10 files changed, 109 insertions, 57 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index e8692a5748c2..e092f1c0ce30 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -738,7 +738,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                if (!audit_enabled && msg_type != AUDIT_USER_AVC)
                        return 0;
-                err = audit_filter_user(&NETLINK_CB(skb), msg_type);
+                err = audit_filter_user(&NETLINK_CB(skb));
                if (err == 1) {
                        err = 0;
                        if (msg_type == AUDIT_USER_TTY) {
@@ -779,7 +779,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                }
                /* fallthrough */
        case AUDIT_LIST:
-                err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
+                err = audit_receive_filter(msg_type, NETLINK_CB(skb).pid,
                                           uid, seq, data, nlmsg_len(nlh),
                                           loginuid, sessionid, sid);
                break;
@@ -798,7 +798,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                }
                /* fallthrough */
        case AUDIT_LIST_RULES:
-                err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
+                err = audit_receive_filter(msg_type, NETLINK_CB(skb).pid,
                                           uid, seq, data, nlmsg_len(nlh),
                                           loginuid, sessionid, sid);
                break;
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 0e0bd27e6512..98c50cc671bb 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1544,6 +1544,7 @@ static void audit_log_rule_change(uid_t loginuid, u32 sessionid, u32 sid,
 * @data: payload data
 * @datasz: size of payload data
 * @loginuid: loginuid of sender
+ * @sessionid: sessionid for netlink audit message
 * @sid: SE Linux Security ID of sender
 */
 int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
@@ -1720,7 +1721,7 @@ static int audit_filter_user_rules(struct netlink_skb_parms *cb,
        return 1;
 }
-int audit_filter_user(struct netlink_skb_parms *cb, int type)
+int audit_filter_user(struct netlink_skb_parms *cb)
 {
        enum audit_state state = AUDIT_DISABLED;
        struct audit_entry *e;
diff --git a/kernel/futex.c b/kernel/futex.c
index 449def8074fe..7d1136e97c14 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -1096,21 +1096,64 @@ static void unqueue_me_pi(struct futex_q *q)
 * private futexes.
 */
 static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
-                                struct task_struct *newowner)
+                                struct task_struct *newowner,
+                                struct rw_semaphore *fshared)
 {
        u32 newtid = task_pid_vnr(newowner) | FUTEX_WAITERS;
        struct futex_pi_state *pi_state = q->pi_state;
+        struct task_struct *oldowner = pi_state->owner;
        u32 uval, curval, newval;
-        int ret;
+        int ret, attempt = 0;
        /* Owner died? */
+        if (!pi_state->owner)
+                newtid |= FUTEX_OWNER_DIED;
+        /*
+         * We are here either because we stole the rtmutex from the
+         * pending owner or we are the pending owner which failed to
+         * get the rtmutex. We have to replace the pending owner TID
+         * in the user space variable. This must be atomic as we have
+         * to preserve the owner died bit here.
+         *
+         * Note: We write the user space value _before_ changing the
+         * pi_state because we can fault here. Imagine swapped out
+         * pages or a fork, which was running right before we acquired
+         * mmap_sem, that marked all the anonymous memory readonly for
+         * cow.
+         *
+         * Modifying pi_state _before_ the user space value would
+         * leave the pi_state in an inconsistent state when we fault
+         * here, because we need to drop the hash bucket lock to
+         * handle the fault. This might be observed in the PID check
+         * in lookup_pi_state.
+         */
+retry:
+        if (get_futex_value_locked(&uval, uaddr))
+                goto handle_fault;
+        while (1) {
+                newval = (uval & FUTEX_OWNER_DIED) | newtid;
+                curval = cmpxchg_futex_value_locked(uaddr, uval, newval);
+                if (curval == -EFAULT)
+                        goto handle_fault;
+                if (curval == uval)
+                        break;
+                uval = curval;
+        }
+        /*
+         * We fixed up user space. Now we need to fix the pi_state
+         * itself.
