003c8014361c\u003e] pktgen_thread_worker+0xfac/0x16f8\n[  676.030000] [\u003c8002ebe8\u003e] kthread+0x7c/0x88\n[  676.030000] [\u003c80008e0c\u003e] kernel_thread_helper+0x10/0x18\n[  676.030000]\n[  676.030000]\n[  676.030000] Code: 24020001  10620005  2502001f \u003c0200000d\u003e 0804917a  00000000  2502001f  00441023  00531021\n\nFix this by making a local copy of shared skbs prior to mangeling them.\nTo avoid copying the skb unnecessarily move the skb_copy call below the\nchecks that don\u0027t need write access to the skb.\n\nAlso, move the assignment of nh_pos and h_pos below the skb_copy to point\nto the correct skb.\n\nIt would be possible to avoid another resize of the copied skb by using\nskb_copy_expand instead of skb_copy but that would make the patch more\ncomplex. Also, shared skbs are a corner case right now, so the resize\nshouldn\u0027t matter much.\n\nCc: Johannes Berg \u003cjohannes@sipsolutions.net\u003e\nSigned-off-by: Helmut Schaa \u003chelmut.schaa@googlemail.com\u003e\nCc: stable@kernel.org\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n"
    },
    {
      "commit": "67631510a318d5a930055fe927607f483716e100",
      "tree": "fd98bd3ab939a22188c72d4371c263af2d756192",
      "parents": [
        "171995e5d82dcc92bea37a7d2a2ecc21068a0f19"
      ],
      "author": {
        "name": "Tom Herbert",
        "email": "therbert@google.com",
        "time": "Wed Dec 08 12:16:33 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Dec 08 12:16:33 2010 -0800"
      },
      "message": "tcp: Replace time wait bucket msg by counter\n\nRather than printing the message to the log, use a mib counter to keep\ntrack of the count of occurences of time wait bucket overflow.  Reduces\nspam in logs.\n\nSigned-off-by: Tom Herbert \u003ctherbert@google.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "171995e5d82dcc92bea37a7d2a2ecc21068a0f19",
      "tree": "d0c6d6650a244f4860edff9f9d20ae9ea98dd85f",
      "parents": [
        "408cc293c29ada769ae772420a39961320da1854"
      ],
      "author": {
        "name": "Apollon Oikonomopoulos",
        "email": "apollon@noc.grnet.gr",
        "time": "Tue Dec 07 09:43:30 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Dec 08 12:13:44 2010 -0800"
      },
      "message": "x25: decrement netdev reference counts on unload\n\nx25 does not decrement the network device reference counts on module unload.\nThus unregistering any pre-existing interface after unloading the x25 module\nhangs and results in\n\n unregister_netdevice: waiting for tap0 to become free. Usage count \u003d 1\n\nThis patch decrements the reference counts of all interfaces in x25_link_free,\nthe way it is already done in x25_link_device_down for NETDEV_DOWN events.\n\nSigned-off-by: Apollon Oikonomopoulos \u003capollon@noc.grnet.gr\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "e8d34a884e4ff118920bb57664def8a73b1b784f",
      "tree": "50c6e3f7e576fd6941cc8071ff86c14d26295b8d",
      "parents": [
        "0c62fc6dd02c8d793c75ae76a9b6881fc36388ad"
      ],
      "author": {
        "name": "Michal Marek",
        "email": "mmarek@suse.cz",
        "time": "Mon Dec 06 02:39:12 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Dec 08 12:13:43 2010 -0800"
      },
      "message": "l2tp: Fix modalias of l2tp_ip\n\nUsing the SOCK_DGRAM enum results in\n\"net-pf-2-proto-SOCK_DGRAM-type-115\", so use the numeric value like it\nis done in net/dccp.\n\nSigned-off-by: Michal Marek \u003cmmarek@suse.cz\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "0c62fc6dd02c8d793c75ae76a9b6881fc36388ad",
      "tree": "49dbe734dc75fe318ca83e2eae823fbeae10dc48",
      "parents": [
        "083384755252cde25af187acf1807a0f5edb901f"
      ],
      "author": {
        "name": "Nelson Elhage",
        "email": "nelhage@ksplice.com",
        "time": "Wed Dec 08 10:13:55 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Dec 08 12:13:42 2010 -0800"
      },
      "message": "econet: Do the correct cleanup after an unprivileged SIOCSIFADDR.\n\nWe need to drop the mutex and do a dev_put, so set an error code and break like\nthe other paths, instead of returning directly.\n\nSigned-off-by: Nelson Elhage \u003cnelhage@ksplice.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "35d9b0c906ad92d32a0b8db5daa6fabfcc2f068d",
      "tree": "d9cdc72902f327ff377dd8bedfaeb0a8eead24a5",
      "parents": [
        "75c1c82566f23dd539fb7ccbf57a1caa7ba82628"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "eric.dumazet@gmail.com",
        "time": "Sun Dec 05 02:03:26 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Dec 08 09:58:44 2010 -0800"
      },
      "message": "llc: fix a device refcount imbalance\n\nLe dimanche 05 décembre 2010 à 12:23 +0100, Eric Dumazet a écrit :\n\u003e Le dimanche 05 décembre 2010 à 09:19 +0100, Eric Dumazet a écrit :\n\u003e\n\u003e \u003e Hmm..\n\u003e \u003e\n\u003e \u003e If somebody can explain why RTNL is held in arp_ioctl() (and therefore\n\u003e \u003e in arp_req_delete()), we might first remove RTNL use in arp_ioctl() so\n\u003e \u003e that your patch can be applied.\n\u003e \u003e\n\u003e \u003e Right now it is not good, because RTNL wont be necessarly held when you\n\u003e \u003e are going to call arp_invalidate() ?\n\u003e\n\u003e While doing this analysis, I found a refcount bug in llc, I\u0027ll send a\n\u003e patch for net-2.6\n\nOh well, of course I must first fix the bug in net-2.6, and wait David\npull the fix in net-next-2.6 before sending this rcu conversion.\n\nNote: this patch should be sent to stable teams (2.6.34 and up)\n\n[PATCH net-2.6] llc: fix a device refcount imbalance\n\ncommit abf9d537fea225 (llc: add support for SO_BINDTODEVICE) added one\nrefcount imbalance in llc_ui_bind(), because dev_getbyhwaddr() doesnt\ntake a reference on device, while dev_get_by_index() does.\n\nFix this using RCU locking. And since an RCU conversion will be done for\n2.6.38 for dev_getbyhwaddr(), put the rcu_read_lock/unlock exactly at\ntheir final place.\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nCc: stable@kernel.org\nCc: Octavian Purdila \u003copurdila@ixiacom.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "b1afde60f2b9ee8444fba4e012dc99a3b28d224d",
      "tree": "b1c37e988a51f9823471a5d6ac83023ed4f06197",
      "parents": [
        "ce9aeb583a1071304d0e4ab8db600bfc8a6a1b44"
      ],
      "author": {
        "name": "Nandita Dukkipati",
        "email": "nanditad@google.com",
        "time": "Fri Dec 03 13:33:44 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Dec 08 09:38:37 2010 -0800"
      },
      "message": "tcp: Bug fix in initialization of receive window.\n\nThe bug has to do with boundary checks on the initial receive window.\nIf the initial receive window falls between init_cwnd and the\nreceive window specified by the user, the initial window is incorrectly\nbrought down to init_cwnd. The correct behavior is to allow it to\nremain unchanged.\n\nSigned-off-by: Nandita Dukkipati \u003cnanditad@google.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "4f58605e6b7ae30a0d048af6a868582768e6754c",
      "tree": "2b72e81761c7874b48825267958e58823e05b592",
      "parents": [
        "b8eb3a1046f68a5b8f284830d971c62688cd606b",
        "d89197c7f34934fbb0f96d938a0d6cfe0b8bcb1c"
      ],
      "author": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Dec 08 08:13:01 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Dec 08 08:13:01 2010 -0800"
      },
      "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6\n"
    },
    {
      "commit": "ed2849d3ecfa339435818eeff28f6c3424300cec",
      "tree": "2fbef743779156c2c96afecd8311ff8488a90121",
      "parents": [
        "cf7d7e5a1980d1116ee152d25dac382b112b9c17"
      ],
      "author": {
        "name": "NeilBrown",
        "email": "neilb@suse.de",
        "time": "Tue Nov 16 16:55:19 2010 +1100"
      },
      "committer": {
        "name": "J. Bruce Fields",
        "email": "bfields@redhat.com",
        "time": "Tue Dec 07 20:39:55 2010 -0500"
      },
      "message": "sunrpc: prevent use-after-free on clearing XPT_BUSY\n\nWhen an xprt is created, it has a refcount of 1, and XPT_BUSY is set.\nThe refcount is *not* owned by the thread that created the xprt\n(as is clear from the fact that creators never put the reference).\nRather, it is owned by the absence of XPT_DEAD.  Once XPT_DEAD is set,\n(And XPT_BUSY is clear) that initial reference is dropped and the xprt\ncan be freed.\n\nSo when a creator clears XPT_BUSY it is dropping its only reference and\nso must not touch the xprt again.\n\nHowever svc_recv, after calling -\u003expo_accept (and so getting an XPT_BUSY\nreference on a new xprt), calls svc_xprt_recieved.  This clears\nXPT_BUSY and then svc_xprt_enqueue - this last without owning a reference.\nThis is dangerous and has been seen to leave svc_xprt_enqueue working\nwith an xprt containing garbage.\n\nSo we need to hold an extra counted reference over that call to\nsvc_xprt_received.\n\nFor safety, any time we clear XPT_BUSY and then use the xprt again, we\nfirst get a reference, and the put it again afterwards.\n\nNote that svc_close_all does not need this extra protection as there are\nno threads running, and the final free can only be called asynchronously\nfrom such a thread.\n\nSigned-off-by: NeilBrown \u003cneilb@suse.de\u003e\nCc: stable@kernel.org\nSigned-off-by: J. Bruce Fields \u003cbfields@redhat.com\u003e\n"
    },
    {
      "commit": "46bcf14f44d8f31ecfdc8b6708ec15a3b33316d9",
      "tree": "4d2a200387242e1ed2d95ccd367c77750379e8cc",
      "parents": [
        "e7dfc8dbdf9a7fa1ef04c63100a71f4102b82ed3"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "eric.dumazet@gmail.com",
        "time": "Mon Dec 06 09:29:43 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Mon Dec 06 09:29:43 2010 -0800"
      },
      "message": "filter: fix sk_filter rcu handling\n\nPavel Emelyanov tried to fix a race between sk_filter_(de|at)tach and\nsk_clone() in commit 47e958eac280c263397\n\nProblem is we can have several clones sharing a common sk_filter, and\nthese clones might want to sk_filter_attach() their own filters at the\nsame time, and can overwrite old_filter-\u003ercu, corrupting RCU queues.\n\nWe can not use filter-\u003ercu without being sure no other thread could do\nthe same thing.\n\nSwitch code to a more conventional ref-counting technique : Do the\natomic decrement immediately and queue one rcu call back when last\nreference is released.\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "0bae35e14b68f5e7075bc96e5ea608b42bdf8f59",
