commit 678cce4019d746da6c680c48ba9e6d417803e127 upstream.
The x86_64 implementation of Poly1305 produces the wrong result on some
inputs because poly1305_4block_avx2() incorrectly assumes that when
partially reducing the accumulator, the bits carried from limb 'd4' to
limb 'h0' fit in a 32-bit integer. This is true for poly1305-generic
which processes only one block at a time. However, it's not true for
the AVX2 implementation, which processes 4 blocks at a time and
therefore can produce intermediate limbs about 4x larger.
Fix it by making the relevant calculations use 64-bit arithmetic rather
than 32-bit. Note that most of the carries already used 64-bit
arithmetic, but the d4 -> h0 carry was different for some reason.
To be safe I also made the same change to the corresponding SSE2 code,
though that only operates on 1 or 2 blocks at a time. I don't think
it's really needed for poly1305_block_sse2(), but it doesn't hurt
because it's already x86_64 code. It *might* be needed for
poly1305_2block_sse2(), but overflows aren't easy to reproduce there.
This bug was originally detected by my patches that improve testmgr to
fuzz algorithms against their generic implementation. But also add a
test vector which reproduces it directly (in the AVX2 case).
Fixes: b1ccc8f4b6 ("crypto: poly1305 - Add a four block AVX2 variant for x86_64")
Fixes: c70f4abef0 ("crypto: poly1305 - Add a SSE2 SIMD variant for x86_64")
Cc: <stable@vger.kernel.org> # v4.3+
Cc: Martin Willi <martin@strongswan.org>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-bb418a1:
Linux 4.19.31
s390/setup: fix boot crash for machine without EDAT-1
bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata
KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
KVM: nVMX: Apply addr size mask to effective address for VMX instructions
KVM: nVMX: Sign extend displacements of VMX instr's mem operands
KVM: x86/mmu: Do not cache MMIO accesses while memslots are in flux
KVM: x86/mmu: Detect MMIO generation wrap in any address space
KVM: Call kvm_arch_memslots_updated() before updating memslots
drm/amd/display: don't call dm_pp_ function from an fpu block
drm/amd/powerplay: correct power reading on fiji
drm/radeon/evergreen_cs: fix missing break in switch statement
drm/fb-helper: generic: Fix drm_fbdev_client_restore()
media: imx: csi: Stop upstream before disabling IDMA channel
media: imx: csi: Disable CSI immediately after last EOF
media: vimc: Add vimc-streamer for stream control
media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
media: lgdt330x: fix lock status reporting
media: imx: prpencvf: Stop upstream before disabling IDMA channel
rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
tpm: Unify the send callback behaviour
tpm/tpm_crb: Avoid unaligned reads in crb_recv()
md: Fix failed allocation of md_register_thread
perf intel-pt: Fix divide by zero when TSC is not available
perf/x86/intel/uncore: Fix client IMC events return huge result
perf intel-pt: Fix overlap calculation for padding
perf auxtrace: Define auxtrace record alignment
perf tools: Fix split_kallsyms_for_kcore() for trampoline symbols
perf intel-pt: Fix CYC timestamp calculation after OVF
x86/unwind/orc: Fix ORC unwind table alignment
vt: perform safe console erase in the right order
stable-kernel-rules.rst: add link to networking patch queue
bcache: never writeback a discard operation
PM / wakeup: Rework wakeup source timer cancellation
svcrpc: fix UDP on servers with lots of threads
NFSv4.1: Reinitialise sequence results before retransmitting a request
nfsd: fix wrong check in write_v4_end_grace()
nfsd: fix memory corruption caused by readdir
nfsd: fix performance-limiting session calculation
NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
NFS: Fix an I/O request leakage in nfs_do_recoalesce
NFS: Fix I/O request leakages
cpcap-charger: generate events for userspace
mfd: sm501: Fix potential NULL pointer dereference
dm integrity: limit the rate of error messages
dm: fix to_sector() for 32bit
ipmi_si: fix use-after-free of resource->name
arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2
arm64: debug: Ensure debug handlers check triggering exception level
arm64: Fix HCR.TGE status for NMI contexts
ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
powerpc/traps: Fix the message printed when stack overflows
powerpc/traps: fix recoverability of machine check handling on book3s/32
powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR configuration
powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning
powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest
powerpc/powernv: Don't reprogram SLW image on every KVM guest entry/exit
powerpc/83xx: Also save/restore SPRG4-7 during suspend
powerpc/powernv: Make opal log only readable by root
powerpc/wii: properly disable use of BATs when requested.
powerpc/32: Clear on-stack exception marker upon exception return
security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock
selinux: add the missing walk_size + len check in selinux_sctp_bind_connect
jbd2: fix compile warning when using JBUFFER_TRACE
jbd2: clear dirty flag when revoking a buffer from an older transaction
serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup()
serial: 8250_pci: Fix number of ports for ACCES serial cards
serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart
serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO
bpf: only test gso type on gso packets
drm/i915: Relax mmap VMA check
can: flexcan: FLEXCAN_IFLAG_MB: add () around macro argument
gpio: pca953x: Fix dereference of irq data in shutdown
media: i2c: ov5640: Fix post-reset delay
i2c: tegra: fix maximum transfer size
parport_pc: fix find_superio io compare code, should use equal test.
intel_th: Don't reference unassigned outputs
device property: Fix the length used in PROPERTY_ENTRY_STRING()
kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
mm/memory.c: do_fault: avoid usage of stale vm_area_struct
mm/vmalloc: fix size check for remap_vmalloc_range_partial()
mm: hwpoison: fix thp split handing in soft_offline_in_use_page()
dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
usb: typec: tps6598x: handle block writes separately with plain-I2C adapters
usb: chipidea: tegra: Fix missed ci_hdrc_remove_device()
clk: ingenic: Fix doc of ingenic_cgu_div_info
clk: ingenic: Fix round_rate misbehaving with non-integer dividers
clk: samsung: exynos5: Fix kfree() of const memory on setting driver_override
clk: samsung: exynos5: Fix possible NULL pointer exception on platform_device_alloc() failure
clk: clk-twl6040: Fix imprecise external abort for pdmclk
clk: uniphier: Fix update register for CPU-gear
ext2: Fix underflow in ext2_max_size()
cxl: Wrap iterations over afu slices inside 'afu_list_lock'
IB/hfi1: Close race condition on user context disable and close
PCI: dwc: skip MSI init if MSIs have been explicitly disabled
PCI/DPC: Fix print AER status in DPC event handling
PCI/ASPM: Use LTR if already enabled by platform
ext4: fix crash during online resizing
ext4: add mask of ext4 flags to swap
ext4: update quota information while swapping boot loader inode
ext4: cleanup pagecache before swap i_data
ext4: fix check of inode in swap_inode_boot_loader
cpufreq: pxa2xx: remove incorrect __init annotation
cpufreq: tegra124: add missing of_node_put()
cpufreq: kryo: Release OPP tables on module removal
x86/kprobes: Prohibit probing on optprobe template code
irqchip/brcmstb-l2: Use _irqsave locking variants in non-interrupt code
irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table
libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer
soc: qcom: rpmh: Avoid accessing freed memory from batch API
Btrfs: fix corruption reading shared and compressed extents after hole punching
btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl
Btrfs: setup a nofs context for memory allocation at btrfs_create_tree()
m68k: Add -ffreestanding to CFLAGS
ovl: Do not lose security.capability xattr over metadata file copy-up
ovl: During copy up, first copy up data and then xattrs
splice: don't merge into linked buffers
fs/devpts: always delete dcache dentry-s in dput()
scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware
scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
scsi: sd: Optimal I/O size should be a multiple of physical block size
scsi: aacraid: Fix performance issue on logical drives
scsi: virtio_scsi: don't send sc payload with tmfs
s390/virtio: handle find on invalid queue gracefully
s390/setup: fix early warning messages
clocksource/drivers/arch_timer: Workaround for Allwinner A64 timer instability
clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
regulator: s2mpa01: Fix step values for some LDOs
regulator: max77620: Initialize values for DT properties
regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
spi: pxa2xx: Setup maximum supported DMA transfer length
spi: ti-qspi: Fix mmap read when more than one CS in use
netfilter: ipt_CLUSTERIP: fix warning unused variable cn
mmc:fix a bug when max_discard is 0
mmc: sdhci-esdhc-imx: fix HS400 timing issue
ACPI / device_sysfs: Avoid OF modalias creation for removed device
xen: fix dom0 boot on huge systems
tracing/perf: Use strndup_user() instead of buggy open-coded version
tracing: Do not free iter->trace in fail path of tracing_open_pipe()
tracing: Use strncpy instead of memcpy for string keys in hist triggers
CIFS: Fix read after write for files with read caching
CIFS: Do not skip SMB2 message IDs on send failures
CIFS: Do not reset lease state to NONE on lease break
crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine
crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
crypto: x86/morus - fix handling chunked inputs and MAY_SLEEP
crypto: x86/aesni-gcm - fix crash on empty plaintext
crypto: x86/aegis - fix handling chunked inputs and MAY_SLEEP
crypto: testmgr - skip crc32c context test for ahash algorithms
crypto: skcipher - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
crypto: pcbc - remove bogus memcpy()s with src == dest
crypto: morus - fix handling chunked inputs
crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
crypto: arm64/crct10dif - revert to C code for short inputs
crypto: arm64/aes-neonbs - fix returning final keystream block
crypto: arm/crct10dif - revert to C code for short inputs
crypto: aegis - fix handling chunked inputs
crypto: aead - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
fix cgroup_do_mount() handling of failure exits
libnvdimm: Fix altmap reservation size calculation
libnvdimm/pmem: Honor force_raw for legacy pmem regions
libnvdimm, pfn: Fix over-trim in trim_pfn_device()
libnvdimm/label: Clear 'updating' flag after label-set update
nfit/ars: Attempt short-ARS even in the no_init_ars case
nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot
acpi/nfit: Fix bus command validation
nfit: acpi_nfit_ctl(): Check out_obj->type in the right place
stm class: Prevent division by zero
tmpfs: fix uninitialized return value in shmem_link
selftests: fib_tests: sleep after changing carrier. again.
net: set static variable an initial value in atl2_probe()
bnxt_en: Wait longer for the firmware message response to complete.
bnxt_en: Fix typo in firmware message timeout logic.
nfp: bpf: fix ALU32 high bits clearance bug
nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K
net: thunderx: add nicvf_send_msg_to_pf result check for set_rx_mode_task
net: thunderx: make CFG_DONE message to run through generic send-ack sequence
bpf, lpm: fix lookup bug in map_delete_elem
mac80211_hwsim: propagate genlmsg_reply return code
phonet: fix building with clang
ARCv2: don't assume core 0x54 has dual issue
ARCv2: support manual regfile save on interrupts
ARC: uacces: remove lp_start, lp_end from clobber list
ARCv2: lib: memcpy: fix doing prefetchw outside of buffer
ixgbe: fix older devices that do not support IXGBE_MRQC_L3L4TXSWEN
tmpfs: fix link accounting when a tmpfile is linked in
mm: handle lru_add_drain_all for UP properly
net: marvell: mvneta: fix DMA debug warning
ARM: tegra: Restore DT ABI on Tegra124 Chromebooks
arm64: Relax GIC version check during early boot
ARM: dts: armada-xp: fix Armada XP boards NAND description
qed: Fix iWARP syn packet mac address validation.
qed: Fix iWARP buffer size provided for syn packet processing.
ASoC: topology: free created components in tplg load error
mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue
xfrm: Fix inbound traffic via XFRM interfaces across network namespaces
net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe()
qmi_wwan: apply SET_DTR quirk to Sierra WP7607
pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins
net: dsa: bcm_sf2: Do not assume DSA master supports WoL
net: systemport: Fix reception of BPDUs
scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task
keys: Fix dependency loop between construction record and auth key
assoc_array: Fix shortcut creation
ARM: 8835/1: dma-mapping: Clear DMA ops on teardown
af_key: unconditionally clone on broadcast
bpf: fix lockdep false positive in stackmap
bpf: only adjust gso_size on bytestream protocols
ARM: 8824/1: fix a migrating irq bug when hotplug cpu
esp: Skip TX bytes accounting when sending from a request socket
clk: sunxi: A31: Fix wrong AHB gate number
kallsyms: Handle too long symbols in kallsyms.c
clk: sunxi-ng: v3s: Fix TCON reset de-assert bit
Input: st-keyscan - fix potential zalloc NULL dereference
auxdisplay: ht16k33: fix potential user-after-free on module unload
i2c: bcm2835: Clear current buffer pointers and counts after a transfer
i2c: cadence: Fix the hold bit setting
net: hns: Fix object reference leaks in hns_dsaf_roce_reset()
mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs
x86/CPU: Add Icelake model number
net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend()
scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd
Revert "mm: use early_pfn_to_nid in page_ext_init"
mm/gup: fix gup_pmd_range() for dax
NFS: Don't use page_file_mapping after removing the page
xprtrdma: Make sure Send CQ is allocated on an existing compvec
floppy: check_events callback should not return a negative number
ipvs: fix dependency on nf_defrag_ipv6
blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue
netfilter: compat: initialize all fields in xt_init
mac80211: Fix Tx aggregation session tear down with ITXQs
mac80211: call drv_ibss_join() on restart
Input: matrix_keypad - use flush_delayed_work()
Input: ps2-gpio - flush TX work when closing port
Input: cap11xx - switch to using set_brightness_blocking()
ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug
ASoC: samsung: Prevent clk_get_rate() calls in atomic context
KVM: arm64: Forbid kprobing of the VHE world-switch code
KVM: arm/arm64: vgic: Always initialize the group of private IRQs
arm/arm64: KVM: Don't panic on failure to properly reset system registers
arm/arm64: KVM: Allow a VCPU to fully reset itself
KVM: arm/arm64: Reset the VCPU without preemption and vcpu state loaded
ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check
ASoC: dapm: fix out-of-bounds accesses to DAPM lookup tables
ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized
ARM: dts: Configure clock parent for pwm vibra
Input: pwm-vibra - stop regulator after disabling pwm, not before
Input: pwm-vibra - prevent unbalanced regulator
s390/dasd: fix using offset into zero size array error
arm64: dts: rockchip: fix graph_port warning on rk3399 bob kevin and excavator
KVM: arm/arm64: vgic: Make vgic_dist->lpi_list_lock a raw_spinlock
clocksource: timer-ti-dm: Fix pwm dmtimer usage of fck reparenting
ASoC: rt5682: Correct the setting while select ASRC clk for AD/DA filter
gpu: ipu-v3: Fix CSI offsets for imx53
drm/imx: imx-ldb: add missing of_node_puts
gpu: ipu-v3: Fix i.MX51 CSI control registers offset
drm/imx: ignore plane updates on disabled crtcs
crypto: rockchip - update new iv to device in multiple operations
crypto: rockchip - fix scatterlist nents error
crypto: ahash - fix another early termination in hash walk
crypto: cfb - remove bogus memcpy() with src == dest
crypto: cfb - add missing 'chunksize' property
crypto: ccree - don't copy zero size ciphertext
crypto: ccree - unmap buffer before copying IV
crypto: ccree - fix free of unallocated mlli buffer
crypto: caam - fix DMA mapping of stack memory
crypto: caam - fixed handling of sg list
crypto: ccree - fix missing break in switch statement
crypto: caam - fix hash context DMA unmap size
stm class: Fix an endless loop in channel allocation
mei: bus: move hw module get/put to probe/release
mei: hbm: clean the feature flags on link reset
iio: adc: exynos-adc: Fix NULL pointer exception on unbind
ASoC: codecs: pcm186x: Fix energysense SLEEP bit
ASoC: codecs: pcm186x: fix wrong usage of DECLARE_TLV_DB_SCALE()
ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
9p/net: fix memory leak in p9_client_create
9p: use inode->i_lock to protect i_size_write() under 32-bit
media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
ANDROID: cuttlefish_defconfig: Enable CONFIG_INPUT_MOUSEDEV
FROMLIST: psi: introduce psi monitor
FROMLIST: refactor header includes to allow kthread.h inclusion in psi_types.h
FROMLIST: psi: track changed states
FROMLIST: psi: split update_stats into parts
FROMLIST: psi: rename psi fields in preparation for psi trigger addition
FROMLIST: psi: make psi_enable static
FROMLIST: psi: introduce state_mask to represent stalled psi states
ANDROID: cuttlefish_defconfig: Enable CONFIG_PSI
UPSTREAM: kernel: cgroup: add poll file operation
UPSTREAM: fs: kernfs: add poll file operation
UPSTREAM: psi: avoid divide-by-zero crash inside virtual machines
UPSTREAM: psi: clarify the Kconfig text for the default-disable option
UPSTREAM: psi: fix aggregation idle shut-off
UPSTREAM: psi: fix reference to kernel commandline enable
UPSTREAM: psi: make disabling/enabling easier for vendor kernels
UPSTREAM: kernel/sched/psi.c: simplify cgroup_move_task()
UPSTREAM: psi: cgroup support
UPSTREAM: psi: pressure stall information for CPU, memory, and IO
UPSTREAM: sched: introduce this_rq_lock_irq()
UPSTREAM: sched: sched.h: make rq locking and clock functions available in stats.h
UPSTREAM: sched: loadavg: make calc_load_n() public
BACKPORT: sched: loadavg: consolidate LOAD_INT, LOAD_FRAC, CALC_LOAD
UPSTREAM: delayacct: track delays from thrashing cache pages
UPSTREAM: mm: workingset: tell cache transitions from workingset thrashing
Conflicts:
arch/arm/kernel/irq.c
drivers/scsi/sd.c
include/linux/sched.h
init/Kconfig
kernel/sched/Makefile
kernel/sched/sched.h
kernel/workqueue.c
sound/soc/soc-dapm.c
Change-Id: Ia2dcc01c712134c57037ca6788d51172f66bcd93
Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlyWhJcACgkQONu9yGCS
aT6XzxAAzP2QGzC4SVPgcFH1woF/d8Cz0zQ81mLXzjXtEPm39fZCM2hbBnxkXLu1
peFyrKNk6/c9541D9gsQCQT6Fu+H6u1bJKcIezlKJ2xyB/MsU1hXkjZrTJYW3RRs
gimy1EGdood2el1ubEBZiaspazoeRzBqtg1Nsmr4V0l+RT8HwtKKw+0+Nxixfp59
NoVkqTpPI5mL0FiH2R9ogcfg3SvgMZOsOhOBjdPvSjiJJsbvIWcW48MCs95XSUpF
R+l/fWn+oiFCcIqBaFheujuqZMvVrUHZHaWAPMuoR/c3Cdf0lTBokdv6UM9c0nv3
61jX5r5ImRI/dfQANN5mbB1YKcs5xOI+I7QZHQ2q4clsWrWyLapXW4clrAZJ6z5t
UVeVbuLV2y5PL9GJyBcXpyY0BOf4e2gZURaPY3C5McNwgybNoiR0ZePqKb8ZhZyh
jYOYRoBjJJpZoVTSt6MNX95NTvGaSAtqKMu1s3IeMfpwCfQKBPMOuBHr/dUqSC6I
U0xxjk/71C15dSPVcTVJT/lmcKc6TXgoagnfbn8GBtDOAjBNsYyUJLQI+db1ERCe
9MEB9k1Z87ROQ5jQCQmWsewOVAtFZBEvSszFmpKv3zTe8M2oFpXG56zckdiumwHU
nSfeZTTeWzsFJd30MioEnGYm3ZwKwZx7wi0x4B4WWvBfSpp20Us=
=xtLx
-----END PGP SIGNATURE-----
Merge 4.19.31 into android-4.19
Changes in 4.19.31
media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
9p: use inode->i_lock to protect i_size_write() under 32-bit
9p/net: fix memory leak in p9_client_create
ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
ASoC: codecs: pcm186x: fix wrong usage of DECLARE_TLV_DB_SCALE()
ASoC: codecs: pcm186x: Fix energysense SLEEP bit
iio: adc: exynos-adc: Fix NULL pointer exception on unbind
mei: hbm: clean the feature flags on link reset
mei: bus: move hw module get/put to probe/release
stm class: Fix an endless loop in channel allocation
crypto: caam - fix hash context DMA unmap size
crypto: ccree - fix missing break in switch statement
crypto: caam - fixed handling of sg list
crypto: caam - fix DMA mapping of stack memory
crypto: ccree - fix free of unallocated mlli buffer
crypto: ccree - unmap buffer before copying IV
crypto: ccree - don't copy zero size ciphertext
crypto: cfb - add missing 'chunksize' property
crypto: cfb - remove bogus memcpy() with src == dest
crypto: ahash - fix another early termination in hash walk
crypto: rockchip - fix scatterlist nents error
crypto: rockchip - update new iv to device in multiple operations
drm/imx: ignore plane updates on disabled crtcs
gpu: ipu-v3: Fix i.MX51 CSI control registers offset
drm/imx: imx-ldb: add missing of_node_puts
gpu: ipu-v3: Fix CSI offsets for imx53
ASoC: rt5682: Correct the setting while select ASRC clk for AD/DA filter
clocksource: timer-ti-dm: Fix pwm dmtimer usage of fck reparenting
KVM: arm/arm64: vgic: Make vgic_dist->lpi_list_lock a raw_spinlock
arm64: dts: rockchip: fix graph_port warning on rk3399 bob kevin and excavator
s390/dasd: fix using offset into zero size array error
Input: pwm-vibra - prevent unbalanced regulator
Input: pwm-vibra - stop regulator after disabling pwm, not before
ARM: dts: Configure clock parent for pwm vibra
ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized
ASoC: dapm: fix out-of-bounds accesses to DAPM lookup tables
ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check
KVM: arm/arm64: Reset the VCPU without preemption and vcpu state loaded
arm/arm64: KVM: Allow a VCPU to fully reset itself
arm/arm64: KVM: Don't panic on failure to properly reset system registers
KVM: arm/arm64: vgic: Always initialize the group of private IRQs
KVM: arm64: Forbid kprobing of the VHE world-switch code
ASoC: samsung: Prevent clk_get_rate() calls in atomic context
ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug
Input: cap11xx - switch to using set_brightness_blocking()
Input: ps2-gpio - flush TX work when closing port
Input: matrix_keypad - use flush_delayed_work()
mac80211: call drv_ibss_join() on restart
mac80211: Fix Tx aggregation session tear down with ITXQs
netfilter: compat: initialize all fields in xt_init
blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue
ipvs: fix dependency on nf_defrag_ipv6
floppy: check_events callback should not return a negative number
xprtrdma: Make sure Send CQ is allocated on an existing compvec
NFS: Don't use page_file_mapping after removing the page
mm/gup: fix gup_pmd_range() for dax
Revert "mm: use early_pfn_to_nid in page_ext_init"
scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd
net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend()
x86/CPU: Add Icelake model number
mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs
net: hns: Fix object reference leaks in hns_dsaf_roce_reset()
i2c: cadence: Fix the hold bit setting
i2c: bcm2835: Clear current buffer pointers and counts after a transfer
auxdisplay: ht16k33: fix potential user-after-free on module unload
Input: st-keyscan - fix potential zalloc NULL dereference
clk: sunxi-ng: v3s: Fix TCON reset de-assert bit
kallsyms: Handle too long symbols in kallsyms.c
clk: sunxi: A31: Fix wrong AHB gate number
esp: Skip TX bytes accounting when sending from a request socket
ARM: 8824/1: fix a migrating irq bug when hotplug cpu
bpf: only adjust gso_size on bytestream protocols
bpf: fix lockdep false positive in stackmap
af_key: unconditionally clone on broadcast
ARM: 8835/1: dma-mapping: Clear DMA ops on teardown
assoc_array: Fix shortcut creation
keys: Fix dependency loop between construction record and auth key
scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task
net: systemport: Fix reception of BPDUs
net: dsa: bcm_sf2: Do not assume DSA master supports WoL
pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins
qmi_wwan: apply SET_DTR quirk to Sierra WP7607
net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe()
xfrm: Fix inbound traffic via XFRM interfaces across network namespaces
mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue
ASoC: topology: free created components in tplg load error
qed: Fix iWARP buffer size provided for syn packet processing.
qed: Fix iWARP syn packet mac address validation.
ARM: dts: armada-xp: fix Armada XP boards NAND description
arm64: Relax GIC version check during early boot
ARM: tegra: Restore DT ABI on Tegra124 Chromebooks
net: marvell: mvneta: fix DMA debug warning
mm: handle lru_add_drain_all for UP properly
tmpfs: fix link accounting when a tmpfile is linked in
ixgbe: fix older devices that do not support IXGBE_MRQC_L3L4TXSWEN
ARCv2: lib: memcpy: fix doing prefetchw outside of buffer
ARC: uacces: remove lp_start, lp_end from clobber list
ARCv2: support manual regfile save on interrupts
ARCv2: don't assume core 0x54 has dual issue
phonet: fix building with clang
mac80211_hwsim: propagate genlmsg_reply return code
bpf, lpm: fix lookup bug in map_delete_elem
net: thunderx: make CFG_DONE message to run through generic send-ack sequence
net: thunderx: add nicvf_send_msg_to_pf result check for set_rx_mode_task
nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K
nfp: bpf: fix ALU32 high bits clearance bug
bnxt_en: Fix typo in firmware message timeout logic.
bnxt_en: Wait longer for the firmware message response to complete.
net: set static variable an initial value in atl2_probe()
selftests: fib_tests: sleep after changing carrier. again.
tmpfs: fix uninitialized return value in shmem_link
stm class: Prevent division by zero
nfit: acpi_nfit_ctl(): Check out_obj->type in the right place
acpi/nfit: Fix bus command validation
nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot
nfit/ars: Attempt short-ARS even in the no_init_ars case
libnvdimm/label: Clear 'updating' flag after label-set update
libnvdimm, pfn: Fix over-trim in trim_pfn_device()
libnvdimm/pmem: Honor force_raw for legacy pmem regions
libnvdimm: Fix altmap reservation size calculation
fix cgroup_do_mount() handling of failure exits
crypto: aead - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
crypto: aegis - fix handling chunked inputs
crypto: arm/crct10dif - revert to C code for short inputs
crypto: arm64/aes-neonbs - fix returning final keystream block
crypto: arm64/crct10dif - revert to C code for short inputs
crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
crypto: morus - fix handling chunked inputs
crypto: pcbc - remove bogus memcpy()s with src == dest
crypto: skcipher - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
crypto: testmgr - skip crc32c context test for ahash algorithms
crypto: x86/aegis - fix handling chunked inputs and MAY_SLEEP
crypto: x86/aesni-gcm - fix crash on empty plaintext
crypto: x86/morus - fix handling chunked inputs and MAY_SLEEP
crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine
CIFS: Do not reset lease state to NONE on lease break
CIFS: Do not skip SMB2 message IDs on send failures
CIFS: Fix read after write for files with read caching
tracing: Use strncpy instead of memcpy for string keys in hist triggers
tracing: Do not free iter->trace in fail path of tracing_open_pipe()
tracing/perf: Use strndup_user() instead of buggy open-coded version
xen: fix dom0 boot on huge systems
ACPI / device_sysfs: Avoid OF modalias creation for removed device
mmc: sdhci-esdhc-imx: fix HS400 timing issue
mmc:fix a bug when max_discard is 0
netfilter: ipt_CLUSTERIP: fix warning unused variable cn
spi: ti-qspi: Fix mmap read when more than one CS in use
spi: pxa2xx: Setup maximum supported DMA transfer length
regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
regulator: max77620: Initialize values for DT properties
regulator: s2mpa01: Fix step values for some LDOs
clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
clocksource/drivers/arch_timer: Workaround for Allwinner A64 timer instability
s390/setup: fix early warning messages
s390/virtio: handle find on invalid queue gracefully
scsi: virtio_scsi: don't send sc payload with tmfs
scsi: aacraid: Fix performance issue on logical drives
scsi: sd: Optimal I/O size should be a multiple of physical block size
scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware
fs/devpts: always delete dcache dentry-s in dput()
splice: don't merge into linked buffers
ovl: During copy up, first copy up data and then xattrs
ovl: Do not lose security.capability xattr over metadata file copy-up
m68k: Add -ffreestanding to CFLAGS
Btrfs: setup a nofs context for memory allocation at btrfs_create_tree()
Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl
btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
Btrfs: fix corruption reading shared and compressed extents after hole punching
soc: qcom: rpmh: Avoid accessing freed memory from batch API
libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer
irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table
irqchip/brcmstb-l2: Use _irqsave locking variants in non-interrupt code
x86/kprobes: Prohibit probing on optprobe template code
cpufreq: kryo: Release OPP tables on module removal
cpufreq: tegra124: add missing of_node_put()
cpufreq: pxa2xx: remove incorrect __init annotation
ext4: fix check of inode in swap_inode_boot_loader
ext4: cleanup pagecache before swap i_data
ext4: update quota information while swapping boot loader inode
ext4: add mask of ext4 flags to swap
ext4: fix crash during online resizing
PCI/ASPM: Use LTR if already enabled by platform
PCI/DPC: Fix print AER status in DPC event handling
PCI: dwc: skip MSI init if MSIs have been explicitly disabled
IB/hfi1: Close race condition on user context disable and close
cxl: Wrap iterations over afu slices inside 'afu_list_lock'
ext2: Fix underflow in ext2_max_size()
clk: uniphier: Fix update register for CPU-gear
clk: clk-twl6040: Fix imprecise external abort for pdmclk
clk: samsung: exynos5: Fix possible NULL pointer exception on platform_device_alloc() failure
clk: samsung: exynos5: Fix kfree() of const memory on setting driver_override
clk: ingenic: Fix round_rate misbehaving with non-integer dividers
clk: ingenic: Fix doc of ingenic_cgu_div_info
usb: chipidea: tegra: Fix missed ci_hdrc_remove_device()
usb: typec: tps6598x: handle block writes separately with plain-I2C adapters
dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
mm: hwpoison: fix thp split handing in soft_offline_in_use_page()
mm/vmalloc: fix size check for remap_vmalloc_range_partial()
mm/memory.c: do_fault: avoid usage of stale vm_area_struct
kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
device property: Fix the length used in PROPERTY_ENTRY_STRING()
intel_th: Don't reference unassigned outputs
parport_pc: fix find_superio io compare code, should use equal test.
i2c: tegra: fix maximum transfer size
media: i2c: ov5640: Fix post-reset delay
gpio: pca953x: Fix dereference of irq data in shutdown
can: flexcan: FLEXCAN_IFLAG_MB: add () around macro argument
drm/i915: Relax mmap VMA check
bpf: only test gso type on gso packets
serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO
serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart
serial: 8250_pci: Fix number of ports for ACCES serial cards
serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup()
jbd2: clear dirty flag when revoking a buffer from an older transaction
jbd2: fix compile warning when using JBUFFER_TRACE
selinux: add the missing walk_size + len check in selinux_sctp_bind_connect
security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock
powerpc/32: Clear on-stack exception marker upon exception return
powerpc/wii: properly disable use of BATs when requested.
powerpc/powernv: Make opal log only readable by root
powerpc/83xx: Also save/restore SPRG4-7 during suspend
powerpc/powernv: Don't reprogram SLW image on every KVM guest entry/exit
powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest
powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning
powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR configuration
powerpc/traps: fix recoverability of machine check handling on book3s/32
powerpc/traps: Fix the message printed when stack overflows
ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
arm64: Fix HCR.TGE status for NMI contexts
arm64: debug: Ensure debug handlers check triggering exception level
arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2
ipmi_si: fix use-after-free of resource->name
dm: fix to_sector() for 32bit
dm integrity: limit the rate of error messages
mfd: sm501: Fix potential NULL pointer dereference
cpcap-charger: generate events for userspace
NFS: Fix I/O request leakages
NFS: Fix an I/O request leakage in nfs_do_recoalesce
NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
nfsd: fix performance-limiting session calculation
nfsd: fix memory corruption caused by readdir
nfsd: fix wrong check in write_v4_end_grace()
NFSv4.1: Reinitialise sequence results before retransmitting a request
svcrpc: fix UDP on servers with lots of threads
PM / wakeup: Rework wakeup source timer cancellation
bcache: never writeback a discard operation
stable-kernel-rules.rst: add link to networking patch queue
vt: perform safe console erase in the right order
x86/unwind/orc: Fix ORC unwind table alignment
perf intel-pt: Fix CYC timestamp calculation after OVF
perf tools: Fix split_kallsyms_for_kcore() for trampoline symbols
perf auxtrace: Define auxtrace record alignment
perf intel-pt: Fix overlap calculation for padding
perf/x86/intel/uncore: Fix client IMC events return huge result
perf intel-pt: Fix divide by zero when TSC is not available
md: Fix failed allocation of md_register_thread
tpm/tpm_crb: Avoid unaligned reads in crb_recv()
tpm: Unify the send callback behaviour
rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
media: imx: prpencvf: Stop upstream before disabling IDMA channel
media: lgdt330x: fix lock status reporting
media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
media: vimc: Add vimc-streamer for stream control
media: imx: csi: Disable CSI immediately after last EOF
media: imx: csi: Stop upstream before disabling IDMA channel
drm/fb-helper: generic: Fix drm_fbdev_client_restore()
drm/radeon/evergreen_cs: fix missing break in switch statement
drm/amd/powerplay: correct power reading on fiji
drm/amd/display: don't call dm_pp_ function from an fpu block
KVM: Call kvm_arch_memslots_updated() before updating memslots
KVM: x86/mmu: Detect MMIO generation wrap in any address space
KVM: x86/mmu: Do not cache MMIO accesses while memslots are in flux
KVM: nVMX: Sign extend displacements of VMX instr's mem operands
KVM: nVMX: Apply addr size mask to effective address for VMX instructions
KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata
s390/setup: fix boot crash for machine without EDAT-1
Linux 4.19.31
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit eb5e6730db98fcc4b51148b4a819fa4bf864ae54 upstream.
Instantiating "cryptd(crc32c)" causes a crypto self-test failure because
the crypto_alloc_shash() in alg_test_crc32c() fails. This is because
cryptd(crc32c) is an ahash algorithm, not a shash algorithm; so it can
only be accessed through the ahash API, unlike shash algorithms which
can be accessed through both the ahash and shash APIs.
As the test is testing the shash descriptor format which is only
applicable to shash algorithms, skip it for ahash algorithms.
(Note that it's still important to fix crypto self-test failures even
for weird algorithm instantiations like cryptd(crc32c) that no one
would really use; in fips_enabled mode unprivileged users can use them
to panic the kernel, and also they prevent treating a crypto self-test
failure as a bug when fuzzing the kernel.)
Fixes: 8e3ee85e68 ("crypto: crc32c - Test descriptor context format")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b1f6b4bf416b49f00f3abc49c639371cdecaaad1 upstream.
Some algorithms have a ->setkey() method that is not atomic, in the
sense that setting a key can fail after changes were already made to the
tfm context. In this case, if a key was already set the tfm can end up
in a state that corresponds to neither the old key nor the new key.
For example, in lrw.c, if gf128mul_init_64k_bbe() fails due to lack of
memory, then priv::table will be left NULL. After that, encryption with
that tfm will cause a NULL pointer dereference.
It's not feasible to make all ->setkey() methods atomic, especially ones
that have to key multiple sub-tfms. Therefore, make the crypto API set
CRYPTO_TFM_NEED_KEY if ->setkey() fails and the algorithm requires a
key, to prevent the tfm from being used until a new key is set.
[Cc stable mainly because when introducing the NEED_KEY flag I changed
AF_ALG to rely on it; and unlike in-kernel crypto API users, AF_ALG
previously didn't have this problem. So these "incompletely keyed"
states became theoretically accessible via AF_ALG -- though, the
opportunities for causing real mischief seem pretty limited.]
Fixes: f8d33fac84 ("crypto: skcipher - prevent using skciphers without setting key")
Cc: <stable@vger.kernel.org> # v4.16+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 251b7aea34ba3c4d4fdfa9447695642eb8b8b098 upstream.
The memcpy()s in the PCBC implementation use walk->iv as both the source
and destination, which has undefined behavior. These memcpy()'s are
actually unneeded, because walk->iv is already used to hold the previous
plaintext block XOR'd with the previous ciphertext block. Thus,
walk->iv is already updated to its final value.
So remove the broken and unnecessary memcpy()s.
Fixes: 91652be5d1 ("[CRYPTO] pcbc: Add Propagated CBC template")
Cc: <stable@vger.kernel.org> # v2.6.21+
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d644f1c8746ed24f81075480f9e9cb3777ae8d65 upstream.
The generic MORUS implementations all fail the improved AEAD tests
because they produce the wrong result with some data layouts. The issue
is that they assume that if the skcipher_walk API gives 'nbytes' not
aligned to the walksize (a.k.a. walk.stride), then it is the end of the
data. In fact, this can happen before the end. Fix them.
Fixes: 396be41f16 ("crypto: morus - Add generic MORUS AEAD implementations")
Cc: <stable@vger.kernel.org> # v4.18+
Cc: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ba7d7433a0e998c902132bd47330e355a1eaa894 upstream.
