post rebase fixups
This commit is contained in:
parent
97317afeb2
commit
20c2282be6
|
@ -1,24 +0,0 @@
|
|||
diff --git a/net/ceph/auth_none.c b/net/ceph/auth_none.c
|
||||
index 925ca58..0ef2458 100644
|
||||
--- a/net/ceph/auth_none.c
|
||||
+++ b/net/ceph/auth_none.c
|
||||
@@ -39,6 +39,11 @@ static int should_authenticate(struct ceph_auth_client *ac)
|
||||
return xi->starting;
|
||||
}
|
||||
|
||||
+static int build_request(struct ceph_auth_client *ac, void *buf, void *end)
|
||||
+{
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* the generic auth code decode the global_id, and we carry no actual
|
||||
* authenticate state, so nothing happens here.
|
||||
@@ -106,6 +111,7 @@ static const struct ceph_auth_client_ops ceph_auth_none_ops = {
|
||||
.destroy = destroy,
|
||||
.is_authenticated = is_authenticated,
|
||||
.should_authenticate = should_authenticate,
|
||||
+ .build_request = build_request,
|
||||
.handle_reply = handle_reply,
|
||||
.create_authorizer = ceph_auth_none_create_authorizer,
|
||||
.destroy_authorizer = ceph_auth_none_destroy_authorizer,
|
|
@ -1,219 +0,0 @@
|
|||
From 8125696991194aacb1173b6e8196d19098b44e17 Mon Sep 17 00:00:00 2001
|
||||
From: Stanislaw Gruszka <sgruszka@redhat.com>
|
||||
Date: Thu, 28 Feb 2013 09:55:25 +0000
|
||||
Subject: cfg80211/mac80211: disconnect on suspend
|
||||
|
||||
If possible that after suspend, cfg80211 will receive request to
|
||||
disconnect what require action on interface that was removed during
|
||||
suspend.
|
||||
|
||||
Problem can manifest itself by various warnings similar to below one:
|
||||
|
||||
WARNING: at net/mac80211/driver-ops.h:12 ieee80211_bss_info_change_notify+0x2f9/0x300 [mac80211]()
|
||||
wlan0: Failed check-sdata-in-driver check, flags: 0x4
|
||||
Call Trace:
|
||||
[<c043e0b3>] warn_slowpath_fmt+0x33/0x40
|
||||
[<f83707c9>] ieee80211_bss_info_change_notify+0x2f9/0x300 [mac80211]
|
||||
[<f83a660a>] ieee80211_recalc_ps_vif+0x2a/0x30 [mac80211]
|
||||
[<f83a6706>] ieee80211_set_disassoc+0xf6/0x500 [mac80211]
|
||||
[<f83a9441>] ieee80211_mgd_deauth+0x1f1/0x280 [mac80211]
|
||||
[<f8381b36>] ieee80211_deauth+0x16/0x20 [mac80211]
|
||||
[<f8261e70>] cfg80211_mlme_down+0x70/0xc0 [cfg80211]
|
||||
[<f8264de1>] __cfg80211_disconnect+0x1b1/0x1d0 [cfg80211]
|
||||
|
||||
To fix the problem disconnect from any associated network before
|
||||
suspend. User space is responsible to establish connection again
|
||||
after resume. This basically need to be done by user space anyway,
|
||||
because associated stations can go away during suspend (for example
|
||||
NetworkManager disconnects on suspend and connect on resume by default).
|
||||
|
||||
Patch also handle situation when driver refuse to suspend with wowlan
|
||||
configured and try to suspend again without it.
