From 8efb81f0056dae4cbd544072c7f2389a36b97458 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 5 Jun 2023 17:00:51 +0200 Subject: [PATCH] 4.14-stable patches added patches: net-usb-qmi_wwan-set-dtr-quirk-for-broadmobi-bm818.patch usb-gadget-f_fs-add-unbind-event-before-functionfs_unbind.patch --- ...an-set-dtr-quirk-for-broadmobi-bm818.patch | 36 ++++++++++ queue-4.14/series | 2 + ...nbind-event-before-functionfs_unbind.patch | 65 +++++++++++++++++++ 3 files changed, 103 insertions(+) create mode 100644 queue-4.14/net-usb-qmi_wwan-set-dtr-quirk-for-broadmobi-bm818.patch create mode 100644 queue-4.14/usb-gadget-f_fs-add-unbind-event-before-functionfs_unbind.patch diff --git a/queue-4.14/net-usb-qmi_wwan-set-dtr-quirk-for-broadmobi-bm818.patch b/queue-4.14/net-usb-qmi_wwan-set-dtr-quirk-for-broadmobi-bm818.patch new file mode 100644 index 00000000000..9b2cca0e24a --- /dev/null +++ b/queue-4.14/net-usb-qmi_wwan-set-dtr-quirk-for-broadmobi-bm818.patch @@ -0,0 +1,36 @@ +From 36936a56e1814f6c526fe71fbf980beab4f5577a Mon Sep 17 00:00:00 2001 +From: Sebastian Krzyszkowiak +Date: Fri, 26 May 2023 16:38:11 +0200 +Subject: net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Sebastian Krzyszkowiak + +commit 36936a56e1814f6c526fe71fbf980beab4f5577a upstream. + +BM818 is based on Qualcomm MDM9607 chipset. + +Fixes: 9a07406b00cd ("net: usb: qmi_wwan: Add the BroadMobi BM818 card") +Cc: stable@vger.kernel.org +Signed-off-by: Sebastian Krzyszkowiak +Acked-by: Bjørn Mork +Link: https://lore.kernel.org/r/20230526-bm818-dtr-v1-1-64bbfa6ba8af@puri.sm +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/usb/qmi_wwan.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/usb/qmi_wwan.c ++++ b/drivers/net/usb/qmi_wwan.c +@@ -1274,7 +1274,7 @@ static const struct usb_device_id produc + {QMI_FIXED_INTF(0x2001, 0x7e3d, 4)}, /* D-Link DWM-222 A2 */ + {QMI_FIXED_INTF(0x2020, 0x2031, 4)}, /* Olicard 600 */ + {QMI_FIXED_INTF(0x2020, 0x2033, 4)}, /* BroadMobi BM806U */ +- {QMI_FIXED_INTF(0x2020, 0x2060, 4)}, /* BroadMobi BM818 */ ++ {QMI_QUIRK_SET_DTR(0x2020, 0x2060, 4)}, /* BroadMobi BM818 */ + {QMI_FIXED_INTF(0x0f3d, 0x68a2, 8)}, /* Sierra Wireless MC7700 */ + {QMI_FIXED_INTF(0x114f, 0x68a2, 8)}, /* Sierra Wireless MC7750 */ + {QMI_FIXED_INTF(0x1199, 0x68a2, 8)}, /* Sierra Wireless MC7710 in QMI mode */ diff --git a/queue-4.14/series b/queue-4.14/series index e0b44a39412..d961db2492d 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -35,3 +35,5 @@ mailbox-mailbox-test-fix-a-locking-issue-in-mbox_tes.patch iio-adc-mxs-lradc-fix-the-order-of-two-cleanup-operations.patch hid-wacom-avoid-integer-overflow-in-wacom_intuos_inout.patch iio-dac-mcp4725-fix-i2c_master_send-return-value-handling.patch +net-usb-qmi_wwan-set-dtr-quirk-for-broadmobi-bm818.patch +usb-gadget-f_fs-add-unbind-event-before-functionfs_unbind.patch diff --git a/queue-4.14/usb-gadget-f_fs-add-unbind-event-before-functionfs_unbind.patch b/queue-4.14/usb-gadget-f_fs-add-unbind-event-before-functionfs_unbind.patch new file mode 100644 index 00000000000..480cdb3fbf3 --- /dev/null +++ b/queue-4.14/usb-gadget-f_fs-add-unbind-event-before-functionfs_unbind.patch @@ -0,0 +1,65 @@ +From efb6b535207395a5c7317993602e2503ca8cb4b3 Mon Sep 17 00:00:00 2001 +From: Uttkarsh Aggarwal +Date: Thu, 25 May 2023 14:58:54 +0530 +Subject: usb: gadget: f_fs: Add unbind event before functionfs_unbind + +From: Uttkarsh Aggarwal + +commit efb6b535207395a5c7317993602e2503ca8cb4b3 upstream. + +While exercising the unbind path, with the current implementation +the functionfs_unbind would be calling which waits for the ffs->mutex +to be available, however within the same time ffs_ep0_read is invoked +& if no setup packets are pending, it will invoke function +wait_event_interruptible_exclusive_locked_irq which by definition waits +for the ev.count to be increased inside the same mutex for which +functionfs_unbind is waiting. +This creates deadlock situation because the functionfs_unbind won't +get the lock until ev.count is increased which can only happen if +the caller ffs_func_unbind can proceed further. + +Following is the illustration: + + CPU1 CPU2 + +ffs_func_unbind() ffs_ep0_read() + mutex_lock(ffs->mutex) + wait_event(ffs->ev.count) +functionfs_unbind() + mutex_lock(ffs->mutex) + mutex_unlock(ffs->mutex) + +ffs_event_add() + + + +Fix this by moving the event unbind before functionfs_unbind +to ensure the ev.count is incrased properly. + +Fixes: 6a19da111057 ("usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait") +Cc: stable +Signed-off-by: Uttkarsh Aggarwal +Link: https://lore.kernel.org/r/20230525092854.7992-1-quic_uaggarwa@quicinc.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/gadget/function/f_fs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/usb/gadget/function/f_fs.c ++++ b/drivers/usb/gadget/function/f_fs.c +@@ -3500,6 +3500,7 @@ static void ffs_func_unbind(struct usb_c + /* Drain any pending AIO completions */ + drain_workqueue(ffs->io_completion_wq); + ++ ffs_event_add(ffs, FUNCTIONFS_UNBIND); + if (!--opts->refcnt) + functionfs_unbind(ffs); + +@@ -3524,7 +3525,6 @@ static void ffs_func_unbind(struct usb_c + func->function.ssp_descriptors = NULL; + func->interfaces_nums = NULL; + +- ffs_event_add(ffs, FUNCTIONFS_UNBIND); + } + + static struct usb_function *ffs_alloc(struct usb_function_instance *fi) -- 2.47.3