--- /dev/null
+From fe8bd18ffea5327344d4ec2bf11f47951212abd0 Mon Sep 17 00:00:00 2001
+From: Matt Redfearn <matt.redfearn@imgtec.com>
+Date: Mon, 19 Dec 2016 14:20:56 +0000
+Subject: MIPS: Introduce irq_stack
+
+From: Matt Redfearn <matt.redfearn@imgtec.com>
+
+commit fe8bd18ffea5327344d4ec2bf11f47951212abd0 upstream.
+
+Allocate a per-cpu irq stack for use within interrupt handlers.
+
+Also add a utility function on_irq_stack to determine if a given stack
+pointer is within the irq stack for that cpu.
+
+Signed-off-by: Matt Redfearn <matt.redfearn@imgtec.com>
+Acked-by: Jason A. Donenfeld <jason@zx2c4.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Chris Metcalf <cmetcalf@mellanox.com>
+Cc: Petr Mladek <pmladek@suse.com>
+Cc: James Hogan <james.hogan@imgtec.com>
+Cc: Paul Burton <paul.burton@imgtec.com>
+Cc: Aaron Tomlin <atomlin@redhat.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: linux-kernel@vger.kernel.org
+Cc: linux-mips@linux-mips.org
+Patchwork: https://patchwork.linux-mips.org/patch/14740/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/include/asm/irq.h | 12 ++++++++++++
+ arch/mips/kernel/asm-offsets.c | 1 +
+ arch/mips/kernel/irq.c | 11 +++++++++++
+ 3 files changed, 24 insertions(+)
+
+--- a/arch/mips/include/asm/irq.h
++++ b/arch/mips/include/asm/irq.h
+@@ -17,6 +17,18 @@
+
+ #include <irq.h>
+
++#define IRQ_STACK_SIZE THREAD_SIZE
++
++extern void *irq_stack[NR_CPUS];
++
++static inline bool on_irq_stack(int cpu, unsigned long sp)
++{
++ unsigned long low = (unsigned long)irq_stack[cpu];
++ unsigned long high = low + IRQ_STACK_SIZE;
++
++ return (low <= sp && sp <= high);
++}
++
+ #ifdef CONFIG_I8259
+ static inline int irq_canonicalize(int irq)
+ {
+--- a/arch/mips/kernel/asm-offsets.c
++++ b/arch/mips/kernel/asm-offsets.c
+@@ -102,6 +102,7 @@ void output_thread_info_defines(void)
+ OFFSET(TI_REGS, thread_info, regs);
+ DEFINE(_THREAD_SIZE, THREAD_SIZE);
+ DEFINE(_THREAD_MASK, THREAD_MASK);
++ DEFINE(_IRQ_STACK_SIZE, IRQ_STACK_SIZE);
+ BLANK();
+ }
+
+--- a/arch/mips/kernel/irq.c
++++ b/arch/mips/kernel/irq.c
+@@ -25,6 +25,8 @@
+ #include <linux/atomic.h>
+ #include <linux/uaccess.h>
+
++void *irq_stack[NR_CPUS];
++
+ /*
+ * 'what should we do if we get a hw irq event on an illegal vector'.
+ * each architecture has to answer this themselves.
+@@ -58,6 +60,15 @@ void __init init_IRQ(void)
+ clear_c0_status(ST0_IM);
+
+ arch_init_irq();
++
++ for_each_possible_cpu(i) {
++ int irq_pages = IRQ_STACK_SIZE / PAGE_SIZE;
++ void *s = (void *)__get_free_pages(GFP_KERNEL, irq_pages);
++
++ irq_stack[i] = s;
++ pr_debug("CPU%d IRQ stack at 0x%p - 0x%p\n", i,
++ irq_stack[i], irq_stack[i] + IRQ_STACK_SIZE);
++ }
+ }
+
+ #ifdef CONFIG_DEBUG_STACKOVERFLOW
--- /dev/null
+From 510d86362a27577f5ee23f46cfb354ad49731e61 Mon Sep 17 00:00:00 2001
+From: Matt Redfearn <matt.redfearn@imgtec.com>
+Date: Mon, 19 Dec 2016 14:20:58 +0000
+Subject: MIPS: Only change $28 to thread_info if coming from user mode
+
+From: Matt Redfearn <matt.redfearn@imgtec.com>
+
+commit 510d86362a27577f5ee23f46cfb354ad49731e61 upstream.