+         */
        if (pi_state->owner != NULL) {
                spin_lock_irq(&pi_state->owner->pi_lock);
                WARN_ON(list_empty(&pi_state->list));
                list_del_init(&pi_state->list);
                spin_unlock_irq(&pi_state->owner->pi_lock);
-        } else
+        }
-                newtid |= FUTEX_OWNER_DIED;
        pi_state->owner = newowner;
@@ -1118,26 +1161,35 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q,
        WARN_ON(!list_empty(&pi_state->list));
        list_add(&pi_state->list, &newowner->pi_state_list);
        spin_unlock_irq(&newowner->pi_lock);
+        return 0;
        /*
-         * We own it, so we have to replace the pending owner
+         * To handle the page fault we need to drop the hash bucket
-         * TID. This must be atomic as we have preserve the
+         * lock here. That gives the other task (either the pending
-         * owner died bit here.
+         * owner itself or the task which stole the rtmutex) the
+         * chance to try the fixup of the pi_state. So once we are
+         * back from handling the fault we need to check the pi_state
+         * after reacquiring the hash bucket lock and before trying to
+         * do another fixup. When the fixup has been done already we
+         * simply return.
         */
-        ret = get_futex_value_locked(&uval, uaddr);
+handle_fault:
+        spin_unlock(q->lock_ptr);
-        while (!ret) {
+        ret = futex_handle_fault((unsigned long)uaddr, fshared, attempt++);
-                newval = (uval & FUTEX_OWNER_DIED) | newtid;
-                curval = cmpxchg_futex_value_locked(uaddr, uval, newval);
+        spin_lock(q->lock_ptr);
-                if (curval == -EFAULT)
+        /*
-                        ret = -EFAULT;
+         * Check if someone else fixed it for us:
-                if (curval == uval)
+         */
-                        break;
+        if (pi_state->owner != oldowner)
-                uval = curval;
+                return 0;
-        }
-        return ret;
+        if (ret)
+                return ret;
+        goto retry;
 }
 /*
@@ -1507,7 +1559,7 @@ static int futex_lock_pi(u32 __user *uaddr, struct rw_semaphore *fshared,
                 * that case:
                 */
                if (q.pi_state->owner != curr)
-                        ret = fixup_pi_state_owner(uaddr, &q, curr);
+                        ret = fixup_pi_state_owner(uaddr, &q, curr, fshared);
        } else {
                /*
                 * Catch the rare case, where the lock was released
@@ -1539,7 +1591,8 @@ static int futex_lock_pi(u32 __user *uaddr, struct rw_semaphore *fshared,
                                int res;
                                owner = rt_mutex_owner(&q.pi_state->pi_mutex);
-                                res = fixup_pi_state_owner(uaddr, &q, owner);
+                                res = fixup_pi_state_owner(uaddr, &q, owner,
+                                                           fshared);
                                /* propagate -EFAULT, if the fixup failed */
                                if (res)
diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
index 421be5fe5cc7..543d9ca9b4f4 100644
--- a/kernel/hrtimer.c
+++ b/kernel/hrtimer.c
@@ -1078,7 +1078,7 @@ ktime_t hrtimer_get_remaining(const struct hrtimer *timer)
 }
 EXPORT_SYMBOL_GPL(hrtimer_get_remaining);
-#if defined(CONFIG_NO_IDLE_HZ) || defined(CONFIG_NO_HZ)
+#ifdef CONFIG_NO_HZ
 /**
 * hrtimer_get_next_event - get the time until next expiry event
 *
diff --git a/kernel/kgdb.c b/kernel/kgdb.c
index 79e3c90113c2..3ec23c3ec97f 100644
--- a/kernel/kgdb.c
+++ b/kernel/kgdb.c
@@ -1499,7 +1499,8 @@ int kgdb_nmicallback(int cpu, void *regs)
        return 1;
 }
-void kgdb_console_write(struct console *co, const char *s, unsigned count)
+static void kgdb_console_write(struct console *co, const char *s,
+   unsigned count)
 {
        unsigned long flags;
diff --git a/kernel/rcuclassic.c b/kernel/rcuclassic.c
index f4ffbd0f306f..a38895a5b8e2 100644
--- a/kernel/rcuclassic.c
+++ b/kernel/rcuclassic.c
@@ -89,8 +89,22 @@ static void force_quiescent_state(struct rcu_data *rdp,
                /*
                 * Don't send IPI to itself. With irqs disabled,
                 * rdp->cpu is the current cpu.
