From: Greg Kroah-Hartman Date: Thu, 5 Apr 2018 19:59:22 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v3.18.103~17 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=08f2b9b8cbe78cab1b8ab54212e725d8b765f538;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: crypto-ahash-fix-early-termination-in-hash-walk.patch crypto-arm-arm64-fix-random-regeneration-of-s_shipped.patch crypto-caam-fix-null-dereference-at-error-path.patch crypto-ccp-return-an-actual-key-size-from-rsa-max_size-callback.patch crypto-inside-secure-fix-clock-management.patch crypto-lrw-free-rctx-ext-with-kzfree.patch crypto-testmgr-fix-incorrect-values-in-pkcs-1-test-vector.patch crypto-x86-cast5-avx-fix-ecb-encryption-when-long-sg-follows-short-one.patch dev-mem-avoid-overwriting-err-in-read_mem.patch media-usbtv-prevent-double-free-in-error-case.patch mei-remove-dev_err-message-on-an-unsupported-ioctl.patch parport_pc-add-support-for-wch-ch382l-pci-e-single-parallel-port-card.patch serial-8250-add-nuvoton-npcm-uart.patch usb-serial-cp210x-add-eldat-easywave-rx09-id.patch usb-serial-ftdi_sio-add-rt-systems-vx-8-cable.patch usb-serial-ftdi_sio-add-support-for-harman-firmwarehubemulator.patch --- diff --git a/queue-4.14/crypto-ahash-fix-early-termination-in-hash-walk.patch b/queue-4.14/crypto-ahash-fix-early-termination-in-hash-walk.patch new file mode 100644 index 00000000000..0032a25b4af --- /dev/null +++ b/queue-4.14/crypto-ahash-fix-early-termination-in-hash-walk.patch @@ -0,0 +1,44 @@ +From 900a081f6912a8985dc15380ec912752cb66025a Mon Sep 17 00:00:00 2001 +From: Herbert Xu +Date: Mon, 26 Mar 2018 08:53:25 +0800 +Subject: crypto: ahash - Fix early termination in hash walk + +From: Herbert Xu + +commit 900a081f6912a8985dc15380ec912752cb66025a upstream. + +When we have an unaligned SG list entry where there is no leftover +aligned data, the hash walk code will incorrectly return zero as if +the entire SG list has been processed. + +This patch fixes it by moving onto the next page instead. + +Reported-by: Eli Cooper +Cc: +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/ahash.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/crypto/ahash.c ++++ b/crypto/ahash.c +@@ -92,13 +92,14 @@ int crypto_hash_walk_done(struct crypto_ + + if (nbytes && walk->offset & alignmask && !err) { + walk->offset = ALIGN(walk->offset, alignmask + 1); +- walk->data += walk->offset; +- + nbytes = min(nbytes, + ((unsigned int)(PAGE_SIZE)) - walk->offset); + walk->entrylen -= nbytes; + +- return nbytes; ++ if (nbytes) { ++ walk->data += walk->offset; ++ return nbytes; ++ } + } + + if (walk->flags & CRYPTO_ALG_ASYNC) diff --git a/queue-4.14/crypto-arm-arm64-fix-random-regeneration-of-s_shipped.patch b/queue-4.14/crypto-arm-arm64-fix-random-regeneration-of-s_shipped.patch new file mode 100644 index 00000000000..56030a50a0f --- /dev/null +++ b/queue-4.14/crypto-arm-arm64-fix-random-regeneration-of-s_shipped.patch @@ -0,0 +1,69 @@ +From 6aaf49b495b446ff6eec0ac983f781ca0dc56a73 Mon Sep 17 00:00:00 2001 +From: Leonard Crestez +Date: Tue, 13 Mar 2018 22:17:23 +0200 +Subject: crypto: arm,arm64 - Fix random regeneration of S_shipped + +From: Leonard Crestez + +commit 6aaf49b495b446ff6eec0ac983f781ca0dc56a73 upstream. + +The decision to rebuild .S_shipped is made based on the relative +timestamps of .S_shipped and .pl files but git makes this essentially +random. This means that the perl script might run anyway (usually at +most once per checkout), defeating the whole purpose of _shipped. + +Fix by skipping the rule unless explicit make variables are provided: +REGENERATE_ARM_CRYPTO or REGENERATE_ARM64_CRYPTO. + +This can produce nasty occasional build failures downstream, for example +for toolchains with broken perl. The solution is minimally intrusive to +make it easier to push into stable. + +Another report on a similar issue here: https://lkml.org/lkml/2018/3/8/1379 + +Signed-off-by: Leonard Crestez +Cc: +Reviewed-by: Masahiro Yamada +Acked-by: Ard Biesheuvel +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/crypto/Makefile | 2 ++ + arch/arm64/crypto/Makefile | 2 ++ + 2 files changed, 4 insertions(+) + +--- a/arch/arm/crypto/Makefile ++++ b/arch/arm/crypto/Makefile +@@ -54,6 +54,7 @@ crct10dif-arm-ce-y := crct10dif-ce-core. + crc32-arm-ce-y:= crc32-ce-core.o crc32-ce-glue.o + chacha20-neon-y := chacha20-neon-core.o chacha20-neon-glue.o + ++ifdef REGENERATE_ARM_CRYPTO + quiet_cmd_perl = PERL $@ + cmd_perl = $(PERL) $(<) > $(@) + +@@ -62,5 +63,6 @@ $(src)/sha256-core.S_shipped: $(src)/sha + + $(src)/sha512-core.S_shipped: $(src)/sha512-armv4.pl + $(call cmd,perl) ++endif + + .PRECIOUS: $(obj)/sha256-core.S $(obj)/sha512-core.S +--- a/arch/arm64/crypto/Makefile ++++ b/arch/arm64/crypto/Makefile +@@ -58,6 +58,7 @@ CFLAGS_aes-glue-ce.o := -DUSE_V8_CRYPTO_ + $(obj)/aes-glue-%.o: $(src)/aes-glue.c FORCE + $(call if_changed_rule,cc_o_c) + ++ifdef REGENERATE_ARM64_CRYPTO + quiet_cmd_perlasm = PERLASM $@ + cmd_perlasm = $(PERL) $(<) void $(@) + +@@ -66,5 +67,6 @@ $(src)/sha256-core.S_shipped: $(src)/sha + + $(src)/sha512-core.S_shipped: $(src)/sha512-armv8.pl + $(call cmd,perlasm) ++endif + + .PRECIOUS: $(obj)/sha256-core.S $(obj)/sha512-core.S diff --git a/queue-4.14/crypto-caam-fix-null-dereference-at-error-path.patch b/queue-4.14/crypto-caam-fix-null-dereference-at-error-path.patch new file mode 100644 index 00000000000..b773f5e2f26 --- /dev/null +++ b/queue-4.14/crypto-caam-fix-null-dereference-at-error-path.patch @@ -0,0 +1,48 @@ +From b85149f6f5d5a9279f29a73b2e95342f4d465e73 Mon Sep 17 00:00:00 2001 +From: Rui Miguel Silva +Date: Thu, 22 Feb 2018 14:22:47 +0000 +Subject: crypto: caam - Fix null dereference at error path +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Rui Miguel Silva + +commit b85149f6f5d5a9279f29a73b2e95342f4d465e73 upstream. + +caam_remove already removes the debugfs entry, so we need to remove the one +immediately before calling caam_remove. + +This fix a NULL dereference at error paths is caam_probe fail. + +Fixes: 67c2315def06 ("crypto: caam - add Queue Interface (QI) backend support") + +Tested-by: Ryan Harkin +Cc: "Horia Geantă" +Cc: Aymen Sghaier +Cc: Fabio Estevam +Cc: Peng Fan +Cc: "David S. Miller" +Cc: Lukas Auer +Cc: # 4.12+ +Reviewed-by: Horia Geantă +Signed-off-by: Rui Miguel Silva +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/caam/ctrl.c | 3 --- + 1 file changed, 3 deletions(-) + +--- a/drivers/crypto/caam/ctrl.c ++++ b/drivers/crypto/caam/ctrl.c +@@ -813,9 +813,6 @@ static int caam_probe(struct platform_de + return 0; + + caam_remove: +-#ifdef CONFIG_DEBUG_FS +- debugfs_remove_recursive(ctrlpriv->dfs_root); +-#endif + caam_remove(pdev); + return ret; + diff --git a/queue-4.14/crypto-ccp-return-an-actual-key-size-from-rsa-max_size-callback.patch b/queue-4.14/crypto-ccp-return-an-actual-key-size-from-rsa-max_size-callback.patch new file mode 100644 index 00000000000..f6792853705 --- /dev/null +++ b/queue-4.14/crypto-ccp-return-an-actual-key-size-from-rsa-max_size-callback.patch @@ -0,0 +1,52 @@ +From 0a9eb80e643064266868bd2fb2cd608e669309b0 Mon Sep 17 00:00:00 2001 +From: "Maciej S. Szmigiero" +Date: Sat, 24 Feb 2018 17:03:21 +0100 +Subject: crypto: ccp - return an actual key size from RSA max_size callback + +From: Maciej S. Szmigiero + +commit 0a9eb80e643064266868bd2fb2cd608e669309b0 upstream. + +rsa-pkcs1pad uses a value returned from a RSA implementation max_size +callback as a size of an input buffer passed to the RSA implementation for +encrypt and sign operations. + +CCP RSA implementation uses a hardware input buffer which size depends only +on the current RSA key length, so it should return this key length in +the max_size callback, too. +This also matches what the kernel software RSA implementation does. + +Previously, the value returned from this callback was always the maximum +RSA key size the CCP hardware supports. +This resulted in this huge buffer being passed by rsa-pkcs1pad to CCP even +for smaller key sizes and then in a buffer overflow when ccp_run_rsa_cmd() +tried to copy this large input buffer into a RSA key length-sized hardware +input buffer. + +Signed-off-by: Maciej S. Szmigiero +Fixes: ceeec0afd684 ("crypto: ccp - Add support for RSA on the CCP") +Cc: stable@vger.kernel.org +Acked-by: Gary R Hook +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/ccp/ccp-crypto-rsa.