# git rev-parse -q --verify f0a7d1883d9f78ae7bf15fc258bf9a2b20f35b76^{commit}
f0a7d1883d9f78ae7bf15fc258bf9a2b20f35b76
already have revision, skipping fetch
# git checkout -q -f -B kisskb f0a7d1883d9f78ae7bf15fc258bf9a2b20f35b76
# git clean -qxdf
# < git log -1
# commit f0a7d1883d9f78ae7bf15fc258bf9a2b20f35b76
# Author: David Howells <dhowells@redhat.com>
# Date:   Mon Oct 15 12:43:02 2018 +0100
# 
#     afs: Fix clearance of reply
#     
#     The recent patch to fix the afs_server struct leak didn't actually fix the
#     bug, but rather fixed some of the symptoms.  The problem is that an
#     asynchronous call that holds a resource pointed to by call->reply[0] will
#     find the pointer cleared in the call destructor, thereby preventing the
#     resource from being cleaned up.
#     
#     In the case of the server record leak, the afs_fs_get_capabilities()
#     function in devel code sets up a call with reply[0] pointing at the server
#     record that should be altered when the result is obtained, but this was
#     being cleared before the destructor was called, so the put in the
#     destructor does nothing and the record is leaked.
#     
#     Commit f014ffb025c1 removed the additional ref obtained by
#     afs_install_server(), but the removal of this ref is actually used by the
#     garbage collector to mark a server record as being defunct after the record
#     has expired through lack of use.
#     
#     The offending clearance of call->reply[0] upon completion in
#     afs_process_async_call() has been there from the origin of the code, but
#     none of the asynchronous calls actually use that pointer currently, so it
#     should be safe to remove (note that synchronous calls don't involve this
#     function).
#     
#     Fix this by the following means:
#     
#      (1) Revert commit f014ffb025c1.
#     
#      (2) Remove the clearance of reply[0] from afs_process_async_call().
#     
#     Without this, afs_manage_servers() will suffer an assertion failure if it
#     sees a server record that didn't get used because the usage count is not 1.
#     
#     Fixes: f014ffb025c1 ("afs: Fix afs_server struct leak")
#     Fixes: 08e0e7c82eea ("[AF_RXRPC]: Make the in-kernel AFS filesystem use AF_RXRPC.")
#     Signed-off-by: David Howells <dhowells@redhat.com>
#     Cc: stable <stable@vger.kernel.org>
#     Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
# < /opt/cross/kisskb/arcompact-buildroot-2015.08.1/bin/arc-buildroot-linux-uclibc-gcc --version
# < git log --format=%s --max-count=1 f0a7d1883d9f78ae7bf15fc258bf9a2b20f35b76
# < make -s -j 120 ARCH=arc O=/kisskb/build/linus_axs101_defconfig_arcompact CROSS_COMPILE=/opt/cross/kisskb/arcompact-buildroot-2015.08.1/bin/arc-buildroot-linux-uclibc-  axs101_defconfig
# Added to kconfig CONFIG_INITRAMFS_SOURCE=""
# yes \n | make -s -j 120 ARCH=arc O=/kisskb/build/linus_axs101_defconfig_arcompact CROSS_COMPILE=/opt/cross/kisskb/arcompact-buildroot-2015.08.1/bin/arc-buildroot-linux-uclibc-  oldconfig
yes: standard output: Broken pipe
# make -s -j 120 ARCH=arc O=/kisskb/build/linus_axs101_defconfig_arcompact CROSS_COMPILE=/opt/cross/kisskb/arcompact-buildroot-2015.08.1/bin/arc-buildroot-linux-uclibc-  
In file included from /kisskb/src/include/asm-generic/bug.h:18:0,
                 from /kisskb/src/arch/arc/include/asm/bug.h:32,
                 from /kisskb/src/include/linux/bug.h:5,
                 from /kisskb/src/include/linux/mmdebug.h:5,
                 from /kisskb/src/include/linux/gfp.h:5,
                 from /kisskb/src/include/linux/slab.h:15,
                 from /kisskb/src/mm/nobootmem.c:14:
/kisskb/src/mm/nobootmem.c: In function '__free_pages_memory':
/kisskb/src/include/linux/kernel.h:845:29: warning: comparison of distinct pointer types lacks a cast [enabled by default]
   (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1)))
                             ^
/kisskb/src/include/linux/kernel.h:859:4: note: in expansion of macro '__typecheck'
   (__typecheck(x, y) && __no_side_effects(x, y))
    ^
/kisskb/src/include/linux/kernel.h:869:24: note: in expansion of macro '__safe_cmp'
  __builtin_choose_expr(__safe_cmp(x, y), \
                        ^
/kisskb/src/include/linux/kernel.h:878:19: note: in expansion of macro '__careful_cmp'
 #define min(x, y) __careful_cmp(x, y, <)
                   ^
/kisskb/src/mm/nobootmem.c:104:11: note: in expansion of macro 'min'
   order = min(MAX_ORDER - 1UL, __ffs(start));
           ^
In file included from /kisskb/src/arch/arc/include/asm/atomic.h:16:0,
                 from /kisskb/src/include/linux/atomic.h:7,
                 from /kisskb/src/include/asm-generic/bitops/lock.h:5,
                 from /kisskb/src/arch/arc/include/asm/bitops.h:429,
                 from /kisskb/src/include/linux/bitops.h:19,
                 from /kisskb/src/include/linux/kernel.h:11,
                 from /kisskb/src/include/linux/list.h:9,
                 from /kisskb/src/include/linux/module.h:9,
                 from /kisskb/src/net/core/filter.c:24:
/kisskb/src/net/core/filter.c: In function 'bpf_clear_redirect_map':
/kisskb/src/arch/arc/include/asm/cmpxchg.h:95:29: warning: value computed is not used [-Wunused-value]
 #define cmpxchg(ptr, o, n) ((typeof(*(ptr)))__cmpxchg((ptr), \
                             ^
/kisskb/src/net/core/filter.c:3268:4: note: in expansion of macro 'cmpxchg'
    cmpxchg(&ri->map, map, NULL);
    ^
/kisskb/src/net/ipv4/tcp_input.c: In function 'tcp_data_queue':
/kisskb/src/net/ipv4/tcp_input.c:4319:49: warning: array subscript is above array bounds [-Warray-bounds]
     tp->selective_acks[i-1] = tp->selective_acks[i];
                                                 ^
Completed OK
# rm -rf /kisskb/build/linus_axs101_defconfig_arcompact
# Build took: 0:00:21.944292