--- /dev/null
+From f16eb8a4b096514ac06fb25bf599dcc792899b3d Mon Sep 17 00:00:00 2001
+From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Date: Mon, 11 Mar 2019 18:41:03 +0200
+Subject: ACPI / device_sysfs: Avoid OF modalias creation for removed device
+
+From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+
+commit f16eb8a4b096514ac06fb25bf599dcc792899b3d upstream.
+
+If SSDT overlay is loaded via ConfigFS and then unloaded the device,
+we would like to have OF modalias for, already gone. Thus, acpi_get_name()
+returns no allocated buffer for such case and kernel crashes afterwards:
+
+ ACPI: Host-directed Dynamic ACPI Table Unload
+ ads7950 spi-PRP0001:00: Dropping the link to regulator.0
+ BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
+ #PF error: [normal kernel read fault]
+ PGD 80000000070d6067 P4D 80000000070d6067 PUD 70d0067 PMD 0
+ Oops: 0000 [#1] SMP PTI
+ CPU: 0 PID: 40 Comm: kworker/u4:2 Not tainted 5.0.0+ #96
+ Hardware name: Intel Corporation Merrifield/BODEGA BAY, BIOS 542 2015.01.21:18.19.48
+ Workqueue: kacpi_hotplug acpi_device_del_work_fn
+ RIP: 0010:create_of_modalias.isra.1+0x4c/0x150
+ Code: 00 00 48 89 44 24 18 31 c0 48 8d 54 24 08 48 c7 44 24 10 00 00 00 00 48 c7 44 24 08 ff ff ff ff e8 7a b0 03 00 48 8b 4c 24 10 <0f> b6 01 84 c0 74 27 48 c7 c7 00 09 f4 a5 0f b6 f0 8d 50 20 f6 04
+ RSP: 0000:ffffa51040297c10 EFLAGS: 00010246
+ RAX: 0000000000001001 RBX: 0000000000000785 RCX: 0000000000000000
+ RDX: 0000000000001001 RSI: 0000000000000286 RDI: ffffa2163dc042e0
+ RBP: ffffa216062b1196 R08: 0000000000001001 R09: ffffa21639873000
+ R10: ffffffffa606761d R11: 0000000000000001 R12: ffffa21639873218
+ R13: ffffa2163deb5060 R14: ffffa216063d1010 R15: 0000000000000000
+ FS: 0000000000000000(0000) GS:ffffa2163e000000(0000) knlGS:0000000000000000
+ CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ CR2: 0000000000000000 CR3: 0000000007114000 CR4: 00000000001006f0
+ Call Trace:
+ __acpi_device_uevent_modalias+0xb0/0x100
+ spi_uevent+0xd/0x40
+
+ ...
+
+In order to fix above let create_of_modalias() check the status returned
+by acpi_get_name() and bail out in case of failure.
+
+Fixes: 8765c5ba1949 ("ACPI / scan: Rework modalias creation when "compatible" is present")
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=201381
+Reported-by: Ferry Toth <fntoth@gmail.com>
+Tested-by: Ferry Toth<fntoth@gmail.com>
+Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
+Cc: 4.1+ <stable@vger.kernel.org> # 4.1+
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/acpi/device_sysfs.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/drivers/acpi/device_sysfs.c
++++ b/drivers/acpi/device_sysfs.c
+@@ -202,11 +202,15 @@ static int create_of_modalias(struct acp
+ {
+ struct acpi_buffer buf = { ACPI_ALLOCATE_BUFFER };
+ const union acpi_object *of_compatible, *obj;
++ acpi_status status;
+ int len, count;
+ int i, nval;
+ char *c;
+
+- acpi_get_name(acpi_dev->handle, ACPI_SINGLE_NAME, &buf);
++ status = acpi_get_name(acpi_dev->handle, ACPI_SINGLE_NAME, &buf);
++ if (ACPI_FAILURE(status))
++ return -ENODEV;
++
+ /* DT strings are all in lower case */
+ for (c = buf.pointer; *c != '\0'; c++)
+ *c = tolower(*c);
--- /dev/null
+From 7b9b9edb49ad377b1e06abf14354c227e9ac4b06 Mon Sep 17 00:00:00 2001
+From: Pavel Shilovsky <piastryyy@gmail.com>
+Date: Wed, 13 Feb 2019 15:43:08 -0800
+Subject: CIFS: Do not reset lease state to NONE on lease break
+
+From: Pavel Shilovsky <piastryyy@gmail.com>
+
+commit 7b9b9edb49ad377b1e06abf14354c227e9ac4b06 upstream.
+
+Currently on lease break the client sets a caching level twice:
+when oplock is detected and when oplock is processed. While the
+1st attempt sets the level to the value provided by the server,
+the 2nd one resets the level to None unconditionally.
+This happens because the oplock/lease processing code was changed
+to avoid races between page cache flushes and oplock breaks.
+The commit c11f1df5003d534 ("cifs: Wait for writebacks to complete
+before attempting write.") fixed the races for oplocks but didn't
+apply the same changes for leases resulting in overwriting the
+server granted value to None. Fix this by properly processing
+lease breaks.
