Linux 3.2.10
This commit is contained in:
parent
e323d4f829
commit
3bdc12b849
@ -1,16 +0,0 @@
|
|||||||
diff --git a/block/bsg.c b/block/bsg.c
|
|
||||||
index 4cf703f..ff64ae3 100644
|
|
||||||
--- a/block/bsg.c
|
|
||||||
+++ b/block/bsg.c
|
|
||||||
@@ -983,7 +983,8 @@ void bsg_unregister_queue(struct request_queue *q)
|
|
||||||
|
|
||||||
mutex_lock(&bsg_mutex);
|
|
||||||
idr_remove(&bsg_minor_idr, bcd->minor);
|
|
||||||
- sysfs_remove_link(&q->kobj, "bsg");
|
|
||||||
+ if (q->kobj.sd)
|
|
||||||
+ sysfs_remove_link(&q->kobj, "bsg");
|
|
||||||
device_unregister(bcd->class_dev);
|
|
||||||
bcd->class_dev = NULL;
|
|
||||||
kref_put(&bcd->ref, bsg_kref_release_function);
|
|
||||||
--
|
|
||||||
1.7.4.4
|
|
@ -1,61 +0,0 @@
|
|||||||
From 5bccda0ebc7c0331b81ac47d39e4b920b198b2cd Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jeff Layton <jlayton@redhat.com>
|
|
||||||
Date: Thu, 23 Feb 2012 09:37:45 -0500
|
|
||||||
Subject: [PATCH] cifs: fix dentry refcount leak when opening a FIFO on lookup
|
|
||||||
|
|
||||||
The cifs code will attempt to open files on lookup under certain
|
|
||||||
circumstances. What happens though if we find that the file we opened
|
|
||||||
was actually a FIFO or other special file?
|
|
||||||
|
|
||||||
Currently, the open filehandle just ends up being leaked leading to
|
|
||||||
a dentry refcount mismatch and oops on umount. Fix this by having the
|
|
||||||
code close the filehandle on the server if it turns out not to be a
|
|
||||||
regular file. While we're at it, change this spaghetti if statement
|
|
||||||
into a switch too.
|
|
||||||
|
|
||||||
Cc: stable@vger.kernel.org
|
|
||||||
Reported-by: CAI Qian <caiqian@redhat.com>
|
|
||||||
Tested-by: CAI Qian <caiqian@redhat.com>
|
|
||||||
Reviewed-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com>
|
|
||||||
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
||||||
Signed-off-by: Steve French <smfrench@gmail.com>
|
|
||||||
---
|
|
||||||
fs/cifs/dir.c | 20 ++++++++++++++++++--
|
|
||||||
1 files changed, 18 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
|
|
||||||
index 63a196b..bc7e244 100644
|
|
||||||
--- a/fs/cifs/dir.c
|
|
||||||
+++ b/fs/cifs/dir.c
|
|
||||||
@@ -584,10 +584,26 @@ cifs_lookup(struct inode *parent_dir_inode, struct dentry *direntry,
|
|
||||||
* If either that or op not supported returned, follow
|
|
||||||
* the normal lookup.
|
|
||||||
*/
|
|
||||||
- if ((rc == 0) || (rc == -ENOENT))
|
|
||||||
+ switch (rc) {
|
|
||||||
+ case 0:
|
|
||||||
+ /*
|
|
||||||
+ * The server may allow us to open things like
|
|
||||||
+ * FIFOs, but the client isn't set up to deal
|
|
||||||
+ * with that. If it's not a regular file, just
|
|
||||||
+ * close it and proceed as if it were a normal
|
|
||||||
+ * lookup.
|
|
||||||
+ */
|
|
||||||
+ if (newInode && !S_ISREG(newInode->i_mode)) {
|
|
||||||
+ CIFSSMBClose(xid, pTcon, fileHandle);
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ case -ENOENT:
|
|
||||||
posix_open = true;
|
|
||||||
- else if ((rc == -EINVAL) || (rc != -EOPNOTSUPP))
|
|
||||||
+ case -EOPNOTSUPP:
|
|
||||||
+ break;
|
|
||||||
+ default:
|
|
||||||
pTcon->broken_posix_open = true;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
if (!posix_open)
|
|
||||||
rc = cifs_get_inode_info_unix(&newInode, full_path,
|
|
||||||
--
|
|
||||||
1.7.0.4
|
|
||||||
|
|
@ -1,40 +0,0 @@
|
|||||||
From aed3f09db39596e539f90b11a5016aea4d8442e1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Alban Browaeys <prahal@yahoo.com>
|
|
||||||
Date: Fri, 24 Feb 2012 17:12:45 +0000
|
|
||||||
Subject: [PATCH] drm/i915: Prevent a machine hang by checking crtc->active
|
|
||||||
before loading lut
|
|
||||||
|
|
||||||
Before loading the lut (gamma), check the active state of intel_crtc,
|
|
||||||
otherwise at least on gen2 hang ensue.
