--- /dev/null
+From 98682063549bedd6e2d2b6b7222f150c6fbce68c Mon Sep 17 00:00:00 2001
+From: Dylan Reid <dgreid@chromium.org>
+Date: Tue, 16 Apr 2013 20:02:34 -0700
+Subject: ASoC: max98088: Fix logging of hardware revision.
+
+From: Dylan Reid <dgreid@chromium.org>
+
+commit 98682063549bedd6e2d2b6b7222f150c6fbce68c upstream.
+
+The hardware revision of the codec is based at 0x40. Subtract that
+before convering to ASCII. The same as it is done for 98095.
+
+Signed-off-by: Dylan Reid <dgreid@chromium.org>
+Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/codecs/max98088.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/soc/codecs/max98088.c
++++ b/sound/soc/codecs/max98088.c
+@@ -1998,7 +1998,7 @@ static int max98088_probe(struct snd_soc
+ ret);
+ goto err_access;
+ }
+- dev_info(codec->dev, "revision %c\n", ret + 'A');
++ dev_info(codec->dev, "revision %c\n", ret - 0x40 + 'A');
+
+ snd_soc_write(codec, M98088_REG_51_PWR_SYS, M98088_PWRSV);
+
--- /dev/null
+From 3ac1707a13a3da9cfc8f242a15b2fae6df2c5f88 Mon Sep 17 00:00:00 2001
+From: Li Zefan <lizefan@huawei.com>
+Date: Tue, 12 Mar 2013 15:36:00 -0700
+Subject: cgroup: fix an off-by-one bug which may trigger BUG_ON()
+
+From: Li Zefan <lizefan@huawei.com>
+
+commit 3ac1707a13a3da9cfc8f242a15b2fae6df2c5f88 upstream.
+
+The 3rd parameter of flex_array_prealloc() is the number of elements,
+not the index of the last element.
+
+The effect of the bug is, when opening cgroup.procs, a flex array will
+be allocated and all elements of the array is allocated with
+GFP_KERNEL flag, but the last one is GFP_ATOMIC, and if we fail to
+allocate memory for it, it'll trigger a BUG_ON().
+
+Signed-off-by: Li Zefan <lizefan@huawei.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/cgroup.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/cgroup.c
++++ b/kernel/cgroup.c
+@@ -2026,7 +2026,7 @@ int cgroup_attach_proc(struct cgroup *cg
+ if (!group)
+ return -ENOMEM;
+ /* pre-allocate to guarantee space while iterating in rcu read-side. */
+- retval = flex_array_prealloc(group, 0, group_size - 1, GFP_KERNEL);
++ retval = flex_array_prealloc(group, 0, group_size, GFP_KERNEL);
+ if (retval)
+ goto out_free_group_list;
+
--- /dev/null
+From 6f7a05d7018de222e40ca003721037a530979974 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Thu, 25 Apr 2013 11:45:53 +0200
+Subject: clockevents: Set dummy handler on CPU_DEAD shutdown
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit 6f7a05d7018de222e40ca003721037a530979974 upstream.
+
+Vitaliy reported that a per cpu HPET timer interrupt crashes the
+system during hibernation. What happens is that the per cpu HPET timer
+gets shut down when the nonboot cpus are stopped. When the nonboot
+cpus are onlined again the HPET code sets up the MSI interrupt which
+fires before the clock event device is registered. The event handler
+is still set to hrtimer_interrupt, which then crashes the machine due
+to highres mode not being active.
+
+See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700333
+
+There is no real good way to avoid that in the HPET code. The HPET
+code alrady has a mechanism to detect spurious interrupts when event
+handler == NULL for a similar reason.
+
+We can handle that in the clockevent/tick layer and replace the
+previous functional handler with a dummy handler like we do in
+tick_setup_new_device().
+
+The original clockevents code did this in clockevents_exchange_device(),
+but that got removed by commit 7c1e76897 (clockevents: prevent
+clockevent event_handler ending up handler_noop) which forgot to fix
+it up in tick_shutdown(). Same issue with the broadcast device.
