--- /dev/null
+From ea635c64e007061f6468ece5cc9cc62d41d4ecf2 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Wed, 26 May 2010 17:40:29 -0400
+Subject: Fix racy use of anon_inode_getfd() in perf_event.c
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit ea635c64e007061f6468ece5cc9cc62d41d4ecf2 upstream.
+
+once anon_inode_getfd() is called, you can't expect *anything* about
+struct file that descriptor points to - another thread might be doing
+whatever it likes with descriptor table at that point.
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/perf_event.c | 40 ++++++++++++++++++++++------------------
+ 1 file changed, 22 insertions(+), 18 deletions(-)
+
+--- a/kernel/perf_event.c
++++ b/kernel/perf_event.c
+@@ -4712,8 +4712,8 @@ SYSCALL_DEFINE5(perf_event_open,
+ struct perf_event_context *ctx;
+ struct file *event_file = NULL;
+ struct file *group_file = NULL;
++ int event_fd;
+ int fput_needed = 0;
+- int fput_needed2 = 0;
+ int err;
+
+ /* for future expandability... */
+@@ -4734,12 +4734,18 @@ SYSCALL_DEFINE5(perf_event_open,
+ return -EINVAL;
+ }
+
++ event_fd = get_unused_fd_flags(O_RDWR);
++ if (event_fd < 0)
++ return event_fd;
++
+ /*
+ * Get the target context (task or percpu):
+ */
+ ctx = find_get_context(pid, cpu);
+- if (IS_ERR(ctx))
+- return PTR_ERR(ctx);
++ if (IS_ERR(ctx)) {
++ err = PTR_ERR(ctx);
++ goto err_fd;
++ }
+
+ /*
+ * Look up the group leader (we will attach this event to it):
+@@ -4779,13 +4785,11 @@ SYSCALL_DEFINE5(perf_event_open,
+ if (IS_ERR(event))
+ goto err_put_context;
+
+- err = anon_inode_getfd("[perf_event]", &perf_fops, event, O_RDWR);
+- if (err < 0)
+- goto err_free_put_context;
+-
+- event_file = fget_light(err, &fput_needed2);
+- if (!event_file)
++ event_file = anon_inode_getfile("[perf_event]", &perf_fops, event, O_RDWR);
++ if (IS_ERR(event_file)) {
++ err = PTR_ERR(event_file);
+ goto err_free_put_context;
++ }
+
+ if (flags & PERF_FLAG_FD_OUTPUT) {
+ err = perf_event_set_output(event, group_fd);
+@@ -4806,19 +4810,19 @@ SYSCALL_DEFINE5(perf_event_open,
+ list_add_tail(&event->owner_entry, ¤t->perf_event_list);
+ mutex_unlock(¤t->perf_event_mutex);
+
+-err_fput_free_put_context:
+- fput_light(event_file, fput_needed2);
++ fput_light(group_file, fput_needed);
++ fd_install(event_fd, event_file);
++ return event_fd;
+
++err_fput_free_put_context:
++ fput(event_file);
+ err_free_put_context:
+- if (err < 0)
+- free_event(event);
+-
++ free_event(event);
+ err_put_context:
+- if (err < 0)
+- put_ctx(ctx);
+-
+ fput_light(group_file, fput_needed);
+-
++ put_ctx(ctx);
++err_fd:
++ put_unused_fd(event_fd);
+ return err;
+ }
+
--- /dev/null
+From e7ecd435692ca9bde9d124be30b3a26e672ea6c2 Mon Sep 17 00:00:00 2001
+From: Tejun Heo <tj@kernel.org>
+Date: Wed, 19 May 2010 15:38:58 +0200
+Subject: libata: disable ATAPI AN by default
+
+From: Tejun Heo <tj@kernel.org>
+
+commit e7ecd435692ca9bde9d124be30b3a26e672ea6c2 upstream.
+
+There are ATAPI devices which raise AN when hit by commands issued by
+open(). This leads to infinite loop of AN -> MEDIA_CHANGE uevent ->
+udev open() to check media -> AN.
