clean up patches merged in -stable
This commit is contained in:
parent
05f615c82e
commit
4141bfc9b1
|
@ -3,4 +3,3 @@ patch-*.bz2
|
|||
clog
|
||||
*.rpm
|
||||
kernel-2.6.*/
|
||||
/patch-2.6.35.6.bz2
|
||||
|
|
|
@ -1,47 +0,0 @@
|
|||
From 75e1c70fc31490ef8a373ea2a4bea2524099b478 Mon Sep 17 00:00:00 2001
|
||||
From: Jeff Moyer <jmoyer@redhat.com>
|
||||
Date: Fri, 10 Sep 2010 14:16:00 -0700
|
||||
Subject: [PATCH] aio: check for multiplication overflow in do_io_submit
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=utf8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Tavis Ormandy pointed out that do_io_submit does not do proper bounds
|
||||
checking on the passed-in iocb array:
|
||||
|
||||
    if (unlikely(nr < 0))
|
||||
        return -EINVAL;
|
||||
|
||||
    if (unlikely(!access_ok(VERIFY_READ, iocbpp, (nr*sizeof(iocbpp)))))
|
||||
        return -EFAULT;            ^^^^^^^^^^^^^^^^^^
|
||||
|
||||
The attached patch checks for overflow, and if it is detected, the
|
||||
number of iocbs submitted is scaled down to a number that will fit in
|
||||
the long. Â This is an ok thing to do, as sys_io_submit is documented as
|
||||
returning the number of iocbs submitted, so callers should handle a
|
||||
return value of less than the 'nr' argument passed in.
|
||||
|
||||
Reported-by: Tavis Ormandy <taviso@cmpxchg8b.com>
|
||||
Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
---
|
||||
fs/aio.c | 3 +++
|
||||
1 files changed, 3 insertions(+), 0 deletions(-)
|
||||
|
||||
diff --git a/fs/aio.c b/fs/aio.c
|
||||
index 3006b5b..1320b2a 100644
|
||||
--- a/fs/aio.c
|
||||
+++ b/fs/aio.c
|
||||
@@ -1659,6 +1659,9 @@ long do_io_submit(aio_context_t ctx_id, long nr,
|
||||
if (unlikely(nr < 0))
|
||||
return -EINVAL;
|
||||
|
||||
+ if (unlikely(nr > LONG_MAX/sizeof(*iocbpp)))
|
||||
+ nr = LONG_MAX/sizeof(*iocbpp);
|
||||
+
|
||||
if (unlikely(!access_ok(VERIFY_READ, iocbpp, (nr*sizeof(*iocbpp)))))
|
||||
return -EFAULT;
|
||||
|
||||
--
|
||||
1.7.2.3
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
From: Islam Amer <pharon@gmail.com>
|
||||
Date: Thu, 24 Jun 2010 17:39:47 +0000 (-0400)
|
||||
Subject: dell-wmi: Add support for eject key on Dell Studio 1555
|
||||
X-Git-Tag: v2.6.36-rc1~579^2~64
|
||||
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=d5164dbf1f651d1e955b158fb70a9c844cc91cd1
|
||||
|
||||
dell-wmi: Add support for eject key on Dell Studio 1555
|
||||
|
||||
Fixes pressing the eject key on Dell Studio 1555 does not work and produces
|
||||
message :
|
||||
|
||||
dell-wmi: Unknown key 0 pressed
|
||||
|
||||
Signed-off-by: Islam Amer <pharon@gmail.com>
|
||||
---
|
||||
|
||||
diff --git a/drivers/platform/x86/dell-wmi.c b/drivers/platform/x86/dell-wmi.c
|
||||
index 66f53c3..12a8e6f 100644
|
||||
--- a/drivers/platform/x86/dell-wmi.c
|
||||
+++ b/drivers/platform/x86/dell-wmi.c
