From e129ef63b1b1a4f3d571a59ae56fed3f019e504d Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 1 Mar 2013 08:54:17 -0800 Subject: [PATCH] 3.4-stable patches added patches: fuse-don-t-warn-when-nlink-is-zero.patch nfsd-fix-memleak.patch svcrpc-make-svc_age_temp_xprts-enqueue-under-sv_lock.patch vhost-fix-length-for-cross-region-descriptor.patch --- .../fuse-don-t-warn-when-nlink-is-zero.patch | 39 +++++++++++ queue-3.4/nfsd-fix-memleak.patch | 30 +++++++++ queue-3.4/series | 4 ++ ...age_temp_xprts-enqueue-under-sv_lock.patch | 66 +++++++++++++++++++ ...x-length-for-cross-region-descriptor.patch | 34 ++++++++++ 5 files changed, 173 insertions(+) create mode 100644 queue-3.4/fuse-don-t-warn-when-nlink-is-zero.patch create mode 100644 queue-3.4/nfsd-fix-memleak.patch create mode 100644 queue-3.4/svcrpc-make-svc_age_temp_xprts-enqueue-under-sv_lock.patch create mode 100644 queue-3.4/vhost-fix-length-for-cross-region-descriptor.patch diff --git a/queue-3.4/fuse-don-t-warn-when-nlink-is-zero.patch b/queue-3.4/fuse-don-t-warn-when-nlink-is-zero.patch new file mode 100644 index 00000000000..a3fcc83e985 --- /dev/null +++ b/queue-3.4/fuse-don-t-warn-when-nlink-is-zero.patch @@ -0,0 +1,39 @@ +From dfca7cebc2679f3d129f8e680a8f199a7ad16e38 Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Mon, 4 Feb 2013 15:57:42 +0100 +Subject: fuse: don't WARN when nlink is zero + +From: Miklos Szeredi + +commit dfca7cebc2679f3d129f8e680a8f199a7ad16e38 upstream. + +drop_nlink() warns if nlink is already zero. This is triggerable by a buggy +userspace filesystem. The cure, I think, is worse than the disease so disable +the warning. + +Reported-by: Tero Roponen +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fuse/dir.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/fs/fuse/dir.c ++++ b/fs/fuse/dir.c +@@ -645,7 +645,14 @@ static int fuse_unlink(struct inode *dir + + spin_lock(&fc->lock); + fi->attr_version = ++fc->attr_version; +- drop_nlink(inode); ++ /* ++ * If i_nlink == 0 then unlink doesn't make sense, yet this can ++ * happen if userspace filesystem is careless. It would be ++ * difficult to enforce correct nlink usage so just ignore this ++ * condition here ++ */ ++ if (inode->i_nlink > 0) ++ drop_nlink(inode); + spin_unlock(&fc->lock); + fuse_invalidate_attr(inode); + fuse_invalidate_attr(dir); diff --git a/queue-3.4/nfsd-fix-memleak.patch b/queue-3.4/nfsd-fix-memleak.patch new file mode 100644 index 00000000000..0276d483f4f --- /dev/null +++ b/queue-3.4/nfsd-fix-memleak.patch @@ -0,0 +1,30 @@ +From 2d32b29a1c2830f7c42caa8258c714acd983961f Mon Sep 17 00:00:00 2001 +From: majianpeng +Date: Tue, 29 Jan 2013 13:16:06 +0800 +Subject: nfsd: Fix memleak + +From: majianpeng + +commit 2d32b29a1c2830f7c42caa8258c714acd983961f upstream. + +When free nfs-client, it must free the ->cl_stateids. + +Signed-off-by: Jianpeng Ma +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4state.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/nfsd/nfs4state.c ++++ b/fs/nfsd/nfs4state.c +@@ -1053,6 +1053,8 @@ free_client(struct nfs4_client *clp) + put_group_info(clp->cl_cred.cr_group_info); + kfree(clp->cl_principal); + kfree(clp->cl_name.data); ++ idr_remove_all(&clp->cl_stateids); ++ idr_destroy(&clp->cl_stateids); + kfree(clp); + } + diff --git a/queue-3.4/series b/queue-3.4/series index 280a61e2ca1..03c262ed3b4 100644 --- a/queue-3.4/series +++ b/queue-3.4/series @@ -25,3 +25,7 @@ ext4-check-bh-in-ext4_read_block_bitmap.patch ext4-fix-race-in-ext4_mb_add_n_trim.patch ext4-fix-xattr-block-allocation-release-with-bigalloc.patch ext4-fix-free-clusters-calculation-in-bigalloc-filesystem.patch +nfsd-fix-memleak.patch +svcrpc-make-svc_age_temp_xprts-enqueue-under-sv_lock.patch +vhost-fix-length-for-cross-region-descriptor.patch +fuse-don-t-warn-when-nlink-is-zero.patch diff --git a/queue-3.4/svcrpc-make-svc_age_temp_xprts-enqueue-under-sv_lock.patch b/queue-3.4/svcrpc-make-svc_age_temp_xprts-enqueue-under-sv_lock.patch new file mode 100644 index 00000000000..6bec8196d9c --- /dev/null +++ b/queue-3.4/svcrpc-make-svc_age_temp_xprts-enqueue-under-sv_lock.patch @@ -0,0 +1,66 @@ +From e75bafbff2270993926abcc31358361db74a9bc2 Mon Sep 17 00:00:00 2001 +From: "J. Bruce Fields" +Date: Sun, 10 Feb 2013 11:33:48 -0500 +Subject: svcrpc: make svc_age_temp_xprts enqueue under sv_lock + +From: "J. Bruce Fields" + +commit e75bafbff2270993926abcc31358361db74a9bc2 upstream. + +svc_age_temp_xprts expires xprts in a two-step process: first it takes +the sv_lock and moves the xprts to expire off their server-wide list +(sv_tempsocks or sv_permsocks) to a local list. Then it drops the +sv_lock and enqueues and puts each one. + +I see no reason for this: svc_xprt_enqueue() will take sp_lock, but the +sv_lock and sp_lock are not otherwise nested anywhere (and documentation +at the top of this file claims it's correct to nest these with sp_lock +inside.) + +Tested-by: Jason Tibbitts +Tested-by: Paweł Sikora +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + net/sunrpc/svc_xprt.c | 15 ++------------- + 1 file changed, 2 insertions(+), 13 deletions(-) + +--- a/net/sunrpc/svc_xprt.c ++++ b/net/sunrpc/svc_xprt.c +@@ -817,7 +817,6 @@ static void svc_age_temp_xprts(unsigned + struct svc_serv *serv = (struct svc_serv *)closure; + struct svc_xprt *xprt; + struct list_head *le, *next; +- LIST_HEAD(to_be_aged); + + dprintk("svc_age_temp_xprts\n"); + +@@ -838,25 +837,15 @@ static void svc_age_temp_xprts(unsigned + if (atomic_read(&xprt->xpt_ref.refcount) > 1 || + test_bit(XPT_BUSY, &xprt->xpt_flags)) + continue; +- svc_xprt_get(xprt); +- list_move(le, &to_be_aged); ++ list_del_init(le); + set_bit(XPT_CLOSE, &xprt->xpt_flags); + set_bit(XPT_DETACHED, &xprt->xpt_flags); +- } +- spin_unlock_bh(&serv->sv_lock); +- +- while (!list_empty(&to_be_aged)) { +- le = to_be_aged.next; +- /* fiddling the xpt_list node is safe 'cos we're XPT_DETACHED */ +- list_del_init(le); +- xprt = list_entry(le, struct svc_xprt, xpt_list); +- + dprintk("queuing xprt %p for closing\n", xprt); + + /* a thread will dequeue and close it soon */ + svc_xprt_enqueue(xprt); +- svc_xprt_put(xprt); + } ++ spin_unlock_bh(&serv->sv_lock); + + mod_timer(&serv->sv_temptimer, jiffies + svc_conn_age_period * HZ); + } diff --git a/queue-3.4/vhost-fix-length-for-cross-region-descriptor.patch b/queue-3.4/vhost-fix-length-for-cross-region-descriptor.patch new file mode 100644 index 00000000000..ad754a928a1 --- /dev/null +++ b/queue-3.4/vhost-fix-length-for-cross-region-descriptor.patch @@ -0,0 +1,34 @@ +From bd97120fc3d1a11f3124c7c9ba1d91f51829eb85 Mon Sep 17 00:00:00 2001 +From: "Michael S. Tsirkin" +Date: Mon, 26 Nov 2012 05:57:27 +0000 +Subject: vhost: fix length for cross region descriptor + +From: "Michael S. Tsirkin" + +commit bd97120fc3d1a11f3124c7c9ba1d91f51829eb85 upstream. + +If a single descriptor crosses a region, the +second chunk length should be decremented +by size translated so far, instead it includes +the full descriptor length. + +Signed-off-by: Michael S. Tsirkin +Acked-by: Jason Wang +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/vhost/vhost.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/vhost/vhost.c ++++ b/drivers/vhost/vhost.c +@@ -1074,7 +1074,7 @@ static int translate_desc(struct vhost_d + } + _iov = iov + ret; + size = reg->memory_size - addr + reg->guest_phys_addr; +- _iov->iov_len = min((u64)len, size); ++ _iov->iov_len = min((u64)len - s, size); + _iov->iov_base = (void __user *)(unsigned long) + (reg->userspace_addr + addr - reg->guest_phys_addr); + s += size; -- 2.47.3