--- /dev/null
+From 42cfcafb91dabb0f9d9e08396c39824535948c67 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Horia=20Geant=C4=83?= <horia.geanta@nxp.com>
+Date: Mon, 19 Jun 2017 11:44:45 +0300
+Subject: crypto: caam - fix gfp allocation flags (part I)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Horia Geantă <horia.geanta@nxp.com>
+
+commit 42cfcafb91dabb0f9d9e08396c39824535948c67 upstream.
+
+Changes in the SW cts (ciphertext stealing) code in
+commit 0605c41cc53ca ("crypto: cts - Convert to skcipher")
+revealed a problem in the CAAM driver:
+when cts(cbc(aes)) is executed and cts runs in SW,
+cbc(aes) is offloaded in CAAM; cts encrypts the last block
+in atomic context and CAAM incorrectly decides to use GFP_KERNEL
+for memory allocation.
+
+Fix this by allowing GFP_KERNEL (sleeping) only when MAY_SLEEP flag is
+set, i.e. remove MAY_BACKLOG flag.
+
+We split the fix in two parts - first is sent to -stable, while the
+second is not (since there is no known failure case).
+
+Link: http://lkml.kernel.org/g/20170602122446.2427-1-david@sigma-star.at
+Reported-by: David Gstir <david@sigma-star.at>
+Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/caam/caamalg.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/crypto/caam/caamalg.c
++++ b/drivers/crypto/caam/caamalg.c
+@@ -1474,8 +1474,7 @@ static struct ablkcipher_edesc *ablkciph
+ struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req);
+ struct caam_ctx *ctx = crypto_ablkcipher_ctx(ablkcipher);
+ struct device *jrdev = ctx->jrdev;
+- gfp_t flags = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
+- CRYPTO_TFM_REQ_MAY_SLEEP)) ?
++ gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
+ GFP_KERNEL : GFP_ATOMIC;
+ int src_nents, mapped_src_nents, dst_nents = 0, mapped_dst_nents = 0;
+ struct ablkcipher_edesc *edesc;
--- /dev/null
+From fec17cb2231733174e039ad9054fa16bb358e2ec Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Sun, 11 Jun 2017 23:20:23 +0200
+Subject: crypto: rsa-pkcs1pad - use constant time memory comparison for MACs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Jason A. Donenfeld <Jason@zx2c4.com>
+
+commit fec17cb2231733174e039ad9054fa16bb358e2ec upstream.
+
+Otherwise, we enable all sorts of forgeries via timing attack.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+Suggested-by: Stephan Müller <smueller@chronox.de>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: linux-crypto@vger.kernel.org
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/rsa-pkcs1pad.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/crypto/rsa-pkcs1pad.c
++++ b/crypto/rsa-pkcs1pad.c
+@@ -496,7 +496,7 @@ static int pkcs1pad_verify_complete(stru
+ goto done;
+ pos++;
+
+- if (memcmp(out_buf + pos, digest_info->data, digest_info->size))
++ if (crypto_memneq(out_buf + pos, digest_info->data, digest_info->size))
+ goto done;
+
+ pos += digest_info->size;
--- /dev/null
+From 1ea1516fbbab2b30bf98c534ecaacba579a35208 Mon Sep 17 00:00:00 2001
+From: Chao Yu <yuchao0@huawei.com>
+Date: Fri, 23 Jun 2017 01:08:22 -0400
+Subject: ext4: check return value of kstrtoull correctly in reserved_clusters_store
+
+From: Chao Yu <yuchao0@huawei.com>
+
+commit 1ea1516fbbab2b30bf98c534ecaacba579a35208 upstream.
+
+kstrtoull returns 0 on success, however, in reserved_clusters_store we
+will return -EINVAL if kstrtoull returns 0, it makes us fail to update
+reserved_clusters value through sysfs.