|
|
||||||
|
|
||||||
This is reproducible in Xorg via:
|
|
||||||
xset dpms force off
|
|
||||||
then
|
|
||||||
xgamma -rgamma 2.0 # freeze.
|
|
||||||
|
|
||||||
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=44505
|
|
||||||
Signed-off-by: Alban Browaeys <prahal@yahoo.com>
|
|
||||||
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
|
|
||||||
Reviewed-by: Jesse Barnes <jbarnes@virtuousgeek.org>
|
|
||||||
Cc: stable@kernel.org
|
|
||||||
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
|
|
||||||
---
|
|
||||||
drivers/gpu/drm/i915/intel_display.c | 2 +-
|
|
||||||
1 files changed, 1 insertions(+), 1 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
|
|
||||||
index 4871ba0..f851db7 100644
|
|
||||||
--- a/drivers/gpu/drm/i915/intel_display.c
|
|
||||||
+++ b/drivers/gpu/drm/i915/intel_display.c
|
|
||||||
@@ -6184,7 +6184,7 @@ void intel_crtc_load_lut(struct drm_crtc *crtc)
|
|
||||||
int i;
|
|
||||||
|
|
||||||
/* The clocks have to be on to load the palette. */
|
|
||||||
- if (!crtc->enabled)
|
|
||||||
+ if (!crtc->enabled || !intel_crtc->active)
|
|
||||||
return;
|
|
||||||
|
|
||||||
/* use legacy palette for Ironlake */
|
|
||||||
--
|
|
||||||
1.7.7.6
|
|
||||||
|
|
45
kernel.spec
45
kernel.spec
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||||||
# For non-released -rc kernels, this will be appended after the rcX and
|
# For non-released -rc kernels, this will be appended after the rcX and
|
||||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||||
#
|
#
|
||||||
%global baserelease 4
|
%global baserelease 1
|
||||||
%global fedora_build %{baserelease}
|
%global fedora_build %{baserelease}
|
||||||
|
|
||||||
# base_sublevel is the kernel version we're starting with and patching
|
# base_sublevel is the kernel version we're starting with and patching
|
||||||
@ -66,7 +66,7 @@ Summary: The Linux kernel
|
|||||||
%if 0%{?released_kernel}
|
%if 0%{?released_kernel}
|
||||||
|
|
||||||
# Do we have a -stable update to apply?
|
# Do we have a -stable update to apply?
|
||||||
%define stable_update 9
|
%define stable_update 10
|
||||||
# Is it a -stable RC?
|
# Is it a -stable RC?
|
||||||
%define stable_rc 0
|
%define stable_rc 0
|
||||||
# Set rpm version accordingly
|
# Set rpm version accordingly
|
||||||
@ -717,7 +717,7 @@ Patch1500: fix_xen_guest_on_old_EC2.patch
|
|||||||
|
|
||||||
# intel drm is all merged upstream
|
# intel drm is all merged upstream
|
||||||
Patch1824: drm-intel-next.patch
|
Patch1824: drm-intel-next.patch
|
||||||
Patch1825: drm-intel-crtc-dpms-fix.patch
|
|
||||||
# hush the i915 fbc noise
|
# hush the i915 fbc noise
|
||||||
Patch1826: drm-i915-fbc-stfu.patch
|
Patch1826: drm-i915-fbc-stfu.patch
|
||||||
|
|
||||||
@ -744,8 +744,6 @@ Patch3500: jbd-jbd2-validate-sb-s_first-in-journal_get_superblo.patch
|
|||||||
|
|
||||||
Patch12016: disable-i8042-check-on-apple-mac.patch
|
Patch12016: disable-i8042-check-on-apple-mac.patch
|
||||||
|
|
||||||
Patch12026: bsg-fix-sysfs-link-remove-warning.patch
|
|
||||||
|
|
||||||
Patch12303: dmar-disable-when-ricoh-multifunction.patch
|
Patch12303: dmar-disable-when-ricoh-multifunction.patch
|
||||||
|
|
||||||
Patch13002: revert-efi-rtclock.patch
|
