--- /dev/null
+From 42cfcafb91dabb0f9d9e08396c39824535948c67 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Horia=20Geant=C4=83?= <horia.geanta@nxp.com>
+Date: Mon, 19 Jun 2017 11:44:45 +0300
+Subject: crypto: caam - fix gfp allocation flags (part I)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Horia Geantă <horia.geanta@nxp.com>
+
+commit 42cfcafb91dabb0f9d9e08396c39824535948c67 upstream.
+
+Changes in the SW cts (ciphertext stealing) code in
+commit 0605c41cc53ca ("crypto: cts - Convert to skcipher")
+revealed a problem in the CAAM driver:
+when cts(cbc(aes)) is executed and cts runs in SW,
+cbc(aes) is offloaded in CAAM; cts encrypts the last block
+in atomic context and CAAM incorrectly decides to use GFP_KERNEL
+for memory allocation.
+
+Fix this by allowing GFP_KERNEL (sleeping) only when MAY_SLEEP flag is
+set, i.e. remove MAY_BACKLOG flag.
+
+We split the fix in two parts - first is sent to -stable, while the
+second is not (since there is no known failure case).
+
+Link: http://lkml.kernel.org/g/20170602122446.2427-1-david@sigma-star.at
+Reported-by: David Gstir <david@sigma-star.at>
+Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/caam/caamalg.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/crypto/caam/caamalg.c
++++ b/drivers/crypto/caam/caamalg.c
+@@ -2601,8 +2601,7 @@ static struct ablkcipher_edesc *ablkciph
+ struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req);
+ struct caam_ctx *ctx = crypto_ablkcipher_ctx(ablkcipher);
+ struct device *jrdev = ctx->jrdev;
+- gfp_t flags = (req->base.flags & (CRYPTO_TFM_REQ_MAY_BACKLOG |
+- CRYPTO_TFM_REQ_MAY_SLEEP)) ?
++ gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
+ GFP_KERNEL : GFP_ATOMIC;
+ int src_nents, dst_nents = 0, sec4_sg_bytes;
+ struct ablkcipher_edesc *edesc;
--- /dev/null
+From fec17cb2231733174e039ad9054fa16bb358e2ec Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Sun, 11 Jun 2017 23:20:23 +0200
+Subject: crypto: rsa-pkcs1pad - use constant time memory comparison for MACs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Jason A. Donenfeld <Jason@zx2c4.com>
+
+commit fec17cb2231733174e039ad9054fa16bb358e2ec upstream.
+
+Otherwise, we enable all sorts of forgeries via timing attack.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+Suggested-by: Stephan Müller <smueller@chronox.de>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: linux-crypto@vger.kernel.org
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/rsa-pkcs1pad.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/crypto/rsa-pkcs1pad.c
++++ b/crypto/rsa-pkcs1pad.c
+@@ -496,7 +496,7 @@ static int pkcs1pad_verify_complete(stru
+ goto done;
+ pos++;
+
+- if (memcmp(out_buf + pos, digest_info->data, digest_info->size))
++ if (crypto_memneq(out_buf + pos, digest_info->data, digest_info->size))
+ goto done;
+
+ pos += digest_info->size;
--- /dev/null
+From 1ea1516fbbab2b30bf98c534ecaacba579a35208 Mon Sep 17 00:00:00 2001
+From: Chao Yu <yuchao0@huawei.com>
+Date: Fri, 23 Jun 2017 01:08:22 -0400
+Subject: ext4: check return value of kstrtoull correctly in reserved_clusters_store
+
+From: Chao Yu <yuchao0@huawei.com>
+
+commit 1ea1516fbbab2b30bf98c534ecaacba579a35208 upstream.
+
+kstrtoull returns 0 on success, however, in reserved_clusters_store we
+will return -EINVAL if kstrtoull returns 0, it makes us fail to update
+reserved_clusters value through sysfs.
