Release linux (4.9.18-1).
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAljcf5EACgkQ57/I7JWG EQmFcQ/8DoBxenUbNW5cY+YbwBKsjuBb8Q6gnqQLOX/JtOJ8MtpQ1t2QQPvMYdXJ PTcNZAKm8mrsWJxos9WsUHjkdrfuLAsMTisC5FvDkE6myBt++GH3gRtKCT0A2nep ZU17YeHYfcqv6UK90Jg0p+xAKQEEqKZrryP7fvb8oX5wOORwlLMxBScErftbB/vV hBvwybq7gfA/4KxDTnWgadpidg16/67ZgKd0EoSsbCpFAJble/hRroMwzKUSzFW+ 2yFxrmUNFoIXddoDtORNNdK0nM6b2MKeWKjmndknz4QehlayZWCg1+mEjp7A7Wqp 9naONqhQWMibARGkDl5Y7SZ9/XJXjPmDFXi3EIbhrWMN2TUkzUN14A1YHw+M9p5Q 9UbnpI6eDxjvlezcPjqucIM0ywFwljBrDsQXfGsR6ogQbYvA7nJ0dK63/EXzvl1U UGUBwHtDhLHxtv85/JsUqq9/UVGbZjcHvyEfmE1mvbMcNxkSLSewt+jd78h7xIyL tOZP24ARPKqcQ1detou47o8cMmwTqVl6xu08w83xin2Xux+UlYFTtI/LVws3oYNb F3uEzIgtJbu7ENxCkY5RmIJG9qRJZJ2f6dnpLLld6D52paD5OYNrk1NShtf/Dp+r zjJoiIRTcO9fPatjl07Y2eDeFeo2SKoD+Xd/5nGDoytE6JiDEXg= =ONVb -----END PGP SIGNATURE----- Merge tag 'debian/4.9.18-1' Drop ABI reference files. Refresh/drop patches as needed.
This commit is contained in:
commit
459f0a48e4
|
@ -68,6 +68,527 @@ linux (4.10~rc6-1~exp1) experimental; urgency=medium
|
|||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Tue, 31 Jan 2017 15:33:20 +0000
|
||||
|
||||
linux (4.9.18-1) unstable; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.17
|
||||
- net/mlx5e: Register/unregister vport representors on interface
|
||||
attach/detach
|
||||
- net/mlx5e: Do not reduce LRO WQE size when not using build_skb
|
||||
- net/mlx5e: Fix wrong CQE decompression
|
||||
- vxlan: correctly validate VXLAN ID against VXLAN_N_VID
|
||||
- vti6: return GRE_KEY for vti6
|
||||
- vxlan: don't allow overwrite of config src addr
|
||||
- ipv4: mask tos for input route
|
||||
- net sched actions: decrement module reference count after table flush.
|
||||
- l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
|
||||
- net: phy: Avoid deadlock during phy_error()
|
||||
- vxlan: lock RCU on TX path
|
||||
- geneve: lock RCU on TX path
|
||||
- tcp/dccp: block BH for SYN processing
|
||||
- net: bridge: allow IPv6 when multicast flood is disabled
|
||||
- net: don't call strlen() on the user buffer in packet_bind_spkt()
|
||||
- net: net_enable_timestamp() can be called from irq contexts
|
||||
- ipv6: orphan skbs in reassembly unit
|
||||
- dccp: Unlock sock before calling sk_free()
|
||||
- strparser: destroy workqueue on module exit
|
||||
- tcp: fix various issues for sockets morphing to listen state
|
||||
- net: fix socket refcounting in skb_complete_wifi_ack()
|
||||
- net: fix socket refcounting in skb_complete_tx_timestamp()
|
||||
- net/sched: act_skbmod: remove unneeded rcu_read_unlock in tcf_skbmod_dump
|
||||
- dccp: fix use-after-free in dccp_feat_activate_values
|
||||
- vrf: Fix use-after-free in vrf_xmit
|
||||
- net/tunnel: set inner protocol in network gro hooks
|
||||
- act_connmark: avoid crashing on malformed nlattrs with null parms
|
||||
- mpls: Send route delete notifications when router module is unloaded
|
||||
- mpls: Do not decrement alive counter for unregister events
|
||||
- ipv6: make ECMP route replacement less greedy
|
||||
- ipv6: avoid write to a possibly cloned skb
|
||||
- bridge: drop netfilter fake rtable unconditionally
|
||||
- dccp/tcp: fix routing redirect race
|
||||
- tun: fix premature POLLOUT notification on tun devices
|
||||
- dccp: fix memory leak during tear-down of unsuccessful connection request
|
||||
- bpf: Detect identical PTR_TO_MAP_VALUE_OR_NULL registers
|
||||
- bpf: fix state equivalence
|
||||
- bpf: fix regression on verifier pruning wrt map lookups
|
||||
- bpf: fix mark_reg_unknown_value for spilled regs on map value marking
|
||||
- dmaengine: iota: ioat_alloc_chan_resources should not perform sleeping
|
||||
allocations.
|
||||
- xen: do not re-use pirq number cached in pci device msi msg data
|
||||
- igb: Workaround for igb i210 firmware issue
|
||||
- igb: add i211 to i210 PHY workaround
|
||||
- [x86] hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic
|
||||
- PCI: Separate VF BAR updates from standard BAR updates
|
||||
- PCI: Remove pci_resource_bar() and pci_iov_resource_bar()
|
||||
- PCI: Decouple IORESOURCE_ROM_ENABLE and PCI_ROM_ADDRESS_ENABLE
|
||||
- PCI: Don't update VF BARs while VF memory space is enabled
|
||||
- PCI: Update BARs using property bits appropriate for type
|
||||
- PCI: Ignore BAR updates on virtual functions
|
||||
- PCI: Do any VF BAR updates before enabling the BARs
|
||||
- [powerpc*] ibmveth: calculate gso_segs for large packets
|
||||
- [x86] Drivers: hv: ring_buffer: count on wrap around mappings in
|
||||
get_next_pkt_raw() (v2)
|
||||
- vfio/spapr: Postpone allocation of userspace version of TCE table
|
||||
- [powerpc*] iommu: Stop using @current in mm_iommu_xxx
|
||||
- [powerpc*] vfio/spapr: Reference mm in tce_container
|
||||
- [powerpc*] mm/iommu, vfio/spapr: Put pages on VFIO container shutdown
|
||||
- [powerpc*] vfio/spapr: Add a helper to create default DMA window
|
||||
- [powerpc*] vfio/spapr: Postpone default window creation
|
||||
- drm/nouveau/disp/gp102: fix cursor/overlay immediate channel indices
|
||||
- drm/nouveau/disp/nv50-: split chid into chid.ctrl and chid.user
|
||||
- drm/nouveau/disp/nv50-: specify ctrl/user separately when constructing
|
||||
classes
|
||||
- block: allow WRITE_SAME commands with the SG_IO ioctl
|
||||
- [s390x] zcrypt: Introduce CEX6 toleration
|
||||
- uvcvideo: uvc_scan_fallback() for webcams with broken chain
|
||||
- [x86] ACPI / blacklist: add _REV quirks for Dell Precision 5520 and 3520
|
||||
- [x86] ACPI / blacklist: Make Dell Latitude 3350 ethernet work
|
||||
- serial: 8250_pci: Detach low-level driver during PCI error recovery
|
||||
- [armhf] clk: bcm2835: Fix ->fixed_divider of pllh_aux
|
||||
- [armhf] drm/vc4: Fix race between page flip completion event and clean-up
|
||||
- [armhf] drm/vc4: Fix ->clock_select setting for the VEC encoder
|
||||
- [arm64] KVM: VHE: Clear HCR_TGE when invalidating guest TLBs
|
||||
- [armhf,arm64] irqchip/gicv3-its: Add workaround for QDF2400 ITS erratum
|
||||
0065
|
||||
- [x86] tsc: Fix ART for TSC_KNOWN_FREQ
|
||||
- [x86] perf: Fix CR4.PCE propagation to use active_mm instead of mm
|
||||
- futex: Fix potential use-after-free in FUTEX_REQUEUE_PI
|
||||
- futex: Add missing error handling to FUTEX_REQUEUE_PI
|
||||
- locking/rwsem: Fix down_write_killable() for
|
||||
CONFIG_RWSEM_GENERIC_SPINLOCK=y
|
||||
- [powerpc*] crypto: Fix initialisation of crc32c context
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.18
|
||||
- [armhf] drm/vc4: Fix termination of the initial scan for branch targets.
|
||||
- [armhf] drm/vc4: Use runtime autosuspend to avoid thrashing V3D power
|
||||
state.
|
||||
- qla2xxx: Fix memory leak for abts processing
|
||||
- qla2xxx: Fix request queue corruption.
|
||||
- [hppa] Optimize flush_kernel_vmap_range and invalidate_kernel_vmap_range
|
||||
- [hppa] Fix system shutdown halt
|
||||
- perf/core: Fix use-after-free in perf_release()
|
||||
- perf/core: Fix event inheritance on fork()
|
||||
- NFS prevent double free in async nfs4_exchange_id
|
||||
- cpufreq: Fix and clean up show_cpuinfo_cur_freq()
|
||||
- [powerpc*] boot: Fix zImage TOC alignment
|
||||
- md/raid1/10: fix potential deadlock
|
||||
- target/pscsi: Fix TYPE_TAPE + TYPE_MEDIMUM_CHANGER export
|
||||
- scsi: lpfc: Add shutdown method for kexec
|
||||
- scsi: libiscsi: add lock around task lists to fix list corruption
|
||||
regression
|
||||
- target: Fix VERIFY_16 handling in sbc_parse_cdb
|
||||
- isdn/gigaset: fix NULL-deref at probe
|
||||
- gfs2: Avoid alignment hole in struct lm_lockname
|
||||
- percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages
|
||||
- cgroup/pids: remove spurious suspicious RCU usage warning
|
||||
- [x86] drm/amdgpu/si: add dpm quirk for Oland
|
||||
- ext4: fix fencepost in s_first_meta_bg validation (Closes: #856808)
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* [powerpc*] Ignore ABI changes in cxl (fixes FTBFS) (Closes: #858530)
|
||||
and IOMMU setup
|
||||
* Ignore ABI changes in bpf, dccp, libiscsi
|
||||
* [x86] Ignore ABI changes in kvm
|
||||
* [rt] Update to 4.9.18-rt14:
|
||||
- lockdep: Fix per-cpu static objects
|
||||
- futex: Cleanup variable names for futex_top_waiter()
|
||||
- futex: Use smp_store_release() in mark_wake_futex()
|
||||
- futex: Remove rt_mutex_deadlock_account_*()
|
||||
- futex,rt_mutex: Provide futex specific rt_mutex API
|
||||
- futex: Change locking rules
|
||||
- futex: Cleanup refcounting
|
||||
- futex: Rework inconsistent rt_mutex/futex_q state
|
||||
- futex: Pull rt_mutex_futex_unlock() out from under hb->lock
|
||||
- futex,rt_mutex: Introduce rt_mutex_init_waiter()
|
||||
- futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
|
||||
- futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock()
|
||||
- futex: Futex_unlock_pi() determinism
|
||||
- futex: Drop hb->lock before enqueueing on the rtmutex
|
||||
- futex: workaround migrate_disable/enable in different context
|
||||
- Revert "kernel/futex: don't deboost too early"
|
||||
* xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
|
||||
(CVE-2017-7184)
|
||||
* xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (CVE-2017-7184)
|
||||
* scsi: sg: check length passed to SG_NEXT_CMD_LEN (CVE-2017-7187)
|
||||
* [x86] vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()
|
||||
(CVE-2017-7261)
|
||||
* [x86] drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
|
||||
(CVE-2017-7294)
|
||||
* net/packet: Fix integer overflow in various range checks (CVE-2017-7308)
|
||||
* [arm64] rtc: tegra: Implement clock handling (Closes: #858514)
|
||||
* [armhf] sound/soc: Enable SND_SUN4I_SPDIF as module (Closes: #857410)
|
||||
* [arm64,x86] Enable CROS_KBD_LED_BACKLIGHT as module (Closes: #856906)
|
||||
* netfilter: nft_ct: add notrack support (Closes: #845500)
|
||||
* w1: Enable W1_MASTER_GPIO as module (Closes: #858975)
|
||||
|
||||
[ James Clarke ]
|
||||
* [sparc64] udeb: Re-add ufs-modules (Closes: #858049)
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Thu, 30 Mar 2017 02:16:33 +0100
|
||||
|
||||
linux (4.9.16-1) unstable; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.14
|
||||
- [mips*] Fix special case in 64 bit IP checksumming.
|
||||
- [mips*/octeon] Fix copy_from_user fault handling for large buffers
|
||||
- mmc: sdhci-acpi: support deferred probe
|
||||
- uvcvideo: Fix a wrong macro
|
||||
- media: fix dm1105.c build error
|
||||
- lirc_dev: LIRC_{G,S}ET_REC_MODE do not work
|
||||
- media: Properly pass through media entity types in entity enumeration
|
||||
- ext4: fix deadlock between inline_data and ext4_expand_extra_isize_ea()
|
||||
- [x86] ALSA: hda/realtek - Cannot adjust speaker's volume on a Dell AIO
|
||||
- [x86] ALSA: hda - fix Lewisburg audio issue
|
||||
- ALSA: timer: Reject user params with too small ticks
|
||||
- ALSA: ctxfi: Fallback DMA mask to 32bit
|
||||
- ALSA: seq: Fix link corruption by event error handling
|
||||
- [x86] ALSA: hda - Add subwoofer support for Dell Inspiron 17 7000 Gaming
|
||||
- [x86] ALSA: hda - Fix micmute hotkey problem for a lenovo AIO machine
|
||||
- hwmon: (it87) Do not overwrite bit 2..6 of pwm control registers
|
||||
- hwmon: (it87) Ensure that pwm control cache is current before updating
|
||||
values
|
||||
- [x86] staging/lustre/lnet: Fix allocation size for sv_cpt_data
|
||||
- staging: rtl: fix possible NULL pointer dereference
|
||||
- regulator: Fix regulator_summary for deviceless consumers
|
||||
- tpm_tis: fix the error handling of init_tis()
|
||||
- [x86] iommu/vt-d: Fix some macros that are incorrectly specified in
|
||||
intel-iommu
|
||||
- [x86] iommu/vt-d: Tylersburg isoch identity map check is done too late.
|
||||
- CIFS: Fix splice read for non-cached files
|
||||
- [x86] mm, devm_memremap_pages: hold device_hotplug lock over
|
||||
mem_hotplug_{begin, done}
|
||||
- mm/page_alloc: fix nodes for reclaim in fast path
|
||||
- mm: vmpressure: fix sending wrong events on underflow
|
||||
- mm: do not access page->mapping directly on page_endio
|
||||
- mm balloon: umount balloon_mnt when removing vb device
|
||||
- mm, vmscan: cleanup lru size claculations
|
||||
- mm, vmscan: consider eligible zones in get_scan_count
|
||||
- sigaltstack: support SS_AUTODISARM for CONFIG_COMPAT
|
||||
- PM / devfreq: Fix available_governor sysfs
|
||||
- PM / devfreq: Fix wrong trans_stat of passive devfreq device
|
||||
- dm cache: fix corruption seen when using cache > 2TB
|
||||
- dm stats: fix a leaked s->histogram_boundaries array
|
||||
- dm round robin: revert "use percpu 'repeat_count' and 'current_path'"
|
||||
- dm raid: fix data corruption on reshape request
|
||||
- [x86] scsi: storvsc: use tagged SRB requests if supported by the device
|
||||
- [x86] scsi: storvsc: properly handle SRB_ERROR when sense message is
|
||||
present
|
||||
- [x86] scsi: storvsc: properly set residual data length on errors
|
||||
- scsi: aacraid: Reorder Adapter status check
|
||||
- scsi: use 'scsi_device_from_queue()' for scsi_dh
|
||||
- Fix: Disable sys_membarrier when nohz_full is enabled
|
||||
- jbd2: don't leak modified metadata buffers on an aborted journal
|
||||
- block/loop: fix race between I/O and set_status
|
||||
- loop: fix LO_FLAGS_PARTSCAN hang
|
||||
- ext4: Include forgotten start block on fallocate insert range
|
||||
- ext4: do not polute the extents cache while shifting extents
|
||||
- ext4: trim allocation requests to group size
|
||||
- ext4: fix data corruption in data=journal mode
|
||||
- ext4: fix use-after-iput when fscrypt contexts are inconsistent
|
||||
- ext4: fix inline data error paths
|
||||
- ext4: preserve the needs_recovery flag when the journal is aborted
|
||||
- ext4: return EROFS if device is r/o and journal replay is needed
|
||||
- mei: remove support for broken parallel read
|
||||
- ath10k: fix boot failure in UTF mode/testmode
|
||||
- ath5k: drop bogus warning on drv_set_key with unsupported cipher
|
||||
- ath9k: fix race condition in enabling/disabling IRQs
|
||||
- ath9k: use correct OTP register offsets for the AR9340 and AR9550
|
||||
- [x86] PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal
|
||||
- [x86] Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()
|
||||
- perf callchain: Reference count maps
|
||||
- crypto: testmgr - Pad aes_ccm_enc_tv_template vector
|
||||
- fuse: add missing FR_FORCE
|
||||
- [x86] pkeys: Check against max pkey to avoid overflows
|
||||
- [armhf,arm64] KVM: Enforce unconditional flush to PoC when mapping to
|
||||
stage-2
|
||||
- [arm64] dma-mapping: Fix dma_mapping_error() when bypassing SWIOTLB
|
||||
- [arm64] fix erroneous __raw_read_system_reg() cases
|
||||
- [armhf,arm64] KVM: vgic: Stop injecting the MSI occurrence twice
|
||||
- can: gs_usb: Don't use stack memory for USB transfers
|
||||
- can: usb_8dev: Fix memory leak of priv->cmd_msg_buffer
|
||||
- w1: don't leak refcount on slave attach failure in
|
||||
w1_attach_slave_device()
|
||||
- w1: ds2490: USB transfer buffers need to be DMAable
|
||||
- usb: dwc3: gadget: skip Set/Clear Halt when invalid
|
||||
- usb: host: xhci: plat: check hcc_params after add hcd
|
||||
- usb: gadget: udc-core: Rescan pending list on driver unbind
|
||||
- usb: gadget: f_hid: fix: Free out requests
|
||||
- usb: gadget: f_hid: fix: Prevent accessing released memory
|
||||
- usb: gadget: f_hid: Use spinlock instead of mutex
|
||||
- [x86] hv: allocate synic pages for all present CPUs
|
||||
- [x86] hv: init percpu_list in hv_synic_alloc()
|
||||
- [x86] hv: don't reset hv_context.tsc_page on crash
|
||||
- [x86] Drivers: hv: vmbus: Prevent sending data on a rescinded channel
|
||||
- [x86] Drivers: hv: vmbus: Fix a rescind handling bug
|
||||
- [x86] Drivers: hv: util: kvp: Fix a rescind processing issue
|
||||
- [x86] Drivers: hv: util: Fcopy: Fix a rescind processing issue
|
||||
- [x86] Drivers: hv: util: Backup: Fix a rescind processing issue
|
||||
- RDMA/core: Fix incorrect structure packing for booleans
|
||||
- rdma_cm: fail iwarp accepts w/o connection params
|
||||
- gfs2: Add missing rcu locking for glock lookup
|
||||
- [arm64] remoteproc: qcom: mdt_loader: Don't overwrite firmware object
|
||||
- rtlwifi: Fix alignment issues
|
||||
- rtlwifi: rtl8192c-common: Fix "BUG: KASAN:
|
||||
- [m68k] VME: restore bus_remove function causing incomplete module unload
|
||||
- nfsd: minor nfsd_setattr cleanup
|
||||
- nfsd: special case truncates some more
|
||||
- NFSv4: Fix memory and state leak in _nfs4_open_and_get_state
|
||||
- NFSv4: Fix reboot recovery in copy offload
|
||||
- pNFS/flexfiles: If the layout is invalid, it must be updated before
|
||||
retrying
|
||||
- NFSv4: fix getacl head length estimation
|
||||
- NFSv4: fix getacl ERANGE for some ACL buffer sizes
|
||||
- f2fs: fix a problem of using memory after free
|
||||
- f2fs: fix multiple f2fs_add_link() calls having same name
|
||||
- f2fs: add ovp valid_blocks check for bg gc victim to fg_gc
|
||||
- f2fs: avoid to issue redundant discard commands
|
||||
- [armhf] rtc: sun6i: Disable the build as a module
|
||||
- [armhf] rtc: sun6i: Add some locking
|
||||
- [armhf] rtc: sun6i: Switch to the external oscillator
|
||||
- md linear: fix a race between linear_add() and linear_congested()
|
||||
- bcma: use (get|put)_device when probing/removing device driver
|
||||
- [armhf] dmaengine: ipu: Make sure the interrupt routine checks all
|
||||
interrupts.
|
||||
- xprtrdma: Fix Read chunk padding
|
||||
- xprtrdma: Per-connection pad optimization
|
||||
- xprtrdma: Disable pad optimization by default
|
||||
- xprtrdma: Reduce required number of send SGEs
|
||||
- [powerpc*] xmon: Fix data-breakpoint
|
||||
- [powerpc*] mm: Add MMU_FTR_KERNEL_RO to possible feature mask
|
||||
- [powerpc*] mm/hash: Always clear UPRT and Host Radix bits when setting up
|
||||
CPU
|
||||
- scsi: lpfc: Correct WQ creation for pagesize
|
||||
- ceph: update readpages osd request according to size of pages
|
||||
- netfilter: conntrack: remove GC_MAX_EVICTS break
|
||||
- netfilter: conntrack: refine gc worker heuristics, redux
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.15
|
||||
- tty: n_hdlc: get rid of racy n_hdlc.tbuf (CVE-2017-2636)
|
||||
(Closes: #858122)
|
||||
- serial: 8250_pci: Add MKS Tenta SCOM-0800 and SCOM-0801 cards
|
||||
- [s390x] KVM: Disable dirty log retrieval for UCONTROL guests
|
||||
- [x86] KVM: VMX: use correct vmcs_read/write for guest segment
|
||||
selector/base
|
||||
- Bluetooth: Add another AR3012 04ca:3018 device
|
||||
- [s390x] qdio: clear DSCI prior to scanning multiple input queues
|
||||
- [s390x] dcssblk: fix device size calculation in dcssblk_direct_access()
|
||||
- [s390x] kdump: Use "LINUX" ELF note name instead of "CORE"
|
||||
- [s390x] chsc: Add exception handler for CHSC instruction
|
||||
- [s390x] TASK_SIZE for kernel threads
|
||||
- [s390x] make setup_randomness work
|
||||
- [s390x] use correct input data address for setup_randomness
|
||||
- [armhf] net: mvpp2: fix DMA address calculation in mvpp2_txq_inc_put()
|
||||
- [powerpc*] cxl: Prevent read/write to AFU config space while AFU not
|
||||
configured
|
||||
- [powerpc*] cxl: fix nested locking hang during EEH hotplug
|
||||
- brcmfmac: fix incorrect event channel deduction
|
||||
- mnt: Tuck mounts under others instead of creating shadow/side mounts.
|
||||
- IB/ipoib: Fix deadlock between rmmod and set_mode
|
||||
- IB/IPoIB: Add destination address when re-queue packet
|
||||
- IB/mlx5: Fix out-of-bound access
|
||||
- IB/SRP: Avoid using IB_MR_TYPE_SG_GAPS
|
||||
- IB/srp: Avoid that duplicate responses trigger a kernel bug
|
||||
- IB/srp: Fix race conditions related to task management
|
||||
- fs: Better permission checking for submounts
|
||||
- ceph: remove req from unsafe list when unregistering it
|
||||
- [powerpc*] pci/hotplug/pnv-php: Remove WARN_ON() in pnv_php_put_slot()
|
||||
- [powerpc*] pci/hotplug/pnv-php: Disable surprise hotplug capability on
|
||||
conflicts
|
||||
- target: Fix NULL dereference during LUN lookup + active I/O shutdown
|
||||
- [powerpc*] drivers/pci/hotplug: Handle presence detection change
|
||||
properly
|
||||
- [powerpc*] drivers/pci/hotplug: Fix initial state for empty slot
|
||||
- nlm: Ensure callback code also checks that the files match
|
||||
- nfit, libnvdimm: fix interleave set cookie calculation
|
||||
- mac80211: flush delayed work when entering suspend
|
||||
- mac80211: don't reorder frames with SN smaller than SSN
|
||||
- mac80211: don't handle filtered frames within a BA session
|
||||
- mac80211: use driver-indicated transmitter STA only for data frames
|
||||
- [x86] drm/amdgpu: add more cases to DCE11 possible crtc mask setup
|
||||
- [arm64,powerpc*,x86] drm/ast: Fix test for VGA enabled
|
||||
- [arm64,powerpc*,x86] drm/ast: Call open_key before enable_mmio in POST
|
||||
code
|
||||
- [arm64,powerpc*,x86] drm/ast: Fix AST2400 POST failure without BMC FW or
|
||||
VBIOS
|
||||
- drm/edid: Add EDID_QUIRK_FORCE_8BPC quirk for Rotel RSX-1058
|
||||
- [x86] drm/vmwgfx: Work around drm removal of control nodes
|
||||
- [armhf] dmaengine: imx-sdma - correct the dma transfer residue
|
||||
calculation
|
||||
- drm/atomic: fix an error code in mode_fixup()
|
||||
- [x86] drm/i915/gvt: Disable access to stolen memory as a guest
|
||||
- drm: Cancel drm_fb_helper_dirty_work on unload
|
||||
- drm: Cancel drm_fb_helper_resume_work on unload
|
||||
- [x86] drm/i915: Avoid spurious WARNs about the wrong pipe in the PPS
|
||||
code
|
||||
- [x86] drm/i915: Fix not finding the VBT when it overlaps with
|
||||
OPREGION_ASLE_EXT
|
||||
- libceph: use BUG() instead of BUG_ON(1)
|
||||
- [x86] mm: fix gup_pte_range() vs DAX mappings
|
||||
- [x86] tlb: Fix tlb flushing when lguest clears PGE
|
||||
- thp: fix another corner case of munlock() vs. THPs
|
||||
- mm: do not call mem_cgroup_free() from within mem_cgroup_alloc()
|
||||
- fat: fix using uninitialized fields of fat_inode/fsinfo_inode
|
||||
- [x86] drivers: hv: Turn off write permission on the hypercall page
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.16
|
||||
- USB: serial: digi_acceleport: fix OOB data sanity check
|
||||
- USB: serial: digi_acceleport: fix OOB-event processing
|
||||
- crypto: improve gcc optimization flags for serpent and wp512
|
||||
- ucount: Remove the atomicity from ucount->count (CVE-2017-6874)
|
||||
- dw2102: don't do DMA on stack
|
||||
- i2c: add missing of_node_put in i2c_mux_del_adapters
|
||||
- [ppc64el] Emulation support for load/store instructions on LE
|
||||
- [powerpc*] xics: Work around limitations of OPAL XICS priority handling
|
||||
- PCI: Prevent VPD access for QLogic ISP2722
|
||||
- usb: gadget: dummy_hcd: clear usb_gadget region before registration
|
||||
- usb: dwc3: gadget: make Set Endpoint Configuration macros safe
|
||||
- [armhf] usb: dwc3-omap: Fix missing break in dwc3_omap_set_mailbox()
|
||||
- usb: gadget: function: f_fs: pass companion descriptor along
|
||||
- Revert "usb: gadget: uvc: Add missing call for additional setup data"
|
||||
- usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci
|
||||
controllers
|
||||
- USB: serial: safe_serial: fix information leak in completion handler
|
||||
- USB: serial: omninet: fix reference leaks at open
|
||||
- USB: iowarrior: fix NULL-deref at probe (CVE-2016-2188)
|
||||
- USB: iowarrior: fix NULL-deref in write
|
||||
- USB: serial: io_ti: fix NULL-deref in interrupt callback
|
||||
- USB: serial: io_ti: fix information leak in completion handler
|
||||
- [armhf] serial: samsung: Continue to work if DMA request fails
|
||||
- [s390x] KVM: Fix guest migration for huge guests resulting in panic
|
||||
- [armhf.arm64] KVM: Let vcpu thread modify its own active state
|
||||
- dm: flush queued bios when process blocks to avoid deadlock
|
||||
- rc: raw decoder for keymap protocol is not loaded on register
|
||||
- ext4: don't BUG when truncating encrypted inodes on the orphan list
|
||||
- IB/mlx5: Verify that Q counters are supported
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* [media] dvb-usb: don't use stack for firmware load or reset
|
||||
(Closes: #853894)
|
||||
* Kbuild.include: addtree: Remove quotes before matching path
|
||||
(regression in 4.8) (Closes: #856474)
|
||||
* [rt] Update to 4.9.13-rt12:
|
||||
- timer/hrtimer: check properly for a running timer
|
||||
* [rt] Refresh one patch that had a textual conflict with 4.9.14
|
||||
* Ignore various ABI changes that shouldn't affect OOT modules
|
||||
* userns: Avoid ABI change for CVE-2017-6874 fix
|
||||
* [amd64] Don't WARN about expected W+X pages on Xen (see #852324)
|
||||
* fjes: Disable auto-loading, as this driver matches a very common ACPI ID
|
||||
(Closes: #853976)
|
||||
|
||||
[ Salvatore Bonaccorso ]
|
||||
* ACPI / EC: Use busy polling mode when GPE is not enabled.
