Pull ceph fix from Ilya Dryomov:
"A fix for a long-standing bug in the incremental osdmap handling code
that caused misdirected requests, tagged for stable"

The tag is signed with a brand new key - Sage is on vacation and I
didn't anticipate this"

* tag 'ceph-for-4.7-rc8' of git://github.com/ceph/ceph-client:
libceph: apply new_state before new_up_client on incrementals

Pull networking fixes from David Miller:

1) Fix memory leak in nftables, from Liping Zhang.

2) Need to check result of vlan_insert_tag() in batman-adv otherwise we
risk NULL skb derefs, from Sven Eckelmann.

3) Check for dev_alloc_skb() failures in cfg80211, from Gregory
Greenman.

4) Handle properly when we have ppp_unregister_channel() happening in
parallel with ppp_connect_channel(), from WANG Cong.

5) Fix DCCP deadlock, from Eric Dumazet.

6) Bail out properly in UDP if sk_filter() truncates the packet to be
smaller than even the space that the protocol headers need. From
Michal Kubecek.

7) Similarly for rose, dccp, and sctp, from Willem de Bruijn.

8) Make TCP challenge ACKs less predictable, from Eric Dumazet.

9) Fix infinite loop in bgmac_dma_tx_add() from Florian Fainelli.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (65 commits)
packet: propagate sock_cmsg_send() error
net/mlx5e: Fix del vxlan port command buffer memset
packet: fix second argument of sock_tx_timestamp()
net: switchdev: change ageing_time type to clock_t
Update maintainer for EHEA driver.
net/mlx4_en: Add resilience in low memory systems
net/mlx4_en: Move filters cleanup to a proper location
sctp: load transport header after sk_filter
net/sched/sch_htb: clamp xstats tokens to fit into 32-bit int
net: cavium: liquidio: Avoid dma_unmap_single on uninitialized ndata
net: nb8800: Fix SKB leak in nb8800_receive()
et131x: Fix logical vs bitwise check in et131x_tx_timeout()
vlan: use a valid default mtu value for vlan over macsec
net: bgmac: Fix infinite loop in bgmac_dma_tx_add()
mlxsw: spectrum: Prevent invalid ingress buffer mapping
mlxsw: spectrum: Prevent overwrite of DCB capability fields
mlxsw: spectrum: Don't emit errors when PFC is disabled
mlxsw: spectrum: Indicate support for autonegotiation
mlxsw: spectrum: Force link training according to admin state
r8152: add MODULE_VERSION
...

Currently, osd_weight and osd_state fields are updated in the encoding
order. This is wrong, because an incremental map may look like e.g.

new_up_client: { osd=6, addr=... } # set osd_state and addr
new_state: { osd=6, xorstate=EXISTS } # clear osd_state

Suppose osd6's current osd_state is EXISTS (i.e. osd6 is down). After
applying new_up_client, osd_state is changed to EXISTS | UP. Carrying
on with the new_state update, we flip EXISTS and leave osd6 in a weird
"!EXISTS but UP" state. A non-existent OSD is considered down by the
mapping code

2087 for (i = 0; i < pg->pg_temp.len; i++) {
2088 if (ceph_osd_is_down(osdmap, pg->pg_temp.osds[i])) {
2089 if (ceph_can_shift_osds(pi))
2090 continue;
2091
2092 temp->osds[temp->size++] = CRUSH_ITEM_NONE;

and so requests get directed to the second OSD in the set instead of
the first, resulting in OSD-side errors like:

[WRN] : client.4239 192.168.122.21:0/2444980242 misdirected client.4239.1:2827 pg 2.5df899f2 to osd.4 not [1,4,6] in e680/680

and hung rbds on the client:

[ 493.566367] rbd: rbd0: write 400000 at 11cc00000 (0)
[ 493.566805] rbd: rbd0: result -6 xferred 400000
[ 493.567011] blk_update_request: I/O error, dev rbd0, sector 9330688

The fix is to decouple application from the decoding and:
- apply new_weight first
- apply new_state before new_up_client
- twiddle osd_state flags if marking in
- clear out some of the state if osd is destroyed

Fixes: http://tracker.ceph.com/issues/14901

Cc: stable@vger.kernel.org # 3.15+: 6dd74e44dc1d: libceph: set 'exists' flag for newly up osd
Cc: stable@vger.kernel.org # 3.15+
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Josh Durgin <jdurgin@redhat.com>

Pull overlayfs fixes from Miklos Szeredi:
"This contains a fix for a potential crash/corruption issue and another
where the suid/sgid bits weren't cleared on write"

* 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
ovl: verify upper dentry in ovl_remove_and_whiteout()
ovl: Copy up underlying inode's ->i_mode to overlay inode
ovl: handle ATTR_KILL*

sock_cmsg_send() can return different error codes and not only
-EINVAL, and we should properly propagate them.

Fixes: c14ac9451c34 ("sock: enable timestamping using control messages")
Signed-off-by: Soheil Hassas Yeganeh <soheil@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Merge misc fixes from Andrew Morton:
"Five fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
pps: do not crash when failed to register
tools/vm/slabinfo: fix an unintentional printf
testing/radix-tree: fix a macro expansion bug
radix-tree: fix radix_tree_iter_retry() for tagged iterators.
mm: memcontrol: fix cgroup creation failure after many small jobs

The upper dentry may become stale before we call ovl_lock_rename_workdir.
For example, someone could (mistakenly or maliciously) manually unlink(2)
it directly from upperdir.

