From: Greg Kroah-Hartman Date: Sat, 9 Dec 2017 17:10:56 +0000 (+0100) Subject: 4.9-stable patches X-Git-Tag: v3.18.87~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=60bc58199c0288629c119915dc6f08e813d5ea37;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: xen-netfront-avoid-crashing-on-resume-after-a-failure-in-talk_to_netback.patch --- diff --git a/queue-4.9/dmaengine-stm32-dma-fix-null-pointer-dereference-in-stm32_dma_tx_status.patch b/queue-4.9/dmaengine-stm32-dma-fix-null-pointer-dereference-in-stm32_dma_tx_status.patch index e7a8c283714..3f0ffee2bc1 100644 --- a/queue-4.9/dmaengine-stm32-dma-fix-null-pointer-dereference-in-stm32_dma_tx_status.patch +++ b/queue-4.9/dmaengine-stm32-dma-fix-null-pointer-dereference-in-stm32_dma_tx_status.patch @@ -18,6 +18,8 @@ Reviewed-by: Ludovic BARRE Signed-off-by: Vinod Koul Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman +Acked-by: Pierre-Yves MORDRET + --- drivers/dma/stm32-dma.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/queue-4.9/series b/queue-4.9/series index df2b2a918cc..3ab8afce431 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -19,8 +19,6 @@ staging-rtl8188eu-avoid-a-null-dereference-on-pmlmepriv.patch spi-sh-msiof-fix-dma-transfer-size-check.patch spi-spi-axi-fix-potential-use-after-free-after-deregistration.patch mmc-sdhci-msm-fix-issue-with-power-irq.patch -usb-dwc2-fix-udc-state-tracking.patch -usb-dwc2-error-out-of-dwc2_hsotg_ep_disable-if-we-re-in-host-mode.patch usb-phy-tahvo-fix-error-handling-in-tahvo_usb_probe.patch serial-8250-preserve-dld-for-port_xr17v35x.patch x86-entry-use-syscall_define-macros-for-sys_modify_ldt.patch @@ -107,3 +105,4 @@ usb-increase-usbfs-transfer-limit.patch usb-devio-prevent-integer-overflow-in-proc_do_submiturb.patch usb-usbfs-filter-flags-passed-in-from-user-space.patch usb-host-fix-incorrect-updating-of-offset.patch +xen-netfront-avoid-crashing-on-resume-after-a-failure-in-talk_to_netback.patch diff --git a/queue-4.9/usb-dwc2-error-out-of-dwc2_hsotg_ep_disable-if-we-re-in-host-mode.patch b/queue-4.9/usb-dwc2-error-out-of-dwc2_hsotg_ep_disable-if-we-re-in-host-mode.patch deleted file mode 100644 index b0b62286e63..00000000000 --- a/queue-4.9/usb-dwc2-error-out-of-dwc2_hsotg_ep_disable-if-we-re-in-host-mode.patch +++ /dev/null @@ -1,109 +0,0 @@ -From foo@baz Wed Dec 6 17:39:55 CET 2017 -From: John Stultz -Date: Mon, 23 Oct 2017 14:32:49 -0700 -Subject: usb: dwc2: Error out of dwc2_hsotg_ep_disable() if we're in host mode - -From: John Stultz - - -[ Upstream commit 9b481092c2a31a6b630aff9c28f0145bf6683787 ] - -We've found that while in host mode, using Android, if one runs -the command: - stop adbd - -The existing usb devices being utilized in host mode are disconnected. -This is most visible with usb networking devices. - -This seems to be due to adbd closing the file: - /dev/usb-ffs/adb/ep0 -Which calls ffs_ep0_release() and the following backtrace: - -[] dwc2_hsotg_ep_disable+0x148/0x150 -[] dwc2_hsotg_udc_stop+0x60/0x110 -[] usb_gadget_remove_driver+0x58/0x78 -[] usb_gadget_unregister_driver+0x74/0xe8 -[] unregister_gadget+0x28/0x58 -[] unregister_gadget_item+0x2c/0x40 -[] ffs_data_clear+0xe8/0xf8 -[] ffs_data_reset+0x20/0x58 -[] ffs_data_closed+0x98/0xe8 -[] ffs_ep0_release+0x20/0x30 - -Then when dwc2_hsotg_ep_disable() is called, we call -kill_all_requests() which causes a bunch of the following -messages: - -dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode -dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode -dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode -dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode -dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode -dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode -dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode -dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode -init: Service 'adbd' (pid 1915) killed by signal 9 -init: Sending signal 9 to service 'adbd' (pid 1915) process group... -init: Successfully killed process cgroup uid 0 pid 1915 in 0ms -init: processing action (init.svc.adbd=stopped) from (/init.usb.configfs.rc:15) -dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 8 - ChHltd set, but reason is unknown -dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029 -dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 12 - ChHltd set, but reason is unknown -dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029 -dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 15 - ChHltd set, but reason is unknown -dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029 -dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 3 - ChHltd set, but reason is unknown -dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029 -dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 4 - ChHltd set, but reason is unknown -dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029 -dwc2 f72c0000.usb: dwc2_update_urb_state_abn(): trimming xfer length - -And the usb devices connected are basically hung at this point. - -It seems like if we're in host mode, we probably shouldn't run -the dwc2_hostg_ep_disable logic, so this patch returns an error -in that case. - -With this patch (along with the previous patch in this set), we avoid -the mismatched interrupts and connected usb devices continue to function. - -I'm not sure if some other solution would be better here, but this seems -to work, so I wanted to send it out for input on what the right approach -should be. - -Cc: Wei Xu -Cc: Guodong Xu -Cc: Amit Pundir -Cc: YongQin Liu -Cc: John Youn -Cc: Minas Harutyunyan -Cc: Douglas Anderson -Cc: Chen Yu -Cc: Felipe Balbi -Cc: Greg Kroah-Hartman -Cc: linux-usb@vger.kernel.org -Acked-by: Minas Harutyunyan -Tested-by: Minas Harutyunyan -Reported-by: YongQin Liu -Signed-off-by: John Stultz -Signed-off-by: Felipe Balbi -Signed-off-by: Sasha Levin -Signed-off-by: Greg Kroah-Hartman ---- - drivers/usb/dwc2/gadget.c | 5 +++++ - 1 file changed, 5 insertions(+) - ---- a/drivers/usb/dwc2/gadget.c -+++ b/drivers/usb/dwc2/gadget.c -@@ -3117,6 +3117,11 @@ static int dwc2_hsotg_ep_disable(struct - return -EINVAL; - } - -+ if (hsotg->op_state != OTG_STATE_B_PERIPHERAL) { -+ dev_err(hsotg->dev, "%s: called in host mode?\n", __func__); -+ return -EINVAL; -+ } -+ - epctrl_reg = dir_in ? DIEPCTL(index) : DOEPCTL(index); - - spin_lock_irqsave(&hsotg->lock, flags); diff --git a/queue-4.9/usb-dwc2-fix-udc-state-tracking.patch b/queue-4.9/usb-dwc2-fix-udc-state-tracking.patch deleted file mode 100644 index fc972edc731..00000000000 --- a/queue-4.9/usb-dwc2-fix-udc-state-tracking.patch +++ /dev/null @@ -1,55 +0,0 @@ -From foo@baz Wed Dec 6 17:39:55 CET 2017 -From: John Stultz -Date: Mon, 23 Oct 2017 14:32:50 -0700 -Subject: usb: dwc2: Fix UDC state tracking - -From: John Stultz - - -[ Upstream commit ce2b21a4e5ce042c0a42c9db8fa9e0f849427d5e ] - -It has been noticed that the dwc2 udc state reporting doesn't -seem to work (at least on HiKey boards). Where after the initial -setup, the sysfs /sys/class/udc/f72c0000.usb/state file would -report "configured" no matter the state of the OTG port. - -This patch adds a call so that we report to the UDC layer when -the gadget device is disconnected. - -This patch does depend on the previous patch ("usb: dwc2: -Improve gadget state disconnection handling") in this patch set -in order to properly work. - -Cc: Wei Xu -Cc: Guodong Xu -Cc: Amit Pundir -Cc: YongQin Liu -Cc: John Youn -Cc: Minas Harutyunyan -Cc: Douglas Anderson -Cc: Chen Yu -Cc: Felipe Balbi -Cc: Greg Kroah-Hartman -Cc: linux-usb@vger.kernel.org -Acked-by: Minas Harutyunyan -Tested-by: Minas Harutyunyan -Reported-by: Amit Pundir -Signed-off-by: John Stultz -Signed-off-by: Felipe Balbi -Signed-off-by: Sasha Levin -Signed-off-by: Greg Kroah-Hartman ---- - drivers/usb/dwc2/gadget.c | 2 ++ - 1 file changed, 2 insertions(+) - ---- a/drivers/usb/dwc2/gadget.c -+++ b/drivers/usb/dwc2/gadget.c -@@ -2467,6 +2467,8 @@ void dwc2_hsotg_disconnect(struct dwc2_h - - call_gadget(hsotg, disconnect); - hsotg->lx_state = DWC2_L3; -+ -+ usb_gadget_set_state(&hsotg->gadget, USB_STATE_NOTATTACHED); - } - - /** diff --git a/queue-4.9/xen-netfront-avoid-crashing-on-resume-after-a-failure-in-talk_to_netback.patch b/queue-4.9/xen-netfront-avoid-crashing-on-resume-after-a-failure-in-talk_to_netback.patch new file mode 100644 index 00000000000..da8a985756f --- /dev/null +++ b/queue-4.9/xen-netfront-avoid-crashing-on-resume-after-a-failure-in-talk_to_netback.patch @@ -0,0 +1,40 @@ +From d86b5672b1adb98b4cdd6fbf0224bbfb03db6e2e Mon Sep 17 00:00:00 2001 +From: Vitaly Kuznetsov +Date: Thu, 11 May 2017 13:58:06 +0200 +Subject: xen-netfront: avoid crashing on resume after a failure in talk_to_netback() + +From: Vitaly Kuznetsov + +commit d86b5672b1adb98b4cdd6fbf0224bbfb03db6e2e upstream. + +Unavoidable crashes in netfront_resume() and netback_changed() after a +previous fail in talk_to_netback() (e.g. when we fail to read MAC from +xenstore) were discovered. The failure path in talk_to_netback() does +unregister/free for netdev but we don't reset drvdata and we try accessing +it after resume. + +Fix the bug by removing the whole xen device completely with +device_unregister(), this guarantees we won't have any calls into netfront +after a failure. + +Signed-off-by: Vitaly Kuznetsov +Signed-off-by: David S. Miller +Cc: Ben Hutchings +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/xen-netfront.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/net/xen-netfront.c ++++ b/drivers/net/xen-netfront.c +@@ -1958,8 +1958,7 @@ abort_transaction_no_dev_fatal: + xennet_disconnect_backend(info); + xennet_destroy_queues(info); + out: +- unregister_netdev(info->netdev); +- xennet_free_netdev(info->netdev); ++ device_unregister(&dev->dev); + return err; + } +