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +--- a/drivers/crypto/ccp/ccp-crypto-rsa.c ++++ b/drivers/crypto/ccp/ccp-crypto-rsa.c +@@ -60,10 +60,9 @@ static int ccp_rsa_complete(struct crypt + + static unsigned int ccp_rsa_maxsize(struct crypto_akcipher *tfm) + { +- if (ccp_version() > CCP_VERSION(3, 0)) +- return CCP5_RSA_MAXMOD; +- else +- return CCP_RSA_MAXMOD; ++ struct ccp_ctx *ctx = akcipher_tfm_ctx(tfm); ++ ++ return ctx->u.rsa.n_len; + } + + static int ccp_rsa_crypt(struct akcipher_request *req, bool encrypt) diff --git a/queue-4.14/crypto-inside-secure-fix-clock-management.patch b/queue-4.14/crypto-inside-secure-fix-clock-management.patch new file mode 100644 index 00000000000..e6b5129b01a --- /dev/null +++ b/queue-4.14/crypto-inside-secure-fix-clock-management.patch @@ -0,0 +1,37 @@ +From f962eb46e7a9b98a58d2483f5eb216e738fec732 Mon Sep 17 00:00:00 2001 +From: Gregory CLEMENT +Date: Tue, 13 Mar 2018 17:48:40 +0100 +Subject: crypto: inside-secure - fix clock management + +From: Gregory CLEMENT + +commit f962eb46e7a9b98a58d2483f5eb216e738fec732 upstream. + +In this driver the clock is got but never put when the driver is removed +or if there is an error in the probe. + +Using the managed version of clk_get() allows to let the kernel take care +of it. + +Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto +engine driver") +cc: stable@vger.kernel.org +Signed-off-by: Gregory CLEMENT +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/inside-secure/safexcel.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/crypto/inside-secure/safexcel.c ++++ b/drivers/crypto/inside-secure/safexcel.c +@@ -789,7 +789,7 @@ static int safexcel_probe(struct platfor + return PTR_ERR(priv->base); + } + +- priv->clk = of_clk_get(dev->of_node, 0); ++ priv->clk = devm_clk_get(&pdev->dev, NULL); + if (!IS_ERR(priv->clk)) { + ret = clk_prepare_enable(priv->clk); + if (ret) { diff --git a/queue-4.14/crypto-lrw-free-rctx-ext-with-kzfree.patch b/queue-4.14/crypto-lrw-free-rctx-ext-with-kzfree.patch new file mode 100644 index 00000000000..3d3d76f3076 --- /dev/null +++ b/queue-4.14/crypto-lrw-free-rctx-ext-with-kzfree.patch @@ -0,0 +1,33 @@ +From 8c9bdab21289c211ca1ca6a5f9b7537b4a600a02 Mon Sep 17 00:00:00 2001 +From: Herbert Xu +Date: Fri, 23 Mar 2018 08:14:44 +0800 +Subject: crypto: lrw - Free rctx->ext with kzfree + +From: Herbert Xu + +commit 8c9bdab21289c211ca1ca6a5f9b7537b4a600a02 upstream. + +The buffer rctx->ext contains potentially sensitive data and should +be freed with kzfree. + +Cc: +Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher") +Reported-by: Dan Carpenter +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/lrw.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/crypto/lrw.c ++++ b/crypto/lrw.c +@@ -313,7 +313,7 @@ static void exit_crypt(struct skcipher_r + rctx->left = 0; + + if (rctx->ext) +- kfree(rctx->ext); ++ kzfree(rctx->ext); + } + + static int do_encrypt(struct skcipher_request *req, int err) diff --git a/queue-4.14/crypto-testmgr-fix-incorrect-values-in-pkcs-1-test-vector.patch b/queue-4.14/crypto-testmgr-fix-incorrect-values-in-pkcs-1-test-vector.patch new file mode 100644 index 00000000000..65b561b2520 --- /dev/null +++ b/queue-4.14/crypto-testmgr-fix-incorrect-values-in-pkcs-1-test-vector.patch @@ -0,0 +1,51 @@ +From 333e18c5cc74438f8940c7f3a8b3573748a371f9 Mon Sep 17 00:00:00 2001 +From: Conor McLoughlin +Date: Tue, 13 Feb 2018 08:29:56 +0000 +Subject: crypto: testmgr - Fix incorrect values in PKCS#1 test vector + +From: Conor McLoughlin + +commit 333e18c5cc74438f8940c7f3a8b3573748a371f9 upstream. + +The RSA private key for the first form should have +version, prime1, prime2, exponent1, exponent2, coefficient +values 0. +With non-zero values for prime1,2, exponent 1,2 and coefficient +the Intel QAT driver will assume that values are provided for the +private key second form. This will result in signature verification +failures for modules where QAT device is present and the modules +are signed with rsa,sha256. + +Cc: +Signed-off-by: Giovanni Cabiddu +Signed-off-by: Conor McLoughlin +Reviewed-by: Stephan Mueller +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/testmgr.