--- /dev/null
+From 9c5da09d266ca9b32eb16cf940f8161d949c2fe5 Mon Sep 17 00:00:00 2001
+From: Salman Qazi <sqazi@google.com>
+Date: Thu, 14 Jun 2012 15:31:09 -0700
+Subject: perf: Use css_tryget() to avoid propping up css refcount
+
+From: Salman Qazi <sqazi@google.com>
+
+commit 9c5da09d266ca9b32eb16cf940f8161d949c2fe5 upstream.
+
+An rmdir pushes css's ref count to zero. However, if the associated
+directory is open at the time, the dentry ref count is non-zero. If
+the fd for this directory is then passed into perf_event_open, it
+does a css_get(). This bounces the ref count back up from zero. This
+is a problem by itself. But what makes it turn into a crash is the
+fact that we end up doing an extra dput, since we perform a dput
+when css_put sees the ref count go down to zero.
+
+css_tryget() does not fall into that trap. So, we use that instead.
+
+Reproduction test-case for the bug:
+
+ #include <unistd.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+ #include <linux/unistd.h>
+ #include <linux/perf_event.h>
+ #include <string.h>
+ #include <errno.h>
+ #include <stdio.h>
+
+ #define PERF_FLAG_PID_CGROUP (1U << 2)
+
+ int perf_event_open(struct perf_event_attr *hw_event_uptr,
+ pid_t pid, int cpu, int group_fd, unsigned long flags) {
+ return syscall(__NR_perf_event_open,hw_event_uptr, pid, cpu,
+ group_fd, flags);
+ }
+
+ /*
+ * Directly poke at the perf_event bug, since it's proving hard to repro
+ * depending on where in the kernel tree. what moved?
+ */
+ int main(int argc, char **argv)
+ {
+ int fd;
+ struct perf_event_attr attr;
+ memset(&attr, 0, sizeof(attr));
+ attr.exclude_kernel = 1;
+ attr.size = sizeof(attr);
+ mkdir("/dev/cgroup/perf_event/blah", 0777);
+ fd = open("/dev/cgroup/perf_event/blah", O_RDONLY);
+ perror("open");
+ rmdir("/dev/cgroup/perf_event/blah");
+ sleep(2);
+ perf_event_open(&attr, fd, 0, -1, PERF_FLAG_PID_CGROUP);
+ perror("perf_event_open");
+ close(fd);
+ return 0;
+ }
+
+Signed-off-by: Salman Qazi <sqazi@google.com>
+Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
+Acked-by: Tejun Heo <tj@kernel.org>
+Link: http://lkml.kernel.org/r/20120614223108.1025.2503.stgit@dungbeetle.mtv.corp.google.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Cc: Li Zefan <lizefan@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/events/core.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -223,9 +223,9 @@ perf_cgroup_match(struct perf_event *eve
+ return !event->cgrp || event->cgrp == cpuctx->cgrp;
+ }
+
+-static inline void perf_get_cgroup(struct perf_event *event)
++static inline bool perf_tryget_cgroup(struct perf_event *event)
+ {
+- css_get(&event->cgrp->css);
++ return css_tryget(&event->cgrp->css);
+ }
+
+ static inline void perf_put_cgroup(struct perf_event *event)
+@@ -415,7 +415,11 @@ static inline int perf_cgroup_connect(in
+ event->cgrp = cgrp;
+
+ /* must be done before we fput() the file */
+- perf_get_cgroup(event);
++ if (!perf_tryget_cgroup(event)) {
++ event->cgrp = NULL;
++ ret = -ENOENT;
++ goto out;
++ }
+
+ /*
+ * all events in a group must monitor
--- /dev/null
+From eaa5a990191d204ba0f9d35dbe5505ec2cdd1460 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Fri, 26 Jul 2013 09:11:56 -0700
+Subject: x86, fpu: correct the asm constraints for fxsave, unbreak mxcsr.daz
+
+From: "H.J. Lu" <hjl.tools@gmail.com>
+
+commit eaa5a990191d204ba0f9d35dbe5505ec2cdd1460 upstream.
+
+GCC will optimize mxcsr_feature_mask_init in arch/x86/kernel/i387.c:
+
+ memset(&fx_scratch, 0, sizeof(struct i387_fxsave_struct));
+ asm volatile("fxsave %0" : : "m" (fx_scratch));
+ mask = fx_scratch.mxcsr_mask;
+ if (mask == 0)
+ mask = 0x0000ffbf;
+
+to
+
+ memset(&fx_scratch, 0, sizeof(struct i387_fxsave_struct));
+ asm volatile("fxsave %0" : : "m" (fx_scratch));
+ mask = 0x0000ffbf;
+
+since asm statement doesn’t say it will update fx_scratch. As the
+result, the DAZ bit will be cleared. This patch fixes it. This bug
+dates back to at least kernel 2.6.12.
+
+Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/i387.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/i387.c
++++ b/arch/x86/kernel/i387.c
+@@ -51,7 +51,7 @@ void __cpuinit mxcsr_feature_mask_init(v
+ clts();
+ if (cpu_has_fxsr) {
+ memset(&fx_scratch, 0, sizeof(struct i387_fxsave_struct));
+- asm volatile("fxsave %0" : : "m" (fx_scratch));
++ asm volatile("fxsave %0" : "+m" (fx_scratch));
+ mask = fx_scratch.mxcsr_mask;
+ if (mask == 0)
+ mask = 0x0000ffbf;
projects / thirdparty / kernel / stable-queue.git / commitdiff
