--- /dev/null
+From bcec7c8da6b092b1ff3327fd83c2193adb12f684 Mon Sep 17 00:00:00 2001
+From: Alex Smith <alex@alex-smith.me.uk>
+Date: Wed, 23 Jul 2014 14:40:08 +0100
+Subject: MIPS: asm/reg.h: Make 32- and 64-bit definitions available at the same time
+
+From: Alex Smith <alex@alex-smith.me.uk>
+
+commit bcec7c8da6b092b1ff3327fd83c2193adb12f684 upstream.
+
+Get rid of the WANT_COMPAT_REG_H test and instead define both the 32-
+and 64-bit register offset definitions at the same time with
+MIPS{32,64}_ prefixes, then define the existing EF_* names to the
+correct definitions for the kernel's bitness.
+
+This patch is a prerequisite of the following bug fix patch.
+
+Signed-off-by: Alex Smith <alex@alex-smith.me.uk>
+Cc: linux-mips@linux-mips.org
+Patchwork: https://patchwork.linux-mips.org/patch/7451/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/include/asm/reg.h | 256 +++++++++++++++++++++++++--------------
+ arch/mips/kernel/binfmt_elfo32.c | 32 +---
+ 2 files changed, 180 insertions(+), 108 deletions(-)
+
+--- a/arch/mips/include/asm/reg.h
++++ b/arch/mips/include/asm/reg.h
+@@ -12,116 +12,194 @@
+ #ifndef __ASM_MIPS_REG_H
+ #define __ASM_MIPS_REG_H
+
+-
+-#if defined(CONFIG_32BIT) || defined(WANT_COMPAT_REG_H)
+-
+-#define EF_R0 6
+-#define EF_R1 7
+-#define EF_R2 8
+-#define EF_R3 9
+-#define EF_R4 10
+-#define EF_R5 11
+-#define EF_R6 12
+-#define EF_R7 13
+-#define EF_R8 14
+-#define EF_R9 15
+-#define EF_R10 16
+-#define EF_R11 17
+-#define EF_R12 18
+-#define EF_R13 19
+-#define EF_R14 20
+-#define EF_R15 21
+-#define EF_R16 22
+-#define EF_R17 23
+-#define EF_R18 24
+-#define EF_R19 25
+-#define EF_R20 26
+-#define EF_R21 27
+-#define EF_R22 28
+-#define EF_R23 29
+-#define EF_R24 30
+-#define EF_R25 31
++#define MIPS32_EF_R0 6
++#define MIPS32_EF_R1 7
++#define MIPS32_EF_R2 8
++#define MIPS32_EF_R3 9
++#define MIPS32_EF_R4 10
++#define MIPS32_EF_R5 11
++#define MIPS32_EF_R6 12
++#define MIPS32_EF_R7 13
++#define MIPS32_EF_R8 14
++#define MIPS32_EF_R9 15
++#define MIPS32_EF_R10 16
++#define MIPS32_EF_R11 17
++#define MIPS32_EF_R12 18
++#define MIPS32_EF_R13 19
++#define MIPS32_EF_R14 20
++#define MIPS32_EF_R15 21
++#define MIPS32_EF_R16 22
++#define MIPS32_EF_R17 23
++#define MIPS32_EF_R18 24
++#define MIPS32_EF_R19 25
++#define MIPS32_EF_R20 26
++#define MIPS32_EF_R21 27
++#define MIPS32_EF_R22 28
++#define MIPS32_EF_R23 29
++#define MIPS32_EF_R24 30
++#define MIPS32_EF_R25 31
+
+ /*
+ * k0/k1 unsaved
+ */
+-#define EF_R26 32
+-#define EF_R27 33
++#define MIPS32_EF_R26 32
++#define MIPS32_EF_R27 33
+
+-#define EF_R28 34
+-#define EF_R29 35
+-#define EF_R30 36
+-#define EF_R31 37
++#define MIPS32_EF_R28 34
++#define MIPS32_EF_R29 35
++#define MIPS32_EF_R30 36
++#define MIPS32_EF_R31 37
+
+ /*
+ * Saved special registers
+ */
+-#define EF_LO 38
+-#define EF_HI 39
++#define MIPS32_EF_LO 38
++#define MIPS32_EF_HI 39
+
+-#define EF_CP0_EPC 40
+-#define EF_CP0_BADVADDR 41
+-#define EF_CP0_STATUS 42
+-#define EF_CP0_CAUSE 43
+-#define EF_UNUSED0 44
+-
+-#define EF_SIZE 180
+-
+-#endif
+-
+-#if defined(CONFIG_64BIT) && !defined(WANT_COMPAT_REG_H)
+-
+-#define EF_R0 0
+-#define EF_R1 1
+-#define EF_R2 2
+-#define EF_R3 3
+-#define EF_R4 4
+-#define EF_R5 5
+-#define EF_R6 6
+-#define EF_R7 7
+-#define EF_R8 8
+-#define EF_R9 9
+-#define EF_R10 10
