From 92de2eed1402ac264be011b3be7239e4181a6068 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 17 Jun 2024 11:12:56 +0200
Subject: [PATCH] 5.10-stable patches

added patches:
	mei-me-release-irq-in-mei_me_pci_resume-error-path.patch
	usb-class-cdc-wdm-fix-cpu-lockup-caused-by-excessive-log-messages.patch
---
 ...-irq-in-mei_me_pci_resume-error-path.patch | 35 +++++++++
 queue-5.10/series                             |  2 +
 ...kup-caused-by-excessive-log-messages.patch | 78 +++++++++++++++++++
 3 files changed, 115 insertions(+)
 create mode 100644 queue-5.10/mei-me-release-irq-in-mei_me_pci_resume-error-path.patch
 create mode 100644 queue-5.10/usb-class-cdc-wdm-fix-cpu-lockup-caused-by-excessive-log-messages.patch

diff --git a/queue-5.10/mei-me-release-irq-in-mei_me_pci_resume-error-path.patch b/queue-5.10/mei-me-release-irq-in-mei_me_pci_resume-error-path.patch
new file mode 100644
index 00000000000..ad465ed2c21
--- /dev/null
+++ b/queue-5.10/mei-me-release-irq-in-mei_me_pci_resume-error-path.patch
@@ -0,0 +1,35 @@
+From 283cb234ef95d94c61f59e1cd070cd9499b51292 Mon Sep 17 00:00:00 2001
+From: Tomas Winkler <tomas.winkler@intel.com>
+Date: Tue, 4 Jun 2024 12:07:28 +0300
+Subject: mei: me: release irq in mei_me_pci_resume error path
+
+From: Tomas Winkler <tomas.winkler@intel.com>
+
+commit 283cb234ef95d94c61f59e1cd070cd9499b51292 upstream.
+
+The mei_me_pci_resume doesn't release irq on the error path,
+in case mei_start() fails.
+
+Cc: <stable@kernel.org>
+Fixes: 33ec08263147 ("mei: revamp mei reset state machine")
+Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
+Link: https://lore.kernel.org/r/20240604090728.1027307-1-tomas.winkler@intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/misc/mei/pci-me.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/misc/mei/pci-me.c
++++ b/drivers/misc/mei/pci-me.c
+@@ -400,8 +400,10 @@ static int mei_me_pci_resume(struct devi
+ 	}
+ 
+ 	err = mei_restart(dev);
+-	if (err)
++	if (err) {
++		free_irq(pdev->irq, dev);
+ 		return err;
++	}
+ 
+ 	/* Start timer if stopped in suspend */
+ 	schedule_delayed_work(&dev->timer_work, HZ);
diff --git a/queue-5.10/series b/queue-5.10/series
index b5ab249b01d..dfaf91c1513 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -56,3 +56,5 @@ btrfs-fix-leak-of-qgroup-extent-records-after-transa.patch
 nilfs2-remove-check-for-pageerror.patch
 nilfs2-return-the-mapped-address-from-nilfs_get_page.patch
 nilfs2-fix-nilfs_empty_dir-misjudgment-and-long-loop.patch
+usb-class-cdc-wdm-fix-cpu-lockup-caused-by-excessive-log-messages.patch
+mei-me-release-irq-in-mei_me_pci_resume-error-path.patch
diff --git a/queue-5.10/usb-class-cdc-wdm-fix-cpu-lockup-caused-by-excessive-log-messages.patch b/queue-5.10/usb-class-cdc-wdm-fix-cpu-lockup-caused-by-excessive-log-messages.patch
new file mode 100644
index 00000000000..261815036c5
--- /dev/null
+++ b/queue-5.10/usb-class-cdc-wdm-fix-cpu-lockup-caused-by-excessive-log-messages.patch
@@ -0,0 +1,78 @@
+From 22f00812862564b314784167a89f27b444f82a46 Mon Sep 17 00:00:00 2001
+From: Alan Stern <stern@rowland.harvard.edu>
+Date: Thu, 13 Jun 2024 21:30:43 -0400
+Subject: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
+
+From: Alan Stern <stern@rowland.harvard.edu>
+
+commit 22f00812862564b314784167a89f27b444f82a46 upstream.
+
+The syzbot fuzzer found that the interrupt-URB completion callback in
+the cdc-wdm driver was taking too long, and the driver's immediate
+resubmission of interrupt URBs with -EPROTO status combined with the
+dummy-hcd emulation to cause a CPU lockup:
+
+cdc_wdm 1-1:1.0: nonzero urb status received: -71
+cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
+watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]
+CPU#0 Utilization every 4s during lockup:
+	#1:  98% system,	  0% softirq,	  3% hardirq,	  0% idle
+	#2:  98% system,	  0% softirq,	  3% hardirq,	  0% idle
+	#3:  98% system,	  0% softirq,	  3% hardirq,	  0% idle
+	#4:  98% system,	  0% softirq,	  3% hardirq,	  0% idle
+	#5:  98% system,	  1% softirq,	  3% hardirq,	  0% idle
+Modules linked in:
+irq event stamp: 73096
+hardirqs last  enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline]
+hardirqs last  enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994
+hardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]
+hardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551
+softirqs last  enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline]
+softirqs last  enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582
+softirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588
+CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G        W          6.10.0-rc2-syzkaller-g8867bbd4a056 #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
+
+Testing showed that the problem did not occur if the two error
+messages -- the first two lines above -- were removed; apparently adding
+material to the kernel log takes a surprisingly large amount of time.
+
+In any case, the best approach for preventing these lockups and to
+avoid spamming the log with thousands of error messages per second is
+to ratelimit the two dev_err() calls.  Therefore we replace them with
+dev_err_ratelimited().
+
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+Suggested-by: Greg KH <gregkh@linuxfoundation.org>
+Reported-and-tested-by: syzbot+5f996b83575ef4058638@syzkaller.appspotmail.com
+Closes: https://lore.kernel.org/linux-usb/00000000000073d54b061a6a1c65@google.com/
+Reported-and-tested-by: syzbot+1b2abad17596ad03dcff@syzkaller.appspotmail.com
+Closes: https://lore.kernel.org/linux-usb/000000000000f45085061aa9b37e@google.com/
+Fixes: 9908a32e94de ("USB: remove err() macro from usb class drivers")
+Link: https://lore.kernel.org/linux-usb/40dfa45b-5f21-4eef-a8c1-51a2f320e267@rowland.harvard.edu/
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/29855215-52f5-4385-b058-91f42c2bee18@rowland.harvard.edu
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/class/cdc-wdm.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/usb/class/cdc-wdm.c
++++ b/drivers/usb/class/cdc-wdm.c
+@@ -252,14 +252,14 @@ static void wdm_int_callback(struct urb
+ 			dev_err(&desc->intf->dev, "Stall on int endpoint\n");
+ 			goto sw; /* halt is cleared in work */
+ 		default:
+-			dev_err(&desc->intf->dev,
++			dev_err_ratelimited(&desc->intf->dev,
+ 				"nonzero urb status received: %d\n", status);
+ 			break;
+ 		}
+ 	}
+ 
+ 	if (urb->actual_length < sizeof(struct usb_cdc_notification)) {
+-		dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n",
++		dev_err_ratelimited(&desc->intf->dev, "wdm_int_callback - %d bytes\n",
+ 			urb->actual_length);
+ 		goto exit;
+ 	}
-- 
2.47.3