Commit 554086d8 ("x86_32, entry: Do syscall exit work on badsys
(CVE-2014-4508)") introduced a regression in the x86_32 syscall entry
code, resulting in syscall() not returning proper errors for undefined
syscalls on CPUs supporting the sysenter feature.

The following code:

> int result = syscall(666);
> printf("result=%d errno=%d error=%s\n", result, errno, strerror(errno));

results in:

> result=666 errno=0 error=Success

Obviously, the syscall return value is the called syscall number, but it
should have been an ENOSYS error. When run under ptrace it behaves
correctly, which makes it hard to debug in the wild:

> result=-1 errno=38 error=Function not implemented

The %eax register is the return value register. For debugging via ptrace
the syscall entry code stores the complete register context on the
stack. The badsys handlers only store the ENOSYS error code in the
ptrace register set and do not set %eax like a regular syscall handler
would. The old resume_userspace call chain contains code that clobbers
%eax and it restores %eax from the ptrace registers afterwards. The same
goes for the ptrace-enabled call chain. When ptrace is not used, the
syscall return value is the passed-in syscall number from the untouched
%eax register.

Use %eax as the return value register in syscall_badsys and
sysenter_badsys, like a real syscall handler does, and have the caller
push the value onto the stack for ptrace access.
Signed-off-by: NSven Wegener <sven.wegener@stealer.net>
Link: http://lkml.kernel.org/r/alpine.LNX.2.11.1407221022380.31021@titan.int.lan.stealer.netReviewed-and-tested-by: NAndy Lutomirski <luto@amacapital.net>
Cc: <stable@vger.kernel.org> # If 554086d8 is backported
Signed-off-by: NH. Peter Anvin <hpa@zytor.com>

Pull more IIO driver fixes from Greg KH:
 "Here are two IIO driver fixes for 3.16-rc6 that resolve some reported
  issues"

* tag 'staging-3.16-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  iio: mma8452: Use correct acceleration units.
  iio:core: Handle error when mask type is not separate

Pull USB fixes from Greg KH:
 "Here are two USB patches that resolve some reported issues, one with
  an odd HUB, and one in the chipidea driver"

* tag 'usb-3.16-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  usb: Check if port status is equal to RxDetect
  usb: chipidea: udc: Disable auto ZLP generation on ep0

Merge tag 'driver-core-3.16-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

Pull driver core fix from Greg KH:
 "Here is a single driver core fix that reverts an older patch that has
  been causing a number of reported problems with the platform devices.

  This revert has been in linux-next for a while with no reported issues"

* tag 'driver-core-3.16-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
  platform_get_irq: Revert to platform_get_resource if of_irq_get fails

Pull char/misc fix from Greg KH:
 "Here's a single hyper-v driver fix for a reported issue"

* tag 'char-misc-3.16-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  Drivers: hv: hv_fcopy: fix a race condition for SMP guest

Pull intel drm fixes from Dave Airlie:
 "Intel fixes came in late, but since I debugged one of them I'll send
  them on,

  Two reverts, a quirk and one warn regression"

* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
  Revert "drm/i915: reverse dp link param selection, prefer fast over wide again"
  drm/i915: Track the primary plane correctly when reassigning planes
  drm/i915: Ignore VBT backlight presence check on HP Chromebook 14
  Revert "drm/i915: Don't set the 8to6 dither flag when not scaling"

Pull UML fixes from Richard Weinberger:
 "Four fixes, all discovered by Trinity"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml:
  um: segv: Save regs only in case of a kernel mode fault
  um: Fix hung task in fix_range_common()
  um: Ensure that a stub page cannot get unmapped
  Revert "um: Fix wait_stub_done() error handling"

Pull btrfs fixes from Chris Mason:
 "We have two more fixes in my for-linus branch.

  I was hoping to also include a fix for a btrfs deadlock with
  compression enabled, but we're still nailing that one down"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
  btrfs: test for valid bdev before kobj removal in btrfs_rm_device
  Btrfs: fix abnormal long waiting in fsync

Pull NFS client fixes from Trond Myklebust:
 "Apologies for the relative lateness of this pull request, however the
  commits fix some issues with the NFS read/write code updates in
  3.16-rc1 that can cause serious Oopsing when using small r/wsize.  The
  delay was mainly due to extra testing to make sure that the fixes
  behave correctly.

