--- /dev/null
+From 92c14bd9477a20a83144f08c0ca25b0308bf0730 Mon Sep 17 00:00:00 2001
+From: Viresh Kumar <viresh.kumar@linaro.org>
+Date: Thu, 17 Jul 2014 10:48:25 +0530
+Subject: cpufreq: move policy kobj to policy->cpu at resume
+
+From: Viresh Kumar <viresh.kumar@linaro.org>
+
+commit 92c14bd9477a20a83144f08c0ca25b0308bf0730 upstream.
+
+This is only relevant to implementations with multiple clusters, where clusters
+have separate clock lines but all CPUs within a cluster share it.
+
+Consider a dual cluster platform with 2 cores per cluster. During suspend we
+start hot unplugging CPUs in order 1 to 3. When CPU2 is removed, policy->kobj
+would be moved to CPU3 and when CPU3 goes down we wouldn't free policy or its
+kobj as we want to retain permissions/values/etc.
+
+Now on resume, we will get CPU2 before CPU3 and will call __cpufreq_add_dev().
+We will recover the old policy and update policy->cpu from 3 to 2 from
+update_policy_cpu().
+
+But the kobj is still tied to CPU3 and isn't moved to CPU2. We wouldn't create a
+link for CPU2, but would try that for CPU3 while bringing it online. Which will
+report errors as CPU3 already has kobj assigned to it.
+
+This bug got introduced with commit 42f921a, which overlooked this scenario.
+
+To fix this, lets move kobj to the new policy->cpu while bringing first CPU of a
+cluster back. Also do a WARN_ON() if kobject_move failed, as we would reach here
+only for the first CPU of a non-boot cluster. And we can't recover from this
+situation, if kobject_move() fails.
+
+Fixes: 42f921a6f10c (cpufreq: remove sysfs files for CPUs which failed to come back after resume)
+Cc: 3.13+ <stable@vger.kernel.org> # 3.13+
+Reported-and-tested-by: Bu Yitian <ybu@qti.qualcomm.com>
+Reported-by: Saravana Kannan <skannan@codeaurora.org>
+Reviewed-by: Srivatsa S. Bhat <srivatsa@mit.edu>
+Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ drivers/cpufreq/cpufreq.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/cpufreq/cpufreq.c
++++ b/drivers/cpufreq/cpufreq.c
+@@ -1089,10 +1089,12 @@ static int __cpufreq_add_dev(struct devi
+ * the creation of a brand new one. So we need to perform this update
+ * by invoking update_policy_cpu().
+ */
+- if (frozen && cpu != policy->cpu)
++ if (frozen && cpu != policy->cpu) {
+ update_policy_cpu(policy, cpu);
+- else
++ WARN_ON(kobject_move(&policy->kobj, &dev->kobj));
++ } else {
+ policy->cpu = cpu;
++ }
+
+ policy->governor = CPUFREQ_DEFAULT_GOVERNOR;
+ cpumask_copy(policy->cpus, cpumask_of(cpu));
--- /dev/null
+From 3cf521f7dc87c031617fd47e4b7aa2593c2f3daf Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sasha.levin@oracle.com>
+Date: Mon, 14 Jul 2014 17:02:31 -0700
+Subject: net/l2tp: don't fall back on UDP [get|set]sockopt
+
+From: Sasha Levin <sasha.levin@oracle.com>
+
+commit 3cf521f7dc87c031617fd47e4b7aa2593c2f3daf upstream.
+
+The l2tp [get|set]sockopt() code has fallen back to the UDP functions
+for socket option levels != SOL_PPPOL2TP since day one, but that has
+never actually worked, since the l2tp socket isn't an inet socket.
+
+As David Miller points out:
+
+ "If we wanted this to work, it'd have to look up the tunnel and then
+ use tunnel->sk, but I wonder how useful that would be"
+
+Since this can never have worked so nobody could possibly have depended
+on that functionality, just remove the broken code and return -EINVAL.
