From 6fed3d5643a60ea7eeaf3a2e835933247d22303e Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Fri, 16 Jan 2015 15:19:28 +0000 Subject: [PATCH 1/9] [arm64] udeb: Remove zlib-modules, as ZLIB_DEFLATE is now built-in (fixes FTBFS) svn path=/dists/sid/linux/; revision=22273 --- debian/changelog | 8 ++++++++ debian/installer/arm64/modules/arm64/zlib-modules | 1 - debian/installer/arm64/package-list | 1 + 3 files changed, 9 insertions(+), 1 deletion(-) delete mode 100644 debian/installer/arm64/modules/arm64/zlib-modules diff --git a/debian/changelog b/debian/changelog index d3bf4d52d..7963ca35b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +linux (3.16.7-ckt4-1) UNRELEASED; urgency=medium + + [ Ian Campbell ] + * [arm64] udeb: Remove zlib-modules, as ZLIB_DEFLATE is now + built-in (fixes FTBFS) + + -- Ian Campbell Fri, 16 Jan 2015 15:14:32 +0000 + linux (3.16.7-ckt4-1) unstable; urgency=medium * New upstream stable update: diff --git a/debian/installer/arm64/modules/arm64/zlib-modules b/debian/installer/arm64/modules/arm64/zlib-modules deleted file mode 100644 index e02ad64bf..000000000 --- a/debian/installer/arm64/modules/arm64/zlib-modules +++ /dev/null @@ -1 +0,0 @@ -#include diff --git a/debian/installer/arm64/package-list b/debian/installer/arm64/package-list index aefbc7e74..22daaa6cc 100644 --- a/debian/installer/arm64/package-list +++ b/debian/installer/arm64/package-list @@ -5,3 +5,4 @@ # Package: kernel-image +Provides: zlib-modules From da03b54763e4e76bfb4f0995c5ad6fea224014ba Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Fri, 16 Jan 2015 21:44:00 +0000 Subject: [PATCH 2/9] Next version is -2 svn path=/dists/sid/linux/; revision=22274 --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 7963ca35b..908c46498 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -linux (3.16.7-ckt4-1) UNRELEASED; urgency=medium +linux (3.16.7-ckt4-2) UNRELEASED; urgency=medium [ Ian Campbell ] * [arm64] udeb: Remove zlib-modules, as ZLIB_DEFLATE is now From 2165116cd92eba5b76b557fdd0a18cb5bd15aef9 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sat, 17 Jan 2015 09:54:16 +0000 Subject: [PATCH 3/9] [hppa] udeb: Fix duplicate modules in ata-modules, pata-modules (thanks to Helge Deller) (Closes: #770102) svn path=/dists/sid/linux/; revision=22276 --- debian/changelog | 4 ++++ debian/installer/hppa/modules/hppa/ata-modules | 1 + debian/installer/hppa/package-list | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 908c46498..8e09db583 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,10 @@ linux (3.16.7-ckt4-2) UNRELEASED; urgency=medium * [arm64] udeb: Remove zlib-modules, as ZLIB_DEFLATE is now built-in (fixes FTBFS) + [ Ben Hutchings ] + * [hppa] udeb: Fix duplicate modules in ata-modules, pata-modules + (thanks to Helge Deller) (Closes: #770102) + -- Ian Campbell Fri, 16 Jan 2015 15:14:32 +0000 linux (3.16.7-ckt4-1) unstable; urgency=medium diff --git a/debian/installer/hppa/modules/hppa/ata-modules b/debian/installer/hppa/modules/hppa/ata-modules index b81c0f38b..be78de0c1 100644 --- a/debian/installer/hppa/modules/hppa/ata-modules +++ b/debian/installer/hppa/modules/hppa/ata-modules @@ -1 +1,2 @@ #include +libata - diff --git a/debian/installer/hppa/package-list b/debian/installer/hppa/package-list index 22d182a93..edbeff4ec 100644 --- a/debian/installer/hppa/package-list +++ b/debian/installer/hppa/package-list @@ -12,7 +12,7 @@ Package: ide-modules Depends: kernel-image, ide-core-modules, nls-core-modules Package: pata-modules -Depends: kernel-image, scsi-core-modules +Depends: kernel-image, ata-modules, scsi-core-modules Package: fb-modules Depends: kernel-image From d6018c18d269aa3908a83b4fcf7e104df90a63ea Mon Sep 17 00:00:00 2001 From: Helge Deller Date: Mon, 19 Jan 2015 20:25:41 +0000 Subject: [PATCH 4/9] [hppa] Enable CONFIG_PPDEV to avoid CUPS complaining with systemd svn path=/dists/sid/linux/; revision=22284 --- debian/changelog | 3 +++ debian/config/hppa/config | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 8e09db583..b527a75c1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,9 @@ linux (3.16.7-ckt4-2) UNRELEASED; urgency=medium * [hppa] udeb: Fix duplicate modules in ata-modules, pata-modules (thanks to Helge Deller) (Closes: #770102) + [ Helge Deller ] + * [hppa] Enable CONFIG_PPDEV to avoid CUPS complaining with systemd + -- Ian Campbell Fri, 16 Jan 2015 15:14:32 +0000 linux (3.16.7-ckt4-1) unstable; urgency=medium diff --git a/debian/config/hppa/config b/debian/config/hppa/config index d3aaa7f6c..0eb289574 100644 --- a/debian/config/hppa/config +++ b/debian/config/hppa/config @@ -46,7 +46,7 @@ CONFIG_CDROM_PKTCDVD_BUFFERS=8 ## CONFIG_PRINTER=m # CONFIG_LP_CONSOLE is not set -# CONFIG_PPDEV is not set +CONFIG_PPDEV=m CONFIG_GEN_RTC=y # CONFIG_GEN_RTC_X is not set # CONFIG_DTLK is not set From f800ed5d8d11cdeaa008598949919f95cd9c4b38 Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Mon, 26 Jan 2015 13:25:40 +0000 Subject: [PATCH 5/9] [xen] Revert "swiotlb-xen: pass dev_addr to swiotlb_tbl_unmap_single" (Closes: #776237) svn path=/dists/sid/linux/; revision=22285 --- debian/changelog | 4 +++ ...en-pass-dev_addr-to-swiotlb_tbl_unma.patch | 35 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 40 insertions(+) create mode 100644 debian/patches/bugfix/all/Revert-swiotlb-xen-pass-dev_addr-to-swiotlb_tbl_unma.patch diff --git a/debian/changelog b/debian/changelog index b527a75c1..c2a960266 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,6 +11,10 @@ linux (3.16.7-ckt4-2) UNRELEASED; urgency=medium [ Helge Deller ] * [hppa] Enable CONFIG_PPDEV to avoid CUPS complaining with systemd + [ Ian Campbell ] + * [xen] Revert "swiotlb-xen: pass dev_addr to swiotlb_tbl_unmap_single" + (Closes: #776237) + -- Ian Campbell Fri, 16 Jan 2015 15:14:32 +0000 linux (3.16.7-ckt4-1) unstable; urgency=medium diff --git a/debian/patches/bugfix/all/Revert-swiotlb-xen-pass-dev_addr-to-swiotlb_tbl_unma.patch b/debian/patches/bugfix/all/Revert-swiotlb-xen-pass-dev_addr-to-swiotlb_tbl_unma.patch new file mode 100644 index 000000000..77a9bc78d --- /dev/null +++ b/debian/patches/bugfix/all/Revert-swiotlb-xen-pass-dev_addr-to-swiotlb_tbl_unma.patch @@ -0,0 +1,35 @@ +From c3d92e076c01e257d0cac339e1942f1217ba279b Mon Sep 17 00:00:00 2001 +From: David Vrabel +Date: Wed, 10 Dec 2014 14:48:43 +0000 +Subject: [PATCH] Revert "swiotlb-xen: pass dev_addr to + swiotlb_tbl_unmap_single" + +This reverts commit 2c3fc8d26dd09b9d7069687eead849ee81c78e46. + +This commit broke on x86 PV because entries in the generic SWIOTLB are +indexed using (pseudo-)physical address not DMA address and these are +not the same in a x86 PV guest. + +Signed-off-by: David Vrabel +Reviewed-by: Stefano Stabellini +(cherry picked from commit dbdd74763f1faf799fbb9ed30423182e92919378) +--- + drivers/xen/swiotlb-xen.