The pointer fs_ns is assigned from inode->i_ib->s_user_ns before
a null pointer check on inode, hence if inode is actually null we
will get a null pointer dereference on this assignment. Fix this
by only dereferencing inode after the null pointer check on
inode.

Detected by CoverityScan CID#1455328 ("Dereference before null check")

Fixes: 8db6c34f ("Introduce v3 namespaced file capabilities")
Signed-off-by: NColin Ian King <colin.king@canonical.com>
Cc: stable@vger.kernel.org
Acked-by: NSerge Hallyn <serge@hallyn.com>
Signed-off-by: NJames Morris <james.l.morris@oracle.com>

Pull xfs fixes from Darrick Wong:

 - fix some more CONFIG_XFS_RT related build problems

 - fix data loss when writeback at eof races eofblocks gc and loses

 - invalidate page cache after fs finishes a dio write

 - remove dirty page state when invalidating pages so releasepage does
   the right thing when handed a dirty page

* tag 'xfs-4.14-fixes-6' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
  xfs: move two more RT specific functions into CONFIG_XFS_RT
  xfs: trim writepage mapping to within eof
  fs: invalidate page cache after end_io() in dio completion
  xfs: cancel dirty pages on invalidation

Pull block fixes from Jens Axboe:
 "Three small fixes:

   - A fix for skd, it was using kfree() to free a structure allocate
     with kmem_cache_alloc().

   - Stable fix for nbd, fixing a regression using the normal ioctl
     based tools.

   - Fix for a previous fix in this series, that fixed up
     inconsistencies between buffered and direct IO"

* 'for-linus' of git://git.kernel.dk/linux-block:
  fs: Avoid invalidation in interrupt context in dio_complete()
  nbd: don't set the device size until we're connected
  skd: Use kmem_cache_free

Merge tag 'enforcement-4.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

Pull enforcement policy update from Greg KH:
 "Documentation: Add a file explaining the requested Linux kernel
  license enforcement policy

  Here's a new file to the kernel's Documentation directory. It adds a
  short document describing the views of how the Linux kernel community
  feels about enforcing the license of the kernel.

  The patch has been reviewed by a large number of kernel developers
  already, as seen by their acks on the patch, and their agreement of
  the statement with their names on it. The location of the file was
  also agreed upon by the Documentation maintainer, so all should be
  good there.

  For some background information about this statement, see this article
  written by some of the kernel developers involved in drafting it:

	http://kroah.com/log/blog/2017/10/16/linux-kernel-community-enforcement-statement/

  and this article that answers a number of questions that came up in
  the discussion of this statement with the kernel developer community:

	http://kroah.com/log/blog/2017/10/16/linux-kernel-community-enforcement-statement-faq/

  If anyone has any further questions about it, please let me, and the
  TAB members, know and we will be glad to help answer them"

* tag 'enforcement-4.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
  Documentation: Add a file explaining the Linux kernel license enforcement policy

Pull s390 fixes from Martin Schwidefsky:
 "Two bug fixes:

   - A fix for cputime accounting vs CPU hotplug

   - Add two options to zfcpdump_defconfig to make SCSI dump work again"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390: fix zfcpdump-config
  s390/cputime: fix guest/irq/softirq times after CPU hotplug

Pull tracing fix from Steven Rostedt:
 "Testing a new trace event format, I triggered a bug by doing:

    # modprobe trace-events-sample
    # echo 1 > /sys/kernel/debug/tracing/events/sample-trace/enable
    # rmmod trace-events-sample

  This would cause an oops. The issue is that I added another trace
  event sample that reused a reg function of another trace event to
  create a thread to call the tracepoints. The problem was that the reg
  function couldn't handle nested calls (reg; reg; unreg; unreg;) and
  created two threads (instead of one) and only removed one on exit.

  This isn't a critical bug as the bug is only in sample code. But
  sample code should be free of known bugs to prevent others from
  copying it. This is why this is also marked for stable"

* tag 'trace-v4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  tracing/samples: Fix creation and deletion of simple_thread_fn creation

The ASN.1 parser does not necessarily set the sinfo field,
this patch prevents a NULL pointer dereference on broken
input.

Fixes: 99db4435 ("PKCS#7: Appropriately restrict authenticated attributes and content type")
Signed-off-by: NEric Sesterhenn <eric.sesterhenn@x41-dsec.de>
Signed-off-by: NDavid Howells <dhowells@redhat.com>
cc: stable@vger.kernel.org # 4.3+

In proc_keys_show(), the key semaphore is not held, so the key ->flags
and ->expiry can be changed concurrently.  We therefore should read them
atomically just once.
Signed-off-by: NEric Biggers <ebiggers@google.com>
Signed-off-by: NDavid Howells <dhowells@redhat.com>

Similar to the case for key_validate(), we should load the key ->expiry
once atomically in keyring_search_iterator(), since it can be changed
concurrently with the flags whenever the key semaphore isn't held.
Signed-off-by: NEric Biggers <ebiggers@google.com>
Signed-off-by: NDavid Howells <dhowells@redhat.com>

