From ef76d9a94acfb800ec7a8aaf0f55d96b11c1ec28 Mon Sep 17 00:00:00 2001 From: Pablo Greco Date: Mar 22 2021 16:41:58 +0000 Subject: Update to 5.4.105 --- diff --git a/SOURCES/wireguard.patch b/SOURCES/wireguard.patch index f9c5ec8..51d1285 100644 --- a/SOURCES/wireguard.patch +++ b/SOURCES/wireguard.patch @@ -1,7 +1,7 @@ -From b197871d28940a799b029951e35297a0e7d8ce39 Mon Sep 17 00:00:00 2001 +From f837c5a87b4c001536ae910db0e47660834aa702 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:07 +0100 -Subject: [PATCH 001/115] crypto: lib - tidy up lib/crypto Kconfig and Makefile +Subject: [PATCH 001/124] crypto: lib - tidy up lib/crypto Kconfig and Makefile commit 746b2e024c67aa605ac12d135cd7085a49cf9dc4 upstream. @@ -121,10 +121,10 @@ index cbe0b6a6450d7..63de4cb3fcf82 100644 2.18.4 -From bce5bec8ca8ba0568969300cb8e50c95ea2769e4 Mon Sep 17 00:00:00 2001 +From 486db26fac0ce2d62b933679bdfaea488725cf00 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:08 +0100 -Subject: [PATCH 002/115] crypto: chacha - move existing library code into +Subject: [PATCH 002/124] crypto: chacha - move existing library code into lib/crypto commit 5fb8ef25803ef33e2eb60b626435828b937bed75 upstream. @@ -648,10 +648,10 @@ index 0000000000000..dabc3accae051 2.18.4 -From 8fb7fcb51aad5548a3bb80f7a3618b518b4c0ff8 Mon Sep 17 00:00:00 2001 +From 4d1398dc616f6c321d8f5fd80ee520b948685f58 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:09 +0100 -Subject: [PATCH 003/115] crypto: x86/chacha - depend on generic chacha library +Subject: [PATCH 003/124] crypto: x86/chacha - depend on generic chacha library instead of crypto driver commit 28e8d89b1ce8d2e7badfb5f69971dd635acb8863 upstream. @@ -849,10 +849,10 @@ index f29bf10c04627..564a3f7b40b85 100644 2.18.4 -From 0545790d2026a92f2f3fb0a8e8a73afbd1a5b023 Mon Sep 17 00:00:00 2001 +From 2986afd33faf5ab5b79f158a050afd8afcafc252 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:10 +0100 -Subject: [PATCH 004/115] crypto: x86/chacha - expose SIMD ChaCha routine as +Subject: [PATCH 004/124] crypto: x86/chacha - expose SIMD ChaCha routine as library function commit 84e03fa39fbe95a5567d43bff458c6d3b3a23ad1 upstream. @@ -1065,10 +1065,10 @@ index 5c662f8fecac0..2676f4fbd4c16 100644 2.18.4 -From 451975d1273dce5cebbe79a81a92049e74f3956b Mon Sep 17 00:00:00 2001 +From d5db614975ab83de25ecf2d37b53c621e3687db6 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:11 +0100 -Subject: [PATCH 005/115] crypto: arm64/chacha - depend on generic chacha +Subject: [PATCH 005/124] crypto: arm64/chacha - depend on generic chacha library instead of crypto driver commit c77da4867cbb7841177275dbb250f5c09679fae4 upstream. @@ -1202,10 +1202,10 @@ index d4cc61bfe79df..cae2cb92eca86 100644 2.18.4 -From 85937c6024274450f352e1cb2a070dd9028df852 Mon Sep 17 00:00:00 2001 +From 3733d4076464737c8262cf695486b6e5ff8ea926 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:12 +0100 -Subject: [PATCH 006/115] crypto: arm64/chacha - expose arm64 ChaCha routine as +Subject: [PATCH 006/124] crypto: arm64/chacha - expose arm64 ChaCha routine as library function commit b3aad5bad26a01a4bd8c49a5c5f52aec665f3b7c upstream. @@ -1348,10 +1348,10 @@ index cae2cb92eca86..46cd4297761c1 100644 2.18.4 -From eb371adf803efd33c050d4e672775b8ac773c793 Mon Sep 17 00:00:00 2001 +From 66bc54650635d91f3fa14e5046004253ee274d21 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:13 +0100 -Subject: [PATCH 007/115] crypto: arm/chacha - import Eric Biggers's scalar +Subject: [PATCH 007/124] crypto: arm/chacha - import Eric Biggers's scalar accelerated ChaCha code commit 29621d099f9c642b22a69dc8e7e20c108473a392 upstream. @@ -1835,10 +1835,10 @@ index 0000000000000..2140319b64a05 2.18.4 -From 6bb971b9ec7e023f65d1bc0edab7c8e2d1af5fe8 Mon Sep 17 00:00:00 2001 +From 3dc93d21cdf1ae9d93ed11e4ffd891b0d466a42d Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:14 +0100 -Subject: [PATCH 008/115] crypto: arm/chacha - remove dependency on generic +Subject: [PATCH 008/124] crypto: arm/chacha - remove dependency on generic ChaCha driver commit b36d8c09e710c71f6a9690b6586fea2d1c9e1e27 upstream. @@ -2544,10 +2544,10 @@ index 46cd4297761c1..b08029d7bde62 100644 2.18.4 -From 6a86c01ffd4830e820184fa9ed8173e7ddfc7939 Mon Sep 17 00:00:00 2001 +From 869e52c525ba428ecef3322eb2f76011f0bf9429 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:15 +0100 -Subject: [PATCH 009/115] crypto: arm/chacha - expose ARM ChaCha routine as +Subject: [PATCH 009/124] crypto: arm/chacha - expose ARM ChaCha routine as library function commit a44a3430d71bad4ee56788a59fff099b291ea54c upstream. @@ -2660,10 +2660,10 @@ index eb40efb3eb342..3f0c057aa0502 100644 2.18.4 -From 1ee79278a7d7a348e72b31c99a8cfe31bb47bbba Mon Sep 17 00:00:00 2001 +From c8827e8fc886dcba8e1bef86d33e8230e143f23c Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 8 Nov 2019 13:22:16 +0100 -Subject: [PATCH 010/115] crypto: mips/chacha - import 32r2 ChaCha code from +Subject: [PATCH 010/124] crypto: mips/chacha - import 32r2 ChaCha code from Zinc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -3119,10 +3119,10 @@ index 0000000000000..a81e02db95e73 2.18.4 -From ec942e9965be966bf4571bcd63570f1dcd707119 Mon Sep 17 00:00:00 2001 +From c4b698186d10ae6fa8665f330380734b3ab0959d Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:17 +0100 -Subject: [PATCH 011/115] crypto: mips/chacha - wire up accelerated 32r2 code +Subject: [PATCH 011/124] crypto: mips/chacha - wire up accelerated 32r2 code from Zinc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -3694,10 +3694,10 @@ index 649dc564f242b..6b5e14cee4753 100644 2.18.4 -From 2801a189f7b496039db36d72d5f73dbb56a42797 Mon Sep 17 00:00:00 2001 +From 42ae586cf61580fe22fc4fc56593d9643698eb37 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:18 +0100 -Subject: [PATCH 012/115] crypto: chacha - unexport chacha_generic routines +Subject: [PATCH 012/124] crypto: chacha - unexport chacha_generic routines commit 22cf705360707ced15f9fe5423938f313c7df536 upstream. @@ -3817,10 +3817,10 @@ index c0e40b2454311..aa5d4a16aac5d 100644 2.18.4 -From a40d0635d0d17f992f25940e9cac320d5208073a Mon Sep 17 00:00:00 2001 +From 99f8d161e589d95cefb4abb791933f2737b24752 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:19 +0100 -Subject: [PATCH 013/115] crypto: poly1305 - move core routines into a separate +Subject: [PATCH 013/124] crypto: poly1305 - move core routines into a separate library commit 48ea8c6ebc96bc0990e12ee1c43d0832c23576bb upstream. @@ -4493,10 +4493,10 @@ index 0000000000000..f019a57dbc1b9 2.18.4 -From 0d420ee8db8b9ee1f978049b59bcb7d03154d2e4 Mon Sep 17 00:00:00 2001 +From 47470cabcc6502b9c0c85667149ec005d0c02727 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:20 +0100 -Subject: [PATCH 014/115] crypto: x86/poly1305 - unify Poly1305 state struct +Subject: [PATCH 014/124] crypto: x86/poly1305 - unify Poly1305 state struct with generic code commit ad8f5b88383ea685f2b8df2a12ee3e08089a1287 upstream. @@ -4756,10 +4756,10 @@ index f5a4319c2a1f3..36b5886cb50ca 100644 2.18.4 -From cffafae217a5e94e450cc39c0baf595dbec32d4c Mon Sep 17 00:00:00 2001 +From 8291efef993737beb5330cf8d422d9a96e48f90f Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:21 +0100 -Subject: [PATCH 015/115] crypto: poly1305 - expose init/update/final library +Subject: [PATCH 015/124] crypto: poly1305 - expose init/update/final library interface commit a1d93064094cc5e24d64e35cf093e7191d0c9344 upstream. @@ -4993,10 +4993,10 @@ index f019a57dbc1b9..32ec293c65ae7 100644 2.18.4 -From 71176ba2390b8b777e3704c82fd7e894b6e9f4a8 Mon Sep 17 00:00:00 2001 +From 5cfe536772b118c3d0b0b641ade09f7c28702cf0 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:22 +0100 -Subject: [PATCH 016/115] crypto: x86/poly1305 - depend on generic library not +Subject: [PATCH 016/124] crypto: x86/poly1305 - depend on generic library not generic shash commit 1b2c6a5120489d41c8ea3b8dacd0b4586289b158 upstream. @@ -5222,10 +5222,10 @@ index 04fa269e5534b..479b0cab2a1ad 100644 2.18.4 -From 86de1a707edadb5219cbd156162933e3addf9d6e Mon Sep 17 00:00:00 2001 +From 2f8ebf1715067c70601ec62750dff68888c8c9bf Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:23 +0100 -Subject: [PATCH 017/115] crypto: x86/poly1305 - expose existing driver as +Subject: [PATCH 017/124] crypto: x86/poly1305 - expose existing driver as poly1305 library commit f0e89bcfbb894e5844cd1bbf6b3cf7c63cb0f5ac upstream. @@ -5396,10 +5396,10 @@ index a731ea36bd5c7..181754615f734 100644 2.18.4 -From 5f07f88b171ef95ba2befa12b0a11ddbc2c7e5b9 Mon Sep 17 00:00:00 2001 +From 0092ab396571a017764b48f1a6712ff3d4b8e807 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:24 +0100 -Subject: [PATCH 018/115] crypto: arm64/poly1305 - incorporate +Subject: [PATCH 018/124] crypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation commit f569ca16475155013525686d0f73bc379c67e635 upstream. @@ -7498,10 +7498,10 @@ index 181754615f734..9923445e82251 100644 2.18.4 -From ddfe74f7a6399d21f7255d5cd125f353762b20e8 Mon Sep 17 00:00:00 2001 +From 345b8fd17611a5ff6766173aedee074d4cdd39c0 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:25 +0100 -Subject: [PATCH 019/115] crypto: arm/poly1305 - incorporate OpenSSL/CRYPTOGAMS +Subject: [PATCH 019/124] crypto: arm/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation commit a6b803b3ddc793d6db0c16f12fc12d30d20fa9cc upstream. @@ -10293,10 +10293,10 @@ index 9923445e82251..9bd15b227e78e 100644 2.18.4 -From c8af86e6cecbfdfad9086427f0d5c5ef2b5b97f4 Mon Sep 17 00:00:00 2001 +From 2348b97a26987fbf36690d4d7ca3058e38379811 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:26 +0100 -Subject: [PATCH 020/115] crypto: mips/poly1305 - incorporate +Subject: [PATCH 020/124] crypto: mips/poly1305 - incorporate OpenSSL/CRYPTOGAMS optimized implementation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -11872,10 +11872,10 @@ index 9bd15b227e78e..d15ec53829861 100644 2.18.4 -From 2e91e770953810b21ea65021345a36403ce4f168 Mon Sep 17 00:00:00 2001 +From 10a9cc350b21ce53ebf1947174df3e3e874fdf6f Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 8 Nov 2019 13:22:28 +0100 -Subject: [PATCH 021/115] crypto: blake2s - generic C library implementation +Subject: [PATCH 021/124] crypto: blake2s - generic C library implementation and selftest commit 66d7fb94e4ffe5acc589e0b2b4710aecc1f07a28 upstream. @@ -12992,10 +12992,10 @@ index 0000000000000..41025a30c524c 2.18.4 -From 239fea475b647d30a4176d28736f5c6c4b3fda7f Mon Sep 17 00:00:00 2001 +From 2c9be16c41086f9711514bba2b168afeb9b9ca32 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:29 +0100 -Subject: [PATCH 022/115] crypto: testmgr - add test cases for Blake2s +Subject: [PATCH 022/124] crypto: testmgr - add test cases for Blake2s commit 17e1df67023a5c9ccaeb5de8bf5b88f63127ecf7 upstream. @@ -13322,10 +13322,10 @@ index ef7d21f39d4a9..102fcad549665 100644 2.18.4 -From 89c49ee948f065cc5050666bd4a55203607bda70 Mon Sep 17 00:00:00 2001 +From 743713032edbf3bf915e94d5ed9bdd6200315082 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:30 +0100 -Subject: [PATCH 023/115] crypto: blake2s - implement generic shash driver +Subject: [PATCH 023/124] crypto: blake2s - implement generic shash driver commit 7f9b0880925f1f9d7d59504ea0892d2ae9cfc233 upstream. @@ -13580,10 +13580,10 @@ index 941693effc7d2..74ff77032e526 100644 2.18.4 -From 09f81cbc867616e252332ff2c4ec84024dc7f832 Mon Sep 17 00:00:00 2001 +From 47b565ca50ef44abf472f7c1215122add1848566 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 8 Nov 2019 13:22:31 +0100 -Subject: [PATCH 024/115] crypto: blake2s - x86_64 SIMD implementation +Subject: [PATCH 024/124] crypto: blake2s - x86_64 SIMD implementation commit ed0356eda153f6a95649e11feb7b07083caf9e20 upstream. @@ -14151,10 +14151,10 @@ index 81c8a4059afcf..8fd3954bf64c5 100644 2.18.4 -From 0d751552c61cd6e4b186d92b630b9d119c828cbe Mon Sep 17 00:00:00 2001 +From d2eb2dcca95981dab0429adcad504a6200ec3c79 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 8 Nov 2019 13:22:32 +0100 -Subject: [PATCH 025/115] crypto: curve25519 - generic C library +Subject: [PATCH 025/124] crypto: curve25519 - generic C library implementations commit 0ed42a6f431e930b2e8fae21955406e09fe75d70 upstream. @@ -16021,10 +16021,10 @@ index 0000000000000..0106bebe69008 2.18.4 -From a40eeb82471e0ef3ebaf65329704f571c044a95b Mon Sep 17 00:00:00 2001 +From 113295e01877ba4524b22338f84665baa2f3f514 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:33 +0100 -Subject: [PATCH 026/115] crypto: curve25519 - add kpp selftest +Subject: [PATCH 026/124] crypto: curve25519 - add kpp selftest commit f613457a7af085728297bef71233c37faf3c01b1 upstream. @@ -17297,10 +17297,10 @@ index 102fcad549665..5d132ae996b4a 100644 2.18.4 -From 65f2f0623cff1e3160affdcfb726b784ead866d8 Mon Sep 17 00:00:00 2001 +From f6e91a9e2e4043cf94357163bacdcdebf36c82b4 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:34 +0100 -Subject: [PATCH 027/115] crypto: curve25519 - implement generic KPP driver +Subject: [PATCH 027/124] crypto: curve25519 - implement generic KPP driver commit ee772cb641135739c1530647391d5a04c39db192 upstream. @@ -17444,10 +17444,10 @@ index 0000000000000..bd88fd571393d 2.18.4 -From 4277abf75253a08ebc0ea9638cf413fa8949d243 Mon Sep 17 00:00:00 2001 +From a9c096766c049ea2699d216bc425875d63d83dc6 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:35 +0100 -Subject: [PATCH 028/115] crypto: lib/curve25519 - work around Clang stack +Subject: [PATCH 028/124] crypto: lib/curve25519 - work around Clang stack spilling issue commit 660bb8e1f833ea63185fe80fde847e3e42f18e3b upstream. @@ -17525,10 +17525,10 @@ index 1c455207341d3..2fde0ec33dbd0 100644 2.18.4 -From 8cde457048ca90996bb4c61871fa365620654050 Mon Sep 17 00:00:00 2001 +From 7734a4c33e8bde8cfb004406db17663b1eecfce2 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 8 Nov 2019 13:22:36 +0100 -Subject: [PATCH 029/115] crypto: curve25519 - x86_64 library and KPP +Subject: [PATCH 029/124] crypto: curve25519 - x86_64 library and KPP implementations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -20073,10 +20073,10 @@ index a3fc859830c1e..b8b738bcc3120 100644 2.18.4 -From 0ac330f3e7a1b6da6001ce7271180d9615df308e Mon Sep 17 00:00:00 2001 +From 1091501f32d5f28d52dbb95a51c2bc649fed3174 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 8 Nov 2019 13:22:37 +0100 -Subject: [PATCH 030/115] crypto: arm/curve25519 - import Bernstein and +Subject: [PATCH 030/124] crypto: arm/curve25519 - import Bernstein and Schwabe's Curve25519 ARM implementation commit f0fb006b604f98e2309a30f34ef455ac734f7c1c upstream. @@ -22215,10 +22215,10 @@ index 0000000000000..f33b85fef3823 2.18.4 -From ca5550b1462848bd20f90039977f3ae87f632945 Mon Sep 17 00:00:00 2001 +From edccee320f62aca101d12b96b718ba24544da005 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 8 Nov 2019 13:22:38 +0100 -Subject: [PATCH 031/115] crypto: arm/curve25519 - wire up NEON implementation +Subject: [PATCH 031/124] crypto: arm/curve25519 - wire up NEON implementation commit d8f1308a025fc7e00414194ed742d5f05a21e13c upstream. @@ -23286,10 +23286,10 @@ index 0000000000000..2e9e12d2f642a 2.18.4 -From 82eeda8cb54b3f3011e49c86be311814770b8745 Mon Sep 17 00:00:00 2001 +From ef108824294502bb5f580c18bd9436600e40f66c Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:39 +0100 -Subject: [PATCH 032/115] crypto: chacha20poly1305 - import construction and +Subject: [PATCH 032/124] crypto: chacha20poly1305 - import construction and selftest from Zinc commit ed20078b7e3331e82828be357147af6a3282e4ce upstream. @@ -30980,10 +30980,10 @@ index 0000000000000..c12ddbe9eb92a 2.18.4 -From a3dd68c75fa2e267ebc0e2619cfa3bc2924474d3 Mon Sep 17 00:00:00 2001 +From 72cffc6045b0175214aa5e4dfc0f5b2c9e090daf Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 8 Nov 2019 13:22:40 +0100 -Subject: [PATCH 033/115] crypto: lib/chacha20poly1305 - reimplement +Subject: [PATCH 033/124] crypto: lib/chacha20poly1305 - reimplement crypt_from_sg() routine commit d95312a3ccc0cd544d374be2fc45aeaa803e5fd9 upstream. @@ -31285,10 +31285,10 @@ index c12ddbe9eb92a..821e5cc9b14eb 100644 2.18.4 -From ae6edeabca36ddc9a7dcad0798b70b469cafcbb0 Mon Sep 17 00:00:00 2001 +From cca92a35ad8eba8e260236418efc9f4ab8e6d2fd Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 17 Nov 2019 23:21:29 -0800 -Subject: [PATCH 034/115] crypto: chacha_generic - remove unnecessary setkey() +Subject: [PATCH 034/124] crypto: chacha_generic - remove unnecessary setkey() functions commit 2043323a799a660bc84bbee404cf7a2617ec6157 upstream. @@ -31359,10 +31359,10 @@ index c1b1473183938..8beea79ab1178 100644 2.18.4 -From 89f5ca0475e73f4752d3a6795c1949ed2a76d29e Mon Sep 17 00:00:00 2001 +From f89aff92754c9ace0d91bd99b84c75307db915fc Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 17 Nov 2019 23:21:58 -0800 -Subject: [PATCH 035/115] crypto: x86/chacha - only unregister algorithms if +Subject: [PATCH 035/124] crypto: x86/chacha - only unregister algorithms if registered commit b62755aed3a3f5ca9edd2718339ccea3b6bbbe57 upstream. @@ -31397,10 +31397,10 @@ index b391e13a9e415..a94e30b6f9413 100644 2.18.4 -From 1c70211beccb66b1b506cc8006c147a9d59bd7f2 Mon Sep 17 00:00:00 2001 +From 5eb742c619e60b30997e914c3208fea2f7dae232 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 17 Nov 2019 23:22:16 -0800 -Subject: [PATCH 036/115] crypto: lib/chacha20poly1305 - use chacha20_crypt() +Subject: [PATCH 036/124] crypto: lib/chacha20poly1305 - use chacha20_crypt() commit 413808b71e6204b0cc1eeaa77960f7c3cd381d33 upstream. @@ -31486,10 +31486,10 @@ index 821e5cc9b14eb..6d83cafebc69c 100644 2.18.4 -From 2882dd79df72546111aaecd936be7e5b40507d32 Mon Sep 17 00:00:00 2001 +From 75a98dd69b85921932935966062555b06b687800 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 25 Nov 2019 11:31:12 +0100 -Subject: [PATCH 037/115] crypto: arch - conditionalize crypto api in arch glue +Subject: [PATCH 037/124] crypto: arch - conditionalize crypto api in arch glue for lib code commit 8394bfec51e0e565556101bcc4e2fe7551104cd8 upstream. @@ -31787,10 +31787,10 @@ index 370cd88068ec1..0cc4537e6617c 100644 2.18.4 -From 74b89ee28db1d76c44ea3f1e9ef5839a803de29d Mon Sep 17 00:00:00 2001 +From cc6f8c60d6936f78b9212bdc1f0bff61343b8152 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Valdis=20Kl=C4=93tnieks?= Date: Thu, 5 Dec 2019 20:58:36 -0500 -Subject: [PATCH 038/115] crypto: chacha - fix warning message in header file +Subject: [PATCH 038/124] crypto: chacha - fix warning message in header file commit 579d705cd64e44f3fcda1a6cfd5f37468a5ddf63 upstream. @@ -31828,10 +31828,10 @@ index aa5d4a16aac5d..b085dc1ac1516 100644 2.18.4 -From 4b798e161c3f1a846a48ea91b27f3cb18100220a Mon Sep 17 00:00:00 2001 +From 138ca9bd09bcd8ce0a013f3a75e9de260a6e6d64 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 11 Dec 2019 10:26:39 +0100 -Subject: [PATCH 039/115] crypto: arm/curve25519 - add arch-specific key +Subject: [PATCH 039/124] crypto: arm/curve25519 - add arch-specific key generation function commit 84faa307249b341f6ad8de3e1869d77a65e26669 upstream. @@ -31872,10 +31872,10 @@ index f3f42cf3b8937..776ae07e04697 100644 2.18.4 -From c8c17cad23f8635d751ec0aad621fdf7ded5d6d1 Mon Sep 17 00:00:00 2001 +From 8ff5eaefb8eac9888d0a6a0d980c28cc5b53310f Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 16 Dec 2019 19:53:26 +0100 -Subject: [PATCH 040/115] crypto: lib/curve25519 - re-add selftests +Subject: [PATCH 040/124] crypto: lib/curve25519 - re-add selftests commit aa127963f1cab2b93c74c9b128a84610203fb674 upstream. @@ -33270,10 +33270,10 @@ index 0106bebe69008..c03ccdb994340 100644 2.18.4 -From 78834bc0be45631e091ada3cdad050267aa962cd Mon Sep 17 00:00:00 2001 +From 998a2390cbacd4218ce639458e68b0ad077e7657 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 5 Jan 2020 22:40:46 -0500 -Subject: [PATCH 041/115] crypto: poly1305 - add new 32 and 64-bit generic +Subject: [PATCH 041/124] crypto: poly1305 - add new 32 and 64-bit generic versions commit 1c08a104360f3e18f4ee6346c21cc3923efb952e upstream. @@ -34465,10 +34465,10 @@ index 32ec293c65ae7..9d2d14df0fee5 100644 2.18.4 -From 58127c498379d26e9fceea96c1808c88338c874e Mon Sep 17 00:00:00 2001 +From 1514821265506dac2578cfc1f22f9dde3d899cf2 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 5 Jan 2020 22:40:47 -0500 -Subject: [PATCH 042/115] crypto: x86/poly1305 - import unmodified cryptogams +Subject: [PATCH 042/124] crypto: x86/poly1305 - import unmodified cryptogams implementation commit 0896ca2a0cb6127e8a129f1f2a680d49b6b0f65c upstream. @@ -38655,10 +38655,10 @@ index 0000000000000..342ad7f18aa71 2.18.4 -From 1de7e70cdad987e708e276ed6c584f17f44a445a Mon Sep 17 00:00:00 2001 +From e0a371560fd5181e32e24ecc42a66392e7c50e60 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 5 Jan 2020 22:40:48 -0500 -Subject: [PATCH 043/115] crypto: x86/poly1305 - wire up faster implementations +Subject: [PATCH 043/124] crypto: x86/poly1305 - wire up faster implementations for kernel commit d7d7b853566254648df59f7ea27ea05952a6cfa8 upstream. @@ -41592,10 +41592,10 @@ index 0b2c4fce26d95..14c032de276e6 100644 2.18.4 -From 9d88649f8ef5028453ecde65a843e711b0945eec Mon Sep 17 00:00:00 2001 +From 4b0829367ac6d33721304193f23c3892cffed108 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 5 Jan 2020 22:40:49 -0500 -Subject: [PATCH 044/115] crypto: {arm,arm64,mips}/poly1305 - remove redundant +Subject: [PATCH 044/124] crypto: {arm,arm64,mips}/poly1305 - remove redundant non-reduction from emit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -41773,10 +41773,10 @@ index b37d29cf5d0a8..fc881b46d9111 100644 2.18.4 -From 57a90de716992b58c20baa24628e902cce26e4fd Mon Sep 17 00:00:00 2001 +From b2f7f81574ddd4b2dcbc25919649bc6fa9682c10 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Wed, 8 Jan 2020 12:37:35 +0800 -Subject: [PATCH 045/115] crypto: curve25519 - Fix selftest build error +Subject: [PATCH 045/124] crypto: curve25519 - Fix selftest build error commit a8bdf2c42ee4d1ee42af1f3601f85de94e70a421 upstream. @@ -41886,10 +41886,10 @@ index c03ccdb994340..288a62cd29b22 100644 2.18.4 -From 209d764b1645563f12dc852cd5124d158aa7f2ed Mon Sep 17 00:00:00 2001 +From 3c3b7530f886f252e4a5135e9fb4e168d3bc06fc Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 16 Jan 2020 18:23:55 +0100 -Subject: [PATCH 046/115] crypto: x86/poly1305 - fix .gitignore typo +Subject: [PATCH 046/124] crypto: x86/poly1305 - fix .gitignore typo commit 1f6868995326cc82102049e349d8dbd116bdb656 upstream. @@ -41915,10 +41915,10 @@ index c406ea6571fac..30be0400a4392 100644 2.18.4 -From aa5d3f33ed4293ebe39f4a00f334df6cf058a97c Mon Sep 17 00:00:00 2001 +From 24c3f89e6a2dba65e02f6dc713ed1ea792c7e4bc Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 16 Jan 2020 21:26:34 +0100 -Subject: [PATCH 047/115] crypto: chacha20poly1305 - add back missing test +Subject: [PATCH 047/124] crypto: chacha20poly1305 - add back missing test vectors and test chunking commit 72c7943792c9e7788ddd182337bcf8f650cf56f5 upstream. @@ -43779,10 +43779,10 @@ index 465de46dbdef2..c391a91364e9d 100644 2.18.4 -From b9130d65de27aa574c43d36309566d2d661f562e Mon Sep 17 00:00:00 2001 +From d153b7c88cdc9ec38f697ca2e38dea285bcdceac Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 17 Jan 2020 11:42:22 +0100 -Subject: [PATCH 048/115] crypto: x86/poly1305 - emit does base conversion +Subject: [PATCH 048/124] crypto: x86/poly1305 - emit does base conversion itself commit f9e7fe32a792726186301423ff63a465d63386e1 upstream. @@ -43822,10 +43822,10 @@ index 657363588e0c8..79bb58737d528 100644 2.18.4 -From e4912683de95e6badfefdfcab00e5728580acfe3 Mon Sep 17 00:00:00 2001 +From af38a277273dd3fa1b45647bd1d18c642d6f6698 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 17 Jan 2020 17:43:18 +0100 -Subject: [PATCH 049/115] crypto: arm/chacha - fix build failured when kernel +Subject: [PATCH 049/124] crypto: arm/chacha - fix build failured when kernel mode NEON is disabled commit 0bc81767c5bd9d005fae1099fb39eb3688370cb1 upstream. @@ -43886,10 +43886,10 @@ index 7bdf8823066d0..893692ed12b76 100644 2.18.4 -From c0906d8f3e64011cbde6687f67dfd224a7a01055 Mon Sep 17 00:00:00 2001 +From 8d96035b613c0fe1b0ae270bfd8512b2b133ef4d Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 17 Jan 2020 12:01:36 +0100 -Subject: [PATCH 050/115] crypto: Kconfig - allow tests to be disabled when +Subject: [PATCH 050/124] crypto: Kconfig - allow tests to be disabled when manager is disabled commit 2343d1529aff8b552589f622c23932035ed7a05d upstream. @@ -43932,10 +43932,10 @@ index b8b738bcc3120..8fcf630471dcf 100644 2.18.4 -From 44e282e3975c6fd03529c5524c2dd7ef7cb87a69 Mon Sep 17 00:00:00 2001 +From cf0d4a4876f6649420a87d0cec615b14af0c85b5 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 6 Feb 2020 12:42:01 +0100 -Subject: [PATCH 051/115] crypto: chacha20poly1305 - prevent integer overflow +Subject: [PATCH 051/124] crypto: chacha20poly1305 - prevent integer overflow on large input commit c9cc0517bba9f0213f1e55172feceb99e5512daf upstream. @@ -43978,10 +43978,10 @@ index 6d83cafebc69c..ad0699ce702f9 100644 2.18.4 -From 783a2c65af5ba9746c9aa98116fff07cbadb4b45 Mon Sep 17 00:00:00 2001 +From 38bb5c7c289c7312e9d1019d53ff0a78a11c6452 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 1 Mar 2020 22:52:35 +0800 -Subject: [PATCH 052/115] crypto: x86/curve25519 - support assemblers with no +Subject: [PATCH 052/124] crypto: x86/curve25519 - support assemblers with no adx support commit 1579f1bc3b753d17a44de3457d5c6f4a5b14c752 upstream. @@ -44003,10 +44003,10 @@ Signed-off-by: Jason A. Donenfeld 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/arch/x86/Makefile b/arch/x86/Makefile -index 94df0868804bc..513a55562d750 100644 +index 8ca3cf7c5ec97..03c7ec1dc83f0 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile -@@ -194,9 +194,10 @@ avx2_instr :=$(call as-instr,vpbroadcastb %xmm0$(comma)%ymm1,-DCONFIG_AS_AVX2=1) +@@ -197,9 +197,10 @@ avx2_instr :=$(call as-instr,vpbroadcastb %xmm0$(comma)%ymm1,-DCONFIG_AS_AVX2=1) avx512_instr :=$(call as-instr,vpmovm2b %k1$(comma)%zmm5,-DCONFIG_AS_AVX512=1) sha1_ni_instr :=$(call as-instr,sha1msg1 %xmm0$(comma)%xmm1,-DCONFIG_AS_SHA1_NI=1) sha256_ni_instr :=$(call as-instr,sha256msg1 %xmm0$(comma)%xmm1,-DCONFIG_AS_SHA256_NI=1) @@ -44072,10 +44072,10 @@ index 4e6dc840b1592..9ecb3c1f0f15d 100644 2.18.4 -From 445cdda06d2d6cf0aeb6ff3c96c18d1970bbb622 Mon Sep 17 00:00:00 2001 +From 865fde1df114cb6121f0af4af38261f5a0d824ce Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 18 Mar 2020 20:27:32 -0600 -Subject: [PATCH 053/115] crypto: arm64/chacha - correctly walk through blocks +Subject: [PATCH 053/124] crypto: arm64/chacha - correctly walk through blocks commit c8cfcb78c65877313cda7bcbace624d3dbd1f3b3 upstream. @@ -44148,10 +44148,10 @@ index c391a91364e9d..fa43deda2660d 100644 2.18.4 -From 79a9b936012f72abf2e10ba16fc449f2a0905eef Mon Sep 17 00:00:00 2001 +From 0600853de17c8b222156fb878666b5c384a422bb Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 20 Jan 2020 18:18:15 +0100 -Subject: [PATCH 054/115] crypto: x86/curve25519 - replace with formally +Subject: [PATCH 054/124] crypto: x86/curve25519 - replace with formally verified implementation commit 07b586fe06625b0b610dc3d3a969c51913d143d4 upstream. @@ -47905,10 +47905,10 @@ index eec7d2d242396..e4e58b8e9afe4 100644 2.18.4 -From 816354525a1157f6243e1e992dffa6bed19db5d5 Mon Sep 17 00:00:00 2001 +From 33e7ca090c0d17f2894b44a168d49f4e51ba1b30 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 1 Mar 2020 16:06:56 +0800 -Subject: [PATCH 055/115] crypto: x86/curve25519 - leave r12 as spare register +Subject: [PATCH 055/124] crypto: x86/curve25519 - leave r12 as spare register commit dc7fc3a53ae158263196b1892b672aedf67796c5 upstream. @@ -48287,10 +48287,10 @@ index e4e58b8e9afe4..8a17621f7d3a3 100644 2.18.4 -From 37c87cbf1de4258cadb0417f95c8e37eda4c06ac Mon Sep 17 00:00:00 2001 +From b6f9158fd02f157a6ebdea1b6d0da528d3cdb90d Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 19 Mar 2020 11:56:17 -0600 -Subject: [PATCH 056/115] crypto: arm[64]/poly1305 - add artifact to .gitignore +Subject: [PATCH 056/124] crypto: arm[64]/poly1305 - add artifact to .gitignore files commit 6e4e00d8b68ca7eb30d08afb740033e0d36abe55 upstream. @@ -48331,10 +48331,10 @@ index 879df8781ed56..e403b1343328d 100644 2.18.4 -From 47b920bf9d66a9e52905251430a3612c43fe16d5 Mon Sep 17 00:00:00 2001 +From f822009c12b208ef9a7024274d17064cee17d1e9 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 23 Apr 2020 15:54:04 -0600 -Subject: [PATCH 057/115] crypto: arch/lib - limit simd usage to 4k chunks +Subject: [PATCH 057/124] crypto: arch/lib - limit simd usage to 4k chunks commit 706024a52c614b478b63f7728d202532ce6591a9 upstream. @@ -48592,10 +48592,10 @@ index 79bb58737d528..61b2bc8b69861 100644 2.18.4 -From 487339cfa7eef7b7be65777ac82ba738108d4288 Mon Sep 17 00:00:00 2001 +From 4a0052127f0109bf05f8c233a68caff836851548 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Wed, 8 Jul 2020 12:41:13 +1000 -Subject: [PATCH 058/115] crypto: lib/chacha20poly1305 - Add missing function +Subject: [PATCH 058/124] crypto: lib/chacha20poly1305 - Add missing function declaration commit 06cc2afbbdf9a9e8df3e2f8db724997dd6e1b4ac upstream. @@ -48638,10 +48638,10 @@ index ad0699ce702f9..431e042803327 100644 2.18.4 -From c331c0664a83c27565d6fa1b6d8d9f40f6ff5d7f Mon Sep 17 00:00:00 2001 +From 74bf0ebb74242f61b71ab70a5d11b14b3b67baa4 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Wed, 8 Jul 2020 12:11:18 +0300 -Subject: [PATCH 059/115] crypto: x86/chacha-sse3 - use unaligned loads for +Subject: [PATCH 059/124] crypto: x86/chacha-sse3 - use unaligned loads for state array commit e79a31715193686e92dadb4caedfbb1f5de3659c upstream. @@ -48796,10 +48796,10 @@ index 2676f4fbd4c16..3a1c72fdb7cf5 100644 2.18.4 -From 57637608dd8f1939dac22e52e325bbf2f12a7c47 Mon Sep 17 00:00:00 2001 +From 12edfd666753a2587de59e2a5284bd84340969f7 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 23 Jul 2020 17:50:48 +1000 -Subject: [PATCH 060/115] crypto: x86/curve25519 - Remove unused carry +Subject: [PATCH 060/124] crypto: x86/curve25519 - Remove unused carry variables commit 054a5540fb8f7268e2c79e9deab4242db15c8cba upstream. @@ -48849,10 +48849,10 @@ index 8a17621f7d3a3..8acbb6584a370 100644 2.18.4 -From 3b768a37972cfa1441f0a4a4018e068f814bdaae Mon Sep 17 00:00:00 2001 +From eb45a16164b3d0089254b65bfe9ffb746db3d5dd Mon Sep 17 00:00:00 2001 From: Fabio Estevam Date: Mon, 24 Aug 2020 11:09:53 -0300 -Subject: [PATCH 061/115] crypto: arm/curve25519 - include +Subject: [PATCH 061/124] crypto: arm/curve25519 - include commit 6779d0e6b0fe193ab3010ea201782ca6f75a3862 upstream. @@ -48892,10 +48892,10 @@ index 776ae07e04697..31eb75b6002fb 100644 2.18.4 -From 0d2293356e77e411eb0018c97876730ca3230be8 Mon Sep 17 00:00:00 2001 +From 80a12d0385f827f969593a230d81a22d579b570f Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 25 Aug 2020 11:23:00 +1000 -Subject: [PATCH 062/115] crypto: arm/poly1305 - Add prototype for +Subject: [PATCH 062/124] crypto: arm/poly1305 - Add prototype for poly1305_blocks_neon commit 51982ea02aef972132eb35c583d3e4c5b83166e5 upstream. @@ -48932,10 +48932,10 @@ index 13cfef4ae22e3..3023c1acfa194 100644 2.18.4 -From 7c4160370b416193dafaee369d8225f212217c6c Mon Sep 17 00:00:00 2001 +From e1ac9711ecfd2a32558fed950bd78121dd820c50 Mon Sep 17 00:00:00 2001 From: Uros Bizjak Date: Thu, 27 Aug 2020 19:30:58 +0200 -Subject: [PATCH 063/115] crypto: curve25519-x86_64 - Use XORL r32,32 +Subject: [PATCH 063/124] crypto: curve25519-x86_64 - Use XORL r32,32 commit db719539fd3889836900bf912755aa30a5985e9a upstream. @@ -49199,10 +49199,10 @@ index 8acbb6584a370..a9edb6f8a0ba6 100644 2.18.4 -From 3683d0494205583fd48a4e1e66b1171c50e1ce4d Mon Sep 17 00:00:00 2001 +From d935e644f116acda8d7587b156b69b88c82d02c9 Mon Sep 17 00:00:00 2001 From: Uros Bizjak Date: Thu, 27 Aug 2020 19:38:31 +0200 -Subject: [PATCH 064/115] crypto: poly1305-x86_64 - Use XORL r32,32 +Subject: [PATCH 064/124] crypto: poly1305-x86_64 - Use XORL r32,32 commit 7dfd1e01b3dfc13431b1b25720cf2692a7e111ef upstream. @@ -49264,10 +49264,10 @@ index 80061bea6b16a..5b593990501d3 100644 2.18.4 -From d178f243b50c4d96ca2e837e24fc6a4eae120f06 Mon Sep 17 00:00:00 2001 +From 050beea218e4924963b5dc066620aa6e4d763f48 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Thu, 24 Sep 2020 13:29:04 +1000 -Subject: [PATCH 065/115] crypto: x86/poly1305 - Remove assignments with no +Subject: [PATCH 065/124] crypto: x86/poly1305 - Remove assignments with no effect commit 4a0c1de64bf9d9027a6f19adfba89fc27893db23 upstream. @@ -49300,10 +49300,10 @@ index 61b2bc8b69861..7de5046fe5832 100644 2.18.4 -From 03b3e2d25b02791303c5025c620b8a9c04f2fe8b Mon Sep 17 00:00:00 2001 +From ee088bff793df6e9a62a9e0bd80b138dc583ee63 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Fri, 23 Oct 2020 15:27:48 -0700 -Subject: [PATCH 066/115] crypto: x86/poly1305 - add back a needed assignment +Subject: [PATCH 066/124] crypto: x86/poly1305 - add back a needed assignment commit c3a98c3ad5c0dc60a1ac66bf91147a3f39cac96b upstream. @@ -49339,10 +49339,10 @@ index 7de5046fe5832..b69e362730d02 100644 2.18.4 -From 527d549345d69bce58e7664d454cb65588a257f3 Mon Sep 17 00:00:00 2001 +From 523adc158011314e131f6f31379a4a91933c423f Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 2 Nov 2020 14:48:15 +0100 -Subject: [PATCH 067/115] crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires +Subject: [PATCH 067/124] crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager commit 6569e3097f1c4a490bdf2b23d326855e04942dfd upstream. @@ -49378,10 +49378,10 @@ index 8fcf630471dcf..fd5a8724ed385 100644 2.18.4 -From ace7208e3bb70742cd2717770424234424cabf93 Mon Sep 17 00:00:00 2001 +From f18ccdfbe79e8501a36e89939dcfd6312033b744 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Tue, 3 Nov 2020 17:28:09 +0100 -Subject: [PATCH 068/115] crypto: arm/chacha-neon - optimize for non-block size +Subject: [PATCH 068/124] crypto: arm/chacha-neon - optimize for non-block size multiples commit 86cd97ec4b943af35562a74688bc4e909b32c3d1 upstream. @@ -49658,10 +49658,10 @@ index eb22926d49127..13d12f672656b 100644 2.18.4 -From c3c512ae16575c9a768cbe0c678812cea27cacc0 Mon Sep 17 00:00:00 2001 +From 687cd321ca27a865f9b353b5f9186a3373c6ac4c Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 6 Nov 2020 17:39:38 +0100 -Subject: [PATCH 069/115] crypto: arm64/chacha - simplify tail block handling +Subject: [PATCH 069/124] crypto: arm64/chacha - simplify tail block handling commit c4fc6328d6c67690a7e6e03f43a5a976a13120ef upstream. @@ -49988,170 +49988,98 @@ index 706c4e10e9e29..50d9dd173be79 100644 2.18.4 -From d08426b3c0fc045f9794e7e3f2adb1d909dbd165 Mon Sep 17 00:00:00 2001 +From 973aa27a4460512f93a0a5de7446b1e90c639e1c Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" -Date: Tue, 11 Feb 2020 20:47:05 +0100 -Subject: [PATCH 070/115] icmp: introduce helper for nat'd source address in - network device context +Date: Fri, 15 Jan 2021 20:30:12 +0100 +Subject: [PATCH 070/124] crypto: lib/chacha20poly1305 - define empty module + exit function -commit 0b41713b606694257b90d61ba7e2712d8457648b upstream. +commit ac88c322d0f2917d41d13553c69e9d7f043c8b6f upstream. -This introduces a helper function to be called only by network drivers -that wraps calls to icmp[v6]_send in a conntrack transformation, in case -NAT has been used. We don't want to pollute the non-driver path, though, -so we introduce this as a helper to be called by places that actually -make use of this, as suggested by Florian. +With no mod_exit function, users are unable to unload the module after +use. I'm not aware of any reason why module unloading should be +prohibited for this one, so this commit simply adds an empty exit +function. +Reported-and-tested-by: John Donnelly +Acked-by: Ard Biesheuvel Signed-off-by: Jason A. Donenfeld -Cc: Florian Westphal -Signed-off-by: David S. Miller +Signed-off-by: Herbert Xu Signed-off-by: Jason A. Donenfeld --- - include/linux/icmpv6.h | 10 ++++++++++ - include/net/icmp.h | 6 ++++++ - net/ipv4/icmp.c | 33 +++++++++++++++++++++++++++++++++ - net/ipv6/ip6_icmp.c | 34 ++++++++++++++++++++++++++++++++++ - 4 files changed, 83 insertions(+) - -diff --git a/include/linux/icmpv6.h b/include/linux/icmpv6.h -index a8f8889761378..024b7a4cd98e2 100644 ---- a/include/linux/icmpv6.h -+++ b/include/linux/icmpv6.h -@@ -22,12 +22,22 @@ extern int inet6_unregister_icmp_sender(ip6_icmp_send_t *fn); - int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type, - unsigned int data_len); - -+#if IS_ENABLED(CONFIG_NF_NAT) -+void icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8 code, __u32 info); -+#else -+#define icmpv6_ndo_send icmpv6_send -+#endif -+ - #else - - static inline void icmpv6_send(struct sk_buff *skb, - u8 type, u8 code, __u32 info) - { -+} - -+static inline void icmpv6_ndo_send(struct sk_buff *skb, -+ u8 type, u8 code, __u32 info) -+{ - } - #endif - -diff --git a/include/net/icmp.h b/include/net/icmp.h -index 5d4bfdba9adf0..9ac2d2672a938 100644 ---- a/include/net/icmp.h -+++ b/include/net/icmp.h -@@ -43,6 +43,12 @@ static inline void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 - __icmp_send(skb_in, type, code, info, &IPCB(skb_in)->opt); - } - -+#if IS_ENABLED(CONFIG_NF_NAT) -+void icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info); -+#else -+#define icmp_ndo_send icmp_send -+#endif -+ - int icmp_rcv(struct sk_buff *skb); - int icmp_err(struct sk_buff *skb, u32 info); - int icmp_init(void); -diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c -index d00533aea1f05..5b7717da168db 100644 ---- a/net/ipv4/icmp.c -+++ b/net/ipv4/icmp.c -@@ -750,6 +750,39 @@ out:; + lib/crypto/chacha20poly1305.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/lib/crypto/chacha20poly1305.c b/lib/crypto/chacha20poly1305.c +index 431e042803327..1fec56e5dd511 100644 +--- a/lib/crypto/chacha20poly1305.c ++++ b/lib/crypto/chacha20poly1305.c +@@ -364,7 +364,12 @@ static int __init mod_init(void) + return 0; } - EXPORT_SYMBOL(__icmp_send); -+#if IS_ENABLED(CONFIG_NF_NAT) -+#include -+void icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info) ++static void __exit mod_exit(void) +{ -+ struct sk_buff *cloned_skb = NULL; -+ enum ip_conntrack_info ctinfo; -+ struct nf_conn *ct; -+ __be32 orig_ip; -+ -+ ct = nf_ct_get(skb_in, &ctinfo); -+ if (!ct || !