Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus

Pull MIPS updates from Ralf Baechle: "This is the main pull request for MIPS for 4.8. Also includes is a minor SSB cleanup as SSB code traditionally is merged through the MIPS tree: ATH25: - MIPS: Add default configuration for ath25 Boot: - For zboot, copy appended dtb to the end of the kernel - store the appended dtb address in a variable BPF: - Fix off by one error in offset allocation Cobalt code: - Fix typos Core code: - debugfs_create_file returns NULL on error, so don't use IS_ERR for testing for errors. - Fix double locking issue in RM7000 S-cache code. This would only affect RM7000 ARC systems on reboot. - Fix page table corruption on THP permission changes. - Use compat_sys_keyctl for 32 bit userspace on 64 bit kernels. David says, there are no compatibility issues raised by this fix. - Move some signal code around. - Rewrite r4k count/compare clockevent device registration such that min_delta_ticks/max_delta_ticks files are guaranteed to be initialized. - Only register r4k count/compare as clockevent device if we can assume the clock to be constant. - Fix MSA asm warnings in control reg accessors - uasm and tlbex fixes and tweaking. - Print segment physical address when EU=1. - Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO. - CP: Allow booting by VP other than VP 0 - Cache handling fixes and optimizations for r4k class caches - Add hotplug support for R6 processors - Cleanup hotplug bits in kconfig - traps: return correct si code for accessing nonmapped addresses - Remove cpu_has_safe_index_cacheops Lantiq: - Register IRQ handler for virtual IRQ number - Fix EIU interrupt loading code - Use the real EXIN count - Fix build error. Loongson 3: - Increase HPET_MIN_PROG_DELTA and decrease HPET_MIN_CYCLES Octeon: - Delete built-in DTB pruning code for D-Link DSR-1000N. - Clean up GPIO definitions in dlink_dsr-1000n.dts. - Add more LEDs to the DSR-100n DTS - Fix off by one in octeon_irq_gpio_map() - Typo fixes - Enable SATA by default in cavium_octeon_defconfig - Support readq/writeq() - Remove forced mappings of USB interrupts. - Ensure DMA descriptors are always in the low 4GB - Improve USB reset code for OCTEON II. Pistachio: - Add maintainers entry for pistachio SoC Support - Remove plat_setup_iocoherency Ralink: - Fix pwm UART in spis group pinmux. SSB: - Change bare unsigned to unsigned int to suit coding style Tools: - Fix reloc tool compiler warnings. Other: - Delete use of ARCH_WANT_OPTIONAL_GPIOLIB" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: (61 commits) MIPS: mm: Fix definition of R6 cache instruction MIPS: tools: Fix relocs tool compiler warnings MIPS: Cobalt: Fix typo MIPS: Octeon: Fix typo MIPS: Lantiq: Fix build failure MIPS: Use CPHYSADDR to implement mips32 __pa MIPS: Octeon: Dlink_dsr-1000n.dts: add more leds. MIPS: Octeon: Clean up GPIO definitions in dlink_dsr-1000n.dts. MIPS: Octeon: Delete built-in DTB pruning code for D-Link DSR-1000N. MIPS: store the appended dtb address in a variable MIPS: ZBOOT: copy appended dtb to the end of the kernel MIPS: ralink: fix spis group pinmux MIPS: Factor o32 specific code into signal_o32.c MIPS: non-exec stack & heap when non-exec PT_GNU_STACK is present MIPS: Use per-mm page to execute branch delay slot instructions MIPS: Modify error handling MIPS: c-r4k: Use SMP calls for CM indexed cache ops MIPS: c-r4k: Avoid small flush_icache_range SMP calls MIPS: c-r4k: Local flush_icache_range cache op override MIPS: c-r4k: Split r4k_flush_kernel_vmap_range() ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2016-08-06 09:13:11 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2016-08-06 09:13:11 -0400
commit: 4305f42401b29e2e024bd064618faf25aef5cb69 (patch)
tree: 1bc924cfa60c9efbb21e07c1d834f495301cffc8 /arch/mips/kernel
parent: db8262787e82b5c0fa57bd9d676add187519a751 (diff)
parent: 4a89cf810130fde41e3fc729e770cb1a5a87d245 (diff)
19 files changed, 437 insertions, 331 deletions
diff --git a/arch/mips/kernel/Makefile b/arch/mips/kernel/Makefile
index e6053d07072f..4a603a3ea657 100644
--- a/arch/mips/kernel/Makefile
+++ b/arch/mips/kernel/Makefile
@@ -71,7 +71,7 @@ obj-$(CONFIG_32BIT)		+= scall32-o32.o
 obj-$(CONFIG_64BIT)             += scall64-64.o
 obj-$(CONFIG_MIPS32_COMPAT)     += linux32.o ptrace32.o signal32.o
 obj-$(CONFIG_MIPS32_N32)        += binfmt_elfn32.o scall64-n32.o signal_n32.o
-obj-$(CONFIG_MIPS32_O32)        += binfmt_elfo32.o scall64-o32.o
+obj-$(CONFIG_MIPS32_O32)        += binfmt_elfo32.o scall64-o32.o signal_o32.o
 obj-$(CONFIG_KGDB)              += kgdb.o
 obj-$(CONFIG_PROC_FS)           += proc.o
diff --git a/arch/mips/kernel/cevt-r4k.c b/arch/mips/kernel/cevt-r4k.c
index e4c21bbf9422..804d2a2a19fe 100644
--- a/arch/mips/kernel/cevt-r4k.c
+++ b/arch/mips/kernel/cevt-r4k.c
@@ -276,12 +276,7 @@ int r4k_clockevent_init(void)
                                  CLOCK_EVT_FEAT_C3STOP |
                                  CLOCK_EVT_FEAT_PERCPU;
-        clockevent_set_clock(cd, mips_hpt_frequency);
-        /* Calculate the min / max delta */
-        cd->max_delta_ns        = clockevent_delta2ns(0x7fffffff, cd);
        min_delta               = calculate_min_delta();
-        cd->min_delta_ns        = clockevent_delta2ns(min_delta, cd);
        cd->rating              = 300;
        cd->irq                 = irq;
@@ -289,7 +284,7 @@ int r4k_clockevent_init(void)
        cd->set_next_event      = mips_next_event;
        cd->event_handler       = mips_event_handler;
-        clockevents_register_device(cd);
+        clockevents_config_and_register(cd, mips_hpt_frequency, min_delta, 0x7fffffff);
        if (cp0_timer_irq_installed)
                return 0;
diff --git a/arch/mips/kernel/csrc-r4k.c b/arch/mips/kernel/csrc-r4k.c
index 1f910563fdf6..d76275da54cb 100644
--- a/arch/mips/kernel/csrc-r4k.c
+++ b/arch/mips/kernel/csrc-r4k.c
@@ -23,7 +23,7 @@ static struct clocksource clocksource_mips = {
        .flags          = CLOCK_SOURCE_IS_CONTINUOUS,
 };
-static u64 notrace r4k_read_sched_clock(void)
+static u64 __maybe_unused notrace r4k_read_sched_clock(void)
 {
        return read_c0_count();
 }
@@ -82,7 +82,9 @@ int __init init_r4k_clocksource(void)
        clocksource_register_hz(&clocksource_mips, mips_hpt_frequency);
+#ifndef CONFIG_CPU_FREQ
        sched_clock_register(r4k_read_sched_clock, 32, mips_hpt_frequency);
+#endif
        return 0;
 }
diff --git a/arch/mips/kernel/elf.c b/arch/mips/kernel/elf.c
index e6eb7f1f7723..6430bff21fff 100644
--- a/arch/mips/kernel/elf.c
+++ b/arch/mips/kernel/elf.c
@@ -8,9 +8,12 @@
 * option) any later version.