|
||||
@@ -221,7 +221,7 @@ static void dell_wmi_notify(u32 value, void *context)
|
||||
return;
|
||||
}
|
||||
|
||||
- if (dell_new_hk_type)
|
||||
+ if (dell_new_hk_type || buffer_entry[1] == 0x0)
|
||||
reported_key = (int)buffer_entry[2];
|
||||
else
|
||||
reported_key = (int)buffer_entry[1] & 0xffff;
|
|
@ -1,98 +0,0 @@
|
|||
From 2779f26ab085071a8a55d3cf31f31a7d3c3bfcd1 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel J Blueman <daniel.blueman@gmail.com>
|
||||
Date: Tue, 17 Aug 2010 23:56:55 +0100
|
||||
Subject: Fix unprotected access to task credentials in waitid()
|
||||
|
||||
Using a program like the following:
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
|
||||
int main() {
|
||||
id_t id;
|
||||
siginfo_t infop;
|
||||
pid_t res;
|
||||
|
||||
id = fork();
|
||||
if (id == 0) { sleep(1); exit(0); }
|
||||
kill(id, SIGSTOP);
|
||||
alarm(1);
|
||||
waitid(P_PID, id, &infop, WCONTINUED);
|
||||
return 0;
|
||||
}
|
||||
|
||||
to call waitid() on a stopped process results in access to the child task's
|
||||
credentials without the RCU read lock being held - which may be replaced in the
|
||||
meantime - eliciting the following warning:
|
||||
|
||||
===================================================
|
||||
[ INFO: suspicious rcu_dereference_check() usage. ]
|
||||
---------------------------------------------------
|
||||
kernel/exit.c:1460 invoked rcu_dereference_check() without protection!
|
||||
|
||||
other info that might help us debug this:
|
||||
|
||||
rcu_scheduler_active = 1, debug_locks = 1
|
||||
2 locks held by waitid02/22252:
|
||||
#0: (tasklist_lock){.?.?..}, at: [<ffffffff81061ce5>] do_wait+0xc5/0x310
|
||||
#1: (&(&sighand->siglock)->rlock){-.-...}, at: [<ffffffff810611da>]
|
||||
wait_consider_task+0x19a/0xbe0
|
||||
|
||||
stack backtrace:
|
||||
Pid: 22252, comm: waitid02 Not tainted 2.6.35-323cd+ #3
|
||||
Call Trace:
|
||||
[<ffffffff81095da4>] lockdep_rcu_dereference+0xa4/0xc0
|
||||
[<ffffffff81061b31>] wait_consider_task+0xaf1/0xbe0
|
||||
[<ffffffff81061d15>] do_wait+0xf5/0x310
|
||||
[<ffffffff810620b6>] sys_waitid+0x86/0x1f0
|
||||
[<ffffffff8105fce0>] ? child_wait_callback+0x0/0x70
|
||||
[<ffffffff81003282>] system_call_fastpath+0x16/0x1b
|
||||
|
||||
This is fixed by holding the RCU read lock in wait_task_continued() to ensure
|
||||
that the task's current credentials aren't destroyed between us reading the
|
||||
cred pointer and us reading the UID from those credentials.
|
||||
|
||||
Furthermore, protect wait_task_stopped() in the same way.
|
||||
|
||||
We don't need to keep holding the RCU read lock once we've read the UID from
|
||||
the credentials as holding the RCU read lock doesn't stop the target task from
|
||||
changing its creds under us - so the credentials may be outdated immediately
|
||||
after we've read the pointer, lock or no lock.
