--- /dev/null
+From 8239506e58d7cab4e2f3b983b20281552f924e6b Mon Sep 17 00:00:00 2001
+From: "David S. Miller" <davem@davemloft.net>
+Date: Thu, 1 Aug 2013 18:08:34 -0700
+Subject: esp_scsi: Fix tag state corruption when autosensing.
+
+From: "David S. Miller" <davem@davemloft.net>
+
+[ Upstream commit 21af8107f27878813d0364733c0b08813c2c192a ]
+
+Meelis Roos reports a crash in esp_free_lun_tag() in the presense
+of a disk which has died.
+
+The issue is that when we issue an autosense command, we do so by
+hijacking the original command that caused the check-condition.
+
+When we do so we clear out the ent->tag[] array when we issue it via
+find_and_prep_issuable_command(). This is so that the autosense
+command is forced to be issued non-tagged.
+
+That is problematic, because it is the value of ent->tag[] which
+determines whether we issued the original scsi command as tagged
+vs. non-tagged (see esp_alloc_lun_tag()).
+
+And that, in turn, is what trips up the sanity checks in
+esp_free_lun_tag(). That function needs the original ->tag[] values
+in order to free up the tag slot properly.
+
+Fix this by remembering the original command's tag values, and
+having esp_alloc_lun_tag() and esp_free_lun_tag() use them.
+
+Reported-by: Meelis Roos <mroos@linux.ee>
+Tested-by: Meelis Roos <mroos@linux.ee>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/esp_scsi.c | 14 ++++++++------
+ drivers/scsi/esp_scsi.h | 1 +
+ 2 files changed, 9 insertions(+), 6 deletions(-)
+
+--- a/drivers/scsi/esp_scsi.c
++++ b/drivers/scsi/esp_scsi.c
+@@ -530,7 +530,7 @@ static int esp_need_to_nego_sync(struct
+ static int esp_alloc_lun_tag(struct esp_cmd_entry *ent,
+ struct esp_lun_data *lp)
+ {
+- if (!ent->tag[0]) {
++ if (!ent->orig_tag[0]) {
+ /* Non-tagged, slot already taken? */
+ if (lp->non_tagged_cmd)
+ return -EBUSY;
+@@ -564,9 +564,9 @@ static int esp_alloc_lun_tag(struct esp_
+ return -EBUSY;
+ }
+
+- BUG_ON(lp->tagged_cmds[ent->tag[1]]);
++ BUG_ON(lp->tagged_cmds[ent->orig_tag[1]]);
+
+- lp->tagged_cmds[ent->tag[1]] = ent;
++ lp->tagged_cmds[ent->orig_tag[1]] = ent;
+ lp->num_tagged++;
+
+ return 0;
+@@ -575,9 +575,9 @@ static int esp_alloc_lun_tag(struct esp_
+ static void esp_free_lun_tag(struct esp_cmd_entry *ent,
+ struct esp_lun_data *lp)
+ {
+- if (ent->tag[0]) {
+- BUG_ON(lp->tagged_cmds[ent->tag[1]] != ent);
+- lp->tagged_cmds[ent->tag[1]] = NULL;
++ if (ent->orig_tag[0]) {
++ BUG_ON(lp->tagged_cmds[ent->orig_tag[1]] != ent);
++ lp->tagged_cmds[ent->orig_tag[1]] = NULL;
+ lp->num_tagged--;
+ } else {
+ BUG_ON(lp->non_tagged_cmd != ent);
+@@ -667,6 +667,8 @@ static struct esp_cmd_entry *find_and_pr
+ ent->tag[0] = 0;
+ ent->tag[1] = 0;
+ }
++ ent->orig_tag[0] = ent->tag[0];
++ ent->orig_tag[1] = ent->tag[1];
+
+ if (esp_alloc_lun_tag(ent, lp) < 0)
+ continue;
+--- a/drivers/scsi/esp_scsi.h
++++ b/drivers/scsi/esp_scsi.h
+@@ -271,6 +271,7 @@ struct esp_cmd_entry {
+ #define ESP_CMD_FLAG_AUTOSENSE 0x04 /* Doing automatic REQUEST_SENSE */
+
+ u8 tag[2];
++ u8 orig_tag[2];
+
+ u8 status;
+ u8 message;
powerpc-vio-fix-modalias_show-return-values.patch
powerpc-fix-parameter-clobber-in-csum_partial_copy_generic.patch
powerpc-restore-registers-on-error-exit-from-csum_partial_copy_generic.patch
+esp_scsi-fix-tag-state-corruption-when-autosensing.patch
+sparc64-fix-itlb-handler-of-null-page.patch
+sparc64-remove-rwsem-export-leftovers.patch
+sparc64-fix-off-by-one-in-trampoline-tlb-mapping-installation-loop.patch
+sparc64-fix-not-sra-ed-o5-in-32-bit-traced-syscall.patch
+sparc32-fix-exit-flag-passed-from-traced-sys_sigreturn.patch
--- /dev/null
+From 53079d9d1a2b673288e9fd17df4535fdf437a014 Mon Sep 17 00:00:00 2001
+From: Kirill Tkhai <tkhai@yandex.ru>
+Date: Fri, 26 Jul 2013 01:17:15 +0400
+Subject: sparc32: Fix exit flag passed from traced sys_sigreturn
+
+From: Kirill Tkhai <tkhai@yandex.ru>
+
+[ Upstream commit 7a3b0f89e3fea680f93932691ca41a68eee7ab5e ]
+
+Pass 1 in %o1 to indicate that syscall_trace accounts exit.
