3.4-stable patches

added patches:
	alsa-usb-audio-fix-rate_list-memory-leak.patch
	slub-fix-a-memory-leak-in-get_partial_node.patch
	vfs-increment-iversion-when-a-file-is-truncated.patch
	vfs-umount_tree-might-be-called-on-subtree-that-had-never-made-it.patch

diff --git a/queue-3.4/alsa-usb-audio-fix-rate_list-memory-leak.patch b/queue-3.4/alsa-usb-audio-fix-rate_list-memory-leak.patch
new file mode 100644 (file)
index 0000000..cd94f03
--- /dev/null
+++ b/queue-3.4/alsa-usb-audio-fix-rate_list-memory-leak.patch
@@ -0,0 +1,33 @@
+From 5cd5d7c44990658df6ab49f6253c39617c53b03d Mon Sep 17 00:00:00 2001
+From: Clemens Ladisch <clemens@ladisch.de>
+Date: Fri, 18 May 2012 18:00:43 +0200
+Subject: ALSA: usb-audio: fix rate_list memory leak
+
+From: Clemens Ladisch <clemens@ladisch.de>
+
+commit 5cd5d7c44990658df6ab49f6253c39617c53b03d upstream.
+
+The array of sample rates is reallocated every time when opening
+the PCM device, but was freed only once when unplugging the device.
+
+Reported-by: "Alexander E. Patrakov" <patrakov@gmail.com>
+Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/usb/pcm.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/sound/usb/pcm.c
++++ b/sound/usb/pcm.c
+@@ -699,6 +699,9 @@ static int snd_usb_pcm_check_knot(struct
+       int count = 0, needs_knot = 0;
+       int err;
+ 
++      kfree(subs->rate_list.list);
++      subs->rate_list.list = NULL;
++
+       list_for_each_entry(fp, &subs->fmt_list, list) {
+               if (fp->rates & SNDRV_PCM_RATE_CONTINUOUS)
+                       return 0;

diff --git a/queue-3.4/series b/queue-3.4/series
index d7fddd4968dfce89eb943b507e83b8e7767546cb..24b264ea27909df1027d494cbdafa0419a11d582 100644 (file)
--- a/queue-3.4/series
+++ b/queue-3.4/series
@@ -33,3 +33,7 @@ drm-i915-wait-for-a-vblank-to-pass-after-tv-detect.patch
 drm-i915-no-lvds-quirk-for-hp-t5740e-thin-client.patch
 kbuild-install-kernel-page-flags.h.patch
 mm-fix-vma_resv_map-null-pointer.patch
+alsa-usb-audio-fix-rate_list-memory-leak.patch
+slub-fix-a-memory-leak-in-get_partial_node.patch
+vfs-umount_tree-might-be-called-on-subtree-that-had-never-made-it.patch
+vfs-increment-iversion-when-a-file-is-truncated.patch

diff --git a/queue-3.4/slub-fix-a-memory-leak-in-get_partial_node.patch b/queue-3.4/slub-fix-a-memory-leak-in-get_partial_node.patch
new file mode 100644 (file)
index 0000000..e4b22cf
--- /dev/null
+++ b/queue-3.4/slub-fix-a-memory-leak-in-get_partial_node.patch
@@ -0,0 +1,84 @@
+From 02d7633fa567be7bf55a993b79d2a31b95ce2227 Mon Sep 17 00:00:00 2001
+From: Joonsoo Kim <js1304@gmail.com>
+Date: Thu, 17 May 2012 00:13:02 +0900
+Subject: slub: fix a memory leak in get_partial_node()
+
+From: Joonsoo Kim <js1304@gmail.com>
+
+commit 02d7633fa567be7bf55a993b79d2a31b95ce2227 upstream.
+
+In the case which is below,
+
+1. acquire slab for cpu partial list
+2. free object to it by remote cpu
+3. page->freelist = t
+
+then memory leak is occurred.
+
+Change acquire_slab() not to zap freelist when it works for cpu partial list.
+I think it is a sufficient solution for fixing a memory leak.
+
+Below is output of 'slabinfo -r kmalloc-256'
+when './perf stat -r 30 hackbench 50 process 4000 > /dev/null' is done.
+
+***Vanilla***
+Sizes (bytes)     Slabs              Debug                Memory
+------------------------------------------------------------------------
+Object :     256  Total  :     468   Sanity Checks : Off  Total: 3833856
+SlabObj:     256  Full   :     111   Redzoning     : Off  Used : 2004992
+SlabSiz:    8192  Partial:     302   Poisoning     : Off  Loss : 1828864
+Loss   :       0  CpuSlab:      55   Tracking      : Off  Lalig:       0
+Align  :       8  Objects:      32   Tracing       : Off  Lpadd:       0
+
+***Patched***
+Sizes (bytes)     Slabs              Debug                Memory
+------------------------------------------------------------------------
+Object :     256  Total  :     300   Sanity Checks : Off  Total: 2457600
+SlabObj:     256  Full   :     204   Redzoning     : Off  Used : 2348800
+SlabSiz:    8192  Partial:      33   Poisoning     : Off  Loss :  108800
+Loss   :       0  CpuSlab:      63   Tracking      : Off  Lalig:       0
+Align  :       8  Objects:      32   Tracing       : Off  Lpadd:       0
+
+Total and loss number is the impact of this patch.
+
+Acked-by: Christoph Lameter <cl@linux.com>
+Signed-off-by: Joonsoo Kim <js1304@gmail.com>
+Signed-off-by: Pekka Enberg <penberg@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/slub.c |    9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- a/mm/slub.c
++++ b/mm/slub.c
+@@ -1514,15 +1514,19 @@ static inline void *acquire_slab(struct
+               freelist = page->freelist;
+               counters = page->counters;
+               new.counters = counters;
+-              if (mode)
++              if (mode) {
+                       new.inuse = page->objects;
++                      new.freelist = NULL;
++              } else {
++                      new.freelist = freelist;
++              }
+ 
+               VM_BUG_ON(new.frozen);
+               new.frozen = 1;
+ 
+       } while (!__cmpxchg_double_slab(s, page,
+                       freelist, counters,
+-                      NULL, new.counters,
++                      new.freelist, new.counters,
+                       "lock and freeze"));
+ 
+       remove_partial(n, page);
+@@ -1564,7 +1568,6 @@ static void *get_partial_node(struct kme
+                       object = t;
+                       available =  page->objects - page->inuse;
+               } else {
+-                      page->freelist = t;
+                       available = put_cpu_partial(s, page, 0);
+                       stat(s, CPU_PARTIAL_NODE);
+               }

