3.0-stable patches

added patches:
	slub-fix-a-possible-memleak-in-__slab_alloc.patch
	xen-pvhvm-do-not-remap-pirqs-onto-evtchns-if-xen_have_vector_callback.patch

diff --git a/queue-3.0/series b/queue-3.0/series
index 2fcdd74b9639076cf5f50d42ff86106066069b9e..02a830883f065a2380a3958ae03e5626ef6a21b8 100644 (file)
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -11,3 +11,5 @@ hwmon-f75375s-fix-automatic-pwm-mode-setting-for-f75373-f75375.patch
 crypto-sha512-use-binary-and-instead-of-modulus.patch
 crypto-sha512-avoid-stack-bloat-on-i386.patch
 alsa-intel8x0-fix-default-inaudible-sound-on-gateway-m520.patch
+xen-pvhvm-do-not-remap-pirqs-onto-evtchns-if-xen_have_vector_callback.patch
+slub-fix-a-possible-memleak-in-__slab_alloc.patch

diff --git a/queue-3.0/slub-fix-a-possible-memleak-in-__slab_alloc.patch b/queue-3.0/slub-fix-a-possible-memleak-in-__slab_alloc.patch
new file mode 100644 (file)
index 0000000..afd7dfb
--- /dev/null
+++ b/queue-3.0/slub-fix-a-possible-memleak-in-__slab_alloc.patch
@@ -0,0 +1,53 @@
+From 73736e0387ba0e6d2b703407b4d26168d31516a7 Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <eric.dumazet@gmail.com>
+Date: Tue, 13 Dec 2011 04:57:06 +0100
+Subject: slub: fix a possible memleak in __slab_alloc()
+
+From: Eric Dumazet <eric.dumazet@gmail.com>
+
+commit 73736e0387ba0e6d2b703407b4d26168d31516a7 upstream.
+
+Zhihua Che reported a possible memleak in slub allocator on
+CONFIG_PREEMPT=y builds.
+
+It is possible current thread migrates right before disabling irqs in
+__slab_alloc(). We must check again c->freelist, and perform a normal
+allocation instead of scratching c->freelist.
+
+Many thanks to Zhihua Che for spotting this bug, introduced in 2.6.39
+
+V2: Its also possible an IRQ freed one (or several) object(s) and
+populated c->freelist, so its not a CONFIG_PREEMPT only problem.
+
+Reported-by: Zhihua Che <zhihua.che@gmail.com>
+Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
+Acked-by: Christoph Lameter <cl@linux.com>
+Signed-off-by: Pekka Enberg <penberg@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/slub.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/mm/slub.c
++++ b/mm/slub.c
+@@ -1818,6 +1818,11 @@ static void *__slab_alloc(struct kmem_ca
+       if (unlikely(!node_match(c, node)))
+               goto another_slab;
+ 
++      /* must check again c->freelist in case of cpu migration or IRQ */
++      object = c->freelist;
++      if (object)
++              goto update_freelist;
++
+       stat(s, ALLOC_REFILL);
+ 
+ load_freelist:
+@@ -1827,6 +1832,7 @@ load_freelist:
+       if (kmem_cache_debug(s))
+               goto debug;
+ 
++update_freelist:
+       c->freelist = get_freepointer(s, object);
+       page->inuse = page->objects;
+       page->freelist = NULL;

diff --git a/queue-3.0/xen-pvhvm-do-not-remap-pirqs-onto-evtchns-if-xen_have_vector_callback.patch b/queue-3.0/xen-pvhvm-do-not-remap-pirqs-onto-evtchns-if-xen_have_vector_callback.patch
new file mode 100644 (file)
index 0000000..9a20976
--- /dev/null
+++ b/queue-3.0/xen-pvhvm-do-not-remap-pirqs-onto-evtchns-if-xen_have_vector_callback.patch
@@ -0,0 +1,28 @@
+From 207d543f472c1ac9552df79838dc807cbcaa9740 Mon Sep 17 00:00:00 2001
+From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+Date: Mon, 30 Jan 2012 14:31:46 +0000
+Subject: xen pvhvm: do not remap pirqs onto evtchns if !xen_have_vector_callback
+
+From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+
+commit 207d543f472c1ac9552df79838dc807cbcaa9740 upstream.
+
+Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/pci/xen.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/pci/xen.c
++++ b/arch/x86/pci/xen.c
+@@ -308,7 +308,7 @@ int __init pci_xen_init(void)
+ 
+ int __init pci_xen_hvm_init(void)
+ {
+-      if (!xen_feature(XENFEAT_hvm_pirqs))
++      if (!xen_have_vector_callback || !xen_feature(XENFEAT_hvm_pirqs))
+               return 0;
+ 
+ #ifdef CONFIG_ACPI