--- /dev/null
+From 9b52d55f4f0e2bb9a34abbcf99e05e17f1b3b281 Mon Sep 17 00:00:00 2001
+From: Vladimir Zapolskiy <vz@mleia.com>
+Date: Sun, 6 Mar 2016 03:21:52 +0200
+Subject: crypto: atmel - fix checks of error code returned by devm_ioremap_resource()
+
+From: Vladimir Zapolskiy <vz@mleia.com>
+
+commit 9b52d55f4f0e2bb9a34abbcf99e05e17f1b3b281 upstream.
+
+The change fixes potential oops while accessing iomem on invalid
+address, if devm_ioremap_resource() fails due to some reason.
+
+The devm_ioremap_resource() function returns ERR_PTR() and never
+returns NULL, which makes useless a following check for NULL.
+
+Signed-off-by: Vladimir Zapolskiy <vz@mleia.com>
+Fixes: b0e8b3417a62 ("crypto: atmel - use devm_xxx() managed function")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/atmel-aes.c | 4 ++--
+ drivers/crypto/atmel-sha.c | 4 ++--
+ drivers/crypto/atmel-tdes.c | 4 ++--
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+--- a/drivers/crypto/atmel-aes.c
++++ b/drivers/crypto/atmel-aes.c
+@@ -2085,9 +2085,9 @@ static int atmel_aes_probe(struct platfo
+ }
+
+ aes_dd->io_base = devm_ioremap_resource(&pdev->dev, aes_res);
+- if (!aes_dd->io_base) {
++ if (IS_ERR(aes_dd->io_base)) {
+ dev_err(dev, "can't ioremap\n");
+- err = -ENOMEM;
++ err = PTR_ERR(aes_dd->io_base);
+ goto res_err;
+ }
+
+--- a/drivers/crypto/atmel-sha.c
++++ b/drivers/crypto/atmel-sha.c
+@@ -1404,9 +1404,9 @@ static int atmel_sha_probe(struct platfo
+ }
+
+ sha_dd->io_base = devm_ioremap_resource(&pdev->dev, sha_res);
+- if (!sha_dd->io_base) {
++ if (IS_ERR(sha_dd->io_base)) {
+ dev_err(dev, "can't ioremap\n");
+- err = -ENOMEM;
++ err = PTR_ERR(sha_dd->io_base);
+ goto res_err;
+ }
+
+--- a/drivers/crypto/atmel-tdes.c
++++ b/drivers/crypto/atmel-tdes.c
+@@ -1417,9 +1417,9 @@ static int atmel_tdes_probe(struct platf
+ }
+
+ tdes_dd->io_base = devm_ioremap_resource(&pdev->dev, tdes_res);
+- if (!tdes_dd->io_base) {
++ if (IS_ERR(tdes_dd->io_base)) {
+ dev_err(dev, "can't ioremap\n");
+- err = -ENOMEM;
++ err = PTR_ERR(tdes_dd->io_base);
+ goto res_err;
+ }
+
--- /dev/null
+From 952bce9792e6bf36fda09c2e5718abb5d9327369 Mon Sep 17 00:00:00 2001
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Tue, 12 Jan 2016 11:17:38 -0600
+Subject: crypto: ccp - Add hash state import and export support
+
+From: Tom Lendacky <thomas.lendacky@amd.com>
+
+commit 952bce9792e6bf36fda09c2e5718abb5d9327369 upstream.
+
+Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")
+added a check to prevent ahash algorithms from successfully registering
+if the import and export functions were not implemented. This prevents
+an oops in the hash_accept function of algif_hash. This commit causes
+the ccp-crypto module SHA support and AES CMAC support from successfully
+registering and causing the ccp-crypto module load to fail because the
+ahash import and export functions are not implemented.
+
+Update the CCP Crypto API support to provide import and export support
+for ahash algorithms.