+
+Both ACS and SerialATA standards don't define in which case ATAPI
+devices are supposed to raise or not raise AN. They both list media
+insertion event as a possible use case for ATAPI ANs but there is no
+clear description of what constitutes such events. As such, it seems
+a bit too naive to export ANs directly to userland as MEDIA_CHANGE
+events without further verification (which should behave similarly to
+windows as it apparently is the only thing that some hardware vendors
+are testing against).
+
+This patch adds libata.atapi_an module parameter and disables ATAPI AN
+by default for now.
+
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Cc: Kay Sievers <kay.sievers@vrfy.org>
+Cc: Nick Bowler <nbowler@elliptictech.com>
+Cc: David Zeuthen <david@fubar.dk>
+Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/ata/libata-core.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -159,6 +159,10 @@ int libata_allow_tpm = 0;
+ module_param_named(allow_tpm, libata_allow_tpm, int, 0444);
+ MODULE_PARM_DESC(allow_tpm, "Permit the use of TPM commands (0=off [default], 1=on)");
+
++static int atapi_an;
++module_param(atapi_an, int, 0444);
++MODULE_PARM_DESC(atapi_an, "Enable ATAPI AN media presence notification (0=0ff [default], 1=on)");
++
+ MODULE_AUTHOR("Jeff Garzik");
+ MODULE_DESCRIPTION("Library module for ATA devices");
+ MODULE_LICENSE("GPL");
+@@ -2570,7 +2574,8 @@ int ata_dev_configure(struct ata_device
+ * to enable ATAPI AN to discern between PHY status
+ * changed notifications and ATAPI ANs.
+ */
+- if ((ap->flags & ATA_FLAG_AN) && ata_id_has_atapi_AN(id) &&
++ if (atapi_an &&
++ (ap->flags & ATA_FLAG_AN) && ata_id_has_atapi_AN(id) &&
+ (!sata_pmp_attached(ap) ||
+ sata_scr_read(&ap->link, SCR_NOTIFICATION, &sntf) == 0)) {
+ unsigned int err_mask;
--- /dev/null
+From 3842e835490cdf17013b30a788f6311bdcfd0571 Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Sun, 21 Mar 2010 22:52:23 +0100
+Subject: libata: don't flush dcache on slab pages
+
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+
+commit 3842e835490cdf17013b30a788f6311bdcfd0571 upstream.
+
+page_mapping() check this via VM_BUG_ON(PageSlab(page)) so we bug here
+with the according debuging turned on.
+
+Future TODO: replace this with a flush_dcache_page_for_pio() API
+
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/ata/libata-sff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/ata/libata-sff.c
++++ b/drivers/ata/libata-sff.c
+@@ -893,7 +893,7 @@ static void ata_pio_sector(struct ata_qu
+ do_write);
+ }
+
+- if (!do_write)
++ if (!do_write && !PageSlab(page))
+ flush_dcache_page(page);
+
+ qc->curbytes += qc->sect_size;
--- /dev/null
+From cb6e943ccf19ab6d3189147e9d625a992e016084 Mon Sep 17 00:00:00 2001
+From: Andi Kleen <andi@firstfloor.org>
+Date: Thu, 1 Apr 2010 03:17:25 +0200
+Subject: oprofile: remove double ring buffering
+
+From: Andi Kleen <andi@firstfloor.org>
+
+commit cb6e943ccf19ab6d3189147e9d625a992e016084 upstream.
+
+oprofile used a double buffer scheme for its cpu event buffer
+to avoid races on reading with the old locked ring buffer.
+
+But that is obsolete now with the new ring buffer, so simply
+use a single buffer. This greatly simplifies the code and avoids
+a lot of sample drops on large runs, especially with call graph.
+
+Based on suggestions from Steven Rostedt
+
+For stable kernels from v2.6.32, but not earlier.
