From: Greg Kroah-Hartman Date: Thu, 5 Jan 2012 19:25:06 +0000 (-0800) Subject: 3.1-stable patches X-Git-Tag: v3.1.8~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f891a4fdd182fb550ae173ab16cafb26572e6a26;p=thirdparty%2Fkernel%2Fstable-queue.git 3.1-stable patches added patches: ath9k-fix-kernel-panic-in-ar2427-in-ap-mode.patch drm-radeon-kms-atom-fix-possible-segfault-in-pm-setup.patch hung_task-fix-false-positive-during-vfork.patch mpt2sas-fix-non-x86-crash-on-shutdown.patch ptrace-ensure-jobctl_stop_sigmask-is-not-zero-after-detach.patch ptrace-partially-fix-the-do_wait-wexited-vs-exit_dead-exit_zombie-race.patch revert-rtc-disable-the-alarm-in-the-hardware.patch --- diff --git a/queue-3.1/ath9k-fix-kernel-panic-in-ar2427-in-ap-mode.patch b/queue-3.1/ath9k-fix-kernel-panic-in-ar2427-in-ap-mode.patch new file mode 100644 index 00000000000..2fefda80ef4 --- /dev/null +++ b/queue-3.1/ath9k-fix-kernel-panic-in-ar2427-in-ap-mode.patch @@ -0,0 +1,73 @@ +From b25bfda38236f349cde0d1b28952f4eea2148d3f Mon Sep 17 00:00:00 2001 +From: Mohammed Shafi Shajakhan +Date: Mon, 26 Dec 2011 10:42:15 +0530 +Subject: ath9k: Fix kernel panic in AR2427 in AP mode + +From: Mohammed Shafi Shajakhan + +commit b25bfda38236f349cde0d1b28952f4eea2148d3f upstream. + +don't do aggregation related stuff for 'AP mode client power save +handling' if aggregation is not enabled in the driver, otherwise it +will lead to panic because those data structures won't be never +intialized in 'ath_tx_node_init' if aggregation is disabled + + EIP is at ath_tx_aggr_wakeup+0x37/0x80 [ath9k] + EAX: e8c09a20 EBX: f2a304e8 ECX: 00000001 EDX: 00000000 + ESI: e8c085e0 EDI: f2a304ac EBP: f40e1ca4 ESP: f40e1c8c + DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 + Process swapper/1 (pid: 0, ti=f40e0000 task=f408e860 + task.ti=f40dc000) + Stack: + 0001e966 e8c09a20 00000000 f2a304ac e8c085e0 f2a304ac + f40e1cb0 f8186741 + f8186700 f40e1d2c f922988d f2a304ac 00000202 00000001 + c0b4ba43 00000000 + 0000000f e8eb75c0 e8c085e0 205b0001 34383220 f2a304ac + f2a30000 00010020 + Call Trace: + [] ath9k_sta_notify+0x41/0x50 [ath9k] + [] ? ath9k_get_survey+0x110/0x110 [ath9k] + [] ieee80211_sta_ps_deliver_wakeup+0x9d/0x350 + [mac80211] + [] ? __module_address+0x95/0xb0 + [] ap_sta_ps_end+0x63/0xa0 [mac80211] + [] ieee80211_rx_h_sta_process+0x156/0x2b0 + [mac80211] + [] ieee80211_rx_handlers+0xce/0x510 [mac80211] + [] ? trace_hardirqs_on+0xb/0x10 + [] ? skb_queue_tail+0x3e/0x50 + [] ieee80211_prepare_and_rx_handle+0x111/0x750 + [mac80211] + [] ieee80211_rx+0x349/0xb20 [mac80211] + [] ? ieee80211_rx+0x99/0xb20 [mac80211] + [] ath_rx_tasklet+0x818/0x1d00 [ath9k] + [] ? ath9k_tasklet+0x35/0x1c0 [ath9k] + [] ? ath9k_tasklet+0x35/0x1c0 [ath9k] + [] ath9k_tasklet+0xf3/0x1c0 [ath9k] + [] tasklet_action+0xbe/0x180 + +Cc: Senthil Balasubramanian +Cc: Rajkumar Manoharan +Reported-by: Ashwin Mendonca +Tested-by: Ashwin Mendonca +Signed-off-by: Mohammed Shafi Shajakhan +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/ath/ath9k/main.