From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 7 Sep 2012 17:23:36 +0000 (-0700)
Subject: 3.0-stable patches
X-Git-Tag: v3.5.4~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f7b90dbafca20f08ae5e28f4405d0c5ce04372cc;p=thirdparty%2Fkernel%2Fstable-queue.git

3.0-stable patches

added patches:
	powerpc-fix-dscr-inheritance-in-copy_thread.patch
	powerpc-restore-correct-dscr-in-context-switch.patch
	remove-user-triggerable-bug-from-mpol_to_str.patch
---

diff --git a/queue-3.0/powerpc-fix-dscr-inheritance-in-copy_thread.patch b/queue-3.0/powerpc-fix-dscr-inheritance-in-copy_thread.patch
new file mode 100644
index 00000000000..7dca2011b60
--- /dev/null
+++ b/queue-3.0/powerpc-fix-dscr-inheritance-in-copy_thread.patch
@@ -0,0 +1,50 @@
+From 1021cb268b3025573c4811f1dee4a11260c4507b Mon Sep 17 00:00:00 2001
+From: Anton Blanchard <anton@samba.org>
+Date: Mon, 3 Sep 2012 16:49:47 +0000
+Subject: powerpc: Fix DSCR inheritance in copy_thread()
+
+From: Anton Blanchard <anton@samba.org>
+
+commit 1021cb268b3025573c4811f1dee4a11260c4507b upstream.
+
+If the default DSCR is non zero we set thread.dscr_inherit in
+copy_thread() meaning the new thread and all its children will ignore
+future updates to the default DSCR. This is not intended and is
+a change in behaviour that a number of our users have hit.
+
+We just need to inherit thread.dscr and thread.dscr_inherit from
+the parent which ends up being much simpler.
+
+This was found with the following test case:
+
+http://ozlabs.org/~anton/junkcode/dscr_default_test.c
+
+Signed-off-by: Anton Blanchard <anton@samba.org>
+Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kernel/process.c |   12 ++----------
+ 1 file changed, 2 insertions(+), 10 deletions(-)
+
+--- a/arch/powerpc/kernel/process.c
++++ b/arch/powerpc/kernel/process.c
+@@ -794,16 +794,8 @@ int copy_thread(unsigned long clone_flag
+ #endif /* CONFIG_PPC_STD_MMU_64 */
+ #ifdef CONFIG_PPC64 
+ 	if (cpu_has_feature(CPU_FTR_DSCR)) {
+-		if (current->thread.dscr_inherit) {
+-			p->thread.dscr_inherit = 1;
+-			p->thread.dscr = current->thread.dscr;
+-		} else if (0 != dscr_default) {
+-			p->thread.dscr_inherit = 1;
+-			p->thread.dscr = dscr_default;
+-		} else {
+-			p->thread.dscr_inherit = 0;
+-			p->thread.dscr = 0;
+-		}
++		p->thread.dscr_inherit = current->thread.dscr_inherit;
++		p->thread.dscr = current->thread.dscr;
+ 	}
+ #endif
+ 
diff --git a/queue-3.0/powerpc-restore-correct-dscr-in-context-switch.patch b/queue-3.0/powerpc-restore-correct-dscr-in-context-switch.patch
new file mode 100644
index 00000000000..2cd29b54aac
--- /dev/null
+++ b/queue-3.0/powerpc-restore-correct-dscr-in-context-switch.patch
@@ -0,0 +1,99 @@
+From 714332858bfd40dcf8f741498336d93875c23aa7 Mon Sep 17 00:00:00 2001
+From: Anton Blanchard <anton@samba.org>
+Date: Mon, 3 Sep 2012 16:51:10 +0000
+Subject: powerpc: Restore correct DSCR in context switch
+
+From: Anton Blanchard <anton@samba.org>
+
+commit 714332858bfd40dcf8f741498336d93875c23aa7 upstream.
+
+During a context switch we always restore the per thread DSCR value.
+If we aren't doing explicit DSCR management
+(ie thread.dscr_inherit == 0) and the default DSCR changed while
+the process has been sleeping we end up with the wrong value.
+
+Check thread.dscr_inherit and select the default DSCR or per thread
+DSCR as required.
+
+This was found with the following test case, when running with
+more threads than CPUs (ie forcing context switching):
+
+http://ozlabs.org/~anton/junkcode/dscr_default_test.c
+
+With the four patches applied I can run a combination of all
+test cases successfully at the same time:
+
+http://ozlabs.org/~anton/junkcode/dscr_default_test.c
+http://ozlabs.org/~anton/junkcode/dscr_explicit_test.c
+http://ozlabs.org/~anton/junkcode/dscr_inherit_test.c
