--- /dev/null
+From fd8ef11730f1d03d5d6555aa53126e9e34f52f12 Mon Sep 17 00:00:00 2001
+From: Mike Galbraith <efault@gmx.de>
+Date: Mon, 3 Dec 2012 06:25:25 +0100
+Subject: Revert "sched, autogroup: Stop going ahead if autogroup is disabled"
+
+From: Mike Galbraith <efault@gmx.de>
+
+commit fd8ef11730f1d03d5d6555aa53126e9e34f52f12 upstream.
+
+This reverts commit 800d4d30c8f20bd728e5741a3b77c4859a613f7c.
+
+Between commits 8323f26ce342 ("sched: Fix race in task_group()") and
+800d4d30c8f2 ("sched, autogroup: Stop going ahead if autogroup is
+disabled"), autogroup is a wreck.
+
+With both applied, all you have to do to crash a box is disable
+autogroup during boot up, then reboot.. boom, NULL pointer dereference
+due to commit 800d4d30c8f2 not allowing autogroup to move things, and
+commit 8323f26ce342 making that the only way to switch runqueues:
+
+ BUG: unable to handle kernel NULL pointer dereference at (null)
+ IP: [<ffffffff81063ac0>] effective_load.isra.43+0x50/0x90
+ Pid: 7047, comm: systemd-user-se Not tainted 3.6.8-smp #7 MEDIONPC MS-7502/MS-7502
+ RIP: effective_load.isra.43+0x50/0x90
+ Process systemd-user-se (pid: 7047, threadinfo ffff880221dde000, task ffff88022618b3a0)
+ Call Trace:
+ select_task_rq_fair+0x255/0x780
+ try_to_wake_up+0x156/0x2c0
+ wake_up_state+0xb/0x10
+ signal_wake_up+0x28/0x40
+ complete_signal+0x1d6/0x250
+ __send_signal+0x170/0x310
+ send_signal+0x40/0x80
+ do_send_sig_info+0x47/0x90
+ group_send_sig_info+0x4a/0x70
+ kill_pid_info+0x3a/0x60
+ sys_kill+0x97/0x1a0
+ ? vfs_read+0x120/0x160
+ ? sys_read+0x45/0x90
+ system_call_fastpath+0x16/0x1b
+ Code: 49 0f af 41 50 31 d2 49 f7 f0 48 83 f8 01 48 0f 46 c6 48 2b 07 48 8b bf 40 01 00 00 48 85 ff 74 3a 45 31 c0 48 8b 8f 50 01 00 00 <48> 8b 11 4c 8b 89 80 00 00 00 49 89 d2 48 01 d0 45 8b 59 58 4c
+ RIP [<ffffffff81063ac0>] effective_load.isra.43+0x50/0x90
+ RSP <ffff880221ddfbd8>
+ CR2: 0000000000000000
+
+Signed-off-by: Mike Galbraith <efault@gmx.de>
+Acked-by: Ingo Molnar <mingo@kernel.org>
+Cc: Yong Zhang <yong.zhang0@gmail.com>
+Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/sched_autogroup.c | 4 ----
+ kernel/sched_autogroup.h | 5 -----
+ 2 files changed, 9 deletions(-)
+
+--- a/kernel/sched_autogroup.c
++++ b/kernel/sched_autogroup.c
+@@ -160,15 +160,11 @@ autogroup_move_group(struct task_struct
+
+ p->signal->autogroup = autogroup_kref_get(ag);
+
+- if (!ACCESS_ONCE(sysctl_sched_autogroup_enabled))
+- goto out;
+-
+ t = p;
+ do {
+ sched_move_task(t);
+ } while_each_thread(p, t);
+
+-out:
+ unlock_task_sighand(p, &flags);
+ autogroup_kref_put(prev);
+ }
+--- a/kernel/sched_autogroup.h
++++ b/kernel/sched_autogroup.h
+@@ -1,11 +1,6 @@
+ #ifdef CONFIG_SCHED_AUTOGROUP
+
+ struct autogroup {
+- /*
+- * reference doesn't mean how many thread attach to this
+- * autogroup now. It just stands for the number of task
+- * could use this autogroup.
+- */
+ struct kref kref;
+ struct task_group *tg;
+ struct rw_semaphore lock;
--- /dev/null
+From 412d32e6c98527078779e5b515823b2810e40324 Mon Sep 17 00:00:00 2001
+From: Mike Galbraith <mgalbraith@suse.de>
+Date: Wed, 28 Nov 2012 07:17:18 +0100
+Subject: workqueue: exit rescuer_thread() as TASK_RUNNING
+
+From: Mike Galbraith <mgalbraith@suse.de>
+
+commit 412d32e6c98527078779e5b515823b2810e40324 upstream.
+
+A rescue thread exiting TASK_INTERRUPTIBLE can lead to a task scheduling
+off, never to be seen again. In the case where this occurred, an exiting
+thread hit reiserfs homebrew conditional resched while holding a mutex,
+bringing the box to its knees.
+
+PID: 18105 TASK: ffff8807fd412180 CPU: 5 COMMAND: "kdmflush"
+ #0 [ffff8808157e7670] schedule at ffffffff8143f489
+ #1 [ffff8808157e77b8] reiserfs_get_block at ffffffffa038ab2d [reiserfs]
+ #2 [ffff8808157e79a8] __block_write_begin at ffffffff8117fb14
+ #3 [ffff8808157e7a98] reiserfs_write_begin at ffffffffa0388695 [reiserfs]
+ #4 [ffff8808157e7ad8] generic_perform_write at ffffffff810ee9e2
+ #5 [ffff8808157e7b58] generic_file_buffered_write at ffffffff810eeb41
+ #6 [ffff8808157e7ba8] __generic_file_aio_write at ffffffff810f1a3a
+ #7 [ffff8808157e7c58] generic_file_aio_write at ffffffff810f1c88
+ #8 [ffff8808157e7cc8] do_sync_write at ffffffff8114f850
+ #9 [ffff8808157e7dd8] do_acct_process at ffffffff810a268f
+ [exception RIP: kernel_thread_helper]
+ RIP: ffffffff8144a5c0 RSP: ffff8808157e7f58 RFLAGS: 00000202
+ RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
+ RDX: 0000000000000000 RSI: ffffffff8107af60 RDI: ffff8803ee491d18
+ RBP: 0000000000000000 R8: 0000000000000000 R9: 0000000000000000
+ R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
+ R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
+ ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
+
+Signed-off-by: Mike Galbraith <mgalbraith@suse.de>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/workqueue.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/kernel/workqueue.c
++++ b/kernel/workqueue.c
+@@ -2044,8 +2044,10 @@ static int rescuer_thread(void *__wq)
+ repeat:
+ set_current_state(TASK_INTERRUPTIBLE);
+
+- if (kthread_should_stop())
++ if (kthread_should_stop()) {
++ __set_current_state(TASK_RUNNING);
+ return 0;
++ }
+
+ /*
+ * See whether any cpu is asking for help. Unbounded
projects / thirdparty / kernel / stable-queue.git / commitdiff
