--- /dev/null
+From b6dd8e0719c0d2d01429639a11b7bc2677de240c Mon Sep 17 00:00:00 2001
+From: Will Deacon <will.deacon@arm.com>
+Date: Thu, 8 Oct 2015 11:11:17 +0100
+Subject: arm64: errata: use KBUILD_CFLAGS_MODULE for erratum #843419
+
+From: Will Deacon <will.deacon@arm.com>
+
+commit b6dd8e0719c0d2d01429639a11b7bc2677de240c upstream.
+
+Commit df057cc7b4fa ("arm64: errata: add module build workaround for
+erratum #843419") sets CFLAGS_MODULE to ensure that the large memory
+model is used by the compiler when building kernel modules.
+
+However, CFLAGS_MODULE is an environment variable and intended to be
+overridden on the command line, which appears to be the case with the
+Ubuntu kernel packaging system, so use KBUILD_CFLAGS_MODULE instead.
+
+Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Fixes: df057cc7b4fa ("arm64: errata: add module build workaround for erratum #843419")
+Reported-by: Dann Frazier <dann.frazier@canonical.com>
+Tested-by: Dann Frazier <dann.frazier@canonical.com>
+Signed-off-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm64/Makefile
++++ b/arch/arm64/Makefile
+@@ -35,7 +35,7 @@ comma = ,
+ CHECKFLAGS += -D__aarch64__
+
+ ifeq ($(CONFIG_ARM64_ERRATUM_843419), y)
+-CFLAGS_MODULE += -mcmodel=large
++KBUILD_CFLAGS_MODULE += -mcmodel=large
+ endif
+
+ # Default value
--- /dev/null
+From dc6c5fb3b514221f2e9d21ee626a9d95d3418dff Mon Sep 17 00:00:00 2001
+From: Chris Mason <clm@fb.com>
+Date: Tue, 13 Oct 2015 14:06:48 -0400
+Subject: btrfs: fix use after free iterating extrefs
+
+From: Chris Mason <clm@fb.com>
+
+commit dc6c5fb3b514221f2e9d21ee626a9d95d3418dff upstream.
+
+The code for btrfs inode-resolve has never worked properly for
+files with enough hard links to trigger extrefs. It was trying to
+get the leaf out of a path after freeing the path:
+
+ btrfs_release_path(path);
+ leaf = path->nodes[0];
+ item_size = btrfs_item_size_nr(leaf, slot);
+
+The fix here is to use the extent buffer we cloned just a little higher
+up to avoid deadlocks caused by using the leaf in the path.
+
+Signed-off-by: Chris Mason <clm@fb.com>
+cc: Mark Fasheh <mfasheh@suse.de>
+Reviewed-by: Filipe Manana <fdmanana@suse.com>
+Reviewed-by: Mark Fasheh <mfasheh@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/backref.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+--- a/fs/btrfs/backref.c
++++ b/fs/btrfs/backref.c
+@@ -1692,7 +1692,6 @@ static int iterate_inode_extrefs(u64 inu
+ int found = 0;
+ struct extent_buffer *eb;
+ struct btrfs_inode_extref *extref;
+- struct extent_buffer *leaf;
+ u32 item_size;
+ u32 cur_offset;
+ unsigned long ptr;
+@@ -1720,9 +1719,8 @@ static int iterate_inode_extrefs(u64 inu
+ btrfs_set_lock_blocking_rw(eb, BTRFS_READ_LOCK);
+ btrfs_release_path(path);
+
+- leaf = path->nodes[0];
+- item_size = btrfs_item_size_nr(leaf, slot);
+- ptr = btrfs_item_ptr_offset(leaf, slot);
++ item_size = btrfs_item_size_nr(eb, slot);
++ ptr = btrfs_item_ptr_offset(eb, slot);
+ cur_offset = 0;
+
+ while (cur_offset < item_size) {
+@@ -1736,7 +1734,7 @@ static int iterate_inode_extrefs(u64 inu
+ if (ret)
+ break;
+
+- cur_offset += btrfs_inode_extref_name_len(leaf, extref);
++ cur_offset += btrfs_inode_extref_name_len(eb, extref);
+ cur_offset += sizeof(*extref);
+ }
+ btrfs_tree_read_unlock_blocking(eb);
--- /dev/null
+From 8996eafdcbad149ac0f772fb1649fbb75c482a6a Mon Sep 17 00:00:00 2001
+From: Russell King <rmk+kernel@arm.linux.org.uk>
+Date: Fri, 9 Oct 2015 20:43:33 +0100
+Subject: crypto: ahash - ensure statesize is non-zero
+
+From: Russell King <rmk+kernel@arm.linux.org.uk>
+
+commit 8996eafdcbad149ac0f772fb1649fbb75c482a6a upstream.
