6 files changed, 93 insertions, 81 deletions
diff --git a/kernel/futex.c b/kernel/futex.c
index 248dd119a86e..b911adceb2c4 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -89,36 +89,36 @@ struct futex_pi_state {
        union futex_key key;
 };
-/*
+/**
- * We use this hashed waitqueue instead of a normal wait_queue_t, so
+ * struct futex_q - The hashed futex queue entry, one per waiting task
+ * @task:               the task waiting on the futex
+ * @lock_ptr:           the hash bucket lock
+ * @key:                the key the futex is hashed on
+ * @pi_state:           optional priority inheritance state
+ * @rt_waiter:          rt_waiter storage for use with requeue_pi
+ * @requeue_pi_key:     the requeue_pi target futex key
+ * @bitset:             bitset for the optional bitmasked wakeup
+ *
+ * We use this hashed waitqueue, instead of a normal wait_queue_t, so
 * we can wake only the relevant ones (hashed queues may be shared).
 *
 * A futex_q has a woken state, just like tasks have TASK_RUNNING.
 * It is considered woken when plist_node_empty(&q->list) || q->lock_ptr == 0.
 * The order of wakup is always to make the first condition true, then
- * wake up q->waiter, then make the second condition true.
+ * the second.
+ *
+ * PI futexes are typically woken before they are removed from the hash list via
+ * the rt_mutex code. See unqueue_me_pi().
 */
 struct futex_q {
        struct plist_node list;
-        /* Waiter reference */
-        struct task_struct *task;
-        /* Which hash list lock to use: */
+        struct task_struct *task;
        spinlock_t *lock_ptr;
-        /* Key which the futex is hashed on: */
        union futex_key key;
-        /* Optional priority inheritance state: */
        struct futex_pi_state *pi_state;
-        /* rt_waiter storage for requeue_pi: */
        struct rt_mutex_waiter *rt_waiter;
-        /* The expected requeue pi target futex key: */
        union futex_key *requeue_pi_key;
-        /* Bitset for the optional bitmasked wakeup */
        u32 bitset;
 };
@@ -198,11 +198,12 @@ static void drop_futex_key_refs(union futex_key *key)
 }
 /**
- * get_futex_key - Get parameters which are the keys for a futex.
+ * get_futex_key() - Get parameters which are the keys for a futex
- * @uaddr: virtual address of the futex
+ * @uaddr:      virtual address of the futex
- * @fshared: 0 for a PROCESS_PRIVATE futex, 1 for PROCESS_SHARED
+ * @fshared:    0 for a PROCESS_PRIVATE futex, 1 for PROCESS_SHARED
- * @key: address where result is stored.
+ * @key:        address where result is stored.
- * @rw: mapping needs to be read/write (values: VERIFY_READ, VERIFY_WRITE)
+ * @rw:         mapping needs to be read/write (values: VERIFY_READ,
+ *              VERIFY_WRITE)
 *
 * Returns a negative error code or 0
 * The key words are stored in *key on success.
@@ -288,8 +289,8 @@ void put_futex_key(int fshared, union futex_key *key)
        drop_futex_key_refs(key);
 }
-/*
+/**
- * fault_in_user_writeable - fault in user address and verify RW access
+ * fault_in_user_writeable() - Fault in user address and verify RW access
 * @uaddr:      pointer to faulting user space address
 *
 * Slow path to fixup the fault we just took in the atomic write
@@ -309,8 +310,8 @@ static int fault_in_user_writeable(u32 __user *uaddr)
 /**
 * futex_top_waiter() - Return the highest priority waiter on a futex
- * @hb:     the hash bucket the futex_q's reside in
+ * @hb:         the hash bucket the futex_q's reside in
- * @key:    the futex key (to distinguish it from other futex futex_q's)
+ * @key:        the futex key (to distinguish it from other futex futex_q's)
 *
 * Must be called with the hb lock held.
 */
@@ -588,7 +589,7 @@ lookup_pi_state(u32 uval, struct futex_hash_bucket *hb,
 }
 /**
- * futex_lock_pi_atomic() - atomic work required to acquire a pi aware futex
+ * futex_lock_pi_atomic() - Atomic work required to acquire a pi aware futex
 * @uaddr:              the pi futex user address
 * @hb:                 the pi futex hash bucket
 * @key:                the futex key associated with uaddr and hb
@@ -1011,9 +1012,9 @@ void requeue_futex(struct futex_q *q, struct futex_hash_bucket *hb1,
 /**
 * requeue_pi_wake_futex() - Wake a task that acquired the lock during requeue
- * q:   the futex_q
+ * @q:          the futex_q
- * key: the key of the requeue target futex
+ * @key:        the key of the requeue target futex
- * hb:  the hash_bucket of the requeue target futex
+ * @hb:         the hash_bucket of the requeue target futex
 *
 * During futex_requeue, with requeue_pi=1, it is possible to acquire the
 * target futex if it is uncontended or via a lock steal.  Set the futex_q key
@@ -1350,6 +1351,25 @@ static inline struct futex_hash_bucket *queue_lock(struct futex_q *q)
        return hb;
 }
+static inline void
+queue_unlock(struct futex_q *q, struct futex_hash_bucket *hb)
+{
+        spin_unlock(&hb->lock);
+        drop_futex_key_refs(&q->key);
+}
+/**
+ * queue_me() - Enqueue the futex_q on the futex_hash_bucket
+ * @q:  The futex_q to enqueue
+ * @hb: The destination hash bucket
+ *
+ * The hb->lock must be held by the caller, and is released here. A call to
+ * queue_me() is typically paired with exactly one call to unqueue_me().  The
+ * exceptions involve the PI related operations, which may use unqueue_me_pi()
+ * or nothing if the unqueue is done as part of the wake process and the unqueue
+ * state is implicit in the state of woken task (see futex_wait_requeue_pi() for
+ * an example).
