Home Home > GIT Browse > SLE15-SP1-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Kosina <jkosina@suse.cz>2018-03-16 14:08:33 +0100
committerJiri Kosina <jkosina@suse.cz>2018-03-16 14:08:33 +0100
commitb3a1d7ad85b7516666d23210eb6729799a075016 (patch)
tree9a80006a7b5146fa9a99b0b7d7442cab895fc4ba
parentf93f788c11e6dde5a125c7618afe9f9ee418f800 (diff)
parent34f89b2ec551b2872c655afd3e0605fd1267266e (diff)
Merge remote-tracking branch 'origin/users/tiwai/SLE15/for-next' into SLE15rpm-4.12.14-15
Pull assorted fixes from Takashi Iwai Conflicts: series.conf
-rw-r--r--config/arm64/default1
-rw-r--r--config/x86_64/default1
-rw-r--r--patches.drivers/ALSA-hda-Revert-power_save-option-default-value3
-rw-r--r--patches.drivers/ALSA-seq-Clear-client-entry-before-deleting-else-at-3
-rw-r--r--patches.drivers/ALSA-seq-Fix-possible-UAF-in-snd_seq_check_queue3
-rw-r--r--patches.drivers/ima-do-not-update-security.ima-if-appraisal-status-i46
-rw-r--r--patches.drivers/ima-fix-hash-algorithm-initialization43
-rw-r--r--patches.drivers/pinctrl-intel-Add-Intel-Denverton-pin-controller-sup.patch355
-rw-r--r--patches.drivers/security-keys-BIG_KEY-requires-CONFIG_CRYPTO44
-rw-r--r--patches.drivers/security-keys-properly-zero-out-sensitive-key-materi74
-rw-r--r--patches.drivers/security-keys-rewrite-all-of-big_key-crypto298
-rw-r--r--patches.drivers/staging-bcm2835-audio-Fix-memory-corruption83
-rw-r--r--patches.drivers/staging-rtl8188eu-Fix-incorrect-response-to-SIOCGIWE53
-rw-r--r--patches.drivers/staging-rtl8188eu-avoid-a-null-dereference-on-pmlmep41
-rw-r--r--series.conf15
-rw-r--r--supported.conf6
16 files changed, 1060 insertions, 9 deletions
diff --git a/config/arm64/default b/config/arm64/default
index 86b6df3973..6a68e30e42 100644
--- a/config/arm64/default
+++ b/config/arm64/default
@@ -3589,6 +3589,7 @@ CONFIG_PINCTRL_BERLIN_BG4CT=y
CONFIG_PINCTRL_INTEL=m
# CONFIG_PINCTRL_BROXTON is not set
CONFIG_PINCTRL_CANNONLAKE=m
+# CONFIG_PINCTRL_DENVERTON is not set
# CONFIG_PINCTRL_GEMINILAKE is not set
# CONFIG_PINCTRL_SUNRISEPOINT is not set
CONFIG_PINCTRL_ARMADA_37XX=y
diff --git a/config/x86_64/default b/config/x86_64/default
index 3821500bb3..73faa46968 100644
--- a/config/x86_64/default
+++ b/config/x86_64/default
@@ -3681,6 +3681,7 @@ CONFIG_PINCTRL_CHERRYVIEW=m
CONFIG_PINCTRL_INTEL=m
CONFIG_PINCTRL_BROXTON=m
CONFIG_PINCTRL_CANNONLAKE=m
+CONFIG_PINCTRL_DENVERTON=m
CONFIG_PINCTRL_GEMINILAKE=m
CONFIG_PINCTRL_SUNRISEPOINT=m
CONFIG_GPIOLIB=y
diff --git a/patches.drivers/ALSA-hda-Revert-power_save-option-default-value b/patches.drivers/ALSA-hda-Revert-power_save-option-default-value
index 4402d5a397..6ad96d433c 100644
--- a/patches.drivers/ALSA-hda-Revert-power_save-option-default-value
+++ b/patches.drivers/ALSA-hda-Revert-power_save-option-default-value
@@ -3,8 +3,7 @@ From: Takashi Iwai <tiwai@suse.de>
Date: Mon, 12 Mar 2018 13:55:48 +0100
Subject: [PATCH] ALSA: hda - Revert power_save option default value
Git-commit: 40088dc4e1ead7df31728c73f5b51d71da18831d
-Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git
-Patch-mainline: Queued in subsystem maintainer repo
+Patch-mainline: v4.16 or v4.16-rc6 (next release)
References: bsc#1052235
With the commit 1ba8f9d30817 ("ALSA: hda: Add a power_save
diff --git a/patches.drivers/ALSA-seq-Clear-client-entry-before-deleting-else-at- b/patches.drivers/ALSA-seq-Clear-client-entry-before-deleting-else-at-
index 0cf747f748..3f19ec5936 100644
--- a/patches.drivers/ALSA-seq-Clear-client-entry-before-deleting-else-at-
+++ b/patches.drivers/ALSA-seq-Clear-client-entry-before-deleting-else-at-
@@ -3,8 +3,7 @@ From: Takashi Iwai <tiwai@suse.de>
Date: Fri, 9 Mar 2018 22:23:31 +0100
Subject: [PATCH] ALSA: seq: Clear client entry before deleting else at closing
Git-commit: a2ff19f7b70118ced291a28d5313469914de451b
-Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git
-Patch-mainline: Queued in subsystem maintainer repo
+Patch-mainline: v4.16 or v4.16-rc6 (next release)
References: CVE-2018-1000004,bsc#1076017
When releasing a client, we need to clear the clienttab[] entry at
diff --git a/patches.drivers/ALSA-seq-Fix-possible-UAF-in-snd_seq_check_queue b/patches.drivers/ALSA-seq-Fix-possible-UAF-in-snd_seq_check_queue
index 5b6ed7b53c..f0e8398fff 100644
--- a/patches.drivers/ALSA-seq-Fix-possible-UAF-in-snd_seq_check_queue
+++ b/patches.drivers/ALSA-seq-Fix-possible-UAF-in-snd_seq_check_queue
@@ -3,8 +3,7 @@ From: Takashi Iwai <tiwai@suse.de>
Date: Fri, 9 Mar 2018 21:58:28 +0100
Subject: [PATCH] ALSA: seq: Fix possible UAF in snd_seq_check_queue()
Git-commit: d0f833065221cbfcbadf19fd4102bcfa9330006a
-Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git
-Patch-mainline: Queued in subsystem maintainer repo
+Patch-mainline: v4.16 or v4.16-rc6 (next release)
References: CVE-2018-1000004,bsc#1076017
Although we've covered the races between concurrent write() and
diff --git a/patches.drivers/ima-do-not-update-security.ima-if-appraisal-status-i b/patches.drivers/ima-do-not-update-security.ima-if-appraisal-status-i
new file mode 100644
index 0000000000..81f826c976
--- /dev/null
+++ b/patches.drivers/ima-do-not-update-security.ima-if-appraisal-status-i
@@ -0,0 +1,46 @@
+From 020aae3ee58c1af0e7ffc4e2cc9fe4dc630338cb Mon Sep 17 00:00:00 2001
+From: Roberto Sassu <roberto.sassu@huawei.com>
+Date: Tue, 7 Nov 2017 11:37:07 +0100
+Subject: [PATCH] ima: do not update security.ima if appraisal status is not INTEGRITY_PASS
+Git-commit: 020aae3ee58c1af0e7ffc4e2cc9fe4dc630338cb
+Patch-mainline: v4.15-rc1
+References: bsc#1051510
+
+Commit b65a9cfc2c38 ("Untangling ima mess, part 2: deal with counters")
+moved the call of ima_file_check() from may_open() to do_filp_open() at a
+point where the file descriptor is already opened.
+
+This breaks the assumption made by IMA that file descriptors being closed
+belong to files whose access was granted by ima_file_check(). The
+consequence is that security.ima and security.evm are updated with good
+values, regardless of the current appraisal status.
+
+For example, if a file does not have security.ima, IMA will create it after
+opening the file for writing, even if access is denied. Access to the file
+will be allowed afterwards.