+
+Fixes: 76d33bca5581b1dd5c3157fa168db849a784ada4
+Signed-off-by: Chao Yu <yuchao0@huawei.com>
+Signed-off-by: Miao Xie <miaoxie@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/sysfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/ext4/sysfs.c
++++ b/fs/ext4/sysfs.c
+@@ -100,7 +100,7 @@ static ssize_t reserved_clusters_store(s
+ int ret;
+
+ ret = kstrtoull(skip_spaces(buf), 0, &val);
+- if (!ret || val >= clusters)
++ if (ret || val >= clusters)
+ return -EINVAL;
+
+ atomic64_set(&sbi->s_resv_clusters, val);
mqueue-fix-a-use-after-free-in-sys_mq_notify.patch
proc-fix-proc_sys_prune_dcache-to-hold-a-sb-reference.patch
locking-rwsem-spinlock-fix-eintr-branch-in-__down_write_common.patch
+staging-vt6556-vnt_start-fix-missing-call-to-vnt_key_init_table.patch
+staging-comedi-fix-clean-up-of-comedi_class-in-comedi_init.patch
+crypto-caam-fix-gfp-allocation-flags-part-i.patch
+crypto-rsa-pkcs1pad-use-constant-time-memory-comparison-for-macs.patch
+ext4-check-return-value-of-kstrtoull-correctly-in-reserved_clusters_store.patch
+x86-mm-pat-don-t-report-pat-on-cpus-that-don-t-support-it.patch
--- /dev/null
+From a9332e9ad09c2644c99058fcf6ae2f355e93ce74 Mon Sep 17 00:00:00 2001
+From: Ian Abbott <abbotti@mev.co.uk>
+Date: Fri, 16 Jun 2017 19:35:34 +0100
+Subject: staging: comedi: fix clean-up of comedi_class in comedi_init()
+
+From: Ian Abbott <abbotti@mev.co.uk>
+
+commit a9332e9ad09c2644c99058fcf6ae2f355e93ce74 upstream.
+
+There is a clean-up bug in the core comedi module initialization
+functions, `comedi_init()`. If the `comedi_num_legacy_minors` module
+parameter is non-zero (and valid), it creates that many "legacy" devices
+and registers them in SysFS. A failure causes the function to clean up
+and return an error. Unfortunately, it fails to destroy the "comedi"
+class that was created earlier. Fix it by adding a call to
+`class_destroy(comedi_class)` at the appropriate place in the clean-up
+sequence.
+
+Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/comedi/comedi_fops.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/staging/comedi/comedi_fops.c
++++ b/drivers/staging/comedi/comedi_fops.c
+@@ -2901,6 +2901,7 @@ static int __init comedi_init(void)
+ dev = comedi_alloc_board_minor(NULL);
+ if (IS_ERR(dev)) {
+ comedi_cleanup_board_minors();
++ class_destroy(comedi_class);
+ cdev_del(&comedi_cdev);
+ unregister_chrdev_region(MKDEV(COMEDI_MAJOR, 0),
+ COMEDI_NUM_MINORS);
--- /dev/null
+From dc32190f2cd41c7dba25363ea7d618d4f5172b4e Mon Sep 17 00:00:00 2001
+From: Malcolm Priestley <tvboxspy@gmail.com>
+Date: Sat, 29 Apr 2017 13:03:44 +0100
+Subject: staging: vt6556: vnt_start Fix missing call to vnt_key_init_table.
+
+From: Malcolm Priestley <tvboxspy@gmail.com>
+
+commit dc32190f2cd41c7dba25363ea7d618d4f5172b4e upstream.
+
+The key table is not intialized correctly without this call.
+
+Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/vt6656/main_usb.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/staging/vt6656/main_usb.c
++++ b/drivers/staging/vt6656/main_usb.c
+@@ -523,6 +523,9 @@ static int vnt_start(struct ieee80211_hw
+ goto free_all;
+ }
+
++ if (vnt_key_init_table(priv))
++ goto free_all;
++
+ priv->int_interval = 1; /* bInterval is set to 1 */
+
+ vnt_int_start_interrupt(priv);
--- /dev/null
+From 99c13b8c8896d7bcb92753bf0c63a8de4326e78d Mon Sep 17 00:00:00 2001
+From: Mikulas Patocka <mpatocka@redhat.com>
+Date: Tue, 4 Jul 2017 19:04:23 -0400
+Subject: x86/mm/pat: Don't report PAT on CPUs that don't support it
+
+From: Mikulas Patocka <mpatocka@redhat.com>
+
+commit 99c13b8c8896d7bcb92753bf0c63a8de4326e78d upstream.
+
+The pat_enabled() logic is broken on CPUs which do not support PAT and
+where the initialization code fails to call pat_init(). Due to that the
+enabled flag stays true and pat_enabled() returns true wrongfully.
+
+As a consequence the mappings, e.g. for Xorg, are set up with the wrong
+caching mode and the required MTRR setups are omitted.
+
+To cure this the following changes are required:
+
+ 1) Make pat_enabled() return true only if PAT initialization was
+ invoked and successful.
+
+ 2) Invoke init_cache_modes() unconditionally in setup_arch() and
+ remove the extra callsites in pat_disable() and the pat disabled
+ code path in pat_init().
+
+Also rename __pat_enabled to pat_disabled to reflect the real purpose of
+this variable.