+
+Signed-off-by: Anton Blanchard <anton@samba.org>
+Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kernel/asm-offsets.c |    1 +
+ arch/powerpc/kernel/entry_64.S    |   23 +++++++++++++++++------
+ 2 files changed, 18 insertions(+), 6 deletions(-)
+
+--- a/arch/powerpc/kernel/asm-offsets.c
++++ b/arch/powerpc/kernel/asm-offsets.c
+@@ -75,6 +75,7 @@ int main(void)
+ 	DEFINE(SIGSEGV, SIGSEGV);
+ 	DEFINE(NMI_MASK, NMI_MASK);
+ 	DEFINE(THREAD_DSCR, offsetof(struct thread_struct, dscr));
++	DEFINE(THREAD_DSCR_INHERIT, offsetof(struct thread_struct, dscr_inherit));
+ #else
+ 	DEFINE(THREAD_INFO, offsetof(struct task_struct, stack));
+ #endif /* CONFIG_PPC64 */
+--- a/arch/powerpc/kernel/entry_64.S
++++ b/arch/powerpc/kernel/entry_64.S
+@@ -380,6 +380,12 @@ _GLOBAL(ret_from_fork)
+ 	li	r3,0
+ 	b	syscall_exit
+ 
++	.section	".toc","aw"
++DSCR_DEFAULT:
++	.tc dscr_default[TC],dscr_default
++
++	.section	".text"
++
+ /*
+  * This routine switches between two different tasks.  The process
+  * state of one is saved on its kernel stack.  Then the state
+@@ -519,9 +525,6 @@ END_MMU_FTR_SECTION_IFSET(MMU_FTR_1T_SEG
+ 	mr	r1,r8		/* start using new stack pointer */
+ 	std	r7,PACAKSAVE(r13)
+ 
+-	ld	r6,_CCR(r1)
+-	mtcrf	0xFF,r6
+-
+ #ifdef CONFIG_ALTIVEC
+ BEGIN_FTR_SECTION
+ 	ld	r0,THREAD_VRSAVE(r4)
+@@ -530,14 +533,22 @@ END_FTR_SECTION_IFSET(CPU_FTR_ALTIVEC)
+ #endif /* CONFIG_ALTIVEC */
+ #ifdef CONFIG_PPC64
+ BEGIN_FTR_SECTION
++	lwz	r6,THREAD_DSCR_INHERIT(r4)
++	ld	r7,DSCR_DEFAULT@toc(2)
+ 	ld	r0,THREAD_DSCR(r4)
+-	cmpd	r0,r25
+-	beq	1f
++	cmpwi	r6,0
++	bne	1f
++	ld	r0,0(r7)
++1:	cmpd	r0,r25
++	beq	2f
+ 	mtspr	SPRN_DSCR,r0
+-1:	
++2:
+ END_FTR_SECTION_IFSET(CPU_FTR_DSCR)
+ #endif
+ 
++	ld	r6,_CCR(r1)
++	mtcrf	0xFF,r6
++
+ 	/* r3-r13 are destroyed -- Cort */
+ 	REST_8GPRS(14, r1)
+ 	REST_10GPRS(22, r1)
diff --git a/queue-3.0/remove-user-triggerable-bug-from-mpol_to_str.patch b/queue-3.0/remove-user-triggerable-bug-from-mpol_to_str.patch
new file mode 100644
index 00000000000..868996537e5
--- /dev/null
+++ b/queue-3.0/remove-user-triggerable-bug-from-mpol_to_str.patch
@@ -0,0 +1,42 @@
+From 80de7c3138ee9fd86a98696fd2cf7ad89b995d0a Mon Sep 17 00:00:00 2001
+From: Dave Jones <davej@redhat.com>
+Date: Thu, 6 Sep 2012 12:01:00 -0400
+Subject: Remove user-triggerable BUG from mpol_to_str
+
+From: Dave Jones <davej@redhat.com>
+
+commit 80de7c3138ee9fd86a98696fd2cf7ad89b995d0a upstream.
+
+Trivially triggerable, found by trinity:
+
+  kernel BUG at mm/mempolicy.c:2546!
+  Process trinity-child2 (pid: 23988, threadinfo ffff88010197e000, task ffff88007821a670)
+  Call Trace:
+    show_numa_map+0xd5/0x450
+    show_pid_numa_map+0x13/0x20
+    traverse+0xf2/0x230
+    seq_read+0x34b/0x3e0
+    vfs_read+0xac/0x180
+    sys_pread64+0xa2/0xc0
+    system_call_fastpath+0x1a/0x1f
+  RIP: mpol_to_str+0x156/0x360
+
+Signed-off-by: Dave Jones <davej@redhat.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/mempolicy.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/mempolicy.c
++++ b/mm/mempolicy.c
+@@ -2500,7 +2500,7 @@ int mpol_to_str(char *buffer, int maxlen
+ 		break;
+ 
+ 	default:
+-		BUG();
++		return -EINVAL;
+ 	}
+ 
+ 	l = strlen(policy_modes[mode]);
diff --git a/queue-3.0/series b/queue-3.0/series
index 332f3a627ba..9ea42081a41 100644
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -30,3 +30,6 @@ usb-p54usb-remove-__devinit-from-the-struct-usb_device_id-table.patch
 usb-rtl8187-remove-__devinit-from-the-struct-usb_device_id-table.patch
 usb-smsusb-remove-__devinit-from-the-struct-usb_device_id-table.patch
 usb-cdc-acm-fix-null-pointer-dereference.patch
+powerpc-fix-dscr-inheritance-in-copy_thread.patch
+powerpc-restore-correct-dscr-in-context-switch.patch
+remove-user-triggerable-bug-from-mpol_to_str.patch