Linux 2.6.38.6 (no functional changes from 2.6.38.6-26.rc1)
This commit is contained in:
parent
ac4b917a22
commit
49be14f7fd
|
@ -1,39 +0,0 @@
|
|||
From b3be9dcd312f13563b68d0432830ef94dd3b33de Mon Sep 17 00:00:00 2001
|
||||
From: Oliver Hartkopp <socketcan@hartkopp.net>
|
||||
Date: Wed, 20 Apr 2011 01:57:15 +0000
|
||||
Subject: [PATCH] can: add missing socket check in can/raw release
|
||||
|
||||
v2: added space after 'if' according code style.
|
||||
|
||||
We can get here with a NULL socket argument passed from userspace,
|
||||
so we need to handle it accordingly.
|
||||
|
||||
Thanks to Dave Jones pointing at this issue in net/can/bcm.c
|
||||
|
||||
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/can/raw.c | 7 ++++++-
|
||||
1 files changed, 6 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/net/can/raw.c b/net/can/raw.c
|
||||
index 883e9d7..241b2b6 100644
|
||||
--- a/net/can/raw.c
|
||||
+++ b/net/can/raw.c
|
||||
@@ -305,7 +305,12 @@ static int raw_init(struct sock *sk)
|
||||
static int raw_release(struct socket *sock)
|
||||
{
|
||||
struct sock *sk = sock->sk;
|
||||
- struct raw_sock *ro = raw_sk(sk);
|
||||
+ struct raw_sock *ro;
|
||||
+
|
||||
+ if (!sk)
|
||||
+ return 0;
|
||||
+
|
||||
+ ro = raw_sk(sk);
|
||||
|
||||
unregister_netdevice_notifier(&ro->notifier);
|
||||
|
||||
--
|
||||
1.7.5.1
|
||||
|
22
kernel.spec
22
kernel.spec
|
@ -51,7 +51,7 @@ Summary: The Linux kernel
|
|||
# For non-released -rc kernels, this will be prepended with "0.", so
|
||||
# for example a 3 here will become 0.3
|
||||
#
|
||||
%global baserelease 26
|
||||
%global baserelease 27
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
|
@ -65,7 +65,7 @@ Summary: The Linux kernel
|
|||
# Do we have a -stable update to apply?
|
||||
%define stable_update 6
|
||||
# Is it a -stable RC?
|
||||
%define stable_rc 1
|
||||
%define stable_rc 0
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev .%{stable_update}
|
||||
|
@ -741,12 +741,6 @@ Patch12403: x86-dumpstack-correct-stack-dump-info-when-frame-pointer-is-availabl
|
|||
# Fix breakage of PCI network adapter names on older Dell systems
|
||||
Patch12404: x86-pci-preserve-existing-pci-bfsort-whitelist-for-dell-systems.patch
|
||||
|
||||
Patch12410: scsi-fix-oops-in-scsi_run_queue.patch
|
||||
|
||||
Patch12420: can-add-missing-socket-check-in-can_raw_release.patch
|
||||
|
||||
Patch12430: vm-skip-the-stack-guard-page-lookup-in-get_user_pages-only-for-mlock.patch
|
||||
|
||||
%endif
|
||||
|
||||
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
|
||||
|
@ -1381,11 +1375,6 @@ ApplyPatch linux-2.6-netconsole-deadlock.patch
|
|||
# CVE-2011-1581
|
||||
ApplyPatch bonding-incorrect-tx-queue-offset.patch
|
||||
|
||||
# 2.6.38.6-rc1 fixes requested for final
|
||||
ApplyPatch can-add-missing-socket-check-in-can_raw_release.patch
|
||||
ApplyPatch scsi-fix-oops-in-scsi_run_queue.patch
|
||||
ApplyPatch vm-skip-the-stack-guard-page-lookup-in-get_user_pages-only-for-mlock.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
