actually add the files...

3 files changed, 170 insertions, 0 deletions

diff --git a/review-2.6.38/can-add-missing-socket-check-in-can-raw-release.patch b/review-2.6.38/can-add-missing-socket-check-in-can-raw-release.patch
new file mode 100644
index 0000000000..f443913dcc
--- /dev/null
+++ b/review-2.6.38/can-add-missing-socket-check-in-can-raw-release.patch
@@ -0,0 +1,41 @@
+From 10022a6c66e199d8f61d9044543f38785713cbbd Mon Sep 17 00:00:00 2001
+From: Oliver Hartkopp <socketcan@hartkopp.net>
+Date: Wed, 20 Apr 2011 01:57:15 +0000
+Subject: can: add missing socket check in can/raw release
+
+From: Oliver Hartkopp <socketcan@hartkopp.net>
+
+commit 10022a6c66e199d8f61d9044543f38785713cbbd upstream.
+
+v2: added space after 'if' according code style.
+
+We can get here with a NULL socket argument passed from userspace,
+so we need to handle it accordingly.
+
+Thanks to Dave Jones pointing at this issue in net/can/bcm.c
+
+Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Chuck Ebbert <cebbert@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/can/raw.c |    7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/net/can/raw.c
++++ b/net/can/raw.c
+@@ -305,7 +305,12 @@ static int raw_init(struct sock *sk)
+ static int raw_release(struct socket *sock)
+ {
+ 	struct sock *sk = sock->sk;
+-	struct raw_sock *ro = raw_sk(sk);
++	struct raw_sock *ro;
++
++	if (!sk)
++		return 0;
++
++	ro = raw_sk(sk);
+ 
+ 	unregister_netdevice_notifier(&ro->notifier);
+ 
diff --git a/review-2.6.38/fix-oops-in-scsi_run_queue.patch b/review-2.6.38/fix-oops-in-scsi_run_queue.patch
new file mode 100644
index 0000000000..24c3911217
--- /dev/null
+++ b/review-2.6.38/fix-oops-in-scsi_run_queue.patch
@@ -0,0 +1,49 @@
+From c055f5b2614b4f758ae6cc86733f31fa4c2c5844 Mon Sep 17 00:00:00 2001
+From: James Bottomley <James.Bottomley@suse.de>
+Date: Sun, 1 May 2011 09:42:07 -0500
+Subject: [SCSI] fix oops in scsi_run_queue()
+
+From: James Bottomley <James.Bottomley@suse.de>
+
+commit c055f5b2614b4f758ae6cc86733f31fa4c2c5844 upstream.
+
+The recent commit closing the race window in device teardown:
+
+commit 86cbfb5607d4b81b1a993ff689bbd2addd5d3a9b
+Author: James Bottomley <James.Bottomley@suse.de>
+Date:   Fri Apr 22 10:39:59 2011 -0500
+
+    [SCSI] put stricter guards on queue dead checks
+
+is causing a potential NULL deref in scsi_run_queue() because the
+q->queuedata may already be NULL by the time this function is called.
+Since we shouldn't be running a queue that is being torn down, simply
+add a NULL check in scsi_run_queue() to forestall this.
+
+Tested-by: Jim Schutt <jaschut@sandia.gov>
+Signed-off-by: James Bottomley <James.Bottomley@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/scsi/scsi_lib.c |    7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/drivers/scsi/scsi_lib.c
++++ b/drivers/scsi/scsi_lib.c
+@@ -400,10 +400,15 @@ static inline int scsi_host_is_busy(stru
+ static void scsi_run_queue(struct request_queue *q)
+ {
+ 	struct scsi_device *sdev = q->queuedata;
+-	struct Scsi_Host *shost = sdev->host;
++	struct Scsi_Host *shost;
+ 	LIST_HEAD(starved_list);
+ 	unsigned long flags;
+ 
++	/* if the device is dead, sdev will be NULL, so no queue to run */
++	if (!sdev)
++		return;
++
++	shost = sdev->host;
+ 	if (scsi_target(sdev)->single_lun)
+ 		scsi_single_lun_run(sdev);
+ 
diff --git a/review-2.6.38/vm-skip-the-stack-guard-page-lookup-in-get_user_pages-only-for-mlock.patch b/review-2.6.38/vm-skip-the-stack-guard-page-lookup-in-get_user_pages-only-for-mlock.patch
new file mode 100644
index 0000000000..a038b0efa0
--- /dev/null
+++ b/review-2.6.38/vm-skip-the-stack-guard-page-lookup-in-get_user_pages-only-for-mlock.patch
@@ -0,0 +1,80 @@
+From a1fde08c74e90accd62d4cfdbf580d2ede938fe7 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Wed, 4 May 2011 21:30:28 -0700
+Subject: VM: skip the stack guard page lookup in get_user_pages only for mlock
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit a1fde08c74e90accd62d4cfdbf580d2ede938fe7 upstream.