+
+Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+CC: Stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/smb2misc.c | 17 ++++++++++++++---
+ fs/cifs/smb2ops.c | 15 ++++++++++++---
+ 2 files changed, 26 insertions(+), 6 deletions(-)
+
+--- a/fs/cifs/smb2misc.c
++++ b/fs/cifs/smb2misc.c
+@@ -479,7 +479,6 @@ smb2_tcon_has_lease(struct cifs_tcon *tc
+ __u8 lease_state;
+ struct list_head *tmp;
+ struct cifsFileInfo *cfile;
+- struct TCP_Server_Info *server = tcon->ses->server;
+ struct cifs_pending_open *open;
+ struct cifsInodeInfo *cinode;
+ int ack_req = le32_to_cpu(rsp->Flags &
+@@ -499,13 +498,25 @@ smb2_tcon_has_lease(struct cifs_tcon *tc
+ cifs_dbg(FYI, "lease key match, lease break 0x%x\n",
+ le32_to_cpu(rsp->NewLeaseState));
+
+- server->ops->set_oplock_level(cinode, lease_state, 0, NULL);
+-
+ if (ack_req)
+ cfile->oplock_break_cancelled = false;
+ else
+ cfile->oplock_break_cancelled = true;
+
++ set_bit(CIFS_INODE_PENDING_OPLOCK_BREAK, &cinode->flags);
++
++ /*
++ * Set or clear flags depending on the lease state being READ.
++ * HANDLE caching flag should be added when the client starts
++ * to defer closing remote file handles with HANDLE leases.
++ */
++ if (lease_state & SMB2_LEASE_READ_CACHING_HE)
++ set_bit(CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2,
++ &cinode->flags);
++ else
++ clear_bit(CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2,
++ &cinode->flags);
++
+ queue_work(cifsoplockd_wq, &cfile->oplock_break);
+ kfree(lw);
+ return true;
+--- a/fs/cifs/smb2ops.c
++++ b/fs/cifs/smb2ops.c
+@@ -1933,6 +1933,15 @@ smb2_downgrade_oplock(struct TCP_Server_
+ }
+
+ static void
++smb21_downgrade_oplock(struct TCP_Server_Info *server,
++ struct cifsInodeInfo *cinode, bool set_level2)
++{
++ server->ops->set_oplock_level(cinode,
++ set_level2 ? SMB2_LEASE_READ_CACHING_HE :
++ 0, 0, NULL);
++}
++
++static void
+ smb2_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock,
+ unsigned int epoch, bool *purge_cache)
+ {
+@@ -2917,7 +2926,7 @@ struct smb_version_operations smb21_oper
+ .print_stats = smb2_print_stats,
+ .is_oplock_break = smb2_is_valid_oplock_break,
+ .handle_cancelled_mid = smb2_handle_cancelled_mid,
+- .downgrade_oplock = smb2_downgrade_oplock,
++ .downgrade_oplock = smb21_downgrade_oplock,
+ .need_neg = smb2_need_neg,
+ .negotiate = smb2_negotiate,
+ .negotiate_wsize = smb2_negotiate_wsize,
+@@ -3012,7 +3021,7 @@ struct smb_version_operations smb30_oper
+ .dump_share_caps = smb2_dump_share_caps,
+ .is_oplock_break = smb2_is_valid_oplock_break,
+ .handle_cancelled_mid = smb2_handle_cancelled_mid,
+- .downgrade_oplock = smb2_downgrade_oplock,
++ .downgrade_oplock = smb21_downgrade_oplock,
+ .need_neg = smb2_need_neg,
+ .negotiate = smb2_negotiate,
+ .negotiate_wsize = smb2_negotiate_wsize,
+@@ -3117,7 +3126,7 @@ struct smb_version_operations smb311_ope
+ .dump_share_caps = smb2_dump_share_caps,
+ .is_oplock_break = smb2_is_valid_oplock_break,
+ .handle_cancelled_mid = smb2_handle_cancelled_mid,
+- .downgrade_oplock = smb2_downgrade_oplock,
++ .downgrade_oplock = smb21_downgrade_oplock,
+ .need_neg = smb2_need_neg,
+ .negotiate = smb2_negotiate,
+ .negotiate_wsize = smb2_negotiate_wsize,
--- /dev/null
+From 6dfbd84684700cb58b34e8602c01c12f3d2595c8 Mon Sep 17 00:00:00 2001
+From: Pavel Shilovsky <piastryyy@gmail.com>
+Date: Mon, 4 Mar 2019 17:48:01 -0800
+Subject: CIFS: Fix read after write for files with read caching
+
+From: Pavel Shilovsky <piastryyy@gmail.com>
+
+commit 6dfbd84684700cb58b34e8602c01c12f3d2595c8 upstream.
