From: Greg Kroah-Hartman Date: Thu, 2 Oct 2014 19:43:39 +0000 (-0700) Subject: 3.16-stable patches X-Git-Tag: v3.16.4~79 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7c1386f8f41aa214b21989b9d024d4afdb7e091a;p=thirdparty%2Fkernel%2Fstable-queue.git 3.16-stable patches added patches: alsa-core-fix-buffer-overflow-in-snd_info_get_line.patch alsa-dice-fix-wrong-channel-mappping-at-higher-sampling-rate.patch alsa-firewire-lib-dice-add-arrangements-of-pcm-pointer-and-interrupts-for-dice-quirk.patch alsa-hda-add-fixup-model-name-lookup-for-lemote-a1205.patch alsa-hda-fix-coef-setups-for-alc1150-codec.patch alsa-hda-fix-digital-mic-on-acer-aspire-3830tg.patch alsa-hda-fix-invalid-pin-powermap-without-jack-detection.patch alsa-pcm-fix-fifo_size-frame-calculation.patch arm64-ptrace-fix-compat-hardware-watchpoint-reporting.patch cfq-iosched-fix-wrong-children_weight-calculation.patch trace-fix-epoll-hang-when-we-race-with-new-entries.patch --- diff --git a/queue-3.16/alsa-core-fix-buffer-overflow-in-snd_info_get_line.patch b/queue-3.16/alsa-core-fix-buffer-overflow-in-snd_info_get_line.patch new file mode 100644 index 00000000000..b331054392e --- /dev/null +++ b/queue-3.16/alsa-core-fix-buffer-overflow-in-snd_info_get_line.patch @@ -0,0 +1,44 @@ +From ddc64b278a4dda052390b3de1b551e59acdff105 Mon Sep 17 00:00:00 2001 +From: Clemens Ladisch +Date: Thu, 21 Aug 2014 20:55:21 +0200 +Subject: ALSA: core: fix buffer overflow in snd_info_get_line() + +From: Clemens Ladisch + +commit ddc64b278a4dda052390b3de1b551e59acdff105 upstream. + +snd_info_get_line() documents that its last parameter must be one +less than the buffer size, but this API design guarantees that +(literally) every caller gets it wrong. + +Just change this parameter to have its obvious meaning. + +Reported-by: Tommi Rantala +Signed-off-by: Clemens Ladisch +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/core/info.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/sound/core/info.c ++++ b/sound/core/info.c +@@ -684,7 +684,7 @@ int snd_info_card_free(struct snd_card * + * snd_info_get_line - read one line from the procfs buffer + * @buffer: the procfs buffer + * @line: the buffer to store +- * @len: the max. buffer size - 1 ++ * @len: the max. buffer size + * + * Reads one line from the buffer and stores the string. + * +@@ -704,7 +704,7 @@ int snd_info_get_line(struct snd_info_bu + buffer->stop = 1; + if (c == '\n') + break; +- if (len) { ++ if (len > 1) { + len--; + *line++ = c; + } diff --git a/queue-3.16/alsa-dice-fix-wrong-channel-mappping-at-higher-sampling-rate.patch b/queue-3.16/alsa-dice-fix-wrong-channel-mappping-at-higher-sampling-rate.patch new file mode 100644 index 00000000000..e58d4278783 --- /dev/null +++ b/queue-3.16/alsa-dice-fix-wrong-channel-mappping-at-higher-sampling-rate.patch @@ -0,0 +1,55 @@ +From 1033eb5b5aeeb526c22068e0fb0cef9f3c14231e Mon Sep 17 00:00:00 2001 +From: Takashi Sakamoto +Date: Fri, 29 Aug 2014 13:40:44 +0900 +Subject: ALSA: dice: fix wrong channel mappping at higher sampling rate + +From: Takashi Sakamoto + +commit 1033eb5b5aeeb526c22068e0fb0cef9f3c14231e upstream. + +The channel mapping is initialized by amdtp_stream_set_parameters(), however +Dice driver set it before calling this function. Furthermore, the setting is +wrong because the index is the value of array, and vice versa. + +This commit moves codes for channel mapping after the function and set it correctly. + +Reported-by: Daniel Robbins +Fixes: 10550bea44a8 ("ALSA: dice/firewire-lib: Keep dualwire mode but obsolete CIP_HI_DUALWIRE") +Signed-off-by: Takashi Sakamoto +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/firewire/dice.