Linux/linux 3c2bfbaarch/arm Kconfig, arch/arm/boot/compressed efi-header.S

Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm

Pull ARM fixes from Russell King:
 "Three more fixes:

   - Fix the previous fix merged in the last pull for the Thumb2
     decompressor.

   - A fix from Vladimir to correctly identify the V7M cache type.

   - The optimised 3G vmsplit case does not work with LPAE, so don't
     allow this to be selected for LPAE configurations"

* 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
  ARM: 8682/1: V7M: Set cacheid iff DminLine or IminLine is nonzero
  ARM: 8681/1: make VMSPLIT_3G_OPT depends on !ARM_LPAE
  ARM: 8680/1: boot/compressed: fix inappropriate Thumb2 mnemonic for __nop

Linux/linux da8b14e. MAINTAINERS

Merge tag 'for-linus' of git://linux-c6x.org/git/projects/linux-c6x-upstreaming

Pull c6x fixlet from Mark Salter:
 "Update maintainer email"

* tag 'for-linus' of git://linux-c6x.org/git/projects/linux-c6x-upstreaming:
  MAINTAINERS: update email address for C6x maintainer
DeltaFile
+1-1MAINTAINERS
+1-11 files

Linux/linux 9d646c9arch/s390/kernel ipl.c

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 bugfix from Martin Schwidefsky:
 "One last s390 patch for 4.12

  Revert the re-IPL semantics back to the v4.7 state. It turned out that
  the memory layout may change due to memory hotplug if load-normal is
  used"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/ipl: revert Load Normal semantics for LPAR CCW-type re-IPL

Linux/linux c0bc126. Makefile

Linux 4.12-rc7
DeltaFile
+1-1Makefile
+1-11 files

Linux/linux a4fd8b3arch/x86/include/asm mshyperv.h

Merge branch 'x86-urgent-for-linus' of 
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fix from Thomas Gleixner:
 "A single fix to unbreak the vdso32 build for 64bit kernels caused by
  excess #includes in the mshyperv header"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/mshyperv: Remove excess #includes from mshyperv.h

Linux/linux 5f4b37darch/arm64/kernel vdso.c, drivers/clocksource arm_arch_timer.c cadence_ttc_timer.c

Merge branch 'timers-urgent-for-linus' of 
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull timer fixes from Thomas Gleixner:
 "A few fixes for timekeeping and timers:

   - Plug a subtle race due to a missing READ_ONCE() in the timekeeping
     code where reloading of a pointer results in an inconsistent
     callback argument being supplied to the clocksource->read function.

   - Correct the CLOCK_MONOTONIC_RAW sub-nanosecond accounting in the
     time keeping core code, to prevent a possible discontuity.

   - Apply a similar fix to the arm64 vdso clock_gettime()
     implementation

   - Add missing includes to clocksource drivers, which relied on
     indirect includes which fails in certain configs.

   - Use the proper iomem pointer for read/iounmap in a probe function"

* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  arm64/vdso: Fix nsec handling for CLOCK_MONOTONIC_RAW
  time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting
  time: Fix clock->read(clock) race around clocksource changes

    [2 lines not shown]

Linux/linux 35d8d5darch/x86/events/intel core.c, kernel/events ring_buffer.c

Merge branch 'perf-urgent-for-linus' of 
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull perf fixes from Thomas Gleixner:
 "Three fixlets for perf:

   - Return the proper error code if aux buffers for a event are not
     supported.

   - Calculate the probe offset for inlined functions correctly

   - Update the Skylake DTLB load/store miss event so it can count 1G
     TLB entries as well"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf probe: Fix probe definition for inlined functions
  perf/x86/intel: Add 1G DTLB load/store miss support for SKL
  perf/aux: Correct return code of rb_alloc_aux() if !has_aux(ev)

Linux/linux 1a8cca1drivers/irqchip irq-mips-gic.c

Merge branch 'irq-urgent-for-linus' of 
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull irq fix from Thomas Gleixner:
 "A single fix for the MIPS GIC to prevent ftrace recursion"

* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  irqchip/mips-gic: Mark count and compare accessors notrace

Linux/linux 412572bdrivers/input/misc soc_button_array.c, drivers/input/rmi4 rmi_f54.c

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input

Pull input fixes from Dmitry Torokhov:

 - a quirk to i8042 to ignore timeout bit on Lifebook AH544

 - a fixup to Synaptics RMI function 54 that was breaking some Dells

 - a fix for memory leak in soc_button_array driver

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: synaptics-rmi4 - only read the F54 query registers which are used
  Input: i8042 - add Fujitsu Lifebook AH544 to notimeout list
  Input: soc_button_array - fix leaking the ACPI button descriptor buffer

Linux/linux d5d5c18drivers/target target_core_tmr.c target_core_transport.c, drivers/target/iscsi iscsi_target.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending

Pull SCSI target fixes from Nicholas Bellinger:
 "Here are the target-pending fixes for v4.12-rc7 that have been queued
  up for the last 2 weeks. This includes:

   - Fix a TMR related kref underflow detected by the recent refcount_t
     conversion in upstream.

