This is a note to let you know that I've just added the patch titled xtensa: fix access to THREAD_RA/THREAD_SP/THREAD_DS to the 3.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: xtensa-fix-access-to-thread_ra-thread_sp-thread_ds.patch and it can be found in the queue-3.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 52247123749cc3cbc30168b33ad8c69515c96d23 Mon Sep 17 00:00:00 2001 From: Max Filippov <jcmvbkbc@xxxxxxxxx> Date: Sun, 27 Jul 2014 07:23:41 +0400 Subject: xtensa: fix access to THREAD_RA/THREAD_SP/THREAD_DS From: Max Filippov <jcmvbkbc@xxxxxxxxx> commit 52247123749cc3cbc30168b33ad8c69515c96d23 upstream. With SMP and a lot of debug options enabled task_struct::thread gets out of reach of s32i/l32i instructions with base pointing at task_struct, breaking build with the following messages: arch/xtensa/kernel/entry.S: Assembler messages: arch/xtensa/kernel/entry.S:1002: Error: operand 3 of 'l32i.n' has invalid value '1048' arch/xtensa/kernel/entry.S:1831: Error: operand 3 of 's32i.n' has invalid value '1040' arch/xtensa/kernel/entry.S:1832: Error: operand 3 of 's32i.n' has invalid value '1044' Change base to point to task_struct::thread in such cases. Don't use a10 in _switch_to to save/restore prev pointer as a2 is not clobbered. Signed-off-by: Max Filippov <jcmvbkbc@xxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- arch/xtensa/include/asm/uaccess.h | 5 +++++ arch/xtensa/kernel/entry.S | 12 ++++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) --- a/arch/xtensa/include/asm/uaccess.h +++ b/arch/xtensa/include/asm/uaccess.h @@ -52,7 +52,12 @@ */ .macro get_fs ad, sp GET_CURRENT(\ad,\sp) +#if THREAD_CURRENT_DS > 1020 + addi \ad, \ad, TASK_THREAD + l32i \ad, \ad, THREAD_CURRENT_DS - TASK_THREAD +#else l32i \ad, \ad, THREAD_CURRENT_DS +#endif .endm /* --- a/arch/xtensa/kernel/entry.S +++ b/arch/xtensa/kernel/entry.S @@ -1820,7 +1820,6 @@ ENTRY(_switch_to) entry a1, 16 - mov a10, a2 # preserve 'prev' (a2) mov a11, a3 # and 'next' (a3) l32i a4, a2, TASK_THREAD_INFO @@ -1828,8 +1827,14 @@ ENTRY(_switch_to) save_xtregs_user a4 a6 a8 a9 a12 a13 THREAD_XTREGS_USER - s32i a0, a10, THREAD_RA # save return address - s32i a1, a10, THREAD_SP # save stack pointer +#if THREAD_RA > 1020 || THREAD_SP > 1020 + addi a10, a2, TASK_THREAD + s32i a0, a10, THREAD_RA - TASK_THREAD # save return address + s32i a1, a10, THREAD_SP - TASK_THREAD # save stack pointer +#else + s32i a0, a2, THREAD_RA # save return address + s32i a1, a2, THREAD_SP # save stack pointer +#endif /* Disable ints while we manipulate the stack pointer. */ @@ -1870,7 +1875,6 @@ ENTRY(_switch_to) load_xtregs_user a5 a6 a8 a9 a12 a13 THREAD_XTREGS_USER wsr a14, ps - mov a2, a10 # return 'prev' rsync retw Patches currently in stable-queue which might be from jcmvbkbc@xxxxxxxxx are queue-3.16/xtensa-replace-ioctl-code-definitions-with-constants.patch queue-3.16/xtensa-fix-tlbtemp_base_2-region-handling-in-fast_second_level_miss.patch queue-3.16/xtensa-fix-a6-and-a7-handling-in-fast_syscall_xtensa.patch queue-3.16/xtensa-fix-access-to-thread_ra-thread_sp-thread_ds.patch queue-3.16/xtensa-fix-address-checks-in-dma_-alloc-free-_coherent.patch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html