1. 24 Apr, 2017 5 commits
    • Mikulas Patocka's avatar
      dm crypt: fix large block integrity support · 583fe747
      Mikulas Patocka authored
      Previously, dm-crypt could use blocks composed of multiple 512b sectors
      but it created integrity profile for each 512b sector (it padded it with
      zeroes).  Fix dm-crypt so that the integrity profile is sent for each
      block not each sector.
      
      The user must use the same block size in the DM crypt and integrity
      targets.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      583fe747
    • Mikulas Patocka's avatar
      dm integrity: support larger block sizes · 9d609f85
      Mikulas Patocka authored
      The DM integrity block size can now be 512, 1k, 2k or 4k.  Using larger
      blocks reduces metadata handling overhead.  The block size can be
      configured at table load time using the "block_size:<value>" option;
      where <value> is expressed in bytes (defult is still 512 bytes).
      
      It is safe to use larger block sizes with DM integrity, because the
      DM integrity journal makes sure that the whole block is updated
      atomically even if the underlying device doesn't support atomic writes
      of that size (e.g. 4k block ontop of a 512b device).
      
      Depends-on: 2859323e ("block: fix blk_integrity_register to use template's interval_exp if not 0")
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      9d609f85
    • Mikulas Patocka's avatar
      dm integrity: various small changes and cleanups · 56b67a4f
      Mikulas Patocka authored
      Some coding style changes.
      
      Fix a bug that the array test_tag has insufficient size if the digest
      size of internal has is bigger than the tag size.
      
      The function __fls is undefined for zero argument, this patch fixes
      undefined behavior if the user sets zero interleave_sectors.
      
      Fix the limit of optional arguments to 8.
      
      Don't allocate crypt_data on the stack to avoid a BUG with debug kernel.
      
      Rename all optional argument names to have underscores rather than
      dashes.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      56b67a4f
    • Mikulas Patocka's avatar
      dm: mark targets that pass integrity data · e2460f2a
      Mikulas Patocka authored
      A dm-crypt on dm-integrity device incorrectly advertises an integrity
      profile on the DM crypt device.  It can be seen in the files
      "/sys/block/dm-*/integrity/*" that both dm-integrity and dm-crypt target
      advertise the integrity profile.  That is incorrect, only the
      dm-integrity target should advertise the integrity profile.
      
      A general problem in DM is that if we have a DM device that depends on
      another device with an integrity profile, the upper device will always
      advertise the integrity profile, even when the target driver doesn't
      support handling integrity data.
      
      Most targets don't support integrity data, so we provide a whitelist of
      targets that support it (linear, delay and striped).  The targets that
      support passing integrity data to the lower device are marked with the
      flag DM_TARGET_PASSES_INTEGRITY.  The DM core will now advertise
      integrity data on a DM device only if all the targets support the
      integrity data.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      e2460f2a
    • Mikulas Patocka's avatar
      dm table: replace while loops with for loops · 3c120169
      Mikulas Patocka authored
      Also remove some unnecessary use of uninitialized_var().
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      3c120169
  2. 31 Mar, 2017 2 commits
  3. 30 Mar, 2017 1 commit
  4. 27 Mar, 2017 3 commits
    • Heinz Mauelshagen's avatar
      dm raid: add raid4/5/6 journal write-back support via journal_mode option · 6e53636f
      Heinz Mauelshagen authored
      Commit 63c32ed4 ("dm raid: add raid4/5/6 journaling support") added
      journal support to close the raid4/5/6 "write hole" -- in terms of
      writethrough caching.
      
      Introduce a "journal_mode" feature and use the new
      r5c_journal_mode_set() API to add support for switching the journal
      device's cache mode between write-through (the current default) and
      write-back.
      