+ */
 static inline void queue_me(struct futex_q *q, struct futex_hash_bucket *hb)
 {
        int prio;
@@ -1373,19 +1393,17 @@ static inline void queue_me(struct futex_q *q, struct futex_hash_bucket *hb)
        spin_unlock(&hb->lock);
 }
-static inline void
+/**
-queue_unlock(struct futex_q *q, struct futex_hash_bucket *hb)
+ * unqueue_me() - Remove the futex_q from its futex_hash_bucket
-{
+ * @q:  The futex_q to unqueue
-        spin_unlock(&hb->lock);
+ *
-        drop_futex_key_refs(&q->key);
+ * The q->lock_ptr must not be held by the caller. A call to unqueue_me() must
-}
+ * be paired with exactly one earlier call to queue_me().
+ *
-/*
+ * Returns:
- * queue_me and unqueue_me must be called as a pair, each
+ *   1 - if the futex_q was still queued (and we removed unqueued it)
- * exactly once.  They are called with the hashed spinlock held.
+ *   0 - if the futex_q was already removed by the waking thread
 */
-/* Return 1 if we were still queued (ie. 0 means we were woken) */
 static int unqueue_me(struct futex_q *q)
 {
        spinlock_t *lock_ptr;
@@ -1638,17 +1656,14 @@ out:
 static void futex_wait_queue_me(struct futex_hash_bucket *hb, struct futex_q *q,
                                struct hrtimer_sleeper *timeout)
 {
-        queue_me(q, hb);
        /*
-         * There might have been scheduling since the queue_me(), as we
+         * The task state is guaranteed to be set before another task can
-         * cannot hold a spinlock across the get_user() in case it
+         * wake it. set_current_state() is implemented using set_mb() and
-         * faults, and we cannot just set TASK_INTERRUPTIBLE state when
+         * queue_me() calls spin_unlock() upon completion, both serializing
-         * queueing ourselves into the futex hash. This code thus has to
+         * access to the hash list and forcing another memory barrier.
-         * rely on the futex_wake() code removing us from hash when it
-         * wakes us up.
         */
        set_current_state(TASK_INTERRUPTIBLE);
+        queue_me(q, hb);
        /* Arm the timer */
        if (timeout) {
@@ -1658,8 +1673,8 @@ static void futex_wait_queue_me(struct futex_hash_bucket *hb, struct futex_q *q,
        }
        /*
-         * !plist_node_empty() is safe here without any lock.
+         * If we have been removed from the hash list, then another task
-         * q.lock_ptr != 0 is not safe, because of ordering against wakeup.
+         * has tried to wake us, and we can skip the call to schedule().
         */
        if (likely(!plist_node_empty(&q->list))) {
                /*
@@ -2114,12 +2129,12 @@ int handle_early_requeue_pi_wakeup(struct futex_hash_bucket *hb,
 /**
 * futex_wait_requeue_pi() - Wait on uaddr and take uaddr2
- * @uaddr:      the futex we initialyl wait on (non-pi)
+ * @uaddr:      the futex we initially wait on (non-pi)
 * @fshared:    whether the futexes are shared (1) or not (0).  They must be
 *              the same type, no requeueing from private to shared, etc.
 * @val:        the expected value of uaddr
 * @abs_time:   absolute timeout
- * @bitset:     32 bit wakeup bitset set by userspace, defaults to all.
+ * @bitset:     32 bit wakeup bitset set by userspace, defaults to all
 * @clockrt:    whether to use CLOCK_REALTIME (1) or CLOCK_MONOTONIC (0)
 * @uaddr2:     the pi futex we will take prior to returning to user-space
 *
@@ -2246,7 +2261,7 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, int fshared,
                res = fixup_owner(uaddr2, fshared, &q, !ret);
                /*
                 * If fixup_owner() returned an error, proprogate that.  If it
-                 * acquired the lock, clear our -ETIMEDOUT or -EINTR.
+                 * acquired the lock, clear -ETIMEDOUT or -EINTR.