+
+Fixes: 76d33bca5581b1dd5c3157fa168db849a784ada4
+Signed-off-by: Chao Yu <yuchao0@huawei.com>
+Signed-off-by: Miao Xie <miaoxie@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/sysfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/ext4/sysfs.c
++++ b/fs/ext4/sysfs.c
+@@ -100,7 +100,7 @@ static ssize_t reserved_clusters_store(s
+ int ret;
+
+ ret = kstrtoull(skip_spaces(buf), 0, &val);
+- if (!ret || val >= clusters)
++ if (ret || val >= clusters)
+ return -EINVAL;
+
+ atomic64_set(&sbi->s_resv_clusters, val);
--- /dev/null
+From 5a91206ff0d0548939f3e85a65fb76b400fb0e89 Mon Sep 17 00:00:00 2001
+From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>
+Date: Sat, 2 Jul 2016 20:27:46 -0300
+Subject: [media] saa7134: fix warm Medion 7134 EEPROM read
+
+From: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
+
+commit 5a91206ff0d0548939f3e85a65fb76b400fb0e89 upstream.
+
+When saa7134 module driving a Medion 7134 card is reloaded reads of this
+card EEPROM (required for automatic detection of tuner model) will be
+corrupted due to I2C gate in DVB-T demod being left closed.
+This sometimes also happens on first saa7134 module load after a warm
+reboot.
+
+Fix this by opening this I2C gate before doing EEPROM read during i2c
+initialization.
+
+Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
+Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
+Cc: Oliver Hartkopp <socketcan@hartkopp.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/pci/saa7134/saa7134-i2c.c | 31 +++++++++++++++++++++++++++++++
+ 1 file changed, 31 insertions(+)
+
+--- a/drivers/media/pci/saa7134/saa7134-i2c.c
++++ b/drivers/media/pci/saa7134/saa7134-i2c.c
+@@ -355,12 +355,43 @@ static struct i2c_client saa7134_client_
+
+ /* ----------------------------------------------------------- */
+
++/* On Medion 7134 reading EEPROM needs DVB-T demod i2c gate open */
++static void saa7134_i2c_eeprom_md7134_gate(struct saa7134_dev *dev)
++{
++ u8 subaddr = 0x7, dmdregval;
++ u8 data[2];
++ int ret;
++ struct i2c_msg i2cgatemsg_r[] = { {.addr = 0x08, .flags = 0,
++ .buf = &subaddr, .len = 1},
++ {.addr = 0x08,
++ .flags = I2C_M_RD,
++ .buf = &dmdregval, .len = 1}
++ };
++ struct i2c_msg i2cgatemsg_w[] = { {.addr = 0x08, .flags = 0,
++ .buf = data, .len = 2} };
++
++ ret = i2c_transfer(&dev->i2c_adap, i2cgatemsg_r, 2);
++ if ((ret == 2) && (dmdregval & 0x2)) {
++ pr_debug("%s: DVB-T demod i2c gate was left closed\n",
++ dev->name);
++
++ data[0] = subaddr;
++ data[1] = (dmdregval & ~0x2);
++ if (i2c_transfer(&dev->i2c_adap, i2cgatemsg_w, 1) != 1)
++ pr_err("%s: EEPROM i2c gate open failure\n",
++ dev->name);
++ }
++}
++
+ static int
+ saa7134_i2c_eeprom(struct saa7134_dev *dev, unsigned char *eedata, int len)
+ {
+ unsigned char buf;
+ int i,err;
+
++ if (dev->board == SAA7134_BOARD_MD7134)
++ saa7134_i2c_eeprom_md7134_gate(dev);
++
+ dev->i2c_client.addr = 0xa0 >> 1;
+ buf = 0;
+ if (1 != (err = i2c_master_send(&dev->i2c_client,&buf,1))) {
md-fix-super_offset-endianness-in-super_1_rdev_size_change.patch
locking-rwsem-spinlock-fix-eintr-branch-in-__down_write_common.patch
staging-vt6556-vnt_start-fix-missing-call-to-vnt_key_init_table.patch
+staging-comedi-fix-clean-up-of-comedi_class-in-comedi_init.patch
+crypto-caam-fix-gfp-allocation-flags-part-i.patch
+crypto-rsa-pkcs1pad-use-constant-time-memory-comparison-for-macs.patch
+ext4-check-return-value-of-kstrtoull-correctly-in-reserved_clusters_store.patch
+x86-mm-pat-don-t-report-pat-on-cpus-that-don-t-support-it.patch
+saa7134-fix-warm-medion-7134-eeprom-read.patch
--- /dev/null
+From a9332e9ad09c2644c99058fcf6ae2f355e93ce74 Mon Sep 17 00:00:00 2001
+From: Ian Abbott <abbotti@mev.co.uk>
+Date: Fri, 16 Jun 2017 19:35:34 +0100
+Subject: staging: comedi: fix clean-up of comedi_class in comedi_init()
+
+From: Ian Abbott <abbotti@mev.co.uk>
+
+commit a9332e9ad09c2644c99058fcf6ae2f355e93ce74 upstream.
