Commits on Nov 16, 2011
  1. cpufreq: interactive governor: go to intermediate hi speed before max

    toddpoynor authored and renaudallard committed Nov 9, 2011
    * Add attribute hispeed_freq, which defaults to max.
    * Rename go_maxspeed_load to go_hispeed_load.
    * If hit go_hispeed_load and at min speed, go to hispeed_freq;
      if hit go_hispeed_load and already above min speed go to max
    Change-Id: I1050dec5f013fc1177387352ba787a7e1c68703e
    Signed-off-by: Todd Poynor <>
  2. cpufreq: interactive governor: scale to max only if at min speed

    toddpoynor authored and renaudallard committed Nov 4, 2011
    Change-Id: Ieffb2aa56b5290036285c948718be7be0d3af9e8
    Signed-off-by: Todd Poynor <>
  3. cpufreq: interactive governor: apply intermediate load on current speed

    toddpoynor authored and renaudallard committed Oct 28, 2011
    Calculate intermediate speed by applyng CPU load to current speed, not
    max speed.
    Change-Id: Idecf598b9a203b07c989c5d9e9c6efc67a1afc2e
    Signed-off-by: Todd Poynor <>
  4. input: gpio_input: don't print debounce message unless flag is set

    Dima Zavin authored and renaudallard committed Nov 8, 2011
    Change-Id: I29ccb32e795c5c3e4c51c3d3a209f5b55dfd7d94
    Signed-off-by: Dima Zavin <>
  5. net: wireless: bcm4329: Skip dhd_bus_stop() if bus is already down

    Dmitry Shmidt authored and renaudallard committed Nov 4, 2011
    Signed-off-by: Dmitry Shmidt <>
  6. net: wireless: bcmdhd: Skip dhd_bus_stop() if bus is already down

    Dmitry Shmidt authored and renaudallard committed Nov 4, 2011
    Signed-off-by: Dmitry Shmidt <>
  7. net: wireless: bcmdhd: Improve suspend/resume processing

    Dmitry Shmidt authored and renaudallard committed Nov 2, 2011
    Signed-off-by: Dmitry Shmidt <>
  8. net: wireless: bcmdhd: Check if FW is Ok for internal FW call

    Dmitry Shmidt authored and renaudallard committed Nov 2, 2011
    Signed-off-by: Dmitry Shmidt <>
  9. tcp: Don't nuke connections for the wrong protocol

    lcolitti authored and renaudallard committed Nov 4, 2011
    Currently, calling tcp_nuke_addr to reset IPv6 connections
    resets IPv4 connections as well, because all Android
    framework sockets are dual-stack (i.e., IPv6) sockets, and
    we don't check the source address to see if the connection
    was in fact an IPv4 connection.
    Fix this by checking the source address and not resetting
    the connection if it's a mapped address.
    Also slightly tweak the IPv4 code path, which doesn't check
    for mapped addresses either. This was not causing any
    problems because tcp_is_local normally always returns true
    for LOOPBACK4_IPV6 (, because the loopback
    interface is configured as as However,
    checking explicitly for LOOPBACK4_IPV6 makes the code a bit
    more robust.
    Bug: 5535055
    Change-Id: I4d6ed3497c5b8643c864783cf681f088cf6b8d2a
    Signed-off-by: Lorenzo Colitti <>
  10. net: wireless: Skip connect warning for CONFIG_CFG80211_ALLOW_RECONNECT

    Dmitry Shmidt authored and renaudallard committed Oct 28, 2011
    Signed-off-by: Dmitry Shmidt <>
  11. mm: avoid livelock on !__GFP_FS allocations

    Mel Gorman authored and renaudallard committed Oct 24, 2011
    Under the following conditions, __alloc_pages_slowpath can loop
    gfp_mask & __GFP_WAIT is true
    gfp_mask & __GFP_FS is false
    reclaim and compaction make no progress
    The gfp conditions are normally invalid, because !__GFP_FS
    disables most of the reclaim methods that __GFP_WAIT would
    wait for.  However, these conditions happen very often during
    suspend and resume, when pm_restrict_gfp_mask() effectively
    converts all GFP_KERNEL allocations into __GFP_WAIT.
    The oom killer is not run because gfp_mask & __GFP_FS is false,
    but should_alloc_retry will always return true when order is less
    than PAGE_ALLOC_COSTLY_ORDER.  __alloc_pages_slowpath will
    loop forever between the rebalance label and should_alloc_retry,
    unless another thread happens to release enough pages to satisfy
    the allocation.
    Add a check to detect when PM has disabled __GFP_FS, and do not
    retry if reclaim is not making any progress.
    [taken from patch on lkml by Mel Gorman, commit message by ccross]
    Change-Id: I864a24e9d9fd98bd0e3d6e9c1e85b6c1b766850e
    Signed-off-by: Colin Cross <>
  12. net: wireless: bcm4329: Prohibit FW access in case of FW crash

    Dmitry Shmidt authored and renaudallard committed Oct 26, 2011
    Signed-off-by: Dmitry Shmidt <>
  13. net: wireless: bcmdhd: Adjust scan parameters for wl_cfg80211_connect()

    Dmitry Shmidt authored and renaudallard committed Oct 26, 2011
    Signed-off-by: Dmitry Shmidt <>
  14. net: wireless: bcmdhd: Update to version

    Dmitry Shmidt authored and renaudallard committed Oct 25, 2011
    - Fix WFD interface removal
    - Fix profile update
    - Keep same mode for softap or WFD during early suspend
    - Add dhd_console_ms parameter access
    Signed-off-by: Dmitry Shmidt <>
  15. Linux 3.0.8

    gregkh authored and renaudallard committed Oct 25, 2011
  16. crypto: ghash - Avoid null pointer dereference if no key is set

    Nick Bowler authored and renaudallard committed Oct 20, 2011
    commit 7ed47b7 upstream.
    The ghash_update function passes a pointer to gf128mul_4k_lle which will
    be NULL if ghash_setkey is not called or if the most recent call to
    ghash_setkey failed to allocate memory.  This causes an oops.  Fix this
    up by returning an error code in the null case.
    This is trivially triggered from unprivileged userspace through the
    AF_ALG interface by simply writing to the socket without setting a key.
    The ghash_final function has a similar issue, but triggering it requires
    a memory allocation failure in ghash_setkey _after_ at least one
    successful call to ghash_update.
      BUG: unable to handle kernel NULL pointer dereference at 00000670
      IP: [<d88c92d4>] gf128mul_4k_lle+0x23/0x60 [gf128mul]
      *pde = 00000000
      Oops: 0000 [#1] PREEMPT SMP
      Modules linked in: ghash_generic gf128mul algif_hash af_alg nfs lockd nfs_acl sunrpc bridge ipv6 stp llc
      Pid: 1502, comm: hashatron Tainted: G        W   3.1.0-rc9-00085-ge9308cf #32 Bochs Bochs
      EIP: 0060:[<d88c92d4>] EFLAGS: 00000202 CPU: 0
      EIP is at gf128mul_4k_lle+0x23/0x60 [gf128mul]
      EAX: d69db1f0 EBX: d6b8ddac ECX: 00000004 EDX: 00000000
      ESI: 00000670 EDI: d6b8ddac EBP: d6b8ddc8 ESP: d6b8dda4
       DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
      Process hashatron (pid: 1502, ti=d6b8c000 task=d6810000 task.ti=d6b8c000)
       00000000 d69db1f0 00000163 00000000 d6b8ddc8 c101a520 d69db1f0 d52aa000
       00000ff0 d6b8dde8 d88d310f d6b8a3f8 d52aa000 00001000 d88d502c d6b8ddfc
       00001000 d6b8ddf4 c11676ed d69db1e8 d6b8de24 c11679ad d52aa000 00000000
      Call Trace:
       [<c101a520>] ? kmap_atomic_prot+0x37/0xa6
       [<d88d310f>] ghash_update+0x85/0xbe [ghash_generic]
       [<c11676ed>] crypto_shash_update+0x18/0x1b
       [<c11679ad>] shash_ahash_update+0x22/0x36
       [<c11679cc>] shash_async_update+0xb/0xd
       [<d88ce0ba>] hash_sendpage+0xba/0xf2 [algif_hash]
       [<c121b24c>] kernel_sendpage+0x39/0x4e
       [<d88ce000>] ? 0xd88cdfff
       [<c121b298>] sock_sendpage+0x37/0x3e
       [<c121b261>] ? kernel_sendpage+0x4e/0x4e
       [<c10b4dbc>] pipe_to_sendpage+0x56/0x61
       [<c10b4e1f>] splice_from_pipe_feed+0x58/0xcd
       [<c10b4d66>] ? splice_from_pipe_begin+0x10/0x10
       [<c10b51f5>] __splice_from_pipe+0x36/0x55
       [<c10b4d66>] ? splice_from_pipe_begin+0x10/0x10
       [<c10b6383>] splice_from_pipe+0x51/0x64
       [<c10b63c2>] ? default_file_splice_write+0x2c/0x2c
       [<c10b63d5>] generic_splice_sendpage+0x13/0x15
       [<c10b4d66>] ? splice_from_pipe_begin+0x10/0x10
       [<c10b527f>] do_splice_from+0x5d/0x67
       [<c10b6865>] sys_splice+0x2bf/0x363
       [<c129373b>] ? sysenter_exit+0xf/0x16
       [<c104dc1e>] ? trace_hardirqs_on_caller+0x10e/0x13f
       [<c129370c>] sysenter_do_call+0x12/0x32
      Code: 83 c4 0c 5b 5e 5f c9 c3 55 b9 04 00 00 00 89 e5 57 8d 7d e4 56 53 8d 5d e4 83 ec 18 89 45 e0 89 55 dc 0f b6 70 0f c1 e6 04 01 d6 <f3> a5 be 0f 00 00 00 4e 89 d8 e8 48 ff ff ff 8b 45 e0 89 da 0f
      EIP: [<d88c92d4>] gf128mul_4k_lle+0x23/0x60 [gf128mul] SS:ESP 0068:d6b8dda4
      CR2: 0000000000000670
      ---[ end trace 4eaa2a86a8e2da24 ]---
      note: hashatron[1502] exited with preempt_count 1
      BUG: scheduling while atomic: hashatron/1502/0x10000002
      INFO: lockdep is turned off.
    Signed-off-by: Nick Bowler <>
    Signed-off-by: Herbert Xu <>
    Signed-off-by: Greg Kroah-Hartman <>
  17. mm: fix race between mremap and removing migration entry

    Hugh Dickins authored and renaudallard committed Oct 19, 2011
    commit 486cf46 upstream.
    I don't usually pay much attention to the stale "? " addresses in
    stack backtraces, but this lucky report from Pawel Sikora hints that
    mremap's move_ptes() has inadequate locking against page migration.
     3.0 BUG_ON(!PageLocked(p)) in migration_entry_to_page():
     kernel BUG at include/linux/swapops.h:105!
     RIP: 0010:[<ffffffff81127b76>]  [<ffffffff81127b76>]
      [<ffffffff811016a1>] handle_pte_fault+0xae1/0xaf0
      [<ffffffff810feee2>] ? __pte_alloc+0x42/0x120
      [<ffffffff8112c26b>] ? do_huge_pmd_anonymous_page+0xab/0x310
      [<ffffffff81102a31>] handle_mm_fault+0x181/0x310
      [<ffffffff81106097>] ? vma_adjust+0x537/0x570
      [<ffffffff81424bed>] do_page_fault+0x11d/0x4e0
      [<ffffffff81109a05>] ? do_mremap+0x2d5/0x570
      [<ffffffff81421d5f>] page_fault+0x1f/0x30
    mremap's down_write of mmap_sem, together with i_mmap_mutex or lock,
    and pagetable locks, were good enough before page migration (with its
    requirement that every migration entry be found) came in, and enough
    while migration always held mmap_sem; but not enough nowadays, when
    there's memory hotremove and compaction.
    The danger is that move_ptes() lets a migration entry dodge around
    behind remove_migration_pte()'s back, so it's in the old location when
    looking at the new, then in the new location when looking at the old.
    Either mremap's move_ptes() must additionally take anon_vma lock(), or
    migration's remove_migration_pte() must stop peeking for is_swap_entry()
    before it takes pagetable lock.
    Consensus chooses the latter: we prefer to add overhead to migration
    than to mremapping, which gets used by JVMs and by exec stack setup.
    Reported-and-tested-by: Paweł Sikora <>
    Signed-off-by: Hugh Dickins <>
    Acked-by: Andrea Arcangeli <>
    Acked-by: Mel Gorman <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  18. CIFS: Fix ERR_PTR dereference in cifs_get_root

    piastry authored and renaudallard committed Aug 21, 2011
    commit 5b980b0 upstream.
    move it to the beginning of the loop.
    Signed-off-by: Pavel Shilovsky <>
    Reviewed-by: Jeff Layton <>
    Signed-off-by: Steve French <>
    Cc: Josh Boyer <>
    Signed-off-by: Greg Kroah-Hartman <>
  19. fuse: fix memory leak

    Miklos Szeredi authored and renaudallard committed Sep 12, 2011
    commit 5dfcc87 upstream.
    kmemleak is reporting that 32 bytes are being leaked by FUSE:
      unreferenced object 0xe373b270 (size 32):
      comm "fusermount", pid 1207, jiffies 4294707026 (age 2675.187s)
      hex dump (first 32 bytes):
        01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        [<b05517d7>] kmemleak_alloc+0x27/0x50
        [<b0196435>] kmem_cache_alloc+0xc5/0x180
        [<b02455be>] fuse_alloc_forget+0x1e/0x20
        [<b0245670>] fuse_alloc_inode+0xb0/0xd0
        [<b01b1a8c>] alloc_inode+0x1c/0x80
        [<b01b290f>] iget5_locked+0x8f/0x1a0
        [<b0246022>] fuse_iget+0x72/0x1a0
        [<b02461da>] fuse_get_root_inode+0x8a/0x90
        [<b02465cf>] fuse_fill_super+0x3ef/0x590
        [<b019e56f>] mount_nodev+0x3f/0x90
        [<b0244e95>] fuse_mount+0x15/0x20
        [<b019d1bc>] mount_fs+0x1c/0xc0
        [<b01b5811>] vfs_kern_mount+0x41/0x90
        [<b01b5af9>] do_kern_mount+0x39/0xd0
        [<b01b7585>] do_mount+0x2e5/0x660
        [<b01b7966>] sys_mount+0x66/0xa0
    This leak report is consistent and happens once per boot on
    This happens if a FORGET request is queued after the fuse device was
    Reported-by: Sitsofe Wheeler <>
    Signed-off-by: Miklos Szeredi <>
    Tested-by: Sitsofe Wheeler <>
    Signed-off-by: Linus Torvalds <>
    Cc: Josh Boyer <>
    Signed-off-by: Greg Kroah-Hartman <>
  20. Avoid using variable-length arrays in kernel/sys.c

    torvalds authored and renaudallard committed Oct 17, 2011
    commit a84a79e upstream.
    The size is always valid, but variable-length arrays generate worse code
    for no good reason (unless the function happens to be inlined and the
    compiler sees the length for the simple constant it is).
    Also, there seems to be some code generation problem on POWER, where
    Henrik Bakken reports that register r28 can get corrupted under some
    subtle circumstances (interrupt happening at the wrong time?).  That all
    indicates some seriously broken compiler issues, but since variable
    length arrays are bad regardless, there's little point in trying to
    chase it down.
    "Just don't do that, then".
    Reported-by: Henrik Grindal Bakken <>
    Cc: Benjamin Herrenschmidt <>
    Signed-off-by: Linus Torvalds <>
    Signed-off-by: Greg Kroah-Hartman <>
  21. hwmon: (w83627ehf) Properly report thermal diode sensors

    Jean Delvare authored and renaudallard committed Oct 13, 2011
    commit bf164c5 upstream.
    The w83627ehf driver is improperly reporting thermal diode sensors as
    type 2, instead of 3. This caused "sensors" and possibly other
    monitoring tools to report these sensors as "transistor" instead of
    "thermal diode".
    Furthermore, diode subtype selection (CPU vs. external) is only
    supported by the original W83627EHF/EHG. All later models only support
    CPU diode type, and some (NCT6776F) don't even have the register in
    question so we should avoid reading from it.
    Signed-off-by: Jean Delvare <>
    Signed-off-by: Guenter Roeck <>
    Signed-off-by: Greg Kroah-Hartman <>
  22. net: wireless: bcmdhd: Fix crash in p2p OFF

    Dmitry Shmidt authored and renaudallard committed Oct 20, 2011
    Signed-off-by: Dmitry Shmidt <>
  23. power: cpufreq interactive governor: use default sample time 20ms

    toddpoynor authored and renaudallard committed Oct 19, 2011
    Lower the default time at which a higher speed is allowed to run
    before lowering based on lower CPU load from 80ms to 20ms.  Most
    Android devices should trade power for performance here,
    although tablets and non-battery-powered devices may want to
    override this default.
    Change-Id: I1a4f7faeca12793c51d5b92db30a63cca8d4f1be
    Signed-off-by: Todd Poynor <>
  24. net: wireless: bcmdhd: Add wake_lock to dhd_open() and dhd_stop()

    Dmitry Shmidt authored and renaudallard committed Oct 19, 2011
    Signed-off-by: Dmitry Shmidt <>
  25. net: wireless: bcmdhd: Fix bssid profile update

    Dmitry Shmidt authored and renaudallard committed Oct 19, 2011
    Signed-off-by: Dmitry Shmidt <>
  26. net: wireless: Fix CFG80211_ALLOW_RECONNECT option for disconnect

    Dmitry Shmidt authored and renaudallard committed Oct 18, 2011
    Signed-off-by: Dmitry Shmidt <>
  27. cpufreq: interactive governor: default timer 10ms, maxspeed load 95%

    toddpoynor authored and renaudallard committed Oct 17, 2011
    Modify default timer from 30ms to 10ms, sampling 2 jiffies after
    idle exit on ARM as in Honeycomb.
    Modify default go_maxspeed_load from 85% loaded to 95% loaded, for
    use in phones where power savings is more important (tablets may be
    best served overriding this).
    Change-Id: I3361a6279979bfae1df5262666a2e30ea7a44328
    Signed-off-by: Todd Poynor <>
  28. net: wireless: bcmdhd: Add proper cleaning for ap_info structure

    Dmitry Shmidt authored and renaudallard committed Oct 17, 2011
    Signed-off-by: Dmitry Shmidt <>
  29. net: wireless: bcmdhd: Send cfg80211_disconnected() if fails to get rssi

    Dmitry Shmidt authored and renaudallard committed Oct 17, 2011
    Signed-off-by: Dmitry Shmidt <>
  30. Linux 3.0.7

    gregkh authored and renaudallard committed Oct 16, 2011
  31. ipv6: fix NULL dereference in udp6_ufo_fragment()

    jasowang authored and renaudallard committed Oct 9, 2011
    This patch fixes the issue caused by ef81bb4
    which is a backport of upstream 87c48fa. The
    problem does not exist in upstream.
    We do not check whether route is attached before trying to assign ip
    identification through route dest which lead NULL pointer dereference. This
    happens when host bridge transmit a packet from guest.
    This patch changes ipv6_select_ident() to accept in6_addr as its paramter and
    fix the issue by using the destination address in ipv6 header when no route is
    Signed-off-by: Jason Wang <>
    Acked-by: David S. Miller <>
    Signed-off-by: Greg Kroah-Hartman <>
  32. exec: do not call request_module() twice from search_binary_handler()

