--- /dev/null
+From 3aaf33bebda8d4ffcc0fc8ef39e6c1ac68823b11 Mon Sep 17 00:00:00 2001
+From: Russell King <rmk+kernel@armlinux.org.uk>
+Date: Mon, 27 Nov 2017 11:22:42 +0000
+Subject: ARM: avoid faulting on qemu
+
+From: Russell King <rmk+kernel@armlinux.org.uk>
+
+commit 3aaf33bebda8d4ffcc0fc8ef39e6c1ac68823b11 upstream.
+
+When qemu starts a kernel in a bare environment, the default SCR has
+the AW and FW bits clear, which means that the kernel can't modify
+the PSR A or PSR F bits, and means that FIQs and imprecise aborts are
+always masked.
+
+When running uboot under qemu, the AW and FW SCR bits are set, and the
+kernel functions normally - and this is how real hardware behaves.
+
+Fix this for qemu by ignoring the FIQ bit.
+
+Fixes: 8bafae202c82 ("ARM: BUG if jumping to usermode address in kernel mode")
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Cc: Alex Shi <alex.shi@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/kernel/entry-header.S | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/arm/kernel/entry-header.S
++++ b/arch/arm/kernel/entry-header.S
+@@ -300,7 +300,7 @@
+ mov r2, sp
+ ldr r1, [r2, #\offset + S_PSR] @ get calling cpsr
+ ldr lr, [r2, #\offset + S_PC]! @ get pc
+- tst r1, #0xcf
++ tst r1, #PSR_I_BIT | 0x0f
+ bne 1f
+ msr spsr_cxsf, r1 @ save in spsr_svc
+ #if defined(CONFIG_CPU_V6) || defined(CONFIG_CPU_32v6K)
+@@ -332,7 +332,7 @@
+ ldr r1, [sp, #\offset + S_PSR] @ get calling cpsr
+ ldr lr, [sp, #\offset + S_PC] @ get pc
+ add sp, sp, #\offset + S_SP
+- tst r1, #0xcf
++ tst r1, #PSR_I_BIT | 0x0f
+ bne 1f
+ msr spsr_cxsf, r1 @ save in spsr_svc
+
--- /dev/null
+From 8bafae202c82dc257f649ea3c275a0f35ee15113 Mon Sep 17 00:00:00 2001
+From: Russell King <rmk+kernel@armlinux.org.uk>
+Date: Fri, 24 Nov 2017 23:49:34 +0000
+Subject: ARM: BUG if jumping to usermode address in kernel mode
+
+From: Russell King <rmk+kernel@armlinux.org.uk>
+
+commit 8bafae202c82dc257f649ea3c275a0f35ee15113 upstream.
+
+Detect if we are returning to usermode via the normal kernel exit paths
+but the saved PSR value indicates that we are in kernel mode. This
+could occur due to corrupted stack state, which has been observed with
+"ftracetest".
+
+This ensures that we catch the problem case before we get to user code.
+
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Cc: Alex Shi <alex.shi@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/include/asm/assembler.h | 18 ++++++++++++++++++
+ arch/arm/kernel/entry-header.S | 6 ++++++
+ 2 files changed, 24 insertions(+)
+
+--- a/arch/arm/include/asm/assembler.h
++++ b/arch/arm/include/asm/assembler.h
+@@ -518,4 +518,22 @@ THUMB( orr \reg , \reg , #PSR_T_BIT )
+ #endif
+ .endm
+
++ .macro bug, msg, line
++#ifdef CONFIG_THUMB2_KERNEL
++1: .inst 0xde02
++#else
++1: .inst 0xe7f001f2
++#endif
++#ifdef CONFIG_DEBUG_BUGVERBOSE
++ .pushsection .rodata.str, "aMS", %progbits, 1
++2: .asciz "\msg"
++ .popsection
++ .pushsection __bug_table, "aw"
++ .align 2
++ .word 1b, 2b
++ .hword \line
++ .popsection
++#endif
++ .endm
++
+ #endif /* __ASM_ASSEMBLER_H__ */
+--- a/arch/arm/kernel/entry-header.S
++++ b/arch/arm/kernel/entry-header.S
+@@ -300,6 +300,8 @@
+ mov r2, sp
+ ldr r1, [r2, #\offset + S_PSR] @ get calling cpsr
+ ldr lr, [r2, #\offset + S_PC]! @ get pc
++ tst r1, #0xcf
++ bne 1f
+ msr spsr_cxsf, r1 @ save in spsr_svc
+ #if defined(CONFIG_CPU_V6) || defined(CONFIG_CPU_32v6K)
+ @ We must avoid clrex due to Cortex-A15 erratum #830321
+@@ -314,6 +316,7 @@
+ @ after ldm {}^
+ add sp, sp, #\offset + PT_REGS_SIZE
+ movs pc, lr @ return & move spsr_svc into cpsr
++1: bug "Returning to usermode but unexpected PSR bits set?", \@
+ #elif defined(CONFIG_CPU_V7M)
+ @ V7M restore.
