4 years agoMerge tag 'staging-4.15-rc4' of git://
Linus Torvalds [Fri, 15 Dec 2017 20:59:48 +0000 (12:59 -0800)]
Merge tag 'staging-4.15-rc4' of git://git./linux/kernel/git/gregkh/staging

Pull staging fixes from Greg KH:
 "Here are some small staging driver fixes for 4.15-rc4.

  One patch for the ccree driver to prevent an unitialized value from
  being returned to a caller, and the other fixes a logic error in the
  pi433 driver"

* tag 'staging-4.15-rc4' of git://
  staging: pi433: Fixes issue with bit shift in rf69_get_modulation
  staging: ccree: Uninitialized return in ssi_ahash_import()

4 years agoMerge tag 'for_linus' of git://
Linus Torvalds [Fri, 15 Dec 2017 20:56:23 +0000 (12:56 -0800)]
Merge tag 'for_linus' of git://git./linux/kernel/git/mst/vhost

Pull virtio regression fixes from Michael Tsirkin:
 "Fixes two issues in the latest kernel"

* tag 'for_linus' of git://
  virtio_mmio: fix devm cleanup
  ptr_ring: fix up after recent ptr_ring changes

4 years agoMerge tag 'for-4.15/dm-fixes' of git://
Linus Torvalds [Fri, 15 Dec 2017 20:53:37 +0000 (12:53 -0800)]
Merge tag 'for-4.15/dm-fixes' of git://git./linux/kernel/git/device-mapper/linux-dm

Pull device mapper fixes from Mike Snitzer:

 - fix a particularly nasty DM core bug in a 4.15 refcount_t conversion.

 - fix various targets to dm_register_target after module __init
   resources created; otherwise racing lvm2 commands could result in a
   NULL pointer during initialization of associated DM kernel module.

 - fix regression in bio-based DM multipath queue_if_no_path handling.

 - fix DM bufio's shrinker to reclaim more than one buffer per scan.

* tag 'for-4.15/dm-fixes' of git://
  dm bufio: fix shrinker scans when (nr_to_scan < retain_target)
  dm mpath: fix bio-based multipath queue_if_no_path handling
  dm: fix various targets to dm_register_target after module __init resources created
  dm table: fix regression from improper dm_dev_internal.count refcount_t conversion

4 years agoMerge tag 'scsi-fixes' of git://
Linus Torvalds [Fri, 15 Dec 2017 20:51:42 +0000 (12:51 -0800)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "The most important one is the bfa fix because it's easy to oops the
  kernel with this driver (this includes the commit that corrects the
  compiler warning in the original), a regression in the new timespec
  conversion in aacraid and a regression in the Fibre Channel ELS
  handling patch.

  The other three are a theoretical problem with termination in the
  vendor/host matching code and a use after free in lpfc.

  The additional patches are a fix for an I/O hang in the mq code under
  certain circumstances and a rare oops in some debugging code"

* tag 'scsi-fixes' of git://
  scsi: core: Fix a scsi_show_rq() NULL pointer dereference
  scsi: MAINTAINERS: change FCoE list to linux-scsi
  scsi: libsas: fix length error in sas_smp_handler()
  scsi: bfa: fix type conversion warning
  scsi: core: run queue if SCSI device queue isn't ready and queue is idle
  scsi: scsi_devinfo: cleanly zero-pad devinfo strings
  scsi: scsi_devinfo: handle non-terminated strings
  scsi: bfa: fix access to bfad_im_port_s
  scsi: aacraid: address UBSAN warning regression
  scsi: libfc: fix ELS request handling
  scsi: lpfc: Use after free in lpfc_rq_buf_free()

4 years agoMerge tag 'mmc-v4.15-rc2' of git://
Linus Torvalds [Fri, 15 Dec 2017 20:49:54 +0000 (12:49 -0800)]
Merge tag 'mmc-v4.15-rc2' of git://git./linux/kernel/git/ulfh/mmc

Pull MMC fixes from Ulf Hansson:
 "A couple of MMC fixes:

   - fix use of uninitialized drv_typ variable

   - apply NO_CMD23 quirk to some specific SD cards to make them work"

* tag 'mmc-v4.15-rc2' of git://
  mmc: core: apply NO_CMD23 quirk to some specific cards
  mmc: core: properly init drv_type

4 years agoMerge tag 'ceph-for-4.15-rc4' of git://
Linus Torvalds [Fri, 15 Dec 2017 20:48:27 +0000 (12:48 -0800)]
Merge tag 'ceph-for-4.15-rc4' of git://

Pull ceph fix from Ilya Dryomov:
 "CephFS inode trimming fix from Zheng, marked for stable"

* tag 'ceph-for-4.15-rc4' of git://
  ceph: drop negative child dentries before try pruning inode's alias

4 years agoMerge branch 'overlayfs-linus' of git://
Linus Torvalds [Fri, 15 Dec 2017 20:46:48 +0000 (12:46 -0800)]
Merge branch 'overlayfs-linus' of git://git./linux/kernel/git/mszeredi/vfs

Pull overlayfs fixes from Miklos Szeredi:

 - fix incomplete syncing of filesystem

 - fix regression in readdir on ovl over 9p

 - only follow redirects when needed

 - misc fixes and cleanups

* 'overlayfs-linus' of git://
  ovl: fix overlay: warning prefix
  ovl: Use PTR_ERR_OR_ZERO()
  ovl: Sync upper dirty data when syncing overlayfs
  ovl: update ctx->pos on impure dir iteration
  ovl: Pass ovl_get_nlink() parameters in right order
  ovl: don't follow redirects if redirect_dir=off

4 years agoMerge tag 'arm64-fixes' of git://
Linus Torvalds [Fri, 15 Dec 2017 20:44:49 +0000 (12:44 -0800)]
Merge tag 'arm64-fixes' of git://git./linux/kernel/git/arm64/linux

Pull arm64 fixes from Will Deacon:
 "There are some significant fixes in here for FP state corruption,
  hardware access/dirty PTE corruption and an erratum workaround for the
  Falkor CPU.

  I'm hoping that things finally settle down now, but never say never...


   - Fix FPSIMD context switch regression introduced in -rc2

   - Fix ABI break with SVE CPUID register reporting

   - Fix use of uninitialised variable

   - Fixes to hardware access/dirty management and sanity checking

   - CPU erratum workaround for Falkor CPUs

   - Fix reporting of writeable+executable mappings

   - Fix signal reporting for RAS errors"

* tag 'arm64-fixes' of git://
  arm64: fpsimd: Fix copying of FP state from signal frame into task struct
  arm64/sve: Report SVE to userspace via CPUID only if supported
  arm64: fix CONFIG_DEBUG_WX address reporting
  arm64: fault: avoid send SIGBUS two times
  arm64: hw_breakpoint: Use linux/uaccess.h instead of asm/uaccess.h
  arm64: Add software workaround for Falkor erratum 1041
  arm64: Define cputype macros for Falkor CPU
  arm64: mm: Fix false positives in set_pte_at access/dirty race detection
  arm64: mm: Fix pte_mkclean, pte_mkdirty semantics
  arm64: Initialise high_memory global variable earlier

4 years agoMerge branch 'x86-urgent-for-linus' of git://
Linus Torvalds [Fri, 15 Dec 2017 20:14:33 +0000 (12:14 -0800)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull x86 fixes from Ingo Molnar:
 "Misc fixes:

   - fix the s2ram regression related to confusion around segment
     register restoration, plus related cleanups that make the code more

   - a guess-unwinder Kconfig dependency fix

   - an isoimage build target fix for certain tool chain combinations

   - instruction decoder opcode map fixes+updates, and the syncing of
     the kernel decoder headers to the objtool headers

   - a kmmio tracing fix

   - two 5-level paging related fixes

   - a topology enumeration fix on certain SMP systems"

* 'x86-urgent-for-linus' of git://
  objtool: Resync objtool's instruction decoder source code copy with the kernel's latest version
  x86/decoder: Fix and update the opcodes map
  x86/power: Make restore_processor_context() sane
  x86/power/32: Move SYSENTER MSR restoration to fix_processor_context()
  x86/power/64: Use struct desc_ptr for the IDT in struct saved_context
  x86/unwinder/guess: Prevent using CONFIG_UNWINDER_GUESS=y with CONFIG_STACKDEPOT=y
  x86/build: Don't verify mtools configuration file for isoimage
  x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
  x86/boot/compressed/64: Print error if 5-level paging is not supported
  x86/boot/compressed/64: Detect and handle 5-level paging at boot-time
  x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation

4 years agoMerge branch 'locking-urgent-for-linus' of git://
Linus Torvalds [Fri, 15 Dec 2017 19:44:59 +0000 (11:44 -0800)]
Merge branch 'locking-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull locking fixes from Ingo Molnar:
 "Misc fixes:

   - Fix a S390 boot hang that was caused by the lock-break logic.
     Remove lock-break to begin with, as review suggested it was
     unreasonably fragile and our confidence in its continued good
     health is lower than our confidence in its removal.

   - Remove the lockdep cross-release checking code for now, because of
     unresolved false positive warnings. This should make lockdep work
     well everywhere again.

   - Get rid of the final (and single) ACCESS_ONCE() straggler and
     remove the API from v4.15.

   - Fix a liblockdep build warning"

* 'locking-urgent-for-linus' of git://
  tools/lib/lockdep: Add missing declaration of 'pr_cont()'
  checkpatch: Remove ACCESS_ONCE() warning
  compiler.h: Remove ACCESS_ONCE()
  tools/include: Remove ACCESS_ONCE()
  tools/perf: Convert ACCESS_ONCE() to READ_ONCE()
  locking/lockdep: Remove the cross-release locking checks
  locking/core: Remove break_lock field when CONFIG_GENERIC_LOCKBREAK=y
  locking/core: Fix deadlock during boot on systems with GENERIC_LOCKBREAK

4 years agoMerge branch 'sched-urgent-for-linus' of git://
Linus Torvalds [Fri, 15 Dec 2017 19:40:24 +0000 (11:40 -0800)]
Merge branch 'sched-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull scheduler fixes from Ingo Molnar:
 "Two fixes: a crash fix for an ARM SoC platform, and kernel-doc
  warnings fixes"

* 'sched-urgent-for-linus' of git://
  sched/rt: Do not pull from current CPU if only one CPU to pull
  sched/core: Fix kernel-doc warnings after code movement

4 years agoMerge branch 'perf-urgent-for-linus' of git://
Linus Torvalds [Fri, 15 Dec 2017 19:36:20 +0000 (11:36 -0800)]
Merge branch 'perf-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull perf tooling fix from Ingo Molnar:
 "Synchronize kernel <-> tooling headers to resolve two build warnings
  in the perf build"

* 'perf-urgent-for-linus' of git://
  tools/headers: Synchronize kernel <-> tooling headers

4 years agoMerge branch 'core-urgent-for-linus' of git://
Linus Torvalds [Fri, 15 Dec 2017 19:34:29 +0000 (11:34 -0800)]
Merge branch 'core-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull early_ioremap fix from Ingo Molnar:
 "A boot hang fix when the EFI earlyprintk driver is enabled"

* 'core-urgent-for-linus' of git://
  mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep

4 years agoMerge tag 'for-linus-4.15-rc4-tag' of git://
Linus Torvalds [Fri, 15 Dec 2017 19:32:09 +0000 (11:32 -0800)]
Merge tag 'for-linus-4.15-rc4-tag' of git://git./linux/kernel/git/xen/tip

Pull xen fixes from Juergen Gross:
 "Two minor fixes for running as Xen dom0:

   - when built as 32 bit kernel on large machines the Xen LAPIC
     emulation should report a rather modern LAPIC in order to support
     enough APIC-Ids

   - The Xen LAPIC emulation is needed for dom0 only, so build it only
     for kernels supporting to run as Xen dom0"

* tag 'for-linus-4.15-rc4-tag' of git://
  xen: XEN_ACPI_PROCESSOR is Dom0-only
  x86/Xen: don't report ancient LAPIC version

4 years agoarm64: fpsimd: Fix copying of FP state from signal frame into task struct
Will Deacon [Fri, 15 Dec 2017 16:07:22 +0000 (16:07 +0000)]
arm64: fpsimd: Fix copying of FP state from signal frame into task struct

Commit 9de52a755cfb6da5 ("arm64: fpsimd: Fix failure to restore FPSIMD
state after signals") fixed an issue reported in our FPSIMD signal
restore code but inadvertently introduced another issue which tends to
manifest as random SEGVs in userspace.