                 */
                if (res)
                        ret = (res < 0) ? res : 0;
@@ -2302,9 +2317,9 @@ out:
 */
 /**
- * sys_set_robust_list - set the robust-futex list head of a task
+ * sys_set_robust_list() - Set the robust-futex list head of a task
- * @head: pointer to the list-head
+ * @head:       pointer to the list-head
- * @len: length of the list-head, as userspace expects
+ * @len:        length of the list-head, as userspace expects
 */
 SYSCALL_DEFINE2(set_robust_list, struct robust_list_head __user *, head,
                size_t, len)
@@ -2323,10 +2338,10 @@ SYSCALL_DEFINE2(set_robust_list, struct robust_list_head __user *, head,
 }
 /**
- * sys_get_robust_list - get the robust-futex list head of a task
+ * sys_get_robust_list() - Get the robust-futex list head of a task
- * @pid: pid of the process [zero for current task]
+ * @pid:        pid of the process [zero for current task]
- * @head_ptr: pointer to a list-head pointer, the kernel fills it in
+ * @head_ptr:   pointer to a list-head pointer, the kernel fills it in
- * @len_ptr: pointer to a length field, the kernel fills in the header size
+ * @len_ptr:    pointer to a length field, the kernel fills in the header size
 */
 SYSCALL_DEFINE3(get_robust_list, int, pid,
                struct robust_list_head __user * __user *, head_ptr,
diff --git a/kernel/module.c b/kernel/module.c
index 5a29397ca4b6..fe748a86d452 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3091,7 +3091,6 @@ void module_layout(struct module *mod,
                   struct modversion_info *ver,
                   struct kernel_param *kp,
                   struct kernel_symbol *ks,
-                   struct marker *marker,
                   struct tracepoint *tp)
 {
 }
diff --git a/kernel/time/clocksource.c b/kernel/time/clocksource.c
index 09113347d328..5e18c6ab2c6a 100644
--- a/kernel/time/clocksource.c
+++ b/kernel/time/clocksource.c
@@ -394,15 +394,11 @@ void clocksource_resume(void)
 {
        struct clocksource *cs;
-        mutex_lock(&clocksource_mutex);
        list_for_each_entry(cs, &clocksource_list, list)
                if (cs->resume)
                        cs->resume();
        clocksource_resume_watchdog();
-        mutex_unlock(&clocksource_mutex);
 }
 /**
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
index a142579765bf..46592feab5a6 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
@@ -1621,8 +1621,10 @@ ftrace_regex_open(struct inode *inode, struct file *file, int enable)
                if (!ret) {
                        struct seq_file *m = file->private_data;
                        m->private = iter;
-                } else
+                } else {
+                        trace_parser_put(&iter->parser);
                        kfree(iter);
+                }
        } else
                file->private_data = iter;
        mutex_unlock(&ftrace_regex_lock);
@@ -2202,7 +2204,7 @@ ftrace_regex_write(struct file *file, const char __user *ubuf,
        struct trace_parser *parser;
        ssize_t ret, read;
-        if (!cnt || cnt < 0)
+        if (!cnt)
                return 0;
        mutex_lock(&ftrace_regex_lock);
@@ -2216,7 +2218,7 @@ ftrace_regex_write(struct file *file, const char __user *ubuf,
        parser = &iter->parser;
        read = trace_get_user(parser, ubuf, cnt, ppos);
-        if (trace_parser_loaded(parser) &&
+        if (read >= 0 && trace_parser_loaded(parser) &&
            !trace_parser_cont(parser)) {
                ret = ftrace_process_regex(parser->buffer,
                                           parser->idx, enable);
@@ -2552,8 +2554,7 @@ ftrace_graph_write(struct file *file, const char __user *ubuf,
                   size_t cnt, loff_t *ppos)
 {
        struct trace_parser parser;
-        size_t read = 0;
+        ssize_t read, ret;
-        ssize_t ret;
        if (!cnt || cnt < 0)
                return 0;
@@ -2562,29 +2563,31 @@ ftrace_graph_write(struct file *file, const char __user *ubuf,
        if (ftrace_graph_count >= FTRACE_GRAPH_MAX_FUNCS) {
                ret = -EBUSY;
-                goto out;
+                goto out_unlock;
        }
        if (trace_parser_get_init(&parser, FTRACE_BUFF_MAX)) {
                ret = -ENOMEM;
-                goto out;
+                goto out_unlock;
        }
        read = trace_get_user(&parser, ubuf, cnt, ppos);
-        if (trace_parser_loaded((&parser))) {
+        if (read >= 0 && trace_parser_loaded((&parser))) {
                parser.buffer[parser.idx] = 0;
                /* we allow only one expression at a time */
                ret = ftrace_set_func(ftrace_graph_funcs, &ftrace_graph_count,
                                        parser.buffer);
                if (ret)
-                        goto out;
+                        goto out_free;
        }
        ret = read;
- out:
+out_free:
        trace_parser_put(&parser);
+out_unlock:
        mutex_unlock(&graph_lock);
        return ret;
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 411af37f4be4..45068269ebb1 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -415,7 +415,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
        /* read the non-space input */
        while (cnt && !isspace(ch)) {
-                if (parser->idx < parser->size)
+                if (parser->idx < parser->size - 1)
                        parser->buffer[parser->idx++] = ch;
                else {
                        ret = -EINVAL;
diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
index 6f03c8a1105e..d128f65778e6 100644
--- a/kernel/trace/trace_events.c
+++ b/kernel/trace/trace_events.c
@@ -232,10 +232,9 @@ ftrace_event_write(struct file *file, const char __user *ubuf,
                   size_t cnt, loff_t *ppos)
 {
        struct trace_parser parser;
-        size_t read = 0;
+        ssize_t read, ret;
-        ssize_t ret;
-        if (!cnt || cnt < 0)
+        if (!cnt)
                return 0;
        ret = tracing_update_buffers();
@@ -247,7 +246,7 @@ ftrace_event_write(struct file *file, const char __user *ubuf,
        read = trace_get_user(&parser, ubuf, cnt, ppos);
-        if (trace_parser_loaded((&parser))) {
+        if (read >= 0 && trace_parser_loaded((&parser))) {
                int set = 1;
                if (*parser.buffer == '!')

