--- /dev/null
+From 629266bf7229cd6a550075f5961f95607b823b59 Mon Sep 17 00:00:00 2001
+From: Wen Yang <wen.yang99@zte.com.cn>
+Date: Tue, 5 Mar 2019 19:33:54 +0800
+Subject: ARM: exynos: Fix a leaked reference by adding missing of_node_put
+
+From: Wen Yang <wen.yang99@zte.com.cn>
+
+commit 629266bf7229cd6a550075f5961f95607b823b59 upstream.
+
+The call to of_get_next_child returns a node pointer with refcount
+incremented thus it must be explicitly decremented after the last
+usage.
+
+Detected by coccinelle with warnings like:
+ arch/arm/mach-exynos/firmware.c:201:2-8: ERROR: missing of_node_put;
+ acquired a node pointer with refcount incremented on line 193,
+ but without a corresponding object release within this function.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
+Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/mach-exynos/firmware.c | 1 +
+ arch/arm/mach-exynos/suspend.c | 2 ++
+ 2 files changed, 3 insertions(+)
+
+--- a/arch/arm/mach-exynos/firmware.c
++++ b/arch/arm/mach-exynos/firmware.c
+@@ -207,6 +207,7 @@ void __init exynos_firmware_init(void)
+ return;
+
+ addr = of_get_address(nd, 0, NULL, NULL);
++ of_node_put(nd);
+ if (!addr) {
+ pr_err("%s: No address specified.\n", __func__);
+ return;
+--- a/arch/arm/mach-exynos/suspend.c
++++ b/arch/arm/mach-exynos/suspend.c
+@@ -725,8 +725,10 @@ void __init exynos_pm_init(void)
+
+ if (WARN_ON(!of_find_property(np, "interrupt-controller", NULL))) {
+ pr_warn("Outdated DT detected, suspend/resume will NOT work\n");
++ of_node_put(np);
+ return;
+ }
++ of_node_put(np);
+
+ pm_data = (const struct exynos_pm_data *) match->data;
+
--- /dev/null
+From 5e27f38f1f3f45a0c938299c3a34a2d2db77165a Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Sun, 31 Mar 2019 13:04:16 -0700
+Subject: crypto: chacha20poly1305 - set cra_name correctly
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 5e27f38f1f3f45a0c938299c3a34a2d2db77165a upstream.
+
+If the rfc7539 template is instantiated with specific implementations,
+e.g. "rfc7539(chacha20-generic,poly1305-generic)" rather than
+"rfc7539(chacha20,poly1305)", then the implementation names end up
+included in the instance's cra_name. This is incorrect because it then
+prevents all users from allocating "rfc7539(chacha20,poly1305)", if the
+highest priority implementations of chacha20 and poly1305 were selected.
+Also, the self-tests aren't run on an instance allocated in this way.
+
+Fix it by setting the instance's cra_name from the underlying
+algorithms' actual cra_names, rather than from the requested names.
+This matches what other templates do.
+
+Fixes: 71ebc4d1b27d ("crypto: chacha20poly1305 - Add a ChaCha20-Poly1305 AEAD construction, RFC7539")
+Cc: <stable@vger.kernel.org> # v4.2+
+Cc: Martin Willi <martin@strongswan.org>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Reviewed-by: Martin Willi <martin@strongswan.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/chacha20poly1305.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/crypto/chacha20poly1305.c
++++ b/crypto/chacha20poly1305.c
+@@ -637,8 +637,8 @@ static int chachapoly_create(struct cryp
+
+ err = -ENAMETOOLONG;
+ if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
+- "%s(%s,%s)", name, chacha_name,
+- poly_name) >= CRYPTO_MAX_ALG_NAME)
++ "%s(%s,%s)", name, chacha->base.cra_name,
++ poly->cra_name) >= CRYPTO_MAX_ALG_NAME)
+ goto out_drop_chacha;
+ if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
+ "%s(%s,%s)", name, chacha->cra_driver_name,
--- /dev/null
+From 307508d1072979f4435416f87936f87eaeb82054 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Sun, 31 Mar 2019 13:04:12 -0700
+Subject: crypto: crct10dif-generic - fix use via crypto_shash_digest()
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 307508d1072979f4435416f87936f87eaeb82054 upstream.
+
+The ->digest() method of crct10dif-generic reads the current CRC value
+from the shash_desc context. But this value is uninitialized, causing
+crypto_shash_digest() to compute the wrong result. Fix it.