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/crypto/testmgr.h ++++ b/crypto/testmgr.h +@@ -548,7 +548,7 @@ static const struct akcipher_testvec rsa + static const struct akcipher_testvec pkcs1pad_rsa_tv_template[] = { + { + .key = +- "\x30\x82\x03\x1f\x02\x01\x10\x02\x82\x01\x01\x00\xd7\x1e\x77\x82" ++ "\x30\x82\x03\x1f\x02\x01\x00\x02\x82\x01\x01\x00\xd7\x1e\x77\x82" + "\x8c\x92\x31\xe7\x69\x02\xa2\xd5\x5c\x78\xde\xa2\x0c\x8f\xfe\x28" + "\x59\x31\xdf\x40\x9c\x60\x61\x06\xb9\x2f\x62\x40\x80\x76\xcb\x67" + "\x4a\xb5\x59\x56\x69\x17\x07\xfa\xf9\x4c\xbd\x6c\x37\x7a\x46\x7d" +@@ -597,8 +597,8 @@ static const struct akcipher_testvec pkc + "\xfe\xf8\x27\x1b\xd6\x55\x60\x5e\x48\xb7\x6d\x9a\xa8\x37\xf9\x7a" + "\xde\x1b\xcd\x5d\x1a\x30\xd4\xe9\x9e\x5b\x3c\x15\xf8\x9c\x1f\xda" + "\xd1\x86\x48\x55\xce\x83\xee\x8e\x51\xc7\xde\x32\x12\x47\x7d\x46" +- "\xb8\x35\xdf\x41\x02\x01\x30\x02\x01\x30\x02\x01\x30\x02\x01\x30" +- "\x02\x01\x30", ++ "\xb8\x35\xdf\x41\x02\x01\x00\x02\x01\x00\x02\x01\x00\x02\x01\x00" ++ "\x02\x01\x00", + .key_len = 804, + /* + * m is SHA256 hash of following message: diff --git a/queue-4.14/crypto-x86-cast5-avx-fix-ecb-encryption-when-long-sg-follows-short-one.patch b/queue-4.14/crypto-x86-cast5-avx-fix-ecb-encryption-when-long-sg-follows-short-one.patch new file mode 100644 index 00000000000..3f433205e9f --- /dev/null +++ b/queue-4.14/crypto-x86-cast5-avx-fix-ecb-encryption-when-long-sg-follows-short-one.patch @@ -0,0 +1,43 @@ +From 8f461b1e02ed546fbd0f11611138da67fd85a30f Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Mon, 19 Feb 2018 23:48:12 -0800 +Subject: crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one + +From: Eric Biggers + +commit 8f461b1e02ed546fbd0f11611138da67fd85a30f upstream. + +With ecb-cast5-avx, if a 128+ byte scatterlist element followed a +shorter one, then the algorithm accidentally encrypted/decrypted only 8 +bytes instead of the expected 128 bytes. Fix it by setting the +encryption/decryption 'fn' correctly. + +Fixes: c12ab20b162c ("crypto: cast5/avx - avoid using temporary stack buffers") +Cc: # v3.8+ +Signed-off-by: Eric Biggers +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/crypto/cast5_avx_glue.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/arch/x86/crypto/cast5_avx_glue.c ++++ b/arch/x86/crypto/cast5_avx_glue.c +@@ -66,8 +66,6 @@ static int ecb_crypt(struct blkcipher_de + void (*fn)(struct cast5_ctx *ctx, u8 *dst, const u8 *src); + int err; + +- fn = (enc) ? cast5_ecb_enc_16way : cast5_ecb_dec_16way; +- + err = blkcipher_walk_virt(desc, walk); + desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP; + +@@ -79,6 +77,7 @@ static int ecb_crypt(struct blkcipher_de + + /* Process multi-block batch */ + if (nbytes >= bsize * CAST5_PARALLEL_BLOCKS) { ++ fn = (enc) ? cast5_ecb_enc_16way : cast5_ecb_dec_16way; + do { + fn(ctx, wdst, wsrc); + diff --git a/queue-4.14/dev-mem-avoid-overwriting-err-in-read_mem.patch b/queue-4.14/dev-mem-avoid-overwriting-err-in-read_mem.patch new file mode 100644 index 00000000000..108139be843 --- /dev/null +++ b/queue-4.14/dev-mem-avoid-overwriting-err-in-read_mem.patch @@ -0,0 +1,45 @@ +From b5b38200ebe54879a7264cb6f33821f61c586a7e Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Tue, 27 Mar 2018 14:06:14 -0700 +Subject: /dev/mem: Avoid overwriting "err" in read_mem() + +From: Kees Cook + +commit b5b38200ebe54879a7264cb6f33821f61c586a7e upstream. + +Successes in probe_kernel_read() would mask failures in copy_to_user() +during read_mem(). + +Reported-by: Brad Spengler +Fixes: 22ec1a2aea73 ("/dev/mem: Add bounce buffer for copy-out") +Cc: stable@vger.kernel.org +Signed-off-by: Kees Cook +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/mem.