linux-stable.git/drivers/thunderbolt, branch v4.13.2 Linux kernel stable tree thunderbolt: Fix reset response_type 2017-09-09T15:39:22+00:00 Dan Carpenter dan.carpenter@oracle.com 2017-08-16T08:54:17+00:00 f89830dba413026c75371d95c31b7857dd745ef1 commit 02729d17b1b818cc38a6b6319231a0cd86b132e4 upstream. There is a mistake here where we accidentally use sizeof(TB_CFG_PKG_RESET) instead of just TB_CFG_PKG_RESET. The size of an int is 4 so it's the same as TB_CFG_PKG_NOTIFY_ACK. Fixes: d7f781bfdbf4 ("thunderbolt: Rework control channel to be more reliable") Reported-by: Colin King <colin.king@canonical.com> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
commit 02729d17b1b818cc38a6b6319231a0cd86b132e4 upstream.

There is a mistake here where we accidentally use sizeof(TB_CFG_PKG_RESET)
instead of just TB_CFG_PKG_RESET.  The size of an int is 4 so it's the
same as TB_CFG_PKG_NOTIFY_ACK.

Fixes: d7f781bfdbf4 ("thunderbolt: Rework control channel to be more reliable")
Reported-by: Colin King <colin.king@canonical.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Merge tag 'char-misc-4.13-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc 2017-08-13T19:41:58+00:00 Linus Torvalds torvalds@linux-foundation.org 2017-08-13T19:41:58+00:00 ce7ba95cf078337c9921b301a7e4b9e82561db38 Pull char/misc fixes from Greg KH: "Here are two patches for 4.13-rc5. One is a fix for a reported thunderbolt issue, and the other a fix for an MEI driver issue. Both have been in linux-next with no reported issues" * tag 'char-misc-4.13-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: thunderbolt: Do not enumerate more ports from DROM than the controller has mei: exclude device from suspend direct complete optimization 
Pull char/misc fixes from Greg KH:
 "Here are two patches for 4.13-rc5.

  One is a fix for a reported thunderbolt issue, and the other a fix for
  an MEI driver issue. Both have been in linux-next with no reported
  issues"

* tag 'char-misc-4.13-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  thunderbolt: Do not enumerate more ports from DROM than the controller has
  mei: exclude device from suspend direct complete optimization
thunderbolt: Do not enumerate more ports from DROM than the controller has 2017-08-10T21:25:35+00:00 Mika Westerberg mika.westerberg@linux.intel.com 2017-07-25T14:41:58+00:00 1cd65d17612e8b64989f7af20213d4bb7a7f4d91 Some Alpine Ridge LP DROMs (there might be others) erroneusly list more ports than the controller actually has. Most probably because DROM of the full Dual/Single port Thunderbolt controller was reused for LP version. The current DROM parser does not check the upper bound thus it leads to crash when sw->ports[] is accessed over bounds: BUG: unable to handle kernel NULL pointer dereference at 00000000000002ec IP: tb_drom_read+0x383/0x890 [thunderbolt] PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 3 PID: 12248 Comm: systemd-udevd Not tainted 4.13.0-rc1-next-20170719 #1 Hardware name: LENOVO 20HF000YGE/20HF000YGE, BIOS N1WET32W (1.11 ) 05/23/2017 task: ffff8a293e4bcd80 task.stack: ffffa698027a8000 RIP: 0010:tb_drom_read+0x383/0x890 [thunderbolt] RSP: 0018:ffffa698027ab990 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8a2940af7800 RCX: 0000000000000000 RDX: ffff8a2940ebb400 RSI: 0000000000000000 RDI: ffffa698027ab9a0 RBP: ffffa698027ab9d0 R08: 0000000000000001 R09: 0000000000000002 R10: ffff8a2940ebb5b0 R11: 0000000000000000 R12: ffff8a293bfa968c R13: 000000000000002c R14: 0000000000000056 R15: 0000000000000056 FS: 00007f0a945a38c0(0000) GS:ffff8a2961580000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000002ec CR3: 000000043e785000 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: tb_switch_add+0x9d/0x730 [thunderbolt] ? tb_switch_alloc+0x3cd/0x4d0 [thunderbolt] icm_start+0x5a/0xa0 [thunderbolt] tb_domain_add+0xc3/0xf0 [thunderbolt] nhi_probe+0x19e/0x310 [thunderbolt] local_pci_probe+0x42/0xa0 pci_device_probe+0x18d/0x1a0 driver_probe_device+0x2ff/0x450 __driver_attach+0xa4/0xe0 ? driver_probe_device+0x450/0x450 bus_for_each_dev+0x6e/0xb0 driver_attach+0x1e/0x20 bus_add_driver+0x1d0/0x270 ? 0xffffffffc0bbb000 driver_register+0x60/0xe0 ? 0xffffffffc0bbb000 __pci_register_driver+0x4c/0x50 nhi_init+0x28/0x1000 [thunderbolt] do_one_initcall+0x50/0x190 ? __vunmap+0x81/0xb0 ? _cond_resched+0x1a/0x50 ? kmem_cache_alloc_trace+0x15f/0x1c0 ? do_init_module+0x27/0x1e9 do_init_module+0x5f/0x1e9 load_module+0x24e7/0x2a60 ? vfs_read+0x115/0x130 SYSC_finit_module+0xfc/0x120 ? SYSC_finit_module+0xfc/0x120 SyS_finit_module+0xe/0x10 do_syscall_64+0x67/0x170 entry_SYSCALL64_slow_path+0x25/0x25 Fix this by making sure we only enumerate DROM port entries the hardware actually has. Reported-by: Christian Kellner <ckellner@redhat.com> Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com> Reviewed-by: Lukas Wunner <lukas@wunner.de> Tested-by: Christian Kellner <ckellner@redhat.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Some Alpine Ridge LP DROMs (there might be others) erroneusly list more
ports than the controller actually has. Most probably because DROM of
the full Dual/Single port Thunderbolt controller was reused for LP
version. The current DROM parser does not check the upper bound thus it
leads to crash when sw->ports[] is accessed over bounds:

 BUG: unable to handle kernel NULL pointer dereference at 00000000000002ec
 IP: tb_drom_read+0x383/0x890 [thunderbolt]
 PGD 0
 P4D 0
 Oops: 0000 [#1] SMP
 CPU: 3 PID: 12248 Comm: systemd-udevd Not tainted 4.13.0-rc1-next-20170719 #1
 Hardware name: LENOVO 20HF000YGE/20HF000YGE, BIOS N1WET32W (1.11 ) 05/23/2017
 task: ffff8a293e4bcd80 task.stack: ffffa698027a8000
 RIP: 0010:tb_drom_read+0x383/0x890 [thunderbolt]
 RSP: 0018:ffffa698027ab990 EFLAGS: 00010246
 RAX: 0000000000000000 RBX: ffff8a2940af7800 RCX: 0000000000000000
 RDX: ffff8a2940ebb400 RSI: 0000000000000000 RDI: ffffa698027ab9a0
 RBP: ffffa698027ab9d0 R08: 0000000000000001 R09: 0000000000000002
 R10: ffff8a2940ebb5b0 R11: 0000000000000000 R12: ffff8a293bfa968c
 R13: 000000000000002c R14: 0000000000000056 R15: 0000000000000056
 FS:  00007f0a945a38c0(0000) GS:ffff8a2961580000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 00000000000002ec CR3: 000000043e785000 CR4: 00000000003606e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 Call Trace:
  tb_switch_add+0x9d/0x730 [thunderbolt]
  ? tb_switch_alloc+0x3cd/0x4d0 [thunderbolt]
  icm_start+0x5a/0xa0 [thunderbolt]
  tb_domain_add+0xc3/0xf0 [thunderbolt]
  nhi_probe+0x19e/0x310 [thunderbolt]
  local_pci_probe+0x42/0xa0
  pci_device_probe+0x18d/0x1a0
  driver_probe_device+0x2ff/0x450
  __driver_attach+0xa4/0xe0
  ? driver_probe_device+0x450/0x450
  bus_for_each_dev+0x6e/0xb0
  driver_attach+0x1e/0x20
  bus_add_driver+0x1d0/0x270
  ? 0xffffffffc0bbb000
  driver_register+0x60/0xe0
  ? 0xffffffffc0bbb000
  __pci_register_driver+0x4c/0x50
  nhi_init+0x28/0x1000 [thunderbolt]
  do_one_initcall+0x50/0x190
  ? __vunmap+0x81/0xb0
  ? _cond_resched+0x1a/0x50
  ? kmem_cache_alloc_trace+0x15f/0x1c0
  ? do_init_module+0x27/0x1e9
  do_init_module+0x5f/0x1e9
  load_module+0x24e7/0x2a60
  ? vfs_read+0x115/0x130
  SYSC_finit_module+0xfc/0x120
  ? SYSC_finit_module+0xfc/0x120
  SyS_finit_module+0xe/0x10
  do_syscall_64+0x67/0x170
  entry_SYSCALL64_slow_path+0x25/0x25

