--- /dev/null
+From 900a081f6912a8985dc15380ec912752cb66025a Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Mon, 26 Mar 2018 08:53:25 +0800
+Subject: crypto: ahash - Fix early termination in hash walk
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit 900a081f6912a8985dc15380ec912752cb66025a upstream.
+
+When we have an unaligned SG list entry where there is no leftover
+aligned data, the hash walk code will incorrectly return zero as if
+the entire SG list has been processed.
+
+This patch fixes it by moving onto the next page instead.
+
+Reported-by: Eli Cooper <elicooper@gmx.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/ahash.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/crypto/ahash.c
++++ b/crypto/ahash.c
+@@ -92,13 +92,14 @@ int crypto_hash_walk_done(struct crypto_
+
+ if (nbytes && walk->offset & alignmask && !err) {
+ walk->offset = ALIGN(walk->offset, alignmask + 1);
+- walk->data += walk->offset;
+-
+ nbytes = min(nbytes,
+ ((unsigned int)(PAGE_SIZE)) - walk->offset);
+ walk->entrylen -= nbytes;
+
+- return nbytes;
++ if (nbytes) {
++ walk->data += walk->offset;
++ return nbytes;
++ }
+ }
+
+ if (walk->flags & CRYPTO_ALG_ASYNC)
--- /dev/null
+From 6aaf49b495b446ff6eec0ac983f781ca0dc56a73 Mon Sep 17 00:00:00 2001
+From: Leonard Crestez <leonard.crestez@nxp.com>
+Date: Tue, 13 Mar 2018 22:17:23 +0200
+Subject: crypto: arm,arm64 - Fix random regeneration of S_shipped
+
+From: Leonard Crestez <leonard.crestez@nxp.com>
+
+commit 6aaf49b495b446ff6eec0ac983f781ca0dc56a73 upstream.
+
+The decision to rebuild .S_shipped is made based on the relative
+timestamps of .S_shipped and .pl files but git makes this essentially
+random. This means that the perl script might run anyway (usually at
+most once per checkout), defeating the whole purpose of _shipped.
+
+Fix by skipping the rule unless explicit make variables are provided:
+REGENERATE_ARM_CRYPTO or REGENERATE_ARM64_CRYPTO.
+
+This can produce nasty occasional build failures downstream, for example
+for toolchains with broken perl. The solution is minimally intrusive to
+make it easier to push into stable.
+
+Another report on a similar issue here: https://lkml.org/lkml/2018/3/8/1379
+
+Signed-off-by: Leonard Crestez <leonard.crestez@nxp.com>
+Cc: <stable@vger.kernel.org>
+Reviewed-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/crypto/Makefile | 2 ++
+ arch/arm64/crypto/Makefile | 2 ++
+ 2 files changed, 4 insertions(+)
+
+--- a/arch/arm/crypto/Makefile
++++ b/arch/arm/crypto/Makefile
+@@ -54,6 +54,7 @@ crct10dif-arm-ce-y := crct10dif-ce-core.
+ crc32-arm-ce-y:= crc32-ce-core.o crc32-ce-glue.o
+ chacha20-neon-y := chacha20-neon-core.o chacha20-neon-glue.o
+
++ifdef REGENERATE_ARM_CRYPTO
+ quiet_cmd_perl = PERL $@
+ cmd_perl = $(PERL) $(<) > $(@)
+
+@@ -62,5 +63,6 @@ $(src)/sha256-core.S_shipped: $(src)/sha
+
+ $(src)/sha512-core.S_shipped: $(src)/sha512-armv4.pl
+ $(call cmd,perl)
++endif
+
+ .PRECIOUS: $(obj)/sha256-core.S $(obj)/sha512-core.S
+--- a/arch/arm64/crypto/Makefile
++++ b/arch/arm64/crypto/Makefile
+@@ -58,6 +58,7 @@ CFLAGS_aes-glue-ce.o := -DUSE_V8_CRYPTO_
+ $(obj)/aes-glue-%.o: $(src)/aes-glue.c FORCE
+ $(call if_changed_rule,cc_o_c)
+
++ifdef REGENERATE_ARM64_CRYPTO
+ quiet_cmd_perlasm = PERLASM $@
+ cmd_perlasm = $(PERL) $(<) void $(@)
+
+@@ -66,5 +67,6 @@ $(src)/sha256-core.S_shipped: $(src)/sha
+
+ $(src)/sha512-core.S_shipped: $(src)/sha512-armv8.pl
+ $(call cmd,perlasm)
++endif
+
+ .PRECIOUS: $(obj)/sha256-core.S $(obj)/sha512-core.S
--- /dev/null
+From b85149f6f5d5a9279f29a73b2e95342f4d465e73 Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Thu, 22 Feb 2018 14:22:47 +0000
+Subject: crypto: caam - Fix null dereference at error path
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Rui Miguel Silva <rui.silva@linaro.org>
+
+commit b85149f6f5d5a9279f29a73b2e95342f4d465e73 upstream.
+
+caam_remove already removes the debugfs entry, so we need to remove the one
+immediately before calling caam_remove.
+
+This fix a NULL dereference at error paths is caam_probe fail.
+
+Fixes: 67c2315def06 ("crypto: caam - add Queue Interface (QI) backend support")
+
+Tested-by: Ryan Harkin <ryan.harkin@linaro.org>
+Cc: "Horia Geantă" <horia.geanta@nxp.com>
+Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
+Cc: Fabio Estevam <fabio.estevam@nxp.com>
+Cc: Peng Fan <peng.fan@nxp.com>
+Cc: "David S. Miller" <davem@davemloft.net>
+Cc: Lukas Auer <lukas.auer@aisec.fraunhofer.de>
+Cc: <stable@vger.kernel.org> # 4.12+
+Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/caam/ctrl.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/drivers/crypto/caam/ctrl.c
++++ b/drivers/crypto/caam/ctrl.c
+@@ -813,9 +813,6 @@ static int caam_probe(struct platform_de
+ return 0;
+
+ caam_remove:
+-#ifdef CONFIG_DEBUG_FS
+- debugfs_remove_recursive(ctrlpriv->dfs_root);
+-#endif
+ caam_remove(pdev);
+ return ret;
+
--- /dev/null
+From 0a9eb80e643064266868bd2fb2cd608e669309b0 Mon Sep 17 00:00:00 2001
+From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>
+Date: Sat, 24 Feb 2018 17:03:21 +0100
+Subject: crypto: ccp - return an actual key size from RSA max_size callback
+
+From: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
+
+commit 0a9eb80e643064266868bd2fb2cd608e669309b0 upstream.
+
+rsa-pkcs1pad uses a value returned from a RSA implementation max_size
+callback as a size of an input buffer passed to the RSA implementation for
+encrypt and sign operations.
+
+CCP RSA implementation uses a hardware input buffer which size depends only
+on the current RSA key length, so it should return this key length in
+the max_size callback, too.
