--- /dev/null
+From c656941df9bc80f7ec65b92ca73c42f8b0b62628 Mon Sep 17 00:00:00 2001
+From: Nicolin Chen <nicoleotsuka@gmail.com>
+Date: Sun, 8 Apr 2018 16:57:35 -0700
+Subject: ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
+
+From: Nicolin Chen <nicoleotsuka@gmail.com>
+
+commit c656941df9bc80f7ec65b92ca73c42f8b0b62628 upstream.
+
+When the desired ratio is less than 256, the savesub (tolerance)
+in the calculation would become 0. This will then fail the loop-
+search immediately without reporting any errors.
+
+But if the ratio is smaller enough, there is no need to calculate
+the tolerance because PM divisor alone is enough to get the ratio.
+
+So a simple fix could be just to set PM directly instead of going
+into the loop-search.
+
+Reported-by: Marek Vasut <marex@denx.de>
+Signed-off-by: Nicolin Chen <nicoleotsuka@gmail.com>
+Tested-by: Marek Vasut <marex@denx.de>
+Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/fsl/fsl_esai.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/sound/soc/fsl/fsl_esai.c
++++ b/sound/soc/fsl/fsl_esai.c
+@@ -143,6 +143,13 @@ static int fsl_esai_divisor_cal(struct s
+
+ psr = ratio <= 256 * maxfp ? ESAI_xCCR_xPSR_BYPASS : ESAI_xCCR_xPSR_DIV8;
+
++ /* Do not loop-search if PM (1 ~ 256) alone can serve the ratio */
++ if (ratio <= 256) {
++ pm = ratio;
++ fp = 1;
++ goto out;
++ }
++
+ /* Set the max fluctuation -- 0.1% of the max devisor */
+ savesub = (psr ? 1 : 8) * 256 * maxfp / 1000;
+
--- /dev/null
+From 9c55ad1c214d9f8c4594ac2c3fa392c1c32431a7 Mon Sep 17 00:00:00 2001
+From: Ilya Dryomov <idryomov@gmail.com>
+Date: Tue, 24 Apr 2018 19:10:55 +0200
+Subject: libceph: validate con->state at the top of try_write()
+
+From: Ilya Dryomov <idryomov@gmail.com>
+
+commit 9c55ad1c214d9f8c4594ac2c3fa392c1c32431a7 upstream.
+
+ceph_con_workfn() validates con->state before calling try_read() and
+then try_write(). However, try_read() temporarily releases con->mutex,
+notably in process_message() and ceph_con_in_msg_alloc(), opening the
+window for ceph_con_close() to sneak in, close the connection and
+release con->sock. When try_write() is called on the assumption that
+con->state is still valid (i.e. not STANDBY or CLOSED), a NULL sock
+gets passed to the networking stack:
+
+ BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
+ IP: selinux_socket_sendmsg+0x5/0x20
+
+Make sure con->state is valid at the top of try_write() and add an
+explicit BUG_ON for this, similar to try_read().
+
+Cc: stable@vger.kernel.org
+Link: https://tracker.ceph.com/issues/23706
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Reviewed-by: Jason Dillaman <dillaman@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ceph/messenger.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/net/ceph/messenger.c
++++ b/net/ceph/messenger.c
+@@ -2449,6 +2449,11 @@ static int try_write(struct ceph_connect
+ int ret = 1;
+
+ dout("try_write start %p state %lu\n", con, con->state);
++ if (con->state != CON_STATE_PREOPEN &&
++ con->state != CON_STATE_CONNECTING &&
++ con->state != CON_STATE_NEGOTIATING &&
++ con->state != CON_STATE_OPEN)
++ return 0;
+
+ more:
+ dout("try_write out_kvec_bytes %d\n", con->out_kvec_bytes);
+@@ -2474,6 +2479,8 @@ more:
+ }
+
+ more_kvec:
++ BUG_ON(!con->sock);
++
+ /* kvec data queued? */
+ if (con->out_skip) {
+ ret = write_partial_skip(con);
projects / thirdparty / kernel / stable-queue.git / commitdiff