+
+Avoid this issue by checking the appraisal status before updating
+security.ima.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
+Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Signed-off-by: James Morris <james.l.morris@oracle.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ security/integrity/ima/ima_appraise.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/security/integrity/ima/ima_appraise.c
++++ b/security/integrity/ima/ima_appraise.c
+@@ -306,6 +306,9 @@ void ima_update_xattr(struct integrity_i
+ if (iint->flags & IMA_DIGSIG)
+ return;
+
++ if (iint->ima_file_status != INTEGRITY_PASS)
++ return;
++
+ rc = ima_collect_measurement(iint, file, NULL, 0, ima_hash_algo);
+ if (rc < 0)
+ return;
diff --git a/patches.drivers/ima-fix-hash-algorithm-initialization b/patches.drivers/ima-fix-hash-algorithm-initialization
new file mode 100644
index 0000000000..a033dcb069
--- /dev/null
+++ b/patches.drivers/ima-fix-hash-algorithm-initialization
@@ -0,0 +1,43 @@
+From ebe7c0a7be92bbd34c6ff5b55810546a0ee05bee Mon Sep 17 00:00:00 2001
+From: Boshi Wang <wangboshi@huawei.com>
+Date: Fri, 20 Oct 2017 16:01:03 +0800
+Subject: [PATCH] ima: fix hash algorithm initialization
+Git-commit: ebe7c0a7be92bbd34c6ff5b55810546a0ee05bee
+Patch-mainline: v4.15-rc1
+References: bsc#1051510
+
+The hash_setup function always sets the hash_setup_done flag, even
+when the hash algorithm is invalid. This prevents the default hash
+algorithm defined as CONFIG_IMA_DEFAULT_HASH from being used.
+
+This patch sets hash_setup_done flag only for valid hash algorithms.
+
+Fixes: e7a2ad7eb6f4 "ima: enable support for larger default filedata hash algorithms"
+Signed-off-by: Boshi Wang <wangboshi@huawei.com>
+Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ security/integrity/ima/ima_main.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/security/integrity/ima/ima_main.c
++++ b/security/integrity/ima/ima_main.c
+@@ -52,6 +52,8 @@ static int __init hash_setup(char *str)
+ ima_hash_algo = HASH_ALGO_SHA1;
+ else if (strncmp(str, "md5", 3) == 0)
+ ima_hash_algo = HASH_ALGO_MD5;
++ else
++ return 1;
+ goto out;
+ }
+
+@@ -61,6 +63,8 @@ static int __init hash_setup(char *str)
+ break;
+ }
+ }
++ if (i == HASH_ALGO__LAST)
++ return 1;
+ out:
+ hash_setup_done = 1;
+ return 1;
diff --git a/patches.drivers/pinctrl-intel-Add-Intel-Denverton-pin-controller-sup.patch b/patches.drivers/pinctrl-intel-Add-Intel-Denverton-pin-controller-sup.patch
new file mode 100644
index 0000000000..e38e141f9c
--- /dev/null
+++ b/patches.drivers/pinctrl-intel-Add-Intel-Denverton-pin-controller-sup.patch
@@ -0,0 +1,355 @@
+From 75bb10b479c33a8e15ab99d6f35a141e86df8547 Mon Sep 17 00:00:00 2001
+From: Mika Westerberg <mika.westerberg@linux.intel.com>
+Date: Thu, 3 Aug 2017 19:36:02 +0300
+Subject: [PATCH] pinctrl: intel: Add Intel Denverton pin controller support
+Git-commit: 75bb10b479c33a8e15ab99d6f35a141e86df8547
+Patch-mainline: v4.14-rc1
+References: FATE#325124
+
+This driver adds pinctrl/GPIO support for Intel Denverton SoC. The GPIO
+controller is based on the same hardware design that is already used in
+Intel Sunrisepoint so we leverage the core driver here.
+
+Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
+Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/pinctrl/intel/Kconfig | 8
+ drivers/pinctrl/intel/Makefile | 1
+ drivers/pinctrl/intel/pinctrl-denverton.c | 302 ++++++++++++++++++++++++++++++
+ 3 files changed, 311 insertions(+)
+ create mode 100644 drivers/pinctrl/intel/pinctrl-denverton.c
+
+--- a/drivers/pinctrl/intel/Kconfig
++++ b/drivers/pinctrl/intel/Kconfig
+@@ -64,6 +64,14 @@ config PINCTRL_CANNONLAKE
+ This pinctrl driver provides an interface that allows configuring
+ of Intel Cannon Lake PCH pins and using them as GPIOs.
+
++config PINCTRL_DENVERTON
++ tristate "Intel Denverton pinctrl and GPIO driver"
++ depends on ACPI
++ select PINCTRL_INTEL
++ help
++ This pinctrl driver provides an interface that allows configuring
++ of Intel Denverton SoC pins and using them as GPIOs.
++
+ config PINCTRL_GEMINILAKE
+ tristate "Intel Gemini Lake SoC pinctrl and GPIO driver"
+ depends on ACPI
+--- a/drivers/pinctrl/intel/Makefile
++++ b/drivers/pinctrl/intel/Makefile
+@@ -6,5 +6,6 @@ obj-$(CONFIG_PINCTRL_MERRIFIELD) += pinc
+ obj-$(CONFIG_PINCTRL_INTEL) += pinctrl-intel.o
+ obj-$(CONFIG_PINCTRL_BROXTON) += pinctrl-broxton.o
+ obj-$(CONFIG_PINCTRL_CANNONLAKE) += pinctrl-cannonlake.o
++obj-$(CONFIG_PINCTRL_DENVERTON) += pinctrl-denverton.o
+ obj-$(CONFIG_PINCTRL_GEMINILAKE) += pinctrl-geminilake.o
+ obj-$(CONFIG_PINCTRL_SUNRISEPOINT) += pinctrl-sunrisepoint.o
+--- /dev/null
++++ b/drivers/pinctrl/intel/pinctrl-denverton.c
+@@ -0,0 +1,302 @@
++/*
++ * Intel Denverton SoC pinctrl/GPIO driver
++ *
++ * Copyright (C) 2017, Intel Corporation
++ * Author: Mika Westerberg <mika.westerberg@linux.intel.com>
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 2 as
++ * published by the Free Software Foundation.
