From: Greg Kroah-Hartman Date: Thu, 1 Feb 2018 08:48:10 +0000 (+0100) Subject: 4.15-stable patches X-Git-Tag: v4.4.115~15 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d7aff01b1708f0849355fddbcd93882f49a799f3;p=thirdparty%2Fkernel%2Fstable-queue.git 4.15-stable patches added patches: alsa-hda-reduce-the-suspend-time-consumption-for-alc256.patch crypto-aesni-add-wrapper-for-generic-gcm-aes.patch crypto-aesni-fix-out-of-bounds-access-of-the-aad-buffer-in-generic-gcm-aesni.patch crypto-aesni-fix-out-of-bounds-access-of-the-data-buffer-in-generic-gcm-aesni.patch crypto-aesni-fix-typo-in-generic_gcmaes_decrypt.patch crypto-aesni-handle-zero-length-dst-buffer.patch crypto-af_alg-whitelist-mask-and-type.patch crypto-ecdh-fix-typo-in-kpp-dependency-of-crypto_ecdh.patch crypto-inside-secure-avoid-unmapping-dma-memory-that-was-not-mapped.patch crypto-inside-secure-fix-hash-when-length-is-a-multiple-of-a-block.patch crypto-sha3-generic-fixes-for-alignment-and-big-endian-operation.patch gpio-ath79-add-missing-module_description-license.patch gpio-fix-kernel-stack-leak-to-userspace.patch gpio-iop-add-missing-module_description-author-license.patch gpio-stmpe-i2c-transfer-are-forbiden-in-atomic-context.patch hid-wacom-ekr-ensure-devres-groups-at-higher-indexes-are-released.patch hid-wacom-fix-reporting-of-touch-toggle-wacom_hid_wd_mute_device-events.patch mtd-nand-denali_pci-add-missing-module_description-author-license.patch power-reset-zx-reboot-add-missing-module_description-author-license.patch tools-gpio-fix-build-error-with-musl-libc.patch --- diff --git a/queue-4.15/alsa-hda-reduce-the-suspend-time-consumption-for-alc256.patch b/queue-4.15/alsa-hda-reduce-the-suspend-time-consumption-for-alc256.patch new file mode 100644 index 00000000000..b0b3a966629 --- /dev/null +++ b/queue-4.15/alsa-hda-reduce-the-suspend-time-consumption-for-alc256.patch @@ -0,0 +1,46 @@ +From 1c9609e3a8cf5997bd35205cfda1ff2218ee793b Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Fri, 19 Jan 2018 14:18:34 +0100 +Subject: ALSA: hda - Reduce the suspend time consumption for ALC256 + +From: Takashi Iwai + +commit 1c9609e3a8cf5997bd35205cfda1ff2218ee793b upstream. + +ALC256 has its own quirk to override the shutup call, and it contains +the COEF update for pulling down the headset jack control. Currently, +the COEF update is called after clearing the headphone pin, and this +seems triggering a stall of the codec communication, and results in a +long delay over a second at suspend. + +A quick resolution is to swap the calls: at first with the COEF +update, then clear the headphone pin. + +Fixes: 4a219ef8f370 ("ALSA: hda/realtek - Add ALC256 HP depop function") +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=198503 +Reported-by: Paul Menzel +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -3154,11 +3154,13 @@ static void alc256_shutup(struct hda_cod + if (hp_pin_sense) + msleep(85); + ++ /* 3k pull low control for Headset jack. */ ++ /* NOTE: call this before clearing the pin, otherwise codec stalls */ ++ alc_update_coef_idx(codec, 0x46, 0, 3 << 12); ++ + snd_hda_codec_write(codec, hp_pin, 0, + AC_VERB_SET_PIN_WIDGET_CONTROL, 0x0); + +- alc_update_coef_idx(codec, 0x46, 0, 3 << 12); /* 3k pull low control for Headset jack. */ +- + if (hp_pin_sense) + msleep(100); + diff --git a/queue-4.15/crypto-aesni-add-wrapper-for-generic-gcm-aes.patch b/queue-4.15/crypto-aesni-add-wrapper-for-generic-gcm-aes.patch new file mode 100644 index 00000000000..69f8b06f50f --- /dev/null +++ b/queue-4.15/crypto-aesni-add-wrapper-for-generic-gcm-aes.patch @@ -0,0 +1,147 @@ +From fc8517bf627c9b834f80274a1bc9ecd39b27231b Mon Sep 17 00:00:00 2001 +From: Sabrina Dubroca +Date: Wed, 13 Dec 2017 14:54:36 +0100 +Subject: crypto: aesni - add wrapper for generic gcm(aes) + +From: Sabrina Dubroca + +commit fc8517bf627c9b834f80274a1bc9ecd39b27231b upstream. + +When I added generic-gcm-aes I didn't add a wrapper like the one +provided for rfc4106(gcm(aes)). We need to add a cryptd wrapper to fall +back on in case the FPU is not available, otherwise we might corrupt the +FPU state. + +Fixes: cce2ea8d90fe ("crypto: aesni - add generic gcm(aes)") +Reported-by: Ilya Lesokhin +Signed-off-by: Sabrina Dubroca +Reviewed-by: Stefano Brivio +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/crypto/aesni-intel_glue.c | 66 ++++++++++++++++++++++++++++++------- + 1 file changed, 54 insertions(+), 12 deletions(-) + +--- a/arch/x86/crypto/aesni-intel_glue.c ++++ b/arch/x86/crypto/aesni-intel_glue.c +@@ -690,8 +690,8 @@ static int common_rfc4106_set_key(struct + rfc4106_set_hash_subkey(ctx->hash_subkey, key, key_len); + } + +-static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key, +- unsigned int key_len) ++static int gcmaes_wrapper_set_key(struct crypto_aead *parent, const u8 *key, ++ unsigned int key_len) + { + struct cryptd_aead **ctx = crypto_aead_ctx(parent); + struct cryptd_aead *cryptd_tfm = *ctx; +@@ -716,8 +716,8 @@ static int common_rfc4106_set_authsize(s + + /* This is the Integrity Check Value (aka the authentication tag length and can + * be 8, 12 or 16 bytes long. */ +-static int rfc4106_set_authsize(struct crypto_aead *parent, +- unsigned int authsize) ++static int gcmaes_wrapper_set_authsize(struct crypto_aead *parent, ++ unsigned int authsize) + { + struct cryptd_aead **ctx = crypto_aead_ctx(parent); + struct cryptd_aead *cryptd_tfm = *ctx; +@@ -929,7 +929,7 @@ static int helper_rfc4106_decrypt(struct + aes_ctx); + } + +-static int rfc4106_encrypt(struct aead_request *req) ++static int gcmaes_wrapper_encrypt(struct aead_request *req) + { + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct cryptd_aead **ctx = crypto_aead_ctx(tfm); +@@ -945,7 +945,7 @@ static int rfc4106_encrypt(struct aead_r + return crypto_aead_encrypt(req); + } + +-static int rfc4106_decrypt(struct aead_request *req) ++static int gcmaes_wrapper_decrypt(struct aead_request *req) + { + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct cryptd_aead **ctx = crypto_aead_ctx(tfm); +@@ -1128,6 +1128,30 @@ static int generic_gcmaes_decrypt(struct + aes_ctx); + } + ++static int generic_gcmaes_init(struct crypto_aead *aead) ++{ ++ struct cryptd_aead *cryptd_tfm; ++ struct cryptd_aead **ctx = crypto_aead_ctx(aead); ++ ++ cryptd_tfm = cryptd_alloc_aead("__driver-generic-gcm-aes-aesni", ++ CRYPTO_ALG_INTERNAL, ++ CRYPTO_ALG_INTERNAL); ++ if (IS_ERR(cryptd_tfm)) ++ return PTR_ERR(cryptd_tfm); ++ ++ *ctx = cryptd_tfm; ++ crypto_aead_set_reqsize(aead, crypto_aead_reqsize(&cryptd_tfm->base)); ++ ++ return 0; ++} ++ ++static void generic_gcmaes_exit(struct crypto_aead *aead) ++{ ++ struct cryptd_aead **ctx = crypto_aead_ctx(aead); ++ ++ cryptd_free_aead(*ctx); ++} ++ + static struct aead_alg aesni_aead_algs[] = { { + .setkey = common_rfc4106_set_key, + .setauthsize = common_rfc4106_set_authsize, +@@ -1147,10 +1171,10 @@ static struct aead_alg aesni_aead_algs[] + }, { + .init = rfc4106_init, + .exit = rfc4106_exit, +- .setkey = rfc4106_set_key, +- .setauthsize = rfc4106_set_authsize, +- .encrypt = rfc4106_encrypt, +- .decrypt = rfc4106_decrypt, ++ .setkey = gcmaes_wrapper_set_key, ++ .setauthsize = gcmaes_wrapper_set_authsize, ++ .encrypt = gcmaes_wrapper_encrypt, ++ .decrypt = gcmaes_wrapper_decrypt, + .ivsize = GCM_RFC4106_IV_SIZE, + .maxauthsize = 16, + .base = { +@@ -1170,13 +1194,31 @@ static struct aead_alg aesni_aead_algs[] + .ivsize = GCM_AES_IV_SIZE, + .maxauthsize = 16, + .base = { ++ .cra_name = "__generic-gcm-aes-aesni", ++ .cra_driver_name = "__driver-generic-gcm-aes-aesni", ++ .cra_priority = 0, ++ .cra_flags = CRYPTO_ALG_INTERNAL, ++ .cra_blocksize = 1, ++ .cra_ctxsize = sizeof(struct generic_gcmaes_ctx), ++ .cra_alignmask = AESNI_ALIGN - 1, ++ .cra_module = THIS_MODULE, ++ }, ++}, { ++ .init = generic_gcmaes_init, ++ .exit = generic_gcmaes_exit, ++ .setkey = gcmaes_wrapper_set_key, ++ .setauthsize = gcmaes_wrapper_set_authsize, ++ .encrypt = gcmaes_wrapper_encrypt, ++ .decrypt = gcmaes_wrapper_decrypt, ++ .ivsize = GCM_AES_IV_SIZE, ++ .maxauthsize = 16, ++ .base = { + .cra_name = "gcm(aes)", + .cra_driver_name = "generic-gcm-aesni", + .cra_priority = 400, + .