+ @ Note that we don't need to do clrex here as clearing the local
+@@ -329,6 +332,8 @@
+ ldr r1, [sp, #\offset + S_PSR] @ get calling cpsr
+ ldr lr, [sp, #\offset + S_PC] @ get pc
+ add sp, sp, #\offset + S_SP
++ tst r1, #0xcf
++ bne 1f
+ msr spsr_cxsf, r1 @ save in spsr_svc
+
+ @ We must avoid clrex due to Cortex-A15 erratum #830321
+@@ -341,6 +346,7 @@
+ .endif
+ add sp, sp, #PT_REGS_SIZE - S_SP
+ movs pc, lr @ return & move spsr_svc into cpsr
++1: bug "Returning to usermode but unexpected PSR bits set?", \@
+ #endif /* !CONFIG_THUMB2_KERNEL */
+ .endm
+
--- /dev/null
+From 6cda075aff67a1b9b5ba1b2818091dc939643b6c Mon Sep 17 00:00:00 2001
+From: LEROY Christophe <christophe.leroy@c-s.fr>
+Date: Fri, 6 Oct 2017 15:04:39 +0200
+Subject: crypto: talitos - fix AEAD for sha224 on non sha224 capable chips
+
+From: LEROY Christophe <christophe.leroy@c-s.fr>
+
+commit 6cda075aff67a1b9b5ba1b2818091dc939643b6c upstream.
+
+sha224 AEAD test fails with:
+
+[ 2.803125] talitos ff020000.crypto: DEUISR 0x00000000_00000000
+[ 2.808743] talitos ff020000.crypto: MDEUISR 0x80100000_00000000
+[ 2.814678] talitos ff020000.crypto: DESCBUF 0x20731f21_00000018
+[ 2.820616] talitos ff020000.crypto: DESCBUF 0x0628d64c_00000010
+[ 2.826554] talitos ff020000.crypto: DESCBUF 0x0631005c_00000018
+[ 2.832492] talitos ff020000.crypto: DESCBUF 0x0628d664_00000008
+[ 2.838430] talitos ff020000.crypto: DESCBUF 0x061b13a0_00000080
+[ 2.844369] talitos ff020000.crypto: DESCBUF 0x0631006c_00000080
+[ 2.850307] talitos ff020000.crypto: DESCBUF 0x0631006c_00000018
+[ 2.856245] talitos ff020000.crypto: DESCBUF 0x063100ec_00000000
+[ 2.884972] talitos ff020000.crypto: failed to reset channel 0
+[ 2.890503] talitos ff020000.crypto: done overflow, internal time out, or rngu error: ISR 0x20000000_00020000
+[ 2.900652] alg: aead: encryption failed on test 1 for authenc-hmac-sha224-cbc-3des-talitos: ret=22
+
+This is due to SHA224 not being supported by the HW. Allthough for
+hash we are able to init the hash context by SW, it is not
+possible for AEAD. Therefore SHA224 AEAD has to be deactivated.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -3068,6 +3068,11 @@ static struct talitos_crypto_alg *talito
+ t_alg->algt.alg.aead.setkey = aead_setkey;
+ t_alg->algt.alg.aead.encrypt = aead_encrypt;
+ t_alg->algt.alg.aead.decrypt = aead_decrypt;
++ if (!(priv->features & TALITOS_FTR_SHA224_HWINIT) &&
++ !strncmp(alg->cra_name, "authenc(hmac(sha224)", 20)) {
++ kfree(t_alg);
++ return ERR_PTR(-ENOTSUPP);
++ }
+ break;
+ case CRYPTO_ALG_TYPE_AHASH:
+ alg = &t_alg->algt.alg.hash.halg.base;
--- /dev/null
+From ec8c7d14acc0a477429d3a6fade5dab72c996c82 Mon Sep 17 00:00:00 2001
+From: LEROY Christophe <christophe.leroy@c-s.fr>
+Date: Fri, 6 Oct 2017 15:04:33 +0200
+Subject: crypto: talitos - fix AEAD test failures
+
+From: LEROY Christophe <christophe.leroy@c-s.fr>
+
+commit ec8c7d14acc0a477429d3a6fade5dab72c996c82 upstream.