|
@ -1994,6 +1983,13 @@ fi
|
|||
# and build.
|
||||
|
||||
%changelog
|
||||
* Tue May 10 2011 Chuck Ebbert <cebbert@redhat.com>
|
||||
- Linux 2.6.38.6 (no functional changes from 2.6.38.6-26.rc1)
|
||||
- Drop merged patches:
|
||||
can-add-missing-socket-check-in-can_raw_release.patch
|
||||
scsi-fix-oops-in-scsi_run_queue.patch
|
||||
vm-skip-the-stack-guard-page-lookup-in-get_user_pages-only-for-mlock.patch
|
||||
|
||||
* Mon May 09 2011 Chuck Ebbert <cebbert@redhat.com> 2.6.38.6-26.rc1
|
||||
- Fix a VM bug introduced in 2.6.38.4
|
||||
|
||||
|
|
|
@ -1,49 +0,0 @@
|
|||
From 02bac892354cafaf84ca8fe657c34145bd1d1f1a Mon Sep 17 00:00:00 2001
|
||||
From: James Bottomley <James.Bottomley@suse.de>
|
||||
Date: Sun, 1 May 2011 09:42:07 -0500
|
||||
Subject: [PATCH] [SCSI] fix oops in scsi_run_queue()
|
||||
|
||||
The recent commit closing the race window in device teardown:
|
||||
|
||||
commit 86cbfb5607d4b81b1a993ff689bbd2addd5d3a9b
|
||||
Author: James Bottomley <James.Bottomley@suse.de>
|
||||
Date: Fri Apr 22 10:39:59 2011 -0500
|
||||
|
||||
[SCSI] put stricter guards on queue dead checks
|
||||
|
||||
is causing a potential NULL deref in scsi_run_queue() because the
|
||||
q->queuedata may already be NULL by the time this function is called.
|
||||
Since we shouldn't be running a queue that is being torn down, simply
|
||||
add a NULL check in scsi_run_queue() to forestall this.
|
||||
|
||||
Tested-by: Jim Schutt <jaschut@sandia.gov>
|
||||
Cc: stable@kernel.org
|
||||
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
|
||||
---
|
||||
drivers/scsi/scsi_lib.c | 7 ++++++-
|
||||
1 files changed, 6 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
|
||||
index fb2bb35..415fdf2 100644
|
||||
--- a/drivers/scsi/scsi_lib.c
|
||||
+++ b/drivers/scsi/scsi_lib.c
|
||||
@@ -400,10 +400,15 @@ static inline int scsi_host_is_busy(struct Scsi_Host *shost)
|
||||
static void scsi_run_queue(struct request_queue *q)
|
||||
{
|
||||
struct scsi_device *sdev = q->queuedata;
|
||||
- struct Scsi_Host *shost = sdev->host;
|
||||
+ struct Scsi_Host *shost;
|
||||
LIST_HEAD(starved_list);
|
||||
unsigned long flags;
|
||||
|
||||
+ /* if the device is dead, sdev will be NULL, so no queue to run */
|
||||
+ if (!sdev)
|
||||
+ return;
|
||||
+
|
||||
+ shost = sdev->host;
|
||||
if (scsi_target(sdev)->single_lun)
|
||||
scsi_single_lun_run(sdev);
|
||||
|
||||
--
|
||||
1.7.5.1
|
||||
|
3
sources
3
sources
|
@ -1,3 +1,2 @@
|
|||
7d471477bfa67546f902da62227fa976 linux-2.6.38.tar.bz2
|
||||
c8f233d1d31030eb019ab391071e65c2 patch-2.6.38.5.bz2
|
||||
786f63ba166fbcf811dae759d04d00a3 patch-2.6.38.6-rc1.bz2
|
||||
527fab8162c682ad849eb21fc30d28ef patch-2.6.38.6.bz2
|
||||
|
|
|
@ -1,78 +0,0 @@
|
|||
From: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
Date: Thu, 5 May 2011 04:30:28 +0000 (-0700)
|
||||
Subject: VM: skip the stack guard page lookup in get_user_pages only for mlock
|
||||
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=a1fde08c74e90accd62d4cfdbf580d2ede938fe7
|
||||
|
||||
VM: skip the stack guard page lookup in get_user_pages only for mlock
|
||||
|
||||
The logic in __get_user_pages() used to skip the stack guard page lookup
|
||||
whenever the caller wasn't interested in seeing what the actual page
|
||||
was. But Michel Lespinasse points out that there are cases where we
|
||||
don't care about the physical page itself (so 'pages' may be NULL), but
|
||||
do want to make sure a page is mapped into the virtual address space.
