From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 9 Oct 2013 07:04:45 +0000 (-0700)
Subject: 3.0-stable patches
X-Git-Tag: v3.0.100~15
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c5e1e9e3c2efcb9e3ac94f20551b4212ad8c5bd9;p=thirdparty%2Fkernel%2Fstable-queue.git

3.0-stable patches

added patches:
	esp_scsi-fix-tag-state-corruption-when-autosensing.patch
	sparc32-fix-exit-flag-passed-from-traced-sys_sigreturn.patch
	sparc64-fix-itlb-handler-of-null-page.patch
	sparc64-fix-not-sra-ed-o5-in-32-bit-traced-syscall.patch
	sparc64-fix-off-by-one-in-trampoline-tlb-mapping-installation-loop.patch
	sparc64-remove-rwsem-export-leftovers.patch
---

diff --git a/queue-3.0/esp_scsi-fix-tag-state-corruption-when-autosensing.patch b/queue-3.0/esp_scsi-fix-tag-state-corruption-when-autosensing.patch
new file mode 100644
index 00000000000..35a99819494
--- /dev/null
+++ b/queue-3.0/esp_scsi-fix-tag-state-corruption-when-autosensing.patch
@@ -0,0 +1,94 @@
+From 8239506e58d7cab4e2f3b983b20281552f924e6b Mon Sep 17 00:00:00 2001
+From: "David S. Miller" <davem@davemloft.net>
+Date: Thu, 1 Aug 2013 18:08:34 -0700
+Subject: esp_scsi: Fix tag state corruption when autosensing.
+
+From: "David S. Miller" <davem@davemloft.net>
+
+[ Upstream commit 21af8107f27878813d0364733c0b08813c2c192a ]
+
+Meelis Roos reports a crash in esp_free_lun_tag() in the presense
+of a disk which has died.
+
+The issue is that when we issue an autosense command, we do so by
+hijacking the original command that caused the check-condition.
+
+When we do so we clear out the ent->tag[] array when we issue it via
+find_and_prep_issuable_command().  This is so that the autosense
+command is forced to be issued non-tagged.
+
+That is problematic, because it is the value of ent->tag[] which
+determines whether we issued the original scsi command as tagged
+vs. non-tagged (see esp_alloc_lun_tag()).
+
+And that, in turn, is what trips up the sanity checks in
+esp_free_lun_tag().  That function needs the original ->tag[] values
+in order to free up the tag slot properly.
+
+Fix this by remembering the original command's tag values, and
+having esp_alloc_lun_tag() and esp_free_lun_tag() use them.
+
+Reported-by: Meelis Roos <mroos@linux.ee>
+Tested-by: Meelis Roos <mroos@linux.ee>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/esp_scsi.c |   14 ++++++++------
+ drivers/scsi/esp_scsi.h |    1 +
+ 2 files changed, 9 insertions(+), 6 deletions(-)
+
+--- a/drivers/scsi/esp_scsi.c
++++ b/drivers/scsi/esp_scsi.c
+@@ -530,7 +530,7 @@ static int esp_need_to_nego_sync(struct
+ static int esp_alloc_lun_tag(struct esp_cmd_entry *ent,
+ 			     struct esp_lun_data *lp)
+ {
+-	if (!ent->tag[0]) {
++	if (!ent->orig_tag[0]) {
+ 		/* Non-tagged, slot already taken?  */
+ 		if (lp->non_tagged_cmd)
+ 			return -EBUSY;
+@@ -564,9 +564,9 @@ static int esp_alloc_lun_tag(struct esp_
+ 			return -EBUSY;
+ 	}
+ 
+-	BUG_ON(lp->tagged_cmds[ent->tag[1]]);
++	BUG_ON(lp->tagged_cmds[ent->orig_tag[1]]);
+ 
+-	lp->tagged_cmds[ent->tag[1]] = ent;
++	lp->tagged_cmds[ent->orig_tag[1]] = ent;
+ 	lp->num_tagged++;
+ 
+ 	return 0;
+@@ -575,9 +575,9 @@ static int esp_alloc_lun_tag(struct esp_
+ static void esp_free_lun_tag(struct esp_cmd_entry *ent,
+ 			     struct esp_lun_data *lp)
+ {
+-	if (ent->tag[0]) {