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +--- a/sound/firewire/dice.c ++++ b/sound/firewire/dice.c +@@ -579,11 +579,6 @@ static int dice_hw_params(struct snd_pcm + return err; + } + +- for (i = 0; i < channels; i++) { +- dice->stream.pcm_positions[i * 2] = i; +- dice->stream.pcm_positions[i * 2 + 1] = i + channels; +- } +- + rate /= 2; + channels *= 2; + } +@@ -591,6 +586,15 @@ static int dice_hw_params(struct snd_pcm + mode = rate_index_to_mode(rate_index); + amdtp_stream_set_parameters(&dice->stream, rate, channels, + dice->rx_midi_ports[mode]); ++ if (rate_index > 4) { ++ channels /= 2; ++ ++ for (i = 0; i < channels; i++) { ++ dice->stream.pcm_positions[i] = i * 2; ++ dice->stream.pcm_positions[i + channels] = i * 2 + 1; ++ } ++ } ++ + amdtp_stream_set_pcm_format(&dice->stream, + params_format(hw_params)); + diff --git a/queue-3.16/alsa-firewire-lib-dice-add-arrangements-of-pcm-pointer-and-interrupts-for-dice-quirk.patch b/queue-3.16/alsa-firewire-lib-dice-add-arrangements-of-pcm-pointer-and-interrupts-for-dice-quirk.patch new file mode 100644 index 00000000000..2585e5caaf0 --- /dev/null +++ b/queue-3.16/alsa-firewire-lib-dice-add-arrangements-of-pcm-pointer-and-interrupts-for-dice-quirk.patch @@ -0,0 +1,95 @@ +From 65845f29bec6bc17f80eff25c3bc39bcf3be9bf9 Mon Sep 17 00:00:00 2001 +From: Takashi Sakamoto +Date: Fri, 29 Aug 2014 13:40:45 +0900 +Subject: ALSA: firewire-lib/dice: add arrangements of PCM pointer and interrupts for Dice quirk + +From: Takashi Sakamoto + +commit 65845f29bec6bc17f80eff25c3bc39bcf3be9bf9 upstream. + +In IEC 61883-6, one data block transfers one event. In ALSA, the event equals one PCM frame, +hence one data block transfers one PCM frame. But Dice has a quirk at higher sampling rate +(176.4/192.0 kHz) that one data block transfers two PCM frames. + +Commit 10550bea44a8 ("ALSA: dice/firewire-lib: Keep dualwire mode but obsolete +CIP_HI_DUALWIRE") moved some codes related to this quirk into Dice driver. But the commit +forgot to add arrangements for PCM period interrupts and DMA pointer updates. As a result, Dice +driver cannot work correctly at higher sampling rate. + +This commit adds 'double_pcm_frames' parameter to amdtp structure for this quirk. When this +parameter is set, PCM period interrupts and DMA pointer updates occur at double speed than in +IEC 61883-6. + +Reported-by: Daniel Robbins +Fixes: 10550bea44a8 ("ALSA: dice/firewire-lib: Keep dualwire mode but obsolete CIP_HI_DUALWIRE") +Signed-off-by: Takashi Sakamoto +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/firewire/amdtp.c | 11 ++++++++++- + sound/firewire/amdtp.h | 1 + + sound/firewire/dice.c | 15 +++++++++++---- + 3 files changed, 22 insertions(+), 5 deletions(-) + +--- a/sound/firewire/amdtp.c ++++ b/sound/firewire/amdtp.c +@@ -507,7 +507,16 @@ static void amdtp_pull_midi(struct amdtp + static void update_pcm_pointers(struct amdtp_stream *s, + struct snd_pcm_substream *pcm, + unsigned int frames) +-{ unsigned int ptr; ++{ ++ unsigned int ptr; ++ ++ /* ++ * In IEC 61883-6, one data block represents one event. In ALSA, one ++ * event equals to one PCM frame. But Dice has a quirk to transfer ++ * two PCM frames in one data block. ++ */ ++ if (s->double_pcm_frames) ++ frames *= 2; + + ptr = s->pcm_buffer_pointer + frames; + if (ptr >= pcm->runtime->buffer_size) +--- a/sound/firewire/amdtp.h ++++ b/sound/firewire/amdtp.h +@@ -125,6 +125,7 @@ struct amdtp_stream { + unsigned int pcm_buffer_pointer; + unsigned int pcm_period_pointer; + bool pointer_flush; ++ bool double_pcm_frames; + + struct snd_rawmidi_substream *midi[AMDTP_MAX_CHANNELS_FOR_MIDI * 8]; + +--- a/sound/firewire/dice.c ++++ b/sound/firewire/dice.c +@@ -567,10 +567,14 @@ static int dice_hw_params(struct snd_pcm + return err; + + /* +- * At rates above 96 kHz, pretend that the stream runs at half the +- * actual sample rate with twice the number of channels; two samples +- * of a channel are stored consecutively in the packet. Requires +- * blocking mode and PCM buffer size should be aligned to SYT_INTERVAL. ++ * At 176.4/192.0 kHz, Dice has a quirk to transfer two PCM frames in ++ * one data block of AMDTP packet. Thus sampling transfer frequency is ++ * a half of PCM sampling frequency, i.e. PCM frames at 192.0 kHz are ++ * transferred on AMDTP packets at 96 kHz. Two successive samples of a ++ * channel are stored consecutively in the packet. This quirk is called ++ * as 'Dual Wire'. ++ * For this quirk, blocking mode is required and PCM buffer size should ++ * be aligned to SYT_INTERVAL. + */ + channels = params_channels(hw_params); + if (rate_index > 4) { +@@ -581,6 +585,9 @@ static int dice_hw_params(struct snd_pcm + + rate /= 2; + channels *= 2; ++ dice->stream.double_pcm_frames = true; ++ } else { ++ dice->stream.double_pcm_frames = false; + } + + mode = rate_index_to_mode(rate_index); diff --git a/queue-3.16/alsa-hda-add-fixup-model-name-lookup-for-lemote-a1205.patch b/queue-3.16/alsa-hda-add-fixup-model-name-lookup-for-lemote-a1205.patch new file mode 100644 index 00000000000..dcff783e844 --- /dev/null +++ b/queue-3.16/alsa-hda-add-fixup-model-name-lookup-for-lemote-a1205.patch @@ -0,0 +1,31 @@ +From 8245b3634516e6b7eb1c94594c0fd41d233502aa Mon Sep 17 00:00:00 2001 +From: Huacai Chen +Date: Fri, 19 Sep 2014 14:57:02 +0800 +Subject: ALSA: hda - Add fixup model name lookup for Lemote A1205 + +From: Huacai Chen + +commit 8245b3634516e6b7eb1c94594c0fd41d233502aa upstream. + +Lemote A1004 is already added in commit a2dd933d01f (ALSA: hda - Add +fixup name lookup for CX5051 and 5066 codecs), but Lemote A1205 has +missing. + +Signed-off-by: Huacai Chen +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_conexant.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_conexant.c ++++ b/sound/pci/hda/patch_conexant.c +@@ -3382,6 +3382,7 @@ static const struct hda_model_fixup cxt5 + { .id = CXT_PINCFG_LENOVO_TP410, .name = "tp410" }, + { .id = CXT_FIXUP_THINKPAD_ACPI, .name = "thinkpad" }, + { .id = CXT_PINCFG_LEMOTE_A1004, .name = "lemote-a1004" }, ++ { .id = CXT_PINCFG_LEMOTE_A1205, .name = "lemote-a1205" }, + { .id = CXT_FIXUP_OLPC_XO, .name = "olpc-xo" }, + {} + }; diff --git a/queue-3.16/alsa-hda-fix-coef-setups-for-alc1150-codec.patch b/queue-3.16/alsa-hda-fix-coef-setups-for-alc1150-codec.patch