|
||||
Thanks to Jakobus Schurz <jakobus.schurz@gmail.com> (Closes: #846792)
|
||||
* Ignore ABI changes for acpi_ec_{add,remove}_query_handler
|
||||
* Ignore ABI change for first_ec (not declared in public header)
|
||||
|
||||
[ Helge Deller ]
|
||||
* [hppa] Switch to debian default config option for bonding, irda and atalk
|
||||
|
||||
-- Salvatore Bonaccorso <carnil@debian.org> Wed, 22 Mar 2017 17:01:40 +0100
|
||||
|
||||
linux (4.9.13-1) unstable; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11
|
||||
- can: Fix kernel panic at security_sock_rcv_skb
|
||||
- net/mlx5e: Fix update of hash function/key via ethtool
|
||||
- net/sched: matchall: Fix configuration race
|
||||
- ipv6: fix ip6_tnl_parse_tlv_enc_lim()
|
||||
- ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()
|
||||
- tcp: fix 0 divide in __tcp_select_window()
|
||||
- stmmac: Discard masked flags in interrupt status register
|
||||
- net: use a work queue to defer net_disable_timestamp() work
|
||||
- netlabel: out of bound access in cipso_v4_validate()
|
||||
- ip6_gre: fix ip6gre_err() invalid reads (CVE-2017-5897)
|
||||
- ipv6: tcp: add a missing tcp_v6_restore_cb()
|
||||
- tcp: avoid infinite loop in tcp_splice_read() (CVE-2017-6214)
|
||||
- tun: read vnet_hdr_sz once
|
||||
- macvtap: read vnet_hdr_size once
|
||||
- rtl8150: Use heap buffers for all register access
|
||||
- catc: Combine failure cleanup code in catc_probe()
|
||||
- catc: Use heap buffer for memory size test
|
||||
- mlx4: Invoke softirqs after napi_reschedule
|
||||
- lwtunnel: valid encap attr check should return 0 when lwtunnel
|
||||
is disabled
|
||||
- sit: fix a double free on error path
|
||||
- net: introduce device min_header_len
|
||||
- packet: round up linear to header len
|
||||
- ping: fix a null pointer dereference
|
||||
- net: dsa: Do not destroy invalid network devices
|
||||
- l2tp: do not use udp_ioctl()
|
||||
- mld: do not remove mld souce list info when set link down
|
||||
- igmp, mld: Fix memory leak in igmpv3/mld_del_delrec()
|
||||
- tcp: fix mark propagation with fwmark_reflect enabled
|
||||
- net/mlx5: Don't unlock fte while still using it
|
||||
- tcp: don't annotate mark on control socket from
|
||||
tcp_v6_send_response()
|
||||
- [x86] fpu/xstate: Fix xcomp_bv in XSAVES header
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.12
|
||||
- vfs: fix uninitialized flags in splice_to_pipe()
|
||||
- siano: make it work again with CONFIG_VMAP_STACK
|
||||
- fuse: fix use after free issue in fuse_dev_do_read()
|
||||
- fuse: fix uninitialized flags in pipe_buffer
|
||||
- mmc: core: fix multi-bit bus width without high-speed mode
|
||||
- [powerpc*/*64*] Disable use of radix under a hypervisor
|
||||
- scsi: don't BUG_ON() empty DMA transfers
|
||||
- Fix missing sanity check in /dev/sg
|
||||
- [x86] Input: elan_i2c - add ELAN0605 to the ACPI table
|
||||
- drm/radeon: Use mode h/vdisplay fields to hide out of bounds HW cursor
|
||||
- drm/dp/mst: fix kernel oops when turning off secondary monitor
|
||||
- futex: Move futex_init() to core_initcall
|
||||
- [armel,armhf] 8658/1: uaccess: fix zeroing of 64-bit get_user()
|
||||
- Revert "i2c: designware: detect when dynamic tar update is possible"
|
||||
- PCI/PME: Restore pcie_pme_driver.remove
|
||||
- printk: use rcuidle console tracepoint
|
||||
- timekeeping: Use deferred printk() in debug code
|
||||
- bcache: Make gc wakeup sane, remove set_task_state()
|
||||
- videodev2.h: go back to limited range Y'CbCr for SRGB and, ADOBERGB
|
||||
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13
|
||||
- net/mlx5e: Disable preemption when doing TC statistics upcall
|
||||
- net/llc: avoid BUG_ON() in skb_orphan() (CVE-2017-6345)
|
||||
- net: ethernet: ti: cpsw: fix cpsw assignment in resume
|
||||
(regression in 4.9)
|
||||
- packet: fix races in fanout_add() (CVE-2017-6346)
|
||||
- packet: Do not call fanout_release from atomic contexts
|
||||
(regression in 4.9)
|
||||
- net: neigh: Fix netevent NETEVENT_DELAY_PROBE_TIME_UPDATE notification
|
||||
- dccp: fix freeing skb too early for IPV6_RECVPKTINFO (CVE-2017-6074)
|
||||
- vxlan: fix oops in dev_fill_metadata_dst (regression in 4.6)
|
||||
- irda: Fix lockdep annotations in hashbin_delete(). (CVE-2017-6348)
|
||||
- ptr_ring: fix race conditions when resizing
|
||||
- ip: fix IP_CHECKSUM handling (regression in 4.0) (CVE-2017-6347)
|
||||
- net: socket: fix recvmmsg not returning error from sock_error
|
||||
(regression in 4.6)
|
||||
- USB: serial: mos7840: fix another NULL-deref at open
|
||||
- USB: serial: ftdi_sio: fix modem-status error handling
|
||||
- USB: serial: ftdi_sio: fix extreme low-latency setting
|
||||
- USB: serial: ftdi_sio: fix line-status over-reporting
|
||||
- USB: serial: spcp8x5: fix modem-status handling
|
||||
- USB: serial: opticon: fix CTS retrieval at open
|
||||
- USB: serial: ark3116: fix register-accessor error handling
|
||||
- netfilter: nf_ct_helper: warn when not applying default helper assignment
|
||||
- block: fix double-free in the failure path of cgwb_bdi_init()
|
||||
- rtlwifi: rtl_usb: Fix for URB leaking when doing ifconfig up/down
|
||||
- xfs: clear delalloc and cache on buffered write failure
|
||||
|
||||
[ Ben Hutchings ]
|
||||
* [armel] dts: kirkwood: Fix SATA pinmux-ing for TS419 (Closes: #855017)
|
||||
* [armhf] Enable DRM_OMAP_PANEL_TPO_TD028TTEC1, PWM_OMAP_DMTIMER as modules
|
||||
(Closes: #855472)
|
||||
* net: Ignore ABI changes to can_rx_register(), ip6_xmit()
|
||||
* net: Avoid ABI change for min_header_len
|
||||
* udeb: Add more USB host and dual-role drivers to usb-modules
|
||||
(Closes: #856111)
|
||||
* [x86] kvm: fix page struct leak in handle_vmon (CVE-2017-2596)
|
||||
* ipc/shm: Fix shmat mmap nil-page protection (CVE-2017-5669)
|
||||
* time: Disable TIMER_STATS (CVE-2017-5967)
|
||||
* sctp: deny peeloff operation on asocs with threads sleeping on it
|
||||
(CVE-2017-6353)
|
||||
* [rt] Update to 4.9.13-rt10:
|
||||
- sched/rt: Add a missing rescheduling point
|
||||
- lockdep: Handle statically initialized PER_CPU locks proper
|
||||
- Change export of rt_mutex_destroy() back to GPL-only
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Mon, 27 Feb 2017 15:58:07 +0000
|
||||
|
||||
linux (4.9.10-1) unstable; urgency=medium
|
||||
|
||||
* New upstream stable update:
|
||||
|
|
|
@ -556,6 +556,7 @@ CONFIG_PINCTRL_QCOM_SSBI_PMIC=y
|
|||
## file: drivers/platform/chrome/Kconfig
|
||||
##
|
||||
CONFIG_CHROME_PLATFORMS=y
|
||||
CONFIG_CROS_KBD_LED_BACKLIGHT=m
|
||||
|
||||
##
|
||||
## file: drivers/power/reset/Kconfig
|
||||
|
|
|
@ -305,6 +305,7 @@ CONFIG_DRM_OMAP_ENCODER_TPD12S015=m
|
|||
CONFIG_DRM_OMAP_CONNECTOR_HDMI=m
|
||||
CONFIG_DRM_OMAP_CONNECTOR_ANALOG_TV=m
|
||||
CONFIG_DRM_OMAP_PANEL_SONY_ACX565AKM=m
|
||||
CONFIG_DRM_OMAP_PANEL_TPO_TD028TTEC1=m
|
||||
CONFIG_DRM_OMAP_PANEL_TPO_TD043MTEA1=m
|
||||
|
||||
##
|
||||
|
@ -918,6 +919,7 @@ CONFIG_AXP20X_POWER=m
|
|||
CONFIG_PWM=y
|
||||
CONFIG_PWM_BCM2835=m
|
||||
CONFIG_PWM_IMX=m
|
||||
CONFIG_PWM_OMAP_DMTIMER=m
|
||||
CONFIG_PWM_ROCKCHIP=m
|
||||
CONFIG_PWM_SAMSUNG=m
|
||||
CONFIG_PWM_SUN4I=m
|
||||
|
@ -1304,6 +1306,7 @@ CONFIG_SND_SOC_ROCKCHIP_RT5645=m
|
|||
## file: sound/soc/sunxi/Kconfig
|
||||
##
|
||||
CONFIG_SND_SUN4I_CODEC=m
|
||||
CONFIG_SND_SUN4I_SPDIF=m
|
||||
|
||||
##
|
||||
## file: sound/soc/tegra/Kconfig
|
||||
|
|
|
@ -5830,7 +5830,7 @@ CONFIG_SCHED_DEBUG=y
|
|||
CONFIG_SCHEDSTATS=y
|
||||
CONFIG_SCHED_STACK_END_CHECK=y
|
||||
# CONFIG_DEBUG_TIMEKEEPING is not set
|
||||
CONFIG_TIMER_STATS=y
|
||||
# CONFIG_TIMER_STATS is not set
|
||||
CONFIG_DEBUG_PREEMPT=y
|
||||
# CONFIG_DEBUG_RT_MUTEXES is not set
|
||||
# CONFIG_DEBUG_SPINLOCK is not set
|
||||
|
|
|
@ -2,15 +2,45 @@
|
|||
abiname: trunk
|
||||
ignore-changes:
|
||||
__cpuhp_*
|
||||
bpf_analyzer
|
||||
cxl_*
|
||||
mm_iommu_*
|
||||
register_cxl_calls
|
||||
unregister_cxl_calls
|
||||
module:arch/x86/kvm/*
|
||||
module:drivers/hv/*
|
||||
module:drivers/iio/common/st_sensors/**
|
||||
module:drivers/net/wireless/**
|
||||
module:drivers/nvdimm/*
|
||||
module:drivers/power/supply/bq27xxx_battery
|
||||
module:drivers/scsi/cxgbi/*
|
||||
module:drivers/scsi/libiscs*
|
||||
module:drivers/scsi/qla2xxx/qla2xxx
|
||||
module:drivers/scsi/ufs/*
|
||||
module:drivers/target/**
|
||||
module:drivers/usb/host/**
|
||||
module:drivers/usb/musb/**
|
||||
module:net/ceph/libceph
|
||||
# btree library is only selected by few drivers so not useful OOT
|
||||
btree_*
|
||||
visitor*
|
||||
# Exported for related protocols only
|
||||
can_rx_register
|
||||
ip6_xmit
|
||||
module:net/dccp/dccp
|
||||
module:net/rds/rds
|
||||
# devfreq is unlikely to be useful for OOT modules
|
||||
devfreq_*
|
||||
devm_devfreq_*
|
||||
update_devfreq
|
||||
# Assume IB drivers are added/updated through OFED, which also updates IB core
|
||||
module:drivers/infiniband/**
|
||||
# Declared in private header, not usable OOT
|
||||
acpi_ec_add_query_handler
|
||||
acpi_ec_remove_query_handler
|
||||
first_ec
|
||||
# Exported for tracefs only
|
||||
debugfs_create_automount
|
||||
|
||||
[base]
|
||||
arches:
|
||||
|
|
|
@ -118,7 +118,6 @@ CONFIG_KEYBOARD_HIL=m
|
|||
## file: drivers/input/misc/Kconfig
|
||||
##
|
||||
CONFIG_INPUT_MISC=y
|
||||
# CONFIG_INPUT_UINPUT is not set
|
||||
# CONFIG_HP_SDC_RTC is not set
|
||||
|
||||
##
|
||||
|
@ -165,18 +164,6 @@ CONFIG_SERIO_RAW=m
|
|||
##
|
||||
# CONFIG_MTD is not set
|
||||
|
||||
##
|
||||
## file: drivers/net/Kconfig
|
||||
##
|
||||
# CONFIG_BONDING is not set
|
||||
# CONFIG_EQUALIZER is not set
|
||||
# CONFIG_NET_FC is not set
|
||||
|
||||
##
|
||||
## file: drivers/net/appletalk/Kconfig
|
||||
##
|
||||
# CONFIG_ATALK is not set
|
||||
|
||||
##
|
||||
## file: drivers/net/arcnet/Kconfig
|
||||
##
|
||||
|
@ -601,11 +588,6 @@ CONFIG_IP_PNP_BOOTP=y
|
|||
##
|
||||
# CONFIG_IPX is not set
|
||||
|
||||
##
|
||||
## file: net/irda/Kconfig
|
||||
##
|
||||
# CONFIG_IRDA is not set
|
||||
|
||||
##
|
||||
## file: net/lapb/Kconfig
|
||||
##
|
||||
|
|
|
@ -1339,6 +1339,7 @@ CONFIG_PINCTRL_SUNRISEPOINT=y
|
|||
CONFIG_CHROME_PLATFORMS=y
|
||||
CONFIG_CHROMEOS_LAPTOP=m
|
||||
CONFIG_CHROMEOS_PSTORE=m
|
||||
CONFIG_CROS_KBD_LED_BACKLIGHT=m
|
||||
|
||||
##
|
||||
## file: drivers/platform/x86/Kconfig
|
||||
|
|
|
@ -1,14 +1,3 @@
|
|||
#include <usb-modules>
|
||||
dwc3-exynos
|
||||
dwc3-omap
|
||||
ohci-exynos
|
||||
ohci-omap3
|
||||
ehci-exynos
|
||||
ehci-omap
|
||||
ehci-orion
|
||||
ehci-tegra
|
||||
ci_hdrc_imx
|
||||
dwc2
|
||||
dwc3
|
||||
omap-ocp2scp
|
||||
extcon-usb-gpio
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
ufs
|
|
@ -1,5 +1,12 @@
|
|||
# Include USB host drivers by default
|
||||
# Include USB host and dual-role drivers by default
|
||||
drivers/usb/host/**
|
||||
drivers/usb/c67x00/* ?
|
||||
drivers/usb/chipidea/* ?
|
||||
drivers/usb/dwc2/* ?
|
||||
drivers/usb/dwc3/* ?
|
||||
drivers/usb/isp1760/* ?
|
||||
drivers/usb/musb/* ?
|
||||
drivers/usb/renesas_usbhs/* ?
|
||||
|
||||
# Exclude some obscure host drivers
|
||||
hwa-hc -
|
||||
|
|
|
@ -129,6 +129,12 @@ Priority: extra
|
|||
Description: NTFS filesystem support
|
||||
This package contains the NTFS file system module for the kernel.
|
||||
|
||||
Package: ufs-modules
|
||||
Depends: kernel-image
|
||||
Priority: extra
|
||||
Description: UFS filesystem support
|
||||
This package contains the UFS filesystem module for the kernel.
|
||||
|
||||
Package: xfs-modules
|
||||
Depends: kernel-image, crc-modules
|
||||
Priority: standard
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
#include <ufs-modules>
|
167
debian/patches/bugfix/all/ACPI-EC-Use-busy-polling-mode-when-GPE-is-not-enable.patch
vendored
Normal file
167
debian/patches/bugfix/all/ACPI-EC-Use-busy-polling-mode-when-GPE-is-not-enable.patch
vendored
Normal file
|
@ -0,0 +1,167 @@
|
|||
From: Lv Zheng <lv.zheng@intel.com>
|
||||
Date: Fri, 20 Jan 2017 16:42:48 +0800
|
||||
Subject: ACPI / EC: Use busy polling mode when GPE is not enabled
|
||||
Origin: https://git.kernel.org/linus/c3a696b6e8f8f75f9f75e556a9f9f6472eae2655
|
||||
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=191561
|
||||
Bug-Debian: https://bugs.debian.org/846792
|
||||
|
||||
When GPE is not enabled, it is not efficient to use the wait polling mode
|
||||
as it introduces an unexpected scheduler delay.
|
||||
So before the GPE handler is installed, this patch uses busy polling mode
|
||||
for all EC(s) and the logic can be applied to non boot EC(s) during the
|
||||
suspend/resume process.
|
||||
|
||||
Link: https://bugzilla.kernel.org/show_bug.cgi?id=191561
|
||||
Tested-by: Jakobus Schurz <jakobus.schurz@gmail.com>
|
||||
Tested-by: Chen Yu <yu.c.chen@intel.com>
|
||||
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
|
||||
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
|
||||
---
|
||||
drivers/acpi/ec.c | 62 ++++++++++++++++++++++++-------------------------
|
||||
drivers/acpi/internal.h | 4 ++--
|
||||
2 files changed, 32 insertions(+), 34 deletions(-)
|
||||
|
||||
diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
|
||||
index 6a32cd4ec9da..c24235d8fb52 100644
|
||||
--- a/drivers/acpi/ec.c
|
||||
+++ b/drivers/acpi/ec.c
|
||||
@@ -704,12 +704,12 @@ static void start_transaction(struct acpi_ec *ec)
|
||||
|
||||
static int ec_guard(struct acpi_ec *ec)
|
||||
{
|
||||
- unsigned long guard = usecs_to_jiffies(ec_polling_guard);
|
||||
+ unsigned long guard = usecs_to_jiffies(ec->polling_guard);
|
||||
unsigned long timeout = ec->timestamp + guard;
|
||||
|
||||
/* Ensure guarding period before polling EC status */
|
||||
do {
|
||||
- if (ec_busy_polling) {
|
||||
+ if (ec->busy_polling) {
|
||||
/* Perform busy polling */
|
||||
if (ec_transaction_completed(ec))
|
||||
return 0;
|
||||
@@ -973,6 +973,28 @@ static void acpi_ec_stop(struct acpi_ec *ec, bool suspending)
|
||||
spin_unlock_irqrestore(&ec->lock, flags);
|
||||
}
|
||||
|
||||
+static void acpi_ec_enter_noirq(struct acpi_ec *ec)
|
||||
+{
|
||||
+ unsigned long flags;
|
||||
+
|
||||
+ spin_lock_irqsave(&ec->lock, flags);
|
||||
+ ec->busy_polling = true;
|
||||
+ ec->polling_guard = 0;
|
||||
+ ec_log_drv("interrupt blocked");
|
||||
+ spin_unlock_irqrestore(&ec->lock, flags);
|
||||
+}
|
||||
+
|
||||
+static void acpi_ec_leave_noirq(struct acpi_ec *ec)
|
||||
+{
|
||||
+ unsigned long flags;
|
||||
+
|
||||
+ spin_lock_irqsave(&ec->lock, flags);
|
||||
+ ec->busy_polling = ec_busy_polling;
|
||||
+ ec->polling_guard = ec_polling_guard;
|
||||
+ ec_log_drv("interrupt unblocked");
|
||||
+ spin_unlock_irqrestore(&ec->lock, flags);
|
||||
+}
|
||||
+
|
||||
void acpi_ec_block_transactions(void)
|
||||
{
|
||||
struct acpi_ec *ec = first_ec;
|
||||
@@ -1253,7 +1275,7 @@ acpi_ec_space_handler(u32 function, acpi_physical_address address,
|
||||
if (function != ACPI_READ && function != ACPI_WRITE)
|
||||
return AE_BAD_PARAMETER;
|
||||
|
||||
- if (ec_busy_polling || bits > 8)
|
||||
+ if (ec->busy_polling || bits > 8)
|
||||
acpi_ec_burst_enable(ec);
|
||||
|
||||
for (i = 0; i < bytes; ++i, ++address, ++value)
|
||||
@@ -1261,7 +1283,7 @@ acpi_ec_space_handler(u32 function, acpi_physical_address address,
|
||||
acpi_ec_read(ec, address, value) :
|
||||
acpi_ec_write(ec, address, *value);
|
||||
|
||||
- if (ec_busy_polling || bits > 8)
|
||||
+ if (ec->busy_polling || bits > 8)
|
||||
acpi_ec_burst_disable(ec);
|
||||
|
||||
switch (result) {
|
||||
@@ -1304,6 +1326,8 @@ static struct acpi_ec *acpi_ec_alloc(void)
|
||||
spin_lock_init(&ec->lock);
|
||||
INIT_WORK(&ec->work, acpi_ec_event_handler);
|
||||
ec->timestamp = jiffies;
|
||||
+ ec->busy_polling = true;
|
||||
+ ec->polling_guard = 0;
|
||||
return ec;
|
||||
}
|
||||
|
||||
@@ -1365,6 +1389,7 @@ static int ec_install_handlers(struct acpi_ec *ec, bool handle_events)
|
||||
acpi_ec_start(ec, false);
|
||||
|
||||
if (!test_bit(EC_FLAGS_EC_HANDLER_INSTALLED, &ec->flags)) {
|
||||
+ acpi_ec_enter_noirq(ec);
|
||||
status = acpi_install_address_space_handler(ec->handle,
|
||||
ACPI_ADR_SPACE_EC,
|
||||
&acpi_ec_space_handler,
|
||||
@@ -1404,6 +1429,7 @@ static int ec_install_handlers(struct acpi_ec *ec, bool handle_events)
|
||||
/* This is not fatal as we can poll EC events */
|
||||
if (ACPI_SUCCESS(status)) {
|
||||
set_bit(EC_FLAGS_GPE_HANDLER_INSTALLED, &ec->flags);
|
||||
+ acpi_ec_leave_noirq(ec);
|
||||
if (test_bit(EC_FLAGS_STARTED, &ec->flags) &&
|
||||
ec->reference_count >= 1)
|
||||
acpi_ec_enable_gpe(ec, true);
|
||||
@@ -1786,34 +1812,6 @@ int __init acpi_ec_ecdt_probe(void)
|
||||
}
|
||||
|
||||
#ifdef CONFIG_PM_SLEEP
|
||||
-static void acpi_ec_enter_noirq(struct acpi_ec *ec)
|
||||
-{
|
||||
- unsigned long flags;
|
||||
-
|
||||
- if (ec == first_ec) {
|
||||
- spin_lock_irqsave(&ec->lock, flags);
|
||||
- ec->saved_busy_polling = ec_busy_polling;
|
||||
- ec->saved_polling_guard = ec_polling_guard;
|
||||
- ec_busy_polling = true;
|
||||
- ec_polling_guard = 0;
|
||||
- ec_log_drv("interrupt blocked");
|
||||
- spin_unlock_irqrestore(&ec->lock, flags);
|
||||
- }
|
||||
-}
|
||||
-
|
||||
-static void acpi_ec_leave_noirq(struct acpi_ec *ec)
|
||||
-{
|
||||
- unsigned long flags;
|
||||
-
|
||||
- if (ec == first_ec) {
|
||||
- spin_lock_irqsave(&ec->lock, flags);
|
||||
- ec_busy_polling = ec->saved_busy_polling;
|
||||
- ec_polling_guard = ec->saved_polling_guard;
|
||||
- ec_log_drv("interrupt unblocked");
|
||||
- spin_unlock_irqrestore(&ec->lock, flags);
|
||||
- }
|
||||
-}
|
||||
-
|
||||
static int acpi_ec_suspend_noirq(struct device *dev)
|
||||
{
|
||||
struct acpi_ec *ec =
|
||||
diff --git a/drivers/acpi/internal.h b/drivers/acpi/internal.h
|
||||
index 0c452265c111..219b90bc0922 100644
|
||||
--- a/drivers/acpi/internal.h
|
||||
+++ b/drivers/acpi/internal.h
|
||||
@@ -172,8 +172,8 @@ struct acpi_ec {
|
||||
struct work_struct work;
|
||||
unsigned long timestamp;
|
||||
unsigned long nr_pending_queries;
|
||||
- bool saved_busy_polling;
|
||||
- unsigned int saved_polling_guard;
|
||||
+ bool busy_polling;
|
||||
+ unsigned int polling_guard;
|
||||
};
|
||||
|
||||
extern struct acpi_ec *first_ec;
|
||||
--
|
||||
2.11.0
|
||||
|
39
debian/patches/bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch
vendored
Normal file
39
debian/patches/bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch
vendored
Normal file
|
@ -0,0 +1,39 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Sat, 04 Mar 2017 01:44:15 +0000
|
||||
Subject: Kbuild.include: addtree: Remove quotes before matching path
|
||||
Bug-Debian: https://bugs.debian.org/856474
|
||||
|
||||
systemtap currently fails to build modules when the kernel source and
|
||||
object trees are separate.
