From 314bf5eb9144d44724471177ba331f176fb6297c Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 29 Mar 2012 17:27:59 -0700
Subject: [PATCH] 3.2-stable patches

added patches:
	compat-use-sys_sendfile64-implementation-for-sendfile-syscall.patch
	lockd-fix-arg-parsing-for-grace_period-and-timeout.patch
	nfsd-don-t-allow-zero-length-strings-in-cache_parse.patch
	rtc-provide-flag-for-rtc-devices-that-don-t-support-uie.patch
	x86-tls-off-by-one-limit-check.patch
	x86-tsc-skip-refined-tsc-calibration-on-systems-with-reliable-tsc.patch
---
 ...-implementation-for-sendfile-syscall.patch | 37 ++++++++++
 ...parsing-for-grace_period-and-timeout.patch | 38 ++++++++++
 ...w-zero-length-strings-in-cache_parse.patch | 32 +++++++++
 ...r-rtc-devices-that-don-t-support-uie.patch | 69 +++++++++++++++++++
 queue-3.2/series                              |  6 ++
 .../x86-tls-off-by-one-limit-check.patch      | 41 +++++++++++
 ...bration-on-systems-with-reliable-tsc.patch | 59 ++++++++++++++++
 7 files changed, 282 insertions(+)
 create mode 100644 queue-3.2/compat-use-sys_sendfile64-implementation-for-sendfile-syscall.patch
 create mode 100644 queue-3.2/lockd-fix-arg-parsing-for-grace_period-and-timeout.patch
 create mode 100644 queue-3.2/nfsd-don-t-allow-zero-length-strings-in-cache_parse.patch
 create mode 100644 queue-3.2/rtc-provide-flag-for-rtc-devices-that-don-t-support-uie.patch
 create mode 100644 queue-3.2/x86-tls-off-by-one-limit-check.patch
 create mode 100644 queue-3.2/x86-tsc-skip-refined-tsc-calibration-on-systems-with-reliable-tsc.patch

diff --git a/queue-3.2/compat-use-sys_sendfile64-implementation-for-sendfile-syscall.patch b/queue-3.2/compat-use-sys_sendfile64-implementation-for-sendfile-syscall.patch
new file mode 100644
index 00000000000..58437177675
--- /dev/null
+++ b/queue-3.2/compat-use-sys_sendfile64-implementation-for-sendfile-syscall.patch
@@ -0,0 +1,37 @@
+From 1631fcea8399da5e80a80084b3b8c5bfd99d21e7 Mon Sep 17 00:00:00 2001
+From: Chris Metcalf <cmetcalf@tilera.com>
+Date: Mon, 26 Mar 2012 16:26:12 -0400
+Subject: compat: use sys_sendfile64() implementation for sendfile syscall
+
+From: Chris Metcalf <cmetcalf@tilera.com>
+
+commit 1631fcea8399da5e80a80084b3b8c5bfd99d21e7 upstream.
+
+<asm-generic/unistd.h> was set up to use sys_sendfile() for the 32-bit
+compat API instead of sys_sendfile64(), but in fact the right thing to
+do is to use sys_sendfile64() in all cases.  The 32-bit sendfile64() API
+in glibc uses the sendfile64 syscall, so it has to be capable of doing
+full 64-bit operations.  But the sys_sendfile() kernel implementation
+has a MAX_NON_LFS test in it which explicitly limits the offset to 2^32.
+So, we need to use the sys_sendfile64() implementation in the kernel
+for this case.