++ */
++
++#include <linux/acpi.h>
++#include <linux/module.h>
++#include <linux/platform_device.h>
++#include <linux/pm.h>
++#include <linux/pinctrl/pinctrl.h>
++
++#include "pinctrl-intel.h"
++
++#define DNV_PAD_OWN 0x020
++#define DNV_HOSTSW_OWN 0x0C0
++#define DNV_PADCFGLOCK 0x090
++#define DNV_GPI_IE 0x120
++
++#define DNV_GPP(n, s, e) \
++ { \
++ .reg_num = (n), \
++ .base = (s), \
++ .size = ((e) - (s) + 1), \
++ }
++
++#define DNV_COMMUNITY(b, s, e, g) \
++ { \
++ .barno = (b), \
++ .padown_offset = DNV_PAD_OWN, \
++ .padcfglock_offset = DNV_PADCFGLOCK, \
++ .hostown_offset = DNV_HOSTSW_OWN, \
++ .ie_offset = DNV_GPI_IE, \
++ .pin_base = (s), \
++ .npins = ((e) - (s) + 1), \
++ .gpps = (g), \
++ .ngpps = ARRAY_SIZE(g), \
++ }
++
++static const struct pinctrl_pin_desc dnv_pins[] = {
++ /* North ALL */
++ PINCTRL_PIN(0, "GBE0_SDP0"),
++ PINCTRL_PIN(1, "GBE1_SDP0"),
++ PINCTRL_PIN(2, "GBE0_SDP1"),
++ PINCTRL_PIN(3, "GBE1_SDP1"),
++ PINCTRL_PIN(4, "GBE0_SDP2"),
++ PINCTRL_PIN(5, "GBE1_SDP2"),
++ PINCTRL_PIN(6, "GBE0_SDP3"),
++ PINCTRL_PIN(7, "GBE1_SDP3"),
++ PINCTRL_PIN(8, "GBE2_LED0"),
++ PINCTRL_PIN(9, "GBE2_LED1"),
++ PINCTRL_PIN(10, "GBE0_I2C_CLK"),
++ PINCTRL_PIN(11, "GBE0_I2C_DATA"),
++ PINCTRL_PIN(12, "GBE1_I2C_CLK"),
++ PINCTRL_PIN(13, "GBE1_I2C_DATA"),
++ PINCTRL_PIN(14, "NCSI_RXD0"),
++ PINCTRL_PIN(15, "NCSI_CLK_IN"),
++ PINCTRL_PIN(16, "NCSI_RXD1"),
++ PINCTRL_PIN(17, "NCSI_CRS_DV"),
++ PINCTRL_PIN(18, "NCSI_ARB_IN"),
++ PINCTRL_PIN(19, "NCSI_TX_EN"),
++ PINCTRL_PIN(20, "NCSI_TXD0"),
++ PINCTRL_PIN(21, "NCSI_TXD1"),
++ PINCTRL_PIN(22, "NCSI_ARB_OUT"),
++ PINCTRL_PIN(23, "GBE0_LED0"),
++ PINCTRL_PIN(24, "GBE0_LED1"),
++ PINCTRL_PIN(25, "GBE1_LED0"),
++ PINCTRL_PIN(26, "GBE1_LED1"),
++ PINCTRL_PIN(27, "GPIO_0"),
++ PINCTRL_PIN(28, "PCIE_CLKREQ0_N"),
++ PINCTRL_PIN(29, "PCIE_CLKREQ1_N"),
++ PINCTRL_PIN(30, "PCIE_CLKREQ2_N"),
++ PINCTRL_PIN(31, "PCIE_CLKREQ3_N"),
++ PINCTRL_PIN(32, "PCIE_CLKREQ4_N"),
++ PINCTRL_PIN(33, "GPIO_1"),
++ PINCTRL_PIN(34, "GPIO_2"),
++ PINCTRL_PIN(35, "SVID_ALERT_N"),
++ PINCTRL_PIN(36, "SVID_DATA"),
++ PINCTRL_PIN(37, "SVID_CLK"),
++ PINCTRL_PIN(38, "THERMTRIP_N"),
++ PINCTRL_PIN(39, "PROCHOT_N"),
++ PINCTRL_PIN(40, "MEMHOT_N"),
++ /* South DFX */
++ PINCTRL_PIN(41, "DFX_PORT_CLK0"),
++ PINCTRL_PIN(42, "DFX_PORT_CLK1"),
++ PINCTRL_PIN(43, "DFX_PORT0"),
++ PINCTRL_PIN(44, "DFX_PORT1"),
++ PINCTRL_PIN(45, "DFX_PORT2"),
++ PINCTRL_PIN(46, "DFX_PORT3"),
++ PINCTRL_PIN(47, "DFX_PORT4"),
++ PINCTRL_PIN(48, "DFX_PORT5"),
++ PINCTRL_PIN(49, "DFX_PORT6"),
++ PINCTRL_PIN(50, "DFX_PORT7"),
++ PINCTRL_PIN(51, "DFX_PORT8"),
++ PINCTRL_PIN(52, "DFX_PORT9"),
++ PINCTRL_PIN(53, "DFX_PORT10"),
++ PINCTRL_PIN(54, "DFX_PORT11"),
++ PINCTRL_PIN(55, "DFX_PORT12"),
++ PINCTRL_PIN(56, "DFX_PORT13"),
++ PINCTRL_PIN(57, "DFX_PORT14"),
++ PINCTRL_PIN(58, "DFX_PORT15"),
++ /* South GPP0 */
++ PINCTRL_PIN(59, "GPIO_12"),
++ PINCTRL_PIN(60, "SMB5_GBE_ALRT_N"),
++ PINCTRL_PIN(61, "PCIE_CLKREQ5_N"),
++ PINCTRL_PIN(62, "PCIE_CLKREQ6_N"),
++ PINCTRL_PIN(63, "PCIE_CLKREQ7_N"),
++ PINCTRL_PIN(64, "UART0_RXD"),
++ PINCTRL_PIN(65, "UART0_TXD"),
++ PINCTRL_PIN(66, "SMB5_GBE_CLK"),
++ PINCTRL_PIN(67, "SMB5_GBE_DATA"),
++ PINCTRL_PIN(68, "ERROR2_N"),
++ PINCTRL_PIN(69, "ERROR1_N"),
++ PINCTRL_PIN(70, "ERROR0_N"),
++ PINCTRL_PIN(71, "IERR_N"),
++ PINCTRL_PIN(72, "MCERR_N"),
++ PINCTRL_PIN(73, "SMB0_LEG_CLK"),
++ PINCTRL_PIN(74, "SMB0_LEG_DATA"),
++ PINCTRL_PIN(75, "SMB0_LEG_ALRT_N"),
++ PINCTRL_PIN(76, "SMB1_HOST_DATA"),
++ PINCTRL_PIN(77, "SMB1_HOST_CLK"),
++ PINCTRL_PIN(78, "SMB2_PECI_DATA"),
++ PINCTRL_PIN(79, "SMB2_PECI_CLK"),
++ PINCTRL_PIN(80, "SMB4_CSME0_DATA"),
++ PINCTRL_PIN(81, "SMB4_CSME0_CLK"),
++ PINCTRL_PIN(82, "SMB4_CSME0_ALRT_N"),
++ PINCTRL_PIN(83, "USB_OC0_N"),
++ PINCTRL_PIN(84, "FLEX_CLK_SE0"),
++ PINCTRL_PIN(85, "FLEX_CLK_SE1"),
++ PINCTRL_PIN(86, "GPIO_4"),
++ PINCTRL_PIN(87, "GPIO_5"),
++ PINCTRL_PIN(88, "GPIO_6"),
++ PINCTRL_PIN(89, "GPIO_7"),
++ PINCTRL_PIN(90, "SATA0_LED_N"),
++ PINCTRL_PIN(91, "SATA1_LED_N"),
++ PINCTRL_PIN(92, "SATA_PDETECT0"),
++ PINCTRL_PIN(93, "SATA_PDETECT1"),
++ PINCTRL_PIN(94, "SATA0_SDOUT"),
++ PINCTRL_PIN(95, "SATA1_SDOUT"),
++ PINCTRL_PIN(96, "UART1_RXD"),
++ PINCTRL_PIN(97, "UART1_TXD"),
++ PINCTRL_PIN(98, "GPIO_8"),
++ PINCTRL_PIN(99, "GPIO_9"),
++ PINCTRL_PIN(100, "TCK"),
++ PINCTRL_PIN(101, "TRST_N"),
++ PINCTRL_PIN(102, "TMS"),
++ PINCTRL_PIN(103, "TDI"),
++ PINCTRL_PIN(104, "TDO"),
++ PINCTRL_PIN(105, "CX_PRDY_N"),
++ PINCTRL_PIN(106, "CX_PREQ_N"),
++ PINCTRL_PIN(107, "CTBTRIGINOUT"),
++ PINCTRL_PIN(108, "CTBTRIGOUT"),
++ PINCTRL_PIN(109, "DFX_SPARE2"),
++ PINCTRL_PIN(110, "DFX_SPARE3"),
++ PINCTRL_PIN(111, "DFX_SPARE4"),
++ /* South GPP1 */
++ PINCTRL_PIN(112, "SUSPWRDNACK"),
++ PINCTRL_PIN(113, "PMU_SUSCLK"),
++ PINCTRL_PIN(114, "ADR_TRIGGER"),
++ PINCTRL_PIN(115, "PMU_SLP_S45_N"),
++ PINCTRL_PIN(116, "PMU_SLP_S3_N"),
++ PINCTRL_PIN(117, "PMU_WAKE_N"),
++ PINCTRL_PIN(118, "PMU_PWRBTN_N"),
++ PINCTRL_PIN(119, "PMU_RESETBUTTON_N"),
++ PINCTRL_PIN(120, "PMU_PLTRST_N"),
++ PINCTRL_PIN(121, "SUS_STAT_N"),
++ PINCTRL_PIN(122, "SLP_S0IX_N"),
++ PINCTRL_PIN(123, "SPI_CS0_N"),
++ PINCTRL_PIN(124, "SPI_CS1_N"),
++ PINCTRL_PIN(125, "SPI_MOSI_IO0"),
++ PINCTRL_PIN(126, "SPI_MISO_IO1"),
++ PINCTRL_PIN(127, "SPI_IO2"),
++ PINCTRL_PIN(128, "SPI_IO3"),
++ PINCTRL_PIN(129, "SPI_CLK"),
++ PINCTRL_PIN(130, "SPI_CLK_LOOPBK"),
++ PINCTRL_PIN(131, "ESPI_IO0"),
