From: Greg Kroah-Hartman Date: Tue, 19 Mar 2019 18:31:10 +0000 (+0100) Subject: 4.14-stable patches X-Git-Tag: v3.18.137~88 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=412539967a549e4897356f66fd2f65e71220858f;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: 9p-net-fix-memory-leak-in-p9_client_create.patch 9p-use-inode-i_lock-to-protect-i_size_write-under-32-bit.patch asoc-fsl_esai-fix-register-setting-issue-in-right_j-mode.patch crypto-ahash-fix-another-early-termination-in-hash-walk.patch crypto-caam-fixed-handling-of-sg-list.patch crypto-rockchip-fix-scatterlist-nents-error.patch crypto-rockchip-update-new-iv-to-device-in-multiple-operations.patch iio-adc-exynos-adc-fix-null-pointer-exception-on-unbind.patch stm-class-fix-an-endless-loop-in-channel-allocation.patch --- diff --git a/queue-4.14/9p-net-fix-memory-leak-in-p9_client_create.patch b/queue-4.14/9p-net-fix-memory-leak-in-p9_client_create.patch new file mode 100644 index 00000000000..e1298d6c795 --- /dev/null +++ b/queue-4.14/9p-net-fix-memory-leak-in-p9_client_create.patch @@ -0,0 +1,35 @@ +From bb06c388fa20ae24cfe80c52488de718a7e3a53f Mon Sep 17 00:00:00 2001 +From: zhengbin +Date: Wed, 13 Mar 2019 16:01:37 +0800 +Subject: 9p/net: fix memory leak in p9_client_create + +From: zhengbin + +commit bb06c388fa20ae24cfe80c52488de718a7e3a53f upstream. + +If msize is less than 4096, we should close and put trans, destroy +tagpool, not just free client. This patch fixes that. + +Link: http://lkml.kernel.org/m/1552464097-142659-1-git-send-email-zhengbin13@huawei.com +Cc: stable@vger.kernel.org +Fixes: 574d356b7a02 ("9p/net: put a lower bound on msize") +Reported-by: Hulk Robot +Signed-off-by: zhengbin +Signed-off-by: Dominique Martinet +Signed-off-by: Greg Kroah-Hartman + +--- + net/9p/client.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/9p/client.c ++++ b/net/9p/client.c +@@ -1082,7 +1082,7 @@ struct p9_client *p9_client_create(const + p9_debug(P9_DEBUG_ERROR, + "Please specify a msize of at least 4k\n"); + err = -EINVAL; +- goto free_client; ++ goto close_trans; + } + + err = p9_client_version(clnt); diff --git a/queue-4.14/9p-use-inode-i_lock-to-protect-i_size_write-under-32-bit.patch b/queue-4.14/9p-use-inode-i_lock-to-protect-i_size_write-under-32-bit.patch new file mode 100644 index 00000000000..bd3909e39d3 --- /dev/null +++ b/queue-4.14/9p-use-inode-i_lock-to-protect-i_size_write-under-32-bit.patch @@ -0,0 +1,318 @@ +From 5e3cc1ee1405a7eb3487ed24f786dec01b4cbe1f Mon Sep 17 00:00:00 2001 +From: Hou Tao +Date: Thu, 24 Jan 2019 14:35:13 +0800 +Subject: 9p: use inode->i_lock to protect i_size_write() under 32-bit + +From: Hou Tao + +commit 5e3cc1ee1405a7eb3487ed24f786dec01b4cbe1f upstream. + +Use inode->i_lock to protect i_size_write(), else i_size_read() in +generic_fillattr() may loop infinitely in read_seqcount_begin() when +multiple processes invoke v9fs_vfs_getattr() or v9fs_vfs_getattr_dotl() +simultaneously under 32-bit SMP environment, and a soft lockup will be +triggered as show below: + + watchdog: BUG: soft lockup - CPU#5 stuck for 22s! [stat:2217] + Modules linked in: + CPU: 5 PID: 2217 Comm: stat Not tainted 5.0.0-rc1-00005-g7f702faf5a9e #4 + Hardware name: Generic DT based system + PC is at generic_fillattr+0x104/0x108 + LR is at 0xec497f00 + pc : [<802b8898>] lr : [] psr: 200c0013 + sp : ec497e20 ip : ed608030 fp : ec497e3c + r10: 00000000 r9 : ec497f00 r8 : ed608030 + r7 : ec497ebc r6 : ec497f00 r5 : ee5c1550 r4 : ee005780 + r3 : 0000052d r2 : 00000000 r1 : ec497f00 r0 : ed608030 + Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none + Control: 10c5387d Table: ac48006a DAC: 00000051 + CPU: 5 PID: 2217 Comm: stat Not tainted 5.0.0-rc1-00005-g7f702faf5a9e #4 + Hardware name: Generic DT based system + Backtrace: + [<8010d974>] (dump_backtrace) from [<8010dc88>] (show_stack+0x20/0x24) + [<8010dc68>] (show_stack) from [<80a1d194>] (dump_stack+0xb0/0xdc) + [<80a1d0e4>] (dump_stack) from [<80109f34>] (show_regs+0x1c/0x20) + [<80109f18>] (show_regs) from [<801d0a80>] (watchdog_timer_fn+0x280/0x2f8) + [<801d0800>] (watchdog_timer_fn) from [<80198658>] (__hrtimer_run_queues+0x18c/0x380) + [<801984cc>] (__hrtimer_run_queues) from [<80198e60>] (hrtimer_run_queues+0xb8/0xf0) + [<80198da8>] (hrtimer_run_queues) from [<801973e8>] (run_local_timers+0x28/0x64) + [<801973c0>] (run_local_timers) from [<80197460>] (update_process_times+0x3c/0x6c) + [<80197424>] (update_process_times) from [<801ab2b8>] (tick_nohz_handler+0xe0/0x1bc) + [<801ab1d8>] (tick_nohz_handler) from [<80843050>] (arch_timer_handler_virt+0x38/0x48) + [<80843018>] (arch_timer_handler_virt) from [<80180a64>] (handle_percpu_devid_irq+0x8c/0x240) + [<801809d8>] (handle_percpu_devid_irq) from [<8017ac20>] (generic_handle_irq+0x34/0x44) + [<8017abec>] (generic_handle_irq) from [<8017b344>] (__handle_domain_irq+0x6c/0xc4) + [<8017b2d8>] (__handle_domain_irq) from [<801022e0>] (gic_handle_irq+0x4c/0x88) + [<80102294>] (gic_handle_irq) from [<80101a30>] (__irq_svc+0x70/0x98) + [<802b8794>] (generic_fillattr) from [<8056b284>] (v9fs_vfs_getattr_dotl+0x74/0xa4) + [<8056b210>] (v9fs_vfs_getattr_dotl) from [<802b8904>] (vfs_getattr_nosec+0x68/0x7c) + [<802b889c>] (vfs_getattr_nosec) from [<802b895c>] (vfs_getattr+0x44/0x48) + [<802b8918>] (vfs_getattr) from [<802b8a74>] (vfs_statx+0x9c/0xec) + [<802b89d8>] (vfs_statx) from [<802b9428>] (sys_lstat64+0x48/0x78) + [<802b93e0>] (sys_lstat64) from [<80101000>] (ret_fast_syscall+0x0/0x28) + +[dominique.martinet@cea.fr: updated comment to not refer to a function +in another subsystem] +Link: http://lkml.kernel.org/r/20190124063514.8571-2-houtao1@huawei.com +Cc: stable@vger.kernel.org +Fixes: 7549ae3e81cc ("9p: Use the i_size_[read, write]() macros instead of using inode->i_size directly.") +Reported-by: Xing Gaopeng +Signed-off-by: Hou Tao +Signed-off-by: Dominique Martinet +Signed-off-by: Greg Kroah-Hartman + +--- + fs/9p/v9fs_vfs.h | 23 +++++++++++++++++++++-- + fs/9p/vfs_file.c | 6 +++++- + fs/9p/vfs_inode.c | 23 +++++++++++------------ + fs/9p/vfs_inode_dotl.c | 27 ++++++++++++++------------- + fs/9p/vfs_super.c | 4 ++-- + 5 files changed, 53 insertions(+), 30 deletions(-) + +--- a/fs/9p/v9fs_vfs.h ++++ b/fs/9p/v9fs_vfs.h +@@ -40,6 +40,9 @@ + */ + #define P9_LOCK_TIMEOUT (30*HZ) + ++/* flags for v9fs_stat2inode() & v9fs_stat2inode_dotl() */ ++#define V9FS_STAT2INODE_KEEP_ISIZE 1 ++ + extern struct file_system_type v9fs_fs_type; + extern const struct address_space_operations v9fs_addr_operations; + extern const struct file_operations v9fs_file_operations; +@@ -61,8 +64,10 @@ int v9fs_init_inode(struct v9fs_session_ + struct inode *inode, umode_t mode, dev_t); + void v9fs_evict_inode(struct inode *inode); + ino_t v9fs_qid2ino(struct p9_qid *qid); +-void v9fs_stat2inode(struct p9_wstat *, struct inode *, struct super_block *); +-void v9fs_stat2inode_dotl(struct p9_stat_dotl *, struct inode *); ++void v9fs_stat2inode(struct p9_wstat *stat, struct inode *inode, ++ struct super_block *sb, unsigned int flags); ++void v9fs_stat2inode_dotl(struct p9_stat_dotl *stat, struct inode *inode, ++ unsigned int flags); + int v9fs_dir_release(struct inode *inode, struct file *filp); + int v9fs_file_open(struct inode *inode, struct file *file); + void v9fs_inode2stat(struct inode *inode, struct p9_wstat *stat); +@@ -83,4 +88,18 @@ static inline void v9fs_invalidate_inode + } + + int v9fs_open_to_dotl_flags(int flags); ++ ++static inline void v9fs_i_size_write(struct inode *inode, loff_t i_size) ++{ ++ /* ++ * 32-bit need the lock, concurrent updates could break the ++ * sequences and make i_size_read() loop forever. ++ * 64-bit updates are atomic and can skip the locking. ++ */ ++ if (sizeof(i_size) > sizeof(long)) ++ spin_lock(&inode->i_lock); ++ i_size_write(inode, i_size); ++ if (sizeof(i_size) > sizeof(long)) ++ spin_unlock(&inode->i_lock); ++} + #endif +--- a/fs/9p/vfs_file.c ++++ b/fs/9p/vfs_file.c +@@ -442,7 +442,11 @@ v9fs_file_write_iter(struct kiocb *iocb, + i_size = i_size_read(inode); + if (iocb->ki_pos > i_size) { + inode_add_bytes(inode, iocb->ki_pos - i_size); +- i_size_write(inode, iocb->ki_pos); ++ /* ++ * Need to serialize against i_size_write() in ++ * v9fs_stat2inode() ++ */ ++ v9fs_i_size_write(inode, iocb->ki_pos); + } + return retval; + } +--- a/fs/9p/vfs_inode.c ++++ b/fs/9p/vfs_inode.c +@@ -538,7 +538,7 @@ static struct inode *v9fs_qid_iget(struc + if (retval) + goto error; + +- v9fs_stat2inode(st, inode, sb); ++ v9fs_stat2inode(st, inode, sb, 0); + v9fs_cache_inode_get_cookie(inode); + unlock_new_inode(inode); + return inode; +@@ -1080,7 +1080,7 @@ v9fs_vfs_getattr(const struct path *path + if (IS_ERR(st)) + return PTR_ERR(st); + +- v9fs_stat2inode(st, d_inode(dentry), dentry->d_sb); ++ v9fs_stat2inode(st, d_inode(dentry), dentry->d_sb, 0); + generic_fillattr(d_inode(dentry), stat); + + p9stat_free(st); +@@ -1158,12 +1158,13 @@ static int v9fs_vfs_setattr(struct dentr + * @stat: Plan 9 metadata (mistat) structure + * @inode: inode to populate + * @sb: superblock of filesystem ++ * @flags: control flags (e.g. V9FS_STAT2INODE_KEEP_ISIZE) + * + */ + + void + v9fs_stat2inode(struct p9_wstat *stat, struct inode *inode, +- struct super_block *sb) ++ struct super_block *sb, unsigned int flags) + { + umode_t mode; + char ext[32]; +@@ -1204,10 +1205,11 @@ v9fs_stat2inode(struct p9_wstat *stat, s + mode = p9mode2perm(v9ses, stat); + mode |= inode->i_mode & ~S_IALLUGO; + inode->i_mode = mode; +- i_size_write(inode, stat->length); + ++ if (!(flags & V9FS_STAT2INODE_KEEP_ISIZE)) ++ v9fs_i_size_write(inode, stat->length); + /* not real number of blocks, but 512 byte ones ... */ +- inode->i_blocks = (i_size_read(inode) + 512 - 1) >> 9; ++ inode->i_blocks = (stat->length + 512 - 1) >> 9; + v9inode->cache_validity &= ~V9FS_INO_INVALID_ATTR; + } + +@@ -1404,9 +1406,9 @@ int v9fs_refresh_inode(struct p9_fid *fi + { + int umode; + dev_t rdev; +- loff_t i_size; + struct p9_wstat *st; + struct v9fs_session_info *v9ses; ++ unsigned int flags; + + v9ses = v9fs_inode2v9ses(inode); + st = p9_client_stat(fid); +@@ -1419,16 +1421,13 @@ int v9fs_refresh_inode(struct p9_fid *fi + if ((inode->i_mode & S_IFMT) != (umode & S_IFMT)) + goto out; + +- spin_lock(&inode->i_lock); + /* + * We don't want to refresh inode->i_size, + * because we may have cached data + */ +- i_size = inode->i_size; +- v9fs_stat2inode(st, inode, inode->i_sb); +- if (v9ses->cache == CACHE_LOOSE || v9ses->cache == CACHE_FSCACHE) +- inode->i_size = i_size; +- spin_unlock(&inode->i_lock); ++ flags = (v9ses->cache == CACHE_LOOSE || v9ses->cache == CACHE_FSCACHE) ? ++ V9FS_STAT2INODE_KEEP_ISIZE : 0; ++ v9fs_stat2inode(st, inode, inode->i_sb, flags); + out: + p9stat_free(st); + kfree(st); +--- a/fs/9p/vfs_inode_dotl.c ++++ b/fs/9p/vfs_inode_dotl.c +@@ -143,7 +143,7 @@ static struct inode *v9fs_qid_iget_dotl( + if (retval) + goto error; + +- v9fs_stat2inode_dotl(st, inode); ++ v9fs_stat2inode_dotl(st, inode, 0); + v9fs_cache_inode_get_cookie(inode); + retval = v9fs_get_acl(inode, fid); + if (retval) +@@ -497,7 +497,7 @@ v9fs_vfs_getattr_dotl(const struct path + if (IS_ERR(st)) + return PTR_ERR(st); + +- v9fs_stat2inode_dotl(st, d_inode(dentry)); ++ v9fs_stat2inode_dotl(st, d_inode(dentry), 0); + generic_fillattr(d_inode(dentry), stat); + /* Change block size to what the server returned */ + stat->blksize = st->st_blksize; +@@ -608,11 +608,13 @@ int v9fs_vfs_setattr_dotl(struct dentry + * v9fs_stat2inode_dotl - populate an inode structure with stat info + * @stat: stat structure + * @inode: inode to populate ++ * @flags: ctrl flags (e.g. V9FS_STAT2INODE_KEEP_ISIZE) + * + */ + + void +-v9fs_stat2inode_dotl(struct p9_stat_dotl *stat, struct inode *inode) ++v9fs_stat2inode_dotl(struct p9_stat_dotl *stat, struct inode *inode, ++ unsigned int flags) + { + umode_t mode; + struct v9fs_inode *v9inode = V9FS_I(inode); +@@ -632,7 +634,8 @@ v9fs_stat2inode_dotl(struct p9_stat_dotl + mode |= inode->i_mode & ~S_IALLUGO; + inode->i_mode = mode; + +- i_size_write(inode, stat->st_size); ++ if (!