The problem is that when we copy the struct fpsimd_state from the kernel
stack (populated from the signal frame) into the struct held in the
current thread_struct, we blindly copy uninitialised stack into the
"cpu" field, which means that context-switching of the FP registers is
no longer reliable.

This patch fixes the problem by copying only the user_fpsimd member of
struct fpsimd_state. We should really rework the function prototypes
to take struct user_fpsimd_state * instead, but let's just get this
fixed for now.

Cc: Dave Martin <>
Fixes: 9de52a755cfb6da5 ("arm64: fpsimd: Fix failure to restore FPSIMD state after signals")
Reported-by: Geert Uytterhoeven <>
Signed-off-by: Will Deacon <>
4 years agosched/rt: Do not pull from current CPU if only one CPU to pull
Steven Rostedt [Sat, 2 Dec 2017 18:04:54 +0000 (13:04 -0500)]
sched/rt: Do not pull from current CPU if only one CPU to pull

Daniel Wagner reported a crash on the BeagleBone Black SoC.

This is a single CPU architecture, and does not have a functional
arch_send_call_function_single_ipi() implementation which can crash
the kernel if that is called.

As it only has one CPU, it shouldn't be called, but if the kernel is
compiled for SMP, the push/pull RT scheduling logic now calls it for
irq_work if the one CPU is overloaded, it can use that function to call
itself and crash the kernel.

Ideally, we should disable the SCHED_FEAT(RT_PUSH_IPI) if the system
only has a single CPU. But SCHED_FEAT is a constant if sched debugging
is turned off. Another fix can also be used, and this should also help
with normal SMP machines. That is, do not initiate the pull code if
there's only one RT overloaded CPU, and that CPU happens to be the
current CPU that is scheduling in a lower priority task.

Even on a system with many CPUs, if there's many RT tasks waiting to
run on a single CPU, and that CPU schedules in another RT task of lower
priority, it will initiate the PULL logic in case there's a higher
priority RT task on another CPU that is waiting to run. But if there is
no other CPU with waiting RT tasks, it will initiate the RT pull logic
on itself (as it still has RT tasks waiting to run). This is a wasted

Not only does this help with SMP code where the current CPU is the only
one with RT overloaded tasks, it should also solve the issue that
Daniel encountered, because it will prevent the PULL logic from
executing, as there's only one CPU on the system, and the check added
here will cause it to exit the RT pull code.

Reported-by: Daniel Wagner <>
Signed-off-by: Steven Rostedt (VMware) <>
Acked-by: Peter Zijlstra <>
Cc: Linus Torvalds <>
Cc: Sebastian Andrzej Siewior <>
Cc: Thomas Gleixner <>
Cc: linux-rt-users <>
Fixes: 4bdced5c9 ("sched/rt: Simplify the IPI based RT balancing logic")
Signed-off-by: Ingo Molnar <>
4 years agotools/headers: Synchronize kernel <-> tooling headers
Ingo Molnar [Fri, 15 Dec 2017 12:47:51 +0000 (13:47 +0100)]
tools/headers: Synchronize kernel <-> tooling headers

Two kernel headers got modified recently, which are used by tooling as well:


None of those changes have an effect on tooling, so do a plain copy.

Cc: Arnaldo Carvalho de Melo <>
Cc: Linus Torvalds <>
Cc: Peter Zijlstra <>
Cc: Thomas Gleixner <>
Cc: Peter Zijlstra <>
Cc: Namhyung Kim <>
Cc: Jiri Olsa <>
Signed-off-by: Ingo Molnar <>
4 years agoobjtool: Resync objtool's instruction decoder source code copy with the kernel's...
Ingo Molnar [Fri, 15 Dec 2017 12:36:56 +0000 (13:36 +0100)]
objtool: Resync objtool's instruction decoder source code copy with the kernel's latest version

This fixes the following warning:

  warning: objtool: x86 instruction decoder differs from kernel

Note that there are cleanups queued up for v4.16 that will make this
warning more informative and will make the syncing easier as well.

Cc: Josh Poimboeuf <>
Cc: Linus Torvalds <>
Cc: Peter Zijlstra <>
Cc: Thomas Gleixner <>
Signed-off-by: Ingo Molnar <>
4 years agox86/decoder: Fix and update the opcodes map
Randy Dunlap [Mon, 11 Dec 2017 18:38:36 +0000 (10:38 -0800)]
x86/decoder: Fix and update the opcodes map

Update x86-opcode-map.txt based on the October 2017 Intel SDM publication.
Add UD0 and UD1 instruction opcodes.

Also sync the objtool and perf tooling copies of this file.

Signed-off-by: Randy Dunlap <>
Acked-by: Masami Hiramatsu <>
Cc: Josh Poimboeuf <>
Cc: Linus Torvalds <>
Cc: Masami Hiramatsu <>
Cc: Peter Zijlstra <>
Cc: Thomas Gleixner <>
Signed-off-by: Ingo Molnar <>
4 years agox86/power: Make restore_processor_context() sane
Andy Lutomirski [Thu, 14 Dec 2017 21:19:07 +0000 (13:19 -0800)]
x86/power: Make restore_processor_context() sane

My previous attempt to fix a couple of bugs in __restore_processor_context():

  5b06bbcfc2c6 ("x86/power: Fix some ordering bugs in __restore_processor_context()")

... introduced yet another bug, breaking suspend-resume.

Rather than trying to come up with a minimal fix, let's try to clean it up
for real.  This patch fixes quite a few things:

 - The old code saved a nonsensical subset of segment registers.
   The only registers that need to be saved are those that contain
   userspace state or those that can't be trivially restored without
   percpu access working.  (On x86_32, we can restore percpu access
   by writing __KERNEL_PERCPU to %fs.  On x86_64, it's easier to
   save and restore the kernel's GSBASE.)  With this patch, we
   restore hardcoded values to the kernel state where applicable and
   explicitly restore the user state after fixing all the descriptor

 - We used to use an unholy mix of inline asm and C helpers for
   segment register access.  Let's get rid of the inline asm.

This fixes the reported s2ram hangs and make the code all around
more logical.

Analyzed-by: Linus Torvalds <>
Reported-by: Jarkko Nikula <>
Reported-by: Pavel Machek <>
Tested-by: Jarkko Nikula <>
Tested-by: Pavel Machek <>
Signed-off-by: Andy Lutomirski <>
Acked-by: Rafael J. Wysocki <>
Acked-by: Thomas Gleixner <>
Cc: Borislav Petkov <>
Cc: Josh Poimboeuf <>
Cc: Peter Zijlstra <>
Cc: Rafael J. Wysocki <>
Cc: Zhang Rui <>
Fixes: 5b06bbcfc2c6 ("x86/power: Fix some ordering bugs in __restore_processor_context()")
Signed-off-by: Ingo Molnar <>
4 years agox86/power/32: Move SYSENTER MSR restoration to fix_processor_context()
Andy Lutomirski [Thu, 14 Dec 2017 21:19:06 +0000 (13:19 -0800)]
x86/power/32: Move SYSENTER MSR restoration to fix_processor_context()

x86_64 restores system call MSRs in fix_processor_context(), and
x86_32 restored them along with segment registers.  The 64-bit
variant makes more sense, so move the 32-bit code to match the
64-bit code.

No side effects are expected to runtime behavior.

Tested-by: Jarkko Nikula <>
Signed-off-by: Andy Lutomirski <>
Acked-by: Rafael J. Wysocki <>
Acked-by: Thomas Gleixner <>
Cc: Borislav Petkov <>
Cc: Josh Poimboeuf <>
Cc: Linus Torvalds <>
Cc: Pavel Machek <>
Cc: Peter Zijlstra <>
Cc: Rafael J. Wysocki <>
Cc: Zhang Rui <>
Signed-off-by: Ingo Molnar <>
4 years agox86/power/64: Use struct desc_ptr for the IDT in struct saved_context
Andy Lutomirski [Thu, 14 Dec 2017 21:19:05 +0000 (13:19 -0800)]
x86/power/64: Use struct desc_ptr for the IDT in struct saved_context

x86_64's saved_context nonsensically used separate idt_limit and
idt_base fields and then cast &idt_limit to struct desc_ptr *.

This was correct (with -fno-strict-aliasing), but it's confusing,
served no purpose, and required #ifdeffery. Simplify this by
using struct desc_ptr directly.

No change in functionality.

Tested-by: Jarkko Nikula <>
Signed-off-by: Andy Lutomirski <>
Acked-by: Rafael J. Wysocki <>
Acked-by: Thomas Gleixner <>
Cc: Borislav Petkov <>
Cc: Josh Poimboeuf <>
Cc: Linus Torvalds <>
Cc: Pavel Machek <>
Cc: Peter Zijlstra <>
Cc: Rafael J. Wysocki <>
Cc: Zhang Rui <>
Signed-off-by: Ingo Molnar <>
4 years agoMerge tag 'pm-4.15-rc4' of git://
Linus Torvalds [Fri, 15 Dec 2017 02:25:03 +0000 (18:25 -0800)]
Merge tag 'pm-4.15-rc4' of git://git./linux/kernel/git/rafael/linux-pm

Pull power management fix from Rafael Wysocki:
 "This fixes an issue in two recent commits that may cause
  pm_runtime_enable() to be called for too many times for some devices
  during the "thaw" transition belonging to hibernation"

* tag 'pm-4.15-rc4' of git://
  PM / sleep: Avoid excess pm_runtime_enable() calls in device_resume()

4 years agoMerge tag 'trace-v4.15-rc1' of git://
Linus Torvalds [Fri, 15 Dec 2017 02:21:33 +0000 (18:21 -0800)]
Merge tag 'trace-v4.15-rc1' of git://git./linux/kernel/git/rostedt/linux-trace

Pull tracing fixes from Steven Rostedt:
 "Various fix-ups:

   - comment fixes

   - build fix

   - better memory alloction (don't use NR_CPUS)

   - configuration fix

   - build warning fix

   - enhanced callback parameter (to simplify users of trace hooks)

   - give up on stack tracing when RCU isn't watching (it's a lost

* tag 'trace-v4.15-rc1' of git://
  tracing: Have stack trace not record if RCU is not watching
  tracing: Pass export pointer as argument to ->write()
  ring-buffer: Remove unused function __rb_data_page_index()
  tracing: make PREEMPTIRQ_EVENTS depend on TRACING
  tracing: Allocate mask_str buffer dynamically
  tracing: always define trace_{irq,preempt}_{enable_disable}
  tracing: Fix code comments in trace.c

4 years agotracing: Have stack trace not record if RCU is not watching
Steven Rostedt (VMware) [Tue, 5 Dec 2017 09:41:51 +0000 (04:41 -0500)]
tracing: Have stack trace not record if RCU is not watching

The stack tracer records a stack dump whenever it sees a stack usage that is
more than what it ever saw before. This can happen at any function that is
being traced. If it happens when the CPU is going idle (or other strange
locations), RCU may not be watching, and in this case, the recording of the
stack trace will trigger a warning. There's been lots of efforts to make
hacks to allow stack tracing to proceed even if RCU is not watching, but
this only causes more issues to appear. Simply do not trace a stack if RCU
is not watching. It probably isn't a bad stack anyway.

