3.0-stable patches

added patches:
	powerpc-fix-dscr-inheritance-in-copy_thread.patch
	powerpc-restore-correct-dscr-in-context-switch.patch
	remove-user-triggerable-bug-from-mpol_to_str.patch

diff --git a/queue-3.0/powerpc-fix-dscr-inheritance-in-copy_thread.patch b/queue-3.0/powerpc-fix-dscr-inheritance-in-copy_thread.patch
new file mode 100644 (file)
index 0000000..7dca201
--- /dev/null
+++ b/queue-3.0/powerpc-fix-dscr-inheritance-in-copy_thread.patch
@@ -0,0 +1,50 @@
+From 1021cb268b3025573c4811f1dee4a11260c4507b Mon Sep 17 00:00:00 2001
+From: Anton Blanchard <anton@samba.org>
+Date: Mon, 3 Sep 2012 16:49:47 +0000
+Subject: powerpc: Fix DSCR inheritance in copy_thread()
+
+From: Anton Blanchard <anton@samba.org>
+
+commit 1021cb268b3025573c4811f1dee4a11260c4507b upstream.
+
+If the default DSCR is non zero we set thread.dscr_inherit in
+copy_thread() meaning the new thread and all its children will ignore
+future updates to the default DSCR. This is not intended and is
+a change in behaviour that a number of our users have hit.
+
+We just need to inherit thread.dscr and thread.dscr_inherit from
+the parent which ends up being much simpler.
+
+This was found with the following test case:
+
+http://ozlabs.org/~anton/junkcode/dscr_default_test.c
+
+Signed-off-by: Anton Blanchard <anton@samba.org>
+Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kernel/process.c |   12 ++----------
+ 1 file changed, 2 insertions(+), 10 deletions(-)
+
+--- a/arch/powerpc/kernel/process.c
++++ b/arch/powerpc/kernel/process.c
+@@ -794,16 +794,8 @@ int copy_thread(unsigned long clone_flag
+ #endif /* CONFIG_PPC_STD_MMU_64 */
+ #ifdef CONFIG_PPC64 
+       if (cpu_has_feature(CPU_FTR_DSCR)) {
+-              if (current->thread.dscr_inherit) {
+-                      p->thread.dscr_inherit = 1;
+-                      p->thread.dscr = current->thread.dscr;
+-              } else if (0 != dscr_default) {
+-                      p->thread.dscr_inherit = 1;
+-                      p->thread.dscr = dscr_default;
+-              } else {
+-                      p->thread.dscr_inherit = 0;
+-                      p->thread.dscr = 0;
+-              }
++              p->thread.dscr_inherit = current->thread.dscr_inherit;
++              p->thread.dscr = current->thread.dscr;
+       }
+ #endif
+ 

