From: Greg Kroah-Hartman Date: Fri, 20 Apr 2018 15:20:47 +0000 (+0200) Subject: 4.9-stable patches X-Git-Tag: v3.18.106~55 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=25801dec7f5d232b81c51d19bc2f60f30d2921ed;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: asoc-ssm2602-replace-reg_default_raw-with-reg_default.patch ext4-add-validity-checks-for-bitmap-block-numbers.patch ext4-don-t-allow-r-w-mounts-if-metadata-blocks-overlap-the-superblock.patch ext4-don-t-update-checksum-of-new-initialized-bitmaps.patch ext4-fail-ext4_iget-for-root-directory-if-unallocated.patch ext4-force-revalidation-of-directory-pointer-after-seekdir-2.patch ext4-protect-i_disksize-update-by-i_data_sem-in-direct-write-path.patch hid-core-fix-size-as-type-u32.patch hid-fix-hid_report_len-usage.patch irqchip-gic-take-lock-when-updating-irq-type.patch jbd2-if-the-journal-is-aborted-then-don-t-allow-update-of-the-log-tail.patch powerpc-64-fix-smp_wmb-barrier-definition-use-use-lwsync-consistently.patch powerpc-powernv-fix-opal-nvram-driver-opal_busy-loops.patch powerpc-powernv-handle-unknown-opal-errors-in-opal_nvram_write.patch random-use-a-tighter-cap-in-credit_entropy_bits_safe.patch thunderbolt-resume-control-channel-after-hibernation-image-is-created.patch --- diff --git a/queue-4.9/asoc-ssm2602-replace-reg_default_raw-with-reg_default.patch b/queue-4.9/asoc-ssm2602-replace-reg_default_raw-with-reg_default.patch new file mode 100644 index 00000000000..984a33c636a --- /dev/null +++ b/queue-4.9/asoc-ssm2602-replace-reg_default_raw-with-reg_default.patch @@ -0,0 +1,77 @@ +From a01df75ce737951ad13a08d101306e88c3f57cb2 Mon Sep 17 00:00:00 2001 +From: James Kelly +Date: Mon, 19 Mar 2018 21:29:50 +1100 +Subject: ASoC: ssm2602: Replace reg_default_raw with reg_default + +From: James Kelly + +commit a01df75ce737951ad13a08d101306e88c3f57cb2 upstream. + +SSM2602 driver is broken on recent kernels (at least +since 4.9). User space applications such as amixer or +alsamixer get EIO when attempting to access codec +controls via the relevant IOCTLs. + +Root cause of these failures is the regcache_hw_init +function in drivers/base/regmap/regcache.c, which +prevents regmap cache initalization from the +reg_defaults_raw element of the regmap_config structure +when registers are write only. It also disables the +regmap cache entirely when all registers are write only +or volatile as is the case for the SSM2602 driver. + +Using the reg_defaults element of the regmap_config +structure rather than the reg_defaults_raw element to +initalize the regmap cache avoids the logic in the +regcache_hw_init function entirely. It also makes this +driver consistent with other ASoC codec drivers, as +this driver was the ONLY codec driver that used the +reg_defaults_raw element to initalize the cache. + +Tested on Digilent Zybo Z7 development board which has +a SSM2603 codec chip connected to a Xilinx Zynq SoC. + +Signed-off-by: James Kelly +Signed-off-by: Mark Brown +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + sound/soc/codecs/ssm2602.c | 19 +++++++++++++------ + 1 file changed, 13 insertions(+), 6 deletions(-) + +--- a/sound/soc/codecs/ssm2602.c ++++ b/sound/soc/codecs/ssm2602.c +@@ -54,10 +54,17 @@ struct ssm2602_priv { + * using 2 wire for device control, so we cache them instead. + * There is no point in caching the reset register + */ +-static const u16 ssm2602_reg[SSM2602_CACHEREGNUM] = { +- 0x0097, 0x0097, 0x0079, 0x0079, +- 0x000a, 0x0008, 0x009f, 0x000a, +- 0x0000, 0x0000 ++static const struct reg_default ssm2602_reg[SSM2602_CACHEREGNUM] = { ++ { .reg = 0x00, .def = 0x0097 }, ++ { .reg = 0x01, .def = 0x0097 }, ++ { .reg = 0x02, .def = 0x0079 }, ++ { .reg = 0x03, .def = 0x0079 }, ++ { .reg = 0x04, .def = 0x000a }, ++ { .reg = 0x05, .def = 0x0008 }, ++ { .reg = 0x06, .def = 0x009f }, ++ { .reg = 0x07, .def = 0x000a }, ++ { .reg = 0x08, .def = 0x0000 }, ++ { .reg = 0x09, .def = 0x0000 } + }; + + +@@ -620,8 +627,8 @@ const struct regmap_config ssm2602_regma + .volatile_reg = ssm2602_register_volatile, + + .cache_type = REGCACHE_RBTREE, +- .reg_defaults_raw = ssm2602_reg, +- .num_reg_defaults_raw = ARRAY_SIZE(ssm2602_reg), ++ .reg_defaults = ssm2602_reg, ++ .num_reg_defaults = ARRAY_SIZE(ssm2602_reg), + }; + EXPORT_SYMBOL_GPL(ssm2602_regmap_config); + diff --git a/queue-4.9/ext4-add-validity-checks-for-bitmap-block-numbers.patch b/queue-4.9/ext4-add-validity-checks-for-bitmap-block-numbers.patch new file mode 100644 index 00000000000..eea464cec02 --- /dev/null +++ b/queue-4.9/ext4-add-validity-checks-for-bitmap-block-numbers.patch @@ -0,0 +1,101 @@ +From 7dac4a1726a9c64a517d595c40e95e2d0d135f6f Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Mon, 26 Mar 2018 23:54:10 -0400 +Subject: ext4: add validity checks for bitmap block numbers + +From: Theodore Ts'o + +commit 7dac4a1726a9c64a517d595c40e95e2d0d135f6f upstream. + +An privileged attacker can cause a crash by mounting a crafted ext4 +image which triggers a out-of-bounds read in the function +ext4_valid_block_bitmap() in fs/ext4/balloc.c. + +This issue has been assigned CVE-2018-1093. + +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=199181 +BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1560782 +Reported-by: Wen Xu +Signed-off-by: Theodore Ts'o +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/balloc.c | 16 ++++++++++++++-- + fs/ext4/ialloc.c | 7 +++++++ + 2 files changed, 21 insertions(+), 2 deletions(-) + +--- a/fs/ext4/balloc.c ++++ b/fs/ext4/balloc.c +@@ -337,20 +337,25 @@ static ext4_fsblk_t ext4_valid_block_bit + /* check whether block bitmap block number is set */ + blk = ext4_block_bitmap(sb, desc); + offset = blk - group_first_block; +- if (!ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || ++ !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) + /* bad block bitmap */ + return blk; + + /* check whether the inode bitmap block number is set */ + blk = ext4_inode_bitmap(sb, desc); + offset = blk - group_first_block; +- if (!ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || ++ !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data)) + /* bad block bitmap */ + return blk; + + /* check whether the inode table block number is set */ + blk = ext4_inode_table(sb, desc); + offset = blk - group_first_block; ++ if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize || ++ EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= sb->s_blocksize) ++ return blk; + next_zero_bit = ext4_find_next_zero_bit(bh->b_data, + EXT4_B2C(sbi, offset + EXT4_SB(sb)->s_itb_per_group), + EXT4_B2C(sbi, offset)); +@@ -416,6 +421,7 @@ struct buffer_head * + ext4_read_block_bitmap_nowait(struct super_block *sb, ext4_group_t block_group) + { + struct ext4_group_desc *desc; ++ struct ext4_sb_info *sbi = EXT4_SB(sb); + struct buffer_head *bh; + ext4_fsblk_t bitmap_blk; + int err; +@@ -424,6 +430,12 @@ ext4_read_block_bitmap_nowait(struct sup + if (!desc) + return ERR_PTR(-EFSCORRUPTED); + bitmap_blk = ext4_block_bitmap(sb, desc); ++ if ((bitmap_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) || ++ (bitmap_blk >= ext4_blocks_count(sbi->s_es))) { ++ ext4_error(sb, "Invalid block bitmap block %llu in " ++ "block_group %u", bitmap_blk, block_group); ++ return ERR_PTR(-EFSCORRUPTED); ++ } + bh = sb_getblk(sb, bitmap_blk); + if (unlikely(!bh)) { + ext4_error(sb, "Cannot get buffer for block bitmap - " +--- a/fs/ext4/ialloc.c ++++ b/fs/ext4/ialloc.c +@@ -119,6 +119,7 @@ static struct buffer_head * + ext4_read_inode_bitmap(struct super_block *sb, ext4_group_t block_group) + { + struct ext4_group_desc *desc; ++ struct ext4_sb_info *sbi = EXT4_SB(sb); + struct buffer_head *bh = NULL; + ext4_fsblk_t bitmap_blk; + int err; +@@ -128,6 +129,12 @@ ext4_read_inode_bitmap(struct super_bloc + return ERR_PTR(-EFSCORRUPTED); + + bitmap_blk = ext4_inode_bitmap(sb, desc); ++ if ((bitmap_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) || ++ (bitmap_blk >= ext4_blocks_count(sbi->s_es))) { ++ ext4_error(sb, "Invalid inode bitmap blk %llu in " ++ "block_group %u", bitmap_blk, block_group); ++ return ERR_PTR(-EFSCORRUPTED); ++ } + bh = sb_getblk(sb, bitmap_blk); + if (unlikely(!bh)) { + ext4_error(sb, "Cannot read inode bitmap - " diff --git a/queue-4.9/ext4-don-t-allow-r-w-mounts-if-metadata-blocks-overlap-the-superblock.patch b/queue-4.9/ext4-don-t-allow-r-w-mounts-if-metadata-blocks-overlap-the-superblock.patch new file mode 100644 index 00000000000..ebc81a56d8d --- /dev/null +++ b/queue-4.9/ext4-don-t-allow-r-w-mounts-if-metadata-blocks-overlap-the-superblock.patch @@ -0,0 +1,51 @@ +From 18db4b4e6fc31eda838dd1c1296d67dbcb3dc957 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Thu, 29 Mar 2018 22:10:35 -0400 +Subject: ext4: don't allow r/w mounts if metadata blocks overlap the superblock + +From: Theodore Ts'o + +commit 18db4b4e6fc31eda838dd1c1296d67dbcb3dc957 upstream. + +If some metadata block, such as an allocation bitmap, overlaps the +superblock, it's very likely that if the file system is mounted +read/write, the results will not be pretty. So disallow r/w mounts +for file systems corrupted in this particular way. + +Signed-off-by: Theodore Ts'o +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/super.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -2260,6 +2260,8 @@ static int ext4_check_descriptors(struct + ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " + "Block bitmap for group %u overlaps " + "superblock", i); ++ if (!sb_rdonly(sb)) ++ return 0; + } + if (block_bitmap < first_block || block_bitmap > last_block) { + ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " +@@ -2272,6 +2274,8 @@ static int ext4_check_descriptors(struct + ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " + "Inode bitmap for group %u overlaps " + "superblock", i); ++ if (!sb_rdonly(sb)) ++ return 0; + } + if (inode_bitmap < first_block || inode_bitmap > last_block) { + ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " +@@ -2284,6 +2288,8 @@ static int ext4_check_descriptors(struct + ext4_msg(sb, KERN_ERR, "ext4_check_descriptors: " + "Inode table for group %u overlaps " + "superblock", i); ++ if (!sb_rdonly(sb)) ++ return 0; + } + if (inode_table < first_block || + inode_table + sbi->s_itb_per_group - 1 > last_block) { diff --git a/queue-4.9/ext4-don-t-update-checksum-of-new-initialized-bitmaps.patch b/queue-4.9/ext4-don-t-update-checksum-of-new-initialized-bitmaps.patch new file mode 100644 index 00000000000..f660b1eb006 --- /dev/null +++ b/queue-4.9/ext4-don-t-update-checksum-of-new-initialized-bitmaps.patch @@ -0,0 +1,115 @@ +From 044e6e3d74a3d7103a0c8a9305dfd94d64000660 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Mon, 19 Feb 2018 14:16:47 -0500 +Subject: ext4: don't update checksum of new initialized bitmaps + +From: Theodore Ts'o + +commit 044e6e3d74a3d7103a0c8a9305dfd94d64000660 upstream. + +When reading the inode or block allocation bitmap, if the bitmap needs +to be initialized, do not update the checksum in the block group +descriptor. That's because we're not set up to journal those changes. +Instead, just set the verified bit on the bitmap block, so that it's +not necessary to validate the checksum. + +When a block or inode allocation actually happens, at that point the +checksum will be calculated, and update of the bg descriptor block +will be properly journalled. + +Signed-off-by: Theodore Ts'o +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/balloc.c | 3 +-- + fs/ext4/ialloc.c | 47 +++-------------------------------------------- + 2 files changed, 4 insertions(+), 46 deletions(-) + +--- a/fs/ext4/balloc.c ++++ b/fs/ext4/balloc.c +@@ -242,8 +242,6 @@ static int ext4_init_block_bitmap(struct + */ + ext4_mark_bitmap_end(num_clusters_in_group(sb, block_group), + sb->s_blocksize * 8, bh->b_data); +- ext4_block_bitmap_csum_set(sb, block_group, gdp, bh); +- ext4_group_desc_csum_set(sb, block_group, gdp); + return 0; + } + +@@ -447,6 +445,7 @@ ext4_read_block_bitmap_nowait(struct sup + err = ext4_init_block_bitmap(sb, bh, block_group, desc); + set_bitmap_uptodate(bh); + set_buffer_uptodate(bh); ++ set_buffer_verified(bh); + ext4_unlock_group(sb, block_group); + unlock_buffer(bh); + if (err) { +--- a/fs/ext4/ialloc.c ++++ b/fs/ext4/ialloc.c +@@ -63,44 +63,6 @@ void ext4_mark_bitmap_end(int start_bit, + memset(bitmap + (i >> 3), 0xff, (end_bit - i) >> 3); + } + +-/* Initializes an uninitialized inode bitmap */ +-static int ext4_init_inode_bitmap(struct super_block *sb, +- struct buffer_head *bh, +- ext4_group_t block_group, +- struct ext4_group_desc *gdp) +-{ +- struct ext4_group_info *grp; +- struct ext4_sb_info *sbi = EXT4_SB(sb); +- J_ASSERT_BH(bh, buffer_locked(bh)); +- +- /* If checksum is bad mark all blocks and inodes use to prevent +- * allocation, essentially implementing a per-group read-only flag. */ +- if (!ext4_group_desc_csum_verify(sb, block_group, gdp)) { +- grp = ext4_get_group_info(sb, block_group); +- if (!EXT4_MB_GRP_BBITMAP_CORRUPT(grp)) +- percpu_counter_sub(&sbi->s_freeclusters_counter, +- grp->bb_free); +- set_bit(EXT4_GROUP_INFO_BBITMAP_CORRUPT_BIT, &grp->bb_state); +- if (!EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) { +- int count; +- count = ext4_free_inodes_count(sb, gdp); +- percpu_counter_sub(&sbi->s_freeinodes_counter, +- count); +- } +- set_bit(EXT4_GROUP_INFO_IBITMAP_CORRUPT_BIT, &grp->bb_state); +- return -EFSBADCRC; +- } +- +- memset(bh->b_data, 0, (EXT4_INODES_PER_GROUP(sb) + 7) / 8); +- ext4_mark_bitmap_end(EXT4_INODES_PER_GROUP(sb), sb->s_blocksize * 8, +- bh->b_data); +- ext4_inode_bitmap_csum_set(sb, block_group, gdp, bh, +- EXT4_INODES_PER_GROUP(sb) / 8); +- ext4_group_desc_csum_set(sb, block_group, gdp); +- +- return 0; +-} +- + void ext4_end_bitmap_read(struct buffer_head *bh, int uptodate) + { + if (uptodate) { +@@ -184,17 +146,14 @@ ext4_read_inode_bitmap(struct super_bloc + + ext4_lock_group(sb, block_group); + if (desc->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT)) { +- err = ext4_init_inode_bitmap(sb, bh, block_group, desc); ++ memset(bh->b_data, 0, (EXT4_INODES_PER_GROUP(sb) + 7) / 8); ++ ext4_mark_bitmap_end(EXT4_INODES_PER_GROUP(sb), ++ sb->s_blocksize * 8, bh->b_data); + set_bitmap_uptodate(bh); + set_buffer_uptodate(bh); + set_buffer_verified(bh); + ext4_unlock_group(sb, block_group); + unlock_buffer(bh); +- if (err) { +- ext4_error(sb, "Failed to init inode bitmap for group " +- "%u: %d", block_group, err); +- goto out; +- } + return bh; + } + ext4_unlock_group(sb, block_group); diff --git a/queue-4.9/ext4-fail-ext4_iget-for-root-directory-if-unallocated.patch b/queue-4.9/ext4-fail-ext4_iget-for-root-directory-if-unallocated.patch new file mode 100644 index 00000000000..139fc6f28d1 --- /dev/null +++ b/queue-4.9/ext4-fail-ext4_iget-for-root-directory-if-unallocated.patch @@ -0,0 +1,45 @@ +From 8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Thu, 29 Mar 2018 21:56:09 -0400 +Subject: ext4: fail ext4_iget for root directory if unallocated + +From: Theodore Ts'o + +commit 8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44 upstream. + +If the root directory has an i_links_count of zero, then when the file +system is mounted, then when ext4_fill_super() notices the problem and +tries to call iput() the root directory in the error return path, +ext4_evict_inode() will try to free the inode on disk, before all of +the file system structures are set up, and this will result in an OOPS +caused by a NULL pointer dereference. + +This issue has been assigned CVE-2018-1092. + +https://bugzilla.kernel.org/show_bug.cgi?id=199179 +https://bugzilla.redhat.com/show_bug.cgi?id=1560777 + +Reported-by: Wen Xu +Signed-off-by: Theodore Ts'o +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/inode.