+
+Reported-by: Sasha Levin <sasha.levin@oracle.com>
+Acked-by: James Chapman <jchapman@katalix.com>
+Acked-by: David Miller <davem@davemloft.net>
+Cc: Phil Turnbull <phil.turnbull@oracle.com>
+Cc: Vegard Nossum <vegard.nossum@oracle.com>
+Cc: Willy Tarreau <w@1wt.eu>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/l2tp/l2tp_ppp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/l2tp/l2tp_ppp.c
++++ b/net/l2tp/l2tp_ppp.c
+@@ -1368,7 +1368,7 @@ static int pppol2tp_setsockopt(struct so
+ int err;
+
+ if (level != SOL_PPPOL2TP)
+- return udp_prot.setsockopt(sk, level, optname, optval, optlen);
++ return -EINVAL;
+
+ if (optlen < sizeof(int))
+ return -EINVAL;
+@@ -1494,7 +1494,7 @@ static int pppol2tp_getsockopt(struct so
+ struct pppol2tp_session *ps;
+
+ if (level != SOL_PPPOL2TP)
+- return udp_prot.getsockopt(sk, level, optname, optval, optlen);
++ return -EINVAL;
+
+ if (get_user(len, optlen))
+ return -EFAULT;
--- /dev/null
+From 17290231df16eeee5dfc198dbf5ee4b419996dcd Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Sat, 24 May 2014 21:48:28 +0400
+Subject: xtensa: add fixup for double exception raised in window overflow
+
+From: Max Filippov <jcmvbkbc@gmail.com>
+
+commit 17290231df16eeee5dfc198dbf5ee4b419996dcd upstream.
+
+There are two FIXMEs in the double exception handler 'for the extremely
+unlikely case'. This case gets hit by gcc during kernel build once in
+a few hours, resulting in an unrecoverable exception condition.
+
+Provide missing fixup routine to handle this case. Double exception
+literals now need 8 more bytes, add them to the linker script.
+
+Also replace bbsi instructions with bbsi.l as we're branching depending
+on 8th and 7th LSB-based bits of exception address.
+
+This may be tested by adding the explicit DTLB invalidation to window
+overflow handlers, like the following:
+
+# --- a/arch/xtensa/kernel/vectors.S
+# +++ b/arch/xtensa/kernel/vectors.S
+# @@ -592,6 +592,14 @@ ENDPROC(_WindowUnderflow4)
+# ENTRY_ALIGN64(_WindowOverflow8)
+#
+# s32e a0, a9, -16
+# + bbsi.l a9, 31, 1f
+# + rsr a0, ccount
+# + bbsi.l a0, 4, 1f
+# + pdtlb a0, a9
+# + idtlb a0
+# + movi a0, 9
+# + idtlb a0
+# +1:
+# l32e a0, a1, -12
+# s32e a2, a9, -8
+# s32e a1, a9, -12
+
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/xtensa/kernel/vectors.S | 158 +++++++++++++++++++++++++++++++++------
+ arch/xtensa/kernel/vmlinux.lds.S | 4
+ 2 files changed, 138 insertions(+), 24 deletions(-)
+
+--- a/arch/xtensa/kernel/vectors.S
++++ b/arch/xtensa/kernel/vectors.S
+@@ -376,38 +376,42 @@ _DoubleExceptionVector_WindowOverflow:
+ beqz a2, 1f # if at start of vector, don't restore
+
+ addi a0, a0, -128
+- bbsi a0, 8, 1f # don't restore except for overflow 8 and 12
+- bbsi a0, 7, 2f
++ bbsi.l a0, 8, 1f # don't restore except for overflow 8 and 12
++
++ /*
++ * This fixup handler is for the extremely unlikely case where the
++ * overflow handler's reference thru a0 gets a hardware TLB refill
++ * that bumps out the (distinct, aliasing) TLB entry that mapped its
++ * prior references thru a9/a13, and where our reference now thru
++ * a9/a13 gets a 2nd-level miss exception (not hardware TLB refill).
