From: Greg Kroah-Hartman Date: Fri, 22 Feb 2013 20:26:10 +0000 (-0800) Subject: 3.4-stable patches X-Git-Tag: v3.7.10~55 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=64f385956102236607a6f00dd6c6c0906477fce1;p=thirdparty%2Fkernel%2Fstable-queue.git 3.4-stable patches added patches: genirq-avoid-deadlock-in-spurious-handling.patch mm-fix-pageblock-bitmap-allocation.patch posix-cpu-timers-fix-nanosleep-task_struct-leak.patch timeconst.pl-eliminate-perl-warning.patch --- diff --git a/queue-3.4/genirq-avoid-deadlock-in-spurious-handling.patch b/queue-3.4/genirq-avoid-deadlock-in-spurious-handling.patch new file mode 100644 index 00000000000..7bb9e67b26a --- /dev/null +++ b/queue-3.4/genirq-avoid-deadlock-in-spurious-handling.patch @@ -0,0 +1,56 @@ +From e716efde75267eab919cdb2bef5b2cb77f305326 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Fri, 23 Nov 2012 10:08:44 +0100 +Subject: genirq: Avoid deadlock in spurious handling + +From: Thomas Gleixner + +commit e716efde75267eab919cdb2bef5b2cb77f305326 upstream. + +commit 52553ddf(genirq: fix regression in irqfixup, irqpoll) +introduced a potential deadlock by calling the action handler with the +irq descriptor lock held. + +Remove the call and let the handling code run even for an interrupt +where only a single action is registered. That matches the goal of +the above commit and avoids the deadlock. + +Document the confusing action = desc->action reload in the handling +loop while at it. + +Reported-and-tested-by: "Wang, Warner" +Tested-by: Edward Donovan +Cc: "Wang, Song-Bo (Stoney)" +Signed-off-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/irq/spurious.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +--- a/kernel/irq/spurious.c ++++ b/kernel/irq/spurious.c +@@ -80,13 +80,11 @@ static int try_one_irq(int irq, struct i + + /* + * All handlers must agree on IRQF_SHARED, so we test just the +- * first. Check for action->next as well. ++ * first. + */ + action = desc->action; + if (!action || !(action->flags & IRQF_SHARED) || +- (action->flags & __IRQF_TIMER) || +- (action->handler(irq, action->dev_id) == IRQ_HANDLED) || +- !action->next) ++ (action->flags & __IRQF_TIMER)) + goto out; + + /* Already running on another processor */ +@@ -104,6 +102,7 @@ static int try_one_irq(int irq, struct i + do { + if (handle_irq_event(desc) == IRQ_HANDLED) + ret = IRQ_HANDLED; ++ /* Make sure that there is still a valid action */ + action = desc->action; + } while ((desc->istate & IRQS_PENDING) && action); + desc->istate &= ~IRQS_POLL_INPROGRESS; diff --git a/queue-3.4/mm-fix-pageblock-bitmap-allocation.patch b/queue-3.4/mm-fix-pageblock-bitmap-allocation.patch new file mode 100644 index 00000000000..8804d664d0a --- /dev/null +++ b/queue-3.4/mm-fix-pageblock-bitmap-allocation.patch @@ -0,0 +1,83 @@ +From 7c45512df987c5619db041b5c9b80d281e26d3db Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Mon, 18 Feb 2013 09:58:02 -0800 +Subject: mm: fix pageblock bitmap allocation + +From: Linus Torvalds + +commit 7c45512df987c5619db041b5c9b80d281e26d3db upstream. + +Commit c060f943d092 ("mm: use aligned zone start for pfn_to_bitidx +calculation") fixed out calculation of the index into the pageblock +bitmap when a !SPARSEMEM zome was not aligned to pageblock_nr_pages. + +However, the _allocation_ of that bitmap had never taken this alignment +requirement into accout, so depending on the exact