mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
2146 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
04f740d4da |
This is the 4.14.41 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlr753gACgkQONu9yGCS aT7p/Q//TIC9EKe21E2Lb1Kh4lL5SDjmwe/rkA3PxiqxbkXfUDBehMCfDk4YVNVG TlH1TXOubzpS/8cZJPRFHEkrYXPKIA3+hKlAvJukUJCBQqmW1ILEAX5m7jrSmf+B tLe/r0ijOtlfB1xQdUs5RxXGIndw0gMGhpo/QTXPAC0hGh0Ykd8v2s4YAjxOvdKw z4DaUKtZGEPBWFVK/Bx1Fv3iAmJMt2yerERUqz8MVegYXJt+2RUGoJtsxHuvOk1p 9q0lzHBWYihQVt1tJ0es/8cB7WsYt8txnVmeN907sryUhDjvTWIxQJb5jEV0gxxK AL89PHy4Hfki6l6r+tqYi92frFda8aLfsaSseOhlmqsv0MlwngW2dx3UbjaYd4If IQA6n0hWHuxUvjrjsPpsMAa4lvTW+/kFilb0mD6Vixy3ru+/RelKnuawJm6kbMNu Cb8QSVSJrhvC/UZLvwO7a3viJdKoI5B9pTh5FTKcY5wUPI1k01pg3WlWNxmnv4ZJ LPImR06aoJYhvbutf94AvxbCOt/au8sY4s/yk9oHgvGUEIccrGYf3BwX6ciWRt4b r4ZN92C9ZuD+u/ATFgi/akngtjjixw5YrZ20aX86dYcBZ25hYOiIMoc482tYQ12Z 1vqyvKg9o1oMypG9orF09PWstbNRu3ihGATKdXL9lfAhDklOTKc= =zWTK -----END PGP SIGNATURE----- Merge 4.14.41 into android-4.14 Changes in 4.14.41 ipvs: fix rtnl_lock lockups caused by start_sync_thread netfilter: ebtables: don't attempt to allocate 0-sized compat array kcm: Call strp_stop before strp_done in kcm_attach crypto: af_alg - fix possible uninit-value in alg_bind() netlink: fix uninit-value in netlink_sendmsg net: fix rtnh_ok() net: initialize skb->peeked when cloning net: fix uninit-value in __hw_addr_add_ex() dccp: initialize ireq->ir_mark ipv4: fix uninit-value in ip_route_output_key_hash_rcu() soreuseport: initialise timewait reuseport field inetpeer: fix uninit-value in inet_getpeer memcg: fix per_node_info cleanup perf: Remove superfluous allocation error check tcp: fix TCP_REPAIR_QUEUE bound checking bdi: wake up concurrent wb_shutdown() callers. bdi: Fix oops in wb_workfn() KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry KVM: PPC: Book3S HV: Fix guest time accounting with VIRT_CPU_ACCOUNTING_GEN KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing arm64: Add work around for Arm Cortex-A55 Erratum 1024718 compat: fix 4-byte infoleak via uninitialized struct field gpioib: do not free unrequested descriptors gpio: fix aspeed_gpio unmask irq gpio: fix error path in lineevent_create rfkill: gpio: fix memory leak in probe error path libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs dm integrity: use kvfree for kvmalloc'd memory tracing: Fix regex_match_front() to not over compare the test string z3fold: fix reclaim lock-ups mm: sections are not offlined during memory hotremove mm, oom: fix concurrent munlock and oom reaper unmap, v3 ceph: fix rsize/wsize capping in ceph_direct_read_write() can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() can: hi311x: Acquire SPI lock on ->do_get_berr_counter can: hi311x: Work around TX complete interrupt erratum drm/vc4: Fix scaling of uni-planar formats drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log drm/nouveau: Fix deadlock in nv50_mstm_register_connector() drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear() drm/atomic: Clean private obj old_state/new_state in drm_atomic_state_default_clear() net: atm: Fix potential Spectre v1 atm: zatm: Fix potential Spectre v1 PCI / PM: Always check PME wakeup capability for runtime wakeup support PCI / PM: Check device_may_wakeup() in pci_enable_wake() cpufreq: schedutil: Avoid using invalid next_freq Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome chipsets thermal: exynos: Reading temperature makes sense only when TMU is turned on thermal: exynos: Propagate error value from tmu_read() nvme: add quirk to force medium priority for SQ creation smb3: directory sync should not return an error sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] tracing/uprobe_event: Fix strncpy corner case perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler KVM: x86: remove APIC Timer periodic/oneshot spikes Linux 4.14.41 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Eric Dumazet
|
1b6d0db7ed |
crypto: af_alg - fix possible uninit-value in alg_bind()
commit a466856e0b7ab269cdf9461886d007e88ff575b0 upstream.
syzbot reported :
BUG: KMSAN: uninit-value in alg_bind+0xe3/0xd90 crypto/af_alg.c:162
We need to check addr_len before dereferencing sa (or uaddr)
Fixes: bb30b8848c85 ("crypto: af_alg - whitelist mask and type")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Stephan Mueller <smueller@chronox.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
c50e5cb3fa |
This is the 4.14.39 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlroxuQACgkQONu9yGCS
aT5H3BAAq+AfTWGEbNgjlDMh0nNSzNG4QyitI79Y6fsJrXCy669X/+b0V7s7+RoL
R+UBw1REIG7cnDBOgNNYoyoC7UGGstBxD7X4TnnWZsGpYeilCdqETUfRT1UBIXMM
ZVnLgUcje/smCUIkJbmPzGQb6j+fRbanyynkeQ4PyXd5rHd7ncKyyYjXVE38dUm3
HiczG+F3KD6tkHcaA5PFt1Afw0EQACUYapIZIQgd7XISbskHSH9TMohrA+cTREpH
HSPw64KbTR0SuhfJiUJILTbsUNe9EHD7iEvT/wjwmD+pEgMrWxVfdFquaHX/HIBZ
Ex1brCNCvw8PCzMxhpLfkBxhc/I1swktO6/B87tWaeQtRLEaybuchaCsUuppfcPP
tCokNu2IDmLuhIEVl/kyD+GwQ3Xs95I5+o9wytpCYdS4NplX2AWsvQb00v2ZXuo6
VDa0x4aPUyLIGPITSYi2lmS10mrvCkzuvd0seuaPbM87Q2+5Mq1RxmQCvFzTgfGZ
Y+jKS3nomgP5b/QzhKM5O9y3DBMMyDx6zjwzPmhnR4mM2b1aBguk2Q1YbqXgwPJk
7GIUFeb+xD6pdWtK4lZc7Apxc2CUE7lTC0gn90EWwS5+vu+cljt4uvMmsuYLRVaw
/0+zLv+jMxkvEoI2Y0i+FuuJ2k46q8YFy1Lga0+xeVWdd1D84GI=
=0Lwm
-----END PGP SIGNATURE-----
Merge 4.14.39 into android-4.14
Changes in 4.14.39
ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
ext4: set h_journal if there is a failure starting a reserved handle
ext4: add MODULE_SOFTDEP to ensure crc32c is included in the initramfs
ext4: add validity checks for bitmap block numbers
ext4: fix bitmap position validation
random: set up the NUMA crng instances after the CRNG is fully initialized
random: fix possible sleeping allocation from irq context
random: rate limit unseeded randomness warnings
usbip: usbip_event: fix to not print kernel pointer address
usbip: usbip_host: fix to hold parent lock for device_attach() calls
usbip: vhci_hcd: Fix usb device and sockfd leaks
usbip: vhci_hcd: check rhport before using in vhci_hub_control()
Revert "xhci: plat: Register shutdown for xhci_plat"
xhci: Fix USB ports for Dell Inspiron 5775
USB: serial: simple: add libtransistor console
USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
USB: serial: cp210x: add ID for NI USB serial console
usb: typec: ucsi: Increase command completion timeout value
usb: core: Add quirk for HP v222w 16GB Mini
USB: Increment wakeup count on remote wakeup.
ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
virtio: add ability to iterate over vqs
virtio_console: don't tie bufs to a vq
virtio_console: free buffers after reset
virtio_console: drop custom control queue cleanup
virtio_console: move removal code
virtio_console: reset on out of memory
drm/virtio: fix vq wait_event condition
tty: Don't call panic() at tty_ldisc_init()
tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
tty: Avoid possible error pointer dereference at tty_ldisc_restore().
tty: Use __GFP_NOFAIL for tty_ldisc_get()
ALSA: dice: fix OUI for TC group
ALSA: dice: fix error path to destroy initialized stream data
ALSA: hda - Skip jack and others for non-existing PCM streams
ALSA: opl3: Hardening for potential Spectre v1
ALSA: asihpi: Hardening for potential Spectre v1
ALSA: hdspm: Hardening for potential Spectre v1
ALSA: rme9652: Hardening for potential Spectre v1
ALSA: control: Hardening for potential Spectre v1
ALSA: pcm: Return negative delays from SNDRV_PCM_IOCTL_DELAY.
ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
ALSA: seq: oss: Hardening for potential Spectre v1
ALSA: hda: Hardening for potential Spectre v1
ALSA: hda/realtek - Add some fixes for ALC233
ALSA: hda/realtek - Update ALC255 depop optimize
ALSA: hda/realtek - change the location for one of two front mics
mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic
mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
mtd: rawnand: tango: Fix struct clk memory leak
kobject: don't use WARN for registration failures
scsi: sd: Defer spinning up drive while SANITIZE is in progress
bfq-iosched: ensure to clear bic/bfqq pointers when preparing request
vfio: ccw: process ssch with interrupts disabled
ANDROID: binder: prevent transactions into own process.
PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf()
PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf()
PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode
PCI: aardvark: Fix PCIe Max Read Request Size setting
ARM: amba: Make driver_override output consistent with other buses
ARM: amba: Fix race condition with driver_override
ARM: amba: Don't read past the end of sysfs "driver_override" buffer
ARM: socfpga_defconfig: Remove QSPI Sector 4K size force
KVM: arm/arm64: Close VMID generation race
powerpc/mm: Flush cache on memory hot(un)plug
powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large address range
crypto: drbg - set freed buffers to NULL
ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
libceph: un-backoff on tick when we have a authenticated session
libceph: reschedule a tick in finish_hunting()
libceph: validate con->state at the top of try_write()
fpga-manager: altera-ps-spi: preserve nCONFIG state
earlycon: Use a pointer table to fix __earlycon_table stride
cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt
rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops
drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders
drm/i915: Enable display WA#1183 from its correct spot
objtool, perf: Fix GCC 8 -Wrestrict error
tools/lib/subcmd/pager.c: do not alias select() params
x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
x86/smpboot: Don't use mwait_play_dead() on AMD systems
x86/microcode/intel: Save microcode patch unconditionally
x86/microcode: Do not exit early from __reload_late()
tick/sched: Do not mess with an enqueued hrtimer
arm/arm64: KVM: Add PSCI version selection API
powerpc/eeh: Fix race with driver un/bind
Linux 4.14.39
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Stephan Mueller
|
674d38ea18 |
crypto: drbg - set freed buffers to NULL
commit eea0d3ea7546961f69f55b26714ac8fd71c7c020 upstream. During freeing of the internal buffers used by the DRBG, set the pointer to NULL. It is possible that the context with the freed buffers is reused. In case of an error during initialization where the pointers do not yet point to allocated memory, the NULL value prevents a double free. Cc: stable@vger.kernel.org Fixes: 3cfc3b9721123 ("crypto: drbg - use aligned buffers") Signed-off-by: Stephan Mueller <smueller@chronox.de> Reported-by: syzbot+75397ee3df5c70164154@syzkaller.appspotmail.com Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
7e76ead2d2 |
This is the 4.14.34 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlrPNhoACgkQONu9yGCS aT6BgRAAlQVoTa9PEk/vyJACP/IDnzW/UUhUatTTBcsj8hAOzeF5tpFPvvqG+Aoj TfjujeFN8YgqepBKEWdAvUknJtO9Ka+1Q7elBg1A9ygwPXn4XCVV1Cu+Q7w9gmci OJd/3ubevqGV0enA9wzxsczhG8ua/8EZiBM5pz8NDXy4nZ7rtxCUs+8npCj23/dJ klN70Gv58ClSaI4CUTXejBxm9/EGIrY0+SoS3+M1rj8vV8kgr8uzqDuk/Kv12YL8 /XVbB6QHPauvJAw9QFaP9xi2M7hZ03YJlo0hHMoPUXyLK2CJ5w/NJmJcKOu+eKx0 GGn/qQ0C8uAXGFfJjwHNj3MHDgPVayIvE7SMVKRIY8EcSYv9AsL+YDo6KK9WRmuE 3VLxOFO8Z2vVaVATU3U/m/+lK+kyDqStwwp7IFTbYSb3GpSD8JeruBWcbM2ywPCX J+n3DWrvwcvIsS1+URJogiaamo7J6u4upyz9ilym7XovMub5RfjmhIAKBsd3DqEL PZ+MLM+TMUq6smSlSFdrSuU+aquhbaKaD/LdXmVlsIjMQOOkQCU8d6mHYfW7jBEP 6oE/VjXSewMdsrux3C4rKW/TnnXRWNHPY47SqObkqEx1uf2uFPSi5jIKRCBZtNfT 2nMEfDnW/FBuQVoWvBx01eiSeupNRl0ULbdtdrMS7YMFY8gaVOY= =+4X0 -----END PGP SIGNATURE----- Merge 4.14.34 into android-4.14 Changes in 4.14.34 i40iw: Fix sequence number for the first partial FPDU i40iw: Correct Q1/XF object count equation i40iw: Validate correct IRD/ORD connection parameters clk: meson: mpll: use 64-bit maths in params_from_rate ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node Bluetooth: Add a new 04ca:3015 QCA_ROME device ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT thermal: power_allocator: fix one race condition issue for thermal_instances list perf probe: Find versioned symbols from map perf probe: Add warning message if there is unexpected event name perf evsel: Enable ignore_missing_thread for pid option net: hns3: free the ring_data structrue when change tqps net: hns3: fix for getting auto-negotiation state in hclge_get_autoneg l2tp: fix missing print session offset info rds; Reset rs->rs_bound_addr in rds_add_bound() failure path ACPI / video: Default lcd_only to true on Win8-ready and newer machines net/mlx4_en: Change default QoS settings VFS: close race between getcwd() and d_move() watchdog: dw_wdt: add stop watchdog operation clk: divider: fix incorrect usage of container_of PM / devfreq: Fix potential NULL pointer dereference in governor_store selftests/net: fix bugs in address and port initialization RDMA/cma: Mark end of CMA ID messages hwmon: (ina2xx) Make calibration register value fixed clk: sunxi-ng: a83t: Add M divider to TCON1 clock media: videobuf2-core: don't go out of the buffer range ASoC: Intel: Skylake: Disable clock gating during firmware and library download ASoC: Intel: cht_bsw_rt5645: Analog Mic support spi: sh-msiof: Fix timeout failures for TX-only DMA transfers scsi: libiscsi: Allow sd_shutdown on bad transport scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag. irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry ACPI: EC: Fix debugfs_create_*() usage mac80211: Fix setting TX power on monitor interfaces vfb: fix video mode and line_length being set when loaded gpio: label descriptors using the device name powernv-cpufreq: Add helper to extract pstate from PMSR IB/rdmavt: Allocate CQ memory on the correct node blk-mq: avoid to map CPU into stale hw queue blk-mq: fix race between updating nr_hw_queues and switching io sched backlight: tdo24m: Fix the SPI CS between transfers pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts nvme_fcloop: disassocate local port structs nvme_fcloop: fix abort race condition tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented perf report: Fix a no annotate browser displayed issue staging: lustre: disable preempt while sampling processor id. ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()' power: supply: axp288_charger: Properly stop work on probe-error / remove rt2x00: do not pause queue unconditionally on error path wl1251: check return from call to wl1251_acx_arp_ip_filter net/mlx5: Fix race for multiple RoCE enable net: hns3: Fix an error of total drop packet statistics net: hns3: Fix a loop index error of tqp statistics query net: hns3: Fix an error macro definition of HNS3_TQP_STAT net: hns3: fix for changing MTU bcache: ret IOERR when read meets metadata error bcache: stop writeback thread after detaching bcache: segregate flash only volume write streams scsi: libsas: fix memory leak in sas_smp_get_phy_events() scsi: libsas: fix error when getting phy events scsi: libsas: initialize sas_phy status according to response of DISCOVER blk-mq: fix kernel oops in blk_mq_tag_idle() tty: n_gsm: Allow ADM response in addition to UA for control dlci block, bfq: put async queues for root bfq groups too EDAC, mv64x60: Fix an error handling path uio_hv_generic: check that host supports monitor page i40evf: don't rely on netif_running() outside rtnl_lock() cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages scsi: megaraid_sas: Error handling for invalid ldcount provided by firmware in RAID map scsi: megaraid_sas: unload flag should be set after scsi_remove_host is called RDMA/cma: Fix rdma_cm path querying for RoCE gpio: thunderx: fix error return code in thunderx_gpio_probe() x86/gart: Exclude GART aperture from vmcore sdhci: Advertise 2.0v supply on SDIO host controller ibmvnic: Don't handle RX interrupts when not up. Input: goodix - disable IRQs while suspended mtd: mtd_oobtest: Handle bitflips during reads crypto: aes-generic - build with -Os on gcc-7+ perf tools: Fix copyfile_offset update of output offset tcmu: release blocks for partially setup cmds thermal: int3400_thermal: fix error handling in int3400_thermal_probe() objtool: Add Clang support crypto: arm64/aes-ce-cipher - move assembler code to .S file x86/microcode: Propagate return value from updating functions x86/CPU: Add a microcode loader callback x86/CPU: Check CPU feature bits after microcode upgrade x86/microcode: Get rid of struct apply_microcode_ctx x86/microcode/intel: Check microcode revision before updating sibling threads x86/microcode/intel: Writeback and invalidate caches before updating microcode x86/microcode: Do not upload microcode if CPUs are offline x86/microcode/intel: Look into the patch cache first x86/microcode: Request microcode on the BSP x86/microcode: Synchronize late microcode loading x86/microcode: Attempt late loading only when new microcode is present x86/microcode: Fix CPU synchronization routine arp: fix arp_filter on l3slave devices ipv6: the entire IPv6 header chain must fit the first fragment lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write) net: fix possible out-of-bound read in skb_network_protocol() net/ipv6: Fix route leaking between VRFs net/ipv6: Increment OUTxxx counters after netfilter hook netlink: make sure nladdr has correct size in netlink_connect() net sched actions: fix dumping which requires several messages to user space net/sched: fix NULL dereference in the error path of tcf_bpf_init() pptp: remove a buggy dst release in pptp_connect() r8169: fix setting driver_data after register_netdev sctp: do not leak kernel memory to user space sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 sky2: Increase D3 delay to sky2 stops working after suspend vhost: correctly remove wait queue during poll failure vlan: also check phy_driver ts_info for vlan's real device vrf: Fix use after free and double free in vrf_finish_output bonding: fix the err path for dev hwaddr sync in bond_enslave bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave bonding: process the err returned by dev_set_allmulti properly in bond_enslave net: fool proof dev_valid_name() ip_tunnel: better validate user provided tunnel names ipv6: sit: better validate user provided tunnel names ip6_gre: better validate user provided tunnel names ip6_tunnel: better validate user provided tunnel names vti6: better validate user provided tunnel names net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path net/mlx5e: Fix memory usage issues in offloading TC flows nfp: use full 40 bits of the NSP buffer address ipv6: sr: fix seg6 encap performances with TSO enabled net/mlx5e: Don't override vport admin link state in switchdev mode net/mlx5e: Sync netdev vxlan ports at open net/sched: fix NULL dereference in the error path of tunnel_key_init() net/sched: fix NULL dereference on the error path of tcf_skbmod_init() strparser: Fix sign of err codes net/mlx4_en: Fix mixed PFC and Global pause user control requests net/mlx5e: Fix traffic being dropped on VF representor vhost: validate log when IOTLB is enabled route: check sysctl_fib_multipath_use_neigh earlier than hash team: move dev_mc_sync after master_upper_dev_link in team_port_add vhost_net: add missing lock nesting notation net/mlx4_core: Fix memory leak while delete slave's resources Linux 4.14.34 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Arnd Bergmann
|
7cae67e312 |
crypto: aes-generic - build with -Os on gcc-7+
[ Upstream commit 148b974deea927f5dbb6c468af2707b488bfa2de ] While testing other changes, I discovered that gcc-7.2.1 produces badly optimized code for aes_encrypt/aes_decrypt. This is especially true when CONFIG_UBSAN_SANITIZE_ALL is enabled, where it leads to extremely large stack usage that in turn might cause kernel stack overflows: crypto/aes_generic.c: In function 'aes_encrypt': crypto/aes_generic.c:1371:1: warning: the frame size of 4880 bytes is larger than 2048 bytes [-Wframe-larger-than=] crypto/aes_generic.c: In function 'aes_decrypt': crypto/aes_generic.c:1441:1: warning: the frame size of 4864 bytes is larger than 2048 bytes [-Wframe-larger-than=] I verified that this problem exists on all architectures that are supported by gcc-7.2, though arm64 in particular is less affected than the others. I also found that gcc-7.1 and gcc-8 do not show the extreme stack usage but still produce worse code than earlier versions for this file, apparently because of optimization passes that generally provide a substantial improvement in object code quality but understandably fail to find any shortcuts in the AES algorithm. Possible workarounds include a) disabling -ftree-pre and -ftree-sra optimizations, this was an earlier patch I tried, which reliably fixed the stack usage, but caused a serious performance regression in some versions, as later testing found. b) disabling UBSAN on this file or all ciphers, as suggested by Ard Biesheuvel. This would lead to massively better crypto performance in UBSAN-enabled kernels and avoid the stack usage, but there is a concern over whether we should exclude arbitrary files from UBSAN at all. c) Forcing the optimization level in a different way. Similar to a), but rather than deselecting specific optimization stages, this now uses "gcc -Os" for this file, regardless of the CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE/SIZE option. This is a reliable workaround for the stack consumption on all architecture, and I've retested the performance results now on x86, cycles/byte (lower is better) for cbc(aes-generic) with 256 bit keys: -O2 -Os gcc-6.3.1 14.9 15.1 gcc-7.0.1 14.7 15.3 gcc-7.1.1 15.3 14.7 gcc-7.2.1 16.8 15.9 gcc-8.0.0 15.5 15.6 This implements the option c) by enabling forcing -Os on all compiler versions starting with gcc-7.1. As a workaround for PR83356, it would only be needed for gcc-7.2+ with UBSAN enabled, but since it also shows better performance on gcc-7.1 without UBSAN, it seems appropriate to use the faster version here as well. Side note: during testing, I also played with the AES code in libressl, which had a similar performance regression from gcc-6 to gcc-7.2, but was three times slower overall. It might be interesting to investigate that further and possibly port the Linux implementation into that. Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83356 Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83651 Cc: Richard Biener <rguenther@suse.de> Cc: Jakub Jelinek <jakub@gcc.gnu.org> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
27e69ad2ae |
This is the 4.14.33 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlrKCn4ACgkQONu9yGCS aT5N9Q//fD3Bsaf4GuQxBLR0Jd6tNpunTMyc98TxQ1SUqN72YHiVhhZ88F5syRXd OsdOUIbmlnGPGfiV4sFf9HPmji4OCmTwBdWOjeja75TjApJ98H1gMUlULbiFYgdc TMitrwfNmxjUsdbCUGO2E3+9xKXjWcqmDfqeE4zano9iejPLiDwulIiG52QTVIlY FGm0nxYPq2A4AlF4u2B7sHaf1PEeopcmx/wNaAAZQf3pzXo8SukThQaeQihYMUv2 4iU6EDmorTFy2V+r6N58AU4BEVj1fsiWLVObNRjfRkQ6NiljhzHgoSxrqXF+lOFu ZGOOLJ7oiVJMXBBFKkDCA9qKvLcVRmwEz8gwdvylhWuOoUIvRxfPBdbPenz7YXYS 0ySXA0zU6KT31O+70ryE2UQonQ27fF71hohBRm1a5Z88uy24eCbFR1b5+8ldVKeF 2SFruhtoaI9iG6aaIFW8bNLVU3d5wyhp+NrL57y4STeR/fDC5ed3jnaOaXKpM4Dl DnteX/UtTvlVTwhBNgSEaCxB53gHWM9/ueEJaijfSiQVaIyrXL0atz8ZhZPlXwVG n13Dl4nWbXO6/TckK+VqhCTJ/54vEZzKfvR6u9+QiusA5AcS5rFz/4nQx6fVpt1z XgmUPtaC63TPc7E3iY/SvX2FtOWpdjqR/Tv32xbIjwSfDdnOl2M= =kd9N -----END PGP SIGNATURE----- Merge 4.14.33 into android-4.14 Changes in 4.14.33 ARM: OMAP: Fix SRAM W+X mapping ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] ARM: dts: sun6i: a31s: bpi-m2: improve pmic properties ARM: dts: sun6i: a31s: bpi-m2: add missing regulators mtd: jedec_probe: Fix crash in jedec_read_mfr() mtd: nand: atmel: Fix get_sectorsize() function ALSA: usb-audio: Add native DSD support for TEAC UD-301 ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() ALSA: pcm: potential uninitialized return values x86/platform/uv/BAU: Add APIC idt entry perf/hwbp: Simplify the perf-hwbp code, fix documentation ceph: only dirty ITER_IOVEC pages for direct read ipc/shm.c: add split function to shm_vm_ops i2c: i2c-stm32f7: fix no check on returned setup powerpc/64s: Fix lost pending interrupt due to race causing lost update to irq_happened powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs partitions/msdos: Unable to mount UFS 44bsd partitions xfrm_user: uncoditionally validate esn replay attribute struct RDMA/ucma: Check AF family prior resolving address RDMA/ucma: Fix use-after-free access in ucma_close RDMA/ucma: Ensure that CM_ID exists prior to access it RDMA/rdma_cm: Fix use after free race with process_one_req RDMA/ucma: Check that device is connected prior to access it RDMA/ucma: Check that device exists prior to accessing it RDMA/ucma: Introduce safer rdma_addr_size() variants net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems percpu: add __GFP_NORETRY semantics to the percpu balancing path netfilter: x_tables: make allocation less aggressive netfilter: bridge: ebt_among: add more missing match size checks l2tp: fix races with ipv4-mapped ipv6 addresses netfilter: drop template ct when conntrack is skipped. netfilter: x_tables: add and use xt_check_proc_name phy: qcom-ufs: add MODULE_LICENSE tag Bluetooth: Fix missing encryption refresh on Security Request usb: dwc2: Improve gadget state disconnection handling bitmap: fix memset optimization on big-endian systems USB: serial: ftdi_sio: add RT Systems VX-8 cable USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator USB: serial: cp210x: add ELDAT Easywave RX09 id serial: 8250: Add Nuvoton NPCM UART mei: remove dev_err message on an unsupported ioctl /dev/mem: Avoid overwriting "err" in read_mem() media: usbtv: prevent double free in error case parport_pc: Add support for WCH CH382L PCI-E single parallel port card. crypto: lrw - Free rctx->ext with kzfree crypto: inside-secure - fix clock management crypto: testmgr - Fix incorrect values in PKCS#1 test vector crypto: ahash - Fix early termination in hash walk crypto: caam - Fix null dereference at error path crypto: ccp - return an actual key size from RSA max_size callback crypto: arm,arm64 - Fix random regeneration of S_shipped crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one Btrfs: fix unexpected cow in run_delalloc_nocow staging: comedi: ni_mio_common: ack ai fifo error interrupts. Revert "base: arch_topology: fix section mismatch build warnings" Input: ALPS - fix TrackStick detection on Thinkpad L570 and Latitude 7370 Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad vt: change SGR 21 to follow the standards ARM: dts: DRA76-EVM: Set powerhold property for tps65917 net: hns: Fix ethtool private flags Fix slab name "biovec-(1<<(21-12))" Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin" Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin" Revert "cpufreq: Fix governor module removal race" Revert "ip6_vti: adjust vti mtu according to mtu of lower device" Linux 4.14.33 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Herbert Xu
|
c3657fd0c1 |
crypto: ahash - Fix early termination in hash walk
commit 900a081f6912a8985dc15380ec912752cb66025a upstream. When we have an unaligned SG list entry where there is no leftover aligned data, the hash walk code will incorrectly return zero as if the entire SG list has been processed. This patch fixes it by moving onto the next page instead. Reported-by: Eli Cooper <elicooper@gmx.com> Cc: <stable@vger.kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Conor McLoughlin
|
ad35fdc00a |
crypto: testmgr - Fix incorrect values in PKCS#1 test vector
commit 333e18c5cc74438f8940c7f3a8b3573748a371f9 upstream. The RSA private key for the first form should have version, prime1, prime2, exponent1, exponent2, coefficient values 0. With non-zero values for prime1,2, exponent 1,2 and coefficient the Intel QAT driver will assume that values are provided for the private key second form. This will result in signature verification failures for modules where QAT device is present and the modules are signed with rsa,sha256. Cc: <stable@vger.kernel.org> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Conor McLoughlin <conor.mcloughlin@intel.com> Reviewed-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Herbert Xu
|
77827f3d63 |
crypto: lrw - Free rctx->ext with kzfree
commit 8c9bdab21289c211ca1ca6a5f9b7537b4a600a02 upstream.
