32 patches

added patches:
	make-scsi_free_queue-kill-pending-scsi-commands.patch
	nfs-sunrpc-don-t-use-a-credential-with-extra-groups.patch
	st-fix-race-in-st_scsi_execute_end.patch

4 files changed, 165 insertions, 0 deletions

diff --git a/queue-2.6.32/make-scsi_free_queue-kill-pending-scsi-commands.patch b/queue-2.6.32/make-scsi_free_queue-kill-pending-scsi-commands.patch
new file mode 100644
index 0000000..46abf94
--- /dev/null
+++ b/queue-2.6.32/make-scsi_free_queue-kill-pending-scsi-commands.patch
@@ -0,0 +1,68 @@
+From 3308511c93e6ad0d3c58984ecd6e5e57f96b12c8 Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Fri, 23 Sep 2011 19:48:18 +0200
+Subject: [SCSI] Make scsi_free_queue() kill pending SCSI commands
+
+From: Bart Van Assche <bvanassche@acm.org>
+
+commit 3308511c93e6ad0d3c58984ecd6e5e57f96b12c8 upstream.
+
+Make sure that SCSI device removal via scsi_remove_host() does finish
+all pending SCSI commands. Currently that's not the case and hence
+removal of a SCSI host during I/O can cause a deadlock. See also
+"blkdev_issue_discard() hangs forever if underlying storage device is
+removed" (http://bugzilla.kernel.org/show_bug.cgi?id=40472). See also
+http://lkml.org/lkml/2011/8/27/6.
+
+Signed-off-by: Bart Van Assche <bvanassche@acm.org>
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/scsi/hosts.c    |    9 ++++++---
+ drivers/scsi/scsi_lib.c |    9 +++++++++
+ 2 files changed, 15 insertions(+), 3 deletions(-)
+
+--- a/drivers/scsi/hosts.c
++++ b/drivers/scsi/hosts.c
+@@ -275,6 +275,7 @@ static void scsi_host_dev_release(struct
+ {
+ 	struct Scsi_Host *shost = dev_to_shost(dev);
+ 	struct device *parent = dev->parent;
++	struct request_queue *q;
+ 
+ 	scsi_proc_hostdir_rm(shost->hostt);
+ 
+@@ -282,9 +283,11 @@ static void scsi_host_dev_release(struct
+ 		kthread_stop(shost->ehandler);
+ 	if (shost->work_q)
+ 		destroy_workqueue(shost->work_q);
+-	if (shost->uspace_req_q) {
+-		kfree(shost->uspace_req_q->queuedata);
+-		scsi_free_queue(shost->uspace_req_q);
++	q = shost->uspace_req_q;
++	if (q) {
++		kfree(q->queuedata);
++		q->queuedata = NULL;
++		scsi_free_queue(q);
+ 	}
+ 
+ 	scsi_destroy_command_freelist(shost);
+--- a/drivers/scsi/scsi_lib.c
++++ b/drivers/scsi/scsi_lib.c
+@@ -1672,6 +1672,15 @@ struct request_queue *scsi_alloc_queue(s
+ 
+ void scsi_free_queue(struct request_queue *q)
+ {
++	unsigned long flags;
++
++	WARN_ON(q->queuedata);
++
++	/* cause scsi_request_fn() to kill all non-finished requests */
++	spin_lock_irqsave(q->queue_lock, flags);
++	q->request_fn(q);
++	spin_unlock_irqrestore(q->queue_lock, flags);
++
+ 	blk_cleanup_queue(q);
+ }
+ 
diff --git a/queue-2.6.32/nfs-sunrpc-don-t-use-a-credential-with-extra-groups.patch b/queue-2.6.32/nfs-sunrpc-don-t-use-a-credential-with-extra-groups.patch
new file mode 100644
index 0000000..fffadd6
--- /dev/null
+++ b/queue-2.6.32/nfs-sunrpc-don-t-use-a-credential-with-extra-groups.patch
@@ -0,0 +1,43 @@
+From dc6f55e9f8dac4b6479be67c5c9128ad37bb491f Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Tue, 25 Oct 2011 10:25:49 +1100
+Subject: NFS/sunrpc: don't use a credential with extra groups.
+
+From: NeilBrown <neilb@suse.de>
+
+commit dc6f55e9f8dac4b6479be67c5c9128ad37bb491f upstream.
+