   - Fix a iscsi-target corner case during explicit connection logout
     timeout failure.

   - Address last fallout in iscsi-target immediate data handling from
     v4.4 target-core now allowing control CDB payload underflow"

* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
  iscsi-target: Reject immediate data underflow larger than SCSI transfer length
  iscsi-target: Fix delayed logout processing greater than SECONDS_FOR_LOGOUT_COMP
  target: Fix kref->refcount underflow in transport_cmd_finish_abort

Linux/linux bb9b8fd. Makefile, scripts Makefile.headersinst

Merge tag 'kbuild-fixes-v4.12-2' of 
git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

Pull Kbuild fixes from Masahiro Yamada:
 "Nothing scary, just some random fixes:

   - fix warnings of host programs

   - fix "make tags" when COMPILED_SOURCE=1 is specified along with O=

   - clarify help message of C=1 option

   - fix dependency for ncurses compatibility check

   - fix "make headers_install" for fakechroot environment"

* tag 'kbuild-fixes-v4.12-2' of 
git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
  kconfig: fix sparse warnings in nconfig
  kbuild: fix header installation under fakechroot environment
  kconfig: Check for libncurses before menuconfig
  Kbuild: tiny correction on `make help`
  tags: honor COMPILED_SOURCE with apart output directory
  genksyms: add printf format attribute to error_with_pos()

Linux/linux f65013dkernel signal.c

Merge branch 'for-linus' of 
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

Pull timer fix from Eric Biederman:
 "This fixes an issue of confusing injected signals with the signals
  from posix timers that has existed since posix timers have been in the
  kernel.

  This patch is slightly simpler than my earlier version of this patch
  as I discovered in testing that I had misspelled "#ifdef
  CONFIG_POSIX_TIMERS". So I deleted that unnecessary test and made
  setting of resched_timer uncondtional.

  I have tested this and verified that without this patch there is a
  nasty hang that is easy to trigger, and with this patch everything
  works properly"

Thomas Gleixner dixit:
 "It fixes the problem at hand and covers the ptrace case as well, which
  I missed.

  Reviewed-and-tested-by: Thomas Gleixner <tglx at linutronix.de>"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  signal: Only reschedule timers on signals timers have sent
DeltaFile
+14-6kernel/signal.c
+14-61 files

Linux/linux 26fcd95arch/x86/include/asm mshyperv.h

x86/mshyperv: Remove excess #includes from mshyperv.h

A recent commit included linux/slab.h in linux/irq.h. This breaks the build
of vdso32 on a 64-bit kernel.

The reason is that linux/irq.h gets included into the vdso code via
linux/interrupt.h which is included from asm/mshyperv.h. That makes the
32-bit vdso compile fail, because slab.h includes the pgtable headers for
64-bit on a 64-bit build.

Neither linux/clocksource.h nor linux/interrupt.h are needed in the
mshyperv.h header file itself - it has a dependency on <linux/atomic.h>.

Remove the includes and unbreak the build.

Reported-by: Ingo Molnar <mingo at kernel.org>
Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
Cc: K. Y. Srinivasan <kys at microsoft.com>
Cc: Linus Torvalds <torvalds at linux-foundation.org>
Cc: Peter Zijlstra <peterz at infradead.org>
Cc: Vitaly Kuznetsov <vkuznets at redhat.com>
Cc: devel at linuxdriverproject.org
Fixes: dee863b571b0 ("hv: export current Hyper-V clocksource")
Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1706231038460.2647 at nanos
Signed-off-by: Ingo Molnar <mingo at kernel.org>

Linux/linux 94a6df2arch/powerpc/kernel setup_64.c kprobes.c, arch/powerpc/kernel/trace ftrace_64_mprofile.S

Merge tag 'powerpc-4.12-7' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:
 "Some more powerpc fixes for 4.12. Most of these actually came in last
  week but got held up for some more testing.

   - three fixes for kprobes/ftrace/livepatch interactions.

   - properly handle data breakpoints when using the Radix MMU.

   - fix for perf sampling of registers during call_usermodehelper().

   - properly initialise the thread_info on our emergency stacks

   - add an explicit flush when doing TLB invalidations for a process
     using NPU2.

  Thanks to: Alistair Popple, Naveen N. Rao, Nicholas Piggin, Ravi
  Bangoria, Masami Hiramatsu"

* tag 'powerpc-4.12-7' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/64: Initialise thread_info for emergency stacks
  powerpc/powernv/npu-dma: Add explicit flush when sending an ATSD
  powerpc/perf: Fix oops when kthread execs user process
  powerpc/64s: Handle data breakpoints in Radix mode

    [3 lines not shown]

Linux/linux cd5545adrivers/acpi scan.c, include/acpi acpi_bus.h

Merge tag 'acpi-4.12-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull ACPI fix from Rafael Wysocki:
 "This fixes the ACPI-based enumeration of some I2C and SPI devices
  broken in 4.11.