++ PINCTRL_PIN(132, "ESPI_IO1"),
++ PINCTRL_PIN(133, "ESPI_IO2"),
++ PINCTRL_PIN(134, "ESPI_IO3"),
++ PINCTRL_PIN(135, "ESPI_CS0_N"),
++ PINCTRL_PIN(136, "ESPI_CLK"),
++ PINCTRL_PIN(137, "ESPI_RST_N"),
++ PINCTRL_PIN(138, "ESPI_ALRT0_N"),
++ PINCTRL_PIN(139, "GPIO_10"),
++ PINCTRL_PIN(140, "GPIO_11"),
++ PINCTRL_PIN(141, "ESPI_CLK_LOOPBK"),
++ PINCTRL_PIN(142, "EMMC_CMD"),
++ PINCTRL_PIN(143, "EMMC_STROBE"),
++ PINCTRL_PIN(144, "EMMC_CLK"),
++ PINCTRL_PIN(145, "EMMC_D0"),
++ PINCTRL_PIN(146, "EMMC_D1"),
++ PINCTRL_PIN(147, "EMMC_D2"),
++ PINCTRL_PIN(148, "EMMC_D3"),
++ PINCTRL_PIN(149, "EMMC_D4"),
++ PINCTRL_PIN(150, "EMMC_D5"),
++ PINCTRL_PIN(151, "EMMC_D6"),
++ PINCTRL_PIN(152, "EMMC_D7"),
++ PINCTRL_PIN(153, "GPIO_3"),
++};
++
++static const unsigned int dnv_uart0_pins[] = { 60, 61, 64, 65 };
++static const unsigned int dnv_uart0_modes[] = { 2, 3, 1, 1 };
++static const unsigned int dnv_uart1_pins[] = { 94, 95, 96, 97 };
++static const unsigned int dnv_uart2_pins[] = { 60, 61, 62, 63 };
++static const unsigned int dnv_uart2_modes[] = { 1, 1, 2, 2 };
++static const unsigned int dnv_emmc_pins[] = {
++ 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152,
++};
++
++static const struct intel_pingroup dnv_groups[] = {
++ PIN_GROUP("uart0_grp", dnv_uart0_pins, dnv_uart0_modes),
++ PIN_GROUP("uart1_grp", dnv_uart1_pins, 1),
++ PIN_GROUP("uart2_grp", dnv_uart2_pins, dnv_uart2_modes),
++ PIN_GROUP("emmc_grp", dnv_emmc_pins, 1),
++};
++
++static const char * const dnv_uart0_groups[] = { "uart0_grp" };
++static const char * const dnv_uart1_groups[] = { "uart1_grp" };
++static const char * const dnv_uart2_groups[] = { "uart2_grp" };
++static const char * const dnv_emmc_groups[] = { "emmc_grp" };
++
++static const struct intel_function dnv_functions[] = {
++ FUNCTION("uart0", dnv_uart0_groups),
++ FUNCTION("uart1", dnv_uart1_groups),
++ FUNCTION("uart2", dnv_uart2_groups),
++ FUNCTION("emmc", dnv_emmc_groups),
++};
++
++static const struct intel_padgroup dnv_north_gpps[] = {
++ DNV_GPP(0, 0, 31), /* North ALL_0 */
++ DNV_GPP(1, 32, 40), /* North ALL_1 */
++};
++
++static const struct intel_padgroup dnv_south_gpps[] = {
++ DNV_GPP(0, 41, 58), /* South DFX */
++ DNV_GPP(1, 59, 90), /* South GPP0_0 */
++ DNV_GPP(2, 91, 111), /* South GPP0_1 */
++ DNV_GPP(3, 112, 143), /* South GPP1_0 */
++ DNV_GPP(4, 144, 153), /* South GPP1_1 */
++};
++
++static const struct intel_community dnv_communities[] = {
++ DNV_COMMUNITY(0, 0, 40, dnv_north_gpps),
++ DNV_COMMUNITY(1, 41, 153, dnv_south_gpps),
++};
++
++static const struct intel_pinctrl_soc_data dnv_soc_data = {
++ .pins = dnv_pins,
++ .npins = ARRAY_SIZE(dnv_pins),
++ .groups = dnv_groups,
++ .ngroups = ARRAY_SIZE(dnv_groups),
++ .functions = dnv_functions,
++ .nfunctions = ARRAY_SIZE(dnv_functions),
++ .communities = dnv_communities,
++ .ncommunities = ARRAY_SIZE(dnv_communities),
++};
++
++static int dnv_pinctrl_probe(struct platform_device *pdev)
++{
++ return intel_pinctrl_probe(pdev, &dnv_soc_data);
++}
++
++static const struct dev_pm_ops dnv_pinctrl_pm_ops = {
++ SET_LATE_SYSTEM_SLEEP_PM_OPS(intel_pinctrl_suspend,
++ intel_pinctrl_resume)
++};
++
++static const struct acpi_device_id dnv_pinctrl_acpi_match[] = {
++ { "INTC3000" },
++ { }
++};
++MODULE_DEVICE_TABLE(acpi, dnv_pinctrl_acpi_match);
++
++static struct platform_driver dnv_pinctrl_driver = {
++ .probe = dnv_pinctrl_probe,
++ .driver = {
++ .name = "denverton-pinctrl",
++ .acpi_match_table = dnv_pinctrl_acpi_match,
++ .pm = &dnv_pinctrl_pm_ops,
++ },
++};
++
++static int __init dnv_pinctrl_init(void)
++{
++ return platform_driver_register(&dnv_pinctrl_driver);
++}
++subsys_initcall(dnv_pinctrl_init);
++
++static void __exit dnv_pinctrl_exit(void)
++{
++ platform_driver_unregister(&dnv_pinctrl_driver);
++}
++module_exit(dnv_pinctrl_exit);
++
++MODULE_AUTHOR("Mika Westerberg <mika.westerberg@linux.intel.com>");
++MODULE_DESCRIPTION("Intel Denverton SoC pinctrl/GPIO driver");
++MODULE_LICENSE("GPL v2");
diff --git a/patches.drivers/security-keys-BIG_KEY-requires-CONFIG_CRYPTO b/patches.drivers/security-keys-BIG_KEY-requires-CONFIG_CRYPTO
new file mode 100644
index 0000000000..54f3dcd1f5
--- /dev/null
+++ b/patches.drivers/security-keys-BIG_KEY-requires-CONFIG_CRYPTO
@@ -0,0 +1,44 @@
+From 3cd18d1981731d5f74b8e437009124ac99905d14 Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Wed, 4 Oct 2017 12:27:00 +0200
+Subject: [PATCH] security/keys: BIG_KEY requires CONFIG_CRYPTO
+Git-commit: 3cd18d1981731d5f74b8e437009124ac99905d14
+Patch-mainline: v4.14-rc6
+References: bsc#1051510
+
+The recent rework introduced a possible randconfig build failure
+when CONFIG_CRYPTO configured to only allow modules:
+
+Security/keys/big_key.o: In function `big_key_crypt':
+big_key.c:(.text+0x29f): undefined reference to `crypto_aead_setkey'
+Security/keys/big_key.o: In function `big_key_init':
+big_key.c:(.init.text+0x1a): undefined reference to `crypto_alloc_aead'
+big_key.c:(.init.text+0x45): undefined reference to `crypto_aead_setauthsize'
+big_key.c:(.init.text+0x77): undefined reference to `crypto_destroy_tfm'
+Crypto/gcm.o: In function `gcm_hash_crypt_remain_continue':
+gcm.c:(.text+0x167): undefined reference to `crypto_ahash_finup'
+Crypto/gcm.o: In function `crypto_gcm_exit_tfm':
+gcm.c:(.text+0x847): undefined reference to `crypto_destroy_tfm'
+
+When we 'select CRYPTO' like the other users, we always get a
+configuration that builds.