 */
+#include <linux/binfmts.h>
 #include <linux/elf.h>
+#include <linux/export.h>
 #include <linux/sched.h>
+#include <asm/cpu-features.h>
 #include <asm/cpu-info.h>
 /* Whether to accept legacy-NaN and 2008-NaN user binaries.  */
@@ -326,3 +329,19 @@ void mips_set_personality_nan(struct arch_elf_state *state)
                BUG();
        }
 }
+int mips_elf_read_implies_exec(void *elf_ex, int exstack)
+{
+        if (exstack != EXSTACK_DISABLE_X) {
+                /* The binary doesn't request a non-executable stack */
+                return 1;
+        }
+        if (!cpu_has_rixi) {
+                /* The CPU doesn't support non-executable memory */
+                return 1;
+        }
+        return 0;
+}
+EXPORT_SYMBOL(mips_elf_read_implies_exec);
diff --git a/arch/mips/kernel/head.S b/arch/mips/kernel/head.S
index 56e8fede3fd8..cf052204eb0a 100644
--- a/arch/mips/kernel/head.S
+++ b/arch/mips/kernel/head.S
@@ -93,21 +93,24 @@ NESTED(kernel_entry, 16, sp)			# kernel entry point
        jr      t0
 0:
+#ifdef CONFIG_USE_OF
 #ifdef CONFIG_MIPS_RAW_APPENDED_DTB
-        PTR_LA          t0, __appended_dtb
+        PTR_LA          t2, __appended_dtb
 #ifdef CONFIG_CPU_BIG_ENDIAN
        li              t1, 0xd00dfeed
 #else
        li              t1, 0xedfe0dd0
 #endif
-        lw              t2, (t0)
+        lw              t0, (t2)
-        bne             t1, t2, not_found
+        beq             t0, t1, dtb_found
-         nop
+#endif
+        li              t1, -2
+        beq             a0, t1, dtb_found
+        move            t2, a1
-        move            a1, t0
+        li              t2, 0
-        PTR_LI          a0, -2
+dtb_found:
-not_found:
 #endif
        PTR_LA          t0, __bss_start         # clear .bss
        LONG_S          zero, (t0)
@@ -122,6 +125,10 @@ not_found:
        LONG_S          a2, fw_arg2
        LONG_S          a3, fw_arg3
+#ifdef CONFIG_USE_OF
+        LONG_S          t2, fw_passed_dtb
+#endif
        MTC0            zero, CP0_CONTEXT       # clear context register
        PTR_LA          $28, init_thread_union
        /* Set the SP after an empty pt_regs.  */
diff --git a/arch/mips/kernel/mips-r2-to-r6-emul.c b/arch/mips/kernel/mips-r2-to-r6-emul.c
index 43fbadc78d0a..c3372cac6db2 100644
--- a/arch/mips/kernel/mips-r2-to-r6-emul.c
+++ b/arch/mips/kernel/mips-r2-to-r6-emul.c
@@ -283,7 +283,7 @@ static int jr_func(struct pt_regs *regs, u32 ir)
                err = mipsr6_emul(regs, nir);
                if (err > 0) {
                        regs->cp0_epc = nepc;
-                        err = mips_dsemul(regs, nir, cepc);
+                        err = mips_dsemul(regs, nir, epc, cepc);
                        if (err == SIGILL)
                                err = SIGEMT;
                        MIPS_R2_STATS(dsemul);
@@ -1033,7 +1033,7 @@ repeat:
                        if (nir) {
                                err = mipsr6_emul(regs, nir);
                                if (err > 0) {
-                                        err = mips_dsemul(regs, nir, cpc);
+                                        err = mips_dsemul(regs, nir, epc, cpc);
                                        if (err == SIGILL)
                                                err = SIGEMT;
                                        MIPS_R2_STATS(dsemul);
@@ -1082,7 +1082,7 @@ repeat:
                        if (nir) {
                                err = mipsr6_emul(regs, nir);
                                if (err > 0) {
-                                        err = mips_dsemul(regs, nir, cpc);
+                                        err = mips_dsemul(regs, nir, epc, cpc);
                                        if (err == SIGILL)
                                                err = SIGEMT;
                                        MIPS_R2_STATS(dsemul);
@@ -1149,7 +1149,7 @@ repeat:
                if (nir) {
                        err = mipsr6_emul(regs, nir);
                        if (err > 0) {
-                                err = mips_dsemul(regs, nir, cpc);
+                                err = mips_dsemul(regs, nir, epc, cpc);
                                if (err == SIGILL)
                                        err = SIGEMT;
                                MIPS_R2_STATS(dsemul);
diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
index 813ed7829c61..7429ad09fbe3 100644
--- a/arch/mips/kernel/process.c
+++ b/arch/mips/kernel/process.c
@@ -30,6 +30,7 @@
 #include <asm/asm.h>
 #include <asm/bootinfo.h>
 #include <asm/cpu.h>
+#include <asm/dsemul.h>
 #include <asm/dsp.h>
 #include <asm/fpu.h>
 #include <asm/msa.h>
@@ -68,11 +69,22 @@ void start_thread(struct pt_regs * regs, unsigned long pc, unsigned long sp)
        lose_fpu(0);
        clear_thread_flag(TIF_MSA_CTX_LIVE);
        clear_used_math();
+        atomic_set(&current->thread.bd_emu_frame, BD_EMUFRAME_NONE);
        init_dsp();
        regs->cp0_epc = pc;
        regs->regs[29] = sp;
 }
+void exit_thread(struct task_struct *tsk)
+{
+        /*
+         * User threads may have allocated a delay slot emulation frame.
