1. 02 Apr, 2017 5 commits
    • Linus Torvalds's avatar
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 907977b2
      Linus Torvalds authored
      Pull irq fixes from Thomas Gleixner:
       "Two small fixlets:
      
         - select a required Kconfig to make the MVEBU driver compile
      
         - add the missing MIPS local GIC interrupts which prevent drivers to
           probe successfully"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/mips-gic: Fix Local compare interrupt
        irqchip/mvebu-odmi: Select GENERIC_MSI_IRQ_DOMAIN
      907977b2
    • Linus Torvalds's avatar
      Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · ada63c61
      Linus Torvalds authored
      Pull core fix from Thomas Gleixner:
       "Prevent leaking kernel memory via /proc/$pid/syscall when the queried
        task is not in a syscall"
      
      * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        lib/syscall: Clear return values when no stack
      ada63c61
    • Linus Torvalds's avatar
      Merge branch 'parisc-4.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · 346ce1d7
      Linus Torvalds authored
      Pull parisc fixes from Helge Deller:
       "Al Viro reported that - in case of read faults - our copy_from_user()
        implementation may claim to have copied more bytes than it actually
        did. In order to fix this bug and because of the way how gcc optimizes
        register usage for inline assembly in C code, we had to replace our
        pa_memcpy() function with a pure assembler implementation.
      
        While fixing the memcpy bug we noticed some other issues with our
        get_user() and put_user() functions, e.g. nested faults may return
        wrong data. This is now fixed by a common fixup handler for
        get_user/put_user in the exception handler which additionally makes
        generated code smaller and faster.
      
        The third patch is a trivial one-line fix for a patch which went in
        during 4.11-rc and which avoids stalled CPU warnings after power
        shutdown (for parisc machines which can't plug power off themselves).
      
        Due to the rewrite of pa_memcpy() into assembly this patch got bigger
        than what I wanted to have sent at this stage.
      
        Those patches have been running in production during the last few days
        on our debian build servers without any further issues"
      
      * 'parisc-4.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Avoid stalled CPU warnings after system shutdown
        parisc: Clean up fixup routines for get_user()/put_user()
        parisc: Fix access fault handling in pa_memcpy()
      346ce1d7
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 7d34ddbe
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Thirteen small fixes: The hopefully final effort to get the lpfc nvme
        kconfig problems sorted, there's one important sg fix (user can induce
        read after end of buffer) and one minor enhancement (adding an extra
        PCI ID to qedi). The rest are a set of minor fixes, which mostly occur
        as user visible in error legs or on specific devices"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: ufs: remove the duplicated checking for supporting clkscaling
        scsi: lpfc: fix building without debugfs support
        scsi: lpfc: Fix PT2PT PRLI reject
        scsi: hpsa: fix volume offline state
        scsi: libsas: fix ata xfer length
        scsi: scsi_dh_alua: Warn if the first argument of alua_rtpg_queue() is NULL
        scsi: scsi_dh_alua: Ensure that alua_activate() calls the completion function
        scsi: scsi_dh_alua: Check scsi_device_get() return value
        scsi: sg: check length passed to SG_NEXT_CMD_LEN
        scsi: ufshcd-platform: remove the useless cast in ERR_PTR/IS_ERR
        scsi: qedi: Add PCI device-ID for QL41xxx adapters.
        scsi: aacraid: Fix potential null access
        scsi: qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr
      7d34ddbe
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · 978e0f92
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "11 fixes"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        kasan: do not sanitize kexec purgatory
        drivers/rapidio/devices/tsi721.c: make module parameter variable name unique
        mm/hugetlb.c: don't call region_abort if region_chg fails
        kasan: report only the first error by default
        hugetlbfs: initialize shared policy as part of inode allocation
        mm: fix section name for .data..ro_after_init
        mm, hugetlb: use pte_present() instead of pmd_present() in follow_huge_pmd()
        mm: workingset: fix premature shadow node shrinking with cgroups
        mm: rmap: fix huge file mmap accounting in the memcg stats
        mm: move mm_percpu_wq initialization earlier
        mm: migrate: fix remove_migration_pte() for ksm pages
      978e0f92
  2. 01 Apr, 2017 20 commits
    • Linus Torvalds's avatar
      Merge tag 'usb-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · a9f6b6b8
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are some small USB fixes for 4.11-rc5.
      
        The usual xhci fixes are here, as well as a fix for yet-another-bug-
        found-by-KASAN, those developers are doing great stuff here.
      
        And there's a phy build warning fix that showed up in 4.11-rc1.
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'usb-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled
        xhci: Manually give back cancelled URB if we can't queue it for cancel
        xhci: Set URB actual length for stopped control transfers
        xhci: plat: Register shutdown for xhci_plat
        USB: fix linked-list corruption in rh_call_control()
      a9f6b6b8
    • Linus Torvalds's avatar
      Merge tag 'tty-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · b3ff4fac
      Linus Torvalds authored
      Pull tty/serial fixes from Greg KH:
       "Here are some small fixes for some serial drivers and Kconfig help
        text for 4.11-rc5. Nothing major here at all, a few things resolving
        reported bugs in some random serial drivers.
      
        I don't think these made the last linux-next due to me getting to them
        yesterday, but I am not sure, they might have snuck in. The patches
        only affect drivers that the maintainers of sent me these patches for,
        so we should be safe here :)"
      
      * tag 'tty-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        tty: pl011: fix earlycon work-around for QDF2400 erratum 44
        serial: 8250_EXAR: fix duplicate Kconfig text and add missing help text
        tty/serial: atmel: fix TX path in atmel_console_write()
        tty/serial: atmel: fix race condition (TX+DMA)
        serial: mxs-auart: Fix baudrate calculation
      b3ff4fac
    • Linus Torvalds's avatar
      Merge tag 'acpi-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 7ece03b0
      Linus Torvalds authored
      Pull ACPI fixes from Rafael Wysocki:
       "These fix two issues related to IOAPIC hotplug, an overzealous build
        optimization that prevents the function graph tracer from working with
        the ACPI subsystem correctly and an RCU synchronization issue in the
        ACPI APEI code.
      
        Specifics:
      
         - drop the unconditional setting of the '-Os' gcc flag from the ACPI
           Makefile to make the function graph tracer work correctly with the
           ACPI subsystem (Josh Poimboeuf).
      
         - add missing synchronize_rcu() to ghes_remove() which removes an
           element from an RCU-protected list, but fails to synchronize it
           properly afterward (James Morse).
      