Some algorithms have a ->setkey() method that is not atomic, in the
sense that setting a key can fail after changes were already made to the
tfm context. In this case, if a key was already set the tfm can end up
in a state that corresponds to neither the old key nor the new key.
It's not feasible to make all ->setkey() methods atomic, especially ones
that have to key multiple sub-tfms. Therefore, make the crypto API set
CRYPTO_TFM_NEED_KEY if ->setkey() fails and the algorithm requires a
key, to prevent the tfm from being used until a new key is set.
Note: we can't set CRYPTO_TFM_NEED_KEY for OPTIONAL_KEY algorithms, so
->setkey() for those must nevertheless be atomic. That's fine for now
since only the crc32 and crc32c algorithms set OPTIONAL_KEY, and it's
not intended that OPTIONAL_KEY be used much.
[Cc stable mainly because when introducing the NEED_KEY flag I changed
AF_ALG to rely on it; and unlike in-kernel crypto API users, AF_ALG
previously didn't have this problem. So these "incompletely keyed"
states became theoretically accessible via AF_ALG -- though, the
opportunities for causing real mischief seem pretty limited.]
Fixes: 9fa68f6200 ("crypto: hash - prevent using keyed hashes without setting key")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0f533e67d26f228ea5dfdacc8a4bdeb487af5208 upstream.
The generic AEGIS implementations all fail the improved AEAD tests
because they produce the wrong result with some data layouts. The issue
is that they assume that if the skcipher_walk API gives 'nbytes' not
aligned to the walksize (a.k.a. walk.stride), then it is the end of the
data. In fact, this can happen before the end. Fix them.
Fixes: f606a88e58 ("crypto: aegis - Add generic AEGIS AEAD implementations")
Cc: <stable@vger.kernel.org> # v4.18+
Cc: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 6ebc97006b196aafa9df0497fdfa866cf26f259b upstream.
Some algorithms have a ->setkey() method that is not atomic, in the
sense that setting a key can fail after changes were already made to the
tfm context. In this case, if a key was already set the tfm can end up
in a state that corresponds to neither the old key nor the new key.
For example, in gcm.c, if the kzalloc() fails due to lack of memory,
then the CTR part of GCM will have the new key but GHASH will not.
It's not feasible to make all ->setkey() methods atomic, especially ones
that have to key multiple sub-tfms. Therefore, make the crypto API set
CRYPTO_TFM_NEED_KEY if ->setkey() fails, to prevent the tfm from being
used until a new key is set.
[Cc stable mainly because when introducing the NEED_KEY flag I changed
AF_ALG to rely on it; and unlike in-kernel crypto API users, AF_ALG
previously didn't have this problem. So these "incompletely keyed"
states became theoretically accessible via AF_ALG -- though, the
opportunities for causing real mischief seem pretty limited.]
Fixes: dc26c17f74 ("crypto: aead - prevent using AEADs without setting key")
Cc: <stable@vger.kernel.org> # v4.16+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 77568e535af7c4f97eaef1e555bf0af83772456c upstream.
Hash algorithms with an alignmask set, e.g. "xcbc(aes-aesni)" and
"michael_mic", fail the improved hash tests because they sometimes
produce the wrong digest. The bug is that in the case where a
scatterlist element crosses pages, not all the data is actually hashed
because the scatterlist walk terminates too early. This happens because
the 'nbytes' variable in crypto_hash_walk_done() is assigned the number
of bytes remaining in the page, then later interpreted as the number of
bytes remaining in the scatterlist element. Fix it.
Fixes: 900a081f69 ("crypto: ahash - Fix early termination in hash walk")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 6c2e322b3621dc8be72e5c86d4fdb587434ba625 upstream.
The memcpy() in crypto_cfb_decrypt_inplace() uses walk->iv as both the
source and destination, which has undefined behavior. It is unneeded
because walk->iv is already used to hold the previous ciphertext block;
thus, walk->iv is already updated to its final value. So, remove it.
Also, note that in-place decryption is the only case where the previous
ciphertext block is not directly available. Therefore, as a related
cleanup I also updated crypto_cfb_encrypt_segment() to directly use the
previous ciphertext block rather than save it into walk->iv. This makes
it consistent with in-place encryption and out-of-place decryption; now
only in-place decryption is different, because it has to be.
Fixes: a7d85e06ed ("crypto: cfb - add support for Cipher FeedBack mode")
Cc: <stable@vger.kernel.org> # v4.17+
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 394a9e044702e6a8958a5e89d2a291605a587a2a upstream.
Like some other block cipher mode implementations, the CFB
implementation assumes that while walking through the scatterlist, a
partial block does not occur until the end. But the walk is incorrectly
being done with a blocksize of 1, as 'cra_blocksize' is set to 1 (since
CFB is a stream cipher) but no 'chunksize' is set. This bug causes
incorrect encryption/decryption for some scatterlist layouts.
Fix it by setting the 'chunksize'. Also extend the CFB test vectors to
cover this bug as well as cases where the message length is not a
multiple of the block size.
Fixes: a7d85e06ed ("crypto: cfb - add support for Cipher FeedBack mode")
Cc: <stable@vger.kernel.org> # v4.17+
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-b2215a54:
Linux 4.19.25
ax25: fix possible use-after-free
mISDN: fix a race in dev_expire_timer()
net/x25: do not hold the cpu too long in x25_new_lci()
netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs
sunrpc: fix 4 more call sites that were using stack memory with a scatterlist
PCI: Fix __initdata issue with "pci=disable_acs_redir" parameter
mmc: meson-gx: fix interrupt name
scsi: target/core: Use kmem_cache_free() instead of kfree()
hwmon: (lm80) Fix missing unlock on error in set_fan_div()
net: Do not allocate page fragments that are not skb aligned
tcp: tcp_v4_err() should be more careful
tcp: clear icsk_backoff in tcp_write_queue_purge()
net: Add header for usage of fls64()
vxlan: test dev->flags & IFF_UP before calling netif_rx()
vsock: cope with memory allocation failure at socket creation time
vhost: correctly check the return value of translate_desc() in log_used()
sky2: Increase D3 delay again
net: stmmac: handle endianness in dwmac4_get_timestamp
net: stmmac: Fix a race in EEE enable callback
net: phy: xgmiitorgmii: Support generic PHY status read
net: ipv4: use a dedicated counter for icmp_v4 redirect packets
net: ip6_gre: initialize erspan_ver just for erspan tunnels
net: fix IPv6 prefix route residue
net: Fix for_each_netdev_feature on Big endian
net: crypto set sk to NULL when af_alg_release.
mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable
dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit
af_packet: fix raw sockets over 6in4 tunnel
Conflicts:
net/sunrpc/auth_gss/gss_krb5_seqnum.c
Change-Id: I255fee3f9d414e94f8ebadd18fda5aa7a2dce0a1
Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org>
* refs/heads/tmp-6e0411b:
Revert "thermal: Fix locking in cooling device sysfs update cur_state"
Linux 4.19.21
ath9k: dynack: check da->enabled first in sampling routines
ath9k: dynack: make ewma estimation faster
perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu()
IB/hfi1: Add limit test for RC/UC send via loopback
cacheinfo: Keep the old value if of_property_read_u32 fails
serial: sh-sci: Do not free irqs that have already been freed
serial: 8250_pci: Make PCI class test non fatal
serial: fix race between flush_to_ldisc and tty_open
perf tests evsel-tp-sched: Fix bitwise operator
perf/core: Don't WARN() for impossible ring-buffer sizes
x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out()
perf/x86/intel/uncore: Add Node ID mask
cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM
KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
scsi: aic94xx: fix module loading
scsi: cxlflash: Prevent deadlock when adapter probe fails
staging: speakup: fix tty-operation NULL derefs
usb: gadget: musb: fix short isoc packets with inventra dma
usb: gadget: udc: net2272: Fix bitwise and boolean operations
usb: dwc3: gadget: Handle 0 xfer length for OUT EP
usb: phy: am335x: fix race condition in _probe
irqchip/gic-v3-its: Plug allocation race for devices sharing a DevID
futex: Handle early deadlock return correctly
dmaengine: imx-dma: fix wrong callback invoke
dmaengine: bcm2835: Fix abort of transactions
dmaengine: bcm2835: Fix interrupt race on RT
HID: debug: fix the ring buffer implementation
fuse: handle zero sized retrieve correctly
fuse: decrement NR_WRITEBACK_TEMP on the right page
fuse: call pipe_buf_release() under pipe lock
ALSA: hda/realtek - Headset microphone support for System76 darp5
ALSA: hda/realtek - Use a common helper for hp pin reference
ALSA: hda/realtek - Fix lose hp_pins for disable auto mute
ALSA: hda - Serialize codec registrations
ALSA: usb-audio: Add support for new T+A USB DAC
ALSA: compress: Fix stop handling on compressed capture streams
xfs: eof trim writeback mapping as soon as it is cached
net/mlx5e: FPGA, fix Innova IPsec TX offload data path performance
virtio_net: Account for tx bytes and packets on sending xdp_frames
skge: potential memory corruption in skge_get_regs()
sctp: walk the list of asoc safely
sctp: check and update stream->out_curr when allocating stream_out
rxrpc: bad unlock balance in rxrpc_recvmsg
Revert "net: phy: marvell: avoid pause mode on SGMII-to-Copper for 88e151x"
rds: fix refcount bug in rds_sock_addref
net: systemport: Fix WoL with password after deep sleep
net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames
net: dsa: slave: Don't propagate flag changes on down slave interfaces
net: dsa: mv88e6xxx: Fix counting of ATU violations
net: dsa: Fix NULL checking in dsa_slave_set_eee()
net: dsa: Fix lockdep false positive splat
net: dp83640: expire old TX-skb
lib/test_rhashtable: Make test_insert_dup() allocate its hash table dynamically
enic: fix checksum validation for IPv6
dccp: fool proof ccid_hc_[rt]x_parse_options()
thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set
xfs: fix inverted return from xfs_btree_sblock_verify_crc
xfs: fix PAGE_MASK usage in xfs_free_file_space
fs/xfs: fix f_ffree value for statfs when project quota is set
xfs: delalloc -> unwritten COW fork allocation can go wrong
xfs: fix transient reference count error in xfs_buf_resubmit_failed_buffers
xfs: fix shared extent data corruption due to missing cow reservation
xfs: fix overflow in xfs_attr3_leaf_verify
xfs: Fix error code in 'xfs_ioc_getbmap()'
xfs: cancel COW blocks before swapext
xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat
scripts/gdb: fix lx-version string output
kernel/kcov.c: mark write_comp_data() as notrace
exec: load_script: don't blindly truncate shebang string
fs/epoll: drop ovflist branch prediction
kernel/hung_task.c: force console verbose before panic
proc/sysctl: fix return error for proc_doulongvec_minmax()
kernel/hung_task.c: break RCU locks based on jiffies
arm64/sve: ptrace: Fix SVE_PT_REGS_OFFSET definition
HID: lenovo: Add checks to fix of_led_classdev_register
thermal: generic-adc: Fix adc to temp interpolation
PCI: imx: Enable MSI from downstream components
kdb: Don't back trace on a cpu that didn't round up
thermal: bcm2835: enable hwmon explicitly
block/swim3: Fix -EBUSY error when re-opening device after unmount
fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address()
gdrom: fix a memory leak bug
isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw()
zram: fix lockdep warning of free block handling
mm/page_alloc.c: don't call kasan_free_pages() at deferred mem init
ocfs2: improve ocfs2 Makefile
ocfs2: don't clear bh uptodate for block read
arch/sh/boards/mach-kfr2r09/setup.c: fix struct mtd_oob_ops build warning
scripts/decode_stacktrace: only strip base path when a prefix of the path
perf python: Do not force closing original perf descriptor in evlist.get_pollfd()
cgroup: fix parsing empty mount option string
f2fs: fix sbi->extent_list corruption issue
niu: fix missing checks of niu_pci_eeprom_read
um: Avoid marking pages with "changed protection"
f2fs: fix use-after-free issue when accessing sbi->stat_info
cifs: check ntwrk_buf_start for NULL before dereferencing it
MIPS: ralink: Select CONFIG_CPU_MIPSR2_IRQ_VI on MT7620/8
crypto: ux500 - Use proper enum in hash_set_dma_transfer
crypto: ux500 - Use proper enum in cryp_set_dma_transfer
seq_buf: Make seq_buf_puts() null-terminate the buffer
hwmon: (lm80) fix a missing check of bus read in lm80 probe
hwmon: (lm80) fix a missing check of the status of SMBus read
perf build: Don't unconditionally link the libbfd feature test to -liberty and -lz
NFS: nfs_compare_mount_options always compare auth flavors.
kvm: Change offset in kvm_write_guest_offset_cached to unsigned
powerpc/fadump: Do not allow hot-remove memory from fadump reserved area.
KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins
pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins
powerpc/mm: Fix reporting of kernel execute faults on the 8xx
fbdev: fbcon: Fix unregister crash when more than one framebuffer
ACPI/APEI: Clear GHES block_status before panic()
igb: Fix an issue that PME is not enabled during runtime suspend
ice: Do not enable NAPI on q_vectors that have no rings
i40e: define proper net_device::neigh_priv_len
fbdev: fbmem: behave better with small rotated displays and many CPUs
md: fix raid10 hang issue caused by barrier
video: clps711x-fb: release disp device node in probe()
drm/amd/display: validate extended dongle caps
drbd: Avoid Clang warning about pointless switch statment
drbd: skip spurious timeout (ping-timeo) when failing promote
drbd: disconnect, if the wrong UUIDs are attached on a connected peer
drbd: narrow rcu_read_lock in drbd_sync_handshake
mlx5: update timecounter at least twice per counter overflow
powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand
iwlwifi: mvm: fix setting HE ppe FW config
powerpc/perf: Fix thresholding counter data for unknown type
net: hns3: add max vector number check for pf
cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()
scsi: smartpqi: increase fw status register read timeout
scsi: smartpqi: correct volume status
scsi: smartpqi: correct host serial num for ssa
mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG
xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
mac80211: fix radiotap vendor presence bitmap handling
powerpc/uaccess: fix warning/error with access_ok()
drm/amd/display: fix YCbCr420 blank color
Bluetooth: hci_bcm: Handle deferred probing for the clock supply
drm/amd/display: Add retry to read ddc_clock pin
net: hns3: fix incomplete uninitialization of IRQ in the hns3_nic_uninit_vector_data()
percpu: convert spin_lock_irq to spin_lock_irqsave.
perf tools: Cast off_t to s64 to avoid warning on bionic libc
perf header: Fix up argument to ctime()
usb: musb: dsps: fix runtime pm for peripheral mode
usb: musb: dsps: fix otg state machine
arm64: KVM: Skip MMIO insn after emulation
livepatch: check kzalloc return values
tools/power/x86/intel_pstate_tracer: Fix non root execution for post processing a trace file
bnxt_en: Disable MSIX before re-reserving NQs/CMPL rings.
i2c: sh_mobile: Add support for r8a774c0 (RZ/G2E)
perf probe: Fix unchecked usage of strncpy()
btrfs: use tagged writepage to mitigate livelock of snapshot
perf header: Fix unchecked usage of strncpy()
perf dso: Fix unchecked usage of strncpy()
perf test: Fix perf_event_attr test failure
tty: serial: samsung: Properly set flags in autoCTS mode
serial: sh-sci: Resume PIO in sci_rx_interrupt() on DMA failure
serial: sh-sci: Fix locking in sci_submit_rx()
btrfs: harden agaist duplicate fsid on scanned devices
usb: renesas_usbhs: add support for RZ/G2E
mmc: jz4740: Get CD/WP GPIOs from descriptors
mmc: sdhci-xenon: Fix timeout checks
mmc: sdhci-omap: Fix timeout checks
mmc: sdhci-of-esdhc: Fix timeout checks
memstick: Prevent memstick host from getting runtime suspended during card detection
mmc: meson-mx-sdio: check devm_kasprintf for failure
mmc: bcm2835: reset host on timeout
mmc: bcm2835: Recover from MMC_SEND_EXT_CSD
KVM: PPC: Book3S: Only report KVM_CAP_SPAPR_TCE_VFIO on powernv machines
ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M
ARM: pxa: avoid section mismatch warning
selftests/bpf: use __bpf_constant_htons in test_prog.c
switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite
udf: Fix BUG on corrupted inode
mlxsw: spectrum_acl: Limit priority value
phy: sun4i-usb: add support for missing USB PHY index
i2c-axxia: check for error conditions first
lightnvm: pblk: add lock protection to list operations
lightnvm: pblk: fix resubmission of overwritten write err lbas
drm/msm: dpu: Only check flush register against pending flushes
drm/msm/dsi: fix dsi clock names in DSI 10nm PLL driver
tee: optee: avoid possible double list_del()
OPP: Use opp_table->regulators to verify no regulator case
cpuidle: big.LITTLE: fix refcount leak
platform/x86: mlx-platform: Fix tachometer registers
clk: imx6sl: ensure MMDC CH0 handshake is bypassed
sata_rcar: fix deferred probing
iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer
iommu/arm-smmu: Add support for qcom,smmu-v2 variant
iommu/arm-smmu-v3: Avoid memory corruption from Hisilicon MSI payloads
usb: dwc3: gadget: Disable CSP for stream OUT ep
ARM: dts: imx51-zii-rdu1: Do not specify "power-gpio" for hpa1
watchdog: renesas_wdt: don't set divider while watchdog is running
ARM: dts: Fix up the D-Link DIR-685 MTD partition info
media: coda: fix H.264 deblocking filter controls
mips: bpf: fix encoding bug for mm_srlv32_op
ARM: dts: Fix OMAP4430 SDP Ethernet startup
iommu/amd: Fix amd_iommu=force_isolation
pinctrl: sx150x: handle failure case of devm_kstrdup
gpio: mt7621: pass mediatek_gpio_bank_probe() failure up the stack
gpio: mt7621: report failure of devm_kasprintf()
usb: dwc3: trace: add missing break statement to make compiler happy
IB/hfi1: Unreserve a reserved request when it is completed
kobject: return error code if writing /sys/.../uevent fails
driver core: Move async_synchronize_full call
tipc: fix node keep alive interval calculation
drm/amdgpu/powerplay: fix clock stretcher limits on polaris (v2)
media: imx274: select REGMAP_I2C
clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks
usb: mtu3: fix the issue about SetFeature(U1/U2_Enable)
timekeeping: Use proper seqcount initializer
usb: hub: delay hub autosuspend if USB3 port is still link training
usb: dwc2: Disable power down feature on Samsung SoCs
usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb()
xtensa: xtfpga.dtsi: fix dtc warnings about SPI
smack: fix access permissions for keyring
media: DaVinci-VPBE: fix error handling in vpbe_initialize()
media: i2c: TDA1997x: select CONFIG_HDMI
x86/fpu: Add might_fault() to user_insn()
ARM: dts: aspeed: add missing memory unit-address
ARM: dts: mmp2: fix TWSI2
drm/v3d: Fix prime imports of buffers from other drivers.
arm64: ftrace: don't adjust the LR value
mt76x0: dfs: fix IBI_R11 configuration on non-radar channels
s390/zcrypt: improve special ap message cmd handling
firmware/efi: Add NULL pointer checks in efivars API functions
thermal: Fix locking in cooling device sysfs update cur_state
Thermal: do not clear passive state during system sleep
arm64: io: Ensure value passed to __iormb() is held in a 64-bit register
perf: arm_spe: handle devm_kasprintf() failure
drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state()
nfsd4: fix crash on writing v4_end_grace before nfsd startup
soc: bcm: brcmstb: Don't leak device tree node reference
sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN
net: aquantia: return 'err' if set MPI_DEINIT state fails
arm64: io: Ensure calls to delay routines are ordered against prior readX()
i2c: sh_mobile: add support for r8a77990 (R-Car E3)
f2fs: fix wrong return value of f2fs_acl_create
f2fs: fix race between write_checkpoint and write_begin
f2fs: move dir data flush to write checkpoint process
staging: pi433: fix potential null dereference
ACPI: SPCR: Consider baud rate 0 as preconfigured state
media: adv*/tc358743/ths8200: fill in min width/height/pixelclock
iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID
iio: adc: meson-saradc: fix internal clock names
iio: adc: meson-saradc: check for devm_kasprintf failure
powerpc/32: Add .data..Lubsan_data*/.data..Lubsan_type* sections explicitly
dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll
ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
clk: meson: meson8b: mark the CPU clock as CLK_IS_CRITICAL
clk: meson: meson8b: fix the width of the cpu_scale_div clock
clk: meson: meson8b: do not use cpu_div3 for cpu_scale_out_sel
staging: erofs: fix the definition of DBG_BUGON
media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm()
media: video-i2c: avoid accessing released memory area when removing driver
media: rc: ensure close() is called on rc_unregister_device
soc/tegra: Don't leak device tree node reference
perf tools: Add Hygon Dhyana support
modpost: validate symbol names also in find_elf_symbol
net/mlx5: EQ, Use the right place to store/read IRQ affinity hint
bpf: libbpf: retry map creation without the name
drm/amd/display: calculate stream->phy_pix_clk before clock mapping
drm/amd/display: fix gamma not being applied correctly
ARM: OMAP2+: hwmod: Fix some section annotations
drm/rockchip: fix for mailbox read size
usbnet: smsc95xx: fix rx packet alignment
staging: iio: ad7780: update voltage on read
scsi: hisi_sas: change the time of SAS SSP connection
i40e: prevent overlapping tx_timeout recover
platform/chrome: don't report EC_MKBP_EVENT_SENSOR_FIFO as wakeup
vbox: fix link error with 'gcc -Og'
fpga: altera-cvp: fix 'bad IO access' on x86_64
Tools: hv: kvp: Fix a warning of buffer overflow with gcc 8.0.1
fpga: altera-cvp: Fix registration for CvP incapable devices
staging:iio:ad2s90: Make probe handle spi_setup failure
iwlwifi: fw: do not set sgi bits for HE connection
dpaa2-ptp: defer probe when portal allocation failed
MIPS: Boston: Disable EG20T prefetch
ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
serial: fsl_lpuart: clear parity enable bit when disable parity
drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE
crypto: aes_ti - disable interrupts while accessing S-box
powerpc/pseries: add of_node_put() in dlpar_detach_node()
x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux)
dlm: Don't swamp the CPU with callbacks queued during recovery
clk: boston: fix possible memory leak in clk_boston_setup()
ARM: 8808/1: kexec:offline panic_smp_self_stop CPU
scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event
scsi: mpt3sas: Call sas_remove_host before removing the target devices
scsi: lpfc: Correct LCB RJT handling
ath9k: dynack: use authentication messages for 'late' ack
ath10k: assign 'n_cipher_suites' for WCN3990
wil6210: fix memory leak in wil_find_tx_bcast_2
wil6210: fix reset flow for Talyn-mb
nds32: Fix gcc 8.0 compiler option incompatible.
gpu: ipu-v3: image-convert: Prevent race between run and unprepare
genirq/affinity: Spread IRQs to all available NUMA nodes
drm/sun4i: Initialize registers in tcon-top driver
gpiolib: Fix possible use after free on label
ASoC: Intel: mrfld: fix uninitialized variable access
pinctrl: bcm2835: Use raw spinlock for RT compatibility
drm/vgem: Fix vgem_init to get drm device available.
staging: iio: adc: ad7280a: handle error from __ad7280_read32()
drm/bufs: Fix Spectre v1 vulnerability
devres: Align data[] to ARCH_KMALLOC_MINALIGN
ANDROID: Turn xt_owner module on
UPSTREAM: virt_wifi: fix error return code in virt_wifi_newlink()
Conflicts:
arch/arm64/include/asm/io.h
drivers/iommu/arm-smmu.c
drivers/thermal/thermal_core.c
Change-Id: Ic348640eaeb3501bfc61d0b6907b7fcbb83f5118
Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org>
* refs/heads/tmp-26bf816:
Linux 4.19.18
ipmi: Don't initialize anything in the core until something uses it
ipmi:ssif: Fix handling of multi-part return messages
ipmi: Prevent use-after-free in deliver_response
ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
ipmi: fix use-after-free of user->release_barrier.rda
Bluetooth: Fix unnecessary error message for HCI request completion
iwlwifi: mvm: Send LQ command as async when necessary
mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
userfaultfd: clear flag if remap event not enabled
mm/swap: use nr_node_ids for avail_lists in swap_info_struct
mm/page-writeback.c: don't break integrity writeback on ->writepage() error
ocfs2: fix panic due to unrecovered local alloc
iomap: don't search past page end in iomap_is_partially_uptodate
scsi: megaraid: fix out-of-bound array accesses
scsi: smartpqi: call pqi_free_interrupts() in pqi_shutdown()
ath10k: fix peer stats null pointer dereference
scsi: smartpqi: correct lun reset issues
scsi: mpt3sas: fix memory ordering on 64bit writes
IB/usnic: Fix potential deadlock
sysfs: Disable lockdep for driver bind/unbind files
ALSA: bebob: fix model-id of unit for Apogee Ensemble
Bluetooth: btusb: Add support for Intel bluetooth device 8087:0029
dm: Check for device sector overflow if CONFIG_LBDAF is not set
clocksource/drivers/integrator-ap: Add missing of_node_put()
quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls.
perf tools: Add missing open_memstream() prototype for systems lacking it
perf tools: Add missing sigqueue() prototype for systems lacking it
perf cs-etm: Correct packets swapping in cs_etm__flush()
dm snapshot: Fix excessive memory usage and workqueue stalls
tools lib subcmd: Don't add the kernel sources to the include path
perf stat: Avoid segfaults caused by negated options
dm kcopyd: Fix bug causing workqueue stalls
dm crypt: use u64 instead of sector_t to store iv_offset
x86/topology: Use total_cpus for max logical packages calculation
netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine
netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine
netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set
perf vendor events intel: Fix Load_Miss_Real_Latency on SKL/SKX
perf parse-events: Fix unchecked usage of strncpy()
perf svghelper: Fix unchecked usage of strncpy()
perf tests ARM: Disable breakpoint tests 32-bit
perf intel-pt: Fix error with config term "pt=0"
tty/serial: do not free trasnmit buffer page under port lock
btrfs: improve error handling of btrfs_add_link
btrfs: fix use-after-free due to race between replace start and cancel
btrfs: alloc_chunk: fix more DUP stripe size handling
btrfs: volumes: Make sure there is no overlap of dev extents at mount time
mmc: atmel-mci: do not assume idle after atmci_request_end
kconfig: fix memory leak when EOF is encountered in quotation
kconfig: fix file name and line number of warn_ignored_character()
bpf: relax verifier restriction on BPF_MOV | BPF_ALU
arm64: Fix minor issues with the dcache_by_line_op macro
clk: imx6q: reset exclusive gates on init
arm64: kasan: Increase stack size for KASAN_EXTRA
selftests: do not macro-expand failed assertion expressions
scsi: target/core: Make sure that target_wait_for_sess_cmds() waits long enough
scsi: target: use consistent left-aligned ASCII INQUIRY data
net: call sk_dst_reset when set SO_DONTROUTE
staging: erofs: fix use-after-free of on-stack `z_erofs_vle_unzip_io'
media: venus: core: Set dma maximum segment size
ASoC: use dma_ops of parent device for acp_audio_dma
media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
powerpc/pseries/cpuidle: Fix preempt warning
powerpc/xmon: Fix invocation inside lock region
media: uvcvideo: Refactor teardown of uvc on USB disconnect
pstore/ram: Do not treat empty buffers as valid
clk: imx: make mux parent strings const
jffs2: Fix use of uninitialized delayed_work, lockdep breakage
efi/libstub: Disable some warnings for x86{,_64}
rxe: IB_WR_REG_MR does not capture MR's iova field
drm/amdgpu: Reorder uvd ring init before uvd resume
scsi: qedi: Check for session online before getting iSCSI TLV data.
ASoC: pcm3168a: Don't disable pcm3168a when CONFIG_PM defined
selinux: always allow mounting submounts
fpga: altera-cvp: fix probing for multiple FPGAs on the bus
usb: gadget: udc: renesas_usb3: add a safety connection way for forced_b_device
samples: bpf: fix: error handling regarding kprobe_events
clk: meson: meson8b: fix incorrect divider mapping in cpu_scale_table
drm/atomic-helper: Complete fake_commit->flip_done potentially earlier
arm64: perf: set suppress_bind_attrs flag to true
crypto: ecc - regularize scalar for scalar multiplication
MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
x86/mce: Fix -Wmissing-prototypes warnings
ALSA: oxfw: add support for APOGEE duet FireWire
bpf: Allow narrow loads with offset > 0
serial: set suppress_bind_attrs flag only if builtin
writeback: don't decrement wb->refcnt if !wb->bdi
of: overlay: add missing of_node_put() after add new node to changeset
selftests/bpf: enable (uncomment) all tests in test_libbpf.sh
usb: typec: tcpm: Do not disconnect link for self powered devices
e1000e: allow non-monotonic SYSTIM readings
platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey
ixgbe: allow IPsec Tx offload in VEPA mode
drm/amdkfd: fix interrupt spin lock
drm/amd/display: Guard against null stream_state in set_crc_source
gpio: pl061: Move irq_chip definition inside struct pl061
netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets
net: clear skb->tstamp in bridge forwarding path
ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
r8169: Add support for new Realtek Ethernet
qmi_wwan: add MTU default to qmap network interface
net, skbuff: do not prefer skb allocation fails early
net: dsa: mv88x6xxx: mv88e6390 errata
mlxsw: spectrum_switchdev: Set PVID correctly during VLAN deletion
mlxsw: spectrum: Disable lag port TX before removing it
ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
UPSTREAM: dm: do not allow readahead to limit IO size
UPSTREAM: ppp: Move PFC decompression to PPP generic layer
UPSTREAM: l2tp: Add protocol field decompression
Conflicts:
include/linux/swap.h
Change-Id: I72fecd7d04341015f9397afe60d8469d548b4cb6
Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org>
* refs/heads/tmp-73dc755e:
Linux 4.19.17
nbd: Use set_blocksize() to set device blocksize
media: vb2: be sure to unlock mutex on errors
selftests: Fix test errors related to lib.mk khdr target
drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
loop: drop caches if offset or block_size are changed
loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
loop: Get rid of 'nested' acquisition of loop_ctl_mutex
loop: Avoid circular locking dependency between loop_ctl_mutex and bd_mutex
loop: Fix deadlock when calling blkdev_reread_part()
loop: Move loop_reread_partitions() out of loop_ctl_mutex
loop: Move special partition reread handling in loop_clr_fd()
loop: Push loop_ctl_mutex down to loop_change_fd()
loop: Push loop_ctl_mutex down to loop_set_fd()
loop: Push loop_ctl_mutex down to loop_set_status()
loop: Push loop_ctl_mutex down to loop_get_status()
loop: Push loop_ctl_mutex down into loop_clr_fd()
loop: Split setting of lo_state from loop_clr_fd
loop: Push lo_ctl_mutex down into individual ioctls
loop: Get rid of loop_index_mutex
loop: Fold __loop_release into loop_release
block/loop: Use global lock for ioctl() operation.
block/loop: Don't grab "struct file" for vfs_getattr() operation.
tipc: fix uninit-value in tipc_nl_compat_doit
tipc: fix uninit-value in tipc_nl_compat_name_table_dump
tipc: fix uninit-value in tipc_nl_compat_link_set
tipc: fix uninit-value in tipc_nl_compat_bearer_enable
tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
tipc: fix uninit-value in in tipc_conn_rcv_sub
sctp: allocate sctp_sockaddr_entry with kzalloc
blockdev: Fix livelocks on loop device
selinux: fix GPF on invalid policy
block: use rcu_work instead of call_rcu to avoid sleep in softirq
netfilter: ebtables: account ebt_table_info to kmemcg
sunrpc: handle ENOMEM in rpcb_getport_async
media: vb2: vb2_mmap: move lock up
LSM: Check for NULL cred-security on free
ipv6: make icmp6_send() robust against null skb->dev
bpf: in __bpf_redirect_no_mac pull mac only if present
media: vivid: set min width/height to a value > 0
media: vivid: fix error handling of kthread_run
omap2fb: Fix stack memory disclosure
fix int_sqrt64() for very large numbers
Disable MSI also when pcie-octeon.pcie_disable on
arm64: dts: marvell: armada-ap806: reserve PSCI area
arm64: kaslr: ensure randomized quantities are clean to the PoC
pstore/ram: Avoid allocation and leak of platform data
net: dsa: realtek-smi: fix OF child-node lookup
kbuild: Disable LD_DEAD_CODE_DATA_ELIMINATION with ftrace & GCC <= 4.7
RDMA/vmw_pvrdma: Return the correct opcode when creating WR
RDMA/nldev: Don't expose unsafe global rkey to regular user
media: v4l: ioctl: Validate num_planes for debug messages
mfd: tps6586x: Handle interrupts on suspend
OF: properties: add missing of_node_put
drm/i915/gvt: Fix mmap range check
MIPS: lantiq: Fix IPI interrupt handling
MIPS: BCM47XX: Setup struct device for the SoC
mips: fix n32 compat_ipc_parse_version
scsi: sd: Fix cache_type_store()
scsi: core: Synchronize request queue PM status only on successful resume
Yama: Check for pid death before checking ancestry
btrfs: wait on ordered extents on abort cleanup
Revert "btrfs: balance dirty metadata pages in btrfs_finish_ordered_io"
xen: Fix x86 sched_clock() interface for xen
crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK
crypto: talitos - reorder code in talitos_edesc_alloc()
crypto: authenc - fix parsing key with misaligned rta_len
crypto: bcm - convert to use crypto_authenc_extractkeys()
crypto: ccree - convert to use crypto_authenc_extractkeys()
crypto: authencesn - Avoid twice completion call in decrypt path
crypto: caam - fix zero-length buffer DMA mapping
crypto: sm3 - fix undefined shift by >= width of value
r8169: load Realtek PHY driver module before r8169
ip: on queued skb use skb_header_pointer instead of pskb_may_pull
bonding: update nest level on unlink
r8169: don't try to read counters if chip is in a PCI power-save state
smc: move unhash as early as possible in smc_release()
lan743x: Remove phy_read from link status change function
tun: publish tfile after it's fully initialized
tcp: change txhash on SYN-data timeout
packet: Do not leak dev refcounts on error exit
net: bridge: fix a bug on using a neighbour cache entry without checking its state
ipv6: fix kernel-infoleak in ipv6_local_error()
arm64: Don't trap host pointer auth use to EL2
arm64/kvm: consistently handle host HCR_EL2 flags
scsi: target: iscsi: cxgbit: fix csk leak
scsi: target: iscsi: cxgbit: fix csk leak
Revert "scsi: target: iscsi: cxgbit: fix csk leak"
mmc: sdhci-msm: Disable CDR function on TX
netfilter: nf_conncount: fix argument order to find_next_bit
netfilter: nf_conncount: speculative garbage collection on empty lists
netfilter: nf_conncount: move all list iterations under spinlock
netfilter: nf_conncount: merge lookup and add functions
netfilter: nf_conncount: restart search when nodes have been erased
netfilter: nf_conncount: split gc in two phases
netfilter: nf_conncount: don't skip eviction when age is negative
netfilter: nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS
can: gw: ensure DLC boundaries after CAN frame modification
tty: Don't hold ldisc lock in tty_reopen() if ldisc present
tty: Simplify tty->count math in tty_reopen()
tty: Hold tty_ldisc_lock() during tty_reopen()
tty/ldsem: Wake up readers after timed out down_write()
UPSTREAM: zram: idle writeback fixes and cleanup
UPSTREAM: zram: writeback throttle
UPSTREAM: zram: add bd_stat statistics
UPSTREAM: zram: support idle/huge page writeback
UPSTREAM: zram: introduce ZRAM_IDLE flag
UPSTREAM: zram: refactor flags and writeback stuff
UPSTREAM: zram: fix lockdep warning of free block handling
ANDROID: cuttlefish_defconfig: Enable vsock options
ANDROID: mnt: Propagate remount correctly
UPSTREAM: loop: drop caches if offset or block_size are changed
UPSTREAM: crypto: adiantum - initialize crypto_spawn::inst
UPSTREAM: crypto: adiantum - fix leaking reference to hash algorithm
UPSTREAM: crypto: adiantum - adjust some comments to match latest paper
UPSTREAM: crypto: adiantum - propagate CRYPTO_ALG_ASYNC flag to instance
Conflicts:
drivers/mmc/host/sdhci-msm.c
drivers/scsi/scsi_pm.c
Change-Id: I536e9aa79ee729312fd91c29f703dd2b9b29bd2f
Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org>
* refs/heads/tmp-8735c21:
ANDROID: thermal: cpu_cooling: Use related_cpus for energy model cpumask check
Linux 4.19.14
MIPS: Only include mmzone.h when CONFIG_NEED_MULTIPLE_NODES=y
spi: bcm2835: Unbreak the build of esoteric configs
tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x
tpm: tpm_try_transmit() refactor error flow.