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = 1, +- .cra_ctxsize = sizeof(struct generic_gcmaes_ctx), +- .cra_alignmask = AESNI_ALIGN - 1, ++ .cra_ctxsize = sizeof(struct cryptd_aead *), + .cra_module = THIS_MODULE, + }, + } }; diff --git a/queue-4.15/crypto-aesni-fix-out-of-bounds-access-of-the-aad-buffer-in-generic-gcm-aesni.patch b/queue-4.15/crypto-aesni-fix-out-of-bounds-access-of-the-aad-buffer-in-generic-gcm-aesni.patch new file mode 100644 index 00000000000..bcd6b0a7421 --- /dev/null +++ b/queue-4.15/crypto-aesni-fix-out-of-bounds-access-of-the-aad-buffer-in-generic-gcm-aesni.patch @@ -0,0 +1,198 @@ +From 1ecdd37e308ca149dc378cce225068cbac54e3a6 Mon Sep 17 00:00:00 2001 +From: Junaid Shahid +Date: Wed, 20 Dec 2017 17:08:38 -0800 +Subject: crypto: aesni - Fix out-of-bounds access of the AAD buffer in generic-gcm-aesni + +From: Junaid Shahid + +commit 1ecdd37e308ca149dc378cce225068cbac54e3a6 upstream. + +The aesni_gcm_enc/dec functions can access memory after the end of +the AAD buffer if the AAD length is not a multiple of 4 bytes. +It didn't matter with rfc4106-gcm-aesni as in that case the AAD was +always followed by the 8 byte IV, but that is no longer the case with +generic-gcm-aesni. This can potentially result in accessing a page that +is not mapped and thus causing the machine to crash. This patch fixes +that by reading the last <16 byte block of the AAD byte-by-byte and +optionally via an 8-byte load if the block was at least 8 bytes. + +Fixes: 0487ccac ("crypto: aesni - make non-AVX AES-GCM work with any aadlen") +Signed-off-by: Junaid Shahid +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/crypto/aesni-intel_asm.S | 112 ++++---------------------------------- + 1 file changed, 12 insertions(+), 100 deletions(-) + +--- a/arch/x86/crypto/aesni-intel_asm.S ++++ b/arch/x86/crypto/aesni-intel_asm.S +@@ -90,30 +90,6 @@ SHIFT_MASK: .octa 0x0f0e0d0c0b0a09080706 + ALL_F: .octa 0xffffffffffffffffffffffffffffffff + .octa 0x00000000000000000000000000000000 + +-.section .rodata +-.align 16 +-.type aad_shift_arr, @object +-.size aad_shift_arr, 272 +-aad_shift_arr: +- .octa 0xffffffffffffffffffffffffffffffff +- .octa 0xffffffffffffffffffffffffffffff0C +- .octa 0xffffffffffffffffffffffffffff0D0C +- .octa 0xffffffffffffffffffffffffff0E0D0C +- .octa 0xffffffffffffffffffffffff0F0E0D0C +- .octa 0xffffffffffffffffffffff0C0B0A0908 +- .octa 0xffffffffffffffffffff0D0C0B0A0908 +- .octa 0xffffffffffffffffff0E0D0C0B0A0908 +- .octa 0xffffffffffffffff0F0E0D0C0B0A0908 +- .octa 0xffffffffffffff0C0B0A090807060504 +- .octa 0xffffffffffff0D0C0B0A090807060504 +- .octa 0xffffffffff0E0D0C0B0A090807060504 +- .octa 0xffffffff0F0E0D0C0B0A090807060504 +- .octa 0xffffff0C0B0A09080706050403020100 +- .octa 0xffff0D0C0B0A09080706050403020100 +- .octa 0xff0E0D0C0B0A09080706050403020100 +- .octa 0x0F0E0D0C0B0A09080706050403020100 +- +- + .text + + +@@ -304,62 +280,30 @@ _done_read_partial_block_\@: + XMM2 XMM3 XMM4 XMMDst TMP6 TMP7 i i_seq operation + MOVADQ SHUF_MASK(%rip), %xmm14 + mov arg7, %r10 # %r10 = AAD +- mov arg8, %r12 # %r12 = aadLen +- mov %r12, %r11 ++ mov arg8, %r11 # %r11 = aadLen + pxor %xmm\i, %xmm\i + pxor \XMM2, \XMM2 + + cmp $16, %r11 +- jl _get_AAD_rest8\num_initial_blocks\operation ++ jl _get_AAD_rest\num_initial_blocks\operation + _get_AAD_blocks\num_initial_blocks\operation: + movdqu (%r10), %xmm\i + PSHUFB_XMM %xmm14, %xmm\i # byte-reflect the AAD data + pxor %xmm\i, \XMM2 + GHASH_MUL \XMM2, \TMP3, \TMP1, \TMP2, \TMP4, \TMP5, \XMM1 + add $16, %r10 +- sub $16, %r12 + sub $16, %r11 + cmp $16, %r11 + jge _get_AAD_blocks\num_initial_blocks\operation + + movdqu \XMM2, %xmm\i ++ ++ /* read the last <16B of AAD */ ++_get_AAD_rest\num_initial_blocks\operation: + cmp $0, %r11 + je _get_AAD_done\num_initial_blocks\operation + +- pxor %xmm\i,%xmm\i +- +- /* read the last <16B of AAD. since we have at least 4B of +- data right after the AAD (the ICV, and maybe some CT), we can +- read 4B/8B blocks safely, and then get rid of the extra stuff */ +-_get_AAD_rest8\num_initial_blocks\operation: +- cmp $4, %r11 +- jle _get_AAD_rest4\num_initial_blocks\operation +- movq (%r10), \TMP1 +- add $8, %r10 +- sub $8, %r11 +- pslldq $8, \TMP1 +- psrldq $8, %xmm\i +- pxor \TMP1, %xmm\i +- jmp _get_AAD_rest8\num_initial_blocks\operation +-_get_AAD_rest4\num_initial_blocks\operation: +- cmp $0, %r11 +- jle _get_AAD_rest0\num_initial_blocks\operation +- mov (%r10), %eax +- movq %rax, \TMP1 +- add $4, %r10 +- sub $4, %r10 +- pslldq $12, \TMP1 +- psrldq $4, %xmm\i +- pxor \TMP1, %xmm\i +-_get_AAD_rest0\num_initial_blocks\operation: +- /* finalize: shift out the extra bytes we read, and align +- left. since pslldq can only shift by an immediate, we use +- vpshufb and an array of shuffle masks */ +- movq %r12, %r11 +- salq $4, %r11 +- movdqu aad_shift_arr(%r11), \TMP1 +- PSHUFB_XMM \TMP1, %xmm\i +-_get_AAD_rest_final\num_initial_blocks\operation: ++ READ_PARTIAL_BLOCK %r10, %r11, \TMP1, %xmm\i + PSHUFB_XMM %xmm14, %xmm\i # byte-reflect the AAD data + pxor \XMM2, %xmm\i + GHASH_MUL %xmm\i, \TMP3, \TMP1, \TMP2, \TMP4, \TMP5, \XMM1 +@@ -563,62 +507,30 @@ _initial_blocks_done\num_initial_blocks\ + XMM2 XMM3 XMM4 XMMDst TMP6 TMP7 i i_seq operation + MOVADQ SHUF_MASK(%rip), %xmm14 + mov arg7, %r10 # %r10 = AAD +- mov arg8, %r12 # %r12 = aadLen +- mov %r12, %r11 ++ mov arg8, %r11 # %r11 = aadLen + pxor %xmm\i, %xmm\i + pxor \XMM2, \XMM2 + + cmp $16, %r11 +- jl _get_AAD_rest8\num_initial_blocks\operation ++ jl _get_AAD_rest\num_initial_blocks\operation + _get_AAD_blocks\num_initial_blocks\operation: + movdqu (%r10), %xmm\i + PSHUFB_XMM %xmm14, %xmm\i # byte-reflect the AAD data + pxor %xmm\i, \XMM2 + GHASH_MUL \XMM2, \TMP3, \TMP1, \TMP2, \TMP4, \TMP5, \XMM1 + add $16, %r10 +- sub $16, %r12 + sub $16, %r11 + cmp $16, %r11 + jge _get_AAD_blocks\num_initial_blocks\operation + + movdqu \XMM2, %xmm\i ++ ++ /* read the last <16B of AAD */ ++_get_AAD_rest\num_initial_blocks\operation: + cmp $0, %r11 + je _get_AAD_done\num_initial_blocks\operation + +- pxor %xmm\i,%xmm\i +- +- /* read the last <16B of AAD. since we have at least 4B of +- data right after the AAD (the ICV, and maybe some PT), we can +- read 4B/8B blocks safely, and then get rid of the extra stuff */ +-_get_AAD_rest8\num_initial_blocks\operation: +- cmp $4, %r11 +- jle _get_AAD_rest4\num_initial_blocks\operation +- movq (%r10), \TMP1 +- add $8, %r10 +- sub $8, %r11 +- pslldq $8, \TMP1 +- psrldq $8, %xmm\i +- pxor \TMP1, %xmm\i +- jmp _get_AAD_rest8\num_initial_blocks\operation +-_get_AAD_rest4\num_initial_blocks\operation: +- cmp $0, %r11 +- jle _get_AAD_rest0\num_initial_blocks\operation +- mov (%r10), %eax +- movq %rax, \TMP1 +- add $4, %r10 +- sub $4, %r10 +- pslldq $12, \TMP1 +- psrldq $4, %xmm\i +- pxor \TMP1, %xmm\i +-_get_AAD_rest0\num_initial_blocks\operation: +- /* finalize: shift out the extra bytes we read, and align +- left. since pslldq can only shift by an immediate, we use +- vpshufb and an array of shuffle masks */ +- movq %r12, %r11 +- salq $4, %r11 +- movdqu aad_shift_arr(%r11), \TMP1 +- PSHUFB_XMM \TMP1, %xmm\i +-_get_AAD_rest_final\num_initial_blocks\operation: ++ READ_PARTIAL_BLOCK %r10, %r11, \TMP1, %xmm\i + PSHUFB_XMM %xmm14, %xmm\i # byte-reflect the AAD data + pxor \XMM2, %xmm\i + GHASH_MUL %xmm\i, \TMP3, \TMP1, \TMP2, \TMP4, \TMP5, \XMM1 diff --git a/queue-4.15/crypto-aesni-fix-out-of-bounds-access-of-the-data-buffer-in-generic-gcm-aesni.patch b/queue-4.15/crypto-aesni-fix-out-of-bounds-access-of-the-data-buffer-in-generic-gcm-aesni.patch new file mode 100644 index 00000000000..2c87957345b --- /dev/null +++ b/queue-4.15/crypto-aesni-fix-out-of-bounds-access-of-the-data-buffer-in-generic-gcm-aesni.patch @@ -0,0 +1,170 @@ +From b20209c91e23a9bbad9cac2f80bc16b3c259e10e Mon Sep 17 00:00:00 2001 +From: Junaid Shahid +Date: Wed, 20 Dec 2017 17:08:37 -0800 +Subject: crypto: aesni - Fix out-of-bounds access of the data buffer in generic-gcm-aesni + +From: Junaid Shahid + +commit b20209c91e23a9bbad9cac2f80bc16b3c259e10e upstream. + +The aesni_gcm_enc/dec functions can access memory before the start of +the data buffer if the length of the data buffer is less than 16 bytes. +This is because they perform the read via a single 16-byte load. This +can potentially result in accessing a page that is not mapped and thus +causing the machine to crash. This patch fixes that by reading the +partial block byte-by-byte and optionally an via 8-byte load if the block +was at least 8 bytes. + +Fixes: 0487ccac ("crypto: aesni - make non-AVX AES-GCM work with any aadlen") +Signed-off-by: Junaid Shahid +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/crypto/aesni-intel_asm.S | 87 +++++++++++++++++++------------------- + 1 file changed, 45 insertions(+), 42 deletions(-) + +--- a/arch/x86/crypto/aesni-intel_asm.S ++++ b/arch/x86/crypto/aesni-intel_asm.S +@@ -257,6 +257,37 @@ aad_shift_arr: + pxor \TMP1, \GH # result is in TMP1 + .endm + ++# Reads DLEN bytes starting at DPTR and stores in XMMDst ++# where 0 < DLEN < 16 ++# Clobbers %rax, DLEN and XMM1 ++.macro READ_PARTIAL_BLOCK DPTR DLEN XMM1 XMMDst ++ cmp $8, \DLEN ++ jl _read_lt8_\@ ++ mov (\DPTR), %rax ++ MOVQ_R64_XMM %rax, \XMMDst ++ sub $8, \DLEN ++ jz _done_read_partial_block_\@ ++ xor %eax, %eax ++_read_next_byte_\@: ++ shl $8, %rax ++ mov 7(\DPTR, \DLEN, 1), %al ++ dec \DLEN ++ jnz _read_next_byte_\@ ++ MOVQ_R64_XMM %rax, \XMM1 ++ pslldq $8, \XMM1 ++ por \XMM1, \XMMDst ++ jmp _done_read_partial_block_\@ ++_read_lt8_\@: ++ xor %eax, %eax ++_read_next_byte_lt8_\@: ++ shl $8, %rax ++ mov -1(\DPTR, \DLEN, 1), %al ++ dec \DLEN ++ jnz _read_next_byte_lt8_\@ ++ MOVQ_R64_XMM %rax, \XMMDst ++_done_read_partial_block_\@: ++.endm ++ + /* + * if a = number of total plaintext bytes + * b = floor(a/16) +@@ -1386,14 +1417,6 @@ _esb_loop_\@: + * + * AAD Format with 64-bit Extended Sequence Number + * +-* aadLen: +-* from the definition of the spec, aadLen can only be 8 or 12 bytes. +-* The code supports 16 too but for other sizes, the code will fail. +-* +-* TLen: +-* from the definition of the spec, TLen can only be 8, 12 or 16 bytes. +-* For other sizes, the code will fail. +-* + * poly = x^128 + x^127 + x^126 + x^121 + 1 + * + *****************************************************************************/ +@@ -1487,19 +1510,16 @@ _zero_cipher_left_decrypt: + PSHUFB_XMM %xmm10, %xmm0 + + ENCRYPT_SINGLE_BLOCK %xmm0, %xmm1 # E(K, Yn) +- sub $16, %r11 +- add %r13, %r11 +- movdqu (%arg3,%r11,1), %xmm1 # receive the last <16 byte block +- lea SHIFT_MASK+16(%rip), %r12 +- sub %r13, %r12 +-# adjust the shuffle mask pointer to be able to shift 16-%r13 bytes +-# (%r13 is the number of bytes in plaintext mod 16) +- movdqu (%r12), %xmm2 # get the appropriate shuffle mask +- PSHUFB_XMM %xmm2, %xmm1 # right shift 16-%r13 butes + ++ lea (%arg3,%r11,1), %r10 ++ mov %r13, %r12 ++ READ_PARTIAL_BLOCK %r10 %r12 %xmm2 %xmm1 ++ ++ lea ALL_F+16(%rip), %r12 ++ sub %r13, %r12 + movdqa %xmm1, %xmm2 + pxor %xmm1, %xmm0 # Ciphertext XOR E(K, Yn) +- movdqu ALL_F-SHIFT_MASK(%r12), %xmm1 ++ movdqu (%r12), %xmm1 + # get the appropriate mask to mask out top 16-%r13 bytes of %xmm0 + pand %xmm1, %xmm0 # mask out top 16-%r13 bytes of %xmm0 + pand %xmm1, %xmm2 +@@ -1508,9 +1528,6 @@ _zero_cipher_left_decrypt: + + pxor %xmm2, %xmm8 + GHASH_MUL %xmm8, %xmm13, %xmm9, %xmm10, %xmm11, %xmm5, %xmm6 +- # GHASH computation for the last <16 byte block +- sub %r13, %r11 +- add $16, %r11 + + # output %r13 bytes + MOVQ_R64_XMM %xmm0, %rax +@@ -1664,14 +1681,6 @@ ENDPROC(aesni_gcm_dec) + * + * AAD Format with 64-bit Extended Sequence Number + * +-* aadLen: +-* from the definition of the spec, aadLen can only be 8 or 12 bytes. +-* The code supports 16 too but for other sizes, the code will fail. +-* +-* TLen: +-* from the definition of the spec, TLen can only be 8, 12 or 16 bytes. +-* For other sizes, the code will fail. +-* + * poly = x^128 + x^127 + x^126 + x^121 + 1 + ***************************************************************************/ + ENTRY(aesni_gcm_enc) +@@ -1764,19 +1773,16 @@ _zero_cipher_left_encrypt: + movdqa SHUF_MASK(%rip), %xmm10 + PSHUFB_XMM %xmm10, %xmm0 + +- + ENCRYPT_SINGLE_BLOCK %xmm0, %xmm1 # Encrypt(K, Yn) +- sub $16, %r11 +- add %r13, %r11 +- movdqu (%arg3,%r11,1), %xmm1 # receive the last <16 byte blocks +- lea SHIFT_MASK+16(%rip), %r12 ++ ++ lea (%arg3,%r11,1), %r10 ++ mov %r13, %r12 ++ READ_PARTIAL_BLOCK %r10 %r12 %xmm2 %xmm1 ++ ++ lea ALL_F+16(%rip), %r12 + sub %r13, %r12 +- # adjust the shuffle mask pointer to be able to shift 16-r13 bytes +- # (%r13 is the number of bytes in plaintext mod 16) +- movdqu (%r12), %xmm2 # get the appropriate shuffle mask +- PSHUFB_XMM %xmm2, %xmm1 # shift right 16-r13 byte + pxor %xmm1, %xmm0 # Plaintext XOR Encrypt(K, Yn) +- movdqu ALL_F-SHIFT_MASK(%r12), %xmm1 ++ movdqu (%r12), %xmm1 + # get the appropriate mask to mask out top 16-r13 bytes of xmm0 + pand %xmm1, %xmm0 # mask out top 16-r13 bytes of xmm0 + movdqa SHUF_MASK(%rip), %xmm10 +@@ -1785,9 +1791,6 @@ _zero_cipher_left_encrypt: + pxor %xmm0, %xmm8 + GHASH_MUL %xmm8, %xmm13, %xmm9, %xmm10, %xmm11, %xmm5, %xmm6 + # GHASH computation for the last <16 byte block +- sub %r13, %r11 +- add $16, %r11 +- + movdqa SHUF_MASK(%rip), %xmm10 + PSHUFB_XMM %xmm10, %xmm0 + diff --git a/queue-4.15/crypto-aesni-fix-typo-in-generic_gcmaes_decrypt.patch b/queue-4.15/crypto-aesni-fix-typo-in-generic_gcmaes_decrypt.patch new file mode 100644 index 00000000000..88144144823 --- /dev/null +++ b/queue-4.15/crypto-aesni-fix-typo-in-generic_gcmaes_decrypt.patch @@ -0,0 +1,35 @@ +From 106840c41096a01079d3a2025225029c13713802 Mon Sep 17 00:00:00 2001 +From: Sabrina Dubroca +Date: Wed, 13 Dec 2017 14:53:43 +0100 +Subject: crypto: aesni - fix typo in generic_gcmaes_decrypt + +From: Sabrina Dubroca + +commit 106840c41096a01079d3a2025225029c13713802 upstream. + +generic_gcmaes_decrypt needs to use generic_gcmaes_ctx, not +aesni_rfc4106_gcm_ctx. This is actually harmless because the fields in +struct generic_gcmaes_ctx share the layout of the same fields in +aesni_rfc4106_gcm_ctx. + +Fixes: cce2ea8d90fe ("crypto: aesni - add generic gcm(aes)") +Signed-off-by: Sabrina Dubroca +Reviewed-by: Stefano Brivio +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/crypto/aesni-intel_glue.