|
||||
|
||||
Signed-off-by: Daniel J Blueman <daniel.blueman@gmail.com>
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
|
||||
Acked-by: Oleg Nesterov <oleg@redhat.com>
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
---
|
||||
kernel/exit.c | 5 ++---
|
||||
1 files changed, 2 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/kernel/exit.c b/kernel/exit.c
|
||||
index ceffc67..ac90425 100644
|
||||
--- a/kernel/exit.c
|
||||
+++ b/kernel/exit.c
|
||||
@@ -1383,8 +1383,7 @@ static int wait_task_stopped(struct wait_opts *wo,
|
||||
if (!unlikely(wo->wo_flags & WNOWAIT))
|
||||
*p_code = 0;
|
||||
|
||||
- /* don't need the RCU readlock here as we're holding a spinlock */
|
||||
- uid = __task_cred(p)->uid;
|
||||
+ uid = task_uid(p);
|
||||
unlock_sig:
|
||||
spin_unlock_irq(&p->sighand->siglock);
|
||||
if (!exit_code)
|
||||
@@ -1457,7 +1456,7 @@ static int wait_task_continued(struct wait_opts *wo, struct task_struct *p)
|
||||
}
|
||||
if (!unlikely(wo->wo_flags & WNOWAIT))
|
||||
p->signal->flags &= ~SIGNAL_STOP_CONTINUED;
|
||||
- uid = __task_cred(p)->uid;
|
||||
+ uid = task_uid(p);
|
||||
spin_unlock_irq(&p->sighand->siglock);
|
||||
|
||||
pid = task_pid_vnr(p);
|
||||
--
|
||||
1.7.3
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
From: David S. Miller <davem@davemloft.net>
|
||||
Date: Tue, 31 Aug 2010 01:35:24 +0000 (-0700)
|
||||
Subject: irda: Correctly clean up self->ias_obj on irda_bind() failure.
|
||||
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet-2.6.git;a=commitdiff_plain;h=628e300cccaa628d8fb92aa28cb7530a3d5f2257
|
||||
|
||||
irda: Correctly clean up self->ias_obj on irda_bind() failure.
|
||||
|
||||
If irda_open_tsap() fails, the irda_bind() code tries to destroy
|
||||
the ->ias_obj object by hand, but does so wrongly.
|
||||
|
||||
In particular, it fails to a) release the hashbin attached to the
|
||||
object and b) reset the self->ias_obj pointer to NULL.
|
||||
|
||||
Fix both problems by using irias_delete_object() and explicitly
|
||||
setting self->ias_obj to NULL, just as irda_release() does.
|
||||
|
||||
Reported-by: Tavis Ormandy <taviso@cmpxchg8b.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
|
||||
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
|
||||
index 79986a6..fd55b51 100644
|
||||
--- a/net/irda/af_irda.c
|
||||
+++ b/net/irda/af_irda.c
|
||||
@@ -824,8 +824,8 @@ static int irda_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
|
||||
|
||||
err = irda_open_tsap(self, addr->sir_lsap_sel, addr->sir_name);
|
||||
if (err < 0) {
|
||||
- kfree(self->ias_obj->name);
|
||||
- kfree(self->ias_obj);
|
||||
+ irias_delete_object(self->ias_obj);
|
||||
+ self->ias_obj = NULL;
|
||||
goto out;
|
||||
}
|
||||
|
28
kernel.spec
28
kernel.spec
|
@ -611,8 +611,6 @@ Patch150: linux-2.6.29-sparc-IOC_TYPECHECK.patch
|
|||
Patch160: linux-2.6-32bit-mmap-exec-randomization.patch
|
||||
Patch161: linux-2.6-i386-nx-emulation.patch
|
||||
|
||||
Patch180: aio-check-for-multiplication-overflow-in-do_io_submit.patch
|
||||
|
||||
Patch200: linux-2.6-debug-sizeof-structs.patch
|
||||
Patch201: linux-2.6-debug-nmi-timeout.patch
|
||||
Patch202: linux-2.6-debug-taint-vm.patch
|
||||
|
@ -654,7 +652,6 @@ Patch800: linux-2.6-crash-driver.patch
|
|||
|
||||
# virt + ksm patches
|
||||
Patch1555: fix_xen_guest_on_old_EC2.patch
|
||||