diff --git a/kernel/futex.c b/kernel/futex.c index 248dd119a86e..b911adceb2c4 100644 --- a/kernel/futex.c +++ b/kernel/futex.c
@@ -89,36 +89,36 @@ struct futex_pi_state {
89	union futex_key key;	89	union futex_key key;
90	};	90	};
91		91
92	/*	92	/**
93	* We use this hashed waitqueue instead of a normal wait_queue_t, so	93	* struct futex_q - The hashed futex queue entry, one per waiting task
		94	* @task: the task waiting on the futex
		95	* @lock_ptr: the hash bucket lock
		96	* @key: the key the futex is hashed on
		97	* @pi_state: optional priority inheritance state
		98	* @rt_waiter: rt_waiter storage for use with requeue_pi
		99	* @requeue_pi_key: the requeue_pi target futex key
		100	* @bitset: bitset for the optional bitmasked wakeup
		101	*
		102	* We use this hashed waitqueue, instead of a normal wait_queue_t, so
94	* we can wake only the relevant ones (hashed queues may be shared).	103	* we can wake only the relevant ones (hashed queues may be shared).
95	*	104	*
96	* A futex_q has a woken state, just like tasks have TASK_RUNNING.	105	* A futex_q has a woken state, just like tasks have TASK_RUNNING.
97	* It is considered woken when plist_node_empty(&q->list) \|\| q->lock_ptr == 0.	106	* It is considered woken when plist_node_empty(&q->list) \|\| q->lock_ptr == 0.
98	* The order of wakup is always to make the first condition true, then	107	* The order of wakup is always to make the first condition true, then
99	* wake up q->waiter, then make the second condition true.	108	* the second.
		109	*
		110	* PI futexes are typically woken before they are removed from the hash list via
		111	* the rt_mutex code. See unqueue_me_pi().
100	*/	112	*/
101	struct futex_q {	113	struct futex_q {
102	struct plist_node list;	114	struct plist_node list;
103	/* Waiter reference */
104	struct task_struct *task;
105		115
106	/* Which hash list lock to use: */	116	struct task_struct *task;
107	spinlock_t *lock_ptr;	117	spinlock_t *lock_ptr;
108
109	/* Key which the futex is hashed on: */
110	union futex_key key;	118	union futex_key key;
111
112	/* Optional priority inheritance state: */
113	struct futex_pi_state *pi_state;	119	struct futex_pi_state *pi_state;
114
115	/* rt_waiter storage for requeue_pi: */
116	struct rt_mutex_waiter *rt_waiter;	120	struct rt_mutex_waiter *rt_waiter;
117
118	/* The expected requeue pi target futex key: */
119	union futex_key *requeue_pi_key;	121	union futex_key *requeue_pi_key;
120
121	/* Bitset for the optional bitmasked wakeup */
122	u32 bitset;	122	u32 bitset;
123	};	123	};
124		124
@@ -198,11 +198,12 @@ static void drop_futex_key_refs(union futex_key *key)
198	}	198	}
199		199
200	/**	200	/**
201	* get_futex_key - Get parameters which are the keys for a futex.	201	* get_futex_key() - Get parameters which are the keys for a futex
202	* @uaddr: virtual address of the futex	202	* @uaddr: virtual address of the futex
203	* @fshared: 0 for a PROCESS_PRIVATE futex, 1 for PROCESS_SHARED	203	* @fshared: 0 for a PROCESS_PRIVATE futex, 1 for PROCESS_SHARED
204	* @key: address where result is stored.	204	* @key: address where result is stored.