(ct->status & IPS_SRC_NAT)) { -+ icmp_send(skb_in, type, code, info); -+ return; -+ } -+ -+ if (skb_shared(skb_in)) -+ skb_in = cloned_skb = skb_clone(skb_in, GFP_ATOMIC); -+ -+ if (unlikely(!skb_in || skb_network_header(skb_in) < skb_in->head || -+ (skb_network_header(skb_in) + sizeof(struct iphdr)) > -+ skb_tail_pointer(skb_in) || skb_ensure_writable(skb_in, -+ skb_network_offset(skb_in) + sizeof(struct iphdr)))) -+ goto out; -+ -+ orig_ip = ip_hdr(skb_in)->saddr; -+ ip_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.ip; -+ icmp_send(skb_in, type, code, info); -+ ip_hdr(skb_in)->saddr = orig_ip; -+out: -+ consume_skb(cloned_skb); +} -+EXPORT_SYMBOL(icmp_ndo_send); -+#endif - - static void icmp_socket_deliver(struct sk_buff *skb, u32 info) - { -diff --git a/net/ipv6/ip6_icmp.c b/net/ipv6/ip6_icmp.c -index 02045494c24cc..e0086758b6ee3 100644 ---- a/net/ipv6/ip6_icmp.c -+++ b/net/ipv6/ip6_icmp.c -@@ -45,4 +45,38 @@ void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info) - rcu_read_unlock(); - } - EXPORT_SYMBOL(icmpv6_send); + -+#if IS_ENABLED(CONFIG_NF_NAT) -+#include -+void icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8 code, __u32 info) -+{ -+ struct sk_buff *cloned_skb = NULL; -+ enum ip_conntrack_info ctinfo; -+ struct in6_addr orig_ip; -+ struct nf_conn *ct; -+ -+ ct = nf_ct_get(skb_in, &ctinfo); -+ if (!ct || !(ct->status & IPS_SRC_NAT)) { -+ icmpv6_send(skb_in, type, code, info); -+ return; -+ } -+ -+ if (skb_shared(skb_in)) -+ skb_in = cloned_skb = skb_clone(skb_in, GFP_ATOMIC); -+ -+ if (unlikely(!skb_in || skb_network_header(skb_in) < skb_in->head || -+ (skb_network_header(skb_in) + sizeof(struct ipv6hdr)) > -+ skb_tail_pointer(skb_in) || skb_ensure_writable(skb_in, -+ skb_network_offset(skb_in) + sizeof(struct ipv6hdr)))) -+ goto out; -+ -+ orig_ip = ipv6_hdr(skb_in)->saddr; -+ ipv6_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.in6; -+ icmpv6_send(skb_in, type, code, info); -+ ipv6_hdr(skb_in)->saddr = orig_ip; -+out: -+ consume_skb(cloned_skb); -+} -+EXPORT_SYMBOL(icmpv6_ndo_send); -+#endif - #endif + module_init(mod_init); ++module_exit(mod_exit); + MODULE_LICENSE("GPL v2"); + MODULE_DESCRIPTION("ChaCha20Poly1305 AEAD construction"); + MODULE_AUTHOR("Jason A. Donenfeld "); -- 2.18.4 -From 39f2f7f90703df3f272dd8d2bd88fbe1542eb512 Mon Sep 17 00:00:00 2001 +From 8f8e54f37e8172cece9914470b0493f255d38857 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Sun, 13 Dec 2020 15:39:29 +0100 +Subject: [PATCH 071/124] crypto: arm/chacha-neon - add missing counter + increment + +commit fd16931a2f518a32753920ff20895e5cf04c8ff1 upstream. + +Commit 86cd97ec4b943af3 ("crypto: arm/chacha-neon - optimize for non-block +size multiples") refactored the chacha block handling in the glue code in +a way that may result in the counter increment to be omitted when calling +chacha_block_xor_neon() to process a full block. This violates the skcipher +API, which requires that the output IV is suitable for handling more input +as long as the preceding input has been presented in round multiples of the +block size. Also, the same code is exposed via the chacha library interface +whose callers may actually rely on this increment to occur even for final +blocks that are smaller than the chacha block size. + +So increment the counter after calling chacha_block_xor_neon(). + +Fixes: 86cd97ec4b943af3 ("crypto: arm/chacha-neon - optimize for non-block size multiples") +Reported-by: Eric Biggers +Signed-off-by: Ard Biesheuvel +Signed-off-by: Herbert Xu +Signed-off-by: Jason A. Donenfeld +--- + arch/arm/crypto/chacha-glue.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/arm/crypto/chacha-glue.c b/arch/arm/crypto/chacha-glue.c +index f603184dc0f58..a408f4bcfd625 100644 +--- a/arch/arm/crypto/chacha-glue.c ++++ b/arch/arm/crypto/chacha-glue.c +@@ -60,6 +60,7 @@ static void chacha_doneon(u32 *state, u8 *dst, const u8 *src, + chacha_block_xor_neon(state, d, s, nrounds); + if (d != dst) + memcpy(dst, buf, bytes); ++ state[12]++; + } + } + +-- +2.18.4 + + +From c7211888d3d667d5ab18286bba218419460cd543 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 9 Dec 2019 00:27:34 +0100 -Subject: [PATCH 071/115] net: WireGuard secure network tunnel +Subject: [PATCH 072/124] net: WireGuard secure network tunnel commit e7096c131e5161fa3b8e52a650d7719d2857adfd upstream. @@ -50265,7 +50193,8 @@ Cc: netdev@vger.kernel.org Signed-off-by: David S. Miller [Jason: ported to 5.4 by doing the following: - wg_get_device_start uses genl_family_attrbuf - - trival skb_redirect_reset change from 2c64605b590e is folded in] + - trival skb_redirect_reset change from 2c64605b590e is folded in + - skb_list_walk_safe was already backported prior] Signed-off-by: Jason A. Donenfeld --- MAINTAINERS | 8 + @@ -50277,7 +50206,7 @@ Signed-off-by: Jason A. Donenfeld drivers/net/wireguard/cookie.c | 236 ++++++ drivers/net/wireguard/cookie.h | 59 ++ drivers/net/wireguard/device.c | 458 ++++++++++ - drivers/net/wireguard/device.h | 73 ++ + drivers/net/wireguard/device.h | 65 ++ drivers/net/wireguard/main.c | 64 ++ drivers/net/wireguard/messages.h | 128 +++ drivers/net/wireguard/netlink.c | 648 +++++++++++++++ @@ -50304,7 +50233,7 @@ Signed-off-by: Jason A. Donenfeld drivers/net/wireguard/version.h | 1 + include/uapi/linux/wireguard.h | 196 +++++ tools/testing/selftests/wireguard/netns.sh | 537 ++++++++++++ - 36 files changed, 7761 insertions(+) + 36 files changed, 7753 insertions(+) create mode 100644 drivers/net/wireguard/Makefile create mode 100644 drivers/net/wireguard/allowedips.c create mode 100644 drivers/net/wireguard/allowedips.h @@ -51671,10 +51600,10 @@ index 0000000000000..16b19824b9ad0 +} diff --git a/drivers/net/wireguard/device.h b/drivers/net/wireguard/device.h new file mode 100644 -index 0000000000000..c91f3051c5c78 +index 0000000000000..b15a8be9d8169 --- /dev/null +++ b/drivers/net/wireguard/device.h -@@ -0,0 +1,73 @@ +@@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved. @@ -51739,14 +51668,6 @@ index 0000000000000..c91f3051c5c78 +int wg_device_init(void); +void wg_device_uninit(void); + -+/* Later after the dust settles, this can be moved into include/linux/skbuff.h, -+ * where virtually all code that deals with GSO segs can benefit, around ~30 -+ * drivers as of writing. -+ */ -+#define skb_list_walk_safe(first, skb, next) \ -+ for (skb = first, next = skb->next; skb; \ -+ skb = next, next = skb ? skb->next : NULL) -+ +#endif /* _WG_DEVICE_H */ diff --git a/drivers/net/wireguard/main.c b/drivers/net/wireguard/main.c new file mode 100644 @@ -58335,10 +58256,10 @@ index 0000000000000..e7310d9390f7e 2.18.4 -From b1a7d1d40af85d1e0376bfd6d731601c5e1c395a Mon Sep 17 00:00:00 2001 +From 9ba5b1f9cc591fbbe725045f93de149c66e347ec Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 15 Dec 2019 22:08:00 +0100 -Subject: [PATCH 072/115] wireguard: selftests: import harness makefile for +Subject: [PATCH 073/124] wireguard: selftests: import harness makefile for test suite commit 65d88d04114bca7d85faebd5fed61069cb2b632c upstream. @@ -59472,10 +59393,10 @@ index 0000000000000..9cca30206014d 2.18.4 -From 8dc975a7427f7038811800fef712fd713aae7a61 Mon Sep 17 00:00:00 2001 +From f70e1a6c29e243adda7b1f5da28c10eb39d167f3 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 15 Dec 2019 22:08:01 +0100 -Subject: [PATCH 073/115] wireguard: Kconfig: select parent dependency for +Subject: [PATCH 074/124] wireguard: Kconfig: select parent dependency for crypto commit d7c68a38bb4f9b7c1a2e4a772872c752ee5c44a6 upstream. @@ -59509,10 +59430,10 @@ index 16ad145e22c91..57f1ba924f4ec 100644 2.18.4 -From 585480d0587e45e1e266a071224e05ec33bfc115 Mon Sep 17 00:00:00 2001 +From 99693926e0ba394e2cd6e0b2816f722e10713979 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 15 Dec 2019 22:08:02 +0100 -Subject: [PATCH 074/115] wireguard: global: fix spelling mistakes in comments +Subject: [PATCH 075/124] wireguard: global: fix spelling mistakes in comments commit a2ec8b5706944d228181c8b91d815f41d6dd8e7b upstream. @@ -59583,10 +59504,10 @@ index dd8a47c4ad11f..ae88be14c9478 100644 2.18.4 -From 06066ce74329f8b71dab647b3793da9baf7ee235 Mon Sep 17 00:00:00 2001 +From 047cec8e8a87e67fafe1264b333d0982510d6a26 Mon Sep 17 00:00:00 2001 From: YueHaibing Date: Sun, 15 Dec 2019 22:08:03 +0100 -Subject: [PATCH 075/115] wireguard: main: remove unused include +Subject: [PATCH 076/124] wireguard: main: remove unused include commit 43967b6ff91e53bcce5ae08c16a0588a475b53a1 upstream. @@ -59618,10 +59539,10 @@ index 10c0a40f6a9e5..7a7d5f1a80fc7 100644 2.18.4 -From dd22819ca61b35927811636f161b46dca950a3fa Mon Sep 17 00:00:00 2001 +From 58b3a9e8b9cee3239cd06ef175298547273a4295 Mon Sep 17 00:00:00 2001 From: Wei Yongjun Date: Sun, 15 Dec 2019 22:08:04 +0100 -Subject: [PATCH 076/115] wireguard: allowedips: use kfree_rcu() instead of +Subject: [PATCH 077/124] wireguard: allowedips: use kfree_rcu() instead of call_rcu() commit d89ee7d5c73af15c1c6f12b016cdf469742b5726 upstream. @@ -59666,10 +59587,10 @@ index 72667d5399c34..121d9ea0f1358 100644 2.18.4 -From 6e7cae5376e453f49a50cf28e2136b40d515520f Mon Sep 17 00:00:00 2001 +From 8d8c7a1f402c98e771c36b235238411395674250 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 2 Jan 2020 17:47:49 +0100 -Subject: [PATCH 077/115] wireguard: selftests: remove ancient kernel +Subject: [PATCH 078/124] wireguard: selftests: remove ancient kernel compatibility code commit 9a69a4c8802adf642bc4a13d471b5a86b44ed434 upstream. @@ -60053,10 +59974,10 @@ index 9cca30206014d..af9323a0b6e09 100644 2.18.4 -From fd376f084fcdb55820e412bb59b3057089c5d240 Mon Sep 17 00:00:00 2001 +From 67d324d88510f1680ff57f141e194031b1a8f541 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 2 Jan 2020 17:47:50 +0100 -Subject: [PATCH 078/115] wireguard: queueing: do not account for pfmemalloc +Subject: [PATCH 079/124] wireguard: queueing: do not account for pfmemalloc when clearing skb header commit 04d2ea92a18417619182cbb79063f154892b0150 upstream. @@ -60098,10 +60019,10 @@ index 58fdd630b246c..e62c714a548ee 100644 2.18.4 -From b4d022a01246cfc45f3a851582fe4e3a7bc05399 Mon Sep 17 00:00:00 2001 +From dce70ef9a067ea0a0a7d39f299a10a1d83ae4d72 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 2 Jan 2020 17:47:51 +0100 -Subject: [PATCH 079/115] wireguard: socket: mark skbs as not on list when +Subject: [PATCH 080/124] wireguard: socket: mark skbs as not on list when receiving via gro commit 736775d06bac60d7a353e405398b48b2bd8b1e54 upstream. @@ -60138,10 +60059,10 @@ index c46256d0d81c1..262f3b5c819d5 100644 2.18.4 -From 98f74bef92c9a71e0b13fa71019c7cf4d9edb33d Mon Sep 17 00:00:00 2001 +From 93ac00668d7422ef05f04eb7a87e12b8b905184d Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Tue, 4 Feb 2020 22:17:25 +0100 -Subject: [PATCH 080/115] wireguard: allowedips: fix use-after-free in +Subject: [PATCH 081/124] wireguard: allowedips: fix use-after-free in root_remove_peer_lists commit 9981159fc3b677b357f84e069a11de5a5ec8a2a8 upstream. @@ -60308,10 +60229,10 @@ index 121d9ea0f1358..3725e9cd85f4f 100644 2.18.4 -From 9f8727b2a89423083a3d0a9d2a05613e5702f2c3 Mon Sep 17 00:00:00 2001 +From ea5089abc5550726239bc5f36aa77e1322b3066f Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 4 Feb 2020 22:17:26 +0100 -Subject: [PATCH 081/115] wireguard: noise: reject peers with low order public +Subject: [PATCH 082/124] wireguard: noise: reject peers with low order public keys commit ec31c2676a10e064878927b243fada8c2fb0c03c upstream. @@ -60550,10 +60471,10 @@ index d71c8db68a8ce..919d9d866446a 100644 2.18.4 -From 63c65ef93ff74fe306f16513a29ae71ddb5039f6 Mon Sep 17 00:00:00 2001 +From 9c83a9b35c80b73a7ba02b5de86b3fdfa34dc542 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 4 Feb 2020 22:17:27 +0100 -Subject: [PATCH 082/115] wireguard: selftests: ensure non-addition of peers +Subject: [PATCH 083/124] wireguard: selftests: ensure non-addition of peers with failed precomputation commit f9398acba6a4ae9cb98bfe4d56414d376eff8d57 upstream. @@ -60590,10 +60511,10 @@ index d5c85c7494f2e..b03647d1bbf6c 100755 2.18.4 -From 1fcd6b9256a02f1cab771dad818fc2b96d5260b0 Mon Sep 17 00:00:00 2001 +From 28265c2e0e86660f46b8c87c8bc5cf2b6d804e39 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 4 Feb 2020 22:17:29 +0100 -Subject: [PATCH 083/115] wireguard: selftests: tie socket waiting to target +Subject: [PATCH 084/124] wireguard: selftests: tie socket waiting to target pid commit 88f404a9b1d75388225b1c67b6dd327cb2182777 upstream. @@ -60674,10 +60595,10 @@ index b03647d1bbf6c..f5ab1cda8bb55 100755 2.18.4 -From 91973a963eefb5a01dc58ad39556b7b2bdbd1fc6 Mon Sep 17 00:00:00 2001 +From 257fc449457fcb57f90fd5fd830fa7a764748a92 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 11 Feb 2020 20:47:08 +0100 -Subject: [PATCH 084/115] wireguard: device: use icmp_ndo_send helper +Subject: [PATCH 085/124] wireguard: device: use icmp_ndo_send helper commit a12d7f3cbdc72c7625881c8dc2660fc2c979fdf2 upstream. @@ -60746,10 +60667,10 @@ index f5ab1cda8bb55..138d46b3f3306 100755 2.18.4 -From fd3733b4a7d72a7010acbea75ff2998f1f0176cc Mon Sep 17 00:00:00 2001 +From d4425a26a465b9ee5eed488576756173e054ce55 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 14 Feb 2020 23:57:20 +0100 -Subject: [PATCH 085/115] wireguard: selftests: reduce complexity and fix make +Subject: [PATCH 086/124] wireguard: selftests: reduce complexity and fix make races commit 04ddf1208f03e1dbc39a4619c40eba640051b950 upstream. @@ -60856,10 +60777,10 @@ index f10aa3590adc4..28d477683e8ab 100644 2.18.4 -From 58a6e7b509abdf6f12213d1d25c79f03a60723dc Mon Sep 17 00:00:00 2001 +From 23edd1fd792c68d1e7d65af258ebbb5b29a057a3 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 14 Feb 2020 23:57:21 +0100 -Subject: [PATCH 086/115] wireguard: receive: reset last_under_load to zero +Subject: [PATCH 087/124] wireguard: receive: reset last_under_load to zero commit 2a8a4df36462aa85b0db87b7c5ea145ba67e34a8 upstream. @@ -60900,10 +60821,10 @@ index 9c6bab9c981f4..4a153894cee25 100644 2.18.4 -From 15e63b5f5a1d129aeb5a2c485826e276e5b1f82d Mon Sep 17 00:00:00 2001 +From 8be835018687cbcbf5a0fa806280d2dcc170cb84 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 14 Feb 2020 23:57:22 +0100 -Subject: [PATCH 087/115] wireguard: send: account for mtu=0 devices +Subject: [PATCH 088/124] wireguard: send: account for mtu=0 devices commit 175f1ca9a9ed8689d2028da1a7c624bb4fb4ff7e upstream. @@ -61003,10 +60924,10 @@ index c132605634460..7348c10cbae3d 100644 2.18.4 -From 0e1149c0ddd63ffa1e1dd5698f5f185df5047295 Mon Sep 17 00:00:00 2001 +From b36598dacf234f86db04159062b3c2ca7bfe0064 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Fri, 14 Feb 2020 23:57:23 +0100 -Subject: [PATCH 088/115] wireguard: socket: remove extra call to +Subject: [PATCH 089/124] wireguard: socket: remove extra call to synchronize_net commit 1fbc33b0a7feb6ca72bf7dc8a05d81485ee8ee2e upstream. @@ -61042,10 +60963,10 @@ index 262f3b5c819d5..b0d6541582d31 100644 2.18.4 -From 9b5ab1284d6ca4040320e85c7e38edafad633aae Mon Sep 17 00:00:00 2001 +From f8faaa48a28d93ede6a6a3c45e87ae52f4048e4c Mon Sep 17 00:00:00 2001 From: YueHaibing Date: Wed, 18 Mar 2020 18:30:43 -0600 -Subject: [PATCH 089/115] wireguard: selftests: remove duplicated include +Subject: [PATCH 090/124] wireguard: selftests: remove duplicated include commit 166391159c5deb84795d2ff46e95f276177fa5fb upstream. @@ -61076,10 +60997,10 @@ index 90bc9813cadcd..c9698120ac9d8 100644 2.18.4 -From 835cf5da1ed821bc7add3f7a83de43785bd76393 Mon Sep 17 00:00:00 2001 +From 4d4c041de7586df2bf093545fb580b6451b077d4 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 18 Mar 2020 18:30:45 -0600 -Subject: [PATCH 090/115] wireguard: queueing: account for skb->protocol==0 +Subject: [PATCH 091/124] wireguard: queueing: account for skb->protocol==0 commit a5588604af448664e796daf3c1d5a4523c60667b upstream. @@ -61186,10 +61107,10 @@ index 4a153894cee25..243ed7172dd27 100644 2.18.4 -From ba8c8c7deda3d34c1e87a7c5d57c3df7dd090426 Mon Sep 17 00:00:00 2001 +From db9c9dd5a6d4104ee525eea52b0f51a9729398df Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 18 Mar 2020 18:30:46 -0600 -Subject: [PATCH 091/115] wireguard: receive: remove dead code from default +Subject: [PATCH 092/124] wireguard: receive: remove dead code from default packet type case commit 2b8765c52db24c0fbcc81bac9b5e8390f2c7d3c8 upstream. @@ -61227,10 +61148,10 @@ index 243ed7172dd27..da3b782ab7d31 100644 2.18.4 -From 8add8fff243ce9509db0e4cafed3134d326d966e Mon Sep 17 00:00:00 2001 +From 0da5b8c1525e4fbf15cd78fa171d73161f7c9ab1 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 18 Mar 2020 18:30:47 -0600 -Subject: [PATCH 092/115] wireguard: noise: error out precomputed DH during +Subject: [PATCH 093/124] wireguard: noise: error out precomputed DH during handshake rather than config commit 11a7686aa99c7fe4b3f80f6dcccd54129817984d upstream. @@ -61465,10 +61386,10 @@ index 138d46b3f3306..936e1ca9410ec 100755 2.18.4 -From bf4d1401c6da622c07cd83e0ebdb80cd822826c3 Mon Sep 17 00:00:00 2001 +From 263d41df64cf57a71456e3e75916ce73f8f4561b Mon Sep 17 00:00:00 2001 From: Sultan Alsawaf Date: Wed, 29 Apr 2020 14:59:20 -0600 -Subject: [PATCH 093/115] wireguard: send: remove errant newline from +Subject: [PATCH 094/124] wireguard: send: remove errant newline from packet_encrypt_worker commit d6833e42786e050e7522d6a91a9361e54085897d upstream. @@ -61500,10 +61421,10 @@ index 7348c10cbae3d..3e030d614df5f 100644 2.18.4 -From 0af14f05e0409c9c654872128d3bd38db881a9dc Mon Sep 17 00:00:00 2001 +From fc4615677434ed6c18f3340258512a1f7ea62a0c Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 29 Apr 2020 14:59:21 -0600 -Subject: [PATCH 094/115] wireguard: queueing: cleanup ptr_ring in error path +Subject: [PATCH 095/124] wireguard: queueing: cleanup ptr_ring in error path of packet_queue_init commit 130c58606171326c81841a49cc913cd354113dd9 upstream. @@ -61541,10 +61462,10 @@ index 5c964fcb994ec..71b8e80b58e12 100644 2.18.4 -From 4876e7f6852def2ce21465e276dc0b41970519cf Mon Sep 17 00:00:00 2001 +From 15d509fd1173d5101becbf6654a8a188492a7e09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= Date: Wed, 29 Apr 2020 14:59:22 -0600 -Subject: [PATCH 095/115] wireguard: receive: use tunnel helpers for +Subject: [PATCH 096/124] wireguard: receive: use tunnel helpers for decapsulating ECN markings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -61597,10 +61518,10 @@ index da3b782ab7d31..267f202f19314 100644 2.18.4 -From 20c723b26247f0b52316021a834a507fbed7413f Mon Sep 17 00:00:00 2001 +From b85452edb946440774b25fac96dbdc7035a37494 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 6 May 2020 15:33:02 -0600 -Subject: [PATCH 096/115] wireguard: selftests: use normal kernel stack size on +Subject: [PATCH 097/124] wireguard: selftests: use normal kernel stack size on ppc64 commit a0fd7cc87a018df1a17f9d3f0bd994c1f22c6b34 upstream. @@ -61632,10 +61553,10 @@ index 990c510a9cfa5..f52f1e2bc7f64 100644 2.18.4 -From 30922f6bb8e31e980d5e112304649de435757819 Mon Sep 17 00:00:00 2001 +From c293020965048a6331777fea5b46c5aa956b27a9 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 6 May 2020 15:33:03 -0600 -Subject: [PATCH 097/115] wireguard: socket: remove errant restriction on +Subject: [PATCH 098/124] wireguard: socket: remove errant restriction on looping to self commit b673e24aad36981f327a6570412ffa7754de8911 upstream. @@ -61802,10 +61723,10 @@ index 936e1ca9410ec..17a1f53ceba01 100755 2.18.4 -From 13059d9ab6aacc2835ce37a7e0be71da26fa8615 Mon Sep 17 00:00:00 2001 +From e97fec897d66616d772d8943aab2250efe6b3d2e Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 6 May 2020 15:33:04 -0600 -Subject: [PATCH 098/115] wireguard: send/receive: cond_resched() when +Subject: [PATCH 099/124] wireguard: send/receive: cond_resched() when processing worker ringbuffers commit 4005f5c3c9d006157ba716594e0d70c88a235c5e upstream. @@ -61868,10 +61789,10 @@ index 3e030d614df5f..dc3079e17c7fc 100644 2.18.4 -From 10c20143d8ae47a6afbe2c4b50d74928267c4e7c Mon Sep 17 00:00:00 2001 +From 4c198489509519c8882c0e6f4f0e00b7cd9c89cb Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 6 May 2020 15:33:05 -0600 -Subject: [PATCH 099/115] wireguard: selftests: initalize ipv6 members to NULL +Subject: [PATCH 100/124] wireguard: selftests: initalize ipv6 members to NULL to squelch clang warning commit 4fed818ef54b08d4b29200e416cce65546ad5312 upstream. @@ -61925,10 +61846,10 @@ index bcd6462e45401..007cd4457c5f6 100644 2.18.4 -From 56b4e8a94219a5ddb5c379a315785dfd04c8aaf4 Mon Sep 17 00:00:00 2001 +From 411743d6edf826122de2ee4b9351fd336c4b30e8 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 6 May 2020 15:33:06 -0600 -Subject: [PATCH 100/115] wireguard: send/receive: use explicit unlikely branch +Subject: [PATCH 101/124] wireguard: send/receive: use explicit unlikely branch instead of implicit coalescing commit 243f2148937adc72bcaaa590d482d599c936efde upstream. @@ -62021,10 +61942,10 @@ index dc3079e17c7fc..6687db6998035 100644 2.18.4 -From 88d56a14ac2ba38ae63931921d00a218e5df57ba Mon Sep 17 00:00:00 2001 +From da23a9d541678b0070011db76eeb5719e3c9629e Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 19 May 2020 22:49:27 -0600 -Subject: [PATCH 101/115] wireguard: selftests: use newer iproute2 for gcc-10 +Subject: [PATCH 102/124] wireguard: selftests: use newer iproute2 for gcc-10 commit ee3c1aa3f34b7842c1557cfe5d8c3f7b8c692de8 upstream. @@ -62058,10 +61979,10 @@ index 28d477683e8ab..2dab4f57516dc 100644 2.18.4 -From 6a5a86046d080b05bf9b7f6522451c3862bf8b51 Mon Sep 17 00:00:00 2001 +From 0b4c25a6078fefb236ff7f1bb00f8b0964ef80f8 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 19 May 2020 22:49:28 -0600 -Subject: [PATCH 102/115] wireguard: noise: read preshared key while taking +Subject: [PATCH 103/124] wireguard: noise: read preshared key while taking lock commit bc67d371256f5c47d824e2eec51e46c8d62d022e upstream. @@ -62126,10 +62047,10 @@ index 708dc61c974f7..07eb438a6deee 100644 2.18.4 -From 7b2b427ec4f4a0543122a3b5ae2b8ffcc17651a8 Mon Sep 17 00:00:00 2001 +From 927d2a806c92e276c7fe83b8b0a5dd1e8e89c2a0 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 19 May 2020 22:49:29 -0600 -Subject: [PATCH 103/115] wireguard: queueing: preserve flow hash across packet +Subject: [PATCH 104/124] wireguard: queueing: preserve flow hash across packet scrubbing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -62254,10 +62175,10 @@ index 6687db6998035..2f5119ff93d8f 100644 2.18.4 -From 38d02be9e01adc98e3e86b49fc1a5c0d56a73510 Mon Sep 17 00:00:00 2001 +From 4dba24ab2575031dd5b15dfda08481f59d18d017 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 19 May 2020 22:49:30 -0600 -Subject: [PATCH 104/115] wireguard: noise: separate receive counter from send +Subject: [PATCH 105/124] wireguard: noise: separate receive counter from send counter commit a9e90d9931f3a474f04bab782ccd9d77904941e9 upstream. @@ -62599,10 +62520,10 @@ index 2f5119ff93d8f..f74b9341ab0fe 100644 2.18.4 -From f6351f448c77e1588d85dae86c42f4f87ff40986 Mon Sep 17 00:00:00 2001 +From 9ea9e1d08e6533e936db42f5409dd06a39776532 Mon Sep 17 00:00:00 2001 From: Frank Werner-Krippendorf Date: Tue, 23 Jun 2020 03:59:44 -0600 -Subject: [PATCH 105/115] wireguard: noise: do not assign initiation time in if +Subject: [PATCH 106/124] wireguard: noise: do not assign initiation time in if condition commit 558b353c9c2a717509f291c066c6bd8f5f5e21be upstream. @@ -62638,10 +62559,10 @@ index 626433690abb3..201a22681945f 100644 2.18.4 -From 3e9fd6a6a7152497d8cb3fb7e2af0a6872e3fcab Mon Sep 17 00:00:00 2001 +From 1faa4948b0f226d850f1768a6d60a60d505538f0 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 23 Jun 2020 03:59:45 -0600 -Subject: [PATCH 106/115] wireguard: device: avoid circular netns references +Subject: [PATCH 107/124] wireguard: device: avoid circular netns references commit 900575aa33a3eaaef802b31de187a85c4a4b4bd0 upstream. @@ -62806,7 +62727,7 @@ index 3ac3f8570ca1b..a8f151b1b5fab 100644 unregister_pm_notifier(&pm_notifier); #endif diff --git a/drivers/net/wireguard/device.h b/drivers/net/wireguard/device.h -index c91f3051c5c78..3e01b4c1a60eb 100644 +index b15a8be9d8169..4d0144e169478 100644 --- a/drivers/net/wireguard/device.h +++ b/drivers/net/wireguard/device.h @@ -40,7 +40,7 @@ struct wg_device { @@ -62948,10 +62869,10 @@ index 17a1f53ceba01..d77f4829f1e07 100755 2.18.4 -From c610930f666bf70111be96306a961534e88d96a3 Mon Sep 17 00:00:00 2001 +From 58866518bbb42f948f1da51cc4a0443fe84b2f3b Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 24 Jun 2020 16:06:03 -0600 -Subject: [PATCH 107/115] wireguard: receive: account for napi_gro_receive +Subject: [PATCH 108/124] wireguard: receive: account for napi_gro_receive never returning GRO_DROP commit df08126e3833e9dca19e2407db5f5860a7c194fb upstream. @@ -62996,10 +62917,10 @@ index 91438144e4f7a..9b2ab6fc91cdd 100644 2.18.4 -From e4ce95508d0975af13acb0ebe9ad0cdb64136852 Mon Sep 17 00:00:00 2001 +From c5b1a54d82cc2bede70d730cf992bea39e17df77 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 29 Jun 2020 19:06:18 -0600 -Subject: [PATCH 108/115] net: ip_tunnel: add header_ops for layer 3 devices +Subject: [PATCH 109/124] net: ip_tunnel: add header_ops for layer 3 devices commit 2606aff916854b61234bf85001be9777bab2d5f8 upstream. @@ -63062,10 +62983,10 @@ index 1452a97914a0d..cfe21c3ddfc24 100644 2.18.4 -From 2d9a30f41f6e2cb5d94b654f234eefb65db32b6d Mon Sep 17 00:00:00 2001 +From f0414c8f4df62e90c3b0233255881871e666883a Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 29 Jun 2020 19:06:20 -0600 -Subject: [PATCH 109/115] wireguard: implement header_ops->parse_protocol for +Subject: [PATCH 110/124] wireguard: implement header_ops->parse_protocol for AF_PACKET commit 01a4967c71c004f8ecad4ab57021348636502fa9 upstream. @@ -63105,10 +63026,10 @@ index a8f151b1b5fab..c9f65e96ccb04 100644 2.18.4 -From fb8a80f749b420706a45b3554f852506e38de557 Mon Sep 17 00:00:00 2001 +From 843c46e876e7a60f1c996cf4ca86cc9bea82d5b3 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 