|
||||
|
||||
So using the existence of the "pages" array as an indication of whether
|
||||
to look up the guard page or not isn't actually so great, and we really
|
||||
should just use the FOLL_MLOCK bit. But because that bit was only set
|
||||
for the VM_LOCKED case (and not all vma's necessarily have it, even for
|
||||
mlock()), we couldn't do that originally.
|
||||
|
||||
Fix that by moving the VM_LOCKED check deeper into the call-chain, which
|
||||
actually simplifies many things. Now mlock() gets simpler, and we can
|
||||
also check for FOLL_MLOCK in __get_user_pages() and the code ends up
|
||||
much more straightforward.
|
||||
|
||||
Reported-and-reviewed-by: Michel Lespinasse <walken@google.com>
|
||||
Cc: stable@kernel.org
|
||||
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||||
---
|
||||
|
||||
diff --git a/mm/memory.c b/mm/memory.c
|
||||
index 607098d4..27f4253 100644
|
||||
--- a/mm/memory.c
|
||||
+++ b/mm/memory.c
|
||||
@@ -1359,7 +1359,7 @@ split_fallthrough:
|
||||
*/
|
||||
mark_page_accessed(page);
|
||||
}
|
||||
- if (flags & FOLL_MLOCK) {
|
||||
+ if ((flags & FOLL_MLOCK) && (vma->vm_flags & VM_LOCKED)) {
|
||||
/*
|
||||
* The preliminary mapping check is mainly to avoid the
|
||||
* pointless overhead of lock_page on the ZERO_PAGE
|
||||
@@ -1552,10 +1552,9 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
|
||||
}
|
||||
|
||||
/*
|
||||
- * If we don't actually want the page itself,
|
||||
- * and it's the stack guard page, just skip it.
|
||||
+ * For mlock, just skip the stack guard page.
|
||||
*/
|
||||
- if (!pages && stack_guard_page(vma, start))
|
||||
+ if ((gup_flags & FOLL_MLOCK) && stack_guard_page(vma, start))
|
||||
goto next_page;
|
||||
|
||||
do {
|
||||
diff --git a/mm/mlock.c b/mm/mlock.c
|
||||
index 6b55e3e..516b2c2 100644
|
||||
--- a/mm/mlock.c
|
||||
+++ b/mm/mlock.c
|
||||
@@ -162,7 +162,7 @@ static long __mlock_vma_pages_range(struct vm_area_struct *vma,
|
||||
VM_BUG_ON(end > vma->vm_end);
|
||||
VM_BUG_ON(!rwsem_is_locked(&mm->mmap_sem));
|
||||
|
||||
- gup_flags = FOLL_TOUCH;
|
||||
+ gup_flags = FOLL_TOUCH | FOLL_MLOCK;
|
||||
/*
|
||||
* We want to touch writable mappings with a write fault in order
|
||||
* to break COW, except for shared mappings because these don't COW
|
||||
@@ -178,9 +178,6 @@ static long __mlock_vma_pages_range(struct vm_area_struct *vma,
|
||||
if (vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC))
|
||||
gup_flags |= FOLL_FORCE;
|
||||
|
||||
- if (vma->vm_flags & VM_LOCKED)
|
||||
- gup_flags |= FOLL_MLOCK;
|
||||
-
|
||||
return __get_user_pages(current, mm, addr, nr_pages, gup_flags,
|
||||
NULL, NULL, nonblocking);
|
||||
}
|
Loading…
Reference in New Issue