size and alignment of +the zone, the use of that index could then access past the allocation, +resulting in some very subtle memory corruption. + +This was reported (and bisected) by Ingo Molnar: one of his random +config builds would hang with certain very specific kernel command line +options. + +In the meantime, commit c060f943d092 has been marked for stable, so this +fix needs to be back-ported to the stable kernels that backported the +commit to use the right alignment. + +Bisected-and-tested-by: Ingo Molnar +Acked-by: Mel Gorman +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/page_alloc.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -4216,10 +4216,11 @@ static void __meminit calculate_node_tot + * round what is now in bits to nearest long in bits, then return it in + * bytes. + */ +-static unsigned long __init usemap_size(unsigned long zonesize) ++static unsigned long __init usemap_size(unsigned long zone_start_pfn, unsigned long zonesize) + { + unsigned long usemapsize; + ++ zonesize += zone_start_pfn & (pageblock_nr_pages-1); + usemapsize = roundup(zonesize, pageblock_nr_pages); + usemapsize = usemapsize >> pageblock_order; + usemapsize *= NR_PAGEBLOCK_BITS; +@@ -4229,17 +4230,19 @@ static unsigned long __init usemap_size( + } + + static void __init setup_usemap(struct pglist_data *pgdat, +- struct zone *zone, unsigned long zonesize) ++ struct zone *zone, ++ unsigned long zone_start_pfn, ++ unsigned long zonesize) + { +- unsigned long usemapsize = usemap_size(zonesize); ++ unsigned long usemapsize = usemap_size(zone_start_pfn, zonesize); + zone->pageblock_flags = NULL; + if (usemapsize) + zone->pageblock_flags = alloc_bootmem_node_nopanic(pgdat, + usemapsize); + } + #else +-static inline void setup_usemap(struct pglist_data *pgdat, +- struct zone *zone, unsigned long zonesize) {} ++static inline void setup_usemap(struct pglist_data *pgdat, struct zone *zone, ++ unsigned long zone_start_pfn, unsigned long zonesize) {} + #endif /* CONFIG_SPARSEMEM */ + + #ifdef CONFIG_HUGETLB_PAGE_SIZE_VARIABLE +@@ -4367,7 +4370,7 @@ static void __paginginit free_area_init_ + continue; + + set_pageblock_order(pageblock_default_order()); +- setup_usemap(pgdat, zone, size); ++ setup_usemap(pgdat, zone, zone_start_pfn, size); + ret = init_currently_empty_zone(zone, zone_start_pfn, + size, MEMMAP_EARLY); + BUG_ON(ret); diff --git a/queue-3.4/posix-cpu-timers-fix-nanosleep-task_struct-leak.patch b/queue-3.4/posix-cpu-timers-fix-nanosleep-task_struct-leak.patch new file mode 100644 index 00000000000..650dfdcbada --- /dev/null +++ b/queue-3.4/posix-cpu-timers-fix-nanosleep-task_struct-leak.patch @@ -0,0 +1,69 @@ +From e6c42c295e071dd74a66b5a9fcf4f44049888ed8 Mon Sep 17 00:00:00 2001 +From: Stanislaw Gruszka +Date: Fri, 15 Feb 2013 11:08:11 +0100 +Subject: posix-cpu-timers: Fix nanosleep task_struct leak + +From: Stanislaw Gruszka + +commit e6c42c295e071dd74a66b5a9fcf4f44049888ed8 upstream. + +The trinity fuzzer triggered a task_struct reference leak via +clock_nanosleep with CPU_TIMERs. do_cpu_nanosleep() calls +posic_cpu_timer_create(), but misses a corresponding +posix_cpu_timer_del() which leads to the task_struct reference leak. + +Reported-and-tested-by: Tommi Rantala +Signed-off-by: Stanislaw Gruszka +Cc: Dave Jones +Cc: John Stultz +Cc: Oleg Nesterov +Link: http://lkml.kernel.org/r/20130215100810.GF4392@redhat.com +Signed-off-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/posix-cpu-timers.c | 23 +++++++++++++++++++++-- + 1 file changed, 21 insertions(+), 2 deletions(-) + +--- a/kernel/posix-cpu-timers.c ++++ b/kernel/posix-cpu-timers.c +@@ -1422,8 +1422,10 @@ static int do_cpu_nanosleep(const clocki + while (!signal_pending(current)) { + if (timer.it.cpu.expires.sched == 0) { + /* +- * Our timer fired and was reset. ++ * Our timer fired and was reset, below ++ * deletion can not fail. + */ ++ posix_cpu_timer_del(&timer); + spin_unlock_irq(&timer.it_lock); + return 0; + } +@@ -1441,9 +1443,26 @@ static int do_cpu_nanosleep(const clocki + * We were interrupted by a signal. + */ + sample_to_timespec(which_clock, timer.it.cpu.expires, rqtp); +- posix_cpu_timer_set(&timer, 0, &zero_it, it); ++ error = posix_cpu_timer_set(&timer, 0, &zero_it, it); ++ if (!error) { ++ /* ++ * Timer is now unarmed, deletion can not fail. ++ */ ++ posix_cpu_timer_del(&timer); ++ } + spin_unlock_irq(&timer.it_lock); + ++ while (error == TIMER_RETRY) { ++ /* ++ * We need to handle case when timer was or is in the ++ * middle of firing. In other cases we already freed ++ * resources. ++ */ ++ spin_lock_irq(&timer.it_lock); ++ error = posix_cpu_timer_del(&timer); ++ spin_unlock_irq(&timer.it_lock); ++ } ++ + if ((it->it_value.tv_sec | it->it_value.tv_nsec) == 0) { + /* + * It actually did fire already. diff --git a/queue-3.4/series b/queue-3.4/series index cec2f54cfa9..c3afa7d7d8a 100644 --- a/queue-3.4/series +++ b/queue-3.4/series @@ -1,3 +1,7 @@ x86-32-mm-rip-out-x86_32-numa-remapping-code.patch x86-32-mm-remove-reference-to-resume_map_numa_kva.patch x86-32-mm-remove-reference-to-alloc_remap.patch +mm-fix-pageblock-bitmap-allocation.patch +timeconst.pl-eliminate-perl-warning.patch +genirq-avoid-deadlock-in-spurious-handling.patch +posix-cpu-timers-fix-nanosleep-task_struct-leak.patch diff --git a/queue-3.4/timeconst.pl-eliminate-perl-warning.patch b/queue-3.4/timeconst.pl-eliminate-perl-warning.patch new file mode 100644 index 00000000000..bbda617d16e --- /dev/null +++ b/queue-3.4/timeconst.pl-eliminate-perl-warning.patch @@ -0,0 +1,42 @@ +From 63a3f603413ffe82ad775f2d62a5afff87fd94a0 Mon Sep 17 00:00:00 2001 +From: "H. Peter Anvin" +Date: Thu, 7 Feb 2013 17:14:08 -0800 +Subject: timeconst.pl: Eliminate Perl warning + +From: "H. Peter Anvin" + +commit 63a3f603413ffe82ad775f2d62a5afff87fd94a0 upstream. + +defined(@array) is deprecated in Perl and gives off a warning. +Restructure the code to remove that warning. + +[ hpa: it would be interesting to revert to the timeconst.bc script. + It appears that the failures reported by akpm during testing of + that script was due to a known broken version of make, not a problem + with bc. The Makefile rules could probably be restructured to avoid + the make bug, or it is probably old enough that it doesn't matter. ] + +Reported-by: Andi Kleen +Signed-off-by: H. Peter Anvin +Cc: Andrew Morton +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/timeconst.pl | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +--- a/kernel/timeconst.pl ++++ b/kernel/timeconst.pl +@@ -369,10 +369,8 @@ if ($hz eq '--can') { + die "Usage: $0 HZ\n"; + } + +- @val = @{$canned_values{$hz}}; +- if (!defined(@val)) { +- @val = compute_values($hz); +- } ++ $cv = $canned_values{$hz}; ++ @val = defined($cv) ? @$cv : compute_values($hz); + output($hz, @val); + } + exit 0;