+
+Acked-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/asm-generic/unistd.h |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/asm-generic/unistd.h
++++ b/include/asm-generic/unistd.h
+@@ -218,7 +218,7 @@ __SC_COMP(__NR_pwritev, sys_pwritev, com
+ 
+ /* fs/sendfile.c */
+ #define __NR3264_sendfile 71
+-__SC_3264(__NR3264_sendfile, sys_sendfile64, sys_sendfile)
++__SYSCALL(__NR3264_sendfile, sys_sendfile64)
+ 
+ /* fs/select.c */
+ #define __NR_pselect6 72
diff --git a/queue-3.2/lockd-fix-arg-parsing-for-grace_period-and-timeout.patch b/queue-3.2/lockd-fix-arg-parsing-for-grace_period-and-timeout.patch
new file mode 100644
index 00000000000..b3849d55623
--- /dev/null
+++ b/queue-3.2/lockd-fix-arg-parsing-for-grace_period-and-timeout.patch
@@ -0,0 +1,38 @@
+From de5b8e8e047534aac6bc9803f96e7257436aef9c Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Tue, 7 Feb 2012 15:35:42 +1100
+Subject: lockd: fix arg parsing for grace_period and timeout.
+
+From: NeilBrown <neilb@suse.de>
+
+commit de5b8e8e047534aac6bc9803f96e7257436aef9c upstream.
+
+If you try to set grace_period or timeout via a module parameter
+to lockd, and do this on a big-endian machine where
+
+   sizeof(int) != sizeof(unsigned long)
+
+it won't work.  This number given will be effectively shifted right
+by the difference in those two sizes.
+
+So cast kp->arg properly to get correct result.
+
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/lockd/svc.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/lockd/svc.c
++++ b/fs/lockd/svc.c
+@@ -440,7 +440,7 @@ static int param_set_##name(const char *
+ 	__typeof__(type) num = which_strtol(val, &endp, 0);		\
+ 	if (endp == val || *endp || num < (min) || num > (max))		\
+ 		return -EINVAL;						\
+-	*((int *) kp->arg) = num;					\
++	*((type *) kp->arg) = num;					\
+ 	return 0;							\
+ }
+ 
diff --git a/queue-3.2/nfsd-don-t-allow-zero-length-strings-in-cache_parse.patch b/queue-3.2/nfsd-don-t-allow-zero-length-strings-in-cache_parse.patch
new file mode 100644
index 00000000000..2b493bb3d57
--- /dev/null
+++ b/queue-3.2/nfsd-don-t-allow-zero-length-strings-in-cache_parse.patch
@@ -0,0 +1,32 @@
+From 6d8d17499810479eabd10731179c04b2ca22152f Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Wed, 18 Jan 2012 12:56:02 +0300
+Subject: nfsd: don't allow zero length strings in cache_parse()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 6d8d17499810479eabd10731179c04b2ca22152f upstream.
+
+There is no point in passing a zero length string here and quite a
+few of that cache_parse() implementations will Oops if count is
+zero.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/sunrpc/cache.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/sunrpc/cache.c
++++ b/net/sunrpc/cache.c
+@@ -828,6 +828,8 @@ static ssize_t cache_do_downcall(char *k
+ {
+ 	ssize_t ret;
+ 
++	if (count == 0)
++		return -EINVAL;
+ 	if (copy_from_user(kaddr, buf, count))
+ 		return -EFAULT;
+ 	kaddr[count] = '\0';
diff --git a/queue-3.2/rtc-provide-flag-for-rtc-devices-that-don-t-support-uie.patch b/queue-3.2/rtc-provide-flag-for-rtc-devices-that-don-t-support-uie.patch
new file mode 100644
index 00000000000..bb0c30df9d4
--- /dev/null
+++ b/queue-3.2/rtc-provide-flag-for-rtc-devices-that-don-t-support-uie.patch
@@ -0,0 +1,69 @@
+From 4a649903f91232d02284d53724b0a45728111767 Mon Sep 17 00:00:00 2001
+From: John Stultz <john.stultz@linaro.org>
+Date: Tue, 6 Mar 2012 17:16:09 -0800
+Subject: rtc: Provide flag for rtc devices that don't support UIE
+
+From: John Stultz <john.stultz@linaro.org>
+
+commit 4a649903f91232d02284d53724b0a45728111767 upstream.
+
+Richard Weinberger noticed that on some RTC hardware that
+doesn't support UIE mode, due to coarse granular alarms
+(like 1minute resolution), the current virtualized RTC
+support doesn't properly error out when UIE is enabled.
+
+Instead the current code queues an alarm for the next second,
+but it won't fire until up to a miniute later.
