From c629033d40d85dae1dd82522cf1d1bc66392d093 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 22 Feb 2013 12:27:27 -0800
Subject: [PATCH] 3.8-stable patches

added patches:
	genirq-avoid-deadlock-in-spurious-handling.patch
	posix-cpu-timers-fix-nanosleep-task_struct-leak.patch
	timeconst.pl-eliminate-perl-warning.patch
---
 ...-avoid-deadlock-in-spurious-handling.patch | 56 +++++++++++++++
 ...imers-fix-nanosleep-task_struct-leak.patch | 69 +++++++++++++++++++
 queue-3.8/series                              |  3 +
 .../timeconst.pl-eliminate-perl-warning.patch | 42 +++++++++++
 4 files changed, 170 insertions(+)
 create mode 100644 queue-3.8/genirq-avoid-deadlock-in-spurious-handling.patch
 create mode 100644 queue-3.8/posix-cpu-timers-fix-nanosleep-task_struct-leak.patch
 create mode 100644 queue-3.8/timeconst.pl-eliminate-perl-warning.patch

diff --git a/queue-3.8/genirq-avoid-deadlock-in-spurious-handling.patch b/queue-3.8/genirq-avoid-deadlock-in-spurious-handling.patch
new file mode 100644
index 00000000000..7bb9e67b26a
--- /dev/null
+++ b/queue-3.8/genirq-avoid-deadlock-in-spurious-handling.patch
@@ -0,0 +1,56 @@
+From e716efde75267eab919cdb2bef5b2cb77f305326 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Fri, 23 Nov 2012 10:08:44 +0100
+Subject: genirq: Avoid deadlock in spurious handling
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit e716efde75267eab919cdb2bef5b2cb77f305326 upstream.
+
+commit 52553ddf(genirq: fix regression in irqfixup, irqpoll)
+introduced a potential deadlock by calling the action handler with the
+irq descriptor lock held.
+
+Remove the call and let the handling code run even for an interrupt
+where only a single action is registered. That matches the goal of
+the above commit and avoids the deadlock.
+
+Document the confusing action = desc->action reload in the handling
+loop while at it.
+
+Reported-and-tested-by: "Wang, Warner" <warner.wang@hp.com>
+Tested-by: Edward Donovan <edward.donovan@numble.net>
+Cc: "Wang, Song-Bo (Stoney)" <song-bo.wang@hp.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/irq/spurious.c |    7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+--- a/kernel/irq/spurious.c
++++ b/kernel/irq/spurious.c
+@@ -80,13 +80,11 @@ static int try_one_irq(int irq, struct i
+ 
+ 	/*
+ 	 * All handlers must agree on IRQF_SHARED, so we test just the
+-	 * first. Check for action->next as well.
++	 * first.
+ 	 */
+ 	action = desc->action;
+ 	if (!action || !(action->flags & IRQF_SHARED) ||
+-	    (action->flags & __IRQF_TIMER) ||
+-	    (action->handler(irq, action->dev_id) == IRQ_HANDLED) ||
+-	    !action->next)
++	    (action->flags & __IRQF_TIMER))
+ 		goto out;
+ 
+ 	/* Already running on another processor */
+@@ -104,6 +102,7 @@ static int try_one_irq(int irq, struct i
+ 	do {
+ 		if (handle_irq_event(desc) == IRQ_HANDLED)
+ 			ret = IRQ_HANDLED;
++		/* Make sure that there is still a valid action */
+ 		action = desc->action;
+ 	} while ((desc->istate & IRQS_PENDING) && action);
+ 	desc->istate &= ~IRQS_POLL_INPROGRESS;
diff --git a/queue-3.8/posix-cpu-timers-fix-nanosleep-task_struct-leak.patch b/queue-3.8/posix-cpu-timers-fix-nanosleep-task_struct-leak.patch
new file mode 100644
index 00000000000..5a923b8d732
--- /dev/null
+++ b/queue-3.8/posix-cpu-timers-fix-nanosleep-task_struct-leak.patch
@@ -0,0 +1,69 @@
+From e6c42c295e071dd74a66b5a9fcf4f44049888ed8 Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Fri, 15 Feb 2013 11:08:11 +0100
+Subject: posix-cpu-timers: Fix nanosleep task_struct leak
+
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+
+commit e6c42c295e071dd74a66b5a9fcf4f44049888ed8 upstream.
+
+The trinity fuzzer triggered a task_struct reference leak via
+clock_nanosleep with CPU_TIMERs. do_cpu_nanosleep() calls
+posic_cpu_timer_create(), but misses a corresponding
+posix_cpu_timer_del() which leads to the task_struct reference leak.