  Highlights include;
   - Stable fix for an NFSv3 posix ACL regression
   - Multiple fixes for regressions to the NFS generic read/write code:
     - Fix page splitting bugs that come into play when a small
       rsize/wsize read/write needs to be sent again (due to error
       conditions or page redirty)
     - Fix nfs_wb_page_cancel, which is called by the "invalidatepage"
       method
   - Fix 2 compile warnings about unused variables
   - Fix a performance issue affecting unstable writes"

* tag 'nfs-for-3.16-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
  NFS: Don't reset pg_moreio in __nfs_pageio_add_request
  NFS: Remove 2 unused variables
  nfs: handle multiple reqs in nfs_wb_page_cancel
  nfs: handle multiple reqs in nfs_page_async_flush
  nfs: change find_request to find_head_request
  nfs: nfs_page should take a ref on the head req
  nfs: mark nfs_page reqs with flag for extra ref
  nfs: only show Posix ACLs in listxattr if actually present

...otherwise me lose user mode regs and the resulting
stack trace is useless.
Signed-off-by: NRichard Weinberger <richard@nod.at>

If do_ops() fails we have to release current->mm->mmap_sem
otherwise the failing task will never terminate.
Reported-by: NToralf Förster <toralf.foerster@gmx.de>
Signed-off-by: NRichard Weinberger <richard@nod.at>

Trinity discovered an execution path such that a task
can unmap his stub page.
Reported-by: NToralf Förster <toralf.foerster@gmx.de>
Signed-off-by: NRichard Weinberger <richard@nod.at>

This reverts commit 0974a9ca.
The real for for that issue is to release current->mm->mmap_sem in
fix_range_common().
Signed-off-by: NRichard Weinberger <richard@nod.at>

commit 99994cde btrfs: dev delete should remove sysfs entry
added a btrfs_kobj_rm_device, which dereferences device->bdev...
right after we check whether device->bdev might be NULL.

I don't honestly know if it's possible to have a NULL device->bdev
here, but assuming that it is (given the test), we need to move
the kobject removal to be under that test.

(Coverity spotted this)
Signed-off-by: NEric Sandeen <sandeen@redhat.com>
Signed-off-by: NChris Mason <clm@fb.com>

xfstests generic/127 detected this problem.

With commit 7fc34a62, now fsync will only flush
data within the passed range.  This is the cause of the above problem,
-- btrfs's fsync has a stage called 'sync log' which will wait for all the
ordered extents it've recorded to finish.

In xfstests/generic/127, with mixed operations such as truncate, fallocate,
punch hole, and mapwrite, we get some pre-allocated extents, and mapwrite will
mmap, and then msync.  And I find that msync will wait for quite a long time
(about 20s in my case), thanks to ftrace, it turns out that the previous
fallocate calls 'btrfs_wait_ordered_range()' to flush dirty pages, but as the
range of dirty pages may be larger than 'btrfs_wait_ordered_range()' wants,
there can be some ordered extents created but not getting corresponding pages
flushed, then they're left in memory until we fsync which runs into the
stage 'sync log', and fsync will just wait for the system writeback thread
to flush those pages and get ordered extents finished, so the latency is
inevitable.

This adds a flush similar to btrfs_start_ordered_extent() in
btrfs_wait_logged_extents() to fix that.
Reviewed-by: NMiao Xie <miaox@cn.fujitsu.com>
Signed-off-by: NLiu Bo <bo.li.liu@oracle.com>
Signed-off-by: NChris Mason <clm@fb.com>

Pull locking fixes from Thomas Gleixner:
 "The locking department delivers:

   - A rather large and intrusive bundle of fixes to address serious
     performance regressions introduced by the new rwsem / mcs
     technology.  Simpler solutions have been discussed, but they would
     have been ugly bandaids with more risk than doing the right thing.

   - Make the rwsem spin on owner technology opt-in for architectures
     and enable it only on the known to work ones.

   - A few fixes to the lockdep userspace library"

* 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  locking/rwsem: Add CONFIG_RWSEM_SPIN_ON_OWNER
  locking/mutex: Disable optimistic spinning on some architectures
  locking/rwsem: Reduce the size of struct rw_semaphore
  locking/rwsem: Rename 'activity' to 'count'
  locking/spinlocks/mcs: Micro-optimize osq_unlock()
  locking/spinlocks/mcs: Introduce and use init macro and function for osq locks
  locking/spinlocks/mcs: Convert osq lock to atomic_t to reduce overhead
  locking/spinlocks/mcs: Rename optimistic_spin_queue() to optimistic_spin_node()
  locking/rwsem: Allow conservative optimistic spinning when readers have lock
  tools/liblockdep: Account for bitfield changes in lockdeps lock_acquire
  tools/liblockdep: Remove debug print left over from development
  tools/liblockdep: Fix comparison of a boolean value with a value of 2