+
+Signed-off-by: Andi Kleen <ak@linux.intel.com>
+Cc: Steven Rostedt <rostedt@goodmis.org>
+Signed-off-by: Robert Richter <robert.richter@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/oprofile/cpu_buffer.c | 63 ++++++++----------------------------------
+ 1 file changed, 13 insertions(+), 50 deletions(-)
+
+--- a/drivers/oprofile/cpu_buffer.c
++++ b/drivers/oprofile/cpu_buffer.c
+@@ -30,23 +30,7 @@
+
+ #define OP_BUFFER_FLAGS 0
+
+-/*
+- * Read and write access is using spin locking. Thus, writing to the
+- * buffer by NMI handler (x86) could occur also during critical
+- * sections when reading the buffer. To avoid this, there are 2
+- * buffers for independent read and write access. Read access is in
+- * process context only, write access only in the NMI handler. If the
+- * read buffer runs empty, both buffers are swapped atomically. There
+- * is potentially a small window during swapping where the buffers are
+- * disabled and samples could be lost.
+- *
+- * Using 2 buffers is a little bit overhead, but the solution is clear
+- * and does not require changes in the ring buffer implementation. It
+- * can be changed to a single buffer solution when the ring buffer
+- * access is implemented as non-locking atomic code.
+- */
+-static struct ring_buffer *op_ring_buffer_read;
+-static struct ring_buffer *op_ring_buffer_write;
++static struct ring_buffer *op_ring_buffer;
+ DEFINE_PER_CPU(struct oprofile_cpu_buffer, op_cpu_buffer);
+
+ static void wq_sync_buffer(struct work_struct *work);
+@@ -68,12 +52,9 @@ void oprofile_cpu_buffer_inc_smpl_lost(v
+
+ void free_cpu_buffers(void)
+ {
+- if (op_ring_buffer_read)
+- ring_buffer_free(op_ring_buffer_read);
+- op_ring_buffer_read = NULL;
+- if (op_ring_buffer_write)
+- ring_buffer_free(op_ring_buffer_write);
+- op_ring_buffer_write = NULL;
++ if (op_ring_buffer)
++ ring_buffer_free(op_ring_buffer);
++ op_ring_buffer = NULL;
+ }
+
+ #define RB_EVENT_HDR_SIZE 4
+@@ -86,11 +67,8 @@ int alloc_cpu_buffers(void)
+ unsigned long byte_size = buffer_size * (sizeof(struct op_sample) +
+ RB_EVENT_HDR_SIZE);
+
+- op_ring_buffer_read = ring_buffer_alloc(byte_size, OP_BUFFER_FLAGS);
+- if (!op_ring_buffer_read)
+- goto fail;
+- op_ring_buffer_write = ring_buffer_alloc(byte_size, OP_BUFFER_FLAGS);
+- if (!op_ring_buffer_write)
++ op_ring_buffer = ring_buffer_alloc(byte_size, OP_BUFFER_FLAGS);
++ if (!op_ring_buffer)
+ goto fail;
+
+ for_each_possible_cpu(i) {
+@@ -162,16 +140,11 @@ struct op_sample
+ *op_cpu_buffer_write_reserve(struct op_entry *entry, unsigned long size)
+ {
+ entry->event = ring_buffer_lock_reserve
+- (op_ring_buffer_write, sizeof(struct op_sample) +
++ (op_ring_buffer, sizeof(struct op_sample) +
+ size * sizeof(entry->sample->data[0]));
+- if (entry->event)
+- entry->sample = ring_buffer_event_data(entry->event);
+- else
+- entry->sample = NULL;
+-
+- if (!entry->sample)
++ if (!entry->event)
