From: Greg Kroah-Hartman Date: Fri, 27 Sep 2013 23:07:11 +0000 (-0700) Subject: 3.0-stable patches X-Git-Tag: v3.0.98~17 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=24fe965321d140ee3b7186706546331791ada7a5;p=thirdparty%2Fkernel%2Fstable-queue.git 3.0-stable patches added patches: cgroup-fail-if-monitored-file-and-event_control-are-in-different-cgroup.patch scsi-iscsi-don-t-hang-in-endless-loop-if-no-targets-present.patch --- diff --git a/queue-3.0/cgroup-fail-if-monitored-file-and-event_control-are-in-different-cgroup.patch b/queue-3.0/cgroup-fail-if-monitored-file-and-event_control-are-in-different-cgroup.patch new file mode 100644 index 00000000000..ca4ae001ef4 --- /dev/null +++ b/queue-3.0/cgroup-fail-if-monitored-file-and-event_control-are-in-different-cgroup.patch @@ -0,0 +1,54 @@ +From f169007b2773f285e098cb84c74aac0154d65ff7 Mon Sep 17 00:00:00 2001 +From: Li Zefan +Date: Mon, 18 Feb 2013 14:13:35 +0800 +Subject: cgroup: fail if monitored file and event_control are in different cgroup + +From: Li Zefan + +commit f169007b2773f285e098cb84c74aac0154d65ff7 upstream. + +If we pass fd of memory.usage_in_bytes of cgroup A to cgroup.event_control +of cgroup B, then we won't get memory usage notification from A but B! + +What's worse, if A and B are in different mount hierarchy, we'll end up +accessing NULL pointer! + +Disallow this kind of invalid usage. + +Signed-off-by: Li Zefan +Acked-by: Kirill A. Shutemov +Signed-off-by: Tejun Heo +Cc: Weng Meiling +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/cgroup.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/kernel/cgroup.c ++++ b/kernel/cgroup.c +@@ -3498,6 +3498,7 @@ static int cgroup_write_event_control(st + const char *buffer) + { + struct cgroup_event *event = NULL; ++ struct cgroup *cgrp_cfile; + unsigned int efd, cfd; + struct file *efile = NULL; + struct file *cfile = NULL; +@@ -3552,6 +3553,16 @@ static int cgroup_write_event_control(st + goto fail; + } + ++ /* ++ * The file to be monitored must be in the same cgroup as ++ * cgroup.event_control is. ++ */ ++ cgrp_cfile = __d_cgrp(cfile->f_dentry->d_parent); ++ if (cgrp_cfile != cgrp) { ++ ret = -EINVAL; ++ goto fail; ++ } ++ + if (!event->cft->register_event || !event->cft->unregister_event) { + ret = -EINVAL; + goto fail; diff --git a/queue-3.0/scsi-iscsi-don-t-hang-in-endless-loop-if-no-targets-present.patch b/queue-3.0/scsi-iscsi-don-t-hang-in-endless-loop-if-no-targets-present.patch new file mode 100644 index 00000000000..377d288c4e6 --- /dev/null +++ b/queue-3.0/scsi-iscsi-don-t-hang-in-endless-loop-if-no-targets-present.patch @@ -0,0 +1,68 @@ +From 46a7c17d26967922092f3a8291815ffb20f6cabe Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 25 Jan 2012 22:16:16 -0500 +Subject: SCSI: iscsi: don't hang in endless loop if no targets present + +From: Sasha Levin + +commit 46a7c17d26967922092f3a8291815ffb20f6cabe upstream. + +iscsi_if_send_reply() may return -ESRCH if there were no targets to send +data to. Currently