  Specifics:

   - I2C and SPI devices are expected to be enumerated by the I2C and
     SPI subsystems, respectively, but due to a change made during the
     4.11 cycle, in some cases the ACPI core marks them as already
     enumerated which causes the I2C and SPI subsystems to overlook
     them, so fix that (Jarkko Nikula)"

* tag 'acpi-4.12-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPI / scan: Fix enumeration for special SPI and I2C devices

Linux/linux ba6cbdbdrivers/i2c/busses i2c-imx.c

Merge branch 'i2c/for-current-fixed' of 
git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux

Pull i2c fix from Wolfram Sang.

* 'i2c/for-current-fixed' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
  i2c: imx: Use correct function to write to register

Linux/linux 25b2398Documentation/devicetree/bindings/gpio gpio-mvebu.txt, drivers/gpio gpio-mvebu.c

Merge tag 'gpio-v4.12-3' of 
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio

Pull GPIO fix from Linus Walleij:
 "A single GPIO patch fixing the compatible string for the MVEBU PWM
  controller embedded in the GPIO controller before we release v4.12.
  Hopefully"

* tag 'gpio-v4.12-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
  gpio: mvebu: change compatible string for PWM support

Linux/linux 51c933fsound/core pcm_lib.c, sound/firewire amdtp-stream.c amdtp-stream.h

Merge tag 'sound-4.12-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "Nothing exciting here, just a few stable fixes:

   - suppress spurious kernel WARNING in PCM core

   - fix potential spin deadlock at error handling in firewire

   - HD-audio PCI ID addition / fixup"

* tag 'sound-4.12-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda - Apply quirks to Broxton-T, too
  ALSA: firewire-lib: Fix stall of process context at packet error
  ALSA: pcm: Don't treat NULL chmap as a fatal error
  ALSA: hda - Add Coffelake PCI ID

Linux/linux 311548fdrivers/gpu/drm drm_connector.c, drivers/gpu/drm/i915 i915_gem.c intel_ringbuffer.c

Merge tag 'drm-fixes-for-v4.12-rc7' of git://people.freedesktop.org/~airlied/linux

Pull drm fixes from Dave Airlie:
 "A varied bunch of fixes, one for an API regression with connectors.

  Otherwise amdgpu and i915 have a bunch of varied fixes, the shrinker
  ones being the most important"

* tag 'drm-fixes-for-v4.12-rc7' of git://people.freedesktop.org/~airlied/linux:
  drm: Fix GETCONNECTOR regression
  drm/radeon: add a quirk for Toshiba Satellite L20-183
  drm/radeon: add a PX quirk for another K53TK variant
  drm/amdgpu: adjust default display clock
  drm/amdgpu/atom: fix ps allocation size for EnableDispPowerGating
  drm/amdgpu: add Polaris12 DID
  drm/i915: Don't enable backlight at setup time.
  drm/i915: Plumb the correct acquire ctx into intel_crtc_disable_noatomic()
  drm/i915: Fix deadlock witha the pipe A quirk during resume
  drm/i915: Remove __GFP_NORETRY from our buffer allocator
  drm/i915: Encourage our shrinker more when our shmemfs allocations fails
  drm/i915: Differentiate between sw write location into ring and last hw read

Linux/linux 7139a06drivers/char random.c

Merge tag 'random_for_linus_stable' of 
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random

Pull random fixes from Ted Ts'o:
 "Fix some locking and gcc optimization issues from the most recent
  random_for_linus_stable pull request"

* tag 'random_for_linus_stable' of 
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
  random: silence compiler warnings and fix race

Linux/linux 7ec2f7edrivers/md dm-raid1.c dm-integrity.c

Merge tag 'for-4.12/dm-fixes-4' of 
git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fixes from Mike Snitzer:

 - a revert of a DM mirror commit that has proven to make the code prone
   to crash

 - a DM io reference count fix that resolves a NULL pointer seen when
   issuing discards to a DM mirror target's device whose mirror legs do
   not all support discards

 - a couple DM integrity fixes

* tag 'for-4.12/dm-fixes-4' of 
git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm io: fix duplicate bio completion due to missing ref count
  dm integrity: fix to not disable/enable interrupts from interrupt context
  Revert "dm mirror: use all available legs on multiple failures"
  dm integrity: reject mappings too large for device

Linux/linux 337c6bafs exec.c, fs/ocfs2 xattr.c dlmglue.c

Merge branch 'akpm' (patches from Andrew)

Merge misc fixes from Andrew Morton:
 "8 fixes"

* emailed patches from Andrew Morton <akpm at linux-foundation.org>:
  fs/exec.c: account for argv/envp pointers
  ocfs2: fix deadlock caused by recursive locking in xattr
  slub: make sysfs file removal asynchronous
  lib/cmdline.c: fix get_options() overflow while parsing ranges
  fs/dax.c: fix inefficiency in dax_writeback_mapping_range()
  autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL
  mm/vmalloc.c: huge-vmap: fail gracefully on unexpected huge vmap mappings
  mm, thp: remove cond_resched from __collapse_huge_page_copy

Linux/linux 98da7d0fs exec.c

fs/exec.c: account for argv/envp pointers

When limiting the argv/envp strings during exec to 1/4 of the stack limit,
the storage of the pointers to the strings was not included.  This means
that an exec with huge numbers of tiny strings could eat 1/4 of the stack
limit in strings and then additional space would be later used by the
pointers to the strings.