+ return NULL;
+-
++ entry->sample = ring_buffer_event_data(entry->event);
+ entry->size = size;
+ entry->data = entry->sample->data;
+
+@@ -180,25 +153,16 @@ struct op_sample
+
+ int op_cpu_buffer_write_commit(struct op_entry *entry)
+ {
+- return ring_buffer_unlock_commit(op_ring_buffer_write, entry->event);
++ return ring_buffer_unlock_commit(op_ring_buffer, entry->event);
+ }
+
+ struct op_sample *op_cpu_buffer_read_entry(struct op_entry *entry, int cpu)
+ {
+ struct ring_buffer_event *e;
+- e = ring_buffer_consume(op_ring_buffer_read, cpu, NULL);
+- if (e)
+- goto event;
+- if (ring_buffer_swap_cpu(op_ring_buffer_read,
+- op_ring_buffer_write,
+- cpu))
++ e = ring_buffer_consume(op_ring_buffer, cpu, NULL);
++ if (!e)
+ return NULL;
+- e = ring_buffer_consume(op_ring_buffer_read, cpu, NULL);
+- if (e)
+- goto event;
+- return NULL;
+
+-event:
+ entry->event = e;
+ entry->sample = ring_buffer_event_data(e);
+ entry->size = (ring_buffer_event_length(e) - sizeof(struct op_sample))
+@@ -209,8 +173,7 @@ event:
+
+ unsigned long op_cpu_buffer_entries(int cpu)
+ {
+- return ring_buffer_entries_cpu(op_ring_buffer_read, cpu)
+- + ring_buffer_entries_cpu(op_ring_buffer_write, cpu);
++ return ring_buffer_entries_cpu(op_ring_buffer, cpu);
+ }
+
+ static int
--- /dev/null
+From 2623a1d55a6260c855e1f6d1895900b50b40a896 Mon Sep 17 00:00:00 2001
+From: Robert Richter <robert.richter@amd.com>
+Date: Mon, 3 May 2010 19:44:32 +0200
+Subject: oprofile/x86: fix uninitialized counter usage during cpu hotplug
+
+From: Robert Richter <robert.richter@amd.com>
+
+commit 2623a1d55a6260c855e1f6d1895900b50b40a896 upstream.
+
+This fixes a NULL pointer dereference that is triggered when taking a
+cpu offline after oprofile was initialized, e.g.:
+
+ $ opcontrol --init
+ $ opcontrol --start-daemon
+ $ opcontrol --shutdown
+ $ opcontrol --deinit
+ $ echo 0 > /sys/devices/system/cpu/cpu1/online
+
+See the crash dump below. Though the counter has been disabled the cpu
+notifier is still active and trying to use already freed counter data.
+
+This fix is for linux-stable. To proper fix this, the hotplug code
+must be rewritten. Thus I will leave a WARN_ON_ONCE() message with
+this patch.
+
+BUG: unable to handle kernel NULL pointer dereference at (null)
+IP: [<ffffffff8132ad57>] op_amd_stop+0x2d/0x8e
+PGD 0
+Oops: 0000 [#1] SMP
+last sysfs file: /sys/devices/system/cpu/cpu1/online
+CPU 1
+Modules linked in:
+
+Pid: 0, comm: swapper Not tainted 2.6.34-rc5-oprofile-x86_64-standard-00210-g8c00f06 #16 Anaheim/Anaheim
+RIP: 0010:[<ffffffff8132ad57>] [<ffffffff8132ad57>] op_amd_stop+0x2d/0x8e
+RSP: 0018:ffff880001843f28 EFLAGS: 00010006
+RAX: 0000000000000000 RBX: 0000000000000000 RCX: dead000000200200
+RDX: ffff880001843f68 RSI: dead000000100100 RDI: 0000000000000000
+RBP: ffff880001843f48 R08: 0000000000000000 R09: ffff880001843f08
+R10: ffffffff8102c9a5 R11: ffff88000184ea80 R12: 0000000000000000
