diff options
author | Greg Kroah-Hartman <gregkh@suse.de> | 2011-05-09 15:16:46 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2011-05-09 15:16:46 -0700 |
commit | e36a207e878165bb6ac3a874bd089a3b34773b95 (patch) | |
tree | faa8416521918b9136ec6ef6b032eabb9b1d0127 | |
parent | d4d518ac5634eb0eda38c9be1064017cfa70b733 (diff) | |
download | stable-queue-e36a207e878165bb6ac3a874bd089a3b34773b95.tar.gz |
actually add the files...
3 files changed, 170 insertions, 0 deletions
diff --git a/review-2.6.38/can-add-missing-socket-check-in-can-raw-release.patch b/review-2.6.38/can-add-missing-socket-check-in-can-raw-release.patch new file mode 100644 index 0000000000..f443913dcc --- /dev/null +++ b/review-2.6.38/can-add-missing-socket-check-in-can-raw-release.patch @@ -0,0 +1,41 @@ +From 10022a6c66e199d8f61d9044543f38785713cbbd Mon Sep 17 00:00:00 2001 +From: Oliver Hartkopp <socketcan@hartkopp.net> +Date: Wed, 20 Apr 2011 01:57:15 +0000 +Subject: can: add missing socket check in can/raw release + +From: Oliver Hartkopp <socketcan@hartkopp.net> + +commit 10022a6c66e199d8f61d9044543f38785713cbbd upstream. + +v2: added space after 'if' according code style. + +We can get here with a NULL socket argument passed from userspace, +so we need to handle it accordingly. + +Thanks to Dave Jones pointing at this issue in net/can/bcm.c + +Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> +Signed-off-by: David S. Miller <davem@davemloft.net> +Cc: Chuck Ebbert <cebbert@redhat.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + net/can/raw.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/net/can/raw.c ++++ b/net/can/raw.c +@@ -305,7 +305,12 @@ static int raw_init(struct sock *sk) + static int raw_release(struct socket *sock) + { + struct sock *sk = sock->sk; +- struct raw_sock *ro = raw_sk(sk); ++ struct raw_sock *ro; ++ ++ if (!sk) ++ return 0; ++ ++ ro = raw_sk(sk); + + unregister_netdevice_notifier(&ro->notifier); + diff --git a/review-2.6.38/fix-oops-in-scsi_run_queue.patch b/review-2.6.38/fix-oops-in-scsi_run_queue.patch new file mode 100644 index 0000000000..24c3911217 --- /dev/null +++ b/review-2.6.38/fix-oops-in-scsi_run_queue.patch @@ -0,0 +1,49 @@ +From c055f5b2614b4f758ae6cc86733f31fa4c2c5844 Mon Sep 17 00:00:00 2001 +From: James Bottomley <James.Bottomley@suse.de> +Date: Sun, 1 May 2011 09:42:07 -0500 +Subject: [SCSI] fix oops in scsi_run_queue() + +From: James Bottomley <James.Bottomley@suse.de> + +commit c055f5b2614b4f758ae6cc86733f31fa4c2c5844 upstream. + +The recent commit closing the race window in device teardown: + +commit 86cbfb5607d4b81b1a993ff689bbd2addd5d3a9b +Author: James Bottomley <James.Bottomley@suse.de> +Date: Fri Apr 22 10:39:59 2011 -0500 + + [SCSI] put stricter guards on queue dead checks + +is causing a potential NULL deref in scsi_run_queue() because the +q->queuedata may already be NULL by the time this function is called. +Since we shouldn't be running a queue that is being torn down, simply +add a NULL check in scsi_run_queue() to forestall this. + +Tested-by: Jim Schutt <jaschut@sandia.gov> +Signed-off-by: James Bottomley <James.Bottomley@suse.de> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + drivers/scsi/scsi_lib.