The buffer rctx->ext contains potentially sensitive data and should
be freed with kzfree.
Cc: <stable@vger.kernel.org>
Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
267c6efd76 |
This is the 4.14.28 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqvagEACgkQONu9yGCS aT6OIxAAmZR4SyE7pWG9IwDzRcWhkPqknnKyM9SsfZ4m9TjiTRDZudUuJHy9LYko L1uCqQqd2cb88DkkY7aoThlZUNQmRKxbqlm1KGFnxYTIWpqmwC0Cod47P1gPdfu8 eCHFTskA3LzhWKtKISIYAstfgiiSMPDcaK+AoMFSgNHJPIRzK1ixMbPqd+NskBBn jkSAWgc3z7GazyPgX9mnR8jh6hrPBARgDgCUUlc5kG4xBQMJD5u00Z2u6hgPgGeH AjmB/LGWepZC/e+XbJGZlu2J/gOREkqpGmIgBlhLMZKFaa1uGb6do6vDpUwQsfHY NutaJ5sKuDRRk72jWNvYLxXetV+X8yMR/NcbUwN7NLe9tKQRQKQicscYSnSma5p+ /9kusRfbDuDgx6dSDf8qtfL4N01suUpZadfHRYJWTnmsR718ybc05LYegcve6m3n c1VL8oAVB9SHLWEEirqDfBIsDPwwUt2D+3Qa2BK7aLFdWJD8DAwBB+vuYOscvPMQ 4R4YG3Tt2jxlbdYSNnnF2/Y8RvJvYSH9TCz2ZxjTYjO1di+ildnF2KP2ncXnfU6s 2i5c/5efb5FRQUN3x2EiGK9adRhHc6D2vheOMOMGIFJX/hI4fDNuQyX9676hliMc +BRom5CU7712BVeR70+XuO9K9M1UDeqUGK0tgWFc8xI9LdrnfVc= =85d3 -----END PGP SIGNATURE----- Merge 4.14.28 into android-4.14 Changes in 4.14.28 net: phy: fix resume handling net: phy: Restore phy_resume() locking assumption x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 ASoC: sun4i-i2s: Fix RX slot number of SUN8I ASoC: sgtl5000: Fix suspend/resume ASoC: wm_adsp: For TLV controls only register TLV get/set ASoC: rt5651: Fix regcache sync errors on resume usb: host: xhci-rcar: add support for r8a77965 xhci: Fix front USB ports on ASUS PRIME B350M-A xhci: fix endpoint context tracer output serial: sh-sci: prevent lockup on full TTY buffers tty/serial: atmel: add new version check for usart uas: fix comparison for error code staging: comedi: fix comedi_nsamples_left. staging: android: ashmem: Fix lockdep issue during llseek USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h usbip: vudc: fix null pointer dereference on udc->lock usb: quirks: add control message delay for 1b1c:1b20 usb: usbmon: Read text within supplied buffer size usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() usb: dwc3: Fix lock-up on ID change during system suspend/resume serial: 8250_pci: Add Brainboxes UC-260 4 port serial device serial: core: mark port as initialized in autoconfig earlycon: add reg-offset to physical address before mapping dm mpath: fix passing integrity data Revert "btrfs: use proper endianness accessors for super_copy" drm/edid: set ELD connector type in drm_edid_to_eld() dma-buf/fence: Fix lock inversion within dma-fence-array video/hdmi: Allow "empty" HDMI infoframes HID: multitouch: Only look at non touch fields in first packet of a frame HID: elo: clear BTN_LEFT mapping iwlwifi: mvm: rs: don't override the rate history in the search cycle ARM: dts: koelsch: Move cec_clock to root node clk: meson: gxbb: fix wrong clock for SARADC/SANA ARM: dts: exynos: Correct Trats2 panel reset line drm/amdgpu: fix get_max_engine_clock_in_mhz staging: rtl8822be: fix missing null check on dev_alloc_skb return typec: tcpm: fusb302: Resolve out of order messaging events USB: ledtrig-usbport: fix of-node leak sched: Stop switched_to_rt() from sending IPIs to offline CPUs sched: Stop resched_cpu() from sending IPIs to offline CPUs crypto: ecc - Fix NULL pointer deref. on no default_rng crypto: cavium - fix memory leak on info test_firmware: fix setting old custom fw path back on exit net: ieee802154: adf7242: Fix bug if defined DEBUG rtc: brcmstb-waketimer: fix error handling in brcmstb_waketmr_probe() net: xfrm: allow clearing socket xfrm policies. mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() net: thunderx: Set max queue count taking XDP_TX into account ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin ARM: dts: omap3-n900: Fix the audio CODEC's reset pin mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 userns: Don't fail follow_automount based on s_user_ns xfrm: Fix xfrm_replay_overflow_offload_esn leds: pm8058: Silence pointer to integer size warning power: supply: ab8500_charger: Fix an error handling path power: supply: ab8500_charger: Bail out in case of error in 'ab8500_charger_init_hw_registers()' drm/etnaviv: make THERMAL selectable iio: adc: ina2xx: Shift bus voltage register to mask flag bits iio: health: max30102: Add power enable parameter to get_temp function ath10k: update tdls teardown state to target cpufreq: Fix governor module removal race drm/amdgpu:fix random missing of FLR NOTIFY scsi: ses: don't ask for diagnostic pages repeatedly during probe pwm: stmpe: Fix wrong register offset for hwpwm=2 case drm/sun4i: Fix format mask in DE2 driver pinctrl: sh-pfc: r8a7791: Add can_clk function pinctrl: sh-pfc: r8a7795-es1: Fix MOD_SEL1 bit[25:24] to 0x3 when using STP_ISEN_1_D perf annotate: Fix unnecessary memory allocation for s390x perf annotate: Fix objdump comment parsing for Intel mov dissassembly iwlwifi: mvm: avoid dumping assert log when device is stopped drm/amdgpu:fix virtual dce bug clk: qcom: msm8916: fix mnd_width for codec_digcodec mwifiex: cfg80211: do not change virtual interface during scan processing ath10k: fix invalid STS_CAP_OFFSET_MASK tools/usbip: fixes build with musl libc toolchain spi: sun6i: disable/unprepare clocks on remove bnxt_en: Don't print "Link speed -1 no longer supported" messages. scsi: core: scsi_get_device_flags_keyed(): Always return device flags scsi: devinfo: apply to HP XP the same flags as Hitachi VSP scsi: dh: add new rdac devices media: vsp1: Prevent suspending and resuming DRM pipelines dm raid: fix raid set size revalidation media: cpia2: Fix a couple off by one bugs media: davinci: vpif_capture: add NULL check on devm_kzalloc return value virtio_net: Disable interrupts if napi_complete_done rescheduled napi net: sched: drop qdisc_reset from dev_graft_qdisc veth: set peer GSO values drm/amdkfd: Fix memory leaks in kfd topology powerpc/modules: Don't try to restore r2 after a sibling call powerpc/64: Don't trace irqs-off at interrupt return to soft-disabled context arm64: dts: renesas: salvator-common: Add EthernetAVB PHY reset agp/intel: Flush all chipset writes after updating the GGTT mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED mac80211: remove BUG() when interface type is invalid crypto: caam/qi - use correct print specifier for size_t ASoC: nuc900: Fix a loop timeout test mmc: mmc_test: Ensure command queue is disabled for testing Fix misannotated out-of-line _copy_to_user() ipvlan: add L2 check for packets arriving via virtual devices rcutorture/configinit: Fix build directory error message locking/locktorture: Fix num reader/writer corner cases ima: relax requiring a file signature for new files with zero length IB/mlx5: revisit -Wmaybe-uninitialized warning dmaengine: qcom_hidma: check pending interrupts drm/i915/glk: Disable Guc and HuC on GLK Linux 4.14.28 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Pierre
|
90cf769aeb |
crypto: ecc - Fix NULL pointer deref. on no default_rng
[ Upstream commit 4c0e22c90510308433272d7ba281b1eb4eda8209 ] If crypto_get_default_rng returns an error, the function ecc_gen_privkey should return an error. Instead, it currently tries to use the default_rng nevertheless, thus creating a kernel panic with a NULL pointer dereference. Returning the error directly, as was supposedly intended when looking at the code, fixes this. Signed-off-by: Pierre Ducroquet <pinaraf@pinaraf.info> Reviewed-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
85ab9a0468 |
This is the 4.14.24 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqaaf0ACgkQONu9yGCS aT7cDxAAxjZ8e9TGlix7q2wIWSFRfAaWpb4SyZYxP6pYnrdhrHr6IQ+U5ydtiRcz T+zYkpXGMTMdkmKogXITp8FUL9ztkABJ/RyHcYuTdxTSpSUN67KNrVwGbM5NobX/ dPwPkkvUQDh1jyCUsqbYMoGfBSJVH5e7KgsfCtpcnckNzX3R2TOuwRb7aVjpyD63 Nb2tY70o07bjQZ+M3iWM1cHQ5AaMkJcZeML7mc/40AAcDB0pPNr53LKfVjSFrwgK Od5tOHR//XF17Kdi1dtT+XSmHsXcocq4FEp6x4htJPD19uOou5KC31ceXi2k8UEG g6iCRrsijdTrsl0ajyrwvXRWtQFN5fUw6BjA1G1/82FE8Eovxv28VjEHFElS+jX3 gQNDsyeJjQIP7Kpq2tRLmUTtFBGnBW7pcLRR/9jmZJdKsvTGa1BwOUbp9OO2FHip hiijnuqz8gpS9mEilALpAF7QLQk3dX8qLS1HZO3KKnFLxwSJqZhENvdfPZ2Fl7kr 4zavBe7suEyj1+jEt6xqksNOEZh+KAqRIhOZVBry9bvxAG4VCiN6pxEx63uIimMC bN9OFZZACFlao/4MCOggS0M48/tWU15Hep+jstUZ3FarUfrNy4VcRjcrTKdDEPMX Z5kwJEi9p/J0cReQMagJ/Y63aG4lPHTW8wUxOlHcp+e1wi0q+Kc= =h0lU -----END PGP SIGNATURE----- Merge 4.14.24 into android-4.14 Changes in 4.14.24 hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) exec: avoid gcc-8 warning for get_task_comm mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()' scsi: aacraid: Fix I/O drop during reset dmaengine: fsl-edma: disable clks on all error paths phy: cpcap-usb: Fix platform_get_irq_byname's error checking. nvme-fc: remove double put reference if admin connect fails nvme: check hw sectors before setting chunk sectors net: aquantia: Fix actual speed capabilities reporting net: aquantia: Fix hardware DMA stream overload on large MRRS net: usb: qmi_wwan: add Telit ME910 PID 0x1101 support mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM mtd: nand: brcmnand: Zero bitflip is not an error ipv6: icmp6: Allow icmp messages to be looped back parisc: Reduce thread stack to 16 kb ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch x86/asm: Allow again using asm.h when building for the 'bpf' clang target sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege sget(): handle failures of register_shrinker() net: phy: xgene: disable clk on error paths drm/nouveau/pci: do a msi rearm on init xfrm: Reinject transport-mode packets through tasklet x86/stacktrace: Make zombie stack traces reliable mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl spi: atmel: fixed spin_lock usage inside atmel_spi_remove ASoC: nau8825: fix issue that pop noise when start capture cgroup: Fix deadlock in cpu hotplug path staging: ion: Fix ion_cma_heap allocations x86-64/Xen: eliminate W+X mappings net: mediatek: setup proper state for disabled GMAC on the default net: arc_emac: fix arc_emac_rx() error paths vxlan: update skb dst pmtu on tx path ip_gre: remove the incorrect mtu limit for ipgre tap ip6_gre: remove the incorrect mtu limit for ipgre tap ip6_tunnel: get the min mtu properly in ip6_tnl_xmit net: stmmac: Fix TX timestamp calculation net: stmmac: Fix bad RX timestamp extraction net/mlx5e: Fix ETS BW check net/mlx5: Cleanup IRQs in case of unload failure net/mlx5: Stay in polling mode when command EQ destroy fails ASoC: rsnd: fixup ADG register mask xen/balloon: Mark unallocated host memory as UNUSABLE netfilter: nf_tables: fix chain filter in nf_tables_dump_rules() scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error netfilter: uapi: correct UNTRACKED conntrack state bit number i915: Reject CCS modifiers for pipe C on Geminilake RDMA/vmw_pvrdma: Call ib_umem_release on destroy QP path ARM: dts: ls1021a: fix incorrect clock references crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t lib/mpi: Fix umul_ppmm() for MIPS64r6 arm64: dts: renesas: ulcb: Remove renesas, no-ether-link property crypto: inside-secure - per request invalidation crypto: inside-secure - free requests even if their handling failed crypto: inside-secure - fix request allocations in invalidation path netfilter: nf_tables: fix potential NULL-ptr deref in nf_tables_dump_obj_done() tipc: error path leak fixes in tipc_enable_bearer() tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path tg3: Add workaround to restrict 5762 MRRS to 2048 tg3: Enable PHY reset in MTU change path for 5720 bnx2x: Improve reliability in case of nested PCI errors perf/x86/intel: Plug memory leak in intel_pmu_init() led: core: Fix brightness setting when setting delay_off=0 IB/mlx5: Fix mlx5_ib_alloc_mr error flow genirq: Guard handle_bad_irq log messages afs: Fix missing error handling in afs_write_end() s390/dasd: fix wrongly assigned configuration data btrfs: Fix flush bio leak ip6_tunnel: allow ip6gre dev mtu to be set below 1280 Input: xen-kbdfront - do not advertise multi-touch pressure support IB/mlx4: Fix mlx4_ib_alloc_mr error flow IB/ipoib: Fix race condition in neigh creation xfs: quota: fix missed destroy of qi_tree_lock xfs: quota: check result of register_shrinker() macvlan: Fix one possible double free e1000: fix disabling already-disabled warning NET: usb: qmi_wwan: add support for YUGA CLM920-NC5 PID 0x9625 drm/ttm: check the return value of kzalloc RDMA/netlink: Fix locking around __ib_get_device_by_index x86/efi: Fix kernel param add_efi_memmap regression uapi libc compat: add fallback for unsupported libcs i40e/i40evf: Account for frags split over multiple descriptors in check linearize i40e: don't remove netdev->dev_addr when syncing uc list net: ena: unmask MSI-X only after device initialization is completed nl80211: Check for the required netlink attribute presence mac80211: mesh: drop frames appearing to be from us can: flex_can: Correct the checking for frame length in flexcan_start_xmit() wcn36xx: Fix dynamic power saving block: drain queue before waiting for q_usage_counter becoming zero ia64, sched/cputime: Fix build error if CONFIG_VIRT_CPU_ACCOUNTING_NATIVE=y bpf: sockmap missing NULL psock check leds: core: Fix regression caused by commit 2b83ff96f51d powerpc/pseries: Make RAS IRQ explicitly dependent on DLPAR WQ nvme-fabrics: initialize default host->id in nvmf_host_default() x86/platform/intel-mid: Revert "Make 'bt_sfi_data' const" bnxt_en: Fix population of flow_type in bnxt_hwrm_cfa_flow_alloc() bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. xen-netfront: enable device after manual module load mdio-sun4i: Fix a memory leak SolutionEngine771x: fix Ether platform data xen/gntdev: Fix off-by-one error when unmapping with holes xen/gntdev: Fix partial gntdev_mmap() cleanup sctp: add a ceiling to optlen in some sockopts sctp: make use of pre-calculated len net: gianfar_ptp: move set_fipers() to spinlock protecting area of_mdio: avoid MDIO bus removal when a PHY is missing nfp: always unmask aux interrupts at init mlxsw: pci: Wait after reset before accessing HW MIPS: Implement __multi3 for GCC7 MIPS64r6 builds powerpc/pseries: Enable RAS hotplug events later arm64: dts: marvell: add comphy nodes on cp110 master and slave arm64: dts: marvell: mcbin: add comphy references to Ethernet ports net: sched: fix crash when deleting secondary chains net: sched: crash on blocks with goto chain action net_sched: get rid of rcu_barrier() in tcf_block_put_ext() net: sched: fix use-after-free in tcf_block_put_ext Linux 4.14.24 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Jonathan Cameron
|
36d0a678fb |
crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t
[ Upstream commit af955bf15d2c27496b0269b1f05c26f758c68314 ]
This variable was increased and decreased without any protection.
