Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Cc: Andreas Gruenbacher <agruenba@redhat.com>

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Cc: Jaegeuk Kim <jaegeuk@kernel.org>

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Omar Sandoval <osandov@fb.com>
Cc: Chris Mason <clm@fb.com>

The problem with writecount is: we want consistent handling of it for
underlying filesystems as well as overlayfs.  Making sure i_writecount is
correct on all layers is difficult.  Instead this patch makes sure that
when write access is acquired, it's always done on the underlying writable
layer (called the upper layer).  We must also make sure to look at the
writecount on this layer when checking for conflicting leases.

Open for write already updates the upper layer's writecount.  Leaving only
truncate.

For truncate copy up must happen before get_write_access() so that the
writecount is updated on the upper layer.  Problem with this is if
something fails after that, then copy-up was done needlessly.  E.g. if
break_lease() was interrupted.  Probably not a big deal in practice.

Another interesting case is if there's a denywrite on a lower file that is
then opened for write or truncated.  With this patch these will succeed,
which is somewhat counterintuitive.  But I think it's still acceptable,
considering that the copy-up does actually create a different file, so the
old, denywrite mapping won't be touched.

On non-overlayfs d_real() is an identity function and d_real_inode() is
equivalent to d_inode() so this patch doesn't change behavior in that case.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Acked-by: Jeff Layton <jlayton@poochiereds.net>
Cc: "J. Bruce Fields" <bfields@fieldses.org>

d_op->d_real() leaves the dentry alone except if the third argument is
non-zero.  Unfortunately very difficult to explain to the compiler without
a cast.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Acked-by: Jeff Layton <jlayton@poochiereds.net>

This patch allows flock, posix locks, ofd locks and leases to work
correctly on overlayfs.

Instead of using the underlying inode for storing lock context use the
overlay inode.  This allows locks to be persistent across copy-up.

This is done by introducing locks_inode() helper and using it instead of
file_inode() to get the inode in locking code.  For non-overlayfs the two
are equivalent, except for an extra pointer dereference in locks_inode().

Since lock operations are in "struct file_operations" we must also make
sure not to call underlying filesystem's lock operations.  Introcude a
super block flag MS_NOREMOTELOCK to this effect.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Acked-by: Jeff Layton <jlayton@poochiereds.net>
Cc: "J. Bruce Fields" <bfields@fieldses.org>

When an event occurs direct it to the overlay inode instead of the real
underlying inode.

This will work even if the file was first on the lower layer and then
copied up, while the watch is there.  This is because the watch is on the
overlay inode, which stays the same through the copy-up.

For filesystems other than overlayfs this is a no-op, except for the
performance impact of an extra pointer dereferece.

Verified to work correctly with the inotify/fanotify tests in LTP.
Signed-off-by: Aihua Zhang <zhangaihua1@huawei.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Eric Paris <eparis@redhat.com>

On overlayfs relatime_need_update() needs inode times to be correct on
overlay inode.  But i_mtime and i_ctime are updated by filesystem code on
underlying inode only, so they will be out-of-date on the overlay inode.

This patch copies the times from the underlying inode if needed.  This
can't be done if called from RCU lookup (link following) but link m/ctime
are not updated by fs, so this is all right.

This patch doesn't change functionality for anything but overlayfs.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

This fixes a bug where the permission was not properly checked in
overlayfs.  The testcase is ltp/utimensat01.

It is also cleaner and safer to do the permission checking in the vfs
helper instead of the caller.