      NOTE: If the journal device is not layered on resilent storage and it
      fails, write-through mode will cause the "write hole" to reoccur.  But
      if the journal fails while in write-back mode it will cause data loss
      for any dirty cache entries unless resilent storage is used for the
      journal.
      Signed-off-by: default avatarHeinz Mauelshagen <heinzm@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      6e53636f
    • Heinz Mauelshagen's avatar
      dm raid: fix table line argument order in status · 4464e36e
      Heinz Mauelshagen authored
      Commit 3a1c1ef2 ("dm raid: enhance status interface and fixup
      takeover/raid0") added new table line arguments and introduced an
      ordering flaw.  The sequence of the raid10_copies and raid10_format
      raid parameters got reversed which causes lvm2 userspace to fail by
      falsely assuming a changed table line.
      
      Sequence those 2 parameters as before so that old lvm2 can function
      properly with new kernels by adjusting the table line output as
      documented in Documentation/device-mapper/dm-raid.txt.
      
      Also, add missing version 1.10.1 highlight to the documention.
      
      Fixes: 3a1c1ef2 ("dm raid: enhance status interface and fixup takeover/raid0")
      Signed-off-by: default avatarHeinz Mauelshagen <heinzm@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      4464e36e
    • Heinz Mauelshagen's avatar
      md: add raid4/5/6 journal mode switching API · 78e470c2
      Heinz Mauelshagen authored
      Commit 2ded3703 ("md/r5cache: State machine for raid5-cache write
      back mode") added support for "write-back" caching on the raid journal
      device.
      
      In order to allow the dm-raid target to switch between the available
      "write-through" and "write-back" modes, provide a new
      r5c_journal_mode_set() API.
      
      Use the new API in existing r5c_journal_mode_store()
      Signed-off-by: default avatarHeinz Mauelshagen <heinzm@redhat.com>
      Acked-by: default avatarShaohua Li <shli@fb.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      78e470c2
  5. 24 Mar, 2017 8 commits
    • Mikulas Patocka's avatar
      dm crypt: use shifts instead of sector_div · ff3af92b
      Mikulas Patocka authored
      sector_div is very slow, so we introduce a variable sector_shift and
      use shift instead of sector_div.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      ff3af92b
    • Mikulas Patocka's avatar
      dm integrity: add recovery mode · c2bcb2b7
      Mikulas Patocka authored
      In recovery mode, we don't:
      - replay the journal
      - check checksums
      - allow writes to the device
      
      This mode can be used as a last resort for data recovery.  The
      motivation for recovery mode is that when there is a single error in the
      journal, the user should not lose access to the whole device.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      c2bcb2b7
    • Mike Snitzer's avatar
      dm integrity: factor out create_journal() from dm_integrity_ctr() · 1aa0efd4
      Mike Snitzer authored
      Preparation for next commit that makes call to create_journal()
      optional.
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      1aa0efd4
    • Milan Broz's avatar
      dm crypt: optionally support larger encryption sector size · 8f0009a2
      Milan Broz authored
      Add  optional "sector_size"  parameter that specifies encryption sector
      size (atomic unit of block device encryption).
      
      Parameter can be in range 512 - 4096 bytes and must be power of two.
      For compatibility reasons, the maximal IO must fit into the page limit,
      so the limit is set to the minimal page size possible (4096 bytes).
      
      NOTE: this device cannot yet be handled by cryptsetup if this parameter
      is set.
      
      IV for the sector is calculated from the 512 bytes sector offset unless
      the iv_large_sectors option is used.
      
      Test script using dmsetup:
      
        DEV="/dev/sdb"
        DEV_SIZE=$(blockdev --getsz $DEV)
        KEY="9c1185a5c5e9fc54612808977ee8f548b2258d31ddadef707ba62c166051b9e3cd0294c27515f2bccee924e8823ca6e124b8fc3167ed478bca702babe4e130ac"
        BLOCK_SIZE=4096
      
        # dmsetup create test_crypt --table "0 $DEV_SIZE crypt aes-xts-plain64 $KEY 0 $DEV 0 1 sector_size:$BLOCK_SIZE"
        # dmsetup table --showkeys test_crypt
      Signed-off-by: default avatarMilan Broz <gmazyland@gmail.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      8f0009a2
    • Milan Broz's avatar
      dm crypt: introduce new format of cipher with "capi:" prefix · 33d2f09f
      Milan Broz authored
      For the new authenticated encryption we have to support generic composed
      modes (combination of encryption algorithm and authenticator) because
      this is how the kernel crypto API accesses such algorithms.
      