+
+Probably this wasn't noticed before because lib/crc-t10dif.c only uses
+crypto_shash_update(), not crypto_shash_digest(). Likewise,
+crypto_shash_digest() is not yet tested by the crypto self-tests because
+those only test the ahash API which only uses shash init/update/final.
+
+This bug was detected by my patches that improve testmgr to fuzz
+algorithms against their generic implementation.
+
+Fixes: 2d31e518a428 ("crypto: crct10dif - Wrap crc_t10dif function all to use crypto transform framework")
+Cc: <stable@vger.kernel.org> # v3.11+
+Cc: Tim Chen <tim.c.chen@linux.intel.com>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/crct10dif_generic.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+--- a/crypto/crct10dif_generic.c
++++ b/crypto/crct10dif_generic.c
+@@ -65,10 +65,9 @@ static int chksum_final(struct shash_des
+ return 0;
+ }
+
+-static int __chksum_finup(__u16 *crcp, const u8 *data, unsigned int len,
+- u8 *out)
++static int __chksum_finup(__u16 crc, const u8 *data, unsigned int len, u8 *out)
+ {
+- *(__u16 *)out = crc_t10dif_generic(*crcp, data, len);
++ *(__u16 *)out = crc_t10dif_generic(crc, data, len);
+ return 0;
+ }
+
+@@ -77,15 +76,13 @@ static int chksum_finup(struct shash_des
+ {
+ struct chksum_desc_ctx *ctx = shash_desc_ctx(desc);
+
+- return __chksum_finup(&ctx->crc, data, len, out);
++ return __chksum_finup(ctx->crc, data, len, out);
+ }
+
+ static int chksum_digest(struct shash_desc *desc, const u8 *data,
+ unsigned int length, u8 *out)
+ {
+- struct chksum_desc_ctx *ctx = shash_desc_ctx(desc);
+-
+- return __chksum_finup(&ctx->crc, data, length, out);
++ return __chksum_finup(0, data, length, out);
+ }
+
+ static struct shash_alg alg = {
--- /dev/null
+From dcf7b48212c0fab7df69e84fab22d6cb7c8c0fb9 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 15 Mar 2019 13:09:01 +1100
+Subject: crypto: vmx - fix copy-paste error in CTR mode
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Daniel Axtens <dja@axtens.net>
+
+commit dcf7b48212c0fab7df69e84fab22d6cb7c8c0fb9 upstream.
+
+The original assembly imported from OpenSSL has two copy-paste
+errors in handling CTR mode. When dealing with a 2 or 3 block tail,
+the code branches to the CBC decryption exit path, rather than to
+the CTR exit path.
+
+This leads to corruption of the IV, which leads to subsequent blocks
+being corrupted.
+
+This can be detected with libkcapi test suite, which is available at
+https://github.com/smuellerDD/libkcapi
+
+Reported-by: Ondrej Mosnáček <omosnacek@gmail.com>
+Fixes: 5c380d623ed3 ("crypto: vmx - Add support for VMS instructions by ASM")
+Cc: stable@vger.kernel.org
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Tested-by: Michael Ellerman <mpe@ellerman.id.au>
+Tested-by: Ondrej Mosnacek <omosnacek@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/vmx/aesp8-ppc.pl | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/crypto/vmx/aesp8-ppc.pl
++++ b/drivers/crypto/vmx/aesp8-ppc.pl
+@@ -1795,7 +1795,7 @@ Lctr32_enc8x_three:
+ stvx_u $out1,$x10,$out
+ stvx_u $out2,$x20,$out
+ addi $out,$out,0x30
+- b Lcbc_dec8x_done
++ b Lctr32_enc8x_done
+
+ .align 5
+ Lctr32_enc8x_two:
+@@ -1807,7 +1807,7 @@ Lctr32_enc8x_two:
+ stvx_u $out0,$x00,$out
+ stvx_u $out1,$x10,$out
+ addi $out,$out,0x20
+- b Lcbc_dec8x_done
++ b Lctr32_enc8x_done
+
+ .align 5
+ Lctr32_enc8x_one:
--- /dev/null
+From dec3d0b1071a0f3194e66a83d26ecf4aa8c5910e Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Sun, 31 Mar 2019 13:04:13 -0700
+Subject: crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit dec3d0b1071a0f3194e66a83d26ecf4aa8c5910e upstream.
+
+The ->digest() method of crct10dif-pclmul reads the current CRC value
+from the shash_desc context. But this value is uninitialized, causing
+crypto_shash_digest() to compute the wrong result. Fix it.