+
+AEAD tests fail when destination SG list has more than 1 element.
+
+[ 2.058752] alg: aead: Test 1 failed on encryption for authenc-hmac-sha1-cbc-aes-talitos
+[ 2.066965] 00000000: 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67
+00000010: c0 43 ff 74 c0 43 ff e0 de 83 d1 20 de 84 8e 54
+00000020: de 83 d7 c4
+[ 2.082138] alg: aead: Test 1 failed on encryption for authenc-hmac-sha1-cbc-aes-talitos
+[ 2.090435] 00000000: 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67
+00000010: de 84 ea 58 c0 93 1a 24 de 84 e8 59 de 84 f1 20
+00000020: 00 00 00 00
+[ 2.105721] alg: aead: Test 1 failed on encryption for authenc-hmac-sha1-cbc-3des-talitos
+[ 2.114259] 00000000: 6f 54 20 6f 61 4d 79 6e 53 20 63 65 65 72 73 74
+00000010: 54 20 6f 6f 4d 20 6e 61 20 79 65 53 72 63 74 65
+00000020: 20 73 6f 54 20 6f 61 4d 79 6e 53 20 63 65 65 72
+00000030: 73 74 54 20 6f 6f 4d 20 6e 61 20 79 65 53 72 63
+00000040: 74 65 20 73 6f 54 20 6f 61 4d 79 6e 53 20 63 65
+00000050: 65 72 73 74 54 20 6f 6f 4d 20 6e 61 20 79 65 53
+00000060: 72 63 74 65 20 73 6f 54 20 6f 61 4d 79 6e 53 20
+00000070: 63 65 65 72 73 74 54 20 6f 6f 4d 20 6e 61 0a 79
+00000080: c0 50 f1 ac c0 50 f3 38 c0 50 f3 94 c0 50 f5 30
+00000090: c0 99 74 3c
+[ 2.166410] alg: aead: Test 1 failed on encryption for authenc-hmac-sha1-cbc-3des-talitos
+[ 2.174794] 00000000: 6f 54 20 6f 61 4d 79 6e 53 20 63 65 65 72 73 74
+00000010: 54 20 6f 6f 4d 20 6e 61 20 79 65 53 72 63 74 65
+00000020: 20 73 6f 54 20 6f 61 4d 79 6e 53 20 63 65 65 72
+00000030: 73 74 54 20 6f 6f 4d 20 6e 61 20 79 65 53 72 63
+00000040: 74 65 20 73 6f 54 20 6f 61 4d 79 6e 53 20 63 65
+00000050: 65 72 73 74 54 20 6f 6f 4d 20 6e 61 20 79 65 53
+00000060: 72 63 74 65 20 73 6f 54 20 6f 61 4d 79 6e 53 20
+00000070: 63 65 65 72 73 74 54 20 6f 6f 4d 20 6e 61 0a 79
+00000080: c0 50 f1 ac c0 50 f3 38 c0 50 f3 94 c0 50 f5 30
+00000090: c0 99 74 3c
+[ 2.226486] alg: No test for authenc(hmac(sha224),cbc(aes)) (authenc-hmac-sha224-cbc-aes-talitos)
+[ 2.236459] alg: No test for authenc(hmac(sha224),cbc(aes)) (authenc-hmac-sha224-cbc-aes-talitos)
+[ 2.247196] alg: aead: Test 1 failed on encryption for authenc-hmac-sha224-cbc-3des-talitos
+[ 2.255555] 00000000: 6f 54 20 6f 61 4d 79 6e 53 20 63 65 65 72 73 74
+00000010: 54 20 6f 6f 4d 20 6e 61 20 79 65 53 72 63 74 65
+00000020: 20 73 6f 54 20 6f 61 4d 79 6e 53 20 63 65 65 72
+00000030: 73 74 54 20 6f 6f 4d 20 6e 61 20 79 65 53 72 63
+00000040: 74 65 20 73 6f 54 20 6f 61 4d 79 6e 53 20 63 65
+00000050: 65 72 73 74 54 20 6f 6f 4d 20 6e 61 20 79 65 53