Patch13002: revert-efi-rtclock.patch
|
||||||
@ -809,30 +807,15 @@ Patch21234: e1000e-Avoid-wrong-check-on-TX-hang.patch
|
|||||||
#Patch21235: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
|
#Patch21235: scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
|
||||||
Patch21235: scsi-fix-sd_revalidate_disk-oops.patch
|
Patch21235: scsi-fix-sd_revalidate_disk-oops.patch
|
||||||
|
|
||||||
#rhbz 790367
|
|
||||||
Patch21239: s390x-enable-keys-compat.patch
|
|
||||||
|
|
||||||
#rhbz 727865 730007
|
#rhbz 727865 730007
|
||||||
Patch21240: ACPICA-Fix-regression-in-FADT-revision-checks.patch
|
Patch21240: ACPICA-Fix-regression-in-FADT-revision-checks.patch
|
||||||
|
|
||||||
Patch21241: cifs-fix-dentry-refcount-leak-when-opening-a-FIFO.patch
|
|
||||||
|
|
||||||
#rhbz 728478
|
#rhbz 728478
|
||||||
Patch21242: sony-laptop-Enable-keyboard-backlight-by-default.patch
|
Patch21242: sony-laptop-Enable-keyboard-backlight-by-default.patch
|
||||||
|
|
||||||
# Disable threading in hibernate compression
|
# Disable threading in hibernate compression
|
||||||
Patch21243: disable-threading-in-compression-for-hibernate.patch
|
Patch21243: disable-threading-in-compression-for-hibernate.patch
|
||||||
|
|
||||||
#rhbz 799782 CVE-2012-1097
|
|
||||||
Patch21244: regset-Prevent-null-pointer-reference-on-readonly-re.patch
|
|
||||||
Patch21245: regset-Return-EFAULT-not-EIO-on-host-side-memory-fau.patch
|
|
||||||
|
|
||||||
#rhbz 786632
|
|
||||||
Patch21246: mm-thp-fix-BUG-on-mm-nr_ptes.patch
|
|
||||||
|
|
||||||
#rhbz 800817
|
|
||||||
Patch21247: mm-memcg-Correct-unregistring-of-events-attached-to-.patch
|
|
||||||
|
|
||||||
Patch21300: unhandled-irqs-switch-to-polling.patch
|
Patch21300: unhandled-irqs-switch-to-polling.patch
|
||||||
|
|
||||||
Patch21350: x86-ioapic-add-register-checks-for-bogus-io-apic-entries.patch
|
Patch21350: x86-ioapic-add-register-checks-for-bogus-io-apic-entries.patch
|
||||||
@ -1491,7 +1474,6 @@ ApplyPatch fix_xen_guest_on_old_EC2.patch
|
|||||||
|
|
||||||
# Intel DRM
|
# Intel DRM
|
||||||
ApplyOptionalPatch drm-intel-next.patch
|
ApplyOptionalPatch drm-intel-next.patch
|
||||||
ApplyPatch drm-intel-crtc-dpms-fix.patch
|
|
||||||
ApplyPatch drm-i915-fbc-stfu.patch
|
ApplyPatch drm-i915-fbc-stfu.patch
|
||||||
|
|
||||||
ApplyPatch linux-2.6-intel-iommu-igfx.patch
|
ApplyPatch linux-2.6-intel-iommu-igfx.patch
|
||||||
@ -1510,8 +1492,6 @@ ApplyOptionalPatch linux-2.6-v4l-dvb-experimental.patch
|
|||||||
|
|
||||||
ApplyPatch disable-i8042-check-on-apple-mac.patch
|
ApplyPatch disable-i8042-check-on-apple-mac.patch
|
||||||
|
|
||||||
ApplyPatch bsg-fix-sysfs-link-remove-warning.patch
|
|
||||||
|
|
||||||
# rhbz#605888
|
# rhbz#605888
|
||||||
ApplyPatch dmar-disable-when-ricoh-multifunction.patch
|
ApplyPatch dmar-disable-when-ricoh-multifunction.patch
|
||||||
|
|
||||||
@ -1571,31 +1551,15 @@ ApplyPatch e1000e-Avoid-wrong-check-on-TX-hang.patch
|
|||||||
#ApplyPatch scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
|
#ApplyPatch scsi-sd_revalidate_disk-prevent-NULL-ptr-deref.patch
|
||||||
ApplyPatch scsi-fix-sd_revalidate_disk-oops.patch
|
ApplyPatch scsi-fix-sd_revalidate_disk-oops.patch
|
||||||
|
|
||||||
#rhbz 790367
|
|
||||||