+
+Unlike shash algorithms, ahash drivers must implement export
+and import as their descriptors may contain hardware state and
+cannot be exported as is. Unfortunately some ahash drivers did
+not provide them and end up causing crashes with algif_hash.
+
+This patch adds a check to prevent these drivers from registering
+ahash algorithms until they are fixed.
+
+Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/ahash.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/crypto/ahash.c
++++ b/crypto/ahash.c
+@@ -465,7 +465,8 @@ static int ahash_prepare_alg(struct ahas
+ struct crypto_alg *base = &alg->halg.base;
+
+ if (alg->halg.digestsize > PAGE_SIZE / 8 ||
+- alg->halg.statesize > PAGE_SIZE / 8)
++ alg->halg.statesize > PAGE_SIZE / 8 ||
++ alg->halg.statesize == 0)
+ return -EINVAL;
+
+ base->cra_type = &crypto_ahash_type;
--- /dev/null
+From a66d7f724a96d6fd279bfbd2ee488def6b081bea Mon Sep 17 00:00:00 2001
+From: Dave Kleikamp <dave.kleikamp@oracle.com>
+Date: Mon, 5 Oct 2015 10:08:51 -0500
+Subject: crypto: sparc - initialize blkcipher.ivsize
+
+From: Dave Kleikamp <dave.kleikamp@oracle.com>
+
+commit a66d7f724a96d6fd279bfbd2ee488def6b081bea upstream.
+
+Some of the crypto algorithms write to the initialization vector,
+but no space has been allocated for it. This clobbers adjacent memory.
+
+Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/sparc/crypto/aes_glue.c | 2 ++
+ arch/sparc/crypto/camellia_glue.c | 1 +
+ arch/sparc/crypto/des_glue.c | 2 ++
+ 3 files changed, 5 insertions(+)
+
+--- a/arch/sparc/crypto/aes_glue.c
++++ b/arch/sparc/crypto/aes_glue.c
+@@ -433,6 +433,7 @@ static struct crypto_alg algs[] = { {
+ .blkcipher = {
+ .min_keysize = AES_MIN_KEY_SIZE,
+ .max_keysize = AES_MAX_KEY_SIZE,
++ .ivsize = AES_BLOCK_SIZE,
+ .setkey = aes_set_key,
+ .encrypt = cbc_encrypt,
+ .decrypt = cbc_decrypt,
+@@ -452,6 +453,7 @@ static struct crypto_alg algs[] = { {
+ .blkcipher = {
+ .min_keysize = AES_MIN_KEY_SIZE,
+ .max_keysize = AES_MAX_KEY_SIZE,
++ .ivsize = AES_BLOCK_SIZE,
+ .setkey = aes_set_key,
+ .encrypt = ctr_crypt,
+ .decrypt = ctr_crypt,
+--- a/arch/sparc/crypto/camellia_glue.c
++++ b/arch/sparc/crypto/camellia_glue.c
+@@ -274,6 +274,7 @@ static struct crypto_alg algs[] = { {
+ .blkcipher = {
+ .min_keysize = CAMELLIA_MIN_KEY_SIZE,
+ .max_keysize = CAMELLIA_MAX_KEY_SIZE,
++ .ivsize = CAMELLIA_BLOCK_SIZE,
+ .setkey = camellia_set_key,
+ .encrypt = cbc_encrypt,
+ .decrypt = cbc_decrypt,
+--- a/arch/sparc/crypto/des_glue.c
++++ b/arch/sparc/crypto/des_glue.c
+@@ -429,6 +429,7 @@ static struct crypto_alg algs[] = { {
+ .blkcipher = {
+ .min_keysize = DES_KEY_SIZE,
+ .max_keysize = DES_KEY_SIZE,
++ .ivsize = DES_BLOCK_SIZE,
+ .setkey = des_set_key,
+ .encrypt = cbc_encrypt,
+ .decrypt = cbc_decrypt,
+@@ -485,6 +486,7 @@ static struct crypto_alg algs[] = { {
+ .blkcipher = {
+ .min_keysize = DES3_EDE_KEY_SIZE,
+ .max_keysize = DES3_EDE_KEY_SIZE,
++ .ivsize = DES3_EDE_BLOCK_SIZE,
+ .setkey = des3_ede_set_key,
+ .encrypt = cbc3_encrypt,
+ .decrypt = cbc3_decrypt,
ethtool-use-kcalloc-instead-of-kmalloc-for-ethtool_get_strings.patch
asix-don-t-reset-phy-on-if_up-for-asix-88772.patch
asix-do-full-reset-during-ax88772_bind.patch
+crypto-sparc-initialize-blkcipher.ivsize.patch
+crypto-ahash-ensure-statesize-is-non-zero.patch
+btrfs-fix-use-after-free-iterating-extrefs.patch
+arm64-errata-use-kbuild_cflags_module-for-erratum-843419.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