(flags & V9FS_STAT2INODE_KEEP_ISIZE)) ++ v9fs_i_size_write(inode, stat->st_size); + inode->i_blocks = stat->st_blocks; + } else { + if (stat->st_result_mask & P9_STATS_ATIME) { +@@ -662,8 +665,9 @@ v9fs_stat2inode_dotl(struct p9_stat_dotl + } + if (stat->st_result_mask & P9_STATS_RDEV) + inode->i_rdev = new_decode_dev(stat->st_rdev); +- if (stat->st_result_mask & P9_STATS_SIZE) +- i_size_write(inode, stat->st_size); ++ if (!(flags & V9FS_STAT2INODE_KEEP_ISIZE) && ++ stat->st_result_mask & P9_STATS_SIZE) ++ v9fs_i_size_write(inode, stat->st_size); + if (stat->st_result_mask & P9_STATS_BLOCKS) + inode->i_blocks = stat->st_blocks; + } +@@ -929,9 +933,9 @@ v9fs_vfs_get_link_dotl(struct dentry *de + + int v9fs_refresh_inode_dotl(struct p9_fid *fid, struct inode *inode) + { +- loff_t i_size; + struct p9_stat_dotl *st; + struct v9fs_session_info *v9ses; ++ unsigned int flags; + + v9ses = v9fs_inode2v9ses(inode); + st = p9_client_getattr_dotl(fid, P9_STATS_ALL); +@@ -943,16 +947,13 @@ int v9fs_refresh_inode_dotl(struct p9_fi + if ((inode->i_mode & S_IFMT) != (st->st_mode & S_IFMT)) + goto out; + +- spin_lock(&inode->i_lock); + /* + * We don't want to refresh inode->i_size, + * because we may have cached data + */ +- i_size = inode->i_size; +- v9fs_stat2inode_dotl(st, inode); +- if (v9ses->cache == CACHE_LOOSE || v9ses->cache == CACHE_FSCACHE) +- inode->i_size = i_size; +- spin_unlock(&inode->i_lock); ++ flags = (v9ses->cache == CACHE_LOOSE || v9ses->cache == CACHE_FSCACHE) ? ++ V9FS_STAT2INODE_KEEP_ISIZE : 0; ++ v9fs_stat2inode_dotl(st, inode, flags); + out: + kfree(st); + return 0; +--- a/fs/9p/vfs_super.c ++++ b/fs/9p/vfs_super.c +@@ -172,7 +172,7 @@ static struct dentry *v9fs_mount(struct + goto release_sb; + } + d_inode(root)->i_ino = v9fs_qid2ino(&st->qid); +- v9fs_stat2inode_dotl(st, d_inode(root)); ++ v9fs_stat2inode_dotl(st, d_inode(root), 0); + kfree(st); + } else { + struct p9_wstat *st = NULL; +@@ -183,7 +183,7 @@ static struct dentry *v9fs_mount(struct + } + + d_inode(root)->i_ino = v9fs_qid2ino(&st->qid); +- v9fs_stat2inode(st, d_inode(root), sb); ++ v9fs_stat2inode(st, d_inode(root), sb, 0); + + p9stat_free(st); + kfree(st); diff --git a/queue-4.14/asoc-fsl_esai-fix-register-setting-issue-in-right_j-mode.patch b/queue-4.14/asoc-fsl_esai-fix-register-setting-issue-in-right_j-mode.patch new file mode 100644 index 00000000000..9fd30d90bac --- /dev/null +++ b/queue-4.14/asoc-fsl_esai-fix-register-setting-issue-in-right_j-mode.patch @@ -0,0 +1,51 @@ +From cc29ea007347f39f4c5a4d27b0b555955a0277f9 Mon Sep 17 00:00:00 2001 +From: "S.j. Wang" +Date: Mon, 18 Feb 2019 08:29:11 +0000 +Subject: ASoC: fsl_esai: fix register setting issue in RIGHT_J mode + +From: S.j. Wang + +commit cc29ea007347f39f4c5a4d27b0b555955a0277f9 upstream. + +The ESAI_xCR_xWA is xCR's bit, not the xCCR's bit, driver set it to +wrong register, correct it. + +Fixes 43d24e76b698 ("ASoC: fsl_esai: Add ESAI CPU DAI driver") +Cc: +Signed-off-by: Shengjiu Wang +Reviewed-by: Fabio Estevam +Ackedy-by: Nicolin Chen +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + sound/soc/fsl/fsl_esai.