This patch introduces an additional ia_valid flag ATTR_TOUCH (since
touch(1) is the most obvious user of utimes(NULL)) that is passed into
notify_change whenever the conditions for this special permission checking
mode are met.
Reported-by: Aihua Zhang <zhangaihua1@huawei.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Tested-by: Aihua Zhang <zhangaihua1@huawei.com>
Cc: <stable@vger.kernel.org> # v3.18+

Ima tries to call ->setxattr() on overlayfs dentry after having locked
underlying inode, which results in a deadlock.
Reported-by: Krisztian Litkey <kli@iki.fi>
Fixes: 4bacc9c9 ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay")
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Cc: <stable@vger.kernel.org> # v4.2
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>

Commit aa719874 ("nvme: fabrics drivers don't need the nvme-pci
driver") removed the dependency on BLK_DEV_NVME, but the cdoe does
depend on the block layer (which used to be an implicit dependency
through BLK_DEV_NVME).

Otherwise you get various errors from the kbuild test robot random
config testing when that happens to hit a configuration with BLOCK
device support disabled.

Cc: Christoph Hellwig <hch@lst.de>
Cc: Jay Freyensee <james_p_freyensee@linux.intel.com>
Cc: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Pull IIO fixes from Greg KH:
 "Here are a few small IIO fixes for 4.8-rc6.

  Nothing major, full details are in the shortlog, all of these have
  been in linux-next with no reported issues"

* tag 'staging-4.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  iio:core: fix IIO_VAL_FRACTIONAL sign handling
  iio: ensure ret is initialized to zero before entering do loop
  iio: accel: kxsd9: Fix scaling bug
  iio: accel: bmc150: reset chip at init time
  iio: fix pressure data output unit in hid-sensor-attributes
  tools:iio:iio_generic_buffer: fix trigger-less mode

Pull USB fixes from Greg KH:
 "Here are some small USB gadget, phy, and xhci fixes for 4.8-rc6.

  All of these resolve minor issues that have been reported, and all
  have been in linux-next with no reported issues"

* tag 'usb-4.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  usb: chipidea: udc: fix NULL ptr dereference in isr_setup_status_phase
  xhci: fix null pointer dereference in stop command timeout function
  usb: dwc3: pci: fix build warning on !PM_SLEEP
  usb: gadget: prevent potenial null pointer dereference on skb->len
  usb: renesas_usbhs: fix clearing the {BRDY,BEMP}STS condition
  usb: phy: phy-generic: Check clk_prepare_enable() error
  usb: gadget: udc: renesas-usb3: clear VBOUT bit in DRD_CON
  Revert "usb: dwc3: gadget: always decrement by 1"

Pull libnvdimm fixes from Dan Williams:
 "nvdimm fixes for v4.8, two of them are tagged for -stable:

   - Fix devm_memremap_pages() to use track_pfn_insert().  Otherwise,
     DAX pmd mappings end up with an uncached pgprot, and unusable
     performance for the device-dax interface.  The device-dax interface
     appeared in 4.7 so this is tagged for -stable.

   - Fix a couple VM_BUG_ON() checks in the show_smaps() path to
     understand DAX pmd entries.  This fix is tagged for -stable.

   - Fix a mis-merge of the nfit machine-check handler to flip the
     polarity of an if() to match the final version of the patch that
     Vishal sent for 4.8-rc1.  Without this the nfit machine check
     handler never detects / inserts new 'badblocks' entries which
     applications use to identify lost portions of files.

   - For test purposes, fix the nvdimm_clear_poison() path to operate on
     legacy / simulated nvdimm memory ranges.  Without this fix a test
     can set badblocks, but never clear them on these ranges.

   - Fix the range checking done by dax_dev_pmd_fault().  This is not
     tagged for -stable since this problem is mitigated by specifying
     aligned resources at device-dax setup time.