+
+There is a clean-up bug in the core comedi module initialization
+functions, `comedi_init()`. If the `comedi_num_legacy_minors` module
+parameter is non-zero (and valid), it creates that many "legacy" devices
+and registers them in SysFS. A failure causes the function to clean up
+and return an error. Unfortunately, it fails to destroy the "comedi"
+class that was created earlier. Fix it by adding a call to
+`class_destroy(comedi_class)` at the appropriate place in the clean-up
+sequence.
+
+Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/comedi/comedi_fops.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/staging/comedi/comedi_fops.c
++++ b/drivers/staging/comedi/comedi_fops.c
+@@ -2908,6 +2908,7 @@ static int __init comedi_init(void)
+ dev = comedi_alloc_board_minor(NULL);
+ if (IS_ERR(dev)) {
+ comedi_cleanup_board_minors();
++ class_destroy(comedi_class);
+ cdev_del(&comedi_cdev);
+ unregister_chrdev_region(MKDEV(COMEDI_MAJOR, 0),
+ COMEDI_NUM_MINORS);
--- /dev/null
+From 99c13b8c8896d7bcb92753bf0c63a8de4326e78d Mon Sep 17 00:00:00 2001
+From: Mikulas Patocka <mpatocka@redhat.com>
+Date: Tue, 4 Jul 2017 19:04:23 -0400
+Subject: x86/mm/pat: Don't report PAT on CPUs that don't support it
+
+From: Mikulas Patocka <mpatocka@redhat.com>
+
+commit 99c13b8c8896d7bcb92753bf0c63a8de4326e78d upstream.
+
+The pat_enabled() logic is broken on CPUs which do not support PAT and
+where the initialization code fails to call pat_init(). Due to that the
+enabled flag stays true and pat_enabled() returns true wrongfully.
+
+As a consequence the mappings, e.g. for Xorg, are set up with the wrong
+caching mode and the required MTRR setups are omitted.
+
+To cure this the following changes are required:
+
+ 1) Make pat_enabled() return true only if PAT initialization was
+ invoked and successful.
+
+ 2) Invoke init_cache_modes() unconditionally in setup_arch() and
+ remove the extra callsites in pat_disable() and the pat disabled
+ code path in pat_init().
+
+Also rename __pat_enabled to pat_disabled to reflect the real purpose of
+this variable.
+
+Fixes: 9cd25aac1f44 ("x86/mm/pat: Emulate PAT when it is disabled")
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Bernhard Held <berny156@gmx.de>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: "Luis R. Rodriguez" <mcgrof@suse.com>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Link: http://lkml.kernel.org/r/alpine.LRH.2.02.1707041749300.3456@file01.intranet.prod.int.rdu2.redhat.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/pat.h | 1 +
+ arch/x86/kernel/setup.c | 7 +++++++
+ arch/x86/mm/pat.c | 28 ++++++++++++----------------
+ 3 files changed, 20 insertions(+), 16 deletions(-)
+
+--- a/arch/x86/include/asm/pat.h
++++ b/arch/x86/include/asm/pat.h
+@@ -7,6 +7,7 @@
+ bool pat_enabled(void);
+ void pat_disable(const char *reason);
+ extern void pat_init(void);
++extern void init_cache_modes(void);
+
+ extern int reserve_memtype(u64 start, u64 end,
+ enum page_cache_mode req_pcm, enum page_cache_mode *ret_pcm);
+--- a/arch/x86/kernel/setup.c
++++ b/arch/x86/kernel/setup.c
+@@ -1054,6 +1054,13 @@ void __init setup_arch(char **cmdline_p)
+ max_possible_pfn = max_pfn;
+
+ /*
++ * This call is required when the CPU does not support PAT. If
++ * mtrr_bp_init() invoked it already via pat_init() the call has no
++ * effect.
