From: Greg Kroah-Hartman Date: Mon, 4 Mar 2013 02:47:17 +0000 (+0800) Subject: 3.0-stable patches X-Git-Tag: v3.8.3~44 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=22a13df74cb19427f07fe2cd45ddbcbbdf42ef44;p=thirdparty%2Fkernel%2Fstable-queue.git 3.0-stable patches added patches: arm-fix-scheduling-while-atomic-warning-in-alignment-handling-code.patch arm-vfp-fix-emulation-of-second-vfp-instruction.patch --- diff --git a/queue-3.0/arm-fix-scheduling-while-atomic-warning-in-alignment-handling-code.patch b/queue-3.0/arm-fix-scheduling-while-atomic-warning-in-alignment-handling-code.patch new file mode 100644 index 00000000000..5294cea2c54 --- /dev/null +++ b/queue-3.0/arm-fix-scheduling-while-atomic-warning-in-alignment-handling-code.patch @@ -0,0 +1,77 @@ +From b255188f90e2bade1bd11a986dd1ca4861869f4d Mon Sep 17 00:00:00 2001 +From: Russell King +Date: Mon, 25 Feb 2013 16:10:42 +0000 +Subject: ARM: fix scheduling while atomic warning in alignment handling code + +From: Russell King + +commit b255188f90e2bade1bd11a986dd1ca4861869f4d upstream. + +Paolo Pisati reports that IPv6 triggers this warning: + +BUG: scheduling while atomic: swapper/0/0/0x40000100 +Modules linked in: +[] (unwind_backtrace+0x0/0xf0) from [] (__schedule_bug+0x48/0x5c) +[] (__schedule_bug+0x48/0x5c) from [] (__schedule+0x700/0x740) +[] (__schedule+0x700/0x740) from [] (__cond_resched+0x24/0x34) +[] (__cond_resched+0x24/0x34) from [] (_cond_resched+0x3c/0x44) +[] (_cond_resched+0x3c/0x44) from [] (do_alignment+0x178/0x78c) +[] (do_alignment+0x178/0x78c) from [] (do_DataAbort+0x34/0x98) +[] (do_DataAbort+0x34/0x98) from [] (__dabt_svc+0x40/0x60) +Exception stack(0xc0763d70 to 0xc0763db8) +3d60: e97e805e e97e806e 2c000000 11000000 +3d80: ea86bb00 0000002c 00000011 e97e807e c076d2a8 e97e805e e97e806e 0000002c +3da0: 3d000000 c0763dbc c04b98fc c02a8490 00000113 ffffffff +[] (__dabt_svc+0x40/0x60) from [] (__csum_ipv6_magic+0x8/0xc8) + +Fix this by using probe_kernel_address() stead of __get_user(). + +Reported-by: Paolo Pisati +Tested-by: Paolo Pisati +Signed-off-by: Russell King +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/mm/alignment.c | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/arch/arm/mm/alignment.c ++++ b/arch/arm/mm/alignment.c +@@ -721,7 +721,6 @@ do_alignment(unsigned long addr, unsigne + unsigned long instr = 0, instrptr; + int (*handler)(unsigned long addr, unsigned long instr, struct pt_regs *regs); + unsigned int type; +- mm_segment_t fs; + unsigned int fault; + u16 tinstr = 0; + int isize = 4; +@@ -729,16 +728,15 @@ do_alignment(unsigned long addr, unsigne + + instrptr = instruction_pointer(regs); + +- fs = get_fs(); +- set_fs(KERNEL_DS); + if (thumb_mode(regs)) { +- fault = __get_user(tinstr, (u16 *)(instrptr & ~1)); ++ u16 *ptr = (u16 *)(instrptr & ~1); ++ fault = probe_kernel_address(ptr, tinstr); + if (!fault) { + if (cpu_architecture() >= CPU_ARCH_ARMv7 && + IS_T32(tinstr)) { + /* Thumb-2 32-bit */ + u16 tinst2 = 0; +- fault = __get_user(tinst2, (u16 *)(instrptr+2)); ++ fault = probe_kernel_address(ptr + 1, tinst2); + instr = (tinstr << 16) | tinst2; + thumb2_32b = 1; + } else { +@@ -747,8 +745,7 @@ do_alignment(unsigned long addr, unsigne + } + } + } else +- fault = __get_user(instr, (u32 *)instrptr); +- set_fs(fs); ++ fault = probe_kernel_address(instrptr, instr); + + if (fault) { + type = TYPE_FAULT; diff --git a/queue-3.0/arm-vfp-fix-emulation-of-second-vfp-instruction.patch b/queue-3.0/arm-vfp-fix-emulation-of-second-vfp-instruction.patch new file mode 100644 index 00000000000..004d5f1c5a5 --- /dev/null +++ b/queue-3.0/arm-vfp-fix-emulation-of-second-vfp-instruction.patch @@ -0,0 +1,50 @@ +From 5e4ba617c1b584b2e376f31a63bd4e734109318a Mon Sep 17 00:00:00 2001 +From: Russell King +Date: Mon, 25 Feb 2013 16:09:12 +0000 +Subject: ARM: VFP: fix emulation of second VFP instruction + +From: Russell King + +commit 5e4ba617c1b584b2e376f31a63bd4e734109318a upstream. + +Martin Storsjö reports that the sequence: + + ee312ac1 vsub.f32 s4, s3, s2 + ee702ac0 vsub.f32 s5, s1, s0 + e59f0028 ldr r0, [pc, #40] + ee111a90 vmov r1, s3 + +on Raspberry Pi (implementor 41 architecture 1 part 20 variant b rev 5) +where s3 is a denormal and s2 is zero results in incorrect behaviour - +the instruction "vsub.f32 s5, s1, s0" is not executed: + + VFP: bounce: trigger ee111a90 fpexc d0000780 + VFP: emulate: INST=0xee312ac1 SCR=0x00000000 + ... + +As we can see, the instruction triggering the exception is the "vmov" +instruction, and we emulate the "vsub.f32 s4, s3, s2" but fail to +properly take account of the FPEXC_FP2V flag in FPEXC. This is because +the test for the second instruction register being valid is bogus, and +will always skip emulation of the second instruction. + +Reported-by: Martin Storsjö +Tested-by: Martin Storsjö +Signed-off-by: Russell King +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/vfp/vfpmodule.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm/vfp/vfpmodule.c ++++ b/arch/arm/vfp/vfpmodule.c +@@ -369,7 +369,7 @@ void VFP_bounce(u32 trigger, u32 fpexc, + * If there isn't a second FP instruction, exit now. Note that + * the FPEXC.FP2V bit is valid only if FPEXC.EX is 1. + */ +- if (fpexc ^ (FPEXC_EX | FPEXC_FP2V)) ++ if ((fpexc & (FPEXC_EX | FPEXC_FP2V)) != (FPEXC_EX | FPEXC_FP2V)) + goto exit; + + /* diff --git a/queue-3.0/series b/queue-3.0/series new file mode 100644 index 00000000000..c1c383c8e7c --- /dev/null +++ b/queue-3.0/series @@ -0,0 +1,2 @@ +arm-vfp-fix-emulation-of-second-vfp-instruction.patch +arm-fix-scheduling-while-atomic-warning-in-alignment-handling-code.patch