|
||||
|
||||
systemtap adds something like -I"/usr/share/systemtap/runtime" to
|
||||
EXTRA_CFLAGS, and addtree should not adjust this as it's specifying an
|
||||
absolute directory. But since make has no understanding of shell
|
||||
quoting, it does anyway.
|
||||
|
||||
For a long time this didn't matter, because addtree would still emit
|
||||
the original -I option after the adjusted one. However, commit
|
||||
db547ef19064 ("Kbuild: don't add obj tree in additional includes")
|
||||
changed it to remove the original -I option.
|
||||
|
||||
Remove quotes (both double and single) before matching against the
|
||||
excluded patterns.
|
||||
|
||||
References: https://bugs.debian.org/856474
|
||||
Reported-by: Jack Henschel <jackdev@mailbox.org>
|
||||
Reported-by: Ritesh Raj Sarraf <rrs@debian.org>
|
||||
Fixes: db547ef19064 ("Kbuild: don't add obj tree in additional includes")
|
||||
Cc: stable@vger.kernel.org # 4.8+
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
--- a/scripts/Kbuild.include
|
||||
+++ b/scripts/Kbuild.include
|
||||
@@ -207,7 +207,7 @@ hdr-inst := -f $(srctree)/scripts/Makefi
|
||||
# Prefix -I with $(srctree) if it is not an absolute path.
|
||||
# skip if -I has no parameter
|
||||
addtree = $(if $(patsubst -I%,%,$(1)), \
|
||||
-$(if $(filter-out -I/% -I./% -I../%,$(1)),$(patsubst -I%,-I$(srctree)/%,$(1)),$(1)))
|
||||
+$(if $(filter-out -I/% -I./% -I../%,$(subst $(quote),,$(subst $(squote),,$(1)))),$(patsubst -I%,-I$(srctree)/%,$(1)),$(1)))
|
||||
|
||||
# Find all -I options and call addtree
|
||||
flags = $(foreach o,$($(1)),$(if $(filter -I%,$(o)),$(call addtree,$(o)),$(o)))
|
34
debian/patches/bugfix/all/net-packet-fix-overflow-in-check-for-priv-area-size.patch
vendored
Normal file
34
debian/patches/bugfix/all/net-packet-fix-overflow-in-check-for-priv-area-size.patch
vendored
Normal file
|
@ -0,0 +1,34 @@
|
|||
From: Andrey Konovalov <andreyknvl@google.com>
|
||||
Date: Wed, 29 Mar 2017 16:11:20 +0200
|
||||
Subject: net/packet: fix overflow in check for priv area size
|
||||
Origin: https://patchwork.ozlabs.org/patch/744811/
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7308
|
||||
|
||||
Subtracting tp_sizeof_priv from tp_block_size and casting to int
|
||||
to check whether one is less then the other doesn't always work
|
||||
(both of them are unsigned ints).
|
||||
|
||||
Compare them as is instead.
|
||||
|
||||
Also cast tp_sizeof_priv to u64 before using BLK_PLUS_PRIV, as
|
||||
it can overflow inside BLK_PLUS_PRIV otherwise.
|
||||
|
||||
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
|
||||
Acked-by: Eric Dumazet <edumazet@google.com>
|
||||
---
|
||||
net/packet/af_packet.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/net/packet/af_packet.c
|
||||
+++ b/net/packet/af_packet.c
|
||||
@@ -4235,8 +4235,8 @@ static int packet_set_ring(struct sock *
|
||||
if (unlikely(!PAGE_ALIGNED(req->tp_block_size)))
|
||||
goto out;
|
||||
if (po->tp_version >= TPACKET_V3 &&
|
||||
- (int)(req->tp_block_size -
|
||||
- BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0)
|
||||
+ req->tp_block_size <=
|
||||
+ BLK_PLUS_PRIV((u64)req_u->req3.tp_sizeof_priv))
|
||||
goto out;
|
||||
if (unlikely(req->tp_frame_size < po->tp_hdrlen +
|
||||
po->tp_reserve))
|
31
debian/patches/bugfix/all/net-packet-fix-overflow-in-check-for-tp_frame_nr.patch
vendored
Normal file
31
debian/patches/bugfix/all/net-packet-fix-overflow-in-check-for-tp_frame_nr.patch
vendored
Normal file
|
@ -0,0 +1,31 @@
|
|||
From: Andrey Konovalov <andreyknvl@google.com>
|
||||
Date: Wed, 29 Mar 2017 16:11:21 +0200
|
||||
Subject: net/packet: fix overflow in check for tp_frame_nr
|
||||
Origin: https://patchwork.ozlabs.org/patch/744812/
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7308
|
||||
|
||||
When calculating rb->frames_per_block * req->tp_block_nr the result
|
||||
can overflow.
|
||||
|
||||
Add a check that tp_block_size * tp_block_nr <= UINT_MAX.
|
||||
|
||||
Since frames_per_block <= tp_block_size, the expression would
|
||||
never overflow.
|
||||
|
||||
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
|
||||
Acked-by: Eric Dumazet <edumazet@google.com>
|
||||
---
|
||||
net/packet/af_packet.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
--- a/net/packet/af_packet.c
|
||||
+++ b/net/packet/af_packet.c
|
||||
@@ -4247,6 +4247,8 @@ static int packet_set_ring(struct sock *
|
||||
rb->frames_per_block = req->tp_block_size / req->tp_frame_size;
|
||||
if (unlikely(rb->frames_per_block == 0))
|
||||
goto out;
|
||||
+ if (unlikely(req->tp_block_size > UINT_MAX / req->tp_block_nr))
|
||||
+ goto out;
|
||||
if (unlikely((rb->frames_per_block * req->tp_block_nr) !=
|
||||
req->tp_frame_nr))
|
||||
goto out;
|
27
debian/patches/bugfix/all/net-packet-fix-overflow-in-check-for-tp_reserve.patch
vendored
Normal file
27
debian/patches/bugfix/all/net-packet-fix-overflow-in-check-for-tp_reserve.patch
vendored
Normal file
|
@ -0,0 +1,27 @@
|
|||
From: Andrey Konovalov <andreyknvl@google.com>
|
||||
Date: Wed, 29 Mar 2017 16:11:22 +0200
|
||||
Subject: net/packet: fix overflow in check for tp_reserve
|
||||
Origin: https://patchwork.ozlabs.org/patch/744813/
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7308
|
||||
|
||||
When calculating po->tp_hdrlen + po->tp_reserve the result can overflow.
|
||||
|
||||
Fix by checking that tp_reserve <= INT_MAX on assign.
|
||||
|
||||
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
|
||||
Acked-by: Eric Dumazet <edumazet@google.com>
|
||||
---
|
||||
net/packet/af_packet.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
--- a/net/packet/af_packet.c
|
||||
+++ b/net/packet/af_packet.c
|
||||
@@ -3702,6 +3702,8 @@ packet_setsockopt(struct socket *sock, i
|
||||
return -EBUSY;
|
||||
if (copy_from_user(&val, optval, sizeof(val)))
|
||||
return -EFAULT;
|
||||
+ if (val > INT_MAX)
|
||||
+ return -EINVAL;
|
||||
po->tp_reserve = val;
|
||||
return 0;
|
||||
}
|
29
debian/patches/bugfix/all/scsi-sg-check-length-passed-to-sg_next_cmd_len.patch
vendored
Normal file
29
debian/patches/bugfix/all/scsi-sg-check-length-passed-to-sg_next_cmd_len.patch
vendored
Normal file
|
@ -0,0 +1,29 @@
|
|||
From: peter chang <dpf@google.com>
|
||||
Date: Wed, 15 Feb 2017 14:11:54 -0800
|
||||
Subject: scsi: sg: check length passed to SG_NEXT_CMD_LEN
|
||||
Origin: https://git.kernel.org/cgit/linux/kernel/git/mkp/scsi.git/commit?id=bf33f87dd04c371ea33feb821b60d63d754e3124
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7187
|
||||
|
||||
The user can control the size of the next command passed along, but the
|
||||
value passed to the ioctl isn't checked against the usable max command
|
||||
size.
|
||||
|
||||
Cc: <stable@vger.kernel.org>
|
||||
Signed-off-by: Peter Chang <dpf@google.com>
|
||||
Acked-by: Douglas Gilbert <dgilbert@interlog.com>
|
||||
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
|
||||
---
|
||||
drivers/scsi/sg.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
--- a/drivers/scsi/sg.c
|
||||
+++ b/drivers/scsi/sg.c
|
||||
@@ -998,6 +998,8 @@ sg_ioctl(struct file *filp, unsigned int
|
||||
result = get_user(val, ip);
|
||||
if (result)
|
||||
return result;
|
||||
+ if (val > SG_MAX_CDB_SIZE)
|
||||
+ return -ENOMEM;
|
||||
sfp->next_cmd_len = (val > 0) ? val : 0;
|
||||
return 0;
|
||||
case SG_GET_VERSION_NUM:
|
34
debian/patches/bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch
vendored
Normal file
34
debian/patches/bugfix/all/xfrm_user-validate-xfrm_msg_newae-incoming-esn-size-harder.patch
vendored
Normal file
|
@ -0,0 +1,34 @@
|
|||
From: Andy Whitcroft <apw@canonical.com>
|
||||
Date: Thu, 23 Mar 2017 07:45:44 +0000
|
||||
Subject: [PATCH 2/2] xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size
|
||||
harder
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7184
|
||||
|
||||
Kees Cook has pointed out that xfrm_replay_state_esn_len() is subject to
|
||||
wrapping issues. To ensure we are correctly ensuring that the two ESN
|
||||
structures are the same size compare both the overall size as reported
|
||||
by xfrm_replay_state_esn_len() and the internal length are the same.
|
||||
|
||||
CVE-2017-7184
|
||||
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
||||
---
|
||||
net/xfrm/xfrm_user.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
|
||||
index 81c4112..87e0c22 100644
|
||||
--- a/net/xfrm/xfrm_user.c
|
||||
+++ b/net/xfrm/xfrm_user.c
|
||||
@@ -412,7 +412,11 @@ static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_es
|
||||
up = nla_data(rp);
|
||||
ulen = xfrm_replay_state_esn_len(up);
|
||||
|
||||
- if (nla_len(rp) < ulen || xfrm_replay_state_esn_len(replay_esn) != ulen)
|
||||
+ /* Check the overall length and the internal bitmap length to avoid
|
||||
+ * potential overflow. */
|
||||
+ if (nla_len(rp) < ulen ||
|
||||
+ xfrm_replay_state_esn_len(replay_esn) != ulen ||
|
||||
+ replay_esn->bmp_len != up->bmp_len)
|
||||
return -EINVAL;
|
||||
|
||||
if (up->replay_window > up->bmp_len * sizeof(__u32) * 8)
|
|
@ -0,0 +1,42 @@
|
|||
From: Andy Whitcroft <apw@canonical.com>
|
||||
Date: Wed, 22 Mar 2017 07:29:31 +0000
|
||||
Subject: [PATCH 1/2] xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL
|
||||
replay_window
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7184
|
||||
|
||||
When a new xfrm state is created during an XFRM_MSG_NEWSA call we validate
|
||||
the user supplied replay_esn to ensure that the size is valid and to ensure
|
||||
that the replay_window size is within the allocated buffer. However later
|
||||
it is possible to update this replay_esn via a XFRM_MSG_NEWAE call.
|
||||
There we again validate the size of the supplied buffer matches the
|
||||
existing state and if so inject the contents. We do not at this point
|
||||
check that the replay_window is within the allocated memory. This leads
|
||||
to out-of-bounds reads and writes triggered by netlink packets. This leads
|
||||
to memory corruption and the potential for priviledge escalation.
|
||||
|
||||
We already attempt to validate the incoming replay information in
|
||||
xfrm_new_ae() via xfrm_replay_verify_len(). This confirms that the
|
||||
user is not trying to change the size of the replay state buffer which
|
||||
includes the replay_esn. It however does not check the replay_window
|
||||
remains within that buffer. Add validation of the contained replay_window.
|
||||
|
||||
CVE-2017-7184
|
||||
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
||||
---
|
||||
net/xfrm/xfrm_user.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
|
||||
index 0889209..81c4112 100644
|
||||
--- a/net/xfrm/xfrm_user.c
|
||||
+++ b/net/xfrm/xfrm_user.c
|
||||
@@ -415,6 +415,9 @@ static inline int xfrm_replay_verify_len(struct xfrm_replay_state_esn *replay_es
|
||||
if (nla_len(rp) < ulen || xfrm_replay_state_esn_len(replay_esn) != ulen)
|
||||
return -EINVAL;
|
||||
|
||||
+ if (up->replay_window > up->bmp_len * sizeof(__u32) * 8)
|
||||
+ return -EINVAL;
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
37
debian/patches/bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch
vendored
Normal file
37
debian/patches/bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch
vendored
Normal file
|
@ -0,0 +1,37 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Fri, 17 Feb 2017 01:30:30 +0000
|
||||
Subject: ARM: dts: kirkwood: Fix SATA pinmux-ing for TS419
|
||||
Forwarded: https://www.spinics.net/lists/arm-kernel/msg563610.html
|
||||
Bug-Debian: https://bugs.debian.org/855017
|
||||
|
||||
The old board code for the TS419 assigns MPP pins 15 and 16 as SATA
|
||||
activity signals (and none as SATA presence signals). Currently the
|
||||
device tree assigns the SoC's default pinmux groups for SATA, which
|
||||
conflict with the second Ethernet port.
|
||||
|
||||
Reported-by: gmbh@gazeta.pl
|
||||
Tested-by: gmbh@gazeta.pl
|
||||
References: https://bugs.debian.org/855017
|
||||
Cc: stable@vger.kernel.org # 3.15+
|
||||
Fixes: 934b524b3f49 ("ARM: Kirkwood: Add DT description of QNAP 419")
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
arch/arm/boot/dts/kirkwood-ts419.dtsi | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/arch/arm/boot/dts/kirkwood-ts419.dtsi b/arch/arm/boot/dts/kirkwood-ts419.dtsi
|
||||
index 02bd53762705..532506cb0f4a 100644
|
||||
--- a/arch/arm/boot/dts/kirkwood-ts419.dtsi
|
||||
+++ b/arch/arm/boot/dts/kirkwood-ts419.dtsi
|
||||
@@ -73,3 +73,11 @@
|
||||
phy-handle = <ðphy1>;
|
||||
};
|
||||
};
|
||||
+
|
||||
+&pmx_sata0 {
|
||||
+ marvell,pins = "mpp15";
|
||||
+};
|
||||
+
|
||||
+&pmx_sata1 {
|
||||
+ marvell,pins = "mpp16";
|
||||
+};
|
|
@ -0,0 +1,120 @@
|
|||
From: Thierry Reding <treding@nvidia.com>
|
||||
Date: Thu, 12 Jan 2017 17:07:43 +0100
|
||||
Subject: rtc: tegra: Implement clock handling
|
||||
Origin: https://git.kernel.org/linus/5fa4086987506b2ab8c92f8f99f2295db9918856
|
||||
Bug-Debian: https://bugs.debian.org/858514
|
||||
|
||||
Accessing the registers of the RTC block on Tegra requires the module
|
||||
clock to be enabled. This only works because the RTC module clock will
|
||||
be enabled by default during early boot. However, because the clock is
|
||||
unused, the CCF will disable it at late_init time. This causes the RTC
|
||||
to become unusable afterwards. This can easily be reproduced by trying
|
||||
to use the RTC:
|
||||
|
||||
$ hwclock --rtc /dev/rtc1
|
||||
|
||||
This will hang the system. I ran into this by following up on a report
|
||||
by Martin Michlmayr that reboot wasn't working on Tegra210 systems. It
|
||||
turns out that the rtc-tegra driver's ->shutdown() implementation will
|
||||
hang the CPU, because of the disabled clock, before the system can be
|
||||
rebooted.
|
||||
|
||||
What confused me for a while is that the same driver is used on prior
|
||||
Tegra generations where the hang can not be observed. However, as Peter
|
||||
De Schrijver pointed out, this is because on 32-bit Tegra chips the RTC
|
||||
clock is enabled by the tegra20_timer.c clocksource driver, which uses
|
||||
the RTC to provide a persistent clock. This code is never enabled on
|
||||
64-bit Tegra because the persistent clock infrastructure does not exist
|
||||
on 64-bit ARM.
|
||||
|
||||
The proper fix for this is to add proper clock handling to the RTC
|
||||
driver in order to ensure that the clock is enabled when the driver
|
||||
requires it. All device trees contain the clock already, therefore
|
||||
no additional changes are required.
|
||||
|
||||
Reported-by: Martin Michlmayr <tbm@cyrius.com>
|
||||
Acked-By Peter De Schrijver <pdeschrijver@nvidia.com>
|
||||
Signed-off-by: Thierry Reding <treding@nvidia.com>
|
||||
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
|
||||
[bwh: Backported to 4.9: adjust context]
|
||||
---
|
||||
drivers/rtc/rtc-tegra.c | 28 ++++++++++++++++++++++++++--
|
||||
1 file changed, 26 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/drivers/rtc/rtc-tegra.c
|
||||
+++ b/drivers/rtc/rtc-tegra.c
|
||||
@@ -18,6 +18,7 @@
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
#include <linux/kernel.h>
|
||||
+#include <linux/clk.h>
|
||||
#include <linux/init.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/slab.h>
|
||||
@@ -59,6 +60,7 @@ struct tegra_rtc_info {
|
||||
struct platform_device *pdev;
|
||||
struct rtc_device *rtc_dev;
|
||||
void __iomem *rtc_base; /* NULL if not initialized. */
|
||||
+ struct clk *clk;
|
||||
int tegra_rtc_irq; /* alarm and periodic irq */
|
||||
spinlock_t tegra_rtc_lock;
|
||||
};
|
||||
@@ -326,6 +328,14 @@ static int __init tegra_rtc_probe(struct
|
||||
if (info->tegra_rtc_irq <= 0)
|
||||
return -EBUSY;
|
||||
|
||||
+ info->clk = devm_clk_get(&pdev->dev, NULL);
|
||||
+ if (IS_ERR(info->clk))
|
||||
+ return PTR_ERR(info->clk);
|
||||
+
|
||||
+ ret = clk_prepare_enable(info->clk);
|
||||
+ if (ret < 0)
|
||||
+ return ret;
|
||||
+
|
||||
/* set context info. */
|
||||
info->pdev = pdev;
|
||||
spin_lock_init(&info->tegra_rtc_lock);
|
||||
@@ -346,7 +356,7 @@ static int __init tegra_rtc_probe(struct
|
||||
ret = PTR_ERR(info->rtc_dev);
|
||||
dev_err(&pdev->dev, "Unable to register device (err=%d).\n",
|
||||
ret);
|
||||
- return ret;
|
||||
+ goto disable_clk;
|
||||
}
|
||||
|
||||
ret = devm_request_irq(&pdev->dev, info->tegra_rtc_irq,
|
||||
@@ -356,12 +366,25 @@ static int __init tegra_rtc_probe(struct
|
||||
dev_err(&pdev->dev,
|
||||
"Unable to request interrupt for device (err=%d).\n",
|
||||
ret);
|
||||
- return ret;
|
||||
+ goto disable_clk;
|
||||
}
|
||||
|
||||
dev_notice(&pdev->dev, "Tegra internal Real Time Clock\n");
|
||||
|
||||
return 0;
|
||||
+
|
||||
+disable_clk:
|
||||
+ clk_disable_unprepare(info->clk);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+static int tegra_rtc_remove(struct platform_device *pdev)
|
||||
+{
|
||||
+ struct tegra_rtc_info *info = platform_get_drvdata(pdev);
|
||||
+
|
||||
+ clk_disable_unprepare(info->clk);
|
||||
+
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_PM_SLEEP
|
||||
@@ -413,6 +436,7 @@ static void tegra_rtc_shutdown(struct pl
|
||||
|
||||
MODULE_ALIAS("platform:tegra_rtc");
|
||||
static struct platform_driver tegra_rtc_driver = {
|
||||
+ .remove = tegra_rtc_remove,
|
||||
.shutdown = tegra_rtc_shutdown,
|
||||
.driver = {
|
||||
.name = "tegra_rtc",
|
33
debian/patches/bugfix/x86/drm-vmwgfx-fix-integer-overflow-in-vmw_surface_define_ioctl.patch
vendored
Normal file
33
debian/patches/bugfix/x86/drm-vmwgfx-fix-integer-overflow-in-vmw_surface_define_ioctl.patch
vendored
Normal file
|
@ -0,0 +1,33 @@
|
|||
Subject: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
|
||||
From: Li Qiang <liq3ea@gmail.com>
|
||||
Date: Tue, 28 Mar 2017 03:10:53 +0000
|
||||
Origin: https://lists.freedesktop.org/archives/dri-devel/2017-March/137124.html
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7294
|
||||
|
||||
In vmw_surface_define_ioctl(), the 'num_sizes' is the sum of the
|
||||
'req->mip_levels' array. This array can be assigned any value from
|
||||
the user space. As both the 'num_sizes' and the array is uint32_t,
|
||||
it is easy to make 'num_sizes' overflow. The later 'mip_levels' is
|
||||
used as the loop count. This can lead an oob write. Add the check of
|
||||
'req->mip_levels' to avoid this.
|
||||
|
||||
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
||||
---
|
||||
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
|
||||
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
|
||||
@@ -713,8 +713,11 @@ int vmw_surface_define_ioctl(struct drm_
|
||||
128;
|
||||
|
||||
num_sizes = 0;
|
||||
- for (i = 0; i < DRM_VMW_MAX_SURFACE_FACES; ++i)
|
||||
+ for (i = 0; i < DRM_VMW_MAX_SURFACE_FACES; ++i) {
|
||||
+ if (req->mip_levels[i] > DRM_VMW_MAX_MIP_LEVELS)
|
||||
+ return -EINVAL;
|
||||
num_sizes += req->mip_levels[i];
|
||||
+ }
|
||||
|
||||
if (num_sizes > DRM_VMW_MAX_SURFACE_FACES * DRM_VMW_MAX_MIP_LEVELS ||
|
||||
num_sizes == 0)
|
|
@ -0,0 +1,40 @@
|
|||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Tue, 24 Jan 2017 11:56:21 +0100
|
||||
Subject: kvm: fix page struct leak in handle_vmon
|
||||
Origin: https://git.kernel.org/linus/06ce521af9558814b8606c0476c54497cf83a653
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-2596
|
||||
|
||||
handle_vmon gets a reference on VMXON region page,
|
||||
but does not release it. Release the reference.
|
||||
|
||||
Found by syzkaller; based on a patch by Dmitry.
|
||||
|
||||
Reported-by: Dmitry Vyukov <dvyukov@google.com>
|
||||
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
---
|
||||
arch/x86/kvm/vmx.c | 9 +++++++--
|
||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/arch/x86/kvm/vmx.c
|
||||
+++ b/arch/x86/kvm/vmx.c
|
||||
@@ -7085,13 +7085,18 @@ static int nested_vmx_check_vmptr(struct
|
||||
}
|
||||
|
||||
page = nested_get_page(vcpu, vmptr);
|
||||
- if (page == NULL ||
|
||||
- *(u32 *)kmap(page) != VMCS12_REVISION) {
|
||||
+ if (page == NULL) {
|
||||
nested_vmx_failInvalid(vcpu);
|
||||
+ return kvm_skip_emulated_instruction(vcpu);
|
||||
+ }
|
||||
+ if (*(u32 *)kmap(page) != VMCS12_REVISION) {
|
||||
kunmap(page);
|
||||
+ nested_release_page_clean(page);
|
||||
+ nested_vmx_failInvalid(vcpu);
|
||||
return kvm_skip_emulated_instruction(vcpu);
|
||||
}
|
||||
kunmap(page);
|
||||
+ nested_release_page_clean(page);
|
||||
vmx->nested.vmxon_ptr = vmptr;
|
||||
break;
|
||||
case EXIT_REASON_VMCLEAR:
|
29
debian/patches/bugfix/x86/vmwgfx-null-pointer-dereference-in-vmw_surface_define_ioctl.patch
vendored
Normal file
29
debian/patches/bugfix/x86/vmwgfx-null-pointer-dereference-in-vmw_surface_define_ioctl.patch
vendored
Normal file
|
@ -0,0 +1,29 @@
|
|||
From: Murray McAllister <murray.mcallister@insomniasec.com>
|
||||
Date: Fri, 24 Mar 2017 20:33:00 -0700
|
||||
Subject: vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()
|
||||
Origin: https://cgit.freedesktop.org/mesa/vmwgfx/commit/?id=e904061d2c8968429954be87ad1cc45526510812
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-7261
|
||||
|
||||
Before memory allocations vmw_surface_define_ioctl() checks the
|
||||
upper-bounds of a user-supplied size, but does not check if the
|
||||
supplied size is 0.
|
||||
|
||||
Add check to avoid NULL pointer dereferences.
|
||||
|
||||
Signed-off-by: Murray McAllister <murray.mcallister@insomniasec.com>
|
||||
Reviewed-by: Sinclair Yeh <syeh@vmware.com>
|
||||
[bwh: Fix filename]
|
||||
---
|
||||
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
|
||||
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
|
||||
@@ -716,8 +716,8 @@ int vmw_surface_define_ioctl(struct drm_
|
||||
for (i = 0; i < DRM_VMW_MAX_SURFACE_FACES; ++i)
|
||||
num_sizes += req->mip_levels[i];
|
||||
|
||||
- if (num_sizes > DRM_VMW_MAX_SURFACE_FACES *
|
||||
- DRM_VMW_MAX_MIP_LEVELS)
|
||||
+ if (num_sizes > DRM_VMW_MAX_SURFACE_FACES * DRM_VMW_MAX_MIP_LEVELS ||
|
||||
+ num_sizes == 0)
|
||||
return -EINVAL;
|
||||
|
||||
size = vmw_user_surface_size + 128 +
|
32
debian/patches/debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch
vendored
Normal file
32
debian/patches/debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch
vendored
Normal file
|
@ -0,0 +1,32 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Thu, 16 Mar 2017 03:05:43 +0000
|
||||
Subject: [amd64] Don't WARN about expected W+X pages on Xen
|
||||
Bug-Debian: https://bugs.debian.org/852324
|
||||
Forwarded: not-needed
|
||||
|
||||
Currently Xen PV domains (or at least dom0) on amd64 tend to have a
|
||||
large number of low kernel pages with W+X permissions. It's not
|
||||
obvious how to fix this, and we're not going to get any new
|
||||
information by WARNing about this, but we do still want to hear about
|
||||
other W+X cases. So add a condition to the WARN_ON.
