--- /dev/null
+commit fa6a1a554b50cbb7763f6907e6fef927ead480d9
+From: David P. Reed <dpreed@reed.com>
+Date: Wed Nov 14 17:49:21 2007 -0500
+Subject: ntp: fix typo that makes sync_cmos_clock erratic
+
+From: David P. Reed <dpreed@reed.com>
+
+patch fa6a1a554b50cbb7763f6907e6fef927ead480d9 in mainline.
+
+ntp: fix typo that makes sync_cmos_clock erratic
+
+Fix a typo in ntp.c that has caused updating of the persistent (RTC)
+clock when synced to NTP to behave erratically.
+
+When debugging a freeze that arises on my AMD64 machines when I
+run the ntpd service, I added a number of printk's to monitor the
+sync_cmos_clock procedure. I discovered that it was not syncing to
+cmos RTC every 11 minutes as documented, but instead would keep trying
+every second for hours at a time. The reason turned out to be a typo
+in sync_cmos_clock, where it attempts to ensure that
+update_persistent_clock is called very close to 500 msec. after a 1
+second boundary (required by the PC RTC's spec). That typo referred to
+"xtime" in one spot, rather than "now", which is derived from "xtime"
+but not equal to it. This makes the test erratic, creating a
+"coin-flip" that decides when update_persistent_clock is called - when
+it is called, which is rarely, it may be at any time during the one
+second period, rather than close to 500 msec, so the value written is
+needlessly incorrect, too.
+
+Signed-off-by: David P. Reed
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ kernel/time/ntp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/time/ntp.c
++++ b/kernel/time/ntp.c
+@@ -205,7 +205,7 @@ static void sync_cmos_clock(unsigned lon
+ return;
+
+ getnstimeofday(&now);
+- if (abs(xtime.tv_nsec - (NSEC_PER_SEC / 2)) <= tick_nsec / 2)
++ if (abs(now.tv_nsec - (NSEC_PER_SEC / 2)) <= tick_nsec / 2)
+ fail = update_persistent_clock(now);
+
+ next.tv_nsec = (NSEC_PER_SEC / 2) - now.tv_nsec;
fix-divide-by-zero-in-the-2.6.23-scheduler-code.patch
geode-fix-not-inplace-encryption.patch
libcrc32c-keep-intermediate-crc-state-in-cpu-order.patch
+x86-avoid-inconsistent-ptes.patch
+x86-fix-one-off-in-find-next-zero-string.patch
+x86-mark-read-crx-volatile.patch
+x86-nx-bit-handling-in-change-page-attr.patch
+x98-return-correct-error-code-from-child-rip.patch
+ntp-fix-sync-cmos-clock-typo.patch
+x86-fix-rtc-locking.patch
--- /dev/null
+commit aa506dc7b12d03fbf8fd11aab752aed1aadd9c07
+From: Jan Beulich <jbeulich@novell.com>
+Date: Wed Oct 17 18:04:33 2007 +0200
+Subject: i386: avoid temporarily inconsistent pte-s
+
+From: Jan Beulich <jbeulich@novell.com>
+
+patch aa506dc7b12d03fbf8fd11aab752aed1aadd9c07 in mainline.
+
+i386: avoid temporarily inconsistent pte-s
+
+One more of these issues (which were considered fixed a few releases
+back): other than on x86-64, i386 allows set_fixmap() to replace
+already present mappings. Consequently, on PAE, care must be taken to
+not update the high half of a pte while the low half is still holding
+the old value.
+
+[ tglx: arch/x86 adaptation ]
+
+Signed-off-by: Jan Beulich <jbeulich@novell.com>
+Signed-off-by: Andi Kleen <ak@suse.de>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/i386/mm/pgtable.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/arch/i386/mm/pgtable.c
++++ b/arch/i386/mm/pgtable.c
+@@ -97,8 +97,7 @@ static void set_pte_pfn(unsigned long va
+ }
+ pte = pte_offset_kernel(pmd, vaddr);
+ if (pgprot_val(flags))
+- /* <pfn,flags> stored as-is, to permit clearing entries */
+- set_pte(pte, pfn_pte(pfn, flags));
++ set_pte_present(&init_mm, vaddr, pte, pfn_pte(pfn, flags));
+ else
+ pte_clear(&init_mm, vaddr, pte);
+
--- /dev/null
+commit 801916c1b369b637ce799e6c71a94963ff63df79
+From: Andrew Hastings <abh@cray.com>
+Date: Wed Oct 17 18:04:33 2007 +0200
+Subject: x86: fix off-by-one in find_next_zero_string
+
+From: Andrew Hastings <abh@cray.com>
+
+patch 801916c1b369b637ce799e6c71a94963ff63df79 in mainline.
