--- /dev/null
+From 5d0f801a2ccec3b1fdabc3392c8d99ed0413d216 Mon Sep 17 00:00:00 2001
+From: Markus Pargmann <mpa@pengutronix.de>
+Date: Mon, 28 Oct 2013 09:54:40 +0100
+Subject: can: c_can: Fix RX message handling, handle lost message before EOB
+
+From: Markus Pargmann <mpa@pengutronix.de>
+
+commit 5d0f801a2ccec3b1fdabc3392c8d99ed0413d216 upstream.
+
+If we handle end of block messages with higher priority than a lost message,
+we can run into an endless interrupt loop.
+
+This is reproducable with a am335x processor and "cansequence -r" at 1Mbit.
+As soon as we loose a packet we can't escape from an interrupt loop.
+
+This patch fixes the problem by handling lost packets before EOB packets.
+
+Signed-off-by: Markus Pargmann <mpa@pengutronix.de>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/can/c_can/c_can.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/net/can/c_can/c_can.c
++++ b/drivers/net/can/c_can/c_can.c
+@@ -760,9 +760,6 @@ static int c_can_do_rx_poll(struct net_d
+ msg_ctrl_save = priv->read_reg(priv,
+ &priv->regs->ifregs[0].msg_cntrl);
+
+- if (msg_ctrl_save & IF_MCONT_EOB)
+- return num_rx_pkts;
+-
+ if (msg_ctrl_save & IF_MCONT_MSGLST) {
+ c_can_handle_lost_msg_obj(dev, 0, msg_obj);
+ num_rx_pkts++;
+@@ -770,6 +767,9 @@ static int c_can_do_rx_poll(struct net_d
+ continue;
+ }
+
++ if (msg_ctrl_save & IF_MCONT_EOB)
++ return num_rx_pkts;
++
+ if (!(msg_ctrl_save & IF_MCONT_NEWDAT))
+ continue;
+
--- /dev/null
+From 714b33d15130cbb5ab426456d4e3de842d6c5b8a Mon Sep 17 00:00:00 2001
+From: Neil Horman <nhorman@tuxdriver.com>
+Date: Tue, 17 Sep 2013 08:33:11 -0400
+Subject: crypto: ansi_cprng - Fix off by one error in non-block size request
+
+From: Neil Horman <nhorman@tuxdriver.com>
+
+commit 714b33d15130cbb5ab426456d4e3de842d6c5b8a upstream.
+
+Stephan Mueller reported to me recently a error in random number generation in
+the ansi cprng. If several small requests are made that are less than the
+instances block size, the remainder for loop code doesn't increment
+rand_data_valid in the last iteration, meaning that the last bytes in the
+rand_data buffer gets reused on the subsequent smaller-than-a-block request for
+random data.
+
+The fix is pretty easy, just re-code the for loop to make sure that
+rand_data_valid gets incremented appropriately
+
+Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
+Reported-by: Stephan Mueller <stephan.mueller@atsec.com>
+CC: Stephan Mueller <stephan.mueller@atsec.com>
+CC: Petr Matousek <pmatouse@redhat.com>
+CC: Herbert Xu <herbert@gondor.apana.org.au>
+CC: "David S. Miller" <davem@davemloft.net>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: Luis Henriques <luis.henriques@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/ansi_cprng.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/crypto/ansi_cprng.c
++++ b/crypto/ansi_cprng.c
+@@ -230,11 +230,11 @@ remainder:
+ */
+ if (byte_count < DEFAULT_BLK_SZ) {
+ empty_rbuf:
+- for (; ctx->rand_data_valid < DEFAULT_BLK_SZ;
+- ctx->rand_data_valid++) {
++ while (ctx->rand_data_valid < DEFAULT_BLK_SZ) {
+ *ptr = ctx->rand_data[ctx->rand_data_valid];
+ ptr++;
+ byte_count--;
++ ctx->rand_data_valid++;
+ if (byte_count == 0)
+ goto done;
+ }
acpica-return-error-if-derefof-resolves-to-a-null-package-element.patch
acpica-fix-for-a-store-argx-when-argx-contains-a-reference-to-a-field.patch
usb-mos7840-fix-tiocmget-error-handling.patch
+crypto-ansi_cprng-fix-off-by-one-error-in-non-block-size-request.patch
+can-c_can-fix-rx-message-handling-handle-lost-message-before-eob.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