|
||||
|
||||
---
|
||||
--- a/arch/x86/mm/dump_pagetables.c
|
||||
+++ b/arch/x86/mm/dump_pagetables.c
|
||||
@@ -17,6 +17,7 @@
|
||||
#include <linux/init.h>
|
||||
#include <linux/sched.h>
|
||||
#include <linux/seq_file.h>
|
||||
+#include <xen/xen.h>
|
||||
|
||||
#include <asm/pgtable.h>
|
||||
|
||||
@@ -220,7 +221,7 @@ static void note_page(struct seq_file *m
|
||||
pgprotval_t pr = pgprot_val(st->current_prot);
|
||||
|
||||
if (st->check_wx && (pr & _PAGE_RW) && !(pr & _PAGE_NX)) {
|
||||
- WARN_ONCE(1,
|
||||
+ WARN_ONCE(!(IS_ENABLED(CONFIG_X86_64) && xen_pv_domain()),
|
||||
"x86/mm: Found insecure W+X mapping at address %p/%pS\n",
|
||||
(void *)st->start_address,
|
||||
(void *)st->start_address);
|
|
@ -0,0 +1,23 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Sat, 18 Mar 2017 20:47:58 +0000
|
||||
Subject: fjes: Disable auto-loading
|
||||
Bug-Debian: https://bugs.debian.org/853976
|
||||
|
||||
fjes matches a generic ACPI device ID, and relies on its probe
|
||||
function to distinguish whether that really corresponds to a supported
|
||||
device. Very few system will need the driver and it wastes memory on
|
||||
all the other systems where the same device ID appears, so disable
|
||||
auto-loading.
|
||||
|
||||
---
|
||||
--- a/drivers/net/fjes/fjes_main.c
|
||||
+++ b/drivers/net/fjes/fjes_main.c
|
||||
@@ -81,7 +81,7 @@ static const struct acpi_device_id fjes_
|
||||
{"PNP0C02", 0},
|
||||
{"", 0},
|
||||
};
|
||||
-MODULE_DEVICE_TABLE(acpi, fjes_acpi_ids);
|
||||
+/* MODULE_DEVICE_TABLE(acpi, fjes_acpi_ids); */
|
||||
|
||||
static struct acpi_driver fjes_acpi_driver = {
|
||||
.name = DRV_NAME,
|
|
@ -0,0 +1,21 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Sun, 26 Feb 2017 21:01:50 +0000
|
||||
Subject: time: Mark TIMER_STATS as broken
|
||||
Forwarded: not-needed
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-5967
|
||||
|
||||
This is a substitute for upstream commit dfb4357da6dd "time: Remove
|
||||
CONFIG_TIMER_STATS", which avoids the need to resolve conflicts with
|
||||
the PREEMPT_RT patch series.
|
||||
|
||||
---
|
||||
--- a/lib/Kconfig.debug
|
||||
+++ b/lib/Kconfig.debug
|
||||
@@ -964,6 +964,7 @@ config DEBUG_TIMEKEEPING
|
||||
config TIMER_STATS
|
||||
bool "Collect kernel timers statistics"
|
||||
depends on DEBUG_KERNEL && PROC_FS
|
||||
+ depends on BROKEN
|
||||
help
|
||||
If you say Y here, additional code will be inserted into the
|
||||
timer routines to collect statistics about kernel timers being
|
118
debian/patches/features/all/rt/0001-futex-Cleanup-variable-names-for-futex_top_waiter.patch
vendored
Normal file
118
debian/patches/features/all/rt/0001-futex-Cleanup-variable-names-for-futex_top_waiter.patch
vendored
Normal file
|
@ -0,0 +1,118 @@
|
|||
From: Peter Zijlstra <peterz@infradead.org>
|
||||
Date: Wed, 22 Mar 2017 11:35:48 +0100
|
||||
Subject: [PATCH] futex: Cleanup variable names for futex_top_waiter()
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Upstream commit 499f5aca2cdd5e958b27e2655e7e7f82524f46b1
|
||||
|
||||
futex_top_waiter() returns the top-waiter on the pi_mutex. Assinging
|
||||
this to a variable 'match' totally obscures the code.
|
||||
|
||||
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
|
||||
Cc: juri.lelli@arm.com
|
||||
Cc: bigeasy@linutronix.de
|
||||
Cc: xlpang@redhat.com
|
||||
Cc: rostedt@goodmis.org
|
||||
Cc: mathieu.desnoyers@efficios.com
|
||||
Cc: jdesfossez@efficios.com
|
||||
Cc: dvhart@infradead.org
|
||||
Cc: bristot@redhat.com
|
||||
Link: http://lkml.kernel.org/r/20170322104151.554710645@infradead.org
|
||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
---
|
||||
kernel/futex.c | 30 +++++++++++++++---------------
|
||||
1 file changed, 15 insertions(+), 15 deletions(-)
|
||||
|
||||
--- a/kernel/futex.c
|
||||
+++ b/kernel/futex.c
|
||||
@@ -1120,14 +1120,14 @@ static int attach_to_pi_owner(u32 uval,
|
||||
static int lookup_pi_state(u32 uval, struct futex_hash_bucket *hb,
|
||||
union futex_key *key, struct futex_pi_state **ps)
|
||||
{
|
||||
- struct futex_q *match = futex_top_waiter(hb, key);
|
||||
+ struct futex_q *top_waiter = futex_top_waiter(hb, key);
|
||||
|
||||
/*
|
||||
* If there is a waiter on that futex, validate it and
|
||||
* attach to the pi_state when the validation succeeds.
|
||||
*/
|
||||
- if (match)
|
||||
- return attach_to_pi_state(uval, match->pi_state, ps);
|
||||
+ if (top_waiter)
|
||||
+ return attach_to_pi_state(uval, top_waiter->pi_state, ps);
|
||||
|
||||
/*
|
||||
* We are the first waiter - try to look up the owner based on
|
||||
@@ -1174,7 +1174,7 @@ static int futex_lock_pi_atomic(u32 __us
|
||||
struct task_struct *task, int set_waiters)
|
||||
{
|
||||
u32 uval, newval, vpid = task_pid_vnr(task);
|
||||
- struct futex_q *match;
|
||||
+ struct futex_q *top_waiter;
|
||||
int ret;
|
||||
|
||||
/*
|
||||
@@ -1200,9 +1200,9 @@ static int futex_lock_pi_atomic(u32 __us
|
||||
* Lookup existing state first. If it exists, try to attach to
|
||||
* its pi_state.
|
||||
*/
|
||||
- match = futex_top_waiter(hb, key);
|
||||
- if (match)
|
||||
- return attach_to_pi_state(uval, match->pi_state, ps);
|
||||
+ top_waiter = futex_top_waiter(hb, key);
|
||||
+ if (top_waiter)
|
||||
+ return attach_to_pi_state(uval, top_waiter->pi_state, ps);
|
||||
|
||||
/*
|
||||
* No waiter and user TID is 0. We are here because the
|
||||
@@ -1292,11 +1292,11 @@ static void mark_wake_futex(struct wake_
|
||||
q->lock_ptr = NULL;
|
||||
}
|
||||
|
||||
-static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_q *this,
|
||||
+static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_q *top_waiter,
|
||||
struct futex_hash_bucket *hb)
|
||||
{
|
||||
struct task_struct *new_owner;
|
||||
- struct futex_pi_state *pi_state = this->pi_state;
|
||||
+ struct futex_pi_state *pi_state = top_waiter->pi_state;
|
||||
u32 uninitialized_var(curval), newval;
|
||||
WAKE_Q(wake_q);
|
||||
bool deboost;
|
||||
@@ -1317,11 +1317,11 @@ static int wake_futex_pi(u32 __user *uad
|
||||
|
||||
/*
|
||||
* It is possible that the next waiter (the one that brought
|
||||
- * this owner to the kernel) timed out and is no longer
|
||||
+ * top_waiter owner to the kernel) timed out and is no longer
|
||||
* waiting on the lock.
|
||||
*/
|
||||
if (!new_owner)
|
||||
- new_owner = this->task;
|
||||
+ new_owner = top_waiter->task;
|
||||
|
||||
/*
|
||||
* We pass it to the next owner. The WAITERS bit is always
|
||||
@@ -2631,7 +2631,7 @@ static int futex_unlock_pi(u32 __user *u
|
||||
u32 uninitialized_var(curval), uval, vpid = task_pid_vnr(current);
|
||||
union futex_key key = FUTEX_KEY_INIT;
|
||||
struct futex_hash_bucket *hb;
|
||||
- struct futex_q *match;
|
||||
+ struct futex_q *top_waiter;
|
||||
int ret;
|
||||
|
||||
retry:
|
||||
@@ -2655,9 +2655,9 @@ static int futex_unlock_pi(u32 __user *u
|
||||
* all and we at least want to know if user space fiddled
|
||||
* with the futex value instead of blindly unlocking.
|
||||
*/
|
||||
- match = futex_top_waiter(hb, &key);
|
||||
- if (match) {
|
||||
- ret = wake_futex_pi(uaddr, uval, match, hb);
|
||||
+ top_waiter = futex_top_waiter(hb, &key);
|
||||
+ if (top_waiter) {
|
||||
+ ret = wake_futex_pi(uaddr, uval, top_waiter, hb);
|
||||
/*
|
||||
* In case of success wake_futex_pi dropped the hash
|
||||
* bucket lock.
|
39
debian/patches/features/all/rt/0002-futex-Use-smp_store_release-in-mark_wake_futex.patch
vendored
Normal file
39
debian/patches/features/all/rt/0002-futex-Use-smp_store_release-in-mark_wake_futex.patch
vendored
Normal file
|
@ -0,0 +1,39 @@
|
|||
From: Peter Zijlstra <peterz@infradead.org>
|
||||
Date: Wed, 22 Mar 2017 11:35:49 +0100
|
||||
Subject: [PATCH] futex: Use smp_store_release() in mark_wake_futex()
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Upstream commit 1b367ece0d7e696cab1c8501bab282cc6a538b3f
|
||||
|
||||
Since the futex_q can dissapear the instruction after assigning NULL,
|
||||
this really should be a RELEASE barrier. That stops loads from hitting
|
||||
dead memory too.
|
||||
|
||||
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
|
||||
Cc: juri.lelli@arm.com
|
||||
Cc: bigeasy@linutronix.de
|
||||
Cc: xlpang@redhat.com
|
||||
Cc: rostedt@goodmis.org
|
||||
Cc: mathieu.desnoyers@efficios.com
|
||||
Cc: jdesfossez@efficios.com
|
||||
Cc: dvhart@infradead.org
|
||||
Cc: bristot@redhat.com
|
||||
Link: http://lkml.kernel.org/r/20170322104151.604296452@infradead.org
|
||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
---
|
||||
kernel/futex.c | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
--- a/kernel/futex.c
|
||||
+++ b/kernel/futex.c
|
||||
@@ -1288,8 +1288,7 @@ static void mark_wake_futex(struct wake_
|
||||
* memory barrier is required here to prevent the following
|
||||
* store to lock_ptr from getting ahead of the plist_del.
|
||||
*/
|
||||
- smp_wmb();
|
||||
- q->lock_ptr = NULL;
|
||||
+ smp_store_release(&q->lock_ptr, NULL);
|
||||
}
|
||||
|
||||
static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_q *top_waiter,
|
185
debian/patches/features/all/rt/0003-futex-Remove-rt_mutex_deadlock_account_.patch
vendored
Normal file
185
debian/patches/features/all/rt/0003-futex-Remove-rt_mutex_deadlock_account_.patch
vendored
Normal file
|
@ -0,0 +1,185 @@
|
|||
From: Peter Zijlstra <peterz@infradead.org>
|
||||
Date: Wed, 22 Mar 2017 11:35:50 +0100
|
||||
Subject: [PATCH] futex: Remove rt_mutex_deadlock_account_*()
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Upstream commit fffa954fb528963c2fb7b0c0084eb77e2be7ab52
|
||||
|
||||
These are unused and clutter up the code.
|
||||
|
||||
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
|
||||
Cc: juri.lelli@arm.com
|
||||
Cc: bigeasy@linutronix.de
|
||||
Cc: xlpang@redhat.com
|
||||
Cc: rostedt@goodmis.org
|
||||
Cc: mathieu.desnoyers@efficios.com
|
||||
Cc: jdesfossez@efficios.com
|
||||
Cc: dvhart@infradead.org
|
||||
Cc: bristot@redhat.com
|
||||
Link: http://lkml.kernel.org/r/20170322104151.652692478@infradead.org
|
||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
---
|
||||
kernel/locking/rtmutex-debug.c | 9 -------
|
||||
kernel/locking/rtmutex-debug.h | 3 --
|
||||
kernel/locking/rtmutex.c | 47 +++++++++++++++--------------------------
|
||||
kernel/locking/rtmutex.h | 2 -
|
||||
4 files changed, 18 insertions(+), 43 deletions(-)
|
||||
|
||||
--- a/kernel/locking/rtmutex-debug.c
|
||||
+++ b/kernel/locking/rtmutex-debug.c
|
||||
@@ -173,12 +173,3 @@ void debug_rt_mutex_init(struct rt_mutex
|
||||
lock->name = name;
|
||||
}
|
||||
|
||||
-void
|
||||
-rt_mutex_deadlock_account_lock(struct rt_mutex *lock, struct task_struct *task)
|
||||
-{
|
||||
-}
|
||||
-
|
||||
-void rt_mutex_deadlock_account_unlock(struct task_struct *task)
|
||||
-{
|
||||
-}
|
||||
-
|
||||
--- a/kernel/locking/rtmutex-debug.h
|
||||
+++ b/kernel/locking/rtmutex-debug.h
|
||||
@@ -9,9 +9,6 @@
|
||||
* This file contains macros used solely by rtmutex.c. Debug version.
|
||||
*/
|
||||
|
||||
-extern void
|
||||
-rt_mutex_deadlock_account_lock(struct rt_mutex *lock, struct task_struct *task);
|
||||
-extern void rt_mutex_deadlock_account_unlock(struct task_struct *task);
|
||||
extern void debug_rt_mutex_init_waiter(struct rt_mutex_waiter *waiter);
|
||||
extern void debug_rt_mutex_free_waiter(struct rt_mutex_waiter *waiter);
|
||||
extern void debug_rt_mutex_init(struct rt_mutex *lock, const char *name);
|
||||
--- a/kernel/locking/rtmutex.c
|
||||
+++ b/kernel/locking/rtmutex.c
|
||||
@@ -936,8 +936,6 @@ static int try_to_take_rt_mutex(struct r
|
||||
*/
|
||||
rt_mutex_set_owner(lock, task);
|
||||
|
||||
- rt_mutex_deadlock_account_lock(lock, task);
|
||||
-
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -1340,8 +1338,6 @@ static bool __sched rt_mutex_slowunlock(
|
||||
|
||||
debug_rt_mutex_unlock(lock);
|
||||
|
||||
- rt_mutex_deadlock_account_unlock(current);
|
||||
-
|
||||
/*
|
||||
* We must be careful here if the fast path is enabled. If we
|
||||
* have no waiters queued we cannot set owner to NULL here
|
||||
@@ -1407,11 +1403,10 @@ rt_mutex_fastlock(struct rt_mutex *lock,
|
||||
struct hrtimer_sleeper *timeout,
|
||||
enum rtmutex_chainwalk chwalk))
|
||||
{
|
||||
- if (likely(rt_mutex_cmpxchg_acquire(lock, NULL, current))) {
|
||||
- rt_mutex_deadlock_account_lock(lock, current);
|
||||
+ if (likely(rt_mutex_cmpxchg_acquire(lock, NULL, current)))
|
||||
return 0;
|
||||
- } else
|
||||
- return slowfn(lock, state, NULL, RT_MUTEX_MIN_CHAINWALK);
|
||||
+
|
||||
+ return slowfn(lock, state, NULL, RT_MUTEX_MIN_CHAINWALK);
|
||||
}
|
||||
|
||||
static inline int
|
||||
@@ -1423,21 +1418,19 @@ rt_mutex_timed_fastlock(struct rt_mutex
|
||||
enum rtmutex_chainwalk chwalk))
|
||||
{
|
||||
if (chwalk == RT_MUTEX_MIN_CHAINWALK &&
|
||||
- likely(rt_mutex_cmpxchg_acquire(lock, NULL, current))) {
|
||||
- rt_mutex_deadlock_account_lock(lock, current);
|
||||
+ likely(rt_mutex_cmpxchg_acquire(lock, NULL, current)))
|
||||
return 0;
|
||||
- } else
|
||||
- return slowfn(lock, state, timeout, chwalk);
|
||||
+
|
||||
+ return slowfn(lock, state, timeout, chwalk);
|
||||
}
|
||||
|
||||
static inline int
|
||||
rt_mutex_fasttrylock(struct rt_mutex *lock,
|
||||
int (*slowfn)(struct rt_mutex *lock))
|
||||
{
|
||||
- if (likely(rt_mutex_cmpxchg_acquire(lock, NULL, current))) {
|
||||
- rt_mutex_deadlock_account_lock(lock, current);
|
||||
+ if (likely(rt_mutex_cmpxchg_acquire(lock, NULL, current)))
|
||||
return 1;
|
||||
- }
|
||||
+
|
||||
return slowfn(lock);
|
||||
}
|
||||
|
||||
@@ -1447,19 +1440,18 @@ rt_mutex_fastunlock(struct rt_mutex *loc
|
||||
struct wake_q_head *wqh))
|
||||
{
|
||||
WAKE_Q(wake_q);
|
||||
+ bool deboost;
|
||||
|
||||
- if (likely(rt_mutex_cmpxchg_release(lock, current, NULL))) {
|
||||
- rt_mutex_deadlock_account_unlock(current);
|
||||
+ if (likely(rt_mutex_cmpxchg_release(lock, current, NULL)))
|
||||
+ return;
|
||||
|
||||
- } else {
|
||||
- bool deboost = slowfn(lock, &wake_q);
|
||||
+ deboost = slowfn(lock, &wake_q);
|
||||
|
||||
- wake_up_q(&wake_q);
|
||||
+ wake_up_q(&wake_q);
|
||||
|
||||
- /* Undo pi boosting if necessary: */
|
||||
- if (deboost)
|
||||
- rt_mutex_adjust_prio(current);
|
||||
- }
|
||||
+ /* Undo pi boosting if necessary: */
|
||||
+ if (deboost)
|
||||
+ rt_mutex_adjust_prio(current);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1570,10 +1562,9 @@ EXPORT_SYMBOL_GPL(rt_mutex_unlock);
|
||||
bool __sched rt_mutex_futex_unlock(struct rt_mutex *lock,
|
||||
struct wake_q_head *wqh)
|
||||
{
|
||||
- if (likely(rt_mutex_cmpxchg_release(lock, current, NULL))) {
|
||||
- rt_mutex_deadlock_account_unlock(current);
|
||||
+ if (likely(rt_mutex_cmpxchg_release(lock, current, NULL)))
|
||||
return false;
|
||||
- }
|
||||
+
|
||||
return rt_mutex_slowunlock(lock, wqh);
|
||||
}
|
||||
|
||||
@@ -1631,7 +1622,6 @@ void rt_mutex_init_proxy_locked(struct r
|
||||
__rt_mutex_init(lock, NULL);
|
||||
debug_rt_mutex_proxy_lock(lock, proxy_owner);
|
||||
rt_mutex_set_owner(lock, proxy_owner);
|
||||
- rt_mutex_deadlock_account_lock(lock, proxy_owner);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1647,7 +1637,6 @@ void rt_mutex_proxy_unlock(struct rt_mut
|
||||
{
|
||||
debug_rt_mutex_proxy_unlock(lock);
|
||||
rt_mutex_set_owner(lock, NULL);
|
||||
- rt_mutex_deadlock_account_unlock(proxy_owner);
|
||||
}
|
||||
|
||||
/**
|
||||
--- a/kernel/locking/rtmutex.h
|
||||
+++ b/kernel/locking/rtmutex.h
|
||||
@@ -11,8 +11,6 @@
|
||||
*/
|
||||
|
||||
#define rt_mutex_deadlock_check(l) (0)
|
||||
-#define rt_mutex_deadlock_account_lock(m, t) do { } while (0)
|
||||
-#define rt_mutex_deadlock_account_unlock(l) do { } while (0)
|
||||
#define debug_rt_mutex_init_waiter(w) do { } while (0)
|
||||
#define debug_rt_mutex_free_waiter(w) do { } while (0)
|
||||
#define debug_rt_mutex_lock(l) do { } while (0)
|
221
debian/patches/features/all/rt/0004-futex-rt_mutex-Provide-futex-specific-rt_mutex-API.patch
vendored
Normal file
221
debian/patches/features/all/rt/0004-futex-rt_mutex-Provide-futex-specific-rt_mutex-API.patch
vendored
Normal file
|
@ -0,0 +1,221 @@
|
|||
From: Peter Zijlstra <peterz@infradead.org>
|
||||
Date: Wed, 22 Mar 2017 11:35:51 +0100
|
||||
Subject: [PATCH] futex,rt_mutex: Provide futex specific rt_mutex API
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Upstream commit 5293c2efda37775346885c7e924d4ef7018ea60b
|
||||
|
||||
Part of what makes futex_unlock_pi() intricate is that
|
||||
rt_mutex_futex_unlock() -> rt_mutex_slowunlock() can drop
|
||||
rt_mutex::wait_lock.
|
||||
|
||||
This means it cannot rely on the atomicy of wait_lock, which would be
|
||||
preferred in order to not rely on hb->lock so much.
|
||||
|
||||
The reason rt_mutex_slowunlock() needs to drop wait_lock is because it can
|
||||
race with the rt_mutex fastpath, however futexes have their own fast path.
|
||||
|
||||
Since futexes already have a bunch of separate rt_mutex accessors, complete
|
||||
that set and implement a rt_mutex variant without fastpath for them.
|
||||
|
||||
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
|
||||
Cc: juri.lelli@arm.com
|
||||
Cc: bigeasy@linutronix.de
|
||||
Cc: xlpang@redhat.com
|
||||
Cc: rostedt@goodmis.org
|
||||
Cc: mathieu.desnoyers@efficios.com
|
||||
Cc: jdesfossez@efficios.com
|
||||
Cc: dvhart@infradead.org
|
||||
Cc: bristot@redhat.com
|
||||
Link: http://lkml.kernel.org/r/20170322104151.702962446@infradead.org
|
||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
---
|
||||
kernel/futex.c | 30 ++++++++++-----------
|
||||
kernel/locking/rtmutex.c | 55 +++++++++++++++++++++++++++++-----------
|
||||
kernel/locking/rtmutex_common.h | 9 +++++-
|
||||
3 files changed, 62 insertions(+), 32 deletions(-)
|
||||
|
||||
--- a/kernel/futex.c
|
||||
+++ b/kernel/futex.c
|
||||
@@ -914,7 +914,7 @@ void exit_pi_state_list(struct task_stru
|
||||
pi_state->owner = NULL;
|
||||
raw_spin_unlock_irq(&curr->pi_lock);
|
||||
|
||||
- rt_mutex_unlock(&pi_state->pi_mutex);
|
||||
+ rt_mutex_futex_unlock(&pi_state->pi_mutex);
|
||||
|
||||
spin_unlock(&hb->lock);
|
||||
|
||||
@@ -1362,20 +1362,18 @@ static int wake_futex_pi(u32 __user *uad
|
||||
pi_state->owner = new_owner;
|
||||
raw_spin_unlock(&new_owner->pi_lock);
|
||||
|
||||
- raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
-
|
||||
- deboost = rt_mutex_futex_unlock(&pi_state->pi_mutex, &wake_q);
|
||||
-
|
||||
/*
|
||||
- * First unlock HB so the waiter does not spin on it once he got woken
|
||||
- * up. Second wake up the waiter before the priority is adjusted. If we
|
||||
- * deboost first (and lose our higher priority), then the task might get
|
||||
- * scheduled away before the wake up can take place.
|
||||
+ * We've updated the uservalue, this unlock cannot fail.
|
||||
*/
|
||||
+ deboost = __rt_mutex_futex_unlock(&pi_state->pi_mutex, &wake_q);
|
||||
+
|
||||
+ raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
spin_unlock(&hb->lock);
|
||||
- wake_up_q(&wake_q);
|
||||
- if (deboost)
|
||||
+
|
||||
+ if (deboost) {
|
||||
+ wake_up_q(&wake_q);
|
||||
rt_mutex_adjust_prio(current);
|
||||
+ }
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -2251,7 +2249,7 @@ static int fixup_owner(u32 __user *uaddr
|
||||
* task acquired the rt_mutex after we removed ourself from the
|
||||
* rt_mutex waiters list.
|
||||
*/
|
||||
- if (rt_mutex_trylock(&q->pi_state->pi_mutex)) {
|
||||
+ if (rt_mutex_futex_trylock(&q->pi_state->pi_mutex)) {
|
||||
locked = 1;
|
||||
goto out;
|
||||
}
|
||||
@@ -2566,7 +2564,7 @@ static int futex_lock_pi(u32 __user *uad
|
||||
if (!trylock) {
|
||||
ret = rt_mutex_timed_futex_lock(&q.pi_state->pi_mutex, to);
|
||||
} else {
|
||||
- ret = rt_mutex_trylock(&q.pi_state->pi_mutex);
|
||||
+ ret = rt_mutex_futex_trylock(&q.pi_state->pi_mutex);
|
||||
/* Fixup the trylock return value: */
|
||||
ret = ret ? 0 : -EWOULDBLOCK;
|
||||
}
|
||||
@@ -2589,7 +2587,7 @@ static int futex_lock_pi(u32 __user *uad
|
||||
* it and return the fault to userspace.
|
||||
*/
|
||||
if (ret && (rt_mutex_owner(&q.pi_state->pi_mutex) == current))
|
||||
- rt_mutex_unlock(&q.pi_state->pi_mutex);
|
||||
+ rt_mutex_futex_unlock(&q.pi_state->pi_mutex);
|
||||
|
||||
/* Unqueue and drop the lock */
|
||||
unqueue_me_pi(&q);
|
||||
@@ -2896,7 +2894,7 @@ static int futex_wait_requeue_pi(u32 __u
|
||||
spin_lock(q.lock_ptr);
|
||||
ret = fixup_pi_state_owner(uaddr2, &q, current);
|
||||
if (ret && rt_mutex_owner(&q.pi_state->pi_mutex) == current)
|
||||
- rt_mutex_unlock(&q.pi_state->pi_mutex);
|
||||
+ rt_mutex_futex_unlock(&q.pi_state->pi_mutex);
|
||||
/*
|
||||
* Drop the reference to the pi state which
|
||||
* the requeue_pi() code acquired for us.
|
||||
@@ -2936,7 +2934,7 @@ static int futex_wait_requeue_pi(u32 __u
|
||||
* userspace.
