mlx4_en-don-t-use-napi_synchronize-inside-mlx4_en_netpoll.patch
netfilter-ipv4-defrag-set-local_df-flag-on-defragmented-skb.patch
powerpc-fix-64-bit-builds-with-binutils-2.24.patch
+zram-protect-sysfs-handler-from-invalid-memory-access.patch
+staging-zram-fix-memory-leak-by-refcount-mismatch.patch
--- /dev/null
+From 1b672224d128ec2570eb37572ff803cfe452b4f7 Mon Sep 17 00:00:00 2001
+From: Rashika Kheria <rashika.kheria@gmail.com>
+Date: Sun, 10 Nov 2013 22:13:53 +0530
+Subject: Staging: zram: Fix memory leak by refcount mismatch
+
+From: Rashika Kheria <rashika.kheria@gmail.com>
+
+commit 1b672224d128ec2570eb37572ff803cfe452b4f7 upstream.
+
+As suggested by Minchan Kim and Jerome Marchand "The code in reset_store
+get the block device (bdget_disk()) but it does not put it (bdput()) when
+it's done using it. The usage count is therefore incremented but never
+decremented."
+
+This patch also puts bdput() for all error cases.
+
+Acked-by: Minchan Kim <minchan@kernel.org>
+Acked-by: Jerome Marchand <jmarchan@redhat.com>
+Signed-off-by: Rashika Kheria <rashika.kheria@gmail.com>
+[bwh: Backported to 3.2: adjust filename, context]
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+[wyj: Backported to 3.4: adjust context]
+Signed-off-by: Yijing Wang <wangyijing@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/staging/zram/zram_sysfs.c | 19 ++++++++++++++-----
+ 1 file changed, 14 insertions(+), 5 deletions(-)
+
+--- a/drivers/staging/zram/zram_sysfs.c
++++ b/drivers/staging/zram/zram_sysfs.c
+@@ -99,18 +99,23 @@ static ssize_t reset_store(struct device
+ return -ENOMEM;
+
+ /* Do not reset an active device! */
+- if (bdev->bd_holders)
+- return -EBUSY;
++ if (bdev->bd_holders) {
++ ret = -EBUSY;
++ goto out;
++ }
+
+ ret = kstrtou16(buf, 10, &do_reset);
+ if (ret)
+- return ret;
++ goto out;
+
+- if (!do_reset)
+- return -EINVAL;
++ if (!do_reset) {
++ ret = -EINVAL;
++ goto out;
++ }
+
+ /* Make sure all pending I/O is finished */
+ fsync_bdev(bdev);
++ bdput(bdev);
+
+ down_write(&zram->init_lock);
+ if (zram->init_done)
+@@ -118,6 +123,10 @@ static ssize_t reset_store(struct device
+ up_write(&zram->init_lock);
+
+ return len;
++
++out:
++ bdput(bdev);
++ return ret;
+ }
+
+ static ssize_t num_reads_show(struct device *dev,
--- /dev/null
+From 5863e10b441e7ea4b492f930f1be180a97d026f3 Mon Sep 17 00:00:00 2001
+From: Jiang Liu <liuj97@gmail.com>
+Date: Fri, 7 Jun 2013 00:07:27 +0800
+Subject: zram: protect sysfs handler from invalid memory access
+
+From: Jiang Liu <liuj97@gmail.com>
+
+commit 5863e10b441e7ea4b492f930f1be180a97d026f3 upstream.
+
+Use zram->init_lock to protect access to zram->meta, otherwise it
+may cause invalid memory access if zram->meta has been freed by
+zram_reset_device().
+
+This issue may be triggered by:
+Thread 1:
+while true; do cat mem_used_total; done
+Thread 2:
+while true; do echo 8M > disksize; echo 1 > reset; done
+
+Signed-off-by: Jiang Liu <jiang.liu@huawei.com>
+Acked-by: Minchan Kim <minchan@kernel.org>
+[bwh: Backported to 3.2: adjust context]
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+[wyj: Backported to 3.4: adjust context]
+Signed-off-by: Yijing Wang <wangyijing@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/staging/zram/zram_sysfs.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/staging/zram/zram_sysfs.c
++++ b/drivers/staging/zram/zram_sysfs.c
+@@ -188,10 +188,12 @@ static ssize_t mem_used_total_show(struc
+ u64 val = 0;
+ struct zram *zram = dev_to_zram(dev);
+
++ down_read(&zram->init_lock);
+ if (zram->init_done) {
+ val = zs_get_total_size_bytes(zram->mem_pool) +
+ ((u64)(zram->stats.pages_expand) << PAGE_SHIFT);
+ }
++ up_read(&zram->init_lock);
+
+ return sprintf(buf, "%llu\n", val);
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