+
+Reported-and-tested-by: Tommi Rantala <tt.rantala@gmail.com>
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Cc: Dave Jones <davej@redhat.com>
+Cc: John Stultz <john.stultz@linaro.org>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Link: http://lkml.kernel.org/r/20130215100810.GF4392@redhat.com
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/posix-cpu-timers.c |   23 +++++++++++++++++++++--
+ 1 file changed, 21 insertions(+), 2 deletions(-)
+
+--- a/kernel/posix-cpu-timers.c
++++ b/kernel/posix-cpu-timers.c
+@@ -1401,8 +1401,10 @@ static int do_cpu_nanosleep(const clocki
+ 		while (!signal_pending(current)) {
+ 			if (timer.it.cpu.expires.sched == 0) {
+ 				/*
+-				 * Our timer fired and was reset.
++				 * Our timer fired and was reset, below
++				 * deletion can not fail.
+ 				 */
++				posix_cpu_timer_del(&timer);
+ 				spin_unlock_irq(&timer.it_lock);
+ 				return 0;
+ 			}
+@@ -1420,9 +1422,26 @@ static int do_cpu_nanosleep(const clocki
+ 		 * We were interrupted by a signal.
+ 		 */
+ 		sample_to_timespec(which_clock, timer.it.cpu.expires, rqtp);
+-		posix_cpu_timer_set(&timer, 0, &zero_it, it);
++		error = posix_cpu_timer_set(&timer, 0, &zero_it, it);
++		if (!error) {
++			/*
++			 * Timer is now unarmed, deletion can not fail.
++			 */
++			posix_cpu_timer_del(&timer);
++		}
+ 		spin_unlock_irq(&timer.it_lock);
+ 
++		while (error == TIMER_RETRY) {
++			/*
++			 * We need to handle case when timer was or is in the
++			 * middle of firing. In other cases we already freed
++			 * resources.
++			 */
++			spin_lock_irq(&timer.it_lock);
++			error = posix_cpu_timer_del(&timer);
++			spin_unlock_irq(&timer.it_lock);
++		}
++
+ 		if ((it->it_value.tv_sec | it->it_value.tv_nsec) == 0) {
+ 			/*
+ 			 * It actually did fire already.
diff --git a/queue-3.8/series b/queue-3.8/series
index 4d057f77449..42eaa003e37 100644
--- a/queue-3.8/series
+++ b/queue-3.8/series
@@ -3,3 +3,6 @@ x86-32-mm-remove-reference-to-resume_map_numa_kva.patch
 x86-32-mm-remove-reference-to-alloc_remap.patch
 perf-tools-fix-build-with-bison-2.3-and-older.patch
 perf-hists-fix-period-symbol_conf.field_sep-display.patch
+timeconst.pl-eliminate-perl-warning.patch
+genirq-avoid-deadlock-in-spurious-handling.patch
+posix-cpu-timers-fix-nanosleep-task_struct-leak.patch
diff --git a/queue-3.8/timeconst.pl-eliminate-perl-warning.patch b/queue-3.8/timeconst.pl-eliminate-perl-warning.patch
new file mode 100644
index 00000000000..bbda617d16e
--- /dev/null
+++ b/queue-3.8/timeconst.pl-eliminate-perl-warning.patch
@@ -0,0 +1,42 @@
+From 63a3f603413ffe82ad775f2d62a5afff87fd94a0 Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin" <hpa@linux.intel.com>
+Date: Thu, 7 Feb 2013 17:14:08 -0800
+Subject: timeconst.pl: Eliminate Perl warning
+
+From: "H. Peter Anvin" <hpa@linux.intel.com>
+
+commit 63a3f603413ffe82ad775f2d62a5afff87fd94a0 upstream.
+
+defined(@array) is deprecated in Perl and gives off a warning.
+Restructure the code to remove that warning.
+
+[ hpa: it would be interesting to revert to the timeconst.bc script.
+  It appears that the failures reported by akpm during testing of
+  that script was due to a known broken version of make, not a problem
+  with bc.  The Makefile rules could probably be restructured to avoid
+  the make bug, or it is probably old enough that it doesn't matter. ]
+
+Reported-by: Andi Kleen <ak@linux.intel.com>
+Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/timeconst.pl |    6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+--- a/kernel/timeconst.pl
++++ b/kernel/timeconst.pl
+@@ -369,10 +369,8 @@ if ($hz eq '--can') {
+ 		die "Usage: $0 HZ\n";
+ 	}
+ 
+-	@val = @{$canned_values{$hz}};
+-	if (!defined(@val)) {
+-		@val = compute_values($hz);
+-	}
++	$cv = $canned_values{$hz};
++	@val = defined($cv) ? @$cv : compute_values($hz);
+ 	output($hz, @val);
+ }
+ exit 0;
-- 
2.47.3