From 0212f648ed34fb62cdf23f974ee5b9a656546db0 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 22 Feb 2013 15:40:58 -0800
Subject: [PATCH] 3.0-stable patches

added patches:
	alsa-ali5451-remove-irq-enabling-in-pointer-callback.patch
	alsa-rme32.c-irq-enabling-after-spin_lock_irq.patch
	hrtimer-prevent-hrtimer_enqueue_reprogram-race.patch
---
 ...ove-irq-enabling-in-pointer-callback.patch | 34 +++++++
 ...2.c-irq-enabling-after-spin_lock_irq.patch | 35 +++++++
 ...event-hrtimer_enqueue_reprogram-race.patch | 94 +++++++++++++++++++
 queue-3.0/series                              |  3 +
 4 files changed, 166 insertions(+)
 create mode 100644 queue-3.0/alsa-ali5451-remove-irq-enabling-in-pointer-callback.patch
 create mode 100644 queue-3.0/alsa-rme32.c-irq-enabling-after-spin_lock_irq.patch
 create mode 100644 queue-3.0/hrtimer-prevent-hrtimer_enqueue_reprogram-race.patch

diff --git a/queue-3.0/alsa-ali5451-remove-irq-enabling-in-pointer-callback.patch b/queue-3.0/alsa-ali5451-remove-irq-enabling-in-pointer-callback.patch
new file mode 100644
index 00000000000..e3c5330a09e
--- /dev/null
+++ b/queue-3.0/alsa-ali5451-remove-irq-enabling-in-pointer-callback.patch
@@ -0,0 +1,34 @@
+From dacae5a19b4cbe1b5e3a86de23ea74cbe9ec9652 Mon Sep 17 00:00:00 2001
+From: Denis Efremov <yefremov.denis@gmail.com>
+Date: Mon, 11 Feb 2013 19:49:48 +0400
+Subject: ALSA: ali5451: remove irq enabling in pointer callback
+
+From: Denis Efremov <yefremov.denis@gmail.com>
+
+commit dacae5a19b4cbe1b5e3a86de23ea74cbe9ec9652 upstream.
+
+snd_ali_pointer function is called with local
+interrupts disabled. However it seems very strange to
+reenable them in such way.
+
+Found by Linux Driver Verification project (linuxtesting.org).
+
+Signed-off-by: Denis Efremov <yefremov.denis@gmail.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/ali5451/ali5451.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/pci/ali5451/ali5451.c
++++ b/sound/pci/ali5451/ali5451.c
+@@ -1435,7 +1435,7 @@ static snd_pcm_uframes_t snd_ali_pointer
+ 
+ 	spin_lock(&codec->reg_lock);
+ 	if (!pvoice->running) {
+-		spin_unlock_irq(&codec->reg_lock);
++		spin_unlock(&codec->reg_lock);
+ 		return 0;
+ 	}
+ 	outb(pvoice->number, ALI_REG(codec, ALI_GC_CIR));
diff --git a/queue-3.0/alsa-rme32.c-irq-enabling-after-spin_lock_irq.patch b/queue-3.0/alsa-rme32.c-irq-enabling-after-spin_lock_irq.patch
new file mode 100644
index 00000000000..534a8466777
--- /dev/null
+++ b/queue-3.0/alsa-rme32.c-irq-enabling-after-spin_lock_irq.patch
@@ -0,0 +1,35 @@
+From f49a59c4471d81a233e09dda45187cc44fda009d Mon Sep 17 00:00:00 2001
+From: Denis Efremov <yefremov.denis@gmail.com>
+Date: Mon, 11 Feb 2013 19:04:06 +0400
+Subject: ALSA: rme32.c irq enabling after spin_lock_irq
+
+From: Denis Efremov <yefremov.denis@gmail.com>
+
+commit f49a59c4471d81a233e09dda45187cc44fda009d upstream.
+
+According to the other code in this driver and similar
+code in rme96 it seems, that spin_lock_irq in
+snd_rme32_capture_close function should be paired
+with spin_unlock_irq.
+
+Found by Linux Driver Verification project (linuxtesting.org).
+
+Signed-off-by: Denis Efremov <yefremov.denis@gmail.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/rme32.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/pci/rme32.c
++++ b/sound/pci/rme32.c
+@@ -1017,7 +1017,7 @@ static int snd_rme32_capture_close(struc
+ 	spin_lock_irq(&rme32->lock);
+ 	rme32->capture_substream = NULL;
+ 	rme32->capture_periodsize = 0;
+-	spin_unlock(&rme32->lock);
++	spin_unlock_irq(&rme32->lock);
+ 	return 0;
+ }
+ 
diff --git a/queue-3.0/hrtimer-prevent-hrtimer_enqueue_reprogram-race.patch b/queue-3.0/hrtimer-prevent-hrtimer_enqueue_reprogram-race.patch
new file mode 100644
index 00000000000..f4c8a4132e1
--- /dev/null
+++ b/queue-3.0/hrtimer-prevent-hrtimer_enqueue_reprogram-race.patch
@@ -0,0 +1,94 @@
+From b22affe0aef429d657bc6505aacb1c569340ddd2 Mon Sep 17 00:00:00 2001
+From: Leonid Shatz <leonid.shatz@ravellosystems.com>
+Date: Mon, 4 Feb 2013 14:33:37 +0200
+Subject: hrtimer: Prevent hrtimer_enqueue_reprogram race
+
+From: Leonid Shatz <leonid.shatz@ravellosystems.com>
+
+commit b22affe0aef429d657bc6505aacb1c569340ddd2 upstream.