+
+Fixes: 428490e38b2e ("security/keys: rewrite all of big_key crypto")
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ security/keys/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/security/keys/Kconfig
++++ b/security/keys/Kconfig
+@@ -45,6 +45,7 @@ config BIG_KEYS
+ bool "Large payload keys"
+ depends on KEYS
+ depends on TMPFS
++ select CRYPTO
+ select CRYPTO_AES
+ select CRYPTO_GCM
+ help
diff --git a/patches.drivers/security-keys-properly-zero-out-sensitive-key-materi b/patches.drivers/security-keys-properly-zero-out-sensitive-key-materi
new file mode 100644
index 0000000000..af3604359d
--- /dev/null
+++ b/patches.drivers/security-keys-properly-zero-out-sensitive-key-materi
@@ -0,0 +1,74 @@
+From 910801809b2e40a4baedd080ef5d80b4a180e70e Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Wed, 20 Sep 2017 16:58:38 +0200
+Subject: [PATCH] security/keys: properly zero out sensitive key material in big_key
+Git-commit: 910801809b2e40a4baedd080ef5d80b4a180e70e
+Patch-mainline: v4.14-rc3
+References: bsc#1051510
+
+Error paths forgot to zero out sensitive material, so this patch changes
+some kfrees into a kzfrees.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Reviewed-by: Eric Biggers <ebiggers3@gmail.com>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: Kirill Marinushkin <k.marinushkin@gmail.com>
+Cc: security@kernel.org
+Cc: stable@vger.kernel.org
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ security/keys/big_key.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/security/keys/big_key.c
++++ b/security/keys/big_key.c
+@@ -195,7 +195,7 @@ int big_key_preparse(struct key_preparse
+ *path = file->f_path;
+ path_get(path);
+ fput(file);
+- kfree(data);
++ kzfree(data);
+ } else {
+ /* Just store the data in a buffer */
+ void *data = kmalloc(datalen, GFP_KERNEL);
+@@ -211,9 +211,9 @@ int big_key_preparse(struct key_preparse
+ err_fput:
+ fput(file);
+ err_enckey:
+- kfree(enckey);
++ kzfree(enckey);
+ error:
+- kfree(data);
++ kzfree(data);
+ return ret;
+ }
+
+@@ -227,7 +227,7 @@ void big_key_free_preparse(struct key_pr
+
+ path_put(path);
+ }
+- kfree(prep->payload.data[big_key_data]);
++ kzfree(prep->payload.data[big_key_data]);
+ }
+
+ /*
+@@ -259,7 +259,7 @@ void big_key_destroy(struct key *key)
+ path->mnt = NULL;
+ path->dentry = NULL;
+ }
+- kfree(key->payload.data[big_key_data]);
++ kzfree(key->payload.data[big_key_data]);
+ key->payload.data[big_key_data] = NULL;
+ }
+
+@@ -327,7 +327,7 @@ long big_key_read(const struct key *key,
+ err_fput:
+ fput(file);
+ error:
+- kfree(data);
++ kzfree(data);
+ } else {
+ ret = datalen;
+ if (copy_to_user(buffer, key->payload.data[big_key_data],
diff --git a/patches.drivers/security-keys-rewrite-all-of-big_key-crypto b/patches.drivers/security-keys-rewrite-all-of-big_key-crypto
new file mode 100644
index 0000000000..e1b9862129
--- /dev/null
+++ b/patches.drivers/security-keys-rewrite-all-of-big_key-crypto
@@ -0,0 +1,298 @@
+From 428490e38b2e352812e0b765d8bceafab0ec441d Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Wed, 20 Sep 2017 16:58:39 +0200
+Subject: [PATCH] security/keys: rewrite all of big_key crypto
+Git-commit: 428490e38b2e352812e0b765d8bceafab0ec441d
+Patch-mainline: v4.14-rc3
+References: bsc#1051510
+
+This started out as just replacing the use of crypto/rng with
+get_random_bytes_wait, so that we wouldn't use bad randomness at boot
+time. But, upon looking further, it appears that there were even deeper
+underlying cryptographic problems, and that this seems to have been
+committed with very little crypto review. So, I rewrote the whole thing,
+trying to keep to the conventions introduced by the previous author, to
+fix these cryptographic flaws.
+
+It makes no sense to seed crypto/rng at boot time and then keep
+using it like this, when in fact there's already get_random_bytes_wait,
+which can ensure there's enough entropy and be a much more standard way
+of generating keys. Since this sensitive material is being stored
+untrusted, using ECB and no authentication is simply not okay at all. I
+find it surprising and a bit horrifying that this code even made it past
+basic crypto review, which perhaps points to some larger issues. This
+patch moves from using AES-ECB to using AES-GCM. Since keys are uniquely
+generated each time, we can set the nonce to zero. There was also a race
+condition in which the same key would be reused at the same time in
+different threads. A mutex fixes this issue now.
+
+So, to summarize, this commit fixes the following vulnerabilities:
+
+ * Low entropy key generation, allowing an attacker to potentially
+ guess or predict keys.
+ * Unauthenticated encryption, allowing an attacker to modify the
+ cipher text in particular ways in order to manipulate the plaintext,
+ which is is even more frightening considering the next point.
+ * Use of ECB mode, allowing an attacker to trivially swap blocks or
+ compare identical plaintext blocks.
+ * Key re-use.
+ * Faulty memory zeroing.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+Reviewed-by: Eric Biggers <ebiggers3@gmail.com>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: Kirill Marinushkin <k.marinushkin@gmail.com>
+Cc: security@kernel.org
+Cc: stable@vger.kernel.org
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ security/keys/Kconfig | 4 -
+ security/keys/big_key.c | 125 ++++++++++++++++++++++--------------------------
+ 2 files changed, 59 insertions(+), 70 deletions(-)
+
+--- a/security/keys/Kconfig
++++ b/security/keys/Kconfig
+@@ -45,10 +45,8 @@ config BIG_KEYS
+ bool "Large payload keys"
+ depends on KEYS
+ depends on TMPFS
+- depends on (CRYPTO_ANSI_CPRNG = y || CRYPTO_DRBG = y)
+ select CRYPTO_AES
+- select CRYPTO_ECB
+- select CRYPTO_RNG
++ select CRYPTO_GCM
+ help
+ This option provides support for holding large keys within the kernel
+ (for example Kerberos ticket caches). The data may be stored out to
+--- a/security/keys/big_key.c
++++ b/security/keys/big_key.c
+@@ -1,5 +1,6 @@
+ /* Large capacity key type
+ *
++ * Copyright (C) 2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+ * Copyright (C) 2013 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+@@ -16,10 +17,10 @@
+ #include <linux/shmem_fs.h>
+ #include <linux/err.h>
+ #include <linux/scatterlist.h>
++#include <linux/random.h>
+ #include <keys/user-type.h>
+ #include <keys/big_key-type.h>
+-#include <crypto/rng.h>
+-#include <crypto/skcipher.h>
++#include <crypto/aead.h>
+
+ /*
+ * Layout of key payload words.
