From: Heiko Carstens <heiko.carstens@de.ibm.com>

If a cpu hotplug callback fails on CPU_UP_PREPARE, all callbacks will be
called with CPU_UP_CANCELED.  A few of these callbacks assume that on
CPU_UP_PREPARE a pointer to task has been stored in a percpu array.  This
assumption is not true if CPU_UP_PREPARE fails and the following calls to
kthread_bind() in CPU_UP_CANCELED will cause an addressing exception
because of passing a NULL pointer.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Ashok Raj <ashok.raj@intel.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 kernel/sched.c      |    2 ++
 kernel/softirq.c    |    2 ++
 kernel/softlockup.c |    2 ++
 kernel/workqueue.c  |    2 ++
 4 files changed, 8 insertions(+)

diff -puN kernel/sched.c~cpu-hotplug-fix-cpu_up_cancel-handling kernel/sched.c
--- a/kernel/sched.c~cpu-hotplug-fix-cpu_up_cancel-handling
+++ a/kernel/sched.c
@@ -4754,6 +4754,8 @@ static int migration_call(struct notifie
 		break;
 #ifdef CONFIG_HOTPLUG_CPU
 	case CPU_UP_CANCELED:
+		if (!cpu_rq(cpu)->migration_thread)
+			break;
 		/* Unbind it from offline cpu so it can run.  Fall thru. */
 		kthread_bind(cpu_rq(cpu)->migration_thread,
 			     any_online_cpu(cpu_online_map));
diff -puN kernel/softirq.c~cpu-hotplug-fix-cpu_up_cancel-handling kernel/softirq.c
--- a/kernel/softirq.c~cpu-hotplug-fix-cpu_up_cancel-handling
+++ a/kernel/softirq.c
@@ -470,6 +470,8 @@ static int cpu_callback(struct notifier_
 		break;
 #ifdef CONFIG_HOTPLUG_CPU
 	case CPU_UP_CANCELED:
+		if (!per_cpu(ksoftirqd, hotcpu))
+			break;
 		/* Unbind so it can run.  Fall thru. */
 		kthread_bind(per_cpu(ksoftirqd, hotcpu),
 			     any_online_cpu(cpu_online_map));
diff -puN kernel/softlockup.c~cpu-hotplug-fix-cpu_up_cancel-handling kernel/softlockup.c
--- a/kernel/softlockup.c~cpu-hotplug-fix-cpu_up_cancel-handling
+++ a/kernel/softlockup.c
@@ -127,6 +127,8 @@ cpu_callback(struct notifier_block *nfb,
 		break;
 #ifdef CONFIG_HOTPLUG_CPU
 	case CPU_UP_CANCELED:
+		if (!per_cpu(watchdog_task, hotcpu))
+			break;
 		/* Unbind so it can run.  Fall thru. */
 		kthread_bind(per_cpu(watchdog_task, hotcpu),
 			     any_online_cpu(cpu_online_map));
diff -puN kernel/workqueue.c~cpu-hotplug-fix-cpu_up_cancel-handling kernel/workqueue.c
--- a/kernel/workqueue.c~cpu-hotplug-fix-cpu_up_cancel-handling
+++ a/kernel/workqueue.c
@@ -590,6 +590,8 @@ static int workqueue_cpu_callback(struct
 
 	case CPU_UP_CANCELED:
 		list_for_each_entry(wq, &workqueues, list) {
+			if (!per_cpu_ptr(wq->cpu_wq, hotcpu)->thread)
+				continue;
 			/* Unbind so it can run. */
 			kthread_bind(per_cpu_ptr(wq->cpu_wq, hotcpu)->thread,
 				     any_online_cpu(cpu_online_map));
_