+
+The SAVE_SOME macro is used to save the execution context on all
+exceptions.
+If an exception occurs while executing user code, the stack is switched
+to the kernel's stack for the current task, and register $28 is switched
+to point to the current_thread_info, which is at the bottom of the stack
+region.
+If the exception occurs while executing kernel code, the stack is left,
+and this change ensures that register $28 is not updated. This is the
+correct behaviour when the kernel can be executing on the separate irq
+stack, because the thread_info will not be at the base of it.
+
+With this change, register $28 is only switched to it's kernel
+conventional usage of the currrent thread info pointer at the point at
+which execution enters kernel space. Doing it on every exception was
+redundant, but OK without an IRQ stack, but will be erroneous once that
+is introduced.
+
+Signed-off-by: Matt Redfearn <matt.redfearn@imgtec.com>
+Acked-by: Jason A. Donenfeld <jason@zx2c4.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: James Hogan <james.hogan@imgtec.com>
+Cc: Paul Burton <paul.burton@imgtec.com>
+Cc: linux-mips@linux-mips.org
+Cc: linux-kernel@vger.kernel.org
+Patchwork: https://patchwork.linux-mips.org/patch/14742/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/include/asm/stackframe.h | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/arch/mips/include/asm/stackframe.h
++++ b/arch/mips/include/asm/stackframe.h
+@@ -216,12 +216,19 @@
+ LONG_S $25, PT_R25(sp)
+ LONG_S $28, PT_R28(sp)
+ LONG_S $31, PT_R31(sp)
++
++ /* Set thread_info if we're coming from user mode */
++ mfc0 k0, CP0_STATUS
++ sll k0, 3 /* extract cu0 bit */
++ bltz k0, 9f
++
+ ori $28, sp, _THREAD_MASK
+ xori $28, _THREAD_MASK
+ #ifdef CONFIG_CPU_CAVIUM_OCTEON
+ .set mips64
+ pref 0, 0($28) /* Prefetch the current pointer */
+ #endif
++9:
+ .set pop
+ .endm
+
--- /dev/null
+From d42d8d106b0275b027c1e8992c42aecf933436ea Mon Sep 17 00:00:00 2001
+From: Matt Redfearn <matt.redfearn@imgtec.com>
+Date: Mon, 19 Dec 2016 14:20:57 +0000
+Subject: MIPS: Stack unwinding while on IRQ stack
+
+From: Matt Redfearn <matt.redfearn@imgtec.com>
+
+commit d42d8d106b0275b027c1e8992c42aecf933436ea upstream.
+
+Within unwind stack, check if the stack pointer being unwound is within
+the CPU's irq_stack and if so use that page rather than the task's stack
+page.