Result was an occasional misscount and negative wrap around resulting
in false resource allocation failures.
Fixes: 7d2c3f54e6f6 ("crypto: af_alg - remove locking in async callback")
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Dmitry Shmidt
|
2c71b7cbbb |
Merge 4.14.23 into android-4.14
Changes in 4.14.23 netfilter: drop outermost socket lock in getsockopt() arm64: mm: don't write garbage into TTBR1_EL1 register kconfig.h: Include compiler types to avoid missed struct attributes MIPS: boot: Define __ASSEMBLY__ for its.S build xtensa: fix high memory/reserved memory collision scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info MIPS: Drop spurious __unused in struct compat_flock cfg80211: fix cfg80211_beacon_dup i2c: designware: must wait for enable i2c: bcm2835: Set up the rising/falling edge delays X.509: fix BUG_ON() when hash algorithm is unsupported X.509: fix NULL dereference when restricting key with unsupported_sig PKCS#7: fix certificate chain verification PKCS#7: fix certificate blacklisting extcon: int3496: process id-pin first so that we start with the right status RDMA/uverbs: Protect from races between lookup and destroy of uobjects RDMA/uverbs: Protect from command mask overflow RDMA/uverbs: Fix bad unlock balance in ib_uverbs_close_xrcd RDMA/uverbs: Fix circular locking dependency RDMA/uverbs: Sanitize user entered port numbers prior to access it iio: adc: stm32: fix stm32h7_adc_enable error handling iio: srf08: fix link error "devm_iio_triggered_buffer_setup" undefined iio: buffer: check if a buffer has been set up when poll is called iio: adis_lib: Initialize trigger before requesting interrupt Kbuild: always define endianess in kconfig.h x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() mm, swap, frontswap: fix THP swap if frontswap enabled irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq() irqchip/mips-gic: Avoid spuriously handling masked interrupts PCI/cxgb4: Extend T3 PCI quirk to T4+ devices ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func() usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks() arm64: Remove unimplemented syscall log message arm64: Disable unhandled signal log messages by default arm64: cpufeature: Fix CTR_EL0 field definitions Add delay-init quirk for Corsair K70 RGB keyboards drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA usb: host: ehci: use correct device pointer for dma ops usb: dwc3: gadget: Set maxpacket size for ep0 IN usb: dwc3: ep0: Reset TRB counter for ep0 IN usb: ldusb: add PIDs for new CASSY devices supported by this driver Revert "usb: musb: host: don't start next rx urb if current one failed" usb: gadget: f_fs: Process all descriptors during bind usb: gadget: f_fs: Use config_ep_by_speed() usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path drm/cirrus: Load lut in crtc_commit drm: Handle unexpected holes in color-eviction drm/amdgpu: disable MMHUB power gating on raven drm/amdgpu: Add dpm quirk for Jet PRO (v2) drm/amdgpu: only check mmBIF_IOV_FUNC_IDENTIFIER on tonga/fiji drm/amdgpu: add atpx quirk handling (v2) drm/amdgpu: Avoid leaking PM domain on driver unbind (v2) drm/amdgpu: add new device to use atpx quirk drm/i915/breadcrumbs: Ignore unsubmitted signalers m32r: fix endianness constraints microblaze: fix endian handling Linux 4.14.23 Change-Id: I065d928eedf89f981316268f19362d9f8c418431 Signed-off-by: Dmitry Shmidt <dimitrysh@google.com> |
||
Eric Biggers
|
29e76b211e |
PKCS#7: fix certificate blacklisting
commit 29f4a67c17e19314b7d74b8569be935e6c7edf50 upstream.
If there is a blacklisted certificate in a SignerInfo's certificate
chain, then pkcs7_verify_sig_chain() sets sinfo->blacklisted and returns
0. But, pkcs7_verify() fails to handle this case appropriately, as it
actually continues on to the line 'actual_ret = 0;', indicating that the
SignerInfo has passed verification. Consequently, PKCS#7 signature
verification ignores the certificate blacklist.
Fix this by not considering blacklisted SignerInfos to have passed
verification.
Also fix the function comment with regards to when 0 is returned.
Fixes: 03bb79315ddc ("PKCS#7: Handle blacklisted certificates")
Cc: <stable@vger.kernel.org> # v4.12+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Biggers
|
1a1f7f726b |
PKCS#7: fix certificate chain verification
commit 971b42c038dc83e3327872d294fe7131bab152fc upstream.
When pkcs7_verify_sig_chain() is building the certificate chain for a
SignerInfo using the certificates in the PKCS#7 message, it is passing
the wrong arguments to public_key_verify_signature(). Consequently,
when the next certificate is supposed to be used to verify the previous
certificate, the next certificate is actually used to verify itself.
An attacker can use this bug to create a bogus certificate chain that
has no cryptographic relationship between the beginning and end.
Fortunately I couldn't quite find a way to use this to bypass the
overall signature verification, though it comes very close. Here's the
reasoning: due to the bug, every certificate in the chain beyond the
first actually has to be self-signed (where "self-signed" here refers to
the actual key and signature; an attacker might still manipulate the
certificate fields such that the self_signed flag doesn't actually get
set, and thus the chain doesn't end immediately). But to pass trust
validation (pkcs7_validate_trust()), either the SignerInfo or one of the
certificates has to actually be signed by a trusted key. Since only
self-signed certificates can be added to the chain, the only way for an
attacker to introduce a trusted signature is to include a self-signed
trusted certificate.
But, when pkcs7_validate_trust_one() reaches that certificate, instead
of trying to verify the signature on that certificate, it will actually
look up the corresponding trusted key, which will succeed, and then try
to verify the *previous* certificate, which will fail. Thus, disaster
is narrowly averted (as far as I could tell).
Fixes: 6c2dc5ae4ab7 ("X.509: Extract signature digest and make self-signed cert checks earlier")
Cc: <stable@vger.kernel.org> # v4.7+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Biggers
|
99b2095ac7 |
X.509: fix NULL dereference when restricting key with unsupported_sig
commit 4b34968e77ad09628cfb3c4a7daf2adc2cefc6e8 upstream.
The asymmetric key type allows an X.509 certificate to be added even if
its signature's hash algorithm is not available in the crypto API. In
that case 'payload.data[asym_auth]' will be NULL. But the key
restriction code failed to check for this case before trying to use the
signature, resulting in a NULL pointer dereference in
key_or_keyring_common() or in restrict_link_by_signature().
Fix this by returning -ENOPKG when the signature is unsupported.
Reproducer when all the CONFIG_CRYPTO_SHA512* options are disabled and
keyctl has support for the 'restrict_keyring' command:
keyctl new_session
keyctl restrict_keyring @s asymmetric builtin_trusted
openssl req -new -sha512 -x509 -batch -nodes -outform der \
| keyctl padd asymmetric desc @s
Fixes: a511e1af8b12 ("KEYS: Move the point of trust determination to __key_link()")
Cc: <stable@vger.kernel.org> # v4.7+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Biggers
|
dcb04cc794 |
X.509: fix BUG_ON() when hash algorithm is unsupported
commit 437499eea4291ae9621e8763a41df027c110a1ef upstream.
The X.509 parser mishandles the case where the certificate's signature's
hash algorithm is not available in the crypto API. In this case,
x509_get_sig_params() doesn't allocate the cert->sig->digest buffer;
this part seems to be intentional. However,
public_key_verify_signature() is still called via
x509_check_for_self_signed(), which triggers the 'BUG_ON(!sig->digest)'.
Fix this by making public_key_verify_signature() return -ENOPKG if the
hash buffer has not been allocated.
Reproducer when all the CONFIG_CRYPTO_SHA512* options are disabled:
openssl req -new -sha512 -x509 -batch -nodes -outform der \
| keyctl padd asymmetric desc @s
Fixes: 6c2dc5ae4ab7 ("X.509: Extract signature digest and make self-signed cert checks earlier")
Reported-by: Paolo Valente <paolo.valente@linaro.org>
Cc: Paolo Valente <paolo.valente@linaro.org>
Cc: <stable@vger.kernel.org> # v4.7+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Biggers
|
921c88669c |
FROMGIT: crypto: speck - add test vectors for Speck64-XTS
Add test vectors for Speck64-XTS, generated in userspace using C code. The inputs were borrowed from the AES-XTS test vectors, with key lengths adjusted. xts-speck64-neon passes these tests. However, they aren't currently applicable for the generic XTS template, as that only supports a 128-bit block size. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 41b3316e75ee5e8aec7234c9d631582b13a38c7d git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Change-Id: I61a2c77dbfcf487d77b3d9ef0a823dadea8ddf07 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
dfd5e0277a |
FROMGIT: crypto: speck - add test vectors for Speck128-XTS
Add test vectors for Speck128-XTS, generated in userspace using C code. The inputs were borrowed from the AES-XTS test vectors. Both xts(speck128-generic) and xts-speck128-neon pass these tests. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit c3bb521bb6ac3023ae236a3a361f951f8d78ecc4 git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Change-Id: Ifd701d5df4a6602c207cfb28decc620ef7e5f896 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
b456daecc7 |
FROMGIT: crypto: speck - export common helpers
Export the Speck constants and transform context and the ->setkey(), ->encrypt(), and ->decrypt() functions so that they can be reused by the ARM NEON implementation of Speck-XTS. The generic key expansion code will be reused because it is not performance-critical and is not vectorizable, while the generic encryption and decryption functions are needed as fallbacks and for the XTS tweak encryption. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit c8c36413ca8ccbf7a0afe71247fc4617ee2dfcfe git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Change-Id: I93e96e1ef40de7071af212146b8ad3bf45297c1d Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
1b5dd7104e |
FROMGIT: crypto: speck - add support for the Speck block cipher
Add a generic implementation of Speck, including the Speck128 and Speck64 variants. Speck is a lightweight block cipher that can be much faster than AES on processors that don't have AES instructions. We are planning to offer Speck-XTS (probably Speck128/256-XTS) as an option for dm-crypt and fscrypt on Android, for low-end mobile devices with older CPUs such as ARMv7 which don't have the Cryptography Extensions. Currently, such devices are unencrypted because AES is not fast enough, even when the NEON bit-sliced implementation of AES is used. Other AES alternatives such as Twofish, Threefish, Camellia, CAST6, and Serpent aren't fast enough either; it seems that only a modern ARX cipher can provide sufficient performance on these devices. This is a replacement for our original proposal (https://patchwork.kernel.org/patch/10101451/) which was to offer ChaCha20 for these devices. However, the use of a stream cipher for disk/file encryption with no space to store nonces would have been much more insecure than we thought initially, given that it would be used on top of flash storage as well as potentially on top of F2FS, neither of which is guaranteed to overwrite data in-place. Speck has been somewhat controversial due to its origin. Nevertheless, it has a straightforward design (it's an ARX cipher), and it appears to be the leading software-optimized lightweight block cipher currently, with the most cryptanalysis. It's also easy to implement without side channels, unlike AES. Moreover, we only intend Speck to be used when the status quo is no encryption, due to AES not being fast enough. We've also considered a novel length-preserving encryption mode based on ChaCha20 and Poly1305. While theoretically attractive, such a mode would be a brand new crypto construction and would be more complicated and difficult to implement efficiently in comparison to Speck-XTS. There is confusion about the byte and word orders of Speck, since the original paper doesn't specify them. But we have implemented it using the orders the authors recommended in a correspondence with them. The test vectors are taken from the original paper but were mapped to byte arrays using the recommended byte and word orders. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit da7a0ab5b4babbe5d7a46f852582be06a00a28f0 git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Change-Id: Id13c44dee8e3817590950c178d54b24c3aee0b4e Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Greg Kroah-Hartman
|
474d3c467b |
This is the 4.14.21 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqO1toACgkQONu9yGCS
aT49JhAAjKxDe1PA6lq51uyWHlR73vJ93SvtDCHuM8s6aj/rb880vjeZumWcEAdR
nl2Yj/T0z9yZkBrw8Om/3BX4PfsF6hqq1TAufxYeKs08nVQ60v3/a4Mz9CYu8e0A
mXdK6DvSEQRS6S0vc83W2+fj5e05Vfvv23FlsngtH6IxaOL7mnRTxNmP5/PMP3QX
