From 87a8b50e14beab7162c1459bb02653c6101ce6fc Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 15 Feb 2011 10:46:51 -0800 Subject: [PATCH] .37 patches --- ...ight-fix-88pm860x_bl-macro-collision.patch | 45 ++++ ...gister_driver-on-unregistered-driver.patch | 58 ++++++ ...cifs-fix-oplock-break-handling-try-2.patch | 138 ++++++++++++ ...g-share-level-security-mounts-repost.patch | 44 ++++ ...ate-more-than-bio_max_pages-in-a-bio.patch | 65 ++++++ ...function-called-from-invalid-context.patch | 70 +++++++ ...-fix-smp_call_function_many-smp-race.patch | 197 ++++++++++++++++++ ...plug-one-more-lock-on-memory-hotplug.patch | 81 +++++++ ...apaccount-kernel-parameter-correctly.patch | 56 +++++ .../nbd-remove-module-level-ioctl-mutex.patch | 75 +++++++ ...ine-wrapping-handling-pdc_iodc_print.patch | 74 +++++++ ...ontext-fix-the-per-cpu-counter-check.patch | 44 ++++ .../perf-fix-alloc_callchain_buffers.patch | 41 ++++ ...lidate-cpu-early-in-perf_event_alloc.patch | 65 ++++++ queue-2.6.37/series | 17 ++ ...cia-fix-parsing-of-invariants-tuples.patch | 35 ++++ ...nge-watchdog-state-on-read-of-sysctl.patch | 41 ++++ .../watchdog-fix-sysctl-consistency.patch | 57 +++++ 18 files changed, 1203 insertions(+) create mode 100644 queue-2.6.37/backlight-fix-88pm860x_bl-macro-collision.patch create mode 100644 queue-2.6.37/char-ipmi-fix-oops-caused-by-pnp_unregister_driver-on-unregistered-driver.patch create mode 100644 queue-2.6.37/cifs-fix-oplock-break-handling-try-2.patch create mode 100644 queue-2.6.37/cifs-fix-regression-during-share-level-security-mounts-repost.patch create mode 100644 queue-2.6.37/fs-direct-io.c-don-t-try-to-allocate-more-than-bio_max_pages-in-a-bio.patch create mode 100644 queue-2.6.37/hostap_cs-fix-sleeping-function-called-from-invalid-context.patch create mode 100644 queue-2.6.37/kernel-smp.c-fix-smp_call_function_many-smp-race.patch create mode 100644 queue-2.6.37/memory-hotplug-one-more-lock-on-memory-hotplug.patch create mode 100644 queue-2.6.37/memsw-handle-swapaccount-kernel-parameter-correctly.patch create mode 100644 queue-2.6.37/nbd-remove-module-level-ioctl-mutex.patch create mode 100644 queue-2.6.37/parisc-remove-broken-line-wrapping-handling-pdc_iodc_print.patch create mode 100644 queue-2.6.37/perf-find_get_context-fix-the-per-cpu-counter-check.patch create mode 100644 queue-2.6.37/perf-fix-alloc_callchain_buffers.patch create mode 100644 queue-2.6.37/perf-validate-cpu-early-in-perf_event_alloc.patch create mode 100644 queue-2.6.37/ssb-pcmcia-fix-parsing-of-invariants-tuples.patch create mode 100644 queue-2.6.37/watchdog-don-t-change-watchdog-state-on-read-of-sysctl.patch create mode 100644 queue-2.6.37/watchdog-fix-sysctl-consistency.patch diff --git a/queue-2.6.37/backlight-fix-88pm860x_bl-macro-collision.patch b/queue-2.6.37/backlight-fix-88pm860x_bl-macro-collision.patch new file mode 100644 index 00000000000..fc63b861fa8 --- /dev/null +++ b/queue-2.6.37/backlight-fix-88pm860x_bl-macro-collision.patch @@ -0,0 +1,45 @@ +From 2550326ac7a062fdfc204f9a3b98bdb9179638fc Mon Sep 17 00:00:00 2001 +From: Randy Dunlap +Date: Thu, 20 Jan 2011 14:44:31 -0800 +Subject: backlight: fix 88pm860x_bl macro collision + +From: Randy Dunlap + +commit 2550326ac7a062fdfc204f9a3b98bdb9179638fc upstream. + +Fix collision with kernel-supplied #define: + + drivers/video/backlight/88pm860x_bl.c:24:1: warning: "CURRENT_MASK" redefined + arch/x86/include/asm/page_64_types.h:6:1: warning: this is the location of the previous definition + +Signed-off-by: Randy Dunlap +Cc: Haojian Zhuang +Cc: Richard Purdie +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/video/backlight/88pm860x_bl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/video/backlight/88pm860x_bl.c ++++ b/drivers/video/backlight/88pm860x_bl.c +@@ -21,7 +21,7 @@ + #define MAX_BRIGHTNESS (0xFF) + #define MIN_BRIGHTNESS (0) + +-#define CURRENT_MASK (0x1F << 1) ++#define CURRENT_BITMASK (0x1F << 1) + + struct pm860x_backlight_data { + struct pm860x_chip *chip; +@@ -85,7 +85,7 @@ static int pm860x_backlight_set(struct b + if ((data->current_brightness == 0) && brightness) { + if (data->iset) { + ret = pm860x_set_bits(data->i2c, wled_idc(data->port), +- CURRENT_MASK, data->iset); ++ CURRENT_BITMASK, data->iset); + if (ret < 0) + goto out; + } diff --git a/queue-2.6.37/char-ipmi-fix-oops-caused-by-pnp_unregister_driver-on-unregistered-driver.patch b/queue-2.6.37/char-ipmi-fix-oops-caused-by-pnp_unregister_driver-on-unregistered-driver.patch new file mode 100644 index 00000000000..352ee771046 --- /dev/null +++ b/queue-2.6.37/char-ipmi-fix-oops-caused-by-pnp_unregister_driver-on-unregistered-driver.patch @@ -0,0 +1,58 @@ +From d2478521afc20227658a10a8c5c2bf1a2aa615b3 Mon Sep 17 00:00:00 2001 +From: Corey Minyard +Date: Thu, 10 Feb 2011 16:08:38 -0600 +Subject: char/ipmi: fix OOPS caused by pnp_unregister_driver on unregistered driver + +From: Corey Minyard + +commit d2478521afc20227658a10a8c5c2bf1a2aa615b3 upstream. + +This patch fixes an OOPS triggered when calling modprobe ipmi_si a +second time after the first modprobe returned without finding any ipmi +devices. This can happen if you reload the module after having the +first module load fail. The driver was not deregistering from PNP in +that case. + +Peter Huewe originally reported this patch and supplied a fix, I have a +different patch based on Linus' suggestion that cleans things up a bit +more. + +Cc: openipmi-developer@lists.sourceforge.net +Reviewed-by: Peter Huewe +Cc: Randy Dunlap +Signed-off-by: Corey Minyard +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/ipmi/ipmi_si_intf.c | 12 ++---------- + 1 file changed, 2 insertions(+), 10 