For example, on 32-bit with a 8MB stack rlimit, an exec with 1677721
single-byte strings would consume less than 2MB of stack, the max (8MB /
4) amount allowed, but the pointers to the strings would consume the
remaining additional stack space (1677721 * 4 == 6710884).

The result (1677721 + 6710884 == 8388605) would exhaust stack space
entirely.  Controlling this stack exhaustion could result in
pathological behavior in setuid binaries (CVE-2017-1000365).

[akpm at linux-foundation.org: additional commenting from Kees]
Fixes: b6a2fea39318 ("mm: variable length argument support")
Link: http://lkml.kernel.org/r/20170622001720.GA32173 at beast
Signed-off-by: Kees Cook <keescook at chromium.org>
Acked-by: Rik van Riel <riel at redhat.com>
Acked-by: Michal Hocko <mhocko at suse.com>
Cc: Alexander Viro <viro at zeniv.linux.org.uk>
Cc: Qualys Security Advisory <qsa at qualys.com>

    [3 lines not shown]
DeltaFile
+24-4fs/exec.c
+24-41 files

Linux/linux c891d9fmm khugepaged.c

mm, thp: remove cond_resched from __collapse_huge_page_copy

This is a partial revert of commit 338a16ba1549 ("mm, thp: copying user
pages must schedule on collapse") which added a cond_resched() to
__collapse_huge_page_copy().

On x86 with CONFIG_HIGHPTE, __collapse_huge_page_copy is called in
atomic context and thus scheduling is not possible.  This is only a
possible config on arm and i386.

Although need_resched has been shown to be set for over 100 jiffies
while doing the iteration in __collapse_huge_page_copy, this is better
than doing

        if (in_atomic())
               cond_resched()

to cover only non-CONFIG_HIGHPTE configs.

Link: 
http://lkml.kernel.org/r/alpine.DEB.2.10.1706191341550.97821 at chino.kir.corp.google.com
Signed-off-by: David Rientjes <rientjes at google.com>
Reported-by: Larry Finger <Larry.Finger at lwfinger.net>
Tested-by: Larry Finger <Larry.Finger at lwfinger.net>
Acked-by: Michal Hocko <mhocko at suse.com>

    [3 lines not shown]
DeltaFile
+0-1mm/khugepaged.c
+0-11 files

Linux/linux 8818efafs/ocfs2 xattr.c dlmglue.c

ocfs2: fix deadlock caused by recursive locking in xattr

Another deadlock path caused by recursive locking is reported.  This
kind of issue was introduced since commit 743b5f1434f5 ("ocfs2: take
inode lock in ocfs2_iop_set/get_acl()").  Two deadlock paths have been
fixed by commit b891fa5024a9 ("ocfs2: fix deadlock issue when taking
inode lock at vfs entry points").  Yes, we intend to fix this kind of
case in incremental way, because it's hard to find out all possible
paths at once.

This one can be reproduced like this.  On node1, cp a large file from
home directory to ocfs2 mountpoint.  While on node2, run
setfacl/getfacl.  Both nodes will hang up there.  The backtraces:

On node1:
  __ocfs2_cluster_lock.isra.39+0x357/0x740 [ocfs2]
  ocfs2_inode_lock_full_nested+0x17d/0x840 [ocfs2]
  ocfs2_write_begin+0x43/0x1a0 [ocfs2]
  generic_perform_write+0xa9/0x180
  __generic_file_write_iter+0x1aa/0x1d0
  ocfs2_file_write_iter+0x4f4/0xb40 [ocfs2]
  __vfs_write+0xc3/0x130
  vfs_write+0xb1/0x1a0
  SyS_write+0x46/0xa0


    [30 lines not shown]

Linux/linux a91e0f6lib cmdline.c

lib/cmdline.c: fix get_options() overflow while parsing ranges

When using get_options() it's possible to specify a range of numbers,
like 1-100500.  The problem is that it doesn't track array size while
calling internally to get_range() which iterates over the range and
fills the memory with numbers.

Link: http://lkml.kernel.org/r/2613C75C-B04D-4BFF-82A6-12F97BA0F620 at gmail.com
Signed-off-by: Ilya V. Matveychikov <matvejchikov at gmail.com>
Cc: Jonathan Corbet <corbet at lwn.net>
Cc: <stable at vger.kernel.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
DeltaFile
+3-3lib/cmdline.c
+3-31 files

Linux/linux 9fa4eb8fs/autofs4 dev-ioctl.c

autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL

If a positive status is passed with the AUTOFS_DEV_IOCTL_FAIL ioctl,
autofs4_d_automount() will return

   ERR_PTR(status)

with that status to follow_automount(), which will then dereference an
invalid pointer.

