We (the -stable team) are announcing the release of the 2.6.22.12 kernel.
It fixes a number of reported bugs, and any user of the 2.6.22 series is
encouraged to upgrade.

I'll also be replying to this message with a copy of the patch between
2.6.22.11 and 2.6.22.12

The updated 2.6.22.y git tree can be found at:
        git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.6.22.y.git
and can be browsed at the normal kernel.org git web browser:
        http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.22.y.git;a=summary

thanks,

greg k-h

--------

 Makefile                             |    2 -
 arch/i386/kernel/io_apic.c           |    7 +++--
 arch/x86_64/kernel/io_apic.c         |    7 +++--
 arch/x86_64/mm/init.c                |    5 ---
 arch/x86_64/mm/pageattr.c            |    9 +++++-
 drivers/infiniband/core/uverbs_cmd.c |    8 ++++-
 drivers/md/dm-exception-store.c      |   48 +++++++++++++++++++++++++++++++----
 fs/minix/itree_v1.c                  |    9 +++++-
 fs/minix/itree_v2.c                  |    9 +++++-
 include/linux/bootmem.h              |    1 
 kernel/irq/chip.c                    |    5 ---
 kernel/irq/resend.c                  |    7 ++++-
 kernel/params.c                      |    8 +++++
 mm/sparse.c                          |   11 --------
 14 files changed, 95 insertions(+), 41 deletions(-)

Summary of changes from v2.6.22.11 to v2.6.22.12
================================================

Dave Young (1):
      param_sysfs_builtin memchr argument fix

Eric Sandeen (1):
      minixfs: limit minixfs printks on corrupted dir i_size (CVE-2006-6058)

Greg Kroah-Hartman (1):
      Linux 2.6.22.12

Ingo Molnar (1):
      x86: fix global_flush_tlb() bug

Linus Torvalds (1):
      Revert "x86_64: allocate sparsemem memmap above 4G"

Milan Broz (1):
      dm snapshot: fix invalidation deadlock

Roland Dreier (1):
      IB/uverbs: Fix checking of userspace object ownership

Thomas Gleixner (3):
      genirq: ...
[ message continues ]

diff --git a/Makefile b/Makefile
index 8874c9b..b55f9bf 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
 VERSION = 2
 PATCHLEVEL = 6
 SUBLEVEL = 22
-EXTRAVERSION = .11
+EXTRAVERSION = .12
 NAME = Holy Dancing Manatees, Batman!
 
 # *DOCUMENTATION*
diff --git a/arch/i386/kernel/io_apic.c b/arch/i386/kernel/io_apic.c
index 7f8b7af..97ba305 100644
--- a/arch/i386/kernel/io_apic.c
+++ b/arch/i386/kernel/io_apic.c
@@ -1275,12 +1275,15 @@ static struct irq_chip ioapic_chip;
 static void ioapic_register_intr(int irq, int vector, unsigned long trigger)
 {
 	if ((trigger == IOAPIC_AUTO && IO_APIC_irq_trigger(irq)) ||
-			trigger == IOAPIC_LEVEL)
+	    trigger == IOAPIC_LEVEL) {
+		irq_desc[irq].status |= IRQ_LEVEL;
 		set_irq_chip_and_handler_name(irq, &ioapic_chip,
 					 handle_fasteoi_irq, "fasteoi");
-	else
+	} else {
+		irq_desc[irq].status &= ~IRQ_LEVEL;
 		set_irq_chip_and_handler_name(irq, &ioapic_chip,
 					 handle_edge_irq, "edge");
+	}
 	set_intr_gate(vector, interrupt[irq]);
 }
 
diff --git a/arch/x86_64/kernel/io_apic.c b/arch/x86_64/kernel/io_apic.c
index 1c6c6f7..34d7cde 100644
--- a/arch/x86_64/kernel/io_apic.c
+++ b/arch/x86_64/kernel/io_apic.c
@@ -774,12 +774,15 @@ static struct irq_chip ioapic_chip;
 