ApplyPatch s390x-enable-keys-compat.patch
|
|
||||||
|
|
||||||
#rhbz 727865 730007
|
#rhbz 727865 730007
|
||||||
ApplyPatch ACPICA-Fix-regression-in-FADT-revision-checks.patch
|
ApplyPatch ACPICA-Fix-regression-in-FADT-revision-checks.patch
|
||||||
|
|
||||||
#rhbz 798296
|
|
||||||
ApplyPatch cifs-fix-dentry-refcount-leak-when-opening-a-FIFO.patch
|
|
||||||
|
|
||||||
#rhbz 728478
|
#rhbz 728478
|
||||||
ApplyPatch sony-laptop-Enable-keyboard-backlight-by-default.patch
|
ApplyPatch sony-laptop-Enable-keyboard-backlight-by-default.patch
|
||||||
|
|
||||||
#Disable threading in hibernate compression
|
#Disable threading in hibernate compression
|
||||||
ApplyPatch disable-threading-in-compression-for-hibernate.patch
|
ApplyPatch disable-threading-in-compression-for-hibernate.patch
|
||||||
|
|
||||||
#rhbz 799782 CVE-2012-1097
|
|
||||||
ApplyPatch regset-Prevent-null-pointer-reference-on-readonly-re.patch
|
|
||||||
ApplyPatch regset-Return-EFAULT-not-EIO-on-host-side-memory-fau.patch
|
|
||||||
|
|
||||||
#rhbz 786632
|
|
||||||
ApplyPatch mm-thp-fix-BUG-on-mm-nr_ptes.patch
|
|
||||||
|
|
||||||
#rhbz 800817
|
|
||||||
ApplyPatch mm-memcg-Correct-unregistring-of-events-attached-to-.patch
|
|
||||||
|
|
||||||
ApplyPatch unhandled-irqs-switch-to-polling.patch
|
ApplyPatch unhandled-irqs-switch-to-polling.patch
|
||||||
|
|
||||||
ApplyPatch weird-root-dentry-name-debug.patch
|
ApplyPatch weird-root-dentry-name-debug.patch
|
||||||
@ -2418,6 +2382,9 @@ fi
|
|||||||
# and build.
|
# and build.
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Mar 12 2012 Josh Boyer <jwboyer@redhat.com> - 3.2.10-1
|
||||||
|
- Linux 3.2.10
|
||||||
|
|
||||||
* Mon Mar 12 2012 Josh Boyer <jwboyer@redhat.com> - 3.2.9-4
|
* Mon Mar 12 2012 Josh Boyer <jwboyer@redhat.com> - 3.2.9-4
|
||||||
- Add patch to ignore bogus io-apic entries (rhbz 801501)
|
- Add patch to ignore bogus io-apic entries (rhbz 801501)
|
||||||
|
|
||||||
|
@ -1,69 +0,0 @@
|
|||||||
From 371528caec553785c37f73fa3926ea0de84f986f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Anton Vorontsov <anton.vorontsov@linaro.org>
|
|
||||||
Date: Fri, 24 Feb 2012 05:14:46 +0400
|
|
||||||
Subject: [PATCH] mm: memcg: Correct unregistring of events attached to the
|
|
||||||
same eventfd
|
|
||||||
|
|
||||||
There is an issue when memcg unregisters events that were attached to
|
|
||||||
the same eventfd:
|
|
||||||
|
|
||||||
- On the first call mem_cgroup_usage_unregister_event() removes all
|
|
||||||
events attached to a given eventfd, and if there were no events left,
|
|
||||||
thresholds->primary would become NULL;
|
|
||||||
|
|
||||||
- Since there were several events registered, cgroups core will call
|
|
||||||
mem_cgroup_usage_unregister_event() again, but now kernel will oops,
|
|
||||||
as the function doesn't expect that threshold->primary may be NULL.
|
|
||||||
|
|
||||||
That's a good question whether mem_cgroup_usage_unregister_event()
|
|
||||||
should actually remove all events in one go, but nowadays it can't
|
|
||||||
do any better as cftype->unregister_event callback doesn't pass
|
|
||||||
any private event-associated cookie. So, let's fix the issue by
|
|
||||||
simply checking for threshold->primary.
