From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>, Willy Tarreau <w@1wt.eu>,
Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
Jake Edge <jake@lwn.net>, Eugene Teo <eteo@redhat.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk,
Stefan Richter <stefanr@s5r6.in-berlin.de>,
Nadia Derbey <Nadia.Derbey@bull.net>,
"Paul E. McKenney" <paulmck@us.ibm.com>,
Manfred Spraul <manfred@colorfullife.com>,
Kristian Hgsberg <krh@redhat.com>,
Pekka Enberg <penberg@cs.helsinki.fi>
Subject: [patch 05/46] lib/idr.c: use kmem_cache_zalloc() for the idr_layer cache
Date: Thu, 22 Jan 2009 17:11:35 -0800 [thread overview]
Message-ID: <20090123011135.GF19756@kroah.com> (raw)
In-Reply-To: <20090123011110.GA19756@kroah.com>
[-- Attachment #1: lib-idr.c-use-kmem_cache_zalloc-for-the-idr_layer-cache.patch --]
[-- Type: text/plain, Size: 2552 bytes --]
2.6.28-stable review patch. If anyone has any objections, please let us know.
------------------
From: Andrew Morton <akpm@linux-foundation.org>
commit 5b019e99016f3a692ba45bf68fba73a402d7c01a upstream.
David points out that the idr_remove_all() function returns unused slabs
to the kmem cache, but needs to zero them first or else they will be
uninitialized upon next use. This causes crashes which have been observed
in the firewire subsystem.
He fixed this by zeroing the object before freeing it in idr_remove_all().
But we agree that simply removing the constructor and zeroing the object
at allocation time is simpler than relying upon slab constructor machinery
and might even be faster.
This problem was introduced by "idr: make idr_remove rcu-safe" (commit
cf481c20c476ad2c0febdace9ce23f5a4db19582), which was first released in
2.6.27.
There are no known codesites which trigger this bug in 2.6.27 or 2.6.28.
The post-2.6.28 firewire changes are the only known triggerer.
There might of course be not-yet-discovered triggerers in 2.6.27 and
2.6.28, and there might be out-of-tree triggerers which are added to those
kernel versions. I'll let the -stable guys decide whether they want to
backport this fix.
Reported-by: David Moore <dcm@acm.org>
Cc: Stefan Richter <stefanr@s5r6.in-berlin.de>
Cc: Nadia Derbey <Nadia.Derbey@bull.net>
Cc: Paul E. McKenney <paulmck@us.ibm.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Kristian Hgsberg <krh@redhat.com>
Acked-by: Pekka Enberg <penberg@cs.helsinki.fi>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
lib/idr.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
--- a/lib/idr.c
+++ b/lib/idr.c
@@ -121,7 +121,7 @@ int idr_pre_get(struct idr *idp, gfp_t g
{
while (idp->id_free_cnt < IDR_FREE_MAX) {
struct idr_layer *new;
- new = kmem_cache_alloc(idr_layer_cache, gfp_mask);
+ new = kmem_cache_zalloc(idr_layer_cache, gfp_mask);
if (new == NULL)
return (0);
move_to_free_list(idp, new);
@@ -623,16 +623,10 @@ void *idr_replace(struct idr *idp, void
}
EXPORT_SYMBOL(idr_replace);
-static void idr_cache_ctor(void *idr_layer)
-{
- memset(idr_layer, 0, sizeof(struct idr_layer));
-}
-
void __init idr_init_cache(void)
{
idr_layer_cache = kmem_cache_create("idr_layer_cache",
- sizeof(struct idr_layer), 0, SLAB_PANIC,
- idr_cache_ctor);
+ sizeof(struct idr_layer), 0, SLAB_PANIC, NULL);
}
/**
next prev parent reply other threads:[~2009-01-23 1:25 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20090123010651.683741823@mini.kroah.org>
2009-01-23 1:11 ` [patch 00/46] 2.6.28-stable review Greg KH
2009-01-23 1:11 ` [patch 01/46] PCI: keep ASPM link state consistent throughout PCIe hierarchy Greg KH
2009-01-23 1:11 ` [patch 02/46] security: introduce missing kfree Greg KH
2009-01-23 1:11 ` [patch 03/46] rt2x00: add USB ID for the Linksys WUSB200 Greg KH
2009-01-23 1:11 ` [patch 04/46] p54usb: Add USB ID for Thomson Speedtouch 121g Greg KH
2009-01-23 1:11 ` Greg KH [this message]
2009-01-23 1:11 ` [patch 06/46] sgi-xp: eliminate false detection of no heartbeat Greg KH
2009-01-23 1:11 ` [patch 07/46] sched: fix update_min_vruntime Greg KH
2009-01-23 1:11 ` [patch 08/46] IA64: Turn on CONFIG_HAVE_UNSTABLE_CLOCK Greg KH
2009-01-23 1:11 ` [patch 09/46] sound: virtuoso: do not overwrite EEPROM on Xonar D2/D2X Greg KH