Pull scheduler fix from Thomas Gleixner:
 "Prevent a possible divide by zero in the debugging code"

* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  sched: Fix possible divide by zero in avg_atom() calculation

Pull irq fixes from Thomas Gleixner:
 "Three patches addressing shortcomings in the ARM gic interrupt chip
  driver"

* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  irqchip: gic: Fix core ID calculation when topology is read from DT
  irqchip: gic: Add binding probe for ARM GIC400
  irqchip: gic: Add support for cortex a7 compatible string

Pull timer fix from Thomas Gleixner:
 "A single fix for a long standing issue in the alarm timer subsystem,
  which was noticed recently when people finally started to use alarm
  timers for serious work"

* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  alarmtimer: Fix bug where relative alarm timers were treated as absolute

Pull RCU fixes from Thomas Gleixner:
 "Two RCU patches:
   - Address a serious performance regression on open/close caused by
     commit ac1bea85 ("Make cond_resched() report RCU quiescent
     states")
   - Export RCU debug functions.  Not a regression, but enablement to
     address a serious recursion bug in the sl*b allocators in 3.17"

* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  rcu: Reduce overhead of cond_resched() checks for RCU
  rcu: Export debug_init_rcu_head() and and debug_init_rcu_head()

Pull ARM SoC fixes from Olof Johansson:
 "A smaller set of fixes this week, and all regression fixes:
   - a handful of issues fixed on at91 with common clock conversion
   - a set of fixes for Marvell mvebu (SMP, coherency, PM)
   - a clock fix for i.MX6Q.
   - ... and a SMP/hotplug fix for Exynos"

* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  ARM: EXYNOS: Fix core ID used by platsmp and hotplug code
  ARM: at91/dt: add missing clocks property to pwm node in sam9x5.dtsi
  ARM: at91/dt: fix usb0 clocks definition in sam9n12 dtsi
  ARM: at91: at91sam9x5: correct typo error for ohci clock
  ARM: clk-imx6q: parent lvds_sel input from upstream clock gates
  ARM: mvebu: Fix coherency bus notifiers by using separate notifiers
  ARM: mvebu: Fix the operand list in the inline asm of armada_370_xp_pmsu_idle_enter
  ARM: mvebu: fix SMP boot for Armada 38x and Armada 375 Z1 in big endian

But in any case nothing really shocking in
here, 2 reverts, 1 quirk and a regression fix a WARN.

* tag 'drm-intel-fixes-2014-07-18' of git://anongit.freedesktop.org/drm-intel:
  Revert "drm/i915: reverse dp link param selection, prefer fast over wide again"
  drm/i915: Track the primary plane correctly when reassigning planes
  drm/i915: Ignore VBT backlight presence check on HP Chromebook 14
  Revert "drm/i915: Don't set the 8to6 dither flag when not scaling"

Pull x86 fixes from Peter Anvin:
 "A couple of key fixes and a few less critical ones.  The main ones
  are:

   - add a .bss section to the PE/COFF headers when building with EFI
     stub

   - invoke the correct paravirt magic when building the espfix page
     tables

  Unfortunately both of these areas also have at least one additional
  fix each still in thie pipeline, but which are not yet ready to push"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86: Remove unused variable "polling"
  x86/espfix/xen: Fix allocation of pages for paravirt page tables
  x86/efi: Include a .bss section within the PE/COFF headers
  efi: fdt: Do not report an error during boot if UEFI is not available
  efi/arm64: efistub: remove local copy of linux_banner

Pull infiniband/rdma fixes from Roland Dreier:
 - cxgb4 hardware driver regression fixes
 - mlx5 hardware driver regression fixes

* tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
  IB/mlx5: Enable "block multicast loopback" for kernel consumers
  RDMA/cxgb4: Call iwpm_init() only once
  mlx5_core: Fix possible race between mr tree insert/delete
  RDMA/cxgb4: Initialize the device status page
  RDMA/cxgb4: Clean up connection on ARP error
  RDMA/cxgb4: Fix skb_leak in reject_cr()

Pull hwmon fixes from Guenter Roeck:
 "More fallout from module tests and code inspection.

  Fixes to temperature limit write operations in adt7470 driver.  Also,
  dashes are not allowed in hwmon 'name' attributes.  Fix drivers where
  necessary"

* tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
  hwmon: (adt7470) Fix writes to temperature limit registers
  hwmon: (da9055) Don't use dash in the name attribute
  hwmon: (da9052) Don't use dash in the name attribute

Pull iommu fixes from Joerg Roedel:
 "A couple of fixes for the Freescale PAMU driver queued up:

   - fix PAMU window size check.
   - fix the device domain attach condition.
   - fix the error condition during iommu group"

* tag 'iommu-fixes-v3.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  iommu/fsl: Fix the error condition during iommu group
  iommu/fsl: Fix the device domain attach condition.
  iommu/fsl: Fix PAMU window size check.