+-#define EF_R11 11
+-#define EF_R12 12
+-#define EF_R13 13
+-#define EF_R14 14
+-#define EF_R15 15
+-#define EF_R16 16
+-#define EF_R17 17
+-#define EF_R18 18
+-#define EF_R19 19
+-#define EF_R20 20
+-#define EF_R21 21
+-#define EF_R22 22
+-#define EF_R23 23
+-#define EF_R24 24
+-#define EF_R25 25
++#define MIPS32_EF_CP0_EPC 40
++#define MIPS32_EF_CP0_BADVADDR 41
++#define MIPS32_EF_CP0_STATUS 42
++#define MIPS32_EF_CP0_CAUSE 43
++#define MIPS32_EF_UNUSED0 44
++
++#define MIPS32_EF_SIZE 180
++
++#define MIPS64_EF_R0 0
++#define MIPS64_EF_R1 1
++#define MIPS64_EF_R2 2
++#define MIPS64_EF_R3 3
++#define MIPS64_EF_R4 4
++#define MIPS64_EF_R5 5
++#define MIPS64_EF_R6 6
++#define MIPS64_EF_R7 7
++#define MIPS64_EF_R8 8
++#define MIPS64_EF_R9 9
++#define MIPS64_EF_R10 10
++#define MIPS64_EF_R11 11
++#define MIPS64_EF_R12 12
++#define MIPS64_EF_R13 13
++#define MIPS64_EF_R14 14
++#define MIPS64_EF_R15 15
++#define MIPS64_EF_R16 16
++#define MIPS64_EF_R17 17
++#define MIPS64_EF_R18 18
++#define MIPS64_EF_R19 19
++#define MIPS64_EF_R20 20
++#define MIPS64_EF_R21 21
++#define MIPS64_EF_R22 22
++#define MIPS64_EF_R23 23
++#define MIPS64_EF_R24 24
++#define MIPS64_EF_R25 25
+
+ /*
+ * k0/k1 unsaved
+ */
+-#define EF_R26 26
+-#define EF_R27 27
++#define MIPS64_EF_R26 26
++#define MIPS64_EF_R27 27
+
+
+-#define EF_R28 28
+-#define EF_R29 29
+-#define EF_R30 30
+-#define EF_R31 31
++#define MIPS64_EF_R28 28
++#define MIPS64_EF_R29 29
++#define MIPS64_EF_R30 30
++#define MIPS64_EF_R31 31
+
+ /*
+ * Saved special registers
+ */
+-#define EF_LO 32
+-#define EF_HI 33
+-
+-#define EF_CP0_EPC 34
+-#define EF_CP0_BADVADDR 35
+-#define EF_CP0_STATUS 36
+-#define EF_CP0_CAUSE 37
++#define MIPS64_EF_LO 32
++#define MIPS64_EF_HI 33
+
+-#define EF_SIZE 304 /* size in bytes */
++#define MIPS64_EF_CP0_EPC 34
++#define MIPS64_EF_CP0_BADVADDR 35
++#define MIPS64_EF_CP0_STATUS 36
++#define MIPS64_EF_CP0_CAUSE 37
++
++#define MIPS64_EF_SIZE 304 /* size in bytes */
++
++#if defined(CONFIG_32BIT)
++
++#define EF_R0 MIPS32_EF_R0
++#define EF_R1 MIPS32_EF_R1
++#define EF_R2 MIPS32_EF_R2
++#define EF_R3 MIPS32_EF_R3
++#define EF_R4 MIPS32_EF_R4
++#define EF_R5 MIPS32_EF_R5
++#define EF_R6 MIPS32_EF_R6
++#define EF_R7 MIPS32_EF_R7
++#define EF_R8 MIPS32_EF_R8
++#define EF_R9 MIPS32_EF_R9
++#define EF_R10 MIPS32_EF_R10
++#define EF_R11 MIPS32_EF_R11
++#define EF_R12 MIPS32_EF_R12
++#define EF_R13 MIPS32_EF_R13
++#define EF_R14 MIPS32_EF_R14
++#define EF_R15 MIPS32_EF_R15
++#define EF_R16 MIPS32_EF_R16
++#define EF_R17 MIPS32_EF_R17
++#define EF_R18 MIPS32_EF_R18
++#define EF_R19 MIPS32_EF_R19
++#define EF_R20 MIPS32_EF_R20
++#define EF_R21 MIPS32_EF_R21
++#define EF_R22 MIPS32_EF_R22
++#define EF_R23 MIPS32_EF_R23
++#define EF_R24 MIPS32_EF_R24
++#define EF_R25 MIPS32_EF_R25
++#define EF_R26 MIPS32_EF_R26
++#define EF_R27 MIPS32_EF_R27
++#define EF_R28 MIPS32_EF_R28
++#define EF_R29 MIPS32_EF_R29
++#define EF_R30 MIPS32_EF_R30
++#define EF_R31 MIPS32_EF_R31
++#define EF_LO MIPS32_EF_LO
++#define EF_HI MIPS32_EF_HI
++#define EF_CP0_EPC MIPS32_EF_CP0_EPC
++#define EF_CP0_BADVADDR MIPS32_EF_CP0_BADVADDR
++#define EF_CP0_STATUS MIPS32_EF_CP0_STATUS
++#define EF_CP0_CAUSE MIPS32_EF_CP0_CAUSE
++#define EF_UNUSED0 MIPS32_EF_UNUSED0
++#define EF_SIZE MIPS32_EF_SIZE
++
++#elif defined(CONFIG_64BIT)
++
++#define EF_R0 MIPS64_EF_R0
