openwrt/staging/blogic.git
8 years agolib: asn1_decoder - add MODULE_LICENSE("GPL")
Tudor Ambarus [Fri, 29 Apr 2016 14:48:08 +0000 (17:48 +0300)]
lib: asn1_decoder - add MODULE_LICENSE("GPL")

A kernel taint results when loading the rsa_generic module:

root@(none):~# modprobe rsa_generic
asn1_decoder: module license 'unspecified' taints kernel.
Disabling lock debugging due to kernel taint

"Tainting" of the kernel is (usually) a way of indicating that
a proprietary module has been inserted, which is not the case here.

Signed-off-by: Tudor Ambarus <tudor-dan.ambarus@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: omap-sham - Use dma_request_chan() for requesting DMA channel
Peter Ujfalusi [Fri, 29 Apr 2016 13:03:41 +0000 (16:03 +0300)]
crypto: omap-sham - Use dma_request_chan() for requesting DMA channel

With the new dma_request_chan() the client driver does not need to look for
the DMA resource and it does not need to pass filter_fn anymore.
By switching to the new API the driver can now support deferred probing
against DMA.

Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
CC: Herbert Xu <herbert@gondor.apana.org.au>
CC: David S. Miller <davem@davemloft.net>
CC: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: omap-des - Use dma_request_chan() for requesting DMA channel
Peter Ujfalusi [Fri, 29 Apr 2016 13:02:56 +0000 (16:02 +0300)]
crypto: omap-des - Use dma_request_chan() for requesting DMA channel

With the new dma_request_chan() the client driver does not need to look for
the DMA resource and it does not need to pass filter_fn anymore.
By switching to the new API the driver can now support deferred probing
against DMA.

Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
CC: Herbert Xu <herbert@gondor.apana.org.au>
CC: David S. Miller <davem@davemloft.net>
CC: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: omap-aes - Use dma_request_chan() for requesting DMA channel
Peter Ujfalusi [Fri, 29 Apr 2016 13:02:18 +0000 (16:02 +0300)]
crypto: omap-aes - Use dma_request_chan() for requesting DMA channel

With the new dma_request_chan() the client driver does not need to look for
the DMA resource and it does not need to pass filter_fn anymore.
By switching to the new API the driver can now support deferred probing
against DMA.

Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
CC: Herbert Xu <herbert@gondor.apana.org.au>
CC: David S. Miller <davem@davemloft.net>
CC: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: omap-des - Integrate with the crypto engine framework
Baolin Wang [Thu, 28 Apr 2016 06:11:51 +0000 (14:11 +0800)]
crypto: omap-des - Integrate with the crypto engine framework

Since the crypto engine framework had been merged, thus this patch integrates
with the newly added crypto engine framework to make the crypto hardware
engine under utilized as each block needs to be processed before the crypto
hardware can start working on the next block.

The crypto engine framework can manage and process the requests automatically,
so remove the 'queue' and 'queue_task' things in omap des driver.

Signed-off-by: Baolin <baolin.wang@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Herbert Xu [Tue, 3 May 2016 08:01:52 +0000 (16:01 +0800)]
Merge git://git./linux/kernel/git/herbert/crypto-2.6

Merge the crypto tree to pull in the qat adf_init_pf_wq fix.

8 years agocrypto: qat - fix adf_ctl_drv.c:undefined reference to adf_init_pf_wq
Tadeusz Struk [Fri, 29 Apr 2016 17:43:40 +0000 (10:43 -0700)]
crypto: qat - fix adf_ctl_drv.c:undefined reference to adf_init_pf_wq

Fix undefined reference issue reported by kbuild test robot.

Cc: <stable@vger.kernel.org>
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: s5p-sss - fix incorrect usage of scatterlists api
Marek Szyprowski [Tue, 26 Apr 2016 07:29:26 +0000 (09:29 +0200)]
crypto: s5p-sss - fix incorrect usage of scatterlists api

sg_dma_len() macro can be used only on scattelists which are mapped, so
all calls to it before dma_map_sg() are invalid. Replace them by proper
check for direct sg segment length read.

Fixes: a49e490c7a8a ("crypto: s5p-sss - add S5PV210 advanced crypto engine support")
Fixes: 9e4a1100a445 ("crypto: s5p-sss - Handle unaligned buffers")
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Acked-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Herbert Xu [Thu, 28 Apr 2016 01:13:03 +0000 (09:13 +0800)]
Merge git://git./linux/kernel/git/herbert/crypto-2.6

Merge the crypto tree to pull in the qat adf_init_pf_wq change.

8 years agocrypto: qat - fix invalid pf2vf_resp_wq logic
Tadeusz Struk [Mon, 25 Apr 2016 14:32:19 +0000 (07:32 -0700)]
crypto: qat - fix invalid pf2vf_resp_wq logic

The pf2vf_resp_wq is a global so it has to be created at init
and destroyed at exit, instead of per device.

Cc: <stable@vger.kernel.org>
Tested-by: Suresh Marikkannu <sureshx.marikkannu@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: s5p-sss - Fix missed interrupts when working with 8 kB blocks
Krzysztof Kozlowski [Fri, 22 Apr 2016 12:15:23 +0000 (14:15 +0200)]
crypto: s5p-sss - Fix missed interrupts when working with 8 kB blocks

The tcrypt testing module on Exynos5422-based Odroid XU3/4 board failed on
testing 8 kB size blocks:

$ sudo modprobe tcrypt sec=1 mode=500
testing speed of async ecb(aes) (ecb-aes-s5p) encryption
test 0 (128 bit key, 16 byte blocks): 21971 operations in 1 seconds (351536 bytes)
test 1 (128 bit key, 64 byte blocks): 21731 operations in 1 seconds (1390784 bytes)
test 2 (128 bit key, 256 byte blocks): 21932 operations in 1 seconds (5614592 bytes)
test 3 (128 bit key, 1024 byte blocks): 21685 operations in 1 seconds (22205440 bytes)
test 4 (128 bit key, 8192 byte blocks):

This was caused by a race issue of missed BRDMA_DONE ("Block cipher
Receiving DMA") interrupt. Device starts processing the data in DMA mode
immediately after setting length of DMA block: receiving (FCBRDMAL) or
transmitting (FCBTDMAL). The driver sets these lengths from interrupt
handler through s5p_set_dma_indata() function (or xxx_setdata()).

However the interrupt handler was first dealing with receive buffer
(dma-unmap old, dma-map new, set receive block length which starts the
operation), then with transmit buffer and finally was clearing pending
interrupts (FCINTPEND). Because of the time window between setting
receive buffer length and clearing pending interrupts, the operation on
receive buffer could end already and driver would miss new interrupt.

User manual for Exynos5422 confirms in example code that setting DMA
block lengths should be the last operation.

The tcrypt hang could be also observed in following blocked-task dmesg:

INFO: task modprobe:258 blocked for more than 120 seconds.
      Not tainted 4.6.0-rc4-next-20160419-00005-g9eac8b7b7753-dirty #42
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
modprobe        D c06b09d8     0   258    256 0x00000000
[<c06b09d8>] (__schedule) from [<c06b0f24>] (schedule+0x40/0xac)
[<c06b0f24>] (schedule) from [<c06b49f8>] (schedule_timeout+0x124/0x178)
[<c06b49f8>] (schedule_timeout) from [<c06b17fc>] (wait_for_common+0xb8/0x144)
[<c06b17fc>] (wait_for_common) from [<bf0013b8>] (test_acipher_speed+0x49c/0x740 [tcrypt])
[<bf0013b8>] (test_acipher_speed [tcrypt]) from [<bf003e8c>] (do_test+0x2240/0x30ec [tcrypt])
[<bf003e8c>] (do_test [tcrypt]) from [<bf008048>] (tcrypt_mod_init+0x48/0xa4 [tcrypt])
[<bf008048>] (tcrypt_mod_init [tcrypt]) from [<c010177c>] (do_one_initcall+0x3c/0x16c)
[<c010177c>] (do_one_initcall) from [<c0191ff0>] (do_init_module+0x5c/0x1ac)
[<c0191ff0>] (do_init_module) from [<c0185610>] (load_module+0x1a30/0x1d08)
[<c0185610>] (load_module) from [<c0185ab0>] (SyS_finit_module+0x8c/0x98)
[<c0185ab0>] (SyS_finit_module) from [<c01078c0>] (ret_fast_syscall+0x0/0x3c)

Fixes: a49e490c7a8a ("crypto: s5p-sss - add S5PV210 advanced crypto engine support")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: s5p-sss - Use common BIT macro
Krzysztof Kozlowski [Fri, 22 Apr 2016 12:15:22 +0000 (14:15 +0200)]
crypto: s5p-sss - Use common BIT macro

The BIT() macro is obvious and well known, so prefer to use it instead
of crafted own macro.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: mxc-scc - fix unwinding in mxc_scc_crypto_register()
Dan Carpenter [Fri, 22 Apr 2016 10:01:39 +0000 (13:01 +0300)]
crypto: mxc-scc - fix unwinding in mxc_scc_crypto_register()

There are two issues here:

1) We need to decrement "i" otherwise we unregister something that was
   not successfully registered.
2) The original code did not unregister the first element in the array
   where i is zero.

Fixes: d293b640ebd5 ('crypto: mxc-scc - add basic driver for the MXC SCC')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: mxc-scc - signedness bugs in mxc_scc_ablkcipher_req_init()
Dan Carpenter [Fri, 22 Apr 2016 09:56:31 +0000 (12:56 +0300)]
crypto: mxc-scc - signedness bugs in mxc_scc_ablkcipher_req_init()

->src_nents and ->dst_nents are unsigned so they can't be less than
zero.  I fixed this by introducing a temporary "nents" variable.

Fixes: d293b640ebd5 ('crypto: mxc-scc - add basic driver for the MXC SCC')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: talitos - fix ahash algorithms registration
Horia Geant? [Thu, 21 Apr 2016 16:24:55 +0000 (19:24 +0300)]
crypto: talitos - fix ahash algorithms registration

Provide hardware state import/export functionality, as mandated by
commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero")

Cc: <stable@vger.kernel.org> # 4.3+
Reported-by: Jonas Eymann <J.Eymann@gmx.net>
Signed-off-by: Horia Geant? <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ccp - Ensure all dependencies are specified
Gary R Hook [Wed, 20 Apr 2016 14:55:12 +0000 (09:55 -0500)]
crypto: ccp - Ensure all dependencies are specified

A DMA_ENGINE requires DMADEVICES in Kconfig

Signed-off-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: marvell/cesa - Improving code readability
Romain Perier [Tue, 19 Apr 2016 15:09:20 +0000 (17:09 +0200)]
crypto: marvell/cesa - Improving code readability

When looking for available engines, the variable "engine" is
assigned to "&cesa->engines[i]" at the beginning of the for loop. Replacing
next occurences of "&cesa->engines[i]" by "engine" and in order to improve
readability.

Signed-off-by: Romain Perier <romain.perier@free-electrons.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: s5p-sss - Remove useless hash interrupt handler
Krzysztof Kozlowski [Tue, 19 Apr 2016 13:44:12 +0000 (15:44 +0200)]
crypto: s5p-sss - Remove useless hash interrupt handler

Beside regular feed control interrupt, the driver requires also hash
interrupt for older SoCs (samsung,s5pv210-secss). However after
requesting it, the interrupt handler isn't doing anything with it, not
even clearing the hash interrupt bit.

Driver does not provide hash functions so it is safe to remove the hash
interrupt related code and to not require the interrupt in Device Tree.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: s5p-sss - Fix use after free of copied input buffer in error path
Krzysztof Kozlowski [Tue, 19 Apr 2016 13:44:11 +0000 (15:44 +0200)]
crypto: s5p-sss - Fix use after free of copied input buffer in error path

The driver makes copies of memory (input or output scatterlists) if they
are not aligned. In s5p_aes_crypt_start() error path (on unsuccessful
initialization of output scatterlist), if input scatterlist was not
aligned, the driver first freed copied input memory and then unmapped it
from the device, instead of doing otherwise (unmap and then free).

This was wrong in two ways:
1. Freed pages were still mapped to the device.
2. The dma_unmap_sg() iterated over freed scatterlist structure.

The call to s5p_free_sg_cpy() in this error path is not needed because
the copied scatterlists will be freed by s5p_aes_complete().

Fixes: 9e4a1100a445 ("crypto: s5p-sss - Handle unaligned buffers")
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ccp - Register the CCP as a DMA resource
Gary R Hook [Mon, 18 Apr 2016 14:21:44 +0000 (09:21 -0500)]
crypto: ccp - Register the CCP as a DMA resource

The CCP has the ability to provide DMA services to the
kernel using pass-through mode of the device. Register
these services as general purpose DMA channels.

Changes since v2:
- Add a Signed-off-by

Changes since v1:
- Allocate memory for a string in ccp_dmaengine_register
- Ensure register/unregister calls are properly ordered
- Verified all changed files are listed in the diffstat
- Undo some superfluous changes
- Added a cc:

Signed-off-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto4xx: integrate ppc4xx-rng into crypto4xx
Christian Lamparter [Mon, 18 Apr 2016 10:57:41 +0000 (12:57 +0200)]
crypto4xx: integrate ppc4xx-rng into crypto4xx

This patch integrates the ppc4xx-rng driver into the existing
crypto4xx. This is because the true random number generator
is controlled and part of the security core.

Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoeCryptfs: Do not allocate hash tfm in NORECLAIM context
Herbert Xu [Sat, 16 Apr 2016 07:01:09 +0000 (15:01 +0800)]
eCryptfs: Do not allocate hash tfm in NORECLAIM context

You cannot allocate crypto tfm objects in NORECLAIM or NOFS contexts.
The ecryptfs code currently does exactly that for the MD5 tfm.

This patch fixes it by preallocating the MD5 tfm in a safe context.

The MD5 tfm is also reentrant so this patch removes the superfluous
cs_hash_tfm_mutex.

Reported-by: Nicolas Boichat <drinkcat@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: talitos - fix AEAD tcrypt tests
Horia Geant? [Tue, 19 Apr 2016 17:33:48 +0000 (20:33 +0300)]
crypto: talitos - fix AEAD tcrypt tests

After conversion to new AEAD interface, tcrypt tests fail as follows:

[...]
[    1.145414] alg: aead: Test 1 failed on encryption for authenc-hmac-sha1-cbc-aes-talitos
[    1.153564] 00000000: 53 69 6e 67 6c 65 20 62 6c 6f 63 6b 20 6d 73 67
[    1.160041] 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    1.166509] 00000020: 00 00 00 00
[...]

Fix them by providing the correct cipher in & cipher out pointers,
i.e. must skip over associated data in src and dst S/G.

While here, fix a problem with the HW S/G table index usage:
tbl_off must be updated after the pointer to the table entries is set.

Cc: <stable@vger.kernel.org> # 4.3+
Fixes: aeb4c132f33d ("crypto: talitos - Convert to new AEAD interface")
Reported-by: Jonas Eymann <J.Eymann@gmx.net>
Signed-off-by: Horia Geant? <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: talitos - fix crash in talitos_cra_init()
Jonas Eymann [Tue, 19 Apr 2016 17:33:47 +0000 (20:33 +0300)]
crypto: talitos - fix crash in talitos_cra_init()

Conversion of talitos driver to the new AEAD interface
hasn't been properly tested.

AEAD algorithms crash in talitos_cra_init as follows:

[...]
[    1.141095] talitos ffe30000.crypto: hwrng
[    1.145381] Unable to handle kernel paging request for data at address 0x00000058
[    1.152913] Faulting instruction address: 0xc02accc0
[    1.157910] Oops: Kernel access of bad area, sig: 11 [#1]
[    1.163315] SMP NR_CPUS=2 P1020 RDB
[    1.166810] Modules linked in:
[    1.169875] CPU: 0 PID: 1007 Comm: cryptomgr_test Not tainted 4.4.6 #1
[    1.176415] task: db5ec200 ti: db4d6000 task.ti: db4d6000
[    1.181821] NIP: c02accc0 LR: c02acd18 CTR: c02acd04
[    1.186793] REGS: db4d7d30 TRAP: 0300   Not tainted  (4.4.6)
[    1.192457] MSR: 00029000 <CE,EE,ME>  CR: 95009359  XER: e0000000
[    1.198585] DEAR: 00000058 ESR: 00000000
GPR00: c017bdc0 db4d7de0 db5ec200 df424b48 00000000 00000000 df424bfc db75a600
GPR08: df424b48 00000000 db75a628 db4d6000 00000149 00000000 c0044cac db5acda0
GPR16: 00000000 00000000 00000000 00000000 00000000 00000000 00000400 df424940
GPR24: df424900 00003083 00000400 c0180000 db75a640 c03e9f84 df424b40 df424b48
[    1.230978] NIP [c02accc0] talitos_cra_init+0x28/0x6c
[    1.236039] LR [c02acd18] talitos_cra_init_aead+0x14/0x28
[    1.241443] Call Trace:
[    1.243894] [db4d7de0] [c03e9f84] 0xc03e9f84 (unreliable)
[    1.249322] [db4d7df0] [c017bdc0] crypto_create_tfm+0x5c/0xf0
[    1.255083] [db4d7e10] [c017beec] crypto_alloc_tfm+0x98/0xf8
[    1.260769] [db4d7e40] [c0186a20] alg_test_aead+0x28/0xc8
[    1.266181] [db4d7e60] [c0186718] alg_test+0x260/0x2e0
[    1.271333] [db4d7ee0] [c0183860] cryptomgr_test+0x30/0x54
[    1.276843] [db4d7ef0] [c0044d80] kthread+0xd4/0xd8
[    1.281741] [db4d7f40] [c000e4a4] ret_from_kernel_thread+0x5c/0x64
[    1.287930] Instruction dump:
[    1.290902] 38600000 4e800020 81230028 7c681b78 81490010 38e9ffc0 3929ffe8 554a073e
[    1.298691] 2b8a000a 7d474f9e 812a0008 91230030 <80e9005839270060 7c0004ac 7cc04828

Cc: <stable@vger.kernel.org> # 4.3+
Fixes: aeb4c132f33d ("crypto: talitos - Convert to new AEAD interface")
Signed-off-by: Jonas Eymann <J.Eymann@gmx.net>
Fix typo - replaced parameter of __crypto_ahash_alg(): s/tfm/alg
Remove checkpatch warnings.
Add commit message.

Signed-off-by: Horia Geant? <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - fix section mismatch warning
Tadeusz Struk [Fri, 15 Apr 2016 17:54:07 +0000 (10:54 -0700)]
crypto: qat - fix section mismatch warning

Fix Section mismatch warinig in adf_exit_vf_wq()

Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - interrupts need to be enabled when VFs are disabled
Tadeusz Struk [Fri, 15 Apr 2016 17:38:00 +0000 (10:38 -0700)]
crypto: qat - interrupts need to be enabled when VFs are disabled

IRQs need to be enabled when VFs go down in case some VF to PF
comms happens.

Tested-by: Suman Bangalore Sathyanarayana <sumanx.bangalore.sathyanarayana@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - check if PF is running
Tadeusz Struk [Fri, 15 Apr 2016 17:37:59 +0000 (10:37 -0700)]
crypto: qat - check if PF is running

Before VF sends a signal to PF it should check if PF
is still running.

Tested-by: Suman Bangalore Sathyanarayana <sumanx.bangalore.sathyanarayana@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - move vf2pf_init and vf2pf_exit to common
Tadeusz Struk [Fri, 15 Apr 2016 17:37:58 +0000 (10:37 -0700)]
crypto: qat - move vf2pf_init and vf2pf_exit to common

The vf2pf_init and vf2pf_exit are exactly the same for all VFs
so move them to common and reuse.

Tested-by: Suman Bangalore Sathyanarayana <sumanx.bangalore.sathyanarayana@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: lzo - get rid of superfluous __GFP_REPEAT
Michal Hocko [Thu, 14 Apr 2016 08:51:42 +0000 (10:51 +0200)]
crypto: lzo - get rid of superfluous __GFP_REPEAT

__GFP_REPEAT has a rather weak semantic but since it has been introduced
around 2.6.12 it has been ignored for low order allocations.

lzo_init uses __GFP_REPEAT to allocate LZO1X_MEM_COMPRESS 16K. This is
order 3 allocation request and __GFP_REPEAT is ignored for this size
as well as all <= PAGE_ALLOC_COSTLY requests.

Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agohwrng: hisi - Add support for Hisilicon SoC RNG
Kefeng Wang [Wed, 13 Apr 2016 10:11:28 +0000 (18:11 +0800)]
hwrng: hisi - Add support for Hisilicon SoC RNG

This adds the Hisilicon Random Number Generator(RNG) support,
which is found in Hip04 and Hip05 soc.

Reviewed-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agodt/bindings: Add bindings for hisilicon random number generator
Kefeng Wang [Wed, 13 Apr 2016 10:11:27 +0000 (18:11 +0800)]
dt/bindings: Add bindings for hisilicon random number generator

Document the devicetree bindings for the random number generator found
on Hisilicon Hip04 and Hip05 soc.

Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Acked-by: Rob Herring <rob@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: mxc-scc - add basic driver for the MXC SCC
Steffen Trumtrar [Tue, 12 Apr 2016 09:04:26 +0000 (11:04 +0200)]
crypto: mxc-scc - add basic driver for the MXC SCC

According to the Freescale GPL driver code, there are two different
Security Controller (SCC) versions: SCC and SCC2.

The SCC is found on older i.MX SoCs, e.g. the i.MX25. This is the
version implemented and tested here.

As there is no publicly available documentation for this IP core,
all information about this unit is gathered from the GPL'ed driver
from Freescale.

Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoARM: i.MX25: add scc module to dtsi
Steffen Trumtrar [Tue, 12 Apr 2016 09:04:25 +0000 (11:04 +0200)]
ARM: i.MX25: add scc module to dtsi

Add the Security Controller (SCC) module to the dtsi.

Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoDocumentation: devicetree: add Freescale SCC bindings
Steffen Trumtrar [Tue, 12 Apr 2016 09:04:24 +0000 (11:04 +0200)]
Documentation: devicetree: add Freescale SCC bindings

Add documentation for the Freescale Security Controller (SCC)
found on i.MX25 SoCs.

Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - adf_dev_stop should not be called in atomic context
Tadeusz Struk [Wed, 6 Apr 2016 18:01:54 +0000 (11:01 -0700)]
crypto: qat - adf_dev_stop should not be called in atomic context

VFs call adf_dev_stop() from a PF to VF interrupt bottom half.
This causes an oops "scheduling while atomic", because it tries
to acquire a mutex to un-register crypto algorithms.
This patch fixes the issue by calling adf_dev_stop() asynchronously.

Changes in v2:
 - change kthread to a work queue.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ccp - Fix RT breaking #include <linux/rwlock_types.h>
Mike Galbraith [Tue, 5 Apr 2016 13:03:21 +0000 (15:03 +0200)]
crypto: ccp - Fix RT breaking #include <linux/rwlock_types.h>

Direct include of rwlock_types.h breaks RT, use spinlock_types.h instead.

Fixes: 553d2374db0b crypto: ccp - Support for multiple CCPs
Signed-off-by: Mike Galbraith <umgwanakikbuti@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: doc - document correct return value for request allocation
Eric Biggers [Sat, 2 Apr 2016 15:54:56 +0000 (10:54 -0500)]
crypto: doc - document correct return value for request allocation

Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: ccp - Prevent information leakage on export
Tom Lendacky [Wed, 13 Apr 2016 15:52:25 +0000 (10:52 -0500)]
crypto: ccp - Prevent information leakage on export

Prevent information from leaking to userspace by doing a memset to 0 of
the export state structure before setting the structure values and copying
it. This prevents un-initialized padding areas from being copied into the
export area.

Cc: <stable@vger.kernel.org> # 3.14.x-
Reported-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sha1-mb - use corrcet pointer while completing jobs
Xiaodong Liu [Tue, 12 Apr 2016 09:45:51 +0000 (09:45 +0000)]
crypto: sha1-mb - use corrcet pointer while completing jobs

In sha_complete_job, incorrect mcryptd_hash_request_ctx pointer is used
when check and complete other jobs. If the memory of first completed req
is freed, while still completing other jobs in the func, kernel will
crash since NULL pointer is assigned to RIP.

Cc: <stable@vger.kernel.org>
Signed-off-by: Xiaodong Liu <xiaodong.liu@intel.com>
Acked-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: rsa-pkcs1pad - fix dst len
Tadeusz Struk [Wed, 6 Apr 2016 21:42:32 +0000 (14:42 -0700)]
crypto: rsa-pkcs1pad - fix dst len

The output buffer length has to be at least as big as the key_size.
It is then updated to the actual output size by the implementation.

Cc: <stable@vger.kernel.org>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agohwrng: exynos - Fix misspelled Samsung address
Krzysztof Kozlowski [Tue, 5 Apr 2016 02:04:28 +0000 (11:04 +0900)]
hwrng: exynos - Fix misspelled Samsung address

Correct smasung.com into samsung.com.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - changed adf_dev_stop to void
Tadeusz Struk [Tue, 29 Mar 2016 17:21:07 +0000 (10:21 -0700)]
crypto: qat - changed adf_dev_stop to void

It returns always zero anyway.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - explicitly stop all VFs first
Tadeusz Struk [Tue, 29 Mar 2016 17:20:52 +0000 (10:20 -0700)]
crypto: qat - explicitly stop all VFs first

When stopping devices it is not enought to loop backwards.
We need to explicitly stop all VFs first.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: drbg - set HMAC key only when altered
Stephan Mueller [Mon, 28 Mar 2016 14:47:55 +0000 (16:47 +0200)]
crypto: drbg - set HMAC key only when altered

The HMAC implementation allows setting the HMAC key independently from
the hashing operation. Therefore, the key only needs to be set when a
new key is generated.

This patch increases the speed of the HMAC DRBG by at least 35% depending
on the use case.

The patch is fully CAVS tested.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: sun4i-ss - Replace spinlock_bh by spin_lock_irq{save|restore}
Corentin LABBE [Wed, 23 Mar 2016 15:11:24 +0000 (16:11 +0100)]
crypto: sun4i-ss - Replace spinlock_bh by spin_lock_irq{save|restore}

The current sun4i-ss driver could generate data corruption when ciphering/deciphering.
It occurs randomly on end of handled data.
No root cause have been found and the only way to remove it is to replace
all spin_lock_bh by their irq counterparts.

Fixes: 6298e948215f ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator")
Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - fix address leaking of RSA public exponent
Tudor Ambarus [Wed, 23 Mar 2016 15:06:40 +0000 (17:06 +0200)]
crypto: qat - fix address leaking of RSA public exponent

Signed-off-by: Tudor Ambarus <tudor-dan.ambarus@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - avoid memory corruption or undefined behaviour
Tudor Ambarus [Wed, 23 Mar 2016 15:06:39 +0000 (17:06 +0200)]
crypto: qat - avoid memory corruption or undefined behaviour

memcopying to a (null pointer + offset) will result
in memory corruption or undefined behaviour.

Signed-off-by: Tudor Ambarus <tudor-dan.ambarus@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - Remove redundant nrbg rings
Ahsan Atta [Tue, 22 Mar 2016 18:25:21 +0000 (11:25 -0700)]
crypto: qat - Remove redundant nrbg rings

Remove redundant nrbg rings.

Signed-off-by: Ahsan Atta <ahsan.atta@intel.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: qat - make sure const_tab is 1024 bytes aligned
Tadeusz Struk [Tue, 22 Mar 2016 17:45:25 +0000 (10:45 -0700)]
crypto: qat - make sure const_tab is 1024 bytes aligned

FW requires the const_tab to be 1024 bytes aligned.

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agolib/mpi: mpi_read_raw_from_sgl(): fix out-of-bounds buffer access
Nicolai Stange [Tue, 22 Mar 2016 12:18:16 +0000 (13:18 +0100)]
lib/mpi: mpi_read_raw_from_sgl(): fix out-of-bounds buffer access

Within the copying loop in mpi_read_raw_from_sgl(), the last input SGE's
byte count gets artificially extended as follows:

  if (sg_is_last(sg) && (len % BYTES_PER_MPI_LIMB))
    len += BYTES_PER_MPI_LIMB - (len % BYTES_PER_MPI_LIMB);

Within the following byte copying loop, this causes reads beyond that
SGE's allocated buffer:

  BUG: KASAN: slab-out-of-bounds in mpi_read_raw_from_sgl+0x331/0x650
                                     at addr ffff8801e168d4d8
  Read of size 1 by task systemd-udevd/721
  [...]
  Call Trace:
   [<ffffffff818c4d35>] dump_stack+0xbc/0x117
   [<ffffffff818c4c79>] ? _atomic_dec_and_lock+0x169/0x169
   [<ffffffff814af5d1>] ? print_section+0x61/0xb0
   [<ffffffff814b1109>] print_trailer+0x179/0x2c0
   [<ffffffff814bc524>] object_err+0x34/0x40
   [<ffffffff814bfdc7>] kasan_report_error+0x307/0x8c0
   [<ffffffff814bf315>] ? kasan_unpoison_shadow+0x35/0x50
   [<ffffffff814bf38e>] ? kasan_kmalloc+0x5e/0x70
   [<ffffffff814c0ad1>] kasan_report+0x71/0xa0
   [<ffffffff81938171>] ? mpi_read_raw_from_sgl+0x331/0x650
   [<ffffffff814bf1a6>] __asan_load1+0x46/0x50
   [<ffffffff81938171>] mpi_read_raw_from_sgl+0x331/0x650
   [<ffffffff817f41b6>] rsa_verify+0x106/0x260
   [<ffffffff817f40b0>] ? rsa_set_pub_key+0xf0/0xf0
   [<ffffffff818edc79>] ? sg_init_table+0x29/0x50
   [<ffffffff817f4d22>] ? pkcs1pad_sg_set_buf+0xb2/0x2e0
   [<ffffffff817f5b74>] pkcs1pad_verify+0x1f4/0x2b0
   [<ffffffff81831057>] public_key_verify_signature+0x3a7/0x5e0
   [<ffffffff81830cb0>] ? public_key_describe+0x80/0x80
   [<ffffffff817830f0>] ? keyring_search_aux+0x150/0x150
   [<ffffffff818334a4>] ? x509_request_asymmetric_key+0x114/0x370
   [<ffffffff814b83f0>] ? kfree+0x220/0x370
   [<ffffffff818312c2>] public_key_verify_signature_2+0x32/0x50
   [<ffffffff81830b5c>] verify_signature+0x7c/0xb0
   [<ffffffff81835d0c>] pkcs7_validate_trust+0x42c/0x5f0
   [<ffffffff813c391a>] system_verify_data+0xca/0x170
   [<ffffffff813c3850>] ? top_trace_array+0x9b/0x9b
   [<ffffffff81510b29>] ? __vfs_read+0x279/0x3d0
   [<ffffffff8129372f>] mod_verify_sig+0x1ff/0x290
  [...]

The exact purpose of the len extension isn't clear to me, but due to
its form, I suspect that it's a leftover somehow accounting for leading
zero bytes within the most significant output limb.

Note however that without that len adjustement, the total number of bytes
ever processed by the inner loop equals nbytes and thus, the last output
limb gets written at this point. Thus the net effect of the len adjustement
cited above is just to keep the inner loop running for some more
iterations, namely < BYTES_PER_MPI_LIMB ones, reading some extra bytes from
beyond the last SGE's buffer and discarding them afterwards.

Fix this issue by purging the extension of len beyond the last input SGE's
buffer length.

Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agolib/mpi: mpi_read_raw_from_sgl(): sanitize meaning of indices
Nicolai Stange [Tue, 22 Mar 2016 12:18:07 +0000 (13:18 +0100)]
lib/mpi: mpi_read_raw_from_sgl(): sanitize meaning of indices

Within the byte reading loop in mpi_read_raw_sgl(), there are two
housekeeping indices used, z and x.

At all times, the index z represents the number of output bytes covered
by the input SGEs for which processing has completed so far. This includes
any leading zero bytes within the most significant limb.

The index x changes its meaning after the first outer loop's iteration
though: while processing the first input SGE, it represents

  "number of leading zero bytes in most significant output limb" +
   "current position within current SGE"

For the remaining SGEs OTOH, x corresponds just to

  "current position within current SGE"

After all, it is only the sum of z and x that has any meaning for the
output buffer and thus, the

  "number of leading zero bytes in most significant output limb"

part can be moved away from x into z from the beginning, opening up the
opportunity for cleaner code.

Before the outer loop iterating over the SGEs, don't initialize z with
zero, but with the number of leading zero bytes in the most significant
output limb. For the inner loop iterating over a single SGE's bytes,
get rid of the buf_shift offset to x' bounds and let x run from zero to
sg->length - 1.

Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agolib/mpi: mpi_read_raw_from_sgl(): fix nbits calculation
Nicolai Stange [Tue, 22 Mar 2016 12:17:27 +0000 (13:17 +0100)]
lib/mpi: mpi_read_raw_from_sgl(): fix nbits calculation

The number of bits, nbits, is calculated in mpi_read_raw_from_sgl() as
follows:

  nbits = nbytes * 8;

Afterwards, the number of leading zero bits of the first byte get
subtracted:

  nbits -= count_leading_zeros(*(u8 *)(sg_virt(sgl) + lzeros));

However, count_leading_zeros() takes an unsigned long and thus,
the u8 gets promoted to an unsigned long.

Thus, the above doesn't subtract the number of leading zeros in the most
significant nonzero input byte from nbits, but the number of leading
zeros of the most significant nonzero input byte promoted to unsigned long,
i.e. BITS_PER_LONG - 8 too many.

Fix this by subtracting

  count_leading_zeros(...) - (BITS_PER_LONG - 8)

from nbits only.

Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agolib/mpi: mpi_read_raw_from_sgl(): purge redundant clearing of nbits
Nicolai Stange [Tue, 22 Mar 2016 12:12:45 +0000 (13:12 +0100)]
lib/mpi: mpi_read_raw_from_sgl(): purge redundant clearing of nbits

In mpi_read_raw_from_sgl(), unsigned nbits is calculated as follows:

  nbits = nbytes * 8;

and redundantly cleared later on if nbytes == 0:

  if (nbytes > 0)
    ...
  else
    nbits = 0;

Purge this redundant clearing for the sake of clarity.

Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agolib/mpi: mpi_read_raw_from_sgl(): don't include leading zero SGEs in nbytes
Nicolai Stange [Tue, 22 Mar 2016 12:12:44 +0000 (13:12 +0100)]
lib/mpi: mpi_read_raw_from_sgl(): don't include leading zero SGEs in nbytes

At the very beginning of mpi_read_raw_from_sgl(), the leading zeros of
the input scatterlist are counted:

  lzeros = 0;
  for_each_sg(sgl, sg, ents, i) {
    ...
    if (/* sg contains nonzero bytes */)
      break;

    /* sg contains nothing but zeros here */
    ents--;
    lzeros = 0;
  }

Later on, the total number of trailing nonzero bytes is calculated by
subtracting the number of leading zero bytes from the total number of input
bytes:

  nbytes -= lzeros;

However, since lzeros gets reset to zero for each completely zero leading
sg in the loop above, it doesn't include those.

Besides wasting resources by allocating a too large output buffer,
this mistake propagates into the calculation of x, the number of
leading zeros within the most significant output limb:

  x = BYTES_PER_MPI_LIMB - nbytes % BYTES_PER_MPI_LIMB;

What's more, the low order bytes of the output, equal in number to the
extra bytes in nbytes, are left uninitialized.

Fix this by adjusting nbytes for each completely zero leading scatterlist
entry.

Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agolib/mpi: mpi_read_raw_from_sgl(): replace len argument by nbytes
Nicolai Stange [Tue, 22 Mar 2016 12:12:43 +0000 (13:12 +0100)]
lib/mpi: mpi_read_raw_from_sgl(): replace len argument by nbytes

Currently, the nbytes local variable is calculated from the len argument
as follows:

  ... mpi_read_raw_from_sgl(..., unsigned int len)
  {
    unsigned nbytes;
    ...
    if (!ents)
      nbytes = 0;
    else
      nbytes = len - lzeros;
    ...
  }

Given that nbytes is derived from len in a trivial way and that the len
argument is shadowed by a local len variable in several loops, this is just
confusing.

Rename the len argument to nbytes and get rid of the nbytes local variable.
Do the nbytes calculation in place.

Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agolib/mpi: mpi_read_buffer(): fix buffer overflow
Nicolai Stange [Tue, 22 Mar 2016 12:12:42 +0000 (13:12 +0100)]
lib/mpi: mpi_read_buffer(): fix buffer overflow

Currently, mpi_read_buffer() writes full limbs to the output buffer
and moves memory around to purge leading zero limbs afterwards.

However, with

  commit 9cbe21d8f89d ("lib/mpi: only require buffers as big as needed for
                        the integer")

the caller is only required to provide a buffer large enough to hold the
result without the leading zeros.

This might result in a buffer overflow for small MP numbers with leading
zeros.

Fix this by coping the result to its final destination within the output
buffer and not copying the leading zeros at all.

Fixes: 9cbe21d8f89d ("lib/mpi: only require buffers as big as needed for
                      the integer")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agolib/mpi: mpi_read_buffer(): replace open coded endian conversion
Nicolai Stange [Tue, 22 Mar 2016 12:12:41 +0000 (13:12 +0100)]
lib/mpi: mpi_read_buffer(): replace open coded endian conversion

Currently, the endian conversion from CPU order to BE is open coded in
mpi_read_buffer().

Replace this by the centrally provided cpu_to_be*() macros.
Copy from the temporary storage on stack to the destination buffer
by means of memcpy().

Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agolib/mpi: mpi_read_buffer(): optimize skipping of leading zero limbs
Nicolai Stange [Tue, 22 Mar 2016 12:12:40 +0000 (13:12 +0100)]
lib/mpi: mpi_read_buffer(): optimize skipping of leading zero limbs

Currently, if the number of leading zeros is greater than fits into a
complete limb, mpi_read_buffer() skips them by iterating over them
limb-wise.

Instead of skipping the high order zero limbs within the loop as shown
above, adjust the copying loop's bounds.

Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agolib/mpi: mpi_write_sgl(): replace open coded endian conversion
Nicolai Stange [Tue, 22 Mar 2016 12:12:39 +0000 (13:12 +0100)]
lib/mpi: mpi_write_sgl(): replace open coded endian conversion

Currently, the endian conversion from CPU order to BE is open coded in
mpi_write_sgl().

Replace this by the centrally provided cpu_to_be*() macros.

Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agolib/mpi: mpi_write_sgl(): fix out-of-bounds stack access
Nicolai Stange [Tue, 22 Mar 2016 12:12:38 +0000 (13:12 +0100)]
lib/mpi: mpi_write_sgl(): fix out-of-bounds stack access

Within the copying loop in mpi_write_sgl(), we have

  if (lzeros) {
    mpi_limb_t *limb1 = (void *)p - sizeof(alimb);
    mpi_limb_t *limb2 = (void *)p - sizeof(alimb)
                               + lzeros;
    *limb1 = *limb2;
    ...
  }

where p points past the end of alimb2 which lives on the stack and contains
the current limb in BE order.

The purpose of the above is to shift the non-zero bytes of alimb2 to its
beginning in memory, i.e. to skip its leading zero bytes.

However, limb2 points somewhere into the middle of alimb2 and thus, reading
*limb2 pulls in lzero bytes from somewhere.

Indeed, KASAN splats:

  BUG: KASAN: stack-out-of-bounds in mpi_write_to_sgl+0x4e3/0x6f0
                                      at addr ffff8800cb04f601
  Read of size 8 by task systemd-udevd/391
  page:ffffea00032c13c0 count:0 mapcount:0 mapping:   (null) index:0x0
  flags: 0x3fff8000000000()
  page dumped because: kasan: bad access detected
  CPU: 3 PID: 391 Comm: systemd-udevd Tainted: G  B  L
                                              4.5.0-next-20160316+ #12
  [...]
  Call Trace:
   [<ffffffff8194889e>] dump_stack+0xdc/0x15e
   [<ffffffff819487c2>] ? _atomic_dec_and_lock+0xa2/0xa2
   [<ffffffff814892b5>] ? __dump_page+0x185/0x330
   [<ffffffff8150ffd6>] kasan_report_error+0x5e6/0x8b0
   [<ffffffff814724cd>] ? kzfree+0x2d/0x40
   [<ffffffff819c5bce>] ? mpi_free_limb_space+0xe/0x20
   [<ffffffff819c469e>] ? mpi_powm+0x37e/0x16f0
   [<ffffffff815109f1>] kasan_report+0x71/0xa0
   [<ffffffff819c0353>] ? mpi_write_to_sgl+0x4e3/0x6f0
   [<ffffffff8150ed34>] __asan_load8+0x64/0x70
   [<ffffffff819c0353>] mpi_write_to_sgl+0x4e3/0x6f0
   [<ffffffff819bfe70>] ? mpi_set_buffer+0x620/0x620
   [<ffffffff819c0e6f>] ? mpi_cmp+0xbf/0x180
   [<ffffffff8186e282>] rsa_verify+0x202/0x260

What's more, since lzeros can be anything from 1 to sizeof(mpi_limb_t)-1,
the above will cause unaligned accesses which is bad on non-x86 archs.

Fix the issue, by preparing the starting point p for the upcoming copy
operation instead of shifting the source memory, i.e. alimb2.

Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agolib/mpi: mpi_write_sgl(): purge redundant pointer arithmetic
Nicolai Stange [Tue, 22 Mar 2016 12:12:37 +0000 (13:12 +0100)]
lib/mpi: mpi_write_sgl(): purge redundant pointer arithmetic

Within the copying loop in mpi_write_sgl(), we have

  if (lzeros) {
    ...
    p -= lzeros;
    y = lzeros;
  }
  p = p - (sizeof(alimb) - y);

If lzeros == 0, then y == 0, too. Thus, lzeros gets subtracted and added
back again to p.

Purge this redundancy.

Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agolib/mpi: mpi_write_sgl(): fix style issue with lzero decrement
Nicolai Stange [Tue, 22 Mar 2016 12:12:36 +0000 (13:12 +0100)]
lib/mpi: mpi_write_sgl(): fix style issue with lzero decrement

Within the copying loop in mpi_write_sgl(), we have

  if (lzeros > 0) {
    ...
    lzeros -= sizeof(alimb);
  }

However, at this point, lzeros < sizeof(alimb) holds. Make this fact
explicit by rewriting the above to

  if (lzeros) {
    ...
    lzeros = 0;
  }

Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agolib/mpi: mpi_write_sgl(): fix skipping of leading zero limbs
Nicolai Stange [Tue, 22 Mar 2016 12:12:35 +0000 (13:12 +0100)]
lib/mpi: mpi_write_sgl(): fix skipping of leading zero limbs

Currently, if the number of leading zeros is greater than fits into a
complete limb, mpi_write_sgl() skips them by iterating over them limb-wise.

However, it fails to adjust its internal leading zeros tracking variable,
lzeros, accordingly: it does a

  p -= sizeof(alimb);
  continue;

which should really have been a

  lzeros -= sizeof(alimb);
  continue;

Since lzeros never decreases if its initial value >= sizeof(alimb), nothing
gets copied by mpi_write_sgl() in that case.

Instead of skipping the high order zero limbs within the loop as shown
above, fix the issue by adjusting the copying loop's bounds.

Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: s5p-sss - Sort the headers to improve readability
Krzysztof Kozlowski [Tue, 22 Mar 2016 01:58:25 +0000 (10:58 +0900)]
crypto: s5p-sss - Sort the headers to improve readability

Sort the headers alphabetically to improve readability and to spot
duplications easier.

Suggested-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Acked-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: s5p-sss - Handle unaligned buffers
Krzysztof Kozlowski [Tue, 22 Mar 2016 01:58:24 +0000 (10:58 +0900)]
crypto: s5p-sss - Handle unaligned buffers

During crypto selftests on Odroid XU3 (Exynos5422) some of the
algorithms failed because of passing AES-block unaligned source and
destination buffers:

alg: skcipher: encryption failed on chunk test 1 for ecb-aes-s5p: ret=22

Handle such case by copying the buffers to a new aligned and contiguous
space.

Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Acked-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: s5p-sss - Minor coding cleanups
Krzysztof Kozlowski [Tue, 22 Mar 2016 01:58:23 +0000 (10:58 +0900)]
crypto: s5p-sss - Minor coding cleanups

Remove unneeded inclusion of delay.h and get rid of indentation from
labels.

Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Acked-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoMAINTAINERS: Add a new maintainer for the CCP driver
Tom Lendacky [Mon, 21 Mar 2016 16:43:22 +0000 (11:43 -0500)]
MAINTAINERS: Add a new maintainer for the CCP driver

Gary will be taking over future development of the CCP driver, so add
him as a co-maintainer of the driver.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Acked-by: Gary Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: marvell/cesa - remove unneeded condition
Dan Carpenter [Mon, 21 Mar 2016 09:03:43 +0000 (12:03 +0300)]
crypto: marvell/cesa - remove unneeded condition

creq->cache[] is an array inside the struct, it's not a pointer and it
can't be NULL.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoPKCS#7: fix missing break on OID_sha224 case
Colin Ian King [Fri, 18 Mar 2016 15:51:31 +0000 (15:51 +0000)]
PKCS#7: fix missing break on OID_sha224 case

The OID_sha224 case is missing a break and it falls through
to the -ENOPKG error default.  Since HASH_ALGO_SHA224 seems
to be supported, this looks like an unintentional missing break.

Fixes: 07f081fb5057 ("PKCS#7: Add OIDs for sha224, sha284 and sha512 hash algos and use them")
Cc: <stable@vger.kernel.org> # 4.2+
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: n2 - Remove return statement from void function
Amitoj Kaur Chawla [Fri, 18 Mar 2016 13:38:48 +0000 (19:08 +0530)]
crypto: n2 - Remove return statement from void function

Return statement at the end of a void function is useless.

The Coccinelle semantic patch used to make this change is as follows:
//<smpl>
@@
identifier f;
expression e;
@@
void f(...) {
<...
- return
  e;
...>
}
//</smpl>

Signed-off-by: Amitoj Kaur Chawla <amitoj1606@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: s5p-sss - Enable COMPILE_TEST
Krzysztof Kozlowski [Mon, 14 Mar 2016 04:20:18 +0000 (13:20 +0900)]
crypto: s5p-sss - Enable COMPILE_TEST

Get some build coverage of S5P/Exynos AES H/W acceleration driver.
Driver uses DMA and devm_ioremap_resource() so add DMA and IOMEM
dependencies for the compile testing.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Acked-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agohwrng: exynos - Enable COMPILE_TEST
Krzysztof Kozlowski [Mon, 14 Mar 2016 04:19:55 +0000 (13:19 +0900)]
hwrng: exynos - Enable COMPILE_TEST

Get some build coverage of Exynos H/W random number generator
driver. Driver uses devm_ioremap_resource() so add IOMEM dependency for
the compile testing.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agohwrng: exynos - Disable runtime PM on driver unbind
Krzysztof Kozlowski [Mon, 14 Mar 2016 00:07:15 +0000 (09:07 +0900)]
hwrng: exynos - Disable runtime PM on driver unbind

Driver enabled runtime PM but did not revert this on removal. Re-binding
of a device triggered warning:
exynos-rng 10830400.rng: Unbalanced pm_runtime_enable!

Fixes: b329669ea0b5 ("hwrng: exynos - Add support for Exynos random number generator")
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agohwrng: exynos - Disable runtime PM on probe failure
Krzysztof Kozlowski [Mon, 14 Mar 2016 00:07:14 +0000 (09:07 +0900)]
hwrng: exynos - Disable runtime PM on probe failure

Add proper error path (for disabling runtime PM) when registering of
hwrng fails.

Fixes: b329669ea0b5 ("hwrng: exynos - Add support for Exynos random number generator")
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agohwrng: exynos - Fix unbalanced PM runtime put on timeout error path
Krzysztof Kozlowski [Mon, 14 Mar 2016 00:07:13 +0000 (09:07 +0900)]
hwrng: exynos - Fix unbalanced PM runtime put on timeout error path

In case of timeout during read operation, the exit path lacked PM
runtime put. This could lead to unbalanced runtime PM usage counter thus
leaving the device in an active state.

Fixes: d7fd6075a205 ("hwrng: exynos - Add timeout for waiting on init done")
Cc: <stable@vger.kernel.org> # v4.4+
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agohwrng: exynos - Runtime suspend device after init
Krzysztof Kozlowski [Mon, 14 Mar 2016 00:07:12 +0000 (09:07 +0900)]
hwrng: exynos - Runtime suspend device after init

The driver uses pm_runtime_put_noidle() after initialization so the
device might remain in active state if the core does not read from it
(the read callback contains regular runtime put). The put_noidle() was
chosen probably to avoid unneeded suspend and resume cycle after the
initialization.

However for this purpose autosuspend is enabled so it is safe to runtime
put just after the initialization.

Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: omap-des - Improve wording for CRYPTO_DEV_OMAP_DES in Kconfig
Peter Meerwald [Sun, 13 Mar 2016 15:15:37 +0000 (16:15 +0100)]
crypto: omap-des - Improve wording for CRYPTO_DEV_OMAP_DES in Kconfig

Signed-off-by: Peter Meerwald <pmeerw@pmeerw.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agocrypto: af_alg - add async support to algif_aead
Tadeusz Struk [Fri, 11 Mar 2016 19:50:33 +0000 (11:50 -0800)]
crypto: af_alg - add async support to algif_aead

Following the async change for algif_skcipher
this patch adds similar async read to algif_aead.

changes in v3:
- add call to aead_reset_ctx directly from aead_put_sgl instead of calling
  them separatelly one after the other
- remove wait from aead_sock_destruct function as it is not needed
  when sock_hold is used

changes in v2:
- change internal data structures from fixed size arrays, limited to
  RSGL_MAX_ENTRIES, to linked list model with no artificial limitation.
- use sock_kmalloc instead of kmalloc for memory allocation
- use sock_hold instead of separate atomic ctr to wait for outstanding
  request

Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agohwrng: bcm63xx - fix device tree compilation
Álvaro Fernández Rojas [Sun, 3 Apr 2016 12:18:22 +0000 (14:18 +0200)]
hwrng: bcm63xx - fix device tree compilation

Adds missing include that resulted in implicit device tree functions errors.