      "tree": "c7aaf04160c9278d2d4f9466980dfca501258442",
      "parents": [
        "e172662d113ceb22db727a979bb35b9c02f703b5"
      ],
      "author": {
        "name": "Johannes Berg",
        "email": "johannes.berg@intel.com",
        "time": "Thu Dec 02 14:31:14 2010 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Thu Dec 02 14:51:15 2010 -0800"
      },
      "message": "leds: fix up dependencies\n\nIt\u0027s not useful to build LED triggers when there\u0027s no LEDs that can be\ntriggered by them.  Therefore, fix up the dependencies so that this\ncannot happen, and fix a few users that select triggers to depend on\nLEDS_CLASS as well (there is also one user that also selects LEDS_CLASS,\nwhich is OK).\n\nSigned-off-by: Johannes Berg \u003cjohannes.berg@intel.com\u003e\nReported-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nAcked-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nTested-by: Ingo Molnar \u003cmingo@elte.hu\u003e\nCc: Arnd Hannemann \u003carnd@arndnet.de\u003e\nCc: Michal Hocko \u003cmhocko@suse.cz\u003e\nCc: Richard Purdie \u003crpurdie@linux.intel.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n"
    },
    {
      "commit": "1937721f5637b53c794124cf4fd9edad0eb315ef",
      "tree": "011689400fe1b751ad59a54f30158c713f9a64dd",
      "parents": [
        "916448e77f6bcaaa7f13c3de0c3851783ae2bfd0",
        "be93112accb42c5586a459683d71975cc70673ca"
      ],
      "author": {
        "name": "John W. Linville",
        "email": "linville@tuxdriver.com",
        "time": "Thu Dec 02 14:00:51 2010 -0500"
      },
      "committer": {
        "name": "John W. Linville",
        "email": "linville@tuxdriver.com",
        "time": "Thu Dec 02 14:00:51 2010 -0500"
      },
      "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/padovan/bluetooth-2.6\n"
    },
    {
      "commit": "6dcdd1b3694a4fa2b85167a9c860c7613a7553c7",
      "tree": "4a0d21dbaf8d502c2b91777457065a9131b1eb9b",
      "parents": [
        "d13a2cb63d06fe2e3067c7d40f9a5946abd614c8"
      ],
      "author": {
        "name": "David McCullough",
        "email": "david_mccullough@mcafee.com",
        "time": "Mon Nov 29 19:32:34 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Dec 01 13:19:34 2010 -0800"
      },
      "message": "net/ipv6/sit.c: return unhandled skb to tunnel4_rcv\n\nI found a problem using an IPv6 over IPv4 tunnel.  When CONFIG_IPV6_SIT\nwas enabled, the packets would be rejected as net/ipv6/sit.c was catching\nall IPPROTO_IPV6 packets and returning an ICMP port unreachable error.\n\nI think this patch fixes the problem cleanly.  I believe the code in\nnet/ipv4/tunnel4.c:tunnel4_rcv takes care of it properly if none of the\nhandlers claim the skb.\n\nSigned-off-by: David McCullough \u003cdavid_mccullough@mcafee.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "381601e5bbae78d7c18d946fe874a63957edea13",
      "tree": "2aa2fa29329265ea781001a8e4365977d6caa322",
      "parents": [
        "25888e30319f8896fc656fc68643e6a078263060"
      ],
      "author": {
        "name": "Anders Franzen",
        "email": "Anders.Franzen@ericsson.com",
        "time": "Wed Nov 24 05:47:18 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Dec 01 10:55:47 2010 -0800"
      },
      "message": "Make the ip6_tunnel reflect the true mtu.\n\nThe ip6_tunnel always assumes it consumes 40 bytes (ip6 hdr) of the mtu of the\nunderlaying device. So for a normal ethernet bearer, the mtu of the ip6_tunnel is\n1460.\nHowever, when creating a tunnel the encap limit option is enabled by default, and it\nconsumes 8 bytes more, so the true mtu shall be 1452.\n\nI dont really know if this breaks some statement in some RFC, so this is a request for\ncomments.\n\nSigned-off-by: Anders Franzen \u003canders.franzen@ericsson.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "8e26d5ad2f9c038609d42eebc676cd1107709eef",
      "tree": "64faf31c3f8dcc4000b06c21a6df147f2f522d18",
      "parents": [
        "2c31333a8fde7e26936a9f5371d02ff12c490993"
      ],
      "author": {
        "name": "Senthil Balasubramanian",
        "email": "senthilkumar@atheros.com",
        "time": "Tue Nov 30 20:15:38 2010 +0530"
      },
      "committer": {
        "name": "John W. Linville",
        "email": "linville@tuxdriver.com",
        "time": "Tue Nov 30 13:45:02 2010 -0500"
      },
      "message": "mac80211: Fix STA disconnect due to MIC failure\n\nTh commit titled \"mac80211: clean up rx handling wrt. found_sta\"\nremoved found_sta variable which caused a MIC failure event\nto be reported twice for a single failure to supplicant resulted\nin STA disconnect.\n\nThis should fix WPA specific countermeasures WiFi test case (5.2.17)\nissues with mac80211 based drivers which report MIC failure events in\nrx status.\n\nCc: Stable \u003cstable@kernel.org\u003e (2.6.37)\nSigned-off-by: Senthil Balasubramanian \u003csenthilkumar@atheros.com\u003e\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n"
    },
    {
      "commit": "2c31333a8fde7e26936a9f5371d02ff12c490993",
      "tree": "75bb0fc716caa240e7afc0245da0b5089bd3e420",
      "parents": [
        "cf63495d0dbe435b475a44672f5dee150da6471b"
      ],
      "author": {
        "name": "Christian Lamparter",
        "email": "chunkeey@googlemail.com",
        "time": "Mon Nov 29 20:53:23 2010 +0100"
      },
      "committer": {
        "name": "John W. Linville",
        "email": "linville@tuxdriver.com",
        "time": "Tue Nov 30 13:23:06 2010 -0500"
      },
      "message": "mac80211: ignore non-bcast mcast deauth/disassoc franes\n\nThis patch fixes an curious issue due to insufficient\nrx frame filtering.\n\nSaqeb Akhter reported frequent disconnects while streaming\nvideos over samba: \u003chttp://marc.info/?m\u003d128600031109136\u003e\n\u003e [ 1166.512087] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7)\n\u003e [ 1526.059997] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7)\n\u003e [ 2125.324356] wlan1: deauthenticated from 30:46:9a:10:49:f7 (Reason: 7)\n\u003e [...]\n\nThe reason is that the device generates frames with slightly\nbogus SA/TA addresses.\n\ne.g.:\n [ 2314.402316] Ignore 9f:1f:31:f8:64:ff\n [ 2314.402321] Ignore 9f:1f:31:f8:64:ff\n [ 2352.453804] Ignore 0d:1f:31:f8:64:ff\n [ 2352.453808] Ignore 0d:1f:31:f8:64:ff\n \t\t\t\t\t   ^^ the group-address flag is set!\n (the correct SA/TA would be: 00:1f:31:f8:64:ff)\n\nSince the AP does not know from where the frames come, it\ngenerates a DEAUTH response for the (invalid) mcast address.\nThis mcast deauth frame then passes through all filters and\ntricks the stack into thinking that the AP brutally kicked\nus!\n\nThis patch fixes the problem by simply ignoring\nnon-broadcast, group-addressed deauth/disassoc frames.\n\nCc: Jouni Malinen \u003cj@w1.fi\u003e\nCc: Johannes Berg \u003cjohannes@sipsolutions.net\u003e\nReported-by: Saqeb Akhter \u003csaqeb.akhter@gmail.com\u003e\nSigned-off-by: Christian Lamparter \u003cchunkeey@googlemail.com\u003e\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n"
    },
    {
      "commit": "a01af8e4a4ee1135598f157051959982418c38f8",
      "tree": "76c78a7cbd02204afbe7404880dfbf312ebd51a5",
      "parents": [
        "a9735c81a43054a7e8cb8771c8e04c01fcacde10",
        "25888e30319f8896fc656fc68643e6a078263060"
      ],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Mon Nov 29 14:36:33 2010 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Mon Nov 29 14:36:33 2010 -0800"
      },
      "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (27 commits)\n  af_unix: limit recursion level\n  pch_gbe driver: The wrong of initializer entry\n  pch_gbe dreiver: chang author\n  ucc_geth: fix ucc halt problem in half duplex mode\n  inet: Fix __inet_inherit_port() to correctly increment bsockets and num_owners\n  ehea: Add some info messages and fix an issue\n  hso: fix disable_net\n  NET: wan/x25_asy, move lapb_unregister to x25_asy_close_tty\n  cxgb4vf: fix setting unicast/multicast addresses ...\n  net, ppp: Report correct error code if unit allocation failed\n  DECnet: don\u0027t leak uninitialized stack byte\n  au1000_eth: fix invalid address accessing the MAC enable register\n  dccp: fix error in updating the GAR\n  tcp: restrict net.ipv4.tcp_adv_win_scale (#20312)\n  netns: Don\u0027t leak others\u0027 openreq-s in proc\n  Net: ceph: Makefile: Remove unnessary code\n  vhost/net: fix rcu check usage\n  econet: fix CVE-2010-3848\n  econet: fix CVE-2010-3850\n  econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849\n  ...\n"
    },
    {
      "commit": "7dff3125534c1d035a910052335a3a39fbb31aa7",
      "tree": "533142aacfc3d49067449173fb006225f41bc459",
      "parents": [
        "46047784b8cdcfc916f6c1cccee0c18dd1223dfd"
      ],
      "author": {
        "name": "Jouni Malinen",
        "email": "jouni.malinen@atheros.com",
        "time": "Fri Nov 26 20:41:55 2010 +0200"
      },
      "committer": {
        "name": "John W. Linville",
        "email": "linville@tuxdriver.com",
        "time": "Mon Nov 29 14:41:28 2010 -0500"
      },
      "message": "mac80211: Fix frame injection using non-AP vif\n\nIn order for frame injection to work properly for some use cases\n(e.g., finding the station entry and keys for encryption), mac80211\nneeds to find the correct sdata entry. This works when the main vif\nis in AP mode, but commit a2c1e3dad516618cb0fbfb1a62c36d0b0744573a\nbroke this particular use case for station main vif. While this type of\ninjection is quite unusual operation, it has some uses and we should fix\nit. Do this by changing the monitor vif sdata selection to allow station\nvif to be selected instead of limiting it to just AP vifs. We still need\nto skip some iftypes to avoid selecting unsuitable vif for injection.\n\nSigned-off-by: Jouni Malinen \u003cjouni.malinen@atheros.com\u003e\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n"
    },
    {
      "commit": "25888e30319f8896fc656fc68643e6a078263060",
      "tree": "ae484d38b1250da885d3939dd9a97e667fbc871d",
      "parents": [
        "50a4205333c5e545551f1f82b3004ca635407c5c"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "eric.dumazet@gmail.com",
        "time": "Thu Nov 25 04:11:39 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Mon Nov 29 09:45:15 2010 -0800"
      },