Pull ACPI and power management fixes from Rafael Wysocki:
 "These are a few recent regression fixes, a revert of the ACPI video
  commit I promised, a system resume fix related to request_firmware(),
  an ACPI video quirk for one more Win8-oriented BIOS, an ACPI device
  enumeration documentation update and a few fixes for ARM cpufreq
  drivers.

  Specifics:

   - Fix for a recently introduced NULL pointer dereference in the core
     system suspend code occuring when platforms without ACPI attempt to
     use the "freeze" sleep state from Zhang Rui.

   - Fix for a recently introduced build warning in cpufreq headers from
     Brian W Hart.

   - Fix for a 3.13 cpufreq regression related to sysem resume that
     triggers on some systems with multiple CPU clusters from Viresh
     Kumar.

   - Fix for a 3.4 regression in request_firmware() resulting in
     WARN_ON()s on some systems during system resume from Takashi Iwai.

   - Revert of the ACPI video commit that changed the default value of
     the video.brightness_switch_enabled command line argument to 0 as
     it has been reported to break existing setups.

   - ACPI device enumeration documentation update to take recent code
     changes into account and make the documentation match the code
     again from Darren Hart.

   - Fixes for the sa1110, imx6q, kirkwood, and cpu0 cpufreq drivers
     from Linus Walleij, Nicolas Del Piano, Quentin Armitage, Viresh
     Kumar.

   - New ACPI video blacklist entry for HP ProBook 4540s from Hans de
     Goede"

* tag 'pm+acpi-3.16-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  cpufreq: make table sentinel macros unsigned to match use
  cpufreq: move policy kobj to policy->cpu at resume
  cpufreq: cpu0: OPPs can be populated at runtime
  cpufreq: kirkwood: Reinstate cpufreq driver for ARCH_KIRKWOOD
  cpufreq: imx6q: Select PM_OPP
  cpufreq: sa1110: set memory type for h3600
  ACPI / video: Add use_native_backlight quirk for HP ProBook 4540s
  PM / sleep: fix freeze_ops NULL pointer dereferences
  PM / sleep: Fix request_firmware() error at resume
  Revert "ACPI / video: change acpi-video brightness_switch_enabled default to 0"
  ACPI / documentation: Remove reference to acpi_platform_device_ids from enumeration.txt

Pull drm fixes from Dave Airlie:
 "One nouveau deadlock fix, one qxl irq handling fix, and a set of
  radeon pageflipping changes that fix regressions in pageflipping since
  -rc1 along with a leak and backlight fix.

  The pageflipping fixes are a bit bigger than I'd like, but there has
  been a few people focused on testing them"

* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
  drm/radeon: Make classic pageflip completion path less racy.
  drm/radeon: Add missing vblank_put in pageflip ioctl error path.
  drm/radeon: Remove redundant fence unref in pageflip path.
  drm/radeon: Complete page flip even if waiting on the BO fence fails
  drm/radeon: Move pinning the BO back to radeon_crtc_page_flip()
  drm/radeon: Prevent too early kms-pageflips triggered by vblank.
  drm/radeon: set default bl level to something reasonable
  drm/radeon: avoid leaking edid data
  drm/qxl: return IRQ_NONE if it was not our irq
  drm/nouveau/therm: fix a potential deadlock in the therm monitoring code

Pull /dev/random fix from Ted Ts'o:
 "Fix a BUG splat found by trinity"

* tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
  random: check for increase of entropy_count because of signed conversion

Pull crypto fixes from Herbert Xu:
 "This push fixes a boot hang in virt guests when the virtio RNG is
  enabled"

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  hwrng: virtio - ensure reads happen after successful probe
  hwrng: fetch randomness only after device init

The expression entropy_count -= ibytes << (ENTROPY_SHIFT + 3) could
actually increase entropy_count if during assignment of the unsigned
expression on the RHS (mind the -=) we reduce the value modulo
2^width(int) and assign it to entropy_count. Trinity found this.

[ Commit modified by tytso to add an additional safety check for a
  negative entropy_count -- which should never happen, and to also add
  an additional paranoia check to prevent overly large count values to
  be passed into urandom_read().  ]
Reported-by: NDave Jones <davej@redhat.com>
Signed-off-by: NHannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: NTheodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org

When CPU topology is specified in device tree, cpu_logical_map() does
not return core ID anymore, but rather full MPIDR value. This breaks
existing calculation of PMU register offsets on Exynos SoCs.

