From: Greg Kroah-Hartman Date: Mon, 21 Apr 2014 01:28:04 +0000 (-0700) Subject: 3.10-stable patches X-Git-Tag: v3.13.11~9 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6eca516e1d1746f4322c6a04a6f03769990d60fb;p=thirdparty%2Fkernel%2Fstable-queue.git 3.10-stable patches added patches: ext4-fix-error-return-from-ext4_ext_handle_uninitialized_extents.patch ext4-fix-partial-cluster-handling-for-bigalloc-file-systems.patch jffs2-avoid-soft-lockup-in-jffs2_reserve_space_gc.patch jffs2-fix-crash-due-to-truncation-of-csize.patch jffs2-fix-segmentation-fault-found-in-stress-test.patch jffs2-remove-from-wait-queue-after-schedule.patch revert-sparc64-fix-__copy_-to-from-_user_inatomic-defines.patch sparc32-fix-build-failure-for-arch_jump_label_transform.patch sparc64-don-t-treat-64-bit-syscall-return-codes-as-32-bit.patch sparc64-make-sure-pil-interrupts-are-enabled-during-hypervisor-yield.patch sparc-pci-fix-incorrect-address-calculation-of-pci-bridge-windows-on-simba-bridges.patch --- diff --git a/queue-3.10/ext4-fix-error-return-from-ext4_ext_handle_uninitialized_extents.patch b/queue-3.10/ext4-fix-error-return-from-ext4_ext_handle_uninitialized_extents.patch new file mode 100644 index 00000000000..7b56641ff9f --- /dev/null +++ b/queue-3.10/ext4-fix-error-return-from-ext4_ext_handle_uninitialized_extents.patch @@ -0,0 +1,49 @@ +From ce37c42919608e96ade3748fe23c3062a0a966c5 Mon Sep 17 00:00:00 2001 +From: Eric Whitney +Date: Wed, 19 Feb 2014 18:52:39 -0500 +Subject: ext4: fix error return from ext4_ext_handle_uninitialized_extents() + +From: Eric Whitney + +commit ce37c42919608e96ade3748fe23c3062a0a966c5 upstream. + +Commit 3779473246 breaks the return of error codes from +ext4_ext_handle_uninitialized_extents() in ext4_ext_map_blocks(). A +portion of the patch assigns that function's signed integer return +value to an unsigned int. Consequently, negatively valued error codes +are lost and can be treated as a bogus allocated block count. + +Signed-off-by: Eric Whitney +Signed-off-by: "Theodore Ts'o" +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/extents.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/fs/ext4/extents.c ++++ b/fs/ext4/extents.c +@@ -4032,7 +4032,7 @@ int ext4_ext_map_blocks(handle_t *handle + struct ext4_extent newex, *ex, *ex2; + struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); + ext4_fsblk_t newblock = 0; +- int free_on_err = 0, err = 0, depth; ++ int free_on_err = 0, err = 0, depth, ret; + unsigned int allocated = 0, offset = 0; + unsigned int allocated_clusters = 0; + struct ext4_allocation_request ar; +@@ -4093,9 +4093,13 @@ int ext4_ext_map_blocks(handle_t *handle + if (!ext4_ext_is_uninitialized(ex)) + goto out; + +- allocated = ext4_ext_handle_uninitialized_extents( ++ ret = ext4_ext_handle_uninitialized_extents( + handle, inode, map, path, flags, + allocated, newblock); ++ if (ret < 0) ++ err = ret; ++ else ++ allocated = ret; + goto out3; + } + } diff --git a/queue-3.10/ext4-fix-partial-cluster-handling-for-bigalloc-file-systems.patch b/queue-3.10/ext4-fix-partial-cluster-handling-for-bigalloc-file-systems.patch new file mode 100644 index 00000000000..9574d7951b4 --- /dev/null +++ b/queue-3.10/ext4-fix-partial-cluster-handling-for-bigalloc-file-systems.patch @@ -0,0 +1,64 @@ +From c06344939422bbd032ac967223a7863de57496b5 Mon Sep 17 00:00:00 2001 +From: Eric Whitney +Date: Thu, 13 Mar 2014 23:34:16 -0400 +Subject: ext4: fix partial cluster handling for bigalloc file systems + +From: Eric Whitney + +commit c06344939422bbd032ac967223a7863de57496b5 upstream. + +Commit 