new file mode 100644 index 00000000000..65ce43cb1d7 --- /dev/null +++ b/queue-3.16/alsa-hda-fix-coef-setups-for-alc1150-codec.patch @@ -0,0 +1,40 @@ +From acf08081adb5e8fe0519eb97bb49797ef52614d6 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Tue, 2 Sep 2014 07:21:56 +0200 +Subject: ALSA: hda - Fix COEF setups for ALC1150 codec + +From: Takashi Iwai + +commit acf08081adb5e8fe0519eb97bb49797ef52614d6 upstream. + +ALC1150 codec seems to need the COEF- and PLL-setups just like its +compatible ALC882 codec. Some machines (e.g. SunMicro X10SAT) show +the problem like too low output volumes unless the COEF setup is +applied. + +Reported-and-tested-by: Dana Goyette +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -327,6 +327,7 @@ static void alc_auto_init_amp(struct hda + case 0x10ec0885: + case 0x10ec0887: + /*case 0x10ec0889:*/ /* this causes an SPDIF problem */ ++ case 0x10ec0900: + alc889_coef_init(codec); + break; + case 0x10ec0888: +@@ -2349,6 +2350,7 @@ static int patch_alc882(struct hda_codec + switch (codec->vendor_id) { + case 0x10ec0882: + case 0x10ec0885: ++ case 0x10ec0900: + break; + default: + /* ALC883 and variants */ diff --git a/queue-3.16/alsa-hda-fix-digital-mic-on-acer-aspire-3830tg.patch b/queue-3.16/alsa-hda-fix-digital-mic-on-acer-aspire-3830tg.patch new file mode 100644 index 00000000000..1ed8c5164d2 --- /dev/null +++ b/queue-3.16/alsa-hda-fix-digital-mic-on-acer-aspire-3830tg.patch @@ -0,0 +1,52 @@ +From ff50479ad61069f3ee14863225aebe36d598e93e Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Mon, 1 Sep 2014 14:26:49 +0200 +Subject: ALSA: hda - Fix digital mic on Acer Aspire 3830TG + +From: Takashi Iwai + +commit ff50479ad61069f3ee14863225aebe36d598e93e upstream. + +Acer Aspire 3830TG with CX20588 codec has a digital built-in mic that +has the same problem like many others, the inverted signal in stereo. +Apply the same fixup to this machine, too. + +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_conexant.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/sound/pci/hda/patch_conexant.c ++++ b/sound/pci/hda/patch_conexant.c +@@ -2822,6 +2822,7 @@ enum { + CXT_FIXUP_HEADPHONE_MIC_PIN, + CXT_FIXUP_HEADPHONE_MIC, + CXT_FIXUP_GPIO1, ++ CXT_FIXUP_ASPIRE_DMIC, + CXT_FIXUP_THINKPAD_ACPI, + CXT_FIXUP_OLPC_XO, + CXT_FIXUP_CAP_MIX_AMP, +@@ -3269,6 +3270,12 @@ static const struct hda_fixup cxt_fixups + { } + }, + }, ++ [CXT_FIXUP_ASPIRE_DMIC] = { ++ .type = HDA_FIXUP_FUNC, ++ .v.func = cxt_fixup_stereo_dmic, ++ .chained = true, ++ .chain_id = CXT_FIXUP_GPIO1, ++ }, + [CXT_FIXUP_THINKPAD_ACPI] = { + .type = HDA_FIXUP_FUNC, + .v.func = hda_fixup_thinkpad_acpi, +@@ -3349,7 +3356,7 @@ static const struct hda_model_fixup cxt5 + + static const struct snd_pci_quirk cxt5066_fixups[] = { + SND_PCI_QUIRK(0x1025, 0x0543, "Acer Aspire One 522", CXT_FIXUP_STEREO_DMIC), +- SND_PCI_QUIRK(0x1025, 0x054c, "Acer Aspire 3830TG", CXT_FIXUP_GPIO1), ++ SND_PCI_QUIRK(0x1025, 0x054c, "Acer Aspire 3830TG", CXT_FIXUP_ASPIRE_DMIC), + SND_PCI_QUIRK(0x1043, 0x138d, "Asus", CXT_FIXUP_HEADPHONE_MIC_PIN), + SND_PCI_QUIRK(0x152d, 0x0833, "OLPC XO-1.5", CXT_FIXUP_OLPC_XO), + SND_PCI_QUIRK(0x17aa, 0x20f2, "Lenovo T400", CXT_PINCFG_LENOVO_TP410), diff --git a/queue-3.16/alsa-hda-fix-invalid-pin-powermap-without-jack-detection.patch