         - fix two problems related to IOAPIC hotplug, a local variable
           initialization in setup_res() and the creation of platform device
           objects for IO(x)APICs which are (a) unused and (b) leaked on
           hot-removal (Joerg Roedel)"
      
      * tag 'acpi-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI: Fix incompatibility with mcount-based function graph tracing
        ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal
        ACPI: Do not create a platform_device for IOAPIC/IOxAPIC
        ACPI: ioapic: Clear on-stack resource before using it
      7ece03b0
    • Linus Torvalds's avatar
      Merge tag 'pm-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 0d2ceec6
      Linus Torvalds authored
      Pull power management fixes from Rafael Wysocki:
       "These fix a cpufreq core issue with the initialization of the cpufreq
        sysfs interface and a cpuidle powernv driver initialization issue.
      
        Specifics:
      
         - symbolic links from CPU directories to the corresponding cpufreq
           policy directories in sysfs are not created during initialization
           in some cases which confuses user space, so prevent that from
           happening (Rafael Wysocki).
      
         - the powernv cpuidle driver fails to pass a correct cpumaks to the
           cpuidle core in some cases which causes subsequent failures to
           occur, so fix it (Vaidyanathan Srinivasan)"
      
      * tag 'pm-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        cpuidle: powernv: Pass correct drv->cpumask for registration
        cpufreq: Fix creation of symbolic links to policy directories
      0d2ceec6
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 1300dc68
      Linus Torvalds authored
      Pull i2c fixes from Wolfram Sang:
       "Two bugfixes from I2C, specifically the I2C mux section. Thanks to
        peda for collecting them"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: mux: pca954x: Add missing pca9546 definition to chip_desc
        Revert "i2c: mux: pca954x: Add ACPI support for pca954x"
      1300dc68
    • Linus Torvalds's avatar
      Merge tag 'arc-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc · dcbcb491
      Linus Torvalds authored
      Pull ARC fixes from Vineet Gupta:
       "Accumulated fixes for ARC which I've been been sitting on for a while:
      
         - reading clk from driver vs device tree [Vlad]
      
         - fix support for UIO in VDK platform [Alexey]
      
         - SLC busy bit reading workaround
      
         - build warning with kprobes header reorg"
      
      * tag 'arc-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
        ARC: fix build warnings with !CONFIG_KPROBES
        ARCv2: SLC: Make sure busy bit is set properly on SLC flushing
        ARC: vdk: Fix support of UIO
        ARCv2: make unimplemented vectors as no-ops rather than halt core
        ARC: get rate from clk driver instead of reading device tree
        ARC: [dts] add cpu nodes to ARCHS SMP device tree
        ARC: [dts] add input clocks for cpu nodes
      dcbcb491
    • Linus Torvalds's avatar
      Merge tag 'nfsd-4.11-1' of git://linux-nfs.org/~bfields/linux · 09c8b3d1
      Linus Torvalds authored
      Pull nfsd fixes from Bruce Fields:
       "The restriction of NFSv4 to TCP went overboard and also broke the
        backchannel; fix.
      
        Also some minor refinements to the nfsd version-setting interface that
        we'd like to get fixed before release"
      
      * tag 'nfsd-4.11-1' of git://linux-nfs.org/~bfields/linux:
        svcrdma: set XPT_CONG_CTRL flag for bc xprt
        NFSD: fix nfsd_reset_versions for NFSv4.
        NFSD: fix nfsd_minorversion(.., NFSD_AVAIL)
        NFSD: further refinement of content of /proc/fs/nfsd/versions
        nfsd: map the ENOKEY to nfserr_perm for avoiding warning
        SUNRPC/backchanel: set XPT_CONG_CTRL flag for bc xprt
      09c8b3d1
    • Timur Tabi's avatar
      tty: pl011: fix earlycon work-around for QDF2400 erratum 44 · e53e597f
      Timur Tabi authored
      The work-around for the Qualcomm Datacenter Technologies QDF2400
      erratum 44 sets the "qdf2400_e44_present" global variable if the
      work-around is needed.  However, this check does not happen until after
      earlycon is initialized, which means the work-around is not
      used, and the console hangs as soon as it displays one character.
      
      Fixes: d8a4995b ("tty: pl011: Work around QDF2400 E44 stuck BUSY bit")
      Signed-off-by: default avatarTimur Tabi <timur@codeaurora.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e53e597f
    • Linus Torvalds's avatar
      Merge branch 'for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs · fe8e12b5
      Linus Torvalds authored
      Pull btrfs fixes from Chris Mason:
       "We have three small fixes queued up in my for-linus-4.11 branch"
      
      * 'for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
        Btrfs: fix an integer overflow check
        btrfs: Change qgroup_meta_rsv to 64bit
        Btrfs: bring back repair during read
      fe8e12b5
    • Mike Galbraith's avatar
      kasan: do not sanitize kexec purgatory · 13a6798e
      Mike Galbraith authored
      Fixes this:
      
        kexec: Undefined symbol: __asan_load8_noabort
        kexec-bzImage64: Loading purgatory failed
      
      Link: http://lkml.kernel.org/r/1489672155.4458.7.camel@gmx.deSigned-off-by: default avatarMike Galbraith <efault@gmx.de>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      13a6798e
    • Randy Dunlap's avatar
      drivers/rapidio/devices/tsi721.c: make module parameter variable name unique · 4785603b
      Randy Dunlap authored
      kbuild test robot reported a non-static variable name collision between
      a staging driver and a RapidIO driver, with a generic variable name of
      'dbg_level'.
      
      Both drivers should be changed so that they don't use this generic
      public variable name.  This patch fixes the RapidIO driver but does not
      change the user interface (name) for the module parameter.
      
        drivers/staging/built-in.o:(.bss+0x109d0): multiple definition of `dbg_level'
        drivers/rapidio/built-in.o:(.bss+0x16c): first defined here
      
      Link: http://lkml.kernel.org/r/ab527fc5-aa3c-4b07-5d48-eef5de703192@infradead.orgSigned-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Reported-by: default avatarkbuild test robot <fengguang.wu@intel.com>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Matt Porter <mporter@kernel.crashing.org>
      Cc: Alexandre Bounine <alexandre.bounine@idt.com>
      Cc: Jérémy Lefaure <jeremy.lefaure@lse.epita.fr>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4785603b
    • Mike Kravetz's avatar
      mm/hugetlb.c: don't call region_abort if region_chg fails · ff8c0c53
      Mike Kravetz authored
      Changes to hugetlbfs reservation maps is a two step process.  The first
      step is a call to region_chg to determine what needs to be changed, and
      prepare that change.  This should be followed by a call to call to
      region_add to commit the change, or region_abort to abort the change.
      
