--- /dev/null
+From 1d4aaf16defa86d2665ae7db0259d6cb07e2091f Mon Sep 17 00:00:00 2001
+From: Elena Petrova <lenaptr@google.com>
+Date: Tue, 28 May 2019 13:41:52 +0100
+Subject: crypto: arm64/sha1-ce - correct digest for empty data in finup
+
+From: Elena Petrova <lenaptr@google.com>
+
+commit 1d4aaf16defa86d2665ae7db0259d6cb07e2091f upstream.
+
+The sha1-ce finup implementation for ARM64 produces wrong digest
+for empty input (len=0). Expected: da39a3ee..., result: 67452301...
+(initial value of SHA internal state). The error is in sha1_ce_finup:
+for empty data `finalize` will be 1, so the code is relying on
+sha1_ce_transform to make the final round. However, in
+sha1_base_do_update, the block function will not be called when
+len == 0.
+
+Fix it by setting finalize to 0 if data is empty.
+
+Fixes: 07eb54d306f4 ("crypto: arm64/sha1-ce - move SHA-1 ARMv8 implementation to base layer")
+Cc: stable@vger.kernel.org
+Signed-off-by: Elena Petrova <lenaptr@google.com>
+Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/crypto/sha1-ce-glue.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm64/crypto/sha1-ce-glue.c
++++ b/arch/arm64/crypto/sha1-ce-glue.c
+@@ -54,7 +54,7 @@ static int sha1_ce_finup(struct shash_de
+ unsigned int len, u8 *out)
+ {
+ struct sha1_ce_state *sctx = shash_desc_ctx(desc);
+- bool finalize = !sctx->sst.count && !(len % SHA1_BLOCK_SIZE);
++ bool finalize = !sctx->sst.count && !(len % SHA1_BLOCK_SIZE) && len;
+
+ if (!may_use_simd())
+ return crypto_sha1_finup(desc, data, len, out);
--- /dev/null
+From 6bd934de1e393466b319d29c4427598fda096c57 Mon Sep 17 00:00:00 2001
+From: Elena Petrova <lenaptr@google.com>
+Date: Tue, 28 May 2019 15:35:06 +0100
+Subject: crypto: arm64/sha2-ce - correct digest for empty data in finup
+
+From: Elena Petrova <lenaptr@google.com>
+
+commit 6bd934de1e393466b319d29c4427598fda096c57 upstream.
+
+The sha256-ce finup implementation for ARM64 produces wrong digest
+for empty input (len=0). Expected: the actual digest, result: initial
+value of SHA internal state. The error is in sha256_ce_finup:
+for empty data `finalize` will be 1, so the code is relying on
+sha2_ce_transform to make the final round. However, in
+sha256_base_do_update, the block function will not be called when
+len == 0.
+
+Fix it by setting finalize to 0 if data is empty.
+
+Fixes: 03802f6a80b3a ("crypto: arm64/sha2-ce - move SHA-224/256 ARMv8 implementation to base layer")
+Cc: stable@vger.kernel.org
+Signed-off-by: Elena Petrova <lenaptr@google.com>
+Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/crypto/sha2-ce-glue.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm64/crypto/sha2-ce-glue.c
++++ b/arch/arm64/crypto/sha2-ce-glue.c
+@@ -59,7 +59,7 @@ static int sha256_ce_finup(struct shash_
+ unsigned int len, u8 *out)
+ {
+ struct sha256_ce_state *sctx = shash_desc_ctx(desc);
+- bool finalize = !sctx->sst.count && !(len % SHA256_BLOCK_SIZE);
++ bool finalize = !sctx->sst.count && !(len % SHA256_BLOCK_SIZE) && len;
+
+ if (!may_use_simd()) {
+ if (len)
--- /dev/null
+From 538a5a072e6ef04377b180ee9b3ce5bae0a85da4 Mon Sep 17 00:00:00 2001
+From: Cfir Cohen <cfir@google.com>
+Date: Tue, 2 Jul 2019 10:32:56 -0700
+Subject: crypto: ccp/gcm - use const time tag comparison.
+
+From: Cfir Cohen <cfir@google.com>
+
+commit 538a5a072e6ef04377b180ee9b3ce5bae0a85da4 upstream.
+
+Avoid leaking GCM tag through timing side channel.
+
+Fixes: 36cf515b9bbe ("crypto: ccp - Enable support for AES GCM on v5 CCPs")
+Cc: <stable@vger.kernel.org> # v4.12+
+Signed-off-by: Cfir Cohen <cfir@google.com>
+Acked-by: Gary R Hook <ghook@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/ccp/ccp-ops.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/crypto/ccp/ccp-ops.c
++++ b/drivers/crypto/ccp/ccp-ops.c
+@@ -832,7 +832,8 @@ static int ccp_run_aes_gcm_cmd(struct cc
+ goto e_tag;
+ ccp_set_dm_area(&tag, 0, p_tag, 0, AES_BLOCK_SIZE);
+
+- ret = memcmp(tag.address, final_wa.address, AES_BLOCK_SIZE);
++ ret = crypto_memneq(tag.address, final_wa.address,
++ AES_BLOCK_SIZE) ? -EBADMSG : 0;
+ ccp_dm_free(&tag);
+ }
+
--- /dev/null
+From 20e833dc36355ed642d00067641a679c618303fa Mon Sep 17 00:00:00 2001
+From: "Hook, Gary" <Gary.Hook@amd.com>
+Date: Wed, 10 Jul 2019 00:09:22 +0000
+Subject: crypto: ccp - memset structure fields to zero before reuse
+
+From: Hook, Gary <Gary.Hook@amd.com>
+
+commit 20e833dc36355ed642d00067641a679c618303fa upstream.
+
+The AES GCM function reuses an 'op' data structure, which members
+contain values that must be cleared for each (re)use.
+
+This fix resolves a crypto self-test failure:
+alg: aead: gcm-aes-ccp encryption test failed (wrong result) on test vector 2, cfg="two even aligned splits"
+
+Fixes: 36cf515b9bbe ("crypto: ccp - Enable support for AES GCM on v5 CCPs")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Gary R Hook <gary.hook@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/ccp/ccp-ops.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+--- a/drivers/crypto/ccp/ccp-ops.c
++++ b/drivers/crypto/ccp/ccp-ops.c
+@@ -612,6 +612,7 @@ static int ccp_run_aes_gcm_cmd(struct cc
+
+ unsigned long long *final;
+ unsigned int dm_offset;
++ unsigned int jobid;
+ unsigned int ilen;
+ bool in_place = true; /* Default value */
+ int ret;
+@@ -650,9 +651,11 @@ static int ccp_run_aes_gcm_cmd(struct cc
+ p_tag = scatterwalk_ffwd(sg_tag, p_inp, ilen);
+ }
+
++ jobid = CCP_NEW_JOBID(cmd_q->ccp);
++
+ memset(&op, 0, sizeof(op));
+ op.cmd_q = cmd_q;
+- op.jobid = CCP_NEW_JOBID(cmd_q->ccp);
++ op.jobid = jobid;
+ op.sb_key = cmd_q->sb_key; /* Pre-allocated */
+ op.sb_ctx = cmd_q->sb_ctx; /* Pre-allocated */
+ op.init = 1;
+@@ -797,6 +800,13 @@ static int ccp_run_aes_gcm_cmd(struct cc
+ final[0] = cpu_to_be64(aes->aad_len * 8);
+ final[1] = cpu_to_be64(ilen * 8);
+
++ memset(&op, 0, sizeof(op));
++ op.cmd_q = cmd_q;
++ op.jobid = jobid;
++ op.sb_key = cmd_q->sb_key; /* Pre-allocated */
++ op.sb_ctx = cmd_q->sb_ctx; /* Pre-allocated */
++ op.init = 1;
++ op.u.aes.type = aes->type;
+ op.u.aes.mode = CCP_AES_MODE_GHASH;
+ op.u.aes.action = CCP_AES_GHASHFINAL;
+ op.src.type = CCP_MEMTYPE_SYSTEM;
--- /dev/null
+From 52393d617af7b554f03531e6756facf2ea687d2e Mon Sep 17 00:00:00 2001
+From: "Hook, Gary" <Gary.Hook@amd.com>
+Date: Thu, 27 Jun 2019 16:16:23 +0000
+Subject: crypto: ccp - Validate the the error value used to index error messages
+
+From: Hook, Gary <Gary.Hook@amd.com>
+
+commit 52393d617af7b554f03531e6756facf2ea687d2e upstream.