+
+Reported-by: Vitaliy Fillipov <vitalif@yourcmc.ru>
+Cc: Ben Hutchings <ben@decadent.org.uk>
+Cc: 700333@bugs.debian.org
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/time/tick-broadcast.c | 4 ++++
+ kernel/time/tick-common.c | 1 +
+ 2 files changed, 5 insertions(+)
+
+--- a/kernel/time/tick-broadcast.c
++++ b/kernel/time/tick-broadcast.c
+@@ -66,6 +66,8 @@ static void tick_broadcast_start_periodi
+ */
+ int tick_check_broadcast_device(struct clock_event_device *dev)
+ {
++ struct clock_event_device *cur = tick_broadcast_device.evtdev;
++
+ if ((dev->features & CLOCK_EVT_FEAT_DUMMY) ||
+ (tick_broadcast_device.evtdev &&
+ tick_broadcast_device.evtdev->rating >= dev->rating) ||
+@@ -73,6 +75,8 @@ int tick_check_broadcast_device(struct c
+ return 0;
+
+ clockevents_exchange_device(tick_broadcast_device.evtdev, dev);
++ if (cur)
++ cur->event_handler = clockevents_handle_noop;
+ tick_broadcast_device.evtdev = dev;
+ if (!cpumask_empty(tick_get_broadcast_mask()))
+ tick_broadcast_start_periodic(dev);
+--- a/kernel/time/tick-common.c
++++ b/kernel/time/tick-common.c
+@@ -323,6 +323,7 @@ static void tick_shutdown(unsigned int *
+ */
+ dev->mode = CLOCK_EVT_MODE_UNUSED;
+ clockevents_exchange_device(dev, NULL);
++ dev->event_handler = clockevents_handle_noop;
+ td->evtdev = NULL;
+ }
+ raw_spin_unlock_irqrestore(&tick_device_lock, flags);
--- /dev/null
+From e005715efaf674660ae59af83b13822567e3a758 Mon Sep 17 00:00:00 2001
+From: Derek Basehore <dbasehore@chromium.org>
+Date: Mon, 29 Apr 2013 16:20:23 -0700
+Subject: drivers/rtc/rtc-cmos.c: don't disable hpet emulation on suspend
+
+From: Derek Basehore <dbasehore@chromium.org>
+
+commit e005715efaf674660ae59af83b13822567e3a758 upstream.
+
+There's a bug where rtc alarms are ignored after the rtc cmos suspends
+but before the system finishes suspend. Since hpet emulation is
+disabled and it still handles the interrupts, a wake event is never
+registered which is done from the rtc layer.
+
+This patch reverts commit d1b2efa83fbf ("rtc: disable hpet emulation on
+suspend") which disabled hpet emulation. To fix the problem mentioned
+in that commit, hpet_rtc_timer_init() is called directly on resume.
+
+Signed-off-by: Derek Basehore <dbasehore@chromium.org>
+Cc: Maxim Levitsky <maximlevitsky@gmail.com>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Ingo Molnar <mingo@elte.hu>
+Cc: "Rafael J. Wysocki" <rjw@sisk.pl>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/rtc/rtc-cmos.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/rtc/rtc-cmos.c
++++ b/drivers/rtc/rtc-cmos.c
+@@ -805,9 +805,8 @@ static int cmos_suspend(struct device *d
+ mask = RTC_IRQMASK;
+ tmp &= ~mask;
+ CMOS_WRITE(tmp, RTC_CONTROL);
++ hpet_mask_rtc_irq_bit(mask);
+
+- /* shut down hpet emulation - we don't need it for alarm */
+- hpet_mask_rtc_irq_bit(RTC_PIE|RTC_AIE|RTC_UIE);
+ cmos_checkintr(cmos, tmp);
+ }
+ spin_unlock_irq(&rtc_lock);
+@@ -872,6 +871,7 @@ static int cmos_resume(struct device *de
+ rtc_update_irq(cmos->rtc, 1, mask);
+ tmp &= ~RTC_AIE;
+ hpet_mask_rtc_irq_bit(RTC_AIE);
++ hpet_rtc_timer_init();
+ } while (mask & RTC_AIE);
+ spin_unlock_irq(&rtc_lock);
+ }
--- /dev/null
+From 8f294b5a139ee4b75e890ad5b443c93d1e558a8b Mon Sep 17 00:00:00 2001
+From: Prarit Bhargava <prarit@redhat.com>
+Date: Mon, 8 Apr 2013 08:47:15 -0400
+Subject: hrtimer: Add expiry time overflow check in hrtimer_interrupt
+
+From: Prarit Bhargava <prarit@redhat.com>
+
+commit 8f294b5a139ee4b75e890ad5b443c93d1e558a8b upstream.
