From 90274362d880cf8a0d225b8d7fa65fdcc774ee04 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 3 May 2013 15:27:13 -0700 Subject: [PATCH] 3.0-stable patches added patches: asoc-max98088-fix-logging-of-hardware-revision.patch cgroup-fix-an-off-by-one-bug-which-may-trigger-bug_on.patch clockevents-set-dummy-handler-on-cpu_dead-shutdown.patch drivers-rtc-rtc-cmos.c-don-t-disable-hpet-emulation-on-suspend.patch hrtimer-add-expiry-time-overflow-check-in-hrtimer_interrupt.patch hrtimer-fix-ktime_add_ns-overflow-on-32bit-architectures.patch ipc-sysv-shared-memory-limited-to-8tib.patch lockd-ensure-that-nlmclnt_block-resets-block-b_status-after-a-server-reboot.patch nfsd4-don-t-close-read-write-opens-too-soon.patch nfsd-decode-and-send-64bit-time-values.patch nfsv4-handle-nfs4err_delay-and-nfs4err_grace-in-nfs4_lock_delegation_recall.patch nfsv4-handle-nfs4err_delay-and-nfs4err_grace-in-nfs4_open_delegation_recall.patch wireless-regulatory-fix-channel-disabling-race-condition.patch --- ...088-fix-logging-of-hardware-revision.patch | 31 +++++++ ...-by-one-bug-which-may-trigger-bug_on.patch | 36 ++++++++ ...t-dummy-handler-on-cpu_dead-shutdown.patch | 73 +++++++++++++++++ ...-t-disable-hpet-emulation-on-suspend.patch | 53 ++++++++++++ ...-overflow-check-in-hrtimer_interrupt.patch | 82 +++++++++++++++++++ ...d_ns-overflow-on-32bit-architectures.patch | 54 ++++++++++++ ...c-sysv-shared-memory-limited-to-8tib.patch | 60 ++++++++++++++ ...block-b_status-after-a-server-reboot.patch | 51 ++++++++++++ ...sd-decode-and-send-64bit-time-values.patch | 76 +++++++++++++++++ ...on-t-close-read-write-opens-too-soon.patch | 40 +++++++++ ...grace-in-nfs4_lock_delegation_recall.patch | 36 ++++++++ ...grace-in-nfs4_open_delegation_recall.patch | 36 ++++++++ queue-3.0/series | 13 +++ ...fix-channel-disabling-race-condition.patch | 39 +++++++++ 14 files changed, 680 insertions(+) create mode 100644 queue-3.0/asoc-max98088-fix-logging-of-hardware-revision.patch create mode 100644 queue-3.0/cgroup-fix-an-off-by-one-bug-which-may-trigger-bug_on.patch create mode 100644 queue-3.0/clockevents-set-dummy-handler-on-cpu_dead-shutdown.patch create mode 100644 queue-3.0/drivers-rtc-rtc-cmos.c-don-t-disable-hpet-emulation-on-suspend.patch create mode 100644 queue-3.0/hrtimer-add-expiry-time-overflow-check-in-hrtimer_interrupt.patch create mode 100644 queue-3.0/hrtimer-fix-ktime_add_ns-overflow-on-32bit-architectures.patch create mode 100644 queue-3.0/ipc-sysv-shared-memory-limited-to-8tib.patch create mode 100644 queue-3.0/lockd-ensure-that-nlmclnt_block-resets-block-b_status-after-a-server-reboot.patch create mode 100644 queue-3.0/nfsd-decode-and-send-64bit-time-values.patch create mode 100644 queue-3.0/nfsd4-don-t-close-read-write-opens-too-soon.patch create mode 100644 queue-3.0/nfsv4-handle-nfs4err_delay-and-nfs4err_grace-in-nfs4_lock_delegation_recall.patch create mode 100644 queue-3.0/nfsv4-handle-nfs4err_delay-and-nfs4err_grace-in-nfs4_open_delegation_recall.patch create mode 100644 queue-3.0/wireless-regulatory-fix-channel-disabling-race-condition.patch diff --git a/queue-3.0/asoc-max98088-fix-logging-of-hardware-revision.patch b/queue-3.0/asoc-max98088-fix-logging-of-hardware-revision.patch new file mode 100644 index 00000000000..c412fc7925d --- /dev/null +++ b/queue-3.0/asoc-max98088-fix-logging-of-hardware-revision.patch @@ -0,0 +1,31 @@ +From 98682063549bedd6e2d2b6b7222f150c6fbce68c Mon Sep 17 00:00:00 2001 +From: Dylan Reid +Date: Tue, 16 Apr 2013 20:02:34 -0700 +Subject: ASoC: max98088: Fix logging of hardware revision. + +From: Dylan Reid + +commit 98682063549bedd6e2d2b6b7222f150c6fbce68c upstream. + +The hardware revision of the codec is based at 0x40. Subtract that +before convering to ASCII. The same as it is done for 98095. + +Signed-off-by: Dylan Reid +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + sound/soc/codecs/max98088.