++#define EF_R1 MIPS64_EF_R1
++#define EF_R2 MIPS64_EF_R2
++#define EF_R3 MIPS64_EF_R3
++#define EF_R4 MIPS64_EF_R4
++#define EF_R5 MIPS64_EF_R5
++#define EF_R6 MIPS64_EF_R6
++#define EF_R7 MIPS64_EF_R7
++#define EF_R8 MIPS64_EF_R8
++#define EF_R9 MIPS64_EF_R9
++#define EF_R10 MIPS64_EF_R10
++#define EF_R11 MIPS64_EF_R11
++#define EF_R12 MIPS64_EF_R12
++#define EF_R13 MIPS64_EF_R13
++#define EF_R14 MIPS64_EF_R14
++#define EF_R15 MIPS64_EF_R15
++#define EF_R16 MIPS64_EF_R16
++#define EF_R17 MIPS64_EF_R17
++#define EF_R18 MIPS64_EF_R18
++#define EF_R19 MIPS64_EF_R19
++#define EF_R20 MIPS64_EF_R20
++#define EF_R21 MIPS64_EF_R21
++#define EF_R22 MIPS64_EF_R22
++#define EF_R23 MIPS64_EF_R23
++#define EF_R24 MIPS64_EF_R24
++#define EF_R25 MIPS64_EF_R25
++#define EF_R26 MIPS64_EF_R26
++#define EF_R27 MIPS64_EF_R27
++#define EF_R28 MIPS64_EF_R28
++#define EF_R29 MIPS64_EF_R29
++#define EF_R30 MIPS64_EF_R30
++#define EF_R31 MIPS64_EF_R31
++#define EF_LO MIPS64_EF_LO
++#define EF_HI MIPS64_EF_HI
++#define EF_CP0_EPC MIPS64_EF_CP0_EPC
++#define EF_CP0_BADVADDR MIPS64_EF_CP0_BADVADDR
++#define EF_CP0_STATUS MIPS64_EF_CP0_STATUS
++#define EF_CP0_CAUSE MIPS64_EF_CP0_CAUSE
++#define EF_SIZE MIPS64_EF_SIZE
+
+ #endif /* CONFIG_64BIT */
+
+--- a/arch/mips/kernel/binfmt_elfo32.c
++++ b/arch/mips/kernel/binfmt_elfo32.c
+@@ -72,12 +72,6 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
+
+ #include <asm/processor.h>
+
+-/*
+- * When this file is selected, we are definitely running a 64bit kernel.
+- * So using the right regs define in asm/reg.h
+- */
+-#define WANT_COMPAT_REG_H
+-
+ /* These MUST be defined before elf.h gets included */
+ extern void elf32_core_copy_regs(elf_gregset_t grp, struct pt_regs *regs);
+ #define ELF_CORE_COPY_REGS(_dest, _regs) elf32_core_copy_regs(_dest, _regs);
+@@ -149,21 +143,21 @@ void elf32_core_copy_regs(elf_gregset_t
+ {
+ int i;
+
+- for (i = 0; i < EF_R0; i++)
++ for (i = 0; i < MIPS32_EF_R0; i++)
+ grp[i] = 0;
+- grp[EF_R0] = 0;
++ grp[MIPS32_EF_R0] = 0;
+ for (i = 1; i <= 31; i++)
+- grp[EF_R0 + i] = (elf_greg_t) regs->regs[i];
+- grp[EF_R26] = 0;
+- grp[EF_R27] = 0;
+- grp[EF_LO] = (elf_greg_t) regs->lo;
+- grp[EF_HI] = (elf_greg_t) regs->hi;
+- grp[EF_CP0_EPC] = (elf_greg_t) regs->cp0_epc;
+- grp[EF_CP0_BADVADDR] = (elf_greg_t) regs->cp0_badvaddr;
+- grp[EF_CP0_STATUS] = (elf_greg_t) regs->cp0_status;
+- grp[EF_CP0_CAUSE] = (elf_greg_t) regs->cp0_cause;
+-#ifdef EF_UNUSED0
+- grp[EF_UNUSED0] = 0;
++ grp[MIPS32_EF_R0 + i] = (elf_greg_t) regs->regs[i];
++ grp[MIPS32_EF_R26] = 0;
++ grp[MIPS32_EF_R27] = 0;
++ grp[MIPS32_EF_LO] = (elf_greg_t) regs->lo;
++ grp[MIPS32_EF_HI] = (elf_greg_t) regs->hi;
++ grp[MIPS32_EF_CP0_EPC] = (elf_greg_t) regs->cp0_epc;
++ grp[MIPS32_EF_CP0_BADVADDR] = (elf_greg_t) regs->cp0_badvaddr;
++ grp[MIPS32_EF_CP0_STATUS] = (elf_greg_t) regs->cp0_status;
++ grp[MIPS32_EF_CP0_CAUSE] = (elf_greg_t) regs->cp0_cause;
++#ifdef MIPS32_EF_UNUSED0
++ grp[MIPS32_EF_UNUSED0] = 0;
+ #endif
+ }
+
--- /dev/null
+From ffc8415afab20bd97754efae6aad1f67b531132b Mon Sep 17 00:00:00 2001
+From: Jeffrey Deans <jeffrey.deans@imgtec.com>
+Date: Thu, 17 Jul 2014 09:20:56 +0100
+Subject: MIPS: GIC: Prevent array overrun
+
+From: Jeffrey Deans <jeffrey.deans@imgtec.com>
+
+commit ffc8415afab20bd97754efae6aad1f67b531132b upstream.