      "message": "af_unix: limit recursion level\n\nIts easy to eat all kernel memory and trigger NMI watchdog, using an\nexploit program that queues unix sockets on top of others.\n\nlkml ref : http://lkml.org/lkml/2010/11/25/8\n\nThis mechanism is used in applications, one choice we have is to have a\nrecursion limit.\n\nOther limits might be needed as well (if we queue other types of files),\nsince the passfd mechanism is currently limited by socket receive queue\nsizes only.\n\nAdd a recursion_level to unix socket, allowing up to 4 levels.\n\nEach time we send an unix socket through sendfd mechanism, we copy its\nrecursion level (plus one) to receiver. This recursion level is cleared\nwhen socket receive queue is emptied.\n\nReported-by: Марк Коренберг \u003csocketpair@gmail.com\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "b4ff3c90e6066bacc8a92111752fe9e4f4c45cca",
      "tree": "b64a78c4a7950e6b43c3e882dfc6dbe3a88aa2ea",
      "parents": [
        "5c7e57f7cddb83d81d83fefa5822dfe80891130e"
      ],
      "author": {
        "name": "Nagendra Tomar",
        "email": "tomer_iisc@yahoo.com",
        "time": "Fri Nov 26 14:26:27 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Sun Nov 28 18:18:44 2010 -0800"
      },
      "message": "inet: Fix __inet_inherit_port() to correctly increment bsockets and num_owners\n\ninet sockets corresponding to passive connections are added to the bind hash\nusing ___inet_inherit_port(). These sockets are later removed from the bind\nhash using __inet_put_port(). These two functions are not exactly symmetrical.\n__inet_put_port() decrements hashinfo-\u003ebsockets and tb-\u003enum_owners, whereas\n___inet_inherit_port() does not increment them. This results in both of these\ngoing to -ve values.\n\nThis patch fixes this by calling inet_bind_hash() from ___inet_inherit_port(),\nwhich does the right thing.\n\n\u0027bsockets\u0027 and \u0027num_owners\u0027 were introduced by commit a9d8f9110d7e953c\n(inet: Allowing more than 64k connections and heavily optimize bind(0))\n\nSigned-off-by: Nagendra Singh Tomar \u003ctomer_iisc@yahoo.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nAcked-by: Evgeniy Polyakov \u003czbr@ioremap.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "3c6f27bf33052ea6ba9d82369fb460726fb779c0",
      "tree": "0159223767a5edaaad3133df1bc4f061da0723a0",
      "parents": [
        "462ca99c2ff6caae94dde5c05b56b54f6c01602a"
      ],
      "author": {
        "name": "Dan Rosenberg",
        "email": "drosenberg@vsecurity.com",
        "time": "Tue Nov 23 11:02:13 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Sun Nov 28 11:32:30 2010 -0800"
      },
      "message": "DECnet: don\u0027t leak uninitialized stack byte\n\nA single uninitialized padding byte is leaked to userspace.\n\nSigned-off-by: Dan Rosenberg \u003cdrosenberg@vsecurity.com\u003e\nCC: stable \u003cstable@kernel.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "0ac78870220b6e0ac74dd9292bcfa7b18718babd",
      "tree": "19b0359b9a805857acf9ab713afd4e485e4da692",
      "parents": [
        "a301e1703edc088592f8c5c16f9bdd34a0792776"
      ],
      "author": {
        "name": "Gerrit Renker",
        "email": "gerrit@erg.abdn.ac.uk",
        "time": "Tue Nov 23 02:36:56 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Sun Nov 28 11:29:27 2010 -0800"
      },
      "message": "dccp: fix error in updating the GAR\n\nThis fixes a bug in updating the Greatest Acknowledgment number Received (GAR):\nthe current implementation does not track the greatest received value -\nlower values in the range AWL..AWH (RFC 4340, 7.5.1) erase higher ones.\n\nSigned-off-by: Gerrit Renker \u003cgerrit@erg.abdn.ac.uk\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "0147fc058d11bd4009b126d09974d2c8f48fef15",
      "tree": "f73f0e82f7774938dd7190c6a810e0ccb2466f2b",
      "parents": [
        "8475ef9fd16cadbfc692f78e608d1941a340beb2"
      ],
      "author": {
        "name": "Alexey Dobriyan",
        "email": "adobriyan@gmail.com",
        "time": "Mon Nov 22 12:54:21 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Sun Nov 28 10:39:45 2010 -0800"
      },
      "message": "tcp: restrict net.ipv4.tcp_adv_win_scale (#20312)\n\ntcp_win_from_space() does the following:\n\n      if (sysctl_tcp_adv_win_scale \u003c\u003d 0)\n              return space \u003e\u003e (-sysctl_tcp_adv_win_scale);\n      else\n              return space - (space \u003e\u003e sysctl_tcp_adv_win_scale);\n\n\"space\" is int.\n\nAs per C99 6.5.7 (3) shifting int for 32 or more bits is\nundefined behaviour.\n\nIndeed, if sysctl_tcp_adv_win_scale is exactly 32,\nspace \u003e\u003e 32 equals space and function returns 0.\n\nWhich means we busyloop in tcp_fixup_rcvbuf().\n\nRestrict net.ipv4.tcp_adv_win_scale to [-31, 31].\n\nFix https://bugzilla.kernel.org/show_bug.cgi?id\u003d20312\n\nSteps to reproduce:\n\n      echo 32 \u003e/proc/sys/net/ipv4/tcp_adv_win_scale\n      wget www.kernel.org\n      [softlockup]\n\nSigned-off-by: Alexey Dobriyan \u003cadobriyan@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "8475ef9fd16cadbfc692f78e608d1941a340beb2",
      "tree": "6e582cc6eed642094c87fd1075bc0d7eade41602",
      "parents": [
        "4cb6a614ba0e58cae8abdadbf73bcb4d37a3f599"
      ],
      "author": {
        "name": "Pavel Emelyanov",
        "email": "xemul@parallels.com",
        "time": "Mon Nov 22 03:26:12 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Sat Nov 27 22:57:48 2010 -0800"
      },
      "message": "netns: Don\u0027t leak others\u0027 openreq-s in proc\n\nThe /proc/net/tcp leaks openreq sockets from other namespaces.\n\nSigned-off-by: Pavel Emelyanov \u003cxemul@parallels.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "4cb6a614ba0e58cae8abdadbf73bcb4d37a3f599",
      "tree": "09198ec9e4bbb9c751246d38db87da970a7740aa",
      "parents": [
        "a27e13d370415add3487949c60810e36069a23a6"
      ],
      "author": {
        "name": "Tracey Dent",
        "email": "tdent48227@gmail.com",
        "time": "Sun Nov 21 15:23:50 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Sat Nov 27 17:39:29 2010 -0800"
      },
      "message": "Net: ceph: Makefile: Remove unnessary code\n\nRemove the if and else conditional because the code is in mainline and there\nis no need in it being there.\n\nSigned-off-by: Tracey Dent \u003ctdent48227@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "19650e8580987c0ffabc2fe2cbc16b944789df8b",
      "tree": "cf0cfb390a128e3b2d47daa46f59de0a62a8ff04",
      "parents": [
        "1eb4c6362cb7d6a2f904c555c10dc45caeeefc31",
        "0b26a0bf6ff398185546432420bb772bcfdf8d94"
      ],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Sat Nov 27 07:30:30 2010 +0900"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Sat Nov 27 07:30:30 2010 +0900"
      },
      "message": "Merge branch \u0027bugfixes\u0027 of git://git.linux-nfs.org/projects/trondmy/nfs-2.6\n\n* \u0027bugfixes\u0027 of git://git.linux-nfs.org/projects/trondmy/nfs-2.6:\n  NFS: Ensure we return the dirent-\u003ed_type when it is known\n  NFS: Correct the array bound calculation in nfs_readdir_add_to_array\n  NFS: Don\u0027t ignore errors from nfs_do_filldir()\n  NFS: Fix the error handling in \"uncached_readdir()\"\n  NFS: Fix a page leak in uncached_readdir()\n  NFS: Fix a page leak in nfs_do_filldir()\n  NFS: Assume eof if the server returns no readdir records\n  NFS: Buffer overflow in -\u003edecode_dirent() should not be fatal\n  Pure nfs client performance using odirect.\n  SUNRPC: Fix an infinite loop in call_refresh/call_refreshresult\n"
    },
    {
      "commit": "a27e13d370415add3487949c60810e36069a23a6",
      "tree": "072e0ba8e2d629c55be4ef6fa5ae318e2a351e2f",
      "parents": [
        "16c41745c7b92a243d0874f534c1655196c64b74"
      ],
      "author": {
        "name": "Phil Blundell",
        "email": "philb@gnu.org",
        "time": "Wed Nov 24 11:51:47 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Nov 24 11:51:47 2010 -0800"
      },
      "message": "econet: fix CVE-2010-3848\n\nDon\u0027t declare variable sized array of iovecs on the stack since this\ncould cause stack overflow if msg-\u003emsgiovlen is large.  Instead, coalesce\nthe user-supplied data into a new buffer and use a single iovec for it.\n\nSigned-off-by: Phil Blundell \u003cphilb@gnu.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "16c41745c7b92a243d0874f534c1655196c64b74",
      "tree": "f30468ec3c9beb4d375ca1b0350c934e07d3b54f",
      "parents": [
        "fa0e846494792e722d817b9d3d625a4ef4896c96"
      ],
      "author": {
        "name": "Phil Blundell",
        "email": "philb@gnu.org",
        "time": "Wed Nov 24 11:49:53 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Nov 24 11:49:53 2010 -0800"
      },
      "message": "econet: fix CVE-2010-3850\n\nAdd missing check for capable(CAP_NET_ADMIN) in SIOCSIFADDR operation.\n\nSigned-off-by: Phil Blundell \u003cphilb@gnu.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "fa0e846494792e722d817b9d3d625a4ef4896c96",
      "tree": "0e842037f9f48fe0974fe854f7f2d13b69f23c7f",
      "parents": [
        "c39508d6f118308355468314ff414644115a07f3"
      ],
      "author": {
        "name": "Phil Blundell",
        "email": "philb@gnu.org",
        "time": "Wed Nov 24 11:49:19 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Nov 24 11:49:19 2010 -0800"
      },
      "message": "econet: disallow NULL remote addr for sendmsg(), fixes CVE-2010-3849\n\nLater parts of econet_sendmsg() rely on saddr !\u003d NULL, so return early\nwith EINVAL if NULL was passed otherwise an oops may occur.\n\nSigned-off-by: Phil Blundell \u003cphilb@gnu.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "c39508d6f118308355468314ff414644115a07f3",
      "tree": "c69cfd271855fa4b81398f9ddcb3dc286489d71a",
      "parents": [
        "4448008eb12f4b6bb9993584de8ec1d20b708d6f"
      ],
      "author": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Nov 24 11:47:22 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Nov 24 11:47:22 2010 -0800"
      },
      "message": "tcp: Make TCP_MAXSEG minimum more correct.\n\nUse TCP_MIN_MSS instead of constant 64.\n\nReported-by: Min Zhang \u003cmzhang@mvista.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "9915672d41273f5b77f1b3c29b391ffb7732b84b",
      "tree": "191dbf657535e49265be7664755890630e69e329",
      "parents": [
        "cf41a51db89850033efc11c18a5257de810b5417"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "eric.dumazet@gmail.com",