|
||||
|
||||
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
|
||||
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
||||
---
|
||||
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
|
||||
index d0275f3..4d105c7 100644
|
||||
--- a/net/mac80211/pm.c
|
||||
+++ b/net/mac80211/pm.c
|
||||
@@ -93,7 +93,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
|
||||
return err;
|
||||
} else if (err > 0) {
|
||||
WARN_ON(err != 1);
|
||||
- local->wowlan = false;
|
||||
+ return err;
|
||||
} else {
|
||||
list_for_each_entry(sdata, &local->interfaces, list)
|
||||
if (ieee80211_sdata_running(sdata))
|
||||
diff --git a/net/wireless/core.c b/net/wireless/core.c
|
||||
index ea4155f..f382cae 100644
|
||||
--- a/net/wireless/core.c
|
||||
+++ b/net/wireless/core.c
|
||||
@@ -814,6 +814,46 @@ void cfg80211_update_iface_num(struct cfg80211_registered_device *rdev,
|
||||
rdev->num_running_monitor_ifaces += num;
|
||||
}
|
||||
|
||||
+void cfg80211_leave(struct cfg80211_registered_device *rdev,
|
||||
+ struct wireless_dev *wdev)
|
||||
+{
|
||||
+ struct net_device *dev = wdev->netdev;
|
||||
+
|
||||
+ switch (wdev->iftype) {
|
||||
+ case NL80211_IFTYPE_ADHOC:
|
||||
+ cfg80211_leave_ibss(rdev, dev, true);
|
||||
+ break;
|
||||
+ case NL80211_IFTYPE_P2P_CLIENT:
|
||||
+ case NL80211_IFTYPE_STATION:
|
||||
+ mutex_lock(&rdev->sched_scan_mtx);
|
||||
+ __cfg80211_stop_sched_scan(rdev, false);
|
||||
+ mutex_unlock(&rdev->sched_scan_mtx);
|
||||
+
|
||||
+ wdev_lock(wdev);
|
||||
+#ifdef CONFIG_CFG80211_WEXT
|
||||
+ kfree(wdev->wext.ie);
|
||||
+ wdev->wext.ie = NULL;
|
||||
+ wdev->wext.ie_len = 0;
|
||||
+ wdev->wext.connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
|
||||
+#endif
|
||||
+ __cfg80211_disconnect(rdev, dev,
|
||||
+ WLAN_REASON_DEAUTH_LEAVING, true);
|
||||
+ cfg80211_mlme_down(rdev, dev);
|
||||
+ wdev_unlock(wdev);
|
||||
+ break;
|
||||
+ case NL80211_IFTYPE_MESH_POINT:
|
||||
+ cfg80211_leave_mesh(rdev, dev);
|
||||
+ break;
|
||||
+ case NL80211_IFTYPE_AP:
|
||||
+ cfg80211_stop_ap(rdev, dev);
|
||||
+ break;
|
||||
+ default:
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ wdev->beacon_interval = 0;
|
||||
+}
|
||||
+
|
||||
static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
|
||||
unsigned long state,
|
||||
void *ndev)
|
||||
@@ -882,38 +922,7 @@ static int cfg80211_netdev_notifier_call(struct notifier_block *nb,
|
||||
dev->priv_flags |= IFF_DONT_BRIDGE;
|
||||
break;
|
||||
case NETDEV_GOING_DOWN:
|
||||
- switch (wdev->iftype) {
|
||||
- case NL80211_IFTYPE_ADHOC:
|
||||
- cfg80211_leave_ibss(rdev, dev, true);
|
||||
- break;
|
||||
- case NL80211_IFTYPE_P2P_CLIENT:
|
||||
- case NL80211_IFTYPE_STATION:
|
||||
- mutex_lock(&rdev->sched_scan_mtx);
|
||||
- __cfg80211_stop_sched_scan(rdev, false);
|
||||
- mutex_unlock(&rdev->sched_scan_mtx);
|
||||
