* Patch "Revert "usb: hub: do not clear BOS field during reset device"" has been added to the 3.14-stable tree
@ 2016-04-18 1:44 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2016-04-18 1:44 UTC (permalink / raw)
To: gregkh, changbin.du, rogerq, tonyb; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
Revert "usb: hub: do not clear BOS field during reset device"
to the 3.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
revert-usb-hub-do-not-clear-bos-field-during-reset-device.patch
and it can be found in the queue-3.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From e5bdfd50d6f76077bf8441d130c606229e100d40 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 20 Feb 2016 14:19:34 -0800
Subject: Revert "usb: hub: do not clear BOS field during reset device"
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e5bdfd50d6f76077bf8441d130c606229e100d40 upstream.
This reverts commit d8f00cd685f5c8e0def8593e520a7fef12c22407.
Tony writes:
This upstream commit is causing an oops:
d8f00cd685f5 ("usb: hub: do not clear BOS field during reset device")
This patch has already been included in several -stable kernels. Here
are the affected kernels:
4.5.0-rc4 (current git)
4.4.2
4.3.6 (currently in review)
4.1.18
3.18.27
3.14.61
How to reproduce the problem:
Boot kernel with slub debugging enabled (otherwise memory corruption
will cause random oopses later instead of immediately)
Plug in USB 3.0 disk to xhci USB 3.0 port
dd if=/dev/sdc of=/dev/null bs=65536
(where /dev/sdc is the USB 3.0 disk)
Unplug USB cable while dd is still going
Oops is immediate:
Reported-by: Tony Battersby <tonyb@cybernetics.com>
Cc: Du, Changbin <changbin.du@intel.com>
Cc: Roger Quadros <rogerq@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/hub.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -5231,6 +5231,7 @@ static int usb_reset_and_verify_device(s
usb_set_usb2_hardware_lpm(udev, 0);
bos = udev->bos;
+ udev->bos = NULL;
/* Disable LPM and LTM while we reset the device and reinstall the alt
* settings. Device-initiated LPM settings, and system exit latency
@@ -5339,11 +5340,8 @@ done:
usb_set_usb2_hardware_lpm(udev, 1);
usb_unlocked_enable_lpm(udev);
usb_enable_ltm(udev);
- /* release the new BOS descriptor allocated by hub_port_init() */
- if (udev->bos != bos) {
- usb_release_bos_descriptor(udev);
- udev->bos = bos;
- }
+ usb_release_bos_descriptor(udev);
+ udev->bos = bos;
return 0;
re_enumerate:
Patches currently in stable-queue which might be from gregkh@linuxfoundation.org are
queue-3.14/ipv4-fix-broadcast-packets-reception.patch
queue-3.14/ext4-add-lockdep-annotations-for-i_data_sem.patch
queue-3.14/qlge-fix-receive-packets-drop.patch
queue-3.14/drm-radeon-add-a-dpm-quirk-for-all-r7-370-parts.patch
queue-3.14/mac80211-fix-unnecessary-frame-drops-in-mesh-fwding.patch
queue-3.14/0001-drm-radeon-hold-reference-to-fences-in-radeon_sa_bo_.patch
queue-3.14/revert-bad-backport-of-drm-radeon-hold-reference-to-fences-in-radeon_sa_bo_new.patch
queue-3.14/parisc-fix-kernel-crash-with-reversed-copy_from_user.patch
queue-3.14/perf-cure-event-pending_disable-race.patch
queue-3.14/ppp-take-reference-on-channels-netns.patch
queue-3.14/usbvision-fix-leak-of-usb_dev-on-failure-paths-in-usbvision_probe.patch
queue-3.14/drm-radeon-add-a-dpm-quirk-for-sapphire-dual-x-r7-370-2g-d5.patch
queue-3.14/ip6_tunnel-set-rtnl_link_ops-before-calling-register_netdevice.patch
queue-3.14/parisc-avoid-function-pointers-for-kernel-exception-routines.patch
queue-3.14/sh_eth-fix-null-pointer-dereference-in-sh_eth_ring_format.patch
queue-3.14/farsync-fix-off-by-one-bug-in-fst_add_one.patch
queue-3.14/qmi_wwan-add-d-link-dwm-221-b1-device-id.patch
queue-3.14/sctp-lack-the-check-for-ports-in-sctp_v6_cmp_addr.patch
queue-3.14/net-fix-use-after-free-in-the-recvmmsg-exit-path.patch
queue-3.14/xen-events-mask-a-moving-irq.patch
queue-3.14/usb-renesas_usbhs-avoid-null-pointer-derefernce-in-usbhsf_pkt_handler.patch
queue-3.14/alsa-timer-use-mod_timer-for-rearming-the-system-timer.patch
queue-3.14/ipv4-l2tp-fix-a-potential-issue-in-l2tp_ip_recv.patch
queue-3.14/ath9k-fix-buffer-overrun-for-ar9287.patch
queue-3.14/usb-renesas_usbhs-disable-tx-irq-before-starting-tx-dmac-transfer.patch
queue-3.14/usbvision-fix-overflow-of-interfaces-array.patch
queue-3.14/ipv6-l2tp-fix-a-potential-issue-in-l2tp_ip6_recv.patch
queue-3.14/usbnet-cleanup-after-bind-in-probe.patch
queue-3.14/net-jme-fix-suspend-resume-on-jmc260.patch
queue-3.14/udp6-fix-udp-ipv6-encap-resubmit-path.patch
queue-3.14/usbvision-fix-crash-on-detecting-device-with-invalid-configuration.patch
queue-3.14/ipv6-re-enable-fragment-header-matching-in-ipv6_find_hdr.patch
queue-3.14/hid-usbhid-fix-inconsistent-reset-resume-reset-resume-behavior.patch
queue-3.14/hwmon-max1111-return-enodev-from-max1111_read_channel-if-not-instantiated.patch
queue-3.14/cdc_ncm-toggle-altsetting-to-force-reset-before-setup.patch
queue-3.14/revert-usb-hub-do-not-clear-bos-field-during-reset-device.patch
queue-3.14/mm-fix-invalid-node-in-alloc_migrate_target.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-04-18 1:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-04-18 1:44 Patch "Revert "usb: hub: do not clear BOS field during reset device"" has been added to the 3.14-stable tree gregkh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).