++ */
++ init_cache_modes();
++
++ /*
+ * Define random base addresses for memory sections after max_pfn is
+ * defined and before each memory section base is used.
+ */
+--- a/arch/x86/mm/pat.c
++++ b/arch/x86/mm/pat.c
+@@ -36,14 +36,14 @@
+ #undef pr_fmt
+ #define pr_fmt(fmt) "" fmt
+
+-static bool boot_cpu_done;
+-
+-static int __read_mostly __pat_enabled = IS_ENABLED(CONFIG_X86_PAT);
+-static void init_cache_modes(void);
++static bool __read_mostly boot_cpu_done;
++static bool __read_mostly pat_disabled = !IS_ENABLED(CONFIG_X86_PAT);
++static bool __read_mostly pat_initialized;
++static bool __read_mostly init_cm_done;
+
+ void pat_disable(const char *reason)
+ {
+- if (!__pat_enabled)
++ if (pat_disabled)
+ return;
+
+ if (boot_cpu_done) {
+@@ -51,10 +51,8 @@ void pat_disable(const char *reason)
+ return;
+ }
+
+- __pat_enabled = 0;
++ pat_disabled = true;
+ pr_info("x86/PAT: %s\n", reason);
+-
+- init_cache_modes();
+ }
+
+ static int __init nopat(char *str)
+@@ -66,7 +64,7 @@ early_param("nopat", nopat);
+
+ bool pat_enabled(void)
+ {
+- return !!__pat_enabled;
++ return pat_initialized;
+ }
+ EXPORT_SYMBOL_GPL(pat_enabled);
+
+@@ -204,6 +202,8 @@ static void __init_cache_modes(u64 pat)
+ update_cache_mode_entry(i, cache);
+ }
+ pr_info("x86/PAT: Configuration [0-7]: %s\n", pat_msg);
++
++ init_cm_done = true;
+ }
+
+ #define PAT(x, y) ((u64)PAT_ ## y << ((x)*8))
+@@ -224,6 +224,7 @@ static void pat_bsp_init(u64 pat)
+ }
+
+ wrmsrl(MSR_IA32_CR_PAT, pat);
++ pat_initialized = true;
+
+ __init_cache_modes(pat);
+ }
+@@ -241,10 +242,9 @@ static void pat_ap_init(u64 pat)
+ wrmsrl(MSR_IA32_CR_PAT, pat);
+ }
+
+-static void init_cache_modes(void)
++void init_cache_modes(void)
+ {
+ u64 pat = 0;
+- static int init_cm_done;
+
+ if (init_cm_done)
+ return;
+@@ -286,8 +286,6 @@ static void init_cache_modes(void)
+ }
+
+ __init_cache_modes(pat);
+-
+- init_cm_done = 1;
+ }
+
+ /**
+@@ -305,10 +303,8 @@ void pat_init(void)
+ u64 pat;
+ struct cpuinfo_x86 *c = &boot_cpu_data;
+
+- if (!pat_enabled()) {
+- init_cache_modes();
++ if (pat_disabled)
+ return;
+- }
+
+ if ((c->x86_vendor == X86_VENDOR_INTEL) &&
+ (((c->x86 == 0x6) && (c->x86_model <= 0xd)) ||
projects / thirdparty / kernel / stable-queue.git / commitdiff
