From: Greg Kroah-Hartman Date: Tue, 19 Mar 2019 18:30:29 +0000 (+0100) Subject: 4.4-stable patches X-Git-Tag: v3.18.137~90 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5e5f3238fb93b72dfadbf84dbe4c553e3481a01c;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: 9p-net-fix-memory-leak-in-p9_client_create.patch 9p-use-inode-i_lock-to-protect-i_size_write-under-32-bit.patch asoc-fsl_esai-fix-register-setting-issue-in-right_j-mode.patch crypto-ahash-fix-another-early-termination-in-hash-walk.patch crypto-caam-fixed-handling-of-sg-list.patch stm-class-fix-an-endless-loop-in-channel-allocation.patch --- diff --git a/queue-4.4/9p-net-fix-memory-leak-in-p9_client_create.patch b/queue-4.4/9p-net-fix-memory-leak-in-p9_client_create.patch new file mode 100644 index 00000000000..cbb09b9dc4a --- /dev/null +++ b/queue-4.4/9p-net-fix-memory-leak-in-p9_client_create.patch @@ -0,0 +1,35 @@ +From bb06c388fa20ae24cfe80c52488de718a7e3a53f Mon Sep 17 00:00:00 2001 +From: zhengbin +Date: Wed, 13 Mar 2019 16:01:37 +0800 +Subject: 9p/net: fix memory leak in p9_client_create + +From: zhengbin + +commit bb06c388fa20ae24cfe80c52488de718a7e3a53f upstream. + +If msize is less than 4096, we should close and put trans, destroy +tagpool, not just free client. This patch fixes that. + +Link: http://lkml.kernel.org/m/1552464097-142659-1-git-send-email-zhengbin13@huawei.com +Cc: stable@vger.kernel.org +Fixes: 574d356b7a02 ("9p/net: put a lower bound on msize") +Reported-by: Hulk Robot +Signed-off-by: zhengbin +Signed-off-by: Dominique Martinet +Signed-off-by: Greg Kroah-Hartman + +--- + net/9p/client.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/9p/client.c ++++ b/net/9p/client.c +@@ -1058,7 +1058,7 @@ struct p9_client *p9_client_create(const + p9_debug(P9_DEBUG_ERROR, + "Please specify a msize of at least 4k\n"); + err = -EINVAL; +- goto free_client; ++ goto close_trans; + } + + err = p9_client_version(clnt); diff --git a/queue-4.4/9p-use-inode-i_lock-to-protect-i_size_write-under-32-bit.patch b/queue-4.4/9p-use-inode-i_lock-to-protect-i_size_write-under-32-bit.patch new file mode 100644 index 00000000000..82fe426b9c4 --- /dev/null +++ b/queue-4.4/9p-use-inode-i_lock-to-protect-i_size_write-under-32-bit.patch @@ -0,0 +1,318 @@ +From 5e3cc1ee1405a7eb3487ed24f786dec01b4cbe1f Mon Sep 17 00:00:00 2001 +From: Hou Tao +Date: Thu, 24 Jan 2019 14:35:13 +0800 +Subject: 9p: use inode->i_lock to protect i_size_write() under 32-bit + +From: Hou Tao + +commit 5e3cc1ee1405a7eb3487ed24f786dec01b4cbe1f upstream. + +Use inode->i_lock to protect i_size_write(), else i_size_read() in +generic_fillattr() may loop infinitely in read_seqcount_begin() when +multiple processes invoke v9fs_vfs_getattr() or v9fs_vfs_getattr_dotl() +simultaneously under 32-bit SMP environment, and a soft lockup will be +triggered as show below: + + watchdog: BUG: soft lockup - CPU#5 stuck for 22s! [stat:2217] + Modules linked in: + CPU: 5 PID: 2217 Comm: stat Not tainted 5.0.0-rc1-00005-g7f702faf5a9e #4 + Hardware name: Generic DT based system + PC is at generic_fillattr+0x104/0x108 + LR is at 0xec497f00 + pc : [<802b8898>] lr : [] psr: 200c0013 + sp : ec497e20 ip : ed608030 fp : ec497e3c + r10: 00000000 r9 : ec497f00 r8 : ed608030 + r7 : ec497ebc r6 : ec497f00 r5 : ee5c1550 r4 : ee005780 + r3 : 0000052d r2 : 00000000 r1 : ec497f00 r0 : ed608030 + Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none + Control: 10c5387d Table: ac48006a DAC: 00000051 + CPU: 5 PID: 2217 Comm: stat Not tainted 5.0.0-rc1-00005-g7f702faf5a9e #4 + Hardware name: Generic DT based system + Backtrace: + [<8010d974>] (dump_backtrace) from [<8010dc88>] (show_stack+0x20/0x24) + [<8010dc68>] (show_stack) from [<80a1d194>] (dump_stack+0xb0/0xdc) + [<80a1d0e4>] (dump_stack) from [<80109f34>] (show_regs+0x1c/0x20) + [<80109f18>] (show_regs) from [<801d0a80>] (watchdog_timer_fn+0x280/0x2f8) + [<801d0800>] (watchdog_timer_fn) from [<80198658>] (__hrtimer_run_queues+0x18c/0x380) + [<801984cc>] (__hrtimer_run_queues) from [<80198e60>] (hrtimer_run_queues+0xb8/0xf0) + [<80198da8>] (hrtimer_run_queues) from [<801973e8>] (run_local_timers+0x28/0x64) + [<801973c0>] (run_local_timers) from [<80197460>] (update_process_times+0x3c/0x6c) + [<80197424>] (update_process_times) from [<801ab2b8>] (tick_nohz_handler+0xe0/0x1bc) + [<801ab1d8>] (tick_nohz_handler) from [<80843050>] (arch_timer_handler_virt+0x38/0x48) + [<80843018>] (arch_timer_handler_virt) from [<80180a64>] (handle_percpu_devid_irq+0x8c/0x240) + [<801809d8>] (handle_percpu_devid_irq) from [<8017ac20>] (generic_handle_irq+0x34/0x44) + [<8017abec>] (generic_handle_irq) from [<8017b344>] (__handle_domain_irq+0x6c/0xc4) + [<8017b2d8>] (__handle_domain_irq) from [<801022e0>] (gic_handle_irq+0x4c/0x88) + [<80102294>] (gic_handle_irq) from [<80101a30>] (__irq_svc+0x70/0x98) + [<802b8794>] (generic_fillattr) from [<8056b284>] (v9fs_vfs_getattr_dotl+0x74/0xa4) + [<8056b210>] (v9fs_vfs_getattr_dotl) from [<802b8904>] (vfs_getattr_nosec+0x68/0x7c) + [<802b889c>] (vfs_getattr_nosec) from [<802b895c>] (vfs_getattr+0x44/0x48) + [<802b8918>] (vfs_getattr) from [<802b8a74>] (vfs_statx+0x9c/0xec) + [<802b89d8>] (vfs_statx) from [<802b9428>] (sys_lstat64+0x48/0x78) + [<802b93e0>] (sys_lstat64) from [<80101000>] (ret_fast_syscall+0x0/0x28) + +[dominique.martinet@cea.fr: updated comment to not refer to a function +in another subsystem] +Link: http://lkml.kernel.org/r/20190124063514.8571-2-houtao1@huawei.com +Cc: stable@vger.kernel.org +Fixes: 7549ae3e81cc ("9p: Use the i_size_[read, write]() macros instead of using inode->i_size directly.") +Reported-by: Xing Gaopeng +Signed-off-by: Hou Tao +Signed-off-by: Dominique Martinet +Signed-off-by: Greg Kroah-Hartman + +--- + fs/9p/v9fs_vfs.h | 23 +++++++++++++++++++++-- + fs/9p/vfs_file.c | 6 +++++- + fs/9p/vfs_inode.c | 23 +++++++++++------------ + fs/9p/vfs_inode_dotl.c | 27 ++++++++++++++------------- + fs/9p/vfs_super.c | 4 ++-- + 5 files changed, 53 insertions(+), 30 deletions(-) + +--- a/fs/9p/v9fs_vfs.h ++++ b/fs/9p/v9fs_vfs.h +@@ -40,6 +40,9 @@ + */ + #define P9_LOCK_TIMEOUT (30*HZ) + ++/* flags for v9fs_stat2inode() & v9fs_stat2inode_dotl() */ ++#define V9FS_STAT2INODE_KEEP_ISIZE 1 ++ + extern struct file_system_type v9fs_fs_type; + extern const struct address_space_operations v9fs_addr_operations; + extern const