Acked-by: "Paul E. McKenney" <>
Signed-off-by: Steven Rostedt (VMware) <>
4 years agoMerge tag 'pci-v4.15-fixes-1' of git://
Linus Torvalds [Fri, 15 Dec 2017 01:02:39 +0000 (17:02 -0800)]
Merge tag 'pci-v4.15-fixes-1' of git://git./linux/kernel/git/helgaas/pci

Pull PCI fixes from Bjorn Helgaas:

 - add a pci_get_domain_bus_and_slot() stub for the CONFIG_PCI=n case to
   avoid build breakage in the v4.16 merge window if a
   pci_get_bus_and_slot() -> pci_get_domain_bus_and_slot() patch gets
   merged before the PCI tree (Randy Dunlap)

 - fix an AMD boot regression in the 64bit BAR support added in v4.15
   (Christian König)

 - fix an R-Car use-after-free that causes a crash if no PCIe card is
   present (Geert Uytterhoeven)

* tag 'pci-v4.15-fixes-1' of git://
  PCI: rcar: Fix use-after-free in probe error path
  x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h
  x86/PCI: Fix infinite loop in search for 64bit BAR placement
  PCI: Add pci_get_domain_bus_and_slot() stub

4 years agoMerge branch 'akpm' (patches from Andrew)
Linus Torvalds [Fri, 15 Dec 2017 00:35:20 +0000 (16:35 -0800)]
Merge branch 'akpm' (patches from Andrew)

Merge misc fixes from Andrew Morton:
 "17 fixes"

* emailed patches from Andrew Morton <>:
  arch: define weak abort()
  mm, oom_reaper: fix memory corruption
  kernel: make groups_sort calling a responsibility group_info allocators
  mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()'
  tools/slabinfo-gnuplot: force to use bash shell
  kcov: fix comparison callback signature
  mm/slab.c: do not hash pointers when debugging slab
  mm/page_alloc.c: avoid excessive IRQ disabled times in free_unref_page_list()
  mm/memory.c: mark wp_huge_pmd() inline to prevent build failure
  scripts/faddr2line: fix CROSS_COMPILE unset error
  Documentation/vm/zswap.txt: update with same-value filled page feature
  exec: avoid gcc-8 warning for get_task_comm
  autofs: fix careless error in recent commit
  string.h: workaround for increased stack usage
  mm/kmemleak.c: make cond_resched() rate-limiting more efficient
  lib/rbtree,drm/mm: add rbtree_replace_node_cached()
  include/linux/idr.h: add #include <linux/bug.h>

4 years agoarch: define weak abort()
Sudip Mukherjee [Thu, 14 Dec 2017 23:33:19 +0000 (15:33 -0800)]
arch: define weak abort()

gcc toggle -fisolate-erroneous-paths-dereference (default at -O2
onwards) isolates faulty code paths such as null pointer access, divide
by zero etc.  If gcc port doesnt implement __builtin_trap, an abort() is
generated which causes kernel link error.

In this case, gcc is generating abort due to 'divide by zero' in

Currently 'frv' and 'arc' are failing.  Previously other arch was also
broken like m32r was fixed by commit d22e3d69ee1a ("m32r: fix build

Let's define this weak function which is common for all arch and fix the
problem permanently.  We can even remove the arch specific 'abort' after
this is done.

Signed-off-by: Sudip Mukherjee <>
Cc: Alexey Brodkin <>
Cc: Vineet Gupta <>
Cc: Sudip Mukherjee <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
4 years agomm, oom_reaper: fix memory corruption
Michal Hocko [Thu, 14 Dec 2017 23:33:15 +0000 (15:33 -0800)]
mm, oom_reaper: fix memory corruption

David Rientjes has reported the following memory corruption while the
oom reaper tries to unmap the victims address space

  BUG: Bad page map in process oom_reaper  pte:6353826300000000 pmd:00000000
  addr:00007f50cab1d000 vm_flags:08100073 anon_vma:ffff9eea335603f0 mapping:          (null) index:7f50cab1d
  file:          (null) fault:          (null) mmap:          (null) readpage:          (null)
  CPU: 2 PID: 1001 Comm: oom_reaper
  Call Trace:

Tetsuo Handa has noticed that the synchronization inside exit_mmap is
insufficient.  We only synchronize with the oom reaper if
tsk_is_oom_victim which is not true if the final __mmput is called from
a different context than the oom victim exit path.  This can trivially
happen from context of any task which has grabbed mm reference (e.g.  to
read /proc/<pid>/ file which requires mm etc.).

The race would look like this

  oom_reaper oom_victim task
  __oom_reap_task_mm mmput

Fix this issue by providing a new mm_is_oom_victim() helper which
operates on the mm struct rather than a task.  Any context which
operates on a remote mm struct should use this helper in place of
tsk_is_oom_victim.  The flag is set in mark_oom_victim and never cleared
so it is stable in the exit_mmap path.

Debugged by Tetsuo Handa.

Fixes: 212925802454 ("mm: oom: let oom_reap_task and exit_mmap run concurrently")
Signed-off-by: Michal Hocko <>
Reported-by: David Rientjes <>
Acked-by: David Rientjes <>
Cc: Tetsuo Handa <>
Cc: Andrea Argangeli <>
Cc: <> [4.14]
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
4 years agokernel: make groups_sort calling a responsibility group_info allocators
Thiago Rafael Becker [Thu, 14 Dec 2017 23:33:12 +0000 (15:33 -0800)]
kernel: make groups_sort calling a responsibility group_info allocators

In testing, we found that nfsd threads may call set_groups in parallel
for the same entry cached in auth.unix.gid, racing in the call of
groups_sort, corrupting the groups for that entry and leading to
permission denials for the client.

This patch:
 - Make groups_sort globally visible.
 - Move the call to groups_sort to the modifiers of group_info
 - Remove the call to groups_sort from set_groups

Signed-off-by: Thiago Rafael Becker <>
Reviewed-by: Matthew Wilcox <>
Reviewed-by: NeilBrown <>
Acked-by: "J. Bruce Fields" <>
Cc: Al Viro <>
Cc: Martin Schwidefsky <>
Cc: <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
4 years agomm/frame_vector.c: release a semaphore in 'get_vaddr_frames()'
Christophe JAILLET [Thu, 14 Dec 2017 23:33:08 +0000 (15:33 -0800)]
mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()'

A semaphore is acquired before this check, so we must release it before

Fixes: b7f0554a56f2 ("mm: fail get_vaddr_frames() for filesystem-dax mappings")
Signed-off-by: Christophe JAILLET <>
Acked-by: Michal Hocko <>
Cc: Dan Williams <>
Cc: Christian Borntraeger <>
Cc: David Sterba <>
Cc: Greg Kroah-Hartman <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
4 years agotools/slabinfo-gnuplot: force to use bash shell
Liu, Changcheng [Thu, 14 Dec 2017 23:33:05 +0000 (15:33 -0800)]
tools/slabinfo-gnuplot: force to use bash shell

On some linux distributions, the default link of sh is dash which
deoesn't support split array like "${var//,/ }"

It's better to force to use bash shell directly.

Signed-off-by: Liu Changcheng <>
Reviewed-by: Sergey Senozhatsky <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
4 years agokcov: fix comparison callback signature
Dmitry Vyukov [Thu, 14 Dec 2017 23:33:02 +0000 (15:33 -0800)]
kcov: fix comparison callback signature

Fix a silly copy-paste bug.  We truncated u32 args to u16.

Fixes: ded97d2c2b2c ("kcov: support comparison operands collection")
Signed-off-by: Dmitry Vyukov <>
Cc: Alexander Potapenko <>
Cc: Vegard Nossum <>
Cc: Quentin Casasnovas <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
4 years agomm/slab.c: do not hash pointers when debugging slab
Geert Uytterhoeven [Thu, 14 Dec 2017 23:32:58 +0000 (15:32 -0800)]
mm/slab.c: do not hash pointers when debugging slab

If CONFIG_DEBUG_SLAB/CONFIG_DEBUG_SLAB_LEAK are enabled, the slab code
prints extra debug information when e.g.  corruption is detected.  This
includes pointers, which are not very useful when hashed.

Fix this by using %px to print unhashed pointers instead where it makes
sense, and by removing the printing of a last user pointer referring to

[ v2]
Fixes: ad67b74d2469d9b8 ("printk: hash addresses printed with %p")
Signed-off-by: Geert Uytterhoeven <>
Acked-by: Christoph Lameter <>
Acked-by: Linus Torvalds <>
Cc: Pekka Enberg <>
Cc: David Rientjes <>
Cc: Joonsoo Kim <>
Cc: "Tobin C . Harding" <>
Cc: Kees Cook <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
4 years agomm/page_alloc.c: avoid excessive IRQ disabled times in free_unref_page_list()
Lucas Stach [Thu, 14 Dec 2017 23:32:55 +0000 (15:32 -0800)]
mm/page_alloc.c: avoid excessive IRQ disabled times in free_unref_page_list()

Since commit 9cca35d42eb6 ("mm, page_alloc: enable/disable IRQs once
when freeing a list of pages") we see excessive IRQ disabled times of up
to 25ms on an embedded ARM system (tracing overhead included).

This is due to graphics buffers being freed back to the system via
release_pages().  Graphics buffers can be huge, so it's not hard to hit
cases where the list of pages to free has 2048 entries.  Disabling IRQs
while freeing all those pages is clearly not a good idea.

Introduce a batch limit, which allows IRQ servicing once every few
pages.  The batch count is the same as used in other parts of the MM
subsystem when dealing with IRQ disabled regions.

Fixes: 9cca35d42eb6 ("mm, page_alloc: enable/disable IRQs once when freeing a list of pages")
Signed-off-by: Lucas Stach <>
Acked-by: Mel Gorman <>
Cc: Michal Hocko <>
Cc: Vlastimil Babka <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
4 years agomm/memory.c: mark wp_huge_pmd() inline to prevent build failure
Geert Uytterhoeven [Thu, 14 Dec 2017 23:32:52 +0000 (15:32 -0800)]
mm/memory.c: mark wp_huge_pmd() inline to prevent build failure

With gcc 4.1.2:

    mm/memory.o: In function `wp_huge_pmd':
    memory.c:(.text+0x9b4): undefined reference to `do_huge_pmd_wp_page'

Interestingly, wp_huge_pmd() is emitted in the assembler output, but
never called.

Apparently replacing the call to pmd_write() in __handle_mm_fault() by a
call to the more complex pmd_access_permitted() reduced the ability of
the compiler to remove unused code.

Fix this by marking wp_huge_pmd() inline, like was done in commit
91a90140f998 ("mm/memory.c: mark create_huge_pmd() inline to prevent
build failure") for a similar problem.

[ add comment]
Fixes: c7da82b894e9eef6 ("mm: replace pmd_write with pmd_access_permitted in fault + gup paths")
Signed-off-by: Geert Uytterhoeven <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
4 years agoscripts/faddr2line: fix CROSS_COMPILE unset error
Liu, Changcheng [Thu, 14 Dec 2017 23:32:48 +0000 (15:32 -0800)]
scripts/faddr2line: fix CROSS_COMPILE unset error

faddr2line hit var unbound error when CROSS_COMPILE isn't set since
nounset option is set in bash script.

Fixes: 95a879825419 ("scripts/faddr2line: extend usage on generic arch")
Signed-off-by: Liu Changcheng <>
Reported-by: Richard Weinberger <>
Reviewed-by: Richard Weinberger <>
Cc: Thomas Gleixner <>
Cc: Greg Kroah-Hartman <>
Cc: Philippe Ombredanne <>
Cc: NeilBrown <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
4 years agoDocumentation/vm/zswap.txt: update with same-value filled page feature
Srividya Desireddy [Thu, 14 Dec 2017 23:32:45 +0000 (15:32 -0800)]
Documentation/vm/zswap.txt: update with same-value filled page feature

Update zswap document with details on same-value filled pages
identification feature.  The usage of zswap.same_filled_pages_enabled
module parameter is explained.

Signed-off-by: Srividya Desireddy <>
Acked-by: Dan Streetman <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
4 years agoexec: avoid gcc-8 warning for get_task_comm
Arnd Bergmann [Thu, 14 Dec 2017 23:32:41 +0000 (15:32 -0800)]
exec: avoid gcc-8 warning for get_task_comm

gcc-8 warns about using strncpy() with the source size as the limit:

  fs/exec.c:1223:32: error: argument to 'sizeof' in 'strncpy' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess]

This is indeed slightly suspicious, as it protects us from source
arguments without NUL-termination, but does not guarantee that the
destination is terminated.

This keeps the strncpy() to ensure we have properly padded target
buffer, but ensures that we use the correct length, by passing the
actual length of the destination buffer as well as adding a build-time
check to ensure it is exactly TASK_COMM_LEN.

There are only 23 callsites which I all reviewed to ensure this is
currently the case.  We could get away with doing only the check or
passing the right length, but it doesn't hurt to do both.

Signed-off-by: Arnd Bergmann <>
Suggested-by: Kees Cook <>
Acked-by: Kees Cook <>
Acked-by: Ingo Molnar <>
Cc: Alexander Viro <>
Cc: Peter Zijlstra <>
Cc: Serge Hallyn <>
Cc: James Morris <>
Cc: Aleksa Sarai <>
Cc: "Eric W. Biederman" <>
Cc: Frederic Weisbecker <>
Cc: Thomas Gleixner <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
4 years agoautofs: fix careless error in recent commit
NeilBrown [Thu, 14 Dec 2017 23:32:38 +0000 (15:32 -0800)]
autofs: fix careless error in recent commit

Commit ecc0c469f277 ("autofs: don't fail mount for transient error") was
meant to replace an 'if' with a 'switch', but instead added the 'switch'
leaving the case in place.