+
+The settimeofday01 test in the LTP testsuite effectively does
+
+ gettimeofday(current time);
+ settimeofday(Jan 1, 1970 + 100 seconds);
+ settimeofday(current time);
+
+This test causes a stack trace to be displayed on the console during the
+setting of timeofday to Jan 1, 1970 + 100 seconds:
+
+[ 131.066751] ------------[ cut here ]------------
+[ 131.096448] WARNING: at kernel/time/clockevents.c:209 clockevents_program_event+0x135/0x140()
+[ 131.104935] Hardware name: Dinar
+[ 131.108150] Modules linked in: sg nfsv3 nfs_acl nfsv4 auth_rpcgss nfs dns_resolver fscache lockd sunrpc nf_conntrack_netbios_ns nf_conntrack_broadcast ipt_MASQUERADE ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 iptable_nat nf_nat_ipv4 nf_nat iptable_mangle ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables kvm_amd kvm sp5100_tco bnx2 i2c_piix4 crc32c_intel k10temp fam15h_power ghash_clmulni_intel amd64_edac_mod pcspkr serio_raw edac_mce_amd edac_core microcode xfs libcrc32c sr_mod sd_mod cdrom ata_generic crc_t10dif pata_acpi radeon i2c_algo_bit drm_kms_helper ttm drm ahci pata_atiixp libahci libata usb_storage i2c_core dm_mirror dm_region_hash dm_log dm_mod
+[ 131.176784] Pid: 0, comm: swapper/28 Not tainted 3.8.0+ #6
+[ 131.182248] Call Trace:
+[ 131.184684] <IRQ> [<ffffffff810612af>] warn_slowpath_common+0x7f/0xc0
+[ 131.191312] [<ffffffff8106130a>] warn_slowpath_null+0x1a/0x20
+[ 131.197131] [<ffffffff810b9fd5>] clockevents_program_event+0x135/0x140
+[ 131.203721] [<ffffffff810bb584>] tick_program_event+0x24/0x30
+[ 131.209534] [<ffffffff81089ab1>] hrtimer_interrupt+0x131/0x230
+[ 131.215437] [<ffffffff814b9600>] ? cpufreq_p4_target+0x130/0x130
+[ 131.221509] [<ffffffff81619119>] smp_apic_timer_interrupt+0x69/0x99
+[ 131.227839] [<ffffffff8161805d>] apic_timer_interrupt+0x6d/0x80
+[ 131.233816] <EOI> [<ffffffff81099745>] ? sched_clock_cpu+0xc5/0x120
+[ 131.240267] [<ffffffff814b9ff0>] ? cpuidle_wrap_enter+0x50/0xa0
+[ 131.246252] [<ffffffff814b9fe9>] ? cpuidle_wrap_enter+0x49/0xa0
+[ 131.252238] [<ffffffff814ba050>] cpuidle_enter_tk+0x10/0x20
+[ 131.257877] [<ffffffff814b9c89>] cpuidle_idle_call+0xa9/0x260
+[ 131.263692] [<ffffffff8101c42f>] cpu_idle+0xaf/0x120
+[ 131.268727] [<ffffffff815f8971>] start_secondary+0x255/0x257
+[ 131.274449] ---[ end trace 1151a50552231615 ]---
+
+When we change the system time to a low value like this, the value of
+timekeeper->offs_real will be a negative value.
+
+It seems that the WARN occurs because an hrtimer has been started in the time
+between the releasing of the timekeeper lock and the IPI call (via a call to
+on_each_cpu) in clock_was_set() in the do_settimeofday() code. The end result
+is that a REALTIME_CLOCK timer has been added with softexpires = expires =
+KTIME_MAX. The hrtimer_interrupt() fires/is called and the loop at
+kernel/hrtimer.c:1289 is executed. In this loop the code subtracts the
+clock base's offset (which was set to timekeeper->offs_real in
+do_settimeofday()) from the current hrtimer_cpu_base->expiry value (which
+was KTIME_MAX):
+
+ KTIME_MAX - (a negative value) = overflow
+
+A simple check for an overflow can resolve this problem. Using KTIME_MAX
+instead of the overflow value will result in the hrtimer function being run,
+and the reprogramming of the timer after that.
