4f2095eb99322c60147670f49fa43995e1fd8631
2395 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Rishabh Bhatnagar
|
4ac13bd161 |
Merge remote-tracking branch 'origin_4.19/tmp-0567d2f' into msm-4.19
* origin_4.19/tmp-0567d2f:
Linux 4.19.9
HID: quirks: fix RetroUSB.com devices
mac80211: ignore NullFunc frames in the duplicate detection
mac80211: fix reordering of buffered broadcast packets
mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext
mac80211: Clear beacon_int in ieee80211_do_stop
mac80211: fix GFP_KERNEL under tasklet context
mac80211_hwsim: Timer should be initialized before device registered
cfg80211: Fix busy loop regression in ieee80211_ie_split_ric()
libnvdimm, pfn: Pad pfn namespaces relative to other regions
kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var()
gnss: sirf: fix activation retry handling
tty: do not set TTY_IO_ERROR flag if console port
tty: serial: 8250_mtk: always resume the device in probe.
Drivers: hv: vmbus: Offload the handling of channels to two workqueues
x86/efi: Allocate e820 buffer before calling efi_exit_boot_service
kprobes/x86: Fix instruction patching corruption when copying more than one RIP-relative instruction
drm/i915: Downgrade Gen9 Plane WM latency error
drm/amdgpu/gmc8: always load MC firmware in the driver
drm/amdgpu/gmc8: update MC firmware for polaris
drm/msm: Move fence put to where failure occurs
drm/lease: Send a distinct uevent
drm/amdgpu: update mc firmware image for polaris12 variants
crypto: do not free algorithm before using
Revert commit
|
||
|
Greg Kroah-Hartman
|
6f76e7945a |
Merge 4.19.9 into android-4.19
Changes in 4.19.9
media: vicodec: lower minimum height to 360
media: cec: check for non-OK/NACK conditions while claiming a LA
media: omap3isp: Unregister media device as first
media: ipu3-cio2: Unregister device nodes first, then release resources
iommu/vt-d: Fix NULL pointer dereference in prq_event_thread()
brcmutil: really fix decoding channel info for 160 MHz bandwidth
mt76: fix building without CONFIG_LEDS_CLASS
iommu/ipmmu-vmsa: Fix crash on early domain free
scsi: ufs: Fix hynix ufs bug with quirk on hi36xx SoC
can: ucan: remove set but not used variable 'udev'
can: rcar_can: Fix erroneous registration
test_firmware: fix error return getting clobbered
HID: input: Ignore battery reported by Symbol DS4308
batman-adv: Use explicit tvlv padding for ELP packets
batman-adv: Expand merged fragment buffer for full packet
amd/iommu: Fix Guest Virtual APIC Log Tail Address Register
bnx2x: Assign unique DMAE channel number for FW DMAE transactions.
qed: Fix PTT leak in qed_drain()
qed: Fix overriding offload_tc by protocols without APP TLV
qed: Fix rdma_info structure allocation
qed: Fix reading wrong value in loop condition
usb: dwc2: pci: Fix an error code in probe
Revert "usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers"
s390/ism: clear dmbe_mask bit before SMC IRQ handling
nvme-fc: resolve io failures during connect
bnxt_en: Fix filling time in bnxt_fill_coredump_record()
drm/amdgpu: Add amdgpu "max bpc" connector property (v2)
drm/amd/display: Support amdgpu "max bpc" connector property (v2)
net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command
net/mlx4_core: Fix uninitialized variable compilation warning
net/mlx4: Fix UBSAN warning of signed integer overflow
drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo
gpio: pxa: fix legacy non pinctrl aware builds again
gpio: mockup: fix indicated direction
tc-testing: tdc.py: ignore errors when decoding stdout/stderr
tc-testing: tdc.py: Guard against lack of returncode in executed command
mtd: rawnand: qcom: Namespace prefix some commands
cpufreq: ti-cpufreq: Only register platform_device when supported
Revert "HID: uhid: use strlcpy() instead of strncpy()"
HID: multitouch: Add pointstick support for Cirque Touchpad
mtd: spi-nor: Fix Cadence QSPI page fault kernel panic
net: ena: fix crash during failed resume from hibernation
NFSv4: Fix a NFSv4 state manager deadlock
qed: Fix bitmap_weight() check
qed: Fix QM getters to always return a valid pq
net/ibmnvic: Fix deadlock problem in reset
riscv: fix warning in arch/riscv/include/asm/module.h
net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts
iommu/vt-d: Use memunmap to free memremap
NFSv4.2 copy do not allocate memory under the lock
flexfiles: use per-mirror specified stateid for IO
ibmvnic: Fix RX queue buffer cleanup
ibmvnic: Update driver queues after change in ring size support
team: no need to do team_notify_peers or team_mcast_rejoin when disabling port
net: amd: add missing of_node_put()
usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device
usb: appledisplay: Add 27" Apple Cinema Display
USB: check usb_get_extra_descriptor for proper size
USB: serial: console: fix reported terminal settings
ALSA: usb-audio: Add SMSL D1 to quirks for native DSD support
ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
ALSA: hda: Add support for AMD Stoney Ridge
ALSA: pcm: Fix starvation on down_write_nonblock()
ALSA: pcm: Call snd_pcm_unlink() conditionally at closing
ALSA: pcm: Fix interval evaluation with openmin/max
ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570
ALSA: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880
ALSA: hda/realtek - Add support for Acer Aspire C24-860 headset mic
ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G
ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G
media: gspca: fix frame overflow error
media: vicodec: fix memchr() kernel oops
media: dvb-pll: fix tuner frequency ranges
media: dvb-pll: don't re-validate tuner frequencies
Revert "mfd: cros_ec: Use devm_kzalloc for private data"
parisc: Enable -ffunction-sections for modules on 32-bit kernel
virtio/s390: avoid race on vcdev->config
virtio/s390: fix race in ccw_io_helper()
vhost/vsock: fix use-after-free in network stack callers
arm64: hibernate: Avoid sending cross-calling with interrupts disabled
SUNRPC: Fix leak of krb5p encode pages
dmaengine: dw: Fix FIFO size for Intel Merrifield
Revert "dmaengine: imx-sdma: Use GFP_NOWAIT for dma allocations"
Revert "dmaengine: imx-sdma: alloclate bd memory from dma pool"
dmaengine: imx-sdma: implement channel termination via worker
dmaengine: imx-sdma: use GFP_NOWAIT for dma descriptor allocations
dmaengine: cppi41: delete channel from pending list when stop channel
ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE
xhci: workaround CSS timeout on AMD SNPS 3.0 xHC
xhci: Prevent U1/U2 link pm states if exit latency is too long
arm64: dts: rockchip: remove vdd_log from rock960 to fix a stability issues
Revert "x86/e820: put !E820_TYPE_RAM regions into memblock.reserved"
cifs: Fix separator when building path from dentry
staging: rtl8712: Fix possible buffer overrun
Revert commit
|
||
|
Pan Bian
|
2f94605195 |
crypto: do not free algorithm before using
commit e5bde04ccce64d808f8b00a489a1fe5825d285cb upstream. In multiple functions, the algorithm fields are read after its reference is dropped through crypto_mod_put. In this case, the algorithm memory may be freed, resulting in use-after-free bugs. This patch delays the put operation until the algorithm is never used. Fixes: |
||
|
Blagovest Kolenichev
|
60b1073aea |
Merge LTS tag v4.19.3 into msm-kona
* refs/heads/tmp-73aa1c8:
Revert "drm/msm: dpu: Allow planes to extend past active display"
Revert "drm/msm/disp/dpu: Use proper define for drm_encoder_init() 'encoder_type'"
Linux 4.19.3
Revert "ACPICA: AML interpreter: add region addresses in global list during initialization"
CONFIG_XEN_PV breaks xen_create_contiguous_region on ARM
drm/i915: Fix hpd handling for pins with two encoders
drm/i915: Fix NULL deref when re-enabling HPD IRQs on systems with MST
drm/i915: Fix possible race in intel_dp_add_mst_connector()
drm/i915/execlists: Force write serialisation into context image vs execution
drm/i915/ringbuffer: Delay after EMIT_INVALIDATE for gen4/gen5
drm/i915: Mark pin flags as u64
drm/i915: Don't oops during modeset shutdown after lpe audio deinit
drm/i915: Compare user's 64b GTT offset even on 32b
drm/i915: Fix ilk+ watermarks when disabling pipes
drm/i915: Fix error handling for the NV12 fb dimensions check
drm/i915: Mark up GTT sizes as u64
drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values
drm/i915/icl: Fix the macros for DFLEXDPMLE register bits
drm/i915/dp: Restrict link retrain workaround to external monitors
drm/i915/dp: Fix link retraining comment in intel_dp_long_pulse()
drm/i915: Large page offsets for pread/pwrite
drm/i915: Skip vcpi allocation for MSTB ports that are gone
drm/i915: Don't unset intel_connector->mst_port
drm/i915: Restore vblank interrupts earlier
drm/i915: Use the correct crtc when sanitizing plane mapping
drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode
drm: panel-orientation-quirks: Add quirk for Acer One 10 (S1003)
drm/dp_mst: Check if primary mstb is null
drm/etnaviv: fix bogus fence complete check in timeout handler
drm/amd/powerplay: Enable/Disable NBPSTATE on On/OFF of UVD
drm/nouveau: Fix nv50_mstc->best_encoder()
drm/nouveau: Check backlight IDs are >= 0, not > 0
drm/amdgpu: Suppress keypresses from ACPI_VIDEO events
drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type
drm/amdgpu: Fix typo in amdgpu_vmid_mgr_init
drm/rockchip: Allow driver to be shutdown on reboot/kexec
scripts/spdxcheck.py: make python3 compliant
mm: don't reclaim inodes with many attached pages
efi/arm/libstub: Pack FDT after populating it
mm/swapfile.c: use kvzalloc for swap_info_struct allocation
hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444!
