Merge branch 'for-linus' into next

Sync up to bring in wacom_w8001 changes to avoid merge conflicts later.

Merge tag 'v4.7-rc6' into x86/mm, to merge fixes before applying new changes

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge branches 'acpica-fixes', 'acpi-pci-fixes' and 'acpi-debug-fixes'

* acpica-fixes:
ACPICA: Namespace: Fix namespace/interpreter lock ordering

* acpi-pci-fixes:
ACPI,PCI,IRQ: separate ISA pe

Merge branches 'acpica-fixes', 'acpi-pci-fixes' and 'acpi-debug-fixes'

* acpica-fixes:
ACPICA: Namespace: Fix namespace/interpreter lock ordering

* acpi-pci-fixes:
ACPI,PCI,IRQ: separate ISA penalty calculation
Revert "ACPI, PCI, IRQ: remove redundant code in acpi_irq_penalty_init()"
ACPI,PCI,IRQ: factor in PCI possible

* acpi-debug-fixes:
ACPI / debugger: Fix regression introduced by IS_ERR_VALUE() removal

show more ...

Merge branch 'jejb-fixes' into fixes

Merge branch 'cec-defines' into for-linus

Let's bring in HDMI CEC defines to ease merging CEC support in the next
merge window.

Merge branches 'pm-opp' and 'pm-cpufreq-fixes'

* pm-opp:
PM / OPP: Add 'UNKNOWN' status for shared_opp in struct opp_table

* pm-cpufreq-fixes:
cpufreq: intel_pstate: Adjust _PSS[0] freqeuency i

Merge branches 'pm-opp' and 'pm-cpufreq-fixes'

* pm-opp:
PM / OPP: Add 'UNKNOWN' status for shared_opp in struct opp_table

* pm-cpufreq-fixes:
cpufreq: intel_pstate: Adjust _PSS[0] freqeuency if needed

show more ...

Merge branch 'x86/urgent' into x86/cpu, to pick up dependency

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge branch 'linus' into perf/core, to refresh the branch

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge tag 'v4.7-rc2' into v4l_for_linus

Linux 4.7-rc2

* tag 'v4.7-rc2': (10914 commits)
Linux 4.7-rc2
devpts: Make each mount of devpts an independent filesystem.
parisc: Move die_if_kernel()

Merge tag 'v4.7-rc2' into v4l_for_linus

Linux 4.7-rc2

* tag 'v4.7-rc2': (10914 commits)
Linux 4.7-rc2
devpts: Make each mount of devpts an independent filesystem.
parisc: Move die_if_kernel() prototype into traps.h header
parisc: Fix pagefault crash in unaligned __get_user() call
parisc: Fix printk time during boot
parisc: Fix backtrace on PA-RISC
mm, page_alloc: recalculate the preferred zoneref if the context can ignore memory policies
mm, page_alloc: reset zonelist iterator after resetting fair zone allocation policy
mm, oom_reaper: do not use siglock in try_oom_reaper()
mm, page_alloc: prevent infinite loop in buffered_rmqueue()
checkpatch: reduce git commit description style false positives
mm/z3fold.c: avoid modifying HEADLESS page and minor cleanup
memcg: add RCU locking around css_for_each_descendant_pre() in memcg_offline_kmem()
mm: check the return value of lookup_page_ext for all call sites
kdump: fix dmesg gdbmacro to work with record based printk
mm: fix overflow in vm_map_ram()
Btrfs: deal with duplciates during extent_map insertion in btrfs_get_extent
arm64: fix alignment when RANDOMIZE_TEXT_OFFSET is enabled
arm64: move {PAGE,CONT}_SHIFT into Kconfig
arm64: mm: dump: log span level
...

show more ...

Merge branches 'acpica-fixes', 'acpi-video' and 'acpi-processor'

* acpica-fixes:
ACPICA / Hardware: Fix old register check in acpi_hw_get_access_bit_width()

* acpi-video:
ACPI / Thermal / video

Merge branches 'acpica-fixes', 'acpi-video' and 'acpi-processor'

* acpica-fixes:
ACPICA / Hardware: Fix old register check in acpi_hw_get_access_bit_width()

* acpi-video:
ACPI / Thermal / video: fix max_level incorrect value

* acpi-processor:
ACPI / processor: Avoid reserving IO regions too early

show more ...

Merge tag 'irqchip-4.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/urgent

Merge irqchip updates from Marc Zyngier:

- A number of embarassing buglets (GICv3, PIC

Merge tag 'irqchip-4.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/urgent

Merge irqchip updates from Marc Zyngier:

- A number of embarassing buglets (GICv3, PIC32)
- A more substential errata workaround for Cavium's GICv3 ITS
(kept for post-rc1 due to its dependency on NUMA)

show more ...