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/crypto/aesni-intel_glue.c ++++ b/arch/x86/crypto/aesni-intel_glue.c +@@ -1117,7 +1117,7 @@ static int generic_gcmaes_decrypt(struct + { + __be32 counter = cpu_to_be32(1); + struct crypto_aead *tfm = crypto_aead_reqtfm(req); +- struct aesni_rfc4106_gcm_ctx *ctx = aesni_rfc4106_gcm_ctx_get(tfm); ++ struct generic_gcmaes_ctx *ctx = generic_gcmaes_ctx_get(tfm); + void *aes_ctx = &(ctx->aes_key_expanded); + u8 iv[16] __attribute__ ((__aligned__(AESNI_ALIGN))); + diff --git a/queue-4.15/crypto-aesni-handle-zero-length-dst-buffer.patch b/queue-4.15/crypto-aesni-handle-zero-length-dst-buffer.patch new file mode 100644 index 00000000000..b5ed08f7243 --- /dev/null +++ b/queue-4.15/crypto-aesni-handle-zero-length-dst-buffer.patch @@ -0,0 +1,42 @@ +From 9c674e1e2f9e24fa4392167efe343749008338e0 Mon Sep 17 00:00:00 2001 +From: Stephan Mueller +Date: Thu, 18 Jan 2018 20:41:09 +0100 +Subject: crypto: aesni - handle zero length dst buffer + +From: Stephan Mueller + +commit 9c674e1e2f9e24fa4392167efe343749008338e0 upstream. + +GCM can be invoked with a zero destination buffer. This is possible if +the AAD and the ciphertext have zero lengths and only the tag exists in +the source buffer (i.e. a source buffer cannot be zero). In this case, +the GCM cipher only performs the authentication and no decryption +operation. + +When the destination buffer has zero length, it is possible that no page +is mapped to the SG pointing to the destination. In this case, +sg_page(req->dst) is an invalid access. Therefore, page accesses should +only be allowed if the req->dst->length is non-zero which is the +indicator that a page must exist. + +This fixes a crash that can be triggered by user space via AF_ALG. + +Signed-off-by: Stephan Mueller +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/crypto/aesni-intel_glue.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/crypto/aesni-intel_glue.c ++++ b/arch/x86/crypto/aesni-intel_glue.c +@@ -824,7 +824,7 @@ static int gcmaes_decrypt(struct aead_re + if (sg_is_last(req->src) && + (!PageHighMem(sg_page(req->src)) || + req->src->offset + req->src->length <= PAGE_SIZE) && +- sg_is_last(req->dst) && ++ sg_is_last(req->dst) && req->dst->length && + (!PageHighMem(sg_page(req->dst)) || + req->dst->offset + req->dst->length <= PAGE_SIZE)) { + one_entry_in_sg = 1; diff --git a/queue-4.15/crypto-af_alg-whitelist-mask-and-type.patch b/queue-4.15/crypto-af_alg-whitelist-mask-and-type.patch new file mode 100644 index 00000000000..07e9ce6570a --- /dev/null +++ b/queue-4.15/crypto-af_alg-whitelist-mask-and-type.patch @@ -0,0 +1,58 @@ +From bb30b8848c85e18ca7e371d0a869e94b3e383bdf Mon Sep 17 00:00:00 2001 +From: Stephan Mueller +Date: Tue, 2 Jan 2018 08:55:25 +0100 +Subject: crypto: af_alg - whitelist mask and type + +From: Stephan Mueller + +commit bb30b8848c85e18ca7e371d0a869e94b3e383bdf upstream. + +The user space interface allows specifying the type and mask field used +to allocate the cipher. Only a subset of the possible flags are intended +for user space. Therefore, white-list the allowed flags. + +In case the user space caller uses at least one non-allowed flag, EINVAL +is returned. + +Reported-by: syzbot +Signed-off-by: Stephan Mueller +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/af_alg.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/crypto/af_alg.c ++++ b/crypto/af_alg.c +@@ -150,7 +150,7 @@ EXPORT_SYMBOL_GPL(af_alg_release_parent) + + static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) + { +- const u32 forbidden = CRYPTO_ALG_INTERNAL; ++ const u32 allowed = CRYPTO_ALG_KERN_DRIVER_ONLY; + struct sock *sk = sock->sk; + struct alg_sock *ask = alg_sk(sk); + struct sockaddr_alg *sa = (void *)uaddr; +@@ -158,6 +158,10 @@ static int alg_bind(struct socket *sock, + void *private; + int err; + ++ /* If caller uses non-allowed flag, return error. */ ++ if ((sa->salg_feat & ~allowed) || (sa->salg_mask & ~allowed)) ++ return -EINVAL; ++ + if (sock->state == SS_CONNECTED) + return -EINVAL; + +@@ -176,9 +180,7 @@ static int alg_bind(struct socket *sock, + if (IS_ERR(type)) + return PTR_ERR(type); + +- private = type->bind(sa->salg_name, +- sa->salg_feat & ~forbidden, +- sa->salg_mask & ~forbidden); ++ private = type->bind(sa->salg_name, sa->salg_feat, sa->salg_mask); + if (IS_ERR(private)) { + module_put(type->owner); + return PTR_ERR(private); diff --git a/queue-4.15/crypto-ecdh-fix-typo-in-kpp-dependency-of-crypto_ecdh.patch b/queue-4.15/crypto-ecdh-fix-typo-in-kpp-dependency-of-crypto_ecdh.patch new file mode 100644 index 00000000000..5838c49463b --- /dev/null +++ b/queue-4.15/crypto-ecdh-fix-typo-in-kpp-dependency-of-crypto_ecdh.patch @@ -0,0 +1,31 @@ +From b5b9007730ce1d90deaf25d7f678511550744bdc Mon Sep 17 00:00:00 2001 +From: Hauke Mehrtens +Date: Sun, 26 Nov 2017 00:16:46 +0100 +Subject: crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH + +From: Hauke Mehrtens + +commit b5b9007730ce1d90deaf25d7f678511550744bdc upstream. + +This fixes a typo in the CRYPTO_KPP dependency of CRYPTO_ECDH. + +Fixes: 3c4b23901a0c ("crypto: ecdh - Add ECDH software support") +Signed-off-by: Hauke Mehrtens +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/crypto/Kconfig ++++ b/crypto/Kconfig +@@ -130,7 +130,7 @@ config CRYPTO_DH + + config CRYPTO_ECDH + tristate "ECDH algorithm" +- select CRYTPO_KPP ++ select CRYPTO_KPP + select CRYPTO_RNG_DEFAULT + help + Generic implementation of the ECDH algorithm diff --git a/queue-4.15/crypto-inside-secure-avoid-unmapping-dma-memory-that-was-not-mapped.patch b/queue-4.15/crypto-inside-secure-avoid-unmapping-dma-memory-that-was-not-mapped.patch new file mode 100644 index 00000000000..f9ca60b2e21 --- /dev/null +++ b/queue-4.15/crypto-inside-secure-avoid-unmapping-dma-memory-that-was-not-mapped.patch @@ -0,0 +1,79 @@ +From c957f8b3e2e54b29f53ef69decc87bbc858c9b58 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Antoine=20T=C3=A9nart?