lib/ubsan.c: don't mark __ubsan_handle_builtin_unreachable as noreturn
crypto: user - fix leaking uninitialized memory to userspace
libata: blacklist SAMSUNG MZ7TD256HAFV-000L9 SSD
gfs2: Fix metadata read-ahead during truncate (2)
gfs2: Put bitmap buffers in put_super
selinux: check length properly in SCTP bind hook
fuse: fix possibly missed wake-up after abort
fuse: fix leaked notify reply
fuse: fix use-after-free in fuse_direct_IO()
rtc: hctosys: Add missing range error reporting
nfsd: COPY and CLONE operations require the saved filehandle to be set
NFSv4: Don't exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING
sunrpc: correct the computation for page_ptr when truncating
kdb: print real address of pointers instead of hashed addresses
kdb: use correct pointer when 'btc' calls 'btt'
ARM: cpuidle: Don't register the driver when back-end init returns -ENXIO
uapi: fix linux/kfd_ioctl.h userspace compilation errors
mnt: fix __detach_mounts infinite loop
mount: Prevent MNT_DETACH from disconnecting locked mounts
mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
mount: Retest MNT_LOCKED in do_umount
ext4: fix buffer leak in __ext4_read_dirblock() on error path
ext4: fix buffer leak in ext4_expand_extra_isize_ea() on error path
ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
ext4: release bs.bh before re-using in ext4_xattr_block_find()
ext4: fix buffer leak in ext4_xattr_get_block() on error path
ext4: fix possible leak of s_journal_flag_rwsem in error path
ext4: fix possible leak of sbi->s_group_desc_leak in error path
ext4: avoid possible double brelse() in add_new_gdb() on error path
ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing
ext4: avoid buffer leak in ext4_orphan_add() after prior errors
ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty()
ext4: fix possible inode leak in the retry loop of ext4_resize_fs()
ext4: missing !bh check in ext4_xattr_inode_write()
ext4: avoid potential extra brelse in setup_new_flex_group_blocks()
ext4: add missing brelse() add_new_gdb_meta_bg()'s error path
ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
ext4: add missing brelse() update_backups()'s error path
clockevents/drivers/i8253: Add support for PIT shutdown quirk
btrfs: tree-checker: Fix misleading group system information
Btrfs: fix data corruption due to cloning of eof block
Btrfs: fix infinite loop on inode eviction after deduplication of eof block
Btrfs: fix cur_offset in the error case for nocow
Btrfs: fix missing data checksums after a ranged fsync (msync)
btrfs: fix pinned underflow after transaction aborted
watchdog/core: Add missing prototypes for weak functions
arch/alpha, termios: implement BOTHER, IBSHIFT and termios2
termios, tty/tty_baudrate.c: fix buffer overrun
x86/hyper-v: Enable PIT shutdown quirk
x86/cpu/vmware: Do not trace vmware_sched_clock()
of, numa: Validate some distance map rules
perf intel-pt: Insert callchain context into synthesized callchains
perf intel-pt/bts: Calculate cpumode for synthesized samples
perf callchain: Honour the ordering of PERF_CONTEXT_{USER,KERNEL,etc}
perf stat: Handle different PMU names with common prefix
perf cs-etm: Correct CPU mode for samples
hwmon: (core) Fix double-free in __hwmon_device_register()
mtd: docg3: don't set conflicting BCH_CONST_PARAMS option
mtd: nand: Fix nanddev_neraseblocks()
mtd: spi-nor: cadence-quadspi: Return error code in cqspi_direct_read_execute()
bonding/802.3ad: fix link_failure_count tracking
ARM: 8809/1: proc-v7: fix Thumb annotation of cpu_v7_hvc_switch_mm
netfilter: conntrack: fix calculation of next bucket number in early_drop
memory_hotplug: cond_resched in __remove_pages
mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings
ocfs2: free up write context when direct IO failed
ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry
soc: ti: QMSS: Fix usage of irq_set_affinity_hint
Revert "powerpc/8xx: Use L1 entry APG to handle _PAGE_ACCESSED for CONFIG_SWAP"
SCSI: fix queue cleanup race before queue initialization is done
scsi: qla2xxx: Initialize port speed to avoid setting lower speed
vhost/scsi: truncate T10 PI iov_iter to prot_bytes
crypto: hisilicon - Fix reference after free of memories on error path
crypto: hisilicon - Fix NULL dereference for same dst and src
reset: hisilicon: fix potential NULL pointer dereference
acpi, nfit: Fix ARS overflow continuation
acpi/nfit, x86/mce: Validate a MCE's address before using it
acpi/nfit, x86/mce: Handle only uncorrectable machine checks
mach64: fix image corruption due to reading accelerator registers
mach64: fix display corruption on big endian machines
thermal: core: Fix use-after-free in thermal_cooling_device_destroy_sysfs
Revert "ceph: fix dentry leak in splice_dentry()"
libceph: bump CEPH_MSG_MAX_DATA_LEN
clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call
clk: rockchip: fix wrong mmc sample phase shift for rk3328
clk: sunxi-ng: h6: fix bus clocks' divider position
clk: at91: Fix division by zero in PLL recalc_rate()
clk: s2mps11: Fix matching when built as module and DT node contains compatible
um: Drop own definition of PTRACE_SYSEMU/_SINGLESTEP
xtensa: fix boot parameters address translation
xtensa: make sure bFLT stack is 16 byte aligned
xtensa: add NOTES section to the linker script
MIPS: Loongson-3: Fix BRIDGE irq delivery problem
MIPS: Loongson-3: Fix CPU UART irq delivery problem
zram: close udev startup race condition as default groups
clk: meson: axg: mark fdiv2 and fdiv3 as critical
clk: meson-gxbb: set fclk_div3 as CLK_IS_CRITICAL
arm64: dts: stratix10: fix multicast filtering
arm64: dts: stratix10: Support Ethernet Jumbo frame
drm/msm: fix OF child-node lookup
fuse: set FR_SENT while locked
fuse: fix blocked_waitq wakeup
fuse: Fix use-after-free in fuse_dev_do_write()
fuse: Fix use-after-free in fuse_dev_do_read()
vfs: fix FIGETBSZ ioctl on an overlayfs file
scsi: qla2xxx: Fix driver hang when FC-NVMe LUNs are configured
scsi: qla2xxx: Fix duplicate switch database entries
scsi: qla2xxx: Fix NVMe Target discovery
scsi: qla2xxx: Fix NVMe session hang on unload
scsi: qla2xxx: Fix for double free of SRB structure
scsi: qla2xxx: Fix re-using LoopID when handle is in use
scsi: qla2xxx: Reject bsg request if chip is down.
scsi: qla2xxx: shutdown chip if reset fail
scsi: qla2xxx: Fix early srb free on abort
scsi: qla2xxx: Remove stale debug trace message from tcm_qla2xxx
scsi: qla2xxx: Fix process response queue for ISP26XX and above
scsi: qla2xxx: Fix incorrect port speed being set for FC adapters
serial: sh-sci: Fix could not remove dev_attr_rx_fifo_timeout
ovl: automatically enable redirect_dir on metacopy=on
ovl: check whiteout in ovl_create_over_whiteout()
ovl: fix recursive oi->lock in ovl_link()
ovl: fix error handling in ovl_verify_set_fh()
cdrom: fix improper type cast, which can leat to information leak.
media: ov5640: fix restore of last mode set
drm/amdgpu: fix integer overflow test in amdgpu_bo_list_create()
9p: clear dangling pointers in p9stat_free
media: ov5640: fix mode change regression
ARM: dts: imx6ull: keep IMX6UL_ prefix for signals on both i.MX6UL and i.MX6ULL
udf: Prevent write-unsupported filesystem to be remounted read-write
9p locks: fix glock.client_id leak in do_lock
staging: most: video: fix registration of an empty comp core_component
drm/amdgpu: Fix SDMA TO after GPU reset v3
drm: rcar-du: Update Gen3 output limitations
staging:iio:ad7606: fix voltage scales
powerpc/selftests: Wait all threads to join
media: tvp5150: fix width alignment during set_selection()
sc16is7xx: Fix for multi-channel stall
serial: 8250_of: Fix for lack of interrupt support
staging: erofs: fix a missing endian conversion
MIPS/PCI: Call pcie_bus_configure_settings() to set MPS/MRRS
powerpc/memtrace: Remove memory in chunks
powerpc/boot: Ensure _zimage_start is a weak symbol
MIPS: kexec: Mark CPU offline before disabling local IRQ
media: coda: don't overwrite h.264 profile_idc on decoder instance
media: pci: cx23885: handle adding to list failure
drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer pointer
drm/amd/display: fix gamma not being applied
drm/amd/display: Raise dispclk value for dce120 by 15%
drm/omap: fix memory barrier bug in DMM driver
powerpc/mm: Don't report hugepage tables as memory leaks when using kmemleak
drm/msm: dpu: Allow planes to extend past active display
drm/msm/disp/dpu: Use proper define for drm_encoder_init() 'encoder_type'
drm/msm/gpu: fix parameters in function msm_gpu_crashstate_capture
powerpc/nohash: fix undefined behaviour when testing page size support
ARM: imx_v6_v7_defconfig: Select CONFIG_TMPFS_POSIX_ACL
drm/amdgpu/powerplay: fix missing break in switch statements
drm/nouveau/secboot/acr: fix memory leak
tracing/kprobes: Check the probe on unloaded module correctly
tty: check name length in tty_find_polling_driver()
powerpc/eeh: Fix possible null deref in eeh_dump_dev_log()
powerpc/Makefile: Fix PPC_BOOK3S_64 ASFLAGS
Input: wm97xx-ts - fix exit path
drm/amd/display: fix bug of accessing invalid memory
powerpc/mm: fix always true/false warning in slice.c
powerpc/mm: Fix page table dump to work on Radix
powerpc/64/module: REL32 relocation range check
powerpc/traps: restore recoverability of machine_check interrupts
Change-Id: Id971c3ddeb610be8aee4ff531ec3fb20ad0db58d
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
635c56d224 |
Merge 4.19.6 into android-4.19
