From: Greg Kroah-Hartman Date: Sun, 14 Feb 2016 21:04:42 +0000 (-0800) Subject: 3.14-stable patches X-Git-Tag: v4.4.2~22 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=03f3766050fca2ee345a0f9c71c9eea0f29d7645;p=thirdparty%2Fkernel%2Fstable-queue.git 3.14-stable patches added patches: ext4-fix-handling-of-extended-tv_sec.patch xhci-fix-usb2-resume-timing-and-races.patch --- diff --git a/queue-3.14/ext4-fix-handling-of-extended-tv_sec.patch b/queue-3.14/ext4-fix-handling-of-extended-tv_sec.patch new file mode 100644 index 00000000000..a39e0398949 --- /dev/null +++ b/queue-3.14/ext4-fix-handling-of-extended-tv_sec.patch @@ -0,0 +1,111 @@ +From a4dad1ae24f850410c4e60f22823cba1289b8d52 Mon Sep 17 00:00:00 2001 +From: David Turner +Date: Tue, 24 Nov 2015 14:34:37 -0500 +Subject: ext4: Fix handling of extended tv_sec + +From: David Turner + +commit a4dad1ae24f850410c4e60f22823cba1289b8d52 upstream. + +In ext4, the bottom two bits of {a,c,m}time_extra are used to extend +the {a,c,m}time fields, deferring the year 2038 problem to the year +2446. + +When decoding these extended fields, for times whose bottom 32 bits +would represent a negative number, sign extension causes the 64-bit +extended timestamp to be negative as well, which is not what's +intended. This patch corrects that issue, so that the only negative +{a,c,m}times are those between 1901 and 1970 (as per 32-bit signed +timestamps). + +Some older kernels might have written pre-1970 dates with 1,1 in the +extra bits. This patch treats those incorrectly-encoded dates as +pre-1970, instead of post-2311, until kernel 4.20 is released. +Hopefully by then e2fsck will have fixed up the bad data. + +Also add a comment explaining the encoding of ext4's extra {a,c,m}time +bits. + +Signed-off-by: David Turner +Signed-off-by: Theodore Ts'o +Reported-by: Mark Harris +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=23732 +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/ext4.h | 51 ++++++++++++++++++++++++++++++++++++++++++++------- + 1 file changed, 44 insertions(+), 7 deletions(-) + +--- a/fs/ext4/ext4.h ++++ b/fs/ext4/ext4.h +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -724,19 +725,55 @@ struct move_extent { + <= (EXT4_GOOD_OLD_INODE_SIZE + \ + (einode)->i_extra_isize)) \ + ++/* ++ * We use an encoding that preserves the times for extra epoch "00": ++ * ++ * extra msb of adjust for signed ++ * epoch 32-bit 32-bit tv_sec to ++ * bits time decoded 64-bit tv_sec 64-bit tv_sec valid time range ++ * 0 0 1 -0x80000000..-0x00000001 0x000000000 1901-12-13..1969-12-31 ++ * 0 0 0 0x000000000..0x07fffffff 0x000000000 1970-01-01..2038-01-19 ++ * 0 1 1 0x080000000..0x0ffffffff 0x100000000 2038-01-19..2106-02-07 ++ * 0 1 0 0x100000000..0x17fffffff 0x100000000 2106-02-07..2174-02-25 ++ * 1 0 1 0x180000000..0x1ffffffff 0x200000000 2174-02-25..2242-03-16 ++ * 1 0 0 0x200000000..0x27fffffff 0x200000000 2242-03-16..2310-04-04 ++ * 1 1 1 0x280000000..0x2ffffffff 0x300000000 2310-04-04..2378-04-22 ++ * 1 1 0 0x300000000..0x37fffffff 0x300000000 2378-04-22..2446-05-10 ++ * ++ * Note that previous versions of the kernel on 64-bit systems would ++ * incorrectly use extra epoch bits 1,1 for dates between 1901 and ++ * 1970. e2fsck will correct this, assuming that it is run on the ++ * affected filesystem before 2242. ++ */ ++ + static inline __le32 ext4_encode_extra_time(struct timespec *time) + { +- return cpu_to_le32((sizeof(time->tv_sec) > 4 ? +- (time->tv_sec >> 32) & EXT4_EPOCH_MASK : 0) | +- ((time->tv_nsec << EXT4_EPOCH_BITS) & EXT4_NSEC_MASK)); ++ u32 extra = sizeof(time->tv_sec) > 4 ? ++ ((time->tv_sec - (s32)time->tv_sec) >> 32) & EXT4_EPOCH_MASK : 0; ++ return cpu_to_le32(extra | (time->tv_nsec << EXT4_EPOCH_BITS)); + } + + static inline void ext4_decode_extra_time(struct timespec *time, __le32 extra) + { +- if (sizeof(time->tv_sec) > 4) +- time->tv_sec |= (__u64)(le32_to_cpu(extra) & EXT4_EPOCH_MASK) +- << 32; +- time->tv_nsec = (le32_to_cpu(extra) & EXT4_NSEC_MASK) >> EXT4_EPOCH_BITS; ++ if (unlikely(sizeof(time->tv_sec) > 4 && ++ (extra & cpu_to_le32(EXT4_EPOCH_MASK)))) { ++#if LINUX_VERSION_CODE < KERNEL_VERSION(4,20,0) ++ /* Handle legacy encoding of pre-1970 dates with epoch ++ * bits 1,1. We assume that by kernel version 4.20, ++ * everyone will have run fsck over the affected ++ * filesystems to correct the problem. (This ++ * backwards compatibility may be removed before this ++ * time, at the discretion of the ext4 developers.) ++ */ ++ u64 extra_bits = le32_to_cpu(extra) & EXT4_EPOCH_MASK; ++ if (extra_bits == 3 && ((time->tv_sec) & 0x80000000) != 0) ++ extra_bits = 0; ++ time->tv_sec += extra_bits << 32; ++#else ++ time->tv_sec += (u64)(le32_to_cpu(extra) & EXT4_EPOCH_MASK) << 32; ++#endif ++ } ++ time->tv_nsec = (le32_to_cpu(extra) & EXT4_NSEC_MASK) >> EXT4_EPOCH_BITS; + } + + #define EXT4_INODE_SET_XTIME(xtime, inode, raw_inode) \ diff --git a/queue-3.14/series b/queue-3.14/series index 13e53badba5..ae6b599fa94 100644 --- a/queue-3.14/series +++ b/queue-3.14/series @@ -61,3 +61,5 @@ usb-serial-option-adding-support-for-telit-le922.patch usb-option-fix-cinterion-ahxx-enumeration.patch tty-fix-gpf-in-flush_to_ldisc.patch tty-fix-unsafe-ldisc-reference-via-ioctl-tiocgetd.patch +xhci-fix-usb2-resume-timing-and-races.patch +ext4-fix-handling-of-extended-tv_sec.patch diff --git a/queue-3.14/xhci-fix-usb2-resume-timing-and-races.patch b/queue-3.14/xhci-fix-usb2-resume-timing-and-races.patch new file mode 100644 index 00000000000..1f12744d3a1 --- /dev/null +++ b/queue-3.14/xhci-fix-usb2-resume-timing-and-races.patch @@ -0,0 +1,153 @@ +From f69115fdbc1ac0718e7d19ad3caa3da2ecfe1c96 Mon Sep 17 00:00:00 2001 +From: Mathias Nyman +Date: Fri, 11 Dec 2015 14:38:06 +0200 +Subject: xhci: fix usb2 resume timing and races. + +From: Mathias Nyman + +commit f69115fdbc1ac0718e7d19ad3caa3da2ecfe1c96 upstream. + +According to USB 2 specs ports need to signal resume for at least 20ms, +in practice even longer, before moving to U0 state. +Both host and devices can initiate resume. + +On device initiated resume, a port status interrupt with the port in resume +state in issued. The interrupt handler tags a resume_done[port] +timestamp with current time + USB_RESUME_TIMEOUT, and kick roothub timer. +Root hub timer requests for port status, finds the port in resume state, +checks if resume_done[port] timestamp passed, and set port to U0 state. + +On host initiated resume, current code sets the port to resume state, +sleep 20ms, and finally sets the port to U0 state. This should also +be changed to work in a similar way as the device initiated resume, with +timestamp tagging, but that is not yet tested and will be a separate +fix later. + +There are a few issues with this approach + +1. A host initiated resume will also generate a resume event. The event + handler will find the port in resume state, believe it's a device + initiated resume, and act accordingly. + +2. A port status request might cut the resume signalling short if a + get_port_status request is handled during the host resume signalling. + The port will be found in resume state. The timestamp is not set leading + to time_after_eq(jiffies, timestamp) returning true, as timestamp = 0. + get_port_status will proceed with moving the port to U0. + +3. If an error, or anything else happens to the port during device + initiated resume signalling it will leave all the device resume + parameters hanging uncleared, preventing further suspend, returning + -EBUSY, and cause the pm thread to busyloop trying to enter suspend. + +Fix this by using the existing resuming_ports bitfield to indicate that +resume signalling timing is taken care of. +Check if the resume_done[port] is set before using it for timestamp +comparison, and also clear out any resume signalling related variables +if port is not in U0 or Resume state + +This issue was discovered when a PM thread busylooped, trying to runtime +suspend the xhci USB 2 roothub on a Dell XPS + +Reported-by: Daniel J Blueman +Tested-by: Daniel J Blueman +Signed-off-by: Mathias Nyman +Signed-off-by: Greg Kroah-Hartman + + +--- + drivers/usb/host/xhci-hub.c | 45 ++++++++++++++++++++++++++++++++++++++----- + drivers/usb/host/xhci-ring.c | 3 +- + 2 files changed, 42 insertions(+), 6 deletions(-) + +--- a/drivers/usb/host/xhci-hub.c ++++ b/drivers/usb/host/xhci-hub.c +@@ -612,8 +612,30 @@ static u32 xhci_get_port_status(struct u + if ((raw_port_status & PORT_RESET) || + !(raw_port_status & PORT_PE)) + return 0xffffffff; +- if (time_after_eq(jiffies, +- bus_state->resume_done[wIndex])) { ++ /* did port event handler already start resume timing? */ ++ if (!bus_state->resume_done[wIndex]) { ++ /* If not, maybe we are in a host initated resume? */ ++ if (test_bit(wIndex, &bus_state->resuming_ports)) { ++ /* Host initated resume doesn't time the resume ++ * signalling using resume_done[]. ++ * It manually sets RESUME state, sleeps 20ms ++ * and sets U0 state. This should probably be ++ * changed, but not right now. ++ */ ++ } else { ++ /* port resume was discovered now and here, ++ * start resume timing ++ */ ++ unsigned long timeout = jiffies + ++ msecs_to_jiffies(USB_RESUME_TIMEOUT); ++ ++ set_bit(wIndex, &bus_state->resuming_ports); ++ bus_state->resume_done[wIndex] = timeout; ++ mod_timer(&hcd->rh_timer, timeout); ++ } ++ /* Has resume been signalled for USB_RESUME_TIME yet? */ ++ } else if (time_after_eq(jiffies, ++ bus_state->resume_done[wIndex])) { + int time_left; + + xhci_dbg(xhci, "Resume USB2 port %d\n", +@@ -654,13 +676,24 @@ static u32 xhci_get_port_status(struct u + } else { + /* + * The resume has been signaling for less than +- * 20ms. Report the port status as SUSPEND, +- * let the usbcore check port status again +- * and clear resume signaling later. ++ * USB_RESUME_TIME. Report the port status as SUSPEND, ++ * let the usbcore check port status again and clear ++ * resume signaling later. + */ + status |= USB_PORT_STAT_SUSPEND; + } + } ++ /* ++ * Clear stale usb2 resume signalling variables in case port changed ++ * state during resume signalling. For example on error ++ */ ++ if ((bus_state->resume_done[wIndex] || ++ test_bit(wIndex, &bus_state->resuming_ports)) && ++ (raw_port_status & PORT_PLS_MASK) != XDEV_U3 && ++ (raw_port_status & PORT_PLS_MASK) != XDEV_RESUME) { ++ bus_state->resume_done[wIndex] = 0; ++ clear_bit(wIndex, &bus_state->resuming_ports); ++ } + if ((raw_port_status & PORT_PLS_MASK) == XDEV_U0 + && (raw_port_status & PORT_POWER) + && (bus_state->suspended_ports & (1 << wIndex))) { +@@ -989,6 +1022,7 @@ int xhci_hub_control(struct usb_hcd *hcd + if ((temp & PORT_PE) == 0) + goto error; + ++ set_bit(wIndex, &bus_state->resuming_ports); + xhci_set_link_state(xhci, port_array, wIndex, + XDEV_RESUME); + spin_unlock_irqrestore(&xhci->lock, flags); +@@ -996,6 +1030,7 @@ int xhci_hub_control(struct usb_hcd *hcd + spin_lock_irqsave(&xhci->lock, flags); + xhci_set_link_state(xhci, port_array, wIndex, + XDEV_U0); ++ clear_bit(wIndex, &bus_state->resuming_ports); + } + bus_state->port_c_suspend |= 1 << wIndex; + +--- a/drivers/usb/host/xhci-ring.c ++++ b/drivers/usb/host/xhci-ring.c +@@ -1768,7 +1768,8 @@ static void handle_port_status(struct xh + */ + bogus_port_status = true; + goto cleanup; +- } else { ++ } else if (!test_bit(faked_port_index, ++ &bus_state->resuming_ports)) { + xhci_dbg(xhci, "resume HS port %d\n", port_id); + bus_state->resume_done[faked_port_index] = jiffies + + msecs_to_jiffies(USB_RESUME_TIMEOUT);