Eric Lee / smarc-fsl-linux-kernel

03 Jul, 2015

1 commit

  • 9d86b4128   Merge tag 'module-implicit-v4.1-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux ... Browse Code »

    Pull implicit module.h fixes from Paul Gortmaker:
    "Fix up implicit users that will break later.

    The files changed here are simply modular source files that are
    implicitly relying on being present. We fix them up now,
    so that we can decouple some of the module related init code from the
    core init code in the future.

    The addition of the module.h include to several files here is also a
    no-op from a code generation point of view, else there would already
    be compile issues with these files today.

    There may be lots more implicit includes of in tree, but
    these are the ones that extensive build test coverage has shown that
    must be fixed in order to avoid build breakage fallout for the pending
    module.h init.h code relocation we desire to complete"

    * tag 'module-implicit-v4.1-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux:
    frv: add module.h to mb93090-mb00/flash.c to avoid compile fail
    drivers/cpufreq: include for modular exynos-cpufreq.c code
    drivers/staging: include for modular android tegra_ion code
    crypto/asymmetric_keys: pkcs7_key_type needs module.h
    sh: mach-highlander/psw.c is tristate and should use module.h
    drivers/regulator: include for modular max77802 code
    drivers/pcmcia: include for modular xxs1500_ss code
    drivers/hsi: include for modular omap_ssi code
    drivers/gpu: include for modular rockchip code
    drivers/gpio: include for modular crystalcove code
    drivers/clk: include for clk-max77xxx modular code

    Linus Torvalds
     

28 Jun, 2015

1 commit

  • e22619a29   Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security ... Browse Code »

    Pull security subsystem updates from James Morris:
    "The main change in this kernel is Casey's generalized LSM stacking
    work, which removes the hard-coding of Capabilities and Yama stacking,
    allowing multiple arbitrary "small" LSMs to be stacked with a default
    monolithic module (e.g. SELinux, Smack, AppArmor).

    See
    https://lwn.net/Articles/636056/

    This will allow smaller, simpler LSMs to be incorporated into the
    mainline kernel and arbitrarily stacked by users. Also, this is a
    useful cleanup of the LSM code in its own right"

    * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (38 commits)
    tpm, tpm_crb: fix le64_to_cpu conversions in crb_acpi_add()
    vTPM: set virtual device before passing to ibmvtpm_reset_crq
    tpm_ibmvtpm: remove unneccessary message level.
    ima: update builtin policies
    ima: extend "mask" policy matching support
    ima: add support for new "euid" policy condition
    ima: fix ima_show_template_data_ascii()
    Smack: freeing an error pointer in smk_write_revoke_subj()
    selinux: fix setting of security labels on NFS
    selinux: Remove unused permission definitions
    selinux: enable genfscon labeling for sysfs and pstore files
    selinux: enable per-file labeling for debugfs files.
    selinux: update netlink socket classes
    signals: don't abuse __flush_signals() in selinux_bprm_committed_creds()
    selinux: Print 'sclass' as string when unrecognized netlink message occurs
    Smack: allow multiple labels in onlycap
    Smack: fix seq operations in smackfs
    ima: pass iint to ima_add_violation()
    ima: wrap event related data to the new ima_event_data structure
    integrity: add validity checks for 'path' parameter
    ...

    Linus Torvalds
     

25 Jun, 2015

7 commits

  • 44a17ef87   crypto: rsa - add .gitignore for crypto/*.-asn1.[ch] files ... Browse Code »

    There are two generated files: crypto/rsakey-asn1.c and crypto/raskey-asn1.h,
    after the cfc2bb32b31371d6bffc6bf2da3548f20ad48c83 commit. Let's add
    .gitignore to ignore *-asn1.[ch] files.

    Signed-off-by: Alexander Kuleshov
    Signed-off-by: Herbert Xu

    Alexander Kuleshov
     
  • 2cdcc357c   crypto: asymmetric_keys/rsa - Use non-conflicting variable name ... Browse Code »

    arm64:allmodconfig fails to build as follows.