+-		BUG_ON(lp->tagged_cmds[ent->tag[1]] != ent);
+-		lp->tagged_cmds[ent->tag[1]] = NULL;
++	if (ent->orig_tag[0]) {
++		BUG_ON(lp->tagged_cmds[ent->orig_tag[1]] != ent);
++		lp->tagged_cmds[ent->orig_tag[1]] = NULL;
+ 		lp->num_tagged--;
+ 	} else {
+ 		BUG_ON(lp->non_tagged_cmd != ent);
+@@ -667,6 +667,8 @@ static struct esp_cmd_entry *find_and_pr
+ 			ent->tag[0] = 0;
+ 			ent->tag[1] = 0;
+ 		}
++		ent->orig_tag[0] = ent->tag[0];
++		ent->orig_tag[1] = ent->tag[1];
+ 
+ 		if (esp_alloc_lun_tag(ent, lp) < 0)
+ 			continue;
+--- a/drivers/scsi/esp_scsi.h
++++ b/drivers/scsi/esp_scsi.h
+@@ -271,6 +271,7 @@ struct esp_cmd_entry {
+ #define ESP_CMD_FLAG_AUTOSENSE	0x04 /* Doing automatic REQUEST_SENSE */
+ 
+ 	u8			tag[2];
++	u8			orig_tag[2];
+ 
+ 	u8			status;
+ 	u8			message;
diff --git a/queue-3.0/series b/queue-3.0/series
index a1472e7f7e5..ca8634d4832 100644
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -20,3 +20,9 @@ powerpc-iommu-use-gfp_kernel-instead-of-gfp_atomic-in-iommu_init_table.patch
 powerpc-vio-fix-modalias_show-return-values.patch
 powerpc-fix-parameter-clobber-in-csum_partial_copy_generic.patch
 powerpc-restore-registers-on-error-exit-from-csum_partial_copy_generic.patch
+esp_scsi-fix-tag-state-corruption-when-autosensing.patch
+sparc64-fix-itlb-handler-of-null-page.patch
+sparc64-remove-rwsem-export-leftovers.patch
+sparc64-fix-off-by-one-in-trampoline-tlb-mapping-installation-loop.patch
+sparc64-fix-not-sra-ed-o5-in-32-bit-traced-syscall.patch
+sparc32-fix-exit-flag-passed-from-traced-sys_sigreturn.patch
diff --git a/queue-3.0/sparc32-fix-exit-flag-passed-from-traced-sys_sigreturn.patch b/queue-3.0/sparc32-fix-exit-flag-passed-from-traced-sys_sigreturn.patch
new file mode 100644
index 00000000000..d5833e9d937
--- /dev/null
+++ b/queue-3.0/sparc32-fix-exit-flag-passed-from-traced-sys_sigreturn.patch
@@ -0,0 +1,30 @@
+From 53079d9d1a2b673288e9fd17df4535fdf437a014 Mon Sep 17 00:00:00 2001
+From: Kirill Tkhai <tkhai@yandex.ru>
+Date: Fri, 26 Jul 2013 01:17:15 +0400
+Subject: sparc32: Fix exit flag passed from traced sys_sigreturn
+
+From: Kirill Tkhai <tkhai@yandex.ru>
+
+[ Upstream commit 7a3b0f89e3fea680f93932691ca41a68eee7ab5e ]
+
+Pass 1 in %o1 to indicate that syscall_trace accounts exit.
+
+Signed-off-by: Kirill Tkhai <tkhai@yandex.ru>
+CC: David Miller <davem@davemloft.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/sparc/kernel/entry.S |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/sparc/kernel/entry.S
++++ b/arch/sparc/kernel/entry.S
+@@ -1177,7 +1177,7 @@ sys_sigreturn:
+ 	 nop
+ 
+ 	call	syscall_trace
+-	 nop
++	 mov	1, %o1
+ 
+ 1:
+ 	/* We don't want to muck with user registers like a
diff --git a/queue-3.0/sparc64-fix-itlb-handler-of-null-page.patch b/queue-3.0/sparc64-fix-itlb-handler-of-null-page.patch
new file mode 100644
index 00000000000..a5260a5f94f
--- /dev/null
+++ b/queue-3.0/sparc64-fix-itlb-handler-of-null-page.patch
@@ -0,0 +1,41 @@
+From 4daceb6c3779f884ec4ec3f306ad5b3c089a696e Mon Sep 17 00:00:00 2001
+From: Kirill Tkhai <tkhai@yandex.ru>
+Date: Fri, 2 Aug 2013 19:23:18 +0400
+Subject: sparc64: Fix ITLB handler of null page
+
+From: Kirill Tkhai <tkhai@yandex.ru>
+
+[ Upstream commit 1c2696cdaad84580545a2e9c0879ff597880b1a9 ]
+
+1)Use kvmap_itlb_longpath instead of kvmap_dtlb_longpath.
