--- /dev/null
+From a655e2b107d463ce2745188ce050d07daed09a71 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Mon, 17 Feb 2020 16:19:47 +0100
+Subject: ALSA: hda/realtek - Apply quirk for MSI GP63, too
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit a655e2b107d463ce2745188ce050d07daed09a71 upstream.
+
+The same quirk that was applied to MSI GL73 is needed for MSI GP63,
+too. Adding the entry with the SSID 1462:1228.
+
+BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=206503
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20200217151947.17528-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_realtek.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -2447,6 +2447,7 @@ static const struct snd_pci_quirk alc882
+ SND_PCI_QUIRK(0x1071, 0x8258, "Evesham Voyaeger", ALC882_FIXUP_EAPD),
+ SND_PCI_QUIRK(0x1458, 0xa002, "Gigabyte EP45-DS3/Z87X-UD3H", ALC889_FIXUP_FRONT_HP_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1458, 0xa0b8, "Gigabyte AZ370-Gaming", ALC1220_FIXUP_GB_DUAL_CODECS),
++ SND_PCI_QUIRK(0x1462, 0x1228, "MSI-GP63", ALC1220_FIXUP_CLEVO_P950),
+ SND_PCI_QUIRK(0x1462, 0x1276, "MSI-GL73", ALC1220_FIXUP_CLEVO_P950),
+ SND_PCI_QUIRK(0x1462, 0x7350, "MSI-7350", ALC889_FIXUP_CD),
+ SND_PCI_QUIRK(0x1462, 0xda57, "MSI Z270-Gaming", ALC1220_FIXUP_GB_DUAL_CODECS),
--- /dev/null
+From cc5049ae4d457194796f854eb2e38b9727ad8c2d Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Tue, 18 Feb 2020 09:09:15 +0100
+Subject: ALSA: hda/realtek - Apply quirk for yet another MSI laptop
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit cc5049ae4d457194796f854eb2e38b9727ad8c2d upstream.
+
+MSI GP65 laptop with SSID 1462:1293 requires the same quirk as other
+MSI models.
+
+BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=204159
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20200218080915.3433-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_realtek.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -2449,6 +2449,7 @@ static const struct snd_pci_quirk alc882
+ SND_PCI_QUIRK(0x1458, 0xa0b8, "Gigabyte AZ370-Gaming", ALC1220_FIXUP_GB_DUAL_CODECS),
+ SND_PCI_QUIRK(0x1462, 0x1228, "MSI-GP63", ALC1220_FIXUP_CLEVO_P950),
+ SND_PCI_QUIRK(0x1462, 0x1276, "MSI-GL73", ALC1220_FIXUP_CLEVO_P950),
++ SND_PCI_QUIRK(0x1462, 0x1293, "MSI-GP65", ALC1220_FIXUP_CLEVO_P950),
+ SND_PCI_QUIRK(0x1462, 0x7350, "MSI-7350", ALC889_FIXUP_CD),
+ SND_PCI_QUIRK(0x1462, 0xda57, "MSI Z270-Gaming", ALC1220_FIXUP_GB_DUAL_CODECS),
+ SND_PCI_QUIRK_VENDOR(0x1462, "MSI", ALC882_FIXUP_GPIO3),
--- /dev/null
+From 44eeb081b8630bb3ad3cd381d1ae1831463e48bb Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Tue, 18 Feb 2020 10:14:09 +0100
+Subject: ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 44eeb081b8630bb3ad3cd381d1ae1831463e48bb upstream.
+
+Some code in HD-audio driver calls snprintf() in a loop and still
+expects that the return value were actually written size, while
+snprintf() returns the expected would-be length instead. When the
+given buffer limit were small, this leads to a buffer overflow.
+
+Use scnprintf() for addressing those issues. It returns the actually
+written size unlike snprintf().