xtOKRBB7ghqqfV8U+yAJ0fbTKu0a+ztPLxCe2Lk+7U7yFpqLudzBfTV06QpcqwSF
fXdRWv8319c24585qubm2N1zDJ8PsxlcFWmvgbcZgO+lk1Zf4XuzxjsElg6PpYvT
m+8L1/Qo4k+L3eXJJiwLPqd6LP9VtspvRItZKMFMPZJNWLdk9tnjcLuA/HpTUvo9
EO/fXBP3YrX48TrjGIu9K4ToZvLFWGcDno5Vges0fb2MkixWF5b2naEdeS+B7SF2
ckYAWuoZPErmmNo6bhIkdizube6k8t+Ch7JxkxWgZh+Jw80drqSBzfdWKTLMl3k0
Nvo8RdbuSrDSg40NHT/d46tBguMp9n/J8eu6f/poN1VZRdqZkgqZ7xHjl7vgRRkg
nfcVndDTw099hhC0OuWVHJMpk62wVz+tRPNOR/yCucDPH1//HuEZ62sQzcjpPQ9l
ML2MD4zrTORK9VuztJFET8feWQ4KrqoSdE8HMD+TtMhhShcZcJA=
=vnDS
-----END PGP SIGNATURE-----
Merge 4.14.21 into android-4.14
Changes in 4.14.21
tracing: Prevent PROFILE_ALL_BRANCHES when FORTIFY_SOURCE=y
scsi: smartpqi: allow static build ("built-in")
IB/umad: Fix use of unprotected device pointer
IB/qib: Fix comparison error with qperf compare/swap test
IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports
IB/core: Fix two kernel warnings triggered by rxe registration
IB/core: Fix ib_wc structure size to remain in 64 bytes boundary
IB/core: Avoid a potential OOPs for an unused optional parameter
selftests: seccomp: fix compile error seccomp_bpf
kselftest: fix OOM in memory compaction test
RDMA/rxe: Fix a race condition related to the QP error state
RDMA/rxe: Fix a race condition in rxe_requester()
RDMA/rxe: Fix rxe_qp_cleanup()
cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin
swiotlb: suppress warning when __GFP_NOWARN is set
PM / devfreq: Propagate error from devfreq_add_device()
mwifiex: resolve reset vs. remove()/shutdown() deadlocks
ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE
powerpc/radix: Remove trace_tlbie call from radix__flush_tlb_all
powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove
powerpc/mm: Flush radix process translations when setting MMU type
powerpc/xive: Use hw CPU ids when configuring the CPU queues
powerpc: Fix DABR match on hash based systems
dma-buf: fix reservation_object_wait_timeout_rcu once more v2
s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
arm64: dts: msm8916: Correct ipc references for smsm
ARM: lpc3250: fix uda1380 gpio numbers
ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
ARM: dts: nomadik: add interrupt-parent for clcd
arm: dts: mt7623: fix card detection issue on bananapi-r2
arm: spear600: Add missing interrupt-parent of rtc
arm: spear13xx: Fix dmas cells
arm: spear13xx: Fix spics gpio controller's warning
drm/i915: add GT number to intel_device_info
drm/i915/kbl: Change a KBL pci id to GT2 from GT1.5
x86/gpu: add CFL to early quirks
x86/kexec: Make kexec (mostly) work in 5-level paging mode
x86/xen: init %gs very early to avoid page faults with stack protector
x86: PM: Make APM idle driver initialize polling state
x86/entry/64: Clear extra registers beyond syscall arguments, to reduce speculation attack surface
x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface
compiler-gcc.h: Introduce __optimize function attribute
compiler-gcc.h: __nostackprotector needs gcc-4.4 and up
crypto: sun4i_ss_prng - fix return value of sun4i_ss_prng_generate
crypto: sun4i_ss_prng - convert lock to _bh in sun4i_ss_prng_generate
powerpc/mm/radix: Split linear mapping on hot-unplug
x86/mm/pti: Fix PTI comment in entry_SYSCALL_64()
x86/speculation: Update Speculation Control microcode blacklist
x86/speculation: Correct Speculation Control microcode blacklist again
Revert "x86/speculation: Simplify indirect_branch_prediction_barrier()"
KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods
X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
KVM/nVMX: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap
x86/speculation: Clean up various Spectre related details
PM / runtime: Update links_count also if !CONFIG_SRCU
PM: cpuidle: Fix cpuidle_poll_state_init() prototype
x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface
x86/entry/64: Merge SAVE_C_REGS and SAVE_EXTRA_REGS, remove unused extensions
x86/entry/64: Merge the POP_C_REGS and POP_EXTRA_REGS macros into a single POP_REGS macro
x86/entry/64: Interleave XOR register clearing with PUSH instructions
x86/entry/64: Introduce the PUSH_AND_CLEAN_REGS macro
x86/entry/64: Use PUSH_AND_CLEAN_REGS in more cases
x86/entry/64: Get rid of the ALLOC_PT_GPREGS_ON_STACK and SAVE_AND_CLEAR_REGS macros
x86/entry/64: Indent PUSH_AND_CLEAR_REGS and POP_REGS properly
x86/entry/64: Fix paranoid_entry() frame pointer warning
x86/entry/64: Remove the unused 'icebp' macro
selftests/x86: Fix vDSO selftest segfault for vsyscall=none
selftests/x86: Clean up and document sscanf() usage
selftests/x86/pkeys: Remove unused functions
selftests/x86: Do not rely on "int $0x80" in test_mremap_vdso.c
selftests/x86: Do not rely on "int $0x80" in single_step_syscall.c
selftests/x86: Disable tests requiring 32-bit support on pure 64-bit systems
objtool: Fix segfault in ignore_unreachable_insn()
x86/debug, objtool: Annotate WARN()-related UD2 as reachable
x86/debug: Use UD2 for WARN()
x86/speculation: Fix up array_index_nospec_mask() asm constraint
nospec: Move array_index_nospec() parameter checking into separate macro
x86/speculation: Add <asm/msr-index.h> dependency
kmemcheck: remove annotations
kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK
kmemcheck: remove whats left of NOTRACK flags
kmemcheck: rip it out
kmemcheck: rip it out for real
x86/mm: Rename flush_tlb_single() and flush_tlb_one() to __flush_tlb_one_[user|kernel]()
selftests/x86/mpx: Fix incorrect bounds with old _sigfault
x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
x86/spectre: Fix an error message
x86/cpu: Change type of x86_cache_size variable to unsigned int
x86/entry/64: Fix CR3 restore in paranoid_exit()
drm/ttm: Don't add swapped BOs to swap-LRU list
drm/ttm: Fix 'buf' pointer update in ttm_bo_vm_access_kmap() (v2)
drm/qxl: unref cursor bo when finished with it
drm/amd/powerplay: Fix smu_table_entry.handle type
drm/ast: Load lut in crtc_commit
arm64: Add missing Falkor part number for branch predictor hardening
drm/radeon: Add dpm quirk for Jet PRO (v2)
drm/radeon: adjust tested variable
rtc-opal: Fix handling of firmware error codes, prevent busy loops
mbcache: initialize entry->e_referenced in mb_cache_entry_create()
mmc: sdhci: Implement an SDHCI-specific bounce buffer
mmc: bcm2835: Don't overwrite max frequency unconditionally
Revert "mmc: meson-gx: include tx phase in the tuning process"
mlx5: fix mlx5_get_vector_affinity to start from completion vector 0
Revert "apple-gmux: lock iGP IO to protect from vgaarb changes"
jbd2: fix sphinx kernel-doc build warnings
ext4: fix a race in the ext4 shutdown path
ext4: save error to disk in __ext4_grp_locked_error()
ext4: correct documentation for grpid mount option
mm: hide a #warning for COMPILE_TEST
mm: Fix memory size alignment in devm_memremap_pages_release()
MIPS: Fix typo BIG_ENDIAN to CPU_BIG_ENDIAN
MIPS: Fix incorrect mem=X@Y handling
PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode
PCI: iproc: Fix NULL pointer dereference for BCMA
PCI: keystone: Fix interrupt-controller-node lookup
video: fbdev: atmel_lcdfb: fix display-timings lookup
console/dummy: leave .con_font_get set to NULL
rbd: whitelist RBD_FEATURE_OPERATIONS feature bit
xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests
xenbus: track caller request id
seq_file: fix incomplete reset on read from zero offset
tracing: Fix parsing of globs with a wildcard at the beginning
mpls, nospec: Sanitize array index in mpls_label_ok()
rtlwifi: rtl8821ae: Fix connection lost problem correctly
arm64: proc: Set PTE_NG for table entries to avoid traversing them twice
qxl: alloc & use shadow for dumb buffers
drm/qxl: reapply cursor after resetting primary
xprtrdma: Fix calculation of ri_max_send_sges
xprtrdma: Fix BUG after a device removal
blk-wbt: account flush requests correctly
target/iscsi: avoid NULL dereference in CHAP auth error path
iscsi-target: make sure to wake up sleeping login worker
dm: correctly handle chained bios in dec_pending()
Btrfs: fix deadlock in run_delalloc_nocow
Btrfs: fix crash due to not cleaning up tree log block's dirty bits
Btrfs: fix extent state leak from tree log
Btrfs: fix btrfs_evict_inode to handle abnormal inodes correctly
Btrfs: fix use-after-free on root->orphan_block_rsv
Btrfs: fix unexpected -EEXIST when creating new inode
9p/trans_virtio: discard zero-length reply
mtd: nand: vf610: set correct ooblayout
ALSA: hda - Fix headset mic detection problem for two Dell machines
ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
ALSA: hda/realtek - Add headset mode support for Dell laptop
ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform
ALSA: hda/realtek: PCI quirk for Fujitsu U7x7
ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204
ALSA: usb: add more device quirks for USB DSD devices
ALSA: seq: Fix racy pool initializations
mvpp2: fix multicast address filter
usb: Move USB_UHCI_BIG_ENDIAN_* out of USB_SUPPORT
x86/mm, mm/hwpoison: Don't unconditionally unmap kernel 1:1 pages
scsi: core: check for device state in __scsi_remove_target()
Bluetooth: BT_HCIUART now depends on SERIAL_DEV_BUS
ARM: dts: exynos: fix RTC interrupt for exynos5410
ARM: pxa/tosa-bt: add MODULE_LICENSE tag
arm64: dts: msm8916: Add missing #phy-cells
ARM: dts: s5pv210: add interrupt-parent for ohci
arm: dts: mt7623: Update ethsys binding
arm: dts: mt2701: Add reset-cells
ARM: dts: Delete bogus reference to the charlcd
media: r820t: fix r820t_write_reg for KASAN
mmc: sdhci-of-esdhc: disable SD clock for clock value 0
mmc: sdhci-of-esdhc: fix eMMC couldn't work after kexec
mmc: sdhci-of-esdhc: fix the mmc error after sleep on ls1046ardb
ASoC: acpi: fix machine driver selection based on quirk
ovl: hash directory inodes for fsnotify
Linux 4.14.21
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Levin, Alexander (Sasha Levin)
|
ae63fd26b2 |
kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK
commit 75f296d93bcebcfe375884ddac79e30263a31766 upstream. Convert all allocations that used a NOTRACK flag to stop using it. Link: http://lkml.kernel.org/r/20171007030159.22241-3-alexander.levin@verizon.com Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Cc: Alexander Potapenko <glider@google.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Michal Hocko <mhocko@kernel.org> Cc: Pekka Enberg <penberg@kernel.org> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Tim Hansen <devtimhansen@gmail.com> Cc: Vegard Nossum <vegardno@ifi.uio.no> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
0a91e84c5c |
This is the 4.14.20 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqHL6UACgkQONu9yGCS
aT47Lg/+Mbq1s2Vu+ZZ0Qt0fTsZeNE9GcM5tPgb0rcsoaBZUWncSCaFwI3M3RUPb
tQDrq+Fqmi/mloSuNFw1nGajWoilUB5KJOeRRXpPkS3Zzc92z8GW+12erHAiYXGt
XVK54PzIQNSeoBVJrtP+AYH7TSisj9cVJqe6Dz/GYIXY4aBA2xn1EvN/dkp/4YOX
S7w+RDS7BnNwqxpGy4l+/3m84j/IwG44kKG8RLiF1IPItK5BvlQJQDiUUDX0nLx+
1Tr2kMDN10YdrLV4dNGRZg54Va7wvmJ17ecN7F3JaIKOlJ+hvpoLndOR/mMVuj84
cixnr5ATug1RJmjrqloA95//jqecMzfn4ogATi8KiY6O7adnH0+/DcpQ14LXuRJx
WGP1S2xsvrSqqs2io0yWv+WFIhKBAE6RAa7gjMdz9I+/dy3eNMbzCS3y4q7VcYOB
xAT478ZtuZYEmseYM2lPNK51AkobO2pGC+TCBst6VQvbMN5BETdI4irj6yBOLez5
rgTVXJfogEUUhLFGNR26sytFbT1+RfEqQwe9EZlm2b/Aa5RB7MBOKSk82Jw/IQ9g
4TG0DNvakhWnJwfIHjraJ8uiB+uAGYfSRarIlle/Xb9WtNhfvhudUISlbPVHBh10
Z7rQpt52/xx0io5lg7d3VSbg/4mQQ2VYY6O5Y/6Ilqda51UVt9M=
=+7+H
-----END PGP SIGNATURE-----
Merge 4.14.20 into android-4.14
Changes in 4.14.20
watchdog: indydog: Add dependency on SGI_HAS_INDYDOG
powerpc/pseries: include linux/types.h in asm/hvcall.h
cifs: Fix missing put_xid in cifs_file_strict_mmap
cifs: Fix autonegotiate security settings mismatch
CIFS: zero sensitive data when freeing
cpufreq: mediatek: add mediatek related projects into blacklist
dmaengine: dmatest: fix container_of member in dmatest_callback
sched/wait: Fix add_wait_queue() behavioral change
watchdog: gpio_wdt: set WDOG_HW_RUNNING in gpio_wdt_stop
arm64: Define cputype macros for Falkor CPU
arm64: Add software workaround for Falkor erratum 1041
KVM MMU: check pending exception before injecting APF
sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
sched/rt: Up the root domain ref count when passing it around via IPIs
drm/i915: Add .get_hw_state() method for planes
drm/i915: Redo plane sanitation during readout
drm/i915: Fix deadlock in i830_disable_pipe()
dccp: CVE-2017-8824: use-after-free in DCCP code
media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
media: hdpvr: Fix an error handling path in hdpvr_probe()
arm64: move TASK_* definitions to <asm/processor.h>
arm64: mm: Use non-global mappings for kernel space
arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN
arm64: mm: Move ASID from TTBR0 to TTBR1
arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003
arm64: mm: Rename post_ttbr0_update_workaround
arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN
arm64: mm: Allocate ASIDs in pairs
arm64: mm: Add arm64_kernel_unmapped_at_el0 helper
arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI
arm64: entry: Add exception trampoline page for exceptions from EL0
arm64: mm: Map entry trampoline into trampoline and kernel page tables
arm64: entry: Explicitly pass exception level to kernel_ventry macro
arm64: entry: Hook up entry trampoline to exception vectors
arm64: erratum: Work around Falkor erratum #E1003 in trampoline code
arm64: cpu_errata: Add Kryo to Falkor 1003 errata
arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
arm64: entry: Add fake CPU feature for unmapping the kernel at EL0
arm64: kaslr: Put kernel vectors address in separate data page
arm64: use RET instruction for exiting the trampoline
arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
arm64: Take into account ID_AA64PFR0_EL1.CSV3
arm64: capabilities: Handle duplicate entries for a capability
arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
arm64: kpti: Fix the interaction between ASID switching and software PAN
arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs
arm64: Turn on KPTI only on CPUs that need it
arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
arm64: mm: Permit transitioning from Global to Non-Global without BBM
arm64: kpti: Add ->enable callback to remap swapper using nG mappings
arm64: Force KPTI to be disabled on Cavium ThunderX
arm64: entry: Reword comment about post_ttbr_update_workaround
arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives
arm64: barrier: Add CSDB macros to control data-value prediction
arm64: Implement array_index_mask_nospec()
arm64: Make USER_DS an inclusive limit
arm64: Use pointer masking to limit uaccess speculation
arm64: entry: Ensure branch through syscall table is bounded under speculation
arm64: uaccess: Prevent speculative use of the current addr_limit
arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user
arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user
arm64: futex: Mask __user pointers prior to dereference
arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early
arm64: Run enable method for errata work arounds on late CPUs
arm64: cpufeature: Pass capability structure to ->enable callback
drivers/firmware: Expose psci_get_version through psci_ops structure
arm64: Move post_ttbr_update_workaround to C code
arm64: Add skeleton to harden the branch predictor against aliasing attacks
arm64: Move BP hardening to check_and_switch_context
arm64: KVM: Use per-CPU vector when BP hardening is enabled
arm64: entry: Apply BP hardening for high-priority synchronous exceptions
arm64: entry: Apply BP hardening for suspicious interrupts from EL0
arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75
arm64: Implement branch predictor hardening for affected Cortex-A CPUs
arm64: Implement branch predictor hardening for Falkor
arm64: Branch predictor hardening for Cavium ThunderX2
arm64: KVM: Increment PC after handling an SMC trap
arm/arm64: KVM: Consolidate the PSCI include files
arm/arm64: KVM: Add PSCI_VERSION helper
arm/arm64: KVM: Add smccc accessors to PSCI code
arm/arm64: KVM: Implement PSCI 1.0 support
arm/arm64: KVM: Advertise SMCCC v1.1
arm64: KVM: Make PSCI_VERSION a fast path
arm/arm64: KVM: Turn kvm_psci_version into a static inline
arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
firmware/psci: Expose PSCI conduit
firmware/psci: Expose SMCCC version through psci_ops
arm/arm64: smccc: Make function identifiers an unsigned quantity
arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
arm64: Kill PSCI_GET_VERSION as a variant-2 workaround
mtd: cfi: convert inline functions to macros
mtd: nand: brcmnand: Disable prefetch by default
mtd: nand: Fix nand_do_read_oob() return value
mtd: nand: sunxi: Fix ECC strength choice
ubi: Fix race condition between ubi volume creation and udev
ubi: fastmap: Erase outdated anchor PEBs during attach
ubi: block: Fix locking for idr_alloc/idr_remove
ubifs: free the encrypted symlink target
nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE
NFS: Add a cond_resched() to nfs_commit_release_pages()
NFS: Fix nfsstat breakage due to LOOKUPP
NFS: commit direct writes even if they fail partially
NFS: reject request for id_legacy key without auxdata
NFS: Fix a race between mmap() and O_DIRECT
kernfs: fix regression in kernfs_fop_write caused by wrong type
ahci: Annotate PCI ids for mobile Intel chipsets as such
ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
ahci: Add Intel Cannon Lake PCH-H PCI ID
crypto: hash - introduce crypto_hash_alg_has_setkey()
crypto: cryptd - pass through absence of ->setkey()
crypto: mcryptd - pass through absence of ->setkey()
crypto: poly1305 - remove ->setkey() method
crypto: hash - annotate algorithms taking optional key
crypto: hash - prevent using keyed hashes without setting key
media: v4l2-ioctl.c: use check_fmt for enum/g/s/try_fmt
media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
media: v4l2-compat-ioctl32.c: fix the indentation
media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
media: v4l2-compat-ioctl32.c: avoid sizeof(type)
media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
crypto: caam - fix endless loop when DECO acquire fails
crypto: sha512-mb - initialize pending lengths correctly
arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
KVM: nVMX: Fix bug of injecting L2 exception into L1
KVM: PPC: Book3S HV: Make sure we don't re-enter guest without XIVE loaded
KVM: PPC: Book3S HV: Drop locks before reading guest memory
KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED
KVM: PPC: Book3S PR: Fix broken select due to misspelling
ASoC: rockchip: i2s: fix playback after runtime resume
ASoC: skl: Fix kernel warning due to zero NHTL entry
watchdog: imx2_wdt: restore previous timeout after suspend+resume
Btrfs: raid56: iterate raid56 internal bio with bio_for_each_segment_all
kasan: don't emit builtin calls when sanitization is off
kasan: rework Kconfig settings
media: dvb-frontends: fix i2c access helpers for KASAN
media: ts2020: avoid integer overflows on 32 bit machines
media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
fs/proc/kcore.c: use probe_kernel_read() instead of memcpy()
kernel/async.c: revert "async: simplify lowest_in_progress()"
kernel/relay.c: revert "kernel/relay.c: fix potential memory leak"
pipe: actually allow root to exceed the pipe buffer limits
pipe: fix off-by-one error when checking buffer limits
HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
Bluetooth: btsdio: Do not bind to non-removable BCM43341
Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version
ipmi: use dynamic memory for DMI driver override
signal/openrisc: Fix do_unaligned_access to send the proper signal
signal/sh: Ensure si_signo is initialized in do_divide_error
alpha: fix crash if pthread_create races with signal delivery
alpha: osf_sys.c: fix put_tv32 regression
alpha: Fix mixed up args in EXC macro in futex operations
alpha: fix reboot on Avanti platform
alpha: fix formating of stack content
xtensa: fix futex_atomic_cmpxchg_inatomic
EDAC, octeon: Fix an uninitialized variable warning
pinctrl: intel: Initialize GPIO properly when used through irqchip
pinctrl: mcp23s08: fix irq setup order
pinctrl: sx150x: Unregister the pinctrl on release
pinctrl: sx150x: Register pinctrl before adding the gpiochip
pinctrl: sx150x: Add a static gpio/pinctrl pin range mapping
pktcdvd: Fix pkt_setup_dev() error path
pktcdvd: Fix a recently introduced NULL pointer dereference
blk-mq: quiesce queue before freeing queue
clocksource/drivers/stm32: Fix kernel panic with multiple timers
lib/ubsan.c: s/missaligned/misaligned/
lib/ubsan: add type mismatch handler for new GCC/Clang
btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
objtool: Fix switch-table detection
arm64: dts: marvell: add Ethernet aliases
drm/i915: Avoid PPS HW/SW state mismatch due to rounding
ACPI: sbshc: remove raw pointer from printk() message
acpi, nfit: fix register dimm error handling
ovl: fix failure to fsync lower dir
ovl: take mnt_want_write() for removing impure xattr
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
devpts: fix error handling in devpts_mntget()
ftrace: Remove incorrect setting of glob search field
scsi: core: Ensure that the SCSI error handler gets woken up
rcu: Export init_rcu_head() and destroy_rcu_head() to GPL modules
scsi: lpfc: Fix crash after bad bar setup on driver attachment
scsi: cxlflash: Reset command ioasc
Linux 4.14.20
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Eric Biggers
|
2f00eb2790 |
crypto: hash - prevent using keyed hashes without setting key
commit 9fa68f620041be04720d0cbfb1bd3ddfc6310b24 upstream.
Currently, almost none of the keyed hash algorithms check whether a key
has been set before proceeding. Some algorithms are okay with this and
will effectively just use a key of all 0's or some other bogus default.
However, others will severely break, as demonstrated using
"hmac(sha3-512-generic)", the unkeyed use of which causes a kernel crash
via a (potentially exploitable) stack buffer overflow.
A while ago, this problem was solved for AF_ALG by pairing each hash
transform with a 'has_key' bool. However, there are still other places
in the kernel where userspace can specify an arbitrary hash algorithm by
name, and the kernel uses it as unkeyed hash without checking whether it
is really unkeyed. Examples of this include:
- KEYCTL_DH_COMPUTE, via the KDF extension
- dm-verity
- dm-crypt, via the ESSIV support
- dm-integrity, via the "internal hash" mode with no key given
- drbd (Distributed Replicated Block Device)
This bug is especially bad for KEYCTL_DH_COMPUTE as that requires no
privileges to call.
Fix the bug for all users by adding a flag CRYPTO_TFM_NEED_KEY to the
->crt_flags of each hash transform that indicates whether the transform
still needs to be keyed or not. Then, make the hash init, import, and
digest functions return -ENOKEY if the key is still needed.
The new flag also replaces the 'has_key' bool which algif_hash was
previously using, thereby simplifying the algif_hash implementation.
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Biggers
|
8d906d183b |
crypto: hash - annotate algorithms taking optional key
commit a208fa8f33031b9e0aba44c7d1b7e68eb0cbd29e upstream. We need to consistently enforce that keyed hashes cannot be used without setting the key. To do this we need a reliable way to determine whether a given hash algorithm is keyed or not. AF_ALG currently does this by checking for the presence of a ->setkey() method. However, this is actually slightly broken because the CRC-32 algorithms implement ->setkey() but can also be used without a key. (The CRC-32 "key" is not actually a cryptographic key but rather represents the initial state. If not overridden, then a default initial state is used.) Prepare to fix this by introducing a flag CRYPTO_ALG_OPTIONAL_KEY which indicates that the algorithm has a ->setkey() method, but it is not required to be called. Then set it on all the CRC-32 algorithms. The same also applies to the Adler-32 implementation in Lustre. Also, the cryptd and mcryptd templates have to pass through the flag from their underlying algorithm. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
b806c0cc4c |
crypto: poly1305 - remove ->setkey() method
commit a16e772e664b9a261424107784804cffc8894977 upstream. Since Poly1305 requires a nonce per invocation, the Linux kernel implementations of Poly1305 don't use the crypto API's keying mechanism and instead expect the key and nonce as the first 32 bytes of the data. But ->setkey() is still defined as a stub returning an error code. This prevents Poly1305 from being used through AF_ALG and will also break it completely once we start enforcing that all crypto API users (not just AF_ALG) call ->setkey() if present. Fix it by removing crypto_poly1305_setkey(), leaving ->setkey as NULL. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
16210524c4 |
crypto: mcryptd - pass through absence of ->setkey()
commit fa59b92d299f2787e6bae1ff078ee0982e80211f upstream. When the mcryptd template is used to wrap an unkeyed hash algorithm, don't install a ->setkey() method to the mcryptd instance. This change is necessary for mcryptd to keep working with unkeyed hash algorithms once we start enforcing that ->setkey() is called when present. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
ed7b0af0ca |
crypto: cryptd - pass through absence of ->setkey()
commit 841a3ff329713f796a63356fef6e2f72e4a3f6a3 upstream. When the cryptd template is used to wrap an unkeyed hash algorithm, don't install a ->setkey() method to the cryptd instance. This change is necessary for cryptd to keep working with unkeyed hash algorithms once we start enforcing that ->setkey() is called when present. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
b8b32e2e68 |
crypto: hash - introduce crypto_hash_alg_has_setkey()
commit cd6ed77ad5d223dc6299fb58f62e0f5267f7e2ba upstream. Templates that use an shash spawn can use crypto_shash_alg_has_setkey() to determine whether the underlying algorithm requires a key or not. But there was no corresponding function for ahash spawns. Add it. Note that the new function actually has to support both shash and ahash algorithms, since the ahash API can be used with either. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
fb6faf0423 |
This is the 4.14.19 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqCrbkACgkQONu9yGCS aT5xyRAAgfkFRW7sAiH5wiXmwSPE7sz/HHvhYRevUHTgODMDi19YDcy6Zjq2NMaU zsg6Bi+b11QZ77g0ctnxHDfo6snqwBkrapbO9ddnsZtWB6eTcD9o2Mhd82I5Trj6 4EQcq+fQGoPPPVvRCnuVk+HInfovgBV5DhTGxC2qX6KOrbDh0QF/43mlWf7H8eXb HJ7ot9Xpsg7AjzpCJfqQGoDFB2a/ThXMftXwcxHNWdiVqjzWXuZfwUh1gqV4afl1 x418+HUGUHvHGB6nLUCKrsewVpczLB3IQYe6+AQ1n9W/mK6IEZyDvRD7tuJ0BkMC YR5hjesKT7U6fUL1lbfPBXcHpbQLUEYeqz6S0St5MvkzmJq9TimVcNwgXwB75sQs PECdOzrojNtJuZx+n3ReocrpWQzvBQ3Xt5odE5qqvIepXj7CnRiJfg2vsTNW0A6K KNT+mdzno36Te6nDMXKiMUnH8IRjwwXk7zveI6daYN0FZE++gvoyEhOeF3bUAcpR UQYj8pgLuwFUNm22JcGHQhTudMv2z9Ulv5zsylwkU3CuS8wMTS6O4JrwX0IfOIkj c4Ta/6w+bNC63WKboAyGlwwbZy+Xll8+3NMoFx6TsEytcnowyqli1bP0kDONMXQR O5kMzZJ6elSOwZjk7Q0IZ7sdV3lKTIj4Fxh0UN4yu1JxHyDvops= =gY6O -----END PGP SIGNATURE----- Merge 4.14.19 into android-4.14 Changes in 4.14.19 .gitignore: sort normal pattern rules alphabetically .gitignore: move *.dtb and *.dtb.S patterns to the top-level .gitignore kbuild: rpm-pkg: keep spec file until make mrproper ip6mr: fix stale iterator net: igmp: add a missing rcu locking section qlcnic: fix deadlock bug qmi_wwan: Add support for Quectel EP06 r8169: fix RTL8168EP take too long to complete driver initialization. tcp: release sk_frag.page in tcp_disconnect vhost_net: stop device during reset owner Revert "defer call to mem_cgroup_sk_alloc()" net: ipv6: send unsolicited NA after DAD rocker: fix possible null pointer dereference in rocker_router_fib_event_work tcp_bbr: fix pacing_gain to always be unity when using lt_bw ipv6: Fix SO_REUSEPORT UDP socket with implicit sk_ipv6only soreuseport: fix mem leak in reuseport_add_sock() media: mtk-vcodec: add missing MODULE_LICENSE/DESCRIPTION media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE crypto: tcrypt - fix S/G table for test_aead_speed() arch: define weak abort() kernel/exit.c: export abort() to modules scsi: storvsc: missing error code in storvsc_probe() Revert "x86/alternative: Print unadorned pointers" Linux 4.14.19 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Robert Baronescu
|
3a570cfe78 |
crypto: tcrypt - fix S/G table for test_aead_speed()
commit 5c6ac1d4f8fbdbed65dbeb8cf149d736409d16a1 upstream. In case buffer length is a multiple of PAGE_SIZE, the S/G table is incorrectly generated. Fix this by handling buflen = k * PAGE_SIZE separately. Signed-off-by: Robert Baronescu <robert.baronescu@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
faeb94c01f |
This is the 4.14.17 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlp15cgACgkQONu9yGCS aT7HLRAAvNpaT9FzyWLq2w88ZY/I0jBAQeREPbdPVma/FWUPwgTwazkvPto7x3ys 11jmujbg5XDhZjlwAyJ1sGUVQrMoP2/2o069MCUz237z0ruDLpEWrbGWDoK3TjNz 84w0nuDydBpgUg5YZl9qAdaoBCsngQHa6RtN0ISHIYlSOW5F2X+LClH037bGihzx gPSL3vqjKbjMLJ+FRr4M4IFrSbhIcZAbWgU+K2g/yZ1ox+jN21dGlf2zuqCnKxNM ifqpzFu1xTJtm24Jd0S6+hQXJs4CEBsTR+4KFxIREUQFLIMEK/8DGJGNHLEKlNRv Ug6FTliLU/GPJm5ZY3a13zjvvW4+Nz5CDH8u1V0WUjgwdblUR6QOttw/fBwjJkEQ rmK+e4vOyyG0rvii3SbiMW2Keo8c2A+Q4wMJT4JbO/NdH73q+VfxgQWKfwdrlovw 1Eq15zo1MPapKAc3ELxloKyDSJQ+pFM6jtBZBAkTkGnXvBvyVZ7quqMBByxnOhS/ cQULbgVlUcOF2zZDKClyo9R/kwS6iMfHPp6IuLaBmkgL81PG8hnuxZehBj3ElC2l uQblPTrOkqiowyvZJZ4VaiSkTczuijqtgXNAqKGXkvqdhb4fQIwQSV77JoC/7BAd SbBSMJ2T86+U7rhP8y1EDCU9GPQia3yW4FQGXEDA8Jq9Tak0PMg= =83+R -----END PGP SIGNATURE----- Merge 4.14.17 into android-4.14 Changes in 4.14.17 futex: Fix OWNER_DEAD fixup loop: fix concurrent lo_open/lo_release KVM: x86: Fix CPUID function for word 6 (80000001_ECX) tools/gpio: Fix build error with musl libc gpio: stmpe: i2c transfer are forbiden in atomic context gpio: Fix kernel stack leak to userspace ALSA: hda - Reduce the suspend time consumption for ALC256 crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH crypto: aesni - handle zero length dst buffer crypto: aesni - fix typo in generic_gcmaes_decrypt crypto: gcm - add GCM IV size constant crypto: aesni - Use GCM IV size constant crypto: aesni - add wrapper for generic gcm(aes) crypto: aesni - Fix out-of-bounds access of the data buffer in generic-gcm-aesni crypto: aesni - Fix out-of-bounds access of the AAD buffer in generic-gcm-aesni crypto: inside-secure - fix hash when length is a multiple of a block crypto: inside-secure - avoid unmapping DMA memory that was not mapped crypto: sha3-generic - fixes for alignment and big endian operation crypto: af_alg - whitelist mask and type HID: wacom: EKR: ensure devres groups at higher indexes are released HID: wacom: Fix reporting of touch toggle (WACOM_HID_WD_MUTE_DEVICE) events power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE igb: Free IRQs when device is hotplugged ima/policy: fix parsing of fsuuid scsi: aacraid: Fix udev inquiry race condition scsi: aacraid: Fix hang in kdump VFS: Handle lazytime in do_mount() drm/vc4: Account for interrupts in flight btrfs: Fix transaction abort during failure in btrfs_rm_dev_item Btrfs: bail out gracefully rather than BUG_ON cpupowerutils: bench - Fix cpu online check cpupower : Fix cpupower working when cpu0 is offline KVM: nVMX/nSVM: Don't intercept #UD when running L2 KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure KVM: x86: Don't re-execute instruction when not passing CR2 value KVM: X86: Fix operand/address-size during instruction decoding KVM: nVMX: Fix mmu context after VMLAUNCH/VMRESUME failure KVM: x86: fix em_fxstor() sleeping while in atomic KVM: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race KVM: x86: ioapic: Clear Remote IRR when entry is switched to edge-triggered KVM: x86: ioapic: Preserve read-only values in the redirection table KVM: nVMX: Fix vmx_check_nested_events() return value in case an event was reinjected to L2 nvme-fabrics: introduce init command check for a queue that is not alive nvme-fc: check if queue is ready in queue_rq nvme-loop: check if queue is ready in queue_rq nvme-pci: disable APST on Samsung SSD 960 EVO + ASUS PRIME B350M-A nvme-pci: avoid hmb desc array idx out-of-bound when hmmaxd set. nvmet-fc: correct ref counting error when deferred rcv used s390/topology: fix compile error in file arch/s390/kernel/smp.c s390/zcrypt: Fix wrong comparison leading to strange load balancing ACPI / bus: Leave modalias empty for devices which are not present cpufreq: Add Loongson machine dependencies null_blk: fix dev->badblocks leak s390: fix alloc_pgste check in init_new_context again rxrpc: The mutex lock returned by rxrpc_accept_call() needs releasing rxrpc: Provide a different lockdep key for call->user_mutex for kernel calls rxrpc: Fix service endpoint expiry bcache: check return value of register_shrinker drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode drm/amdkfd: Fix SDMA ring buffer size calculation drm/amdkfd: Fix SDMA oversubsription handling uapi: fix linux/kfd_ioctl.h userspace compilation errors nvme-rdma: don't complete requests before a send work request has completed openvswitch: fix the incorrect flow action alloc size drm/rockchip: dw-mipi-dsi: fix possible un-balanced runtime PM enable mac80211: use QoS NDP for AP probing mac80211: fix the update of path metric for RANN frame btrfs: fix deadlock when writing out space cache sctp: only allow the asoc reset when the asoc outq is empty sctp: avoid flushing unsent queue when doing asoc reset sctp: set sender next_tsn for the old result with ctsn_ack_point plus 1 reiserfs: remove unneeded i_version bump KVM: X86: Fix softlockup when get the current kvmclock KVM: VMX: Fix rflags cache during vCPU reset Btrfs: fix list_add corruption and soft lockups in fsync KVM: Let KVM_SET_SIGNAL_MASK work as advertised xfs: always free inline data before resetting inode fork during ifree xfs: log recovery should replay deferred ops in order i2c: i2c-boardinfo: fix memory leaks on devinfo xen-netfront: remove warning when unloading module auxdisplay: img-ascii-lcd: Only build on archs that have IOMEM nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) nfsd: Ensure we check stateid validity in the seqid operation checks grace: replace BUG_ON by WARN_ONCE in exit_net hook nfsd: check for use of the closed special stateid race of lockd inetaddr notifiers vs nlmsvc_rqst change lockd: fix "list_add double add" caused by legacy signal interface hwmon: (pmbus) Use 64bit math for DIRECT format values quota: propagate error from __dquot_initialize net: mvpp2: fix the txq_init error path net: phy: marvell10g: fix the PHY id mask bnxt_en: Fix an error handling path in 'bnxt_get_module_eeprom()' Btrfs: incremental send, fix wrong unlink path after renaming file nvme-pci: fix NULL pointer dereference in nvme_free_host_mem() xfs: fortify xfs_alloc_buftarg error handling drm/amdgpu: don't try to move pinned BOs net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit quota: Check for register_shrinker() failure. SUNRPC: Allow connect to return EHOSTUNREACH scripts/faddr2line: extend usage on generic arch kmemleak: add scheduling point to kmemleak_scan() drm/bridge: Fix lvds-encoder since the panel_bridge rework. drm/bridge: tc358767: do no fail on hi-res displays drm/bridge: tc358767: filter out too high modes drm/bridge: tc358767: fix DP0_MISC register set drm/bridge: tc358767: fix timing calculations drm/bridge: tc358767: fix AUXDATAn registers access drm/bridge: tc358767: fix 1-lane behavior drm/omap: Fix error handling path in 'omap_dmm_probe()' drm/omap: displays: panel-dpi: add backlight dependency xfs: ubsan fixes xfs: Properly retry failed dquot items in case of error during buffer writeback perf/core: Fix memory leak triggered by perf --namespace scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg iwlwifi: mvm: fix the TX queue hang timeout for MONITOR vif type iwlwifi: fix access to prph when transport is stopped ARM: dts: NSP: Disable AHCI controller for HR NSP boards ARM: dts: NSP: Fix PPI interrupt types media: usbtv: add a new usbid x86/xen: Support early interrupts in xen pv guests usb: gadget: don't dereference g until after it has been null checked staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID drm/vc4: Move IRQ enable to PM path KVM: x86: emulate #UD while in guest mode staging: lustre: separate a connection destroy from free struct kib_conn staging: ccree: NULLify backup_info when unused staging: ccree: fix fips event irq handling build tty: fix data race between tty_init_dev and flush of buf usb: option: Add support for FS040U modem USB: serial: pl2303: new device id for Chilitag USB: cdc-acm: Do not log urb submission errors on disconnect CDC-ACM: apply quirk for card reader USB: serial: io_edgeport: fix possible sleep-in-atomic usbip: prevent bind loops on devices attached to vhci_hcd usbip: list: don't list devices attached to vhci_hcd USB: serial: simple: add Motorola Tetra driver usb: f_fs: Prevent gadget unbind if it is already unbound usb: uas: unconditionally bring back host after reset usb/gadget: Fix "high bandwidth" check in usb_gadget_ep_match_desc() ANDROID: binder: remove waitqueue when thread exits. android: binder: use VM_ALLOC to get vm area mei: me: allow runtime pm for platform with D0i3 serial: 8250_of: fix return code when probe function fails to get reset serial: 8250_uniphier: fix error return code in uniphier_uart_probe() serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS spi: imx: do not access registers while clocks disabled iio: adc: stm32: fix scan of multiple channels with DMA iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels test_firmware: fix missing unlock on error in config_num_requests_store() Input: synaptics-rmi4 - unmask F03 interrupts when port is opened Input: synaptics-rmi4 - do not delete interrupt memory too early x86/efi: Clarify that reset attack mitigation needs appropriate userspace Linux 4.14.17 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Stephan Mueller
|
f41c8a0031 |
crypto: af_alg - whitelist mask and type
commit bb30b8848c85e18ca7e371d0a869e94b3e383bdf upstream. The user space interface allows specifying the type and mask field used to allocate the cipher. Only a subset of the possible flags are intended for user space. Therefore, white-list the allowed flags. In case the user space caller uses at least one non-allowed flag, EINVAL is returned. Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Ard Biesheuvel
|
b9788e278c |
crypto: sha3-generic - fixes for alignment and big endian operation
commit c013cee99d5a18aec8c71fee8f5f41369cd12595 upstream.
Ensure that the input is byte swabbed before injecting it into the
SHA3 transform. Use the get_unaligned() accessor for this so that
we don't perform unaligned access inadvertently on architectures
that do not support that.
Fixes: 53964b9ee63b7075 ("crypto: sha3 - Add SHA-3 hash algorithm")
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Hauke Mehrtens
|
2992182765 |
crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
commit b5b9007730ce1d90deaf25d7f678511550744bdc upstream.
This fixes a typo in the CRYPTO_KPP dependency of CRYPTO_ECDH.