= +Date: Tue, 26 Dec 2017 17:21:16 +0100 +Subject: crypto: inside-secure - avoid unmapping DMA memory that was not mapped + +From: Antoine Tenart + +commit c957f8b3e2e54b29f53ef69decc87bbc858c9b58 upstream. + +This patch adds a parameter in the SafeXcel ahash request structure to +keep track of the number of SG entries mapped. This allows not to call +dma_unmap_sg() when dma_map_sg() wasn't called in the first place. This +also removes a warning when the debugging of the DMA-API is enabled in +the kernel configuration: "DMA-API: device driver tries to free DMA +memory it has not allocated". + +Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver") +Signed-off-by: Antoine Tenart +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/inside-secure/safexcel_hash.c | 20 ++++++++++++-------- + 1 file changed, 12 insertions(+), 8 deletions(-) + +--- a/drivers/crypto/inside-secure/safexcel_hash.c ++++ b/drivers/crypto/inside-secure/safexcel_hash.c +@@ -34,6 +34,8 @@ struct safexcel_ahash_req { + bool hmac; + bool needs_inv; + ++ int nents; ++ + u8 state_sz; /* expected sate size, only set once */ + u32 state[SHA256_DIGEST_SIZE / sizeof(u32)] __aligned(sizeof(u32)); + +@@ -152,8 +154,10 @@ static int safexcel_handle_req_result(st + memcpy(areq->result, sreq->state, + crypto_ahash_digestsize(ahash)); + +- dma_unmap_sg(priv->dev, areq->src, +- sg_nents_for_len(areq->src, areq->nbytes), DMA_TO_DEVICE); ++ if (sreq->nents) { ++ dma_unmap_sg(priv->dev, areq->src, sreq->nents, DMA_TO_DEVICE); ++ sreq->nents = 0; ++ } + + safexcel_free_context(priv, async, sreq->state_sz); + +@@ -178,7 +182,7 @@ static int safexcel_ahash_send_req(struc + struct safexcel_command_desc *cdesc, *first_cdesc = NULL; + struct safexcel_result_desc *rdesc; + struct scatterlist *sg; +- int i, nents, queued, len, cache_len, extra, n_cdesc = 0, ret = 0; ++ int i, queued, len, cache_len, extra, n_cdesc = 0, ret = 0; + + queued = len = req->len - req->processed; + if (queued < crypto_ahash_blocksize(ahash)) +@@ -248,15 +252,15 @@ static int safexcel_ahash_send_req(struc + } + + /* Now handle the current ahash request buffer(s) */ +- nents = dma_map_sg(priv->dev, areq->src, +- sg_nents_for_len(areq->src, areq->nbytes), +- DMA_TO_DEVICE); +- if (!nents) { ++ req->nents = dma_map_sg(priv->dev, areq->src, ++ sg_nents_for_len(areq->src, areq->nbytes), ++ DMA_TO_DEVICE); ++ if (!req->nents) { + ret = -ENOMEM; + goto cdesc_rollback; + } + +- for_each_sg(areq->src, sg, nents, i) { ++ for_each_sg(areq->src, sg, req->nents, i) { + int sglen = sg_dma_len(sg); + + /* Do not overflow the request */ diff --git a/queue-4.15/crypto-inside-secure-fix-hash-when-length-is-a-multiple-of-a-block.patch b/queue-4.15/crypto-inside-secure-fix-hash-when-length-is-a-multiple-of-a-block.patch new file mode 100644 index 00000000000..647f8638a47 --- /dev/null +++ b/queue-4.15/crypto-inside-secure-fix-hash-when-length-is-a-multiple-of-a-block.patch @@ -0,0 +1,68 @@ +From 809778e02cd45d0625439fee67688f655627bb3c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Antoine=20T=C3=A9nart?= +Date: Tue, 26 Dec 2017 17:21:17 +0100 +Subject: crypto: inside-secure - fix hash when length is a multiple of a block + +From: Antoine Tenart + +commit 809778e02cd45d0625439fee67688f655627bb3c upstream. + +This patch fixes the hash support in the SafeXcel driver when the update +size is a multiple of a block size, and when a final call is made just +after with a size of 0. In such cases the driver should cache the last +block from the update to avoid handling 0 length data on the final call +(that's a hardware limitation). + +Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver") +Signed-off-by: Antoine Tenart +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/inside-secure/safexcel_hash.c | 34 +++++++++++++++++++-------- + 1 file changed, 24 insertions(+), 10 deletions(-) + +--- a/drivers/crypto/inside-secure/safexcel_hash.c ++++ b/drivers/crypto/inside-secure/safexcel_hash.c +@@ -186,17 +186,31 @@ static int safexcel_ahash_send_req(struc + else + cache_len = queued - areq->nbytes; + +- /* +- * If this is not the last request and the queued data does not fit +- * into full blocks, cache it for the next send() call. +- */ +- extra = queued & (crypto_ahash_blocksize(ahash) - 1); +- if (!req->last_req && extra) { +- sg_pcopy_to_buffer(areq->src, sg_nents(areq->src), +- req->cache_next, extra, areq->nbytes - extra); ++ if (!req->last_req) { ++ /* If this is not the last request and the queued data does not ++ * fit into full blocks, cache it for the next send() call. ++ */ ++ extra = queued & (crypto_ahash_blocksize(ahash) - 1); ++ if (!extra) ++ /* If this is not the last request and the queued data ++ * is a multiple of a block, cache the last one for now. ++ */ ++ extra = queued - crypto_ahash_blocksize(ahash); + +- queued -= extra; +- len -= extra; ++ if (extra) { ++ sg_pcopy_to_buffer(areq->src, sg_nents(areq->src), ++ req->cache_next, extra, ++ areq->nbytes - extra); ++ ++ queued -= extra; ++ len -= extra; ++ ++ if (!queued) { ++ *commands = 0; ++ *results = 0; ++ return 0; ++ } ++ } + } + + spin_lock_bh(&priv->ring[ring].egress_lock); diff --git a/queue-4.15/crypto-sha3-generic-fixes-for-alignment-and-big-endian-operation.patch b/queue-4.15/crypto-sha3-generic-fixes-for-alignment-and-big-endian-operation.patch new file mode 100644 index 00000000000..f59d474fe0c --- /dev/null +++ b/queue-4.15/crypto-sha3-generic-fixes-for-alignment-and-big-endian-operation.patch @@ -0,0 +1,51 @@ +From c013cee99d5a18aec8c71fee8f5f41369cd12595 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Fri, 19 Jan 2018 12:04:33 +0000 +Subject: crypto: sha3-generic - fixes for alignment and big endian operation + +From: Ard Biesheuvel + +commit c013cee99d5a18aec8c71fee8f5f41369cd12595 upstream. + +Ensure that the input is byte swabbed before injecting it into the +SHA3 transform. Use the get_unaligned() accessor for this so that +we don't perform unaligned access inadvertently on architectures +that do not support that. + +Fixes: 53964b9ee63b7075 ("crypto: sha3 - Add SHA-3 hash algorithm") +Signed-off-by: Ard Biesheuvel +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/sha3_generic.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/crypto/sha3_generic.c ++++ b/crypto/sha3_generic.c +@@ -18,6 +18,7 @@ + #include + #include + #include ++#include + + #define KECCAK_ROUNDS 24 + +@@ -149,7 +150,7 @@ static int sha3_update(struct shash_desc + unsigned int i; + + for (i = 0; i < sctx->rsizw; i++) +- sctx->st[i] ^= ((u64 *) src)[i]; ++ sctx->st[i] ^= get_unaligned_le64(src + 8 * i); + keccakf(sctx->st); + + done += sctx->rsiz; +@@ -174,7 +175,7 @@ static int sha3_final(struct shash_desc + sctx->buf[sctx->rsiz - 1] |= 0x80; + + for (i = 0; i < sctx->rsizw; i++) +- sctx->st[i] ^= ((u64 *) sctx->buf)[i]; ++ sctx->st[i] ^= get_unaligned_le64(sctx->buf + 8 * i); + + keccakf(sctx->st); + diff --git a/queue-4.15/gpio-ath79-add-missing-module_description-license.patch b/queue-4.15/gpio-ath79-add-missing-module_description-license.patch new file mode 100644 index 00000000000..e418ab25abc --- /dev/null +++ b/queue-4.15/gpio-ath79-add-missing-module_description-license.patch @@ -0,0 +1,37 @@ +From 539340f37e6d6ed4cd93e8e18c9b2e4eafd4b842 Mon Sep 17 00:00:00 2001 +From: Jesse Chan +Date: Mon, 20 Nov 2017 12:54:26 -0800 +Subject: gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE + +From: Jesse Chan + +commit 539340f37e6d6ed4cd93e8e18c9b2e4eafd4b842 upstream. + +This change resolves a new compile-time warning +when built as a loadable module: + +WARNING: modpost: missing MODULE_LICENSE() in drivers/gpio/gpio-ath79.o +see include/linux/module.h for more information + +This adds the license as "GPL v2", which matches the header of the file. + +MODULE_DESCRIPTION is also added. + +Signed-off-by: Jesse Chan +Acked-by: Alban Bedel +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpio/gpio-ath79.