diff --git a/queue-3.4/vfs-increment-iversion-when-a-file-is-truncated.patch b/queue-3.4/vfs-increment-iversion-when-a-file-is-truncated.patch
new file mode 100644 (file)
index 0000000..a9a16b4
--- /dev/null
+++ b/queue-3.4/vfs-increment-iversion-when-a-file-is-truncated.patch
@@ -0,0 +1,46 @@
+From 799243a389bde0de10fa21ca1ca453d2fe538b85 Mon Sep 17 00:00:00 2001
+From: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
+Date: Tue, 29 May 2012 11:02:21 -0700
+Subject: vfs: increment iversion when a file is truncated
+
+From: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
+
+commit 799243a389bde0de10fa21ca1ca453d2fe538b85 upstream.
+
+When a file is truncated with truncate()/ftruncate() and then closed,
+iversion is not updated.  This patch uses ATTR_SIZE flag as an indication
+to increment iversion.
+
+Mimi said:
+
+On fput(), i_version is used to detect and flag files that have changed
+and need to be re-measured in the IMA measurement policy.  When a file
+is truncated with truncate()/ftruncate() and then closed, i_version is
+not updated.  As a result, although the file has changed, it will not be
+re-measured and added to the IMA measurement list on subsequent access.
+
+Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
+Acked-by: Mimi Zohar <zohar@us.ibm.com>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/attr.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/fs/attr.c
++++ b/fs/attr.c
+@@ -176,6 +176,11 @@ int notify_change(struct dentry * dentry
+                       return -EPERM;
+       }
+ 
++      if ((ia_valid & ATTR_SIZE) && IS_I_VERSION(inode)) {
++              if (attr->ia_size != inode->i_size)
++                      inode_inc_iversion(inode);
++      }
++
+       if ((ia_valid & ATTR_MODE)) {
+               umode_t amode = attr->ia_mode;
+               /* Flag setting protected by i_mutex */

diff --git a/queue-3.4/vfs-umount_tree-might-be-called-on-subtree-that-had-never-made-it.patch b/queue-3.4/vfs-umount_tree-might-be-called-on-subtree-that-had-never-made-it.patch
new file mode 100644 (file)
index 0000000..51798c6
--- /dev/null
+++ b/queue-3.4/vfs-umount_tree-might-be-called-on-subtree-that-had-never-made-it.patch
@@ -0,0 +1,34 @@
+From 63d37a84ab6004c235314ffd7a76c5eb28c2fae0 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Tue, 29 May 2012 22:03:48 -0400
+Subject: vfs: umount_tree() might be called on subtree that had never made it
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 63d37a84ab6004c235314ffd7a76c5eb28c2fae0 upstream.
+
+__mnt_make_shortterm() in there undoes the effect of __mnt_make_longterm()
+we'd done back when we set ->mnt_ns non-NULL; it should not be done to
+vfsmounts that had never gone through commit_tree() and friends.  Kudos to
+lczerner for catching that one...
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/namespace.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/namespace.c
++++ b/fs/namespace.c
+@@ -1073,8 +1073,9 @@ void umount_tree(struct mount *mnt, int
+               list_del_init(&p->mnt_expire);
+               list_del_init(&p->mnt_list);
+               __touch_mnt_namespace(p->mnt_ns);
++              if (p->mnt_ns)
++                      __mnt_make_shortterm(p);
+               p->mnt_ns = NULL;
+-              __mnt_make_shortterm(p);
+               list_del_init(&p->mnt_child);
+               if (mnt_has_parent(p)) {
+                       p->mnt_parent->mnt_ghosts++;