So treat a positive status the same as zero, and map to ENOENT.

See comment in systemd src/core/automount.c::automount_send_ready().

Link: http://lkml.kernel.org/r/871sqwczx5.fsf at notabene.neil.brown.name
Signed-off-by: NeilBrown <neilb at suse.com>
Cc: Ian Kent <raven at themaw.net>
Cc: <stable at vger.kernel.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>

Linux/linux 3b7b314include/linux slub_def.h, mm slub.c

slub: make sysfs file removal asynchronous

Commit bf5eb3de3847 ("slub: separate out sysfs_slab_release() from
sysfs_slab_remove()") made slub sysfs file removals synchronous to
kmem_cache shutdown.

Unfortunately, this created a possible ABBA deadlock between slab_mutex
and sysfs draining mechanism triggering the following lockdep warning.

  ======================================================
  [ INFO: possible circular locking dependency detected ]
  4.10.0-test+ #48 Not tainted
  -------------------------------------------------------
  rmmod/1211 is trying to acquire lock:
   (s_active#120){++++.+}, at: [<ffffffff81308073>] kernfs_remove+0x23/0x40

  but task is already holding lock:
   (slab_mutex){+.+.+.}, at: [<ffffffff8120f691>] kmem_cache_destroy+0x41/0x2d0

  which lock already depends on the new lock.

  the existing dependency chain (in reverse order) is:

  -> #1 (slab_mutex){+.+.+.}:
         lock_acquire+0xf6/0x1f0

    [81 lines not shown]

Linux/linux 1eb643dfs dax.c

fs/dax.c: fix inefficiency in dax_writeback_mapping_range()

dax_writeback_mapping_range() fails to update iteration index when
searching radix tree for entries needing cache flushing.  Thus each
pagevec worth of entries is searched starting from the start which is
inefficient and prone to livelocks.  Update index properly.

Link: http://lkml.kernel.org/r/20170619124531.21491-1-jack at suse.cz
Fixes: 9973c98ecfda3 ("dax: add support for fsync/sync")
Signed-off-by: Jan Kara <jack at suse.cz>
Reviewed-by: Ross Zwisler <ross.zwisler at linux.intel.com>
Cc: Dan Williams <dan.j.williams at intel.com>
Cc: <stable at vger.kernel.org>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
DeltaFile
+1-0fs/dax.c
+1-01 files

Linux/linux 029c54bmm vmalloc.c

mm/vmalloc.c: huge-vmap: fail gracefully on unexpected huge vmap mappings

Existing code that uses vmalloc_to_page() may assume that any address
for which is_vmalloc_addr() returns true may be passed into
vmalloc_to_page() to retrieve the associated struct page.

This is not un unreasonable assumption to make, but on architectures
that have CONFIG_HAVE_ARCH_HUGE_VMAP=y, it no longer holds, and we need
to ensure that vmalloc_to_page() does not go off into the weeds trying
to dereference huge PUDs or PMDs as table entries.

Given that vmalloc() and vmap() themselves never create huge mappings or
deal with compound pages at all, there is no correct answer in this
case, so return NULL instead, and issue a warning.

When reading /proc/kcore on arm64, you will hit an oops as soon as you
hit the huge mappings used for the various segments that make up the
mapping of vmlinux.  With this patch applied, you will no longer hit the
oops, but the kcore contents willl be incorrect (these regions will be
zeroed out)

We are fixing this for kcore specifically, so it avoids vread() for
those regions.  At least one other problematic user exists, i.e.,
/dev/kmem, but that is currently broken on arm64 for other reasons.


    [9 lines not shown]
DeltaFile
+13-2mm/vmalloc.c
+13-21 files

Linux/linux 2592d2edrivers/scsi/qedi qedi_main.c qedi_fw.c

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "Two fixes to remove spurious WARN_ONs from the new(ish) qedi driver.

  The driver already prints a warning message, there's no need to panic
  users by printing something that looks like an oops as well"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: qedi: Remove WARN_ON from clear task context.
  scsi: qedi: Remove WARN_ON for untracked cleanup.

Linux/linux 7b249bdfs/xfs xfs_aops.c

Merge tag 'xfs-4.12-fixes-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux

Pull xfs fixes from Darrick Wong:
 "I have one more bugfix for you for 4.12-rc7 to fix a disk corruption
  problem:

   - don't allow swapon on files on the realtime device, because the
     swap code will swap pages out to blocks on the data device, thereby
     corrupting the filesystem"

* tag 'xfs-4.12-fixes-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
  xfs: don't allow bmap on rt files
DeltaFile
+5-2fs/xfs/xfs_aops.c
+5-21 files

Linux/linux 977282etools/perf/util probe-event.c

Merge tag 'perf-urgent-for-mingo-4.12-20170622' of 
git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent

Pull 'perf probe' fix from Arnaldo Carvalho de Melo:

 - Do not double the offset of inline expansions when using
   'perf probe' on inlined functions (Björn Töpel)

Signed-off-by: Arnaldo Carvalho de Melo <acme at redhat.com>
Signed-off-by: Ingo Molnar <mingo at kernel.org>

Linux/linux 9768935drivers/input/rmi4 rmi_f54.c

Input: synaptics-rmi4 - only read the F54 query registers which are used

The F54 driver is currently only using the first 6 bytes of F54 so there is
no need to read all 27 bytes. Some Dell systems (Dell XP13 9333 and
similar) have an issue with the touchpad or I2C bus when reading reports
larger then 16 bytes. Reads larger then 16 bytes are reported in two HID
reports. Something about the back to back reports seems to cause the next
read to report incorrect data. This results in F30 failing to load and the
click button failing to work.

Previous issues with the I2C controller or touchpad were addressed in:
commit 5b65c2a02966 ("HID: rmi: check sanity of the incoming report")

Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=195949
Signed-off-by: Andrew Duggan <aduggan at synaptics.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires at redhat.com>
Reviewed-by: Nick Dyer <nick at shmanahar.org>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov at gmail.com>

Linux/linux 34f19ffarch/powerpc/kernel setup_64.c

powerpc/64: Initialise thread_info for emergency stacks

Emergency stacks have their thread_info mostly uninitialised, which in
particular means garbage preempt_count values.

Emergency stack code runs with interrupts disabled entirely, and is
used very rarely, so this has been unnoticed so far. It was found by a
proposed new powerpc watchdog that takes a soft-NMI directly from the
masked_interrupt handler and using the emergency stack. That crashed
at BUG_ON(in_nmi()) in nmi_enter(). preempt_count()s were found to be
garbage.

To fix this, zero the entire THREAD_SIZE allocation, and initialize
the thread_info.

Cc: stable at vger.kernel.org
Reported-by: Abdul Haleem <abdhalee at linux.vnet.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin at gmail.com>
[mpe: Move it all into setup_64.c, use a function not a macro. Fix
      crashes on Cell by setting preempt_count to 0 not HARDIRQ_OFFSET]
Signed-off-by: Michael Ellerman <mpe at ellerman.id.au>

Linux/linux 33ce756drivers/gpu/drm drm_connector.c

Merge tag 'drm-misc-fixes-2017-06-22' of git://anongit.freedesktop.org/git/drm-misc into 
drm-fixes

UAPI Changes:
- drm: Fix regression in GETCONNECTOR ioctl returning stale properties (Daniel)

Cc: Daniel Vetter <daniel.vetter at ffwll.ch>

* tag 'drm-misc-fixes-2017-06-22' of git://anongit.freedesktop.org/git/drm-misc:
  drm: Fix GETCONNECTOR regression

Linux/linux ad81810scripts/kconfig nconf.c nconf.gui.c

kconfig: fix sparse warnings in nconfig

Fix sparse warnings in scripts/kconfig/nconf* ('make nconfig'):

../scripts/kconfig/nconf.c:1071:32: warning: Using plain integer as NULL pointer
../scripts/kconfig/nconf.c:1238:30: warning: Using plain integer as NULL pointer
../scripts/kconfig/nconf.c:511:51: warning: Using plain integer as NULL pointer
../scripts/kconfig/nconf.c:1460:6: warning: symbol 'setup_windows' was not declared. 
Should it be static?
../scripts/kconfig/nconf.c:274:12: warning: symbol 'current_instructions' was not 
declared. Should it be static?
../scripts/kconfig/nconf.c:308:22: warning: symbol 'function_keys' was not declared. 
Should it be static?
../scripts/kconfig/nconf.gui.c:132:17: warning: non-ANSI function declaration of function 
'set_colors'
../scripts/kconfig/nconf.gui.c:195:24: warning: Using plain integer as NULL pointer

nconf.gui.o before/after files are the same.
nconf.o before/after files are the same until the 'static' function
declarations are added.

Signed-off-by: Randy Dunlap <rdunlap at infradead.org>
Signed-off-by: Masahiro Yamada <yamada.masahiro at socionext.com>

Linux/linux 7598f8btools/perf/util probe-event.c

perf probe: Fix probe definition for inlined functions

In commit 613f050d68a8 ("perf probe: Fix to probe on gcc generated
functions in modules"), the offset from symbol is, incorrectly, added
to the trace point address. This leads to incorrect probe trace points
for inlined functions and when using relative line number on symbols.