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/xen/swiotlb-xen.c b/drivers/xen/swiotlb-xen.c +index 5ea1e3c..810ad41 100644 +--- a/drivers/xen/swiotlb-xen.c ++++ b/drivers/xen/swiotlb-xen.c +@@ -451,7 +451,7 @@ static void xen_unmap_single(struct device *hwdev, dma_addr_t dev_addr, + + /* NOTE: We use dev_addr here, not paddr! */ + if (is_xen_swiotlb_buffer(dev_addr)) { +- swiotlb_tbl_unmap_single(hwdev, dev_addr, size, dir); ++ swiotlb_tbl_unmap_single(hwdev, paddr, size, dir); + return; + } + +-- +1.7.10.4 + diff --git a/debian/patches/series b/debian/patches/series index 506d74a5a..a1038a720 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -152,6 +152,7 @@ bugfix/all/netback-don-t-store-invalid-vif-pointer.patch bugfix/all/xen-netback-support-frontends-without-feature-rx-not.patch bugfix/all/aufs-move-d_rcu-from-overlapping-d_child-to-overlapping-d.patch bugfix/all/net-mv643xx-disable-tso-by-default.patch +bugfix/all/Revert-swiotlb-xen-pass-dev_addr-to-swiotlb_tbl_unma.patch # memfd_create() & kdbus backport features/all/kdbus/mm-allow-drivers-to-prevent-new-writable-mappings.patch From d8f6c8a14f3c5bb892265ee2e7f8279dce244638 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 27 Jan 2015 02:05:45 +0000 Subject: [PATCH 6/9] Reorder the current changelog entry into one section each for Ian and Helge svn path=/dists/sid/linux/; revision=22286 --- debian/changelog | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/debian/changelog b/debian/changelog index c2a960266..780bf8649 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,18 +3,14 @@ linux (3.16.7-ckt4-2) UNRELEASED; urgency=medium [ Ian Campbell ] * [arm64] udeb: Remove zlib-modules, as ZLIB_DEFLATE is now built-in (fixes FTBFS) - - [ Ben Hutchings ] - * [hppa] udeb: Fix duplicate modules in ata-modules, pata-modules - (thanks to Helge Deller) (Closes: #770102) - - [ Helge Deller ] - * [hppa] Enable CONFIG_PPDEV to avoid CUPS complaining with systemd - - [ Ian Campbell ] * [xen] Revert "swiotlb-xen: pass dev_addr to swiotlb_tbl_unmap_single" (Closes: #776237) + [ Helge Deller ] + * [hppa] udeb: Fix duplicate modules in ata-modules, pata-modules + (Closes: #770102) + * [hppa] Enable CONFIG_PPDEV to avoid CUPS complaining with systemd + -- Ian Campbell Fri, 16 Jan 2015 15:14:32 +0000 linux (3.16.7-ckt4-1) unstable; urgency=medium From afd12d78e4066de6abb4ebfba16be98763560427 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 27 Jan 2015 02:35:59 +0000 Subject: [PATCH 7/9] crypto: Fix unprivileged arbitrary module loading (CVE-2013-7421, CVE-2014-9644) svn path=/dists/sid/linux/; revision=22287 --- debian/changelog | 7 + ...to-add-missing-crypto-module-aliases.patch | 223 ++++ ...ude-crypto-module-prefix-in-template.patch | 215 ++++ ...refix-module-autoloading-with-crypto.patch | 995 ++++++++++++++++++ debian/patches/series | 3 + 5 files changed, 1443 insertions(+) create mode 100644 debian/patches/bugfix/all/crypto-add-missing-crypto-module-aliases.patch create mode 100644 debian/patches/bugfix/all/crypto-include-crypto-module-prefix-in-template.patch create mode 100644 debian/patches/bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch diff --git a/debian/changelog b/debian/changelog index 780bf8649..5e756a92a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,6 +11,13 @@ linux (3.16.7-ckt4-2) UNRELEASED; urgency=medium (Closes: #770102) * [hppa] Enable CONFIG_PPDEV to avoid CUPS complaining with systemd + [ Ben Hutchings ] + * crypto: Fix unprivileged arbitrary module loading (CVE-2013-7421, + CVE-2014-9644) + - prefix module autoloading with "crypto-" + - include crypto- module prefix in template + - add missing crypto module aliases + -- Ian Campbell Fri, 16 Jan 2015 15:14:32 +0000 linux (3.16.7-ckt4-1) unstable; urgency=medium diff --git a/debian/patches/bugfix/all/crypto-add-missing-crypto-module-aliases.patch b/debian/patches/bugfix/all/crypto-add-missing-crypto-module-aliases.patch new file mode 100644 index 000000000..687b374f9 --- /dev/null +++ b/debian/patches/bugfix/all/crypto-add-missing-crypto-module-aliases.patch @@ -0,0 +1,223 @@ +From: Mathias Krause +Date: Sun, 11 Jan 2015 18:17:42 +0100 +Subject: crypto: add missing crypto module aliases +Origin: https://git.kernel.org/linus/3e14dcf7cb80b34a1f38b55bc96f02d23fdaaaaf + +Commit 5d26a105b5a7 ("crypto: prefix module autoloading with "crypto-"") +changed the automatic module loading when requesting crypto algorithms +to prefix all module requests with "crypto-". This requires all crypto +modules to have a crypto specific module alias even if their file name +would otherwise match the requested crypto algorithm. + +Even though commit 5d26a105b5a7 added those aliases for a vast amount of +modules, it was missing a few. Add the required MODULE_ALIAS_CRYPTO +annotations to those files to make them get loaded automatically, again. +This fixes, e.g., requesting 'ecb(blowfish-generic)', which used to work +with kernels v3.18 and below. + +Also change MODULE_ALIAS() lines to MODULE_ALIAS_CRYPTO(). The former +won't work for crypto modules any more. + +Fixes: 5d26a105b5a7 ("crypto: prefix module autoloading with "crypto-"") +Cc: Kees Cook +Signed-off-by: Mathias Krause +Signed-off-by: Herbert Xu +[bwh: Backported to 3.16: drop changes to x86 sha1_mb which we don't have] +--- + arch/powerpc/crypto/sha1.c | 1 + + crypto/aes_generic.c | 1 + + crypto/ansi_cprng.c | 1 + + crypto/blowfish_generic.c | 1 + + crypto/camellia_generic.c | 1 + + crypto/cast5_generic.c | 1 + + crypto/cast6_generic.c | 1 + + crypto/crc32c_generic.c | 1 + + crypto/crct10dif_generic.c | 1 + + crypto/des_generic.c | 7 ++++--- + crypto/ghash-generic.c | 1 + + crypto/krng.c | 1 + + crypto/salsa20_generic.c | 1 + + crypto/serpent_generic.c | 1 + + crypto/sha1_generic.c | 1 + + crypto/sha256_generic.c | 2 ++ + crypto/sha512_generic.c | 2 ++ + crypto/tea.c | 1 + + crypto/tgr192.c | 1 + + crypto/twofish_generic.c | 1 + + crypto/wp512.c | 1 + + +--- a/arch/powerpc/crypto/sha1.c ++++ b/arch/powerpc/crypto/sha1.c +@@ -154,4 +154,5 @@ module_exit(sha1_powerpc_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm"); + ++MODULE_ALIAS_CRYPTO("sha1"); + MODULE_ALIAS_CRYPTO("sha1-powerpc"); +--- a/crypto/aes_generic.c ++++ b/crypto/aes_generic.c +@@ -1475,3 +1475,4 @@ module_exit(aes_fini); + MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm"); + MODULE_LICENSE("Dual BSD/GPL"); + MODULE_ALIAS_CRYPTO("aes"); ++MODULE_ALIAS_CRYPTO("aes-generic"); +--- a/crypto/ansi_cprng.c ++++ b/crypto/ansi_cprng.c +@@ -477,3 +477,4 @@ MODULE_PARM_DESC(dbg, "Boolean to enable + module_init(prng_mod_init); + module_exit(prng_mod_fini); + MODULE_ALIAS_CRYPTO("stdrng"); ++MODULE_ALIAS_CRYPTO("ansi_cprng"); +--- a/crypto/blowfish_generic.c ++++ b/crypto/blowfish_generic.c +@@ -139,3 +139,4 @@ module_exit(blowfish_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Blowfish Cipher Algorithm"); + MODULE_ALIAS_CRYPTO("blowfish"); ++MODULE_ALIAS_CRYPTO("blowfish-generic"); +--- a/crypto/camellia_generic.c ++++ b/crypto/camellia_generic.c +@@ -1099,3 +1099,4 @@ module_exit(camellia_fini); + MODULE_DESCRIPTION("Camellia Cipher Algorithm"); + MODULE_LICENSE("GPL"); + MODULE_ALIAS_CRYPTO("camellia"); ++MODULE_ALIAS_CRYPTO("camellia-generic"); +--- a/crypto/cast5_generic.c ++++ b/crypto/cast5_generic.c +@@ -550,3 +550,4 @@ module_exit(cast5_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Cast5 Cipher Algorithm"); + MODULE_ALIAS_CRYPTO("cast5"); ++MODULE_ALIAS_CRYPTO("cast5-generic"); +--- a/crypto/cast6_generic.c ++++ b/crypto/cast6_generic.c +@@ -292,3 +292,4 @@ module_exit(cast6_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Cast6 