+
+x86: fix off-by-one in find_next_zero_string
+
+Fix an off-by-one error in find_next_zero_string which prevents
+allocating the last bit.
+
+[ tglx: arch/x86 adaptation ]
+
+Signed-off-by: Andrew Hastings <abh@cray.com>
+Signed-off-by: Andi Kleen <ak@suse.de>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86_64/lib/bitstr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86_64/lib/bitstr.c
++++ b/arch/x86_64/lib/bitstr.c
+@@ -14,7 +14,7 @@ find_next_zero_string(unsigned long *bit
+
+ /* could test bitsliced, but it's hardly worth it */
+ end = n+len;
+- if (end >= nbits)
++ if (end > nbits)
+ return -1;
+ for (i = n+1; i < end; i++) {
+ if (test_bit(i, bitmap)) {
--- /dev/null
+commit c399da0d97e06803e51085ec076b63a3168aad1b
+From: David P. Reed <dpreed@reed.com>
+Date: Wed Nov 14 17:47:35 2007 -0500
+Subject: x86: fix freeze in x86_64 RTC update code in time_64.c
+
+From: David P. Reed <dpreed@reed.com>
+
+patch c399da0d97e06803e51085ec076b63a3168aad1b in mainline.
+
+x86: fix freeze in x86_64 RTC update code in time_64.c
+
+Fix hard freeze on x86_64 when the ntpd service calls
+update_persistent_clock()
+
+A repeatable but randomly timed freeze has been happening in Fedora 6
+and 7 for the last year, whenever I run the ntpd service on my AMD64x2
+HP Pavilion dv9000z laptop. This freeze is due to the use of
+spin_lock(&rtc_lock) under the assumption (per a bad comment) that
+set_rtc_mmss is called only with interrupts disabled. The call from
+ntp.c to update_persistent_clock is made with interrupts enabled.
+
+[ tglx@linutronix.de: ported to 2.6.23.stable ]
+
+Signed-off-by: David P. Reed <dpreed@reed.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86_64/kernel/time.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+--- a/arch/x86_64/kernel/time.c
++++ b/arch/x86_64/kernel/time.c
+@@ -87,18 +87,15 @@ static int set_rtc_mmss(unsigned long no
+ int retval = 0;
+ int real_seconds, real_minutes, cmos_minutes;
+ unsigned char control, freq_select;
++ unsigned long flags;
+
+ /*
+- * IRQs are disabled when we're called from the timer interrupt,
+- * no need for spin_lock_irqsave()
++ * set_rtc_mmss is called when irqs are enabled, so disable irqs here
+ */
+-
+- spin_lock(&rtc_lock);
+-
++ spin_lock_irqsave(&rtc_lock, flags);
+ /*
+ * Tell the clock it's being set and stop it.
+ */
+-
+ control = CMOS_READ(RTC_CONTROL);
+ CMOS_WRITE(control | RTC_SET, RTC_CONTROL);
+
+@@ -143,7 +140,7 @@ static int set_rtc_mmss(unsigned long no
+ CMOS_WRITE(control, RTC_CONTROL);
+ CMOS_WRITE(freq_select, RTC_FREQ_SELECT);
+
+- spin_unlock(&rtc_lock);
++ spin_unlock_irqrestore(&rtc_lock, flags);
+
+ return retval;
+ }
--- /dev/null
+commit c1217a75ea102d4e69321f210fab60bc47b9a48e
+From: Kirill Korotaev <dev@openvz.org>
+Subject: x86: mark read_crX() asm code as volatile
+Date: Wed Oct 17 18:04:33 2007 +0200
+
+From: Kirill Korotaev <dev@openvz.org>
+
+patch c1217a75ea102d4e69321f210fab60bc47b9a48e in mainline.
+
+x86: mark read_crX() asm code as volatile
+
+Some gcc versions (I checked at least 4.1.1 from RHEL5 & 4.1.2 from gentoo)
+can generate incorrect code with read_crX()/write_crX() functions mix up,
+due to cached results of read_crX().