Fixes: ecc0c469f277 ("autofs: don't fail mount for transient error")
Reported-by: Ben Hutchings <>
Signed-off-by: NeilBrown <>
Cc: Ian Kent <>
Cc: <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
4 years agostring.h: workaround for increased stack usage
Arnd Bergmann [Thu, 14 Dec 2017 23:32:34 +0000 (15:32 -0800)]
string.h: workaround for increased stack usage

The hardened strlen() function causes rather large stack usage in at
least one file in the kernel, in particular when CONFIG_KASAN is

  drivers/media/usb/em28xx/em28xx-dvb.c: In function 'em28xx_dvb_init':
  drivers/media/usb/em28xx/em28xx-dvb.c:2062:1: error: the frame size of 3256 bytes is larger than 204 bytes [-Werror=frame-larger-than=]

Analyzing this problem led to the discovery that gcc fails to merge the
stack slots for the i2c_board_info[] structures after we strlcpy() into
them, due to the 'noreturn' attribute on the source string length check.

I reported this as a gcc bug, but it is unlikely to get fixed for gcc-8,
since it is relatively easy to work around, and it gets triggered
rarely.  An earlier workaround I did added an empty inline assembly
statement before the call to fortify_panic(), which works surprisingly
well, but is really ugly and unintuitive.

This is a new approach to the same problem, this time addressing it by
not calling the 'extern __real_strnlen()' function for string constants
where __builtin_strlen() is a compile-time constant and therefore known
to be safe.

We do this by checking if the last character in the string is a
compile-time constant '\0'.  If it is, we can assume that strlen() of
the string is also constant.

As a side-effect, this should also improve the object code output for
any other call of strlen() on a string constant.

[ add comment]
Fixes: 6974f0c4555 ("include/linux/string.h: add the option of fortified string.h functions")
Signed-off-by: Arnd Bergmann <>
Cc: Kees Cook <>
Cc: Mauro Carvalho Chehab <>
Cc: Dmitry Vyukov <>
Cc: Alexander Potapenko <>
Cc: Andrey Ryabinin <>
Cc: Daniel Micay <>
Cc: Greg Kroah-Hartman <>
Cc: Martin Wilck <>
Cc: Dan Williams <>
Cc: <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
4 years agomm/kmemleak.c: make cond_resched() rate-limiting more efficient
Andrew Morton [Thu, 14 Dec 2017 23:32:31 +0000 (15:32 -0800)]
mm/kmemleak.c: make cond_resched() rate-limiting more efficient

Commit bde5f6bc68db ("kmemleak: add scheduling point to
kmemleak_scan()") tries to rate-limit the frequency of cond_resched()
calls, but does it in a way which might incur an expensive division
operation in the inner loop.  Simplify this.

Fixes: bde5f6bc68db5 ("kmemleak: add scheduling point to kmemleak_scan()")
Suggested-by: Linus Torvalds <>
Cc: Yisheng Xie <>
Cc: Catalin Marinas <>
Cc: Michal Hocko <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
4 years agolib/rbtree,drm/mm: add rbtree_replace_node_cached()
Chris Wilson [Thu, 14 Dec 2017 23:32:28 +0000 (15:32 -0800)]
lib/rbtree,drm/mm: add rbtree_replace_node_cached()

Add a variant of rbtree_replace_node() that maintains the leftmost cache
of struct rbtree_root_cached when replacing nodes within the rbtree.

As drm_mm is the only rb_replace_node() being used on an interval tree,
the mistake looks fairly self-contained.  Furthermore the only user of
drm_mm_replace_node() is its testsuite...

Testcase: igt/drm_mm/replace

Fixes: f808c13fd373 ("lib/interval_tree: fast overlap detection")
Signed-off-by: Chris Wilson <>
Reviewed-by: Joonas Lahtinen <>
Acked-by: Davidlohr Bueso <>
Cc: Jérôme Glisse <>
Cc: Joonas Lahtinen <>
Cc: Daniel Vetter <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
4 years agoinclude/linux/idr.h: add #include <linux/bug.h>
Wei Wang [Thu, 14 Dec 2017 23:32:24 +0000 (15:32 -0800)]
include/linux/idr.h: add #include <linux/bug.h>

The <linux/bug.h> was removed from radix-tree.h by commit f5bba9d11a25
("include/linux/radix-tree.h: remove unneeded #include <linux/bug.h>").

Since that commit, tools/testing/radix-tree/ couldn't pass compilation
due to tools/testing/radix-tree/idr.c:17: undefined reference to
WARN_ON_ONCE.  This patch adds the bug.h header to idr.h to solve the

Fixes: f5bba9d11a2 ("include/linux/radix-tree.h: remove unneeded #include <linux/bug.h>")
Signed-off-by: Wei Wang <>
Cc: Matthew Wilcox <>
Cc: Jan Kara <>
Cc: Eric Biggers <>
Cc: Tejun Heo <>
Cc: Masahiro Yamada <>
Cc: Michal Hocko <>
Signed-off-by: Andrew Morton <>
Signed-off-by: Linus Torvalds <>
4 years agoMerge tag '4.15-rc-smb3' of git://
Linus Torvalds [Thu, 14 Dec 2017 19:51:21 +0000 (11:51 -0800)]
Merge tag '4.15-rc-smb3' of git://

Pull cifs fixes from Steve French:
 "Small SMB3 fixes for stable and 4.15rc"

* tag '4.15-rc-smb3' of git://
  CIFS: don't log STATUS_NOT_FOUND errors for DFS
  cifs: fix NULL deref in SMB2_read

4 years agoMerge tag 'drm-misc-fixes-2017-12-14' of git://
Linus Torvalds [Thu, 14 Dec 2017 19:45:53 +0000 (11:45 -0800)]
Merge tag 'drm-misc-fixes-2017-12-14' of git://

Pull drm fixes from Daniel Vetter:

 - two fixes for new core features

 - a corner case fix for the connnector_iter fix from last week (this
   one is cc: stable)

 - one vc4 fix

* tag 'drm-misc-fixes-2017-12-14' of git://
  drm/drm_lease: Prevent deadlock in case drm_lease_create() fails
  drm: rework delayed connector cleanup in connector_iter
  drm: Update edid-derived drm_display_info fields at edid property set [v2]
  drm/vc4: Release fence after signalling

4 years agovirtio_mmio: fix devm cleanup
Mark Rutland [Tue, 12 Dec 2017 13:45:50 +0000 (13:45 +0000)]
virtio_mmio: fix devm cleanup

Recent rework of the virtio_mmio probe/remove paths balanced a
devm_ioremap() with an iounmap() rather than its devm variant. This ends
up corrupting the devm datastructures, and results in the following
boot-time splat on arm64 under QEMU 2.9.0:

[    3.450397] ------------[ cut here ]------------
[    3.453822] Trying to vfree() nonexistent vm area (00000000c05b4844)
[    3.460534] WARNING: CPU: 1 PID: 1 at mm/vmalloc.c:1525 __vunmap+0x1b8/0x220
[    3.475898] Kernel panic - not syncing: panic_on_warn set ...
[    3.475898]
[    3.493933] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.15.0-rc3 #1
[    3.513109] Hardware name: linux,dummy-virt (DT)
[    3.525382] Call trace:
[    3.531683]  dump_backtrace+0x0/0x368
[    3.543921]  show_stack+0x20/0x30
[    3.547767]  dump_stack+0x108/0x164
[    3.559584]  panic+0x25c/0x51c
[    3.569184]  __warn+0x29c/0x31c
[    3.576023]  report_bug+0x1d4/0x290
[    3.586069]  bug_handler.part.2+0x40/0x100
[    3.597820]  bug_handler+0x4c/0x88
[    3.608400]  brk_handler+0x11c/0x218
[    3.613430]  do_debug_exception+0xe8/0x318
[    3.627370]  el1_dbg+0x18/0x78
[    3.634037]  __vunmap+0x1b8/0x220
[    3.648747]  vunmap+0x6c/0xc0
[    3.653864]  __iounmap+0x44/0x58
[    3.659771]  devm_ioremap_release+0x34/0x68
[    3.672983]  release_nodes+0x404/0x880
[    3.683543]  devres_release_all+0x6c/0xe8
[    3.695692]  driver_probe_device+0x250/0x828
[    3.706187]  __driver_attach+0x190/0x210
[    3.717645]  bus_for_each_dev+0x14c/0x1f0
[    3.728633]  driver_attach+0x48/0x78
[    3.740249]  bus_add_driver+0x26c/0x5b8
[    3.752248]  driver_register+0x16c/0x398
[    3.757211]  __platform_driver_register+0xd8/0x128
[    3.770860]  virtio_mmio_init+0x1c/0x24
[    3.782671]  do_one_initcall+0xe0/0x398
[    3.791890]  kernel_init_freeable+0x594/0x660
[    3.798514]  kernel_init+0x18/0x190
[    3.810220]  ret_from_fork+0x10/0x18

To fix this, we can simply rip out the explicit cleanup that the devm
infrastructure will do for us when our probe function returns an error
code, or when our remove function returns.

We only need to ensure that we call put_device() if a call to
register_virtio_device() fails in the probe path.

Signed-off-by: Mark Rutland <>
Fixes: 7eb781b1bbb7136f ("virtio_mmio: add cleanup for virtio_mmio_probe")
Fixes: 25f32223bce5c580 ("virtio_mmio: add cleanup for virtio_mmio_remove")
Cc: Cornelia Huck <>
Cc: Michael S. Tsirkin <>
Cc: weiping zhang <>
Signed-off-by: Michael S. Tsirkin <>
Reviewed-by: Cornelia Huck <>
4 years agoarm64/sve: Report SVE to userspace via CPUID only if supported
Dave Martin [Thu, 14 Dec 2017 14:03:44 +0000 (14:03 +0000)]
arm64/sve: Report SVE to userspace via CPUID only if supported

Currently, the SVE field in ID_AA64PFR0_EL1 is visible
unconditionally to userspace via the CPU ID register emulation,
irrespective of the kernel config.  This means that if a kernel
configured with CONFIG_ARM64_SVE=n is run on SVE-capable hardware,
userspace will see SVE reported as present in the ID regs even
though the kernel forbids execution of SVE instructions.

This patch makes the exposure of the SVE field in ID_AA64PFR0_EL1
conditional on CONFIG_ARM64_SVE=y.

Since future architecture features are likely to encounter a
similar requirement, this patch adds a suitable helper macros for
use when declaring config-conditional ID register fields.

Fixes: 43994d824e84 ("arm64/sve: Detect SVE and activate runtime support")
Reviewed-by: Suzuki K Poulose <>
Reported-by: Mark Rutland <>
Signed-off-by: Dave Martin <>
Cc: Suzuki Poulose <>
Signed-off-by: Will Deacon <>
4 years agoarm64: fix CONFIG_DEBUG_WX address reporting
Mark Rutland [Wed, 13 Dec 2017 11:45:42 +0000 (11:45 +0000)]
arm64: fix CONFIG_DEBUG_WX address reporting

In ptdump_check_wx(), we pass walk_pgd() a start address of 0 (rather
than VA_START) for the init_mm. This means that any reported W&X
addresses are offset by VA_START, which is clearly wrong and can make
them appear like userspace addresses.

Fix this by telling the ptdump code that we're walking init_mm starting
at VA_START. We don't need to update the addr_markers, since these are
still valid bounds regardless.

Cc: <>
Fixes: 1404d6f13e47 ("arm64: dump: Add checking for writable and exectuable pages")
Signed-off-by: Mark Rutland <>
Cc: Kees Cook <>
Cc: Laura Abbott <>
Reported-by: Timur Tabi <>
Signed-off-by: Will Deacon <>
4 years agoovl: fix overlay: warning prefix
Amir Goldstein [Wed, 22 Nov 2017 18:27:34 +0000 (20:27 +0200)]
ovl: fix overlay: warning prefix

Conform two stray warning messages to the standard overlayfs: prefix.