Cipher Algorithm"); + MODULE_ALIAS_CRYPTO("cast6"); ++MODULE_ALIAS_CRYPTO("cast6-generic"); +--- a/crypto/crc32c_generic.c ++++ b/crypto/crc32c_generic.c +@@ -171,4 +171,5 @@ MODULE_AUTHOR("Clay Haapala "); +-MODULE_ALIAS("des"); ++MODULE_ALIAS_CRYPTO("des"); ++MODULE_ALIAS_CRYPTO("des-generic"); ++MODULE_ALIAS_CRYPTO("des3_ede"); ++MODULE_ALIAS_CRYPTO("des3_ede-generic"); +--- a/crypto/ghash-generic.c ++++ b/crypto/ghash-generic.c +@@ -173,3 +173,4 @@ module_exit(ghash_mod_exit); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("GHASH Message Digest Algorithm"); + MODULE_ALIAS_CRYPTO("ghash"); ++MODULE_ALIAS_CRYPTO("ghash-generic"); +--- a/crypto/krng.c ++++ b/crypto/krng.c +@@ -63,3 +63,4 @@ module_exit(krng_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Kernel Random Number Generator"); + MODULE_ALIAS_CRYPTO("stdrng"); ++MODULE_ALIAS_CRYPTO("krng"); +--- a/crypto/salsa20_generic.c ++++ b/crypto/salsa20_generic.c +@@ -249,3 +249,4 @@ module_exit(salsa20_generic_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION ("Salsa20 stream cipher algorithm"); + MODULE_ALIAS_CRYPTO("salsa20"); ++MODULE_ALIAS_CRYPTO("salsa20-generic"); +--- a/crypto/serpent_generic.c ++++ b/crypto/serpent_generic.c +@@ -667,3 +667,4 @@ MODULE_DESCRIPTION("Serpent and tnepres + MODULE_AUTHOR("Dag Arne Osvik "); + MODULE_ALIAS_CRYPTO("tnepres"); + MODULE_ALIAS_CRYPTO("serpent"); ++MODULE_ALIAS_CRYPTO("serpent-generic"); +--- a/crypto/sha1_generic.c ++++ b/crypto/sha1_generic.c +@@ -154,3 +154,4 @@ MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm"); + + MODULE_ALIAS_CRYPTO("sha1"); ++MODULE_ALIAS_CRYPTO("sha1-generic"); +--- a/crypto/sha256_generic.c ++++ b/crypto/sha256_generic.c +@@ -385,4 +385,6 @@ MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA-224 and SHA-256 Secure Hash Algorithm"); + + MODULE_ALIAS_CRYPTO("sha224"); ++MODULE_ALIAS_CRYPTO("sha224-generic"); + MODULE_ALIAS_CRYPTO("sha256"); ++MODULE_ALIAS_CRYPTO("sha256-generic"); +--- a/crypto/sha512_generic.c ++++ b/crypto/sha512_generic.c +@@ -288,4 +288,6 @@ MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA-512 and SHA-384 Secure Hash Algorithms"); + + MODULE_ALIAS_CRYPTO("sha384"); ++MODULE_ALIAS_CRYPTO("sha384-generic"); + MODULE_ALIAS_CRYPTO("sha512"); ++MODULE_ALIAS_CRYPTO("sha512-generic"); +--- a/crypto/tea.c ++++ b/crypto/tea.c +@@ -270,6 +270,7 @@ static void __exit tea_mod_fini(void) + crypto_unregister_algs(tea_algs, ARRAY_SIZE(tea_algs)); + } + ++MODULE_ALIAS_CRYPTO("tea"); + MODULE_ALIAS_CRYPTO("xtea"); + MODULE_ALIAS_CRYPTO("xeta"); + +--- a/crypto/tgr192.c ++++ b/crypto/tgr192.c +@@ -676,6 +676,7 @@ static void __exit tgr192_mod_fini(void) + crypto_unregister_shashes(tgr_algs, ARRAY_SIZE(tgr_algs)); + } + ++MODULE_ALIAS_CRYPTO("tgr192"); + MODULE_ALIAS_CRYPTO("tgr160"); + MODULE_ALIAS_CRYPTO("tgr128"); + +--- a/crypto/twofish_generic.c ++++ b/crypto/twofish_generic.c +@@ -212,3 +212,4 @@ module_exit(twofish_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION ("Twofish Cipher Algorithm"); + MODULE_ALIAS_CRYPTO("twofish"); ++MODULE_ALIAS_CRYPTO("twofish-generic"); +--- a/crypto/wp512.c ++++ b/crypto/wp512.c +@@ -1167,6 +1167,7 @@ static void __exit wp512_mod_fini(void) + crypto_unregister_shashes(wp_algs, ARRAY_SIZE(wp_algs)); + } + ++MODULE_ALIAS_CRYPTO("wp512"); + MODULE_ALIAS_CRYPTO("wp384"); + MODULE_ALIAS_CRYPTO("wp256"); + diff --git a/debian/patches/bugfix/all/crypto-include-crypto-module-prefix-in-template.patch b/debian/patches/bugfix/all/crypto-include-crypto-module-prefix-in-template.patch new file mode 100644 index 000000000..df6004ec4 --- /dev/null +++ b/debian/patches/bugfix/all/crypto-include-crypto-module-prefix-in-template.patch @@ -0,0 +1,215 @@ +From: Kees Cook +Date: Mon, 24 Nov 2014 16:32:38 -0800 +Subject: crypto: include crypto- module prefix in template +Origin: https://git.kernel.org/linus/4943ba16bbc2db05115707b3ff7b4874e9e3c560 + +This adds the module loading prefix "crypto-" to the template lookup +as well. + +For example, attempting to load 'vfat(blowfish)' via AF_ALG now correctly +includes the "crypto-" prefix at every level, correctly rejecting "vfat": + + net-pf-38 + algif-hash + crypto-vfat(blowfish) + crypto-vfat(blowfish)-all + crypto-vfat + +Reported-by: Mathias Krause +Signed-off-by: Kees Cook +Acked-by: Mathias Krause +Signed-off-by: Herbert Xu +[bwh: Backported to 3.16: drop changes to mcryptd which we don't have] +--- + arch/x86/crypto/fpu.c | 3 +++ + crypto/algapi.c | 4 ++-- + crypto/authenc.c | 1 + + crypto/authencesn.c | 1 + + crypto/cbc.c | 1 + + crypto/ccm.c | 1 + + crypto/chainiv.c | 1 + + crypto/cmac.c | 1 + + crypto/cryptd.c | 1 + + crypto/ctr.c | 1 + + crypto/cts.c | 1 + + crypto/ecb.c | 1 + + crypto/eseqiv.c | 1 + + crypto/gcm.c | 1 + + crypto/hmac.c | 1 + + crypto/lrw.c | 1 + + crypto/pcbc.c | 1 + + crypto/pcrypt.c | 1 + + crypto/seqiv.c | 1 + + crypto/vmac.c | 1 + + crypto/xcbc.c | 1 + + crypto/xts.c | 1 + + +--- a/arch/x86/crypto/fpu.c ++++ b/arch/x86/crypto/fpu.c +@@ -17,6 +17,7 @@ + #include + #include + #include ++#include + #include + + struct crypto_fpu_ctx { +@@ -159,3 +160,5 @@ void __exit crypto_fpu_exit(void) + { + crypto_unregister_template(&crypto_fpu_tmpl); + } ++ ++MODULE_ALIAS_CRYPTO("fpu"); +--- a/crypto/algapi.c ++++ b/crypto/algapi.c +@@ -495,8 +495,8 @@ static struct crypto_template *__crypto_ + + struct crypto_template *crypto_lookup_template(const char *name) + { +- return try_then_request_module(__crypto_lookup_template(name), "%s", +- name); ++ return try_then_request_module(__crypto_lookup_template(name), ++ "crypto-%s", name); + } + EXPORT_SYMBOL_GPL(crypto_lookup_template); + +--- a/crypto/authenc.c ++++ b/crypto/authenc.c +@@ -721,3 +721,4 @@ module_exit(crypto_authenc_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Simple AEAD wrapper for IPsec"); ++MODULE_ALIAS_CRYPTO("authenc"); +--- a/crypto/authencesn.c ++++ b/crypto/authencesn.c +@@ -814,3 +814,4 @@ module_exit(crypto_authenc_esn_module_ex + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Steffen Klassert "); + MODULE_DESCRIPTION("AEAD wrapper for IPsec with extended sequence numbers"); ++MODULE_ALIAS_CRYPTO("authencesn"); +--- a/crypto/cbc.c ++++ b/crypto/cbc.c +@@ -289,3 +289,4 @@ module_exit(crypto_cbc_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("CBC block cipher algorithm"); ++MODULE_ALIAS_CRYPTO("cbc"); +--- a/crypto/ccm.c ++++ b/crypto/ccm.c +@@ -881,3 +881,4 @@ MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Counter with CBC MAC"); + MODULE_ALIAS_CRYPTO("ccm_base"); + MODULE_ALIAS_CRYPTO("rfc4309"); ++MODULE_ALIAS_CRYPTO("ccm"); +--- a/crypto/chainiv.c ++++ b/crypto/chainiv.c +@@ -359,3 +359,4 @@ module_exit(chainiv_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Chain IV Generator"); ++MODULE_ALIAS_CRYPTO("chainiv"); +--- a/crypto/cmac.c ++++ b/crypto/cmac.c +@@ -313,3 +313,4 @@ module_exit(crypto_cmac_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("CMAC keyed hash algorithm"); ++MODULE_ALIAS_CRYPTO("cmac"); +--- a/crypto/cryptd.c ++++ b/crypto/cryptd.c +@@ -955,3 +955,4 @@ module_exit(cryptd_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Software async crypto