+
+A GIC interrupt which is declared as having a GIC_MAP_TO_NMI_MSK
+mapping causes the cpu parameter to gic_setup_intr() to be increased
+to 32, causing memory corruption when pcpu_masks[] is written to again
+later in the function.
+
+Signed-off-by: Jeffrey Deans <jeffrey.deans@imgtec.com>
+Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
+Cc: linux-mips@linux-mips.org
+Patchwork: https://patchwork.linux-mips.org/patch/7375/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/kernel/irq-gic.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/arch/mips/kernel/irq-gic.c
++++ b/arch/mips/kernel/irq-gic.c
+@@ -255,11 +255,13 @@ static void __init gic_setup_intr(unsign
+
+ /* Setup Intr to Pin mapping */
+ if (pin & GIC_MAP_TO_NMI_MSK) {
++ int i;
++
+ GICWRITE(GIC_REG_ADDR(SHARED, GIC_SH_MAP_TO_PIN(intr)), pin);
+ /* FIXME: hack to route NMI to all cpu's */
+- for (cpu = 0; cpu < NR_CPUS; cpu += 32) {
++ for (i = 0; i < NR_CPUS; i += 32) {
+ GICWRITE(GIC_REG_ADDR(SHARED,
+- GIC_SH_MAP_TO_VPE_REG_OFF(intr, cpu)),
++ GIC_SH_MAP_TO_VPE_REG_OFF(intr, i)),
+ 0xffffffff);
+ }
+ } else {
--- /dev/null
+From e90e6fddc57055c4c6b57f92787fea1c065d440b Mon Sep 17 00:00:00 2001
+From: Alex Smith <alex.smith@imgtec.com>
+Date: Wed, 23 Jul 2014 14:40:11 +0100
+Subject: MIPS: O32/32-bit: Fix bug which can cause incorrect system call restarts
+
+From: Alex Smith <alex.smith@imgtec.com>
+
+commit e90e6fddc57055c4c6b57f92787fea1c065d440b upstream.
+
+On 32-bit/O32, pt_regs has a padding area at the beginning into which the
+syscall arguments passed via the user stack are copied. 4 arguments
+totalling 16 bytes are copied to offset 16 bytes into this area, however
+the area is only 24 bytes long. This means the last 2 arguments overwrite
+pt_regs->regs[{0,1}].
+
+If a syscall function returns an error, handle_sys stores the original
+syscall number in pt_regs->regs[0] for syscall restart. signal.c checks
+whether regs[0] is non-zero, if it is it will check whether the syscall
+return value is one of the ERESTART* codes to see if it must be
+restarted.
+
+Should a syscall be made that results in a non-zero value being copied
+off the user stack into regs[0], and then returns a positive (non-error)
+value that matches one of the ERESTART* error codes, this can be mistaken
+for requiring a syscall restart.
+
+While the possibility for this to occur has always existed, it is made
+much more likely to occur by commit 46e12c07b3b9 ("MIPS: O32 / 32-bit:
+Always copy 4 stack arguments."), since now every syscall will copy 4
+arguments and overwrite regs[0], rather than just those with 7 or 8
+arguments.
+
+Since that commit, booting Debian under a 32-bit MIPS kernel almost
+always results in a hang early in boot, due to a wait4 syscall returning
+a PID that matches one of the ERESTART* codes, which then causes an
+incorrect restart of the syscall.
+
+The problem is fixed by increasing the size of the padding area so that
+arguments copied off the stack will not overwrite pt_regs->regs[{0,1}].
+
+Signed-off-by: Alex Smith <alex.smith@imgtec.com>
+Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
+Tested-by: Aurelien Jarno <aurelien@aurel32.net>
+Cc: linux-mips@linux-mips.org
+Patchwork: https://patchwork.linux-mips.org/patch/7454/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/include/asm/ptrace.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/include/asm/ptrace.h
++++ b/arch/mips/include/asm/ptrace.h
+@@ -23,7 +23,7 @@
+ struct pt_regs {
+ #ifdef CONFIG_32BIT
+ /* Pad bytes for argument save space on the stack. */
+- unsigned long pad0[6];
++ unsigned long pad0[8];
+ #endif
+
+ /* Saved main processor registers. */
--- /dev/null
+From 608308682addfdc7b8e2aee88f0e028331d88e4d Mon Sep 17 00:00:00 2001
+From: Aaro Koskinen <aaro.koskinen@nsn.com>
+Date: Tue, 22 Jul 2014 14:51:08 +0300
+Subject: MIPS: OCTEON: make get_system_type() thread-safe
+
+From: Aaro Koskinen <aaro.koskinen@nsn.com>
+
+commit 608308682addfdc7b8e2aee88f0e028331d88e4d upstream.
+
+get_system_type() is not thread-safe on OCTEON. It uses static data,
+also more dangerous issue is that it's calling cvmx_fuse_read_byte()
+every time without any synchronization. Currently it's possible to get
+processes stuck looping forever in kernel simply by launching multiple
+readers of /proc/cpuinfo:
+
+ (while true; do cat /proc/cpuinfo > /dev/null; done) &
+ (while true; do cat /proc/cpuinfo > /dev/null; done) &
+ ...
+
+Fix by initializing the system type string only once during the early
+boot.
