From 099809bdbd90d2f351f3e09767dac7af2f5ec228 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 24 Apr 2018 14:29:50 +0200 Subject: [PATCH] 4.14-stable patches added patches: powerpc-eeh-fix-race-with-driver-un-bind.patch usb-musb-call-pm_runtime_-get-put-_sync-before-reading-vbus-registers.patch usb-musb-fix-enumeration-after-resume.patch usb-musb-fix-external-abort-in-musb_remove-on-omap2430.patch --- ...rpc-eeh-fix-race-with-driver-un-bind.patch | 251 ++++++++++++++++++ queue-4.14/series | 4 + ...-_sync-before-reading-vbus-registers.patch | 54 ++++ ...sb-musb-fix-enumeration-after-resume.patch | 48 ++++ ...nal-abort-in-musb_remove-on-omap2430.patch | 38 +++ 5 files changed, 395 insertions(+) create mode 100644 queue-4.14/powerpc-eeh-fix-race-with-driver-un-bind.patch create mode 100644 queue-4.14/usb-musb-call-pm_runtime_-get-put-_sync-before-reading-vbus-registers.patch create mode 100644 queue-4.14/usb-musb-fix-enumeration-after-resume.patch create mode 100644 queue-4.14/usb-musb-fix-external-abort-in-musb_remove-on-omap2430.patch diff --git a/queue-4.14/powerpc-eeh-fix-race-with-driver-un-bind.patch b/queue-4.14/powerpc-eeh-fix-race-with-driver-un-bind.patch new file mode 100644 index 00000000000..354bc58bc0a --- /dev/null +++ b/queue-4.14/powerpc-eeh-fix-race-with-driver-un-bind.patch @@ -0,0 +1,251 @@ +From f0295e047fcf52ccb42561fb7de6942f5201b676 Mon Sep 17 00:00:00 2001 +From: Michael Neuling +Date: Mon, 26 Mar 2018 15:17:07 +1100 +Subject: powerpc/eeh: Fix race with driver un/bind + +From: Michael Neuling + +commit f0295e047fcf52ccb42561fb7de6942f5201b676 upstream. + +The current EEH callbacks can race with a driver unbind. This can +result in a backtraces like this: + + EEH: Frozen PHB#0-PE#1fc detected + EEH: PE location: S000009, PHB location: N/A + CPU: 2 PID: 2312 Comm: kworker/u258:3 Not tainted 4.15.6-openpower1 #2 + Workqueue: nvme-wq nvme_reset_work [nvme] + Call Trace: + dump_stack+0x9c/0xd0 (unreliable) + eeh_dev_check_failure+0x420/0x470 + eeh_check_failure+0xa0/0xa4 + nvme_reset_work+0x138/0x1414 [nvme] + process_one_work+0x1ec/0x328 + worker_thread+0x2e4/0x3a8 + kthread+0x14c/0x154 + ret_from_kernel_thread+0x5c/0xc8 + nvme nvme1: Removing after probe failure status: -19 + + cpu 0x23: Vector: 300 (Data Access) at [c000000ff50f3800] + pc: c0080000089a0eb0: nvme_error_detected+0x4c/0x90 [nvme] + lr: c000000000026564: eeh_report_error+0xe0/0x110 + sp: c000000ff50f3a80 + msr: 9000000000009033 + dar: 400 + dsisr: 40000000 + current = 0xc000000ff507c000 + paca = 0xc00000000fdc9d80 softe: 0 irq_happened: 0x01 + pid = 782, comm = eehd + Linux version 4.15.6-openpower1 (smc@smc-desktop) (gcc version 6.4.0 (Buildroot 2017.11.2-00008-g4b6188e)) #2 SM P Tue Feb 27 12:33:27 PST 2018 + enter ? for help + eeh_report_error+0xe0/0x110 + eeh_pe_dev_traverse+0xc0/0xdc + eeh_handle_normal_event+0x184/0x4c4 + eeh_handle_event+0x30/0x288 + eeh_event_handler+0x124/0x170 + kthread+0x14c/0x154 + ret_from_kernel_thread+0x5c/0xc8 + +The first part is an EEH (on boot), the second half is the resulting +crash. nvme probe starts the nvme_reset_work() worker thread. This +worker thread starts touching the device which see a device error +(EEH) and hence queues up an event in the powerpc EEH worker +thread. nvme_reset_work() then continues and runs +nvme_remove_dead_ctrl_work() which results in unbinding the driver +from the device and hence releases all resources. At the same time, +the EEH worker thread starts doing the EEH .error_detected() driver +callback, which no longer works since the resources have been freed. + +This fixes the problem in the same way the generic PCIe AER code (in +drivers/pci/pcie/aer/aerdrv_core.c) does. It makes the EEH code hold +the device_lock() while performing the driver EEH callbacks and +associated code. This ensures either the callbacks are no longer +register, or if they are registered the driver will not be removed +from underneath us. + +This has been broken forever. The EEH call backs were first introduced +in 2005 (in 77bd7415610) but it's not clear if a lock was needed back +then. + +Fixes: 77bd74156101 ("[PATCH] powerpc: PCI Error Recovery: PPC64 core recovery routines") +Cc: stable@vger.kernel.org # v4.9, v4.14 +Signed-off-by: Michael Neuling +Reviewed-by: Benjamin Herrenschmidt +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/eeh_driver.c | 65 +++++++++++++++++++++++++-------------- + 1 file changed, 42 insertions(+), 23 deletions(-) + +--- a/arch/powerpc/kernel/eeh_driver.c ++++ b/arch/powerpc/kernel/eeh_driver.c +@@ -207,18 +207,18 @@ static void *eeh_report_error(void *data + + if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe)) + return NULL; ++ ++ device_lock(&dev->dev); + dev->error_state = pci_channel_io_frozen; + + driver = eeh_pcid_get(dev); +- if (!driver) return NULL; ++ if (!driver) goto out_no_dev; + + eeh_disable_irq(dev); + + if (!driver->err_handler || +- !driver->err_handler->error_detected) { +- eeh_pcid_put(dev); +- return NULL; +- } ++ !driver->err_handler->error_detected) ++ goto out; + + rc = driver->err_handler->error_detected(dev, pci_channel_io_frozen); + +@@ -227,7 +227,10 @@ static void *eeh_report_error(void *data + if (*res == PCI_ERS_RESULT_NONE) *res = rc; + + edev->in_error = true; ++out: + eeh_pcid_put(dev); ++out_no_dev: ++ device_unlock(&dev->dev); + return NULL; + } + +@@ -250,15 +253,14 @@ static void *eeh_report_mmio_enabled(voi + if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe)) + return NULL; + ++ device_lock(&dev->dev); + driver = eeh_pcid_get(dev); +- if (!driver) return NULL; ++ if (!driver) goto out_no_dev; + + if (!driver->err_handler || + !driver->err_handler->mmio_enabled || +- (edev->mode & EEH_DEV_NO_HANDLER)) { +- eeh_pcid_put(dev); +- return NULL; +- } ++ (edev->mode & EEH_DEV_NO_HANDLER)) ++ goto out; + + rc = driver->err_handler->mmio_enabled(dev); + +@@ -266,7 +268,10 @@ static void *eeh_report_mmio_enabled(voi + if (rc == PCI_ERS_RESULT_NEED_RESET) *res = rc; + if (*res == PCI_ERS_RESULT_NONE) *res = rc; + ++out: + eeh_pcid_put(dev); ++out_no_dev: ++ device_unlock(&dev->dev); + return NULL; + } + +@@ -289,20 +294,20 @@ static void *eeh_report_reset(void *data + + if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe)) + return NULL; ++ ++ device_lock(&dev->dev); + dev->error_state = pci_channel_io_normal; + + driver = eeh_pcid_get(dev); +- if (!driver) return NULL; ++ if (!driver) goto out_no_dev; + + eeh_enable_irq(dev); + + if (!driver->err_handler || + !driver->err_handler->slot_reset || + (edev->mode & EEH_DEV_NO_HANDLER) || +- (!edev->in_error)) { +- eeh_pcid_put(dev); +- return NULL; +- } ++ (!edev->in_error)) ++ goto out; + + rc = driver->err_handler->slot_reset(dev); + if ((*res == PCI_ERS_RESULT_NONE) || +@@ -310,7 +315,10 @@ static void *eeh_report_reset(void *data + if (*res == PCI_ERS_RESULT_DISCONNECT && + rc == PCI_ERS_RESULT_NEED_RESET) *res = rc; + ++out: + eeh_pcid_put(dev); ++out_no_dev: ++ device_unlock(&dev->dev); + return NULL; + } + +@@ -361,10 +369,12 @@ static void *eeh_report_resume(void *dat + + if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe)) + return NULL; ++ ++ device_lock(&dev->dev); + dev->error_state = pci_channel_io_normal; + + driver = eeh_pcid_get(dev); +- if (!driver) return NULL; ++ if (!driver) goto out_no_dev; + + was_in_error = edev->in_error; + edev->in_error = false; +@@ -374,13 +384,19 @@ static void *eeh_report_resume(void *dat + !driver->err_handler->resume || + (edev->mode & EEH_DEV_NO_HANDLER) || !was_in_error) { + edev->mode &= ~EEH_DEV_NO_HANDLER; +- eeh_pcid_put(dev); +- return NULL; ++ goto out; + } + + driver->err_handler->resume(dev); + ++out: + eeh_pcid_put(dev); ++#ifdef CONFIG_PCI_IOV ++ if (eeh_ops->notify_resume && eeh_dev_to_pdn(edev)) ++ eeh_ops->notify_resume(eeh_dev_to_pdn(edev)); ++#endif ++out_no_dev: ++ device_unlock(&dev->dev); + return NULL; + } + +@@ -400,22 +416,25 @@ static void *eeh_report_failure(void *da + + if (!dev || eeh_dev_removed(edev) || eeh_pe_passed(edev->pe)) + return NULL; ++ ++ device_lock(&dev->dev); + dev->error_state = pci_channel_io_perm_failure; + + driver = eeh_pcid_get(dev); +- if (!driver) return NULL; ++ if (!driver) goto out_no_dev; + + eeh_disable_irq(dev); + + if (!driver->err_handler || +- !driver->err_handler->error_detected) { +- eeh_pcid_put(dev); +- return NULL; +- } ++ !driver->err_handler->error_detected) ++ goto out; + + driver->err_handler->error_detected(dev, pci_channel_io_perm_failure); + ++out: + eeh_pcid_put(dev); ++out_no_dev: ++ device_unlock(&dev->dev); + return NULL; + } + diff --git a/queue-4.14/series b/queue-4.14/series index 9c1f4ce4086..ca8bced4c0a 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -9,3 +9,7 @@ drm-i915-audio-fix-audio-detection-issue-on-glk.patch drm-i915-do-no-use-kfree-to-free-a-kmem_cache_alloc-return-value.patch drm-i915-fix-lspcon-tmds-output-buffer-enabling-from-low-power-state.patch drm-i915-bxt-glk-increase-pcode-timeouts-during-cdclk-freq-changing.patch +usb-musb-fix-enumeration-after-resume.patch +usb-musb-call-pm_runtime_-get-put-_sync-before-reading-vbus-registers.patch +usb-musb-fix-external-abort-in-musb_remove-on-omap2430.patch +powerpc-eeh-fix-race-with-driver-un-bind.patch diff --git a/queue-4.14/usb-musb-call-pm_runtime_-get-put-_sync-before-reading-vbus-registers.patch b/queue-4.14/usb-musb-call-pm_runtime_-get-put-_sync-before-reading-vbus-registers.patch new file mode 100644 index 00000000000..ff89d782f86 --- /dev/null +++ b/queue-4.14/usb-musb-call-pm_runtime_-get-put-_sync-before-reading-vbus-registers.patch @@ -0,0 +1,54 @@ +From df6b074dbe248d8c43a82131e8fd429e401841a5 Mon Sep 17 00:00:00 2001 +From: Merlijn Wajer +Date: Mon, 5 Mar 2018 11:35:10 -0600 +Subject: usb: musb: call pm_runtime_{get,put}_sync before reading vbus registers + +From: Merlijn Wajer + +commit df6b074dbe248d8c43a82131e8fd429e401841a5 upstream. + +Without pm_runtime_{get,put}_sync calls in place, reading +vbus status via /sys causes the following error: + +Unhandled fault: external abort on non-linefetch (0x1028) at 0xfa0ab060 +pgd = b333e822 +[fa0ab060] *pgd=48011452(bad) + +[] (musb_default_readb) from [] (musb_vbus_show+0x58/0xe4) +[] (musb_vbus_show) from [] (dev_attr_show+0x20/0x44) +[] (dev_attr_show) from [] (sysfs_kf_seq_show+0x80/0xdc) +[] (sysfs_kf_seq_show) from [] (seq_read+0x250/0x448) +[] (seq_read) from [] (__vfs_read+0x1c/0x118) +[] (__vfs_read) from [] (vfs_read+0x90/0x144) +[] (vfs_read) from [] (SyS_read+0x3c/0x74) +[] (SyS_read) from [] (ret_fast_syscall+0x0/0x54) + +Solution was suggested by Tony Lindgren . + +Signed-off-by: Merlijn Wajer +Acked-by: Tony Lindgren +Signed-off-by: Bin Liu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/musb/musb_core.