daemon"); ++MODULE_ALIAS_CRYPTO("cryptd"); +--- a/crypto/ctr.c ++++ b/crypto/ctr.c +@@ -467,3 +467,4 @@ module_exit(crypto_ctr_module_exit); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("CTR Counter block mode"); + MODULE_ALIAS_CRYPTO("rfc3686"); ++MODULE_ALIAS_CRYPTO("ctr"); +--- a/crypto/cts.c ++++ b/crypto/cts.c +@@ -350,3 +350,4 @@ module_exit(crypto_cts_module_exit); + + MODULE_LICENSE("Dual BSD/GPL"); + MODULE_DESCRIPTION("CTS-CBC CipherText Stealing for CBC"); ++MODULE_ALIAS_CRYPTO("cts"); +--- a/crypto/ecb.c ++++ b/crypto/ecb.c +@@ -185,3 +185,4 @@ module_exit(crypto_ecb_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("ECB block cipher algorithm"); ++MODULE_ALIAS_CRYPTO("ecb"); +--- a/crypto/eseqiv.c ++++ b/crypto/eseqiv.c +@@ -267,3 +267,4 @@ module_exit(eseqiv_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Encrypted Sequence Number IV Generator"); ++MODULE_ALIAS_CRYPTO("eseqiv"); +--- a/crypto/gcm.c ++++ b/crypto/gcm.c +@@ -1444,3 +1444,4 @@ MODULE_AUTHOR("Mikko Herranen "); + MODULE_DESCRIPTION("Parallel crypto wrapper"); ++MODULE_ALIAS_CRYPTO("pcrypt"); +--- a/crypto/seqiv.c ++++ b/crypto/seqiv.c +@@ -362,3 +362,4 @@ module_exit(seqiv_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Sequence Number IV Generator"); ++MODULE_ALIAS_CRYPTO("seqiv"); +--- a/crypto/vmac.c ++++ b/crypto/vmac.c +@@ -713,3 +713,4 @@ module_exit(vmac_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("VMAC hash algorithm"); ++MODULE_ALIAS_CRYPTO("vmac"); +--- a/crypto/xcbc.c ++++ b/crypto/xcbc.c +@@ -286,3 +286,4 @@ module_exit(crypto_xcbc_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("XCBC keyed hash algorithm"); ++MODULE_ALIAS_CRYPTO("xcbc"); +--- a/crypto/xts.c ++++ b/crypto/xts.c +@@ -362,3 +362,4 @@ module_exit(crypto_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("XTS block cipher mode"); ++MODULE_ALIAS_CRYPTO("xts"); diff --git a/debian/patches/bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch b/debian/patches/bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch new file mode 100644 index 000000000..127601af8 --- /dev/null +++ b/debian/patches/bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch @@ -0,0 +1,995 @@ +From: Kees Cook +Date: Thu, 20 Nov 2014 17:05:53 -0800 +Subject: crypto: prefix module autoloading with "crypto-" +Origin: https://git.kernel.org/linus/5d26a105b5a73e5635eae0629b42fa0a90e07b7b + +This prefixes all crypto module loading with "crypto-" so we never run +the risk of exposing module auto-loading to userspace via a crypto API, +as demonstrated by Mathias Krause: + +https://lkml.org/lkml/2013/3/4/70 + +Signed-off-by: Kees Cook +Signed-off-by: Herbert Xu +[bwh: Backported to 3.16: drop changes to drivers we don't have] +--- + arch/arm/crypto/aes_glue.c | 4 ++-- + arch/arm/crypto/sha1_glue.c | 2 +- + arch/arm64/crypto/aes-ce-ccm-glue.c | 2 +- + arch/arm64/crypto/aes-glue.c | 8 ++++---- + arch/powerpc/crypto/sha1.c | 2 +- + arch/s390/crypto/aes_s390.c | 2 +- + arch/s390/crypto/des_s390.c | 4 ++-- + arch/s390/crypto/ghash_s390.c | 2 +- + arch/s390/crypto/sha1_s390.c | 2 +- + arch/s390/crypto/sha256_s390.c | 4 ++-- + arch/s390/crypto/sha512_s390.c | 4 ++-- + arch/sparc/crypto/aes_glue.c | 2 +- + arch/sparc/crypto/camellia_glue.c | 2 +- + arch/sparc/crypto/crc32c_glue.c | 2 +- + arch/sparc/crypto/des_glue.c | 2 +- + arch/sparc/crypto/md5_glue.c | 2 +- + arch/sparc/crypto/sha1_glue.c | 2 +- + arch/sparc/crypto/sha256_glue.c | 4 ++-- + arch/sparc/crypto/sha512_glue.c | 4 ++-- + arch/x86/crypto/aes_glue.c | 4 ++-- + arch/x86/crypto/aesni-intel_glue.c | 2 +- + arch/x86/crypto/blowfish_glue.c | 4 ++-- + arch/x86/crypto/camellia_aesni_avx2_glue.c | 4 ++-- + arch/x86/crypto/camellia_aesni_avx_glue.c | 4 ++-- + arch/x86/crypto/camellia_glue.c | 4 ++-- + arch/x86/crypto/cast5_avx_glue.c | 2 +- + arch/x86/crypto/cast6_avx_glue.c | 2 +- + arch/x86/crypto/crc32-pclmul_glue.c | 4 ++-- + arch/x86/crypto/crc32c-intel_glue.c | 4 ++-- + arch/x86/crypto/crct10dif-pclmul_glue.c | 4 ++-- + arch/x86/crypto/ghash-clmulni-intel_glue.c | 2 +- + arch/x86/crypto/salsa20_glue.c | 4 ++-- + arch/x86/crypto/serpent_avx2_glue.c | 4 ++-- + arch/x86/crypto/serpent_avx_glue.c | 2 +- + arch/x86/crypto/serpent_sse2_glue.c | 2 +- + arch/x86/crypto/sha1_ssse3_glue.c | 2 +- + arch/x86/crypto/sha256_ssse3_glue.c | 4 ++-- + arch/x86/crypto/sha512_ssse3_glue.c | 4 ++-- + arch/x86/crypto/twofish_avx_glue.c | 2 +- + arch/x86/crypto/twofish_glue.c | 4 ++-- + arch/x86/crypto/twofish_glue_3way.c | 4 ++-- + crypto/842.c | 1 + + crypto/aes_generic.c | 2 +- + crypto/ansi_cprng.c | 2 +- + crypto/anubis.c | 1 + + crypto/api.c | 4 ++-- + crypto/arc4.c | 1 + + crypto/blowfish_generic.c | 2 +- + crypto/camellia_generic.c | 2 +- + crypto/cast5_generic.c | 2 +- + crypto/cast6_generic.c | 2 +- + crypto/ccm.c | 4 ++-- + crypto/crc32.c | 1 + + crypto/crc32c_generic.c | 2 +- + crypto/crct10dif_generic.c | 2 +- + crypto/crypto_null.c | 6 +++--- + crypto/ctr.c | 2 +- + crypto/deflate.c | 2 +- + crypto/des_generic.c | 2 +- + crypto/fcrypt.c | 1 + + crypto/gcm.c | 6 +++--- + crypto/ghash-generic.c | 2 +- + crypto/khazad.c | 1 + + crypto/krng.c | 2 +- + crypto/lz4.c | 1 + + crypto/lz4hc.c | 1 + + crypto/lzo.c | 1 + + crypto/md4.c | 2 +- + crypto/md5.c | 1 + + crypto/michael_mic.c | 1 + + crypto/rmd128.c | 1 + + crypto/rmd160.c | 1 + + crypto/rmd256.c | 1 + + crypto/rmd320.c | 1 + + crypto/salsa20_generic.c | 2 +- + crypto/seed.c | 1 + + crypto/serpent_generic.c | 4 ++-- + crypto/sha1_generic.c | 2 +- + crypto/sha256_generic.c | 4 ++-- + crypto/sha512_generic.c | 4 ++-- + crypto/tea.c | 4 ++-- + crypto/tgr192.c | 4 ++-- + crypto/twofish_generic.c | 2 +- + crypto/wp512.c | 4 ++-- + crypto/zlib.c | 1 + + drivers/crypto/padlock-aes.c | 2 +- + drivers/crypto/padlock-sha.c | 8 ++++---- + drivers/crypto/ux500/cryp/cryp_core.c | 4 ++-- + drivers/crypto/ux500/hash/hash_core.c | 8 ++++---- + drivers/s390/crypto/ap_bus.c | 3 ++- + include/linux/crypto.h | 13 +++++++++++++ + +--- a/arch/arm/crypto/aes_glue.c ++++ b/arch/arm/crypto/aes_glue.c +@@ -93,6 +93,6 @@ module_exit(aes_fini); + + MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm (ASM)"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS("aes"); +-MODULE_ALIAS("aes-asm"); ++MODULE_ALIAS_CRYPTO("aes"); ++MODULE_ALIAS_CRYPTO("aes-asm"); + MODULE_AUTHOR("David McCullough "); +--- a/arch/arm/crypto/sha1_glue.c ++++ b/arch/arm/crypto/sha1_glue.c +@@ -175,5 +175,5 @@ module_exit(sha1_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm (ARM)"); +-MODULE_ALIAS("sha1"); ++MODULE_ALIAS_CRYPTO("sha1"); + MODULE_AUTHOR("David McCullough "); +--- a/arch/arm64/crypto/aes-ce-ccm-glue.c ++++ b/arch/arm64/crypto/aes-ce-ccm-glue.c +@@ -294,4 +294,4 @@ module_exit(aes_mod_exit); + MODULE_DESCRIPTION("Synchronous AES in CCM mode using ARMv8 Crypto Extensions"); + MODULE_AUTHOR("Ard Biesheuvel "); + MODULE_LICENSE("GPL v2"); +-MODULE_ALIAS("ccm(aes)"); ++MODULE_ALIAS_CRYPTO("ccm(aes)"); +--- a/arch/arm64/crypto/aes-glue.c ++++ b/arch/arm64/crypto/aes-glue.c +@@ -38,10 +38,10 @@ MODULE_DESCRIPTION("AES-ECB/CBC/CTR/XTS + #define aes_xts_encrypt neon_aes_xts_encrypt + #define aes_xts_decrypt neon_aes_xts_decrypt + MODULE_DESCRIPTION("AES-ECB/CBC/CTR/XTS using ARMv8 