+                 *
+                 * cpu_online_map is updated by the _cpu_down()
+                 * using stop_machine_run(). Since we're in irqs disabled
+                 * section, stop_machine_run() is not exectuting, hence
+                 * the cpu_online_map is stable.
+                 *
+                 * However,  a cpu might have been offlined _just_ before
+                 * we disabled irqs while entering here.
+                 * And rcu subsystem might not yet have handled the CPU_DEAD
+                 * notification, leading to the offlined cpu's bit
+                 * being set in the rcp->cpumask.
+                 *
+                 * Hence cpumask = (rcp->cpumask & cpu_online_map) to prevent
+                 * sending smp_reschedule() to an offlined CPU.
                 */
-                cpumask = rcp->cpumask;
+                cpus_and(cpumask, rcp->cpumask, cpu_online_map);
                cpu_clear(rdp->cpu, cpumask);
                for_each_cpu_mask(cpu, cpumask)
                        smp_send_reschedule(cpu);
diff --git a/kernel/sched.c b/kernel/sched.c
index b048ad8a11af..94ead43eda62 100644
--- a/kernel/sched.c
+++ b/kernel/sched.c
@@ -4398,22 +4398,20 @@ do_wait_for_common(struct completion *x, long timeout, int state)
                             signal_pending(current)) ||
                            (state == TASK_KILLABLE &&
                             fatal_signal_pending(current))) {
-                                __remove_wait_queue(&x->wait, &wait);
+                                timeout = -ERESTARTSYS;
-                                return -ERESTARTSYS;
+                                break;
                        }
                        __set_current_state(state);
                        spin_unlock_irq(&x->wait.lock);
                        timeout = schedule_timeout(timeout);
                        spin_lock_irq(&x->wait.lock);
-                        if (!timeout) {
+                } while (!x->done && timeout);
-                                __remove_wait_queue(&x->wait, &wait);
-                                return timeout;
-                        }
-                } while (!x->done);
                __remove_wait_queue(&x->wait, &wait);
+                if (!x->done)
+                        return timeout;
        }
        x->done--;
-        return timeout;
+        return timeout ?: 1;
 }
 static long __sched
@@ -5889,6 +5887,7 @@ static void migrate_dead_tasks(unsigned int dead_cpu)
                next = pick_next_task(rq, rq->curr);
                if (!next)
                        break;
+                next->sched_class->put_prev_task(rq, next);
                migrate_dead(dead_cpu, next);
        }
@@ -8503,6 +8502,9 @@ int sched_group_set_rt_period(struct task_group *tg, long rt_period_us)
        rt_period = (u64)rt_period_us * NSEC_PER_USEC;
        rt_runtime = tg->rt_bandwidth.rt_runtime;
+        if (rt_period == 0)
+                return -EINVAL;
        return tg_set_bandwidth(tg, rt_period, rt_runtime);
 }
diff --git a/kernel/sched_rt.c b/kernel/sched_rt.c
index 1dad5bbb59b6..0f3c19197fa4 100644
--- a/kernel/sched_rt.c
+++ b/kernel/sched_rt.c
@@ -250,7 +250,8 @@ static int do_sched_rt_period_timer(struct rt_bandwidth *rt_b, int overrun)
                        if (rt_rq->rt_time || rt_rq->rt_nr_running)
                                idle = 0;
                        spin_unlock(&rt_rq->rt_runtime_lock);
-                }
+                } else if (rt_rq->rt_nr_running)
+                        idle = 0;
                if (enqueue)
                        sched_rt_rq_enqueue(rt_rq);
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 29116652dca8..f6d2e57b99a0 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -132,8 +132,6 @@ extern int sysctl_userprocess_debug;
 extern int spin_retry;
 #endif
-extern int sysctl_hz_timer;
 #ifdef CONFIG_BSD_PROCESS_ACCT
 extern int acct_parm[];
 #endif
@@ -563,16 +561,6 @@ static struct ctl_table kern_table[] = {
                .proc_handler   = &proc_dointvec,
        },
 #endif
-#ifdef CONFIG_NO_IDLE_HZ
-        {
-                .ctl_name       = KERN_HZ_TIMER,
-                .procname       = "hz_timer",
-                .data           = &sysctl_hz_timer,
-                .maxlen         = sizeof(int),
-                .mode           = 0644,
-                .proc_handler   = &proc_dointvec,
-        },
-#endif
        {
                .ctl_name       = KERN_S390_USER_DEBUG_LOGGING,
                .procname       = "userprocess_debug",
diff --git a/kernel/timer.c b/kernel/timer.c
index ceacc6626572..ef3fa6906e8f 100644
--- a/kernel/timer.c
+++ b/kernel/timer.c
@@ -812,7 +812,7 @@ static inline void __run_timers(struct tvec_base *base)
        spin_unlock_irq(&base->lock);
 }
-#if defined(CONFIG_NO_IDLE_HZ) || defined(CONFIG_NO_HZ)
+#ifdef CONFIG_NO_HZ
 /*
 * Find out when the next timer event is due to happen. This
 * is used on S/390 to stop all activity when a cpus is idle.