|
|
||||||
|
|
||||||
FWIW, w/o the patch the following oops may be observed:
|
|
||||||
|
|
||||||
BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
|
|
||||||
IP: [<ffffffff810be32c>] mem_cgroup_usage_unregister_event+0x9c/0x1f0
|
|
||||||
Pid: 574, comm: kworker/0:2 Not tainted 3.3.0-rc4+ #9 Bochs Bochs
|
|
||||||
RIP: 0010:[<ffffffff810be32c>] [<ffffffff810be32c>] mem_cgroup_usage_unregister_event+0x9c/0x1f0
|
|
||||||
RSP: 0018:ffff88001d0b9d60 EFLAGS: 00010246
|
|
||||||
Process kworker/0:2 (pid: 574, threadinfo ffff88001d0b8000, task ffff88001de91cc0)
|
|
||||||
Call Trace:
|
|
||||||
[<ffffffff8107092b>] cgroup_event_remove+0x2b/0x60
|
|
||||||
[<ffffffff8103db94>] process_one_work+0x174/0x450
|
|
||||||
[<ffffffff8103e413>] worker_thread+0x123/0x2d0
|
|
||||||
|
|
||||||
Cc: stable <stable@vger.kernel.org>
|
|
||||||
Signed-off-by: Anton Vorontsov <anton.vorontsov@linaro.org>
|
|
||||||
Acked-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
|
|
||||||
Cc: Kirill A. Shutemov <kirill@shutemov.name>
|
|
||||||
Cc: Michal Hocko <mhocko@suse.cz>
|
|
||||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
||||||
|
|
||||||
diff --git a/mm/memcontrol.c b/mm/memcontrol.c
|
|
||||||
index 6728a7a..228d646 100644
|
|
||||||
--- a/mm/memcontrol.c
|
|
||||||
+++ b/mm/memcontrol.c
|
|
||||||
@@ -4414,6 +4414,9 @@ static void mem_cgroup_usage_unregister_event(struct cgroup *cgrp,
|
|
||||||
*/
|
|
||||||
BUG_ON(!thresholds);
|
|
||||||
|
|
||||||
+ if (!thresholds->primary)
|
|
||||||
+ goto unlock;
|
|
||||||
+
|
|
||||||
usage = mem_cgroup_usage(memcg, type == _MEMSWAP);
|
|
||||||
|
|
||||||
/* Check if a threshold crossed before removing */
|
|
||||||
@@ -4462,7 +4465,7 @@ swap_buffers:
|
|
||||||
|
|
||||||
/* To be sure that nobody uses thresholds */
|
|
||||||
synchronize_rcu();
|
|
||||||
-
|
|
||||||
+unlock:
|
|
||||||
mutex_unlock(&memcg->thresholds_lock);
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
1.7.7.6
|
|
||||||
|
|
@ -1,121 +0,0 @@
|
|||||||
On Thu, 16 Feb 2012, Andrea Arcangeli wrote:
|
|
||||||
> On Thu, Feb 16, 2012 at 01:53:04AM -0800, Hugh Dickins wrote:
|
|
||||||
> > Yes (and I think less troublesome than most BUGs, coming at exit
|
|
||||||
> > while not holding locks; though we could well make it a WARN_ON,
|
|
||||||
> > I don't think that existed back in the day).
|
|
||||||
>
|
|
||||||
> A WARN_ON would be fine with me, go ahead if you prefer it... only
|
|
||||||
> risk would be to go unnoticed or be underestimated. I am ok with the
|
|
||||||
> BUG_ON too (even if this time it triggered false positives... sigh).
|
|
||||||
>
|
|
||||||
> > Acked-by: Hugh Dickins <hughd@google.com>
|
|
||||||
>
|
|
||||||
> Thanks for the quick review!
|
|
||||||
>
|
|
||||||
> > In looking into the bug, it had actually bothered me a little that you
|
|
||||||
> > were setting aside those pages, yet not counting them into nr_ptes;
|
|
||||||
> > though the only thing that cares is oom_kill.c, and the count of pages
|
|
||||||
> > in each hugepage can only dwarf the count in nr_ptes (whereas, without
|
|
||||||
> > hugepages, it's possible to populate very sparsely and nr_ptes become
|
|
||||||
> > significant).
|
|
||||||
>
|
|
||||||
> Agreed, it's not significant either ways.
|
|
||||||
>
|
|
||||||
> Running my two primary systems with this applied for half a day and no
|
|
||||||
> problem so far so it should be good foro -mm at least.