struct file_operations v9fs_file_operations; +@@ -61,8 +64,10 @@ int v9fs_init_inode(struct v9fs_session_ + struct inode *inode, umode_t mode, dev_t); + void v9fs_evict_inode(struct inode *inode); + ino_t v9fs_qid2ino(struct p9_qid *qid); +-void v9fs_stat2inode(struct p9_wstat *, struct inode *, struct super_block *); +-void v9fs_stat2inode_dotl(struct p9_stat_dotl *, struct inode *); ++void v9fs_stat2inode(struct p9_wstat *stat, struct inode *inode, ++ struct super_block *sb, unsigned int flags); ++void v9fs_stat2inode_dotl(struct p9_stat_dotl *stat, struct inode *inode, ++ unsigned int flags); + int v9fs_dir_release(struct inode *inode, struct file *filp); + int v9fs_file_open(struct inode *inode, struct file *file); + void v9fs_inode2stat(struct inode *inode, struct p9_wstat *stat); +@@ -83,4 +88,18 @@ static inline void v9fs_invalidate_inode + } + + int v9fs_open_to_dotl_flags(int flags); ++ ++static inline void v9fs_i_size_write(struct inode *inode, loff_t i_size) ++{ ++ /* ++ * 32-bit need the lock, concurrent updates could break the ++ * sequences and make i_size_read() loop forever. ++ * 64-bit updates are atomic and can skip the locking. ++ */ ++ if (sizeof(i_size) > sizeof(long)) ++ spin_lock(&inode->i_lock); ++ i_size_write(inode, i_size); ++ if (sizeof(i_size) > sizeof(long)) ++ spin_unlock(&inode->i_lock); ++} + #endif +--- a/fs/9p/vfs_file.c ++++ b/fs/9p/vfs_file.c +@@ -442,7 +442,11 @@ v9fs_file_write_iter(struct kiocb *iocb, + i_size = i_size_read(inode); + if (iocb->ki_pos > i_size) { + inode_add_bytes(inode, iocb->ki_pos - i_size); +- i_size_write(inode, iocb->ki_pos); ++ /* ++ * Need to serialize against i_size_write() in ++ * v9fs_stat2inode() ++ */ ++ v9fs_i_size_write(inode, iocb->ki_pos); + } + return retval; + } +--- a/fs/9p/vfs_inode.c ++++ b/fs/9p/vfs_inode.c +@@ -538,7 +538,7 @@ static struct inode *v9fs_qid_iget(struc + if (retval) + goto error; + +- v9fs_stat2inode(st, inode, sb); ++ v9fs_stat2inode(st, inode, sb, 0); + v9fs_cache_inode_get_cookie(inode); + unlock_new_inode(inode); + return inode; +@@ -1074,7 +1074,7 @@ v9fs_vfs_getattr(struct vfsmount *mnt, s + if (IS_ERR(st)) + return PTR_ERR(st); + +- v9fs_stat2inode(st, d_inode(dentry), d_inode(dentry)->i_sb); ++ v9fs_stat2inode(st, d_inode(dentry), d_inode(dentry)->i_sb, 0); + generic_fillattr(d_inode(dentry), stat); + + p9stat_free(st); +@@ -1152,12 +1152,13 @@ static int v9fs_vfs_setattr(struct dentr + * @stat: Plan 9 metadata (mistat) structure + * @inode: inode to populate + * @sb: superblock of filesystem ++ * @flags: control flags (e.g. V9FS_STAT2INODE_KEEP_ISIZE) + * + */ + + void + v9fs_stat2inode(struct p9_wstat *stat, struct inode *inode, +- struct super_block *sb) ++ struct super_block *sb, unsigned int flags) + { + umode_t mode; + char ext[32]; +@@ -1198,10 +1199,11 @@ v9fs_stat2inode(struct p9_wstat *stat, s + mode = p9mode2perm(v9ses, stat); + mode |= inode->i_mode & ~S_IALLUGO; + inode->i_mode = mode; +- i_size_write(inode, stat->length); + ++ if (!