3.4-stable patches

added patches:
	arm-8051-1-put_user-fix-possible-data-corruption-in-put_user.patch

diff --git a/queue-3.4/arm-8051-1-put_user-fix-possible-data-corruption-in-put_user.patch b/queue-3.4/arm-8051-1-put_user-fix-possible-data-corruption-in-put_user.patch
new file mode 100644 (file)
index 0000000..2f704e9
--- /dev/null
+++ b/queue-3.4/arm-8051-1-put_user-fix-possible-data-corruption-in-put_user.patch
@@ -0,0 +1,37 @@
+From 537094b64b229bf3ad146042f83e74cf6abe59df Mon Sep 17 00:00:00 2001
+From: Andrey Ryabinin <a.ryabinin@samsung.com>
+Date: Wed, 7 May 2014 08:07:25 +0100
+Subject: ARM: 8051/1: put_user: fix possible data corruption in put_user
+
+From: Andrey Ryabinin <a.ryabinin@samsung.com>
+
+commit 537094b64b229bf3ad146042f83e74cf6abe59df upstream.
+
+According to arm procedure call standart r2 register is call-cloberred.
+So after the result of x expression was put into r2 any following
+function call in p may overwrite r2. To fix this, the result of p
+expression must be saved to the temporary variable before the
+assigment x expression to __r2.
+
+Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
+Reviewed-by: Nicolas Pitre <nico@linaro.org>
+Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/include/asm/uaccess.h |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/arm/include/asm/uaccess.h
++++ b/arch/arm/include/asm/uaccess.h
+@@ -158,8 +158,9 @@ extern int __put_user_8(void *, unsigned
+ #define put_user(x,p)                                                 \
+       ({                                                              \
+               unsigned long __limit = current_thread_info()->addr_limit - 1; \
++              const typeof(*(p)) __user *__tmp_p = (p);               \
+               register const typeof(*(p)) __r2 asm("r2") = (x);       \
+-              register const typeof(*(p)) __user *__p asm("r0") = (p);\
++              register const typeof(*(p)) __user *__p asm("r0") = __tmp_p; \
+               register unsigned long __l asm("r1") = __limit;         \
+               register int __e asm("r0");                             \
+               switch (sizeof(*(__p))) {                               \

diff --git a/queue-3.4/mm-memory-failure.c-fix-memory-leak-by-race-between-poison-and-unpoison.patch b/queue-3.4/mm-memory-failure.c-fix-memory-leak-by-race-between-poison-and-unpoison.patch
index 83bf9b99c176a6d0ea9f92df80c922261dfbdb08..12cd8f6b75fa6d14cf09ccb1dbf4a8e43e5ce1f1 100644 (file)
--- a/queue-3.4/mm-memory-failure.c-fix-memory-leak-by-race-between-poison-and-unpoison.patch
+++ b/queue-3.4/mm-memory-failure.c-fix-memory-leak-by-race-between-poison-and-unpoison.patch
@@ -34,7 +34,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
         */
        if (!PageHWPoison(p)) {
                printk(KERN_ERR "MCE %#lx: just unpoisoned\n", pfn);
-+              atomic_long_sub(nr_pages, &num_poisoned_pages);
++              atomic_long_sub(nr_pages, &mce_bad_pages);
 +              put_page(hpage);
                res = 0;
                goto out;

diff --git a/queue-3.4/series b/queue-3.4/series
index 6014f885fdf4793c71d9f98840e11aed31bab10a..b8d4dbcf912ab0c1f4e6a617dde500463e231a3f 100644 (file)
--- a/queue-3.4/series
+++ b/queue-3.4/series
@@ -3,3 +3,4 @@ perf-prevent-false-warning-in-perf_swevent_add.patch
 perf-limit-perf_event_attr-sample_period-to-63-bits.patch
 perf-fix-race-in-removing-an-event.patch
 mm-memory-failure.c-fix-memory-leak-by-race-between-poison-and-unpoison.patch
+arm-8051-1-put_user-fix-possible-data-corruption-in-put_user.patch