+
+Reviewed-by: Rik van Riel <riel@redhat.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Prarit Bhargava <prarit@redhat.com>
+[jstultz: Tweaked commit subject]
+Signed-off-by: John Stultz <john.stultz@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/hrtimer.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/kernel/hrtimer.c
++++ b/kernel/hrtimer.c
+@@ -1312,6 +1312,8 @@ retry:
+
+ expires = ktime_sub(hrtimer_get_expires(timer),
+ base->offset);
++ if (expires.tv64 < 0)
++ expires.tv64 = KTIME_MAX;
+ if (expires.tv64 < expires_next.tv64)
+ expires_next = expires;
+ break;
--- /dev/null
+From 51fd36f3fad8447c487137ae26b9d0b3ce77bb25 Mon Sep 17 00:00:00 2001
+From: David Engraf <david.engraf@sysgo.com>
+Date: Tue, 19 Mar 2013 13:29:55 +0100
+Subject: hrtimer: Fix ktime_add_ns() overflow on 32bit architectures
+
+From: David Engraf <david.engraf@sysgo.com>
+
+commit 51fd36f3fad8447c487137ae26b9d0b3ce77bb25 upstream.
+
+One can trigger an overflow when using ktime_add_ns() on a 32bit
+architecture not supporting CONFIG_KTIME_SCALAR.
+
+When passing a very high value for u64 nsec, e.g. 7881299347898368000
+the do_div() function converts this value to seconds (7881299347) which
+is still to high to pass to the ktime_set() function as long. The result
+in is a negative value.
+
+The problem on my system occurs in the tick-sched.c,
+tick_nohz_stop_sched_tick() when time_delta is set to
+timekeeping_max_deferment(). The check for time_delta < KTIME_MAX is
+valid, thus ktime_add_ns() is called with a too large value resulting in
+a negative expire value. This leads to an endless loop in the ticker code:
+
+time_delta: 7881299347898368000
+expires = ktime_add_ns(last_update, time_delta)
+expires: negative value
+
+This fix caps the value to KTIME_MAX.
+
+This error doesn't occurs on 64bit or architectures supporting
+CONFIG_KTIME_SCALAR (e.g. ARM, x86-32).
+
+Signed-off-by: David Engraf <david.engraf@sysgo.com>
+[jstultz: Minor tweaks to commit message & header]
+Signed-off-by: John Stultz <john.stultz@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/hrtimer.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/kernel/hrtimer.c
++++ b/kernel/hrtimer.c
+@@ -298,6 +298,10 @@ ktime_t ktime_sub_ns(const ktime_t kt, u
+ } else {
+ unsigned long rem = do_div(nsec, NSEC_PER_SEC);
+
++ /* Make sure nsec fits into long */
++ if (unlikely(nsec > KTIME_SEC_MAX))
++ return (ktime_t){ .tv64 = KTIME_MAX };
++
+ tmp = ktime_set((long)nsec, rem);
+ }
+
--- /dev/null
+From d69f3bad4675ac519d41ca2b11e1c00ca115cecd Mon Sep 17 00:00:00 2001
+From: Robin Holt <holt@sgi.com>
+Date: Tue, 30 Apr 2013 19:15:54 -0700
+Subject: ipc: sysv shared memory limited to 8TiB
+
+From: Robin Holt <holt@sgi.com>
+
+commit d69f3bad4675ac519d41ca2b11e1c00ca115cecd upstream.
+
+Trying to run an application which was trying to put data into half of
+memory using shmget(), we found that having a shmall value below 8EiB-8TiB
+would prevent us from using anything more than 8TiB. By setting
+kernel.shmall greater than 8EiB-8TiB would make the job work.
+
+In the newseg() function, ns->shm_tot which, at 8TiB is INT_MAX.
+
+ipc/shm.c:
+ 458 static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
+ 459 {
+...
+ 465 int numpages = (size + PAGE_SIZE -1) >> PAGE_SHIFT;
+...