This patch fixes the problem by adjusting the code to use only core ID
bits of the value returned by cpu_logical_map() to allow CPU topology to
be specified in device tree on Exynos SoCs.
Signed-off-by: NTomasz Figa <t.figa@samsung.com>
Signed-off-by: NKukjin Kim <kgene.kim@samsung.com>
Signed-off-by: NOlof Johansson <olof@lixom.net>

Merge tag 'imx-fixes-3.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes

Merge "ARM: imx: fixes for 3.16, 2nd take" from Shawn Guo:

The i.MX fixes for 3.16, 2nd take:

It fixes a hard machine hang regression for boards where only pcie is
active but no sata, as the latest imx6-pcie driver is no longer enabling
the upstream clock directly but only lvds clk out.

* tag 'imx-fixes-3.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
  ARM: clk-imx6q: parent lvds_sel input from upstream clock gates
Signed-off-by: NOlof Johansson <olof@lixom.net>

Merge "at91: fixes for 3.16 #2" from Nicolas Ferre:

Second AT91 fixes series for 3.16
- fix clock definitions after the move to CCF for:
  * at91sam9n12 (ohci)
  * at91sam9x5 (ohci, pwm)

* tag 'at91-fixes' of git://github.com/at91linux/linux-at91:
  ARM: at91/dt: add missing clocks property to pwm node in sam9x5.dtsi
  ARM: at91/dt: fix usb0 clocks definition in sam9n12 dtsi
  ARM: at91: at91sam9x5: correct typo error for ohci clock
Signed-off-by: NOlof Johansson <olof@lixom.net>

Merge "mvebu fixes for v3.16 (round 3)" from Jason Cooper:

 - Fix SMP boot on 38x/375 in big endian
 - Fix operand list for pmsu on 370/XP
 - Fix coherency bus notifiers

* tag 'mvebu-fixes-3.16-3' of git://git.infradead.org/linux-mvebu:
  ARM: mvebu: Fix coherency bus notifiers by using separate notifiers
  ARM: mvebu: Fix the operand list in the inline asm of armada_370_xp_pmsu_idle_enter
  ARM: mvebu: fix SMP boot for Armada 38x and Armada 375 Z1 in big endian
Signed-off-by: NOlof Johansson <olof@lixom.net>

Pull gfs2 fixes from Steven Whitehouse:
 "This patch set contains two minor docs/spelling fixes, some fixes for
  flock, a change to use GFP_NOFS to avoid recursion on a rarely used
  code path and a fix for a race relating to the glock lru"

* tag 'gfs2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-3.0-fixes:
  GFS2: fs/gfs2/rgrp.c: kernel-doc warning fixes
  GFS2: memcontrol: Spelling s/invlidate/invalidate/
  GFS2: Allow caching of glocks for flock
  GFS2: Allow flocks to use normal glock dq rather than dq_wait
  GFS2: replace count*size kzalloc by kcalloc
  GFS2: Use GFP_NOFS when allocating glocks
  GFS2: Fix race in glock lru glock disposal
  GFS2: Only wait for demote when last holder is dequeued

Pull device mapper fixes from Mike Snitzer:
 "Fix the dm-thinp and dm-cache targets to disallow changing the data
  device's block size"

* tag 'dm-3.16-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm cache metadata: do not allow the data block size to change
  dm thin metadata: do not allow the data block size to change

Pull UBI fixes from Artem Bityutskiy:
 "Two UBI fastmap-related fixes for v3.16:

   - fix UBI fastmap support which we broke in 3.16-rc1 by reversing the
     volumes RB-tree sorting criteria.
   - make sure that we scrub all PEBs where we see bit-flips - we were
     missing some of them when the fastmap feature was enabled"

* tag 'upstream-3.16-rc6' of git://git.infradead.org/linux-ubifs:
  UBI: fastmap: do not miss bit-flips
  UBI: fix the volumes tree sorting criteria

Pull xfs fixes from Dave Chinner:
 "Fixes for low memory perforamnce regressions and a quota inode
  handling regression.

  These are regression fixes for issues recently introduced - the change
  in the stack switch location is fairly important, so I've held off
  sending this update until I was sure that it still addresses the stack
  usage problem the original solved.  So while the commits in the xfs
  tree are recent, it has been under tested for several weeks now"

* tag 'xfs-for-linus-3.16-rc5' of git://oss.sgi.com/xfs/xfs:
  xfs: null unused quota inodes when quota is on
  xfs: refine the allocation stack switch
  Revert "xfs: block allocation work needs to be kswapd aware"