From: Greg Kroah-Hartman Date: Sat, 17 Aug 2013 04:38:25 +0000 (-0700) Subject: 3.10-stable patches X-Git-Tag: v3.0.92~9 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2403165f931fe02a3a7da13459d9ca5d61d272b6;p=thirdparty%2Fkernel%2Fstable-queue.git 3.10-stable patches added patches: arm-7809-1-perf-fix-event-validation-for-software-group-leaders.patch m68k-atari-aranym-fix-natfeat-module-support.patch m68k-truncate-base-in-do_div.patch --- diff --git a/queue-3.10/arm-7809-1-perf-fix-event-validation-for-software-group-leaders.patch b/queue-3.10/arm-7809-1-perf-fix-event-validation-for-software-group-leaders.patch new file mode 100644 index 00000000000..37dcf393dc6 --- /dev/null +++ b/queue-3.10/arm-7809-1-perf-fix-event-validation-for-software-group-leaders.patch @@ -0,0 +1,48 @@ +From c95eb3184ea1a3a2551df57190c81da695e2144b Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Wed, 7 Aug 2013 23:39:41 +0100 +Subject: ARM: 7809/1: perf: fix event validation for software group leaders + +From: Will Deacon + +commit c95eb3184ea1a3a2551df57190c81da695e2144b upstream. + +It is possible to construct an event group with a software event as a +group leader and then subsequently add a hardware event to the group. +This results in the event group being validated by adding all members +of the group to a fake PMU and attempting to allocate each event on +their respective PMU. + +Unfortunately, for software events wthout a corresponding arm_pmu, this +results in a kernel crash attempting to dereference the ->get_event_idx +function pointer. + +This patch fixes the problem by checking explicitly for software events +and ignoring those in event validation (since they can always be +scheduled). We will probably want to revisit this for 3.12, since the +validation checks don't appear to work correctly when dealing with +multiple hardware PMUs anyway. + +Reported-by: Vince Weaver +Tested-by: Vince Weaver +Tested-by: Mark Rutland +Signed-off-by: Will Deacon +Signed-off-by: Russell King +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/kernel/perf_event.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/arm/kernel/perf_event.c ++++ b/arch/arm/kernel/perf_event.c +@@ -258,6 +258,9 @@ validate_event(struct pmu_hw_events *hw_ + struct arm_pmu *armpmu = to_arm_pmu(event->pmu); + struct pmu *leader_pmu = event->group_leader->pmu; + ++ if (is_software_event(event)) ++ return 1; ++ + if (event->pmu != leader_pmu || event->state < PERF_EVENT_STATE_OFF) + return 1; + diff --git a/queue-3.10/m68k-atari-aranym-fix-natfeat-module-support.patch b/queue-3.10/m68k-atari-aranym-fix-natfeat-module-support.patch new file mode 100644 index 00000000000..3ce071c7aef --- /dev/null +++ b/queue-3.10/m68k-atari-aranym-fix-natfeat-module-support.patch @@ -0,0 +1,80 @@ +From e8184e10f89736a23ea6eea8e24cd524c5c513d2 Mon Sep 17 00:00:00 2001 +From: Geert Uytterhoeven +Date: Fri, 26 Jul 2013 00:08:25 +0200 +Subject: m68k/atari: ARAnyM - Fix NatFeat module support + +From: Geert Uytterhoeven + +commit e8184e10f89736a23ea6eea8e24cd524c5c513d2 upstream. + +As pointed out by Andreas Schwab, pointers passed to ARAnyM NatFeat calls +should be physical addresses, not virtual addresses. + +Fortunately on Atari, physical and virtual kernel addresses are the same, +as long as normal kernel memory is concerned, so this usually worked fine +without conversion. + +But for modules, pointers to literal strings are located in vmalloc()ed +memory. Depending on the version of ARAnyM, this causes the nf_get_id() +call to just fail, or worse, crash ARAnyM itself with e.g. + + Gotcha! Illegal memory access. Atari