29 Jun 2020 19:06:21 -0600 -Subject: [PATCH 110/115] wireguard: queueing: make use of +Subject: [PATCH 111/124] wireguard: queueing: make use of ip_tunnel_parse_protocol commit 1a574074ae7d1d745c16f7710655f38a53174c27 upstream. @@ -63182,10 +63103,10 @@ index 9b2ab6fc91cdd..2c9551ea6dc73 100644 2.18.4 -From dbd344b57d163cd9978e382cede26bdda32b9b4a Mon Sep 17 00:00:00 2001 +From dbd95b2ce81cd5b358ab33c156f6b57f5bb02ba8 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 18 Aug 2020 10:17:31 +0200 -Subject: [PATCH 111/115] netlink: consistently use NLA_POLICY_EXACT_LEN() +Subject: [PATCH 112/124] netlink: consistently use NLA_POLICY_EXACT_LEN() commit 8140860c817f3e9f78bcd1e420b9777ddcbaa629 upstream. @@ -63237,10 +63158,10 @@ index 9756239416fde..2a14f564033a4 100644 2.18.4 -From f9709ed12e3d82b6e842f8419e646bfdd96d399a Mon Sep 17 00:00:00 2001 +From 210db96a332445b6831498b4f43ba1b2b1dd3667 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 18 Aug 2020 10:17:32 +0200 -Subject: [PATCH 112/115] netlink: consistently use NLA_POLICY_MIN_LEN() +Subject: [PATCH 113/124] netlink: consistently use NLA_POLICY_MIN_LEN() commit bc0435855041d7fff0b83dd992fc4be34aa11afb upstream. @@ -63282,10 +63203,10 @@ index 2a14f564033a4..1c69eb8735d53 100644 2.18.4 -From 70d652fcdfed63b718add26c1a9ba2701e284bb1 Mon Sep 17 00:00:00 2001 +From 301c5d69a417d6a8482e771bb2cfb56a7997003b Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 9 Sep 2020 13:58:14 +0200 -Subject: [PATCH 113/115] wireguard: noise: take lock when removing handshake +Subject: [PATCH 114/124] wireguard: noise: take lock when removing handshake entry from table commit 9179ba31367bcf481c3c79b5f028c94faad9f30a upstream. @@ -63415,10 +63336,10 @@ index 201a22681945f..27cb5045bed2d 100644 2.18.4 -From db4ade5b7260adf3619652d8b62fe43a6c73e123 Mon Sep 17 00:00:00 2001 +From 9ffb33ae39c34bca04c8f517a19f4453de856bab Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Wed, 9 Sep 2020 13:58:15 +0200 -Subject: [PATCH 114/115] wireguard: peerlookup: take lock before checking hash +Subject: [PATCH 115/124] wireguard: peerlookup: take lock before checking hash in replace operation commit 6147f7b1e90ff09bd52afc8b9206a7fcd133daf7 upstream. @@ -63483,10 +63404,10 @@ index e4deb331476b3..f2783aa7a88f1 100644 2.18.4 -From 3f0fd35bef6cd99bbc1537e497171e52c73e5d28 Mon Sep 17 00:00:00 2001 +From 184287bfd7d04d414bd2fa9f2247de401c50dca4 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 29 Oct 2020 03:56:05 +0100 -Subject: [PATCH 115/115] wireguard: selftests: check that route_me_harder +Subject: [PATCH 116/124] wireguard: selftests: check that route_me_harder packets use the right sk commit af8afcf1fdd5f365f70e2386c2d8c7a1abd853d7 upstream. @@ -63546,3 +63467,971 @@ index af9323a0b6e09..9864d106e8189 100644 -- 2.18.4 + +From 595e6620ab913513312f8f43b6143ab18f170c79 Mon Sep 17 00:00:00 2001 +From: Antonio Quartulli +Date: Mon, 22 Feb 2021 17:25:43 +0100 +Subject: [PATCH 117/124] wireguard: avoid double unlikely() notation when + using IS_ERR() + +commit 30ac4e2f54ec067b7b9ca0db27e75681581378d6 upstream. + +The definition of IS_ERR() already applies the unlikely() notation +when checking the error status of the passed pointer. For this +reason there is no need to have the same notation outside of +IS_ERR() itself. + +Clean up code by removing redundant notation. + +Signed-off-by: Antonio Quartulli +Signed-off-by: Jason A. Donenfeld +Signed-off-by: Jakub Kicinski +Signed-off-by: Jason A. Donenfeld +--- + drivers/net/wireguard/device.c | 2 +- + drivers/net/wireguard/socket.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/wireguard/device.c b/drivers/net/wireguard/device.c +index c9f65e96ccb04..46ecec72f2143 100644 +--- a/drivers/net/wireguard/device.c ++++ b/drivers/net/wireguard/device.c +@@ -157,7 +157,7 @@ static netdev_tx_t wg_xmit(struct sk_buff *skb, struct net_device *dev) + } else { + struct sk_buff *segs = skb_gso_segment(skb, 0); + +- if (unlikely(IS_ERR(segs))) { ++ if (IS_ERR(segs)) { + ret = PTR_ERR(segs); + goto err_peer; + } +diff --git a/drivers/net/wireguard/socket.c b/drivers/net/wireguard/socket.c +index c33e2c81635fa..e9c35130846c7 100644 +--- a/drivers/net/wireguard/socket.c ++++ b/drivers/net/wireguard/socket.c +@@ -71,7 +71,7 @@ static int send4(struct wg_device *wg, struct sk_buff *skb, + ip_rt_put(rt); + rt = ip_route_output_flow(sock_net(sock), &fl, sock); + } +- if (unlikely(IS_ERR(rt))) { ++ if (IS_ERR(rt)) { + ret = PTR_ERR(rt); + net_dbg_ratelimited("%s: No route to %pISpfsc, error %d\n", + wg->dev->name, &endpoint->addr, ret); +@@ -138,7 +138,7 @@ static int send6(struct wg_device *wg, struct sk_buff *skb, + } + dst = ipv6_stub->ipv6_dst_lookup_flow(sock_net(sock), sock, &fl, + NULL); +- if (unlikely(IS_ERR(dst))) { ++ if (IS_ERR(dst)) { + ret = PTR_ERR(dst); + net_dbg_ratelimited("%s: No route to %pISpfsc, error %d\n", + wg->dev->name, &endpoint->addr, ret); +-- +2.18.4 + + +From 340ac0965ca42f879f6c59ad3d7e14ecdead688e Mon Sep 17 00:00:00 2001 +From: Jann Horn +Date: Mon, 22 Feb 2021 17:25:44 +0100 +Subject: [PATCH 118/124] wireguard: socket: remove bogus __be32 annotation + +commit 7f57bd8dc22de35ddd895294aa554003e4f19a72 upstream. + +The endpoint->src_if4 has nothing to do with fixed-endian numbers; remove +the bogus annotation. + +This was introduced in +https://git.zx2c4.com/wireguard-monolithic-historical/commit?id=14e7d0a499a676ec55176c0de2f9fcbd34074a82 +in the historical WireGuard repo because the old code used to +zero-initialize multiple members as follows: + + endpoint->src4.s_addr = endpoint->src_if4 = fl.saddr = 0; + +Because fl.saddr is fixed-endian and an assignment returns a value with the +type of its left operand, this meant that sparse detected an assignment +between values of different endianness. + +Since then, this assignment was already split up into separate statements; +just the cast survived. + +Signed-off-by: Jann Horn +Signed-off-by: Jason A. Donenfeld +Signed-off-by: Jakub Kicinski +Signed-off-by: Jason A. Donenfeld +--- + drivers/net/wireguard/socket.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/wireguard/socket.c b/drivers/net/wireguard/socket.c +index e9c35130846c7..e8eceeb0b62a8 100644 +--- a/drivers/net/wireguard/socket.c ++++ b/drivers/net/wireguard/socket.c +@@ -53,7 +53,7 @@ static int send4(struct wg_device *wg, struct sk_buff *skb, + if (unlikely(!inet_confirm_addr(sock_net(sock), NULL, 0, + fl.saddr, RT_SCOPE_HOST))) { + endpoint->src4.s_addr = 0; +- *(__force __be32 *)&endpoint->src_if4 = 0; ++ endpoint->src_if4 = 0; + fl.saddr = 0; + if (cache) + dst_cache_reset(cache); +@@ -63,7 +63,7 @@ static int send4(struct wg_device *wg, struct sk_buff *skb, + PTR_ERR(rt) == -EINVAL) || (!IS_ERR(rt) && + rt->dst.dev->ifindex != endpoint->src_if4)))) { + endpoint->src4.s_addr = 0; +- *(__force __be32 *)&endpoint->src_if4 = 0; ++ endpoint->src_if4 = 0; + fl.saddr = 0; + if (cache) + dst_cache_reset(cache); +-- +2.18.4 + + +From 40eb448970b81d5d299331433fc1d27b09abeb95 Mon Sep 17 00:00:00 2001 +From: "Jason A. Donenfeld" +Date: Mon, 22 Feb 2021 17:25:45 +0100 +Subject: [PATCH 119/124] wireguard: selftests: test multiple parallel streams + +commit d5a49aa6c3e264a93a7d08485d66e346be0969dd upstream. + +In order to test ndo_start_xmit being called in parallel, explicitly add +separate tests, which should all run on different cores. This should +help tease out bugs associated with queueing up packets from different +cores in parallel. Currently, it hasn't found those types of bugs, but +given future planned work, this is a useful regression to avoid. + +Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") +Signed-off-by: Jason A. Donenfeld +Signed-off-by: Jakub Kicinski +Signed-off-by: Jason A. Donenfeld +--- + tools/testing/selftests/wireguard/netns.sh | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/tools/testing/selftests/wireguard/netns.sh b/tools/testing/selftests/wireguard/netns.sh +index 74c69b75f6f5a..7ed7cd95e58fe 100755 +--- a/tools/testing/selftests/wireguard/netns.sh ++++ b/tools/testing/selftests/wireguard/netns.sh +@@ -39,7 +39,7 @@ ip0() { pretty 0 "ip $*"; ip -n $netns0 "$@"; } + ip1() { pretty 1 "ip $*"; ip -n $netns1 "$@"; } + ip2() { pretty 2 "ip $*"; ip -n $netns2 "$@"; } + sleep() { read -t "$1" -N 1 || true; } +-waitiperf() { pretty "${1//*-}" "wait for iperf:5201 pid $2"; while [[ $(ss -N "$1" -tlpH 'sport = 5201') != *\"iperf3\",pid=$2,fd=* ]]; do sleep 0.1; done; } ++waitiperf() { pretty "${1//*-}" "wait for iperf:${3:-5201} pid $2"; while [[ $(ss -N "$1" -tlpH "sport = ${3:-5201}") != *\"iperf3\",pid=$2,fd=* ]]; do sleep 0.1; done; } + waitncatudp() { pretty "${1//*-}" "wait for udp:1111 pid $2"; while [[ $(ss -N "$1" -ulpH 'sport = 1111') != *\"ncat\",pid=$2,fd=* ]]; do sleep 0.1; done; } + waitiface() { pretty "${1//*-}" "wait for $2 to come up"; ip netns exec "$1" bash -c "while [[ \$(< \"/sys/class/net/$2/operstate\") != up ]]; do read -t .1 -N 0 || true; done;"; } + +@@ -141,6 +141,19 @@ tests() { + n2 iperf3 -s -1 -B fd00::2 & + waitiperf $netns2 $! + n1 iperf3 -Z -t 3 -b 0 -u -c fd00::2 ++ ++ # TCP over IPv4, in parallel ++ for max in 4 5 50; do ++ local pids=( ) ++ for ((i=0; i < max; ++i)) do ++ n2 iperf3 -p $(( 5200 + i )) -s -1 -B 192.168.241.2 & ++ pids+=( $! ); waitiperf $netns2 $! $(( 5200 + i )) ++ done ++ for ((i=0; i < max; ++i)) do ++ n1 iperf3 -Z -t 3 -p $(( 5200 + i )) -c 192.168.241.2 & ++ done ++ wait "${pids[@]}" ++ done + } + + [[ $(ip1 link show dev wg0) =~ mtu\ ([0-9]+) ]] && orig_mtu="${BASH_REMATCH[1]}" +-- +2.18.4 + + +From 1a39a55b7fd51fbedc82104881ae27c45b71721d Mon Sep 17 00:00:00 2001 +From: "Jason A. Donenfeld" +Date: Mon, 22 Feb 2021 17:25:46 +0100 +Subject: [PATCH 120/124] wireguard: peer: put frequently used members above + cache lines + +commit 5a0598695634a6bb4126818902dd9140cd9df8b6 upstream. + +The is_dead boolean is checked for every single packet, while the +internal_id member is used basically only for pr_debug messages. So it +makes sense to hoist up is_dead into some space formerly unused by a +struct hole, while demoting internal_api to below the lowest struct +cache line. + +Signed-off-by: Jason A. Donenfeld +Signed-off-by: Jakub Kicinski +Signed-off-by: Jason A. Donenfeld +--- + drivers/net/wireguard/peer.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/wireguard/peer.h b/drivers/net/wireguard/peer.h +index 23af409229972..aaff8de6e34b8 100644 +--- a/drivers/net/wireguard/peer.h ++++ b/drivers/net/wireguard/peer.h +@@ -39,6 +39,7 @@ struct wg_peer { + struct crypt_queue tx_queue, rx_queue; + struct sk_buff_head staged_packet_queue; + int serial_work_cpu; ++ bool is_dead; + struct noise_keypairs keypairs; + struct endpoint endpoint; + struct dst_cache endpoint_cache; +@@ -61,9 +62,8 @@ struct wg_peer { + struct rcu_head rcu; + struct list_head peer_list; + struct list_head allowedips_list; +- u64 internal_id; + struct napi_struct napi; +- bool is_dead; ++ u64 internal_id; + }; + + struct wg_peer *wg_peer_create(struct wg_device *wg, +-- +2.18.4 + + +From a4c1e2162a7dfdf4d44768a34d8c76ad0bf957dd Mon Sep 17 00:00:00 2001 +From: "Jason A. Donenfeld" +Date: Mon, 22 Feb 2021 17:25:47 +0100 +Subject: [PATCH 121/124] wireguard: device: do not generate ICMP for non-IP + packets + +commit 99fff5264e7ab06f45b0ad60243475be0a8d0559 upstream. + +If skb->protocol doesn't match the actual skb->data header, it's +probably not a good idea to pass it off to icmp{,v6}_ndo_send, which is +expecting to reply to a valid IP packet. So this commit has that early +mismatch case jump to a later error label. + +Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") +Signed-off-by: Jason A. Donenfeld +Signed-off-by: Jakub Kicinski +Signed-off-by: Jason A. Donenfeld +--- + drivers/net/wireguard/device.