update to stable 2.6.36.2-rc1

This commit is contained in:
Kyle McMartin 2010-12-08 18:21:02 -05:00
parent fc2adbbad5
commit ee99a68c51
15 changed files with 34 additions and 847 deletions

1
.gitignore vendored
View File

@ -4,3 +4,4 @@ clog
*.rpm *.rpm
kernel-2.6.*/ kernel-2.6.*/
/patch-2.6.36.1.bz2 /patch-2.6.36.1.bz2
/patch-2.6.36.2-rc1.bz2

View File

@ -12,14 +12,14 @@ and recreate the battery in order to populate the fields correctly.
Signed-off-by: Matthew Garrett <mjg@redhat.com> Signed-off-by: Matthew Garrett <mjg@redhat.com>
--- ---
drivers/acpi/battery.c | 22 +++++++++++++++++----- drivers/acpi/battery.c | 20 +++++++++++++++-----
1 files changed, 17 insertions(+), 5 deletions(-) 1 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c
index dc58402..69638c4 100644 index 95649d3..2a774a8 100644
--- a/drivers/acpi/battery.c --- a/drivers/acpi/battery.c
+++ b/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c
@@ -562,9 +562,10 @@ static void acpi_battery_quirks(struct acpi_battery *battery) @@ -605,9 +605,10 @@ static void acpi_battery_quirks2(struct acpi_battery *battery)
} }
} }
@ -31,24 +31,22 @@ index dc58402..69638c4 100644
result = acpi_battery_get_status(battery); result = acpi_battery_get_status(battery);
if (result) if (result)
return result; return result;
@@ -587,6 +588,16 @@ static int acpi_battery_update(struct acpi_battery *battery) @@ -628,6 +629,14 @@ static int acpi_battery_update(struct acpi_battery *battery)
if (!battery->bat.dev)
sysfs_add_battery(battery); sysfs_add_battery(battery);
#endif result = acpi_battery_get_state(battery);
acpi_battery_quirks2(battery);
+ if (get_info) { + if (get_info) {
+ acpi_battery_get_info(battery); + acpi_battery_get_info(battery);
+#ifdef CONFIG_ACPI_SYSFS_POWER
+ if (old_power_unit != battery->power_unit) { + if (old_power_unit != battery->power_unit) {
+ /* The battery has changed its reporting units */ + /* The battery has changed its reporting units */
+ sysfs_remove_battery(battery); + sysfs_remove_battery(battery);
+ sysfs_add_battery(battery); + sysfs_add_battery(battery);
+ } + }
+#endif
+ } + }
return acpi_battery_get_state(battery); return result;
} }
@@ -762,7 +773,7 @@ static print_func acpi_print_funcs[ACPI_BATTERY_NUMFILES] = { @@ -803,7 +812,7 @@ static print_func acpi_print_funcs[ACPI_BATTERY_NUMFILES] = {
static int acpi_battery_read(int fid, struct seq_file *seq) static int acpi_battery_read(int fid, struct seq_file *seq)
{ {
struct acpi_battery *battery = seq->private; struct acpi_battery *battery = seq->private;
@ -57,7 +55,7 @@ index dc58402..69638c4 100644
return acpi_print_funcs[fid](seq, result); return acpi_print_funcs[fid](seq, result);
} }
@@ -877,7 +888,8 @@ static void acpi_battery_notify(struct acpi_device *device, u32 event) @@ -914,7 +923,8 @@ static void acpi_battery_notify(struct acpi_device *device, u32 event)
#ifdef CONFIG_ACPI_SYSFS_POWER #ifdef CONFIG_ACPI_SYSFS_POWER
old = battery->bat.dev; old = battery->bat.dev;
#endif #endif
@ -67,7 +65,7 @@ index dc58402..69638c4 100644
acpi_bus_generate_proc_event(device, event, acpi_bus_generate_proc_event(device, event,
acpi_battery_present(battery)); acpi_battery_present(battery));
acpi_bus_generate_netlink_event(device->pnp.device_class, acpi_bus_generate_netlink_event(device->pnp.device_class,
@@ -908,7 +920,7 @@ static int acpi_battery_add(struct acpi_device *device) @@ -943,7 +953,7 @@ static int acpi_battery_add(struct acpi_device *device)
if (ACPI_SUCCESS(acpi_get_handle(battery->device->handle, if (ACPI_SUCCESS(acpi_get_handle(battery->device->handle,
"_BIX", &handle))) "_BIX", &handle)))
set_bit(ACPI_BATTERY_XINFO_PRESENT, &battery->flags); set_bit(ACPI_BATTERY_XINFO_PRESENT, &battery->flags);
@ -76,7 +74,7 @@ index dc58402..69638c4 100644
#ifdef CONFIG_ACPI_PROCFS_POWER #ifdef CONFIG_ACPI_PROCFS_POWER
result = acpi_battery_add_fs(device); result = acpi_battery_add_fs(device);
#endif #endif
@@ -951,7 +963,7 @@ static int acpi_battery_resume(struct acpi_device *device) @@ -984,7 +994,7 @@ static int acpi_battery_resume(struct acpi_device *device)
return -EINVAL; return -EINVAL;
battery = acpi_driver_data(device); battery = acpi_driver_data(device);
battery->update_time = 0; battery->update_time = 0;
@ -85,12 +83,3 @@ index dc58402..69638c4 100644
return 0; return 0;
} }
--
1.7.2.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

View File

@ -1,12 +0,0 @@
diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
index 0ac6aed..53f503d 100644
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -1614,6 +1614,7 @@ do_sku:
spec->init_amp = ALC_INIT_GPIO3;
break;
case 5:
+ default:
spec->init_amp = ALC_INIT_DEFAULT;
break;
}

View File

@ -1,30 +0,0 @@
From: Vasiliy Kulikov <segooon@gmail.com>
Date: Sat, 30 Oct 2010 14:22:49 +0000 (+0400)
Subject: ipc: shm: fix information leak to userland
X-Git-Tag: v2.6.37-rc1~24
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=3af54c9bd9e6f14f896aac1bb0e8405ae0bc7a44
ipc: shm: fix information leak to userland
The shmid_ds structure is copied to userland with shm_unused{,2,3}
fields unitialized. It leads to leaking of contents of kernel stack
memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Acked-by: Al Viro <viro@ZenIV.linux.org.uk>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
diff --git a/ipc/shm.c b/ipc/shm.c
index fd658a1..7d3bb22 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -479,6 +479,7 @@ static inline unsigned long copy_shmid_to_user(void __user *buf, struct shmid64_
{
struct shmid_ds out;
+ memset(&out, 0, sizeof(out));
ipc64_perm_to_ipc_perm(&in->shm_perm, &out.shm_perm);
out.shm_segsz = in->shm_segsz;
out.shm_atime = in->shm_atime;