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/ccp/ccp-crypto-aes-cmac.c | 23 +++++++++++++++++++++++
+ drivers/crypto/ccp/ccp-crypto-sha.c | 23 +++++++++++++++++++++++
+ 2 files changed, 46 insertions(+)
+
+--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
++++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+@@ -220,6 +220,26 @@ static int ccp_aes_cmac_digest(struct ah
+ return ccp_aes_cmac_finup(req);
+ }
+
++static int ccp_aes_cmac_export(struct ahash_request *req, void *out)
++{
++ struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
++ struct ccp_aes_cmac_req_ctx *state = out;
++
++ *state = *rctx;
++
++ return 0;
++}
++
++static int ccp_aes_cmac_import(struct ahash_request *req, const void *in)
++{
++ struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
++ const struct ccp_aes_cmac_req_ctx *state = in;
++
++ *rctx = *state;
++
++ return 0;
++}
++
+ static int ccp_aes_cmac_setkey(struct crypto_ahash *tfm, const u8 *key,
+ unsigned int key_len)
+ {
+@@ -352,10 +372,13 @@ int ccp_register_aes_cmac_algs(struct li
+ alg->final = ccp_aes_cmac_final;
+ alg->finup = ccp_aes_cmac_finup;
+ alg->digest = ccp_aes_cmac_digest;
++ alg->export = ccp_aes_cmac_export;
++ alg->import = ccp_aes_cmac_import;
+ alg->setkey = ccp_aes_cmac_setkey;
+
+ halg = &alg->halg;
+ halg->digestsize = AES_BLOCK_SIZE;
++ halg->statesize = sizeof(struct ccp_aes_cmac_req_ctx);
+
+ base = &halg->base;
+ snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "cmac(aes)");
+--- a/drivers/crypto/ccp/ccp-crypto-sha.c
++++ b/drivers/crypto/ccp/ccp-crypto-sha.c
+@@ -207,6 +207,26 @@ static int ccp_sha_digest(struct ahash_r
+ return ccp_sha_finup(req);
+ }
+
++static int ccp_sha_export(struct ahash_request *req, void *out)
++{
++ struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
++ struct ccp_sha_req_ctx *state = out;
++
++ *state = *rctx;
++
++ return 0;
++}
++
++static int ccp_sha_import(struct ahash_request *req, const void *in)
++{
++ struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
++ const struct ccp_sha_req_ctx *state = in;
++
++ *rctx = *state;
++
++ return 0;
++}
++
+ static int ccp_sha_setkey(struct crypto_ahash *tfm, const u8 *key,
+ unsigned int key_len)
+ {
+@@ -403,9 +423,12 @@ static int ccp_register_sha_alg(struct l
+ alg->final = ccp_sha_final;
+ alg->finup = ccp_sha_finup;
+ alg->digest = ccp_sha_digest;
++ alg->export = ccp_sha_export;
++ alg->import = ccp_sha_import;
+
+ halg = &alg->halg;
+ halg->digestsize = def->digest_size;
++ halg->statesize = sizeof(struct ccp_sha_req_ctx);
+
+ base = &halg->base;
+ snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name);
--- /dev/null
+From b31dde2a5cb1bf764282abf934266b7193c2bc7c Mon Sep 17 00:00:00 2001
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Tue, 2 Feb 2016 11:38:21 -0600
+Subject: crypto: ccp - Don't assume export/import areas are aligned
+
+From: Tom Lendacky <thomas.lendacky@amd.com>
+
+commit b31dde2a5cb1bf764282abf934266b7193c2bc7c upstream.
+
+Use a local variable for the exported and imported state so that
+alignment is not an issue. On export, set a local variable from the
+request context and then memcpy the contents of the local variable to
+the export memory area. On import, memcpy the import memory area into
+a local variable and then use the local variable to set the request
+context.
