This is a note to let you know that I've just added the patch titled
Revert "usb: hub: do not clear BOS field during reset device"
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
revert-usb-hub-do-not-clear-bos-field-during-reset-device.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From e5bdfd50d6f76077bf8441d130c606229e100d40 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 20 Feb 2016 14:19:34 -0800
Subject: Revert "usb: hub: do not clear BOS field during reset device"
From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
commit e5bdfd50d6f76077bf8441d130c606229e100d40 upstream.
This reverts commit d8f00cd685f5c8e0def8593e520a7fef12c22407.
Tony writes:
This upstream commit is causing an oops:
d8f00cd685f5 ("usb: hub: do not clear BOS field during reset device")
This patch has already been included in several -stable kernels. Here
are the affected kernels:
4.5.0-rc4 (current git)
4.4.2
4.3.6 (currently in review)
4.1.18
3.18.27
3.14.61
How to reproduce the problem:
Boot kernel with slub debugging enabled (otherwise memory corruption
will cause random oopses later instead of immediately)
Plug in USB 3.0 disk to xhci USB 3.0 port
dd if=/dev/sdc of=/dev/null bs=65536
(where /dev/sdc is the USB 3.0 disk)
Unplug USB cable while dd is still going
Oops is immediate:
Reported-by: Tony Battersby <tonyb@xxxxxxxxxxxxxxx>
Cc: Du, Changbin <changbin.du@xxxxxxxxx>
Cc: Roger Quadros <rogerq@xxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/usb/core/hub.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -5392,6 +5392,7 @@ static int usb_reset_and_verify_device(s
}
bos = udev->bos;
+ udev->bos = NULL;
for (i = 0; i < SET_CONFIG_TRIES; ++i) {
@@ -5484,11 +5485,8 @@ done:
usb_set_usb2_hardware_lpm(udev, 1);
usb_unlocked_enable_lpm(udev);
usb_enable_ltm(udev);
- /* release the new BOS descriptor allocated by hub_port_init() */
- if (udev->bos != bos) {
- usb_release_bos_descriptor(udev);
- udev->bos = bos;
- }
+ usb_release_bos_descriptor(udev);
+ udev->bos = bos;
return 0;
re_enumerate:
Patches currently in stable-queue which might be from gregkh@xxxxxxxxxxxxxxxxxxx are
queue-4.4/drm-dp-move-hw_mutex-up-the-call-stack.patch
queue-4.4/net-vrf-remove-direct-access-to-skb-data.patch
queue-4.4/tcp-fix-tcpi_segs_in-after-connection-establishment.patch
queue-4.4/tun-bpf-fix-suspicious-rcu-usage-in-tun_-attach-detach-_filter.patch
queue-4.4/mpls-find_outdev-check-for-err-ptr-in-addition-to-null-check.patch
queue-4.4/ipv4-fix-broadcast-packets-reception.patch
queue-4.4/ipv4-only-create-late-gso-skb-if-skb-is-already-set-up-with-checksum_partial.patch
queue-4.4/alsa-hda-asus-n750jv-external-subwoofer-fixup.patch
queue-4.4/ppp-release-rtnl-mutex-when-interface-creation-fails.patch
queue-4.4/ext4-add-lockdep-annotations-for-i_data_sem.patch
queue-4.4/bridge-allow-zero-ageing-time.patch
queue-4.4/qlge-fix-receive-packets-drop.patch
queue-4.4/revert-pci-add-helpers-to-manage-pci_dev-irq-and-pci_dev-irq_managed.patch
queue-4.4/drm-radeon-add-a-dpm-quirk-for-all-r7-370-parts.patch
queue-4.4/mac80211-fix-unnecessary-frame-drops-in-mesh-fwding.patch
queue-4.4/sd-fix-excessive-capacity-printing-on-devices-with-blocks-bigger-than-512-bytes.patch
queue-4.4/iio-gyro-bmg160-fix-buffer-read-values.patch
queue-4.4/mac80211-avoid-excessive-stack-usage-in-sta_info.patch
queue-4.4/alsa-hda-fixup-speaker-pass-through-control-for-nid-0x14-on-alc225.patch
queue-4.4/alsa-hda-fix-headset-support-and-noise-on-hp-elitebook-755-g2.patch
queue-4.4/powerpc-mm-fixup-preempt-underflow-with-huge-pages.patch
queue-4.4/parisc-fix-kernel-crash-with-reversed-copy_from_user.patch
queue-4.4/perf-cure-event-pending_disable-race.patch
queue-4.4/v4l-vsp1-set-the-sru-ctrl0-register-when-starting-the-stream.patch
queue-4.4/ppp-take-reference-on-channels-netns.patch