|
||||
*/
|
||||
if (ret && rt_mutex_owner(pi_mutex) == current)
|
||||
- rt_mutex_unlock(pi_mutex);
|
||||
+ rt_mutex_futex_unlock(pi_mutex);
|
||||
|
||||
/* Unqueue and drop the lock. */
|
||||
unqueue_me_pi(&q);
|
||||
--- a/kernel/locking/rtmutex.c
|
||||
+++ b/kernel/locking/rtmutex.c
|
||||
@@ -1486,15 +1486,23 @@ EXPORT_SYMBOL_GPL(rt_mutex_lock_interrup
|
||||
|
||||
/*
|
||||
* Futex variant with full deadlock detection.
|
||||
+ * Futex variants must not use the fast-path, see __rt_mutex_futex_unlock().
|
||||
*/
|
||||
-int rt_mutex_timed_futex_lock(struct rt_mutex *lock,
|
||||
+int __sched rt_mutex_timed_futex_lock(struct rt_mutex *lock,
|
||||
struct hrtimer_sleeper *timeout)
|
||||
{
|
||||
might_sleep();
|
||||
|
||||
- return rt_mutex_timed_fastlock(lock, TASK_INTERRUPTIBLE, timeout,
|
||||
- RT_MUTEX_FULL_CHAINWALK,
|
||||
- rt_mutex_slowlock);
|
||||
+ return rt_mutex_slowlock(lock, TASK_INTERRUPTIBLE,
|
||||
+ timeout, RT_MUTEX_FULL_CHAINWALK);
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * Futex variant, must not use fastpath.
|
||||
+ */
|
||||
+int __sched rt_mutex_futex_trylock(struct rt_mutex *lock)
|
||||
+{
|
||||
+ return rt_mutex_slowtrylock(lock);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1553,19 +1561,38 @@ void __sched rt_mutex_unlock(struct rt_m
|
||||
EXPORT_SYMBOL_GPL(rt_mutex_unlock);
|
||||
|
||||
/**
|
||||
- * rt_mutex_futex_unlock - Futex variant of rt_mutex_unlock
|
||||
- * @lock: the rt_mutex to be unlocked
|
||||
- *
|
||||
- * Returns: true/false indicating whether priority adjustment is
|
||||
- * required or not.
|
||||
+ * Futex variant, that since futex variants do not use the fast-path, can be
|
||||
+ * simple and will not need to retry.
|
||||
*/
|
||||
-bool __sched rt_mutex_futex_unlock(struct rt_mutex *lock,
|
||||
- struct wake_q_head *wqh)
|
||||
+bool __sched __rt_mutex_futex_unlock(struct rt_mutex *lock,
|
||||
+ struct wake_q_head *wake_q)
|
||||
+{
|
||||
+ lockdep_assert_held(&lock->wait_lock);
|
||||
+
|
||||
+ debug_rt_mutex_unlock(lock);
|
||||
+
|
||||
+ if (!rt_mutex_has_waiters(lock)) {
|
||||
+ lock->owner = NULL;
|
||||
+ return false; /* done */
|
||||
+ }
|
||||
+
|
||||
+ mark_wakeup_next_waiter(wake_q, lock);
|
||||
+ return true; /* deboost and wakeups */
|
||||
+}
|
||||
+
|
||||
+void __sched rt_mutex_futex_unlock(struct rt_mutex *lock)
|
||||
{
|
||||
- if (likely(rt_mutex_cmpxchg_release(lock, current, NULL)))
|
||||
- return false;
|
||||
+ WAKE_Q(wake_q);
|
||||
+ bool deboost;
|
||||
|
||||
- return rt_mutex_slowunlock(lock, wqh);
|
||||
+ raw_spin_lock_irq(&lock->wait_lock);
|
||||
+ deboost = __rt_mutex_futex_unlock(lock, &wake_q);
|
||||
+ raw_spin_unlock_irq(&lock->wait_lock);
|
||||
+
|
||||
+ if (deboost) {
|
||||
+ wake_up_q(&wake_q);
|
||||
+ rt_mutex_adjust_prio(current);
|
||||
+ }
|
||||
}
|
||||
|
||||
/**
|
||||
--- a/kernel/locking/rtmutex_common.h
|
||||
+++ b/kernel/locking/rtmutex_common.h
|
||||
@@ -109,9 +109,14 @@ extern int rt_mutex_start_proxy_lock(str
|
||||
extern int rt_mutex_finish_proxy_lock(struct rt_mutex *lock,
|
||||
struct hrtimer_sleeper *to,
|
||||
struct rt_mutex_waiter *waiter);
|
||||
+
|
||||
extern int rt_mutex_timed_futex_lock(struct rt_mutex *l, struct hrtimer_sleeper *to);
|
||||
-extern bool rt_mutex_futex_unlock(struct rt_mutex *lock,
|
||||
- struct wake_q_head *wqh);
|
||||
+extern int rt_mutex_futex_trylock(struct rt_mutex *l);
|
||||
+
|
||||
+extern void rt_mutex_futex_unlock(struct rt_mutex *lock);
|
||||
+extern bool __rt_mutex_futex_unlock(struct rt_mutex *lock,
|
||||
+ struct wake_q_head *wqh);
|
||||
+
|
||||
extern void rt_mutex_adjust_prio(struct task_struct *task);
|
||||
|
||||
#ifdef CONFIG_DEBUG_RT_MUTEXES
|
|
@ -0,0 +1,371 @@
|
|||
From: Peter Zijlstra <peterz@infradead.org>
|
||||
Date: Wed, 22 Mar 2017 11:35:52 +0100
|
||||
Subject: [PATCH] futex: Change locking rules
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Upstream commit 734009e96d1983ad739e5b656e03430b3660c913
|
||||
|
||||
Currently futex-pi relies on hb->lock to serialize everything. But hb->lock
|
||||
creates another set of problems, especially priority inversions on RT where
|
||||
hb->lock becomes a rt_mutex itself.
|
||||
|
||||
The rt_mutex::wait_lock is the most obvious protection for keeping the
|
||||
futex user space value and the kernel internal pi_state in sync.
|
||||
|
||||
Rework and document the locking so rt_mutex::wait_lock is held accross all
|
||||
operations which modify the user space value and the pi state.
|
||||
|
||||
This allows to invoke rt_mutex_unlock() (including deboost) without holding
|
||||
hb->lock as a next step.
|
||||
|
||||
Nothing yet relies on the new locking rules.
|
||||
|
||||
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
|
||||
Cc: juri.lelli@arm.com
|
||||
Cc: bigeasy@linutronix.de
|
||||
Cc: xlpang@redhat.com
|
||||
Cc: rostedt@goodmis.org
|
||||
Cc: mathieu.desnoyers@efficios.com
|
||||
Cc: jdesfossez@efficios.com
|
||||
Cc: dvhart@infradead.org
|
||||
Cc: bristot@redhat.com
|
||||
Link: http://lkml.kernel.org/r/20170322104151.751993333@infradead.org
|
||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
---
|
||||
kernel/futex.c | 165 +++++++++++++++++++++++++++++++++++++++++++++------------
|
||||
1 file changed, 132 insertions(+), 33 deletions(-)
|
||||
|
||||
--- a/kernel/futex.c
|
||||
+++ b/kernel/futex.c
|
||||
@@ -971,6 +971,39 @@ void exit_pi_state_list(struct task_stru
|
||||
*
|
||||
* [10] There is no transient state which leaves owner and user space
|
||||
* TID out of sync.
|
||||
+ *
|
||||
+ *
|
||||
+ * Serialization and lifetime rules:
|
||||
+ *
|
||||
+ * hb->lock:
|
||||
+ *
|
||||
+ * hb -> futex_q, relation
|
||||
+ * futex_q -> pi_state, relation
|
||||
+ *
|
||||
+ * (cannot be raw because hb can contain arbitrary amount
|
||||
+ * of futex_q's)
|
||||
+ *
|
||||
+ * pi_mutex->wait_lock:
|
||||
+ *
|
||||
+ * {uval, pi_state}
|
||||
+ *
|
||||
+ * (and pi_mutex 'obviously')
|
||||
+ *
|
||||
+ * p->pi_lock:
|
||||
+ *
|
||||
+ * p->pi_state_list -> pi_state->list, relation
|
||||
+ *
|
||||
+ * pi_state->refcount:
|
||||
+ *
|
||||
+ * pi_state lifetime
|
||||
+ *
|
||||
+ *
|
||||
+ * Lock order:
|
||||
+ *
|
||||
+ * hb->lock
|
||||
+ * pi_mutex->wait_lock
|
||||
+ * p->pi_lock
|
||||
+ *
|
||||
*/
|
||||
|
||||
/*
|
||||
@@ -978,10 +1011,12 @@ void exit_pi_state_list(struct task_stru
|
||||
* the pi_state against the user space value. If correct, attach to
|
||||
* it.
|
||||
*/
|
||||
-static int attach_to_pi_state(u32 uval, struct futex_pi_state *pi_state,
|
||||
+static int attach_to_pi_state(u32 __user *uaddr, u32 uval,
|
||||
+ struct futex_pi_state *pi_state,
|
||||
struct futex_pi_state **ps)
|
||||
{
|
||||
pid_t pid = uval & FUTEX_TID_MASK;
|
||||
+ int ret, uval2;
|
||||
|
||||
/*
|
||||
* Userspace might have messed up non-PI and PI futexes [3]
|
||||
@@ -989,9 +1024,34 @@ static int attach_to_pi_state(u32 uval,
|
||||
if (unlikely(!pi_state))
|
||||
return -EINVAL;
|
||||
|
||||
+ /*
|
||||
+ * We get here with hb->lock held, and having found a
|
||||
+ * futex_top_waiter(). This means that futex_lock_pi() of said futex_q
|
||||
+ * has dropped the hb->lock in between queue_me() and unqueue_me_pi(),
|
||||
+ * which in turn means that futex_lock_pi() still has a reference on
|
||||
+ * our pi_state.
|
||||
+ */
|
||||
WARN_ON(!atomic_read(&pi_state->refcount));
|
||||
|
||||
/*
|
||||
+ * Now that we have a pi_state, we can acquire wait_lock
|
||||
+ * and do the state validation.
|
||||
+ */
|
||||
+ raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
+
|
||||
+ /*
|
||||
+ * Since {uval, pi_state} is serialized by wait_lock, and our current
|
||||
+ * uval was read without holding it, it can have changed. Verify it
|
||||
+ * still is what we expect it to be, otherwise retry the entire
|
||||
+ * operation.
|
||||
+ */
|
||||
+ if (get_futex_value_locked(&uval2, uaddr))
|
||||
+ goto out_efault;
|
||||
+
|
||||
+ if (uval != uval2)
|
||||
+ goto out_eagain;
|
||||
+
|
||||
+ /*
|
||||
* Handle the owner died case:
|
||||
*/
|
||||
if (uval & FUTEX_OWNER_DIED) {
|
||||
@@ -1006,11 +1066,11 @@ static int attach_to_pi_state(u32 uval,
|
||||
* is not 0. Inconsistent state. [5]
|
||||
*/
|
||||
if (pid)
|
||||
- return -EINVAL;
|
||||
+ goto out_einval;
|
||||
/*
|
||||
* Take a ref on the state and return success. [4]
|
||||
*/
|
||||
- goto out_state;
|
||||
+ goto out_attach;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1022,14 +1082,14 @@ static int attach_to_pi_state(u32 uval,
|
||||
* Take a ref on the state and return success. [6]
|
||||
*/
|
||||
if (!pid)
|
||||
- goto out_state;
|
||||
+ goto out_attach;
|
||||
} else {
|
||||
/*
|
||||
* If the owner died bit is not set, then the pi_state
|
||||
* must have an owner. [7]
|
||||
*/
|
||||
if (!pi_state->owner)
|
||||
- return -EINVAL;
|
||||
+ goto out_einval;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1038,11 +1098,29 @@ static int attach_to_pi_state(u32 uval,
|
||||
* user space TID. [9/10]
|
||||
*/
|
||||
if (pid != task_pid_vnr(pi_state->owner))
|
||||
- return -EINVAL;
|
||||
-out_state:
|
||||
+ goto out_einval;
|
||||
+
|
||||
+out_attach:
|
||||
atomic_inc(&pi_state->refcount);
|
||||
+ raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
*ps = pi_state;
|
||||
return 0;
|
||||
+
|
||||
+out_einval:
|
||||
+ ret = -EINVAL;
|
||||
+ goto out_error;
|
||||
+
|
||||
+out_eagain:
|
||||
+ ret = -EAGAIN;
|
||||
+ goto out_error;
|
||||
+
|
||||
+out_efault:
|
||||
+ ret = -EFAULT;
|
||||
+ goto out_error;
|
||||
+
|
||||
+out_error:
|
||||
+ raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1093,6 +1171,9 @@ static int attach_to_pi_owner(u32 uval,
|
||||
|
||||
/*
|
||||
* No existing pi state. First waiter. [2]
|
||||
+ *
|
||||
+ * This creates pi_state, we have hb->lock held, this means nothing can
|
||||
+ * observe this state, wait_lock is irrelevant.
|
||||
*/
|
||||
pi_state = alloc_pi_state();
|
||||
|
||||
@@ -1117,7 +1198,8 @@ static int attach_to_pi_owner(u32 uval,
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static int lookup_pi_state(u32 uval, struct futex_hash_bucket *hb,
|
||||
+static int lookup_pi_state(u32 __user *uaddr, u32 uval,
|
||||
+ struct futex_hash_bucket *hb,
|
||||
union futex_key *key, struct futex_pi_state **ps)
|
||||
{
|
||||
struct futex_q *top_waiter = futex_top_waiter(hb, key);
|
||||
@@ -1127,7 +1209,7 @@ static int lookup_pi_state(u32 uval, str
|
||||
* attach to the pi_state when the validation succeeds.
|
||||
*/
|
||||
if (top_waiter)
|
||||
- return attach_to_pi_state(uval, top_waiter->pi_state, ps);
|
||||
+ return attach_to_pi_state(uaddr, uval, top_waiter->pi_state, ps);
|
||||
|
||||
/*
|
||||
* We are the first waiter - try to look up the owner based on
|
||||
@@ -1146,7 +1228,7 @@ static int lock_pi_update_atomic(u32 __u
|
||||
if (unlikely(cmpxchg_futex_value_locked(&curval, uaddr, uval, newval)))
|
||||
return -EFAULT;
|
||||
|
||||
- /*If user space value changed, let the caller retry */
|
||||
+ /* If user space value changed, let the caller retry */
|
||||
return curval != uval ? -EAGAIN : 0;
|
||||
}
|
||||
|
||||
@@ -1202,7 +1284,7 @@ static int futex_lock_pi_atomic(u32 __us
|
||||
*/
|
||||
top_waiter = futex_top_waiter(hb, key);
|
||||
if (top_waiter)
|
||||
- return attach_to_pi_state(uval, top_waiter->pi_state, ps);
|
||||
+ return attach_to_pi_state(uaddr, uval, top_waiter->pi_state, ps);
|
||||
|
||||
/*
|
||||
* No waiter and user TID is 0. We are here because the
|
||||
@@ -1334,6 +1416,7 @@ static int wake_futex_pi(u32 __user *uad
|
||||
|
||||
if (cmpxchg_futex_value_locked(&curval, uaddr, uval, newval)) {
|
||||
ret = -EFAULT;
|
||||
+
|
||||
} else if (curval != uval) {
|
||||
/*
|
||||
* If a unconditional UNLOCK_PI operation (user space did not
|
||||
@@ -1346,6 +1429,7 @@ static int wake_futex_pi(u32 __user *uad
|
||||
else
|
||||
ret = -EINVAL;
|
||||
}
|
||||
+
|
||||
if (ret) {
|
||||
raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
return ret;
|
||||
@@ -1821,7 +1905,7 @@ static int futex_requeue(u32 __user *uad
|
||||
* If that call succeeds then we have pi_state and an
|
||||
* initial refcount on it.
|
||||
*/
|
||||
- ret = lookup_pi_state(ret, hb2, &key2, &pi_state);
|
||||
+ ret = lookup_pi_state(uaddr2, ret, hb2, &key2, &pi_state);
|
||||
}
|
||||
|
||||
switch (ret) {
|
||||
@@ -2120,10 +2204,13 @@ static int fixup_pi_state_owner(u32 __us
|
||||
{
|
||||
u32 newtid = task_pid_vnr(newowner) | FUTEX_WAITERS;
|
||||
struct futex_pi_state *pi_state = q->pi_state;
|
||||
- struct task_struct *oldowner = pi_state->owner;
|
||||
u32 uval, uninitialized_var(curval), newval;
|
||||
+ struct task_struct *oldowner;
|
||||
int ret;
|
||||
|
||||
+ raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
+
|
||||
+ oldowner = pi_state->owner;
|
||||
/* Owner died? */
|
||||
if (!pi_state->owner)
|
||||
newtid |= FUTEX_OWNER_DIED;
|
||||
@@ -2139,11 +2226,10 @@ static int fixup_pi_state_owner(u32 __us
|
||||
* because we can fault here. Imagine swapped out pages or a fork
|
||||
* that marked all the anonymous memory readonly for cow.
|
||||
*
|
||||
- * Modifying pi_state _before_ the user space value would
|
||||
- * leave the pi_state in an inconsistent state when we fault
|
||||
- * here, because we need to drop the hash bucket lock to
|
||||
- * handle the fault. This might be observed in the PID check
|
||||
- * in lookup_pi_state.
|
||||
+ * Modifying pi_state _before_ the user space value would leave the
|
||||
+ * pi_state in an inconsistent state when we fault here, because we
|
||||
+ * need to drop the locks to handle the fault. This might be observed
|
||||
+ * in the PID check in lookup_pi_state.
|
||||
*/
|
||||
retry:
|
||||
if (get_futex_value_locked(&uval, uaddr))
|
||||
@@ -2164,47 +2250,60 @@ static int fixup_pi_state_owner(u32 __us
|
||||
* itself.
|
||||
*/
|
||||
if (pi_state->owner != NULL) {
|
||||
- raw_spin_lock_irq(&pi_state->owner->pi_lock);
|
||||
+ raw_spin_lock(&pi_state->owner->pi_lock);
|
||||
WARN_ON(list_empty(&pi_state->list));
|
||||
list_del_init(&pi_state->list);
|
||||
- raw_spin_unlock_irq(&pi_state->owner->pi_lock);
|
||||
+ raw_spin_unlock(&pi_state->owner->pi_lock);
|
||||
}
|
||||
|
||||
pi_state->owner = newowner;
|
||||
|
||||
- raw_spin_lock_irq(&newowner->pi_lock);
|
||||
+ raw_spin_lock(&newowner->pi_lock);
|
||||
WARN_ON(!list_empty(&pi_state->list));
|
||||
list_add(&pi_state->list, &newowner->pi_state_list);
|
||||
- raw_spin_unlock_irq(&newowner->pi_lock);
|
||||
+ raw_spin_unlock(&newowner->pi_lock);
|
||||
+ raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
+
|
||||
return 0;
|
||||
|
||||
/*
|
||||
- * To handle the page fault we need to drop the hash bucket
|
||||
- * lock here. That gives the other task (either the highest priority
|
||||
- * waiter itself or the task which stole the rtmutex) the
|
||||
- * chance to try the fixup of the pi_state. So once we are
|
||||
- * back from handling the fault we need to check the pi_state
|
||||
- * after reacquiring the hash bucket lock and before trying to
|
||||
- * do another fixup. When the fixup has been done already we
|
||||
- * simply return.
|
||||
+ * To handle the page fault we need to drop the locks here. That gives
|
||||
+ * the other task (either the highest priority waiter itself or the
|
||||
+ * task which stole the rtmutex) the chance to try the fixup of the
|
||||
+ * pi_state. So once we are back from handling the fault we need to
|
||||
+ * check the pi_state after reacquiring the locks and before trying to
|
||||
+ * do another fixup. When the fixup has been done already we simply
|
||||
+ * return.
|
||||
+ *
|
||||
+ * Note: we hold both hb->lock and pi_mutex->wait_lock. We can safely
|
||||
+ * drop hb->lock since the caller owns the hb -> futex_q relation.
|
||||
+ * Dropping the pi_mutex->wait_lock requires the state revalidate.
|
||||
*/
|
||||
handle_fault:
|
||||
+ raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
spin_unlock(q->lock_ptr);
|
||||
|
||||
ret = fault_in_user_writeable(uaddr);
|
||||
|
||||
spin_lock(q->lock_ptr);
|
||||
+ raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
|
||||
/*
|
||||
* Check if someone else fixed it for us:
|
||||
*/
|
||||
- if (pi_state->owner != oldowner)
|
||||
- return 0;
|
||||
+ if (pi_state->owner != oldowner) {
|
||||
+ ret = 0;
|
||||
+ goto out_unlock;
|
||||
+ }
|
||||
|
||||
if (ret)
|
||||
- return ret;
|
||||
+ goto out_unlock;
|
||||
|
||||
goto retry;
|
||||
+
|
||||
+out_unlock:
|
||||
+ raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
static long futex_wait_restart(struct restart_block *restart);
|
|
@ -0,0 +1,76 @@
|
|||
From: Peter Zijlstra <peterz@infradead.org>
|
||||
Date: Wed, 22 Mar 2017 11:35:53 +0100
|
||||
Subject: [PATCH] futex: Cleanup refcounting
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Upstream commit bf92cf3a5100f5a0d5f9834787b130159397cb22
|
||||
|
||||
Add a put_pit_state() as counterpart for get_pi_state() so the refcounting
|
||||
becomes consistent.
|
||||
|
||||
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
|
||||
Cc: juri.lelli@arm.com
|
||||
Cc: bigeasy@linutronix.de
|
||||
Cc: xlpang@redhat.com
|
||||
Cc: rostedt@goodmis.org
|
||||
Cc: mathieu.desnoyers@efficios.com
|
||||
Cc: jdesfossez@efficios.com
|
||||
Cc: dvhart@infradead.org
|
||||
Cc: bristot@redhat.com
|
||||
Link: http://lkml.kernel.org/r/20170322104151.801778516@infradead.org
|
||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
---
|
||||
kernel/futex.c | 13 +++++++++----
|
||||
1 file changed, 9 insertions(+), 4 deletions(-)
|
||||
|
||||
--- a/kernel/futex.c
|
||||
+++ b/kernel/futex.c
|
||||
@@ -800,7 +800,7 @@ static int refill_pi_state_cache(void)
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static struct futex_pi_state * alloc_pi_state(void)
|
||||
+static struct futex_pi_state *alloc_pi_state(void)
|
||||
{
|
||||
struct futex_pi_state *pi_state = current->pi_state_cache;
|
||||
|
||||
@@ -810,6 +810,11 @@ static struct futex_pi_state * alloc_pi_
|
||||
return pi_state;
|
||||
}
|
||||
|
||||
+static void get_pi_state(struct futex_pi_state *pi_state)
|
||||
+{
|
||||
+ WARN_ON_ONCE(!atomic_inc_not_zero(&pi_state->refcount));
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* Drops a reference to the pi_state object and frees or caches it
|
||||
* when the last reference is gone.
|
||||
@@ -854,7 +859,7 @@ static void put_pi_state(struct futex_pi
|
||||
* Look up the task based on what TID userspace gave us.
|
||||
* We dont trust it.
|
||||
*/
|
||||
-static struct task_struct * futex_find_get_task(pid_t pid)
|
||||
+static struct task_struct *futex_find_get_task(pid_t pid)
|
||||
{
|
||||
struct task_struct *p;
|
||||
|
||||
@@ -1101,7 +1106,7 @@ static int attach_to_pi_state(u32 __user
|
||||
goto out_einval;
|
||||
|
||||
out_attach:
|
||||
- atomic_inc(&pi_state->refcount);
|
||||
+ get_pi_state(pi_state);
|
||||
raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
*ps = pi_state;
|
||||
return 0;
|
||||
@@ -1988,7 +1993,7 @@ static int futex_requeue(u32 __user *uad
|
||||
* refcount on the pi_state and store the pointer in
|
||||
* the futex_q object of the waiter.
|
||||
*/
|
||||
- atomic_inc(&pi_state->refcount);
|
||||
+ get_pi_state(pi_state);
|
||||
this->pi_state = pi_state;
|
||||
ret = rt_mutex_start_proxy_lock(&pi_state->pi_mutex,
|
||||
this->rt_waiter,
|
140
debian/patches/features/all/rt/0007-futex-Rework-inconsistent-rt_mutex-futex_q-state.patch
vendored
Normal file
140
debian/patches/features/all/rt/0007-futex-Rework-inconsistent-rt_mutex-futex_q-state.patch
vendored
Normal file
|
@ -0,0 +1,140 @@
|
|||
From: Peter Zijlstra <peterz@infradead.org>
|
||||
Date: Wed, 22 Mar 2017 11:35:54 +0100
|
||||
Subject: [PATCH] futex: Rework inconsistent rt_mutex/futex_q state
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Upstream commit 73d786bd043ebc855f349c81ea805f6b11cbf2aa
|
||||
|
||||
There is a weird state in the futex_unlock_pi() path when it interleaves
|
||||
with a concurrent futex_lock_pi() at the point where it drops hb->lock.
|
||||
|
||||
In this case, it can happen that the rt_mutex wait_list and the futex_q
|
||||
disagree on pending waiters, in particular rt_mutex will find no pending
|
||||
waiters where futex_q thinks there are. In this case the rt_mutex unlock
|
||||
code cannot assign an owner.
|
||||
|
||||
The futex side fixup code has to cleanup the inconsistencies with quite a
|
||||
bunch of interesting corner cases.
|
||||
|
||||
Simplify all this by changing wake_futex_pi() to return -EAGAIN when this
|
||||
situation occurs. This then gives the futex_lock_pi() code the opportunity
|
||||
to continue and the retried futex_unlock_pi() will now observe a coherent
|
||||
state.
|
||||
|
||||
The only problem is that this breaks RT timeliness guarantees. That
|
||||
is, consider the following scenario:
|
||||
|
||||
T1 and T2 are both pinned to CPU0. prio(T2) > prio(T1)
|
||||
|
||||
CPU0
|
||||
|
||||
T1
|
||||
lock_pi()
|
||||
queue_me() <- Waiter is visible
|
||||
|
||||
preemption
|
||||
|
||||
T2
|
||||
unlock_pi()
|
||||
loops with -EAGAIN forever
|
||||
|
||||
Which is undesirable for PI primitives. Future patches will rectify
|
||||
this.
|
||||
|
||||
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
|
||||
Cc: juri.lelli@arm.com
|
||||
Cc: bigeasy@linutronix.de
|
||||
Cc: xlpang@redhat.com
|
||||
Cc: rostedt@goodmis.org
|
||||
Cc: mathieu.desnoyers@efficios.com
|
||||
Cc: jdesfossez@efficios.com
|
||||
Cc: dvhart@infradead.org
|
||||
Cc: bristot@redhat.com
|
||||
Link: http://lkml.kernel.org/r/20170322104151.850383690@infradead.org
|
||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
---
|
||||
kernel/futex.c | 50 ++++++++++++++------------------------------------
|
||||
1 file changed, 14 insertions(+), 36 deletions(-)
|
||||
|
||||
--- a/kernel/futex.c
|
||||
+++ b/kernel/futex.c
|
||||
@@ -1402,12 +1402,19 @@ static int wake_futex_pi(u32 __user *uad
|
||||
new_owner = rt_mutex_next_owner(&pi_state->pi_mutex);
|
||||
|
||||
/*
|
||||
- * It is possible that the next waiter (the one that brought
|
||||
- * top_waiter owner to the kernel) timed out and is no longer
|
||||
- * waiting on the lock.