NEON"); +-MODULE_ALIAS("ecb(aes)"); +-MODULE_ALIAS("cbc(aes)"); +-MODULE_ALIAS("ctr(aes)"); +-MODULE_ALIAS("xts(aes)"); ++MODULE_ALIAS_CRYPTO("ecb(aes)"); ++MODULE_ALIAS_CRYPTO("cbc(aes)"); ++MODULE_ALIAS_CRYPTO("ctr(aes)"); ++MODULE_ALIAS_CRYPTO("xts(aes)"); + #endif + + MODULE_AUTHOR("Ard Biesheuvel "); +--- a/arch/powerpc/crypto/sha1.c ++++ b/arch/powerpc/crypto/sha1.c +@@ -154,4 +154,4 @@ module_exit(sha1_powerpc_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm"); + +-MODULE_ALIAS("sha1-powerpc"); ++MODULE_ALIAS_CRYPTO("sha1-powerpc"); +--- a/arch/s390/crypto/aes_s390.c ++++ b/arch/s390/crypto/aes_s390.c +@@ -979,7 +979,7 @@ static void __exit aes_s390_fini(void) + module_init(aes_s390_init); + module_exit(aes_s390_fini); + +-MODULE_ALIAS("aes-all"); ++MODULE_ALIAS_CRYPTO("aes-all"); + + MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm"); + MODULE_LICENSE("GPL"); +--- a/arch/s390/crypto/des_s390.c ++++ b/arch/s390/crypto/des_s390.c +@@ -619,8 +619,8 @@ static void __exit des_s390_exit(void) + module_init(des_s390_init); + module_exit(des_s390_exit); + +-MODULE_ALIAS("des"); +-MODULE_ALIAS("des3_ede"); ++MODULE_ALIAS_CRYPTO("des"); ++MODULE_ALIAS_CRYPTO("des3_ede"); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms"); +--- a/arch/s390/crypto/ghash_s390.c ++++ b/arch/s390/crypto/ghash_s390.c +@@ -160,7 +160,7 @@ static void __exit ghash_mod_exit(void) + module_init(ghash_mod_init); + module_exit(ghash_mod_exit); + +-MODULE_ALIAS("ghash"); ++MODULE_ALIAS_CRYPTO("ghash"); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("GHASH Message Digest Algorithm, s390 implementation"); +--- a/arch/s390/crypto/sha1_s390.c ++++ b/arch/s390/crypto/sha1_s390.c +@@ -103,6 +103,6 @@ static void __exit sha1_s390_fini(void) + module_init(sha1_s390_init); + module_exit(sha1_s390_fini); + +-MODULE_ALIAS("sha1"); ++MODULE_ALIAS_CRYPTO("sha1"); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm"); +--- a/arch/s390/crypto/sha256_s390.c ++++ b/arch/s390/crypto/sha256_s390.c +@@ -143,7 +143,7 @@ static void __exit sha256_s390_fini(void + module_init(sha256_s390_init); + module_exit(sha256_s390_fini); + +-MODULE_ALIAS("sha256"); +-MODULE_ALIAS("sha224"); ++MODULE_ALIAS_CRYPTO("sha256"); ++MODULE_ALIAS_CRYPTO("sha224"); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA256 and SHA224 Secure Hash Algorithm"); +--- a/arch/s390/crypto/sha512_s390.c ++++ b/arch/s390/crypto/sha512_s390.c +@@ -86,7 +86,7 @@ static struct shash_alg sha512_alg = { + } + }; + +-MODULE_ALIAS("sha512"); ++MODULE_ALIAS_CRYPTO("sha512"); + + static int sha384_init(struct shash_desc *desc) + { +@@ -126,7 +126,7 @@ static struct shash_alg sha384_alg = { + } + }; + +-MODULE_ALIAS("sha384"); ++MODULE_ALIAS_CRYPTO("sha384"); + + static int __init init(void) + { +--- a/arch/sparc/crypto/aes_glue.c ++++ b/arch/sparc/crypto/aes_glue.c +@@ -499,6 +499,6 @@ module_exit(aes_sparc64_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("AES Secure Hash Algorithm, sparc64 aes opcode accelerated"); + +-MODULE_ALIAS("aes"); ++MODULE_ALIAS_CRYPTO("aes"); + + #include "crop_devid.c" +--- a/arch/sparc/crypto/camellia_glue.c ++++ b/arch/sparc/crypto/camellia_glue.c +@@ -322,6 +322,6 @@ module_exit(camellia_sparc64_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Camellia Cipher Algorithm, sparc64 camellia opcode accelerated"); + +-MODULE_ALIAS("aes"); ++MODULE_ALIAS_CRYPTO("aes"); + + #include "crop_devid.c" +--- a/arch/sparc/crypto/crc32c_glue.c ++++ b/arch/sparc/crypto/crc32c_glue.c +@@ -176,6 +176,6 @@ module_exit(crc32c_sparc64_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("CRC32c (Castagnoli), sparc64 crc32c opcode accelerated"); + +-MODULE_ALIAS("crc32c"); ++MODULE_ALIAS_CRYPTO("crc32c"); + + #include "crop_devid.c" +--- a/arch/sparc/crypto/des_glue.c ++++ b/arch/sparc/crypto/des_glue.c +@@ -532,6 +532,6 @@ module_exit(des_sparc64_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms, sparc64 des opcode accelerated"); + +-MODULE_ALIAS("des"); ++MODULE_ALIAS_CRYPTO("des"); + + #include "crop_devid.c" +--- a/arch/sparc/crypto/md5_glue.c ++++ b/arch/sparc/crypto/md5_glue.c +@@ -185,6 +185,6 @@ module_exit(md5_sparc64_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("MD5 Secure Hash Algorithm, sparc64 md5 opcode accelerated"); + +-MODULE_ALIAS("md5"); ++MODULE_ALIAS_CRYPTO("md5"); + + #include "crop_devid.c" +--- a/arch/sparc/crypto/sha1_glue.c ++++ b/arch/sparc/crypto/sha1_glue.c +@@ -180,6 +180,6 @@ module_exit(sha1_sparc64_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm, sparc64 sha1 opcode accelerated"); + +-MODULE_ALIAS("sha1"); ++MODULE_ALIAS_CRYPTO("sha1"); + + #include "crop_devid.c" +--- a/arch/sparc/crypto/sha256_glue.c ++++ b/arch/sparc/crypto/sha256_glue.c +@@ -237,7 +237,7 @@ module_exit(sha256_sparc64_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA-224 and SHA-256 Secure Hash Algorithm, sparc64 sha256 opcode accelerated"); + +-MODULE_ALIAS("sha224"); +-MODULE_ALIAS("sha256"); ++MODULE_ALIAS_CRYPTO("sha224"); ++MODULE_ALIAS_CRYPTO("sha256"); + + #include "crop_devid.c" +--- a/arch/sparc/crypto/sha512_glue.c ++++ b/arch/sparc/crypto/sha512_glue.c +@@ -222,7 +222,7 @@ module_exit(sha512_sparc64_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA-384 and SHA-512 Secure Hash Algorithm, sparc64 sha512 opcode accelerated"); + +-MODULE_ALIAS("sha384"); +-MODULE_ALIAS("sha512"); ++MODULE_ALIAS_CRYPTO("sha384"); ++MODULE_ALIAS_CRYPTO("sha512"); + + #include "crop_devid.c" +--- a/arch/x86/crypto/aes_glue.c ++++ b/arch/x86/crypto/aes_glue.c +@@ -66,5 +66,5 @@ module_exit(aes_fini); + + MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm, asm optimized"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS("aes"); +-MODULE_ALIAS("aes-asm"); ++MODULE_ALIAS_CRYPTO("aes"); ++MODULE_ALIAS_CRYPTO("aes-asm"); +--- a/arch/x86/crypto/aesni-intel_glue.c ++++ b/arch/x86/crypto/aesni-intel_glue.c +@@ -1514,4 +1514,4 @@ module_exit(aesni_exit); + + MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm, Intel AES-NI instructions optimized"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS("aes"); ++MODULE_ALIAS_CRYPTO("aes"); +--- a/arch/x86/crypto/blowfish_glue.c ++++ b/arch/x86/crypto/blowfish_glue.c +@@ -478,5 +478,5 @@ module_exit(fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Blowfish Cipher Algorithm, asm optimized"); +-MODULE_ALIAS("blowfish"); +-MODULE_ALIAS("blowfish-asm"); ++MODULE_ALIAS_CRYPTO("blowfish"); ++MODULE_ALIAS_CRYPTO("blowfish-asm"); +--- a/arch/x86/crypto/camellia_aesni_avx2_glue.c ++++ b/arch/x86/crypto/camellia_aesni_avx2_glue.c +@@ -582,5 +582,5 @@ module_exit(camellia_aesni_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Camellia Cipher Algorithm, AES-NI/AVX2 optimized"); +-MODULE_ALIAS("camellia"); +-MODULE_ALIAS("camellia-asm"); ++MODULE_ALIAS_CRYPTO("camellia"); ++MODULE_ALIAS_CRYPTO("camellia-asm"); +--- a/arch/x86/crypto/camellia_aesni_avx_glue.c ++++ b/arch/x86/crypto/camellia_aesni_avx_glue.c +@@ -574,5 +574,5 @@ module_exit(camellia_aesni_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Camellia Cipher Algorithm, AES-NI/AVX optimized"); +-MODULE_ALIAS("camellia"); +-MODULE_ALIAS("camellia-asm"); ++MODULE_ALIAS_CRYPTO("camellia"); ++MODULE_ALIAS_CRYPTO("camellia-asm"); +--- a/arch/x86/crypto/camellia_glue.c ++++ b/arch/x86/crypto/camellia_glue.c +@@ -1725,5 +1725,5 @@ module_exit(fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Camellia Cipher Algorithm, asm optimized"); +-MODULE_ALIAS("camellia"); +-MODULE_ALIAS("camellia-asm"); ++MODULE_ALIAS_CRYPTO("camellia"); ++MODULE_ALIAS_CRYPTO("camellia-asm"); +--- a/arch/x86/crypto/cast5_avx_glue.c ++++ b/arch/x86/crypto/cast5_avx_glue.c +@@ -491,4 +491,4 @@ module_exit(cast5_exit); + + MODULE_DESCRIPTION("Cast5 Cipher Algorithm, AVX optimized"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS("cast5"); ++MODULE_ALIAS_CRYPTO("cast5"); +--- a/arch/x86/crypto/cast6_avx_glue.c ++++ b/arch/x86/crypto/cast6_avx_glue.c +@@ -611,4 +611,4 @@ module_exit(cast6_exit); + + MODULE_DESCRIPTION("Cast6 Cipher Algorithm, AVX optimized"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS("cast6"); ++MODULE_ALIAS_CRYPTO("cast6"); +--- a/arch/x86/crypto/crc32-pclmul_glue.c ++++ b/arch/x86/crypto/crc32-pclmul_glue.c +@@ -197,5 +197,5 @@ module_exit(crc32_pclmul_mod_fini); + MODULE_AUTHOR("Alexander Boyko "); + MODULE_LICENSE("GPL"); + +-MODULE_ALIAS("crc32"); +-MODULE_ALIAS("crc32-pclmul"); ++MODULE_ALIAS_CRYPTO("crc32"); ++MODULE_ALIAS_CRYPTO("crc32-pclmul"); +--- a/arch/x86/crypto/crc32c-intel_glue.c ++++ b/arch/x86/crypto/crc32c-intel_glue.c +@@ -280,5 +280,5 @@ MODULE_AUTHOR("Austin Zhang "); ++MODULE_ALIAS_CRYPTO("arc4"); +--- a/crypto/blowfish_generic.c ++++ b/crypto/blowfish_generic.c +@@ -138,4 +138,4 @@ module_exit(blowfish_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Blowfish Cipher Algorithm"); +-MODULE_ALIAS("blowfish"); ++MODULE_ALIAS_CRYPTO("blowfish"); +--- a/crypto/camellia_generic.c ++++ b/crypto/camellia_generic.c +@@ -1098,4 +1098,4 @@ module_exit(camellia_fini); + + MODULE_DESCRIPTION("Camellia Cipher Algorithm"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS("camellia"); ++MODULE_ALIAS_CRYPTO("camellia"); +--- a/crypto/cast5_generic.c ++++ b/crypto/cast5_generic.c +@@ -549,4 +549,4 @@ module_exit(cast5_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Cast5 Cipher Algorithm"); +-MODULE_ALIAS("cast5"); ++MODULE_ALIAS_CRYPTO("cast5"); +--- a/crypto/cast6_generic.c ++++ b/crypto/cast6_generic.c +@@ -291,4 +291,4 @@ module_exit(cast6_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Cast6 Cipher Algorithm"); +-MODULE_ALIAS("cast6"); ++MODULE_ALIAS_CRYPTO("cast6"); +--- a/crypto/ccm.c ++++ b/crypto/ccm.c +@@ -879,5 +879,5 @@ module_exit(crypto_ccm_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Counter with CBC MAC"); +-MODULE_ALIAS("ccm_base"); +-MODULE_ALIAS("rfc4309"); ++MODULE_ALIAS_CRYPTO("ccm_base"); ++MODULE_ALIAS_CRYPTO("rfc4309"); +--- a/crypto/crc32.c ++++ b/crypto/crc32.c +@@ -156,3 +156,4 @@ module_exit(crc32_mod_fini); + MODULE_AUTHOR("Alexander Boyko "); + MODULE_DESCRIPTION("CRC32 calculations wrapper for lib/crc32"); + MODULE_LICENSE("GPL"); ++MODULE_ALIAS_CRYPTO("crc32"); +--- a/crypto/crc32c_generic.c ++++ b/crypto/crc32c_generic.c +@@ -170,5 +170,5 @@ module_exit(crc32c_mod_fini); + MODULE_AUTHOR("Clay Haapala "); + MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations wrapper for lib/crc32c"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS("crc32c"); ++MODULE_ALIAS_CRYPTO("crc32c"); + MODULE_SOFTDEP("pre: crc32c"); +--- a/crypto/crct10dif_generic.c ++++ b/crypto/crct10dif_generic.c +@@ -124,4 +124,4 @@ module_exit(crct10dif_mod_fini); + MODULE_AUTHOR("Tim Chen "); + MODULE_DESCRIPTION("T10 DIF CRC calculation."); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS("crct10dif"); ++MODULE_ALIAS_CRYPTO("crct10dif"); +--- a/crypto/crypto_null.c ++++ b/crypto/crypto_null.c +@@ -145,9 +145,9 @@ static struct crypto_alg null_algs[3] = + .coa_decompress = null_compress } } + } }; + +-MODULE_ALIAS("compress_null"); +-MODULE_ALIAS("digest_null"); +-MODULE_ALIAS("cipher_null"); ++MODULE_ALIAS_CRYPTO("compress_null"); ++MODULE_ALIAS_CRYPTO("digest_null"); ++MODULE_ALIAS_CRYPTO("cipher_null"); + + static int __init crypto_null_mod_init(void) + { +--- a/crypto/ctr.c ++++ b/crypto/ctr.c +@@ -466,4 +466,4 @@ module_exit(crypto_ctr_module_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("CTR Counter block mode"); +-MODULE_ALIAS("rfc3686"); ++MODULE_ALIAS_CRYPTO("rfc3686"); +--- a/crypto/deflate.c ++++ b/crypto/deflate.c +@@ -222,4 +222,4 @@ module_exit(deflate_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Deflate Compression Algorithm for IPCOMP"); + MODULE_AUTHOR("James Morris "); +- ++MODULE_ALIAS_CRYPTO("deflate"); +--- a/crypto/des_generic.c ++++ b/crypto/des_generic.c +@@ -971,7 +971,7 @@ static struct crypto_alg des_algs[2] = { + .cia_decrypt = des3_ede_decrypt } } + } }; + +-MODULE_ALIAS("des3_ede"); ++MODULE_ALIAS_CRYPTO("des3_ede"); + + static int __init des_generic_mod_init(void) + { +--- a/crypto/fcrypt.c ++++ b/crypto/fcrypt.c +@@ -420,3 +420,4 @@ module_exit(fcrypt_mod_fini); + MODULE_LICENSE("Dual BSD/GPL"); + MODULE_DESCRIPTION("FCrypt Cipher Algorithm"); + MODULE_AUTHOR("David Howells "); ++MODULE_ALIAS_CRYPTO("fcrypt"); +--- a/crypto/gcm.c ++++ b/crypto/gcm.c +@@ -1441,6 +1441,6 @@ module_exit(crypto_gcm_module_exit); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Galois/Counter Mode"); + MODULE_AUTHOR("Mikko Herranen "); +-MODULE_ALIAS("gcm_base"); +-MODULE_ALIAS("rfc4106"); +-MODULE_ALIAS("rfc4543"); ++MODULE_ALIAS_CRYPTO("gcm_base"); ++MODULE_ALIAS_CRYPTO("rfc4106"); ++MODULE_ALIAS_CRYPTO("rfc4543"); +--- a/crypto/ghash-generic.c ++++ b/crypto/ghash-generic.c +@@ -172,4 +172,4 @@ module_exit(ghash_mod_exit); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("GHASH Message Digest Algorithm"); +-MODULE_ALIAS("ghash"); ++MODULE_ALIAS_CRYPTO("ghash"); +--- a/crypto/khazad.c ++++ b/crypto/khazad.c +@@ -880,3 +880,4 @@ module_exit(khazad_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Khazad Cryptographic Algorithm"); ++MODULE_ALIAS_CRYPTO("khazad"); +--- a/crypto/krng.c ++++ b/crypto/krng.c +@@ -62,4 +62,4 @@ module_exit(krng_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Kernel Random Number Generator"); +-MODULE_ALIAS("stdrng"); ++MODULE_ALIAS_CRYPTO("stdrng"); +--- a/crypto/lz4.c ++++ b/crypto/lz4.c +@@ -104,3 +104,4 @@ module_exit(lz4_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("LZ4 Compression Algorithm"); ++MODULE_ALIAS_CRYPTO("lz4"); +--- a/crypto/lz4hc.c ++++ b/crypto/lz4hc.c +@@ -104,3 +104,4 @@ module_exit(lz4hc_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("LZ4HC Compression Algorithm"); ++MODULE_ALIAS_CRYPTO("lz4hc"); +--- a/crypto/lzo.c ++++ b/crypto/lzo.c +@@ -103,3 +103,4 @@ module_exit(lzo_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("LZO Compression Algorithm"); ++MODULE_ALIAS_CRYPTO("lzo"); +--- a/crypto/md4.c ++++ b/crypto/md4.c +@@ -255,4 +255,4 @@ module_exit(md4_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("MD4 Message Digest Algorithm"); +- ++MODULE_ALIAS_CRYPTO("md4"); +--- a/crypto/md5.c ++++ b/crypto/md5.c +@@ -168,3 +168,4 @@ module_exit(md5_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("MD5 Message Digest Algorithm"); ++MODULE_ALIAS_CRYPTO("md5"); +--- a/crypto/michael_mic.c ++++ b/crypto/michael_mic.c +@@ -184,3 +184,4 @@ module_exit(michael_mic_exit); + MODULE_LICENSE("GPL v2"); + MODULE_DESCRIPTION("Michael MIC"); + MODULE_AUTHOR("Jouni Malinen "); ++MODULE_ALIAS_CRYPTO("michael_mic"); +--- a/crypto/rmd128.c ++++ b/crypto/rmd128.c +@@ -327,3 +327,4 @@ module_exit(rmd128_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Adrian-Ken Rueegsegger "); + MODULE_DESCRIPTION("RIPEMD-128 Message Digest"); ++MODULE_ALIAS_CRYPTO("rmd128"); +--- a/crypto/rmd160.c ++++ b/crypto/rmd160.c +@@ -371,3 +371,4 @@ module_exit(rmd160_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Adrian-Ken Rueegsegger "); + MODULE_DESCRIPTION("RIPEMD-160 Message Digest"); ++MODULE_ALIAS_CRYPTO("rmd160"); +--- a/crypto/rmd256.c ++++ b/crypto/rmd256.c +@@ -346,3 +346,4 @@ module_exit(rmd256_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Adrian-Ken Rueegsegger "); + MODULE_DESCRIPTION("RIPEMD-256 Message Digest"); ++MODULE_ALIAS_CRYPTO("rmd256"); +--- a/crypto/rmd320.c ++++ b/crypto/rmd320.c +@@ -395,3 +395,4 @@ module_exit(rmd320_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Adrian-Ken Rueegsegger "); + MODULE_DESCRIPTION("RIPEMD-320 Message Digest"); ++MODULE_ALIAS_CRYPTO("rmd320"); +--- a/crypto/salsa20_generic.c ++++ b/crypto/salsa20_generic.c +@@ -248,4 +248,4 @@ module_exit(salsa20_generic_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION ("Salsa20 stream cipher algorithm"); +-MODULE_ALIAS("salsa20"); ++MODULE_ALIAS_CRYPTO("salsa20"); +--- a/crypto/seed.c ++++ b/crypto/seed.c +@@ -476,3 +476,4 @@ module_exit(seed_fini); + MODULE_DESCRIPTION("SEED Cipher Algorithm"); + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Hye-Shik Chang , Kim Hyun "); ++MODULE_ALIAS_CRYPTO("seed"); +--- a/crypto/serpent_generic.c ++++ b/crypto/serpent_generic.c +@@ -665,5 +665,5 @@ module_exit(serpent_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Serpent and tnepres (kerneli compatible serpent reversed) Cipher Algorithm"); + MODULE_AUTHOR("Dag Arne Osvik "); +-MODULE_ALIAS("tnepres"); +-MODULE_ALIAS("serpent"); ++MODULE_ALIAS_CRYPTO("tnepres"); ++MODULE_ALIAS_CRYPTO("serpent"); +--- a/crypto/sha1_generic.c ++++ b/crypto/sha1_generic.c +@@ -153,4 +153,4 @@ module_exit(sha1_generic_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm"); + +-MODULE_ALIAS("sha1"); ++MODULE_ALIAS_CRYPTO("sha1"); +--- a/crypto/sha256_generic.c ++++ b/crypto/sha256_generic.c +@@ -384,5 +384,5 @@ module_exit(sha256_generic_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA-224 and SHA-256 Secure Hash Algorithm"); + +-MODULE_ALIAS("sha224"); +-MODULE_ALIAS("sha256"); ++MODULE_ALIAS_CRYPTO("sha224"); ++MODULE_ALIAS_CRYPTO("sha256"); +--- a/crypto/sha512_generic.c ++++ b/crypto/sha512_generic.c +@@ -287,5 +287,5 @@ module_exit(sha512_generic_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("SHA-512 and SHA-384 Secure Hash Algorithms"); + +-MODULE_ALIAS("sha384"); +-MODULE_ALIAS("sha512"); ++MODULE_ALIAS_CRYPTO("sha384"); ++MODULE_ALIAS_CRYPTO("sha512"); +--- a/crypto/tea.c ++++ b/crypto/tea.c +@@ -270,8 +270,8 @@ static void __exit tea_mod_fini(void) + crypto_unregister_algs(tea_algs, ARRAY_SIZE(tea_algs)); + } + +-MODULE_ALIAS("xtea"); +-MODULE_ALIAS("xeta"); ++MODULE_ALIAS_CRYPTO("xtea"); ++MODULE_ALIAS_CRYPTO("xeta"); + + module_init(tea_mod_init); + module_exit(tea_mod_fini); +--- a/crypto/tgr192.c ++++ b/crypto/tgr192.c +@@ -676,8 +676,8 @@ static void __exit tgr192_mod_fini(void) + crypto_unregister_shashes(tgr_algs, ARRAY_SIZE(tgr_algs)); + } + +-MODULE_ALIAS("tgr160"); +-MODULE_ALIAS("tgr128"); ++MODULE_ALIAS_CRYPTO("tgr160"); ++MODULE_ALIAS_CRYPTO("tgr128"); + + module_init(tgr192_mod_init); + module_exit(tgr192_mod_fini); +--- a/crypto/twofish_generic.c ++++ b/crypto/twofish_generic.c +@@ -211,4 +211,4 @@ module_exit(twofish_mod_fini); + + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION ("Twofish Cipher Algorithm"); +-MODULE_ALIAS("twofish"); ++MODULE_ALIAS_CRYPTO("twofish"); +--- a/crypto/wp512.c ++++ b/crypto/wp512.c +@@ -1167,8 +1167,8 @@ static void __exit wp512_mod_fini(void) + crypto_unregister_shashes(wp_algs, ARRAY_SIZE(wp_algs)); + } + +-MODULE_ALIAS("wp384"); +-MODULE_ALIAS("wp256"); ++MODULE_ALIAS_CRYPTO("wp384"); ++MODULE_ALIAS_CRYPTO("wp256"); + + module_init(wp512_mod_init); + module_exit(wp512_mod_fini); +--- a/crypto/zlib.c ++++ b/crypto/zlib.c +@@ -378,3 +378,4 @@ module_exit(zlib_mod_fini); + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Zlib Compression Algorithm"); + MODULE_AUTHOR("Sony Corporation"); ++MODULE_ALIAS_CRYPTO("zlib"); +--- a/drivers/crypto/padlock-aes.c ++++ b/drivers/crypto/padlock-aes.c +@@ -563,4 +563,4 @@ MODULE_DESCRIPTION("VIA PadLock AES algo + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Michal Ludvig"); + +-MODULE_ALIAS("aes"); ++MODULE_ALIAS_CRYPTO("aes"); +--- a/drivers/crypto/padlock-sha.c ++++ b/drivers/crypto/padlock-sha.c +@@ -593,7 +593,7 @@ MODULE_DESCRIPTION("VIA PadLock SHA1/SHA + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Michal Ludvig"); + +-MODULE_ALIAS("sha1-all"); +-MODULE_ALIAS("sha256-all"); +-MODULE_ALIAS("sha1-padlock"); +-MODULE_ALIAS("sha256-padlock"); ++MODULE_ALIAS_CRYPTO("sha1-all"); ++MODULE_ALIAS_CRYPTO("sha256-all"); ++MODULE_ALIAS_CRYPTO("sha1-padlock"); ++MODULE_ALIAS_CRYPTO("sha256-padlock"); +--- a/drivers/crypto/ux500/cryp/cryp_core.c ++++ b/drivers/crypto/ux500/cryp/cryp_core.c +@@ -1810,7 +1810,7 @@ module_exit(ux500_cryp_mod_fini); + module_param(cryp_mode, int, 0); + + MODULE_DESCRIPTION("Driver for ST-Ericsson UX500 CRYP crypto engine."); +-MODULE_ALIAS("aes-all"); +-MODULE_ALIAS("des-all"); ++MODULE_ALIAS_CRYPTO("aes-all"); ++MODULE_ALIAS_CRYPTO("des-all"); + + MODULE_LICENSE("GPL"); +--- a/drivers/crypto/ux500/hash/hash_core.c ++++ b/drivers/crypto/ux500/hash/hash_core.c +@@ -1995,7 +1995,7 @@ module_exit(ux500_hash_mod_fini); + MODULE_DESCRIPTION("Driver for ST-Ericsson UX500 HASH engine."); + MODULE_LICENSE("GPL"); + +-MODULE_ALIAS("sha1-all"); +-MODULE_ALIAS("sha256-all"); +-MODULE_ALIAS("hmac-sha1-all"); +-MODULE_ALIAS("hmac-sha256-all"); ++MODULE_ALIAS_CRYPTO("sha1-all"); ++MODULE_ALIAS_CRYPTO("sha256-all"); ++MODULE_ALIAS_CRYPTO("hmac-sha1-all"); ++MODULE_ALIAS_CRYPTO("hmac-sha256-all"); +--- a/drivers/s390/crypto/ap_bus.c ++++ b/drivers/s390/crypto/ap_bus.c +@@ -44,6 +44,7 @@ + #include + #include + #include ++#include + + #include "ap_bus.h" + +@@ -71,7 +72,7 @@ MODULE_AUTHOR("IBM Corporation"); + MODULE_DESCRIPTION("Adjunct Processor Bus driver, " \ + "Copyright IBM Corp. 2006, 2012"); + MODULE_LICENSE("GPL"); +-MODULE_ALIAS("z90crypt"); ++MODULE_ALIAS_CRYPTO("z90crypt"); + + /* + * Module parameter +--- a/include/linux/crypto.h ++++ b/include/linux/crypto.h +@@ -26,6 +26,19 @@ + #include + + /* ++ * Autoloaded crypto modules should only use a prefixed name to avoid allowing ++ * arbitrary modules to be loaded. Loading from userspace may still need the ++ * unprefixed names, so retains those aliases as well. ++ * This uses __MODULE_INFO directly instead of MODULE_ALIAS because pre-4.3 ++ * gcc (e.g. avr32 toolchain) uses __LINE__ for uniqueness, and this macro ++ * expands twice on the same line. Instead, use a separate base name for the ++ * alias. ++ */ ++#define MODULE_ALIAS_CRYPTO(name) \ ++ __MODULE_INFO(alias, alias_userspace, name); \ ++ __MODULE_INFO(alias, alias_crypto, "crypto-" name) ++ ++/* + * Algorithm masks and types. + */ + #define CRYPTO_ALG_TYPE_MASK 0x0000000f diff --git a/debian/patches/series b/debian/patches/series index a1038a720..1b218f2d1 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -489,3 +489,6 @@ debian/vfs-avoid-abi-change-for-dentry-union-changes.patch debian/userns-fix-abi-change-in-3.16.7-ckt4.patch bugfix/all/netfilter-conntrack-disable-generic-tracking-for-kno.patch bugfix/x86/x86_64-vdso-fix-the-vdso-address-randomization-algor.patch +bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch +bugfix/all/crypto-include-crypto-module-prefix-in-template.patch +bugfix/all/crypto-add-missing-crypto-module-aliases.patch From 424adbaf17a2d2d7a4a342dfaac906dee314f9b0 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 27 Jan 2015 03:28:25 +0000 Subject: [PATCH 8/9] [x86] KVM security fixes svn path=/dists/sid/linux/; revision=22288 --- debian/changelog | 2 + ...reviously-incomplete-fix-for-cve-201.patch | 28 +++++++ ...kvm-x86-sysenter-emulation-is-broken.patch | 78 +++++++++++++++++++ debian/patches/series | 2 + 4 files changed, 110 insertions(+) create mode 100644 debian/patches/bugfix/x86/kvm-x86-fix-of-previously-incomplete-fix-for-cve-201.patch create mode 100644 debian/patches/bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch diff --git a/debian/changelog b/debian/changelog index 5e756a92a..4867dbef0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -17,6 +17,8 @@ linux (3.16.7-ckt4-2) UNRELEASED; urgency=medium - prefix module autoloading with "crypto-" - include crypto- module prefix in template - add missing crypto module aliases + * [x86] KVM: Fix of previously incomplete fix for CVE-2014-8480 + * [x86] KVM: SYSENTER emulation is broken (CVE-2015-0239) -- Ian Campbell Fri, 16 Jan 2015 15:14:32 +0000 diff --git a/debian/patches/bugfix/x86/kvm-x86-fix-of-previously-incomplete-fix-for-cve-201.patch b/debian/patches/bugfix/x86/kvm-x86-fix-of-previously-incomplete-fix-for-cve-201.patch new file mode 100644 index 000000000..70d9484f8 --- /dev/null +++ b/debian/patches/bugfix/x86/kvm-x86-fix-of-previously-incomplete-fix-for-cve-201.patch @@ -0,0 +1,28 @@ +From: Nadav Amit +Date: Thu, 8 Jan 2015 11:59:03 +0100 +Subject: KVM: x86: Fix of previously incomplete fix for CVE-2014-8480 +Origin: https://git.kernel.org/linus/63ea0a49ae0b145b91ff2b070c01b66fc75854b9 + +STR and SLDT with rip-relative operand can cause a host kernel oops. +Mark them as DstMem as well. + +Cc: stable@vger.linux.org +Signed-off-by: Nadav Amit +Signed-off-by: Paolo Bonzini +--- + arch/x86/kvm/emulate.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -3737,8 +3737,8 @@ static const struct opcode group5[] = { + }; + + static const struct opcode group6[] = { +- DI(Prot, sldt), +- DI(Prot, str), ++ DI(Prot | DstMem, sldt), ++ DI(Prot | DstMem, str), + II(Prot | Priv | SrcMem16, em_lldt, lldt), + II(Prot | Priv | SrcMem16, em_ltr, ltr), + N, N, N, N, diff --git a/debian/patches/bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch b/debian/patches/bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch new file mode 100644 index 000000000..3d7d7dd89 --- /dev/null +++ b/debian/patches/bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch @@ -0,0 +1,78 @@ +From: Nadav Amit +Date: Thu, 1 Jan 2015 23:11:11 +0200 +Subject: KVM: x86: SYSENTER emulation is broken +Origin: https://git.kernel.org/linus/f3747379accba8e95d70cec0eae0582c8c182050 + +SYSENTER emulation is broken in several ways: +1. It misses the case of 16-bit code segments completely (CVE-2015-0239). +2. MSR_IA32_SYSENTER_CS is checked in 64-bit mode incorrectly (bits 0 and 1 can + still be set without causing #GP). +3. MSR_IA32_SYSENTER_EIP and MSR_IA32_SYSENTER_ESP are not masked in + legacy-mode. +4. There is some unneeded code. + +Fix it. + +Cc: stable@vger.linux.org +Signed-off-by: Nadav Amit +Signed-off-by: Paolo Bonzini +[bwh: Backported to 3.16: adjust context] +--- + arch/x86/kvm/emulate.c | 27 ++++++++------------------- + 1 file changed, 8 insertions(+), 19 deletions(-) + +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -2302,7 +2302,7 @@ static int em_sysenter(struct x86_emulat + * Not recognized on AMD in compat mode (but is recognized in legacy + * mode). + */ +- if ((ctxt->mode == X86EMUL_MODE_PROT32) && (efer & EFER_LMA) ++ if ((ctxt->mode != X86EMUL_MODE_PROT64) && (efer & EFER_LMA) + && !vendor_intel(ctxt)) + return emulate_ud(ctxt); + +@@ -2315,25 +2315,13 @@ static int em_sysenter(struct x86_emulat + setup_syscalls_segments(ctxt, &cs, &ss); + + ops->get_msr(ctxt, MSR_IA32_SYSENTER_CS, &msr_data); +- switch (ctxt->mode) { +- case X86EMUL_MODE_PROT32: +- if ((msr_data & 0xfffc) == 0x0) +- return emulate_gp(ctxt, 0); +- break; +- case X86EMUL_MODE_PROT64: +- if (msr_data == 0x0) +- return emulate_gp(ctxt, 0); +- break; +- default: +- break; +- } ++ if ((msr_data & 0xfffc) == 0x0) ++ return emulate_gp(ctxt, 0); + + ctxt->eflags &= ~(EFLG_VM | EFLG_IF | EFLG_RF); +- cs_sel = (u16)msr_data; +- cs_sel &= ~SELECTOR_RPL_MASK; ++ cs_sel = (u16)msr_data & ~SELECTOR_RPL_MASK; + ss_sel = cs_sel + 8; +- ss_sel &= ~SELECTOR_RPL_MASK; +- if (ctxt->mode == X86EMUL_MODE_PROT64 || (efer & EFER_LMA)) { ++ if (efer & EFER_LMA) { + cs.d = 0; + cs.l = 1; + } +@@ -2342,10 +2330,11 @@ static int em_sysenter(struct x86_emulat + ops->set_segment(ctxt, ss_sel, &ss, 0, VCPU_SREG_SS); + + ops->get_msr(ctxt, MSR_IA32_SYSENTER_EIP, &msr_data); +- ctxt->_eip = msr_data; ++ ctxt->_eip = (efer & EFER_LMA) ? msr_data : (u32)msr_data; + + ops->get_msr(ctxt, MSR_IA32_SYSENTER_ESP, &msr_data); +- *reg_write(ctxt, VCPU_REGS_RSP) = msr_data; ++ *reg_write(ctxt, VCPU_REGS_RSP) = (efer & EFER_LMA) ? msr_data : ++ (u32)msr_data; + + return X86EMUL_CONTINUE; + } diff --git a/debian/patches/series b/debian/patches/series index 1b218f2d1..e18b22475 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -492,3 +492,5 @@ bugfix/x86/x86_64-vdso-fix-the-vdso-address-randomization-algor.patch bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch bugfix/all/crypto-include-crypto-module-prefix-in-template.patch bugfix/all/crypto-add-missing-crypto-module-aliases.patch +bugfix/x86/kvm-x86-fix-of-previously-incomplete-fix-for-cve-201.patch +bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch From 8f0b59a987d05172848cafea11bfe699bf173342 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 27 Jan 2015 19:13:35 +0000 Subject: [PATCH 9/9] Prepare to release linux (3.16.7-ckt4-2). svn path=/dists/sid/linux/; revision=22289 --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 4867dbef0..e26699a3f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -linux (3.16.7-ckt4-2) UNRELEASED; urgency=medium +linux (3.16.7-ckt4-2) unstable; urgency=medium [ Ian Campbell ] * [arm64] udeb: Remove zlib-modules, as ZLIB_DEFLATE is now @@ -20,7 +20,7 @@ linux (3.16.7-ckt4-2) UNRELEASED; urgency=medium * [x86] KVM: Fix of previously incomplete fix for CVE-2014-8480 * [x86] KVM: SYSENTER emulation is broken (CVE-2015-0239) - -- Ian Campbell Fri, 16 Jan 2015 15:14:32 +0000 + -- Ben Hutchings Tue, 27 Jan 2015 03:57:26 +0000 linux (3.16.7-ckt4-1) unstable; urgency=medium