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/soc/codecs/max98088.c ++++ b/sound/soc/codecs/max98088.c +@@ -1998,7 +1998,7 @@ static int max98088_probe(struct snd_soc + ret); + goto err_access; + } +- dev_info(codec->dev, "revision %c\n", ret + 'A'); ++ dev_info(codec->dev, "revision %c\n", ret - 0x40 + 'A'); + + snd_soc_write(codec, M98088_REG_51_PWR_SYS, M98088_PWRSV); + diff --git a/queue-3.0/cgroup-fix-an-off-by-one-bug-which-may-trigger-bug_on.patch b/queue-3.0/cgroup-fix-an-off-by-one-bug-which-may-trigger-bug_on.patch new file mode 100644 index 00000000000..7c5f38d8ce2 --- /dev/null +++ b/queue-3.0/cgroup-fix-an-off-by-one-bug-which-may-trigger-bug_on.patch @@ -0,0 +1,36 @@ +From 3ac1707a13a3da9cfc8f242a15b2fae6df2c5f88 Mon Sep 17 00:00:00 2001 +From: Li Zefan +Date: Tue, 12 Mar 2013 15:36:00 -0700 +Subject: cgroup: fix an off-by-one bug which may trigger BUG_ON() + +From: Li Zefan + +commit 3ac1707a13a3da9cfc8f242a15b2fae6df2c5f88 upstream. + +The 3rd parameter of flex_array_prealloc() is the number of elements, +not the index of the last element. + +The effect of the bug is, when opening cgroup.procs, a flex array will +be allocated and all elements of the array is allocated with +GFP_KERNEL flag, but the last one is GFP_ATOMIC, and if we fail to +allocate memory for it, it'll trigger a BUG_ON(). + +Signed-off-by: Li Zefan +Signed-off-by: Tejun Heo +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/cgroup.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/cgroup.c ++++ b/kernel/cgroup.c +@@ -2026,7 +2026,7 @@ int cgroup_attach_proc(struct cgroup *cg + if (!group) + return -ENOMEM; + /* pre-allocate to guarantee space while iterating in rcu read-side. */ +- retval = flex_array_prealloc(group, 0, group_size - 1, GFP_KERNEL); ++ retval = flex_array_prealloc(group, 0, group_size, GFP_KERNEL); + if (retval) + goto out_free_group_list; + diff --git a/queue-3.0/clockevents-set-dummy-handler-on-cpu_dead-shutdown.patch b/queue-3.0/clockevents-set-dummy-handler-on-cpu_dead-shutdown.patch new file mode 100644 index 00000000000..9982bdbb017 --- /dev/null +++ b/queue-3.0/clockevents-set-dummy-handler-on-cpu_dead-shutdown.patch @@ -0,0 +1,73 @@ +From 6f7a05d7018de222e40ca003721037a530979974 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Thu, 25 Apr 2013 11:45:53 +0200 +Subject: clockevents: Set dummy handler on CPU_DEAD shutdown + +From: Thomas Gleixner + +commit 6f7a05d7018de222e40ca003721037a530979974 upstream. + +Vitaliy reported that a per cpu HPET timer interrupt crashes the +system during hibernation. What happens is that the per cpu HPET timer +gets shut down when the nonboot cpus are stopped. When the nonboot +cpus are onlined again the HPET code sets up the MSI interrupt which +fires before the clock event device is registered. The event handler +is still set to hrtimer_interrupt, which then crashes the machine due +to highres mode not being active. + +See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700333 + +There is no real good way to avoid that in the HPET code. The HPET +code alrady has a mechanism to detect spurious interrupts when event +handler == NULL for a similar reason. + +We can handle that in the clockevent/tick layer and replace the +previous functional handler with a dummy handler like we do in +tick_setup_new_device(). + +The original clockevents code did this in clockevents_exchange_device(), +but that got removed by commit 7c1e76897 (clockevents: prevent +clockevent event_handler ending up handler_noop) which forgot to fix +it up in tick_shutdown(). Same issue with the broadcast device. + +Reported-by: Vitaliy Fillipov +Cc: Ben Hutchings +Cc: 700333@bugs.debian.org +Signed-off-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/time/tick-broadcast.c | 4 ++++ + kernel/time/tick-common.c | 1 + + 2 files changed, 5 insertions(+) + +--- a/kernel/time/tick-broadcast.c ++++ b/kernel/time/tick-broadcast.c +@@ -66,6 +66,8 @@ static void tick_broadcast_start_periodi + */ + int tick_check_broadcast_device(struct clock_event_device *dev) + { ++ struct clock_event_device *cur = tick_broadcast_device.evtdev; ++ + if ((dev->features & CLOCK_EVT_FEAT_DUMMY) || + (tick_broadcast_device.evtdev && + tick_broadcast_device.evtdev->rating >= dev->rating) || +@@ -73,6 +75,8 @@ int tick_check_broadcast_device(struct c + return 0; + + clockevents_exchange_device(tick_broadcast_device.evtdev, dev); ++ if (cur) ++ cur->event_handler = clockevents_handle_noop; + tick_broadcast_device.evtdev = dev; + if (!cpumask_empty(tick_get_broadcast_mask())) + tick_broadcast_start_periodic(dev); +--- a/kernel/time/tick-common.c ++++ b/kernel/time/tick-common.c +@@ -323,6 +323,7 @@ static void tick_shutdown(unsigned int * + */ + dev->mode = CLOCK_EVT_MODE_UNUSED; + clockevents_exchange_device(dev, NULL); ++ dev->event_handler = clockevents_handle_noop; + td->evtdev = NULL; + } + raw_spin_unlock_irqrestore(&tick_device_lock, flags); diff --git a/queue-3.0/drivers-rtc-rtc-cmos.c-don-t-disable-hpet-emulation-on-suspend.patch b/queue-3.0/drivers-rtc-rtc-cmos.c-don-t-disable-hpet-emulation-on-suspend.patch new file mode 100644 index 00000000000..3f8d39fbc23 --- /dev/null +++ b/queue-3.0/drivers-rtc-rtc-cmos.c-don-t-disable-hpet-emulation-on-suspend.patch @@ -0,0 +1,53 @@ +From e005715efaf674660ae59af83b13822567e3a758 Mon Sep 17 00:00:00 2001 +From: Derek Basehore +Date: Mon, 29 Apr 2013 16:20:23 -0700 +Subject: drivers/rtc/rtc-cmos.c: don't disable hpet emulation on suspend + +From: Derek Basehore + +commit e005715efaf674660ae59af83b13822567e3a758 upstream. + +There's a bug where rtc alarms are ignored after the rtc cmos suspends +but before the system finishes suspend. Since hpet emulation is +disabled and it still handles the interrupts, a wake event is never +registered which is done from the rtc layer. + +This patch reverts commit d1b2efa83fbf ("rtc: disable hpet emulation on +suspend") which disabled hpet emulation. To fix the problem mentioned +in that commit, hpet_rtc_timer_init() is called directly on resume. + +Signed-off-by: Derek Basehore +Cc: Maxim Levitsky +Cc: "H. Peter Anvin" +Cc: Thomas Gleixner +Cc: Ingo Molnar +Cc: "Rafael J. Wysocki" +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/rtc/rtc-cmos.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/rtc/rtc-cmos.c ++++ b/drivers/rtc/rtc-cmos.c +@@ -805,9 +805,8 @@ static int cmos_suspend(struct device *d + mask = RTC_IRQMASK; + tmp &= ~mask; + CMOS_WRITE(tmp, RTC_CONTROL); ++ hpet_mask_rtc_irq_bit(mask); + +- /* shut down hpet emulation - we don't need it for alarm */ +- hpet_mask_rtc_irq_bit(RTC_PIE|RTC_AIE|RTC_UIE); + cmos_checkintr(cmos, tmp); + } + spin_unlock_irq(&rtc_lock); +@@ -872,6 +871,7 @@ static int cmos_resume(struct device *de + rtc_update_irq(cmos->rtc, 1, mask); + tmp &= ~RTC_AIE; + hpet_mask_rtc_irq_bit(RTC_AIE); ++ hpet_rtc_timer_init(); + } while (mask & RTC_AIE); + spin_unlock_irq(&rtc_lock); + } diff --git a/queue-3.0/hrtimer-add-expiry-time-overflow-check-in-hrtimer_interrupt.patch b/queue-3.0/hrtimer-add-expiry-time-overflow-check-in-hrtimer_interrupt.patch new file mode 100644 index 00000000000..998821f78e9 --- /dev/null +++ b/queue-3.0/hrtimer-add-expiry-time-overflow-check-in-hrtimer_interrupt.patch @@ -0,0 +1,82 @@ +From 8f294b5a139ee4b75e890ad5b443c93d1e558a8b Mon Sep 17 00:00:00 2001 +From: Prarit Bhargava +Date: Mon, 8 Apr 2013 08:47:15 -0400 +Subject: hrtimer: Add expiry time overflow check in hrtimer_interrupt + +From: Prarit Bhargava + +commit 8f294b5a139ee4b75e890ad5b443c93d1e558a8b upstream. + +The settimeofday01 test in the LTP testsuite effectively does + + gettimeofday(current time); + settimeofday(Jan 1, 1970 + 100 seconds); + settimeofday(current time); + +This test causes a stack trace to be displayed on the console during the +setting of timeofday to Jan 1, 1970 + 100 seconds: + +[ 131.066751] ------------[ cut here ]------------ +[ 131.096448] WARNING: at kernel/time/clockevents.c:209 clockevents_program_event+0x135/0x140() +[ 131.104935] Hardware name: Dinar +[ 131.108150] Modules linked in: sg nfsv3 nfs_acl nfsv4 auth_rpcgss nfs dns_resolver fscache lockd sunrpc nf_conntrack_netbios_ns nf_conntrack_broadcast ipt_MASQUERADE ip6table_mangle ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 iptable_nat nf_nat_ipv4 nf_nat iptable_mangle ipt_REJECT nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables kvm_amd kvm sp5100_tco bnx2 i2c_piix4 crc32c_intel k10temp fam15h_power ghash_clmulni_intel amd64_edac_mod pcspkr serio_raw edac_mce_amd edac_core microcode xfs libcrc32c sr_mod sd_mod cdrom ata_generic crc_t10dif pata_acpi radeon i2c_algo_bit drm_kms_helper ttm drm ahci pata_atiixp libahci libata usb_storage i2c_core dm_mirror dm_region_hash dm_log dm_mod +[ 131.176784] Pid: 0, comm: swapper/28 Not tainted 3.8.0+ #6 +[ 131.182248] Call Trace: +[ 131.184684] [] warn_slowpath_common+0x7f/0xc0 +[ 131.191312] [] warn_slowpath_null+0x1a/0x20 +[ 131.197131] [] clockevents_program_event+0x135/0x140 +[ 131.203721] [] tick_program_event+0x24/0x30 +[ 131.209534] [] hrtimer_interrupt+0x131/0x230 +[ 131.215437] [] ? cpufreq_p4_target+0x130/0x130 +[ 131.221509] [] smp_apic_timer_interrupt+0x69/0x99 +[ 131.227839] [] apic_timer_interrupt+0x6d/0x80 +[ 131.233816] [] ? sched_clock_cpu+0xc5/0x120 +[ 131.240267] [] ? cpuidle_wrap_enter+0x50/0xa0 +[ 131.246252] [] ? cpuidle_wrap_enter+0x49/0xa0 +[ 131.252238] [] cpuidle_enter_tk+0x10/0x20 +[ 131.257877] [] cpuidle_idle_call+0xa9/0x260 +[ 131.263692] [] cpu_idle+0xaf/0x120 +[ 131.268727] [] start_secondary+0x255/0x257 +[ 131.274449] ---[ end trace 1151a50552231615 ]--- + +When we change the system time to a low value like this, the value of +timekeeper->offs_real will be a negative value. + +It seems that the WARN occurs because an hrtimer has been started in the time +between the releasing of the timekeeper lock and the IPI call (via a call to +on_each_cpu) in clock_was_set() in the do_settimeofday() code. The end result +is that a REALTIME_CLOCK timer has been added with softexpires = expires = +KTIME_MAX. The hrtimer_interrupt() fires/is called and the loop at +kernel/hrtimer.c:1289 is executed. In this loop the code subtracts the +clock base's offset (which was set to timekeeper->offs_real in +do_settimeofday()) from the current hrtimer_cpu_base->expiry value (which +was KTIME_MAX): + + KTIME_MAX - (a negative value) = overflow + +A simple check for an overflow can resolve this problem. Using KTIME_MAX +instead of the overflow value will result in the hrtimer function being run, +and the reprogramming of the timer after that. + +Reviewed-by: Rik van Riel +Cc: Thomas Gleixner +Signed-off-by: Prarit Bhargava +[jstultz: Tweaked commit subject] +Signed-off-by: John Stultz +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/hrtimer.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/kernel/hrtimer.c ++++ b/kernel/hrtimer.c +@@ -1312,6 +1312,8 @@ retry: + + expires = ktime_sub(hrtimer_get_expires(timer), + base->offset); ++ if (expires.tv64 < 0) ++ expires.tv64 = KTIME_MAX; + if (expires.tv64 < expires_next.tv64) + expires_next = expires; + break; diff --git a/queue-3.0/hrtimer-fix-ktime_add_ns-overflow-on-32bit-architectures.patch b/queue-3.0/hrtimer-fix-ktime_add_ns-overflow-on-32bit-architectures.patch new file mode 100644 index 00000000000..4145b69c991 --- /dev/null +++ b/queue-3.0/hrtimer-fix-ktime_add_ns-overflow-on-32bit-architectures.patch @@ -0,0 +1,54 @@ +From 