+
+The error code read from the queue status register is only 6 bits wide,
+but we need to verify its value is within range before indexing the error
+messages.
+
+Fixes: 81422badb3907 ("crypto: ccp - Make syslog errors human-readable")
+Cc: <stable@vger.kernel.org>
+Reported-by: Cfir Cohen <cfir@google.com>
+Signed-off-by: Gary R Hook <gary.hook@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/ccp/ccp-dev.c | 96 ++++++++++++++++++++++---------------------
+ drivers/crypto/ccp/ccp-dev.h | 2
+ 2 files changed, 52 insertions(+), 46 deletions(-)
+
+--- a/drivers/crypto/ccp/ccp-dev.c
++++ b/drivers/crypto/ccp/ccp-dev.c
+@@ -35,56 +35,62 @@ struct ccp_tasklet_data {
+ };
+
+ /* Human-readable error strings */
++#define CCP_MAX_ERROR_CODE 64
+ static char *ccp_error_codes[] = {
+ "",
+- "ERR 01: ILLEGAL_ENGINE",
+- "ERR 02: ILLEGAL_KEY_ID",
+- "ERR 03: ILLEGAL_FUNCTION_TYPE",
+- "ERR 04: ILLEGAL_FUNCTION_MODE",
+- "ERR 05: ILLEGAL_FUNCTION_ENCRYPT",
+- "ERR 06: ILLEGAL_FUNCTION_SIZE",
+- "ERR 07: Zlib_MISSING_INIT_EOM",
+- "ERR 08: ILLEGAL_FUNCTION_RSVD",
+- "ERR 09: ILLEGAL_BUFFER_LENGTH",
+- "ERR 10: VLSB_FAULT",
+- "ERR 11: ILLEGAL_MEM_ADDR",
+- "ERR 12: ILLEGAL_MEM_SEL",
+- "ERR 13: ILLEGAL_CONTEXT_ID",
+- "ERR 14: ILLEGAL_KEY_ADDR",
+- "ERR 15: 0xF Reserved",
+- "ERR 16: Zlib_ILLEGAL_MULTI_QUEUE",
+- "ERR 17: Zlib_ILLEGAL_JOBID_CHANGE",
+- "ERR 18: CMD_TIMEOUT",
+- "ERR 19: IDMA0_AXI_SLVERR",
+- "ERR 20: IDMA0_AXI_DECERR",
+- "ERR 21: 0x15 Reserved",
+- "ERR 22: IDMA1_AXI_SLAVE_FAULT",
+- "ERR 23: IDMA1_AIXI_DECERR",
+- "ERR 24: 0x18 Reserved",
+- "ERR 25: ZLIBVHB_AXI_SLVERR",
+- "ERR 26: ZLIBVHB_AXI_DECERR",
+- "ERR 27: 0x1B Reserved",
+- "ERR 27: ZLIB_UNEXPECTED_EOM",
+- "ERR 27: ZLIB_EXTRA_DATA",
+- "ERR 30: ZLIB_BTYPE",
+- "ERR 31: ZLIB_UNDEFINED_SYMBOL",
+- "ERR 32: ZLIB_UNDEFINED_DISTANCE_S",
+- "ERR 33: ZLIB_CODE_LENGTH_SYMBOL",
+- "ERR 34: ZLIB _VHB_ILLEGAL_FETCH",
+- "ERR 35: ZLIB_UNCOMPRESSED_LEN",
+- "ERR 36: ZLIB_LIMIT_REACHED",
+- "ERR 37: ZLIB_CHECKSUM_MISMATCH0",
+- "ERR 38: ODMA0_AXI_SLVERR",
+- "ERR 39: ODMA0_AXI_DECERR",
+- "ERR 40: 0x28 Reserved",
+- "ERR 41: ODMA1_AXI_SLVERR",
+- "ERR 42: ODMA1_AXI_DECERR",
+- "ERR 43: LSB_PARITY_ERR",
++ "ILLEGAL_ENGINE",
++ "ILLEGAL_KEY_ID",
++ "ILLEGAL_FUNCTION_TYPE",
++ "ILLEGAL_FUNCTION_MODE",
++ "ILLEGAL_FUNCTION_ENCRYPT",
++ "ILLEGAL_FUNCTION_SIZE",
++ "Zlib_MISSING_INIT_EOM",
++ "ILLEGAL_FUNCTION_RSVD",
++ "ILLEGAL_BUFFER_LENGTH",
++ "VLSB_FAULT",
++ "ILLEGAL_MEM_ADDR",
++ "ILLEGAL_MEM_SEL",
++ "ILLEGAL_CONTEXT_ID",
++ "ILLEGAL_KEY_ADDR",
++ "0xF Reserved",
++ "Zlib_ILLEGAL_MULTI_QUEUE",
++ "Zlib_ILLEGAL_JOBID_CHANGE",
++ "CMD_TIMEOUT",
++ "IDMA0_AXI_SLVERR",
++ "IDMA0_AXI_DECERR",
++ "0x15 Reserved",
++ "IDMA1_AXI_SLAVE_FAULT",
++ "IDMA1_AIXI_DECERR",
++ "0x18 Reserved",
++ "ZLIBVHB_AXI_SLVERR",
++ "ZLIBVHB_AXI_DECERR",
++ "0x1B Reserved",
++ "ZLIB_UNEXPECTED_EOM",
++ "ZLIB_EXTRA_DATA",
++ "ZLIB_BTYPE",
++ "ZLIB_UNDEFINED_SYMBOL",
++ "ZLIB_UNDEFINED_DISTANCE_S",
++ "ZLIB_CODE_LENGTH_SYMBOL",
++ "ZLIB _VHB_ILLEGAL_FETCH",
++ "ZLIB_UNCOMPRESSED_LEN",
++ "ZLIB_LIMIT_REACHED",
++ "ZLIB_CHECKSUM_MISMATCH0",
++ "ODMA0_AXI_SLVERR",
++ "ODMA0_AXI_DECERR",
++ "0x28 Reserved",
++ "ODMA1_AXI_SLVERR",
++ "ODMA1_AXI_DECERR",
+ };
+
+-void ccp_log_error(struct ccp_device *d, int e)
++void ccp_log_error(struct ccp_device *d, unsigned int e)
+ {
+- dev_err(d->dev, "CCP error: %s (0x%x)\n", ccp_error_codes[e], e);
++ if (WARN_ON(e >= CCP_MAX_ERROR_CODE))
++ return;
++
++ if (e < ARRAY_SIZE(ccp_error_codes))
++ dev_err(d->dev, "CCP error %d: %s\n", e, ccp_error_codes[e]);
++ else
++ dev_err(d->dev, "CCP error %d: Unknown Error\n", e);
+ }
+
+ /* List of CCPs, CCP count, read-write access lock, and access functions
+--- a/drivers/crypto/ccp/ccp-dev.h
++++ b/drivers/crypto/ccp/ccp-dev.h
+@@ -632,7 +632,7 @@ struct ccp5_desc {
+ void ccp_add_device(struct ccp_device *ccp);
+ void ccp_del_device(struct ccp_device *ccp);
+
+-extern void ccp_log_error(struct ccp_device *, int);
++extern void ccp_log_error(struct ccp_device *, unsigned int);
+
+ struct ccp_device *ccp_alloc_struct(struct sp_device *sp);
+ bool ccp_queues_suspended(struct ccp_device *ccp);
--- /dev/null
+From 7545b6c2087f4ef0287c8c9b7eba6a728c67ff8e Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Fri, 31 May 2019 11:12:30 -0700
+Subject: crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 7545b6c2087f4ef0287c8c9b7eba6a728c67ff8e upstream.
+
+Clear the CRYPTO_TFM_REQ_MAY_SLEEP flag when the chacha20poly1305
+operation is being continued from an async completion callback, since
+sleeping may not be allowed in that context.
+
+This is basically the same bug that was recently fixed in the xts and
+lrw templates. But, it's always been broken in chacha20poly1305 too.
+This was found using syzkaller in combination with the updated crypto
+self-tests which actually test the MAY_SLEEP flag now.
+
+Reproducer:
+
+ python -c 'import socket; socket.socket(socket.AF_ALG, 5, 0).bind(
+ ("aead", "rfc7539(cryptd(chacha20-generic),poly1305-generic)"))'
+
+Kernel output:
+
+ BUG: sleeping function called from invalid context at include/crypto/algapi.h:426
+ in_atomic(): 1, irqs_disabled(): 0, pid: 1001, name: kworker/2:2
+ [...]
