From: Greg Kroah-Hartman Date: Wed, 12 Apr 2017 13:33:17 +0000 (+0200) Subject: 4.10-stable patches X-Git-Tag: v4.10.11~19 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1d4a02cf2a36f2b69a0d8dc4ee5fbe00e90c441a;p=thirdparty%2Fkernel%2Fstable-queue.git 4.10-stable patches added patches: mips-introduce-irq_stack.patch mips-only-change-28-to-thread_info-if-coming-from-user-mode.patch mips-stack-unwinding-while-on-irq-stack.patch nfs-flexfiles-fix-kernel-oops-if-mds-returns-unsupported-ds-type.patch rt2x00usb-do-not-anchor-rx-and-tx-urb-s.patch rt2x00usb-fix-anchor-initialization.patch --- diff --git a/queue-4.10/mips-introduce-irq_stack.patch b/queue-4.10/mips-introduce-irq_stack.patch new file mode 100644 index 00000000000..b644b580361 --- /dev/null +++ b/queue-4.10/mips-introduce-irq_stack.patch @@ -0,0 +1,95 @@ +From fe8bd18ffea5327344d4ec2bf11f47951212abd0 Mon Sep 17 00:00:00 2001 +From: Matt Redfearn +Date: Mon, 19 Dec 2016 14:20:56 +0000 +Subject: MIPS: Introduce irq_stack + +From: Matt Redfearn + +commit fe8bd18ffea5327344d4ec2bf11f47951212abd0 upstream. + +Allocate a per-cpu irq stack for use within interrupt handlers. + +Also add a utility function on_irq_stack to determine if a given stack +pointer is within the irq stack for that cpu. + +Signed-off-by: Matt Redfearn +Acked-by: Jason A. Donenfeld +Cc: Thomas Gleixner +Cc: Paolo Bonzini +Cc: Chris Metcalf +Cc: Petr Mladek +Cc: James Hogan +Cc: Paul Burton +Cc: Aaron Tomlin +Cc: Andrew Morton +Cc: linux-kernel@vger.kernel.org +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/14740/ +Signed-off-by: Ralf Baechle +Signed-off-by: Amit Pundir +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/include/asm/irq.h | 12 ++++++++++++ + arch/mips/kernel/asm-offsets.c | 1 + + arch/mips/kernel/irq.c | 11 +++++++++++ + 3 files changed, 24 insertions(+) + +--- a/arch/mips/include/asm/irq.h ++++ b/arch/mips/include/asm/irq.h +@@ -17,6 +17,18 @@ + + #include + ++#define IRQ_STACK_SIZE THREAD_SIZE ++ ++extern void *irq_stack[NR_CPUS]; ++ ++static inline bool on_irq_stack(int cpu, unsigned long sp) ++{ ++ unsigned long low = (unsigned long)irq_stack[cpu]; ++ unsigned long high = low + IRQ_STACK_SIZE; ++ ++ return (low <= sp && sp <= high); ++} ++ + #ifdef CONFIG_I8259 + static inline int irq_canonicalize(int irq) + { +--- a/arch/mips/kernel/asm-offsets.c ++++ b/arch/mips/kernel/asm-offsets.c +@@ -102,6 +102,7 @@ void output_thread_info_defines(void) + OFFSET(TI_REGS, thread_info, regs); + DEFINE(_THREAD_SIZE, THREAD_SIZE); + DEFINE(_THREAD_MASK, THREAD_MASK); ++ DEFINE(_IRQ_STACK_SIZE, IRQ_STACK_SIZE); + BLANK(); + } + +--- a/arch/mips/kernel/irq.c ++++ b/arch/mips/kernel/irq.c +@@ -25,6 +25,8 @@ + #include + #include + ++void *irq_stack[NR_CPUS]; ++ + /* + * 'what should we do if we get a hw irq event on an illegal vector'. + * each architecture has to answer this themselves. +@@ -58,6 +60,15 @@ void __init init_IRQ(void) + clear_c0_status(ST0_IM); + + arch_init_irq(); ++ ++ for_each_possible_cpu(i) { ++ int irq_pages = IRQ_STACK_SIZE / PAGE_SIZE; ++ void *s = (void *)__get_free_pages(GFP_KERNEL, irq_pages); ++ ++ irq_stack[i] = s; ++ pr_debug("CPU%d IRQ stack at 0x%p - 0x%p\n", i, ++ irq_stack[i], irq_stack[i] + IRQ_STACK_SIZE); ++ } + } + + #ifdef