      The error path in hugetlb_reserve_pages called region_abort after a
      failed call to region_chg.  As a result, the adds_in_progress counter in
      the reservation map is off by 1.  This is caught by a VM_BUG_ON in
      resv_map_release when the reservation map is freed.
      
      syzkaller fuzzer (when using an injected kmalloc failure) found this
      bug, that resulted in the following:
      
       kernel BUG at mm/hugetlb.c:742!
       Call Trace:
        hugetlbfs_evict_inode+0x7b/0xa0 fs/hugetlbfs/inode.c:493
        evict+0x481/0x920 fs/inode.c:553
        iput_final fs/inode.c:1515 [inline]
        iput+0x62b/0xa20 fs/inode.c:1542
        hugetlb_file_setup+0x593/0x9f0 fs/hugetlbfs/inode.c:1306
        newseg+0x422/0xd30 ipc/shm.c:575
        ipcget_new ipc/util.c:285 [inline]
        ipcget+0x21e/0x580 ipc/util.c:639
        SYSC_shmget ipc/shm.c:673 [inline]
        SyS_shmget+0x158/0x230 ipc/shm.c:657
        entry_SYSCALL_64_fastpath+0x1f/0xc2
       RIP: resv_map_release+0x265/0x330 mm/hugetlb.c:742
      
      Link: http://lkml.kernel.org/r/1490821682-23228-1-git-send-email-mike.kravetz@oracle.comSigned-off-by: default avatarMike Kravetz <mike.kravetz@oracle.com>
      Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Acked-by: default avatarHillf Danton <hillf.zj@alibaba-inc.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ff8c0c53
    • Mark Rutland's avatar
      kasan: report only the first error by default · b0845ce5
      Mark Rutland authored
      Disable kasan after the first report.  There are several reasons for
      this:
      
       - Single bug quite often has multiple invalid memory accesses causing
         storm in the dmesg.
      
       - Write OOB access might corrupt metadata so the next report will print
         bogus alloc/free stacktraces.
      
       - Reports after the first easily could be not bugs by itself but just
         side effects of the first one.
      
      Given that multiple reports usually only do harm, it makes sense to
      disable kasan after the first one.  If user wants to see all the
      reports, the boot-time parameter kasan_multi_shot must be used.
      
      [aryabinin@virtuozzo.com: wrote changelog and doc, added missing include]
      Link: http://lkml.kernel.org/r/20170323154416.30257-1-aryabinin@virtuozzo.comSigned-off-by: default avatarMark Rutland <mark.rutland@arm.com>
      Signed-off-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Andrey Konovalov <andreyknvl@google.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b0845ce5
    • Mike Kravetz's avatar
      hugetlbfs: initialize shared policy as part of inode allocation · 4742a35d
      Mike Kravetz authored
      Any time after inode allocation, destroy_inode can be called.  The
      hugetlbfs inode contains a shared_policy structure, and
      mpol_free_shared_policy is unconditionally called as part of
      hugetlbfs_destroy_inode.  Initialize the policy as part of inode
      allocation so that any quick (error path) calls to destroy_inode will be
      handed an initialized policy.
      
      syzkaller fuzzer found this bug, that resulted in the following:
      
          BUG: KASAN: user-memory-access in atomic_inc
          include/asm-generic/atomic-instrumented.h:87 [inline] at addr
          000000131730bd7a
          BUG: KASAN: user-memory-access in __lock_acquire+0x21a/0x3a80
          kernel/locking/lockdep.c:3239 at addr 000000131730bd7a
          Write of size 4 by task syz-executor6/14086
          CPU: 3 PID: 14086 Comm: syz-executor6 Not tainted 4.11.0-rc3+ #364
          Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
          Call Trace:
           atomic_inc include/asm-generic/atomic-instrumented.h:87 [inline]
           __lock_acquire+0x21a/0x3a80 kernel/locking/lockdep.c:3239
           lock_acquire+0x1ee/0x590 kernel/locking/lockdep.c:3762
           __raw_write_lock include/linux/rwlock_api_smp.h:210 [inline]
           _raw_write_lock+0x33/0x50 kernel/locking/spinlock.c:295
           mpol_free_shared_policy+0x43/0xb0 mm/mempolicy.c:2536
           hugetlbfs_destroy_inode+0xca/0x120 fs/hugetlbfs/inode.c:952
           alloc_inode+0x10d/0x180 fs/inode.c:216
           new_inode_pseudo+0x69/0x190 fs/inode.c:889
           new_inode+0x1c/0x40 fs/inode.c:918
           hugetlbfs_get_inode+0x40/0x420 fs/hugetlbfs/inode.c:734
           hugetlb_file_setup+0x329/0x9f0 fs/hugetlbfs/inode.c:1282
           newseg+0x422/0xd30 ipc/shm.c:575
           ipcget_new ipc/util.c:285 [inline]
           ipcget+0x21e/0x580 ipc/util.c:639
           SYSC_shmget ipc/shm.c:673 [inline]
           SyS_shmget+0x158/0x230 ipc/shm.c:657
           entry_SYSCALL_64_fastpath+0x1f/0xc2
      
      Analysis provided by Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      
      Link: http://lkml.kernel.org/r/1490477850-7944-1-git-send-email-mike.kravetz@oracle.comSigned-off-by: default avatarMike Kravetz <mike.kravetz@oracle.com>
      Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Acked-by: default avatarHillf Danton <hillf.zj@alibaba-inc.com>
      Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4742a35d
    • Kees Cook's avatar
      mm: fix section name for .data..ro_after_init · 906f2a51
      Kees Cook authored
      A section name for .data..ro_after_init was added by both:
      
          commit d07a980c ("s390: add proper __ro_after_init support")
      
      and
      
          commit d7c19b06 ("mm: kmemleak: scan .data.ro_after_init")
      
      The latter adds incorrect wrapping around the existing s390 section, and
      came later.  I'd prefer the s390 naming, so this moves the s390-specific
      name up to the asm-generic/sections.h and renames the section as used by
      kmemleak (and in the future, kernel/extable.c).
      