@@ -947,14 +947,6 @@ unsigned long get_next_timer_interrupt(unsigned long now)
        return cmp_next_hrtimer_event(now, expires);
 }
-#ifdef CONFIG_NO_IDLE_HZ
-unsigned long next_timer_interrupt(void)
-{
-        return get_next_timer_interrupt(jiffies);
-}
-#endif
 #endif
 #ifndef CONFIG_VIRT_CPU_ACCOUNTING

diff --git a/kernel/audit.c b/kernel/audit.c index e8692a5748c2..e092f1c0ce30 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -738,7 +738,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
738	if (!audit_enabled && msg_type != AUDIT_USER_AVC)	738	if (!audit_enabled && msg_type != AUDIT_USER_AVC)
739	return 0;	739	return 0;
740		740
741	err = audit_filter_user(&NETLINK_CB(skb), msg_type);	741	err = audit_filter_user(&NETLINK_CB(skb));
742	if (err == 1) {	742	if (err == 1) {
743	err = 0;	743	err = 0;
744	if (msg_type == AUDIT_USER_TTY) {	744	if (msg_type == AUDIT_USER_TTY) {
@@ -779,7 +779,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
779	}	779	}
780	/* fallthrough */	780	/* fallthrough */
781	case AUDIT_LIST:	781	case AUDIT_LIST:
782	err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,	782	err = audit_receive_filter(msg_type, NETLINK_CB(skb).pid,
783	uid, seq, data, nlmsg_len(nlh),	783	uid, seq, data, nlmsg_len(nlh),
784	loginuid, sessionid, sid);	784	loginuid, sessionid, sid);
785	break;	785	break;
@@ -798,7 +798,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
798	}	798	}
799	/* fallthrough */	799	/* fallthrough */
800	case AUDIT_LIST_RULES:	800	case AUDIT_LIST_RULES:
801	err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,	801	err = audit_receive_filter(msg_type, NETLINK_CB(skb).pid,
802	uid, seq, data, nlmsg_len(nlh),	802	uid, seq, data, nlmsg_len(nlh),
803	loginuid, sessionid, sid);	803	loginuid, sessionid, sid);
804	break;	804	break;


diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 0e0bd27e6512..98c50cc671bb 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c
@@ -1544,6 +1544,7 @@ static void audit_log_rule_change(uid_t loginuid, u32 sessionid, u32 sid,
1544	* @data: payload data	1544	* @data: payload data
1545	* @datasz: size of payload data	1545	* @datasz: size of payload data
1546	* @loginuid: loginuid of sender	1546	* @loginuid: loginuid of sender
		1547	* @sessionid: sessionid for netlink audit message
1547	* @sid: SE Linux Security ID of sender	1548	* @sid: SE Linux Security ID of sender
1548	*/	1549	*/
1549	int audit_receive_filter(int type, int pid, int uid, int seq, void *data,	1550	int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
@@ -1720,7 +1721,7 @@ static int audit_filter_user_rules(struct netlink_skb_parms *cb,
1720	return 1;	1721	return 1;
1721	}	1722	}
1722		1723
1723	int audit_filter_user(struct netlink_skb_parms *cb, int type)	1724	int audit_filter_user(struct netlink_skb_parms *cb)
1724	{	1725	{
1725	enum audit_state state = AUDIT_DISABLED;	1726	enum audit_state state = AUDIT_DISABLED;
1726	struct audit_entry *e;	1727	struct audit_entry *e;


diff --git a/kernel/futex.c b/kernel/futex.c index 449def8074fe..7d1136e97c14 100644 --- a/kernel/futex.c +++ b/kernel/futex.c
@@ -1096,21 +1096,64 @@ static void unqueue_me_pi(struct futex_q *q)
1096	* private futexes.	1096	* private futexes.