        "time": "Wed Nov 24 09:15:27 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Nov 24 09:15:27 2010 -0800"
      },
      "message": "af_unix: limit unix_tot_inflight\n\nVegard Nossum found a unix socket OOM was possible, posting an exploit\nprogram.\n\nMy analysis is we can eat all LOWMEM memory before unix_gc() being\ncalled from unix_release_sock(). Moreover, the thread blocked in\nunix_gc() can consume huge amount of time to perform cleanup because of\nhuge working set.\n\nOne way to handle this is to have a sensible limit on unix_tot_inflight,\ntested from wait_for_unix_gc() and to force a call to unix_gc() if this\nlimit is hit.\n\nThis solves the OOM and also reduce overall latencies, and should not\nslowdown normal workloads.\n\nReported-by: Vegard Nossum \u003cvegard.nossum@gmail.com\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "3cbaa0f7a78d3b970b566629ee298c310780b919",
      "tree": "5b392ab5d59cfd87d7a6869ab6681a63d14e7d04",
      "parents": [
        "e94571653876922bbc247c8ef13c0b7839c3e503",
        "cf41a51db89850033efc11c18a5257de810b5417"
      ],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Wed Nov 24 08:22:34 2010 +0900"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Wed Nov 24 08:22:34 2010 +0900"
      },
      "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:\n  of/phylib: Use device tree properties to initialize Marvell PHYs.\n  phylib: Add support for Marvell 88E1149R devices.\n  phylib: Use common page register definition for Marvell PHYs.\n  qlge: Fix incorrect usage of module parameters and netdev msg level\n  ipv6: fix missing in6_ifa_put in addrconf\n  SuperH IrDA: correct Baud rate error correction\n  atl1c: Fix hardware type check for enabling OTP CLK\n  net: allow GFP_HIGHMEM in __vmalloc()\n  bonding: change list contact to netdev@vger.kernel.org\n  e1000: fix screaming IRQ\n"
    },
    {
      "commit": "c89ad7372232b69fd37edf90d6f5d2a8d6381214",
      "tree": "fa62412e8663f2e1e7288d649f3d96d84c4d68bb",
      "parents": [
        "7379efeacb707f49729080791a7a562d8996aec4"
      ],
      "author": {
        "name": "Gustavo F. Padovan",
        "email": "padovan@profusion.mobi",
        "time": "Mon Nov 01 19:08:50 2010 +0000"
      },
      "committer": {
        "name": "Gustavo F. Padovan",
        "email": "padovan@profusion.mobi",
        "time": "Mon Nov 22 18:23:18 2010 -0200"
      },
      "message": "Bluetooth: Fix not returning proper error in SCO\n\nReturn 0 in that situation could lead to errors in the caller.\n\nSigned-off-by: Gustavo F. Padovan \u003cpadovan@profusion.mobi\u003e\n"
    },
    {
      "commit": "5fc43978a79e8021c189660ab63249fd29c5fb32",
      "tree": "cac3a18f6bc6c5b91e5c2592c2d7b0ad459db50e",
      "parents": [
        "3561d43fd289f590fdae672e5eb831b8d5cf0bf6"
      ],
      "author": {
        "name": "Trond Myklebust",
        "email": "Trond.Myklebust@netapp.com",
        "time": "Sat Nov 20 11:13:31 2010 -0500"
      },
      "committer": {
        "name": "Trond Myklebust",
        "email": "Trond.Myklebust@netapp.com",
        "time": "Mon Nov 22 13:22:39 2010 -0500"
      },
      "message": "SUNRPC: Fix an infinite loop in call_refresh/call_refreshresult\n\nIf the rpcauth_refreshcred() call returns an error other than\nEACCES, ENOMEM or ETIMEDOUT, we currently end up looping forever\nbetween call_refresh and call_refreshresult.\n\nThe correct thing to do here is to exit on all errors except\nEAGAIN and ETIMEDOUT, for which case we retry 3 times, then\nreturn EACCES.\n\nSigned-off-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n"
    },
    {
      "commit": "88b2a9a3d98a19496d64aadda7158c0ad51cbe7d",
      "tree": "6e2fef13c006956efb6f592356d1c06874baf34c",
      "parents": [
        "ddab1a3b30452bf6d2a2780dbb5fd962a85bec48"
      ],
      "author": {
        "name": "John Fastabend",
        "email": "john.r.fastabend@intel.com",
        "time": "Mon Nov 15 20:29:21 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Mon Nov 22 07:37:36 2010 -0800"
      },
      "message": "ipv6: fix missing in6_ifa_put in addrconf\n\nFix ref count bug introduced by\n\ncommit 2de795707294972f6c34bae9de713e502c431296\nAuthor: Lorenzo Colitti \u003clorenzo@google.com\u003e\nDate:   Wed Oct 27 18:16:49 2010 +0000\n\nipv6: addrconf: don\u0027t remove address state on ifdown if the address\nis being kept\n\nFix logic so that addrconf_ifdown() decrements the inet6_ifaddr\nrefcnt correctly with in6_ifa_put().\n\nReported-by: Stephen Hemminger \u003cshemminger@vyatta.com\u003e\nSigned-off-by: John Fastabend \u003cjohn.r.fastabend@intel.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "7a1c8e5ab120a5f352e78bbc1fa5bb64e6f23639",
      "tree": "9c9b81e173c59d4be5590be5101c405457acab83",
      "parents": [
        "a6c36ee677607b02d8ecc88e8a12785418b88107"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "eric.dumazet@gmail.com",
        "time": "Sat Nov 20 07:46:35 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Sun Nov 21 10:04:04 2010 -0800"
      },
      "message": "net: allow GFP_HIGHMEM in __vmalloc()\n\nWe forgot to use __GFP_HIGHMEM in several __vmalloc() calls.\n\nIn ceph, add the missing flag.\n\nIn fib_trie.c, xfrm_hash.c and request_sock.c, using vzalloc() is\ncleaner and allows using HIGHMEM pages as well.\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "76db8ac45fc738f7d7664fe9b56d15c594a45228",
      "tree": "eca23feab074d505b375e27714473f4ad337bd85",
      "parents": [
        "caf8394524fdc039b090cd3af99157e9e76f4f06",
        "3105c19c450ac7c18ab28c19d364b588767261b3"
      ],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Fri Nov 19 15:32:22 2010 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Fri Nov 19 15:32:22 2010 -0800"
      },
      "message": "Merge branch \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client\n\n* \u0027for-linus\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:\n  ceph: fix readdir EOVERFLOW on 32-bit archs\n  ceph: fix frag offset for non-leftmost frags\n  ceph: fix dangling pointer\n  ceph: explicitly specify page alignment in network messages\n  ceph: make page alignment explicit in osd interface\n  ceph: fix comment, remove extraneous args\n  ceph: fix update of ctime from MDS\n  ceph: fix version check on racing inode updates\n  ceph: fix uid/gid on resent mds requests\n  ceph: fix rdcache_gen usage and invalidate\n  ceph: re-request max_size if cap auth changes\n  ceph: only let auth caps update max_size\n  ceph: fix open for write on clustered mds\n  ceph: fix bad pointer dereference in ceph_fill_trace\n  ceph: fix small seq message skipping\n  Revert \"ceph: update issue_seq on cap grant\"\n"
    },
    {
      "commit": "caf8394524fdc039b090cd3af99157e9e76f4f06",
      "tree": "c58af82b15459a55a66bfae3a9d83a23c2d2c62c",
      "parents": [
        "6656b3fc8aba2eb7ca00c06c7fe4917938b0b652",
        "0302b8622ce696af1cda22fcf207d3793350e896"
      ],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Fri Nov 19 15:25:59 2010 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Fri Nov 19 15:25:59 2010 -0800"
      },
      "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (31 commits)\n  net: fix kernel-doc for sk_filter_rcu_release\n  be2net: Fix to avoid firmware update when interface is not open.\n  netfilter: fix IP_VS dependencies\n  net: irda: irttp: sync error paths of data- and udata-requests\n  ipv6: Expose reachable and retrans timer values as msecs\n  ipv6: Expose IFLA_PROTINFO timer values in msecs instead of jiffies\n  3c59x: fix build failure on !CONFIG_PCI\n  ipg.c: remove id [SUNDANCE, 0x1021]\n  net: caif: spi: fix potential NULL dereference\n  ath9k_htc: Avoid setting QoS control for non-QoS frames\n  net: zero kobject in rx_queue_release\n  net: Fix duplicate volatile warning.\n  MAINTAINERS: Add stmmac maintainer\n  bonding: fix a race in IGMP handling\n  cfg80211: fix can_beacon_sec_chan, reenable HT40\n  gianfar: fix signedness issue\n  net: bnx2x: fix error value sign\n  8139cp: fix checksum broken\n  r8169: fix checksum broken\n  rds: Integer overflow in RDS cmsg handling\n  ...\n"
    },
    {
      "commit": "0302b8622ce696af1cda22fcf207d3793350e896",
      "tree": "70d8b124dcd37db847c5a6e997fca466458d024e",
      "parents": [
        "d9efd2af461abb7b54c49c1b7e654d496dd1d379"
      ],
      "author": {
        "name": "Randy Dunlap",
        "email": "randy.dunlap@oracle.com",
        "time": "Thu Nov 18 13:02:37 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Nov 19 09:27:15 2010 -0800"
      },
      "message": "net: fix kernel-doc for sk_filter_rcu_release\n\nFix kernel-doc warning for sk_filter_rcu_release():\n\nWarning(net/core/filter.c:586): missing initial short description on line:\n * \tsk_filter_rcu_release: Release a socket filter by rcu_head\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nCc:\t\"David S. Miller\" \u003cdavem@davemloft.net\u003e\nCc:\tnetdev@vger.kernel.org\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "dba4490d22a496f9b7c21919cf3effbed5851213",
      "tree": "c66928ae2f6f7c9677266c2d84d3c92c0fc80b46",
      "parents": [
        "925e277f5221defdc53cbef1ac3ed1803fa32357"
      ],
      "author": {
        "name": "Patrick McHardy",
        "email": "kaber@trash.net",
        "time": "Thu Nov 18 08:20:57 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Thu Nov 18 13:14:33 2010 -0800"
      },
      "message": "netfilter: fix IP_VS dependencies\n\nWhen NF_CONNTRACK is enabled, IP_VS uses conntrack symbols.\nTherefore IP_VS can\u0027t be linked statically when conntrack\nis built modular.\n\nReported-by: Justin P. Mattock \u003cjustinmattock@gmail.com\u003e\nTested-by: Justin P. Mattock \u003cjustinmattock@gmail.com\u003e\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "925e277f5221defdc53cbef1ac3ed1803fa32357",
      "tree": "5d11dc5bf2e6ca2ef848a3722c9270e59e4def67",
      "parents": [
        "18a31e1e282f9ed563b131526a88162ccbe04ee3"
      ],
      "author": {
        "name": "Wolfram Sang",
        "email": "w.sang@pengutronix.de",
        "time": "Tue Nov 16 09:40:02 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Thu Nov 18 12:24:25 2010 -0800"
      },