+
+This patch provides a generic way to flag this sort of hardware
+and fixes the issue on the mpc5121 where Richard noticed the
+problem.
+
+Reported-by: Richard Weinberger <richard@nod.at>
+Tested-by: Richard Weinberger <richard@nod.at>
+Signed-off-by: John Stultz <john.stultz@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/rtc/interface.c   |    5 +++++
+ drivers/rtc/rtc-mpc5121.c |    2 ++
+ include/linux/rtc.h       |    3 ++-
+ 3 files changed, 9 insertions(+), 1 deletion(-)
+
+--- a/drivers/rtc/interface.c
++++ b/drivers/rtc/interface.c
+@@ -445,6 +445,11 @@ int rtc_update_irq_enable(struct rtc_dev
+ 	if (rtc->uie_rtctimer.enabled == enabled)
+ 		goto out;
+ 
++	if (rtc->uie_unsupported) {
++		err = -EINVAL;
++		goto out;
++	}
++
+ 	if (enabled) {
+ 		struct rtc_time tm;
+ 		ktime_t now, onesec;
+--- a/drivers/rtc/rtc-mpc5121.c
++++ b/drivers/rtc/rtc-mpc5121.c
+@@ -360,6 +360,8 @@ static int __devinit mpc5121_rtc_probe(s
+ 						&mpc5200_rtc_ops, THIS_MODULE);
+ 	}
+ 
++	rtc->rtc->uie_unsupported = 1;
++
+ 	if (IS_ERR(rtc->rtc)) {
+ 		err = PTR_ERR(rtc->rtc);
+ 		goto out_free_irq;
+--- a/include/linux/rtc.h
++++ b/include/linux/rtc.h
+@@ -202,7 +202,8 @@ struct rtc_device
+ 	struct hrtimer pie_timer; /* sub second exp, so needs hrtimer */
+ 	int pie_enabled;
+ 	struct work_struct irqwork;
+-
++	/* Some hardware can't support UIE mode */
++	int uie_unsupported;
+ 
+ #ifdef CONFIG_RTC_INTF_DEV_UIE_EMUL
+ 	struct work_struct uie_task;
diff --git a/queue-3.2/series b/queue-3.2/series
index 1b56c1ac866..b2107ad6cc2 100644
--- a/queue-3.2/series
+++ b/queue-3.2/series
@@ -140,3 +140,9 @@ net-fix-napi_reuse_skb-skb-reserve.patch
 remove-printk-from-rds_sendmsg.patch
 sky2-override-for-pci-legacy-power-management.patch
 xfrm-access-the-replay-notify-functions-via-the-registered-callbacks.patch
+lockd-fix-arg-parsing-for-grace_period-and-timeout.patch
+x86-tsc-skip-refined-tsc-calibration-on-systems-with-reliable-tsc.patch
+x86-tls-off-by-one-limit-check.patch
+compat-use-sys_sendfile64-implementation-for-sendfile-syscall.patch
+rtc-provide-flag-for-rtc-devices-that-don-t-support-uie.patch
+nfsd-don-t-allow-zero-length-strings-in-cache_parse.patch
diff --git a/queue-3.2/x86-tls-off-by-one-limit-check.patch b/queue-3.2/x86-tls-off-by-one-limit-check.patch
new file mode 100644
index 00000000000..de6beb1f2ce
--- /dev/null
+++ b/queue-3.2/x86-tls-off-by-one-limit-check.patch
@@ -0,0 +1,41 @@
+From 8f0750f19789cf352d7e24a6cc50f2ab1b4f1372 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Sat, 24 Mar 2012 10:52:50 +0300
+Subject: x86, tls: Off by one limit check
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 8f0750f19789cf352d7e24a6cc50f2ab1b4f1372 upstream.