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/net/wireless/ath/ath9k/main.c ++++ b/drivers/net/wireless/ath/ath9k/main.c +@@ -1841,6 +1841,9 @@ static void ath9k_sta_notify(struct ieee + struct ath_softc *sc = hw->priv; + struct ath_node *an = (struct ath_node *) sta->drv_priv; + ++ if (!(sc->sc_flags & SC_OP_TXAGGR)) ++ return; ++ + switch (cmd) { + case STA_NOTIFY_SLEEP: + an->sleeping = true; diff --git a/queue-3.1/drm-radeon-kms-atom-fix-possible-segfault-in-pm-setup.patch b/queue-3.1/drm-radeon-kms-atom-fix-possible-segfault-in-pm-setup.patch new file mode 100644 index 00000000000..5ec551276cc --- /dev/null +++ b/queue-3.1/drm-radeon-kms-atom-fix-possible-segfault-in-pm-setup.patch @@ -0,0 +1,40 @@ +From 4376eee92e5a8332b470040e672ea99cd44c826a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alexander=20M=C3=BCller?= +Date: Fri, 30 Dec 2011 12:55:48 -0500 +Subject: drm/radeon/kms/atom: fix possible segfault in pm setup + +From: =?UTF-8?q?Alexander=20M=C3=BCller?= + +commit 4376eee92e5a8332b470040e672ea99cd44c826a upstream. + +If we end up with no power states, don't look up +current vddc. + +fixes: +https://bugs.freedesktop.org/show_bug.cgi?id=44130 + +agd5f: fix patch formatting + +Signed-off-by: Alex Deucher +Signed-off-by: Dave Airlie +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/radeon/radeon_atombios.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/gpu/drm/radeon/radeon_atombios.c ++++ b/drivers/gpu/drm/radeon/radeon_atombios.c +@@ -2568,7 +2568,11 @@ void radeon_atombios_get_power_modes(str + + rdev->pm.current_power_state_index = rdev->pm.default_power_state_index; + rdev->pm.current_clock_mode_index = 0; +- rdev->pm.current_vddc = rdev->pm.power_state[rdev->pm.default_power_state_index].clock_info[0].voltage.voltage; ++ if (rdev->pm.default_power_state_index >= 0) ++ rdev->pm.current_vddc = ++ rdev->pm.power_state[rdev->pm.default_power_state_index].clock_info[0].voltage.voltage; ++ else ++ rdev->pm.current_vddc = 0; + } + + void radeon_atom_set_clock_gating(struct radeon_device *rdev, int enable) diff --git a/queue-3.1/hung_task-fix-false-positive-during-vfork.patch b/queue-3.1/hung_task-fix-false-positive-during-vfork.patch new file mode 100644 index 00000000000..847143f64d9 --- /dev/null +++ b/queue-3.1/hung_task-fix-false-positive-during-vfork.patch @@ -0,0 +1,52 @@ +From f9fab10bbd768b0e5254e53a4a8477a94bfc4b96 Mon Sep 17 00:00:00 2001 +From: Mandeep Singh Baines +Date: Tue, 3 Jan 2012 14:41:13 -0800 +Subject: hung_task: fix false positive during vfork + +From: Mandeep Singh Baines + +commit f9fab10bbd768b0e5254e53a4a8477a94bfc4b96 upstream. + +vfork parent uninterruptibly and unkillably waits for its child to +exec/exit. This wait is of unbounded length. Ignore such waits +in the hung_task detector. + +Signed-off-by: Mandeep Singh Baines +Reported-by: Sasha Levin +LKML-Reference: <1325344394.28904.43.camel@lappy> +Cc: Linus Torvalds +Cc: Ingo Molnar +Cc: Peter Zijlstra +Cc: Andrew Morton +Cc: John Kacur +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/hung_task.