    Tetsuo Handa authored and renaudallard committed Jul 26, 2011
    commit 9121935 upstream.
    Currently, search_binary_handler() tries to load binary loader module
    using request_module() if a loader for the requested program is not yet
    loaded.  But second attempt of request_module() does not affect the result
    of search_binary_handler().
    If request_module() triggered recursion, calling request_module() twice
    causes 2 to the power of MAX_KMOD_CONCURRENT (= 50) repetitions.  It is
    not an infinite loop but is sufficient for users to consider as a hang up.
    Therefore, this patch changes not to call request_module() twice, making 1
    to the power of MAX_KMOD_CONCURRENT repetitions in case of recursion.
    Signed-off-by: Tetsuo Handa <>
    Reported-by: Richard Weinberger <>
    Tested-by: Richard Weinberger <>
    Cc: Al Viro <>
    Signed-off-by: Andrew Morton <>
    Cc: Maxim Uvarov <>
    Signed-off-by: Linus Torvalds <>
  33. dm table: avoid crash if integrity profile changes

    snitm authored and renaudallard committed Sep 25, 2011
    commit 876fbba upstream.
    Commit a63a5cf (dm: improve block integrity support) introduced a
    two-phase initialization of a DM device's integrity profile.  This
    patch avoids dereferencing a NULL 'template_disk' pointer in
    blk_integrity_register() if there is an integrity profile mismatch in
    This can occur if the integrity profiles for stacked devices in a DM
    table are changed between the call to dm_table_prealloc_integrity() and
    Reported-by: Zdenek Kabelac <>
    Signed-off-by: Mike Snitzer <>
    Signed-off-by: Alasdair G Kergon <>
    Signed-off-by: Greg Kroah-Hartman <>
  34. md: Avoid waking up a thread after it has been freed.

    neilbrown authored and renaudallard committed Sep 21, 2011
    commit 01f96c0 upstream.
    Two related problems:
    1/ some error paths call "md_unregister_thread(mddev->thread)"
       without subsequently clearing ->thread.  A subsequent call
       to mddev_unlock will try to wake the thread, and crash.
    2/ Most calls to md_wakeup_thread are protected against the thread
       disappeared either by:
          - holding the ->mutex
          - having an active request, so something else must be keeping
            the array active.
       However mddev_unlock calls md_wakeup_thread after dropping the
       mutex and without any certainty of an active request, so the
       ->thread could theoretically disappear.
       So we need a spinlock to provide some protections.
    So change md_unregister_thread to take a pointer to the thread
    pointer, and ensure that it always does the required locking, and
    clears the pointer properly.
    Reported-by: "Moshe Melnikov" <>
    Signed-off-by: NeilBrown <>
    Signed-off-by: Greg Kroah-Hartman <>
  35. posix-cpu-timers: Cure SMP wobbles

    Peter Zijlstra authored and renaudallard committed Sep 1, 2011
    commit d670ec1 upstream.
    David reported:
      Attached below is a watered-down version of rt/tst-cpuclock2.c from
      GLIBC.  Just build it with "gcc -o test test.c -lpthread -lrt" or
      Run it several times, and you will see cases where the main thread
      will measure a process clock difference before and after the nanosleep
      which is smaller than the cpu-burner thread's individual thread clock
      difference.  This doesn't make any sense since the cpu-burner thread
      is part of the top-level process's thread group.
      I've reproduced this on both x86-64 and sparc64 (using both 32-bit and
      64-bit binaries).
      For example:
      [davem@boricha build-x86_64-linux]$ ./test
      process: before(0.001221967) after(0.498624371) diff(497402404)
      thread:  before(0.000081692) after(0.498316431) diff(498234739)
      self:    before(0.001223521) after(0.001240219) diff(16698)
      [davem@boricha build-x86_64-linux]$
      The diff of 'process' should always be >= the diff of 'thread'.
      I make sure to wrap the 'thread' clock measurements the most tightly
      around the nanosleep() call, and that the 'process' clock measurements
      are the outer-most ones.
      #include <unistd.h>
      #include <stdio.h>
      #include <stdlib.h>
      #include <time.h>
      #include <fcntl.h>
      #include <string.h>
      #include <errno.h>
      #include <pthread.h>
      static pthread_barrier_t barrier;
      static void *chew_cpu(void *arg)
    	  while (1)
    		  __asm__ __volatile__("" : : : "memory");
    	  return NULL;
      int main(void)
    	  clockid_t process_clock, my_thread_clock, th_clock;
    	  struct timespec process_before, process_after;
    	  struct timespec me_before, me_after;
    	  struct timespec th_before, th_after;
    	  struct timespec sleeptime;
    	  unsigned long diff;
    	  pthread_t th;
    	  int err;
    	  err = clock_getcpuclockid(0, &process_clock);
    	  if (err)
    		  return 1;
    	  err = pthread_getcpuclockid(pthread_self(), &my_thread_clock);
    	  if (err)
    		  return 1;
    	  pthread_barrier_init(&barrier, NULL, 2);
    	  err = pthread_create(&th, NULL, chew_cpu, NULL);
    	  if (err)
    		  return 1;
    	  err = pthread_getcpuclockid(th, &th_clock);
    	  if (err)
    		  return 1;
    	  err = clock_gettime(process_clock, &process_before);
    	  if (err)
    		  return 1;
    	  err = clock_gettime(my_thread_clock, &me_before);
    	  if (err)
    		  return 1;
    	  err = clock_gettime(th_clock, &th_before);
    	  if (err)
    		  return 1;
    	  sleeptime.tv_sec = 0;
    	  sleeptime.tv_nsec = 500000000;
    	  nanosleep(&sleeptime, NULL);
    	  err = clock_gettime(th_clock, &th_after);
    	  if (err)
    		  return 1;
    	  err = clock_gettime(my_thread_clock, &me_after);
    	  if (err)
    		  return 1;
    	  err = clock_gettime(process_clock, &process_after);
    	  if (err)
    		  return 1;
    	  diff = process_after.tv_nsec - process_before.tv_nsec;
    	  printf("process: before(%lu.%.9lu) after(%lu.%.9lu) diff(%lu)\n",
    		 process_before.tv_sec, process_before.tv_nsec,
    		 process_after.tv_sec, process_after.tv_nsec, diff);
    	  diff = th_after.tv_nsec - th_before.tv_nsec;
    	  printf("thread:  before(%lu.%.9lu) after(%lu.%.9lu) diff(%lu)\n",
    		 th_before.tv_sec, th_before.tv_nsec,
    		 th_after.tv_sec, th_after.tv_nsec, diff);
    	  diff = me_after.tv_nsec - me_before.tv_nsec;
    	  printf("self:    before(%lu.%.9lu) after(%lu.%.9lu) diff(%lu)\n",
    		 me_before.tv_sec, me_before.tv_nsec,
    		 me_after.tv_sec, me_after.tv_nsec, diff);
    	  return 0;
    This is due to us using p->se.sum_exec_runtime in
    thread_group_cputime() where we iterate the thread group and sum all
    data. This does not take time since the last schedule operation (tick
    or otherwise) into account. We can cure this by using
    task_sched_runtime() at the cost of having to take locks.
    This also means we can (and must) do away with
    thread_group_sched_runtime() since the modified thread_group_cputime()
    is now more accurate and would deadlock when called from
    Aside of that it makes the function safe on 32 bit systems. The old
    code added t->se.sum_exec_runtime unprotected. sum_exec_runtime is a
    64bit value and could be changed on another cpu at the same time.
    Reported-by: David Miller <>
    Signed-off-by: Peter Zijlstra <>
    Tested-by: David Miller <>
    Signed-off-by: Thomas Gleixner <>
    Signed-off-by: Greg Kroah-Hartman <>