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/ccp/ccp-crypto-aes-cmac.c | 26 ++++++++++++++---------
+ drivers/crypto/ccp/ccp-crypto-sha.c | 34 ++++++++++++++++++-------------
+ 2 files changed, 36 insertions(+), 24 deletions(-)
+
+--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
++++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+@@ -223,12 +223,15 @@ static int ccp_aes_cmac_digest(struct ah
+ static int ccp_aes_cmac_export(struct ahash_request *req, void *out)
+ {
+ struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
+- struct ccp_aes_cmac_exp_ctx *state = out;
++ struct ccp_aes_cmac_exp_ctx state;
+
+- state->null_msg = rctx->null_msg;
+- memcpy(state->iv, rctx->iv, sizeof(state->iv));
+- state->buf_count = rctx->buf_count;
+- memcpy(state->buf, rctx->buf, sizeof(state->buf));
++ state.null_msg = rctx->null_msg;
++ memcpy(state.iv, rctx->iv, sizeof(state.iv));
++ state.buf_count = rctx->buf_count;
++ memcpy(state.buf, rctx->buf, sizeof(state.buf));
++
++ /* 'out' may not be aligned so memcpy from local variable */
++ memcpy(out, &state, sizeof(state));
+
+ return 0;
+ }
+@@ -236,12 +239,15 @@ static int ccp_aes_cmac_export(struct ah
+ static int ccp_aes_cmac_import(struct ahash_request *req, const void *in)
+ {
+ struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
+- const struct ccp_aes_cmac_exp_ctx *state = in;
++ struct ccp_aes_cmac_exp_ctx state;
++
++ /* 'in' may not be aligned so memcpy to local variable */
++ memcpy(&state, in, sizeof(state));
+
+- rctx->null_msg = state->null_msg;
+- memcpy(rctx->iv, state->iv, sizeof(rctx->iv));
+- rctx->buf_count = state->buf_count;
+- memcpy(rctx->buf, state->buf, sizeof(rctx->buf));
++ rctx->null_msg = state.null_msg;
++ memcpy(rctx->iv, state.iv, sizeof(rctx->iv));
++ rctx->buf_count = state.buf_count;
++ memcpy(rctx->buf, state.buf, sizeof(rctx->buf));
+
+ return 0;
+ }
+--- a/drivers/crypto/ccp/ccp-crypto-sha.c
++++ b/drivers/crypto/ccp/ccp-crypto-sha.c
+@@ -210,14 +210,17 @@ static int ccp_sha_digest(struct ahash_r
+ static int ccp_sha_export(struct ahash_request *req, void *out)
+ {
+ struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
+- struct ccp_sha_exp_ctx *state = out;
++ struct ccp_sha_exp_ctx state;
+
+- state->type = rctx->type;
+- state->msg_bits = rctx->msg_bits;
+- state->first = rctx->first;
+- memcpy(state->ctx, rctx->ctx, sizeof(state->ctx));
+- state->buf_count = rctx->buf_count;
+- memcpy(state->buf, rctx->buf, sizeof(state->buf));
++ state.type = rctx->type;
++ state.msg_bits = rctx->msg_bits;
++ state.first = rctx->first;
++ memcpy(state.ctx, rctx->ctx, sizeof(state.ctx));
++ state.buf_count = rctx->buf_count;
++ memcpy(state.buf, rctx->buf, sizeof(state.buf));
++
++ /* 'out' may not be aligned so memcpy from local variable */
++ memcpy(out, &state, sizeof(state));
+
+ return 0;
+ }
+@@ -225,14 +228,17 @@ static int ccp_sha_export(struct ahash_r
+ static int ccp_sha_import(struct ahash_request *req, const void *in)
+ {
+ struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
+- const struct ccp_sha_exp_ctx *state = in;
++ struct ccp_sha_exp_ctx state;
++
++ /* 'in' may not be aligned so memcpy to local variable */
++ memcpy(&state, in, sizeof(state));
+
+- rctx->type = state->type;
+- rctx->msg_bits = state->msg_bits;
+- rctx->first = state->first;
+- memcpy(rctx->ctx, state->ctx, sizeof(rctx->ctx));
+- rctx->buf_count = state->buf_count;
+- memcpy(rctx->buf, state->buf, sizeof(rctx->buf));
++ rctx->type = state.type;
++ rctx->msg_bits = state.msg_bits;
++ rctx->first = state.first;
++ memcpy(rctx->ctx, state.ctx, sizeof(rctx->ctx));
++ rctx->buf_count = state.buf_count;
++ memcpy(rctx->buf, state.buf, sizeof(rctx->buf));
+
+ return 0;
+ }
--- /dev/null
+From d1662165ae612ec8b5f94a6b07e65ea58b6dce34 Mon Sep 17 00:00:00 2001
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Fri, 29 Jan 2016 12:45:14 -0600
+Subject: crypto: ccp - Limit the amount of information exported
+
+From: Tom Lendacky <thomas.lendacky@amd.com>
+
+commit d1662165ae612ec8b5f94a6b07e65ea58b6dce34 upstream.
+
+Since the exported information can be exposed to user-space, instead of
+exporting the entire request context only export the minimum information
+needed.