+00000060: 72 63 74 65 20 73 6f 54 20 6f 61 4d 79 6e 53 20
+00000070: 63 65 65 72 73 74 54 20 6f 6f 4d 20 6e 61 0a 79
+00000080: c0 50 f1 ac c0 50 f3 38 c0 50 f3 94 c0 50 f5 30
+00000090: c0 99 74 3c c0 96 e5 b8
+[ 2.309004] alg: aead: Test 1 failed on encryption for authenc-hmac-sha224-cbc-3des-talitos
+[ 2.317562] 00000000: 6f 54 20 6f 61 4d 79 6e 53 20 63 65 65 72 73 74
+00000010: 54 20 6f 6f 4d 20 6e 61 20 79 65 53 72 63 74 65
+00000020: 20 73 6f 54 20 6f 61 4d 79 6e 53 20 63 65 65 72
+00000030: 73 74 54 20 6f 6f 4d 20 6e 61 20 79 65 53 72 63
+00000040: 74 65 20 73 6f 54 20 6f 61 4d 79 6e 53 20 63 65
+00000050: 65 72 73 74 54 20 6f 6f 4d 20 6e 61 20 79 65 53
+00000060: 72 63 74 65 20 73 6f 54 20 6f 61 4d 79 6e 53 20
+00000070: 63 65 65 72 73 74 54 20 6f 6f 4d 20 6e 61 0a 79
+00000080: c0 50 f1 ac c0 50 f3 38 c0 50 f3 94 c0 50 f5 30
+00000090: c0 99 74 3c c0 96 e5 b8
+[ 2.370710] alg: aead: Test 1 failed on encryption for authenc-hmac-sha256-cbc-aes-talitos
+[ 2.379177] 00000000: 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67
+00000010: 54 20 6f 6f 4d 20 6e 61 20 79 65 53 72 63 74 65
+00000020: 20 73 6f 54 20 6f 61 4d 79 6e 53 20 63 65 65 72
+[ 2.397863] alg: aead: Test 1 failed on encryption for authenc-hmac-sha256-cbc-aes-talitos
+[ 2.406134] 00000000: 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67
+00000010: 54 20 6f 6f 4d 20 6e 61 20 79 65 53 72 63 74 65
+00000020: 20 73 6f 54 20 6f 61 4d 79 6e 53 20 63 65 65 72
+[ 2.424789] alg: aead: Test 1 failed on encryption for authenc-hmac-sha256-cbc-3des-talitos
+[ 2.433491] 00000000: 6f 54 20 6f 61 4d 79 6e 53 20 63 65 65 72 73 74
+00000010: 54 20 6f 6f 4d 20 6e 61 20 79 65 53 72 63 74 65
+00000020: 20 73 6f 54 20 6f 61 4d 79 6e 53 20 63 65 65 72
+00000030: 73 74 54 20 6f 6f 4d 20 6e 61 20 79 65 53 72 63
+00000040: 74 65 20 73 6f 54 20 6f 61 4d 79 6e 53 20 63 65
+00000050: 65 72 73 74 54 20 6f 6f 4d 20 6e 61 20 79 65 53
+00000060: 72 63 74 65 20 73 6f 54 20 6f 61 4d 79 6e 53 20
+00000070: 63 65 65 72 73 74 54 20 6f 6f 4d 20 6e 61 0a 79
+00000080: c0 50 f1 ac c0 50 f3 38 c0 50 f3 94 c0 50 f5 30
+00000090: c0 99 74 3c c0 96 e5 b8 c0 96 e9 20 c0 00 3d dc
+[ 2.488832] alg: aead: Test 1 failed on encryption for authenc-hmac-sha256-cbc-3des-talitos
+[ 2.497387] 00000000: 6f 54 20 6f 61 4d 79 6e 53 20 63 65 65 72 73 74
+00000010: 54 20 6f 6f 4d 20 6e 61 20 79 65 53 72 63 74 65
+00000020: 20 73 6f 54 20 6f 61 4d 79 6e 53 20 63 65 65 72
+00000030: 73 74 54 20 6f 6f 4d 20 6e 61 20 79 65 53 72 63
+00000040: 74 65 20 73 6f 54 20 6f 61 4d 79 6e 53 20 63 65