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/gpio/gpio-ath79.c ++++ b/drivers/gpio/gpio-ath79.c +@@ -324,3 +324,6 @@ static struct platform_driver ath79_gpio + }; + + module_platform_driver(ath79_gpio_driver); ++ ++MODULE_DESCRIPTION("Atheros AR71XX/AR724X/AR913X GPIO API support"); ++MODULE_LICENSE("GPL v2"); diff --git a/queue-4.15/gpio-fix-kernel-stack-leak-to-userspace.patch b/queue-4.15/gpio-fix-kernel-stack-leak-to-userspace.patch new file mode 100644 index 00000000000..9314e05232b --- /dev/null +++ b/queue-4.15/gpio-fix-kernel-stack-leak-to-userspace.patch @@ -0,0 +1,35 @@ +From 24bd3efc9d1efb5f756a7c6f807a36ddb6adc671 Mon Sep 17 00:00:00 2001 +From: Linus Walleij +Date: Mon, 22 Jan 2018 13:19:28 +0100 +Subject: gpio: Fix kernel stack leak to userspace + +From: Linus Walleij + +commit 24bd3efc9d1efb5f756a7c6f807a36ddb6adc671 upstream. + +The GPIO event descriptor was leaking kernel stack to +userspace because we don't zero the variable before +use. Ooops. Fix this. + +Reported-by: Arnd Bergmann +Reviewed-by: Bartosz Golaszewski +Reviewed-by: Arnd Bergmann +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpio/gpiolib.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/gpio/gpiolib.c ++++ b/drivers/gpio/gpiolib.c +@@ -732,6 +732,9 @@ static irqreturn_t lineevent_irq_thread( + struct gpioevent_data ge; + int ret, level; + ++ /* Do not leak kernel stack to userspace */ ++ memset(&ge, 0, sizeof(ge)); ++ + ge.timestamp = ktime_get_real_ns(); + level = gpiod_get_value_cansleep(le->desc); + diff --git a/queue-4.15/gpio-iop-add-missing-module_description-author-license.patch b/queue-4.15/gpio-iop-add-missing-module_description-author-license.patch new file mode 100644 index 00000000000..735c5bc598d --- /dev/null +++ b/queue-4.15/gpio-iop-add-missing-module_description-author-license.patch @@ -0,0 +1,37 @@ +From 97b03136e1b637d7a9d2274c099e44ecf23f1103 Mon Sep 17 00:00:00 2001 +From: Jesse Chan +Date: Mon, 20 Nov 2017 12:54:52 -0800 +Subject: gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE + +From: Jesse Chan + +commit 97b03136e1b637d7a9d2274c099e44ecf23f1103 upstream. + +This change resolves a new compile-time warning +when built as a loadable module: + +WARNING: modpost: missing MODULE_LICENSE() in drivers/gpio/gpio-iop.o +see include/linux/module.h for more information + +This adds the license as "GPL", which matches the header of the file. + +MODULE_DESCRIPTION and MODULE_AUTHOR are also added. + +Signed-off-by: Jesse Chan +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpio/gpio-iop.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/gpio/gpio-iop.c ++++ b/drivers/gpio/gpio-iop.c +@@ -58,3 +58,7 @@ static int __init iop3xx_gpio_init(void) + return platform_driver_register(&iop3xx_gpio_driver); + } + arch_initcall(iop3xx_gpio_init); ++ ++MODULE_DESCRIPTION("GPIO handling for Intel IOP3xx processors"); ++MODULE_AUTHOR("Lennert Buytenhek "); ++MODULE_LICENSE("GPL"); diff --git a/queue-4.15/gpio-stmpe-i2c-transfer-are-forbiden-in-atomic-context.patch b/queue-4.15/gpio-stmpe-i2c-transfer-are-forbiden-in-atomic-context.patch new file mode 100644 index 00000000000..ec115f97bee --- /dev/null +++ b/queue-4.15/gpio-stmpe-i2c-transfer-are-forbiden-in-atomic-context.patch @@ -0,0 +1,100 @@ +From b888fb6f2a278442933e3bfab70262e9a5365fb3 Mon Sep 17 00:00:00 2001 +From: Patrice Chotard +Date: Fri, 12 Jan 2018 13:16:08 +0100 +Subject: gpio: stmpe: i2c transfer are forbiden in atomic context + +From: Patrice Chotard + +commit b888fb6f2a278442933e3bfab70262e9a5365fb3 upstream. + +Move the workaround from stmpe_gpio_irq_unmask() which is executed +in atomic context to stmpe_gpio_irq_sync_unlock() which is not. + +It fixes the following issue: + +[ 1.500000] BUG: scheduling while atomic: swapper/1/0x00000002 +[ 1.500000] CPU: 0 PID: 1 Comm: swapper Not tainted 4.15.0-rc2-00020-gbd4301f-dirty #28 +[ 1.520000] Hardware name: STM32 (Device Tree Support) +[ 1.520000] [<0000bfc9>] (unwind_backtrace) from [<0000b347>] (show_stack+0xb/0xc) +[ 1.530000] [<0000b347>] (show_stack) from [<0001fc49>] (__schedule_bug+0x39/0x58) +[ 1.530000] [<0001fc49>] (__schedule_bug) from [<00168211>] (__schedule+0x23/0x2b2) +[ 1.550000] [<00168211>] (__schedule) from [<001684f7>] (schedule+0x57/0x64) +[ 1.550000] [<001684f7>] (schedule) from [<0016a513>] (schedule_timeout+0x137/0x164) +[ 1.550000] [<0016a513>] (schedule_timeout) from [<00168b91>] (wait_for_common+0x8d/0xfc) +[ 1.570000] [<00168b91>] (wait_for_common) from [<00139753>] (stm32f4_i2c_xfer+0xe9/0xfe) +[ 1.580000] [<00139753>] (stm32f4_i2c_xfer) from [<00138545>] (__i2c_transfer+0x111/0x148) +[ 1.590000] [<00138545>] (__i2c_transfer) from [<001385cf>] (i2c_transfer+0x53/0x70) +[ 1.590000] [<001385cf>] (i2c_transfer) from [<001388a5>] (i2c_smbus_xfer+0x12f/0x36e) +[ 1.600000] [<001388a5>] (i2c_smbus_xfer) from [<00138b49>] (i2c_smbus_read_byte_data+0x1f/0x2a) +[ 1.610000] [<00138b49>] (i2c_smbus_read_byte_data) from [<00124fdd>] (__stmpe_reg_read+0xd/0x24) +[ 1.620000] [<00124fdd>] (__stmpe_reg_read) from [<001252b3>] (stmpe_reg_read+0x19/0x24) +[ 1.630000] [<001252b3>] (stmpe_reg_read) from [<0002c4d1>] (unmask_irq+0x17/0x22) +[ 1.640000] [<0002c4d1>] (unmask_irq) from [<0002c57f>] (irq_startup+0x6f/0x78) +[ 1.650000] [<0002c57f>] (irq_startup) from [<0002b7a1>] (__setup_irq+0x319/0x47c) +[ 1.650000] [<0002b7a1>] (__setup_irq) from [<0002bad3>] (request_threaded_irq+0x6b/0xe8) +[ 1.660000] [<0002bad3>] (request_threaded_irq) from [<0002d0b9>] (devm_request_threaded_irq+0x3b/0x6a) +[ 1.670000] [<0002d0b9>] (devm_request_threaded_irq) from [<001446e7>] (mmc_gpiod_request_cd_irq+0x49/0x8a) +[ 1.680000] [<001446e7>] (mmc_gpiod_request_cd_irq) from [<0013d45d>] (mmc_start_host+0x49/0x60) +[ 1.690000] [<0013d45d>] (mmc_start_host) from [<0013e40b>] (mmc_add_host+0x3b/0x54) +[ 1.700000] [<0013e40b>] (mmc_add_host) from [<00148119>] (mmci_probe+0x4d1/0x60c) +[ 1.710000] [<00148119>] (mmci_probe) from [<000f903b>] (amba_probe+0x7b/0xbe) +[ 1.720000] [<000f903b>] (amba_probe) from [<001170e5>] (driver_probe_device+0x169/0x1f8) +[ 1.730000] [<001170e5>] (driver_probe_device) from [<001171b7>] (__driver_attach+0x43/0x5c) +[ 1.740000] [<001171b7>] (__driver_attach) from [<0011618d>] (bus_for_each_dev+0x3d/0x46) +[ 1.740000] [<0011618d>] (bus_for_each_dev) from [<001165cd>] (bus_add_driver+0xcd/0x124) +[ 1.740000] [<001165cd>] (bus_add_driver) from [<00117713>] (driver_register+0x4d/0x7a) +[ 1.760000] [<00117713>] (driver_register) from [<001fc765>] (do_one_initcall+0xbd/0xe8) +[ 1.770000] [<001fc765>] (do_one_initcall) from [<001fc88b>] (kernel_init_freeable+0xfb/0x134) +[ 1.780000] [<001fc88b>] (kernel_init_freeable) from [<00167ee3>] (kernel_init+0x7/0x9c) +[ 1.790000] [<00167ee3>] (kernel_init) from [<00009b65>] (ret_from_fork+0x11/0x2c) + +Signed-off-by: Alexandre TORGUE +Signed-off-by: Patrice Chotard +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpio/gpio-stmpe.c | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +--- a/drivers/gpio/gpio-stmpe.c ++++ b/drivers/gpio/gpio-stmpe.c +@@ -190,6 +190,16 @@ static void stmpe_gpio_irq_sync_unlock(s + }; + int i, j; + ++ /* ++ * STMPE1600: to be able to get IRQ from pins, ++ * a read must be done on GPMR register, or a write in ++ * GPSR or GPCR registers ++ */ ++ if (stmpe->partnum == STMPE1600) { ++ stmpe_reg_read(stmpe, stmpe->regs[STMPE_IDX_GPMR_LSB]); ++ stmpe_reg_read(stmpe, stmpe->regs[STMPE_IDX_GPMR_CSB]); ++ } ++ + for (i = 0; i < CACHE_NR_REGS; i++) { + /* STMPE801 and STMPE1600 don't have RE and FE registers */ + if ((stmpe->partnum == STMPE801 || +@@ -227,21 +237,11 @@ static void stmpe_gpio_irq_unmask(struct + { + struct gpio_chip *gc = irq_data_get_irq_chip_data(d); + struct stmpe_gpio *stmpe_gpio = gpiochip_get_data(gc); +- struct stmpe *stmpe = stmpe_gpio->stmpe; + int offset = d->hwirq; + int regoffset = offset / 8; + int mask = BIT(offset % 8); + + stmpe_gpio->regs[REG_IE][regoffset] |= mask; +- +- /* +- * STMPE1600 workaround: to be able to get IRQ from pins, +- * a read must be done on GPMR register, or a write in +- * GPSR or GPCR registers +- */ +- if (stmpe->partnum == STMPE1600) +- stmpe_reg_read(stmpe, +- stmpe->regs[STMPE_IDX_GPMR_LSB + regoffset]); + } + + static void stmpe_dbg_show_one(struct seq_file *s, diff --git a/queue-4.15/hid-wacom-ekr-ensure-devres-groups-at-higher-indexes-are-released.patch b/queue-4.15/hid-wacom-ekr-ensure-devres-groups-at-higher-indexes-are-released.patch new file mode 100644 index 00000000000..1297a92ebaf --- /dev/null +++ b/queue-4.15/hid-wacom-ekr-ensure-devres-groups-at-higher-indexes-are-released.patch @@ -0,0 +1,102 @@ +From 791ae273731fa85d3332e45064dab177ae663e80 Mon Sep 17 00:00:00 2001 +From: Aaron Armstrong Skomra +Date: Thu, 7 Dec 2017 12:31:56 -0800 +Subject: HID: wacom: EKR: ensure devres groups at higher indexes are released + +From: Aaron Armstrong Skomra + +commit 791ae273731fa85d3332e45064dab177ae663e80 upstream. + +Background: ExpressKey Remotes communicate their events via usb dongle. +Each dongle can hold up to 5 pairings at one time and one EKR (identified +by its serial number) can unfortunately be paired with its dongle +more than once. The pairing takes place in a round-robin fashion. + +Input devices are only created once per EKR, when a new serial number +is seen in the list of pairings. However, if a device is created for +a "higher" paring index and subsequently a second pairing occurs at a +lower pairing index, unpairing the remote with that serial number from +any pairing index will currently cause a driver crash. This occurs +infrequently, as two remotes are necessary to trigger this bug and most +users have only one remote. + +As an illustration, to trigger the bug you need to have two remotes, +and pair them in this order: + +1. slot 0 -> remote 1 (input device created for remote 1) +2. slot 1 -> remote 1 (duplicate pairing - no device created) +3. slot 2 -> remote 1 (duplicate pairing - no device created) +4. slot 3 -> remote 1 (duplicate pairing - no device created) +5. slot 4 -> remote 2 (input device created for remote 2) + +6. slot 0 -> remote 2 (1 destroyed and recreated at slot 1) +7. slot 1 -> remote 2 (1 destroyed and recreated at slot 2) +8. slot 2 -> remote 2 (1 destroyed and recreated at slot 3) +9. slot 3 -> remote 2 (1 destroyed and not recreated) +10. slot 4 -> remote 2 (2 was already in this slot so no changes) + +11. slot 0 -> remote 1 (The current code sees remote 2 was paired over in + one of the dongle slots it occupied and attempts + to remove all information about remote 2 [1]. It + calls wacom_remote_destroy_one for remote 2, but + the destroy function assumes the lowest index is + where the remote's input device was created. The + code "cleans up" the other remote 2 pairings + including the one which the input device was based + on, assuming they were were just duplicate + pairings. However, the cleanup doesn't call the + devres release function for the input device that + was created in slot 4). + +This issue is fixed by this commit. + +[1] Remote 2 should subsequently be re-created on the next packet from the +EKR at the lowest numbered slot that it occupies (here slot 1). + +Fixes: f9036bd43602 ("HID: wacom: EKR: use devres groups to manage resources") +Signed-off-by: Aaron Armstrong Skomra +Signed-off-by: Jiri Kosina +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/hid/wacom_sys.c | 24 ++++++++++++------------ + 1 file changed, 12 insertions(+), 12 deletions(-) + +--- a/drivers/hid/wacom_sys.c ++++ b/drivers/hid/wacom_sys.c +@@ -2347,23 +2347,23 @@ static void wacom_remote_destroy_one(str + int i; + unsigned long flags; + +- spin_lock_irqsave(&remote->remote_lock, flags); +- remote->remotes[index].registered = false; +- spin_unlock_irqrestore(&remote->remote_lock, flags); ++ for (i = 0; i < WACOM_MAX_REMOTES; i++) { ++ if (remote->remotes[i].serial == serial) { + +- if (remote->remotes[index].battery.battery) +- devres_release_group(&wacom->hdev->dev, +- &remote->remotes[index].battery.bat_desc); ++ spin_lock_irqsave(&remote->remote_lock, flags); ++ remote->remotes[i].registered = false; ++ spin_unlock_irqrestore(&remote->remote_lock, flags); + +- if (remote->remotes[index].group.name) +- devres_release_group(&wacom->hdev->dev, +- &remote->remotes[index]); ++ if (remote->remotes[i].battery.battery) ++ devres_release_group(&wacom->hdev->dev, ++ &remote->remotes[i].battery.bat_desc); ++ ++ if (remote->remotes[i].group.name) ++ devres_release_group(&wacom->hdev->dev, ++ &remote->remotes[i]); + +- for (i = 0; i < WACOM_MAX_REMOTES; i++) { +- if (remote->remotes[i].serial == serial) { + remote->remotes[i].serial = 0; + remote->remotes[i].group.name = NULL; +- remote->remotes[i].registered = false; + remote->remotes[i].battery.battery = NULL; + wacom->led.groups[i].select = WACOM_STATUS_UNKNOWN; + } diff --git a/queue-4.15/hid-wacom-fix-reporting-of-touch-toggle-wacom_hid_wd_mute_device-events.patch b/queue-4.15/hid-wacom-fix-reporting-of-touch-toggle-wacom_hid_wd_mute_device-events.patch new file mode 100644 index 00000000000..9589e8f9eb6 --- /dev/null +++ b/queue-4.15/hid-wacom-fix-reporting-of-touch-toggle-wacom_hid_wd_mute_device-events.patch @@ -0,0 +1,81 @@ +From 403c0f681c1964ff1db8c2fb8de8c4067779d081 Mon Sep 17 00:00:00 2001 +From: Jason Gerecke +Date: Tue, 26 Dec 2017 14:53:55 -0800 +Subject: HID: wacom: Fix reporting of touch toggle (WACOM_HID_WD_MUTE_DEVICE) events + +From: Jason Gerecke + +commit 403c0f681c1964ff1db8c2fb8de8c4067779d081 upstream. + +Touch toggle softkeys send a '1' while pressed and a '0' while released, +requring the kernel to keep track of wether touch should be enabled or +disabled. The code does not handle the state transitions properly, +however. If the key is pressed repeatedly, the following four states +of states are cycled through (assuming touch starts out enabled): + +Press: shared->is_touch_on => 0, SW_MUTE_DEVICE => 1 +Release: shared->is_touch_on => 0, SW_MUTE_DEVICE => 1 +Press: shared->is_touch_on => 1, SW_MUTE_DEVICE => 0 +Release: shared->is_touch_on => 1, SW_MUTE_DEVICE => 1 + +The hardware always properly enables/disables touch when the key is +pressed but applications that listen for SW_MUTE_DEVICE events to provide +feedback about the state will only ever show touch as being enabled while +the key is held, and only every-other time. This sequence occurs because +the fallthrough WACOM_HID_WD_TOUCHONOFF case is always handled, and it +uses the value of the *local* is_touch_on variable as the value to +report to userspace. The local value is equal to the shared value when +the button is pressed, but equal to zero when the button is released. + +Reporting the shared value to userspace fixes this problem, but the +fallthrough case needs to update the shared value in an incompatible +way (which is why the local variable was introduced in the first place). +To work around this, we just handle both cases in a single block of code +and update the shared variable as appropriate. + +Fixes: d793ff8187 ("HID: wacom: generic: support touch on/off softkey") +Signed-off-by: Jason Gerecke +Reviewed-by: Aaron Skomra +Tested-by: Aaron Skomra +Signed-off-by: Jiri Kosina +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/hid/wacom_wac.