To ensure it is not stale, let's lookup it after ovl_lock_rename_workdir
and and check if it matches the upper dentry.

Essentially, it is the same problem and similar solution as in
commit 11f3710417d0 ("ovl: verify upper dentry before unlink and rename").

Signed-off-by: Maxim Patlasov <mpatlasov@virtuozzo.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Cc: <stable@vger.kernel.org>

memset the command buffers rather than the pointers to them.

Fixes: b3f63c3d5e2c ("net/mlx5e: Add netdev support for VXLAN tunneling")
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

The well-spotted fallocate undo fix is good in most cases, but not when
fallocate failed on the very first page. index 0 then passes lend -1
to shmem_undo_range(), and that has two bad effects: (a) that it will
undo every fallocation throughout the file, unrestricted by the current
range; but more importantly (b) it can cause the undo to hang, because
lend -1 is treated as truncation, which makes it keep on retrying until
every page has gone, but those already fully instantiated will never go
away. Big thank you to xfstests generic/269 which demonstrates this.

Fixes: b9b4bb26af01 ("tmpfs: don't undo fallocate past its last page")
Cc: stable@vger.kernel.org
Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Pull intel kabylake drm fixes from Dave Airlie:
"As mentioned Intel has gathered all the Kabylake fixes from -next,
which we've enabled in 4.7 for the first time, these are pretty much
limited in scope to only affects kabylake, which is hw that isn't
shipping yet. So I'm mostly okay with it going in now.

If we don't land this, it might be a good idea to disable kabylake
support in 4.7 before we ship"

* tag 'drm-fixes-for-v4.7-rc8-intel-kbl' of git://people.freedesktop.org/~airlied/linux: (28 commits)
drm/i915/kbl: Introduce the first official DMC for Kabylake.
drm/i915: Introduce Kabypoint PCH for Kabylake H/DT.
drm/i915/gen9: implement WaConextSwitchWithConcurrentTLBInvalidate
drm/i915/gen9: Add WaFbcHighMemBwCorruptionAvoidance
drm/i195/fbc: Add WaFbcNukeOnHostModify
drm/i915/gen9: Add WaFbcWakeMemOn
drm/i915/gen9: Add WaFbcTurnOffFbcWatermark
drm/i915/kbl: Add WaClearSlmSpaceAtContextSwitch
drm/i915/gen9: Add WaEnableChickenDCPR
drm/i915/kbl: Add WaDisableSbeCacheDispatchPortSharing
drm/i915/kbl: Add WaDisableGafsUnitClkGating
drm/i915/kbl: Add WaForGAMHang
drm/i915: Add WaInsertDummyPushConstP for bxt and kbl
drm/i915/kbl: Add WaDisableDynamicCreditSharing
drm/i915/kbl: Add WaDisableGamClockGating
drm/i915/gen9: Enable must set chicken bits in config0 reg
drm/i915/kbl: Add WaDisableLSQCROPERFforOCL
drm/i915/kbl: Add WaDisableSDEUnitClockGating
drm/i915/kbl: Add WaDisableFenceDestinationToSLM for A0
drm/i915/kbl: Add WaEnableGapsTsvCreditFix
...

With this command sequence:

modprobe plip
modprobe pps_parport
rmmod pps_parport

the partport_pps modules causes this crash:

BUG: unable to handle kernel NULL pointer dereference at (null)
IP: parport_detach+0x1d/0x60 [pps_parport]
Oops: 0000 [#1] SMP
...
Call Trace:
parport_unregister_driver+0x65/0xc0 [parport]
SyS_delete_module+0x187/0x210

The sequence that builds up to this is:

1) plip is loaded and takes the parport device for exclusive use:

plip0: Parallel port at 0x378, using IRQ 7.

2) pps_parport then fails to grab the device:

pps_parport: parallel port PPS client
parport0: cannot grant exclusive access for device pps_parport
pps_parport: couldn't register with parport0

3) rmmod of pps_parport is then killed because it tries to access
pardev->name, but pardev (taken from port->cad) is NULL.

So add a check for NULL in the test there too.

Link: http://lkml.kernel.org/r/20160714115245.12651-1-jslaby@suse.cz
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Acked-by: Rodolfo Giometti <giometti@enneenne.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Right now when a new overlay inode is created, we initialize overlay
inode's ->i_mode from underlying inode ->i_mode but we retain only
file type bits (S_IFMT) and discard permission bits.

This patch changes it and retains permission bits too. This should allow
overlay to do permission checks on overlay inode itself in task context.

[SzM] It also fixes clearing suid/sgid bits on write.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Reported-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay")
Cc: <stable@vger.kernel.org>

This patch fixes an issue that a syscall (e.g. sendto syscall) cannot
work correctly. Since the sendto syscall doesn't have msg_control buffer,
the sock_tx_timestamp() in packet_snd() cannot work correctly because
the socks.tsflags is set to 0.
So, this patch sets the socks.tsflags to sk->sk_tsflags as default.

Fixes: c14ac9451c34 ("sock: enable timestamping using control messages")
Reported-by: Kazuya Mizuguchi <kazuya.mizuguchi.ks@renesas.com>
Reported-by: Keita Kobayashi <keita.kobayashi.ym@renesas.com>
Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Pull MIPS fix from Ralf Baechle:
"Another week with just a single 4.7 fix.

This fixes a possible 'loss' of the huge page bit from pmd on
permission change"

* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
MIPS: Fix page table corruption on THP permission changes.

Pull drm fixes from Dave Airlie:
"Two i915 regression fixes.

Intel have submitted some Kabylake fixes I'll send separately, since
this is the first kernel with kabylake support and they don't go much
outside that area I think they should be fine"

* tag 'drm-fixes-for-v4.7-rc8-intel' of git://people.freedesktop.org/~airlied/linux:
drm/i915: add missing condition for committing planes on crtc
drm/i915: Treat eDP as always connected, again

As promised here's the pile of kbl cherry-picks assembled by Mika&Rodrigo.
It's a bit much, but all well-contained to kbl code and been tested for a
while in drm-intel-next. Still separate in case too much, but in that case
I think we'd need to disable kbl by default again (which would be annoying
too) in 4.7.

* tag 'topic/kbl-4.7-fixes-2016-07-18' of git://anongit.freedesktop.org/drm-intel: (28 commits)
drm/i915/kbl: Introduce the first official DMC for Kabylake.
drm/i915: Introduce Kabypoint PCH for Kabylake H/DT.
drm/i915/gen9: implement WaConextSwitchWithConcurrentTLBInvalidate
drm/i915/gen9: Add WaFbcHighMemBwCorruptionAvoidance
drm/i195/fbc: Add WaFbcNukeOnHostModify
drm/i915/gen9: Add WaFbcWakeMemOn
drm/i915/gen9: Add WaFbcTurnOffFbcWatermark
drm/i915/kbl: Add WaClearSlmSpaceAtContextSwitch
drm/i915/gen9: Add WaEnableChickenDCPR
drm/i915/kbl: Add WaDisableSbeCacheDispatchPortSharing
drm/i915/kbl: Add WaDisableGafsUnitClkGating
drm/i915/kbl: Add WaForGAMHang
drm/i915: Add WaInsertDummyPushConstP for bxt and kbl
drm/i915/kbl: Add WaDisableDynamicCreditSharing
drm/i915/kbl: Add WaDisableGamClockGating
drm/i915/gen9: Enable must set chicken bits in config0 reg
drm/i915/kbl: Add WaDisableLSQCROPERFforOCL
drm/i915/kbl: Add WaDisableSDEUnitClockGating
drm/i915/kbl: Add WaDisableFenceDestinationToSLM for A0
drm/i915/kbl: Add WaEnableGapsTsvCreditFix
...

The curly braces are missing here so we print stuff unintentionally.

Fixes: 9da4714a2d44 ('slub: slabinfo update for cmpxchg handling')
Link: http://lkml.kernel.org/r/20160715211243.GE19522@mwanda
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Christoph Lameter <cl@linux.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Colin Ian King <colin.king@canonical.com>
Cc: Laura Abbott <labbott@fedoraproject.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Before 4bacc9c9234c ("overlayfs: Make f_path...") file->f_path pointed to
the underlying file, hence suid/sgid removal on write worked fine.

After that patch file->f_path pointed to the overlay file, and the file
mode bits weren't copied to overlay_inode->i_mode. So the suid/sgid
removal simply stopped working.

The fix is to copy the mode bits, but then ovl_setattr() needs to clear
ATTR_MODE to avoid the BUG() in notify_change(). So do this first, then in
the next patch copy the mode.

Reported-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay")
Cc: <stable@vger.kernel.org>

The switchdev value for the SWITCHDEV_ATTR_ID_BRIDGE_AGEING_TIME
attribute is a clock_t and requires to use helpers such as
clock_t_to_jiffies() to convert to milliseconds.

Change ageing_time type from u32 to clock_t to make it explicit.

Fixes: f55ac58ae64c ("switchdev: add bridge ageing_time attribute")
Signed-off-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Pull SCSI fixes from James Bottomley:
"Three fixes. One is the qla24xx MSI regression, one is a theoretical
problem over blacklist matching, which would bite USB badly if it ever
triggered and one is a system hang with a particular type of IPR
device"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
qla2xxx: Fix NULL pointer deref in QLA interrupt
SCSI: fix new bug in scsi_dev_info_list string matching
ipr: Clear interrupt on croc/crocodile when running with LSI

When the core THP code is modifying the permissions of a huge page it
calls pmd_modify(), which unfortunately was clearing the _PAGE_HUGE bit
of the page table entry. The result can be kernel messages like:

mm/memory.c:397: bad pmd 000000040080004d.
mm/memory.c:397: bad pmd 00000003ff00004d.
mm/memory.c:397: bad pmd 000000040100004d.

or:

------------[ cut here ]------------
WARNING: at mm/mmap.c:3200 exit_mmap+0x150/0x158()
Modules linked in: ipv6 at24 octeon3_ethernet octeon_srio_nexus m25p80
CPU: 12 PID: 1295 Comm: pmderr Not tainted 3.10.87-rt80-Cavium-Octeon #4
Stack : 0000000040808000 0000000014009ce1 0000000000400004 ffffffff81076ba0
0000000000000000 0000000000000000 ffffffff85110000 0000000000000119
0000000000000004 0000000000000000 0000000000000119 43617669756d2d4f
0000000000000000 ffffffff850fda40 ffffffff85110000 0000000000000000
0000000000000000 0000000000000009 ffffffff809207a0 0000000000000c80
ffffffff80f1bf20 0000000000000001 000000ffeca36828 0000000000000001
0000000000000000 0000000000000001 000000ffeca7e700 ffffffff80886924
80000003fd7a0000 80000003fd7a39b0 80000003fdea8000 ffffffff80885780
80000003fdea8000 ffffffff80f12218 000000000000000c 000000000000050f
0000000000000000 ffffffff80865c4c 0000000000000000 0000000000000000
...
Call Trace:
[<ffffffff80865c4c>] show_stack+0x6c/0xf8
[<ffffffff80885780>] warn_slowpath_common+0x78/0xa8
[<ffffffff809207a0>] exit_mmap+0x150/0x158
[<ffffffff80882d44>] mmput+0x5c/0x110
[<ffffffff8088b450>] do_exit+0x230/0xa68
[<ffffffff8088be34>] do_group_exit+0x54/0x1d0
[<ffffffff8088bfc0>] __wake_up_parent+0x0/0x18

---[ end trace c7b38293191c57dc ]---
BUG: Bad rss-counter state mm:80000003fa168000 idx:1 val:1536

Fix by not clearing _PAGE_HUGE bit.

Signed-off-by: David Daney <david.daney@cavium.com>
Tested-by: Aaro Koskinen <aaro.koskinen@nokia.com>
Cc: stable@vger.kernel.org
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/13687/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>

Pull m68k upddates from Geert Uytterhoeven:
- assorted spelling fixes
- defconfig updates

* tag 'm68k-for-v4.8-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
m68k/defconfig: Update defconfigs for v4.7-rc2
m68k: Assorted spelling fixes

Two more regression fixes for 4.7.

* tag 'drm-intel-fixes-2016-07-18' of git://anongit.freedesktop.org/drm-intel:
drm/i915: add missing condition for committing planes on crtc
drm/i915: Treat eDP as always connected, again

Version 1.01.

This firmware is made for Kabylake platform so it doesn't
need the stepping workaround that we had before.

v2: Rebased on top of latest nightly with min version
required change.
v3: With right CSR_VERSION (Patrik).

Cc: Christophe Prigent <christophe.prigent@intel.com>
Cc: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>
Reviewed-by: Ben Widawsky <benjamin.widawsky@intel.com> (v1)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Reviewed-by: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>
Link: http://patchwork.freedesktop.org/patch/msgid/1461707991-15336-1-git-send-email-rodrigo.vivi@intel.com
(cherry picked from commit 4922d4919596219864686be1e70dcd92c685ec9f)
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>

There are no parentheses around this macro and it causes a problem when
we do:

index = rand() % THRASH_SIZE;

Link: http://lkml.kernel.org/r/20160715210953.GC19522@mwanda
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Since Thadeu left IBM, EHEA has gone mostly unmaintained, since his email
address doesn't work anymore. I'm stepping up to help maintain this
driver upstream.

I'm adding Thadeu's personal e-mail address in Cc, hoping that we can
get his ack.

CC: Thadeu Lima de Souza Cascardo <cascardo@cascardo.eti.br>
Signed-off-by: Douglas Miller <dougmill@linux.vnet.ibm.com>
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@cascardo.eti.br>
Signed-off-by: David S. Miller <davem@davemloft.net>

Pull eCryptfs fixes from Tyler Hicks:
"Provide a more concise fix for CVE-2016-1583:
- Additionally fixes linux-stable regressions caused by the
cherry-picking of the original fix

Some very minor changes that have queued up:
- Fix typos in code comments
- Remove unnecessary check for NULL before destroying kmem_cache"

* tag 'ecryptfs-4.7-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
ecryptfs: don't allow mmap when the lower fs doesn't support it
Revert "ecryptfs: forbid opening files without mmap handler"
ecryptfs: fix spelling mistakes
eCryptfs: fix typos in comment
ecryptfs: drop null test before destroy functions

Pull ARM SoC fixes from Olof Johansson:
"A handful of fixes before final release:

Marvell Armada:
- One to fix a typo in the devicetree specifying memory ranges for
the crypto engine
- Two to deal with marking PCI and device-memory as strongly ordered
to avoid hardware deadlocks, in particular when enabling above
crypto driver.
- Compile fix for PM

Allwinner:
- DT clock fixes to deal with u-boot-enabled framebuffer (simplefb).
- Make R8 (C.H.I.P. SoC) inherit system compatibility from A13 to
make clocks register proper.

Tegra:
- Fix SD card voltage setting on the Tegra3 Beaver dev board

Misc:
- Two maintainers updates for STM32 and STi platforms"

* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
ARM: tegra: beaver: Allow SD card voltage to be changed
MAINTAINERS: update STi maintainer list
MAINTAINERS: update STM32 maintainers list
ARM: mvebu: compile pm code conditionally
ARM: dts: sun7i: Fix pll3x2 and pll7x2 not having a parent clock
ARM: dts: sunxi: Add pll3 to simplefb nodes clocks lists
ARM: dts: armada-38x: fix MBUS_ID for crypto SRAM on Armada 385 Linksys
ARM: mvebu: map PCI I/O regions strongly ordered
ARM: mvebu: fix HW I/O coherency related deadlocks
ARM: sunxi/dt: make the CHIP inherit from allwinner,sun5i-a13

Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>

Pull MTD fix from Brian Norris:
"Late MTD fix for v4.7:

One regression in the Device Tree handling for OMAP NAND handling of
the ELM node. TI migrated to using the property name "ti,elm-id", but
forgot to keep compatibility with the old "elm_id" property.