205	* @rw: mapping needs to be read/write (values: VERIFY_READ, VERIFY_WRITE)	205	* @rw: mapping needs to be read/write (values: VERIFY_READ,
		206	* VERIFY_WRITE)
206	*	207	*
207	* Returns a negative error code or 0	208	* Returns a negative error code or 0
208	* The key words are stored in *key on success.	209	* The key words are stored in *key on success.
@@ -288,8 +289,8 @@ void put_futex_key(int fshared, union futex_key *key)
288	drop_futex_key_refs(key);	289	drop_futex_key_refs(key);
289	}	290	}
290		291
291	/*	292	/**
292	* fault_in_user_writeable - fault in user address and verify RW access	293	* fault_in_user_writeable() - Fault in user address and verify RW access
293	* @uaddr: pointer to faulting user space address	294	* @uaddr: pointer to faulting user space address
294	*	295	*
295	* Slow path to fixup the fault we just took in the atomic write	296	* Slow path to fixup the fault we just took in the atomic write
@@ -309,8 +310,8 @@ static int fault_in_user_writeable(u32 __user *uaddr)
309		310
310	/**	311	/**
311	* futex_top_waiter() - Return the highest priority waiter on a futex	312	* futex_top_waiter() - Return the highest priority waiter on a futex
312	* @hb: the hash bucket the futex_q's reside in	313	* @hb: the hash bucket the futex_q's reside in
313	* @key: the futex key (to distinguish it from other futex futex_q's)	314	* @key: the futex key (to distinguish it from other futex futex_q's)
314	*	315	*
315	* Must be called with the hb lock held.	316	* Must be called with the hb lock held.
316	*/	317	*/
@@ -588,7 +589,7 @@ lookup_pi_state(u32 uval, struct futex_hash_bucket *hb,
588	}	589	}
589		590
590	/**	591	/**
591	* futex_lock_pi_atomic() - atomic work required to acquire a pi aware futex	592	* futex_lock_pi_atomic() - Atomic work required to acquire a pi aware futex
592	* @uaddr: the pi futex user address	593	* @uaddr: the pi futex user address
593	* @hb: the pi futex hash bucket	594	* @hb: the pi futex hash bucket
594	* @key: the futex key associated with uaddr and hb	595	* @key: the futex key associated with uaddr and hb
@@ -1011,9 +1012,9 @@ void requeue_futex(struct futex_q q, struct futex_hash_bucket hb1,
1011		1012
1012	/**	1013	/**
1013	* requeue_pi_wake_futex() - Wake a task that acquired the lock during requeue	1014	* requeue_pi_wake_futex() - Wake a task that acquired the lock during requeue
1014	* q: the futex_q	1015	* @q: the futex_q
1015	* key: the key of the requeue target futex	1016	* @key: the key of the requeue target futex
1016	* hb: the hash_bucket of the requeue target futex	1017	* @hb: the hash_bucket of the requeue target futex
1017	*	1018	*
1018	* During futex_requeue, with requeue_pi=1, it is possible to acquire the	1019	* During futex_requeue, with requeue_pi=1, it is possible to acquire the
1019	* target futex if it is uncontended or via a lock steal. Set the futex_q key	1020	* target futex if it is uncontended or via a lock steal. Set the futex_q key
@@ -1350,6 +1351,25 @@ static inline struct futex_hash_bucket queue_lock(struct futex_q q)
1350	return hb;	1351	return hb;
1351	}	1352	}
1352		1353
		1354	static inline void
		1355	queue_unlock(struct futex_q q, struct futex_hash_bucket hb)
		1356	{
		1357	spin_unlock(&hb->lock);
		1358	drop_futex_key_refs(&q->key);
		1359	}
		1360
		1361	/**
		1362	* queue_me() - Enqueue the futex_q on the futex_hash_bucket
		1363	* @q: The futex_q to enqueue
		1364	* @hb: The destination hash bucket
		1365	*
		1366	* The hb->lock must be held by the caller, and is released here. A call to
		1367	* queue_me() is typically paired with exactly one call to unqueue_me(). The
		1368	* exceptions involve the PI related operations, which may use unqueue_me_pi()
		1369	* or nothing if the unqueue is done as part of the wake process and the unqueue
		1370	* state is implicit in the state of woken task (see futex_wait_requeue_pi() for
		1371	* an example).
		1372	*/
1353	static inline void queue_me(struct futex_q q, struct futex_hash_bucket hb)	1373	static inline void queue_me(struct futex_q q, struct futex_hash_bucket hb)
1354	{	1374	{
1355	int prio;	1375	int prio;
@@ -1373,19 +1393,17 @@ static inline void queue_me(struct futex_q q, struct futex_hash_bucket hb)
1373	spin_unlock(&hb->lock);	1393	spin_unlock(&hb->lock);
1374	}	1394	}
1375		1395
1376	static inline void	1396	/**
1377	queue_unlock(struct futex_q q, struct futex_hash_bucket hb)	1397	* unqueue_me() - Remove the futex_q from its futex_hash_bucket
1378	{	1398	* @q: The futex_q to unqueue
1379	spin_unlock(&hb->lock);	1399	*
1380	drop_futex_key_refs(&q->key);	1400	* The q->lock_ptr must not be held by the caller. A call to unqueue_me() must
1381	}	1401	* be paired with exactly one earlier call to queue_me().