deletions(-) + +--- a/drivers/char/ipmi/ipmi_si_intf.c ++++ b/drivers/char/ipmi/ipmi_si_intf.c +@@ -320,6 +320,7 @@ static int unload_when_empty = 1; + static int add_smi(struct smi_info *smi); + static int try_smi_init(struct smi_info *smi); + static void cleanup_one_si(struct smi_info *to_clean); ++static void cleanup_ipmi_si(void); + + static ATOMIC_NOTIFIER_HEAD(xaction_notifier_list); + static int register_xaction_notifier(struct notifier_block *nb) +@@ -3435,16 +3436,7 @@ static int __devinit init_ipmi_si(void) + mutex_lock(&smi_infos_lock); + if (unload_when_empty && list_empty(&smi_infos)) { + mutex_unlock(&smi_infos_lock); +-#ifdef CONFIG_PCI +- if (pci_registered) +- pci_unregister_driver(&ipmi_pci_driver); +-#endif +- +-#ifdef CONFIG_PPC_OF +- if (of_registered) +- of_unregister_platform_driver(&ipmi_of_platform_driver); +-#endif +- driver_unregister(&ipmi_driver.driver); ++ cleanup_ipmi_si(); + printk(KERN_WARNING PFX + "Unable to find any System Interface(s)\n"); + return -ENODEV; diff --git a/queue-2.6.37/cifs-fix-oplock-break-handling-try-2.patch b/queue-2.6.37/cifs-fix-oplock-break-handling-try-2.patch new file mode 100644 index 00000000000..97e9914e36e --- /dev/null +++ b/queue-2.6.37/cifs-fix-oplock-break-handling-try-2.patch @@ -0,0 +1,138 @@ +From 12fed00de963433128b5366a21a55808fab2f756 Mon Sep 17 00:00:00 2001 +From: Pavel Shilovsky +Date: Mon, 17 Jan 2011 20:15:44 +0300 +Subject: CIFS: Fix oplock break handling (try #2) + +From: Pavel Shilovsky + +commit 12fed00de963433128b5366a21a55808fab2f756 upstream. + +When we get oplock break notification we should set the appropriate +value of OplockLevel field in oplock break acknowledge according to +the oplock level held by the client in this time. As we only can have +level II oplock or no oplock in the case of oplock break, we should be +aware only about clientCanCacheRead field in cifsInodeInfo structure. + +Also fix bug connected with wrong interpretation of OplockLevel field +during oplock break notification processing. + +Signed-off-by: Pavel Shilovsky +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/cifsproto.h | 2 +- + fs/cifs/cifssmb.c | 4 +++- + fs/cifs/file.c | 21 +++++++++++---------- + fs/cifs/misc.c | 2 +- + 4 files changed, 16 insertions(+), 13 deletions(-) + +--- a/fs/cifs/cifsproto.h ++++ b/fs/cifs/cifsproto.h +@@ -347,7 +347,7 @@ extern int CIFSSMBLock(const int xid, st + const __u16 netfid, const __u64 len, + const __u64 offset, const __u32 numUnlock, + const __u32 numLock, const __u8 lockType, +- const bool waitFlag); ++ const bool waitFlag, const __u8 oplock_level); + extern int CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon, + const __u16 smb_file_id, const int get_flag, + const __u64 len, struct file_lock *, +--- a/fs/cifs/cifssmb.c ++++ b/fs/cifs/cifssmb.c +@@ -1666,7 +1666,8 @@ int + CIFSSMBLock(const int xid, struct cifsTconInfo *tcon, + const __u16 smb_file_id, const __u64 len, + const __u64 offset, const __u32 numUnlock, +- const __u32 numLock, const __u8 lockType, const bool waitFlag) ++ const __u32 numLock, const __u8 lockType, ++ const bool waitFlag, const __u8 oplock_level) + { + int rc = 0; + LOCK_REQ *pSMB = NULL; +@@ -1694,6 +1695,7 @@ CIFSSMBLock(const int xid, struct cifsTc + pSMB->NumberOfLocks = cpu_to_le16(numLock); + pSMB->NumberOfUnlocks = cpu_to_le16(numUnlock); + pSMB->LockType = lockType; ++ pSMB->OplockLevel = oplock_level; + pSMB->AndXCommand = 0xFF; /* none */ + pSMB->Fid = smb_file_id; /* netfid stays le */ + +--- a/fs/cifs/file.c ++++ b/fs/cifs/file.c +@@ -779,12 +779,12 @@ int cifs_lock(struct file *file, int cmd + + /* BB we could chain these into one lock request BB */ + rc = CIFSSMBLock(xid, tcon, netfid, length, pfLock->fl_start, +- 0, 1, lockType, 0 /* wait flag */ ); ++ 0, 1, lockType, 0 /* wait flag */, 0); + if (rc == 0) { + rc = CIFSSMBLock(xid, tcon, netfid, length, + pfLock->fl_start, 1 /* numUnlock */ , + 0 /* numLock */ , lockType, +- 0 /* wait flag */ ); ++ 0 /* wait flag */, 0); + pfLock->fl_type = F_UNLCK; + if (rc != 0) + cERROR(1, "Error unlocking previously locked " +@@ -801,13 +801,13 @@ int cifs_lock(struct file *file, int cmd + rc = CIFSSMBLock(xid, tcon, netfid, length, + pfLock->fl_start, 0, 1, + lockType | LOCKING_ANDX_SHARED_LOCK, +- 0 /* wait flag */); ++ 0 /* wait flag */, 0); + if (rc == 0) { + rc = CIFSSMBLock(xid, tcon, netfid, + length, pfLock->fl_start, 1, 0, + lockType | + LOCKING_ANDX_SHARED_LOCK, +- 0 /* wait flag */); ++ 0 /* wait flag */, 0); + pfLock->fl_type = F_RDLCK; + if (rc != 0) + cERROR(1, "Error unlocking " +@@ -850,8 +850,8 @@ int cifs_lock(struct file *file, int cmd + + if (numLock) { + rc = CIFSSMBLock(xid, tcon, netfid, length, +- pfLock->fl_start, +- 0, numLock, lockType, wait_flag); ++ pfLock->fl_start, 0, numLock, lockType, ++ wait_flag, 0); + + if (rc == 0) { + /* For Windows locks we must store them. */ +@@ -871,9 +871,9 @@ int cifs_lock(struct file *file, int cmd + (pfLock->fl_start + length) >= + (li->offset + li->length)) { + stored_rc = CIFSSMBLock(xid, tcon, +- netfid, +- li->length, li->offset, +- 1, 0, li->type, false); ++ netfid, li->length, ++ li->offset, 1, 0, ++ li->type, false, 0); + if (stored_rc) + rc = stored_rc; + else { +@@ -2245,7 +2245,8 @@ void cifs_oplock_break(struct work_struc + */ + if (!cfile->oplock_break_cancelled) { + rc = CIFSSMBLock(0, tlink_tcon(cfile->tlink), cfile->netfid, 0, +- 0, 0, 0, LOCKING_ANDX_OPLOCK_RELEASE, false); ++ 0, 0, 0, LOCKING_ANDX_OPLOCK_RELEASE, false, ++ cinode->clientCanCacheRead ? 