In key_validate(), load the flags and expiry time once atomically, since
these can change concurrently if key_validate() is called without the
key semaphore held.  And we don't want to get inconsistent results if a
variable is referenced multiple times.  For example, key->expiry was
referenced in both 'if (key->expiry)' and in 'if (now.tv_sec >=
key->expiry)', making it theoretically possible to see a spurious
EKEYEXPIRED while the expiration time was being removed, i.e. set to 0.
Signed-off-by: NEric Biggers <ebiggers@google.com>
Signed-off-by: NDavid Howells <dhowells@redhat.com>

Currently, when passed a key that already exists, add_key() will call the
key's ->update() method if such exists.  But this is heavily broken in the
case where the key is uninstantiated because it doesn't call
__key_instantiate_and_link().  Consequently, it doesn't do most of the
things that are supposed to happen when the key is instantiated, such as
setting the instantiation state, clearing KEY_FLAG_USER_CONSTRUCT and
awakening tasks waiting on it, and incrementing key->user->nikeys.

It also never takes key_construction_mutex, which means that
->instantiate() can run concurrently with ->update() on the same key.  In
the case of the "user" and "logon" key types this causes a memory leak, at
best.  Maybe even worse, the ->update() methods of the "encrypted" and
"trusted" key types actually just dereference a NULL pointer when passed an
uninstantiated key.

Change key_create_or_update() to wait interruptibly for the key to finish
construction before continuing.

This patch only affects *uninstantiated* keys.  For now we still allow a
negatively instantiated key to be updated (thereby positively
instantiating it), although that's broken too (the next patch fixes it)
and I'm not sure that anyone actually uses that functionality either.

Here is a simple reproducer for the bug using the "encrypted" key type
(requires CONFIG_ENCRYPTED_KEYS=y), though as noted above the bug
pertained to more than just the "encrypted" key type:

    #include <stdlib.h>
    #include <unistd.h>
    #include <keyutils.h>

    int main(void)
    {
        int ringid = keyctl_join_session_keyring(NULL);

        if (fork()) {
            for (;;) {
                const char payload[] = "update user:foo 32";

                usleep(rand() % 10000);
                add_key("encrypted", "desc", payload, sizeof(payload), ringid);
                keyctl_clear(ringid);
            }
        } else {
            for (;;)
                request_key("encrypted", "desc", "callout_info", ringid);
        }
    }

It causes:

    BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
    IP: encrypted_update+0xb0/0x170
    PGD 7a178067 P4D 7a178067 PUD 77269067 PMD 0
    PREEMPT SMP
    CPU: 0 PID: 340 Comm: reproduce Tainted: G      D         4.14.0-rc1-00025-g428490e3 #796
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
    task: ffff8a467a39a340 task.stack: ffffb15c40770000
    RIP: 0010:encrypted_update+0xb0/0x170
    RSP: 0018:ffffb15c40773de8 EFLAGS: 00010246
    RAX: 0000000000000000 RBX: ffff8a467a275b00 RCX: 0000000000000000
    RDX: 0000000000000005 RSI: ffff8a467a275b14 RDI: ffffffffb742f303
    RBP: ffffb15c40773e20 R08: 0000000000000000 R09: ffff8a467a275b17
    R10: 0000000000000020 R11: 0000000000000000 R12: 0000000000000000
    R13: 0000000000000000 R14: ffff8a4677057180 R15: ffff8a467a275b0f
    FS:  00007f5d7fb08700(0000) GS:ffff8a467f200000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 0000000000000018 CR3: 0000000077262005 CR4: 00000000001606f0
    Call Trace:
     key_create_or_update+0x2bc/0x460
     SyS_add_key+0x10c/0x1d0
     entry_SYSCALL_64_fastpath+0x1f/0xbe
    RIP: 0033:0x7f5d7f211259
    RSP: 002b:00007ffed03904c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
    RAX: ffffffffffffffda RBX: 000000003b2a7955 RCX: 00007f5d7f211259
    RDX: 00000000004009e4 RSI: 00000000004009ff RDI: 0000000000400a04
    RBP: 0000000068db8bad R08: 000000003b2a7955 R09: 0000000000000004
    R10: 000000000000001a R11: 0000000000000246 R12: 0000000000400868
    R13: 00007ffed03905d0 R14: 0000000000000000 R15: 0000000000000000
    Code: 77 28 e8 64 34 1f 00 45 31 c0 31 c9 48 8d 55 c8 48 89 df 48 8d 75 d0 e8 ff f9 ff ff 85 c0 41 89 c4 0f 88 84 00 00 00 4c 8b 7d c8 <49> 8b 75 18 4c 89 ff e8 24 f8 ff ff 85 c0 41 89 c4 78 6d 49 8b
    RIP: encrypted_update+0xb0/0x170 RSP: ffffb15c40773de8
    CR2: 0000000000000018

Cc: <stable@vger.kernel.org> # v2.6.12+
Reported-by: NEric Biggers <ebiggers@google.com>
Signed-off-by: NDavid Howells <dhowells@redhat.com>
cc: Eric Biggers <ebiggers@google.com>

Consolidate KEY_FLAG_INSTANTIATED, KEY_FLAG_NEGATIVE and the rejection
error into one field such that:

 (1) The instantiation state can be modified/read atomically.