Fixes: 7b651706712b ("hwrng: bcm63xx - add device tree support")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agosunrpc: Fix skcipher/shash conversion
Herbert Xu [Sun, 3 Apr 2016 04:37:15 +0000 (12:37 +0800)]
sunrpc: Fix skcipher/shash conversion

The skcpiher/shash conversion introduced a number of bugs in the
sunrpc code:

1) Missing calls to skcipher_request_set_tfm lead to crashes.
2) The allocation size of shash_desc is too small which leads to
memory corruption.

Fixes: 3b5cf20cf439 ("sunrpc: Use skcipher and ahash/shash")
Reported-by: J. Bruce Fields <bfields@fieldses.org>
Tested-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
8 years agoLinux 4.6-rc2
Linus Torvalds [Sun, 3 Apr 2016 14:09:40 +0000 (09:09 -0500)]
Linux 4.6-rc2

8 years agoMerge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sun, 3 Apr 2016 12:22:12 +0000 (07:22 -0500)]
Merge branch 'perf-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull perf fixes from Ingo Molnar:
 "Misc kernel side fixes:

   - fix event leak
   - fix AMD PMU driver bug
   - fix core event handling bug
   - fix build bug on certain randconfigs

  Plus misc tooling fixes"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf/x86/amd/ibs: Fix pmu::stop() nesting
  perf/core: Don't leak event in the syscall error path
  perf/core: Fix time tracking bug with multiplexing
  perf jit: genelf makes assumptions about endian
  perf hists: Fix determination of a callchain node's childlessness
  perf tools: Add missing initialization of perf_sample.cpumode in synthesized samples
  perf tools: Fix build break on powerpc
  perf/x86: Move events_sysfs_show() outside CPU_SUP_INTEL
  perf bench: Fix detached tarball building due to missing 'perf bench memcpy' headers
  perf tests: Fix tarpkg build test error output redirection

8 years agoMerge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sun, 3 Apr 2016 12:06:53 +0000 (07:06 -0500)]
Merge branch 'core-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull core kernel fixes from Ingo Molnar:
 "This contains the nohz/atomic cleanup/fix for the fetch_or() ugliness
  you noted during the original nohz pull request, plus there's also
  misc fixes:

   - fix liblockdep build bug
   - fix uapi header build bug
   - print more lockdep hash collision info to help debug recent reports
     of hash collisions
   - update MAINTAINERS email address"

* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  MAINTAINERS: Update my email address
  locking/lockdep: Print chain_key collision information
  uapi/linux/stddef.h: Provide __always_inline to userspace headers
  tools/lib/lockdep: Fix unsupported 'basename -s' in run_tests.sh
  locking/atomic, sched: Unexport fetch_or()
  timers/nohz: Convert tick dependency mask to atomic_t
  locking/atomic: Introduce atomic_fetch_or()

8 years agov4l2-mc: avoid warning about unused variable
Linus Torvalds [Sun, 3 Apr 2016 12:03:49 +0000 (07:03 -0500)]
v4l2-mc: avoid warning about unused variable

Commit 840f5b0572ea ("media: au0828 disable tuner to demod link in
au0828_media_device_register()") removed all uses of the 'dtv_demod',
but left the variable itself around.

Remove it.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoMerge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sun, 3 Apr 2016 11:32:28 +0000 (06:32 -0500)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull x86 fixes from Thomas Gleixner:
 "This lot contains:

   - Some fixups for the fallout of the topology consolidation which
     unearthed AMD/Intel inconsistencies
   - Documentation for the x86 topology management
   - Support for AMD advanced power management bits
   - Two simple cleanups removing duplicated code"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/cpu: Add advanced power management bits
  x86/thread_info: Merge two !__ASSEMBLY__ sections
  x86/cpufreq: Remove duplicated TDP MSR macro definitions
  x86/Documentation: Start documenting x86 topology
  x86/cpu: Get rid of compute_unit_id
  perf/x86/amd: Cleanup Fam10h NB event constraints
  x86/topology: Fix AMD core count

8 years agoMerge tag 'rproc-v4.6-rc1' of git://github.com/andersson/remoteproc
Linus Torvalds [Sat, 2 Apr 2016 23:57:49 +0000 (18:57 -0500)]
Merge tag 'rproc-v4.6-rc1' of git://github.com/andersson/remoteproc

Pull remoteproc fix from Bjorn Andersson:
 "Fix incorrect error check in the ST remoteproc driver and advertise
  the newly created linux-remoteproc mailing list"

* tag 'rproc-v4.6-rc1' of git://github.com/andersson/remoteproc:
  MAINTAINERS: Add mailing list for remote processor subsystems
  remoteproc: st: fix check of syscon_regmap_lookup_by_phandle() return value

8 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
Linus Torvalds [Sat, 2 Apr 2016 23:48:37 +0000 (18:48 -0500)]
Merge git://git./linux/kernel/git/nab/target-pending

Pull SCSI target fixes from Nicholas Bellinger:
 "This includes fixes from HCH for -rc1 configfs default_groups
  conversion changes that ended up breaking some iscsi-target
  default_groups, along with Sagi's ib_drain_qp() conversion for
  iser-target to use the common caller now available to RDMA kernel
  consumers in v4.6+ code"

* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
  target: add a new add_wwn_groups fabrics method
  target: initialize the nacl base CIT begfore init_nodeacl
  target: remove ->fabric_cleanup_nodeacl
  iser-target: Use ib_drain_qp

8 years agoConvert straggling drivers to new six-argument get_user_pages()
Linus Torvalds [Sat, 2 Apr 2016 23:35:05 +0000 (18:35 -0500)]
Convert straggling drivers to new six-argument get_user_pages()

Commit d4edcf0d5695 ("mm/gup: Switch all callers of get_user_pages() to
not pass tsk/mm") switched get_user_pages() callers to the simpler model
where they no longer pass in the thread and mm pointer.  But since then
we've merged changes to a few drivers that re-introduce use of the old
interface.  Let's fix them up.

They continued to work fine (thanks to the truly disgusting macros
introduced in commit cde70140fed8: "mm/gup: Overload get_user_pages()
functions"), but cause unnecessary build noise.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoMerge tag 'configfs-for-linus-2' of git://git.infradead.org/users/hch/configfs
Linus Torvalds [Sat, 2 Apr 2016 21:46:56 +0000 (16:46 -0500)]
Merge tag 'configfs-for-linus-2' of git://git.infradead.org/users/hch/configfs

Pull configfs fix from Christoph Hellwig:
 "A trivial fix to the recently introduced binary attribute helper
  macros"

* tag 'configfs-for-linus-2' of git://git.infradead.org/users/hch/configfs:
  configfs: fix CONFIGFS_BIN_ATTR_[RW]O definitions

8 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Linus Torvalds [Sat, 2 Apr 2016 01:03:33 +0000 (20:03 -0500)]
Merge git://git./linux/kernel/git/davem/net

Pull networking fixes from David Miller:

 1) Missing device reference in IPSEC input path results in crashes
    during device unregistration.  From Subash Abhinov Kasiviswanathan.

 2) Per-queue ISR register writes not being done properly in macb
    driver, from Cyrille Pitchen.

 3) Stats accounting bugs in bcmgenet, from Patri Gynther.

 4) Lightweight tunnel's TTL and TOS were swapped in netlink dumps, from
    Quentin Armitage.

 5) SXGBE driver has off-by-one in probe error paths, from Rasmus
    Villemoes.

 6) Fix race in save/swap/delete options in netfilter ipset, from
    Vishwanath Pai.

 7) Ageing time of bridge not set properly when not operating over a
    switchdev device.  Fix from Haishuang Yan.

 8) Fix GRO regression wrt nested FOU/GUE based tunnels, from Alexander
    Duyck.

 9) IPV6 UDP code bumps wrong stats, from Eric Dumazet.