  These patches have appeared in a next release over the past week.  The
  recent rebase you can see in the timestamps was to drop an invalid fix
  as identified by the updated device-dax unit tests [1].  The -mm
  touches have an ack from Andrew"

[1]: "[ndctl PATCH 0/3] device-dax test for recent kernel bugs"
   https://lists.01.org/pipermail/linux-nvdimm/2016-September/006855.html

* 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
  libnvdimm: allow legacy (e820) pmem region to clear bad blocks
  nfit, mce: Fix SPA matching logic in MCE handler
  mm: fix cache mode of dax pmd mappings
  mm: fix show_smap() for zone_device-pmd ranges
  dax: fix mapping size check

Pull i2c fixes from Wolfram Sang:
 "Mostly driver bugfixes, but also a few cleanups which are nice to have
  out of the way"

* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
  i2c: rk3x: Restore clock settings at resume time
  i2c: Spelling s/acknowedge/acknowledge/
  i2c: designware: save the preset value of DW_IC_SDA_HOLD
  Documentation: i2c: slave-interface: add note for driver development
  i2c: mux: demux-pinctrl: run properly with multiple instances
  i2c: bcm-kona: fix inconsistent indenting
  i2c: rcar: use proper device with dma_mapping_error
  i2c: sh_mobile: use proper device with dma_mapping_error
  i2c: mux: demux-pinctrl: invalidate properly when switching fails

Pull fscrypto fixes fromTed Ts'o:
 "Fix some brown-paper-bag bugs for fscrypto, including one one which
  allows a malicious user to set an encryption policy on an empty
  directory which they do not own"

* tag 'for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  fscrypto: require write access to mount to set encryption policy
  fscrypto: only allow setting encryption policy on directories
  fscrypto: add authorization check for setting encryption policy

Since setting an encryption policy requires writing metadata to the
filesystem, it should be guarded by mnt_want_write/mnt_drop_write.
Otherwise, a user could cause a write to a frozen or readonly
filesystem.  This was handled correctly by f2fs but not by ext4.  Make
fscrypt_process_policy() handle it rather than relying on the filesystem
to get it right.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Cc: stable@vger.kernel.org # 4.1+; check fs/{ext4,f2fs}
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Acked-by: Jaegeuk Kim <jaegeuk@kernel.org>

The FS_IOC_SET_ENCRYPTION_POLICY ioctl allowed setting an encryption
policy on nondirectory files.  This was unintentional, and in the case
of nonempty regular files did not behave as expected because existing
data was not actually encrypted by the ioctl.

In the case of ext4, the user could also trigger filesystem errors in
->empty_dir(), e.g. due to mismatched "directory" checksums when the
kernel incorrectly tried to interpret a regular file as a directory.

This bug affected ext4 with kernels v4.8-rc1 or later and f2fs with
kernels v4.6 and later.  It appears that older kernels only permitted
directories and that the check was accidentally lost during the
refactoring to share the file encryption code between ext4 and f2fs.

This patch restores the !S_ISDIR() check that was present in older
kernels.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

On an ext4 or f2fs filesystem with file encryption supported, a user
could set an encryption policy on any empty directory(*) to which they
had readonly access.  This is obviously problematic, since such a
directory might be owned by another user and the new encryption policy
would prevent that other user from creating files in their own directory
(for example).

Fix this by requiring inode_owner_or_capable() permission to set an
encryption policy.  This means that either the caller must own the file,
or the caller must have the capability CAP_FOWNER.

(*) Or also on any regular file, for f2fs v4.6 and later and ext4
    v4.8-rc1 and later; a separate bug fix is coming for that.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Cc: stable@vger.kernel.org # 4.1+; check fs/{ext4,f2fs}
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

Bad blocks can be injected via /sys/block/pmemN/badblocks. In a situation
where legacy pmem is being used or a pmem region created by using memmap
kernel parameter, the injected bad blocks are not cleared due to
nvdimm_clear_poison() failing from lack of ndctl function pointer. In
this case we need to just return as handled and allow the bad blocks to
be cleared rather than fail.
Reviewed-by: Vishal Verma <vishal.l.verma@intel.com>
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>

The check for a 'pmem' type SPA in the MCE handler was inverted due to a
merge/rebase error.