Fix this by making sure we only enumerate DROM port entries the hardware
actually has.

Reported-by: Christian Kellner <ckellner@redhat.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Tested-by: Christian Kellner <ckellner@redhat.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Merge branches 'pm-core' and 'pm-misc' 2017-08-03T18:29:45+00:00 Rafael J. Wysocki rafael.j.wysocki@intel.com 2017-08-03T18:29:45+00:00 78aa904a773bfd008606c2065709e23173180ace * pm-core: PM / runtime: Document new pm_runtime_set_suspended() constraint * pm-misc: thunderbolt: icm: Ignore mailbox errors in icm_suspend() 
* pm-core:
  PM / runtime: Document new pm_runtime_set_suspended() constraint

* pm-misc:
  thunderbolt: icm: Ignore mailbox errors in icm_suspend()
thunderbolt: icm: Ignore mailbox errors in icm_suspend() 2017-07-31T11:24:29+00:00 Rafael J. Wysocki rafael.j.wysocki@intel.com 2017-07-24T23:31:00+00:00 a684c5b1887cbb95d624e33574fabf8a5ca599e9 On one of my test machines nhi_mailbox_cmd() called from icm_suspend() times out and returnes an error which then is propagated to the caller and causes the entire system suspend to be aborted which isn't very useful. Instead of aborting system suspend, print the error into the log and continue. Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com> Acked-by: Michael Jamet <michael.jamet@intel.com> 
On one of my test machines nhi_mailbox_cmd() called from icm_suspend()
times out and returnes an error which then is propagated to the
caller and causes the entire system suspend to be aborted which isn't
very useful.

Instead of aborting system suspend, print the error into the log
and continue.

Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Acked-by: Michael Jamet <michael.jamet@intel.com>
Merge tag 'uuid-for-4.13-2' of git://git.infradead.org/users/hch/uuid 2017-07-26T02:46:05+00:00 Linus Torvalds torvalds@linux-foundation.org 2017-07-26T02:46:05+00:00 5d4eeb8a6124da65a2119601c4016ecc37e867b6 Pull uuid fixes from Christoph Hellwig: - add a missing "!" in the uuid tests - remove the last remaining user of the uuid_be type, and then the type and its helpers * tag 'uuid-for-4.13-2' of git://git.infradead.org/users/hch/uuid: uuid: remove uuid_be thunderbolt: use uuid_t instead of uuid_be uuid: fix incorrect uuid_equal conversion in test_uuid_test 
Pull uuid fixes from Christoph Hellwig:

 - add a missing "!" in the uuid tests

 - remove the last remaining user of the uuid_be type, and then the type
   and its helpers

* tag 'uuid-for-4.13-2' of git://git.infradead.org/users/hch/uuid:
  uuid: remove uuid_be
  thunderbolt: use uuid_t instead of uuid_be
  uuid: fix incorrect uuid_equal conversion in test_uuid_test
thunderbolt: use uuid_t instead of uuid_be 2017-07-24T15:50:18+00:00 Christoph Hellwig hch@lst.de 2017-07-18T13:30:05+00:00 7c39ffe7a821dfd1f801627e1813f7c025e4c918 Switch thunderbolt to the new uuid type. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Amir Goldstein <amir73il@gmail.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com> 
Switch thunderbolt to the new uuid type.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
thunderbolt: Correct access permissions for active NVM contents 2017-07-17T13:55:08+00:00 Mika Westerberg mika.westerberg@linux.intel.com 2017-06-29T11:19:50+00:00 800161bd0209a8db77f66af283c379ff8d58d88d Firmware upgrade tools that decide which NVM image should be uploaded to the Thunderbolt controller need to access active parts of the NVM even if they are not run as root. The information in active NVM is not considered security critical so we can use the default permissions set by the NVMem framework. Writing the NVM image is still left as root only operation. While there mark the active NVM as read-only in the filesystem. Reported-by: Yehezkel Bernat <yehezkel.bernat@intel.com> Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com> Signed-off-by: Andreas Noever <andreas.noever@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Firmware upgrade tools that decide which NVM image should be uploaded to
the Thunderbolt controller need to access active parts of the NVM even
if they are not run as root. The information in active NVM is not
considered security critical so we can use the default permissions set
by the NVMem framework.

