From 428bc6f6b7dcfdff0d4576f8ed40ad6a02ba478f Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 28 May 2018 10:20:02 +0200 Subject: [PATCH] drop 3.18 kmemleak patch --- ...can-completion-before-disabling-free.patch | 79 ------------------- queue-3.18/series | 1 - 2 files changed, 80 deletions(-) delete mode 100644 queue-3.18/mm-kmemleak.c-wait-for-scan-completion-before-disabling-free.patch diff --git a/queue-3.18/mm-kmemleak.c-wait-for-scan-completion-before-disabling-free.patch b/queue-3.18/mm-kmemleak.c-wait-for-scan-completion-before-disabling-free.patch deleted file mode 100644 index b850eadfabe..00000000000 --- a/queue-3.18/mm-kmemleak.c-wait-for-scan-completion-before-disabling-free.patch +++ /dev/null @@ -1,79 +0,0 @@ -From foo@baz Mon May 28 08:52:37 CEST 2018 -From: Vinayak Menon -Date: Wed, 28 Mar 2018 16:01:16 -0700 -Subject: mm/kmemleak.c: wait for scan completion before disabling free - -From: Vinayak Menon - -[ Upstream commit 914b6dfff790544d9b77dfd1723adb3745ec9700 ] - -A crash is observed when kmemleak_scan accesses the object->pointer, -likely due to the following race. - - TASK A TASK B TASK C - kmemleak_write - (with "scan" and - NOT "scan=on") - kmemleak_scan() - create_object - kmem_cache_alloc fails - kmemleak_disable - kmemleak_do_cleanup - kmemleak_free_enabled = 0 - kfree - kmemleak_free bails out - (kmemleak_free_enabled is 0) - slub frees object->pointer - update_checksum - crash - object->pointer - freed (DEBUG_PAGEALLOC) - -kmemleak_do_cleanup waits for the scan thread to complete, but not for -direct call to kmemleak_scan via kmemleak_write. So add a wait for -kmemleak_scan completion before disabling kmemleak_free, and while at it -fix the comment on stop_scan_thread. - -[vinmenon@codeaurora.org: fix stop_scan_thread comment] - Link: http://lkml.kernel.org/r/1522219972-22809-1-git-send-email-vinmenon@codeaurora.org -Link: http://lkml.kernel.org/r/1522063429-18992-1-git-send-email-vinmenon@codeaurora.org -Signed-off-by: Vinayak Menon -Reviewed-by: Catalin Marinas -Signed-off-by: Andrew Morton -Signed-off-by: Linus Torvalds -Signed-off-by: Sasha Levin -Signed-off-by: Greg Kroah-Hartman ---- - mm/kmemleak.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - ---- a/mm/kmemleak.c -+++ b/mm/kmemleak.c -@@ -1481,8 +1481,7 @@ static void start_scan_thread(void) - } - - /* -- * Stop the automatic memory scanning thread. This function must be called -- * with the scan_mutex held. -+ * Stop the automatic memory scanning thread. - */ - static void stop_scan_thread(void) - { -@@ -1746,12 +1745,15 @@ static void kmemleak_do_cleanup(struct w - mutex_lock(&scan_mutex); - stop_scan_thread(); - -+ mutex_lock(&scan_mutex); - /* -- * Once the scan thread has stopped, it is safe to no longer track -- * object freeing. Ordering of the scan thread stopping and the memory -- * accesses below is guaranteed by the kthread_stop() function. -+ * Once it is made sure that kmemleak_scan has stopped, it is safe to no -+ * longer track object freeing. Ordering of the scan thread stopping and -+ * the memory accesses below is guaranteed by the kthread_stop() -+ * function. - */ - kmemleak_free_enabled = 0; -+ mutex_unlock(&scan_mutex); - - if (!kmemleak_found_leaks) - __kmemleak_do_cleanup(); diff --git a/queue-3.18/series b/queue-3.18/series index b5a4712e868..c9ec3204e9c 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -104,7 +104,6 @@ batman-adv-fix-packet-loss-for-broadcasted-dhcp-packets-to-a-server.patch net-qmi_wwan-add-broadmobi-bm806u-2020-2033.patch net-usb-add-qmi_wwan-if-on-lte-modem-wistron-neweb-d18q1.patch llc-properly-handle-dev_queue_xmit-return-value.patch -mm-kmemleak.c-wait-for-scan-completion-before-disabling-free.patch net-fix-untag-for-vlan-packets-without-ethernet-header.patch net-mvneta-fix-enable-of-all-initialized-rxqs.patch sh-fix-debug-trap-failure-to-process-signals-before-return-to-user.patch -- 2.47.3