(flags & V9FS_STAT2INODE_KEEP_ISIZE)) ++ v9fs_i_size_write(inode, stat->length); + /* not real number of blocks, but 512 byte ones ... */ +- inode->i_blocks = (i_size_read(inode) + 512 - 1) >> 9; ++ inode->i_blocks = (stat->length + 512 - 1) >> 9; + v9inode->cache_validity &= ~V9FS_INO_INVALID_ATTR; + } + +@@ -1389,9 +1391,9 @@ int v9fs_refresh_inode(struct p9_fid *fi + { + int umode; + dev_t rdev; +- loff_t i_size; + struct p9_wstat *st; + struct v9fs_session_info *v9ses; ++ unsigned int flags; + + v9ses = v9fs_inode2v9ses(inode); + st = p9_client_stat(fid); +@@ -1404,16 +1406,13 @@ int v9fs_refresh_inode(struct p9_fid *fi + if ((inode->i_mode & S_IFMT) != (umode & S_IFMT)) + goto out; + +- spin_lock(&inode->i_lock); + /* + * We don't want to refresh inode->i_size, + * because we may have cached data + */ +- i_size = inode->i_size; +- v9fs_stat2inode(st, inode, inode->i_sb); +- if (v9ses->cache == CACHE_LOOSE || v9ses->cache == CACHE_FSCACHE) +- inode->i_size = i_size; +- spin_unlock(&inode->i_lock); ++ flags = (v9ses->cache == CACHE_LOOSE || v9ses->cache == CACHE_FSCACHE) ? ++ V9FS_STAT2INODE_KEEP_ISIZE : 0; ++ v9fs_stat2inode(st, inode, inode->i_sb, flags); + out: + p9stat_free(st); + kfree(st); +--- a/fs/9p/vfs_inode_dotl.c ++++ b/fs/9p/vfs_inode_dotl.c +@@ -143,7 +143,7 @@ static struct inode *v9fs_qid_iget_dotl( + if (retval) + goto error; + +- v9fs_stat2inode_dotl(st, inode); ++ v9fs_stat2inode_dotl(st, inode, 0); + v9fs_cache_inode_get_cookie(inode); + retval = v9fs_get_acl(inode, fid); + if (retval) +@@ -498,7 +498,7 @@ v9fs_vfs_getattr_dotl(struct vfsmount *m + if (IS_ERR(st)) + return PTR_ERR(st); + +- v9fs_stat2inode_dotl(st, d_inode(dentry)); ++ v9fs_stat2inode_dotl(st, d_inode(dentry), 0); + generic_fillattr(d_inode(dentry), stat); + /* Change block size to what the server returned */ + stat->blksize = st->st_blksize; +@@ -609,11 +609,13 @@ int v9fs_vfs_setattr_dotl(struct dentry + * v9fs_stat2inode_dotl - populate an inode structure with stat info + * @stat: stat structure + * @inode: inode to populate ++ * @flags: ctrl flags (e.g. V9FS_STAT2INODE_KEEP_ISIZE) + * + */ + + void +-v9fs_stat2inode_dotl(struct p9_stat_dotl *stat, struct inode *inode) ++v9fs_stat2inode_dotl(struct p9_stat_dotl *stat, struct inode *inode, ++ unsigned int flags) + { + umode_t mode; + struct v9fs_inode *v9inode = V9FS_I(inode); +@@ -633,7 +635,8 @@ v9fs_stat2inode_dotl(struct p9_stat_dotl + mode |= inode->i_mode & ~S_IALLUGO; + inode->i_mode = mode; + +- i_size_write(inode, stat->st_size); ++ if (!(flags & V9FS_STAT2INODE_KEEP_ISIZE)) ++ v9fs_i_size_write(inode, stat->st_size); + inode->i_blocks = stat->st_blocks; + } else { + if (stat->st_result_mask & P9_STATS_ATIME) { +@@ -663,8 +666,9 @@ v9fs_stat2inode_dotl(struct p9_stat_dotl + } + if (stat->st_result_mask & P9_STATS_RDEV) + inode->i_rdev = new_decode_dev(stat->st_rdev); +- if (stat->st_result_mask & P9_STATS_SIZE) +- i_size_write(inode, stat->st_size); ++ if (!(flags & V9FS_STAT2INODE_KEEP_ISIZE) && ++ stat->st_result_mask & P9_STATS_SIZE) ++ v9fs_i_size_write(inode, stat->st_size); + if (stat->st_result_mask & P9_STATS_BLOCKS) + inode->i_blocks = stat->st_blocks; + } +@@ -926,9 +930,9 @@ v9fs_vfs_follow_link_dotl(struct dentry + + int v9fs_refresh_inode_dotl(struct p9_fid *fid, struct inode *inode) + { +- loff_t i_size; + struct p9_stat_dotl *st; + struct v9fs_session_info *v9ses; ++ unsigned int flags; + + v9ses = v9fs_inode2v9ses(inode); + st = p9_client_getattr_dotl(fid, P9_STATS_ALL); +@@ -940,16 +944,13 @@ int v9fs_refresh_inode_dotl(struct p9_fi + if ((inode->i_mode & S_IFMT) != (st->st_mode & S_IFMT)) + goto out; + +- spin_lock(&inode->i_lock); + /* + * We don't want to refresh inode->i_size, + * because we may have cached data + */ +- i_size = inode->i_size; +- v9fs_stat2inode_dotl(st, inode); +- if (v9ses->cache == CACHE_LOOSE || v9ses->cache == CACHE_FSCACHE) +- inode->i_size = i_size; +- spin_unlock(&inode->i_lock); ++ flags = (v9ses->cache == CACHE_LOOSE || v9ses->cache == CACHE_FSCACHE) ? ++ V9FS_STAT2INODE_KEEP_ISIZE : 0; ++ v9fs_stat2inode_dotl(st, inode, flags); + out: + kfree(st); + return 0; +--- a/fs/9p/vfs_super.c ++++ b/fs/9p/vfs_super.c +@@ -165,7 +165,7 @@ static struct dentry *v9fs_mount(struct + goto release_sb; + } + d_inode(root)->i_ino = v9fs_qid2ino(&st->qid); +- v9fs_stat2inode_dotl(st, d_inode(root)); ++ v9fs_stat2inode_dotl(st, d_inode(root), 0); + kfree(st); + } else { + struct p9_wstat *st = NULL; +@@ -176,7 +176,7 @@ static struct dentry *v9fs_mount(struct + } + + d_inode(root)->i_ino = v9fs_qid2ino(&st->qid); +- v9fs_stat2inode(st, d_inode(root), sb); ++ v9fs_stat2inode(st, d_inode(root), sb, 0); + + p9stat_free(st); + kfree(st); diff --git a/queue-4.4/asoc-fsl_esai-fix-register-setting-issue-in-right_j-mode.patch b/queue-4.4/asoc-fsl_esai-fix-register-setting-issue-in-right_j-mode.patch new file mode 100644 index 00000000000..ac4e0986644 --- /dev/null +++ b/queue-4.4/asoc-fsl_esai-fix-register-setting-issue-in-right_j-mode.patch @@ -0,0 +1,51 @@ +From cc29ea007347f39f4c5a4d27b0b555955a0277f9 Mon Sep 17 00:00:00 2001 +From: "S.j. Wang" +Date: Mon, 18 Feb 2019 08:29:11 +0000 +Subject: ASoC: fsl_esai: fix register setting issue in RIGHT_J mode + +From: S.j. Wang + +commit cc29ea007347f39f4c5a4d27b0b555955a0277f9 upstream. + +The ESAI_xCR_xWA is xCR's bit, not the xCCR's bit, driver set it to +wrong register, correct it. + +Fixes 43d24e76b698 ("ASoC: fsl_esai: Add ESAI CPU DAI driver") +Cc: +Signed-off-by: Shengjiu Wang +Reviewed-by: Fabio Estevam +Ackedy-by: Nicolin Chen +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + sound/soc/fsl/fsl_esai.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/sound/soc/fsl/fsl_esai.c ++++ b/sound/soc/fsl/fsl_esai.c +@@ -394,7 +394,8 @@ static int fsl_esai_set_dai_fmt(struct s + break; + case SND_SOC_DAIFMT_RIGHT_J: + /* Data on rising edge of bclk, frame high, right aligned */ +- xccr |= ESAI_xCCR_xCKP | ESAI_xCCR_xHCKP | ESAI_xCR_xWA; ++ xccr |= ESAI_xCCR_xCKP | ESAI_xCCR_xHCKP; ++ xcr |= ESAI_xCR_xWA; + break; + case SND_SOC_DAIFMT_DSP_A: + /* Data on rising edge of bclk, frame high, 1clk before data */ +@@ -451,12 +452,12 @@ static int fsl_esai_set_dai_fmt(struct s + return -EINVAL; + } + +- mask = ESAI_xCR_xFSL | ESAI_xCR_xFSR; ++ mask = ESAI_xCR_xFSL | ESAI_xCR_xFSR | ESAI_xCR_xWA; + regmap_update_bits(esai_priv->regmap, REG_ESAI_TCR, mask, xcr); + regmap_update_bits(esai_priv->regmap, REG_ESAI_RCR, mask, xcr); + + mask = ESAI_xCCR_xCKP | ESAI_xCCR_xHCKP | ESAI_xCCR_xFSP | +- ESAI_xCCR_xFSD | ESAI_xCCR_xCKD | ESAI_xCR_xWA; ++ ESAI_xCCR_xFSD | ESAI_xCCR_xCKD; + regmap_update_bits(esai_priv->regmap, REG_ESAI_TCCR, mask, xccr); + regmap_update_bits(esai_priv->regmap, REG_ESAI_RCCR, mask, xccr); + diff --git a/queue-4.4/crypto-ahash-fix-another-early-termination-in-hash-walk.patch b/queue-4.4/crypto-ahash-fix-another-early-termination-in-hash-walk.patch new file mode 100644 index 00000000000..def4b6eb4e2 --- /dev/null +++ b/queue-4.4/crypto-ahash-fix-another-early-termination-in-hash-walk.patch @@ -0,0 +1,63 @@ +From 77568e535af7c4f97eaef1e555bf0af83772456c Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Thu, 31 Jan 2019 23:51:41 -0800 +Subject: crypto: ahash - fix another early termination in hash walk + +From: Eric Biggers + +commit 77568e535af7c4f97eaef1e555bf0af83772456c upstream. + +Hash algorithms with an alignmask set, e.g. "xcbc(aes-aesni)" and +"michael_mic", fail the improved hash tests because they sometimes +produce the wrong digest. The bug is that in the case where a +scatterlist element crosses pages, not all the data is actually hashed +because the scatterlist walk terminates too early. This happens because +the 'nbytes' variable in crypto_hash_walk_done() is assigned the number +of bytes remaining in the page, then later interpreted as the number of +bytes remaining in the scatterlist element. Fix it. + +Fixes: 900a081f6912 ("crypto: ahash - Fix early termination in hash walk") +Cc: stable@vger.kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/ahash.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +--- a/crypto/ahash.c ++++ b/crypto/ahash.c +@@ -85,17 +85,17 @@ static int hash_walk_new_entry(struct cr + int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err) + { + unsigned int alignmask = walk->alignmask; +- unsigned int nbytes = walk->entrylen; + + walk->data -= walk->offset; + +- if (nbytes && walk->offset & alignmask && !err) { +- walk->offset = ALIGN(walk->offset, alignmask + 1); +- nbytes = min(nbytes, +- ((unsigned int)(PAGE_SIZE)) - walk->offset); +- walk->entrylen -= nbytes; ++ if (walk->entrylen && (walk->offset & alignmask) && !err) { ++ unsigned int nbytes; + ++ walk->offset = ALIGN(walk->offset, alignmask + 1); ++ nbytes = min(walk->entrylen, ++ (unsigned int)(PAGE_SIZE - walk->offset)); + if (nbytes) { ++ walk->entrylen -= nbytes; + walk->data += walk->offset; + return nbytes; + } +@@ -115,7 +115,7 @@ int crypto_hash_walk_done(struct crypto_ + if (err) + return err; + +- if (nbytes) { ++ if (walk->entrylen) { + walk->offset = 0; + walk->pg++; + return hash_walk_next(walk); diff --git a/queue-4.4/crypto-caam-fixed-handling-of-sg-list.patch b/queue-4.4/crypto-caam-fixed-handling-of-sg-list.patch new file mode 100644 index 00000000000..af648e2ecaf --- /dev/null +++ b/queue-4.4/crypto-caam-fixed-handling-of-sg-list.patch @@ -0,0 +1,35 @@ +From 42e95d1f10dcf8b18b1d7f52f7068985b3dc5b79 Mon Sep 17 00:00:00 2001 +From: Pankaj Gupta +Date: Fri, 1 Feb 2019 07:18:20 +0000 +Subject: crypto: caam - fixed handling of sg list + +From: Pankaj Gupta + +commit 42e95d1f10dcf8b18b1d7f52f7068985b3dc5b79 upstream. + +when the source sg contains more than 1 fragment and +destination sg contains 1 fragment, the caam driver +mishandle the buffers to be sent to caam. + +Fixes: f2147b88b2b1 ("crypto: caam - Convert GCM to new AEAD interface") +Cc: # 4.2+ +Signed-off-by: Pankaj Gupta +Signed-off-by: Arun Pathak +Reviewed-by: Horia Geanta +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/caam/caamalg.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/crypto/caam/caamalg.c ++++ b/drivers/crypto/caam/caamalg.c +@@ -2081,6 +2081,7 @@ static void init_aead_job(struct aead_re + if (unlikely(req->src != req->dst)) { + if (!edesc->dst_nents) { + dst_dma = sg_dma_address(req->dst); ++ out_options = 0; + } else { + dst_dma = edesc->sec4_sg_dma + + sec4_sg_index * diff --git a/queue-4.4/series b/queue-4.4/series index 0870e9750c0..338159dd734 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -147,3 +147,9 @@ alsa-bebob-use-more-identical-mod_alias-for-saffire-pro-10-i-o-against-liquid-sa fs-9p-use-fscache-mutex-rather-than-spinlock.patch it-s-wrong-to-add-len-to-sector_nr-in-raid10-reshape-twice.patch media-videobuf2-v4l2-drop-warn_on-in-vb2_warn_zero_bytesused.patch +9p-use-inode-i_lock-to-protect-i_size_write-under-32-bit.patch +9p-net-fix-memory-leak-in-p9_client_create.patch +asoc-fsl_esai-fix-register-setting-issue-in-right_j-mode.patch +stm-class-fix-an-endless-loop-in-channel-allocation.patch +crypto-caam-fixed-handling-of-sg-list.patch +crypto-ahash-fix-another-early-termination-in-hash-walk.patch diff --git a/queue-4.4/stm-class-fix-an-endless-loop-in-channel-allocation.patch b/queue-4.4/stm-class-fix-an-endless-loop-in-channel-allocation.patch new file mode 100644 index 00000000000..ec8e19007ea --- /dev/null +++ b/queue-4.4/stm-class-fix-an-endless-loop-in-channel-allocation.patch @@ -0,0 +1,41 @@ +From a1d75dad3a2c689e70a1c4e0214cca9de741d0aa Mon Sep 17 00:00:00 2001 +From: Zhi Jin +Date: Thu, 6 Sep 2018 15:22:10 +0800 +Subject: stm class: Fix an endless loop in channel allocation + +From: Zhi Jin + +commit a1d75dad3a2c689e70a1c4e0214cca9de741d0aa upstream. + +There is a bug in the channel allocation logic that leads to an endless +loop when looking for a contiguous range of channels in a range with a +mixture of free and occupied channels. For example, opening three +consequtive channels, closing the first two and requesting 4 channels in +a row will trigger this soft lockup. The bug is that the search loop +forgets to skip over the range once it detects that one channel in that +range is occupied. + +Restore the original intent to the logic by fixing the omission. + +Signed-off-by: Zhi Jin +Signed-off-by: Alexander Shishkin +Fixes: 7bd1d4093c2f ("stm class: Introduce an abstraction for System Trace Module devices") +CC: stable@vger.kernel.org # v4.4+ +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/hwtracing/stm/core.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/hwtracing/stm/core.c ++++ b/drivers/hwtracing/stm/core.c +@@ -229,6 +229,9 @@ static int find_free_channels(unsigned l + ; + if (i == width) + return pos; ++ ++ /* step over [pos..pos+i) to continue search */ ++ pos += i; + } + + return -1;