Changes in 4.19.6 HID: steam: remove input device when a hid client is running. efi/libstub: arm: support building with clang usb: core: Fix hub port connection events lost usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers usb: dwc3: gadget: Properly check last unaligned/zero chain TRB usb: dwc3: core: Clean up ULPI device usb: dwc3: Fix NULL pointer exception in dwc3_pci_remove() xhci: Fix leaking USB3 shared_hcd at xhci removal xhci: handle port status events for removed USB3 hcd xhci: Add check for invalid byte size error when UAS devices are connected. usb: xhci: fix uninitialized completion when USB3 port got wrong status usb: xhci: fix timeout for transition from RExit to U0 xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc usb: xhci: Prevent bus suspend if a port connect change or polling state is detected ALSA: oss: Use kvzalloc() for local buffer allocations MAINTAINERS: Add Sasha as a stable branch maintainer Documentation/security-bugs: Clarify treatment of embargoed information Documentation/security-bugs: Postpone fix publication in exceptional cases mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL mmc: sdhci-pci: Workaround GLK firmware failing to restore the tuning value gpio: don't free unallocated ida on gpiochip_add_data_with_key() error path iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE iwlwifi: mvm: support sta_statistics() even on older firmware iwlwifi: mvm: fix regulatory domain update when the firmware starts iwlwifi: mvm: don't use SAR Geo if basic SAR is not used brcmfmac: fix reporting support for 160 MHz channels opp: ti-opp-supply: Dynamically update u_volt_min opp: ti-opp-supply: Correct the supply in _get_optimal_vdd_voltage call tools/power/cpupower: fix compilation with STATIC=true v9fs_dir_readdir: fix double-free on p9stat_read error selinux: Add __GFP_NOWARN to allocation at str_read() Input: synaptics - avoid using uninitialized variable when probing bfs: add sanity check at bfs_fill_super() sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd llc: do not use sk_eat_skb() mm: don't warn about large allocations for slab mm/memory.c: recheck page table entry with page table lock held tcp: do not release socket ownership in tcp_close() drm/fb-helper: Blacklist writeback when adding connectors to fbdev drm/amdgpu: Add missing firmware entry for HAINAN drm/vc4: Set ->legacy_cursor_update to false when doing non-async updates drm/amdgpu: Fix oops when pp_funcs->switch_power_profile is unset drm/i915: Disable LP3 watermarks on all SNB machines drm/ast: change resolution may cause screen blurred drm/ast: fixed cursor may disappear sometimes drm/ast: Remove existing framebuffers before loading driver can: flexcan: Unlock the MB unconditionally can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length can: dev: __can_get_echo_skb(): Don't crash the kernel if can_priv::echo_skb is accessed out of bounds can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions can: rx-offload: rename can_rx_offload_irq_queue_err_skb() to can_rx_offload_queue_tail() can: flexcan: use can_rx_offload_queue_sorted() for flexcan_irq_bus_*() can: flexcan: handle tx-complete CAN frames via rx-offload infrastructure can: raw: check for CAN FD capable netdev in raw_sendmsg() can: hi311x: Use level-triggered interrupt can: flexcan: Always use last mailbox for TX can: flexcan: remove not needed struct flexcan_priv::tx_mb and struct flexcan_priv::tx_mb_idx ACPICA: AML interpreter: add region addresses in global list during initialization IB/hfi1: Eliminate races in the SDMA send error path fsnotify: generalize handling of extra event flags fanotify: fix handling of events on child sub-directory pinctrl: meson: fix pinconf bias disable pinctrl: meson: fix gxbb ao pull register bits pinctrl: meson: fix gxl ao pull register bits pinctrl: meson: fix meson8 ao pull register bits pinctrl: meson: fix meson8b ao pull register bits tools/testing/nvdimm: Fix the array size for dimm devices. scsi: lpfc: fix remoteport access scsi: hisi_sas: Remove set but not used variable 'dq_list' KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE cpufreq: imx6q: add return value check for voltage scale rtc: cmos: Do not export alarm rtc_ops when we do not support alarms rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write crypto: simd - correctly take reqsize of wrapped skcipher into account floppy: fix race condition in __floppy_read_block_0() powerpc/io: Fix the IO workarounds code to work with Radix sched/fair: Fix cpu_util_wake() for 'execl' type workloads perf/x86/intel/uncore: Add more IMC PCI IDs for KabyLake and CoffeeLake CPUs block: copy ioprio in __bio_clone_fast() and bounce SUNRPC: Fix a bogus get/put in generic_key_to_expire() riscv: add missing vdso_install target RISC-V: Silence some module warnings on 32-bit drm/amdgpu: fix bug with IH ring setup kdb: Use strscpy with destination buffer size NFSv4: Fix an Oops during delegation callbacks powerpc/numa: Suppress "VPHN is not supported" messages efi/arm: Revert deferred unmap of early memmap mapping z3fold: fix possible reclaim races mm, memory_hotplug: check zone_movable in has_unmovable_pages tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset mm, page_alloc: check for max order in hot path dax: Avoid losing wakeup in dax_lock_mapping_entry include/linux/pfn_t.h: force '~' to be parsed as an unary operator tty: wipe buffer. tty: wipe buffer if not echoing data gfs2: Fix iomap buffer head reference counting bug rcu: Make need_resched() respond to urgent RCU-QS needs media: ov5640: Re-work MIPI startup sequence media: ov5640: Fix timings setup code media: ov5640: fix exposure regression media: ov5640: fix auto gain & exposure when changing mode media: ov5640: fix wrong binning value in exposure calculation media: ov5640: fix auto controls values when switching to manual mode Linux 4.19.6 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Biggers
|
f467c4ad23 |
BACKPORT, FROMGIT: crypto: adiantum - add Adiantum support
Add support for the Adiantum encryption mode. Adiantum was designed by
Paul Crowley and is specified by our paper:
Adiantum: length-preserving encryption for entry-level processors
(https://eprint.iacr.org/2018/720.pdf)
See our paper for full details; this patch only provides an overview.
Adiantum is a tweakable, length-preserving encryption mode designed for
fast and secure disk encryption, especially on CPUs without dedicated
crypto instructions. Adiantum encrypts each sector using the XChaCha12
stream cipher, two passes of an ε-almost-∆-universal (εA∆U) hash
function, and an invocation of the AES-256 block cipher on a single
16-byte block. On CPUs without AES instructions, Adiantum is much
faster than AES-XTS; for example, on ARM Cortex-A7, on 4096-byte sectors
Adiantum encryption is about 4 times faster than AES-256-XTS encryption,
and decryption about 5 times faster.
Adiantum is a specialization of the more general HBSH construction. Our
earlier proposal, HPolyC, was also a HBSH specialization, but it used a
different εA∆U hash function, one based on Poly1305 only. Adiantum's
εA∆U hash function, which is based primarily on the "NH" hash function
like that used in UMAC (RFC4418), is about twice as fast as HPolyC's;
consequently, Adiantum is about 20% faster than HPolyC.
This speed comes with no loss of security: Adiantum is provably just as
secure as HPolyC, in fact slightly *more* secure. Like HPolyC,
Adiantum's security is reducible to that of XChaCha12 and AES-256,
subject to a security bound. XChaCha12 itself has a security reduction
to ChaCha12. Therefore, one need not "trust" Adiantum; one need only
trust ChaCha12 and AES-256. Note that the εA∆U hash function is only
used for its proven combinatorical properties so cannot be "broken".
Adiantum is also a true wide-block encryption mode, so flipping any
plaintext bit in the sector scrambles the entire ciphertext, and vice
versa. No other such mode is available in the kernel currently; doing
the same with XTS scrambles only 16 bytes. Adiantum also supports
arbitrary-length tweaks and naturally supports any length input >= 16
bytes without needing "ciphertext stealing".
For the stream cipher, Adiantum uses XChaCha12 rather than XChaCha20 in
order to make encryption feasible on the widest range of devices.
Although the 20-round variant is quite popular, the best known attacks
on ChaCha are on only 7 rounds, so ChaCha12 still has a substantial
security margin; in fact, larger than AES-256's. 12-round Salsa20 is
also the eSTREAM recommendation. For the block cipher, Adiantum uses
AES-256, despite it having a lower security margin than XChaCha12 and
needing table lookups, due to AES's extensive adoption and analysis
making it the obvious first choice. Nevertheless, for flexibility this
patch also permits the "adiantum" template to be instantiated with
XChaCha20 and/or with an alternate block cipher.
We need Adiantum support in the kernel for use in dm-crypt and fscrypt,
where currently the only other suitable options are block cipher modes
such as AES-XTS. A big problem with this is that many low-end mobile
devices (e.g. Android Go phones sold primarily in developing countries,
as well as some smartwatches) still have CPUs that lack AES
instructions, e.g. ARM Cortex-A7. Sadly, AES-XTS encryption is much too
slow to be viable on these devices. We did find that some "lightweight"
block ciphers are fast enough, but these suffer from problems such as
not having much cryptanalysis or being too controversial.
The ChaCha stream cipher has excellent performance but is insecure to
use directly for disk encryption, since each sector's IV is reused each
time it is overwritten. Even restricting the threat model to offline
attacks only isn't enough, since modern flash storage devices don't
guarantee that "overwrites" are really overwrites, due to wear-leveling.
Adiantum avoids this problem by constructing a
"tweakable super-pseudorandom permutation"; this is the strongest
possible security model for length-preserving encryption.
Of course, storing random nonces along with the ciphertext would be the
ideal solution. But doing that with existing hardware and filesystems
runs into major practical problems; in most cases it would require data
journaling (like dm-integrity) which severely degrades performance.
Thus, for now length-preserving encryption is still needed.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 059c2a4d8e164dccc3078e49e7f286023b019a98
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Conflicts:
crypto/tcrypt.c
Bug: 112008522
Test: Among other things, I ran the relevant crypto self-tests:
1.) Build kernel with CONFIG_CRYPTO_MANAGER_DISABLE_TESTS *unset*, and
all relevant crypto algorithms built-in, including:
CONFIG_CRYPTO_ADIANTUM=y
CONFIG_CRYPTO_CHACHA20=y
CONFIG_CRYPTO_CHACHA20_NEON=y
CONFIG_CRYPTO_NHPOLY1305=y
CONFIG_CRYPTO_NHPOLY1305_NEON=y
CONFIG_CRYPTO_POLY1305=y
CONFIG_CRYPTO_AES=y
CONFIG_CRYPTO_AES_ARM=y
2.) Boot and check dmesg for test failures.
3.) Instantiate "adiantum(xchacha12,aes)" and
"adiantum(xchacha20,aes)" to trigger them to be tested. There are
many ways to do this, but one way is to create a dm-crypt target
that uses them, e.g.
key=$(hexdump -n 32 -e '16/4 "%08X" 1 "\n"' /dev/urandom)
dmsetup create crypt --table "0 $((1<<17)) crypt xchacha12,aes-adiantum-plain64 $key 0 /dev/vdc 0"
dmsetup remove crypt
dmsetup create crypt --table "0 $((1<<17)) crypt xchacha20,aes-adiantum-plain64 $key 0 /dev/vdc 0"
dmsetup remove crypt
4.) Check dmesg for test failures again.
5.) Do 1-4 on both x86_64 (for basic testing) and on arm32 (for
testing the ARM32-specific implementations). I did the arm32 kernel
testing on Raspberry Pi 2, which is a BCM2836-based device that can
run the upstream and Android common kernels.
The same ARM32 assembly files for ChaCha, NHPoly1305, and AES are
also included in the userspace Adiantum benchmark suite at
https://github.com/google/adiantum, where they have undergone
additional correctness testing.
