From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Tue, 10 Jan 2012 18:27:12 +0000 (-0800)
Subject: 3.0-stable patches
X-Git-Tag: v3.2.1~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5ca8618f0d57f9b5b5c4f9ef077d4309f9ac536f;p=thirdparty%2Fkernel%2Fstable-queue.git

3.0-stable patches

added patches:
	pm-sleep-fix-race-between-cpu-hotplug-and-freezer.patch
	scsi-mpt2sas-added-missing-mpt2sas_base_detach-call-from-scsih_remove-context.patch
	usb-cdc-acm-fix-acm_tty_hangup-vs.-acm_tty_close-race.patch
---

diff --git a/queue-3.0/pm-sleep-fix-race-between-cpu-hotplug-and-freezer.patch b/queue-3.0/pm-sleep-fix-race-between-cpu-hotplug-and-freezer.patch
new file mode 100644
index 00000000000..412f3171e92
--- /dev/null
+++ b/queue-3.0/pm-sleep-fix-race-between-cpu-hotplug-and-freezer.patch
@@ -0,0 +1,125 @@
+From 79cfbdfa87e84992d509e6c1648a18e1d7e68c20 Mon Sep 17 00:00:00 2001
+From: "Srivatsa S. Bhat" <srivatsa.bhat@linux.vnet.ibm.com>
+Date: Thu, 3 Nov 2011 00:59:25 +0100
+Subject: PM / Sleep: Fix race between CPU hotplug and freezer
+
+From: "Srivatsa S. Bhat" <srivatsa.bhat@linux.vnet.ibm.com>
+
+commit 79cfbdfa87e84992d509e6c1648a18e1d7e68c20 upstream.
+
+The CPU hotplug notifications sent out by the _cpu_up() and _cpu_down()
+functions depend on the value of the 'tasks_frozen' argument passed to them
+(which indicates whether tasks have been frozen or not).
+(Examples for such CPU hotplug notifications: CPU_ONLINE, CPU_ONLINE_FROZEN,
+CPU_DEAD, CPU_DEAD_FROZEN).
+
+Thus, it is essential that while the callbacks for those notifications are
+running, the state of the system with respect to the tasks being frozen or
+not remains unchanged, *throughout that duration*. Hence there is a need for
+synchronizing the CPU hotplug code with the freezer subsystem.
+
+Since the freezer is involved only in the Suspend/Hibernate call paths, this
+patch hooks the CPU hotplug code to the suspend/hibernate notifiers
+PM_[SUSPEND|HIBERNATE]_PREPARE and PM_POST_[SUSPEND|HIBERNATE] to prevent
+the race between CPU hotplug and freezer, thus ensuring that CPU hotplug
+notifications will always be run with the state of the system really being
+what the notifications indicate, _throughout_ their execution time.
+
+Signed-off-by: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
+Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/cpu.c |   74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 74 insertions(+)
+
+--- a/kernel/cpu.c
++++ b/kernel/cpu.c
+@@ -15,6 +15,7 @@
+ #include <linux/stop_machine.h>
+ #include <linux/mutex.h>
+ #include <linux/gfp.h>
++#include <linux/suspend.h>
+ 
+ #ifdef CONFIG_SMP
+ /* Serializes the updates to cpu_online_mask, cpu_present_mask */
+@@ -476,6 +477,79 @@ static int alloc_frozen_cpus(void)
+ 	return 0;
+ }
+ core_initcall(alloc_frozen_cpus);
++
++/*
++ * Prevent regular CPU hotplug from racing with the freezer, by disabling CPU
++ * hotplug when tasks are about to be frozen. Also, don't allow the freezer
++ * to continue until any currently running CPU hotplug operation gets
++ * completed.
++ * To modify the 'cpu_hotplug_disabled' flag, we need to acquire the
++ * 'cpu_add_remove_lock'. And this same lock is also taken by the regular
++ * CPU hotplug path and released only after it is complete. Thus, we
++ * (and hence the freezer) will block here until any currently running CPU
++ * hotplug operation gets completed.
++ */
++void cpu_hotplug_disable_before_freeze(void)
++{
++	cpu_maps_update_begin();
++	cpu_hotplug_disabled = 1;
++	cpu_maps_update_done();
++}
++
++
++/*
++ * When tasks have been thawed, re-enable regular CPU hotplug (which had been
++ * disabled while beginning to freeze tasks).
++ */
++void cpu_hotplug_enable_after_thaw(void)
++{
++	cpu_maps_update_begin();
++	cpu_hotplug_disabled = 0;
++	cpu_maps_update_done();
++}
++
++/*
++ * When callbacks for CPU hotplug notifications are being executed, we must
++ * ensure that the state of the system with respect to the tasks being frozen
++ * or not, as reported by the notification, remains unchanged *throughout the
++ * duration* of the execution of the callbacks.
++ * Hence we need to prevent the freezer from racing with regular CPU hotplug.
++ *
++ * This synchronization is implemented by mutually excluding regular CPU
++ * hotplug and Suspend/Hibernate call paths by hooking onto the Suspend/
++ * Hibernate notifications.
++ */
++static int
++cpu_hotplug_pm_callback(struct notifier_block *nb,
++			unsigned long action, void *ptr)
++{
++	switch (action) {
++
++	case PM_SUSPEND_PREPARE:
++	case PM_HIBERNATION_PREPARE:
++		cpu_hotplug_disable_before_freeze();
++		break;
++
++	case PM_POST_SUSPEND:
++	case PM_POST_HIBERNATION:
++		cpu_hotplug_enable_after_thaw();
++		break;
++
++	default:
++		return NOTIFY_DONE;
++	}
++
++	return NOTIFY_OK;
++}
++
++
++int cpu_hotplug_pm_sync_init(void)
++{
++	pm_notifier(cpu_hotplug_pm_callback, 0);
++	return 0;
++}
++core_initcall(cpu_hotplug_pm_sync_init);
++
+ #endif /* CONFIG_PM_SLEEP_SMP */
+ 
+ /**
diff --git a/queue-3.0/scsi-mpt2sas-added-missing-mpt2sas_base_detach-call-from-scsih_remove-context.patch b/queue-3.0/scsi-mpt2sas-added-missing-mpt2sas_base_detach-call-from-scsih_remove-context.patch
new file mode 100644
index 00000000000..cb1c42cd94d
--- /dev/null
+++ b/queue-3.0/scsi-mpt2sas-added-missing-mpt2sas_base_detach-call-from-scsih_remove-context.patch
@@ -0,0 +1,31 @@
+From 9ae89b0296e275d5a556068b40b7c2557a556a85 Mon Sep 17 00:00:00 2001
+From: "kashyap.desai@lsi.com" <kashyap.desai@lsi.com>
+Date: Thu, 4 Aug 2011 16:47:50 +0530
+Subject: SCSI: mpt2sas: Added missing mpt2sas_base_detach call from scsih_remove context
+
+From: "kashyap.desai@lsi.com" <kashyap.desai@lsi.com>
+
+commit 9ae89b0296e275d5a556068b40b7c2557a556a85 upstream.
+
+mpt2sas_base_detach() call was removed from _scsih_remove() while
+doing some code shuffling.  Mainly when we work on adding code for
+scsih_shutdown().  I have added back mpt2sas_base_detach() which will
+get callled from _scsih_remove().
+
+Signed-off-by: Kashyap Desai <kashyap.desai@lsi.com>
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+
+---
+ drivers/scsi/mpt2sas/mpt2sas_scsih.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/scsi/mpt2sas/mpt2sas_scsih.c
++++ b/drivers/scsi/mpt2sas/mpt2sas_scsih.c
+@@ -7211,6 +7211,7 @@ _scsih_remove(struct pci_dev *pdev)
+ 	}
+ 
+ 	sas_remove_host(shost);
++	mpt2sas_base_detach(ioc);
+ 	list_del(&ioc->list);
+ 	scsi_remove_host(shost);
+ 	scsi_host_put(shost);
diff --git a/queue-3.0/series b/queue-3.0/series
index 164b422dd27..3eb3874983e 100644
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -34,3 +34,6 @@ ohci-final-fix-for-nvidia-problems-i-hope.patch
 igmp-avoid-zero-delay-when-receiving-odd-mixture-of-igmp-queries.patch
 asix-fix-infinite-loop-in-rx_fixup.patch
 bonding-fix-error-handling-if-slave-is-busy-v2.patch
+pm-sleep-fix-race-between-cpu-hotplug-and-freezer.patch
+scsi-mpt2sas-added-missing-mpt2sas_base_detach-call-from-scsih_remove-context.patch
+usb-cdc-acm-fix-acm_tty_hangup-vs.-acm_tty_close-race.patch
diff --git a/queue-3.0/usb-cdc-acm-fix-acm_tty_hangup-vs.-acm_tty_close-race.patch b/queue-3.0/usb-cdc-acm-fix-acm_tty_hangup-vs.-acm_tty_close-race.patch
new file mode 100644
index 00000000000..39bda97a983
--- /dev/null
+++ b/queue-3.0/usb-cdc-acm-fix-acm_tty_hangup-vs.-acm_tty_close-race.patch
@@ -0,0 +1,53 @@
+From thilo@ginkel.com  Tue Jan 10 10:21:14 2012
+From: Thilo-Alexander Ginkel <thilo@ginkel.com>
+Date: Sat, 17 Dec 2011 10:55:10 +0100
+Subject: usb: cdc-acm: Fix acm_tty_hangup() vs. acm_tty_close() race
+To: oliver@neukum.name, gregkh@suse.de
+Cc: jhovold@gmail.com, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, Thilo-Alexander Ginkel <thilo@ginkel.com>
+Message-ID: <1324115710-14756-1-git-send-email-thilo@ginkel.com>
+
+From: Thilo-Alexander Ginkel <thilo@ginkel.com>
+
+[Not upstream as it was fixed differently for 3.3 with a much more
+"intrusive" rework of the driver - gregkh]
+
+There is a race condition involving acm_tty_hangup() and acm_tty_close()
+where hangup() would attempt to access tty->driver_data without proper
+locking and NULL checking after close() has potentially already set it
+to NULL.  One possibility to (sporadically) trigger this behavior is to
+perform a suspend/resume cycle with a running WWAN data connection.
+
+This patch addresses the issue by introducing a NULL check for
+tty->driver_data in acm_tty_hangup() protected by open_mutex and exiting
+gracefully when hangup() is invoked on a device that has already been
+closed.
+
+Signed-off-by: Thilo-Alexander Ginkel <thilo@ginkel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+---
+ drivers/usb/class/cdc-acm.c |   12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+--- a/drivers/usb/class/cdc-acm.c
++++ b/drivers/usb/class/cdc-acm.c
+@@ -554,10 +554,18 @@ static void acm_port_down(struct acm *ac
+ 
+ static void acm_tty_hangup(struct tty_struct *tty)
+ {
+-	struct acm *acm = tty->driver_data;
+-	tty_port_hangup(&acm->port);
++	struct acm *acm;
++
+ 	mutex_lock(&open_mutex);
++	acm = tty->driver_data;
++
++	if (!acm)
++		goto out;
++
++	tty_port_hangup(&acm->port);
+ 	acm_port_down(acm);
++
++out:
+ 	mutex_unlock(&open_mutex);
+ }
+