 (2) The error can be accessed atomically with the state.

 (3) The error isn't stored unioned with the payload pointers.

This deals with the problem that the state is spread over three different
objects (two bits and a separate variable) and reading or updating them
atomically isn't practical, given that not only can uninstantiated keys
change into instantiated or rejected keys, but rejected keys can also turn
into instantiated keys - and someone accessing the key might not be using
any locking.

The main side effect of this problem is that what was held in the payload
may change, depending on the state.  For instance, you might observe the
key to be in the rejected state.  You then read the cached error, but if
the key semaphore wasn't locked, the key might've become instantiated
between the two reads - and you might now have something in hand that isn't
actually an error code.

The state is now KEY_IS_UNINSTANTIATED, KEY_IS_POSITIVE or a negative error
code if the key is negatively instantiated.  The key_is_instantiated()
function is replaced with key_is_positive() to avoid confusion as negative
keys are also 'instantiated'.

Additionally, barriering is included:

 (1) Order payload-set before state-set during instantiation.

 (2) Order state-read before payload-read when using the key.

Further separate barriering is necessary if RCU is being used to access the
payload content after reading the payload pointers.

Fixes: 146aa8b1 ("KEYS: Merge the type-specific data with the payload data")
Cc: stable@vger.kernel.org # v4.4+
Reported-by: NEric Biggers <ebiggers@google.com>
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Reviewed-by: NEric Biggers <ebiggers@google.com>

For finding asymmetric key, the input id_0 and id_1 parameters can
not be NULL at the same time. This patch adds the BUG_ON checking
for id_0 and id_1.

Cc: David Howells <dhowells@redhat.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: NChun-Yi Lee <jlee@suse.com>
Signed-off-by: NDavid Howells <dhowells@redhat.com>

Fix the wrong index number when checking the existence of second
id in function of finding asymmetric key. The id_1 is the second
id that the index in array must be 1 but not 0.

Fixes: 9eb02989 (KEYS: Generalise x509_request_asymmetric_key())
Cc: David Howells <dhowells@redhat.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: NChun-Yi Lee <jlee@suse.com>
Signed-off-by: NDavid Howells <dhowells@redhat.com>

The recent rework introduced a possible randconfig build failure
when CONFIG_CRYPTO configured to only allow modules:

security/keys/big_key.o: In function `big_key_crypt':
big_key.c:(.text+0x29f): undefined reference to `crypto_aead_setkey'
security/keys/big_key.o: In function `big_key_init':
big_key.c:(.init.text+0x1a): undefined reference to `crypto_alloc_aead'
big_key.c:(.init.text+0x45): undefined reference to `crypto_aead_setauthsize'
big_key.c:(.init.text+0x77): undefined reference to `crypto_destroy_tfm'
crypto/gcm.o: In function `gcm_hash_crypt_remain_continue':
gcm.c:(.text+0x167): undefined reference to `crypto_ahash_finup'
crypto/gcm.o: In function `crypto_gcm_exit_tfm':
gcm.c:(.text+0x847): undefined reference to `crypto_destroy_tfm'

When we 'select CRYPTO' like the other users, we always get a
configuration that builds.

Fixes: 428490e3 ("security/keys: rewrite all of big_key crypto")
Signed-off-by: NArnd Bergmann <arnd@arndb.de>
Signed-off-by: NDavid Howells <dhowells@redhat.com>

Pull SCSI fixes from James Bottomley:
 "Four mostly error leg fixes and one more important regression in a
  prior commit (the qla2xxx one)"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: fc: check for rport presence in fc_block_scsi_eh
  scsi: qla2xxx: Fix uninitialized work element
  scsi: libiscsi: fix shifting of DID_REQUEUE host byte
  scsi: libfc: fix a deadlock in fc_rport_work
  scsi: fixup kernel warning during rmmod()

Commit 7496946a ("tracing: Add samples of DECLARE_EVENT_CLASS() and
DEFINE_EVENT()") added template examples for all the events. It created a
DEFINE_EVENT_FN() example which reused the foo_bar_reg and foo_bar_unreg
functions.

Enabling both the TRACE_EVENT_FN() and DEFINE_EVENT_FN() example trace
events caused the foo_bar_reg to be called twice, creating the test thread
twice. The foo_bar_unreg would remove it only once, even if it was called
multiple times, leaving a thread existing when the module is unloaded,
causing an oops.

Add a ref count and allow foo_bar_reg() and foo_bar_unreg() be called by
multiple trace events.