+
+hrtimer_enqueue_reprogram contains a race which could result in
+timer.base switch during unlock/lock sequence.
+
+hrtimer_enqueue_reprogram is releasing the lock protecting the timer
+base for calling raise_softirq_irqsoff() due to a lock ordering issue
+versus rq->lock.
+
+If during that time another CPU calls __hrtimer_start_range_ns() on
+the same hrtimer, the timer base might switch, before the current CPU
+can lock base->lock again and therefor the unlock_timer_base() call
+will unlock the wrong lock.
+
+[ tglx: Added comment and massaged changelog ]
+
+Signed-off-by: Leonid Shatz <leonid.shatz@ravellosystems.com>
+Signed-off-by: Izik Eidus <izik.eidus@ravellosystems.com>
+Cc: Andrea Arcangeli <aarcange@redhat.com>
+Link: http://lkml.kernel.org/r/1359981217-389-1-git-send-email-izik.eidus@ravellosystems.com
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/hrtimer.c |   36 ++++++++++++++++++------------------
+ 1 file changed, 18 insertions(+), 18 deletions(-)
+
+--- a/kernel/hrtimer.c
++++ b/kernel/hrtimer.c
+@@ -640,21 +640,9 @@ static inline void hrtimer_init_hres(str
+  * and expiry check is done in the hrtimer_interrupt or in the softirq.
+  */
+ static inline int hrtimer_enqueue_reprogram(struct hrtimer *timer,
+-					    struct hrtimer_clock_base *base,
+-					    int wakeup)
++					    struct hrtimer_clock_base *base)
+ {
+-	if (base->cpu_base->hres_active && hrtimer_reprogram(timer, base)) {
+-		if (wakeup) {
+-			raw_spin_unlock(&base->cpu_base->lock);
+-			raise_softirq_irqoff(HRTIMER_SOFTIRQ);
+-			raw_spin_lock(&base->cpu_base->lock);
+-		} else
+-			__raise_softirq_irqoff(HRTIMER_SOFTIRQ);
+-
+-		return 1;
+-	}
+-
+-	return 0;
++	return base->cpu_base->hres_active && hrtimer_reprogram(timer, base);
+ }
+ 
+ static inline ktime_t hrtimer_update_base(struct hrtimer_cpu_base *base)
+@@ -735,8 +723,7 @@ static inline int hrtimer_switch_to_hres
+ static inline void
+ hrtimer_force_reprogram(struct hrtimer_cpu_base *base, int skip_equal) { }
+ static inline int hrtimer_enqueue_reprogram(struct hrtimer *timer,
+-					    struct hrtimer_clock_base *base,
+-					    int wakeup)
++					    struct hrtimer_clock_base *base)
+ {
+ 	return 0;
+ }
+@@ -995,8 +982,21 @@ int __hrtimer_start_range_ns(struct hrti
+ 	 *
+ 	 * XXX send_remote_softirq() ?
+ 	 */
+-	if (leftmost && new_base->cpu_base == &__get_cpu_var(hrtimer_bases))
+-		hrtimer_enqueue_reprogram(timer, new_base, wakeup);
++	if (leftmost && new_base->cpu_base == &__get_cpu_var(hrtimer_bases)
++		&& hrtimer_enqueue_reprogram(timer, new_base)) {
++		if (wakeup) {
++			/*
++			 * We need to drop cpu_base->lock to avoid a
++			 * lock ordering issue vs. rq->lock.
++			 */
++			raw_spin_unlock(&new_base->cpu_base->lock);
++			raise_softirq_irqoff(HRTIMER_SOFTIRQ);
++			local_irq_restore(flags);
++			return ret;
++		} else {
++			__raise_softirq_irqoff(HRTIMER_SOFTIRQ);
++		}
++	}
+ 
+ 	unlock_hrtimer_base(timer, &flags);
+ 
diff --git a/queue-3.0/series b/queue-3.0/series
index b1dc1b8c026..a61b1d2bb8a 100644
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -3,3 +3,6 @@ mm-fix-pageblock-bitmap-allocation.patch
 timeconst.pl-eliminate-perl-warning.patch
 genirq-avoid-deadlock-in-spurious-handling.patch
 posix-cpu-timers-fix-nanosleep-task_struct-leak.patch
+hrtimer-prevent-hrtimer_enqueue_reprogram-race.patch
+alsa-ali5451-remove-irq-enabling-in-pointer-callback.patch
+alsa-rme32.c-irq-enabling-after-spin_lock_irq.patch
-- 
2.47.3