    In file included from include/acpi/platform/aclinux.h:74:0,
    from include/acpi/platform/acenv.h:173,
    from include/acpi/acpi.h:56,
    from include/linux/acpi.h:37,
    from ./arch/arm64/include/asm/dma-mapping.h:21,
    from include/linux/dma-mapping.h:86,
    from include/linux/skbuff.h:34,
    from include/crypto/algapi.h:18,
    from crypto/asymmetric_keys/rsa.c:16:
    include/linux/ctype.h:15:12: error: expected ‘;’, ‘,’ or ‘)’
    before numeric constant
    #define _X 0x40 /* hex digit */
    ^
    crypto/asymmetric_keys/rsa.c:123:47: note: in expansion of macro ‘_X’
    static int RSA_I2OSP(MPI x, size_t xLen, u8 **_X)
    ^
    crypto/asymmetric_keys/rsa.c: In function ‘RSA_verify_signature’:
    crypto/asymmetric_keys/rsa.c:256:2: error:
    implicit declaration of function ‘RSA_I2OSP’

    The problem is caused by an unrelated include file change, resulting in
    the inclusion of ctype.h on arm64. This in turn causes the local variable
    _X to conflict with macro _X used in ctype.h.

    Fixes: b6197b93fa4b ("arm64 : Introduce support for ACPI _CCA object")
    Cc: Suthikulpanit, Suravee
    Signed-off-by: Guenter Roeck
    Signed-off-by: Herbert Xu

    Guenter Roeck
     
  • 9d77b6c2a   crypto: testmgr - don't print info about missing test for gcm-aes-aesni ... Browse Code »

    Don't print info about missing test for the internal
    helper __driver-gcm-aes-aesni

    changes in v2:
    - marked test as fips allowed

    Signed-off-by: Tadeusz Struk
    Signed-off-by: Herbert Xu

    Tadeusz Struk
     
  • cea0a3c30   crypto: jitterentropy - Delete unnecessary checks before the function call "kzfree" ... Browse Code »

    The kzfree() function tests whether its argument is NULL and then
    returns immediately. Thus the test around the call is not needed.

    This issue was detected by using the Coccinelle software.

    Signed-off-by: Markus Elfring
    Signed-off-by: Herbert Xu

    Markus Elfring
     
  • 338a9de03   crypto: akcipher - fix spelling cihper -> cipher ... Browse Code »

    Signed-off-by: Tadeusz Struk
    Signed-off-by: Herbert Xu

    Tadeusz Struk
     
  • dfc9fa919   crypto: jitterentropy - avoid compiler warnings ... Browse Code »

    The core of the Jitter RNG is intended to be compiled with -O0. To
    ensure that the Jitter RNG can be compiled on all architectures,
    separate out the RNG core into a stand-alone C file that can be compiled
    with -O0 which does not depend on any kernel include file.

    As no kernel includes can be used in the C file implementing the core
    RNG, any dependencies on kernel code must be extracted.

    A second file provides the link to the kernel and the kernel crypto API
    that can be compiled with the regular compile options of the kernel.

    Signed-off-by: Stephan Mueller
    Signed-off-by: Herbert Xu

    Stephan Mueller
     
  • e0456717e   Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next ... Browse Code »

    Pull networking updates from David Miller:

    1) Add TX fast path in mac80211, from Johannes Berg.

    2) Add TSO/GRO support to ibmveth, from Thomas Falcon

    3) Move away from cached routes in ipv6, just like ipv4, from Martin
    KaFai Lau.

    4) Lots of new rhashtable tests, from Thomas Graf.

    5) Run ingress qdisc lockless, from Alexei Starovoitov.

    6) Allow servers to fetch TCP packet headers for SYN packets of new
    connections, for fingerprinting. From Eric Dumazet.

    7) Add mode parameter to pktgen, for testing receive. From Alexei
    Starovoitov.

    8) Cache access optimizations via simplifications of build_skb(), from
    Alexander Duyck.

    9) Move page frag allocator under mm/, also from Alexander.

    10) Add xmit_more support to hv_netvsc, from KY Srinivasan.

    11) Add a counter guard in case we try to perform endless reclassify
    loops in the packet scheduler.

    12) Extern flow dissector to be programmable and use it in new "Flower"
    classifier. From Jiri Pirko.

    13) AF_PACKET fanout rollover fixes, performance improvements, and new
    statistics. From Willem de Bruijn.

    14) Add netdev driver for GENEVE tunnels, from John W Linville.

    15) Add ingress netfilter hooks and filtering, from Pablo Neira Ayuso.

    16) Fix handling of epoll edge triggers in TCP, from Eric Dumazet.

    17) Add an ECN retry fallback for the initial TCP handshake, from Daniel
    Borkmann.

    18) Add tail call support to BPF, from Alexei Starovoitov.

    19) Add several pktgen helper scripts, from Jesper Dangaard Brouer.