      "message": "net: irda: irttp: sync error paths of data- and udata-requests\n\nirttp_data_request() returns meaningful errorcodes, while irttp_udata_request()\njust returns -1 in similar situations. Sync the two and the loglevels of the\naccompanying output.\n\nSigned-off-by: Wolfram Sang \u003cw.sang@pengutronix.de\u003e\nCc: Samuel Ortiz \u003csameo@linux.intel.com\u003e\nCc: David Miller \u003cdavem@davemloft.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "18a31e1e282f9ed563b131526a88162ccbe04ee3",
      "tree": "1ab16b75f4302854d5b2840143624577189f9997",
      "parents": [
        "07bfa524d4c67acbb6b6fbdd1dea923d07853c04"
      ],
      "author": {
        "name": "Thomas Graf",
        "email": "tgraf@infradead.org",
        "time": "Wed Nov 17 04:12:02 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Thu Nov 18 12:08:36 2010 -0800"
      },
      "message": "ipv6: Expose reachable and retrans timer values as msecs\n\nExpose reachable and retrans timer values in msecs instead of jiffies.\nBoth timer values are already exposed as msecs in the neighbour table\nnetlink interface.\n\nThe creation timestamp format with increased precision is kept but\ncleaned up.\n\nSigned-off-by: Thomas Graf \u003ctgraf@infradead.org\u003e\nCc: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "07bfa524d4c67acbb6b6fbdd1dea923d07853c04",
      "tree": "6e3819f13d3f4efa9c099cf227b1d42b1bc78620",
      "parents": [
        "93908d192686d8285dd6441ff855df92a40103d2",
        "3bf30b56c4f0a1c4fae34050b7db4527c92891e8"
      ],
      "author": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Thu Nov 18 11:56:09 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Thu Nov 18 11:56:09 2010 -0800"
      },
      "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6\n"
    },
    {
      "commit": "93908d192686d8285dd6441ff855df92a40103d2",
      "tree": "f5d22a57782538cb2fe3a794294eef72bc8ede08",
      "parents": [
        "d530db0db90378b5674cb78d9c0cfcc83f851a5e"
      ],
      "author": {
        "name": "Thomas Graf",
        "email": "tgraf@infradead.org",
        "time": "Wed Nov 17 01:44:24 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Thu Nov 18 11:05:01 2010 -0800"
      },
      "message": "ipv6: Expose IFLA_PROTINFO timer values in msecs instead of jiffies\n\nIFLA_PROTINFO exposes timer related per device settings in jiffies.\nChange it to expose these values in msecs like the sysctl interface\ndoes.\n\nI did not find any users of IFLA_PROTINFO which rely on any of these\nvalues and even if there are, they are likely already broken because\nthere is no way for them to reliably convert such a value to another\ntime format.\n\nSigned-off-by: Thomas Graf \u003ctgraf@infradead.org\u003e\nCc: YOSHIFUJI Hideaki \u003cyoshfuji@linux-ipv6.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "7d8e76bf9ac3604897f0ce12e8bf09b68c2a2c89",
      "tree": "c22856a3f630d3fb3067aa1a89f8f884f97dcc40",
      "parents": [
        "ef22b7b65f0eda9015becc7bff225a399914a242"
      ],
      "author": {
        "name": "John Fastabend",
        "email": "john.r.fastabend@intel.com",
        "time": "Tue Nov 16 19:42:53 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Thu Nov 18 09:41:40 2010 -0800"
      },
      "message": "net: zero kobject in rx_queue_release\n\nnetif_set_real_num_rx_queues() can decrement and increment\nthe number of rx queues. For example ixgbe does this as\nfeatures and offloads are toggled. Presumably this could\nalso happen across down/up on most devices if the available\nresources changed (cpu offlined).\n\nThe kobject needs to be zero\u0027d in this case so that the\nstate is not preserved across kobject_put()/kobject_init_and_add().\n\nThis resolves the following error report.\n\nixgbe 0000:03:00.0: eth2: NIC Link is Up 10 Gbps, Flow Control: RX/TX\nkobject (ffff880324b83210): tried to init an initialized object, something is seriously wrong.\nPid: 1972, comm: lldpad Not tainted 2.6.37-rc18021qaz+ #169\nCall Trace:\n [\u003cffffffff8121c940\u003e] kobject_init+0x3a/0x83\n [\u003cffffffff8121cf77\u003e] kobject_init_and_add+0x23/0x57\n [\u003cffffffff8107b800\u003e] ? mark_lock+0x21/0x267\n [\u003cffffffff813c6d11\u003e] net_rx_queue_update_kobjects+0x63/0xc6\n [\u003cffffffff813b5e0e\u003e] netif_set_real_num_rx_queues+0x5f/0x78\n [\u003cffffffffa0261d49\u003e] ixgbe_set_num_queues+0x1c6/0x1ca [ixgbe]\n [\u003cffffffffa0262509\u003e] ixgbe_init_interrupt_scheme+0x1e/0x79c [ixgbe]\n [\u003cffffffffa0274596\u003e] ixgbe_dcbnl_set_state+0x167/0x189 [ixgbe]\n\nSigned-off-by: John Fastabend \u003cjohn.r.fastabend@intel.com\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "09a02fdb919876c01e8f05960750a418b3f7fa48",
      "tree": "56be1e83394ba38590ab16a0d2905fe49e05414d",
      "parents": [
        "9236d838c920e90708570d9bbd7bb82d30a38130"
      ],
      "author": {
        "name": "Mark Mentovai",
        "email": "mark@moxienet.com",
        "time": "Wed Nov 17 16:34:37 2010 -0500"
      },
      "committer": {
        "name": "John W. Linville",
        "email": "linville@tuxdriver.com",
        "time": "Thu Nov 18 11:35:05 2010 -0500"
      },
      "message": "cfg80211: fix can_beacon_sec_chan, reenable HT40\n\nThis follows wireless-testing 9236d838c920e90708570d9bbd7bb82d30a38130\n(\"cfg80211: fix extension channel checks to initiate communication\") and\nfixes accidental case fall-through. Without this fix, HT40 is entirely\nblocked.\n\nSigned-off-by: Mark Mentovai \u003cmark@moxienet.com\u003e\nCc: stable@kernel.org\nAcked-by: Luis R. Rodriguez \u003clrodriguez@atheros.com\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n"
    },
    {
      "commit": "218854af84038d828a32f061858b1902ed2beec6",
      "tree": "d5c688bc9856b3763e354619ff46ebe20edad891",
      "parents": [
        "7d98ffd8c2d1da6cec5d84eba42c4aa836a93f85"
      ],
      "author": {
        "name": "Dan Rosenberg",
        "email": "drosenberg@vsecurity.com",
        "time": "Wed Nov 17 06:37:16 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Nov 17 12:20:52 2010 -0800"
      },
      "message": "rds: Integer overflow in RDS cmsg handling\n\nIn rds_cmsg_rdma_args(), the user-provided args-\u003enr_local value is\nrestricted to less than UINT_MAX.  This seems to need a tighter upper\nbound, since the calculation of total iov_size can overflow, resulting\nin a small sock_kmalloc() allocation.  This would probably just result\nin walking off the heap and crashing when calling rds_rdma_pages() with\na high count value.  If it somehow doesn\u0027t crash here, then memory\ncorruption could occur soon after.\n\nSigned-off-by: Dan Rosenberg \u003cdrosenberg@vsecurity.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "451a3c24b0135bce54542009b5fde43846c7cf67",
      "tree": "f0fbbcc155aef2a1ffcb8aa593fe7a966d0e6900",
      "parents": [
        "55f6561c6941713ab5ae9180525b026dd40b7d14"
      ],
      "author": {
        "name": "Arnd Bergmann",
        "email": "arnd@arndb.de",
        "time": "Wed Nov 17 16:26:55 2010 +0100"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Wed Nov 17 08:59:32 2010 -0800"
      },
      "message": "BKL: remove extraneous #include \u003csmp_lock.h\u003e\n\nThe big kernel lock has been removed from all these files at some point,\nleaving only the #include.\n\nRemove this too as a cleanup.\n\nSigned-off-by: Arnd Bergmann \u003carnd@arndb.de\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n"
    },
    {
      "commit": "9236d838c920e90708570d9bbd7bb82d30a38130",
      "tree": "ee2d9ae6b4f82efe3b28e33abebec96b7e136141",
      "parents": [
        "b5261cf4f3860bd772346a3e692683b6144dd44c"
      ],
      "author": {
        "name": "Luis R. Rodriguez",
        "email": "lrodriguez@atheros.com",
        "time": "Fri Nov 12 16:31:23 2010 -0800"
      },
      "committer": {
        "name": "John W. Linville",
        "email": "linville@tuxdriver.com",
        "time": "Tue Nov 16 15:59:39 2010 -0500"
      },
      "message": "cfg80211: fix extension channel checks to initiate communication\n\nWhen operating in a mode that initiates communication and using\nHT40 we should fail if we cannot use both primary and secondary\nchannels to initiate communication. Our current ht40 allowmap\nonly covers STA mode of operation, for beaconing modes we need\na check on the fly as the mode of operation is dynamic and\nthere other flags other than disable which we should read\nto check if we can initiate communication.\n\nDo not allow for initiating communication if our secondary HT40\nchannel has is either disabled, has a passive scan flag, a\nno-ibss flag or is a radar channel. Userspace now has similar\nchecks but this is also needed in-kernel.\n\nReported-by: Jouni Malinen \u003cjouni.malinen@atheros.com\u003e\nCc: stable@kernel.org\nSigned-off-by: Luis R. Rodriguez \u003clrodriguez@atheros.com\u003e\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n"
    },
    {
      "commit": "7d98ffd8c2d1da6cec5d84eba42c4aa836a93f85",
      "tree": "398437e234367d8184bbaed1b3af8dc8ed7d5d3a",
      "parents": [
        "4c62ab9c538bc09c38093fa079e6902ea4d42b98"
      ],
      "author": {
        "name": "Ulrich Weber",
        "email": "uweber@astaro.com",
        "time": "Fri Nov 05 01:39:12 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Tue Nov 16 11:43:39 2010 -0800"
      },
      "message": "xfrm: update flowi saddr in icmp_send if unset\n\notherwise xfrm_lookup will fail to find correct policy\n\nSigned-off-by: Ulrich Weber \u003cuweber@astaro.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "4c62ab9c538bc09c38093fa079e6902ea4d42b98",
      "tree": "d67bb872f84197369d82985702b6517a7a3f289a",
      "parents": [
        "3b42a96dc7870c53d20b419185737d3b8f7a7b74"
      ],
      "author": {
        "name": "Wolfram Sang",
        "email": "w.sang@pengutronix.de",
        "time": "Tue Nov 16 09:50:47 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Tue Nov 16 09:50:47 2010 -0800"
      },
      "message": "irda: irttp: allow zero byte packets\n\nSending zero byte packets is not neccessarily an error (AF_INET accepts it,\ntoo), so just apply a shortcut. This was discovered because of a non-working\nsoftware with WINE. See\n\n  http://bugs.winehq.org/show_bug.cgi?id\u003d19397#c86\n  http://thread.gmane.org/gmane.linux.irda.general/1643\n\nfor very detailed debugging information and a testcase. Kudos to Wolfgang for\nthose!\n\nReported-by: Wolfgang Schwotzer \u003cwolfgang.schwotzer@gmx.net\u003e\nSigned-off-by: Wolfram Sang \u003cw.sang@pengutronix.de\u003e\nTested-by: Mike Evans \u003cmike.evans@cardolan.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "94f58df8e545657f0b2d16eca1ac7a4ec39ed6be",