-
|
||||
- wdev_lock(wdev);
|
||||
-#ifdef CONFIG_CFG80211_WEXT
|
||||
- kfree(wdev->wext.ie);
|
||||
- wdev->wext.ie = NULL;
|
||||
- wdev->wext.ie_len = 0;
|
||||
- wdev->wext.connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
|
||||
-#endif
|
||||
- __cfg80211_disconnect(rdev, dev,
|
||||
- WLAN_REASON_DEAUTH_LEAVING, true);
|
||||
- cfg80211_mlme_down(rdev, dev);
|
||||
- wdev_unlock(wdev);
|
||||
- break;
|
||||
- case NL80211_IFTYPE_MESH_POINT:
|
||||
- cfg80211_leave_mesh(rdev, dev);
|
||||
- break;
|
||||
- case NL80211_IFTYPE_AP:
|
||||
- cfg80211_stop_ap(rdev, dev);
|
||||
- break;
|
||||
- default:
|
||||
- break;
|
||||
- }
|
||||
- wdev->beacon_interval = 0;
|
||||
+ cfg80211_leave(rdev, wdev);
|
||||
break;
|
||||
case NETDEV_DOWN:
|
||||
cfg80211_update_iface_num(rdev, wdev->iftype, -1);
|
||||
diff --git a/net/wireless/core.h b/net/wireless/core.h
|
||||
index 9a2be8d..d5d06fd 100644
|
||||
--- a/net/wireless/core.h
|
||||
+++ b/net/wireless/core.h
|
||||
@@ -503,6 +503,9 @@ int cfg80211_validate_beacon_int(struct cfg80211_registered_device *rdev,
|
||||
void cfg80211_update_iface_num(struct cfg80211_registered_device *rdev,
|
||||
enum nl80211_iftype iftype, int num);
|
||||
|
||||
+void cfg80211_leave(struct cfg80211_registered_device *rdev,
|
||||
+ struct wireless_dev *wdev);
|
||||
+
|
||||
void cfg80211_stop_p2p_device(struct cfg80211_registered_device *rdev,
|
||||
struct wireless_dev *wdev);
|
||||
|
||||
diff --git a/net/wireless/rdev-ops.h b/net/wireless/rdev-ops.h
|
||||
index 8c8b26f..d77e1c1 100644
|
||||
--- a/net/wireless/rdev-ops.h
|
||||
+++ b/net/wireless/rdev-ops.h
|
||||
@@ -6,11 +6,12 @@
|
||||
#include "core.h"
|
||||
#include "trace.h"
|
||||
|
||||
-static inline int rdev_suspend(struct cfg80211_registered_device *rdev)
|
||||
+static inline int rdev_suspend(struct cfg80211_registered_device *rdev,
|
||||
+ struct cfg80211_wowlan *wowlan)
|
||||
{
|
||||
int ret;
|
||||
- trace_rdev_suspend(&rdev->wiphy, rdev->wowlan);
|
||||
- ret = rdev->ops->suspend(&rdev->wiphy, rdev->wowlan);
|
||||
+ trace_rdev_suspend(&rdev->wiphy, wowlan);
|
||||
+ ret = rdev->ops->suspend(&rdev->wiphy, wowlan);
|
||||
trace_rdev_return_int(&rdev->wiphy, ret);
|
||||
return ret;
|
||||
}
|
||||
diff --git a/net/wireless/sysfs.c b/net/wireless/sysfs.c
|
||||
index 238ee49..8f28b9f 100644
|
||||
--- a/net/wireless/sysfs.c
|
||||
+++ b/net/wireless/sysfs.c
|
||||
@@ -83,6 +83,14 @@ static int wiphy_uevent(struct device *dev, struct kobj_uevent_env *env)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+static void cfg80211_leave_all(struct cfg80211_registered_device *rdev)
|
||||
+{
|
||||
+ struct wireless_dev *wdev;
|
||||
+
|
||||
+ list_for_each_entry(wdev, &rdev->wdev_list, list)
|
||||
+ cfg80211_leave(rdev, wdev);
|
||||
+}
|
||||
+
|
||||
static int wiphy_suspend(struct device *dev, pm_message_t state)