      Link: http://lkml.kernel.org/r/20170327192213.GA129375@beastSigned-off-by: default avatarKees Cook <keescook@chromium.org>
      Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com>	[s390 parts]
      Acked-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Cc: Eddie Kovsky <ewk@edkovsky.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      906f2a51
    • Naoya Horiguchi's avatar
      mm, hugetlb: use pte_present() instead of pmd_present() in follow_huge_pmd() · c9d398fa
      Naoya Horiguchi authored
      I found the race condition which triggers the following bug when
      move_pages() and soft offline are called on a single hugetlb page
      concurrently.
      
          Soft offlining page 0x119400 at 0x700000000000
          BUG: unable to handle kernel paging request at ffffea0011943820
          IP: follow_huge_pmd+0x143/0x190
          PGD 7ffd2067
          PUD 7ffd1067
          PMD 0
              [61163.582052] Oops: 0000 [#1] SMP
          Modules linked in: binfmt_misc ppdev virtio_balloon parport_pc pcspkr i2c_piix4 parport i2c_core acpi_cpufreq ip_tables xfs libcrc32c ata_generic pata_acpi virtio_blk 8139too crc32c_intel ata_piix serio_raw libata virtio_pci 8139cp virtio_ring virtio mii floppy dm_mirror dm_region_hash dm_log dm_mod [last unloaded: cap_check]
          CPU: 0 PID: 22573 Comm: iterate_numa_mo Tainted: P           OE   4.11.0-rc2-mm1+ #2
          Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
          RIP: 0010:follow_huge_pmd+0x143/0x190
          RSP: 0018:ffffc90004bdbcd0 EFLAGS: 00010202
          RAX: 0000000465003e80 RBX: ffffea0004e34d30 RCX: 00003ffffffff000
          RDX: 0000000011943800 RSI: 0000000000080001 RDI: 0000000465003e80
          RBP: ffffc90004bdbd18 R08: 0000000000000000 R09: ffff880138d34000
          R10: ffffea0004650000 R11: 0000000000c363b0 R12: ffffea0011943800
          R13: ffff8801b8d34000 R14: ffffea0000000000 R15: 000077ff80000000
          FS:  00007fc977710740(0000) GS:ffff88007dc00000(0000) knlGS:0000000000000000
          CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
          CR2: ffffea0011943820 CR3: 000000007a746000 CR4: 00000000001406f0
          Call Trace:
           follow_page_mask+0x270/0x550
           SYSC_move_pages+0x4ea/0x8f0
           SyS_move_pages+0xe/0x10
           do_syscall_64+0x67/0x180
           entry_SYSCALL64_slow_path+0x25/0x25
          RIP: 0033:0x7fc976e03949
          RSP: 002b:00007ffe72221d88 EFLAGS: 00000246 ORIG_RAX: 0000000000000117
          RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc976e03949
          RDX: 0000000000c22390 RSI: 0000000000001400 RDI: 0000000000005827
          RBP: 00007ffe72221e00 R08: 0000000000c2c3a0 R09: 0000000000000004
          R10: 0000000000c363b0 R11: 0000000000000246 R12: 0000000000400650
          R13: 00007ffe72221ee0 R14: 0000000000000000 R15: 0000000000000000
          Code: 81 e4 ff ff 1f 00 48 21 c2 49 c1 ec 0c 48 c1 ea 0c 4c 01 e2 49 bc 00 00 00 00 00 ea ff ff 48 c1 e2 06 49 01 d4 f6 45 bc 04 74 90 <49> 8b 7c 24 20 40 f6 c7 01 75 2b 4c 89 e7 8b 47 1c 85 c0 7e 2a
          RIP: follow_huge_pmd+0x143/0x190 RSP: ffffc90004bdbcd0
          CR2: ffffea0011943820
          ---[ end trace e4f81353a2d23232 ]---
          Kernel panic - not syncing: Fatal exception
          Kernel Offset: disabled
      
      This bug is triggered when pmd_present() returns true for non-present
      hugetlb, so fixing the present check in follow_huge_pmd() prevents it.
      Using pmd_present() to determine present/non-present for hugetlb is not
      correct, because pmd_present() checks multiple bits (not only
      _PAGE_PRESENT) for historical reason and it can misjudge hugetlb state.
      
      Fixes: e66f17ff ("mm/hugetlb: take page table lock in follow_huge_pmd()")
      Link: http://lkml.kernel.org/r/1490149898-20231-1-git-send-email-n-horiguchi@ah.jp.nec.comSigned-off-by: default avatarNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Acked-by: default avatarHillf Danton <hillf.zj@alibaba-inc.com>
      Cc: Hugh Dickins <hughd@google.com>
      Cc: Michal Hocko <mhocko@kernel.org>
      Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
      Cc: Mike Kravetz <mike.kravetz@oracle.com>
      Cc: Christian Borntraeger <borntraeger@de.ibm.com>
      Cc: Gerald Schaefer <gerald.schaefer@de.ibm.com>
      Cc: <stable@vger.kernel.org>        [4.0+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      c9d398fa
    • Johannes Weiner's avatar
      mm: workingset: fix premature shadow node shrinking with cgroups · 0cefabda
      Johannes Weiner authored
      Commit 0a6b76dd ("mm: workingset: make shadow node shrinker memcg
      aware") enabled cgroup-awareness in the shadow node shrinker, but forgot
      to also enable cgroup-awareness in the list_lru the shadow nodes sit on.
      
      Consequently, all shadow nodes are sitting on a global (per-NUMA node)
      list, while the shrinker applies the limits according to the amount of
      cache in the cgroup its shrinking.  The result is excessive pressure on
      the shadow nodes from cgroups that have very little cache.
      
      Enable memcg-mode on the shadow node LRUs, such that per-cgroup limits
      are applied to per-cgroup lists.
      
      Fixes: 0a6b76dd ("mm: workingset: make shadow node shrinker memcg aware")
      Link: http://lkml.kernel.org/r/20170322005320.8165-1-hannes@cmpxchg.orgSigned-off-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Acked-by: default avatarVladimir Davydov <vdavydov@tarantool.org>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: <stable@vger.kernel.org>	[4.6+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0cefabda
    • Johannes Weiner's avatar
      mm: rmap: fix huge file mmap accounting in the memcg stats · 553af430
      Johannes Weiner authored
      Huge pages are accounted as single units in the memcg's "file_mapped"
      counter.  Account the correct number of base pages, like we do in the
      corresponding node counter.
      