++ */
++ movi a2, window_overflow_restore_a0_fixup
++ s32i a2, a3, EXC_TABLE_FIXUP
++ l32i a2, a3, EXC_TABLE_DOUBLE_SAVE
++ xsr a3, excsave1
++
++ bbsi.l a0, 7, 2f
+
+ /*
+ * Restore a0 as saved by _WindowOverflow8().
+- *
+- * FIXME: we really need a fixup handler for this L32E,
+- * for the extremely unlikely case where the overflow handler's
+- * reference thru a0 gets a hardware TLB refill that bumps out
+- * the (distinct, aliasing) TLB entry that mapped its prior
+- * references thru a9, and where our reference now thru a9
+- * gets a 2nd-level miss exception (not hardware TLB refill).
+ */
+
+- l32e a2, a9, -16
+- wsr a2, depc # replace the saved a0
+- j 1f
++ l32e a0, a9, -16
++ wsr a0, depc # replace the saved a0
++ j 3f
+
+ 2:
+ /*
+ * Restore a0 as saved by _WindowOverflow12().
+- *
+- * FIXME: we really need a fixup handler for this L32E,
+- * for the extremely unlikely case where the overflow handler's
+- * reference thru a0 gets a hardware TLB refill that bumps out
+- * the (distinct, aliasing) TLB entry that mapped its prior
+- * references thru a13, and where our reference now thru a13
+- * gets a 2nd-level miss exception (not hardware TLB refill).
+ */
+
+- l32e a2, a13, -16
+- wsr a2, depc # replace the saved a0
++ l32e a0, a13, -16
++ wsr a0, depc # replace the saved a0
++3:
++ xsr a3, excsave1
++ movi a0, 0
++ s32i a0, a3, EXC_TABLE_FIXUP
++ s32i a2, a3, EXC_TABLE_DOUBLE_SAVE
+ 1:
+ /*
+ * Restore WindowBase while leaving all address registers restored.
+@@ -449,6 +453,7 @@ _DoubleExceptionVector_WindowOverflow:
+
+ s32i a0, a2, PT_DEPC
+
++_DoubleExceptionVector_handle_exception:
+ addx4 a0, a0, a3
+ l32i a0, a0, EXC_TABLE_FAST_USER
+ xsr a3, excsave1
+@@ -464,11 +469,120 @@ _DoubleExceptionVector_WindowOverflow:
+ rotw -3
+ j 1b
+
+- .end literal_prefix
+
+ ENDPROC(_DoubleExceptionVector)
+
+ /*
++ * Fixup handler for TLB miss in double exception handler for window owerflow.
++ * We get here with windowbase set to the window that was being spilled and
++ * a0 trashed. a0 bit 7 determines if this is a call8 (bit clear) or call12
++ * (bit set) window.
++ *
++ * We do the following here:
++ * - go to the original window retaining a0 value;
++ * - set up exception stack to return back to appropriate a0 restore code
++ * (we'll need to rotate window back and there's no place to save this
++ * information, use different return address for that);
++ * - handle the exception;
++ * - go to the window that was being spilled;
++ * - set up window_overflow_restore_a0_fixup as a fixup routine;
++ * - reload a0;
++ * - restore the original window;
++ * - reset the default fixup routine;
++ * - return to user. By the time we get to this fixup handler all information
++ * about the conditions of the original double exception that happened in
++ * the window overflow handler is lost, so we just return to userspace to
++ * retry overflow from start.