+ 474 if (ns->shm_tot + numpages > ns->shm_ctlall)
+ 475 return -ENOSPC;
+
+[akpm@linux-foundation.org: make ipc/shm.c:newseg()'s numpages size_t, not int]
+Signed-off-by: Robin Holt <holt@sgi.com>
+Reported-by: Alex Thorlton <athorlton@sgi.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/ipc_namespace.h | 2 +-
+ ipc/shm.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/include/linux/ipc_namespace.h
++++ b/include/linux/ipc_namespace.h
+@@ -42,8 +42,8 @@ struct ipc_namespace {
+
+ size_t shm_ctlmax;
+ size_t shm_ctlall;
++ unsigned long shm_tot;
+ int shm_ctlmni;
+- int shm_tot;
+
+ struct notifier_block ipcns_nb;
+
+--- a/ipc/shm.c
++++ b/ipc/shm.c
+@@ -343,7 +343,7 @@ static int newseg(struct ipc_namespace *
+ size_t size = params->u.size;
+ int error;
+ struct shmid_kernel *shp;
+- int numpages = (size + PAGE_SIZE -1) >> PAGE_SHIFT;
++ size_t numpages = (size + PAGE_SIZE - 1) >> PAGE_SHIFT;
+ struct file * file;
+ char name[13];
+ int id;
--- /dev/null
+From 1dfd89af8697a299e7982ae740d4695ecd917eef Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Sun, 21 Apr 2013 18:01:06 -0400
+Subject: LOCKD: Ensure that nlmclnt_block resets block->b_status after a server reboot
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+commit 1dfd89af8697a299e7982ae740d4695ecd917eef upstream.
+
+After a server reboot, the reclaimer thread will recover all the existing
+locks. For locks that are blocked, however, it will change the value
+of block->b_status to nlm_lck_denied_grace_period in order to signal that
+they need to wake up and resend the original blocking lock request.
+
+Due to a bug, however, the block->b_status never gets reset after the
+blocked locks have been woken up, and so the process goes into an
+infinite loop of resends until the blocked lock is satisfied.
+
+Reported-by: Marc Eshel <eshel@us.ibm.com>
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/lockd/clntlock.c | 3 +++
+ fs/lockd/clntproc.c | 3 ---
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/fs/lockd/clntlock.c
++++ b/fs/lockd/clntlock.c
+@@ -141,6 +141,9 @@ int nlmclnt_block(struct nlm_wait *block
+ timeout);
+ if (ret < 0)
+ return -ERESTARTSYS;
++ /* Reset the lock status after a server reboot so we resend */
++ if (block->b_status == nlm_lck_denied_grace_period)
++ block->b_status = nlm_lck_blocked;
+ req->a_res.status = block->b_status;
+ return 0;
+ }
+--- a/fs/lockd/clntproc.c
++++ b/fs/lockd/clntproc.c
+@@ -550,9 +550,6 @@ again:
+ status = nlmclnt_block(block, req, NLMCLNT_POLL_TIMEOUT);
+ if (status < 0)
+ break;
+- /* Resend the blocking lock request after a server reboot */
+- if (resp->status == nlm_lck_denied_grace_period)
+- continue;
+ if (resp->status != nlm_lck_blocked)
+ break;
+ }
--- /dev/null
+From bf8d909705e9d9bac31d9b8eac6734d2b51332a7 Mon Sep 17 00:00:00 2001
+From: Bryan Schumaker <bjschuma@netapp.com>
+Date: Fri, 19 Apr 2013 16:09:38 -0400
+Subject: nfsd: Decode and send 64bit time values
+
+From: Bryan Schumaker <bjschuma@netapp.com>
+
+commit bf8d909705e9d9bac31d9b8eac6734d2b51332a7 upstream.
+
+The seconds field of an nfstime4 structure is 64bit, but we are assuming
+that the first 32bits are zero-filled. So if the client tries to set
+atime to a value before the epoch (touch -t 196001010101), then the
+server will save the wrong value on disk.