      Link: http://lkml.kernel.org/r/20170322005111.3156-1-hannes@cmpxchg.orgSigned-off-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Reviewed-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Acked-by: default avatarMichal Hocko <mhocko@suse.com>
      Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
      Cc: <stable@vger.kernel.org>	[4.8+]
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      553af430
    • Michal Hocko's avatar
      mm: move mm_percpu_wq initialization earlier · 597b7305
      Michal Hocko authored
      Yang Li has reported that drain_all_pages triggers a WARN_ON which means
      that this function is called earlier than the mm_percpu_wq is
      initialized on arm64 with CMA configured:
      
        WARNING: CPU: 2 PID: 1 at mm/page_alloc.c:2423 drain_all_pages+0x244/0x25c
        Modules linked in:
        CPU: 2 PID: 1 Comm: swapper/0 Not tainted 4.11.0-rc1-next-20170310-00027-g64dfbc5 #127
        Hardware name: Freescale Layerscape 2088A RDB Board (DT)
        task: ffffffc07c4a6d00 task.stack: ffffffc07c4a8000
        PC is at drain_all_pages+0x244/0x25c
        LR is at start_isolate_page_range+0x14c/0x1f0
        [...]
         drain_all_pages+0x244/0x25c
         start_isolate_page_range+0x14c/0x1f0
         alloc_contig_range+0xec/0x354
         cma_alloc+0x100/0x1fc
         dma_alloc_from_contiguous+0x3c/0x44
         atomic_pool_init+0x7c/0x208
         arm64_dma_init+0x44/0x4c
         do_one_initcall+0x38/0x128
         kernel_init_freeable+0x1a0/0x240
         kernel_init+0x10/0xfc
         ret_from_fork+0x10/0x20
      
      Fix this by moving the whole setup_vmstat which is an initcall right now
      to init_mm_internals which will be called right after the WQ subsystem
      is initialized.
      
      Link: http://lkml.kernel.org/r/20170315164021.28532-1-mhocko@kernel.orgSigned-off-by: default avatarMichal Hocko <mhocko@suse.com>
      Reported-by: default avatarYang Li <pku.leo@gmail.com>
      Tested-by: default avatarYang Li <pku.leo@gmail.com>
      Tested-by: default avatarXiaolong Ye <xiaolong.ye@intel.com>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      597b7305
    • Naoya Horiguchi's avatar
      mm: migrate: fix remove_migration_pte() for ksm pages · 4b0ece6f
      Naoya Horiguchi authored
      I found that calling page migration for ksm pages causes the following
      bug:
      
          page:ffffea0004d51180 count:2 mapcount:2 mapping:ffff88013c785141 index:0x913
          flags: 0x57ffffc0040068(uptodate|lru|active|swapbacked)
          raw: 0057ffffc0040068 ffff88013c785141 0000000000000913 0000000200000001
          raw: ffffea0004d5f9e0 ffffea0004d53f60 0000000000000000 ffff88007d81b800
          page dumped because: VM_BUG_ON_PAGE(!PageLocked(page))
          page->mem_cgroup:ffff88007d81b800
          ------------[ cut here ]------------
          kernel BUG at /src/linux-dev/mm/rmap.c:1086!
          invalid opcode: 0000 [#1] SMP
          Modules linked in: ppdev parport_pc virtio_balloon i2c_piix4 pcspkr parport i2c_core acpi_cpufreq ip_tables xfs libcrc32c ata_generic pata_acpi ata_piix 8139too libata virtio_blk 8139cp crc32c_intel mii virtio_pci virtio_ring serio_raw virtio floppy dm_mirror dm_region_hash dm_log dm_mod
          CPU: 0 PID: 3162 Comm: bash Not tainted 4.11.0-rc2-mm1+ #1
          Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
          RIP: 0010:do_page_add_anon_rmap+0x1ba/0x260
          RSP: 0018:ffffc90002473b30 EFLAGS: 00010282
          RAX: 0000000000000021 RBX: ffffea0004d51180 RCX: 0000000000000006
          RDX: 0000000000000000 RSI: 0000000000000082 RDI: ffff88007dc0dfe0
          RBP: ffffc90002473b58 R08: 00000000fffffffe R09: 00000000000001c1
          R10: 0000000000000005 R11: 00000000000001c0 R12: ffff880139ab3d80
          R13: 0000000000000000 R14: 0000700000000200 R15: 0000160000000000
          FS:  00007f5195f50740(0000) GS:ffff88007dc00000(0000) knlGS:0000000000000000
          CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
          CR2: 00007fd450287000 CR3: 000000007a08e000 CR4: 00000000001406f0
          Call Trace:
           page_add_anon_rmap+0x18/0x20
           remove_migration_pte+0x220/0x2c0
           rmap_walk_ksm+0x143/0x220
           rmap_walk+0x55/0x60
           remove_migration_ptes+0x53/0x80
           migrate_pages+0x8ed/0xb60
           soft_offline_page+0x309/0x8d0
           store_soft_offline_page+0xaf/0xf0
           dev_attr_store+0x18/0x30
           sysfs_kf_write+0x3a/0x50
           kernfs_fop_write+0xff/0x180
           __vfs_write+0x37/0x160
           vfs_write+0xb2/0x1b0
           SyS_write+0x55/0xc0
           do_syscall_64+0x67/0x180
           entry_SYSCALL64_slow_path+0x25/0x25
          RIP: 0033:0x7f51956339e0
          RSP: 002b:00007ffcfa0dffc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
          RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f51956339e0
          RDX: 000000000000000c RSI: 00007f5195f53000 RDI: 0000000000000001
          RBP: 00007f5195f53000 R08: 000000000000000a R09: 00007f5195f50740
          R10: 000000000000000b R11: 0000000000000246 R12: 00007f5195907400
          R13: 000000000000000c R14: 0000000000000001 R15: 0000000000000000
          Code: fe ff ff 48 81 c2 00 02 00 00 48 89 55 d8 e8 2e c3 fd ff 48 8b 55 d8 e9 42 ff ff ff 48 c7 c6 e0 52 a1 81 48 89 df e8 46 ad fe ff <0f> 0b 48 83 e8 01 e9 7f fe ff ff 48 83 e8 01 e9 96 fe ff ff 48
          RIP: do_page_add_anon_rmap+0x1ba/0x260 RSP: ffffc90002473b30
          ---[ end trace a679d00f4af2df48 ]---
          Kernel panic - not syncing: Fatal exception
          Kernel Offset: disabled
          ---[ end Kernel panic - not syncing: Fatal exception
      
      The problem is in the following lines:
      
          new = page - pvmw.page->index +
              linear_page_index(vma, pvmw.address);
      
      The 'new' is calculated with 'page' which is given by the caller as a
      destination page and some offset adjustment for thp.  But this doesn't
      properly work for ksm pages because pvmw.page->index doesn't change for
      each address but linear_page_index() changes, which means that 'new'
      points to different pages for each addresses backed by the ksm page.  As
      a result, we try to set totally unrelated pages as destination pages,
      and that causes kernel crash.
      