 static void ioapic_register_intr(int irq, unsigned long trigger)
 {
-	if (trigger)
+	if (trigger) {
+		irq_desc[irq].status |= IRQ_LEVEL;
 		set_irq_chip_and_handler_name(irq, &ioapic_chip,
 					      handle_fasteoi_irq, "fasteoi");
-	else
+	} else {
+		irq_desc[irq].status &= ~IRQ_LEVEL;
 		set_irq_chip_and_handler_name(irq, &ioapic_chip,
 					      handle_edge_irq, "edge");
+	}
 }
 
 static void setup_IO_APIC_irq(int apic, int pin, unsigned int irq,
diff --git a/arch/x86_64/mm/init.c b/arch/x86_64/mm/init.c
index 9a0e98a..b7e514e 100644
--- a/arch/x86_64/mm/init.c
+++ b/arch/x86_64/mm/init.c
@@ -769,8 +769,3 @@ int in_gate_area_no_task(unsigned long addr)
 	return (addr >= VSYSCALL_START) && (addr < VSYSCALL_END);
 }
 
-void ...
[ message continues ]

BUG: unable to handle kernel NULL pointer dereference at virtual address 00000014
  printing eip:
c047102c
*pdpt = 0000000024e2c001
*pde = 0000000000000000
Oops: 0002 [#1]
SMP
Modules linked in: nfsd exportfs iptable_mangle iptable_nat nf_nat nf_conntrack_ipv4 ipt_LOG ipt_connlimit nf_conntrack nfnetlink xt_tcpudp iptable_filter ip_tables x_tables nfs lockd nfs_acl ipv6 autofs4 sunrpc binfmt_misc quota_v2 dm_mirror dm_mod video sbs button dock battery ac parport_pc lp parport floppy nvram sr_mod cdrom joydev ata_generic sg e752x_edac edac_mc ata_piix pata_sil680 ehci_hcd libata iTCO_wdt iTCO_vendor_support e1000 uhci_hcd rtc_cmos rtc_core serio_raw rtc_lib scsi_wait_scan megaraid_mbox megaraid_mm sd_mod scsi_mod ext3 jbd mbcache
CPU:    1
EIP:    0060:[<c047102c>]    Not tainted VLI
EFLAGS: 00010246   (2.6.22.12-1 #1)
EIP is at fput+0x2/0x15
eax: 00000000   ebx: 00000000   ecx: 00009362   edx: 00000000
esi: 00000000   edi: cc6c0dc0   ebp: e342b480   esp: cf231f30
ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
Process automount (pid: 15112, ti=cf230000 task=dff84870 task.ti=cf230000)
Stack: f8b60885 80049370 00000000 00000000 cc6c0dc0 f8b5f99f f625f588 f8b5f896
        e342b480 f8b5f896 00000000 c047a48f 00000000 00000000 00000000 00009362
        00000000 e342b480 00000000 00000004 c047a6de 00000002 c047a014 00000000
Call Trace:
  [<f8b60885>] autofs4_catatonic_mode+0x5a/0x66 [autofs4]
  [<f8b5f99f>] autofs4_root_ioctl+0x109/0x226 [autofs4]
  [<f8b5f896>] autofs4_root_ioctl+0x0/0x226 [autofs4]
  [<f8b5f896>] autofs4_root_ioctl+0x0/0x226 [autofs4]
  [<c047a48f>] do_ioctl+0x87/0x9f
  [<c047a6de>] vfs_ioctl+0x237/0x249
  [<c047a014>] do_fcntl+0xd2/0x249
  [<c047a73c>] sys_ioctl+0x4c/0x64
  [<c0404cc2>] sysenter_past_esp+0x5f/0x85
  =======================
Code: 7c 24 08 00 74 1b 8b 44 24 08 c7 40 64 00 00 00 00 8b 44 24 08 83 c4 
0c 5b 5e 5f 5d e9 7c 16 01 00 83 c4 0c 5b 5e 5f 5d c3 89 c2 <f0> ff 48 14 
0f 94 c0 84 c0 74 07 89 d0 e9 9c fe ff ff c3 56 85
EIP: [<c047102c>] ...
[ message continues ]

Did this happen with older versions of 2.6.22.y?

Have you asked the autofs people about this?

thanks,

greg k-h
-

[ message continues ]