+
+Fixes: 9cd25aac1f44 ("x86/mm/pat: Emulate PAT when it is disabled")
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Bernhard Held <berny156@gmx.de>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: "Luis R. Rodriguez" <mcgrof@suse.com>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Link: http://lkml.kernel.org/r/alpine.LRH.2.02.1707041749300.3456@file01.intranet.prod.int.rdu2.redhat.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/pat.h | 1 +
+ arch/x86/kernel/setup.c | 7 +++++++
+ arch/x86/mm/pat.c | 28 ++++++++++++----------------
+ 3 files changed, 20 insertions(+), 16 deletions(-)
+
+--- a/arch/x86/include/asm/pat.h
++++ b/arch/x86/include/asm/pat.h
+@@ -7,6 +7,7 @@
+ bool pat_enabled(void);
+ void pat_disable(const char *reason);
+ extern void pat_init(void);
++extern void init_cache_modes(void);
+
+ extern int reserve_memtype(u64 start, u64 end,
+ enum page_cache_mode req_pcm, enum page_cache_mode *ret_pcm);
+--- a/arch/x86/kernel/setup.c
++++ b/arch/x86/kernel/setup.c
+@@ -1080,6 +1080,13 @@ void __init setup_arch(char **cmdline_p)
+ max_possible_pfn = max_pfn;
+
+ /*
++ * This call is required when the CPU does not support PAT. If
++ * mtrr_bp_init() invoked it already via pat_init() the call has no
++ * effect.
++ */
++ init_cache_modes();
++
++ /*
+ * Define random base addresses for memory sections after max_pfn is
+ * defined and before each memory section base is used.
+ */
+--- a/arch/x86/mm/pat.c
++++ b/arch/x86/mm/pat.c
+@@ -36,14 +36,14 @@
+ #undef pr_fmt
+ #define pr_fmt(fmt) "" fmt
+
+-static bool boot_cpu_done;
+-
+-static int __read_mostly __pat_enabled = IS_ENABLED(CONFIG_X86_PAT);
+-static void init_cache_modes(void);
++static bool __read_mostly boot_cpu_done;
++static bool __read_mostly pat_disabled = !IS_ENABLED(CONFIG_X86_PAT);
++static bool __read_mostly pat_initialized;
++static bool __read_mostly init_cm_done;
+
+ void pat_disable(const char *reason)
+ {
+- if (!__pat_enabled)
++ if (pat_disabled)
+ return;
+
+ if (boot_cpu_done) {
+@@ -51,10 +51,8 @@ void pat_disable(const char *reason)
+ return;
+ }
+
+- __pat_enabled = 0;
++ pat_disabled = true;
+ pr_info("x86/PAT: %s\n", reason);
+-
+- init_cache_modes();
+ }
+
+ static int __init nopat(char *str)
+@@ -66,7 +64,7 @@ early_param("nopat", nopat);
+
+ bool pat_enabled(void)
+ {
+- return !!__pat_enabled;
++ return pat_initialized;
+ }
+ EXPORT_SYMBOL_GPL(pat_enabled);
+
+@@ -204,6 +202,8 @@ static void __init_cache_modes(u64 pat)
+ update_cache_mode_entry(i, cache);
+ }
+ pr_info("x86/PAT: Configuration [0-7]: %s\n", pat_msg);
++
++ init_cm_done = true;
+ }
+
+ #define PAT(x, y) ((u64)PAT_ ## y << ((x)*8))
+@@ -224,6 +224,7 @@ static void pat_bsp_init(u64 pat)
+ }
+
+ wrmsrl(MSR_IA32_CR_PAT, pat);
++ pat_initialized = true;
+
+ __init_cache_modes(pat);
+ }
+@@ -241,10 +242,9 @@ static void pat_ap_init(u64 pat)
+ wrmsrl(MSR_IA32_CR_PAT, pat);
+ }
+
+-static void init_cache_modes(void)
++void init_cache_modes(void)
+ {
+ u64 pat = 0;
+- static int init_cm_done;
+
+ if (init_cm_done)
+ return;
+@@ -286,8 +286,6 @@ static void init_cache_modes(void)
+ }
+
+ __init_cache_modes(pat);
+-
+- init_cm_done = 1;
+ }
+
+ /**
+@@ -305,10 +303,8 @@ void pat_init(void)
+ u64 pat;
+ struct cpuinfo_x86 *c = &boot_cpu_data;
+
+- if (!pat_enabled()) {
+- init_cache_modes();
++ if (pat_disabled)
+ return;
+- }
+
+ if ((c->x86_vendor == X86_VENDOR_INTEL) &&
+ (((c->x86 == 0x6) && (c->x86_model <= 0xd)) ||
projects / thirdparty / kernel / stable-queue.git / commitdiff