      To simplify the interface, we accept an algorithm directly in crypto API
      format.  The new format is recognised by the "capi:" prefix.  The
      dmcrypt internal IV specification is the same as for the old format.
      
      The crypto API cipher specifications format is:
           capi:cipher_api_spec-ivmode[:ivopts]
      Examples:
           capi:cbc(aes)-essiv:sha256 (equivalent to old aes-cbc-essiv:sha256)
           capi:xts(aes)-plain64      (equivalent to old aes-xts-plain64)
      Examples of authenticated modes:
           capi:gcm(aes)-random
           capi:authenc(hmac(sha256),xts(aes))-random
           capi:rfc7539(chacha20,poly1305)-random
      
      Authenticated modes can only be configured using the new cipher format.
      Note that this format allows user to specify arbitrary combinations that
      can be insecure. (Policy decision is done in cryptsetup userspace.)
      
      Authenticated encryption algorithms can be of two types, either native
      modes (like GCM) that performs both encryption and authentication
      internally, or composed modes where user can compose AEAD with separate
      specification of encryption algorithm and authenticator.
      
      For composed mode with HMAC (length-preserving encryption mode like an
      XTS and HMAC as an authenticator) we have to calculate HMAC digest size
      (the separate authentication key is the same size as the HMAC digest).
      Introduce crypt_ctr_auth_cipher() to parse the crypto API string to get
      HMAC algorithm and retrieve digest size from it.
      
      Also, for HMAC composed mode we need to parse the crypto API string to
      get the cipher mode nested in the specification.  For native AEAD mode
      (like GCM), we can use crypto_tfm_alg_name() API to get the cipher
      specification.
      
      Because the HMAC composed mode is not processed the same as the native
      AEAD mode, the CRYPT_MODE_INTEGRITY_HMAC flag is no longer needed and
      "hmac" specification for the table integrity argument is removed.
      Signed-off-by: default avatarMilan Broz <gmazyland@gmail.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      33d2f09f
    • Milan Broz's avatar
      dm crypt: factor IV constructor out to separate function · e889f97a
      Milan Broz authored
      No functional change.
      Signed-off-by: default avatarMilan Broz <gmazyland@gmail.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      e889f97a
    • Milan Broz's avatar
      dm crypt: add cryptographic data integrity protection (authenticated encryption) · ef43aa38
      Milan Broz authored
      Allow the use of per-sector metadata, provided by the dm-integrity
      module, for integrity protection and persistently stored per-sector
      Initialization Vector (IV).  The underlying device must support the
      "DM-DIF-EXT-TAG" dm-integrity profile.
      
      The per-bio integrity metadata is allocated by dm-crypt for every bio.
      
      Example of low-level mapping table for various types of use:
       DEV=/dev/sdb
       SIZE=417792
      
       # Additional HMAC with CBC-ESSIV, key is concatenated encryption key + HMAC key
       SIZE_INT=389952
       dmsetup create x --table "0 $SIZE_INT integrity $DEV 0 32 J 0"
       dmsetup create y --table "0 $SIZE_INT crypt aes-cbc-essiv:sha256 \
       11ff33c6fb942655efb3e30cf4c0fd95f5ef483afca72166c530ae26151dd83b \
       00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff \
       0 /dev/mapper/x 0 1 integrity:32:hmac(sha256)"
      
       # AEAD (Authenticated Encryption with Additional Data) - GCM with random IVs
       # GCM in kernel uses 96bits IV and we store 128bits auth tag (so 28 bytes metadata space)
       SIZE_INT=393024
       dmsetup create x --table "0 $SIZE_INT integrity $DEV 0 28 J 0"
       dmsetup create y --table "0 $SIZE_INT crypt aes-gcm-random \
       11ff33c6fb942655efb3e30cf4c0fd95f5ef483afca72166c530ae26151dd83b \
       0 /dev/mapper/x 0 1 integrity:28:aead"
      