PC = $968c + +This is a big issue for distro kernels, who want to have all drivers as +loadable modules in an initrd. + +Add a wrapper for nf_get_id() that copies the literal to the stack to +work around this issue. + +Reported-by: Thorsten Glaser +Signed-off-by: Geert Uytterhoeven +Signed-off-by: Greg Kroah-Hartman + +--- + arch/m68k/emu/natfeat.c | 23 +++++++++++++++++++---- + 1 file changed, 19 insertions(+), 4 deletions(-) + +--- a/arch/m68k/emu/natfeat.c ++++ b/arch/m68k/emu/natfeat.c +@@ -18,9 +18,11 @@ + #include + #include + ++extern long nf_get_id2(const char *feature_name); ++ + asm("\n" +-" .global nf_get_id,nf_call\n" +-"nf_get_id:\n" ++" .global nf_get_id2,nf_call\n" ++"nf_get_id2:\n" + " .short 0x7300\n" + " rts\n" + "nf_call:\n" +@@ -29,12 +31,25 @@ asm("\n" + "1: moveq.l #0,%d0\n" + " rts\n" + " .section __ex_table,\"a\"\n" +-" .long nf_get_id,1b\n" ++" .long nf_get_id2,1b\n" + " .long nf_call,1b\n" + " .previous"); +-EXPORT_SYMBOL_GPL(nf_get_id); + EXPORT_SYMBOL_GPL(nf_call); + ++long nf_get_id(const char *feature_name) ++{ ++ /* feature_name may be in vmalloc()ed memory, so make a copy */ ++ char name_copy[32]; ++ size_t n; ++ ++ n = strlcpy(name_copy, feature_name, sizeof(name_copy)); ++ if (n >= sizeof(name_copy)) ++ return 0; ++ ++ return nf_get_id2(name_copy); ++} ++EXPORT_SYMBOL_GPL(nf_get_id); ++ + void nfprint(const char *fmt, ...) + { + static char buf[256]; diff --git a/queue-3.10/m68k-truncate-base-in-do_div.patch b/queue-3.10/m68k-truncate-base-in-do_div.patch new file mode 100644 index 00000000000..0f1f4de34c2 --- /dev/null +++ b/queue-3.10/m68k-truncate-base-in-do_div.patch @@ -0,0 +1,47 @@ +From ea077b1b96e073eac5c3c5590529e964767fc5f7 Mon Sep 17 00:00:00 2001 +From: Andreas Schwab +Date: Fri, 9 Aug 2013 15:14:08 +0200 +Subject: m68k: Truncate base in do_div() + +From: Andreas Schwab + +commit ea077b1b96e073eac5c3c5590529e964767fc5f7 upstream. + +Explicitly truncate the second operand of do_div() to 32 bits to guard +against bogus code calling it with a 64-bit divisor. + +[Thorsten] + +After upgrading from 3.2 to 3.10, mounting a btrfs volume fails with: + +btrfs: setting nodatacow, compression disabled +btrfs: enabling auto recovery +btrfs: disk space caching is enabled +--- + arch/m68k/include/asm/div64.h | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +--- a/arch/m68k/include/asm/div64.h ++++ b/arch/m68k/include/asm/div64.h +@@ -15,16 +15,17 @@ + unsigned long long n64; \ + } __n; \ + unsigned long __rem, __upper; \ ++ unsigned long __base = (base); \ + \ + __n.n64 = (n); \ + if ((__upper = __n.n32[0])) { \ + asm ("divul.l %2,%1:%0" \ +- : "=d" (__n.n32[0]), "=d" (__upper) \ +- : "d" (base), "0" (__n.n32[0])); \ ++ : "=d" (__n.n32[0]), "=d" (__upper) \ ++ : "d" (__base), "0" (__n.n32[0])); \ + } \ + asm ("divu.l %2,%1:%0" \ +- : "=d" (__n.n32[1]), "=d" (__rem) \ +- : "d" (base), "1" (__upper), "0" (__n.n32[1])); \ ++ : "=d" (__n.n32[1]), "=d" (__rem) \ ++ : "d" (__base), "1" (__upper), "0" (__n.n32[1])); \ + (n) = __n.n64; \ + __rem; \ + }) diff --git a/queue-3.10/series b/queue-3.10/series index a3563f87671..7d5f8dd8240 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -37,3 +37,6 @@ usb-serial-fix-error-handling-of-usb_wwan.patch pm-qos-fix-workqueue-deadlock-when-using-pm_qos_update_request_timeout.patch wusbcore-fix-kernel-panic-when-disconnecting-a-wireless-usb-serial-device.patch fix-tlb-gather-virtual-address-range-invalidation-corner.patch +arm-7809-1-perf-fix-event-validation-for-software-group-leaders.patch +m68k-truncate-base-in-do_div.patch +m68k-atari-aranym-fix-natfeat-module-support.patch