1 : 0); + cFYI(1, "Oplock release rc = %d", rc); + } + +--- a/fs/cifs/misc.c ++++ b/fs/cifs/misc.c +@@ -571,7 +571,7 @@ is_valid_oplock_break(struct smb_hdr *bu + pCifsInode = CIFS_I(netfile->dentry->d_inode); + + cifs_set_oplock_level(pCifsInode, +- pSMB->OplockLevel); ++ pSMB->OplockLevel ? OPLOCK_READ : 0); + /* + * cifs_oplock_break_put() can't be called + * from here. Get reference after queueing diff --git a/queue-2.6.37/cifs-fix-regression-during-share-level-security-mounts-repost.patch b/queue-2.6.37/cifs-fix-regression-during-share-level-security-mounts-repost.patch new file mode 100644 index 00000000000..6bed825075a --- /dev/null +++ b/queue-2.6.37/cifs-fix-regression-during-share-level-security-mounts-repost.patch @@ -0,0 +1,44 @@ +From 540b2e377797d8715469d408b887baa9310c5f3e Mon Sep 17 00:00:00 2001 +From: Shirish Pargaonkar +Date: Tue, 18 Jan 2011 22:33:54 -0600 +Subject: cifs: Fix regression during share-level security mounts (Repost) + +From: Shirish Pargaonkar + +commit 540b2e377797d8715469d408b887baa9310c5f3e upstream. + +NTLM response length was changed to 16 bytes instead of 24 bytes +that are sent in Tree Connection Request during share-level security +share mounts. Revert it back to 24 bytes. + +Reported-and-Tested-by: Grzegorz Ozanski +Acked-by: Jeff Layton +Signed-off-by: Shirish Pargaonkar +Acked-by: Suresh Jayaraman +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/connect.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/cifs/connect.c ++++ b/fs/cifs/connect.c +@@ -2999,7 +2999,7 @@ CIFSTCon(unsigned int xid, struct cifsSe + bcc_ptr++; /* skip password */ + /* already aligned so no need to do it below */ + } else { +- pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE); ++ pSMB->PasswordLength = cpu_to_le16(CIFS_AUTH_RESP_SIZE); + /* BB FIXME add code to fail this if NTLMv2 or Kerberos + specified as required (when that support is added to + the vfs in the future) as only NTLM or the much +@@ -3017,7 +3017,7 @@ CIFSTCon(unsigned int xid, struct cifsSe + #endif /* CIFS_WEAK_PW_HASH */ + SMBNTencrypt(tcon->password, ses->server->cryptkey, bcc_ptr); + +- bcc_ptr += CIFS_SESS_KEY_SIZE; ++ bcc_ptr += CIFS_AUTH_RESP_SIZE; + if (ses->capabilities & CAP_UNICODE) { + /* must align unicode strings */ + *bcc_ptr = 0; /* null byte password */ diff --git a/queue-2.6.37/fs-direct-io.c-don-t-try-to-allocate-more-than-bio_max_pages-in-a-bio.patch b/queue-2.6.37/fs-direct-io.c-don-t-try-to-allocate-more-than-bio_max_pages-in-a-bio.patch new file mode 100644 index 00000000000..342edd349a3 --- /dev/null +++ b/queue-2.6.37/fs-direct-io.c-don-t-try-to-allocate-more-than-bio_max_pages-in-a-bio.patch @@ -0,0 +1,65 @@ +From 20d9600cb407b0b55fef6ee814b60345c6f58264 Mon Sep 17 00:00:00 2001 +From: David Dillow +Date: Thu, 20 Jan 2011 14:44:22 -0800 +Subject: fs/direct-io.c: don't try to allocate more than BIO_MAX_PAGES in a bio + +From: David Dillow + +commit 20d9600cb407b0b55fef6ee814b60345c6f58264 upstream. + +When using devices that support max_segments > BIO_MAX_PAGES (256), direct +IO tries to allocate a bio with more pages than allowed, which leads to an +oops in dio_bio_alloc(). Clamp the request to the supported maximum, and +change dio_bio_alloc() to reflect that bio_alloc() will always return a +bio when called with __GFP_WAIT and a valid number of vectors. + +[akpm@linux-foundation.org: remove redundant BUG_ON()] +Signed-off-by: David Dillow +Reviewed-by: Jeff Moyer +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/direct-io.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +--- a/fs/direct-io.c ++++ b/fs/direct-io.c +@@ -325,12 +325,16 @@ void dio_end_io(struct bio *bio, int err + } + EXPORT_SYMBOL_GPL(dio_end_io); + +-static int ++static void + dio_bio_alloc(struct dio *dio, struct block_device *bdev, + sector_t first_sector, int nr_vecs) + { + struct bio *bio; + ++ /* ++ * bio_alloc() is guaranteed to return a bio when called with ++ * __GFP_WAIT and we request a valid number of vectors. ++ */ + bio = bio_alloc(GFP_KERNEL, nr_vecs); + + bio->bi_bdev = bdev; +@@ -342,7 +346,6 @@ dio_bio_alloc(struct dio *dio, struct bl + + dio->bio = bio; + dio->logical_offset_in_bio = dio->cur_page_fs_offset; +- return 0; + } + + /* +@@ -583,8 +586,9 @@ static int dio_new_bio(struct dio *dio, + goto out; + sector = start_sector << (dio->blkbits - 9); + nr_pages = min(dio->pages_in_io, bio_get_nr_vecs(dio->map_bh.b_bdev)); ++ nr_pages = min(nr_pages, BIO_MAX_PAGES); + BUG_ON(nr_pages <= 0); +- ret = dio_bio_alloc(dio, dio->map_bh.b_bdev, sector, nr_pages); ++ dio_bio_alloc(dio, dio->map_bh.b_bdev, sector, nr_pages); + dio->boundary = 0; + out: + return ret; diff --git a/queue-2.6.37/hostap_cs-fix-sleeping-function-called-from-invalid-context.patch b/queue-2.6.37/hostap_cs-fix-sleeping-function-called-from-invalid-context.patch new file mode 100644 index 00000000000..fefc6b4e8f8 --- /dev/null +++ b/queue-2.6.37/hostap_cs-fix-sleeping-function-called-from-invalid-context.patch @@ -0,0 +1,70 @@ +From 4e5518ca53be29c1ec3c00089c97bef36bfed515 Mon Sep 17 00:00:00 2001 +From: Stanislaw Gruszka +Date: Mon, 10 Jan 2011 12:56:05 +0100 +Subject: hostap_cs: fix sleeping function called from invalid context + +From: Stanislaw Gruszka + +commit 4e5518ca53be29c1ec3c00089c97bef36bfed515 upstream. + +pcmcia_request_irq() and pcmcia_enable_device() are intended +to be called from process context (first function allocate memory +with GFP_KERNEL, second take a mutex). We can not take spin lock +and call them. + +It's safe to move spin lock after pcmcia_enable_device() as we +still hold off IRQ until dev->base_addr is 0 and driver will +not proceed with interrupts when is not ready. + +Patch resolves: +https://bugzilla.redhat.com/show_bug.cgi?id=643758 + +Reported-and-tested-by: rbugz@biobind.com +Signed-off-by: Stanislaw Gruszka +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/hostap/hostap_cs.c | 15 ++++++--------- + 1 file changed, 6 insertions(+), 9 deletions(-) + +--- a/drivers/net/wireless/hostap/hostap_cs.c ++++ b/drivers/net/wireless/hostap/hostap_cs.c +@@ -518,22 +518,21 @@ static int prism2_config(struct pcmcia_d + hw_priv->link = link; + + /* +- * Make sure the IRQ handler cannot proceed until at least +- * dev->base_addr is initialized. ++ * We enable IRQ here, but IRQ handler will not proceed ++ * until dev->base_addr is set below. This protect us from ++ * receive interrupts when driver is not initialized. + */ +- spin_lock_irqsave(&local->irq_init_lock, flags); +- + ret = pcmcia_request_irq(link, prism2_interrupt); + if (ret) +- goto failed_unlock; ++ goto failed; + + ret = pcmcia_enable_device(link); + if (ret) +- goto failed_unlock; ++ goto failed; + ++ spin_lock_irqsave(&local->irq_init_lock, flags); + dev->irq = link->irq; + dev->base_addr = link->resource[0]->start; +- + spin_unlock_irqrestore(&local->irq_init_lock, flags); + + local->shutdown = 0; +@@ -546,8 +545,6 @@ static int prism2_config(struct pcmcia_d + + return ret; + +- failed_unlock: +- spin_unlock_irqrestore(&local->irq_init_lock, flags); + failed: + kfree(hw_priv); + prism2_release((u_long)link); diff --git a/queue-2.6.37/kernel-smp.c-fix-smp_call_function_many-smp-race.patch b/queue-2.6.37/kernel-smp.c-fix-smp_call_function_many-smp-race.patch new file mode 100644 index 00000000000..4e22152b319 --- /dev/null +++ b/queue-2.6.37/kernel-smp.c-fix-smp_call_function_many-smp-race.patch @@ -0,0 +1,197 @@ +From 6dc19899958e420a931274b94019e267e2396d3e Mon Sep 17 00:00:00 2001 +From: Anton Blanchard +Date: Thu, 20 Jan 2011 14:44:33 -0800 +Subject: kernel/smp.c: fix smp_call_function_many() SMP race + +From: Anton Blanchard + +commit 6dc19899958e420a931274b94019e267e2396d3e upstream. + +I noticed a failure where we hit the following WARN_ON in +generic_smp_call_function_interrupt: + + if (!cpumask_test_and_clear_cpu(cpu, data->cpumask)) + continue; + + data->csd.func(data->csd.info); + + refs = atomic_dec_return(&data->refs); + WARN_ON(refs < 0); <------------------------- + +We atomically tested and cleared our bit in the cpumask, and yet the +number of cpus left (ie refs) was 0. How can this be? + +It turns out commit 54fdade1c3332391948ec43530c02c4794a38172 +("generic-ipi: make struct call_function_data lockless") is at fault. It +removes locking from smp_call_function_many and in doing so creates a +rather complicated race. + +The problem comes about because: + + - The smp_call_function_many interrupt handler walks call_function.queue + without any locking. + - We reuse a percpu data structure in smp_call_function_many. + - We do not wait for any RCU grace period before starting the next + smp_call_function_many. + +Imagine a scenario where CPU A does two smp_call_functions back to back, +and CPU B does an smp_call_function in between. We concentrate on how CPU +C handles the calls: + +CPU A CPU B CPU C CPU D + +smp_call_function + smp_call_function_interrupt + walks + call_function.queue sees + data from CPU A on list + + smp_call_function + + smp_call_function_interrupt + walks + + call_function.queue sees + (stale) CPU A on list + smp_call_function int + clears last ref on A + list_del_rcu, unlock +smp_call_function reuses +percpu *data A + data->cpumask sees and + clears bit in cpumask + might be using old or new fn! + decrements refs below 0 + +set data->refs (too late!) + +The important thing to note is since the interrupt handler walks a +potentially stale call_function.queue without any locking, then another +cpu can view the percpu *data structure at any time, even when the owner +is in the process of initialising it. + +The following test case hits the WARN_ON 100% of the time on my PowerPC +box (having 128 threads does help :) + +#include +#include + +#define ITERATIONS 100 + +static void do_nothing_ipi(void *dummy) +{ +} + +static void do_ipis(struct work_struct *dummy) +{ + int i; + + for (i = 0; i < ITERATIONS; i++) + smp_call_function(do_nothing_ipi, NULL, 1); + + printk(KERN_DEBUG "cpu %d finished\n", smp_processor_id()); +} + +static struct work_struct work[NR_CPUS]; + +static int __init testcase_init(void) +{ + int cpu; + + for_each_online_cpu(cpu) { + INIT_WORK(&work[cpu], do_ipis); + schedule_work_on(cpu, &work[cpu]); + } + + return 0; +} + +static void __exit testcase_exit(void) +{ +} + +module_init(testcase_init) +module_exit(testcase_exit) +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Anton Blanchard"); + +I tried to fix it by ordering the read and the write of ->cpumask and +->refs. In doing so I missed a critical case but Paul McKenney was able +to spot my bug thankfully :) To ensure we arent viewing previous +iterations the interrupt handler needs to read ->refs then ->cpumask then +->refs _again_. + +Thanks to Milton Miller and Paul McKenney for helping to debug this issue. + +[miltonm@bga.com: add WARN_ON and BUG_ON, remove extra read of refs before initial read of mask that doesn't help (also noted by Peter Zijlstra), adjust comments, hopefully clarify scenario ] +[miltonm@bga.com: remove excess tests] +Signed-off-by: Anton Blanchard +Signed-off-by: Milton Miller +Cc: Ingo Molnar +Cc: "Paul E. McKenney" +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/smp.c | 30 ++++++++++++++++++++++++++++++ + 1 file changed, 30 insertions(+) + +--- a/kernel/smp.c ++++ b/kernel/smp.c +@@ -194,6 +194,24 @@ void generic_smp_call_function_interrupt + list_for_each_entry_rcu(data, &call_function.queue, csd.list) { + int refs; + ++ /* ++ * Since we walk the list without any locks, we might ++ * see an