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/char/mem.c ++++ b/drivers/char/mem.c +@@ -137,7 +137,7 @@ static ssize_t read_mem(struct file *fil + + while (count > 0) { + unsigned long remaining; +- int allowed; ++ int allowed, probe; + + sz = size_inside_page(p, count); + +@@ -160,9 +160,9 @@ static ssize_t read_mem(struct file *fil + if (!ptr) + goto failed; + +- err = probe_kernel_read(bounce, ptr, sz); ++ probe = probe_kernel_read(bounce, ptr, sz); + unxlate_dev_mem_ptr(p, ptr); +- if (err) ++ if (probe) + goto failed; + + remaining = copy_to_user(buf, bounce, sz); diff --git a/queue-4.14/media-usbtv-prevent-double-free-in-error-case.patch b/queue-4.14/media-usbtv-prevent-double-free-in-error-case.patch new file mode 100644 index 00000000000..da65d708d48 --- /dev/null +++ b/queue-4.14/media-usbtv-prevent-double-free-in-error-case.patch @@ -0,0 +1,64 @@ +From 50e7044535537b2a54c7ab798cd34c7f6d900bd2 Mon Sep 17 00:00:00 2001 +From: Oliver Neukum +Date: Mon, 8 Jan 2018 09:21:07 -0500 +Subject: media: usbtv: prevent double free in error case + +From: Oliver Neukum + +commit 50e7044535537b2a54c7ab798cd34c7f6d900bd2 upstream. + +Quoting the original report: + +It looks like there is a double-free vulnerability in Linux usbtv driver +on an error path of usbtv_probe function. When audio registration fails, +usbtv_video_free function ends up freeing usbtv data structure, which +gets freed the second time under usbtv_video_fail label. + +usbtv_audio_fail: + + usbtv_video_free(usbtv); => + + v4l2_device_put(&usbtv->v4l2_dev); + + => v4l2_device_put + + => kref_put + + => v4l2_device_release + + => usbtv_release (CALLBACK) + + => kfree(usbtv) (1st time) + +usbtv_video_fail: + + usb_set_intfdata(intf, NULL); + + usb_put_dev(usbtv->udev); + + kfree(usbtv); (2nd time) + +So, as we have refcounting, use it + +Reported-by: Yavuz, Tuba +Signed-off-by: Oliver Neukum +CC: stable@vger.kernel.org +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/media/usb/usbtv/usbtv-core.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/media/usb/usbtv/usbtv-core.c ++++ b/drivers/media/usb/usbtv/usbtv-core.c +@@ -112,6 +112,8 @@ static int usbtv_probe(struct usb_interf + return 0; + + usbtv_audio_fail: ++ /* we must not free at this point */ ++ usb_get_dev(usbtv->udev); + usbtv_video_free(usbtv); + + usbtv_video_fail: diff --git a/queue-4.14/mei-remove-dev_err-message-on-an-unsupported-ioctl.patch b/queue-4.14/mei-remove-dev_err-message-on-an-unsupported-ioctl.patch new file mode 100644 index 00000000000..a47d80458bd --- /dev/null +++ b/queue-4.14/mei-remove-dev_err-message-on-an-unsupported-ioctl.patch @@ -0,0 +1,32 @@ +From bb0829a741792b56c908d7745bc0b2b540293bcc Mon Sep 17 00:00:00 2001 +From: Colin Ian King +Date: Tue, 27 Feb 2018 16:21:05 +0000 +Subject: mei: remove dev_err message on an unsupported ioctl + +From: Colin Ian King + +commit bb0829a741792b56c908d7745bc0b2b540293bcc upstream. + +Currently the driver spams the kernel log on unsupported ioctls which is +unnecessary as the ioctl returns -ENOIOCTLCMD to indicate this anyway. +I suspect this was originally for debugging purposes but it really is not +required so remove it. + +Signed-off-by: Colin Ian King +Cc: stable +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/misc/mei/main.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/misc/mei/main.c ++++ b/drivers/misc/mei/main.c +@@ -507,7 +507,6 @@ static long mei_ioctl(struct file *file, + break; + + default: +- dev_err(dev->dev, ": unsupported ioctl %d.\n", cmd); + rets = -ENOIOCTLCMD; + } + diff --git a/queue-4.14/parport_pc-add-support-for-wch-ch382l-pci-e-single-parallel-port-card.patch b/queue-4.14/parport_pc-add-support-for-wch-ch382l-pci-e-single-parallel-port-card.patch new file mode 100644 index 00000000000..e15bc480c76 --- /dev/null +++ b/queue-4.14/parport_pc-add-support-for-wch-ch382l-pci-e-single-parallel-port-card.patch @@ -0,0 +1,48 @@ +From 823f7923833c6cc2b16e601546d607dcfb368004 Mon Sep 17 00:00:00 2001 +From: Alexander Gerasiov +Date: Sun, 4 Feb 2018 02:50:22 +0300 +Subject: parport_pc: Add support for WCH CH382L PCI-E single parallel port card. + +From: Alexander Gerasiov + +commit 823f7923833c6cc2b16e601546d607dcfb368004 upstream. + +WCH CH382L is a PCI-E adapter with 1 parallel port. It is similair to CH382 +but serial ports are not soldered on board. Detected as +Serial controller: Device 1c00:3050 (rev 10) (prog-if 05 [16850]) + +Signed-off-by: Alexander Gerasiov +Cc: stable +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/parport/parport_pc.