+
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20200218091409.27162-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/hda/hdmi_chmap.c | 2 +-
+ sound/pci/hda/hda_codec.c | 2 +-
+ sound/pci/hda/hda_eld.c | 2 +-
+ sound/pci/hda/hda_sysfs.c | 4 ++--
+ 4 files changed, 5 insertions(+), 5 deletions(-)
+
+--- a/sound/hda/hdmi_chmap.c
++++ b/sound/hda/hdmi_chmap.c
+@@ -250,7 +250,7 @@ void snd_hdac_print_channel_allocation(i
+
+ for (i = 0, j = 0; i < ARRAY_SIZE(cea_speaker_allocation_names); i++) {
+ if (spk_alloc & (1 << i))
+- j += snprintf(buf + j, buflen - j, " %s",
++ j += scnprintf(buf + j, buflen - j, " %s",
+ cea_speaker_allocation_names[i]);
+ }
+ buf[j] = '\0'; /* necessary when j == 0 */
+--- a/sound/pci/hda/hda_codec.c
++++ b/sound/pci/hda/hda_codec.c
+@@ -4019,7 +4019,7 @@ void snd_print_pcm_bits(int pcm, char *b
+
+ for (i = 0, j = 0; i < ARRAY_SIZE(bits); i++)
+ if (pcm & (AC_SUPPCM_BITS_8 << i))
+- j += snprintf(buf + j, buflen - j, " %d", bits[i]);
++ j += scnprintf(buf + j, buflen - j, " %d", bits[i]);
+
+ buf[j] = '\0'; /* necessary when j == 0 */
+ }
+--- a/sound/pci/hda/hda_eld.c
++++ b/sound/pci/hda/hda_eld.c
+@@ -360,7 +360,7 @@ static void hdmi_print_pcm_rates(int pcm
+
+ for (i = 0, j = 0; i < ARRAY_SIZE(alsa_rates); i++)
+ if (pcm & (1 << i))
+- j += snprintf(buf + j, buflen - j, " %d",
++ j += scnprintf(buf + j, buflen - j, " %d",
+ alsa_rates[i]);
+
+ buf[j] = '\0'; /* necessary when j == 0 */
+--- a/sound/pci/hda/hda_sysfs.c
++++ b/sound/pci/hda/hda_sysfs.c
+@@ -222,7 +222,7 @@ static ssize_t init_verbs_show(struct de
+ int i, len = 0;
+ mutex_lock(&codec->user_mutex);
+ snd_array_for_each(&codec->init_verbs, i, v) {
+- len += snprintf(buf + len, PAGE_SIZE - len,
++ len += scnprintf(buf + len, PAGE_SIZE - len,
+ "0x%02x 0x%03x 0x%04x\n",
+ v->nid, v->verb, v->param);
+ }
+@@ -272,7 +272,7 @@ static ssize_t hints_show(struct device
+ int i, len = 0;
+ mutex_lock(&codec->user_mutex);
+ snd_array_for_each(&codec->hints, i, hint) {
+- len += snprintf(buf + len, PAGE_SIZE - len,
++ len += scnprintf(buf + len, PAGE_SIZE - len,
+ "%s = %s\n", hint->key, hint->val);
+ }
+ mutex_unlock(&codec->user_mutex);
--- /dev/null
+From b6570fdb96edf45bcf71884bd2644bd73d348d1a Mon Sep 17 00:00:00 2001
+From: Samuel Holland <samuel@sholland.org>
+Date: Thu, 13 Feb 2020 00:11:44 -0600
+Subject: ASoC: codec2codec: avoid invalid/double-free of pcm runtime
+
+From: Samuel Holland <samuel@sholland.org>
+
+commit b6570fdb96edf45bcf71884bd2644bd73d348d1a upstream.
+
+The PCM runtime was freed during PMU in the case that the event hook
+encountered an error. However, it is also unconditionally freed during
+PMD. Avoid a double-free by dropping the call to kfree in the PMU hook.
+
+Fixes: a72706ed8208 ("ASoC: codec2codec: remove ephemeral variables")
+Cc: stable@vger.kernel.org
+Signed-off-by: Samuel Holland <samuel@sholland.org>
+Link: https://lore.kernel.org/r/20200213061147.29386-2-samuel@sholland.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/soc-dapm.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/sound/soc/soc-dapm.c
++++ b/sound/soc/soc-dapm.c
+@@ -3888,9 +3888,6 @@ snd_soc_dai_link_event_pre_pmu(struct sn
+ runtime->rate = params_rate(params);
+
+ out:
+- if (ret < 0)
+- kfree(runtime);
+-
+ kfree(params);
+ return ret;
+ }
--- /dev/null
+From 96781fd941b39e1f78098009344ebcd7af861c67 Mon Sep 17 00:00:00 2001
+From: Samuel Holland <samuel@sholland.org>
+Date: Mon, 17 Feb 2020 00:42:22 -0600
+Subject: ASoC: sun8i-codec: Fix setting DAI data format
+
+From: Samuel Holland <samuel@sholland.org>
+
+commit 96781fd941b39e1f78098009344ebcd7af861c67 upstream.