+
+When we have a READ lease for a file and have just issued a write
+operation to the server we need to purge the cache and set oplock/lease
+level to NONE to avoid reading stale data. Currently we do that
+only if a write operation succedeed thus not covering cases when
+a request was sent to the server but a negative error code was
+returned later for some other reasons (e.g. -EIOCBQUEUED or -EINTR).
+Fix this by turning off caching regardless of the error code being
+returned.
+
+The patches fixes generic tests 075 and 112 from the xfs-tests.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/file.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+--- a/fs/cifs/file.c
++++ b/fs/cifs/file.c
+@@ -2889,14 +2889,16 @@ cifs_strict_writev(struct kiocb *iocb, s
+ * these pages but not on the region from pos to ppos+len-1.
+ */
+ written = cifs_user_writev(iocb, from);
+- if (written > 0 && CIFS_CACHE_READ(cinode)) {
++ if (CIFS_CACHE_READ(cinode)) {
+ /*
+- * Windows 7 server can delay breaking level2 oplock if a write
+- * request comes - break it on the client to prevent reading
+- * an old data.
++ * We have read level caching and we have just sent a write
++ * request to the server thus making data in the cache stale.
++ * Zap the cache and set oplock/lease level to NONE to avoid
++ * reading stale data from the cache. All subsequent read
++ * operations will read new data from the server.
+ */
+ cifs_zap_mapping(inode);
+- cifs_dbg(FYI, "Set no oplock for inode=%p after a write operation\n",
++ cifs_dbg(FYI, "Set Oplock/Lease to NONE for inode=%p after write\n",
+ inode);
+ cinode->oplock = 0;
+ }
--- /dev/null
+From 62fecf295e3c48be1b5f17c440b93875b9adb4d6 Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Sun, 27 Jan 2019 10:16:52 +0100
+Subject: crypto: arm/crct10dif - revert to C code for short inputs
+
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+
+commit 62fecf295e3c48be1b5f17c440b93875b9adb4d6 upstream.
+
+The SIMD routine ported from x86 used to have a special code path
+for inputs < 16 bytes, which got lost somewhere along the way.
+Instead, the current glue code aligns the input pointer to permit
+the NEON routine to use special versions of the vld1 instructions
+that assume 16 byte alignment, but this could result in inputs of
+less than 16 bytes to be passed in. This not only fails the new
+extended tests that Eric has implemented, it also results in the
+code reading past the end of the input, which could potentially
+result in crashes when dealing with less than 16 bytes of input
+at the end of a page which is followed by an unmapped page.
+
+So update the glue code to only invoke the NEON routine if the
+input is at least 16 bytes.
+
+Reported-by: Eric Biggers <ebiggers@kernel.org>
+Reviewed-by: Eric Biggers <ebiggers@kernel.org>
+Fixes: 1d481f1cd892 ("crypto: arm/crct10dif - port x86 SSE implementation to ARM")
+Cc: <stable@vger.kernel.org> # v4.10+
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/crypto/crct10dif-ce-core.S | 14 +++++++-------
+ arch/arm/crypto/crct10dif-ce-glue.c | 23 ++++++-----------------
+ 2 files changed, 13 insertions(+), 24 deletions(-)
+
+--- a/arch/arm/crypto/crct10dif-ce-core.S
++++ b/arch/arm/crypto/crct10dif-ce-core.S
+@@ -124,10 +124,10 @@ ENTRY(crc_t10dif_pmull)
+ vext.8 q10, qzr, q0, #4
+
+ // receive the initial 64B data, xor the initial crc value
+- vld1.64 {q0-q1}, [arg2, :128]!
+- vld1.64 {q2-q3}, [arg2, :128]!
+- vld1.64 {q4-q5}, [arg2, :128]!
+- vld1.64 {q6-q7}, [arg2, :128]!
++ vld1.64 {q0-q1}, [arg2]!
++ vld1.64 {q2-q3}, [arg2]!
++ vld1.64 {q4-q5}, [arg2]!
++ vld1.64 {q6-q7}, [arg2]!
+ CPU_LE( vrev64.8 q0, q0 )
+ CPU_LE( vrev64.8 q1, q1 )
+ CPU_LE( vrev64.8 q2, q2 )
+@@ -167,7 +167,7 @@ CPU_LE( vrev64.8 q7, q7 )
+ _fold_64_B_loop:
+
+ .macro fold64, reg1, reg2
+- vld1.64 {q11-q12}, [arg2, :128]!
++ vld1.64 {q11-q12}, [arg2]!
+
+ vmull.p64 q8, \reg1\()h, d21
+ vmull.p64 \reg1, \reg1\()l, d20
+@@ -238,7 +238,7 @@ _16B_reduction_loop:
+ vmull.p64 q7, d15, d21
+ veor.8 q7, q7, q8
+
+- vld1.64 {q0}, [arg2, :128]!
++ vld1.64 {q0}, [arg2]!
+ CPU_LE( vrev64.8 q0, q0 )
+ vswp d0, d1
+ veor.8 q7, q7, q0
+@@ -335,7 +335,7 @@ _less_than_128:
+ vmov.i8 q0, #0
+ vmov s3, arg1_low32 // get the initial crc value
+
+- vld1.64 {q7}, [arg2, :128]!