+
+These are used as offsets into an array of GDT_ENTRY_TLS_ENTRIES members
+so GDT_ENTRY_TLS_ENTRIES is one past the end of the array.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Link: http://lkml.kernel.org/r/20120324075250.GA28258@elgon.mountain
+Signed-off-by: H. Peter Anvin <hpa@zytor.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/tls.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kernel/tls.c
++++ b/arch/x86/kernel/tls.c
+@@ -163,7 +163,7 @@ int regset_tls_get(struct task_struct *t
+ {
+ 	const struct desc_struct *tls;
+ 
+-	if (pos > GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) ||
++	if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) ||
+ 	    (pos % sizeof(struct user_desc)) != 0 ||
+ 	    (count % sizeof(struct user_desc)) != 0)
+ 		return -EINVAL;
+@@ -198,7 +198,7 @@ int regset_tls_set(struct task_struct *t
+ 	struct user_desc infobuf[GDT_ENTRY_TLS_ENTRIES];
+ 	const struct user_desc *info;
+ 
+-	if (pos > GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) ||
++	if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) ||
+ 	    (pos % sizeof(struct user_desc)) != 0 ||
+ 	    (count % sizeof(struct user_desc)) != 0)
+ 		return -EINVAL;
diff --git a/queue-3.2/x86-tsc-skip-refined-tsc-calibration-on-systems-with-reliable-tsc.patch b/queue-3.2/x86-tsc-skip-refined-tsc-calibration-on-systems-with-reliable-tsc.patch
new file mode 100644
index 00000000000..75c2598827f
--- /dev/null
+++ b/queue-3.2/x86-tsc-skip-refined-tsc-calibration-on-systems-with-reliable-tsc.patch
@@ -0,0 +1,59 @@
+From 57779dc2b3b75bee05ef5d1ada47f615f7a13932 Mon Sep 17 00:00:00 2001
+From: Alok Kataria <akataria@vmware.com>
+Date: Tue, 21 Feb 2012 18:19:55 -0800
+Subject: x86, tsc: Skip refined tsc calibration on systems with reliable TSC
+
+From: Alok Kataria <akataria@vmware.com>
+
+commit 57779dc2b3b75bee05ef5d1ada47f615f7a13932 upstream.
+
+While running the latest Linux as guest under VMware in highly
+over-committed situations, we have seen cases when the refined TSC
+algorithm fails to get a valid tsc_start value in
+tsc_refine_calibration_work from multiple attempts. As a result the
+kernel keeps on scheduling the tsc_irqwork task for later. Subsequently
+after several attempts when it gets a valid start value it goes through
+the refined calibration and either bails out or uses the new results.
+Given that the kernel originally read the TSC frequency from the
+platform, which is the best it can get, I don't think there is much
+value in refining it.
+
+So  for systems which get the TSC frequency from the platform we
+should skip the refined tsc algorithm.
+
+We can use the TSC_RELIABLE cpu cap flag to detect this, right now it is
+set only on VMware and for Moorestown Penwell both of which have there
+own TSC calibration methods.
+
+Signed-off-by: Alok N Kataria <akataria@vmware.com>
+Cc: John Stultz <johnstul@us.ibm.com>
+Cc: Dirk Brandewie <dirk.brandewie@gmail.com>
+Cc: Alan Cox <alan@linux.intel.com>
+[jstultz: Reworked to simply not schedule the refining work,
+rather then scheduling the work and bombing out later]
+Signed-off-by: John Stultz <john.stultz@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/tsc.c |   10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/arch/x86/kernel/tsc.c
++++ b/arch/x86/kernel/tsc.c
+@@ -934,6 +934,16 @@ static int __init init_tsc_clocksource(v
+ 		clocksource_tsc.rating = 0;
+ 		clocksource_tsc.flags &= ~CLOCK_SOURCE_IS_CONTINUOUS;
+ 	}
++
++	/*
++	 * Trust the results of the earlier calibration on systems
++	 * exporting a reliable TSC.
++	 */
++	if (boot_cpu_has(X86_FEATURE_TSC_RELIABLE)) {
++		clocksource_register_khz(&clocksource_tsc, tsc_khz);
++		return 0;
++	}
++
+ 	schedule_delayed_work(&tsc_irqwork, 0);
+ 	return 0;
+ }
-- 
2.47.3