Change-Id: Ic61c13b53facfd2173065be715a7ee5f3af8760b
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
||
|
Eric Biggers
|
79ef30f702 |
FROMGIT: crypto: nhpoly1305 - add NHPoly1305 support
Add a generic implementation of NHPoly1305, an ε-almost-∆-universal hash function used in the Adiantum encryption mode. CONFIG_NHPOLY1305 is not selectable by itself since there won't be any real reason to enable it without also enabling Adiantum support. Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 26609a21a9460145e37d90947ad957b358a05288 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: If6f00c01fab530fc2458c44ca111f84604cb85c1 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
d58e9722fb |
FROMGIT: crypto: poly1305 - add Poly1305 core API
Expose a low-level Poly1305 API which implements the
ε-almost-∆-universal (εA∆U) hash function underlying the Poly1305 MAC
and supports block-aligned inputs only.
This is needed for Adiantum hashing, which builds an εA∆U hash function
from NH and a polynomial evaluation in GF(2^{130}-5); this polynomial
evaluation is identical to the one the Poly1305 MAC does. However, the
crypto_shash Poly1305 API isn't very appropriate for this because its
calling convention assumes it is used as a MAC, with a 32-byte "one-time
key" provided for every digest.
But by design, in Adiantum hashing the performance of the polynomial
evaluation isn't nearly as critical as NH. So it suffices to just have
some C helper functions. Thus, this patch adds such functions.
Acked-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 1b6fd3d5d18bbc1b1abf3b0cbc4b95a9a63d407b
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: I5c7da7832b84dfe29c300e117a158740d3e39069
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
||
|
Eric Biggers
|
9d4eee316a |
FROMGIT: crypto: poly1305 - use structures for key and accumulator
In preparation for exposing a low-level Poly1305 API which implements the ε-almost-∆-universal (εA∆U) hash function underlying the Poly1305 MAC and supports block-aligned inputs only, create structures poly1305_key and poly1305_state which hold the limbs of the Poly1305 "r" key and accumulator, respectively. These structures could actually have the same type (e.g. poly1305_val), but different types are preferable, to prevent misuse. Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 878afc35cd28bcd93cd3c5e1985ef39a104a4d45 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: If20a0f9d29d8ba1efd43a5eb3fafce7720afe565 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
8eee8e5f44 |
FROMGIT: crypto: chacha - add XChaCha12 support
Now that the generic implementation of ChaCha20 has been refactored to allow varying the number of rounds, add support for XChaCha12, which is the XSalsa construction applied to ChaCha12. ChaCha12 is one of the three ciphers specified by the original ChaCha paper (https://cr.yp.to/chacha/chacha-20080128.pdf: "ChaCha, a variant of Salsa20"), alongside ChaCha8 and ChaCha20. ChaCha12 is faster than ChaCha20 but has a lower, but still large, security margin. We need XChaCha12 support so that it can be used in the Adiantum encryption mode, which enables disk/file encryption on low-end mobile devices where AES-XTS is too slow as the CPUs lack AES instructions. We'd prefer XChaCha20 (the more popular variant), but it's too slow on some of our target devices, so at least in some cases we do need the XChaCha12-based version. In more detail, the problem is that Adiantum is still much slower than we're happy with, and encryption still has a quite noticeable effect on the feel of low-end devices. Users and vendors push back hard against encryption that degrades the user experience, which always risks encryption being disabled entirely. So we need to choose the fastest option that gives us a solid margin of security, and here that's XChaCha12. The best known attack on ChaCha breaks only 7 rounds and has 2^235 time complexity, so ChaCha12's security margin is still better than AES-256's. Much has been learned about cryptanalysis of ARX ciphers since Salsa20 was originally designed in 2005, and it now seems we can be comfortable with a smaller number of rounds. The eSTREAM project also suggests the 12-round version of Salsa20 as providing the best balance among the different variants: combining very good performance with a "comfortable margin of security". Note that it would be trivial to add vanilla ChaCha12 in addition to XChaCha12. However, it's unneeded for now and therefore is omitted. As discussed in the patch that introduced XChaCha20 support, I considered splitting the code into separate chacha-common, chacha20, xchacha20, and xchacha12 modules, so that these algorithms could be enabled/disabled independently. However, since nearly all the code is shared anyway, I ultimately decided there would have been little benefit to the added complexity. Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit aa7624093cb7fbf4fea95e612580d8d29a819f67 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: I876a5be92e9f583effcd35a4b66a36608ac581f0 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
f816abd103 |
BACKPORT, FROMGIT: crypto: chacha20-generic - refactor to allow varying number of rounds
In preparation for adding XChaCha12 support, rename/refactor
chacha20-generic to support different numbers of rounds. The
justification for needing XChaCha12 support is explained in more detail
in the patch "crypto: chacha - add XChaCha12 support".
The only difference between ChaCha{8,12,20} are the number of rounds
itself; all other parts of the algorithm are the same. Therefore,
remove the "20" from all definitions, structures, functions, files, etc.
that will be shared by all ChaCha versions.
Also make ->setkey() store the round count in the chacha_ctx (previously
chacha20_ctx). The generic code then passes the round count through to
chacha_block(). There will be a ->setkey() function for each explicitly
allowed round count; the encrypt/decrypt functions will be the same. I
decided not to do it the opposite way (same ->setkey() function for all
round counts, with different encrypt/decrypt functions) because that
would have required more boilerplate code in architecture-specific
implementations of ChaCha and XChaCha.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 1ca1b917940c24ca3d1f490118c5474168622953
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Conflicts:
arch/x86/crypto/chacha20_glue.c
drivers/crypto/caam/caamalg.c
drivers/crypto/caam/caamalg_qi2.c
drivers/crypto/caam/compat.h
include/crypto/chacha20.h
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: I7fa203ddc7095ce8675a32f49b8a5230cd0cf5f6
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
||
|
Eric Biggers
|
74fd3f7ed6 |
FROMGIT: crypto: chacha20-generic - add XChaCha20 support
Add support for the XChaCha20 stream cipher. XChaCha20 is the application of the XSalsa20 construction (https://cr.yp.to/snuffle/xsalsa-20081128.pdf) to ChaCha20 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length from 64 bits (or 96 bits, depending on convention) to 192 bits, while provably retaining ChaCha20's security. XChaCha20 uses the ChaCha20 permutation to map the key and first 128 nonce bits to a 256-bit subkey. Then, it does the ChaCha20 stream cipher with the subkey and remaining 64 bits of nonce. We need XChaCha support in order to add support for the Adiantum encryption mode. Note that to meet our performance requirements, we actually plan to primarily use the variant XChaCha12. But we believe it's wise to first add XChaCha20 as a baseline with a higher security margin, in case there are any situations where it can be used. Supporting both variants is straightforward. Since XChaCha20's subkey differs for each request, XChaCha20 can't be a template that wraps ChaCha20; that would require re-keying the underlying ChaCha20 for every request, which wouldn't be thread-safe. Instead, we make XChaCha20 its own top-level algorithm which calls the ChaCha20 streaming implementation internally. Similar to the existing ChaCha20 implementation, we define the IV to be the nonce and stream position concatenated together. This allows users to seek to any position in the stream. I considered splitting the code into separate chacha20-common, chacha20, and xchacha20 modules, so that chacha20 and xchacha20 could be enabled/disabled independently. However, since nearly all the code is shared anyway, I ultimately decided there would have been little benefit to the added complexity of separate modules. Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit de61d7ae5d3789dcba3749a418f76613fbee8414 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: I5c878e1d6577abda11d7b737cbb650baf16b6886 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
e9320e4375 |
FROMGIT: crypto: chacha20-generic - don't unnecessarily use atomic walk
chacha20-generic doesn't use SIMD instructions or otherwise disable preemption, so passing atomic=true to skcipher_walk_virt() is unnecessary. Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 5e04542a0e0763294e9fced73a149c38c4e0cee5 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: I28a63d6f8aa59f60aed8d35107b3c546ca5152f7 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
a80f702696 |
FROMGIT: crypto: arm/aes - add some hardening against cache-timing attacks
Make the ARM scalar AES implementation closer to constant-time by disabling interrupts and prefetching the tables into L1 cache. This is feasible because due to ARM's "free" rotations, the main tables are only 1024 bytes instead of the usual 4096 used by most AES implementations. On ARM Cortex-A7, the speed loss is only about 5%. The resulting code is still over twice as fast as aes_ti.c. Responsiveness is potentially a concern, but interrupts are only disabled for a single AES block. Note that even after these changes, the implementation still isn't necessarily guaranteed to be constant-time; see https://cr.yp.to/antiforgery/cachetiming-20050414.pdf for a discussion of the many difficulties involved in writing truly constant-time AES software. But it's valuable to make such attacks more difficult. Much of this patch is based on patches suggested by Ard Biesheuvel. Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 913a3aa07d16e5b302f408d497a4b829910de247 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: I453a7b71c3bb0051106b37cdb71d4511fd4e388a Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
8e2d31a6e3 |
UPSTREAM: crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
In commit
|
||
|
Ard Biesheuvel
|
c587ba480e |
crypto: simd - correctly take reqsize of wrapped skcipher into account
[ Upstream commit 508a1c4df085a547187eed346f1bfe5e381797f1 ] The simd wrapper's skcipher request context structure consists of a single subrequest whose size is taken from the subordinate skcipher. However, in simd_skcipher_init(), the reqsize that is retrieved is not from the subordinate skcipher but from the cryptd request structure, whose size is completely unrelated to the actual wrapped skcipher. Reported-by: Qian Cai <cai@gmx.us> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Tested-by: Qian Cai <cai@gmx.us> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Blagovest Kolenichev