+
+Signed-off-by: Aaro Koskinen <aaro.koskinen@nsn.com>
+Reviewed-by: Markos Chandras <markos.chandras@imgtec.com>
+Patchwork: http://patchwork.linux-mips.org/patch/7437/
+Signed-off-by: James Hogan <james.hogan@imgtec.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/cavium-octeon/setup.c | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+--- a/arch/mips/cavium-octeon/setup.c
++++ b/arch/mips/cavium-octeon/setup.c
+@@ -458,6 +458,18 @@ static void octeon_halt(void)
+ octeon_kill_core(NULL);
+ }
+
++static char __read_mostly octeon_system_type[80];
++
++static int __init init_octeon_system_type(void)
++{
++ snprintf(octeon_system_type, sizeof(octeon_system_type), "%s (%s)",
++ cvmx_board_type_to_string(octeon_bootinfo->board_type),
++ octeon_model_get_string(read_c0_prid()));
++
++ return 0;
++}
++early_initcall(init_octeon_system_type);
++
+ /**
+ * Return a string representing the system type
+ *
+@@ -465,11 +477,7 @@ static void octeon_halt(void)
+ */
+ const char *octeon_board_type_string(void)
+ {
+- static char name[80];
+- sprintf(name, "%s (%s)",
+- cvmx_board_type_to_string(octeon_bootinfo->board_type),
+- octeon_model_get_string(read_c0_prid()));
+- return name;
++ return octeon_system_type;
+ }
+
+ const char *get_system_type(void)
--- /dev/null
+From b1442d39fac2fcfbe6a4814979020e993ca59c9e Mon Sep 17 00:00:00 2001
+From: Paul Burton <paul.burton@imgtec.com>
+Date: Tue, 22 Jul 2014 14:21:21 +0100
+Subject: MIPS: Prevent user from setting FCSR cause bits
+
+From: Paul Burton <paul.burton@imgtec.com>
+
+commit b1442d39fac2fcfbe6a4814979020e993ca59c9e upstream.
+
+If one or more matching FCSR cause & enable bits are set in saved thread
+context then when that context is restored the kernel will take an FP
+exception. This is of course undesirable and considered an oops, leading
+to the kernel writing a backtrace to the console and potentially
+rebooting depending upon the configuration. Thus the kernel avoids this
+situation by clearing the cause bits of the FCSR register when handling
+FP exceptions and after emulating FP instructions.
+
+However the kernel does not prevent userland from setting arbitrary FCSR
+cause & enable bits via ptrace, using either the PTRACE_POKEUSR or
+PTRACE_SETFPREGS requests. This means userland can trivially cause the
+kernel to oops on any system with an FPU. Prevent this from happening
+by clearing the cause bits when writing to the saved FCSR context via
+ptrace.
+
+This problem appears to exist at least back to the beginning of the git
+era in the PTRACE_POKEUSR case.
+
+Signed-off-by: Paul Burton <paul.burton@imgtec.com>
+Cc: linux-mips@linux-mips.org
+Cc: Paul Burton <paul.burton@imgtec.com>
+Cc: stable@vger.kernel.org
+Patchwork: https://patchwork.linux-mips.org/patch/7438/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/kernel/ptrace.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/mips/kernel/ptrace.c
++++ b/arch/mips/kernel/ptrace.c
+@@ -170,6 +170,7 @@ int ptrace_setfpregs(struct task_struct
+ __get_user(fregs[i], i + (__u64 __user *) data);
+
+ __get_user(child->thread.fpu.fcr31, data + 64);
++ child->thread.fpu.fcr31 &= ~FPU_CSR_ALL_X;
+
+ /* FIR may not be written. */
+
+@@ -724,7 +725,7 @@ long arch_ptrace(struct task_struct *chi
+ break;
+ #endif
+ case FPC_CSR:
+- child->thread.fpu.fcr31 = data;
++ child->thread.fpu.fcr31 = data & ~FPU_CSR_ALL_X;
+ break;
+ case DSP_BASE ... DSP_BASE + 5: {
+ dspreg_t *dregs;
--- /dev/null
+From c23b3d1a53119849dc3c23c417124deb067aa33d Mon Sep 17 00:00:00 2001
+From: Alex Smith <alex@alex-smith.me.uk>
+Date: Wed, 23 Jul 2014 14:40:09 +0100
+Subject: MIPS: ptrace: Change GP regset to use correct core dump register layout
+
+From: Alex Smith <alex@alex-smith.me.uk>
+
+commit c23b3d1a53119849dc3c23c417124deb067aa33d upstream.
+
+Commit 6a9c001b7ec3 ("MIPS: Switch ELF core dumper to use regsets.")
+switched the core dumper to use regsets, however the GP regset code
+simply makes a direct copy of the kernel's pt_regs, which does not
+match the original core dump register layout as defined in asm/reg.h.
+Furthermore, the definition of pt_regs can vary with certain Kconfig
+variables, therefore the GP regset can never be relied upon to return
+registers in the same layout.
+
+Therefore, this patch changes the GP regset to match the original core
+dump layout. The layout differs for 32- and 64-bit processes, so
+separate implementations of the get/set functions are added for the
+32- and 64-bit regsets.