+@@ -49,7 +50,12 @@ enum big_key_op {
+ /*
+ * Key size for big_key data encryption
+ */
+-#define ENC_KEY_SIZE 16
++#define ENC_KEY_SIZE 32
++
++/*
++ * Authentication tag length
++ */
++#define ENC_AUTHTAG_SIZE 16
+
+ /*
+ * big_key defined keys take an arbitrary string as the description and an
+@@ -64,57 +70,62 @@ struct key_type key_type_big_key = {
+ .destroy = big_key_destroy,
+ .describe = big_key_describe,
+ .read = big_key_read,
++ /* no ->update(); don't add it without changing big_key_crypt() nonce */
+ };
+
+ /*
+- * Crypto names for big_key data encryption
++ * Crypto names for big_key data authenticated encryption
+ */
+-static const char big_key_rng_name[] = "stdrng";
+-static const char big_key_alg_name[] = "ecb(aes)";
++static const char big_key_alg_name[] = "gcm(aes)";
+
+ /*
+- * Crypto algorithms for big_key data encryption
++ * Crypto algorithms for big_key data authenticated encryption
+ */
+-static struct crypto_rng *big_key_rng;
+-static struct crypto_skcipher *big_key_skcipher;
++static struct crypto_aead *big_key_aead;
+
+ /*
+- * Generate random key to encrypt big_key data
++ * Since changing the key affects the entire object, we need a mutex.
+ */
+-static inline int big_key_gen_enckey(u8 *key)
+-{
+- return crypto_rng_get_bytes(big_key_rng, key, ENC_KEY_SIZE);
+-}
++static DEFINE_MUTEX(big_key_aead_lock);
+
+ /*
+ * Encrypt/decrypt big_key data
+ */
+ static int big_key_crypt(enum big_key_op op, u8 *data, size_t datalen, u8 *key)
+ {
+- int ret = -EINVAL;
++ int ret;
+ struct scatterlist sgio;
+- SKCIPHER_REQUEST_ON_STACK(req, big_key_skcipher);
++ struct aead_request *aead_req;
++ /* We always use a zero nonce. The reason we can get away with this is
++ * because we're using a different randomly generated key for every
++ * different encryption. Notably, too, key_type_big_key doesn't define
++ * an .update function, so there's no chance we'll wind up reusing the
++ * key to encrypt updated data. Simply put: one key, one encryption.
++ */
++ u8 zero_nonce[crypto_aead_ivsize(big_key_aead)];
++
++ aead_req = aead_request_alloc(big_key_aead, GFP_KERNEL);
++ if (!aead_req)
++ return -ENOMEM;
++
++ memset(zero_nonce, 0, sizeof(zero_nonce));
++ sg_init_one(&sgio, data, datalen + (op == BIG_KEY_ENC ? ENC_AUTHTAG_SIZE : 0));
++ aead_request_set_crypt(aead_req, &sgio, &sgio, datalen, zero_nonce);
++ aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_SLEEP, NULL, NULL);
++ aead_request_set_ad(aead_req, 0);
+
+- if (crypto_skcipher_setkey(big_key_skcipher, key, ENC_KEY_SIZE)) {
++ mutex_lock(&big_key_aead_lock);
++ if (crypto_aead_setkey(big_key_aead, key, ENC_KEY_SIZE)) {
+ ret = -EAGAIN;
+ goto error;
+ }
+-
+- skcipher_request_set_tfm(req, big_key_skcipher);
+- skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_SLEEP,
+- NULL, NULL);
+-
+- sg_init_one(&sgio, data, datalen);
+- skcipher_request_set_crypt(req, &sgio, &sgio, datalen, NULL);
+-
+ if (op == BIG_KEY_ENC)
+- ret = crypto_skcipher_encrypt(req);
++ ret = crypto_aead_encrypt(aead_req);
+ else
+- ret = crypto_skcipher_decrypt(req);
+-
+- skcipher_request_zero(req);
+-
++ ret = crypto_aead_decrypt(aead_req);
+ error:
++ mutex_unlock(&big_key_aead_lock);
++ aead_request_free(aead_req);
+ return ret;
+ }
+
+@@ -146,16 +157,13 @@ int big_key_preparse(struct key_preparse
+ *
+ * File content is stored encrypted with randomly generated key.
+ */
+- size_t enclen = ALIGN(datalen, crypto_skcipher_blocksize(big_key_skcipher));
++ size_t enclen = datalen + ENC_AUTHTAG_SIZE;
+ loff_t pos = 0;
+
+- /* prepare aligned data to encrypt */
+ data = kmalloc(enclen, GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+-
+ memcpy(data, prep->data, datalen);
+- memset(data + datalen, 0x00, enclen - datalen);
+
+ /* generate random key */
+ enckey = kmalloc(ENC_KEY_SIZE, GFP_KERNEL);
+@@ -163,13 +171,12 @@ int big_key_preparse(struct key_preparse
+ ret = -ENOMEM;
+ goto error;
+ }
+-
+- ret = big_key_gen_enckey(enckey);
+- if (ret)
++ ret = get_random_bytes_wait(enckey, ENC_KEY_SIZE);
++ if (unlikely(ret))
+ goto err_enckey;
+
+ /* encrypt aligned data */
+- ret = big_key_crypt(BIG_KEY_ENC, data, enclen, enckey);
++ ret = big_key_crypt(BIG_KEY_ENC, data, datalen, enckey);
+ if (ret)
+ goto err_enckey;
+
+@@ -295,7 +302,7 @@ long big_key_read(const struct key *key,
+ struct file *file;
+ u8 *data;
+ u8 *enckey = (u8 *)key->payload.data[big_key_data];
+- size_t enclen = ALIGN(datalen, crypto_skcipher_blocksize(big_key_skcipher));
++ size_t enclen = datalen + ENC_AUTHTAG_SIZE;
+
+ data = kmalloc(enclen, GFP_KERNEL);
+ if (!data)
+@@ -343,47 +350,31 @@ error:
+ */
+ static int __init big_key_init(void)
+ {
+- struct crypto_skcipher *cipher;
+- struct crypto_rng *rng;
+ int ret;
+
+- rng = crypto_alloc_rng(big_key_rng_name, 0, 0);
+- if (IS_ERR(rng)) {
+- pr_err("Can't alloc rng: %ld\n", PTR_ERR(rng));
+- return PTR_ERR(rng);
+- }
+-
+- big_key_rng = rng;
+-
+- /* seed RNG */
+- ret = crypto_rng_reset(rng, NULL, crypto_rng_seedsize(rng));
+- if (ret) {
+- pr_err("Can't reset rng: %d\n", ret);
+- goto error_rng;
+- }
+-
+ /* init block cipher */
+- cipher = crypto_alloc_skcipher(big_key_alg_name, 0, CRYPTO_ALG_ASYNC);
+- if (IS_ERR(cipher)) {
+- ret = PTR_ERR(cipher);
++ big_key_aead = crypto_alloc_aead(big_key_alg_name, 0, CRYPTO_ALG_ASYNC);
++ if (IS_ERR(big_key_aead)) {
++ ret = PTR_ERR(big_key_aead);
+ pr_err("Can't alloc crypto: %d\n", ret);
+- goto error_rng;
++ return ret;
++ }
++ ret = crypto_aead_setauthsize(big_key_aead, ENC_AUTHTAG_SIZE);
++ if (ret < 0) {
++ pr_err("Can't set crypto auth tag len: %d\n", ret);
++ goto free_aead;
+ }
+-
+- big_key_skcipher = cipher;
+
+ ret = register_key_type(&key_type_big_key);
+ if (ret < 0) {
+ pr_err("Can't register type: %d\n", ret);
+- goto error_cipher;
++ goto free_aead;
+ }
+
+ return 0;
+
+-error_cipher:
+- crypto_free_skcipher(big_key_skcipher);
+-error_rng:
+- crypto_free_rng(big_key_rng);
++free_aead:
++ crypto_free_aead(big_key_aead);
+ return ret;
+ }
+
diff --git a/patches.drivers/staging-bcm2835-audio-Fix-memory-corruption b/patches.drivers/staging-bcm2835-audio-Fix-memory-corruption
new file mode 100644
index 0000000000..3f5a5b68c1
--- /dev/null
+++ b/patches.drivers/staging-bcm2835-audio-Fix-memory-corruption
@@ -0,0 +1,83 @@
+From c97d96b4e612c7dc1b37d7afc61b598a9a25994d Mon Sep 17 00:00:00 2001
+From: Phil Elwell <phil@raspberrypi.org>
+Date: Sun, 24 Sep 2017 15:20:49 +0100
+Subject: [PATCH] staging: bcm2835-audio: Fix memory corruption
+Git-commit: c97d96b4e612c7dc1b37d7afc61b598a9a25994d
+Patch-mainline: v4.14-rc6
+References: bsc#1051510
+
+The previous commit (0adbfd46) fixed a memory leak but also freed a
+block in the success case, causing a stale pointer to be used with
+potentially fatal results. Only free the vchi_instance block in the
+case that vchi_connect fails; once connected, the instance is
+retained for subsequent connections.
+
+Simplifying the code by removing a bunch of gotos and returning errors
+directly.
+
+Signed-off-by: Phil Elwell <phil@raspberrypi.org>
+Fixes: 0adbfd4694c2 ("staging: bcm2835-audio: fix memory leak in bcm2835_audio_open_connection()")
+Cc: stable <stable@vger.kernel.org> # 4.12+
+Tested-by: Stefan Wahren <stefan.wahren@i2se.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/staging/vc04_services/bcm2835-audio/bcm2835-vchiq.c | 19 ++++--------
+ 1 file changed, 7 insertions(+), 12 deletions(-)
+
+--- a/drivers/staging/vc04_services/bcm2835-audio/bcm2835-vchiq.c
++++ b/drivers/staging/vc04_services/bcm2835-audio/bcm2835-vchiq.c
+@@ -390,8 +390,7 @@ static int bcm2835_audio_open_connection
+ __func__, instance);
+ instance->alsa_stream = alsa_stream;
+ alsa_stream->instance = instance;
+- ret = 0; // xxx todo -1;
+- goto err_free_mem;
++ return 0;
+ }
+
+ /* Initialize and create a VCHI connection */
+@@ -401,16 +400,15 @@ static int bcm2835_audio_open_connection
+ LOG_ERR("%s: failed to initialise VCHI instance (ret=%d)\n",
+ __func__, ret);
+
+- ret = -EIO;
+- goto err_free_mem;
++ return -EIO;
+ }
+ ret = vchi_connect(NULL, 0, vchi_instance);
+ if (ret) {
+ LOG_ERR("%s: failed to connect VCHI instance (ret=%d)\n",
+ __func__, ret);
+
+- ret = -EIO;
+- goto err_free_mem;
++ kfree(vchi_instance);
++ return -EIO;
+ }
+ initted = 1;
+ }
+@@ -421,19 +419,16 @@ static int bcm2835_audio_open_connection
+ if (IS_ERR(instance)) {
+ LOG_ERR("%s: failed to initialize audio service\n", __func__);
+
+- ret = PTR_ERR(instance);
+- goto err_free_mem;
++ /* vchi_instance is retained for use the next time. */
++ return PTR_ERR(instance);
+ }
+
+ instance->alsa_stream = alsa_stream;
+ alsa_stream->instance = instance;
+
+ LOG_DBG(" success !\n");
+- ret = 0;
+-err_free_mem:
+- kfree(vchi_instance);
+
+- return ret;
++ return 0;
+ }
+
+ int bcm2835_audio_open(struct bcm2835_alsa_stream *alsa_stream)
diff --git a/patches.drivers/staging-rtl8188eu-Fix-incorrect-response-to-SIOCGIWE b/patches.drivers/staging-rtl8188eu-Fix-incorrect-response-to-SIOCGIWE
new file mode 100644
index 0000000000..295c64995a
--- /dev/null
+++ b/patches.drivers/staging-rtl8188eu-Fix-incorrect-response-to-SIOCGIWE
@@ -0,0 +1,53 @@
+From b77992d2df9e47144354d1b25328b180afa33442 Mon Sep 17 00:00:00 2001
+From: Larry Finger <Larry.Finger@lwfinger.net>
+Date: Sat, 25 Nov 2017 13:32:38 -0600
+Subject: [PATCH] staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID
+Git-commit: b77992d2df9e47144354d1b25328b180afa33442
+Patch-mainline: v4.15-rc3
+References: bsc#1051510
+
+When not associated with an AP, wifi device drivers should respond to the
+SIOCGIWESSID ioctl with a zero-length string for the SSID, which is the
+behavior expected by dhcpcd.
+
+Currently, this driver returns an error code (-1) from the ioctl call,
+which causes dhcpcd to assume that the device is not a wireless interface
+and therefore it fails to work correctly with it thereafter.
+
+This problem was reported and tested at
+https://github.com/lwfinger/rtl8188eu/issues/234.
+
+Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/staging/rtl8188eu/os_dep/ioctl_linux.c | 14 ++++----------
+ 1 file changed, 4 insertions(+), 10 deletions(-)
+
+--- a/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
++++ b/drivers/staging/rtl8188eu/os_dep/ioctl_linux.c
+@@ -1395,19 +1395,13 @@ static int rtw_wx_get_essid(struct net_d
+ if ((check_fwstate(pmlmepriv, _FW_LINKED)) ||
+ (check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE))) {
+ len = pcur_bss->Ssid.SsidLength;
+-
+- wrqu->essid.length = len;
+-
+ memcpy(extra, pcur_bss->Ssid.Ssid, len);
+-
+- wrqu->essid.flags = 1;
+ } else {
+- ret = -1;
+- goto exit;
++ len = 0;
++ *extra = 0;
+ }
+-
+-exit:
+-
++ wrqu->essid.length = len;
++ wrqu->essid.flags = 1;
+
+ return ret;
+ }
diff --git a/patches.drivers/staging-rtl8188eu-avoid-a-null-dereference-on-pmlmep b/patches.drivers/staging-rtl8188eu-avoid-a-null-dereference-on-pmlmep
new file mode 100644
index 0000000000..3dbc53cac9
--- /dev/null
+++ b/patches.drivers/staging-rtl8188eu-avoid-a-null-dereference-on-pmlmep
@@ -0,0 +1,41 @@
+From 123c0aab0050cd0e07ce18e453389fbbb0a5a425 Mon Sep 17 00:00:00 2001
+From: Colin Ian King <colin.king@canonical.com>
+Date: Fri, 20 Oct 2017 20:40:24 +0200
+Subject: [PATCH] staging: rtl8188eu: avoid a null dereference on pmlmepriv
+Git-commit: 123c0aab0050cd0e07ce18e453389fbbb0a5a425
+Patch-mainline: v4.15-rc1
+References: bsc#1051510
+
+There is a check on pmlmepriv before dereferencing it when
+vfree'ing pmlmepriv->free_bss_buf however the previous call
+to rtw_free_mlme_priv_ie_data deferences pmlmepriv causing
+a null pointer deference if it is null. Avoid this by also
+calling rtw_free_mlme_priv_ie_data if the pointer is non-null.