+
+Signed-off-by: Kirill Tkhai <tkhai@yandex.ru>
+CC: David Miller <davem@davemloft.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/sparc/kernel/entry.S | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/sparc/kernel/entry.S
++++ b/arch/sparc/kernel/entry.S
+@@ -1177,7 +1177,7 @@ sys_sigreturn:
+ nop
+
+ call syscall_trace
+- nop
++ mov 1, %o1
+
+ 1:
+ /* We don't want to muck with user registers like a
--- /dev/null
+From 4daceb6c3779f884ec4ec3f306ad5b3c089a696e Mon Sep 17 00:00:00 2001
+From: Kirill Tkhai <tkhai@yandex.ru>
+Date: Fri, 2 Aug 2013 19:23:18 +0400
+Subject: sparc64: Fix ITLB handler of null page
+
+From: Kirill Tkhai <tkhai@yandex.ru>
+
+[ Upstream commit 1c2696cdaad84580545a2e9c0879ff597880b1a9 ]
+
+1)Use kvmap_itlb_longpath instead of kvmap_dtlb_longpath.
+
+2)Handle page #0 only, don't handle page #1: bleu -> blu
+
+ (KERNBASE is 0x400000, so #1 does not exist too. But everything
+ is possible in the future. Fix to not to have problems later.)
+
+3)Remove unused kvmap_itlb_nonlinear.
+
+Signed-off-by: Kirill Tkhai <tkhai@yandex.ru>
+CC: David Miller <davem@davemloft.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/sparc/kernel/ktlb.S | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/arch/sparc/kernel/ktlb.S
++++ b/arch/sparc/kernel/ktlb.S
+@@ -25,11 +25,10 @@ kvmap_itlb:
+ */
+ kvmap_itlb_4v:
+
+-kvmap_itlb_nonlinear:
+ /* Catch kernel NULL pointer calls. */
+ sethi %hi(PAGE_SIZE), %g5
+ cmp %g4, %g5
+- bleu,pn %xcc, kvmap_dtlb_longpath
++ blu,pn %xcc, kvmap_itlb_longpath
+ nop
+
+ KERN_TSB_LOOKUP_TL1(%g4, %g6, %g5, %g1, %g2, %g3, kvmap_itlb_load)
--- /dev/null
+From c873c80e1a8322d90155fcaeba876d16b0af437d Mon Sep 17 00:00:00 2001
+From: Kirill Tkhai <tkhai@yandex.ru>
+Date: Fri, 26 Jul 2013 17:21:12 +0400
+Subject: sparc64: Fix not SRA'ed %o5 in 32-bit traced syscall
+
+From: Kirill Tkhai <tkhai@yandex.ru>
+
+[ Upstream commit ab2abda6377723e0d5fbbfe5f5aa16a5523344d1 ]
+
+(From v1 to v2: changed comment)
+
+On the way linux_sparc_syscall32->linux_syscall_trace32->goto 2f,
+register %o5 doesn't clear its second 32-bit.
+
+Fix that.