Fixes: 6839a6d9 nfit: do an ARS scrub on hitting a latent media error
Cc: linux-acpi@vger.kernel.org
Cc: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Vishal Verma <vishal.l.verma@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>

track_pfn_insert() in vmf_insert_pfn_pmd() is marking dax mappings as
uncacheable rendering them impractical for application usage.  DAX-pte
mappings are cached and the goal of establishing DAX-pmd mappings is to
attain more performance, not dramatically less (3 orders of magnitude).

track_pfn_insert() relies on a previous call to reserve_memtype() to
establish the expected page_cache_mode for the range.  While memremap()
arranges for reserve_memtype() to be called, devm_memremap_pages() does
not.  So, teach track_pfn_insert() and untrack_pfn() how to handle
tracking without a vma, and arrange for devm_memremap_pages() to
establish the write-back-cache reservation in the memtype tree.

Cc: <stable@vger.kernel.org>
Cc: Matthew Wilcox <mawilcox@microsoft.com>
Cc: Ross Zwisler <ross.zwisler@linux.intel.com>
Cc: Nilesh Choudhury <nilesh.choudhury@oracle.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Reported-by: Toshi Kani <toshi.kani@hpe.com>
Reported-by: Kai Zhang <kai.ka.zhang@oracle.com>
Acked-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>

Attempting to dump /proc/<pid>/smaps for a process with pmd dax mappings
currently results in the following VM_BUG_ONs:

 kernel BUG at mm/huge_memory.c:1105!
 task: ffff88045f16b140 task.stack: ffff88045be14000
 RIP: 0010:[<ffffffff81268f9b>]  [<ffffffff81268f9b>] follow_trans_huge_pmd+0x2cb/0x340
 [..]
 Call Trace:
  [<ffffffff81306030>] smaps_pte_range+0xa0/0x4b0
  [<ffffffff814c2755>] ? vsnprintf+0x255/0x4c0
  [<ffffffff8123c46e>] __walk_page_range+0x1fe/0x4d0
  [<ffffffff8123c8a2>] walk_page_vma+0x62/0x80
  [<ffffffff81307656>] show_smap+0xa6/0x2b0

 kernel BUG at fs/proc/task_mmu.c:585!
 RIP: 0010:[<ffffffff81306469>]  [<ffffffff81306469>] smaps_pte_range+0x499/0x4b0
 Call Trace:
  [<ffffffff814c2795>] ? vsnprintf+0x255/0x4c0
  [<ffffffff8123c46e>] __walk_page_range+0x1fe/0x4d0
  [<ffffffff8123c8a2>] walk_page_vma+0x62/0x80
  [<ffffffff81307696>] show_smap+0xa6/0x2b0

These locations are sanity checking page flags that must be set for an
anonymous transparent huge page, but are not set for the zone_device
pages associated with dax mappings.

Cc: Ross Zwisler <ross.zwisler@linux.intel.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Acked-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>

Pull virtio fixes from Michael Tsirkin:
 "This includes a couple of bugfixs for virtio.

  The virtio console patch is actually also in x86/tip targeting 4.9
  because it helps vmap stacks, but it also fixes IOMMU_PLATFORM which
  was added in 4.8, and it seems important not to ship that in a broken
  configuration"

* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
  virtio_console: Stop doing DMA on the stack
  virtio: mark vring_dma_dev() static

Pull power management fixes from Rafael Wysocki:
 "This includes a PM QoS framework fix from Tejun to prevent interrupts
  from being enabled unexpectedly during early boot and a cpufreq
  documentation fix.

  Specifics:

   - If the PM QoS framework invokes cancel_delayed_work_sync() during
     early boot, it will enable interrupts which is not expected at that
     point, so prevent it from happening (Tejun Heo)

   - Fix cpufreq statistic documentation to follow a recent change in
     behavior that forgot to update it as appropriate (Jean Delvare)"

* tag 'pm-4.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  cpufreq-stats: Minor documentation fix
  PM / QoS: avoid calling cancel_delayed_work_sync() during early boot

* pm-core-fixes:
  PM / QoS: avoid calling cancel_delayed_work_sync() during early boot

* pm-cpufreq-fixes:
  cpufreq-stats: Minor documentation fix

Pull GPIO fixes from Linus Walleij:
 "Some GPIO fixes that have been boiling the last two weeks or so.
  Nothing special, I'm trying to sort out some Kconfig business and
  Russell needs a fix in for -his SA1100 rework.