1382		1402	*
1383	/*	1403	* Returns:
1384	* queue_me and unqueue_me must be called as a pair, each	1404	* 1 - if the futex_q was still queued (and we removed unqueued it)
1385	* exactly once. They are called with the hashed spinlock held.	1405	* 0 - if the futex_q was already removed by the waking thread
1386	*/	1406	*/
1387
1388	/* Return 1 if we were still queued (ie. 0 means we were woken) */
1389	static int unqueue_me(struct futex_q *q)	1407	static int unqueue_me(struct futex_q *q)
1390	{	1408	{
1391	spinlock_t *lock_ptr;	1409	spinlock_t *lock_ptr;
@@ -1638,17 +1656,14 @@ out:
1638	static void futex_wait_queue_me(struct futex_hash_bucket hb, struct futex_q q,	1656	static void futex_wait_queue_me(struct futex_hash_bucket hb, struct futex_q q,
1639	struct hrtimer_sleeper *timeout)	1657	struct hrtimer_sleeper *timeout)
1640	{	1658	{
1641	queue_me(q, hb);
1642
1643	/*	1659	/*
1644	* There might have been scheduling since the queue_me(), as we	1660	* The task state is guaranteed to be set before another task can
1645	* cannot hold a spinlock across the get_user() in case it	1661	* wake it. set_current_state() is implemented using set_mb() and
1646	* faults, and we cannot just set TASK_INTERRUPTIBLE state when	1662	* queue_me() calls spin_unlock() upon completion, both serializing
1647	* queueing ourselves into the futex hash. This code thus has to	1663	* access to the hash list and forcing another memory barrier.
1648	* rely on the futex_wake() code removing us from hash when it
1649	* wakes us up.
1650	*/	1664	*/
1651	set_current_state(TASK_INTERRUPTIBLE);	1665	set_current_state(TASK_INTERRUPTIBLE);
		1666	queue_me(q, hb);
1652		1667
1653	/* Arm the timer */	1668	/* Arm the timer */
1654	if (timeout) {	1669	if (timeout) {
@@ -1658,8 +1673,8 @@ static void futex_wait_queue_me(struct futex_hash_bucket hb, struct futex_q q,
1658	}	1673	}
1659		1674
1660	/*	1675	/*
1661	* !plist_node_empty() is safe here without any lock.	1676	* If we have been removed from the hash list, then another task
1662	* q.lock_ptr != 0 is not safe, because of ordering against wakeup.	1677	* has tried to wake us, and we can skip the call to schedule().
1663	*/	1678	*/
1664	if (likely(!plist_node_empty(&q->list))) {	1679	if (likely(!plist_node_empty(&q->list))) {
1665	/*	1680	/*
@@ -2114,12 +2129,12 @@ int handle_early_requeue_pi_wakeup(struct futex_hash_bucket *hb,
2114		2129
2115	/**	2130	/**
2116	* futex_wait_requeue_pi() - Wait on uaddr and take uaddr2	2131	* futex_wait_requeue_pi() - Wait on uaddr and take uaddr2
2117	* @uaddr: the futex we initialyl wait on (non-pi)	2132	* @uaddr: the futex we initially wait on (non-pi)
2118	* @fshared: whether the futexes are shared (1) or not (0). They must be	2133	* @fshared: whether the futexes are shared (1) or not (0). They must be
2119	* the same type, no requeueing from private to shared, etc.	2134	* the same type, no requeueing from private to shared, etc.
2120	* @val: the expected value of uaddr	2135	* @val: the expected value of uaddr
2121	* @abs_time: absolute timeout	2136	* @abs_time: absolute timeout
2122	* @bitset: 32 bit wakeup bitset set by userspace, defaults to all.	2137	* @bitset: 32 bit wakeup bitset set by userspace, defaults to all
2123	* @clockrt: whether to use CLOCK_REALTIME (1) or CLOCK_MONOTONIC (0)	2138	* @clockrt: whether to use CLOCK_REALTIME (1) or CLOCK_MONOTONIC (0)
2124	* @uaddr2: the pi futex we will take prior to returning to user-space	2139	* @uaddr2: the pi futex we will take prior to returning to user-space
2125	*	2140	*
@@ -2246,7 +2261,7 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, int fshared,
2246	res = fixup_owner(uaddr2, fshared, &q, !ret);	2261	res = fixup_owner(uaddr2, fshared, &q, !ret);
2247	/*	2262	/*
2248	* If fixup_owner() returned an error, proprogate that. If it	2263	* If fixup_owner() returned an error, proprogate that. If it
2249	* acquired the lock, clear our -ETIMEDOUT or -EINTR.	2264	* acquired the lock, clear -ETIMEDOUT or -EINTR.