View File

@ -1,73 +0,0 @@
From: Dan Rosenberg <drosenberg@vsecurity.com>
Date: Wed, 27 Oct 2010 22:34:17 +0000 (-0700)
Subject: ipc: initialize structure memory to zero for compat functions
X-Git-Tag: v2.6.37-rc1~85^2~50
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=03145beb455cf5c20a761e8451e30b8a74ba58d9
ipc: initialize structure memory to zero for compat functions
This takes care of leaking uninitialized kernel stack memory to
userspace from non-zeroed fields in structs in compat ipc functions.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
diff --git a/ipc/compat.c b/ipc/compat.c
index 9dc2c7d..845a287 100644
--- a/ipc/compat.c
+++ b/ipc/compat.c
@@ -241,6 +241,8 @@ long compat_sys_semctl(int first, int second, int third, void __user *uptr)
struct semid64_ds __user *up64;
int version = compat_ipc_parse_version(&third);
+ memset(&s64, 0, sizeof(s64));
+
if (!uptr)
return -EINVAL;
if (get_user(pad, (u32 __user *) uptr))
@@ -421,6 +423,8 @@ long compat_sys_msgctl(int first, int second, void __user *uptr)
int version = compat_ipc_parse_version(&second);
void __user *p;
+ memset(&m64, 0, sizeof(m64));
+
switch (second & (~IPC_64)) {
case IPC_INFO:
case IPC_RMID:
@@ -594,6 +598,8 @@ long compat_sys_shmctl(int first, int second, void __user *uptr)
int err, err2;
int version = compat_ipc_parse_version(&second);
+ memset(&s64, 0, sizeof(s64));
+
switch (second & (~IPC_64)) {
case IPC_RMID:
case SHM_LOCK:
diff --git a/ipc/compat_mq.c b/ipc/compat_mq.c
index d8d1e9f..380ea4f 100644
--- a/ipc/compat_mq.c
+++ b/ipc/compat_mq.c
@@ -53,6 +53,9 @@ asmlinkage long compat_sys_mq_open(const char __user *u_name,
void __user *p = NULL;
if (u_attr && oflag & O_CREAT) {
struct mq_attr attr;
+
+ memset(&attr, 0, sizeof(attr));
+
p = compat_alloc_user_space(sizeof(attr));
if (get_compat_mq_attr(&attr, u_attr) ||
copy_to_user(p, &attr, sizeof(attr)))
@@ -127,6 +130,8 @@ asmlinkage long compat_sys_mq_getsetattr(mqd_t mqdes,
struct mq_attr __user *p = compat_alloc_user_space(2 * sizeof(*p));
long ret;
+ memset(&mqstat, 0, sizeof(mqstat));
+
if (u_mqstat) {
if (get_compat_mq_attr(&mqstat, u_mqstat) ||
copy_to_user(p, &mqstat, sizeof(mqstat)))