+
+Signed-off-by: Bryan Schumaker <bjschuma@netapp.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs4xdr.c | 19 +++++--------------
+ 1 file changed, 5 insertions(+), 14 deletions(-)
+
+--- a/fs/nfsd/nfs4xdr.c
++++ b/fs/nfsd/nfs4xdr.c
+@@ -342,10 +342,7 @@ nfsd4_decode_fattr(struct nfsd4_compound
+ all 32 bits of 'nseconds'. */
+ READ_BUF(12);
+ len += 12;
+- READ32(dummy32);
+- if (dummy32)
+- return nfserr_inval;
+- READ32(iattr->ia_atime.tv_sec);
++ READ64(iattr->ia_atime.tv_sec);
+ READ32(iattr->ia_atime.tv_nsec);
+ if (iattr->ia_atime.tv_nsec >= (u32)1000000000)
+ return nfserr_inval;
+@@ -368,10 +365,7 @@ nfsd4_decode_fattr(struct nfsd4_compound
+ all 32 bits of 'nseconds'. */
+ READ_BUF(12);
+ len += 12;
+- READ32(dummy32);
+- if (dummy32)
+- return nfserr_inval;
+- READ32(iattr->ia_mtime.tv_sec);
++ READ64(iattr->ia_mtime.tv_sec);
+ READ32(iattr->ia_mtime.tv_nsec);
+ if (iattr->ia_mtime.tv_nsec >= (u32)1000000000)
+ return nfserr_inval;
+@@ -2148,8 +2142,7 @@ out_acl:
+ if (bmval1 & FATTR4_WORD1_TIME_ACCESS) {
+ if ((buflen -= 12) < 0)
+ goto out_resource;
+- WRITE32(0);
+- WRITE32(stat.atime.tv_sec);
++ WRITE64((s64)stat.atime.tv_sec);
+ WRITE32(stat.atime.tv_nsec);
+ }
+ if (bmval1 & FATTR4_WORD1_TIME_DELTA) {
+@@ -2162,15 +2155,13 @@ out_acl:
+ if (bmval1 & FATTR4_WORD1_TIME_METADATA) {
+ if ((buflen -= 12) < 0)
+ goto out_resource;
+- WRITE32(0);
+- WRITE32(stat.ctime.tv_sec);
++ WRITE64((s64)stat.ctime.tv_sec);
+ WRITE32(stat.ctime.tv_nsec);
+ }
+ if (bmval1 & FATTR4_WORD1_TIME_MODIFY) {
+ if ((buflen -= 12) < 0)
+ goto out_resource;
+- WRITE32(0);
+- WRITE32(stat.mtime.tv_sec);
++ WRITE64((s64)stat.mtime.tv_sec);
+ WRITE32(stat.mtime.tv_nsec);
+ }
+ if (bmval1 & FATTR4_WORD1_MOUNTED_ON_FILEID) {
--- /dev/null
+From 0c7c3e67ab91ec6caa44bdf1fc89a48012ceb0c5 Mon Sep 17 00:00:00 2001
+From: "J. Bruce Fields" <bfields@redhat.com>
+Date: Thu, 28 Mar 2013 20:37:14 -0400
+Subject: nfsd4: don't close read-write opens too soon
+
+From: "J. Bruce Fields" <bfields@redhat.com>
+
+commit 0c7c3e67ab91ec6caa44bdf1fc89a48012ceb0c5 upstream.
+
+Don't actually close any opens until we don't need them at all.
+
+This means being left with write access when it's not really necessary,
+but that's better than putting a file that might still have posix locks
+held on it, as we have been.
+
+Reported-by: Toralf Förster <toralf.foerster@gmx.de>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfsd/nfs4state.c | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+--- a/fs/nfsd/nfs4state.c
++++ b/fs/nfsd/nfs4state.c
+@@ -189,13 +189,7 @@ static void __nfs4_file_put_access(struc
+ {
+ if (atomic_dec_and_test(&fp->fi_access[oflag])) {
+ nfs4_file_put_fd(fp, oflag);
+- /*
+- * It's also safe to get rid of the RDWR open *if*
+- * we no longer have need of the other kind of access
+- * or if we already have the other kind of open:
+- */
+- if (fp->fi_fds[1-oflag]
+- || atomic_read(&fp->fi_access[1 - oflag]) == 0)
++ if (atomic_read(&fp->fi_access[1 - oflag]) == 0)
+ nfs4_file_put_fd(fp, O_RDWR);
+ }
+ }
--- /dev/null
+From dbb21c25a35a71baf413f5176f028ee11b88cfbc Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Mon, 1 Apr 2013 14:27:29 -0400
+Subject: NFSv4: Handle NFS4ERR_DELAY and NFS4ERR_GRACE in nfs4_lock_delegation_recall
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+commit dbb21c25a35a71baf413f5176f028ee11b88cfbc upstream.
+
+A server shouldn't normally return NFS4ERR_GRACE if the client holds a
+delegation, since no conflicting lock reclaims can be granted, however
+the spec does not require the server to grant the lock in this
+instance.