|
||||
+ * When we interleave with futex_lock_pi() where it does
|
||||
+ * rt_mutex_timed_futex_lock(), we might observe @this futex_q waiter,
|
||||
+ * but the rt_mutex's wait_list can be empty (either still, or again,
|
||||
+ * depending on which side we land).
|
||||
+ *
|
||||
+ * When this happens, give up our locks and try again, giving the
|
||||
+ * futex_lock_pi() instance time to complete, either by waiting on the
|
||||
+ * rtmutex or removing itself from the futex queue.
|
||||
*/
|
||||
- if (!new_owner)
|
||||
- new_owner = top_waiter->task;
|
||||
+ if (!new_owner) {
|
||||
+ raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
+ return -EAGAIN;
|
||||
+ }
|
||||
|
||||
/*
|
||||
* We pass it to the next owner. The WAITERS bit is always
|
||||
@@ -2330,7 +2337,6 @@ static long futex_wait_restart(struct re
|
||||
*/
|
||||
static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked)
|
||||
{
|
||||
- struct task_struct *owner;
|
||||
int ret = 0;
|
||||
|
||||
if (locked) {
|
||||
@@ -2344,43 +2350,15 @@ static int fixup_owner(u32 __user *uaddr
|
||||
}
|
||||
|
||||
/*
|
||||
- * Catch the rare case, where the lock was released when we were on the
|
||||
- * way back before we locked the hash bucket.
|
||||
- */
|
||||
- if (q->pi_state->owner == current) {
|
||||
- /*
|
||||
- * Try to get the rt_mutex now. This might fail as some other
|
||||
- * task acquired the rt_mutex after we removed ourself from the
|
||||
- * rt_mutex waiters list.
|
||||
- */
|
||||
- if (rt_mutex_futex_trylock(&q->pi_state->pi_mutex)) {
|
||||
- locked = 1;
|
||||
- goto out;
|
||||
- }
|
||||
-
|
||||
- /*
|
||||
- * pi_state is incorrect, some other task did a lock steal and
|
||||
- * we returned due to timeout or signal without taking the
|
||||
- * rt_mutex. Too late.
|
||||
- */
|
||||
- raw_spin_lock_irq(&q->pi_state->pi_mutex.wait_lock);
|
||||
- owner = rt_mutex_owner(&q->pi_state->pi_mutex);
|
||||
- if (!owner)
|
||||
- owner = rt_mutex_next_owner(&q->pi_state->pi_mutex);
|
||||
- raw_spin_unlock_irq(&q->pi_state->pi_mutex.wait_lock);
|
||||
- ret = fixup_pi_state_owner(uaddr, q, owner);
|
||||
- goto out;
|
||||
- }
|
||||
-
|
||||
- /*
|
||||
* Paranoia check. If we did not take the lock, then we should not be
|
||||
* the owner of the rt_mutex.
|
||||
*/
|
||||
- if (rt_mutex_owner(&q->pi_state->pi_mutex) == current)
|
||||
+ if (rt_mutex_owner(&q->pi_state->pi_mutex) == current) {
|
||||
printk(KERN_ERR "fixup_owner: ret = %d pi-mutex: %p "
|
||||
"pi-state %p\n", ret,
|
||||
q->pi_state->pi_mutex.owner,
|
||||
q->pi_state->owner);
|
||||
+ }
|
||||
|
||||
out:
|
||||
return ret ? ret : locked;
|
358
debian/patches/features/all/rt/0008-futex-Pull-rt_mutex_futex_unlock-out-from-under-hb-l.patch
vendored
Normal file
358
debian/patches/features/all/rt/0008-futex-Pull-rt_mutex_futex_unlock-out-from-under-hb-l.patch
vendored
Normal file
|
@ -0,0 +1,358 @@
|
|||
From: Peter Zijlstra <peterz@infradead.org>
|
||||
Date: Wed, 22 Mar 2017 11:35:55 +0100
|
||||
Subject: [PATCH] futex: Pull rt_mutex_futex_unlock() out from under hb->lock
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Upstream commit 16ffa12d742534d4ff73e8b3a4e81c1de39196f0
|
||||
|
||||
There's a number of 'interesting' problems, all caused by holding
|
||||
hb->lock while doing the rt_mutex_unlock() equivalient.
|
||||
|
||||
Notably:
|
||||
|
||||
- a PI inversion on hb->lock; and,
|
||||
|
||||
- a SCHED_DEADLINE crash because of pointer instability.
|
||||
|
||||
The previous changes:
|
||||
|
||||
- changed the locking rules to cover {uval,pi_state} with wait_lock.
|
||||
|
||||
- allow to do rt_mutex_futex_unlock() without dropping wait_lock; which in
|
||||
turn allows to rely on wait_lock atomicity completely.
|
||||
|
||||
- simplified the waiter conundrum.
|
||||
|
||||
It's now sufficient to hold rtmutex::wait_lock and a reference on the
|
||||
pi_state to protect the state consistency, so hb->lock can be dropped
|
||||
before calling rt_mutex_futex_unlock().
|
||||
|
||||
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
|
||||
Cc: juri.lelli@arm.com
|
||||
Cc: bigeasy@linutronix.de
|
||||
Cc: xlpang@redhat.com
|
||||
Cc: rostedt@goodmis.org
|
||||
Cc: mathieu.desnoyers@efficios.com
|
||||
Cc: jdesfossez@efficios.com
|
||||
Cc: dvhart@infradead.org
|
||||
Cc: bristot@redhat.com
|
||||
Link: http://lkml.kernel.org/r/20170322104151.900002056@infradead.org
|
||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
---
|
||||
kernel/futex.c | 154 +++++++++++++++++++++++++++++++++++++--------------------
|
||||
1 file changed, 100 insertions(+), 54 deletions(-)
|
||||
|
||||
--- a/kernel/futex.c
|
||||
+++ b/kernel/futex.c
|
||||
@@ -919,10 +919,12 @@ void exit_pi_state_list(struct task_stru
|
||||
pi_state->owner = NULL;
|
||||
raw_spin_unlock_irq(&curr->pi_lock);
|
||||
|
||||
- rt_mutex_futex_unlock(&pi_state->pi_mutex);
|
||||
-
|
||||
+ get_pi_state(pi_state);
|
||||
spin_unlock(&hb->lock);
|
||||
|
||||
+ rt_mutex_futex_unlock(&pi_state->pi_mutex);
|
||||
+ put_pi_state(pi_state);
|
||||
+
|
||||
raw_spin_lock_irq(&curr->pi_lock);
|
||||
}
|
||||
raw_spin_unlock_irq(&curr->pi_lock);
|
||||
@@ -1035,6 +1037,11 @@ static int attach_to_pi_state(u32 __user
|
||||
* has dropped the hb->lock in between queue_me() and unqueue_me_pi(),
|
||||
* which in turn means that futex_lock_pi() still has a reference on
|
||||
* our pi_state.
|
||||
+ *
|
||||
+ * The waiter holding a reference on @pi_state also protects against
|
||||
+ * the unlocked put_pi_state() in futex_unlock_pi(), futex_lock_pi()
|
||||
+ * and futex_wait_requeue_pi() as it cannot go to 0 and consequently
|
||||
+ * free pi_state before we can take a reference ourselves.
|
||||
*/
|
||||
WARN_ON(!atomic_read(&pi_state->refcount));
|
||||
|
||||
@@ -1378,48 +1385,40 @@ static void mark_wake_futex(struct wake_
|
||||
smp_store_release(&q->lock_ptr, NULL);
|
||||
}
|
||||
|
||||
-static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_q *top_waiter,
|
||||
- struct futex_hash_bucket *hb)
|
||||
+/*
|
||||
+ * Caller must hold a reference on @pi_state.
|
||||
+ */
|
||||
+static int wake_futex_pi(u32 __user *uaddr, u32 uval, struct futex_pi_state *pi_state)
|
||||
{
|
||||
- struct task_struct *new_owner;
|
||||
- struct futex_pi_state *pi_state = top_waiter->pi_state;
|
||||
u32 uninitialized_var(curval), newval;
|
||||
+ struct task_struct *new_owner;
|
||||
+ bool deboost = false;
|
||||
WAKE_Q(wake_q);
|
||||
- bool deboost;
|
||||
int ret = 0;
|
||||
|
||||
- if (!pi_state)
|
||||
- return -EINVAL;
|
||||
-
|
||||
- /*
|
||||
- * If current does not own the pi_state then the futex is
|
||||
- * inconsistent and user space fiddled with the futex value.
|
||||
- */
|
||||
- if (pi_state->owner != current)
|
||||
- return -EINVAL;
|
||||
-
|
||||
raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
new_owner = rt_mutex_next_owner(&pi_state->pi_mutex);
|
||||
-
|
||||
- /*
|
||||
- * When we interleave with futex_lock_pi() where it does
|
||||
- * rt_mutex_timed_futex_lock(), we might observe @this futex_q waiter,
|
||||
- * but the rt_mutex's wait_list can be empty (either still, or again,
|
||||
- * depending on which side we land).
|
||||
- *
|
||||
- * When this happens, give up our locks and try again, giving the
|
||||
- * futex_lock_pi() instance time to complete, either by waiting on the
|
||||
- * rtmutex or removing itself from the futex queue.
|
||||
- */
|
||||
if (!new_owner) {
|
||||
- raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
- return -EAGAIN;
|
||||
+ /*
|
||||
+ * Since we held neither hb->lock nor wait_lock when coming
|
||||
+ * into this function, we could have raced with futex_lock_pi()
|
||||
+ * such that we might observe @this futex_q waiter, but the
|
||||
+ * rt_mutex's wait_list can be empty (either still, or again,
|
||||
+ * depending on which side we land).
|
||||
+ *
|
||||
+ * When this happens, give up our locks and try again, giving
|
||||
+ * the futex_lock_pi() instance time to complete, either by
|
||||
+ * waiting on the rtmutex or removing itself from the futex
|
||||
+ * queue.
|
||||
+ */
|
||||
+ ret = -EAGAIN;
|
||||
+ goto out_unlock;
|
||||
}
|
||||
|
||||
/*
|
||||
- * We pass it to the next owner. The WAITERS bit is always
|
||||
- * kept enabled while there is PI state around. We cleanup the
|
||||
- * owner died bit, because we are the owner.
|
||||
+ * We pass it to the next owner. The WAITERS bit is always kept
|
||||
+ * enabled while there is PI state around. We cleanup the owner
|
||||
+ * died bit, because we are the owner.
|
||||
*/
|
||||
newval = FUTEX_WAITERS | task_pid_vnr(new_owner);
|
||||
|
||||
@@ -1442,10 +1441,8 @@ static int wake_futex_pi(u32 __user *uad
|
||||
ret = -EINVAL;
|
||||
}
|
||||
|
||||
- if (ret) {
|
||||
- raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
- return ret;
|
||||
- }
|
||||
+ if (ret)
|
||||
+ goto out_unlock;
|
||||
|
||||
raw_spin_lock(&pi_state->owner->pi_lock);
|
||||
WARN_ON(list_empty(&pi_state->list));
|
||||
@@ -1463,15 +1460,15 @@ static int wake_futex_pi(u32 __user *uad
|
||||
*/
|
||||
deboost = __rt_mutex_futex_unlock(&pi_state->pi_mutex, &wake_q);
|
||||
|
||||
+out_unlock:
|
||||
raw_spin_unlock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
- spin_unlock(&hb->lock);
|
||||
|
||||
if (deboost) {
|
||||
wake_up_q(&wake_q);
|
||||
rt_mutex_adjust_prio(current);
|
||||
}
|
||||
|
||||
- return 0;
|
||||
+ return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -2230,7 +2227,8 @@ static int fixup_pi_state_owner(u32 __us
|
||||
/*
|
||||
* We are here either because we stole the rtmutex from the
|
||||
* previous highest priority waiter or we are the highest priority
|
||||
- * waiter but failed to get the rtmutex the first time.
|
||||
+ * waiter but have failed to get the rtmutex the first time.
|
||||
+ *
|
||||
* We have to replace the newowner TID in the user space variable.
|
||||
* This must be atomic as we have to preserve the owner died bit here.
|
||||
*
|
||||
@@ -2247,7 +2245,7 @@ static int fixup_pi_state_owner(u32 __us
|
||||
if (get_futex_value_locked(&uval, uaddr))
|
||||
goto handle_fault;
|
||||
|
||||
- while (1) {
|
||||
+ for (;;) {
|
||||
newval = (uval & FUTEX_OWNER_DIED) | newtid;
|
||||
|
||||
if (cmpxchg_futex_value_locked(&curval, uaddr, uval, newval))
|
||||
@@ -2343,6 +2341,10 @@ static int fixup_owner(u32 __user *uaddr
|
||||
/*
|
||||
* Got the lock. We might not be the anticipated owner if we
|
||||
* did a lock-steal - fix up the PI-state in that case:
|
||||
+ *
|
||||
+ * We can safely read pi_state->owner without holding wait_lock
|
||||
+ * because we now own the rt_mutex, only the owner will attempt
|
||||
+ * to change it.
|
||||
*/
|
||||
if (q->pi_state->owner != current)
|
||||
ret = fixup_pi_state_owner(uaddr, q, current);
|
||||
@@ -2582,6 +2584,7 @@ static int futex_lock_pi(u32 __user *uad
|
||||
ktime_t *time, int trylock)
|
||||
{
|
||||
struct hrtimer_sleeper timeout, *to = NULL;
|
||||
+ struct futex_pi_state *pi_state = NULL;
|
||||
struct futex_hash_bucket *hb;
|
||||
struct futex_q q = futex_q_init;
|
||||
int res, ret;
|
||||
@@ -2668,12 +2671,19 @@ static int futex_lock_pi(u32 __user *uad
|
||||
* If fixup_owner() faulted and was unable to handle the fault, unlock
|
||||
* it and return the fault to userspace.
|
||||
*/
|
||||
- if (ret && (rt_mutex_owner(&q.pi_state->pi_mutex) == current))
|
||||
- rt_mutex_futex_unlock(&q.pi_state->pi_mutex);
|
||||
+ if (ret && (rt_mutex_owner(&q.pi_state->pi_mutex) == current)) {
|
||||
+ pi_state = q.pi_state;
|
||||
+ get_pi_state(pi_state);
|
||||
+ }
|
||||
|
||||
/* Unqueue and drop the lock */
|
||||
unqueue_me_pi(&q);
|
||||
|
||||
+ if (pi_state) {
|
||||
+ rt_mutex_futex_unlock(&pi_state->pi_mutex);
|
||||
+ put_pi_state(pi_state);
|
||||
+ }
|
||||
+
|
||||
goto out_put_key;
|
||||
|
||||
out_unlock_put_key:
|
||||
@@ -2736,10 +2746,36 @@ static int futex_unlock_pi(u32 __user *u
|
||||
*/
|
||||
top_waiter = futex_top_waiter(hb, &key);
|
||||
if (top_waiter) {
|
||||
- ret = wake_futex_pi(uaddr, uval, top_waiter, hb);
|
||||
+ struct futex_pi_state *pi_state = top_waiter->pi_state;
|
||||
+
|
||||
+ ret = -EINVAL;
|
||||
+ if (!pi_state)
|
||||
+ goto out_unlock;
|
||||
+
|
||||
+ /*
|
||||
+ * If current does not own the pi_state then the futex is
|
||||
+ * inconsistent and user space fiddled with the futex value.
|
||||
+ */
|
||||
+ if (pi_state->owner != current)
|
||||
+ goto out_unlock;
|
||||
+
|
||||
+ /*
|
||||
+ * Grab a reference on the pi_state and drop hb->lock.
|
||||
+ *
|
||||
+ * The reference ensures pi_state lives, dropping the hb->lock
|
||||
+ * is tricky.. wake_futex_pi() will take rt_mutex::wait_lock to
|
||||
+ * close the races against futex_lock_pi(), but in case of
|
||||
+ * _any_ fail we'll abort and retry the whole deal.
|
||||
+ */
|
||||
+ get_pi_state(pi_state);
|
||||
+ spin_unlock(&hb->lock);
|
||||
+
|
||||
+ ret = wake_futex_pi(uaddr, uval, pi_state);
|
||||
+
|
||||
+ put_pi_state(pi_state);
|
||||
+
|
||||
/*
|
||||
- * In case of success wake_futex_pi dropped the hash
|
||||
- * bucket lock.
|
||||
+ * Success, we're done! No tricky corner cases.
|
||||
*/
|
||||
if (!ret)
|
||||
goto out_putkey;
|
||||
@@ -2754,7 +2790,6 @@ static int futex_unlock_pi(u32 __user *u
|
||||
* setting the FUTEX_WAITERS bit. Try again.
|
||||
*/
|
||||
if (ret == -EAGAIN) {
|
||||
- spin_unlock(&hb->lock);
|
||||
put_futex_key(&key);
|
||||
goto retry;
|
||||
}
|
||||
@@ -2762,7 +2797,7 @@ static int futex_unlock_pi(u32 __user *u
|
||||
* wake_futex_pi has detected invalid state. Tell user
|
||||
* space.
|
||||
*/
|
||||
- goto out_unlock;
|
||||
+ goto out_putkey;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -2772,8 +2807,10 @@ static int futex_unlock_pi(u32 __user *u
|
||||
* preserve the WAITERS bit not the OWNER_DIED one. We are the
|
||||
* owner.
|
||||
*/
|
||||
- if (cmpxchg_futex_value_locked(&curval, uaddr, uval, 0))
|
||||
+ if (cmpxchg_futex_value_locked(&curval, uaddr, uval, 0)) {
|
||||
+ spin_unlock(&hb->lock);
|
||||
goto pi_faulted;
|
||||
+ }
|
||||
|
||||
/*
|
||||
* If uval has changed, let user space handle it.
|
||||
@@ -2787,7 +2824,6 @@ static int futex_unlock_pi(u32 __user *u
|
||||
return ret;
|
||||
|
||||
pi_faulted:
|
||||
- spin_unlock(&hb->lock);
|
||||
put_futex_key(&key);
|
||||
|
||||
ret = fault_in_user_writeable(uaddr);
|
||||
@@ -2891,6 +2927,7 @@ static int futex_wait_requeue_pi(u32 __u
|
||||
u32 __user *uaddr2)
|
||||
{
|
||||
struct hrtimer_sleeper timeout, *to = NULL;
|
||||
+ struct futex_pi_state *pi_state = NULL;
|
||||
struct rt_mutex_waiter rt_waiter;
|
||||
struct futex_hash_bucket *hb;
|
||||
union futex_key key2 = FUTEX_KEY_INIT;
|
||||
@@ -2975,8 +3012,10 @@ static int futex_wait_requeue_pi(u32 __u
|
||||
if (q.pi_state && (q.pi_state->owner != current)) {
|
||||
spin_lock(q.lock_ptr);
|
||||
ret = fixup_pi_state_owner(uaddr2, &q, current);
|
||||
- if (ret && rt_mutex_owner(&q.pi_state->pi_mutex) == current)
|
||||
- rt_mutex_futex_unlock(&q.pi_state->pi_mutex);
|
||||
+ if (ret && rt_mutex_owner(&q.pi_state->pi_mutex) == current) {
|
||||
+ pi_state = q.pi_state;
|
||||
+ get_pi_state(pi_state);
|
||||
+ }
|
||||
/*
|
||||
* Drop the reference to the pi state which
|
||||
* the requeue_pi() code acquired for us.
|
||||
@@ -3015,13 +3054,20 @@ static int futex_wait_requeue_pi(u32 __u
|
||||
* the fault, unlock the rt_mutex and return the fault to
|
||||
* userspace.
|
||||
*/
|
||||
- if (ret && rt_mutex_owner(pi_mutex) == current)
|
||||
- rt_mutex_futex_unlock(pi_mutex);
|
||||
+ if (ret && rt_mutex_owner(&q.pi_state->pi_mutex) == current) {
|
||||
+ pi_state = q.pi_state;
|
||||
+ get_pi_state(pi_state);
|
||||
+ }
|
||||
|
||||
/* Unqueue and drop the lock. */
|
||||
unqueue_me_pi(&q);
|
||||
}
|
||||
|
||||
+ if (pi_state) {
|
||||
+ rt_mutex_futex_unlock(&pi_state->pi_mutex);
|
||||
+ put_pi_state(pi_state);
|
||||
+ }
|
||||
+
|
||||
if (ret == -EINTR) {
|
||||
/*
|
||||
* We've already been requeued, but cannot restart by calling
|
80
debian/patches/features/all/rt/0009-futex-rt_mutex-Introduce-rt_mutex_init_waiter.patch
vendored
Normal file
80
debian/patches/features/all/rt/0009-futex-rt_mutex-Introduce-rt_mutex_init_waiter.patch
vendored
Normal file
|
@ -0,0 +1,80 @@
|
|||
From: Peter Zijlstra <peterz@infradead.org>
|
||||
Date: Wed, 22 Mar 2017 11:35:56 +0100
|
||||
Subject: [PATCH] futex,rt_mutex: Introduce rt_mutex_init_waiter()
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Upstream commit 50809358dd7199aa7ce232f6877dd09ec30ef374
|
||||
|
||||
Since there's already two copies of this code, introduce a helper now
|
||||
before adding a third one.
|
||||
|
||||
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
|
||||
Cc: juri.lelli@arm.com
|
||||
Cc: bigeasy@linutronix.de
|
||||
Cc: xlpang@redhat.com
|
||||
Cc: rostedt@goodmis.org
|
||||
Cc: mathieu.desnoyers@efficios.com
|
||||
Cc: jdesfossez@efficios.com
|
||||
Cc: dvhart@infradead.org
|
||||
Cc: bristot@redhat.com
|
||||
Link: http://lkml.kernel.org/r/20170322104151.950039479@infradead.org
|
||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
---
|
||||
kernel/futex.c | 5 +----
|
||||
kernel/locking/rtmutex.c | 12 +++++++++---
|
||||
kernel/locking/rtmutex_common.h | 1 +
|
||||
3 files changed, 11 insertions(+), 7 deletions(-)
|
||||
|
||||
--- a/kernel/futex.c
|
||||
+++ b/kernel/futex.c
|
||||
@@ -2954,10 +2954,7 @@ static int futex_wait_requeue_pi(u32 __u
|
||||
* The waiter is allocated on our stack, manipulated by the requeue
|
||||
* code while we sleep on uaddr.
|
||||
*/
|
||||
- debug_rt_mutex_init_waiter(&rt_waiter);
|
||||
- RB_CLEAR_NODE(&rt_waiter.pi_tree_entry);
|
||||
- RB_CLEAR_NODE(&rt_waiter.tree_entry);
|
||||
- rt_waiter.task = NULL;
|
||||
+ rt_mutex_init_waiter(&rt_waiter);
|
||||
|
||||
ret = get_futex_key(uaddr2, flags & FLAGS_SHARED, &key2, VERIFY_WRITE);
|
||||
if (unlikely(ret != 0))
|
||||
--- a/kernel/locking/rtmutex.c
|
||||
+++ b/kernel/locking/rtmutex.c
|
||||
@@ -1151,6 +1151,14 @@ void rt_mutex_adjust_pi(struct task_stru
|
||||
next_lock, NULL, task);
|
||||
}
|
||||
|
||||
+void rt_mutex_init_waiter(struct rt_mutex_waiter *waiter)
|
||||
+{
|
||||
+ debug_rt_mutex_init_waiter(waiter);
|
||||
+ RB_CLEAR_NODE(&waiter->pi_tree_entry);
|
||||
+ RB_CLEAR_NODE(&waiter->tree_entry);
|
||||
+ waiter->task = NULL;
|
||||
+}
|
||||
+
|
||||
/**
|
||||
* __rt_mutex_slowlock() - Perform the wait-wake-try-to-take loop
|
||||
* @lock: the rt_mutex to take
|
||||
@@ -1233,9 +1241,7 @@ rt_mutex_slowlock(struct rt_mutex *lock,
|
||||
unsigned long flags;
|
||||
int ret = 0;
|
||||
|
||||
- debug_rt_mutex_init_waiter(&waiter);
|
||||
- RB_CLEAR_NODE(&waiter.pi_tree_entry);
|
||||
- RB_CLEAR_NODE(&waiter.tree_entry);
|
||||
+ rt_mutex_init_waiter(&waiter);
|
||||
|
||||
/*
|
||||
* Technically we could use raw_spin_[un]lock_irq() here, but this can
|
||||
--- a/kernel/locking/rtmutex_common.h
|
||||
+++ b/kernel/locking/rtmutex_common.h
|
||||
@@ -103,6 +103,7 @@ extern void rt_mutex_init_proxy_locked(s
|
||||
struct task_struct *proxy_owner);
|
||||
extern void rt_mutex_proxy_unlock(struct rt_mutex *lock,
|
||||
struct task_struct *proxy_owner);
|
||||
+extern void rt_mutex_init_waiter(struct rt_mutex_waiter *waiter);
|
||||
extern int rt_mutex_start_proxy_lock(struct rt_mutex *lock,
|
||||
struct rt_mutex_waiter *waiter,
|
||||
struct task_struct *task);
|
159
debian/patches/features/all/rt/0010-futex-rt_mutex-Restructure-rt_mutex_finish_proxy_loc.patch
vendored
Normal file
159
debian/patches/features/all/rt/0010-futex-rt_mutex-Restructure-rt_mutex_finish_proxy_loc.patch
vendored
Normal file
|
@ -0,0 +1,159 @@
|
|||
From: Peter Zijlstra <peterz@infradead.org>
|
||||
Date: Wed, 22 Mar 2017 11:35:57 +0100
|
||||
Subject: [PATCH] futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Upstream commit 38d589f2fd08f1296aea3ce62bebd185125c6d81
|
||||
|
||||
With the ultimate goal of keeping rt_mutex wait_list and futex_q waiters
|
||||
consistent it's necessary to split 'rt_mutex_futex_lock()' into finer
|
||||
parts, such that only the actual blocking can be done without hb->lock
|
||||
held.
|
||||
|
||||
Split split_mutex_finish_proxy_lock() into two parts, one that does the
|
||||
blocking and one that does remove_waiter() when the lock acquire failed.
|
||||
|
||||
When the rtmutex was acquired successfully the waiter can be removed in the
|
||||
acquisiton path safely, since there is no concurrency on the lock owner.
|
||||
|
||||
This means that, except for futex_lock_pi(), all wait_list modifications
|
||||
are done with both hb->lock and wait_lock held.
