rpms/kernel/F-10 linux-2.6-ocfs2-handle-len-0.patch, NONE, 1.1.2.1 linux-2.6-slub-fix-destroy-by-rcu.patch, NONE, 1.1.2.1 kernel.spec, 1.1206.2.87, 1.1206.2.88

Sun Sep 6 04:59:31 UTC 2009

Author: cebbert

Update of /cvs/pkgs/rpms/kernel/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29162

Modified Files:
      Tag: private-fedora-10-2_6_27
	kernel.spec 
Added Files:
      Tag: private-fedora-10-2_6_27
	linux-2.6-ocfs2-handle-len-0.patch 
	linux-2.6-slub-fix-destroy-by-rcu.patch 
Log Message:
Add patches requested for the next stable release:
   linux-2.6-slub-fix-destroy-by-rcu.patch (fixes bug in 2.6.27.29)
   linux-2.6-ocfs2-handle-len-0.patch (fixes bug in 2.6.27.32-rc1)

linux-2.6-ocfs2-handle-len-0.patch:
 aops.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- NEW FILE linux-2.6-ocfs2-handle-len-0.patch ---
From: Sunil Mushran <sunil.mushran at oracle.com>
Date: Fri, 4 Sep 2009 18:12:01 +0000 (-0700)
Subject: ocfs2: ocfs2_write_begin_nolock() should handle len=0
X-Git-Tag: v2.6.31-rc9~20^2
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=8379e7c46cc48f51197dd663fc6676f47f2a1e71

ocfs2: ocfs2_write_begin_nolock() should handle len=0

Bug introduced by mainline commit e7432675f8ca868a4af365759a8d4c3779a3d922
The bug causes ocfs2_write_begin_nolock() to oops when len=0.

Signed-off-by: Sunil Mushran <sunil.mushran at oracle.com>
Cc: stable at kernel.org
Signed-off-by: Joel Becker <joel.becker at oracle.com>
---

diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c
index b401654..8a1e615 100644
--- a/fs/ocfs2/aops.c
+++ b/fs/ocfs2/aops.c
@@ -1747,8 +1747,8 @@ int ocfs2_write_begin_nolock(struct address_space *mapping,
 	 * we know zeros will only be needed in the first and/or last cluster.
 	 */
 	if (clusters_to_alloc || extents_to_split ||
-	    wc->w_desc[0].c_needs_zero ||
-	    wc->w_desc[wc->w_clen - 1].c_needs_zero)
+	    (wc->w_clen && (wc->w_desc[0].c_needs_zero ||
+			    wc->w_desc[wc->w_clen - 1].c_needs_zero)))
 		cluster_of_pages = 1;
 	else
 		cluster_of_pages = 0;

linux-2.6-slub-fix-destroy-by-rcu.patch:
 slub.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- NEW FILE linux-2.6-slub-fix-destroy-by-rcu.patch ---
From: Eric Dumazet <eric.dumazet at gmail.com>
Date: Thu, 3 Sep 2009 19:38:59 +0000 (+0300)
Subject: slub: Fix kmem_cache_destroy() with SLAB_DESTROY_BY_RCU
X-Git-Tag: v2.6.31-rc9~13^2
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=d76b1590e06a63a3d8697168cd0aabf1c4b3cb3a

slub: Fix kmem_cache_destroy() with SLAB_DESTROY_BY_RCU

kmem_cache_destroy() should call rcu_barrier() *after* kmem_cache_close() and
*before* sysfs_slab_remove() or risk rcu_free_slab() being called after
kmem_cache is deleted (kfreed).

rmmod nf_conntrack can crash the machine because it has to kmem_cache_destroy()
a SLAB_DESTROY_BY_RCU enabled cache.

Cc: <stable at kernel.org>
Reported-by: Zdenek Kabelac <zdenek.kabelac at gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet at gmail.com>
Acked-by: Paul E. McKenney <paulmck at linux.vnet.ibm.com>
Signed-off-by: Pekka Enberg <penberg at cs.helsinki.fi>
---

diff --git a/mm/slub.c b/mm/slub.c
index b9f1491..b627675 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -2594,8 +2594,6 @@ static inline int kmem_cache_close(struct kmem_cache *s)
  */
 void kmem_cache_destroy(struct kmem_cache *s)
 {
-	if (s->flags & SLAB_DESTROY_BY_RCU)
-		rcu_barrier();
 	down_write(&slub_lock);
 	s->refcount--;
 	if (!s->refcount) {
@@ -2606,6 +2604,8 @@ void kmem_cache_destroy(struct kmem_cache *s)
 				"still has objects.\n", s->name, __func__);
 			dump_stack();
 		}
+		if (s->flags & SLAB_DESTROY_BY_RCU)
+			rcu_barrier();
 		sysfs_slab_remove(s);
 	} else
 		up_write(&slub_lock);


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-10/kernel.spec,v
retrieving revision 1.1206.2.87
retrieving revision 1.1206.2.88
diff -u -p -r1.1206.2.87 -r1.1206.2.88
--- kernel.spec	5 Sep 2009 02:53:39 -0000	1.1206.2.87
+++ kernel.spec	6 Sep 2009 04:59:29 -0000	1.1206.2.88
@@ -782,6 +782,10 @@ Patch13000: make-mmap_min_addr-suck-less
 Patch14000: linux-2.6-nfsd-report-short-writes-fix.patch
 Patch14001: linux-2.6-nfsd-report-short-writes.patch
 
+# patches requested for the next -stable release
+Patch14010: linux-2.6-slub-fix-destroy-by-rcu.patch
+Patch14011: linux-2.6-ocfs2-handle-len-0.patch
+
 %endif
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1413,6 +1417,10 @@ ApplyPatch make-mmap_min_addr-suck-less.
 ApplyPatch linux-2.6-nfsd-report-short-writes.patch
 ApplyPatch linux-2.6-nfsd-report-short-writes-fix.patch
 
+# patches requested for the next -stable release
+ApplyPatch linux-2.6-slub-fix-destroy-by-rcu.patch
+ApplyPatch linux-2.6-ocfs2-handle-len-0.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -1988,6 +1996,11 @@ fi
 %kernel_variant_files -k vmlinux %{with_kdump} kdump
 
 %changelog
+* Sun Sep 06 2009  Chuck Ebbert <cebbert at redhat.com>  2.6.27.32-170.2.88.rc1
+- Add patches requested for the next stable release:
+   linux-2.6-slub-fix-destroy-by-rcu.patch (fixes bug in 2.6.27.29)
+   linux-2.6-ocfs2-handle-len-0.patch (fixes bug in 2.6.27.32-rc1)
+
 * Fri Sep 04 2009  Chuck Ebbert <cebbert at redhat.com>  2.6.27.32-170.2.87.rc1
 - Copy fix for NFS short write reporting from F-10 2.6.29 kernel (#493500)
 