arm64: compat: Avoid sending SIGILL for unallocated syscall numbers
iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes
KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq()
KVM: arm/arm64: vgic-v2: Set active_source to 0 when restoring state
KVM: arm/arm64: vgic: Cap SPIs to the VM-defined maximum
KVM: arm/arm64: vgic: Do not cond_resched_lock() with IRQs disabled
rtc: m41t80: Correct alarm month range with RTC reads
ARM: dts: exynos: Specify I2S assigned clocks in proper node
arm/arm64: KVM: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs
arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1
smb3: fix large reads on encrypted connections
CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
MIPS: Fix a R10000_LLSC_WAR logic in atomic.h
MIPS: OCTEON: mark RGMII interface disabled on OCTEON III
MIPS: Expand MIPS32 ASIDs to 64 bits
MIPS: Align kernel load address to 64KB
MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
MIPS: c-r4k: Add r4k_blast_scache_node for Loongson-3
MIPS: math-emu: Write-protect delay slot emulation pages
tools lib traceevent: Fix processing of dereferenced args in bprintk events
media: v4l2-tpg: array index could become negative
media: vb2: check memory model for VIDIOC_CREATE_BUFS
media: vivid: free bitmap_cap when updating std/timings/etc.
media: imx274: fix stack corruption in imx274_read_reg
media: rc: cec devices do not have a lirc chardev
media: cec-pin: fix broken tx_ignore_nack_until_eom error injection
media: cec: keep track of outstanding transmits
serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly
f2fs: sanity check of xattr entry size
f2fs: fix validation of the block count in sanity_check_raw_super
f2fs: read page index before freeing
dax: Use non-exclusive wait in wait_entry_unlocked()
dax: Don't access a freed inode
powerpc/tm: Unset MSR[TS] if not recheckpointing
brcmfmac: Fix out of bounds memory access during fw load
brcmfmac: fix roamoff=1 modparam
Btrfs: send, fix race with transaction commits that create snapshots
btrfs: run delayed items before dropping the snapshot
Btrfs: fix fsync of files with multiple hard links in new directories
btrfs: skip file_extent generation check for free_space_inode in run_delalloc_nocow
btrfs: dev-replace: go back to suspend state if another EXCL_OP is running
btrfs: dev-replace: go back to suspended state if target device is missing
cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
cgroup: fix CSS_TASK_ITER_PROCS
crypto: cfb - fix decryption
crypto: testmgr - add AES-CFB tests
crypto: chcr - small packet Tx stalls the queue
crypto: cavium/nitrox - fix a DMA pool free failure
clk: sunxi-ng: Use u64 for calculation of NM rate
clk: rockchip: fix typo in rk3188 spdif_frac parent
spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
spi: bcm2835: Fix book-keeping of DMA termination
spi: bcm2835: Fix race on DMA termination
ext4: check for shutdown and r/o file system in ext4_write_inode()
ext4: force inode writes when nfsd calls commit_metadata()
ext4: avoid declaring fs inconsistent due to invalid file handles
ext4: include terminating u32 in size of xattr entries when expanding inodes
ext4: fix EXT4_IOC_GROUP_ADD ioctl
ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
ext4: fix possible use after free in ext4_quota_enable
ext4: add ext4_sb_bread() to disambiguate ENOMEM cases
ocxl: Fix endiannes bug in read_afu_name()
ocxl: Fix endiannes bug in ocxl_link_update_pe()
perf env: Also consider env->arch == NULL as local operation
perf pmu: Suppress potential format-truncation warning
perf script: Use fallbacks for branch stacks
perf tools: Use fallback for sample_addr_correlates_sym() cases
perf thread: Add fallback functions for cases where cpumode is insufficient
perf machine: Record if a arch has a single user/kernel address space
clocksource/drivers/arc_timer: Utilize generic sched_clock
DRM: UDL: get rid of useless vblank initialization
drm/v3d: Skip debugfs dumping GCA on platforms without GCA.
platform-msi: Free descriptors in platform_msi_domain_free()
KVM: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails
arm64: KVM: Make VHE Stage-2 TLB invalidation operations non-interruptible
KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init()
x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off
Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
Input: atmel_mxt_ts - don't try to free unallocated kernel memory
s390/pci: fix sleeping in atomic during hotplug
ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty
ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper
staging: wilc1000: fix missing read_write setting when reading data
media: dvb-usb-v2: Fix incorrect use of transfer_flags URB_FREE_BUFFER
usb: roles: Add a description for the class to Kconfig
Revert "usb: dwc3: pci: Use devm functions to get the phy GPIOs"
usb: dwc2: disable power_down on Amlogic devices
usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()
USB: serial: option: add Fibocom NL678 series
USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
usb: dwc2: host: use hrtimer for NAK retries
ALSA: hda/tegra: clear pending irq handlers
ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops
ALSA: firewire-lib: use the same print format for 'without_header' tracepoints
ALSA: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint
ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet
ALSA: fireface: fix for state to fetch PCM frames
ALSA: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294
ALSA: hda: add mute LED support for HP EliteBook 840 G4
mtd: rawnand: omap2: Pass the parent of pdev to dma_request_chan()
mtd: rawnand: marvell: prevent timeouts on a loaded machine
mtd: atmel-quadspi: disallow building on ebsa110
powerpc/fsl: Fix spectre_v2 mitigations reporting
ALSA: emux: Fix potential Spectre v1 vulnerabilities
ALSA: pcm: Fix potential Spectre v1 vulnerability
ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
ALSA: rme9652: Fix potential Spectre v1 vulnerability
IB/hfi1: Incorrect sizing of sge for PIO will OOPs
r8169: fix WoL device wakeup enable
net: Use __kernel_clockid_t in uapi net_stamp.h
net: mvneta: fix operation for 64K PAGE_SIZE
net/mlx5e: RX, Fix wrong early return in receive queue poll
net/mlx5e: Remove unused UDP GSO remaining counter
mlxsw: core: Increase timeout during firmware flash process
qed: Fix command number mismatch between driver and the mfw
net: mvpp2: fix the phylink mode validation
net/mlx5e: RX, Verify MPWQE stride size is in range
net/mlx5e: Cancel DIM work on close SQ
mscc: Configured MAC entries should be locked.
ipv6: route: Fix return value of ip6_neigh_lookup() on neigh_create() error
nfp: flower: ensure TCP flags can be placed in IPv6 frame
net/ipv6: Fix a test against 'ipv6_find_idev()' return value
ipv6: frags: Fix bogus skb->sk in reassembled packets
net/mlx5e: Remove the false indication of software timestamping support
tipc: check group dests after tipc_wait_for_cond()
net/mlx5: Typo fix in del_sw_hw_rule
xen/netfront: tolerate frags with no data
VSOCK: Send reset control packet when socket is partially bound
vhost: make sure used idx is seen before log in vhost_add_used_n()
tipc: use lock_sock() in tipc_sk_reinit()
tipc: fix a double kfree_skb()
tipc: fix a double free in tipc_enable_bearer()
tipc: compare remote and local protocols in tipc_udp_enable()
tipc: check tsk->group in tipc_wait_for_cond()
tcp: fix a race in inet_diag_dump_icsk()
sock: Make sock->sk_stamp thread-safe
sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
qmi_wwan: Add support for Fibocom NL678 series
qmi_wwan: Added support for Telit LN940 series
qmi_wwan: Added support for Fibocom NL668 series
ptr_ring: wrap back ->producer in __ptr_ring_swap_queue()
packet: validate address length if non-zero
packet: validate address length
net/wan: fix a double free in x25_asy_open_tty()
net/tls: allocate tls context using GFP_ATOMIC
net: stmmac: Fix an error code in probe()
net/smc: fix TCP fallback socket release
netrom: fix locking in nr_find_socket()
net: phy: Fix the issue that netif always links up after resuming
net: mvpp2: 10G modes aren't supported on all ports
net: macb: restart tx after tx used bit read
net: ipv4: do not handle duplicate fragments as overlapping
net/hamradio/6pack: use mod_timer() to rearm timers
net: clear skb->tstamp in forwarding paths
isdn: fix kernel-infoleak in capi_unlocked_ioctl
ip: validate header length on virtual device xmit
ipv6: tunnels: fix two use-after-free
ipv6: explicitly initialize udp6_addr in udp_sock_create6()
ipv4: Fix potential Spectre v1 vulnerability
ip6mr: Fix potential Spectre v1 vulnerability
ieee802154: lowpan_header_create check must check daddr
ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
gro_cell: add napi_disable in gro_cells_destroy
ax25: fix a use-after-free in ax25_fillin_cb()
Revert "FROMLIST: PM / EM: Expose the Energy Model in sysfs"
Revert "FROMLIST: sched: Introduce a sysctl for Energy Aware Scheduling"
ANDROID: sched: Align EAS with upstream
ANDROID: cuttlefish_defconfig: Enable VIRTIO_INPUT
Conflicts:
include/linux/sched/sysctl.h
kernel/sysctl.c
Change-Id: I44212c239e9ca2b1ce68ed59e95d0f7913159a52
Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxw/z8ACgkQONu9yGCS
aT4K5w/9H5O8ilMgw/mIC/Ou8baIcO6GysorRWij8yvdGCeR2OZvn4izyBr7SpuV
3GKh0LZ6JbL/5aOTPzNE5csKUg//G2JmVZ9H4MeAeCFzi1zblaQR6t86X2LhZ2jh
WMQneSjGCIAhe/cD5kheeq0pP9k9BsLdSlh7oY0d1gi1hrmka1RCD0cnxcGWdcT0
K9e2XM+bHXTEgB6ZFmdxFUDzl6bfhHmaPAociL2Dnw+yjgves+w4IXbHg7wf9azp
SdTw3QrCW25gcVeCBrJeHewmS695d/eilZaUYsFWt14BWDc71VZOLygsAHvy0Ldv
nRDuGrq1eTpDE5yrKniqyshhzHq0oWVCIwxPaLsY3edUOOiuNuliOmLNhgJR0XxB
A+WfaZa1IVIo1qc5y6WiQ6yPdL9Sv0Ly9QAJSyGxr2RclgnzsFB0gMn/QOh296mq
Xji3v8SSnIiT1hA6upP+VAhfsQhIi4zB+CAks48ebmc5SMmTF6IMjhIF0HfidPqx
Nwpp+XXBtW545NdfCkIbZ+0sYaUVcdQI6v44/J/n52A5J1emtyNFrU93qZs7fMT1
uQLlLV9G901kHgopfePiWyVrsDwE2RGkU+pujF/ZT7cVn+Pr+e7KDZpm3EUqambr
c/kmg3vzcUCxBfR2EN4sU96cSvjnfQbDRCBY9/x4tYRMS/R1Ytc=
=DMHM
-----END PGP SIGNATURE-----
Merge 4.19.25 into android-4.19
Changes in 4.19.25
af_packet: fix raw sockets over 6in4 tunnel
dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit
mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable
net: crypto set sk to NULL when af_alg_release.
net: Fix for_each_netdev_feature on Big endian
net: fix IPv6 prefix route residue
net: ip6_gre: initialize erspan_ver just for erspan tunnels
net: ipv4: use a dedicated counter for icmp_v4 redirect packets
net: phy: xgmiitorgmii: Support generic PHY status read
net: stmmac: Fix a race in EEE enable callback
net: stmmac: handle endianness in dwmac4_get_timestamp
sky2: Increase D3 delay again
vhost: correctly check the return value of translate_desc() in log_used()
vsock: cope with memory allocation failure at socket creation time
vxlan: test dev->flags & IFF_UP before calling netif_rx()
net: Add header for usage of fls64()
tcp: clear icsk_backoff in tcp_write_queue_purge()
tcp: tcp_v4_err() should be more careful
net: Do not allocate page fragments that are not skb aligned
hwmon: (lm80) Fix missing unlock on error in set_fan_div()
scsi: target/core: Use kmem_cache_free() instead of kfree()
mmc: meson-gx: fix interrupt name
PCI: Fix __initdata issue with "pci=disable_acs_redir" parameter
sunrpc: fix 4 more call sites that were using stack memory with a scatterlist
netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs
net/x25: do not hold the cpu too long in x25_new_lci()
mISDN: fix a race in dev_expire_timer()
ax25: fix possible use-after-free
Linux 4.19.25
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxjFL8ACgkQONu9yGCS
aT643xAAk+mnsrOfU6/LBFjcJUUUYohK01UAU+PRvTjy4uH8rrA4G01xvp11ftIu
jjEikA2582ScR5a2Ww+E4SfqOdKT4z9hOGLTnyI0P4xN9jeVidvu9+C90AYyBYhi
orHm1osVQIj6n9+OQ5db+DzZYbZLbyfCoqNXbq9EoLvNRS3FUUH0y2VXqcz9Ghcj
obpdHTVMKRaFkRWdCglo+3hSpoKrncSVpKrwUXR18GCt8jjZjj39kI9t6UoGNfc7
nN3GOd26U1tpGo6ShZJYu6aPjV+zoYNlsg1o2zn9qJANIdulYe30vqNhWCeJ+/T7
WcT3EHv4pPEO3Lvgfp+l10Nc6IbYdJEFUpAP3CvfP+MvRfKvz8Vo3Nm/BQlr20+q
+MUYJb+wxhlHPRLV192XbnYFkEzZg7vzymoMPL034XheAkOkPbOK0IIVo41p5Rai
LxmOdvhzfAktbtD/VWnLTUbexjs2EJ05bvZRjdPKKIMBNKnAWz4ux3KcHxpdsUF8
KMCKwpJE8KDM4uiaKVdyfMhFeIg37pmy+7Uv9cUFjWwtsL3K+CiAXg8uaSvnajKr
bOhwbFIgxoOI9VRBK8M0wvzouphA0miVbxOY81sdfbMeWNpbCLdb968AFz25llta
rVlWp7bSAUQTsvTkVBv6mrTKPwzO4jnfHYN8yj5gO7pr5fmC2ig=
=L+Mp
-----END PGP SIGNATURE-----
Merge 4.19.21 into android-4.19
Changes in 4.19.21
devres: Align data[] to ARCH_KMALLOC_MINALIGN
drm/bufs: Fix Spectre v1 vulnerability
staging: iio: adc: ad7280a: handle error from __ad7280_read32()
drm/vgem: Fix vgem_init to get drm device available.
pinctrl: bcm2835: Use raw spinlock for RT compatibility
ASoC: Intel: mrfld: fix uninitialized variable access
gpiolib: Fix possible use after free on label
drm/sun4i: Initialize registers in tcon-top driver
genirq/affinity: Spread IRQs to all available NUMA nodes
gpu: ipu-v3: image-convert: Prevent race between run and unprepare
nds32: Fix gcc 8.0 compiler option incompatible.
wil6210: fix reset flow for Talyn-mb
wil6210: fix memory leak in wil_find_tx_bcast_2
ath10k: assign 'n_cipher_suites' for WCN3990
ath9k: dynack: use authentication messages for 'late' ack
scsi: lpfc: Correct LCB RJT handling
scsi: mpt3sas: Call sas_remove_host before removing the target devices
scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event
ARM: 8808/1: kexec:offline panic_smp_self_stop CPU
clk: boston: fix possible memory leak in clk_boston_setup()
dlm: Don't swamp the CPU with callbacks queued during recovery
x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux)
powerpc/pseries: add of_node_put() in dlpar_detach_node()
crypto: aes_ti - disable interrupts while accessing S-box
drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE
serial: fsl_lpuart: clear parity enable bit when disable parity
ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
MIPS: Boston: Disable EG20T prefetch
dpaa2-ptp: defer probe when portal allocation failed
iwlwifi: fw: do not set sgi bits for HE connection
staging:iio:ad2s90: Make probe handle spi_setup failure
fpga: altera-cvp: Fix registration for CvP incapable devices
Tools: hv: kvp: Fix a warning of buffer overflow with gcc 8.0.1
fpga: altera-cvp: fix 'bad IO access' on x86_64
vbox: fix link error with 'gcc -Og'
platform/chrome: don't report EC_MKBP_EVENT_SENSOR_FIFO as wakeup
i40e: prevent overlapping tx_timeout recover
scsi: hisi_sas: change the time of SAS SSP connection
staging: iio: ad7780: update voltage on read
usbnet: smsc95xx: fix rx packet alignment
drm/rockchip: fix for mailbox read size
ARM: OMAP2+: hwmod: Fix some section annotations
drm/amd/display: fix gamma not being applied correctly
drm/amd/display: calculate stream->phy_pix_clk before clock mapping
bpf: libbpf: retry map creation without the name
net/mlx5: EQ, Use the right place to store/read IRQ affinity hint
modpost: validate symbol names also in find_elf_symbol
perf tools: Add Hygon Dhyana support
soc/tegra: Don't leak device tree node reference
media: rc: ensure close() is called on rc_unregister_device
media: video-i2c: avoid accessing released memory area when removing driver
media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm()
staging: erofs: fix the definition of DBG_BUGON
clk: meson: meson8b: do not use cpu_div3 for cpu_scale_out_sel
clk: meson: meson8b: fix the width of the cpu_scale_div clock
clk: meson: meson8b: mark the CPU clock as CLK_IS_CRITICAL
ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll
powerpc/32: Add .data..Lubsan_data*/.data..Lubsan_type* sections explicitly
iio: adc: meson-saradc: check for devm_kasprintf failure
iio: adc: meson-saradc: fix internal clock names
iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID
media: adv*/tc358743/ths8200: fill in min width/height/pixelclock
ACPI: SPCR: Consider baud rate 0 as preconfigured state
staging: pi433: fix potential null dereference
f2fs: move dir data flush to write checkpoint process
f2fs: fix race between write_checkpoint and write_begin
f2fs: fix wrong return value of f2fs_acl_create
i2c: sh_mobile: add support for r8a77990 (R-Car E3)
arm64: io: Ensure calls to delay routines are ordered against prior readX()
net: aquantia: return 'err' if set MPI_DEINIT state fails
sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN
soc: bcm: brcmstb: Don't leak device tree node reference
nfsd4: fix crash on writing v4_end_grace before nfsd startup
drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state()
perf: arm_spe: handle devm_kasprintf() failure
arm64: io: Ensure value passed to __iormb() is held in a 64-bit register
Thermal: do not clear passive state during system sleep
thermal: Fix locking in cooling device sysfs update cur_state
firmware/efi: Add NULL pointer checks in efivars API functions
s390/zcrypt: improve special ap message cmd handling
mt76x0: dfs: fix IBI_R11 configuration on non-radar channels
arm64: ftrace: don't adjust the LR value
drm/v3d: Fix prime imports of buffers from other drivers.
ARM: dts: mmp2: fix TWSI2
ARM: dts: aspeed: add missing memory unit-address
x86/fpu: Add might_fault() to user_insn()
media: i2c: TDA1997x: select CONFIG_HDMI
media: DaVinci-VPBE: fix error handling in vpbe_initialize()
smack: fix access permissions for keyring
xtensa: xtfpga.dtsi: fix dtc warnings about SPI
usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb()
usb: dwc2: Disable power down feature on Samsung SoCs
usb: hub: delay hub autosuspend if USB3 port is still link training
timekeeping: Use proper seqcount initializer
usb: mtu3: fix the issue about SetFeature(U1/U2_Enable)
clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks
media: imx274: select REGMAP_I2C
drm/amdgpu/powerplay: fix clock stretcher limits on polaris (v2)
tipc: fix node keep alive interval calculation
driver core: Move async_synchronize_full call
kobject: return error code if writing /sys/.../uevent fails
IB/hfi1: Unreserve a reserved request when it is completed
usb: dwc3: trace: add missing break statement to make compiler happy
gpio: mt7621: report failure of devm_kasprintf()
gpio: mt7621: pass mediatek_gpio_bank_probe() failure up the stack
pinctrl: sx150x: handle failure case of devm_kstrdup
iommu/amd: Fix amd_iommu=force_isolation
ARM: dts: Fix OMAP4430 SDP Ethernet startup
mips: bpf: fix encoding bug for mm_srlv32_op
media: coda: fix H.264 deblocking filter controls
ARM: dts: Fix up the D-Link DIR-685 MTD partition info
watchdog: renesas_wdt: don't set divider while watchdog is running
ARM: dts: imx51-zii-rdu1: Do not specify "power-gpio" for hpa1
usb: dwc3: gadget: Disable CSP for stream OUT ep
iommu/arm-smmu-v3: Avoid memory corruption from Hisilicon MSI payloads
iommu/arm-smmu: Add support for qcom,smmu-v2 variant
iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer
sata_rcar: fix deferred probing
clk: imx6sl: ensure MMDC CH0 handshake is bypassed
platform/x86: mlx-platform: Fix tachometer registers
cpuidle: big.LITTLE: fix refcount leak
OPP: Use opp_table->regulators to verify no regulator case
tee: optee: avoid possible double list_del()
drm/msm/dsi: fix dsi clock names in DSI 10nm PLL driver
drm/msm: dpu: Only check flush register against pending flushes
lightnvm: pblk: fix resubmission of overwritten write err lbas
lightnvm: pblk: add lock protection to list operations
i2c-axxia: check for error conditions first
phy: sun4i-usb: add support for missing USB PHY index
mlxsw: spectrum_acl: Limit priority value
udf: Fix BUG on corrupted inode
switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite
selftests/bpf: use __bpf_constant_htons in test_prog.c
ARM: pxa: avoid section mismatch warning
ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M
KVM: PPC: Book3S: Only report KVM_CAP_SPAPR_TCE_VFIO on powernv machines
mmc: bcm2835: Recover from MMC_SEND_EXT_CSD
mmc: bcm2835: reset host on timeout
mmc: meson-mx-sdio: check devm_kasprintf for failure
memstick: Prevent memstick host from getting runtime suspended during card detection
mmc: sdhci-of-esdhc: Fix timeout checks
mmc: sdhci-omap: Fix timeout checks
mmc: sdhci-xenon: Fix timeout checks
mmc: jz4740: Get CD/WP GPIOs from descriptors
usb: renesas_usbhs: add support for RZ/G2E
btrfs: harden agaist duplicate fsid on scanned devices
serial: sh-sci: Fix locking in sci_submit_rx()
serial: sh-sci: Resume PIO in sci_rx_interrupt() on DMA failure
tty: serial: samsung: Properly set flags in autoCTS mode
perf test: Fix perf_event_attr test failure
perf dso: Fix unchecked usage of strncpy()
perf header: Fix unchecked usage of strncpy()
btrfs: use tagged writepage to mitigate livelock of snapshot
perf probe: Fix unchecked usage of strncpy()
i2c: sh_mobile: Add support for r8a774c0 (RZ/G2E)
bnxt_en: Disable MSIX before re-reserving NQs/CMPL rings.
tools/power/x86/intel_pstate_tracer: Fix non root execution for post processing a trace file
livepatch: check kzalloc return values
arm64: KVM: Skip MMIO insn after emulation
usb: musb: dsps: fix otg state machine
usb: musb: dsps: fix runtime pm for peripheral mode
perf header: Fix up argument to ctime()
perf tools: Cast off_t to s64 to avoid warning on bionic libc
percpu: convert spin_lock_irq to spin_lock_irqsave.
net: hns3: fix incomplete uninitialization of IRQ in the hns3_nic_uninit_vector_data()
drm/amd/display: Add retry to read ddc_clock pin
Bluetooth: hci_bcm: Handle deferred probing for the clock supply
drm/amd/display: fix YCbCr420 blank color
powerpc/uaccess: fix warning/error with access_ok()
mac80211: fix radiotap vendor presence bitmap handling
xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG
scsi: smartpqi: correct host serial num for ssa
scsi: smartpqi: correct volume status
scsi: smartpqi: increase fw status register read timeout
cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()
net: hns3: add max vector number check for pf
powerpc/perf: Fix thresholding counter data for unknown type
iwlwifi: mvm: fix setting HE ppe FW config
powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand
mlx5: update timecounter at least twice per counter overflow
drbd: narrow rcu_read_lock in drbd_sync_handshake
drbd: disconnect, if the wrong UUIDs are attached on a connected peer
drbd: skip spurious timeout (ping-timeo) when failing promote
drbd: Avoid Clang warning about pointless switch statment
drm/amd/display: validate extended dongle caps
video: clps711x-fb: release disp device node in probe()
md: fix raid10 hang issue caused by barrier
fbdev: fbmem: behave better with small rotated displays and many CPUs
i40e: define proper net_device::neigh_priv_len
ice: Do not enable NAPI on q_vectors that have no rings
igb: Fix an issue that PME is not enabled during runtime suspend
ACPI/APEI: Clear GHES block_status before panic()
fbdev: fbcon: Fix unregister crash when more than one framebuffer
powerpc/mm: Fix reporting of kernel execute faults on the 8xx
pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins
pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins
KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
powerpc/fadump: Do not allow hot-remove memory from fadump reserved area.
kvm: Change offset in kvm_write_guest_offset_cached to unsigned
NFS: nfs_compare_mount_options always compare auth flavors.
perf build: Don't unconditionally link the libbfd feature test to -liberty and -lz
hwmon: (lm80) fix a missing check of the status of SMBus read
hwmon: (lm80) fix a missing check of bus read in lm80 probe
seq_buf: Make seq_buf_puts() null-terminate the buffer
crypto: ux500 - Use proper enum in cryp_set_dma_transfer
crypto: ux500 - Use proper enum in hash_set_dma_transfer
MIPS: ralink: Select CONFIG_CPU_MIPSR2_IRQ_VI on MT7620/8
cifs: check ntwrk_buf_start for NULL before dereferencing it
f2fs: fix use-after-free issue when accessing sbi->stat_info
um: Avoid marking pages with "changed protection"
niu: fix missing checks of niu_pci_eeprom_read
f2fs: fix sbi->extent_list corruption issue
cgroup: fix parsing empty mount option string
perf python: Do not force closing original perf descriptor in evlist.get_pollfd()
scripts/decode_stacktrace: only strip base path when a prefix of the path
arch/sh/boards/mach-kfr2r09/setup.c: fix struct mtd_oob_ops build warning
ocfs2: don't clear bh uptodate for block read
ocfs2: improve ocfs2 Makefile
mm/page_alloc.c: don't call kasan_free_pages() at deferred mem init
zram: fix lockdep warning of free block handling
isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw()
gdrom: fix a memory leak bug
fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address()
block/swim3: Fix -EBUSY error when re-opening device after unmount
thermal: bcm2835: enable hwmon explicitly
kdb: Don't back trace on a cpu that didn't round up
PCI: imx: Enable MSI from downstream components
thermal: generic-adc: Fix adc to temp interpolation
HID: lenovo: Add checks to fix of_led_classdev_register
arm64/sve: ptrace: Fix SVE_PT_REGS_OFFSET definition
kernel/hung_task.c: break RCU locks based on jiffies
proc/sysctl: fix return error for proc_doulongvec_minmax()
kernel/hung_task.c: force console verbose before panic
fs/epoll: drop ovflist branch prediction
exec: load_script: don't blindly truncate shebang string
kernel/kcov.c: mark write_comp_data() as notrace
scripts/gdb: fix lx-version string output
xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat
xfs: cancel COW blocks before swapext
xfs: Fix error code in 'xfs_ioc_getbmap()'
xfs: fix overflow in xfs_attr3_leaf_verify
xfs: fix shared extent data corruption due to missing cow reservation
xfs: fix transient reference count error in xfs_buf_resubmit_failed_buffers
xfs: delalloc -> unwritten COW fork allocation can go wrong
fs/xfs: fix f_ffree value for statfs when project quota is set
xfs: fix PAGE_MASK usage in xfs_free_file_space
xfs: fix inverted return from xfs_btree_sblock_verify_crc
thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set
dccp: fool proof ccid_hc_[rt]x_parse_options()
enic: fix checksum validation for IPv6
lib/test_rhashtable: Make test_insert_dup() allocate its hash table dynamically
net: dp83640: expire old TX-skb
net: dsa: Fix lockdep false positive splat
net: dsa: Fix NULL checking in dsa_slave_set_eee()
net: dsa: mv88e6xxx: Fix counting of ATU violations
net: dsa: slave: Don't propagate flag changes on down slave interfaces
net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames
net: systemport: Fix WoL with password after deep sleep
rds: fix refcount bug in rds_sock_addref
Revert "net: phy: marvell: avoid pause mode on SGMII-to-Copper for 88e151x"
rxrpc: bad unlock balance in rxrpc_recvmsg
sctp: check and update stream->out_curr when allocating stream_out
sctp: walk the list of asoc safely
skge: potential memory corruption in skge_get_regs()
virtio_net: Account for tx bytes and packets on sending xdp_frames
net/mlx5e: FPGA, fix Innova IPsec TX offload data path performance
xfs: eof trim writeback mapping as soon as it is cached
ALSA: compress: Fix stop handling on compressed capture streams
ALSA: usb-audio: Add support for new T+A USB DAC
ALSA: hda - Serialize codec registrations
ALSA: hda/realtek - Fix lose hp_pins for disable auto mute
ALSA: hda/realtek - Use a common helper for hp pin reference
ALSA: hda/realtek - Headset microphone support for System76 darp5
fuse: call pipe_buf_release() under pipe lock
fuse: decrement NR_WRITEBACK_TEMP on the right page
fuse: handle zero sized retrieve correctly
HID: debug: fix the ring buffer implementation
dmaengine: bcm2835: Fix interrupt race on RT
dmaengine: bcm2835: Fix abort of transactions
dmaengine: imx-dma: fix wrong callback invoke
futex: Handle early deadlock return correctly
irqchip/gic-v3-its: Plug allocation race for devices sharing a DevID
usb: phy: am335x: fix race condition in _probe
usb: dwc3: gadget: Handle 0 xfer length for OUT EP
usb: gadget: udc: net2272: Fix bitwise and boolean operations
usb: gadget: musb: fix short isoc packets with inventra dma
staging: speakup: fix tty-operation NULL derefs
scsi: cxlflash: Prevent deadlock when adapter probe fails
scsi: aic94xx: fix module loading
KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM
perf/x86/intel/uncore: Add Node ID mask
x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out()
perf/core: Don't WARN() for impossible ring-buffer sizes
perf tests evsel-tp-sched: Fix bitwise operator
serial: fix race between flush_to_ldisc and tty_open
serial: 8250_pci: Make PCI class test non fatal
serial: sh-sci: Do not free irqs that have already been freed
cacheinfo: Keep the old value if of_property_read_u32 fails
IB/hfi1: Add limit test for RC/UC send via loopback
perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu()
ath9k: dynack: make ewma estimation faster
ath9k: dynack: check da->enabled first in sampling routines
Linux 4.19.21
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 0a6a40c2a8c184a2fb467efacfb1cd338d719e0b ]
In the "aes-fixed-time" AES implementation, disable interrupts while
accessing the S-box, in order to make cache-timing attacks more
difficult. Previously it was possible for the CPU to be interrupted
while the S-box was loaded into L1 cache, potentially evicting the
cachelines and causing later table lookups to be time-variant.
In tests I did on x86 and ARM, this doesn't affect performance
significantly. Responsiveness is potentially a concern, but interrupts
are only disabled for a single AES block.
Note that even after this change, the implementation still isn't
necessarily guaranteed to be constant-time; see
https://cr.yp.to/antiforgery/cachetiming-20050414.pdf for a discussion
of the many difficulties involved in writing truly constant-time AES
software. But it's valuable to make such attacks more difficult.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxMGy0ACgkQONu9yGCS
aT5ppQ/8COjyZg1aTrCrd0ttMHYotw3Lb4B6E/SCf2ub4X38SxGz9irhQ7r2FKdK
w0ZXlLOF2ddqWe6BUnIfWago4Pk1GBpg3bgnp5XyYTjlJbfI2yZ9ggiO0iNYBPaL
fN2JwM9eze/7cDlpYbhwGpF4+Wz8wTrzh+NIputcvC6n3SQH/cTGmOUa9rlamQju
uukkvLanAYY3sqDCl4B415Ds44ROU4filqHYIkvZC81jc3Q0YZ8M7cTmpLcDQKGz
8Z+Veil07jEM9bF2W8iX79nwxMT+edFC62HMuRCoxJKq+1kccw1TVMWpQ8TWbv13
zeLOqXxNP6VcNaC251q3QzlInRDp1dtr8KtzA/OG0WFnZBTEDng/iChhiL8qZt0R
9+Sz7n9uZ5pMRK3tr03Ccjg3AneKWRqad2iaTB/kOwAdu7Uqxz8U9qUuRDFPV7OY
KTMCCfdS8XpMHl/S+Cvg2dqSNiBEkNmowYO6NvQClG0aoN4/6wH+m2TZ0hCl6PVq
pNFOTJmp7FOaztEZC4rqW8DoOGeGaNo5DP9A2XKKDR20F7EiAE437ApEQ4p5QGVk
ek4uslZkwJWU/UOzXRl/Hoz0OlI0ixsdZy1vw88HCl7SD1E7xHJpnRUkOjigTT1Q
nbCt0Nm/A2+c1tKbzU+PVW8FtIbutZhW1BtrqaIbbHr9NBTICR0=
=Yg+/
-----END PGP SIGNATURE-----
Merge 4.19.18 into android-4.19
Changes in 4.19.18
ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
mlxsw: spectrum: Disable lag port TX before removing it
mlxsw: spectrum_switchdev: Set PVID correctly during VLAN deletion
net: dsa: mv88x6xxx: mv88e6390 errata
net, skbuff: do not prefer skb allocation fails early
qmi_wwan: add MTU default to qmap network interface
r8169: Add support for new Realtek Ethernet
ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
net: clear skb->tstamp in bridge forwarding path
netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets
gpio: pl061: Move irq_chip definition inside struct pl061
drm/amd/display: Guard against null stream_state in set_crc_source
drm/amdkfd: fix interrupt spin lock
ixgbe: allow IPsec Tx offload in VEPA mode
platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey
e1000e: allow non-monotonic SYSTIM readings
usb: typec: tcpm: Do not disconnect link for self powered devices
selftests/bpf: enable (uncomment) all tests in test_libbpf.sh
of: overlay: add missing of_node_put() after add new node to changeset
writeback: don't decrement wb->refcnt if !wb->bdi
serial: set suppress_bind_attrs flag only if builtin
bpf: Allow narrow loads with offset > 0
ALSA: oxfw: add support for APOGEE duet FireWire
x86/mce: Fix -Wmissing-prototypes warnings
MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
crypto: ecc - regularize scalar for scalar multiplication
arm64: perf: set suppress_bind_attrs flag to true
drm/atomic-helper: Complete fake_commit->flip_done potentially earlier
clk: meson: meson8b: fix incorrect divider mapping in cpu_scale_table
samples: bpf: fix: error handling regarding kprobe_events
usb: gadget: udc: renesas_usb3: add a safety connection way for forced_b_device
fpga: altera-cvp: fix probing for multiple FPGAs on the bus
selinux: always allow mounting submounts
ASoC: pcm3168a: Don't disable pcm3168a when CONFIG_PM defined
scsi: qedi: Check for session online before getting iSCSI TLV data.
drm/amdgpu: Reorder uvd ring init before uvd resume
rxe: IB_WR_REG_MR does not capture MR's iova field
efi/libstub: Disable some warnings for x86{,_64}
jffs2: Fix use of uninitialized delayed_work, lockdep breakage
clk: imx: make mux parent strings const
pstore/ram: Do not treat empty buffers as valid
media: uvcvideo: Refactor teardown of uvc on USB disconnect
powerpc/xmon: Fix invocation inside lock region
powerpc/pseries/cpuidle: Fix preempt warning
media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
ASoC: use dma_ops of parent device for acp_audio_dma
media: venus: core: Set dma maximum segment size
staging: erofs: fix use-after-free of on-stack `z_erofs_vle_unzip_io'
net: call sk_dst_reset when set SO_DONTROUTE
scsi: target: use consistent left-aligned ASCII INQUIRY data
scsi: target/core: Make sure that target_wait_for_sess_cmds() waits long enough
selftests: do not macro-expand failed assertion expressions
arm64: kasan: Increase stack size for KASAN_EXTRA
clk: imx6q: reset exclusive gates on init
arm64: Fix minor issues with the dcache_by_line_op macro
bpf: relax verifier restriction on BPF_MOV | BPF_ALU
kconfig: fix file name and line number of warn_ignored_character()
kconfig: fix memory leak when EOF is encountered in quotation
mmc: atmel-mci: do not assume idle after atmci_request_end
btrfs: volumes: Make sure there is no overlap of dev extents at mount time
btrfs: alloc_chunk: fix more DUP stripe size handling
btrfs: fix use-after-free due to race between replace start and cancel
btrfs: improve error handling of btrfs_add_link
tty/serial: do not free trasnmit buffer page under port lock
perf intel-pt: Fix error with config term "pt=0"
perf tests ARM: Disable breakpoint tests 32-bit
perf svghelper: Fix unchecked usage of strncpy()
perf parse-events: Fix unchecked usage of strncpy()
perf vendor events intel: Fix Load_Miss_Real_Latency on SKL/SKX
netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set
netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine
netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine
x86/topology: Use total_cpus for max logical packages calculation
dm crypt: use u64 instead of sector_t to store iv_offset
dm kcopyd: Fix bug causing workqueue stalls
perf stat: Avoid segfaults caused by negated options
tools lib subcmd: Don't add the kernel sources to the include path
dm snapshot: Fix excessive memory usage and workqueue stalls
perf cs-etm: Correct packets swapping in cs_etm__flush()
perf tools: Add missing sigqueue() prototype for systems lacking it
perf tools: Add missing open_memstream() prototype for systems lacking it
quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls.
clocksource/drivers/integrator-ap: Add missing of_node_put()
dm: Check for device sector overflow if CONFIG_LBDAF is not set
Bluetooth: btusb: Add support for Intel bluetooth device 8087:0029
ALSA: bebob: fix model-id of unit for Apogee Ensemble
sysfs: Disable lockdep for driver bind/unbind files
IB/usnic: Fix potential deadlock
scsi: mpt3sas: fix memory ordering on 64bit writes
scsi: smartpqi: correct lun reset issues
ath10k: fix peer stats null pointer dereference
scsi: smartpqi: call pqi_free_interrupts() in pqi_shutdown()
scsi: megaraid: fix out-of-bound array accesses
iomap: don't search past page end in iomap_is_partially_uptodate
ocfs2: fix panic due to unrecovered local alloc
mm/page-writeback.c: don't break integrity writeback on ->writepage() error
mm/swap: use nr_node_ids for avail_lists in swap_info_struct
userfaultfd: clear flag if remap event not enabled
mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
iwlwifi: mvm: Send LQ command as async when necessary
Bluetooth: Fix unnecessary error message for HCI request completion
ipmi: fix use-after-free of user->release_barrier.rda
ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
ipmi: Prevent use-after-free in deliver_response
ipmi:ssif: Fix handling of multi-part return messages
ipmi: Don't initialize anything in the core until something uses it
Linux 4.19.18
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 3da2c1dfdb802b184eea0653d1e589515b52d74b ]
ecc_point_mult is supposed to be used with a regularized scalar,
otherwise, it's possible to deduce the position of the top bit of the
scalar with timing attack. This is important when the scalar is a
private key.
ecc_point_mult is already using a regular algorithm (i.e. having an
operation flow independent of the input scalar) but regularization step
is not implemented.