Patch1556: linux-2.6.35.4-virtio_console-fix-poll.patch
|
||||
|
||||
# DRM
|
||||
Patch1801: drm-revert-drm-fbdev-rework-output-polling-to-be-back-in-core.patch
|
||||
|
@ -724,10 +721,6 @@ Patch12080: kprobes-x86-fix-kprobes-to-skip-prefixes-correctly.patch
|
|||
# rhbz #622149
|
||||
Patch12085: fix-rcu_deref_check-warning.patch
|
||||
Patch12086: linux-2.6-cgroups-rcu.patch
|
||||
Patch12087: fix-unprotected-access-to-task-credentials-in-whatid.patch
|
||||
|
||||
# rhbz #513530
|
||||
Patch12090: dell-wmi-add-support-for-eject-key-studio-1555.patch
|
||||
|
||||
Patch12517: flexcop-fix-xlate_proc_name-warning.patch
|
||||
|
||||
|
@ -736,13 +729,6 @@ Patch12520: execve-improve-interactivity-with-large-arguments.patch
|
|||
Patch12521: execve-make-responsive-to-sigkill-with-large-arguments.patch
|
||||
Patch12522: setup_arg_pages-diagnose-excessive-argument-size.patch
|
||||
|
||||
# CVE-2010-2954
|
||||
Patch12540: irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch
|
||||
# CVE-2010-2960
|
||||
Patch12550: keys-fix-bug-in-keyctl_session_to_parent-if-parent-has-no-session-keyring.patch
|
||||
Patch12551: keys-fix-rcu-no-lock-warning-in-keyctl_session_to_parent.patch
|
||||
|
||||
Patch12560: sched-00-fix-user-time-incorrectly-accounted-as-system-time-on-32-bit.patch
|
||||
Patch12565: sched-05-avoid-side-effect-of-tickless-idle-on-update_cpu_load.patch
|
||||
Patch12570: sched-10-change-nohz-idle-load-balancing-logic-to-push-model.patch
|
||||
Patch12575: sched-15-update-rq-clock-for-nohz-balanced-cpus.patch
|
||||
|
@ -1208,8 +1194,6 @@ ApplyPatch linux-2.6-32bit-mmap-exec-randomization.patch
|
|||
# bugfixes to drivers and filesystems
|
||||
#
|
||||
|
||||
#ApplyPatch aio-check-for-multiplication-overflow-in-do_io_submit.patch
|
||||
|
||||
# ext4
|
||||
|
||||
# xfs
|
||||
|
@ -1300,7 +1284,6 @@ ApplyPatch linux-2.6-crash-driver.patch
|
|||
|
||||
# Assorted Virt Fixes
|
||||
ApplyPatch fix_xen_guest_on_old_EC2.patch
|
||||
#ApplyPatch linux-2.6.35.4-virtio_console-fix-poll.patch
|
||||
|
||||
#ApplyPatch drm-revert-drm-fbdev-rework-output-polling-to-be-back-in-core.patch
|
||||
#ApplyPatch revert-drm-kms-toggle-poll-around-switcheroo.patch
|
||||
|
@ -1367,10 +1350,6 @@ ApplyPatch kprobes-x86-fix-kprobes-to-skip-prefixes-correctly.patch
|
|||
# bz 622149
|
||||
ApplyPatch fix-rcu_deref_check-warning.patch
|
||||
ApplyPatch linux-2.6-cgroups-rcu.patch
|
||||
#ApplyPatch fix-unprotected-access-to-task-credentials-in-whatid.patch
|
||||
|
||||
# bz 513530
|
||||
#ApplyPatch dell-wmi-add-support-for-eject-key-studio-1555.patch
|
||||
|
||||
# bz #575873
|
||||
ApplyPatch flexcop-fix-xlate_proc_name-warning.patch
|
||||
|
@ -1380,14 +1359,7 @@ ApplyPatch execve-improve-interactivity-with-large-arguments.patch
|
|||
ApplyPatch execve-make-responsive-to-sigkill-with-large-arguments.patch
|
||||
ApplyPatch setup_arg_pages-diagnose-excessive-argument-size.patch
|
||||
|
||||
# CVE-2010-2954
|
||||
#ApplyPatch irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch
|
||||
# CVE-2010-2960
|
||||
#ApplyPatch keys-fix-bug-in-keyctl_session_to_parent-if-parent-has-no-session-keyring.patch
|
||||
#ApplyPatch keys-fix-rcu-no-lock-warning-in-keyctl_session_to_parent.patch
|
||||
|
||||
# Scheduler fixes (#635813 and #633037)
|
||||
#ApplyPatch sched-00-fix-user-time-incorrectly-accounted-as-system-time-on-32-bit.patch