View File

@ -51,7 +51,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be prepended with "0.", so # For non-released -rc kernels, this will be prepended with "0.", so
# for example a 3 here will become 0.3 # for example a 3 here will become 0.3
# #
%global baserelease 11 %global baserelease 12
%global fedora_build %{baserelease} %global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching # base_sublevel is the kernel version we're starting with and patching
@ -63,9 +63,9 @@ Summary: The Linux kernel
%if 0%{?released_kernel} %if 0%{?released_kernel}
# Do we have a -stable update to apply? # Do we have a -stable update to apply?
%define stable_update 1 %define stable_update 2
# Is it a -stable RC? # Is it a -stable RC?
%define stable_rc 0 %define stable_rc 1
# Set rpm version accordingly # Set rpm version accordingly
%if 0%{?stable_update} %if 0%{?stable_update}
%define stablerev .%{stable_update} %define stablerev .%{stable_update}
@ -658,8 +658,6 @@ Patch1819: drm-intel-big-hammer.patch
Patch1825: drm-intel-make-lvds-work.patch Patch1825: drm-intel-make-lvds-work.patch
Patch1900: linux-2.6-intel-iommu-igfx.patch Patch1900: linux-2.6-intel-iommu-igfx.patch
Patch1920: radeon-mc-vram-map-needs-to-be-gt-pci-aperture.patch
# linux1394 git patches # linux1394 git patches
Patch2200: linux-2.6-firewire-git-update.patch Patch2200: linux-2.6-firewire-git-update.patch
Patch2201: linux-2.6-firewire-git-pending.patch Patch2201: linux-2.6-firewire-git-pending.patch
@ -680,8 +678,6 @@ Patch2912: linux-2.6-v4l-dvb-ir-core-update.patch
#Patch2916: lirc-staging-2.6.36-fixes.patch #Patch2916: lirc-staging-2.6.36-fixes.patch
Patch2917: hdpvr-ir-enable.patch Patch2917: hdpvr-ir-enable.patch
Patch3000: linux-2.6-rcu-sched-warning.patch
# fs fixes # fs fixes
# NFSv4 # NFSv4
@ -724,35 +720,22 @@ Patch12300: btusb-macbookpro-7-1.patch
Patch12301: btusb-macbookpro-6-2.patch Patch12301: btusb-macbookpro-6-2.patch
Patch12304: add-macbookair3-ids.patch Patch12304: add-macbookair3-ids.patch
Patch12302: pnpacpi-cope-with-invalid-device-ids.patch
Patch12303: dmar-disable-when-ricoh-multifunction.patch Patch12303: dmar-disable-when-ricoh-multifunction.patch
Patch12305: xhci_hcd-suspend-resume.patch Patch12305: xhci_hcd-suspend-resume.patch
Patch12307: tty-restore-tty_ldisc_wait_idle.patch
Patch12308: fix-i8k-inline-asm.patch Patch12308: fix-i8k-inline-asm.patch
Patch12400: ipc-zero-struct-memory-for-compat-fns.patch
Patch12401: ipc-shm-fix-information-leak-to-user.patch
Patch12405: inet_diag-make-sure-we-run-the-same-bytecode-we-audited.patch Patch12405: inet_diag-make-sure-we-run-the-same-bytecode-we-audited.patch
Patch12408: netlink-make-nlmsg_find_attr-take-a-const-ptr.patch Patch12408: netlink-make-nlmsg_find_attr-take-a-const-ptr.patch
Patch12406: posix-cpu-timers-workaround-to-suppress-problems-with-mt-exec.patch Patch12406: posix-cpu-timers-workaround-to-suppress-problems-with-mt-exec.patch
Patch12407: hda_realtek-handle-unset-external-amp-bits.patch
Patch12410: tty-make-tiocgicount-a-handler.patch Patch12410: tty-make-tiocgicount-a-handler.patch
Patch12411: tty-icount-changeover-for-other-main-devices.patch Patch12411: tty-icount-changeover-for-other-main-devices.patch
Patch12413: tpm-autodetect-itpm-devices.patch Patch12413: tpm-autodetect-itpm-devices.patch
Patch12415: tty-dont-allow-reopen-when-ldisc-is-changing.patch
Patch12416: tty-ldisc-fix-open-flag-handling.patch
Patch12417: tty-open-hangup-race-fixup.patch
Patch12420: mm-page-allocator-adjust-the-per-cpu-counter-threshold-when-memory-is-low.patch Patch12420: mm-page-allocator-adjust-the-per-cpu-counter-threshold-when-memory-is-low.patch
Patch12421: mm-vmstat-use-a-single-setter-function-and-callback-for-adjusting-percpu-thresholds.patch Patch12421: mm-vmstat-use-a-single-setter-function-and-callback-for-adjusting-percpu-thresholds.patch
@ -1310,8 +1293,6 @@ ApplyPatch drm-intel-big-hammer.patch
ApplyPatch drm-intel-make-lvds-work.patch ApplyPatch drm-intel-make-lvds-work.patch
ApplyPatch linux-2.6-intel-iommu-igfx.patch ApplyPatch linux-2.6-intel-iommu-igfx.patch
ApplyPatch radeon-mc-vram-map-needs-to-be-gt-pci-aperture.patch
# linux1394 git patches # linux1394 git patches
#ApplyPatch linux-2.6-firewire-git-update.patch #ApplyPatch linux-2.6-firewire-git-update.patch
#ApplyOptionalPatch linux-2.6-firewire-git-pending.patch #ApplyOptionalPatch linux-2.6-firewire-git-pending.patch
@ -1334,9 +1315,6 @@ ApplyOptionalPatch linux-2.6-v4l-dvb-experimental.patch
# enable IR receiver on Hauppauge HD PVR (v4l-dvb merge pending) # enable IR receiver on Hauppauge HD PVR (v4l-dvb merge pending)
ApplyPatch hdpvr-ir-enable.patch ApplyPatch hdpvr-ir-enable.patch
# silence another rcu_reference warning
ApplyPatch linux-2.6-rcu-sched-warning.patch
# Patches headed upstream # Patches headed upstream
ApplyPatch disable-i8042-check-on-apple-mac.patch ApplyPatch disable-i8042-check-on-apple-mac.patch
@ -1375,24 +1353,13 @@ ApplyPatch btusb-macbookpro-7-1.patch
ApplyPatch btusb-macbookpro-6-2.patch ApplyPatch btusb-macbookpro-6-2.patch
ApplyPatch add-macbookair3-ids.patch ApplyPatch add-macbookair3-ids.patch
# rhbz#641468
ApplyPatch pnpacpi-cope-with-invalid-device-ids.patch
# rhbz#605888 # rhbz#605888
ApplyPatch dmar-disable-when-ricoh-multifunction.patch ApplyPatch dmar-disable-when-ricoh-multifunction.patch
ApplyPatch xhci_hcd-suspend-resume.patch ApplyPatch xhci_hcd-suspend-resume.patch
ApplyPatch tty-restore-tty_ldisc_wait_idle.patch
ApplyPatch fix-i8k-inline-asm.patch ApplyPatch fix-i8k-inline-asm.patch
# rhbz#648658 (CVE-2010-4073)
ApplyPatch ipc-zero-struct-memory-for-compat-fns.patch
# rhbz#648656 (CVE-2010-4072)
ApplyPatch ipc-shm-fix-information-leak-to-user.patch
# rhbz#651264 (CVE-2010-3880) # rhbz#651264 (CVE-2010-3880)
ApplyPatch inet_diag-make-sure-we-run-the-same-bytecode-we-audited.patch ApplyPatch inet_diag-make-sure-we-run-the-same-bytecode-we-audited.patch
ApplyPatch netlink-make-nlmsg_find_attr-take-a-const-ptr.patch ApplyPatch netlink-make-nlmsg_find_attr-take-a-const-ptr.patch
@ -1400,19 +1367,12 @@ ApplyPatch netlink-make-nlmsg_find_attr-take-a-const-ptr.patch
# rhbz#656264 # rhbz#656264
ApplyPatch posix-cpu-timers-workaround-to-suppress-problems-with-mt-exec.patch ApplyPatch posix-cpu-timers-workaround-to-suppress-problems-with-mt-exec.patch
# rhbz#657388
ApplyPatch hda_realtek-handle-unset-external-amp-bits.patch
# CVE-2010-4077, CVE-2010-4075 (rhbz#648660, #648663) # CVE-2010-4077, CVE-2010-4075 (rhbz#648660, #648663)
ApplyPatch tty-make-tiocgicount-a-handler.patch ApplyPatch tty-make-tiocgicount-a-handler.patch
ApplyPatch tty-icount-changeover-for-other-main-devices.patch ApplyPatch tty-icount-changeover-for-other-main-devices.patch
ApplyPatch tpm-autodetect-itpm-devices.patch ApplyPatch tpm-autodetect-itpm-devices.patch
ApplyPatch tty-dont-allow-reopen-when-ldisc-is-changing.patch
ApplyPatch tty-ldisc-fix-open-flag-handling.patch
ApplyPatch tty-open-hangup-race-fixup.patch
# backport some fixes for kswapd from mmotm, rhbz#649694 # backport some fixes for kswapd from mmotm, rhbz#649694
ApplyPatch mm-page-allocator-adjust-the-per-cpu-counter-threshold-when-memory-is-low.patch ApplyPatch mm-page-allocator-adjust-the-per-cpu-counter-threshold-when-memory-is-low.patch
ApplyPatch mm-vmstat-use-a-single-setter-function-and-callback-for-adjusting-percpu-thresholds.patch ApplyPatch mm-vmstat-use-a-single-setter-function-and-callback-for-adjusting-percpu-thresholds.patch
@ -2034,6 +1994,20 @@ fi
# || || # || ||
%changelog %changelog
* Wed Dec 08 2010 Kyle McMartin <kyle@redhat.com> 2.6.36.2-12.rc1
- Linux stable 2.6.36.2-rc1
- Drop patches merged in stable series:
tty-dont-allow-reopen-when-ldisc-is-changing.patch
tty-ldisc-fix-open-flag-handling.patch
tty-open-hangup-race-fixup.patch
tty-restore-tty_ldisc_wait_idle.patch
hda_realtek-handle-unset-external-amp-bits.patch
ipc-shm-fix-information-leak-to-user.patch
ipc-zero-struct-memory-for-compat-fns.patch
linux-2.6-rcu-sched-warning.patch
pnpacpi-cope-with-invalid-device-ids.patch
radeon-mc-vram-map-needs-to-be-gt-pci-aperture.patch
* Wed Dec 08 2010 Kyle McMartin <kyle@redhat.com> * Wed Dec 08 2010 Kyle McMartin <kyle@redhat.com>
- sched-cure-more-NO_HZ-load-average-woes.patch: fix some of the complaints - sched-cure-more-NO_HZ-load-average-woes.patch: fix some of the complaints
in 2.6.35+ about load average with dynticks. (rhbz#650934) in 2.6.35+ about load average with dynticks. (rhbz#650934)

