--- /dev/null
+From 7c8d51848a88aafdb68f42b6b650c83485ea2f84 Mon Sep 17 00:00:00 2001
+From: Mathias Krause <minipli@googlemail.com>
+Date: Wed, 30 May 2012 01:43:08 +0200
+Subject: crypto: aesni-intel - fix unaligned cbc decrypt for x86-32
+
+From: Mathias Krause <minipli@googlemail.com>
+
+commit 7c8d51848a88aafdb68f42b6b650c83485ea2f84 upstream.
+
+The 32 bit variant of cbc(aes) decrypt is using instructions requiring
+128 bit aligned memory locations but fails to ensure this constraint in
+the code. Fix this by loading the data into intermediate registers with
+load unaligned instructions.
+
+This fixes reported general protection faults related to aesni.
+
+References: https://bugzilla.kernel.org/show_bug.cgi?id=43223
+Reported-by: Daniel <garkein@mailueberfall.de>
+Signed-off-by: Mathias Krause <minipli@googlemail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/crypto/aesni-intel_asm.S | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/crypto/aesni-intel_asm.S
++++ b/arch/x86/crypto/aesni-intel_asm.S
+@@ -2460,10 +2460,12 @@ ENTRY(aesni_cbc_dec)
+ pxor IN3, STATE4
+ movaps IN4, IV
+ #else
+- pxor (INP), STATE2
+- pxor 0x10(INP), STATE3
+ pxor IN1, STATE4
+ movaps IN2, IV
++ movups (INP), IN1
++ pxor IN1, STATE2
++ movups 0x10(INP), IN2
++ pxor IN2, STATE3
+ #endif
+ movups STATE1, (OUTP)
+ movups STATE2, 0x10(OUTP)
--- /dev/null
+From 121daad8fd1dce63076fa55aaedd5dc3f981b334 Mon Sep 17 00:00:00 2001
+From: Peter Korsgaard <jacmet@sunsite.dk>
+Date: Thu, 31 May 2012 20:53:08 +1000
+Subject: hwrng: atmel-rng - fix race condition leading to repeated bits
+
+From: Peter Korsgaard <jacmet@sunsite.dk>
+
+commit 121daad8fd1dce63076fa55aaedd5dc3f981b334 upstream.
+
+Data valid gets cleared by reading the ISR (status register) and NOT from
+reading ODATA (data register). A new data word can become available between
+checking ISR and reading ODATA, causing us to reuse the same data word next
+time atmel_trng_read() gets called, if that happens before the following
+data word is ready.
+
+With this fixed, rngtest no longer complains of 'Continous run' errors.
+Before:
+
+rngtest -c 1000 < /dev/hwrng
+rngtest 3
+Copyright (c) 2004 by Henrique de Moraes Holschuh
+This is free software; see the source for copying conditions. There is NO warr.
+
+rngtest: starting FIPS tests...
+rngtest: bits received from input: 20000032
+rngtest: FIPS 140-2 successes: 923
+rngtest: FIPS 140-2 failures: 77
+rngtest: FIPS 140-2(2001-10-10) Monobit: 0
+rngtest: FIPS 140-2(2001-10-10) Poker: 0
+rngtest: FIPS 140-2(2001-10-10) Runs: 1
+rngtest: FIPS 140-2(2001-10-10) Long run: 0
+rngtest: FIPS 140-2(2001-10-10) Continuous run: 76
+rngtest: input channel speed: (min=721.402; avg=46003.510; max=49321.338)Kibitss
+rngtest: FIPS tests speed: (min=11.442; avg=12.714; max=12.801)Mibits/s
+rngtest: Program run time: 1931860 microseconds
+
+After:
+
+rngtest -c 1000 < /dev/hwrng
+rngtest 3
+Copyright (c) 2004 by Henrique de Moraes Holschuh
+This is free software; see the source for copying conditions. There is NO warr.
+
+rngtest: starting FIPS tests...
+rngtest: bits received from input: 20000032
+rngtest: FIPS 140-2 successes: 1000
+rngtest: FIPS 140-2 failures: 0
+rngtest: FIPS 140-2(2001-10-10) Monobit: 0
+rngtest: FIPS 140-2(2001-10-10) Poker: 0
+rngtest: FIPS 140-2(2001-10-10) Runs: 0
+rngtest: FIPS 140-2(2001-10-10) Long run: 0
+rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
+rngtest: input channel speed: (min=777.518; avg=36988.482; max=43115.342)Kibitss
+rngtest: FIPS tests speed: (min=11.951; avg=12.715; max=12.887)Mibits/s
+rngtest: Program run time: 2035543 microseconds
+
+Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
+Reported-by: George Pontis <GPontis@z9.com>
+Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/hw_random/atmel-rng.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/drivers/char/hw_random/atmel-rng.c
++++ b/drivers/char/hw_random/atmel-rng.c
+@@ -36,6 +36,13 @@ static int atmel_trng_read(struct hwrng
+ /* data ready? */
+ if (readl(trng->base + TRNG_ODATA) & 1) {
+ *data = readl(trng->base + TRNG_ODATA);
++ /*
++ ensure data ready is only set again AFTER the next data
++ word is ready in case it got set between checking ISR
++ and reading ODATA, so we don't risk re-reading the
++ same word
++ */
++ readl(trng->base + TRNG_ISR);
+ return 4;
+ } else
+ return 0;