From: Greg Kroah-Hartman Date: Sat, 20 Sep 2014 17:54:29 +0000 (-0700) Subject: 3.10-stable patches X-Git-Tag: v3.16.4~86 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=698cc47bc8df5f364352c3ba61ca1de0b3252667;p=thirdparty%2Fkernel%2Fstable-queue.git 3.10-stable patches added patches: arm64-flush-tls-registers-during-exec.patch ibmveth-fix-endian-issues-with-rx_no_buffer-statistic.patch --- diff --git a/queue-3.10/arm64-flush-tls-registers-during-exec.patch b/queue-3.10/arm64-flush-tls-registers-during-exec.patch new file mode 100644 index 00000000000..90e62c92376 --- /dev/null +++ b/queue-3.10/arm64-flush-tls-registers-during-exec.patch @@ -0,0 +1,79 @@ +From eb35bdd7bca29a13c8ecd44e6fd747a84ce675db Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Thu, 11 Sep 2014 14:38:16 +0100 +Subject: arm64: flush TLS registers during exec + +From: Will Deacon + +commit eb35bdd7bca29a13c8ecd44e6fd747a84ce675db upstream. + +Nathan reports that we leak TLS information from the parent context +during an exec, as we don't clear the TLS registers when flushing the +thread state. + +This patch updates the flushing code so that we: + + (1) Unconditionally zero the tpidr_el0 register (since this is fully + context switched for native tasks and zeroed for compat tasks) + + (2) Zero the tp_value state in thread_info before clearing the + tpidrr0_el0 register for compat tasks (since this is only writable + by the set_tls compat syscall and therefore not fully switched). + +A missing compiler barrier is also added to the compat set_tls syscall. + +Acked-by: Nathan Lynch +Reported-by: Nathan Lynch +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/process.c | 18 ++++++++++++++++++ + arch/arm64/kernel/sys_compat.c | 6 ++++++ + 2 files changed, 24 insertions(+) + +--- a/arch/arm64/kernel/process.c ++++ b/arch/arm64/kernel/process.c +@@ -172,9 +172,27 @@ void exit_thread(void) + { + } + ++static void tls_thread_flush(void) ++{ ++ asm ("msr tpidr_el0, xzr"); ++ ++ if (is_compat_task()) { ++ current->thread.tp_value = 0; ++ ++ /* ++ * We need to ensure ordering between the shadow state and the ++ * hardware state, so that we don't corrupt the hardware state ++ * with a stale shadow state during context switch. ++ */ ++ barrier(); ++ asm ("msr tpidrro_el0, xzr"); ++ } ++} ++ + void flush_thread(void) + { + fpsimd_flush_thread(); ++ tls_thread_flush(); + flush_ptrace_hw_breakpoint(current); + } + +--- a/arch/arm64/kernel/sys_compat.c ++++ b/arch/arm64/kernel/sys_compat.c +@@ -79,6 +79,12 @@ long compat_arm_syscall(struct pt_regs * + + case __ARM_NR_compat_set_tls: + current->thread.tp_value = regs->regs[0]; ++ ++ /* ++ * Protect against register corruption from context switch. ++ * See comment in tls_thread_flush. ++ */ ++ barrier(); + asm ("msr tpidrro_el0, %0" : : "r" (regs->regs[0])); + return 0; + diff --git a/queue-3.10/ibmveth-fix-endian-issues-with-rx_no_buffer-statistic.patch b/queue-3.10/ibmveth-fix-endian-issues-with-rx_no_buffer-statistic.patch new file mode 100644 index 00000000000..38caf39bdc6 --- /dev/null +++ b/queue-3.10/ibmveth-fix-endian-issues-with-rx_no_buffer-statistic.patch @@ -0,0 +1,65 @@ +From cbd5228199d8be45d895d9d0cc2b8ce53835fc21 Mon Sep 17 00:00:00 2001 +From: Anton Blanchard +Date: Fri, 22 Aug 2014 11:36:52 +1000 +Subject: ibmveth: Fix endian issues with rx_no_buffer statistic + +From: Anton Blanchard + +commit cbd5228199d8be45d895d9d0cc2b8ce53835fc21 upstream. + +Hidden away in the last 8 bytes of the buffer_list page is a solitary +statistic. It needs to be byte swapped or else ethtool -S will +produce numbers that terrify the user. + +Since we do this in multiple places, create a helper function with a +comment explaining what is going on. + +Signed-off-by: Anton Blanchard +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/ibm/ibmveth.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +--- a/drivers/net/ethernet/ibm/ibmveth.c ++++ b/drivers/net/ethernet/ibm/ibmveth.c +@@ -293,6 +293,18 @@ failure: + atomic_add(buffers_added, &(pool->available)); + } + ++/* ++ * The final 8 bytes of the buffer list is a counter of frames dropped ++ * because there was not a buffer in the buffer list capable of holding ++ * the frame. ++ */ ++static void ibmveth_update_rx_no_buffer(struct ibmveth_adapter *adapter) ++{ ++ __be64 *p = adapter->buffer_list_addr + 4096 - 8; ++ ++ adapter->rx_no_buffer = be64_to_cpup(p); ++} ++ + /* replenish routine */ + static void ibmveth_replenish_task(struct ibmveth_adapter *adapter) + { +@@ -308,8 +320,7 @@ static void ibmveth_replenish_task(struc + ibmveth_replenish_buffer_pool(adapter, pool); + } + +- adapter->rx_no_buffer = *(u64 *)(((char*)adapter->buffer_list_addr) + +- 4096 - 8); ++ ibmveth_update_rx_no_buffer(adapter); + } + + /* empty and free ana buffer pool - also used to do cleanup in error paths */ +@@ -689,8 +700,7 @@ static int ibmveth_close(struct net_devi + + free_irq(netdev->irq, netdev); + +- adapter->rx_no_buffer = *(u64 *)(((char *)adapter->buffer_list_addr) + +- 4096 - 8); ++ ibmveth_update_rx_no_buffer(adapter); + + ibmveth_cleanup(adapter); + diff --git a/queue-3.10/series b/queue-3.10/series index e01d665dea1..0311f7947b2 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -12,3 +12,5 @@ drm-i915-read-head-register-back-in-init_ring_common-to-enforce-ordering.patch pata_scc-propagate-return-value-of-scc_wait_after_reset.patch ahci-add-device-ids-for-intel-9-series-pch.patch ahci-add-pcid-for-marvel-0x9182-controller.patch +ibmveth-fix-endian-issues-with-rx_no_buffer-statistic.patch +arm64-flush-tls-registers-during-exec.patch