1. 05 Nov, 2016 4 commits
  2. 04 Nov, 2016 14 commits
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-for-v4.9-rc4' of git://people.freedesktop.org/~airlied/linux · d4c5f43d
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Fixes for amdgpu, radeon, intel, imx and virtio-gpu.
      
        This is a bit larger than I'd like, but I had some stuff I meant to
        send for -rc3 but was waiting for the PAT regression fix to land. So
        this is really fixes for rc3 and rc4 in one go.
      
        There are a set of fixes for an oops we've been seeing around MST
        display unplug, along with more suspend/resume and shutdown fixes for
        amdgpu, one power management follow on fix for nouveau, and set of imx
        fixes, and a single virtio-gpu regression fix"
      
      * tag 'drm-fixes-for-v4.9-rc4' of git://people.freedesktop.org/~airlied/linux: (54 commits)
        virtio-gpu: fix vblank events
        drm/nouveau/acpi: fix check for power resources support
        drm/i915: Fix SKL+ 90/270 degree rotated plane coordinate computation
        drm/i915: Remove two invalid warns
        drm/i915: Rotated view does not need a fence
        drm/i915/fbc: fix CFB size calculation for gen8+
        drm: i915: Wait for fences on new fb, not old
        drm/i915: Clean up DDI DDC/AUX CH sanitation
        drm/i915: Respect alternate_aux_channel for all DDI ports
        drm/i915/gen9: fix watermarks when using the pipe scaler
        drm/i915: Fix mismatched INIT power domain disabling during suspend
        drm/i915: fix a read size argument
        drm/i915: Use fence_write() from rpm resume
        drm/i915/gen9: fix DDB partitioning for multi-screen cases
        drm/i915: workaround sparse warning on variable length arrays
        drm/i915: keep declarations in i915_drv.h
        drm/amd/powerplay: fix bug get wrong evv voltage of Polaris.
        drm/amdgpu/si_dpm: workaround for SI kickers
        drm/radeon/si_dpm: workaround for SI kickers
        drm/amdgpu: fix s3 resume back, uvd dpm randomly can't disable.
        ...
      d4c5f43d
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 66cecb67
      Linus Torvalds authored
      Pull KVM updates from Paolo Bonzini:
       "One NULL pointer dereference, and two fixes for regressions introduced
        during the merge window.
      
        The rest are fixes for MIPS, s390 and nested VMX"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvm: x86: Check memopp before dereference (CVE-2016-8630)
        kvm: nVMX: VMCLEAR an active shadow VMCS after last use
        KVM: x86: drop TSC offsetting kvm_x86_ops to fix KVM_GET/SET_CLOCK
        KVM: x86: fix wbinvd_dirty_mask use-after-free
        kvm/x86: Show WRMSR data is in hex
        kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
        KVM: document lock orders
        KVM: fix OOPS on flush_work
        KVM: s390: Fix STHYI buffer alignment for diag224
        KVM: MIPS: Precalculate MMIO load resume PC
        KVM: MIPS: Make ERET handle ERL before EXL
        KVM: MIPS: Fix lazy user ASID regenerate for SMP
      66cecb67
    • Linus Torvalds's avatar
      Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus · 34c510b2
      Linus Torvalds authored
      Pull MIPS fixes from Ralf Baechle:
       "A set of MIPS fixes for 4.9:
      
         - lots of fixes for printk continuations
         - six fixes for FP related code.
         - fix max_low_pfn with disabled highmem
         - fix KASLR handling of NULL FDT and KASLR for generic kernels
         - fix build of compressed image
         - provide default mips_cpc_default_phys_base to ignore CPC
         - fix reboot on Malta"
      
      * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
        MIPS: Fix max_low_pfn with disabled highmem
        MIPS: Correct MIPS I FP sigcontext layout
        MIPS: Fix ISA I/II FP signal context offsets
        MIPS: Remove FIR from ISA I FP signal context
        MIPS: Fix ISA I FP sigcontext access violation handling
        MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue
        MIPS: ptrace: Also initialize the FP context on individual FCSR writes
        MIPS: dump_tlb: Fix printk continuations
        MIPS: Fix __show_regs() output
        MIPS: traps: Fix output of show_code
        MIPS: traps: Fix output of show_stacktrace
        MIPS: traps: Fix output of show_backtrace
        MIPS: Fix build of compressed image
        MIPS: generic: Fix KASLR for generic kernel.
        MIPS: KASLR: Fix handling of NULL FDT
        MIPS: Malta: Fixup reboot
        MIPS: CPC: Provide default mips_cpc_default_phys_base to ignore CPC
      34c510b2
    • Linus Torvalds's avatar
      Merge branch 'parisc-4.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · f7df76e6
      Linus Torvalds authored
      Pull parisc updates from Helge Deller:
       "The first three patches are trivial and add some required KERN_CONT,
        ignore the new pkey syscalls on parisc and use the LINUX_GATEWAY_ADDR
        define instead of hardcoded values.
      
        The two patches from Dave Anglin are important.
      
        The first one avoids trashing the sr2 and sr3 space registers in the
        Light-weight syscall path. Especially the usage of sr3 is critical
        since it may get trashed by the interrupt handler.
      
        The second patch is even more important and tagged for stable series.
        It protects one critical section in the syscall entry path by
        disabling local interrupts. Without disabling interrupts, the sr7
        space register may not be in sync with the current stack setup and
        thus an incoming hardware interrupt may destroy memory in random
        userspace areas"
      
      * 'parisc-4.9-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Ignore the pkey system calls for now
        parisc: Use LINUX_GATEWAY_ADDR define instead of hardcoded value
        parisc: Ensure consistent state when switching to kernel stack at syscall entry
        parisc: Avoid trashing sr2 and sr3 in LWS code
        parisc: use KERN_CONT when printing device inventory
      f7df76e6
    • James Hogan's avatar
      MIPS: Fix max_low_pfn with disabled highmem · 16a767ec
      James Hogan authored
      When low memory doesn't reach HIGHMEM_START (e.g. up to 256MB at PA=0 is
      common) and highmem is present above HIGHMEM_START (e.g. on Malta the
      RAM overlayed by the IO region is aliased at PA=0x90000000), max_low_pfn
      will be initially calculated very large and then clipped down to
      HIGHMEM_START.
      
      This causes crashes when reading /sys/kernel/mm/page_idle/bitmap
      (i.e. CONFIG_IDLE_PAGE_TRACKING=y) when highmem is disabled. pfn_valid()
      will compare against max_mapnr which is derived from max_low_pfn when
      there is no highend_pfn set up, and will return true for PFNs right up
      to HIGHMEM_START, even though they are beyond the end of low memory and
      no page structs will actually exist for these PFNs.
      
      This is fixed by skipping high memory regions when initially calculating
      max_low_pfn if highmem is disabled, so it doesn't get clipped too high.
      We also clip regions which overlap the highmem boundary when highmem is
      disabled, so that max_pfn doesn't extend into highmem either.
      Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Cc: Paul Burton <paul.burton@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/14490/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      16a767ec
    • Maciej W. Rozycki's avatar
      MIPS: Correct MIPS I FP sigcontext layout · f92722dc
      Maciej W. Rozycki authored
      Complement commit 80cbfad7 ("MIPS: Correct MIPS I FP context
      layout") and correct the way Floating Point General registers are stored
      in a signal context with MIPS I hardware.
      
      Use the S.D and L.D assembly macros to have pairs of SWC1 instructions
      and pairs of LWC1 instructions produced, respectively, in an arrangement
      which makes the memory representation of floating-point data passed
      compatible with that used by hardware SDC1 and LDC1 instructions, where
      available, regardless of the hardware endianness used.  This matches the
      layout used by r4k_fpu.S, ensuring run-time compatibility for MIPS I
      software across all o32 hardware platforms.
      