++ vld1.64 {q7}, [arg2]!
+ CPU_LE( vrev64.8 q7, q7 )
+ vswp d14, d15
+ veor.8 q7, q7, q0
+--- a/arch/arm/crypto/crct10dif-ce-glue.c
++++ b/arch/arm/crypto/crct10dif-ce-glue.c
+@@ -35,26 +35,15 @@ static int crct10dif_update(struct shash
+ unsigned int length)
+ {
+ u16 *crc = shash_desc_ctx(desc);
+- unsigned int l;
+
+- if (!may_use_simd()) {
+- *crc = crc_t10dif_generic(*crc, data, length);
++ if (length >= CRC_T10DIF_PMULL_CHUNK_SIZE && may_use_simd()) {
++ kernel_neon_begin();
++ *crc = crc_t10dif_pmull(*crc, data, length);
++ kernel_neon_end();
+ } else {
+- if (unlikely((u32)data % CRC_T10DIF_PMULL_CHUNK_SIZE)) {
+- l = min_t(u32, length, CRC_T10DIF_PMULL_CHUNK_SIZE -
+- ((u32)data % CRC_T10DIF_PMULL_CHUNK_SIZE));
+-
+- *crc = crc_t10dif_generic(*crc, data, l);
+-
+- length -= l;
+- data += l;
+- }
+- if (length > 0) {
+- kernel_neon_begin();
+- *crc = crc_t10dif_pmull(*crc, data, length);
+- kernel_neon_end();
+- }
++ *crc = crc_t10dif_generic(*crc, data, length);
+ }
++
+ return 0;
+ }
+
--- /dev/null
+From 969e2f59d589c15f6aaf306e590dde16f12ea4b3 Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Thu, 24 Jan 2019 17:33:46 +0100
+Subject: crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine
+
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+
+commit 969e2f59d589c15f6aaf306e590dde16f12ea4b3 upstream.
+
+Commit 5092fcf34908 ("crypto: arm64/aes-ce-ccm: add non-SIMD generic
+fallback") introduced C fallback code to replace the NEON routines
+when invoked from a context where the NEON is not available (i.e.,
+from the context of a softirq taken while the NEON is already being
+used in kernel process context)
+
+Fix two logical flaws in the MAC calculation of the associated data.
+
+Reported-by: Eric Biggers <ebiggers@kernel.org>
+Fixes: 5092fcf34908 ("crypto: arm64/aes-ce-ccm: add non-SIMD generic fallback")
+Cc: stable@vger.kernel.org
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/crypto/aes-ce-ccm-glue.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/arch/arm64/crypto/aes-ce-ccm-glue.c
++++ b/arch/arm64/crypto/aes-ce-ccm-glue.c
+@@ -123,7 +123,7 @@ static void ccm_update_mac(struct crypto
+ abytes -= added;
+ }
+
+- while (abytes > AES_BLOCK_SIZE) {
++ while (abytes >= AES_BLOCK_SIZE) {
+ __aes_arm64_encrypt(key->key_enc, mac, mac,
+ num_rounds(key));
+ crypto_xor(mac, in, AES_BLOCK_SIZE);
+@@ -137,8 +137,6 @@ static void ccm_update_mac(struct crypto
+ num_rounds(key));
+ crypto_xor(mac, in, abytes);
+ *macp = abytes;
+- } else {
+- *macp = 0;
+ }
+ }
+ }
--- /dev/null
+From eaf46edf6ea89675bd36245369c8de5063a0272c Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Thu, 24 Jan 2019 17:33:45 +0100
+Subject: crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
+
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+
+commit eaf46edf6ea89675bd36245369c8de5063a0272c upstream.
+
+The NEON MAC calculation routine fails to handle the case correctly
+where there is some data in the buffer, and the input fills it up
+exactly. In this case, we enter the loop at the end with w8 == 0,
+while a negative value is assumed, and so the loop carries on until
+the increment of the 32-bit counter wraps around, which is quite
+obviously wrong.
+
+So omit the loop altogether in this case, and exit right away.
+
+Reported-by: Eric Biggers <ebiggers@kernel.org>
+Fixes: a3fd82105b9d1 ("arm64/crypto: AES in CCM mode using ARMv8 Crypto ...")
+Cc: stable@vger.kernel.org
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/crypto/aes-ce-ccm-core.S | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/arch/arm64/crypto/aes-ce-ccm-core.S
++++ b/arch/arm64/crypto/aes-ce-ccm-core.S
+@@ -74,12 +74,13 @@ ENTRY(ce_aes_ccm_auth_data)
+ beq 10f
+ ext v0.16b, v0.16b, v0.16b, #1 /* rotate out the mac bytes */
+ b 7b
+-8: mov w7, w8
++8: cbz w8, 91f
++ mov w7, w8
+ add w8, w8, #16
+ 9: ext v1.16b, v1.16b, v1.16b, #1
+ adds w7, w7, #1
+ bne 9b
+- eor v0.16b, v0.16b, v1.16b
++91: eor v0.16b, v0.16b, v1.16b
+ st1 {v0.16b}, [x0]
+ 10: str w8, [x3]
+ ret
--- /dev/null
+From d72b9d4acd548251f55b16843fc7a05dc5c80de8 Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Sun, 27 Jan 2019 10:16:53 +0100
+Subject: crypto: arm64/crct10dif - revert to C code for short inputs
+
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+
+commit d72b9d4acd548251f55b16843fc7a05dc5c80de8 upstream.