|
||||
ApplyPatch sched-05-avoid-side-effect-of-tickless-idle-on-update_cpu_load.patch
|
||||
ApplyPatch sched-10-change-nohz-idle-load-balancing-logic-to-push-model.patch
|
||||
ApplyPatch sched-15-update-rq-clock-for-nohz-balanced-cpus.patch
|
||||
|
|
|
@ -1,50 +0,0 @@
|
|||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Fri, 10 Sep 2010 08:59:51 +0000 (+0100)
|
||||
Subject: KEYS: Fix bug in keyctl_session_to_parent() if parent has no session keyring
|
||||
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=3d96406c7da1ed5811ea52a3b0905f4f0e295376
|
||||
|
||||
KEYS: Fix bug in keyctl_session_to_parent() if parent has no session keyring
|
||||
|
||||
Fix a bug in keyctl_session_to_parent() whereby it tries to check the ownership
|
||||
of the parent process's session keyring whether or not the parent has a session
|
||||
keyring [CVE-2010-2960].
|
||||
|
||||
This results in the following oops:
|
||||
|
||||
BUG: unable to handle kernel NULL pointer dereference at 00000000000000a0
|
||||
IP: [<ffffffff811ae4dd>] keyctl_session_to_parent+0x251/0x443
|
||||
...
|
||||
Call Trace:
|
||||
[<ffffffff811ae2f3>] ? keyctl_session_to_parent+0x67/0x443
|
||||
[<ffffffff8109d286>] ? __do_fault+0x24b/0x3d0
|
||||
[<ffffffff811af98c>] sys_keyctl+0xb4/0xb8
|
||||
[<ffffffff81001eab>] system_call_fastpath+0x16/0x1b
|
||||
|
||||
if the parent process has no session keyring.
|
||||
|
||||
If the system is using pam_keyinit then it mostly protected against this as all
|
||||
processes derived from a login will have inherited the session keyring created
|
||||
by pam_keyinit during the log in procedure.
|
||||
|
||||
To test this, pam_keyinit calls need to be commented out in /etc/pam.d/.
|
||||
|
||||
Reported-by: Tavis Ormandy <taviso@cmpxchg8b.com>
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
Acked-by: Tavis Ormandy <taviso@cmpxchg8b.com>
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
---
|
||||
|
||||
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
|
||||
index 3868c67..60924f6 100644
|
||||
--- a/security/keys/keyctl.c
|
||||
+++ b/security/keys/keyctl.c
|
||||
@@ -1305,7 +1305,8 @@ long keyctl_session_to_parent(void)
|
||||
goto not_permitted;
|
||||
|
||||
/* the keyrings must have the same UID */
|
||||
- if (pcred->tgcred->session_keyring->uid != mycred->euid ||
|
||||
+ if ((pcred->tgcred->session_keyring &&
|
||||
+ pcred->tgcred->session_keyring->uid != mycred->euid) ||
|
||||
mycred->tgcred->session_keyring->uid != mycred->euid)
|
||||
goto not_permitted;
|
||||
|
|
@ -1,64 +0,0 @@
|
|||
From: David Howells <dhowells@redhat.com>
|
||||
Date: Fri, 10 Sep 2010 08:59:46 +0000 (+0100)
|
||||
Subject: KEYS: Fix RCU no-lock warning in keyctl_session_to_parent()
|
||||
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=9d1ac65a9698513d00e5608d93fca0c53f536c14
|
||||
|
||||
KEYS: Fix RCU no-lock warning in keyctl_session_to_parent()
|
||||
|
||||
There's an protected access to the parent process's credentials in the middle
|
||||
of keyctl_session_to_parent(). This results in the following RCU warning:
|
||||
|
||||
===================================================
|
||||
[ INFO: suspicious rcu_dereference_check() usage. ]
|
||||
---------------------------------------------------
|
||||
security/keys/keyctl.c:1291 invoked rcu_dereference_check() without protection!