+ CPU: 2 PID: 1001 Comm: kworker/2:2 Not tainted 5.2.0-rc2 #5
+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-20181126_142135-anatol 04/01/2014
+ Workqueue: crypto cryptd_queue_worker
+ Call Trace:
+ __dump_stack lib/dump_stack.c:77 [inline]
+ dump_stack+0x4d/0x6a lib/dump_stack.c:113
+ ___might_sleep kernel/sched/core.c:6138 [inline]
+ ___might_sleep.cold.19+0x8e/0x9f kernel/sched/core.c:6095
+ crypto_yield include/crypto/algapi.h:426 [inline]
+ crypto_hash_walk_done+0xd6/0x100 crypto/ahash.c:113
+ shash_ahash_update+0x41/0x60 crypto/shash.c:251
+ shash_async_update+0xd/0x10 crypto/shash.c:260
+ crypto_ahash_update include/crypto/hash.h:539 [inline]
+ poly_setkey+0xf6/0x130 crypto/chacha20poly1305.c:337
+ poly_init+0x51/0x60 crypto/chacha20poly1305.c:364
+ async_done_continue crypto/chacha20poly1305.c:78 [inline]
+ poly_genkey_done+0x15/0x30 crypto/chacha20poly1305.c:369
+ cryptd_skcipher_complete+0x29/0x70 crypto/cryptd.c:279
+ cryptd_skcipher_decrypt+0xcd/0x110 crypto/cryptd.c:339
+ cryptd_queue_worker+0x70/0xa0 crypto/cryptd.c:184
+ process_one_work+0x1ed/0x420 kernel/workqueue.c:2269
+ worker_thread+0x3e/0x3a0 kernel/workqueue.c:2415
+ kthread+0x11f/0x140 kernel/kthread.c:255
+ ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352
+
+Fixes: 71ebc4d1b27d ("crypto: chacha20poly1305 - Add a ChaCha20-Poly1305 AEAD construction, RFC7539")
+Cc: <stable@vger.kernel.org> # v4.2+
+Cc: Martin Willi <martin@strongswan.org>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/chacha20poly1305.c | 30 +++++++++++++++++++-----------
+ 1 file changed, 19 insertions(+), 11 deletions(-)
+
+--- a/crypto/chacha20poly1305.c
++++ b/crypto/chacha20poly1305.c
+@@ -67,6 +67,8 @@ struct chachapoly_req_ctx {
+ unsigned int cryptlen;
+ /* Actual AD, excluding IV */
+ unsigned int assoclen;
++ /* request flags, with MAY_SLEEP cleared if needed */
++ u32 flags;
+ union {
+ struct poly_req poly;
+ struct chacha_req chacha;
+@@ -76,8 +78,12 @@ struct chachapoly_req_ctx {
+ static inline void async_done_continue(struct aead_request *req, int err,
+ int (*cont)(struct aead_request *))
+ {
+- if (!err)
++ if (!err) {
++ struct chachapoly_req_ctx *rctx = aead_request_ctx(req);
++
++ rctx->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
+ err = cont(req);
++ }
+
+ if (err != -EINPROGRESS && err != -EBUSY)
+ aead_request_complete(req, err);
+@@ -144,7 +150,7 @@ static int chacha_decrypt(struct aead_re
+ dst = scatterwalk_ffwd(rctx->dst, req->dst, req->assoclen);
+ }
+
+- skcipher_request_set_callback(&creq->req, aead_request_flags(req),
++ skcipher_request_set_callback(&creq->req, rctx->flags,
+ chacha_decrypt_done, req);
+ skcipher_request_set_tfm(&creq->req, ctx->chacha);
+ skcipher_request_set_crypt(&creq->req, src, dst,
+@@ -188,7 +194,7 @@ static int poly_tail(struct aead_request
+ memcpy(&preq->tail.cryptlen, &len, sizeof(len));
+ sg_set_buf(preq->src, &preq->tail, sizeof(preq->tail));
+
+- ahash_request_set_callback(&preq->req, aead_request_flags(req),
++ ahash_request_set_callback(&preq->req, rctx->flags,
+ poly_tail_done, req);
+ ahash_request_set_tfm(&preq->req, ctx->poly);
+ ahash_request_set_crypt(&preq->req, preq->src,
+@@ -219,7 +225,7 @@ static int poly_cipherpad(struct aead_re
+ sg_init_table(preq->src, 1);
+ sg_set_buf(preq->src, &preq->pad, padlen);
+
+- ahash_request_set_callback(&preq->req, aead_request_flags(req),
++ ahash_request_set_callback(&preq->req, rctx->flags,
+ poly_cipherpad_done, req);
+ ahash_request_set_tfm(&preq->req, ctx->poly);
+ ahash_request_set_crypt(&preq->req, preq->src, NULL, padlen);
+@@ -250,7 +256,7 @@ static int poly_cipher(struct aead_reque
+ sg_init_table(rctx->src, 2);
+ crypt = scatterwalk_ffwd(rctx->src, crypt, req->assoclen);
+
+- ahash_request_set_callback(&preq->req, aead_request_flags(req),
++ ahash_request_set_callback(&preq->req, rctx->flags,
+ poly_cipher_done, req);
+ ahash_request_set_tfm(&preq->req, ctx->poly);
+ ahash_request_set_crypt(&preq->req, crypt, NULL, rctx->cryptlen);
+@@ -280,7 +286,7 @@ static int poly_adpad(struct aead_reques
+ sg_init_table(preq->src, 1);
+ sg_set_buf(preq->src, preq->pad, padlen);
+
+- ahash_request_set_callback(&preq->req, aead_request_flags(req),
++ ahash_request_set_callback(&preq->req, rctx->flags,
+ poly_adpad_done, req);
+ ahash_request_set_tfm(&preq->req, ctx->poly);
+ ahash_request_set_crypt(&preq->req, preq->src, NULL, padlen);
+@@ -304,7 +310,7 @@ static int poly_ad(struct aead_request *
+ struct poly_req *preq = &rctx->u.poly;
+ int err;
+
+- ahash_request_set_callback(&preq->req, aead_request_flags(req),
++ ahash_request_set_callback(&preq->req, rctx->flags,
+ poly_ad_done, req);
+ ahash_request_set_tfm(&preq->req, ctx->poly);
+ ahash_request_set_crypt(&preq->req, req->src, NULL, rctx->assoclen);
+@@ -331,7 +337,7 @@ static int poly_setkey(struct aead_reque
+ sg_init_table(preq->src, 1);
+ sg_set_buf(preq->src, rctx->key, sizeof(rctx->key));
+
+- ahash_request_set_callback(&preq->req, aead_request_flags(req),
++ ahash_request_set_callback(&preq->req, rctx->flags,
+ poly_setkey_done, req);
+ ahash_request_set_tfm(&preq->req, ctx->poly);
+ ahash_request_set_crypt(&preq->req, preq->src, NULL, sizeof(rctx->key));
+@@ -355,7 +361,7 @@ static int poly_init(struct aead_request
+ struct poly_req *preq = &rctx->u.poly;
+ int err;
+
+- ahash_request_set_callback(&preq->req, aead_request_flags(req),
++ ahash_request_set_callback(&preq->req, rctx->flags,
+ poly_init_done, req);
+ ahash_request_set_tfm(&preq->req, ctx->poly);
+
+@@ -393,7 +399,7 @@ static int poly_genkey(struct aead_reque
+
+ chacha_iv(creq->iv, req, 0);
+
+- skcipher_request_set_callback(&creq->req, aead_request_flags(req),
++ skcipher_request_set_callback(&creq->req, rctx->flags,
+ poly_genkey_done, req);
+ skcipher_request_set_tfm(&creq->req, ctx->chacha);
+ skcipher_request_set_crypt(&creq->req, creq->src, creq->src,
+@@ -433,7 +439,7 @@ static int chacha_encrypt(struct aead_re
+ dst = scatterwalk_ffwd(rctx->dst, req->dst, req->assoclen);
+ }
+
+- skcipher_request_set_callback(&creq->req, aead_request_flags(req),
++ skcipher_request_set_callback(&creq->req, rctx->flags,
+ chacha_encrypt_done, req);
+ skcipher_request_set_tfm(&creq->req, ctx->chacha);
+ skcipher_request_set_crypt(&creq->req, src, dst,
+@@ -451,6 +457,7 @@ static int chachapoly_encrypt(struct aea
+ struct chachapoly_req_ctx *rctx = aead_request_ctx(req);
+
+ rctx->cryptlen = req->cryptlen;
++ rctx->flags = aead_request_flags(req);
+
+ /* encrypt call chain:
+ * - chacha_encrypt/done()
+@@ -472,6 +479,7 @@ static int chachapoly_decrypt(struct aea
+ struct chachapoly_req_ctx *rctx = aead_request_ctx(req);
+
+ rctx->cryptlen = req->cryptlen - POLY1305_DIGEST_SIZE;
++ rctx->flags = aead_request_flags(req);
+
+ /* decrypt call chain:
+ * - poly_genkey/done()
--- /dev/null
+From 95566aa75cd6b3b404502c06f66956b5481194b3 Mon Sep 17 00:00:00 2001
+From: Wen Yang <wen.yang99@zte.com.cn>
+Date: Mon, 8 Jul 2019 14:19:03 +0800
+Subject: crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
+
+From: Wen Yang <wen.yang99@zte.com.cn>
+
+commit 95566aa75cd6b3b404502c06f66956b5481194b3 upstream.