Signed-off-by: Amir Goldstein <>
Signed-off-by: Miklos Szeredi <>
4 years agodrm/drm_lease: Prevent deadlock in case drm_lease_create() fails
Marius Vlad [Wed, 13 Dec 2017 18:10:48 +0000 (20:10 +0200)]
drm/drm_lease: Prevent deadlock in case drm_lease_create() fails

This case can been seen when creating the lease with the same objects passed.

[  605.515097] 2 locks held by testapp/3337:
[  605.519027]  #0:  (&dev->mode_config.idr_mutex){......}, at: [<ffff0000085f1664>] drm_mode_create_lease_ioctl+0x384/0x858
[  605.530045]  #1:  (&dev->mode_config.idr_mutex){......}, at: [<ffff0000085f11bc>] drm_lease_destroy+0x2c/0x110

Which was causing the process to hang:

[  605.398827] [<ffff0000080856cc>] __switch_to+0x94/0xa8
[  605.404030] [<ffff000008c05d00>] __schedule+0x1b0/0x698
[  605.409322] [<ffff000008c06224>] schedule+0x3c/0xa8
[  605.414260] [<ffff000008c06628>] schedule_preempt_disabled+0x20/0x38
[  605.420677] [<ffff000008c07370>] mutex_lock_nested+0x158/0x340
[  605.426572] [<ffff0000085f11bc>] drm_lease_destroy+0x2c/0x110
[  605.432389] [<ffff0000085cecf0>] drm_master_put+0xc0/0xc8
[  605.437845] [<ffff0000085f175c>] drm_mode_create_lease_ioctl+0x47c/0x858
[  605.444612] [<ffff0000085d4460>] drm_ioctl+0x198/0x448
[  605.449811] [<ffff000008201134>] do_vfs_ioctl+0xa4/0x748
[  605.455192] [<ffff000008201864>] SyS_ioctl+0x8c/0xa0
[  605.460216] [<ffff000008082f4c>] __sys_trace_return+0x0/0x4

drm_mode_create_lease_ioctl() calls drm_lease_create() which acquires a lock
on dev->mode_config.idr_mutex. In case of failure, drm_lease_create() calls
drm_master_put() which in turn tries to acquire the same lock when calling

v2: - Reverse the order at exit in case of fail, so that unlocking takes place
before dropping the reference.
    - Include detail information about deadlock (Daniel Vetter)

Signed-off-by: Marius Vlad <>
Signed-off-by: Daniel Vetter <>
4 years agoMerge tag 'xfs-4.15-fixes-5' of git://
Linus Torvalds [Thu, 14 Dec 2017 04:15:49 +0000 (20:15 -0800)]
Merge tag 'xfs-4.15-fixes-5' of git://git./fs/xfs/xfs-linux

Pull xfs fixes from Darrick Wong:
 "Here are a few more bug fixes & cleanups for 4.15-rc4:

   - clean up duplicate includes

   - remove ancient 'no-alloc' crap code that occasionally caused hard
     fs shutdowns due to lack of proper space reservations

   - fix regression in FIEMAP behavior when reporting xattr extents"

* tag 'xfs-4.15-fixes-5' of git://
  xfs: make iomap_begin functions trim iomaps consistently
  xfs: remove "no-allocation" reservations for file creations
  fs: xfs: remove duplicate includes

4 years agoMerge tag 'riscv-for-linus-4.15-rc4-riscv_fixes' of git://
Linus Torvalds [Thu, 14 Dec 2017 04:13:05 +0000 (20:13 -0800)]
Merge tag 'riscv-for-linus-4.15-rc4-riscv_fixes' of git://git./linux/kernel/git/palmer/linux

Pull RISC-V fixes from Palmer Dabbelt:
 "This contains three small fixes:

   - A fix to a typo in sys_riscv_flush_icache. This only effects error
     handling, but I think it's a small and obvious enough change that
     it's sane outside the merge window.

   - The addition of smp_mb__after_spinlock(), which was recently
     removed due to an incorrect comment. This is largly a comment
     change (as there's a big one now), and while it's necessary for
     complience with the RISC-V memory model the lack of this fence
     shouldn't manifest as a bug on current implementations.
     Nonetheless, it still seems saner to have the fence in 4.15.

   - The removal of some of the HVC_RISCV_SBI driver that snuck into the
     arch port. This is compile-time dead code in 4.15 (as the driver
     isn't in yet), and during the review process we found a better way
     to implement early printk on RISC-V. While this change doesn't do
     anything, it will make staging our HVC driver easier: without this
     change the HVC driver we hope to upstream won't build on 4.15
     (because the 4.15 arch code would reference a function that no
     longer exists).

  I don't think this is the last patch set we'll want for 4.15: I think
  I'll want to remove some of the first-level irqchip driver that snuck
  in as well, which will look a lot like the HVC patch here. This is
  pending some asm-generic cleanup I'm doing that I haven't quite gotten
  clean enough to send out yet, though, but hopefully it'll be ready by
  next week (and still OK for that late)"

 * tag 'riscv-for-linus-4.15-rc4-riscv_fixes' of git://
  RISC-V: Remove unused CONFIG_HVC_RISCV_SBI code
  RISC-V: Resurrect smp_mb__after_spinlock()
  RISC-V: Logical vs Bitwise typo

4 years agodrm: rework delayed connector cleanup in connector_iter
Daniel Vetter [Wed, 13 Dec 2017 12:49:36 +0000 (13:49 +0100)]
drm: rework delayed connector cleanup in connector_iter

PROBE_DEFER also uses system_wq to reprobe drivers, which means when
that again fails, and we try to flush the overall system_wq (to get
all the delayed connectore cleanup work_struct completed), we

Fix this by using just a single cleanup work, so that we can only
flush that one and don't block on anything else. That means a free
list plus locking, a standard pattern.

- Correctly free connectors only on last ref. Oops (Chris).
- use llist_head/node (Chris).

- Add init_llist_head (Chris).

Fixes: a703c55004e1 ("drm: safely free connectors from connector_iter")
Fixes: 613051dac40d ("drm: locking&new iterators for connector_list")
Cc: Ben Widawsky <>
Cc: Dave Airlie <>
Cc: Chris Wilson <>
Cc: Sean Paul <>
Cc: <> # v4.11+: 613051dac40d ("drm: locking&new iterators for connector_list"
Cc: <> # v4.11+
Cc: Daniel Vetter <>
Cc: Jani Nikula <>
Cc: Gustavo Padovan <>
Cc: David Airlie <>
Cc: Javier Martinez Canillas <>
Cc: Shuah Khan <>
Cc: Guillaume Tucker <>
Cc: Mark Brown <>
Cc: Kevin Hilman <>
Cc: Matt Hart <>
Cc: Thierry Escande <>
Cc: Tomeu Vizoso <>
Cc: Enric Balletbo i Serra <>
Tested-by: Marek Szyprowski <>
Reviewed-by: Chris Wilson <>
Signed-off-by: Daniel Vetter <>
4 years agodrm: Update edid-derived drm_display_info fields at edid property set [v2]
Keith Packard [Wed, 13 Dec 2017 08:44:26 +0000 (00:44 -0800)]
drm: Update edid-derived drm_display_info fields at edid property set [v2]

There are a set of values in the drm_display_info structure for each
connector which hold information derived from EDID. These are computed
in drm_add_display_info. Before this patch, that was only called in
drm_add_edid_modes. This meant that they were only set when EDID was
present and never reset when EDID was not, as happened when the
display was disconnected.

One of these fields, non_desktop, is used from
drm_mode_connector_update_edid_property, the function responsible for
assigning the new edid value to the application-visible property.

Various drivers call these two functions (drm_add_edid_modes and
drm_mode_connector_update_edid_property) in different orders. This
means that even when EDID is present, the drm_display_info fields may
not have been computed at the time that
drm_mode_connector_update_edid_property used the non_desktop value to
set the non_desktop property.

I've added a public function (drm_reset_display_info) that resets the
drm_display_info field values to default values and then made the
drm_add_display_info function public. These two functions are now
called directly from drm_mode_connector_update_edid_property so that
the drm_display_info fields are always computed from the current EDID
information before being used in that function.

This means that the drm_display_info values are often computed twice,
once when the EDID property it set and a second time when EDID is used
to compute modes for the device. The alternative would be to uniformly
ensure that the values were computed once before being used, which
would require that all drivers reliably invoke the two paths in the
same order. The computation is inexpensive enough that it seems more
maintainable in the long term to simply compute them in both paths.

The API to drm_add_display_info has been changed so that it no longer
takes the set of edid-based quirks as a parameter. Rather, it now
computes those quirks itself and returns them for further use by

This patch also includes a number of 'const' additions caused by
drm_mode_connector_update_edid_property taking a 'const struct edid *'
parameter and wanting to pass that along to drm_add_display_info.

v2: after review by Daniel Vetter <>

Removed EXPORT_SYMBOL_GPL for drm_reset_display_info and

Added FIXME in drm_mode_connector_update_edid_property about
potentially merging that with drm_add_edid_modes to avoid
the need for two driver calls.

Signed-off-by: Keith Packard <>
Reviewed-by: Daniel Vetter <>
(danvet: cherry picked from commit 12a889bf4bca ("drm: rework delayed
connector cleanup in connector_iter") from drm-misc-next since
functional conflict with changes in -next and we need to make sure
both have the right version and nothing gets lost.)
Signed-off-by: Daniel Vetter <>
4 years agotools/lib/lockdep: Add missing declaration of 'pr_cont()'
Mengting Zhang [Tue, 12 Dec 2017 18:16:57 +0000 (18:16 +0000)]
tools/lib/lockdep: Add missing declaration of 'pr_cont()'


  681fbec881de ("lockdep: Use consistent printing primitives")

has moved lockdep away from using printk() for printing.

The commit added usage of pr_cont() which wasn't wrapped in the
userspace headers, causing the following warning for the
liblockdep build:

../../../kernel/locking/lockdep.c:3544:2: warning: implicit declaration of function 'pr_cont' [-Wimplicit-function-declaration]

Adding an empty declaration of 'pr_cont' fixes the problem.

Signed-off-by: Mengting Zhang <>
Signed-off-by: Sasha Levin <>
Reviewed-by: Alexander Sverdlin <>
Cc: Linus Torvalds <>
Cc: Peter Zijlstra <>
Cc: Thomas Gleixner <>
Signed-off-by: Ingo Molnar <>
4 years agoarm64: fault: avoid send SIGBUS two times
Dongjiu Geng [Wed, 13 Dec 2017 10:36:47 +0000 (18:36 +0800)]
arm64: fault: avoid send SIGBUS two times

do_sea() calls arm64_notify_die() which will always signal
user-space. It also returns whether APEI claimed the external
abort as a RAS notification. If it returns failure do_mem_abort()
will signal user-space too.

do_mem_abort() wants to know if we handled the error, we always
call arm64_notify_die() so can always return success.

Signed-off-by: Dongjiu Geng <>
Reviewed-by: James Morse <>
Reviewed-by: Xie XiuQi <>
Signed-off-by: Will Deacon <>
4 years agoMerge tag 'platform-drivers-x86-v4.15-3' of git://
Linus Torvalds [Wed, 13 Dec 2017 01:19:58 +0000 (17:19 -0800)]
Merge tag 'platform-drivers-x86-v4.15-3' of git://

Pull x86 platform driver fixes from Darren Hart:

 - Correct an error in the evdev protocol in asus-wireless which results
   in dropped key events in recent versions of libinput

 - Add a quirk for keyboard lighting for a specific Dell laptop

 - Silence a static analysis warning regarding unchecked return values
   of small kmalloc() allocations in dell-wmi

* tag 'platform-drivers-x86-v4.15-3' of git://
  platform/x86: dell-wmi: check for kmalloc() errors
  platform/x86: asus-wireless: send an EV_SYN/SYN_REPORT between state changes
  platform/x86: dell-laptop: Fix keyboard max lighting for Dell Latitude E6410

4 years agoPCI: rcar: Fix use-after-free in probe error path
Geert Uytterhoeven [Thu, 7 Dec 2017 10:15:19 +0000 (11:15 +0100)]
PCI: rcar: Fix use-after-free in probe error path

If CONFIG_DEBUG_SLAB=y, and no PCIe card is inserted, the kernel crashes
during probe on r8a7791/koelsch:

  rcar-pcie fe000000.pcie: PCIe link down
  Unable to handle kernel paging request at virtual address 6b6b6b6b

(seeing this message requires earlycon and keep_bootcon).

