From: Greg Kroah-Hartman Date: Wed, 3 Dec 2014 19:33:18 +0000 (-0800) Subject: 3.17-stable patches X-Git-Tag: v3.10.62~36 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5b354e14d892206fe007d6d4c4fdcc4da12b782c;p=thirdparty%2Fkernel%2Fstable-queue.git 3.17-stable patches added patches: mips-asm-uaccess-add-v1-register-to-clobber-list-on-eva.patch mips-cpu-probe-set-the-ftlb-probability-bit-on-supported-cores.patch mips-fix-eva-non-smp-non-fpu-fp-context-signal-handling.patch mips-ip27-fix-__node_distances-undefined-error.patch mips-lib-memcpy-restore-nop-on-delay-slot-before-returning-to-caller.patch mips-loongson-make-platform-serial-setup-always-built-in.patch mips-loongson3-fix-__node_distances-undefined-error.patch mips-oprofile-fix-backtrace-on-64-bit-kernel.patch mips-r4kcache-add-eva-case-for-protected_writeback_dcache_line.patch mips-tlb-r4k-add-missing-htw-stop-start-sequences.patch mips-tlbex-fix-potential-htw-race-on-tlbl-m-s-handlers.patch --- diff --git a/queue-3.17/mips-asm-uaccess-add-v1-register-to-clobber-list-on-eva.patch b/queue-3.17/mips-asm-uaccess-add-v1-register-to-clobber-list-on-eva.patch new file mode 100644 index 00000000000..72900b0798a --- /dev/null +++ b/queue-3.17/mips-asm-uaccess-add-v1-register-to-clobber-list-on-eva.patch @@ -0,0 +1,45 @@ +From 58563817cfed0432e9a54476d5fc6c3aeba475e4 Mon Sep 17 00:00:00 2001 +From: Markos Chandras +Date: Mon, 17 Nov 2014 09:30:23 +0000 +Subject: MIPS: asm: uaccess: Add v1 register to clobber list on EVA + +From: Markos Chandras + +commit 58563817cfed0432e9a54476d5fc6c3aeba475e4 upstream. + +When EVA is turned on and prefetching is being used in memcpy.S, +the v1 register is being used as a helper register to the PREFE +instruction. However, v1 ($3) was not in the clobber list, which +means that the compiler did not preserve it across function calls, +and that could corrupt the value of the register leading to all +sorts of userland crashes. We fix this problem by using the +DADDI_SCRATCH macro to define the clobbered register when +CONFIG_EVA && CONFIG_CPU_HAS_PREFETCH are enabled. + +Signed-off-by: Markos Chandras +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/8510/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/include/asm/uaccess.h | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/arch/mips/include/asm/uaccess.h ++++ b/arch/mips/include/asm/uaccess.h +@@ -773,10 +773,11 @@ extern void __put_user_unaligned_unknown + "jal\t" #destination "\n\t" + #endif + +-#ifndef CONFIG_CPU_DADDI_WORKAROUNDS +-#define DADDI_SCRATCH "$0" +-#else ++#if defined(CONFIG_CPU_DADDI_WORKAROUNDS) || (defined(CONFIG_EVA) && \ ++ defined(CONFIG_CPU_HAS_PREFETCH)) + #define DADDI_SCRATCH "$3" ++#else ++#define DADDI_SCRATCH "$0" + #endif + + extern size_t __copy_user(void *__to, const void *__from, size_t __n); diff --git a/queue-3.17/mips-cpu-probe-set-the-ftlb-probability-bit-on-supported-cores.patch b/queue-3.17/mips-cpu-probe-set-the-ftlb-probability-bit-on-supported-cores.patch new file mode 100644 index 00000000000..68e8f1c5c11 --- /dev/null +++ b/queue-3.17/mips-cpu-probe-set-the-ftlb-probability-bit-on-supported-cores.patch @@ -0,0 +1,90 @@ +From cf0a8aa0226da5de88011e7f30eff22a894b2f49 Mon Sep 17 00:00:00 2001 +From: Markos Chandras +Date: Mon, 10 Nov 2014 12:25:34 +0000 +Subject: MIPS: cpu-probe: Set the FTLB probability bit on supported cores + +From: Markos Chandras + +commit cf0a8aa0226da5de88011e7f30eff22a894b2f49 upstream. + +Make use of the Config6/FLTBP bit to set the probability of a TLBWR +instruction to hit the FTLB or