9cb00419fa, which enables hole punching for bigalloc file +systems, exposed a bug introduced by commit 6ae06ff51e in an earlier +release. When run on a bigalloc file system, xfstests generic/013, 068, +075, 083, 091, 100, 112, 127, 263, 269, and 270 fail with e2fsck errors +or cause kernel error messages indicating that previously freed blocks +are being freed again. + +The latter commit optimizes the selection of the starting extent in +ext4_ext_rm_leaf() when hole punching by beginning with the extent +supplied in the path argument rather than with the last extent in the +leaf node (as is still done when truncating). However, the code in +rm_leaf that initially sets partial_cluster to track cluster sharing on +extent boundaries is only guaranteed to run if rm_leaf starts with the +last node in the leaf. Consequently, partial_cluster is not correctly +initialized when hole punching, and a cluster on the boundary of a +punched region that should be retained may instead be deallocated. + +Signed-off-by: Eric Whitney +Signed-off-by: "Theodore Ts'o" +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/extents.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +--- a/fs/ext4/extents.c ++++ b/fs/ext4/extents.c +@@ -2511,6 +2511,27 @@ ext4_ext_rm_leaf(handle_t *handle, struc + ex_ee_block = le32_to_cpu(ex->ee_block); + ex_ee_len = ext4_ext_get_actual_len(ex); + ++ /* ++ * If we're starting with an extent other than the last one in the ++ * node, we need to see if it shares a cluster with the extent to ++ * the right (towards the end of the file). If its leftmost cluster ++ * is this extent's rightmost cluster and it is not cluster aligned, ++ * we'll mark it as a partial that is not to be deallocated. ++ */ ++ ++ if (ex != EXT_LAST_EXTENT(eh)) { ++ ext4_fsblk_t current_pblk, right_pblk; ++ long long current_cluster, right_cluster; ++ ++ current_pblk = ext4_ext_pblock(ex) + ex_ee_len - 1; ++ current_cluster = (long long)EXT4_B2C(sbi, current_pblk); ++ right_pblk = ext4_ext_pblock(ex + 1); ++ right_cluster = (long long)EXT4_B2C(sbi, right_pblk); ++ if (current_cluster == right_cluster && ++ EXT4_PBLK_COFF(sbi, right_pblk)) ++ *partial_cluster = -right_cluster; ++ } ++ + trace_ext4_ext_rm_leaf(inode, start, ex, *partial_cluster); + + while (ex >= EXT_FIRST_EXTENT(eh) && diff --git a/queue-3.10/jffs2-avoid-soft-lockup-in-jffs2_reserve_space_gc.patch b/queue-3.10/jffs2-avoid-soft-lockup-in-jffs2_reserve_space_gc.patch new file mode 100644 index 00000000000..c30e22cad40 --- /dev/null +++ b/queue-3.10/jffs2-avoid-soft-lockup-in-jffs2_reserve_space_gc.patch @@ -0,0 +1,73 @@ +From 13b546d96207c131eeae15dc7b26c6e7d0f1cad7 Mon Sep 17 00:00:00 2001 +From: Li Zefan +Date: Wed, 12 Feb 2014 12:44:56 -0800 +Subject: jffs2: avoid soft-lockup in jffs2_reserve_space_gc() + +From: Li Zefan + +commit 13b546d96207c131eeae15dc7b26c6e7d0f1cad7 upstream. + +We triggered soft-lockup under stress test on 2.6.34 kernel. + +BUG: soft lockup - CPU#1 stuck for 60009ms! [lockf2.test:14488] +... +[] (jffs2_do_reserve_space+0x420/0x440 [jffs2]) +[] (jffs2_reserve_space_gc+0x34/0x78 [jffs2]) +[] (jffs2_garbage_collect_dnode.isra.3+0x264/0x478 [jffs2]) +[] (jffs2_garbage_collect_pass+0x9c0/0xe4c [jffs2]) +[] (jffs2_reserve_space+0x104/0x2a8 [jffs2]) +[] (jffs2_write_inode_range+0x5c/0x4d4 [jffs2]) +[] (jffs2_write_end+0x198/0x2c0 [jffs2]) +[] (generic_file_buffered_write+0x158/0x200) +[] (__generic_file_aio_write+0x3a4/0x414) +[] (generic_file_aio_write+0x5c/0xbc) +[] (do_sync_write+0x98/0xd4) +[] (vfs_write+0xa8/0x150) +[] (sys_write+0x3c/0xc0)] + +Fix this by adding a cond_resched() in the while loop. + +[akpm@linux-foundation.org: don't initialize `ret'] +Signed-off-by: Li Zefan +Cc: David Woodhouse +Cc: Artem Bityutskiy +Signed-off-by: Andrew Morton +Signed-off-by: Brian Norris +Signed-off-by: Greg Kroah-Hartman + +--- + fs/jffs2/nodemgmt.