Cc: stable@vger.kernel.org
Fixes: 7496946a ("tracing: Add samples of DECLARE_EVENT_CLASS() and DEFINE_EVENT()")
Signed-off-by: NSteven Rostedt (VMware) <rostedt@goodmis.org>

Currently we try to defer completion of async DIO to the process context
in case there are any mapped pages associated with the inode so that we
can invalidate the pages when the IO completes. However the check is racy
and the pages can be mapped afterwards. If this happens we might end up
calling invalidate_inode_pages2_range() in dio_complete() in interrupt
context which could sleep. This can be reproduced by generic/451.

Fix this by passing the information whether we can or can't invalidate
to the dio_complete(). Thanks Eryu Guan for reporting this and Jan Kara
for suggesting a fix.

Fixes: 332391a9 ("fs: Fix page cache inconsistency when mixing buffered and AIO DIO")
Reported-by: NEryu Guan <eguan@redhat.com>
Reviewed-by: NJan Kara <jack@suse.cz>
Tested-by: NEryu Guan <eguan@redhat.com>
Signed-off-by: NLukas Czerner <lczerner@redhat.com>
Signed-off-by: NJens Axboe <axboe@kernel.dk>

Pull media fixes from Mauro Carvalho Chehab:
 "Core fixes:
   - cec: Respond to unregistered initiators, when applicable
   - dvb_frontend: only use kref after initialized

  Driver-specific fixes:
   - qcom, camss: Make function vfe_set_selection static
   - qcom: VIDEO_QCOM_CAMSS should depend on HAS_DMA
   - s5p-cec: add NACK detection support
   - media: staging/imx: Fix uninitialized variable warning
   - dib3000mc: i2c transfers over usb cannot be done from stack
   - venus: init registered list on streamoff"

* tag 'media/v4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
  media: dvb_frontend: only use kref after initialized
  media: platform: VIDEO_QCOM_CAMSS should depend on HAS_DMA
  media: cec: Respond to unregistered initiators, when applicable
  media: s5p-cec: add NACK detection support
  media: staging/imx: Fix uninitialized variable warning
  media: qcom: camss: Make function vfe_set_selection static
  media: venus: init registered list on streamoff
  media: dvb: i2c transfers over usb cannot be done from stack

The last cleanup introduced two harmless warnings:

fs/xfs/xfs_fsmap.c:480:1: warning: '__xfs_getfsmap_rtdev' defined but not used
fs/xfs/xfs_fsmap.c:372:1: warning: 'xfs_getfsmap_rtdev_rtbitmap_helper' defined but not used

This moves those two functions as well.

Fixes: bb9c2e54 ("xfs: move more RT specific code under CONFIG_XFS_RT")
Signed-off-by: NArnd Bergmann <arnd@arndb.de>
Reviewed-by: NBrian Foster <bfoster@redhat.com>
Acked-by: NGeert Uytterhoeven <geert@linux-m68k.org>
Reviewed-by: NDarrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>

The writeback rework in commit fbcc0256 ("xfs: Introduce
writeback context for writepages") introduced a subtle change in
behavior with regard to the block mapping used across the
->writepages() sequence. The previous xfs_cluster_write() code would
only flush pages up to EOF at the time of the writepage, thus
ensuring that any pages due to file-extending writes would be
handled on a separate cycle and with a new, updated block mapping.

The updated code establishes a block mapping in xfs_writepage_map()
that could extend beyond EOF if the file has post-eof preallocation.
Because we now use the generic writeback infrastructure and pass the
cached mapping to each writepage call, there is no implicit EOF
limit in place. If eofblocks trimming occurs during ->writepages(),
any post-eof portion of the cached mapping becomes invalid. The
eofblocks code has no means to serialize against writeback because
there are no pages associated with post-eof blocks. Therefore if an
eofblocks trim occurs and is followed by a file-extending buffered
write, not only has the mapping become invalid, but we could end up
writing a page to disk based on the invalid mapping.

Consider the following sequence of events:

- A buffered write creates a delalloc extent and post-eof
  speculative preallocation.
- Writeback starts and on the first writepage cycle, the delalloc
  extent is converted to real blocks (including the post-eof blocks)
  and the mapping is cached.
- The file is closed and xfs_release() trims post-eof blocks. The
  cached writeback mapping is now invalid.
- Another buffered write appends the file with a delalloc extent.
- The concurrent writeback cycle picks up the just written page
  because the writeback range end is LLONG_MAX. xfs_writepage_map()
  attributes it to the (now invalid) cached mapping and writes the
  data to an incorrect location on disk (and where the file offset is
  still backed by a delalloc extent).

This problem is reproduced by xfstests test generic/464, which
triggers racing writes, appends, open/closes and writeback requests.