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/parport/parport_pc.c ++++ b/drivers/parport/parport_pc.c +@@ -2646,6 +2646,7 @@ enum parport_pc_pci_cards { + netmos_9901, + netmos_9865, + quatech_sppxp100, ++ wch_ch382l, + }; + + +@@ -2708,6 +2709,7 @@ static struct parport_pc_pci { + /* netmos_9901 */ { 1, { { 0, -1 }, } }, + /* netmos_9865 */ { 1, { { 0, -1 }, } }, + /* quatech_sppxp100 */ { 1, { { 0, 1 }, } }, ++ /* wch_ch382l */ { 1, { { 2, -1 }, } }, + }; + + static const struct pci_device_id parport_pc_pci_tbl[] = { +@@ -2797,6 +2799,8 @@ static const struct pci_device_id parpor + /* Quatech SPPXP-100 Parallel port PCI ExpressCard */ + { PCI_VENDOR_ID_QUATECH, PCI_DEVICE_ID_QUATECH_SPPXP_100, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, quatech_sppxp100 }, ++ /* WCH CH382L PCI-E single parallel port card */ ++ { 0x1c00, 0x3050, 0x1c00, 0x3050, 0, 0, wch_ch382l }, + { 0, } /* terminate list */ + }; + MODULE_DEVICE_TABLE(pci, parport_pc_pci_tbl); diff --git a/queue-4.14/serial-8250-add-nuvoton-npcm-uart.patch b/queue-4.14/serial-8250-add-nuvoton-npcm-uart.patch new file mode 100644 index 00000000000..6f097c8bdb0 --- /dev/null +++ b/queue-4.14/serial-8250-add-nuvoton-npcm-uart.patch @@ -0,0 +1,127 @@ +From f597fbce38d230af95384f4a04e0a13a1d0ad45d Mon Sep 17 00:00:00 2001 +From: Joel Stanley +Date: Mon, 5 Mar 2018 22:17:38 +1030 +Subject: serial: 8250: Add Nuvoton NPCM UART + +From: Joel Stanley + +commit f597fbce38d230af95384f4a04e0a13a1d0ad45d upstream. + +The Nuvoton UART is almost compatible with the 8250 driver when probed +via the 8250_of driver, however it requires some extra configuration +at startup. + +Reviewed-by: Rob Herring +Signed-off-by: Joel Stanley +Cc: stable +Signed-off-by: Greg Kroah-Hartman + +--- + Documentation/devicetree/bindings/serial/8250.txt | 1 + drivers/tty/serial/8250/8250_of.c | 1 + drivers/tty/serial/8250/8250_port.c | 33 ++++++++++++++++++++++ + include/uapi/linux/serial_core.h | 3 ++ + 4 files changed, 38 insertions(+) + +--- a/Documentation/devicetree/bindings/serial/8250.txt ++++ b/Documentation/devicetree/bindings/serial/8250.txt +@@ -24,6 +24,7 @@ Required properties: + - "ti,da830-uart" + - "aspeed,ast2400-vuart" + - "aspeed,ast2500-vuart" ++ - "nuvoton,npcm750-uart" + - "serial" if the port type is unknown. + - reg : offset and length of the register set for the device. + - interrupts : should contain uart interrupt. +--- a/drivers/tty/serial/8250/8250_of.c ++++ b/drivers/tty/serial/8250/8250_of.c +@@ -321,6 +321,7 @@ static const struct of_device_id of_plat + { .compatible = "mrvl,mmp-uart", + .data = (void *)PORT_XSCALE, }, + { .compatible = "ti,da830-uart", .data = (void *)PORT_DA830, }, ++ { .compatible = "nuvoton,npcm750-uart", .data = (void *)PORT_NPCM, }, + { /* end of list */ }, + }; + MODULE_DEVICE_TABLE(of, of_platform_serial_table); +--- a/drivers/tty/serial/8250/8250_port.c ++++ b/drivers/tty/serial/8250/8250_port.c +@@ -51,6 +51,10 @@ + #define UART_EXAR_SLEEP 0x8b /* Sleep mode */ + #define UART_EXAR_DVID 0x8d /* Device identification */ + ++/* Nuvoton NPCM timeout register */ ++#define UART_NPCM_TOR 7 ++#define UART_NPCM_TOIE BIT(7) /* Timeout Interrupt Enable */ ++ + /* + * Debugging. + */ +@@ -297,6 +301,15 @@ static const struct serial8250_config ua + UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT, + .flags = UART_CAP_FIFO, + }, ++ [PORT_NPCM] = { ++ .name = "Nuvoton 16550", ++ .fifo_size = 16, ++ .tx_loadsz = 16, ++ .fcr = UART_FCR_ENABLE_FIFO | UART_FCR_R_TRIG_10 | ++ UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT, ++ .rxtrig_bytes = {1, 4, 8, 14}, ++ .flags = UART_CAP_FIFO, ++ }, + }; + + /* Uart divisor latch read */ +@@ -2168,6 +2181,15 @@ int serial8250_do_startup(struct uart_po + UART_DA830_PWREMU_MGMT_FREE); + } + ++ if (port->type == PORT_NPCM) { ++ /* ++ * Nuvoton calls the scratch register 'UART_TOR' (timeout ++ * register). Enable it, and set TIOC (timeout interrupt ++ * comparator) to be 0x20 for correct operation. ++ */ ++ serial_port_out(port, UART_NPCM_TOR, UART_NPCM_TOIE | 0x20); ++ } ++ + #ifdef CONFIG_SERIAL_8250_RSA + /* + * If this is an RSA port, see if we can kick it up to the +@@ -2490,6 +2512,15 @@ static unsigned int xr17v35x_get_divisor + return quot_16 >> 4; + } + ++/* Nuvoton NPCM UARTs have a custom divisor calculation */ ++static unsigned int npcm_get_divisor(struct uart_8250_port *up, ++ unsigned int baud) ++{ ++ struct uart_port *port = &up->port; ++ ++ return DIV_ROUND_CLOSEST(port->uartclk, 16 * baud + 2) - 2; ++} ++ + static unsigned int serial8250_get_divisor(struct uart_8250_port *up, + unsigned int baud, + unsigned int *frac) +@@ -2510,6 +2541,8 @@ static unsigned int serial8250_get_divis + quot = 0x8002; + else if (up->port.type == PORT_XR17V35X) + quot = xr17v35x_get_divisor(up, baud, frac); ++ else if (up->port.type == PORT_NPCM) ++ quot = npcm_get_divisor(up, baud); + else + quot = uart_get_divisor(port, baud); + +--- a/include/uapi/linux/serial_core.h ++++ b/include/uapi/linux/serial_core.h +@@ -76,6 +76,9 @@ + #define PORT_SUNZILOG 38 + #define PORT_SUNSAB 39 + ++/* Nuvoton UART */ ++#define PORT_NPCM 40 ++ + /* Intel EG20 */ + #define PORT_PCH_8LINE 44 + #define PORT_PCH_2LINE 45 diff --git a/queue-4.14/series b/queue-4.14/series index 2e5f198935a..6b548593be7 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -35,3 +35,19 @@ phy-qcom-ufs-add-module_license-tag.patch bluetooth-fix-missing-encryption-refresh-on-security-request.patch usb-dwc2-improve-gadget-state-disconnection-handling.patch bitmap-fix-memset-optimization-on-big-endian-systems.patch +usb-serial-ftdi_sio-add-rt-systems-vx-8-cable.patch +usb-serial-ftdi_sio-add-support-for-harman-firmwarehubemulator.patch +usb-serial-cp210x-add-eldat-easywave-rx09-id.patch +serial-8250-add-nuvoton-npcm-uart.patch +mei-remove-dev_err-message-on-an-unsupported-ioctl.patch +dev-mem-avoid-overwriting-err-in-read_mem.patch +media-usbtv-prevent-double-free-in-error-case.patch +parport_pc-add-support-for-wch-ch382l-pci-e-single-parallel-port-card.patch +crypto-lrw-free-rctx-ext-with-kzfree.patch +crypto-inside-secure-fix-clock-management.patch +crypto-testmgr-fix-incorrect-values-in-pkcs-1-test-vector.patch +crypto-ahash-fix-early-termination-in-hash-walk.patch +crypto-caam-fix-null-dereference-at-error-path.patch +crypto-ccp-return-an-actual-key-size-from-rsa-max_size-callback.patch +crypto-arm-arm64-fix-random-regeneration-of-s_shipped.patch +crypto-x86-cast5-avx-fix-ecb-encryption-when-long-sg-follows-short-one.patch diff --git a/queue-4.14/usb-serial-cp210x-add-eldat-easywave-rx09-id.patch b/queue-4.14/usb-serial-cp210x-add-eldat-easywave-rx09-id.patch new file mode 100644 index 00000000000..f6030334919 --- /dev/null +++ b/queue-4.14/usb-serial-cp210x-add-eldat-easywave-rx09-id.patch @@ -0,0 +1,30 @@ +From 1f1e82f74c0947e40144688c9e36abe4b3999f49 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Tue, 6 Mar 2018 09:32:43 +0100 +Subject: USB: serial: cp210x: add ELDAT Easywave RX09 id + +From: Johan Hovold + +commit 1f1e82f74c0947e40144688c9e36abe4b3999f49 upstream. + +Add device id for ELDAT Easywave RX09 tranceiver. + +Reported-by: Jan Jansen +Cc: stable +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/cp210x.