Arrange scalar to always have fixed top bit by adding a multiple of the
curve order (n).
References:
The constant time regularization step is based on micro-ecc by Kenneth
MacKay and also referenced in the literature (Bernstein, D. J., & Lange,
T. (2017). Montgomery curves and the Montgomery ladder. (Cryptology
ePrint Archive; Vol. 2017/293). s.l.: IACR. Chapter 4.6.2.)
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Cc: kernel-hardening@lists.openwall.com
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxHf8cACgkQONu9yGCS
aT71Mg/9FnDYja+AD9hj01kFsh6+C4K/QLZY69kLgzmNvr1htsWLRvxSta0dIKc0
In4rianKMhOHekGub6ufO0Ne1jPV9ZCF61cZ/oENISB5D/oVZJL+baR92zeodSg9
XFBPRu9eKPQV+UFPliyyKEJtyWEmLHvJMOQkKft0reduZgPy0xonkQ97K48QmF9G
b/Ly6E8c/qfQThIqn0wfPQ2DUYET9cCE667iw8+Mwzr2HYuLoltyp9ODyMW2fuNT
vyKve8s+IQ8wCKy1fkwyIJD7CjV0mJMJfUYx1Ax+ewU6MtBDrhEyfcfA9sJfsyRH
k/BydK4aQJqcejp8ajOVQjZFZtGMnuTM38n3SpJnyNLWz6JvCTQr8dl2A5Y5/iph
Q1FQH9BHKWCCJO8JVjfMYhCewvdo47mjE1gUfs9HyyW4SjJxhJCn07u2LU1YCRHW
G9NqRb208UZw7O6prCsdZRlZPJjon1Fln7ym/esKjuMRyNNycV093ysPaqzhKrJq
2Dxgt+fYBaP63BawAZUC+kQ0iX4OcSja78F4txbVBeksqskNAPHreMbcd5PDid/h
bN89kPVCIV0eFJa0AMuKHdrbljRH/I6wbKmz3KvyjoRgq8KGc2PvrSe4DTJfax3W
gOEnESLn7r58oUQ0OmfSv7U4zU700tuH9wOpFZyb5vqVvdXcQzA=
=NSqX
-----END PGP SIGNATURE-----
Merge 4.19.17 into android-4.19
Changes in 4.19.17
tty/ldsem: Wake up readers after timed out down_write()
tty: Hold tty_ldisc_lock() during tty_reopen()
tty: Simplify tty->count math in tty_reopen()
tty: Don't hold ldisc lock in tty_reopen() if ldisc present
can: gw: ensure DLC boundaries after CAN frame modification
netfilter: nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS
netfilter: nf_conncount: don't skip eviction when age is negative
netfilter: nf_conncount: split gc in two phases
netfilter: nf_conncount: restart search when nodes have been erased
netfilter: nf_conncount: merge lookup and add functions
netfilter: nf_conncount: move all list iterations under spinlock
netfilter: nf_conncount: speculative garbage collection on empty lists
netfilter: nf_conncount: fix argument order to find_next_bit
mmc: sdhci-msm: Disable CDR function on TX
Revert "scsi: target: iscsi: cxgbit: fix csk leak"
scsi: target: iscsi: cxgbit: fix csk leak
scsi: target: iscsi: cxgbit: fix csk leak
arm64/kvm: consistently handle host HCR_EL2 flags
arm64: Don't trap host pointer auth use to EL2
ipv6: fix kernel-infoleak in ipv6_local_error()
net: bridge: fix a bug on using a neighbour cache entry without checking its state
packet: Do not leak dev refcounts on error exit
tcp: change txhash on SYN-data timeout
tun: publish tfile after it's fully initialized
lan743x: Remove phy_read from link status change function
smc: move unhash as early as possible in smc_release()
r8169: don't try to read counters if chip is in a PCI power-save state
bonding: update nest level on unlink
ip: on queued skb use skb_header_pointer instead of pskb_may_pull
r8169: load Realtek PHY driver module before r8169
crypto: sm3 - fix undefined shift by >= width of value
crypto: caam - fix zero-length buffer DMA mapping
crypto: authencesn - Avoid twice completion call in decrypt path
crypto: ccree - convert to use crypto_authenc_extractkeys()
crypto: bcm - convert to use crypto_authenc_extractkeys()
crypto: authenc - fix parsing key with misaligned rta_len
crypto: talitos - reorder code in talitos_edesc_alloc()
crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK
xen: Fix x86 sched_clock() interface for xen
Revert "btrfs: balance dirty metadata pages in btrfs_finish_ordered_io"
btrfs: wait on ordered extents on abort cleanup
Yama: Check for pid death before checking ancestry
scsi: core: Synchronize request queue PM status only on successful resume
scsi: sd: Fix cache_type_store()
mips: fix n32 compat_ipc_parse_version
MIPS: BCM47XX: Setup struct device for the SoC
MIPS: lantiq: Fix IPI interrupt handling
drm/i915/gvt: Fix mmap range check
OF: properties: add missing of_node_put
mfd: tps6586x: Handle interrupts on suspend
media: v4l: ioctl: Validate num_planes for debug messages
RDMA/nldev: Don't expose unsafe global rkey to regular user
RDMA/vmw_pvrdma: Return the correct opcode when creating WR
kbuild: Disable LD_DEAD_CODE_DATA_ELIMINATION with ftrace & GCC <= 4.7
net: dsa: realtek-smi: fix OF child-node lookup
pstore/ram: Avoid allocation and leak of platform data
arm64: kaslr: ensure randomized quantities are clean to the PoC
arm64: dts: marvell: armada-ap806: reserve PSCI area
Disable MSI also when pcie-octeon.pcie_disable on
fix int_sqrt64() for very large numbers
omap2fb: Fix stack memory disclosure
media: vivid: fix error handling of kthread_run
media: vivid: set min width/height to a value > 0
bpf: in __bpf_redirect_no_mac pull mac only if present
ipv6: make icmp6_send() robust against null skb->dev
LSM: Check for NULL cred-security on free
media: vb2: vb2_mmap: move lock up
sunrpc: handle ENOMEM in rpcb_getport_async
netfilter: ebtables: account ebt_table_info to kmemcg
block: use rcu_work instead of call_rcu to avoid sleep in softirq
selinux: fix GPF on invalid policy
blockdev: Fix livelocks on loop device
sctp: allocate sctp_sockaddr_entry with kzalloc
tipc: fix uninit-value in in tipc_conn_rcv_sub
tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
tipc: fix uninit-value in tipc_nl_compat_bearer_enable
tipc: fix uninit-value in tipc_nl_compat_link_set
tipc: fix uninit-value in tipc_nl_compat_name_table_dump
tipc: fix uninit-value in tipc_nl_compat_doit
block/loop: Don't grab "struct file" for vfs_getattr() operation.
block/loop: Use global lock for ioctl() operation.
loop: Fold __loop_release into loop_release
loop: Get rid of loop_index_mutex
loop: Push lo_ctl_mutex down into individual ioctls
loop: Split setting of lo_state from loop_clr_fd
loop: Push loop_ctl_mutex down into loop_clr_fd()
loop: Push loop_ctl_mutex down to loop_get_status()
loop: Push loop_ctl_mutex down to loop_set_status()
loop: Push loop_ctl_mutex down to loop_set_fd()
loop: Push loop_ctl_mutex down to loop_change_fd()
loop: Move special partition reread handling in loop_clr_fd()
loop: Move loop_reread_partitions() out of loop_ctl_mutex
loop: Fix deadlock when calling blkdev_reread_part()
loop: Avoid circular locking dependency between loop_ctl_mutex and bd_mutex
loop: Get rid of 'nested' acquisition of loop_ctl_mutex
loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
loop: drop caches if offset or block_size are changed
drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
selftests: Fix test errors related to lib.mk khdr target
media: vb2: be sure to unlock mutex on errors
nbd: Use set_blocksize() to set device blocksize
Linux 4.19.17
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 8f9c469348487844328e162db57112f7d347c49f upstream.
Keys for "authenc" AEADs are formatted as an rtattr containing a 4-byte
'enckeylen', followed by an authentication key and an encryption key.
crypto_authenc_extractkeys() parses the key to find the inner keys.
However, it fails to consider the case where the rtattr's payload is
longer than 4 bytes but not 4-byte aligned, and where the key ends
before the next 4-byte aligned boundary. In this case, 'keylen -=
RTA_ALIGN(rta->rta_len);' underflows to a value near UINT_MAX. This
causes a buffer overread and crash during crypto_ahash_setkey().
Fix it by restricting the rtattr payload to the expected size.
Reproducer using AF_ALG:
#include <linux/if_alg.h>
#include <linux/rtnetlink.h>
#include <sys/socket.h>
int main()
{
int fd;
struct sockaddr_alg addr = {
.salg_type = "aead",
.salg_name = "authenc(hmac(sha256),cbc(aes))",
};
struct {
struct rtattr attr;
__be32 enckeylen;
char keys[1];
} __attribute__((packed)) key = {
.attr.rta_len = sizeof(key),
.attr.rta_type = 1 /* CRYPTO_AUTHENC_KEYA_PARAM */,
};
fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(fd, (void *)&addr, sizeof(addr));
setsockopt(fd, SOL_ALG, ALG_SET_KEY, &key, sizeof(key));
}
It caused:
BUG: unable to handle kernel paging request at ffff88007ffdc000
PGD 2e01067 P4D 2e01067 PUD 2e04067 PMD 2e05067 PTE 0
Oops: 0000 [#1] SMP
CPU: 0 PID: 883 Comm: authenc Not tainted 4.20.0-rc1-00108-g00c9fe37a7f27 #13
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-20181126_142135-anatol 04/01/2014
RIP: 0010:sha256_ni_transform+0xb3/0x330 arch/x86/crypto/sha256_ni_asm.S:155
[...]
Call Trace:
sha256_ni_finup+0x10/0x20 arch/x86/crypto/sha256_ssse3_glue.c:321
crypto_shash_finup+0x1a/0x30 crypto/shash.c:178
shash_digest_unaligned+0x45/0x60 crypto/shash.c:186
crypto_shash_digest+0x24/0x40 crypto/shash.c:202
hmac_setkey+0x135/0x1e0 crypto/hmac.c:66
crypto_shash_setkey+0x2b/0xb0 crypto/shash.c:66
shash_async_setkey+0x10/0x20 crypto/shash.c:223
crypto_ahash_setkey+0x2d/0xa0 crypto/ahash.c:202
crypto_authenc_setkey+0x68/0x100 crypto/authenc.c:96
crypto_aead_setkey+0x2a/0xc0 crypto/aead.c:62
aead_setkey+0xc/0x10 crypto/algif_aead.c:526
alg_setkey crypto/af_alg.c:223 [inline]
alg_setsockopt+0xfe/0x130 crypto/af_alg.c:256
__sys_setsockopt+0x6d/0xd0 net/socket.c:1902
__do_sys_setsockopt net/socket.c:1913 [inline]
__se_sys_setsockopt net/socket.c:1910 [inline]
__x64_sys_setsockopt+0x1f/0x30 net/socket.c:1910
do_syscall_64+0x4a/0x180 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Fixes: e236d4a89a ("[CRYPTO] authenc: Move enckeylen into key itself")
Cc: <stable@vger.kernel.org> # v2.6.25+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d45a90cb5d061fa7d411b974b950fe0b8bc5f265 upstream.
sm3_compress() calls rol32() with shift >= 32, which causes undefined
behavior. This is easily detected by enabling CONFIG_UBSAN.
Explicitly AND with 31 to make the behavior well defined.
Fixes: 4f0fc1600e ("crypto: sm3 - add OSCCA SM3 secure hash")
Cc: <stable@vger.kernel.org> # v4.15+
Cc: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
crypto_grab_*() doesn't set crypto_spawn::inst, so templates must set it
beforehand. Otherwise it will be left NULL, which causes a crash in
certain cases where algorithms are dynamically loaded/unloaded. E.g.
with CONFIG_CRYPTO_CHACHA20_X86_64=m, the following caused a crash:
insmod chacha-x86_64.ko
python -c 'import socket; socket.socket(socket.AF_ALG, 5, 0).bind(("skcipher", "adiantum(xchacha12,aes)"))'
rmmod chacha-x86_64.ko
python -c 'import socket; socket.socket(socket.AF_ALG, 5, 0).bind(("skcipher", "adiantum(xchacha12,aes)"))'
Fixes: 059c2a4d8e16 ("crypto: adiantum - add Adiantum support")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 6db43410179bc40419a9859ebb333f178a49829d)
Test: Adiantum self-tests
Change-Id: I248548c979b0ee9e63a35f8ae779741bb5967b6e
crypto_alg_mod_lookup() takes a reference to the hash algorithm but
crypto_init_shash_spawn() doesn't take ownership of it, hence the
reference needs to be dropped in adiantum_create().
Fixes: 059c2a4d8e16 ("crypto: adiantum - add Adiantum support")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 00c9fe37a7f27a306bcaa5737f0787fe139f8aba)
Test: Adiantum self-tests
Change-Id: Ic609144bc3c72cc2c4ccbbaf450168193f3df7db
The 2018-11-28 revision of the Adiantum paper has revised some notation:
- 'M' was replaced with 'L' (meaning "Left", for the left-hand part of
the message) in the definition of Adiantum hashing, to avoid confusion
with the full message
- ε-almost-∆-universal is now abbreviated as ε-∆U instead of εA∆U
- "block" is now used only to mean block cipher and Poly1305 blocks
Also, Adiantum hashing was moved from the appendix to the main paper.
To avoid confusion, update relevant comments in the code to match.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit c6018e1a00b5c70610cdfb3650cc5622c917ed17)
Test: Adiantum self-tests
Change-Id: Idd371e46408a449f7ff2ba77af2d4414979aadbf
If the stream cipher implementation is asynchronous, then the Adiantum
instance must be flagged as asynchronous as well. Otherwise someone
asking for a synchronous algorithm can get an asynchronous algorithm.
There are no asynchronous xchacha12 or xchacha20 implementations yet
which makes this largely a theoretical issue, but it should be fixed.
Fixes: 059c2a4d8e16 ("crypto: adiantum - add Adiantum support")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit b299362ee48db8eab34208302ee9730ff9d6091c)
Test: Adiantum self-tests
Change-Id: Ic7207e4036a0f03fba81375ffe36f511af2eb08c
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlw2Jd8ACgkQONu9yGCS
aT5DIw//RlX7Djwh9VnEEgggVpPxzIDfO8BcIR5EvSpHoci2skeD6/M5a+xiKKLk
HOuH/cqBobkifnCzHwHLQYP9rIbkRceW0wDU2tdaecTf6G82TPoa5rQzG0rMMTM4
HFrMlMXvQoWSlaALBi5xkGGa7AGOVcmiJBaIkbqNST4Ah8KMBRxEqDvnbh/ALXCe
qLRc7lDf/WRoN9GBzoCJwuaF9EcDW/C3EyHowVroDkN3UobzfdFSmrjkteFbkIkp
9rMzoyIXmKAe762ggkQTk8hEaVHqs7YxWlq53cym6NBtiBgfjqIKtT6tEtGs5U3i
sA+YK6PzCfwp4I0ffXVqUoFi3WfJ4Ist+co8e8Uu0+taRDzahBkxtxxmNb6URU64
1sosY0YyG7k72OYp9J4mYhCAbxUKC8S80TWjwPlyaVaUDWDHAbOQk5HDJ9wIERmN
PltF9wQ7ZQrha4v4nafPYJn/FmQuDCfDA78vOJ09PEbNZoNBhqXbHJGx/GEShdDE
/ZzoVigpN2tqIvXFM99rVPRDaTsWlCSiorOvn8vTyqv64EaGO2qZUDmvaReEbUxy
i1jJ5YcQoPk4GbNI8hfShGOhT+eAtw/KW5pHwqHbEle6jyeK+7KIdBmzw5ZXQIM6
4tzDOgn7yIpkMc+qyj3n3WE1LqRLt/cbOoxMu85jHDf5LgrtF50=
=Gqyx
-----END PGP SIGNATURE-----
Merge 4.19.14 into android-4.19
Changes in 4.19.14
ax25: fix a use-after-free in ax25_fillin_cb()
gro_cell: add napi_disable in gro_cells_destroy
ibmveth: fix DMA unmap error in ibmveth_xmit_start error path
ieee802154: lowpan_header_create check must check daddr
ip6mr: Fix potential Spectre v1 vulnerability
ipv4: Fix potential Spectre v1 vulnerability
ipv6: explicitly initialize udp6_addr in udp_sock_create6()
ipv6: tunnels: fix two use-after-free
ip: validate header length on virtual device xmit
isdn: fix kernel-infoleak in capi_unlocked_ioctl
net: clear skb->tstamp in forwarding paths
net/hamradio/6pack: use mod_timer() to rearm timers
net: ipv4: do not handle duplicate fragments as overlapping
net: macb: restart tx after tx used bit read
net: mvpp2: 10G modes aren't supported on all ports
net: phy: Fix the issue that netif always links up after resuming
netrom: fix locking in nr_find_socket()
net/smc: fix TCP fallback socket release
net: stmmac: Fix an error code in probe()
net/tls: allocate tls context using GFP_ATOMIC
net/wan: fix a double free in x25_asy_open_tty()
packet: validate address length
packet: validate address length if non-zero
ptr_ring: wrap back ->producer in __ptr_ring_swap_queue()
qmi_wwan: Added support for Fibocom NL668 series
qmi_wwan: Added support for Telit LN940 series
qmi_wwan: Add support for Fibocom NL678 series
sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event
sock: Make sock->sk_stamp thread-safe
tcp: fix a race in inet_diag_dump_icsk()
tipc: check tsk->group in tipc_wait_for_cond()
tipc: compare remote and local protocols in tipc_udp_enable()
tipc: fix a double free in tipc_enable_bearer()
tipc: fix a double kfree_skb()
tipc: use lock_sock() in tipc_sk_reinit()
vhost: make sure used idx is seen before log in vhost_add_used_n()
VSOCK: Send reset control packet when socket is partially bound
xen/netfront: tolerate frags with no data
net/mlx5: Typo fix in del_sw_hw_rule
tipc: check group dests after tipc_wait_for_cond()
net/mlx5e: Remove the false indication of software timestamping support
ipv6: frags: Fix bogus skb->sk in reassembled packets
net/ipv6: Fix a test against 'ipv6_find_idev()' return value
nfp: flower: ensure TCP flags can be placed in IPv6 frame
ipv6: route: Fix return value of ip6_neigh_lookup() on neigh_create() error
mscc: Configured MAC entries should be locked.
net/mlx5e: Cancel DIM work on close SQ
net/mlx5e: RX, Verify MPWQE stride size is in range
net: mvpp2: fix the phylink mode validation
qed: Fix command number mismatch between driver and the mfw
mlxsw: core: Increase timeout during firmware flash process
net/mlx5e: Remove unused UDP GSO remaining counter
net/mlx5e: RX, Fix wrong early return in receive queue poll
net: mvneta: fix operation for 64K PAGE_SIZE
net: Use __kernel_clockid_t in uapi net_stamp.h
r8169: fix WoL device wakeup enable
IB/hfi1: Incorrect sizing of sge for PIO will OOPs
ALSA: rme9652: Fix potential Spectre v1 vulnerability
ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
ALSA: pcm: Fix potential Spectre v1 vulnerability
ALSA: emux: Fix potential Spectre v1 vulnerabilities
powerpc/fsl: Fix spectre_v2 mitigations reporting
mtd: atmel-quadspi: disallow building on ebsa110
mtd: rawnand: marvell: prevent timeouts on a loaded machine
mtd: rawnand: omap2: Pass the parent of pdev to dma_request_chan()
ALSA: hda: add mute LED support for HP EliteBook 840 G4
ALSA: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294
ALSA: fireface: fix for state to fetch PCM frames
ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet
ALSA: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint
ALSA: firewire-lib: use the same print format for 'without_header' tracepoints
ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops
ALSA: hda/tegra: clear pending irq handlers
usb: dwc2: host: use hrtimer for NAK retries
USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays
USB: serial: option: add Fibocom NL678 series
usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable()
usb: dwc2: disable power_down on Amlogic devices
Revert "usb: dwc3: pci: Use devm functions to get the phy GPIOs"
usb: roles: Add a description for the class to Kconfig
media: dvb-usb-v2: Fix incorrect use of transfer_flags URB_FREE_BUFFER
staging: wilc1000: fix missing read_write setting when reading data
ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper
ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty
s390/pci: fix sleeping in atomic during hotplug
Input: atmel_mxt_ts - don't try to free unallocated kernel memory
Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off
x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init()
KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup
arm64: KVM: Make VHE Stage-2 TLB invalidation operations non-interruptible
KVM: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails
platform-msi: Free descriptors in platform_msi_domain_free()
drm/v3d: Skip debugfs dumping GCA on platforms without GCA.
DRM: UDL: get rid of useless vblank initialization
clocksource/drivers/arc_timer: Utilize generic sched_clock
perf machine: Record if a arch has a single user/kernel address space
perf thread: Add fallback functions for cases where cpumode is insufficient
perf tools: Use fallback for sample_addr_correlates_sym() cases
perf script: Use fallbacks for branch stacks
perf pmu: Suppress potential format-truncation warning
perf env: Also consider env->arch == NULL as local operation
ocxl: Fix endiannes bug in ocxl_link_update_pe()
ocxl: Fix endiannes bug in read_afu_name()
ext4: add ext4_sb_bread() to disambiguate ENOMEM cases
ext4: fix possible use after free in ext4_quota_enable
ext4: missing unlock/put_page() in ext4_try_to_write_inline_data()
ext4: fix EXT4_IOC_GROUP_ADD ioctl
ext4: include terminating u32 in size of xattr entries when expanding inodes
ext4: avoid declaring fs inconsistent due to invalid file handles
ext4: force inode writes when nfsd calls commit_metadata()
ext4: check for shutdown and r/o file system in ext4_write_inode()
spi: bcm2835: Fix race on DMA termination
spi: bcm2835: Fix book-keeping of DMA termination
spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode
clk: rockchip: fix typo in rk3188 spdif_frac parent
clk: sunxi-ng: Use u64 for calculation of NM rate
crypto: cavium/nitrox - fix a DMA pool free failure
crypto: chcr - small packet Tx stalls the queue
crypto: testmgr - add AES-CFB tests
crypto: cfb - fix decryption
cgroup: fix CSS_TASK_ITER_PROCS
cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader.
btrfs: dev-replace: go back to suspended state if target device is missing
btrfs: dev-replace: go back to suspend state if another EXCL_OP is running
btrfs: skip file_extent generation check for free_space_inode in run_delalloc_nocow
Btrfs: fix fsync of files with multiple hard links in new directories
btrfs: run delayed items before dropping the snapshot
Btrfs: send, fix race with transaction commits that create snapshots
brcmfmac: fix roamoff=1 modparam
brcmfmac: Fix out of bounds memory access during fw load
powerpc/tm: Unset MSR[TS] if not recheckpointing
dax: Don't access a freed inode
dax: Use non-exclusive wait in wait_entry_unlocked()
f2fs: read page index before freeing
f2fs: fix validation of the block count in sanity_check_raw_super
f2fs: sanity check of xattr entry size
serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly
media: cec: keep track of outstanding transmits
media: cec-pin: fix broken tx_ignore_nack_until_eom error injection
media: rc: cec devices do not have a lirc chardev
media: imx274: fix stack corruption in imx274_read_reg
media: vivid: free bitmap_cap when updating std/timings/etc.
media: vb2: check memory model for VIDIOC_CREATE_BUFS
media: v4l2-tpg: array index could become negative
tools lib traceevent: Fix processing of dereferenced args in bprintk events
MIPS: math-emu: Write-protect delay slot emulation pages
MIPS: c-r4k: Add r4k_blast_scache_node for Loongson-3
MIPS: Ensure pmd_present() returns false after pmd_mknotpresent()
MIPS: Align kernel load address to 64KB
MIPS: Expand MIPS32 ASIDs to 64 bits
MIPS: OCTEON: mark RGMII interface disabled on OCTEON III
MIPS: Fix a R10000_LLSC_WAR logic in atomic.h
CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem
smb3: fix large reads on encrypted connections
arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1
arm/arm64: KVM: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs
ARM: dts: exynos: Specify I2S assigned clocks in proper node
rtc: m41t80: Correct alarm month range with RTC reads
KVM: arm/arm64: vgic: Do not cond_resched_lock() with IRQs disabled
KVM: arm/arm64: vgic: Cap SPIs to the VM-defined maximum
KVM: arm/arm64: vgic-v2: Set active_source to 0 when restoring state
KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq()
iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes
arm64: compat: Avoid sending SIGILL for unallocated syscall numbers
tpm: tpm_try_transmit() refactor error flow.
tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x
spi: bcm2835: Unbreak the build of esoteric configs
MIPS: Only include mmzone.h when CONFIG_NEED_MULTIPLE_NODES=y
Linux 4.19.14
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit fa4600734b74f74d9169c3015946d4722f8bcf79 upstream.
crypto_cfb_decrypt_segment() incorrectly XOR'ed generated keystream with
IV, rather than with data stream, resulting in incorrect decryption.
Test vectors will be added in the next patch.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* origin_4.19/tmp-0567d2f:
Linux 4.19.9
HID: quirks: fix RetroUSB.com devices
mac80211: ignore NullFunc frames in the duplicate detection
mac80211: fix reordering of buffered broadcast packets
mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext
mac80211: Clear beacon_int in ieee80211_do_stop
mac80211: fix GFP_KERNEL under tasklet context
mac80211_hwsim: Timer should be initialized before device registered
cfg80211: Fix busy loop regression in ieee80211_ie_split_ric()
libnvdimm, pfn: Pad pfn namespaces relative to other regions
kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var()
gnss: sirf: fix activation retry handling
tty: do not set TTY_IO_ERROR flag if console port
tty: serial: 8250_mtk: always resume the device in probe.
Drivers: hv: vmbus: Offload the handling of channels to two workqueues
x86/efi: Allocate e820 buffer before calling efi_exit_boot_service
kprobes/x86: Fix instruction patching corruption when copying more than one RIP-relative instruction
drm/i915: Downgrade Gen9 Plane WM latency error
drm/amdgpu/gmc8: always load MC firmware in the driver
drm/amdgpu/gmc8: update MC firmware for polaris
drm/msm: Move fence put to where failure occurs
drm/lease: Send a distinct uevent
drm/amdgpu: update mc firmware image for polaris12 variants
crypto: do not free algorithm before using
Revert commit ef9209b642 "staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c"
staging: rtl8712: Fix possible buffer overrun
cifs: Fix separator when building path from dentry
Revert "x86/e820: put !E820_TYPE_RAM regions into memblock.reserved"
arm64: dts: rockchip: remove vdd_log from rock960 to fix a stability issues
xhci: Prevent U1/U2 link pm states if exit latency is too long
xhci: workaround CSS timeout on AMD SNPS 3.0 xHC
ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE
dmaengine: cppi41: delete channel from pending list when stop channel
dmaengine: imx-sdma: use GFP_NOWAIT for dma descriptor allocations
dmaengine: imx-sdma: implement channel termination via worker
Revert "dmaengine: imx-sdma: alloclate bd memory from dma pool"
Revert "dmaengine: imx-sdma: Use GFP_NOWAIT for dma allocations"
dmaengine: dw: Fix FIFO size for Intel Merrifield
SUNRPC: Fix leak of krb5p encode pages
arm64: hibernate: Avoid sending cross-calling with interrupts disabled
vhost/vsock: fix use-after-free in network stack callers
virtio/s390: fix race in ccw_io_helper()
virtio/s390: avoid race on vcdev->config
parisc: Enable -ffunction-sections for modules on 32-bit kernel
Revert "mfd: cros_ec: Use devm_kzalloc for private data"
media: dvb-pll: don't re-validate tuner frequencies
media: dvb-pll: fix tuner frequency ranges
media: vicodec: fix memchr() kernel oops
media: gspca: fix frame overflow error
ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G
ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G
ALSA: hda/realtek - Add support for Acer Aspire C24-860 headset mic
ALSA: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880
ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570
ALSA: pcm: Fix interval evaluation with openmin/max
ALSA: pcm: Call snd_pcm_unlink() conditionally at closing
ALSA: pcm: Fix starvation on down_write_nonblock()
ALSA: hda: Add support for AMD Stoney Ridge
ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
ALSA: usb-audio: Add SMSL D1 to quirks for native DSD support
USB: serial: console: fix reported terminal settings
USB: check usb_get_extra_descriptor for proper size
usb: appledisplay: Add 27" Apple Cinema Display
usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device
net: amd: add missing of_node_put()
team: no need to do team_notify_peers or team_mcast_rejoin when disabling port
ibmvnic: Update driver queues after change in ring size support
ibmvnic: Fix RX queue buffer cleanup
flexfiles: use per-mirror specified stateid for IO
NFSv4.2 copy do not allocate memory under the lock
iommu/vt-d: Use memunmap to free memremap
net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts
riscv: fix warning in arch/riscv/include/asm/module.h
net/ibmnvic: Fix deadlock problem in reset
qed: Fix QM getters to always return a valid pq
qed: Fix bitmap_weight() check
NFSv4: Fix a NFSv4 state manager deadlock
net: ena: fix crash during failed resume from hibernation
mtd: spi-nor: Fix Cadence QSPI page fault kernel panic
HID: multitouch: Add pointstick support for Cirque Touchpad
Revert "HID: uhid: use strlcpy() instead of strncpy()"
cpufreq: ti-cpufreq: Only register platform_device when supported
mtd: rawnand: qcom: Namespace prefix some commands
tc-testing: tdc.py: Guard against lack of returncode in executed command
tc-testing: tdc.py: ignore errors when decoding stdout/stderr
gpio: mockup: fix indicated direction
gpio: pxa: fix legacy non pinctrl aware builds again
drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo
net/mlx4: Fix UBSAN warning of signed integer overflow
net/mlx4_core: Fix uninitialized variable compilation warning
net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command
drm/amd/display: Support amdgpu "max bpc" connector property (v2)
drm/amdgpu: Add amdgpu "max bpc" connector property (v2)
bnxt_en: Fix filling time in bnxt_fill_coredump_record()
nvme-fc: resolve io failures during connect
s390/ism: clear dmbe_mask bit before SMC IRQ handling
Revert "usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers"
usb: dwc2: pci: Fix an error code in probe
qed: Fix reading wrong value in loop condition
qed: Fix rdma_info structure allocation
qed: Fix overriding offload_tc by protocols without APP TLV
qed: Fix PTT leak in qed_drain()
bnx2x: Assign unique DMAE channel number for FW DMAE transactions.
amd/iommu: Fix Guest Virtual APIC Log Tail Address Register
batman-adv: Expand merged fragment buffer for full packet
batman-adv: Use explicit tvlv padding for ELP packets
HID: input: Ignore battery reported by Symbol DS4308
test_firmware: fix error return getting clobbered
can: rcar_can: Fix erroneous registration
can: ucan: remove set but not used variable 'udev'
scsi: ufs: Fix hynix ufs bug with quirk on hi36xx SoC
iommu/ipmmu-vmsa: Fix crash on early domain free
mt76: fix building without CONFIG_LEDS_CLASS
brcmutil: really fix decoding channel info for 160 MHz bandwidth
iommu/vt-d: Fix NULL pointer dereference in prq_event_thread()
media: ipu3-cio2: Unregister device nodes first, then release resources
media: omap3isp: Unregister media device as first
media: cec: check for non-OK/NACK conditions while claiming a LA
media: vicodec: lower minimum height to 360
ANDROID: cuttlefish_defconfig: Enable VIRT_WIFI
FROMGIT: mac80211-next: rtnetlink wifi simulation device
Linux 4.19.8
blk-mq: punt failed direct issue to dispatch list
tipc: use destination length for copy string
arc: [devboards] Add support of NFSv3 ACL
ARC: change defconfig defaults to ARCv2
btrfs: tree-checker: Don't check max block group size as current max chunk size limit is unreliable
Input: elan_i2c - add support for ELAN0621 touchpad
Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR
Input: elan_i2c - add ELAN0620 to the ACPI table
Input: cros_ec_keyb - fix button/switch capability reports
Input: matrix_keypad - check for errors from of_get_named_gpio()
Input: synaptics - add PNP ID for ThinkPad P50 to SMBus
Input: xpad - quirk all PDP Xbox One gamepads
scsi: lpfc: fix block guard enablement on SLI3 adapters
i40e: Fix deletion of MAC filters
selinux: add support for RTM_NEWCHAIN, RTM_DELCHAIN, and RTM_GETCHAIN
svm: Add mutex_lock to protect apic_access_page_done on AMD systems
kgdboc: Fix warning with module build
kgdboc: Fix restrict error
userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set
userfaultfd: shmem: add i_size checks
userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem
userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails
drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut()
drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config
drm/meson: Fixes for drm_crtc_vblank_on/off support
drm: set is_master to 0 upon drm_new_set_master() failure
drm/amd/dm: Don't forget to attach MST encoders
drm/ast: Fix incorrect free on ioregs
tracing/fgraph: Fix set_graph_function from showing interrupts
IB/mlx5: Avoid load failure due to unknown link width
mips: fix mips_get_syscall_arg o32 check
MIPS: ralink: Fix mt7620 nd_sd pinmux
tracepoint: Use __idx instead of idx in DO_TRACE macro to make it unique
sched, trace: Fix prev_state output in sched_switch tracepoint
arm64: ftrace: Fix to enable syscall events on arm64
mtd: nand: Fix memory allocation in nanddev_bbt_init()
uprobes: Fix handle_swbp() vs. unregister() + register() race once more
iser: set sector for ambiguous mr status errors
unifdef: use memcpy instead of strncpy
test_hexdump: use memcpy instead of strncpy
blk-mq: fix corruption with direct issue
ANDROID: cuttlefish_defconfig: Enable CONFIG_ARM64_LSE_ATOMICS
ANDROID: Move from clang r328903 to r346389b.