++ *
++ * a0: value of depc, original value in depc
++ * a2: trashed, original value in EXC_TABLE_DOUBLE_SAVE
++ * a3: exctable, original value in excsave1
++ */
++
++ENTRY(window_overflow_restore_a0_fixup)
++
++ rsr a0, ps
++ extui a0, a0, PS_OWB_SHIFT, PS_OWB_WIDTH
++ rsr a2, windowbase
++ sub a0, a2, a0
++ extui a0, a0, 0, 3
++ l32i a2, a3, EXC_TABLE_DOUBLE_SAVE
++ xsr a3, excsave1
++
++ _beqi a0, 1, .Lhandle_1
++ _beqi a0, 3, .Lhandle_3
++
++ .macro overflow_fixup_handle_exception_pane n
++
++ rsr a0, depc
++ rotw -\n
++
++ xsr a3, excsave1
++ wsr a2, depc
++ l32i a2, a3, EXC_TABLE_KSTK
++ s32i a0, a2, PT_AREG0
++
++ movi a0, .Lrestore_\n
++ s32i a0, a2, PT_DEPC
++ rsr a0, exccause
++ j _DoubleExceptionVector_handle_exception
++
++ .endm
++
++ overflow_fixup_handle_exception_pane 2
++.Lhandle_1:
++ overflow_fixup_handle_exception_pane 1
++.Lhandle_3:
++ overflow_fixup_handle_exception_pane 3
++
++ .macro overflow_fixup_restore_a0_pane n
++
++ rotw \n
++ /* Need to preserve a0 value here to be able to handle exception
++ * that may occur on a0 reload from stack. It may occur because
++ * TLB miss handler may not be atomic and pointer to page table
++ * may be lost before we get here. There are no free registers,
++ * so we need to use EXC_TABLE_DOUBLE_SAVE area.
++ */
++ xsr a3, excsave1
++ s32i a2, a3, EXC_TABLE_DOUBLE_SAVE
++ movi a2, window_overflow_restore_a0_fixup
++ s32i a2, a3, EXC_TABLE_FIXUP
++ l32i a2, a3, EXC_TABLE_DOUBLE_SAVE
++ xsr a3, excsave1
++ bbsi.l a0, 7, 1f
++ l32e a0, a9, -16
++ j 2f
++1:
++ l32e a0, a13, -16
++2:
++ rotw -\n
++
++ .endm
++
++.Lrestore_2:
++ overflow_fixup_restore_a0_pane 2
++
++.Lset_default_fixup:
++ xsr a3, excsave1
++ s32i a2, a3, EXC_TABLE_DOUBLE_SAVE
++ movi a2, 0
++ s32i a2, a3, EXC_TABLE_FIXUP
++ l32i a2, a3, EXC_TABLE_DOUBLE_SAVE
++ xsr a3, excsave1
++ rfe
++
++.Lrestore_1:
++ overflow_fixup_restore_a0_pane 1
++ j .Lset_default_fixup
++.Lrestore_3:
++ overflow_fixup_restore_a0_pane 3
++ j .Lset_default_fixup
++
++ENDPROC(window_overflow_restore_a0_fixup)
++
++ .end literal_prefix
++/*
+ * Debug interrupt vector
+ *
+ * There is not much space here, so simply jump to another handler.
+--- a/arch/xtensa/kernel/vmlinux.lds.S
++++ b/arch/xtensa/kernel/vmlinux.lds.S
+@@ -269,13 +269,13 @@ SECTIONS
+ .UserExceptionVector.literal)
+ SECTION_VECTOR (_DoubleExceptionVector_literal,
+ .DoubleExceptionVector.literal,
+- DOUBLEEXC_VECTOR_VADDR - 16,
++ DOUBLEEXC_VECTOR_VADDR - 40,
+ SIZEOF(.UserExceptionVector.text),
+ .UserExceptionVector.text)
+ SECTION_VECTOR (_DoubleExceptionVector_text,
+ .DoubleExceptionVector.text,
+ DOUBLEEXC_VECTOR_VADDR,
+- 32,
++ 40,
+ .DoubleExceptionVector.literal)
+
+ . = (LOADADDR( .DoubleExceptionVector.text ) + SIZEOF( .DoubleExceptionVector.text ) + 3) & ~ 3;
projects / thirdparty / kernel / stable-queue.git / commitdiff