|
||||
|
||||
other info that might help us debug this:
|
||||
|
||||
rcu_scheduler_active = 1, debug_locks = 0
|
||||
1 lock held by keyctl-session-/2137:
|
||||
#0: (tasklist_lock){.+.+..}, at: [<ffffffff811ae2ec>] keyctl_session_to_parent+0x60/0x236
|
||||
|
||||
stack backtrace:
|
||||
Pid: 2137, comm: keyctl-session- Not tainted 2.6.36-rc2-cachefs+ #1
|
||||
Call Trace:
|
||||
[<ffffffff8105606a>] lockdep_rcu_dereference+0xaa/0xb3
|
||||
[<ffffffff811ae379>] keyctl_session_to_parent+0xed/0x236
|
||||
[<ffffffff811af77e>] sys_keyctl+0xb4/0xb6
|
||||
[<ffffffff81001eab>] system_call_fastpath+0x16/0x1b
|
||||
|
||||
The code should take the RCU read lock to make sure the parents credentials
|
||||
don't go away, even though it's holding a spinlock and has IRQ disabled.
|
||||
|
||||
Signed-off-by: David Howells <dhowells@redhat.com>
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
---
|
||||
|
||||
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
|
||||
index b2b0998..3868c67 100644
|
||||
--- a/security/keys/keyctl.c
|
||||
+++ b/security/keys/keyctl.c
|
||||
@@ -1272,6 +1272,7 @@ long keyctl_session_to_parent(void)
|
||||
keyring_r = NULL;
|
||||
|
||||
me = current;
|
||||
+ rcu_read_lock();
|
||||
write_lock_irq(&tasklist_lock);
|
||||
|
||||
parent = me->real_parent;
|
||||
@@ -1319,6 +1320,7 @@ long keyctl_session_to_parent(void)
|
||||
set_ti_thread_flag(task_thread_info(parent), TIF_NOTIFY_RESUME);
|
||||
|
||||
write_unlock_irq(&tasklist_lock);
|
||||
+ rcu_read_unlock();
|
||||
if (oldcred)
|
||||
put_cred(oldcred);
|
||||
return 0;
|
||||
@@ -1327,6 +1329,7 @@ already_same:
|
||||
ret = 0;
|
||||
not_permitted:
|
||||
write_unlock_irq(&tasklist_lock);
|
||||
+ rcu_read_unlock();
|
||||
put_cred(cred);
|
||||
return ret;
|
||||
|
|
@ -1,29 +0,0 @@
|
|||
Subject: virtio_console: Fix poll blocking even though there is data to read
|
||||
From: Hans de Goede <hdegoede@redhat.com>
|
||||
|
||||
I found this while working on a Linux agent for spice, the symptom I was
|
||||
seeing was select blocking on the spice vdagent virtio serial port even
|
||||
though there were messages queued up there.
|
||||
|
||||
virtio_console's port_fops_poll checks port->inbuf != NULL to determine if
|
||||
read won't block. However if an application reads enough bytes from inbuf
|
||||
through port_fops_read, to empty the current port->inbuf, port->inbuf
|
||||
will be NULL even though there may be buffers left in the virtqueue.
|
||||
|
||||
This causes poll() to block even though there is data to be read, this patch
|
||||
fixes this by using the alredy defined will_read_block utility function
|
||||
instead of the port->inbuf != NULL check.