View File

@ -1,215 +0,0 @@
From davej Thu Sep 16 11:55:58 2010
Return-Path: linux-kernel-owner@vger.kernel.org
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on gelk
X-Spam-Level:
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1
Received: from mail.corp.redhat.com [10.5.5.52]
by gelk with IMAP (fetchmail-6.3.17)
for <davej@localhost> (single-drop); Thu, 16 Sep 2010 11:55:58 -0400 (EDT)
Received: from zmta02.collab.prod.int.phx2.redhat.com (LHLO
zmta02.collab.prod.int.phx2.redhat.com) (10.5.5.32) by
mail04.corp.redhat.com with LMTP; Thu, 16 Sep 2010 11:51:27 -0400 (EDT)
Received: from localhost (localhost.localdomain [127.0.0.1])
by zmta02.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 4889C9FC56;
Thu, 16 Sep 2010 11:51:27 -0400 (EDT)
Received: from zmta02.collab.prod.int.phx2.redhat.com ([127.0.0.1])
by localhost (zmta02.collab.prod.int.phx2.redhat.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 94mQrmwfCpY4; Thu, 16 Sep 2010 11:51:27 -0400 (EDT)
Received: from int-mx03.intmail.prod.int.phx2.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.16])
by zmta02.collab.prod.int.phx2.redhat.com (Postfix) with ESMTP id 0DBDB9FC4B;
Thu, 16 Sep 2010 11:51:27 -0400 (EDT)
Received: from mx1.redhat.com (ext-mx05.extmail.prod.ext.phx2.redhat.com [10.5.110.9])
by int-mx03.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o8GFpQnO003857;
Thu, 16 Sep 2010 11:51:26 -0400
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o8GFFCFE031066;
Thu, 16 Sep 2010 11:51:17 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1755493Ab0IPPvH (ORCPT <rfc822;jasowang@redhat.com> + 41 others);
Thu, 16 Sep 2010 11:51:07 -0400
Received: from casper.infradead.org ([85.118.1.10]:41834 "EHLO
casper.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1754921Ab0IPPvC convert rfc822-to-8bit (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 16 Sep 2010 11:51:02 -0400
Received: from f199130.upc-f.chello.nl ([80.56.199.130] helo=laptop)
by casper.infradead.org with esmtpsa (Exim 4.72 #1 (Red Hat Linux))
id 1OwGjI-0003VE-Ux; Thu, 16 Sep 2010 15:50:33 +0000
Received: by laptop (Postfix, from userid 1000)
id 6DCDB100AEB1D; Thu, 16 Sep 2010 17:50:32 +0200 (CEST)
Subject: Re: 2.6.35-stable/ppc64/p7: suspicious rcu_dereference_check()
usage detected during 2.6.35-stable boot
From: Peter Zijlstra <peterz@infradead.org>
To: paulmck@linux.vnet.ibm.com
Cc: Subrata Modak <subrata@linux.vnet.ibm.com>,
linux-kernel <linux-kernel@vger.kernel.org>,
Li Zefan <lizf@cn.fujitsu.com>, Linuxppc-dev <Linuxppc-dev@ozlabs.org>,
sachinp <sachinp@linux.vnet.ibm.com>,
DIVYA PRAKASH <dipraksh@linux.vnet.ibm.com>,
"Valdis.Kletnieks" <Valdis.Kletnieks@vt.edu>
In-Reply-To: <20100809161200.GC3026@linux.vnet.ibm.com>
References: <1280739132.15317.9.camel@subratamodak.linux.ibm.com>
<20100809161200.GC3026@linux.vnet.ibm.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8BIT
Date: Thu, 16 Sep 2010 17:50:31 +0200
Message-ID: <1284652231.2275.569.camel@laptop>
Mime-Version: 1.0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-RedHat-Spam-Score: -2.31 (RCVD_IN_DNSWL_MED,T_RP_MATCHES_RCVD)
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.16
X-Scanned-By: MIMEDefang 2.67 on 10.5.110.9
Status: RO
Content-Length: 6752
Lines: 145
On Mon, 2010-08-09 at 09:12 -0700, Paul E. McKenney wrote:
> > [ 0.051203] CPU0: AMD QEMU Virtual CPU version 0.12.4 stepping 03
> > [ 0.052999] lockdep: fixing up alternatives.
> > [ 0.054105]
> > [ 0.054106] ===================================================
> > [ 0.054999] [ INFO: suspicious rcu_dereference_check() usage. ]
> > [ 0.054999] ---------------------------------------------------
> > [ 0.054999] kernel/sched.c:616 invoked rcu_dereference_check() without protection!
> > [ 0.054999]
> > [ 0.054999] other info that might help us debug this:
> > [ 0.054999]
> > [ 0.054999]
> > [ 0.054999] rcu_scheduler_active = 1, debug_locks = 1
> > [ 0.054999] 3 locks held by swapper/1:
> > [ 0.054999] #0: (cpu_add_remove_lock){+.+.+.}, at: [<ffffffff814be933>] cpu_up+0x42/0x6a
> > [ 0.054999] #1: (cpu_hotplug.lock){+.+.+.}, at: [<ffffffff810400d8>] cpu_hotplug_begin+0x2a/0x51
> > [ 0.054999] #2: (&rq->lock){-.-...}, at: [<ffffffff814be2f7>] init_idle+0x2f/0x113
> > [ 0.054999]
> > [ 0.054999] stack backtrace:
> > [ 0.054999] Pid: 1, comm: swapper Not tainted 2.6.35 #1
> > [ 0.054999] Call Trace:
> > [ 0.054999] [<ffffffff81068054>] lockdep_rcu_dereference+0x9b/0xa3
> > [ 0.054999] [<ffffffff810325c3>] task_group+0x7b/0x8a
> > [ 0.054999] [<ffffffff810325e5>] set_task_rq+0x13/0x40
> > [ 0.054999] [<ffffffff814be39a>] init_idle+0xd2/0x113
> > [ 0.054999] [<ffffffff814be78a>] fork_idle+0xb8/0xc7
> > [ 0.054999] [<ffffffff81068717>] ? mark_held_locks+0x4d/0x6b
> > [ 0.054999] [<ffffffff814bcebd>] do_fork_idle+0x17/0x2b