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +--- a/fs/jffs2/nodemgmt.c ++++ b/fs/jffs2/nodemgmt.c +@@ -211,20 +211,25 @@ out: + int jffs2_reserve_space_gc(struct jffs2_sb_info *c, uint32_t minsize, + uint32_t *len, uint32_t sumsize) + { +- int ret = -EAGAIN; ++ int ret; + minsize = PAD(minsize); + + jffs2_dbg(1, "%s(): Requested 0x%x bytes\n", __func__, minsize); + +- spin_lock(&c->erase_completion_lock); +- while(ret == -EAGAIN) { ++ while (true) { ++ spin_lock(&c->erase_completion_lock); + ret = jffs2_do_reserve_space(c, minsize, len, sumsize); + if (ret) { + jffs2_dbg(1, "%s(): looping, ret is %d\n", + __func__, ret); + } ++ spin_unlock(&c->erase_completion_lock); ++ ++ if (ret == -EAGAIN) ++ cond_resched(); ++ else ++ break; + } +- spin_unlock(&c->erase_completion_lock); + if (!ret) + ret = jffs2_prealloc_raw_node_refs(c, c->nextblock, 1); + diff --git a/queue-3.10/jffs2-fix-crash-due-to-truncation-of-csize.patch b/queue-3.10/jffs2-fix-crash-due-to-truncation-of-csize.patch new file mode 100644 index 00000000000..e333650cb86 --- /dev/null +++ b/queue-3.10/jffs2-fix-crash-due-to-truncation-of-csize.patch @@ -0,0 +1,81 @@ +From 41bf1a24c1001f4d0d41a78e1ac575d2f14789d7 Mon Sep 17 00:00:00 2001 +From: Ajesh Kunhipurayil Vijayan +Date: Mon, 6 Jan 2014 19:06:55 +0530 +Subject: jffs2: Fix crash due to truncation of csize + +From: Ajesh Kunhipurayil Vijayan + +commit 41bf1a24c1001f4d0d41a78e1ac575d2f14789d7 upstream. + +mounting JFFS2 partition sometimes crashes with this call trace: + +[ 1322.240000] Kernel bug detected[#1]: +[ 1322.244000] Cpu 2 +[ 1322.244000] $ 0 : 0000000000000000 0000000000000018 000000003ff00070 0000000000000001 +[ 1322.252000] $ 4 : 0000000000000000 c0000000f3980150 0000000000000000 0000000000010000 +[ 1322.260000] $ 8 : ffffffffc09cd5f8 0000000000000001 0000000000000088 c0000000ed300de8 +[ 1322.268000] $12 : e5e19d9c5f613a45 ffffffffc046d464 0000000000000000 66227ba5ea67b74e +[ 1322.276000] $16 : c0000000f1769c00 c0000000ed1e0200 c0000000f3980150 0000000000000000 +[ 1322.284000] $20 : c0000000f3a80000 00000000fffffffc c0000000ed2cfbd8 c0000000f39818f0 +[ 1322.292000] $24 : 0000000000000004 0000000000000000 +[ 1322.300000] $28 : c0000000ed2c0000 c0000000ed2cfab8 0000000000010000 ffffffffc039c0b0 +[ 1322.308000] Hi : 000000000000023c +[ 1322.312000] Lo : 000000000003f802 +[ 1322.316000] epc : ffffffffc039a9f8 check_tn_node+0x88/0x3b0 +[ 1322.320000] Not tainted +[ 1322.324000] ra : ffffffffc039c0b0 jffs2_do_read_inode_internal+0x1250/0x1e48 +[ 1322.332000] Status: 5400f8e3 KX SX UX KERNEL EXL IE +[ 1322.336000] Cause : 00800034 +[ 1322.340000] PrId : 000c1004 (Netlogic XLP) +[ 1322.344000] Modules linked in: +[ 1322.348000] Process jffs2_gcd_mtd7 (pid: 264, threadinfo=c0000000ed2c0000, task=c0000000f0e68dd8, tls=0000000000000000) +[ 1322.356000] Stack : c0000000f1769e30 c0000000ed010780 c0000000ed010780 c0000000ed300000 + c0000000f1769c00 c0000000f3980150 c0000000f3a80000 00000000fffffffc + c0000000ed2cfbd8 ffffffffc039c0b0 ffffffffc09c6340 0000000000001000 + 0000000000000dec ffffffffc016c9d8 c0000000f39805a0 c0000000f3980180 + 0000008600000000 0000000000000000 0000000000000000 0000000000000000 + 0001000000000dec c0000000f1769d98 c0000000ed2cfb18 0000000000010000 + 0000000000010000 0000000000000044 c0000000f3a80000 