|
7fe1c1db80 |
Merge LTS tag v4.19.2 into msm-kona
* refs/heads/tmp-7950eb3:
Revert "scsi: ufs: Schedule clk gating work on correct queue"
Linux 4.19.2
MD: fix invalid stored role for a disk - try2
vga_switcheroo: Fix missing gpu_bound call at audio client registration
bpf: wait for running BPF programs when updating map-in-map
userns: also map extents in the reverse map to kernel IDs
vt: fix broken display when running aptitude
net: sched: Remove TCA_OPTIONS from policy
Btrfs: fix use-after-free when dumping free space
Btrfs: fix use-after-free during inode eviction
btrfs: move the dio_sem higher up the callchain
btrfs: don't run delayed_iputs in commit
btrfs: fix insert_reserved error handling
btrfs: only free reserved extent if we didn't insert it
btrfs: don't use ctl->free_space for max_extent_size
btrfs: set max_extent_size properly
btrfs: reset max_extent_size properly
Btrfs: fix deadlock when writing out free space caches
Btrfs: fix assertion on fsync of regular file when using no-holes feature
Btrfs: fix null pointer dereference on compressed write path error
btrfs: qgroup: Dirty all qgroups before rescan
Btrfs: fix wrong dentries after fsync of file that got its parent replaced
Btrfs: fix warning when replaying log after fsync of a tmpfile
btrfs: make sure we create all new block groups
btrfs: reset max_extent_size on clear in a bitmap
btrfs: protect space cache inode alloc with GFP_NOFS
btrfs: release metadata before running delayed refs
Btrfs: don't clean dirty pages during buffered writes
btrfs: wait on caching when putting the bg cache
btrfs: keep trim from interfering with transaction commits
btrfs: don't attempt to trim devices that don't support it
btrfs: iterate all devices during trim, instead of fs_devices::alloc_list
btrfs: Ensure btrfs_trim_fs can trim the whole filesystem
btrfs: Enhance btrfs_trim_fs function to handle error better
btrfs: fix error handling in btrfs_dev_replace_start
btrfs: fix error handling in free_log_tree
btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock
btrfs: Handle owner mismatch gracefully when walking up tree
btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled
tracing: Return -ENOENT if there is no target synthetic event
selftests/powerpc: Fix ptrace tm failure
selftests/ftrace: Fix synthetic event test to delete event correctly
soc/tegra: pmc: Fix child-node lookup
soc: qcom: rmtfs-mem: Validate that scm is available
arm64: dts: stratix10: Correct System Manager register size
ARM: dts: socfpga: Fix SDRAM node address for Arria10
Cramfs: fix abad comparison when wrap-arounds occur
rpmsg: smd: fix memory leak on channel create
arm64: lse: remove -fcall-used-x0 flag
media: hdmi.h: rename ADOBE_RGB to OPRGB and ADOBE_YCC to OPYCC
media: replace ADOBERGB by OPRGB
media: media colorspaces*.rst: rename AdobeRGB to opRGB
drm/mediatek: fix OF sibling-node lookup
media: adv7842: when the EDID is cleared, unconfigure CEC as well
media: adv7604: when the EDID is cleared, unconfigure CEC as well
media: em28xx: fix handler for vidioc_s_input()
media: em28xx: make v4l2-compliance happier by starting sequence on zero
media: em28xx: fix input name for Terratec AV 350
media: tvp5150: avoid going past array on v4l2_querymenu()
media: em28xx: use a default format if TRY_FMT fails
media: cec: forgot to cancel delayed work
media: cec: fix the Signal Free Time calculation
media: cec: add new tx/rx status bits to detect aborts/timeouts
xen-blkfront: fix kernel panic with negotiate_mq error path
xen: remove size limit of privcmd-buf mapping interface
xen: fix xen_qlock_wait()
media: cec: integrate cec_validate_phys_addr() in cec-api.c
media: cec: make cec_get_edid_spa_location() an inline function
remoteproc: qcom: q6v5: Propagate EPROBE_DEFER
kgdboc: Passing ekgdboc to command line causes panic
Revert "media: dvbsky: use just one mutex for serializing device R/W ops"
media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD
net: bcmgenet: fix OF child-node lookup
TC: Set DMA masks for devices
iommu/arm-smmu: Ensure that page-table updates are visible before TLBI
ocxl: Fix access to the AFU Descriptor Data
power: supply: twl4030-charger: fix OF sibling-node lookup
rtc: cmos: Remove the `use_acpi_alarm' module parameter for !ACPI
rtc: cmos: Fix non-ACPI undefined reference to `hpet_rtc_interrupt'
rtc: ds1307: fix ds1339 wakealarm support
MIPS: OCTEON: fix out of bounds array access on CN68XX
powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9
powerpc/tm: Fix HFSCR bit for no suspend case
powerpc/msi: Fix compile error on mpc83xx
powerpc64/module elfv1: Set opd addresses after module relocation
fsnotify: Fix busy inodes during unmount
media: ov7670: make "xclk" clock optional
dm zoned: fix various dmz_get_mblock() issues
dm zoned: fix metadata block ref counting
dm ioctl: harden copy_params()'s copy_from_user() from malicious users
lockd: fix access beyond unterminated strings in prints
nfsd: Fix an Oops in free_session()
nfsd: correctly decrement odstate refcount in error path
nfs: Fix a missed page unlock after pg_doio()
NFSv4.1: Fix the r/wsize checking
NFC: nfcmrvl_uart: fix OF child-node lookup
tpm: fix response size validation in tpm_get_random()
genirq: Fix race on spurious interrupt detection
printk: Fix panic caused by passing log_buf_len to command line
smb3: on kerberos mount if server doesn't specify auth type use krb5
smb3: do not attempt cifs operation in smb3 query info error path
smb3: allow stats which track session and share reconnects to be reset
w1: omap-hdq: fix missing bus unregister at removal
iio: adc: at91: fix wrong channel number in triggered buffer mode
iio: adc: at91: fix acking DRDY irq on simple conversions
iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs()
iio: ad5064: Fix regulator handling
kbuild: fix kernel/bounds.c 'W=1' warning
KVM: arm64: Fix caching of host MDCR_EL2 value
KVM: arm/arm64: Ensure only THP is candidate for adjustment
mm/hmm: fix race between hmm_mirror_unregister() and mmu_notifier callback
mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly
hugetlbfs: dirty pages as they are added to pagecache
ima: open a new file instance if no read permissions
ima: fix showing large 'violations' or 'runtime_measurements_count'
userfaultfd: disable irqs when taking the waitqueue lock
mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range()
crypto: speck - remove Speck
crypto: aegis/generic - fix for big endian systems
crypto: morus/generic - fix for big endian systems
crypto: aesni - don't use GFP_ATOMIC allocation if the request doesn't cross a page in gcm
crypto: tcrypt - fix ghash-generic speed test
crypto: lrw - Fix out-of bounds access on counter overflow
signal: Guard against negative signal numbers in copy_siginfo_from_user32
signal/GenWQE: Fix sending of SIGKILL
PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
PCI/ASPM: Fix link_state teardown on device removal
ARM: dts: dra7: Fix up unaligned access setting for PCIe EP
EDAC, skx_edac: Fix logical channel intermediate decoding
EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting
EDAC, amd64: Add Family 17h, models 10h-2fh support
HID: hiddev: fix potential Spectre v1
HID: wacom: Work around HID descriptor bug in DTK-2451 and DTH-2452
selinux: fix mounting of cgroup2 under older policies
ext4: fix use-after-free race in ext4_remount()'s error path
ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR
ext4: fix setattr project check in fssetxattr ioctl
ext4: initialize retries variable in ext4_da_write_inline_data_begin()
ext4: fix EXT4_IOC_SWAP_BOOT
gfs2_meta: ->mount() can get NULL dev_name
jbd2: fix use after free in jbd2_log_do_checkpoint()
IB/rxe: Revise the ib_wr_opcode enum
IB/mlx5: Fix MR cache initialization
ASoC: sta32x: set ->component pointer in private struct
ASoC: intel: skylake: Add missing break in skl_tplg_get_token()
libnvdimm, pmem: Fix badblocks population for 'raw' namespaces
libnvdimm, region: Fail badblocks listing for inactive regions
libnvdimm: Hold reference on parent while scheduling async init
scsi: target: Fix target_wait_for_sess_cmds breakage with active signals
scsi: sched/wait: Add wait_event_lock_irq_timeout for TASK_UNINTERRUPTIBLE usage
dmaengine: ppc4xx: fix off-by-one build failure
net/ipv4: defensive cipso option parsing
iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()
mt76: mt76x2: fix multi-interface beacon configuration
usb: gadget: udc: renesas_usb3: Fix b-device mode for "workaround"
usb: typec: tcpm: Fix APDO PPS order checking to be based on voltage
usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten
libertas: don't set URB_ZERO_PACKET on IN USB transfer
xen/pvh: don't try to unplug emulated devices
xen/pvh: increase early stack size
xen: make xen_qlock_wait() nestable
xen: fix race in xen_qlock_wait()
xen/balloon: Support xend-based toolstack
xen/blkfront: avoid NULL blkfront_info dereference on device removal
tpm: Restore functionality to xen vtpm driver.
xen-swiotlb: use actually allocated size on check physical continuous
ARM: dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250
ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings
OPP: Free OPP table properly on performance state irregularities
f2fs: fix to account IO correctly
f2fs: fix to recover cold bit of inode block during POR
f2fs: fix missing up_read
Revert "f2fs: fix to clear PG_checked flag in set_page_dirty()"
cpupower: Fix AMD Family 0x17 msr_pstate size
ALSA: hda: Check the non-cached stream buffers more explicitly
IB/rxe: fix for duplicate request processing and ack psns
dmaengine: dma-jz4780: Return error if not probed from DT
mfd: menelaus: Fix possible race condition and leak
f2fs: fix to flush all dirty inodes recovered in readonly fs
signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init
f2fs: report error if quota off error during umount
f2fs: avoid sleeping under spin_lock
scsi: lpfc: Correct race with abort on completion path
scsi: lpfc: Correct soft lockup when running mds diagnostics
uio: ensure class is registered before devices
IB/mlx5: Allow transition of DCI QP to reset
IB/ipoib: Use dev_port to expose network interface port numbers
firmware: coreboot: Unmap ioregion after device population
ASoC: AMD: Fix capture unstable in beginning for some runs
driver/dma/ioat: Call del_timer_sync() without holding prep_lock
Smack: ptrace capability use fixes
usb: chipidea: Prevent unbalanced IRQ disable
crypto: caam - fix implicit casts in endianness helpers
PCI: dwc: pci-dra7xx: Enable errata i870 for both EP and RC mode
coresight: etb10: Fix handling of perf mode
PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice
f2fs: fix to recover inode's i_flags during POR
f2fs: fix to recover inode's crtime during POR
scsi: qla2xxx: Fix recursive mailbox timeout
xhci: Avoid USB autosuspend when resuming USB2 ports.
nvmem: check the return value of nvmem_add_cells()
PCI: cadence: Correct probe behaviour when failing to get PHY
MD: fix invalid stored role for a disk
ext4: fix argument checking in EXT4_IOC_MOVE_EXT
usb: gadget: udc: atmel: handle at91sam9rl PMC
usb: dwc2: fix a race with external vbus supply
usb: dwc2: fix call to vbus supply exit routine, call it unlocked
irqchip/pdc: Setup all edge interrupts as rising edge at GIC
xprtrdma: Reset credit grant properly after a disconnect
PCI / ACPI: Enable wake automatically for power managed bridges
VMCI: Resource wildcard match fixed
Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask
f2fs: clear PageError on the read path
tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated
usb: typec: tcpm: Report back negotiated PPS voltage and current
PCI: cadence: Use AXI region 0 to signal interrupts from EP
PCI: mediatek: Fix mtk_pcie_find_port() endpoint/port matching logic
usb: host: ohci-at91: fix request of irq for optional gpio
RDMA/bnxt_re: Fix recursive lock warning in debug kernel
RDMA/bnxt_re: Avoid accessing nq->bar_reg_iomem in failure case
IB/ipoib: Clear IPCB before icmp_send
RDMA/cm: Respect returned status of cm_init_av_by_path
RDMA/core: Do not expose unsupported counters
scsi: megaraid_sas: fix a missing-check bug
KVM: nVMX: Clear reserved bits of #DB exit qualification
UAPI: ndctl: Fix g++-unsupported initialisation in headers
scsi: ufs: Schedule clk gating work on correct queue
scsi: esp_scsi: Track residual for PIO transfers
of: Add missing exports of node name compare functions
md: fix memleak for mempool
MD: Memory leak when flush bio size is zero
f2fs: fix to account IO correctly for cgroup writeback
net: stmmac: dwmac-sun8i: fix OF child-node lookup
cgroup, netclassid: add a preemption point to write_classid
cifs: fix a credits leak for compund commands
thermal: da9062/61: Prevent hardware access during system suspend
thermal: rcar_thermal: Prevent doing work after unbind
libata: Apply NOLPM quirk for SAMSUNG MZ7TD256HAFV-000L9
ath10k: schedule hardware restart if WMI command times out
wil6210: fix RX buffers release and unmap
ixgbevf: VF2VF TCP RSS
ixgbe: disallow IPsec Tx offload when in SR-IOV mode
gpio: brcmstb: allow 0 width GPIO banks
iwlwifi: mvm: fix BAR seq ctrl reporting
libertas_tf: prevent underflow in process_cmdrequest()
rsi: fix memory alignment issue in ARM32 platforms
mt76x2u: run device cleanup routine if resume fails
net: dsa: mv88e6xxx: Fix writing to a PHY page.
net: hns3: Fix for vf vlan delete failed problem
net: hns3: Fix ping exited problem when doing lp selftest
net: hns3: Preserve vlan 0 in hardware table
pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
perf tests: Fix record+probe_libc_inet_pton.sh without ping's debuginfo
failover: Add missing check to validate 'slave_dev' in net_failover_slave_unregister
bpf/verifier: fix verifier instability
pinctrl: qcom: spmi-mpp: Fix drive strength setting
ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
spi: gpio: No MISO does not imply no RX
kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
arm64: entry: Allow handling of undefined instructions from EL1
block, bfq: correctly charge and reset entity service in all cases
net: phy: phylink: ensure the carrier is off when starting phylink
net: hns3: Set STATE_DOWN bit of hdev state when stopping net
net: hns3: Check hdev state when getting link status
brcmfmac: fix for proper support of 160MHz bandwidth
pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
pinctrl: sunxi: fix 'pctrl->functions' allocation in sunxi_pinctrl_build_state
net: hns3: Fix ets validate issue
net: hns3: Add nic state check before calling netif_tx_wake_queue
x86: boot: Fix EFI stub alignment
efi/x86: Call efi_parse_options() from efi_main()
Bluetooth: hci_qca: Remove hdev dereference in qca_close().
Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth
net: hns3: Fix for packet buffer setting bug
ice: update fw version check logic
ice: fix changing of ring descriptor size (ethtool -G)
signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
ath10k: fix tx status flag setting for management frames
nvme: call nvme_complete_rq when nvmf_check_ready fails for mpath I/O
mtd: rawnand: atmel: Fix potential NULL pointer dereference
x86/intel_rdt: Show missing resctrl mount options
cpufreq: dt: Try freeing static OPPs only if we have added them
ACPI / processor: Fix the return value of acpi_processor_ids_walk()
ACPI / PM: LPIT: Register sysfs attributes based on FADT
ACPI/PPTT: Handle architecturally unknown cache types
wlcore: Fix BUG with clear completion on timeout
x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC
iwlwifi: mvm: check for n_profiles validity in EWRD ACPI
iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface
iwlwifi: pcie: avoid empty free RB queue
mtd: rawnand: denali: set SPARE_AREA_SKIP_BYTES register to 8 if unset
sdhci: acpi: add free_slot callback
mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
bcache: Populate writeback_rate_minimum attribute
cpupower: Fix coredump on VMWare
perf strbuf: Match va_{add,copy} with va_end
perf tools: Free 'printk' string in parse_ftrace_printk()
perf tools: Cleanup trace-event-info 'tdata' leak
perf tools: Free temporary 'sys' string in read_event_files()
spi: spi-ep93xx: Use dma_data_direction for ep93xx_spi_dma_{finish,prepare}
lightnvm: pblk: fix race condition on metadata I/O
lightnvm: pblk: fix two sleep-in-atomic-context bugs
lightnvm: pblk: fix race on sysfs line state
hwmon: (pwm-fan) Set fan speed to 0 on suspend
s390/sthyi: Fix machine name validity indication
tun: Consistently configure generic netdev params via rtnetlink
nfp: devlink port split support for 1x100G CXP NIC
hv_netvsc: fix vf serial matching with pci slot info
arm64: cpufeature: ctr: Fix cpu capability check for late CPUs
swim: fix cleanup on setup error
ataflop: fix error handling during setup
netfilter: xt_nat: fix DNAT target for shifted portmap ranges
locking/lockdep: Fix debug_locks off performance problem
net: loopback: clear skb->tstamp before netif_rx()
net: socionext: Reset tx queue in ndo_stop
ARM: dts: exynos: Disable pull control for MAX8997 interrupts on Origen
x86/numa_emulation: Fix uniform-split numa emulation
x86/mm/pat: Disable preemption around __flush_tlb_all()
x86/kvm/nVMX: allow bare VMXON state migration
x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided
x86/xen: Fix boot loader version reported for PVH guests
x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
ALSA: hda - Fix incorrect clearance of thinkpad_acpi hooks
ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
ALSA: hda: Add 2 more models to the power_save blacklist
ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
ALSA: hda - Fix headphone pin config for ASUS G751
ALSA: hda - Add quirk for ASUS G751 laptop
parisc: Fix exported address of os_hpmc handler
parisc: Fix map_pages() to not overwrite existing pte entries
parisc: Fix address in HPMC IVA
mailbox: PCC: handle parse error
ipmi: Fix timer race with module unload
kprobes/x86: Use preempt_enable() in optimized_callback()
acpi, nfit: Fix Address Range Scrub completion tracking
ACPICA: AML Parser: fix parse loop to correctly skip erroneous extended opcodes
ACPICA: AML interpreter: add region addresses in global list during initialization
ACPI / OSL: Use 'jiffies' as the time bassis for acpi_os_get_timer()
pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
dma-mapping: fix panic caused by passing empty cma command line argument
cpufreq: conservative: Take limits changes into account properly
block: make sure writesame bio is aligned with logical block size
block: make sure discard bio is aligned with logical block size
block: setup bounce bio_sets properly
jffs2: free jffs2_sb_info through jffs2_kill_sb()
hwmon: (pmbus) Fix page count auto-detection.
bcache: fix miss key refill->end in writeback
bcache: correct dirty data statistics
bcache: fix ioctl in flash device
bcache: trace missed reading by cache_missed
spi: bcm-qspi: fix calculation of address length
spi: bcm-qspi: switch back to reading flash using smaller chunks
spi: spi-mem: Adjust op len based on message/transfer size limitations
mtd: spi-nor: fsl-quadspi: Don't let -EINVAL on the bus
mtd: spi-nor: intel-spi: Add support for Intel Ice Lake SPI serial flash
mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB
mtd: maps: gpio-addr-flash: Fix ioremapped size
mtd: rawnand: marvell: fix the IRQ handler complete() condition
gpio: mxs: Get rid of external API call
MIPS: VDSO: Reduce VDSO_RANDOMIZE_SIZE to 64MB for 64bit
bpf: fix partial copy of map_ptr when dst is scalar
Conflicts:
drivers/iommu/arm-smmu.c
Change-Id: Iff6f46fb6932b2a41a7a3df5f2a18f1eddfb9d66
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Blagovest Kolenichev
|
403b0a7b18 |
Merge LTS tag v4.19.1 into msm-kona
* refs/heads/tmp-07a03b9: Linux 4.19.1 net: bridge: remove ipv6 zero address check in mcast queries sparc64: Wire up compat getpeername and getsockname. sparc64: Make corrupted user stacks more debuggable. sparc64: Export __node_distance. sctp: check policy more carefully when getting pr status Revert "be2net: remove desc field from be_eq_obj" r8169: fix broken Wake-on-LAN from S5 (poweroff) net: Properly unlink GRO packets on overflow. net: drop skb on failure in ip_check_defrag() mlxsw: core: Fix devlink unregister flow mlxsw: spectrum_switchdev: Don't ignore deletions of learned MACs net/smc: fix smc_buf_unuse to use the lgr pointer net/ipv6: Allow onlink routes to have a device mismatch if it is the default route openvswitch: Fix push/pop ethernet validation bonding: fix length of actor system vhost: Fix Spectre V1 vulnerability rtnetlink: Disallow FDB configuration for non-Ethernet device Revert "net: simplify sock_poll_wait" net: udp: fix handling of CHECKSUM_COMPLETE packets net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules net: sched: gred: pass the right attribute to gred_change_table_def() net/mlx5e: fix csum adjustments caused by RXFCS ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called bridge: do not add port to router list when receives query with source 0.0.0.0 Change-Id: Idde80d444a4a617490f19de89ccd72ba1daa5533 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org> |
||
|
Eric Biggers
|
a0f044f025 |
crypto: user - fix leaking uninitialized memory to userspace
commit f43f39958beb206b53292801e216d9b8a660f087 upstream.
All bytes of the NETLINK_CRYPTO report structures must be initialized,
since they are copied to userspace. The change from strncpy() to
strlcpy() broke this. As a minimal fix, change it back.
Fixes:
|
||
|
Jason A. Donenfeld
|
3252b60cf8 |
crypto: speck - remove Speck
commit 578bdaabd015b9b164842c3e8ace9802f38e7ecc upstream. These are unused, undesired, and have never actually been used by anybody. The original authors of this code have changed their mind about its inclusion. While originally proposed for disk encryption on low-end devices, the idea was discarded [1] in favor of something else before that could really get going. Therefore, this patch removes Speck. [1] https://marc.info/?l=linux-crypto-vger&m=153359499015659 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Acked-by: Eric Biggers <ebiggers@google.com> Cc: stable@vger.kernel.org Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Ard Biesheuvel
|
4f1f952246 |
crypto: aegis/generic - fix for big endian systems
commit 4a34e3c2f2f48f47213702a84a123af0fe21ad60 upstream.
Use the correct __le32 annotation and accessors to perform the
single round of AES encryption performed inside the AEGIS transform.
Otherwise, tcrypt reports:
alg: aead: Test 1 failed on encryption for aegis128-generic
00000000: 6c 25 25 4a 3c 10 1d 27 2b c1 d4 84 9a ef 7f 6e
alg: aead: Test 1 failed on encryption for aegis128l-generic
00000000: cd c6 e3 b8 a0 70 9d 8e c2 4f 6f fe 71 42 df 28
alg: aead: Test 1 failed on encryption for aegis256-generic
00000000: aa ed 07 b1 96 1d e9 e6 f2 ed b5 8e 1c 5f dc 1c
Fixes:
|
||
|
Ard Biesheuvel
|
964f374b3b |
crypto: morus/generic - fix for big endian systems
commit 5a8dedfa3276e88c5865f265195d63d72aec3e72 upstream.
Omit the endian swabbing when folding the lengths of the assoc and
crypt input buffers into the state to finalize the tag. This is not
necessary given that the memory representation of the state is in
machine native endianness already.
This fixes an error reported by tcrypt running on a big endian system:
alg: aead: Test 2 failed on encryption for morus640-generic
00000000: a8 30 ef fb e6 26 eb 23 b0 87 dd 98 57 f3 e1 4b
00000010: 21
alg: aead: Test 2 failed on encryption for morus1280-generic
00000000: 88 19 1b fb 1c 29 49 0e ee 82 2f cb 97 a6 a5 ee
00000010: 5f
Fixes:
|
||
|
Horia Geantă
|
94c7bb6598 |
crypto: tcrypt - fix ghash-generic speed test
commit 331351f89c36bf7d03561a28b6f64fa10a9f6f3a upstream.
ghash is a keyed hash algorithm, thus setkey needs to be called.
Otherwise the following error occurs:
$ modprobe tcrypt mode=318 sec=1
testing speed of async ghash-generic (ghash-generic)
tcrypt: test 0 ( 16 byte blocks, 16 bytes per update, 1 updates):
tcrypt: hashing failed ret=-126
Cc: <stable@vger.kernel.org> # 4.6+
Fixes:
|
||
|
Ondrej Mosnacek
|
c2ff394968 |
crypto: lrw - Fix out-of bounds access on counter overflow
commit fbe1a850b3b1522e9fc22319ccbbcd2ab05328d2 upstream.
When the LRW block counter overflows, the current implementation returns
128 as the index to the precomputed multiplication table, which has 128
entries. This patch fixes it to return the correct value (127).
Fixes:
|
||
|
Kees Cook
|
e08156eb14 |
crypto: cryptd - Remove VLA usage of skcipher
In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), which uses a fixed stack size. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Change-Id: I0f5cf2a2209b015e27a7ed627ba21c76ef24c36d Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Git-Commit: 36b3875a97b85e60eb612f8c72d19271c70b08fd Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org> |
||
|
Kees Cook
|
064e99d396 |
crypto: null - Remove VLA usage of skcipher
In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), which uses a fixed stack size. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Change-Id: I9f879e0a86eb4a9ff08d65a2128d230ec06e0f4c Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Git-Commit: 8d605398425843c7ce3c0e9a0434d832d3bd54cc Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org> |
||
|
Kees Cook
|
69e69705c0 |
crypto: skcipher - Introduce crypto_sync_skcipher
In preparation for removal of VLAs due to skcipher requests on the stack via SKCIPHER_REQUEST_ON_STACK() usage, this introduces the infrastructure for the "sync skcipher" tfm, which is for handling the on-stack cases of skcipher, which are always non-ASYNC and have a known limited request size. The crypto API additions: struct crypto_sync_skcipher (wrapper for struct crypto_skcipher) crypto_alloc_sync_skcipher() crypto_free_sync_skcipher() crypto_sync_skcipher_setkey() crypto_sync_skcipher_get_flags() crypto_sync_skcipher_set_flags() crypto_sync_skcipher_clear_flags() crypto_sync_skcipher_blocksize() crypto_sync_skcipher_ivsize() crypto_sync_skcipher_reqtfm() skcipher_request_set_sync_tfm() SYNC_SKCIPHER_REQUEST_ON_STACK() (with tfm type check) Change-Id: I9e6df0b1b97a9fde1ca8407793bdc9f4008db1c1 Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Git-Commit: b350bee5ea0f4db75d4c6191a2e95db16f40c278 Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org> |
||
|
Kees Cook
|
3a35ee62a5 |
crypto: shash - Remove VLA usage in unaligned hashing
In the quest to remove all stack VLA usage from the kernel[1], this uses the newly defined max alignment to perform unaligned hashing to avoid VLAs, and drops the helper function while adding sanity checks on the resulting buffer sizes. Additionally, the __aligned_largest macro is removed since this helper was the only user. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Change-Id: I5ac3bcad06454601823f8b69d6c08288285800e9 Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Git-Commit: f3569fd613f669c95ad187208ad281995f30cc2a Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org> |
||
|
Kees Cook
|
6dae78106a |
crypto: hash - Remove VLA usage
In the quest to remove all stack VLA usage from the kernel[1], this removes the VLAs in SHASH_DESC_ON_STACK (via crypto_shash_descsize()) by using the maximum allowable size (which is now more clearly captured in a macro), along with a few other cases. Similar limits are turned into macros as well. A review of existing sizes shows that SHA512_DIGEST_SIZE (64) is the largest digest size and that sizeof(struct sha3_state) (360) is the largest descriptor size. The corresponding maximums are reduced. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Change-Id: I5281cc251f49e9c7d9761f7ec7217dd08588c26d Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Git-Commit: b68a7ec1e9a3efac53ae26a1658a553825a2375c Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org> |
||
|
Ard Biesheuvel
|
8a4085c29c |
crypto: ccm - Remove VLA usage
In the quest to remove all stack VLA usage from the kernel[1], this drops AHASH_REQUEST_ON_STACK by preallocating the ahash request area combined with the skcipher area (which are not used at the same time). [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Change-Id: If8eb7d120ac64c0fbc8e67abd3d5921f548590ff Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Git-Commit: ebf533adc877d9171800bbce77372d8051fc35c2 Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org> |
||
|
Kees Cook
|
6d56799a6a |
crypto: xcbc - Remove VLA usage
In the quest to remove all stack VLA usage from the kernel[1], this uses the maximum blocksize and adds a sanity check. For xcbc, the blocksize must always be 16, so use that, since it's already being enforced during instantiation. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Change-Id: I4b1f851ccd31004cc5c0c28e73385aa16bcb53a9 Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Git-Commit: 3bdd23f886c08a0d649c535e1e2cf083ec600036 Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org> |
||
|
Kees Cook
|
69aafa11ff |
crypto: api - Introduce generic max blocksize and alignmask
In the quest to remove all stack VLA usage from the kernel[1], this exposes a new general upper bound on crypto blocksize and alignmask (higher than for the existing cipher limits) for VLA removal, and introduces new checks. At present, the highest cra_alignmask in the kernel is 63. The highest cra_blocksize is 144 (SHA3_224_BLOCK_SIZE, 18 8-byte words). For the new blocksize limit, I went with 160 (20 8-byte words). [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Change-Id: Icee27c45f542a9de25310b193c5bd08bc236996e Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Git-Repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Git-Commit: a9f7f88a12f1494deca1fd9e173c7ae886d14f91 Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org> |
||
|
Karsten Graul
|
fd54c188b3 |
Revert "net: simplify sock_poll_wait"
[ Upstream commit 89ab066d4229acd32e323f1569833302544a4186 ]
This reverts commit
|
||
|
Linus Torvalds
|
13bf2cf9e2 |
Merge tag 'dmaengine-4.19-rc1' of git://git.infradead.org/users/vkoul/slave-dma
Pull DMAengine updates from Vinod Koul:
"This round brings couple of framework changes, a new driver and usual
driver updates:
- new managed helper for dmaengine framework registration
- split dmaengine pause capability to pause and resume and allow
drivers to report that individually
- update dma_request_chan_by_mask() to handle deferred probing
- move imx-sdma to use virt-dma
- new driver for Actions Semi Owl family S900 controller
- minor updates to intel, renesas, mv_xor, pl330 etc"
* tag 'dmaengine-4.19-rc1' of git://git.infradead.org/users/vkoul/slave-dma: (46 commits)
dmaengine: Add Actions Semi Owl family S900 DMA driver
dt-bindings: dmaengine: Add binding for Actions Semi Owl SoCs
dmaengine: sh: rcar-dmac: Should not stop the DMAC by rcar_dmac_sync_tcr()
dmaengine: mic_x100_dma: use the new helper to simplify the code
dmaengine: add a new helper dmaenginem_async_device_register
dmaengine: imx-sdma: add memcpy interface
dmaengine: imx-sdma: add SDMA_BD_MAX_CNT to replace '0xffff'
dmaengine: dma_request_chan_by_mask() to handle deferred probing
dmaengine: pl330: fix irq race with terminate_all
dmaengine: Revert "dmaengine: mv_xor_v2: enable COMPILE_TEST"
dmaengine: mv_xor_v2: use {lower,upper}_32_bits to configure HW descriptor address
dmaengine: mv_xor_v2: enable COMPILE_TEST
dmaengine: mv_xor_v2: move unmap to before callback
dmaengine: mv_xor_v2: convert callback to helper function
dmaengine: mv_xor_v2: kill the tasklets upon exit
dmaengine: mv_xor_v2: explicitly freeup irq
dmaengine: sh: rcar-dmac: Add dma_pause operation
dmaengine: sh: rcar-dmac: add a new function to clear CHCR.DE with barrier
dmaengine: idma64: Support dmaengine_terminate_sync()
dmaengine: hsu: Support dmaengine_terminate_sync()
...