+         * If so, clean up that allocation.
+         */
+        if (!(current->flags & PF_KTHREAD))
+                dsemul_thread_cleanup(tsk);
+}
 int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src)
 {
        /*
@@ -159,6 +171,8 @@ int copy_thread(unsigned long clone_flags, unsigned long usp,
        clear_tsk_thread_flag(p, TIF_FPUBOUND);
 #endif /* CONFIG_MIPS_MT_FPAFF */
+        atomic_set(&p->thread.bd_emu_frame, BD_EMUFRAME_NONE);
        if (clone_flags & CLONE_SETTLS)
                ti->tp_value = regs->regs[7];
diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S
index 9c0b387d6427..51d3988933f8 100644
--- a/arch/mips/kernel/scall64-n32.S
+++ b/arch/mips/kernel/scall64-n32.S
@@ -348,7 +348,7 @@ EXPORT(sysn32_call_table)
        PTR     sys_ni_syscall                  /* available, was setaltroot */
        PTR     sys_add_key
        PTR     sys_request_key
-        PTR     sys_keyctl                      /* 6245 */
+        PTR     compat_sys_keyctl               /* 6245 */
        PTR     sys_set_thread_area
        PTR     sys_inotify_init
        PTR     sys_inotify_add_watch
diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S
index f4f28b1580de..6efa7136748f 100644
--- a/arch/mips/kernel/scall64-o32.S
+++ b/arch/mips/kernel/scall64-o32.S
@@ -504,7 +504,7 @@ EXPORT(sys32_call_table)
        PTR     sys_ni_syscall                  /* available, was setaltroot */
        PTR     sys_add_key                     /* 4280 */
        PTR     sys_request_key
-        PTR     sys_keyctl
+        PTR     compat_sys_keyctl
        PTR     sys_set_thread_area
        PTR     sys_inotify_init
        PTR     sys_inotify_add_watch           /* 4285 */
diff --git a/arch/mips/kernel/segment.c b/arch/mips/kernel/segment.c
index 87bc74a5a518..2703f218202e 100644
--- a/arch/mips/kernel/segment.c
+++ b/arch/mips/kernel/segment.c
@@ -26,17 +26,20 @@ static void build_segment_config(char *str, unsigned int cfg)
        /*
         * Access modes MK, MSK and MUSK are mapped segments. Therefore
-         * there is no direct physical address mapping.
+         * there is no direct physical address mapping unless it becomes
+         * unmapped uncached at error level due to EU.
         */
-        if ((am == 0) || (am > 3)) {
+        if ((am == 0) || (am > 3) || (cfg & MIPS_SEGCFG_EU))
                str += sprintf(str, "         %03lx",
                        ((cfg & MIPS_SEGCFG_PA) >> MIPS_SEGCFG_PA_SHIFT));
+        else
+                str += sprintf(str, "         UND");
+        if ((am == 0) || (am > 3))
                str += sprintf(str, "         %01ld",
                        ((cfg & MIPS_SEGCFG_C) >> MIPS_SEGCFG_C_SHIFT));
-        } else {
+        else
-                str += sprintf(str, "         UND");
                str += sprintf(str, "         U");
-        }
        /* Exception configuration. */
        str += sprintf(str, "       %01ld\n",
diff --git a/arch/mips/kernel/setup.c b/arch/mips/kernel/setup.c
index ef408a03e818..36cf8d65c47d 100644
--- a/arch/mips/kernel/setup.c
+++ b/arch/mips/kernel/setup.c
@@ -875,6 +875,10 @@ void __init setup_arch(char **cmdline_p)
 unsigned long kernelsp[NR_CPUS];
 unsigned long fw_arg0, fw_arg1, fw_arg2, fw_arg3;
+#ifdef CONFIG_USE_OF
+unsigned long fw_passed_dtb;
+#endif
 #ifdef CONFIG_DEBUG_FS
 struct dentry *mips_debugfs_dir;
 static int __init debugfs_mips(void)
diff --git a/arch/mips/kernel/signal.c b/arch/mips/kernel/signal.c
index 1975cd2f7de6..9e224469c788 100644
--- a/arch/mips/kernel/signal.c
+++ b/arch/mips/kernel/signal.c
@@ -772,6 +772,14 @@ static void handle_signal(struct ksignal *ksig, struct pt_regs *regs)
        struct mips_abi *abi = current->thread.abi;
        void *vdso = current->mm->context.vdso;
+        /*
+         * If we were emulating a delay slot instruction, exit that frame such
+         * that addresses in the sigframe are as expected for userland and we
+         * don't have a problem if we reuse the thread's frame for an
+         * instruction within the signal handler.
+         */
+        dsemul_thread_rollback(regs);
        if (regs->regs[0]) {
                switch(regs->regs[2]) {
                case ERESTART_RESTARTBLOCK:
diff --git a/arch/mips/kernel/signal32.c b/arch/mips/kernel/signal32.c
index 78c8349d151c..97b7c51b8251 100644
--- a/arch/mips/kernel/signal32.c
+++ b/arch/mips/kernel/signal32.c
@@ -6,129 +6,26 @@
 * Copyright (C) 1991, 1992  Linus Torvalds
 * Copyright (C) 1994 - 2000, 2006  Ralf Baechle
 * Copyright (C) 1999, 2000 Silicon Graphics, Inc.
+ * Copyright (C) 2016, Imagination Technologies Ltd.
 */
-#include <linux/cache.h>
+#include <linux/compiler.h>
-#include <linux/compat.h>
+#include <linux/errno.h>
-#include <linux/sched.h>
-#include <linux/mm.h>
-#include <linux/smp.h>
 #include <linux/kernel.h>
 #include <linux/signal.h>
 #include <linux/syscalls.h>
-#include <linux/errno.h>
-#include <linux/wait.h>
-#include <linux/ptrace.h>
-#include <linux/suspend.h>
-#include <linux/compiler.h>
-#include <linux/uaccess.h>
-#include <asm/abi.h>
+#include <asm/compat.h>
-#include <asm/asm.h>
 #include <asm/compat-signal.h>
-#include <linux/bitops.h>
+#include <asm/uaccess.h>
-#include <asm/cacheflush.h>
+#include <asm/unistd.h>
-#include <asm/sim.h>
-#include <asm/ucontext.h>
-#include <asm/fpu.h>
-#include <asm/war.h>
-#include <asm/dsp.h>
 #include "signal-common.h"
-/*
- * Including <asm/unistd.h> would give use the 64-bit syscall numbers ...