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/ccp/ccp-crypto-aes-cmac.c | 16 +++++++++++-----
+ drivers/crypto/ccp/ccp-crypto-sha.c | 20 +++++++++++++++-----
+ drivers/crypto/ccp/ccp-crypto.h | 22 ++++++++++++++++++++++
+ 3 files changed, 48 insertions(+), 10 deletions(-)
+
+--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
++++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+@@ -223,9 +223,12 @@ static int ccp_aes_cmac_digest(struct ah
+ static int ccp_aes_cmac_export(struct ahash_request *req, void *out)
+ {
+ struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
+- struct ccp_aes_cmac_req_ctx *state = out;
++ struct ccp_aes_cmac_exp_ctx *state = out;
+
+- *state = *rctx;
++ state->null_msg = rctx->null_msg;
++ memcpy(state->iv, rctx->iv, sizeof(state->iv));
++ state->buf_count = rctx->buf_count;
++ memcpy(state->buf, rctx->buf, sizeof(state->buf));
+
+ return 0;
+ }
+@@ -233,9 +236,12 @@ static int ccp_aes_cmac_export(struct ah
+ static int ccp_aes_cmac_import(struct ahash_request *req, const void *in)
+ {
+ struct ccp_aes_cmac_req_ctx *rctx = ahash_request_ctx(req);
+- const struct ccp_aes_cmac_req_ctx *state = in;
++ const struct ccp_aes_cmac_exp_ctx *state = in;
+
+- *rctx = *state;
++ rctx->null_msg = state->null_msg;
++ memcpy(rctx->iv, state->iv, sizeof(rctx->iv));
++ rctx->buf_count = state->buf_count;
++ memcpy(rctx->buf, state->buf, sizeof(rctx->buf));
+
+ return 0;
+ }
+@@ -378,7 +384,7 @@ int ccp_register_aes_cmac_algs(struct li
+
+ halg = &alg->halg;
+ halg->digestsize = AES_BLOCK_SIZE;
+- halg->statesize = sizeof(struct ccp_aes_cmac_req_ctx);
++ halg->statesize = sizeof(struct ccp_aes_cmac_exp_ctx);
+
+ base = &halg->base;
+ snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "cmac(aes)");
+--- a/drivers/crypto/ccp/ccp-crypto-sha.c
++++ b/drivers/crypto/ccp/ccp-crypto-sha.c
+@@ -210,9 +210,14 @@ static int ccp_sha_digest(struct ahash_r
+ static int ccp_sha_export(struct ahash_request *req, void *out)
+ {
+ struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
+- struct ccp_sha_req_ctx *state = out;
++ struct ccp_sha_exp_ctx *state = out;
+
+- *state = *rctx;
++ state->type = rctx->type;
++ state->msg_bits = rctx->msg_bits;
++ state->first = rctx->first;
++ memcpy(state->ctx, rctx->ctx, sizeof(state->ctx));
++ state->buf_count = rctx->buf_count;
++ memcpy(state->buf, rctx->buf, sizeof(state->buf));
+
+ return 0;
+ }
+@@ -220,9 +225,14 @@ static int ccp_sha_export(struct ahash_r
+ static int ccp_sha_import(struct ahash_request *req, const void *in)
+ {
+ struct ccp_sha_req_ctx *rctx = ahash_request_ctx(req);
+- const struct ccp_sha_req_ctx *state = in;
++ const struct ccp_sha_exp_ctx *state = in;
+
+- *rctx = *state;
++ rctx->type = state->type;
++ rctx->msg_bits = state->msg_bits;
++ rctx->first = state->first;
++ memcpy(rctx->ctx, state->ctx, sizeof(rctx->ctx));
++ rctx->buf_count = state->buf_count;
++ memcpy(rctx->buf, state->buf, sizeof(rctx->buf));
+
+ return 0;
+ }
+@@ -428,7 +438,7 @@ static int ccp_register_sha_alg(struct l
+
+ halg = &alg->halg;
+ halg->digestsize = def->digest_size;
+- halg->statesize = sizeof(struct ccp_sha_req_ctx);
++ halg->statesize = sizeof(struct ccp_sha_exp_ctx);
+
+ base = &halg->base;
+ snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME, "%s", def->name);
+--- a/drivers/crypto/ccp/ccp-crypto.h
++++ b/drivers/crypto/ccp/ccp-crypto.h
+@@ -129,6 +129,15 @@ struct ccp_aes_cmac_req_ctx {
+ struct ccp_cmd cmd;
+ };
+
++struct ccp_aes_cmac_exp_ctx {
++ unsigned int null_msg;
++
++ u8 iv[AES_BLOCK_SIZE];
++
++ unsigned int buf_count;
++ u8 buf[AES_BLOCK_SIZE];
++};
++
+ /***** SHA related defines *****/
+ #define MAX_SHA_CONTEXT_SIZE SHA256_DIGEST_SIZE
+ #define MAX_SHA_BLOCK_SIZE SHA256_BLOCK_SIZE
