--- /dev/null
+From bc8cec0dff072f1a45ce7f6b2c5234bb3411ac51 Mon Sep 17 00:00:00 2001
+From: Massimo Cirillo <maxcir@gmail.com>
+Date: Thu, 27 Aug 2009 10:44:09 +0200
+Subject: JFFS2: add missing verify buffer allocation/deallocation
+
+From: Massimo Cirillo <maxcir@gmail.com>
+
+commit bc8cec0dff072f1a45ce7f6b2c5234bb3411ac51 upstream.
+
+The function jffs2_nor_wbuf_flash_setup() doesn't allocate the verify buffer
+if CONFIG_JFFS2_FS_WBUF_VERIFY is defined, so causing a kernel panic when
+that macro is enabled and the verify function is called. Similarly the
+jffs2_nor_wbuf_flash_cleanup() must free the buffer if
+CONFIG_JFFS2_FS_WBUF_VERIFY is enabled.
+The following patch fixes the problem.
+The following patch applies to 2.6.30 kernel.
+
+Signed-off-by: Massimo Cirillo <maxcir@gmail.com>
+Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
+Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/jffs2/wbuf.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/fs/jffs2/wbuf.c
++++ b/fs/jffs2/wbuf.c
+@@ -1271,10 +1271,20 @@ int jffs2_nor_wbuf_flash_setup(struct jf
+ if (!c->wbuf)
+ return -ENOMEM;
+
++#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
++ c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
++ if (!c->wbuf_verify) {
++ kfree(c->wbuf);
++ return -ENOMEM;
++ }
++#endif
+ return 0;
+ }
+
+ void jffs2_nor_wbuf_flash_cleanup(struct jffs2_sb_info *c) {
++#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
++ kfree(c->wbuf_verify);
++#endif
+ kfree(c->wbuf);
+ }
+
e100-fix-interaction-with-swiotlb-on-x86.patch
net-net_assign_generic-fix.patch
+jffs2-add-missing-verify-buffer-allocation-deallocation.patch
+slub-fix-kmem_cache_destroy-with-slab_destroy_by_rcu.patch
--- /dev/null
+From d76b1590e06a63a3d8697168cd0aabf1c4b3cb3a Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <eric.dumazet@gmail.com>
+Date: Thu, 3 Sep 2009 22:38:59 +0300
+Subject: slub: Fix kmem_cache_destroy() with SLAB_DESTROY_BY_RCU
+
+From: Eric Dumazet <eric.dumazet@gmail.com>
+
+commit d76b1590e06a63a3d8697168cd0aabf1c4b3cb3a upstream.
+
+kmem_cache_destroy() should call rcu_barrier() *after* kmem_cache_close() and
+*before* sysfs_slab_remove() or risk rcu_free_slab() being called after
+kmem_cache is deleted (kfreed).
+
+rmmod nf_conntrack can crash the machine because it has to kmem_cache_destroy()
+a SLAB_DESTROY_BY_RCU enabled cache.
+
+Reported-by: Zdenek Kabelac <zdenek.kabelac@gmail.com>
+Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
+Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
+Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ mm/slub.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/mm/slub.c
++++ b/mm/slub.c
+@@ -2447,8 +2447,6 @@ static inline int kmem_cache_close(struc
+ */
+ void kmem_cache_destroy(struct kmem_cache *s)
+ {
+- if (s->flags & SLAB_DESTROY_BY_RCU)
+- rcu_barrier();
+ down_write(&slub_lock);
+ s->refcount--;
+ if (!s->refcount) {
+@@ -2459,6 +2457,8 @@ void kmem_cache_destroy(struct kmem_cach
+ "still has objects.\n", s->name, __func__);
+ dump_stack();
+ }
++ if (s->flags & SLAB_DESTROY_BY_RCU)
++ rcu_barrier();
+ sysfs_slab_remove(s);
+ } else
+ up_write(&slub_lock);
projects / thirdparty / kernel / stable-queue.git / commitdiff
