--- /dev/null
+From e75bafbff2270993926abcc31358361db74a9bc2 Mon Sep 17 00:00:00 2001
+From: "J. Bruce Fields" <bfields@redhat.com>
+Date: Sun, 10 Feb 2013 11:33:48 -0500
+Subject: svcrpc: make svc_age_temp_xprts enqueue under sv_lock
+
+From: "J. Bruce Fields" <bfields@redhat.com>
+
+commit e75bafbff2270993926abcc31358361db74a9bc2 upstream.
+
+svc_age_temp_xprts expires xprts in a two-step process: first it takes
+the sv_lock and moves the xprts to expire off their server-wide list
+(sv_tempsocks or sv_permsocks) to a local list. Then it drops the
+sv_lock and enqueues and puts each one.
+
+I see no reason for this: svc_xprt_enqueue() will take sp_lock, but the
+sv_lock and sp_lock are not otherwise nested anywhere (and documentation
+at the top of this file claims it's correct to nest these with sp_lock
+inside.)
+
+Tested-by: Jason Tibbitts <tibbs@math.uh.edu>
+Tested-by: Paweł Sikora <pawel.sikora@agmk.net>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/sunrpc/svc_xprt.c | 15 ++-------------
+ 1 file changed, 2 insertions(+), 13 deletions(-)
+
+--- a/net/sunrpc/svc_xprt.c
++++ b/net/sunrpc/svc_xprt.c
+@@ -824,7 +824,6 @@ static void svc_age_temp_xprts(unsigned
+ struct svc_serv *serv = (struct svc_serv *)closure;
+ struct svc_xprt *xprt;
+ struct list_head *le, *next;
+- LIST_HEAD(to_be_aged);
+
+ dprintk("svc_age_temp_xprts\n");
+
+@@ -845,25 +844,15 @@ static void svc_age_temp_xprts(unsigned
+ if (atomic_read(&xprt->xpt_ref.refcount) > 1 ||
+ test_bit(XPT_BUSY, &xprt->xpt_flags))
+ continue;
+- svc_xprt_get(xprt);
+- list_move(le, &to_be_aged);
++ list_del_init(le);
+ set_bit(XPT_CLOSE, &xprt->xpt_flags);
+ set_bit(XPT_DETACHED, &xprt->xpt_flags);
+- }
+- spin_unlock_bh(&serv->sv_lock);
+-
+- while (!list_empty(&to_be_aged)) {
+- le = to_be_aged.next;
+- /* fiddling the xpt_list node is safe 'cos we're XPT_DETACHED */
+- list_del_init(le);
+- xprt = list_entry(le, struct svc_xprt, xpt_list);
+-
+ dprintk("queuing xprt %p for closing\n", xprt);
+
+ /* a thread will dequeue and close it soon */
+ svc_xprt_enqueue(xprt);
+- svc_xprt_put(xprt);
+ }
++ spin_unlock_bh(&serv->sv_lock);
+
+ mod_timer(&serv->sv_temptimer, jiffies + svc_conn_age_period * HZ);
+ }
--- /dev/null
+From bd97120fc3d1a11f3124c7c9ba1d91f51829eb85 Mon Sep 17 00:00:00 2001
+From: "Michael S. Tsirkin" <mst@redhat.com>
+Date: Mon, 26 Nov 2012 05:57:27 +0000
+Subject: vhost: fix length for cross region descriptor
+
+From: "Michael S. Tsirkin" <mst@redhat.com>
+
+commit bd97120fc3d1a11f3124c7c9ba1d91f51829eb85 upstream.
+
+If a single descriptor crosses a region, the
+second chunk length should be decremented
+by size translated so far, instead it includes
+the full descriptor length.
+
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/vhost/vhost.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/vhost/vhost.c
++++ b/drivers/vhost/vhost.c
+@@ -986,7 +986,7 @@ static int translate_desc(struct vhost_d
+ }
+ _iov = iov + ret;
+ size = reg->memory_size - addr + reg->guest_phys_addr;
+- _iov->iov_len = min((u64)len, size);
++ _iov->iov_len = min((u64)len - s, size);
+ _iov->iov_base = (void __user *)(unsigned long)
+ (reg->userspace_addr + addr - reg->guest_phys_addr);
+ s += size;
projects / thirdparty / kernel / stable-queue.git / commitdiff