> > [ 0.054999] [<ffffffff814bc89b>] native_cpu_up+0x1c1/0x724
> > [ 0.054999] [<ffffffff814bcea6>] ? do_fork_idle+0x0/0x2b
> > [ 0.054999] [<ffffffff814be876>] _cpu_up+0xac/0x127
> > [ 0.054999] [<ffffffff814be946>] cpu_up+0x55/0x6a
> > [ 0.054999] [<ffffffff81ab562a>] kernel_init+0xe1/0x1ff
> > [ 0.054999] [<ffffffff81003854>] kernel_thread_helper+0x4/0x10
> > [ 0.054999] [<ffffffff814c353c>] ? restore_args+0x0/0x30
> > [ 0.054999] [<ffffffff81ab5549>] ? kernel_init+0x0/0x1ff
> > [ 0.054999] [<ffffffff81003850>] ? kernel_thread_helper+0x0/0x10
> > [ 0.056074] Booting Node 0, Processors #1lockdep: fixing up alternatives.
> > [ 0.130045] #2lockdep: fixing up alternatives.
> > [ 0.203089] #3 Ok.
> > [ 0.275286] Brought up 4 CPUs
> > [ 0.276005] Total of 4 processors activated (16017.17 BogoMIPS).
>
> This does look like a new one, thank you for reporting it!
>
> Here is my analysis, which should at least provide some humor value to
> those who understand the code better than I do. ;-)
>
> So the corresponding rcu_dereference_check() is in
> task_subsys_state_check(), and is fetching the cpu_cgroup_subsys_id
> element of the newly created task's task->cgroups->subsys[] array.
> The "git grep" command finds only three uses of cpu_cgroup_subsys_id,
> but no definition.
>
> Now, fork_idle() invokes copy_process(), which invokes cgroup_fork(),
> which sets the child process's ->cgroups pointer to that of the parent,
> also invoking get_css_set(), which increments the corresponding reference
> count, doing both operations under task_lock() protection (->alloc_lock).
> Because fork_idle() does not specify any of CLONE_NEWNS, CLONE_NEWUTS,
> CLONE_NEWIPC, CLONE_NEWPID, or CLONE_NEWNET, copy_namespaces() should
> not create a new namespace, and so there should be no ns_cgroup_clone().
> We should thus retain the parent's ->cgroups pointer. And copy_process()
> installs the new task in the various lists, so that the task is externally
> accessible upon return.
>
> After a non-error return from copy_process(), fork_init() invokes
> init_idle_pid(), which does not appear to affect the task's cgroup
> state. Next fork_init() invokes init_idle(), which in turn invokes
> __set_task_cpu(), which invokes set_task_rq(), which calls task_group()
> several times, which calls task_subsys_state_check(), which calls the
> rcu_dereference_check() that complained above.
>
> However, the result returns by rcu_dereference_check() is stored into
> the task structure:
>
> p->se.cfs_rq = task_group(p)->cfs_rq[cpu];
> p->se.parent = task_group(p)->se[cpu];
>
> This means that the corresponding structure must have been tied down with
> a reference count or some such. If such a reference has been taken, then
> this complaint is a false positive, and could be suppressed by putting
> rcu_read_lock() and rcu_read_unlock() around the call to init_idle()
> from fork_idle(). However, although, reference to the enclosing ->cgroups
> struct css_set is held, it is not clear to me that this reference applies
> to the structures pointed to by the ->subsys[] array, especially given
> that the cgroup_subsys_state structures referenced by this array have
> their own reference count, which does not appear to me to be acquired
> by this code path.
>
> Or are the cgroup_subsys_state structures referenced by idle tasks
> never freed or some such?
I would hope so!, the idle tasks should be part of the root cgroup,
which is not removable.
The problem is that while we do in-fact hold rq->lock, the newly spawned
idle thread's cpu is not yet set to the correct cpu so the lockdep check
in task_group():
lockdep_is_held(&task_rq(p)->lock)
will fail.
But of a chicken and egg problem. Setting the cpu needs to have the cpu
set ;-)
Ingo, why do we have rq->lock there at all? The CPU isn't up and running
yet, nothing should be touching it.
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
---
kernel/sched.c | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/kernel/sched.c b/kernel/sched.c
index bd8b487..6241049 100644
--- a/kernel/sched.c
+++ b/kernel/sched.c
@@ -5332,7 +5332,19 @@ void __cpuinit init_idle(struct task_struct *idle, int cpu)
idle->se.exec_start = sched_clock();
cpumask_copy(&idle->cpus_allowed, cpumask_of(cpu));
+ /*
+ * We're having a chicken and egg problem, even though we are
+ * holding rq->lock, the cpu isn't yet set to this cpu so the
+ * lockdep check in task_group() will fail.
+ *
+ * Similar case to sched_fork(). / Alternatively we could
+ * use task_rq_lock() here and obtain the other rq->lock.
+ *
+ * Silence PROVE_RCU
+ */
+ rcu_read_lock();
__set_task_cpu(idle, cpu);
+ rcu_read_unlock();
rq->curr = rq->idle = idle;
#if defined(CONFIG_SMP) && defined(__ARCH_WANT_UNLOCKED_CTXSW)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