2250	*/	2265	*/
2251	if (res)	2266	if (res)
2252	ret = (res < 0) ? res : 0;	2267	ret = (res < 0) ? res : 0;
@@ -2302,9 +2317,9 @@ out:
2302	*/	2317	*/
2303		2318
2304	/**	2319	/**
2305	* sys_set_robust_list - set the robust-futex list head of a task	2320	* sys_set_robust_list() - Set the robust-futex list head of a task
2306	* @head: pointer to the list-head	2321	* @head: pointer to the list-head
2307	* @len: length of the list-head, as userspace expects	2322	* @len: length of the list-head, as userspace expects
2308	*/	2323	*/
2309	SYSCALL_DEFINE2(set_robust_list, struct robust_list_head __user *, head,	2324	SYSCALL_DEFINE2(set_robust_list, struct robust_list_head __user *, head,
2310	size_t, len)	2325	size_t, len)
@@ -2323,10 +2338,10 @@ SYSCALL_DEFINE2(set_robust_list, struct robust_list_head __user *, head,
2323	}	2338	}
2324		2339
2325	/**	2340	/**
2326	* sys_get_robust_list - get the robust-futex list head of a task	2341	* sys_get_robust_list() - Get the robust-futex list head of a task
2327	* @pid: pid of the process [zero for current task]	2342	* @pid: pid of the process [zero for current task]
2328	* @head_ptr: pointer to a list-head pointer, the kernel fills it in	2343	* @head_ptr: pointer to a list-head pointer, the kernel fills it in
2329	* @len_ptr: pointer to a length field, the kernel fills in the header size	2344	* @len_ptr: pointer to a length field, the kernel fills in the header size
2330	*/	2345	*/
2331	SYSCALL_DEFINE3(get_robust_list, int, pid,	2346	SYSCALL_DEFINE3(get_robust_list, int, pid,
2332	struct robust_list_head __user * __user *, head_ptr,	2347	struct robust_list_head __user * __user *, head_ptr,


diff --git a/kernel/module.c b/kernel/module.c index 5a29397ca4b6..fe748a86d452 100644 --- a/kernel/module.c +++ b/kernel/module.c
@@ -3091,7 +3091,6 @@ void module_layout(struct module *mod,
3091	struct modversion_info *ver,	3091	struct modversion_info *ver,
3092	struct kernel_param *kp,	3092	struct kernel_param *kp,
3093	struct kernel_symbol *ks,	3093	struct kernel_symbol *ks,
3094	struct marker *marker,
3095	struct tracepoint *tp)	3094	struct tracepoint *tp)
3096	{	3095	{
3097	}	3096	}


diff --git a/kernel/time/clocksource.c b/kernel/time/clocksource.c index 09113347d328..5e18c6ab2c6a 100644 --- a/kernel/time/clocksource.c +++ b/kernel/time/clocksource.c
@@ -394,15 +394,11 @@ void clocksource_resume(void)
394	{	394	{
395	struct clocksource *cs;	395	struct clocksource *cs;
396		396
397	mutex_lock(&clocksource_mutex);
398
399	list_for_each_entry(cs, &clocksource_list, list)	397	list_for_each_entry(cs, &clocksource_list, list)
400	if (cs->resume)	398	if (cs->resume)
401	cs->resume();	399	cs->resume();
402		400
403	clocksource_resume_watchdog();	401	clocksource_resume_watchdog();
404
405	mutex_unlock(&clocksource_mutex);
406	}	402	}
407		403
408	/**	404	/**


diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index a142579765bf..46592feab5a6 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c
@@ -1621,8 +1621,10 @@ ftrace_regex_open(struct inode inode, struct file file, int enable)
1621	if (!ret) {	1621	if (!ret) {
1622	struct seq_file *m = file->private_data;	1622	struct seq_file *m = file->private_data;
1623	m->private = iter;	1623	m->private = iter;
1624	} else	1624	} else {
		1625	trace_parser_put(&iter->parser);
1625	kfree(iter);	1626	kfree(iter);
		1627	}
1626	} else	1628	} else
1627	file->private_data = iter;	1629	file->private_data = iter;
1628	mutex_unlock(&ftrace_regex_lock);	1630	mutex_unlock(&ftrace_regex_lock);
@@ -2202,7 +2204,7 @@ ftrace_regex_write(struct file file, const char __user ubuf,
2202	struct trace_parser *parser;	2204	struct trace_parser *parser;
2203	ssize_t ret, read;	2205	ssize_t ret, read;
2204		2206
2205	if (!cnt \|\| cnt < 0)	2207	if (!cnt)
2206	return 0;	2208	return 0;
2207		2209
2208	mutex_lock(&ftrace_regex_lock);	2210	mutex_lock(&ftrace_regex_lock);
@@ -2216,7 +2218,7 @@ ftrace_regex_write(struct file file, const char __user ubuf,
