From: Greg Kroah-Hartman Date: Sat, 2 Jun 2012 18:32:37 +0000 (-0700) Subject: 3.4-stable patches X-Git-Tag: v3.0.34~21 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f1efc2d071d7e87e34ae40e5760c4118cd413c7c;p=thirdparty%2Fkernel%2Fstable-queue.git 3.4-stable patches added patches: alsa-usb-audio-fix-rate_list-memory-leak.patch slub-fix-a-memory-leak-in-get_partial_node.patch vfs-increment-iversion-when-a-file-is-truncated.patch vfs-umount_tree-might-be-called-on-subtree-that-had-never-made-it.patch --- diff --git a/queue-3.4/alsa-usb-audio-fix-rate_list-memory-leak.patch b/queue-3.4/alsa-usb-audio-fix-rate_list-memory-leak.patch new file mode 100644 index 00000000000..cd94f030981 --- /dev/null +++ b/queue-3.4/alsa-usb-audio-fix-rate_list-memory-leak.patch @@ -0,0 +1,33 @@ +From 5cd5d7c44990658df6ab49f6253c39617c53b03d Mon Sep 17 00:00:00 2001 +From: Clemens Ladisch +Date: Fri, 18 May 2012 18:00:43 +0200 +Subject: ALSA: usb-audio: fix rate_list memory leak + +From: Clemens Ladisch + +commit 5cd5d7c44990658df6ab49f6253c39617c53b03d upstream. + +The array of sample rates is reallocated every time when opening +the PCM device, but was freed only once when unplugging the device. + +Reported-by: "Alexander E. Patrakov" +Signed-off-by: Clemens Ladisch +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/usb/pcm.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/sound/usb/pcm.c ++++ b/sound/usb/pcm.c +@@ -699,6 +699,9 @@ static int snd_usb_pcm_check_knot(struct + int count = 0, needs_knot = 0; + int err; + ++ kfree(subs->rate_list.list); ++ subs->rate_list.list = NULL; ++ + list_for_each_entry(fp, &subs->fmt_list, list) { + if (fp->rates & SNDRV_PCM_RATE_CONTINUOUS) + return 0; diff --git a/queue-3.4/series b/queue-3.4/series index d7fddd4968d..24b264ea279 100644 --- a/queue-3.4/series +++ b/queue-3.4/series @@ -33,3 +33,7 @@ drm-i915-wait-for-a-vblank-to-pass-after-tv-detect.patch drm-i915-no-lvds-quirk-for-hp-t5740e-thin-client.patch kbuild-install-kernel-page-flags.h.patch mm-fix-vma_resv_map-null-pointer.patch +alsa-usb-audio-fix-rate_list-memory-leak.patch +slub-fix-a-memory-leak-in-get_partial_node.patch +vfs-umount_tree-might-be-called-on-subtree-that-had-never-made-it.patch +vfs-increment-iversion-when-a-file-is-truncated.patch diff --git a/queue-3.4/slub-fix-a-memory-leak-in-get_partial_node.patch b/queue-3.4/slub-fix-a-memory-leak-in-get_partial_node.patch new file mode 100644 index 00000000000..e4b22cf6db3 --- /dev/null +++ b/queue-3.4/slub-fix-a-memory-leak-in-get_partial_node.patch @@ -0,0 +1,84 @@ +From 02d7633fa567be7bf55a993b79d2a31b95ce2227 Mon Sep 17 00:00:00 2001 +From: Joonsoo Kim +Date: Thu, 17 May 2012 00:13:02 +0900 +Subject: slub: fix a memory leak in get_partial_node() + +From: Joonsoo Kim + +commit 02d7633fa567be7bf55a993b79d2a31b95ce2227 upstream. + +In the case which is below, + +1. acquire slab for cpu partial list +2. free object to it by remote cpu +3. page->freelist = t + +then memory leak is occurred. + +Change acquire_slab() not to zap freelist when it works for cpu partial list. +I think it is a sufficient solution for fixing a memory leak. + +Below is output of 'slabinfo -r kmalloc-256' +when './perf stat -r 30 hackbench 50 process 4000 > /dev/null' is done. + +***Vanilla*** +Sizes (bytes) Slabs Debug Memory +------------------------------------------------------------------------ +Object : 256 Total : 468 Sanity Checks : Off Total: 3833856 +SlabObj: 256 Full : 111 Redzoning : Off Used : 2004992 +SlabSiz: 8192 Partial: 302 Poisoning : Off Loss : 1828864 +Loss : 0 CpuSlab: 55 Tracking : Off Lalig: 0 +Align : 8 Objects: 32 Tracing : Off Lpadd: 0 + +***Patched*** +Sizes (bytes) Slabs Debug Memory +------------------------------------------------------------------------ +Object : 256 Total : 300 Sanity Checks : Off Total: 2457600 +SlabObj: 256 Full : 204 Redzoning : Off Used : 2348800 +SlabSiz: 8192 Partial: 33 Poisoning : Off Loss : 108800 +Loss : 0 CpuSlab: 63 Tracking : Off Lalig: 0 +Align : 8 Objects: 32 Tracing : Off Lpadd: 0 + +Total and loss number is the impact of this patch. + +Acked-by: Christoph Lameter +Signed-off-by: Joonsoo Kim +Signed-off-by: Pekka Enberg +Signed-off-by: Greg Kroah-Hartman + +--- + mm/slub.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +--- a/mm/slub.c ++++ b/mm/slub.c +@@ -1514,15 +1514,19 @@ static inline void *acquire_slab(struct + freelist = page->freelist; + counters = page->counters; + new.counters = counters; +- if (mode) ++ if (mode) { + new.inuse = page->objects; ++ new.freelist = NULL; ++ } else { ++ new.freelist = freelist; ++ } + + VM_BUG_ON(new.frozen); + new.frozen = 1; + + } while (!__cmpxchg_double_slab(s, page, + freelist, counters, +- NULL, new.counters, ++ new.freelist, new.counters, + "lock and freeze")); + + remove_partial(n, page); +@@ -1564,7 +1568,6 @@ static void *get_partial_node(struct kme + object = t; + available = page->objects - page->inuse; + } else { +- page->freelist = t; + available = put_cpu_partial(s, page, 0); + stat(s, CPU_PARTIAL_NODE); + } diff --git a/queue-3.4/vfs-increment-iversion-when-a-file-is-truncated.patch b/queue-3.4/vfs-increment-iversion-when-a-file-is-truncated.patch new file mode 100644 index 00000000000..a9a16b4f47b --- /dev/null +++ b/queue-3.4/vfs-increment-iversion-when-a-file-is-truncated.patch @@ -0,0 +1,46 @@ +From 799243a389bde0de10fa21ca1ca453d2fe538b85 Mon Sep 17 00:00:00 2001 +From: Dmitry Kasatkin +Date: Tue, 29 May 2012 11:02:21 -0700 +Subject: vfs: increment iversion when a file is truncated + +From: Dmitry Kasatkin + +commit 799243a389bde0de10fa21ca1ca453d2fe538b85 upstream. + +When a file is truncated with truncate()/ftruncate() and then closed, +iversion is not updated. This patch uses ATTR_SIZE flag as an indication +to increment iversion. + +Mimi said: + +On fput(), i_version is used to detect and flag files that have changed +and need to be re-measured in the IMA measurement policy. When a file +is truncated with truncate()/ftruncate() and then closed, i_version is +not updated. As a result, although the file has changed, it will not be +re-measured and added to the IMA measurement list on subsequent access. + +Signed-off-by: Dmitry Kasatkin +Acked-by: Mimi Zohar +Cc: Al Viro +Signed-off-by: Andrew Morton +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman + +--- + fs/attr.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/fs/attr.c ++++ b/fs/attr.c +@@ -176,6 +176,11 @@ int notify_change(struct dentry * dentry + return -EPERM; + } + ++ if ((ia_valid & ATTR_SIZE) && IS_I_VERSION(inode)) { ++ if (attr->ia_size != inode->i_size) ++ inode_inc_iversion(inode); ++ } ++ + if ((ia_valid & ATTR_MODE)) { + umode_t amode = attr->ia_mode; + /* Flag setting protected by i_mutex */ diff --git a/queue-3.4/vfs-umount_tree-might-be-called-on-subtree-that-had-never-made-it.patch b/queue-3.4/vfs-umount_tree-might-be-called-on-subtree-that-had-never-made-it.patch new file mode 100644 index 00000000000..51798c61fbc --- /dev/null +++ b/queue-3.4/vfs-umount_tree-might-be-called-on-subtree-that-had-never-made-it.patch @@ -0,0 +1,34 @@ +From 63d37a84ab6004c235314ffd7a76c5eb28c2fae0 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Tue, 29 May 2012 22:03:48 -0400 +Subject: vfs: umount_tree() might be called on subtree that had never made it + +From: Al Viro + +commit 63d37a84ab6004c235314ffd7a76c5eb28c2fae0 upstream. + +__mnt_make_shortterm() in there undoes the effect of __mnt_make_longterm() +we'd done back when we set ->mnt_ns non-NULL; it should not be done to +vfsmounts that had never gone through commit_tree() and friends. Kudos to +lczerner for catching that one... + +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman + +--- + fs/namespace.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/namespace.c ++++ b/fs/namespace.c +@@ -1073,8 +1073,9 @@ void umount_tree(struct mount *mnt, int + list_del_init(&p->mnt_expire); + list_del_init(&p->mnt_list); + __touch_mnt_namespace(p->mnt_ns); ++ if (p->mnt_ns) ++ __mnt_make_shortterm(p); + p->mnt_ns = NULL; +- __mnt_make_shortterm(p); + list_del_init(&p->mnt_child); + if (mnt_has_parent(p)) { + p->mnt_parent->mnt_ghosts++;