Merge remote-tracking branch 'airlied/drm-next' into drm-intel-next-queued

Git got absolutely destroyed with all our cherry-picking from
drm-intel-next-queued to various branches. It ended up insert

Merge remote-tracking branch 'airlied/drm-next' into drm-intel-next-queued

Git got absolutely destroyed with all our cherry-picking from
drm-intel-next-queued to various branches. It ended up inserting
intel_crtc_page_flip 2x even in intel_display.c.

Backmerge to get back to sanity.

Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>

show more ...

Merge tag 'v4.7-rc1' into patchwork

Linux 4.7-rc1

* tag 'v4.7-rc1': (10534 commits)
Linux 4.7-rc1
hash_string: Fix zero-length case for !DCACHE_WORD_ACCESS
Rename other copy of hash_string to

Merge tag 'v4.7-rc1' into patchwork

Linux 4.7-rc1

* tag 'v4.7-rc1': (10534 commits)
Linux 4.7-rc1
hash_string: Fix zero-length case for !DCACHE_WORD_ACCESS
Rename other copy of hash_string to hashlen_string
hpfs: implement the show_options method
affs: fix remount failure when there are no options changed
hpfs: fix remount failure when there are no options changed
fs: fix binfmt_aout.c build error
h8300: Add <asm/hash.h>
microblaze: Add <asm/hash.h>
m68k: Add <asm/hash.h>
<linux/hash.h>: Add support for architecture-specific functions
fs/namei.c: Improve dcache hash function
Eliminate bad hash multipliers from hash_32() and hash_64()
Change hash_64() return value to 32 bits
<linux/sunrpc/svcauth.h>: Define hash_str() in terms of hashlen_string()
fs/namei.c: Add hashlen_string() function
Pull out string hash to <linux/stringhash.h>
Revert "platform/chrome: chromeos_laptop: Add Leon Touch"
i2c: dev: use after free in detach
MIPS: Add missing FROZEN hotplug notifier transitions
...

show more ...

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris:
"Highlights:

- A new LSM, "LoadPin", from Kees Coo

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security subsystem updates from James Morris:
"Highlights:

- A new LSM, "LoadPin", from Kees Cook is added, which allows forcing
of modules and firmware to be loaded from a specific device (this
is from ChromeOS, where the device as a whole is verified
cryptographically via dm-verity).

This is disabled by default but can be configured to be enabled by
default (don't do this if you don't know what you're doing).

- Keys: allow authentication data to be stored in an asymmetric key.
Lots of general fixes and updates.

- SELinux: add restrictions for loading of kernel modules via
finit_module(). Distinguish non-init user namespace capability
checks. Apply execstack check on thread stacks"

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (48 commits)
LSM: LoadPin: provide enablement CONFIG
Yama: use atomic allocations when reporting
seccomp: Fix comment typo
ima: add support for creating files using the mknodat syscall
ima: fix ima_inode_post_setattr
vfs: forbid write access when reading a file into memory
fs: fix over-zealous use of "const"
selinux: apply execstack check on thread stacks
selinux: distinguish non-init user namespace capability checks
LSM: LoadPin for kernel file loading restrictions
fs: define a string representation of the kernel_read_file_id enumeration
Yama: consolidate error reporting
string_helpers: add kstrdup_quotable_file
string_helpers: add kstrdup_quotable_cmdline
string_helpers: add kstrdup_quotable
selinux: check ss_initialized before revalidating an inode label
selinux: delay inode label lookup as long as possible
selinux: don't revalidate an inode's label when explicitly setting it
selinux: Change bool variable name to index.
KEYS: Add KEYCTL_DH_COMPUTE command
...

show more ...

Merge tag 'keys-next-20160505' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next

Merge branch 'keys-trust' into keys-next

Here's a set of patches that changes how certificates/keys are determined
to be trusted. That's currently a two-step process:

(1) Up until recently, when

Merge branch 'keys-trust' into keys-next

Here's a set of patches that changes how certificates/keys are determined
to be trusted. That's currently a two-step process:

(1) Up until recently, when an X.509 certificate was parsed - no matter
the source - it was judged against the keys in .system_keyring,
assuming those keys to be trusted if they have KEY_FLAG_TRUSTED set
upon them.

This has just been changed such that any key in the .ima_mok keyring,
if configured, may also be used to judge the trustworthiness of a new
certificate, whether or not the .ima_mok keyring is meant to be
consulted for whatever process is being undertaken.

If a certificate is determined to be trustworthy, KEY_FLAG_TRUSTED
will be set upon a key it is loaded into (if it is loaded into one),
no matter what the key is going to be loaded for.

(2) If an X.509 certificate is loaded into a key, then that key - if
KEY_FLAG_TRUSTED gets set upon it - can be linked into any keyring
with KEY_FLAG_TRUSTED_ONLY set upon it. This was meant to be the
system keyring only, but has been extended to various IMA keyrings.
A user can at will link any key marked KEY_FLAG_TRUSTED into any
keyring marked KEY_FLAG_TRUSTED_ONLY if the relevant permissions masks
permit it.

These patches change that:

(1) Trust becomes a matter of consulting the ring of trusted keys supplied
when the trust is evaluated only.