1097	*/	1097	*/
1098	static int fixup_pi_state_owner(u32 __user uaddr, struct futex_q q,	1098	static int fixup_pi_state_owner(u32 __user uaddr, struct futex_q q,
1099	struct task_struct *newowner)	1099	struct task_struct *newowner,
		1100	struct rw_semaphore *fshared)
1100	{	1101	{
1101	u32 newtid = task_pid_vnr(newowner) \| FUTEX_WAITERS;	1102	u32 newtid = task_pid_vnr(newowner) \| FUTEX_WAITERS;
1102	struct futex_pi_state *pi_state = q->pi_state;	1103	struct futex_pi_state *pi_state = q->pi_state;
		1104	struct task_struct *oldowner = pi_state->owner;
1103	u32 uval, curval, newval;	1105	u32 uval, curval, newval;
1104	int ret;	1106	int ret, attempt = 0;
1105		1107
1106	/* Owner died? */	1108	/* Owner died? */
		1109	if (!pi_state->owner)
		1110	newtid \|= FUTEX_OWNER_DIED;
		1111
		1112	/*
		1113	* We are here either because we stole the rtmutex from the
		1114	* pending owner or we are the pending owner which failed to
		1115	* get the rtmutex. We have to replace the pending owner TID
		1116	* in the user space variable. This must be atomic as we have
		1117	* to preserve the owner died bit here.
		1118	*
		1119	* Note: We write the user space value _before_ changing the
		1120	* pi_state because we can fault here. Imagine swapped out
		1121	* pages or a fork, which was running right before we acquired
		1122	* mmap_sem, that marked all the anonymous memory readonly for
		1123	* cow.
		1124	*
		1125	* Modifying pi_state _before_ the user space value would
		1126	* leave the pi_state in an inconsistent state when we fault
		1127	* here, because we need to drop the hash bucket lock to
		1128	* handle the fault. This might be observed in the PID check
		1129	* in lookup_pi_state.
		1130	*/
		1131	retry:
		1132	if (get_futex_value_locked(&uval, uaddr))
		1133	goto handle_fault;
		1134
		1135	while (1) {
		1136	newval = (uval & FUTEX_OWNER_DIED) \| newtid;
		1137
		1138	curval = cmpxchg_futex_value_locked(uaddr, uval, newval);
		1139
		1140	if (curval == -EFAULT)
		1141	goto handle_fault;
		1142	if (curval == uval)
		1143	break;
		1144	uval = curval;
		1145	}
		1146
		1147	/*
		1148	* We fixed up user space. Now we need to fix the pi_state
		1149	* itself.
		1150	*/
1107	if (pi_state->owner != NULL) {	1151	if (pi_state->owner != NULL) {
1108	spin_lock_irq(&pi_state->owner->pi_lock);	1152	spin_lock_irq(&pi_state->owner->pi_lock);
1109	WARN_ON(list_empty(&pi_state->list));	1153	WARN_ON(list_empty(&pi_state->list));
1110	list_del_init(&pi_state->list);	1154	list_del_init(&pi_state->list);
1111	spin_unlock_irq(&pi_state->owner->pi_lock);	1155	spin_unlock_irq(&pi_state->owner->pi_lock);
1112	} else	1156	}
1113	newtid \|= FUTEX_OWNER_DIED;
1114		1157
1115	pi_state->owner = newowner;	1158	pi_state->owner = newowner;
1116		1159
@@ -1118,26 +1161,35 @@ static int fixup_pi_state_owner(u32 __user uaddr, struct futex_q q,
1118	WARN_ON(!list_empty(&pi_state->list));	1161	WARN_ON(!list_empty(&pi_state->list));
1119	list_add(&pi_state->list, &newowner->pi_state_list);	1162	list_add(&pi_state->list, &newowner->pi_state_list);
1120	spin_unlock_irq(&newowner->pi_lock);	1163	spin_unlock_irq(&newowner->pi_lock);
		1164	return 0;
1121		1165
1122	/*	1166	/*
1123	* We own it, so we have to replace the pending owner	1167	* To handle the page fault we need to drop the hash bucket
1124	* TID. This must be atomic as we have preserve the	1168	* lock here. That gives the other task (either the pending
1125	* owner died bit here.	1169	* owner itself or the task which stole the rtmutex) the
		1170	* chance to try the fixup of the pi_state. So once we are
		1171	* back from handling the fault we need to check the pi_state
		1172	* after reacquiring the hash bucket lock and before trying to
		1173	* do another fixup. When the fixup has been done already we
		1174	* simply return.
1126	*/	1175	*/
1127	ret = get_futex_value_locked(&uval, uaddr);	1176	handle_fault:
		1177	spin_unlock(q->lock_ptr);
1128		1178
1129	while (!ret) {	1179	ret = futex_handle_fault((unsigned long)uaddr, fshared, attempt++);
1130	newval = (uval & FUTEX_OWNER_DIED) \| newtid;
1131		1180
1132	curval = cmpxchg_futex_value_locked(uaddr, uval, newval);	1181	spin_lock(q->lock_ptr);
1133		1182
1134	if (curval == -EFAULT)	1183	/*
1135	ret = -EFAULT;	1184	* Check if someone else fixed it for us:
1136	if (curval == uval)	1185	*/
1137	break;	1186	if (pi_state->owner != oldowner)
1138	uval = curval;	1187	return 0;
1139	}	1188
1140	return ret;	1189	if (ret)
		1190	return ret;
		1191
		1192	goto retry;
1141	}	1193	}
1142		1194
1143	/*	1195	/*
@@ -1507,7 +1559,7 @@ static int futex_lock_pi(u32 __user uaddr, struct rw_semaphore fshared,
1507	* that case:	1559	* that case:
1508	*/	1560	*/
1509	if (q.pi_state->owner != curr)	1561	if (q.pi_state->owner != curr)
1510	ret = fixup_pi_state_owner(uaddr, &q, curr);	1562	ret = fixup_pi_state_owner(uaddr, &q, curr, fshared);
1511	} else {	1563	} else {
1512	/*	1564	/*
1513	* Catch the rare case, where the lock was released	1565	* Catch the rare case, where the lock was released
@@ -1539,7 +1591,8 @@ static int futex_lock_pi(u32 __user uaddr, struct rw_semaphore fshared,
1539	int res;	1591	int res;
1540		1592
1541	owner = rt_mutex_owner(&q.pi_state->pi_mutex);	1593	owner = rt_mutex_owner(&q.pi_state->pi_mutex);
1542	res = fixup_pi_state_owner(uaddr, &q, owner);	1594	res = fixup_pi_state_owner(uaddr, &q, owner,
		1595	fshared);
1543		1596
1544	/* propagate -EFAULT, if the fixup failed */	1597	/* propagate -EFAULT, if the fixup failed */
1545	if (res)	1598	if (res)


diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c index 421be5fe5cc7..543d9ca9b4f4 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c
@@ -1078,7 +1078,7 @@ ktime_t hrtimer_get_remaining(const struct hrtimer *timer)
1078	}	1078	}
1079	EXPORT_SYMBOL_GPL(hrtimer_get_remaining);	1079	EXPORT_SYMBOL_GPL(hrtimer_get_remaining);
1080		1080
1081	#if defined(CONFIG_NO_IDLE_HZ) \|\| defined(CONFIG_NO_HZ)	1081	#ifdef CONFIG_NO_HZ
1082	/**	1082	/**
1083	* hrtimer_get_next_event - get the time until next expiry event	1083	* hrtimer_get_next_event - get the time until next expiry event
1084	*	1084	*


diff --git a/kernel/kgdb.c b/kernel/kgdb.c index 79e3c90113c2..3ec23c3ec97f 100644 --- a/kernel/kgdb.c +++ b/kernel/kgdb.c
@@ -1499,7 +1499,8 @@ int kgdb_nmicallback(int cpu, void *regs)
1499	return 1;	1499	return 1;
1500	}	1500	}
1501		1501
1502	void kgdb_console_write(struct console co, const char s, unsigned count)	1502	static void kgdb_console_write(struct console co, const char s,
		1503	unsigned count)
1503	{	1504	{
1504	unsigned long flags;	1505	unsigned long flags;
1505		1506


diff --git a/kernel/rcuclassic.c b/kernel/rcuclassic.c index f4ffbd0f306f..a38895a5b8e2 100644 --- a/kernel/rcuclassic.c +++ b/kernel/rcuclassic.c
@@ -89,8 +89,22 @@ static void force_quiescent_state(struct rcu_data *rdp,
89	/*	89	/*
90	* Don't send IPI to itself. With irqs disabled,	90	* Don't send IPI to itself. With irqs disabled,
91	* rdp->cpu is the current cpu.	91	* rdp->cpu is the current cpu.