|
||||
|
||||
[bigeasy@linutronix.de: fix for futex_requeue_pi_signal_restart]
|
||||
|
||||
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
|
||||
Cc: juri.lelli@arm.com
|
||||
Cc: bigeasy@linutronix.de
|
||||
Cc: xlpang@redhat.com
|
||||
Cc: rostedt@goodmis.org
|
||||
Cc: mathieu.desnoyers@efficios.com
|
||||
Cc: jdesfossez@efficios.com
|
||||
Cc: dvhart@infradead.org
|
||||
Cc: bristot@redhat.com
|
||||
Link: http://lkml.kernel.org/r/20170322104152.001659630@infradead.org
|
||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
---
|
||||
kernel/futex.c | 7 +++--
|
||||
kernel/locking/rtmutex.c | 52 ++++++++++++++++++++++++++++++++++------
|
||||
kernel/locking/rtmutex_common.h | 8 +++---
|
||||
3 files changed, 55 insertions(+), 12 deletions(-)
|
||||
|
||||
--- a/kernel/futex.c
|
||||
+++ b/kernel/futex.c
|
||||
@@ -3030,10 +3030,13 @@ static int futex_wait_requeue_pi(u32 __u
|
||||
*/
|
||||
WARN_ON(!q.pi_state);
|
||||
pi_mutex = &q.pi_state->pi_mutex;
|
||||
- ret = rt_mutex_finish_proxy_lock(pi_mutex, to, &rt_waiter);
|
||||
- debug_rt_mutex_free_waiter(&rt_waiter);
|
||||
+ ret = rt_mutex_wait_proxy_lock(pi_mutex, to, &rt_waiter);
|
||||
|
||||
spin_lock(q.lock_ptr);
|
||||
+ if (ret && !rt_mutex_cleanup_proxy_lock(pi_mutex, &rt_waiter))
|
||||
+ ret = 0;
|
||||
+
|
||||
+ debug_rt_mutex_free_waiter(&rt_waiter);
|
||||
/*
|
||||
* Fixup the pi_state owner and possibly acquire the lock if we
|
||||
* haven't already.
|
||||
--- a/kernel/locking/rtmutex.c
|
||||
+++ b/kernel/locking/rtmutex.c
|
||||
@@ -1743,21 +1743,23 @@ struct task_struct *rt_mutex_next_owner(
|
||||
}
|
||||
|
||||
/**
|
||||
- * rt_mutex_finish_proxy_lock() - Complete lock acquisition
|
||||
+ * rt_mutex_wait_proxy_lock() - Wait for lock acquisition
|
||||
* @lock: the rt_mutex we were woken on
|
||||
* @to: the timeout, null if none. hrtimer should already have
|
||||
* been started.
|
||||
* @waiter: the pre-initialized rt_mutex_waiter
|
||||
*
|
||||
- * Complete the lock acquisition started our behalf by another thread.
|
||||
+ * Wait for the the lock acquisition started on our behalf by
|
||||
+ * rt_mutex_start_proxy_lock(). Upon failure, the caller must call
|
||||
+ * rt_mutex_cleanup_proxy_lock().
|
||||
*
|
||||
* Returns:
|
||||
* 0 - success
|
||||
* <0 - error, one of -EINTR, -ETIMEDOUT
|
||||
*
|
||||
- * Special API call for PI-futex requeue support
|
||||
+ * Special API call for PI-futex support
|
||||
*/
|
||||
-int rt_mutex_finish_proxy_lock(struct rt_mutex *lock,
|
||||
+int rt_mutex_wait_proxy_lock(struct rt_mutex *lock,
|
||||
struct hrtimer_sleeper *to,
|
||||
struct rt_mutex_waiter *waiter)
|
||||
{
|
||||
@@ -1770,9 +1772,6 @@ int rt_mutex_finish_proxy_lock(struct rt
|
||||
/* sleep on the mutex */
|
||||
ret = __rt_mutex_slowlock(lock, TASK_INTERRUPTIBLE, to, waiter);
|
||||
|
||||
- if (unlikely(ret))
|
||||
- remove_waiter(lock, waiter);
|
||||
-
|
||||
/*
|
||||
* try_to_take_rt_mutex() sets the waiter bit unconditionally. We might
|
||||
* have to fix that up.
|
||||
@@ -1783,3 +1782,42 @@ int rt_mutex_finish_proxy_lock(struct rt
|
||||
|
||||
return ret;
|
||||
}
|
||||
+
|
||||
+/**
|
||||
+ * rt_mutex_cleanup_proxy_lock() - Cleanup failed lock acquisition
|
||||
+ * @lock: the rt_mutex we were woken on
|
||||
+ * @waiter: the pre-initialized rt_mutex_waiter
|
||||
+ *
|
||||
+ * Attempt to clean up after a failed rt_mutex_wait_proxy_lock().
|
||||
+ *
|
||||
+ * Unless we acquired the lock; we're still enqueued on the wait-list and can
|
||||
+ * in fact still be granted ownership until we're removed. Therefore we can
|
||||
+ * find we are in fact the owner and must disregard the
|
||||
+ * rt_mutex_wait_proxy_lock() failure.
|
||||
+ *
|
||||
+ * Returns:
|
||||
+ * true - did the cleanup, we done.
|
||||
+ * false - we acquired the lock after rt_mutex_wait_proxy_lock() returned,
|
||||
+ * caller should disregards its return value.
|
||||
+ *
|
||||
+ * Special API call for PI-futex support
|
||||
+ */
|
||||
+bool rt_mutex_cleanup_proxy_lock(struct rt_mutex *lock,
|
||||
+ struct rt_mutex_waiter *waiter)
|
||||
+{
|
||||
+ bool cleanup = false;
|
||||
+
|
||||
+ raw_spin_lock_irq(&lock->wait_lock);
|
||||
+ /*
|
||||
+ * Unless we're the owner; we're still enqueued on the wait_list.
|
||||
+ * So check if we became owner, if not, take us off the wait_list.
|
||||
+ */
|
||||
+ if (rt_mutex_owner(lock) != current) {
|
||||
+ remove_waiter(lock, waiter);
|
||||
+ fixup_rt_mutex_waiters(lock);
|
||||
+ cleanup = true;
|
||||
+ }
|
||||
+ raw_spin_unlock_irq(&lock->wait_lock);
|
||||
+
|
||||
+ return cleanup;
|
||||
+}
|
||||
--- a/kernel/locking/rtmutex_common.h
|
||||
+++ b/kernel/locking/rtmutex_common.h
|
||||
@@ -107,9 +107,11 @@ extern void rt_mutex_init_waiter(struct
|
||||
extern int rt_mutex_start_proxy_lock(struct rt_mutex *lock,
|
||||
struct rt_mutex_waiter *waiter,
|
||||
struct task_struct *task);
|
||||
-extern int rt_mutex_finish_proxy_lock(struct rt_mutex *lock,
|
||||
- struct hrtimer_sleeper *to,
|
||||
- struct rt_mutex_waiter *waiter);
|
||||
+extern int rt_mutex_wait_proxy_lock(struct rt_mutex *lock,
|
||||
+ struct hrtimer_sleeper *to,
|
||||
+ struct rt_mutex_waiter *waiter);
|
||||
+extern bool rt_mutex_cleanup_proxy_lock(struct rt_mutex *lock,
|
||||
+ struct rt_mutex_waiter *waiter);
|
||||
|
||||
extern int rt_mutex_timed_futex_lock(struct rt_mutex *l, struct hrtimer_sleeper *to);
|
||||
extern int rt_mutex_futex_trylock(struct rt_mutex *l);
|
267
debian/patches/features/all/rt/0011-futex-Rework-futex_lock_pi-to-use-rt_mutex_-_proxy_l.patch
vendored
Normal file
267
debian/patches/features/all/rt/0011-futex-Rework-futex_lock_pi-to-use-rt_mutex_-_proxy_l.patch
vendored
Normal file
|
@ -0,0 +1,267 @@
|
|||
From: Peter Zijlstra <peterz@infradead.org>
|
||||
Date: Wed, 22 Mar 2017 11:35:58 +0100
|
||||
Subject: [PATCH] futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock()
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Upstream commit cfafcd117da0216520568c195cb2f6cd1980c4bb
|
||||
|
||||
By changing futex_lock_pi() to use rt_mutex_*_proxy_lock() all wait_list
|
||||
modifications are done under both hb->lock and wait_lock.
|
||||
|
||||
This closes the obvious interleave pattern between futex_lock_pi() and
|
||||
futex_unlock_pi(), but not entirely so. See below:
|
||||
|
||||
Before:
|
||||
|
||||
futex_lock_pi() futex_unlock_pi()
|
||||
unlock hb->lock
|
||||
|
||||
lock hb->lock
|
||||
unlock hb->lock
|
||||
|
||||
lock rt_mutex->wait_lock
|
||||
unlock rt_mutex_wait_lock
|
||||
-EAGAIN
|
||||
|
||||
lock rt_mutex->wait_lock
|
||||
list_add
|
||||
unlock rt_mutex->wait_lock
|
||||
|
||||
schedule()
|
||||
|
||||
lock rt_mutex->wait_lock
|
||||
list_del
|
||||
unlock rt_mutex->wait_lock
|
||||
|
||||
<idem>
|
||||
-EAGAIN
|
||||
|
||||
lock hb->lock
|
||||
|
||||
|
||||
After:
|
||||
|
||||
futex_lock_pi() futex_unlock_pi()
|
||||
|
||||
lock hb->lock
|
||||
lock rt_mutex->wait_lock
|
||||
list_add
|
||||
unlock rt_mutex->wait_lock
|
||||
unlock hb->lock
|
||||
|
||||
schedule()
|
||||
lock hb->lock
|
||||
unlock hb->lock
|
||||
lock hb->lock
|
||||
lock rt_mutex->wait_lock
|
||||
list_del
|
||||
unlock rt_mutex->wait_lock
|
||||
|
||||
lock rt_mutex->wait_lock
|
||||
unlock rt_mutex_wait_lock
|
||||
-EAGAIN
|
||||
|
||||
unlock hb->lock
|
||||
|
||||
|
||||
It does however solve the earlier starvation/live-lock scenario which got
|
||||
introduced with the -EAGAIN since unlike the before scenario; where the
|
||||
-EAGAIN happens while futex_unlock_pi() doesn't hold any locks; in the
|
||||
after scenario it happens while futex_unlock_pi() actually holds a lock,
|
||||
and then it is serialized on that lock.
|
||||
|
||||
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
|
||||
Cc: juri.lelli@arm.com
|
||||
Cc: bigeasy@linutronix.de
|
||||
Cc: xlpang@redhat.com
|
||||
Cc: rostedt@goodmis.org
|
||||
Cc: mathieu.desnoyers@efficios.com
|
||||
Cc: jdesfossez@efficios.com
|
||||
Cc: dvhart@infradead.org
|
||||
Cc: bristot@redhat.com
|
||||
Link: http://lkml.kernel.org/r/20170322104152.062785528@infradead.org
|
||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
---
|
||||
kernel/futex.c | 77 ++++++++++++++++++++++++++++------------
|
||||
kernel/locking/rtmutex.c | 26 +++----------
|
||||
kernel/locking/rtmutex_common.h | 1
|
||||
3 files changed, 62 insertions(+), 42 deletions(-)
|
||||
|
||||
--- a/kernel/futex.c
|
||||
+++ b/kernel/futex.c
|
||||
@@ -2097,20 +2097,7 @@ queue_unlock(struct futex_hash_bucket *h
|
||||
hb_waiters_dec(hb);
|
||||
}
|
||||
|
||||
-/**
|
||||
- * queue_me() - Enqueue the futex_q on the futex_hash_bucket
|
||||
- * @q: The futex_q to enqueue
|
||||
- * @hb: The destination hash bucket
|
||||
- *
|
||||
- * The hb->lock must be held by the caller, and is released here. A call to
|
||||
- * queue_me() is typically paired with exactly one call to unqueue_me(). The
|
||||
- * exceptions involve the PI related operations, which may use unqueue_me_pi()
|
||||
- * or nothing if the unqueue is done as part of the wake process and the unqueue
|
||||
- * state is implicit in the state of woken task (see futex_wait_requeue_pi() for
|
||||
- * an example).
|
||||
- */
|
||||
-static inline void queue_me(struct futex_q *q, struct futex_hash_bucket *hb)
|
||||
- __releases(&hb->lock)
|
||||
+static inline void __queue_me(struct futex_q *q, struct futex_hash_bucket *hb)
|
||||
{
|
||||
int prio;
|
||||
|
||||
@@ -2127,6 +2114,24 @@ static inline void queue_me(struct futex
|
||||
plist_node_init(&q->list, prio);
|
||||
plist_add(&q->list, &hb->chain);
|
||||
q->task = current;
|
||||
+}
|
||||
+
|
||||
+/**
|
||||
+ * queue_me() - Enqueue the futex_q on the futex_hash_bucket
|
||||
+ * @q: The futex_q to enqueue
|
||||
+ * @hb: The destination hash bucket
|
||||
+ *
|
||||
+ * The hb->lock must be held by the caller, and is released here. A call to
|
||||
+ * queue_me() is typically paired with exactly one call to unqueue_me(). The
|
||||
+ * exceptions involve the PI related operations, which may use unqueue_me_pi()
|
||||
+ * or nothing if the unqueue is done as part of the wake process and the unqueue
|
||||
+ * state is implicit in the state of woken task (see futex_wait_requeue_pi() for
|
||||
+ * an example).
|
||||
+ */
|
||||
+static inline void queue_me(struct futex_q *q, struct futex_hash_bucket *hb)
|
||||
+ __releases(&hb->lock)
|
||||
+{
|
||||
+ __queue_me(q, hb);
|
||||
spin_unlock(&hb->lock);
|
||||
}
|
||||
|
||||
@@ -2585,6 +2590,7 @@ static int futex_lock_pi(u32 __user *uad
|
||||
{
|
||||
struct hrtimer_sleeper timeout, *to = NULL;
|
||||
struct futex_pi_state *pi_state = NULL;
|
||||
+ struct rt_mutex_waiter rt_waiter;
|
||||
struct futex_hash_bucket *hb;
|
||||
struct futex_q q = futex_q_init;
|
||||
int res, ret;
|
||||
@@ -2637,25 +2643,52 @@ static int futex_lock_pi(u32 __user *uad
|
||||
}
|
||||
}
|
||||
|
||||
+ WARN_ON(!q.pi_state);
|
||||
+
|
||||
/*
|
||||
* Only actually queue now that the atomic ops are done:
|
||||
*/
|
||||
- queue_me(&q, hb);
|
||||
+ __queue_me(&q, hb);
|
||||
|
||||
- WARN_ON(!q.pi_state);
|
||||
- /*
|
||||
- * Block on the PI mutex:
|
||||
- */
|
||||
- if (!trylock) {
|
||||
- ret = rt_mutex_timed_futex_lock(&q.pi_state->pi_mutex, to);
|
||||
- } else {
|
||||
+ if (trylock) {
|
||||
ret = rt_mutex_futex_trylock(&q.pi_state->pi_mutex);
|
||||
/* Fixup the trylock return value: */
|
||||
ret = ret ? 0 : -EWOULDBLOCK;
|
||||
+ goto no_block;
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * We must add ourselves to the rt_mutex waitlist while holding hb->lock
|
||||
+ * such that the hb and rt_mutex wait lists match.
|
||||
+ */
|
||||
+ rt_mutex_init_waiter(&rt_waiter);
|
||||
+ ret = rt_mutex_start_proxy_lock(&q.pi_state->pi_mutex, &rt_waiter, current);
|
||||
+ if (ret) {
|
||||
+ if (ret == 1)
|
||||
+ ret = 0;
|
||||
+
|
||||
+ goto no_block;
|
||||
+ }
|
||||
+
|
||||
+ spin_unlock(q.lock_ptr);
|
||||
+
|
||||
+ if (unlikely(to))
|
||||
+ hrtimer_start_expires(&to->timer, HRTIMER_MODE_ABS);
|
||||
+
|
||||
+ ret = rt_mutex_wait_proxy_lock(&q.pi_state->pi_mutex, to, &rt_waiter);
|
||||
+
|
||||
spin_lock(q.lock_ptr);
|
||||
/*
|
||||
+ * If we failed to acquire the lock (signal/timeout), we must
|
||||
+ * first acquire the hb->lock before removing the lock from the
|
||||
+ * rt_mutex waitqueue, such that we can keep the hb and rt_mutex
|
||||
+ * wait lists consistent.
|
||||
+ */
|
||||
+ if (ret && !rt_mutex_cleanup_proxy_lock(&q.pi_state->pi_mutex, &rt_waiter))
|
||||
+ ret = 0;
|
||||
+
|
||||
+no_block:
|
||||
+ /*
|
||||
* Fixup the pi_state owner and possibly acquire the lock if we
|
||||
* haven't already.
|
||||
*/
|
||||
--- a/kernel/locking/rtmutex.c
|
||||
+++ b/kernel/locking/rtmutex.c
|
||||
@@ -1491,19 +1491,6 @@ int __sched rt_mutex_lock_interruptible(
|
||||
EXPORT_SYMBOL_GPL(rt_mutex_lock_interruptible);
|
||||
|
||||
/*
|
||||
- * Futex variant with full deadlock detection.
|
||||
- * Futex variants must not use the fast-path, see __rt_mutex_futex_unlock().
|
||||
- */
|
||||
-int __sched rt_mutex_timed_futex_lock(struct rt_mutex *lock,
|
||||
- struct hrtimer_sleeper *timeout)
|
||||
-{
|
||||
- might_sleep();
|
||||
-
|
||||
- return rt_mutex_slowlock(lock, TASK_INTERRUPTIBLE,
|
||||
- timeout, RT_MUTEX_FULL_CHAINWALK);
|
||||
-}
|
||||
-
|
||||
-/*
|
||||
* Futex variant, must not use fastpath.
|
||||
*/
|
||||
int __sched rt_mutex_futex_trylock(struct rt_mutex *lock)
|
||||
@@ -1772,12 +1759,6 @@ int rt_mutex_wait_proxy_lock(struct rt_m
|
||||
/* sleep on the mutex */
|
||||
ret = __rt_mutex_slowlock(lock, TASK_INTERRUPTIBLE, to, waiter);
|
||||
|
||||
- /*
|
||||
- * try_to_take_rt_mutex() sets the waiter bit unconditionally. We might
|
||||
- * have to fix that up.
|
||||
- */
|
||||
- fixup_rt_mutex_waiters(lock);
|
||||
-
|
||||
raw_spin_unlock_irq(&lock->wait_lock);
|
||||
|
||||
return ret;
|
||||
@@ -1817,6 +1798,13 @@ bool rt_mutex_cleanup_proxy_lock(struct
|
||||
fixup_rt_mutex_waiters(lock);
|
||||
cleanup = true;
|
||||
}
|
||||
+
|
||||
+ /*
|
||||
+ * try_to_take_rt_mutex() sets the waiter bit unconditionally. We might
|
||||
+ * have to fix that up.
|
||||
+ */
|
||||
+ fixup_rt_mutex_waiters(lock);
|
||||
+
|
||||
raw_spin_unlock_irq(&lock->wait_lock);
|
||||
|
||||
return cleanup;
|
||||
--- a/kernel/locking/rtmutex_common.h
|
||||
+++ b/kernel/locking/rtmutex_common.h
|
||||
@@ -113,7 +113,6 @@ extern int rt_mutex_wait_proxy_lock(stru
|
||||
extern bool rt_mutex_cleanup_proxy_lock(struct rt_mutex *lock,
|
||||
struct rt_mutex_waiter *waiter);
|
||||
|
||||
-extern int rt_mutex_timed_futex_lock(struct rt_mutex *l, struct hrtimer_sleeper *to);
|
||||
extern int rt_mutex_futex_trylock(struct rt_mutex *l);
|
||||
|
||||
extern void rt_mutex_futex_unlock(struct rt_mutex *lock);
|
|
@ -0,0 +1,81 @@
|
|||
From: Peter Zijlstra <peterz@infradead.org>
|
||||
Date: Wed, 22 Mar 2017 11:35:59 +0100
|
||||
Subject: [PATCH] futex: Futex_unlock_pi() determinism
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Upstream commit bebe5b514345f09be2c15e414d076b02ecb9cce8
|
||||
|
||||
The problem with returning -EAGAIN when the waiter state mismatches is that
|
||||
it becomes very hard to proof a bounded execution time on the
|
||||
operation. And seeing that this is a RT operation, this is somewhat
|
||||
important.
|
||||
|
||||
While in practise; given the previous patch; it will be very unlikely to
|
||||
ever really take more than one or two rounds, proving so becomes rather
|
||||
hard.
|
||||
|
||||
However, now that modifying wait_list is done while holding both hb->lock
|
||||
and wait_lock, the scenario can be avoided entirely by acquiring wait_lock
|
||||
while still holding hb-lock. Doing a hand-over, without leaving a hole.
|
||||
|
||||
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
|
||||
Cc: juri.lelli@arm.com
|
||||
Cc: bigeasy@linutronix.de
|
||||
Cc: xlpang@redhat.com
|
||||
Cc: rostedt@goodmis.org
|
||||
Cc: mathieu.desnoyers@efficios.com
|
||||
Cc: jdesfossez@efficios.com
|
||||
Cc: dvhart@infradead.org
|
||||
Cc: bristot@redhat.com
|
||||
Link: http://lkml.kernel.org/r/20170322104152.112378812@infradead.org
|
||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
---
|
||||
kernel/futex.c | 24 +++++++++++-------------
|
||||
1 file changed, 11 insertions(+), 13 deletions(-)
|
||||
|
||||
--- a/kernel/futex.c
|
||||
+++ b/kernel/futex.c
|
||||
@@ -1396,15 +1396,10 @@ static int wake_futex_pi(u32 __user *uad
|
||||
WAKE_Q(wake_q);
|
||||
int ret = 0;
|
||||
|
||||
- raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
new_owner = rt_mutex_next_owner(&pi_state->pi_mutex);
|
||||
- if (!new_owner) {
|
||||
+ if (WARN_ON_ONCE(!new_owner)) {
|
||||
/*
|
||||
- * Since we held neither hb->lock nor wait_lock when coming
|
||||
- * into this function, we could have raced with futex_lock_pi()
|
||||
- * such that we might observe @this futex_q waiter, but the
|
||||
- * rt_mutex's wait_list can be empty (either still, or again,
|
||||
- * depending on which side we land).
|
||||
+ * As per the comment in futex_unlock_pi() this should not happen.
|
||||
*
|
||||
* When this happens, give up our locks and try again, giving
|
||||
* the futex_lock_pi() instance time to complete, either by
|
||||
@@ -2792,15 +2787,18 @@ static int futex_unlock_pi(u32 __user *u
|
||||
if (pi_state->owner != current)
|
||||
goto out_unlock;
|
||||
|
||||
+ get_pi_state(pi_state);
|
||||
/*
|
||||
- * Grab a reference on the pi_state and drop hb->lock.
|
||||
+ * Since modifying the wait_list is done while holding both
|
||||
+ * hb->lock and wait_lock, holding either is sufficient to
|
||||
+ * observe it.
|
||||
*
|
||||
- * The reference ensures pi_state lives, dropping the hb->lock
|
||||
- * is tricky.. wake_futex_pi() will take rt_mutex::wait_lock to
|
||||
- * close the races against futex_lock_pi(), but in case of
|
||||
- * _any_ fail we'll abort and retry the whole deal.
|
||||
+ * By taking wait_lock while still holding hb->lock, we ensure
|
||||
+ * there is no point where we hold neither; and therefore
|
||||
+ * wake_futex_pi() must observe a state consistent with what we
|
||||
+ * observed.
|
||||
*/
|
||||
- get_pi_state(pi_state);
|
||||
+ raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
|
||||
spin_unlock(&hb->lock);
|
||||
|
||||
ret = wake_futex_pi(uaddr, uval, pi_state);
|
204
debian/patches/features/all/rt/0013-futex-Drop-hb-lock-before-enqueueing-on-the-rtmutex.patch
vendored
Normal file
204
debian/patches/features/all/rt/0013-futex-Drop-hb-lock-before-enqueueing-on-the-rtmutex.patch
vendored
Normal file
|
@ -0,0 +1,204 @@
|
|||
From: Peter Zijlstra <peterz@infradead.org>
|
||||
Date: Wed, 22 Mar 2017 11:36:00 +0100
|
||||
Subject: [PATCH] futex: Drop hb->lock before enqueueing on the rtmutex
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Upstream commit 56222b212e8edb1cf51f5dd73ff645809b082b40
|
||||
|
||||
When PREEMPT_RT_FULL does the spinlock -> rt_mutex substitution the PI
|
||||
chain code will (falsely) report a deadlock and BUG.
|
||||
|
||||
The problem is that it hold hb->lock (now an rt_mutex) while doing
|
||||
task_blocks_on_rt_mutex on the futex's pi_state::rtmutex. This, when
|
||||
interleaved just right with futex_unlock_pi() leads it to believe to see an
|
||||
AB-BA deadlock.
|
||||
|
||||
Task1 (holds rt_mutex, Task2 (does FUTEX_LOCK_PI)
|
||||
does FUTEX_UNLOCK_PI)
|
||||
|
||||
lock hb->lock
|
||||
lock rt_mutex (as per start_proxy)
|
||||
lock hb->lock
|
||||
|
||||
Which is a trivial AB-BA.
|
||||
|
||||
It is not an actual deadlock, because it won't be holding hb->lock by the
|
||||
time it actually blocks on the rt_mutex, but the chainwalk code doesn't
|
||||
know that and it would be a nightmare to handle this gracefully.
|
||||
|
||||
To avoid this problem, do the same as in futex_unlock_pi() and drop
|
||||
hb->lock after acquiring wait_lock. This still fully serializes against
|
||||
futex_unlock_pi(), since adding to the wait_list does the very same lock
|
||||
dance, and removing it holds both locks.
|
||||
|
||||
Aside of solving the RT problem this makes the lock and unlock mechanism
|
||||
symetric and reduces the hb->lock held time.
|
||||
|
||||
Reported-and-tested-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
Suggested-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
|
||||
Cc: juri.lelli@arm.com
|
||||
Cc: xlpang@redhat.com
|
||||
Cc: rostedt@goodmis.org
|
||||
Cc: mathieu.desnoyers@efficios.com
|
||||
Cc: jdesfossez@efficios.com
|
||||
Cc: dvhart@infradead.org
|
||||
Cc: bristot@redhat.com
|
||||
Link: http://lkml.kernel.org/r/20170322104152.161341537@infradead.org
|
||||
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||||
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
---
|
||||
kernel/futex.c | 30 +++++++++++++++++-------
|
||||
kernel/locking/rtmutex.c | 49 ++++++++++++++++++++++------------------
|
||||
kernel/locking/rtmutex_common.h | 3 ++
|
||||
3 files changed, 52 insertions(+), 30 deletions(-)
|
||||
|
||||
--- a/kernel/futex.c
|
||||
+++ b/kernel/futex.c
|
||||
@@ -2652,20 +2652,33 @@ static int futex_lock_pi(u32 __user *uad
|
||||
goto no_block;
|
||||
}
|
||||
|
||||
+ rt_mutex_init_waiter(&rt_waiter);
|
||||
+
|
||||
/*
|
||||
- * We must add ourselves to the rt_mutex waitlist while holding hb->lock
|
||||
- * such that the hb and rt_mutex wait lists match.