      Define an EX2 macro to handle exceptions from both hardware instructions
      implicitly produced from S.D and L.D assembly macros.
      Signed-off-by: default avatarMaciej W. Rozycki <macro@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/14477/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      f92722dc
    • Maciej W. Rozycki's avatar
      MIPS: Fix ISA I/II FP signal context offsets · 758ef0a9
      Maciej W. Rozycki authored
      Fix a regression introduced with commit 2db9ca0a ("MIPS: Use struct
      mips_abi offsets to save FP context") for MIPS I/I FP signal contexts,
      by converting save/restore code to the updated internal API.  Start FGR
      offsets from 0 rather than SC_FPREGS from $a0 and use $a1 rather than
      the offset of SC_FPC_CSR from $a0 for the Floating Point Control/Status
      Register (FCSR).
      
      Document the new internal API and adjust assembly code formatting for
      consistency.
      Signed-off-by: default avatarMaciej W. Rozycki <macro@imgtec.com>
      Cc: Paul Burton <paul.burton@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/14476/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      758ef0a9
    • Maciej W. Rozycki's avatar
      MIPS: Remove FIR from ISA I FP signal context · 6daaa326
      Maciej W. Rozycki authored
      Complement commit e50c0a8f ("Support the MIPS32 / MIPS64 DSP ASE.")
      and remove the Floating Point Implementation Register (FIR) from the FP
      register set recorded in a signal context with MIPS I processors too, in
      line with the change applied to r4k_fpu.S.
      
      The `sc_fpc_eir' slot is unused according to our current ABI and the FIR
      register is read-only and always directly accessible from user software.
      
      [ralf@linux-mips.org: This is also required because the next commit depends
      on it.]
      Signed-off-by: default avatarMaciej W. Rozycki <macro@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/14475/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      6daaa326
    • Maciej W. Rozycki's avatar
      MIPS: Fix ISA I FP sigcontext access violation handling · 35938a00
      Maciej W. Rozycki authored
      Complement commit 0ae8dceaebe3 ("Merge with 2.3.10.") and use the local
      `fault' handler to recover from FP sigcontext access violation faults,
      like corresponding code does in r4k_fpu.S.  The `bad_stack' handler is
      in syscall.c and is not suitable here as we want to propagate the error
      condition up through the caller rather than killing the thread outright.
      Signed-off-by: default avatarMaciej W. Rozycki <macro@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/14474/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      35938a00
    • Maciej W. Rozycki's avatar
      MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue · 5a1aca44
      Maciej W. Rozycki authored
      Sanitize FCSR Cause bit handling, following a trail of past attempts:
      
      * commit 42495484 ("MIPS: ptrace: Fix FP context restoration FCSR
      regression"),
      
      * commit 443c4403 ("MIPS: Always clear FCSR cause bits after
      emulation"),
      
      * commit 64bedffe ("MIPS: Clear [MSA]FPE CSR.Cause after
      notify_die()"),
      
      * commit b1442d39 ("MIPS: Prevent user from setting FCSR cause
      bits"),
      
      * commit b54d2901517d ("Properly handle branch delay slots in connection
      with signals.").
      