2009-01-23 1:11 ` [patch 10/46] ALSA: hda - Add quirk for another HP dv5 Greg KH
2009-01-23 1:11 ` [patch 11/46] ALSA: hda - Fix HP dv5 mic input Greg KH
2009-01-23 1:11 ` [patch 12/46] ALSA: hda - Add automatic model setting for Samsung Q45 Greg KH
2009-01-23 1:11 ` [patch 13/46] ALSA: hda - Dont reset HP pinctl in patch_sigmatel.c Greg KH
2009-01-23 1:11 ` [patch 14/46] ALSA: hda - make laptop-eapd model back for AD1986A Greg KH
2009-01-23 1:11 ` [patch 15/46] drivers/net/irda/irda-usb.c: fix buffer overflow Greg KH
2009-01-23 1:12 ` [patch 16/46] usb-storage: add last-sector hacks Greg KH
2009-01-23 1:12 ` [patch 17/46] usb-storage: set CAPACITY_HEURISTICS flag for bad vendors Greg KH
2009-01-23 1:12 ` [patch 18/46] pkt_sched: sch_htb: Fix deadlock in hrtimers triggered by HTB Greg KH
2009-01-23 1:12 ` [patch 19/46] ipv6: Fix fib6_dump_table walker leak Greg KH
2009-01-23 1:12 ` [patch 20/46] sctp: Avoid memory overflow while FWD-TSN chunk is received with bad stream ID Greg KH
2009-01-23 1:12 ` [patch 21/46] pkt_sched: cls_u32: Fix locking in u32_change() Greg KH
2009-01-23 1:12 ` [patch 22/46] r6040: fix wrong logic in mdio code Greg KH
2009-01-23 1:12 ` [patch 23/46] r6040: save and restore MIER correctly in the interrupt routine Greg KH
2009-01-23 1:12 ` [patch 24/46] r6040: bump release number to 0.19 Greg KH
2009-01-23 1:31 ` Jesper Juhl
2009-01-23 2:04 ` [stable] " Greg KH
2009-01-23 7:53 ` Willy Tarreau
2009-01-23 7:49 ` David Miller
2009-01-23 1:12 ` [patch 25/46] tcp: dont mask EOF and socket errors on nonblocking splice receive Greg KH
2009-01-23 1:12 ` [patch 26/46] USB: re-enable interface after driver unbinds Greg KH
2009-01-23 1:12 ` [patch 27/46] p54usb: fix traffic stalls / packet drop Greg KH
2009-01-23 1:12 ` [patch 28/46] netfilter: x_tables: fix match/target revision lookup Greg KH
2009-01-23 1:12 ` [patch 29/46] netfilter: ebtables: fix inversion in match code Greg KH
2009-01-23 1:12 ` [patch 30/46] netfilter: nf_conntrack: fix ICMP/ICMPv6 timeout sysctls on big-endian Greg KH
2009-01-23 1:12 ` [patch 31/46] dell_rbu: use scnprintf() instead of less secure sprintf() Greg KH
2009-01-23 1:12 ` [patch 32/46] powerpc: is_hugepage_only_range() must account for both 4kB and 64kB slices Greg KH
2009-01-23 1:12 ` [patch 33/46] hwmon: (abituguru3) Fix CONFIG_DMI=n fallback to probe Greg KH
2009-01-23 1:12 ` [patch 34/46] mm: write_cache_pages cyclic fix Greg KH
2009-01-23 1:12 ` [patch 35/46] mm: write_cache_pages early loop termination Greg KH
2009-01-23 1:12 ` [patch 36/46] mm: write_cache_pages writepage error fix Greg KH
2009-01-23 1:12 ` [patch 38/46] mm: write_cache_pages cleanups Greg KH
2009-01-23 1:12 ` [patch 37/46] mm: write_cache_pages integrity fix Greg KH
2009-01-23 1:12 ` [patch 39/46] mm: write_cache_pages optimise page cleaning Greg KH
2009-01-23 1:13 ` [patch 40/46] mm: write_cache_pages terminate quickly Greg KH
2009-01-23 1:13 ` [patch 41/46] mm: write_cache_pages more " Greg KH
2009-01-23 1:13 ` [patch 42/46] mm: do_sync_mapping_range integrity fix Greg KH
2009-01-23 1:13 ` [patch 43/46] mm: direct IO starvation improvement Greg KH
2009-01-23 1:13 ` [patch 44/46] fs: remove WB_SYNC_HOLD Greg KH
2009-01-23 1:13 ` [patch 45/46] fs: sync_sb_inodes fix Greg KH
2009-01-23 1:13 ` [patch 46/46] fs: sys_sync fix Greg KH
2009-01-23 1:50 ` [patch 00/46] 2.6.28-stable review Stefan Lippers-Hollmann
2009-01-23 2:02 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090123011135.GF19756@kroah.com \
--to=gregkh@suse.de \
--cc=Nadia.Derbey@bull.net \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=eteo@redhat.com \
--cc=jake@lwn.net \
--cc=jmforbes@linuxtx.org \
--cc=krh@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=manfred@colorfullife.com \
--cc=mkrufky@linuxtv.org \
--cc=paulmck@us.ibm.com \
--cc=penberg@cs.helsinki.fi \
--cc=rbranco@la.checkpoint.com \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=stefanr@s5r6.in-berlin.de \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=w@1wt.eu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox