From 73442daf2ea85e2a779396b76b1a39b10188ecb5 Mon Sep 17 00:00:00 2001 From: Jan Altenberg Date: Tue, 2 Sep 2008 14:36:05 -0700 Subject: rtc_time_to_tm: fix signed/unsigned arithmetic commit 945185a69daa457c4c5e46e47f4afad7dcea734f ("rtc: rtc_time_to_tm: use unsigned arithmetic") changed the some types in rtc_time_to_tm() to unsigned: void rtc_time_to_tm(unsigned long time, struct rtc_time *tm) { - register int days, month, year; + unsigned int days, month, year; This doesn't work for all cases, because days is checked for < 0 later on: if (days < 0) { year -= 1; days += 365 + LEAP_YEAR(year); } I think the correct fix would be to keep days signed and do an appropriate cast later on. Signed-off-by: Jan Altenberg Cc: Maciej W. Rozycki Cc: Alessandro Zummo Cc: David Brownell Cc: Dmitri Vorobiev Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/rtc/rtc-lib.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'drivers/rtc') diff --git a/drivers/rtc/rtc-lib.c b/drivers/rtc/rtc-lib.c index 9f996ec881c..dd70bf73ce9 100644 --- a/drivers/rtc/rtc-lib.c +++ b/drivers/rtc/rtc-lib.c @@ -51,10 +51,11 @@ EXPORT_SYMBOL(rtc_year_days); */ void rtc_time_to_tm(unsigned long time, struct rtc_time *tm) { - unsigned int days, month, year; + unsigned int month, year; + int days; days = time / 86400; - time -= days * 86400; + time -= (unsigned int) days * 86400; /* day of the week, 1970-01-01 was a Thursday */ tm->tm_wday = (days + 4) % 7; -- cgit v1.2.3-70-g09d2 From 74c4633da7994eddcfcd2762a448c6889cc2b5bd Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" Date: Tue, 2 Sep 2008 14:36:11 -0700 Subject: rtc-cmos: wake again from S5 Update rtc-cmos shutdown handling to leave RTC alarms active, resolving http://bugzilla.kernel.org/show_bug.cgi?id=11411 on several boards. There are still some systems where the ACPI event handling doesn't cooperate. (Possibly related to bugid 11312, reporting the spontaneous disabling of RTC events.) Bug 11411 reported that changes to work around some ACPI event issues broke wake-from-S5 handling, as used for DVR applications. (They like to power off, then wake later to record programs.) [yakui.zhao@intel.com: add shutdown for PNP devices] [dbrownell@users.sourceforge.net: update comments] Signed-off-by: Rafael J. Wysocki Signed-off-by: Zhao Yakui Signed-off-by: Zhang Rui Signed-off-by: David Brownell Cc: Stefan Bauer Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/rtc/rtc-cmos.c | 38 ++++++++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 6 deletions(-) (limited to 'drivers/rtc') diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c index 6ea349aba3b..b184367637d 100644 --- a/drivers/rtc/rtc-cmos.c +++ b/drivers/rtc/rtc-cmos.c @@ -800,7 +800,6 @@ static void __exit cmos_do_remove(struct device *dev) static int cmos_suspend(struct device *dev, pm_message_t mesg) { struct cmos_rtc *cmos = dev_get_drvdata(dev); - int do_wake = device_may_wakeup(dev); unsigned char tmp; /* only the alarm might be a wakeup event source */ @@ -809,7 +808,7 @@ static int cmos_suspend(struct device *dev, pm_message_t mesg) if (tmp & (RTC_PIE|RTC_AIE|RTC_UIE)) { unsigned char mask; - if (do_wake) + if (device_may_wakeup(dev)) mask = RTC_IRQMASK & ~RTC_AIE; else mask = RTC_IRQMASK; @@ -837,6 +836,17 @@ static int cmos_suspend(struct device *dev, pm_message_t mesg) return 0; } +/* We want RTC alarms to wake us from e.g. ACPI G2/S5 "soft off", even + * after a detour through G3 "mechanical off", although the ACPI spec + * says wakeup should only work from G1/S4 "hibernate". To most users, + * distinctions between S4 and S5 are pointless. So when the hardware + * allows, don't draw that distinction. + */ +static inline int cmos_poweroff(struct device *dev) +{ + return cmos_suspend(dev, PMSG_HIBERNATE); +} + static int cmos_resume(struct device *dev) { struct cmos_rtc *cmos = dev_get_drvdata(dev); @@ -884,6 +894,12 @@ static int cmos_resume(struct device *dev) #else #define cmos_suspend NULL #define cmos_resume NULL + +static inline int cmos_poweroff(struct device *dev) +{ + return -ENOSYS; +} + #endif /*----------------------------------------------------------------*/ @@ -903,10 +919,6 @@ static int cmos_resume(struct device *dev) static int __devinit cmos_pnp_probe(struct pnp_dev *pnp, const struct pnp_device_id *id) { - /* REVISIT paranoia argues for a shutdown notifier, since PNP - * drivers can't provide shutdown() methods to disable IRQs. - * Or better yet, fix PNP to allow those methods... - */ if (pnp_port_start(pnp,0) == 0x70 && !pnp_irq_valid(pnp,0)) /* Some machines contain a PNP entry for the RTC, but * don't define the IRQ. It should always be safe to @@ -942,6 +954,13 @@ static int cmos_pnp_resume(struct pnp_dev *pnp) #define cmos_pnp_resume NULL #endif +static void cmos_pnp_shutdown(struct device *pdev) +{ + if (system_state == SYSTEM_POWER_OFF && !cmos_poweroff(pdev)) + return; + + cmos_do_shutdown(); +} static const struct pnp_device_id rtc_ids[] = { { .id = "PNP0b00", }, @@ -961,6 +980,10 @@ static struct pnp_driver cmos_pnp_driver = { .flags = PNP_DRIVER_RES_DO_NOT_CHANGE, .suspend = cmos_pnp_suspend, .resume = cmos_pnp_resume, + .driver = { + .name = (char *)driver_name, + .shutdown = cmos_pnp_shutdown, + } }; #endif /* CONFIG_PNP */ @@ -986,6 +1009,9 @@ static int __exit cmos_platform_remove(struct platform_device *pdev) static void cmos_platform_shutdown(struct platform_device *pdev) { + if (system_state == SYSTEM_POWER_OFF && !cmos_poweroff(&pdev->dev)) + return; + cmos_do_shutdown(); } -- cgit v1.2.3-70-g09d2 From 2e4a75cdcb89ff53bb182dda3a6dcdc14befe007 Mon Sep 17 00:00:00 2001 From: Marcin Slusarz Date: Fri, 3 Oct 2008 15:23:36 -0700 Subject: rtc: fix kernel panic on second use of SIGIO nofitication When userspace uses SIGIO notification and forgets to disable it before closing file descriptor, rtc->async_queue contains stale pointer to struct file. When user space enables again SIGIO notification in different process, kernel dereferences this (poisoned) pointer and crashes. So disable SIGIO notification on close. Kernel panic: (second run of qemu (requires echo 1024 > /sys/class/rtc/rtc0/max_user_freq)) general protection fault: 0000 [1] PREEMPT CPU 0 Modules linked in: af_packet snd_pcm_oss snd_mixer_oss snd_seq_oss snd_seq_midi_event snd_seq usbhid tuner tea5767 tda8290 tuner_xc2028 xc5000 tda9887 tuner_simple tuner_types mt20xx tea5761 tda9875 uhci_hcd ehci_hcd usbcore bttv snd_via82xx snd_ac97_codec ac97_bus snd_pcm snd_timer ir_common compat_ioctl32 snd_page_alloc videodev v4l1_compat snd_mpu401_uart snd_rawmidi v4l2_common videobuf_dma_sg videobuf_core snd_seq_device