queue-4.4/alsa-usb-audio-skip-volume-controls-triggers-hangup-on-dell-usb-dock.patch
queue-4.4/mac80211-fix-ibss-scan-parameters.patch
queue-4.4/rocker-set-fdb-cleanup-timer-according-to-lowest-ageing-time.patch
queue-4.4/bridge-allow-set-bridge-ageing-time-when-switchdev-disabled.patch
queue-4.4/parisc-unbreak-handling-exceptions-from-kernel-modules.patch
queue-4.4/usb-uas-limit-qdepth-at-the-scsi-host-level.patch
queue-4.4/usb-uas-add-a-new-no_report_luns-quirk.patch
queue-4.4/qmi_wwan-add-sierra-wireless-em74xx-device-id.patch
queue-4.4/pkcs-7-pkcs7_validate_trust-initialize-the-_trusted-output-argument.patch
queue-4.4/ax25-add-link-layer-header-validation-function.patch
queue-4.4/net-validate-variable-length-ll-headers.patch
queue-4.4/libnvdimm-pfn-fix-uuid-validation.patch
queue-4.4/xfrm-fix-crash-observed-during-device-unregistration-and-decryption.patch
queue-4.4/au0828-fix-au0828_v4l2_close-dev_state-race-condition.patch
queue-4.4/mips-fix-msa-ld-unaligned-failure-cases.patch
queue-4.4/tcp-dccp-remove-obsolete-warn_on-in-icmp-handlers.patch
queue-4.4/mmc-sdhci-pci-add-support-and-pci-ids-for-more-broxton-host-controllers.patch
queue-4.4/arm64-opcodes.h-add-arm-big-endian-config-options-before-including-arm-header.patch
queue-4.4/drm-radeon-add-a-dpm-quirk-for-sapphire-dual-x-r7-370-2g-d5.patch
queue-4.4/alsa-hda-fix-white-noise-on-asus-n750jv-headphone.patch
queue-4.4/ip6_tunnel-set-rtnl_link_ops-before-calling-register_netdevice.patch
queue-4.4/parisc-avoid-function-pointers-for-kernel-exception-routines.patch
queue-4.4/ppp-ensure-file-private_data-can-t-be-overridden.patch
queue-4.4/sh_eth-fix-null-pointer-dereference-in-sh_eth_ring_format.patch
queue-4.4/ext4-ignore-quota-mount-options-if-the-quota-feature-is-enabled.patch
queue-4.4/usb-renesas_usbhs-fix-to-avoid-using-a-disabled-ep-in-usbhsg_queue_done.patch
queue-4.4/ipv4-don-t-do-expensive-useless-work-during-inetdev-destroy.patch
queue-4.4/pinctrl-nomadik-fix-pull-debug-print-inversion.patch
queue-4.4/coda-fix-error-path-in-case-of-missing-pdata-on-non-dt-platform.patch
queue-4.4/packet-validate-variable-length-ll-headers.patch
queue-4.4/sh_eth-advance-rxdesc-later-in-sh_eth_ring_format.patch
queue-4.4/libnvdimm-fix-smart-data-retrieval.patch
queue-4.4/mlxsw-spectrum-check-requested-ageing-time-is-valid.patch
queue-4.4/alsa-hda-fix-front-mic-problem-for-a-hp-desktop.patch
queue-4.4/pinctrl-pistachio-fix-mfio84-89-function-description-and-pinmux.patch
queue-4.4/farsync-fix-off-by-one-bug-in-fst_add_one.patch
queue-4.4/macvtap-always-pass-ethernet-header-in-linear.patch
queue-4.4/qmi_wwan-add-d-link-dwm-221-b1-device-id.patch
queue-4.4/alsa-usb-audio-add-a-sample-rate-quirk-for-phoenix-audio-tmx320.patch
queue-4.4/nfs-use-file_dentry.patch
queue-4.4/ipv6-udp-fix-udp_mib_ignoredmulti-updates.patch
queue-4.4/perf-do-not-double-free.patch
queue-4.4/cdc-acm-fix-null-pointer-reference.patch
queue-4.4/ipv4-initialize-flowi4_flags-before-calling-fib_lookup.patch
queue-4.4/sctp-lack-the-check-for-ports-in-sctp_v6_cmp_addr.patch
queue-4.4/ipv6-count-in-extension-headers-in-skb-network_header.patch
queue-4.4/net-qca_spi-don-t-clear-iff_broadcast.patch
queue-4.4/iio-gyro-bmg160-fix-endianness-when-reading-axes.patch
queue-4.4/net-fix-use-after-free-in-the-recvmmsg-exit-path.patch
queue-4.4/xen-events-mask-a-moving-irq.patch
queue-4.4/usb-renesas_usbhs-avoid-null-pointer-derefernce-in-usbhsf_pkt_handler.patch
queue-4.4/mac80211-properly-deal-with-station-hashtable-insert-errors.patch
queue-4.4/pinctrl-sunxi-fix-a33-external-interrupts-not-working.patch
queue-4.4/pcmcia-db1xxx_ss-fix-last-irq_to_gpio-user.patch
queue-4.4/alsa-timer-use-mod_timer-for-rearming-the-system-timer.patch
queue-4.4/ipv4-l2tp-fix-a-potential-issue-in-l2tp_ip_recv.patch
queue-4.4/ath9k-fix-buffer-overrun-for-ar9287.patch