Also, might as well send out this MAINTAINERS fixup now"

* tag 'for-linus-20160715' of git://git.infradead.org/linux-mtd:
mtd: nand: omap2: Add check for old elm binding
MAINTAINERS: Add file patterns for mtd device tree bindings

The i915 driver checks for color management properties changes as part
of a plane update. Therefore a color management update must imply a
plane update, otherwise we never update the transformation matrixes
and degamma/gamma LUTs.

v2: add comment about moving the commit of color management registers
to an async worker

v3: Commit color management register right after vblank

v4: Move back color management commit condition together with planes
commit

v5: Trigger color management commit through the planes commit (Daniel)

v6: Make plane change update more readable

Fixes: 20a34e78f0d7 (drm/i915: Update color management during vblank evasion.)
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: drm-intel-fixes@lists.freedesktop.org
Signed-off-by: Lionel Landwerlin <lionel.g.landwerlin@intel.com>
References: https://lkml.org/lkml/2016/7/14/614
Reviewed-and-tested-by: Mario Kleiner <mario.kleiner.de@gmail.com>
Link: http://patchwork.freedesktop.org/patch/msgid/1464183041-8478-1-git-send-email-lionel.g.landwerlin@intel.com
(cherry picked from commit e7852a4b3a4fb6f6c18fdaff934580aa8521599a)
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>

Some Kabylake SKUs are going to use Kabypoint PCH.
It is mainly for Halo and DT ones.

>From our specs it doesn't seem that KBP brings
any change on the display south engine. So let's consider
this as a continuation of SunrisePoint, i.e., SPT+.

Since it is easy to get confused by a letter change:
KBL = Kabylake - CPU/GPU codename.
KBP = Kabypoint - PCH codename.

Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Reviewed-by: Ander Conselvan de Oliveira <conselvan2@gmail.com>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=96826
Link: http://patchwork.freedesktop.org/patch/msgid/1467418032-15167-1-git-send-email-rodrigo.vivi@intel.com
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
(cherry picked from commit 22dea0be50b2eb0bafd3c82e1fb080113e0c889e)
Signed-off-by: Mika Kuoppala <mika.kuoppala@intel.com>

radix_tree_iter_retry() resets slot to NULL, but it doesn't reset tags.
Then NULL slot and non-zero iter.tags passed to radix_tree_next_slot()
leading to crash:

RIP: radix_tree_next_slot include/linux/radix-tree.h:473
find_get_pages_tag+0x334/0x930 mm/filemap.c:1452
....
Call Trace:
pagevec_lookup_tag+0x3a/0x80 mm/swap.c:960
mpage_prepare_extent_to_map+0x321/0xa90 fs/ext4/inode.c:2516
ext4_writepages+0x10be/0x2b20 fs/ext4/inode.c:2736
do_writepages+0x97/0x100 mm/page-writeback.c:2364
__filemap_fdatawrite_range+0x248/0x2e0 mm/filemap.c:300
filemap_write_and_wait_range+0x121/0x1b0 mm/filemap.c:490
ext4_sync_file+0x34d/0xdb0 fs/ext4/fsync.c:115
vfs_fsync_range+0x10a/0x250 fs/sync.c:195
vfs_fsync fs/sync.c:209
do_fsync+0x42/0x70 fs/sync.c:219
SYSC_fdatasync fs/sync.c:232
SyS_fdatasync+0x19/0x20 fs/sync.c:230
entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207

We must reset iterator's tags to bail out from radix_tree_next_slot()
and go to the slow-path in radix_tree_next_chunk().

Fixes: 46437f9a554f ("radix-tree: fix race in gang lookup")
Link: http://lkml.kernel.org/r/1468495196-10604-1-git-send-email-aryabinin@virtuozzo.com
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Matthew Wilcox <willy@linux.intel.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Ross Zwisler <ross.zwisler@linux.intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Pull fuse fix from Miklos Szeredi:
"This makes sure userspace filesystems are not broken by the parallel
lookups and readdir feature"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
fuse: serialize dirops by default

Tariq Toukan says:

====================
Safe flow for mlx4_en configuration change

This patchset improves the mlx4_en driver resiliency, especially on
systems with low memory. Upon a configuration change that requires
the allocation of new resources, we first try to allocate, prior to
destroying the current ones. Once it is successfully done,
we release the old resources and attach the new ones. Otherwise, we
stay with a functioning interface having the same old configuration.

This improvement became of greater significance after removing the use
of vmap.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

Pull IOMMU fixes from Joerg Roedel:
"Two Fixes:

- Intel VT-d fix for a suspend/resume issue, introduced with the
scalability improvements in this cycle.

- AMD IOMMU fix for systems that have unity mappings defined. There
was a race where translation got enabled before the unity mappings
were in place. This issue was seen on some HP servers"

* tag 'iommu-fixes-v4.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu/amd: Fix unity mapping initialization race
iommu/vt-d: Fix infinite loop in free_all_cpu_cached_iovas

There are legitimate reasons to disallow mmap on certain files, notably
in sysfs or procfs. We shouldn't emulate mmap support on file systems
that don't offer support natively.

CVE-2016-1583

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Cc: stable@vger.kernel.org
[tyhicks: clean up f_op check by using ecryptfs_file_to_lower()]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>

Commit b704f70ce200 ("SCSI: fix bug in scsi_dev_info_list matching")
changed the way vendor- and model-string matching was carried out in the
routine that looks up entries in a SCSI devinfo list. The new matching
code failed to take into account the case of a maximum-length string; in
such cases it could end up testing for a terminating '\0' byte beyond
the end of the memory allocated to the string. This out-of-bounds bug
was detected by UBSAN.