		92	*
		93	* cpu_online_map is updated by the _cpu_down()
		94	* using stop_machine_run(). Since we're in irqs disabled
		95	* section, stop_machine_run() is not exectuting, hence
		96	* the cpu_online_map is stable.
		97	*
		98	* However, a cpu might have been offlined _just_ before
		99	* we disabled irqs while entering here.
		100	* And rcu subsystem might not yet have handled the CPU_DEAD
		101	* notification, leading to the offlined cpu's bit
		102	* being set in the rcp->cpumask.
		103	*
		104	* Hence cpumask = (rcp->cpumask & cpu_online_map) to prevent
		105	* sending smp_reschedule() to an offlined CPU.
92	*/	106	*/
93	cpumask = rcp->cpumask;	107	cpus_and(cpumask, rcp->cpumask, cpu_online_map);
94	cpu_clear(rdp->cpu, cpumask);	108	cpu_clear(rdp->cpu, cpumask);
95	for_each_cpu_mask(cpu, cpumask)	109	for_each_cpu_mask(cpu, cpumask)
96	smp_send_reschedule(cpu);	110	smp_send_reschedule(cpu);


diff --git a/kernel/sched.c b/kernel/sched.c index b048ad8a11af..94ead43eda62 100644 --- a/kernel/sched.c +++ b/kernel/sched.c
@@ -4398,22 +4398,20 @@ do_wait_for_common(struct completion *x, long timeout, int state)
4398	signal_pending(current)) \|\|	4398	signal_pending(current)) \|\|
4399	(state == TASK_KILLABLE &&	4399	(state == TASK_KILLABLE &&
4400	fatal_signal_pending(current))) {	4400	fatal_signal_pending(current))) {
4401	__remove_wait_queue(&x->wait, &wait);	4401	timeout = -ERESTARTSYS;
4402	return -ERESTARTSYS;	4402	break;
4403	}	4403	}
4404	__set_current_state(state);	4404	__set_current_state(state);
4405	spin_unlock_irq(&x->wait.lock);	4405	spin_unlock_irq(&x->wait.lock);
4406	timeout = schedule_timeout(timeout);	4406	timeout = schedule_timeout(timeout);
4407	spin_lock_irq(&x->wait.lock);	4407	spin_lock_irq(&x->wait.lock);
4408	if (!timeout) {	4408	} while (!x->done && timeout);
4409	__remove_wait_queue(&x->wait, &wait);
4410	return timeout;
4411	}
4412	} while (!x->done);
4413	__remove_wait_queue(&x->wait, &wait);	4409	__remove_wait_queue(&x->wait, &wait);
		4410	if (!x->done)
		4411	return timeout;
4414	}	4412	}
4415	x->done--;	4413	x->done--;
4416	return timeout;	4414	return timeout ?: 1;
4417	}	4415	}
4418		4416
4419	static long __sched	4417	static long __sched
@@ -5889,6 +5887,7 @@ static void migrate_dead_tasks(unsigned int dead_cpu)
5889	next = pick_next_task(rq, rq->curr);	5887	next = pick_next_task(rq, rq->curr);
5890	if (!next)	5888	if (!next)
5891	break;	5889	break;
		5890	next->sched_class->put_prev_task(rq, next);
5892	migrate_dead(dead_cpu, next);	5891	migrate_dead(dead_cpu, next);
5893		5892
5894	}	5893	}
@@ -8503,6 +8502,9 @@ int sched_group_set_rt_period(struct task_group *tg, long rt_period_us)
8503	rt_period = (u64)rt_period_us * NSEC_PER_USEC;	8502	rt_period = (u64)rt_period_us * NSEC_PER_USEC;
8504	rt_runtime = tg->rt_bandwidth.rt_runtime;	8503	rt_runtime = tg->rt_bandwidth.rt_runtime;
8505		8504
		8505	if (rt_period == 0)
		8506	return -EINVAL;
