--- /dev/null
+From b255188f90e2bade1bd11a986dd1ca4861869f4d Mon Sep 17 00:00:00 2001
+From: Russell King <rmk+kernel@arm.linux.org.uk>
+Date: Mon, 25 Feb 2013 16:10:42 +0000
+Subject: ARM: fix scheduling while atomic warning in alignment handling code
+
+From: Russell King <rmk+kernel@arm.linux.org.uk>
+
+commit b255188f90e2bade1bd11a986dd1ca4861869f4d upstream.
+
+Paolo Pisati reports that IPv6 triggers this warning:
+
+BUG: scheduling while atomic: swapper/0/0/0x40000100
+Modules linked in:
+[<c001b1c4>] (unwind_backtrace+0x0/0xf0) from [<c0503c5c>] (__schedule_bug+0x48/0x5c)
+[<c0503c5c>] (__schedule_bug+0x48/0x5c) from [<c0508608>] (__schedule+0x700/0x740)
+[<c0508608>] (__schedule+0x700/0x740) from [<c007007c>] (__cond_resched+0x24/0x34)
+[<c007007c>] (__cond_resched+0x24/0x34) from [<c05086dc>] (_cond_resched+0x3c/0x44)
+[<c05086dc>] (_cond_resched+0x3c/0x44) from [<c0021f6c>] (do_alignment+0x178/0x78c)
+[<c0021f6c>] (do_alignment+0x178/0x78c) from [<c00083e0>] (do_DataAbort+0x34/0x98)
+[<c00083e0>] (do_DataAbort+0x34/0x98) from [<c0509a60>] (__dabt_svc+0x40/0x60)
+Exception stack(0xc0763d70 to 0xc0763db8)
+3d60: e97e805e e97e806e 2c000000 11000000
+3d80: ea86bb00 0000002c 00000011 e97e807e c076d2a8 e97e805e e97e806e 0000002c
+3da0: 3d000000 c0763dbc c04b98fc c02a8490 00000113 ffffffff
+[<c0509a60>] (__dabt_svc+0x40/0x60) from [<c02a8490>] (__csum_ipv6_magic+0x8/0xc8)
+
+Fix this by using probe_kernel_address() stead of __get_user().
+
+Reported-by: Paolo Pisati <p.pisati@gmail.com>
+Tested-by: Paolo Pisati <p.pisati@gmail.com>
+Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/mm/alignment.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+--- a/arch/arm/mm/alignment.c
++++ b/arch/arm/mm/alignment.c
+@@ -721,7 +721,6 @@ do_alignment(unsigned long addr, unsigne
+ unsigned long instr = 0, instrptr;
+ int (*handler)(unsigned long addr, unsigned long instr, struct pt_regs *regs);
+ unsigned int type;
+- mm_segment_t fs;
+ unsigned int fault;
+ u16 tinstr = 0;
+ int isize = 4;
+@@ -729,16 +728,15 @@ do_alignment(unsigned long addr, unsigne
+
+ instrptr = instruction_pointer(regs);
+
+- fs = get_fs();
+- set_fs(KERNEL_DS);
+ if (thumb_mode(regs)) {
+- fault = __get_user(tinstr, (u16 *)(instrptr & ~1));
++ u16 *ptr = (u16 *)(instrptr & ~1);
++ fault = probe_kernel_address(ptr, tinstr);
+ if (!fault) {
+ if (cpu_architecture() >= CPU_ARCH_ARMv7 &&
+ IS_T32(tinstr)) {
+ /* Thumb-2 32-bit */
+ u16 tinst2 = 0;
+- fault = __get_user(tinst2, (u16 *)(instrptr+2));
++ fault = probe_kernel_address(ptr + 1, tinst2);
+ instr = (tinstr << 16) | tinst2;
+ thumb2_32b = 1;
+ } else {
+@@ -747,8 +745,7 @@ do_alignment(unsigned long addr, unsigne
+ }
+ }
+ } else
+- fault = __get_user(instr, (u32 *)instrptr);
+- set_fs(fs);
++ fault = probe_kernel_address(instrptr, instr);
+
+ if (fault) {
+ type = TYPE_FAULT;
--- /dev/null
+From 5e4ba617c1b584b2e376f31a63bd4e734109318a Mon Sep 17 00:00:00 2001
+From: Russell King <rmk+kernel@arm.linux.org.uk>
+Date: Mon, 25 Feb 2013 16:09:12 +0000
+Subject: ARM: VFP: fix emulation of second VFP instruction
+
+From: Russell King <rmk+kernel@arm.linux.org.uk>
+
+commit 5e4ba617c1b584b2e376f31a63bd4e734109318a upstream.
+
+Martin Storsjö reports that the sequence:
+
+ ee312ac1 vsub.f32 s4, s3, s2
+ ee702ac0 vsub.f32 s5, s1, s0
+ e59f0028 ldr r0, [pc, #40]
+ ee111a90 vmov r1, s3
+
+on Raspberry Pi (implementor 41 architecture 1 part 20 variant b rev 5)
+where s3 is a denormal and s2 is zero results in incorrect behaviour -
+the instruction "vsub.f32 s5, s1, s0" is not executed:
+
+ VFP: bounce: trigger ee111a90 fpexc d0000780
+ VFP: emulate: INST=0xee312ac1 SCR=0x00000000
+ ...
+
+As we can see, the instruction triggering the exception is the "vmov"
+instruction, and we emulate the "vsub.f32 s4, s3, s2" but fail to
+properly take account of the FPEXC_FP2V flag in FPEXC. This is because
+the test for the second instruction register being valid is bogus, and
+will always skip emulation of the second instruction.
+
+Reported-by: Martin Storsjö <martin@martin.st>
+Tested-by: Martin Storsjö <martin@martin.st>
+Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/vfp/vfpmodule.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm/vfp/vfpmodule.c
++++ b/arch/arm/vfp/vfpmodule.c
+@@ -369,7 +369,7 @@ void VFP_bounce(u32 trigger, u32 fpexc,
+ * If there isn't a second FP instruction, exit now. Note that
+ * the FPEXC.FP2V bit is valid only if FPEXC.EX is 1.
+ */
+- if (fpexc ^ (FPEXC_EX | FPEXC_FP2V))
++ if ((fpexc & (FPEXC_EX | FPEXC_FP2V)) != (FPEXC_EX | FPEXC_FP2V))
+ goto exit;
+
+ /*
projects / thirdparty / kernel / stable-queue.git / commitdiff