Prior this patch:
  $ perf probe -m nf_nat -D in_range
  p:probe/in_range nf_nat:in_range.isra.9+0
  $ perf probe -m i40e -D i40e_clean_rx_irq
  p:probe/i40e_clean_rx_irq i40e:i40e_napi_poll+2212
  $ perf probe -m i40e -D i40e_clean_rx_irq:16
  p:probe/i40e_clean_rx_irq i40e:i40e_lan_xmit_frame+626

After:
  $ perf probe -m nf_nat -D in_range
  p:probe/in_range nf_nat:in_range.isra.9+0
  $ perf probe -m i40e -D i40e_clean_rx_irq
  p:probe/i40e_clean_rx_irq i40e:i40e_napi_poll+1106
  $ perf probe -m i40e -D i40e_clean_rx_irq:16
  p:probe/i40e_clean_rx_irq i40e:i40e_napi_poll+2665

Committer testing:


    [117 lines not shown]

Linux/linux a38371cfs/cifs smb1ops.c smb2ops.c

Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6

Pull cifs fixes from Steve French:
 "Various small fixes for stable"

* 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
  CIFS: Fix some return values in case of error in 'crypt_message'
  cifs: remove redundant return in cifs_creation_time_get
  CIFS: Improve readdir verbosity
  CIFS: check if pages is null rather than bv for a failed allocation
  CIFS: Set ->should_dirty in cifs_user_readv()

Linux/linux 3f7ba7earch/mips/kvm tlb.c, arch/powerpc/kvm book3s_hv_rmhandlers.S book3s_hv.c

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Radim Krčmář:
 "MIPS:
   - Fix build with KVM, DYNAMIC_DEBUG and JUMP_LABEL.

  PPC:
   - Fix host crashes/hangs on POWER9.
   - Properly restore userspace state after KVM_RUN ioctl.

  s390:
   - Fix address translation in odd-ball cases (real-space designation
     ASCEs).

  x86:
   - Fix privilege escalation in 64-bit Windows guests

  All patches are for stable and the x86 also has a CVE"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: x86: fix singlestepping over syscall
  KVM: s390: gaccess: fix real-space designation asce handling for gmap shadows
  KVM: MIPS: Fix maybe-uninitialized build failure
  KVM: PPC: Book3S HV: Ignore timebase offset on POWER9 DD1
  KVM: PPC: Book3S HV: Save/restore host values of debug registers

    [4 lines not shown]

Linux/linux 4f92f0eDocumentation/devicetree/bindings/mfd stm32-timers.txt, drivers/mfd arizona-core.c

Merge tag 'mfd-fixes-4.12' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd

Pull MFD fixes from Lee Jones:

 - arizona: use address passed in, rather than hard coded value

 - correct STM32 clock-names value in DT binding documentation

* tag 'mfd-fixes-4.12' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd:
  dt-bindings: mfd: Update STM32 timers clock names
  mfd: arizona: Fix typo using hard-coded register

Linux/linux c8401ddarch/x86/include/asm kvm_emulate.h, arch/x86/kvm x86.c emulate.c

KVM: x86: fix singlestepping over syscall

TF is handled a bit differently for syscall and sysret, compared
to the other instructions: TF is checked after the instruction completes,
so that the OS can disable #DB at a syscall by adding TF to FMASK.
When the sysret is executed the #DB is taken "as if" the syscall insn
just completed.

KVM emulates syscall so that it can trap 32-bit syscall on Intel processors.
Fix the behavior, otherwise you could get #DB on a user stack which is not
nice.  This does not affect Linux guests, as they use an IST or task gate
for #DB.

This fixes CVE-2017-7518.

Cc: stable at vger.kernel.org
Reported-by: Andy Lutomirski <luto at kernel.org>
Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar at redhat.com>

Linux/linux d6aa07carch/s390/kvm gaccess.c

Merge tag 'kvm-s390-master-4.12-2' of 
git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux

KVM: s390: fix shadow table handling for nested guests

Some odd-ball cases (real-space designation ASCEs) are handled wrong
for the shadow page tables. Fix it.

Linux/linux bbd5ff5arch/powerpc/platforms/powernv npu-dma.c

powerpc/powernv/npu-dma: Add explicit flush when sending an ATSD

NPU2 requires an extra explicit flush to an active GPU PID when
sending address translation shoot downs (ATSDs) to reliably flush the
GPU TLB. This patch adds just such a flush at the end of each sequence
of ATSDs.

We can safely use PID 0 which is always reserved and active on the
GPU. PID 0 is only used for init_mm which will never be a user mm on
the GPU. To enforce this we add a check in pnv_npu2_init_context()
just in case someone tries to use PID 0 on the GPU.

Signed-off-by: Alistair Popple <alistair at popple.id.au>
[mpe: Use true/false for bool literals]
Signed-off-by: Michael Ellerman <mpe at ellerman.id.au>

Linux/linux addb63carch/s390/kvm gaccess.c

KVM: s390: gaccess: fix real-space designation asce handling for gmap shadows

For real-space designation asces the asce origin part is only a token.
The asce token origin must not be used to generate an effective
address for storage references. This however is erroneously done
within kvm_s390_shadow_tables().

Furthermore within the same function the wrong parts of virtual
addresses are used to generate a corresponding real address
(e.g. the region second index is used as region first index).

Both of the above can result in incorrect address translations. Only
for real space designations with a token origin of zero and addresses
below one megabyte the translation was correct.

