--- /dev/null
+From 0752adfda15f0eca9859a76da3db1800e129ad43 Mon Sep 17 00:00:00 2001
+From: Vineet Gupta <vgupta@synopsys.com>
+Date: Thu, 26 Sep 2013 18:50:40 +0530
+Subject: ARC: Fix 32-bit wrap around in access_ok()
+
+From: Vineet Gupta <vgupta@synopsys.com>
+
+commit 0752adfda15f0eca9859a76da3db1800e129ad43 upstream.
+
+Anton reported
+
+ | LTP tests syscalls/process_vm_readv01 and process_vm_writev01 fail
+ | similarly in one testcase test_iov_invalid -> lvec->iov_base.
+ | Testcase expects errno EFAULT and return code -1,
+ | but it gets return code 1 and ERRNO is 0 what means success.
+
+Essentially test case was passing a pointer of -1 which access_ok()
+was not catching. It was doing [@addr + @sz <= TASK_SIZE] which would
+pass for @addr == -1
+
+Fixed that by rewriting as [@addr <= TASK_SIZE - @sz]
+
+Reported-by: Anton Kolesov <Anton.Kolesov@synopsys.com>
+Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arc/include/asm/uaccess.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/arc/include/asm/uaccess.h
++++ b/arch/arc/include/asm/uaccess.h
+@@ -43,7 +43,7 @@
+ * Because it essentially checks if buffer end is within limit and @len is
+ * non-ngeative, which implies that buffer start will be within limit too.
+ *
+- * The reason for rewriting being, for majorit yof cases, @len is generally
++ * The reason for rewriting being, for majority of cases, @len is generally
+ * compile time constant, causing first sub-expression to be compile time
+ * subsumed.
+ *
+@@ -53,7 +53,7 @@
+ *
+ */
+ #define __user_ok(addr, sz) (((sz) <= TASK_SIZE) && \
+- (((addr)+(sz)) <= get_fs()))
++ ((addr) <= (get_fs() - (sz))))
+ #define __access_ok(addr, sz) (unlikely(__kernel_ok) || \
+ likely(__user_ok((addr), (sz))))
+
--- /dev/null
+From 7efd0da2d17360e1cef91507dbe619db0ee2c691 Mon Sep 17 00:00:00 2001
+From: Mischa Jonker <mjonker@synopsys.com>
+Date: Fri, 30 Aug 2013 11:56:25 +0200
+Subject: ARC: Fix __udelay calculation
+
+From: Mischa Jonker <mjonker@synopsys.com>
+
+commit 7efd0da2d17360e1cef91507dbe619db0ee2c691 upstream.
+
+Cast usecs to u64, to ensure that the (usecs * 4295 * HZ)
+multiplication is 64 bit.
+
+Initially, the (usecs * 4295 * HZ) part was done as a 32 bit
+multiplication, with the result casted to 64 bit. This led to some bits
+falling off, causing a "DMA initialization error" in the stmmac Ethernet
+driver, due to a premature timeout.
+
+Signed-off-by: Mischa Jonker <mjonker@synopsys.com>
+Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arc/include/asm/delay.h | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/arch/arc/include/asm/delay.h
++++ b/arch/arc/include/asm/delay.h
+@@ -53,11 +53,10 @@ static inline void __udelay(unsigned lon
+ {
+ unsigned long loops;
+
+- /* (long long) cast ensures 64 bit MPY - real or emulated
++ /* (u64) cast ensures 64 bit MPY - real or emulated
+ * HZ * 4295 is pre-evaluated by gcc - hence only 2 mpy ops
+ */
+- loops = ((long long)(usecs * 4295 * HZ) *
+- (long long)(loops_per_jiffy)) >> 32;
++ loops = ((u64) usecs * 4295 * HZ * loops_per_jiffy) >> 32;
+
+ __delay(loops);
+ }
--- /dev/null
+From 10469350e345599dfef3fa78a7c19fb230e674c1 Mon Sep 17 00:00:00 2001
+From: Christian Ruppert <christian.ruppert@abilis.com>
+Date: Wed, 2 Oct 2013 11:13:38 +0200
+Subject: ARC: Fix signal frame management for SA_SIGINFO
+
+From: Christian Ruppert <christian.ruppert@abilis.com>
+
+commit 10469350e345599dfef3fa78a7c19fb230e674c1 upstream.
+
+Previously, when a signal was registered with SA_SIGINFO, parameters 2
+and 3 of the signal handler were written to registers r1 and r2 before
+the register set was saved. This led to corruption of these two
+registers after returning from the signal handler (the wrong values were
+restored).
+With this patch, registers are now saved before any parameters are
+passed, thus maintaining the processor state from before signal entry.