|
||||
+ * On PREEMPT_RT_FULL, when hb->lock becomes an rt_mutex, we must not
|
||||
+ * hold it while doing rt_mutex_start_proxy(), because then it will
|
||||
+ * include hb->lock in the blocking chain, even through we'll not in
|
||||
+ * fact hold it while blocking. This will lead it to report -EDEADLK
|
||||
+ * and BUG when futex_unlock_pi() interleaves with this.
|
||||
+ *
|
||||
+ * Therefore acquire wait_lock while holding hb->lock, but drop the
|
||||
+ * latter before calling rt_mutex_start_proxy_lock(). This still fully
|
||||
+ * serializes against futex_unlock_pi() as that does the exact same
|
||||
+ * lock handoff sequence.
|
||||
*/
|
||||
- rt_mutex_init_waiter(&rt_waiter);
|
||||
- ret = rt_mutex_start_proxy_lock(&q.pi_state->pi_mutex, &rt_waiter, current);
|
||||
+ raw_spin_lock_irq(&q.pi_state->pi_mutex.wait_lock);
|
||||
+ spin_unlock(q.lock_ptr);
|
||||
+ ret = __rt_mutex_start_proxy_lock(&q.pi_state->pi_mutex, &rt_waiter, current);
|
||||
+ raw_spin_unlock_irq(&q.pi_state->pi_mutex.wait_lock);
|
||||
+
|
||||
if (ret) {
|
||||
if (ret == 1)
|
||||
ret = 0;
|
||||
|
||||
+ spin_lock(q.lock_ptr);
|
||||
goto no_block;
|
||||
}
|
||||
|
||||
- spin_unlock(q.lock_ptr);
|
||||
|
||||
if (unlikely(to))
|
||||
hrtimer_start_expires(&to->timer, HRTIMER_MODE_ABS);
|
||||
@@ -2678,6 +2691,9 @@ static int futex_lock_pi(u32 __user *uad
|
||||
* first acquire the hb->lock before removing the lock from the
|
||||
* rt_mutex waitqueue, such that we can keep the hb and rt_mutex
|
||||
* wait lists consistent.
|
||||
+ *
|
||||
+ * In particular; it is important that futex_unlock_pi() can not
|
||||
+ * observe this inconsistency.
|
||||
*/
|
||||
if (ret && !rt_mutex_cleanup_proxy_lock(&q.pi_state->pi_mutex, &rt_waiter))
|
||||
ret = 0;
|
||||
@@ -2789,10 +2805,6 @@ static int futex_unlock_pi(u32 __user *u
|
||||
|
||||
get_pi_state(pi_state);
|
||||
/*
|
||||
- * Since modifying the wait_list is done while holding both
|
||||
- * hb->lock and wait_lock, holding either is sufficient to
|
||||
- * observe it.
|
||||
- *
|
||||
* By taking wait_lock while still holding hb->lock, we ensure
|
||||
* there is no point where we hold neither; and therefore
|
||||
* wake_futex_pi() must observe a state consistent with what we
|
||||
--- a/kernel/locking/rtmutex.c
|
||||
+++ b/kernel/locking/rtmutex.c
|
||||
@@ -1659,31 +1659,14 @@ void rt_mutex_proxy_unlock(struct rt_mut
|
||||
rt_mutex_set_owner(lock, NULL);
|
||||
}
|
||||
|
||||
-/**
|
||||
- * rt_mutex_start_proxy_lock() - Start lock acquisition for another task
|
||||
- * @lock: the rt_mutex to take
|
||||
- * @waiter: the pre-initialized rt_mutex_waiter
|
||||
- * @task: the task to prepare
|
||||
- *
|
||||
- * Returns:
|
||||
- * 0 - task blocked on lock
|
||||
- * 1 - acquired the lock for task, caller should wake it up
|
||||
- * <0 - error
|
||||
- *
|
||||
- * Special API call for FUTEX_REQUEUE_PI support.
|
||||
- */
|
||||
-int rt_mutex_start_proxy_lock(struct rt_mutex *lock,
|
||||
+int __rt_mutex_start_proxy_lock(struct rt_mutex *lock,
|
||||
struct rt_mutex_waiter *waiter,
|
||||
struct task_struct *task)
|
||||
{
|
||||
int ret;
|
||||
|
||||
- raw_spin_lock_irq(&lock->wait_lock);
|
||||
-
|
||||
- if (try_to_take_rt_mutex(lock, task, NULL)) {
|
||||
- raw_spin_unlock_irq(&lock->wait_lock);
|
||||
+ if (try_to_take_rt_mutex(lock, task, NULL))
|
||||
return 1;
|
||||
- }
|
||||
|
||||
/* We enforce deadlock detection for futexes */
|
||||
ret = task_blocks_on_rt_mutex(lock, waiter, task,
|
||||
@@ -1702,12 +1685,36 @@ int rt_mutex_start_proxy_lock(struct rt_
|
||||
if (unlikely(ret))
|
||||
remove_waiter(lock, waiter);
|
||||
|
||||
- raw_spin_unlock_irq(&lock->wait_lock);
|
||||
-
|
||||
debug_rt_mutex_print_deadlock(waiter);
|
||||
|
||||
return ret;
|
||||
}
|
||||
+
|
||||
+/**
|
||||
+ * rt_mutex_start_proxy_lock() - Start lock acquisition for another task
|
||||
+ * @lock: the rt_mutex to take
|
||||
+ * @waiter: the pre-initialized rt_mutex_waiter
|
||||
+ * @task: the task to prepare
|
||||
+ *
|
||||
+ * Returns:
|
||||
+ * 0 - task blocked on lock
|
||||
+ * 1 - acquired the lock for task, caller should wake it up
|
||||
+ * <0 - error
|
||||
+ *
|
||||
+ * Special API call for FUTEX_REQUEUE_PI support.
|
||||
+ */
|
||||
+int rt_mutex_start_proxy_lock(struct rt_mutex *lock,
|
||||
+ struct rt_mutex_waiter *waiter,
|
||||
+ struct task_struct *task)
|
||||
+{
|
||||
+ int ret;
|
||||
+
|
||||
+ raw_spin_lock_irq(&lock->wait_lock);
|
||||
+ ret = __rt_mutex_start_proxy_lock(lock, waiter, task);
|
||||
+ raw_spin_unlock_irq(&lock->wait_lock);
|
||||
+
|
||||
+ return ret;
|
||||
+}
|
||||
|
||||
/**
|
||||
* rt_mutex_next_owner - return the next owner of the lock
|
||||
--- a/kernel/locking/rtmutex_common.h
|
||||
+++ b/kernel/locking/rtmutex_common.h
|
||||
@@ -104,6 +104,9 @@ extern void rt_mutex_init_proxy_locked(s
|
||||
extern void rt_mutex_proxy_unlock(struct rt_mutex *lock,
|
||||
struct task_struct *proxy_owner);
|
||||
extern void rt_mutex_init_waiter(struct rt_mutex_waiter *waiter);
|
||||
+extern int __rt_mutex_start_proxy_lock(struct rt_mutex *lock,
|
||||
+ struct rt_mutex_waiter *waiter,
|
||||
+ struct task_struct *task);
|
||||
extern int rt_mutex_start_proxy_lock(struct rt_mutex *lock,
|
||||
struct rt_mutex_waiter *waiter,
|
||||
struct task_struct *task);
|
|
@ -1,7 +1,7 @@
|
|||
From: "Yadi.hu" <yadi.hu@windriver.com>
|
||||
Date: Wed, 10 Dec 2014 10:32:09 +0800
|
||||
Subject: ARM: enable irq in translation/section permission fault handlers
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Probably happens on all ARM, with
|
||||
CONFIG_PREEMPT_RT_FULL
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
Date: Thu, 21 Mar 2013 19:01:05 +0100
|
||||
Subject: printk: Drop the logbuf_lock more often
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
The lock is hold with irgs off. The latency drops 500us+ on my arm bugs
|
||||
with a "full" buffer after executing "dmesg" on the shell.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Josh Cartwright <joshc@ni.com>
|
||||
Date: Thu, 11 Feb 2016 11:54:01 -0600
|
||||
Subject: KVM: arm/arm64: downgrade preempt_disable()d region to migrate_disable()
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
kvm_arch_vcpu_ioctl_run() disables the use of preemption when updating
|
||||
the vgic and timer states to prevent the calling task from migrating to
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Marcelo Tosatti <mtosatti@redhat.com>
|
||||
Date: Wed, 8 Apr 2015 20:33:25 -0300
|
||||
Subject: KVM: lapic: mark LAPIC timer handler as irqsafe
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Since lapic timer handler only wakes up a simple waitqueue,
|
||||
it can be executed from hardirq context.
|
||||
|
|
|
@ -5,7 +5,7 @@ Cc: Anna Schumaker <anna.schumaker@netapp.com>,
|
|||
linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org,
|
||||
tglx@linutronix.de
|
||||
Subject: NFSv4: replace seqcount_t with a seqlock_t
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
The raw_write_seqcount_begin() in nfs4_reclaim_open_state() bugs me
|
||||
because it maps to preempt_disable() in -RT which I can't have at this
|
||||
|
@ -68,7 +68,7 @@ Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
|||
ret = _nfs4_proc_open(opendata);
|
||||
if (ret != 0)
|
||||
@@ -2736,7 +2736,7 @@ static int _nfs4_open_and_get_state(stru
|
||||
ctx->state = state;
|
||||
|
||||
if (d_inode(dentry) == state->inode) {
|
||||
nfs_inode_attach_open_context(ctx);
|
||||
- if (read_seqcount_retry(&sp->so_reclaim_seqcount, seq))
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Steven Rostedt <rostedt@goodmis.org>
|
||||
Date: Wed, 13 Feb 2013 09:26:05 -0500
|
||||
Subject: acpi/rt: Convert acpi_gbl_hardware lock back to a raw_spinlock_t
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
We hit the following bug with 3.6-rt:
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Anders Roxell <anders.roxell@linaro.org>
|
||||
Date: Thu, 14 May 2015 17:52:17 +0200
|
||||
Subject: arch/arm64: Add lazy preempt support
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
arm64 is missing support for PREEMPT_RT. The main feature which is
|
||||
lacking is support for lazy preemption. The arch-specific entry code,
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Benedikt Spranger <b.spranger@linutronix.de>
|
||||
Date: Sat, 6 Mar 2010 17:47:10 +0100
|
||||
Subject: ARM: AT91: PIT: Remove irq handler when clock event is unused
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Setup and remove the interrupt handler in clock event mode selection.
|
||||
This avoids calling the (shared) interrupt handler when the device is
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Thomas Gleixner <tglx@linutronix.de>
|
||||
Date: Sat, 1 May 2010 18:29:35 +0200
|
||||
Subject: ARM: at91: tclib: Default to tclib timer for RT
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
RT is not too happy about the shared timer interrupt in AT91
|
||||
devices. Default to tclib timer for RT.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Frank Rowand <frank.rowand@am.sony.com>
|
||||
Date: Mon, 19 Sep 2011 14:51:14 -0700
|
||||
Subject: arm: Convert arm boot_lock to raw
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
The arm boot_lock is used by the secondary processor startup code. The locking
|
||||
task is the idle thread, which has idle->sched_class == &idle_sched_class.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: arm: Enable highmem for rt
|
||||
From: Thomas Gleixner <tglx@linutronix.de>
|
||||
Date: Wed, 13 Feb 2013 11:03:11 +0100
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
fixup highmem for ARM.
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
Date: Mon, 11 Mar 2013 21:37:27 +0100
|
||||
Subject: arm/highmem: Flush tlb on unmap
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
The tlb should be flushed on unmap and thus make the mapping entry
|
||||
invalid. This is only done in the non-debug case which does not look
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
Date: Thu, 22 Dec 2016 17:28:33 +0100
|
||||
Subject: [PATCH] arm: include definition for cpumask_t
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
This definition gets pulled in by other files. With the (later) split of
|
||||
RCU and spinlock.h it won't compile anymore.
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
From 6e2639b6d72e1ef9e264aa658db3b6171d9ba12f Mon Sep 17 00:00:00 2001
|
||||
From: Yang Shi <yang.shi@linaro.org>
|
||||
Date: Thu, 10 Nov 2016 16:17:55 -0800
|
||||
Subject: [PATCH] arm: kprobe: replace patch_lock to raw lock
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
When running kprobe on -rt kernel, the below bug is caught:
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: arm: Add support for lazy preemption
|
||||
From: Thomas Gleixner <tglx@linutronix.de>
|
||||
Date: Wed, 31 Oct 2012 12:04:11 +0100
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Implement the arm pieces for lazy preempt.
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
Date: Fri, 20 Sep 2013 14:31:54 +0200
|
||||
Subject: arm/unwind: use a raw_spin_lock
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Mostly unwind is done with irqs enabled however SLUB may call it with
|
||||
irqs disabled while creating a new SLUB cache.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: arm64/xen: Make XEN depend on !RT
|
||||
From: Thomas Gleixner <tglx@linutronix.de>
|
||||
Date: Mon, 12 Oct 2015 11:18:40 +0200
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
It's not ready and probably never will be, unless xen folks have a
|
||||
look at it.
|
||||
|
@ -13,7 +13,7 @@ Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|||
|
||||
--- a/arch/arm64/Kconfig
|
||||
+++ b/arch/arm64/Kconfig
|
||||
@@ -694,7 +694,7 @@ config XEN_DOM0
|
||||
@@ -704,7 +704,7 @@ config XEN_DOM0
|
||||
|
||||
config XEN
|
||||
bool "Xen guest support on ARM64"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
Date: Wed, 09 Mar 2016 10:51:06 +0100
|
||||
Subject: arm: at91: do not disable/enable clocks in a row
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Currently the driver will disable the clock and enable it one line later
|
||||
if it is switching from periodic mode into one shot.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Steven Rostedt <srostedt@redhat.com>
|
||||
Date: Fri, 3 Jul 2009 08:44:29 -0500
|
||||
Subject: ata: Do not disable interrupts in ide code for preempt-rt
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Use the local_irq_*_nort variants.
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
Date: Fri, 13 Feb 2015 11:01:26 +0100
|
||||
Subject: block: blk-mq: Use swait
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
| BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:914
|
||||
| in_atomic(): 1, irqs_disabled(): 0, pid: 255, name: kworker/u257:6
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
Date: Thu, 29 Jan 2015 15:10:08 +0100
|
||||
Subject: block/mq: don't complete requests via IPI
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
The IPI runs in hardirq context and there are sleeping locks. This patch
|
||||
moves the completion into a workqueue.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
Date: Tue, 14 Jul 2015 14:26:34 +0200
|
||||
Subject: block/mq: do not invoke preempt_disable()
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
preempt_disable() and get_cpu() don't play well together with the sleeping
|
||||
locks it tries to allocate later.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
Date: Wed, 9 Apr 2014 10:37:23 +0200
|
||||
Subject: block: mq: use cpu_light()
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
there is a might sleep splat because get_cpu() disables preemption and
|
||||
later we grab a lock. As a workaround for this we use get_cpu_light().
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: block: Shorten interrupt disabled regions
|
||||
From: Thomas Gleixner <tglx@linutronix.de>
|
||||
Date: Wed, 22 Jun 2011 19:47:02 +0200
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Moving the blk_sched_flush_plug() call out of the interrupt/preempt
|
||||
disabled region in the scheduler allows us to replace
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: block: Use cpu_chill() for retry loops
|
||||
From: Thomas Gleixner <tglx@linutronix.de>
|
||||
Date: Thu, 20 Dec 2012 18:28:26 +0100
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Retry loops on RT might loop forever when the modifying side was
|
||||
preempted. Steven also observed a live lock when there was a
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Ingo Molnar <mingo@elte.hu>
|
||||
Date: Fri, 3 Jul 2009 08:29:58 -0500
|
||||
Subject: bug: BUG_ON/WARN_ON variants dependend on RT/!RT
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Introduce RT/NON-RT WARN/BUG statements to avoid ifdefs in the code.
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Mike Galbraith <umgwanakikbuti@gmail.com>
|
||||
Date: Sat, 21 Jun 2014 10:09:48 +0200
|
||||
Subject: memcontrol: Prevent scheduling while atomic in cgroup code
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
mm, memcg: make refill_stock() use get_cpu_light()
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
Date: Fri, 13 Feb 2015 15:52:24 +0100
|
||||
Subject: cgroups: use simple wait in css_release()
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
To avoid:
|
||||
|BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:914
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Alexandre Belloni <alexandre.belloni@free-electrons.com>
|
||||
Date: Thu, 17 Mar 2016 21:09:43 +0100
|
||||
Subject: [PATCH] clockevents/drivers/timer-atmel-pit: fix double free_irq
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
clockevents_exchange_device() changes the state from detached to shutdown
|
||||
and so at that point the IRQ has not yet been requested.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Benedikt Spranger <b.spranger@linutronix.de>
|
||||
Date: Mon, 8 Mar 2010 18:57:04 +0100
|
||||
Subject: clocksource: TCLIB: Allow higher clock rates for clock events
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
As default the TCLIB uses the 32KiHz base clock rate for clock events.
|
||||
Add a compile time selection to allow higher clock resulution.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: completion: Use simple wait queues
|
||||
From: Thomas Gleixner <tglx@linutronix.de>
|
||||
Date: Fri, 11 Jan 2013 11:23:51 +0100
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Completions have no long lasting callbacks and therefor do not need
|
||||
the complex waitqueue variant. Use simple waitqueues which reduces the
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: sched: Use the proper LOCK_OFFSET for cond_resched()
|
||||
From: Thomas Gleixner <tglx@linutronix.de>
|
||||
Date: Sun, 17 Jul 2011 22:51:33 +0200
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
RT does not increment preempt count when a 'sleeping' spinlock is
|
||||
locked. Update PREEMPT_LOCK_OFFSET for that case.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: sched: Take RT softirq semantics into account in cond_resched()
|
||||
From: Thomas Gleixner <tglx@linutronix.de>
|
||||
Date: Thu, 14 Jul 2011 09:56:44 +0200
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
The softirq semantics work different on -RT. There is no SOFTIRQ_MASK in
|
||||
the preemption counter which leads to the BUG_ON() statement in
|
||||
|
|
|
@ -2,7 +2,7 @@ From: Mike Galbraith <umgwanakikbuti@gmail.com>
|
|||
Date: Sun, 16 Oct 2016 05:11:54 +0200
|
||||
Subject: [PATCH] connector/cn_proc: Protect send_msg() with a local lock
|
||||
on RT
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
|BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:931
|
||||
|in_atomic(): 1, irqs_disabled(): 0, pid: 31807, name: sleep
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Steven Rostedt <rostedt@goodmis.org>
|
||||
Date: Thu, 5 Dec 2013 09:16:52 -0500
|
||||
Subject: cpu hotplug: Document why PREEMPT_RT uses a spinlock
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
The patch:
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: cpu: Make hotplug.lock a "sleeping" spinlock on RT
|
||||
From: Steven Rostedt <rostedt@goodmis.org>
|
||||
Date: Fri, 02 Mar 2012 10:36:57 -0500
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Tasks can block on hotplug.lock in pin_current_cpu(), but their state
|
||||
might be != RUNNING. So the mutex wakeup will set the state
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Steven Rostedt <srostedt@redhat.com>
|
||||
Date: Mon, 16 Jul 2012 08:07:43 +0000
|
||||
Subject: cpu/rt: Rework cpu down for PREEMPT_RT
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Bringing a CPU down is a pain with the PREEMPT_RT kernel because
|
||||
tasks can be preempted in many more places than in non-RT. In
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Steven Rostedt <rostedt@goodmis.org>
|
||||
Date: Tue, 4 Mar 2014 12:28:32 -0500
|
||||
Subject: cpu_chill: Add a UNINTERRUPTIBLE hrtimer_nanosleep
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
We hit another bug that was caused by switching cpu_chill() from
|
||||
msleep() to hrtimer_nanosleep().
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Tiejun Chen <tiejun.chen@windriver.com>
|
||||
Subject: cpu_down: move migrate_enable() back
|
||||
Date: Thu, 7 Nov 2013 10:06:07 +0800
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Commit 08c1ab68, "hotplug-use-migrate-disable.patch", intends to
|
||||
use migrate_enable()/migrate_disable() to replace that combination
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
Date: Thu, 9 Apr 2015 15:23:01 +0200
|
||||
Subject: cpufreq: drop K8's driver from beeing selected
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Ralf posted a picture of a backtrace from
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: cpumask: Disable CONFIG_CPUMASK_OFFSTACK for RT
|
||||
From: Thomas Gleixner <tglx@linutronix.de>
|
||||
Date: Wed, 14 Dec 2011 01:03:49 +0100
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
There are "valid" GFP_ATOMIC allocations such as
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Mike Galbraith <efault@gmx.de>
|
||||
Date: Sun, 8 Jan 2017 09:32:25 +0100
|
||||
Subject: [PATCH] cpuset: Convert callback_lock to raw_spinlock_t
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
The two commits below add up to a cpuset might_sleep() splat for RT:
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
Date: Fri, 21 Feb 2014 17:24:04 +0100
|
||||
Subject: crypto: Reduce preempt disabled regions, more algos
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Don Estabrook reported
|
||||
| kernel: WARNING: CPU: 2 PID: 858 at kernel/sched/core.c:2428 migrate_disable+0xed/0x100()
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: debugobjects: Make RT aware
|
||||
From: Thomas Gleixner <tglx@linutronix.de>
|
||||
Date: Sun, 17 Jul 2011 21:41:35 +0200
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Avoid filling the pool / allocating memory with irqs off().
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: dm: Make rt aware
|
||||
From: Thomas Gleixner <tglx@linutronix.de>
|
||||
Date: Mon, 14 Nov 2011 23:06:09 +0100
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Use the BUG_ON_NORT variant for the irq_disabled() checks. RT has
|
||||
interrupts legitimately enabled here as we cant deadlock against the
|
||||
|
@ -16,7 +16,7 @@ Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|||
|
||||
--- a/drivers/md/dm-rq.c
|
||||
+++ b/drivers/md/dm-rq.c
|
||||
@@ -838,7 +838,7 @@ static void dm_old_request_fn(struct req
|
||||
@@ -842,7 +842,7 @@ static void dm_old_request_fn(struct req
|
||||
/* Establish tio->ti before queuing work (map_tio_request) */
|
||||
tio->ti = ti;
|
||||
kthread_queue_work(&md->kworker, &tio->work);
|
||||
|
|
|
@ -2,7 +2,7 @@ From: Mike Galbraith <umgwanakikbuti@gmail.com>
|
|||
Date: Thu, 31 Mar 2016 04:08:28 +0200
|
||||
Subject: [PATCH] drivers/block/zram: Replace bit spinlocks with rtmutex
|
||||
for -rt
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
They're nondeterministic, and lead to ___might_sleep() splats in -rt.
|
||||
OTOH, they're a lot less wasteful than an rtmutex per page.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Ingo Molnar <mingo@elte.hu>
|
||||
Date: Fri, 3 Jul 2009 08:29:24 -0500
|
||||
Subject: drivers/net: Use disable_irq_nosync() in 8139too
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Use disable_irq_nosync() instead of disable_irq() as this might be
|
||||
called in atomic context with netpoll.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Steven Rostedt <rostedt@goodmis.org>
|
||||
Date: Fri, 3 Jul 2009 08:30:00 -0500
|
||||
Subject: drivers/net: vortex fix locking issues
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Argh, cut and paste wasn't enough...
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Ingo Molnar <mingo@elte.hu>
|
||||
Date: Fri, 3 Jul 2009 08:29:30 -0500
|
||||
Subject: drivers: random: Reduce preempt disabled region
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
No need to keep preemption disabled across the whole function.
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: tty/serial/omap: Make the locking RT aware
|
||||
From: Thomas Gleixner <tglx@linutronix.de>
|
||||
Date: Thu, 28 Jul 2011 13:32:57 +0200
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
The lock is a sleeping lock and local_irq_save() is not the
|
||||
optimsation we are looking for. Redo it to make it work on -RT and
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: tty/serial/pl011: Make the locking work on RT
|
||||
From: Thomas Gleixner <tglx@linutronix.de>
|
||||
Date: Tue, 08 Jan 2013 21:36:51 +0100
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
The lock is a sleeping lock and local_irq_save() is not the optimsation
|
||||
we are looking for. Redo it to make it work on -RT and non-RT.
|
||||
|
|
|
@ -2,7 +2,7 @@ From: Mike Galbraith <umgwanakikbuti@gmail.com>
|
|||
Date: Thu, 20 Oct 2016 11:15:22 +0200
|
||||
Subject: [PATCH] drivers/zram: Don't disable preemption in
|
||||
zcomp_stream_get/put()
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
In v4.7, the driver switched to percpu compression streams, disabling
|
||||
preemption via get/put_cpu_ptr(). Use a per-zcomp_strm lock here. We
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
Date: Thu, 25 Apr 2013 18:12:52 +0200
|
||||
Subject: drm/i915: drop trace_i915_gem_ring_dispatch on rt
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
This tracepoint is responsible for:
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: drm,i915: Use local_lock/unlock_irq() in intel_pipe_update_start/end()
|
||||
From: Mike Galbraith <umgwanakikbuti@gmail.com>
|
||||
Date: Sat, 27 Feb 2016 09:01:42 +0100
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
|
||||
[ 8.014039] BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:918
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: drm,radeon,i915: Use preempt_disable/enable_rt() where recommended
|
||||
From: Mike Galbraith <umgwanakikbuti@gmail.com>
|
||||
Date: Sat, 27 Feb 2016 08:09:11 +0100
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
DRM folks identified the spots, so use them.
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: fs/epoll: Do not disable preemption on RT
|
||||
From: Thomas Gleixner <tglx@linutronix.de>
|
||||
Date: Fri, 08 Jul 2011 16:35:35 +0200
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
ep_call_nested() takes a sleeping lock so we can't disable preemption.
|
||||
The light version is enough since ep_call_nested() doesn't mind beeing
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
Date: Mon, 16 Feb 2015 18:49:10 +0100
|
||||
Subject: fs/aio: simple simple work
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
|BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:768
|
||||
|in_atomic(): 1, irqs_disabled(): 0, pid: 26, name: rcuos/2
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Subject: block: Turn off warning which is bogus on RT
|
||||
From: Thomas Gleixner <tglx@linutronix.de>
|
||||
Date: Tue, 14 Jun 2011 17:05:09 +0200
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
On -RT the context is always with IRQs enabled. Ignore this warning on -RT.
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
|
||||
Date: Wed, 14 Sep 2016 11:55:23 +0200
|
||||
Subject: fs/dcache: include wait.h
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.9-rt6.tar.xz
|
||||
Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.9/older/patches-4.9.18-rt14.tar.xz
|
||||
|
||||
Since commit d9171b934526 ("parallel lookups machinery, part 4 (and
|
||||
last)") dcache.h is using but does not include wait.h. It works as long
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue