Merge android-4.4.133 (3f51ea2) into msm-4.4

* refs/heads/tmp-3f51ea2
  Linux 4.4.133
  x86/kexec: Avoid double free_page() upon do_kexec_load() failure
  hfsplus: stop workqueue when fill_super() failed
  cfg80211: limit wiphy names to 128 bytes
  gpio: rcar: Add Runtime PM handling for interrupts
  time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting
  dmaengine: ensure dmaengine helpers check valid callback
  scsi: zfcp: fix infinite iteration on ERP ready list
  scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
  scsi: libsas: defer ata device eh commands to libata
  s390: use expoline thunks in the BPF JIT
  s390: extend expoline to BC instructions
  s390: move spectre sysfs attribute code
  s390/kernel: use expoline for indirect branches
  s390/lib: use expoline for indirect branches
  s390: move expoline assembler macros to a header
  s390: add assembler macros for CPU alternatives
  ext2: fix a block leak
  tcp: purge write queue in tcp_connect_init()
  sock_diag: fix use-after-free read in __sk_free
  packet: in packet_snd start writing at link layer allocation
  net: test tailroom before appending to linear skb
  btrfs: fix reading stale metadata blocks after degraded raid1 mounts
  btrfs: fix crash when trying to resume balance without the resume flag
  Btrfs: fix xattr loss after power failure
  ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
  ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
  ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
  tick/broadcast: Use for_each_cpu() specially on UP kernels
  ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
  efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
  s390: remove indirect branch from do_softirq_own_stack
  s390/qdio: don't release memory in qdio_setup_irq()
  s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
  s390/qdio: fix access to uninitialized qdio_q fields
  mm: don't allow deferred pages with NEED_PER_CPU_KM
  powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
  procfs: fix pthread cross-thread naming if !PR_DUMPABLE
  proc read mm's {arg,env}_{start,end} with mmap semaphore taken.
  tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
  cpufreq: intel_pstate: Enable HWP by default
  signals: avoid unnecessary taking of sighand->siglock
  mm: filemap: avoid unnecessary calls to lock_page when waiting for IO to complete during a read
  mm: filemap: remove redundant code in do_read_cache_page
  proc: meminfo: estimate available memory more conservatively
  vmscan: do not force-scan file lru if its absolute size is small
  powerpc: Don't preempt_disable() in show_cpuinfo()
  cpuidle: coupled: remove unused define cpuidle_coupled_lock
  powerpc/powernv: remove FW_FEATURE_OPALv3 and just use FW_FEATURE_OPAL
  powerpc/powernv: Remove OPALv2 firmware define and references
  powerpc/powernv: panic() on OPAL < V3
  spi: pxa2xx: Allow 64-bit DMA
  ALSA: control: fix a redundant-copy issue
  ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
  ALSA: usb: mixer: volume quirk for CM102-A+/102S+
  usbip: usbip_host: fix bad unlock balance during stub_probe()
  usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
  usbip: usbip_host: run rebind from exit when module is removed
  usbip: usbip_host: delete device from busid_table after rebind
  usbip: usbip_host: refine probe and disconnect debug msgs to be useful
  kernel/exit.c: avoid undefined behaviour when calling wait4()
  futex: futex_wake_op, fix sign_extend32 sign bits
  pipe: cap initial pipe capacity according to pipe-max-size limit
  l2tp: revert "l2tp: fix missing print session offset info"
  Revert "ARM: dts: imx6qdl-wandboard: Fix audio channel swap"
  lockd: lost rollback of set_grace_period() in lockd_down_net()
  xfrm: fix xfrm_do_migrate() with AEAD e.g(AES-GCM)
  futex: Remove duplicated code and fix undefined behaviour
  futex: Remove unnecessary warning from get_futex_key
  arm64: Add work around for Arm Cortex-A55 Erratum 1024718
  arm64: introduce mov_q macro to move a constant into a 64-bit register
  audit: move calcs after alloc and check when logging set loginuid
  ALSA: timer: Call notifier in the same spinlock
  sctp: delay the authentication for the duplicated cookie-echo chunk
  sctp: fix the issue that the cookie-ack with auth can't get processed
  tcp: ignore Fast Open on repair mode
  bonding: do not allow rlb updates to invalid mac
  tg3: Fix vunmap() BUG_ON() triggered from tg3_free_consistent().
  sctp: use the old asoc when making the cookie-ack chunk in dupcook_d
  sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
  r8169: fix powering up RTL8168h
  qmi_wwan: do not steal interfaces from class drivers
  openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
  net: support compat 64-bit time in {s,g}etsockopt
  net_sched: fq: take care of throttled flows before reuse
  net/mlx4_en: Verify coalescing parameters are in range
  net: ethernet: sun: niu set correct packet size in skb
  llc: better deal with too small mtu
  ipv4: fix memory leaks in udp_sendmsg, ping_v4_sendmsg
  dccp: fix tasklet usage
  bridge: check iface upper dev when setting master via ioctl
  8139too: Use disable_irq_nosync() in rtl8139_poll_controller()
  BACKPORT, FROMLIST: fscrypt: add Speck128/256 support
  cgroup: Disable IRQs while holding css_set_lock
  Revert "cgroup: Disable IRQs while holding css_set_lock"
  cgroup: Disable IRQs while holding css_set_lock
  ANDROID: proc: fix undefined behavior in proc_uid_base_readdir
  x86: vdso: Fix leaky vdso linker with CC=clang.
  ANDROID: build: cuttlefish: Upgrade clang to newer version.
  ANDROID: build: cuttlefish: Upgrade clang to newer version.
  ANDROID: build: cuttlefish: Fix path to clang.
  UPSTREAM: dm bufio: avoid sleeping while holding the dm_bufio lock
  ANDROID: sdcardfs: Don't d_drop in d_revalidate

Conflicts:
	arch/arm64/include/asm/cputype.h
	fs/ext4/crypto.c
	fs/ext4/ext4.h
	kernel/cgroup.c
	mm/vmscan.c

Change-Id: Ic10c5722b6439af1cf423fd949c493f786764d7e
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>

1 files changed, 42 insertions, 2 deletions

diff --git a/kernel/futex.c b/kernel/futex.c
index 760a97da1050..aedb36c0fd92 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -666,13 +666,14 @@ again:
 		 * this reference was taken by ihold under the page lock
 		 * pinning the inode in place so i_lock was unnecessary. The
 		 * only way for this check to fail is if the inode was
-		 * truncated in parallel so warn for now if this happens.
+		 * truncated in parallel which is almost certainly an
+		 * application bug. In such a case, just retry.
 		 *
 		 * We are not calling into get_futex_key_refs() in file-backed
 		 * cases, therefore a successful atomic_inc return below will
 		 * guarantee that get_futex_key() will still imply smp_mb(); (B).
 		 */
-		if (WARN_ON_ONCE(!atomic_inc_not_zero(&inode->i_count))) {
+		if (!atomic_inc_not_zero(&inode->i_count)) {
 			rcu_read_unlock();
 			put_page(page_head);
 
@@ -1452,6 +1453,45 @@ out:
 	return ret;
 }
 
+static int futex_atomic_op_inuser(unsigned int encoded_op, u32 __user *uaddr)
+{
+	unsigned int op =	  (encoded_op & 0x70000000) >> 28;
+	unsigned int cmp =	  (encoded_op & 0x0f000000) >> 24;
+	int oparg = sign_extend32((encoded_op & 0x00fff000) >> 12, 11);
+	int cmparg = sign_extend32(encoded_op & 0x00000fff, 11);
+	int oldval, ret;
+
+	if (encoded_op & (FUTEX_OP_OPARG_SHIFT << 28)) {
+		if (oparg < 0 || oparg > 31)
+			return -EINVAL;
+		oparg = 1 << oparg;
+	}
+
+	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
+		return -EFAULT;
+
+	ret = arch_futex_atomic_op_inuser(op, oparg, &oldval, uaddr);
+	if (ret)
+		return ret;
+
+	switch (cmp) {
+	case FUTEX_OP_CMP_EQ:
+		return oldval == cmparg;
+	case FUTEX_OP_CMP_NE:
+		return oldval != cmparg;
+	case FUTEX_OP_CMP_LT:
+		return oldval < cmparg;
+	case FUTEX_OP_CMP_GE:
+		return oldval >= cmparg;
+	case FUTEX_OP_CMP_LE:
+		return oldval <= cmparg;
+	case FUTEX_OP_CMP_GT:
+		return oldval > cmparg;
+	default:
+		return -ENOSYS;
+	}
+}
+
 /*
  * Wake up all waiters hashed on the physical page that is mapped
  * to this virtual address: