From: Greg Kroah-Hartman Date: Mon, 26 Jul 2021 08:21:04 +0000 (+0200) Subject: 5.4-stable patches X-Git-Tag: v4.4.277~65 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c46cf33b5105fdd34b1f42322eb993e17e63aacb;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: alsa-hdmi-expose-all-pins-on-msi-ms-7c94-board.patch alsa-sb-fix-potential-abba-deadlock-in-csp-driver.patch alsa-usb-audio-add-missing-proc-text-entry-for-bespoken-type.patch alsa-usb-audio-add-registration-quirk-for-jbl-quantum-headsets.patch s390-boot-fix-use-of-expolines-in-the-dma-code.patch s390-ftrace-fix-ftrace_update_ftrace_func-implementation.patch xhci-fix-lost-usb-2-remote-wake.patch --- diff --git a/queue-5.4/alsa-hdmi-expose-all-pins-on-msi-ms-7c94-board.patch b/queue-5.4/alsa-hdmi-expose-all-pins-on-msi-ms-7c94-board.patch new file mode 100644 index 00000000000..5607e20aecb --- /dev/null +++ b/queue-5.4/alsa-hdmi-expose-all-pins-on-msi-ms-7c94-board.patch @@ -0,0 +1,35 @@ +From 33f735f137c6539e3ceceb515cd1e2a644005b49 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Fri, 16 Jul 2021 15:56:00 +0200 +Subject: ALSA: hdmi: Expose all pins on MSI MS-7C94 board + +From: Takashi Iwai + +commit 33f735f137c6539e3ceceb515cd1e2a644005b49 upstream. + +The BIOS on MSI Mortar B550m WiFi (MS-7C94) board with AMDGPU seems +disabling the other pins than HDMI although it has more outputs +including DP. + +This patch adds the board to the allow list for enabling all pins. + +Reported-by: Damjan Georgievski +Cc: +Link: https://lore.kernel.org/r/CAEk1YH4Jd0a8vfZxORVu7qg+Zsc-K+pR187ezNq8QhJBPW4gpw@mail.gmail.com +Link: https://lore.kernel.org/r/20210716135600.24176-1-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_hdmi.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_hdmi.c ++++ b/sound/pci/hda/patch_hdmi.c +@@ -1820,6 +1820,7 @@ static int hdmi_add_cvt(struct hda_codec + static const struct snd_pci_quirk force_connect_list[] = { + SND_PCI_QUIRK(0x103c, 0x870f, "HP", 1), + SND_PCI_QUIRK(0x103c, 0x871a, "HP", 1), ++ SND_PCI_QUIRK(0x1462, 0xec94, "MS-7C94", 1), + {} + }; + diff --git a/queue-5.4/alsa-sb-fix-potential-abba-deadlock-in-csp-driver.patch b/queue-5.4/alsa-sb-fix-potential-abba-deadlock-in-csp-driver.patch new file mode 100644 index 00000000000..1283ce68290 --- /dev/null +++ b/queue-5.4/alsa-sb-fix-potential-abba-deadlock-in-csp-driver.patch @@ -0,0 +1,75 @@ +From 1c2b9519159b470ef24b2638f4794e86e2952ab7 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Fri, 16 Jul 2021 15:27:23 +0200 +Subject: ALSA: sb: Fix potential ABBA deadlock in CSP driver + +From: Takashi Iwai + +commit 1c2b9519159b470ef24b2638f4794e86e2952ab7 upstream. + +SB16 CSP driver may hit potentially a typical ABBA deadlock in two +code paths: + + In snd_sb_csp_stop(): + spin_lock_irqsave(&p->chip->mixer_lock, flags); + spin_lock(&p->chip->reg_lock); + + In snd_sb_csp_load(): + spin_lock_irqsave(&p->chip->reg_lock, flags); + spin_lock(&p->chip->mixer_lock); + +Also the similar pattern is seen in snd_sb_csp_start(). + +Although the practical impact is very small (those states aren't +triggered in the same running state and this happens only on a real +hardware, decades old ISA sound boards -- which must be very difficult +to find nowadays), it's a real scenario and has to be fixed. + +This patch addresses those deadlocks by splitting the locks in +snd_sb_csp_start() and snd_sb_csp_stop() for avoiding the nested +locks. + +Reported-by: Jia-Ju Bai +Cc: +Link: https://lore.kernel.org/r/7b0fcdaf-cd4f-4728-2eae-48c151a92e10@gmail.com +Link: https://lore.kernel.org/r/20210716132723.13216-1-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/isa/sb/sb16_csp.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/sound/isa/sb/sb16_csp.c ++++ b/sound/isa/sb/sb16_csp.c +@@ -814,6 +814,7 @@ static int snd_sb_csp_start(struct snd_s + mixR = snd_sbmixer_read(p->chip, SB_DSP4_PCM_DEV + 1); + snd_sbmixer_write(p->chip, SB_DSP4_PCM_DEV, mixL & 0x7); + snd_sbmixer_write(p->chip, SB_DSP4_PCM_DEV + 1, mixR & 0x7); ++ spin_unlock_irqrestore(&p->chip->mixer_lock, flags); + + spin_lock(&p->chip->reg_lock); + set_mode_register(p->chip, 0xc0); /* c0 = STOP */ +@@ -853,6 +854,7 @@ static int snd_sb_csp_start(struct snd_s + spin_unlock(&p->chip->reg_lock); + + /* restore PCM volume */ ++ spin_lock_irqsave(&p->chip->mixer_lock, flags); + snd_sbmixer_write(p->chip, SB_DSP4_PCM_DEV, mixL); + snd_sbmixer_write(p->chip, SB_DSP4_PCM_DEV + 1, mixR); + spin_unlock_irqrestore(&p->chip->mixer_lock, flags); +@@ -878,6 +880,7 @@ static int snd_sb_csp_stop(struct snd_sb + mixR = snd_sbmixer_read(p->chip, SB_DSP4_PCM_DEV + 1); + snd_sbmixer_write(p->chip, SB_DSP4_PCM_DEV, mixL & 0x7); + snd_sbmixer_write(p->chip, SB_DSP4_PCM_DEV + 1, mixR & 0x7); ++ spin_unlock_irqrestore(&p->chip->mixer_lock, flags); + + spin_lock(&p->chip->reg_lock); + if (p->running & SNDRV_SB_CSP_ST_QSOUND) { +@@ -892,6 +895,7 @@ static int snd_sb_csp_stop(struct snd_sb + spin_unlock(&p->chip->reg_lock); + + /* restore PCM volume */ ++ spin_lock_irqsave(&p->chip->mixer_lock, flags); + snd_sbmixer_write(p->chip, SB_DSP4_PCM_DEV, mixL); + snd_sbmixer_write(p->chip, SB_DSP4_PCM_DEV + 1, mixR); + spin_unlock_irqrestore(&p->chip->mixer_lock, flags); diff --git a/queue-5.4/alsa-usb-audio-add-missing-proc-text-entry-for-bespoken-type.patch b/queue-5.4/alsa-usb-audio-add-missing-proc-text-entry-for-bespoken-type.patch new file mode 100644 index 00000000000..a9bd771b72c --- /dev/null +++ b/queue-5.4/alsa-usb-audio-add-missing-proc-text-entry-for-bespoken-type.patch @@ -0,0 +1,45 @@ +From 64752a95b702817602d72f109ceaf5ec0780e283 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Wed, 14 Jul 2021 10:48:36 +0200 +Subject: ALSA: usb-audio: Add missing proc text entry for BESPOKEN type + +From: Takashi Iwai + +commit 64752a95b702817602d72f109ceaf5ec0780e283 upstream. + +Recently we've added a new usb_mixer element type, USB_MIXER_BESPOKEN, +but it wasn't added in the table in snd_usb_mixer_dump_cval(). This +is no big problem since each bespoken type should have its own dump +method, but it still isn't disallowed to use the standard one, so we +should cover it as well. Along with it, define the table with the +explicit array initializer for avoiding other pitfalls. + +Fixes: 785b6f29a795 ("ALSA: usb-audio: scarlett2: Fix wrong resume call") +Reported-by: Pavel Machek +Cc: +Link: https://lore.kernel.org/r/20210714084836.1977-1-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/usb/mixer.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +--- a/sound/usb/mixer.c ++++ b/sound/usb/mixer.c +@@ -3242,7 +3242,15 @@ static void snd_usb_mixer_dump_cval(stru + { + struct usb_mixer_elem_info *cval = mixer_elem_list_to_info(list); + static const char * const val_types[] = { +- "BOOLEAN", "INV_BOOLEAN", "S8", "U8", "S16", "U16", "S32", "U32", ++ [USB_MIXER_BOOLEAN] = "BOOLEAN", ++ [USB_MIXER_INV_BOOLEAN] = "INV_BOOLEAN", ++ [USB_MIXER_S8] = "S8", ++ [USB_MIXER_U8] = "U8", ++ [USB_MIXER_S16] = "S16", ++ [USB_MIXER_U16] = "U16", ++ [USB_MIXER_S32] = "S32", ++ [USB_MIXER_U32] = "U32", ++ [USB_MIXER_BESPOKEN] = "BESPOKEN", + }; + snd_iprintf(buffer, " Info: id=%i, control=%i, cmask=0x%x, " + "channels=%i, type=\"%s\"\n", cval->head.id, diff --git a/queue-5.4/alsa-usb-audio-add-registration-quirk-for-jbl-quantum-headsets.patch b/queue-5.4/alsa-usb-audio-add-registration-quirk-for-jbl-quantum-headsets.patch new file mode 100644 index 00000000000..00fbaef456c --- /dev/null +++ b/queue-5.4/alsa-usb-audio-add-registration-quirk-for-jbl-quantum-headsets.patch @@ -0,0 +1,38 @@ +From b0084afde27fe8a504377dee65f55bc6aa776937 Mon Sep 17 00:00:00 2001 +From: Alexander Tsoy +Date: Thu, 22 Jul 2021 02:56:05 +0300 +Subject: ALSA: usb-audio: Add registration quirk for JBL Quantum headsets +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Alexander Tsoy + +commit b0084afde27fe8a504377dee65f55bc6aa776937 upstream. + +These devices has two interfaces, but only the second interface +contains the capture endpoint, thus quirk is required to delay the +registration until the second interface appears. + +Tested-by: Jakub Fišer +Signed-off-by: Alexander Tsoy +Cc: +Link: https://lore.kernel.org/r/20210721235605.53741-1-alexander@tsoy.me +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/usb/quirks.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/sound/usb/quirks.c ++++ b/sound/usb/quirks.c +@@ -1840,6 +1840,9 @@ static const struct registration_quirk r + REG_QUIRK_ENTRY(0x0951, 0x16d8, 2), /* Kingston HyperX AMP */ + REG_QUIRK_ENTRY(0x0951, 0x16ed, 2), /* Kingston HyperX Cloud Alpha S */ + REG_QUIRK_ENTRY(0x0951, 0x16ea, 2), /* Kingston HyperX Cloud Flight S */ ++ REG_QUIRK_ENTRY(0x0ecb, 0x1f46, 2), /* JBL Quantum 600 */ ++ REG_QUIRK_ENTRY(0x0ecb, 0x2039, 2), /* JBL Quantum 400 */ ++ REG_QUIRK_ENTRY(0x0ecb, 0x203e, 2), /* JBL Quantum 800 */ + { 0 } /* terminator */ + }; + diff --git a/queue-5.4/s390-boot-fix-use-of-expolines-in-the-dma-code.patch b/queue-5.4/s390-boot-fix-use-of-expolines-in-the-dma-code.patch new file mode 100644 index 00000000000..486867e90b1 --- /dev/null +++ b/queue-5.4/s390-boot-fix-use-of-expolines-in-the-dma-code.patch @@ -0,0 +1,64 @@ +From 463f36c76fa4ec015c640ff63ccf52e7527abee0 Mon Sep 17 00:00:00 2001 +From: Alexander Egorenkov +Date: Fri, 16 Jul 2021 22:00:22 +0200 +Subject: s390/boot: fix use of expolines in the DMA code + +From: Alexander Egorenkov + +commit 463f36c76fa4ec015c640ff63ccf52e7527abee0 upstream. + +The DMA code section of the decompressor must be compiled with expolines +if Spectre V2 mitigation has been enabled for the decompressed kernel. +This is required because although the decompressor's image contains +the DMA code section, it is handed over to the decompressed kernel for use. + +Because the DMA code is already slow w/o expolines, use expolines always +regardless whether the decompressed kernel is using them or not. This +simplifies the DMA code by dropping the conditional compilation of +expolines. + +Fixes: bf72630130c2 ("s390: use proper expoline sections for .dma code") +Cc: # 5.2 +Signed-off-by: Alexander Egorenkov +Reviewed-by: Heiko Carstens +Signed-off-by: Heiko Carstens +Signed-off-by: Greg Kroah-Hartman +--- + arch/s390/boot/text_dma.S | 19 ++++--------------- + 1 file changed, 4 insertions(+), 15 deletions(-) + +--- a/arch/s390/boot/text_dma.S ++++ b/arch/s390/boot/text_dma.S +@@ -9,16 +9,6 @@ + #include + #include + +-#ifdef CC_USING_EXPOLINE +- .pushsection .dma.text.__s390_indirect_jump_r14,"axG" +-__dma__s390_indirect_jump_r14: +- larl %r1,0f +- ex 0,0(%r1) +- j . +-0: br %r14 +- .popsection +-#endif +- + .section .dma.text,"ax" + /* + * Simplified version of expoline thunk. The normal thunks can not be used here, +@@ -27,11 +17,10 @@ __dma__s390_indirect_jump_r14: + * affects a few functions that are not performance-relevant. + */ + .macro BR_EX_DMA_r14 +-#ifdef CC_USING_EXPOLINE +- jg __dma__s390_indirect_jump_r14 +-#else +- br %r14 +-#endif ++ larl %r1,0f ++ ex 0,0(%r1) ++ j . ++0: br %r14 + .endm + + /* diff --git a/queue-5.4/s390-ftrace-fix-ftrace_update_ftrace_func-implementation.patch b/queue-5.4/s390-ftrace-fix-ftrace_update_ftrace_func-implementation.patch new file mode 100644 index 00000000000..c748d9ea2ee --- /dev/null +++ b/queue-5.4/s390-ftrace-fix-ftrace_update_ftrace_func-implementation.patch @@ -0,0 +1,129 @@ +From f8c2602733c953ed7a16e060640b8e96f9d94b9b Mon Sep 17 00:00:00 2001 +From: Vasily Gorbik +Date: Fri, 25 Jun 2021 23:50:07 +0200 +Subject: s390/ftrace: fix ftrace_update_ftrace_func implementation + +From: Vasily Gorbik + +commit f8c2602733c953ed7a16e060640b8e96f9d94b9b upstream. + +s390 enforces DYNAMIC_FTRACE if FUNCTION_TRACER is selected. +At the same time implementation of ftrace_caller is not compliant with +HAVE_DYNAMIC_FTRACE since it doesn't provide implementation of +ftrace_update_ftrace_func() and calls ftrace_trace_function() directly. + +The subtle difference is that during ftrace code patching ftrace +replaces function tracer via ftrace_update_ftrace_func() and activates +it back afterwards. Unexpected direct calls to ftrace_trace_function() +during ftrace code patching leads to nullptr-dereferences when tracing +is activated for one of functions which are used during code patching. +Those function currently are: +copy_from_kernel_nofault() +copy_from_kernel_nofault_allowed() +preempt_count_sub() [with debug_defconfig] +preempt_count_add() [with debug_defconfig] + +Corresponding KASAN report: + BUG: KASAN: nullptr-dereference in function_trace_call+0x316/0x3b0 + Read of size 4 at addr 0000000000001e08 by task migration/0/15 + + CPU: 0 PID: 15 Comm: migration/0 Tainted: G B 5.13.0-41423-g08316af3644d + Hardware name: IBM 3906 M04 704 (LPAR) + Stopper: multi_cpu_stop+0x0/0x3e0 <- stop_machine_cpuslocked+0x1e4/0x218 + Call Trace: + [<0000000001f77caa>] show_stack+0x16a/0x1d0 + [<0000000001f8de42>] dump_stack+0x15a/0x1b0 + [<0000000001f81d56>] print_address_description.constprop.0+0x66/0x2e0 + [<000000000082b0ca>] kasan_report+0x152/0x1c0 + [<00000000004cfd8e>] function_trace_call+0x316/0x3b0 + [<0000000001fb7082>] ftrace_caller+0x7a/0x7e + [<00000000006bb3e6>] copy_from_kernel_nofault_allowed+0x6/0x10 + [<00000000006bb42e>] copy_from_kernel_nofault+0x3e/0xd0 + [<000000000014605c>] ftrace_make_call+0xb4/0x1f8 + [<000000000047a1b4>] ftrace_replace_code+0x134/0x1d8 + [<000000000047a6e0>] ftrace_modify_all_code+0x120/0x1d0 + [<000000000047a7ec>] __ftrace_modify_code+0x5c/0x78 + [<000000000042395c>] multi_cpu_stop+0x224/0x3e0 + [<0000000000423212>] cpu_stopper_thread+0x33a/0x5a0 + [<0000000000243ff2>] smpboot_thread_fn+0x302/0x708 + [<00000000002329ea>] kthread+0x342/0x408 + [<00000000001066b2>] __ret_from_fork+0x92/0xf0 + [<0000000001fb57fa>] ret_from_fork+0xa/0x30 + + The buggy address belongs to the page: + page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1 + flags: 0x1ffff00000001000(reserved|node=0|zone=0|lastcpupid=0x1ffff) + raw: 1ffff00000001000 0000040000000048 0000040000000048 0000000000000000 + raw: 0000000000000000 0000000000000000 ffffffff00000001 0000000000000000 + page dumped because: kasan: bad access detected + + Memory state around the buggy address: + 0000000000001d00: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 + 0000000000001d80: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 + >0000000000001e00: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 + ^ + 0000000000001e80: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 + 0000000000001f00: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 + ================================================================== + +To fix that introduce ftrace_func callback to be called from +ftrace_caller and update it in ftrace_update_ftrace_func(). + +Fixes: 4cc9bed034d1 ("[S390] cleanup ftrace backend functions") +Cc: stable@vger.kernel.org +Reviewed-by: Heiko Carstens +Signed-off-by: Vasily Gorbik +Signed-off-by: Heiko Carstens +Signed-off-by: Greg Kroah-Hartman +--- + arch/s390/include/asm/ftrace.h | 1 + + arch/s390/kernel/ftrace.c | 2 ++ + arch/s390/kernel/mcount.S | 4 ++-- + 3 files changed, 5 insertions(+), 2 deletions(-) + +--- a/arch/s390/include/asm/ftrace.h ++++ b/arch/s390/include/asm/ftrace.h +@@ -27,6 +27,7 @@ void ftrace_caller(void); + + extern char ftrace_graph_caller_end; + extern unsigned long ftrace_plt; ++extern void *ftrace_func; + + struct dyn_arch_ftrace { }; + +--- a/arch/s390/kernel/ftrace.c ++++ b/arch/s390/kernel/ftrace.c +@@ -57,6 +57,7 @@ + * > brasl %r0,ftrace_caller # offset 0 + */ + ++void *ftrace_func __read_mostly = ftrace_stub; + unsigned long ftrace_plt; + + static inline void ftrace_generate_orig_insn(struct ftrace_insn *insn) +@@ -166,6 +167,7 @@ int ftrace_make_call(struct dyn_ftrace * + + int ftrace_update_ftrace_func(ftrace_func_t func) + { ++ ftrace_func = func; + return 0; + } + +--- a/arch/s390/kernel/mcount.S ++++ b/arch/s390/kernel/mcount.S +@@ -61,13 +61,13 @@ ENTRY(ftrace_caller) + #ifdef CONFIG_HAVE_MARCH_Z196_FEATURES + aghik %r2,%r0,-MCOUNT_INSN_SIZE + lgrl %r4,function_trace_op +- lgrl %r1,ftrace_trace_function ++ lgrl %r1,ftrace_func + #else + lgr %r2,%r0 + aghi %r2,-MCOUNT_INSN_SIZE + larl %r4,function_trace_op + lg %r4,0(%r4) +- larl %r1,ftrace_trace_function ++ larl %r1,ftrace_func + lg %r1,0(%r1) + #endif + lgr %r3,%r14 diff --git a/queue-5.4/series b/queue-5.4/series index f7ea23841fb..4dc98ba5a86 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -68,3 +68,10 @@ net-sched-cls_api-fix-the-the-wrong-parameter.patch drm-panel-raspberrypi-touchscreen-prevent-double-fre.patch proc-avoid-mixing-integer-types-in-mem_rw.patch revert-mips-add-pmd-table-accounting-into-mips-pmd_alloc_one.patch +s390-ftrace-fix-ftrace_update_ftrace_func-implementation.patch +s390-boot-fix-use-of-expolines-in-the-dma-code.patch +alsa-usb-audio-add-missing-proc-text-entry-for-bespoken-type.patch +alsa-usb-audio-add-registration-quirk-for-jbl-quantum-headsets.patch +alsa-sb-fix-potential-abba-deadlock-in-csp-driver.patch +alsa-hdmi-expose-all-pins-on-msi-ms-7c94-board.patch +xhci-fix-lost-usb-2-remote-wake.patch diff --git a/queue-5.4/xhci-fix-lost-usb-2-remote-wake.patch b/queue-5.4/xhci-fix-lost-usb-2-remote-wake.patch new file mode 100644 index 00000000000..d0cbd6e2755 --- /dev/null +++ b/queue-5.4/xhci-fix-lost-usb-2-remote-wake.patch @@ -0,0 +1,69 @@ +From 72f68bf5c756f5ce1139b31daae2684501383ad5 Mon Sep 17 00:00:00 2001 +From: Mathias Nyman +Date: Thu, 15 Jul 2021 18:06:51 +0300 +Subject: xhci: Fix lost USB 2 remote wake + +From: Mathias Nyman + +commit 72f68bf5c756f5ce1139b31daae2684501383ad5 upstream. + +There's a small window where a USB 2 remote wake may be left unhandled +due to a race between hub thread and xhci port event interrupt handler. + +When the resume event is detected in the xhci interrupt handler it kicks +the hub timer, which should move the port from resume to U0 once resume +has been signalled for long enough. + +To keep the hub "thread" running we set a bus_state->resuming_ports flag. +This flag makes sure hub timer function kicks itself. + +checking this flag was not properly protected by the spinlock. Flag was +copied to a local variable before lock was taken. The local variable was +then checked later with spinlock held. + +If interrupt is handled right after copying the flag to the local variable +we end up stopping the hub thread before it can handle the USB 2 resume. + +CPU0 CPU1 +(hub thread) (xhci event handler) + +xhci_hub_status_data() +status = bus_state->resuming_ports; + + handle_port_status() + spin_lock() + bus_state->resuming_ports = 1 + set_flag(HCD_FLAG_POLL_RH) + spin_unlock() +spin_lock() +if (!status) + clear_flag(HCD_FLAG_POLL_RH) +spin_unlock() + +Fix this by taking the lock a bit earlier so that it covers +the resuming_ports flag copy in the hub thread + +Cc: +Signed-off-by: Mathias Nyman +Link: https://lore.kernel.org/r/20210715150651.1996099-2-mathias.nyman@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/host/xhci-hub.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/usb/host/xhci-hub.c ++++ b/drivers/usb/host/xhci-hub.c +@@ -1546,11 +1546,12 @@ int xhci_hub_status_data(struct usb_hcd + * Inform the usbcore about resume-in-progress by returning + * a non-zero value even if there are no status changes. + */ ++ spin_lock_irqsave(&xhci->lock, flags); ++ + status = bus_state->resuming_ports; + + mask = PORT_CSC | PORT_PEC | PORT_OCC | PORT_PLC | PORT_WRC | PORT_CEC; + +- spin_lock_irqsave(&xhci->lock, flags); + /* For each port, did anything change? If so, set that bit in buf. */ + for (i = 0; i < max_ports; i++) { + temp = readl(ports[i]->addr);