b/queue-3.16/alsa-hda-fix-invalid-pin-powermap-without-jack-detection.patch new file mode 100644 index 00000000000..bae5d91ae63 --- /dev/null +++ b/queue-3.16/alsa-hda-fix-invalid-pin-powermap-without-jack-detection.patch @@ -0,0 +1,73 @@ +From 7a9744cb455e6faa287e148394b4b422a6f3c5c4 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Thu, 11 Sep 2014 12:59:21 +0200 +Subject: ALSA: hda - Fix invalid pin powermap without jack detection + +From: Takashi Iwai + +commit 7a9744cb455e6faa287e148394b4b422a6f3c5c4 upstream. + +When a driver is set up without the jack detection explicitly (either +by passing a model option or via a specific fixup), the pin powermap +of IDT/STAC codecs is set up wrongly, resulting in the silence +output. It's because of a logic failure in stac_init_power_map(). +It tries to avoid creating a callback for the pins that have other +auto-hp and auto-mic callbacks, but the check is done in a wrong way +at a wrong time. The stac_init_power_map() should be called after +creating other jack detection ctls, and the jack callback should be +created only for jack-detectable widgets. + +This patch fixes the check in stac_init_power_map() and its callee +at the right place, after snd_hda_gen_build_controls(). + +Reported-by: Adam Richter +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_sigmatel.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +--- a/sound/pci/hda/patch_sigmatel.c ++++ b/sound/pci/hda/patch_sigmatel.c +@@ -565,8 +565,8 @@ static void stac_init_power_map(struct h + if (snd_hda_jack_tbl_get(codec, nid)) + continue; + if (def_conf == AC_JACK_PORT_COMPLEX && +- !(spec->vref_mute_led_nid == nid || +- is_jack_detectable(codec, nid))) { ++ spec->vref_mute_led_nid != nid && ++ is_jack_detectable(codec, nid)) { + snd_hda_jack_detect_enable_callback(codec, nid, + STAC_PWR_EVENT, + jack_update_power); +@@ -4263,11 +4263,18 @@ static int stac_parse_auto_config(struct + return err; + } + +- stac_init_power_map(codec); +- + return 0; + } + ++static int stac_build_controls(struct hda_codec *codec) ++{ ++ int err = snd_hda_gen_build_controls(codec); ++ ++ if (err < 0) ++ return err; ++ stac_init_power_map(codec); ++ return 0; ++} + + static int stac_init(struct hda_codec *codec) + { +@@ -4379,7 +4386,7 @@ static int stac_suspend(struct hda_codec + #endif /* CONFIG_PM */ + + static const struct hda_codec_ops stac_patch_ops = { +- .build_controls = snd_hda_gen_build_controls, ++ .build_controls = stac_build_controls, + .build_pcms = snd_hda_gen_build_pcms, + .init = stac_init, + .free = stac_free, diff --git a/queue-3.16/alsa-pcm-fix-fifo_size-frame-calculation.patch b/queue-3.16/alsa-pcm-fix-fifo_size-frame-calculation.patch new file mode 100644 index 00000000000..bf583bc6584 --- /dev/null +++ b/queue-3.16/alsa-pcm-fix-fifo_size-frame-calculation.patch @@ -0,0 +1,46 @@ +From a9960e6a293e6fc3ed414643bb4e4106272e4d0a Mon Sep 17 00:00:00 2001 +From: Clemens Ladisch +Date: Sun, 21 Sep 2014 22:50:57 +0200 +Subject: ALSA: pcm: fix fifo_size frame calculation + +From: Clemens Ladisch + +commit a9960e6a293e6fc3ed414643bb4e4106272e4d0a upstream. + +The calculated frame size was wrong because snd_pcm_format_physical_width() +actually returns the number of bits, not bytes. + +Use snd_pcm_format_size() instead, which not only returns bytes, but also +simplifies the calculation. + +Fixes: 8bea869c5e56 ("ALSA: PCM midlevel: improve fifo_size handling") +Signed-off-by: Clemens Ladisch +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/core/pcm_lib.