From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 25 Nov 2013 21:15:05 +0000 (-0800)
Subject: 3.4-stable patches
X-Git-Tag: v3.11.10~45
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9fbb1a2e504ae78238b7cda749873970fbd419eb;p=thirdparty%2Fkernel%2Fstable-queue.git

3.4-stable patches

added patches:
	can-c_can-fix-rx-message-handling-handle-lost-message-before-eob.patch
	crypto-ansi_cprng-fix-off-by-one-error-in-non-block-size-request.patch
---

diff --git a/queue-3.4/can-c_can-fix-rx-message-handling-handle-lost-message-before-eob.patch b/queue-3.4/can-c_can-fix-rx-message-handling-handle-lost-message-before-eob.patch
new file mode 100644
index 00000000000..b11a859e157
--- /dev/null
+++ b/queue-3.4/can-c_can-fix-rx-message-handling-handle-lost-message-before-eob.patch
@@ -0,0 +1,47 @@
+From 5d0f801a2ccec3b1fdabc3392c8d99ed0413d216 Mon Sep 17 00:00:00 2001
+From: Markus Pargmann <mpa@pengutronix.de>
+Date: Mon, 28 Oct 2013 09:54:40 +0100
+Subject: can: c_can: Fix RX message handling, handle lost message before EOB
+
+From: Markus Pargmann <mpa@pengutronix.de>
+
+commit 5d0f801a2ccec3b1fdabc3392c8d99ed0413d216 upstream.
+
+If we handle end of block messages with higher priority than a lost message,
+we can run into an endless interrupt loop.
+
+This is reproducable with a am335x processor and "cansequence -r" at 1Mbit.
+As soon as we loose a packet we can't escape from an interrupt loop.
+
+This patch fixes the problem by handling lost packets before EOB packets.
+
+Signed-off-by: Markus Pargmann <mpa@pengutronix.de>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/can/c_can/c_can.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/net/can/c_can/c_can.c
++++ b/drivers/net/can/c_can/c_can.c
+@@ -760,9 +760,6 @@ static int c_can_do_rx_poll(struct net_d
+ 			msg_ctrl_save = priv->read_reg(priv,
+ 					&priv->regs->ifregs[0].msg_cntrl);
+ 
+-			if (msg_ctrl_save & IF_MCONT_EOB)
+-				return num_rx_pkts;
+-
+ 			if (msg_ctrl_save & IF_MCONT_MSGLST) {
+ 				c_can_handle_lost_msg_obj(dev, 0, msg_obj);
+ 				num_rx_pkts++;
+@@ -770,6 +767,9 @@ static int c_can_do_rx_poll(struct net_d
+ 				continue;
+ 			}
+ 
++			if (msg_ctrl_save & IF_MCONT_EOB)
++				return num_rx_pkts;
++
+ 			if (!(msg_ctrl_save & IF_MCONT_NEWDAT))
+ 				continue;
+ 
diff --git a/queue-3.4/crypto-ansi_cprng-fix-off-by-one-error-in-non-block-size-request.patch b/queue-3.4/crypto-ansi_cprng-fix-off-by-one-error-in-non-block-size-request.patch
new file mode 100644
index 00000000000..9f0fa2f9f62
--- /dev/null
+++ b/queue-3.4/crypto-ansi_cprng-fix-off-by-one-error-in-non-block-size-request.patch
@@ -0,0 +1,49 @@
+From 714b33d15130cbb5ab426456d4e3de842d6c5b8a Mon Sep 17 00:00:00 2001
+From: Neil Horman <nhorman@tuxdriver.com>
+Date: Tue, 17 Sep 2013 08:33:11 -0400
+Subject: crypto: ansi_cprng - Fix off by one error in non-block size request
+
+From: Neil Horman <nhorman@tuxdriver.com>
+
+commit 714b33d15130cbb5ab426456d4e3de842d6c5b8a upstream.
+
+Stephan Mueller reported to me recently a error in random number generation in
+the ansi cprng. If several small requests are made that are less than the
+instances block size, the remainder for loop code doesn't increment
+rand_data_valid in the last iteration, meaning that the last bytes in the
+rand_data buffer gets reused on the subsequent smaller-than-a-block request for
+random data.
+
+The fix is pretty easy, just re-code the for loop to make sure that
+rand_data_valid gets incremented appropriately
+
+Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
+Reported-by: Stephan Mueller <stephan.mueller@atsec.com>
+CC: Stephan Mueller <stephan.mueller@atsec.com>
+CC: Petr Matousek <pmatouse@redhat.com>
+CC: Herbert Xu <herbert@gondor.apana.org.au>
+CC: "David S. Miller" <davem@davemloft.net>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: Luis Henriques <luis.henriques@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/ansi_cprng.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/crypto/ansi_cprng.c
++++ b/crypto/ansi_cprng.c
+@@ -230,11 +230,11 @@ remainder:
+ 	 */
+ 	if (byte_count < DEFAULT_BLK_SZ) {
+ empty_rbuf:
+-		for (; ctx->rand_data_valid < DEFAULT_BLK_SZ;
+-			ctx->rand_data_valid++) {
++		while (ctx->rand_data_valid < DEFAULT_BLK_SZ) {
+ 			*ptr = ctx->rand_data[ctx->rand_data_valid];
+ 			ptr++;
+ 			byte_count--;
++			ctx->rand_data_valid++;
+ 			if (byte_count == 0)
+ 				goto done;
+ 		}
diff --git a/queue-3.4/series b/queue-3.4/series
index 1d2aa1bfe73..554b695a075 100644
--- a/queue-3.4/series
+++ b/queue-3.4/series
@@ -7,3 +7,5 @@ acpica-derefof-operator-update-to-fully-resolve-fieldunit-and-bufferfield-refs.p
 acpica-return-error-if-derefof-resolves-to-a-null-package-element.patch
 acpica-fix-for-a-store-argx-when-argx-contains-a-reference-to-a-field.patch
 usb-mos7840-fix-tiocmget-error-handling.patch
+crypto-ansi_cprng-fix-off-by-one-error-in-non-block-size-request.patch
+can-c_can-fix-rx-message-handling-handle-lost-message-before-eob.patch