|
||||
{
|
||||
struct cfg80211_registered_device *rdev = dev_to_rdev(dev);
|
||||
@@ -90,12 +98,19 @@ static int wiphy_suspend(struct device *dev, pm_message_t state)
|
||||
|
||||
rdev->suspend_at = get_seconds();
|
||||
|
||||
- if (rdev->ops->suspend) {
|
||||
- rtnl_lock();
|
||||
- if (rdev->wiphy.registered)
|
||||
- ret = rdev_suspend(rdev);
|
||||
- rtnl_unlock();
|
||||
+ rtnl_lock();
|
||||
+ if (rdev->wiphy.registered) {
|
||||
+ if (!rdev->wowlan)
|
||||
+ cfg80211_leave_all(rdev);
|
||||
+ if (rdev->ops->suspend)
|
||||
+ ret = rdev_suspend(rdev, rdev->wowlan);
|
||||
+ if (ret == 1) {
|
||||
+ /* Driver refuse to configure wowlan */
|
||||
+ cfg80211_leave_all(rdev);
|
||||
+ ret = rdev_suspend(rdev, NULL);
|
||||
+ }
|
||||
}
|
||||
+ rtnl_unlock();
|
||||
|
||||
return ret;
|
||||
}
|
||||
--
|
||||
cgit v0.9.1
|
File diff suppressed because it is too large
Load Diff
25
kernel.spec
25
kernel.spec
|
@ -718,10 +718,6 @@ Patch21242: criu-no-expert.patch
|
|||
#rhbz 892811
|
||||
Patch21247: ath9k_rx_dma_stop_check.patch
|
||||
|
||||
#rhbz 856863 892599
|
||||
Patch21273: cfg80211-mac80211-disconnect-on-suspend.patch
|
||||
Patch21274: mac80211_fixes_for_ieee80211_do_stop_while_suspend_v3.9.patch
|
||||
|
||||
Patch22000: weird-root-dentry-name-debug.patch
|
||||
Patch22010: debug-idle-sched-warn-once.patch
|
||||
|
||||
|
@ -734,9 +730,6 @@ Patch23006: fix-child-thread-introspection.patch
|
|||
#rhbz 948262
|
||||
Patch25024: intel_iommu-Downgrade-the-warning-if-enabling-irq-remapping-fails.patch
|
||||
|
||||
# Needed for F19 gssproxy feature
|
||||
Patch25030: gssproxy-backport.patch
|
||||
|
||||
#CVE-2013-2140 rhbz 971146 971148
|
||||
Patch25031: xen-blkback-Check-device-permissions-before-allowing.patch
|
||||
|
||||
|
@ -773,9 +766,6 @@ Patch25055: ath3k-dont-use-stack-memory-for-DMA.patch
|
|||
Patch25056: iwl3945-better-skb-management-in-rx-path.patch
|
||||
Patch25057: iwl4965-better-skb-management-in-rx-path.patch
|
||||
|
||||
#CVE-2013-1059 rhbz 977356 980341
|
||||
Patch25059: ceph-fix.patch
|
||||
|
||||
#rhbz 976789 980643
|
||||
Patch25062: vhost-net-fix-use-after-free-in-vhost_net_flush.patch
|
||||
|
||||
|
@ -1460,19 +1450,12 @@ ApplyPatch criu-no-expert.patch
|
|||
#rhbz 892811
|
||||
ApplyPatch ath9k_rx_dma_stop_check.patch
|
||||
|
||||
#rhbz 856863 892599
|
||||
#ApplyPatch cfg80211-mac80211-disconnect-on-suspend.patch
|
||||
#ApplyPatch mac80211_fixes_for_ieee80211_do_stop_while_suspend_v3.9.patch
|
||||
|
||||
#rhbz 927469
|
||||
ApplyPatch fix-child-thread-introspection.patch
|
||||
|
||||
#rhbz 948262
|
||||
ApplyPatch intel_iommu-Downgrade-the-warning-if-enabling-irq-remapping-fails.patch
|
||||
|
||||
# Needed for F19 gssproxy feature
|
||||
#ApplyPatch gssproxy-backport.patch
|
||||
|
||||
#CVE-2013-2140 rhbz 971146 971148
|
||||
