From d999337c89a78a769819be608bba369e3861c822 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 17 Apr 2012 14:14:39 -0700
Subject: [PATCH] 3.0-stable patches

added patches:
	ia64-fix-futex_atomic_cmpxchg_inatomic.patch
---
 ...64-fix-futex_atomic_cmpxchg_inatomic.patch | 56 +++++++++++++++++++
 queue-3.0/series                              |  1 +
 2 files changed, 57 insertions(+)
 create mode 100644 queue-3.0/ia64-fix-futex_atomic_cmpxchg_inatomic.patch

diff --git a/queue-3.0/ia64-fix-futex_atomic_cmpxchg_inatomic.patch b/queue-3.0/ia64-fix-futex_atomic_cmpxchg_inatomic.patch
new file mode 100644
index 00000000000..a7865f07b30
--- /dev/null
+++ b/queue-3.0/ia64-fix-futex_atomic_cmpxchg_inatomic.patch
@@ -0,0 +1,56 @@
+From c76f39bddb84f93f70a5520d9253ec0317bec216 Mon Sep 17 00:00:00 2001
+From: "Luck, Tony" <tony.luck@intel.com>
+Date: Mon, 16 Apr 2012 16:28:01 -0700
+Subject: ia64: fix futex_atomic_cmpxchg_inatomic()
+
+From: "Luck, Tony" <tony.luck@intel.com>
+
+commit c76f39bddb84f93f70a5520d9253ec0317bec216 upstream.
+
+Michel Lespinasse cleaned up the futex calling conventions in commit
+37a9d912b24f ("futex: Sanitize cmpxchg_futex_value_locked API").
+
+But the ia64 implementation was subtly broken.  Gcc does not know that
+register "r8" will be updated by the fault handler if the cmpxchg
+instruction takes an exception.  So it feels safe in letting the
+initialization of r8 slide to after the cmpxchg.  Result: we always
+return 0 whether the user address faulted or not.
+
+Fix by moving the initialization of r8 into the __asm__ code so gcc
+won't move it.
+
+Reported-by: <emeric.maschino@gmail.com>
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=42757
+Tested-by: <emeric.maschino@gmail.com>
+Acked-by: Michel Lespinasse <walken@google.com>
+Signed-off-by: Tony Luck <tony.luck@intel.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/ia64/include/asm/futex.h |    9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/arch/ia64/include/asm/futex.h
++++ b/arch/ia64/include/asm/futex.h
+@@ -107,15 +107,16 @@ futex_atomic_cmpxchg_inatomic(u32 *uval,
+ 		return -EFAULT;
+ 
+ 	{
+-		register unsigned long r8 __asm ("r8") = 0;
++		register unsigned long r8 __asm ("r8");
+ 		unsigned long prev;
+ 		__asm__ __volatile__(
+ 			"	mf;;					\n"
+-			"	mov ar.ccv=%3;;				\n"
+-			"[1:]	cmpxchg4.acq %0=[%1],%2,ar.ccv		\n"
++			"	mov %0=r0				\n"
++			"	mov ar.ccv=%4;;				\n"
++			"[1:]	cmpxchg4.acq %1=[%2],%3,ar.ccv		\n"
+ 			"	.xdata4 \"__ex_table\", 1b-., 2f-.	\n"
+ 			"[2:]"
+-			: "=r" (prev)
++			: "=r" (r8), "=r" (prev)
+ 			: "r" (uaddr), "r" (newval),
+ 			  "rO" ((long) (unsigned) oldval)
+ 			: "memory");
diff --git a/queue-3.0/series b/queue-3.0/series
index 3e4d2496149..092d4ca8c55 100644
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -3,3 +3,4 @@ drm-radeon-only-add-the-mm-i2c-bus-if-the-hw_i2c-module-param-is-set.patch
 rtlwifi-add-missing-dma-buffer-unmapping-for-pci-drivers.patch
 arm-7384-1-thumbee-disable-userspace-teehbr-access-for-config_arm_thumbee.patch
 bluetooth-hci_ldisc-fix-null-pointer-dereference-on-tty_close.patch
+ia64-fix-futex_atomic_cmpxchg_inatomic.patch
-- 
2.47.3