3.4-stable patches

added patches:
	mm-fix-vma_resv_map-null-pointer.patch

diff --git a/queue-3.4/mm-fix-vma_resv_map-null-pointer.patch b/queue-3.4/mm-fix-vma_resv_map-null-pointer.patch
new file mode 100644 (file)
index 0000000..89c09e7
--- /dev/null
+++ b/queue-3.4/mm-fix-vma_resv_map-null-pointer.patch
@@ -0,0 +1,68 @@
+From 4523e1458566a0e8ecfaff90f380dd23acc44d27 Mon Sep 17 00:00:00 2001
+From: Dave Hansen <dave@linux.vnet.ibm.com>
+Date: Wed, 30 May 2012 07:51:07 -0700
+Subject: mm: fix vma_resv_map() NULL pointer
+
+From: Dave Hansen <dave@linux.vnet.ibm.com>
+
+commit 4523e1458566a0e8ecfaff90f380dd23acc44d27 upstream.
+
+hugetlb_reserve_pages() can be used for either normal file-backed
+hugetlbfs mappings, or MAP_HUGETLB.  In the MAP_HUGETLB, semi-anonymous
+mode, there is not a VMA around.  The new call to resv_map_put() assumed
+that there was, and resulted in a NULL pointer dereference:
+
+  BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
+  IP: vma_resv_map+0x9/0x30
+  PGD 141453067 PUD 1421e1067 PMD 0
+  Oops: 0000 [#1] PREEMPT SMP
+  ...
+  Pid: 14006, comm: trinity-child6 Not tainted 3.4.0+ #36
+  RIP: vma_resv_map+0x9/0x30
+  ...
+  Process trinity-child6 (pid: 14006, threadinfo ffff8801414e0000, task ffff8801414f26b0)
+  Call Trace:
+    resv_map_put+0xe/0x40
+    hugetlb_reserve_pages+0xa6/0x1d0
+    hugetlb_file_setup+0x102/0x2c0
+    newseg+0x115/0x360
+    ipcget+0x1ce/0x310
+    sys_shmget+0x5a/0x60
+    system_call_fastpath+0x16/0x1b
+
+This was reported by Dave Jones, but was reproducible with the
+libhugetlbfs test cases, so shame on me for not running them in the
+first place.
+
+With this, the oops is gone, and the output of libhugetlbfs's
+run_tests.py is identical to plain 3.4 again.
+
+[ Marked for stable, since this was introduced by commit c50ac050811d
+  ("hugetlb: fix resv_map leak in error path") which was also marked for
+  stable ]
+
+Reported-by: Dave Jones <davej@redhat.com>
+Cc: Mel Gorman <mel@csn.ul.ie>
+Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
+Cc: Christoph Lameter <cl@linux.com>
+Cc: Andrea Arcangeli <aarcange@redhat.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/hugetlb.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/mm/hugetlb.c
++++ b/mm/hugetlb.c
+@@ -3035,7 +3035,8 @@ int hugetlb_reserve_pages(struct inode *
+               region_add(&inode->i_mapping->private_list, from, to);
+       return 0;
+ out_err:
+-      resv_map_put(vma);
++      if (vma)
++              resv_map_put(vma);
+       return ret;
+ }
+ 

diff --git a/queue-3.4/series b/queue-3.4/series
index 2d7ae4aab86ede62e2de7e1c63733e0a0350cbbd..d7fddd4968dfce89eb943b507e83b8e7767546cb 100644 (file)
--- a/queue-3.4/series
+++ b/queue-3.4/series
@@ -32,3 +32,4 @@ drm-i915-adding-tv-out-missing-modes.patch
 drm-i915-wait-for-a-vblank-to-pass-after-tv-detect.patch
 drm-i915-no-lvds-quirk-for-hp-t5740e-thin-client.patch
 kbuild-install-kernel-page-flags.h.patch
+mm-fix-vma_resv_map-null-pointer.patch