I don't know if anybody has actually encountered this bug. The symptom
would be that a device entry in the blacklist might not be matched
properly if it contained an 8-character vendor name or a 16-character
model name. Such entries certainly exist in scsi_static_device_list.

This patch fixes the problem by adding a check for a maximum-length
string before the '\0' test.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Fixes: b704f70ce200 ("SCSI: fix bug in scsi_dev_info_list matching")
Tested-by: Wilfried Klaebe <linux-kernel@lebenslange-mailadresse.de>
CC: <stable@vger.kernel.org> # v4.4+
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

In qla24xx_process_response_queue() rsp->msix->cpuid may trigger NULL
pointer dereference when rsp->msix is NULL:

[ 5.622457] NULL pointer dereference at 0000000000000050
[ 5.622457] IP: [<ffffffff8155e614>] qla24xx_process_response_queue+0x44/0x4b0
[ 5.622457] PGD 0
[ 5.622457] Oops: 0000 [#1] SMP
[ 5.622457] Modules linked in:
[ 5.622457] CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.6.3-x86_64 #1
[ 5.622457] Hardware name: HP ProLiant DL360 G5, BIOS P58 05/02/2011
[ 5.622457] task: ffff8801a88f3740 ti: ffff8801a8954000 task.ti: ffff8801a8954000
[ 5.622457] RIP: 0010:[<ffffffff8155e614>] [<ffffffff8155e614>] qla24xx_process_response_queue+0x44/0x4b0
[ 5.622457] RSP: 0000:ffff8801afb03de8 EFLAGS: 00010002
[ 5.622457] RAX: 0000000000000000 RBX: 0000000000000032 RCX: 00000000ffffffff
[ 5.622457] RDX: 0000000000000002 RSI: ffff8801a79bf8c8 RDI: ffff8800c8f7e7c0
[ 5.622457] RBP: ffff8801afb03e68 R08: 0000000000000000 R09: 0000000000000000
[ 5.622457] R10: 00000000ffff8c47 R11: 0000000000000002 R12: ffff8801a79bf8c8
[ 5.622457] R13: ffff8800c8f7e7c0 R14: ffff8800c8f60000 R15: 0000000000018013
[ 5.622457] FS: 0000000000000000(0000) GS:ffff8801afb00000(0000) knlGS:0000000000000000
[ 5.622457] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5.622457] CR2: 0000000000000050 CR3: 0000000001e07000 CR4: 00000000000006e0
[ 5.622457] Stack:
[ 5.622457] ffff8801afb03e30 ffffffff810c0f2d 0000000000000086 0000000000000002
[ 5.622457] ffff8801afb03e28 ffffffff816570e1 ffff8800c8994628 0000000000000002
[ 5.622457] ffff8801afb03e60 ffffffff816772d4 b47c472ad6955e68 0000000000000032
[ 5.622457] Call Trace:
[ 5.622457] <IRQ>
[ 5.622457] [<ffffffff810c0f2d>] ? __wake_up_common+0x4d/0x80
[ 5.622457] [<ffffffff816570e1>] ? usb_hcd_resume_root_hub+0x51/0x60
[ 5.622457] [<ffffffff816772d4>] ? uhci_hub_status_data+0x64/0x240
[ 5.622457] [<ffffffff81560d00>] qla24xx_intr_handler+0xf0/0x2e0
[ 5.622457] [<ffffffff810d569e>] ? get_next_timer_interrupt+0xce/0x200
[ 5.622457] [<ffffffff810c89b4>] handle_irq_event_percpu+0x64/0x100
[ 5.622457] [<ffffffff810c8a77>] handle_irq_event+0x27/0x50
[ 5.622457] [<ffffffff810cb965>] handle_edge_irq+0x65/0x140
[ 5.622457] [<ffffffff8101a498>] handle_irq+0x18/0x30
[ 5.622457] [<ffffffff8101a276>] do_IRQ+0x46/0xd0
[ 5.622457] [<ffffffff817f8fff>] common_interrupt+0x7f/0x7f
[ 5.622457] <EOI>
[ 5.622457] [<ffffffff81020d38>] ? mwait_idle+0x68/0x80
[ 5.622457] [<ffffffff8102114a>] arch_cpu_idle+0xa/0x10
[ 5.622457] [<ffffffff810c1b97>] default_idle_call+0x27/0x30
[ 5.622457] [<ffffffff810c1d3b>] cpu_startup_entry+0x19b/0x230
[ 5.622457] [<ffffffff810324c6>] start_secondary+0x136/0x140
[ 5.622457] Code: 00 00 65 48 8b 04 25 28 00 00 00 48 89 45 d0 31 c0 48 8b 47 58 a8 02 0f 84 c5 00 00 00 48 8b 46 50 49 89 f4 65 8b 15 34 bb aa 7e <39> 50 50 74 11 89 50 50 48 8b 46 50 8b 40 50 41 89 86 60 8b 00
[ 5.622457] RIP [<ffffffff8155e614>] qla24xx_process_response_queue+0x44/0x4b0
[ 5.622457] RSP <ffff8801afb03de8>
[ 5.622457] CR2: 0000000000000050
[ 5.622457] ---[ end trace fa2b19c25106d42b ]---
[ 5.622457] Kernel panic - not syncing: Fatal exception in interrupt

The affected code was introduced by commit cdb898c52d1dfad4b4800b83a58b3fe5d352edde
(qla2xxx: Add irq affinity notification).

