From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 27 Jan 2015 18:09:40 +0000 (-0800)
Subject: 3.10-stable patches
X-Git-Tag: v3.10.67~47
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d7aedd1c698ede55df7674945351f534ad8874a3;p=thirdparty%2Fkernel%2Fstable-queue.git

3.10-stable patches

added patches:
	drm-i915-fix-mutex-owner-inspection-race-under-debug_mutexes.patch
---

diff --git a/queue-3.10/drm-i915-fix-mutex-owner-inspection-race-under-debug_mutexes.patch b/queue-3.10/drm-i915-fix-mutex-owner-inspection-race-under-debug_mutexes.patch
new file mode 100644
index 00000000000..05670c9cae3
--- /dev/null
+++ b/queue-3.10/drm-i915-fix-mutex-owner-inspection-race-under-debug_mutexes.patch
@@ -0,0 +1,56 @@
+From 226e5ae9e5f9108beb0bde4ac69f68fe6210fed9 Mon Sep 17 00:00:00 2001
+From: Chris Wilson <chris@chris-wilson.co.uk>
+Date: Fri, 2 Jan 2015 09:47:10 +0000
+Subject: drm/i915: Fix mutex->owner inspection race under DEBUG_MUTEXES
+
+From: Chris Wilson <chris@chris-wilson.co.uk>
+
+commit 226e5ae9e5f9108beb0bde4ac69f68fe6210fed9 upstream.
+
+If CONFIG_DEBUG_MUTEXES is set, the mutex->owner field is only cleared
+if the mutex debugging is enabled which introduces a race in our
+mutex_is_locked_by() - i.e. we may inspect the old owner value before it
+is acquired by the new task.
+
+This is the root cause of this error:
+
+# diff --git a/kernel/locking/mutex-debug.c b/kernel/locking/mutex-debug.c
+# index 5cf6731..3ef3736 100644
+# --- a/kernel/locking/mutex-debug.c
+# +++ b/kernel/locking/mutex-debug.c
+# @@ -80,13 +80,13 @@ void debug_mutex_unlock(struct mutex *lock)
+# 			DEBUG_LOCKS_WARN_ON(lock->owner != current);
+#
+# 		DEBUG_LOCKS_WARN_ON(!lock->wait_list.prev && !lock->wait_list.next);
+# -		mutex_clear_owner(lock);
+# 	}
+#
+# 	/*
+# 	 * __mutex_slowpath_needs_to_unlock() is explicitly 0 for debug
+# 	 * mutexes so that we can do it here after we've verified state.
+# 	 */
+# +	mutex_clear_owner(lock);
+# 	atomic_set(&lock->count, 1);
+#  }
+
+Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=87955
+Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
+Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
+Signed-off-by: Jani Nikula <jani.nikula@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/i915/i915_gem.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/i915/i915_gem.c
++++ b/drivers/gpu/drm/i915/i915_gem.c
+@@ -4449,7 +4449,7 @@ static bool mutex_is_locked_by(struct mu
+ 	if (!mutex_is_locked(mutex))
+ 		return false;
+ 
+-#if defined(CONFIG_SMP) || defined(CONFIG_DEBUG_MUTEXES)
++#if defined(CONFIG_SMP) && !defined(CONFIG_DEBUG_MUTEXES)
+ 	return mutex->owner == task;
+ #else
+ 	/* Since UP may be pre-empted, we cannot assume that we own the lock */
diff --git a/queue-3.10/series b/queue-3.10/series
index 419712422b7..483b06a7e0b 100644
--- a/queue-3.10/series
+++ b/queue-3.10/series
@@ -4,3 +4,4 @@ pinctrl-fix-two-deadlocks.patch
 libata-prevent-hsm-state-change-race-between-isr-and-pio.patch
 alsa-usb-audio-add-mic-volume-fix-quirk-for-logitech-webcam-c210.patch
 scripts-recordmcount.pl-there-is-no-m32-gcc-option-on-super-h-anymore.patch
+drm-i915-fix-mutex-owner-inspection-race-under-debug_mutexes.patch