Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp2340412ybz; Thu, 23 Apr 2020 16:20:22 -0700 (PDT) X-Google-Smtp-Source: APiQypLaMGatOThSoKW6OR/xWgHgfKvWNPXE+JM+01jzY3BgVdi7EuzuZgfcwD+35lnAiwKmBVHL X-Received: by 2002:aa7:ce05:: with SMTP id d5mr5066558edv.120.1587684022533; Thu, 23 Apr 2020 16:20:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587684022; cv=none; d=google.com; s=arc-20160816; b=UD8ZYaO8DnntM/jPQmceEb5f9aKXh37H7vj4ZI466ZM6QkrSg2233G6VkDAPRPYa/I iWSwW0u5wMlbwy9Q4K2C5lLJsfmox6wDuekMBLYneOcOJts9YfdGyv+0IkLMtGM5naM3 +I2LN0bgoFCJVWYCUZn4sJF1Twumuc00ubB4MXg6NReUljBSUynKejKxEfMFkvJR8t1y sgPdRdd0aXZ9CfMY2zefbhIuHTWo8Re6QQUVMSUUJMJyndx9sqaSgerRh1CW0Okl7KnO IEDh6hmUAHTukAKBSKaWK6BuXUrt2ioRC65Tg3pfwUA6w8Mh/NGmJTDoWtuwLC4I/Yx4 exxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition; bh=2TmGctCfdCRGaeIiaWgp5HfKp0P4ntTfA3Hb/ySH1sg=; b=RzqxL/pH6V9anneB8M35kJdOFX4z96elAKSz2i4jaT/VZZfLprmgXN3zzTOEAiZqou JrzM+bSt7fVHcFmZrMST5me1M4Z+6H6o9h+dZ6LMZXh7sC2Lv3vg1Eib8R47gvirOGYo dJHGA8qp3auSIVqL9AS+m34iIMmHDT0sSpoAZFF61eAKRbZ0kVk5M+GqKHf/ozD7J1In DU4KjkroUHMI6JLZLsYmleGBqCvRaBwJcMF3uYBLmhcOM+hI+Rb/4ajz3hCFe2kz/GgY mSI1YP42hSdieuffP3HxT1K/SEBUxTt6dT4gPJjeYukWe7Uc+sCjB+6vYvfqyxbrtwYr gBpA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a24si2065300edy.1.2020.04.23.16.19.59; Thu, 23 Apr 2020 16:20:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728634AbgDWXSS (ORCPT + 99 others); Thu, 23 Apr 2020 19:18:18 -0400 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:49088 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728285AbgDWXGj (ORCPT ); Thu, 23 Apr 2020 19:06:39 -0400 Received: from [192.168.4.242] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1jRkvQ-0004fp-6l; Fri, 24 Apr 2020 00:06:32 +0100 Received: from ben by deadeye with local (Exim 4.93) (envelope-from ) id 1jRkvO-00E6mk-L2; Fri, 24 Apr 2020 00:06:30 +0100 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, Denis Kirjanov , "Mathias Nyman" , "Sasha Levin" , "Greg Kroah-Hartman" Date: Fri, 24 Apr 2020 00:05:23 +0100 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) X-Patchwork-Hint: ignore Subject: [PATCH 3.16 096/245] xhci: make sure interrupts are restored to correct state In-Reply-To: X-SA-Exim-Connect-IP: 192.168.4.242 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.83-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Mathias Nyman commit bd82873f23c9a6ad834348f8b83f3b6a5bca2c65 upstream. spin_unlock_irqrestore() might be called with stale flags after reading port status, possibly restoring interrupts to a incorrect state. If a usb2 port just finished resuming while the port status is read the spin lock will be temporary released and re-acquired in a separate function. The flags parameter is passed as value instead of a pointer, not updating flags properly before the final spin_unlock_irqrestore() is called. Fixes: 8b3d45705e54 ("usb: Fix xHCI host issues on remote wakeup.") Signed-off-by: Mathias Nyman Link: https://lore.kernel.org/r/20191211142007.8847-7-mathias.nyman@linux.intel.com Signed-off-by: Greg Kroah-Hartman Signed-off-by: Sasha Levin Signed-off-by: Ben Hutchings --- drivers/usb/host/xhci-hub.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/drivers/usb/host/xhci-hub.c +++ b/drivers/usb/host/xhci-hub.c @@ -580,7 +580,7 @@ static u32 xhci_get_port_status(struct u struct xhci_bus_state *bus_state, __le32 __iomem **port_array, u16 wIndex, u32 raw_port_status, - unsigned long flags) + unsigned long *flags) __releases(&xhci->lock) __acquires(&xhci->lock) { @@ -670,12 +670,12 @@ static u32 xhci_get_port_status(struct u xhci_set_link_state(xhci, port_array, wIndex, XDEV_U0); - spin_unlock_irqrestore(&xhci->lock, flags); + spin_unlock_irqrestore(&xhci->lock, *flags); time_left = wait_for_completion_timeout( &bus_state->rexit_done[wIndex], msecs_to_jiffies( XHCI_MAX_REXIT_TIMEOUT_MS)); - spin_lock_irqsave(&xhci->lock, flags); + spin_lock_irqsave(&xhci->lock, *flags); if (time_left) { slot_id = xhci_find_slot_id_by_port(hcd, @@ -834,7 +834,7 @@ int xhci_hub_control(struct usb_hcd *hcd break; } status = xhci_get_port_status(hcd, bus_state, port_array, - wIndex, temp, flags); + wIndex, temp, &flags); if (status == 0xffffffff) goto error;