+
+Signed-off-by: Christian Ruppert <christian.ruppert@abilis.com>
+Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arc/kernel/signal.c | 25 +++++++++++++------------
+ 1 file changed, 13 insertions(+), 12 deletions(-)
+
+--- a/arch/arc/kernel/signal.c
++++ b/arch/arc/kernel/signal.c
+@@ -101,7 +101,6 @@ SYSCALL_DEFINE0(rt_sigreturn)
+ {
+ struct rt_sigframe __user *sf;
+ unsigned int magic;
+- int err;
+ struct pt_regs *regs = current_pt_regs();
+
+ /* Always make any pending restarted system calls return -EINTR */
+@@ -119,15 +118,16 @@ SYSCALL_DEFINE0(rt_sigreturn)
+ if (!access_ok(VERIFY_READ, sf, sizeof(*sf)))
+ goto badframe;
+
+- err = restore_usr_regs(regs, sf);
+- err |= __get_user(magic, &sf->sigret_magic);
+- if (err)
++ if (__get_user(magic, &sf->sigret_magic))
+ goto badframe;
+
+ if (unlikely(is_do_ss_needed(magic)))
+ if (restore_altstack(&sf->uc.uc_stack))
+ goto badframe;
+
++ if (restore_usr_regs(regs, sf))
++ goto badframe;
++
+ /* Don't restart from sigreturn */
+ syscall_wont_restart(regs);
+
+@@ -191,6 +191,15 @@ setup_rt_frame(int signo, struct k_sigac
+ return 1;
+
+ /*
++ * w/o SA_SIGINFO, struct ucontext is partially populated (only
++ * uc_mcontext/uc_sigmask) for kernel's normal user state preservation
++ * during signal handler execution. This works for SA_SIGINFO as well
++ * although the semantics are now overloaded (the same reg state can be
++ * inspected by userland: but are they allowed to fiddle with it ?
++ */
++ err |= stash_usr_regs(sf, regs, set);
++
++ /*
+ * SA_SIGINFO requires 3 args to signal handler:
+ * #1: sig-no (common to any handler)
+ * #2: struct siginfo
+@@ -213,14 +222,6 @@ setup_rt_frame(int signo, struct k_sigac
+ magic = MAGIC_SIGALTSTK;
+ }
+
+- /*
+- * w/o SA_SIGINFO, struct ucontext is partially populated (only
+- * uc_mcontext/uc_sigmask) for kernel's normal user state preservation
+- * during signal handler execution. This works for SA_SIGINFO as well
+- * although the semantics are now overloaded (the same reg state can be
+- * inspected by userland: but are they allowed to fiddle with it ?
+- */
+- err |= stash_usr_regs(sf, regs, set);
+ err |= __put_user(magic, &sf->sigret_magic);
+ if (err)
+ return err;
--- /dev/null
+From c11eb222fd7d4db91196121dbf854178505d2751 Mon Sep 17 00:00:00 2001
+From: Mischa Jonker <mjonker@synopsys.com>
+Date: Thu, 26 Sep 2013 15:44:56 +0200
+Subject: ARC: Handle zero-overhead-loop in unaligned access handler
+
+From: Mischa Jonker <mjonker@synopsys.com>
+
+commit c11eb222fd7d4db91196121dbf854178505d2751 upstream.
+
+If a load or store is the last instruction in a zero-overhead-loop, and
+it's misaligned, the loop would execute only once.
+
+This fixes that problem.
+
+Signed-off-by: Mischa Jonker <mjonker@synopsys.com>
+Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arc/kernel/unaligned.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/arch/arc/kernel/unaligned.c
++++ b/arch/arc/kernel/unaligned.c
+@@ -233,6 +233,12 @@ int misaligned_fixup(unsigned long addre
+ regs->status32 &= ~STATUS_DE_MASK;
+ } else {
+ regs->ret += state.instr_len;
++
++ /* handle zero-overhead-loop */
++ if ((regs->ret == regs->lp_end) && (regs->lp_count)) {
++ regs->ret = regs->lp_start;
++ regs->lp_count--;
++ }
+ }
+
+ return 0;
--- /dev/null
+From 5b24282846c064ee90d40fcb3a8f63b8e754fd28 Mon Sep 17 00:00:00 2001
+From: Vineet Gupta <vgupta@synopsys.com>
+Date: Thu, 10 Oct 2013 19:33:57 +0530
+Subject: ARC: Ignore ptrace SETREGSET request for synthetic register "stop_pc"
+
+From: Vineet Gupta <vgupta@synopsys.com>
+
+commit 5b24282846c064ee90d40fcb3a8f63b8e754fd28 upstream.
+
+ARCompact TRAP_S insn used for breakpoints, commits before exception is
+taken (updating architectural PC). So ptregs->ret contains next-PC and
+not the breakpoint PC itself. This is different from other restartable
+exceptions such as TLB Miss where ptregs->ret has exact faulting PC.
+gdb needs to know exact-PC hence ARC ptrace GETREGSET provides for
+@stop_pc which returns ptregs->ret vs. EFA depending on the
+situation.
+
+However, writing stop_pc (SETREGSET request), which updates ptregs->ret
+doesn't makes sense stop_pc doesn't always correspond to that reg as
+described above.