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/usb/musb/musb_core.c ++++ b/drivers/usb/musb/musb_core.c +@@ -1780,6 +1780,7 @@ musb_vbus_show(struct device *dev, struc + int vbus; + u8 devctl; + ++ pm_runtime_get_sync(dev); + spin_lock_irqsave(&musb->lock, flags); + val = musb->a_wait_bcon; + vbus = musb_platform_get_vbus_status(musb); +@@ -1793,6 +1794,7 @@ musb_vbus_show(struct device *dev, struc + vbus = 0; + } + spin_unlock_irqrestore(&musb->lock, flags); ++ pm_runtime_put_sync(dev); + + return sprintf(buf, "Vbus %s, timeout %lu msec\n", + vbus ? "on" : "off", val); diff --git a/queue-4.14/usb-musb-fix-enumeration-after-resume.patch b/queue-4.14/usb-musb-fix-enumeration-after-resume.patch new file mode 100644 index 00000000000..85a9c6f3029 --- /dev/null +++ b/queue-4.14/usb-musb-fix-enumeration-after-resume.patch @@ -0,0 +1,48 @@ +From 17539f2f4f0b7fa906b508765c8ada07a1e45f52 Mon Sep 17 00:00:00 2001 +From: Andreas Kemnade +Date: Tue, 20 Feb 2018 07:30:10 -0600 +Subject: usb: musb: fix enumeration after resume + +From: Andreas Kemnade + +commit 17539f2f4f0b7fa906b508765c8ada07a1e45f52 upstream. + +On dm3730 there are enumeration problems after resume. +Investigation led to the cause that the MUSB_POWER_SOFTCONN +bit is not set. If it was set before suspend (because it +was enabled via musb_pullup()), it is set in +musb_restore_context() so the pullup is enabled. But then +musb_start() is called which overwrites MUSB_POWER and +therefore disables MUSB_POWER_SOFTCONN, so no pullup is +enabled and the device is not enumerated. + +So let's do a subset of what musb_start() does +in the same way as musb_suspend() does it. Platform-specific +stuff it still called as there might be some phy-related stuff +which needs to be enabled. +Also interrupts are enabled, as it was the original idea +of calling musb_start() in musb_resume() according to +Commit 6fc6f4b87cb3 ("usb: musb: Disable interrupts on suspend, +enable them on resume") + +Signed-off-by: Andreas Kemnade +Tested-by: Tony Lindgren +Signed-off-by: Bin Liu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/musb/musb_core.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/usb/musb/musb_core.c ++++ b/drivers/usb/musb/musb_core.c +@@ -2733,7 +2733,8 @@ static int musb_resume(struct device *de + if ((devctl & mask) != (musb->context.devctl & mask)) + musb->port1_status = 0; + +- musb_start(musb); ++ musb_enable_interrupts(musb); ++ musb_platform_enable(musb); + + spin_lock_irqsave(&musb->lock, flags); + error = musb_run_resume_work(musb); diff --git a/queue-4.14/usb-musb-fix-external-abort-in-musb_remove-on-omap2430.patch b/queue-4.14/usb-musb-fix-external-abort-in-musb_remove-on-omap2430.patch new file mode 100644 index 00000000000..e319b7514d1 --- /dev/null +++ b/queue-4.14/usb-musb-fix-external-abort-in-musb_remove-on-omap2430.patch @@ -0,0 +1,38 @@ +From 94e46a4f2d5eb14059e42f313c098d4854847376 Mon Sep 17 00:00:00 2001 +From: Merlijn Wajer +Date: Tue, 13 Mar 2018 09:48:40 -0500 +Subject: usb: musb: Fix external abort in musb_remove on omap2430 + +From: Merlijn Wajer + +commit 94e46a4f2d5eb14059e42f313c098d4854847376 upstream. + +This fixes an oops on unbind / module unload (on the musb omap2430 +platform). + +musb_remove function now calls musb_platform_exit before disabling +runtime pm. + +Signed-off-by: Merlijn Wajer +Signed-off-by: Bin Liu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/musb/musb_core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/usb/musb/musb_core.c ++++ b/drivers/usb/musb/musb_core.c +@@ -2498,11 +2498,11 @@ static int musb_remove(struct platform_d + musb_disable_interrupts(musb); + musb_writeb(musb->mregs, MUSB_DEVCTL, 0); + spin_unlock_irqrestore(&musb->lock, flags); ++ musb_platform_exit(musb); + + pm_runtime_dont_use_autosuspend(musb->controller); + pm_runtime_put_sync(musb->controller); + pm_runtime_disable(musb->controller); +- musb_platform_exit(musb); + musb_phy_callback = NULL; + if (musb->dma_controller) + musb_dma_controller_destroy(musb->dma_controller); -- 2.47.3