the VTLB. A value of 0 (which may be +the default value on certain cores, such as proAptiv or P5600) +means that a TLBWR instruction will never hit the VTLB which +leads to performance limitations since it effectively decreases +the number of available TLB slots. + +Signed-off-by: Markos Chandras +Reviewed-by: James Hogan +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/8368/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/include/asm/mipsregs.h | 2 ++ + arch/mips/kernel/cpu-probe.c | 33 ++++++++++++++++++++++++++++++++- + 2 files changed, 34 insertions(+), 1 deletion(-) + +--- a/arch/mips/include/asm/mipsregs.h ++++ b/arch/mips/include/asm/mipsregs.h +@@ -661,6 +661,8 @@ + #define MIPS_CONF6_SYND (_ULCAST_(1) << 13) + /* proAptiv FTLB on/off bit */ + #define MIPS_CONF6_FTLBEN (_ULCAST_(1) << 15) ++/* FTLB probability bits */ ++#define MIPS_CONF6_FTLBP_SHIFT (16) + + #define MIPS_CONF7_WII (_ULCAST_(1) << 31) + +--- a/arch/mips/kernel/cpu-probe.c ++++ b/arch/mips/kernel/cpu-probe.c +@@ -192,6 +192,32 @@ static void set_isa(struct cpuinfo_mips + static char unknown_isa[] = KERN_ERR \ + "Unsupported ISA type, c0.config0: %d."; + ++static unsigned int calculate_ftlb_probability(struct cpuinfo_mips *c) ++{ ++ ++ unsigned int probability = c->tlbsize / c->tlbsizevtlb; ++ ++ /* ++ * 0 = All TLBWR instructions go to FTLB ++ * 1 = 15:1: For every 16 TBLWR instructions, 15 go to the ++ * FTLB and 1 goes to the VTLB. ++ * 2 = 7:1: As above with 7:1 ratio. ++ * 3 = 3:1: As above with 3:1 ratio. ++ * ++ * Use the linear midpoint as the probability threshold. ++ */ ++ if (probability >= 12) ++ return 1; ++ else if (probability >= 6) ++ return 2; ++ else ++ /* ++ * So FTLB is less than 4 times bigger than VTLB. ++ * A 3:1 ratio can still be useful though. ++ */ ++ return 3; ++} ++ + static void set_ftlb_enable(struct cpuinfo_mips *c, int enable) + { + unsigned int config6; +@@ -202,9 +228,14 @@ static void set_ftlb_enable(struct cpuin + case CPU_P5600: + /* proAptiv & related cores use Config6 to enable the FTLB */ + config6 = read_c0_config6(); ++ /* Clear the old probability value */ ++ config6 &= ~(3 << MIPS_CONF6_FTLBP_SHIFT); + if (enable) + /* Enable FTLB */ +- write_c0_config6(config6 | MIPS_CONF6_FTLBEN); ++ write_c0_config6(config6 | ++ (calculate_ftlb_probability(c) ++ << MIPS_CONF6_FTLBP_SHIFT) ++ | MIPS_CONF6_FTLBEN); + else + /* Disable FTLB */ + write_c0_config6(config6 & ~MIPS_CONF6_FTLBEN); diff --git a/queue-3.17/mips-fix-eva-non-smp-non-fpu-fp-context-signal-handling.patch b/queue-3.17/mips-fix-eva-non-smp-non-fpu-fp-context-signal-handling.patch new file mode 100644 index 00000000000..8c64c3f3ef8 --- /dev/null +++ b/queue-3.17/mips-fix-eva-non-smp-non-fpu-fp-context-signal-handling.patch @@ -0,0 +1,55 @@ +From 14fa12df1d6bc1d3389a0fa842e0ebd8e8a9af26 Mon Sep 17 00:00:00 2001 +From: Paul Burton +Date: Tue, 28 Oct 2014 11:25:51 +0000 +Subject: MIPS: fix EVA & non-SMP non-FPU FP context signal handling + +From: Paul Burton + +commit 14fa12df1d6bc1d3389a0fa842e0ebd8e8a9af26 upstream. + +The save_fp_context & restore_fp_context pointers were being assigned +to the wrong variables if either: + + - The kernel is configured for UP & runs on a system without an FPU, + since b2ead5282885 "MIPS: Move & rename + fpu_emulator_{save,restore}_context". + + - The kernel is configured for EVA, since ca750649e08c "MIPS: kernel: + signal: Prevent save/restore FPU context in user memory". + +This would lead to FP context being clobbered incorrectly when setting +up a sigcontext, then the garbage values being saved uselessly when +returning from the signal. + +Fix by swapping the pointer assignments appropriately. + +Signed-off-by: Paul Burton +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/8230/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/signal.