+
+This was not an issue so far since user_regs->ret / user_regs->stop_pc
+had same value and both writing to ptregs->ret was OK, needless, but NOT
+broken, hence not observed.
+
+With gdb "jump", they diverge, and user_regs->ret updating ptregs is
+overwritten immediately with stop_pc, which this patch fixes.
+
+Reported-by: Anton Kolesov <akolesov@synopsys.com>
+Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arc/kernel/ptrace.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arc/kernel/ptrace.c
++++ b/arch/arc/kernel/ptrace.c
+@@ -102,7 +102,7 @@ static int genregs_set(struct task_struc
+ REG_IGNORE_ONE(pad2);
+ REG_IN_CHUNK(callee, efa, cregs); /* callee_regs[r25..r13] */
+ REG_IGNORE_ONE(efa); /* efa update invalid */
+- REG_IN_ONE(stop_pc, &ptregs->ret); /* stop_pc: PC update */
++ REG_IGNORE_ONE(stop_pc); /* PC updated via @ret */
+
+ return ret;
+ }
--- /dev/null
+From 6c00350b573c0bd3635436e43e8696951dd6e1b6 Mon Sep 17 00:00:00 2001
+From: Vineet Gupta <vgupta@synopsys.com>
+Date: Wed, 25 Sep 2013 16:53:32 +0530
+Subject: ARC: Workaround spinlock livelock in SMP SystemC simulation
+
+From: Vineet Gupta <vgupta@synopsys.com>
+
+commit 6c00350b573c0bd3635436e43e8696951dd6e1b6 upstream.
+
+Some ARC SMP systems lack native atomic R-M-W (LLOCK/SCOND) insns and
+can only use atomic EX insn (reg with mem) to build higher level R-M-W
+primitives. This includes a SystemC based SMP simulation model.
+
+So rwlocks need to use a protecting spinlock for atomic cmp-n-exchange
+operation to update reader(s)/writer count.
+
+The spinlock operation itself looks as follows:
+
+ mov reg, 1 ; 1=locked, 0=unlocked
+retry:
+ EX reg, [lock] ; load existing, store 1, atomically
+ BREQ reg, 1, rety ; if already locked, retry
+
+In single-threaded simulation, SystemC alternates between the 2 cores
+with "N" insn each based scheduling. Additionally for insn with global
+side effect, such as EX writing to shared mem, a core switch is
+enforced too.
+
+Given that, 2 cores doing a repeated EX on same location, Linux often
+got into a livelock e.g. when both cores were fiddling with tasklist
+lock (gdbserver / hackbench) for read/write respectively as the
+sequence diagram below shows:
+
+ core1 core2
+ -------- --------
+1. spin lock [EX r=0, w=1] - LOCKED
+2. rwlock(Read) - LOCKED
+3. spin unlock [ST 0] - UNLOCKED
+ spin lock [EX r=0,w=1] - LOCKED
+ -- resched core 1----
+
+5. spin lock [EX r=1] - ALREADY-LOCKED
+
+ -- resched core 2----
+6. rwlock(Write) - READER-LOCKED
+7. spin unlock [ST 0]
+8. rwlock failed, retry again
+
+9. spin lock [EX r=0, w=1]
+ -- resched core 1----
+
+10 spinlock locked in #9, retry #5
+11. spin lock [EX gets 1]
+ -- resched core 2----
+...
+...
+
+The fix was to unlock using the EX insn too (step 7), to trigger another
+SystemC scheduling pass which would let core1 proceed, eliding the
+livelock.
+
+Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arc/include/asm/spinlock.h | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/arch/arc/include/asm/spinlock.h
++++ b/arch/arc/include/asm/spinlock.h
+@@ -45,7 +45,14 @@ static inline int arch_spin_trylock(arch
+
+ static inline void arch_spin_unlock(arch_spinlock_t *lock)
+ {
+- lock->slock = __ARCH_SPIN_LOCK_UNLOCKED__;
++ unsigned int tmp = __ARCH_SPIN_LOCK_UNLOCKED__;
++
++ __asm__ __volatile__(
++ " ex %0, [%1] \n"
++ : "+r" (tmp)
++ : "r"(&(lock->slock))
++ : "memory");
++
+ smp_mb();
+ }
+
ext4-fix-memory-leak-in-xattr.patch
kvm-ppc-book3s-hv-fix-typo-in-saving-dscr.patch
parisc-fix-interruption-handler-to-respect-pagefault_disable.patch
+arc-fix-__udelay-calculation.patch
+arc-handle-zero-overhead-loop-in-unaligned-access-handler.patch
+arc-fix-32-bit-wrap-around-in-access_ok.patch
+arc-workaround-spinlock-livelock-in-smp-systemc-simulation.patch
+arc-fix-signal-frame-management-for-sa_siginfo.patch
+arc-ignore-ptrace-setregset-request-for-synthetic-register-stop_pc.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