      Specifically do not mask these bits out in ptrace(2) processing and send
      a SIGFPE signal instead whenever a matching pair of an FCSR Cause and
      Enable bit is seen as execution of an affected context is about to
      resume.  Only then clear Cause bits, and even then do not clear any bits
      that are set but masked with the respective Enable bits.  Adjust Cause
      bit clearing throughout code likewise, except within the FPU emulator
      proper where they are set according to IEEE 754 exceptions raised as the
      operation emulated executed.  Do so so that any IEEE 754 exceptions
      subject to their default handling are recorded like with operations
      executed by FPU hardware.
      Signed-off-by: default avatarMaciej W. Rozycki <macro@imgtec.com>
      Cc: Paul Burton <paul.burton@imgtec.com>
      Cc: James Hogan <james.hogan@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/14460/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      5a1aca44
    • Maciej W. Rozycki's avatar
      MIPS: ptrace: Also initialize the FP context on individual FCSR writes · c9e56039
      Maciej W. Rozycki authored
      Complement commit ac9ad83b ("MIPS: prevent FP context set via ptrace
      being discarded") and also initialize the FP context whenever FCSR alone
      is written with a PTRACE_POKEUSR request addressing FPC_CSR, rather than
      along with the full FPU register set in the case of the PTRACE_SETFPREGS
      request.
      Signed-off-by: default avatarMaciej W. Rozycki <macro@imgtec.com>
      Cc: Paul Burton <paul.burton@imgtec.com>
      Cc: James Hogan <james.hogan@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/14459/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      c9e56039
    • James Hogan's avatar
      MIPS: dump_tlb: Fix printk continuations · 8a98495c
      James Hogan authored
      Since commit 4bcc595c ("printk: reinstate KERN_CONT for printing
      continuation lines") the output from TLB dumps on MIPS has been
      pretty unreadable due to the lack of KERN_CONT markers. Use pr_cont to
      provide the appropriate markers & restore the expected output.
      
      Continuation is also used for the second line of each TLB entry printed
      in dump_tlb.c even though it has a newline, since it is a continuation
      of the interpretation of the same TLB entry. For example:
      
      [   46.371884] Index:  0 pgmask=16kb va=77654000 asid=73 gid=00
              [ri=0 xi=0 pa=ffc18000 c=5 d=0 v=1 g=0] [ri=0 xi=0 pa=ffc1c000 c=5 d=0 v=1 g=0]
      [   46.385380] Index: 12 pgmask=16kb va=004b4000 asid=73 gid=00
              [ri=0 xi=0 pa=00000000 c=0 d=0 v=0 g=0] [ri=0 xi=0 pa=ffb00000 c=5 d=1 v=1 g=0]
      Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Cc: Maciej W. Rozycki <macro@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/14444/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      8a98495c
    • Paul Burton's avatar
      MIPS: Fix __show_regs() output · 752f5499
      Paul Burton authored
      Since commit 4bcc595c ("printk: reinstate KERN_CONT for printing
      continuation lines") the output from __show_regs() on MIPS has been
      pretty unreadable due to the lack of KERN_CONT markers. Use pr_cont to
      provide the appropriate markers & restore the expected register output.
      Signed-off-by: default avatarPaul Burton <paul.burton@imgtec.com>
      Signed-off-by: default avatarMatt Redfearn <matt.redfearn@imgtec.com>
      Cc: Maciej W. Rozycki <macro@imgtec.com>
      Cc: James Hogan <james.hogan@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/14432/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      752f5499
    • Matt Redfearn's avatar
      MIPS: traps: Fix output of show_code · 41000c58
      Matt Redfearn authored
      Since commit 4bcc595c ("printk: reinstate KERN_CONT for printing
      continuation lines") the output from show_code on MIPS has been
      pretty unreadable due to the lack of KERN_CONT markers. Use pr_cont to
      provide the appropriate markers & restore the expected output.
      Signed-off-by: default avatarMatt Redfearn <matt.redfearn@imgtec.com>
      Cc: Maciej W. Rozycki <macro@imgtec.com>
      Cc: James Hogan <james.hogan@imgtec.com>
      Cc: Paul Burton <paul.burton@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/14431/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      41000c58
  3. 03 Nov, 2016 10 commits
  4. 02 Nov, 2016 8 commits
  5. 01 Nov, 2016 4 commits
    • Linus Torvalds's avatar
      Merge tag 'gcc-plugins-v4.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · 577f12c0
      Linus Torvalds authored
      Pull gcc plugin fixes from Kees Cook:
       - make sure required exports from gcc plugins are visible to gcc
       - switch latent_entropy to unsigned long to avoid stack frame bloat
      
      * tag 'gcc-plugins-v4.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        latent_entropy: Fix wrong gcc code generation with 64 bit variables
        gcc-plugins: Export symbols needed by gcc
      577f12c0
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · 04659feb
      Linus Torvalds authored
      Pull virtio updates from Michael Tsirkin:
       "Tests, fixes and cleanups.
      