entry that was completed, removed from the ++ * list and is in the process of being reused. ++ * ++ * We must check that the cpu is in the cpumask before ++ * checking the refs, and both must be set before ++ * executing the callback on this cpu. ++ */ ++ ++ if (!cpumask_test_cpu(cpu, data->cpumask)) ++ continue; ++ ++ smp_rmb(); ++ ++ if (atomic_read(&data->refs) == 0) ++ continue; ++ + if (!cpumask_test_and_clear_cpu(cpu, data->cpumask)) + continue; + +@@ -202,6 +220,8 @@ void generic_smp_call_function_interrupt + refs = atomic_dec_return(&data->refs); + WARN_ON(refs < 0); + if (!refs) { ++ WARN_ON(!cpumask_empty(data->cpumask)); ++ + raw_spin_lock(&call_function.lock); + list_del_rcu(&data->csd.list); + raw_spin_unlock(&call_function.lock); +@@ -453,11 +473,21 @@ void smp_call_function_many(const struct + + data = &__get_cpu_var(cfd_data); + csd_lock(&data->csd); ++ BUG_ON(atomic_read(&data->refs) || !cpumask_empty(data->cpumask)); + + data->csd.func = func; + data->csd.info = info; + cpumask_and(data->cpumask, mask, cpu_online_mask); + cpumask_clear_cpu(this_cpu, data->cpumask); ++ ++ /* ++ * To ensure the interrupt handler gets an complete view ++ * we order the cpumask and refs writes and order the read ++ * of them in the interrupt handler. In addition we may ++ * only clear our own cpu bit from the mask. ++ */ ++ smp_wmb(); ++ + atomic_set(&data->refs, cpumask_weight(data->cpumask)); + + raw_spin_lock_irqsave(&call_function.lock, flags); diff --git a/queue-2.6.37/memory-hotplug-one-more-lock-on-memory-hotplug.patch b/queue-2.6.37/memory-hotplug-one-more-lock-on-memory-hotplug.patch new file mode 100644 index 00000000000..e9e9e888fed --- /dev/null +++ b/queue-2.6.37/memory-hotplug-one-more-lock-on-memory-hotplug.patch @@ -0,0 +1,81 @@ +From 925268a06dc2b1ff7bfcc37419a6827a0e739639 Mon Sep 17 00:00:00 2001 +From: KAMEZAWA Hiroyuki +Date: Tue, 11 Jan 2011 16:44:01 +0900 +Subject: memory hotplug: one more lock on memory hotplug + +From: KAMEZAWA Hiroyuki + +commit 925268a06dc2b1ff7bfcc37419a6827a0e739639 upstream. + +Now, memory_hotplug_(un)lock() is used for add/remove/offline pages +for avoiding races with hibernation. But this should be held in +online_pages(), too. It seems asymmetric. + +There are cases where one has to avoid a race with memory hotplug +notifier and his own local code, and hotplug v.s. hotplug. +This will add a generic solution for avoiding races. In other view, +having lock here has no big impacts. online pages is tend to be +done by udev script at el against each memory section one by one. + +Then, it's better to have lock here, too. + +Reviewed-by: Christoph Lameter +Acked-by: David Rientjes +Signed-off-by: KAMEZAWA Hiroyuki +Signed-off-by: Pekka Enberg +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/memory_hotplug.h | 6 ++++++ + mm/memory_hotplug.c | 4 ++++ + 2 files changed, 10 insertions(+) + +--- a/include/linux/memory_hotplug.h ++++ b/include/linux/memory_hotplug.h +@@ -161,6 +161,12 @@ extern void register_page_bootmem_info_n + extern void put_page_bootmem(struct page *page); + #endif + ++/* ++ * Lock for memory hotplug guarantees 1) all callbacks for memory hotplug ++ * notifier will be called under this. 2) offline/online/add/remove memory ++ * will not run simultaneously. ++ */ ++ + void lock_memory_hotplug(void); + void unlock_memory_hotplug(void); + +--- a/mm/memory_hotplug.c ++++ b/mm/memory_hotplug.c +@@ -407,6 +407,7 @@ int online_pages(unsigned long pfn, unsi + int ret; + struct memory_notify arg; + ++ lock_memory_hotplug(); + arg.start_pfn = pfn; + arg.nr_pages = nr_pages; + arg.status_change_nid = -1; +@@ -419,6 +420,7 @@ int online_pages(unsigned long pfn, unsi + ret = notifier_to_errno(ret); + if (ret) { + memory_notify(MEM_CANCEL_ONLINE, &arg); ++ unlock_memory_hotplug(); + return ret; + } + /* +@@ -443,6 +445,7 @@ int online_pages(unsigned long pfn, unsi + printk(KERN_DEBUG "online_pages %lx at %lx failed\n", + nr_pages, pfn); + memory_notify(MEM_CANCEL_ONLINE, &arg); ++ unlock_memory_hotplug(); + return ret; + } + +@@ -467,6 +470,7 @@ int online_pages(unsigned long pfn, unsi + + if (onlined_pages) + memory_notify(MEM_ONLINE, &arg); ++ unlock_memory_hotplug(); + + return 0; + } diff --git a/queue-2.6.37/memsw-handle-swapaccount-kernel-parameter-correctly.patch b/queue-2.6.37/memsw-handle-swapaccount-kernel-parameter-correctly.patch new file mode 100644 index 00000000000..005708cbdae --- /dev/null +++ b/queue-2.6.37/memsw-handle-swapaccount-kernel-parameter-correctly.patch @@ -0,0 +1,56 @@ +From fceda1bf498677501befc7da72fd2e4de7f18466 Mon Sep 17 00:00:00 2001 +From: Michal Hocko +Date: Tue, 1 Feb 2011 15:52:30 -0800 +Subject: memsw: handle swapaccount kernel parameter correctly + +From: Michal Hocko + +commit fceda1bf498677501befc7da72fd2e4de7f18466 upstream. + +__setup based kernel command line parameters handlers which are handled in +obsolete_checksetup are provided with the parameter value including = +(more precisely everything right after the parameter name). + +This means that the current implementation of swapaccount[=1|0] doesn't +work at all because if there is a value for the parameter then we are +testing for "0" resp. "1" but we are getting "=0" resp. "=1" and if +there is no parameter value we are getting an empty string rather than +NULL. + +The original noswapccount parameter, which doesn't care about the value, +works correctly. + +Signed-off-by: Michal Hocko +Acked-by: KAMEZAWA Hiroyuki +Cc: Daisuke Nishimura +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/memcontrol.