Linux 4.19.7
misc: mic/scif: fix copy-paste error in scif_create_remote_lookup
Drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl()
mm: use swp_offset as key in shmem_replace_page()
mm: cleancache: fix corruption on missed inode invalidation
lib/test_kmod.c: fix rmmod double free
iio:st_magn: Fix enable device after trigger
iio/hid-sensors: Fix IIO_CHAN_INFO_RAW returning wrong values for signed numbers
Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid"
usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series
USB: usb-storage: Add new IDs to ums-realtek
staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station
staging: rtl8723bs: Fix incorrect sense of ether_addr_equal
staging: mt7621-pinctrl: fix uninitialized variable ngroups
staging: mt7621-dma: fix potentially dereferencing uninitialized 'tx_desc'
staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION
staging: most: use format specifier "%s" in snprintf
dmaengine: at_hdmac: fix module unloading
dmaengine: at_hdmac: fix memory leak in at_dma_xlate()
ARM: dts: rockchip: Remove @0 from the veyron memory node
ASoC: pcm186x: Fix device reset-registers trigger value
ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0
ext2: fix potential use after free
ext2: initialize opts.s_mount_opt as zero before using it
binder: fix race that allows malicious free of live buffer
function_graph: Reverse the order of pushing the ret_stack and the callback
function_graph: Move return callback before update of curr_ret_stack
function_graph: Have profiler use curr_ret_stack and not depth
function_graph: Use new curr_ret_depth to manage depth instead of curr_ret_stack
function_graph: Make ftrace_push_return_trace() static
MIPS: function_graph: Simplify with function_graph_enter()
arm64: function_graph: Simplify with function_graph_enter()
s390/function_graph: Simplify with function_graph_enter()
riscv/function_graph: Simplify with function_graph_enter()
parisc: function_graph: Simplify with function_graph_enter()
sparc/function_graph: Simplify with function_graph_enter()
sh/function_graph: Simplify with function_graph_enter()
powerpc/function_graph: Simplify with function_graph_enter()
nds32: function_graph: Simplify with function_graph_enter()
x86/function_graph: Simplify with function_graph_enter()
microblaze: function_graph: Simplify with function_graph_enter()
ARM: function_graph: Simplify with function_graph_enter()
function_graph: Create function_graph_enter() to consolidate architecture code
ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop
ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops
ALSA: hda/realtek - fix headset mic detection for MSI MS-B171
ALSA: hda/realtek - Support ALC300
ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist
ALSA: sparc: Fix invalid snd_free_pages() at error path
ALSA: control: Fix race between adding and removing a user element
ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write
ALSA: wss: Fix invalid snd_free_pages() at error path
fs: fix lost error code in dio_complete
perf/x86/intel: Disallow precise_ip on BTS events
perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts()
perf/x86/intel: Move branch tracing setup to the Intel-specific source file
x86/fpu: Disable bottom halves while loading FPU registers
x86/MCE/AMD: Fix the thresholding machinery initialization order
arm64: dts: rockchip: Fix PCIe reset polarity for rk3399-puma-haikou.
PCI: Fix incorrect value returned from pcie_get_speed_cap()
PCI: dwc: Fix MSI-X EP framework address calculation bug
PCI: layerscape: Fix wrong invocation of outbound window disable accessor
btrfs: relocation: set trans to be NULL after ending transaction
Btrfs: fix race between enabling quotas and subvolume creation
Btrfs: fix rare chances for data loss when doing a fast fsync
Btrfs: ensure path name is null terminated at btrfs_control_ioctl
btrfs: Always try all copies when reading extent buffers
udf: Allow mounting volumes with incorrect identification strings
xtensa: fix coprocessor part of ptrace_{get,set}xregs
xtensa: fix coprocessor context offset definitions
xtensa: enable coprocessors that are being flushed
KVM: VMX: re-add ple_gap module parameter
KVM: X86: Fix scan ioapic use-before-initialization
KVM: LAPIC: Fix pv ipis use-before-initialization
KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall
KVM: nVMX/nSVM: Fix bug which sets vcpu->arch.tsc_offset to L1 tsc_offset
kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
kvm: mmu: Fix race in emulated page table writes
userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
x86/speculation: Provide IBPB always command line options
x86/speculation: Add seccomp Spectre v2 user space protection mode
x86/speculation: Enable prctl mode for spectre_v2_user
x86/speculation: Add prctl() control for indirect branch speculation
x86/speculation: Prepare arch_smt_update() for PRCTL mode
x86/speculation: Prevent stale SPEC_CTRL msr content
x86/speculation: Split out TIF update
ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS
x86/speculation: Prepare for conditional IBPB in switch_mm()
x86/speculation: Avoid __switch_to_xtra() calls
x86/process: Consolidate and simplify switch_to_xtra() code
x86/speculation: Prepare for per task indirect branch speculation control
x86/speculation: Add command line control for indirect branch speculation
x86/speculation: Unify conditional spectre v2 print functions
x86/speculataion: Mark command line parser data __initdata
x86/speculation: Mark string arrays const correctly
x86/speculation: Reorder the spec_v2 code
x86/l1tf: Show actual SMT state
x86/speculation: Rework SMT state change
sched/smt: Expose sched_smt_present static key
x86/Kconfig: Select SCHED_SMT if SMP enabled
sched/smt: Make sched_smt_present track topology
x86/speculation: Reorganize speculation control MSRs update
x86/speculation: Rename SSBD update functions
x86/speculation: Disable STIBP when enhanced IBRS is in use
x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common()
x86/speculation: Remove unnecessary ret variable in cpu_show_common()
x86/speculation: Clean up spectre_v2_parse_cmdline()
x86/speculation: Update the TIF_SSBD comment
x86/retpoline: Remove minimal retpoline support
x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant
x86/speculation: Propagate information about RSB filling mitigation to sysfs
x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
tipc: fix lockdep warning during node delete
net: phy: add workaround for issue where PHY driver doesn't bind to the device
tcp: defer SACK compression after DupThresh
net/dim: Update DIM start sample after each DIM iteration
virtio-net: fail XDP set if guest csum is negotiated
virtio-net: disable guest csum during XDP set
net: skb_scrub_packet(): Scrub offload_fwd_mark
net: thunderx: set xdp_prog to NULL if bpf_prog_add fails
usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2
s390/qeth: fix length check in SNMP processing
rapidio/rionet: do not free skb before reading its length
packet: copy user buffers before orphan or clone
net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue
net: gemini: Fix copy/paste error
net: don't keep lonely packets forever in the gro hash
lan743x: fix return value for lan743x_tx_napi_poll
lan743x: Enable driver to work with LAN7431
mm/khugepaged: collapse_shmem() do not crash on Compound
mm/khugepaged: collapse_shmem() without freezing new_page
mm/khugepaged: minor reorderings in collapse_shmem()
mm/khugepaged: collapse_shmem() remember to clear holes
mm/khugepaged: fix crashes due to misaccounted holes
mm/khugepaged: collapse_shmem() stop if punched or truncated
mm/huge_memory: fix lockdep complaint on 32-bit i_size_read()
mm/huge_memory: splitting set mapping+index before unfreeze
mm/huge_memory: rename freeze_page() to unmap_page()
ANDROID: cuttlefish_defconfig: Enable CONFIG_CRYPTO_ADIANTUM
FROMGIT: fscrypt: add Adiantum support
BACKPORT, FROMGIT: crypto: adiantum - add Adiantum support
FROMGIT: crypto: arm/nhpoly1305 - add NEON-accelerated NHPoly1305
FROMGIT: crypto: nhpoly1305 - add NHPoly1305 support
FROMGIT: crypto: poly1305 - add Poly1305 core API
FROMGIT: crypto: poly1305 - use structures for key and accumulator
FROMGIT: crypto: arm/chacha - add XChaCha12 support
FROMGIT: crypto: arm/chacha20 - refactor to allow varying number of rounds
FROMGIT: crypto: arm/chacha20 - add XChaCha20 support
FROMGIT: crypto: arm/chacha20 - limit the preemption-disabled section
FROMGIT: crypto: chacha - add XChaCha12 support
BACKPORT, FROMGIT: crypto: chacha20-generic - refactor to allow varying number of rounds
FROMGIT: crypto: chacha20-generic - add XChaCha20 support
FROMGIT: crypto: chacha20-generic - don't unnecessarily use atomic walk
FROMGIT: crypto: chacha20-generic - add HChaCha20 library function
FROMGIT: crypto: arm/aes - add some hardening against cache-timing attacks
UPSTREAM: crypto: arm/chacha20 - faster 8-bit rotations and other optimizations
UPSTREAM: crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
ANDROID: cuttlefish_defconfig: Enable CONFIG_SDCARD_FS
ANDROID: sdcardfs: Add sdcardfs filesystem
ANDROID: sdcardfs: Define magic value
ANDROID: fs: Restore vfs_path_lookup() export
ANDROID: vfs: add d_canonical_path for stacked filesystem support
ANDROID: vfs: Add permission2 for filesystems with per mount permissions
ANDROID: vfs: Add setattr2 for filesystems with per mount permissions
ANDROID: vfs: Allow filesystems to access their private mount data
ANDROID: mnt: Add filesystem private data to mount points
ANDROID: sdcardfs: Enable modular sdcardfs
Revert "proc: Convert proc_mount to use mount_ns."
ANDROID: binder: add support for RT prio inheritance.
UPSTREAM: binder: Add BINDER_GET_NODE_INFO_FOR_REF ioctl.
ANDROID: net: ipv6: autoconf routes into per-device tables
ANDROID: cuttlefish_defconfig: Enable SECURITY_PERF_EVENTS_RESTRICT
ANDROID: security,perf: Allow further restriction of perf_event_open
ANDROID: netfilter: xt_IDLETIMER: Add new netlink msg type
ANDROID: cuttlefish_defconfig: Enable CONFIG_NETFILTER_XT_MATCH_QUOTA2
ANDROID: netfilter: xt_quota2: adding the original quota2 from xtables-addons
ANDROID: power: wakeup_reason: add an API to log wakeup reasons
ANDROID: trace: sched: add sched blocked tracepoint which dumps out context of sleep.
ANDROID: add extra free kbytes tunable
CHROMIUM: cgroups: relax permissions on moving tasks between cgroups
ANDROID: cpu: send KOBJ_ONLINE event when enabling cpus
ANDROID: fs: FS tracepoints to track IO.
ANDROID: cuttlefish_defconfig: Enable CONFIG_DM_VERITY_AVB
ANDROID: AVB error handler to invalidate vbmeta partition.
ANDROID: cuttlefish_defconfig: Enable CONFIG_CPUSETS
ANDROID: cpuset: Make cpusets restore on hotplug
ANDROID: taskstats: track fsync syscalls
ANDROID: uid_cputime: add per-uid IO usage accounting
ANDROID: cuttlefish_defconfig: Enable CONFIG_UID_SYS_STATS
ANDROID: uid_cputime: Adds accounting for the cputimes per uid.
ANDROID: cuttlefish_defconfig: Enable CONFIG_MMC
ANDROID: mmc: core: Add "ignore mmc pm notify" functionality
ANDROID: cuttlefish_defconfig: Enable CONFIG_USB_CONFIGFS_F_AUDIO_SRC
ANDROID: usb: gadget: f_audio_source: New gadget driver for audio output
ANDROID: usb: gadget: f_midi: set fi->f to NULL when free f_midi function
ANDROID: usb: gadget: f_midi: create F_midi device
ANDROID: cuttlefish_defconfig: Enable CONFIG_USB_CONFIGFS_F_ACC
ANDROID: usb: gadget: f_accessory: Add Android Accessory function
ANDROID: usb: gadget: configfs: Add device attribute to determine gadget state
ANDROID: usb: gadget: configfs: Add "state" attribute to android_device
ANDROID: cuttlefish_defconfig: Enable CONFIG_USB_CONFIGFS_UEVENT
ANDROID: usb: gadget: configfs: Add function devices to the parent
ANDROID: usb: gadget: configfs: Add Uevent to notify userspace
ANDROID: usb: gadget: configfs: Add usb_function ptr to fi struct
ANDROID: mm: add a field to store names for private anonymous memory
ANDROID: fs: epoll: use freezable blocking call
ANDROID: cuttlefish_defconfig: Enable CONFIG_CMDLINE_EXTEND
ANDROID: of: Support CONFIG_CMDLINE_EXTEND config option
ANDROID: arm64: copy CONFIG_CMDLINE_EXTEND from ARM
UPSTREAM: tcp: start receiver buffer autotuning sooner
UPSTREAM: tcp: up initial rmem to 128KB and SYN rwin to around 64KB
ANDROID: net: xfrm: make PF_KEY SHA256 use RFC-compliant truncation.
ANDROID: cuttlefish_defconfig: Enable EAS related defines
BACKPORT: sched/fair: Fix cpu_util_wake() for 'execl' type workloads
ANDROID: defconfig / build config for cuttlefish
ANDROID: Kbuild, LLVMLinux: allow overriding clang target triple
ANDROID: x86: Remove a useless warning message
Revert "x86: Force asm-goto"
Revert "x86: Allow generating user-space headers without a compiler"
Linux 4.19.6
media: ov5640: fix auto controls values when switching to manual mode
media: ov5640: fix wrong binning value in exposure calculation
media: ov5640: fix auto gain & exposure when changing mode
media: ov5640: fix exposure regression
media: ov5640: Fix timings setup code
media: ov5640: Re-work MIPI startup sequence
rcu: Make need_resched() respond to urgent RCU-QS needs
gfs2: Fix iomap buffer head reference counting bug
tty: wipe buffer if not echoing data
tty: wipe buffer.
include/linux/pfn_t.h: force '~' to be parsed as an unary operator
dax: Avoid losing wakeup in dax_lock_mapping_entry
mm, page_alloc: check for max order in hot path
tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset
mm, memory_hotplug: check zone_movable in has_unmovable_pages
z3fold: fix possible reclaim races
efi/arm: Revert deferred unmap of early memmap mapping
powerpc/numa: Suppress "VPHN is not supported" messages
NFSv4: Fix an Oops during delegation callbacks
kdb: Use strscpy with destination buffer size
drm/amdgpu: fix bug with IH ring setup
RISC-V: Silence some module warnings on 32-bit
riscv: add missing vdso_install target
SUNRPC: Fix a bogus get/put in generic_key_to_expire()
block: copy ioprio in __bio_clone_fast() and bounce
perf/x86/intel/uncore: Add more IMC PCI IDs for KabyLake and CoffeeLake CPUs
sched/fair: Fix cpu_util_wake() for 'execl' type workloads
powerpc/io: Fix the IO workarounds code to work with Radix
floppy: fix race condition in __floppy_read_block_0()
crypto: simd - correctly take reqsize of wrapped skcipher into account
rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write
rtc: cmos: Do not export alarm rtc_ops when we do not support alarms
cpufreq: imx6q: add return value check for voltage scale
KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE
scsi: hisi_sas: Remove set but not used variable 'dq_list'
scsi: lpfc: fix remoteport access
tools/testing/nvdimm: Fix the array size for dimm devices.
pinctrl: meson: fix meson8b ao pull register bits
pinctrl: meson: fix meson8 ao pull register bits
pinctrl: meson: fix gxl ao pull register bits
pinctrl: meson: fix gxbb ao pull register bits
pinctrl: meson: fix pinconf bias disable
fanotify: fix handling of events on child sub-directory
fsnotify: generalize handling of extra event flags
IB/hfi1: Eliminate races in the SDMA send error path
ACPICA: AML interpreter: add region addresses in global list during initialization
can: flexcan: remove not needed struct flexcan_priv::tx_mb and struct flexcan_priv::tx_mb_idx
can: flexcan: Always use last mailbox for TX
can: hi311x: Use level-triggered interrupt
can: raw: check for CAN FD capable netdev in raw_sendmsg()
can: flexcan: handle tx-complete CAN frames via rx-offload infrastructure
can: flexcan: use can_rx_offload_queue_sorted() for flexcan_irq_bus_*()
can: rx-offload: rename can_rx_offload_irq_queue_err_skb() to can_rx_offload_queue_tail()
can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions
can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb
can: dev: __can_get_echo_skb(): Don't crash the kernel if can_priv::echo_skb is accessed out of bounds
can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length
can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb()
can: flexcan: Unlock the MB unconditionally
drm/ast: Remove existing framebuffers before loading driver
drm/ast: fixed cursor may disappear sometimes
drm/ast: change resolution may cause screen blurred
drm/i915: Disable LP3 watermarks on all SNB machines
drm/amdgpu: Fix oops when pp_funcs->switch_power_profile is unset
drm/vc4: Set ->legacy_cursor_update to false when doing non-async updates
drm/amdgpu: Add missing firmware entry for HAINAN
drm/fb-helper: Blacklist writeback when adding connectors to fbdev
tcp: do not release socket ownership in tcp_close()
mm/memory.c: recheck page table entry with page table lock held
mm: don't warn about large allocations for slab
llc: do not use sk_eat_skb()
gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd
sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer
bfs: add sanity check at bfs_fill_super()
Input: synaptics - avoid using uninitialized variable when probing
selinux: Add __GFP_NOWARN to allocation at str_read()
v9fs_dir_readdir: fix double-free on p9stat_read error
tools/power/cpupower: fix compilation with STATIC=true
opp: ti-opp-supply: Correct the supply in _get_optimal_vdd_voltage call
opp: ti-opp-supply: Dynamically update u_volt_min
brcmfmac: fix reporting support for 160 MHz channels
iwlwifi: mvm: don't use SAR Geo if basic SAR is not used
iwlwifi: mvm: fix regulatory domain update when the firmware starts
iwlwifi: mvm: support sta_statistics() even on older firmware
iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE
gpio: don't free unallocated ida on gpiochip_add_data_with_key() error path
mmc: sdhci-pci: Workaround GLK firmware failing to restore the tuning value
mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL
Documentation/security-bugs: Postpone fix publication in exceptional cases
Documentation/security-bugs: Clarify treatment of embargoed information
MAINTAINERS: Add Sasha as a stable branch maintainer
ALSA: oss: Use kvzalloc() for local buffer allocations
usb: xhci: Prevent bus suspend if a port connect change or polling state is detected
xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc
usb: xhci: fix timeout for transition from RExit to U0
usb: xhci: fix uninitialized completion when USB3 port got wrong status
xhci: Add check for invalid byte size error when UAS devices are connected.
xhci: handle port status events for removed USB3 hcd
xhci: Fix leaking USB3 shared_hcd at xhci removal
usb: dwc3: Fix NULL pointer exception in dwc3_pci_remove()
usb: dwc3: core: Clean up ULPI device
usb: dwc3: gadget: Properly check last unaligned/zero chain TRB
usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers
usb: core: Fix hub port connection events lost
efi/libstub: arm: support building with clang
HID: steam: remove input device when a hid client is running.
Linux 4.19.5
mt76x0: run vco calibration for each channel configuration
libceph: fall back to sendmsg for slab pages
HID: Add quirk for Microsoft PIXART OEM mouse
HID: Add quirk for Primax PIXART OEM mice
HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges
ACPI / platform: Add SMB0001 HID to forbidden_id_list
drivers/misc/sgi-gru: fix Spectre v1 vulnerability
mtd: rawnand: atmel: fix OF child-node lookup
gnss: sirf: fix synchronous write timeout
gnss: serial: fix synchronous write timeout
USB: misc: appledisplay: add 20" Apple Cinema Display
misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data
usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB
USB: Wait for extra delay time after USB_PORT_FEAT_RESET for quirky hub
USB: quirks: Add no-lpm quirk for Raydium touchscreens
usb: cdc-acm: add entry for Hiro (Conexant) modem
can: kvaser_usb: Fix potential uninitialized variable use
can: kvaser_usb: Fix accessing freed memory in kvaser_usb_start_xmit()
ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap()
ALSA: hda/realtek - Add quirk entry for HP Pavilion 15
uio: Fix an Oops on load
RISC-V: Fix raw_copy_{to,from}_user()
MIPS: OCTEON: cavium_octeon_defconfig: re-enable OCTEON USB driver
media: v4l: event: Add subscription to list before calling "add" operation
x86/ldt: Remove unused variable in map_ldt_struct()
x86/ldt: Unmap PTEs for the slot before freeing LDT pages
x86/mm: Move LDT remap out of KASLR region on 5-level paging
SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer()
Revert "scripts/setlocalversion: git: Make -dirty check more robust"
kbuild: deb-pkg: fix too low build version number
net: aquantia: invalid checksumm offload implementation
net: aquantia: fixed enable unicast on 32 macvlan
net: aquantia: fix potential IOMMU fault after driver unbind
net: stmmac: Fix RX packet size > 8191
qed: Fix potential memory corruption
qed: Fix SPQ entries not returned to pool in error flows
qed: Fix blocking/unlimited SPQ entries leak
qed: Fix memory/entry leak in qed_init_sp_request()
i40e: restore NETIF_F_GSO_IPXIP[46] to netdev features
ice: Change req_speeds to be u16
ice: Fix the bytecount sent to netdev_tx_sent_queue
ice: Fix dead device link issue with flow control
perf tools: Do not zero sample_id_all for group members
perf tools: Fix undefined symbol scnprintf in libperf-jvmti.so
sched/core: Take the hotplug lock in sched_init_smp()
i2c: qcom-geni: Fix runtime PM mismatch with child devices
i2c: omap: Enable for ARCH_K3
nvme: make sure ns head inherits underlying device limits
of/device: Really only set bus DMA mask when appropriate
ceph: quota: fix null pointer dereference in quota check
s390/perf: Change CPUM_CF return code in event init function
drm/amd/amdgpu/dm: Fix dm_dp_create_fake_mst_encoder()
drm/amd/display: Drop reusing drm connector for MST
block: Clear kernel memory before copying to user
drm/amd/display: Stop leaking planes
lib/raid6: Fix arm64 test build
mtd: nand: Fix nanddev_pos_next_page() kernel-doc header
clk: fixed-factor: fix of_node_get-put imbalance
xen/grant-table: Fix incorrect gnttab_dma_free_pages() pr_debug message
arm64: dts: renesas: condor: switch from EtherAVB to GEther
arm64: dts: renesas: r8a7795: add missing dma-names on hscif2
Revert "drm/exynos/decon5433: implement frame counter"
ARM: dts: fsl: Fix improperly quoted stdout-path values
ARM: dts: imx6sll: fix typo for fsl,imx6sll-i2c node
hwmon: (ibmpowernv) Remove bogus __init annotations
net: hns3: Fix for out-of-bounds access when setting pfc back pressure
s390/qeth: unregister netdevice only when registered
s390/qeth: fix HiperSockets sniffer
netfilter: nft_compat: ebtables 'nat' table is normal chain type
netfilter: ipset: Fix calling ip_set() macro at dumping
netfilter: xt_IDLETIMER: add sysfs filename checking routine
netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment()
bpf: fix bpf_prog_get_info_by_fd to return 0 func_lens for unpriv
s390/mm: Fix ERROR: "__node_distance" undefined!
s390/mm: fix mis-accounting of pgtable_bytes
netfilter: ipset: fix ip_set_list allocation failure
netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net
netfilter: ipset: list:set: Decrease refcount synchronously on deletion and replace
Revert "netfilter: nft_numgen: add map lookups for numgen random operations"
HID: alps: allow incoming reports when only the trackstick is opened
Revert "HID: add NOGET quirk for Eaton Ellipse MAX UPS"
HID: i2c-hid: Add a small delay after sleep command for Raydium touchpanel
s390/vdso: add missing FORCE to build targets
s390/decompressor: add missing FORCE to build targets
netfilter: bridge: define INT_MIN & INT_MAX in userspace
netfilter: ipv6: fix oops when defragmenting locally generated fragments
serial: sh-sci: Fix receive on SCIFA/SCIFB variants with DMA
clk: ti: fix OF child-node lookup
clk: renesas: r9a06g032: Fix UART34567 clock rate
clk: meson: clk-pll: drop CLK_GET_RATE_NOCACHE where unnecessary
arm64: percpu: Initialize ret in the default case
clk: meson-axg: pcie: drop the mpll3 clock parent
platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307
x86/earlyprintk: Add a force option for pciserial device
apparmor: Fix uninitialized value in aa_split_fqname
clk: samsung: exynos5420: Enable PERIS clocks for suspend
fs/exofs: fix potential memory leak in mount option parsing
perf symbols: Set PLT entry/header sizes properly on Sparc
clk: fixed-rate: fix of_node_get-put imbalance
platform/x86: intel_telemetry: report debugfs failure
afs: Handle EIO from delivery function
drm/edid: Add 6 bpc quirk for BOE panel.
um: Give start_idle_thread() a return code
perf unwind: Take pgoff into account when reporting elf to libdwfl
hfsplus: prevent btree data loss on root split
hfs: prevent btree data loss on root split
reiserfs: propagate errors from fill_with_dentries() properly
ixgbe: fix MAC anti-spoofing filter after VFLR
net: hns3: bugfix for the initialization of command queue's spin lock
net: hns3: bugfix for handling mailbox while the command queue reinitialized
net: hns3: bugfix for rtnl_lock's range in the hclge_reset()
net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset()
block: brd: associate with queue until adding disk
arm64: kprobe: make page to RO mode when allocate it
cifs: fix return value for cifs_listxattr
cifs: don't dereference smb_file_target before null check
drm/i915: Replace some PAGE_SIZE with I915_GTT_PAGE_SIZE
f2fs: fix to keep project quota consistent
f2fs: guarantee journalled quota data by checkpoint
f2fs: cleanup dirty pages if recover failed
f2fs: fix data corruption issue with hardware encryption
f2fs: fix to recover inode->i_flags of inode block during POR
f2fs: spread f2fs_set_inode_flags()
f2fs: fix to spread clear_cold_data()
Revert "f2fs: fix to clear PG_checked flag in set_page_dirty()"
f2fs: account read IOs and use IO counts for is_idle
f2fs: fix to account IO correctly for cgroup writeback
f2fs: fix to account IO correctly
f2fs: remove request_list check in is_idle()
f2fs: allow to mount, if quota is failed
f2fs: update REQ_TIME in f2fs_cross_rename()
f2fs: do not update REQ_TIME in case of error conditions
f2fs: remove unneeded disable_nat_bits()
f2fs: remove unused sbi->trigger_ssr_threshold
f2fs: shrink sbi->sb_lock coverage in set_file_temperature()
f2fs: use rb_*_cached friends
f2fs: fix to recover cold bit of inode block during POR
f2fs: submit cached bio to avoid endless PageWriteback
f2fs: checkpoint disabling
f2fs: clear PageError on the read path
f2fs: allow out-place-update for direct IO in LFS mode
f2fs: refactor ->page_mkwrite() flow
Revert: "f2fs: check last page index in cached bio to decide submission"
f2fs: support superblock checksum
f2fs: add to account skip count of background GC
f2fs: add to account meta IO
f2fs: keep lazytime on remount
f2fs: fix missing up_read
f2fs: return correct errno in f2fs_gc
f2fs: avoid f2fs_bug_on if f2fs_get_meta_page_nofail got EIO
f2fs: mark inode dirty explicitly in recover_inode()
f2fs: fix to recover inode's crtime during POR
f2fs: fix to recover inode's i_gc_failures during POR
f2fs: fix to recover inode's i_flags during POR
f2fs: fix to recover inode's project id during POR
f2fs: update i_size after DIO completion
f2fs: report ENOENT correctly in f2fs_rename
f2fs: fix remount problem of option io_bits
f2fs: fix to recover inode's uid/gid during POR
f2fs: avoid infinite loop in f2fs_alloc_nid
f2fs: add new idle interval timing for discard and gc paths
f2fs: split IO error injection according to RW
f2fs: add SPDX license identifiers
f2fs: surround fault_injection related option parsing using CONFIG_F2FS_FAULT_INJECTION
f2fs: fix setattr project check upon fssetxattr ioctl
f2fs: avoid sleeping under spin_lock
f2fs: plug readahead IO in readdir()
f2fs: fix to do sanity check with current segment number
f2fs: fix memory leak of percpu counter in fill_super()
f2fs: fix memory leak of write_io in fill_super()
f2fs: cache NULL when both default_acl and acl are NULL
f2fs: fix to flush all dirty inodes recovered in readonly fs
f2fs: report error if quota off error during umount
f2fs: submit bio after shutdown
f2fs: avoid wrong decrypted data from disk
Revert "f2fs: use printk_ratelimited for f2fs_msg"
f2fs: fix unnecessary periodic wakeup of discard thread when dev is busy
f2fs: fix to avoid NULL pointer dereference on se->discard_map
f2fs: add additional sanity check in f2fs_acl_from_disk()
ANDROID: arm64: defconfig: Enable CONFIG_SCHED_TUNE
ANDROID: thermal: cpu_cooling: Migrate to using the EM framework
ANDROID: Add hold functionality to schedtune CPU boost
ANDROID: sched/rt: Add schedtune accounting to rt task enqueue/dequeue
ANDROID: sched: Make the cpu_util* accessors available without sugov
ANDROID: sched/events: Introduce overutilized trace event
ANDROID: sched/events: Introduce rt_rq load tracking trace event
ANDROID: sched/events: Introduce schedtune trace events
ANDROID: sched/events: Introduce find_best_target trace event
ANDROID: sched/events: Introduce util_est trace events
ANDROID: sched/events: Introduce task_group load tracking trace event
ANDROID: sched/events: Introduce sched_entity load tracking trace event
ANDROID: sched/events: Introduce cfs_rq load tracking trace event
ANDROID: sched/autogroup: Define autogroup_path() for !CONFIG_SCHED_DEBUG
ANDROID: sched/fair: Also do misfit in overloaded groups
ANDROID: sched/fair: Don't balance misfits if it would overload local group
ANDROID: sched/fair: Attempt to improve throughput for asym cap systems
ANDROID: cpufreq/schedutil: add up/down frequency transition rate limits
ANDROID: cpufreq/schedutil: Select frequency using util_avg for RT
ANDROID: sched: Update max cpu capacity in case of max frequency constraints
ANDROID: arm: enable max frequency capping
ANDROID: arm64: enable max frequency capping
ANDROID: implement max frequency capping
ANDROID: sched/fair: add arch scaling function for max frequency capping
ANDROID: sched/fair: Bypass energy computation for prefer_idle tasks
ANDROID: sched: fair: Bypass energy-aware wakeup for prefer-idle tasks
FROMLIST: sched/fair: Use wake_q length as a hint for wake_wide
ANDROID: sched: Unconditionally honor sync flag for energy-aware wakeups
ANDROID: Add find_best_target to minimise energy calculation overhead
ANDROID: sched/fair: Factor out CPU selection from find_energy_efficient_cpu
ANDROID: sched: Introduce sysctl_sched_cstate_aware
ANDROID: sched, cpuidle: Track cpuidle state index in the scheduler
ANDROID: sched: fair/tune: Add schedtune with cgroups interface
ANDROID: drivers: Introduce a legacy Energy Model loading driver
ANDROID: cpufreq: scmi: Register an Energy Model
UPSTREAM: firmware: arm_scmi: add a getter for power of performance states
ANDROID: cpufreq: arm_big_little: Register an Energy Model
ANDROID: cpufreq: scpi: Register an Energy Model
ANDROID: PM / OPP: cpufreq-dt: Move power estimation function
FROMLIST: cpufreq: dt: Register an Energy Model
ANDROID: arm: dts: vexpress-v2p-ca15_a7: Add dynamic-power-coefficient properties
ANDROID: arm64: dts: juno-r2: Add dynamic-power-coefficient properties
ANDROID: arm64: dts: juno: Add dynamic-power-coefficient properties
ANDROID: arm, arm64: Enable kernel config options required for EAS
ANDROID: sched: Enable idle balance to pull single task towards cpu with higher capacity
ANDROID: sched: Prevent unnecessary active balance of single task in sched group
FROMLIST: sched/fair: Select an energy-efficient CPU on task wake-up
FROMLIST: sched/fair: Introduce an energy estimation helper function
FROMLIST: sched: Add over-utilization/tipping point indicator
FROMLIST: sched/fair: Clean-up update_sg_lb_stats parameters
FROMLIST: sched: Introduce a sysctl for Energy Aware Scheduling
FROMLIST: sched: Introduce sched_energy_present static key
FROMLIST: sched/topology: Make Energy Aware Scheduling depend on schedutil
FROMLIST: sched/topology: Disable EAS on inappropriate platforms
FROMLIST: sched/topology: Lowest CPU asymmetry sched_domain level pointer
FROMLIST: sched/topology: Reference the Energy Model of CPUs when available
FROMLIST: PM / EM: Expose the Energy Model in sysfs
FROMLIST: PM: Introduce an Energy Model management framework
FROMLIST: sched/cpufreq: Prepare schedutil for Energy Aware Scheduling
FROMLIST: sched: Relocate arch_scale_cpu_capacity
UPSTREAM: sched/core: Disable SD_PREFER_SIBLING on asymmetric CPU capacity domains
UPSTREAM: sched/fair: Don't move tasks to lower capacity CPUs unless necessary
UPSTREAM: sched/fair: Set rq->rd->overload when misfit
UPSTREAM: sched/fair: Wrap rq->rd->overload accesses with READ/WRITE_ONCE()
UPSTREAM: sched/core: Change root_domain->overload type to int
UPSTREAM: sched/fair: Change 'prefer_sibling' type to bool
UPSTREAM: sched/fair: Kick nohz balance if rq->misfit_task_load
UPSTREAM: sched/fair: Consider misfit tasks when load-balancing
UPSTREAM: sched/fair: Add sched_group per-CPU max capacity
UPSTREAM: sched/fair: Add 'group_misfit_task' load-balance type
UPSTREAM: sched/topology: Add static_key for asymmetric CPU capacity optimizations
UPSTREAM: sched/topology, arch/arm: Rebuild sched_domain hierarchy when CPU capacity changes
UPSTREAM: sched/topology, arch/arm64: Rebuild the sched_domain hierarchy when the CPU capacity changes
UPSTREAM: sched/topology, drivers/base/arch_topology: Rebuild the sched_domain hierarchy when capacities change
UPSTREAM: sched/topology: Add SD_ASYM_CPUCAPACITY flag detection
Change-Id: I19fafa34b3fd39c4125708cb5c9c5a7634c40ec4
Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlwSFaoACgkQONu9yGCS
aT5hERAAjZZeV7+uFKY5UFTtiz3cBzGvHgl8IX3dx5so/NN6+d4K7qVPxzq7YFG6
MKIpr/ml6XmNcHe+ukzO2r5t9ty/RPrYojAifKZ0w7jJcL7SrdvjwltPNCL4QkPX
BUvRsP/iRdzaq7L4iryqVXRdIXux8YHz6RUxJbYEirT6aW8ral2fyRtET9dwpzJG
5zjtM0tLLJlAJ7gIT5SEajjvLeHbGT1EB+RwpNyHLKWpxvsAjJsNenT/kP74o4P8
2MBgf6YsKCJLzU0gCzvu4Fb/AVArIicEB+5eBkvoEmFB755ss7z9L4TvJn3k9LCm
XpWZCNIQbty5wXt4Px6TsISSkiBG4jEGXxDQlpZOoOIcBkUhT6QDfQLa0HNNvqCw
x/NFnsfy5wN+isGieYM6yMVLvG5voh9S60KY++/yif3fFWmfHJC/q9M1LktVCqcF
2sFPcOLmfHnoAirjTpg9ZPyIi3vUwedPOYj/x3Z/la8l8iHDAc/mZqdKWg1Am9WX
MGZkn2RLJ23os5OMoPzGqoCDXKlsheFxVgLSJnehYRU7UQjwWMLvcZNlsdjnau3E
26Uiuzw2ehsXSxT9ogUKKsdyfTI1BQI/OnokCXdyFQiCKniR5430jfzsC4FJ0hja
bIaFQdvMlHyB0tELH6fhEY6QENsiieN+xJ8LR/dW+7tY1ZSKgG4=
=pARS
-----END PGP SIGNATURE-----
Merge 4.19.9 into android-4.19
Changes in 4.19.9
media: vicodec: lower minimum height to 360
media: cec: check for non-OK/NACK conditions while claiming a LA
media: omap3isp: Unregister media device as first
media: ipu3-cio2: Unregister device nodes first, then release resources
iommu/vt-d: Fix NULL pointer dereference in prq_event_thread()
brcmutil: really fix decoding channel info for 160 MHz bandwidth
mt76: fix building without CONFIG_LEDS_CLASS
iommu/ipmmu-vmsa: Fix crash on early domain free
scsi: ufs: Fix hynix ufs bug with quirk on hi36xx SoC
can: ucan: remove set but not used variable 'udev'
can: rcar_can: Fix erroneous registration
test_firmware: fix error return getting clobbered
HID: input: Ignore battery reported by Symbol DS4308
batman-adv: Use explicit tvlv padding for ELP packets
batman-adv: Expand merged fragment buffer for full packet
amd/iommu: Fix Guest Virtual APIC Log Tail Address Register
bnx2x: Assign unique DMAE channel number for FW DMAE transactions.
qed: Fix PTT leak in qed_drain()
qed: Fix overriding offload_tc by protocols without APP TLV
qed: Fix rdma_info structure allocation
qed: Fix reading wrong value in loop condition
usb: dwc2: pci: Fix an error code in probe
Revert "usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers"
s390/ism: clear dmbe_mask bit before SMC IRQ handling
nvme-fc: resolve io failures during connect
bnxt_en: Fix filling time in bnxt_fill_coredump_record()
drm/amdgpu: Add amdgpu "max bpc" connector property (v2)
drm/amd/display: Support amdgpu "max bpc" connector property (v2)
net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command
net/mlx4_core: Fix uninitialized variable compilation warning
net/mlx4: Fix UBSAN warning of signed integer overflow
drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo
gpio: pxa: fix legacy non pinctrl aware builds again
gpio: mockup: fix indicated direction
tc-testing: tdc.py: ignore errors when decoding stdout/stderr
tc-testing: tdc.py: Guard against lack of returncode in executed command
mtd: rawnand: qcom: Namespace prefix some commands
cpufreq: ti-cpufreq: Only register platform_device when supported
Revert "HID: uhid: use strlcpy() instead of strncpy()"
HID: multitouch: Add pointstick support for Cirque Touchpad
mtd: spi-nor: Fix Cadence QSPI page fault kernel panic
net: ena: fix crash during failed resume from hibernation
NFSv4: Fix a NFSv4 state manager deadlock
qed: Fix bitmap_weight() check
qed: Fix QM getters to always return a valid pq
net/ibmnvic: Fix deadlock problem in reset
riscv: fix warning in arch/riscv/include/asm/module.h
net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts
iommu/vt-d: Use memunmap to free memremap
NFSv4.2 copy do not allocate memory under the lock
flexfiles: use per-mirror specified stateid for IO
ibmvnic: Fix RX queue buffer cleanup
ibmvnic: Update driver queues after change in ring size support
team: no need to do team_notify_peers or team_mcast_rejoin when disabling port
net: amd: add missing of_node_put()
usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device
usb: appledisplay: Add 27" Apple Cinema Display
USB: check usb_get_extra_descriptor for proper size
USB: serial: console: fix reported terminal settings
ALSA: usb-audio: Add SMSL D1 to quirks for native DSD support
ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
ALSA: hda: Add support for AMD Stoney Ridge
ALSA: pcm: Fix starvation on down_write_nonblock()
ALSA: pcm: Call snd_pcm_unlink() conditionally at closing
ALSA: pcm: Fix interval evaluation with openmin/max
ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570
ALSA: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880
ALSA: hda/realtek - Add support for Acer Aspire C24-860 headset mic
ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G
ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G
media: gspca: fix frame overflow error
media: vicodec: fix memchr() kernel oops
media: dvb-pll: fix tuner frequency ranges
media: dvb-pll: don't re-validate tuner frequencies
Revert "mfd: cros_ec: Use devm_kzalloc for private data"
parisc: Enable -ffunction-sections for modules on 32-bit kernel
virtio/s390: avoid race on vcdev->config
virtio/s390: fix race in ccw_io_helper()
vhost/vsock: fix use-after-free in network stack callers
arm64: hibernate: Avoid sending cross-calling with interrupts disabled
SUNRPC: Fix leak of krb5p encode pages
dmaengine: dw: Fix FIFO size for Intel Merrifield
Revert "dmaengine: imx-sdma: Use GFP_NOWAIT for dma allocations"
Revert "dmaengine: imx-sdma: alloclate bd memory from dma pool"
dmaengine: imx-sdma: implement channel termination via worker
dmaengine: imx-sdma: use GFP_NOWAIT for dma descriptor allocations
dmaengine: cppi41: delete channel from pending list when stop channel
ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE
xhci: workaround CSS timeout on AMD SNPS 3.0 xHC
xhci: Prevent U1/U2 link pm states if exit latency is too long
arm64: dts: rockchip: remove vdd_log from rock960 to fix a stability issues
Revert "x86/e820: put !E820_TYPE_RAM regions into memblock.reserved"
cifs: Fix separator when building path from dentry
staging: rtl8712: Fix possible buffer overrun
Revert commit ef9209b642 "staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c"
crypto: do not free algorithm before using
drm/amdgpu: update mc firmware image for polaris12 variants
drm/lease: Send a distinct uevent
drm/msm: Move fence put to where failure occurs
drm/amdgpu/gmc8: update MC firmware for polaris
drm/amdgpu/gmc8: always load MC firmware in the driver
drm/i915: Downgrade Gen9 Plane WM latency error
kprobes/x86: Fix instruction patching corruption when copying more than one RIP-relative instruction
x86/efi: Allocate e820 buffer before calling efi_exit_boot_service
Drivers: hv: vmbus: Offload the handling of channels to two workqueues
tty: serial: 8250_mtk: always resume the device in probe.
tty: do not set TTY_IO_ERROR flag if console port
gnss: sirf: fix activation retry handling
kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var()
libnvdimm, pfn: Pad pfn namespaces relative to other regions
cfg80211: Fix busy loop regression in ieee80211_ie_split_ric()
mac80211_hwsim: Timer should be initialized before device registered
mac80211: fix GFP_KERNEL under tasklet context
mac80211: Clear beacon_int in ieee80211_do_stop
mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext
mac80211: fix reordering of buffered broadcast packets
mac80211: ignore NullFunc frames in the duplicate detection
HID: quirks: fix RetroUSB.com devices
Linux 4.19.9
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit e5bde04ccce64d808f8b00a489a1fe5825d285cb upstream.