10) FEC driver should only access registers that actually exist on the
    given chipset, fix from Fabio Estevam.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (73 commits)
  net: mvneta: fix changing MTU when using per-cpu processing
  stmmac: fix MDIO settings
  Revert "stmmac: Fix 'eth0: No PHY found' regression"
  stmmac: fix TX normal DESC
  net: mvneta: use cache_line_size() to get cacheline size
  net: mvpp2: use cache_line_size() to get cacheline size
  net: mvpp2: fix maybe-uninitialized warning
  tun, bpf: fix suspicious RCU usage in tun_{attach, detach}_filter
  net: usb: cdc_ncm: adding Telit LE910 V2 mobile broadband card
  rtnl: fix msg size calculation in if_nlmsg_size()
  fec: Do not access unexisting register in Coldfire
  net: mvneta: replace MVNETA_CPU_D_CACHE_LINE_SIZE with L1_CACHE_BYTES
  net: mvpp2: replace MVPP2_CPU_D_CACHE_LINE_SIZE with L1_CACHE_BYTES
  net: dsa: mv88e6xxx: Clear the PDOWN bit on setup
  net: dsa: mv88e6xxx: Introduce _mv88e6xxx_phy_page_{read, write}
  bpf: make padding in bpf_tunnel_key explicit
  ipv6: udp: fix UDP_MIB_IGNOREDMULTI updates
  bnxt_en: Fix ethtool -a reporting.
  bnxt_en: Fix typo in bnxt_hwrm_set_pause_common().
  bnxt_en: Implement proper firmware message padding.
  ...

8 years agoMerge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Sat, 2 Apr 2016 00:57:13 +0000 (19:57 -0500)]
Merge tag 'clk-fixes-for-linus' of git://git./linux/kernel/git/clk/linux

Pull clk fixes from Stephen Boyd:
 "A handful of const updates for reset ops and a couple fixes to the
  newly introduced IPQ4019 clock driver"

* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
  clk: qcom: ipq4019: add some fixed clocks for ddrppl and fepll
  clk: qcom: ipq4019: switch remaining defines to enums
  clk: qcom: Make reset_control_ops const
  clk: tegra: Make reset_control_ops const
  clk: sunxi: Make reset_control_ops const
  clk: atlas7: Make reset_control_ops const
  clk: rockchip: Make reset_control_ops const
  clk: mmp: Make reset_control_ops const
  clk: mediatek: Make reset_control_ops const

8 years agoMerge tag 'pm+acpi-4.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael...
Linus Torvalds [Sat, 2 Apr 2016 00:52:10 +0000 (19:52 -0500)]
Merge tag 'pm+acpi-4.6-rc2' of git://git./linux/kernel/git/rafael/linux-pm

Pull power management and ACPI fix from Rafael J. Wysocki:
 "Just one fix for a nasty boot failure on some systems based on Intel
  Skylake that shipped with broken firmware where enabling
  hardware-coordinated P-states management (HWP) causes a faulty
  interrupt handler in SMM to be invoked and crash the system (Srinivas
  Pandruvada)"

* tag 'pm+acpi-4.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPI / processor: Request native thermal interrupt handling via _OSC

8 years agoMerge branch 'akpm' (patches from Andrew)
Linus Torvalds [Sat, 2 Apr 2016 00:31:19 +0000 (19:31 -0500)]
Merge branch 'akpm' (patches from Andrew)

Merge fixes from Andrew Morton:
 "11 fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  .mailmap: add Christophe Ricard
  Make CONFIG_FHANDLE default y
  mm/page_isolation.c: fix the function comments
  oom, oom_reaper: do not enqueue task if it is on the oom_reaper_list head
  mm/page_isolation: fix tracepoint to mirror check function behavior
  mm/rmap: batched invalidations should use existing api
  x86/mm: TLB_REMOTE_SEND_IPI should count pages
  mm: fix invalid node in alloc_migrate_target()
  include/linux/huge_mm.h: return NULL instead of false for pmd_trans_huge_lock()
  mm, kasan: fix compilation for CONFIG_SLAB
  MAINTAINERS: orangefs mailing list is subscribers-only

8 years agoMerge branch 'acpi-processor'
Rafael J. Wysocki [Fri, 1 Apr 2016 23:17:36 +0000 (01:17 +0200)]
Merge branch 'acpi-processor'

* acpi-processor:
  ACPI / processor: Request native thermal interrupt handling via _OSC

8 years agoMerge branch 'for-linus-4.6' of git://git.kernel.org/pub/scm/linux/kernel/git/mason...
Linus Torvalds [Fri, 1 Apr 2016 23:08:34 +0000 (18:08 -0500)]
Merge branch 'for-linus-4.6' of git://git./linux/kernel/git/mason/linux-btrfs

Pull btrfs fixes from Chris Mason:
 "This has a few fixes Dave Sterba had queued up.  These are all pretty
  small, but since they were tested I decided against waiting for more"

* 'for-linus-4.6' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
  btrfs: transaction_kthread() is not freezable
  btrfs: cleaner_kthread() doesn't need explicit freeze
  btrfs: do not write corrupted metadata blocks to disk
  btrfs: csum_tree_block: return proper errno value

8 years agoMerge tag 'for-linus' of git://github.com/martinbrandenburg/linux
Linus Torvalds [Fri, 1 Apr 2016 22:17:32 +0000 (17:17 -0500)]
Merge tag 'for-linus' of git://github.com/martinbrandenburg/linux

Pull OrangeFS fixes from Martin Brandenburg:
 "Two bugfixes for OrangeFS.

  One is a reference counting bug and the other is a typo in client
  minimum version"

* tag 'for-linus' of git://github.com/martinbrandenburg/linux:
  orangefs: minimum userspace version is 2.9.3
  orangefs: don't put readdir slot twice

8 years agoMerge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Linus Torvalds [Fri, 1 Apr 2016 22:15:51 +0000 (17:15 -0500)]
Merge tag 'arm64-fixes' of git://git./linux/kernel/git/arm64/linux

Pull arm64 fixes from Will Deacon:

 - fix oops when patching in alternative sequences on big-endian CPUs

 - reconcile asm/perf_event.h after merge window fallout with KVM ARM

 - defconfig updates

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: defconfig: updates for 4.6
  arm64: perf: Move PMU register related defines to asm/perf_event.h
  arm64: opcodes.h: Add arm big-endian config options before including arm header

8 years agoMerge tag 'sound-4.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai...
Linus Torvalds [Fri, 1 Apr 2016 22:13:23 +0000 (17:13 -0500)]
Merge tag 'sound-4.6-rc2' of git://git./linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "A collection of small fixes:

   - a fix in ALSA timer core to avoid possible BUG() trigger
   - a fix in ALSA timer core 32bit compat layer
   - a few HD-audio quirks for ASUS and HP machines
   - AMD HD-audio HDMI controller quirks
   - fixes of USB-audio double-free at some error paths
   - a fix for memory leak in DICE driver at hotunplug"

* tag 'sound-4.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: timer: Use mod_timer() for rearming the system timer
  ALSA: hda - fix front mic problem for a HP desktop
  ALSA: usb-audio: Fix double-free in error paths after snd_usb_add_audio_stream() call
  ALSA: hda: add AMD Polaris-10/11 AZ PCI IDs with proper driver caps
  ALSA: dice: fix memory leak when unplugging
  ALSA: hda - Apply fix for white noise on Asus N550JV, too
  ALSA: hda - Fix white noise on Asus N750JV headphone
  ALSA: hda - Asus N750JV external subwoofer fixup
  ALSA: timer: fix gparams ioctl compatibility for different architectures

8 years ago.mailmap: add Christophe Ricard
Christophe Ricard [Fri, 1 Apr 2016 21:31:42 +0000 (14:31 -0700)]
.mailmap: add Christophe Ricard

Different computers had different settings in the mail client.  Some
contributions appear as Christophe Ricard, others as Christophe RICARD.

Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoMake CONFIG_FHANDLE default y
Andi Kleen [Fri, 1 Apr 2016 21:31:40 +0000 (14:31 -0700)]
Make CONFIG_FHANDLE default y

Newer Fedora and OpenSUSE didn't boot with my standard configuration.
It took me some time to figure out why, in fact I had to write a script
to try different config options systematically.

The problem is that something (systemd) in dracut depends on
CONFIG_FHANDLE, which adds open by file handle syscalls.

While it is set in defconfigs it is very easy to miss when updating
older configs because it is not default y.

Make it default y and also depend on EXPERT, as dracut use is likely
widespread.

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Cc: Richard Weinberger <richard.weinberger@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>