we're ignoring this value and looping in attempt to do it +over and over, which will usually lead in a hung task like this one: + +[ 4920.817298] INFO: task trinity:9074 blocked for more than 120 seconds. +[ 4920.818527] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. +[ 4920.819982] trinity D 0000000000000000 5504 9074 2756 0x00000004 +[ 4920.825374] ffff880003961a98 0000000000000086 ffff8800001aa000 ffff8800001aa000 +[ 4920.826791] 00000000001d4340 ffff880003961fd8 ffff880003960000 00000000001d4340 +[ 4920.828241] 00000000001d4340 00000000001d4340 ffff880003961fd8 00000000001d4340 +[ 4920.833231] +[ 4920.833519] Call Trace: +[ 4920.834010] [] schedule+0x3a/0x50 +[ 4920.834953] [] __mutex_lock_common+0x209/0x5b0 +[ 4920.836226] [] ? iscsi_if_rx+0x2d/0x990 +[ 4920.837281] [] ? sched_clock+0x13/0x20 +[ 4920.838305] [] ? iscsi_if_rx+0x2d/0x990 +[ 4920.839336] [] mutex_lock_nested+0x40/0x50 +[ 4920.840423] [] iscsi_if_rx+0x2d/0x990 +[ 4920.841434] [] ? sub_preempt_count+0x9d/0xd0 +[ 4920.842548] [] ? _raw_read_unlock+0x30/0x60 +[ 4920.843666] [] netlink_unicast+0x1ae/0x1f0 +[ 4920.844751] [] netlink_sendmsg+0x227/0x350 +[ 4920.845850] [] ? sock_update_netprioidx+0xdd/0x1b0 +[ 4920.847060] [] ? sock_update_netprioidx+0x52/0x1b0 +[ 4920.848276] [] sock_aio_write+0x166/0x180 +[ 4920.849348] [] ? get_parent_ip+0x11/0x50 +[ 4920.850428] [] do_sync_write+0xda/0x120 +[ 4920.851465] [] ? sub_preempt_count+0x9d/0xd0 +[ 4920.852579] [] ? get_parent_ip+0x11/0x50 +[ 4920.853608] [] ? security_file_permission+0x27/0xb0 +[ 4920.854821] [] vfs_write+0x16c/0x180 +[ 4920.855781] [] sys_write+0x4f/0xa0 +[ 4920.856798] [] system_call_fastpath+0x16/0x1b +[ 4920.877487] 1 lock held by trinity/9074: +[ 4920.878239] #0: (rx_queue_mutex){+.+...}, at: [] iscsi_if_rx+0x2d/0x990 +[ 4920.880005] Kernel panic - not syncing: hung_task: blocked tasks + +Signed-off-by: Sasha Levin +Acked-by: Mike Christie +Signed-off-by: James Bottomley +Cc: Jiri Slaby +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/scsi_transport_iscsi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/scsi_transport_iscsi.c ++++ b/drivers/scsi/scsi_transport_iscsi.c +@@ -1747,7 +1747,7 @@ iscsi_if_rx(struct sk_buff *skb) + break; + err = iscsi_if_send_reply(group, nlh->nlmsg_seq, + nlh->nlmsg_type, 0, 0, ev, sizeof(*ev)); +- } while (err < 0 && err != -ECONNREFUSED); ++ } while (err < 0 && err != -ECONNREFUSED && err != -ESRCH); + skb_pull(skb, rlen); + } + mutex_unlock(&rx_queue_mutex); diff --git a/queue-3.0/series b/queue-3.0/series index e249b3f1783..db63b54baef 100644 --- a/queue-3.0/series +++ b/queue-3.0/series @@ -7,3 +7,5 @@ drm-radeon-fix-lcd-record-parsing.patch drm-radeon-update-line-buffer-allocation-for-dce4.1-5.patch drm-radeon-fix-resume-on-some-rs4xx-boards-v2.patch drm-radeon-fix-handling-of-variable-sized-arrays-for-router-objects.patch +scsi-iscsi-don-t-hang-in-endless-loop-if-no-targets-present.patch +cgroup-fail-if-monitored-file-and-event_control-are-in-different-cgroup.patch