|
|
||||||
|
|
||||||
And I've had no trouble running your patch since then (but I never hit
|
|
||||||
the bug it fixes either). But we've all forgottent about it, so let me
|
|
||||||
bring your patch back inline (I've added one introductory sentence) and
|
|
||||||
address to akpm...
|
|
||||||
|
|
||||||
|
|
||||||
From: Andrea Arcangeli <aarcange@redhat.com>
|
|
||||||
Subject: [PATCH] mm: thp: fix BUG on mm->nr_ptes
|
|
||||||
|
|
||||||
Dave Jones reports a few Fedora users hitting the BUG_ON(mm->nr_ptes...)
|
|
||||||
in exit_mmap() recently.
|
|
||||||
|
|
||||||
Quoting Hugh's discovery and explanation of the SMP race condition:
|
|
||||||
|
|
||||||
===
|
|
||||||
mm->nr_ptes had unusual locking: down_read mmap_sem plus
|
|
||||||
page_table_lock when incrementing, down_write mmap_sem (or mm_users 0)
|
|
||||||
when decrementing; whereas THP is careful to increment and decrement
|
|
||||||
it under page_table_lock.
|
|
||||||
|
|
||||||
Now most of those paths in THP also hold mmap_sem for read or write
|
|
||||||
(with appropriate checks on mm_users), but two do not: when
|
|
||||||
split_huge_page() is called by hwpoison_user_mappings(), and when
|
|
||||||
called by add_to_swap().
|
|
||||||
|
|
||||||
It's conceivable that the latter case is responsible for the
|
|
||||||
exit_mmap() BUG_ON mm->nr_ptes that has been reported on Fedora.
|
|
||||||
===
|
|
||||||
|
|
||||||
The simplest way to fix it without having to alter the locking is to
|
|
||||||
make split_huge_page() a noop in nr_ptes terms, so by counting the
|
|
||||||
preallocated pagetables that exists for every mapped hugepage. It was
|
|
||||||
an arbitrary choice not to count them and either way is not wrong or
|
|
||||||
right, because they are not used but they're still allocated.
|
|
||||||
|
|
||||||
Reported-by: Dave Jones <davej@redhat.com>
|
|
||||||
Reported-by: Hugh Dickins <hughd@google.com>
|
|
||||||
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
|
|
||||||
Acked-by: Hugh Dickins <hughd@google.com>
|
|
||||||
---
|
|
||||||
mm/huge_memory.c | 6 +++---
|
|
||||||
1 files changed, 3 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/mm/huge_memory.c b/mm/huge_memory.c
|
|
||||||
index 91d3efb..8f7fc39 100644
|
|
||||||
--- a/mm/huge_memory.c
|
|
||||||
+++ b/mm/huge_memory.c
|
|
||||||
@@ -671,6 +671,7 @@ static int __do_huge_pmd_anonymous_page(struct mm_struct *mm,
|
|
||||||
set_pmd_at(mm, haddr, pmd, entry);
|
|
||||||
prepare_pmd_huge_pte(pgtable, mm);
|
|
||||||
add_mm_counter(mm, MM_ANONPAGES, HPAGE_PMD_NR);
|
|
||||||
+ mm->nr_ptes++;
|
|
||||||
spin_unlock(&mm->page_table_lock);
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -789,6 +790,7 @@ int copy_huge_pmd(struct mm_struct *dst_mm, struct mm_struct *src_mm,
|
|
||||||
pmd = pmd_mkold(pmd_wrprotect(pmd));
|
|
||||||
set_pmd_at(dst_mm, addr, dst_pmd, pmd);
|
|
||||||
prepare_pmd_huge_pte(pgtable, dst_mm);
|
|
||||||
+ dst_mm->nr_ptes++;
|
|
||||||
|
|
||||||
ret = 0;
|
|
||||||
out_unlock:
|
|
||||||
@@ -887,7 +889,6 @@ static int do_huge_pmd_wp_page_fallback(struct mm_struct *mm,
|
|
||||||
}
|
|
||||||
kfree(pages);
|
|
||||||
|
|
||||||
- mm->nr_ptes++;
|
|
||||||
smp_wmb(); /* make pte visible before pmd */
|
|
||||||
pmd_populate(mm, pmd, pgtable);
|
|
||||||
page_remove_rmap(page);
|
|
||||||
