Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=xfcetesting.git;a=commitdiff;h=52da78dff050e941ed3889fda72cb3f9cea86940

commit 52da78dff050e941ed3889fda72cb3f9cea86940
Author: Miklos Vajna <vmik...@frugalware.org>
Date:   Sun Feb 6 21:10:44 2011 +0100

kernel-2.6.37-2-i686

- pkgrel++
- closes #4401

diff --git a/source/base/kernel/FrugalBuild b/source/base/kernel/FrugalBuild
index f36f71f..2122e1a 100644
--- a/source/base/kernel/FrugalBuild
+++ b/source/base/kernel/FrugalBuild
@@ -5,7 +5,6 @@ USE_DEVEL=${USE_DEVEL:-"n"}

if ! Fuse $USE_DEVEL; then
_F_kernel_patches=(sched-cgroup-use-exit-hook-to-avoid-use-after-free-c.patch \
-               sched-fix-autogroup-reference-leak-and-cpu_cgroup_ex.patch \
libata-set-queue-dma-alignment-to-sector-size-for-atapi-too.patch)
else
# example for a tagged rc release: 2.6.32.rc5
diff --git 
a/source/base/kernel/sched-cgroup-use-exit-hook-to-avoid-use-after-free-c.patch 
b/source/base/kernel/sched-cgroup-use-exit-hook-to-avoid-use-after-free-c.patch
index c8d9302..502df84 100644
--- 
a/source/base/kernel/sched-cgroup-use-exit-hook-to-avoid-use-after-free-c.patch
+++ 
b/source/base/kernel/sched-cgroup-use-exit-hook-to-avoid-use-after-free-c.patch
@@ -1,56 +1,69 @@
-From 497c0f9c12d1582b6492960f67ef28bec6584e0f Mon Sep 17 00:00:00 2001
-From: Peter Zijlstra <a.p.zijls...@chello.nl>
-Date: Fri, 24 Dec 2010 17:43:02 +0100
+From 068c5cc5ac7414a8e9eb7856b4bf3cc4d4744267 Mon Sep 17 00:00:00 2001
+From: Peter Zijlstra <pet...@infradead.org>
+Date: Wed, 19 Jan 2011 12:26:11 +0100
Subject: [PATCH] sched, cgroup: Use exit hook to avoid use-after-free crash

By not notifying the controller of the on-exit move back to
-init_css_set, we fail to move the task out of the previous cgroup's
-cfs_rq. This leads to an opportunity for a cgroup-destroy to come in and
-free the cgroup (there are no active tasks left in it after all) to
-which the not-quite dead task is still enqueued.
+init_css_set, we fail to move the task out of the previous
+cgroup's cfs_rq. This leads to an opportunity for a
+cgroup-destroy to come in and free the cgroup (there are no
+active tasks left in it after all) to which the not-quite dead
+task is still enqueued.

-Cc: sta...@kernel.org
-Reported-and-tested-by: Miklos Vajna <vmik...@frugalware.org>
+Reported-by: Miklos Vajna <vmik...@frugalware.org>
+Fixed-by: Mike Galbraith <efa...@gmx.de>
Signed-off-by: Peter Zijlstra <a.p.zijls...@chello.nl>
+Cc: <sta...@kernel.org>
+Cc: Mike Galbraith <efa...@gmx.de>
+Signed-off-by: Ingo Molnar <mi...@elte.hu>
+LKML-Reference: <1293206353.29444.205.camel@laptop>
---
- kernel/sched.c |   10 ++++++++++
- 1 files changed, 10 insertions(+), 0 deletions(-)
+ kernel/sched.c |   18 ++++++++++++++++++
+ 1 files changed, 18 insertions(+), 0 deletions(-)

diff --git a/kernel/sched.c b/kernel/sched.c
-index dc85ceb..ab869f7 100644
+index 0a169a8..fa5272a 100644
--- a/kernel/sched.c
+++ b/kernel/sched.c
-@@ -614,6 +614,9 @@ static inline struct task_group *task_group(struct 
task_struct *p)
- {
+@@ -606,6 +606,9 @@ static inline struct task_group *task_group(struct 
task_struct *p)
+       struct task_group *tg;
struct cgroup_subsys_state *css;

-+       if (p->flags & PF_EXITING)
-+               return &root_task_group;
++      if (p->flags & PF_EXITING)
++              return &root_task_group;
+
css = task_subsys_state_check(p, cpu_cgroup_subsys_id,
lockdep_is_held(&task_rq(p)->lock));
-       return container_of(css, struct task_group, css);
-@@ -8763,6 +8766,12 @@ cpu_cgroup_attach(struct cgroup_subsys *ss, struct 
cgroup *cgrp,
+       tg = container_of(css, struct task_group, css);
+@@ -8880,6 +8883,20 @@ cpu_cgroup_attach(struct cgroup_subsys *ss, struct 
cgroup *cgrp,
}
}