+
+The SIMD routine ported from x86 used to have a special code path
+for inputs < 16 bytes, which got lost somewhere along the way.
+Instead, the current glue code aligns the input pointer to 16 bytes,
+which is not really necessary on this architecture (although it
+could be beneficial to performance to expose aligned data to the
+the NEON routine), but this could result in inputs of less than
+16 bytes to be passed in. This not only fails the new extended
+tests that Eric has implemented, it also results in the code
+reading past the end of the input, which could potentially result
+in crashes when dealing with less than 16 bytes of input at the
+end of a page which is followed by an unmapped page.
+
+So update the glue code to only invoke the NEON routine if the
+input is at least 16 bytes.
+
+Reported-by: Eric Biggers <ebiggers@kernel.org>
+Reviewed-by: Eric Biggers <ebiggers@kernel.org>
+Fixes: 6ef5737f3931 ("crypto: arm64/crct10dif - port x86 SSE implementation to arm64")
+Cc: <stable@vger.kernel.org> # v4.10+
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/crypto/crct10dif-ce-glue.c | 25 ++++++-------------------
+ 1 file changed, 6 insertions(+), 19 deletions(-)
+
+--- a/arch/arm64/crypto/crct10dif-ce-glue.c
++++ b/arch/arm64/crypto/crct10dif-ce-glue.c
+@@ -36,26 +36,13 @@ static int crct10dif_update(struct shash
+ unsigned int length)
+ {
+ u16 *crc = shash_desc_ctx(desc);
+- unsigned int l;
+
+- if (unlikely((u64)data % CRC_T10DIF_PMULL_CHUNK_SIZE)) {
+- l = min_t(u32, length, CRC_T10DIF_PMULL_CHUNK_SIZE -
+- ((u64)data % CRC_T10DIF_PMULL_CHUNK_SIZE));
+-
+- *crc = crc_t10dif_generic(*crc, data, l);
+-
+- length -= l;
+- data += l;
+- }
+-
+- if (length > 0) {
+- if (may_use_simd()) {
+- kernel_neon_begin();
+- *crc = crc_t10dif_pmull(*crc, data, length);
+- kernel_neon_end();
+- } else {
+- *crc = crc_t10dif_generic(*crc, data, length);
+- }
++ if (length >= CRC_T10DIF_PMULL_CHUNK_SIZE && may_use_simd()) {
++ kernel_neon_begin();
++ *crc = crc_t10dif_pmull(*crc, data, length);
++ kernel_neon_end();
++ } else {
++ *crc = crc_t10dif_generic(*crc, data, length);
+ }
+
+ return 0;
--- /dev/null
+From ba7d7433a0e998c902132bd47330e355a1eaa894 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Sun, 6 Jan 2019 18:47:42 -0800
+Subject: crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit ba7d7433a0e998c902132bd47330e355a1eaa894 upstream.
+
+Some algorithms have a ->setkey() method that is not atomic, in the
+sense that setting a key can fail after changes were already made to the
+tfm context. In this case, if a key was already set the tfm can end up
+in a state that corresponds to neither the old key nor the new key.
+
+It's not feasible to make all ->setkey() methods atomic, especially ones
+that have to key multiple sub-tfms. Therefore, make the crypto API set
+CRYPTO_TFM_NEED_KEY if ->setkey() fails and the algorithm requires a
+key, to prevent the tfm from being used until a new key is set.
+
+Note: we can't set CRYPTO_TFM_NEED_KEY for OPTIONAL_KEY algorithms, so
+->setkey() for those must nevertheless be atomic. That's fine for now
+since only the crc32 and crc32c algorithms set OPTIONAL_KEY, and it's
+not intended that OPTIONAL_KEY be used much.
+
+[Cc stable mainly because when introducing the NEED_KEY flag I changed
+ AF_ALG to rely on it; and unlike in-kernel crypto API users, AF_ALG
+ previously didn't have this problem. So these "incompletely keyed"
+ states became theoretically accessible via AF_ALG -- though, the
+ opportunities for causing real mischief seem pretty limited.]