+
+The logic in __get_user_pages() used to skip the stack guard page lookup
+whenever the caller wasn't interested in seeing what the actual page
+was.  But Michel Lespinasse points out that there are cases where we
+don't care about the physical page itself (so 'pages' may be NULL), but
+do want to make sure a page is mapped into the virtual address space.
+
+So using the existence of the "pages" array as an indication of whether
+to look up the guard page or not isn't actually so great, and we really
+should just use the FOLL_MLOCK bit.  But because that bit was only set
+for the VM_LOCKED case (and not all vma's necessarily have it, even for
+mlock()), we couldn't do that originally.
+
+Fix that by moving the VM_LOCKED check deeper into the call-chain, which
+actually simplifies many things.  Now mlock() gets simpler, and we can
+also check for FOLL_MLOCK in __get_user_pages() and the code ends up
+much more straightforward.
+
+Reported-and-reviewed-by: Michel Lespinasse <walken@google.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ mm/memory.c |    7 +++----
+ mm/mlock.c  |    5 +----
+ 2 files changed, 4 insertions(+), 8 deletions(-)
+
+--- a/mm/memory.c
++++ b/mm/memory.c
+@@ -1359,7 +1359,7 @@ split_fallthrough:
+ 		 */
+ 		mark_page_accessed(page);
+ 	}
+-	if (flags & FOLL_MLOCK) {
++	if ((flags & FOLL_MLOCK) && (vma->vm_flags & VM_LOCKED)) {
+ 		/*
+ 		 * The preliminary mapping check is mainly to avoid the
+ 		 * pointless overhead of lock_page on the ZERO_PAGE
+@@ -1503,10 +1503,9 @@ int __get_user_pages(struct task_struct
+ 		}
+ 
+ 		/*
+-		 * If we don't actually want the page itself,
+-		 * and it's the stack guard page, just skip it.
++		 * For mlock, just skip the stack guard page.
+ 		 */
+-		if (!pages && stack_guard_page(vma, start))
++		if ((gup_flags & FOLL_MLOCK) && stack_guard_page(vma, start))
+ 			goto next_page;
+ 
+ 		do {
+--- a/mm/mlock.c
++++ b/mm/mlock.c
+@@ -162,7 +162,7 @@ static long __mlock_vma_pages_range(stru
+ 	VM_BUG_ON(end   > vma->vm_end);
+ 	VM_BUG_ON(!rwsem_is_locked(&mm->mmap_sem));
+ 
+-	gup_flags = FOLL_TOUCH;
++	gup_flags = FOLL_TOUCH | FOLL_MLOCK;
+ 	/*
+ 	 * We want to touch writable mappings with a write fault in order
+ 	 * to break COW, except for shared mappings because these don't COW
+@@ -178,9 +178,6 @@ static long __mlock_vma_pages_range(stru
+ 	if (vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC))
+ 		gup_flags |= FOLL_FORCE;
+ 
+-	if (vma->vm_flags & VM_LOCKED)
+-		gup_flags |= FOLL_MLOCK;
+-
+ 	return __get_user_pages(current, mm, addr, nr_pages, gup_flags,
+ 				NULL, NULL, nonblocking);
+ }