+
+Detected by CoverityScan, CID#1230262 ("Dereference before null check")
+
+Fixes: 7b464c9fa5cc ("staging: r8188eu: Add files for new driver - part 4")
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/staging/rtl8188eu/core/rtw_mlme.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/staging/rtl8188eu/core/rtw_mlme.c
++++ b/drivers/staging/rtl8188eu/core/rtw_mlme.c
+@@ -106,10 +106,10 @@ void rtw_free_mlme_priv_ie_data(struct m
+
+ void rtw_free_mlme_priv(struct mlme_priv *pmlmepriv)
+ {
+- rtw_free_mlme_priv_ie_data(pmlmepriv);
+-
+- if (pmlmepriv)
++ if (pmlmepriv) {
++ rtw_free_mlme_priv_ie_data(pmlmepriv);
+ vfree(pmlmepriv->free_bss_buf);
++ }
+ }
+
+ struct wlan_network *_rtw_alloc_network(struct mlme_priv *pmlmepriv)
diff --git a/series.conf b/series.conf
index 4444ef316b..fd93415ee2 100644
--- a/series.conf
+++ b/series.conf
@@ -5031,6 +5031,7 @@
patches.drivers/0001-regulator-fan53555-Use-of_device_get_match_data-to-s.patch
patches.drivers/0002-regulator-fan53555-fix-I2C-device-ids.patch
patches.drivers/0010-pinctrl-rockchip-Use-common-interface-for-recalced-i.patch
+ patches.drivers/pinctrl-intel-Add-Intel-Denverton-pin-controller-sup.patch
patches.drivers/0001-pinctrl-check-ops-pin_config_set-in-pinconf_set_conf.patch
patches.drivers/0011-pinctrl-intel-Add-Intel-Cannon-Lake-PCH-H-pin-contro.patch
patches.suse/cpufreq-intel_pstate-Improve-IO-performance-with-per-core-P-states.patch
@@ -6424,6 +6425,8 @@
patches.drivers/keys-fix-writing-past-end-of-user-supplied-buffer-in-keyring_read
patches.fixes/0001-KEYS-prevent-creating-a-different-user-s-keyrings.patch
patches.drivers/keys-prevent-keyctl_read-on-negative-key
+ patches.drivers/security-keys-properly-zero-out-sensitive-key-materi
+ patches.drivers/security-keys-rewrite-all-of-big_key-crypto
patches.arch/18.2-kvm-nvmx-fix-host_cr3-host_cr4-cache.patch
patches.suse/KVM-PPC-Book3S-HV-Check-for-updated-HDSISR-on-P9-HDS.patch
patches.suse/KVM-VMX-extract-__pi_post_block.patch
@@ -6662,6 +6665,7 @@
patches.fixes/keys-encrypted-fix-dereference-of-null-user_key_payload
patches.fixes/lib-digsig-fix-dereference-of-null-user_key_payload
patches.fixes/ecryptfs-fix-dereference-of-NULL-user_key_payload.patch
+ patches.drivers/security-keys-BIG_KEY-requires-CONFIG_CRYPTO
patches.fixes/KEYS-Fix-the-wrong-index-when-checking-the-existence
patches.fixes/KEYS-Fix-race-between-updating-and-finding-a-negativ.patch
patches.fixes/KEYS-don-t-let-add_key-update-an-uninstantiated-key.patch
@@ -6731,6 +6735,7 @@
patches.fixes/0001-USB-core-fix-out-of-bounds-access-bug-in-usb_get_bos.patch
patches.suse/msft-hv-1485-vmbus-hvsock-add-proper-sync-for-vmbus_hvsock_device.patch
patches.drivers/iio-dummy-events-Add-missing-break.patch
+ patches.drivers/staging-bcm2835-audio-Fix-memory-corruption
patches.fixes/workqueue-replace-pool-manager_arb-mutex-with-a-flag.patch
patches.arch/KVM-PPC-Fix-oops-when-checking-KVM_CAP_PPC_HTM.patch
patches.arch/KVM-PPC-Book3S-HV-POWER9-more-doorbell-fixes.patch
@@ -6886,6 +6891,7 @@
patches.drivers/0020-tpm-tpm_crb-Use-start-method-value-from-ACPI-table-d.patch
patches.drivers/tpm-185-tis_spi-Use-DMA-safe-memory-for-SPI-transfers.patch
patches.drivers/tpm-dev-common-Reject-too-short-writes.patch
+ patches.drivers/ima-fix-hash-algorithm-initialization
patches.drivers/s390-runtime-instrumention-fix-possible-memory-corru.patch
patches.drivers/s390-guarded-storage-fix-possible-memory-corruption.patch
patches.arch/s390-sles15-02-03-dis-end-marker.patch
@@ -7035,6 +7041,7 @@
patches.drivers/ACPI-x86-Extend-KIOX000A-quirk-to-cover-all-affected
patches.drivers/ACPI-EC-Fix-regression-related-to-triggering-source-
patches.drivers/rtl8188eu-Fix-a-possible-sleep-in-atomic-bug-in-rtw_
+ patches.drivers/staging-rtl8188eu-avoid-a-null-dereference-on-pmlmep
patches.drivers/0002-tty-xilinx_uartps-move-to-arch_initcall-for-earlier-.patch
patches.drivers/serial-8250_fintek-Fix-rs485-disablement-on-invalid-
patches.drivers/0045-phy-rockchip-typec-Avoid-magic-numbers-add-delays-in.patch
@@ -8561,6 +8568,7 @@
patches.drivers/platform-x86-intel_punit_ipc-Fix-resource-ioremap-wa
patches.fixes/0003-lockd-double-unregister-of-inetaddr-notifiers.patch
patches.fixes/0001-svcrdma-Preserve-CB-send-buffer-across-retransmits.patch
+ patches.drivers/ima-do-not-update-security.ima-if-appraisal-status-i
patches.drivers/video-udlfb-Fix-read-EDID-timeout
patches.suse/0002-ceph-keep-auth-cap-when-inode-has-flocks-or-posix-locks.patch
patches.suse/0003-ceph-make-lock_to_ceph_filelock-static.patch
@@ -8802,6 +8810,7 @@
patches.fixes/tcp-use-IPCB-instead-of-TCP_SKB_CB-in-inet_exact_dif.patch
patches.fixes/0001-xhci-Don-t-show-incorrect-WARN-message-about-events-.patch
patches.drivers/serial-8250_pci-Add-Amazon-PCI-serial-device-ID
+ patches.drivers/staging-rtl8188eu-Fix-incorrect-response-to-SIOCGIWE
patches.drivers/isa-Prevent-NULL-dereference-in-isa_bus-driver-callb
patches.suse/msft-hv-1518-Drivers-hv-vmbus-Fix-a-rescind-issue.patch
patches.suse/msft-hv-1519-hv-kvp-Avoid-reading-past-allocated-blocks-from-KVP-.patch
@@ -10880,6 +10889,9 @@
patches.drivers/watchdog-sbsa-use-32-bit-read-for-WCV.patch
patches.drivers/scsi-qla2xxx-Fix-crashes-in-qla2x00_probe_one-on-pro.patch
patches.drivers/dm-mpath-fix-passing-integrity-data.patch
+ patches.drivers/ALSA-seq-Fix-possible-UAF-in-snd_seq_check_queue
+ patches.drivers/ALSA-seq-Clear-client-entry-before-deleting-else-at-
+ patches.drivers/ALSA-hda-Revert-power_save-option-default-value
# davem/net
patches.drivers/e1000e-Remove-Other-from-EIAC.patch
@@ -11422,9 +11434,6 @@
##########################################################
# Sound
##########################################################
- patches.drivers/ALSA-hda-Revert-power_save-option-default-value
- patches.drivers/ALSA-seq-Fix-possible-UAF-in-snd_seq_check_queue
- patches.drivers/ALSA-seq-Clear-client-entry-before-deleting-else-at-
patches.drivers/ASoC-cx2072x-Add-DT-bingings-documentation-for-CX207
patches.drivers/ASoC-add-support-for-Conexant-CX2072X-CODEC
patches.drivers/ASoC-Intel-Add-machine-driver-for-Cherrytrail-CX2072
diff --git a/supported.conf b/supported.conf
index 6bd46a0186..3ea3d39b02 100644
--- a/supported.conf
+++ b/supported.conf
@@ -1574,7 +1574,13 @@
drivers/phy/rockchip/phy-rockchip-pcie
drivers/phy/rockchip/phy-rockchip-typec
- drivers/phy/rockchip/phy-rockchip-usb
+ drivers/pinctrl/intel/pinctrl-broxton
+ drivers/pinctrl/intel/pinctrl-cannonlake
drivers/pinctrl/intel/pinctrl-cherryview
+ drivers/pinctrl/intel/pinctrl-denverton
+ drivers/pinctrl/intel/pinctrl-geminilake
+ drivers/pinctrl/intel/pinctrl-intel
+ drivers/pinctrl/intel/pinctrl-sunrisepoint
- drivers/pinctrl/*
- drivers/platform/chrome/*
drivers/platform/x86/acer-wmi