--- /dev/null
+From e716efde75267eab919cdb2bef5b2cb77f305326 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Fri, 23 Nov 2012 10:08:44 +0100
+Subject: genirq: Avoid deadlock in spurious handling
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit e716efde75267eab919cdb2bef5b2cb77f305326 upstream.
+
+commit 52553ddf(genirq: fix regression in irqfixup, irqpoll)
+introduced a potential deadlock by calling the action handler with the
+irq descriptor lock held.
+
+Remove the call and let the handling code run even for an interrupt
+where only a single action is registered. That matches the goal of
+the above commit and avoids the deadlock.
+
+Document the confusing action = desc->action reload in the handling
+loop while at it.
+
+Reported-and-tested-by: "Wang, Warner" <warner.wang@hp.com>
+Tested-by: Edward Donovan <edward.donovan@numble.net>
+Cc: "Wang, Song-Bo (Stoney)" <song-bo.wang@hp.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/irq/spurious.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+--- a/kernel/irq/spurious.c
++++ b/kernel/irq/spurious.c
+@@ -80,13 +80,11 @@ static int try_one_irq(int irq, struct i
+
+ /*
+ * All handlers must agree on IRQF_SHARED, so we test just the
+- * first. Check for action->next as well.
++ * first.
+ */
+ action = desc->action;
+ if (!action || !(action->flags & IRQF_SHARED) ||
+- (action->flags & __IRQF_TIMER) ||
+- (action->handler(irq, action->dev_id) == IRQ_HANDLED) ||
+- !action->next)
++ (action->flags & __IRQF_TIMER))
+ goto out;
+
+ /* Already running on another processor */
+@@ -104,6 +102,7 @@ static int try_one_irq(int irq, struct i
+ do {
+ if (handle_irq_event(desc) == IRQ_HANDLED)
+ ret = IRQ_HANDLED;
++ /* Make sure that there is still a valid action */
+ action = desc->action;
+ } while ((desc->istate & IRQS_PENDING) && action);
+ desc->istate &= ~IRQS_POLL_INPROGRESS;
--- /dev/null
+From 7c45512df987c5619db041b5c9b80d281e26d3db Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Mon, 18 Feb 2013 09:58:02 -0800
+Subject: mm: fix pageblock bitmap allocation
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit 7c45512df987c5619db041b5c9b80d281e26d3db upstream.
+
+Commit c060f943d092 ("mm: use aligned zone start for pfn_to_bitidx
+calculation") fixed out calculation of the index into the pageblock
+bitmap when a !SPARSEMEM zome was not aligned to pageblock_nr_pages.
+
+However, the _allocation_ of that bitmap had never taken this alignment
+requirement into accout, so depending on the exact size and alignment of
+the zone, the use of that index could then access past the allocation,
+resulting in some very subtle memory corruption.
+
+This was reported (and bisected) by Ingo Molnar: one of his random
+config builds would hang with certain very specific kernel command line
+options.
+
+In the meantime, commit c060f943d092 has been marked for stable, so this
+fix needs to be back-ported to the stable kernels that backported the
+commit to use the right alignment.
+
+Bisected-and-tested-by: Ingo Molnar <mingo@kernel.org>
+Acked-by: Mel Gorman <mgorman@suse.de>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/page_alloc.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+--- a/mm/page_alloc.c
++++ b/mm/page_alloc.c
+@@ -4216,10 +4216,11 @@ static void __meminit calculate_node_tot
+ * round what is now in bits to nearest long in bits, then return it in
+ * bytes.
+ */
+-static unsigned long __init usemap_size(unsigned long zonesize)
++static unsigned long __init usemap_size(unsigned long zone_start_pfn, unsigned long zonesize)
+ {
+ unsigned long usemapsize;
+
++ zonesize += zone_start_pfn & (pageblock_nr_pages-1);
+ usemapsize = roundup(zonesize, pageblock_nr_pages);
+ usemapsize = usemapsize >> pageblock_order;
+ usemapsize *= NR_PAGEBLOCK_BITS;
+@@ -4229,17 +4230,19 @@ static unsigned long __init usemap_size(
+ }
+
+ static void __init setup_usemap(struct pglist_data *pgdat,
+- struct zone *zone, unsigned long zonesize)
++ struct zone *zone,
++ unsigned long zone_start_pfn,
++ unsigned long zonesize)
+ {
+- unsigned long usemapsize = usemap_size(zonesize);
++ unsigned long usemapsize = usemap_size(zone_start_pfn, zonesize);
+ zone->pageblock_flags = NULL;
+ if (usemapsize)
+ zone->pageblock_flags = alloc_bootmem_node_nopanic(pgdat,
+ usemapsize);
+ }
+ #else
+-static inline void setup_usemap(struct pglist_data *pgdat,
+- struct zone *zone, unsigned long zonesize) {}
++static inline void setup_usemap(struct pglist_data *pgdat, struct zone *zone,
++ unsigned long zone_start_pfn, unsigned long zonesize) {}
+ #endif /* CONFIG_SPARSEMEM */
+
+ #ifdef CONFIG_HUGETLB_PAGE_SIZE_VARIABLE
+@@ -4367,7 +4370,7 @@ static void __paginginit free_area_init_
+ continue;
+
+ set_pageblock_order(pageblock_default_order());
+- setup_usemap(pgdat, zone, size);
++ setup_usemap(pgdat, zone, zone_start_pfn, size);
+ ret = init_currently_empty_zone(zone, zone_start_pfn,
+ size, MEMMAP_EARLY);
+ BUG_ON(ret);
--- /dev/null
+From e6c42c295e071dd74a66b5a9fcf4f44049888ed8 Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Fri, 15 Feb 2013 11:08:11 +0100
+Subject: posix-cpu-timers: Fix nanosleep task_struct leak
+
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+
+commit e6c42c295e071dd74a66b5a9fcf4f44049888ed8 upstream.