c0000000f1769c00 + c0000000f3d207a8 c0000000f1769d98 c0000000f1769de0 ffffffffc076f9c0 + 0000000000000009 0000000000000000 0000000000000000 ffffffffc039cf90 + 0000000000000017 ffffffffc013fbdc 0000000000000001 000000010003e61c + ... +[ 1322.424000] Call Trace: +[ 1322.428000] [] check_tn_node+0x88/0x3b0 +[ 1322.432000] [] jffs2_do_read_inode_internal+0x1250/0x1e48 +[ 1322.440000] [] jffs2_do_crccheck_inode+0x70/0xd0 +[ 1322.448000] [] jffs2_garbage_collect_pass+0x160/0x870 +[ 1322.452000] [] jffs2_garbage_collect_thread+0xdc/0x1f0 +[ 1322.460000] [] kthread+0xb8/0xc0 +[ 1322.464000] [] kernel_thread_helper+0x10/0x18 +[ 1322.472000] +[ 1322.472000] +Code: 67bd0050 94a4002c 2c830001 <00038036> de050218 2403fffc 0080a82d 00431824 24630044 +[ 1322.480000] ---[ end trace b052bb90e97dfbf5 ]--- + +The variable csize in structure jffs2_tmp_dnode_info is of type uint16_t, but it +is used to hold the compressed data length(csize) which is declared as uint32_t. +So, when the value of csize exceeds 16bits, it gets truncated when assigned to +tn->csize. This is causing a kernel BUG. +Changing the definition of csize in jffs2_tmp_dnode_info to uint32_t fixes the issue. + +Signed-off-by: Ajesh Kunhipurayil Vijayan +Signed-off-by: Kamlakant Patel +Signed-off-by: Brian Norris +Signed-off-by: Greg Kroah-Hartman + +--- + fs/jffs2/nodelist.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/jffs2/nodelist.h ++++ b/fs/jffs2/nodelist.h +@@ -231,7 +231,7 @@ struct jffs2_tmp_dnode_info + uint32_t version; + uint32_t data_crc; + uint32_t partial_crc; +- uint16_t csize; ++ uint32_t csize; + uint16_t overlapped; + }; + diff --git a/queue-3.10/jffs2-fix-segmentation-fault-found-in-stress-test.patch b/queue-3.10/jffs2-fix-segmentation-fault-found-in-stress-test.patch new file mode 100644 index 00000000000..660d094e7a1 --- /dev/null +++ b/queue-3.10/jffs2-fix-segmentation-fault-found-in-stress-test.patch @@ -0,0 +1,99 @@ +From 3367da5610c50e6b83f86d366d72b41b350b06a2 Mon Sep 17 00:00:00 2001 +From: Kamlakant Patel +Date: Mon, 6 Jan 2014 19:06:54 +0530 +Subject: jffs2: Fix segmentation fault found in stress test + +From: Kamlakant Patel + +commit 3367da5610c50e6b83f86d366d72b41b350b06a2 upstream. + +Creating a large file on a JFFS2 partition sometimes crashes with this call +trace: + +[ 306.476000] CPU 13 Unable to handle kernel paging request at virtual address c0000000dfff8002, epc == ffffffffc03a80a8, ra == ffffffffc03a8044 +[ 306.488000] Oops[#1]: +[ 306.488000] Cpu 13 +[ 306.492000] $ 0 : 0000000000000000 0000000000000000 0000000000008008 0000000000008007 +[ 306.500000] $ 4 : c0000000dfff8002 000000000000009f c0000000e0007cde c0000000ee95fa58 +[ 306.508000] $ 8 : 0000000000000001 0000000000008008 0000000000010000 ffffffffffff8002 +[ 306.516000] $12 : 0000000000007fa9 000000000000ff0e 000000000000ff0f 80e55930aebb92bb +[ 306.524000] $16 : c0000000e0000000 c0000000ee95fa5c c0000000efc80000 ffffffffc09edd70 +[ 306.532000] $20 : ffffffffc2b60000 c0000000ee95fa58 0000000000000000 c0000000efc80000 +[ 306.540000] $24 : 0000000000000000 0000000000000004 +[ 306.548000] $28 : c0000000ee950000 c0000000ee95f738 0000000000000000 ffffffffc03a8044 +[ 306.556000] Hi : 00000000000574a5 +[ 306.560000] Lo : 6193b7a7e903d8c9 +[ 306.564000] epc : ffffffffc03a80a8 jffs2_rtime_compress+0x98/0x198 +[ 306.568000] Tainted: G W +[ 306.572000] ra : ffffffffc03a8044 jffs2_rtime_compress+0x34/0x198 +[ 306.580000] Status: 5000f8e3 KX SX UX KERNEL EXL IE +[ 306.584000] Cause : 00800008 +[ 306.588000] BadVA : c0000000dfff8002 +[ 306.592000] PrId : 000c1100 (Netlogic