|
||||
|
||||
Signed-off-By: Hans de Goede <hdegoede@redhat.com>
|
||||
diff -up linux-2.6.35.x86_64/drivers/char/virtio_console.c~ linux-2.6.35.x86_64/drivers/char/virtio_console.c
|
||||
--- linux-2.6.35.x86_64/drivers/char/virtio_console.c~ 2010-08-02 00:11:14.000000000 +0200
|
||||
+++ linux-2.6.35.x86_64/drivers/char/virtio_console.c 2010-09-15 13:39:29.043505000 +0200
|
||||
@@ -642,7 +642,7 @@ static unsigned int port_fops_poll(struc
|
||||
poll_wait(filp, &port->waitqueue, wait);
|
||||
|
||||
ret = 0;
|
||||
- if (port->inbuf)
|
||||
+ if (!will_read_block(port))
|
||||
ret |= POLLIN | POLLRDNORM;
|
||||
if (!will_write_block(port))
|
||||
ret |= POLLOUT;
|
|
@ -1,55 +0,0 @@
|
|||
From: Stanislaw Gruszka <sgruszka@redhat.com>
|
||||
Date: Tue, 14 Sep 2010 14:35:14 +0000 (+0200)
|
||||
Subject: sched: Fix user time incorrectly accounted as system time on 32-bit
|
||||
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fx86%2Flinux-2.6-tip.git;a=commitdiff_plain;h=e75e863dd5c7d96b91ebbd241da5328fc38a78cc
|
||||
|
||||
sched: Fix user time incorrectly accounted as system time on 32-bit
|
||||
|
||||
We have 32-bit variable overflow possibility when multiply in
|
||||
task_times() and thread_group_times() functions. When the
|
||||
overflow happens then the scaled utime value becomes erroneously
|
||||
small and the scaled stime becomes i erroneously big.
|
||||
|
||||
Reported here:
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=633037
|
||||
https://bugzilla.kernel.org/show_bug.cgi?id=16559
|
||||
|
||||
Reported-by: Michael Chapman <redhat-bugzilla@very.puzzling.org>
|
||||
Reported-by: Ciriaco Garcia de Celis <sysman@etherpilot.com>
|
||||
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
|
||||
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
|
||||
Cc: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
|
||||
Cc: <stable@kernel.org> # 2.6.32.19+ (partially) and 2.6.33+
|
||||
LKML-Reference: <20100914143513.GB8415@redhat.com>
|
||||
Signed-off-by: Ingo Molnar <mingo@elte.hu>
|
||||
---
|
||||
|
||||
diff --git a/kernel/sched.c b/kernel/sched.c
|
||||
index ed09d4f..dc85ceb 100644
|
||||
--- a/kernel/sched.c
|
||||
+++ b/kernel/sched.c
|
||||
@@ -3513,9 +3513,9 @@ void task_times(struct task_struct *p, cputime_t *ut, cputime_t *st)
|
||||
rtime = nsecs_to_cputime(p->se.sum_exec_runtime);
|
||||
|
||||
if (total) {
|
||||
- u64 temp;
|
||||
+ u64 temp = rtime;
|
||||
|
||||
- temp = (u64)(rtime * utime);
|
||||
+ temp *= utime;
|
||||
do_div(temp, total);
|
||||
utime = (cputime_t)temp;
|
||||
} else
|
||||
@@ -3546,9 +3546,9 @@ void thread_group_times(struct task_struct *p, cputime_t *ut, cputime_t *st)
|
||||
rtime = nsecs_to_cputime(cputime.sum_exec_runtime);
|
||||
|
||||
if (total) {
|
||||
- u64 temp;
|
||||
+ u64 temp = rtime;
|
||||
|
||||
- temp = (u64)(rtime * cputime.utime);
|
||||
+ temp *= cputime.utime;
|
||||
do_div(temp, total);
|
||||
utime = (cputime_t)temp;
|
||||
} else
|
Loading…
Reference in New Issue