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/mm/memcontrol.c ++++ b/mm/memcontrol.c +@@ -4930,9 +4930,9 @@ struct cgroup_subsys mem_cgroup_subsys = + static int __init enable_swap_account(char *s) + { + /* consider enabled if no parameter or 1 is given */ +- if (!s || !strcmp(s, "1")) ++ if (!(*s) || !strcmp(s, "=1")) + really_do_swap_account = 1; +- else if (!strcmp(s, "0")) ++ else if (!strcmp(s, "=0")) + really_do_swap_account = 0; + return 1; + } +@@ -4940,7 +4940,7 @@ __setup("swapaccount", enable_swap_accou + + static int __init disable_swap_account(char *s) + { +- enable_swap_account("0"); ++ enable_swap_account("=0"); + return 1; + } + __setup("noswapaccount", disable_swap_account); diff --git a/queue-2.6.37/nbd-remove-module-level-ioctl-mutex.patch b/queue-2.6.37/nbd-remove-module-level-ioctl-mutex.patch new file mode 100644 index 00000000000..d9a6619f6da --- /dev/null +++ b/queue-2.6.37/nbd-remove-module-level-ioctl-mutex.patch @@ -0,0 +1,75 @@ +From de1f016f882e52facc3c8609599f827bcdd14af9 Mon Sep 17 00:00:00 2001 +From: Soren Hansen +Date: Thu, 10 Feb 2011 15:01:28 -0800 +Subject: nbd: remove module-level ioctl mutex + +From: Soren Hansen + +commit de1f016f882e52facc3c8609599f827bcdd14af9 upstream. + +Commit 2a48fc0ab242417 ("block: autoconvert trivial BKL users to private +mutex") replaced uses of the BKL in the nbd driver with mutex +operations. Since then, I've been been seeing these lock ups: + + INFO: task qemu-nbd:16115 blocked for more than 120 seconds. + "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. + qemu-nbd D 0000000000000001 0 16115 16114 0x00000004 + ffff88007d775d98 0000000000000082 ffff88007d775fd8 ffff88007d774000 + 0000000000013a80 ffff8800020347e0 ffff88007d775fd8 0000000000013a80 + ffff880133730000 ffff880002034440 ffffea0004333db8 ffffffffa071c020 + Call Trace: + [] __mutex_lock_slowpath+0xf7/0x180 + [] mutex_lock+0x2b/0x50 + [] nbd_ioctl+0x6c/0x1c0 [nbd] + [] blkdev_ioctl+0x230/0x730 + [] block_ioctl+0x41/0x50 + [] do_vfs_ioctl+0x93/0x370 + [] sys_ioctl+0x81/0xa0 + [] system_call_fastpath+0x16/0x1b + +Instrumenting the nbd module's ioctl handler with some extra logging +clearly shows the NBD_DO_IT ioctl being invoked which is a long-lived +ioctl in the sense that it doesn't return until another ioctl asks the +driver to disconnect. However, that other ioctl blocks, waiting for the +module-level mutex that replaced the BKL, and then we're stuck. + +This patch removes the module-level mutex altogether. It's clearly +wrong, and as far as I can see, it's entirely unnecessary, since the nbd +driver maintains per-device mutexes, and I don't see anything that would +require a module-level (or kernel-level, for that matter) mutex. + +Signed-off-by: Soren Hansen +Acked-by: Serge Hallyn +Acked-by: Paul Clements +Cc: Arnd Bergmann +Cc: Jens Axboe +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/block/nbd.c | 3 --- + 1 file changed, 3 deletions(-) + +--- a/drivers/block/nbd.c ++++ b/drivers/block/nbd.c +@@ -53,7 +53,6 @@ + #define DBG_BLKDEV 0x0100 + #define DBG_RX 0x0200 + #define DBG_TX 0x0400 +-static DEFINE_MUTEX(nbd_mutex); + static unsigned int debugflags; + #endif /* NDEBUG */ + +@@ -718,11 +717,9 @@ static int nbd_ioctl(struct block_device + dprintk(DBG_IOCTL, "%s: nbd_ioctl cmd=%s(0x%x) arg=%lu\n", + lo->disk->disk_name, ioctl_cmd_to_ascii(cmd), cmd, arg); + +- mutex_lock(&nbd_mutex); + mutex_lock(&lo->tx_lock); + error = __nbd_ioctl(bdev, lo, cmd, arg); + mutex_unlock(&lo->tx_lock); +- mutex_unlock(&nbd_mutex); + + return error; + } diff --git a/queue-2.6.37/parisc-remove-broken-line-wrapping-handling-pdc_iodc_print.patch b/queue-2.6.37/parisc-remove-broken-line-wrapping-handling-pdc_iodc_print.patch new file mode 100644 index 00000000000..e94dd215301 --- /dev/null +++ b/queue-2.6.37/parisc-remove-broken-line-wrapping-handling-pdc_iodc_print.patch @@ -0,0 +1,74 @@ +From fbea668498e93bb38ac9226c7af9120a25957375 Mon Sep 17 00:00:00 2001 +From: Guy Martin +Date: Mon, 6 Dec 2010 16:48:04 +0100 +Subject: parisc : Remove broken line wrapping handling pdc_iodc_print() + +From: Guy Martin + +commit fbea668498e93bb38ac9226c7af9120a25957375 upstream. + +Remove the broken line wrapping handling in pdc_iodc_print(). +It is broken in 3 ways : + - It doesn't keep track of the current screen position, it just + assumes that the new buffer will be printed at the begining of the + screen. + - It doesn't take in account that non printable characters won't + increase the current position on the screen. + - And last but not least, it triggers a kernel panic if a backspace + is the first char in the provided buffer : + + Backtrace: + [<0000000040128ec4>] pdc_console_write+0x44/0x78 + [<0000000040128f18>] pdc_console_tty_write+0x20/0x38 + [<000000004032f1ac>] n_tty_write+0x2a4/0x550 + [<000000004032b158>] tty_write+0x1e0/0x2d8 + [<00000000401bb420>] vfs_write+0xb8/0x188 + [<00000000401bb630>] sys_write+0x68/0xb8 + [<0000000040104eb8>] syscall_exit+0x0/0x14 + +Most terminals handle the line wrapping just fine. I've confirmed that +it works correctly on a C8000 with both vga and serial output. + +Signed-off-by: Guy Martin +Signed-off-by: James Bottomley +Signed-off-by: Greg Kroah-Hartman + +--- + arch/parisc/kernel/firmware.c | 13 +------------ + 1 file changed, 1 insertion(+), 12 deletions(-) + +--- a/arch/parisc/kernel/firmware.c ++++ b/arch/parisc/kernel/firmware.c +@@ -1126,15 +1126,13 @@ int pdc_iodc_print(const unsigned char * + unsigned int i; + unsigned long flags; + +- for (i = 0; i < count && i < 79;) { ++ for (i = 0; i < count;) { + switch(str[i]) { + case '\n': + iodc_dbuf[i+0] = '\r'; + iodc_dbuf[i+1] = '\n'; + i += 2; + goto print; +- case '\b': /* BS */ +- i--; /* overwrite last */ + default: + iodc_dbuf[i] = str[i]; + i++; +@@ -1142,15 +1140,6 @@ int