--- /dev/null
+From e716efde75267eab919cdb2bef5b2cb77f305326 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Fri, 23 Nov 2012 10:08:44 +0100
+Subject: genirq: Avoid deadlock in spurious handling
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit e716efde75267eab919cdb2bef5b2cb77f305326 upstream.
+
+commit 52553ddf(genirq: fix regression in irqfixup, irqpoll)
+introduced a potential deadlock by calling the action handler with the
+irq descriptor lock held.
+
+Remove the call and let the handling code run even for an interrupt
+where only a single action is registered. That matches the goal of
+the above commit and avoids the deadlock.
+
+Document the confusing action = desc->action reload in the handling
+loop while at it.
+
+Reported-and-tested-by: "Wang, Warner" <warner.wang@hp.com>
+Tested-by: Edward Donovan <edward.donovan@numble.net>
+Cc: "Wang, Song-Bo (Stoney)" <song-bo.wang@hp.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/irq/spurious.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+--- a/kernel/irq/spurious.c
++++ b/kernel/irq/spurious.c
+@@ -80,13 +80,11 @@ static int try_one_irq(int irq, struct i
+
+ /*
+ * All handlers must agree on IRQF_SHARED, so we test just the
+- * first. Check for action->next as well.
++ * first.
+ */
+ action = desc->action;
+ if (!action || !(action->flags & IRQF_SHARED) ||
+- (action->flags & __IRQF_TIMER) ||
+- (action->handler(irq, action->dev_id) == IRQ_HANDLED) ||
+- !action->next)
++ (action->flags & __IRQF_TIMER))
+ goto out;
+
+ /* Already running on another processor */
+@@ -104,6 +102,7 @@ static int try_one_irq(int irq, struct i
+ do {
+ if (handle_irq_event(desc) == IRQ_HANDLED)
+ ret = IRQ_HANDLED;
++ /* Make sure that there is still a valid action */
+ action = desc->action;
+ } while ((desc->istate & IRQS_PENDING) && action);
+ desc->istate &= ~IRQS_POLL_INPROGRESS;
--- /dev/null
+From e6c42c295e071dd74a66b5a9fcf4f44049888ed8 Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Fri, 15 Feb 2013 11:08:11 +0100
+Subject: posix-cpu-timers: Fix nanosleep task_struct leak
+
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+
+commit e6c42c295e071dd74a66b5a9fcf4f44049888ed8 upstream.
+
+The trinity fuzzer triggered a task_struct reference leak via
+clock_nanosleep with CPU_TIMERs. do_cpu_nanosleep() calls
+posic_cpu_timer_create(), but misses a corresponding
+posix_cpu_timer_del() which leads to the task_struct reference leak.
+
+Reported-and-tested-by: Tommi Rantala <tt.rantala@gmail.com>
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Cc: Dave Jones <davej@redhat.com>
+Cc: John Stultz <john.stultz@linaro.org>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Link: http://lkml.kernel.org/r/20130215100810.GF4392@redhat.com
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/posix-cpu-timers.c | 23 +++++++++++++++++++++--
+ 1 file changed, 21 insertions(+), 2 deletions(-)
+
+--- a/kernel/posix-cpu-timers.c
++++ b/kernel/posix-cpu-timers.c
+@@ -1401,8 +1401,10 @@ static int do_cpu_nanosleep(const clocki
+ while (!signal_pending(current)) {
+ if (timer.it.cpu.expires.sched == 0) {
+ /*
+- * Our timer fired and was reset.
++ * Our timer fired and was reset, below
++ * deletion can not fail.
+ */
++ posix_cpu_timer_del(&timer);
+ spin_unlock_irq(&timer.it_lock);
+ return 0;
+ }
+@@ -1420,9 +1422,26 @@ static int do_cpu_nanosleep(const clocki
+ * We were interrupted by a signal.
+ */
+ sample_to_timespec(which_clock, timer.it.cpu.expires, rqtp);
+- posix_cpu_timer_set(&timer, 0, &zero_it, it);
++ error = posix_cpu_timer_set(&timer, 0, &zero_it, it);
++ if (!error) {
++ /*
++ * Timer is now unarmed, deletion can not fail.
++ */
++ posix_cpu_timer_del(&timer);
++ }
+ spin_unlock_irq(&timer.it_lock);
+
++ while (error == TIMER_RETRY) {
++ /*
++ * We need to handle case when timer was or is in the
++ * middle of firing. In other cases we already freed
++ * resources.
++ */
++ spin_lock_irq(&timer.it_lock);
++ error = posix_cpu_timer_del(&timer);
++ spin_unlock_irq(&timer.it_lock);
++ }
++
+ if ((it->it_value.tv_sec | it->it_value.tv_nsec) == 0) {
+ /*
+ * It actually did fire already.
x86-32-mm-remove-reference-to-alloc_remap.patch
perf-tools-fix-build-with-bison-2.3-and-older.patch
perf-hists-fix-period-symbol_conf.field_sep-display.patch
+timeconst.pl-eliminate-perl-warning.patch
+genirq-avoid-deadlock-in-spurious-handling.patch
+posix-cpu-timers-fix-nanosleep-task_struct-leak.patch
--- /dev/null
+From 63a3f603413ffe82ad775f2d62a5afff87fd94a0 Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin" <hpa@linux.intel.com>
+Date: Thu, 7 Feb 2013 17:14:08 -0800
+Subject: timeconst.pl: Eliminate Perl warning
+
+From: "H. Peter Anvin" <hpa@linux.intel.com>
+
+commit 63a3f603413ffe82ad775f2d62a5afff87fd94a0 upstream.
+
+defined(@array) is deprecated in Perl and gives off a warning.
+Restructure the code to remove that warning.
+
+[ hpa: it would be interesting to revert to the timeconst.bc script.
+ It appears that the failures reported by akpm during testing of
+ that script was due to a known broken version of make, not a problem
+ with bc. The Makefile rules could probably be restructured to avoid
+ the make bug, or it is probably old enough that it doesn't matter. ]
+
+Reported-by: Andi Kleen <ak@linux.intel.com>
+Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/timeconst.pl | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+--- a/kernel/timeconst.pl
++++ b/kernel/timeconst.pl
+@@ -369,10 +369,8 @@ if ($hz eq '--can') {
+ die "Usage: $0 HZ\n";
+ }
+
+- @val = @{$canned_values{$hz}};
+- if (!defined(@val)) {
+- @val = compute_values($hz);
+- }
++ $cv = $canned_values{$hz};
++ @val = defined($cv) ? @$cv : compute_values($hz);
+ output($hz, @val);
+ }
+ exit 0;
projects / thirdparty / kernel / stable-queue.git / commitdiff