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -4493,6 +4493,12 @@ struct inode *ext4_iget(struct super_blo + goto bad_inode; + raw_inode = ext4_raw_inode(&iloc); + ++ if ((ino == EXT4_ROOT_INO) && (raw_inode->i_links_count == 0)) { ++ EXT4_ERROR_INODE(inode, "root inode unallocated"); ++ ret = -EFSCORRUPTED; ++ goto bad_inode; ++ } ++ + if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE) { + ei->i_extra_isize = le16_to_cpu(raw_inode->i_extra_isize); + if (EXT4_GOOD_OLD_INODE_SIZE + ei->i_extra_isize > diff --git a/queue-4.9/ext4-force-revalidation-of-directory-pointer-after-seekdir-2.patch b/queue-4.9/ext4-force-revalidation-of-directory-pointer-after-seekdir-2.patch new file mode 100644 index 00000000000..ad8ad8d35cb --- /dev/null +++ b/queue-4.9/ext4-force-revalidation-of-directory-pointer-after-seekdir-2.patch @@ -0,0 +1,44 @@ +From e40ff213898502d299351cc2fe1e350cd186f0d3 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Sun, 1 Apr 2018 23:21:03 -0400 +Subject: ext4: force revalidation of directory pointer after seekdir(2) + +From: Theodore Ts'o + +commit e40ff213898502d299351cc2fe1e350cd186f0d3 upstream. + +A malicious user could force the directory pointer to be in an invalid +spot by using seekdir(2). Use the mechanism we already have to notice +if the directory has changed since the last time we called +ext4_readdir() to force a revalidation of the pointer. + +Reported-by: syzbot+1236ce66f79263e8a862@syzkaller.appspotmail.com +Signed-off-by: Theodore Ts'o +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/dir.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/fs/ext4/dir.c ++++ b/fs/ext4/dir.c +@@ -363,13 +363,15 @@ static loff_t ext4_dir_llseek(struct fil + { + struct inode *inode = file->f_mapping->host; + int dx_dir = is_dx_dir(inode); +- loff_t htree_max = ext4_get_htree_eof(file); ++ loff_t ret, htree_max = ext4_get_htree_eof(file); + + if (likely(dx_dir)) +- return generic_file_llseek_size(file, offset, whence, ++ ret = generic_file_llseek_size(file, offset, whence, + htree_max, htree_max); + else +- return ext4_llseek(file, offset, whence); ++ ret = ext4_llseek(file, offset, whence); ++ file->f_version = inode_peek_iversion(inode) - 1; ++ return ret; + } + + /* diff --git a/queue-4.9/ext4-protect-i_disksize-update-by-i_data_sem-in-direct-write-path.patch b/queue-4.9/ext4-protect-i_disksize-update-by-i_data_sem-in-direct-write-path.patch new file mode 100644 index 00000000000..9c49cbd24f3 --- /dev/null +++ b/queue-4.9/ext4-protect-i_disksize-update-by-i_data_sem-in-direct-write-path.patch @@ -0,0 +1,58 @@ +From 73fdad00b208b139cf43f3163fbc0f67e4c6047c Mon Sep 17 00:00:00 2001 +From: Eryu Guan +Date: Thu, 22 Mar 2018 11:41:25 -0400 +Subject: ext4: protect i_disksize update by i_data_sem in direct write path + +From: Eryu Guan + +commit 73fdad00b208b139cf43f3163fbc0f67e4c6047c upstream. + +i_disksize update should be protected by i_data_sem, by either taking +the lock explicitly or by using ext4_update_i_disksize() helper. But the +i_disksize updates in ext4_direct_IO_write() are not protected at all, +which may be racing with i_disksize updates in writeback path in +delalloc buffer write path. + +This is found by code inspection, and I didn't hit any i_disksize +corruption due to this bug. Thanks to Jan Kara for catching this bug and +suggesting the fix! + +Reported-by: Jan Kara +Suggested-by: Jan Kara +Signed-off-by: Eryu Guan +Signed-off-by: Theodore Ts'o +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/inode.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -3396,7 +3396,6 @@ static ssize_t ext4_direct_IO_write(stru + { + struct file *file = iocb->ki_filp; + struct inode *inode = file->f_mapping->host; +- struct ext4_inode_info *ei = EXT4_I(inode); + ssize_t ret; + loff_t offset = iocb->ki_pos; + size_t count = iov_iter_count(iter); +@@ -3420,7 +3419,7 @@ static ssize_t ext4_direct_IO_write(stru + goto out; + } + orphan = 1; +- ei->i_disksize = inode->i_size; ++ ext4_update_i_disksize(inode, inode->i_size); + ext4_journal_stop(handle); + } + +@@ -3548,7 +3547,7 @@ static ssize_t ext4_direct_IO_write(stru + if (ret > 0) { + loff_t end = offset + ret; + if (end > inode->i_size) { +- ei->i_disksize = end; ++ ext4_update_i_disksize(inode, end); + i_size_write(inode, end); + /* + * We're going to return a positive `ret' diff --git a/queue-4.9/hid-core-fix-size-as-type-u32.patch b/queue-4.9/hid-core-fix-size-as-type-u32.patch new file mode 100644 index 00000000000..6b876da6d9b --- /dev/null +++ b/queue-4.9/hid-core-fix-size-as-type-u32.patch @@ -0,0 +1,98 @@ +From 6de0b13cc0b4ba10e98a9263d7a83b940720b77a Mon Sep 17 00:00:00 2001 +From: Aaron Ma +Date: Mon, 8 Jan 2018 10:41:41 +0800 +Subject: HID: core: Fix size as type u32 + +From: Aaron Ma + +commit 6de0b13cc0b4ba10e98a9263d7a83b940720b77a upstream. + +When size is negative, calling memset will make segment fault. +Declare the size as type u32 to keep memset safe. + +size in struct hid_report is unsigned, fix return type of +hid_report_len to u32. + +Cc: stable@vger.kernel.org +Signed-off-by: Aaron Ma +Signed-off-by: Jiri Kosina +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/hid/hid-core.c | 10 +++++----- + include/linux/hid.h | 6 +++--- + 2 files changed, 8 insertions(+), 8 deletions(-) + +--- a/drivers/hid/hid-core.c ++++ b/drivers/hid/hid-core.c +@@ -1370,7 +1370,7 @@ u8 *hid_alloc_report_buf(struct hid_repo + * of implement() working on 8 byte chunks + */ + +- int len = hid_report_len(report) + 7; ++ u32 len = hid_report_len(report) + 7; + + return kmalloc(len, flags); + } +@@ -1435,7 +1435,7 @@ void __hid_request(struct hid_device *hi + { + char *buf; + int ret; +- int len; ++ u32 len; + + buf = hid_alloc_report_buf(report, GFP_KERNEL); + if (!buf) +@@ -1461,14 +1461,14 @@ out: + } + EXPORT_SYMBOL_GPL(__hid_request); + +-int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, int size, ++int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, u32 size, + int interrupt) + { + struct hid_report_enum *report_enum = hid->report_enum + type; + struct hid_report *report; + struct hid_driver *hdrv; + unsigned int a; +- int rsize, csize = size; ++ u32 rsize, csize = size; + u8 *cdata = data; + int ret = 0; + +@@ -1526,7 +1526,7 @@ EXPORT_SYMBOL_GPL(hid_report_raw_event); + * + * This is data entry for lower layers. + */ +-int hid_input_report(struct hid_device *hid, int type, u8 *data, int size, int interrupt) ++int hid_input_report(struct hid_device *hid, int type, u8 *data, u32 size, int interrupt) + { + struct hid_report_enum *report_enum; + struct hid_driver *hdrv; +--- a/include/linux/hid.h ++++ b/include/linux/hid.h +@@ -801,7 +801,7 @@ extern int hidinput_connect(struct hid_d + extern void hidinput_disconnect(struct hid_device *); + + int hid_set_field(struct hid_field *, unsigned, __s32); +-int hid_input_report(struct hid_device *, int type, u8 *, int, int); ++int hid_input_report(struct hid_device *, int type, u8 *, u32, int); + int hidinput_find_field(struct hid_device *hid, unsigned int type, unsigned int code, struct hid_field **field); + struct hid_field *hidinput_get_led_field(struct hid_device *hid); + unsigned int hidinput_count_leds(struct hid_device *hid); +@@ -1106,13 +1106,13 @@ static inline void hid_hw_wait(struct hi + * + * @report: the report we want to know the length + */ +-static inline int hid_report_len(struct hid_report *report) ++static inline u32 hid_report_len(struct hid_report *report) + { + /* equivalent to DIV_ROUND_UP(report->size, 8) + !!(report->id > 0) */ + return ((report->size - 1) >> 3) + 1 + (report->id > 0); + } + +-int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, int size, ++int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, u32 size, + int interrupt); + + /* HID quirks API */ diff --git a/queue-4.9/hid-fix-hid_report_len-usage.patch b/queue-4.9/hid-fix-hid_report_len-usage.patch new file mode 100644 index 00000000000..70412023ba9 --- /dev/null +++ b/queue-4.9/hid-fix-hid_report_len-usage.patch @@ -0,0 +1,82 @@ +From 3064a03b94e60388f0955fcc29f3e8a978d28f75 Mon Sep 17 00:00:00 2001 +From: Aaron Ma +Date: Sat, 3 Feb 2018 23:57:15 +0800 +Subject: HID: Fix hid_report_len usage + +From: Aaron Ma + +commit 3064a03b94e60388f0955fcc29f3e8a978d28f75 upstream. + +Follow the change of return type u32 of hid_report_len, +fix all the types of variables those get the return value of +hid_report_len to u32, and all other code already uses u32. + +Cc: stable@vger.kernel.org +Signed-off-by: Aaron Ma +Signed-off-by: Jiri Kosina +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/hid/hid-input.c | 3 ++- + drivers/hid/hid-multitouch.c | 5 +++-- + drivers/hid/hid-rmi.c | 4 ++-- + drivers/hid/wacom_sys.c | 2 +- + 4 files changed, 8 insertions(+), 6 deletions(-) + +--- a/drivers/hid/hid-input.c ++++ b/drivers/hid/hid-input.c +@@ -1279,7 +1279,8 @@ static void hidinput_led_worker(struct w + led_work); + struct hid_field *field; + struct hid_report *report; +- int len, ret; ++ int ret; ++ u32 len; + __u8 *buf; + + field = hidinput_get_led_field(hid); +--- a/drivers/hid/hid-multitouch.c ++++ b/drivers/hid/hid-multitouch.c +@@ -315,7 +315,8 @@ static struct attribute_group mt_attribu + static void mt_get_feature(struct hid_device *hdev, struct hid_report *report) + { + struct mt_device *td = hid_get_drvdata(hdev); +- int ret, size = hid_report_len(report); ++ int ret; ++ u32 size = hid_report_len(report); + u8 *buf; + + /* +@@ -919,7 +920,7 @@ static void mt_set_input_mode(struct hid + struct hid_report_enum *re; + struct mt_class *cls = &td->mtclass; + char *buf; +- int report_len; ++ u32 report_len; + + if (td->inputmode < 0) + return; +--- a/drivers/hid/hid-rmi.c ++++ b/drivers/hid/hid-rmi.c +@@ -110,8 +110,8 @@ struct rmi_data { + u8 *writeReport; + u8 *readReport; + +- int input_report_size; +- int output_report_size; ++ u32 input_report_size; ++ u32 output_report_size; + + unsigned long flags; + +--- a/drivers/hid/wacom_sys.c ++++ b/drivers/hid/wacom_sys.c +@@ -351,7 +351,7 @@ static int wacom_set_device_mode(struct + u8 *rep_data; + struct hid_report *r; + struct hid_report_enum *re; +- int length; ++ u32 length; + int error = -ENOMEM, limit = 0; + + if (wacom_wac->mode_report < 0) diff --git a/queue-4.9/irqchip-gic-take-lock-when-updating-irq-type.patch b/queue-4.9/irqchip-gic-take-lock-when-updating-irq-type.patch new file mode 100644 index 00000000000..354e587214b --- /dev/null +++ b/queue-4.9/irqchip-gic-take-lock-when-updating-irq-type.patch @@ -0,0 +1,77 @@ +From aa08192a254d362a4d5317647a81de6996961aef Mon Sep 17 00:00:00 2001 +From: Aniruddha Banerjee +Date: Wed, 28 Mar 2018 19:12:00 +0530 +Subject: irqchip/gic: Take lock when updating irq type + +From: Aniruddha Banerjee + +commit aa08192a254d362a4d5317647a81de6996961aef upstream. + +Most MMIO GIC register accesses use a 1-hot bit scheme that +avoids requiring any form of locking. This isn't true for the +GICD_ICFGRn registers, which require a RMW sequence. + +Unfortunately, we seem to be missing a lock for these particular +accesses, which could result in a race condition if changing the +trigger type on any two interrupts within the same set of 16 +interrupts (and thus controlled by the same CFGR register). + +Introduce a private lock in the GIC common comde for this +particular case, making it cover both GIC implementations +in one go. + +Cc: stable@vger.kernel.org +Signed-off-by: Aniruddha Banerjee +[maz: updated changelog] +Signed-off-by: Marc Zyngier +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/irqchip/irq-gic-common.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/drivers/irqchip/irq-gic-common.c ++++ b/drivers/irqchip/irq-gic-common.c +@@ -21,6 +21,8 @@ + + #include "irq-gic-common.h" + ++static DEFINE_RAW_SPINLOCK(irq_controller_lock); ++ + static const struct gic_kvm_info *gic_kvm_info; + + const struct gic_kvm_info *gic_get_kvm_info(void) +@@ -52,11 +54,13 @@ int gic_configure_irq(unsigned int irq, + u32 confoff = (irq / 16) * 4; + u32 val, oldval; + int ret = 0; ++ unsigned long flags; + + /* + * Read current configuration register, and insert the config + * for "irq", depending on "type". + */ ++ raw_spin_lock_irqsave(&irq_controller_lock, flags); + val = oldval = readl_relaxed(base + GIC_DIST_CONFIG + confoff); + if (type & IRQ_TYPE_LEVEL_MASK) + val &= ~confmask; +@@ -64,8 +68,10 @@ int gic_configure_irq(unsigned int irq, + val |= confmask; + + /* If the current configuration is the same, then we are done */ +- if (val == oldval) ++ if (val == oldval) { ++ raw_spin_unlock_irqrestore(&irq_controller_lock, flags); + return 0; ++ } + + /* + * Write back the new configuration, and possibly re-enable +@@ -83,6 +89,7 @@ int gic_configure_irq(unsigned int irq, + pr_warn("GIC: PPI%d is secure or misconfigured\n", + irq - 16); + } ++ raw_spin_unlock_irqrestore(&irq_controller_lock, flags); + + if (sync_access) + sync_access(); diff --git a/queue-4.9/jbd2-if-the-journal-is-aborted-then-don-t-allow-update-of-the-log-tail.patch b/queue-4.9/jbd2-if-the-journal-is-aborted-then-don-t-allow-update-of-the-log-tail.patch new file mode 100644 index 00000000000..639a97a18f6 --- /dev/null +++ b/queue-4.9/jbd2-if-the-journal-is-aborted-then-don-t-allow-update-of-the-log-tail.patch @@ -0,0 +1,41 @@ +From 85e0c4e89c1b864e763c4e3bb15d0b6d501ad5d9 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Mon, 19 Feb 2018 12:22:53 -0500 +Subject: jbd2: if the journal is aborted then don't allow update of the log tail + +From: Theodore Ts'o + +commit 85e0c4e89c1b864e763c4e3bb15d0b6d501ad5d9 upstream. + +This updates the jbd2 superblock unnecessarily, and on an abort we +shouldn't truncate the log. + +Signed-off-by: Theodore Ts'o +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + fs/jbd2/journal.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/fs/jbd2/journal.c ++++ b/fs/jbd2/journal.c +@@ -951,7 +951,7 @@ out: + } + + /* +- * This is a variaon of __jbd2_update_log_tail which checks for validity of ++ * This is a variation of __jbd2_update_log_tail which checks for validity of + * provided log tail and locks j_checkpoint_mutex. So it is safe against races + * with other threads updating log tail. + */ +@@ -1394,6 +1394,9 @@ int jbd2_journal_update_sb_log_tail(jour + journal_superblock_t *sb = journal->j_superblock; + int ret; + ++ if (is_journal_aborted(journal)) ++ return -EIO; ++ + BUG_ON(!mutex_is_locked(&journal->j_checkpoint_mutex)); + jbd_debug(1, "JBD2: updating superblock (start %lu, seq %u)\n", + tail_block, tail_tid); diff --git a/queue-4.9/powerpc-64-fix-smp_wmb-barrier-definition-use-use-lwsync-consistently.patch b/queue-4.9/powerpc-64-fix-smp_wmb-barrier-definition-use-use-lwsync-consistently.patch new file mode 100644 index 00000000000..cc7d7bb67c6 --- /dev/null +++ b/queue-4.9/powerpc-64-fix-smp_wmb-barrier-definition-use-use-lwsync-consistently.patch @@ -0,0 +1,53 @@ +From 0bfdf598900fd62869659f360d3387ed80eb71cf Mon Sep 17 00:00:00 2001 +From: Nicholas Piggin +Date: Thu, 22 Mar 2018 20:41:46 +1000 +Subject: powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently + +From: Nicholas Piggin + +commit 0bfdf598900fd62869659f360d3387ed80eb71cf upstream. + +asm/barrier.h is not always included after asm/synch.h, which meant +it was missing __SUBARCH_HAS_LWSYNC, so in some files smp_wmb() would +be eieio when it should be lwsync. kernel/time/hrtimer.c is one case. + +__SUBARCH_HAS_LWSYNC is only used in one place, so just fold it in +to where it's used. Previously with my small simulator config, 377 +instances of eieio in the tree. After this patch there are 55. + +Fixes: 46d075be585e ("powerpc: Optimise smp_wmb") +Cc: stable@vger.kernel.org # v2.6.29+ +Signed-off-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/include/asm/barrier.h | 3 ++- + arch/powerpc/include/asm/synch.h | 4 ---- + 2 files changed, 2 insertions(+), 5 deletions(-) + +--- a/arch/powerpc/include/asm/barrier.h ++++ b/arch/powerpc/include/asm/barrier.h +@@ -34,7 +34,8 @@ + #define rmb() __asm__ __volatile__ ("sync" : : : "memory") + #define wmb() __asm__ __volatile__ ("sync" : : : "memory") + +-#ifdef __SUBARCH_HAS_LWSYNC ++/* The sub-arch has lwsync */ ++#if defined(__powerpc64__) || defined(CONFIG_PPC_E500MC) + # define SMPWMB LWSYNC + #else + # define SMPWMB eieio +--- a/arch/powerpc/include/asm/synch.h ++++ b/arch/powerpc/include/asm/synch.h +@@ -5,10 +5,6 @@ + #include + #include + +-#if defined(__powerpc64__) || defined(CONFIG_PPC_E500MC) +-#define __SUBARCH_HAS_LWSYNC +-#endif +- + #ifndef __ASSEMBLY__ + extern unsigned int __start___lwsync_fixup, __stop___lwsync_fixup; + extern void do_lwsync_fixups(unsigned long value, void *fixup_start, diff --git a/queue-4.9/powerpc-powernv-fix-opal-nvram-driver-opal_busy-loops.patch b/queue-4.9/powerpc-powernv-fix-opal-nvram-driver-opal_busy-loops.patch new file mode 100644 index 00000000000..0af35fc89bf --- /dev/null +++ b/queue-4.9/powerpc-powernv-fix-opal-nvram-driver-opal_busy-loops.patch @@ -0,0 +1,52 @@ +From 3b8070335f751aac9f1526ae2e012e6f5b8b0f21 Mon Sep 17 00:00:00 2001 +From: Nicholas Piggin +Date: Tue, 10 Apr 2018 21:49:33 +1000 +Subject: powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops + +From: Nicholas Piggin + +commit 3b8070335f751aac9f1526ae2e012e6f5b8b0f21 upstream. + +The OPAL NVRAM driver does not sleep in case it gets OPAL_BUSY or +OPAL_BUSY_EVENT from firmware, which causes large scheduling +latencies, and various lockup errors to trigger (again, BMC reboot +can cause it). + +Fix this by converting it to the standard form OPAL_BUSY loop that +sleeps. + +Fixes: 628daa8d5abf ("powerpc/powernv: Add RTC and NVRAM support plus RTAS fallbacks") +Depends-on: 34dd25de9fe3 ("powerpc/powernv: define a standard delay for OPAL_BUSY type retry loops") +Cc: stable@vger.kernel.org # v3.2+ +Signed-off-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/platforms/powernv/opal-nvram.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/arch/powerpc/platforms/powernv/opal-nvram.c ++++ b/arch/powerpc/platforms/powernv/opal-nvram.c +@@ -11,6 +11,7 @@ + + #define DEBUG + ++#include + #include + #include + #include +@@ -56,8 +57,12 @@ static ssize_t opal_nvram_write(char *bu + + while (rc == OPAL_BUSY || rc == OPAL_BUSY_EVENT) { + rc = opal_write_nvram(__pa(buf), count, off); +- if (rc == OPAL_BUSY_EVENT) ++ if (rc == OPAL_BUSY_EVENT) { ++ msleep(OPAL_BUSY_DELAY_MS); + opal_poll_events(NULL); ++ } else if (rc == OPAL_BUSY) { ++ msleep(OPAL_BUSY_DELAY_MS); ++ } + } + + if (rc) diff --git a/queue-4.9/powerpc-powernv-handle-unknown-opal-errors-in-opal_nvram_write.patch b/queue-4.9/powerpc-powernv-handle-unknown-opal-errors-in-opal_nvram_write.patch new file mode 100644 index 00000000000..41bc9a1e90e --- /dev/null +++ b/queue-4.9/powerpc-powernv-handle-unknown-opal-errors-in-opal_nvram_write.patch @@ -0,0 +1,38 @@ +From 741de617661794246f84a21a02fc5e327bffc9ad Mon Sep 17 00:00:00 2001 +From: Nicholas Piggin +Date: Tue, 27 Mar 2018 01:02:33 +1000 +Subject: powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() + +From: Nicholas Piggin + +commit 741de617661794246f84a21a02fc5e327bffc9ad upstream. + +opal_nvram_write currently just assumes success if it encounters an +error other than OPAL_BUSY or OPAL_BUSY_EVENT. Have it return -EIO +on other errors instead. + +Fixes: 628daa8d5abf ("powerpc/powernv: Add RTC and NVRAM support plus RTAS fallbacks") +Cc: stable@vger.kernel.org # v3.2+ +Signed-off-by: Nicholas Piggin +Reviewed-by: Vasant Hegde +Acked-by: Stewart Smith +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/platforms/powernv/opal-nvram.