  Summary:

   - Revert a pointless attempt to add an include to solve the UM allyes
     compilation problem.

   - Make the mcp23s08 depend on OF_GPIO as it uses it and doesn't
     compile properly without it.

   - Fix a probing problem for ucb1x00"

* tag 'gpio-v4.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
  gpio: sa1100: fix irq probing for ucb1x00
  gpio: mcp23s08: make driver depend on OF_GPIO
  Revert "gpio: include <linux/io-mapping.h> in gpiolib-of"

Pull fuse fix from Miklos Szeredi:
 "This fixes a deadlock when fuse, direct I/O and loop device are
  combined"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
  fuse: direct-io: don't dirty ITER_BVEC pages

Pull overlayfs fix from Miklos Szeredi:
 "This fixes a regression caused by the last pull request"

* 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
  ovl: fix workdir creation

Pull btrfs fixes from Chris Mason:
 "I'm not proud of how long it took me to track down that one liner in
  btrfs_sync_log(), but the good news is the patches I was trying to
  blame for these problems were actually fine (sorry Filipe)"

* 'for-linus-4.8' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
  btrfs: introduce tickets_id to determine whether asynchronous metadata reclaim work makes progress
  btrfs: remove root_log_ctx from ctx list before btrfs_sync_log returns
  btrfs: do not decrease bytes_may_use when replaying extents

Pull sound fixes from Takashi Iwai:
 "We've got quite a few fixes at this time, and all are stable patches.

  syzkaller strikes back again (episode 19 or so), and we had to plug
  some holes in ALSA core part (mostly timer).

  In addition, a couple of FireWire audio fixes for the invalid copy
  user calls in locks, and a few quirks for HD-audio and USB-audio as
  usual are included"

* tag 'sound-4.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: rawmidi: Fix possible deadlock with virmidi registration
  ALSA: timer: Fix zero-division by continue of uninitialized instance
  ALSA: timer: fix NULL pointer dereference in read()/ioctl() race
  ALSA: fireworks: accessing to user space outside spinlock
  ALSA: firewire-tascam: accessing to user space outside spinlock
  ALSA: hda - Enable subwoofer on Dell Inspiron 7559
  ALSA: hda - Add headset mic quirk for Dell Inspiron 5468
  ALSA: usb-audio: Add sample rate inquiry quirk for B850V3 CP2114
  ALSA: timer: fix NULL pointer dereference on memory allocation failure
  ALSA: timer: fix division by zero after SNDRV_TIMER_IOCTL_CONTINUE

virtio_console uses a small DMA buffer for control requests.  Move
that buffer into heap memory.

Doing virtio DMA on the stack is normally okay on non-DMA-API virtio
systems (which is currently most of them), but it breaks completely
if the stack is virtually mapped.

Tested by typing both directions using picocom aimed at /dev/hvc0.
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>

We get 1 warning when building kernel with W=1:
drivers/virtio/virtio_ring.c:170:16: warning: no previous prototype for 'vring_dma_dev' [-Wmissing-prototypes]

In fact, this function is only used in the file in which it is
declared and don't need a declaration, but can be made static.
so this patch marks this function with 'static'.
Signed-off-by: Baoyou Xie <baoyou.xie@linaro.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Pull arm64 fixes from Catalin Marinas:

 - smp_mb__before_spinlock() changed to smp_mb() on arm64 since the
   generic definition to smp_wmb() is not sufficient

 - avoid a recursive loop with the graph tracer by using using
   preempt_(enable|disable)_notrace in _percpu_(read|write)