In multiple functions, the algorithm fields are read after its reference
is dropped through crypto_mod_put. In this case, the algorithm memory
may be freed, resulting in use-after-free bugs. This patch delays the
put operation until the algorithm is never used.
Fixes: 79c65d179a ("crypto: cbc - Convert to skcipher")
Fixes: a7d85e06ed ("crypto: cfb - add support for Cipher FeedBack mode")
Fixes: 043a44001b ("crypto: pcbc - Convert to skcipher")
Cc: <stable@vger.kernel.org>
Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
* refs/heads/tmp-73aa1c8:
Revert "drm/msm: dpu: Allow planes to extend past active display"
Revert "drm/msm/disp/dpu: Use proper define for drm_encoder_init() 'encoder_type'"
Linux 4.19.3
Revert "ACPICA: AML interpreter: add region addresses in global list during initialization"
CONFIG_XEN_PV breaks xen_create_contiguous_region on ARM
drm/i915: Fix hpd handling for pins with two encoders
drm/i915: Fix NULL deref when re-enabling HPD IRQs on systems with MST
drm/i915: Fix possible race in intel_dp_add_mst_connector()
drm/i915/execlists: Force write serialisation into context image vs execution
drm/i915/ringbuffer: Delay after EMIT_INVALIDATE for gen4/gen5
drm/i915: Mark pin flags as u64
drm/i915: Don't oops during modeset shutdown after lpe audio deinit
drm/i915: Compare user's 64b GTT offset even on 32b
drm/i915: Fix ilk+ watermarks when disabling pipes
drm/i915: Fix error handling for the NV12 fb dimensions check
drm/i915: Mark up GTT sizes as u64
drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values
drm/i915/icl: Fix the macros for DFLEXDPMLE register bits
drm/i915/dp: Restrict link retrain workaround to external monitors
drm/i915/dp: Fix link retraining comment in intel_dp_long_pulse()
drm/i915: Large page offsets for pread/pwrite
drm/i915: Skip vcpi allocation for MSTB ports that are gone
drm/i915: Don't unset intel_connector->mst_port
drm/i915: Restore vblank interrupts earlier
drm/i915: Use the correct crtc when sanitizing plane mapping
drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode
drm: panel-orientation-quirks: Add quirk for Acer One 10 (S1003)
drm/dp_mst: Check if primary mstb is null
drm/etnaviv: fix bogus fence complete check in timeout handler
drm/amd/powerplay: Enable/Disable NBPSTATE on On/OFF of UVD
drm/nouveau: Fix nv50_mstc->best_encoder()
drm/nouveau: Check backlight IDs are >= 0, not > 0
drm/amdgpu: Suppress keypresses from ACPI_VIDEO events
drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type
drm/amdgpu: Fix typo in amdgpu_vmid_mgr_init
drm/rockchip: Allow driver to be shutdown on reboot/kexec
scripts/spdxcheck.py: make python3 compliant
mm: don't reclaim inodes with many attached pages
efi/arm/libstub: Pack FDT after populating it
mm/swapfile.c: use kvzalloc for swap_info_struct allocation
hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444!
lib/ubsan.c: don't mark __ubsan_handle_builtin_unreachable as noreturn
crypto: user - fix leaking uninitialized memory to userspace
libata: blacklist SAMSUNG MZ7TD256HAFV-000L9 SSD
gfs2: Fix metadata read-ahead during truncate (2)
gfs2: Put bitmap buffers in put_super
selinux: check length properly in SCTP bind hook
fuse: fix possibly missed wake-up after abort
fuse: fix leaked notify reply
fuse: fix use-after-free in fuse_direct_IO()
rtc: hctosys: Add missing range error reporting
nfsd: COPY and CLONE operations require the saved filehandle to be set
NFSv4: Don't exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING
sunrpc: correct the computation for page_ptr when truncating
kdb: print real address of pointers instead of hashed addresses
kdb: use correct pointer when 'btc' calls 'btt'
ARM: cpuidle: Don't register the driver when back-end init returns -ENXIO
uapi: fix linux/kfd_ioctl.h userspace compilation errors
mnt: fix __detach_mounts infinite loop
mount: Prevent MNT_DETACH from disconnecting locked mounts
mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
mount: Retest MNT_LOCKED in do_umount
ext4: fix buffer leak in __ext4_read_dirblock() on error path
ext4: fix buffer leak in ext4_expand_extra_isize_ea() on error path
ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
ext4: release bs.bh before re-using in ext4_xattr_block_find()
ext4: fix buffer leak in ext4_xattr_get_block() on error path
ext4: fix possible leak of s_journal_flag_rwsem in error path
ext4: fix possible leak of sbi->s_group_desc_leak in error path
ext4: avoid possible double brelse() in add_new_gdb() on error path
ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing
ext4: avoid buffer leak in ext4_orphan_add() after prior errors
ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty()
ext4: fix possible inode leak in the retry loop of ext4_resize_fs()
ext4: missing !bh check in ext4_xattr_inode_write()
ext4: avoid potential extra brelse in setup_new_flex_group_blocks()
ext4: add missing brelse() add_new_gdb_meta_bg()'s error path
ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
ext4: add missing brelse() update_backups()'s error path
clockevents/drivers/i8253: Add support for PIT shutdown quirk
btrfs: tree-checker: Fix misleading group system information
Btrfs: fix data corruption due to cloning of eof block
Btrfs: fix infinite loop on inode eviction after deduplication of eof block
Btrfs: fix cur_offset in the error case for nocow
Btrfs: fix missing data checksums after a ranged fsync (msync)
btrfs: fix pinned underflow after transaction aborted
watchdog/core: Add missing prototypes for weak functions
arch/alpha, termios: implement BOTHER, IBSHIFT and termios2
termios, tty/tty_baudrate.c: fix buffer overrun
x86/hyper-v: Enable PIT shutdown quirk
x86/cpu/vmware: Do not trace vmware_sched_clock()
of, numa: Validate some distance map rules
perf intel-pt: Insert callchain context into synthesized callchains
perf intel-pt/bts: Calculate cpumode for synthesized samples
perf callchain: Honour the ordering of PERF_CONTEXT_{USER,KERNEL,etc}
perf stat: Handle different PMU names with common prefix
perf cs-etm: Correct CPU mode for samples
hwmon: (core) Fix double-free in __hwmon_device_register()
mtd: docg3: don't set conflicting BCH_CONST_PARAMS option
mtd: nand: Fix nanddev_neraseblocks()
mtd: spi-nor: cadence-quadspi: Return error code in cqspi_direct_read_execute()
bonding/802.3ad: fix link_failure_count tracking
ARM: 8809/1: proc-v7: fix Thumb annotation of cpu_v7_hvc_switch_mm
netfilter: conntrack: fix calculation of next bucket number in early_drop
memory_hotplug: cond_resched in __remove_pages
mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings
ocfs2: free up write context when direct IO failed
ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry
soc: ti: QMSS: Fix usage of irq_set_affinity_hint
Revert "powerpc/8xx: Use L1 entry APG to handle _PAGE_ACCESSED for CONFIG_SWAP"
SCSI: fix queue cleanup race before queue initialization is done
scsi: qla2xxx: Initialize port speed to avoid setting lower speed
vhost/scsi: truncate T10 PI iov_iter to prot_bytes
crypto: hisilicon - Fix reference after free of memories on error path
crypto: hisilicon - Fix NULL dereference for same dst and src
reset: hisilicon: fix potential NULL pointer dereference
acpi, nfit: Fix ARS overflow continuation
acpi/nfit, x86/mce: Validate a MCE's address before using it
acpi/nfit, x86/mce: Handle only uncorrectable machine checks
mach64: fix image corruption due to reading accelerator registers
mach64: fix display corruption on big endian machines
thermal: core: Fix use-after-free in thermal_cooling_device_destroy_sysfs
Revert "ceph: fix dentry leak in splice_dentry()"
libceph: bump CEPH_MSG_MAX_DATA_LEN
clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call
clk: rockchip: fix wrong mmc sample phase shift for rk3328
clk: sunxi-ng: h6: fix bus clocks' divider position
clk: at91: Fix division by zero in PLL recalc_rate()
clk: s2mps11: Fix matching when built as module and DT node contains compatible
um: Drop own definition of PTRACE_SYSEMU/_SINGLESTEP
xtensa: fix boot parameters address translation
xtensa: make sure bFLT stack is 16 byte aligned
xtensa: add NOTES section to the linker script
MIPS: Loongson-3: Fix BRIDGE irq delivery problem
MIPS: Loongson-3: Fix CPU UART irq delivery problem
zram: close udev startup race condition as default groups
clk: meson: axg: mark fdiv2 and fdiv3 as critical
clk: meson-gxbb: set fclk_div3 as CLK_IS_CRITICAL
arm64: dts: stratix10: fix multicast filtering
arm64: dts: stratix10: Support Ethernet Jumbo frame
drm/msm: fix OF child-node lookup
fuse: set FR_SENT while locked
fuse: fix blocked_waitq wakeup
fuse: Fix use-after-free in fuse_dev_do_write()
fuse: Fix use-after-free in fuse_dev_do_read()
vfs: fix FIGETBSZ ioctl on an overlayfs file
scsi: qla2xxx: Fix driver hang when FC-NVMe LUNs are configured
scsi: qla2xxx: Fix duplicate switch database entries
scsi: qla2xxx: Fix NVMe Target discovery
scsi: qla2xxx: Fix NVMe session hang on unload
scsi: qla2xxx: Fix for double free of SRB structure
scsi: qla2xxx: Fix re-using LoopID when handle is in use
scsi: qla2xxx: Reject bsg request if chip is down.
scsi: qla2xxx: shutdown chip if reset fail
scsi: qla2xxx: Fix early srb free on abort
scsi: qla2xxx: Remove stale debug trace message from tcm_qla2xxx
scsi: qla2xxx: Fix process response queue for ISP26XX and above
scsi: qla2xxx: Fix incorrect port speed being set for FC adapters
serial: sh-sci: Fix could not remove dev_attr_rx_fifo_timeout
ovl: automatically enable redirect_dir on metacopy=on
ovl: check whiteout in ovl_create_over_whiteout()
ovl: fix recursive oi->lock in ovl_link()
ovl: fix error handling in ovl_verify_set_fh()
cdrom: fix improper type cast, which can leat to information leak.
media: ov5640: fix restore of last mode set
drm/amdgpu: fix integer overflow test in amdgpu_bo_list_create()
9p: clear dangling pointers in p9stat_free
media: ov5640: fix mode change regression
ARM: dts: imx6ull: keep IMX6UL_ prefix for signals on both i.MX6UL and i.MX6ULL
udf: Prevent write-unsupported filesystem to be remounted read-write
9p locks: fix glock.client_id leak in do_lock
staging: most: video: fix registration of an empty comp core_component
drm/amdgpu: Fix SDMA TO after GPU reset v3
drm: rcar-du: Update Gen3 output limitations
staging:iio:ad7606: fix voltage scales
powerpc/selftests: Wait all threads to join
media: tvp5150: fix width alignment during set_selection()
sc16is7xx: Fix for multi-channel stall
serial: 8250_of: Fix for lack of interrupt support
staging: erofs: fix a missing endian conversion
MIPS/PCI: Call pcie_bus_configure_settings() to set MPS/MRRS
powerpc/memtrace: Remove memory in chunks
powerpc/boot: Ensure _zimage_start is a weak symbol
MIPS: kexec: Mark CPU offline before disabling local IRQ
media: coda: don't overwrite h.264 profile_idc on decoder instance
media: pci: cx23885: handle adding to list failure
drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer pointer
drm/amd/display: fix gamma not being applied
drm/amd/display: Raise dispclk value for dce120 by 15%
drm/omap: fix memory barrier bug in DMM driver
powerpc/mm: Don't report hugepage tables as memory leaks when using kmemleak
drm/msm: dpu: Allow planes to extend past active display
drm/msm/disp/dpu: Use proper define for drm_encoder_init() 'encoder_type'
drm/msm/gpu: fix parameters in function msm_gpu_crashstate_capture
powerpc/nohash: fix undefined behaviour when testing page size support
ARM: imx_v6_v7_defconfig: Select CONFIG_TMPFS_POSIX_ACL
drm/amdgpu/powerplay: fix missing break in switch statements
drm/nouveau/secboot/acr: fix memory leak
tracing/kprobes: Check the probe on unloaded module correctly
tty: check name length in tty_find_polling_driver()
powerpc/eeh: Fix possible null deref in eeh_dump_dev_log()
powerpc/Makefile: Fix PPC_BOOK3S_64 ASFLAGS
Input: wm97xx-ts - fix exit path
drm/amd/display: fix bug of accessing invalid memory
powerpc/mm: fix always true/false warning in slice.c
powerpc/mm: Fix page table dump to work on Radix
powerpc/64/module: REL32 relocation range check
powerpc/traps: restore recoverability of machine_check interrupts
Change-Id: Id971c3ddeb610be8aee4ff531ec3fb20ad0db58d
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlwCSE8ACgkQONu9yGCS
aT58lg//YXiTDY8JuG+LX8PJyL28s5gIQZyq7a8aEuxGFXbTfmym0TecN74F2gFM
7YBJ9j4u/W5xp/u/29VUOUE9OUiRdMa+GJz73ncgslHApp7r3Z5r9PJFJHtW07Xu
IElCg2GvQLR0pzyNlsa+Nv738pldDr0d9xZDmsOp1Cs0aCfJQAbU1y9P5WNN8j3y
rHQP19/2+HF0j6LqYxIRmgioSrmeHrEN/nWIDlFpW74+QPyI7d/6aJpr1Tfdy64u
6BE/48OunHjOPbO6fWcNjFm0FUlTYDKd8jtzkaIHmFKgXpDFb+3yN4AiMd4/ucPS
SNqVqvzTfU8aKWEtIabTTG1m3AwuqJUrExYUQZwNe32zOhEMIE+rMpmgafSN3SjE
k0cER70OS1rJ5rs/cqBY8UpqhPxqfTFSwEwHGqn66PeuYgCpjoXHIBVyn/s+I3CZ
Be8udYwi3KXBYrMGppzFp5PklwkqrUIFFouF2ijtPBjKfZpte9/ZOGWxvZMux6Ev
rqFaq/zf9DjvQ3BSwHh2QuQKK5WnGQVuwjDWHR/vso4bApErHFhDWvGAIFyFxRsK
W70DUeUxSScNjNKDgyxzRUV18VF0IN8zMXfh4hCMtoq6+XzDG/DUBt6fBFXaZCun
kWyCTZk+9sMkGVlL8kAB2UPbAjfuDRAijouwC+u0j0VRMXlsAWM=
=ju/p
-----END PGP SIGNATURE-----
Merge 4.19.6 into android-4.19
Changes in 4.19.6
HID: steam: remove input device when a hid client is running.
efi/libstub: arm: support building with clang
usb: core: Fix hub port connection events lost
usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers
usb: dwc3: gadget: Properly check last unaligned/zero chain TRB
usb: dwc3: core: Clean up ULPI device
usb: dwc3: Fix NULL pointer exception in dwc3_pci_remove()
xhci: Fix leaking USB3 shared_hcd at xhci removal
xhci: handle port status events for removed USB3 hcd
xhci: Add check for invalid byte size error when UAS devices are connected.
usb: xhci: fix uninitialized completion when USB3 port got wrong status
usb: xhci: fix timeout for transition from RExit to U0
xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc
usb: xhci: Prevent bus suspend if a port connect change or polling state is detected
ALSA: oss: Use kvzalloc() for local buffer allocations
MAINTAINERS: Add Sasha as a stable branch maintainer
Documentation/security-bugs: Clarify treatment of embargoed information
Documentation/security-bugs: Postpone fix publication in exceptional cases
mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL
mmc: sdhci-pci: Workaround GLK firmware failing to restore the tuning value
gpio: don't free unallocated ida on gpiochip_add_data_with_key() error path
iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE
iwlwifi: mvm: support sta_statistics() even on older firmware
iwlwifi: mvm: fix regulatory domain update when the firmware starts
iwlwifi: mvm: don't use SAR Geo if basic SAR is not used
brcmfmac: fix reporting support for 160 MHz channels
opp: ti-opp-supply: Dynamically update u_volt_min
opp: ti-opp-supply: Correct the supply in _get_optimal_vdd_voltage call
tools/power/cpupower: fix compilation with STATIC=true
v9fs_dir_readdir: fix double-free on p9stat_read error
selinux: Add __GFP_NOWARN to allocation at str_read()
Input: synaptics - avoid using uninitialized variable when probing
bfs: add sanity check at bfs_fill_super()
sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer
gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd
llc: do not use sk_eat_skb()
mm: don't warn about large allocations for slab
mm/memory.c: recheck page table entry with page table lock held
tcp: do not release socket ownership in tcp_close()
drm/fb-helper: Blacklist writeback when adding connectors to fbdev
drm/amdgpu: Add missing firmware entry for HAINAN
drm/vc4: Set ->legacy_cursor_update to false when doing non-async updates
drm/amdgpu: Fix oops when pp_funcs->switch_power_profile is unset
drm/i915: Disable LP3 watermarks on all SNB machines
drm/ast: change resolution may cause screen blurred
drm/ast: fixed cursor may disappear sometimes
drm/ast: Remove existing framebuffers before loading driver
can: flexcan: Unlock the MB unconditionally
can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb()
can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length
can: dev: __can_get_echo_skb(): Don't crash the kernel if can_priv::echo_skb is accessed out of bounds
can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb
can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions
can: rx-offload: rename can_rx_offload_irq_queue_err_skb() to can_rx_offload_queue_tail()
can: flexcan: use can_rx_offload_queue_sorted() for flexcan_irq_bus_*()
can: flexcan: handle tx-complete CAN frames via rx-offload infrastructure
can: raw: check for CAN FD capable netdev in raw_sendmsg()
can: hi311x: Use level-triggered interrupt
can: flexcan: Always use last mailbox for TX
can: flexcan: remove not needed struct flexcan_priv::tx_mb and struct flexcan_priv::tx_mb_idx
ACPICA: AML interpreter: add region addresses in global list during initialization
IB/hfi1: Eliminate races in the SDMA send error path
fsnotify: generalize handling of extra event flags
fanotify: fix handling of events on child sub-directory
pinctrl: meson: fix pinconf bias disable
pinctrl: meson: fix gxbb ao pull register bits
pinctrl: meson: fix gxl ao pull register bits
pinctrl: meson: fix meson8 ao pull register bits
pinctrl: meson: fix meson8b ao pull register bits
tools/testing/nvdimm: Fix the array size for dimm devices.
scsi: lpfc: fix remoteport access
scsi: hisi_sas: Remove set but not used variable 'dq_list'
KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE
cpufreq: imx6q: add return value check for voltage scale
rtc: cmos: Do not export alarm rtc_ops when we do not support alarms
rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write
crypto: simd - correctly take reqsize of wrapped skcipher into account
floppy: fix race condition in __floppy_read_block_0()
powerpc/io: Fix the IO workarounds code to work with Radix
sched/fair: Fix cpu_util_wake() for 'execl' type workloads
perf/x86/intel/uncore: Add more IMC PCI IDs for KabyLake and CoffeeLake CPUs
block: copy ioprio in __bio_clone_fast() and bounce
SUNRPC: Fix a bogus get/put in generic_key_to_expire()
riscv: add missing vdso_install target
RISC-V: Silence some module warnings on 32-bit
drm/amdgpu: fix bug with IH ring setup
kdb: Use strscpy with destination buffer size
NFSv4: Fix an Oops during delegation callbacks
powerpc/numa: Suppress "VPHN is not supported" messages
efi/arm: Revert deferred unmap of early memmap mapping
z3fold: fix possible reclaim races
mm, memory_hotplug: check zone_movable in has_unmovable_pages
tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset
mm, page_alloc: check for max order in hot path
dax: Avoid losing wakeup in dax_lock_mapping_entry
include/linux/pfn_t.h: force '~' to be parsed as an unary operator
tty: wipe buffer.
tty: wipe buffer if not echoing data
gfs2: Fix iomap buffer head reference counting bug
rcu: Make need_resched() respond to urgent RCU-QS needs
media: ov5640: Re-work MIPI startup sequence
media: ov5640: Fix timings setup code
media: ov5640: fix exposure regression
media: ov5640: fix auto gain & exposure when changing mode
media: ov5640: fix wrong binning value in exposure calculation
media: ov5640: fix auto controls values when switching to manual mode
Linux 4.19.6
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Add support for the Adiantum encryption mode. Adiantum was designed by
Paul Crowley and is specified by our paper:
Adiantum: length-preserving encryption for entry-level processors
(https://eprint.iacr.org/2018/720.pdf)
See our paper for full details; this patch only provides an overview.
Adiantum is a tweakable, length-preserving encryption mode designed for
fast and secure disk encryption, especially on CPUs without dedicated
crypto instructions. Adiantum encrypts each sector using the XChaCha12
stream cipher, two passes of an ε-almost-∆-universal (εA∆U) hash
function, and an invocation of the AES-256 block cipher on a single
16-byte block. On CPUs without AES instructions, Adiantum is much
faster than AES-XTS; for example, on ARM Cortex-A7, on 4096-byte sectors
Adiantum encryption is about 4 times faster than AES-256-XTS encryption,
and decryption about 5 times faster.
Adiantum is a specialization of the more general HBSH construction. Our
earlier proposal, HPolyC, was also a HBSH specialization, but it used a
different εA∆U hash function, one based on Poly1305 only. Adiantum's
εA∆U hash function, which is based primarily on the "NH" hash function
like that used in UMAC (RFC4418), is about twice as fast as HPolyC's;
consequently, Adiantum is about 20% faster than HPolyC.
This speed comes with no loss of security: Adiantum is provably just as
secure as HPolyC, in fact slightly *more* secure. Like HPolyC,
Adiantum's security is reducible to that of XChaCha12 and AES-256,
subject to a security bound. XChaCha12 itself has a security reduction
to ChaCha12. Therefore, one need not "trust" Adiantum; one need only
trust ChaCha12 and AES-256. Note that the εA∆U hash function is only
used for its proven combinatorical properties so cannot be "broken".
Adiantum is also a true wide-block encryption mode, so flipping any
plaintext bit in the sector scrambles the entire ciphertext, and vice
versa. No other such mode is available in the kernel currently; doing
the same with XTS scrambles only 16 bytes. Adiantum also supports
arbitrary-length tweaks and naturally supports any length input >= 16
bytes without needing "ciphertext stealing".
For the stream cipher, Adiantum uses XChaCha12 rather than XChaCha20 in
order to make encryption feasible on the widest range of devices.
Although the 20-round variant is quite popular, the best known attacks
on ChaCha are on only 7 rounds, so ChaCha12 still has a substantial
security margin; in fact, larger than AES-256's. 12-round Salsa20 is
also the eSTREAM recommendation. For the block cipher, Adiantum uses
AES-256, despite it having a lower security margin than XChaCha12 and
needing table lookups, due to AES's extensive adoption and analysis
making it the obvious first choice. Nevertheless, for flexibility this
patch also permits the "adiantum" template to be instantiated with
XChaCha20 and/or with an alternate block cipher.
We need Adiantum support in the kernel for use in dm-crypt and fscrypt,
where currently the only other suitable options are block cipher modes
such as AES-XTS. A big problem with this is that many low-end mobile
devices (e.g. Android Go phones sold primarily in developing countries,
as well as some smartwatches) still have CPUs that lack AES
instructions, e.g. ARM Cortex-A7. Sadly, AES-XTS encryption is much too
slow to be viable on these devices. We did find that some "lightweight"
block ciphers are fast enough, but these suffer from problems such as
not having much cryptanalysis or being too controversial.
The ChaCha stream cipher has excellent performance but is insecure to
use directly for disk encryption, since each sector's IV is reused each
time it is overwritten. Even restricting the threat model to offline
attacks only isn't enough, since modern flash storage devices don't
guarantee that "overwrites" are really overwrites, due to wear-leveling.
Adiantum avoids this problem by constructing a
"tweakable super-pseudorandom permutation"; this is the strongest
possible security model for length-preserving encryption.
Of course, storing random nonces along with the ciphertext would be the
ideal solution. But doing that with existing hardware and filesystems
runs into major practical problems; in most cases it would require data
journaling (like dm-integrity) which severely degrades performance.
Thus, for now length-preserving encryption is still needed.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 059c2a4d8e164dccc3078e49e7f286023b019a98
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Conflicts:
crypto/tcrypt.c
Bug: 112008522
Test: Among other things, I ran the relevant crypto self-tests:
1.) Build kernel with CONFIG_CRYPTO_MANAGER_DISABLE_TESTS *unset*, and
all relevant crypto algorithms built-in, including:
CONFIG_CRYPTO_ADIANTUM=y
CONFIG_CRYPTO_CHACHA20=y
CONFIG_CRYPTO_CHACHA20_NEON=y
CONFIG_CRYPTO_NHPOLY1305=y
CONFIG_CRYPTO_NHPOLY1305_NEON=y
CONFIG_CRYPTO_POLY1305=y
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_AES_ARM=y
2.) Boot and check dmesg for test failures.
3.) Instantiate "adiantum(xchacha12,aes)" and
"adiantum(xchacha20,aes)" to trigger them to be tested. There are
many ways to do this, but one way is to create a dm-crypt target
that uses them, e.g.
key=$(hexdump -n 32 -e '16/4 "%08X" 1 "\n"' /dev/urandom)
dmsetup create crypt --table "0 $((1<<17)) crypt xchacha12,aes-adiantum-plain64 $key 0 /dev/vdc 0"
dmsetup remove crypt
dmsetup create crypt --table "0 $((1<<17)) crypt xchacha20,aes-adiantum-plain64 $key 0 /dev/vdc 0"
dmsetup remove crypt
4.) Check dmesg for test failures again.
5.) Do 1-4 on both x86_64 (for basic testing) and on arm32 (for
testing the ARM32-specific implementations). I did the arm32 kernel
testing on Raspberry Pi 2, which is a BCM2836-based device that can
run the upstream and Android common kernels.
The same ARM32 assembly files for ChaCha, NHPoly1305, and AES are
also included in the userspace Adiantum benchmark suite at
https://github.com/google/adiantum, where they have undergone
additional correctness testing.
Change-Id: Ic61c13b53facfd2173065be715a7ee5f3af8760b
Signed-off-by: Eric Biggers <ebiggers@google.com>
Add a generic implementation of NHPoly1305, an ε-almost-∆-universal hash
function used in the Adiantum encryption mode.
CONFIG_NHPOLY1305 is not selectable by itself since there won't be any
real reason to enable it without also enabling Adiantum support.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 26609a21a9460145e37d90947ad957b358a05288
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: If6f00c01fab530fc2458c44ca111f84604cb85c1
Signed-off-by: Eric Biggers <ebiggers@google.com>
Expose a low-level Poly1305 API which implements the
ε-almost-∆-universal (εA∆U) hash function underlying the Poly1305 MAC
and supports block-aligned inputs only.
This is needed for Adiantum hashing, which builds an εA∆U hash function
from NH and a polynomial evaluation in GF(2^{130}-5); this polynomial
evaluation is identical to the one the Poly1305 MAC does. However, the
crypto_shash Poly1305 API isn't very appropriate for this because its
calling convention assumes it is used as a MAC, with a 32-byte "one-time
key" provided for every digest.
But by design, in Adiantum hashing the performance of the polynomial
evaluation isn't nearly as critical as NH. So it suffices to just have
some C helper functions. Thus, this patch adds such functions.
Acked-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 1b6fd3d5d18bbc1b1abf3b0cbc4b95a9a63d407b
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: I5c7da7832b84dfe29c300e117a158740d3e39069
Signed-off-by: Eric Biggers <ebiggers@google.com>
In preparation for exposing a low-level Poly1305 API which implements
the ε-almost-∆-universal (εA∆U) hash function underlying the Poly1305
MAC and supports block-aligned inputs only, create structures
poly1305_key and poly1305_state which hold the limbs of the Poly1305
"r" key and accumulator, respectively.
These structures could actually have the same type (e.g. poly1305_val),
but different types are preferable, to prevent misuse.
Acked-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 878afc35cd28bcd93cd3c5e1985ef39a104a4d45
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: If20a0f9d29d8ba1efd43a5eb3fafce7720afe565
Signed-off-by: Eric Biggers <ebiggers@google.com>
Now that the generic implementation of ChaCha20 has been refactored to
allow varying the number of rounds, add support for XChaCha12, which is
the XSalsa construction applied to ChaCha12. ChaCha12 is one of the
three ciphers specified by the original ChaCha paper
(https://cr.yp.to/chacha/chacha-20080128.pdf: "ChaCha, a variant of
Salsa20"), alongside ChaCha8 and ChaCha20. ChaCha12 is faster than
ChaCha20 but has a lower, but still large, security margin.
We need XChaCha12 support so that it can be used in the Adiantum
encryption mode, which enables disk/file encryption on low-end mobile
devices where AES-XTS is too slow as the CPUs lack AES instructions.
We'd prefer XChaCha20 (the more popular variant), but it's too slow on
some of our target devices, so at least in some cases we do need the
XChaCha12-based version. In more detail, the problem is that Adiantum
is still much slower than we're happy with, and encryption still has a
quite noticeable effect on the feel of low-end devices. Users and
vendors push back hard against encryption that degrades the user
experience, which always risks encryption being disabled entirely. So
we need to choose the fastest option that gives us a solid margin of
security, and here that's XChaCha12. The best known attack on ChaCha
breaks only 7 rounds and has 2^235 time complexity, so ChaCha12's
security margin is still better than AES-256's. Much has been learned
about cryptanalysis of ARX ciphers since Salsa20 was originally designed
in 2005, and it now seems we can be comfortable with a smaller number of
rounds. The eSTREAM project also suggests the 12-round version of
Salsa20 as providing the best balance among the different variants:
combining very good performance with a "comfortable margin of security".
Note that it would be trivial to add vanilla ChaCha12 in addition to
XChaCha12. However, it's unneeded for now and therefore is omitted.
As discussed in the patch that introduced XChaCha20 support, I
considered splitting the code into separate chacha-common, chacha20,
xchacha20, and xchacha12 modules, so that these algorithms could be
enabled/disabled independently. However, since nearly all the code is
shared anyway, I ultimately decided there would have been little benefit
to the added complexity.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit aa7624093cb7fbf4fea95e612580d8d29a819f67
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: I876a5be92e9f583effcd35a4b66a36608ac581f0
Signed-off-by: Eric Biggers <ebiggers@google.com>
In preparation for adding XChaCha12 support, rename/refactor
chacha20-generic to support different numbers of rounds. The
justification for needing XChaCha12 support is explained in more detail
in the patch "crypto: chacha - add XChaCha12 support".
The only difference between ChaCha{8,12,20} are the number of rounds
itself; all other parts of the algorithm are the same. Therefore,
remove the "20" from all definitions, structures, functions, files, etc.
that will be shared by all ChaCha versions.
Also make ->setkey() store the round count in the chacha_ctx (previously
chacha20_ctx). The generic code then passes the round count through to
chacha_block(). There will be a ->setkey() function for each explicitly
allowed round count; the encrypt/decrypt functions will be the same. I
decided not to do it the opposite way (same ->setkey() function for all
round counts, with different encrypt/decrypt functions) because that
would have required more boilerplate code in architecture-specific
implementations of ChaCha and XChaCha.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 1ca1b917940c24ca3d1f490118c5474168622953
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Conflicts:
arch/x86/crypto/chacha20_glue.c
drivers/crypto/caam/caamalg.c
drivers/crypto/caam/caamalg_qi2.c
drivers/crypto/caam/compat.h
include/crypto/chacha20.h
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: I7fa203ddc7095ce8675a32f49b8a5230cd0cf5f6
Signed-off-by: Eric Biggers <ebiggers@google.com>
Add support for the XChaCha20 stream cipher. XChaCha20 is the
application of the XSalsa20 construction
(https://cr.yp.to/snuffle/xsalsa-20081128.pdf) to ChaCha20 rather than
to Salsa20. XChaCha20 extends ChaCha20's nonce length from 64 bits (or
96 bits, depending on convention) to 192 bits, while provably retaining
ChaCha20's security. XChaCha20 uses the ChaCha20 permutation to map the
key and first 128 nonce bits to a 256-bit subkey. Then, it does the
ChaCha20 stream cipher with the subkey and remaining 64 bits of nonce.