+
+The trinity fuzzer triggered a task_struct reference leak via
+clock_nanosleep with CPU_TIMERs. do_cpu_nanosleep() calls
+posic_cpu_timer_create(), but misses a corresponding
+posix_cpu_timer_del() which leads to the task_struct reference leak.
+
+Reported-and-tested-by: Tommi Rantala <tt.rantala@gmail.com>
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Cc: Dave Jones <davej@redhat.com>
+Cc: John Stultz <john.stultz@linaro.org>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Link: http://lkml.kernel.org/r/20130215100810.GF4392@redhat.com
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/posix-cpu-timers.c | 23 +++++++++++++++++++++--
+ 1 file changed, 21 insertions(+), 2 deletions(-)
+
+--- a/kernel/posix-cpu-timers.c
++++ b/kernel/posix-cpu-timers.c
+@@ -1422,8 +1422,10 @@ static int do_cpu_nanosleep(const clocki
+ while (!signal_pending(current)) {
+ if (timer.it.cpu.expires.sched == 0) {
+ /*
+- * Our timer fired and was reset.
++ * Our timer fired and was reset, below
++ * deletion can not fail.
+ */
++ posix_cpu_timer_del(&timer);
+ spin_unlock_irq(&timer.it_lock);
+ return 0;
+ }
+@@ -1441,9 +1443,26 @@ static int do_cpu_nanosleep(const clocki
+ * We were interrupted by a signal.
+ */
+ sample_to_timespec(which_clock, timer.it.cpu.expires, rqtp);
+- posix_cpu_timer_set(&timer, 0, &zero_it, it);
++ error = posix_cpu_timer_set(&timer, 0, &zero_it, it);
++ if (!error) {
++ /*
++ * Timer is now unarmed, deletion can not fail.
++ */
++ posix_cpu_timer_del(&timer);
++ }
+ spin_unlock_irq(&timer.it_lock);
+
++ while (error == TIMER_RETRY) {
++ /*
++ * We need to handle case when timer was or is in the
++ * middle of firing. In other cases we already freed
++ * resources.
++ */
++ spin_lock_irq(&timer.it_lock);
++ error = posix_cpu_timer_del(&timer);
++ spin_unlock_irq(&timer.it_lock);
++ }
++
+ if ((it->it_value.tv_sec | it->it_value.tv_nsec) == 0) {
+ /*
+ * It actually did fire already.
x86-32-mm-rip-out-x86_32-numa-remapping-code.patch
x86-32-mm-remove-reference-to-resume_map_numa_kva.patch
x86-32-mm-remove-reference-to-alloc_remap.patch
+mm-fix-pageblock-bitmap-allocation.patch
+timeconst.pl-eliminate-perl-warning.patch
+genirq-avoid-deadlock-in-spurious-handling.patch
+posix-cpu-timers-fix-nanosleep-task_struct-leak.patch
--- /dev/null
+From 63a3f603413ffe82ad775f2d62a5afff87fd94a0 Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin" <hpa@linux.intel.com>
+Date: Thu, 7 Feb 2013 17:14:08 -0800
+Subject: timeconst.pl: Eliminate Perl warning
+
+From: "H. Peter Anvin" <hpa@linux.intel.com>
+
+commit 63a3f603413ffe82ad775f2d62a5afff87fd94a0 upstream.
+
+defined(@array) is deprecated in Perl and gives off a warning.
+Restructure the code to remove that warning.
+
+[ hpa: it would be interesting to revert to the timeconst.bc script.
+ It appears that the failures reported by akpm during testing of
+ that script was due to a known broken version of make, not a problem
+ with bc. The Makefile rules could probably be restructured to avoid
+ the make bug, or it is probably old enough that it doesn't matter. ]
+
+Reported-by: Andi Kleen <ak@linux.intel.com>
+Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/timeconst.pl | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+--- a/kernel/timeconst.pl
++++ b/kernel/timeconst.pl
+@@ -369,10 +369,8 @@ if ($hz eq '--can') {
+ die "Usage: $0 HZ\n";
+ }
+
+- @val = @{$canned_values{$hz}};
+- if (!defined(@val)) {
+- @val = compute_values($hz);
+- }
++ $cv = $canned_values{$hz};
++ @val = defined($cv) ? @$cv : compute_values($hz);
+ output($hz, @val);
+ }
+ exit 0;
projects / thirdparty / kernel / stable-queue.git / commitdiff