       # Random IV only for XTS mode (no integrity protection but provides atomic random sector change)
       SIZE_INT=401272
       dmsetup create x --table "0 $SIZE_INT integrity $DEV 0 16 J 0"
       dmsetup create y --table "0 $SIZE_INT crypt aes-xts-random \
       11ff33c6fb942655efb3e30cf4c0fd95f5ef483afca72166c530ae26151dd83b \
       0 /dev/mapper/x 0 1 integrity:16:none"
      
       # Random IV with XTS + HMAC integrity protection
       SIZE_INT=377656
       dmsetup create x --table "0 $SIZE_INT integrity $DEV 0 48 J 0"
       dmsetup create y --table "0 $SIZE_INT crypt aes-xts-random \
       11ff33c6fb942655efb3e30cf4c0fd95f5ef483afca72166c530ae26151dd83b \
       00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff \
       0 /dev/mapper/x 0 1 integrity:48:hmac(sha256)"
      
      Both AEAD and HMAC protection authenticates not only data but also
      sector metadata.
      
      HMAC protection is implemented through autenc wrapper (so it is
      processed the same way as an authenticated mode).
      
      In HMAC mode there are two keys (concatenated in dm-crypt mapping
      table).  First is the encryption key and the second is the key for
      authentication (HMAC).  (It is userspace decision if these keys are
      independent or somehow derived.)
      
      The sector request for AEAD/HMAC authenticated encryption looks like this:
       |----- AAD -------|------ DATA -------|-- AUTH TAG --|
       | (authenticated) | (auth+encryption) |              |
       | sector_LE |  IV |  sector in/out    |  tag in/out  |
      
      For writes, the integrity fields are calculated during AEAD encryption
      of every sector and stored in bio integrity fields and sent to
      underlying dm-integrity target for storage.
      
      For reads, the integrity metadata is verified during AEAD decryption of
      every sector (they are filled in by dm-integrity, but the integrity
      fields are pre-allocated in dm-crypt).
      
      There is also an experimental support in cryptsetup utility for more
      friendly configuration (part of LUKS2 format).
      
      Because the integrity fields are not valid on initial creation, the
      device must be "formatted".  This can be done by direct-io writes to the
      device (e.g. dd in direct-io mode).  For now, there is available trivial
      tool to do this, see: https://github.com/mbroz/dm_int_toolsSigned-off-by: default avatarMilan Broz <gmazyland@gmail.com>
      Signed-off-by: default avatarOndrej Mosnacek <omosnacek@gmail.com>
      Signed-off-by: default avatarVashek Matyas <matyas@fi.muni.cz>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      ef43aa38
    • Mikulas Patocka's avatar
      dm: add integrity target · 7eada909
      Mikulas Patocka authored
      The dm-integrity target emulates a block device that has additional
      per-sector tags that can be used for storing integrity information.
      
      A general problem with storing integrity tags with every sector is that
      writing the sector and the integrity tag must be atomic - i.e. in case of
      crash, either both sector and integrity tag or none of them is written.
      
      To guarantee write atomicity the dm-integrity target uses a journal. It
      writes sector data and integrity tags into a journal, commits the journal
      and then copies the data and integrity tags to their respective location.
      
      The dm-integrity target can be used with the dm-crypt target - in this
      situation the dm-crypt target creates the integrity data and passes them
      to the dm-integrity target via bio_integrity_payload attached to the bio.
      In this mode, the dm-crypt and dm-integrity targets provide authenticated
      disk encryption - if the attacker modifies the encrypted device, an I/O
      error is returned instead of random data.
      
      The dm-integrity target can also be used as a standalone target, in this
      mode it calculates and verifies the integrity tag internally. In this
      mode, the dm-integrity target can be used to detect silent data
      corruption on the disk or in the I/O path.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMilan Broz <gmazyland@gmail.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      7eada909
  6. 07 Mar, 2017 4 commits
  7. 05 Mar, 2017 2 commits
    • Linus Torvalds's avatar
      Linux 4.11-rc1 · c1ae3cfa
      Linus Torvalds authored
      c1ae3cfa
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 8d70eeb8
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix double-free in batman-adv, from Sven Eckelmann.
      