Only dereference rsp->msix when it has been set so the machine can boot
fine. Possibly rsp->msix is unset because:
[ 3.479679] qla2xxx [0000:00:00.0]-0005: : QLogic Fibre Channel HBA Driver: 8.07.00.33-k.
[ 3.481839] qla2xxx [0000:13:00.0]-001d: : Found an ISP2432 irq 17 iobase 0xffffc90000038000.
[ 3.484081] qla2xxx [0000:13:00.0]-0035:0: MSI-X; Unsupported ISP2432 (0x2, 0x3).
[ 3.485804] qla2xxx [0000:13:00.0]-0037:0: Falling back-to MSI mode -258.
[ 3.890145] scsi host0: qla2xxx
[ 3.891956] qla2xxx [0000:13:00.0]-00fb:0: QLogic QLE2460 - PCI-Express Single Channel 4Gb Fibre Channel HBA.
[ 3.894207] qla2xxx [0000:13:00.0]-00fc:0: ISP2432: PCIe (2.5GT/s x4) @ 0000:13:00.0 hdma+ host#=0 fw=7.03.00 (9496).
[ 5.714774] qla2xxx [0000:13:00.0]-500a:0: LOOP UP detected (4 Gbps).

Signed-off-by: Bruno Prémont <bonbons@linux-vserver.org>
Acked-by: Quinn Tran <quinn.tran@qlogic.com>
CC: <stable@vger.kernel.org> # 4.5+
Fixes: cdb898c52d1dfad4b4800b83a58b3fe5d352edde
Signed-off-by: James Bottomley <jejb@linux.vnet.ibm.com>

Pull crypto fixes from Herbert Xu:
"This fixes a sporadic build failure in the qat driver as well as a
memory corruption bug in rsa-pkcs1pad"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: rsa-pkcs1pad - fix rsa-pkcs1pad request struct
crypto: qat - make qat_asym_algs.o depend on asn1 headers

This allows to switch the card signal voltage level to 1.8 V, which is
needed for any ultra high speed modes to work.

Signed-off-by: Lucas Stach <dev@lynxeye.de>
Acked-by: Jon Hunter <jonathanh@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Olof Johansson <olof@lixom.net>

- s/acccess/access/
- s/accoding/according/
- s/addad/added/
- s/addreess/address/
- s/allocatiom/allocation/
- s/Assember/Assembler/
- s/compactnes/compactness/
- s/conneced/connected/
- s/decending/descending/
- s/diectly/directly/
- s/diplacement/displacement/

Signed-off-by: Andrea Gelmini <andrea.gelmini@gelma.net>
[geert: Squashed, fix arch/m68k/ifpsp060/src/pfpsp.S]
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>

Pull input fixes from Dmitry Torokhov:
"A few last-minute updates for the input subsystem"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: ts4800-ts - add missing of_node_put after calling of_parse_phandle
Input: synaptics-rmi4 - use of_get_child_by_name() to fix refcount
Revert "Input: wacom_w8001 - drop use of ABS_MT_TOOL_TYPE"
Input: xpad - validate USB endpoint count during probe
Input: add SW_PEN_INSERTED define

commit c9711ec5250b ("mtd: nand: omap: Clean up device tree support")
removes the check for the old elm phandle binding.
Add it again to keep backward compatibility.

Fixes: commit c9711ec5250b ("mtd: nand: omap: Clean up device tree support")
Signed-off-by: Teresa Remmet <t.remmet@phytec.de>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>

eDP should be treated as connected even if doesn't have an EDID. In that
case we'll use the timings from the VBT. That used to be the case until
commit f21a21983ef1 ("drm/i915: Splitting intel_dp_detect")
broke things by considering even eDP disconnected if we fail to get
an EDID for it.

Fix things up again by treating eDP as always connected.

Cc: Shubhangi Shrivastava <shubhangi.shrivastava@intel.com>
Cc: Nathan D Ciobanu <nathan.d.ciobanu@intel.com>
Cc: Sivakumar Thulasimani <sivakumar.thulasimani@intel.com>
Cc: Ander Conselvan de Oliveira <conselvan2@gmail.com>
Cc: Larry Finger <larry.finger@lwfinger.net>
Reported-by: Larry Finger <larry.finger@lwfinger.net>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=96675
Cc: drm-intel-fixes@lists.freedesktop.org
Fixes: f21a21983ef1 ("drm/i915: Splitting intel_dp_detect")
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Tested-by: Larry Finger <larry.finger@lwfinger.net>
Link: http://patchwork.freedesktop.org/patch/msgid/1468836914-16537-1-git-send-email-ville.syrjala@linux.intel.com
(cherry picked from commit 1b7f2c8b0773d5ccbef43ef38a13ad33136c9679)
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>

This patch enables a workaround for a mid thread preemption
issue where a hardware timing problem can prevent the
context restore from happening, leading to a hang.

v2: move to gen9_init_workarounds (Arun)
v3: move to start of gen9_init_workarounds (Arun)

Signed-off-by: Tim Gore <tim.gore@intel.com>
Reviewed-by: Arun Siluvery <arun.siluvery@linux.intel.com>
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/1465816501-25557-1-git-send-email-tim.gore@intel.com
(cherry picked from commit a8ab5ed5e1bf856eceaab5579236de6f92822b9f)
Signed-off-by: Mika Kuoppala <mika.kuoppala@intel.com>

The memory controller has quite a bit of state that usually outlives the
cgroup and pins its CSS until said state disappears. At the same time
it imposes a 16-bit limit on the CSS ID space to economically store IDs
in the wild. Consequently, when we use cgroups to contain frequent but
small and short-lived jobs that leave behind some page cache, we quickly
run into the 64k limitations of outstanding CSSs. Creating a new cgroup
fails with -ENOSPC while there are only a few, or even no user-visible
cgroups in existence.