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +--- a/kernel/hung_task.c ++++ b/kernel/hung_task.c +@@ -74,11 +74,17 @@ static void check_hung_task(struct task_ + + /* + * Ensure the task is not frozen. +- * Also, when a freshly created task is scheduled once, changes +- * its state to TASK_UNINTERRUPTIBLE without having ever been +- * switched out once, it musn't be checked. ++ * Also, skip vfork and any other user process that freezer should skip. + */ +- if (unlikely(t->flags & PF_FROZEN || !switch_count)) ++ if (unlikely(t->flags & (PF_FROZEN | PF_FREEZER_SKIP))) ++ return; ++ ++ /* ++ * When a freshly created task is scheduled once, changes its state to ++ * TASK_UNINTERRUPTIBLE without having ever been switched out once, it ++ * musn't be checked. ++ */ ++ if (unlikely(!switch_count)) + return; + + if (switch_count != t->last_switch_count) { diff --git a/queue-3.1/mpt2sas-crashes-on-shutdown.patch b/queue-3.1/mpt2sas-crashes-on-shutdown.patch deleted file mode 100644 index b35bc3c920a..00000000000 --- a/queue-3.1/mpt2sas-crashes-on-shutdown.patch +++ /dev/null @@ -1,75 +0,0 @@ -From davem@davemloft.net Tue Jan 3 12:06:53 2012 -From: David Miller -Date: Mon, 26 Dec 2011 14:59:20 -0500 (EST) -Subject: mpt2sas crashes on shutdown -To: stable@vger.kernel.org -Cc: linux-scsi@vger.kernel.org, nagalakshmi.nandigama@lsi.com -Message-ID: <20111226.145920.1088076837634135764.davem@davemloft.net> - -From: David Miller - -[Fixed differently in 3.2] - -The mpt2sas driver accesses I/O space as virtual addresses when -saving and restoring the MSIX table, this only works by luck on x86. - -One needs to use the appropriate {read,write}{b,w,l}() APIs. - -This is fixed in v3.2.x because all of this code got rewritten for -NUMA I/O support. - -But both 3.0.x and 3.1.x still have this bug, and my Niagara sparc -machines crash on shutdown every single time due to this bug making my --stable work more difficult than it needs to be. - - -Signed-off-by: David S. Miller -Cc: Eric Moore -Cc: Nagalakshmi Nandigama -Signed-off-by: Greg Kroah-Hartman - ---- - drivers/scsi/mpt2sas/mpt2sas_base.c | 6 +++--- - drivers/scsi/mpt2sas/mpt2sas_base.h | 2 +- - 2 files changed, 4 insertions(+), 4 deletions(-) - ---- a/drivers/scsi/mpt2sas/mpt2sas_base.c -+++ b/drivers/scsi/mpt2sas/mpt2sas_base.c -@@ -1096,7 +1096,7 @@ _base_save_msix_table(struct MPT2SAS_ADA - return; - - for (i = 0; i < ioc->msix_vector_count; i++) -- ioc->msix_table_backup[i] = ioc->msix_table[i]; -+ ioc->msix_table_backup[i] = readl(&ioc->msix_table[i]); - } - - /** -@@ -1113,7 +1113,7 @@ _base_restore_msix_table(struct MPT2SAS_ - return; - - for (i = 0; i < ioc->msix_vector_count; i++) -- ioc->msix_table[i] = ioc->msix_table_backup[i]; -+ writel(ioc->msix_table_backup[i], &ioc->msix_table[i]); - } - - /** -@@ -1144,7 +1144,7 @@ _base_check_enable_msix(struct MPT2SAS_A - /* get msix table */ - pci_read_config_dword(ioc->pdev, base + 4, &msix_table_offset); - msix_table_offset &= 0xFFFFFFF8; -- ioc->msix_table = (u32 *)((void *)ioc->chip + msix_table_offset); -+ ioc->msix_table = ((void __iomem *)ioc->chip + msix_table_offset); - - dinitprintk(ioc, printk(MPT2SAS_INFO_FMT "msix is supported, " - "vector_count(%d), table_offset(0x%08x), table(%p)\n", ioc->name, ---- a/drivers/scsi/mpt2sas/mpt2sas_base.h -+++ b/drivers/scsi/mpt2sas/mpt2sas_base.h -@@ -779,7 +779,7 @@ struct MPT2SAS_ADAPTER { - - u8 msix_enable; - u16 msix_vector_count; -- u32 *msix_table; -+ u32 __iomem *msix_table; - u32 *msix_table_backup; - u32 ioc_reset_count; - diff --git a/queue-3.1/mpt2sas-fix-non-x86-crash-on-shutdown.patch b/queue-3.1/mpt2sas-fix-non-x86-crash-on-shutdown.patch new file mode 100644 index 00000000000..0051d5b04ca --- /dev/null +++ b/queue-3.1/mpt2sas-fix-non-x86-crash-on-shutdown.patch @@ -0,0 +1,158 @@ +From James.Bottomley@HansenPartnership.com Thu Jan 5 10:58:15 2012 +From: James Bottomley +Date: Wed, 04 Jan 2012 09:25:13 -0600 +Subject: mpt2sas: fix non-x86 crash on shutdown +To: "Nandigama, Nagalakshmi" , "stable@vger.kernel.org" +Cc: Greg KH , "linux-kernel@vger.kernel.org" , "torvalds@linux-foundation.org" , "akpm@linux-foundation.org" , "alan@lxorguk.ukuu.org.uk" , "linux-scsi@vger.kernel.org" , "David S. Miller" , "Moore, Eric" +Message-ID: <1325690713.2758.13.camel@dabdike.int.hansenpartnership.com> + + +From: Nagalakshmi Nandigama + +Upstrem commit: 911ae9434f83e7355d343f6c2be3ef5b00ea7aed + +There's a bug in the MSIX backup and restore routines that cause a crash on +non-x86 (direct access to PCI space not via read/write). These routines are +unnecessary and were removed by the above commit, so also remove them from +stable to fix the crash. + +Signed-off-by: Nagalakshmi Nandigama +Signed-off-by: James Bottomley +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/mpt2sas/mpt2sas_base.c | 59 +----------------------------------- + drivers/scsi/mpt2sas/mpt2sas_base.h | 4 -- + 2 files changed, 2 insertions(+), 61 deletions(-) + +--- a/drivers/scsi/mpt2sas/mpt2sas_base.c ++++ b/drivers/scsi/mpt2sas/mpt2sas_base.c +@@ -1082,41 +1082,6 @@ _base_config_dma_addressing(struct MPT2S + } + + /** +- * _base_save_msix_table - backup msix vector table +- * @ioc: per adapter object +- * +- * This address an errata where diag reset clears out the table +- */ +-static void +-_base_save_msix_table(struct MPT2SAS_ADAPTER *ioc) +-{ +- int i; +- +- if (!ioc->msix_enable || ioc->msix_table_backup == NULL) +- return; +- +- for (i = 0; i < ioc->msix_vector_count; i++) +- ioc->msix_table_backup[i] = ioc->msix_table[i]; +-} +- +-/** +- * _base_restore_msix_table - this restores the msix vector table +- * @ioc: per adapter object +- * +- */ +-static void +-_base_restore_msix_table(struct MPT2SAS_ADAPTER *ioc) +-{ +- int i; +- +- if (!ioc->msix_enable || ioc->msix_table_backup == NULL) +- return; +- +- for (i = 0; i < ioc->msix_vector_count; i++) +- ioc->msix_table[i] = ioc->msix_table_backup[i]; +-} +- +-/** + * _base_check_enable_msix - checks MSIX capabable. + * @ioc: per adapter object + * +@@ -1128,7 +1093,7 @@ _base_check_enable_msix(struct MPT2SAS_A + { + int base; + u16 message_control; +- u32 msix_table_offset; ++ + + base = pci_find_capability(ioc->pdev, PCI_CAP_ID_MSIX); + if (!base) { +@@ -1141,14 +1106,8 @@ _base_check_enable_msix(struct MPT2SAS_A + pci_read_config_word(ioc->pdev, base + 2, &message_control); + ioc->msix_vector_count = (message_control & 0x3FF) + 1; + +- /* get msix table */ +- pci_read_config_dword(ioc->pdev, base + 4, &msix_table_offset); +- msix_table_offset &= 0xFFFFFFF8; +- ioc->msix_table = (u32 *)((void *)ioc->chip + msix_table_offset); +- + dinitprintk(ioc, printk(MPT2SAS_INFO_FMT "msix is supported, " +- "vector_count(%d), table_offset(0x%08x), table(%p)\n", ioc->name, +- ioc->msix_vector_count, msix_table_offset, ioc->msix_table)); ++ "vector_count(%d)\n", ioc->name, ioc->msix_vector_count)); + return 0; + } + +@@ -1162,8 +1121,6 @@ _base_disable_msix(struct MPT2SAS_ADAPTE + { + if (ioc->msix_enable) { + pci_disable_msix(ioc->pdev); +- kfree(ioc->msix_table_backup); +- ioc->msix_table_backup = NULL; + ioc->msix_enable = 0; + } + } +@@ -1189,14 +1146,6 @@ _base_enable_msix(struct MPT2SAS_ADAPTER + if (_base_check_enable_msix(ioc) != 0) + goto try_ioapic; + +- ioc->msix_table_backup = kcalloc(ioc->msix_vector_count, +- sizeof(u32), GFP_KERNEL); +- if (!ioc->msix_table_backup) { +- dfailprintk(ioc, printk(MPT2SAS_INFO_FMT "allocation for " +- "msix_table_backup failed!!!\n", ioc->name)); +- goto try_ioapic; +- } +- + memset(&entries, 0, sizeof(struct msix_entry)); + r = pci_enable_msix(ioc->pdev, &entries, 1); + if (r) { +@@ -3513,9 +3462,6 @@ _base_diag_reset(struct MPT2SAS_ADAPTER + u32 hcb_size; + + printk(MPT2SAS_INFO_FMT "sending diag reset !!\n", ioc->name); +- +- _base_save_msix_table(ioc); +- + drsprintk(ioc, printk(MPT2SAS_INFO_FMT "clear interrupts\n", + ioc->name)); + +@@ -3611,7 +3557,6 @@ _base_diag_reset(struct MPT2SAS_ADAPTER + goto out; + } + +- _base_restore_msix_table(ioc); + printk(MPT2SAS_INFO_FMT "diag reset: SUCCESS\n", ioc->name); + return 0; + +--- a/drivers/scsi/mpt2sas/mpt2sas_base.h ++++ b/drivers/scsi/mpt2sas/mpt2sas_base.h +@@ -636,8 +636,6 @@ enum mutex_type { + * @wait_for_port_enable_to_complete: + * @msix_enable: flag indicating msix is enabled + * @msix_vector_count: number msix vectors +- * @msix_table: virt address to the msix table +- * @msix_table_backup: backup msix table + * @scsi_io_cb_idx: shost generated commands + * @tm_cb_idx: task management commands + * @scsih_cb_idx: scsih internal commands +@@ -779,8 +777,6 @@ struct MPT2SAS_ADAPTER { + + u8 msix_enable; + u16 msix_vector_count; +- u32 *msix_table; +- u32 *msix_table_backup; + u32 ioc_reset_count; + + /* internal commands, callback index */ diff --git a/queue-3.1/ptrace-ensure-jobctl_stop_sigmask-is-not-zero-after-detach.patch b/queue-3.1/ptrace-ensure-jobctl_stop_sigmask-is-not-zero-after-detach.patch new file mode 100644 index 00000000000..aa283c40e08 --- /dev/null +++ b/queue-3.1/ptrace-ensure-jobctl_stop_sigmask-is-not-zero-after-detach.patch @@ -0,0 +1,75 @@ +From 8a88951b5878dc475dcd841cefc767e36397d14e Mon Sep 17 00:00:00 2001 +From: Oleg Nesterov +Date: Wed, 4 Jan 2012 17:29:20 +0100 +Subject: ptrace: ensure JOBCTL_STOP_SIGMASK is not zero after detach + +From: Oleg Nesterov + +commit 8a88951b5878dc475dcd841cefc767e36397d14e upstream. + +This is the temporary simple fix for 3.2, we need more changes in this +area. + +1. do_signal_stop() assumes that the running untraced thread in the + stopped thread group is not possible. This was our goal but it