snd btcx_risc soundcore tveeprom i2c_viapro Pid: 5781, comm: qemu-system-x86 Not tainted 2.6.27-rc6 #363 RIP: 0010:[] [] __lock_acquire+0x3db/0x73f RSP: 0000:ffffffff80674cb8 EFLAGS: 00010002 RAX: ffff8800224c62f0 RBX: 0000000000000046 RCX: 0000000000000002 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8800224c62f0 RBP: ffffffff80674d08 R08: 0000000000000002 R09: 0000000000000001 R10: ffffffff80238941 R11: 0000000000000001 R12: 0000000000000000 R13: 6b6b6b6b6b6b6b6b R14: ffff88003a450080 R15: 0000000000000000 FS: 00007f98b69516f0(0000) GS:ffffffff80623200(0000) knlGS:00000000f7cc86d0 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000a87000 CR3: 0000000022598000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process qemu-system-x86 (pid: 5781, threadinfo ffff880028812000, task ffff88003a450080) Stack: ffffffff80674cf8 0000000180238440 0000000200000002 0000000000000000 ffff8800224c62f0 0000000000000046 0000000000000000 0000000000000002 0000000000000002 0000000000000000 ffffffff80674d68 ffffffff8024fc7a Call Trace: [] lock_acquire+0x85/0xa9 [] ? send_sigio+0x2a/0x184 [] _read_lock+0x3e/0x4a [] ? send_sigio+0x2a/0x184 [] send_sigio+0x2a/0x184 [] ? __lock_acquire+0x6e1/0x73f [] ? kill_fasync+0x2c/0x4e [] __kill_fasync+0x54/0x65 [] kill_fasync+0x3a/0x4e [] rtc_update_irq+0x9c/0xa5 [] cmos_interrupt+0xae/0xc0 [] handle_IRQ_event+0x25/0x5a [] handle_edge_irq+0xdd/0x123 [] do_IRQ+0xe4/0x144 [] ret_from_intr+0x0/0xf [] ? __alloc_pages_internal+0xe7/0x3ad [] ? clear_page_c+0x7/0x10 [] ? get_page_from_freelist+0x385/0x450 [] ? __alloc_pages_internal+0xe7/0x3ad [] ? anon_vma_prepare+0x2e/0xf6 [] ? handle_mm_fault+0x227/0x6a5 [] ? do_page_fault+0x494/0x83f [] ? error_exit+0x0/0xa9 Code: cc 41 39 45 28 74 24 e8 5e 1d 0f 00 85 c0 0f 84 6a 03 00 00 83 3d 8f a9 aa 00 00 be 47 03 00 00 0f 84 6a 02 00 00 e9 53 03 00 00 <41> ff 85 38 01 00 00 45 8b be 90 06 00 00 41 83 ff 2f 76 24 e8 RIP [] __lock_acquire+0x3db/0x73f RSP ---[ end trace 431877d860448760 ]--- Kernel panic - not syncing: Aiee, killing interrupt handler! Signed-off-by: Marcin Slusarz Acked-by: Alessandro Zummo Acked-by: David Brownell Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/rtc/rtc-dev.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'drivers/rtc') diff --git a/drivers/rtc/rtc-dev.c b/drivers/rtc/rtc-dev.c index f118252f3a9..52e2743b04e 100644 --- a/drivers/rtc/rtc-dev.c +++ b/drivers/rtc/rtc-dev.c @@ -422,6 +422,12 @@ done: return err; } +static int rtc_dev_fasync(int fd, struct file *file, int on) +{ + struct rtc_device *rtc = file->private_data; + return fasync_helper(fd, file, on, &rtc->async_queue); +} + static int rtc_dev_release(struct inode *inode, struct file *file) { struct rtc_device *rtc = file->private_data; @@ -434,16 +440,13 @@ static int rtc_dev_release(struct inode *inode, struct file *file) if (rtc->ops->release) rtc->ops->release(rtc->dev.parent); + if (file->f_flags & FASYNC) + rtc_dev_fasync(-1, file, 0); + clear_bit_unlock(RTC_DEV_BUSY, &rtc->flags); return 0; } -static int rtc_dev_fasync(int fd, struct file *file, int on) -{ - struct rtc_device *rtc = file->private_data; - return fasync_helper(fd, file, on, &rtc->async_queue); -} - static const struct file_operations rtc_dev_fops = { .owner = THIS_MODULE, .llseek = no_llseek, -- cgit v1.2.3-70-g09d2