From: Greg Kroah-Hartman Date: Mon, 24 Feb 2020 14:47:20 +0000 (+0100) Subject: 5.4-stable patches X-Git-Tag: v4.4.215~95 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=999b7db525c957ec9a97fdea9589ae97fc6e29f0;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: alsa-hda-realtek-apply-quirk-for-msi-gp63-too.patch alsa-hda-realtek-apply-quirk-for-yet-another-msi-laptop.patch alsa-hda-use-scnprintf-for-printing-texts-for-sysfs-procfs.patch asoc-codec2codec-avoid-invalid-double-free-of-pcm-runtime.patch asoc-sun8i-codec-fix-setting-dai-data-format.patch btrfs-handle-logged-extent-failure-properly.patch ecryptfs-fix-a-memory-leak-bug-in-ecryptfs_init_messaging.patch ecryptfs-fix-a-memory-leak-bug-in-parse_tag_1_packet.patch iommu-qcom-fix-bogus-detach-logic.patch tpm-initialize-crypto_id-of-allocated_banks-to-hash_algo__last.patch --- diff --git a/queue-5.4/alsa-hda-realtek-apply-quirk-for-msi-gp63-too.patch b/queue-5.4/alsa-hda-realtek-apply-quirk-for-msi-gp63-too.patch new file mode 100644 index 00000000000..ebe58a46ff5 --- /dev/null +++ b/queue-5.4/alsa-hda-realtek-apply-quirk-for-msi-gp63-too.patch @@ -0,0 +1,32 @@ +From a655e2b107d463ce2745188ce050d07daed09a71 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Mon, 17 Feb 2020 16:19:47 +0100 +Subject: ALSA: hda/realtek - Apply quirk for MSI GP63, too + +From: Takashi Iwai + +commit a655e2b107d463ce2745188ce050d07daed09a71 upstream. + +The same quirk that was applied to MSI GL73 is needed for MSI GP63, +too. Adding the entry with the SSID 1462:1228. + +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=206503 +Cc: +Link: https://lore.kernel.org/r/20200217151947.17528-1-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -2447,6 +2447,7 @@ static const struct snd_pci_quirk alc882 + SND_PCI_QUIRK(0x1071, 0x8258, "Evesham Voyaeger", ALC882_FIXUP_EAPD), + SND_PCI_QUIRK(0x1458, 0xa002, "Gigabyte EP45-DS3/Z87X-UD3H", ALC889_FIXUP_FRONT_HP_NO_PRESENCE), + SND_PCI_QUIRK(0x1458, 0xa0b8, "Gigabyte AZ370-Gaming", ALC1220_FIXUP_GB_DUAL_CODECS), ++ SND_PCI_QUIRK(0x1462, 0x1228, "MSI-GP63", ALC1220_FIXUP_CLEVO_P950), + SND_PCI_QUIRK(0x1462, 0x1276, "MSI-GL73", ALC1220_FIXUP_CLEVO_P950), + SND_PCI_QUIRK(0x1462, 0x7350, "MSI-7350", ALC889_FIXUP_CD), + SND_PCI_QUIRK(0x1462, 0xda57, "MSI Z270-Gaming", ALC1220_FIXUP_GB_DUAL_CODECS), diff --git a/queue-5.4/alsa-hda-realtek-apply-quirk-for-yet-another-msi-laptop.patch b/queue-5.4/alsa-hda-realtek-apply-quirk-for-yet-another-msi-laptop.patch new file mode 100644 index 00000000000..58f95fb0269 --- /dev/null +++ b/queue-5.4/alsa-hda-realtek-apply-quirk-for-yet-another-msi-laptop.patch @@ -0,0 +1,32 @@ +From cc5049ae4d457194796f854eb2e38b9727ad8c2d Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Tue, 18 Feb 2020 09:09:15 +0100 +Subject: ALSA: hda/realtek - Apply quirk for yet another MSI laptop + +From: Takashi Iwai + +commit cc5049ae4d457194796f854eb2e38b9727ad8c2d upstream. + +MSI GP65 laptop with SSID 1462:1293 requires the same quirk as other +MSI models. + +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=204159 +Cc: +Link: https://lore.kernel.org/r/20200218080915.3433-1-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -2449,6 +2449,7 @@ static const struct snd_pci_quirk alc882 + SND_PCI_QUIRK(0x1458, 0xa0b8, "Gigabyte AZ370-Gaming", ALC1220_FIXUP_GB_DUAL_CODECS), + SND_PCI_QUIRK(0x1462, 0x1228, "MSI-GP63", ALC1220_FIXUP_CLEVO_P950), + SND_PCI_QUIRK(0x1462, 