Merge android-4.4-p.195 (4af3204) into msm-4.4

* refs/heads/tmp-4af3204
  Linux 4.4.195
  Btrfs: fix race setting up and completing qgroup rescan workers
  btrfs: Relinquish CPUs in btrfs_compare_trees
  Btrfs: fix use-after-free when using the tree modification log
  ovl: filter of trusted xattr results in audit
  CIFS: Fix oplock handling for SMB 2.1+ protocols
  i2c: riic: Clear NACK in tend isr
  hwrng: core - don't wait on add_early_randomness()
  quota: fix wrong condition in is_quota_modification()
  ext4: fix punch hole for inline_data file systems
  /dev/mem: Bail out upon SIGKILL.
  cfg80211: Purge frame registrations on iftype change
  md/raid6: Set R5_ReadError when there is read failure on parity disk
  alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
  ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
  ASoC: Intel: Fix use of potentially uninitialized variable
  media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
  KVM: x86: Manually calculate reserved bits when loading PDPTRS
  KVM: x86: set ctxt->have_exception in x86_decode_insn()
  KVM: x86: always stop emulation on page fault
  parisc: Disable HP HSC-PCI Cards to prevent kernel crash
  fuse: fix missing unlock_page in fuse_writepage()
  printk: Do not lose last line in kmsg buffer dump
  ALSA: firewire-tascam: check intermediate state of clock status and retry
  ALSA: firewire-tascam: handle error code when getting current source of clock
  media: omap3isp: Set device on omap3isp subdevs
  btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
  ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
  media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
  libertas: Add missing sentinel at end of if_usb.c fw_table
  mmc: sdhci: Fix incorrect switch to HS mode
  ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
  kprobes: Prohibit probing on BUG() and WARN() address
  dmaengine: ti: edma: Do not reset reserved paRAM slots
  md/raid1: fail run raid1 array when active disk less than one
  hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
  ACPI: custom_method: fix memory leaks
  libtraceevent: Change users plugin directory
  ACPI / CPPC: do not require the _PSD method
  media: ov9650: add a sanity check
  media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
  media: cpia2_usb: fix memory leaks
  media: saa7146: add cleanup in hexium_attach()
  media: hdpvr: add terminating 0 at end of string
  media: radio/si470x: kill urb on error
  net: lpc-enet: fix printk format strings
  media: omap3isp: Don't set streaming state on random subdevs
  dmaengine: iop-adma: use correct printk format strings
  media: gspca: zero usb_buf on error
  efi: cper: print AER info of PCIe fatal error
  md: don't set In_sync if array is frozen
  md: don't call spare_active in md_reap_sync_thread if all member devices can't work
  ia64:unwind: fix double free for mod->arch.init_unw_table
  ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
  base: soc: Export soc_device_register/unregister APIs
  media: iguanair: add sanity checks
  ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
  ALSA: hda - Show the fatal CORB/RIRB error more clearly
  x86/apic: Soft disable APIC before initializing it
  x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
  sched/core: Fix CPU controller for !RT_GROUP_SCHED
  sched/fair: Fix imbalance due to CPU affinity
  media: hdpvr: Add device num check and handling
  media: dib0700: fix link error for dibx000_i2c_set_speed
  leds: leds-lp5562 allow firmware files up to the maximum length
  dmaengine: bcm2835: Print error in case setting DMA mask fails
  ASoC: sgtl5000: Fix charge pump source assignment
  ALSA: hda: Flush interrupts on disabling
  nfc: enforce CAP_NET_RAW for raw sockets
  ieee802154: enforce CAP_NET_RAW for raw sockets
  ax25: enforce CAP_NET_RAW for raw sockets
  appletalk: enforce CAP_NET_RAW for raw sockets
  mISDN: enforce CAP_NET_RAW for raw sockets
  usbnet: sanity checking of packet sizes and device mtu
  usbnet: ignore endpoints with invalid wMaxPacketSize
  skge: fix checksum byte order
  sch_netem: fix a divide by zero in tabledist()
  openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
  net/phy: fix DP83865 10 Mbps HDX loopback disable function
  cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
  arcnet: provide a buffer big enough to actually receive packets
  Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
  drm: Flush output polling on shutdown
  f2fs: fix to do sanity check on segment bitmap of LFS curseg
  Revert "f2fs: avoid out-of-range memory access"
  f2fs: check all the data segments against all node ones
  irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
  locking/lockdep: Add debug_locks check in __lock_downgrade()
  mac80211: handle deauthentication/disassociation from TDLS peer
  mac80211: Print text for disassociation reason
  ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
  ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
  net: rds: Fix NULL ptr use in rds_tcp_kill_sock
  crypto: talitos - fix missing break in switch statement
  mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
  HID: hidraw: Fix invalid read in hidraw_ioctl
  HID: logitech: Fix general protection fault caused by Logitech driver
  HID: lg: make transfer buffers DMA capable
  HID: prodikeys: Fix general protection fault during probe
  Revert "Bluetooth: validate BLE connection interval updates"
  ANDROID: usb: gadget: Fix dependency for f_accessory
  Remove taskname from lowmemorykiller kill reports
  ANDROID: Fixes to locking around handle_lmk_event

Conflicts:
	drivers/staging/android/lowmemorykiller.c
	fs/f2fs/segment.c
	fs/f2fs/super.c

Change-Id: Id4b74ec2b0512aa13bc4392d61d5092f633fed0e
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>

6 files changed, 61 insertions, 26 deletions

diff --git a/arch/arm/mach-zynq/platsmp.c b/arch/arm/mach-zynq/platsmp.c
index f66816c49186..dabe33ac988e 100644
--- a/arch/arm/mach-zynq/platsmp.c
+++ b/arch/arm/mach-zynq/platsmp.c
@@ -65,7 +65,7 @@ int zynq_cpun_start(u32 address, int cpu)
 			* 0x4: Jump by mov instruction
 			* 0x8: Jumping address
 			*/
-			memcpy((__force void *)zero, &zynq_secondary_trampoline,
+			memcpy_toio(zero, &zynq_secondary_trampoline,
 							trampoline_size);
 			writel(address, zero + trampoline_size);
 
diff --git a/arch/ia64/kernel/module.c b/arch/ia64/kernel/module.c
index 36b2c94a8eb5..14c7184daaf6 100644
--- a/arch/ia64/kernel/module.c
+++ b/arch/ia64/kernel/module.c
@@ -912,8 +912,12 @@ module_finalize (const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs, struct module *mo
 void
 module_arch_cleanup (struct module *mod)
 {
-	if (mod->arch.init_unw_table)
+	if (mod->arch.init_unw_table) {
 		unw_remove_unwind_table(mod->arch.init_unw_table);
-	if (mod->arch.core_unw_table)
+		mod->arch.init_unw_table = NULL;
+	}
+	if (mod->arch.core_unw_table) {
 		unw_remove_unwind_table(mod->arch.core_unw_table);
+		mod->arch.core_unw_table = NULL;
+	}
 }
diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
index 834d1b5b4355..be3d4dcf3a10 100644
--- a/arch/x86/kernel/apic/apic.c
+++ b/arch/x86/kernel/apic/apic.c
@@ -1265,6 +1265,14 @@ void setup_local_APIC(void)
 		return;
 	}
 
+	/*
+	 * If this comes from kexec/kcrash the APIC might be enabled in
+	 * SPIV. Soft disable it before doing further initialization.
+	 */
+	value = apic_read(APIC_SPIV);
+	value &= ~APIC_SPIV_APIC_ENABLED;
+	apic_write(APIC_SPIV, value);
+
 #ifdef CONFIG_X86_32
 	/* Pound the ESR really hard over the head with a big hammer - mbligh */
 	if (lapic_is_integrated() && apic->disable_esr) {
diff --git a/arch/x86/kernel/smp.c b/arch/x86/kernel/smp.c
index 12c8286206ce..6a0ba9d09b0e 100644
--- a/arch/x86/kernel/smp.c
+++ b/arch/x86/kernel/smp.c
@@ -176,6 +176,12 @@ asmlinkage __visible void smp_reboot_interrupt(void)
 	irq_exit();
 }
 
+static int register_stop_handler(void)
+{
+	return register_nmi_handler(NMI_LOCAL, smp_stop_nmi_callback,
+				    NMI_FLAG_FIRST, "smp_stop");
+}
+
 static void native_stop_other_cpus(int wait)
 {
 	unsigned long flags;
@@ -209,39 +215,41 @@ static void native_stop_other_cpus(int wait)
 		apic->send_IPI_allbutself(REBOOT_VECTOR);
 
 		/*
-		 * Don't wait longer than a second if the caller
-		 * didn't ask us to wait.
+		 * Don't wait longer than a second for IPI completion. The
+		 * wait request is not checked here because that would
+		 * prevent an NMI shutdown attempt in case that not all
+		 * CPUs reach shutdown state.
 		 */
 		timeout = USEC_PER_SEC;
-		while (num_online_cpus() > 1 && (wait || timeout--))
+		while (num_online_cpus() > 1 && timeout--)
 			udelay(1);
 	}
-	
-	/* if the REBOOT_VECTOR didn't work, try with the NMI */
-	if ((num_online_cpus() > 1) && (!smp_no_nmi_ipi))  {
-		if (register_nmi_handler(NMI_LOCAL, smp_stop_nmi_callback,
-					 NMI_FLAG_FIRST, "smp_stop"))
-			/* Note: we ignore failures here */
-			/* Hope the REBOOT_IRQ is good enough */
-			goto finish;
-
-		/* sync above data before sending IRQ */
-		wmb();
 
-		pr_emerg("Shutting down cpus with NMI\n");
+	/* if the REBOOT_VECTOR didn't work, try with the NMI */
+	if (num_online_cpus() > 1) {
+		/*
+		 * If NMI IPI is enabled, try to register the stop handler
+		 * and send the IPI. In any case try to wait for the other
+		 * CPUs to stop.
+		 */
+		if (!smp_no_nmi_ipi && !register_stop_handler()) {
+			/* Sync above data before sending IRQ */
+			wmb();
 
-		apic->send_IPI_allbutself(NMI_VECTOR);
+			pr_emerg("Shutting down cpus with NMI\n");
 
+			apic->send_IPI_allbutself(NMI_VECTOR);
+		}
 		/*
-		 * Don't wait longer than a 10 ms if the caller
-		 * didn't ask us to wait.
+		 * Don't wait longer than 10 ms if the caller didn't
+		 * reqeust it. If wait is true, the machine hangs here if
+		 * one or more CPUs do not reach shutdown state.
 		 */
 		timeout = USEC_PER_MSEC * 10;
 		while (num_online_cpus() > 1 && (wait || timeout--))
 			udelay(1);
 	}
 
-finish:
 	local_irq_save(flags);
 	disable_local_APIC();
 	mcheck_cpu_clear(this_cpu_ptr(&cpu_info));
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index 5dd56e3517f3..6c7847b3aa2d 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -5245,6 +5245,8 @@ done_prefixes:
 					ctxt->memopp->addr.mem.ea + ctxt->_eip);
 
 done:
+	if (rc == X86EMUL_PROPAGATE_FAULT)
+		ctxt->have_exception = true;
 	return (rc != X86EMUL_CONTINUE) ? EMULATION_FAILED : EMULATION_OK;
 }
 
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 74674a6e4827..2b47fd3d4b8c 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -523,8 +523,14 @@ static int kvm_read_nested_guest_page(struct kvm_vcpu *vcpu, gfn_t gfn,
 				       data, offset, len, access);
 }
 
+static inline u64 pdptr_rsvd_bits(struct kvm_vcpu *vcpu)
+{
+	return rsvd_bits(cpuid_maxphyaddr(vcpu), 63) | rsvd_bits(5, 8) |
+	       rsvd_bits(1, 2);
+}
+
 /*
- * Load the pae pdptrs.  Return true is they are all valid.
+ * Load the pae pdptrs.  Return 1 if they are all valid, 0 otherwise.
  */
 int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3)
 {
@@ -543,8 +549,7 @@ int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3)
 	}
 	for (i = 0; i < ARRAY_SIZE(pdpte); ++i) {
 		if (is_present_gpte(pdpte[i]) &&
-		    (pdpte[i] &
-		     vcpu->arch.mmu.guest_rsvd_check.rsvd_bits_mask[0][2])) {
+		    (pdpte[i] & pdptr_rsvd_bits(vcpu))) {
 			ret = 0;
 			goto out;
 		}
@@ -5486,8 +5491,16 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu,
 			if (reexecute_instruction(vcpu, cr2, write_fault_to_spt,
 						emulation_type))
 				return EMULATE_DONE;
-			if (ctxt->have_exception && inject_emulated_exception(vcpu))
+			if (ctxt->have_exception) {
+				/*
+				 * #UD should result in just EMULATION_FAILED, and trap-like
+				 * exception should not be encountered during decode.
+				 */
+				WARN_ON_ONCE(ctxt->exception.vector == UD_VECTOR ||
+					     exception_type(ctxt->exception.vector) == EXCPT_TRAP);
+				inject_emulated_exception(vcpu);
 				return EMULATE_DONE;
+			}
 			if (emulation_type & EMULTYPE_SKIP)
 				return EMULATE_FAIL;
 			return handle_emulation_failure(vcpu);