--- /dev/null
+From 18f3e95b90b28318ef35910d21c39908de672331 Mon Sep 17 00:00:00 2001
+From: Huacai Chen <chenhc@lemote.com>
+Date: Tue, 12 Jun 2018 17:54:42 +0800
+Subject: MIPS: io: Add barrier after register read in inX()
+
+From: Huacai Chen <chenhc@lemote.com>
+
+commit 18f3e95b90b28318ef35910d21c39908de672331 upstream.
+
+While a barrier is present in the outX() functions before the register
+write, a similar barrier is missing in the inX() functions after the
+register read. This could allow memory accesses following inX() to
+observe stale data.
+
+This patch is very similar to commit a1cc7034e33d12dc1 ("MIPS: io: Add
+barrier after register read in readX()"). Because war_io_reorder_wmb()
+is both used by writeX() and outX(), if readX() need a barrier then so
+does inX().
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Huacai Chen <chenhc@lemote.com>
+Patchwork: https://patchwork.linux-mips.org/patch/19516/
+Signed-off-by: Paul Burton <paul.burton@mips.com>
+Cc: James Hogan <james.hogan@mips.com>
+Cc: linux-mips@linux-mips.org
+Cc: Fuxin Zhang <zhangfx@lemote.com>
+Cc: Zhangjin Wu <wuzhangjin@gmail.com>
+Cc: Huacai Chen <chenhuacai@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/include/asm/io.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/mips/include/asm/io.h
++++ b/arch/mips/include/asm/io.h
+@@ -412,6 +412,8 @@ static inline type pfx##in##bwlq##p(unsi
+ __val = *__addr; \
+ slow; \
+ \
++ /* prevent prefetching of coherent DMA data prematurely */ \
++ rmb(); \
+ return pfx##ioswab##bwlq(__addr, __val); \
+ }
+
mtd-cfi_cmdset_0002-avoid-walking-all-chips-when-unlocking.patch
mips-bcm47xx-enable-74k-core-externalsync-for-pcie-erratum.patch
pci-pciehp-clear-presence-detect-and-data-link-layer-status-changed-on-resume.patch
+mips-io-add-barrier-after-register-read-in-inx.patch
+time-make-sure-jiffies_to_msecs-preserves-non-zero-time-periods.patch
+x.509-unpack-rsa-signaturevalue-field-from-bit-string.patch
--- /dev/null
+From abcbcb80cd09cd40f2089d912764e315459b71f7 Mon Sep 17 00:00:00 2001
+From: Geert Uytterhoeven <geert@linux-m68k.org>
+Date: Fri, 22 Jun 2018 16:33:57 +0200
+Subject: time: Make sure jiffies_to_msecs() preserves non-zero time periods
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Geert Uytterhoeven <geert@linux-m68k.org>
+
+commit abcbcb80cd09cd40f2089d912764e315459b71f7 upstream.
+
+For the common cases where 1000 is a multiple of HZ, or HZ is a multiple of
+1000, jiffies_to_msecs() never returns zero when passed a non-zero time
+period.
+
+However, if HZ > 1000 and not an integer multiple of 1000 (e.g. 1024 or
+1200, as used on alpha and DECstation), jiffies_to_msecs() may return zero
+for small non-zero time periods. This may break code that relies on
+receiving back a non-zero value.
+
+jiffies_to_usecs() does not need such a fix: one jiffy can only be less
+than one µs if HZ > 1000000, and such large values of HZ are already
+rejected at build time, twice:
+
+ - include/linux/jiffies.h does #error if HZ >= 12288,
+ - kernel/time/time.c has BUILD_BUG_ON(HZ > USEC_PER_SEC).
+
+Broken since forever.
+
+Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Arnd Bergmann <arnd@arndb.de>
+Cc: John Stultz <john.stultz@linaro.org>
+Cc: Stephen Boyd <sboyd@kernel.org>
+Cc: linux-alpha@vger.kernel.org
+Cc: linux-mips@linux-mips.org
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/20180622143357.7495-1-geert@linux-m68k.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/time/time.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/kernel/time/time.c
++++ b/kernel/time/time.c
+@@ -28,6 +28,7 @@
+ */
+
+ #include <linux/export.h>
++#include <linux/kernel.h>
+ #include <linux/timex.h>
+ #include <linux/capability.h>
+ #include <linux/timekeeper_internal.h>
+@@ -254,9 +255,10 @@ unsigned int jiffies_to_msecs(const unsi
+ return (j + (HZ / MSEC_PER_SEC) - 1)/(HZ / MSEC_PER_SEC);
+ #else
+ # if BITS_PER_LONG == 32
+- return (HZ_TO_MSEC_MUL32 * j) >> HZ_TO_MSEC_SHR32;
++ return (HZ_TO_MSEC_MUL32 * j + (1ULL << HZ_TO_MSEC_SHR32) - 1) >>
++ HZ_TO_MSEC_SHR32;
+ # else
+- return (j * HZ_TO_MSEC_NUM) / HZ_TO_MSEC_DEN;
++ return DIV_ROUND_UP(j * HZ_TO_MSEC_NUM, HZ_TO_MSEC_DEN);
+ # endif
+ #endif
+ }
--- /dev/null
+From b65c32ec5a942ab3ada93a048089a938918aba7f Mon Sep 17 00:00:00 2001
+From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>
+Date: Sat, 19 May 2018 14:23:54 +0200
+Subject: X.509: unpack RSA signatureValue field from BIT STRING
+
+From: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
+
+commit b65c32ec5a942ab3ada93a048089a938918aba7f upstream.
+
+The signatureValue field of a X.509 certificate is encoded as a BIT STRING.
+For RSA signatures this BIT STRING is of so-called primitive subtype, which
+contains a u8 prefix indicating a count of unused bits in the encoding.
+
+We have to strip this prefix from signature data, just as we already do for
+key data in x509_extract_key_data() function.
+
+This wasn't noticed earlier because this prefix byte is zero for RSA key
+sizes divisible by 8. Since BIT STRING is a big-endian encoding adding zero
+prefixes has no bearing on its value.
+
+The signature length, however was incorrect, which is a problem for RSA
+implementations that need it to be exactly correct (like AMD CCP).
+
+Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
+Fixes: c26fd69fa009 ("X.509: Add a crypto key parser for binary (DER) X.509 certificates")
+Cc: stable@vger.kernel.org
+Signed-off-by: James Morris <james.morris@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/asymmetric_keys/x509_cert_parser.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/crypto/asymmetric_keys/x509_cert_parser.c
++++ b/crypto/asymmetric_keys/x509_cert_parser.c
+@@ -221,6 +221,15 @@ int x509_note_signature(void *context, s
+ return -EINVAL;
+ }
+
++ if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0) {
++ /* Discard the BIT STRING metadata */
++ if (vlen < 1 || *(const u8 *)value != 0)
++ return -EBADMSG;
++
++ value++;
++ vlen--;
++ }
++
+ ctx->cert->raw_sig = value;
+ ctx->cert->raw_sig_size = vlen;
+ return 0;
projects / thirdparty / kernel / stable-queue.git / commitdiff