+
+Signed-off-by: Matt Redfearn <matt.redfearn@imgtec.com>
+Acked-by: Jason A. Donenfeld <jason@zx2c4.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Adam Buchbinder <adam.buchbinder@gmail.com>
+Cc: Maciej W. Rozycki <macro@imgtec.com>
+Cc: Marcin Nowakowski <marcin.nowakowski@imgtec.com>
+Cc: Chris Metcalf <cmetcalf@mellanox.com>
+Cc: James Hogan <james.hogan@imgtec.com>
+Cc: Paul Burton <paul.burton@imgtec.com>
+Cc: Jiri Slaby <jslaby@suse.cz>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: linux-mips@linux-mips.org
+Cc: linux-kernel@vger.kernel.org
+Patchwork: https://patchwork.linux-mips.org/patch/14741/
+Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/kernel/process.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+--- a/arch/mips/kernel/process.c
++++ b/arch/mips/kernel/process.c
+@@ -33,6 +33,7 @@
+ #include <asm/dsemul.h>
+ #include <asm/dsp.h>
+ #include <asm/fpu.h>
++#include <asm/irq.h>
+ #include <asm/msa.h>
+ #include <asm/pgtable.h>
+ #include <asm/mipsregs.h>
+@@ -556,7 +557,19 @@ EXPORT_SYMBOL(unwind_stack_by_address);
+ unsigned long unwind_stack(struct task_struct *task, unsigned long *sp,
+ unsigned long pc, unsigned long *ra)
+ {
+- unsigned long stack_page = (unsigned long)task_stack_page(task);
++ unsigned long stack_page = 0;
++ int cpu;
++
++ for_each_possible_cpu(cpu) {
++ if (on_irq_stack(cpu, *sp)) {
++ stack_page = (unsigned long)irq_stack[cpu];
++ break;
++ }
++ }
++
++ if (!stack_page)
++ stack_page = (unsigned long)task_stack_page(task);
++
+ return unwind_stack_by_address(stack_page, sp, pc, ra);
+ }
+ #endif
--- /dev/null
+From f17f8a14e82cdf34cd6473e3644f3c672b3884f6 Mon Sep 17 00:00:00 2001
+From: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
+Date: Thu, 30 Mar 2017 17:31:18 +0200
+Subject: nfs: flexfiles: fix kernel OOPS if MDS returns unsupported DS type
+
+From: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
+
+commit f17f8a14e82cdf34cd6473e3644f3c672b3884f6 upstream.
+
+this fix aims to fix dereferencing of a mirror in an error state when MDS
+returns unsupported DS type (IOW, not v3), which causes the following oops:
+
+[ 220.370709] BUG: unable to handle kernel NULL pointer dereference at 0000000000000065
+[ 220.370842] IP: ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles]
+[ 220.370920] PGD 0
+
+[ 220.370972] Oops: 0000 [#1] SMP
+[ 220.371013] Modules linked in: nfnetlink_queue nfnetlink_log bluetooth nfs_layout_flexfiles rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_mangle iptable_security ebtable_filter ebtables ip6table_filter ip6_tables binfmt_misc intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel btrfs kvm arc4 snd_hda_codec_hdmi iwldvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_cstate mac80211 xor uvcvideo
+[ 220.371814] videobuf2_vmalloc videobuf2_memops snd_hda_codec_idt mei_wdt videobuf2_v4l2 snd_hda_codec_generic iTCO_wdt ppdev videobuf2_core iTCO_vendor_support dell_rbtn dell_wmi iwlwifi sparse_keymap dell_laptop dell_smbios snd_hda_intel dcdbas videodev snd_hda_codec dell_smm_hwmon snd_hda_core media cfg80211 intel_uncore snd_hwdep raid6_pq snd_seq intel_rapl_perf snd_seq_device joydev i2c_i801 rfkill lpc_ich snd_pcm parport_pc mei_me parport snd_timer dell_smo8800 mei snd shpchp soundcore tpm_tis tpm_tis_core tpm nfsd auth_rpcgss nfs_acl lockd grace sunrpc i915 nouveau mxm_wmi ttm i2c_algo_bit drm_kms_helper crc32c_intel e1000e drm sdhci_pci firewire_ohci sdhci serio_raw mmc_core firewire_core ptp crc_itu_t pps_core wmi fjes video
+[ 220.372568] CPU: 7 PID: 4988 Comm: cat Not tainted 4.10.5-200.fc25.x86_64 #1
+[ 220.372647] Hardware name: Dell Inc. Latitude E6520/0J4TFW, BIOS A06 07/11/2011