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/arch/mips/kernel/signal.c ++++ b/arch/mips/kernel/signal.c +@@ -658,13 +658,13 @@ static int signal_setup(void) + save_fp_context = _save_fp_context; + restore_fp_context = _restore_fp_context; + } else { +- save_fp_context = copy_fp_from_sigcontext; +- restore_fp_context = copy_fp_to_sigcontext; ++ save_fp_context = copy_fp_to_sigcontext; ++ restore_fp_context = copy_fp_from_sigcontext; + } + #endif /* CONFIG_SMP */ + #else +- save_fp_context = copy_fp_from_sigcontext;; +- restore_fp_context = copy_fp_to_sigcontext; ++ save_fp_context = copy_fp_to_sigcontext; ++ restore_fp_context = copy_fp_from_sigcontext; + #endif + + return 0; diff --git a/queue-3.17/mips-ip27-fix-__node_distances-undefined-error.patch b/queue-3.17/mips-ip27-fix-__node_distances-undefined-error.patch new file mode 100644 index 00000000000..8607f8f93da --- /dev/null +++ b/queue-3.17/mips-ip27-fix-__node_distances-undefined-error.patch @@ -0,0 +1,40 @@ +From 5829b0ecc584d15ae4eeabe69f2ab554bdec4689 Mon Sep 17 00:00:00 2001 +From: James Cowgill +Date: Thu, 13 Nov 2014 11:08:07 +0000 +Subject: MIPS: IP27: Fix __node_distances undefined error + +From: James Cowgill + +commit 5829b0ecc584d15ae4eeabe69f2ab554bdec4689 upstream. + +export the __node_distances symbol in the ip27 memory code to fix the +build error: + + Building modules, stage 2. + MODPOST 311 modules +ERROR: "__node_distances" [drivers/block/nvme.ko] undefined! +scripts/Makefile.modpost:90: recipe for target '__modpost' failed + +when building the kernel with: + CONFIG_SGI_IP27=y + CONFIG_BLK_DEV_NVME=m + +Signed-off-by: James Cowgill +Reviewed-by: James Hogan +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/sgi-ip27/ip27-memory.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/mips/sgi-ip27/ip27-memory.c ++++ b/arch/mips/sgi-ip27/ip27-memory.c +@@ -107,6 +107,7 @@ static void router_recurse(klrou_t *rout + } + + unsigned char __node_distances[MAX_COMPACT_NODES][MAX_COMPACT_NODES]; ++EXPORT_SYMBOL(__node_distances); + + static int __init compute_node_distance(nasid_t nasid_a, nasid_t nasid_b) + { diff --git a/queue-3.17/mips-lib-memcpy-restore-nop-on-delay-slot-before-returning-to-caller.patch b/queue-3.17/mips-lib-memcpy-restore-nop-on-delay-slot-before-returning-to-caller.patch new file mode 100644 index 00000000000..3b2ce37507d --- /dev/null +++ b/queue-3.17/mips-lib-memcpy-restore-nop-on-delay-slot-before-returning-to-caller.patch @@ -0,0 +1,39 @@ +From 51b1029d9966060c6ad02030e6f251425b4f06c1 Mon Sep 17 00:00:00 2001 +From: Markos Chandras +Date: Mon, 17 Nov 2014 09:32:38 +0000 +Subject: MIPS: lib: memcpy: Restore NOP on delay slot before returning to caller + +From: Markos Chandras + +commit 51b1029d9966060c6ad02030e6f251425b4f06c1 upstream. + +Commit cf62a8b8134dd3 ("MIPS: lib: memcpy: Use macro to build the +copy_user code") switched to a macro in order to build the memcpy +symbols in preparation for the EVA support. However, this commit +also removed the NOP instruction after the 'jr ra' when returning +back to the caller. This had no visible side-effects since the next +instruction was a load to the t0 register which was already in the +clobbered list, but it may have undesired effects in the future +if some other code is introduced in between the .Ldone and +the .Ll_exc_copy labels. + +Signed-off-by: Markos Chandras +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/8512/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/lib/memcpy.S | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/mips/lib/memcpy.S ++++ b/arch/mips/lib/memcpy.S +@@ -503,6 +503,7 @@ + STOREB(t0, NBYTES-2(dst), .Ls_exc_p1\@) + .Ldone\@: + jr ra ++ nop + .if __memcpy == 1 + END(memcpy) + .set __memcpy, 0 diff --git a/queue-3.17/mips-loongson-make-platform-serial-setup-always-built-in.patch b/queue-3.17/mips-loongson-make-platform-serial-setup-always-built-in.patch new file mode 100644 index 00000000000..14d513a57e7 --- /dev/null +++ b/queue-3.17/mips-loongson-make-platform-serial-setup-always-built-in.patch @@ -0,0 +1,41 @@ +From 26927f76499849e095714452b8a4e09350f6a3b9 Mon Sep 17 00:00:00 2001 +From: Aaro Koskinen +Date: Thu, 20 Nov 2014 01:05:38 +0200 +Subject: MIPS: Loongson: Make platform serial setup always built-in. + +From: Aaro Koskinen + +commit 26927f76499849e095714452b8a4e09350f6a3b9 upstream. + +If SERIAL_8250 is compiled as a module, the platform specific setup +for Loongson will be a module too, and it will not work very well. +At least on Loongson 3 it will trigger a build failure, +since loongson_sysconf is not exported to modules. + +Fix by making the platform specific serial code always built-in. + +Signed-off-by: Aaro Koskinen +Reported-by: Ralf Baechle +Cc: linux-mips@linux-mips.org +Cc: Huacai Chen +Cc: Markos Chandras +Patchwork: https://patchwork.linux-mips.org/patch/8533/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/loongson/common/Makefile | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/mips/loongson/common/Makefile ++++ b/arch/mips/loongson/common/Makefile +@@ -11,7 +11,8 @@ obj-$(CONFIG_PCI) += pci.o + # Serial port support + # + obj-$(CONFIG_EARLY_PRINTK) += early_printk.o +-obj-$(CONFIG_SERIAL_8250) += serial.o ++loongson-serial-$(CONFIG_SERIAL_8250) := serial.o ++obj-y += $(loongson-serial-m) $(loongson-serial-y) + obj-$(CONFIG_LOONGSON_UART_BASE) += uart_base.o + obj-$(CONFIG_LOONGSON_MC146818) += rtc.o + diff --git a/queue-3.17/mips-loongson3-fix-__node_distances-undefined-error.patch b/queue-3.17/mips-loongson3-fix-__node_distances-undefined-error.patch new file mode 100644 index 00000000000..972109e40f5 --- /dev/null +++ b/queue-3.17/mips-loongson3-fix-__node_distances-undefined-error.patch @@ -0,0 +1,45 @@ +From 21255dad9dffa4407cab866f5561cb9568f7f7d8 Mon Sep 17 00:00:00 2001 +From: James Cowgill +Date: Thu, 13 Nov 2014 11:08:06 +0000 +Subject: MIPS: Loongson3: Fix __node_distances undefined error + +From: James Cowgill + +commit 21255dad9dffa4407cab866f5561cb9568f7f7d8 upstream. + +export the __node_distances symbol in the loongson3 numa code to fix the +build error: + + Building modules, stage 2. + MODPOST 221 modules +ERROR: "__node_distances" [drivers/block/nvme.ko] undefined! +scripts/Makefile.modpost:90: recipe for target '__modpost' failed + +when building the kernel with: + CONFIG_CPU_LOONGSON3=y + CONFIG_NUMA=y + CONFIG_BLK_DEV_NVME=m + +Signed-off-by: James Cowgill +Reviewed-by: James Hogan +Reviewed-by: Huacai Chen +Cc: linux-mips@linux-mips.org +Cc: Wei Yongjun +Patchwork: https://patchwork.linux-mips.org/patch/8444/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/loongson/loongson-3/numa.