+
+The small app for x8664 below compiled with -O2 demonstrates this
+(i686 does the same thing):
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ include/asm-i386/system.h | 2 +-
+ include/asm-x86_64/system.h | 8 ++++----
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+--- a/include/asm-i386/system.h
++++ b/include/asm-i386/system.h
+@@ -141,7 +141,7 @@ static inline unsigned long native_read_
+ {
+ unsigned long val;
+ /* This could fault if %cr4 does not exist */
+- asm("1: movl %%cr4, %0 \n"
++ asm volatile("1: movl %%cr4, %0 \n"
+ "2: \n"
+ ".section __ex_table,\"a\" \n"
+ ".long 1b,2b \n"
+--- a/include/asm-x86_64/system.h
++++ b/include/asm-x86_64/system.h
+@@ -85,7 +85,7 @@ static inline void write_cr0(unsigned lo
+ static inline unsigned long read_cr2(void)
+ {
+ unsigned long cr2;
+- asm("movq %%cr2,%0" : "=r" (cr2));
++ asm volatile("movq %%cr2,%0" : "=r" (cr2));
+ return cr2;
+ }
+
+@@ -97,7 +97,7 @@ static inline void write_cr2(unsigned lo
+ static inline unsigned long read_cr3(void)
+ {
+ unsigned long cr3;
+- asm("movq %%cr3,%0" : "=r" (cr3));
++ asm volatile("movq %%cr3,%0" : "=r" (cr3));
+ return cr3;
+ }
+
+@@ -109,7 +109,7 @@ static inline void write_cr3(unsigned lo
+ static inline unsigned long read_cr4(void)
+ {
+ unsigned long cr4;
+- asm("movq %%cr4,%0" : "=r" (cr4));
++ asm volatile("movq %%cr4,%0" : "=r" (cr4));
+ return cr4;
+ }
+
+@@ -121,7 +121,7 @@ static inline void write_cr4(unsigned lo
+ static inline unsigned long read_cr8(void)
+ {
+ unsigned long cr8;
+- asm("movq %%cr8,%0" : "=r" (cr8));
++ asm volatile("movq %%cr8,%0" : "=r" (cr8));
+ return cr8;
+ }
+
--- /dev/null
+commit 84e0fdb1754d066dd0a8b257de7299f392d1e727
+From: Huang, Ying <ying.huang@intel.com>
+Date: Wed Oct 17 18:04:35 2007 +0200
+Subject: x86: NX bit handling in change_page_attr()
+
+From: Huang, Ying <ying.huang@intel.com>
+
+patch 84e0fdb1754d066dd0a8b257de7299f392d1e727 in mainline.
+
+x86: NX bit handling in change_page_attr()
+
+This patch fixes a bug of change_page_attr/change_page_attr_addr on
+Intel x86_64 CPUs. After changing page attribute to be executable with
+these functions, the page remains un-executable on Intel x86_64 CPU.
+Because on Intel x86_64 CPU, only if the "NX" bits of all four level
+page tables are cleared, the corresponding page is executable (refer to
+section 4.13.2 of Intel 64 and IA-32 Architectures Software Developer's
+Manual). So, the bug is fixed through clearing the "NX" bit of PMD when
+splitting the huge PMD.
+
+Signed-off-by: Huang Ying <ying.huang@intel.com>
+Cc: Andi Kleen <ak@suse.de>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86_64/mm/pageattr.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/x86_64/mm/pageattr.c
++++ b/arch/x86_64/mm/pageattr.c
+@@ -148,6 +148,7 @@ __change_page_attr(unsigned long address
+ split = split_large_page(address, prot, ref_prot2);
+ if (!split)
+ return -ENOMEM;
++ pgprot_val(ref_prot2) &= ~_PAGE_NX;
+ set_pte(kpte, mk_pte(split, ref_prot2));
+ kpte_page = split;
+ }
--- /dev/null
+commit 1c5b5cfd290b6cb7c67020ef420e275f746a7236
+From: Andrey Mirkin <major@openvz.org>
+Date: Wed Oct 17 18:04:33 2007 +0200
+Subject: x86: return correct error code from child_rip in x86_64 entry.S
+
+From: Andrey Mirkin <major@openvz.org>
+
+patch 1c5b5cfd290b6cb7c67020ef420e275f746a7236 in mainline.
+
+x86: return correct error code from child_rip in x86_64 entry.S
+
+Right now register edi is just cleared before calling do_exit.
+That is wrong because correct return value will be ignored.
+Value from rax should be copied to rdi instead of clearing edi.
+
+AK: changed to 32bit move because it's strictly an int
+
+[ tglx: arch/x86 adaptation ]
+
+Signed-off-by: Andrey Mirkin <major@openvz.org>
+Signed-off-by: Andi Kleen <ak@suse.de>
+Signed-off-by: Ingo Molnar <mingo@elte.hu>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ arch/x86_64/kernel/entry.S | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86_64/kernel/entry.S
++++ b/arch/x86_64/kernel/entry.S
+@@ -989,7 +989,7 @@ child_rip:
+ movq %rsi, %rdi
+ call *%rax
+ # exit
+- xorl %edi, %edi
++ mov %eax, %edi
+ call do_exit
+ CFI_ENDPROC
+ ENDPROC(child_rip)
projects / thirdparty / kernel / stable-queue.git / commitdiff