@@ -1047,6 +1048,7 @@ int zap_huge_pmd(struct mmu_gather *tlb, struct vm_area_struct *vma,
|
|
||||||
VM_BUG_ON(page_mapcount(page) < 0);
|
|
||||||
add_mm_counter(tlb->mm, MM_ANONPAGES, -HPAGE_PMD_NR);
|
|
||||||
VM_BUG_ON(!PageHead(page));
|
|
||||||
+ tlb->mm->nr_ptes--;
|
|
||||||
spin_unlock(&tlb->mm->page_table_lock);
|
|
||||||
tlb_remove_page(tlb, page);
|
|
||||||
pte_free(tlb->mm, pgtable);
|
|
||||||
@@ -1375,7 +1377,6 @@ static int __split_huge_page_map(struct page *page,
|
|
||||||
pte_unmap(pte);
|
|
||||||
}
|
|
||||||
|
|
||||||
- mm->nr_ptes++;
|
|
||||||
smp_wmb(); /* make pte visible before pmd */
|
|
||||||
/*
|
|
||||||
* Up to this point the pmd is present and huge and
|
|
||||||
@@ -1988,7 +1989,6 @@ static void collapse_huge_page(struct mm_struct *mm,
|
|
||||||
set_pmd_at(mm, address, pmd, _pmd);
|
|
||||||
update_mmu_cache(vma, address, _pmd);
|
|
||||||
prepare_pmd_huge_pte(pgtable, mm);
|
|
||||||
- mm->nr_ptes--;
|
|
||||||
spin_unlock(&mm->page_table_lock);
|
|
||||||
|
|
||||||
#ifndef CONFIG_NUMA
|
|
@ -1,63 +0,0 @@
|
|||||||
From c8e252586f8d5de906385d8cf6385fee289a825e Mon Sep 17 00:00:00 2001
|
|
||||||
From: "H. Peter Anvin" <hpa@zytor.com>
|
|
||||||
Date: Fri, 2 Mar 2012 10:43:48 -0800
|
|
||||||
Subject: [PATCH 1/2] regset: Prevent null pointer reference on readonly
|
|
||||||
regsets
|
|
||||||
|
|
||||||
The regset common infrastructure assumed that regsets would always
|
|
||||||
have .get and .set methods, but not necessarily .active methods.
|
|
||||||
Unfortunately people have since written regsets without .set methods.
|
|
||||||
|
|
||||||
Rather than putting in stub functions everywhere, handle regsets with
|
|
||||||
null .get or .set methods explicitly.
|
|
||||||
|
|
||||||
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
|
|
||||||
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
|
|
||||||
Acked-by: Roland McGrath <roland@hack.frob.com>
|
|
||||||
Cc: <stable@vger.kernel.org>
|
|
||||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
||||||
---
|
|
||||||
fs/binfmt_elf.c | 2 +-
|
|
||||||
include/linux/regset.h | 6 ++++++
|
|
||||||
2 files changed, 7 insertions(+), 1 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
|
|
||||||
index bcb884e..07d096c 100644
|
|
||||||
--- a/fs/binfmt_elf.c
|
|
||||||
+++ b/fs/binfmt_elf.c
|
|
||||||
@@ -1421,7 +1421,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t,
|
|
||||||
for (i = 1; i < view->n; ++i) {
|
|
||||||
const struct user_regset *regset = &view->regsets[i];
|
|
||||||
do_thread_regset_writeback(t->task, regset);
|
|
||||||
- if (regset->core_note_type &&
|
|
||||||
+ if (regset->core_note_type && regset->get &&
|
|
||||||
(!regset->active || regset->active(t->task, regset))) {
|
|
||||||
int ret;
|
|
||||||
size_t size = regset->n * regset->size;
|
|
||||||
diff --git a/include/linux/regset.h b/include/linux/regset.h
|
|
||||||
index 8abee65..5150fd1 100644
|
|
||||||
--- a/include/linux/regset.h
|
|
||||||
+++ b/include/linux/regset.h
|
|
||||||
@@ -335,6 +335,9 @@ static inline int copy_regset_to_user(struct task_struct *target,
|
|
||||||
{
|
|
||||||
const struct user_regset *regset = &view->regsets[setno];
|
|
||||||
|
|
||||||
+ if (!regset->get)
|
|
||||||
+ return -EOPNOTSUPP;
|
|
||||||
+
|
|
||||||
if (!access_ok(VERIFY_WRITE, data, size))
|
|
||||||
return -EIO;
|
|
||||||