      "tree": "cf914f47862fdabb86257f18b671754c38c2ca8f",
      "parents": [
        "5685b971362651ee3d99ff3cc512c3bbd049d34d"
      ],
      "author": {
        "name": "Jesper Juhl",
        "email": "jj@chaosbits.net",
        "time": "Sun Nov 07 22:11:34 2010 +0100"
      },
      "committer": {
        "name": "Trond Myklebust",
        "email": "Trond.Myklebust@netapp.com",
        "time": "Tue Nov 16 11:58:51 2010 -0500"
      },
      "message": "SUNRPC: Simplify rpc_alloc_iostats by removing pointless local variable\n\nHi,\n\nWe can simplify net/sunrpc/stats.c::rpc_alloc_iostats() a bit by getting\nrid of the unneeded local variable \u0027new\u0027.\n\nPlease CC me on replies.\n\nSigned-off-by: Jesper Juhl \u003cjj@chaosbits.net\u003e\nSigned-off-by: Trond Myklebust \u003cTrond.Myklebust@netapp.com\u003e\n"
    },
    {
      "commit": "9457b24a0955bbdd2e89220a75de69fe09501bba",
      "tree": "cb484848e14cc2705c4513ad3ec1f0420a4d55db",
      "parents": [
        "80ef913f5e6a84551545016cea709f5e96d0cda6",
        "0597d1b99fcfc2c0eada09a698f85ed413d4ba84"
      ],
      "author": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Fri Nov 12 17:17:55 2010 -0800"
      },
      "committer": {
        "name": "Linus Torvalds",
        "email": "torvalds@linux-foundation.org",
        "time": "Fri Nov 12 17:17:55 2010 -0800"
      },
      "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6\n\n* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (66 commits)\n  can-bcm: fix minor heap overflow\n  gianfar: Do not call device_set_wakeup_enable() under a spinlock\n  ipv6: Warn users if maximum number of routes is reached.\n  docs: Add neigh/gc_thresh3 and route/max_size documentation.\n  axnet_cs: fix resume problem for some Ax88790 chip\n  ipv6: addrconf: don\u0027t remove address state on ifdown if the address is being kept\n  tcp: Don\u0027t change unlocked socket state in tcp_v4_err().\n  x25: Prevent crashing when parsing bad X.25 facilities\n  cxgb4vf: add call to Firmware to reset VF State.\n  cxgb4vf: Fail open if link_start() fails.\n  cxgb4vf: flesh out PCI Device ID Table ...\n  cxgb4vf: fix some errors in Gather List to skb conversion\n  cxgb4vf: fix bug in Generic Receive Offload\n  cxgb4vf: don\u0027t implement trivial (and incorrect) ndo_select_queue()\n  ixgbe: Look inside vlan when determining offload protocol.\n  bnx2x: Look inside vlan when determining checksum proto.\n  vlan: Add function to retrieve EtherType from vlan packets.\n  virtio-net: init link state correctly\n  ucc_geth: Fix deadlock\n  ucc_geth: Do not bring the whole IF down when TX failure.\n  ...\n"
    },
    {
      "commit": "0597d1b99fcfc2c0eada09a698f85ed413d4ba84",
      "tree": "c66d570cfa83daadde69179557183dafeeab7ed8",
      "parents": [
        "6c4f199411f254bf3713b04ed8653f0955883309"
      ],
      "author": {
        "name": "Oliver Hartkopp",
        "email": "socketcan@hartkopp.net",
        "time": "Wed Nov 10 12:10:30 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Nov 12 14:07:14 2010 -0800"
      },
      "message": "can-bcm: fix minor heap overflow\n\nOn 64-bit platforms the ASCII representation of a pointer may be up to 17\nbytes long. This patch increases the length of the buffer accordingly.\n\nhttp://marc.info/?l\u003dlinux-netdev\u0026m\u003d128872251418192\u0026w\u003d2\n\nReported-by: Dan Rosenberg \u003cdrosenberg@vsecurity.com\u003e\nSigned-off-by: Oliver Hartkopp \u003csocketcan@hartkopp.net\u003e\nCC: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "403856532734317d25ec86ab1e75b8133db7acc6",
      "tree": "a294c1cba6ba395cd50c24c4e0f696645d6e13e2",
      "parents": [
        "cbaf087a9f5e4721e83e8681ef328158f2298c6f"
      ],
      "author": {
        "name": "Ben Greear",
        "email": "greearb@candelatech.com",
        "time": "Mon Nov 08 12:33:48 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Nov 12 14:03:24 2010 -0800"
      },
      "message": "ipv6: Warn users if maximum number of routes is reached.\n\nThis gives users at least some clue as to what the problem\nmight be and how to go about fixing it.\n\nSigned-off-by: Ben Greear \u003cgreearb@candelatech.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "2de795707294972f6c34bae9de713e502c431296",
      "tree": "bd5ee45aee40d0c4a6a0c7d3c25202fd0f95f3f6",
      "parents": [
        "8f49c2703b33519aaaccc63f571b465b9d2b3a2d"
      ],
      "author": {
        "name": "Lorenzo Colitti",
        "email": "lorenzo@google.com",
        "time": "Wed Oct 27 18:16:49 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Nov 12 13:44:24 2010 -0800"
      },
      "message": "ipv6: addrconf: don\u0027t remove address state on ifdown if the address is being kept\n\nCurrently, addrconf_ifdown does not delete statically configured IPv6\naddresses when the interface is brought down. The intent is that when\nthe interface comes back up the address will be usable again. However,\nthis doesn\u0027t actually work, because the system stops listening on the\ncorresponding solicited-node multicast address, so the address cannot\nrespond to neighbor solicitations and thus receive traffic. Also, the\ncode notifies the rest of the system that the address is being deleted\n(e.g, RTM_DELADDR), even though it is not. Fix it so that none of this\nstate is updated if the address is being kept on the interface.\n\nTested: Added a statically configured IPv6 address to an interface,\nstarted ping, brought link down, brought link up again. When link came\nup ping kept on going and \"ip -6 maddr\" showed that the host was still\nsubscribed to there\n\nSigned-off-by: Lorenzo Colitti \u003clorenzo@google.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "8f49c2703b33519aaaccc63f571b465b9d2b3a2d",
      "tree": "3b2db10ae8642c87c7258522e06ee56910d5b420",
      "parents": [
        "5ef41308f94dcbb3b7afc56cdef1c2ba53fa5d2f"
      ],
      "author": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Nov 12 13:35:00 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Nov 12 13:35:00 2010 -0800"
      },
      "message": "tcp: Don\u0027t change unlocked socket state in tcp_v4_err().\n\nAlexey Kuznetsov noticed a regression introduced by\ncommit f1ecd5d9e7366609d640ff4040304ea197fbc618\n(\"Revert Backoff [v3]: Revert RTO on ICMP destination unreachable\")\n\nThe RTO and timer modification code added to tcp_v4_err()\ndoesn\u0027t check sock_owned_by_user(), which if true means we\ndon\u0027t have exclusive access to the socket and therefore cannot\nmodify it\u0027s critical state.\n\nJust skip this new code block if sock_owned_by_user() is true\nand eliminate the now superfluous sock_owned_by_user() code\nblock contained within.\n\nReported-by: Alexey Kuznetsov \u003ckuznet@ms2.inr.ac.ru\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\nCC: Damian Lukowski \u003cdamian@tvk.rwth-aachen.de\u003e\nAcked-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\n"
    },
    {
      "commit": "5ef41308f94dcbb3b7afc56cdef1c2ba53fa5d2f",
      "tree": "c21d9c1c7f2792b0889432988d42e9b90f953358",
      "parents": [
        "e68e6133e2daef6fc40e91621a1e26938e428e9e"
      ],
      "author": {
        "name": "Dan Rosenberg",
        "email": "drosenberg@vsecurity.com",
        "time": "Fri Nov 12 12:44:42 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Nov 12 12:44:42 2010 -0800"
      },
      "message": "x25: Prevent crashing when parsing bad X.25 facilities\n\nNow with improved comma support.\n\nOn parsing malformed X.25 facilities, decrementing the remaining length\nmay cause it to underflow.  Since the length is an unsigned integer,\nthis will result in the loop continuing until the kernel crashes.\n\nThis patch adds checks to ensure decrementing the remaining length does\nnot cause it to wrap around.\n\nSigned-off-by: Dan Rosenberg \u003cdrosenberg@vsecurity.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "1f18b7176e2e41fada24584ce3c80e9abfaca52b",
      "tree": "4f5cc10413729e16e8965c81afba3ca953ff3642",
      "parents": [
        "7c13a0d9a1ac6875f6380763b947f4a5a016605f"
      ],
      "author": {
        "name": "Mariusz Kozlowski",
        "email": "mk@lab.zgora.pl",
        "time": "Mon Nov 08 11:58:45 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Nov 12 11:06:46 2010 -0800"
      },
      "message": "net: Fix header size check for GSO case in recvmsg (af_packet)\n\nParameter \u0027len\u0027 is size_t type so it will never get negative.\n\nSigned-off-by: Mariusz Kozlowski \u003cmk@lab.zgora.pl\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "7c13a0d9a1ac6875f6380763b947f4a5a016605f",
      "tree": "fbf7b41bc8cc250e6f9add13541e7d1c408a33b8",
      "parents": [
        "369cf77a6a3e41b1110506ddf43d45804103bfde",
        "22e091e5253da1e9ad7c0a82c2c84446fc403efe"
      ],
      "author": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Nov 12 11:04:26 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Nov 12 11:04:26 2010 -0800"
      },
      "message": "Merge git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6\n"
    },
    {
      "commit": "369cf77a6a3e41b1110506ddf43d45804103bfde",
      "tree": "6bd88b669c8c68ac4d9008e00566ca15e43a6ff4",
      "parents": [
        "8877870f8a8127b653f8c9a55c6b4de9f96f639b"
      ],
      "author": {
        "name": "Thomas Graf",
        "email": "tgraf@infradead.org",
        "time": "Thu Nov 11 15:47:59 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Fri Nov 12 10:53:09 2010 -0800"
      },
      "message": "rtnetlink: Fix message size calculation for link messages\n\nnlmsg_total_size() calculates the length of a netlink message\nincluding header and alignment. nla_total_size() calculates the\nspace an individual attribute consumes which was meant to be used\nin this context.\n\nAlso, ensure to account for the attribute header for the\nIFLA_INFO_XSTATS attribute as implementations of get_xstats_size()\nseem to assume that we do so.\n\nThe addition of two message headers minus the missing attribute\nheader resulted in a calculated message size that was larger than\nrequired. Therefore we never risked running out of skb tailroom.\n\nSigned-off-by: Thomas Graf \u003ctgraf@infradead.org\u003e\nAcked-by: Patrick McHardy \u003ckaber@trash.net\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "22e091e5253da1e9ad7c0a82c2c84446fc403efe",
      "tree": "b3f892779ab637002bfb9e32c74905b13f81ec75",
