From: Greg Kroah-Hartman Date: Tue, 24 Sep 2013 23:18:16 +0000 (-0700) Subject: 3.0-stable patches X-Git-Tag: v3.0.97~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8cfedaa2458157ea4306e10205853dc6e1228dc1;p=thirdparty%2Fkernel%2Fstable-queue.git 3.0-stable patches added patches: isofs-refuse-rw-mount-of-the-filesystem-instead-of-making-it-ro.patch memcg-fix-multiple-large-threshold-notifications.patch mm-huge_memory.c-fix-potential-null-pointer-dereference.patch ocfs2-fix-the-end-cluster-offset-of-fiemap.patch --- diff --git a/queue-3.0/isofs-refuse-rw-mount-of-the-filesystem-instead-of-making-it-ro.patch b/queue-3.0/isofs-refuse-rw-mount-of-the-filesystem-instead-of-making-it-ro.patch new file mode 100644 index 00000000000..1587aaf65bc --- /dev/null +++ b/queue-3.0/isofs-refuse-rw-mount-of-the-filesystem-instead-of-making-it-ro.patch @@ -0,0 +1,68 @@ +From 17b7f7cf58926844e1dd40f5eb5348d481deca6a Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Thu, 25 Jul 2013 11:49:11 +0200 +Subject: isofs: Refuse RW mount of the filesystem instead of making it RO + +From: Jan Kara + +commit 17b7f7cf58926844e1dd40f5eb5348d481deca6a upstream. + +Refuse RW mount of isofs filesystem. So far we just silently changed it +to RO mount but when the media is writeable, block layer won't notice +this change and thus will think device is used RW and will block eject +button of the drive. That is unexpected by users because for +non-writeable media eject button works just fine. + +Userspace mount(8) command handles this just fine and retries mounting +with MS_RDONLY set so userspace shouldn't see any regression. Plus any +tool mounting isofs is likely confronted with the case of read-only +media where block layer already refuses to mount the filesystem without +MS_RDONLY set so our behavior shouldn't be anything new for it. + +Reported-by: Hui Wang +Signed-off-by: Jan Kara +Signed-off-by: Greg Kroah-Hartman + +--- + fs/isofs/inode.c | 16 +++++----------- + 1 file changed, 5 insertions(+), 11 deletions(-) + +--- a/fs/isofs/inode.c ++++ b/fs/isofs/inode.c +@@ -119,8 +119,8 @@ static void destroy_inodecache(void) + + static int isofs_remount(struct super_block *sb, int *flags, char *data) + { +- /* we probably want a lot more here */ +- *flags |= MS_RDONLY; ++ if (!(*flags & MS_RDONLY)) ++ return -EROFS; + return 0; + } + +@@ -769,15 +769,6 @@ root_found: + */ + s->s_maxbytes = 0x80000000000LL; + +- /* +- * The CDROM is read-only, has no nodes (devices) on it, and since +- * all of the files appear to be owned by root, we really do not want +- * to allow suid. (suid or devices will not show up unless we have +- * Rock Ridge extensions) +- */ +- +- s->s_flags |= MS_RDONLY /* | MS_NODEV | MS_NOSUID */; +- + /* Set this for reference. Its not currently used except on write + which we don't have .. */ + +@@ -1528,6 +1519,9 @@ struct inode *isofs_iget(struct super_bl + static struct dentry *isofs_mount(struct file_system_type *fs_type, + int flags, const char *dev_name, void *data) + { ++ /* We don't support read-write mounts */ ++ if (!