+00000050: 65 72 73 74 54 20 6f 6f 4d 20 6e 61 20 79 65 53
+00000060: 72 63 74 65 20 73 6f 54 20 6f 61 4d 79 6e 53 20
+00000070: 63 65 65 72 73 74 54 20 6f 6f 4d 20 6e 61 0a 79
+00000080: c0 50 f1 ac c0 50 f3 38 c0 50 f3 94 c0 50 f5 30
+00000090: c0 99 74 3c c0 96 e5 b8 c0 96 e9 20 c0 00 3d dc
+
+This patch fixes that.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -1232,12 +1232,11 @@ static int ipsec_esp(struct talitos_edes
+ sg_link_tbl_len += authsize;
+ }
+
+- sg_count = talitos_sg_map(dev, areq->src, cryptlen, edesc,
+- &desc->ptr[4], sg_count, areq->assoclen,
+- tbl_off);
++ ret = talitos_sg_map(dev, areq->src, cryptlen, edesc, &desc->ptr[4],
++ sg_count, areq->assoclen, tbl_off);
+
+- if (sg_count > 1) {
+- tbl_off += sg_count;
++ if (ret > 1) {
++ tbl_off += ret;
+ sync_needed = true;
+ }
+
--- /dev/null
+From 70d355ccea899dad47dc22d3a4406998f55143fd Mon Sep 17 00:00:00 2001
+From: LEROY Christophe <christophe.leroy@c-s.fr>
+Date: Fri, 6 Oct 2017 15:04:43 +0200
+Subject: crypto: talitos - fix ctr-aes-talitos
+
+From: LEROY Christophe <christophe.leroy@c-s.fr>
+
+commit 70d355ccea899dad47dc22d3a4406998f55143fd upstream.
+
+ctr-aes-talitos test fails as follows on SEC2
+
+[ 0.837427] alg: skcipher: Test 1 failed (invalid result) on encryption for ctr-aes-talitos
+[ 0.845763] 00000000: 16 36 d5 ee 34 f8 06 25 d7 7f 8e 56 ca 88 43 45
+[ 0.852345] 00000010: f9 3f f7 17 2a b2 12 23 30 43 09 15 82 dd e1 97
+[ 0.858940] 00000020: a7 f7 32 b5 eb 25 06 13 9a ec f5 29 25 f8 4d 66
+[ 0.865366] 00000030: b0 03 5b 8e aa 9a 42 b6 19 33 8a e2 9d 65 96 95
+
+This patch fixes the descriptor type which is special for CTR AES
+
+Fixes: 5e75ae1b3cef6 ("crypto: talitos - add new crypto modes")
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -2635,7 +2635,7 @@ static struct talitos_alg_template drive
+ .ivsize = AES_BLOCK_SIZE,
+ }
+ },
+- .desc_hdr_template = DESC_HDR_TYPE_COMMON_NONSNOOP_NO_AFEU |
++ .desc_hdr_template = DESC_HDR_TYPE_AESU_CTR_NONSNOOP |
+ DESC_HDR_SEL0_AESU |
+ DESC_HDR_MODE0_AESU_CTR,
+ },
--- /dev/null
+From e04a61bebc5da1535b6f194b464295b8d558e2fc Mon Sep 17 00:00:00 2001
+From: LEROY Christophe <christophe.leroy@c-s.fr>
+Date: Fri, 6 Oct 2017 15:04:35 +0200
+Subject: crypto: talitos - fix memory corruption on SEC2
+
+From: LEROY Christophe <christophe.leroy@c-s.fr>
+
+commit e04a61bebc5da1535b6f194b464295b8d558e2fc upstream.
+
+On SEC2, when using the old descriptors type (hmac snoop no afeu)
+for doing IPsec, the CICV out pointeur points out of the allocated
+memory.
