[kernel] r18932 - in dists/sid/linux-2.6/debian: . patches/bugfix/ia64 patches/series

Ben Hutchings benh at alioth.debian.org
Mon Apr 16 01:28:29 UTC 2012 

Author: benh
Date: Mon Apr 16 01:28:28 2012
New Revision: 18932

Log:
[ia64] Fix futex_atomic_cmpxchg_inatomic() (Closes: #659485)

Added:
   dists/sid/linux-2.6/debian/patches/bugfix/ia64/IA64-Fix-futex_atomic_cmpxchg_inatomic.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/base

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	Sun Apr 15 22:28:13 2012	(r18931)
+++ dists/sid/linux-2.6/debian/changelog	Mon Apr 16 01:28:28 2012	(r18932)
@@ -1,3 +1,10 @@
+linux-2.6 (3.2.15-2) UNRELEASED; urgency=low
+
+  [ Ben Hutchings ]
+  * [ia64] Fix futex_atomic_cmpxchg_inatomic() (Closes: #659485)
+
+ -- Ben Hutchings <ben at decadent.org.uk>  Mon, 16 Apr 2012 02:27:29 +0100
+
 linux-2.6 (3.2.15-1) unstable; urgency=high
 
   * New upstream stable update:

Added: dists/sid/linux-2.6/debian/patches/bugfix/ia64/IA64-Fix-futex_atomic_cmpxchg_inatomic.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/ia64/IA64-Fix-futex_atomic_cmpxchg_inatomic.patch	Mon Apr 16 01:28:28 2012	(r18932)
@@ -0,0 +1,41 @@
+From: Tony Luck <tony.luck at intel.com>
+Date: Fri Apr 13 11:32:44 2012 -0700
+Subject: [IA64] Fix futex_atomic_cmpxchg_inatomic()
+
+commit 9d38e66bf07b6e57c8e60767c454e1db9aac4484 upstream.
+
+Michel Lespinasse cleaned up the futex calling conventions in
+commit 37a9d912b24f96a0591773e6e6c3642991ae5a70
+    futex: Sanitize cmpxchg_futex_value_locked API
+
+But the ia64 implementation was subtly broken. Gcc does not know
+that register "r8" will be updated by the fault handler if the
+cmpxchg instruction takes an exception. So it feels safe in letting
+the initialization of r8 slide to after the cmpxchg. Result: we
+always return 0 whether the user address faulted or not.
+
+Fix by moving the initialization of r8 into the __asm__ code so
+gcc won't move it.
+
+Reported-by: <emeric.maschino at gmail.com>
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=42757
+Cc: stable at vger.kernel.org # v2.6.39+
+Signed-off-by: Tony Luck <tony.luck at intel.com>
+---
+diff --git a/arch/ia64/include/asm/futex.h b/arch/ia64/include/asm/futex.h
+index 8428525..71949a5 100644
+--- a/arch/ia64/include/asm/futex.h
++++ b/arch/ia64/include/asm/futex.h
+@@ -107,10 +107,11 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
+ 		return -EFAULT;
+ 
+ 	{
+-		register unsigned long r8 __asm ("r8") = 0;
++		register unsigned long r8 __asm ("r8");
+ 		unsigned long prev;
+ 		__asm__ __volatile__(
+ 			"	mf;;					\n"
++			"	mov r8=r0				\n"
+ 			"	mov ar.ccv=%3;;				\n"
+ 			"[1:]	cmpxchg4.acq %0=[%1],%2,ar.ccv		\n"
+ 			"	.xdata4 \"__ex_table\", 1b-., 2f-.	\n"

Modified: dists/sid/linux-2.6/debian/patches/series/base
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/base	Sun Apr 15 22:28:13 2012	(r18931)
+++ dists/sid/linux-2.6/debian/patches/series/base	Mon Apr 16 01:28:28 2012	(r18932)
@@ -172,3 +172,4 @@
 + debian/nls-Avoid-ABI-change-from-improvement-to-utf8s_to_ut.patch
 
 + bugfix/all/hugetlb-fix-race-condition-in-hugetlb_fault.patch
++ bugfix/ia64/IA64-Fix-futex_atomic_cmpxchg_inatomic.patch

More information about the Kernel-svn-changes mailing list