+[ 220.372729] task: ffff94791f6ea580 task.stack: ffffb72b88c0c000
+[ 220.372802] RIP: 0010:ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles]
+[ 220.372883] RSP: 0018:ffffb72b88c0f970 EFLAGS: 00010246
+[ 220.372945] RAX: 0000000000000000 RBX: ffff9479015ca600 RCX: ffffffffffffffed
+[ 220.373025] RDX: ffffffffffffffed RSI: ffff9479753dc980 RDI: 0000000000000000
+[ 220.373104] RBP: ffffb72b88c0f988 R08: 000000000001c980 R09: ffffffffc0ea6112
+[ 220.373184] R10: ffffef17477d9640 R11: ffff9479753dd6c0 R12: ffff9479211c7440
+[ 220.373264] R13: ffff9478f45b7790 R14: 0000000000000001 R15: ffff9479015ca600
+[ 220.373345] FS: 00007f555fa3e700(0000) GS:ffff9479753c0000(0000) knlGS:0000000000000000
+[ 220.373435] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 220.373506] CR2: 0000000000000065 CR3: 0000000196044000 CR4: 00000000000406e0
+[ 220.373586] Call Trace:
+[ 220.373627] nfs4_ff_layout_prepare_ds+0x5e/0x200 [nfs_layout_flexfiles]
+[ 220.373708] ff_layout_pg_init_read+0x81/0x160 [nfs_layout_flexfiles]
+[ 220.373806] __nfs_pageio_add_request+0x11f/0x4a0 [nfs]
+[ 220.373886] ? nfs_create_request.part.14+0x37/0x330 [nfs]
+[ 220.373967] nfs_pageio_add_request+0xb2/0x260 [nfs]
+[ 220.374042] readpage_async_filler+0xaf/0x280 [nfs]
+[ 220.374103] read_cache_pages+0xef/0x1b0
+[ 220.374166] ? nfs_read_completion+0x210/0x210 [nfs]
+[ 220.374239] nfs_readpages+0x129/0x200 [nfs]
+[ 220.374293] __do_page_cache_readahead+0x1d0/0x2f0
+[ 220.374352] ondemand_readahead+0x17d/0x2a0
+[ 220.374403] page_cache_sync_readahead+0x2e/0x50
+[ 220.374460] generic_file_read_iter+0x6c8/0x950
+[ 220.374532] ? nfs_mapping_need_revalidate_inode+0x17/0x40 [nfs]
+[ 220.374617] nfs_file_read+0x6e/0xc0 [nfs]
+[ 220.374670] __vfs_read+0xe2/0x150
+[ 220.374715] vfs_read+0x96/0x130
+[ 220.374758] SyS_read+0x55/0xc0
+[ 220.374801] entry_SYSCALL_64_fastpath+0x1a/0xa9
+[ 220.374856] RIP: 0033:0x7f555f570bd0
+[ 220.374900] RSP: 002b:00007ffeb73e1b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
+[ 220.374986] RAX: ffffffffffffffda RBX: 00007f555f839ae0 RCX: 00007f555f570bd0
+[ 220.375066] RDX: 0000000000020000 RSI: 00007f555fa41000 RDI: 0000000000000003
+[ 220.375145] RBP: 0000000000021010 R08: ffffffffffffffff R09: 0000000000000000
+[ 220.375226] R10: 00007f555fa40010 R11: 0000000000000246 R12: 0000000000022000
+[ 220.375305] R13: 0000000000021010 R14: 0000000000001000 R15: 0000000000002710
+[ 220.375386] Code: 66 66 90 55 48 89 e5 41 54 53 49 89 fc 48 83 ec 08 48 85 f6 74 2e 48 8b 4e 30 48 89 f3 48 81 f9 00 f0 ff ff 77 1e 48 85 c9 74 15 <48> 83 79 78 00 b8 01 00 00 00 74 2c 48 83 c4 08 5b 41 5c 5d c3
+[ 220.375653] RIP: ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles] RSP: ffffb72b88c0f970
+[ 220.375748] CR2: 0000000000000065
+[ 220.403538] ---[ end trace bcdca752211b7da9 ]---
+
+Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
+Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/flexfilelayout/flexfilelayoutdev.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/fs/nfs/flexfilelayout/flexfilelayoutdev.c
++++ b/fs/nfs/flexfilelayout/flexfilelayoutdev.c
+@@ -208,6 +208,10 @@ static bool ff_layout_mirror_valid(struc
+ } else
+ goto outerr;
+ }
++
++ if (IS_ERR(mirror->mirror_ds))
++ goto outerr;
++
+ if (mirror->mirror_ds->ds == NULL) {
+ struct nfs4_deviceid_node *devid;
+ devid = &mirror->mirror_ds->id_node;
--- /dev/null
+From 93c7018ec16bb83399dd4db61c361a6d6aba0d5a Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 8 Feb 2017 12:18:09 +0100
+Subject: rt2x00usb: do not anchor rx and tx urb's
+
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+
+commit 93c7018ec16bb83399dd4db61c361a6d6aba0d5a upstream.
+
+We might kill TX or RX urb during rt2x00usb_flush_entry(), what can
+cause anchor list corruption like shown below:
+
+[ 2074.035633] WARNING: CPU: 2 PID: 14480 at lib/list_debug.c:33 __list_add+0xac/0xc0
+[ 2074.035634] list_add corruption. prev->next should be next (ffff88020f362c28), but was dead000000000100. (prev=ffff8801d161bb70).
+<snip>
+[ 2074.035670] Call Trace:
+[ 2074.035672] [<ffffffff813bde47>] dump_stack+0x63/0x8c
+[ 2074.035674] [<ffffffff810a2231>] __warn+0xd1/0xf0
+[ 2074.035676] [<ffffffff810a22af>] warn_slowpath_fmt+0x5f/0x80
+[ 2074.035678] [<ffffffffa073855d>] ? rt2x00usb_register_write_lock+0x3d/0x60 [rt2800usb]
+[ 2074.035679] [<ffffffff813dbe4c>] __list_add+0xac/0xc0
+[ 2074.035681] [<ffffffff81591c6c>] usb_anchor_urb+0x4c/0xa0
+[ 2074.035683] [<ffffffffa07322af>] rt2x00usb_kick_rx_entry+0xaf/0x100 [rt2x00usb]
+[ 2074.035684] [<ffffffffa0732322>] rt2x00usb_clear_entry+0x22/0x30 [rt2x00usb]
+
+To fix do not anchor TX and RX urb's, it is not needed as during
+shutdown we kill those urbs in rt2x00usb_free_entries().
+
+Cc: Vishal Thanki <vishalthanki@gmail.com>
+Fixes: 8b4c0009313f ("rt2x00usb: Use usb anchor to manage URB")
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
+@@ -319,10 +319,8 @@ static bool rt2x00usb_kick_tx_entry(stru
+ entry->skb->data, length,
+ rt2x00usb_interrupt_txdone, entry);
+
+- usb_anchor_urb(entry_priv->urb, rt2x00dev->anchor);
+ status = usb_submit_urb(entry_priv->urb, GFP_ATOMIC);
+ if (status) {
+- usb_unanchor_urb(entry_priv->urb);
+ if (status == -ENODEV)
+ clear_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags);
+ set_bit(ENTRY_DATA_IO_FAILED, &entry->flags);
+@@ -410,10 +408,8 @@ static bool rt2x00usb_kick_rx_entry(stru
+ entry->skb->data, entry->skb->len,
+ rt2x00usb_interrupt_rxdone, entry);
+
+- usb_anchor_urb(entry_priv->urb, rt2x00dev->anchor);
+ status = usb_submit_urb(entry_priv->urb, GFP_ATOMIC);
+ if (status) {
+- usb_unanchor_urb(entry_priv->urb);
+ if (status == -ENODEV)
+ clear_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags);
+ set_bit(ENTRY_DATA_IO_FAILED, &entry->flags);
--- /dev/null
+From 0488a6121dfe6cbd44de15ea3627913b7549a1e9 Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Wed, 8 Feb 2017 12:18:10 +0100
+Subject: rt2x00usb: fix anchor initialization
+
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+
+commit 0488a6121dfe6cbd44de15ea3627913b7549a1e9 upstream.
+
+If device fail to initialize we can OOPS in rt2x00lib_remove_dev(), due
+to using uninitialized usb_anchor structure:
+
+[ 855.435820] ieee80211 phy3: rt2x00usb_vendor_request: Error - Vendor Request 0x07 failed for offset 0x1000 with error -19
+[ 855.435826] ieee80211 phy3: rt2800_probe_rt: Error - Invalid RT chipset 0x0000, rev 0000 detected
+[ 855.435829] ieee80211 phy3: rt2x00lib_probe_dev: Error - Failed to allocate device
+[ 855.435845] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
+[ 855.435900] IP: _raw_spin_lock_irq+0xd/0x30
+[ 855.435926] PGD 0
+[ 855.435953] Oops: 0002 [#1] SMP
+<snip>
+[ 855.437011] Call Trace:
+[ 855.437029] ? usb_kill_anchored_urbs+0x27/0xc0
+[ 855.437061] rt2x00lib_remove_dev+0x190/0x1c0 [rt2x00lib]
+[ 855.437097] rt2x00lib_probe_dev+0x246/0x7a0 [rt2x00lib]
+[ 855.437149] ? ieee80211_roc_setup+0x9e/0xd0 [mac80211]
+[ 855.437183] ? __kmalloc+0x1af/0x1f0
+[ 855.437207] ? rt2x00usb_probe+0x13d/0xc50 [rt2x00usb]
+[ 855.437240] rt2x00usb_probe+0x155/0xc50 [rt2x00usb]
+[ 855.437273] rt2800usb_probe+0x15/0x20 [rt2800usb]
+[ 855.437304] usb_probe_interface+0x159/0x2d0
+[ 855.437333] driver_probe_device+0x2bb/0x460
+
+Patch changes initialization sequence to fix the problem.
+
+Cc: Vishal Thanki <vishalthanki@gmail.com>
+Fixes: 8b4c0009313f ("rt2x00usb: Use usb anchor to manage URB")
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Cc: Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
+@@ -824,10 +824,6 @@ int rt2x00usb_probe(struct usb_interface
+ if (retval)
+ goto exit_free_device;
+
+- retval = rt2x00lib_probe_dev(rt2x00dev);
+- if (retval)
+- goto exit_free_reg;
+-
+ rt2x00dev->anchor = devm_kmalloc(&usb_dev->dev,
+ sizeof(struct usb_anchor),
+ GFP_KERNEL);
+@@ -835,10 +831,17 @@ int rt2x00usb_probe(struct usb_interface
+ retval = -ENOMEM;
+ goto exit_free_reg;
+ }
+-
+ init_usb_anchor(rt2x00dev->anchor);
++
++ retval = rt2x00lib_probe_dev(rt2x00dev);
++ if (retval)
++ goto exit_free_anchor;
++
+ return 0;
+
++exit_free_anchor:
++ usb_kill_anchored_urbs(rt2x00dev->anchor);
++
+ exit_free_reg:
+ rt2x00usb_free_reg(rt2x00dev);
+
drm-i915-do-.init_clock_gating-earlier-to-avoid-it-clobbering-watermarks.patch
orangefs-dan-carpenter-influenced-cleanups.patch
orangefs-fix-buffer-size-mis-match-between-kernel-space-and-user-space.patch
+nfs-flexfiles-fix-kernel-oops-if-mds-returns-unsupported-ds-type.patch
+rt2x00usb-fix-anchor-initialization.patch
+rt2x00usb-do-not-anchor-rx-and-tx-urb-s.patch
+mips-introduce-irq_stack.patch
+mips-stack-unwinding-while-on-irq-stack.patch
+mips-only-change-28-to-thread_info-if-coming-from-user-mode.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