51fd36f3fad8447c487137ae26b9d0b3ce77bb25 Mon Sep 17 00:00:00 2001 +From: David Engraf +Date: Tue, 19 Mar 2013 13:29:55 +0100 +Subject: hrtimer: Fix ktime_add_ns() overflow on 32bit architectures + +From: David Engraf + +commit 51fd36f3fad8447c487137ae26b9d0b3ce77bb25 upstream. + +One can trigger an overflow when using ktime_add_ns() on a 32bit +architecture not supporting CONFIG_KTIME_SCALAR. + +When passing a very high value for u64 nsec, e.g. 7881299347898368000 +the do_div() function converts this value to seconds (7881299347) which +is still to high to pass to the ktime_set() function as long. The result +in is a negative value. + +The problem on my system occurs in the tick-sched.c, +tick_nohz_stop_sched_tick() when time_delta is set to +timekeeping_max_deferment(). The check for time_delta < KTIME_MAX is +valid, thus ktime_add_ns() is called with a too large value resulting in +a negative expire value. This leads to an endless loop in the ticker code: + +time_delta: 7881299347898368000 +expires = ktime_add_ns(last_update, time_delta) +expires: negative value + +This fix caps the value to KTIME_MAX. + +This error doesn't occurs on 64bit or architectures supporting +CONFIG_KTIME_SCALAR (e.g. ARM, x86-32). + +Signed-off-by: David Engraf +[jstultz: Minor tweaks to commit message & header] +Signed-off-by: John Stultz +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/hrtimer.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/kernel/hrtimer.c ++++ b/kernel/hrtimer.c +@@ -298,6 +298,10 @@ ktime_t ktime_sub_ns(const ktime_t kt, u + } else { + unsigned long rem = do_div(nsec, NSEC_PER_SEC); + ++ /* Make sure nsec fits into long */ ++ if (unlikely(nsec > KTIME_SEC_MAX)) ++ return (ktime_t){ .tv64 = KTIME_MAX }; ++ + tmp = ktime_set((long)nsec, rem); + } + diff --git a/queue-3.0/ipc-sysv-shared-memory-limited-to-8tib.patch b/queue-3.0/ipc-sysv-shared-memory-limited-to-8tib.patch new file mode 100644 index 00000000000..d1b5bf6003d --- /dev/null +++ b/queue-3.0/ipc-sysv-shared-memory-limited-to-8tib.patch @@ -0,0 +1,60 @@ +From d69f3bad4675ac519d41ca2b11e1c00ca115cecd Mon Sep 17 00:00:00 2001 +From: Robin Holt +Date: Tue, 30 Apr 2013 19:15:54 -0700 +Subject: ipc: sysv shared memory limited to 8TiB + +From: Robin Holt + +commit d69f3bad4675ac519d41ca2b11e1c00ca115cecd upstream. + +Trying to run an application which was trying to put data into half of +memory using shmget(), we found that having a shmall value below 8EiB-8TiB +would prevent us from using anything more than 8TiB. By setting +kernel.shmall greater than 8EiB-8TiB would make the job work. + +In the newseg() function, ns->shm_tot which, at 8TiB is INT_MAX. + +ipc/shm.c: + 458 static int newseg(struct ipc_namespace *ns, struct ipc_params *params) + 459 { +... + 465 int numpages = (size + PAGE_SIZE -1) >> PAGE_SHIFT; +... + 474 if (ns->shm_tot + numpages > ns->shm_ctlall) + 475 return -ENOSPC; + +[akpm@linux-foundation.org: make ipc/shm.c:newseg()'s numpages size_t, not int] +Signed-off-by: Robin Holt +Reported-by: Alex Thorlton +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/ipc_namespace.h | 2 +- + ipc/shm.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/include/linux/ipc_namespace.h ++++ b/include/linux/ipc_namespace.h +@@ -42,8 +42,8 @@ struct ipc_namespace { + + size_t shm_ctlmax; + size_t shm_ctlall; ++ unsigned long shm_tot; + int shm_ctlmni; +- int shm_tot; + + struct notifier_block ipcns_nb; + +--- a/ipc/shm.c ++++ b/ipc/shm.c +@@ -343,7 +343,7 @@ static int newseg(struct ipc_namespace * + size_t size = params->u.size; + int error; + struct shmid_kernel *shp; +- int numpages = (size + PAGE_SIZE -1) >> PAGE_SHIFT; ++ size_t numpages = (size + PAGE_SIZE - 1) >> PAGE_SHIFT; + struct file * file; + char name[13]; + int id; diff --git a/queue-3.0/lockd-ensure-that-nlmclnt_block-resets-block-b_status-after-a-server-reboot.patch