Furthermore replace a "!asce.r" statement with a "!*fake" statement to
make it more obvious that a specific condition has nothing to do with
the architecture, but with the fake handling of real space designations.

Fixes: 3218f7094b6b ("s390/mm: support real-space for gmap shadows")
Cc: David Hildenbrand <david at redhat.com>
Cc: stable at vger.kernel.org
Signed-off-by: Heiko Carstens <heiko.carstens at de.ibm.com>
Reviewed-by: Martin Schwidefsky <schwidefsky at de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger at de.ibm.com>

Linux/linux fb3a505arch/x86/events/intel core.c

perf/x86/intel: Add 1G DTLB load/store miss support for SKL

Current DTLB load/store miss events (0x608/0x649) only counts 4K,2M and
4M page size.
Need to extend the events to support any page size (4K/2M/4M/1G).

The complete DTLB load/store miss events are:

  DTLB_LOAD_MISSES.WALK_COMPLETED              0xe08
  DTLB_STORE_MISSES.WALK_COMPLETED             0xe49

Signed-off-by: Kan Liang <Kan.liang at intel.com>
Cc: <stable at vger.kernel.org>
Cc: Alexander Shishkin <alexander.shishkin at linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme at redhat.com>
Cc: Jiri Olsa <jolsa at redhat.com>
Cc: Linus Torvalds <torvalds at linux-foundation.org>
Cc: Peter Zijlstra <peterz at infradead.org>
Cc: Thomas Gleixner <tglx at linutronix.de>
Cc: eranian at google.com
Link: http://lkml.kernel.org/r/20170619142609.11058-1-kan.liang at intel.com
Signed-off-by: Ingo Molnar <mingo at kernel.org>

Linux/linux 6c782a5drivers/i2c/busses i2c-imx.c

i2c: imx: Use correct function to write to register

The i2c-imx driver incorrectly uses readb()/writeb() to read and
write to the appropriate registers when performing a repeated start.
The appropriate imx_i2c_read_reg()/imx_i2c_write_reg() functions
should be used instead. Performing a repeated start results in
a kernel panic. The platform is imx.

Signed-off-by: Michail G Etairidis <m.etairidis at beck-ipc.com>
Fixes: ce1a78840ff7 ("i2c: imx: add DMA support for freescale i2c driver")
Fixes: 054b62d9f25c ("i2c: imx: fix the i2c bus hang issue when do repeat restart")
Acked-by: Fugang Duan <fugang.duan at nxp.com>
Acked-by: Uwe Kleine-König <u.kleine-koenig at pengutronix.de>
Signed-off-by: Wolfram Sang <wsa at the-dreams.de>

Linux/linux 8d829b9block blk-mq-sched.c blk-mq.c, drivers/block/xen-blkback common.h blkback.c

Merge branch 'for-linus' of git://git.kernel.dk/linux-block

Pull block fixes from Jens Axboe:
 "This contains a set of fixes for xen-blkback by way of Konrad, and a
  performance regression fix for blk-mq for shared tags.

  The latter could account for as much as a 50x reduction in
  performance, with the test case from the user with 500 name spaces. A
  more realistic setup on my end with 32 drives showed a 3.5x drop. The
  fix has been thoroughly tested before being committed"

* 'for-linus' of git://git.kernel.dk/linux-block:
  blk-mq: fix performance regression with shared tags
  xen-blkback: don't leak stack data via response ring
  xen/blkback: don't use xen_blkif_get() in xen-blkback kthread
  xen/blkback: don't free be structure too early
  xen/blkback: fix disconnect while I/Os in flight

Linux/linux eb5e248fs/xfs xfs_aops.c

xfs: don't allow bmap on rt files

bmap returns a dumb LBA address but not the block device that goes with
that LBA.  Swapfiles don't care about this and will blindly assume that
the data volume is the correct blockdev, which is totally bogus for
files on the rt subvolume.  This results in the swap code doing IOs to
arbitrary locations on the data device(!) if the passed in mapping is a
realtime file, so just turn off bmap for rt files.

Signed-off-by: Darrick J. Wong <darrick.wong at oracle.com>
Reviewed-by: Christoph Hellwig <hch at lst.de>
DeltaFile
+5-2fs/xfs/xfs_aops.c
+5-21 files

Linux/linux 2f263d1scripts Makefile.headersinst

kbuild: fix header installation under fakechroot environment

Since commit fcc8487d477a ("uapi: export all headers under uapi
directories") fakechroot make bindeb-pkg fails, mismatching files for
directories:
touch: cannot touch 'usr/include/video/uvesafb.h/.install': Not a
directory

This due to a bug in fakechroot:
when using the function $(wildcard $(srcdir)/*/.) in a makefile, under a
fakechroot environment, not only directories but also files are
returned.

To circumvent that, we are using the functions:
$(sort $(dir $(wildcard $(srcdir)/*/))))

Fixes: fcc8487d477a ("uapi: export all headers under uapi directories")
Signed-off-by: Richard Genoud <richard.genoud at gmail.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro at socionext.com>