rpms/kernel/F-11 linux-2.6-slub-fix-destroy-by-rcu.patch, NONE, 1.1 kernel.spec, 1.1730, 1.1731

Chuck Ebbert cebbert at fedoraproject.org
Wed Sep 9 04:54:11 UTC 2009 

Author: cebbert

Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17130

Modified Files:
	kernel.spec 
Added Files:
	linux-2.6-slub-fix-destroy-by-rcu.patch 
Log Message:
Add linux-2.6-slub-fix-destroy-by-rcu.patch (fixes bug in 2.6.30.4)

linux-2.6-slub-fix-destroy-by-rcu.patch:
 slub.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- NEW FILE linux-2.6-slub-fix-destroy-by-rcu.patch ---
From: Eric Dumazet <eric.dumazet at gmail.com>
Date: Thu, 3 Sep 2009 19:38:59 +0000 (+0300)
Subject: slub: Fix kmem_cache_destroy() with SLAB_DESTROY_BY_RCU
X-Git-Tag: v2.6.31-rc9~13^2
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=d76b1590e06a63a3d8697168cd0aabf1c4b3cb3a

slub: Fix kmem_cache_destroy() with SLAB_DESTROY_BY_RCU

kmem_cache_destroy() should call rcu_barrier() *after* kmem_cache_close() and
*before* sysfs_slab_remove() or risk rcu_free_slab() being called after
kmem_cache is deleted (kfreed).

rmmod nf_conntrack can crash the machine because it has to kmem_cache_destroy()
a SLAB_DESTROY_BY_RCU enabled cache.

Cc: <stable at kernel.org>
Reported-by: Zdenek Kabelac <zdenek.kabelac at gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet at gmail.com>
Acked-by: Paul E. McKenney <paulmck at linux.vnet.ibm.com>
Signed-off-by: Pekka Enberg <penberg at cs.helsinki.fi>
---

diff --git a/mm/slub.c b/mm/slub.c
index b9f1491..b627675 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -2594,8 +2594,6 @@ static inline int kmem_cache_close(struct kmem_cache *s)
  */
 void kmem_cache_destroy(struct kmem_cache *s)
 {
-	if (s->flags & SLAB_DESTROY_BY_RCU)
-		rcu_barrier();
 	down_write(&slub_lock);
 	s->refcount--;
 	if (!s->refcount) {
@@ -2606,6 +2604,8 @@ void kmem_cache_destroy(struct kmem_cache *s)
 				"still has objects.\n", s->name, __func__);
 			dump_stack();
 		}
+		if (s->flags & SLAB_DESTROY_BY_RCU)
+			rcu_barrier();
 		sysfs_slab_remove(s);
 	} else
 		up_write(&slub_lock);


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1730
retrieving revision 1.1731
diff -u -p -r1.1730 -r1.1731
--- kernel.spec	9 Sep 2009 04:43:29 -0000	1.1730
+++ kernel.spec	9 Sep 2009 04:54:10 -0000	1.1731
@@ -731,6 +731,9 @@ Patch14000: make-mmap_min_addr-suck-less
 Patch14050: hda-check-strcpy-length.patch
 Patch14060: linux-2.6-v4l-dvb-af9015-fix-stack-corruption.patch
 
+# fix bug introduced in 2.6.30.4
+Patch14070: linux-2.6-slub-fix-destroy-by-rcu.patch
+
 # fix stack protector problems with xen on x86_64
 Patch14080: linux-2.6-x86-load-percpu-segment-no-stackprotector.patch
 Patch14090: linux-2.6-xen-rearrange-to-fix-stackprotector.patch
@@ -1365,6 +1368,9 @@ ApplyPatch linux-2.6-v4l-dvb-af9015-fix-
 ApplyPatch linux-2.6-x86-load-percpu-segment-no-stackprotector.patch
 ApplyPatch linux-2.6-xen-rearrange-to-fix-stackprotector.patch
 
+# fix 2.6.30.4 bug
+ApplyPatch linux-2.6-slub-fix-destroy-by-rcu.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -1953,6 +1959,9 @@ fi
 # and build.
 
 %changelog
+* Wed Sep 09 2009  Chuck Ebbert <cebbert at redhat.com>  2.6.30.6-52
+- Add linux-2.6-slub-fix-destroy-by-rcu.patch (fixes bug in 2.6.30.4)
+
 * Wed Sep 09 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.30.6-51
 - 2.6.30.6
 - Drop patches merged in -stable:

More information about the scm-commits mailing list