      "parents": [
        "ac5aa2e3332ec04889074afdbd1479424d0227a5"
      ],
      "author": {
        "name": "Shan Wei",
        "email": "shanwei@cn.fujitsu.com",
        "time": "Fri Nov 12 08:51:55 2010 +0100"
      },
      "committer": {
        "name": "Patrick McHardy",
        "email": "kaber@trash.net",
        "time": "Fri Nov 12 08:51:55 2010 +0100"
      },
      "message": "netfilter: ipv6: fix overlap check for fragments\n\nThe type of FRAG6_CB(prev)-\u003eoffset is int, skb-\u003elen is *unsigned* int,\nand offset is int.\n\nWithout this patch, type conversion occurred to this expression, when\n(FRAG6_CB(prev)-\u003eoffset + prev-\u003elen) is less than offset.\n\nSigned-off-by: Shan Wei \u003cshanwei@cn.fujitsu.com\u003e\nSigned-off-by: Patrick McHardy \u003ckaber@trash.net\u003e\n"
    },
    {
      "commit": "8877870f8a8127b653f8c9a55c6b4de9f96f639b",
      "tree": "cc2629911f6b011ee2e3f4a85febbb9b6cc63604",
      "parents": [
        "7a1abd08d52fdeddb3e9a5a33f2f15cc6a5674d2",
        "7379efeacb707f49729080791a7a562d8996aec4"
      ],
      "author": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Nov 10 22:15:31 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Nov 10 22:15:31 2010 -0800"
      },
      "message": "Merge branch \u0027master\u0027 of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6\n"
    },
    {
      "commit": "7a1abd08d52fdeddb3e9a5a33f2f15cc6a5674d2",
      "tree": "f566af2a622e5416056c70633576a1a46b8bf6aa",
      "parents": [
        "8d987e5c75107ca7515fa19e857cfa24aab6ec8f"
      ],
      "author": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Nov 10 21:35:37 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Nov 10 21:35:37 2010 -0800"
      },
      "message": "tcp: Increase TCP_MAXSEG socket option minimum.\n\nAs noted by Steve Chen, since commit\nf5fff5dc8a7a3f395b0525c02ba92c95d42b7390 (\"tcp: advertise MSS\nrequested by user\") we can end up with a situation where\ntcp_select_initial_window() does a divide by a zero (or\neven negative) mss value.\n\nThe problem is that sometimes we effectively subtract\nTCPOLEN_TSTAMP_ALIGNED and/or TCPOLEN_MD5SIG_ALIGNED from the mss.\n\nFix this by increasing the minimum from 8 to 64.\n\nReported-by: Steve Chen \u003cschen@mvista.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "8d987e5c75107ca7515fa19e857cfa24aab6ec8f",
      "tree": "6392c5f08f0df39d42a079336f6be3960ac404dc",
      "parents": [
        "67286640f638f5ad41a946b9a3dc75327950248f"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "eric.dumazet@gmail.com",
        "time": "Tue Nov 09 23:24:26 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Nov 10 12:12:00 2010 -0800"
      },
      "message": "net: avoid limits overflow\n\nRobin Holt tried to boot a 16TB machine and found some limits were\nreached : sysctl_tcp_mem[2], sysctl_udp_mem[2]\n\nWe can switch infrastructure to use long \"instead\" of \"int\", now\natomic_long_t primitives are available for free.\n\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nReported-by: Robin Holt \u003cholt@sgi.com\u003e\nReviewed-by: Robin Holt \u003cholt@sgi.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "67286640f638f5ad41a946b9a3dc75327950248f",
      "tree": "34844d5e00a54f78b384f75f6cded995423d7fc6",
      "parents": [
        "57fe93b374a6b8711995c2d466c502af9f3a08bb"
      ],
      "author": {
        "name": "Vasiliy Kulikov",
        "email": "segooon@gmail.com",
        "time": "Wed Nov 10 12:09:10 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Nov 10 12:09:10 2010 -0800"
      },
      "message": "net: packet: fix information leak to userland\n\npacket_getname_spkt() doesn\u0027t initialize all members of sa_data field of\nsockaddr struct if strlen(dev-\u003ename) \u003c 13.  This structure is then copied\nto userland.  It leads to leaking of contents of kernel stack memory.\nWe have to fully fill sa_data with strncpy() instead of strlcpy().\n\nThe same with packet_getname(): it doesn\u0027t initialize sll_pkttype field of\nsockaddr_ll.  Set it to zero.\n\nSigned-off-by: Vasiliy Kulikov \u003csegooon@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "57fe93b374a6b8711995c2d466c502af9f3a08bb",
      "tree": "12648abf4c941275e5a12a8416e8fa6a92276753",
      "parents": [
        "fe10ae53384e48c51996941b7720ee16995cbcb7"
      ],
      "author": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Nov 10 10:38:24 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Nov 10 10:38:24 2010 -0800"
      },
      "message": "filter: make sure filters dont read uninitialized memory\n\nThere is a possibility malicious users can get limited information about\nuninitialized stack mem array. Even if sk_run_filter() result is bound\nto packet length (0 .. 65535), we could imagine this can be used by\nhostile user.\n\nInitializing mem[] array, like Dan Rosenberg suggested in his patch is\nexpensive since most filters dont even use this array.\n\nIts hard to make the filter validation in sk_chk_filter(), because of\nthe jumps. This might be done later.\n\nIn this patch, I use a bitmap (a single long var) so that only filters\nusing mem[] loads/stores pay the price of added security checks.\n\nFor other filters, additional cost is a single instruction.\n\n[ Since we access fentry-\u003ek a lot now, cache it in a local variable\n  and mark filter entry pointer as const. -DaveM ]\n\nReported-by: Dan Rosenberg \u003cdrosenberg@vsecurity.com\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "fe10ae53384e48c51996941b7720ee16995cbcb7",
      "tree": "b5a4332bd71d40a6193bc62d097808abfe62997a",
      "parents": [
        "332dd96f7ac15e937088fe11f15cfe0210e8edd1"
      ],
      "author": {
        "name": "Vasiliy Kulikov",
        "email": "segooon@gmail.com",
        "time": "Wed Nov 10 10:14:33 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Wed Nov 10 10:14:33 2010 -0800"
      },
      "message": "net: ax25: fix information leak to userland\n\nSometimes ax25_getname() doesn\u0027t initialize all members of fsa_digipeater\nfield of fsa struct, also the struct has padding bytes between\nsax25_call and sax25_ndigis fields.  This structure is then copied to\nuserland.  It leads to leaking of contents of kernel stack memory.\n\nSigned-off-by: Vasiliy Kulikov \u003csegooon@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "c5c6b19d4b8f5431fca05f28ae9e141045022149",
      "tree": "0961d9aeee49f481134089ac5b93b7118cf3a34b",
      "parents": [
        "b7495fc2ff941db6a118a93ab8d61149e3f4cef8"
      ],
      "author": {
        "name": "Sage Weil",
        "email": "sage@newdream.net",
        "time": "Tue Nov 09 12:40:00 2010 -0800"
      },
      "committer": {
        "name": "Sage Weil",
        "email": "sage@newdream.net",
        "time": "Tue Nov 09 12:43:17 2010 -0800"
      },
      "message": "ceph: explicitly specify page alignment in network messages\n\nThe alignment used for reading data into or out of pages used to be taken\nfrom the data_off field in the message header.  This only worked as long\nas the page alignment matched the object offset, breaking direct io to\nnon-page aligned offsets.\n\nInstead, explicitly specify the page alignment next to the page vector\nin the ceph_msg struct, and use that instead of the message header (which\nprobably shouldn\u0027t be trusted).  The alloc_msg callback is responsible for\nfilling in this field properly when it sets up the page vector.\n\nSigned-off-by: Sage Weil \u003csage@newdream.net\u003e\n"
    },
    {
      "commit": "b7495fc2ff941db6a118a93ab8d61149e3f4cef8",
      "tree": "231c339d74760e2fa13e5e6f41c10bc28cea51b3",
      "parents": [
        "e98b6fed84d0f0155d7b398e0dfeac74c792f2d0"
      ],
      "author": {
        "name": "Sage Weil",
        "email": "sage@newdream.net",
        "time": "Tue Nov 09 12:43:12 2010 -0800"
      },
      "committer": {
        "name": "Sage Weil",
        "email": "sage@newdream.net",
        "time": "Tue Nov 09 12:43:12 2010 -0800"
      },
      "message": "ceph: make page alignment explicit in osd interface\n\nWe used to infer alignment of IOs within a page based on the file offset,\nwhich assumed they matched.  This broke with direct IO that was not aligned\nto pages (e.g., 512-byte aligned IO).  We were also trusting the alignment\nspecified in the OSD reply, which could have been adjusted by the server.\n\nExplicitly specify the page alignment when setting up OSD IO requests.\n\nSigned-off-by: Sage Weil \u003csage@newdream.net\u003e\n"
    },
    {
      "commit": "e98b6fed84d0f0155d7b398e0dfeac74c792f2d0",
      "tree": "0762cba398c39329dc5f056ddfccebf6768d2555",
      "parents": [
        "d8672d64b88cdb7aa8139fb6d218f40b8cbf60af"
      ],
      "author": {
        "name": "Sage Weil",
        "email": "sage@newdream.net",
        "time": "Tue Nov 09 12:24:53 2010 -0800"
      },
      "committer": {
        "name": "Sage Weil",
        "email": "sage@newdream.net",
        "time": "Tue Nov 09 12:24:53 2010 -0800"
      },
      "message": "ceph: fix comment, remove extraneous args\n\nThe offset/length arguments aren\u0027t used.\n\nSigned-off-by: Sage Weil \u003csage@newdream.net\u003e\n"
    },
    {
      "commit": "332dd96f7ac15e937088fe11f15cfe0210e8edd1",
      "tree": "8efe236b18c0abacee96f9ed5fa6cfd396cdedcf",
      "parents": [
        "88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "eric.dumazet@gmail.com",
        "time": "Tue Nov 09 11:46:33 2010 -0800"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Tue Nov 09 12:17:16 2010 -0800"
      },
      "message": "net/dst: dst_dev_event() called after other notifiers\n\nFollowup of commit ef885afbf8a37689 (net: use rcu_barrier() in\nrollback_registered_many)\n\ndst_dev_event() scans a garbage dst list that might be feeded by various\nnetwork notifiers at device dismantle time.\n\nIts important to call dst_dev_event() after other notifiers, or we might\nenter the infamous msleep(250) in netdev_wait_allrefs(), and wait one\nsecond before calling again call_netdevice_notifiers(NETDEV_UNREGISTER,\ndev) to properly remove last device references.\n\nUse priority -10 to let dst_dev_notifier be called after other network\nnotifiers (they have the default 0 priority)\n\nReported-by: Ben Greear \u003cgreearb@candelatech.com\u003e\nReported-by: Nicolas Dichtel \u003cnicolas.dichtel@6wind.com\u003e\nReported-by: Octavian Purdila \u003copurdila@ixiacom.com\u003e\nReported-by: Benjamin LaHaise \u003cbcrl@kvack.org\u003e\nTested-by: Ben Greear \u003cgreearb@candelatech.com\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "88f8a5e3e7defccd3925cabb1ee4d3994e5cdb52",