ApplyPatch xen-blkback-Check-device-permissions-before-allowing.patch
|
||||
|
||||
|
@ -1508,11 +1491,8 @@ ApplyPatch ath3k-dont-use-stack-memory-for-DMA.patch
|
|||
ApplyPatch iwl3945-better-skb-management-in-rx-path.patch
|
||||
ApplyPatch iwl4965-better-skb-management-in-rx-path.patch
|
||||
|
||||
#CVE-2013-1059 rhbz 977356 980341
|
||||
#ApplyPatch ceph-fix.patch
|
||||
|
||||
#rhbz 976789 980643
|
||||
#ApplyPatch vhost-net-fix-use-after-free-in-vhost_net_flush.patch
|
||||
ApplyPatch vhost-net-fix-use-after-free-in-vhost_net_flush.patch
|
||||
|
||||
#rhbz 959721
|
||||
ApplyPatch HID-kye-Add-report-fixup-for-Genius-Gila-Gaming-mouse.patch
|
||||
|
@ -2357,14 +2337,11 @@ fi
|
|||
tulip-dma-debug-error.patch
|
||||
af_key-fix-info-leaks-in-notify-messages.patch
|
||||
ipv6-ip6_sk_dst_check-must-not-assume-ipv6-dst.patch
|
||||
needs fixing:
|
||||
arm-tegra-fixclk.patch
|
||||
cfg80211-mac80211-disconnect-on-suspend.patch
|
||||
mac80211_fixes_for_ieee80211_do_stop_while_suspend_v3.9.patch
|
||||
gssproxy-backport.patch
|
||||
ceph-fix.patch
|
||||
vhost-net-fix-use-after-free-in-vhost_net_flush.patch
|
||||
ARM currently disabled, requires config changes. (See line 1558)
|
||||
|
||||
* Fri Jul 12 2013 Dave Jones <davej@redhat.com> - 3.9.9-304
|
||||
- Disable LATENCYTOP/SCHEDSTATS in non-debug builds.
|
||||
|
|
|
@ -1,73 +0,0 @@
|
|||
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
|
||||
index baaa860..7a3d675 100644
|
||||
--- a/net/mac80211/iface.c
|
||||
+++ b/net/mac80211/iface.c
|
||||
@@ -748,8 +748,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
|
||||
sdata->dev->addr_len);
|
||||
spin_unlock_bh(&local->filter_lock);
|
||||
netif_addr_unlock_bh(sdata->dev);
|
||||
-
|
||||
- ieee80211_configure_filter(local);
|
||||
+ /* configure filter latter (if not suspended) */
|
||||
}
|
||||
|
||||
del_timer_sync(&local->dynamic_ps_timer);
|
||||
@@ -814,10 +813,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
|
||||
}
|
||||
|
||||
ieee80211_adjust_monitor_flags(sdata, -1);
|
||||
- ieee80211_configure_filter(local);
|
||||
- mutex_lock(&local->mtx);
|
||||
- ieee80211_recalc_idle(local);
|
||||
- mutex_unlock(&local->mtx);
|
||||
+ /* tell driver latter (if not suspended) */
|
||||
break;
|
||||
case NL80211_IFTYPE_P2P_DEVICE:
|
||||
/* relies on synchronize_rcu() below */
|
||||
@@ -848,28 +844,31 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
|
||||
|
||||
drv_remove_interface_debugfs(local, sdata);
|
||||
|
||||
- if (going_down)
|
||||
+ if (going_down && !local->suspended)
|
||||
drv_remove_interface(local, sdata);
|
||||
}
|
||||
|
||||
sdata->bss = NULL;
|
||||
|
||||
- ieee80211_recalc_ps(local, -1);
|
||||
-
|
||||
- if (local->open_count == 0) {
|
||||
- if (local->ops->napi_poll)
|
||||
- napi_disable(&local->napi);
|
||||
- ieee80211_clear_tx_pending(local);
