--- /dev/null
+From dfca7cebc2679f3d129f8e680a8f199a7ad16e38 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@suse.cz>
+Date: Mon, 4 Feb 2013 15:57:42 +0100
+Subject: fuse: don't WARN when nlink is zero
+
+From: Miklos Szeredi <mszeredi@suse.cz>
+
+commit dfca7cebc2679f3d129f8e680a8f199a7ad16e38 upstream.
+
+drop_nlink() warns if nlink is already zero. This is triggerable by a buggy
+userspace filesystem. The cure, I think, is worse than the disease so disable
+the warning.
+
+Reported-by: Tero Roponen <tero.roponen@gmail.com>
+Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/fuse/dir.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/fs/fuse/dir.c
++++ b/fs/fuse/dir.c
+@@ -645,7 +645,14 @@ static int fuse_unlink(struct inode *dir
+
+ spin_lock(&fc->lock);
+ fi->attr_version = ++fc->attr_version;
+- drop_nlink(inode);
++ /*
++ * If i_nlink == 0 then unlink doesn't make sense, yet this can
++ * happen if userspace filesystem is careless. It would be
++ * difficult to enforce correct nlink usage so just ignore this
++ * condition here
++ */
++ if (inode->i_nlink > 0)
++ drop_nlink(inode);
+ spin_unlock(&fc->lock);
+ fuse_invalidate_attr(inode);
+ fuse_invalidate_attr(dir);
--- /dev/null
+From 2d32b29a1c2830f7c42caa8258c714acd983961f Mon Sep 17 00:00:00 2001
+From: majianpeng <majianpeng@gmail.com>
+Date: Tue, 29 Jan 2013 13:16:06 +0800
+Subject: nfsd: Fix memleak
+
+From: majianpeng <majianpeng@gmail.com>
+
+commit 2d32b29a1c2830f7c42caa8258c714acd983961f upstream.
+
+When free nfs-client, it must free the ->cl_stateids.
+
+Signed-off-by: Jianpeng Ma <majianpeng@gmail.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs4state.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/nfsd/nfs4state.c
++++ b/fs/nfsd/nfs4state.c
+@@ -1053,6 +1053,8 @@ free_client(struct nfs4_client *clp)
+ put_group_info(clp->cl_cred.cr_group_info);
+ kfree(clp->cl_principal);
+ kfree(clp->cl_name.data);
++ idr_remove_all(&clp->cl_stateids);
++ idr_destroy(&clp->cl_stateids);
+ kfree(clp);
+ }
+
ext4-fix-race-in-ext4_mb_add_n_trim.patch
ext4-fix-xattr-block-allocation-release-with-bigalloc.patch
ext4-fix-free-clusters-calculation-in-bigalloc-filesystem.patch
+nfsd-fix-memleak.patch
+svcrpc-make-svc_age_temp_xprts-enqueue-under-sv_lock.patch
+vhost-fix-length-for-cross-region-descriptor.patch
+fuse-don-t-warn-when-nlink-is-zero.patch
--- /dev/null
+From e75bafbff2270993926abcc31358361db74a9bc2 Mon Sep 17 00:00:00 2001
+From: "J. Bruce Fields" <bfields@redhat.com>
+Date: Sun, 10 Feb 2013 11:33:48 -0500
+Subject: svcrpc: make svc_age_temp_xprts enqueue under sv_lock
+
+From: "J. Bruce Fields" <bfields@redhat.com>
+
+commit e75bafbff2270993926abcc31358361db74a9bc2 upstream.
+
+svc_age_temp_xprts expires xprts in a two-step process: first it takes
+the sv_lock and moves the xprts to expire off their server-wide list
+(sv_tempsocks or sv_permsocks) to a local list. Then it drops the
+sv_lock and enqueues and puts each one.
+
+I see no reason for this: svc_xprt_enqueue() will take sp_lock, but the
+sv_lock and sp_lock are not otherwise nested anywhere (and documentation
+at the top of this file claims it's correct to nest these with sp_lock
+inside.)
+
+Tested-by: Jason Tibbitts <tibbs@math.uh.edu>
+Tested-by: Paweł Sikora <pawel.sikora@agmk.net>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/sunrpc/svc_xprt.c | 15 ++-------------
+ 1 file changed, 2 insertions(+), 13 deletions(-)
+
+--- a/net/sunrpc/svc_xprt.c
++++ b/net/sunrpc/svc_xprt.c
+@@ -817,7 +817,6 @@ static void svc_age_temp_xprts(unsigned
+ struct svc_serv *serv = (struct svc_serv *)closure;
+ struct svc_xprt *xprt;
+ struct list_head *le, *next;
+- LIST_HEAD(to_be_aged);
+
+ dprintk("svc_age_temp_xprts\n");
+
+@@ -838,25 +837,15 @@ static void svc_age_temp_xprts(unsigned
+ if (atomic_read(&xprt->xpt_ref.refcount) > 1 ||
+ test_bit(XPT_BUSY, &xprt->xpt_flags))
+ continue;
+- svc_xprt_get(xprt);
+- list_move(le, &to_be_aged);
++ list_del_init(le);
+ set_bit(XPT_CLOSE, &xprt->xpt_flags);
+ set_bit(XPT_DETACHED, &xprt->xpt_flags);
+- }
+- spin_unlock_bh(&serv->sv_lock);
+-
+- while (!list_empty(&to_be_aged)) {
+- le = to_be_aged.next;
+- /* fiddling the xpt_list node is safe 'cos we're XPT_DETACHED */
+- list_del_init(le);
+- xprt = list_entry(le, struct svc_xprt, xpt_list);
+-
+ dprintk("queuing xprt %p for closing\n", xprt);
+
+ /* a thread will dequeue and close it soon */
+ svc_xprt_enqueue(xprt);
+- svc_xprt_put(xprt);
+ }
++ spin_unlock_bh(&serv->sv_lock);
+
+ mod_timer(&serv->sv_temptimer, jiffies + svc_conn_age_period * HZ);
+ }
--- /dev/null
+From bd97120fc3d1a11f3124c7c9ba1d91f51829eb85 Mon Sep 17 00:00:00 2001
+From: "Michael S. Tsirkin" <mst@redhat.com>
+Date: Mon, 26 Nov 2012 05:57:27 +0000
+Subject: vhost: fix length for cross region descriptor
+
+From: "Michael S. Tsirkin" <mst@redhat.com>
+
+commit bd97120fc3d1a11f3124c7c9ba1d91f51829eb85 upstream.
+
+If a single descriptor crosses a region, the
+second chunk length should be decremented
+by size translated so far, instead it includes
+the full descriptor length.
+
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/vhost/vhost.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/vhost/vhost.c
++++ b/drivers/vhost/vhost.c
+@@ -1074,7 +1074,7 @@ static int translate_desc(struct vhost_d
+ }
+ _iov = iov + ret;
+ size = reg->memory_size - addr + reg->guest_phys_addr;
+- _iov->iov_len = min((u64)len, size);
++ _iov->iov_len = min((u64)len - s, size);
+ _iov->iov_base = (void __user *)(unsigned long)
+ (reg->userspace_addr + addr - reg->guest_phys_addr);
+ s += size;
projects / thirdparty / kernel / stable-queue.git / commitdiff
