[OP] v2.6.22.23-op1

From: Oliver Pinter
Date: Wed May 07 2008 - 11:15:41 EST

I announced the v2.6.22.23-op1 "stable" kernel.

gitweb: http://repo.or.cz/w/linux-2.6.22.y-op.git
git-tree: git://repo.or.cz/linux-2.6.22.y-op.git
patches-gitweb : http://repo.or.cz/w/linux-2.6.22.y-op-patches.git
tar-bz2: http://students.zipernowsky.hu/~oliverp/kernel-stable/v2.6.22.23-op1.tar.bz2
patch: http://students.zipernowsky.hu/~oliverp/kernel-stable/patch-v2.6.22.23-op1.bz2
incr-patch: http://students.zipernowsky.hu/~oliverp/kernel-stable/incr/patch-v2.6.22.22-op1-v2.6.22.23-op1.bz2
chlog: http://students.zipernowsky.hu/~oliverp/kernel-stable/chlog-v2.6.22.23-op1

---
Al Viro (1):
fix SMP ordering hole in fcntl_setlk() (CVE-2008-1669)

Jeff Moyer (1):
aio: only account I/O wait time in read_events if there are active request

Oliver Pinter (1):
v2.6.22.23-op1

---
Makefile | 2 +-
fs/aio.c | 7 ++++++-
fs/locks.c | 17 +++++++++++++++--
3 files changed, 22 insertions(+), 4 deletions(-)

--
Thanks,
Oliver
diff --git a/Makefile b/Makefile
index 7200160..d001959 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
VERSION = 2
PATCHLEVEL = 6
SUBLEVEL = 22
-EXTRAVERSION = .22-op1
+EXTRAVERSION = .23-op1
NAME = Holy Dancing Manatees, Batman!

# *DOCUMENTATION*
diff --git a/fs/aio.c b/fs/aio.c
index b3419c5..e683b91 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1171,7 +1171,12 @@ retry:
ret = 0;
if (to.timed_out) /* Only check after read evt */
break;
- io_schedule();
+ /* Try to only show up in io wait if there are ops
+ * in flight */
+ if (ctx->reqs_active)
+ io_schedule();
+ else
+ schedule();
if (signal_pending(tsk)) {
ret = -EINTR;
break;
diff --git a/fs/locks.c b/fs/locks.c
index 6428605..e6d4c3b 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -1733,6 +1733,7 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd,
struct file_lock *file_lock = locks_alloc_lock();
struct flock flock;
struct inode *inode;
+ struct file *f;
int error;

if (file_lock == NULL)
@@ -1803,7 +1804,15 @@ again:
* Attempt to detect a close/fcntl race and recover by
* releasing the lock that was just acquired.
*/
- if (!error && fcheck(fd) != filp && flock.l_type != F_UNLCK) {
+ /*
+ * we need that spin_lock here - it prevents reordering between
+ * update of inode->i_flock and check for it done in close().
+ * rcu_read_lock() wouldn't do.
+ */
+ spin_lock(&current->files->file_lock);
+ f = fcheck(fd);
+ spin_unlock(&current->files->file_lock);
+ if (!error && f != filp && flock.l_type != F_UNLCK) {
flock.l_type = F_UNLCK;
goto again;
}
@@ -1859,6 +1868,7 @@ int fcntl_setlk64(unsigned int fd, struct file *filp, unsigned int cmd,
struct file_lock *file_lock = locks_alloc_lock();
struct flock64 flock;
struct inode *inode;
+ struct file *f;
int error;

if (file_lock == NULL)
@@ -1929,7 +1939,10 @@ again:
* Attempt to detect a close/fcntl race and recover by
* releasing the lock that was just acquired.
*/
- if (!error && fcheck(fd) != filp && flock.l_type != F_UNLCK) {
+ spin_lock(&current->files->file_lock);
+ f = fcheck(fd);
+ spin_unlock(&current->files->file_lock);
+ if (!error && f != filp && flock.l_type != F_UNLCK) {
flock.l_type = F_UNLCK;
goto again;
}