(flags & MS_RDONLY)) ++ return ERR_PTR(-EACCES); + return mount_bdev(fs_type, flags, dev_name, data, isofs_fill_super); + } + diff --git a/queue-3.0/memcg-fix-multiple-large-threshold-notifications.patch b/queue-3.0/memcg-fix-multiple-large-threshold-notifications.patch new file mode 100644 index 00000000000..57bbf54f05b --- /dev/null +++ b/queue-3.0/memcg-fix-multiple-large-threshold-notifications.patch @@ -0,0 +1,73 @@ +From 2bff24a3707093c435ab3241c47dcdb5f16e432b Mon Sep 17 00:00:00 2001 +From: Greg Thelen +Date: Wed, 11 Sep 2013 14:23:08 -0700 +Subject: memcg: fix multiple large threshold notifications + +From: Greg Thelen + +commit 2bff24a3707093c435ab3241c47dcdb5f16e432b upstream. + +A memory cgroup with (1) multiple threshold notifications and (2) at least +one threshold >=2G was not reliable. Specifically the notifications would +either not fire or would not fire in the proper order. + +The __mem_cgroup_threshold() signaling logic depends on keeping 64 bit +thresholds in sorted order. mem_cgroup_usage_register_event() sorts them +with compare_thresholds(), which returns the difference of two 64 bit +thresholds as an int. If the difference is positive but has bit[31] set, +then sort() treats the difference as negative and breaks sort order. + +This fix compares the two arbitrary 64 bit thresholds returning the +classic -1, 0, 1 result. + +The test below sets two notifications (at 0x1000 and 0x81001000): + cd /sys/fs/cgroup/memory + mkdir x + for x in 4096 2164264960; do + cgroup_event_listener x/memory.usage_in_bytes $x | sed "s/^/$x listener:/" & + done + echo $$ > x/cgroup.procs + anon_leaker 500M + +v3.11-rc7 fails to signal the 4096 event listener: + Leaking... + Done leaking pages. + +Patched v3.11-rc7 properly notifies: + Leaking... + 4096 listener:2013:8:31:14:13:36 + Done leaking pages. + +The fixed bug is old. It appears to date back to the introduction of +memcg threshold notifications in v2.6.34-rc1-116-g2e72b6347c94 "memcg: +implement memory thresholds" + +Signed-off-by: Greg Thelen +Acked-by: Michal Hocko +Acked-by: Kirill A. Shutemov +Acked-by: Johannes Weiner +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/memcontrol.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +--- a/mm/memcontrol.c ++++ b/mm/memcontrol.c +@@ -4433,7 +4433,13 @@ static int compare_thresholds(const void + const struct mem_cgroup_threshold *_a = a; + const struct mem_cgroup_threshold *_b = b; + +- return _a->threshold - _b->threshold; ++ if (_a->threshold > _b->threshold) ++ return 1; ++ ++ if (_a->threshold < _b->threshold) ++ return -1; ++ ++ return 0; + } + + static int mem_cgroup_oom_notify_cb(struct mem_cgroup *mem) diff --git a/queue-3.0/mm-huge_memory.c-fix-potential-null-pointer-dereference.patch b/queue-3.0/mm-huge_memory.c-fix-potential-null-pointer-dereference.patch new file mode 100644 index 00000000000..69001448773 --- /dev/null +++ b/queue-3.0/mm-huge_memory.c-fix-potential-null-pointer-dereference.patch @@ -0,0 +1,42 @@ +From a8f531ebc33052642b4bd7b812eedf397108ce64 Mon Sep 17 00:00:00 2001 +From: Libin +Date: Wed, 11 Sep 2013 14:20:38 -0700 +Subject: mm/huge_memory.c: fix potential NULL pointer dereference + +From: Libin + +commit a8f531ebc33052642b4bd7b812eedf397108ce64 upstream. + +In collapse_huge_page() there is a race window between releasing the +mmap_sem read lock and taking the mmap_sem write lock, so find_vma() may +return NULL. So check the return value to avoid NULL pointer dereference. + +collapse_huge_page + khugepaged_alloc_page + up_read(&mm->mmap_sem) + down_write(&mm->mmap_sem) + vma = find_vma(mm, address) + +Signed-off-by: Libin +Acked-by: Kirill A. Shutemov +Reviewed-by: Wanpeng Li +Reviewed-by: Michal Hocko +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/huge_memory.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/mm/huge_memory.c ++++ b/mm/huge_memory.c +@@ -1838,6 +1838,8 @@ static void collapse_huge_page(struct mm + goto out; + + vma = find_vma(mm, address); ++ if (!vma) ++ goto out; + hstart = (vma->vm_start + ~HPAGE_PMD_MASK) & HPAGE_PMD_MASK; + hend = vma->vm_end & HPAGE_PMD_MASK; + if (address < hstart || address + HPAGE_PMD_SIZE > hend) diff --git a/queue-3.0/ocfs2-fix-the-end-cluster-offset-of-fiemap.patch b/queue-3.0/ocfs2-fix-the-end-cluster-offset-of-fiemap.patch new file mode 100644 index 00000000000..1955f98bcdf --- /dev/null +++ b/queue-3.0/ocfs2-fix-the-end-cluster-offset-of-fiemap.patch @@ -0,0 +1,65 @@ +From 28e8be31803b19d0d8f76216cb11b480b8a98bec Mon Sep 17 00:00:00 2001 +From: Jie Liu +Date: Wed, 11 Sep 2013 14:20:05 -0700 +Subject: ocfs2: fix the end cluster offset of FIEMAP + +From: Jie Liu + +commit 28e8be31803b19d0d8f76216cb11b480b8a98bec upstream. + +Call fiemap ioctl(2) with given start offset as well as an desired mapping +range should show extents if possible. However, we somehow figure out the +end offset of mapping via 'mapping_end -= cpos' before iterating the +extent records which would cause problems if the given fiemap length is +too small to a cluster size, e.g, + +Cluster size 4096: +debugfs.ocfs2 1.6.3 + Block Size Bits: 12 Cluster Size Bits: 12 + +The extended fiemap test utility From David: +https://gist.github.com/anonymous/6172331 + +# dd if=/dev/urandom of=/ocfs2/test_file bs=1M count=1000 +# ./fiemap /ocfs2/test_file 4096 10 +start: 4096, length: 10 +File /ocfs2/test_file has 0 extents: +# Logical Physical Length Flags + ^^^^^ <-- No extent is shown + +In this case, at ocfs2_fiemap(): cpos == mapping_end == 1. Hence the +loop of searching extent records was not executed at all. + +This patch remove the in question 'mapping_end -= cpos', and loops +until the cpos is larger than the mapping_end as usual. + +# ./fiemap /ocfs2/test_file 4096 10 +start: 4096, length: 10 +File /ocfs2/test_file has 1 extents: +# Logical Physical Length Flags +0: 0000000000000000 0000000056a01000 0000000006a00000 0000 + +Signed-off-by: Jie Liu +Reported-by: David Weber +Tested-by: David Weber +Cc: Sunil Mushran +Cc: Mark Fashen +Cc: Joel Becker +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ocfs2/extent_map.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/fs/ocfs2/extent_map.c ++++ b/fs/ocfs2/extent_map.c +@@ -782,7 +782,6 @@ int ocfs2_fiemap(struct inode *inode, st + cpos = map_start >> osb->s_clustersize_bits; + mapping_end = ocfs2_clusters_for_bytes(inode->i_sb, + map_start + map_len); +- mapping_end -= cpos; + is_last = 0; + while (cpos < mapping_end && !is_last) { + u32 fe_flags; diff --git a/queue-3.0/series b/queue-3.0/series index 1994f1dcbee..7ba42def87a 100644 --- a/queue-3.0/series +++ b/queue-3.0/series @@ -19,3 +19,7 @@ hid-pantherlord-validate-output-report-details.patch hid-validate-hid-report-id-size.patch hid-ntrig-validate-feature-report-details.patch hid-check-for-null-field-when-setting-values.patch +ocfs2-fix-the-end-cluster-offset-of-fiemap.patch +memcg-fix-multiple-large-threshold-notifications.patch +mm-huge_memory.c-fix-potential-null-pointer-dereference.patch +isofs-refuse-rw-mount-of-the-filesystem-instead-of-making-it-ro.patch