Indeed, pci_free_host_bridge() frees the PCI host bridge, including the
embedded rcar_pcie object, so pci_free_resource_list() must not be called

To fix this, move the call to pci_free_resource_list() up, and update the
label name accordingly.

Fixes: ddd535f1ea3eb27e ("PCI: rcar: Fix memory leak when no PCIe card is inserted")
Signed-off-by: Geert Uytterhoeven <>
Signed-off-by: Bjorn Helgaas <>
Acked-by: Simon Horman <>
Acked-by: Lorenzo Pieralisi <>
4 years agoxen: XEN_ACPI_PROCESSOR is Dom0-only
Jan Beulich [Tue, 12 Dec 2017 10:18:11 +0000 (03:18 -0700)]
xen: XEN_ACPI_PROCESSOR is Dom0-only

Add a respective dependency.

Signed-off-by: Jan Beulich <>
Reviewed-by: Juergen Gross <>
Signed-off-by: Boris Ostrovsky <>
4 years agox86/Xen: don't report ancient LAPIC version
Jan Beulich [Fri, 8 Dec 2017 11:17:28 +0000 (04:17 -0700)]
x86/Xen: don't report ancient LAPIC version

Unconditionally reporting a value seen on the P4 or older invokes
functionality like io_apic_get_unique_id() on 32-bit builds, resulting
in a panic() with sufficiently many CPUs and/or IO-APICs. Doing what
that function does would be the hypervisor's responsibility anyway, so
makes no sense to be used when running on Xen. Uniformly report a more
modern version; this shouldn't matter much as both LAPIC and IO-APIC are
being managed entirely / mostly by the hypervisor.

Signed-off-by: Jan Beulich <>
Reviewed-by: Juergen Gross <>
Signed-off-by: Boris Ostrovsky <>
4 years agocheckpatch: Remove ACCESS_ONCE() warning
Mark Rutland [Mon, 27 Nov 2017 10:38:24 +0000 (10:38 +0000)]
checkpatch: Remove ACCESS_ONCE() warning

Now that ACCESS_ONCE() has been excised from the kernel, any uses will
result in a build error, and we no longer need to whine about it in

This patch removes the newly redundant warning.

Tested-by: Paul E. McKenney <>
Signed-off-by: Mark Rutland <>
Acked-by: Joe Perches <>
Cc: Andy Whitcroft <>
Cc: Linus Torvalds <>
Cc: Peter Zijlstra <>
Cc: Thomas Gleixner <>
Signed-off-by: Ingo Molnar <>
4 years agocompiler.h: Remove ACCESS_ONCE()
Mark Rutland [Mon, 27 Nov 2017 10:38:23 +0000 (10:38 +0000)]
compiler.h: Remove ACCESS_ONCE()

There are no longer any kernelspace uses of ACCESS_ONCE(), so we can
remove the definition from <linux/compiler.h>.

This patch removes the ACCESS_ONCE() definition, and updates comments
which referred to it. At the same time, some inconsistent and redundant
whitespace is removed from comments.

Tested-by: Paul E. McKenney <>
Signed-off-by: Mark Rutland <>
Cc: Arnaldo Carvalho de Melo <>
Cc: Joe Perches <>
Cc: Linus Torvalds <>
Cc: Peter Zijlstra <>
Cc: Thomas Gleixner <>
Signed-off-by: Ingo Molnar <>
4 years agotools/include: Remove ACCESS_ONCE()
Mark Rutland [Mon, 27 Nov 2017 10:38:22 +0000 (10:38 +0000)]
tools/include: Remove ACCESS_ONCE()

There are no longer any usersapce uses of ACCESS_ONCE(), so we can
remove the definition from our userspace <linux/compiler.h>, which is
only used by tools in the kernel directory (i.e. it isn't a uapi

This patch removes the ACCESS_ONCE() definition, and updates comments
which referred to it. At the same time, some inconsistent and redundant
whitespace is removed from comments.

Tested-by: Paul E. McKenney <>
Signed-off-by: Mark Rutland <>
Cc: Arnaldo Carvalho de Melo <>
Cc: Joe Perches <>
Cc: Linus Torvalds <>
Cc: Peter Zijlstra <>
Cc: Thomas Gleixner <>
Signed-off-by: Ingo Molnar <>
4 years agotools/perf: Convert ACCESS_ONCE() to READ_ONCE()
Mark Rutland [Mon, 27 Nov 2017 10:38:21 +0000 (10:38 +0000)]
tools/perf: Convert ACCESS_ONCE() to READ_ONCE()

Recently there was a treewide conversion of ACCESS_ONCE() to
{READ,WRITE}_ONCE(), but a new use was introduced concurrently by

  1695849735752d2a ("perf mmap: Move perf_mmap and methods to separate mmap.[ch] files")

Let's convert this over to READ_ONCE() so that we can remove the
ACCESS_ONCE() definitions in subsequent patches.

Tested-by: Paul E. McKenney <>
Signed-off-by: Mark Rutland <>
Reviewed-by: Paul E. McKenney <>
Cc: Arnaldo Carvalho de Melo <>
Cc: Joe Perches <>
Cc: Linus Torvalds <>
Cc: Peter Zijlstra <>
Cc: Thomas Gleixner <>
Signed-off-by: Ingo Molnar <>
4 years agoarm64: hw_breakpoint: Use linux/uaccess.h instead of asm/uaccess.h
Will Deacon [Tue, 12 Dec 2017 11:53:26 +0000 (11:53 +0000)]
arm64: hw_breakpoint: Use linux/uaccess.h instead of asm/uaccess.h

The only inclusion of asm/uaccess.h should be by linux/uaccess.h. All
other headers should use the latter.

Reported-by: Al Viro <>
Signed-off-by: Will Deacon <>
4 years agoarm64: Add software workaround for Falkor erratum 1041
Shanker Donthineni [Mon, 11 Dec 2017 22:42:32 +0000 (16:42 -0600)]
arm64: Add software workaround for Falkor erratum 1041

The ARM architecture defines the memory locations that are permitted
to be accessed as the result of a speculative instruction fetch from
an exception level for which all stages of translation are disabled.
Specifically, the core is permitted to speculatively fetch from the
4KB region containing the current program counter 4K and next 4K.

When translation is changed from enabled to disabled for the running
exception level (SCTLR_ELn[M] changed from a value of 1 to 0), the
Falkor core may errantly speculatively access memory locations outside
of the 4KB region permitted by the architecture. The errant memory
access may lead to one of the following unexpected behaviors.

1) A System Error Interrupt (SEI) being raised by the Falkor core due
   to the errant memory access attempting to access a region of memory
   that is protected by a slave-side memory protection unit.
2) Unpredictable device behavior due to a speculative read from device
   memory. This behavior may only occur if the instruction cache is
   disabled prior to or coincident with translation being changed from
   enabled to disabled.

The conditions leading to this erratum will not occur when either of the
following occur:
 1) A higher exception level disables translation of a lower exception level
   (e.g. EL2 changing SCTLR_EL1[M] from a value of 1 to 0).
 2) An exception level disabling its stage-1 translation if its stage-2
    translation is enabled (e.g. EL1 changing SCTLR_EL1[M] from a value of 1
    to 0 when HCR_EL2[VM] has a value of 1).

To avoid the errant behavior, software must execute an ISB immediately
prior to executing the MSR that will change SCTLR_ELn[M] from 1 to 0.

Signed-off-by: Shanker Donthineni <>
Signed-off-by: Will Deacon <>
4 years agoarm64: Define cputype macros for Falkor CPU
Shanker Donthineni [Mon, 11 Dec 2017 22:42:31 +0000 (16:42 -0600)]
arm64: Define cputype macros for Falkor CPU

Add cputype definition macros for Qualcomm Datacenter Technologies
Falkor CPU in cputype.h. It's unfortunate that the first revision
of the Falkor CPU used the wrong part number 0x800, got fixed in v2
chip with part number 0xC00, and would be used the same value for
future revisions.

Signed-off-by: Shanker Donthineni <>
Signed-off-by: Will Deacon <>
4 years agoarm64: mm: Fix false positives in set_pte_at access/dirty race detection
Will Deacon [Tue, 12 Dec 2017 10:48:54 +0000 (10:48 +0000)]
arm64: mm: Fix false positives in set_pte_at access/dirty race detection

Jiankang reports that our race detection in set_pte_at is firing when
copying the page tables in dup_mmap as a result of a fork(). In this
situation, the page table isn't actually live and so there is no way
that we can race with a concurrent update from the hardware page table

This patch reworks the race detection so that we require either the
mm to match the current active_mm (i.e. currently installed in our TTBR0)
or the mm_users count to be greater than 1, implying that the page table
could be live in another CPU. The mm_users check might still be racy,
but we'll avoid false positives and it's not realistic to validate that
all the necessary locks are held as part of this assertion.

Cc: Yisheng Xie <>
Reported-by: Jiankang Chen <>
Tested-by: Jiankang Chen <>
Signed-off-by: Will Deacon <>
4 years agolocking/lockdep: Remove the cross-release locking checks
Ingo Molnar [Tue, 12 Dec 2017 11:31:16 +0000 (12:31 +0100)]
locking/lockdep: Remove the cross-release locking checks

while it found a number of old bugs initially, was also causing too many
false positives that caused people to disable lockdep - which is arguably
a worse overall outcome.

If we disable cross-release by default but keep the code upstream then
in practice the most likely outcome is that we'll allow the situation
to degrade gradually, by allowing entropy to introduce more and more
false positives, until it overwhelms maintenance capacity.

Another bad side effect was that people were trying to work around
the false positives by uglifying/complicating unrelated code. There's
a marked difference between annotating locking operations and
uglifying good code just due to bad lock debugging code ...

This gradual decrease in quality happened to a number of debugging
facilities in the kernel, and lockdep is pretty complex already,
so we cannot risk this outcome.

Either cross-release checking can be done right with no false positives,
or it should not be included in the upstream kernel.

( Note that it might make sense to maintain it out of tree and go through
  the false positives every now and then and see whether new bugs were
  introduced. )

Cc: Byungchul Park <>
Cc: Linus Torvalds <>
Cc: Peter Zijlstra <>
Cc: Thomas Gleixner <>
Signed-off-by: Ingo Molnar <>
4 years agolocking/core: Remove break_lock field when CONFIG_GENERIC_LOCKBREAK=y
Will Deacon [Tue, 28 Nov 2017 18:42:19 +0000 (18:42 +0000)]
locking/core: Remove break_lock field when CONFIG_GENERIC_LOCKBREAK=y

When CONFIG_GENERIC_LOCKBEAK=y, locking structures grow an extra int ->break_lock
field which is used to implement raw_spin_is_contended() by setting the field
to 1 when waiting on a lock and clearing it to zero when holding a lock.
However, there are a few problems with this approach:

  - There is a write-write race between a CPU successfully taking the lock
    (and subsequently writing break_lock = 0) and a waiter waiting on
    the lock (and subsequently writing break_lock = 1). This could result
    in a contended lock being reported as uncontended and vice-versa.

  - On machines with store buffers, nothing guarantees that the writes
    to break_lock are visible to other CPUs at any particular time.

  - READ_ONCE/WRITE_ONCE are not used, so the field is potentially
    susceptible to harmful compiler optimisations,

Consequently, the usefulness of this field is unclear and we'd be better off
removing it and allowing architectures to implement raw_spin_is_contended() by
providing a definition of arch_spin_is_contended(), as they can when

Signed-off-by: Will Deacon <>
Acked-by: Peter Zijlstra <>
Cc: Heiko Carstens <>
Cc: Linus Torvalds <>
Cc: Martin Schwidefsky <>
Cc: Sebastian Ott <>
Cc: Thomas Gleixner <>
Signed-off-by: Ingo Molnar <>
4 years agolocking/core: Fix deadlock during boot on systems with GENERIC_LOCKBREAK
Will Deacon [Tue, 28 Nov 2017 18:42:18 +0000 (18:42 +0000)]
locking/core: Fix deadlock during boot on systems with GENERIC_LOCKBREAK


  a8a217c22116 ("locking/core: Remove {read,spin,write}_can_lock()")

removed the definition of raw_spin_can_lock(), causing the GENERIC_LOCKBREAK
spin_lock() routines to poll the ->break_lock field when waiting on a lock.

This has been reported to cause a deadlock during boot on s390, because
the ->break_lock field is also set by the waiters, and can potentially
remain set indefinitely if no other CPUs come in to take the lock after
it has been released.

