diff -urNp linux-2.6.10/drivers/char/moxa.c linux-2.6.10-new/drivers/char/moxa.c --- linux-2.6.10/drivers/char/moxa.c 2005-01-07 10:51:23 -0500 +++ linux-2.6.10-new/drivers/char/moxa.c 2005-01-07 10:51:33 -0500 @@ -1668,6 +1668,8 @@ int MoxaDriverIoctl(unsigned int cmd, un return -EFAULT; if(dltmp.cardno < 0 || dltmp.cardno >= MAX_BOARDS) return -EINVAL; + if(dltmp.len < 0 || dltmp.len > sizeof(moxaBuff)) + return -EINVAL; switch(cmd) { @@ -2822,8 +2824,6 @@ static int moxaload320b(int cardno, unsi void __iomem *baseAddr; int i; - if(len > sizeof(moxaBuff)) - return -EINVAL; if(copy_from_user(moxaBuff, tmp, len)) return -EFAULT; baseAddr = moxaBaseAddr[cardno]; diff -urNp linux-2.6.10/drivers/block/scsi_ioctl.c linux-2.6.10-new/drivers/block/scsi_ioctl.c --- linux-2.6.10/drivers/block/scsi_ioctl.c 2005-01-07 10:51:24 -0500 +++ linux-2.6.10-new/drivers/block/scsi_ioctl.c 2005-01-07 10:51:33 -0500 @@ -339,7 +339,8 @@ static int sg_scsi_ioctl(struct file *fi struct gendisk *bd_disk, Scsi_Ioctl_Command __user *sic) { struct request *rq; - int err, in_len, out_len, bytes, opcode, cmdlen; + unsigned int in_len, out_len, bytes, opcode, cmdlen; + int err; char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE]; /* diff -urNp linux-2.6.10/include/linux/writeback.h linux-2.6.10-new/include/linux/writeback.h --- linux-2.6.10/include/linux/writeback.h 2005-01-07 10:51:22 -0500 +++ linux-2.6.10-new/include/linux/writeback.h 2005-01-07 10:51:33 -0500 @@ -86,6 +86,7 @@ static inline void wait_on_inode(struct int wakeup_bdflush(long nr_pages); void laptop_io_completion(void); void laptop_sync_completion(void); +void throttle_vm_writeout(void); /* These are exported to sysctl. */ extern int dirty_background_ratio; diff -urNp linux-2.6.10/drivers/char/random.c linux-2.6.10-new/drivers/char/random.c --- linux-2.6.10/drivers/char/random.c 2005-01-07 10:51:23 -0500 +++ linux-2.6.10-new/drivers/char/random.c 2005-01-07 10:51:33 -0500 @@ -1912,7 +1912,7 @@ static int poolsize_strategy(ctl_table * void __user *oldval, size_t __user *oldlenp, void __user *newval, size_t newlen, void **context) { - int len; + size_t len; sysctl_poolsize = random_state->poolinfo.POOLBYTES; diff -urNp linux-2.6.10/mm/mmap.c linux-2.6.10-new/mm/mmap.c --- linux-2.6.10/mm/mmap.c 2004-12-24 22:35:00.000000000 +0100 +++ linux-2.6.10-new/mm/mmap.c 2004-12-27 16:37:47.000000000 +0100 @@ -1360,6 +1360,13 @@ int expand_stack(struct vm_area_struct * vm_unacct_memory(grow); return -ENOMEM; } + if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) && + ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > + current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) { + anon_vma_unlock(vma); + vm_unacct_memory(grow); + return -ENOMEM; + } vma->vm_end = address; vma->vm_mm->total_vm += grow; if (vma->vm_flags & VM_LOCKED) @@ -1422,6 +1429,13 @@ int expand_stack(struct vm_area_struct * vm_unacct_memory(grow); return -ENOMEM; } + if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) && + ((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) > + current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) { + anon_vma_unlock(vma); + vm_unacct_memory(grow); + return -ENOMEM; + } vma->vm_start = address; vma->vm_pgoff -= grow; vma->vm_mm->total_vm += grow; diff -urNp linux-2.6.10/mm/page-writeback.c linux-2.6.10-new/mm/page-writeback.c --- linux-2.6.10/mm/page-writeback.c 2005-01-07 10:51:24 -0500 +++ linux-2.6.10-new/mm/page-writeback.c 2005-01-07 10:51:33 -0500 @@ -276,6 +276,28 @@ void balance_dirty_pages_ratelimited(str } EXPORT_SYMBOL(balance_dirty_pages_ratelimited); +void throttle_vm_writeout(void) +{ + struct writeback_state wbs; + long background_thresh; + long dirty_thresh; + + for ( ; ; ) { + get_dirty_limits(&wbs, &background_thresh, &dirty_thresh); + + /* + * Boost the allowable dirty threshold a bit for page + * allocators so they don't get DoS'ed by heavy writers + */ + dirty_thresh += dirty_thresh / 10; /* wheeee... */ + + if (wbs.nr_unstable + wbs.nr_writeback <= dirty_thresh) + break; + blk_congestion_wait(WRITE, HZ/10); + } +} + + /* * writeback at least _min_pages, and keep writing until the amount of dirty * memory is less than the background threshold, or until we're all clean. diff -urNp linux-2.6.10/mm/vmscan.c linux-2.6.10-new/mm/vmscan.c --- linux-2.6.10/mm/vmscan.c 2005-01-07 10:51:24 -0500 +++ linux-2.6.10-new/mm/vmscan.c 2005-01-07 10:51:33 -0500 @@ -369,14 +369,14 @@ static int shrink_list(struct list_head BUG_ON(PageActive(page)); - if (PageWriteback(page)) - goto keep_locked; - sc->nr_scanned++; /* Double the slab pressure for mapped and swapcache pages */ if (page_mapped(page) || PageSwapCache(page)) sc->nr_scanned++; + if (PageWriteback(page)) + goto keep_locked; + referenced = page_referenced(page, 1, sc->priority <= 0); /* In active use or really unfreeable? Activate it. */ if (referenced && page_mapping_inuse(page)) @@ -825,6 +825,8 @@ shrink_zone(struct zone *zone, struct sc break; } } + + throttle_vm_writeout(); } /* diff -urNp linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_tcp.c linux-2.6.10-new/net/ipv4/netfilter/ip_conntrack_proto_tcp.c --- linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2005-01-07 10:51:24 -0500 +++ linux-2.6.10-new/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2005-01-07 10:51:33 -0500 @@ -906,7 +906,8 @@ static int tcp_packet(struct ip_conntrac if (index == TCP_RST_SET && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status) && conntrack->proto.tcp.last_index <= TCP_SYNACK_SET) - || conntrack->proto.tcp.last_index == TCP_ACK_SET) + || (!test_bit(IPS_ASSURED_BIT, &conntrack->status) + && conntrack->proto.tcp.last_index == TCP_ACK_SET)) && after(ntohl(th->ack_seq), conntrack->proto.tcp.last_seq)) { /* Ignore RST closing down invalid SYN or ACK