       2) Fix packet stats for fast-RX path, from Joannes Berg.
      
       3) Netfilter's ip_route_me_harder() doesn't handle request sockets
          properly, fix from Florian Westphal.
      
       4) Fix sendmsg deadlock in rxrpc, from David Howells.
      
       5) Add missing RCU locking to transport hashtable scan, from Xin Long.
      
       6) Fix potential packet loss in mlxsw driver, from Ido Schimmel.
      
       7) Fix race in NAPI handling between poll handlers and busy polling,
          from Eric Dumazet.
      
       8) TX path in vxlan and geneve need proper RCU locking, from Jakub
          Kicinski.
      
       9) SYN processing in DCCP and TCP need to disable BH, from Eric
          Dumazet.
      
      10) Properly handle net_enable_timestamp() being invoked from IRQ
          context, also from Eric Dumazet.
      
      11) Fix crash on device-tree systems in xgene driver, from Alban Bedel.
      
      12) Do not call sk_free() on a locked socket, from Arnaldo Carvalho de
          Melo.
      
      13) Fix use-after-free in netvsc driver, from Dexuan Cui.
      
      14) Fix max MTU setting in bonding driver, from WANG Cong.
      
      15) xen-netback hash table can be allocated from softirq context, so use
          GFP_ATOMIC. From Anoob Soman.
      
      16) Fix MAC address change bug in bgmac driver, from Hari Vyas.
      
      17) strparser needs to destroy strp_wq on module exit, from WANG Cong.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (69 commits)
        strparser: destroy workqueue on module exit
        sfc: fix IPID endianness in TSOv2
        sfc: avoid max() in array size
        rds: remove unnecessary returned value check
        rxrpc: Fix potential NULL-pointer exception
        nfp: correct DMA direction in XDP DMA sync
        nfp: don't tell FW about the reserved buffer space
        net: ethernet: bgmac: mac address change bug
        net: ethernet: bgmac: init sequence bug
        xen-netback: don't vfree() queues under spinlock
        xen-netback: keep a local pointer for vif in backend_disconnect()
        netfilter: nf_tables: don't call nfnetlink_set_err() if nfnetlink_send() fails
        netfilter: nft_set_rbtree: incorrect assumption on lower interval lookups
        netfilter: nf_conntrack_sip: fix wrong memory initialisation
        can: flexcan: fix typo in comment
        can: usb_8dev: Fix memory leak of priv->cmd_msg_buffer
        can: gs_usb: fix coding style
        can: gs_usb: Don't use stack memory for USB transfers
        ixgbe: Limit use of 2K buffers on architectures with 256B or larger cache lines
        ixgbe: update the rss key on h/w, when ethtool ask for it
        ...
      8d70eeb8
  8. 04 Mar, 2017 14 commits
    • Linus Torvalds's avatar
      Merge tag 'kvm-4.11-2' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 2d62e076
      Linus Torvalds authored
      Pull more KVM updates from Radim Krčmář:
       "Second batch of KVM changes for the 4.11 merge window:
      
        PPC:
         - correct assumption about ASDR on POWER9
         - fix MMIO emulation on POWER9
      
        x86:
         - add a simple test for ioperm
         - cleanup TSS (going through KVM tree as the whole undertaking was
           caused by VMX's use of TSS)
         - fix nVMX interrupt delivery
         - fix some performance counters in the guest
      
        ... and two cleanup patches"
      
      * tag 'kvm-4.11-2' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: nVMX: Fix pending events injection
        x86/kvm/vmx: remove unused variable in segment_base()
        selftests/x86: Add a basic selftest for ioperm
        x86/asm: Tidy up TSS limit code
        kvm: convert kvm.users_count from atomic_t to refcount_t
        KVM: x86: never specify a sample period for virtualized in_tx_cp counters
        KVM: PPC: Book3S HV: Don't use ASDR for real-mode HPT faults on POWER9
        KVM: PPC: Book3S HV: Fix software walk of guest process page tables
      2d62e076
    • Linus Torvalds's avatar
      Merge tag 'docs-4.11-fixes' of git://git.lwn.net/linux · be834aaf
      Linus Torvalds authored
      Pull documentation fixes from Jonathan Corbet:
       "A few fixes for the docs tree, including one for a 4.11 build
        regression"
      