is + not yet achieved: a stopped-but-resumed tracee can clone the running + thread which can initiate another group-stop. + + Remove WARN_ON_ONCE(!current->ptrace). + +2. A new thread always starts with ->jobctl = 0. If it is auto-attached + and this group is stopped, __ptrace_unlink() sets JOBCTL_STOP_PENDING + but JOBCTL_STOP_SIGMASK part is zero, this triggers WANR_ON(!signr) + in do_jobctl_trap() if another debugger attaches. + + Change __ptrace_unlink() to set the artificial SIGSTOP for report. + + Alternatively we could change ptrace_init_task() to copy signr from + current, but this means we can copy it for no reason and hide the + possible similar problems. + +Acked-by: Tejun Heo +Signed-off-by: Oleg Nesterov +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/ptrace.c | 13 ++++++++++++- + kernel/signal.c | 2 -- + 2 files changed, 12 insertions(+), 3 deletions(-) + +--- a/kernel/ptrace.c ++++ b/kernel/ptrace.c +@@ -96,9 +96,20 @@ void __ptrace_unlink(struct task_struct + */ + if (!(child->flags & PF_EXITING) && + (child->signal->flags & SIGNAL_STOP_STOPPED || +- child->signal->group_stop_count)) ++ child->signal->group_stop_count)) { + child->jobctl |= JOBCTL_STOP_PENDING; + ++ /* ++ * This is only possible if this thread was cloned by the ++ * traced task running in the stopped group, set the signal ++ * for the future reports. ++ * FIXME: we should change ptrace_init_task() to handle this ++ * case. ++ */ ++ if (!(child->jobctl & JOBCTL_STOP_SIGMASK)) ++ child->jobctl |= SIGSTOP; ++ } ++ + /* + * If transition to TASK_STOPPED is pending or in TASK_TRACED, kick + * @child in the butt. Note that @resume should be used iff @child +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -1986,8 +1986,6 @@ static bool do_signal_stop(int signr) + */ + if (!(sig->flags & SIGNAL_STOP_STOPPED)) + sig->group_exit_code = signr; +- else +- WARN_ON_ONCE(!current->ptrace); + + sig->group_stop_count = 0; + diff --git a/queue-3.1/ptrace-partially-fix-the-do_wait-wexited-vs-exit_dead-exit_zombie-race.patch b/queue-3.1/ptrace-partially-fix-the-do_wait-wexited-vs-exit_dead-exit_zombie-race.patch new file mode 100644 index 00000000000..e609549d84d --- /dev/null +++ b/queue-3.1/ptrace-partially-fix-the-do_wait-wexited-vs-exit_dead-exit_zombie-race.patch @@ -0,0 +1,90 @@ +From 50b8d257486a45cba7b65ca978986ed216bbcc10 Mon Sep 17 00:00:00 2001 +From: Oleg Nesterov +Date: Wed, 4 Jan 2012 17:29:02 +0100 +Subject: ptrace: partially fix the do_wait(WEXITED) vs EXIT_DEAD->EXIT_ZOMBIE race + +From: Oleg Nesterov + +commit 50b8d257486a45cba7b65ca978986ed216bbcc10 upstream. + +Test-case: + + int main(void) + { + int pid, status; + + pid = fork(); + if (!pid) { + for (;;) { + if (!fork()) + return 0; + if (waitpid(-1, &status, 0) < 0) { + printf("ERR!! wait: %m\n"); + return 0; + } + } + } + + assert(ptrace(PTRACE_ATTACH, pid, 0,0) == 0); + assert(waitpid(-1, NULL, 0) == pid); + + assert(ptrace(PTRACE_SETOPTIONS, pid, 0, + PTRACE_O_TRACEFORK) == 0); + + do { + ptrace(PTRACE_CONT, pid, 0, 0); + pid = waitpid(-1, NULL, 0); + } while (pid > 0); + + return 1; + } + +It fails because ->real_parent sees its