+
+Probably this wasn't noticed before because lib/crc-t10dif.c only uses
+crypto_shash_update(), not crypto_shash_digest(). Likewise,
+crypto_shash_digest() is not yet tested by the crypto self-tests because
+those only test the ahash API which only uses shash init/update/final.
+
+Fixes: 0b95a7f85718 ("crypto: crct10dif - Glue code to cast accelerated CRCT10DIF assembly as a crypto transform")
+Cc: <stable@vger.kernel.org> # v3.11+
+Cc: Tim Chen <tim.c.chen@linux.intel.com>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/crypto/crct10dif-pclmul_glue.c | 13 +++++--------
+ 1 file changed, 5 insertions(+), 8 deletions(-)
+
+--- a/arch/x86/crypto/crct10dif-pclmul_glue.c
++++ b/arch/x86/crypto/crct10dif-pclmul_glue.c
+@@ -76,15 +76,14 @@ static int chksum_final(struct shash_des
+ return 0;
+ }
+
+-static int __chksum_finup(__u16 *crcp, const u8 *data, unsigned int len,
+- u8 *out)
++static int __chksum_finup(__u16 crc, const u8 *data, unsigned int len, u8 *out)
+ {
+ if (irq_fpu_usable()) {
+ kernel_fpu_begin();
+- *(__u16 *)out = crc_t10dif_pcl(*crcp, data, len);
++ *(__u16 *)out = crc_t10dif_pcl(crc, data, len);
+ kernel_fpu_end();
+ } else
+- *(__u16 *)out = crc_t10dif_generic(*crcp, data, len);
++ *(__u16 *)out = crc_t10dif_generic(crc, data, len);
+ return 0;
+ }
+
+@@ -93,15 +92,13 @@ static int chksum_finup(struct shash_des
+ {
+ struct chksum_desc_ctx *ctx = shash_desc_ctx(desc);
+
+- return __chksum_finup(&ctx->crc, data, len, out);
++ return __chksum_finup(ctx->crc, data, len, out);
+ }
+
+ static int chksum_digest(struct shash_desc *desc, const u8 *data,
+ unsigned int length, u8 *out)
+ {
+- struct chksum_desc_ctx *ctx = shash_desc_ctx(desc);
+-
+- return __chksum_finup(&ctx->crc, data, length, out);
++ return __chksum_finup(0, data, length, out);
+ }
+
+ static struct shash_alg alg = {
+x86-speculation-mds-revert-cpu-buffer-clear-on-double-fault-exit.patch
+x86-speculation-mds-improve-cpu-buffer-clear-documentation.patch
+arm-exynos-fix-a-leaked-reference-by-adding-missing-of_node_put.patch
+crypto-chacha20poly1305-set-cra_name-correctly.patch
+crypto-vmx-fix-copy-paste-error-in-ctr-mode.patch
+crypto-crct10dif-generic-fix-use-via-crypto_shash_digest.patch
+crypto-x86-crct10dif-pcl-fix-use-via-crypto_shash_digest.patch
--- /dev/null
+From 9d8d0294e78a164d407133dea05caf4b84247d6a Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto@kernel.org>
+Date: Tue, 14 May 2019 13:24:40 -0700
+Subject: x86/speculation/mds: Improve CPU buffer clear documentation
+
+From: Andy Lutomirski <luto@kernel.org>
+
+commit 9d8d0294e78a164d407133dea05caf4b84247d6a upstream.
+
+On x86_64, all returns to usermode go through
+prepare_exit_to_usermode(), with the sole exception of do_nmi().
+This even includes machine checks -- this was added several years
+ago to support MCE recovery. Update the documentation.
+
+Signed-off-by: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@suse.de>
+Cc: Frederic Weisbecker <frederic@kernel.org>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Jon Masters <jcm@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: stable@vger.kernel.org
+Fixes: 04dcbdb80578 ("x86/speculation/mds: Clear CPU buffers on exit to user")
+Link: http://lkml.kernel.org/r/999fa9e126ba6a48e9d214d2f18dbde5c62ac55c.1557865329.git.luto@kernel.org
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ Documentation/x86/mds.rst | 39 +++++++--------------------------------
+ 1 file changed, 7 insertions(+), 32 deletions(-)
+
+--- a/Documentation/x86/mds.rst
++++ b/Documentation/x86/mds.rst
+@@ -142,38 +142,13 @@ Mitigation points
+ mds_user_clear.
+
+ The mitigation is invoked in prepare_exit_to_usermode() which covers
+- most of the kernel to user space transitions. There are a few exceptions
+- which are not invoking prepare_exit_to_usermode() on return to user
+- space. These exceptions use the paranoid exit code.