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/scsi_lib.c ++++ b/drivers/scsi/scsi_lib.c +@@ -400,10 +400,15 @@ static inline int scsi_host_is_busy(stru + static void scsi_run_queue(struct request_queue *q) + { + struct scsi_device *sdev = q->queuedata; +- struct Scsi_Host *shost = sdev->host; ++ struct Scsi_Host *shost; + LIST_HEAD(starved_list); + unsigned long flags; + ++ /* if the device is dead, sdev will be NULL, so no queue to run */ ++ if (!sdev) ++ return; ++ ++ shost = sdev->host; + if (scsi_target(sdev)->single_lun) + scsi_single_lun_run(sdev); + diff --git a/review-2.6.38/vm-skip-the-stack-guard-page-lookup-in-get_user_pages-only-for-mlock.patch b/review-2.6.38/vm-skip-the-stack-guard-page-lookup-in-get_user_pages-only-for-mlock.patch new file mode 100644 index 0000000000..a038b0efa0 --- /dev/null +++ b/review-2.6.38/vm-skip-the-stack-guard-page-lookup-in-get_user_pages-only-for-mlock.patch @@ -0,0 +1,80 @@ +From a1fde08c74e90accd62d4cfdbf580d2ede938fe7 Mon Sep 17 00:00:00 2001 +From: Linus Torvalds <torvalds@linux-foundation.org> +Date: Wed, 4 May 2011 21:30:28 -0700 +Subject: VM: skip the stack guard page lookup in get_user_pages only for mlock + +From: Linus Torvalds <torvalds@linux-foundation.org> + +commit a1fde08c74e90accd62d4cfdbf580d2ede938fe7 upstream. + +The logic in __get_user_pages() used to skip the stack guard page lookup +whenever the caller wasn't interested in seeing what the actual page +was. But Michel Lespinasse points out that there are cases where we +don't care about the physical page itself (so 'pages' may be NULL), but +do want to make sure a page is mapped into the virtual address space. + +So using the existence of the "pages" array as an indication of whether +to look up the guard page or not isn't actually so great, and we really +should just use the FOLL_MLOCK bit. But because that bit was only set +for the VM_LOCKED case (and not all vma's necessarily have it, even for +mlock()), we couldn't do that originally. + +Fix that by moving the VM_LOCKED check deeper into the call-chain, which +actually simplifies many things. Now mlock() gets simpler, and we can +also check for FOLL_MLOCK in __get_user_pages() and the code ends up +much more straightforward. + +Reported-and-reviewed-by: Michel Lespinasse <walken@google.com> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + mm/memory.c | 7 +++---- + mm/mlock.c | 5 +---- + 2 files changed, 4 insertions(+), 8 deletions(-) + +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -1359,7 +1359,7 @@ split_fallthrough: + */ + mark_page_accessed(page); + } +- if (flags & FOLL_MLOCK) { ++ if ((flags & FOLL_MLOCK) && (vma->vm_flags & VM_LOCKED)) { + /* + * The preliminary mapping check is mainly to avoid the + * pointless overhead of lock_page on the ZERO_PAGE +@@ -1503,10 +1503,9 @@ int __get_user_pages(struct task_struct + } + + /* +- * If we don't actually want the page itself, +- * and it's the stack guard page, just skip it. ++ * For mlock, just skip the stack guard page. + */ +- if (!pages && stack_guard_page(vma, start)) ++ if ((gup_flags & FOLL_MLOCK) && stack_guard_page(vma, start)) + goto next_page; + + do { +--- a/mm/mlock.c ++++ b/mm/mlock.c +@@ -162,7 +162,7 @@ static long __mlock_vma_pages_range(stru + VM_BUG_ON(end > vma->vm_end); + VM_BUG_ON(!rwsem_is_locked(&mm->mmap_sem)); + +- gup_flags = FOLL_TOUCH; ++ gup_flags = FOLL_TOUCH | FOLL_MLOCK; + /* + * We want to touch writable mappings with a write fault in order + * to break COW, except for shared mappings because these don't COW +@@ -178,9 +178,6 @@ static long __mlock_vma_pages_range(stru + if (vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC)) + gup_flags |= FOLL_FORCE; + +- if (vma->vm_flags & VM_LOCKED) +- gup_flags |= FOLL_MLOCK; +- + return __get_user_pages(current, mm, addr, nr_pages, gup_flags, + NULL, NULL, nonblocking); + } |