+
+Signed-off-by: Kirill Tkhai <tkhai@yandex.ru>
+CC: David Miller <davem@davemloft.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/sparc/kernel/syscalls.S | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/arch/sparc/kernel/syscalls.S
++++ b/arch/sparc/kernel/syscalls.S
+@@ -147,7 +147,7 @@ linux_syscall_trace32:
+ srl %i4, 0, %o4
+ srl %i1, 0, %o1
+ srl %i2, 0, %o2
+- ba,pt %xcc, 2f
++ ba,pt %xcc, 5f
+ srl %i3, 0, %o3
+
+ linux_syscall_trace:
+@@ -177,13 +177,13 @@ linux_sparc_syscall32:
+ srl %i1, 0, %o1 ! IEU0 Group
+ ldx [%g6 + TI_FLAGS], %l0 ! Load
+
+- srl %i5, 0, %o5 ! IEU1
++ srl %i3, 0, %o3 ! IEU0
+ srl %i2, 0, %o2 ! IEU0 Group
+ andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %g0
+ bne,pn %icc, linux_syscall_trace32 ! CTI
+ mov %i0, %l5 ! IEU1
+- call %l7 ! CTI Group brk forced
+- srl %i3, 0, %o3 ! IEU0
++5: call %l7 ! CTI Group brk forced
++ srl %i5, 0, %o5 ! IEU1
+ ba,a,pt %xcc, 3f
+
+ /* Linux native system calls enter here... */
--- /dev/null
+From 0ce69f0ef84a20924bfbf72b9b9a16521cdf906f Mon Sep 17 00:00:00 2001
+From: "David S. Miller" <davem@davemloft.net>
+Date: Thu, 22 Aug 2013 16:38:46 -0700
+Subject: sparc64: Fix off by one in trampoline TLB mapping installation loop.
+
+From: "David S. Miller" <davem@davemloft.net>
+
+[ Upstream commit 63d499662aeec1864ec36d042aca8184ea6a938e ]
+
+Reported-by: Kirill Tkhai <tkhai@yandex.ru>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/sparc/kernel/trampoline_64.S | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/arch/sparc/kernel/trampoline_64.S
++++ b/arch/sparc/kernel/trampoline_64.S
+@@ -131,7 +131,6 @@ startup_continue:
+ clr %l5
+ sethi %hi(num_kernel_image_mappings), %l6
+ lduw [%l6 + %lo(num_kernel_image_mappings)], %l6
+- add %l6, 1, %l6
+
+ mov 15, %l7
+ BRANCH_IF_ANY_CHEETAH(g1,g5,2f)
+@@ -224,7 +223,6 @@ niagara_lock_tlb:
+ clr %l5
+ sethi %hi(num_kernel_image_mappings), %l6
+ lduw [%l6 + %lo(num_kernel_image_mappings)], %l6
+- add %l6, 1, %l6
+
+ 1:
+ mov HV_FAST_MMU_MAP_PERM_ADDR, %o5
--- /dev/null
+From 3c48e0211d299d935f8877cecb2db89bd1ef530a Mon Sep 17 00:00:00 2001
+From: Kirill Tkhai <tkhai@yandex.ru>
+Date: Mon, 12 Aug 2013 16:02:24 +0400
+Subject: sparc64: Remove RWSEM export leftovers
+
+From: Kirill Tkhai <tkhai@yandex.ru>
+
+[ Upstream commit 61d9b9355b0d427bd1e732bd54628ff9103e496f ]
+
+The functions
+
+ __down_read
+ __down_read_trylock
+ __down_write
+ __down_write_trylock
+ __up_read
+ __up_write
+ __downgrade_write
+
+are implemented inline, so remove corresponding EXPORT_SYMBOLs
+(They lead to compile errors on RT kernel).
+
+Signed-off-by: Kirill Tkhai <tkhai@yandex.ru>
+CC: David Miller <davem@davemloft.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/sparc/lib/ksyms.c | 9 ---------
+ 1 file changed, 9 deletions(-)
+
+--- a/arch/sparc/lib/ksyms.c
++++ b/arch/sparc/lib/ksyms.c
+@@ -131,15 +131,6 @@ EXPORT_SYMBOL(___copy_from_user);
+ EXPORT_SYMBOL(___copy_in_user);
+ EXPORT_SYMBOL(__clear_user);
+
+-/* RW semaphores */
+-EXPORT_SYMBOL(__down_read);
+-EXPORT_SYMBOL(__down_read_trylock);
+-EXPORT_SYMBOL(__down_write);
+-EXPORT_SYMBOL(__down_write_trylock);
+-EXPORT_SYMBOL(__up_read);
+-EXPORT_SYMBOL(__up_write);
+-EXPORT_SYMBOL(__downgrade_write);
+-
+ /* Atomic counter implementation. */
+ EXPORT_SYMBOL(atomic_add);
+ EXPORT_SYMBOL(atomic_add_ret);
projects / thirdparty / kernel / stable-queue.git / commitdiff