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +--- a/drivers/hid/wacom_wac.c ++++ b/drivers/hid/wacom_wac.c +@@ -1924,7 +1924,6 @@ static void wacom_wac_pad_event(struct h + struct wacom_features *features = &wacom_wac->features; + unsigned equivalent_usage = wacom_equivalent_usage(usage->hid); + int i; +- bool is_touch_on = value; + bool do_report = false; + + /* +@@ -1969,16 +1968,17 @@ static void wacom_wac_pad_event(struct h + break; + + case WACOM_HID_WD_MUTE_DEVICE: +- if (wacom_wac->shared->touch_input && value) { +- wacom_wac->shared->is_touch_on = !wacom_wac->shared->is_touch_on; +- is_touch_on = wacom_wac->shared->is_touch_on; +- } +- +- /* fall through*/ + case WACOM_HID_WD_TOUCHONOFF: + if (wacom_wac->shared->touch_input) { ++ bool *is_touch_on = &wacom_wac->shared->is_touch_on; ++ ++ if (equivalent_usage == WACOM_HID_WD_MUTE_DEVICE && value) ++ *is_touch_on = !(*is_touch_on); ++ else if (equivalent_usage == WACOM_HID_WD_TOUCHONOFF) ++ *is_touch_on = value; ++ + input_report_switch(wacom_wac->shared->touch_input, +- SW_MUTE_DEVICE, !is_touch_on); ++ SW_MUTE_DEVICE, !(*is_touch_on)); + input_sync(wacom_wac->shared->touch_input); + } + break; diff --git a/queue-4.15/mtd-nand-denali_pci-add-missing-module_description-author-license.patch b/queue-4.15/mtd-nand-denali_pci-add-missing-module_description-author-license.patch new file mode 100644 index 00000000000..24c1fc8419a --- /dev/null +++ b/queue-4.15/mtd-nand-denali_pci-add-missing-module_description-author-license.patch @@ -0,0 +1,38 @@ +From d822401d1c6898a4a4ee03977b78b8cec402e88a Mon Sep 17 00:00:00 2001 +From: Jesse Chan +Date: Mon, 20 Nov 2017 12:57:13 -0800 +Subject: mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE + +From: Jesse Chan + +commit d822401d1c6898a4a4ee03977b78b8cec402e88a upstream. + +This change resolves a new compile-time warning +when built as a loadable module: + +WARNING: modpost: missing MODULE_LICENSE() in drivers/mtd/nand/denali_pci.o +see include/linux/module.h for more information + +This adds the license as "GPL v2", which matches the header of the file. + +MODULE_DESCRIPTION and MODULE_AUTHOR are also added. + +Signed-off-by: Jesse Chan +Acked-by: Masahiro Yamada +Signed-off-by: Boris Brezillon +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/nand/denali_pci.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/mtd/nand/denali_pci.c ++++ b/drivers/mtd/nand/denali_pci.c +@@ -125,3 +125,7 @@ static struct pci_driver denali_pci_driv + .remove = denali_pci_remove, + }; + module_pci_driver(denali_pci_driver); ++ ++MODULE_DESCRIPTION("PCI driver for Denali NAND controller"); ++MODULE_AUTHOR("Intel Corporation and its suppliers"); ++MODULE_LICENSE("GPL v2"); diff --git a/queue-4.15/power-reset-zx-reboot-add-missing-module_description-author-license.patch b/queue-4.15/power-reset-zx-reboot-add-missing-module_description-author-license.patch new file mode 100644 index 00000000000..3de273a344a --- /dev/null +++ b/queue-4.15/power-reset-zx-reboot-add-missing-module_description-author-license.patch @@ -0,0 +1,37 @@ +From 348c7cf5fcbcb68838255759d4cb45d039af36d2 Mon Sep 17 00:00:00 2001 +From: Jesse Chan +Date: Mon, 20 Nov 2017 12:58:27 -0800 +Subject: power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE + +From: Jesse Chan + +commit 348c7cf5fcbcb68838255759d4cb45d039af36d2 upstream. + +This change resolves a new compile-time warning +when built as a loadable module: + +WARNING: modpost: missing MODULE_LICENSE() in drivers/power/reset/zx-reboot.o +see include/linux/module.h for more information + +This adds the license as "GPL v2", which matches the header of the file. + +MODULE_DESCRIPTION and MODULE_AUTHOR are also added. + +Signed-off-by: Jesse Chan +Signed-off-by: Sebastian Reichel +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/power/reset/zx-reboot.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/power/reset/zx-reboot.c ++++ b/drivers/power/reset/zx-reboot.c +@@ -82,3 +82,7 @@ static struct platform_driver zx_reboot_ + }, + }; + module_platform_driver(zx_reboot_driver); ++ ++MODULE_DESCRIPTION("ZTE SoCs reset driver"); ++MODULE_AUTHOR("Jun Nie "); ++MODULE_LICENSE("GPL v2"); diff --git a/queue-4.15/series b/queue-4.15/series index ff913e75d8d..ee071dcd7b1 100644 --- a/queue-4.15/series +++ b/queue-4.15/series @@ -1 +1,21 @@ bluetooth-hci_serdev-init-hci_uart-proto_lock-to-avoid-oops.patch +tools-gpio-fix-build-error-with-musl-libc.patch +gpio-stmpe-i2c-transfer-are-forbiden-in-atomic-context.patch +gpio-fix-kernel-stack-leak-to-userspace.patch +alsa-hda-reduce-the-suspend-time-consumption-for-alc256.patch +crypto-ecdh-fix-typo-in-kpp-dependency-of-crypto_ecdh.patch +crypto-aesni-handle-zero-length-dst-buffer.patch +crypto-aesni-fix-typo-in-generic_gcmaes_decrypt.patch +crypto-aesni-add-wrapper-for-generic-gcm-aes.patch +crypto-aesni-fix-out-of-bounds-access-of-the-data-buffer-in-generic-gcm-aesni.patch +crypto-aesni-fix-out-of-bounds-access-of-the-aad-buffer-in-generic-gcm-aesni.patch +crypto-inside-secure-fix-hash-when-length-is-a-multiple-of-a-block.patch +crypto-inside-secure-avoid-unmapping-dma-memory-that-was-not-mapped.patch +crypto-sha3-generic-fixes-for-alignment-and-big-endian-operation.patch +crypto-af_alg-whitelist-mask-and-type.patch +hid-wacom-ekr-ensure-devres-groups-at-higher-indexes-are-released.patch +hid-wacom-fix-reporting-of-touch-toggle-wacom_hid_wd_mute_device-events.patch +power-reset-zx-reboot-add-missing-module_description-author-license.patch +gpio-iop-add-missing-module_description-author-license.patch +gpio-ath79-add-missing-module_description-license.patch +mtd-nand-denali_pci-add-missing-module_description-author-license.patch diff --git a/queue-4.15/tools-gpio-fix-build-error-with-musl-libc.patch b/queue-4.15/tools-gpio-fix-build-error-with-musl-libc.patch new file mode 100644 index 00000000000..543ae7b01eb --- /dev/null +++ b/queue-4.15/tools-gpio-fix-build-error-with-musl-libc.patch @@ -0,0 +1,45 @@ +From 1696784eb7b52b13b62d160c028ef2c2c981d4f2 Mon Sep 17 00:00:00 2001 +From: Joel Stanley +Date: Thu, 21 Dec 2017 11:11:31 +1030 +Subject: tools/gpio: Fix build error with musl libc +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Joel Stanley + +commit 1696784eb7b52b13b62d160c028ef2c2c981d4f2 upstream. + +The GPIO tools build fails when using a buildroot toolchain that uses musl +as it's C library: + +arm-broomstick-linux-musleabi-gcc -Wp,-MD,./.gpio-event-mon.o.d \ + -Wp,-MT,gpio-event-mon.o -O2 -Wall -g -D_GNU_SOURCE \ + -Iinclude -D"BUILD_STR(s)=#s" -c -o gpio-event-mon.o gpio-event-mon.c +gpio-event-mon.c:30:6: error: unknown type name ‘u_int32_t’; did you mean ‘uint32_t’? + u_int32_t handleflags, + ^~~~~~~~~ + uint32_t + +The glibc headers installed on my laptop include sys/types.h in +unistd.h, but it appears that musl does not. + +Fixes: 97f69747d8b1 ("tools/gpio: add the gpio-event-mon tool") +Signed-off-by: Joel Stanley +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + tools/gpio/gpio-event-mon.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/tools/gpio/gpio-event-mon.c ++++ b/tools/gpio/gpio-event-mon.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + #include + + int monitor_device(const char *device_name,