Fixes: 3c4b23901a0c ("crypto: ecdh - Add ECDH software support")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
9b68347c35 |
This is the 4.14.14 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlpfDSoACgkQONu9yGCS aT563hAAhqP/PoKahVzW1NiRRuLHLtLJTQZt5urQUTppfUOOHDXPt5CqyrtnJQEX LZjGnMTNonsMM4XLI7WhqF+UfPImjwghYBn9pG+0dAoa/C5unPD8qp8NHkH7BFhU w+5VJtteKYJ6OKpPD5p5pd4oYzMki3j+t20/yf8QXFzrYtG/gtEOCTrpJmBE0E6g 0m+fSvoq0wR6HTgqPE9We2fHU4yCYCzAZLhfqZlTeIf4wlFXZOheD/9GnwgeAlqx M8ak06gA0Z33xg55ZYk/eYg+rW2gzc1zdS7mSxSwKXJLSftfz5AGruy6m3xurRdJ KBzQ7oSNbzvBlR+hFmaM9RD0YIAl5+N+g1/5P5ugdWl5JHYoFBXinq8irkZfD72b 6iqtJ1BJ53iQbw5xi1wLSaK1WcRulFx/EY4euC2GjezxsMLvuAwMOCqwownl5xaz k2NkGu9qQh/ELZWW6kIw1EvVCk9cjt+8fd+ELUQyahXOD3fpzeeNVRPj70aM0AHS kqkvi6MiHxV+Y+CV/horE3NZbgu7r6FrIG1OOi/w7LnQb0Yk0fLMHoD8cUBbjUY2 xu7JtYPoCreh1Hgo427CkvC8W6oCKREtoMbFCwPtSVQcXtfrN5Risge/OqE0X9GD jFIvW6p6HWhzEpA7afpXk45q58tBnNujvmACGTl93QrTz7in71I= =k2ZH -----END PGP SIGNATURE----- Merge 4.14.14 into android-4.14 Changes in 4.14.14 dm bufio: fix shrinker scans when (nr_to_scan < retain_target) KVM: Fix stack-out-of-bounds read in write_mmio can: vxcan: improve handling of missing peer name attribute can: gs_usb: fix return value of the "set_bittiming" callback IB/srpt: Disable RDMA access by the initiator IB/srpt: Fix ACL lookup during login MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task MIPS: Factor out NT_PRFPREG regset access helpers MIPS: Guard against any partial write attempt with PTRACE_SETREGSET MIPS: Consistently handle buffer counter with PTRACE_SETREGSET MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC kvm: vmx: Scrub hardware GPRs at VM-exit platform/x86: wmi: Call acpi_wmi_init() later iw_cxgb4: only call the cq comp_handler when the cq is armed iw_cxgb4: atomically flush the qp iw_cxgb4: only clear the ARMED bit if a notification is needed iw_cxgb4: reflect the original WR opcode in drain cqes iw_cxgb4: when flushing, complete all wrs in a chain x86/acpi: Handle SCI interrupts above legacy space gracefully ALSA: pcm: Remove incorrect snd_BUG_ON() usages ALSA: pcm: Workaround for weird PulseAudio behavior on rewind error ALSA: pcm: Add missing error checks in OSS emulation plugin builder ALSA: pcm: Abort properly at pending signal in OSS read/write loops ALSA: pcm: Allow aborting mutex lock at OSS read/write loops ALSA: aloop: Release cable upon open error path ALSA: aloop: Fix inconsistent format due to incomplete rule ALSA: aloop: Fix racy hw constraints adjustment x86/acpi: Reduce code duplication in mp_override_legacy_irq() 8021q: fix a memory leak for VLAN 0 device ip6_tunnel: disable dst caching if tunnel is dual-stack net: core: fix module type in sock_diag_bind phylink: ensure we report link down when LOS asserted RDS: Heap OOB write in rds_message_alloc_sgs() RDS: null pointer dereference in rds_atomic_free_op net: fec: restore dev_id in the cases of probe error net: fec: defer probe if regulator is not ready net: fec: free/restore resource in related probe error pathes sctp: do not retransmit upon FragNeeded if PMTU discovery is disabled sctp: fix the handling of ICMP Frag Needed for too small MTUs sh_eth: fix TSU resource handling net: stmmac: enable EEE in MII, GMII or RGMII only sh_eth: fix SH7757 GEther initialization ipv6: fix possible mem leaks in ipv6_make_skb() ethtool: do not print warning for applications using legacy API mlxsw: spectrum_router: Fix NULL pointer deref net/sched: Fix update of lastuse in act modules implementing stats_update ipv6: sr: fix TLVs not being copied using setsockopt mlxsw: spectrum: Relax sanity checks during enslavement sfp: fix sfp-bus oops when removing socket/upstream membarrier: Disable preemption when calling smp_call_function_many() crypto: algapi - fix NULL dereference in crypto_remove_spawns() mmc: renesas_sdhi: Add MODULE_LICENSE rbd: reacquire lock should update lock owner client id rbd: set max_segments to USHRT_MAX iwlwifi: pcie: fix DMA memory mapping / unmapping x86/microcode/intel: Extend BDW late-loading with a revision check KVM: x86: Add memory barrier on vmcs field lookup KVM: PPC: Book3S PR: Fix WIMG handling under pHyp KVM: PPC: Book3S HV: Drop prepare_done from struct kvm_resize_hpt KVM: PPC: Book3S HV: Fix use after free in case of multiple resize requests KVM: PPC: Book3S HV: Always flush TLB in kvmppc_alloc_reset_hpt() drm/vmwgfx: Don't cache framebuffer maps drm/vmwgfx: Potential off by one in vmw_view_add() drm/i915/gvt: Clear the shadow page table entry after post-sync drm/i915: Whitelist SLICE_COMMON_ECO_CHICKEN1 on Geminilake. drm/i915: Move init_clock_gating() back to where it was drm/i915: Fix init_clock_gating for resume bpf: prevent out-of-bounds speculation bpf, array: fix overflow in max_entries and undefined behavior in index_mask bpf: arsh is not supported in 32 bit alu thus reject it USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ USB: serial: cp210x: add new device ID ELV ALC 8xxx usb: misc: usb3503: make sure reset is low for at least 100us USB: fix usbmon BUG trigger USB: UDC core: fix double-free in usb_add_gadget_udc_release usbip: remove kernel addresses from usb device and urb debug msgs usbip: fix vudc_rx: harden CMD_SUBMIT path to handle malicious input usbip: vudc_tx: fix v_send_ret_submit() vulnerability to null xfer buffer staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl Bluetooth: Prevent stack info leak from the EFS element. uas: ignore UAS for Norelsys NS1068(X) chips mux: core: fix double get_device() kdump: write correct address of mem_section into vmcoreinfo apparmor: fix ptrace label match when matching stacked labels e1000e: Fix e1000_check_for_copper_link_ich8lan return value. x86/pti: Unbreak EFI old_memmap x86/Documentation: Add PTI description x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] sysfs/cpu: Add vulnerability folder x86/cpu: Implement CPU vulnerabilites sysfs functions x86/tboot: Unbreak tboot with PTI enabled x86/mm/pti: Remove dead logic in pti_user_pagetable_walk*() x86/cpu/AMD: Make LFENCE a serializing instruction x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC sysfs/cpu: Fix typos in vulnerability documentation x86/alternatives: Fix optimize_nops() checking x86/pti: Make unpoison of pgd for trusted boot work for real objtool: Detect jumps to retpoline thunks objtool: Allow alternatives to be ignored x86/retpoline: Add initial retpoline support x86/spectre: Add boot time option to select Spectre v2 mitigation x86/retpoline/crypto: Convert crypto assembler indirect jumps x86/retpoline/entry: Convert entry assembler indirect jumps x86/retpoline/ftrace: Convert ftrace assembler indirect jumps x86/retpoline/hyperv: Convert assembler indirect jumps x86/retpoline/xen: Convert Xen hypercall indirect jumps x86/retpoline/checksum32: Convert assembler indirect jumps x86/retpoline/irq32: Convert assembler indirect jumps x86/retpoline: Fill return stack buffer on vmexit selftests/x86: Add test_vsyscall x86/pti: Fix !PCID and sanitize defines security/Kconfig: Correct the Documentation reference for PTI x86,perf: Disable intel_bts when PTI x86/retpoline: Remove compile time warning Linux 4.14.14 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Biggers
|
3662493dbd |
crypto: algapi - fix NULL dereference in crypto_remove_spawns()
commit 9a00674213a3f00394f4e3221b88f2d21fc05789 upstream. syzkaller triggered a NULL pointer dereference in crypto_remove_spawns() via a program that repeatedly and concurrently requests AEADs "authenc(cmac(des3_ede-asm),pcbc-aes-aesni)" and hashes "cmac(des3_ede)" through AF_ALG, where the hashes are requested as "untested" (CRYPTO_ALG_TESTED is set in ->salg_mask but clear in ->salg_feat; this causes the template to be instantiated for every request). Although AF_ALG users really shouldn't be able to request an "untested" algorithm, the NULL pointer dereference is actually caused by a longstanding race condition where crypto_remove_spawns() can encounter an instance which has had spawn(s) "grabbed" but hasn't yet been registered, resulting in ->cra_users still being NULL. We probably should properly initialize ->cra_users earlier, but that would require updating many templates individually. For now just fix the bug in a simple way that can easily be backported: make crypto_remove_spawns() treat a NULL ->cra_users list as empty. Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Jaegeuk Kim
|
a53dc75af2 |
fscrypt: updates on 4.15-rc4
Cherry-picked from origin/upstream-f2fs-stable-linux-4.14.y: 9d468a2b52d1 Revert "locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE()" 13b237d115a5 fscrypt: move to generic async completion a2985b1c98e5 crypto: introduce crypto wait for async op 4bb665c7e388 locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE() 249c90416bcf fscrypt: new helper function - fscrypt_prepare_setattr() 91d09c052132 fscrypt: new helper function - fscrypt_prepare_lookup() 9a24d618cb8a fscrypt: new helper function - fscrypt_prepare_rename() 4bd6179f5211 fscrypt: new helper function - fscrypt_prepare_link() b811faac6371 fscrypt: new helper function - fscrypt_file_open() e9f57e3771ba fscrypt: new helper function - fscrypt_require_key() b31ee2e1280e fscrypt: remove unneeded empty fscrypt_operations structs 82cbed4cdc5e fscrypt: remove ->is_encrypted() 2edb5df148b3 fscrypt: switch from ->is_encrypted() to IS_ENCRYPTED() cde1fbb02dbf fs, fscrypt: add an S_ENCRYPTED inode flag 8ec05db2542c fscrypt: clean up include file mess Change-Id: I8980613b8d5ffedf72ef2c91e1ae2eebb521ae19 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com> |
||
|
Eric Biggers
|
7156c794b8 |
crypto: pcrypt - fix freeing pcrypt instances
commit d76c68109f37cb85b243a1cf0f40313afd2bae68 upstream.
pcrypt is using the old way of freeing instances, where the ->free()
method specified in the 'struct crypto_template' is passed a pointer to
the 'struct crypto_instance'. But the crypto_instance is being
kfree()'d directly, which is incorrect because the memory was actually
allocated as an aead_instance, which contains the crypto_instance at a
nonzero offset. Thus, the wrong pointer was being kfree()'d.
Fix it by switching to the new way to free aead_instance's where the
->free() method is specified in the aead_instance itself.
Reported-by: syzbot <syzkaller@googlegroups.com>
Fixes: 0496f56065e0 ("crypto: pcrypt - Add support for new AEAD interface")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Biggers
|
9c36498f74 |
crypto: chacha20poly1305 - validate the digest size
commit e57121d08c38dabec15cf3e1e2ad46721af30cae upstream.
If the rfc7539 template was instantiated with a hash algorithm with
digest size larger than 16 bytes (POLY1305_DIGEST_SIZE), then the digest
overran the 'tag' buffer in 'struct chachapoly_req_ctx', corrupting the
subsequent memory, including 'cryptlen'. This caused a crash during
crypto_skcipher_decrypt().
Fix it by, when instantiating the template, requiring that the
underlying hash algorithm has the digest size expected for Poly1305.
Reproducer:
#include <linux/if_alg.h>
#include <sys/socket.h>
#include <unistd.h>
int main()
{
int algfd, reqfd;
struct sockaddr_alg addr = {
.salg_type = "aead",
.salg_name = "rfc7539(chacha20,sha256)",
};
unsigned char buf[32] = { 0 };
algfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(algfd, (void *)&addr, sizeof(addr));
setsockopt(algfd, SOL_ALG, ALG_SET_KEY, buf, sizeof(buf));
reqfd = accept(algfd, 0, 0);
write(reqfd, buf, 16);
read(reqfd, buf, 16);
}
Reported-by: syzbot <syzkaller@googlegroups.com>
Fixes: 71ebc4d1b27d ("crypto: chacha20poly1305 - Add a ChaCha20-Poly1305 AEAD construction, RFC7539")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Stephan Mueller
|
f09fca41e2 |
crypto: af_alg - fix race accessing cipher request
commit d53c5135792319e095bb126bc43b2ee98586f7fe upstream.
When invoking an asynchronous cipher operation, the invocation of the
callback may be performed before the subsequent operations in the
initial code path are invoked. The callback deletes the cipher request
data structure which implies that after the invocation of the
asynchronous cipher operation, this data structure must not be accessed
any more.
The setting of the return code size with the request data structure must
therefore be moved before the invocation of the asynchronous cipher
operation.
Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management")
Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Acked-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Stephan Mueller
|
c692698ebe |
crypto: af_alg - wait for data at beginning of recvmsg
commit 11edb555966ed2c66c533d17c604f9d7e580a829 upstream.
The wait for data is a non-atomic operation that can sleep and therefore
potentially release the socket lock. The release of the socket lock
allows another thread to modify the context data structure. The waiting
operation for new data therefore must be called at the beginning of
recvmsg. This prevents a race condition where checks of the members of
the context data structure are performed by recvmsg while there is a
potential for modification of these values.
Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management")
Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Sebastian Andrzej Siewior
|
88990591f0 |
crypto: mcryptd - protect the per-CPU queue with a lock
commit 9abffc6f2efe46c3564c04312e52e07622d40e51 upstream. mcryptd_enqueue_request() grabs the per-CPU queue struct and protects access to it with disabled preemption. Then it schedules a worker on the same CPU. The worker in mcryptd_queue_worker() guards access to the same per-CPU variable with disabled preemption. If we take CPU-hotplug into account then it is possible that between queue_work_on() and the actual invocation of the worker the CPU goes down and the worker will be scheduled on _another_ CPU. And here the preempt_disable() protection does not work anymore. The easiest thing is to add a spin_lock() to guard access to the list. Another detail: mcryptd_queue_worker() is not processing more than MCRYPTD_BATCH invocation in a row. If there are still items left, then it will invoke queue_work() to proceed with more later. *I* would suggest to simply drop that check because it does not use a system workqueue and the workqueue is already marked as "CPU_INTENSIVE". And if preemption is required then the scheduler should do it. However if queue_work() is used then the work item is marked as CPU unbound. That means it will try to run on the local CPU but it may run on another CPU as well. Especially with CONFIG_DEBUG_WQ_FORCE_RR_CPU=y. Again, the preempt_disable() won't work here but lock which was introduced will help. In order to keep work-item on the local CPU (and avoid RR) I changed it to queue_work_on(). Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
29082870f5 |
crypto: skcipher - set walk.iv for zero-length inputs
commit 2b4f27c36bcd46e820ddb9a8e6fe6a63fa4250b8 upstream.
All the ChaCha20 algorithms as well as the ARM bit-sliced AES-XTS
algorithms call skcipher_walk_virt(), then access the IV (walk.iv)
before checking whether any bytes need to be processed (walk.nbytes).
But if the input is empty, then skcipher_walk_virt() doesn't set the IV,
and the algorithms crash trying to use the uninitialized IV pointer.
Fix it by setting the IV earlier in skcipher_walk_virt(). Also fix it
for the AEAD walk functions.
This isn't a perfect solution because we can't actually align the IV to
->cra_alignmask unless there are bytes to process, for one because the
temporary buffer for the aligned IV is freed by skcipher_walk_done(),
which is only called when there are bytes to process. Thus, algorithms
that require aligned IVs will still need to avoid accessing the IV when
walk.nbytes == 0. Still, many algorithms/architectures are fine with
IVs having any alignment, and even for those that aren't, a misaligned
pointer bug is much less severe than an uninitialized pointer bug.
This change also matches the behavior of the older blkcipher_walk API.
Fixes: 0cabf2af6f5a ("crypto: skcipher - Fix crash on zero-length input")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Christophe Jaillet
|
bd51398957 |
crypto: lrw - Fix an error handling path in 'create()'
[ Upstream commit 616129cc6e75fb4da6681c16c981fa82dfe5e4c7 ]
All error handling paths 'goto err_drop_spawn' except this one.
In order to avoid some resources leak, we should do it as well here.
Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Robert Baronescu
|
6479a108b3 |
crypto: tcrypt - fix buffer lengths in test_aead_speed()
[ Upstream commit 7aacbfcb331ceff3ac43096d563a1f93ed46e35e ] Fix the way the length of the buffers used for encryption / decryption are computed. For e.g. in case of encryption, input buffer does not contain an authentication tag. Signed-off-by: Robert Baronescu <robert.baronescu@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
cf1048e46d |
crypto: af_alg - fix NULL pointer dereference in
commit 887207ed9e5812ed9239b6d07185a2d35dda91db upstream.
af_alg_free_areq_sgls()
If allocating the ->tsgl member of 'struct af_alg_async_req' failed,
during cleanup we dereferenced the NULL ->tsgl pointer in
af_alg_free_areq_sgls(), because ->tsgl_entries was nonzero.
Fix it by only freeing the ->tsgl list if it is non-NULL.
This affected both algif_skcipher and algif_aead.
Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management")
Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|