Linux 2.6.38-rc5-git5

This commit is contained in:
Chuck Ebbert 2011-02-19 10:06:55 -05:00
parent 1edc59625c
commit 3d2b80aa7e
4 changed files with 5 additions and 87 deletions

View File

@ -1,42 +0,0 @@
bridge: Fix mglist corruption that leads to memory corruption
The list mp->mglist is used to indicate whether a multicast group
is active on the bridge interface itself as opposed to one of the
constituent interfaces in the bridge.
Unfortunately the operation that adds the mp->mglist node to the
list neglected to check whether it has already been added. This
leads to list corruption in the form of nodes pointing to itself.
Normally this would be quite obvious as it would cause an infinite
loop when walking the list. However, as this list is never actually
walked (which means that we don't really need it, I'll get rid of
it in a subsequent patch), this instead is hidden until we perform
a delete operation on the affected nodes.
As the same node may now be pointed to by more than one node, the
delete operations can then cause modification of freed memory.
This was observed in practice to cause corruption in 512-byte slabs,
most commonly leading to crashes in jbd2.
Thanks to Josef Bacik for pointing me in the right direction.
Reported-by: Ian Page Hands <ihands@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index f701a21..802d3f8 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -719,7 +719,8 @@ static int br_multicast_add_group(struct net_bridge *br,
goto err;
if (!port) {
- hlist_add_head(&mp->mglist, &br->mglist);
+ if (hlist_unhashed(&mp->mglist))
+ hlist_add_head(&mp->mglist, &br->mglist);
mod_timer(&mp->timer, now + br->multicast_membership_interval);
goto out;
}

View File

@ -84,7 +84,7 @@ Summary: The Linux kernel
# The rc snapshot level
%define rcrev 5
# The git snapshot level
%define gitrev 1
%define gitrev 5
# Set rpm version accordingly
%define rpmversion 2.6.%{upstream_sublevel}
%endif
@ -733,14 +733,9 @@ Patch12421: fs-call-security_d_instantiate-in-d_obtain_alias.patch
Patch12438: ath5k-fix-fast-channel-change.patch
Patch12440: bridge-fix-mglist-corruption-that-leads-to-memory-corruption.patch
# rhbz#676860
Patch12441: usb-sierra-add-airprime-direct-ip.patch
# rhbz#672265
Patch12442: revert-block-check-bdev-readonly.patch
%endif
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@ -1356,14 +1351,9 @@ ApplyPatch fs-call-security_d_instantiate-in-d_obtain_alias.patch
# rhbz#672778
ApplyPatch ath5k-fix-fast-channel-change.patch
ApplyPatch bridge-fix-mglist-corruption-that-leads-to-memory-corruption.patch
# rhbz#676860
ApplyPatch usb-sierra-add-airprime-direct-ip.patch
# rhbz#672265
ApplyPatch revert-block-check-bdev-readonly.patch
# END OF PATCH APPLICATIONS
%endif
@ -1967,6 +1957,9 @@ fi
# and build.
%changelog
* Sat Feb 19 2011 Chuck Ebbert <cebbert@redhat.com> 2.6.38-0.rc5.git5.1
- Linux 2.6.38-rc5-git5
* Wed Feb 16 2011 Chuck Ebbert <cebbert@redhat.com> 2.6.38-0.rc5.git1.1
- Linux 2.6.38-rc5-git1
- Add support for Airprime/Sierra USB IP modem (#676860)

View File

@ -1,33 +0,0 @@
This reverts commit 75f1dc0d076d1c1168f2115f1941ea627d38bd5a. The revert
could not be done automatically because changes after that commit
altered the code too much.
Signed-off-by: Chuck Ebbert <cebbert@redhat.com>
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -1215,12 +1215,6 @@ int blkdev_get(struct block_device *bdev
res = __blkdev_get(bdev, mode, 0);
- /* __blkdev_get() may alter read only status, check it afterwards */
- if (!res && (mode & FMODE_WRITE) && bdev_read_only(bdev)) {
- __blkdev_put(bdev, mode, 0);
- res = -EACCES;
- }
-
if (whole) {
/* finish claiming */
mutex_lock(&bdev->bd_mutex);
@@ -1298,6 +1292,11 @@ struct block_device *blkdev_get_by_path(
if (err)
return ERR_PTR(err);
+ if ((mode & FMODE_WRITE) && bdev_read_only(bdev)) {
+ blkdev_put(bdev, mode);
+ return ERR_PTR(-EACCES);
+ }
+
return bdev;
}
EXPORT_SYMBOL(blkdev_get_by_path);

View File

@ -1,3 +1,3 @@
c8ee37b4fdccdb651e0603d35350b434 linux-2.6.37.tar.bz2
1047f39477ddccf8219443bb2982c87f patch-2.6.38-rc5.bz2
e3169a111c4528759a82c5000f73ed96 patch-2.6.38-rc5-git1.bz2
2a9b4be83199c4b90269b2fe81f55619 patch-2.6.38-rc5-git5.bz2