+
+Use the correct mask for this two-bit field. This fixes setting the DAI
+data format to RIGHT_J or DSP_A.
+
+Fixes: 36c684936fae ("ASoC: Add sun8i digital audio codec")
+Signed-off-by: Samuel Holland <samuel@sholland.org>
+Acked-by: Chen-Yu Tsai <wens@csie.org>
+Cc: stable@kernel.org
+Link: https://lore.kernel.org/r/20200217064250.15516-7-samuel@sholland.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/sunxi/sun8i-codec.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/sound/soc/sunxi/sun8i-codec.c
++++ b/sound/soc/sunxi/sun8i-codec.c
+@@ -80,6 +80,7 @@
+
+ #define SUN8I_SYS_SR_CTRL_AIF1_FS_MASK GENMASK(15, 12)
+ #define SUN8I_SYS_SR_CTRL_AIF2_FS_MASK GENMASK(11, 8)
++#define SUN8I_AIF1CLK_CTRL_AIF1_DATA_FMT_MASK GENMASK(3, 2)
+ #define SUN8I_AIF1CLK_CTRL_AIF1_WORD_SIZ_MASK GENMASK(5, 4)
+ #define SUN8I_AIF1CLK_CTRL_AIF1_LRCK_DIV_MASK GENMASK(8, 6)
+ #define SUN8I_AIF1CLK_CTRL_AIF1_BCLK_DIV_MASK GENMASK(12, 9)
+@@ -241,7 +242,7 @@ static int sun8i_set_fmt(struct snd_soc_
+ return -EINVAL;
+ }
+ regmap_update_bits(scodec->regmap, SUN8I_AIF1CLK_CTRL,
+- BIT(SUN8I_AIF1CLK_CTRL_AIF1_DATA_FMT),
++ SUN8I_AIF1CLK_CTRL_AIF1_DATA_FMT_MASK,
+ value << SUN8I_AIF1CLK_CTRL_AIF1_DATA_FMT);
+
+ return 0;
--- /dev/null
+From bd727173e4432fe6cb70ba108dc1f3602c5409d7 Mon Sep 17 00:00:00 2001
+From: Josef Bacik <josef@toxicpanda.com>
+Date: Thu, 13 Feb 2020 10:47:30 -0500
+Subject: btrfs: handle logged extent failure properly
+
+From: Josef Bacik <josef@toxicpanda.com>
+
+commit bd727173e4432fe6cb70ba108dc1f3602c5409d7 upstream.
+
+If we're allocating a logged extent we attempt to insert an extent
+record for the file extent directly. We increase
+space_info->bytes_reserved, because the extent entry addition will call
+btrfs_update_block_group(), which will convert the ->bytes_reserved to
+->bytes_used. However if we fail at any point while inserting the
+extent entry we will bail and leave space on ->bytes_reserved, which
+will trigger a WARN_ON() on umount. Fix this by pinning the space if we
+fail to insert, which is what happens in every other failure case that
+involves adding the extent entry.
+
+CC: stable@vger.kernel.org # 5.4+
+Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+Reviewed-by: Nikolay Borisov <nborisov@suse.com>
+Reviewed-by: Qu Wenruo <wqu@suse.com>
+Signed-off-by: Josef Bacik <josef@toxicpanda.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/extent-tree.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/btrfs/extent-tree.c
++++ b/fs/btrfs/extent-tree.c
+@@ -4411,6 +4411,8 @@ int btrfs_alloc_logged_file_extent(struc
+
+ ret = alloc_reserved_file_extent(trans, 0, root_objectid, 0, owner,
+ offset, ins, 1);
++ if (ret)
++ btrfs_pin_extent(fs_info, ins->objectid, ins->offset, 1);
+ btrfs_put_block_group(block_group);
+ return ret;
+ }
--- /dev/null
+From b4a81b87a4cfe2bb26a4a943b748d96a43ef20e8 Mon Sep 17 00:00:00 2001
+From: Wenwen Wang <wenwen@cs.uga.edu>
+Date: Tue, 20 Aug 2019 00:33:54 -0500
+Subject: ecryptfs: fix a memory leak bug in ecryptfs_init_messaging()
+
+From: Wenwen Wang <wenwen@cs.uga.edu>
+
+commit b4a81b87a4cfe2bb26a4a943b748d96a43ef20e8 upstream.
+
+In ecryptfs_init_messaging(), if the allocation for 'ecryptfs_msg_ctx_arr'
+fails, the previously allocated 'ecryptfs_daemon_hash' is not deallocated,
+leading to a memory leak bug. To fix this issue, free
+'ecryptfs_daemon_hash' before returning the error.
+
+Cc: stable@vger.kernel.org
+Fixes: 88b4a07e6610 ("[PATCH] eCryptfs: Public key transport mechanism")
+Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
+Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ecryptfs/messaging.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/ecryptfs/messaging.c
++++ b/fs/ecryptfs/messaging.c
+@@ -379,6 +379,7 @@ int __init ecryptfs_init_messaging(void)
+ * ecryptfs_message_buf_len),
+ GFP_KERNEL);
+ if (!ecryptfs_msg_ctx_arr) {
++ kfree(ecryptfs_daemon_hash);
+ rc = -ENOMEM;
+ goto out;
+ }
--- /dev/null
+From fe2e082f5da5b4a0a92ae32978f81507ef37ec66 Mon Sep 17 00:00:00 2001
+From: Wenwen Wang <wenwen@cs.uga.edu>
+Date: Tue, 20 Aug 2019 00:16:40 -0500
+Subject: ecryptfs: fix a memory leak bug in parse_tag_1_packet()
+
+From: Wenwen Wang <wenwen@cs.uga.edu>
+
+commit fe2e082f5da5b4a0a92ae32978f81507ef37ec66 upstream.
+
+In parse_tag_1_packet(), if tag 1 packet contains a key larger than
+ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES, no cleanup is executed, leading to a
+memory leak on the allocated 'auth_tok_list_item'. To fix this issue, go to
+the label 'out_free' to perform the cleanup work.
+
+Cc: stable@vger.kernel.org
+Fixes: dddfa461fc89 ("[PATCH] eCryptfs: Public key; packet management")
+Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
+Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ecryptfs/keystore.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/ecryptfs/keystore.c
++++ b/fs/ecryptfs/keystore.c
+@@ -1304,7 +1304,7 @@ parse_tag_1_packet(struct ecryptfs_crypt
+ printk(KERN_WARNING "Tag 1 packet contains key larger "
+ "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
+ rc = -EINVAL;
+- goto out;
++ goto out_free;
+ }
+ memcpy((*new_auth_tok)->session_key.encrypted_key,
+ &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2)));
--- /dev/null
+From faf305c51aeabd1ea2d7131e798ef5f55f4a7750 Mon Sep 17 00:00:00 2001
+From: Robin Murphy <robin.murphy@arm.com>
+Date: Tue, 18 Feb 2020 18:12:41 +0000
+Subject: iommu/qcom: Fix bogus detach logic
+
+From: Robin Murphy <robin.murphy@arm.com>
+
+commit faf305c51aeabd1ea2d7131e798ef5f55f4a7750 upstream.
+
+Currently, the implementation of qcom_iommu_domain_free() is guaranteed
+to do one of two things: WARN() and leak everything, or dereference NULL
+and crash. That alone is terrible, but in fact the whole idea of trying
+to track the liveness of a domain via the qcom_domain->iommu pointer as
+a sanity check is full of fundamentally flawed assumptions. Make things
+robust and actually functional by not trying to be quite so clever.
+
+Reported-by: Brian Masney <masneyb@onstation.org>
+Tested-by: Brian Masney <masneyb@onstation.org>
+Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
+Fixes: 0ae349a0f33f ("iommu/qcom: Add qcom_iommu")
+Signed-off-by: Robin Murphy <robin.murphy@arm.com>
+Tested-by: Stephan Gerhold <stephan@gerhold.net>
+Cc: stable@vger.kernel.org # v4.14+
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iommu/qcom_iommu.c | 28 ++++++++++++----------------
+ 1 file changed, 12 insertions(+), 16 deletions(-)
+
+--- a/drivers/iommu/qcom_iommu.c
++++ b/drivers/iommu/qcom_iommu.c
+@@ -345,21 +345,19 @@ static void qcom_iommu_domain_free(struc
+ {
+ struct qcom_iommu_domain *qcom_domain = to_qcom_iommu_domain(domain);
+
+- if (WARN_ON(qcom_domain->iommu)) /* forgot to detach? */
+- return;
+-
+ iommu_put_dma_cookie(domain);
+
+- /* NOTE: unmap can be called after client device is powered off,
+- * for example, with GPUs or anything involving dma-buf. So we
+- * cannot rely on the device_link. Make sure the IOMMU is on to
+- * avoid unclocked accesses in the TLB inv path:
+- */
+- pm_runtime_get_sync(qcom_domain->iommu->dev);
+-
+- free_io_pgtable_ops(qcom_domain->pgtbl_ops);
+-
+- pm_runtime_put_sync(qcom_domain->iommu->dev);
++ if (qcom_domain->iommu) {
++ /*
++ * NOTE: unmap can be called after client device is powered
++ * off, for example, with GPUs or anything involving dma-buf.
++ * So we cannot rely on the device_link. Make sure the IOMMU
++ * is on to avoid unclocked accesses in the TLB inv path:
++ */
++ pm_runtime_get_sync(qcom_domain->iommu->dev);
++ free_io_pgtable_ops(qcom_domain->pgtbl_ops);
++ pm_runtime_put_sync(qcom_domain->iommu->dev);
++ }
+
+ kfree(qcom_domain);
+ }
+@@ -405,7 +403,7 @@ static void qcom_iommu_detach_dev(struct
+ struct qcom_iommu_domain *qcom_domain = to_qcom_iommu_domain(domain);
+ unsigned i;
+
+- if (!qcom_domain->iommu)
++ if (WARN_ON(!qcom_domain->iommu))
+ return;
+
+ pm_runtime_get_sync(qcom_iommu->dev);
+@@ -418,8 +416,6 @@ static void qcom_iommu_detach_dev(struct
+ ctx->domain = NULL;
+ }
+ pm_runtime_put_sync(qcom_iommu->dev);
+-
+- qcom_domain->iommu = NULL;
+ }
+
+ static int qcom_iommu_map(struct iommu_domain *domain, unsigned long iova,
--- /dev/null
+iommu-qcom-fix-bogus-detach-logic.patch
+alsa-hda-use-scnprintf-for-printing-texts-for-sysfs-procfs.patch
+alsa-hda-realtek-apply-quirk-for-msi-gp63-too.patch
+alsa-hda-realtek-apply-quirk-for-yet-another-msi-laptop.patch
+asoc-codec2codec-avoid-invalid-double-free-of-pcm-runtime.patch
+asoc-sun8i-codec-fix-setting-dai-data-format.patch
+tpm-initialize-crypto_id-of-allocated_banks-to-hash_algo__last.patch
+ecryptfs-fix-a-memory-leak-bug-in-parse_tag_1_packet.patch
+ecryptfs-fix-a-memory-leak-bug-in-ecryptfs_init_messaging.patch
+btrfs-handle-logged-extent-failure-properly.patch
--- /dev/null
+From dc10e4181c05a2315ddc375e963b7c763b5ee0df Mon Sep 17 00:00:00 2001
+From: Roberto Sassu <roberto.sassu@huawei.com>
+Date: Mon, 10 Feb 2020 11:00:41 +0100
+Subject: tpm: Initialize crypto_id of allocated_banks to HASH_ALGO__LAST
+
+From: Roberto Sassu <roberto.sassu@huawei.com>
+
+commit dc10e4181c05a2315ddc375e963b7c763b5ee0df upstream.
+
+chip->allocated_banks, an array of tpm_bank_info structures, contains the
+list of TPM algorithm IDs of allocated PCR banks. It also contains the
+corresponding ID of the crypto subsystem, so that users of the TPM driver
+can calculate a digest for a PCR extend operation.
+
+However, if there is no mapping between TPM algorithm ID and crypto ID, the
+crypto_id field of tpm_bank_info remains set to zero (the array is
+allocated and initialized with kcalloc() in tpm2_get_pcr_allocation()).
+Zero should not be used as value for unknown mappings, as it is a valid
+crypto ID (HASH_ALGO_MD4).
+
+Thus, initialize crypto_id to HASH_ALGO__LAST.
+
+Cc: stable@vger.kernel.org # 5.1.x
+Fixes: 879b589210a9 ("tpm: retrieve digest size of unknown algorithms with PCR read")
+Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
+Reviewed-by: Petr Vorel <pvorel@suse.cz>
+Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/tpm/tpm2-cmd.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/char/tpm/tpm2-cmd.c
++++ b/drivers/char/tpm/tpm2-cmd.c
+@@ -831,6 +831,8 @@ static int tpm2_init_bank_info(struct tp
+ return 0;
+ }
+
++ bank->crypto_id = HASH_ALGO__LAST;
++
+ return tpm2_pcr_read(chip, 0, &digest, &bank->digest_size);
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