        Just minor tweaks, there's nothing major in this cycle"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        virtio_ring: mark vring_dma_dev inline
        virtio/vhost: add Jason to list of maintainers
        virtio_blk: Delete an unnecessary initialisation in init_vq()
        virtio_blk: Use kmalloc_array() in init_vq()
        virtio: remove config.c
        virtio: console: Unlock vqs while freeing buffers
        ringtest: poll for new buffers once before updating event index
        ringtest: commonize implementation of poll_avail/poll_used
        ringtest: use link-time optimization
        virtio: update balloon size in balloon "probe"
        virtio_ring: Make interrupt suppression spec compliant
        virtio_pci: Limit DMA mask to 44 bits for legacy virtio devices
      04659feb
    • Linus Torvalds's avatar
      Merge tag 'vfio-v4.9-rc4' of git://github.com/awilliam/linux-vfio · a75e0032
      Linus Torvalds authored
      Pull VFIO fix from Alex Williamson:
       "SET_IRQS ioctl parameter sanitization (Vlad Tsyrklevich)"
      
      * tag 'vfio-v4.9-rc4' of git://github.com/awilliam/linux-vfio:
        vfio/pci: Fix integer overflows, bitmask check
      a75e0032
    • Chuck Lever's avatar
      nfsd: Fix general protection fault in release_lock_stateid() · f46c445b
      Chuck Lever authored
      When I push NFSv4.1 / RDMA hard, (xfstests generic/089, for example),
      I get this crash on the server:
      