diff --git a/queue-3.0/powerpc-restore-correct-dscr-in-context-switch.patch b/queue-3.0/powerpc-restore-correct-dscr-in-context-switch.patch
new file mode 100644 (file)
index 0000000..2cd29b5
--- /dev/null
+++ b/queue-3.0/powerpc-restore-correct-dscr-in-context-switch.patch
@@ -0,0 +1,99 @@
+From 714332858bfd40dcf8f741498336d93875c23aa7 Mon Sep 17 00:00:00 2001
+From: Anton Blanchard <anton@samba.org>
+Date: Mon, 3 Sep 2012 16:51:10 +0000
+Subject: powerpc: Restore correct DSCR in context switch
+
+From: Anton Blanchard <anton@samba.org>
+
+commit 714332858bfd40dcf8f741498336d93875c23aa7 upstream.
+
+During a context switch we always restore the per thread DSCR value.
+If we aren't doing explicit DSCR management
+(ie thread.dscr_inherit == 0) and the default DSCR changed while
+the process has been sleeping we end up with the wrong value.
+
+Check thread.dscr_inherit and select the default DSCR or per thread
+DSCR as required.
+
+This was found with the following test case, when running with
+more threads than CPUs (ie forcing context switching):
+
+http://ozlabs.org/~anton/junkcode/dscr_default_test.c
+
+With the four patches applied I can run a combination of all
+test cases successfully at the same time:
+
+http://ozlabs.org/~anton/junkcode/dscr_default_test.c
+http://ozlabs.org/~anton/junkcode/dscr_explicit_test.c
+http://ozlabs.org/~anton/junkcode/dscr_inherit_test.c
+
+Signed-off-by: Anton Blanchard <anton@samba.org>
+Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kernel/asm-offsets.c |    1 +
+ arch/powerpc/kernel/entry_64.S    |   23 +++++++++++++++++------
+ 2 files changed, 18 insertions(+), 6 deletions(-)
+
+--- a/arch/powerpc/kernel/asm-offsets.c
++++ b/arch/powerpc/kernel/asm-offsets.c
+@@ -75,6 +75,7 @@ int main(void)
+       DEFINE(SIGSEGV, SIGSEGV);
+       DEFINE(NMI_MASK, NMI_MASK);
+       DEFINE(THREAD_DSCR, offsetof(struct thread_struct, dscr));
++      DEFINE(THREAD_DSCR_INHERIT, offsetof(struct thread_struct, dscr_inherit));
+ #else
+       DEFINE(THREAD_INFO, offsetof(struct task_struct, stack));
+ #endif /* CONFIG_PPC64 */
+--- a/arch/powerpc/kernel/entry_64.S
++++ b/arch/powerpc/kernel/entry_64.S
+@@ -380,6 +380,12 @@ _GLOBAL(ret_from_fork)
+       li      r3,0
+       b       syscall_exit
+ 
++      .section        ".toc","aw"
++DSCR_DEFAULT:
++      .tc dscr_default[TC],dscr_default
++
++      .section        ".text"
++
+ /*
+  * This routine switches between two different tasks.  The process
+  * state of one is saved on its kernel stack.  Then the state
+@@ -519,9 +525,6 @@ END_MMU_FTR_SECTION_IFSET(MMU_FTR_1T_SEG
+       mr      r1,r8           /* start using new stack pointer */
+       std     r7,PACAKSAVE(r13)
+ 
+-      ld      r6,_CCR(r1)
+-      mtcrf   0xFF,r6
+-
+ #ifdef CONFIG_ALTIVEC
+ BEGIN_FTR_SECTION
+       ld      r0,THREAD_VRSAVE(r4)
+@@ -530,14 +533,22 @@ END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
+ #endif /* CONFIG_ALTIVEC */
+ #ifdef CONFIG_PPC64
+ BEGIN_FTR_SECTION
++      lwz     r6,THREAD_DSCR_INHERIT(r4)
++      ld      r7,DSCR_DEFAULT@toc(2)
+       ld      r0,THREAD_DSCR(r4)
+-      cmpd    r0,r25
+-      beq     1f
++      cmpwi   r6,0
++      bne     1f
++      ld      r0,0(r7)
++1:    cmpd    r0,r25
++      beq     2f
+       mtspr   SPRN_DSCR,r0
+-1:    
++2:
+ END_FTR_SECTION_IFSET(CPU_FTR_DSCR)
+ #endif
+ 
++      ld      r6,_CCR(r1)
++      mtcrf   0xFF,r6
++
+       /* r3-r13 are destroyed -- Cort */
+       REST_8GPRS(14, r1)
+       REST_10GPRS(22, r1)

diff --git a/queue-3.0/remove-user-triggerable-bug-from-mpol_to_str.patch b/queue-3.0/remove-user-triggerable-bug-from-mpol_to_str.patch
new file mode 100644 (file)
index 0000000..8689965
--- /dev/null
+++ b/queue-3.0/remove-user-triggerable-bug-from-mpol_to_str.patch
@@ -0,0 +1,42 @@
+From 80de7c3138ee9fd86a98696fd2cf7ad89b995d0a Mon Sep 17 00:00:00 2001
+From: Dave Jones <davej@redhat.com>
+Date: Thu, 6 Sep 2012 12:01:00 -0400
+Subject: Remove user-triggerable BUG from mpol_to_str
+
+From: Dave Jones <davej@redhat.com>
+
+commit 80de7c3138ee9fd86a98696fd2cf7ad89b995d0a upstream.
+
+Trivially triggerable, found by trinity:
+
+  kernel BUG at mm/mempolicy.c:2546!
+  Process trinity-child2 (pid: 23988, threadinfo ffff88010197e000, task ffff88007821a670)
+  Call Trace:
+    show_numa_map+0xd5/0x450
+    show_pid_numa_map+0x13/0x20
+    traverse+0xf2/0x230
+    seq_read+0x34b/0x3e0
+    vfs_read+0xac/0x180
+    sys_pread64+0xa2/0xc0
+    system_call_fastpath+0x1a/0x1f
+  RIP: mpol_to_str+0x156/0x360
+
+Signed-off-by: Dave Jones <davej@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/mempolicy.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/mempolicy.c
++++ b/mm/mempolicy.c
+@@ -2500,7 +2500,7 @@ int mpol_to_str(char *buffer, int maxlen
+               break;
+ 
+       default:
+-              BUG();
++              return -EINVAL;
+       }
+ 
+       l = strlen(policy_modes[mode]);

diff --git a/queue-3.0/series b/queue-3.0/series
index 332f3a627bafb7957a9c8e6045dcae9a55fe6e2f..9ea42081a415b28a9a36850dfad581b88992e4d9 100644 (file)
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -30,3 +30,6 @@ usb-p54usb-remove-__devinit-from-the-struct-usb_device_id-table.patch
 usb-rtl8187-remove-__devinit-from-the-struct-usb_device_id-table.patch
 usb-smsusb-remove-__devinit-from-the-struct-usb_device_id-table.patch
 usb-cdc-acm-fix-null-pointer-dereference.patch
+powerpc-fix-dscr-inheritance-in-copy_thread.patch
+powerpc-restore-correct-dscr-in-context-switch.patch
+remove-user-triggerable-bug-from-mpol_to_str.patch