		8507
8506	return tg_set_bandwidth(tg, rt_period, rt_runtime);	8508	return tg_set_bandwidth(tg, rt_period, rt_runtime);
8507	}	8509	}
8508		8510


diff --git a/kernel/sched_rt.c b/kernel/sched_rt.c index 1dad5bbb59b6..0f3c19197fa4 100644 --- a/kernel/sched_rt.c +++ b/kernel/sched_rt.c
@@ -250,7 +250,8 @@ static int do_sched_rt_period_timer(struct rt_bandwidth *rt_b, int overrun)
250	if (rt_rq->rt_time \|\| rt_rq->rt_nr_running)	250	if (rt_rq->rt_time \|\| rt_rq->rt_nr_running)
251	idle = 0;	251	idle = 0;
252	spin_unlock(&rt_rq->rt_runtime_lock);	252	spin_unlock(&rt_rq->rt_runtime_lock);
253	}	253	} else if (rt_rq->rt_nr_running)
		254	idle = 0;
254		255
255	if (enqueue)	256	if (enqueue)
256	sched_rt_rq_enqueue(rt_rq);	257	sched_rt_rq_enqueue(rt_rq);


diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 29116652dca8..f6d2e57b99a0 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c
@@ -132,8 +132,6 @@ extern int sysctl_userprocess_debug;
132	extern int spin_retry;	132	extern int spin_retry;
133	#endif	133	#endif
134		134
135	extern int sysctl_hz_timer;
136
137	#ifdef CONFIG_BSD_PROCESS_ACCT	135	#ifdef CONFIG_BSD_PROCESS_ACCT
138	extern int acct_parm[];	136	extern int acct_parm[];
139	#endif	137	#endif
@@ -563,16 +561,6 @@ static struct ctl_table kern_table[] = {
563	.proc_handler = &proc_dointvec,	561	.proc_handler = &proc_dointvec,
564	},	562	},
565	#endif	563	#endif
566	#ifdef CONFIG_NO_IDLE_HZ
567	{
568	.ctl_name = KERN_HZ_TIMER,
569	.procname = "hz_timer",
570	.data = &sysctl_hz_timer,
571	.maxlen = sizeof(int),
572	.mode = 0644,
573	.proc_handler = &proc_dointvec,
574	},
575	#endif
576	{	564	{
577	.ctl_name = KERN_S390_USER_DEBUG_LOGGING,	565	.ctl_name = KERN_S390_USER_DEBUG_LOGGING,
578	.procname = "userprocess_debug",	566	.procname = "userprocess_debug",


diff --git a/kernel/timer.c b/kernel/timer.c index ceacc6626572..ef3fa6906e8f 100644 --- a/kernel/timer.c +++ b/kernel/timer.c
@@ -812,7 +812,7 @@ static inline void __run_timers(struct tvec_base *base)
812	spin_unlock_irq(&base->lock);	812	spin_unlock_irq(&base->lock);
813	}	813	}
814		814
815	#if defined(CONFIG_NO_IDLE_HZ) \|\| defined(CONFIG_NO_HZ)	815	#ifdef CONFIG_NO_HZ
816	/*	816	/*
817	* Find out when the next timer event is due to happen. This	817	* Find out when the next timer event is due to happen. This
818	* is used on S/390 to stop all activity when a cpus is idle.	818	* is used on S/390 to stop all activity when a cpus is idle.
@@ -947,14 +947,6 @@ unsigned long get_next_timer_interrupt(unsigned long now)
947		947
948	return cmp_next_hrtimer_event(now, expires);	948	return cmp_next_hrtimer_event(now, expires);
949	}	949	}
950
951	#ifdef CONFIG_NO_IDLE_HZ
952	unsigned long next_timer_interrupt(void)
953	{
954	return get_next_timer_interrupt(jiffies);
955	}
956	#endif
957
958	#endif	950	#endif
959		951
960	#ifndef CONFIG_VIRT_CPU_ACCOUNTING	952	#ifndef CONFIG_VIRT_CPU_ACCOUNTING