+
+There is a possible double free issue in ppc4xx_trng_probe():
+
+85: dev->trng_base = of_iomap(trng, 0);
+86: of_node_put(trng); ---> released here
+87: if (!dev->trng_base)
+88: goto err_out;
+...
+110: ierr_out:
+111: of_node_put(trng); ---> double released here
+...
+
+This issue was detected by using the Coccinelle software.
+We fix it by removing the unnecessary of_node_put().
+
+Fixes: 5343e674f32f ("crypto4xx: integrate ppc4xx-rng into crypto4xx")
+Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
+Cc: <stable@vger.kernel.org>
+Cc: "David S. Miller" <davem@davemloft.net>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Allison Randal <allison@lohutok.net>
+Cc: Armijn Hemel <armijn@tjaldur.nl>
+Cc: Julia Lawall <Julia.Lawall@lip6.fr>
+Cc: linux-crypto@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org
+Acked-by: Julia Lawall <julia.lawall@lip6.fr>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/amcc/crypto4xx_trng.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_trng.c
++++ b/drivers/crypto/amcc/crypto4xx_trng.c
+@@ -111,7 +111,6 @@ void ppc4xx_trng_probe(struct crypto4xx_
+ return;
+
+ err_out:
+- of_node_put(trng);
+ iounmap(dev->trng_base);
+ kfree(rng);
+ dev->trng_base = NULL;
--- /dev/null
+From 5c6bc4dfa515738149998bb0db2481a4fdead979 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Thu, 30 May 2019 10:50:39 -0700
+Subject: crypto: ghash - fix unaligned memory access in ghash_setkey()
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 5c6bc4dfa515738149998bb0db2481a4fdead979 upstream.
+
+Changing ghash_mod_init() to be subsys_initcall made it start running
+before the alignment fault handler has been installed on ARM. In kernel
+builds where the keys in the ghash test vectors happened to be
+misaligned in the kernel image, this exposed the longstanding bug that
+ghash_setkey() is incorrectly casting the key buffer (which can have any
+alignment) to be128 for passing to gf128mul_init_4k_lle().
+
+Fix this by memcpy()ing the key to a temporary buffer.
+
+Don't fix it by setting an alignmask on the algorithm instead because
+that would unnecessarily force alignment of the data too.
+
+Fixes: 2cdc6899a88e ("crypto: ghash - Add GHASH digest algorithm for GCM")
+Reported-by: Peter Robinson <pbrobinson@gmail.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Tested-by: Peter Robinson <pbrobinson@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/ghash-generic.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/crypto/ghash-generic.c
++++ b/crypto/ghash-generic.c
+@@ -34,6 +34,7 @@ static int ghash_setkey(struct crypto_sh
+ const u8 *key, unsigned int keylen)
+ {
+ struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
++ be128 k;
+
+ if (keylen != GHASH_BLOCK_SIZE) {
+ crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+@@ -42,7 +43,12 @@ static int ghash_setkey(struct crypto_sh
+
+ if (ctx->gf128)
+ gf128mul_free_4k(ctx->gf128);
+- ctx->gf128 = gf128mul_init_4k_lle((be128 *)key);
++
++ BUILD_BUG_ON(sizeof(k) != GHASH_BLOCK_SIZE);
++ memcpy(&k, key, GHASH_BLOCK_SIZE); /* avoid violating alignment rules */
++ ctx->gf128 = gf128mul_init_4k_lle(&k);
++ memzero_explicit(&k, GHASH_BLOCK_SIZE);
++
+ if (!ctx->gf128)
+ return -ENOMEM;
+
--- /dev/null
+From 25fcf94a2fa89dd3e73e965ebb0b38a2a4f72aa4 Mon Sep 17 00:00:00 2001
+From: Finn Thain <fthain@telegraphics.com.au>
+Date: Sun, 9 Jun 2019 11:19:11 +1000
+Subject: Revert "scsi: ncr5380: Increase register polling limit"
+
+From: Finn Thain <fthain@telegraphics.com.au>
+
+commit 25fcf94a2fa89dd3e73e965ebb0b38a2a4f72aa4 upstream.
+
+This reverts commit 4822827a69d7cd3bc5a07b7637484ebd2cf88db6.
+
+The purpose of that commit was to suppress a timeout warning message which
+appeared to be caused by target latency. But suppressing the warning is
+undesirable as the warning may indicate a messed up transfer count.
+
+Another problem with that commit is that 15 ms is too long to keep
+interrupts disabled as interrupt latency can cause system clock drift and
+other problems.
+
+Cc: Michael Schmitz <schmitzmic@gmail.com>
+Cc: stable@vger.kernel.org
+Fixes: 4822827a69d7 ("scsi: ncr5380: Increase register polling limit")
+Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
+Tested-by: Stan Johnson <userm57@yahoo.com>
+Tested-by: Michael Schmitz <schmitzmic@gmail.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/NCR5380.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/scsi/NCR5380.h
++++ b/drivers/scsi/NCR5380.h
+@@ -235,7 +235,7 @@ struct NCR5380_cmd {
+ #define NCR5380_PIO_CHUNK_SIZE 256
+
+ /* Time limit (ms) to poll registers when IRQs are disabled, e.g. during PDMA */
+-#define NCR5380_REG_POLL_TIME 15
++#define NCR5380_REG_POLL_TIME 10
+
+ static inline struct scsi_cmnd *NCR5380_to_scmd(struct NCR5380_cmd *ncmd_ptr)
+ {
--- /dev/null
+From f9b0530fa02e0c73f31a49ef743e8f44eb8e32cc Mon Sep 17 00:00:00 2001
+From: Ming Lei <ming.lei@redhat.com>
+Date: Fri, 12 Jul 2019 10:08:19 +0800
+Subject: scsi: core: Fix race on creating sense cache
+
+From: Ming Lei <ming.lei@redhat.com>
+
+commit f9b0530fa02e0c73f31a49ef743e8f44eb8e32cc upstream.
+
+When scsi_init_sense_cache(host) is called concurrently from different
+hosts, each code path may find that no cache has been created and
+allocate a new one. The lack of locking can lead to potentially
+overriding a cache allocated by a different host.
+
+Fix the issue by moving 'mutex_lock(&scsi_sense_cache_mutex)' before
+scsi_select_sense_cache().