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/wireguard/device.c b/drivers/net/wireguard/device.c +index 46ecec72f2143..5aeef63c4393d 100644 +--- a/drivers/net/wireguard/device.c ++++ b/drivers/net/wireguard/device.c +@@ -138,7 +138,7 @@ static netdev_tx_t wg_xmit(struct sk_buff *skb, struct net_device *dev) + else if (skb->protocol == htons(ETH_P_IPV6)) + net_dbg_ratelimited("%s: No peer has allowed IPs matching %pI6\n", + dev->name, &ipv6_hdr(skb)->daddr); +- goto err; ++ goto err_icmp; + } + + family = READ_ONCE(peer->endpoint.addr.sa_family); +@@ -201,12 +201,13 @@ static netdev_tx_t wg_xmit(struct sk_buff *skb, struct net_device *dev) + + err_peer: + wg_peer_put(peer); +-err: +- ++dev->stats.tx_errors; ++err_icmp: + if (skb->protocol == htons(ETH_P_IP)) + icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0); + else if (skb->protocol == htons(ETH_P_IPV6)) + icmpv6_ndo_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 0); ++err: ++ ++dev->stats.tx_errors; + kfree_skb(skb); + return ret; + } +-- +2.18.4 + + +From 6f1d61b5efc7701727d9a325317bcc345e14a8cd Mon Sep 17 00:00:00 2001 +From: "Jason A. Donenfeld" +Date: Mon, 22 Feb 2021 17:25:48 +0100 +Subject: [PATCH 122/124] wireguard: queueing: get rid of per-peer ring buffers +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +commit 8b5553ace83cced775eefd0f3f18b5c6214ccf7a upstream. + +Having two ring buffers per-peer means that every peer results in two +massive ring allocations. On an 8-core x86_64 machine, this commit +reduces the per-peer allocation from 18,688 bytes to 1,856 bytes, which +is an 90% reduction. Ninety percent! With some single-machine +deployments approaching 500,000 peers, we're talking about a reduction +from 7 gigs of memory down to 700 megs of memory. + +In order to get rid of these per-peer allocations, this commit switches +to using a list-based queueing approach. Currently GSO fragments are +chained together using the skb->next pointer (the skb_list_* singly +linked list approach), so we form the per-peer queue around the unused +skb->prev pointer (which sort of makes sense because the links are +pointing backwards). Use of skb_queue_* is not possible here, because +that is based on doubly linked lists and spinlocks. Multiple cores can +write into the queue at any given time, because its writes occur in the +start_xmit path or in the udp_recv path. But reads happen in a single +workqueue item per-peer, amounting to a multi-producer, single-consumer +paradigm. + +The MPSC queue is implemented locklessly and never blocks. However, it +is not linearizable (though it is serializable), with a very tight and +unlikely race on writes, which, when hit (some tiny fraction of the +0.15% of partial adds on a fully loaded 16-core x86_64 system), causes +the queue reader to terminate early. However, because every packet sent +queues up the same workqueue item after it is fully added, the worker +resumes again, and stopping early isn't actually a problem, since at +that point the packet wouldn't have yet been added to the encryption +queue. These properties allow us to avoid disabling interrupts or +spinning. The design is based on Dmitry Vyukov's algorithm [1]. + +Performance-wise, ordinarily list-based queues aren't preferable to +ringbuffers, because of cache misses when following pointers around. +However, we *already* have to follow the adjacent pointers when working +through fragments, so there shouldn't actually be any change there. A +potential downside is that dequeueing is a bit more complicated, but the +ptr_ring structure used prior had a spinlock when dequeueing, so all and +all the difference appears to be a wash. + +Actually, from profiling, the biggest performance hit, by far, of this +commit winds up being atomic_add_unless(count, 1, max) and atomic_ +dec(count), which account for the majority of CPU time, according to +perf. In that sense, the previous ring buffer was superior in that it +could check if it was full by head==tail, which the list-based approach +cannot do. + +But all and all, this enables us to get massive memory savings, allowing +WireGuard to scale for real world deployments, without taking much of a +performance hit. + +[1] http://www.1024cores.net/home/lock-free-algorithms/queues/intrusive-mpsc-node-based-queue + +Reviewed-by: Dmitry Vyukov +Reviewed-by: Toke Høiland-Jørgensen +Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") +Signed-off-by: Jason A. Donenfeld +Signed-off-by: Jakub Kicinski +Signed-off-by: Jason A. Donenfeld +--- + drivers/net/wireguard/device.c | 12 ++--- + drivers/net/wireguard/device.h | 15 +++--- + drivers/net/wireguard/peer.c | 28 ++++------- + drivers/net/wireguard/peer.h | 4 +- + drivers/net/wireguard/queueing.c | 86 +++++++++++++++++++++++++------- + drivers/net/wireguard/queueing.h | 45 ++++++++++++----- + drivers/net/wireguard/receive.c | 16 +++--- + drivers/net/wireguard/send.c | 31 ++++-------- + 8 files changed, 144 insertions(+), 93 deletions(-) + +diff --git a/drivers/net/wireguard/device.c b/drivers/net/wireguard/device.c +index 5aeef63c4393d..8c7d97f96d567 100644 +--- a/drivers/net/wireguard/device.c ++++ b/drivers/net/wireguard/device.c +@@ -235,8 +235,8 @@ static void wg_destruct(struct net_device *dev) + destroy_workqueue(wg->handshake_receive_wq); + destroy_workqueue(wg->handshake_send_wq); + destroy_workqueue(wg->packet_crypt_wq); +- wg_packet_queue_free(&wg->decrypt_queue, true); +- wg_packet_queue_free(&wg->encrypt_queue, true); ++ wg_packet_queue_free(&wg->decrypt_queue); ++ wg_packet_queue_free(&wg->encrypt_queue); + rcu_barrier(); /* Wait for all the peers to be actually freed. */ + wg_ratelimiter_uninit(); + memzero_explicit(&wg->static_identity, sizeof(wg->static_identity)); +@@ -338,12 +338,12 @@ static int wg_newlink(struct net *src_net, struct net_device *dev, + goto err_destroy_handshake_send; + + ret = wg_packet_queue_init(&wg->encrypt_queue, wg_packet_encrypt_worker, +- true, MAX_QUEUED_PACKETS); ++ MAX_QUEUED_PACKETS); + if (ret < 0) + goto err_destroy_packet_crypt; + + ret = wg_packet_queue_init(&wg->decrypt_queue, wg_packet_decrypt_worker, +- true, MAX_QUEUED_PACKETS); ++ MAX_QUEUED_PACKETS); + if (ret < 0) + goto err_free_encrypt_queue; + +@@ -368,9 +368,9 @@ static int wg_newlink(struct net *src_net, struct net_device *dev, + err_uninit_ratelimiter: + wg_ratelimiter_uninit(); + err_free_decrypt_queue: +- wg_packet_queue_free(&wg->decrypt_queue, true); ++ wg_packet_queue_free(&wg->decrypt_queue); + err_free_encrypt_queue: +- wg_packet_queue_free(&wg->encrypt_queue, true); ++ wg_packet_queue_free(&wg->encrypt_queue); + err_destroy_packet_crypt: + destroy_workqueue(wg->packet_crypt_wq); + err_destroy_handshake_send: +diff --git a/drivers/net/wireguard/device.h b/drivers/net/wireguard/device.h +index 4d0144e169478..854bc3d97150e 100644 +--- a/drivers/net/wireguard/device.h ++++ b/drivers/net/wireguard/device.h +@@ -27,13 +27,14 @@ struct multicore_worker { + + struct crypt_queue { + struct ptr_ring ring; +- union { +- struct { +- struct multicore_worker __percpu *worker; +- int last_cpu; +- }; +- struct work_struct work; +- }; ++ struct multicore_worker __percpu *worker; ++ int last_cpu; ++}; ++ ++struct prev_queue { ++ struct sk_buff *head, *tail, *peeked; ++ struct { struct sk_buff *next, *prev; } empty; // Match first 2 members of struct sk_buff. ++ atomic_t count; + }; + + struct wg_device { +diff --git a/drivers/net/wireguard/peer.c b/drivers/net/wireguard/peer.c +index 1d634bd3038f0..91310cb053403 100644 +--- a/drivers/net/wireguard/peer.c ++++ b/drivers/net/wireguard/peer.c +@@ -32,27 +32,22 @@ struct wg_peer *wg_peer_create(struct wg_device *wg, + peer = kzalloc(sizeof(*peer), GFP_KERNEL); + if (unlikely(!peer)) + return ERR_PTR(ret); +- peer->device = wg; ++ if (dst_cache_init(&peer->endpoint_cache, GFP_KERNEL)) ++ goto err; + ++ peer->device = wg; + wg_noise_handshake_init(&peer->handshake, &wg->static_identity, + public_key, preshared_key, peer); +- if (dst_cache_init(&peer->endpoint_cache, GFP_KERNEL)) +- goto err_1; +- if (wg_packet_queue_init(&peer->tx_queue, wg_packet_tx_worker, false, +- MAX_QUEUED_PACKETS)) +- goto err_2; +- if (wg_packet_queue_init(&peer->rx_queue, NULL, false, +- MAX_QUEUED_PACKETS)) +- goto err_3; +- + peer->internal_id = atomic64_inc_return(&peer_counter); + peer->serial_work_cpu = nr_cpumask_bits; + wg_cookie_init(&peer->latest_cookie); + wg_timers_init(peer); + wg_cookie_checker_precompute_peer_keys(peer); + spin_lock_init(&peer->keypairs.keypair_update_lock); +- INIT_WORK(&peer->transmit_handshake_work, +- wg_packet_handshake_send_worker); ++ INIT_WORK(&peer->transmit_handshake_work, wg_packet_handshake_send_worker); ++ INIT_WORK(&peer->transmit_packet_work, wg_packet_tx_worker); ++ wg_prev_queue_init(&peer->tx_queue); ++ wg_prev_queue_init(&peer->rx_queue); + rwlock_init(&peer->endpoint_lock); + kref_init(&peer->refcount); + skb_queue_head_init(&peer->staged_packet_queue); +@@ -68,11 +63,7 @@ struct wg_peer *wg_peer_create(struct wg_device *wg, + pr_debug("%s: Peer %llu created\n", wg->dev->name, peer->internal_id); + return peer; + +-err_3: +- wg_packet_queue_free(&peer->tx_queue, false); +-err_2: +- dst_cache_destroy(&peer->endpoint_cache); +-err_1: ++err: + kfree(peer); + return ERR_PTR(ret); + } +@@ -197,8 +188,7 @@ static void rcu_release(struct rcu_head *rcu) + struct wg_peer *peer = container_of(rcu, struct wg_peer, rcu); + + dst_cache_destroy(&peer->endpoint_cache); +- wg_packet_queue_free(&peer->rx_queue, false); +- wg_packet_queue_free(&peer->tx_queue, false); ++ WARN_ON(wg_prev_queue_peek(&peer->tx_queue) || wg_prev_queue_peek(&peer->rx_queue)); + + /* The final zeroing takes care of clearing any remaining handshake key + * material and other potentially sensitive information. +diff --git a/drivers/net/wireguard/peer.h b/drivers/net/wireguard/peer.h +index aaff8de6e34b8..8d53b687a1d16 100644 +--- a/drivers/net/wireguard/peer.h ++++ b/drivers/net/wireguard/peer.h +@@ -36,7 +36,7 @@ struct endpoint { + + struct wg_peer { + struct wg_device *device; +- struct crypt_queue tx_queue, rx_queue; ++ struct prev_queue tx_queue, rx_queue; + struct sk_buff_head staged_packet_queue; + int serial_work_cpu; + bool is_dead; +@@ -46,7 +46,7 @@ struct wg_peer { + rwlock_t endpoint_lock; + struct noise_handshake handshake; + atomic64_t last_sent_handshake; +- struct work_struct transmit_handshake_work, clear_peer_work; ++ struct work_struct transmit_handshake_work, clear_peer_work, transmit_packet_work; + struct cookie latest_cookie; + struct hlist_node pubkey_hash; + u64 rx_bytes, tx_bytes; +diff --git a/drivers/net/wireguard/queueing.c b/drivers/net/wireguard/queueing.c +index 71b8e80b58e12..48e7b982a3073 100644 +--- a/drivers/net/wireguard/queueing.c ++++ b/drivers/net/wireguard/queueing.c +@@ -9,8 +9,7 @@ struct multicore_worker __percpu * + wg_packet_percpu_multicore_worker_alloc(work_func_t function, void *ptr) + { + int cpu; +- struct multicore_worker __percpu *worker = +- alloc_percpu(struct multicore_worker); ++ struct multicore_worker __percpu *worker = alloc_percpu(struct multicore_worker); + + if (!worker) + return NULL; +@@ -23,7 +22,7 @@ wg_packet_percpu_multicore_worker_alloc(work_func_t function, void *ptr) + } + + int wg_packet_queue_init(struct crypt_queue *queue, work_func_t function, +- bool multicore, unsigned int len) ++ unsigned int len) + { + int ret; + +@@ -31,25 +30,78 @@ int wg_packet_queue_init(struct crypt_queue *queue, work_func_t function, + ret = ptr_ring_init(&queue->ring, len, GFP_KERNEL); + if (ret) + return ret; +- if (function) { +- if (multicore) { +- queue->worker = wg_packet_percpu_multicore_worker_alloc( +- function, queue); +- if (!queue->worker) { +- ptr_ring_cleanup(&queue->ring, NULL); +- return -ENOMEM; +- } +- } else { +- INIT_WORK(&queue->work, function); +- } ++ queue->worker = wg_packet_percpu_multicore_worker_alloc(function, queue); ++ if (!queue->worker) { ++ ptr_ring_cleanup(&queue->ring, NULL); ++ return -ENOMEM; + } + return 0; + } + +-void wg_packet_queue_free(struct crypt_queue *queue, bool multicore) ++void wg_packet_queue_free(struct crypt_queue *queue) + { +- if (multicore) +- free_percpu(queue->worker); ++ free_percpu(queue->worker); + WARN_ON(!