|
||
|
Yannik Sembritzki
|
817aef2600 |
Replace magic for trusting the secondary keyring with #define
Replace the use of a magic number that indicates that verify_*_signature() should use the secondary keyring with a symbol. Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me> Signed-off-by: David Howells <dhowells@redhat.com> Cc: keyrings@vger.kernel.org Cc: linux-security-module@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Linus Torvalds
|
f91e654474 |
Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull integrity updates from James Morris: "This adds support for EVM signatures based on larger digests, contains a new audit record AUDIT_INTEGRITY_POLICY_RULE to differentiate the IMA policy rules from the IMA-audit messages, addresses two deadlocks due to either loading or searching for crypto algorithms, and cleans up the audit messages" * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: EVM: fix return value check in evm_write_xattrs() integrity: prevent deadlock during digsig verification. evm: Allow non-SHA1 digital signatures evm: Don't deadlock if a crypto algorithm is unavailable integrity: silence warning when CONFIG_SECURITYFS is not enabled ima: Differentiate auditing policy rules from "audit" actions ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set ima: Use audit_log_format() rather than audit_log_string() ima: Call audit_log_string() rather than logging it untrusted |
||
|
Linus Torvalds
|
dafa5f6577 |
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto updates from Herbert Xu: "API: - Fix dcache flushing crash in skcipher. - Add hash finup self-tests. - Reschedule during speed tests. Algorithms: - Remove insecure vmac and replace it with vmac64. - Add public key verification for DH/ECDH. Drivers: - Decrease priority of sha-mb on x86. - Improve NEON latency/throughput on ARM64. - Add md5/sha384/sha512/des/3des to inside-secure. - Support eip197d in inside-secure. - Only register algorithms supported by the host in virtio. - Add cts and remove incompatible cts1 from ccree. - Add hisilicon SEC security accelerator driver. - Replace msm hwrng driver with qcom pseudo rng driver. Misc: - Centralize CRC polynomials" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (121 commits) crypto: arm64/ghash-ce - implement 4-way aggregation crypto: arm64/ghash-ce - replace NEON yield check with block limit crypto: hisilicon - sec_send_request() can be static lib/mpi: remove redundant variable esign crypto: arm64/aes-ce-gcm - don't reload key schedule if avoidable crypto: arm64/aes-ce-gcm - implement 2-way aggregation crypto: arm64/aes-ce-gcm - operate on two input blocks at a time crypto: dh - make crypto_dh_encode_key() make robust crypto: dh - fix calculating encoded key size crypto: ccp - Check for NULL PSP pointer at module unload crypto: arm/chacha20 - always use vrev for 16-bit rotates crypto: ccree - allow bigger than sector XTS op crypto: ccree - zero all of request ctx before use crypto: ccree - remove cipher ivgen left overs crypto: ccree - drop useless type flag during reg crypto: ablkcipher - fix crash flushing dcache in error path crypto: blkcipher - fix crash flushing dcache in error path crypto: skcipher - fix crash flushing dcache in error path crypto: skcipher - remove unnecessary setting of walk->nbytes crypto: scatterwalk - remove scatterwalk_samebuf() ... |
||
|
Eric Biggers
|
d6e43798b3 |
crypto: dh - make crypto_dh_encode_key() make robust
Make it return -EINVAL if crypto_dh_key_len() is incorrect rather than overflowing the buffer. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
||
|
Eric Biggers
|
35f7d5225f |
crypto: dh - fix calculating encoded key size
It was forgotten to increase DH_KPP_SECRET_MIN_SIZE to include 'q_size',
causing an out-of-bounds write of 4 bytes in crypto_dh_encode_key(), and
an out-of-bounds read of 4 bytes in crypto_dh_decode_key(). Fix it, and
fix the lengths of the test vectors to match this.
Reported-by: syzbot+6d38d558c25b53b8f4ed@syzkaller.appspotmail.com
Fixes:
|
||
|
Eric Biggers
|
318abdfbe7 |
crypto: ablkcipher - fix crash flushing dcache in error path
Like the skcipher_walk and blkcipher_walk cases:
scatterwalk_done() is only meant to be called after a nonzero number of
bytes have been processed, since scatterwalk_pagedone() will flush the
dcache of the *previous* page. But in the error case of
ablkcipher_walk_done(), e.g. if the input wasn't an integer number of
blocks, scatterwalk_done() was actually called after advancing 0 bytes.
This caused a crash ("BUG: unable to handle kernel paging request")
during '!PageSlab(page)' on architectures like arm and arm64 that define
ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE, provided that the input was
page-aligned as in that case walk->offset == 0.
Fix it by reorganizing ablkcipher_walk_done() to skip the
scatterwalk_advance() and scatterwalk_done() if an error has occurred.
Reported-by: Liu Chao <liuchao741@huawei.com>
Fixes:
|
||
|
Eric Biggers
|
0868def3e4 |
crypto: blkcipher - fix crash flushing dcache in error path
Like the skcipher_walk case:
scatterwalk_done() is only meant to be called after a nonzero number of
bytes have been processed, since scatterwalk_pagedone() will flush the
dcache of the *previous* page. But in the error case of
blkcipher_walk_done(), e.g. if the input wasn't an integer number of
blocks, scatterwalk_done() was actually called after advancing 0 bytes.
This caused a crash ("BUG: unable to handle kernel paging request")
during '!PageSlab(page)' on architectures like arm and arm64 that define
ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE, provided that the input was
page-aligned as in that case walk->offset == 0.
Fix it by reorganizing blkcipher_walk_done() to skip the
scatterwalk_advance() and scatterwalk_done() if an error has occurred.
This bug was found by syzkaller fuzzing.
Reproducer, assuming ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE:
#include <linux/if_alg.h>
#include <sys/socket.h>
#include <unistd.h>
int main()
{
struct sockaddr_alg addr = {
.salg_type = "skcipher",
.salg_name = "ecb(aes-generic)",
};
char buffer[4096] __attribute__((aligned(4096))) = { 0 };
int fd;
fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(fd, (void *)&addr, sizeof(addr));
setsockopt(fd, SOL_ALG, ALG_SET_KEY, buffer, 16);
fd = accept(fd, NULL, NULL);
write(fd, buffer, 15);
read(fd, buffer, 15);
}
Reported-by: Liu Chao <liuchao741@huawei.com>
Fixes:
|
||
|
Eric Biggers
|
8088d3dd4d |
crypto: skcipher - fix crash flushing dcache in error path
scatterwalk_done() is only meant to be called after a nonzero number of
bytes have been processed, since scatterwalk_pagedone() will flush the
dcache of the *previous* page. But in the error case of
skcipher_walk_done(), e.g. if the input wasn't an integer number of
blocks, scatterwalk_done() was actually called after advancing 0 bytes.
This caused a crash ("BUG: unable to handle kernel paging request")
during '!PageSlab(page)' on architectures like arm and arm64 that define
ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE, provided that the input was
page-aligned as in that case walk->offset == 0.
Fix it by reorganizing skcipher_walk_done() to skip the
scatterwalk_advance() and scatterwalk_done() if an error has occurred.
This bug was found by syzkaller fuzzing.
Reproducer, assuming ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE:
#include <linux/if_alg.h>
#include <sys/socket.h>
#include <unistd.h>
int main()
{
struct sockaddr_alg addr = {
.salg_type = "skcipher",
.salg_name = "cbc(aes-generic)",
};
char buffer[4096] __attribute__((aligned(4096))) = { 0 };
int fd;
fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(fd, (void *)&addr, sizeof(addr));
setsockopt(fd, SOL_ALG, ALG_SET_KEY, buffer, 16);
fd = accept(fd, NULL, NULL);
write(fd, buffer, 15);
read(fd, buffer, 15);
}
Reported-by: Liu Chao <liuchao741@huawei.com>
Fixes:
|
||
|
Eric Biggers
|
2a57c0be22 |
crypto: skcipher - remove unnecessary setting of walk->nbytes
Setting 'walk->nbytes = walk->total' in skcipher_walk_first() doesn't make sense because actually walk->nbytes needs to be set to the length of the first step in the walk, which may be less than walk->total. This is done by skcipher_walk_next() which is called immediately afterwards. Also walk->nbytes was already set to 0 in skcipher_walk_skcipher(), which is a better default value in case it's forgotten to be set later. Therefore, remove the unnecessary assignment to walk->nbytes. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
||
|
Eric Biggers
|
8c30fbe63e |
crypto: scatterwalk - remove 'chain' argument from scatterwalk_crypto_chain()
All callers pass chain=0 to scatterwalk_crypto_chain(). Remove this unneeded parameter. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
||
|
Eric Biggers
|
0567fc9e90 |
crypto: skcipher - fix aligning block size in skcipher_copy_iv()
The ALIGN() macro needs to be passed the alignment, not the alignmask
(which is the alignment minus 1).
Fixes:
|
||
|
Horia Geantă
|
2af632996b |
crypto: tcrypt - reschedule during speed tests
Avoid RCU stalls in the case of non-preemptible kernel and lengthy speed tests by rescheduling when advancing from one block size to another. Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
||
|
Stephan Müller
|
43490e8046 |
crypto: drbg - in-place cipher operation for CTR
The cipher implementations of the kernel crypto API favor in-place
cipher operations. Thus, switch the CTR cipher operation in the DRBG to
perform in-place operations. This is implemented by using the output
buffer as input buffer and zeroizing it before the cipher operation to
implement a CTR encryption of a NULL buffer.
The speed improvement is quite visibile with the following comparison
using the LRNG implementation.
Without the patch set:
16 bytes| 12.267661 MB/s| 61338304 bytes | 5000000213 ns
32 bytes| 23.603770 MB/s| 118018848 bytes | 5000000073 ns
64 bytes| 46.732262 MB/s| 233661312 bytes | 5000000241 ns
128 bytes| 90.038042 MB/s| 450190208 bytes | 5000000244 ns
256 bytes| 160.399616 MB/s| 801998080 bytes | 5000000393 ns
512 bytes| 259.878400 MB/s| 1299392000 bytes | 5000001675 ns
1024 bytes| 386.050662 MB/s| 1930253312 bytes | 5000001661 ns
2048 bytes| 493.641728 MB/s| 2468208640 bytes | 5000001598 ns
4096 bytes| 581.835981 MB/s| 2909179904 bytes | 5000003426 ns
With the patch set:
16 bytes | 17.051142 MB/s | 85255712 bytes | 5000000854 ns
32 bytes | 32.695898 MB/s | 163479488 bytes | 5000000544 ns
64 bytes | 64.490739 MB/s | 322453696 bytes | 5000000954 ns
128 bytes | 123.285043 MB/s | 616425216 bytes | 5000000201 ns
256 bytes | 233.434573 MB/s | 1167172864 bytes | 5000000573 ns
512 bytes | 384.405197 MB/s | 1922025984 bytes | 5000000671 ns
1024 bytes | 566.313370 MB/s | 2831566848 bytes | 5000001080 ns
2048 bytes | 744.518042 MB/s | 3722590208 bytes | 5000000926 ns
4096 bytes | 867.501670 MB/s | 4337508352 bytes | 5000002181 ns
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
|
||
|
Herbert Xu
|
c5f5aeef9b |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux
Merge mainline to pick up
|
||
|
Christoph Hellwig
|
dd979b4df8 |
net: simplify sock_poll_wait
The wait_address argument is always directly derived from the filp argument, so remove it. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Gustavo A. R. Silva
|
a478908993 |
crypto: rmd320 - use swap macro in rmd320_transform
Make use of the swap macro and remove unnecessary variable *tmp*. This makes the code easier to read and maintain. This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |