From: Greg Kroah-Hartman Date: Thu, 10 Sep 2009 22:59:16 +0000 (-0700) Subject: some .27 patches X-Git-Tag: v2.6.27.34~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=12d93a74392101712b0f41fd34087ef369b93da0;p=thirdparty%2Fkernel%2Fstable-queue.git some .27 patches --- diff --git a/queue-2.6.27/jffs2-add-missing-verify-buffer-allocation-deallocation.patch b/queue-2.6.27/jffs2-add-missing-verify-buffer-allocation-deallocation.patch new file mode 100644 index 00000000000..662c9bd44e4 --- /dev/null +++ b/queue-2.6.27/jffs2-add-missing-verify-buffer-allocation-deallocation.patch @@ -0,0 +1,49 @@ +From bc8cec0dff072f1a45ce7f6b2c5234bb3411ac51 Mon Sep 17 00:00:00 2001 +From: Massimo Cirillo +Date: Thu, 27 Aug 2009 10:44:09 +0200 +Subject: JFFS2: add missing verify buffer allocation/deallocation + +From: Massimo Cirillo + +commit bc8cec0dff072f1a45ce7f6b2c5234bb3411ac51 upstream. + +The function jffs2_nor_wbuf_flash_setup() doesn't allocate the verify buffer +if CONFIG_JFFS2_FS_WBUF_VERIFY is defined, so causing a kernel panic when +that macro is enabled and the verify function is called. Similarly the +jffs2_nor_wbuf_flash_cleanup() must free the buffer if +CONFIG_JFFS2_FS_WBUF_VERIFY is enabled. +The following patch fixes the problem. +The following patch applies to 2.6.30 kernel. + +Signed-off-by: Massimo Cirillo +Signed-off-by: Artem Bityutskiy +Signed-off-by: David Woodhouse +Signed-off-by: Greg Kroah-Hartman + +--- + fs/jffs2/wbuf.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +--- a/fs/jffs2/wbuf.c ++++ b/fs/jffs2/wbuf.c +@@ -1271,10 +1271,20 @@ int jffs2_nor_wbuf_flash_setup(struct jf + if (!c->wbuf) + return -ENOMEM; + ++#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY ++ c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL); ++ if (!c->wbuf_verify) { ++ kfree(c->wbuf); ++ return -ENOMEM; ++ } ++#endif + return 0; + } + + void jffs2_nor_wbuf_flash_cleanup(struct jffs2_sb_info *c) { ++#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY ++ kfree(c->wbuf_verify); ++#endif + kfree(c->wbuf); + } + diff --git a/queue-2.6.27/series b/queue-2.6.27/series index d476e44b283..83cfef826d1 100644 --- a/queue-2.6.27/series +++ b/queue-2.6.27/series @@ -1,2 +1,4 @@ e100-fix-interaction-with-swiotlb-on-x86.patch net-net_assign_generic-fix.patch +jffs2-add-missing-verify-buffer-allocation-deallocation.patch +slub-fix-kmem_cache_destroy-with-slab_destroy_by_rcu.patch diff --git a/queue-2.6.27/slub-fix-kmem_cache_destroy-with-slab_destroy_by_rcu.patch b/queue-2.6.27/slub-fix-kmem_cache_destroy-with-slab_destroy_by_rcu.patch new file mode 100644 index 00000000000..6f66a5384c9 --- /dev/null +++ b/queue-2.6.27/slub-fix-kmem_cache_destroy-with-slab_destroy_by_rcu.patch @@ -0,0 +1,46 @@ +From d76b1590e06a63a3d8697168cd0aabf1c4b3cb3a Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Thu, 3 Sep 2009 22:38:59 +0300 +Subject: slub: Fix kmem_cache_destroy() with SLAB_DESTROY_BY_RCU + +From: Eric Dumazet + +commit d76b1590e06a63a3d8697168cd0aabf1c4b3cb3a upstream. + +kmem_cache_destroy() should call rcu_barrier() *after* kmem_cache_close() and +*before* sysfs_slab_remove() or risk rcu_free_slab() being called after +kmem_cache is deleted (kfreed). + +rmmod nf_conntrack can crash the machine because it has to kmem_cache_destroy() +a SLAB_DESTROY_BY_RCU enabled cache. + +Reported-by: Zdenek Kabelac +Signed-off-by: Eric Dumazet +Acked-by: Paul E. McKenney +Signed-off-by: Pekka Enberg +Signed-off-by: Greg Kroah-Hartman + +--- + mm/slub.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/mm/slub.c ++++ b/mm/slub.c +@@ -2447,8 +2447,6 @@ static inline int kmem_cache_close(struc + */ + void kmem_cache_destroy(struct kmem_cache *s) + { +- if (s->flags & SLAB_DESTROY_BY_RCU) +- rcu_barrier(); + down_write(&slub_lock); + s->refcount--; + if (!s->refcount) { +@@ -2459,6 +2457,8 @@ void kmem_cache_destroy(struct kmem_cach + "still has objects.\n", s->name, __func__); + dump_stack(); + } ++ if (s->flags & SLAB_DESTROY_BY_RCU) ++ rcu_barrier(); + sysfs_slab_remove(s); + } else + up_write(&slub_lock);