- */
-#define __NR_O32_restart_syscall        4253
 /* 32-bit compatibility types */
 typedef unsigned int __sighandler32_t;
 typedef void (*vfptr_t)(void);
-struct ucontext32 {
-        u32                 uc_flags;
-        s32                 uc_link;
-        compat_stack_t      uc_stack;
-        struct sigcontext32 uc_mcontext;
-        compat_sigset_t     uc_sigmask;   /* mask last for extensibility */
-};
-struct sigframe32 {
-        u32 sf_ass[4];          /* argument save space for o32 */
-        u32 sf_pad[2];          /* Was: signal trampoline */
-        struct sigcontext32 sf_sc;
-        compat_sigset_t sf_mask;
-};
-struct rt_sigframe32 {
-        u32 rs_ass[4];                  /* argument save space for o32 */
-        u32 rs_pad[2];                  /* Was: signal trampoline */
-        compat_siginfo_t rs_info;
-        struct ucontext32 rs_uc;
-};
-static int setup_sigcontext32(struct pt_regs *regs,
-                              struct sigcontext32 __user *sc)
-{
-        int err = 0;
-        int i;
-        err |= __put_user(regs->cp0_epc, &sc->sc_pc);
-        err |= __put_user(0, &sc->sc_regs[0]);
-        for (i = 1; i < 32; i++)
-                err |= __put_user(regs->regs[i], &sc->sc_regs[i]);
-        err |= __put_user(regs->hi, &sc->sc_mdhi);
-        err |= __put_user(regs->lo, &sc->sc_mdlo);
-        if (cpu_has_dsp) {
-                err |= __put_user(rddsp(DSP_MASK), &sc->sc_dsp);
-                err |= __put_user(mfhi1(), &sc->sc_hi1);
-                err |= __put_user(mflo1(), &sc->sc_lo1);
-                err |= __put_user(mfhi2(), &sc->sc_hi2);
-                err |= __put_user(mflo2(), &sc->sc_lo2);
-                err |= __put_user(mfhi3(), &sc->sc_hi3);
-                err |= __put_user(mflo3(), &sc->sc_lo3);
-        }
-        /*
-         * Save FPU state to signal context.  Signal handler
-         * will "inherit" current FPU state.
-         */
-        err |= protected_save_fp_context(sc);
-        return err;
-}
-static int restore_sigcontext32(struct pt_regs *regs,
-                                struct sigcontext32 __user *sc)
-{
-        int err = 0;
-        s32 treg;
-        int i;
-        /* Always make any pending restarted system calls return -EINTR */
-        current->restart_block.fn = do_no_restart_syscall;
-        err |= __get_user(regs->cp0_epc, &sc->sc_pc);
-        err |= __get_user(regs->hi, &sc->sc_mdhi);
-        err |= __get_user(regs->lo, &sc->sc_mdlo);
-        if (cpu_has_dsp) {
-                err |= __get_user(treg, &sc->sc_hi1); mthi1(treg);
-                err |= __get_user(treg, &sc->sc_lo1); mtlo1(treg);
-                err |= __get_user(treg, &sc->sc_hi2); mthi2(treg);
-                err |= __get_user(treg, &sc->sc_lo2); mtlo2(treg);
-                err |= __get_user(treg, &sc->sc_hi3); mthi3(treg);
-                err |= __get_user(treg, &sc->sc_lo3); mtlo3(treg);
-                err |= __get_user(treg, &sc->sc_dsp); wrdsp(treg, DSP_MASK);
-        }
-        for (i = 1; i < 32; i++)
-                err |= __get_user(regs->regs[i], &sc->sc_regs[i]);
-        return err ?: protected_restore_fp_context(sc);
-}
 /*
 * Atomically swap in the new signal mask, and wait for a signal.
 */
@@ -247,176 +144,3 @@ int copy_siginfo_from_user32(siginfo_t *to, compat_siginfo_t __user *from)
        return 0;
 }
-asmlinkage void sys32_sigreturn(nabi_no_regargs struct pt_regs regs)
-{
-        struct sigframe32 __user *frame;
-        sigset_t blocked;
-        int sig;
-        frame = (struct sigframe32 __user *) regs.regs[29];
-        if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
-                goto badframe;
-        if (__copy_conv_sigset_from_user(&blocked, &frame->sf_mask))
-                goto badframe;
-        set_current_blocked(&blocked);
-        sig = restore_sigcontext32(&regs, &frame->sf_sc);
-        if (sig < 0)
-                goto badframe;
-        else if (sig)
-                force_sig(sig, current);
-        /*
-         * Don't let your children do this ...
-         */
-        __asm__ __volatile__(
-                "move\t$29, %0\n\t"
-                "j\tsyscall_exit"
-                :/* no outputs */
-                :"r" (&regs));
-        /* Unreached */
-badframe:
-        force_sig(SIGSEGV, current);
-}
-asmlinkage void sys32_rt_sigreturn(nabi_no_regargs struct pt_regs regs)
-{
-        struct rt_sigframe32 __user *frame;
-        sigset_t set;
-        int sig;
-        frame = (struct rt_sigframe32 __user *) regs.regs[29];
-        if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
-                goto badframe;
-        if (__copy_conv_sigset_from_user(&set, &frame->rs_uc.uc_sigmask))
-                goto badframe;
-        set_current_blocked(&set);
-        sig = restore_sigcontext32(&regs, &frame->rs_uc.uc_mcontext);
-        if (sig < 0)
-                goto badframe;
-        else if (sig)
-                force_sig(sig, current);
-        if (compat_restore_altstack(&frame->rs_uc.uc_stack))
-                goto badframe;
-        /*
-         * Don't let your children do this ...
-         */
-        __asm__ __volatile__(
-                "move\t$29, %0\n\t"
-                "j\tsyscall_exit"
-                :/* no outputs */
-                :"r" (&regs));
-        /* Unreached */
-badframe:
-        force_sig(SIGSEGV, current);
-}
-static int setup_frame_32(void *sig_return, struct ksignal *ksig,
-                          struct pt_regs *regs, sigset_t *set)
-{
-        struct sigframe32 __user *frame;
-        int err = 0;
-        frame = get_sigframe(ksig, regs, sizeof(*frame));
-        if (!access_ok(VERIFY_WRITE, frame, sizeof (*frame)))
-                return -EFAULT;
-        err |= setup_sigcontext32(regs, &frame->sf_sc);
-        err |= __copy_conv_sigset_to_user(&frame->sf_mask, set);
-        if (err)
-                return -EFAULT;
-        /*
-         * Arguments to signal handler:
-         *
-         *   a0 = signal number
-         *   a1 = 0 (should be cause)
-         *   a2 = pointer to struct sigcontext
-         *
-         * $25 and c0_epc point to the signal handler, $29 points to the
-         * struct sigframe.
