From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 19 Mar 2019 18:22:36 +0000 (+0100)
Subject: 3.18-stable patches
X-Git-Tag: v3.18.137~91
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=77a1b479303ed4b18e603e4ea4e080e5e0aae0dc;p=thirdparty%2Fkernel%2Fstable-queue.git

3.18-stable patches

added patches:
	9p-net-fix-memory-leak-in-p9_client_create.patch
	asoc-fsl_esai-fix-register-setting-issue-in-right_j-mode.patch
	crypto-ahash-fix-another-early-termination-in-hash-walk.patch
---

diff --git a/queue-3.18/9p-net-fix-memory-leak-in-p9_client_create.patch b/queue-3.18/9p-net-fix-memory-leak-in-p9_client_create.patch
new file mode 100644
index 00000000000..ef579b4e4ae
--- /dev/null
+++ b/queue-3.18/9p-net-fix-memory-leak-in-p9_client_create.patch
@@ -0,0 +1,35 @@
+From bb06c388fa20ae24cfe80c52488de718a7e3a53f Mon Sep 17 00:00:00 2001
+From: zhengbin <zhengbin13@huawei.com>
+Date: Wed, 13 Mar 2019 16:01:37 +0800
+Subject: 9p/net: fix memory leak in p9_client_create
+
+From: zhengbin <zhengbin13@huawei.com>
+
+commit bb06c388fa20ae24cfe80c52488de718a7e3a53f upstream.
+
+If msize is less than 4096, we should close and put trans, destroy
+tagpool, not just free client. This patch fixes that.
+
+Link: http://lkml.kernel.org/m/1552464097-142659-1-git-send-email-zhengbin13@huawei.com
+Cc: stable@vger.kernel.org
+Fixes: 574d356b7a02 ("9p/net: put a lower bound on msize")
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: zhengbin <zhengbin13@huawei.com>
+Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/9p/client.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/9p/client.c
++++ b/net/9p/client.c
+@@ -1065,7 +1065,7 @@ struct p9_client *p9_client_create(const
+ 		p9_debug(P9_DEBUG_ERROR,
+ 			 "Please specify a msize of at least 4k\n");
+ 		err = -EINVAL;
+-		goto free_client;
++		goto close_trans;
+ 	}
+ 
+ 	err = p9_client_version(clnt);
diff --git a/queue-3.18/asoc-fsl_esai-fix-register-setting-issue-in-right_j-mode.patch b/queue-3.18/asoc-fsl_esai-fix-register-setting-issue-in-right_j-mode.patch
new file mode 100644
index 00000000000..ac4e0986644
--- /dev/null
+++ b/queue-3.18/asoc-fsl_esai-fix-register-setting-issue-in-right_j-mode.patch
@@ -0,0 +1,51 @@
+From cc29ea007347f39f4c5a4d27b0b555955a0277f9 Mon Sep 17 00:00:00 2001
+From: "S.j. Wang" <shengjiu.wang@nxp.com>
+Date: Mon, 18 Feb 2019 08:29:11 +0000
+Subject: ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
+
+From: S.j. Wang <shengjiu.wang@nxp.com>
+
+commit cc29ea007347f39f4c5a4d27b0b555955a0277f9 upstream.
+
+The ESAI_xCR_xWA is xCR's bit, not the xCCR's bit, driver set it to
+wrong register, correct it.
+
+Fixes 43d24e76b698 ("ASoC: fsl_esai: Add ESAI CPU DAI driver")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
+Reviewed-by: Fabio Estevam <festevam@gmail.com>
+Ackedy-by: Nicolin Chen <nicoleotsuka@gmail.com>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/fsl/fsl_esai.c |    7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/sound/soc/fsl/fsl_esai.c
++++ b/sound/soc/fsl/fsl_esai.c
+@@ -394,7 +394,8 @@ static int fsl_esai_set_dai_fmt(struct s
+ 		break;
+ 	case SND_SOC_DAIFMT_RIGHT_J:
+ 		/* Data on rising edge of bclk, frame high, right aligned */
+-		xccr |= ESAI_xCCR_xCKP | ESAI_xCCR_xHCKP | ESAI_xCR_xWA;
++		xccr |= ESAI_xCCR_xCKP | ESAI_xCCR_xHCKP;
++		xcr  |= ESAI_xCR_xWA;
+ 		break;
+ 	case SND_SOC_DAIFMT_DSP_A:
+ 		/* Data on rising edge of bclk, frame high, 1clk before data */
+@@ -451,12 +452,12 @@ static int fsl_esai_set_dai_fmt(struct s
+ 		return -EINVAL;
+ 	}
+ 
+-	mask = ESAI_xCR_xFSL | ESAI_xCR_xFSR;
++	mask = ESAI_xCR_xFSL | ESAI_xCR_xFSR | ESAI_xCR_xWA;
+ 	regmap_update_bits(esai_priv->regmap, REG_ESAI_TCR, mask, xcr);
+ 	regmap_update_bits(esai_priv->regmap, REG_ESAI_RCR, mask, xcr);
+ 
+ 	mask = ESAI_xCCR_xCKP | ESAI_xCCR_xHCKP | ESAI_xCCR_xFSP |
+-		ESAI_xCCR_xFSD | ESAI_xCCR_xCKD | ESAI_xCR_xWA;
++		ESAI_xCCR_xFSD | ESAI_xCCR_xCKD;
+ 	regmap_update_bits(esai_priv->regmap, REG_ESAI_TCCR, mask, xccr);
+ 	regmap_update_bits(esai_priv->regmap, REG_ESAI_RCCR, mask, xccr);
+ 
diff --git a/queue-3.18/crypto-ahash-fix-another-early-termination-in-hash-walk.patch b/queue-3.18/crypto-ahash-fix-another-early-termination-in-hash-walk.patch
new file mode 100644
index 00000000000..23b01cd3783
--- /dev/null
+++ b/queue-3.18/crypto-ahash-fix-another-early-termination-in-hash-walk.patch
@@ -0,0 +1,63 @@
+From 77568e535af7c4f97eaef1e555bf0af83772456c Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Thu, 31 Jan 2019 23:51:41 -0800
+Subject: crypto: ahash - fix another early termination in hash walk
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 77568e535af7c4f97eaef1e555bf0af83772456c upstream.
+
+Hash algorithms with an alignmask set, e.g. "xcbc(aes-aesni)" and
+"michael_mic", fail the improved hash tests because they sometimes
+produce the wrong digest.  The bug is that in the case where a
+scatterlist element crosses pages, not all the data is actually hashed
+because the scatterlist walk terminates too early.  This happens because
+the 'nbytes' variable in crypto_hash_walk_done() is assigned the number
+of bytes remaining in the page, then later interpreted as the number of
+bytes remaining in the scatterlist element.  Fix it.
+
+Fixes: 900a081f6912 ("crypto: ahash - Fix early termination in hash walk")
+Cc: stable@vger.kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/ahash.c |   14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+--- a/crypto/ahash.c
++++ b/crypto/ahash.c
+@@ -84,17 +84,17 @@ static int hash_walk_new_entry(struct cr
+ int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err)
+ {
+ 	unsigned int alignmask = walk->alignmask;
+-	unsigned int nbytes = walk->entrylen;
+ 
+ 	walk->data -= walk->offset;
+ 
+-	if (nbytes && walk->offset & alignmask && !err) {
+-		walk->offset = ALIGN(walk->offset, alignmask + 1);
+-		nbytes = min(nbytes,
+-			     ((unsigned int)(PAGE_SIZE)) - walk->offset);
+-		walk->entrylen -= nbytes;
++	if (walk->entrylen && (walk->offset & alignmask) && !err) {
++		unsigned int nbytes;
+ 
++		walk->offset = ALIGN(walk->offset, alignmask + 1);
++		nbytes = min(walk->entrylen,
++			     (unsigned int)(PAGE_SIZE - walk->offset));
+ 		if (nbytes) {
++			walk->entrylen -= nbytes;
+ 			walk->data += walk->offset;
+ 			return nbytes;
+ 		}
+@@ -114,7 +114,7 @@ int crypto_hash_walk_done(struct crypto_
+ 	if (err)
+ 		return err;
+ 
+-	if (nbytes) {
++	if (walk->entrylen) {
+ 		walk->offset = 0;
+ 		walk->pg++;
+ 		return hash_walk_next(walk);
diff --git a/queue-3.18/series b/queue-3.18/series
index 9328ba779a4..0ad69124522 100644
--- a/queue-3.18/series
+++ b/queue-3.18/series
@@ -92,3 +92,6 @@ net-hsr-fix-possible-crash-in-add_timer.patch
 gro_cells-make-sure-device-is-up-in-gro_cells_receive.patch
 alsa-bebob-use-more-identical-mod_alias-for-saffire-pro-10-i-o-against-liquid-saffire-56.patch
 it-s-wrong-to-add-len-to-sector_nr-in-raid10-reshape-twice.patch
+9p-net-fix-memory-leak-in-p9_client_create.patch
+asoc-fsl_esai-fix-register-setting-issue-in-right_j-mode.patch
+crypto-ahash-fix-another-early-termination-in-hash-walk.patch