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/mips/loongson/loongson-3/numa.c ++++ b/arch/mips/loongson/loongson-3/numa.c +@@ -33,6 +33,7 @@ + + static struct node_data prealloc__node_data[MAX_NUMNODES]; + unsigned char __node_distances[MAX_NUMNODES][MAX_NUMNODES]; ++EXPORT_SYMBOL(__node_distances); + struct node_data *__node_data[MAX_NUMNODES]; + EXPORT_SYMBOL(__node_data); + diff --git a/queue-3.17/mips-oprofile-fix-backtrace-on-64-bit-kernel.patch b/queue-3.17/mips-oprofile-fix-backtrace-on-64-bit-kernel.patch new file mode 100644 index 00000000000..79583cf7686 --- /dev/null +++ b/queue-3.17/mips-oprofile-fix-backtrace-on-64-bit-kernel.patch @@ -0,0 +1,33 @@ +From bbaf113a481b6ce32444c125807ad3618643ce57 Mon Sep 17 00:00:00 2001 +From: Aaro Koskinen +Date: Fri, 17 Oct 2014 18:10:24 +0300 +Subject: MIPS: oprofile: Fix backtrace on 64-bit kernel + +From: Aaro Koskinen + +commit bbaf113a481b6ce32444c125807ad3618643ce57 upstream. + +Fix incorrect cast that always results in wrong address for the new +frame on 64-bit kernels. + +Signed-off-by: Aaro Koskinen +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/8110/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/oprofile/backtrace.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/mips/oprofile/backtrace.c ++++ b/arch/mips/oprofile/backtrace.c +@@ -92,7 +92,7 @@ static inline int unwind_user_frame(stru + /* This marks the end of the previous function, + which means we overran. */ + break; +- stack_size = (unsigned) stack_adjustment; ++ stack_size = (unsigned long) stack_adjustment; + } else if (is_ra_save_ins(&ip)) { + int ra_slot = ip.i_format.simmediate; + if (ra_slot < 0) diff --git a/queue-3.17/mips-r4kcache-add-eva-case-for-protected_writeback_dcache_line.patch b/queue-3.17/mips-r4kcache-add-eva-case-for-protected_writeback_dcache_line.patch new file mode 100644 index 00000000000..c0acd2d1c1c --- /dev/null +++ b/queue-3.17/mips-r4kcache-add-eva-case-for-protected_writeback_dcache_line.patch @@ -0,0 +1,41 @@ +From 83fd43449baaf88fe5c03dd0081a062041837c51 Mon Sep 17 00:00:00 2001 +From: Markos Chandras +Date: Wed, 5 Nov 2014 08:25:37 +0000 +Subject: MIPS: r4kcache: Add EVA case for protected_writeback_dcache_line + +From: Markos Chandras + +commit 83fd43449baaf88fe5c03dd0081a062041837c51 upstream. + +Commit de8974e3f76c0 ("MIPS: asm: r4kcache: Add EVA cache flushing +functions") added cache function for EVA using the cachee instruction. +However, it didn't add a case for the protected_writeback_dcache_line. +mips_dsemul() calls r4k_flush_cache_sigtramp() which in turn uses +the protected_writeback_dcache_line() to flush the trampoline code +back to memory. This used the wrong "cache" instruction leading to +random userland crashes on non-FPU cores. + +Signed-off-by: Markos Chandras +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/8331/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/include/asm/r4kcache.h | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/mips/include/asm/r4kcache.h ++++ b/arch/mips/include/asm/r4kcache.h +@@ -257,7 +257,11 @@ static inline void protected_flush_icach + */ + static inline void protected_writeback_dcache_line(unsigned long addr) + { ++#ifdef CONFIG_EVA ++ protected_cachee_op(Hit_Writeback_Inv_D, addr); ++#else + protected_cache_op(Hit_Writeback_Inv_D, addr); ++#endif + } + + static inline void protected_writeback_scache_line(unsigned long addr) diff --git a/queue-3.17/mips-tlb-r4k-add-missing-htw-stop-start-sequences.patch b/queue-3.17/mips-tlb-r4k-add-missing-htw-stop-start-sequences.patch new file mode 100644 index 00000000000..6644a5c4657 --- /dev/null +++ b/queue-3.17/mips-tlb-r4k-add-missing-htw-stop-start-sequences.patch @@ -0,0 +1,60 @@ +From 6a8dff6ab16c903b0d8ef5fbf21543f39bf5d675 Mon Sep 17 00:00:00 2001 +From: Markos Chandras +Date: Mon, 17 Nov 2014 09:31:07 +0000 +Subject: MIPS: tlb-r4k: Add missing HTW stop/start sequences + +From: Markos Chandras + +commit 6a8dff6ab16c903b0d8ef5fbf21543f39bf5d675 upstream. + +HTW needs to stop and start again whenever the EntryHI register +changes otherwise an inflight HTW operation might use the new +EntryHI register for updating an old entry and that could lead +to crashes or even a machine check exception. We fix this by +ensuring the HTW has stop whenever the EntryHI register is about +to change + +Signed-off-by: Markos Chandras +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/8511/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/mm/tlb-r4k.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/mips/mm/tlb-r4k.c ++++ b/arch/mips/mm/tlb-r4k.c +@@ -299,6 +299,7 @@ void __update_tlb(struct vm_area_struct + + local_irq_save(flags); + ++ htw_stop(); + pid = read_c0_entryhi() & ASID_MASK; + address &= (PAGE_MASK << 1); + write_c0_entryhi(address | pid); +@@ -346,6 +347,7 @@ void __update_tlb(struct vm_area_struct + tlb_write_indexed(); + } + tlbw_use_hazard(); ++ htw_start(); + flush_itlb_vm(vma); + local_irq_restore(flags); + } +@@ -422,6 +424,7 @@ __init int add_temporary_entry(unsigned + + local_irq_save(flags); + /* Save old context and create impossible VPN2 value */ ++ htw_stop(); + old_ctx = read_c0_entryhi(); + old_pagemask = read_c0_pagemask(); + wired = read_c0_wired(); +@@ -443,6 +446,7 @@ __init int add_temporary_entry(unsigned + + write_c0_entryhi(old_ctx); + write_c0_pagemask(old_pagemask); ++ htw_start(); + out: + local_irq_restore(flags); + return ret; diff --git a/queue-3.17/mips-tlbex-fix-potential-htw-race-on-tlbl-m-s-handlers.patch b/queue-3.17/mips-tlbex-fix-potential-htw-race-on-tlbl-m-s-handlers.patch new file mode 100644 index 00000000000..7df21a7ccbc --- /dev/null +++ b/queue-3.17/mips-tlbex-fix-potential-htw-race-on-tlbl-m-s-handlers.patch @@ -0,0 +1,50 @@ +From 070e76cb3ffe43f6855492e77c96680c562598f0 Mon Sep 17 00:00:00 2001 +From: Leonid Yegoshin +Date: Thu, 27 Nov 2014 11:13:08 +0000 +Subject: MIPS: tlbex: Fix potential HTW race on TLBL/M/S handlers + +From: Leonid Yegoshin + +commit 070e76cb3ffe43f6855492e77c96680c562598f0 upstream. + +There is a potential race when probing the TLB in TLBL/M/S exception +handlers for a matching entry. Between the time we hit a TLBL/S/M +exception and the time we get to execute the TLBP instruction, the +HTW may have replaced the TLB entry we are interested in hence the TLB +probe may fail. However, in the existing handlers, we never checked the +status of the TLBP (ie check the result in the C0/Index register). We +fix this by adding such a check when the core implements the HTW. If +we couldn't find a matching entry, we return back and try again. + +Signed-off-by: Leonid Yegoshin +Signed-off-by: Markos Chandras +Reviewed-by: James Hogan +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/8599/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/mm/tlbex.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +--- a/arch/mips/mm/tlbex.c ++++ b/arch/mips/mm/tlbex.c +@@ -1872,8 +1872,16 @@ build_r4000_tlbchange_handler_head(u32 * + uasm_l_smp_pgtable_change(l, *p); + #endif + iPTE_LW(p, wr.r1, wr.r2); /* get even pte */ +- if (!m4kc_tlbp_war()) ++ if (!m4kc_tlbp_war()) { + build_tlb_probe_entry(p); ++ if (cpu_has_htw) { ++ /* race condition happens, leaving */ ++ uasm_i_ehb(p); ++ uasm_i_mfc0(p, wr.r3, C0_INDEX); ++ uasm_il_bltz(p, r, wr.r3, label_leave); ++ uasm_i_nop(p); ++ } ++ } + return wr; + } +