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/nfs4proc.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -4658,6 +4658,12 @@ int nfs4_lock_delegation_recall(struct n
+ */
+ err = 0;
+ goto out;
++ case -NFS4ERR_DELAY:
++ case -NFS4ERR_GRACE:
++ set_bit(NFS_DELEGATED_STATE, &state->flags);
++ ssleep(1);
++ err = -EAGAIN;
++ goto out;
+ case -ENOMEM:
+ case -NFS4ERR_DENIED:
+ /* kill_proc(fl->fl_pid, SIGLOST, 1); */
--- /dev/null
+From 8b6cc4d6f841d31f72fe7478453759166d366274 Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+Date: Mon, 1 Apr 2013 15:34:05 -0400
+Subject: NFSv4: Handle NFS4ERR_DELAY and NFS4ERR_GRACE in nfs4_open_delegation_recall
+
+From: Trond Myklebust <Trond.Myklebust@netapp.com>
+
+commit 8b6cc4d6f841d31f72fe7478453759166d366274 upstream.
+
+A server shouldn't normally return NFS4ERR_GRACE if the client holds a
+delegation, since no conflicting lock reclaims can be granted, however
+the spec does not require the server to grant the open in this
+instance
+
+Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/nfs4proc.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -1335,6 +1335,12 @@ int nfs4_open_delegation_recall(struct n
+ case -ENOMEM:
+ err = 0;
+ goto out;
++ case -NFS4ERR_DELAY:
++ case -NFS4ERR_GRACE:
++ set_bit(NFS_DELEGATED_STATE, &state->flags);
++ ssleep(1);
++ err = -EAGAIN;
++ goto out;
+ }
+ err = nfs4_handle_exception(server, err, &exception);
+ } while (exception.retry);
fs-fscache-stats.c-fix-memory-leak.patch
alsa-usb-audio-disable-autopm-for-midi-devices.patch
alsa-usb-audio-fix-autopm-error-during-probing.patch
+asoc-max98088-fix-logging-of-hardware-revision.patch
+hrtimer-fix-ktime_add_ns-overflow-on-32bit-architectures.patch
+hrtimer-add-expiry-time-overflow-check-in-hrtimer_interrupt.patch
+drivers-rtc-rtc-cmos.c-don-t-disable-hpet-emulation-on-suspend.patch
+cgroup-fix-an-off-by-one-bug-which-may-trigger-bug_on.patch
+clockevents-set-dummy-handler-on-cpu_dead-shutdown.patch
+lockd-ensure-that-nlmclnt_block-resets-block-b_status-after-a-server-reboot.patch
+nfsv4-handle-nfs4err_delay-and-nfs4err_grace-in-nfs4_lock_delegation_recall.patch
+nfsv4-handle-nfs4err_delay-and-nfs4err_grace-in-nfs4_open_delegation_recall.patch
+nfsd4-don-t-close-read-write-opens-too-soon.patch
+nfsd-decode-and-send-64bit-time-values.patch
+wireless-regulatory-fix-channel-disabling-race-condition.patch
+ipc-sysv-shared-memory-limited-to-8tib.patch
--- /dev/null
+From 990de49f74e772b6db5208457b7aa712a5f4db86 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Tue, 16 Apr 2013 14:32:26 +0200
+Subject: wireless: regulatory: fix channel disabling race condition
+
+From: Johannes Berg <johannes.berg@intel.com>
+
+commit 990de49f74e772b6db5208457b7aa712a5f4db86 upstream.
+
+When a full scan 2.4 and 5 GHz scan is scheduled, but then the 2.4 GHz
+part of the scan disables a 5.2 GHz channel due to, e.g. receiving
+country or frequency information, that 5.2 GHz channel might already
+be in the list of channels to scan next. Then, when the driver checks
+if it should do a passive scan, that will return false and attempt an
+active scan. This is not only wrong but can also lead to the iwlwifi
+device firmware crashing since it checks regulatory as well.
+
+Fix this by not setting the channel flags to just disabled but rather
+OR'ing in the disabled flag. That way, even if the race happens, the
+channel will be scanned passively which is still (mostly) correct.
+
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/reg.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/wireless/reg.c
++++ b/net/wireless/reg.c
+@@ -852,7 +852,7 @@ static void handle_channel(struct wiphy
+ return;
+
+ REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq);
+- chan->flags = IEEE80211_CHAN_DISABLED;
++ chan->flags |= IEEE80211_CHAN_DISABLED;
+ return;
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