pdc_iodc_print(const unsigned char * + } + } + +- /* if we're at the end of line, and not already inserting a newline, +- * insert one anyway. iodc console doesn't claim to support >79 char +- * lines. don't account for this in the return value. +- */ +- if (i == 79 && iodc_dbuf[i-1] != '\n') { +- iodc_dbuf[i+0] = '\r'; +- iodc_dbuf[i+1] = '\n'; +- } +- + print: + spin_lock_irqsave(&pdc_lock, flags); + real32_call(PAGE0->mem_cons.iodc_io, diff --git a/queue-2.6.37/perf-find_get_context-fix-the-per-cpu-counter-check.patch b/queue-2.6.37/perf-find_get_context-fix-the-per-cpu-counter-check.patch new file mode 100644 index 00000000000..5dc662848d9 --- /dev/null +++ b/queue-2.6.37/perf-find_get_context-fix-the-per-cpu-counter-check.patch @@ -0,0 +1,44 @@ +From 22a4ec729017ba613337a28f306f94ba5023fe2e Mon Sep 17 00:00:00 2001 +From: Oleg Nesterov +Date: Tue, 18 Jan 2011 17:10:08 +0100 +Subject: perf: Find_get_context: fix the per-cpu-counter check + +From: Oleg Nesterov + +commit 22a4ec729017ba613337a28f306f94ba5023fe2e upstream. + +If task == NULL, find_get_context() should always check that cpu +is correct. + +Afaics, the bug was introduced by 38a81da2 "perf events: Clean +up pid passing", but even before that commit "&& cpu != -1" was +not exactly right, -ESRCH from find_task_by_vpid() is not +accurate. + +Signed-off-by: Oleg Nesterov +Acked-by: Peter Zijlstra +Cc: Alan Stern +Cc: Arnaldo Carvalho de Melo +Cc: Frederic Weisbecker +Cc: Paul Mackerras +Cc: Prasad +Cc: Roland McGrath +LKML-Reference: <20110118161008.GB693@redhat.com> +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/perf_event.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/perf_event.c ++++ b/kernel/perf_event.c +@@ -2100,7 +2100,7 @@ find_get_context(struct pmu *pmu, struct + unsigned long flags; + int ctxn, err; + +- if (!task && cpu != -1) { ++ if (!task) { + /* Must be root to operate on a CPU event: */ + if (perf_paranoid_cpu() && !capable(CAP_SYS_ADMIN)) + return ERR_PTR(-EACCES); diff --git a/queue-2.6.37/perf-fix-alloc_callchain_buffers.patch b/queue-2.6.37/perf-fix-alloc_callchain_buffers.patch new file mode 100644 index 00000000000..18e29c32287 --- /dev/null +++ b/queue-2.6.37/perf-fix-alloc_callchain_buffers.patch @@ -0,0 +1,41 @@ +From 88d4f0db7fa8785859c1d637f9aac210932b6216 Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Tue, 25 Jan 2011 19:40:51 +0100 +Subject: perf: Fix alloc_callchain_buffers() + +From: Eric Dumazet + +commit 88d4f0db7fa8785859c1d637f9aac210932b6216 upstream. + +Commit 927c7a9e92c4 ("perf: Fix race in callchains") introduced +a mismatch in the sizing of struct callchain_cpus_entries. + +nr_cpu_ids must be used instead of num_possible_cpus(), or we +might get out of bound memory accesses on some machines. + +Signed-off-by: Eric Dumazet +Cc: Frederic Weisbecker +Cc: Peter Zijlstra +Cc: Arnaldo Carvalho de Melo +Cc: David Miller +Cc: Stephane Eranian +LKML-Reference: <1295980851.3588.351.camel@edumazet-laptop> +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/perf_event.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/kernel/perf_event.c ++++ b/kernel/perf_event.c +@@ -1872,8 +1872,7 @@ static int alloc_callchain_buffers(void) + * accessed from NMI. Use a temporary manual per cpu allocation + * until that gets sorted out. + */ +- size = sizeof(*entries) + sizeof(struct perf_callchain_entry *) * +- num_possible_cpus(); ++ size = offsetof(struct callchain_cpus_entries, cpu_entries[nr_cpu_ids]); + + entries = kzalloc(size, GFP_KERNEL); + if (!entries) diff --git a/queue-2.6.37/perf-validate-cpu-early-in-perf_event_alloc.patch b/queue-2.6.37/perf-validate-cpu-early-in-perf_event_alloc.patch new file mode 100644 index 00000000000..e0514b51add --- /dev/null +++ b/queue-2.6.37/perf-validate-cpu-early-in-perf_event_alloc.patch @@ -0,0 +1,65 @@ +From 66832eb4baaaa9abe4c993ddf9113a79e39b9915 Mon Sep 17 00:00:00 2001 +From: Oleg Nesterov +Date: Tue, 18 Jan 2011 17:10:32 +0100 +Subject: perf: Validate cpu early in perf_event_alloc() + +From: Oleg Nesterov + +commit 66832eb4baaaa9abe4c993ddf9113a79e39b9915 upstream. + +Starting from perf_event_alloc()->perf_init_event(), the kernel +assumes that event->cpu is either -1 or the valid CPU number. + +Change perf_event_alloc() to validate this argument early. This +also means we can remove the similar check in +find_get_context(). + +Signed-off-by: Oleg Nesterov +Acked-by: Peter Zijlstra +Cc: Alan Stern +Cc: Arnaldo Carvalho de Melo +Cc: Frederic Weisbecker +Cc: Paul Mackerras +Cc: Prasad +Cc: Roland McGrath +LKML-Reference: <20110118161032.GC693@redhat.com> +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/perf_event.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/kernel/perf_event.c ++++ b/kernel/perf_event.c +@@ -2105,9 +2105,6 @@ find_get_context(struct pmu *pmu, struct + if (perf_paranoid_cpu() && !capable(CAP_SYS_ADMIN)) + return ERR_PTR(-EACCES); + +- if (cpu < 0 || cpu >= nr_cpumask_bits) +- return ERR_PTR(-EINVAL); +- + /* + * We could be clever and allow to attach a event to an + * offline CPU and activate it when the CPU comes up, but +@@ -5304,6 +5301,11 @@ perf_event_alloc(struct perf_event_attr + struct hw_perf_event *hwc; + long err; + ++ if ((unsigned)cpu >= nr_cpu_ids) { ++ if (!task || cpu != -1) ++ return ERR_PTR(-EINVAL); ++ } ++ + event = kzalloc(sizeof(*event), GFP_KERNEL); + if (!event) + return ERR_PTR(-ENOMEM); +@@ -5352,7 +5354,7 @@ perf_event_alloc(struct perf_event_attr + + if (!overflow_handler && parent_event) + overflow_handler = parent_event->overflow_handler; +- ++ + event->overflow_handler = overflow_handler; + + if (attr->disabled) diff --git a/queue-2.6.37/series b/queue-2.6.37/series