+@@ -171,6 +180,19 @@ struct ccp_sha_req_ctx {
+ struct ccp_cmd cmd;
+ };
+
++struct ccp_sha_exp_ctx {
++ enum ccp_sha_type type;
++
++ u64 msg_bits;
++
++ unsigned int first;
++
++ u8 ctx[MAX_SHA_CONTEXT_SIZE];
++
++ unsigned int buf_count;
++ u8 buf[MAX_SHA_BLOCK_SIZE];
++};
++
+ /***** Common Context Structure *****/
+ struct ccp_ctx {
+ int (*complete)(struct crypto_async_request *req, int ret);
--- /dev/null
+From ce0ae266feaf35930394bd770c69778e4ef03ba9 Mon Sep 17 00:00:00 2001
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Thu, 25 Feb 2016 16:48:13 -0600
+Subject: crypto: ccp - memset request context to zero during import
+
+From: Tom Lendacky <thomas.lendacky@amd.com>
+
+commit ce0ae266feaf35930394bd770c69778e4ef03ba9 upstream.
+
+Since a crypto_ahash_import() can be called against a request context
+that has not had a crypto_ahash_init() performed, the request context
+needs to be cleared to insure there is no random data present. If not,
+the random data can result in a kernel oops during crypto_ahash_update().
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/ccp/ccp-crypto-aes-cmac.c | 1 +
+ drivers/crypto/ccp/ccp-crypto-sha.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+--- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
++++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c
+@@ -244,6 +244,7 @@ static int ccp_aes_cmac_import(struct ah
+ /* 'in' may not be aligned so memcpy to local variable */
+ memcpy(&state, in, sizeof(state));
+
++ memset(rctx, 0, sizeof(*rctx));
+ rctx->null_msg = state.null_msg;
+ memcpy(rctx->iv, state.iv, sizeof(rctx->iv));
+ rctx->buf_count = state.buf_count;
+--- a/drivers/crypto/ccp/ccp-crypto-sha.c
++++ b/drivers/crypto/ccp/ccp-crypto-sha.c
+@@ -233,6 +233,7 @@ static int ccp_sha_import(struct ahash_r
+ /* 'in' may not be aligned so memcpy to local variable */
+ memcpy(&state, in, sizeof(state));
+
++ memset(rctx, 0, sizeof(*rctx));
+ rctx->type = state.type;
+ rctx->msg_bits = state.msg_bits;
+ rctx->first = state.first;
--- /dev/null
+From 2b8b28fd232233c22fb61009dd8b0587390d2875 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Sat, 30 Jan 2016 17:38:28 +0300
+Subject: crypto: keywrap - memzero the correct memory
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 2b8b28fd232233c22fb61009dd8b0587390d2875 upstream.
+
+We're clearing the wrong memory. The memory corruption is likely
+harmless because we weren't going to use that stack memory again but not
+zeroing is a potential information leak.
+
+Fixes: e28facde3c39 ('crypto: keywrap - add key wrapping block chaining mode')
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Stephan Mueller <smueller@chronox.de>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/keywrap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/crypto/keywrap.c
++++ b/crypto/keywrap.c
+@@ -212,7 +212,7 @@ static int crypto_kw_decrypt(struct blkc
+ SEMIBSIZE))
+ ret = -EBADMSG;
+
+- memzero_explicit(&block, sizeof(struct crypto_kw_block));
++ memzero_explicit(block, sizeof(struct crypto_kw_block));
+
+ return ret;
+ }
+@@ -297,7 +297,7 @@ static int crypto_kw_encrypt(struct blkc
+ /* establish the IV for the caller to pick up */
+ memcpy(desc->info, block->A, SEMIBSIZE);
+
+- memzero_explicit(&block, sizeof(struct crypto_kw_block));
++ memzero_explicit(block, sizeof(struct crypto_kw_block));
+
+ return 0;
+ }
--- /dev/null
+From dfe97ad30e8c038261663a18b9e04b8b5bc07bea Mon Sep 17 00:00:00 2001
+From: Boris BREZILLON <boris.brezillon@free-electrons.com>
+Date: Thu, 17 Mar 2016 10:47:10 +0100
+Subject: crypto: marvell/cesa - forward devm_ioremap_resource() error code
+
+From: Boris BREZILLON <boris.brezillon@free-electrons.com>
+
+commit dfe97ad30e8c038261663a18b9e04b8b5bc07bea upstream.