+
+[ 2.502554] =============================================================================
+[ 2.510740] BUG dma-kmalloc-256 (Not tainted): Redzone overwritten
+[ 2.516907] -----------------------------------------------------------------------------
+[ 2.516907]
+[ 2.526535] Disabling lock debugging due to kernel taint
+[ 2.531845] INFO: 0xde858108-0xde85810b. First byte 0xf8 instead of 0xcc
+[ 2.538549] INFO: Allocated in 0x806181a9 age=0 cpu=0 pid=58
+[ 2.544229] __kmalloc+0x374/0x564
+[ 2.547649] talitos_edesc_alloc+0x17c/0x48c
+[ 2.551929] aead_edesc_alloc+0x80/0x154
+[ 2.555863] aead_encrypt+0x30/0xe0
+[ 2.559368] __test_aead+0x5a0/0x1f3c
+[ 2.563042] test_aead+0x2c/0x110
+[ 2.566371] alg_test_aead+0x5c/0xf4
+[ 2.569958] alg_test+0x1dc/0x5a0
+[ 2.573305] cryptomgr_test+0x50/0x70
+[ 2.576984] kthread+0xd8/0x134
+[ 2.580155] ret_from_kernel_thread+0x5c/0x64
+[ 2.584534] INFO: Freed in ipsec_esp_encrypt_done+0x130/0x240 age=6 cpu=0 pid=0
+[ 2.591839] ipsec_esp_encrypt_done+0x130/0x240
+[ 2.596395] flush_channel+0x1dc/0x488
+[ 2.600161] talitos2_done_4ch+0x30/0x200
+[ 2.604185] tasklet_action+0xa0/0x13c
+[ 2.607948] __do_softirq+0x148/0x6cc
+[ 2.611623] irq_exit+0xc0/0x124
+[ 2.614869] call_do_irq+0x24/0x3c
+[ 2.618292] do_IRQ+0x78/0x108
+[ 2.621369] ret_from_except+0x0/0x14
+[ 2.625055] finish_task_switch+0x58/0x350
+[ 2.629165] schedule+0x80/0x134
+[ 2.632409] schedule_preempt_disabled+0x38/0xc8
+[ 2.637042] cpu_startup_entry+0xe4/0x190
+[ 2.641074] start_kernel+0x3f4/0x408
+[ 2.644741] 0x3438
+[ 2.646857] INFO: Slab 0xdffbdb00 objects=9 used=1 fp=0xde8581c0 flags=0x0080
+[ 2.653978] INFO: Object 0xde858008 @offset=8 fp=0xca4395df
+[ 2.653978]
+[ 2.661032] Redzone de858000: cc cc cc cc cc cc cc cc ........
+[ 2.669029] Object de858008: 00 00 00 02 00 00 00 02 00 6b 6b 6b 1e 83 ea 28 .........kkk...(
+[ 2.677628] Object de858018: 00 00 00 70 1e 85 80 64 ff 73 1d 21 6b 6b 6b 6b ...p...d.s.!kkkk
+[ 2.686228] Object de858028: 00 20 00 00 1e 84 17 24 00 10 00 00 1e 85 70 00 . .....$......p.
+[ 2.694829] Object de858038: 00 18 00 00 1e 84 17 44 00 08 00 00 1e 83 ea 28 .......D.......(
+[ 2.703430] Object de858048: 00 80 00 00 1e 84 f0 00 00 80 00 00 1e 85 70 10 ..............p.
+[ 2.712030] Object de858058: 00 20 6b 00 1e 85 80 f4 6b 6b 6b 6b 00 80 02 00 . k.....kkkk....
+[ 2.720629] Object de858068: 1e 84 f0 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b ....kkkkkkkkkkkk
+[ 2.729230] Object de858078: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
+[ 2.737830] Object de858088: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
+[ 2.746429] Object de858098: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
+[ 2.755029] Object de8580a8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
+[ 2.763628] Object de8580b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
+[ 2.772229] Object de8580c8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
+[ 2.780829] Object de8580d8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
+[ 2.789430] Object de8580e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 73 b0 ea 9f kkkkkkkkkkkks...
+[ 2.798030] Object de8580f8: e8 18 80 d6 56 38 44 c0 db e3 4f 71 f7 ce d1 d3 ....V8D...Oq....