CONFIG_DEBUG_STACKOVERFLOW diff --git a/queue-4.10/mips-only-change-28-to-thread_info-if-coming-from-user-mode.patch b/queue-4.10/mips-only-change-28-to-thread_info-if-coming-from-user-mode.patch new file mode 100644 index 00000000000..574539b1a13 --- /dev/null +++ b/queue-4.10/mips-only-change-28-to-thread_info-if-coming-from-user-mode.patch @@ -0,0 +1,64 @@ +From 510d86362a27577f5ee23f46cfb354ad49731e61 Mon Sep 17 00:00:00 2001 +From: Matt Redfearn +Date: Mon, 19 Dec 2016 14:20:58 +0000 +Subject: MIPS: Only change $28 to thread_info if coming from user mode + +From: Matt Redfearn + +commit 510d86362a27577f5ee23f46cfb354ad49731e61 upstream. + +The SAVE_SOME macro is used to save the execution context on all +exceptions. +If an exception occurs while executing user code, the stack is switched +to the kernel's stack for the current task, and register $28 is switched +to point to the current_thread_info, which is at the bottom of the stack +region. +If the exception occurs while executing kernel code, the stack is left, +and this change ensures that register $28 is not updated. This is the +correct behaviour when the kernel can be executing on the separate irq +stack, because the thread_info will not be at the base of it. + +With this change, register $28 is only switched to it's kernel +conventional usage of the currrent thread info pointer at the point at +which execution enters kernel space. Doing it on every exception was +redundant, but OK without an IRQ stack, but will be erroneous once that +is introduced. + +Signed-off-by: Matt Redfearn +Acked-by: Jason A. Donenfeld +Cc: Thomas Gleixner +Cc: James Hogan +Cc: Paul Burton +Cc: linux-mips@linux-mips.org +Cc: linux-kernel@vger.kernel.org +Patchwork: https://patchwork.linux-mips.org/patch/14742/ +Signed-off-by: Ralf Baechle +Signed-off-by: Amit Pundir +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/include/asm/stackframe.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/arch/mips/include/asm/stackframe.h ++++ b/arch/mips/include/asm/stackframe.h +@@ -216,12 +216,19 @@ + LONG_S $25, PT_R25(sp) + LONG_S $28, PT_R28(sp) + LONG_S $31, PT_R31(sp) ++ ++ /* Set thread_info if we're coming from user mode */ ++ mfc0 k0, CP0_STATUS ++ sll k0, 3 /* extract cu0 bit */ ++ bltz k0, 9f ++ + ori $28, sp, _THREAD_MASK + xori $28, _THREAD_MASK + #ifdef CONFIG_CPU_CAVIUM_OCTEON + .set mips64 + pref 0, 0($28) /* Prefetch the current pointer */ + #endif ++9: + .set pop + .endm + diff --git a/queue-4.10/mips-stack-unwinding-while-on-irq-stack.patch b/queue-4.10/mips-stack-unwinding-while-on-irq-stack.patch new file mode 100644 index 00000000000..868cf18b4b6 --- /dev/null +++ b/queue-4.10/mips-stack-unwinding-while-on-irq-stack.patch @@ -0,0 +1,66 @@ +From d42d8d106b0275b027c1e8992c42aecf933436ea Mon Sep 17 00:00:00 2001 +From: Matt Redfearn +Date: Mon, 19 Dec 2016 14:20:57 +0000 +Subject: MIPS: Stack unwinding while on IRQ stack + +From: Matt Redfearn + +commit d42d8d106b0275b027c1e8992c42aecf933436ea upstream. + +Within unwind stack, check if the stack pointer being unwound is within +the CPU's irq_stack and if so use that page rather than the task's stack +page. + +Signed-off-by: Matt Redfearn +Acked-by: Jason A. Donenfeld +Cc: Thomas Gleixner +Cc: Adam Buchbinder +Cc: Maciej W. Rozycki +Cc: Marcin Nowakowski +Cc: Chris Metcalf +Cc: James Hogan +Cc: Paul Burton +Cc: Jiri Slaby +Cc: Andrew Morton +Cc: linux-mips@linux-mips.org +Cc: linux-kernel@vger.kernel.org +Patchwork: https://patchwork.linux-mips.org/patch/14741/ +Signed-off-by: Ralf Baechle +Signed-off-by: Amit Pundir +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/process.