From: Greg Kroah-Hartman Date: Mon, 17 Jul 2006 15:51:46 +0000 (-0700) Subject: three more patches queued X-Git-Tag: v2.6.17.7~2^2~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=69f35ef4e9e228ec4e123e48b3bee01f67becd12;p=thirdparty%2Fkernel%2Fstable-queue.git three more patches queued --- diff --git a/queue-2.6.17/fix-fdset-leakage.patch b/queue-2.6.17/fix-fdset-leakage.patch new file mode 100644 index 00000000000..ffd37d8d832 --- /dev/null +++ b/queue-2.6.17/fix-fdset-leakage.patch @@ -0,0 +1,42 @@ +From stable-bounces@linux.kernel.org Tue Jul 11 04:38:15 2006 +Message-Id: <200607111137.k6BBbbw0016844@shell0.pdx.osdl.net> +To: torvalds@osdl.org +From: akpm@osdl.org +Date: Tue, 11 Jul 2006 04:37:37 -0700 +Cc: akpm@osdl.org, dev@openvz.org, stable@kernel.org, kuznet@ms2.inr.ac.ru +Subject: fix fdset leakage + +From: Kirill Korotaev + +When found, it is obvious. nfds calculated when allocating fdsets is +rewritten by calculation of size of fdtable, and when we are unlucky, we +try to free fdsets of wrong size. + +Found due to OpenVZ resource management (User Beancounters). + +Signed-off-by: Alexey Kuznetsov +Signed-off-by: Kirill Korotaev +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + + fs/file.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- linux-2.6.17.6.orig/fs/file.c ++++ linux-2.6.17.6/fs/file.c +@@ -277,11 +277,13 @@ static struct fdtable *alloc_fdtable(int + } while (nfds <= nr); + new_fds = alloc_fd_array(nfds); + if (!new_fds) +- goto out; ++ goto out2; + fdt->fd = new_fds; + fdt->max_fds = nfds; + fdt->free_files = NULL; + return fdt; ++out2: ++ nfds = fdt->max_fdset; + out: + if (new_openset) + free_fdset(new_openset, nfds); diff --git a/queue-2.6.17/serial-8250-sysrq-deadlock-fix.patch b/queue-2.6.17/serial-8250-sysrq-deadlock-fix.patch new file mode 100644 index 00000000000..8cb319ce07a --- /dev/null +++ b/queue-2.6.17/serial-8250-sysrq-deadlock-fix.patch @@ -0,0 +1,53 @@ +From stable-bounces@linux.kernel.org Fri Jul 7 00:02:02 2006 +Message-Id: <200607070659.k676xoPA030486@shell0.pdx.osdl.net> +To: rmk@arm.linux.org.uk +From: akpm@osdl.org +Date: Thu, 06 Jul 2006 23:59:50 -0700 +Cc: akpm@osdl.org, enrico.scholz@informatik.tu-chemnitz.de, stable@kernel.org +Subject: serial 8250: sysrq deadlock fix + +From: Andrew Morton + +Fix http://bugzilla.kernel.org/show_bug.cgi?id=6716 + +Doing a sysrq over a serial line into an SMP machine presently deadlocks. + +Cc: Russell King +Cc: Enrico Scholz +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/serial/8250.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +--- linux-2.6.17.6.orig/drivers/serial/8250.c ++++ linux-2.6.17.6/drivers/serial/8250.c +@@ -2241,10 +2241,14 @@ serial8250_console_write(struct console + + touch_nmi_watchdog(); + +- if (oops_in_progress) { +- locked = spin_trylock_irqsave(&up->port.lock, flags); ++ local_irq_save(flags); ++ if (up->port.sysrq) { ++ /* serial8250_handle_port() already took the lock */ ++ locked = 0; ++ } else if (oops_in_progress) { ++ locked = spin_trylock(&up->port.lock); + } else +- spin_lock_irqsave(&up->port.lock, flags); ++ spin_lock(&up->port.lock); + + /* + * First save the IER then disable the interrupts +@@ -2266,7 +2270,8 @@ serial8250_console_write(struct console + serial_out(up, UART_IER, ier); + + if (locked) +- spin_unlock_irqrestore(&up->port.lock, flags); ++ spin_unlock(&up->port.lock); ++ local_irq_restore(flags); + } + + static int serial8250_console_setup(struct console *co, char *options) diff --git a/queue-2.6.17/series b/queue-2.6.17/series index 4f627c9cdee..3131505c4e7 100644 --- a/queue-2.6.17/series +++ b/queue-2.6.17/series @@ -40,3 +40,6 @@ alsa-fix-model-for-hp-dc7600.patch alsa-fix-missing-array-terminators-in-ad1988-codec-support.patch alsa-fix-a-deadlock-in-snd-rtctimer.patch alsa-au88x0-fix-64bit-address-of-mpu401-mmio-port.patch +struct-file-leakage.patch +serial-8250-sysrq-deadlock-fix.patch +fix-fdset-leakage.patch diff --git a/queue-2.6.17/struct-file-leakage.patch b/queue-2.6.17/struct-file-leakage.patch new file mode 100644 index 00000000000..d7727f6449d --- /dev/null +++ b/queue-2.6.17/struct-file-leakage.patch @@ -0,0 +1,58 @@ +From stable-bounces@linux.kernel.org Fri Jul 14 00:24:51 2006 +Message-Id: <200607140723.k6E7Nnxe001837@shell0.pdx.osdl.net> +To: torvalds@osdl.org +From: akpm@osdl.org +Date: Fri, 14 Jul 2006 00:23:49 -0700 +Cc: akpm@osdl.org, dev@openvz.org, trond.myklebust@fys.uio.no, + kuznet@ms2.inr.ac.ru, dev@sw.ru, stable@kernel.org +Subject: struct file leakage + +From: Kirill Korotaev + +2.6.16 leaks like hell. While testing, I found massive leakage +(reproduced in openvz) in: + +*filp +*size-4096 + +And 1 object leaks in +*size-32 +*size-64 +*size-128 + +It is the fix for the first one. filp leaks in the bowels of namei.c. + +Seems, size-4096 is file table leaking in expand_fdtables. + +I have no idea what are the rest and why they show only accompanying +another leaks. Some debugging structs? + +[akpm@osdl.org, Trond: remove the IS_ERR() check] +Signed-off-by: Alexey Kuznetsov +Cc: Kirill Korotaev +Cc: Trond Myklebust +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + fs/namei.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +--- linux-2.6.17.6.orig/fs/namei.c ++++ linux-2.6.17.6/fs/namei.c +@@ -1712,8 +1712,14 @@ do_link: + if (error) + goto exit_dput; + error = __do_follow_link(&path, nd); +- if (error) ++ if (error) { ++ /* Does someone understand code flow here? Or it is only ++ * me so stupid? Anathema to whoever designed this non-sense ++ * with "intent.open". ++ */ ++ release_open_intent(nd); + return error; ++ } + nd->flags &= ~LOOKUP_PARENT; + if (nd->last_type == LAST_BIND) + goto ok;