+
+Forward devm_ioremap_resource() error code instead of returning
+-ENOMEM.
+
+Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Reported-by: Russell King - ARM Linux <linux@arm.linux.org.uk>
+Fixes: f63601fd616a ("crypto: marvell/cesa - add a new driver for Marvell's CESA")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/marvell/cesa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/crypto/marvell/cesa.c
++++ b/drivers/crypto/marvell/cesa.c
+@@ -420,7 +420,7 @@ static int mv_cesa_probe(struct platform
+ res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "regs");
+ cesa->regs = devm_ioremap_resource(dev, res);
+ if (IS_ERR(cesa->regs))
+- return -ENOMEM;
++ return PTR_ERR(cesa->regs);
+
+ ret = mv_cesa_dev_dma_init(cesa);
+ if (ret)
--- /dev/null
+From b62917a2622ebcb03a500ef20da47be80d8c8951 Mon Sep 17 00:00:00 2001
+From: Vladimir Zapolskiy <vz@mleia.com>
+Date: Sun, 6 Mar 2016 03:22:04 +0200
+Subject: crypto: ux500 - fix checks of error code returned by devm_ioremap_resource()
+
+From: Vladimir Zapolskiy <vz@mleia.com>
+
+commit b62917a2622ebcb03a500ef20da47be80d8c8951 upstream.
+
+The change fixes potential oops while accessing iomem on invalid
+address, if devm_ioremap_resource() fails due to some reason.
+
+The devm_ioremap_resource() function returns ERR_PTR() and never
+returns NULL, which makes useless a following check for NULL.
+
+Signed-off-by: Vladimir Zapolskiy <vz@mleia.com>
+Fixes: 5a4eea2658c93 ("crypto: ux500 - Use devm_xxx() managed function")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/ux500/cryp/cryp_core.c | 4 ++--
+ drivers/crypto/ux500/hash/hash_core.c | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/crypto/ux500/cryp/cryp_core.c
++++ b/drivers/crypto/ux500/cryp/cryp_core.c
+@@ -1440,9 +1440,9 @@ static int ux500_cryp_probe(struct platf
+
+ device_data->phybase = res->start;
+ device_data->base = devm_ioremap_resource(dev, res);
+- if (!device_data->base) {
++ if (IS_ERR(device_data->base)) {
+ dev_err(dev, "[%s]: ioremap failed!", __func__);
+- ret = -ENOMEM;
++ ret = PTR_ERR(device_data->base);
+ goto out;
+ }
+
+--- a/drivers/crypto/ux500/hash/hash_core.c
++++ b/drivers/crypto/ux500/hash/hash_core.c
+@@ -1659,9 +1659,9 @@ static int ux500_hash_probe(struct platf
+
+ device_data->phybase = res->start;
+ device_data->base = devm_ioremap_resource(dev, res);
+- if (!device_data->base) {
++ if (IS_ERR(device_data->base)) {
+ dev_err(dev, "%s: ioremap() failed!\n", __func__);
+- ret = -ENOMEM;
++ ret = PTR_ERR(device_data->base);
+ goto out;
+ }
+ spin_lock_init(&device_data->ctx_lock);
--- /dev/null
+From 15c13dfcad883a1e76b714480fb27be96247fd82 Mon Sep 17 00:00:00 2001
+From: Alexander Usyskin <alexander.usyskin@intel.com>
+Date: Sun, 7 Feb 2016 23:35:32 +0200
+Subject: mei: bus: check if the device is enabled before data transfer
+
+From: Alexander Usyskin <alexander.usyskin@intel.com>
+
+commit 15c13dfcad883a1e76b714480fb27be96247fd82 upstream.
+
+The bus data transfer interface was missing the check if the device is
+in enabled state, this may lead to stack corruption during link reset.