      This patch fixes the miscalculation and makes ksm page migration work
      fine.
      
      Fixes: 3fe87967 ("mm: convert remove_migration_pte() to use page_vma_mapped_walk()")
      Link: http://lkml.kernel.org/r/1489717683-29905-1-git-send-email-n-horiguchi@ah.jp.nec.comSigned-off-by: default avatarNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Cc: Michal Hocko <mhocko@kernel.org>
      Cc: Mel Gorman <mgorman@suse.de>
      Cc: Hillf Danton <hillf.zj@alibaba-inc.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      4b0ece6f
  3. 31 Mar, 2017 15 commits
    • Rafael J. Wysocki's avatar
      Merge branches 'pm-cpufreq-fixes' and 'pm-cpuidle-fixes' · 46e1d5e9
      Rafael J. Wysocki authored
      * pm-cpufreq-fixes:
        cpufreq: Fix creation of symbolic links to policy directories
      
      * pm-cpuidle-fixes:
        cpuidle: powernv: Pass correct drv->cpumask for registration
      46e1d5e9
    • Rafael J. Wysocki's avatar
      Merge branches 'acpi-hotplug-fixes', 'acpi-build-fixes' and 'acpi-apei-fixes' · a0793066
      Rafael J. Wysocki authored
      * acpi-hotplug-fixes:
        ACPI: Do not create a platform_device for IOAPIC/IOxAPIC
        ACPI: ioapic: Clear on-stack resource before using it
      
      * acpi-build-fixes:
        ACPI: Fix incompatibility with mcount-based function graph tracing
      
      * acpi-apei-fixes:
        ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal
      a0793066
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-4.11-3' of git://git.linux-nfs.org/projects/anna/linux-nfs · f9799ad2
      Linus Torvalds authored
      Pull NFS client fixes from Anna Schumaker:
       "Here are a few more bugfixes that came in over the last couple of
        weeks. Most of these fix various hangs and loops that people found,
        but we also had a few error handling fixes.
      
        Stable Bugfixes:
         - fix infinite loop on BAD_STATEID error
      
        Other Bugfixes:
         - fix old dentry rehash after move
         - fix pnfs GETDEVINFO hangs
         - fix pnfs fallback to MDS on commit errors
         - fix flexfiles kernel oops"
      
      * tag 'nfs-for-4.11-3' of git://git.linux-nfs.org/projects/anna/linux-nfs:
        nfs: flexfiles: fix kernel OOPS if MDS returns unsupported DS type
        NFSv4.1 fix infinite loop on IO BAD_STATEID error
        PNFS fix fallback to MDS if got error on commit to DS
        NFS filelayout:call GETDEVICEINFO after pnfs_layout_process completes
        NFS store nfs4_deviceid in struct nfs4_filelayout_segment
        NFS cleanup struct nfs4_filelayout_segment
        NFS: Fix old dentry rehash after move
      f9799ad2
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · e39bccf2
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "The main thing is a fix for a NULL dereference on systems that boot
        using spin-tables or the ACPI parking protocol, but there are also a
        couple of trivial one-liners too.
      
        We're currently debugging a page flags corruption issue under
        syzkaller, but we're still some way from fixing that as it's proving
        fiddly to reproduce.
      
        Summary:
      
         - fix cpu_die() NULL dereference when booting secondary CPUs using
           spin-table
      
         - remove redundant #include
      
         - remove obsolete .gitignore entry"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: drop non-existing vdso-offsets.h from .gitignore
        arm64: remove redundant header file in current.h
        arm64: fix NULL dereference in have_cpu_die()
      e39bccf2
    • Linus Torvalds's avatar
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 035f0cd3
      Linus Torvalds authored
      Pull crypto fixes from Herbert Xu:
       "This fixes the following issues:
      
         - memory corruption when kmalloc fails in xts/lrw
      
         - mark some CCP DMA channels as private
      
         - fix reordering race in padata
      
         - regression in omap-rng DT description"
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: xts,lrw - fix out-of-bounds write after kmalloc failure
        crypto: ccp - Make some CCP DMA channels private
        padata: avoid race in reordering
        dt-bindings: rng: clocks property on omap_rng not always mandatory
      035f0cd3
    • Linus Torvalds's avatar
      Merge tag 'mmc-v4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · 728f4b3a
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
       "Here are a couple of mmc fixes intended for v4.11 rc5.
      
        MMC host:
         - sdhci: Fix bug when using SDIO IRQ
         - sdhci-of-at91: Fix eMMC DDR52 card detection"
      
      * tag 'mmc-v4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: sdhci-of-at91: fix MMC_DDR_52 timing selection
        mmc: sdhci: Disable runtime pm when the sdio_irq is enabled
      728f4b3a
    • Linus Torvalds's avatar
      Merge tag 'sound-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 0fc04f91
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "At this time, most of changes are for ASoC, while we got one fix for
        yet another race of ALSA sequencer core and a usual HD-audio quirk.
      
        The ASoC changes are mostly small and device-specific fixes. A
        slightly large volume is seen in sun8i-codec, which is a new code in
        4.11, and we'd like to fix user-visible stuff before the official 4.1
        release"
      
      * tag 'sound-4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (27 commits)
        ALSA: hda - fix a problem for lineout on a Dell AIO machine
        ASoC: simple-card: fix simple_dai clk lookup
        ASoC: STI: Fix reader substream pointer set
        ALSA: seq: Fix race during FIFO resize
        ARM: dts: sun8i: Update audio-routing with renamed widgets
        ASoC: sun8i-codec: Convert to use SND_SOC_DAPM_AIF_IN
        ASoC: sun8i-codec: Fix space on audio-routing widget
        ASoC: sun8i-codec: Update mixer to use SOC_DAPM_DOUBLE
        ASoC: sun8i-codec: Remove analog "HP" widget
        ASoC: rt5665: fix wrong shift rt5665_if2_1_adc_in_enum
        ASoC: rt5665: fix define of RT5665_HP_DRIVER_5X
        ASoC: rcar: dma: remove unnecessary "volatile"
        ASoC: rcar: clear DE bit only in PDMACHCR when it stops
        ASoC: rsnd: fix sound route path when using SRC6/SRC9
        ASoC: don't dereference NULL pcm_{new,free}
        ASoC: rt5665: CLKDET is also a power of ASRC
        ASoC: rt5665: Vref3 is necessary for Mono Amp
        ASoC: rt5665: increase LDO level
        ASoC: rt5665: fix getting wrong work handler container
        ASoC: atmel-classd: fix audio clock rate
        ...
      0fc04f91
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid · eee551df
      Linus Torvalds authored
      Pull HID fixes from Jiri Kosina:
      