+
+Fixes: 9fa68f620041 ("crypto: hash - prevent using keyed hashes without setting key")
+Cc: stable@vger.kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/ahash.c | 28 +++++++++++++++++++---------
+ crypto/shash.c | 18 +++++++++++++-----
+ 2 files changed, 32 insertions(+), 14 deletions(-)
+
+--- a/crypto/ahash.c
++++ b/crypto/ahash.c
+@@ -190,6 +190,21 @@ static int ahash_setkey_unaligned(struct
+ return ret;
+ }
+
++static int ahash_nosetkey(struct crypto_ahash *tfm, const u8 *key,
++ unsigned int keylen)
++{
++ return -ENOSYS;
++}
++
++static void ahash_set_needkey(struct crypto_ahash *tfm)
++{
++ const struct hash_alg_common *alg = crypto_hash_alg_common(tfm);
++
++ if (tfm->setkey != ahash_nosetkey &&
++ !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY))
++ crypto_ahash_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
++}
++
+ int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
+ unsigned int keylen)
+ {
+@@ -201,20 +216,16 @@ int crypto_ahash_setkey(struct crypto_ah
+ else
+ err = tfm->setkey(tfm, key, keylen);
+
+- if (err)
++ if (unlikely(err)) {
++ ahash_set_needkey(tfm);
+ return err;
++ }
+
+ crypto_ahash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
+ return 0;
+ }
+ EXPORT_SYMBOL_GPL(crypto_ahash_setkey);
+
+-static int ahash_nosetkey(struct crypto_ahash *tfm, const u8 *key,
+- unsigned int keylen)
+-{
+- return -ENOSYS;
+-}
+-
+ static inline unsigned int ahash_align_buffer_size(unsigned len,
+ unsigned long mask)
+ {
+@@ -483,8 +494,7 @@ static int crypto_ahash_init_tfm(struct
+
+ if (alg->setkey) {
+ hash->setkey = alg->setkey;
+- if (!(alg->halg.base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY))
+- crypto_ahash_set_flags(hash, CRYPTO_TFM_NEED_KEY);
++ ahash_set_needkey(hash);
+ }
+ if (alg->export)
+ hash->export = alg->export;
+--- a/crypto/shash.c
++++ b/crypto/shash.c
+@@ -53,6 +53,13 @@ static int shash_setkey_unaligned(struct
+ return err;
+ }
+
++static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg)
++{
++ if (crypto_shash_alg_has_setkey(alg) &&
++ !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY))
++ crypto_shash_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
++}
++
+ int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
+ unsigned int keylen)
+ {
+@@ -65,8 +72,10 @@ int crypto_shash_setkey(struct crypto_sh
+ else
+ err = shash->setkey(tfm, key, keylen);
+
+- if (err)
++ if (unlikely(err)) {
++ shash_set_needkey(tfm, shash);
+ return err;
++ }
+
+ crypto_shash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
+ return 0;
+@@ -368,7 +377,8 @@ int crypto_init_shash_ops_async(struct c
+ crt->final = shash_async_final;
+ crt->finup = shash_async_finup;
+ crt->digest = shash_async_digest;
+- crt->setkey = shash_async_setkey;
++ if (crypto_shash_alg_has_setkey(alg))
++ crt->setkey = shash_async_setkey;
+
+ crypto_ahash_set_flags(crt, crypto_shash_get_flags(shash) &
+ CRYPTO_TFM_NEED_KEY);
+@@ -390,9 +400,7 @@ static int crypto_shash_init_tfm(struct
+
+ hash->descsize = alg->descsize;
+
+- if (crypto_shash_alg_has_setkey(alg) &&
+- !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY))
+- crypto_shash_set_flags(hash, CRYPTO_TFM_NEED_KEY);
++ shash_set_needkey(hash, alg);
+
+ return 0;
+ }
--- /dev/null
+From eb5e6730db98fcc4b51148b4a819fa4bf864ae54 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Wed, 23 Jan 2019 20:57:35 -0800
+Subject: crypto: testmgr - skip crc32c context test for ahash algorithms
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit eb5e6730db98fcc4b51148b4a819fa4bf864ae54 upstream.
+
+Instantiating "cryptd(crc32c)" causes a crypto self-test failure because
+the crypto_alloc_shash() in alg_test_crc32c() fails. This is because
+cryptd(crc32c) is an ahash algorithm, not a shash algorithm; so it can
+only be accessed through the ahash API, unlike shash algorithms which
+can be accessed through both the ahash and shash APIs.
+
+As the test is testing the shash descriptor format which is only
+applicable to shash algorithms, skip it for ahash algorithms.
+
+(Note that it's still important to fix crypto self-test failures even
+ for weird algorithm instantiations like cryptd(crc32c) that no one
+ would really use; in fips_enabled mode unprivileged users can use them
+ to panic the kernel, and also they prevent treating a crypto self-test
+ failure as a bug when fuzzing the kernel.)
+
+Fixes: 8e3ee85e68c5 ("crypto: crc32c - Test descriptor context format")
+Cc: stable@vger.kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/testmgr.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+--- a/crypto/testmgr.c
++++ b/crypto/testmgr.c
+@@ -1839,14 +1839,21 @@ static int alg_test_crc32c(const struct
+
+ err = alg_test_hash(desc, driver, type, mask);
+ if (err)
+- goto out;
++ return err;
+
+ tfm = crypto_alloc_shash(driver, type, mask);
+ if (IS_ERR(tfm)) {
++ if (PTR_ERR(tfm) == -ENOENT) {
++ /*
++ * This crc32c implementation is only available through
++ * ahash API, not the shash API, so the remaining part
++ * of the test is not applicable to it.