+This also matches what the kernel software RSA implementation does.
+
+Previously, the value returned from this callback was always the maximum
+RSA key size the CCP hardware supports.
+This resulted in this huge buffer being passed by rsa-pkcs1pad to CCP even
+for smaller key sizes and then in a buffer overflow when ccp_run_rsa_cmd()
+tried to copy this large input buffer into a RSA key length-sized hardware
+input buffer.
+
+Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
+Fixes: ceeec0afd684 ("crypto: ccp - Add support for RSA on the CCP")
+Cc: stable@vger.kernel.org
+Acked-by: Gary R Hook <gary.hook@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/ccp/ccp-crypto-rsa.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+--- a/drivers/crypto/ccp/ccp-crypto-rsa.c
++++ b/drivers/crypto/ccp/ccp-crypto-rsa.c
+@@ -60,10 +60,9 @@ static int ccp_rsa_complete(struct crypt
+
+ static unsigned int ccp_rsa_maxsize(struct crypto_akcipher *tfm)
+ {
+- if (ccp_version() > CCP_VERSION(3, 0))
+- return CCP5_RSA_MAXMOD;
+- else
+- return CCP_RSA_MAXMOD;
++ struct ccp_ctx *ctx = akcipher_tfm_ctx(tfm);
++
++ return ctx->u.rsa.n_len;
+ }
+
+ static int ccp_rsa_crypt(struct akcipher_request *req, bool encrypt)
--- /dev/null
+From f962eb46e7a9b98a58d2483f5eb216e738fec732 Mon Sep 17 00:00:00 2001
+From: Gregory CLEMENT <gregory.clement@bootlin.com>
+Date: Tue, 13 Mar 2018 17:48:40 +0100
+Subject: crypto: inside-secure - fix clock management
+
+From: Gregory CLEMENT <gregory.clement@bootlin.com>
+
+commit f962eb46e7a9b98a58d2483f5eb216e738fec732 upstream.
+
+In this driver the clock is got but never put when the driver is removed
+or if there is an error in the probe.
+
+Using the managed version of clk_get() allows to let the kernel take care
+of it.
+
+Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto
+engine driver")
+cc: stable@vger.kernel.org
+Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/inside-secure/safexcel.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/crypto/inside-secure/safexcel.c
++++ b/drivers/crypto/inside-secure/safexcel.c
+@@ -789,7 +789,7 @@ static int safexcel_probe(struct platfor
+ return PTR_ERR(priv->base);
+ }
+
+- priv->clk = of_clk_get(dev->of_node, 0);
++ priv->clk = devm_clk_get(&pdev->dev, NULL);
+ if (!IS_ERR(priv->clk)) {
+ ret = clk_prepare_enable(priv->clk);
+ if (ret) {
--- /dev/null
+From 8c9bdab21289c211ca1ca6a5f9b7537b4a600a02 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Fri, 23 Mar 2018 08:14:44 +0800
+Subject: crypto: lrw - Free rctx->ext with kzfree
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit 8c9bdab21289c211ca1ca6a5f9b7537b4a600a02 upstream.
+
+The buffer rctx->ext contains potentially sensitive data and should
+be freed with kzfree.
+
+Cc: <stable@vger.kernel.org>
+Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher")
+Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/lrw.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/crypto/lrw.c
++++ b/crypto/lrw.c
+@@ -313,7 +313,7 @@ static void exit_crypt(struct skcipher_r
+ rctx->left = 0;
+
+ if (rctx->ext)
+- kfree(rctx->ext);
++ kzfree(rctx->ext);
+ }
+
+ static int do_encrypt(struct skcipher_request *req, int err)
--- /dev/null
+From ad4cd51fb8375109edb377712b5f9c0c31ece33e Mon Sep 17 00:00:00 2001
+From: LEROY Christophe <christophe.leroy@c-s.fr>
+Date: Mon, 26 Feb 2018 17:40:04 +0100
+Subject: crypto: talitos - don't persistently map req_ctx->hw_context and req_ctx->buf
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: LEROY Christophe <christophe.leroy@c-s.fr>
+
+commit ad4cd51fb8375109edb377712b5f9c0c31ece33e upstream.
+
+Commit 49f9783b0cea ("crypto: talitos - do hw_context DMA mapping
+outside the requests") introduced a persistent dma mapping of
+req_ctx->hw_context
+Commit 37b5e8897eb5 ("crypto: talitos - chain in buffered data for ahash
+on SEC1") introduced a persistent dma mapping of req_ctx->buf
+
+As there is no destructor for req_ctx (the request context), the
+associated dma handlers where set in ctx (the tfm context). This is
+wrong as several hash operations can run with the same ctx.
+
+This patch removes this persistent mapping.
+
+Reported-by: Horia Geanta <horia.geanta@nxp.com>
+Cc: <stable@vger.kernel.org>
+Fixes: 49f9783b0cea ("crypto: talitos - do hw_context DMA mapping outside the requests")
+Fixes: 37b5e8897eb5 ("crypto: talitos - chain in buffered data for ahash on SEC1")
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Tested-by: Horia Geantă <horia.geanta@nxp.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 132 +++++++++++++++--------------------------------
+ 1 file changed, 44 insertions(+), 88 deletions(-)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -832,8 +832,6 @@ struct talitos_ctx {
+ unsigned int keylen;
+ unsigned int enckeylen;
+ unsigned int authkeylen;
+- dma_addr_t dma_buf;
+- dma_addr_t dma_hw_context;
+ };
+
+ #define HASH_MAX_BLOCK_SIZE SHA512_BLOCK_SIZE
+@@ -1690,9 +1688,30 @@ static void common_nonsnoop_hash_unmap(s
+ struct ahash_request *areq)
+ {
+ struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
++ struct talitos_private *priv = dev_get_drvdata(dev);
++ bool is_sec1 = has_ftr_sec1(priv);
++ struct talitos_desc *desc = &edesc->desc;
++ struct talitos_desc *desc2 = desc + 1;
++