       - Wacom regression fixes, from Aaron Armstrong Skomra
      
       - new device ID addition by Peter Stein
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
        HID: wacom: call _query_tablet_data() for BAMBOO_TOUCH
        HID: wacom: Don't add ghost interface as shared data
        HID: xinmo: fix for out of range for THT 2P arcade controller.
      eee551df
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-for-v4.11-rc5' of git://people.freedesktop.org/~airlied/linux · 5559394d
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Seems to be quietening down, which means someone will make a liar of
        me for rc6.
      
        Just one vc4, one etnvaiv, one radeon, and a few i915 GVT fixes, and
        one i915 normal fixes"
      
      * tag 'drm-fixes-for-v4.11-rc5' of git://people.freedesktop.org/~airlied/linux:
        drm/vc4: Allocate the right amount of space for boot-time CRTC state.
        drm/etnaviv: (re-)protect fence allocation with GPU mutex
        drm/radeon: Override fpfn for all VRAM placements in radeon_evict_flags
        drm/i915: Restore marking context objects as dirty on pinning
        drm/i915/gvt: Use force single submit flag to distinguish gvt request from i915 request
        drm/i915/gvt: set shadow entry to scratch page while p2m failed
        drm/i915/gvt: Fix guest fail to read EDID leading to black guest console issue.
        drm/i915/gvt: fix wrong offset when loading RCS mocs
        drm/i915/gvt: add write handler for mmio mbctl
        drm/i915/kvmgt: Hold struct kvm reference
      5559394d
    • Tigran Mkrtchyan's avatar
      nfs: flexfiles: fix kernel OOPS if MDS returns unsupported DS type · f17f8a14
      Tigran Mkrtchyan authored
      this fix aims to fix dereferencing of a mirror in an error state when MDS
      returns unsupported DS type (IOW, not v3), which causes the following oops:
      
      [  220.370709] BUG: unable to handle kernel NULL pointer dereference at 0000000000000065
      [  220.370842] IP: ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles]
      [  220.370920] PGD 0
      
      [  220.370972] Oops: 0000 [#1] SMP
      [  220.371013] Modules linked in: nfnetlink_queue nfnetlink_log bluetooth nfs_layout_flexfiles rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_mangle iptable_security ebtable_filter ebtables ip6table_filter ip6_tables binfmt_misc intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel btrfs kvm arc4 snd_hda_codec_hdmi iwldvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_cstate mac80211 xor uvcvideo
      [  220.371814]  videobuf2_vmalloc videobuf2_memops snd_hda_codec_idt mei_wdt videobuf2_v4l2 snd_hda_codec_generic iTCO_wdt ppdev videobuf2_core iTCO_vendor_support dell_rbtn dell_wmi iwlwifi sparse_keymap dell_laptop dell_smbios snd_hda_intel dcdbas videodev snd_hda_codec dell_smm_hwmon snd_hda_core media cfg80211 intel_uncore snd_hwdep raid6_pq snd_seq intel_rapl_perf snd_seq_device joydev i2c_i801 rfkill lpc_ich snd_pcm parport_pc mei_me parport snd_timer dell_smo8800 mei snd shpchp soundcore tpm_tis tpm_tis_core tpm nfsd auth_rpcgss nfs_acl lockd grace sunrpc i915 nouveau mxm_wmi ttm i2c_algo_bit drm_kms_helper crc32c_intel e1000e drm sdhci_pci firewire_ohci sdhci serio_raw mmc_core firewire_core ptp crc_itu_t pps_core wmi fjes video
      [  220.372568] CPU: 7 PID: 4988 Comm: cat Not tainted 4.10.5-200.fc25.x86_64 #1
      [  220.372647] Hardware name: Dell Inc. Latitude E6520/0J4TFW, BIOS A06 07/11/2011
      [  220.372729] task: ffff94791f6ea580 task.stack: ffffb72b88c0c000
      [  220.372802] RIP: 0010:ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles]
      [  220.372883] RSP: 0018:ffffb72b88c0f970 EFLAGS: 00010246
      [  220.372945] RAX: 0000000000000000 RBX: ffff9479015ca600 RCX: ffffffffffffffed
      [  220.373025] RDX: ffffffffffffffed RSI: ffff9479753dc980 RDI: 0000000000000000
      [  220.373104] RBP: ffffb72b88c0f988 R08: 000000000001c980 R09: ffffffffc0ea6112
      [  220.373184] R10: ffffef17477d9640 R11: ffff9479753dd6c0 R12: ffff9479211c7440
      [  220.373264] R13: ffff9478f45b7790 R14: 0000000000000001 R15: ffff9479015ca600
      [  220.373345] FS:  00007f555fa3e700(0000) GS:ffff9479753c0000(0000) knlGS:0000000000000000
      [  220.373435] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  220.373506] CR2: 0000000000000065 CR3: 0000000196044000 CR4: 00000000000406e0
      [  220.373586] Call Trace:
      [  220.373627]  nfs4_ff_layout_prepare_ds+0x5e/0x200 [nfs_layout_flexfiles]
      [  220.373708]  ff_layout_pg_init_read+0x81/0x160 [nfs_layout_flexfiles]
      [  220.373806]  __nfs_pageio_add_request+0x11f/0x4a0 [nfs]
      [  220.373886]  ? nfs_create_request.part.14+0x37/0x330 [nfs]
      [  220.373967]  nfs_pageio_add_request+0xb2/0x260 [nfs]
      [  220.374042]  readpage_async_filler+0xaf/0x280 [nfs]
      [  220.374103]  read_cache_pages+0xef/0x1b0
      [  220.374166]  ? nfs_read_completion+0x210/0x210 [nfs]
      [  220.374239]  nfs_readpages+0x129/0x200 [nfs]
      [  220.374293]  __do_page_cache_readahead+0x1d0/0x2f0
      [  220.374352]  ondemand_readahead+0x17d/0x2a0
      [  220.374403]  page_cache_sync_readahead+0x2e/0x50
      [  220.374460]  generic_file_read_iter+0x6c8/0x950
      [  220.374532]  ? nfs_mapping_need_revalidate_inode+0x17/0x40 [nfs]
      [  220.374617]  nfs_file_read+0x6e/0xc0 [nfs]
      [  220.374670]  __vfs_read+0xe2/0x150
      [  220.374715]  vfs_read+0x96/0x130
      [  220.374758]  SyS_read+0x55/0xc0
      [  220.374801]  entry_SYSCALL_64_fastpath+0x1a/0xa9
      [  220.374856] RIP: 0033:0x7f555f570bd0
      [  220.374900] RSP: 002b:00007ffeb73e1b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
      [  220.374986] RAX: ffffffffffffffda RBX: 00007f555f839ae0 RCX: 00007f555f570bd0
      [  220.375066] RDX: 0000000000020000 RSI: 00007f555fa41000 RDI: 0000000000000003
      [  220.375145] RBP: 0000000000021010 R08: ffffffffffffffff R09: 0000000000000000
      [  220.375226] R10: 00007f555fa40010 R11: 0000000000000246 R12: 0000000000022000
      [  220.375305] R13: 0000000000021010 R14: 0000000000001000 R15: 0000000000002710
      [  220.375386] Code: 66 66 90 55 48 89 e5 41 54 53 49 89 fc 48 83 ec 08 48 85 f6 74 2e 48 8b 4e 30 48 89 f3 48 81 f9 00 f0 ff ff 77 1e 48 85 c9 74 15 <48> 83 79 78 00 b8 01 00 00 00 74 2c 48 83 c4 08 5b 41 5c 5d c3
      [  220.375653] RIP: ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles] RSP: ffffb72b88c0f970
      [  220.375748] CR2: 0000000000000065
      [  220.403538] ---[ end trace bcdca752211b7da9 ]---
      Signed-off-by: default avatarTigran Mkrtchyan <tigran.mkrtchyan@desy.de>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      f17f8a14
    • Olga Kornievskaia's avatar
      NFSv4.1 fix infinite loop on IO BAD_STATEID error · 0e3d3e5d
      Olga Kornievskaia authored
      Commit 63d63cbf "NFSv4.1: Don't recheck delegations that
      have already been checked" introduced a regression where when a
      client received BAD_STATEID error it would not send any TEST_STATEID
      and instead go into an infinite loop of resending the IO that caused
      the BAD_STATEID.
      
      Fixes: 63d63cbf ("NFSv4.1: Don't recheck delegations that have already been checked")
      Signed-off-by: default avatarOlga Kornievskaia <kolga@netapp.com>
      Cc: stable@vger.kernel.org # 4.9+
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      0e3d3e5d
    • Paul Gortmaker's avatar
      serial: 8250_EXAR: fix duplicate Kconfig text and add missing help text · 49e1590c
      Paul Gortmaker authored
      In commit d0aeaa83 ("serial: exar:
      split out the exar code from 8250_pci") the exar driver got its own
      Kconfig.  However the text for the new option was never changed from
      the original 8250_PCI text, and hence it appears confusing when you
      get asked the same question twice:
      
        8250/16550 PCI device support (SERIAL_8250_PCI) [Y/n/m/?] (NEW)
          8250/16550 PCI device support (SERIAL_8250_EXAR) [Y/n/m] (NEW)
      
      Adding to the confusion, is that there is no help text for this new
      option to indicate it is specific to a certain family of cards.
      
      Fix both issues at the same time, as well as the space vs. tab issues
      introduced in the same commit.
      
      Fixes: d0aeaa83 ("serial: exar: split out the exar code from 8250_pci")
      Cc: Jiri Slaby <jslaby@suse.com>
      Cc: linux-serial@vger.kernel.org
      Signed-off-by: default avatarPaul Gortmaker <paul.gortmaker@windriver.com>
      Acked-by: default avatarSudip Mukherjee <sudipm.mukherjee@gmail.com>
      Reviewed-by: default avatarAndy Shevchenko <andy.shevchenko@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      49e1590c
    • Nicolas Ferre's avatar
      tty/serial: atmel: fix TX path in atmel_console_write() · 497e1e16
      Nicolas Ferre authored
      A side effect of 89d82324 ("tty/serial: atmel_serial: BUG: stop DMA
      from transmitting in stop_tx") is that the console can be called with
      TX path disabled. Then the system would hang trying to push charecters
      out in atmel_console_putchar().
      Signed-off-by: default avatarNicolas Ferre <nicolas.ferre@microchip.com>
      Fixes: 89d82324 ("tty/serial: atmel_serial: BUG: stop DMA from transmitting
      in stop_tx")
      Cc: stable <stable@vger.kernel.org>	#4.4+
      Acked-by: default avatarRichard Genoud <richard.genoud@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      497e1e16
    • Richard Genoud's avatar
      tty/serial: atmel: fix race condition (TX+DMA) · 31ca2c63
      Richard Genoud authored
      If uart_flush_buffer() is called between atmel_tx_dma() and
      atmel_complete_tx_dma(), the circular buffer has been cleared, but not
      atmel_port->tx_len.
      That leads to a circular buffer overflow (dumping (UART_XMIT_SIZE -
      atmel_port->tx_len) bytes).
      Tested-by: default avatarNicolas Ferre <nicolas.ferre@microchip.com>
      Signed-off-by: default avatarRichard Genoud <richard.genoud@gmail.com>
      Cc: stable <stable@vger.kernel.org> # 3.12+
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      31ca2c63
    • Uwe Kleine-König's avatar
      serial: mxs-auart: Fix baudrate calculation · a6040bc6
      Uwe Kleine-König authored
      The reference manual for the i.MX28 recommends to calculate the divisor
      as
      
      	divisor = (UARTCLK * 32) / baud rate, rounded to the nearest integer
      
      , so let's do this. For a typical setup of UARTCLK = 24 MHz and baud
      rate = 115200 this changes the divisor from 6666 to 6667 and so the
      actual baud rate improves from 115211.521 Bd (error ≅ 0.01 %) to
      115194.240 Bd (error ≅ 0.005 %).
      Signed-off-by: default avatarUwe Kleine-König <u.kleine-koenig@pengutronix.de>
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a6040bc6