+
+Signed-off-by: Alex Smith <alex@alex-smith.me.uk>
+Cc: linux-mips@linux-mips.org
+Patchwork: https://patchwork.linux-mips.org/patch/7452/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/kernel/ptrace.c | 189 ++++++++++++++++++++++++++++++++++++++--------
+ 1 file changed, 160 insertions(+), 29 deletions(-)
+
+--- a/arch/mips/kernel/ptrace.c
++++ b/arch/mips/kernel/ptrace.c
+@@ -265,36 +265,160 @@ int ptrace_set_watch_regs(struct task_st
+
+ /* regset get/set implementations */
+
+-static int gpr_get(struct task_struct *target,
+- const struct user_regset *regset,
+- unsigned int pos, unsigned int count,
+- void *kbuf, void __user *ubuf)
++#if defined(CONFIG_32BIT) || defined(CONFIG_MIPS32_O32)
++
++static int gpr32_get(struct task_struct *target,
++ const struct user_regset *regset,
++ unsigned int pos, unsigned int count,
++ void *kbuf, void __user *ubuf)
+ {
+ struct pt_regs *regs = task_pt_regs(target);
++ u32 uregs[ELF_NGREG] = {};
++ unsigned i;
+
+- return user_regset_copyout(&pos, &count, &kbuf, &ubuf,
+- regs, 0, sizeof(*regs));
++ for (i = MIPS32_EF_R1; i <= MIPS32_EF_R31; i++) {
++ /* k0/k1 are copied as zero. */
++ if (i == MIPS32_EF_R26 || i == MIPS32_EF_R27)
++ continue;
++
++ uregs[i] = regs->regs[i - MIPS32_EF_R0];
++ }
++
++ uregs[MIPS32_EF_LO] = regs->lo;
++ uregs[MIPS32_EF_HI] = regs->hi;
++ uregs[MIPS32_EF_CP0_EPC] = regs->cp0_epc;
++ uregs[MIPS32_EF_CP0_BADVADDR] = regs->cp0_badvaddr;
++ uregs[MIPS32_EF_CP0_STATUS] = regs->cp0_status;
++ uregs[MIPS32_EF_CP0_CAUSE] = regs->cp0_cause;
++
++ return user_regset_copyout(&pos, &count, &kbuf, &ubuf, uregs, 0,
++ sizeof(uregs));
+ }
+
+-static int gpr_set(struct task_struct *target,
+- const struct user_regset *regset,
+- unsigned int pos, unsigned int count,
+- const void *kbuf, const void __user *ubuf)
++static int gpr32_set(struct task_struct *target,
++ const struct user_regset *regset,
++ unsigned int pos, unsigned int count,
++ const void *kbuf, const void __user *ubuf)
+ {
+- struct pt_regs newregs;
+- int ret;
++ struct pt_regs *regs = task_pt_regs(target);
++ u32 uregs[ELF_NGREG];
++ unsigned start, num_regs, i;
++ int err;
++
++ start = pos / sizeof(u32);
++ num_regs = count / sizeof(u32);
++
++ if (start + num_regs > ELF_NGREG)
++ return -EIO;
++
++ err = user_regset_copyin(&pos, &count, &kbuf, &ubuf, uregs, 0,
++ sizeof(uregs));
++ if (err)
++ return err;
++
++ for (i = start; i < num_regs; i++) {
++ /*
++ * Cast all values to signed here so that if this is a 64-bit
++ * kernel, the supplied 32-bit values will be sign extended.
++ */
++ switch (i) {
++ case MIPS32_EF_R1 ... MIPS32_EF_R25:
++ /* k0/k1 are ignored. */
++ case MIPS32_EF_R28 ... MIPS32_EF_R31:
++ regs->regs[i - MIPS32_EF_R0] = (s32)uregs[i];
++ break;
++ case MIPS32_EF_LO:
++ regs->lo = (s32)uregs[i];
++ break;
++ case MIPS32_EF_HI:
++ regs->hi = (s32)uregs[i];
++ break;
++ case MIPS32_EF_CP0_EPC:
++ regs->cp0_epc = (s32)uregs[i];
++ break;
++ }
++ }
++
++ return 0;
++}
+
+- ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
+- &newregs,
+- 0, sizeof(newregs));
+- if (ret)
+- return ret;
++#endif /* CONFIG_32BIT || CONFIG_MIPS32_O32 */
++
++#ifdef CONFIG_64BIT
++
++static int gpr64_get(struct task_struct *target,
++ const struct user_regset *regset,
++ unsigned int pos, unsigned int count,
++ void *kbuf, void __user *ubuf)
++{
++ struct pt_regs *regs = task_pt_regs(target);
++ u64 uregs[ELF_NGREG] = {};
++ unsigned i;
+
+- *task_pt_regs(target) = newregs;
++ for (i = MIPS64_EF_R1; i <= MIPS64_EF_R31; i++) {
++ /* k0/k1 are copied as zero. */
++ if (i == MIPS64_EF_R26 || i == MIPS64_EF_R27)
++ continue;
++
++ uregs[i] = regs->regs[i - MIPS64_EF_R0];
++ }
++
++ uregs[MIPS64_EF_LO] = regs->lo;
++ uregs[MIPS64_EF_HI] = regs->hi;
++ uregs[MIPS64_EF_CP0_EPC] = regs->cp0_epc;
++ uregs[MIPS64_EF_CP0_BADVADDR] = regs->cp0_badvaddr;
++ uregs[MIPS64_EF_CP0_STATUS] = regs->cp0_status;
++ uregs[MIPS64_EF_CP0_CAUSE] = regs->cp0_cause;
++
++ return user_regset_copyout(&pos, &count, &kbuf, &ubuf, uregs, 0,
++ sizeof(uregs));
++}
++
++static int gpr64_set(struct task_struct *target,