++ */
++ return 0;
++ }
+ printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: "
+ "%ld\n", driver, PTR_ERR(tfm));
+- err = PTR_ERR(tfm);
+- goto out;
++ return PTR_ERR(tfm);
+ }
+
+ do {
+@@ -1873,7 +1880,6 @@ static int alg_test_crc32c(const struct
+
+ crypto_free_shash(tfm);
+
+-out:
+ return err;
+ }
+
libnvdimm-pmem-honor-force_raw-for-legacy-pmem-regions.patch
libnvdimm-fix-altmap-reservation-size-calculation.patch
fix-cgroup_do_mount-handling-of-failure-exits.patch
+crypto-arm-crct10dif-revert-to-c-code-for-short-inputs.patch
+crypto-arm64-crct10dif-revert-to-c-code-for-short-inputs.patch
+crypto-hash-set-crypto_tfm_need_key-if-setkey-fails.patch
+crypto-testmgr-skip-crc32c-context-test-for-ahash-algorithms.patch
+crypto-arm64-aes-ccm-fix-logical-bug-in-aad-mac-handling.patch
+crypto-arm64-aes-ccm-fix-bugs-in-non-neon-fallback-routine.patch
+cifs-do-not-reset-lease-state-to-none-on-lease-break.patch
+cifs-fix-read-after-write-for-files-with-read-caching.patch
+tracing-use-strncpy-instead-of-memcpy-for-string-keys-in-hist-triggers.patch
+tracing-do-not-free-iter-trace-in-fail-path-of-tracing_open_pipe.patch
+xen-fix-dom0-boot-on-huge-systems.patch
+acpi-device_sysfs-avoid-of-modalias-creation-for-removed-device.patch
--- /dev/null
+From e7f0c424d0806b05d6f47be9f202b037eb701707 Mon Sep 17 00:00:00 2001
+From: "zhangyi (F)" <yi.zhang@huawei.com>
+Date: Wed, 13 Feb 2019 20:29:06 +0800
+Subject: tracing: Do not free iter->trace in fail path of tracing_open_pipe()
+
+From: zhangyi (F) <yi.zhang@huawei.com>
+
+commit e7f0c424d0806b05d6f47be9f202b037eb701707 upstream.
+
+Commit d716ff71dd12 ("tracing: Remove taking of trace_types_lock in
+pipe files") use the current tracer instead of the copy in
+tracing_open_pipe(), but it forget to remove the freeing sentence in
+the error path.
+
+There's an error path that can call kfree(iter->trace) after the iter->trace
+was assigned to tr->current_trace, which would be bad to free.
+
+Link: http://lkml.kernel.org/r/1550060946-45984-1-git-send-email-yi.zhang@huawei.com
+
+Cc: stable@vger.kernel.org
+Fixes: d716ff71dd12 ("tracing: Remove taking of trace_types_lock in pipe files")
+Signed-off-by: zhangyi (F) <yi.zhang@huawei.com>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/trace/trace.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/kernel/trace/trace.c
++++ b/kernel/trace/trace.c
+@@ -5604,7 +5604,6 @@ out:
+ return ret;
+
+ fail:
+- kfree(iter->trace);
+ kfree(iter);
+ __trace_array_put(tr);
+ mutex_unlock(&trace_types_lock);
--- /dev/null
+From 9f0bbf3115ca9f91f43b7c74e9ac7d79f47fc6c2 Mon Sep 17 00:00:00 2001
+From: Tom Zanussi <tom.zanussi@linux.intel.com>
+Date: Mon, 4 Feb 2019 15:07:24 -0600
+Subject: tracing: Use strncpy instead of memcpy for string keys in hist triggers
+
+From: Tom Zanussi <tom.zanussi@linux.intel.com>
+
+commit 9f0bbf3115ca9f91f43b7c74e9ac7d79f47fc6c2 upstream.
+
+Because there may be random garbage beyond a string's null terminator,
+it's not correct to copy the the complete character array for use as a
+hist trigger key. This results in multiple histogram entries for the
+'same' string key.
+
+So, in the case of a string key, use strncpy instead of memcpy to
+avoid copying in the extra bytes.
+
+Before, using the gdbus entries in the following hist trigger as an
+example:
+
+ # echo 'hist:key=comm' > /sys/kernel/debug/tracing/events/sched/sched_waking/trigger
+ # cat /sys/kernel/debug/tracing/events/sched/sched_waking/hist
+
+ ...