0x1276, "MSI-GL73", ALC1220_FIXUP_CLEVO_P950), ++ SND_PCI_QUIRK(0x1462, 0x1293, "MSI-GP65", ALC1220_FIXUP_CLEVO_P950), + SND_PCI_QUIRK(0x1462, 0x7350, "MSI-7350", ALC889_FIXUP_CD), + SND_PCI_QUIRK(0x1462, 0xda57, "MSI Z270-Gaming", ALC1220_FIXUP_GB_DUAL_CODECS), + SND_PCI_QUIRK_VENDOR(0x1462, "MSI", ALC882_FIXUP_GPIO3), diff --git a/queue-5.4/alsa-hda-use-scnprintf-for-printing-texts-for-sysfs-procfs.patch b/queue-5.4/alsa-hda-use-scnprintf-for-printing-texts-for-sysfs-procfs.patch new file mode 100644 index 00000000000..749c46532a4 --- /dev/null +++ b/queue-5.4/alsa-hda-use-scnprintf-for-printing-texts-for-sysfs-procfs.patch @@ -0,0 +1,82 @@ +From 44eeb081b8630bb3ad3cd381d1ae1831463e48bb Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Tue, 18 Feb 2020 10:14:09 +0100 +Subject: ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs + +From: Takashi Iwai + +commit 44eeb081b8630bb3ad3cd381d1ae1831463e48bb upstream. + +Some code in HD-audio driver calls snprintf() in a loop and still +expects that the return value were actually written size, while +snprintf() returns the expected would-be length instead. When the +given buffer limit were small, this leads to a buffer overflow. + +Use scnprintf() for addressing those issues. It returns the actually +written size unlike snprintf(). + +Cc: +Link: https://lore.kernel.org/r/20200218091409.27162-1-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/hda/hdmi_chmap.c | 2 +- + sound/pci/hda/hda_codec.c | 2 +- + sound/pci/hda/hda_eld.c | 2 +- + sound/pci/hda/hda_sysfs.c | 4 ++-- + 4 files changed, 5 insertions(+), 5 deletions(-) + +--- a/sound/hda/hdmi_chmap.c ++++ b/sound/hda/hdmi_chmap.c +@@ -250,7 +250,7 @@ void snd_hdac_print_channel_allocation(i + + for (i = 0, j = 0; i < ARRAY_SIZE(cea_speaker_allocation_names); i++) { + if (spk_alloc & (1 << i)) +- j += snprintf(buf + j, buflen - j, " %s", ++ j += scnprintf(buf + j, buflen - j, " %s", + cea_speaker_allocation_names[i]); + } + buf[j] = '\0'; /* necessary when j == 0 */ +--- a/sound/pci/hda/hda_codec.c ++++ b/sound/pci/hda/hda_codec.c +@@ -4019,7 +4019,7 @@ void snd_print_pcm_bits(int pcm, char *b + + for (i = 0, j = 0; i < ARRAY_SIZE(bits); i++) + if (pcm & (AC_SUPPCM_BITS_8 << i)) +- j += snprintf(buf + j, buflen - j, " %d", bits[i]); ++ j += scnprintf(buf + j, buflen - j, " %d", bits[i]); + + buf[j] = '\0'; /* necessary when j == 0 */ + } +--- a/sound/pci/hda/hda_eld.c ++++ b/sound/pci/hda/hda_eld.c +@@ -360,7 +360,7 @@ static void hdmi_print_pcm_rates(int pcm + + for (i = 0, j = 0; i < ARRAY_SIZE(alsa_rates); i++) + if (pcm & (1 << i)) +- j += snprintf(buf + j, buflen - j, " %d", ++ j += scnprintf(buf + j, buflen - j, " %d", + alsa_rates[i]); + + buf[j] = '\0'; /* necessary when j == 0 */ +--- a/sound/pci/hda/hda_sysfs.c ++++ b/sound/pci/hda/hda_sysfs.c +@@ -222,7 +222,7 @@ static ssize_t init_verbs_show(struct de + int i, len = 0; + mutex_lock(&codec->user_mutex); + snd_array_for_each(&codec->init_verbs, i, v) { +- len += snprintf(buf + len, PAGE_SIZE - len, ++ len += scnprintf(buf + len, PAGE_SIZE - len, + "0x%02x 0x%03x 0x%04x\n", + v->nid, v->verb, v->param); + } +@@ -272,7 +272,7 @@ static ssize_t hints_show(struct device + int i, len = 0; + mutex_lock(&codec->user_mutex); + snd_array_for_each(&codec->hints, i, hint) { +- len += snprintf(buf + len, PAGE_SIZE - len, ++ len += scnprintf(buf + len, PAGE_SIZE - len, + "%s = %s\n", hint->key, hint->val); + } + mutex_unlock(&codec->user_mutex); diff --git a/queue-5.4/asoc-codec2codec-avoid-invalid-double-free-of-pcm-runtime.patch b/queue-5.4/asoc-codec2codec-avoid-invalid-double-free-of-pcm-runtime.patch new file mode 100644 index 00000000000..b6bb3d399cc --- /dev/null +++ b/queue-5.4/asoc-codec2codec-avoid-invalid-double-free-of-pcm-runtime.patch @@ -0,0 +1,36 @@ +From b6570fdb96edf45bcf71884bd2644bd73d348d1a Mon Sep 17 00:00:00 2001 +From: Samuel Holland +Date: Thu, 13 Feb 2020 00:11:44 -0600 +Subject: ASoC: codec2codec: avoid invalid/double-free of pcm runtime + +From: Samuel Holland + +commit b6570fdb96edf45bcf71884bd2644bd73d348d1a upstream. + +The PCM runtime was freed during PMU in the case that the event hook +encountered an error. However, it is also unconditionally freed during +PMD. Avoid a double-free by dropping the call to kfree in the PMU hook. + +Fixes: a72706ed8208 ("ASoC: codec2codec: remove ephemeral variables") +Cc: stable@vger.kernel.org +Signed-off-by: Samuel Holland +Link: https://lore.kernel.org/r/20200213061147.29386-2-samuel@sholland.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + sound/soc/soc-dapm.c | 3 --- + 1 file changed, 3 deletions(-) + +--- a/sound/soc/soc-dapm.c ++++ b/sound/soc/soc-dapm.c +@@ -3888,9 +3888,6 @@ snd_soc_dai_link_event_pre_pmu(struct sn + runtime->rate = params_rate(params); + + out: +- if (ret < 0) +- kfree(runtime); +- + kfree(params); + return ret; + } diff --git a/queue-5.4/asoc-sun8i-codec-fix-setting-dai-data-format.patch b/queue-5.4/asoc-sun8i-codec-fix-setting-dai-data-format.patch new file mode 100644 index 00000000000..3bb65c9821e --- /dev/null +++ b/queue-5.4/asoc-sun8i-codec-fix-setting-dai-data-format.patch @@ -0,0 +1,43 @@ +From 96781fd941b39e1f78098009344ebcd7af861c67 Mon Sep 17 00:00:00 2001 +From: Samuel Holland +Date: Mon, 17 Feb 2020 00:42:22 -0600 +Subject: ASoC: sun8i-codec: Fix setting DAI data format + +From: Samuel Holland + +commit 96781fd941b39e1f78098009344ebcd7af861c67 upstream. + +Use the correct mask for this two-bit field. This fixes setting the DAI +data format to RIGHT_J or DSP_A. + +Fixes: 36c684936fae ("ASoC: Add sun8i digital audio codec") +Signed-off-by: Samuel Holland +Acked-by: Chen-Yu Tsai +Cc: stable@kernel.org +Link: https://lore.kernel.org/r/20200217064250.15516-7-samuel@sholland.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + sound/soc/sunxi/sun8i-codec.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/sound/soc/sunxi/sun8i-codec.c ++++ b/sound/soc/sunxi/sun8i-codec.c +@@ -80,6 +80,7 @@ + + #define SUN8I_SYS_SR_CTRL_AIF1_FS_MASK GENMASK(15, 12) + #define SUN8I_SYS_SR_CTRL_AIF2_FS_MASK GENMASK(11, 8) ++#define SUN8I_AIF1CLK_CTRL_AIF1_DATA_FMT_MASK GENMASK(3, 2) + #define SUN8I_AIF1CLK_CTRL_AIF1_WORD_SIZ_MASK GENMASK(5, 4) + #define SUN8I_AIF1CLK_CTRL_AIF1_LRCK_DIV_MASK GENMASK(8, 6) + #define SUN8I_AIF1CLK_CTRL_AIF1_BCLK_DIV_MASK GENMASK(12, 9) +@@ -241,7 +242,7 @@ static int sun8i_set_fmt(struct snd_soc_ + return -EINVAL; + } + regmap_update_bits(scodec->regmap, SUN8I_AIF1CLK_CTRL, +- BIT(SUN8I_AIF1CLK_CTRL_AIF1_DATA_FMT), ++ SUN8I_AIF1CLK_CTRL_AIF1_DATA_FMT_MASK, + value << SUN8I_AIF1CLK_CTRL_AIF1_DATA_FMT); + + return 0; diff --git a/queue-5.4/btrfs-handle-logged-extent-failure-properly.patch b/queue-5.4/btrfs-handle-logged-extent-failure-properly.patch new file mode 100644 index 00000000000..644cc6ca358 --- /dev/null +++ b/queue-5.4/btrfs-handle-logged-extent-failure-properly.patch @@ -0,0 +1,43 @@ +From bd727173e4432fe6cb70ba108dc1f3602c5409d7 Mon Sep 17 00:00:00 2001 +From: Josef Bacik +Date: Thu, 13 Feb 2020 10:47:30 -0500 +Subject: btrfs: handle logged extent failure properly + +From: Josef Bacik + +commit bd727173e4432fe6cb70ba108dc1f3602c5409d7 upstream. + +If we're allocating a logged extent we attempt to insert an extent +record for the file extent directly. We increase +space_info->bytes_reserved, because the extent entry addition will call +btrfs_update_block_group(), which will convert the ->bytes_reserved to +->bytes_used. However if we fail at any point while inserting the +extent entry we will bail and leave space on ->bytes_reserved, which +will trigger a WARN_ON() on umount. Fix this by pinning the space if we +fail to insert, which is what happens in every other failure case that +involves adding the extent entry. + +CC: stable@vger.kernel.org # 5.4+ +Reviewed-by: Johannes Thumshirn +Reviewed-by: Nikolay Borisov +Reviewed-by: Qu Wenruo +Signed-off-by: Josef Bacik +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman + +--- + fs/btrfs/extent-tree.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/btrfs/extent-tree.c ++++ b/fs/btrfs/extent-tree.c +@@ -4411,6 +4411,8 @@ int btrfs_alloc_logged_file_extent(struc + + ret = alloc_reserved_file_extent(trans, 0, root_objectid, 0, owner, + offset, ins, 1); ++ if (ret) ++ btrfs_pin_extent(fs_info, ins->objectid, ins->offset, 1); + btrfs_put_block_group(block_group); + return ret; + } diff --git a/queue-5.4/ecryptfs-fix-a-memory-leak-bug-in-ecryptfs_init_messaging.patch b/queue-5.4/ecryptfs-fix-a-memory-leak-bug-in-ecryptfs_init_messaging.patch new file mode 100644 index 00000000000..7c83439fb90 --- /dev/null +++ b/queue-5.4/ecryptfs-fix-a-memory-leak-bug-in-ecryptfs_init_messaging.patch @@ -0,0 +1,34 @@ +From b4a81b87a4cfe2bb26a4a943b748d96a43ef20e8 Mon Sep 17 00:00:00 2001 +From: Wenwen Wang +Date: Tue, 20 Aug 2019 00:33:54 -0500 +Subject: ecryptfs: fix a memory leak bug in ecryptfs_init_messaging() + +From: Wenwen Wang + +commit b4a81b87a4cfe2bb26a4a943b748d96a43ef20e8 upstream. + +In ecryptfs_init_messaging(), if the allocation for 'ecryptfs_msg_ctx_arr' +fails, the previously allocated 'ecryptfs_daemon_hash' is not deallocated, +leading to a memory leak bug. To fix this issue, free +'ecryptfs_daemon_hash' before returning the error. + +Cc: stable@vger.kernel.org +Fixes: 88b4a07e6610 ("[PATCH] eCryptfs: Public key transport mechanism") +Signed-off-by: Wenwen Wang +Signed-off-by: Tyler Hicks +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ecryptfs/messaging.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/ecryptfs/messaging.c ++++ b/fs/ecryptfs/messaging.c +@@ -379,6 +379,7 @@ int __init ecryptfs_init_messaging(void) + * ecryptfs_message_buf_len), + GFP_KERNEL); + if (!ecryptfs_msg_ctx_arr) { ++ kfree(ecryptfs_daemon_hash); + rc = -ENOMEM; + goto out; + } diff --git a/queue-5.4/ecryptfs-fix-a-memory-leak-bug-in-parse_tag_1_packet.patch b/queue-5.4/ecryptfs-fix-a-memory-leak-bug-in-parse_tag_1_packet.patch new file mode 100644 index 00000000000..81591a95ba9 --- /dev/null +++ b/queue-5.4/ecryptfs-fix-a-memory-leak-bug-in-parse_tag_1_packet.patch @@ -0,0 +1,35 @@ +From fe2e082f5da5b4a0a92ae32978f81507ef37ec66 Mon Sep 17 00:00:00 2001 +From: Wenwen Wang +Date: Tue, 20 Aug 2019 00:16:40 -0500 +Subject: ecryptfs: fix a memory leak bug in parse_tag_1_packet() + +From: Wenwen Wang + +commit fe2e082f5da5b4a0a92ae32978f81507ef37ec66 upstream. + +In parse_tag_1_packet(), if tag 1 packet contains a key larger than +ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES, no cleanup is executed, leading to a +memory leak on the allocated 'auth_tok_list_item'. To fix this issue, go to +the label 'out_free' to perform the cleanup work. + +Cc: stable@vger.kernel.org +Fixes: dddfa461fc89 ("[PATCH] eCryptfs: Public key; packet management") +Signed-off-by: Wenwen Wang +Signed-off-by: Tyler Hicks +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ecryptfs/keystore.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/ecryptfs/keystore.c ++++ b/fs/ecryptfs/keystore.c +@@ -1304,7 +1304,7 @@ parse_tag_1_packet(struct ecryptfs_crypt + printk(KERN_WARNING "Tag 1 packet contains key larger " + "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n"); + rc = -EINVAL; +- goto out; ++ goto out_free; + } + memcpy((*new_auth_tok)->session_key.encrypted_key, + &data[(*packet_size)], (body_size - (ECRYPTFS_SIG_SIZE + 2))); diff --git a/queue-5.4/iommu-qcom-fix-bogus-detach-logic.patch b/queue-5.4/iommu-qcom-fix-bogus-detach-logic.patch new file mode 100644 index 00000000000..7de3de0d9fb --- /dev/null +++ b/queue-5.4/iommu-qcom-fix-bogus-detach-logic.patch @@ -0,0 +1,83 @@ +From faf305c51aeabd1ea2d7131e798ef5f55f4a7750 Mon Sep 17 00:00:00 2001 +From: Robin Murphy +Date: Tue, 18 Feb 2020 18:12:41 +0000 +Subject: iommu/qcom: Fix bogus detach logic + +From: Robin Murphy + +commit faf305c51aeabd1ea2d7131e798ef5f55f4a7750 upstream. + +Currently, the implementation of qcom_iommu_domain_free() is guaranteed +to do one of two things: WARN() and leak everything, or dereference NULL +and crash. That alone is terrible, but in fact the whole idea of trying +to track the liveness of a domain via the qcom_domain->iommu pointer as +a sanity check is full of fundamentally flawed assumptions. Make things +robust and actually functional by not trying to be quite so clever. + +Reported-by: Brian Masney +Tested-by: Brian Masney +Reported-by: Naresh Kamboju +Fixes: 0ae349a0f33f ("iommu/qcom: Add qcom_iommu") +Signed-off-by: Robin Murphy +Tested-by: Stephan Gerhold +Cc: stable@vger.kernel.org # v4.14+ +Signed-off-by: Joerg Roedel +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/iommu/qcom_iommu.c | 28 ++++++++++++---------------- + 1 file changed, 12 insertions(+), 16 deletions(-) + +--- a/drivers/iommu/qcom_iommu.c ++++ b/drivers/iommu/qcom_iommu.c +@@ -345,21 +345,19 @@ static void qcom_iommu_domain_free(struc + { + struct qcom_iommu_domain *qcom_domain = to_qcom_iommu_domain(domain); + +- if (WARN_ON(qcom_domain->iommu)) /* forgot to detach? */ +- return; +- + iommu_put_dma_cookie(domain); + +- /* NOTE: unmap can be called after client device is powered off, +- * for example, with GPUs or anything involving dma-buf. So we +- * cannot rely on the device_link. Make sure the IOMMU is on to +- * avoid unclocked accesses in the TLB inv path: +- */ +- pm_runtime_get_sync(qcom_domain->iommu->dev); +- +- free_io_pgtable_ops(qcom_domain->pgtbl_ops); +- +- pm_runtime_put_sync(qcom_domain->iommu->dev); ++ if (qcom_domain->iommu) { ++ /* ++ * NOTE: unmap can be called after client device is powered ++ * off, for example, with GPUs or anything involving dma-buf. ++ * So we cannot rely on the