      * tag 'docs-4.11-fixes' of git://git.lwn.net/linux:
        Documentation/sphinx: fix primary_domain configuration
        docs: Fix htmldocs build failure
        doc/ko_KR/memory-barriers: Update control-dependencies section
        pcieaer doc: update the link
        Documentation: Update path to sysrq.txt
      be834aaf
    • Linus Torvalds's avatar
      Merge tag 'staging-4.11-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 91aff98b
      Linus Torvalds authored
      Pull staging/IIO driver fixes from Greg KH:
       "Here are a few small staging and IIO driver fixes for issues that
        showed up after the big set if changes you merged last week.
      
        Nothing major, just small bugs resolved in some IIO drivers, a lustre
        allocation fix, and some RaspberryPi driver fixes for reported
        problems, as well as a MAINTAINERS entry update.
      
        All of these have been in linux-next for a week with no reported
        issues"
      
      * tag 'staging-4.11-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: fsl-mc: fix warning in DT ranges parser
        MAINTAINERS: Remove Noralf Trønnes as fbtft maintainer
        staging: vchiq_2835_arm: Make cache-line-size a required DT property
        staging: bcm2835/mmal-vchiq: unlock on error in buffer_from_host()
        staging/lustre/lnet: Fix allocation size for sv_cpt_data
        iio: adc: xilinx: Fix error handling
        iio: 104-quad-8: Fix off-by-one error when addressing flag register
        iio: adc: handle unknow of_device_id data
      91aff98b
    • Linus Torvalds's avatar
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 33a8b3e9
      Linus Torvalds authored
      Pull crypto fixes from Herbert Xu:
      
       - vmalloc stack regression in CCM
      
       - Build problem in CRC32 on ARM
      
       - Memory leak in cavium
      
       - Missing Kconfig dependencies in atmel and mediatek
      
       - XTS Regression on some platforms (s390 and ppc)
      
       - Memory overrun in CCM test vector
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: vmx - Use skcipher for xts fallback
        crypto: vmx - Use skcipher for cbc fallback
        crypto: testmgr - Pad aes_ccm_enc_tv_template vector
        crypto: arm/crc32 - add build time test for CRC instruction support
        crypto: arm/crc32 - fix build error with outdated binutils
        crypto: ccm - move cbcmac input off the stack
        crypto: xts - Propagate NEED_FALLBACK bit
        crypto: api - Add crypto_requires_off helper
        crypto: atmel - CRYPTO_DEV_MEDIATEK should depend on HAS_DMA
        crypto: atmel - CRYPTO_DEV_ATMEL_TDES and CRYPTO_DEV_ATMEL_SHA should depend on HAS_DMA
        crypto: cavium - fix leak on curr if curr->head fails to be allocated
        crypto: cavium - Fix couple of static checker errors
      33a8b3e9
    • Linus Torvalds's avatar
      Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 0710f3ff
      Linus Torvalds authored
      Pull misc final vfs updates from Al Viro:
       "A few unrelated patches that got beating in -next.
      
        Everything else will have to go into the next window ;-/"
      
      * 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        hfs: fix hfs_readdir()
        selftest for default_file_splice_read() infoleak
        9p: constify ->d_name handling
      0710f3ff
    • Linus Torvalds's avatar
      Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · a3b4924b
      Linus Torvalds authored
      Pull more SCSI updates from James Bottomley:
       "This is the set of stuff that didn't quite make the initial pull and a
        set of fixes for stuff which did.
      