+[ 2.806629] Redzone de858108: f8 bd 3e 4f ..>O
+[ 2.814279] Padding de8581b0: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
+[ 2.822283] CPU: 0 PID: 0 Comm: swapper Tainted: G B 4.9.50-g995be12679 #179
+[ 2.831819] Call Trace:
+[ 2.834301] [dffefd20] [c01aa9a8] check_bytes_and_report+0x100/0x194 (unreliable)
+[ 2.841801] [dffefd50] [c01aac3c] check_object+0x200/0x530
+[ 2.847306] [dffefd80] [c01ae584] free_debug_processing+0x290/0x690
+[ 2.853585] [dffefde0] [c01aec8c] __slab_free+0x308/0x628
+[ 2.859000] [dffefe80] [c05057f4] ipsec_esp_encrypt_done+0x130/0x240
+[ 2.865378] [dffefeb0] [c05002c4] flush_channel+0x1dc/0x488
+[ 2.870968] [dffeff10] [c05007a8] talitos2_done_4ch+0x30/0x200
+[ 2.876814] [dffeff30] [c002fe38] tasklet_action+0xa0/0x13c
+[ 2.882399] [dffeff60] [c002f118] __do_softirq+0x148/0x6cc
+[ 2.887896] [dffeffd0] [c002f954] irq_exit+0xc0/0x124
+[ 2.892968] [dffefff0] [c0013adc] call_do_irq+0x24/0x3c
+[ 2.898213] [c0d4be00] [c000757c] do_IRQ+0x78/0x108
+[ 2.903113] [c0d4be30] [c0015c08] ret_from_except+0x0/0x14
+[ 2.908634] --- interrupt: 501 at finish_task_switch+0x70/0x350
+[ 2.908634] LR = finish_task_switch+0x58/0x350
+[ 2.919327] [c0d4bf20] [c085e1d4] schedule+0x80/0x134
+[ 2.924398] [c0d4bf50] [c085e2c0] schedule_preempt_disabled+0x38/0xc8
+[ 2.930853] [c0d4bf60] [c007f064] cpu_startup_entry+0xe4/0x190
+[ 2.936707] [c0d4bfb0] [c096c434] start_kernel+0x3f4/0x408
+[ 2.942198] [c0d4bff0] [00003438] 0x3438
+[ 2.946137] FIX dma-kmalloc-256: Restoring 0xde858108-0xde85810b=0xcc
+[ 2.946137]
+[ 2.954158] FIX dma-kmalloc-256: Object at 0xde858008 not freed
+
+This patch reworks the handling of the CICV out in order
+to properly handle all cases.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 42 ++++++++++++++++++++++++++++--------------
+ 1 file changed, 28 insertions(+), 14 deletions(-)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -1247,14 +1247,15 @@ static int ipsec_esp(struct talitos_edes
+ dma_map_sg(dev, areq->dst, sg_count, DMA_FROM_DEVICE);
+ }
+
+- sg_count = talitos_sg_map(dev, areq->dst, cryptlen, edesc,
+- &desc->ptr[5], sg_count, areq->assoclen,
+- tbl_off);
++ ret = talitos_sg_map(dev, areq->dst, cryptlen, edesc, &desc->ptr[5],
++ sg_count, areq->assoclen, tbl_off);
+
+ if (desc->hdr & DESC_HDR_TYPE_IPSEC_ESP)
+ to_talitos_ptr_ext_or(&desc->ptr[5], authsize, is_sec1);
+
+- if (sg_count > 1) {
++ /* ICV data */
++ if (ret > 1) {
++ tbl_off += ret;
+ edesc->icv_ool = true;
+ sync_needed = true;
+
+@@ -1264,9 +1265,7 @@ static int ipsec_esp(struct talitos_edes
+ sizeof(struct talitos_ptr) + authsize;
+
+ /* Add an entry to the link table for ICV data */
+- tbl_ptr += sg_count - 1;
+- to_talitos_ptr_ext_set(tbl_ptr, 0, is_sec1);
+- tbl_ptr++;
++ to_talitos_ptr_ext_set(tbl_ptr - 1, 0, is_sec1);
+ to_talitos_ptr_ext_set(tbl_ptr, DESC_PTR_LNKTBL_RETURN,
+ is_sec1);
+ to_talitos_ptr_len(tbl_ptr, authsize, is_sec1);
+@@ -1274,18 +1273,33 @@ static int ipsec_esp(struct talitos_edes
+ /* icv data follows link tables */
+ to_talitos_ptr(tbl_ptr, edesc->dma_link_tbl + offset,
+ is_sec1);
++ } else {
++ dma_addr_t addr = edesc->dma_link_tbl;
++
++ if (is_sec1)
++ addr += areq->assoclen + cryptlen;
++ else
++ addr += sizeof(struct talitos_ptr) * tbl_off;
++
++ to_talitos_ptr(&desc->ptr[6], addr, is_sec1);
++ to_talitos_ptr_len(&desc->ptr[6], authsize, is_sec1);
++ }
++ } else if (!(desc->hdr & DESC_HDR_TYPE_IPSEC_ESP)) {
++ ret = talitos_sg_map(dev, areq->dst, authsize, edesc,
++ &desc->ptr[6], sg_count, areq->assoclen +
++ cryptlen,
++ tbl_off);
++ if (ret > 1) {
++ tbl_off += ret;
++ edesc->icv_ool = true;
++ sync_needed = true;
++ } else {
++ edesc->icv_ool = false;
+ }
+ } else {
+ edesc->icv_ool = false;
+ }
+
+- /* ICV data */
+- if (!(desc->hdr & DESC_HDR_TYPE_IPSEC_ESP)) {
+- to_talitos_ptr_len(&desc->ptr[6], authsize, is_sec1);
+- to_talitos_ptr(&desc->ptr[6], edesc->dma_link_tbl +
+- areq->assoclen + cryptlen, is_sec1);
+- }
+-
+ /* iv out */
+ if (desc->hdr & DESC_HDR_TYPE_IPSEC_ESP)
+ map_single_talitos_ptr(dev, &desc->ptr[6], ivsize, ctx->iv,
--- /dev/null
+From f384cdc4faf350fdb6ad93c5f26952b9ba7c7566 Mon Sep 17 00:00:00 2001
+From: LEROY Christophe <christophe.leroy@c-s.fr>
+Date: Fri, 6 Oct 2017 15:04:37 +0200
+Subject: crypto: talitos - fix setkey to check key weakness
+
+From: LEROY Christophe <christophe.leroy@c-s.fr>
+
+commit f384cdc4faf350fdb6ad93c5f26952b9ba7c7566 upstream.