+R13: ffff88000184f6c0 R14: 0000000000000000 R15: 0000000000000000
+FS: 00007fec6a92e6f0(0000) GS:ffff880001840000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
+CR2: 0000000000000000 CR3: 000000000163b000 CR4: 00000000000006e0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
+Process swapper (pid: 0, threadinfo ffff88042fcd8000, task ffff88042fcd51d0)
+Stack:
+ ffff880001843f48 0000000000000001 ffff88042e9f7d38 ffff880001843f68
+<0> ffff880001843f58 ffffffff8132a602 ffff880001843f98 ffffffff810521b3
+<0> ffff880001843f68 ffff880001843f68 ffff880001843f88 ffff88042fcd9fd8
+Call Trace:
+ <IRQ>
+ [<ffffffff8132a602>] nmi_cpu_stop+0x21/0x23
+ [<ffffffff810521b3>] generic_smp_call_function_single_interrupt+0xdf/0x11b
+ [<ffffffff8101804f>] smp_call_function_single_interrupt+0x22/0x31
+ [<ffffffff810029f3>] call_function_single_interrupt+0x13/0x20
+ <EOI>
+ [<ffffffff8102c9a5>] ? wake_up_process+0x10/0x12
+ [<ffffffff81008701>] ? default_idle+0x22/0x37
+ [<ffffffff8100896d>] c1e_idle+0xdf/0xe6
+ [<ffffffff813f1170>] ? atomic_notifier_call_chain+0x13/0x15
+ [<ffffffff810012fb>] cpu_idle+0x4b/0x7e
+ [<ffffffff813e8a4e>] start_secondary+0x1ae/0x1b2
+Code: 89 e5 41 55 49 89 fd 41 54 45 31 e4 53 31 db 48 83 ec 08 89 df e8 be f8 ff ff 48 98 48 83 3c c5 10 67 7a 81 00 74 1f 49 8b 45 08 <42> 8b 0c 20 0f 32 48 c1 e2 20 25 ff ff bf ff 48 09 d0 48 89 c2
+RIP [<ffffffff8132ad57>] op_amd_stop+0x2d/0x8e
+ RSP <ffff880001843f28>
+CR2: 0000000000000000
+---[ end trace 679ac372d674b757 ]---
+Kernel panic - not syncing: Fatal exception in interrupt
+Pid: 0, comm: swapper Tainted: G D 2.6.34-rc5-oprofile-x86_64-standard-00210-g8c00f06 #16
+Call Trace:
+ <IRQ> [<ffffffff813ebd6a>] panic+0x9e/0x10c
+ [<ffffffff810474b0>] ? up+0x34/0x39
+ [<ffffffff81031ccc>] ? kmsg_dump+0x112/0x12c
+ [<ffffffff813eeff1>] oops_end+0x81/0x8e
+ [<ffffffff8101efee>] no_context+0x1f3/0x202
+ [<ffffffff8101f1b7>] __bad_area_nosemaphore+0x1ba/0x1e0
+ [<ffffffff81028d24>] ? enqueue_task_fair+0x16d/0x17a
+ [<ffffffff810264dc>] ? activate_task+0x42/0x53
+ [<ffffffff8102c967>] ? try_to_wake_up+0x272/0x284
+ [<ffffffff8101f1eb>] bad_area_nosemaphore+0xe/0x10
+ [<ffffffff813f0f3f>] do_page_fault+0x1c8/0x37c
+ [<ffffffff81028d24>] ? enqueue_task_fair+0x16d/0x17a
+ [<ffffffff813ee55f>] page_fault+0x1f/0x30
+ [<ffffffff8102c9a5>] ? wake_up_process+0x10/0x12
+ [<ffffffff8132ad57>] ? op_amd_stop+0x2d/0x8e
+ [<ffffffff8132ad46>] ? op_amd_stop+0x1c/0x8e
+ [<ffffffff8132a602>] nmi_cpu_stop+0x21/0x23
+ [<ffffffff810521b3>] generic_smp_call_function_single_interrupt+0xdf/0x11b
+ [<ffffffff8101804f>] smp_call_function_single_interrupt+0x22/0x31
+ [<ffffffff810029f3>] call_function_single_interrupt+0x13/0x20
+ <EOI> [<ffffffff8102c9a5>] ? wake_up_process+0x10/0x12
+ [<ffffffff81008701>] ? default_idle+0x22/0x37
+ [<ffffffff8100896d>] c1e_idle+0xdf/0xe6