index 96c8068ebd7..111c3471d68 100644 --- a/queue-2.6.37/series +++ b/queue-2.6.37/series @@ -195,3 +195,20 @@ firewire-core-fix-unstable-i-o-with-canon-camcorder.patch workqueue-relax-lockdep-annotation-on-flush_work.patch arm-smp-use-more-sane-register-allocation-for-__fixup_smp_on_up.patch arm-smp_on_up-allow-non-arm-smp-processors.patch +cifs-fix-oplock-break-handling-try-2.patch +cifs-fix-regression-during-share-level-security-mounts-repost.patch +parisc-remove-broken-line-wrapping-handling-pdc_iodc_print.patch +watchdog-fix-sysctl-consistency.patch +watchdog-don-t-change-watchdog-state-on-read-of-sysctl.patch +memsw-handle-swapaccount-kernel-parameter-correctly.patch +perf-fix-alloc_callchain_buffers.patch +perf-find_get_context-fix-the-per-cpu-counter-check.patch +perf-validate-cpu-early-in-perf_event_alloc.patch +char-ipmi-fix-oops-caused-by-pnp_unregister_driver-on-unregistered-driver.patch +ssb-pcmcia-fix-parsing-of-invariants-tuples.patch +nbd-remove-module-level-ioctl-mutex.patch +memory-hotplug-one-more-lock-on-memory-hotplug.patch +backlight-fix-88pm860x_bl-macro-collision.patch +fs-direct-io.c-don-t-try-to-allocate-more-than-bio_max_pages-in-a-bio.patch +kernel-smp.c-fix-smp_call_function_many-smp-race.patch +hostap_cs-fix-sleeping-function-called-from-invalid-context.patch diff --git a/queue-2.6.37/ssb-pcmcia-fix-parsing-of-invariants-tuples.patch b/queue-2.6.37/ssb-pcmcia-fix-parsing-of-invariants-tuples.patch new file mode 100644 index 00000000000..734fe7323a7 --- /dev/null +++ b/queue-2.6.37/ssb-pcmcia-fix-parsing-of-invariants-tuples.patch @@ -0,0 +1,35 @@ +From dd3cb633078fb12e06ce6cebbdfbf55a7562e929 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michael=20B=C3=BCsch?= +Date: Fri, 4 Feb 2011 23:34:45 +0100 +Subject: ssb-pcmcia: Fix parsing of invariants tuples + +From: =?UTF-8?q?Michael=20B=C3=BCsch?= + +commit dd3cb633078fb12e06ce6cebbdfbf55a7562e929 upstream. + +This fixes parsing of the device invariants (MAC address) +for PCMCIA SSB devices. + +ssb_pcmcia_do_get_invariants expects an iv pointer as data +argument. + +Tested-by: dylan cristiani +Signed-off-by: Michael Buesch +Signed-off-by: John W. Linville +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ssb/pcmcia.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/ssb/pcmcia.c ++++ b/drivers/ssb/pcmcia.c +@@ -733,7 +733,7 @@ int ssb_pcmcia_get_invariants(struct ssb + + /* Fetch the vendor specific tuples. */ + res = pcmcia_loop_tuple(bus->host_pcmcia, SSB_PCMCIA_CIS, +- ssb_pcmcia_do_get_invariants, sprom); ++ ssb_pcmcia_do_get_invariants, iv); + if ((res == 0) || (res == -ENOSPC)) + return 0; + diff --git a/queue-2.6.37/watchdog-don-t-change-watchdog-state-on-read-of-sysctl.patch b/queue-2.6.37/watchdog-don-t-change-watchdog-state-on-read-of-sysctl.patch new file mode 100644 index 00000000000..de568434819 --- /dev/null +++ b/queue-2.6.37/watchdog-don-t-change-watchdog-state-on-read-of-sysctl.patch @@ -0,0 +1,41 @@ +From 9ffdc6c37df131f89d52001e0ef03091b158826f Mon Sep 17 00:00:00 2001 +From: Marcin Slusarz +Date: Fri, 28 Jan 2011 11:00:33 -0500 +Subject: watchdog: Don't change watchdog state on read of sysctl + +From: Marcin Slusarz + +commit 9ffdc6c37df131f89d52001e0ef03091b158826f upstream. + +Signed-off-by: Marcin Slusarz +[ add {}'s to fix a warning ] +Signed-off-by: Don Zickus +Cc: Peter Zijlstra +Cc: Frederic Weisbecker +LKML-Reference: <1296230433-6261-3-git-send-email-dzickus@redhat.com> +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/watchdog.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/kernel/watchdog.c ++++ b/kernel/watchdog.c +@@ -497,10 +497,12 @@ int proc_dowatchdog_enabled(struct ctl_t + { + proc_dointvec(table, write, buffer, length, ppos); + +- if (watchdog_enabled) +- watchdog_enable_all_cpus(); +- else +- watchdog_disable_all_cpus(); ++ if (write) { ++ if (watchdog_enabled) ++ watchdog_enable_all_cpus(); ++ else ++ watchdog_disable_all_cpus(); ++ } + return 0; + } + diff --git a/queue-2.6.37/watchdog-fix-sysctl-consistency.patch b/queue-2.6.37/watchdog-fix-sysctl-consistency.patch new file mode 100644 index 00000000000..c66368f6fa2 --- /dev/null +++ b/queue-2.6.37/watchdog-fix-sysctl-consistency.patch @@ -0,0 +1,57 @@ +From 397357666de6b5b6adb5fa99f9758ec8cf30ac34 Mon Sep 17 00:00:00 2001 +From: Marcin Slusarz +Date: Fri, 28 Jan 2011 11:00:32 -0500 +Subject: watchdog: Fix sysctl consistency + +From: Marcin Slusarz + +commit 397357666de6b5b6adb5fa99f9758ec8cf30ac34 upstream. + +If it was not possible to enable watchdog for any cpu, switch +watchdog_enabled back to 0, because it's visible via +kernel.watchdog sysctl. + +Signed-off-by: Marcin Slusarz +Signed-off-by: Don Zickus +Cc: Peter Zijlstra +Cc: Frederic Weisbecker +LKML-Reference: <1296230433-6261-2-git-send-email-dzickus@redhat.com> +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/watchdog.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +--- a/kernel/watchdog.c ++++ b/kernel/watchdog.c +@@ -430,9 +430,6 @@ static int watchdog_enable(int cpu) + wake_up_process(p); + } + +- /* if any cpu succeeds, watchdog is considered enabled for the system */ +- watchdog_enabled = 1; +- + return 0; + } + +@@ -460,12 +457,16 @@ static void watchdog_disable(int cpu) + static void watchdog_enable_all_cpus(void) + { + int cpu; +- int result = 0; ++ ++ watchdog_enabled = 0; + + for_each_online_cpu(cpu) +- result += watchdog_enable(cpu); ++ if (!watchdog_enable(cpu)) ++ /* if any cpu succeeds, watchdog is considered ++ enabled for the system */ ++ watchdog_enabled = 1; + +- if (result) ++ if (!watchdog_enabled) + printk(KERN_ERR "watchdog: failed to be enabled on some cpus\n"); + + } -- 2.47.3