-         */
-        regs->regs[ 4] = ksig->sig;
-        regs->regs[ 5] = 0;
-        regs->regs[ 6] = (unsigned long) &frame->sf_sc;
-        regs->regs[29] = (unsigned long) frame;
-        regs->regs[31] = (unsigned long) sig_return;
-        regs->cp0_epc = regs->regs[25] = (unsigned long) ksig->ka.sa.sa_handler;
-        DEBUGP("SIG deliver (%s:%d): sp=0x%p pc=0x%lx ra=0x%lx\n",
-               current->comm, current->pid,
-               frame, regs->cp0_epc, regs->regs[31]);
-        return 0;
-}
-static int setup_rt_frame_32(void *sig_return, struct ksignal *ksig,
-                             struct pt_regs *regs, sigset_t *set)
-{
-        struct rt_sigframe32 __user *frame;
-        int err = 0;
-        frame = get_sigframe(ksig, regs, sizeof(*frame));
-        if (!access_ok(VERIFY_WRITE, frame, sizeof (*frame)))
-                return -EFAULT;
-        /* Convert (siginfo_t -> compat_siginfo_t) and copy to user. */
-        err |= copy_siginfo_to_user32(&frame->rs_info, &ksig->info);
-        /* Create the ucontext.  */
-        err |= __put_user(0, &frame->rs_uc.uc_flags);
-        err |= __put_user(0, &frame->rs_uc.uc_link);
-        err |= __compat_save_altstack(&frame->rs_uc.uc_stack, regs->regs[29]);
-        err |= setup_sigcontext32(regs, &frame->rs_uc.uc_mcontext);
-        err |= __copy_conv_sigset_to_user(&frame->rs_uc.uc_sigmask, set);
-        if (err)
-                return -EFAULT;
-        /*
-         * Arguments to signal handler:
-         *
-         *   a0 = signal number
-         *   a1 = 0 (should be cause)
-         *   a2 = pointer to ucontext
-         *
-         * $25 and c0_epc point to the signal handler, $29 points to
-         * the struct rt_sigframe32.
-         */
-        regs->regs[ 4] = ksig->sig;
-        regs->regs[ 5] = (unsigned long) &frame->rs_info;
-        regs->regs[ 6] = (unsigned long) &frame->rs_uc;
-        regs->regs[29] = (unsigned long) frame;
-        regs->regs[31] = (unsigned long) sig_return;
-        regs->cp0_epc = regs->regs[25] = (unsigned long) ksig->ka.sa.sa_handler;
-        DEBUGP("SIG deliver (%s:%d): sp=0x%p pc=0x%lx ra=0x%lx\n",
-               current->comm, current->pid,
-               frame, regs->cp0_epc, regs->regs[31]);
-        return 0;
-}
-/*
- * o32 compatibility on 64-bit kernels, without DSP ASE
- */
-struct mips_abi mips_abi_32 = {
-        .setup_frame    = setup_frame_32,
-        .setup_rt_frame = setup_rt_frame_32,
-        .restart        = __NR_O32_restart_syscall,
-        .off_sc_fpregs = offsetof(struct sigcontext32, sc_fpregs),
-        .off_sc_fpc_csr = offsetof(struct sigcontext32, sc_fpc_csr),
-        .off_sc_used_math = offsetof(struct sigcontext32, sc_used_math),
-        .vdso           = &vdso_image_o32,
-};
diff --git a/arch/mips/kernel/signal_o32.c b/arch/mips/kernel/signal_o32.c
new file mode 100644
index 000000000000..5e169fc5ca5c
--- /dev/null
+++ b/arch/mips/kernel/signal_o32.c
@@ -0,0 +1,285 @@
+/*
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License.  See the file "COPYING" in the main directory of this archive
+ * for more details.
+ *
+ * Copyright (C) 1991, 1992  Linus Torvalds
+ * Copyright (C) 1994 - 2000, 2006  Ralf Baechle
+ * Copyright (C) 1999, 2000 Silicon Graphics, Inc.
+ * Copyright (C) 2016, Imagination Technologies Ltd.
+ */
+#include <linux/compiler.h>
+#include <linux/errno.h>
+#include <linux/signal.h>
+#include <linux/uaccess.h>
+#include <asm/abi.h>
+#include <asm/compat-signal.h>
+#include <asm/dsp.h>
+#include <asm/sim.h>
+#include <asm/unistd.h>
+#include "signal-common.h"
+/*
+ * Including <asm/unistd.h> would give use the 64-bit syscall numbers ...
+ */
+#define __NR_O32_restart_syscall        4253
+struct sigframe32 {
+        u32 sf_ass[4];          /* argument save space for o32 */
+        u32 sf_pad[2];          /* Was: signal trampoline */
+        struct sigcontext32 sf_sc;
+        compat_sigset_t sf_mask;
+};
+struct ucontext32 {
+        u32                 uc_flags;
+        s32                 uc_link;
+        compat_stack_t      uc_stack;
+        struct sigcontext32 uc_mcontext;
+        compat_sigset_t     uc_sigmask;   /* mask last for extensibility */
+};
+struct rt_sigframe32 {
+        u32 rs_ass[4];                  /* argument save space for o32 */
+        u32 rs_pad[2];                  /* Was: signal trampoline */
+        compat_siginfo_t rs_info;
+        struct ucontext32 rs_uc;
+};
+static int setup_sigcontext32(struct pt_regs *regs,
+                              struct sigcontext32 __user *sc)
+{
+        int err = 0;
+        int i;
+        err |= __put_user(regs->cp0_epc, &sc->sc_pc);
+        err |= __put_user(0, &sc->sc_regs[0]);
+        for (i = 1; i < 32; i++)
+                err |= __put_user(regs->regs[i], &sc->sc_regs[i]);
+        err |= __put_user(regs->hi, &sc->sc_mdhi);
+        err |= __put_user(regs->lo, &sc->sc_mdlo);
+        if (cpu_has_dsp) {
+                err |= __put_user(rddsp(DSP_MASK), &sc->sc_dsp);
+                err |= __put_user(mfhi1(), &sc->sc_hi1);
+                err |= __put_user(mflo1(), &sc->sc_lo1);
+                err |= __put_user(mfhi2(), &sc->sc_hi2);
+                err |= __put_user(mflo2(), &sc->sc_lo2);
+                err |= __put_user(mfhi3(), &sc->sc_hi3);
+                err |= __put_user(mflo3(), &sc->sc_lo3);
+        }
+        /*
+         * Save FPU state to signal context.  Signal handler
+         * will "inherit" current FPU state.