(2) Every keyring can be supplied with its own manager function to
restrict what may be added to that keyring. This is called whenever a
key is to be linked into the keyring to guard against a key being
created in one keyring and then linked across.

This function is supplied with the keyring and the key type and
payload[*] of the key being linked in for use in its evaluation. It
is permitted to use other data also, such as the contents of other
keyrings such as the system keyrings.

[*] The type and payload are supplied instead of a key because as an
optimisation this function may be called whilst creating a key and
so may reject the proposed key between preparse and allocation.

(3) A default manager function is provided that permits keys to be
restricted to only asymmetric keys that are vouched for by the
contents of the system keyring.

A second manager function is provided that just rejects with EPERM.

(4) A key allocation flag, KEY_ALLOC_BYPASS_RESTRICTION, is made available
so that the kernel can initialise keyrings with keys that form the
root of the trust relationship.

(5) KEY_FLAG_TRUSTED and KEY_FLAG_TRUSTED_ONLY are removed, along with
key_preparsed_payload::trusted.

This change also makes it possible in future for userspace to create a private
set of trusted keys and then to have it sealed by setting a manager function
where the private set is wholly independent of the kernel's trust
relationships.

Further changes in the set involve extracting certain IMA special keyrings
and making them generally global:

(*) .system_keyring is renamed to .builtin_trusted_keys and remains read
only. It carries only keys built in to the kernel. It may be where
UEFI keys should be loaded - though that could better be the new
secondary keyring (see below) or a separate UEFI keyring.

(*) An optional secondary system keyring (called .secondary_trusted_keys)
is added to replace the IMA MOK keyring.

(*) Keys can be added to the secondary keyring by root if the keys can
be vouched for by either ring of system keys.

(*) Module signing and kexec only use .builtin_trusted_keys and do not use
the new secondary keyring.

(*) Config option SYSTEM_TRUSTED_KEYS now depends on ASYMMETRIC_KEY_TYPE as
that's the only type currently permitted on the system keyrings.

(*) A new config option, IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY,
is provided to allow keys to be added to IMA keyrings, subject to the
restriction that such keys are validly signed by a key already in the
system keyrings.

If this option is enabled, but secondary keyrings aren't, additions to
the IMA keyrings will be restricted to signatures verifiable by keys in
the builtin system keyring only.

Signed-off-by: David Howells <dhowells@redhat.com>

show more ...

Merge branch 'for-4.7/pwm-regulator' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm into regulator-pwm

Merge back cpufreq changes for v4.7.

Merge branch 'master' into for-next

Sync with Linus' tree so that patches against newer codebase can be applied.

Signed-off-by: Jiri Kosina <jkosina@suse.cz>

Merge tag 'v4.6-rc3' into perf/core, to refresh the tree

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge tag 'v4.6-rc3' into drm-intel-next-queued

Linux 4.6-rc3

Backmerge requested by Chris Wilson to make his patches apply cleanly.
Tiny conflict in vmalloc.c with the (properly acked and all) pat

Merge tag 'v4.6-rc3' into drm-intel-next-queued

Linux 4.6-rc3

Backmerge requested by Chris Wilson to make his patches apply cleanly.
Tiny conflict in vmalloc.c with the (properly acked and all) patch in
drm-intel-next:

commit 4da56b99d99e5a7df2b7f11e87bfea935f909732
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date: Mon Apr 4 14:46:42 2016 +0100

mm/vmap: Add a notifier for when we run out of vmap address space

and Linus' tree.

Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>

show more ...

Merge branch 'pm-cpufreq-sched' into pm-cpufreq

PKCS#7: Make trust determination dependent on contents of trust keyring

Make the determination of the trustworthiness of a key dependent on whether
a key that can verify it is present in the supplie

PKCS#7: Make trust determination dependent on contents of trust keyring

Make the determination of the trustworthiness of a key dependent on whether
a key that can verify it is present in the supplied ring of trusted keys
rather than whether or not the verifying key has KEY_FLAG_TRUSTED set.

verify_pkcs7_signature() will return -ENOKEY if the PKCS#7 message trust
chain cannot be verified.

Signed-off-by: David Howells <dhowells@redhat.com>

show more ...

KEYS: Generalise system_verify_data() to provide access to internal content

Generalise system_verify_data() to provide access to internal content
through a callback. This allows all the PKCS#7 stuf

KEYS: Generalise system_verify_data() to provide access to internal content

Generalise system_verify_data() to provide access to internal content
through a callback. This allows all the PKCS#7 stuff to be hidden inside
this function and removed from the PE file parser and the PKCS#7 test key.

If external content is not required, NULL should be passed as data to the
function. If the callback is not required, that can be set to NULL.

The function is now called verify_pkcs7_signature() to contrast with
verify_pefile_signature() and the definitions of both have been moved into
linux/verification.h along with the key_being_used_for enum.

Signed-off-by: David Howells <dhowells@redhat.com>

show more ...

Merge branch 'fixes-base' into fixes