+
+Fixes: 0a6ac4ee7c21 ("scsi: respect unchecked_isa_dma for blk-mq")
+Cc: Stable <stable@vger.kernel.org>
+Cc: Christoph Hellwig <hch@lst.de>
+Cc: Hannes Reinecke <hare@suse.com>
+Cc: Ewan D. Milne <emilne@redhat.com>
+Signed-off-by: Ming Lei <ming.lei@redhat.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/scsi_lib.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/scsi/scsi_lib.c
++++ b/drivers/scsi/scsi_lib.c
+@@ -71,11 +71,11 @@ int scsi_init_sense_cache(struct Scsi_Ho
+ struct kmem_cache *cache;
+ int ret = 0;
+
++ mutex_lock(&scsi_sense_cache_mutex);
+ cache = scsi_select_sense_cache(shost->unchecked_isa_dma);
+ if (cache)
+- return 0;
++ goto exit;
+
+- mutex_lock(&scsi_sense_cache_mutex);
+ if (shost->unchecked_isa_dma) {
+ scsi_sense_isadma_cache =
+ kmem_cache_create("scsi_sense_cache(DMA)",
+@@ -90,7 +90,7 @@ int scsi_init_sense_cache(struct Scsi_Ho
+ if (!scsi_sense_cache)
+ ret = -ENOMEM;
+ }
+-
++ exit:
+ mutex_unlock(&scsi_sense_cache_mutex);
+ return ret;
+ }
--- /dev/null
+From 78ff751f8e6a9446e9fb26b2bff0b8d3f8974cbd Mon Sep 17 00:00:00 2001
+From: Finn Thain <fthain@telegraphics.com.au>
+Date: Sun, 9 Jun 2019 11:19:11 +1000
+Subject: scsi: mac_scsi: Fix pseudo DMA implementation, take 2
+
+From: Finn Thain <fthain@telegraphics.com.au>
+
+commit 78ff751f8e6a9446e9fb26b2bff0b8d3f8974cbd upstream.
+
+A system bus error during a PDMA transfer can mess up the calculation of
+the transfer residual (the PDMA handshaking hardware lacks a byte
+counter). This results in data corruption.
+
+The algorithm in this patch anticipates a bus error by starting each
+transfer with a MOVE.B instruction. If a bus error is caught the transfer
+will be retried. If a bus error is caught later in the transfer (for a
+MOVE.W instruction) the transfer gets failed and subsequent requests for
+that target will use PIO instead of PDMA.
+
+This avoids the "!REQ and !ACK" error so the severity level of that message
+is reduced to KERN_DEBUG.
+
+Cc: Michael Schmitz <schmitzmic@gmail.com>
+Cc: Geert Uytterhoeven <geert@linux-m68k.org>
+Cc: stable@vger.kernel.org # v4.14+
+Fixes: 3a0f64bfa907 ("mac_scsi: Fix pseudo DMA implementation")
+Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
+Reported-by: Chris Jones <chris@martin-jones.com>
+Tested-by: Stan Johnson <userm57@yahoo.com>
+Tested-by: Michael Schmitz <schmitzmic@gmail.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/mac_scsi.c | 369 ++++++++++++++++++++++++++++--------------------
+ 1 file changed, 217 insertions(+), 152 deletions(-)
+
+--- a/drivers/scsi/mac_scsi.c
++++ b/drivers/scsi/mac_scsi.c
+@@ -3,6 +3,8 @@
+ *
+ * Copyright 1998, Michael Schmitz <mschmitz@lbl.gov>
+ *
++ * Copyright 2019 Finn Thain
++ *
+ * derived in part from:
+ */
+ /*
+@@ -11,6 +13,7 @@
+ * Copyright 1995, Russell King
+ */
+
++#include <linux/delay.h>
+ #include <linux/types.h>
+ #include <linux/module.h>
+ #include <linux/ioport.h>
+@@ -89,101 +92,217 @@ static int __init mac_scsi_setup(char *s
+ __setup("mac5380=", mac_scsi_setup);
+ #endif /* !MODULE */
+
+-/* Pseudo DMA asm originally by Ove Edlund */
++/*
++ * According to "Inside Macintosh: Devices", Mac OS requires disk drivers to
++ * specify the number of bytes between the delays expected from a SCSI target.
++ * This allows the operating system to "prevent bus errors when a target fails
++ * to deliver the next byte within the processor bus error timeout period."
++ * Linux SCSI drivers lack knowledge of the timing behaviour of SCSI targets
++ * so bus errors are unavoidable.
++ *
++ * If a MOVE.B instruction faults, we assume that zero bytes were transferred
++ * and simply retry. That assumption probably depends on target behaviour but
++ * seems to hold up okay. The NOP provides synchronization: without it the
++ * fault can sometimes occur after the program counter has moved past the
++ * offending instruction. Post-increment addressing can't be used.
++ */
++
++#define MOVE_BYTE(operands) \
++ asm volatile ( \
++ "1: moveb " operands " \n" \
++ "11: nop \n" \
++ " addq #1,%0 \n" \
++ " subq #1,%1 \n" \
++ "40: \n" \
++ " \n" \
++ ".section .fixup,\"ax\" \n" \
++ ".even \n" \
++ "90: movel #1, %2 \n" \
++ " jra 40b \n" \
++ ".previous \n" \
++ " \n" \
++ ".section __ex_table,\"a\" \n" \
++ ".align 4 \n" \
++ ".long 1b,90b \n" \
++ ".long 11b,90b \n" \
++ ".previous \n" \
++ : "+a" (addr), "+r" (n), "+r" (result) : "a" (io))
+
+-#define CP_IO_TO_MEM(s,d,n) \
+-__asm__ __volatile__ \
+- (" cmp.w #4,%2\n" \
+- " bls 8f\n" \
+- " move.w %1,%%d0\n" \
+- " neg.b %%d0\n" \
+- " and.w #3,%%d0\n" \
+- " sub.w %%d0,%2\n" \
+- " bra 2f\n" \
+- " 1: move.b (%0),(%1)+\n" \
+- " 2: dbf %%d0,1b\n" \
+- " move.w %2,%%d0\n" \
+- " lsr.w #5,%%d0\n" \
+- " bra 4f\n" \
+- " 3: move.l (%0),(%1)+\n" \
+- "31: move.l (%0),(%1)+\n" \
+- "32: move.l (%0),(%1)+\n" \
+- "33: move.l (%0),(%1)+\n" \
+- "34: move.l (%0),(%1)+\n" \
+- "35: move.l (%0),(%1)+\n" \
+- "36: move.l (%0),(%1)+\n" \
+- "37: move.l (%0),(%1)+\n" \
+- " 4: dbf %%d0,3b\n" \
+- " move.w %2,%%d0\n" \
+- " lsr.w #2,%%d0\n" \
+- " and.w #7,%%d0\n" \
+- " bra 6f\n" \
+- " 5: move.l (%0),(%1)+\n" \
+- " 6: dbf %%d0,5b\n" \
+- " and.w #3,%2\n" \
+- " bra 8f\n" \
+- " 7: move.b (%0),(%1)+\n" \
+- " 8: dbf %2,7b\n" \
+- " moveq.l #0, %2\n" \
+- " 9: \n" \
+- ".section .fixup,\"ax\"\n" \
+- " .even\n" \
+- "91: moveq.l #1, %2\n" \
+- " jra 9b\n" \
+- "94: moveq.l #4, %2\n" \
+- " jra 9b\n" \
+- ".previous\n" \
+- ".section __ex_table,\"a\"\n" \
+- " .align 4\n" \
+- " .long 1b,91b\n" \
+- " .long 3b,94b\n" \
+- " .long 31b,94b\n" \
+- " .long 32b,94b\n" \
+- " .long 33b,94b\n" \
+- " .long 34b,94b\n" \
+- " .long 35b,94b\n" \
+- " .long 36b,94b\n" \
+- " .long 37b,94b\n" \
+- " .long 5b,94b\n" \
+- " .long 7b,91b\n" \
+- ".previous" \
+- : "=a"(s), "=a"(d), "=d"(n) \
+- : "0"(s), "1"(d), "2"(n) \
+- : "d0")
++/*
++ * If a MOVE.W (or MOVE.L) instruction faults, it cannot be retried because
++ * the residual byte count would be uncertain. In that situation the MOVE_WORD
++ * macro clears n in the fixup section to abort the transfer.