View File

@ -1,85 +0,0 @@
commit 420a0f66378c84b00b0e603e4d38210102dbe367
Author: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Date: Sat Sep 18 10:11:09 2010 -0700
PNPACPI: cope with invalid device IDs
If primary ID (HID) is invalid try locating first valid ID on compatible
ID list before giving up.
This helps, for example, to recognize i8042 AUX port on Sony Vaio VPCZ1
which uses SNYSYN0003 as HID. Without the patch users are forced to
boot with i8042.nopnp to make use of their touchpads.
Tested-by: Jan-Hendrik Zab <jan@jhz.name>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Len Brown <len.brown@intel.com>
diff --git a/drivers/pnp/pnpacpi/core.c b/drivers/pnp/pnpacpi/core.c
index dc4e32e..0d943ee 100644
--- a/drivers/pnp/pnpacpi/core.c
+++ b/drivers/pnp/pnpacpi/core.c
@@ -28,7 +28,7 @@
#include "../base.h"
#include "pnpacpi.h"
-static int num = 0;
+static int num;
/* We need only to blacklist devices that have already an acpi driver that
* can't use pnp layer. We don't need to blacklist device that are directly
@@ -180,11 +180,24 @@ struct pnp_protocol pnpacpi_protocol = {
};
EXPORT_SYMBOL(pnpacpi_protocol);
+static char *pnpacpi_get_id(struct acpi_device *device)
+{
+ struct acpi_hardware_id *id;
+
+ list_for_each_entry(id, &device->pnp.ids, list) {
+ if (ispnpidacpi(id->id))
+ return id->id;
+ }
+
+ return NULL;
+}
+
static int __init pnpacpi_add_device(struct acpi_device *device)
{
acpi_handle temp = NULL;
acpi_status status;
struct pnp_dev *dev;
+ char *pnpid;
struct acpi_hardware_id *id;
/*
@@ -192,11 +205,17 @@ static int __init pnpacpi_add_device(struct acpi_device *device)
* driver should not be loaded.
*/
status = acpi_get_handle(device->handle, "_CRS", &temp);
- if (ACPI_FAILURE(status) || !ispnpidacpi(acpi_device_hid(device)) ||
- is_exclusive_device(device) || (!device->status.present))
+ if (ACPI_FAILURE(status))
+ return 0;
+
+ pnpid = pnpacpi_get_id(device);
+ if (!pnpid)
+ return 0;
+
+ if (is_exclusive_device(device) || !device->status.present)
return 0;
- dev = pnp_alloc_dev(&pnpacpi_protocol, num, acpi_device_hid(device));
+ dev = pnp_alloc_dev(&pnpacpi_protocol, num, pnpid);
if (!dev)
return -ENOMEM;
@@ -227,7 +246,7 @@ static int __init pnpacpi_add_device(struct acpi_device *device)
pnpacpi_parse_resource_option_data(dev);
list_for_each_entry(id, &device->pnp.ids, list) {
- if (!strcmp(id->id, acpi_device_hid(device)))
+ if (!strcmp(id->id, pnpid))
continue;
if (!ispnpidacpi(id->id))
continue;

View File

@ -1,32 +0,0 @@
commit b7d8cce5b558e0c0aa6898c9865356481598b46d
Author: Alex Deucher <alexdeucher@gmail.com>
Date: Mon Oct 25 19:44:00 2010 -0400
drm/radeon/kms: MC vram map needs to be >= pci aperture size
The vram map in the radeon memory controller needs to be
>= the pci aperture size. Fixes:
https://bugs.freedesktop.org/show_bug.cgi?id=28402
The problematic cards in the above bug have 64 MB of vram,
but the pci aperture is 128 MB and the MC vram map was only
64 MB. This can lead to hangs.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
diff --git a/drivers/gpu/drm/radeon/r100.c b/drivers/gpu/drm/radeon/r100.c
index 6112ac9..6d1540c 100644
--- a/drivers/gpu/drm/radeon/r100.c
+++ b/drivers/gpu/drm/radeon/r100.c
@@ -2270,6 +2270,9 @@ void r100_vram_init_sizes(struct radeon_device *rdev)
/* Fix for RN50, M6, M7 with 8/16/32(??) MBs of VRAM -
* Novell bug 204882 + along with lots of ubuntu ones
*/
+ if (rdev->mc.aper_size > config_aper_size)
+ config_aper_size = rdev->mc.aper_size;
+
if (config_aper_size > rdev->mc.real_vram_size)
rdev->mc.mc_vram_size = config_aper_size;
else

View File

@ -1,2 +1,3 @@
61f3739a73afb6914cb007f37fb09b62 linux-2.6.36.tar.bz2 61f3739a73afb6914cb007f37fb09b62 linux-2.6.36.tar.bz2
dd38a6caf08df2822f93541ee95aed7d patch-2.6.36.1.bz2 dd38a6caf08df2822f93541ee95aed7d patch-2.6.36.1.bz2
33b11b4b8fcd47601a0e1e51586c4b04 patch-2.6.36.2-rc1.bz2