This patch removes the explicit spinning on ->break_lock from the waiters,
instead relying on the outer trylock() operation to determine when the
lock is available.

Reported-by: Sebastian Ott <>
Tested-by: Sebastian Ott <>
Signed-off-by: Will Deacon <>
Acked-by: Peter Zijlstra <>
Cc: Heiko Carstens <>
Cc: Linus Torvalds <>
Cc: Martin Schwidefsky <>
Cc: Thomas Gleixner <>
Fixes: a8a217c22116 ("locking/core: Remove {read,spin,write}_can_lock()")
Signed-off-by: Ingo Molnar <>
4 years agoscsi: core: Fix a scsi_show_rq() NULL pointer dereference
Bart Van Assche [Wed, 6 Dec 2017 00:57:51 +0000 (16:57 -0800)]
scsi: core: Fix a scsi_show_rq() NULL pointer dereference

Avoid that scsi_show_rq() triggers a NULL pointer dereference if called
after sd_uninit_command(). Swap the NULL pointer assignment and the
mempool_free() call in sd_uninit_command() to make it less likely that
scsi_show_rq() triggers a use-after-free. Note: even with these changes
scsi_show_rq() can trigger a use-after-free but that's a lesser evil
than e.g. suppressing debug information for T10 PI Type 2 commands
completely. This patch fixes the following oops:

BUG: unable to handle kernel NULL pointer dereference at (null)
IP: scsi_format_opcode_name+0x1a/0x1c0
CPU: 1 PID: 1881 Comm: cat Not tainted 4.14.0-rc2.blk_mq_io_hang+ #516
Call Trace:

[mkp: added Type 2]

Fixes: 0eebd005dd07 ("scsi: Implement blk_mq_ops.show_rq()")
Reported-by: Ming Lei <>
Signed-off-by: Bart Van Assche <>
Cc: James E.J. Bottomley <>
Cc: Martin K. Petersen <>
Cc: Ming Lei <>
Cc: Christoph Hellwig <>
Cc: Hannes Reinecke <>
Cc: Johannes Thumshirn <>
Signed-off-by: Martin K. Petersen <>
4 years agoscsi: MAINTAINERS: change FCoE list to linux-scsi
Johannes Thumshirn [Mon, 11 Dec 2017 09:09:30 +0000 (10:09 +0100)]
scsi: MAINTAINERS: change FCoE list to linux-scsi is defunct and all patches are routed via the
SCSI tree anyways.

So update MAINTAINERS accordingly.

Signed-off-by: Johannes Thumshirn <>
Reviewed-by: Bart Van Assche <>
Signed-off-by: Martin K. Petersen <>
4 years agoscsi: libsas: fix length error in sas_smp_handler()
Jason Yan [Mon, 11 Dec 2017 07:03:33 +0000 (15:03 +0800)]
scsi: libsas: fix length error in sas_smp_handler()

The return value of smp_execute_task_sg() is the untransferred residual,
but bsg_job_done() requires the length of payload received. This makes
SMP passthrough commands from userland by sg ioctl to libsas get a wrong
response. The userland tools such as smp_utils failed because of these
wrong responses:

~#smp_discover /dev/bsg/expander-2\:13
response too short, len=0
~#smp_discover /dev/bsg/expander-2\:134
response too short, len=0

Fix this by passing the actual received length to bsg_job_done(). And if
smp_execute_task_sg() returns 0, this means received length is exactly
the buffer length.

[mkp: typo]

Fixes: 651a01364994 ("scsi: scsi_transport_sas: switch to bsg-lib for SMP passthrough")
Cc: <> # v4.14+
Signed-off-by: Jason Yan <>
Reported-by: chenqilin <>
Tested-by: chenqilin <>
CC: Christoph Hellwig <>
Signed-off-by: Martin K. Petersen <>
4 years agoplatform/x86: dell-wmi: check for kmalloc() errors
Dan Carpenter [Mon, 11 Dec 2017 10:54:27 +0000 (13:54 +0300)]
platform/x86: dell-wmi: check for kmalloc() errors

This allocation won't fail in the current kernel because it's small but
not checking for kmalloc() failures introduces static checker warnings
so let's fix it.

Signed-off-by: Dan Carpenter <>
Reviewed-by: Mario Limonciello <>
Signed-off-by: Darren Hart (VMware) <>
4 years agoplatform/x86: asus-wireless: send an EV_SYN/SYN_REPORT between state changes
Peter Hutterer [Mon, 4 Dec 2017 00:26:17 +0000 (10:26 +1000)]
platform/x86: asus-wireless: send an EV_SYN/SYN_REPORT between state changes

Sending the switch state change twice within the same frame is invalid
evdev protocol and only works if the client handles keys immediately as
well. Processing events immediately is incorrect, it forces a fake
order of events that does not exist on the device.

Recent versions of libinput changed to only process the device state and
SYN_REPORT time, so now the key event is lost.

Signed-off-by: Peter Hutterer <>
Signed-off-by: Darren Hart (VMware) <>
4 years agoplatform/x86: dell-laptop: Fix keyboard max lighting for Dell Latitude E6410
Pali Rohár [Thu, 2 Nov 2017 20:25:24 +0000 (21:25 +0100)]
platform/x86: dell-laptop: Fix keyboard max lighting for Dell Latitude E6410

This machine reports number of keyboard backlight led levels, instead of
value of the last led level index. Therefore max_brightness properly needs
to be subtracted by 1 to match led max_brightness API.

Signed-off-by: Pali Rohár <>
Reported-by: Gabriel M. Elder <>
Signed-off-by: Darren Hart (VMware) <>
4 years agoMerge branch 'for-4.15-fixes' of git://
Linus Torvalds [Tue, 12 Dec 2017 01:13:03 +0000 (17:13 -0800)]
Merge branch 'for-4.15-fixes' of git://git./linux/kernel/git/tj/percpu

Pull percpu fix from Tejun Heo:
 "Just one patch to work around CRIS boot problem caused by a recent
  change which freed a temporary boot data structure. The root cause is
  on CRIS side but it doesn't seem trivial to fix. For now, work around
  by skipping freeing on CRIS"

* 'for-4.15-fixes' of git://
  percpu: hack to let the CRIS architecture to boot until they clean up

4 years agoMerge branch 'for-4.15-fixes' of git://
Linus Torvalds [Tue, 12 Dec 2017 01:10:05 +0000 (17:10 -0800)]
Merge branch 'for-4.15-fixes' of git://git./linux/kernel/git/tj/cgroup

Pull cgroup fixes from Tejun Heo:

 - Prateek posted a couple patches to fix a deadlock involving cpuset
   and workqueue. It unfortunately caused a different deadlock and the
   recent workqueue hotplug simplification removed the original
   deadlock, so Prateek's two patches are reverted for now.

 - The new stat code was missing u64_stats initialization. Fixed.

 - Doc and other misc changes

* 'for-4.15-fixes' of git://
  cgroup: add warning about RT not being supported on cgroup2
  Revert "cgroup/cpuset: remove circular dependency deadlock"
  Revert "cpuset: Make cpuset hotplug synchronous"
  cgroup: properly init u64_stats
  debug cgroup: use task_css_set instead of rcu_dereference
  cpuset: Make cpuset hotplug synchronous
  cgroup/cpuset: remove circular dependency deadlock

4 years agoMerge branch 'for-4.15-fixes' of git://
Linus Torvalds [Tue, 12 Dec 2017 01:07:26 +0000 (17:07 -0800)]
Merge branch 'for-4.15-fixes' of git://git./linux/kernel/git/tj/wq

Pull workqueue fixes from Tejun Heo:

 - Lai's hotplug simplifications inadvertently fix a possible deadlock
   involving cpuset and workqueue

 - CPU isolation fix which was reverted due to the changes in the
   housekeeping code resurrected

 - A trivial unused include removal

* 'for-4.15-fixes' of git://
  workqueue: remove unneeded kallsyms include
  workqueue/hotplug: remove the workaround in rebind_workers()
  workqueue/hotplug: simplify workqueue_offline_cpu()
  workqueue: respect isolated cpus when queueing an unbound work
  main: kernel_start: move housekeeping_init() before workqueue_init_early()

4 years agoMerge branch 'for-4.15-fixes' of git://
Linus Torvalds [Tue, 12 Dec 2017 01:05:33 +0000 (17:05 -0800)]
Merge branch 'for-4.15-fixes' of git://git./linux/kernel/git/tj/libata

Pull libata fixes from Tejun Heo:
 "Nothing too interesting. David Milburn improved a corner case
  misbehavior during hotplug. Other than that, minor driver-specific

* 'for-4.15-fixes' of git://
  libata: sata_down_spd_limit should return if driver has not recorded sstatus speed
  ahci: mtk: Change driver name to ahci-mtk
  ahci: qoriq: refine port register configuration
  pata_pdc2027x : make pdc2027x_*_timing structures const
  pata_pdc2027x: Remove unnecessary error check
  ata: mediatek: Fix typo in module description

4 years agoMerge tag 'for-linus-4.15-2' of git://
Linus Torvalds [Tue, 12 Dec 2017 01:01:59 +0000 (17:01 -0800)]
Merge tag 'for-linus-4.15-2' of git://

Pull IPMI fixes from Corey Minyard.

* tag 'for-linus-4.15-2' of git://
  ipmi_si: fix crash on parisc
  ipmi_si: Fix oops with PCI devices
  ipmi: Stop timers before cleaning up the module

4 years agoMerge branch 'linus' of git://
Linus Torvalds [Tue, 12 Dec 2017 00:32:45 +0000 (16:32 -0800)]
Merge branch 'linus' of git://git./linux/kernel/git/herbert/crypto-2.6

Pull crypto fixes from Herbert Xu:
 "This push fixes the following issues:

   - buffer overread in RSA

   - potential use after free in algif_aead.

   - error path null pointer dereference in af_alg

   - forbid combinations such as hmac(hmac(sha3)) which may crash

   - crash in salsa20 due to incorrect API usage"

* 'linus' of git://
  crypto: salsa20 - fix blkcipher_walk API usage
  crypto: hmac - require that the underlying hash algorithm is unkeyed
  crypto: af_alg - fix NULL pointer dereference in
  crypto: algif_aead - fix reference counting of null skcipher
  crypto: rsa - fix buffer overread when stripping leading zeroes

4 years agox86/unwinder/guess: Prevent using CONFIG_UNWINDER_GUESS=y with CONFIG_STACKDEPOT=y
Andrey Ryabinin [Thu, 30 Nov 2017 12:35:54 +0000 (15:35 +0300)]
x86/unwinder/guess: Prevent using CONFIG_UNWINDER_GUESS=y with CONFIG_STACKDEPOT=y

Stackdepot doesn't work well with CONFIG_UNWINDER_GUESS=y.
The 'guess' unwinder generate awfully large and inaccurate stacktraces,
thus stackdepot can't deduplicate stacktraces because they all look like
unique. Eventually stackdepot reaches its capacity limit:

  WARNING: CPU: 0 PID: 545 at lib/stackdepot.c:119 depot_save_stack+0x28e/0x550
  Call Trace:
   ? kasan_kmalloc+0x144/0x160
   ? depot_save_stack+0x1f5/0x550
   ? do_raw_spin_unlock+0xda/0xf0
   ? preempt_count_sub+0x13/0xc0

  <...90 lines...>

   ? do_raw_spin_unlock+0xda/0xf0

Add a STACKDEPOT=n dependency to UNWINDER_GUESS to avoid the problem.

Reported-by: kernel test robot <>
Reported-by: Fengguang Wu <>
Signed-off-by: Andrey Ryabinin <>
Acked-by: Dmitry Vyukov <>
Acked-by: Josh Poimboeuf <>
Cc: Alexander Potapenko <>
Cc: Linus Torvalds <>
Cc: Peter Zijlstra <>
Cc: Thomas Gleixner <>
Signed-off-by: Ingo Molnar <>
4 years agox86/build: Don't verify mtools configuration file for isoimage
Changbin Du [Thu, 30 Nov 2017 14:51:20 +0000 (22:51 +0800)]
x86/build: Don't verify mtools configuration file for isoimage

If mtools.conf is not generated before, 'make isoimage' could complain:

  Kernel: arch/x86/boot/bzImage is ready  (#597)
    GENIMAGE arch/x86/boot/image.iso
   *** Missing file: arch/x86/boot/mtools.conf
  arch/x86/boot/Makefile:144: recipe for target 'isoimage' failed

mtools.conf is not used for isoimage generation, so do not check it.