        The new stuff is basically lpfc (nvme), qedi and aacraid. The fixes
        cover a lot of previously submitted stuff, the most important of which
        probably covers some of the failing irq vectors allocation and other
        fallout from having the SCSI command allocated as part of the block
        allocation functions"
      
      * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (59 commits)
        scsi: qedi: Fix memory leak in tmf response processing.
        scsi: aacraid: remove redundant zero check on ret
        scsi: lpfc: use proper format string for dma_addr_t
        scsi: lpfc: use div_u64 for 64-bit division
        scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m
        scsi: cciss: correct check map error.
        scsi: qla2xxx: fix spelling mistake: "seperator" -> "separator"
        scsi: aacraid: Fixed expander hotplug for SMART family
        scsi: mpt3sas: switch to pci_alloc_irq_vectors
        scsi: qedf: fixup compilation warning about atomic_t usage
        scsi: remove scsi_execute_req_flags
        scsi: merge __scsi_execute into scsi_execute
        scsi: simplify scsi_execute_req_flags
        scsi: make the sense header argument to scsi_test_unit_ready mandatory
        scsi: sd: improve TUR handling in sd_check_events
        scsi: always zero sshdr in scsi_normalize_sense
        scsi: scsi_dh_emc: return success in clariion_std_inquiry()
        scsi: fix memory leak of sdpk on when gd fails to allocate
        scsi: sd: make sd_devt_release() static
        scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.
        ...
      a3b4924b
    • WANG Cong's avatar
      strparser: destroy workqueue on module exit · f78ef7cd
      WANG Cong authored
      Fixes: 43a0c675 ("strparser: Stream parser for messages")
      Cc: Tom Herbert <tom@herbertland.com>
      Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f78ef7cd
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 20b83643
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for your net tree,
      they are:
      
      1) Missing check for full sock in ip_route_me_harder(), from
         Florian Westphal.
      
      2) Incorrect sip helper structure initilization that breaks it when
         several ports are used, from Christophe Leroy.
      
      3) Fix incorrect assumption when looking up for matching with adjacent
         intervals in the nft_set_rbtree.
      
      4) Fix broken netlink event error reporting in nf_tables that results
         in misleading ESRCH errors propagated to userspace listeners.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      20b83643
    • Linus Torvalds's avatar
      Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm · 0b94da8d
      Linus Torvalds authored
      Pull libnvdimm fixes from Dan Williams:
       "A fix and regression test case for nvdimm namespace label
        compatibility.
      
        Details:
      
         - An "nvdimm namespace label" is metadata on an nvdimm that
           provisions dimm capacity into a "namespace" that can host a block
           device / dax-filesytem, or a device-dax character device.
      
           A namespace is an object that other operating environment and
           platform firmware needs to comprehend for capabilities like booting
           from an nvdimm.
      
           The label metadata contains a checksum that Linux was not
           calculating correctly leading to other environments rejecting the
           Linux label.
      
         These have received a build success notification from the kbuild
         robot, and a positive test result from Nick who reported the problem"
      
      * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
        nfit, libnvdimm: fix interleave set cookie calculation
        tools/testing/nvdimm: make iset cookie predictable
      0b94da8d
    • Linus Torvalds's avatar
      Merge tag 'pci-v4.11-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · e27fd02d
      Linus Torvalds authored
      Pull PCI fixes from Bjorn Helgaas:
      
       - fix NULL pointer dereferences in many DesignWare-based drivers due to
         refactoring error
      
       - fix Altera config write breakage due to my refactoring error
      
      * tag 'pci-v4.11-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        PCI: altera: Fix TLP_CFG_DW0 for TLP write
        PCI: dwc: Fix crashes seen due to missing assignments
      e27fd02d
    • Linus Torvalds's avatar
      Merge branch 'parisc-4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · f47e2db4
      Linus Torvalds authored
      Pull parisc fixes and cleanups from Helge Deller:
       "Nothing really important in this patchset: fix resource leaks in error
        paths, coding style cleanups and code removal"
      
      * 'parisc-4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Remove flush_user_dcache_range and flush_user_icache_range
        parisc: fix a printk
        parisc: ccio-dma: Handle return NULL error from ioremap_nocache
        parisc: Define access_ok() as macro
        parisc: eisa: Fix resource leaks in error paths
        parisc: eisa: Remove coding style errors
      f47e2db4
    • Linus Torvalds's avatar
      Merge tag 'xtensa-20170303' of git://github.com/jcmvbkbc/linux-xtensa · 606ed721
      Linus Torvalds authored
      Pull Xtensa updates from Max Filippov:
      