+
+2)Handle page #0 only, don't handle page #1: bleu -> blu
+
+ (KERNBASE is 0x400000, so #1 does not exist too. But everything
+  is possible in the future. Fix to not to have problems later.)
+
+3)Remove unused kvmap_itlb_nonlinear.
+
+Signed-off-by: Kirill Tkhai <tkhai@yandex.ru>
+CC: David Miller <davem@davemloft.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/sparc/kernel/ktlb.S |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/arch/sparc/kernel/ktlb.S
++++ b/arch/sparc/kernel/ktlb.S
+@@ -25,11 +25,10 @@ kvmap_itlb:
+ 	 */
+ kvmap_itlb_4v:
+ 
+-kvmap_itlb_nonlinear:
+ 	/* Catch kernel NULL pointer calls.  */
+ 	sethi		%hi(PAGE_SIZE), %g5
+ 	cmp		%g4, %g5
+-	bleu,pn		%xcc, kvmap_dtlb_longpath
++	blu,pn		%xcc, kvmap_itlb_longpath
+ 	 nop
+ 
+ 	KERN_TSB_LOOKUP_TL1(%g4, %g6, %g5, %g1, %g2, %g3, kvmap_itlb_load)
diff --git a/queue-3.0/sparc64-fix-not-sra-ed-o5-in-32-bit-traced-syscall.patch b/queue-3.0/sparc64-fix-not-sra-ed-o5-in-32-bit-traced-syscall.patch
new file mode 100644
index 00000000000..e81798c3f6c
--- /dev/null
+++ b/queue-3.0/sparc64-fix-not-sra-ed-o5-in-32-bit-traced-syscall.patch
@@ -0,0 +1,52 @@
+From c873c80e1a8322d90155fcaeba876d16b0af437d Mon Sep 17 00:00:00 2001
+From: Kirill Tkhai <tkhai@yandex.ru>
+Date: Fri, 26 Jul 2013 17:21:12 +0400
+Subject: sparc64: Fix not SRA'ed %o5 in 32-bit traced syscall
+
+From: Kirill Tkhai <tkhai@yandex.ru>
+
+[ Upstream commit ab2abda6377723e0d5fbbfe5f5aa16a5523344d1 ]
+
+(From v1 to v2: changed comment)
+
+On the way linux_sparc_syscall32->linux_syscall_trace32->goto 2f,
+register %o5 doesn't clear its second 32-bit.
+
+Fix that.
+
+Signed-off-by: Kirill Tkhai <tkhai@yandex.ru>
+CC: David Miller <davem@davemloft.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/sparc/kernel/syscalls.S |    8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/arch/sparc/kernel/syscalls.S
++++ b/arch/sparc/kernel/syscalls.S
+@@ -147,7 +147,7 @@ linux_syscall_trace32:
+ 	srl	%i4, 0, %o4
+ 	srl	%i1, 0, %o1
+ 	srl	%i2, 0, %o2
+-	ba,pt	%xcc, 2f
++	ba,pt	%xcc, 5f
+ 	 srl	%i3, 0, %o3
+ 
+ linux_syscall_trace:
+@@ -177,13 +177,13 @@ linux_sparc_syscall32:
+ 	srl	%i1, 0, %o1				! IEU0	Group
+ 	ldx	[%g6 + TI_FLAGS], %l0		! Load
+ 
+-	srl	%i5, 0, %o5				! IEU1
++	srl	%i3, 0, %o3				! IEU0
+ 	srl	%i2, 0, %o2				! IEU0	Group
+ 	andcc	%l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %g0
+ 	bne,pn	%icc, linux_syscall_trace32		! CTI
+ 	 mov	%i0, %l5				! IEU1
+-	call	%l7					! CTI	Group brk forced
+-	 srl	%i3, 0, %o3				! IEU0
++5:	call	%l7					! CTI	Group brk forced
++	 srl	%i5, 0, %o5				! IEU1
+ 	ba,a,pt	%xcc, 3f
+ 
+ 	/* Linux native system calls enter here... */
diff --git a/queue-3.0/sparc64-fix-off-by-one-in-trampoline-tlb-mapping-installation-loop.patch b/queue-3.0/sparc64-fix-off-by-one-in-trampoline-tlb-mapping-installation-loop.patch
new file mode 100644
index 00000000000..ee691d434bd
--- /dev/null
+++ b/queue-3.0/sparc64-fix-off-by-one-in-trampoline-tlb-mapping-installation-loop.patch
@@ -0,0 +1,34 @@
+From 0ce69f0ef84a20924bfbf72b9b9a16521cdf906f Mon Sep 17 00:00:00 2001
+From: "David S. Miller" <davem@davemloft.net>
+Date: Thu, 22 Aug 2013 16:38:46 -0700
+Subject: sparc64: Fix off by one in trampoline TLB mapping installation loop.