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/usb/serial/cp210x.c ++++ b/drivers/usb/serial/cp210x.c +@@ -158,6 +158,7 @@ static const struct usb_device_id id_tab + { USB_DEVICE(0x12B8, 0xEC62) }, /* Link G4+ ECU */ + { USB_DEVICE(0x13AD, 0x9999) }, /* Baltech card reader */ + { USB_DEVICE(0x1555, 0x0004) }, /* Owen AC4 USB-RS485 Converter */ ++ { USB_DEVICE(0x155A, 0x1006) }, /* ELDAT Easywave RX09 */ + { USB_DEVICE(0x166A, 0x0201) }, /* Clipsal 5500PACA C-Bus Pascal Automation Controller */ + { USB_DEVICE(0x166A, 0x0301) }, /* Clipsal 5800PC C-Bus Wireless PC Interface */ + { USB_DEVICE(0x166A, 0x0303) }, /* Clipsal 5500PCU C-Bus USB interface */ diff --git a/queue-4.14/usb-serial-ftdi_sio-add-rt-systems-vx-8-cable.patch b/queue-4.14/usb-serial-ftdi_sio-add-rt-systems-vx-8-cable.patch new file mode 100644 index 00000000000..39517efd567 --- /dev/null +++ b/queue-4.14/usb-serial-ftdi_sio-add-rt-systems-vx-8-cable.patch @@ -0,0 +1,45 @@ +From 9608e5c0f079390473b484ef92334dfd3431bb89 Mon Sep 17 00:00:00 2001 +From: Major Hayden +Date: Fri, 23 Feb 2018 14:29:54 -0600 +Subject: USB: serial: ftdi_sio: add RT Systems VX-8 cable + +From: Major Hayden + +commit 9608e5c0f079390473b484ef92334dfd3431bb89 upstream. + +This patch adds a device ID for the RT Systems cable used to +program Yaesu VX-8R/VX-8DR handheld radios. It uses the main +FTDI VID instead of the common RT Systems VID. + +Signed-off-by: Major Hayden +Cc: stable +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/ftdi_sio.c | 1 + + drivers/usb/serial/ftdi_sio_ids.h | 3 +++ + 2 files changed, 4 insertions(+) + +--- a/drivers/usb/serial/ftdi_sio.c ++++ b/drivers/usb/serial/ftdi_sio.c +@@ -773,6 +773,7 @@ static const struct usb_device_id id_tab + .driver_info = (kernel_ulong_t)&ftdi_NDI_device_quirk }, + { USB_DEVICE(TELLDUS_VID, TELLDUS_TELLSTICK_PID) }, + { USB_DEVICE(NOVITUS_VID, NOVITUS_BONO_E_PID) }, ++ { USB_DEVICE(FTDI_VID, RTSYSTEMS_USB_VX8_PID) }, + { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_S03_PID) }, + { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_59_PID) }, + { USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_57A_PID) }, +--- a/drivers/usb/serial/ftdi_sio_ids.h ++++ b/drivers/usb/serial/ftdi_sio_ids.h +@@ -923,6 +923,9 @@ + /* + * RT Systems programming cables for various ham radios + */ ++/* This device uses the VID of FTDI */ ++#define RTSYSTEMS_USB_VX8_PID 0x9e50 /* USB-VX8 USB to 7 pin modular plug for Yaesu VX-8 radio */ ++ + #define RTSYSTEMS_VID 0x2100 /* Vendor ID */ + #define RTSYSTEMS_USB_S03_PID 0x9001 /* RTS-03 USB to Serial Adapter */ + #define RTSYSTEMS_USB_59_PID 0x9e50 /* USB-59 USB to 8 pin plug */ diff --git a/queue-4.14/usb-serial-ftdi_sio-add-support-for-harman-firmwarehubemulator.patch b/queue-4.14/usb-serial-ftdi_sio-add-support-for-harman-firmwarehubemulator.patch new file mode 100644 index 00000000000..941feca0055 --- /dev/null +++ b/queue-4.14/usb-serial-ftdi_sio-add-support-for-harman-firmwarehubemulator.patch @@ -0,0 +1,47 @@ +From 6555ad13a01952c16485c82a52ad1f3e07e34b3a Mon Sep 17 00:00:00 2001 +From: Clemens Werther +Date: Fri, 16 Mar 2018 10:20:46 +0100 +Subject: USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator + +From: Clemens Werther + +commit 6555ad13a01952c16485c82a52ad1f3e07e34b3a upstream. + +Add device id for Harman FirmwareHubEmulator to make the device +auto-detectable by the driver. + +Signed-off-by: Clemens Werther +Cc: stable +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/ftdi_sio.c | 1 + + drivers/usb/serial/ftdi_sio_ids.h | 6 ++++++ + 2 files changed, 7 insertions(+) + +--- a/drivers/usb/serial/ftdi_sio.c ++++ b/drivers/usb/serial/ftdi_sio.c +@@ -936,6 +936,7 @@ static const struct usb_device_id id_tab + { USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_LS_LOGBOOK_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_HS_LOGBOOK_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_CINTERION_MC55I_PID) }, ++ { USB_DEVICE(FTDI_VID, FTDI_FHE_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_DOTEC_PID) }, + { USB_DEVICE(QIHARDWARE_VID, MILKYMISTONE_JTAGSERIAL_PID), + .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk }, +--- a/drivers/usb/serial/ftdi_sio_ids.h ++++ b/drivers/usb/serial/ftdi_sio_ids.h +@@ -1445,6 +1445,12 @@ + #define FTDI_CINTERION_MC55I_PID 0xA951 + + /* ++ * Product: FirmwareHubEmulator ++ * Manufacturer: Harman Becker Automotive Systems ++ */ ++#define FTDI_FHE_PID 0xA9A0 ++ ++/* + * Product: Comet Caller ID decoder + * Manufacturer: Crucible Technologies + */