b/queue-3.0/lockd-ensure-that-nlmclnt_block-resets-block-b_status-after-a-server-reboot.patch new file mode 100644 index 00000000000..54897e088bd --- /dev/null +++ b/queue-3.0/lockd-ensure-that-nlmclnt_block-resets-block-b_status-after-a-server-reboot.patch @@ -0,0 +1,51 @@ +From 1dfd89af8697a299e7982ae740d4695ecd917eef Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Sun, 21 Apr 2013 18:01:06 -0400 +Subject: LOCKD: Ensure that nlmclnt_block resets block->b_status after a server reboot + +From: Trond Myklebust + +commit 1dfd89af8697a299e7982ae740d4695ecd917eef upstream. + +After a server reboot, the reclaimer thread will recover all the existing +locks. For locks that are blocked, however, it will change the value +of block->b_status to nlm_lck_denied_grace_period in order to signal that +they need to wake up and resend the original blocking lock request. + +Due to a bug, however, the block->b_status never gets reset after the +blocked locks have been woken up, and so the process goes into an +infinite loop of resends until the blocked lock is satisfied. + +Reported-by: Marc Eshel +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/lockd/clntlock.c | 3 +++ + fs/lockd/clntproc.c | 3 --- + 2 files changed, 3 insertions(+), 3 deletions(-) + +--- a/fs/lockd/clntlock.c ++++ b/fs/lockd/clntlock.c +@@ -141,6 +141,9 @@ int nlmclnt_block(struct nlm_wait *block + timeout); + if (ret < 0) + return -ERESTARTSYS; ++ /* Reset the lock status after a server reboot so we resend */ ++ if (block->b_status == nlm_lck_denied_grace_period) ++ block->b_status = nlm_lck_blocked; + req->a_res.status = block->b_status; + return 0; + } +--- a/fs/lockd/clntproc.c ++++ b/fs/lockd/clntproc.c +@@ -550,9 +550,6 @@ again: + status = nlmclnt_block(block, req, NLMCLNT_POLL_TIMEOUT); + if (status < 0) + break; +- /* Resend the blocking lock request after a server reboot */ +- if (resp->status == nlm_lck_denied_grace_period) +- continue; + if (resp->status != nlm_lck_blocked) + break; + } diff --git a/queue-3.0/nfsd-decode-and-send-64bit-time-values.patch b/queue-3.0/nfsd-decode-and-send-64bit-time-values.patch new file mode 100644 index 00000000000..66da31ba1ef --- /dev/null +++ b/queue-3.0/nfsd-decode-and-send-64bit-time-values.patch @@ -0,0 +1,76 @@ +From bf8d909705e9d9bac31d9b8eac6734d2b51332a7 Mon Sep 17 00:00:00 2001 +From: Bryan Schumaker +Date: Fri, 19 Apr 2013 16:09:38 -0400 +Subject: nfsd: Decode and send 64bit time values + +From: Bryan Schumaker + +commit bf8d909705e9d9bac31d9b8eac6734d2b51332a7 upstream. + +The seconds field of an nfstime4 structure is 64bit, but we are assuming +that the first 32bits are zero-filled. So if the client tries to set +atime to a value before the epoch (touch -t 196001010101), then the +server will save the wrong value on disk. + +Signed-off-by: Bryan Schumaker +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4xdr.c | 19 +++++-------------- + 1 file changed, 5 insertions(+), 14 deletions(-) + +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -342,10 +342,7 @@ nfsd4_decode_fattr(struct nfsd4_compound + all 32 bits of 'nseconds'. */ + READ_BUF(12); + len += 12; +- READ32(dummy32); +- if (dummy32) +- return nfserr_inval; +- READ32(iattr->ia_atime.tv_sec); ++ READ64(iattr->ia_atime.tv_sec); + READ32(iattr->ia_atime.tv_nsec); + if (iattr->ia_atime.tv_nsec >= (u32)1000000000) + return nfserr_inval; +@@ -368,10 +365,7 @@ nfsd4_decode_fattr(struct nfsd4_compound + all 32 bits of 'nseconds'. */ + READ_BUF(12); + len += 12; +- READ32(dummy32); +- if (dummy32) +- return nfserr_inval; +- READ32(iattr->ia_mtime.tv_sec); ++ READ64(iattr->ia_mtime.tv_sec); + READ32(iattr->ia_mtime.tv_nsec); + if (iattr->ia_mtime.tv_nsec >= (u32)1000000000) + return nfserr_inval; +@@ -2148,8 +2142,7 @@ out_acl: + if (bmval1 & FATTR4_WORD1_TIME_ACCESS) { + if ((buflen -= 12) < 0) + goto out_resource; +- WRITE32(0); +- WRITE32(stat.atime.tv_sec); ++ WRITE64((s64)stat.atime.tv_sec); + WRITE32(stat.atime.tv_nsec); + } + if (bmval1 & FATTR4_WORD1_TIME_DELTA) { +@@ -2162,15 +2155,13 @@ out_acl: + if (bmval1 & FATTR4_WORD1_TIME_METADATA) { + if ((buflen -= 12) < 0) + goto out_resource; +- WRITE32(0); +- WRITE32(stat.ctime.tv_sec); ++ WRITE64((s64)stat.ctime.tv_sec); + WRITE32(stat.ctime.tv_nsec); + } + if (bmval1 & FATTR4_WORD1_TIME_MODIFY) { + if ((buflen -= 12) < 0) + goto out_resource; +- WRITE32(0); +- WRITE32(stat.mtime.tv_sec); ++ WRITE64((s64)stat.mtime.tv_sec); + WRITE32(stat.mtime.tv_nsec); + } + if (bmval1 & FATTR4_WORD1_MOUNTED_ON_FILEID) { diff --git a/queue-3.0/nfsd4-don-t-close-read-write-opens-too-soon.patch b/queue-3.0/nfsd4-don-t-close-read-write-opens-too-soon.patch new file mode 100644 index 00000000000..af9fc5f4f58 --- /dev/null +++ b/queue-3.0/nfsd4-don-t-close-read-write-opens-too-soon.patch @@ -0,0 +1,40 @@ +From 0c7c3e67ab91ec6caa44bdf1fc89a48012ceb0c5 Mon Sep 17 00:00:00 2001 +From: "J. Bruce Fields" +Date: Thu, 28 Mar 2013 20:37:14 -0400 +Subject: nfsd4: don't close read-write opens too soon + +From: "J. Bruce Fields" + +commit 0c7c3e67ab91ec6caa44bdf1fc89a48012ceb0c5 upstream. + +Don't actually close any opens until we don't need them at all. + +This means being left with write access when it's not really necessary, +but that's better than putting a file that might still have posix locks +held on it, as we have been. + +Reported-by: Toralf Förster +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4state.c | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +--- a/fs/nfsd/nfs4state.c ++++ b/fs/nfsd/nfs4state.c +@@ -189,13 +189,7 @@ static void __nfs4_file_put_access(struc + { + if (atomic_dec_and_test(&fp->fi_access[oflag])) { + nfs4_file_put_fd(fp, oflag); +- /* +- * It's also safe to get rid of the RDWR open *if* +- * we no longer have need of the other kind of access +- * or if we already have the other kind of open: +- */ +- if (fp->fi_fds[1-oflag] +- || atomic_read(&fp->fi_access[1 - oflag]) == 0) ++ if (atomic_read(&fp->fi_access[1 - oflag]) == 0) + nfs4_file_put_fd(fp, O_RDWR); + } + } diff --git a/queue-3.0/nfsv4-handle-nfs4err_delay-and-nfs4err_grace-in-nfs4_lock_delegation_recall.patch b/queue-3.0/nfsv4-handle-nfs4err_delay-and-nfs4err_grace-in-nfs4_lock_delegation_recall.patch new file mode 100644 index 00000000000..29098cac7a2 --- /dev/null +++ b/queue-3.0/nfsv4-handle-nfs4err_delay-and-nfs4err_grace-in-nfs4_lock_delegation_recall.patch @@ -0,0 +1,36 @@ +From dbb21c25a35a71baf413f5176f028ee11b88cfbc Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Mon, 1 Apr 2013 14:27:29 -0400 +Subject: NFSv4: Handle NFS4ERR_DELAY and NFS4ERR_GRACE in nfs4_lock_delegation_recall + +From: Trond Myklebust + +commit dbb21c25a35a71baf413f5176f028ee11b88cfbc upstream. + +A server shouldn't normally return NFS4ERR_GRACE if the client holds a +delegation, since no conflicting lock reclaims can be granted, however +the spec does not require the server to grant the lock in this +instance. + +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -4658,6 +4658,12 @@ int nfs4_lock_delegation_recall(struct n + */ + err = 0; + goto out; ++ case -NFS4ERR_DELAY: ++ case -NFS4ERR_GRACE: ++ set_bit(NFS_DELEGATED_STATE, &state->flags); ++ ssleep(1); ++ err = -EAGAIN; ++ goto out; + case -ENOMEM: + case -NFS4ERR_DENIED: + /* kill_proc(fl->fl_pid, SIGLOST, 1); */ diff --git a/queue-3.0/nfsv4-handle-nfs4err_delay-and-nfs4err_grace-in-nfs4_open_delegation_recall.patch b/queue-3.0/nfsv4-handle-nfs4err_delay-and-nfs4err_grace-in-nfs4_open_delegation_recall.patch new file mode 100644 index 00000000000..44c1c408e9d --- /dev/null +++ b/queue-3.0/nfsv4-handle-nfs4err_delay-and-nfs4err_grace-in-nfs4_open_delegation_recall.patch @@ -0,0 +1,36 @@ +From 8b6cc4d6f841d31f72fe7478453759166d366274 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Mon, 1 Apr 2013 15:34:05 -0400 +Subject: NFSv4: Handle NFS4ERR_DELAY and NFS4ERR_GRACE in nfs4_open_delegation_recall + +From: Trond Myklebust + +commit 8b6cc4d6f841d31f72fe7478453759166d366274 upstream. + +A server shouldn't normally return NFS4ERR_GRACE if the client holds a +delegation, since no conflicting lock reclaims can be granted, however +the spec does not require the server to grant the open in this +instance + +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -1335,6 +1335,12 @@ int nfs4_open_delegation_recall(struct n + case -ENOMEM: + err = 0; + goto out; ++ case -NFS4ERR_DELAY: ++ case -NFS4ERR_GRACE: ++ set_bit(NFS_DELEGATED_STATE, &state->flags); ++ ssleep(1); ++ err = -EAGAIN; ++ goto out; + } + err = nfs4_handle_exception(server, err, &exception); + } while (exception.retry); diff --git a/queue-3.0/series b/queue-3.0/series index e3a656304a7..901500e1431 100644 --- a/queue-3.0/series +++ b/queue-3.0/series @@ -26,3 +26,16 @@ wrong-asm-register-contraints-in-the-kvm-implementation.patch fs-fscache-stats.c-fix-memory-leak.patch alsa-usb-audio-disable-autopm-for-midi-devices.patch alsa-usb-audio-fix-autopm-error-during-probing.patch +asoc-max98088-fix-logging-of-hardware-revision.patch +hrtimer-fix-ktime_add_ns-overflow-on-32bit-architectures.patch +hrtimer-add-expiry-time-overflow-check-in-hrtimer_interrupt.patch +drivers-rtc-rtc-cmos.c-don-t-disable-hpet-emulation-on-suspend.patch +cgroup-fix-an-off-by-one-bug-which-may-trigger-bug_on.patch +clockevents-set-dummy-handler-on-cpu_dead-shutdown.patch +lockd-ensure-that-nlmclnt_block-resets-block-b_status-after-a-server-reboot.patch +nfsv4-handle-nfs4err_delay-and-nfs4err_grace-in-nfs4_lock_delegation_recall.patch +nfsv4-handle-nfs4err_delay-and-nfs4err_grace-in-nfs4_open_delegation_recall.patch +nfsd4-don-t-close-read-write-opens-too-soon.patch +nfsd-decode-and-send-64bit-time-values.patch +wireless-regulatory-fix-channel-disabling-race-condition.patch +ipc-sysv-shared-memory-limited-to-8tib.patch diff --git a/queue-3.0/wireless-regulatory-fix-channel-disabling-race-condition.patch b/queue-3.0/wireless-regulatory-fix-channel-disabling-race-condition.patch new file mode 100644 index 00000000000..fd8c2ca6d8f --- /dev/null +++ b/queue-3.0/wireless-regulatory-fix-channel-disabling-race-condition.patch @@ -0,0 +1,39 @@ +From 990de49f74e772b6db5208457b7aa712a5f4db86 Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Tue, 16 Apr 2013 14:32:26 +0200 +Subject: wireless: regulatory: fix channel disabling race condition + +From: Johannes Berg + +commit 990de49f74e772b6db5208457b7aa712a5f4db86 upstream. + +When a full scan 2.4 and 5 GHz scan is scheduled, but then the 2.4 GHz +part of the scan disables a 5.2 GHz channel due to, e.g. receiving +country or frequency information, that 5.2 GHz channel might already +be in the list of channels to scan next. Then, when the driver checks +if it should do a passive scan, that will return false and attempt an +active scan. This is not only wrong but can also lead to the iwlwifi +device firmware crashing since it checks regulatory as well. + +Fix this by not setting the channel flags to just disabled but rather +OR'ing in the disabled flag. That way, even if the race happens, the +channel will be scanned passively which is still (mostly) correct. + +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/reg.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/wireless/reg.c ++++ b/net/wireless/reg.c +@@ -852,7 +852,7 @@ static void handle_channel(struct wiphy + return; + + REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq); +- chan->flags = IEEE80211_CHAN_DISABLED; ++ chan->flags |= IEEE80211_CHAN_DISABLED; + return; + } + -- 2.47.3