      Oct 28 22:04:30 klimt kernel: general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC
      Oct 28 22:04:30 klimt kernel: Modules linked in: cts rpcsec_gss_krb5 iTCO_wdt iTCO_vendor_support sb_edac edac_core x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm btrfs irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel lrw gf128mul glue_helper ablk_helper cryptd xor pcspkr raid6_pq i2c_i801 i2c_smbus lpc_ich mfd_core sg mei_me mei ioatdma shpchp wmi ipmi_si ipmi_msghandler rpcrdma ib_ipoib rdma_ucm acpi_power_meter acpi_pad ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c mlx4_ib mlx4_en ib_core sr_mod cdrom sd_mod ast drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm crc32c_intel igb ahci libahci ptp mlx4_core pps_core dca libata i2c_algo_bit i2c_core dm_mirror dm_region_hash dm_log dm_mod
      Oct 28 22:04:30 klimt kernel: CPU: 7 PID: 1558 Comm: nfsd Not tainted 4.9.0-rc2-00005-g82cd754 #8
      Oct 28 22:04:30 klimt kernel: Hardware name: Supermicro Super Server/X10SRL-F, BIOS 1.0c 09/09/2015
      Oct 28 22:04:30 klimt kernel: task: ffff880835c3a100 task.stack: ffff8808420d8000
      Oct 28 22:04:30 klimt kernel: RIP: 0010:[<ffffffffa05a759f>]  [<ffffffffa05a759f>] release_lock_stateid+0x1f/0x60 [nfsd]
      Oct 28 22:04:30 klimt kernel: RSP: 0018:ffff8808420dbce0  EFLAGS: 00010246
      Oct 28 22:04:30 klimt kernel: RAX: ffff88084e6660f0 RBX: ffff88084e667020 RCX: 0000000000000000
      Oct 28 22:04:30 klimt kernel: RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffff88084e667020
      Oct 28 22:04:30 klimt kernel: RBP: ffff8808420dbcf8 R08: 0000000000000001 R09: 0000000000000000
      Oct 28 22:04:30 klimt kernel: R10: ffff880835c3a100 R11: ffff880835c3aca8 R12: 6b6b6b6b6b6b6b6b
      Oct 28 22:04:30 klimt kernel: R13: ffff88084e6670d8 R14: ffff880835f546f0 R15: ffff880835f1c548
      Oct 28 22:04:30 klimt kernel: FS:  0000000000000000(0000) GS:ffff88087bdc0000(0000) knlGS:0000000000000000
      Oct 28 22:04:30 klimt kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      Oct 28 22:04:30 klimt kernel: CR2: 00007ff020389000 CR3: 0000000001c06000 CR4: 00000000001406e0
      Oct 28 22:04:30 klimt kernel: Stack:
      Oct 28 22:04:30 klimt kernel: ffff88084e667020 0000000000000000 ffff88084e6670d8 ffff8808420dbd20
      Oct 28 22:04:30 klimt kernel: ffffffffa05ac80d ffff880835f54548 ffff88084e640008 ffff880835f545b0
      Oct 28 22:04:30 klimt kernel: ffff8808420dbd70 ffffffffa059803d ffff880835f1c768 0000000000000870
      Oct 28 22:04:30 klimt kernel: Call Trace:
      Oct 28 22:04:30 klimt kernel: [<ffffffffa05ac80d>] nfsd4_free_stateid+0xfd/0x1b0 [nfsd]
      Oct 28 22:04:30 klimt kernel: [<ffffffffa059803d>] nfsd4_proc_compound+0x40d/0x690 [nfsd]
      Oct 28 22:04:30 klimt kernel: [<ffffffffa0583114>] nfsd_dispatch+0xd4/0x1d0 [nfsd]
      Oct 28 22:04:30 klimt kernel: [<ffffffffa047bbf9>] svc_process_common+0x3d9/0x700 [sunrpc]
      Oct 28 22:04:30 klimt kernel: [<ffffffffa047ca64>] svc_process+0xf4/0x330 [sunrpc]
      Oct 28 22:04:30 klimt kernel: [<ffffffffa05827ca>] nfsd+0xfa/0x160 [nfsd]
      Oct 28 22:04:30 klimt kernel: [<ffffffffa05826d0>] ? nfsd_destroy+0x170/0x170 [nfsd]
      Oct 28 22:04:30 klimt kernel: [<ffffffff810b367b>] kthread+0x10b/0x120
      Oct 28 22:04:30 klimt kernel: [<ffffffff810b3570>] ? kthread_stop+0x280/0x280
      Oct 28 22:04:30 klimt kernel: [<ffffffff8174e8ba>] ret_from_fork+0x2a/0x40
      Oct 28 22:04:30 klimt kernel: Code: c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 55 41 54 53 48 8b 87 b0 00 00 00 48 89 fb 4c 8b a0 98 00 00 00 <49> 8b 44 24 20 48 8d b8 80 03 00 00 e8 10 66 1a e1 48 89 df e8
      Oct 28 22:04:30 klimt kernel: RIP  [<ffffffffa05a759f>] release_lock_stateid+0x1f/0x60 [nfsd]
      Oct 28 22:04:30 klimt kernel: RSP <ffff8808420dbce0>
      Oct 28 22:04:30 klimt kernel: ---[ end trace cf5d0b371973e167 ]---
      
      Jeff Layton says:
      > Hm...now that I look though, this is a little suspicious:
      >
      >    struct nfs4_openowner *oo = openowner(stp->st_openstp->st_stateowner);
      >
      > I wonder if it's possible for the openstateid to have already been
      > destroyed at this point.
      >
      > We might be better off doing something like this to get the client pointer:
      >
      >    stp->st_stid.sc_client;
      >
      > ...which should be more direct and less dependent on other stateids
      > staying valid.
      
      With the suggested change, I am no longer able to reproduce the above oops.
      
      v2: Fix unhash_lock_stateid() as well
      Fix-suggested-by: default avatarJeff Layton <jlayton@redhat.com>
      Fixes: 42691398 ('nfsd: Fix race between FREE_STATEID and LOCK')
      Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
      Reviewed-by: default avatarJeff Layton <jlayton@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      f46c445b