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +--- a/arch/mips/kernel/process.c ++++ b/arch/mips/kernel/process.c +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -556,7 +557,19 @@ EXPORT_SYMBOL(unwind_stack_by_address); + unsigned long unwind_stack(struct task_struct *task, unsigned long *sp, + unsigned long pc, unsigned long *ra) + { +- unsigned long stack_page = (unsigned long)task_stack_page(task); ++ unsigned long stack_page = 0; ++ int cpu; ++ ++ for_each_possible_cpu(cpu) { ++ if (on_irq_stack(cpu, *sp)) { ++ stack_page = (unsigned long)irq_stack[cpu]; ++ break; ++ } ++ } ++ ++ if (!stack_page) ++ stack_page = (unsigned long)task_stack_page(task); ++ + return unwind_stack_by_address(stack_page, sp, pc, ra); + } + #endif diff --git a/queue-4.10/nfs-flexfiles-fix-kernel-oops-if-mds-returns-unsupported-ds-type.patch b/queue-4.10/nfs-flexfiles-fix-kernel-oops-if-mds-returns-unsupported-ds-type.patch new file mode 100644 index 00000000000..b8aabc844a9 --- /dev/null +++ b/queue-4.10/nfs-flexfiles-fix-kernel-oops-if-mds-returns-unsupported-ds-type.patch @@ -0,0 +1,85 @@ +From f17f8a14e82cdf34cd6473e3644f3c672b3884f6 Mon Sep 17 00:00:00 2001 +From: Tigran Mkrtchyan +Date: Thu, 30 Mar 2017 17:31:18 +0200 +Subject: nfs: flexfiles: fix kernel OOPS if MDS returns unsupported DS type + +From: Tigran Mkrtchyan + +commit f17f8a14e82cdf34cd6473e3644f3c672b3884f6 upstream. + +this fix aims to fix dereferencing of a mirror in an error state when MDS +returns unsupported DS type (IOW, not v3), which causes the following oops: + +[ 220.370709] BUG: unable to handle kernel NULL pointer dereference at 0000000000000065 +[ 220.370842] IP: ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles] +[ 220.370920] PGD 0 + +[ 220.370972] Oops: 0000 [#1] SMP +[ 220.371013] Modules linked in: nfnetlink_queue nfnetlink_log bluetooth nfs_layout_flexfiles rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_mangle iptable_security ebtable_filter ebtables ip6table_filter ip6_tables binfmt_misc intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel btrfs kvm arc4 snd_hda_codec_hdmi iwldvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_cstate mac80211 xor uvcvideo +[ 220.371814] videobuf2_vmalloc videobuf2_memops snd_hda_codec_idt mei_wdt videobuf2_v4l2 snd_hda_codec_generic iTCO_wdt ppdev videobuf2_core iTCO_vendor_support dell_rbtn dell_wmi iwlwifi sparse_keymap dell_laptop dell_smbios snd_hda_intel dcdbas videodev snd_hda_codec dell_smm_hwmon snd_hda_core media cfg80211 intel_uncore snd_hwdep raid6_pq snd_seq intel_rapl_perf snd_seq_device joydev i2c_i801 rfkill lpc_ich snd_pcm parport_pc mei_me parport snd_timer dell_smo8800 mei snd shpchp soundcore tpm_tis tpm_tis_core tpm nfsd auth_rpcgss nfs_acl lockd grace sunrpc i915 nouveau mxm_wmi ttm i2c_algo_bit drm_kms_helper crc32c_intel e1000e drm sdhci_pci firewire_ohci sdhci serio_raw mmc_core