device_link. Make sure the IOMMU ++ * is on to avoid unclocked accesses in the TLB inv path: ++ */ ++ pm_runtime_get_sync(qcom_domain->iommu->dev); ++ free_io_pgtable_ops(qcom_domain->pgtbl_ops); ++ pm_runtime_put_sync(qcom_domain->iommu->dev); ++ } + + kfree(qcom_domain); + } +@@ -405,7 +403,7 @@ static void qcom_iommu_detach_dev(struct + struct qcom_iommu_domain *qcom_domain = to_qcom_iommu_domain(domain); + unsigned i; + +- if (!qcom_domain->iommu) ++ if (WARN_ON(!qcom_domain->iommu)) + return; + + pm_runtime_get_sync(qcom_iommu->dev); +@@ -418,8 +416,6 @@ static void qcom_iommu_detach_dev(struct + ctx->domain = NULL; + } + pm_runtime_put_sync(qcom_iommu->dev); +- +- qcom_domain->iommu = NULL; + } + + static int qcom_iommu_map(struct iommu_domain *domain, unsigned long iova, diff --git a/queue-5.4/series b/queue-5.4/series new file mode 100644 index 00000000000..48f1232f6c2 --- /dev/null +++ b/queue-5.4/series @@ -0,0 +1,10 @@ +iommu-qcom-fix-bogus-detach-logic.patch +alsa-hda-use-scnprintf-for-printing-texts-for-sysfs-procfs.patch +alsa-hda-realtek-apply-quirk-for-msi-gp63-too.patch +alsa-hda-realtek-apply-quirk-for-yet-another-msi-laptop.patch +asoc-codec2codec-avoid-invalid-double-free-of-pcm-runtime.patch +asoc-sun8i-codec-fix-setting-dai-data-format.patch +tpm-initialize-crypto_id-of-allocated_banks-to-hash_algo__last.patch +ecryptfs-fix-a-memory-leak-bug-in-parse_tag_1_packet.patch +ecryptfs-fix-a-memory-leak-bug-in-ecryptfs_init_messaging.patch +btrfs-handle-logged-extent-failure-properly.patch diff --git a/queue-5.4/tpm-initialize-crypto_id-of-allocated_banks-to-hash_algo__last.patch b/queue-5.4/tpm-initialize-crypto_id-of-allocated_banks-to-hash_algo__last.patch new file mode 100644 index 00000000000..5eef97c9782 --- /dev/null +++ b/queue-5.4/tpm-initialize-crypto_id-of-allocated_banks-to-hash_algo__last.patch @@ -0,0 +1,45 @@ +From dc10e4181c05a2315ddc375e963b7c763b5ee0df Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Mon, 10 Feb 2020 11:00:41 +0100 +Subject: tpm: Initialize crypto_id of allocated_banks to HASH_ALGO__LAST + +From: Roberto Sassu + +commit dc10e4181c05a2315ddc375e963b7c763b5ee0df upstream. + +chip->allocated_banks, an array of tpm_bank_info structures, contains the +list of TPM algorithm IDs of allocated PCR banks. It also contains the +corresponding ID of the crypto subsystem, so that users of the TPM driver +can calculate a digest for a PCR extend operation. + +However, if there is no mapping between TPM algorithm ID and crypto ID, the +crypto_id field of tpm_bank_info remains set to zero (the array is +allocated and initialized with kcalloc() in tpm2_get_pcr_allocation()). +Zero should not be used as value for unknown mappings, as it is a valid +crypto ID (HASH_ALGO_MD4). + +Thus, initialize crypto_id to HASH_ALGO__LAST. + +Cc: stable@vger.kernel.org # 5.1.x +Fixes: 879b589210a9 ("tpm: retrieve digest size of unknown algorithms with PCR read") +Signed-off-by: Roberto Sassu +Reviewed-by: Petr Vorel +Reviewed-by: Jarkko Sakkinen +Signed-off-by: Jarkko Sakkinen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/tpm/tpm2-cmd.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/char/tpm/tpm2-cmd.c ++++ b/drivers/char/tpm/tpm2-cmd.c +@@ -831,6 +831,8 @@ static int tpm2_init_bank_info(struct tp + return 0; + } + ++ bank->crypto_id = HASH_ALGO__LAST; ++ + return tpm2_pcr_read(chip, 0, &digest, &bank->digest_size); + } +