+The sunrpc layer keeps a cache of recently used credentials and
+'unx_match' is used to find the credential which matches the current
+process.
+
+However unx_match allows a match when the cached credential has extra
+groups at the end of uc_gids list which are not in the process group list.
+
+So if a process with a list of (say) 4 group accesses a file and gains
+access because of the last group in the list, then another process
+with the same uid and gid, and a gid list being the first tree of the
+gids of the original process tries to access the file, it will be
+granted access even though it shouldn't as the wrong rpc credential
+will be used.
+
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ net/sunrpc/auth_unix.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/net/sunrpc/auth_unix.c
++++ b/net/sunrpc/auth_unix.c
+@@ -129,6 +129,9 @@ unx_match(struct auth_cred *acred, struc
+ 	for (i = 0; i < groups ; i++)
+ 		if (cred->uc_gids[i] != GROUP_AT(acred->group_info, i))
+ 			return 0;
++	if (groups < NFS_NGROUPS &&
++	    cred->uc_gids[groups] != NOGROUP)
++		return 0;
+ 	return 1;
+ }
+ 
diff --git a/queue-2.6.32/series b/queue-2.6.32/series
index e69de29..2e04f8d 100644
--- a/queue-2.6.32/series
+++ b/queue-2.6.32/series
@@ -0,0 +1,3 @@
+st-fix-race-in-st_scsi_execute_end.patch
+make-scsi_free_queue-kill-pending-scsi-commands.patch
+nfs-sunrpc-don-t-use-a-credential-with-extra-groups.patch
diff --git a/queue-2.6.32/st-fix-race-in-st_scsi_execute_end.patch b/queue-2.6.32/st-fix-race-in-st_scsi_execute_end.patch
new file mode 100644
index 0000000..10e7deb
--- /dev/null
+++ b/queue-2.6.32/st-fix-race-in-st_scsi_execute_end.patch
@@ -0,0 +1,51 @@
+From c68bf8eeaa57c852e74adcf597237be149eef830 Mon Sep 17 00:00:00 2001
+From: Petr Uzel <petr.uzel@suse.cz>
+Date: Fri, 21 Oct 2011 13:31:09 +0200
+Subject: [SCSI] st: fix race in st_scsi_execute_end
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Petr Uzel <petr.uzel@suse.cz>
+
+commit c68bf8eeaa57c852e74adcf597237be149eef830 upstream.
+
+The call to complete() in st_scsi_execute_end() wakes up sleeping thread
+in write_behind_check(), which frees the st_request, thus invalidating
+the pointer to the associated bio structure, which is then passed to the
+blk_rq_unmap_user(). Fix by storing pointer to bio structure into
+temporary local variable.
+
+This bug is present since at least linux-2.6.32.
+
+Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
+Reported-by: Juergen Groß <juergen.gross@ts.fujitsu.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Acked-by: Kai Mäkisara <kai.makisara@kolumbus.fi>
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/scsi/st.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/scsi/st.c
++++ b/drivers/scsi/st.c
+@@ -461,14 +461,16 @@ static void st_scsi_execute_end(struct r
+ {
+ 	struct st_request *SRpnt = req->end_io_data;
+ 	struct scsi_tape *STp = SRpnt->stp;
++	struct bio *tmp;
+ 
+ 	STp->buffer->cmdstat.midlevel_result = SRpnt->result = req->errors;
+ 	STp->buffer->cmdstat.residual = req->resid_len;
+ 
++	tmp = SRpnt->bio;
+ 	if (SRpnt->waiting)
+ 		complete(SRpnt->waiting);
+ 
+-	blk_rq_unmap_user(SRpnt->bio);
++	blk_rq_unmap_user(tmp);
+ 	__blk_put_request(req->q, req);
+ }
+