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/sound/soc/fsl/fsl_esai.c ++++ b/sound/soc/fsl/fsl_esai.c +@@ -395,7 +395,8 @@ static int fsl_esai_set_dai_fmt(struct s + break; + case SND_SOC_DAIFMT_RIGHT_J: + /* Data on rising edge of bclk, frame high, right aligned */ +- xccr |= ESAI_xCCR_xCKP | ESAI_xCCR_xHCKP | ESAI_xCR_xWA; ++ xccr |= ESAI_xCCR_xCKP | ESAI_xCCR_xHCKP; ++ xcr |= ESAI_xCR_xWA; + break; + case SND_SOC_DAIFMT_DSP_A: + /* Data on rising edge of bclk, frame high, 1clk before data */ +@@ -452,12 +453,12 @@ static int fsl_esai_set_dai_fmt(struct s + return -EINVAL; + } + +- mask = ESAI_xCR_xFSL | ESAI_xCR_xFSR; ++ mask = ESAI_xCR_xFSL | ESAI_xCR_xFSR | ESAI_xCR_xWA; + regmap_update_bits(esai_priv->regmap, REG_ESAI_TCR, mask, xcr); + regmap_update_bits(esai_priv->regmap, REG_ESAI_RCR, mask, xcr); + + mask = ESAI_xCCR_xCKP | ESAI_xCCR_xHCKP | ESAI_xCCR_xFSP | +- ESAI_xCCR_xFSD | ESAI_xCCR_xCKD | ESAI_xCR_xWA; ++ ESAI_xCCR_xFSD | ESAI_xCCR_xCKD; + regmap_update_bits(esai_priv->regmap, REG_ESAI_TCCR, mask, xccr); + regmap_update_bits(esai_priv->regmap, REG_ESAI_RCCR, mask, xccr); + diff --git a/queue-4.14/crypto-ahash-fix-another-early-termination-in-hash-walk.patch b/queue-4.14/crypto-ahash-fix-another-early-termination-in-hash-walk.patch new file mode 100644 index 00000000000..68b6e29755b --- /dev/null +++ b/queue-4.14/crypto-ahash-fix-another-early-termination-in-hash-walk.patch @@ -0,0 +1,63 @@ +From 77568e535af7c4f97eaef1e555bf0af83772456c Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Thu, 31 Jan 2019 23:51:41 -0800 +Subject: crypto: ahash - fix another early termination in hash walk + +From: Eric Biggers + +commit 77568e535af7c4f97eaef1e555bf0af83772456c upstream. + +Hash algorithms with an alignmask set, e.g. "xcbc(aes-aesni)" and +"michael_mic", fail the improved hash tests because they sometimes +produce the wrong digest. The bug is that in the case where a +scatterlist element crosses pages, not all the data is actually hashed +because the scatterlist walk terminates too early. This happens because +the 'nbytes' variable in crypto_hash_walk_done() is assigned the number +of bytes remaining in the page, then later interpreted as the number of +bytes remaining in the scatterlist element. Fix it. + +Fixes: 900a081f6912 ("crypto: ahash - Fix early termination in hash walk") +Cc: stable@vger.kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/ahash.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +--- a/crypto/ahash.c ++++ b/crypto/ahash.c +@@ -86,17 +86,17 @@ static int hash_walk_new_entry(struct cr + int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err) + { + unsigned int alignmask = walk->alignmask; +- unsigned int nbytes = walk->entrylen; + + walk->data -= walk->offset; + +- if (nbytes && walk->offset & alignmask && !err) { +- walk->offset = ALIGN(walk->offset, alignmask + 1); +- nbytes = min(nbytes, +- ((unsigned int)(PAGE_SIZE)) - walk->offset); +- walk->entrylen -= nbytes; ++ if (walk->entrylen && (walk->offset & alignmask) && !err) { ++ unsigned int nbytes; + ++ walk->offset = ALIGN(walk->offset, alignmask + 1); ++ nbytes = min(walk->entrylen, ++ (unsigned int)(PAGE_SIZE - walk->offset)); + if (nbytes) { ++ walk->entrylen -= nbytes; + walk->data += walk->offset; + return nbytes; + } +@@ -116,7 +116,7 @@ int crypto_hash_walk_done(struct crypto_ + if (err) + return err; + +- if (nbytes) { ++ if (walk->entrylen) { + walk->offset = 0; + walk->pg++; + return hash_walk_next(walk); diff --git a/queue-4.14/crypto-caam-fixed-handling-of-sg-list.patch b/queue-4.14/crypto-caam-fixed-handling-of-sg-list.patch new file mode 100644 index 00000000000..2297f41bfcc --- /dev/null +++ b/queue-4.14/crypto-caam-fixed-handling-of-sg-list.patch @@ -0,0 +1,35 @@ +From 42e95d1f10dcf8b18b1d7f52f7068985b3dc5b79 Mon Sep 17 00:00:00 2001 +From: Pankaj Gupta +Date: Fri, 1 Feb 2019 07:18:20 +0000 +Subject: crypto: caam - fixed handling of sg list + +From: Pankaj Gupta + +commit 42e95d1f10dcf8b18b1d7f52f7068985b3dc5b79 upstream. + +when the source sg contains more than 1 fragment and +destination sg contains 1 fragment, the caam driver +mishandle the buffers to be sent to caam. + +Fixes: f2147b88b2b1 ("crypto: caam - Convert GCM to new AEAD interface") +Cc: # 4.2+ +Signed-off-by: Pankaj Gupta +Signed-off-by: Arun Pathak +Reviewed-by: Horia Geanta +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/caam/caamalg.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/crypto/caam/caamalg.c ++++ b/drivers/crypto/caam/caamalg.c +@@ -1097,6 +1097,7 @@ static void init_ablkcipher_job(u32 *sh_ + } else { + if (edesc->dst_nents == 1) { + dst_dma = sg_dma_address(req->dst); ++ out_options = 0; + } else { + dst_dma = edesc->sec4_sg_dma + (edesc->src_nents + 1) * + sizeof(struct sec4_sg_entry); diff --git a/queue-4.14/crypto-rockchip-fix-scatterlist-nents-error.patch b/queue-4.14/crypto-rockchip-fix-scatterlist-nents-error.patch new file mode 100644 index 00000000000..2bd2579a0f1 --- /dev/null +++ b/queue-4.14/crypto-rockchip-fix-scatterlist-nents-error.patch @@ -0,0 +1,83 @@ +From 4359669a087633132203c52d67dd8c31e09e7b2e Mon Sep 17 00:00:00 2001 +From: Zhang Zhijie +Date: Wed, 13 Feb 2019 16:24:38 +0800 +Subject: crypto: rockchip - fix scatterlist nents error + +From: Zhang Zhijie + +commit 4359669a087633132203c52d67dd8c31e09e7b2e upstream. + +In some cases, the nents of src scatterlist is different from +dst scatterlist. So two variables are used to handle the nents +of src&dst scatterlist. + +Reported-by: Eric Biggers +Fixes: 433cd2c617bf ("crypto: rockchip - add crypto driver for rk3288") +Cc: # v4.5+ +Signed-off-by: Zhang Zhijie +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/rockchip/rk3288_crypto.c | 2 +- + drivers/crypto/rockchip/rk3288_crypto.h | 3 ++- + drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c | 5 +++-- + drivers/crypto/rockchip/rk3288_crypto_ahash.c | 2 +- + 4 files changed, 7 insertions(+), 5 deletions(-) + +--- a/drivers/crypto/rockchip/rk3288_crypto.c ++++ b/drivers/crypto/rockchip/rk3288_crypto.c +@@ -119,7 +119,7 @@ static int rk_load_data(struct rk_crypto + count = (dev->left_bytes > PAGE_SIZE) ? + PAGE_SIZE : dev->left_bytes; + +- if (!sg_pcopy_to_buffer(dev->first, dev->nents, ++ if (!sg_pcopy_to_buffer(dev->first, dev->src_nents, + dev->addr_vir, count, + dev->total - dev->left_bytes)) { + dev_err(dev->dev, "[%s:%d] pcopy err\n", +--- a/drivers/crypto/rockchip/rk3288_crypto.h ++++ b/drivers/crypto/rockchip/rk3288_crypto.h +@@ -207,7 +207,8 @@ struct rk_crypto_info { + void *addr_vir; + int aligned; + int align_size; +- size_t nents; ++ size_t src_nents; ++ size_t dst_nents; + unsigned int total; + unsigned int count; + dma_addr_t addr_in; +--- a/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c ++++ b/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c +@@ -260,8 +260,9 @@ static int rk_ablk_start(struct rk_crypt + dev->total = req->nbytes; + dev->sg_src = req->src; + dev->first = req->src; +- dev->nents = sg_nents(req->src); ++ dev->src_nents = sg_nents(req->src); + dev->sg_dst = req->dst; ++ dev->dst_nents = sg_nents(req->dst); + dev->aligned = 1; + + spin_lock_irqsave(&dev->lock, flags); +@@ -297,7 +298,7 @@ static int rk_ablk_rx(struct rk_crypto_i + + dev->unload_data(dev); + if (!dev->aligned) { +- if (!sg_pcopy_from_buffer(req->dst, dev->nents, ++ if (!sg_pcopy_from_buffer(req->dst, dev->dst_nents, + dev->addr_vir, dev->count, + dev->total - dev->left_bytes - + dev->count)) { +--- a/drivers/crypto/rockchip/rk3288_crypto_ahash.c ++++ b/drivers/crypto/rockchip/rk3288_crypto_ahash.c +@@ -206,7 +206,7 @@ static int rk_ahash_start(struct rk_cryp + dev->sg_dst = NULL; + dev->sg_src = req->src; + dev->first = req->src; +- dev->nents = sg_nents(req->src); ++ dev->src_nents = sg_nents(req->src); + rctx = ahash_request_ctx(req); + rctx->mode = 0; + diff --git a/queue-4.14/crypto-rockchip-update-new-iv-to-device-in-multiple-operations.patch b/queue-4.14/crypto-rockchip-update-new-iv-to-device-in-multiple-operations.patch new file mode 100644 index 00000000000..1bc855f3b23 --- /dev/null +++ b/queue-4.14/crypto-rockchip-update-new-iv-to-device-in-multiple-operations.patch @@ -0,0 +1,92 @@ +From c1c214adcb56d36433480c8fedf772498e7e539c Mon Sep 17 00:00:00 2001 +From: Zhang Zhijie +Date: Wed, 13 Feb 2019 16:24:39 +0800 +Subject: crypto: rockchip - update new iv to device in multiple operations + +From: Zhang Zhijie + +commit c1c214adcb56d36433480c8fedf772498e7e539c upstream. + +For chain mode in cipher(eg. AES-CBC/DES-CBC), the iv is continuously +updated in the operation. The new iv value should be written to device +register by software. + +Reported-by: Eric Biggers +Fixes: 433cd2c617bf ("crypto: rockchip - add crypto driver for rk3288") +Cc: # v4.5+ +Signed-off-by: Zhang Zhijie +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/rockchip/rk3288_crypto.h | 1 + drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c | 34 +++++++++++++++++++++ + 2 files changed, 35 insertions(+) + +--- a/drivers/crypto/rockchip/rk3288_crypto.h ++++ b/drivers/crypto/rockchip/rk3288_crypto.h +@@ -245,6 +245,7 @@ struct rk_cipher_ctx { + struct rk_crypto_info *dev; + unsigned int keylen; + u32 mode; ++ u8 iv[AES_BLOCK_SIZE]; + }; + + enum alg_type { +--- a/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c ++++ b/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c +@@ -242,6 +242,17 @@ static void crypto_dma_start(struct rk_c + static int rk_set_data_start(struct rk_crypto_info *dev) + { + int err; ++ struct ablkcipher_request *req = ++ ablkcipher_request_cast(dev->async_req); ++ struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(req); ++ struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(tfm); ++ u32 ivsize = crypto_ablkcipher_ivsize(tfm); ++ u8 *src_last_blk = page_address(sg_page(dev->sg_src)) + ++ dev->sg_src->offset + dev->sg_src->length - ivsize; ++ ++ /* store the iv that need to be updated in chain mode */ ++ if (ctx->mode & RK_CRYPTO_DEC) ++ memcpy(ctx->iv, src_last_blk, ivsize); + + err = dev->load_data(dev, dev->sg_src, dev->sg_dst); + if (!err) +@@ -286,6 +297,28 @@ static void rk_iv_copyback(struct rk_cry + memcpy_fromio(req->info, dev->reg + RK_CRYPTO_AES_IV_0, ivsize); + } + ++static void rk_update_iv(struct rk_crypto_info *dev) ++{ ++ struct ablkcipher_request *req = ++ ablkcipher_request_cast(dev->async_req); ++ struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(req); ++ struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(tfm); ++ u32 ivsize = crypto_ablkcipher_ivsize(tfm); ++ u8 *new_iv = NULL; ++ ++ if (ctx->mode & RK_CRYPTO_DEC) { ++ new_iv = ctx->iv; ++ } else { ++ new_iv = page_address(sg_page(dev->sg_dst)) + ++ dev->sg_dst->offset + dev->sg_dst->length - ivsize; ++ } ++ ++ if (ivsize == DES_BLOCK_SIZE) ++ memcpy_toio(dev->reg + RK_CRYPTO_TDES_IV_0, new_iv, ivsize); ++ else if (ivsize == AES_BLOCK_SIZE) ++ memcpy_toio(dev->reg + RK_CRYPTO_AES_IV_0, new_iv, ivsize); ++} ++ + /* return: + * true some err was occurred + * fault no err, continue +@@ -307,6 +340,7 @@ static int rk_ablk_rx(struct rk_crypto_i + } + } + if (dev->left_bytes) { ++ rk_update_iv(dev); + if (dev->aligned) { + if (sg_is_last(dev->sg_src)) { + dev_err(dev->dev, "[%s:%d] Lack of data\n", diff --git a/queue-4.14/iio-adc-exynos-adc-fix-null-pointer-exception-on-unbind.patch b/queue-4.14/iio-adc-exynos-adc-fix-null-pointer-exception-on-unbind.patch new file mode 100644 index 00000000000..998e1119e47 --- /dev/null +++ b/queue-4.14/iio-adc-exynos-adc-fix-null-pointer-exception-on-unbind.patch @@ -0,0 +1,48 @@ +From 2ea8bab4dd2a9014e723b28091831fa850b82d83 Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Sat, 9 Feb 2019 00:39:27 +0100 +Subject: iio: adc: exynos-adc: Fix NULL pointer exception on unbind + +From: Krzysztof Kozlowski + +commit 2ea8bab4dd2a9014e723b28091831fa850b82d83 upstream. + +Fix NULL pointer exception on device unbind when device tree does not +contain "has-touchscreen" property. In such case the input device is +not registered so it should not be unregistered. + + $ echo "12d10000.adc" > /sys/bus/platform/drivers/exynos-adc/unbind + + Unable to handle kernel NULL pointer dereference at virtual address 00000474 + ... + (input_unregister_device) from [] (exynos_adc_remove+0x20/0x80) + (exynos_adc_remove) from [] (platform_drv_remove+0x20/0x40) + (platform_drv_remove) from [] (device_release_driver_internal+0xdc/0x1ac) + (device_release_driver_internal) from [] (unbind_store+0x60/0xd4) + (unbind_store) from [] (kernfs_fop_write+0x100/0x1e0) + (kernfs_fop_write) from [] (__vfs_write+0x2c/0x17c) + (__vfs_write) from [] (vfs_write+0xa4/0x184) + (vfs_write) from [] (ksys_write+0x4c/0xac) + (ksys_write) from [] (ret_fast_syscall+0x0/0x28) + +Fixes: 2bb8ad9b44c5 ("iio: exynos-adc: add experimental touchscreen support") +Cc: +Signed-off-by: Krzysztof Kozlowski +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/iio/adc/exynos_adc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/iio/adc/exynos_adc.c ++++ b/drivers/iio/adc/exynos_adc.c +@@ -916,7 +916,7 @@ static int exynos_adc_remove(struct plat + struct iio_dev *indio_dev = platform_get_drvdata(pdev); + struct exynos_adc *info = iio_priv(indio_dev); + +- if (IS_REACHABLE(CONFIG_INPUT)) { ++ if (IS_REACHABLE(CONFIG_INPUT) && info->input) { + free_irq(info->tsirq, info); + input_unregister_device(info->input); + } diff --git a/queue-4.14/series b/queue-4.14/series index 3d87219b539..51d3f9d851d 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -1 +1,10 @@ +9p-use-inode-i_lock-to-protect-i_size_write-under-32-bit.patch +9p-net-fix-memory-leak-in-p9_client_create.patch +asoc-fsl_esai-fix-register-setting-issue-in-right_j-mode.patch +iio-adc-exynos-adc-fix-null-pointer-exception-on-unbind.patch +stm-class-fix-an-endless-loop-in-channel-allocation.patch +crypto-caam-fixed-handling-of-sg-list.patch +crypto-ahash-fix-another-early-termination-in-hash-walk.patch +crypto-rockchip-fix-scatterlist-nents-error.patch +crypto-rockchip-update-new-iv-to-device-in-multiple-operations.patch media-videobuf2-v4l2-drop-warn_on-in-vb2_warn_zero_bytesused.patch diff --git a/queue-4.14/stm-class-fix-an-endless-loop-in-channel-allocation.patch b/queue-4.14/stm-class-fix-an-endless-loop-in-channel-allocation.patch new file mode 100644 index 00000000000..83a7a8fc723 --- /dev/null +++ b/queue-4.14/stm-class-fix-an-endless-loop-in-channel-allocation.patch @@ -0,0 +1,41 @@ +From a1d75dad3a2c689e70a1c4e0214cca9de741d0aa Mon Sep 17 00:00:00 2001 +From: Zhi Jin +Date: Thu, 6 Sep 2018 15:22:10 +0800 +Subject: stm class: Fix an endless loop in channel allocation + +From: Zhi Jin + +commit a1d75dad3a2c689e70a1c4e0214cca9de741d0aa upstream. + +There is a bug in the channel allocation logic that leads to an endless +loop when looking for a contiguous range of channels in a range with a +mixture of free and occupied channels. For example, opening three +consequtive channels, closing the first two and requesting 4 channels in +a row will trigger this soft lockup. The bug is that the search loop +forgets to skip over the range once it detects that one channel in that +range is occupied. + +Restore the original intent to the logic by fixing the omission. + +Signed-off-by: Zhi Jin +Signed-off-by: Alexander Shishkin +Fixes: 7bd1d4093c2f ("stm class: Introduce an abstraction for System Trace Module devices") +CC: stable@vger.kernel.org # v4.4+ +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/hwtracing/stm/core.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/hwtracing/stm/core.c ++++ b/drivers/hwtracing/stm/core.c +@@ -252,6 +252,9 @@ static int find_free_channels(unsigned l + ; + if (i == width) + return pos; ++ ++ /* step over [pos..pos+i) to continue search */ ++ pos += i; + } + + return -1;