|
|
||||||
@@ -358,6 +361,9 @@ static inline int copy_regset_from_user(struct task_struct *target,
|
|
||||||
{
|
|
||||||
const struct user_regset *regset = &view->regsets[setno];
|
|
||||||
|
|
||||||
+ if (!regset->set)
|
|
||||||
+ return -EOPNOTSUPP;
|
|
||||||
+
|
|
||||||
if (!access_ok(VERIFY_READ, data, size))
|
|
||||||
return -EIO;
|
|
||||||
|
|
||||||
--
|
|
||||||
1.7.7.6
|
|
||||||
|
|
@ -1,46 +0,0 @@
|
|||||||
From 5189fa19a4b2b4c3bec37c3a019d446148827717 Mon Sep 17 00:00:00 2001
|
|
||||||
From: "H. Peter Anvin" <hpa@zytor.com>
|
|
||||||
Date: Fri, 2 Mar 2012 10:43:49 -0800
|
|
||||||
Subject: [PATCH 2/2] regset: Return -EFAULT, not -EIO, on host-side memory
|
|
||||||
fault
|
|
||||||
|
|
||||||
There is only one error code to return for a bad user-space buffer
|
|
||||||
pointer passed to a system call in the same address space as the
|
|
||||||
system call is executed, and that is EFAULT. Furthermore, the
|
|
||||||
low-level access routines, which catch most of the faults, return
|
|
||||||
EFAULT already.
|
|
||||||
|
|
||||||
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
|
|
||||||
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
|
|
||||||
Acked-by: Roland McGrath <roland@hack.frob.com>
|
|
||||||
Cc: <stable@vger.kernel.org>
|
|
||||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
||||||
---
|
|
||||||
include/linux/regset.h | 4 ++--
|
|
||||||
1 files changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/include/linux/regset.h b/include/linux/regset.h
|
|
||||||
index 5150fd1..686f373 100644
|
|
||||||
--- a/include/linux/regset.h
|
|
||||||
+++ b/include/linux/regset.h
|
|
||||||
@@ -339,7 +339,7 @@ static inline int copy_regset_to_user(struct task_struct *target,
|
|
||||||
return -EOPNOTSUPP;
|
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, data, size))
|
|
||||||
- return -EIO;
|
|
||||||
+ return -EFAULT;
|
|
||||||
|
|
||||||
return regset->get(target, regset, offset, size, NULL, data);
|
|
||||||
}
|
|
||||||
@@ -365,7 +365,7 @@ static inline int copy_regset_from_user(struct task_struct *target,
|
|
||||||
return -EOPNOTSUPP;
|
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, data, size))
|
|
||||||
- return -EIO;
|
|
||||||
+ return -EFAULT;
|
|
||||||
|
|
||||||
return regset->set(target, regset, offset, size, NULL, data);
|
|
||||||
}
|
|
||||||
--
|
|
||||||
1.7.7.6
|
|
||||||
|
|
@ -1,15 +0,0 @@
|
|||||||
@@ -, +, @@
|
|
||||||
arch/s390/Kconfig | 3 +++
|
|
||||||
1 files changed, 3 insertions(+), 0 deletions(-)
|
|
||||||
--- a/arch/s390/Kconfig
|
|
||||||
+++ a/arch/s390/Kconfig
|
|
||||||
@@ -227,6 +227,9 @@ config COMPAT
|
|
||||||
config SYSVIPC_COMPAT
|
|
||||||
def_bool y if COMPAT && SYSVIPC
|
|
||||||
|
|
||||||
+config KEYS_COMPAT
|
|
||||||
+ def_bool y if COMPAT && KEYS
|
|
||||||
+
|
|
||||||
config AUDIT_ARCH
|
|
||||||
def_bool y
|
|
||||||
|
|
2
sources
2
sources
@ -1,3 +1,3 @@
|
|||||||
364066fa18767ec0ae5f4e4abcf9dc51 linux-3.2.tar.xz
|
364066fa18767ec0ae5f4e4abcf9dc51 linux-3.2.tar.xz
|
||||||
8cfe037a7a7a356278ec3638e25ad506 compat-wireless-3.3-rc1-2.tar.bz2
|
8cfe037a7a7a356278ec3638e25ad506 compat-wireless-3.3-rc1-2.tar.bz2
|
||||||
3916159a999ee49cd6bd002556c629ad patch-3.2.9.xz
|
7481fa09f2efda915ed19a9da33a2e59 patch-3.2.10.xz
|
||||||
|
Loading…
Reference in New Issue
Block a user