We need XChaCha support in order to add support for the Adiantum
encryption mode. Note that to meet our performance requirements, we
actually plan to primarily use the variant XChaCha12. But we believe
it's wise to first add XChaCha20 as a baseline with a higher security
margin, in case there are any situations where it can be used.
Supporting both variants is straightforward.
Since XChaCha20's subkey differs for each request, XChaCha20 can't be a
template that wraps ChaCha20; that would require re-keying the
underlying ChaCha20 for every request, which wouldn't be thread-safe.
Instead, we make XChaCha20 its own top-level algorithm which calls the
ChaCha20 streaming implementation internally.
Similar to the existing ChaCha20 implementation, we define the IV to be
the nonce and stream position concatenated together. This allows users
to seek to any position in the stream.
I considered splitting the code into separate chacha20-common, chacha20,
and xchacha20 modules, so that chacha20 and xchacha20 could be
enabled/disabled independently. However, since nearly all the code is
shared anyway, I ultimately decided there would have been little benefit
to the added complexity of separate modules.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit de61d7ae5d3789dcba3749a418f76613fbee8414
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: I5c878e1d6577abda11d7b737cbb650baf16b6886
Signed-off-by: Eric Biggers <ebiggers@google.com>
chacha20-generic doesn't use SIMD instructions or otherwise disable
preemption, so passing atomic=true to skcipher_walk_virt() is
unnecessary.
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 5e04542a0e0763294e9fced73a149c38c4e0cee5
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: I28a63d6f8aa59f60aed8d35107b3c546ca5152f7
Signed-off-by: Eric Biggers <ebiggers@google.com>
Make the ARM scalar AES implementation closer to constant-time by
disabling interrupts and prefetching the tables into L1 cache. This is
feasible because due to ARM's "free" rotations, the main tables are only
1024 bytes instead of the usual 4096 used by most AES implementations.
On ARM Cortex-A7, the speed loss is only about 5%. The resulting code
is still over twice as fast as aes_ti.c. Responsiveness is potentially
a concern, but interrupts are only disabled for a single AES block.
Note that even after these changes, the implementation still isn't
necessarily guaranteed to be constant-time; see
https://cr.yp.to/antiforgery/cachetiming-20050414.pdf for a discussion
of the many difficulties involved in writing truly constant-time AES
software. But it's valuable to make such attacks more difficult.
Much of this patch is based on patches suggested by Ard Biesheuvel.
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 913a3aa07d16e5b302f408d497a4b829910de247
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: I453a7b71c3bb0051106b37cdb71d4511fd4e388a
Signed-off-by: Eric Biggers <ebiggers@google.com>
In commit 9f480faec5 ("crypto: chacha20 - Fix keystream alignment for
chacha20_block()"), I had missed that chacha20_block() can be called
directly on the buffer passed to get_random_bytes(), which can have any
alignment. So, while my commit didn't break anything, it didn't fully
solve the alignment problems.
Revert my solution and just update chacha20_block() to use
put_unaligned_le32(), so the output buffer need not be aligned.
This is simpler, and on many CPUs it's the same speed.
But, I kept the 'tmp' buffers in extract_crng_user() and
_get_random_bytes() 4-byte aligned, since that alignment is actually
needed for _crng_backtrack_protect() too.
Reported-by: Stephan Müller <smueller@chronox.de>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit a5e9f557098e54af44ade5d501379be18435bfbf)
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: Ic355d2416330ae2f4a50cb7064633810e35a93bf
Signed-off-by: Eric Biggers <ebiggers@google.com>
[ Upstream commit 508a1c4df085a547187eed346f1bfe5e381797f1 ]
The simd wrapper's skcipher request context structure consists
of a single subrequest whose size is taken from the subordinate
skcipher. However, in simd_skcipher_init(), the reqsize that is
retrieved is not from the subordinate skcipher but from the
cryptd request structure, whose size is completely unrelated to
the actual wrapped skcipher.
Reported-by: Qian Cai <cai@gmx.us>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Tested-by: Qian Cai <cai@gmx.us>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
* refs/heads/tmp-7950eb3:
Revert "scsi: ufs: Schedule clk gating work on correct queue"
Linux 4.19.2
MD: fix invalid stored role for a disk - try2
vga_switcheroo: Fix missing gpu_bound call at audio client registration
bpf: wait for running BPF programs when updating map-in-map
userns: also map extents in the reverse map to kernel IDs
vt: fix broken display when running aptitude
net: sched: Remove TCA_OPTIONS from policy
Btrfs: fix use-after-free when dumping free space
Btrfs: fix use-after-free during inode eviction
btrfs: move the dio_sem higher up the callchain
btrfs: don't run delayed_iputs in commit
btrfs: fix insert_reserved error handling
btrfs: only free reserved extent if we didn't insert it
btrfs: don't use ctl->free_space for max_extent_size
btrfs: set max_extent_size properly
btrfs: reset max_extent_size properly
Btrfs: fix deadlock when writing out free space caches
Btrfs: fix assertion on fsync of regular file when using no-holes feature
Btrfs: fix null pointer dereference on compressed write path error
btrfs: qgroup: Dirty all qgroups before rescan
Btrfs: fix wrong dentries after fsync of file that got its parent replaced
Btrfs: fix warning when replaying log after fsync of a tmpfile
btrfs: make sure we create all new block groups
btrfs: reset max_extent_size on clear in a bitmap
btrfs: protect space cache inode alloc with GFP_NOFS
btrfs: release metadata before running delayed refs
Btrfs: don't clean dirty pages during buffered writes
btrfs: wait on caching when putting the bg cache
btrfs: keep trim from interfering with transaction commits
btrfs: don't attempt to trim devices that don't support it
btrfs: iterate all devices during trim, instead of fs_devices::alloc_list
btrfs: Ensure btrfs_trim_fs can trim the whole filesystem
btrfs: Enhance btrfs_trim_fs function to handle error better
btrfs: fix error handling in btrfs_dev_replace_start
btrfs: fix error handling in free_log_tree
btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock
btrfs: Handle owner mismatch gracefully when walking up tree
btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled
tracing: Return -ENOENT if there is no target synthetic event
selftests/powerpc: Fix ptrace tm failure
selftests/ftrace: Fix synthetic event test to delete event correctly
soc/tegra: pmc: Fix child-node lookup
soc: qcom: rmtfs-mem: Validate that scm is available
arm64: dts: stratix10: Correct System Manager register size
ARM: dts: socfpga: Fix SDRAM node address for Arria10
Cramfs: fix abad comparison when wrap-arounds occur
rpmsg: smd: fix memory leak on channel create
arm64: lse: remove -fcall-used-x0 flag
media: hdmi.h: rename ADOBE_RGB to OPRGB and ADOBE_YCC to OPYCC
media: replace ADOBERGB by OPRGB
media: media colorspaces*.rst: rename AdobeRGB to opRGB
drm/mediatek: fix OF sibling-node lookup
media: adv7842: when the EDID is cleared, unconfigure CEC as well
media: adv7604: when the EDID is cleared, unconfigure CEC as well
media: em28xx: fix handler for vidioc_s_input()
media: em28xx: make v4l2-compliance happier by starting sequence on zero
media: em28xx: fix input name for Terratec AV 350
media: tvp5150: avoid going past array on v4l2_querymenu()
media: em28xx: use a default format if TRY_FMT fails
media: cec: forgot to cancel delayed work
media: cec: fix the Signal Free Time calculation
media: cec: add new tx/rx status bits to detect aborts/timeouts
xen-blkfront: fix kernel panic with negotiate_mq error path
xen: remove size limit of privcmd-buf mapping interface
xen: fix xen_qlock_wait()
media: cec: integrate cec_validate_phys_addr() in cec-api.c
media: cec: make cec_get_edid_spa_location() an inline function
remoteproc: qcom: q6v5: Propagate EPROBE_DEFER
kgdboc: Passing ekgdboc to command line causes panic
Revert "media: dvbsky: use just one mutex for serializing device R/W ops"
media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD
net: bcmgenet: fix OF child-node lookup
TC: Set DMA masks for devices
iommu/arm-smmu: Ensure that page-table updates are visible before TLBI
ocxl: Fix access to the AFU Descriptor Data
power: supply: twl4030-charger: fix OF sibling-node lookup
rtc: cmos: Remove the `use_acpi_alarm' module parameter for !ACPI
rtc: cmos: Fix non-ACPI undefined reference to `hpet_rtc_interrupt'
rtc: ds1307: fix ds1339 wakealarm support
MIPS: OCTEON: fix out of bounds array access on CN68XX
powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9
powerpc/tm: Fix HFSCR bit for no suspend case
powerpc/msi: Fix compile error on mpc83xx
powerpc64/module elfv1: Set opd addresses after module relocation
fsnotify: Fix busy inodes during unmount
media: ov7670: make "xclk" clock optional
dm zoned: fix various dmz_get_mblock() issues
dm zoned: fix metadata block ref counting
dm ioctl: harden copy_params()'s copy_from_user() from malicious users
lockd: fix access beyond unterminated strings in prints
nfsd: Fix an Oops in free_session()
nfsd: correctly decrement odstate refcount in error path
nfs: Fix a missed page unlock after pg_doio()
NFSv4.1: Fix the r/wsize checking
NFC: nfcmrvl_uart: fix OF child-node lookup
tpm: fix response size validation in tpm_get_random()
genirq: Fix race on spurious interrupt detection
printk: Fix panic caused by passing log_buf_len to command line
smb3: on kerberos mount if server doesn't specify auth type use krb5
smb3: do not attempt cifs operation in smb3 query info error path
smb3: allow stats which track session and share reconnects to be reset
w1: omap-hdq: fix missing bus unregister at removal
iio: adc: at91: fix wrong channel number in triggered buffer mode
iio: adc: at91: fix acking DRDY irq on simple conversions
iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs()
iio: ad5064: Fix regulator handling
kbuild: fix kernel/bounds.c 'W=1' warning
KVM: arm64: Fix caching of host MDCR_EL2 value
KVM: arm/arm64: Ensure only THP is candidate for adjustment
mm/hmm: fix race between hmm_mirror_unregister() and mmu_notifier callback
mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly
hugetlbfs: dirty pages as they are added to pagecache
ima: open a new file instance if no read permissions
ima: fix showing large 'violations' or 'runtime_measurements_count'
userfaultfd: disable irqs when taking the waitqueue lock
mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range()
crypto: speck - remove Speck
crypto: aegis/generic - fix for big endian systems
crypto: morus/generic - fix for big endian systems
crypto: aesni - don't use GFP_ATOMIC allocation if the request doesn't cross a page in gcm
crypto: tcrypt - fix ghash-generic speed test
crypto: lrw - Fix out-of bounds access on counter overflow
signal: Guard against negative signal numbers in copy_siginfo_from_user32
signal/GenWQE: Fix sending of SIGKILL
PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
PCI/ASPM: Fix link_state teardown on device removal
ARM: dts: dra7: Fix up unaligned access setting for PCIe EP
EDAC, skx_edac: Fix logical channel intermediate decoding
EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting
EDAC, amd64: Add Family 17h, models 10h-2fh support
HID: hiddev: fix potential Spectre v1
HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452
selinux: fix mounting of cgroup2 under older policies
ext4: fix use-after-free race in ext4_remount()'s error path
ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR
ext4: fix setattr project check in fssetxattr ioctl
ext4: initialize retries variable in ext4_da_write_inline_data_begin()
ext4: fix EXT4_IOC_SWAP_BOOT
gfs2_meta: ->mount() can get NULL dev_name
jbd2: fix use after free in jbd2_log_do_checkpoint()
IB/rxe: Revise the ib_wr_opcode enum
IB/mlx5: Fix MR cache initialization
ASoC: sta32x: set ->component pointer in private struct
ASoC: intel: skylake: Add missing break in skl_tplg_get_token()
libnvdimm, pmem: Fix badblocks population for 'raw' namespaces
libnvdimm, region: Fail badblocks listing for inactive regions
libnvdimm: Hold reference on parent while scheduling async init
scsi: target: Fix target_wait_for_sess_cmds breakage with active signals
scsi: sched/wait: Add wait_event_lock_irq_timeout for TASK_UNINTERRUPTIBLE usage
dmaengine: ppc4xx: fix off-by-one build failure
net/ipv4: defensive cipso option parsing
iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()
mt76: mt76x2: fix multi-interface beacon configuration
usb: gadget: udc: renesas_usb3: Fix b-device mode for "workaround"
usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage
usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten
libertas: don't set URB_ZERO_PACKET on IN USB transfer
xen/pvh: don't try to unplug emulated devices
xen/pvh: increase early stack size
xen: make xen_qlock_wait() nestable
xen: fix race in xen_qlock_wait()
xen/balloon: Support xend-based toolstack
xen/blkfront: avoid NULL blkfront_info dereference on device removal
tpm: Restore functionality to xen vtpm driver.
xen-swiotlb: use actually allocated size on check physical continuous
ARM: dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250
ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings
OPP: Free OPP table properly on performance state irregularities
f2fs: fix to account IO correctly
f2fs: fix to recover cold bit of inode block during POR
f2fs: fix missing up_read
Revert "f2fs: fix to clear PG_checked flag in set_page_dirty()"
cpupower: Fix AMD Family 0x17 msr_pstate size
ALSA: hda: Check the non-cached stream buffers more explicitly
IB/rxe: fix for duplicate request processing and ack psns
dmaengine: dma-jz4780: Return error if not probed from DT
mfd: menelaus: Fix possible race condition and leak
f2fs: fix to flush all dirty inodes recovered in readonly fs
signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init
f2fs: report error if quota off error during umount
f2fs: avoid sleeping under spin_lock
scsi: lpfc: Correct race with abort on completion path
scsi: lpfc: Correct soft lockup when running mds diagnostics
uio: ensure class is registered before devices
IB/mlx5: Allow transition of DCI QP to reset
IB/ipoib: Use dev_port to expose network interface port numbers
firmware: coreboot: Unmap ioregion after device population
ASoC: AMD: Fix capture unstable in beginning for some runs
driver/dma/ioat: Call del_timer_sync() without holding prep_lock
Smack: ptrace capability use fixes
usb: chipidea: Prevent unbalanced IRQ disable
crypto: caam - fix implicit casts in endianness helpers
PCI: dwc: pci-dra7xx: Enable errata i870 for both EP and RC mode
coresight: etb10: Fix handling of perf mode
PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice
f2fs: fix to recover inode's i_flags during POR
f2fs: fix to recover inode's crtime during POR
scsi: qla2xxx: Fix recursive mailbox timeout
xhci: Avoid USB autosuspend when resuming USB2 ports.
nvmem: check the return value of nvmem_add_cells()
PCI: cadence: Correct probe behaviour when failing to get PHY
MD: fix invalid stored role for a disk
ext4: fix argument checking in EXT4_IOC_MOVE_EXT
usb: gadget: udc: atmel: handle at91sam9rl PMC
usb: dwc2: fix a race with external vbus supply
usb: dwc2: fix call to vbus supply exit routine, call it unlocked
irqchip/pdc: Setup all edge interrupts as rising edge at GIC
xprtrdma: Reset credit grant properly after a disconnect
PCI / ACPI: Enable wake automatically for power managed bridges
VMCI: Resource wildcard match fixed
Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask
f2fs: clear PageError on the read path
tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated
usb: typec: tcpm: Report back negotiated PPS voltage and current
PCI: cadence: Use AXI region 0 to signal interrupts from EP
PCI: mediatek: Fix mtk_pcie_find_port() endpoint/port matching logic
usb: host: ohci-at91: fix request of irq for optional gpio
RDMA/bnxt_re: Fix recursive lock warning in debug kernel
RDMA/bnxt_re: Avoid accessing nq->bar_reg_iomem in failure case
IB/ipoib: Clear IPCB before icmp_send
RDMA/cm: Respect returned status of cm_init_av_by_path
RDMA/core: Do not expose unsupported counters
scsi: megaraid_sas: fix a missing-check bug
KVM: nVMX: Clear reserved bits of #DB exit qualification
UAPI: ndctl: Fix g++-unsupported initialisation in headers
scsi: ufs: Schedule clk gating work on correct queue
scsi: esp_scsi: Track residual for PIO transfers
of: Add missing exports of node name compare functions
md: fix memleak for mempool
MD: Memory leak when flush bio size is zero
f2fs: fix to account IO correctly for cgroup writeback
net: stmmac: dwmac-sun8i: fix OF child-node lookup
cgroup, netclassid: add a preemption point to write_classid
cifs: fix a credits leak for compund commands
thermal: da9062/61: Prevent hardware access during system suspend
thermal: rcar_thermal: Prevent doing work after unbind
libata: Apply NOLPM quirk for SAMSUNG MZ7TD256HAFV-000L9
ath10k: schedule hardware restart if WMI command times out
wil6210: fix RX buffers release and unmap
ixgbevf: VF2VF TCP RSS
ixgbe: disallow IPsec Tx offload when in SR-IOV mode
gpio: brcmstb: allow 0 width GPIO banks
iwlwifi: mvm: fix BAR seq ctrl reporting
libertas_tf: prevent underflow in process_cmdrequest()
rsi: fix memory alignment issue in ARM32 platforms
mt76x2u: run device cleanup routine if resume fails
net: dsa: mv88e6xxx: Fix writing to a PHY page.
net: hns3: Fix for vf vlan delete failed problem
net: hns3: Fix ping exited problem when doing lp selftest
net: hns3: Preserve vlan 0 in hardware table
pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
perf tests: Fix record+probe_libc_inet_pton.sh without ping's debuginfo
failover: Add missing check to validate 'slave_dev' in net_failover_slave_unregister
bpf/verifier: fix verifier instability
pinctrl: qcom: spmi-mpp: Fix drive strength setting
ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
spi: gpio: No MISO does not imply no RX
kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
arm64: entry: Allow handling of undefined instructions from EL1
block, bfq: correctly charge and reset entity service in all cases
net: phy: phylink: ensure the carrier is off when starting phylink
net: hns3: Set STATE_DOWN bit of hdev state when stopping net
net: hns3: Check hdev state when getting link status
brcmfmac: fix for proper support of 160MHz bandwidth
pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
pinctrl: sunxi: fix 'pctrl->functions' allocation in sunxi_pinctrl_build_state
net: hns3: Fix ets validate issue
net: hns3: Add nic state check before calling netif_tx_wake_queue
x86: boot: Fix EFI stub alignment
efi/x86: Call efi_parse_options() from efi_main()
Bluetooth: hci_qca: Remove hdev dereference in qca_close().
Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth
net: hns3: Fix for packet buffer setting bug
ice: update fw version check logic
ice: fix changing of ring descriptor size (ethtool -G)
signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
ath10k: fix tx status flag setting for management frames
nvme: call nvme_complete_rq when nvmf_check_ready fails for mpath I/O
mtd: rawnand: atmel: Fix potential NULL pointer dereference
x86/intel_rdt: Show missing resctrl mount options
cpufreq: dt: Try freeing static OPPs only if we have added them
ACPI / processor: Fix the return value of acpi_processor_ids_walk()
ACPI / PM: LPIT: Register sysfs attributes based on FADT
ACPI/PPTT: Handle architecturally unknown cache types
wlcore: Fix BUG with clear completion on timeout
x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC
iwlwifi: mvm: check for n_profiles validity in EWRD ACPI
iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface
iwlwifi: pcie: avoid empty free RB queue
mtd: rawnand: denali: set SPARE_AREA_SKIP_BYTES register to 8 if unset
sdhci: acpi: add free_slot callback
mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
bcache: Populate writeback_rate_minimum attribute
cpupower: Fix coredump on VMWare
perf strbuf: Match va_{add,copy} with va_end
perf tools: Free 'printk' string in parse_ftrace_printk()
perf tools: Cleanup trace-event-info 'tdata' leak
perf tools: Free temporary 'sys' string in read_event_files()
spi: spi-ep93xx: Use dma_data_direction for ep93xx_spi_dma_{finish,prepare}
lightnvm: pblk: fix race condition on metadata I/O
lightnvm: pblk: fix two sleep-in-atomic-context bugs
lightnvm: pblk: fix race on sysfs line state
hwmon: (pwm-fan) Set fan speed to 0 on suspend
s390/sthyi: Fix machine name validity indication
tun: Consistently configure generic netdev params via rtnetlink
nfp: devlink port split support for 1x100G CXP NIC
hv_netvsc: fix vf serial matching with pci slot info
arm64: cpufeature: ctr: Fix cpu capability check for late CPUs
swim: fix cleanup on setup error
ataflop: fix error handling during setup
netfilter: xt_nat: fix DNAT target for shifted portmap ranges
locking/lockdep: Fix debug_locks off performance problem
net: loopback: clear skb->tstamp before netif_rx()
net: socionext: Reset tx queue in ndo_stop
ARM: dts: exynos: Disable pull control for MAX8997 interrupts on Origen
x86/numa_emulation: Fix uniform-split numa emulation
x86/mm/pat: Disable preemption around __flush_tlb_all()
x86/kvm/nVMX: allow bare VMXON state migration
x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided
x86/xen: Fix boot loader version reported for PVH guests
x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
ALSA: hda - Fix incorrect clearance of thinkpad_acpi hooks
ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
ALSA: hda: Add 2 more models to the power_save blacklist
ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
ALSA: hda - Fix headphone pin config for ASUS G751
ALSA: hda - Add quirk for ASUS G751 laptop
parisc: Fix exported address of os_hpmc handler
parisc: Fix map_pages() to not overwrite existing pte entries
parisc: Fix address in HPMC IVA
mailbox: PCC: handle parse error
ipmi: Fix timer race with module unload
kprobes/x86: Use preempt_enable() in optimized_callback()
acpi, nfit: Fix Address Range Scrub completion tracking
ACPICA: AML Parser: fix parse loop to correctly skip erroneous extended opcodes
ACPICA: AML interpreter: add region addresses in global list during initialization
ACPI / OSL: Use 'jiffies' as the time bassis for acpi_os_get_timer()
pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
dma-mapping: fix panic caused by passing empty cma command line argument
cpufreq: conservative: Take limits changes into account properly
block: make sure writesame bio is aligned with logical block size
block: make sure discard bio is aligned with logical block size
block: setup bounce bio_sets properly
jffs2: free jffs2_sb_info through jffs2_kill_sb()
hwmon: (pmbus) Fix page count auto-detection.
bcache: fix miss key refill->end in writeback
bcache: correct dirty data statistics
bcache: fix ioctl in flash device
bcache: trace missed reading by cache_missed
spi: bcm-qspi: fix calculation of address length
spi: bcm-qspi: switch back to reading flash using smaller chunks
spi: spi-mem: Adjust op len based on message/transfer size limitations
mtd: spi-nor: fsl-quadspi: Don't let -EINVAL on the bus
mtd: spi-nor: intel-spi: Add support for Intel Ice Lake SPI serial flash
mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB
mtd: maps: gpio-addr-flash: Fix ioremapped size
mtd: rawnand: marvell: fix the IRQ handler complete() condition
gpio: mxs: Get rid of external API call
MIPS: VDSO: Reduce VDSO_RANDOMIZE_SIZE to 64MB for 64bit
bpf: fix partial copy of map_ptr when dst is scalar
Conflicts:
drivers/iommu/arm-smmu.c
Change-Id: Iff6f46fb6932b2a41a7a3df5f2a18f1eddfb9d66
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
* refs/heads/tmp-07a03b9:
Linux 4.19.1
net: bridge: remove ipv6 zero address check in mcast queries
sparc64: Wire up compat getpeername and getsockname.
sparc64: Make corrupted user stacks more debuggable.
sparc64: Export __node_distance.
sctp: check policy more carefully when getting pr status
Revert "be2net: remove desc field from be_eq_obj"
r8169: fix broken Wake-on-LAN from S5 (poweroff)
net: Properly unlink GRO packets on overflow.
net: drop skb on failure in ip_check_defrag()
mlxsw: core: Fix devlink unregister flow
mlxsw: spectrum_switchdev: Don't ignore deletions of learned MACs
net/smc: fix smc_buf_unuse to use the lgr pointer
net/ipv6: Allow onlink routes to have a device mismatch if it is the default route
openvswitch: Fix push/pop ethernet validation
bonding: fix length of actor system
vhost: Fix Spectre V1 vulnerability
rtnetlink: Disallow FDB configuration for non-Ethernet device
Revert "net: simplify sock_poll_wait"
net: udp: fix handling of CHECKSUM_COMPLETE packets
net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
net: sched: gred: pass the right attribute to gred_change_table_def()
net/mlx5e: fix csum adjustments caused by RXFCS
ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called
bridge: do not add port to router list when receives query with source 0.0.0.0
Change-Id: Idde80d444a4a617490f19de89ccd72ba1daa5533
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org>
commit f43f39958beb206b53292801e216d9b8a660f087 upstream.
All bytes of the NETLINK_CRYPTO report structures must be initialized,
since they are copied to userspace. The change from strncpy() to
strlcpy() broke this. As a minimal fix, change it back.
Fixes: 4473710df1 ("crypto: user - Prepare for CRYPTO_MAX_ALG_NAME expansion")
Cc: <stable@vger.kernel.org> # v4.12+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 578bdaabd015b9b164842c3e8ace9802f38e7ecc upstream.
These are unused, undesired, and have never actually been used by
anybody. The original authors of this code have changed their mind about
its inclusion. While originally proposed for disk encryption on low-end
devices, the idea was discarded [1] in favor of something else before
that could really get going. Therefore, this patch removes Speck.
[1] https://marc.info/?l=linux-crypto-vger&m=153359499015659
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Acked-by: Eric Biggers <ebiggers@google.com>
Cc: stable@vger.kernel.org
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4a34e3c2f2f48f47213702a84a123af0fe21ad60 upstream.
Use the correct __le32 annotation and accessors to perform the
single round of AES encryption performed inside the AEGIS transform.
Otherwise, tcrypt reports:
alg: aead: Test 1 failed on encryption for aegis128-generic
00000000: 6c 25 25 4a 3c 10 1d 27 2b c1 d4 84 9a ef 7f 6e
alg: aead: Test 1 failed on encryption for aegis128l-generic
00000000: cd c6 e3 b8 a0 70 9d 8e c2 4f 6f fe 71 42 df 28
alg: aead: Test 1 failed on encryption for aegis256-generic
00000000: aa ed 07 b1 96 1d e9 e6 f2 ed b5 8e 1c 5f dc 1c
Fixes: f606a88e58 ("crypto: aegis - Add generic AEGIS AEAD implementations")
Cc: <stable@vger.kernel.org> # v4.18+
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5a8dedfa3276e88c5865f265195d63d72aec3e72 upstream.
Omit the endian swabbing when folding the lengths of the assoc and
crypt input buffers into the state to finalize the tag. This is not
necessary given that the memory representation of the state is in
machine native endianness already.
This fixes an error reported by tcrypt running on a big endian system:
alg: aead: Test 2 failed on encryption for morus640-generic
00000000: a8 30 ef fb e6 26 eb 23 b0 87 dd 98 57 f3 e1 4b
00000010: 21
alg: aead: Test 2 failed on encryption for morus1280-generic
00000000: 88 19 1b fb 1c 29 49 0e ee 82 2f cb 97 a6 a5 ee
00000010: 5f
Fixes: 396be41f16 ("crypto: morus - Add generic MORUS AEAD implementations")
Cc: <stable@vger.kernel.org> # v4.18+
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit fbe1a850b3b1522e9fc22319ccbbcd2ab05328d2 upstream.
When the LRW block counter overflows, the current implementation returns
128 as the index to the precomputed multiplication table, which has 128
entries. This patch fixes it to return the correct value (127).
Fixes: 64470f1b85 ("[CRYPTO] lrw: Liskov Rivest Wagner, a tweakable narrow block cipher mode")
Cc: <stable@vger.kernel.org> # 2.6.20+
Reported-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
In the quest to remove all stack VLA usage from the kernel[1], this
replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage
with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(),
which uses a fixed stack size.
[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
Change-Id: I0f5cf2a2209b015e27a7ed627ba21c76ef24c36d
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Git-Commit: 36b3875a97b85e60eb612f8c72d19271c70b08fd
Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org>
In the quest to remove all stack VLA usage from the kernel[1], this
replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage
with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(),
which uses a fixed stack size.
[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
Change-Id: I9f879e0a86eb4a9ff08d65a2128d230ec06e0f4c
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Git-Commit: 8d605398425843c7ce3c0e9a0434d832d3bd54cc
Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org>
In preparation for removal of VLAs due to skcipher requests on the stack
via SKCIPHER_REQUEST_ON_STACK() usage, this introduces the infrastructure
for the "sync skcipher" tfm, which is for handling the on-stack cases of
skcipher, which are always non-ASYNC and have a known limited request
size.
The crypto API additions:
struct crypto_sync_skcipher (wrapper for struct crypto_skcipher)
crypto_alloc_sync_skcipher()
crypto_free_sync_skcipher()
crypto_sync_skcipher_setkey()
crypto_sync_skcipher_get_flags()
crypto_sync_skcipher_set_flags()
crypto_sync_skcipher_clear_flags()
crypto_sync_skcipher_blocksize()
crypto_sync_skcipher_ivsize()
crypto_sync_skcipher_reqtfm()
skcipher_request_set_sync_tfm()
SYNC_SKCIPHER_REQUEST_ON_STACK() (with tfm type check)
Change-Id: I9e6df0b1b97a9fde1ca8407793bdc9f4008db1c1
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Git-Commit: b350bee5ea0f4db75d4c6191a2e95db16f40c278
Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org>
In the quest to remove all stack VLA usage from the kernel[1], this uses
the newly defined max alignment to perform unaligned hashing to avoid
VLAs, and drops the helper function while adding sanity checks on the
resulting buffer sizes. Additionally, the __aligned_largest macro is
removed since this helper was the only user.
[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
Change-Id: I5ac3bcad06454601823f8b69d6c08288285800e9
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Git-Commit: f3569fd613f669c95ad187208ad281995f30cc2a
Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org>
In the quest to remove all stack VLA usage from the kernel[1], this
removes the VLAs in SHASH_DESC_ON_STACK (via crypto_shash_descsize())
by using the maximum allowable size (which is now more clearly captured
in a macro), along with a few other cases. Similar limits are turned into
macros as well.
A review of existing sizes shows that SHA512_DIGEST_SIZE (64) is the
largest digest size and that sizeof(struct sha3_state) (360) is the
largest descriptor size. The corresponding maximums are reduced.
[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
Change-Id: I5281cc251f49e9c7d9761f7ec7217dd08588c26d
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Git-Commit: b68a7ec1e9a3efac53ae26a1658a553825a2375c
Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org>
In the quest to remove all stack VLA usage from the kernel[1], this drops
AHASH_REQUEST_ON_STACK by preallocating the ahash request area combined
with the skcipher area (which are not used at the same time).
[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
Change-Id: If8eb7d120ac64c0fbc8e67abd3d5921f548590ff
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Git-Commit: ebf533adc877d9171800bbce77372d8051fc35c2
Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org>
In the quest to remove all stack VLA usage from the kernel[1], this uses
the maximum blocksize and adds a sanity check. For xcbc, the blocksize
must always be 16, so use that, since it's already being enforced during
instantiation.
[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
Change-Id: I4b1f851ccd31004cc5c0c28e73385aa16bcb53a9
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Git-Commit: 3bdd23f886c08a0d649c535e1e2cf083ec600036
Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org>
In the quest to remove all stack VLA usage from the kernel[1], this
exposes a new general upper bound on crypto blocksize and alignmask
(higher than for the existing cipher limits) for VLA removal,
and introduces new checks.
At present, the highest cra_alignmask in the kernel is 63. The highest
cra_blocksize is 144 (SHA3_224_BLOCK_SIZE, 18 8-byte words). For the
new blocksize limit, I went with 160 (20 8-byte words).
[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
Change-Id: Icee27c45f542a9de25310b193c5bd08bc236996e
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Git-Commit: a9f7f88a12f1494deca1fd9e173c7ae886d14f91
Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org>
[ Upstream commit 89ab066d4229acd32e323f1569833302544a4186 ]
This reverts commit dd979b4df8.
This broke tcp_poll for SMC fallback: An AF_SMC socket establishes an
internal TCP socket for the initial handshake with the remote peer.
Whenever the SMC connection can not be established this TCP socket is
used as a fallback. All socket operations on the SMC socket are then
forwarded to the TCP socket. In case of poll, the file->private_data
pointer references the SMC socket because the TCP socket has no file
assigned. This causes tcp_poll to wait on the wrong socket.
Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This round brings couple of framework changes, a new driver and usual driver
updates:
- New managed helper for dmaengine framework registration
- Split dmaengine pause capability to pause and resume and allow drivers to
report that individually
- Update dma_request_chan_by_mask() to handle deferred probing
- Move imx-sdma to use virt-dma
- New driver for Actions Semi Owl family S900 controller
- Minor updates to intel, renesas, mv_xor, pl330 etc
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJbdsctAAoJEHwUBw8lI4NHZrIP/3/HrNSUKApt1KdOcG5UA7nu
7O3BcvkAahmM285Hw3a/zLEnSm2sJ/6EI0lN1sz+VYi8IECG7nbCyHQh3Bd1Mxi1
XLHafdTGcI5b7rpicNtRS1BHCPtNrgOypFxs8b/bTatbzc/aWM8K8WFLX27sqGZT
1Sb2nNKKrVbQDVqJ+1ZEQ4q86w61tPHmmRH0icl1DAQREfsvbu/bRMdol5H7/orx
A+ZGH39Ig3FI8/Ri8KccqShvG0VM1yCVJca+0j30IL1x4JNZ36uG+NQbtkBIkOJC
kk9qfCu3ugm4NOtfKGOtkmmOwE9/GirRh+QMPpSmi6oQu4vdOVxyQyYpKukHIer1
vxwpvo2b+3POMfHi1kuqDJhcGIEPak6tH2Oyd01l7nA7Lyww9iC2AyiL89knw+i6
aUK4oHIhf2fFLUN6/ck4JbBqQ3MrDNraZfLJcnmQPtpTftW9Yqd2yqs7Cf1gcBC9
jyLAekJENiUmaNJsL5nJUMDVGG0lIiOnfwtPNfPZJuWu+4doKb2pM4+Ljcyfn2g0
ub4fPfXp0wcFaVarjpQr6T0tdZVMpmrPSTPGS5BdVZbWntrNOpiHmmPVEOLNz3zb
ibIMFn478/RYYB5pcNtHkUaOF4tu0w46fSqRp1ixkey+FIHKlj8/B+YeaAJF0nJh
fc4XaTTJgLufzc1F0ztU
=kbCC
-----END PGP SIGNATURE-----
Merge tag 'dmaengine-4.19-rc1' of git://git.infradead.org/users/vkoul/slave-dma
Pull DMAengine updates from Vinod Koul:
"This round brings couple of framework changes, a new driver and usual
driver updates:
- new managed helper for dmaengine framework registration
- split dmaengine pause capability to pause and resume and allow
drivers to report that individually
- update dma_request_chan_by_mask() to handle deferred probing
- move imx-sdma to use virt-dma
- new driver for Actions Semi Owl family S900 controller
- minor updates to intel, renesas, mv_xor, pl330 etc"
* tag 'dmaengine-4.19-rc1' of git://git.infradead.org/users/vkoul/slave-dma: (46 commits)
dmaengine: Add Actions Semi Owl family S900 DMA driver
dt-bindings: dmaengine: Add binding for Actions Semi Owl SoCs
dmaengine: sh: rcar-dmac: Should not stop the DMAC by rcar_dmac_sync_tcr()
dmaengine: mic_x100_dma: use the new helper to simplify the code
dmaengine: add a new helper dmaenginem_async_device_register
dmaengine: imx-sdma: add memcpy interface
dmaengine: imx-sdma: add SDMA_BD_MAX_CNT to replace '0xffff'
dmaengine: dma_request_chan_by_mask() to handle deferred probing
dmaengine: pl330: fix irq race with terminate_all
dmaengine: Revert "dmaengine: mv_xor_v2: enable COMPILE_TEST"
dmaengine: mv_xor_v2: use {lower,upper}_32_bits to configure HW descriptor address
dmaengine: mv_xor_v2: enable COMPILE_TEST
dmaengine: mv_xor_v2: move unmap to before callback
dmaengine: mv_xor_v2: convert callback to helper function
dmaengine: mv_xor_v2: kill the tasklets upon exit
dmaengine: mv_xor_v2: explicitly freeup irq
dmaengine: sh: rcar-dmac: Add dma_pause operation
dmaengine: sh: rcar-dmac: add a new function to clear CHCR.DE with barrier
dmaengine: idma64: Support dmaengine_terminate_sync()
dmaengine: hsu: Support dmaengine_terminate_sync()
...
Replace the use of a magic number that indicates that verify_*_signature()
should use the secondary keyring with a symbol.
Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Pull integrity updates from James Morris:
"This adds support for EVM signatures based on larger digests, contains
a new audit record AUDIT_INTEGRITY_POLICY_RULE to differentiate the
IMA policy rules from the IMA-audit messages, addresses two deadlocks
due to either loading or searching for crypto algorithms, and cleans
up the audit messages"
* 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
EVM: fix return value check in evm_write_xattrs()
integrity: prevent deadlock during digsig verification.
evm: Allow non-SHA1 digital signatures
evm: Don't deadlock if a crypto algorithm is unavailable
integrity: silence warning when CONFIG_SECURITYFS is not enabled
ima: Differentiate auditing policy rules from "audit" actions
ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set
ima: Use audit_log_format() rather than audit_log_string()
ima: Call audit_log_string() rather than logging it untrusted
Make it return -EINVAL if crypto_dh_key_len() is incorrect rather than
overflowing the buffer.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
It was forgotten to increase DH_KPP_SECRET_MIN_SIZE to include 'q_size',
causing an out-of-bounds write of 4 bytes in crypto_dh_encode_key(), and
an out-of-bounds read of 4 bytes in crypto_dh_decode_key(). Fix it, and
fix the lengths of the test vectors to match this.
Reported-by: syzbot+6d38d558c25b53b8f4ed@syzkaller.appspotmail.com
Fixes: e3fe0ae129 ("crypto: dh - add public key verification test")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Like the skcipher_walk and blkcipher_walk cases:
scatterwalk_done() is only meant to be called after a nonzero number of
bytes have been processed, since scatterwalk_pagedone() will flush the
dcache of the *previous* page. But in the error case of
ablkcipher_walk_done(), e.g. if the input wasn't an integer number of
blocks, scatterwalk_done() was actually called after advancing 0 bytes.
This caused a crash ("BUG: unable to handle kernel paging request")
during '!PageSlab(page)' on architectures like arm and arm64 that define
ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE, provided that the input was
page-aligned as in that case walk->offset == 0.
Fix it by reorganizing ablkcipher_walk_done() to skip the
scatterwalk_advance() and scatterwalk_done() if an error has occurred.
Reported-by: Liu Chao <liuchao741@huawei.com>
Fixes: bf06099db1 ("crypto: skcipher - Add ablkcipher_walk interfaces")
Cc: <stable@vger.kernel.org> # v2.6.35+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Like the skcipher_walk case:
scatterwalk_done() is only meant to be called after a nonzero number of
bytes have been processed, since scatterwalk_pagedone() will flush the
dcache of the *previous* page. But in the error case of
blkcipher_walk_done(), e.g. if the input wasn't an integer number of
blocks, scatterwalk_done() was actually called after advancing 0 bytes.
This caused a crash ("BUG: unable to handle kernel paging request")
during '!PageSlab(page)' on architectures like arm and arm64 that define
ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE, provided that the input was
page-aligned as in that case walk->offset == 0.
Fix it by reorganizing blkcipher_walk_done() to skip the
scatterwalk_advance() and scatterwalk_done() if an error has occurred.
This bug was found by syzkaller fuzzing.
Reproducer, assuming ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE:
#include <linux/if_alg.h>
#include <sys/socket.h>
#include <unistd.h>
int main()
{
struct sockaddr_alg addr = {
.salg_type = "skcipher",
.salg_name = "ecb(aes-generic)",
};
char buffer[4096] __attribute__((aligned(4096))) = { 0 };
int fd;
fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(fd, (void *)&addr, sizeof(addr));
setsockopt(fd, SOL_ALG, ALG_SET_KEY, buffer, 16);
fd = accept(fd, NULL, NULL);
write(fd, buffer, 15);
read(fd, buffer, 15);
}
Reported-by: Liu Chao <liuchao741@huawei.com>
Fixes: 5cde0af2a9 ("[CRYPTO] cipher: Added block cipher type")
Cc: <stable@vger.kernel.org> # v2.6.19+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
scatterwalk_done() is only meant to be called after a nonzero number of
bytes have been processed, since scatterwalk_pagedone() will flush the
dcache of the *previous* page. But in the error case of
skcipher_walk_done(), e.g. if the input wasn't an integer number of
blocks, scatterwalk_done() was actually called after advancing 0 bytes.
This caused a crash ("BUG: unable to handle kernel paging request")
during '!PageSlab(page)' on architectures like arm and arm64 that define
ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE, provided that the input was
page-aligned as in that case walk->offset == 0.
Fix it by reorganizing skcipher_walk_done() to skip the
scatterwalk_advance() and scatterwalk_done() if an error has occurred.
This bug was found by syzkaller fuzzing.
Reproducer, assuming ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE:
#include <linux/if_alg.h>
#include <sys/socket.h>
#include <unistd.h>
int main()
{
struct sockaddr_alg addr = {
.salg_type = "skcipher",
.salg_name = "cbc(aes-generic)",
};
char buffer[4096] __attribute__((aligned(4096))) = { 0 };
int fd;
fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(fd, (void *)&addr, sizeof(addr));
setsockopt(fd, SOL_ALG, ALG_SET_KEY, buffer, 16);
fd = accept(fd, NULL, NULL);
write(fd, buffer, 15);
read(fd, buffer, 15);
}
Reported-by: Liu Chao <liuchao741@huawei.com>
Fixes: b286d8b1a6 ("crypto: skcipher - Add skcipher walk interface")
Cc: <stable@vger.kernel.org> # v4.10+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Setting 'walk->nbytes = walk->total' in skcipher_walk_first() doesn't
make sense because actually walk->nbytes needs to be set to the length
of the first step in the walk, which may be less than walk->total. This
is done by skcipher_walk_next() which is called immediately afterwards.
Also walk->nbytes was already set to 0 in skcipher_walk_skcipher(),
which is a better default value in case it's forgotten to be set later.
Therefore, remove the unnecessary assignment to walk->nbytes.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
All callers pass chain=0 to scatterwalk_crypto_chain().
Remove this unneeded parameter.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The ALIGN() macro needs to be passed the alignment, not the alignmask
(which is the alignment minus 1).
Fixes: b286d8b1a6 ("crypto: skcipher - Add skcipher walk interface")
Cc: <stable@vger.kernel.org> # v4.10+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Avoid RCU stalls in the case of non-preemptible kernel and lengthy
speed tests by rescheduling when advancing from one block size
to another.
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The wait_address argument is always directly derived from the filp
argument, so remove it.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Make use of the swap macro and remove unnecessary variable *tmp*.
This makes the code easier to read and maintain.
This code was detected with the help of Coccinelle.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Make use of the swap macro and remove unnecessary variable *tmp*.
This makes the code easier to read and maintain.
This code was detected with the help of Coccinelle.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Fix the b value to be compliant with FIPS 186-4 D.1.2.1. This fix is
required to make sure the SP800-56A public key test passes for P-192.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
By adding a zero byte-length for the DH parameter Q value, the public
key verification test is disabled for the given test.
Reported-by: Eric Biggers <ebiggers3@gmail.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The CTR DRBG requires two SGLs pointing to input/output buffers for the
CTR AES operation. The used SGLs always have only one entry. Thus, the
SGL can be initialized during allocation time, preventing a
re-initialization of the SGLs during each call.
The performance is increased by about 1 to 3 percent depending on the
size of the requested buffer size.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
In case memory resources for *base* were allocated, release them
before return.
Addresses-Coverity-ID: 1471702 ("Resource leak")
Fixes: e3fe0ae129 ("crypto: dh - add public key verification test")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Reviewed-by: Stephan Müller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Pull crypto fix from Herbert Xu:
"This fixes an allocation error-path bug in af_alg discovered by
syzkaller"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: af_alg - Initialize sg_num_bytes in error code path
When EVM attempts to appraise a file signed with a crypto algorithm the
kernel doesn't have support for, it will cause the kernel to trigger a
module load. If the EVM policy includes appraisal of kernel modules this
will in turn call back into EVM - since EVM is holding a lock until the
crypto initialisation is complete, this triggers a deadlock. Add a
CRYPTO_NOLOAD flag and skip module loading if it's set, and add that flag
in the EVM case in order to fail gracefully with an error message
instead of deadlocking.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
The RX SGL in processing is already registered with the RX SGL tracking
list to support proper cleanup. The cleanup code path uses the
sg_num_bytes variable which must therefore be always initialized, even
in the error code path.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Reported-by: syzbot+9c251bdd09f83b92ba95@syzkaller.appspotmail.com
#syz test: https://github.com/google/kmsan.git master
CC: <stable@vger.kernel.org> #4.14
Fixes: e870456d8e ("crypto: algif_skcipher - overhaul memory management")
Fixes: d887c52d6a ("crypto: algif_aead - overhaul memory management")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The testmgr hash tests were testing init, digest, update and final
methods but not the finup method. Add a test for this one too.
While doing this, make sure we only run the partial tests once with
the digest tests and skip them with the final and finup tests since
they are the same.
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Some aead algorithms set .cra_flags = CRYPTO_ALG_TYPE_AEAD. But this is
redundant with the C structure type ('struct aead_alg'), and
crypto_register_aead() already sets the type flag automatically,
clearing any type flag that was already there. Apparently the useless
assignment has just been copy+pasted around.
So, remove the useless assignment from all the aead algorithms.
This patch shouldn't change any actual behavior.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Many shash algorithms set .cra_flags = CRYPTO_ALG_TYPE_SHASH. But this
is redundant with the C structure type ('struct shash_alg'), and
crypto_register_shash() already sets the type flag automatically,
clearing any type flag that was already there. Apparently the useless
assignment has just been copy+pasted around.
So, remove the useless assignment from all the shash algorithms.
This patch shouldn't change any actual behavior.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
sha512-generic and sha384-generic had a cra_priority of 0, so it wasn't
possible to have a lower priority SHA-512 or SHA-384 implementation, as
is desired for sha512_mb which is only useful under certain workloads
and is otherwise extremely slow. Change them to priority 100, which is
the priority used for many of the other generic algorithms.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
sha256-generic and sha224-generic had a cra_priority of 0, so it wasn't
possible to have a lower priority SHA-256 or SHA-224 implementation, as
is desired for sha256_mb which is only useful under certain workloads
and is otherwise extremely slow. Change them to priority 100, which is
the priority used for many of the other generic algorithms.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
sha1-generic had a cra_priority of 0, so it wasn't possible to have a
lower priority SHA-1 implementation, as is desired for sha1_mb which is
only useful under certain workloads and is otherwise extremely slow.
Change it to priority 100, which is the priority used for many of the
other generic algorithms.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
According to SP800-56A section 5.6.2.1, the public key to be processed
for the DH operation shall be checked for appropriateness. The check
shall covers the full verification test in case the domain parameter Q
is provided as defined in SP800-56A section 5.6.2.3.1. If Q is not
provided, the partial check according to SP800-56A section 5.6.2.3.2 is
performed.
The full verification test requires the presence of the domain parameter
Q. Thus, the patch adds the support to handle Q. It is permissible to
not provide the Q value as part of the domain parameters. This implies
that the interface is still backwards-compatible where so far only P and
G are to be provided. However, if Q is provided, it is imported.
Without the test, the NIST ACVP testing fails. After adding this check,
the NIST ACVP testing passes. Testing without providing the Q domain
parameter has been performed to verify the interface has not changed.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
As of GCC 9.0.0 the build is reporting warnings like:
crypto/ablkcipher.c: In function ‘crypto_ablkcipher_report’:
crypto/ablkcipher.c:374:2: warning: ‘strncpy’ specified bound 64 equals destination size [-Wstringop-truncation]
strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>",
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sizeof(rblkcipher.geniv));
~~~~~~~~~~~~~~~~~~~~~~~~~
This means the strnycpy might create a non null terminated string. Fix this by
explicitly performing '\0' termination.
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Max Filippov <jcmvbkbc@gmail.com>
Cc: Eric Biggers <ebiggers3@gmail.com>
Cc: Nick Desaulniers <nick.desaulniers@gmail.com>
Signed-off-by: Stafford Horne <shorne@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
According to SP800-56A section 5.6.2.1, the public key to be processed
for the ECDH operation shall be checked for appropriateness. When the
public key is considered to be an ephemeral key, the partial validation
test as defined in SP800-56A section 5.6.2.3.4 can be applied.
The partial verification test requires the presence of the field
elements of a and b. For the implemented NIST curves, b is defined in
FIPS 186-4 appendix D.1.2. The element a is implicitly given with the
Weierstrass equation given in D.1.2 where a = p - 3.
Without the test, the NIST ACVP testing fails. After adding this check,
the NIST ACVP testing passes.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The function skcipher_walk_next declared as static and marked as
EXPORT_SYMBOL_GPL. It's a bit confusing for internal function to be
exported. The area of visibility for such function is its .c file
and all other modules. Other *.c files of the same module can't use it,
despite all other modules can. Relying on the fact that this is the
internal function and it's not a crucial part of the API, the patch
just removes the EXPORT_SYMBOL_GPL marking of skcipher_walk_next.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Remove the original version of the VMAC template that had the nonce
hardcoded to 0 and produced a digest with the wrong endianness. I'm
unsure whether this had users or not (there are no explicit in-kernel
references to it), but given that the hardcoded nonce made it wildly
insecure unless a unique key was used for each message, let's try
removing it and see if anyone complains.
Leave the new "vmac64" template that requires the nonce to be explicitly
specified as the first 16 bytes of data and uses the correct endianness
for the digest.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Currently the VMAC template uses a "nonce" hardcoded to 0, which makes
it insecure unless a unique key is set for every message. Also, the
endianness of the final digest is wrong: the implementation uses little
endian, but the VMAC specification has it as big endian, as do other
VMAC implementations such as the one in Crypto++.
Add a new VMAC template where the nonce is passed as the first 16 bytes
of data (similar to what is done for Poly1305's nonce), and the digest
is big endian. Call it "vmac64", since the old name of simply "vmac"
didn't clarify whether the implementation is of VMAC-64 or of VMAC-128
(which produce 64-bit and 128-bit digests respectively); so we fix the
naming ambiguity too.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
syzbot reported a crash in vmac_final() when multiple threads
concurrently use the same "vmac(aes)" transform through AF_ALG. The bug
is pretty fundamental: the VMAC template doesn't separate per-request
state from per-tfm (per-key) state like the other hash algorithms do,
but rather stores it all in the tfm context. That's wrong.
Also, vmac_final() incorrectly zeroes most of the state including the
derived keys and cached pseudorandom pad. Therefore, only the first
VMAC invocation with a given key calculates the correct digest.
Fix these bugs by splitting the per-tfm state from the per-request state
and using the proper init/update/final sequencing for requests.
Reproducer for the crash:
#include <linux/if_alg.h>
#include <sys/socket.h>
#include <unistd.h>
int main()
{
int fd;
struct sockaddr_alg addr = {
.salg_type = "hash",
.salg_name = "vmac(aes)",
};
char buf[256] = { 0 };
fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(fd, (void *)&addr, sizeof(addr));
setsockopt(fd, SOL_ALG, ALG_SET_KEY, buf, 16);
fork();
fd = accept(fd, NULL, NULL);
for (;;)
write(fd, buf, 256);
}
The immediate cause of the crash is that vmac_ctx_t.partial_size exceeds
VMAC_NHBYTES, causing vmac_final() to memset() a negative length.
Reported-by: syzbot+264bca3a6e8d645550d3@syzkaller.appspotmail.com
Fixes: f1939f7c56 ("crypto: vmac - New hash algorithm for intel_txt support")
Cc: <stable@vger.kernel.org> # v2.6.32+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The VMAC template assumes the block cipher has a 128-bit block size, but
it failed to check for that. Thus it was possible to instantiate it
using a 64-bit block size cipher, e.g. "vmac(cast5)", causing
uninitialized memory to be used.
Add the needed check when instantiating the template.
Fixes: f1939f7c56 ("crypto: vmac - New hash algorithm for intel_txt support")
Cc: <stable@vger.kernel.org> # v2.6.32+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The poll() changes were not well thought out, and completely
unexplained. They also caused a huge performance regression, because
"->poll()" was no longer a trivial file operation that just called down
to the underlying file operations, but instead did at least two indirect
calls.
Indirect calls are sadly slow now with the Spectre mitigation, but the
performance problem could at least be largely mitigated by changing the
"->get_poll_head()" operation to just have a per-file-descriptor pointer
to the poll head instead. That gets rid of one of the new indirections.
But that doesn't fix the new complexity that is completely unwarranted
for the regular case. The (undocumented) reason for the poll() changes
was some alleged AIO poll race fixing, but we don't make the common case
slower and more complex for some uncommon special case, so this all
really needs way more explanations and most likely a fundamental
redesign.
[ This revert is a revert of about 30 different commits, not reverted
individually because that would just be unnecessarily messy - Linus ]
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Pull security subsystem fixes from James Morris:
- Smack: fix a regression caused by 1bbc55131e
- X.509: fix a (usually un-seen) bug in RSA signature parsing
* 'fixes-v4.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
X.509: unpack RSA signatureValue field from BIT STRING
Smack: Mark inode instant in smack_task_to_inode
The signatureValue field of a X.509 certificate is encoded as a BIT STRING.
For RSA signatures this BIT STRING is of so-called primitive subtype, which
contains a u8 prefix indicating a count of unused bits in the encoding.
We have to strip this prefix from signature data, just as we already do for
key data in x509_extract_key_data() function.
This wasn't noticed earlier because this prefix byte is zero for RSA key
sizes divisible by 8. Since BIT STRING is a big-endian encoding adding zero
prefixes has no bearing on its value.
The signature length, however was incorrect, which is a problem for RSA
implementations that need it to be exactly correct (like AMD CCP).
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Fixes: c26fd69fa0 ("X.509: Add a crypto key parser for binary (DER) X.509 certificates")
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.morris@microsoft.com>
Pull crypto fixes from Herbert Xu:
- Fix use after free in chtls
- Fix RBP breakage in sha3
- Fix use after free in hwrng_unregister
- Fix overread in morus640
- Move sleep out of kernel_neon in arm64/aes-blk
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
hwrng: core - Always drop the RNG in hwrng_unregister()
crypto: morus640 - Fix out-of-bounds access
crypto: don't optimize keccakf()
crypto: arm64/aes-blk - fix and move skcipher_walk_done out of kernel_neon_begin, _end
crypto: chtls - use after free in chtls_pt_recvmsg()
Trival fix to correct the indentation of a single statement
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds the sha384 pre-computed 0-length hash so that device
drivers can use it when an hardware engine does not support computing a
hash from a 0 length input.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds the sha512 pre-computed 0-length hash so that device
drivers can use it when an hardware engine does not support computing a
hash from a 0 length input.
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
In the quest to remove VLAs from the kernel[1], this adjusts the
allocation of coefs and blocks to use the existing maximum values
(with one new define, MAX_DISKS for coefs, and a reuse of the
existing NDISKS for blocks).
[1] https://lkml.org/lkml/2018/3/7/621
Signed-off-by: Kyle Spiers <ksspiers@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
As we move stuff around, some doc references are broken. Fix some of
them via this script:
./scripts/documentation-file-ref-check --fix
Manually checked if the produced result is valid, removing a few
false-positives.
Acked-by: Takashi Iwai <tiwai@suse.de>
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Acked-by: Stephen Boyd <sboyd@kernel.org>
Acked-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Acked-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Reviewed-by: Coly Li <colyli@suse.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Acked-by: Jonathan Corbet <corbet@lwn.net>
We must load the block from the temporary variable here, not directly
from the input.
Also add forgotten zeroing-out of the uninitialized part of the
temporary block (as is done correctly in morus1280.c).
Fixes: 396be41f16 ("crypto: morus - Add generic MORUS AEAD implementations")
Reported-by: syzbot+1fafa9c4cf42df33f716@syzkaller.appspotmail.com
Reported-by: syzbot+d82643ba80bf6937cd44@syzkaller.appspotmail.com
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
keccakf() is the only function in kernel that uses __optimize() macro.
__optimize() breaks frame pointer unwinder as optimized code uses RBP,
and amusingly this always lead to degraded performance as gcc does not
inline across different optimizations levels, so keccakf() wasn't inlined
into its callers and keccakf_round() wasn't inlined into keccakf().
Drop __optimize() to resolve both problems.
Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Fixes: 83dee2ce1a ("crypto: sha3-generic - rewrite KECCAK transform to help the compiler optimize")
Reported-by: syzbot+37035ccfa9a0a017ffcf@syzkaller.appspotmail.com
Reported-by: syzbot+e073e4740cfbb3ae200b@syzkaller.appspotmail.com
Cc: linux-crypto@vger.kernel.org
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
- Use overflow helpers in 2-factor allocators (Kees, Rasmus)
- Introduce overflow test module (Rasmus, Kees)
- Introduce saturating size helper functions (Matthew, Kees)
- Treewide use of struct_size() for allocators (Kees)
-----BEGIN PGP SIGNATURE-----
Comment: Kees Cook <kees@outflux.net>
iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAlsYJ1gWHGtlZXNjb29r
QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJlCTEACwdEeriAd2VwxknnsstojGD/3g
8TTFA19vSu4Gxa6WiDkjGoSmIlfhXTlZo1Nlmencv16ytSvIVDNLUIB3uDxUIv1J
2+dyHML9JpXYHHR7zLXXnGFJL0wazqjbsD3NYQgXqmun7EVVYnOsAlBZ7h/Lwiej
jzEJd8DaHT3TA586uD3uggiFvQU0yVyvkDCDONIytmQx+BdtGdg9TYCzkBJaXuDZ
YIthyKDvxIw5nh/UaG3L+SKo73tUr371uAWgAfqoaGQQCWe+mxnWL4HkCKsjFzZL
u9ouxxF/n6pij3E8n6rb0i2fCzlsTDdDF+aqV1rQ4I4hVXCFPpHUZgjDPvBWbj7A
m6AfRHVNnOgI8HGKqBGOfViV+2kCHlYeQh3pPW33dWzy/4d/uq9NIHKxE63LH+S4
bY3oO2ela8oxRyvEgXLjqmRYGW1LB/ZU7FS6Rkx2gRzo4k8Rv+8K/KzUHfFVRX61
jEbiPLzko0xL9D53kcEn0c+BhofK5jgeSWxItdmfuKjLTW4jWhLRlU+bcUXb6kSS
S3G6aF+L+foSUwoq63AS8QxCuabuhreJSB+BmcGUyjthCbK/0WjXYC6W/IJiRfBa
3ZTxBC/2vP3uq/AGRNh5YZoxHL8mSxDfn62F+2cqlJTTKR/O+KyDb1cusyvk3H04
KCDVLYPxwQQqK1Mqig==
=/3L8
-----END PGP SIGNATURE-----
Merge tag 'overflow-v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull overflow updates from Kees Cook:
"This adds the new overflow checking helpers and adds them to the
2-factor argument allocators. And this adds the saturating size
helpers and does a treewide replacement for the struct_size() usage.
Additionally this adds the overflow testing modules to make sure
everything works.
I'm still working on the treewide replacements for allocators with
"simple" multiplied arguments:
*alloc(a * b, ...) -> *alloc_array(a, b, ...)
and
*zalloc(a * b, ...) -> *calloc(a, b, ...)
as well as the more complex cases, but that's separable from this
portion of the series. I expect to have the rest sent before -rc1
closes; there are a lot of messy cases to clean up.
Summary:
- Introduce arithmetic overflow test helper functions (Rasmus)
- Use overflow helpers in 2-factor allocators (Kees, Rasmus)
- Introduce overflow test module (Rasmus, Kees)
- Introduce saturating size helper functions (Matthew, Kees)
- Treewide use of struct_size() for allocators (Kees)"
* tag 'overflow-v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
treewide: Use struct_size() for devm_kmalloc() and friends
treewide: Use struct_size() for vmalloc()-family
treewide: Use struct_size() for kmalloc()-family
device: Use overflow helpers for devm_kmalloc()
mm: Use overflow helpers in kvmalloc()
mm: Use overflow helpers in kmalloc_array*()
test_overflow: Add memory allocation overflow tests
overflow.h: Add allocation size calculation helpers
test_overflow: Report test failures
test_overflow: macrofy some more, do more tests for free
lib: add runtime test of check_*_overflow functions
compiler.h: enable builtin overflow checkers and add fallback code
Pull aio updates from Al Viro:
"Majority of AIO stuff this cycle. aio-fsync and aio-poll, mostly.
The only thing I'm holding back for a day or so is Adam's aio ioprio -
his last-minute fixup is trivial (missing stub in !CONFIG_BLOCK case),
but let it sit in -next for decency sake..."
* 'work.aio-1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (46 commits)
aio: sanitize the limit checking in io_submit(2)
aio: fold do_io_submit() into callers
aio: shift copyin of iocb into io_submit_one()
aio_read_events_ring(): make a bit more readable
aio: all callers of aio_{read,write,fsync,poll} treat 0 and -EIOCBQUEUED the same way
aio: take list removal to (some) callers of aio_complete()
aio: add missing break for the IOCB_CMD_FDSYNC case
random: convert to ->poll_mask
timerfd: convert to ->poll_mask
eventfd: switch to ->poll_mask
pipe: convert to ->poll_mask
crypto: af_alg: convert to ->poll_mask
net/rxrpc: convert to ->poll_mask
net/iucv: convert to ->poll_mask
net/phonet: convert to ->poll_mask
net/nfc: convert to ->poll_mask
net/caif: convert to ->poll_mask
net/bluetooth: convert to ->poll_mask
net/sctp: convert to ->poll_mask
net/tipc: convert to ->poll_mask
...
This reverts commit eb772f37ae, as now the
x86 Salsa20 implementation has been removed and the generic helpers are
no longer needed outside of salsa20_generic.c.
We could keep this just in case someone else wants to add a new
optimized Salsa20 implementation. But given that we have ChaCha20 now
too, I think it's unlikely. And this can always be reverted back.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The x86 assembly implementations of Salsa20 use the frame base pointer
register (%ebp or %rbp), which breaks frame pointer convention and
breaks stack traces when unwinding from an interrupt in the crypto code.
Recent (v4.10+) kernels will warn about this, e.g.
WARNING: kernel stack regs at 00000000a8291e69 in syzkaller047086:4677 has bad 'bp' value 000000001077994c
[...]
But after looking into it, I believe there's very little reason to still
retain the x86 Salsa20 code. First, these are *not* vectorized
(SSE2/SSSE3/AVX2) implementations, which would be needed to get anywhere
close to the best Salsa20 performance on any remotely modern x86
processor; they're just regular x86 assembly. Second, it's still
unclear that anyone is actually using the kernel's Salsa20 at all,
especially given that now ChaCha20 is supported too, and with much more
efficient SSSE3 and AVX2 implementations. Finally, in benchmarks I did
on both Intel and AMD processors with both gcc 8.1.0 and gcc 4.9.4, the
x86_64 salsa20-asm is actually slightly *slower* than salsa20-generic
(~3% slower on Skylake, ~10% slower on Zen), while the i686 salsa20-asm
is only slightly faster than salsa20-generic (~15% faster on Skylake,
~20% faster on Zen). The gcc version made little difference.
So, the x86_64 salsa20-asm is pretty clearly useless. That leaves just
the i686 salsa20-asm, which based on my tests provides a 15-20% speed
boost. But that's without updating the code to not use %ebp. And given
the maintenance cost, the small speed difference vs. salsa20-generic,
the fact that few people still use i686 kernels, the doubt that anyone
is even using the kernel's Salsa20 at all, and the fact that a SSE2
implementation would almost certainly be much faster on any remotely
modern x86 processor yet no one has cared enough to add one yet, I don't
think it's worthwhile to keep.
Thus, just remove both the x86_64 and i686 salsa20-asm implementations.
Reported-by: syzbot+ffa3a158337bbc01ff09@syzkaller.appspotmail.com
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Commit 56e8e57fc3 ("crypto: morus - Add common SIMD glue code for
MORUS") accidetally consiedered the glue code to be usable by different
architectures, but it seems to be only usable on x86.
This patch moves it under arch/x86/crypto and adds 'depends on X86' to
the Kconfig options and also removes the prompt to hide these internal
options from the user.
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Ondrej Mosnacek <omosnacek@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Currently testmgr has separate encryption and decryption test vectors
for symmetric ciphers. That's massively redundant, since with few
exceptions (mostly mistakes, apparently), all decryption tests are
identical to the encryption tests, just with the input/result flipped.
Therefore, eliminate the redundancy by removing the decryption test
vectors and updating testmgr to test both encryption and decryption
using what used to be the encryption test vectors. Naming is adjusted
accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext'
(ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and
'rlen'. Note that it was always the case that 'ilen == rlen'.
AES keywrap ("kw(aes)") is special because its IV is generated by the
encryption. Previously this was handled by specifying 'iv_out' for
encryption and 'iv' for decryption. To make it work cleanly with only
one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a
boolean that indicates that the IV is generated by the encryption.
In total, this removes over 10000 lines from testmgr.h, with no
reduction in test coverage since prior patches already copied the few
unique decryption test vectors into the encryption test vectors.
This covers all algorithms that used 'struct cipher_testvec', e.g. any
block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or
keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD
tests, though we probably can eliminate a similar redundancy there too.
The testmgr.h portion of this patch was automatically generated using
the following awk script, with some slight manual fixups on top (updated
'struct cipher_testvec' definition, updated a few comments, and fixed up
the AES keywrap test vectors):
BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER }
/^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC }
/^static const struct cipher_testvec.*_dec_/ { mode = DECVEC }
mode == ENCVEC && !/\.ilen[[:space:]]*=/ {
sub(/\.input[[:space:]]*=$/, ".ptext =")
sub(/\.input[[:space:]]*=/, ".ptext\t=")
sub(/\.result[[:space:]]*=$/, ".ctext =")
sub(/\.result[[:space:]]*=/, ".ctext\t=")
sub(/\.rlen[[:space:]]*=/, ".len\t=")
print
}
mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER }
mode == OTHER { print }
mode == ENCVEC && /^};/ { mode = OTHER }
mode == DECVEC && /^};/ { mode = DECVEC_TAIL }
Note that git's default diff algorithm gets confused by the testmgr.h
portion of this patch, and reports too many lines added and removed.
It's better viewed with 'git diff --minimal' (or 'git show --minimal'),
which reports "2 files changed, 919 insertions(+), 11723 deletions(-)".
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
One "kw(aes)" decryption test vector doesn't exactly match an encryption
test vector with input and result swapped. In preparation for removing
the decryption test vectors, add this test vector to the encryption test
vectors, so we don't lose any test coverage.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
None of the four "ecb(tnepres)" decryption test vectors exactly match an
encryption test vector with input and result swapped. In preparation
for removing the decryption test vectors, add these to the encryption
test vectors, so we don't lose any test coverage.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
One "cbc(des)" decryption test vector doesn't exactly match an
encryption test vector with input and result swapped. It's *almost* the
same as one, but the decryption version is "chunked" while the
encryption version is "unchunked". In preparation for removing the
decryption test vectors, make the encryption one both chunked and
unchunked, so we don't lose any test coverage.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Two "ecb(des)" decryption test vectors don't exactly match any of the
encryption test vectors with input and result swapped. In preparation
for removing the decryption test vectors, add these to the encryption
test vectors, so we don't lose any test coverage.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crc32c has an unkeyed test vector but crc32 did not. Add the crc32c one
(which uses an empty input) to crc32 too, and also add a new one to both
that uses a nonempty input. These test vectors verify that crc32 and
crc32c implementations use the correct default initial state.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Since testmgr uses a single tfm for all tests of each hash algorithm,
once a key is set the tfm won't be unkeyed anymore. But with crc32 and
crc32c, the key is really the "default initial state" and is optional;
those algorithms should have both keyed and unkeyed test vectors, to
verify that implementations use the correct default key.
Simply listing the unkeyed test vectors first isn't guaranteed to work
yet because testmgr makes multiple passes through the test vectors.
crc32c does have an unkeyed test vector listed first currently, but it
only works by chance because the last crc32c test vector happens to use
a key that is the same as the default key.
Therefore, teach testmgr to split hash test vectors into unkeyed and
keyed sections, and do all the unkeyed ones before the keyed ones.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The Blackfin CRC driver was removed by commit 9678a8dc53 ("crypto:
bfin_crc - remove blackfin CRC driver"), but it was forgotten to remove
the corresponding "hmac(crc32)" test vectors. I see no point in keeping
them since nothing else appears to implement or use "hmac(crc32)", which
isn't an algorithm that makes sense anyway because HMAC is meant to be
used with a cryptographically secure hash function, which CRC's are not.
Thus, remove the unneeded test vectors.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The __crc32_le() wrapper function is pointless. Just call crc32_le()
directly instead.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crc32c-generic sets an alignmask, but actually its ->update() works with
any alignment; only its ->setkey() and outputting the final digest
assume an alignment. To prevent the buffer from having to be aligned by
the crypto API for just these cases, switch these cases over to the
unaligned access macros and remove the cra_alignmask. Note that this
also makes crc32c-generic more consistent with crc32-generic.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
crc32-generic doesn't have a cra_alignmask set, which is desired as its
->update() works with any alignment. However, it incorrectly assumes
4-byte alignment in ->setkey() and when outputting the final digest.
Fix this by using the unaligned access macros in those cases.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds optimized implementations of MORUS-640 and MORUS-1280,
utilizing the SSE2 and AVX2 x86 extensions.
For MORUS-1280 (which operates on 256-bit blocks) we provide both AVX2
and SSE2 implementation. Although SSE2 MORUS-1280 is slower than AVX2
MORUS-1280, it is comparable in speed to the SSE2 MORUS-640.
Signed-off-by: Ondrej Mosnacek <omosnacek@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds a common glue code for optimized implementations of
MORUS AEAD algorithms.
Signed-off-by: Ondrej Mosnacek <omosnacek@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds test vectors for MORUS-640 and MORUS-1280. The test
vectors were generated using the reference implementation from
SUPERCOP (see code comments for more details).
Signed-off-by: Ondrej Mosnacek <omosnacek@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds the generic implementation of the MORUS family of AEAD
algorithms (MORUS-640 and MORUS-1280). The original authors of MORUS
are Hongjun Wu and Tao Huang.
At the time of writing, MORUS is one of the finalists in CAESAR, an
open competition intended to select a portfolio of alternatives to
the problematic AES-GCM:
https://competitions.cr.yp.to/caesar-submissions.htmlhttps://competitions.cr.yp.to/round3/morusv2.pdf
Signed-off-by: Ondrej Mosnacek <omosnacek@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds optimized implementations of AEGIS-128, AEGIS-128L,
and AEGIS-256, utilizing the AES-NI and SSE2 x86 extensions.
Signed-off-by: Ondrej Mosnacek <omosnacek@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds test vectors for the AEGIS family of AEAD algorithms
(AEGIS-128, AEGIS-128L, and AEGIS-256). The test vectors were
generated using the reference implementation from SUPERCOP (see code
comments for more details).
Signed-off-by: Ondrej Mosnacek <omosnacek@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds the generic implementation of the AEGIS family of AEAD
algorithms (AEGIS-128, AEGIS-128L, and AEGIS-256). The original
authors of AEGIS are Hongjun Wu and Bart Preneel.
At the time of writing, AEGIS is one of the finalists in CAESAR, an
open competition intended to select a portfolio of alternatives to
the problematic AES-GCM:
https://competitions.cr.yp.to/caesar-submissions.htmlhttps://competitions.cr.yp.to/round3/aegisv11.pdf
Signed-off-by: Ondrej Mosnacek <omosnacek@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Due to a snafu "paes" testmgr tests were not ordered
lexicographically, which led to boot time warnings.
Reorder the tests as needed.
Fixes: a794d8d ("crypto: ccree - enable support for hardware keys")
Reported-by: Abdul Haleem <abdhalee@linux.vnet.ibm.com>
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Tested-by: Abdul Haleem <abdhalee@linux.vnet.ibm.com>
Tested-by: Corentin Labbe <clabbe.montjoie@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Variants of proc_create{,_data} that directly take a struct seq_operations
argument and drastically reduces the boilerplate code in the callers.
All trivial callers converted over.
Signed-off-by: Christoph Hellwig <hch@lst.de>
In the quest to remove all stack VLA usage from the kernel[1], this
allocates the return code buffers before starting jiffie timers, rather
than using stack space for the array. Additionally cleans up some exit
paths and make sure that the num_mb module_param() is used only once
per execution to avoid possible races in the value changing.
[1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Eric Biggers
Ivaylo Georgiev
Greg Kroah-Hartman
Mao Wenan
Vitaly Chikunov
Harsh Jain
Dmitry Eremin-Solenikov
Rishabh Bhatnagar
Pan Bian
Blagovest Kolenichev
Ard Biesheuvel
Jason A. Donenfeld
Horia Geantă
Ondrej Mosnacek
Kees Cook
Karsten Graul
Linus Torvalds
Yannik Sembritzki
Stephan Müller
Herbert Xu
Christoph Hellwig
Gustavo A. R. Silva
Matthew Garrett
Gilad Ben-Yossef
Stafford Horne
Denis Efremov
Maciej S. Szmigiero
Colin Ian King
Antoine Tenart
Kyle Spiers
Mauro Carvalho Chehab
Dmitry Vyukov
Ondrej Mosnacek