+         */
+        err |= protected_save_fp_context(sc);
+        return err;
+}
+static int restore_sigcontext32(struct pt_regs *regs,
+                                struct sigcontext32 __user *sc)
+{
+        int err = 0;
+        s32 treg;
+        int i;
+        /* Always make any pending restarted system calls return -EINTR */
+        current->restart_block.fn = do_no_restart_syscall;
+        err |= __get_user(regs->cp0_epc, &sc->sc_pc);
+        err |= __get_user(regs->hi, &sc->sc_mdhi);
+        err |= __get_user(regs->lo, &sc->sc_mdlo);
+        if (cpu_has_dsp) {
+                err |= __get_user(treg, &sc->sc_hi1); mthi1(treg);
+                err |= __get_user(treg, &sc->sc_lo1); mtlo1(treg);
+                err |= __get_user(treg, &sc->sc_hi2); mthi2(treg);
+                err |= __get_user(treg, &sc->sc_lo2); mtlo2(treg);
+                err |= __get_user(treg, &sc->sc_hi3); mthi3(treg);
+                err |= __get_user(treg, &sc->sc_lo3); mtlo3(treg);
+                err |= __get_user(treg, &sc->sc_dsp); wrdsp(treg, DSP_MASK);
+        }
+        for (i = 1; i < 32; i++)
+                err |= __get_user(regs->regs[i], &sc->sc_regs[i]);
+        return err ?: protected_restore_fp_context(sc);
+}
+static int setup_frame_32(void *sig_return, struct ksignal *ksig,
+                          struct pt_regs *regs, sigset_t *set)
+{
+        struct sigframe32 __user *frame;
+        int err = 0;
+        frame = get_sigframe(ksig, regs, sizeof(*frame));
+        if (!access_ok(VERIFY_WRITE, frame, sizeof (*frame)))
+                return -EFAULT;
+        err |= setup_sigcontext32(regs, &frame->sf_sc);
+        err |= __copy_conv_sigset_to_user(&frame->sf_mask, set);
+        if (err)
+                return -EFAULT;
+        /*
+         * Arguments to signal handler:
+         *
+         *   a0 = signal number
+         *   a1 = 0 (should be cause)
+         *   a2 = pointer to struct sigcontext
+         *
+         * $25 and c0_epc point to the signal handler, $29 points to the
+         * struct sigframe.
+         */
+        regs->regs[ 4] = ksig->sig;
+        regs->regs[ 5] = 0;
+        regs->regs[ 6] = (unsigned long) &frame->sf_sc;
+        regs->regs[29] = (unsigned long) frame;
+        regs->regs[31] = (unsigned long) sig_return;
+        regs->cp0_epc = regs->regs[25] = (unsigned long) ksig->ka.sa.sa_handler;
+        DEBUGP("SIG deliver (%s:%d): sp=0x%p pc=0x%lx ra=0x%lx\n",
+               current->comm, current->pid,
+               frame, regs->cp0_epc, regs->regs[31]);
+        return 0;
+}
+asmlinkage void sys32_rt_sigreturn(nabi_no_regargs struct pt_regs regs)
+{
+        struct rt_sigframe32 __user *frame;
+        sigset_t set;
+        int sig;
+        frame = (struct rt_sigframe32 __user *) regs.regs[29];
+        if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
+                goto badframe;
+        if (__copy_conv_sigset_from_user(&set, &frame->rs_uc.uc_sigmask))
+                goto badframe;
+        set_current_blocked(&set);
+        sig = restore_sigcontext32(&regs, &frame->rs_uc.uc_mcontext);
+        if (sig < 0)
+                goto badframe;
+        else if (sig)
+                force_sig(sig, current);
+        if (compat_restore_altstack(&frame->rs_uc.uc_stack))
+                goto badframe;
+        /*
+         * Don't let your children do this ...
+         */
+        __asm__ __volatile__(
+                "move\t$29, %0\n\t"
+                "j\tsyscall_exit"
+                :/* no outputs */
+                :"r" (&regs));
+        /* Unreached */
+badframe:
+        force_sig(SIGSEGV, current);
+}
+static int setup_rt_frame_32(void *sig_return, struct ksignal *ksig,
+                             struct pt_regs *regs, sigset_t *set)
+{
+        struct rt_sigframe32 __user *frame;
+        int err = 0;
+        frame = get_sigframe(ksig, regs, sizeof(*frame));
+        if (!access_ok(VERIFY_WRITE, frame, sizeof (*frame)))
+                return -EFAULT;
+        /* Convert (siginfo_t -> compat_siginfo_t) and copy to user. */
+        err |= copy_siginfo_to_user32(&frame->rs_info, &ksig->info);
+        /* Create the ucontext.  */
+        err |= __put_user(0, &frame->rs_uc.uc_flags);
+        err |= __put_user(0, &frame->rs_uc.uc_link);
+        err |= __compat_save_altstack(&frame->rs_uc.uc_stack, regs->regs[29]);
+        err |= setup_sigcontext32(regs, &frame->rs_uc.uc_mcontext);
+        err |= __copy_conv_sigset_to_user(&frame->rs_uc.uc_sigmask, set);
+        if (err)
+                return -EFAULT;
+        /*
+         * Arguments to signal handler:
+         *
+         *   a0 = signal number
+         *   a1 = 0 (should be cause)
+         *   a2 = pointer to ucontext
+         *
+         * $25 and c0_epc point to the signal handler, $29 points to
+         * the struct rt_sigframe32.