To address this problem, trim the mapping used during writeback to
within EOF when the mapping is validated. This ensures the mapping
is revalidated for any pages encountered beyond EOF as of the time
the current mapping was cached or last validated.
Reported-by: NEryu Guan <eguan@redhat.com>
Diagnosed-by: NEryu Guan <eguan@redhat.com>
Signed-off-by: NBrian Foster <bfoster@redhat.com>
Reviewed-by: NDave Chinner <dchinner@redhat.com>
Reviewed-by: NDarrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>

Commit 332391a9 ("fs: Fix page cache inconsistency when mixing
buffered and AIO DIO") moved page cache invalidation from
iomap_dio_rw() to iomap_dio_complete() for iomap based direct write
path, but before the dio->end_io() call, and it re-introdued the bug
fixed by commit c771c14b ("iomap: invalidate page caches should
be after iomap_dio_complete() in direct write").

I found this because fstests generic/418 started failing on XFS with
v4.14-rc3 kernel, which is the regression test for this specific
bug.

So similarly, fix it by moving dio->end_io() (which does the
unwritten extent conversion) before page cache invalidation, to make
sure next buffer read reads the final real allocations not unwritten
extents. I also add some comments about why should end_io() go first
in case we get it wrong again in the future.

Note that, there's no such problem in the non-iomap based direct
write path, because we didn't remove the page cache invalidation
after the ->direct_IO() in generic_file_direct_write() call, but I
decided to fix dio_complete() too so we don't leave a landmine
there, also be consistent with iomap_dio_complete().

Fixes: 332391a9 ("fs: Fix page cache inconsistency when mixing buffered and AIO DIO")
Signed-off-by: NEryu Guan <eguan@redhat.com>
Reviewed-by: NDarrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: NJan Kara <jack@suse.cz>
Reviewed-by: NLukas Czerner <lczerner@redhat.com>

Recently we've had warnings arise from the vm handing us pages
without bufferheads attached to them. This should not ever occur
in XFS, but we don't defend against it properly if it does. The only
place where we remove bufferheads from a page is in
xfs_vm_releasepage(), but we can't tell the difference here between
"page is dirty so don't release" and "page is dirty but is being
invalidated so release it".

In some places that are invalidating pages ask for pages to be
released and follow up afterward calling ->releasepage by checking
whether the page was dirty and then aborting the invalidation. This
is a possible vector for releasing buffers from a page but then
leaving it in the mapping, so we really do need to avoid dirty pages
in xfs_vm_releasepage().

To differentiate between invalidated pages and normal pages, we need
to clear the page dirty flag when invalidating the pages. This can
be done through xfs_vm_invalidatepage(), and will result
xfs_vm_releasepage() seeing the page as clean which matches the
bufferhead state on the page after calling block_invalidatepage().

Hence we can re-add the page dirty check in xfs_vm_releasepage to
catch the case where we might be releasing a page that is actually
dirty and so should not have the bufferheads on it removed. This
will remove one possible vector of "dirty page with no bufferheads"
and so help narrow down the search for the root cause of that
problem.
Signed-Off-By: NDave Chinner <dchinner@redhat.com>
Reviewed-by: NDarrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: NDarrick J. Wong <darrick.wong@oracle.com>

This adds a short document describing the views of how the Linux kernel
community feels about enforcing the license of the kernel.
Acked-by: NAl Viro <viro@zeniv.linux.org.uk>
Acked-by: NAlex Elder (Linaro) <elder@linaro.org>
Acked-by: NAndrea Arcangeli <aarcange@redhat.com>
Acked-by: NAndy Gross <andy.gross@linaro.org>
Acked-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Acked-by: NAnna Schumaker <schumaker.anna@gmail.com>
Acked-by: NArd Biesheuvel <ardb@kernel.org>
Acked-by: NArnd Bergmann <arnd@arndb.de>
Acked-by: NArvind Yadav <arvind.yadav.cs@gmail.com>
Acked-by: NBart Van Assche <bart.vanassche@wdc.com>
Acked-by: NBhumika Goyal <bhumirks@gmail.com>
Acked-by: NBjorn Andersson <bjorn.andersson@linaro.org>
Acked-by: NBorislav Petkov <bp@suse.de>
Acked-by: NChristian Borntraeger <borntraeger@de.ibm.com>
Acked-by: NChristian König <christian.koenig@amd.com>
Acked-by: NChristophe JAILLET <christophe.jaillet@wanadoo.fr>
Acked-by: NChuck Lever <chuck.lever@oracle.com>
Acked-by: NColin Ian King <colin.king@canonical.com>
Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
Acked-by: NDaniel Lezcano <daniel.lezcano@linaro.org>
Acked-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
Acked-by: NDarrick J. Wong (Oracle) <darrick.wong@oracle.com>
Acked-by: NDarrick J. Wong <djwong@kernel.org>
Acked-by: NDavid Kershner <david.kershner@unisys.com>
Acked-by: NDavid S. Miller <davem@davemloft.net>
Acked-by: NDmitry Torokhov <dmitry.torokhov@gmail.com>
Acked-by: NDoug Ledford <dledford@redhat.com>
Acked-by: NFabio Estevam <festevam@gmail.com>
Acked-by: NFelipe Balbi <balbi@kernel.org>
Acked-by: NFlorian Westphal <fw@strlen.de>
Acked-by: NGeert Uytterhoeven <geert@linux-m68k.org>
Acked-by: NGuenter Roeck <linux@roeck-us.net>
Acked-by: NHannes Reinecke <hare@suse.com>
Acked-by: NHans de Goede <hdegoede@redhat.com>
Acked-by: NHeiko Carstens <heiko.carstens@de.ibm.com>
Acked-by: NHeiko Stuebner <heiko@sntech.de>
Acked-by: NHeiner Kallweit <hkallweit1@gmail.com>
Acked-by: NIngo Molnar <mingo@kernel.org>
Acked-by: NIvan Safonov <insafonov@gmail.com>
Acked-by: NJaegeuk Kim <jaegeuk@kernel.org>
Acked-by: NJan Kara (SUSE) <jack@suse.cz>
Acked-by: NJavier Martinez Canillas <javier@dowhile0.org>
Acked-by: NJeff Kirsher <jeffrey.t.kirsher@intel.com>
Acked-by: NJens Axboe <axboe@kernel.dk>
Acked-by: NJes Sorensen <Jes.Sorensen@gmail.com>
Acked-by: NJiri Kosina <jkosina@suse.cz>
Acked-by: NJiri Pirko <jiri@resnulli.us>
Acked-by: NJoe Perches <joe@perches.com>
Acked-by: NJoerg Roedel (SUSE) <jroedel@suse.de>
Acked-by: NJohan Hovold <johan@kernel.org>
Acked-by: NJosh Poimboeuf <jpoimboe@redhat.com>
Acked-by: NJuergen Gross <jgross@suse.com>
Acked-by: NJulia Lawall <Julia.Lawall@lip6.fr>
Acked-by: NK. Y. Srinivasan <kys@microsoft.com>
Acked-by: NKhalid Aziz <khalid@gonehiking.org>
Acked-by: NKrzysztof Kozlowski <krzk@kernel.org>
Acked-by: NKuninori Morimoto <kuninori.morimoto.gx@renesas.com>
Acked-by: NLarry Finger <Larry.Finger@lwfinger.net>
Acked-by: NLaura Abbott <laura@labbott.name>
Acked-by: NLee Jones <lee.jones@linaro.org>
Acked-by: NLeon Romanovsky <leon@kernel.org>
Acked-by: NLinus Walleij (Linaro) <linus.walleij@linaro.org>
Acked-by: NLv Zheng <zetalog@gmail.com>
Acked-by: NMartin K. Petersen (Oracle) <martin.petersen@oracle.com>
Acked-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: NMasami Hiramatsu <mhiramat@kernel.org>
Acked-by: NMel Gorman <mgorman@suse.de>
Acked-by: NMichael S. Tsirkin <mst@redhat.com>
Acked-by: NMichal Hocko <mhocko@suse.com>
Acked-by: NMike Marshall <hubcap@omnibond.com>
Acked-by: NNamhyung Kim <namhyung@kernel.org>
Acked-by: NNeil Armstrong <narmstrong@baylibre.com>
Acked-by: NOlof Johansson <olof@lixom.net>
Acked-by: NPablo Neira Ayuso <pablo@netfilter.org>
Acked-by: NPaolo Bonzini <pbonzini@redhat.com>
Acked-by: NPaul Burton <paul.burton@mips.com>
Acked-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: NPeter Zijlstra <peterz@infradead.org>
Acked-by: NRafael J. Wysocki <rafael@kernel.org>
Acked-by: NRalf Baechle <ralf@linux-mips.org>
Acked-by: NRichard Weinberger <richard@nod.at>
Acked-by: NRik van Riel <riel@surriel.com>
Acked-by: NRob Clark <robdclark@gmail.com>
Acked-by: NRob Herring <robh@kernel.org>
Acked-by: NSebastian Reichel (Collabora) <sre@kernel.org>
Acked-by: NShawn Guo <shawnguo@kernel.org>
Acked-by: NShuah Khan <shuahkh@osg.samsung.com>
Acked-by: NSimon Horman <horms@verge.net.au>
Acked-by: NSrinivas Kandagatla <srinivas.kandagatla@linaro.org>
Acked-by: NSteven Rostedt (VMware) <rostedt@goodmis.org>
Acked-by: NSven Eckelmann <sven@narfation.org>
Acked-by: NTakashi Iwai (SUSE) <tiwai@suse.de>
Acked-by: NTejun Heo <tj@kernel.org>
Acked-by: NThierry Reding <thierry.reding@gmail.com>
Acked-by: NTony Luck <tony.luck@gmail.com>
Acked-by: NUlf Hansson <ulf.hansson@linaro.org>
Acked-by: NVinod Koul <vkoul@kernel.org>
Acked-by: NViresh Kumar <viresh.kumar@linaro.org>
Acked-by: NVivien Didelot <vivien.didelot@savoirfairelinux.com>
Acked-by: NWei Yongjun <weiyongjun1@huawei.com>
Acked-by: NXin Long <lucien.xin@gmail.com>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

zipl from s390-tools generates root=/dev/ram0 kernel cmdline for
zfcpdump, thus BLK_DEV_RAM is required.

zfcpdump initrd mounts DEBUG_FS, thus is also required.

Bug-Ubuntu: https://launchpad.net/bugs/1722735
Bug-Ubuntu: https://launchpad.net/bugs/1719290Signed-off-by: NDimitri John Ledkov <xnox@ubuntu.com>
Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>

On CPU hotplug some cpu stats contain bogus values:

$ cat /proc/stat
cpu 0 0 49 1280 0 0 0 3 0 0
cpu0 0 0 49 618 0 0 0 3 0 0
cpu1 0 0 0 662 0 0 0 0 0 0
[...]
$ echo 0 > /sys/devices/system/cpu/cpu1/online
$ echo 1 > /sys/devices/system/cpu/cpu1/online
$ cat /proc/stat
cpu 0 0 49 3200 0 450359962737 450359962737 3 0 0
cpu0 0 0 49 1956 0 0 0 3 0 0
cpu1 0 0 0 1244 0 450359962737 450359962737 0 0 0
[...]

pcpu_attach_task() needs the same assignments as vtime_task_switch.
Signed-off-by: NChristian Borntraeger <borntraeger@de.ibm.com>
Fixes: b7394a5f ("sched/cputime, s390: Implement delayed accounting of system time")
Cc: stable@vger.kernel.org # 4.11+
Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>

Pull char/misc driver fixes from Greg KH:
 "Here are 4 patches to resolve some char/misc driver issues found these
  past weeks.

  One of them is a mei bugfix and another is a new mei device id. There
  is also a hyper-v fix for a reported issue, and a binder issue fix for
  a problem reported by a few people.

  All of these have been in my tree for a while, I don't know if
  linux-next is really testing much this month. But 0-day is happy with
  them :)"

* tag 'char-misc-4.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  binder: fix use-after-free in binder_transaction()
  Drivers: hv: vmbus: Fix bugs in rescind handling
  mei: me: add gemini lake devices id
  mei: always use domain runtime pm callbacks.

Pull USB fixes from Greg KH:
 "Here are a handful of USB driver fixes for 4.14-rc5.

  There is the "usual" usb-serial fixes and device ids, USB gadget
  fixes, and some more fixes found by the fuzz testing that is happening
  on the USB layer right now.

  All of these have been in my tree this week with no reported issues"

* tag 'usb-4.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  usb: usbtest: fix NULL pointer dereference
  usb: gadget: configfs: Fix memory leak of interface directory data
  usb: gadget: composite: Fix use-after-free in usb_composite_overwrite_options
  usb: misc: usbtest: Fix overflow in usbtest_do_ioctl()
  usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet
  USB: dummy-hcd: Fix deadlock caused by disconnect detection
  usb: phy: tegra: Fix phy suspend for UDC
  USB: serial: console: fix use-after-free after failed setup
  USB: serial: console: fix use-after-free on disconnect
  USB: serial: qcserial: add Dell DW5818, DW5819
  USB: serial: cp210x: add support for ELV TFD500
  USB: serial: cp210x: fix partnum regression
  USB: serial: option: add support for TP-Link LTE module
  USB: serial: ftdi_sio: add id for Cypress WICED dev board

Pull dmaengine fixes from Vinod Koul:
 "Here are fixes for this round

   - fix spinlock usage amd fifo response for altera driver

   - fix ti crossbar race condition

   - fix edma memcpy align"

* tag 'dmaengine-fix-4.14-rc5' of git://git.infradead.org/users/vkoul/slave-dma:
  dmaengine: altera: fix spinlock usage
  dmaengine: altera: fix response FIFO emptying
  dmaengine: ti-dma-crossbar: Fix possible race condition with dma_inuse
  dmaengine: edma: Align the memcpy acnt array size with the transfer

Pull x86 fixes from Ingo Molnar:
 "A landry list of fixes:

   - fix reboot breakage on some PCID-enabled system

   - fix crashes/hangs on some PCID-enabled systems

   - fix microcode loading on certain older CPUs

   - various unwinder fixes

   - extend an APIC quirk to more hardware systems and disable APIC
     related warning on virtualized systems

   - various Hyper-V fixes

   - a macro definition robustness fix

   - remove jprobes IRQ disabling

   - various mem-encryption fixes"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/microcode: Do the family check first
  x86/mm: Flush more aggressively in lazy TLB mode
  x86/apic: Update TSC_DEADLINE quirk with additional SKX stepping
  x86/apic: Silence "FW_BUG TSC_DEADLINE disabled due to Errata" on hypervisors
  x86/mm: Disable various instrumentations of mm/mem_encrypt.c and mm/tlb.c
  x86/hyperv: Fix hypercalls with extended CPU ranges for TLB flushing
  x86/hyperv: Don't use percpu areas for pcpu_flush/pcpu_flush_ex structures
  x86/hyperv: Clear vCPU banks between calls to avoid flushing unneeded vCPUs
  x86/unwind: Disable unwinder warnings on 32-bit
  x86/unwind: Align stack pointer in unwinder dump
  x86/unwind: Use MSB for frame pointer encoding on 32-bit
  x86/unwind: Fix dereference of untrusted pointer
  x86/alternatives: Fix alt_max_short macro to really be a max()
  x86/mm/64: Fix reboot interaction with CR4.PCIDE
  kprobes/x86: Remove IRQ disabling from jprobe handlers
  kprobes/x86: Set up frame pointer in kprobe trampoline

Pull scheduler fixes from Ingo Molnar:
 "Three fixes that address an SMP balancing performance regression"

* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  sched/core: Ensure load_balance() respects the active_mask
  sched/core: Address more wake_affine() regressions
  sched/core: Fix wake_affine() performance regression

Pull RAS fixes from Ingo Molnar:
 "A boot parameter fix, plus a header export fix"

* 'ras-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/mce: Hide mca_cfg
  RAS/CEC: Use the right length for "cec_disable"

Pull perf fixes from Ingo Molnar:
 "Some tooling fixes plus three kernel fixes: a memory leak fix, a
  statistics fix and a crash fix"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf/x86/intel/uncore: Fix memory leaks on allocation failures
  perf/core: Fix cgroup time when scheduling descendants
  perf/core: Avoid freeing static PMU contexts when PMU is unregistered
  tools include uapi bpf.h: Sync kernel ABI header with tooling header
  perf pmu: Unbreak perf record for arm/arm64 with events with explicit PMU
  perf script: Add missing separator for "-F ip,brstack" (and brstackoff)
  perf callchain: Compare dsos (as well) for CCKEY_FUNCTION

Pull locking fixes from Ingo Molnar:
 "Two lockdep fixes for bugs introduced by the cross-release dependency
  tracking feature - plus a commit that disables it because performance
  regressed in an absymal fashion on some systems"

* 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  locking/lockdep: Disable cross-release features for now
  locking/selftest: Avoid false BUG report
  locking/lockdep: Fix stacktrace mess

Pull irq fixes from Ingo Molnar:
 "A CPU hotplug related fix, plus two related sanity checks"

* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  genirq/cpuhotplug: Enforce affinity setting on startup of managed irqs
  genirq/cpuhotplug: Add sanity check for effective affinity mask
  genirq: Warn when effective affinity is not updated

Pull objtool fix from Ingo Molnar:
 "A single objtool fix: avoid silently broken ORC debuginfo builds and
  error out instead"

* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  objtool: Upgrade libelf-devel warning to error for CONFIG_ORC_UNWINDER

On CPUs like AMD's Geode, for example, we shouldn't even try to load
microcode because they do not support the modern microcode loading
interface.

However, we do the family check *after* the other checks whether the
loader has been disabled on the command line or whether we're running in
a guest.

So move the family checks first in order to exit early if we're being
loaded on an unsupported family.
Reported-and-tested-by: NSven Glodowski <glodi1@arcor.de>
Signed-off-by: NBorislav Petkov <bp@suse.de>
Cc: <stable@vger.kernel.org> # 4.11..
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://bugzilla.suse.com/show_bug.cgi?id=1061396
Link: http://lkml.kernel.org/r/20171012112316.977-1-bp@alien8.deSigned-off-by: NIngo Molnar <mingo@kernel.org>

Johan Hovold reported a big lockdep slowdown on his system, caused by lockdep:

> I had noticed that the BeagleBone Black boot time appeared to have
> increased significantly with 4.14 and yesterday I finally had time to
> investigate it.
>
> Boot time (from "Linux version" to login prompt) had in fact doubled
> since 4.13 where it took 17 seconds (with my current config) compared to
> the 35 seconds I now see with 4.14-rc4.
>
> I quick bisect pointed to lockdep and specifically the following commit:
>
>	28a903f6 ("locking/lockdep: Handle non(or multi)-acquisition of a crosslock")

Because the final v4.14 release is close, disable the cross-release lockdep
features for now.
Bisected-by: NJohan Hovold <johan@kernel.org>
Debugged-by: NJohan Hovold <johan@kernel.org>
Reported-by: NJohan Hovold <johan@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Byungchul Park <byungchul.park@lge.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Lindgren <tony@atomide.com>
Cc: kernel-team@lge.com
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-mm@kvack.org
Cc: linux-omap@vger.kernel.org
Link: http://lkml.kernel.org/r/20171014072659.f2yr6mhm5ha3eou7@gmail.comSigned-off-by: NIngo Molnar <mingo@kernel.org>