child in EXIT_DEAD state +while the tracer is going to change the state back to EXIT_ZOMBIE +in wait_task_zombie(). + +The offending commit is 823b018e which moved the EXIT_DEAD check, +but in fact we should not blame it. The original code was not +correct as well because it didn't take ptrace_reparented() into +account and because we can't really trust ->ptrace. + +This patch adds the additional check to close this particular +race but it doesn't solve the whole problem. We simply can't +rely on ->ptrace in this case, it can be cleared if the tracer +is multithreaded by the exiting ->parent. + +I think we should kill EXIT_DEAD altogether, we should always +remove the soon-to-be-reaped child from ->children or at least +we should never do the DEAD->ZOMBIE transition. But this is too +complex for 3.2. + +Reported-and-tested-by: Denys Vlasenko +Tested-by: Lukasz Michalik +Acked-by: Tejun Heo +Signed-off-by: Oleg Nesterov +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/exit.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/kernel/exit.c ++++ b/kernel/exit.c +@@ -1542,8 +1542,15 @@ static int wait_consider_task(struct wai + } + + /* dead body doesn't have much to contribute */ +- if (p->exit_state == EXIT_DEAD) ++ if (unlikely(p->exit_state == EXIT_DEAD)) { ++ /* ++ * But do not ignore this task until the tracer does ++ * wait_task_zombie()->do_notify_parent(). ++ */ ++ if (likely(!ptrace) && unlikely(ptrace_reparented(p))) ++ wo->notask_error = 0; + return 0; ++ } + + /* slay zombie? */ + if (p->exit_state == EXIT_ZOMBIE) { diff --git a/queue-3.1/revert-rtc-disable-the-alarm-in-the-hardware.patch b/queue-3.1/revert-rtc-disable-the-alarm-in-the-hardware.patch new file mode 100644 index 00000000000..f4a4c8e4c2f --- /dev/null +++ b/queue-3.1/revert-rtc-disable-the-alarm-in-the-hardware.patch @@ -0,0 +1,119 @@ +From 157e8bf8b4823bfcdefa6c1548002374b61f61df Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Tue, 3 Jan 2012 17:32:13 -0800 +Subject: Revert "rtc: Disable the alarm in the hardware" + +From: Linus Torvalds + +commit 157e8bf8b4823bfcdefa6c1548002374b61f61df upstream. + +This reverts commit c0afabd3d553c521e003779c127143ffde55a16f. + +It causes failures on Toshiba laptops - instead of disabling the alarm, +it actually seems to enable it on the affected laptops, resulting in +(for example) the laptop powering on automatically five minutes after +shutdown. + +There's a patch for it that appears to work for at least some people, +but it's too late to play around with this, so revert for now and try +again in the next merge window. + +See for example + + http://bugs.debian.org/652869 + +Reported-and-bisected-by: Andreas Friedrich (Toshiba Tecra) +Reported-by: Antonio-M. Corbi Bellot (Toshiba Portege R500) +Reported-by: Marco Santos (Toshiba Portege Z830) +Reported-by: Christophe Vu-Brugier (Toshiba Portege R830) +Cc: Jonathan Nieder +Requested-by: John Stultz +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/rtc/interface.c | 44 ++++++++++---------------------------------- + 1 file changed, 10 insertions(+), 34 deletions(-) + +--- a/drivers/rtc/interface.c ++++ b/drivers/rtc/interface.c +@@ -318,20 +318,6 @@ int rtc_read_alarm(struct rtc_device *rt + } + EXPORT_SYMBOL_GPL(rtc_read_alarm); + +-static int ___rtc_set_alarm(struct rtc_device *rtc, struct rtc_wkalrm *alarm) +-{ +- int err; +- +- if (!rtc->ops) +- err = -ENODEV; +- else if (!rtc->ops->set_alarm) +- err = -EINVAL; +- else +- err = rtc->ops->set_alarm(rtc->dev.parent, alarm); +- +- return err; +-} +- + static int __rtc_set_alarm(struct rtc_device *rtc, struct rtc_wkalrm *alarm) + { + struct rtc_time tm; +@@ -355,7 +341,14 @@ static int __rtc_set_alarm(struct rtc_de + * over right here, before we set the alarm. + */ + +- return ___rtc_set_alarm(rtc, alarm); ++ if (!rtc->ops) ++ err = -ENODEV; ++ else if (!rtc->ops->set_alarm) ++ err = -EINVAL; ++ else ++ err = rtc->ops->set_alarm(rtc->dev.parent, alarm); ++ ++ return err; + } + + int rtc_set_alarm(struct rtc_device *rtc, struct rtc_wkalrm *alarm) +@@ -769,20 +762,6 @@ static int rtc_timer_enqueue(struct rtc_ + return 0; + } + +-static void rtc_alarm_disable(struct rtc_device *rtc) +-{ +- struct rtc_wkalrm alarm; +- struct rtc_time tm; +- +- __rtc_read_time(rtc, &tm); +- +- alarm.time = rtc_ktime_to_tm(ktime_add(rtc_tm_to_ktime(tm), +- ktime_set(300, 0))); +- alarm.enabled = 0; +- +- ___rtc_set_alarm(rtc, &alarm); +-} +- + /** + * rtc_timer_remove - Removes a rtc_timer from the rtc_device timerqueue + * @rtc rtc device +@@ -804,10 +783,8 @@ static void rtc_timer_remove(struct rtc_ + struct rtc_wkalrm alarm; + int err; + next = timerqueue_getnext(&rtc->timerqueue); +- if (!next) { +- rtc_alarm_disable(rtc); ++ if (!next) + return; +- } + alarm.time = rtc_ktime_to_tm(next->expires); + alarm.enabled = 1; + err = __rtc_set_alarm(rtc, &alarm); +@@ -869,8 +846,7 @@ again: + err = __rtc_set_alarm(rtc, &alarm); + if (err == -ETIME) + goto again; +- } else +- rtc_alarm_disable(rtc); ++ } + + mutex_unlock(&rtc->ops_lock); + } diff --git a/queue-3.1/series b/queue-3.1/series index cfd742243b1..4ef50500782 100644 --- a/queue-3.1/series +++ b/queue-3.1/series @@ -46,7 +46,7 @@ watchdog-hpwdt-changes-to-handle-nx-secure-bit-in-32bit-path.patch drm-radeon-kms-bail-on-btc-parts-if-mc-ucode-is-missing.patch mm-hugetlb-fix-non-atomic-enqueue-of-huge-page.patch mm-mempolicy.c-refix-mbind_range-vma-issue.patch -mpt2sas-crashes-on-shutdown.patch +mpt2sas-fix-non-x86-crash-on-shutdown.patch sparc64-fix-msiq-hv-call-ordering-in-pci_sun4v_msiq_build_irq.patch sparc32-be-less-strict-in-matching-lo-part-of-relocation.patch sparc64-patch-sun4v-code-sequences-properly-on-module-load.patch @@ -72,3 +72,9 @@ ipv4-reintroduce-route-cache-garbage-collector.patch ipv4-using-prefetch-requires-including-prefetch.h.patch iwlwifi-update-scd-bc-table-for-all-scd-queues.patch mfd-turn-on-the-twl4030-madc-madc-clock.patch +drm-radeon-kms-atom-fix-possible-segfault-in-pm-setup.patch +hung_task-fix-false-positive-during-vfork.patch +revert-rtc-disable-the-alarm-in-the-hardware.patch +ptrace-partially-fix-the-do_wait-wexited-vs-exit_dead-exit_zombie-race.patch +ptrace-ensure-jobctl_stop_sigmask-is-not-zero-after-detach.patch +ath9k-fix-kernel-panic-in-ar2427-in-ap-mode.patch