Writing the NVM image is still left as root only operation.

While there mark the active NVM as read-only in the filesystem.

Reported-by: Yehezkel Bernat <yehezkel.bernat@intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Andreas Noever <andreas.noever@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
thunderbolt: fix spelling mistake: "missmatch" -> "mismatch" 2017-06-09T09:44:17+00:00 Colin Ian King colin.king@canonical.com 2017-05-18T07:42:49+00:00 eb7bfcce69a9283db76e6d95ce9a9fcd7abc047a Trivial fix to spelling mistake in tb_sw_warn warning message Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Trivial fix to spelling mistake in tb_sw_warn warning message

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
thunderbolt: Add support for host and device NVM firmware upgrade 2017-06-09T09:42:43+00:00 Mika Westerberg mika.westerberg@linux.intel.com 2017-06-06T12:25:17+00:00 e6b245ccd524441f462f1ca1fe726123dcedeeee Starting from Intel Falcon Ridge the NVM firmware can be upgraded by using DMA configuration based mailbox commands. If we detect that the host or device (device support starts from Intel Alpine Ridge) has the DMA configuration based mailbox we expose NVM information to the userspace as two separate Linux NVMem devices: nvm_active and nvm_non_active. The former is read-only portion of the active NVM which firmware upgrade tools can be use to find out suitable NVM image if the device identification strings are not enough. The latter is write-only portion where the new NVM image is to be written by the userspace. It is up to the userspace to find out right NVM image (the kernel does very minimal validation). The ICM firmware itself authenticates the new NVM firmware and fails the operation if it is not what is expected. We also expose two new sysfs files per each switch: nvm_version and nvm_authenticate which can be used to read the active NVM version and start the upgrade process. We also introduce safe mode which is the mode a switch goes when it does not have properly authenticated firmware. In this mode the switch only accepts a couple of commands including flashing a new NVM firmware image and triggering power cycle. This code is based on the work done by Amir Levy and Michael Jamet. Signed-off-by: Michael Jamet <michael.jamet@intel.com> Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com> Reviewed-by: Yehezkel Bernat <yehezkel.bernat@intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Andreas Noever <andreas.noever@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 
Starting from Intel Falcon Ridge the NVM firmware can be upgraded by
using DMA configuration based mailbox commands. If we detect that the
host or device (device support starts from Intel Alpine Ridge) has the
DMA configuration based mailbox we expose NVM information to the
userspace as two separate Linux NVMem devices: nvm_active and
nvm_non_active. The former is read-only portion of the active NVM which
firmware upgrade tools can be use to find out suitable NVM image if the
device identification strings are not enough.

The latter is write-only portion where the new NVM image is to be
written by the userspace. It is up to the userspace to find out right
NVM image (the kernel does very minimal validation). The ICM firmware
itself authenticates the new NVM firmware and fails the operation if it
is not what is expected.

We also expose two new sysfs files per each switch: nvm_version and
nvm_authenticate which can be used to read the active NVM version and
start the upgrade process.

We also introduce safe mode which is the mode a switch goes when it does
not have properly authenticated firmware. In this mode the switch only
accepts a couple of commands including flashing a new NVM firmware image
and triggering power cycle.

This code is based on the work done by Amir Levy and Michael Jamet.

Signed-off-by: Michael Jamet <michael.jamet@intel.com>
Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Reviewed-by: Yehezkel Bernat <yehezkel.bernat@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Andreas Noever <andreas.noever@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>