++ unmap_single_talitos_ptr(dev, &edesc->desc.ptr[5], DMA_FROM_DEVICE);
++ if (desc->next_desc &&
++ desc->ptr[5].ptr != desc2->ptr[5].ptr)
++ unmap_single_talitos_ptr(dev, &desc2->ptr[5], DMA_FROM_DEVICE);
+
+ talitos_sg_unmap(dev, edesc, req_ctx->psrc, NULL, 0, 0);
+
++ /* When using hashctx-in, must unmap it. */
++ if (from_talitos_ptr_len(&edesc->desc.ptr[1], is_sec1))
++ unmap_single_talitos_ptr(dev, &edesc->desc.ptr[1],
++ DMA_TO_DEVICE);
++ else if (desc->next_desc)
++ unmap_single_talitos_ptr(dev, &desc2->ptr[1],
++ DMA_TO_DEVICE);
++
++ if (is_sec1 && req_ctx->nbuf)
++ unmap_single_talitos_ptr(dev, &desc->ptr[3],
++ DMA_TO_DEVICE);
++
+ if (edesc->dma_len)
+ dma_unmap_single(dev, edesc->dma_link_tbl, edesc->dma_len,
+ DMA_BIDIRECTIONAL);
+@@ -1766,8 +1785,10 @@ static int common_nonsnoop_hash(struct t
+
+ /* hash context in */
+ if (!req_ctx->first || req_ctx->swinit) {
+- to_talitos_ptr(&desc->ptr[1], ctx->dma_hw_context,
+- req_ctx->hw_context_size, is_sec1);
++ map_single_talitos_ptr(dev, &desc->ptr[1],
++ req_ctx->hw_context_size,
++ (char *)req_ctx->hw_context,
++ DMA_TO_DEVICE);
+ req_ctx->swinit = 0;
+ }
+ /* Indicate next op is not the first. */
+@@ -1793,10 +1814,9 @@ static int common_nonsnoop_hash(struct t
+ * data in
+ */
+ if (is_sec1 && req_ctx->nbuf) {
+- dma_addr_t dma_buf = ctx->dma_buf + req_ctx->buf_idx *
+- HASH_MAX_BLOCK_SIZE;
+-
+- to_talitos_ptr(&desc->ptr[3], dma_buf, req_ctx->nbuf, is_sec1);
++ map_single_talitos_ptr(dev, &desc->ptr[3], req_ctx->nbuf,
++ req_ctx->buf[req_ctx->buf_idx],
++ DMA_TO_DEVICE);
+ } else {
+ sg_count = talitos_sg_map(dev, req_ctx->psrc, length, edesc,
+ &desc->ptr[3], sg_count, offset, 0);
+@@ -1812,8 +1832,9 @@ static int common_nonsnoop_hash(struct t
+ crypto_ahash_digestsize(tfm),
+ areq->result, DMA_FROM_DEVICE);
+ else
+- to_talitos_ptr(&desc->ptr[5], ctx->dma_hw_context,
+- req_ctx->hw_context_size, is_sec1);
++ map_single_talitos_ptr(dev, &desc->ptr[5],
++ req_ctx->hw_context_size,
++ req_ctx->hw_context, DMA_FROM_DEVICE);
+
+ /* last DWORD empty */
+
+@@ -1832,9 +1853,14 @@ static int common_nonsnoop_hash(struct t
+ desc->hdr |= DESC_HDR_MODE0_MDEU_CONT;
+ desc->hdr &= ~DESC_HDR_DONE_NOTIFY;
+
+- to_talitos_ptr(&desc2->ptr[1], ctx->dma_hw_context,
+- req_ctx->hw_context_size, is_sec1);
+-
++ if (desc->ptr[1].ptr)
++ copy_talitos_ptr(&desc2->ptr[1], &desc->ptr[1],
++ is_sec1);
++ else
++ map_single_talitos_ptr(dev, &desc2->ptr[1],
++ req_ctx->hw_context_size,
++ req_ctx->hw_context,
++ DMA_TO_DEVICE);
+ copy_talitos_ptr(&desc2->ptr[2], &desc->ptr[2], is_sec1);
+ sg_count = talitos_sg_map(dev, req_ctx->psrc, length, edesc,
+ &desc2->ptr[3], sg_count, offset, 0);
+@@ -1842,8 +1868,10 @@ static int common_nonsnoop_hash(struct t
+ sync_needed = true;
+ copy_talitos_ptr(&desc2->ptr[5], &desc->ptr[5], is_sec1);
+ if (req_ctx->last)
+- to_talitos_ptr(&desc->ptr[5], ctx->dma_hw_context,
+- req_ctx->hw_context_size, is_sec1);
++ map_single_talitos_ptr(dev, &desc->ptr[5],
++ req_ctx->hw_context_size,
++ req_ctx->hw_context,
++ DMA_FROM_DEVICE);
+
+ next_desc = dma_map_single(dev, &desc2->hdr1, TALITOS_DESC_SIZE,
+ DMA_BIDIRECTIONAL);
+@@ -1881,12 +1909,8 @@ static struct talitos_edesc *ahash_edesc
+ static int ahash_init(struct ahash_request *areq)
+ {
+ struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
+- struct talitos_ctx *ctx = crypto_ahash_ctx(tfm);
+- struct device *dev = ctx->dev;
+ struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
+ unsigned int size;
+- struct talitos_private *priv = dev_get_drvdata(dev);
+- bool is_sec1 = has_ftr_sec1(priv);
+
+ /* Initialize the context */
+ req_ctx->buf_idx = 0;
+@@ -1898,18 +1922,6 @@ static int ahash_init(struct ahash_reque
+ : TALITOS_MDEU_CONTEXT_SIZE_SHA384_SHA512;
+ req_ctx->hw_context_size = size;
+
+- if (ctx->dma_hw_context)
+- dma_unmap_single(dev, ctx->dma_hw_context, size,
+- DMA_BIDIRECTIONAL);
+- ctx->dma_hw_context = dma_map_single(dev, req_ctx->hw_context, size,
+- DMA_BIDIRECTIONAL);
+- if (ctx->dma_buf)
+- dma_unmap_single(dev, ctx->dma_buf, sizeof(req_ctx->buf),
+- DMA_TO_DEVICE);
+- if (is_sec1)
+- ctx->dma_buf = dma_map_single(dev, req_ctx->buf,
+- sizeof(req_ctx->buf),
+- DMA_TO_DEVICE);
+ return 0;
+ }
+
+@@ -1920,9 +1932,6 @@ static int ahash_init(struct ahash_reque
+ static int ahash_init_sha224_swinit(struct ahash_request *areq)
+ {
+ struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
+- struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
+- struct talitos_ctx *ctx = crypto_ahash_ctx(tfm);
+- struct device *dev = ctx->dev;
+
+ ahash_init(areq);
+ req_ctx->swinit = 1;/* prevent h/w initting context with sha256 values*/
+@@ -1940,9 +1949,6 @@ static int ahash_init_sha224_swinit(stru
+ req_ctx->hw_context[8] = 0;
+ req_ctx->hw_context[9] = 0;
+
+- dma_sync_single_for_device(dev, ctx->dma_hw_context,
+- req_ctx->hw_context_size, DMA_TO_DEVICE);
+-
+ return 0;
+ }
+
+@@ -2046,13 +2052,6 @@ static int ahash_process_req(struct ahas
+ /* request SEC to INIT hash. */
+ if (req_ctx->first && !req_ctx->swinit)
+ edesc->desc.hdr |= DESC_HDR_MODE0_MDEU_INIT;
+- if (is_sec1) {
+- dma_addr_t dma_buf = ctx->dma_buf + req_ctx->buf_idx *
+- HASH_MAX_BLOCK_SIZE;
+-
+- dma_sync_single_for_device(dev, dma_buf,
+- req_ctx->nbuf, DMA_TO_DEVICE);
+- }
+
+ /* When the tfm context has a keylen, it's an HMAC.