firewire_core ptp crc_itu_t pps_core wmi fjes video +[ 220.372568] CPU: 7 PID: 4988 Comm: cat Not tainted 4.10.5-200.fc25.x86_64 #1 +[ 220.372647] Hardware name: Dell Inc. Latitude E6520/0J4TFW, BIOS A06 07/11/2011 +[ 220.372729] task: ffff94791f6ea580 task.stack: ffffb72b88c0c000 +[ 220.372802] RIP: 0010:ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles] +[ 220.372883] RSP: 0018:ffffb72b88c0f970 EFLAGS: 00010246 +[ 220.372945] RAX: 0000000000000000 RBX: ffff9479015ca600 RCX: ffffffffffffffed +[ 220.373025] RDX: ffffffffffffffed RSI: ffff9479753dc980 RDI: 0000000000000000 +[ 220.373104] RBP: ffffb72b88c0f988 R08: 000000000001c980 R09: ffffffffc0ea6112 +[ 220.373184] R10: ffffef17477d9640 R11: ffff9479753dd6c0 R12: ffff9479211c7440 +[ 220.373264] R13: ffff9478f45b7790 R14: 0000000000000001 R15: ffff9479015ca600 +[ 220.373345] FS: 00007f555fa3e700(0000) GS:ffff9479753c0000(0000) knlGS:0000000000000000 +[ 220.373435] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 220.373506] CR2: 0000000000000065 CR3: 0000000196044000 CR4: 00000000000406e0 +[ 220.373586] Call Trace: +[ 220.373627] nfs4_ff_layout_prepare_ds+0x5e/0x200 [nfs_layout_flexfiles] +[ 220.373708] ff_layout_pg_init_read+0x81/0x160 [nfs_layout_flexfiles] +[ 220.373806] __nfs_pageio_add_request+0x11f/0x4a0 [nfs] +[ 220.373886] ? nfs_create_request.part.14+0x37/0x330 [nfs] +[ 220.373967] nfs_pageio_add_request+0xb2/0x260 [nfs] +[ 220.374042] readpage_async_filler+0xaf/0x280 [nfs] +[ 220.374103] read_cache_pages+0xef/0x1b0 +[ 220.374166] ? nfs_read_completion+0x210/0x210 [nfs] +[ 220.374239] nfs_readpages+0x129/0x200 [nfs] +[ 220.374293] __do_page_cache_readahead+0x1d0/0x2f0 +[ 220.374352] ondemand_readahead+0x17d/0x2a0 +[ 220.374403] page_cache_sync_readahead+0x2e/0x50 +[ 220.374460] generic_file_read_iter+0x6c8/0x950 +[ 220.374532] ? nfs_mapping_need_revalidate_inode+0x17/0x40 [nfs] +[ 220.374617] nfs_file_read+0x6e/0xc0 [nfs] +[ 220.374670] __vfs_read+0xe2/0x150 +[ 220.374715] vfs_read+0x96/0x130 +[ 220.374758] SyS_read+0x55/0xc0 +[ 220.374801] entry_SYSCALL_64_fastpath+0x1a/0xa9 +[ 220.374856] RIP: 0033:0x7f555f570bd0 +[ 220.374900] RSP: 002b:00007ffeb73e1b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 +[ 220.374986] RAX: ffffffffffffffda RBX: 00007f555f839ae0 RCX: 00007f555f570bd0 +[ 220.375066] RDX: 0000000000020000 RSI: 00007f555fa41000 RDI: 0000000000000003 +[ 220.375145] RBP: 0000000000021010 R08: ffffffffffffffff R09: 0000000000000000 +[ 220.375226] R10: 00007f555fa40010 R11: 0000000000000246 R12: 0000000000022000 +[ 220.375305] R13: 0000000000021010 R14: 0000000000001000 R15: 0000000000002710 +[ 220.375386] Code: 66 66 90 55 48 89 e5 41 54 53 49 89 fc 48 83 ec 08 48 85 f6 74 2e 48 8b 4e 30 48 89 f3 48 81 f9 00 f0 ff ff 77 1e 48 85 c9 74 15 <48> 83 79 78 00 b8 01 00 00 00 74 2c 48 83 c4 08 5b 41 5c 5d c3 +[ 220.375653] RIP: ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles] RSP: ffffb72b88c0f970 +[ 220.375748] CR2: 0000000000000065 +[ 220.403538] ---[ end trace bcdca752211b7da9 ]--- + +Signed-off-by: Tigran Mkrtchyan +Signed-off-by: Anna Schumaker +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/flexfilelayout/flexfilelayoutdev.