++ const struct user_regset *regset,
++ unsigned int pos, unsigned int count,
++ const void *kbuf, const void __user *ubuf)
++{
++ struct pt_regs *regs = task_pt_regs(target);
++ u64 uregs[ELF_NGREG];
++ unsigned start, num_regs, i;
++ int err;
++
++ start = pos / sizeof(u64);
++ num_regs = count / sizeof(u64);
++
++ if (start + num_regs > ELF_NGREG)
++ return -EIO;
++
++ err = user_regset_copyin(&pos, &count, &kbuf, &ubuf, uregs, 0,
++ sizeof(uregs));
++ if (err)
++ return err;
++
++ for (i = start; i < num_regs; i++) {
++ switch (i) {
++ case MIPS64_EF_R1 ... MIPS64_EF_R25:
++ /* k0/k1 are ignored. */
++ case MIPS64_EF_R28 ... MIPS64_EF_R31:
++ regs->regs[i - MIPS64_EF_R0] = uregs[i];
++ break;
++ case MIPS64_EF_LO:
++ regs->lo = uregs[i];
++ break;
++ case MIPS64_EF_HI:
++ regs->hi = uregs[i];
++ break;
++ case MIPS64_EF_CP0_EPC:
++ regs->cp0_epc = uregs[i];
++ break;
++ }
++ }
+
+ return 0;
+ }
+
++#endif /* CONFIG_64BIT */
++
+ static int fpr_get(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+@@ -322,14 +446,16 @@ enum mips_regset {
+ REGSET_FPR,
+ };
+
++#if defined(CONFIG_32BIT) || defined(CONFIG_MIPS32_O32)
++
+ static const struct user_regset mips_regsets[] = {
+ [REGSET_GPR] = {
+ .core_note_type = NT_PRSTATUS,
+ .n = ELF_NGREG,
+ .size = sizeof(unsigned int),
+ .align = sizeof(unsigned int),
+- .get = gpr_get,
+- .set = gpr_set,
++ .get = gpr32_get,
++ .set = gpr32_set,
+ },
+ [REGSET_FPR] = {
+ .core_note_type = NT_PRFPREG,
+@@ -349,14 +475,18 @@ static const struct user_regset_view use
+ .n = ARRAY_SIZE(mips_regsets),
+ };
+
++#endif /* CONFIG_32BIT || CONFIG_MIPS32_O32 */
++
++#ifdef CONFIG_64BIT
++
+ static const struct user_regset mips64_regsets[] = {
+ [REGSET_GPR] = {
+ .core_note_type = NT_PRSTATUS,
+ .n = ELF_NGREG,
+ .size = sizeof(unsigned long),
+ .align = sizeof(unsigned long),
+- .get = gpr_get,
+- .set = gpr_set,
++ .get = gpr64_get,
++ .set = gpr64_set,
+ },
+ [REGSET_FPR] = {
+ .core_note_type = NT_PRFPREG,
+@@ -369,25 +499,26 @@ static const struct user_regset mips64_r
+ };
+
+ static const struct user_regset_view user_mips64_view = {
+- .name = "mips",
++ .name = "mips64",
+ .e_machine = ELF_ARCH,
+ .ei_osabi = ELF_OSABI,
+ .regsets = mips64_regsets,
+- .n = ARRAY_SIZE(mips_regsets),
++ .n = ARRAY_SIZE(mips64_regsets),
+ };
+
++#endif /* CONFIG_64BIT */
++
+ const struct user_regset_view *task_user_regset_view(struct task_struct *task)
+ {
+ #ifdef CONFIG_32BIT
+ return &user_mips_view;
+-#endif
+-
++#else
+ #ifdef CONFIG_MIPS32_O32
+- if (test_tsk_thread_flag(task, TIF_32BIT_REGS))
+- return &user_mips_view;
++ if (test_tsk_thread_flag(task, TIF_32BIT_REGS))
++ return &user_mips_view;
+ #endif
+-
+ return &user_mips64_view;
++#endif
+ }
+
+ long arch_ptrace(struct task_struct *child, long request,
--- /dev/null
+From 65768a1a92cb12cbba87588927cf597a65d560aa Mon Sep 17 00:00:00 2001
+From: Alex Smith <alex@alex-smith.me.uk>
+Date: Wed, 23 Jul 2014 14:40:07 +0100
+Subject: MIPS: ptrace: Test correct task's flags in task_user_regset_view()
+
+From: Alex Smith <alex@alex-smith.me.uk>
+
+commit 65768a1a92cb12cbba87588927cf597a65d560aa upstream.
+
+task_user_regset_view() should test for TIF_32BIT_REGS in the flags of
+the specified task, not of the current task.
+
+Signed-off-by: Alex Smith <alex@alex-smith.me.uk>
+Cc: linux-mips@linux-mips.org
+Patchwork: https://patchwork.linux-mips.org/patch/7450/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/kernel/ptrace.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/kernel/ptrace.c
++++ b/arch/mips/kernel/ptrace.c
+@@ -383,7 +383,7 @@ const struct user_regset_view *task_user
+ #endif
+
+ #ifdef CONFIG_MIPS32_O32
+- if (test_thread_flag(TIF_32BIT_REGS))
++ if (test_tsk_thread_flag(task, TIF_32BIT_REGS))
+ return &user_mips_view;
+ #endif
+
--- /dev/null
+From 2e5767a27337812f6850b3fa362419e2f085e5c3 Mon Sep 17 00:00:00 2001
+From: Huacai Chen <chenhc@lemote.com>
+Date: Wed, 16 Jul 2014 09:19:16 +0800
+Subject: MIPS: Remove BUG_ON(!is_fpu_owner()) in do_ade()
+
+From: Huacai Chen <chenhc@lemote.com>
+
+commit 2e5767a27337812f6850b3fa362419e2f085e5c3 upstream.