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/sound/core/pcm_lib.c ++++ b/sound/core/pcm_lib.c +@@ -1782,14 +1782,16 @@ static int snd_pcm_lib_ioctl_fifo_size(s + { + struct snd_pcm_hw_params *params = arg; + snd_pcm_format_t format; +- int channels, width; ++ int channels; ++ ssize_t frame_size; + + params->fifo_size = substream->runtime->hw.fifo_size; + if (!(substream->runtime->hw.info & SNDRV_PCM_INFO_FIFO_IN_FRAMES)) { + format = params_format(params); + channels = params_channels(params); +- width = snd_pcm_format_physical_width(format); +- params->fifo_size /= width * channels; ++ frame_size = snd_pcm_format_size(format, channels); ++ if (frame_size > 0) ++ params->fifo_size /= (unsigned)frame_size; + } + return 0; + } diff --git a/queue-3.16/arm64-ptrace-fix-compat-hardware-watchpoint-reporting.patch b/queue-3.16/arm64-ptrace-fix-compat-hardware-watchpoint-reporting.patch new file mode 100644 index 00000000000..7aa1c82fe04 --- /dev/null +++ b/queue-3.16/arm64-ptrace-fix-compat-hardware-watchpoint-reporting.patch @@ -0,0 +1,49 @@ +From 27d7ff273c2aad37b28f6ff0cab2cfa35b51e648 Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Fri, 22 Aug 2014 14:13:24 +0100 +Subject: arm64: ptrace: fix compat hardware watchpoint reporting + +From: Will Deacon + +commit 27d7ff273c2aad37b28f6ff0cab2cfa35b51e648 upstream. + +I'm not sure what I was on when I wrote this, but when iterating over +the hardware watchpoint array (hbp_watch_array), our index is off by +ARM_MAX_BRP, so we walk off the end of our thread_struct... + +... except, a dodgy condition in the loop means that it never executes +at all (bp cannot be NULL). + +This patch fixes the code so that we remove the bp check and use the +correct index for accessing the watchpoint structures. + +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/include/asm/hw_breakpoint.h | 1 - + arch/arm64/kernel/ptrace.c | 3 ++- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm64/include/asm/hw_breakpoint.h ++++ b/arch/arm64/include/asm/hw_breakpoint.h +@@ -79,7 +79,6 @@ static inline void decode_ctrl_reg(u32 r + */ + #define ARM_MAX_BRP 16 + #define ARM_MAX_WRP 16 +-#define ARM_MAX_HBP_SLOTS (ARM_MAX_BRP + ARM_MAX_WRP) + + /* Virtual debug register bases. */ + #define AARCH64_DBG_REG_BVR 0 +--- a/arch/arm64/kernel/ptrace.c ++++ b/arch/arm64/kernel/ptrace.c +@@ -85,7 +85,8 @@ static void ptrace_hbptriggered(struct p + break; + } + } +- for (i = ARM_MAX_BRP; i < ARM_MAX_HBP_SLOTS && !bp; ++i) { ++ ++ for (i = 0; i < ARM_MAX_WRP; ++i) { + if (current->thread.debug.hbp_watch[i] == bp) { + info.si_errno = -((i << 1) + 1); + break; diff --git a/queue-3.16/cfq-iosched-fix-wrong-children_weight-calculation.patch b/queue-3.16/cfq-iosched-fix-wrong-children_weight-calculation.patch new file mode 100644 index 00000000000..744817cf824 --- /dev/null +++ b/queue-3.16/cfq-iosched-fix-wrong-children_weight-calculation.patch @@ -0,0 +1,88 @@ +From e15693ef18e13e3e6bffe891fe140f18b8ff6d07 Mon Sep 17 00:00:00 2001 +From: Toshiaki Makita +Date: Tue, 26 Aug 2014 20:56:36 +0900 +Subject: cfq-iosched: Fix wrong children_weight calculation + +From: Toshiaki Makita + +commit e15693ef18e13e3e6bffe891fe140f18b8ff6d07 upstream. + +cfq_group_service_tree_add() is applying new_weight at the beginning of +the function via cfq_update_group_weight(). +This actually allows weight to change between adding it to and subtracting +it from children_weight, and triggers WARN_ON_ONCE() in +cfq_group_service_tree_del(), or even causes oops by divide error during +vfr calculation in cfq_group_service_tree_add(). + +The detailed scenario is as follows: +1. Create blkio cgroups X and Y as a child of X. + Set X's weight to 500 and perform some I/O to apply new_weight. + This X's I/O completes before starting Y's I/O. +2. Y starts I/O and cfq_group_service_tree_add() is called with Y. +3. cfq_group_service_tree_add() walks up the tree during children_weight + calculation and adds parent X's weight (500) to children_weight of root. + children_weight becomes 500. +4. Set X's weight to 1000. +5. X starts I/O and cfq_group_service_tree_add() is called with X. +6. cfq_group_service_tree_add() applies its new_weight (1000). +7. I/O of Y completes and cfq_group_service_tree_del() is called with Y. +8. I/O of X completes and cfq_group_service_tree_del() is called with X. +9. cfq_group_service_tree_del() subtracts X's weight (1000) from + children_weight of root. children_weight becomes -500. + This triggers WARN_ON_ONCE(). +10. Set X's weight to 500. +11. X starts I/O and cfq_group_service_tree_add() is called with X. +12. cfq_group_service_tree_add() applies its new_weight (500) and adds it + to children_weight of root. children_weight becomes 0. Calcularion of + vfr triggers oops by divide error. + +weight should be updated right before adding it to children_weight. + +Reported-by: Ruki Sekiya +Signed-off-by: Toshiaki Makita +Acked-by: Tejun Heo +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + block/cfq-iosched.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +--- a/block/cfq-iosched.c ++++ b/block/cfq-iosched.c +@@ -1275,12 +1275,16 @@ __cfq_group_service_tree_add(struct cfq_ + static void + cfq_update_group_weight(struct cfq_group *cfqg) + { +- BUG_ON(!RB_EMPTY_NODE(&cfqg->rb_node)); +- + if (cfqg->new_weight) { + cfqg->weight = cfqg->new_weight; + cfqg->new_weight = 0; + } ++} ++ ++static void ++cfq_update_group_leaf_weight(struct cfq_group *cfqg) ++{ ++ BUG_ON(!RB_EMPTY_NODE(&cfqg->rb_node)); + + if (cfqg->new_leaf_weight) { + cfqg->leaf_weight = cfqg->new_leaf_weight; +@@ -1299,7 +1303,7 @@ cfq_group_service_tree_add(struct cfq_rb + /* add to the service tree */ + BUG_ON(!RB_EMPTY_NODE(&cfqg->rb_node)); + +- cfq_update_group_weight(cfqg); ++ cfq_update_group_leaf_weight(cfqg); + __cfq_group_service_tree_add(st, cfqg); + + /* +@@ -1323,6 +1327,7 @@ cfq_group_service_tree_add(struct cfq_rb + */ + while ((parent = cfqg_parent(pos))) { + if (propagate) { ++ cfq_update_group_weight(pos); + propagate = !parent->nr_active++; + parent->children_weight += pos->weight; + } diff --git a/queue-3.16/series b/queue-3.16/series index 8cc18e41f0c..342174ab707 100644 --- a/queue-3.16/series +++ b/queue-3.16/series @@ -51,3 +51,14 @@ i2c-rcar-fix-rcar_irq_ack_-recv-send.patch i2c-rk3x-fix-divisor-calculation-for-scl-frequency.patch i2c-ismt-use-correct-length-when-copy-buffer.patch ftrace-use-current-addr-when-converting-to-nop-in-__ftrace_replace_code.patch +trace-fix-epoll-hang-when-we-race-with-new-entries.patch +arm64-ptrace-fix-compat-hardware-watchpoint-reporting.patch +alsa-core-fix-buffer-overflow-in-snd_info_get_line.patch +alsa-dice-fix-wrong-channel-mappping-at-higher-sampling-rate.patch +alsa-firewire-lib-dice-add-arrangements-of-pcm-pointer-and-interrupts-for-dice-quirk.patch +alsa-hda-fix-digital-mic-on-acer-aspire-3830tg.patch +alsa-hda-fix-coef-setups-for-alc1150-codec.patch +alsa-hda-fix-invalid-pin-powermap-without-jack-detection.patch +alsa-hda-add-fixup-model-name-lookup-for-lemote-a1205.patch +alsa-pcm-fix-fifo_size-frame-calculation.patch +cfq-iosched-fix-wrong-children_weight-calculation.patch diff --git a/queue-3.16/trace-fix-epoll-hang-when-we-race-with-new-entries.patch b/queue-3.16/trace-fix-epoll-hang-when-we-race-with-new-entries.patch new file mode 100644 index 00000000000..8cc90124c0e --- /dev/null +++ b/queue-3.16/trace-fix-epoll-hang-when-we-race-with-new-entries.patch @@ -0,0 +1,56 @@ +From 4ce97dbf50245227add17c83d87dc838e7ca79d0 Mon Sep 17 00:00:00 2001 +From: Josef Bacik +Date: Mon, 25 Aug 2014 13:59:41 -0400 +Subject: trace: Fix epoll hang when we race with new entries + +From: Josef Bacik + +commit 4ce97dbf50245227add17c83d87dc838e7ca79d0 upstream. + +Epoll on trace_pipe can sometimes hang in a weird case. If the ring buffer is +empty when we set waiters_pending but an event shows up exactly at that moment +we can miss being woken up by the ring buffers irq work. Since +ring_buffer_empty() is inherently racey we will sometimes think that the buffer +is not empty. So we don't get woken up and we don't think there are any events +even though there were some ready when we added the watch, which makes us hang. +This patch fixes this by making sure that we are actually on the wait list +before we set waiters_pending, and add a memory barrier to make sure +ring_buffer_empty() is going to be correct. + +Link: http://lkml.kernel.org/p/1408989581-23727-1-git-send-email-jbacik@fb.com + +Cc: Martin Lau +Signed-off-by: Josef Bacik +Signed-off-by: Steven Rostedt +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/ring_buffer.c | 16 +++++++++++++++- + 1 file changed, 15 insertions(+), 1 deletion(-) + +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -626,8 +626,22 @@ int ring_buffer_poll_wait(struct ring_bu + work = &cpu_buffer->irq_work; + } + +- work->waiters_pending = true; + poll_wait(filp, &work->waiters, poll_table); ++ work->waiters_pending = true; ++ /* ++ * There's a tight race between setting the waiters_pending and ++ * checking if the ring buffer is empty. Once the waiters_pending bit ++ * is set, the next event will wake the task up, but we can get stuck ++ * if there's only a single event in. ++ * ++ * FIXME: Ideally, we need a memory barrier on the writer side as well, ++ * but adding a memory barrier to all events will cause too much of a ++ * performance hit in the fast path. We only need a memory barrier when ++ * the buffer goes from empty to having content. But as this race is ++ * extremely small, and it's not a problem if another event comes in, we ++ * will fix it later. ++ */ ++ smp_mb(); + + if ((cpu == RING_BUFFER_ALL_CPUS && !ring_buffer_empty(buffer)) || + (cpu != RING_BUFFER_ALL_CPUS && !ring_buffer_empty_cpu(buffer, cpu)))