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/nfs/flexfilelayout/flexfilelayoutdev.c ++++ b/fs/nfs/flexfilelayout/flexfilelayoutdev.c +@@ -208,6 +208,10 @@ static bool ff_layout_mirror_valid(struc + } else + goto outerr; + } ++ ++ if (IS_ERR(mirror->mirror_ds)) ++ goto outerr; ++ + if (mirror->mirror_ds->ds == NULL) { + struct nfs4_deviceid_node *devid; + devid = &mirror->mirror_ds->id_node; diff --git a/queue-4.10/rt2x00usb-do-not-anchor-rx-and-tx-urb-s.patch b/queue-4.10/rt2x00usb-do-not-anchor-rx-and-tx-urb-s.patch new file mode 100644 index 00000000000..ddf21494269 --- /dev/null +++ b/queue-4.10/rt2x00usb-do-not-anchor-rx-and-tx-urb-s.patch @@ -0,0 +1,63 @@ +From 93c7018ec16bb83399dd4db61c361a6d6aba0d5a Mon Sep 17 00:00:00 2001 +From: Stanislaw Gruszka +Date: Wed, 8 Feb 2017 12:18:09 +0100 +Subject: rt2x00usb: do not anchor rx and tx urb's + +From: Stanislaw Gruszka + +commit 93c7018ec16bb83399dd4db61c361a6d6aba0d5a upstream. + +We might kill TX or RX urb during rt2x00usb_flush_entry(), what can +cause anchor list corruption like shown below: + +[ 2074.035633] WARNING: CPU: 2 PID: 14480 at lib/list_debug.c:33 __list_add+0xac/0xc0 +[ 2074.035634] list_add corruption. prev->next should be next (ffff88020f362c28), but was dead000000000100. (prev=ffff8801d161bb70). + +[ 2074.035670] Call Trace: +[ 2074.035672] [] dump_stack+0x63/0x8c +[ 2074.035674] [] __warn+0xd1/0xf0 +[ 2074.035676] [] warn_slowpath_fmt+0x5f/0x80 +[ 2074.035678] [] ? rt2x00usb_register_write_lock+0x3d/0x60 [rt2800usb] +[ 2074.035679] [] __list_add+0xac/0xc0 +[ 2074.035681] [] usb_anchor_urb+0x4c/0xa0 +[ 2074.035683] [] rt2x00usb_kick_rx_entry+0xaf/0x100 [rt2x00usb] +[ 2074.035684] [] rt2x00usb_clear_entry+0x22/0x30 [rt2x00usb] + +To fix do not anchor TX and RX urb's, it is not needed as during +shutdown we kill those urbs in rt2x00usb_free_entries(). + +Cc: Vishal Thanki +Fixes: 8b4c0009313f ("rt2x00usb: Use usb anchor to manage URB") +Signed-off-by: Stanislaw Gruszka +Signed-off-by: Kalle Valo +Signed-off-by: Amit Pundir +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 4 ---- + 1 file changed, 4 deletions(-) + +--- a/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c ++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c +@@ -319,10 +319,8 @@ static bool rt2x00usb_kick_tx_entry(stru + entry->skb->data, length, + rt2x00usb_interrupt_txdone, entry); + +- usb_anchor_urb(entry_priv->urb, rt2x00dev->anchor); + status = usb_submit_urb(entry_priv->urb, GFP_ATOMIC); + if (status) { +- usb_unanchor_urb(entry_priv->urb); + if (status == -ENODEV) + clear_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags); + set_bit(ENTRY_DATA_IO_FAILED, &entry->flags); +@@ -410,10 +408,8 @@ static bool rt2x00usb_kick_rx_entry(stru + entry->skb->data, entry->skb->len, + rt2x00usb_interrupt_rxdone, entry); + +- usb_anchor_urb(entry_priv->urb, rt2x00dev->anchor); + status = usb_submit_urb(entry_priv->urb, GFP_ATOMIC); + if (status) { +- usb_unanchor_urb(entry_priv->urb); + if (status == -ENODEV) + clear_bit(DEVICE_STATE_PRESENT, &rt2x00dev->flags); + set_bit(ENTRY_DATA_IO_FAILED, &entry->flags); diff --git a/queue-4.10/rt2x00usb-fix-anchor-initialization.patch b/queue-4.10/rt2x00usb-fix-anchor-initialization.patch new file mode 100644 index 00000000000..bde6331e02c --- /dev/null +++ b/queue-4.10/rt2x00usb-fix-anchor-initialization.patch @@ -0,0 +1,77 @@ +From 0488a6121dfe6cbd44de15ea3627913b7549a1e9 Mon Sep 17 00:00:00 2001 +From: Stanislaw Gruszka +Date: Wed, 8 Feb 2017 12:18:10 +0100 +Subject: rt2x00usb: fix anchor initialization + +From: Stanislaw Gruszka + +commit 0488a6121dfe6cbd44de15ea3627913b7549a1e9 upstream. + +If device fail to initialize we can OOPS in rt2x00lib_remove_dev(), due +to using uninitialized usb_anchor structure: + +[ 855.435820] ieee80211 phy3: rt2x00usb_vendor_request: Error - Vendor Request 0x07 failed for offset 0x1000 with error -19 +[ 855.435826] ieee80211 phy3: rt2800_probe_rt: Error - Invalid RT chipset 0x0000, rev 0000 detected +[ 855.435829] ieee80211 phy3: rt2x00lib_probe_dev: Error - Failed to allocate device +[ 855.435845] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028 +[ 855.435900] IP: _raw_spin_lock_irq+0xd/0x30 +[ 855.435926] PGD 0 +[ 855.435953] Oops: 0002 [#1] SMP + +[ 855.437011] Call Trace: +[ 855.437029] ? usb_kill_anchored_urbs+0x27/0xc0 +[ 855.437061] rt2x00lib_remove_dev+0x190/0x1c0 [rt2x00lib] +[ 855.437097] rt2x00lib_probe_dev+0x246/0x7a0 [rt2x00lib] +[ 855.437149] ? ieee80211_roc_setup+0x9e/0xd0 [mac80211] +[ 855.437183] ? __kmalloc+0x1af/0x1f0 +[ 855.437207] ? rt2x00usb_probe+0x13d/0xc50 [rt2x00usb] +[ 855.437240] rt2x00usb_probe+0x155/0xc50 [rt2x00usb] +[ 855.437273] rt2800usb_probe+0x15/0x20 [rt2800usb] +[ 855.437304] usb_probe_interface+0x159/0x2d0 +[ 855.437333] driver_probe_device+0x2bb/0x460 + +Patch changes initialization sequence to fix the problem. + +Cc: Vishal Thanki +Fixes: 8b4c0009313f ("rt2x00usb: Use usb anchor to manage URB") +Signed-off-by: Stanislaw Gruszka +Signed-off-by: Kalle Valo +Cc: Signed-off-by: Amit Pundir +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +--- a/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c ++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c +@@ -824,10 +824,6 @@ int rt2x00usb_probe(struct usb_interface + if (retval) + goto exit_free_device; + +- retval = rt2x00lib_probe_dev(rt2x00dev); +- if (retval) +- goto exit_free_reg; +- + rt2x00dev->anchor = devm_kmalloc(&usb_dev->dev, + sizeof(struct usb_anchor), + GFP_KERNEL); +@@ -835,10 +831,17 @@ int rt2x00usb_probe(struct usb_interface + retval = -ENOMEM; + goto exit_free_reg; + } +- + init_usb_anchor(rt2x00dev->anchor); ++ ++ retval = rt2x00lib_probe_dev(rt2x00dev); ++ if (retval) ++ goto exit_free_anchor; ++ + return 0; + ++exit_free_anchor: ++ usb_kill_anchored_urbs(rt2x00dev->anchor); ++ + exit_free_reg: + rt2x00usb_free_reg(rt2x00dev); + diff --git a/queue-4.10/series b/queue-4.10/series index 57ffbfd231d..caf7aa92f2f 100644 --- a/queue-4.10/series +++ b/queue-4.10/series @@ -14,3 +14,9 @@ drm-i915-avoid-rcu_barrier-from-reclaim-paths-shrinker.patch drm-i915-do-.init_clock_gating-earlier-to-avoid-it-clobbering-watermarks.patch orangefs-dan-carpenter-influenced-cleanups.patch orangefs-fix-buffer-size-mis-match-between-kernel-space-and-user-space.patch +nfs-flexfiles-fix-kernel-oops-if-mds-returns-unsupported-ds-type.patch +rt2x00usb-fix-anchor-initialization.patch +rt2x00usb-do-not-anchor-rx-and-tx-urb-s.patch +mips-introduce-irq_stack.patch +mips-stack-unwinding-while-on-irq-stack.patch +mips-only-change-28-to-thread_info-if-coming-from-user-mode.patch