+
+In do_ade(), is_fpu_owner() isn't preempt-safe. For example, when an
+unaligned ldc1 is executed, do_cpu() is called and then FPU will be
+enabled (and TIF_USEDFPU will be set for the current process). Then,
+do_ade() is called because the access is unaligned. If the current
+process is preempted at this time, TIF_USEDFPU will be cleard. So when
+the process is scheduled again, BUG_ON(!is_fpu_owner()) is triggered.
+
+This small program can trigger this BUG in a preemptible kernel:
+
+int main (int argc, char *argv[])
+{
+ double u64[2];
+
+ while (1) {
+ asm volatile (
+ ".set push \n\t"
+ ".set noreorder \n\t"
+ "ldc1 $f3, 4(%0) \n\t"
+ ".set pop \n\t"
+ ::"r"(u64):
+ );
+ }
+
+ return 0;
+}
+
+V2: Remove the BUG_ON() unconditionally due to Paul's suggestion.
+
+Signed-off-by: Huacai Chen <chenhc@lemote.com>
+Signed-off-by: Jie Chen <chenj@lemote.com>
+Signed-off-by: Rui Wang <wangr@lemote.com>
+Cc: John Crispin <john@phrozen.org>
+Cc: Steven J. Hill <Steven.Hill@imgtec.com>
+Cc: linux-mips@linux-mips.org
+Cc: Fuxin Zhang <zhangfx@lemote.com>
+Cc: Zhangjin Wu <wuzhangjin@gmail.com>
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/kernel/unaligned.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/arch/mips/kernel/unaligned.c
++++ b/arch/mips/kernel/unaligned.c
+@@ -605,7 +605,6 @@ static void emulate_load_store_insn(stru
+ case sdc1_op:
+ die_if_kernel("Unaligned FP access in kernel code", regs);
+ BUG_ON(!used_math());
+- BUG_ON(!is_fpu_owner());
+
+ lose_fpu(1); /* Save FPU state for the emulator. */
+ res = fpu_emulator_cop1Handler(regs, ¤t->thread.fpu, 1,
--- /dev/null
+From 8393c524a25609a30129e4a8975cf3b91f6c16a5 Mon Sep 17 00:00:00 2001
+From: Huacai Chen <chenhc@lemote.com>
+Date: Tue, 29 Jul 2014 14:54:40 +0800
+Subject: MIPS: tlbex: Fix a missing statement for HUGETLB
+
+From: Huacai Chen <chenhc@lemote.com>
+
+commit 8393c524a25609a30129e4a8975cf3b91f6c16a5 upstream.
+
+In commit 2c8c53e28f1 (MIPS: Optimize TLB handlers for Octeon CPUs)
+build_r4000_tlb_refill_handler() is modified. But it doesn't compatible
+with the original code in HUGETLB case. Because there is a copy & paste
+error and one line of code is missing. It is very easy to produce a bug
+with LTP's hugemmap05 test.
+
+Signed-off-by: Huacai Chen <chenhc@lemote.com>
+Signed-off-by: Binbin Zhou <zhoubb@lemote.com>
+Cc: John Crispin <john@phrozen.org>
+Cc: Steven J. Hill <Steven.Hill@imgtec.com>
+Cc: linux-mips@linux-mips.org
+Cc: Fuxin Zhang <zhangfx@lemote.com>
+Cc: Zhangjin Wu <wuzhangjin@gmail.com>
+Patchwork: https://patchwork.linux-mips.org/patch/7496/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/mm/tlbex.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/mips/mm/tlbex.c
++++ b/arch/mips/mm/tlbex.c
+@@ -1295,6 +1295,7 @@ static void build_r4000_tlb_refill_handl
+ }
+ #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT
+ uasm_l_tlb_huge_update(&l, p);
++ UASM_i_LW(&p, K0, 0, K1);
+ build_huge_update_entries(&p, htlb_info.huge_pte, K1);
+ build_huge_tlb_write_entry(&p, &l, &r, K0, tlb_random,
+ htlb_info.restore_scratch);
scsi-add-a-blacklist-flag-which-enables-vpd-page-inquiries.patch
scsi-do-not-issue-scsi-rsoc-command-to-promise-vtrak-e610f.patch
scsi_transport_srp-fix-fast_io_fail_tmo-dev_loss_tmo-off-behavior.patch
+mips-gic-prevent-array-overrun.patch
+mips-o32-32-bit-fix-bug-which-can-cause-incorrect-system-call-restarts.patch
+mips-ptrace-test-correct-task-s-flags-in-task_user_regset_view.patch
+mips-ptrace-change-gp-regset-to-use-correct-core-dump-register-layout.patch
+mips-prevent-user-from-setting-fcsr-cause-bits.patch
+mips-tlbex-fix-a-missing-statement-for-hugetlb.patch
+mips-remove-bug_on-is_fpu_owner-in-do_ade.patch
+mips-asm-reg.h-make-32-and-64-bit-definitions-available-at-the-same-time.patch
+mips-octeon-make-get_system_type-thread-safe.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