    20) Add zerocopy support to AF_UNIX, from Hannes Frederic Sowa.

    21) Favor even port numbers for allocation to connect() requests, and
    odd port numbers for bind(0), in an effort to help avoid
    ip_local_port_range exhaustion. From Eric Dumazet.

    22) Add Cavium ThunderX driver, from Sunil Goutham.

    23) Allow bpf programs to access skb_iif and dev->ifindex SKB metadata,
    from Alexei Starovoitov.

    24) Add support for T6 chips in cxgb4vf driver, from Hariprasad Shenai.

    25) Double TCP Small Queues default to 256K to accomodate situations
    like the XEN driver and wireless aggregation. From Wei Liu.

    26) Add more entropy inputs to flow dissector, from Tom Herbert.

    27) Add CDG congestion control algorithm to TCP, from Kenneth Klette
    Jonassen.

    28) Convert ipset over to RCU locking, from Jozsef Kadlecsik.

    29) Track and act upon link status of ipv4 route nexthops, from Andy
    Gospodarek.

    * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1670 commits)
    bridge: vlan: flush the dynamically learned entries on port vlan delete
    bridge: multicast: add a comment to br_port_state_selection about blocking state
    net: inet_diag: export IPV6_V6ONLY sockopt
    stmmac: troubleshoot unexpected bits in des0 & des1
    net: ipv4 sysctl option to ignore routes when nexthop link is down
    net: track link-status of ipv4 nexthops
    net: switchdev: ignore unsupported bridge flags
    net: Cavium: Fix MAC address setting in shutdown state
    drivers: net: xgene: fix for ACPI support without ACPI
    ip: report the original address of ICMP messages
    net/mlx5e: Prefetch skb data on RX
    net/mlx5e: Pop cq outside mlx5e_get_cqe
    net/mlx5e: Remove mlx5e_cq.sqrq back-pointer
    net/mlx5e: Remove extra spaces
    net/mlx5e: Avoid TX CQE generation if more xmit packets expected
    net/mlx5e: Avoid redundant dev_kfree_skb() upon NOP completion
    net/mlx5e: Remove re-assignment of wq type in mlx5e_enable_rq()
    net/mlx5e: Use skb_shinfo(skb)->gso_segs rather than counting them
    net/mlx5e: Static mapping of netdev priv resources to/from netdev TX queues
    net/mlx4_en: Use HW counters for rx/tx bytes/packets in PF device
    ...

    Linus Torvalds
     

22 Jun, 2015

9 commits

  • 3e90950d3   crypto: algif_aead - Temporarily disable all AEAD algorithms ... Browse Code »

    As the AEAD conversion is still ongoing, we do not yet wish to
    export legacy AEAD implementations to user-space, as their calling
    convention will change.

    This patch actually disables all AEAD algorithms because some of
    them (e.g., cryptd) will need to be modified to propagate this flag.

    Subsequent patches will reenable them on an individual basis.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • 15539de5c   crypto: af_alg - Forbid the use internal algorithms ... Browse Code »

    The bit CRYPTO_ALG_INTERNAL was added to stop af_alg from accessing
    internal algorithms. However, af_alg itself was never modified to
    actually stop that bit from being used by the user. Therefore the
    user could always override it by specifying the relevant bit in the
    type and/or mask.

    This patch silently discards the bit in both type and mask.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • 9fcc704df   crypto: echainiv - Only hold RNG during initialisation ... Browse Code »

    This patch changes the RNG allocation so that we only hold a
    reference to the RNG during initialisation.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • eeee12aa3   crypto: seqiv - Add compatibility support without RNG ... Browse Code »

    When seqiv is used in compatibility mode, this patch allows it
    to function even when an RNG Is not available. It also changes
    the RNG allocation for the new explicit seqiv interface so that
    we only hold a reference to the RNG during initialisation.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • 055906d1e   crypto: eseqiv - Offer normal cipher functionality without RNG ... Browse Code »

    The RNG may not be available during early boot, e.g., the relevant
    modules may not be included in the initramfs. As the RNG Is only
    needed for IPsec, we should not let this prevent use of ciphers
    without IV generators, e.g., for disk encryption.

    This patch postpones the RNG allocation to the init function so
    that one failure during early boot does not make the RNG unavailable
    for all subsequent users of the same cipher.