__ptr_ring_empty(&queue->ring)); + ptr_ring_cleanup(&queue->ring, NULL); + } ++ ++#define NEXT(skb) ((skb)->prev) ++#define STUB(queue) ((struct sk_buff *)&queue->empty) ++ ++void wg_prev_queue_init(struct prev_queue *queue) ++{ ++ NEXT(STUB(queue)) = NULL; ++ queue->head = queue->tail = STUB(queue); ++ queue->peeked = NULL; ++ atomic_set(&queue->count, 0); ++ BUILD_BUG_ON( ++ offsetof(struct sk_buff, next) != offsetof(struct prev_queue, empty.next) - ++ offsetof(struct prev_queue, empty) || ++ offsetof(struct sk_buff, prev) != offsetof(struct prev_queue, empty.prev) - ++ offsetof(struct prev_queue, empty)); ++} ++ ++static void __wg_prev_queue_enqueue(struct prev_queue *queue, struct sk_buff *skb) ++{ ++ WRITE_ONCE(NEXT(skb), NULL); ++ WRITE_ONCE(NEXT(xchg_release(&queue->head, skb)), skb); ++} ++ ++bool wg_prev_queue_enqueue(struct prev_queue *queue, struct sk_buff *skb) ++{ ++ if (!atomic_add_unless(&queue->count, 1, MAX_QUEUED_PACKETS)) ++ return false; ++ __wg_prev_queue_enqueue(queue, skb); ++ return true; ++} ++ ++struct sk_buff *wg_prev_queue_dequeue(struct prev_queue *queue) ++{ ++ struct sk_buff *tail = queue->tail, *next = smp_load_acquire(&NEXT(tail)); ++ ++ if (tail == STUB(queue)) { ++ if (!next) ++ return NULL; ++ queue->tail = next; ++ tail = next; ++ next = smp_load_acquire(&NEXT(next)); ++ } ++ if (next) { ++ queue->tail = next; ++ atomic_dec(&queue->count); ++ return tail; ++ } ++ if (tail != READ_ONCE(queue->head)) ++ return NULL; ++ __wg_prev_queue_enqueue(queue, STUB(queue)); ++ next = smp_load_acquire(&NEXT(tail)); ++ if (next) { ++ queue->tail = next; ++ atomic_dec(&queue->count); ++ return tail; ++ } ++ return NULL; ++} ++ ++#undef NEXT ++#undef STUB +diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h +index dfb674e030764..4ef2944a68bc9 100644 +--- a/drivers/net/wireguard/queueing.h ++++ b/drivers/net/wireguard/queueing.h +@@ -17,12 +17,13 @@ struct wg_device; + struct wg_peer; + struct multicore_worker; + struct crypt_queue; ++struct prev_queue; + struct sk_buff; + + /* queueing.c APIs: */ + int wg_packet_queue_init(struct crypt_queue *queue, work_func_t function, +- bool multicore, unsigned int len); +-void wg_packet_queue_free(struct crypt_queue *queue, bool multicore); ++ unsigned int len); ++void wg_packet_queue_free(struct crypt_queue *queue); + struct multicore_worker __percpu * + wg_packet_percpu_multicore_worker_alloc(work_func_t function, void *ptr); + +@@ -135,8 +136,31 @@ static inline int wg_cpumask_next_online(int *next) + return cpu; + } + ++void wg_prev_queue_init(struct prev_queue *queue); ++ ++/* Multi producer */ ++bool wg_prev_queue_enqueue(struct prev_queue *queue, struct sk_buff *skb); ++ ++/* Single consumer */ ++struct sk_buff *wg_prev_queue_dequeue(struct prev_queue *queue); ++ ++/* Single consumer */ ++static inline struct sk_buff *wg_prev_queue_peek(struct prev_queue *queue) ++{ ++ if (queue->peeked) ++ return queue->peeked; ++ queue->peeked = wg_prev_queue_dequeue(queue); ++ return queue->peeked; ++} ++ ++/* Single consumer */ ++static inline void wg_prev_queue_drop_peeked(struct prev_queue *queue) ++{ ++ queue->peeked = NULL; ++} ++ + static inline int wg_queue_enqueue_per_device_and_peer( +- struct crypt_queue *device_queue, struct crypt_queue *peer_queue, ++ struct crypt_queue *device_queue, struct prev_queue *peer_queue, + struct sk_buff *skb, struct workqueue_struct *wq, int *next_cpu) + { + int cpu; +@@ -145,8 +169,9 @@ static inline int wg_queue_enqueue_per_device_and_peer( + /* We first queue this up for the peer ingestion, but the consumer + * will wait for the state to change to CRYPTED or DEAD before. + */ +- if (unlikely(ptr_ring_produce_bh(&peer_queue->ring, skb))) ++ if (unlikely(!wg_prev_queue_enqueue(peer_queue, skb))) + return -ENOSPC; ++ + /* Then we queue it up in the device queue, which consumes the + * packet as soon as it can. + */ +@@ -157,9 +182,7 @@ static inline int wg_queue_enqueue_per_device_and_peer( + return 0; + } + +-static inline void wg_queue_enqueue_per_peer(struct crypt_queue *queue, +- struct sk_buff *skb, +- enum packet_state state) ++static inline void wg_queue_enqueue_per_peer_tx(struct sk_buff *skb, enum packet_state state) + { + /* We take a reference, because as soon as we call atomic_set, the + * peer can be freed from below us. +@@ -167,14 +190,12 @@ static inline void wg_queue_enqueue_per_peer(struct crypt_queue *queue, + struct wg_peer *peer = wg_peer_get(PACKET_PEER(skb)); + + atomic_set_release(&PACKET_CB(skb)->state, state); +- queue_work_on(wg_cpumask_choose_online(&peer->serial_work_cpu, +- peer->internal_id), +- peer->device->packet_crypt_wq, &queue->work); ++ queue_work_on(wg_cpumask_choose_online(&peer->serial_work_cpu, peer->internal_id), ++ peer->device->packet_crypt_wq, &peer->transmit_packet_work); + wg_peer_put(peer); + } + +-static inline void wg_queue_enqueue_per_peer_napi(struct sk_buff *skb, +- enum packet_state state) ++static inline void wg_queue_enqueue_per_peer_rx(struct sk_buff *skb, enum packet_state state) + { + /* We take a reference, because as soon as we call atomic_set, the + * peer can be freed from below us. +diff --git a/drivers/net/wireguard/receive.c b/drivers/net/wireguard/receive.c +index 2c9551ea6dc73..7dc84bcca2613 100644 +--- a/drivers/net/wireguard/receive.c ++++ b/drivers/net/wireguard/receive.c +@@ -444,7 +444,6 @@ static void wg_packet_consume_data_done(struct wg_peer *peer, + int wg_packet_rx_poll(struct napi_struct *napi, int budget) + { + struct wg_peer *peer = container_of(napi, struct wg_peer, napi); +- struct crypt_queue *queue = &peer->rx_queue; + struct noise_keypair *keypair; + struct endpoint endpoint; + enum packet_state state; +@@ -455,11 +454,10 @@ int wg_packet_rx_poll(struct napi_struct *napi, int budget) + if (unlikely(budget <= 0)) + return 0; + +- while ((skb = __ptr_ring_peek(&queue->ring)) != NULL && ++ while ((skb = wg_prev_queue_peek(&peer->rx_queue)) != NULL && + (state = atomic_read_acquire(&PACKET_CB(skb)->state)) != + PACKET_STATE_UNCRYPTED) { +- __ptr_ring_discard_one(&queue->ring); +- peer = PACKET_PEER(skb); ++ wg_prev_queue_drop_peeked(&peer->rx_queue); + keypair = PACKET_CB(skb)->keypair; + free = true; + +@@ -508,7 +506,7 @@ void wg_packet_decrypt_worker(struct work_struct *work) + enum packet_state state = + likely(decrypt_packet(skb, PACKET_CB(skb)->keypair)) ? + PACKET_STATE_CRYPTED : PACKET_STATE_DEAD; +- wg_queue_enqueue_per_peer_napi(skb, state); ++ wg_queue_enqueue_per_peer_rx(skb, state); + if (need_resched()) + cond_resched(); + } +@@ -531,12 +529,10 @@ static void wg_packet_consume_data(struct wg_device *wg, struct sk_buff *skb) + if (unlikely(READ_ONCE(peer->is_dead))) + goto err; + +- ret = wg_queue_enqueue_per_device_and_peer(&wg->decrypt_queue, +- &peer->rx_queue, skb, +- wg->packet_crypt_wq, +- &wg->decrypt_queue.last_cpu); ++ ret = wg_queue_enqueue_per_device_and_peer(&wg->decrypt_queue, &peer->rx_queue, skb, ++ wg->packet_crypt_wq, &wg->decrypt_queue.last_cpu); + if (unlikely(ret == -EPIPE)) +- wg_queue_enqueue_per_peer_napi(skb, PACKET_STATE_DEAD); ++ wg_queue_enqueue_per_peer_rx(skb, PACKET_STATE_DEAD); + if (likely(!ret || ret == -EPIPE)) { + rcu_read_unlock_bh(); + return; +diff --git a/drivers/net/wireguard/send.c b/drivers/net/wireguard/send.c +index f74b9341ab0fe..5368f7c35b4bf 100644 +--- a/drivers/net/wireguard/send.c ++++ b/drivers/net/wireguard/send.c +@@ -239,8 +239,7 @@ void wg_packet_send_keepalive(struct wg_peer *peer) + wg_packet_send_staged_packets(peer); + } + +-static void wg_packet_create_data_done(struct sk_buff *first, +- struct wg_peer *peer) ++static void wg_packet_create_data_done(struct wg_peer *peer, struct sk_buff *first) + { + struct sk_buff *skb, *next; + bool is_keepalive, data_sent = false; +@@ -262,22 +261,19 @@ static void wg_packet_create_data_done(struct sk_buff *first, + + void wg_packet_tx_worker(struct work_struct *work) + { +- struct crypt_queue *queue = container_of(work, struct crypt_queue, +- work); ++ struct wg_peer *peer = container_of(work, struct wg_peer, transmit_packet_work); + struct noise_keypair *keypair; + enum packet_state state; + struct sk_buff *first; +- struct wg_peer *peer; + +- while ((first = __ptr_ring_peek(&queue->ring)) != NULL && ++ while ((first = wg_prev_queue_peek(&peer->tx_queue)) != NULL && + (state = atomic_read_acquire(&PACKET_CB(first)->state)) != + PACKET_STATE_UNCRYPTED) { +- __ptr_ring_discard_one(&queue->ring); +- peer = PACKET_PEER(first); ++ wg_prev_queue_drop_peeked(&peer->tx_queue); + keypair = PACKET_CB(first)->keypair; + + if (likely(state == PACKET_STATE_CRYPTED)) +- wg_packet_create_data_done(first, peer); ++ wg_packet_create_data_done(peer, first); + else + kfree_skb_list(first); + +@@ -306,16 +302,14 @@ void wg_packet_encrypt_worker(struct work_struct *work) + break; + } + } +- wg_queue_enqueue_per_peer(&PACKET_PEER(first)->tx_queue, first, +- state); ++ wg_queue_enqueue_per_peer_tx(first, state); + if (need_resched()) + cond_resched(); + } + } + +-static void wg_packet_create_data(struct sk_buff *first) ++static void wg_packet_create_data(struct wg_peer *peer, struct sk_buff *first) + { +- struct wg_peer *peer = PACKET_PEER(first); + struct wg_device *wg = peer->device; + int ret = -EINVAL; + +@@ -323,13 +317,10 @@ static void wg_packet_create_data(struct sk_buff *first) + if (unlikely(READ_ONCE(peer->is_dead))) + goto err; + +- ret = wg_queue_enqueue_per_device_and_peer(&wg->encrypt_queue, +- &peer->tx_queue, first, +- wg->packet_crypt_wq, +- &wg->encrypt_queue.last_cpu); ++ ret = wg_queue_enqueue_per_device_and_peer(&wg->encrypt_queue, &peer->tx_queue, first, ++ wg->packet_crypt_wq, &wg->encrypt_queue.last_cpu); + if (unlikely(ret == -EPIPE)) +- wg_queue_enqueue_per_peer(&peer->tx_queue, first, +- PACKET_STATE_DEAD); ++ wg_queue_enqueue_per_peer_tx(first, PACKET_STATE_DEAD); + err: + rcu_read_unlock_bh(); + if (likely(!ret || ret == -EPIPE)) +@@ -393,7 +384,7 @@ void wg_packet_send_staged_packets(struct wg_peer *peer) + packets.prev->next = NULL; + wg_peer_get(keypair->entry.peer); + PACKET_CB(packets.next)->keypair = keypair; +- wg_packet_create_data(packets.next); ++ wg_packet_create_data(peer, packets.next); + return; + + out_invalid: +-- +2.18.4 + + +From 2a5a32fa1712f51413963214ac8bf0426ce32b4c Mon Sep 17 00:00:00 2001 +From: "Jason A. Donenfeld" +Date: Mon, 22 Feb 2021 17:25:49 +0100 +Subject: [PATCH 123/124] wireguard: kconfig: use arm chacha even with no neon + +commit bce2473927af8de12ad131a743f55d69d358c0b9 upstream. + +The condition here was incorrect: a non-neon fallback implementation is +available on arm32 when NEON is not supported. + +Reported-by: Ilya Lipnitskiy +Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") +Signed-off-by: Jason A. Donenfeld +Signed-off-by: Jakub Kicinski +Signed-off-by: Jason A. Donenfeld +--- + drivers/net/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig +index 57f1ba924f4ec..4e09901dac5c9 100644 +--- a/drivers/net/Kconfig ++++ b/drivers/net/Kconfig +@@ -87,7 +87,7 @@ config WIREGUARD + select CRYPTO_CURVE25519_X86 if X86 && 64BIT + select ARM_CRYPTO if ARM + select ARM64_CRYPTO if ARM64 +- select CRYPTO_CHACHA20_NEON if (ARM || ARM64) && KERNEL_MODE_NEON ++ select CRYPTO_CHACHA20_NEON if ARM || (ARM64 && KERNEL_MODE_NEON) + select CRYPTO_POLY1305_NEON if ARM64 && KERNEL_MODE_NEON + select CRYPTO_POLY1305_ARM if ARM + select CRYPTO_CURVE25519_NEON if ARM && KERNEL_MODE_NEON +-- +2.18.4 + + +From e2c63b986d747340fae6072915d5bc59a0111931 Mon Sep 17 00:00:00 2001 +From: "Maciej W. Rozycki" +Date: Thu, 11 Mar 2021 21:50:47 -0700 +Subject: [PATCH 124/124] crypto: mips/poly1305 - enable for all MIPS + processors + +commit 6c810cf20feef0d4338e9b424ab7f2644a8b353e upstream. + +The MIPS Poly1305 implementation is generic MIPS code written such as to +support down to the original MIPS I and MIPS III ISA for the 32-bit and +64-bit variant respectively. Lift the current limitation then to enable +code for MIPSr1 ISA or newer processors only and have it available for +all MIPS processors. + +Signed-off-by: Maciej W. Rozycki +Fixes: a11d055e7a64 ("crypto: mips/poly1305 - incorporate OpenSSL/CRYPTOGAMS optimized implementation") +Cc: stable@vger.kernel.org # v5.5+ +Acked-by: Jason A. Donenfeld +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Jason A. Donenfeld +--- + arch/mips/crypto/Makefile | 4 ++-- + crypto/Kconfig | 2 +- + drivers/net/Kconfig | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/arch/mips/crypto/Makefile b/arch/mips/crypto/Makefile +index 8e1deaf00e0c0..5e4105cccf9fa 100644 +--- a/arch/mips/crypto/Makefile ++++ b/arch/mips/crypto/Makefile +@@ -12,8 +12,8 @@ AFLAGS_chacha-core.o += -O2 # needed to fill branch delay slots + obj-$(CONFIG_CRYPTO_POLY1305_MIPS) += poly1305-mips.o + poly1305-mips-y := poly1305-core.o poly1305-glue.o + +-perlasm-flavour-$(CONFIG_CPU_MIPS32) := o32 +-perlasm-flavour-$(CONFIG_CPU_MIPS64) := 64 ++perlasm-flavour-$(CONFIG_32BIT) := o32 ++perlasm-flavour-$(CONFIG_64BIT) := 64 + + quiet_cmd_perlasm = PERLASM $@ + cmd_perlasm = $(PERL) $(<) $(perlasm-flavour-y) $(@) +diff --git a/crypto/Kconfig b/crypto/Kconfig +index fd5a8724ed385..dff09d1ccf84a 100644 +--- a/crypto/Kconfig ++++ b/crypto/Kconfig +@@ -740,7 +740,7 @@ config CRYPTO_POLY1305_X86_64 + + config CRYPTO_POLY1305_MIPS + tristate "Poly1305 authenticator algorithm (MIPS optimized)" +- depends on CPU_MIPS32 || (CPU_MIPS64 && 64BIT) ++ depends on MIPS + select CRYPTO_ARCH_HAVE_LIB_POLY1305 + + config CRYPTO_MD4 +diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig +index 4e09901dac5c9..575b6c28a391e 100644 +--- a/drivers/net/Kconfig ++++ b/drivers/net/Kconfig +@@ -92,7 +92,7 @@ config WIREGUARD + select CRYPTO_POLY1305_ARM if ARM + select CRYPTO_CURVE25519_NEON if ARM && KERNEL_MODE_NEON + select CRYPTO_CHACHA_MIPS if CPU_MIPS32_R2 +- select CRYPTO_POLY1305_MIPS if CPU_MIPS32 || (CPU_MIPS64 && 64BIT) ++ select CRYPTO_POLY1305_MIPS if MIPS + help + WireGuard is a secure, fast, and easy to use replacement for IPSec + that uses modern cryptography and clever networking tricks. It's +-- +2.18.4 + diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index c3f9963..60c4558 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -89,7 +89,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 96 +%define stable_update 105 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -3009,6 +3009,9 @@ fi # # %changelog +* Sat Mar 13 2021 Pablo Greco - 5.4.105-200 +- Update to version v5.4.105 + * Sun Feb 7 2021 Pablo Greco - 5.4.96-200 - Update to version v5.4.96