2216	parser = &iter->parser;	2218	parser = &iter->parser;
2217	read = trace_get_user(parser, ubuf, cnt, ppos);	2219	read = trace_get_user(parser, ubuf, cnt, ppos);
2218		2220
2219	if (trace_parser_loaded(parser) &&	2221	if (read >= 0 && trace_parser_loaded(parser) &&
2220	!trace_parser_cont(parser)) {	2222	!trace_parser_cont(parser)) {
2221	ret = ftrace_process_regex(parser->buffer,	2223	ret = ftrace_process_regex(parser->buffer,
2222	parser->idx, enable);	2224	parser->idx, enable);
@@ -2552,8 +2554,7 @@ ftrace_graph_write(struct file file, const char __user ubuf,
2552	size_t cnt, loff_t *ppos)	2554	size_t cnt, loff_t *ppos)
2553	{	2555	{
2554	struct trace_parser parser;	2556	struct trace_parser parser;
2555	size_t read = 0;	2557	ssize_t read, ret;
2556	ssize_t ret;
2557		2558
2558	if (!cnt \|\| cnt < 0)	2559	if (!cnt \|\| cnt < 0)
2559	return 0;	2560	return 0;
@@ -2562,29 +2563,31 @@ ftrace_graph_write(struct file file, const char __user ubuf,
2562		2563
2563	if (ftrace_graph_count >= FTRACE_GRAPH_MAX_FUNCS) {	2564	if (ftrace_graph_count >= FTRACE_GRAPH_MAX_FUNCS) {
2564	ret = -EBUSY;	2565	ret = -EBUSY;
2565	goto out;	2566	goto out_unlock;
2566	}	2567	}
2567		2568
2568	if (trace_parser_get_init(&parser, FTRACE_BUFF_MAX)) {	2569	if (trace_parser_get_init(&parser, FTRACE_BUFF_MAX)) {
2569	ret = -ENOMEM;	2570	ret = -ENOMEM;
2570	goto out;	2571	goto out_unlock;
2571	}	2572	}
2572		2573
2573	read = trace_get_user(&parser, ubuf, cnt, ppos);	2574	read = trace_get_user(&parser, ubuf, cnt, ppos);
2574		2575
2575	if (trace_parser_loaded((&parser))) {	2576	if (read >= 0 && trace_parser_loaded((&parser))) {
2576	parser.buffer[parser.idx] = 0;	2577	parser.buffer[parser.idx] = 0;
2577		2578
2578	/* we allow only one expression at a time */	2579	/* we allow only one expression at a time */
2579	ret = ftrace_set_func(ftrace_graph_funcs, &ftrace_graph_count,	2580	ret = ftrace_set_func(ftrace_graph_funcs, &ftrace_graph_count,
2580	parser.buffer);	2581	parser.buffer);
2581	if (ret)	2582	if (ret)
2582	goto out;	2583	goto out_free;
2583	}	2584	}
2584		2585
2585	ret = read;	2586	ret = read;
2586	out:	2587
		2588	out_free:
2587	trace_parser_put(&parser);	2589	trace_parser_put(&parser);
		2590	out_unlock:
2588	mutex_unlock(&graph_lock);	2591	mutex_unlock(&graph_lock);
2589		2592
2590	return ret;	2593	return ret;


diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 411af37f4be4..45068269ebb1 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c
@@ -415,7 +415,7 @@ int trace_get_user(struct trace_parser parser, const char __user ubuf,
415		415
416	/* read the non-space input */	416	/* read the non-space input */
417	while (cnt && !isspace(ch)) {	417	while (cnt && !isspace(ch)) {
418	if (parser->idx < parser->size)	418	if (parser->idx < parser->size - 1)
419	parser->buffer[parser->idx++] = ch;	419	parser->buffer[parser->idx++] = ch;
420	else {	420	else {
421	ret = -EINVAL;	421	ret = -EINVAL;


diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 6f03c8a1105e..d128f65778e6 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c
@@ -232,10 +232,9 @@ ftrace_event_write(struct file file, const char __user ubuf,
232	size_t cnt, loff_t *ppos)	232	size_t cnt, loff_t *ppos)
233	{	233	{
234	struct trace_parser parser;	234	struct trace_parser parser;
235	size_t read = 0;	235	ssize_t read, ret;
236	ssize_t ret;
237		236
238	if (!cnt \|\| cnt < 0)	237	if (!cnt)
239	return 0;	238	return 0;
240		239
241	ret = tracing_update_buffers();	240	ret = tracing_update_buffers();
@@ -247,7 +246,7 @@ ftrace_event_write(struct file file, const char __user ubuf,
247		246
248	read = trace_get_user(&parser, ubuf, cnt, ppos);	247	read = trace_get_user(&parser, ubuf, cnt, ppos);
249		248
250	if (trace_parser_loaded((&parser))) {	249	if (read >= 0 && trace_parser_loaded((&parser))) {
251	int set = 1;	250	int set = 1;
252		251
253	if (*parser.buffer == '!')	252	if (*parser.buffer == '!')