      "tree": "151d98558e8a210434e84d1e8127d681e975e80b",
      "parents": [
        "ea80907ff066edd1dd43c5fe90ae6677d15e6384"
      ],
      "author": {
        "name": "Kulikov Vasiliy",
        "email": "segooon@gmail.com",
        "time": "Sun Oct 31 07:10:32 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Tue Nov 09 09:25:46 2010 -0800"
      },
      "message": "net: tipc: fix information leak to userland\n\nStructure sockaddr_tipc is copied to userland with padding bytes after\n\"id\" field in union field \"name\" unitialized.  It leads to leaking of\ncontents of kernel stack memory.  We have to initialize them to zero.\n\nSigned-off-by: Vasiliy Kulikov \u003csegooon@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "18943d292facbc70e6a36fc62399ae833f64671b",
      "tree": "337c4818e0cb478a4436ee5ad8d16822998bf8eb",
      "parents": [
        "aa58163a76a3aef33c7220931543d45d0fe43753"
      ],
      "author": {
        "name": "Eric Dumazet",
        "email": "eric.dumazet@gmail.com",
        "time": "Mon Nov 08 11:15:54 2010 +0000"
      },
      "committer": {
        "name": "David S. Miller",
        "email": "davem@davemloft.net",
        "time": "Tue Nov 09 08:26:42 2010 -0800"
      },
      "message": "inet: fix ip_mc_drop_socket()\n\ncommit 8723e1b4ad9be4444 (inet: RCU changes in inetdev_by_index())\nforgot one call site in ip_mc_drop_socket()\n\nWe should not decrease idev refcount after inetdev_by_index() call,\nsince refcount is not increased anymore.\n\nReported-by: Markus Trippelsdorf \u003cmarkus@trippelsdorf.de\u003e\nReported-by: Miles Lane \u003cmiles.lane@gmail.com\u003e\nSigned-off-by: Eric Dumazet \u003ceric.dumazet@gmail.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n"
    },
    {
      "commit": "63ce0900d79645c714de6c8b66d8040670068c9e",
      "tree": "02bd4f20262db74e45fdd431bf5e8d0c18cf314e",
      "parents": [
        "4f8b691c9fb02e72359e71592098c1de3b8ec712"
      ],
      "author": {
        "name": "Luiz Augusto von Dentz",
        "email": "luiz.dentz-von@nokia.com",
        "time": "Thu Aug 19 14:06:10 2010 +0300"
      },
      "committer": {
        "name": "Gustavo F. Padovan",
        "email": "padovan@profusion.mobi",
        "time": "Tue Nov 09 00:56:10 2010 -0200"
      },
      "message": "Bluetooth: fix not setting security level when creating a rfcomm session\n\nThis cause \u0027No Bonding\u0027 to be used if userspace has not yet been paired\nwith remote device since the l2cap socket used to create the rfcomm\nsession does not have any security level set.\n\nSigned-off-by: Luiz Augusto von Dentz \u003cluiz.dentz-von@nokia.com\u003e\nAcked-by: Ville Tervo \u003cville.tervo@nokia.com\u003e\nAcked-by: Marcel Holtmann \u003cmarcel@holtmann.org\u003e\nSigned-off-by: Gustavo F. Padovan \u003cpadovan@profusion.mobi\u003e\n"
    },
    {
      "commit": "4f8b691c9fb02e72359e71592098c1de3b8ec712",
      "tree": "d74bf4427c1f92b79ba84e8c8159f02b3933430a",
      "parents": [
        "bfaaeb3ed5533a2dd38e3aa9ea43efd619690aed"
      ],
      "author": {
        "name": "Gustavo F. Padovan",
        "email": "padovan@profusion.mobi",
        "time": "Mon Oct 18 14:25:53 2010 -0200"
      },
      "committer": {
        "name": "Gustavo F. Padovan",
        "email": "padovan@profusion.mobi",
        "time": "Tue Nov 09 00:56:09 2010 -0200"
      },
      "message": "Bluetooth: fix endianness conversion in L2CAP\n\nLast commit added a wrong endianness conversion. Fixing that.\n\nReported-by: Harvey Harrison \u003charvey.harrison@gmail.com\u003e\nSigned-off-by: Gustavo F. Padovan \u003cpadovan@profusion.mobi\u003e\n"
    },
    {
      "commit": "bfaaeb3ed5533a2dd38e3aa9ea43efd619690aed",
      "tree": "8a7a46f99f20d8a637e1867b6309c3e6b88f47da",
      "parents": [
        "556ea928f78a390fe16ae584e6433dff304d3014"
      ],
      "author": {
        "name": "steven miao",
        "email": "realmz6@gmail.com",
        "time": "Sat Oct 16 18:29:47 2010 -0400"
      },
      "committer": {
        "name": "Gustavo F. Padovan",
        "email": "padovan@profusion.mobi",
        "time": "Tue Nov 09 00:56:00 2010 -0200"
      },
      "message": "Bluetooth: fix unaligned access to l2cap conf data\n\nIn function l2cap_get_conf_opt() and l2cap_add_conf_opt() the address of\nopt-\u003eval sometimes is not at the edge of 2-bytes/4-bytes, so 2-bytes/4 bytes\naccess will cause data misalignment exeception.  Use get_unaligned_le16/32\nand put_unaligned_le16/32 function to avoid data misalignment execption.\n\nSigned-off-by: steven miao \u003crealmz6@gmail.com\u003e\nSigned-off-by: Mike Frysinger \u003cvapier@gentoo.org\u003e\nAcked-by: Marcel Holtmann \u003cmarcel@holtmann.org\u003e\nSigned-off-by: Gustavo F. Padovan \u003cpadovan@profusion.mobi\u003e\n"
    },
    {
      "commit": "bdb7524a75e4716535a29abb314a82619301e068",
      "tree": "3da5f18d2eb0fd1eebdb8b51c0581a51773ac283",
      "parents": [
        "96c99b473a8531188e2f6106c6ef0e33bb4500f2"
      ],
      "author": {
        "name": "Johan Hedberg",
        "email": "johan.hedberg@nokia.com",
        "time": "Fri Oct 15 10:46:09 2010 +0300"
      },
      "committer": {
        "name": "Gustavo F. Padovan",
        "email": "padovan@profusion.mobi",
        "time": "Tue Nov 09 00:55:27 2010 -0200"
      },
      "message": "Bluetooth: Fix non-SSP auth request for HIGH security level sockets\n\nWhen initiating dedicated bonding a L2CAP raw socket with HIGH security\nlevel is used. The kernel is supposed to trigger the authentication\nrequest in this case but this doesn\u0027t happen currently for non-SSP\n(pre-2.1) devices. The reason is that the authentication request happens\nin the remote extended features callback which never gets called for\nnon-SSP devices. This patch fixes the issue by requesting also\nauthentiation in the (normal) remote features callback in the case of\nnon-SSP devices.\n\nThis rule is applied only for HIGH security level which might at first\nseem unintuitive since on the server socket side MEDIUM is already\nenough for authentication. However, for the clients we really want to\nprefer the server side to decide the authentication requrement in most\ncases, and since most client sockets use MEDIUM it\u0027s better to be\navoided on the kernel side for these sockets. The important socket to\nrequest it for is the dedicated bonding one and that socket uses HIGH\nsecurity level.\n\nThe patch is based on the initial investigation and patch proposal from\nAndrei Emeltchenko \u003cendrei.emeltchenko@nokia.com\u003e.\n\nSigned-off-by: Johan Hedberg \u003cjohan.hedberg@nokia.com\u003e\nAcked-by: Marcel Holtmann \u003cmarcel@holtmann.org\u003e\nSigned-off-by: Gustavo F. Padovan \u003cpadovan@profusion.mobi\u003e\n"
    },
    {
      "commit": "96c99b473a8531188e2f6106c6ef0e33bb4500f2",
      "tree": "09df5d9f73e4b7d0c11359a25b78ed60a4866654",
      "parents": [
        "48a7c3df14d0cda850337a9b3f9e667a0b12a996"
      ],
      "author": {
        "name": "Randy Dunlap",
        "email": "randy.dunlap@oracle.com",
        "time": "Wed Oct 13 18:16:52 2010 -0700"
      },
      "committer": {
        "name": "Gustavo F. Padovan",
        "email": "padovan@profusion.mobi",
        "time": "Tue Nov 09 00:55:27 2010 -0200"
      },
      "message": "Bluetooth: fix hidp kconfig dependency warning\n\nFix kconfig dependency warning to satisfy dependencies:\n\nwarning: (BT_HIDP \u0026\u0026 NET \u0026\u0026 BT \u0026\u0026 BT_L2CAP \u0026\u0026 INPUT || USB_HID \u0026\u0026 HID_SUPPORT \u0026\u0026 USB \u0026\u0026 INPUT) selects HID which has unmet direct dependencies (HID_SUPPORT \u0026\u0026 INPUT)\n\nSigned-off-by: Randy Dunlap \u003crandy.dunlap@oracle.com\u003e\nAcked-by: Marcel Holtmann \u003cmarcel@holtmann.org\u003e\nSigned-off-by: Gustavo F. Padovan \u003cpadovan@profusion.mobi\u003e\n"
    },
    {
      "commit": "352ffad646c0e0c5cf9ae8cea99710ee0d66ee27",
      "tree": "41987fe0c7e00dfc3aa6871f1a51007e42f22c03",
      "parents": [
        "fbb078fcd2fa83646ad9504d8e4c54a67b8729ae"
      ],
      "author": {
        "name": "Brian Cavagnolo",
        "email": "brian@cozybit.com",
        "time": "Thu Nov 04 16:59:28 2010 -0700"
      },
      "committer": {
        "name": "John W. Linville",
        "email": "linville@tuxdriver.com",
        "time": "Mon Nov 08 16:53:47 2010 -0500"
      },
      "message": "mac80211: unset SDATA_STATE_OFFCHANNEL when cancelling a scan\n\nFor client STA interfaces, ieee80211_do_stop unsets the relevant\ninterface\u0027s SDATA_STATE_RUNNING state bit prior to cancelling an\ninterrupted scan.  When ieee80211_offchannel_return is invoked as\npart of cancelling the scan, it doesn\u0027t bother unsetting the\nSDATA_STATE_OFFCHANNEL bit because it sees that the interface is\ndown.  Normally this doesn\u0027t matter because when the client STA\ninterface is brought back up, it will probably issue a scan.  But\nin some cases (e.g., the user changes the interface type while it\nis down), the SDATA_STATE_OFFCHANNEL bit will remain set.  This\nprevents the interface queues from being started.  So we\ncancel the scan before unsetting the SDATA_STATE_RUNNING bit.\n\nSigned-off-by: Brian Cavagnolo \u003cbrian@cozybit.com\u003e\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n"
    },
    {
      "commit": "3cc25e510dfc36dc62ee0aa87344b36ed7c1742a",
      "tree": "aa485987c383ac5c2843e1f3d7b3eb3a628f111b",
      "parents": [
        "8df86db9060ddd123d172c7adb6b2b71f31e77cd"
      ],
      "author": {
        "name": "Felix Fietkau",
        "email": "nbd@openwrt.org",
        "time": "Sun Oct 31 15:31:54 2010 +0100"
      },
      "committer": {
        "name": "John W. Linville",
        "email": "linville@tuxdriver.com",
        "time": "Mon Nov 08 16:53:47 2010 -0500"
      },
      "message": "cfg80211: fix a crash in dev lookup on dump commands\n\nIS_ERR and PTR_ERR were called with the wrong pointer, leading to a\ncrash when cfg80211_get_dev_from_ifindex fails.\n\nSigned-off-by: Felix Fietkau \u003cnbd@openwrt.org\u003e\nAcked-by: Johannes Berg \u003cjohannes@sipsolutions.net\u003e\nSigned-off-by: John W. Linville \u003clinville@tuxdriver.com\u003e\n"
    }
  ],
  "next": "aa58163a76a3aef33c7220931543d45d0fe43753"
}