XLP) +[ 306.596000] Modules linked in: +[ 306.596000] Process dd (pid: 170, threadinfo=c0000000ee950000, task=c0000000ee6e0858, tls=0000000000c47490) +[ 306.608000] Stack : 7c547f377ddc7ee4 7ffc7f967f5d7fae 7f617f507fc37ff4 7e7d7f817f487f5f + 7d8e7fec7ee87eb3 7e977ff27eec7f9e 7d677ec67f917f67 7f3d7e457f017ed7 + 7fd37f517f867eb2 7fed7fd17ca57e1d 7e5f7fe87f257f77 7fd77f0d7ede7fdb + 7fba7fef7e197f99 7fde7fe07ee37eb5 7f5c7f8c7fc67f65 7f457fb87f847e93 + 7f737f3e7d137cd9 7f8e7e9c7fc47d25 7dbb7fac7fb67e52 7ff17f627da97f64 + 7f6b7df77ffa7ec5 80057ef17f357fb3 7f767fa27dfc7fd5 7fe37e8e7fd07e53 + 7e227fcf7efb7fa1 7f547e787fa87fcc 7fcb7fc57f5a7ffb 7fc07f6c7ea97e80 + 7e2d7ed17e587ee0 7fb17f9d7feb7f31 7f607e797e887faa 7f757fdd7c607ff3 + 7e877e657ef37fbd 7ec17fd67fe67ff7 7ff67f797ff87dc4 7eef7f3a7c337fa6 + 7fe57fc97ed87f4b 7ebe7f097f0b8003 7fe97e2a7d997cba 7f587f987f3c7fa9 + ... +[ 306.676000] Call Trace: +[ 306.680000] [] jffs2_rtime_compress+0x98/0x198 +[ 306.684000] [] jffs2_selected_compress+0x110/0x230 +[ 306.692000] [] jffs2_compress+0x5c/0x388 +[ 306.696000] [] jffs2_write_inode_range+0xd8/0x388 +[ 306.704000] [] jffs2_write_end+0x16c/0x2d0 +[ 306.708000] [] generic_file_buffered_write+0xf8/0x2b8 +[ 306.716000] [] __generic_file_aio_write+0x1ac/0x350 +[ 306.720000] [] generic_file_aio_write+0x80/0x168 +[ 306.728000] [] do_sync_write+0x94/0xf8 +[ 306.732000] [] vfs_write+0xa4/0x1a0 +[ 306.736000] [] SyS_write+0x50/0x90 +[ 306.744000] [] handle_sys+0x180/0x1a0 +[ 306.748000] +[ 306.748000] +Code: 020b202d 0205282d 90a50000 <90840000> 14a40038 00000000 0060602d 0000282d 016c5823 +[ 306.760000] ---[ end trace 79dd088435be02d0 ]--- +Segmentation fault + +This crash is caused because the 'positions' is declared as an array of signed +short. The value of position is in the range 0..65535, and will be converted +to a negative number when the position is greater than 32767 and causes a +corruption and crash. Changing the definition to 'unsigned short' fixes this +issue + +Signed-off-by: Jayachandran C +Signed-off-by: Kamlakant Patel +Signed-off-by: Brian Norris +Signed-off-by: Greg Kroah-Hartman + +--- + fs/jffs2/compr_rtime.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/jffs2/compr_rtime.c ++++ b/fs/jffs2/compr_rtime.c +@@ -33,7 +33,7 @@ static int jffs2_rtime_compress(unsigned + unsigned char *cpage_out, + uint32_t *sourcelen, uint32_t *dstlen) + { +- short positions[256]; ++ unsigned short positions[256]; + int outpos = 0; + int pos=0; + +@@ -74,7 +74,7 @@ static int jffs2_rtime_decompress(unsign + unsigned char *cpage_out, + uint32_t srclen, uint32_t destlen) + { +- short positions[256]; ++ unsigned short positions[256]; + int outpos = 0; + int pos=0; + diff --git a/queue-3.10/jffs2-remove-from-wait-queue-after-schedule.patch b/queue-3.10/jffs2-remove-from-wait-queue-after-schedule.patch new file mode 100644 index 00000000000..8989a57ca8b --- /dev/null +++ b/queue-3.10/jffs2-remove-from-wait-queue-after-schedule.patch @@ -0,0 +1,35 @@ +From 3ead9578443b66ddb3d50ed4f53af8a0c0298ec5 Mon Sep 17 00:00:00 2001 +From: Li Zefan +Date: Wed, 12 Feb 2014 12:44:57 -0800 +Subject: jffs2: remove from wait queue after schedule() + +From: Li Zefan + +commit 3ead9578443b66ddb3d50ed4f53af8a0c0298ec5 upstream. + +@wait is a local variable, so if we don't remove it from the wait queue +list, later wake_up() may end up accessing invalid memory. + +This was spotted by eyes. + +Signed-off-by: Li Zefan +Cc: David Woodhouse +Cc: Artem Bityutskiy +Signed-off-by: Andrew Morton +Signed-off-by: Brian Norris +Signed-off-by: Greg Kroah-Hartman + +--- + fs/jffs2/nodemgmt.