+ * A first or last (ie. not middle) descriptor must request HMAC.
+@@ -2106,12 +2105,7 @@ static int ahash_export(struct ahash_req
+ {
+ struct talitos_ahash_req_ctx *req_ctx = ahash_request_ctx(areq);
+ struct talitos_export_state *export = out;
+- struct crypto_ahash *ahash = crypto_ahash_reqtfm(areq);
+- struct talitos_ctx *ctx = crypto_ahash_ctx(ahash);
+- struct device *dev = ctx->dev;
+
+- dma_sync_single_for_cpu(dev, ctx->dma_hw_context,
+- req_ctx->hw_context_size, DMA_FROM_DEVICE);
+ memcpy(export->hw_context, req_ctx->hw_context,
+ req_ctx->hw_context_size);
+ memcpy(export->buf, req_ctx->buf[req_ctx->buf_idx], req_ctx->nbuf);
+@@ -2130,31 +2124,14 @@ static int ahash_import(struct ahash_req
+ struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq);
+ const struct talitos_export_state *export = in;
+ unsigned int size;
+- struct talitos_ctx *ctx = crypto_ahash_ctx(tfm);
+- struct device *dev = ctx->dev;
+- struct talitos_private *priv = dev_get_drvdata(dev);
+- bool is_sec1 = has_ftr_sec1(priv);
+
+ memset(req_ctx, 0, sizeof(*req_ctx));
+ size = (crypto_ahash_digestsize(tfm) <= SHA256_DIGEST_SIZE)
+ ? TALITOS_MDEU_CONTEXT_SIZE_MD5_SHA1_SHA256
+ : TALITOS_MDEU_CONTEXT_SIZE_SHA384_SHA512;
+ req_ctx->hw_context_size = size;
+- if (ctx->dma_hw_context)
+- dma_unmap_single(dev, ctx->dma_hw_context, size,
+- DMA_BIDIRECTIONAL);
+-
+ memcpy(req_ctx->hw_context, export->hw_context, size);
+- ctx->dma_hw_context = dma_map_single(dev, req_ctx->hw_context, size,
+- DMA_BIDIRECTIONAL);
+- if (ctx->dma_buf)
+- dma_unmap_single(dev, ctx->dma_buf, sizeof(req_ctx->buf),
+- DMA_TO_DEVICE);
+ memcpy(req_ctx->buf[0], export->buf, export->nbuf);
+- if (is_sec1)
+- ctx->dma_buf = dma_map_single(dev, req_ctx->buf,
+- sizeof(req_ctx->buf),
+- DMA_TO_DEVICE);
+ req_ctx->swinit = export->swinit;
+ req_ctx->first = export->first;
+ req_ctx->last = export->last;
+@@ -3064,27 +3041,6 @@ static void talitos_cra_exit(struct cryp
+ dma_unmap_single(dev, ctx->dma_key, ctx->keylen, DMA_TO_DEVICE);
+ }
+
+-static void talitos_cra_exit_ahash(struct crypto_tfm *tfm)
+-{
+- struct talitos_ctx *ctx = crypto_tfm_ctx(tfm);
+- struct device *dev = ctx->dev;
+- unsigned int size;
+-
+- talitos_cra_exit(tfm);
+-
+- size = (crypto_ahash_digestsize(__crypto_ahash_cast(tfm)) <=
+- SHA256_DIGEST_SIZE)
+- ? TALITOS_MDEU_CONTEXT_SIZE_MD5_SHA1_SHA256
+- : TALITOS_MDEU_CONTEXT_SIZE_SHA384_SHA512;
+-
+- if (ctx->dma_hw_context)
+- dma_unmap_single(dev, ctx->dma_hw_context, size,
+- DMA_BIDIRECTIONAL);
+- if (ctx->dma_buf)
+- dma_unmap_single(dev, ctx->dma_buf, HASH_MAX_BLOCK_SIZE * 2,
+- DMA_TO_DEVICE);
+-}
+-
+ /*
+ * given the alg's descriptor header template, determine whether descriptor
+ * type and primary/secondary execution units required match the hw
+@@ -3183,7 +3139,7 @@ static struct talitos_crypto_alg *talito
+ case CRYPTO_ALG_TYPE_AHASH:
+ alg = &t_alg->algt.alg.hash.halg.base;
+ alg->cra_init = talitos_cra_init_ahash;
+- alg->cra_exit = talitos_cra_exit_ahash;
++ alg->cra_exit = talitos_cra_exit;
+ alg->cra_type = &crypto_ahash_type;
+ t_alg->algt.alg.hash.init = ahash_init;
+ t_alg->algt.alg.hash.update = ahash_update;
--- /dev/null
+From 2b1227301a8e4729409694e323b72c064c47cb6b Mon Sep 17 00:00:00 2001
+From: LEROY Christophe <christophe.leroy@c-s.fr>
+Date: Thu, 22 Mar 2018 10:57:01 +0100
+Subject: crypto: talitos - fix IPsec cipher in length
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: LEROY Christophe <christophe.leroy@c-s.fr>
+
+commit 2b1227301a8e4729409694e323b72c064c47cb6b upstream.
+
+For SEC 2.x+, cipher in length must contain only the ciphertext length.
+In case of using hardware ICV checking, the ICV length is provided via
+the "extent" field of the descriptor pointer.