+
+Crypto manager test report the following failures:
+[ 3.061081] alg: skcipher: setkey failed on test 5 for ecb-des-talitos: flags=100
+[ 3.069342] alg: skcipher-ddst: setkey failed on test 5 for ecb-des-talitos: flags=100
+[ 3.077754] alg: skcipher-ddst: setkey failed on test 5 for ecb-des-talitos: flags=100
+
+This is due to setkey being expected to detect weak keys.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -1507,12 +1507,20 @@ static int ablkcipher_setkey(struct cryp
+ const u8 *key, unsigned int keylen)
+ {
+ struct talitos_ctx *ctx = crypto_ablkcipher_ctx(cipher);
++ u32 tmp[DES_EXPKEY_WORDS];
+
+ if (keylen > TALITOS_MAX_KEY_SIZE) {
+ crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
+ return -EINVAL;
+ }
+
++ if (unlikely(crypto_ablkcipher_get_flags(cipher) &
++ CRYPTO_TFM_REQ_WEAK_KEY) &&
++ !des_ekey(tmp, key)) {
++ crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_WEAK_KEY);
++ return -EINVAL;
++ }
++
+ memcpy(&ctx->key, key, keylen);
+ ctx->keylen = keylen;
+
--- /dev/null
+From fbb22137c4d9bab536958b152d096fb3f98020ea Mon Sep 17 00:00:00 2001
+From: LEROY Christophe <christophe.leroy@c-s.fr>
+Date: Fri, 6 Oct 2017 15:04:41 +0200
+Subject: crypto: talitos - fix use of sg_link_tbl_len
+
+From: LEROY Christophe <christophe.leroy@c-s.fr>
+
+commit fbb22137c4d9bab536958b152d096fb3f98020ea upstream.
+
+sg_link_tbl_len shall be used instead of cryptlen, otherwise
+SECs which perform HW CICV verification will fail.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/talitos.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -1232,8 +1232,8 @@ static int ipsec_esp(struct talitos_edes
+ sg_link_tbl_len += authsize;
+ }
+
+- ret = talitos_sg_map(dev, areq->src, cryptlen, edesc, &desc->ptr[4],
+- sg_count, areq->assoclen, tbl_off);
++ ret = talitos_sg_map(dev, areq->src, sg_link_tbl_len, edesc,
++ &desc->ptr[4], sg_count, areq->assoclen, tbl_off);
+
+ if (ret > 1) {
+ tbl_off += ret;
bus-arm-ccn-fix-module-unloading-error-removing-state-147-which-has-instances-left.patch
ib-core-avoid-unnecessary-return-value-check.patch
ib-core-only-enforce-security-for-infiniband.patch
+crypto-talitos-fix-aead-test-failures.patch
+crypto-talitos-fix-memory-corruption-on-sec2.patch
+crypto-talitos-fix-setkey-to-check-key-weakness.patch
+crypto-talitos-fix-aead-for-sha224-on-non-sha224-capable-chips.patch
+crypto-talitos-fix-use-of-sg_link_tbl_len.patch
+crypto-talitos-fix-ctr-aes-talitos.patch
+arm-bug-if-jumping-to-usermode-address-in-kernel-mode.patch
+arm-avoid-faulting-on-qemu.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