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: use preempt_disable_notrace in _percpu_read/write
  arm64: spinlocks: implement smp_mb__before_spinlock() as smp_mb()

Pull powerpc fixes from Michael Ellerman:
 "Fixes marked for stable:
   - Don't alias user region to other regions below PAGE_OFFSET from
     Paul Mackerras
   - Fix again csum_partial_copy_generic() on 32-bit from Christophe
     Leroy
   - Fix corrupted PE allocation bitmap on releasing PE from Gavin Shan

  Fixes for code merged this cycle:
   - Fix crash on releasing compound PE from Gavin Shan
   - Fix processor numbers in OPAL ICP from Benjamin Herrenschmidt
   - Fix little endian build with CONFIG_KEXEC=n from Thiago Jung
     Bauermann"

* tag 'powerpc-4.8-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/mm: Don't alias user region to other regions below PAGE_OFFSET
  powerpc/32: Fix again csum_partial_copy_generic()
  powerpc/powernv: Fix corrupted PE allocation bitmap on releasing PE
  powerpc/powernv: Fix crash on releasing compound PE
  powerpc/xics/opal: Fix processor numbers in OPAL ICP
  powerpc/pseries: Fix little endian build with CONFIG_KEXEC=n

Pull ARM fixes from Russell King:
 "A few ARM fixes:

   - Robin Murphy noticed that the non-secure privileged entry was
     relying on undefined behaviour, which needed to be fixed.

   - Vladimir Murzin noticed that prov-v7 fails to build for MMUless
     configurations because a required header file wasn't included.

   - A bunch of fixes for StrongARM regressions found while testing
     4.8-rc on such platforms"

* 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
  ARM: sa1100: clear reset status prior to reboot
  ARM: 8600/1: Enforce some NS-SVC initialisation
  ARM: 8599/1: mm: pull asm/memory.h explicitly
  ARM: sa1100: register clocks early
  ARM: sa1100: fix 3.6864MHz clock

Merge tag 'fixes-for-v4.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus

Felipe writes:

usb: fixes for v4.8-rc6

Unfortunately we have a bogus dwc3 patch leaked through the cracks and
got merged into Linus' HEAD. That patch ended up causing off-by-1 error
in our TRB accounting logic. Thankfully John Youn found out the problem
and we provided a revert to the bogus dwc3 patch in no time.

Apart from this off-by-1 error, we have two fixes to the Renesas drivers,
a small fix to our generic phy driver, a NULL pointer dereference fix for
f_eem and a build warning fix in dwc3.

Merge tag 'usb-ci-v4.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/peter.chen/usb into usb-linus

Peter writes:

Fix the possible kernel panic when the hardware signal is bad for chipidea udc.

Merge tag 'iio-fixes-for-4.8b' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus

Jonathan writes:

Second set of IIO fixes for the 4.8 cycle.

We have a big rework of the kxsd9 driver queued up behind the fix below and
a fix for a recent fix that was marked for stable.
Hence this fix series is perhaps a little more urgent than average for IIO.
* core
  - a fix for a fix in the last set.  The recent fix for blocking ops when
   ! task running left a path (unlikely one) in which the function return
   value was not set - so initialise it to 0.
  - The IIO_TYPE_FRACTIONAL code previously didn't cope with negative
  fractions.  Turned out a fix for this was in Analog's tree but hadn't made
  it upstream.
* bmc150
  - reset chip at init time. At least one board out there ends up coming up
  in an unstable state due to noise during power up.  The reset does no
  harm on other boards.
* kxsd9
  - Fix a bug in the reported scaling due to failing to set the integer
  part to 0.
* hid-sensors-pressure
  - Output was in the wrong units to comply with the IIO ABI.
* tools
  - iio_generic_buffer: Fix the trigger-less mode by ensuring we don't fault
    out for having no trigger when we explicitly said we didn't want to have
    one.