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/powerpc/platforms/powernv/opal-nvram.c ++++ b/arch/powerpc/platforms/powernv/opal-nvram.c +@@ -59,6 +59,10 @@ static ssize_t opal_nvram_write(char *bu + if (rc == OPAL_BUSY_EVENT) + opal_poll_events(NULL); + } ++ ++ if (rc) ++ return -EIO; ++ + *index += count; + return count; + } diff --git a/queue-4.9/random-use-a-tighter-cap-in-credit_entropy_bits_safe.patch b/queue-4.9/random-use-a-tighter-cap-in-credit_entropy_bits_safe.patch new file mode 100644 index 00000000000..6e798667c70 --- /dev/null +++ b/queue-4.9/random-use-a-tighter-cap-in-credit_entropy_bits_safe.patch @@ -0,0 +1,38 @@ +From 9f886f4d1d292442b2f22a0a33321eae821bde40 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o +Date: Sat, 25 Feb 2017 18:21:33 -0400 +Subject: random: use a tighter cap in credit_entropy_bits_safe() + +From: Theodore Ts'o + +commit 9f886f4d1d292442b2f22a0a33321eae821bde40 upstream. + +This fixes a harmless UBSAN where root could potentially end up +causing an overflow while bumping the entropy_total field (which is +ignored once the entropy pool has been initialized, and this generally +is completed during the boot sequence). + +This is marginal for the stable kernel series, but it's a really +trivial patch, and it fixes UBSAN warning that might cause security +folks to get overly excited for no reason. + +Signed-off-by: Theodore Ts'o +Reported-by: Chen Feng +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/random.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -741,7 +741,7 @@ retry: + + static int credit_entropy_bits_safe(struct entropy_store *r, int nbits) + { +- const int nbits_max = (int)(~0U >> (ENTROPY_SHIFT + 1)); ++ const int nbits_max = r->poolinfo->poolwords * 32; + + if (nbits < 0) + return -EINVAL; diff --git a/queue-4.9/series b/queue-4.9/series index 1ec22ed7500..b7a32931e94 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -22,3 +22,19 @@ usb-fix-usb3-devices-behind-usb3-hubs-not-resuming-at-hibernate-thaw.patch usb-dwc3-pci-properly-cleanup-resource.patch smb3-fix-root-directory-when-server-returns-inode-number-of-zero.patch hid-i2c-hid-fix-size-check-and-type-usage.patch +powerpc-powernv-handle-unknown-opal-errors-in-opal_nvram_write.patch +powerpc-64-fix-smp_wmb-barrier-definition-use-use-lwsync-consistently.patch +powerpc-powernv-fix-opal-nvram-driver-opal_busy-loops.patch +hid-fix-hid_report_len-usage.patch +hid-core-fix-size-as-type-u32.patch +asoc-ssm2602-replace-reg_default_raw-with-reg_default.patch +thunderbolt-resume-control-channel-after-hibernation-image-is-created.patch +irqchip-gic-take-lock-when-updating-irq-type.patch +random-use-a-tighter-cap-in-credit_entropy_bits_safe.patch +jbd2-if-the-journal-is-aborted-then-don-t-allow-update-of-the-log-tail.patch +ext4-don-t-update-checksum-of-new-initialized-bitmaps.patch +ext4-protect-i_disksize-update-by-i_data_sem-in-direct-write-path.patch +ext4-add-validity-checks-for-bitmap-block-numbers.patch +ext4-fail-ext4_iget-for-root-directory-if-unallocated.patch +ext4-don-t-allow-r-w-mounts-if-metadata-blocks-overlap-the-superblock.patch +ext4-force-revalidation-of-directory-pointer-after-seekdir-2.patch diff --git a/queue-4.9/thunderbolt-resume-control-channel-after-hibernation-image-is-created.patch b/queue-4.9/thunderbolt-resume-control-channel-after-hibernation-image-is-created.patch new file mode 100644 index 00000000000..4da561e6855 --- /dev/null +++ b/queue-4.9/thunderbolt-resume-control-channel-after-hibernation-image-is-created.patch @@ -0,0 +1,38 @@ +From f2a659f7d8d5da803836583aa16df06bdf324252 Mon Sep 17 00:00:00 2001 +From: Mika Westerberg +Date: Tue, 19 Dec 2017 12:44:56 +0300 +Subject: thunderbolt: Resume control channel after hibernation image is created + +From: Mika Westerberg + +commit f2a659f7d8d5da803836583aa16df06bdf324252 upstream. + +The driver misses implementation of PM hook that undoes what +->freeze_noirq() does after the hibernation image is created. This means +the control channel is not resumed properly and the Thunderbolt bus +becomes useless in later stages of hibernation (when the image is stored +or if the operation fails). + +Fix this by pointing ->thaw_noirq to driver nhi_resume_noirq(). This +makes sure the control channel is resumed properly. + +Fixes: 23dd5bb49d98 ("thunderbolt: Add suspend/hibernate support") +Signed-off-by: Mika Westerberg +Reviewed-by: Andy Shevchenko +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/thunderbolt/nhi.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/thunderbolt/nhi.c ++++ b/drivers/thunderbolt/nhi.c +@@ -628,6 +628,7 @@ static const struct dev_pm_ops nhi_pm_op + * we just disable hotplug, the + * pci-tunnels stay alive. + */ ++ .thaw_noirq = nhi_resume_noirq, + .restore_noirq = nhi_resume_noirq, + }; +