       - clean up bootable image build targets: provide separate 'Image',
         'zImage' and 'uImage' make targets that only build corresponding
         image type. Make 'all' build all images appropriate for a platform
      
       - allow merging vectors code into .text section as a preparation step
         for XIP support
      
       - fix handling external FDT when the kernel is built without
         BLK_DEV_INITRD support
      
      * tag 'xtensa-20170303' of git://github.com/jcmvbkbc/linux-xtensa:
        xtensa: allow merging vectors into .text section
        xtensa: clean up bootable image build targets
        xtensa: move parse_tag_fdt out of #ifdef CONFIG_BLK_DEV_INITRD
      606ed721
    • Linus Torvalds's avatar
      Merge tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · a1a0db36
      Linus Torvalds authored
      Pull ARM SoC late DT updates from Arnd Bergmann:
       "These updates have been kept in a separate branch mostly because they
        rely on updates to the respective clk drivers to keep the shared
        header files in sync.
      
        This includes two branches for arm64 dt updates, both following up on
        earlier changes for the same platforms that are already merged:
      
        Samsung:
         - add USB3 support in Exynos7
         - minor PM related updates
      
        Amlogic:
         - new machines: WeTek Set-top-boxes
         - various devices added to DT
      
        There are also a couple of bugfixes that trickled in since the start
        of the merge window:
      
         - The moxart_defconfig was not building the intended platform
         - CPU-hotplug was broken on ux500
         - Coresight was broken on Juno (never worked)"
      
      * tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (26 commits)
        ARM: deconfig: fix the moxart defconfig
        ARM: ux500: resume the second core properly
        arm64: dts: juno: update definition for programmable replicator
        arm64: dts: exynos: Add regulators for Vbus and Vbus-Boost
        arm64: dts: exynos: Add USB 3.0 controller node for Exynos7
        arm64: dts: exynos: Use macros for pinctrl configuration on Exynos7
        pinctrl: dt-bindings: samsung: Add Exynos7 specific pinctrl macro definitions
        arm64: dts: exynos: Add initial configuration for DISP clocks for TM2/TM2e
        ARM64: dts: meson-gxbb-p200: add ADC laddered keys
        ARM64: dts: meson: meson-gx: add the SAR ADC
        ARM64: dts: meson-gxl: add the pwm_ao_b pin
        ARM64: dts: meson-gx: add the missing pwm_AO_ab node
        clk: gxbb: fix CLKID_ETH defined twice
        ARM64: dts: meson-gxl: rename Nexbox A95x for consistency
        clk: gxbb: add the SAR ADC clocks and expose them
        dt-bindings: amlogic: Add WeTek boards
        ARM64: dts: meson-gxbb: Add support for WeTek Hub and Play
        dt-bindings: vendor-prefix: Add wetek vendor prefix
        ARM64: dts: meson-gxm: Rename q200 and q201 DT files for consistency
        ARM64: dts: meson-gx: Add HDMI HPD/DDC pinctrl nodes
        ...
      a1a0db36
    • Linus Torvalds's avatar
      Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 · 0a040b21
      Linus Torvalds authored
      Pull SMB3 fixes from Steve French:
       "Some small bug fixes as well as SMB2.1/SMB3 enablement for DFS (global
        namespace) which previously was only enabled for CIFS"
      
      * 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
        smb2: Enforce sec= mount option
        CIFS: Fix sparse warnings
        CIFS: implement get_dfs_refer for SMB2+
        CIFS: use DFS pathnames in SMB2+ Create requests
        CIFS: set signing flag in SMB2+ TreeConnect if needed
        CIFS: let ses->ipc_tid hold smb2 TreeIds
        CIFS: add use_ipc flag to SMB2_ioctl()
        CIFS: add build_path_from_dentry_optional_prefix()
        CIFS: move DFS response parsing out of SMB1 code
        CIFS: Fix possible use after free in demultiplex thread
      0a040b21
  9. 03 Mar, 2017 1 commit