diff options
author | Greg Kroah-Hartman <gregkh@suse.de> | 2011-11-08 11:54:04 -0800 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2011-11-08 11:54:04 -0800 |
commit | 1795a9a2d9a05bd6e9864e2be890d900d4c3bef3 (patch) | |
tree | 4710804008d449c9b33119ed5d638847e925ba39 | |
parent | 8f95ff0683f87f2dfa6ba2c8fbd34596cd23968a (diff) | |
download | longterm-queue-2.6.32-1795a9a2d9a05bd6e9864e2be890d900d4c3bef3.tar.gz |
32 patches
added patches:
make-scsi_free_queue-kill-pending-scsi-commands.patch
nfs-sunrpc-don-t-use-a-credential-with-extra-groups.patch
st-fix-race-in-st_scsi_execute_end.patch
4 files changed, 165 insertions, 0 deletions
diff --git a/queue-2.6.32/make-scsi_free_queue-kill-pending-scsi-commands.patch b/queue-2.6.32/make-scsi_free_queue-kill-pending-scsi-commands.patch new file mode 100644 index 0000000..46abf94 --- /dev/null +++ b/queue-2.6.32/make-scsi_free_queue-kill-pending-scsi-commands.patch @@ -0,0 +1,68 @@ +From 3308511c93e6ad0d3c58984ecd6e5e57f96b12c8 Mon Sep 17 00:00:00 2001 +From: Bart Van Assche <bvanassche@acm.org> +Date: Fri, 23 Sep 2011 19:48:18 +0200 +Subject: [SCSI] Make scsi_free_queue() kill pending SCSI commands + +From: Bart Van Assche <bvanassche@acm.org> + +commit 3308511c93e6ad0d3c58984ecd6e5e57f96b12c8 upstream. + +Make sure that SCSI device removal via scsi_remove_host() does finish +all pending SCSI commands. Currently that's not the case and hence +removal of a SCSI host during I/O can cause a deadlock. See also +"blkdev_issue_discard() hangs forever if underlying storage device is +removed" (http://bugzilla.kernel.org/show_bug.cgi?id=40472). See also +http://lkml.org/lkml/2011/8/27/6. + +Signed-off-by: Bart Van Assche <bvanassche@acm.org> +Signed-off-by: James Bottomley <JBottomley@Parallels.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + drivers/scsi/hosts.c | 9 ++++++--- + drivers/scsi/scsi_lib.c | 9 +++++++++ + 2 files changed, 15 insertions(+), 3 deletions(-) + +--- a/drivers/scsi/hosts.c ++++ b/drivers/scsi/hosts.c +@@ -275,6 +275,7 @@ static void scsi_host_dev_release(struct + { + struct Scsi_Host *shost = dev_to_shost(dev); + struct device *parent = dev->parent; ++ struct request_queue *q; + + scsi_proc_hostdir_rm(shost->hostt); + +@@ -282,9 +283,11 @@ static void scsi_host_dev_release(struct + kthread_stop(shost->ehandler); + if (shost->work_q) + destroy_workqueue(shost->work_q); +- if (shost->uspace_req_q) { +- kfree(shost->uspace_req_q->queuedata); +- scsi_free_queue(shost->uspace_req_q); ++ q = shost->uspace_req_q; ++ if (q) { ++ kfree(q->queuedata); ++ q->queuedata = NULL; ++ scsi_free_queue(q); + } + + scsi_destroy_command_freelist(shost); +--- a/drivers/scsi/scsi_lib.c ++++ b/drivers/scsi/scsi_lib.c +@@ -1672,6 +1672,15 @@ struct request_queue *scsi_alloc_queue(s + + void scsi_free_queue(struct request_queue *q) + { ++ unsigned long flags; ++ ++ WARN_ON(q->queuedata); ++ ++ /* cause scsi_request_fn() to kill all non-finished requests */ ++ spin_lock_irqsave(q->queue_lock, flags); ++ q->request_fn(q); ++ spin_unlock_irqrestore(q->queue_lock, flags); ++ + blk_cleanup_queue(q); + } + diff --git a/queue-2.6.32/nfs-sunrpc-don-t-use-a-credential-with-extra-groups.patch b/queue-2.6.32/nfs-sunrpc-don-t-use-a-credential-with-extra-groups.patch new file mode 100644 index 0000000..fffadd6 --- /dev/null +++ b/queue-2.6.32/nfs-sunrpc-don-t-use-a-credential-with-extra-groups.patch @@ -0,0 +1,43 @@ +From dc6f55e9f8dac4b6479be67c5c9128ad37bb491f Mon Sep 17 00:00:00 2001 +From: NeilBrown <neilb@suse.de> +Date: Tue, 25 Oct 2011 10:25:49 +1100 +Subject: NFS/sunrpc: don't use a credential with extra groups. + +From: NeilBrown <neilb@suse.de> + +commit dc6f55e9f8dac4b6479be67c5c9128ad37bb491f upstream. + +The sunrpc layer keeps a cache of recently used credentials and +'unx_match' is used to find the credential which matches the current +process. + +However unx_match allows a match when the cached credential has extra +groups at the end of uc_gids list which are not in the process group list. + +So if a process with a list of (say) 4 group accesses a file and gains +access because of the last group in the list, then another process +with the same uid and gid, and a gid list being the first tree of the +gids of the original process tries to access the file, it will be +granted access even though it shouldn't as the wrong rpc credential +will be used. + +Signed-off-by: NeilBrown <neilb@suse.de> +Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + net/sunrpc/auth_unix.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/net/sunrpc/auth_unix.c ++++ b/net/sunrpc/auth_unix.c +@@ -129,6 +129,9 @@ unx_match(struct auth_cred *acred, struc + for (i = 0; i < groups ; i++) + if (cred->uc_gids[i] != GROUP_AT(acred->group_info, i)) + return 0; ++ if (groups < NFS_NGROUPS && ++ cred->uc_gids[groups] != NOGROUP) ++ return 0; + return 1; + } + diff --git a/queue-2.6.32/series b/queue-2.6.32/series index e69de29..2e04f8d 100644 --- a/queue-2.6.32/series +++ b/queue-2.6.32/series @@ -0,0 +1,3 @@ +st-fix-race-in-st_scsi_execute_end.patch +make-scsi_free_queue-kill-pending-scsi-commands.patch +nfs-sunrpc-don-t-use-a-credential-with-extra-groups.patch diff --git a/queue-2.6.32/st-fix-race-in-st_scsi_execute_end.patch b/queue-2.6.32/st-fix-race-in-st_scsi_execute_end.patch new file mode 100644 index 0000000..10e7deb --- /dev/null +++ b/queue-2.6.32/st-fix-race-in-st_scsi_execute_end.patch @@ -0,0 +1,51 @@ +From c68bf8eeaa57c852e74adcf597237be149eef830 Mon Sep 17 00:00:00 2001 +From: Petr Uzel <petr.uzel@suse.cz> +Date: Fri, 21 Oct 2011 13:31:09 +0200 +Subject: [SCSI] st: fix race in st_scsi_execute_end +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Petr Uzel <petr.uzel@suse.cz> + +commit c68bf8eeaa57c852e74adcf597237be149eef830 upstream. + +The call to complete() in st_scsi_execute_end() wakes up sleeping thread +in write_behind_check(), which frees the st_request, thus invalidating +the pointer to the associated bio structure, which is then passed to the +blk_rq_unmap_user(). Fix by storing pointer to bio structure into +temporary local variable. + +This bug is present since at least linux-2.6.32. + +Signed-off-by: Petr Uzel <petr.uzel@suse.cz> +Reported-by: Juergen Groß <juergen.gross@ts.fujitsu.com> +Reviewed-by: Jan Kara <jack@suse.cz> +Acked-by: Kai Mäkisara <kai.makisara@kolumbus.fi> +Signed-off-by: James Bottomley <JBottomley@Parallels.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + drivers/scsi/st.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/st.c ++++ b/drivers/scsi/st.c +@@ -461,14 +461,16 @@ static void st_scsi_execute_end(struct r + { + struct st_request *SRpnt = req->end_io_data; + struct scsi_tape *STp = SRpnt->stp; ++ struct bio *tmp; + + STp->buffer->cmdstat.midlevel_result = SRpnt->result = req->errors; + STp->buffer->cmdstat.residual = req->resid_len; + ++ tmp = SRpnt->bio; + if (SRpnt->waiting) + complete(SRpnt->waiting); + +- blk_rq_unmap_user(SRpnt->bio); ++ blk_rq_unmap_user(tmp); + __blk_put_request(req->q, req); + } + |