--- /dev/null
+From stable-bounces@linux.kernel.org Tue Jul 11 04:38:15 2006
+Message-Id: <200607111137.k6BBbbw0016844@shell0.pdx.osdl.net>
+To: torvalds@osdl.org
+From: akpm@osdl.org
+Date: Tue, 11 Jul 2006 04:37:37 -0700
+Cc: akpm@osdl.org, dev@openvz.org, stable@kernel.org, kuznet@ms2.inr.ac.ru
+Subject: fix fdset leakage
+
+From: Kirill Korotaev <dev@openvz.org>
+
+When found, it is obvious. nfds calculated when allocating fdsets is
+rewritten by calculation of size of fdtable, and when we are unlucky, we
+try to free fdsets of wrong size.
+
+Found due to OpenVZ resource management (User Beancounters).
+
+Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
+Signed-off-by: Kirill Korotaev <dev@openvz.org>
+Signed-off-by: Andrew Morton <akpm@osdl.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+
+ fs/file.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- linux-2.6.17.6.orig/fs/file.c
++++ linux-2.6.17.6/fs/file.c
+@@ -277,11 +277,13 @@ static struct fdtable *alloc_fdtable(int
+ } while (nfds <= nr);
+ new_fds = alloc_fd_array(nfds);
+ if (!new_fds)
+- goto out;
++ goto out2;
+ fdt->fd = new_fds;
+ fdt->max_fds = nfds;
+ fdt->free_files = NULL;
+ return fdt;
++out2:
++ nfds = fdt->max_fdset;
+ out:
+ if (new_openset)
+ free_fdset(new_openset, nfds);
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Jul 7 00:02:02 2006
+Message-Id: <200607070659.k676xoPA030486@shell0.pdx.osdl.net>
+To: rmk@arm.linux.org.uk
+From: akpm@osdl.org
+Date: Thu, 06 Jul 2006 23:59:50 -0700
+Cc: akpm@osdl.org, enrico.scholz@informatik.tu-chemnitz.de, stable@kernel.org
+Subject: serial 8250: sysrq deadlock fix
+
+From: Andrew Morton <akpm@osdl.org>
+
+Fix http://bugzilla.kernel.org/show_bug.cgi?id=6716
+
+Doing a sysrq over a serial line into an SMP machine presently deadlocks.
+
+Cc: Russell King <rmk@arm.linux.org.uk>
+Cc: Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
+Signed-off-by: Andrew Morton <akpm@osdl.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/serial/8250.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+--- linux-2.6.17.6.orig/drivers/serial/8250.c
++++ linux-2.6.17.6/drivers/serial/8250.c
+@@ -2241,10 +2241,14 @@ serial8250_console_write(struct console
+
+ touch_nmi_watchdog();
+
+- if (oops_in_progress) {
+- locked = spin_trylock_irqsave(&up->port.lock, flags);
++ local_irq_save(flags);
++ if (up->port.sysrq) {
++ /* serial8250_handle_port() already took the lock */
++ locked = 0;
++ } else if (oops_in_progress) {
++ locked = spin_trylock(&up->port.lock);
+ } else
+- spin_lock_irqsave(&up->port.lock, flags);
++ spin_lock(&up->port.lock);
+
+ /*
+ * First save the IER then disable the interrupts
+@@ -2266,7 +2270,8 @@ serial8250_console_write(struct console
+ serial_out(up, UART_IER, ier);
+
+ if (locked)
+- spin_unlock_irqrestore(&up->port.lock, flags);
++ spin_unlock(&up->port.lock);
++ local_irq_restore(flags);
+ }
+
+ static int serial8250_console_setup(struct console *co, char *options)
alsa-fix-missing-array-terminators-in-ad1988-codec-support.patch
alsa-fix-a-deadlock-in-snd-rtctimer.patch
alsa-au88x0-fix-64bit-address-of-mpu401-mmio-port.patch
+struct-file-leakage.patch
+serial-8250-sysrq-deadlock-fix.patch
+fix-fdset-leakage.patch
--- /dev/null
+From stable-bounces@linux.kernel.org Fri Jul 14 00:24:51 2006
+Message-Id: <200607140723.k6E7Nnxe001837@shell0.pdx.osdl.net>
+To: torvalds@osdl.org
+From: akpm@osdl.org
+Date: Fri, 14 Jul 2006 00:23:49 -0700
+Cc: akpm@osdl.org, dev@openvz.org, trond.myklebust@fys.uio.no,
+ kuznet@ms2.inr.ac.ru, dev@sw.ru, stable@kernel.org
+Subject: struct file leakage
+
+From: Kirill Korotaev <dev@sw.ru>
+
+2.6.16 leaks like hell. While testing, I found massive leakage
+(reproduced in openvz) in:
+
+*filp
+*size-4096
+
+And 1 object leaks in
+*size-32
+*size-64
+*size-128
+
+It is the fix for the first one. filp leaks in the bowels of namei.c.
+
+Seems, size-4096 is file table leaking in expand_fdtables.
+
+I have no idea what are the rest and why they show only accompanying
+another leaks. Some debugging structs?
+
+[akpm@osdl.org, Trond: remove the IS_ERR() check]
+Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
+Cc: Kirill Korotaev <dev@openvz.org>
+Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
+Signed-off-by: Andrew Morton <akpm@osdl.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/namei.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- linux-2.6.17.6.orig/fs/namei.c
++++ linux-2.6.17.6/fs/namei.c
+@@ -1712,8 +1712,14 @@ do_link:
+ if (error)
+ goto exit_dput;
+ error = __do_follow_link(&path, nd);
+- if (error)
++ if (error) {
++ /* Does someone understand code flow here? Or it is only
++ * me so stupid? Anathema to whoever designed this non-sense
++ * with "intent.open".
++ */
++ release_open_intent(nd);
+ return error;
++ }
+ nd->flags &= ~LOOKUP_PARENT;
+ if (nd->last_type == LAST_BIND)
+ goto ok;
projects / thirdparty / kernel / stable-queue.git / commitdiff