+ [<ffffffff813f1170>] ? atomic_notifier_call_chain+0x13/0x15
+ [<ffffffff810012fb>] cpu_idle+0x4b/0x7e
+ [<ffffffff813e8a4e>] start_secondary+0x1ae/0x1b2
+------------[ cut here ]------------
+WARNING: at /local/rrichter/.source/linux/arch/x86/kernel/smp.c:118 native_smp_send_reschedule+0x27/0x53()
+Hardware name: Anaheim
+Modules linked in:
+Pid: 0, comm: swapper Tainted: G D 2.6.34-rc5-oprofile-x86_64-standard-00210-g8c00f06 #16
+Call Trace:
+ <IRQ> [<ffffffff81017f32>] ? native_smp_send_reschedule+0x27/0x53
+ [<ffffffff81030ee2>] warn_slowpath_common+0x77/0xa4
+ [<ffffffff81030f1e>] warn_slowpath_null+0xf/0x11
+ [<ffffffff81017f32>] native_smp_send_reschedule+0x27/0x53
+ [<ffffffff8102634b>] resched_task+0x60/0x62
+ [<ffffffff8102653a>] check_preempt_curr_idle+0x10/0x12
+ [<ffffffff8102c8ea>] try_to_wake_up+0x1f5/0x284
+ [<ffffffff8102c986>] default_wake_function+0xd/0xf
+ [<ffffffff810a110d>] pollwake+0x57/0x5a
+ [<ffffffff8102c979>] ? default_wake_function+0x0/0xf
+ [<ffffffff81026be5>] __wake_up_common+0x46/0x75
+ [<ffffffff81026ed0>] __wake_up+0x38/0x50
+ [<ffffffff81031694>] printk_tick+0x39/0x3b
+ [<ffffffff8103ac37>] update_process_times+0x3f/0x5c
+ [<ffffffff8104dc63>] tick_periodic+0x5d/0x69
+ [<ffffffff8104dc90>] tick_handle_periodic+0x21/0x71
+ [<ffffffff81018fd0>] smp_apic_timer_interrupt+0x82/0x95
+ [<ffffffff81002853>] apic_timer_interrupt+0x13/0x20
+ [<ffffffff81030cb5>] ? panic_blink_one_second+0x0/0x7b
+ [<ffffffff813ebdd6>] ? panic+0x10a/0x10c
+ [<ffffffff810474b0>] ? up+0x34/0x39
+ [<ffffffff81031ccc>] ? kmsg_dump+0x112/0x12c
+ [<ffffffff813eeff1>] ? oops_end+0x81/0x8e
+ [<ffffffff8101efee>] ? no_context+0x1f3/0x202
+ [<ffffffff8101f1b7>] ? __bad_area_nosemaphore+0x1ba/0x1e0
+ [<ffffffff81028d24>] ? enqueue_task_fair+0x16d/0x17a
+ [<ffffffff810264dc>] ? activate_task+0x42/0x53
+ [<ffffffff8102c967>] ? try_to_wake_up+0x272/0x284
+ [<ffffffff8101f1eb>] ? bad_area_nosemaphore+0xe/0x10
+ [<ffffffff813f0f3f>] ? do_page_fault+0x1c8/0x37c
+ [<ffffffff81028d24>] ? enqueue_task_fair+0x16d/0x17a
+ [<ffffffff813ee55f>] ? page_fault+0x1f/0x30
+ [<ffffffff8102c9a5>] ? wake_up_process+0x10/0x12
+ [<ffffffff8132ad57>] ? op_amd_stop+0x2d/0x8e
+ [<ffffffff8132ad46>] ? op_amd_stop+0x1c/0x8e
+ [<ffffffff8132a602>] ? nmi_cpu_stop+0x21/0x23
+ [<ffffffff810521b3>] ? generic_smp_call_function_single_interrupt+0xdf/0x11b
+ [<ffffffff8101804f>] ? smp_call_function_single_interrupt+0x22/0x31
+ [<ffffffff810029f3>] ? call_function_single_interrupt+0x13/0x20
+ <EOI> [<ffffffff8102c9a5>] ? wake_up_process+0x10/0x12
+ [<ffffffff81008701>] ? default_idle+0x22/0x37
+ [<ffffffff8100896d>] ? c1e_idle+0xdf/0xe6
+ [<ffffffff813f1170>] ? atomic_notifier_call_chain+0x13/0x15
+ [<ffffffff810012fb>] ? cpu_idle+0x4b/0x7e
+ [<ffffffff813e8a4e>] ? start_secondary+0x1ae/0x1b2
+---[ end trace 679ac372d674b758 ]---
+
+Cc: Andi Kleen <andi@firstfloor.org>
+Signed-off-by: Robert Richter <robert.richter@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86/oprofile/nmi_int.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/oprofile/nmi_int.c
++++ b/arch/x86/oprofile/nmi_int.c
+@@ -95,7 +95,10 @@ static void nmi_cpu_save_registers(struc
+ static void nmi_cpu_start(void *dummy)
+ {
+ struct op_msrs const *msrs = &__get_cpu_var(cpu_msrs);
+- model->start(msrs);
++ if (!msrs->controls)
++ WARN_ON_ONCE(1);
++ else
++ model->start(msrs);
+ }
+
+ static int nmi_start(void)
+@@ -107,7 +110,10 @@ static int nmi_start(void)
+ static void nmi_cpu_stop(void *dummy)
+ {
+ struct op_msrs const *msrs = &__get_cpu_var(cpu_msrs);
+- model->stop(msrs);
++ if (!msrs->controls)
++ WARN_ON_ONCE(1);
++ else
++ model->stop(msrs);
+ }
+
+ static void nmi_stop(void)
--- /dev/null
+From 45e0fffc8a7778282e6a1514a6ae3e7ae6545111 Mon Sep 17 00:00:00 2001
+From: Andrey Vagin <avagin@openvz.org>
+Date: Mon, 24 May 2010 12:15:33 -0700
+Subject: posix_timer: Fix error path in timer_create
+
+From: Andrey Vagin <avagin@openvz.org>
+
+commit 45e0fffc8a7778282e6a1514a6ae3e7ae6545111 upstream.
+
+Move CLOCK_DISPATCH(which_clock, timer_create, (new_timer)) after all
+posible EFAULT erros.
+
+*_timer_create may allocate/get resources.
+(for example posix_cpu_timer_create does get_task_struct)
+
+[ tglx: fold the remove crappy comment patch into this ]
+
+Signed-off-by: Andrey Vagin <avagin@openvz.org>
+Cc: Oleg Nesterov <oleg@tv-sign.ru>
+Cc: Pavel Emelyanov <xemul@openvz.org>
+Reviewed-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/posix-timers.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+--- a/kernel/posix-timers.c
++++ b/kernel/posix-timers.c
+@@ -559,14 +559,7 @@ SYSCALL_DEFINE3(timer_create, const cloc
+ new_timer->it_id = (timer_t) new_timer_id;
+ new_timer->it_clock = which_clock;
+ new_timer->it_overrun = -1;
+- error = CLOCK_DISPATCH(which_clock, timer_create, (new_timer));
+- if (error)
+- goto out;
+
+- /*
+- * return the timer_id now. The next step is hard to
+- * back out if there is an error.
+- */
+ if (copy_to_user(created_timer_id,
+ &new_timer_id, sizeof (new_timer_id))) {
+ error = -EFAULT;
+@@ -597,6 +590,10 @@ SYSCALL_DEFINE3(timer_create, const cloc
+ new_timer->sigq->info.si_tid = new_timer->it_id;
+ new_timer->sigq->info.si_code = SI_TIMER;
+
++ error = CLOCK_DISPATCH(which_clock, timer_create, (new_timer));
++ if (error)
++ goto out;
++
+ spin_lock_irq(¤t->sighand->siglock);
+ new_timer->it_signal = current->signal;
+ list_add(&new_timer->list, ¤t->signal->posix_timers);
--- /dev/null
+fix-racy-use-of-anon_inode_getfd-in-perf_event.c.patch
+posix_timer-fix-error-path-in-timer_create.patch
+libata-disable-atapi-an-by-default.patch
+libata-don-t-flush-dcache-on-slab-pages.patch
+oprofile-x86-fix-uninitialized-counter-usage-during-cpu-hotplug.patch
+oprofile-remove-double-ring-buffering.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