+
+Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
+Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/misc/mei/bus.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/drivers/misc/mei/bus.c
++++ b/drivers/misc/mei/bus.c
+@@ -53,6 +53,11 @@ ssize_t __mei_cl_send(struct mei_cl *cl,
+ bus = cl->dev;
+
+ mutex_lock(&bus->device_lock);
++ if (bus->dev_state != MEI_DEV_ENABLED) {
++ rets = -ENODEV;
++ goto out;
++ }
++
+ if (!mei_cl_is_connected(cl)) {
+ rets = -ENODEV;
+ goto out;
+@@ -109,6 +114,10 @@ ssize_t __mei_cl_recv(struct mei_cl *cl,
+ bus = cl->dev;
+
+ mutex_lock(&bus->device_lock);
++ if (bus->dev_state != MEI_DEV_ENABLED) {
++ rets = -ENODEV;
++ goto out;
++ }
+
+ cb = mei_cl_read_cb(cl, NULL);
+ if (cb)
bluetooth-btusb-add-new-ar3012-id-13d3-3395.patch
bluetooth-btusb-add-a-new-ar3012-id-04ca-3014.patch
bluetooth-btusb-add-a-new-ar3012-id-13d3-3472.patch
+crypto-ccp-add-hash-state-import-and-export-support.patch
+crypto-ccp-limit-the-amount-of-information-exported.patch
+crypto-ccp-don-t-assume-export-import-areas-are-aligned.patch
+crypto-ccp-memset-request-context-to-zero-during-import.patch
+crypto-keywrap-memzero-the-correct-memory.patch
+crypto-atmel-fix-checks-of-error-code-returned-by-devm_ioremap_resource.patch
+crypto-ux500-fix-checks-of-error-code-returned-by-devm_ioremap_resource.patch
+crypto-marvell-cesa-forward-devm_ioremap_resource-error-code.patch
+x.509-fix-leap-year-handling-again.patch
+mei-bus-check-if-the-device-is-enabled-before-data-transfer.patch
--- /dev/null
+From ac4cbedfdf55455b4c447f17f0fa027dbf02b2a6 Mon Sep 17 00:00:00 2001
+From: David Howells <dhowells@redhat.com>
+Date: Wed, 24 Feb 2016 14:37:15 +0000
+Subject: X.509: Fix leap year handling again
+
+From: David Howells <dhowells@redhat.com>
+
+commit ac4cbedfdf55455b4c447f17f0fa027dbf02b2a6 upstream.
+
+There are still a couple of minor issues in the X.509 leap year handling:
+
+ (1) To avoid doing a modulus-by-400 in addition to a modulus-by-100 when
+ determining whether the year is a leap year or not, I divided the year
+ by 100 after doing the modulus-by-100, thereby letting the compiler do
+ one instruction for both, and then did a modulus-by-4.
+
+ Unfortunately, I then passed the now-modified year value to mktime64()
+ to construct a time value.
+
+ Since this isn't a fast path and since mktime64() does a bunch of
+ divisions, just condense down to "% 400". It's also easier to read.
+
+ (2) The default month length for any February where the year doesn't
+ divide by four exactly is obtained from the month_length[] array where
+ the value is 29, not 28.
+
+ This is fixed by altering the table.
+
+Reported-by: Rudolf Polzer <rpolzer@google.com>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Acked-by: David Woodhouse <David.Woodhouse@intel.com>
+Acked-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/asymmetric_keys/x509_cert_parser.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/crypto/asymmetric_keys/x509_cert_parser.c
++++ b/crypto/asymmetric_keys/x509_cert_parser.c
+@@ -494,7 +494,7 @@ int x509_decode_time(time64_t *_t, size
+ unsigned char tag,
+ const unsigned char *value, size_t vlen)
+ {
+- static const unsigned char month_lengths[] = { 31, 29, 31, 30, 31, 30,
++ static const unsigned char month_lengths[] = { 31, 28, 31, 30, 31, 30,
+ 31, 31, 30, 31, 30, 31 };
+ const unsigned char *p = value;
+ unsigned year, mon, day, hour, min, sec, mon_len;
+@@ -540,9 +540,9 @@ int x509_decode_time(time64_t *_t, size
+ if (year % 4 == 0) {
+ mon_len = 29;
+ if (year % 100 == 0) {
+- year /= 100;
+- if (year % 4 != 0)
+- mon_len = 28;
++ mon_len = 28;
++ if (year % 400 == 0)
++ mon_len = 29;
+ }
+ }
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