+         */
+        regs->regs[ 4] = ksig->sig;
+        regs->regs[ 5] = (unsigned long) &frame->rs_info;
+        regs->regs[ 6] = (unsigned long) &frame->rs_uc;
+        regs->regs[29] = (unsigned long) frame;
+        regs->regs[31] = (unsigned long) sig_return;
+        regs->cp0_epc = regs->regs[25] = (unsigned long) ksig->ka.sa.sa_handler;
+        DEBUGP("SIG deliver (%s:%d): sp=0x%p pc=0x%lx ra=0x%lx\n",
+               current->comm, current->pid,
+               frame, regs->cp0_epc, regs->regs[31]);
+        return 0;
+}
+/*
+ * o32 compatibility on 64-bit kernels, without DSP ASE
+ */
+struct mips_abi mips_abi_32 = {
+        .setup_frame    = setup_frame_32,
+        .setup_rt_frame = setup_rt_frame_32,
+        .restart        = __NR_O32_restart_syscall,
+        .off_sc_fpregs = offsetof(struct sigcontext32, sc_fpregs),
+        .off_sc_fpc_csr = offsetof(struct sigcontext32, sc_fpc_csr),
+        .off_sc_used_math = offsetof(struct sigcontext32, sc_used_math),
+        .vdso           = &vdso_image_o32,
+};
+asmlinkage void sys32_sigreturn(nabi_no_regargs struct pt_regs regs)
+{
+        struct sigframe32 __user *frame;
+        sigset_t blocked;
+        int sig;
+        frame = (struct sigframe32 __user *) regs.regs[29];
+        if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
+                goto badframe;
+        if (__copy_conv_sigset_from_user(&blocked, &frame->sf_mask))
+                goto badframe;
+        set_current_blocked(&blocked);
+        sig = restore_sigcontext32(&regs, &frame->sf_sc);
+        if (sig < 0)
+                goto badframe;
+        else if (sig)
+                force_sig(sig, current);
+        /*
+         * Don't let your children do this ...
+         */
+        __asm__ __volatile__(
+                "move\t$29, %0\n\t"
+                "j\tsyscall_exit"
+                :/* no outputs */
+                :"r" (&regs));
+        /* Unreached */
+badframe:
+        force_sig(SIGSEGV, current);
+}
diff --git a/arch/mips/kernel/smp-bmips.c b/arch/mips/kernel/smp-bmips.c
index e02addc0307f..6d0f1321e084 100644
--- a/arch/mips/kernel/smp-bmips.c
+++ b/arch/mips/kernel/smp-bmips.c
@@ -363,6 +363,7 @@ static int bmips_cpu_disable(void)
        pr_info("SMP: CPU%d is offline\n", cpu);
        set_cpu_online(cpu, false);
+        calculate_cpu_foreign_map();
        cpumask_clear_cpu(cpu, &cpu_callin_map);
        clear_c0_status(IE_IRQ5);
diff --git a/arch/mips/kernel/smp-cps.c b/arch/mips/kernel/smp-cps.c
index 05b3201271b4..e9d9fc6c754c 100644
--- a/arch/mips/kernel/smp-cps.c
+++ b/arch/mips/kernel/smp-cps.c
@@ -206,7 +206,7 @@ err_out:
        }
 }
-static void boot_core(unsigned core)
+static void boot_core(unsigned int core, unsigned int vpe_id)
 {
        u32 access, stat, seq_state;
        unsigned timeout;
@@ -233,8 +233,9 @@ static void boot_core(unsigned core)
                mips_cpc_lock_other(core);
                if (mips_cm_revision() >= CM_REV_CM3) {
-                        /* Run VP0 following the reset */
+                        /* Run only the requested VP following the reset */
-                        write_cpc_co_vp_run(0x1);
+                        write_cpc_co_vp_stop(0xf);
+                        write_cpc_co_vp_run(1 << vpe_id);
                        /*
                         * Ensure that the VP_RUN register is written before the
@@ -306,7 +307,7 @@ static void cps_boot_secondary(int cpu, struct task_struct *idle)
        if (!test_bit(core, core_power)) {
                /* Boot a VPE on a powered down core */
-                boot_core(core);
+                boot_core(core, vpe_id);
                goto out;
        }
@@ -397,6 +398,7 @@ static int cps_cpu_disable(void)
        atomic_sub(1 << cpu_vpe_id(&current_cpu_data), &core_cfg->vpe_mask);
        smp_mb__after_atomic();
        set_cpu_online(cpu, false);
+        calculate_cpu_foreign_map();
        cpumask_clear_cpu(cpu, &cpu_callin_map);
        return 0;
@@ -411,14 +413,16 @@ static enum {
 void play_dead(void)
 {
-        unsigned cpu, core;
+        unsigned int cpu, core, vpe_id;
        local_irq_disable();
        idle_task_exit();
        cpu = smp_processor_id();
        cpu_death = CPU_DEATH_POWER;
-        if (cpu_has_mipsmt) {
+        pr_debug("CPU%d going offline\n", cpu);
+        if (cpu_has_mipsmt || cpu_has_vp) {
                core = cpu_data[cpu].core;
                /* Look for another online VPE within the core */
@@ -439,10 +443,21 @@ void play_dead(void)
        complete(&cpu_death_chosen);
        if (cpu_death == CPU_DEATH_HALT) {
-                /* Halt this TC */
+                vpe_id = cpu_vpe_id(&cpu_data[cpu]);
-                write_c0_tchalt(TCHALT_H);
-                instruction_hazard();
+                pr_debug("Halting core %d VP%d\n", core, vpe_id);
+                if (cpu_has_mipsmt) {
+                        /* Halt this TC */
+                        write_c0_tchalt(TCHALT_H);
+                        instruction_hazard();
+                } else if (cpu_has_vp) {
+                        write_cpc_cl_vp_stop(1 << vpe_id);
+                        /* Ensure that the VP_STOP register is written */
+                        wmb();
+                }
        } else {
+                pr_debug("Gating power to core %d\n", core);
                /* Power down the core */
                cps_pm_enter_state(CPS_PM_POWER_GATED);
        }
@@ -469,6 +484,7 @@ static void wait_for_sibling_halt(void *ptr_cpu)
 static void cps_cpu_die(unsigned int cpu)
 {
        unsigned core = cpu_data[cpu].core;
+        unsigned int vpe_id = cpu_vpe_id(&cpu_data[cpu]);
        unsigned stat;
        int err;
@@ -497,10 +513,12 @@ static void cps_cpu_die(unsigned int cpu)
                 * in which case the CPC will refuse to power down the core.