View File

@ -1,84 +0,0 @@
From jirislaby@gmail.com Thu Nov 25 12:16:42 2010
From: Jiri Slaby <jslaby@suse.cz>
Subject: [PATCH 1/1] TTY: don't allow reopen when ldisc is changing
Date: Thu, 25 Nov 2010 18:16:23 +0100
There are many WARNINGs like the following reported nowadays:
WARNING: at drivers/tty/tty_io.c:1331 tty_open+0x2a2/0x49a()
Hardware name: Latitude E6500
Modules linked in:
Pid: 1207, comm: plymouthd Not tainted 2.6.37-rc3-mmotm1123 #3
Call Trace:
[<ffffffff8103b189>] warn_slowpath_common+0x80/0x98
[<ffffffff8103b1b6>] warn_slowpath_null+0x15/0x17
[<ffffffff8128a3ab>] tty_open+0x2a2/0x49a
[<ffffffff810fd53f>] chrdev_open+0x11d/0x146
...
This means tty_reopen is called without TTY_LDISC set. For further
considerations, note tty_lock is held in tty_open. TTY_LDISC is cleared in:
1) __tty_hangup from tty_ldisc_hangup to tty_ldisc_enable. During this
section tty_lock is held.
2) tty_release via tty_ldisc_release till the end of tty existence. If
tty->count <= 1, tty_lock is taken, TTY_CLOSING bit set and then
tty_ldisc_release called. tty_reopen checks TTY_CLOSING before checking
TTY_LDISC.
3) tty_set_ldisc from tty_ldisc_halt to tty_ldisc_enable. We:
* take tty_lock, set TTY_LDISC_CHANGING, put tty_lock
* call tty_ldisc_halt (clear TTY_LDISC), tty_lock is _not_ held
* do some other work
* take tty_lock, call tty_ldisc_enable (set TTY_LDISC), put
tty_lock
So the only option I see is 3). The solution is to check
TTY_LDISC_CHANGING along with TTY_CLOSING in tty_reopen.
Nicely reproducible with two processes:
while (1) {
fd = open("/dev/ttyS1", O_RDWR);
if (fd < 0) {
warn("open");
continue;
}
close(fd);
}
--------
while (1) {
fd = open("/dev/ttyS1", O_RDWR);
ld1 = 0; ld2 = 2;
while (1) {
ioctl(fd, TIOCSETD, &ld1);
ioctl(fd, TIOCSETD, &ld2);
}
close(fd);
}
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Reported-by: <Valdis.Kletnieks@vt.edu>
Cc: Kyle McMartin <kyle@mcmartin.ca>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
---
drivers/tty/tty_io.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
index c05c5af..878f6d6 100644
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -1310,7 +1310,8 @@ static int tty_reopen(struct tty_struct *tty)
{
struct tty_driver *driver = tty->driver;
- if (test_bit(TTY_CLOSING, &tty->flags))
+ if (test_bit(TTY_CLOSING, &tty->flags) ||
+ test_bit(TTY_LDISC_CHANGING, &tty->flags))
return -EIO;
if (driver->type == TTY_DRIVER_TYPE_PTY &&
--
1.7.3.1

View File

@ -1,54 +0,0 @@
From linux-kernel-owner@vger.kernel.org Wed Nov 24 18:28:11 2010
From: Jiri Slaby <jslaby@suse.cz>
Subject: [PATCH 1/2] TTY: ldisc, fix open flag handling
Date: Thu, 25 Nov 2010 00:27:54 +0100
When a concrete ldisc open fails in tty_ldisc_open, we forget to clear
TTY_LDISC_OPEN. This causes a false warning on the next ldisc open:
WARNING: at drivers/char/tty_ldisc.c:445 tty_ldisc_open+0x26/0x38()
Hardware name: System Product Name
Modules linked in: ...
Pid: 5251, comm: a.out Tainted: G W 2.6.32-5-686 #1
Call Trace:
[<c1030321>] ? warn_slowpath_common+0x5e/0x8a
[<c1030357>] ? warn_slowpath_null+0xa/0xc
[<c119311c>] ? tty_ldisc_open+0x26/0x38
[<c11936c5>] ? tty_set_ldisc+0x218/0x304
...
So clear the bit when failing...
Introduced in c65c9bc3efa (tty: rewrite the ldisc locking) back in
2.6.31-rc1.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Alan Cox <alan@linux.intel.com>
Reported-by: Sergey Lapin <slapin@ossfans.org>
Tested-by: Sergey Lapin <slapin@ossfans.org>
---
drivers/tty/tty_ldisc.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c
index d8e96b0..4214d58 100644
--- a/drivers/char/tty_ldisc.c
+++ b/drivers/char/tty_ldisc.c
@@ -454,6 +454,8 @@ static int tty_ldisc_open(struct tty_struct *tty, struct tty_ldisc *ld)
/* BTM here locks versus a hangup event */
WARN_ON(!tty_locked());
ret = ld->ops->open(tty);
+ if (ret)
+ clear_bit(TTY_LDISC_OPEN, &tty->flags);
return ret;
}
return 0;
--
1.7.3.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

View File

@ -1,76 +0,0 @@
From 9e88e8b9915b5e067507a087437d80e6a133d612 Mon Sep 17 00:00:00 2001
From: Jiri Slaby <jslaby@suse.cz>
Date: Sat, 27 Nov 2010 16:06:46 +0100
Subject: [PATCH 1/1] TTY: open/hangup race fixup
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
drivers/tty/tty_io.c | 10 +++++++++-
include/linux/tty.h | 1 +
2 files changed, 10 insertions(+), 1 deletions(-)
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
index 878f6d6..35480dd 100644
--- a/drivers/char/tty_io.c
+++ b/drivers/char/tty_io.c
@@ -559,6 +559,9 @@ void __tty_hangup(struct tty_struct *tty)
tty_lock();
+ /* some functions below drop BTM, so we need this bit */
+ set_bit(TTY_HUPPING, &tty->flags);
+
/* inuse_filps is protected by the single tty lock,
this really needs to change if we want to flush the
workqueue with the lock held */
@@ -578,6 +581,10 @@ void __tty_hangup(struct tty_struct *tty)
}
spin_unlock(&tty_files_lock);
+ /*
+ * it drops BTM and thus races with reopen
+ * we protect the race by TTY_HUPPING
+ */
tty_ldisc_hangup(tty);
read_lock(&tasklist_lock);
@@ -615,7 +622,6 @@ void __tty_hangup(struct tty_struct *tty)
tty->session = NULL;
tty->pgrp = NULL;
tty->ctrl_status = 0;
- set_bit(TTY_HUPPED, &tty->flags);
spin_unlock_irqrestore(&tty->ctrl_lock, flags);
/* Account for the p->signal references we killed */
@@ -641,6 +647,7 @@ void __tty_hangup(struct tty_struct *tty)
* can't yet guarantee all that.
*/
set_bit(TTY_HUPPED, &tty->flags);
+ clear_bit(TTY_HUPPING, &tty->flags);
tty_ldisc_enable(tty);
tty_unlock();
@@ -1311,6 +1318,7 @@ static int tty_reopen(struct tty_struct *tty)
struct tty_driver *driver = tty->driver;
if (test_bit(TTY_CLOSING, &tty->flags) ||
+ test_bit(TTY_HUPPING, &tty->flags) ||
test_bit(TTY_LDISC_CHANGING, &tty->flags))
return -EIO;
diff --git a/include/linux/tty.h b/include/linux/tty.h
index 032d79f..54e4eaa 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -366,6 +366,7 @@ struct tty_file_private {
#define TTY_HUPPED 18 /* Post driver->hangup() */
#define TTY_FLUSHING 19 /* Flushing to ldisc in progress */
#define TTY_FLUSHPENDING 20 /* Queued buffer flush pending */
+#define TTY_HUPPING 21 /* ->hangup() in progress */
#define TTY_WRITE_FLUSH(tty) tty_write_flush((tty))
--
1.7.3.1