++ */
++
++#define MOVE_WORD(operands) \
++ asm volatile ( \
++ "1: movew " operands " \n" \
++ "11: nop \n" \
++ " subq #2,%1 \n" \
++ "40: \n" \
++ " \n" \
++ ".section .fixup,\"ax\" \n" \
++ ".even \n" \
++ "90: movel #0, %1 \n" \
++ " movel #2, %2 \n" \
++ " jra 40b \n" \
++ ".previous \n" \
++ " \n" \
++ ".section __ex_table,\"a\" \n" \
++ ".align 4 \n" \
++ ".long 1b,90b \n" \
++ ".long 11b,90b \n" \
++ ".previous \n" \
++ : "+a" (addr), "+r" (n), "+r" (result) : "a" (io))
++
++#define MOVE_16_WORDS(operands) \
++ asm volatile ( \
++ "1: movew " operands " \n" \
++ "2: movew " operands " \n" \
++ "3: movew " operands " \n" \
++ "4: movew " operands " \n" \
++ "5: movew " operands " \n" \
++ "6: movew " operands " \n" \
++ "7: movew " operands " \n" \
++ "8: movew " operands " \n" \
++ "9: movew " operands " \n" \
++ "10: movew " operands " \n" \
++ "11: movew " operands " \n" \
++ "12: movew " operands " \n" \
++ "13: movew " operands " \n" \
++ "14: movew " operands " \n" \
++ "15: movew " operands " \n" \
++ "16: movew " operands " \n" \
++ "17: nop \n" \
++ " subl #32,%1 \n" \
++ "40: \n" \
++ " \n" \
++ ".section .fixup,\"ax\" \n" \
++ ".even \n" \
++ "90: movel #0, %1 \n" \
++ " movel #2, %2 \n" \
++ " jra 40b \n" \
++ ".previous \n" \
++ " \n" \
++ ".section __ex_table,\"a\" \n" \
++ ".align 4 \n" \
++ ".long 1b,90b \n" \
++ ".long 2b,90b \n" \
++ ".long 3b,90b \n" \
++ ".long 4b,90b \n" \
++ ".long 5b,90b \n" \
++ ".long 6b,90b \n" \
++ ".long 7b,90b \n" \
++ ".long 8b,90b \n" \
++ ".long 9b,90b \n" \
++ ".long 10b,90b \n" \
++ ".long 11b,90b \n" \
++ ".long 12b,90b \n" \
++ ".long 13b,90b \n" \
++ ".long 14b,90b \n" \
++ ".long 15b,90b \n" \
++ ".long 16b,90b \n" \
++ ".long 17b,90b \n" \
++ ".previous \n" \
++ : "+a" (addr), "+r" (n), "+r" (result) : "a" (io))
++
++#define MAC_PDMA_DELAY 32
++
++static inline int mac_pdma_recv(void __iomem *io, unsigned char *start, int n)
++{
++ unsigned char *addr = start;
++ int result = 0;
++
++ if (n >= 1) {
++ MOVE_BYTE("%3@,%0@");
++ if (result)
++ goto out;
++ }
++ if (n >= 1 && ((unsigned long)addr & 1)) {
++ MOVE_BYTE("%3@,%0@");
++ if (result)
++ goto out;
++ }
++ while (n >= 32)
++ MOVE_16_WORDS("%3@,%0@+");
++ while (n >= 2)
++ MOVE_WORD("%3@,%0@+");
++ if (result)
++ return start - addr; /* Negated to indicate uncertain length */
++ if (n == 1)
++ MOVE_BYTE("%3@,%0@");
++out:
++ return addr - start;
++}
++
++static inline int mac_pdma_send(unsigned char *start, void __iomem *io, int n)
++{
++ unsigned char *addr = start;
++ int result = 0;
++
++ if (n >= 1) {
++ MOVE_BYTE("%0@,%3@");
++ if (result)
++ goto out;
++ }
++ if (n >= 1 && ((unsigned long)addr & 1)) {
++ MOVE_BYTE("%0@,%3@");
++ if (result)
++ goto out;
++ }
++ while (n >= 32)
++ MOVE_16_WORDS("%0@+,%3@");
++ while (n >= 2)
++ MOVE_WORD("%0@+,%3@");
++ if (result)
++ return start - addr; /* Negated to indicate uncertain length */
++ if (n == 1)
++ MOVE_BYTE("%0@,%3@");
++out:
++ return addr - start;
++}
+
+ static inline int macscsi_pread(struct NCR5380_hostdata *hostdata,
+ unsigned char *dst, int len)
+ {
+ u8 __iomem *s = hostdata->pdma_io + (INPUT_DATA_REG << 4);
+ unsigned char *d = dst;
+- int n = len;
+- int transferred;
++
++ hostdata->pdma_residual = len;
+
+ while (!NCR5380_poll_politely(hostdata, BUS_AND_STATUS_REG,
+ BASR_DRQ | BASR_PHASE_MATCH,
+ BASR_DRQ | BASR_PHASE_MATCH, HZ / 64)) {
+- CP_IO_TO_MEM(s, d, n);
++ int bytes;
++
++ bytes = mac_pdma_recv(s, d, min(hostdata->pdma_residual, 512));
+
+- transferred = d - dst - n;
+- hostdata->pdma_residual = len - transferred;
++ if (bytes > 0) {
++ d += bytes;
++ hostdata->pdma_residual -= bytes;
++ }
+
+- /* No bus error. */
+- if (n == 0)
++ if (hostdata->pdma_residual == 0)
+ return 0;
+
+- /* Target changed phase early? */
+ if (NCR5380_poll_politely2(hostdata, STATUS_REG, SR_REQ, SR_REQ,
+- BUS_AND_STATUS_REG, BASR_ACK, BASR_ACK, HZ / 64) < 0)
+- scmd_printk(KERN_ERR, hostdata->connected,
++ BUS_AND_STATUS_REG, BASR_ACK,
++ BASR_ACK, HZ / 64) < 0)
++ scmd_printk(KERN_DEBUG, hostdata->connected,
+ "%s: !REQ and !ACK\n", __func__);
+ if (!(NCR5380_read(BUS_AND_STATUS_REG) & BASR_PHASE_MATCH))
+ return 0;
+
++ if (bytes == 0)
++ udelay(MAC_PDMA_DELAY);
++
++ if (bytes >= 0)
++ continue;
++
+ dsprintk(NDEBUG_PSEUDO_DMA, hostdata->host,
+- "%s: bus error (%d/%d)\n", __func__, transferred, len);
++ "%s: bus error (%d/%d)\n", __func__, d - dst, len);
+ NCR5380_dprint(NDEBUG_PSEUDO_DMA, hostdata->host);
+- d = dst + transferred;
+- n = len - transferred;
++ return -1;
+ }
+
+ scmd_printk(KERN_ERR, hostdata->connected,
+@@ -192,93 +311,27 @@ static inline int macscsi_pread(struct N
+ return -1;
+ }
+
+-
+-#define CP_MEM_TO_IO(s,d,n) \
+-__asm__ __volatile__ \
+- (" cmp.w #4,%2\n" \
+- " bls 8f\n" \
+- " move.w %0,%%d0\n" \
+- " neg.b %%d0\n" \
+- " and.w #3,%%d0\n" \
+- " sub.w %%d0,%2\n" \
+- " bra 2f\n" \
+- " 1: move.b (%0)+,(%1)\n" \
+- " 2: dbf %%d0,1b\n" \
+- " move.w %2,%%d0\n" \
+- " lsr.w #5,%%d0\n" \
+- " bra 4f\n" \
+- " 3: move.l (%0)+,(%1)\n" \
+- "31: move.l (%0)+,(%1)\n" \
+- "32: move.l (%0)+,(%1)\n" \
+- "33: move.l (%0)+,(%1)\n" \
+- "34: move.l (%0)+,(%1)\n" \
+- "35: move.l (%0)+,(%1)\n" \
+- "36: move.l (%0)+,(%1)\n" \
+- "37: move.l (%0)+,(%1)\n" \
+- " 4: dbf %%d0,3b\n" \
+- " move.w %2,%%d0\n" \
+- " lsr.w #2,%%d0\n" \
+- " and.w #7,%%d0\n" \
+- " bra 6f\n" \
+- " 5: move.l (%0)+,(%1)\n" \
+- " 6: dbf %%d0,5b\n" \
+- " and.w #3,%2\n" \
+- " bra 8f\n" \
+- " 7: move.b (%0)+,(%1)\n" \
+- " 8: dbf %2,7b\n" \
+- " moveq.l #0, %2\n" \
+- " 9: \n" \
+- ".section .fixup,\"ax\"\n" \
+- " .even\n" \
+- "91: moveq.l #1, %2\n" \
+- " jra 9b\n" \
+- "94: moveq.l #4, %2\n" \
+- " jra 9b\n" \
+- ".previous\n" \
+- ".section __ex_table,\"a\"\n" \
+- " .align 4\n" \
+- " .long 1b,91b\n" \
+- " .long 3b,94b\n" \
+- " .long 31b,94b\n" \
+- " .long 32b,94b\n" \
+- " .long 33b,94b\n" \
+- " .long 34b,94b\n" \
+- " .long 35b,94b\n" \
+- " .long 36b,94b\n" \
+- " .long 37b,94b\n" \
+- " .long 5b,94b\n" \
+- " .long 7b,91b\n" \
+- ".previous" \
+- : "=a"(s), "=a"(d), "=d"(n) \
+- : "0"(s), "1"(d), "2"(n) \
+- : "d0")
+-
+ static inline int macscsi_pwrite(struct NCR5380_hostdata *hostdata,
+ unsigned char *src, int len)
+ {
+ unsigned char *s = src;
+ u8 __iomem *d = hostdata->pdma_io + (OUTPUT_DATA_REG << 4);
+- int n = len;
+- int transferred;
++
++ hostdata->pdma_residual = len;
+
+ while (!NCR5380_poll_politely(hostdata, BUS_AND_STATUS_REG,
+ BASR_DRQ | BASR_PHASE_MATCH,
+ BASR_DRQ | BASR_PHASE_MATCH, HZ / 64)) {
+- CP_MEM_TO_IO(s, d, n);
++ int bytes;
+
+- transferred = s - src - n;
+- hostdata->pdma_residual = len - transferred;
++ bytes = mac_pdma_send(s, d, min(hostdata->pdma_residual, 512));
+
+- /* Target changed phase early? */
+- if (NCR5380_poll_politely2(hostdata, STATUS_REG, SR_REQ, SR_REQ,
+- BUS_AND_STATUS_REG, BASR_ACK, BASR_ACK, HZ / 64) < 0)
+- scmd_printk(KERN_ERR, hostdata->connected,
+- "%s: !REQ and !ACK\n", __func__);
+- if (!(NCR5380_read(BUS_AND_STATUS_REG) & BASR_PHASE_MATCH))
+- return 0;
++ if (bytes > 0) {
++ s += bytes;
++ hostdata->pdma_residual -= bytes;
++ }
+
+- /* No bus error. */
+- if (n == 0) {
++ if (hostdata->pdma_residual == 0) {
+ if (NCR5380_poll_politely(hostdata, TARGET_COMMAND_REG,
+ TCR_LAST_BYTE_SENT,
+ TCR_LAST_BYTE_SENT, HZ / 64) < 0)
+@@ -287,17 +340,29 @@ static inline int macscsi_pwrite(struct
+ return 0;
+ }
+
++ if (NCR5380_poll_politely2(hostdata, STATUS_REG, SR_REQ, SR_REQ,
++ BUS_AND_STATUS_REG, BASR_ACK,
++ BASR_ACK, HZ / 64) < 0)
++ scmd_printk(KERN_DEBUG, hostdata->connected,
++ "%s: !REQ and !ACK\n", __func__);
++ if (!(NCR5380_read(BUS_AND_STATUS_REG) & BASR_PHASE_MATCH))
++ return 0;
++
++ if (bytes == 0)
++ udelay(MAC_PDMA_DELAY);
++
++ if (bytes >= 0)
++ continue;
++
+ dsprintk(NDEBUG_PSEUDO_DMA, hostdata->host,
+- "%s: bus error (%d/%d)\n", __func__, transferred, len);
++ "%s: bus error (%d/%d)\n", __func__, s - src, len);
+ NCR5380_dprint(NDEBUG_PSEUDO_DMA, hostdata->host);
+- s = src + transferred;
+- n = len - transferred;
++ return -1;
+ }
+
+ scmd_printk(KERN_ERR, hostdata->connected,
+ "%s: phase mismatch or !DRQ\n", __func__);
+ NCR5380_dprint(NDEBUG_PSEUDO_DMA, hostdata->host);
+-
+ return -1;
+ }
+
--- /dev/null
+From 7398cee4c3e6aea1ba07a6449e5533ecd0b92cdd Mon Sep 17 00:00:00 2001
+From: Finn Thain <fthain@telegraphics.com.au>
+Date: Sun, 9 Jun 2019 11:19:11 +1000
+Subject: scsi: mac_scsi: Increase PIO/PDMA transfer length threshold
+
+From: Finn Thain <fthain@telegraphics.com.au>
+
+commit 7398cee4c3e6aea1ba07a6449e5533ecd0b92cdd upstream.
+
+Some targets introduce delays when handshaking the response to certain
+commands. For example, a disk may send a 96-byte response to an INQUIRY
+command (or a 24-byte response to a MODE SENSE command) too slowly.
+
+Apparently the first 12 or 14 bytes are handshaked okay but then the system
+bus error timeout is reached while transferring the next word.
+
+Since the scsi bus phase hasn't changed, the driver then sets the target
+borken flag to prevent further PDMA transfers. The driver also logs the
+warning, "switching to slow handshake".
+
+Raise the PDMA threshold to 512 bytes so that PIO transfers will be used
+for these commands. This default is sufficiently low that PDMA will still
+be used for READ and WRITE commands.
+
+The existing threshold (16 bytes) was chosen more or less at random.
+However, best performance requires the threshold to be as low as possible.
+Those systems that don't need the PIO workaround at all may benefit from
+mac_scsi.setup_use_pdma=1
+
+Cc: Michael Schmitz <schmitzmic@gmail.com>
+Cc: stable@vger.kernel.org # v4.14+
+Fixes: 3a0f64bfa907 ("mac_scsi: Fix pseudo DMA implementation")
+Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
+Tested-by: Stan Johnson <userm57@yahoo.com>
+Tested-by: Michael Schmitz <schmitzmic@gmail.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/mac_scsi.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/scsi/mac_scsi.c
++++ b/drivers/scsi/mac_scsi.c
+@@ -52,7 +52,7 @@ static int setup_cmd_per_lun = -1;
+ module_param(setup_cmd_per_lun, int, 0);
+ static int setup_sg_tablesize = -1;
+ module_param(setup_sg_tablesize, int, 0);
+-static int setup_use_pdma = -1;
++static int setup_use_pdma = 512;
+ module_param(setup_use_pdma, int, 0);
+ static int setup_hostid = -1;
+ module_param(setup_hostid, int, 0);
+@@ -305,7 +305,7 @@ static int macscsi_dma_xfer_len(struct N
+ struct scsi_cmnd *cmd)
+ {
+ if (hostdata->flags & FLAG_NO_PSEUDO_DMA ||
+- cmd->SCp.this_residual < 16)
++ cmd->SCp.this_residual < setup_use_pdma)
+ return 0;
+
+ return cmd->SCp.this_residual;
--- /dev/null
+From c8f96df5b8e633056b7ebf5d52a9d6fb1b156ce3 Mon Sep 17 00:00:00 2001
+From: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
+Date: Fri, 28 Jun 2019 18:02:12 -0700
+Subject: scsi: megaraid_sas: Fix calculation of target ID
+
+From: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
+
+commit c8f96df5b8e633056b7ebf5d52a9d6fb1b156ce3 upstream.
+
+In megasas_get_target_prop(), driver is incorrectly calculating the target
+ID for devices with channel 1 and 3. Due to this, firmware will either
+fail the command (if there is no device with the target id sent from
+driver) or could return the properties for a target which was not
+intended. Devices could end up with the wrong queue depth due to this.
+
+Fix target id calculation for channel 1 and 3.
+
+Fixes: 96188a89cc6d ("scsi: megaraid_sas: NVME interface target prop added")
+Cc: stable@vger.kernel.org
+Signed-off-by: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/megaraid/megaraid_sas_base.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/scsi/megaraid/megaraid_sas_base.c
++++ b/drivers/scsi/megaraid/megaraid_sas_base.c
+@@ -5806,7 +5806,8 @@ megasas_get_target_prop(struct megasas_i
+ int ret;
+ struct megasas_cmd *cmd;
+ struct megasas_dcmd_frame *dcmd;
+- u16 targetId = (sdev->channel % 2) + sdev->id;
++ u16 targetId = ((sdev->channel % 2) * MEGASAS_MAX_DEV_PER_CHANNEL) +
++ sdev->id;
+
+ cmd = megasas_get_cmd(instance);
+
--- /dev/null
+From 57f31326518e98ee4cabf9a04efe00ed57c54147 Mon Sep 17 00:00:00 2001
+From: Finn Thain <fthain@telegraphics.com.au>
+Date: Sun, 9 Jun 2019 11:19:11 +1000
+Subject: scsi: NCR5380: Always re-enable reselection interrupt
+
+From: Finn Thain <fthain@telegraphics.com.au>
+
+commit 57f31326518e98ee4cabf9a04efe00ed57c54147 upstream.
+
+The reselection interrupt gets disabled during selection and must be
+re-enabled when hostdata->connected becomes NULL. If it isn't re-enabled a
+disconnected command may time-out or the target may wedge the bus while
+trying to reselect the host. This can happen after a command is aborted.
+
+Fix this by enabling the reselection interrupt in NCR5380_main() after
+calls to NCR5380_select() and NCR5380_information_transfer() return.
+
+Cc: Michael Schmitz <schmitzmic@gmail.com>
+Cc: stable@vger.kernel.org # v4.9+
+Fixes: 8b00c3d5d40d ("ncr5380: Implement new eh_abort_handler")
+Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
+Tested-by: Stan Johnson <userm57@yahoo.com>
+Tested-by: Michael Schmitz <schmitzmic@gmail.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/NCR5380.c | 12 ++----------
+ 1 file changed, 2 insertions(+), 10 deletions(-)
+
+--- a/drivers/scsi/NCR5380.c
++++ b/drivers/scsi/NCR5380.c
+@@ -710,6 +710,8 @@ static void NCR5380_main(struct work_str
+ NCR5380_information_transfer(instance);
+ done = 0;
+ }
++ if (!hostdata->connected)
++ NCR5380_write(SELECT_ENABLE_REG, hostdata->id_mask);
+ spin_unlock_irq(&hostdata->lock);
+ if (!done)
+ cond_resched();
+@@ -1106,8 +1108,6 @@ static struct scsi_cmnd *NCR5380_select(
+ spin_lock_irq(&hostdata->lock);
+ NCR5380_write(INITIATOR_COMMAND_REG, ICR_BASE);
+ NCR5380_reselect(instance);
+- if (!hostdata->connected)
+- NCR5380_write(SELECT_ENABLE_REG, hostdata->id_mask);
+ shost_printk(KERN_ERR, instance, "reselection after won arbitration?\n");
+ goto out;
+ }
+@@ -1115,7 +1115,6 @@ static struct scsi_cmnd *NCR5380_select(
+ if (err < 0) {
+ spin_lock_irq(&hostdata->lock);
+ NCR5380_write(INITIATOR_COMMAND_REG, ICR_BASE);
+- NCR5380_write(SELECT_ENABLE_REG, hostdata->id_mask);
+
+ /* Can't touch cmd if it has been reclaimed by the scsi ML */
+ if (!hostdata->selecting)
+@@ -1153,7 +1152,6 @@ static struct scsi_cmnd *NCR5380_select(
+ if (err < 0) {
+ shost_printk(KERN_ERR, instance, "select: REQ timeout\n");
+ NCR5380_write(INITIATOR_COMMAND_REG, ICR_BASE);
+- NCR5380_write(SELECT_ENABLE_REG, hostdata->id_mask);
+ goto out;
+ }
+ if (!hostdata->selecting) {
+@@ -1820,9 +1818,6 @@ static void NCR5380_information_transfer
+ */
+ NCR5380_write(TARGET_COMMAND_REG, 0);
+
+- /* Enable reselect interrupts */
+- NCR5380_write(SELECT_ENABLE_REG, hostdata->id_mask);
+-
+ maybe_release_dma_irq(instance);
+ return;
+ case MESSAGE_REJECT:
+@@ -1854,8 +1849,6 @@ static void NCR5380_information_transfer
+ */
+ NCR5380_write(TARGET_COMMAND_REG, 0);
+
+- /* Enable reselect interrupts */
+- NCR5380_write(SELECT_ENABLE_REG, hostdata->id_mask);
+ #ifdef SUN3_SCSI_VME
+ dregs->csr |= CSR_DMA_ENABLE;
+ #endif
+@@ -1963,7 +1956,6 @@ static void NCR5380_information_transfer
+ cmd->result = DID_ERROR << 16;
+ complete_cmd(instance, cmd);
+ maybe_release_dma_irq(instance);
+- NCR5380_write(SELECT_ENABLE_REG, hostdata->id_mask);
+ return;
+ }
+ msgout = NOP;
--- /dev/null
+From 6a162836997c10bbefb7c7ca772201cc45c0e4a6 Mon Sep 17 00:00:00 2001
+From: Finn Thain <fthain@telegraphics.com.au>
+Date: Thu, 27 Sep 2018 11:17:11 +1000
+Subject: scsi: NCR5380: Reduce goto statements in NCR5380_select()
+
+From: Finn Thain <fthain@telegraphics.com.au>
+
+commit 6a162836997c10bbefb7c7ca772201cc45c0e4a6 upstream.
+
+Replace a 'goto' statement with a simple 'return' where possible. This
+improves readability. No functional change.
+
+Tested-by: Michael Schmitz <schmitzmic@gmail.com>
+Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/NCR5380.c | 21 ++++++++++++---------
+ 1 file changed, 12 insertions(+), 9 deletions(-)
+
+--- a/drivers/scsi/NCR5380.c
++++ b/drivers/scsi/NCR5380.c
+@@ -984,7 +984,7 @@ static struct scsi_cmnd *NCR5380_select(
+ if (!hostdata->selecting) {
+ /* Command was aborted */
+ NCR5380_write(MODE_REG, MR_BASE);
+- goto out;
++ return NULL;
+ }
+ if (err < 0) {
+ NCR5380_write(MODE_REG, MR_BASE);
+@@ -1033,7 +1033,7 @@ static struct scsi_cmnd *NCR5380_select(
+ if (!hostdata->selecting) {
+ NCR5380_write(MODE_REG, MR_BASE);
+ NCR5380_write(INITIATOR_COMMAND_REG, ICR_BASE);
+- goto out;
++ return NULL;
+ }
+
+ dsprintk(NDEBUG_ARBITRATION, instance, "won arbitration\n");
+@@ -1116,13 +1116,16 @@ static struct scsi_cmnd *NCR5380_select(
+ spin_lock_irq(&hostdata->lock);
+ NCR5380_write(INITIATOR_COMMAND_REG, ICR_BASE);
+ NCR5380_write(SELECT_ENABLE_REG, hostdata->id_mask);
++
+ /* Can't touch cmd if it has been reclaimed by the scsi ML */
+- if (hostdata->selecting) {
+- cmd->result = DID_BAD_TARGET << 16;
+- complete_cmd(instance, cmd);
+- dsprintk(NDEBUG_SELECTION, instance, "target did not respond within 250ms\n");
+- cmd = NULL;
+- }
++ if (!hostdata->selecting)
++ return NULL;
++
++ cmd->result = DID_BAD_TARGET << 16;
++ complete_cmd(instance, cmd);
++ dsprintk(NDEBUG_SELECTION, instance,
++ "target did not respond within 250ms\n");
++ cmd = NULL;
+ goto out;
+ }
+
+@@ -1155,7 +1158,7 @@ static struct scsi_cmnd *NCR5380_select(
+ }
+ if (!hostdata->selecting) {
+ do_abort(instance);
+- goto out;
++ return NULL;
+ }
+
+ dsprintk(NDEBUG_SELECTION, instance, "target %d selected, going into MESSAGE OUT phase.\n",
floppy-fix-invalid-pointer-dereference-in-drive_name.patch
floppy-fix-out-of-bounds-read-in-copy_buffer.patch
xen-let-alloc_xenballooned_pages-fail-if-not-enough-memory-free.patch
+scsi-ncr5380-reduce-goto-statements-in-ncr5380_select.patch
+scsi-ncr5380-always-re-enable-reselection-interrupt.patch
+revert-scsi-ncr5380-increase-register-polling-limit.patch
+scsi-core-fix-race-on-creating-sense-cache.patch
+scsi-megaraid_sas-fix-calculation-of-target-id.patch
+scsi-mac_scsi-increase-pio-pdma-transfer-length-threshold.patch
+scsi-mac_scsi-fix-pseudo-dma-implementation-take-2.patch
+crypto-ghash-fix-unaligned-memory-access-in-ghash_setkey.patch
+crypto-ccp-validate-the-the-error-value-used-to-index-error-messages.patch
+crypto-arm64-sha1-ce-correct-digest-for-empty-data-in-finup.patch
+crypto-arm64-sha2-ce-correct-digest-for-empty-data-in-finup.patch
+crypto-chacha20poly1305-fix-atomic-sleep-when-using-async-algorithm.patch
+crypto-ccp-memset-structure-fields-to-zero-before-reuse.patch
+crypto-ccp-gcm-use-const-time-tag-comparison.patch
+crypto-crypto4xx-fix-a-potential-double-free-in-ppc4xx_trng_probe.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