+
+From: "David S. Miller" <davem@davemloft.net>
+
+[ Upstream commit 63d499662aeec1864ec36d042aca8184ea6a938e ]
+
+Reported-by: Kirill Tkhai <tkhai@yandex.ru>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/sparc/kernel/trampoline_64.S |    2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/arch/sparc/kernel/trampoline_64.S
++++ b/arch/sparc/kernel/trampoline_64.S
+@@ -131,7 +131,6 @@ startup_continue:
+ 	clr		%l5
+ 	sethi		%hi(num_kernel_image_mappings), %l6
+ 	lduw		[%l6 + %lo(num_kernel_image_mappings)], %l6
+-	add		%l6, 1, %l6
+ 
+ 	mov		15, %l7
+ 	BRANCH_IF_ANY_CHEETAH(g1,g5,2f)
+@@ -224,7 +223,6 @@ niagara_lock_tlb:
+ 	clr		%l5
+ 	sethi		%hi(num_kernel_image_mappings), %l6
+ 	lduw		[%l6 + %lo(num_kernel_image_mappings)], %l6
+-	add		%l6, 1, %l6
+ 
+ 1:
+ 	mov		HV_FAST_MMU_MAP_PERM_ADDR, %o5
diff --git a/queue-3.0/sparc64-remove-rwsem-export-leftovers.patch b/queue-3.0/sparc64-remove-rwsem-export-leftovers.patch
new file mode 100644
index 00000000000..6f22d931816
--- /dev/null
+++ b/queue-3.0/sparc64-remove-rwsem-export-leftovers.patch
@@ -0,0 +1,48 @@
+From 3c48e0211d299d935f8877cecb2db89bd1ef530a Mon Sep 17 00:00:00 2001
+From: Kirill Tkhai <tkhai@yandex.ru>
+Date: Mon, 12 Aug 2013 16:02:24 +0400
+Subject: sparc64: Remove RWSEM export leftovers
+
+From: Kirill Tkhai <tkhai@yandex.ru>
+
+[ Upstream commit 61d9b9355b0d427bd1e732bd54628ff9103e496f ]
+
+The functions
+
+			__down_read
+			__down_read_trylock
+			__down_write
+			__down_write_trylock
+			__up_read
+			__up_write
+			__downgrade_write
+
+are implemented inline, so remove corresponding EXPORT_SYMBOLs
+(They lead to compile errors on RT kernel).
+
+Signed-off-by: Kirill Tkhai <tkhai@yandex.ru>
+CC: David Miller <davem@davemloft.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/sparc/lib/ksyms.c |    9 ---------
+ 1 file changed, 9 deletions(-)
+
+--- a/arch/sparc/lib/ksyms.c
++++ b/arch/sparc/lib/ksyms.c
+@@ -131,15 +131,6 @@ EXPORT_SYMBOL(___copy_from_user);
+ EXPORT_SYMBOL(___copy_in_user);
+ EXPORT_SYMBOL(__clear_user);
+ 
+-/* RW semaphores */
+-EXPORT_SYMBOL(__down_read);
+-EXPORT_SYMBOL(__down_read_trylock);
+-EXPORT_SYMBOL(__down_write);
+-EXPORT_SYMBOL(__down_write_trylock);
+-EXPORT_SYMBOL(__up_read);
+-EXPORT_SYMBOL(__up_write);
+-EXPORT_SYMBOL(__downgrade_write);
+-
+ /* Atomic counter implementation. */
+ EXPORT_SYMBOL(atomic_add);
+ EXPORT_SYMBOL(atomic_add_ret);