+static void
+cpu_cgroup_exit(struct cgroup_subsys *ss, struct task_struct *task)
+{
-+       sched_move_task(task);
++      /*
++       * cgroup_exit() is called in the copy_process() failure path.
++       * Ignore this case since the task hasn't ran yet, this avoids
++       * trying to poke a half freed task state from generic code.
++       */
++      if (!(task->flags & PF_EXITING))
++              return;
++
++      sched_move_task(task);
+}
+
#ifdef CONFIG_FAIR_GROUP_SCHED
static int cpu_shares_write_u64(struct cgroup *cgrp, struct cftype *cftype,
u64 shareval)
-@@ -8835,6 +8844,7 @@ struct cgroup_subsys cpu_cgroup_subsys = {
+@@ -8952,6 +8969,7 @@ struct cgroup_subsys cpu_cgroup_subsys = {
.destroy        = cpu_cgroup_destroy,
.can_attach     = cpu_cgroup_can_attach,
.attach         = cpu_cgroup_attach,
-+       .exit           = cpu_cgroup_exit,
++      .exit           = cpu_cgroup_exit,
.populate       = cpu_cgroup_populate,
.subsys_id      = cpu_cgroup_subsys_id,
.early_init     = 1,
--
-1.7.3.4
+1.7.3.2.164.g6f10c.dirty

diff --git 
a/source/base/kernel/sched-fix-autogroup-reference-leak-and-cpu_cgroup_ex.patch 
b/source/base/kernel/sched-fix-autogroup-reference-leak-and-cpu_cgroup_ex.patch
deleted file mode 100644
index 0d31ced..0000000
--- 
a/source/base/kernel/sched-fix-autogroup-reference-leak-and-cpu_cgroup_ex.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From ae63b347ccc6b8b22e667b480412f69b0445a581 Mon Sep 17 00:00:00 2001
-From: Mike Galbraith <efa...@gmx.de>
-Date: Sat, 1 Jan 2011 16:20:58 +0100
-Subject: [PATCH] sched: fix autogroup reference leak and cpu_cgroup_exit() 
explosion
-
-In the event of a fork failure, the new cpu_cgroup_exit() method tries to
-move an unhashed task.  Since PF_EXITING isn't set in that case, autogroup
-will dig aground in a freed signal_struct.  Neither cgroups nor autogroup
-has anything it needs to do with this shade, so don't go there.
-
-This also uncovered a struct autogroup reference leak. copy_process() was
-simply freeing vs putting the signal_struct, stranding a reference.
-
-Signed-off-by: Mike Galbraith <efa...@gmx.de>
----
- kernel/fork.c  |    2 +-
- kernel/sched.c |   10 ++++++++++
- 2 files changed, 11 insertions(+), 1 deletions(-)
-
-diff --git a/kernel/fork.c b/kernel/fork.c
-index c445f8c..f601370 100644
---- a/kernel/fork.c
-+++ b/kernel/fork.c
-@@ -1303,7 +1303,7 @@ bad_fork_cleanup_mm:
-               mmput(p->mm);
- bad_fork_cleanup_signal:
-       if (!(clone_flags & CLONE_THREAD))
--              free_signal_struct(p->signal);
-+              put_signal_struct(p->signal);
- bad_fork_cleanup_sighand:
-       __cleanup_sighand(p->sighand);
- bad_fork_cleanup_fs:
-diff --git a/kernel/sched.c b/kernel/sched.c
-index ab869f7..90a4a2e 100644
---- a/kernel/sched.c
-+++ b/kernel/sched.c
-@@ -8769,6 +8769,16 @@ cpu_cgroup_attach(struct cgroup_subsys *ss, struct 
cgroup *cgrp,
- static void
- cpu_cgroup_exit(struct cgroup_subsys *ss, struct task_struct *task)
- {
-+      /*
-+       * cgroup_exit() is called in the copy_process failure path.
-+       * The task isn't hashed, and we don't want to make autogroup
-+       * dig into a freed signal_struct, so just go away.
-+       *
-+       * XXX: why are cgroup methods diddling unattached tasks?
-+       */
-+      if (!(task->flags & PF_EXITING))
-+              return;
-+
-        sched_move_task(task);
- }
-
---
-1.7.3.4
-
diff --git a/source/include/kernel-version.sh b/source/include/kernel-version.sh
index 6c32827..d45ddc3 100644
--- a/source/include/kernel-version.sh
+++ b/source/include/kernel-version.sh
@@ -16,7 +16,7 @@
# * _F_kernelver_stable: the number of the -stable patch to use (if any)
###
_F_kernelver_ver=2.6.37
-_F_kernelver_rel=1
+_F_kernelver_rel=2
_F_kernelver_stable=

###
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to