|
||||
- ieee80211_stop_device(local);
|
||||
-
|
||||
- /* no reconfiguring after stop! */
|
||||
- hw_reconf_flags = 0;
|
||||
+ if (!local->suspended) {
|
||||
+ if (local->open_count == 0) {
|
||||
+ if (local->ops->napi_poll)
|
||||
+ napi_disable(&local->napi);
|
||||
+ ieee80211_clear_tx_pending(local);
|
||||
+ ieee80211_stop_device(local);
|
||||
+ } else {
|
||||
+ ieee80211_configure_filter(local);
|
||||
+ ieee80211_recalc_ps(local, -1);
|
||||
+
|
||||
+ mutex_lock(&local->mtx);
|
||||
+ ieee80211_recalc_idle(local);
|
||||
+ mutex_unlock(&local->mtx);
|
||||
+
|
||||
+ if (hw_reconf_flags)
|
||||
+ ieee80211_hw_config(local, hw_reconf_flags);
|
||||
+ }
|
||||
}
|
||||
|
||||
- /* do after stop to avoid reconfiguring when we stop anyway */
|
||||
- if (hw_reconf_flags)
|
||||
- ieee80211_hw_config(local, hw_reconf_flags);
|
||||
-
|
||||
spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
|
||||
for (i = 0; i < IEEE80211_MAX_QUEUES; i++) {
|
||||
skb_queue_walk_safe(&local->pending[i], skb, tmp) {
|
|
@ -1,76 +1,54 @@
|
|||
From 0c9d7f6ea817d5328a09a78e901b16e1836ca4d7 Mon Sep 17 00:00:00 2001
|
||||
From: "Michael S. Tsirkin" <mst@redhat.com>
|
||||
Date: Tue, 25 Jun 2013 17:29:46 +0300
|
||||
Subject: [PATCH] vhost-net: fix use-after-free in vhost_net_flush
|
||||
commit c38e39c378f46f00ce922dd40a91043a9925c28d
|
||||
Author: Michael S. Tsirkin <mst@redhat.com>
|
||||
Date: Tue Jun 25 17:29:46 2013 +0300
|
||||
|
||||
vhost_net_ubuf_put_and_wait has a confusing name:
|
||||
it will actually also free it's argument.
|
||||
Thus since commit 1280c27f8e29acf4af2da914e80ec27c3dbd5c01
|
||||
"vhost-net: flush outstanding DMAs on memory change"
|
||||
vhost_net_flush tries to use the argument after passing it
|
||||
to vhost_net_ubuf_put_and_wait, this results
|
||||
in use after free.
|
||||
To fix, don't free the argument in vhost_net_ubuf_put_and_wait,
|
||||
add an new API for callers that want to free ubufs.
|
||||
|
||||
Acked-by: Asias He <asias@redhat.com>
|
||||
Acked-by: Jason Wang <jasowang@redhat.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
---
|
||||
drivers/vhost/net.c | 4 ++--
|
||||
drivers/vhost/vhost.c | 5 +++++
|
||||
drivers/vhost/vhost.h | 1 +
|
||||
3 files changed, 8 insertions(+), 2 deletions(-)
|
||||
vhost-net: fix use-after-free in vhost_net_flush
|
||||
|
||||
vhost_net_ubuf_put_and_wait has a confusing name:
|
||||
it will actually also free it's argument.
|
||||
Thus since commit 1280c27f8e29acf4af2da914e80ec27c3dbd5c01
|
||||
"vhost-net: flush outstanding DMAs on memory change"
|
||||
vhost_net_flush tries to use the argument after passing it
|
||||
to vhost_net_ubuf_put_and_wait, this results
|
||||
in use after free.
|
||||
To fix, don't free the argument in vhost_net_ubuf_put_and_wait,
|
||||
add an new API for callers that want to free ubufs.
|
||||
|
||||
Acked-by: Asias He <asias@redhat.com>
|
||||
Acked-by: Jason Wang <jasowang@redhat.com>
|
||||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
||||
|
||||
diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
|
||||
index dfff647..d8d4f57 100644
|
||||
index f80d3dd..8ca5ac7 100644
|
||||
--- a/drivers/vhost/net.c
|
||||
+++ b/drivers/vhost/net.c
|
||||
@@ -857,7 +857,7 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)
|
||||
mutex_unlock(&vq->mutex);
|
||||
|
||||
if (oldubufs) {
|
||||
- vhost_ubuf_put_and_wait(oldubufs);
|
||||
+ vhost_ubuf_put_wait_and_free(oldubufs);
|
||||
mutex_lock(&vq->mutex);
|
||||
vhost_zerocopy_signal_used(n, vq);
|
||||
mutex_unlock(&vq->mutex);
|
||||
@@ -875,7 +875,7 @@ err_used:
|
||||
rcu_assign_pointer(vq->private_data, oldsock);
|
||||
vhost_net_enable_vq(n, vq);
|
||||
if (ubufs)
|
||||
- vhost_ubuf_put_and_wait(ubufs);
|
||||
+ vhost_ubuf_put_wait_and_free(ubufs);
|
||||
err_ubufs:
|
||||
fput(sock->file);
|
||||
err_vq:
|
||||
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
|
||||
index 9759249..ff53c9e 100644
|
||||
--- a/drivers/vhost/vhost.c
|
||||
+++ b/drivers/vhost/vhost.c
|
||||
@@ -1581,5 +1581,10 @@ void vhost_ubuf_put_and_wait(struct vhost_ubuf_ref *ubufs)
|
||||
@@ -150,6 +150,11 @@ static void vhost_net_ubuf_put_and_wait(struct vhost_net_ubuf_ref *ubufs)
|
||||
{
|
||||
kref_put(&ubufs->kref, vhost_zerocopy_done_signal);
|
||||
kref_put(&ubufs->kref, vhost_net_zerocopy_done_signal);
|
||||
wait_event(ubufs->wait, !atomic_read(&ubufs->kref.refcount));
|
||||
+}
|
||||
+
|
||||
+void vhost_ubuf_put_wait_and_free(struct vhost_ubuf_ref *ubufs)
|
||||
+static void vhost_net_ubuf_put_wait_and_free(struct vhost_net_ubuf_ref *ubufs)
|
||||
+{
|
||||
+ vhost_ubuf_put_and_wait(ubufs);
|
||||
+ vhost_net_ubuf_put_and_wait(ubufs);
|
||||
kfree(ubufs);
|
||||
}
|
||||
diff --git a/drivers/vhost/vhost.h b/drivers/vhost/vhost.h
|
||||
index 17261e2..dd63b35 100644
|
||||
--- a/drivers/vhost/vhost.h
|
||||
+++ b/drivers/vhost/vhost.h
|
||||
@@ -63,6 +63,7 @@ struct vhost_ubuf_ref {
|
||||
struct vhost_ubuf_ref *vhost_ubuf_alloc(struct vhost_virtqueue *, bool zcopy);
|
||||
void vhost_ubuf_put(struct vhost_ubuf_ref *);
|
||||
void vhost_ubuf_put_and_wait(struct vhost_ubuf_ref *);
|
||||
+void vhost_ubuf_put_wait_and_free(struct vhost_ubuf_ref *);
|
||||
|
||||
struct ubuf_info;
|
||||
@@ -948,7 +953,7 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)
|
||||
mutex_unlock(&vq->mutex);
|
||||
|
||||
--
|
||||
1.8.2.1
|
||||
|
||||
if (oldubufs) {
|
||||
- vhost_net_ubuf_put_and_wait(oldubufs);
|
||||
+ vhost_net_ubuf_put_wait_and_free(oldubufs);
|
||||
mutex_lock(&vq->mutex);
|
||||
vhost_zerocopy_signal_used(n, vq);
|
||||
mutex_unlock(&vq->mutex);
|
||||
@@ -966,7 +971,7 @@ err_used:
|
||||
rcu_assign_pointer(vq->private_data, oldsock);
|
||||
vhost_net_enable_vq(n, vq);
|
||||
if (ubufs)
|
||||
- vhost_net_ubuf_put_and_wait(ubufs);
|
||||
+ vhost_net_ubuf_put_wait_and_free(ubufs);
|
||||
err_ubufs:
|
||||
fput(sock->file);
|
||||
err_vq:
|
||||
|
|
Loading…
Reference in New Issue