+-
+- - Non Maskable Interrupt (NMI):
+-
+- Access to sensible data like keys, credentials in the NMI context is
+- mostly theoretical: The CPU can do prefetching or execute a
+- misspeculated code path and thereby fetching data which might end up
+- leaking through a buffer.
+-
+- But for mounting other attacks the kernel stack address of the task is
+- already valuable information. So in full mitigation mode, the NMI is
+- mitigated on the return from do_nmi() to provide almost complete
+- coverage.
+-
+- - Machine Check Exception (#MC):
+-
+- Another corner case is a #MC which hits between the CPU buffer clear
+- invocation and the actual return to user. As this still is in kernel
+- space it takes the paranoid exit path which does not clear the CPU
+- buffers. So the #MC handler repopulates the buffers to some
+- extent. Machine checks are not reliably controllable and the window is
+- extremly small so mitigation would just tick a checkbox that this
+- theoretical corner case is covered. To keep the amount of special
+- cases small, ignore #MC.
+-
+- - Debug Exception (#DB):
+-
+- This takes the paranoid exit path only when the INT1 breakpoint is in
+- kernel space. #DB on a user space address takes the regular exit path,
+- so no extra mitigation required.
++ all but one of the kernel to user space transitions. The exception
++ is when we return from a Non Maskable Interrupt (NMI), which is
++ handled directly in do_nmi().
++
++ (The reason that NMI is special is that prepare_exit_to_usermode() can
++ enable IRQs. In NMI context, NMIs are blocked, and we don't want to
++ enable IRQs with NMIs blocked.)
+
+
+ 2. C-State transition
--- /dev/null
+From 88640e1dcd089879530a49a8d212d1814678dfe7 Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto@kernel.org>
+Date: Tue, 14 May 2019 13:24:39 -0700
+Subject: x86/speculation/mds: Revert CPU buffer clear on double fault exit
+
+From: Andy Lutomirski <luto@kernel.org>
+
+commit 88640e1dcd089879530a49a8d212d1814678dfe7 upstream.
+
+The double fault ESPFIX path doesn't return to user mode at all --
+it returns back to the kernel by simulating a #GP fault.
+prepare_exit_to_usermode() will run on the way out of
+general_protection before running user code.
+
+Signed-off-by: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@suse.de>
+Cc: Frederic Weisbecker <frederic@kernel.org>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Jon Masters <jcm@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: stable@vger.kernel.org
+Fixes: 04dcbdb80578 ("x86/speculation/mds: Clear CPU buffers on exit to user")
+Link: http://lkml.kernel.org/r/ac97612445c0a44ee10374f6ea79c222fe22a5c4.1557865329.git.luto@kernel.org
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ Documentation/x86/mds.rst | 7 -------
+ arch/x86/kernel/traps.c | 8 --------
+ 2 files changed, 15 deletions(-)
+
+--- a/Documentation/x86/mds.rst
++++ b/Documentation/x86/mds.rst
+@@ -158,13 +158,6 @@ Mitigation points
+ mitigated on the return from do_nmi() to provide almost complete
+ coverage.
+
+- - Double fault (#DF):
+-
+- A double fault is usually fatal, but the ESPFIX workaround, which can
+- be triggered from user space through modify_ldt(2) is a recoverable
+- double fault. #DF uses the paranoid exit path, so explicit mitigation
+- in the double fault handler is required.
+-
+ - Machine Check Exception (#MC):
+
+ Another corner case is a #MC which hits between the CPU buffer clear
+--- a/arch/x86/kernel/traps.c
++++ b/arch/x86/kernel/traps.c
+@@ -61,7 +61,6 @@
+ #include <asm/alternative.h>
+ #include <asm/fpu/xstate.h>
+ #include <asm/trace/mpx.h>
+-#include <asm/nospec-branch.h>
+ #include <asm/mpx.h>
+ #include <asm/vm86.h>
+
+@@ -338,13 +337,6 @@ dotraplinkage void do_double_fault(struc
+ regs->ip = (unsigned long)general_protection;
+ regs->sp = (unsigned long)&normal_regs->orig_ax;
+
+- /*
+- * This situation can be triggered by userspace via
+- * modify_ldt(2) and the return does not take the regular
+- * user space exit, so a CPU buffer clear is required when
+- * MDS mitigation is enabled.
+- */
+- mds_user_clear_cpu_buffers();
+ return;
+ }
+ #endif
projects / thirdparty / kernel / stable-queue.git / commitdiff
