3.0-stable patches

added patches:
	ia64-fix-futex_atomic_cmpxchg_inatomic.patch

diff --git a/queue-3.0/ia64-fix-futex_atomic_cmpxchg_inatomic.patch b/queue-3.0/ia64-fix-futex_atomic_cmpxchg_inatomic.patch
new file mode 100644 (file)
index 0000000..a7865f0
--- /dev/null
+++ b/queue-3.0/ia64-fix-futex_atomic_cmpxchg_inatomic.patch
@@ -0,0 +1,56 @@
+From c76f39bddb84f93f70a5520d9253ec0317bec216 Mon Sep 17 00:00:00 2001
+From: "Luck, Tony" <tony.luck@intel.com>
+Date: Mon, 16 Apr 2012 16:28:01 -0700
+Subject: ia64: fix futex_atomic_cmpxchg_inatomic()
+
+From: "Luck, Tony" <tony.luck@intel.com>
+
+commit c76f39bddb84f93f70a5520d9253ec0317bec216 upstream.
+
+Michel Lespinasse cleaned up the futex calling conventions in commit
+37a9d912b24f ("futex: Sanitize cmpxchg_futex_value_locked API").
+
+But the ia64 implementation was subtly broken.  Gcc does not know that
+register "r8" will be updated by the fault handler if the cmpxchg
+instruction takes an exception.  So it feels safe in letting the
+initialization of r8 slide to after the cmpxchg.  Result: we always
+return 0 whether the user address faulted or not.
+
+Fix by moving the initialization of r8 into the __asm__ code so gcc
+won't move it.
+
+Reported-by: <emeric.maschino@gmail.com>
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=42757
+Tested-by: <emeric.maschino@gmail.com>
+Acked-by: Michel Lespinasse <walken@google.com>
+Signed-off-by: Tony Luck <tony.luck@intel.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/ia64/include/asm/futex.h |    9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/arch/ia64/include/asm/futex.h
++++ b/arch/ia64/include/asm/futex.h
+@@ -107,15 +107,16 @@ futex_atomic_cmpxchg_inatomic(u32 *uval,
+               return -EFAULT;
+ 
+       {
+-              register unsigned long r8 __asm ("r8") = 0;
++              register unsigned long r8 __asm ("r8");
+               unsigned long prev;
+               __asm__ __volatile__(
+                       "       mf;;                                    \n"
+-                      "       mov ar.ccv=%3;;                         \n"
+-                      "[1:]   cmpxchg4.acq %0=[%1],%2,ar.ccv          \n"
++                      "       mov %0=r0                               \n"
++                      "       mov ar.ccv=%4;;                         \n"
++                      "[1:]   cmpxchg4.acq %1=[%2],%3,ar.ccv          \n"
+                       "       .xdata4 \"__ex_table\", 1b-., 2f-.      \n"
+                       "[2:]"
+-                      : "=r" (prev)
++                      : "=r" (r8), "=r" (prev)
+                       : "r" (uaddr), "r" (newval),
+                         "rO" ((long) (unsigned) oldval)
+                       : "memory");

diff --git a/queue-3.0/series b/queue-3.0/series
index 3e4d2496149b36b5ac2700b6315b84bcf01fc405..092d4ca8c5515eafaead29532f10fa19e6033bb3 100644 (file)
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -3,3 +3,4 @@ drm-radeon-only-add-the-mm-i2c-bus-if-the-hw_i2c-module-param-is-set.patch
 rtlwifi-add-missing-dma-buffer-unmapping-for-pci-drivers.patch
 arm-7384-1-thumbee-disable-userspace-teehbr-access-for-config_arm_thumbee.patch
 bluetooth-hci_ldisc-fix-null-pointer-dereference-on-tty_close.patch
+ia64-fix-futex_atomic_cmpxchg_inatomic.patch