Although pinning CSSs past cgroup removal is common, there are only two
instances that actually need an ID after a cgroup is deleted: cache
shadow entries and swapout records.

Cache shadow entries reference the ID weakly and can deal with the CSS
having disappeared when it's looked up later. They pose no hurdle.

Swap-out records do need to pin the css to hierarchically attribute
swapins after the cgroup has been deleted; though the only pages that
remain swapped out after offlining are tmpfs/shmem pages. And those
references are under the user's control, so they are manageable.

This patch introduces a private 16-bit memcg ID and switches swap and
cache shadow entries over to using that. This ID can then be recycled
after offlining when the CSS remains pinned only by objects that don't
specifically need it.

This script demonstrates the problem by faulting one cache page in a new
cgroup and deleting it again:

set -e
mkdir -p pages
for x in `seq 128000`; do
[ $((x % 1000)) -eq 0 ] && echo $x
mkdir /cgroup/foo
echo $$ >/cgroup/foo/cgroup.procs
echo trex >pages/$x
echo $$ >/cgroup/cgroup.procs
rmdir /cgroup/foo
done

When run on an unpatched kernel, we eventually run out of possible IDs
even though there are no visible cgroups:

[root@ham ~]# ./cssidstress.sh
[...]
65000
mkdir: cannot create directory '/cgroup/foo': No space left on device

After this patch, the IDs get released upon cgroup destruction and the
cache and css objects get released once memory reclaim kicks in.

[hannes@cmpxchg.org: init the IDR]
Link: http://lkml.kernel.org/r/20160621154601.GA22431@cmpxchg.org
Fixes: b2052564e66d ("mm: memcontrol: continue cache reclaim from offlined groups")
Link: http://lkml.kernel.org/r/20160617162516.GD19084@cmpxchg.org
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reported-by: John Garcia <john.garcia@mesosphere.io>
Reviewed-by: Vladimir Davydov <vdavydov@virtuozzo.com>
Acked-by: Tejun Heo <tj@kernel.org>
Cc: Nikolay Borisov <kernel@kyup.com>
Cc: <stable@vger.kernel.org> [3.19+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Pull overlayfs fixes from Miklos Szeredi:
"This contains fixes for a dentry leak, a regression in 4.6 noticed by
Docker users and missing write access checking in truncate"

* 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
ovl: warn instead of error if d_type is not supported
ovl: get_write_access() in truncate
ovl: fix dentry leak for default_permissions

Negotiate with userspace filesystems whether they support parallel readdir
and lookup. Disable parallelism by default for fear of breaking fuse
filesystems.

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: 9902af79c01a ("parallel lookups: actual switch to rwsem")
Fixes: d9b3dbdcfd62 ("fuse: switch to ->iterate_shared()")

Do not cache pointers into the skb linear segment across sk_filter.
The function call can trigger pskb_expand_head.

Signed-off-by: Willem de Bruijn <willemb@google.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

This patch fixes the lost of Ethernet port on low memory system,
when driver frees its resources and fails to allocate new resources.
Issue could happen while changing number of channels, rings size or
changing the timestamp configuration.
This fix is necessary because of removing vmap use in the code.
When vmap was in use driver could allocate non-contiguous memory
and make it contiguous with vmap. Now it could fail to allocate
a large chunk of contiguous memory and lose the port.
Current code tries to allocate new resources and then upon success
frees the old resources.

Fixes: 73898db04301 ('net/mlx4: Avoid wrong virtual mappings')
Signed-off-by: Eugenia Emantayev <eugenia@mellanox.com>
Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Pull xen bug fixes from David Vrabel:

- Fix two bugs in the handling of xenbus transactions.

- Make the xen acpi driver compatible with Xen 4.7.

* tag 'for-linus-4.7b-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
xen/acpi: allow xen-acpi-processor driver to load on Xen 4.7
xenbus: simplify xenbus_dev_request_and_reply()
xenbus: don't bail early from xenbus_dev_request_and_reply()
xenbus: don't BUG() on user mode induced condition

There is a race condition in the AMD IOMMU init code that
causes requested unity mappings to be blocked by the IOMMU
for a short period of time. This results on boot failures
and IO_PAGE_FAULTs on some machines.

Fix this by making sure the unity mappings are installed
before all other DMA is blocked.

Fixes: aafd8ba0ca74 ('iommu/amd: Implement add_device and remove_device')
Cc: stable@vger.kernel.org # v4.2+
Signed-off-by: Joerg Roedel <jroedel@suse.de>

This reverts commit 2f36db71009304b3f0b95afacd8eba1f9f046b87.

It fixed a local root exploit but also introduced a dependency on
the lower file system implementing an mmap operation just to open a file,
which is a bit of a heavy hammer. The right fix is to have mmap depend
on the existence of the mmap handler instead.

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Cc: stable@vger.kernel.org
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>

If we fall back to using LSI on the Croc or Crocodile chip we need to
clear the interrupt so we don't hang the system.

Cc: <stable@vger.kernel.org>
Tested-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>