                 */
                do {
+                        mips_cm_lock_other(core, vpe_id);
                        mips_cpc_lock_other(core);
                        stat = read_cpc_co_stat_conf();
                        stat &= CPC_Cx_STAT_CONF_SEQSTATE_MSK;
                        mips_cpc_unlock_other();
+                        mips_cm_unlock_other();
                } while (stat != CPC_Cx_STAT_CONF_SEQSTATE_D0 &&
                         stat != CPC_Cx_STAT_CONF_SEQSTATE_D2 &&
                         stat != CPC_Cx_STAT_CONF_SEQSTATE_U2);
@@ -517,6 +535,12 @@ static void cps_cpu_die(unsigned int cpu)
                                               (void *)(unsigned long)cpu, 1);
                if (err)
                        panic("Failed to call remote sibling CPU\n");
+        } else if (cpu_has_vp) {
+                do {
+                        mips_cm_lock_other(core, vpe_id);
+                        stat = read_cpc_co_vp_running();
+                        mips_cm_unlock_other();
+                } while (stat & (1 << vpe_id));
        }
 }
diff --git a/arch/mips/kernel/smp.c b/arch/mips/kernel/smp.c
index f9d01e953acb..f95f094f36e4 100644
--- a/arch/mips/kernel/smp.c
+++ b/arch/mips/kernel/smp.c
@@ -72,7 +72,7 @@ EXPORT_SYMBOL(cpu_core_map);
 * A logcal cpu mask containing only one VPE per core to
 * reduce the number of IPIs on large MT systems.
 */
-cpumask_t cpu_foreign_map __read_mostly;
+cpumask_t cpu_foreign_map[NR_CPUS] __read_mostly;
 EXPORT_SYMBOL(cpu_foreign_map);
 /* representing cpus for which sibling maps can be computed */
@@ -124,7 +124,7 @@ static inline void set_cpu_core_map(int cpu)
 * Calculate a new cpu_foreign_map mask whenever a
 * new cpu appears or disappears.
 */
-static inline void calculate_cpu_foreign_map(void)
+void calculate_cpu_foreign_map(void)
 {
        int i, k, core_present;
        cpumask_t temp_foreign_map;
@@ -141,7 +141,9 @@ static inline void calculate_cpu_foreign_map(void)
                        cpumask_set_cpu(i, &temp_foreign_map);
        }
-        cpumask_copy(&cpu_foreign_map, &temp_foreign_map);
+        for_each_online_cpu(i)
+                cpumask_andnot(&cpu_foreign_map[i],
+                               &temp_foreign_map, &cpu_sibling_map[i]);
 }
 struct plat_smp_ops *mp_ops;
@@ -344,16 +346,9 @@ asmlinkage void start_secondary(void)
 static void stop_this_cpu(void *dummy)
 {
        /*
-         * Remove this CPU. Be a bit slow here and
+         * Remove this CPU:
-         * set the bits for every online CPU so we don't miss
-         * any IPI whilst taking this VPE down.
         */
-        cpumask_copy(&cpu_foreign_map, cpu_online_mask);
-        /* Make it visible to every other CPU */
-        smp_mb();
        set_cpu_online(smp_processor_id(), false);
        calculate_cpu_foreign_map();
        local_irq_disable();
@@ -512,10 +507,17 @@ void flush_tlb_range(struct vm_area_struct *vma, unsigned long start, unsigned l
                smp_on_other_tlbs(flush_tlb_range_ipi, &fd);
        } else {
                unsigned int cpu;
+                int exec = vma->vm_flags & VM_EXEC;
                for_each_online_cpu(cpu) {
+                        /*
+                         * flush_cache_range() will only fully flush icache if
+                         * the VMA is executable, otherwise we must invalidate
+                         * ASID without it appearing to has_valid_asid() as if
+                         * mm has been completely unused by that CPU.
+                         */
                        if (cpu != smp_processor_id() && cpu_context(cpu, mm))
-                                cpu_context(cpu, mm) = 0;
+                                cpu_context(cpu, mm) = !exec;
                }
        }
        local_flush_tlb_range(vma, start, end);
@@ -560,8 +562,14 @@ void flush_tlb_page(struct vm_area_struct *vma, unsigned long page)
                unsigned int cpu;
                for_each_online_cpu(cpu) {
+                        /*
+                         * flush_cache_page() only does partial flushes, so
+                         * invalidate ASID without it appearing to
+                         * has_valid_asid() as if mm has been completely unused
+                         * by that CPU.
+                         */
                        if (cpu != smp_processor_id() && cpu_context(cpu, vma->vm_mm))
-                                cpu_context(cpu, vma->vm_mm) = 0;
+                                cpu_context(cpu, vma->vm_mm) = 1;
                }
        }
        local_flush_tlb_page(vma, page);
diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c
index 6fb4704bd156..3de85be2486a 100644
--- a/arch/mips/kernel/traps.c
+++ b/arch/mips/kernel/traps.c
@@ -704,6 +704,7 @@ asmlinkage void do_ov(struct pt_regs *regs)
 int process_fpemu_return(int sig, void __user *fault_addr, unsigned long fcr31)
 {
        struct siginfo si = { 0 };
+        struct vm_area_struct *vma;
        switch (sig) {
        case 0:
@@ -744,7 +745,8 @@ int process_fpemu_return(int sig, void __user *fault_addr, unsigned long fcr31)
                si.si_addr = fault_addr;
                si.si_signo = sig;
                down_read(&current->mm->mmap_sem);
-                if (find_vma(current->mm, (unsigned long)fault_addr))
+                vma = find_vma(current->mm, (unsigned long)fault_addr);
+                if (vma && (vma->vm_start <= (unsigned long)fault_addr))
                        si.si_code = SEGV_ACCERR;
                else
                        si.si_code = SEGV_MAPERR;
diff --git a/arch/mips/kernel/vdso.c b/arch/mips/kernel/vdso.c
index 54e1663ce639..9abe447a4b48 100644
--- a/arch/mips/kernel/vdso.c
+++ b/arch/mips/kernel/vdso.c
@@ -107,6 +107,16 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
        if (down_write_killable(&mm->mmap_sem))
                return -EINTR;
+        /* Map delay slot emulation page */
+        base = mmap_region(NULL, STACK_TOP, PAGE_SIZE,
+                           VM_READ|VM_WRITE|VM_EXEC|
+                           VM_MAYREAD|VM_MAYWRITE|VM_MAYEXEC,
+                           0);
+        if (IS_ERR_VALUE(base)) {
+                ret = base;
+                goto out;
+        }
        /*
         * Determine total area size. This includes the VDSO data itself, the
         * data page, and the GIC user page if present. Always create a mapping
author	Linus Torvalds <torvalds@linux-foundation.org>	2016-08-06 09:13:11 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2016-08-06 09:13:11 -0400
commit	4305f42401b29e2e024bd064618faf25aef5cb69 (patch)
tree	1bc924cfa60c9efbb21e07c1d834f495301cffc8 /arch/mips/kernel
parent	db8262787e82b5c0fa57bd9d676add187519a751 (diff)
parent	4a89cf810130fde41e3fc729e770cb1a5a87d245 (diff)