Signed-off-by: Changbin Du <>
Cc: Linus Torvalds <>
Cc: Peter Zijlstra <>
Cc: Thomas Gleixner <>
Fixes: 4366d57af1 ("x86/build: Factor out fdimage/isoimage generation commands to standalone script")
Signed-off-by: Ingo Molnar <>
4 years agoarm64: mm: Fix pte_mkclean, pte_mkdirty semantics
Steve Capper [Fri, 1 Dec 2017 17:22:14 +0000 (17:22 +0000)]
arm64: mm: Fix pte_mkclean, pte_mkdirty semantics

On systems with hardware dirty bit management, the ltp madvise09 unit
test fails due to dirty bit information being lost and pages being
incorrectly freed.

This was bisected to:
arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect()

Reverting this commit leads to a separate problem, that the unit test
retains pages that should have been dropped due to the function
madvise_free_pte_range(.) not cleaning pte's properly.

Currently pte_mkclean only clears the software dirty bit, thus the
following code sequence can appear:

pte = pte_mkclean(pte);
if (pte_dirty(pte))
// this condition can return true with HW DBM!

This patch also adjusts pte_mkclean to set PTE_RDONLY thus effectively
clearing both the SW and HW dirty information.

In order for this to function on systems without HW DBM, we need to
also adjust pte_mkdirty to remove the read only bit from writable pte's
to avoid infinite fault loops.

Cc: <>
Fixes: 64c26841b349 ("arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect()")
Reported-by: Bhupinder Thakur <>
Tested-by: Bhupinder Thakur <>
Reviewed-by: Catalin Marinas <>
Signed-off-by: Steve Capper <>
Signed-off-by: Will Deacon <>
4 years agoarm64: Initialise high_memory global variable earlier
Steve Capper [Mon, 4 Dec 2017 14:13:05 +0000 (14:13 +0000)]
arm64: Initialise high_memory global variable earlier

The high_memory global variable is used by
cma_declare_contiguous(.) before it is defined.

We don't notice this as we compute __pa(high_memory - 1), and it looks
like we're processing a VA from the direct linear map.

This problem becomes apparent when we flip the kernel virtual address
space and the linear map is moved to the bottom of the kernel VA space.

This patch moves the initialisation of high_memory before it used.

Cc: <>
Fixes: f7426b983a6a ("mm: cma: adjust address limit to avoid hitting low/high memory boundary")
Signed-off-by: Steve Capper <>
Signed-off-by: Will Deacon <>
4 years agoRISC-V: Remove unused CONFIG_HVC_RISCV_SBI code
Palmer Dabbelt [Fri, 8 Dec 2017 19:23:23 +0000 (11:23 -0800)]
RISC-V: Remove unused CONFIG_HVC_RISCV_SBI code

This is code that probably should never have made it into the kernel in
the first place: it depends on a driver that hadn't been reviewed yet.
During the HVC_SBI_RISCV review process a better way of doing this was
suggested, but that means this code is defunct.  It's compile-time
disabled in 4.15 because the driver isn't in, so I think it's safe to
just remove this for now.

CC: Greg KH <>
Signed-off-by: Palmer Dabbelt <>
4 years agoRISC-V: Resurrect smp_mb__after_spinlock()
Palmer Dabbelt [Wed, 6 Dec 2017 01:48:11 +0000 (17:48 -0800)]
RISC-V: Resurrect smp_mb__after_spinlock()

I removed this last week because of an incorrect comment:
smp_mb__after_spinlock() is actually still used, and is necessary on
RISC-V.  It's been resurrected, with a comment that describes what it
actually does this time.  Thanks to Andrea for finding the bug!

Fixes: 3343eb6806f3 ("RISC-V: Remove smb_mb__{before,after}_spinlock()")
CC: Andrea Parri <>
Signed-off-by: Palmer Dabbelt <>
4 years agoRISC-V: Logical vs Bitwise typo
Dan Carpenter [Sat, 9 Dec 2017 11:49:14 +0000 (14:49 +0300)]
RISC-V: Logical vs Bitwise typo

In the current code, there is a ! logical NOT where a bitwise ~ NOT was
intended.  It means that we never return -EINVAL.

Signed-off-by: Dan Carpenter <>
Signed-off-by: Palmer Dabbelt <>
4 years agoworkqueue: remove unneeded kallsyms include
Sergey Senozhatsky [Fri, 8 Dec 2017 02:56:14 +0000 (11:56 +0900)]
workqueue: remove unneeded kallsyms include

The filw was converted from print_symbol() to %pf some time
ago (044c782ce3a901fb "workqueue: fix checkpatch issues").
kallsyms does not seem to be needed anymore.

Signed-off-by: Sergey Senozhatsky <>
Cc: Tejun Heo <>
Cc: Lai Jiangshan <>
Signed-off-by: Tejun Heo <>
4 years agosched/core: Fix kernel-doc warnings after code movement
Randy Dunlap [Sun, 3 Dec 2017 21:19:00 +0000 (13:19 -0800)]
sched/core: Fix kernel-doc warnings after code movement

Fix the following kernel-doc warnings after code restructuring:

  ../kernel/sched/core.c:5113: warning: No description found for parameter 't'
  ../kernel/sched/core.c:5113: warning: Excess function parameter 'interval' description in 'sched_rr_get_interval'

get rid of set_fs()")

Signed-off-by: Randy Dunlap <>
Cc: Al Viro <>
Cc: Linus Torvalds <>
Cc: Peter Zijlstra <>
Cc: Thomas Gleixner <>
Fixes: abca5fc535a3e ("sched_rr_get_interval(): move compat to native,
Signed-off-by: Ingo Molnar <>
4 years agox86/mm/kmmio: Fix mmiotrace for page unaligned addresses
Karol Herbst [Mon, 27 Nov 2017 07:51:39 +0000 (08:51 +0100)]
x86/mm/kmmio: Fix mmiotrace for page unaligned addresses

If something calls ioremap() with an address not aligned to PAGE_SIZE, the
returned address might be not aligned as well. This led to a probe
registered on exactly the returned address, but the entire page was armed
for mmiotracing.

On calling iounmap() the address passed to unregister_kmmio_probe() was
PAGE_SIZE aligned by the caller leading to a complete freeze of the

We should always page align addresses while (un)registerung mappings,
because the mmiotracer works on top of pages, not mappings. We still keep
track of the probes based on their real addresses and lengths though,
because the mmiotrace still needs to know what are mapped memory regions.

Also move the call to mmiotrace_iounmap() prior page aligning the address,
so that all probes are unregistered properly, otherwise the kernel ends up
failing memory allocations randomly after disabling the mmiotracer.

Tested-by: Lyude <>
Signed-off-by: Karol Herbst <>
Acked-by: Pekka Paalanen <>
Cc: Linus Torvalds <>
Cc: Peter Zijlstra <>
Cc: Steven Rostedt <>
Cc: Thomas Gleixner <>
Signed-off-by: Ingo Molnar <>
4 years agomm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
Dave Young [Sat, 9 Dec 2017 04:16:10 +0000 (12:16 +0800)]
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep

earlyprintk=efi,keep does not work any more with a warning
in mm/early_ioremap.c: WARN_ON(system_state != SYSTEM_BOOTING):
Boot just hangs because of the earlyprintk within the earlyprintk
implementation code itself.

This is caused by a new introduced middle state in:

  69a78ff226fe ("init: Introduce SYSTEM_SCHEDULING state")

early_ioremap() is fine in both SYSTEM_BOOTING and SYSTEM_SCHEDULING
states, original condition should be updated accordingly.

Signed-off-by: Dave Young <>
Acked-by: Thomas Gleixner <>
Cc: Linus Torvalds <>
Cc: Peter Zijlstra <>
Signed-off-by: Ingo Molnar <>
4 years agoipmi_si: fix crash on parisc
Mikulas Patocka [Wed, 6 Dec 2017 09:25:44 +0000 (04:25 -0500)]
ipmi_si: fix crash on parisc

This patch fixes ipmi crash on parisc introduced in the kernel 4.15-rc.
The pointer io.io_setup is not initialized and thus it causes crash in
try_smi_init when attempting to call new_smi->io.io_setup.

Signed-off-by: Mikulas Patocka <>
Signed-off-by: Corey Minyard <>
4 years agoipmi_si: Fix oops with PCI devices
Corey Minyard [Thu, 30 Nov 2017 17:06:15 +0000 (11:06 -0600)]
ipmi_si: Fix oops with PCI devices

When the IPMI PCI code was split out, some code was consolidated for
setting the io_setup field in the io structure.  The PCI code needed
this set before registration to probe register spacing, though, so
restore the old code for that function.

Signed-off-by: Corey Minyard <>
Tested-by: Meelis Roos <>
4 years agoPM / sleep: Avoid excess pm_runtime_enable() calls in device_resume()
Rafael J. Wysocki [Thu, 7 Dec 2017 01:41:18 +0000 (02:41 +0100)]
PM / sleep: Avoid excess pm_runtime_enable() calls in device_resume()

Middle-layer code doing suspend-time optimizations for devices with
the DPM_FLAG_SMART_SUSPEND flag set (currently, the PCI bus type and
the ACPI PM domain) needs to make the core skip ->thaw_early and
->thaw callbacks for those devices in some cases and it sets the
power.direct_complete flag for them for this purpose.

However, it turns out that setting power.direct_complete outside of
the PM core is a bad idea as it triggers an excess invocation of
pm_runtime_enable() in device_resume().

For this reason, provide a helper to clear power.is_late_suspended
and power.is_suspended to be invoked by the middle-layer code in
question instead of setting power.direct_complete and make that code
call the new helper.

Fixes: c4b65157aeef (PCI / PM: Take SMART_SUSPEND driver flag into account)
Fixes: 05087360fd7a (ACPI / PM: Take SMART_SUSPEND driver flag into account)
Signed-off-by: Rafael J. Wysocki <>
Reviewed-by: Ulf Hansson <>
Acked-by: Bjorn Helgaas <>
4 years agommc: core: apply NO_CMD23 quirk to some specific cards
Christoph Fritz [Sat, 9 Dec 2017 22:47:55 +0000 (23:47 +0100)]
mmc: core: apply NO_CMD23 quirk to some specific cards

To get an usdhc Apacer and some ATP SD cards work reliable, CMD23 needs
to be disabled.  This has been tested on i.MX6 (sdhci-esdhc) and rk3288

Without this patch on i.MX6 (sdhci-esdhc):

 $ dd if=/dev/urandom of=/mnt/test bs=1M count=10 conv=fsync

    | <mmc0: starting CMD23 arg 00000400 flags 00000015>
    | mmc0: starting CMD25 arg 00a71f00 flags 000000b5
    | mmc0:     blksz 512 blocks 1024 flags 00000100 tsac 3000 ms nsac 0
    | mmc0:     CMD12 arg 00000000 flags 0000049d
    | sdhci [sdhci_irq()]: *** mmc0 got interrupt: 0x00000001
    | mmc0: Timeout waiting for hardware interrupt.

Without this patch on rk3288 (dw_mmc-rockchip):

    | mmc1: Card stuck in programming state! mmcblk1 card_busy_detect
    | dwmmc_rockchip ff0c0000.dwmmc: Busy; trying anyway
    | mmc_host mmc1: Bus speed (slot 0) = 400000Hz (slot req 400000Hz,
    | actual 400000HZ div = 0)
    | mmc1: card never left busy state
    | mmc1: tried to reset card, got error -110
    | blk_update_request: I/O error, dev mmcblk1, sector 139778
    | Buffer I/O error on dev mmcblk1p1, logical block 131586, lost async
    | page write

Signed-off-by: Christoph Fritz <>
Cc: <> # v4.14+
Signed-off-by: Ulf Hansson <>
4 years agoovl: Use PTR_ERR_OR_ZERO()
Vasyl Gomonovych [Mon, 27 Nov 2017 23:09:23 +0000 (00:09 +0100)]
ovl: Use PTR_ERR_OR_ZERO()

Fix ptr_ret.cocci warnings:
fs/overlayfs/overlayfs.h:179:11-17: WARNING: PTR_ERR_OR_ZERO can be used

Use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR

Generated by: scripts/coccinelle/api/ptr_ret.cocci

Signed-off-by: Vasyl Gomonovych <>
Signed-off-by: Miklos Szeredi <>