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/jffs2/nodemgmt.c ++++ b/fs/jffs2/nodemgmt.c +@@ -179,6 +179,7 @@ int jffs2_reserve_space(struct jffs2_sb_ + spin_unlock(&c->erase_completion_lock); + + schedule(); ++ remove_wait_queue(&c->erase_wait, &wait); + } else + spin_unlock(&c->erase_completion_lock); + } else if (ret) diff --git a/queue-3.10/revert-sparc64-fix-__copy_-to-from-_user_inatomic-defines.patch b/queue-3.10/revert-sparc64-fix-__copy_-to-from-_user_inatomic-defines.patch new file mode 100644 index 00000000000..566df01a031 --- /dev/null +++ b/queue-3.10/revert-sparc64-fix-__copy_-to-from-_user_inatomic-defines.patch @@ -0,0 +1,42 @@ +From foo@baz Sun Apr 20 18:23:45 PDT 2014 +From: Dave Kleikamp +Date: Mon, 16 Dec 2013 15:01:00 -0600 +Subject: Revert "sparc64: Fix __copy_{to,from}_user_inatomic defines." + +From: Dave Kleikamp + +[ Upstream commit 16932237f2978a2265662f8de4af743b1f55a209 ] + +This reverts commit 145e1c0023585e0e8f6df22316308ec61c5066b2. + +This commit broke the behavior of __copy_from_user_inatomic when +it is only partially successful. Instead of returning the number +of bytes not copied, it now returns 1. This translates to the +wrong value being returned by iov_iter_copy_from_user_atomic. + +xfstests generic/246 and LTP writev01 both fail on btrfs and nfs +because of this. + +Signed-off-by: Dave Kleikamp +Cc: Hugh Dickins +Cc: David S. Miller +Cc: sparclinux@vger.kernel.org +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + arch/sparc/include/asm/uaccess_64.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/sparc/include/asm/uaccess_64.h ++++ b/arch/sparc/include/asm/uaccess_64.h +@@ -262,8 +262,8 @@ extern unsigned long __must_check __clea + extern __must_check long strlen_user(const char __user *str); + extern __must_check long strnlen_user(const char __user *str, long n); + +-#define __copy_to_user_inatomic ___copy_to_user +-#define __copy_from_user_inatomic ___copy_from_user ++#define __copy_to_user_inatomic __copy_to_user ++#define __copy_from_user_inatomic __copy_from_user + + struct pt_regs; + extern unsigned long compute_effective_address(struct pt_regs *, diff --git a/queue-3.10/series b/queue-3.10/series index 75fe6bf7daa..2acea454ab2 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -9,3 +9,14 @@ bluetooth-fix-removing-long-term-key.patch backing_dev-fix-hung-task-on-sync.patch bdi-avoid-oops-on-device-removal.patch btrfs-skip-submitting-barrier-for-missing-device.patch +ext4-fix-error-return-from-ext4_ext_handle_uninitialized_extents.patch +ext4-fix-partial-cluster-handling-for-bigalloc-file-systems.patch +jffs2-fix-segmentation-fault-found-in-stress-test.patch +jffs2-fix-crash-due-to-truncation-of-csize.patch +jffs2-avoid-soft-lockup-in-jffs2_reserve_space_gc.patch +jffs2-remove-from-wait-queue-after-schedule.patch +sparc-pci-fix-incorrect-address-calculation-of-pci-bridge-windows-on-simba-bridges.patch +revert-sparc64-fix-__copy_-to-from-_user_inatomic-defines.patch +sparc32-fix-build-failure-for-arch_jump_label_transform.patch +sparc64-don-t-treat-64-bit-syscall-return-codes-as-32-bit.patch +sparc64-make-sure-pil-interrupts-are-enabled-during-hypervisor-yield.patch diff --git a/queue-3.10/sparc-pci-fix-incorrect-address-calculation-of-pci-bridge-windows-on-simba-bridges.patch b/queue-3.10/sparc-pci-fix-incorrect-address-calculation-of-pci-bridge-windows-on-simba-bridges.patch new file mode 100644 index 00000000000..b510fb640eb --- /dev/null +++ b/queue-3.10/sparc-pci-fix-incorrect-address-calculation-of-pci-bridge-windows-on-simba-bridges.patch @@ -0,0 +1,43 @@ +From foo@baz Sun Apr 20 18:23:45 PDT 2014 +From: oftedal +Date: Fri, 18 Oct 2013 22:28:29 +0200 +Subject: sparc: PCI: Fix incorrect address calculation of PCI Bridge windows on Simba-bridges + +From: oftedal + +[ Upstream commit 557fc5873ef178c4b3e1e36a42db547ecdc43f9b ] + +The SIMBA APB Bridges lacks the 'ranges' of-property describing the +PCI I/O and memory areas located beneath the bridge. Faking this +information has been performed by reading range registers in the +APB bridge, and calculating the corresponding areas. + +In commit 01f94c4a6ced476ce69b895426fc29bfc48c69bd +("Fix sabre pci controllers with new probing scheme.") a bug was +introduced into this calculation, causing the PCI memory areas +to be calculated incorrectly: The shift size was set to be +identical for I/O and MEM ranges, which is incorrect. + +This patch set the shift size of the MEM range back to the +value used before 01f94c4a6ced476ce69b895426fc29bfc48c69bd. + +Signed-off-by: Kjetil Oftedal +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + arch/sparc/kernel/pci.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/sparc/kernel/pci.c ++++ b/arch/sparc/kernel/pci.c +@@ -399,8 +399,8 @@ static void apb_fake_ranges(struct pci_d + apb_calc_first_last(map, &first, &last); + res = bus->resource[1]; + res->flags = IORESOURCE_MEM; +- region.start = (first << 21); +- region.end = (last << 21) + ((1 << 21) - 1); ++ region.start = (first << 29); ++ region.end = (last << 29) + ((1 << 29) - 1); + pcibios_bus_to_resource(dev, res, ®ion); + } + diff --git a/queue-3.10/sparc32-fix-build-failure-for-arch_jump_label_transform.patch b/queue-3.10/sparc32-fix-build-failure-for-arch_jump_label_transform.patch new file mode 100644 index 00000000000..0597b25296f --- /dev/null +++ b/queue-3.10/sparc32-fix-build-failure-for-arch_jump_label_transform.patch @@ -0,0 +1,44 @@ +From foo@baz Sun Apr 20 18:23:45 PDT 2014 +From: Paul Gortmaker +Date: Thu, 13 Feb 2014 13:57:44 -0500 +Subject: sparc32: fix build failure for arch_jump_label_transform + +From: Paul Gortmaker + +[ Upstream commit 4f6500fff5f7644a03c46728fd7ef0f62fa6940b ] + +In arch/sparc/Kernel/Makefile, we see: + + obj-$(CONFIG_SPARC64) += jump_label.o + +However, the Kconfig selects HAVE_ARCH_JUMP_LABEL unconditionally +for all SPARC. This in turn leads to the following failure when +doing allmodconfig coverage builds: + +kernel/built-in.o: In function `__jump_label_update': +jump_label.c:(.text+0x8560c): undefined reference to `arch_jump_label_transform' +kernel/built-in.o: In function `arch_jump_label_transform_static': +(.text+0x85cf4): undefined reference to `arch_jump_label_transform' +make: *** [vmlinux] Error 1 + +Change HAVE_ARCH_JUMP_LABEL to be conditional on SPARC64 so that it +matches the Makefile. + +Signed-off-by: Paul Gortmaker +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + arch/sparc/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/sparc/Kconfig ++++ b/arch/sparc/Kconfig +@@ -25,7 +25,7 @@ config SPARC + select RTC_DRV_M48T59 + select HAVE_DMA_ATTRS + select HAVE_DMA_API_DEBUG +- select HAVE_ARCH_JUMP_LABEL ++ select HAVE_ARCH_JUMP_LABEL if SPARC64 + select HAVE_GENERIC_HARDIRQS + select GENERIC_IRQ_SHOW + select ARCH_WANT_IPC_PARSE_VERSION diff --git a/queue-3.10/sparc64-don-t-treat-64-bit-syscall-return-codes-as-32-bit.patch b/queue-3.10/sparc64-don-t-treat-64-bit-syscall-return-codes-as-32-bit.patch new file mode 100644 index 00000000000..5d027e94f9e --- /dev/null +++ b/queue-3.10/sparc64-don-t-treat-64-bit-syscall-return-codes-as-32-bit.patch @@ -0,0 +1,47 @@ +From foo@baz Sun Apr 20 18:23:45 PDT 2014 +From: Dave Kleikamp +Date: Fri, 14 Mar 2014 10:42:01 -0500 +Subject: sparc64: don't treat 64-bit syscall return codes as 32-bit + +From: Dave Kleikamp + +[ Upstream commit 1535bd8adbdedd60a0ee62e28fd5225d66434371 ] + +When checking a system call return code for an error, +linux_sparc_syscall was sign-extending the lower 32-bit value and +comparing it to -ERESTART_RESTARTBLOCK. lseek can return valid return +codes whose lower 32-bits alone would indicate a failure (such as 4G-1). +Use the whole 64-bit value to check for errors. Only the 32-bit path +should sign extend the lower 32-bit value. + +Signed-off-by: Dave Kleikamp +Acked-by: Bob Picco +Acked-by: Allen Pais +Cc: David S. Miller +Cc: sparclinux@vger.kernel.org +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + arch/sparc/kernel/syscalls.S | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/sparc/kernel/syscalls.S ++++ b/arch/sparc/kernel/syscalls.S +@@ -189,7 +189,8 @@ linux_sparc_syscall32: + mov %i0, %l5 ! IEU1 + 5: call %l7 ! CTI Group brk forced + srl %i5, 0, %o5 ! IEU1 +- ba,a,pt %xcc, 3f ++ ba,pt %xcc, 3f ++ sra %o0, 0, %o0 + + /* Linux native system calls enter here... */ + .align 32 +@@ -217,7 +218,6 @@ linux_sparc_syscall: + 3: stx %o0, [%sp + PTREGS_OFF + PT_V9_I0] + ret_sys_call: + ldx [%sp + PTREGS_OFF + PT_V9_TSTATE], %g3 +- sra %o0, 0, %o0 + mov %ulo(TSTATE_XCARRY | TSTATE_ICARRY), %g2 + sllx %g2, 32, %g2 + diff --git a/queue-3.10/sparc64-make-sure-pil-interrupts-are-enabled-during-hypervisor-yield.patch b/queue-3.10/sparc64-make-sure-pil-interrupts-are-enabled-during-hypervisor-yield.patch new file mode 100644 index 00000000000..96bbb03c135 --- /dev/null +++ b/queue-3.10/sparc64-make-sure-pil-interrupts-are-enabled-during-hypervisor-yield.patch @@ -0,0 +1,58 @@ +From foo@baz Sun Apr 20 18:23:45 PDT 2014 +From: "David S. Miller" +Date: Mon, 24 Mar 2014 14:45:12 -0400 +Subject: sparc64: Make sure %pil interrupts are enabled during hypervisor yield. + +From: "David S. Miller" + +[ Upstream commit cb3042d609e30e6144024801c89be3925106752b ] + +In arch_cpu_idle() we must enable %pil based interrupts before +potentially invoking the hypervisor cpu yield call. + +As per the Hypervisor API documentation for cpu_yield: + + Interrupts which are blocked by some mechanism other that + pstate.ie (for example %pil) are not guaranteed to cause + a return from this service. + +It seems that only first generation Niagara chips are hit by this +bug. My best guess is that later chips implement this in hardware +and wake up anyways from %pil events, whereas in first generation +chips the yield is implemented completely in hypervisor code and +requires %pil to be enabled in order to wake properly from this +call. + +Fixes: 87fa05aeb3a5 ("sparc: Use generic idle loop") +Reported-by: Fabio M. Di Nitto +Reported-by: Jan Engelhardt +Tested-by: Jan Engelhardt +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + arch/sparc/kernel/process_64.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/arch/sparc/kernel/process_64.c ++++ b/arch/sparc/kernel/process_64.c +@@ -57,9 +57,12 @@ void arch_cpu_idle(void) + { + if (tlb_type != hypervisor) { + touch_nmi_watchdog(); ++ local_irq_enable(); + } else { + unsigned long pstate; + ++ local_irq_enable(); ++ + /* The sun4v sleeping code requires that we have PSTATE.IE cleared over + * the cpu sleep hypervisor call. + */ +@@ -81,7 +84,6 @@ void arch_cpu_idle(void) + : "=&r" (pstate) + : "i" (PSTATE_IE)); + } +- local_irq_enable(); + } + + #ifdef CONFIG_HOTPLUG_CPU