View File

@ -1,117 +0,0 @@
From 4d458f558d5b904f14080b073b549d18c9503f93 Mon Sep 17 00:00:00 2001
From: Jiri Slaby <jslaby@suse.cz>
Date: Sun, 31 Oct 2010 23:17:51 +0100
Subject: TTY: restore tty_ldisc_wait_idle
It was removed in 65b770468e98 (tty-ldisc: turn ldisc user count into
a proper refcount), but we need to wait for last user to quit the
ldisc before we close it in tty_set_ldisc.
Otherwise weird things start to happen. There might be processes
waiting in tty_read->n_tty_read on tty->read_wait for input to appear
and at that moment, a change of ldisc is fatal. n_tty_close is called,
it frees read_buf and the waiting process is still in the middle of
reading and goes nuts after it is woken.
Previously we prevented close to happen when others are in ldisc ops
by tty_ldisc_wait_idle in tty_set_ldisc. But the commit above removed
that. So revoke the change and test whether there is 1 user (=we), and
allow the close then.
We can do that without ldisc/tty locks, because nobody else can open
the device due to TTY_LDISC_CHANGING bit set, so we in fact wait for
everybody to leave.
I don't understand why tty_ldisc_lock would be needed either when the
counter is an atomic variable, so this is a lockless
tty_ldisc_wait_idle.
On the other hand, if we fail to wait (timeout or signal), we have to
reenable the halted ldiscs, so we take ldisc lock and reuse the setup
path at the end of tty_set_ldisc.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Tested-by: Sebastian Andrzej Siewior <bigeasy@breakpoint.cc>
LKML-Reference: <20101031104136.GA511@Chamillionaire.breakpoint.cc>
LKML-Reference: <1287669539-22644-1-git-send-email-jslaby@suse.cz>
Cc: Alan Cox <alan@linux.intel.com>
Cc: stable@kernel.org [32, 33, 36]
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/char/tty_ldisc.c | 29 +++++++++++++++++++++++++++++
1 files changed, 29 insertions(+), 0 deletions(-)
diff --git a/drivers/char/tty_ldisc.c b/drivers/char/tty_ldisc.c
index 412f977..5bbf33a 100644
--- a/drivers/char/tty_ldisc.c
+++ b/drivers/char/tty_ldisc.c
@@ -47,6 +47,7 @@
static DEFINE_SPINLOCK(tty_ldisc_lock);
static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
+static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_idle);
/* Line disc dispatch table */
static struct tty_ldisc_ops *tty_ldiscs[NR_LDISCS];
@@ -83,6 +84,7 @@ static void put_ldisc(struct tty_ldisc *ld)
return;
}
local_irq_restore(flags);
+ wake_up(&tty_ldisc_idle);
}
/**
@@ -531,6 +533,23 @@ static int tty_ldisc_halt(struct tty_struct *tty)
}
/**
+ * tty_ldisc_wait_idle - wait for the ldisc to become idle
+ * @tty: tty to wait for
+ *
+ * Wait for the line discipline to become idle. The discipline must
+ * have been halted for this to guarantee it remains idle.
+ */
+static int tty_ldisc_wait_idle(struct tty_struct *tty)
+{
+ int ret;
+ ret = wait_event_interruptible_timeout(tty_ldisc_idle,
+ atomic_read(&tty->ldisc->users) == 1, 5 * HZ);
+ if (ret < 0)
+ return ret;
+ return ret > 0 ? 0 : -EBUSY;
+}
+
+/**
* tty_set_ldisc - set line discipline
* @tty: the terminal to set
* @ldisc: the line discipline
@@ -634,8 +653,17 @@ int tty_set_ldisc(struct tty_struct *tty, int ldisc)
flush_scheduled_work();
+ retval = tty_ldisc_wait_idle(tty);
+
tty_lock();
mutex_lock(&tty->ldisc_mutex);
+
+ /* handle wait idle failure locked */
+ if (retval) {
+ tty_ldisc_put(new_ldisc);
+ goto enable;
+ }
+
if (test_bit(TTY_HUPPED, &tty->flags)) {
/* We were raced by the hangup method. It will have stomped
the ldisc data and closed the ldisc down */
@@ -669,6 +697,7 @@ int tty_set_ldisc(struct tty_struct *tty, int ldisc)
tty_ldisc_put(o_ldisc);
+enable:
/*
* Allow ldisc referencing to occur again
*/
--
1.7.3.2

View File

@ -1240,9 +1240,9 @@ index 34a60d9..b6d8033 100644
* *
* xHC interrupts have been disabled and a watchdog timer will (or has already) * xHC interrupts have been disabled and a watchdog timer will (or has already)
@@ -1199,6 +1228,10 @@ struct xhci_hcd { @@ -1199,6 +1228,10 @@ struct xhci_hcd {
#define XHCI_LINK_TRB_QUIRK (1 << 0) /* Array of pointers to USB 2.0 PORTSC registers */
#define XHCI_RESET_EP_QUIRK (1 << 1) u32 __iomem **usb2_ports;
#define XHCI_NEC_HOST (1 << 2) unsigned int num_usb2_ports;
+ u32 port_c_suspend[8]; /* port suspend change*/ + u32 port_c_suspend[8]; /* port suspend change*/
+ u32 suspended_ports[8]; /* which ports are + u32 suspended_ports[8]; /* which ports are
+ suspended */ + suspended */