queue-4.4/vxlan-fix-missing-options_len-update-on-rx-with-collect-metadata.patch
queue-4.4/kvm-x86-inject-pending-interrupt-even-if-pending-nmi-exist.patch
queue-4.4/drm-radeon-add-another-r7-370-quirk.patch
queue-4.4/usb-renesas_usbhs-disable-tx-irq-before-starting-tx-dmac-transfer.patch
queue-4.4/staging-android-ion-set-the-length-of-the-dma-sg-entries-in-buffer.patch
queue-4.4/hid-wacom-fix-bamboo-one-oops.patch
queue-4.4/tuntap-restore-default-qdisc.patch
queue-4.4/usbvision-fix-overflow-of-interfaces-array.patch
queue-4.4/ipv6-l2tp-fix-a-potential-issue-in-l2tp_ip6_recv.patch
queue-4.4/usbnet-cleanup-after-bind-in-probe.patch
queue-4.4/au0828-fix-dev_state-handling.patch
queue-4.4/qlcnic-remove-unnecessary-usage-of-atomic_t.patch
queue-4.4/kvm-x86-reduce-default-value-of-halt_poll_ns-parameter.patch
queue-4.4/iommu-don-t-overwrite-domain-pointer-when-there-is-no-default_domain.patch
queue-4.4/drm-amdgpu-gmc-use-proper-register-for-vram-type-on-fiji.patch
queue-4.4/alsa-hda-apply-fix-for-white-noise-on-asus-n550jv-too.patch
queue-4.4/iio-st_magn-always-define-st_magn_trigger_set_state.patch
queue-4.4/net-jme-fix-suspend-resume-on-jmc260.patch
queue-4.4/rtnl-fix-msg-size-calculation-in-if_nlmsg_size.patch
queue-4.4/udp6-fix-udp-ipv6-encap-resubmit-path.patch
queue-4.4/btrfs-fix-crash-invalid-memory-access-on-fsync-when-using-overlayfs.patch
queue-4.4/pinctrl-freescale-imx-fix-bogus-check-of-of_iomap-return-value.patch
queue-4.4/usbvision-fix-crash-on-detecting-device-with-invalid-configuration.patch
queue-4.4/fs-add-file_dentry.patch
queue-4.4/bonding-fix-bond_get_stats.patch
queue-4.4/alsa-hda-realtek-enable-the-alc292-dock-fixup-on-the-thinkpad-t460s.patch
queue-4.4/compiler-gcc-disable-ftracer-for-__noclone-functions.patch
queue-4.4/alsa-usb-audio-add-a-quirk-for-plantronics-bt300.patch
queue-4.4/iio-accel-bmc150-fix-endianness-when-reading-axes.patch
queue-4.4/btrfs-fix-file-data-loss-caused-by-fsync-after-rename-and-new-inode.patch
queue-4.4/pinctrl-sh-pfc-only-use-dummy-states-for-non-dt-platforms.patch
queue-4.4/drm-amdgpu-gmc-move-vram-type-fetching-into-sw_init.patch
queue-4.4/ipv6-re-enable-fragment-header-matching-in-ipv6_find_hdr.patch
queue-4.4/bpf-avoid-copying-junk-bytes-in-bpf_get_current_comm.patch
queue-4.4/arm64-replace-read_lock-to-rcu-lock-in-call_step_hook.patch
queue-4.4/tunnel-clear-ipcb-skb-opt-before-dst_link_failure-called.patch
queue-4.4/net-bcmgenet-fix-dma-api-length-mismatch.patch
queue-4.4/hid-usbhid-fix-inconsistent-reset-resume-reset-resume-behavior.patch
queue-4.4/qlcnic-fix-mailbox-completion-handling-during-spurious-interrupt.patch
queue-4.4/hwmon-max1111-return-enodev-from-max1111_read_channel-if-not-instantiated.patch
queue-4.4/net-fix-bridge-multicast-packet-checksum-validation.patch
queue-4.4/revert-pci-x86-implement-pcibios_alloc_irq-and-pcibios_free_irq.patch
queue-4.4/cdc_ncm-toggle-altsetting-to-force-reset-before-setup.patch
queue-4.4/revert-x86-pci-don-t-alloc-pcibios-irq-when-msi-is-enabled.patch
queue-4.4/revert-usb-hub-do-not-clear-bos-field-during-reset-device.patch
queue-4.4/mld-igmp-fix-reserved-tailroom-calculation.patch
queue-4.4/mm-fix-invalid-node-in-alloc_migrate_target.patch
queue-4.4/tcp-convert-cached-rtt-from-usec-to-jiffies-when-feeding-initial-rto.patch
queue-4.4/tipc-revert-tipc-use-existing-sk_write_queue-for-outgoing-packet-chain.patch
queue-4.4/virtio-virtio-1.0-cs04-spec-compliance-for-reset.patch
queue-4.4/mlx4-add-missing-braces-in-verify_qp_parameters.patch
queue-4.4/mac80211-fix-txq-queue-related-crashes.patch
queue-4.4/rbd-use-gfp_noio-consistently-for-request-allocations.patch
queue-4.4/drm-udl-use-unlocked-gem-unreferencing.patch
queue-4.4/net-qca_spi-clear-iff_tx_skb_sharing.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html