From 49f8aecfcec656913c424065032e90ab6b3ea034 Mon Sep 17 00:00:00 2001
From: Andreas Monzner <andreas.monzner@dream-property.net>
Date: Thu, 9 Feb 2012 00:15:52 +0100
Subject: [PATCH] linux-opendreambox-2.6.18: backported needed futex fix ..
 this fixes deadlocks during media playback and other multithreaded code

---
 ...x-possible-hang-in-LL-SC-futex-loops.patch | 85 +++++++++++++++++++
 recipes/linux/linux-opendreambox-2.6.18.inc   |  3 +-
 2 files changed, 87 insertions(+), 1 deletion(-)
 create mode 100644 recipes/linux/files/opendreambox/0001-MIPS-Fix-possible-hang-in-LL-SC-futex-loops.patch

diff --git a/recipes/linux/files/opendreambox/0001-MIPS-Fix-possible-hang-in-LL-SC-futex-loops.patch b/recipes/linux/files/opendreambox/0001-MIPS-Fix-possible-hang-in-LL-SC-futex-loops.patch
new file mode 100644
index 0000000000..60f178f65d
--- /dev/null
+++ b/recipes/linux/files/opendreambox/0001-MIPS-Fix-possible-hang-in-LL-SC-futex-loops.patch
@@ -0,0 +1,85 @@
+From 1532c32748658850d7d8b570187165c8bcb9858e Mon Sep 17 00:00:00 2001
+From: Ralf Baechle <ralf@linux-mips.org>
+Date: Tue, 20 Nov 2007 10:44:18 +0000
+Subject: [PATCH] [MIPS] Fix possible hang in LL/SC futex loops.
+
+The LL / SC loops in __futex_atomic_op() have the usual fixups necessary
+for memory acccesses to userspace from kernel space installed:
+
+        __asm__ __volatile__(
+        "       .set    push                            \n"
+        "       .set    noat                            \n"
+        "       .set    mips3                           \n"
+        "1:     ll      %1, %4  # __futex_atomic_op     \n"
+        "       .set    mips0                           \n"
+        "       " insn  "                               \n"
+        "       .set    mips3                           \n"
+        "2:     sc      $1, %2                          \n"
+        "       beqz    $1, 1b                          \n"
+        __WEAK_LLSC_MB
+        "3:                                             \n"
+        "       .set    pop                             \n"
+        "       .set    mips0                           \n"
+        "       .section .fixup,\"ax\"                  \n"
+        "4:     li      %0, %6                          \n"
+        "       j       2b                              \n"	<-----
+        "       .previous                               \n"
+        "       .section __ex_table,\"a\"               \n"
+        "       "__UA_ADDR "\t1b, 4b                    \n"
+        "       "__UA_ADDR "\t2b, 4b                    \n"
+        "       .previous                               \n"
+        : "=r" (ret), "=&r" (oldval), "=R" (*uaddr)
+        : "0" (0), "R" (*uaddr), "Jr" (oparg), "i" (-EFAULT)
+        : "memory");
+
+Notice the branch at the end of the fixup code, it goes back to the
+SC instruction.  The SC instruction took an exception so it will not have
+changed $1 so the loop will continue endless unless by coincidence the
+value to be stored from $1 happened to be zero.
+
+In case of a mappng that is valid things will obviously work and by mere
+coincidence we'll get away with it for a nonsense address too.  But as
+Kaz Kylheku <kaz@zeugmasystems.com> found if the mapping happens to
+disappear while a futex operation is running things will go wrong and the
+kernel will get stuck.
+
+Thanks to Kaz for helping me understand why futexes where going wrong and
+providing a test case.
+
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+(cherry picked from commit 3ae822ecf819860a30dabe3e0062feedfa7d416c)
+---
+ include/asm-mips/futex.h |    6 +++---
+ 1 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/include/asm-mips/futex.h b/include/asm-mips/futex.h
+index ed023ea..07d8e61 100644
+--- a/include/asm-mips/futex.h
++++ b/include/asm-mips/futex.h
+@@ -33,7 +33,7 @@
+ 		"	.set	mips0				\n"	\
+ 		"	.section .fixup,\"ax\"			\n"	\
+ 		"4:	li	%0, %6				\n"	\
+-		"	j	2b				\n"	\
++		"	j	3b				\n"	\
+ 		"	.previous				\n"	\
+ 		"	.section __ex_table,\"a\"		\n"	\
+ 		"	"__UA_ADDR "\t1b, 4b			\n"	\
+@@ -59,7 +59,7 @@
+ 		"	.set	mips0				\n"	\
+ 		"	.section .fixup,\"ax\"			\n"	\
+ 		"4:	li	%0, %6				\n"	\
+-		"	j	2b				\n"	\
++		"	j	3b				\n"	\
+ 		"	.previous				\n"	\
+ 		"	.section __ex_table,\"a\"		\n"	\
+ 		"	"__UA_ADDR "\t1b, 4b			\n"	\
+@@ -198,4 +198,4 @@ futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval, int newval)
+ }
+ 
+ #endif
+-#endif
++#endif /* _ASM_FUTEX_H */
+-- 
+1.7.9
+
diff --git a/recipes/linux/linux-opendreambox-2.6.18.inc b/recipes/linux/linux-opendreambox-2.6.18.inc
index 74daac4f1a..e498ec7bc1 100644
--- a/recipes/linux/linux-opendreambox-2.6.18.inc
+++ b/recipes/linux/linux-opendreambox-2.6.18.inc
@@ -1,7 +1,7 @@
 require linux-opendreambox.inc
 
 SRCREV = "ac6cc9511a5f70eaa584c63fc5c3de33cae1d0e7"
-PR_INC = "r17"
+PR_INC = "r18"
 
 RREPLACES_kernel = "kernel-2.6.18-7.1-${MACHINE}"
 RCONFLICTS_kernel = "kernel-2.6.18-7.1-${MACHINE}"
@@ -22,6 +22,7 @@ SRC_URI += " http://trappist.elis.ugent.be/~mronsse/cdfs/download/cdfs-2.6.18.ta
 	file://stblinux-2.6.18-brcmnand-fixed-dm7020hd-oob-write-op.patch;patch=1 \
 	file://stblinux-2.6.18-libata-revert-no-more-needed-change.patch;patch=1 \
 	file://stblinux-2.6.18-libata-hdd-spinup-workaround.patch;patch=1 \
+	file://0001-MIPS-Fix-possible-hang-in-LL-SC-futex-loops.patch;patch=1 \
 "
 
 do_configure_prepend() {
-- 
2.20.1