    More importantly, it lets the cipher live even if RNG allocation
    fails. Of course we no longer offer IV generation and which will
    fail with an error if invoked. But all other cipher capabilities
    will function as usual.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • 341476d6c   crypto: chainiv - Offer normal cipher functionality without RNG ... Browse Code »

    The RNG may not be available during early boot, e.g., the relevant
    modules may not be included in the initramfs. As the RNG Is only
    needed for IPsec, we should not let this prevent use of ciphers
    without IV generators, e.g., for disk encryption.

    This patch postpones the RNG allocation to the init function so
    that one failure during early boot does not make the RNG unavailable
    for all subsequent users of the same cipher.

    More importantly, it lets the cipher live even if RNG allocation
    fails. Of course we no longer offer IV generation and which will
    fail with an error if invoked. But all other cipher capabilities
    will function as usual.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • 9aa867e46   crypto: user - Add CRYPTO_MSG_DELRNG ... Browse Code »

    This patch adds a new crypto_user command that allows the admin to
    delete the crypto system RNG. Note that this can only be done if
    the RNG is currently not in use. The next time it is used a new
    system RNG will be allocated.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • 7cecadb7c   crypto: rng - Do not free default RNG when it becomes unused ... Browse Code »

    Currently we free the default RNG when its use count hits zero.
    This was OK when the IV generators would latch onto the RNG at
    instance creation time and keep it until the instance is torn
    down.

    Now that IV generators only keep the RNG reference during init
    time this scheme causes the default RNG to come and go at a high
    frequencey. This is highly undesirable as we want to keep a single
    RNG in use unless the admin wants it to be removed.

    This patch changes the scheme so that the system RNG once allocated
    is never removed unless a specifically requested.

    Signed-off-by: Herbert Xu

    Herbert Xu
     
  • 21dbd96f2   crypto: skcipher - Allow givencrypt to be NULL ... Browse Code »

    Currently for skcipher IV generators they must provide givencrypt
    as that is the whole point. We are currently replacing skcipher
    IV generators with explicit IV generators. In order to maintain
    backwards compatibility, we need to allow the IV generators to
    still function as a normal skcipher when the RNG Is not present
    (e.g., in the initramfs during boot). IOW everything but givencrypt
    and givdecrypt will still work but those two will fail.

    Therefore this patch assigns a default givencrypt that simply
    returns an error should it be NULL.

    Signed-off-by: Herbert Xu

    Herbert Xu
     

21 Jun, 2015

1 commit

19 Jun, 2015

1 commit

18 Jun, 2015

2 commits

17 Jun, 2015

10 commits

11 Jun, 2015

2 commits

10 Jun, 2015

2 commits

  • 42ea507fa   crypto: drbg - reseed often if seedsource is degraded ... Browse Code »

    As required by SP800-90A, the DRBG implements are reseeding threshold.
    This threshold is at 2**48 (64 bit) and 2**32 bit (32 bit) as
    implemented in drbg_max_requests.

    With the recently introduced changes, the DRBG is now always used as a
    stdrng which is initialized very early in the boot cycle. To ensure that
    sufficient entropy is present, the Jitter RNG is added to even provide
    entropy at early boot time.

    However, the 2nd seed source, the nonblocking pool, is usually
    degraded at that time. Therefore, the DRBG is seeded with the Jitter RNG
    (which I believe contains good entropy, which however is questioned by
    others) and is seeded with a degradded nonblocking pool. This seed is
    now used for quasi the lifetime of the system (2**48 requests is a lot).

    The patch now changes the reseed threshold as follows: up until the time
    the DRBG obtains a seed from a fully iniitialized nonblocking pool, the
    reseeding threshold is lowered such that the DRBG is forced to reseed
    itself resonably often. Once it obtains the seed from a fully
    initialized nonblocking pool, the reseed threshold is set to the value
    required by SP800-90A.

    Signed-off-by: Stephan Mueller
    Signed-off-by: Herbert Xu

    Stephan Mueller
     
  • 57225e679   crypto: drbg - Use callback API for random readiness ... Browse Code »

    The get_blocking_random_bytes API is broken because the wait can
    be arbitrarily long (potentially forever) so there is no safe way
    of calling it from within the kernel.

    This patch replaces it with the new callback API which does not
    have this problem.

    The patch also removes the entropy buffer registered with the DRBG
    handle in favor of stack variables to hold the seed data.

    Signed-off-by: Stephan Mueller
    Signed-off-by: Herbert Xu

    Stephan Mueller
     

09 Jun, 2015

2 commits

04 Jun, 2015

2 commits