+
+Cc: <stable@vger.kernel.org> # 4.8+
+Fixes: 549bd8bc5987 ("crypto: talitos - Implement AEAD for SEC1 using HMAC_SNOOP_NO_AFEU")
+Reported-by: Horia Geantă <horia.geanta@nxp.com>
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Tested-by: Horia Geantă <horia.geanta@nxp.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 36 ++++++++++++++++++++----------------
+ 1 file changed, 20 insertions(+), 16 deletions(-)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -1128,10 +1128,10 @@ next:
+ return count;
+ }
+
+-static int talitos_sg_map(struct device *dev, struct scatterlist *src,
+- unsigned int len, struct talitos_edesc *edesc,
+- struct talitos_ptr *ptr,
+- int sg_count, unsigned int offset, int tbl_off)
++static int talitos_sg_map_ext(struct device *dev, struct scatterlist *src,
++ unsigned int len, struct talitos_edesc *edesc,
++ struct talitos_ptr *ptr, int sg_count,
++ unsigned int offset, int tbl_off, int elen)
+ {
+ struct talitos_private *priv = dev_get_drvdata(dev);
+ bool is_sec1 = has_ftr_sec1(priv);
+@@ -1140,6 +1140,7 @@ static int talitos_sg_map(struct device
+ to_talitos_ptr(ptr, 0, 0, is_sec1);
+ return 1;
+ }
++ to_talitos_ptr_ext_set(ptr, elen, is_sec1);
+ if (sg_count == 1) {
+ to_talitos_ptr(ptr, sg_dma_address(src) + offset, len, is_sec1);
+ return sg_count;
+@@ -1148,7 +1149,7 @@ static int talitos_sg_map(struct device
+ to_talitos_ptr(ptr, edesc->dma_link_tbl + offset, len, is_sec1);
+ return sg_count;
+ }
+- sg_count = sg_to_link_tbl_offset(src, sg_count, offset, len,
++ sg_count = sg_to_link_tbl_offset(src, sg_count, offset, len + elen,
+ &edesc->link_tbl[tbl_off]);
+ if (sg_count == 1) {
+ /* Only one segment now, so no link tbl needed*/
+@@ -1162,6 +1163,15 @@ static int talitos_sg_map(struct device
+ return sg_count;
+ }
+
++static int talitos_sg_map(struct device *dev, struct scatterlist *src,
++ unsigned int len, struct talitos_edesc *edesc,
++ struct talitos_ptr *ptr, int sg_count,
++ unsigned int offset, int tbl_off)
++{
++ return talitos_sg_map_ext(dev, src, len, edesc, ptr, sg_count, offset,
++ tbl_off, 0);
++}
++
+ /*
+ * fill in and submit ipsec_esp descriptor
+ */
+@@ -1179,7 +1189,7 @@ static int ipsec_esp(struct talitos_edes
+ unsigned int ivsize = crypto_aead_ivsize(aead);
+ int tbl_off = 0;
+ int sg_count, ret;
+- int sg_link_tbl_len;
++ int elen = 0;
+ bool sync_needed = false;
+ struct talitos_private *priv = dev_get_drvdata(dev);
+ bool is_sec1 = has_ftr_sec1(priv);
+@@ -1221,17 +1231,11 @@ static int ipsec_esp(struct talitos_edes
+ * extent is bytes of HMAC postpended to ciphertext,
+ * typically 12 for ipsec
+ */
+- sg_link_tbl_len = cryptlen;
+-
+- if (is_ipsec_esp) {
+- to_talitos_ptr_ext_set(&desc->ptr[4], authsize, is_sec1);
+-
+- if (desc->hdr & DESC_HDR_MODE1_MDEU_CICV)
+- sg_link_tbl_len += authsize;
+- }
++ if (is_ipsec_esp && (desc->hdr & DESC_HDR_MODE1_MDEU_CICV))
++ elen = authsize;
+
+- ret = talitos_sg_map(dev, areq->src, sg_link_tbl_len, edesc,
+- &desc->ptr[4], sg_count, areq->assoclen, tbl_off);
++ ret = talitos_sg_map_ext(dev, areq->src, cryptlen, edesc, &desc->ptr[4],
++ sg_count, areq->assoclen, tbl_off, elen);
+
+ if (ret > 1) {
+ tbl_off += ret;
--- /dev/null
+From 333e18c5cc74438f8940c7f3a8b3573748a371f9 Mon Sep 17 00:00:00 2001
+From: Conor McLoughlin <conor.mcloughlin@intel.com>
+Date: Tue, 13 Feb 2018 08:29:56 +0000
+Subject: crypto: testmgr - Fix incorrect values in PKCS#1 test vector
+
+From: Conor McLoughlin <conor.mcloughlin@intel.com>
+
+commit 333e18c5cc74438f8940c7f3a8b3573748a371f9 upstream.
+
+The RSA private key for the first form should have
+version, prime1, prime2, exponent1, exponent2, coefficient
+values 0.
+With non-zero values for prime1,2, exponent 1,2 and coefficient
+the Intel QAT driver will assume that values are provided for the
+private key second form. This will result in signature verification
+failures for modules where QAT device is present and the modules
+are signed with rsa,sha256.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
+Signed-off-by: Conor McLoughlin <conor.mcloughlin@intel.com>
+Reviewed-by: Stephan Mueller <smueller@chronox.de>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/testmgr.h | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/crypto/testmgr.h
++++ b/crypto/testmgr.h
+@@ -548,7 +548,7 @@ static const struct akcipher_testvec rsa
+ static const struct akcipher_testvec pkcs1pad_rsa_tv_template[] = {
+ {
+ .key =
+- "\x30\x82\x03\x1f\x02\x01\x10\x02\x82\x01\x01\x00\xd7\x1e\x77\x82"
++ "\x30\x82\x03\x1f\x02\x01\x00\x02\x82\x01\x01\x00\xd7\x1e\x77\x82"
+ "\x8c\x92\x31\xe7\x69\x02\xa2\xd5\x5c\x78\xde\xa2\x0c\x8f\xfe\x28"
+ "\x59\x31\xdf\x40\x9c\x60\x61\x06\xb9\x2f\x62\x40\x80\x76\xcb\x67"
+ "\x4a\xb5\x59\x56\x69\x17\x07\xfa\xf9\x4c\xbd\x6c\x37\x7a\x46\x7d"
+@@ -597,8 +597,8 @@ static const struct akcipher_testvec pkc
+ "\xfe\xf8\x27\x1b\xd6\x55\x60\x5e\x48\xb7\x6d\x9a\xa8\x37\xf9\x7a"
+ "\xde\x1b\xcd\x5d\x1a\x30\xd4\xe9\x9e\x5b\x3c\x15\xf8\x9c\x1f\xda"
+ "\xd1\x86\x48\x55\xce\x83\xee\x8e\x51\xc7\xde\x32\x12\x47\x7d\x46"
+- "\xb8\x35\xdf\x41\x02\x01\x30\x02\x01\x30\x02\x01\x30\x02\x01\x30"
+- "\x02\x01\x30",
++ "\xb8\x35\xdf\x41\x02\x01\x00\x02\x01\x00\x02\x01\x00\x02\x01\x00"
++ "\x02\x01\x00",
+ .key_len = 804,
+ /*
+ * m is SHA256 hash of following message:
--- /dev/null
+From 8f461b1e02ed546fbd0f11611138da67fd85a30f Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Mon, 19 Feb 2018 23:48:12 -0800
+Subject: crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 8f461b1e02ed546fbd0f11611138da67fd85a30f upstream.
+
+With ecb-cast5-avx, if a 128+ byte scatterlist element followed a
+shorter one, then the algorithm accidentally encrypted/decrypted only 8
+bytes instead of the expected 128 bytes. Fix it by setting the
+encryption/decryption 'fn' correctly.
+
+Fixes: c12ab20b162c ("crypto: cast5/avx - avoid using temporary stack buffers")
+Cc: <stable@vger.kernel.org> # v3.8+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/crypto/cast5_avx_glue.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/arch/x86/crypto/cast5_avx_glue.c
++++ b/arch/x86/crypto/cast5_avx_glue.c
+@@ -66,8 +66,6 @@ static int ecb_crypt(struct blkcipher_de
+ void (*fn)(struct cast5_ctx *ctx, u8 *dst, const u8 *src);
+ int err;
+
+- fn = (enc) ? cast5_ecb_enc_16way : cast5_ecb_dec_16way;
+-
+ err = blkcipher_walk_virt(desc, walk);
+ desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
+
+@@ -79,6 +77,7 @@ static int ecb_crypt(struct blkcipher_de
+
+ /* Process multi-block batch */
+ if (nbytes >= bsize * CAST5_PARALLEL_BLOCKS) {
++ fn = (enc) ? cast5_ecb_enc_16way : cast5_ecb_dec_16way;
+ do {
+ fn(ctx, wdst, wsrc);
+
--- /dev/null
+From b5b38200ebe54879a7264cb6f33821f61c586a7e Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Tue, 27 Mar 2018 14:06:14 -0700
+Subject: /dev/mem: Avoid overwriting "err" in read_mem()
+
+From: Kees Cook <keescook@chromium.org>
+
+commit b5b38200ebe54879a7264cb6f33821f61c586a7e upstream.
+
+Successes in probe_kernel_read() would mask failures in copy_to_user()
+during read_mem().
+
+Reported-by: Brad Spengler <spender@grsecurity.net>
+Fixes: 22ec1a2aea73 ("/dev/mem: Add bounce buffer for copy-out")
+Cc: stable@vger.kernel.org
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/mem.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/char/mem.c
++++ b/drivers/char/mem.c
+@@ -137,7 +137,7 @@ static ssize_t read_mem(struct file *fil
+
+ while (count > 0) {
+ unsigned long remaining;
+- int allowed;
++ int allowed, probe;
+
+ sz = size_inside_page(p, count);
+
+@@ -160,9 +160,9 @@ static ssize_t read_mem(struct file *fil
+ if (!ptr)
+ goto failed;
+
+- err = probe_kernel_read(bounce, ptr, sz);
++ probe = probe_kernel_read(bounce, ptr, sz);
+ unxlate_dev_mem_ptr(p, ptr);
+- if (err)
++ if (probe)
+ goto failed;
+
+ remaining = copy_to_user(buf, bounce, sz);
--- /dev/null
+From 50e7044535537b2a54c7ab798cd34c7f6d900bd2 Mon Sep 17 00:00:00 2001
+From: Oliver Neukum <oneukum@suse.com>
+Date: Mon, 8 Jan 2018 09:21:07 -0500
+Subject: media: usbtv: prevent double free in error case
+
+From: Oliver Neukum <oneukum@suse.com>
+
+commit 50e7044535537b2a54c7ab798cd34c7f6d900bd2 upstream.
+
+Quoting the original report:
+
+It looks like there is a double-free vulnerability in Linux usbtv driver
+on an error path of usbtv_probe function. When audio registration fails,
+usbtv_video_free function ends up freeing usbtv data structure, which
+gets freed the second time under usbtv_video_fail label.
+
+usbtv_audio_fail:
+
+ usbtv_video_free(usbtv); =>
+
+ v4l2_device_put(&usbtv->v4l2_dev);
+
+ => v4l2_device_put
+
+ => kref_put
+
+ => v4l2_device_release
+
+ => usbtv_release (CALLBACK)
+
+ => kfree(usbtv) (1st time)
+
+usbtv_video_fail:
+
+ usb_set_intfdata(intf, NULL);
+
+ usb_put_dev(usbtv->udev);
+
+ kfree(usbtv); (2nd time)
+
+So, as we have refcounting, use it
+
+Reported-by: Yavuz, Tuba <tuba@ece.ufl.edu>
+Signed-off-by: Oliver Neukum <oneukum@suse.com>
+CC: stable@vger.kernel.org
+Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/usb/usbtv/usbtv-core.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/media/usb/usbtv/usbtv-core.c
++++ b/drivers/media/usb/usbtv/usbtv-core.c
+@@ -112,6 +112,8 @@ static int usbtv_probe(struct usb_interf
+ return 0;
+
+ usbtv_audio_fail:
++ /* we must not free at this point */
++ usb_get_dev(usbtv->udev);
+ usbtv_video_free(usbtv);
+
+ usbtv_video_fail:
--- /dev/null
+From bb0829a741792b56c908d7745bc0b2b540293bcc Mon Sep 17 00:00:00 2001
+From: Colin Ian King <colin.king@canonical.com>
+Date: Tue, 27 Feb 2018 16:21:05 +0000
+Subject: mei: remove dev_err message on an unsupported ioctl
+
+From: Colin Ian King <colin.king@canonical.com>
+
+commit bb0829a741792b56c908d7745bc0b2b540293bcc upstream.
+
+Currently the driver spams the kernel log on unsupported ioctls which is
+unnecessary as the ioctl returns -ENOIOCTLCMD to indicate this anyway.
+I suspect this was originally for debugging purposes but it really is not
+required so remove it.
+
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/misc/mei/main.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/drivers/misc/mei/main.c
++++ b/drivers/misc/mei/main.c
+@@ -507,7 +507,6 @@ static long mei_ioctl(struct file *file,
+ break;
+
+ default:
+- dev_err(dev->dev, ": unsupported ioctl %d.\n", cmd);
+ rets = -ENOIOCTLCMD;
+ }
+
--- /dev/null
+From 823f7923833c6cc2b16e601546d607dcfb368004 Mon Sep 17 00:00:00 2001
+From: Alexander Gerasiov <gq@redlab-i.ru>
+Date: Sun, 4 Feb 2018 02:50:22 +0300
+Subject: parport_pc: Add support for WCH CH382L PCI-E single parallel port card.
+
+From: Alexander Gerasiov <gq@redlab-i.ru>
+
+commit 823f7923833c6cc2b16e601546d607dcfb368004 upstream.
+
+WCH CH382L is a PCI-E adapter with 1 parallel port. It is similair to CH382
+but serial ports are not soldered on board. Detected as
+Serial controller: Device 1c00:3050 (rev 10) (prog-if 05 [16850])
+
+Signed-off-by: Alexander Gerasiov <gq@redlab-i.ru>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/parport/parport_pc.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/parport/parport_pc.c
++++ b/drivers/parport/parport_pc.c
+@@ -2646,6 +2646,7 @@ enum parport_pc_pci_cards {
+ netmos_9901,
+ netmos_9865,
+ quatech_sppxp100,
++ wch_ch382l,
+ };
+
+
+@@ -2708,6 +2709,7 @@ static struct parport_pc_pci {
+ /* netmos_9901 */ { 1, { { 0, -1 }, } },
+ /* netmos_9865 */ { 1, { { 0, -1 }, } },
+ /* quatech_sppxp100 */ { 1, { { 0, 1 }, } },
++ /* wch_ch382l */ { 1, { { 2, -1 }, } },
+ };
+
+ static const struct pci_device_id parport_pc_pci_tbl[] = {
+@@ -2797,6 +2799,8 @@ static const struct pci_device_id parpor
+ /* Quatech SPPXP-100 Parallel port PCI ExpressCard */
+ { PCI_VENDOR_ID_QUATECH, PCI_DEVICE_ID_QUATECH_SPPXP_100,
+ PCI_ANY_ID, PCI_ANY_ID, 0, 0, quatech_sppxp100 },
++ /* WCH CH382L PCI-E single parallel port card */
++ { 0x1c00, 0x3050, 0x1c00, 0x3050, 0, 0, wch_ch382l },
+ { 0, } /* terminate list */
+ };
+ MODULE_DEVICE_TABLE(pci, parport_pc_pci_tbl);
--- /dev/null
+From f597fbce38d230af95384f4a04e0a13a1d0ad45d Mon Sep 17 00:00:00 2001
+From: Joel Stanley <joel@jms.id.au>
+Date: Mon, 5 Mar 2018 22:17:38 +1030
+Subject: serial: 8250: Add Nuvoton NPCM UART
+
+From: Joel Stanley <joel@jms.id.au>
+
+commit f597fbce38d230af95384f4a04e0a13a1d0ad45d upstream.
+
+The Nuvoton UART is almost compatible with the 8250 driver when probed
+via the 8250_of driver, however it requires some extra configuration
+at startup.
+
+Reviewed-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Joel Stanley <joel@jms.id.au>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ Documentation/devicetree/bindings/serial/8250.txt | 1
+ drivers/tty/serial/8250/8250_of.c | 1
+ drivers/tty/serial/8250/8250_port.c | 33 ++++++++++++++++++++++
+ include/uapi/linux/serial_core.h | 3 ++
+ 4 files changed, 38 insertions(+)
+
+--- a/Documentation/devicetree/bindings/serial/8250.txt
++++ b/Documentation/devicetree/bindings/serial/8250.txt
+@@ -24,6 +24,7 @@ Required properties:
+ - "ti,da830-uart"
+ - "aspeed,ast2400-vuart"
+ - "aspeed,ast2500-vuart"
++ - "nuvoton,npcm750-uart"
+ - "serial" if the port type is unknown.
+ - reg : offset and length of the register set for the device.
+ - interrupts : should contain uart interrupt.
+--- a/drivers/tty/serial/8250/8250_of.c
++++ b/drivers/tty/serial/8250/8250_of.c
+@@ -316,6 +316,7 @@ static const struct of_device_id of_plat
+ { .compatible = "mrvl,mmp-uart",
+ .data = (void *)PORT_XSCALE, },
+ { .compatible = "ti,da830-uart", .data = (void *)PORT_DA830, },
++ { .compatible = "nuvoton,npcm750-uart", .data = (void *)PORT_NPCM, },
+ { /* end of list */ },
+ };
+ MODULE_DEVICE_TABLE(of, of_platform_serial_table);
+--- a/drivers/tty/serial/8250/8250_port.c
++++ b/drivers/tty/serial/8250/8250_port.c
+@@ -47,6 +47,10 @@
+ #define UART_EXAR_SLEEP 0x8b /* Sleep mode */
+ #define UART_EXAR_DVID 0x8d /* Device identification */
+
++/* Nuvoton NPCM timeout register */
++#define UART_NPCM_TOR 7
++#define UART_NPCM_TOIE BIT(7) /* Timeout Interrupt Enable */
++
+ /*
+ * Debugging.
+ */
+@@ -293,6 +297,15 @@ static const struct serial8250_config ua
+ UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT,
+ .flags = UART_CAP_FIFO,
+ },
++ [PORT_NPCM] = {
++ .name = "Nuvoton 16550",
++ .fifo_size = 16,
++ .tx_loadsz = 16,
++ .fcr = UART_FCR_ENABLE_FIFO | UART_FCR_R_TRIG_10 |
++ UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT,
++ .rxtrig_bytes = {1, 4, 8, 14},
++ .flags = UART_CAP_FIFO,
++ },
+ };
+
+ /* Uart divisor latch read */
+@@ -2161,6 +2174,15 @@ int serial8250_do_startup(struct uart_po
+ UART_DA830_PWREMU_MGMT_FREE);
+ }
+
++ if (port->type == PORT_NPCM) {
++ /*
++ * Nuvoton calls the scratch register 'UART_TOR' (timeout
++ * register). Enable it, and set TIOC (timeout interrupt
++ * comparator) to be 0x20 for correct operation.
++ */
++ serial_port_out(port, UART_NPCM_TOR, UART_NPCM_TOIE | 0x20);
++ }
++
+ #ifdef CONFIG_SERIAL_8250_RSA
+ /*
+ * If this is an RSA port, see if we can kick it up to the
+@@ -2483,6 +2505,15 @@ static unsigned int xr17v35x_get_divisor
+ return quot_16 >> 4;
+ }
+
++/* Nuvoton NPCM UARTs have a custom divisor calculation */
++static unsigned int npcm_get_divisor(struct uart_8250_port *up,
++ unsigned int baud)
++{
++ struct uart_port *port = &up->port;
++
++ return DIV_ROUND_CLOSEST(port->uartclk, 16 * baud + 2) - 2;
++}
++
+ static unsigned int serial8250_get_divisor(struct uart_8250_port *up,
+ unsigned int baud,
+ unsigned int *frac)
+@@ -2503,6 +2534,8 @@ static unsigned int serial8250_get_divis
+ quot = 0x8002;
+ else if (up->port.type == PORT_XR17V35X)
+ quot = xr17v35x_get_divisor(up, baud, frac);
++ else if (up->port.type == PORT_NPCM)
++ quot = npcm_get_divisor(up, baud);
+ else
+ quot = uart_get_divisor(port, baud);
+
+--- a/include/uapi/linux/serial_core.h
++++ b/include/uapi/linux/serial_core.h
+@@ -76,6 +76,9 @@
+ #define PORT_SUNZILOG 38
+ #define PORT_SUNSAB 39
+
++/* Nuvoton UART */
++#define PORT_NPCM 40
++
+ /* Intel EG20 */
+ #define PORT_PCH_8LINE 44
+ #define PORT_PCH_2LINE 45
bluetooth-fix-missing-encryption-refresh-on-security-request.patch
drm-i915-dp-write-to-set_power-dpcd-to-enable-mst-hub.patch
bitmap-fix-memset-optimization-on-big-endian-systems.patch
+usb-serial-ftdi_sio-add-rt-systems-vx-8-cable.patch
+usb-serial-ftdi_sio-add-support-for-harman-firmwarehubemulator.patch
+usb-serial-cp210x-add-eldat-easywave-rx09-id.patch
+serial-8250-add-nuvoton-npcm-uart.patch
+mei-remove-dev_err-message-on-an-unsupported-ioctl.patch
+dev-mem-avoid-overwriting-err-in-read_mem.patch
+media-usbtv-prevent-double-free-in-error-case.patch
+parport_pc-add-support-for-wch-ch382l-pci-e-single-parallel-port-card.patch
+crypto-lrw-free-rctx-ext-with-kzfree.patch
+crypto-talitos-don-t-persistently-map-req_ctx-hw_context-and-req_ctx-buf.patch
+crypto-inside-secure-fix-clock-management.patch
+crypto-testmgr-fix-incorrect-values-in-pkcs-1-test-vector.patch
+crypto-talitos-fix-ipsec-cipher-in-length.patch
+crypto-ahash-fix-early-termination-in-hash-walk.patch
+crypto-caam-fix-null-dereference-at-error-path.patch
+crypto-ccp-return-an-actual-key-size-from-rsa-max_size-callback.patch
+crypto-arm-arm64-fix-random-regeneration-of-s_shipped.patch
+crypto-x86-cast5-avx-fix-ecb-encryption-when-long-sg-follows-short-one.patch
--- /dev/null
+From 1f1e82f74c0947e40144688c9e36abe4b3999f49 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Tue, 6 Mar 2018 09:32:43 +0100
+Subject: USB: serial: cp210x: add ELDAT Easywave RX09 id
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 1f1e82f74c0947e40144688c9e36abe4b3999f49 upstream.
+
+Add device id for ELDAT Easywave RX09 tranceiver.
+
+Reported-by: Jan Jansen <nattelip@hotmail.com>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/cp210x.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/usb/serial/cp210x.c
++++ b/drivers/usb/serial/cp210x.c
+@@ -155,6 +155,7 @@ static const struct usb_device_id id_tab
+ { USB_DEVICE(0x12B8, 0xEC62) }, /* Link G4+ ECU */
+ { USB_DEVICE(0x13AD, 0x9999) }, /* Baltech card reader */
+ { USB_DEVICE(0x1555, 0x0004) }, /* Owen AC4 USB-RS485 Converter */
++ { USB_DEVICE(0x155A, 0x1006) }, /* ELDAT Easywave RX09 */
+ { USB_DEVICE(0x166A, 0x0201) }, /* Clipsal 5500PACA C-Bus Pascal Automation Controller */
+ { USB_DEVICE(0x166A, 0x0301) }, /* Clipsal 5800PC C-Bus Wireless PC Interface */
+ { USB_DEVICE(0x166A, 0x0303) }, /* Clipsal 5500PCU C-Bus USB interface */
--- /dev/null
+From 9608e5c0f079390473b484ef92334dfd3431bb89 Mon Sep 17 00:00:00 2001
+From: Major Hayden <major@mhtx.net>
+Date: Fri, 23 Feb 2018 14:29:54 -0600
+Subject: USB: serial: ftdi_sio: add RT Systems VX-8 cable
+
+From: Major Hayden <major@mhtx.net>
+
+commit 9608e5c0f079390473b484ef92334dfd3431bb89 upstream.
+
+This patch adds a device ID for the RT Systems cable used to
+program Yaesu VX-8R/VX-8DR handheld radios. It uses the main
+FTDI VID instead of the common RT Systems VID.
+
+Signed-off-by: Major Hayden <major@mhtx.net>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/ftdi_sio.c | 1 +
+ drivers/usb/serial/ftdi_sio_ids.h | 3 +++
+ 2 files changed, 4 insertions(+)
+
+--- a/drivers/usb/serial/ftdi_sio.c
++++ b/drivers/usb/serial/ftdi_sio.c
+@@ -769,6 +769,7 @@ static const struct usb_device_id id_tab
+ .driver_info = (kernel_ulong_t)&ftdi_NDI_device_quirk },
+ { USB_DEVICE(TELLDUS_VID, TELLDUS_TELLSTICK_PID) },
+ { USB_DEVICE(NOVITUS_VID, NOVITUS_BONO_E_PID) },
++ { USB_DEVICE(FTDI_VID, RTSYSTEMS_USB_VX8_PID) },
+ { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_S03_PID) },
+ { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_59_PID) },
+ { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_57A_PID) },
+--- a/drivers/usb/serial/ftdi_sio_ids.h
++++ b/drivers/usb/serial/ftdi_sio_ids.h
+@@ -923,6 +923,9 @@
+ /*
+ * RT Systems programming cables for various ham radios
+ */
++/* This device uses the VID of FTDI */
++#define RTSYSTEMS_USB_VX8_PID 0x9e50 /* USB-VX8 USB to 7 pin modular plug for Yaesu VX-8 radio */
++
+ #define RTSYSTEMS_VID 0x2100 /* Vendor ID */
+ #define RTSYSTEMS_USB_S03_PID 0x9001 /* RTS-03 USB to Serial Adapter */
+ #define RTSYSTEMS_USB_59_PID 0x9e50 /* USB-59 USB to 8 pin plug */
--- /dev/null
+From 6555ad13a01952c16485c82a52ad1f3e07e34b3a Mon Sep 17 00:00:00 2001
+From: Clemens Werther <clemens.werther@gmail.com>
+Date: Fri, 16 Mar 2018 10:20:46 +0100
+Subject: USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator
+
+From: Clemens Werther <clemens.werther@gmail.com>
+
+commit 6555ad13a01952c16485c82a52ad1f3e07e34b3a upstream.
+
+Add device id for Harman FirmwareHubEmulator to make the device
+auto-detectable by the driver.
+
+Signed-off-by: Clemens Werther <clemens.werther@gmail.com>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/ftdi_sio.c | 1 +
+ drivers/usb/serial/ftdi_sio_ids.h | 6 ++++++
+ 2 files changed, 7 insertions(+)
+
+--- a/drivers/usb/serial/ftdi_sio.c
++++ b/drivers/usb/serial/ftdi_sio.c
+@@ -932,6 +932,7 @@ static const struct usb_device_id id_tab
+ { USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_LS_LOGBOOK_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_HS_LOGBOOK_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_CINTERION_MC55I_PID) },
++ { USB_DEVICE(FTDI_VID, FTDI_FHE_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_DOTEC_PID) },
+ { USB_DEVICE(QIHARDWARE_VID, MILKYMISTONE_JTAGSERIAL_PID),
+ .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
+--- a/drivers/usb/serial/ftdi_sio_ids.h
++++ b/drivers/usb/serial/ftdi_sio_ids.h
+@@ -1445,6 +1445,12 @@
+ #define FTDI_CINTERION_MC55I_PID 0xA951
+
+ /*
++ * Product: FirmwareHubEmulator
++ * Manufacturer: Harman Becker Automotive Systems
++ */
++#define FTDI_FHE_PID 0xA9A0
++
++/*
+ * Product: Comet Caller ID decoder
+ * Manufacturer: Crucible Technologies
+ */
projects / thirdparty / kernel / stable-queue.git / commitdiff