+
+ { comm: ImgDecoder #4 } hitcount: 203
+ { comm: gmain } hitcount: 213
+ { comm: gmain } hitcount: 216
+ { comm: StreamTrans #73 } hitcount: 221
+ { comm: mozStorage #3 } hitcount: 230
+ { comm: gdbus } hitcount: 233
+ { comm: StyleThread#5 } hitcount: 253
+ { comm: gdbus } hitcount: 256
+ { comm: gdbus } hitcount: 260
+ { comm: StyleThread#4 } hitcount: 271
+
+ ...
+
+ # cat /sys/kernel/debug/tracing/events/sched/sched_waking/hist | egrep gdbus | wc -l
+ 51
+
+After:
+
+ # cat /sys/kernel/debug/tracing/events/sched/sched_waking/hist | egrep gdbus | wc -l
+ 1
+
+Link: http://lkml.kernel.org/r/50c35ae1267d64eee975b8125e151e600071d4dc.1549309756.git.tom.zanussi@linux.intel.com
+
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: stable@vger.kernel.org
+Fixes: 79e577cbce4c4 ("tracing: Support string type key properly")
+Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/trace/trace_events_hist.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/kernel/trace/trace_events_hist.c
++++ b/kernel/trace/trace_events_hist.c
+@@ -872,9 +872,10 @@ static inline void add_to_key(char *comp
+ /* ensure NULL-termination */
+ if (size > key_field->size - 1)
+ size = key_field->size - 1;
+- }
+
+- memcpy(compound_key + key_field->offset, key, size);
++ strncpy(compound_key + key_field->offset, (char *)key, size);
++ } else
++ memcpy(compound_key + key_field->offset, key, size);
+ }
+
+ static void event_hist_trigger(struct event_trigger_data *data, void *rec)
--- /dev/null
+From 01bd2ac2f55a1916d81dace12fa8d7ae1c79b5ea Mon Sep 17 00:00:00 2001
+From: Juergen Gross <jgross@suse.com>
+Date: Thu, 7 Mar 2019 10:11:19 +0100
+Subject: xen: fix dom0 boot on huge systems
+
+From: Juergen Gross <jgross@suse.com>
+
+commit 01bd2ac2f55a1916d81dace12fa8d7ae1c79b5ea upstream.
+
+Commit f7c90c2aa40048 ("x86/xen: don't write ptes directly in 32-bit
+PV guests") introduced a regression for booting dom0 on huge systems
+with lots of RAM (in the TB range).
+
+Reason is that on those hosts the p2m list needs to be moved early in
+the boot process and this requires temporary page tables to be created.
+Said commit modified xen_set_pte_init() to use a hypercall for writing
+a PTE, but this requires the page table being in the direct mapped
+area, which is not the case for the temporary page tables used in
+xen_relocate_p2m().
+
+As the page tables are completely written before being linked to the
+actual address space instead of set_pte() a plain write to memory can
+be used in xen_relocate_p2m().
+
+Fixes: f7c90c2aa40048 ("x86/xen: don't write ptes directly in 32-bit PV guests")
+Cc: stable@vger.kernel.org
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/xen/mmu_pv.c | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
+
+--- a/arch/x86/xen/mmu_pv.c
++++ b/arch/x86/xen/mmu_pv.c
+@@ -2080,10 +2080,10 @@ void __init xen_relocate_p2m(void)
+ pt = early_memremap(pt_phys, PAGE_SIZE);
+ clear_page(pt);
+ for (idx_pte = 0;
+- idx_pte < min(n_pte, PTRS_PER_PTE);
+- idx_pte++) {
+- set_pte(pt + idx_pte,
+- pfn_pte(p2m_pfn, PAGE_KERNEL));
++ idx_pte < min(n_pte, PTRS_PER_PTE);
++ idx_pte++) {
++ pt[idx_pte] = pfn_pte(p2m_pfn,
++ PAGE_KERNEL);
+ p2m_pfn++;
+ }
+ n_pte -= PTRS_PER_PTE;
+@@ -2091,8 +2091,7 @@ void __init xen_relocate_p2m(void)
+ make_lowmem_page_readonly(__va(pt_phys));
+ pin_pagetable_pfn(MMUEXT_PIN_L1_TABLE,
+ PFN_DOWN(pt_phys));
+- set_pmd(pmd + idx_pt,
+- __pmd(_PAGE_TABLE | pt_phys));
++ pmd[idx_pt] = __pmd(_PAGE_TABLE | pt_phys);
+ pt_phys += PAGE_SIZE;
+ }
+ n_pt -= PTRS_PER_PMD;
+@@ -2100,7 +2099,7 @@ void __init xen_relocate_p2m(void)
+ make_lowmem_page_readonly(__va(pmd_phys));
+ pin_pagetable_pfn(MMUEXT_PIN_L2_TABLE,
+ PFN_DOWN(pmd_phys));
+- set_pud(pud + idx_pmd, __pud(_PAGE_TABLE | pmd_phys));
++ pud[idx_pmd] = __pud(_PAGE_TABLE | pmd_phys);
+ pmd_phys += PAGE_SIZE;
+ }
+ n_pmd -= PTRS_PER_PUD;
projects / thirdparty / kernel / stable-queue.git / commitdiff
