[kernel] r22370 - in dists/wheezy-backports/linux: . debian debian/config/hppa debian/installer/arm64 debian/installer/arm64/modules debian/installer/arm64/modules/arm64 debian/installer/hppa debian/installer/hppa/modules/hppa debian/patches debian/patches/bugfix/all debian/patches/bugfix/arm64 debian/patches/bugfix/sh4 debian/patches/bugfix/x86
Ben Hutchings
benh at moszumanska.debian.org
Thu Feb 12 04:00:27 UTC 2015
Author: benh
Date: Thu Feb 12 04:00:26 2015
New Revision: 22370
Log:
Merge changes from sid up to 3.16.7-ckt4-3
Added:
dists/wheezy-backports/linux/debian/patches/bugfix/all/Revert-swiotlb-xen-pass-dev_addr-to-swiotlb_tbl_unma.patch
- copied unchanged from r22341, dists/sid/linux/debian/patches/bugfix/all/Revert-swiotlb-xen-pass-dev_addr-to-swiotlb_tbl_unma.patch
dists/wheezy-backports/linux/debian/patches/bugfix/all/crypto-add-missing-crypto-module-aliases.patch
- copied unchanged from r22341, dists/sid/linux/debian/patches/bugfix/all/crypto-add-missing-crypto-module-aliases.patch
dists/wheezy-backports/linux/debian/patches/bugfix/all/crypto-include-crypto-module-prefix-in-template.patch
- copied unchanged from r22341, dists/sid/linux/debian/patches/bugfix/all/crypto-include-crypto-module-prefix-in-template.patch
dists/wheezy-backports/linux/debian/patches/bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch
- copied unchanged from r22341, dists/sid/linux/debian/patches/bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch
dists/wheezy-backports/linux/debian/patches/bugfix/all/net-sctp-fix-slab-corruption-from-use-after-free-on-.patch
- copied unchanged from r22341, dists/sid/linux/debian/patches/bugfix/all/net-sctp-fix-slab-corruption-from-use-after-free-on-.patch
dists/wheezy-backports/linux/debian/patches/bugfix/all/xen-balloon-Don-t-continue-ballooning-when-BP_ECANCE.patch
- copied unchanged from r22341, dists/sid/linux/debian/patches/bugfix/all/xen-balloon-Don-t-continue-ballooning-when-BP_ECANCE.patch
dists/wheezy-backports/linux/debian/patches/bugfix/all/xen-balloon-cancel-ballooning-if-adding-new-memory-f.patch
- copied unchanged from r22341, dists/sid/linux/debian/patches/bugfix/all/xen-balloon-cancel-ballooning-if-adding-new-memory-f.patch
dists/wheezy-backports/linux/debian/patches/bugfix/arm64/clocksource-arch_timer-Only-use-the-virtual-counter-.patch
- copied unchanged from r22341, dists/sid/linux/debian/patches/bugfix/arm64/clocksource-arch_timer-Only-use-the-virtual-counter-.patch
dists/wheezy-backports/linux/debian/patches/bugfix/sh4/scripts-recordmcount.pl-there-is-no-m32-option-on-super-h.patch
- copied unchanged from r22341, dists/sid/linux/debian/patches/bugfix/sh4/scripts-recordmcount.pl-there-is-no-m32-option-on-super-h.patch
dists/wheezy-backports/linux/debian/patches/bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch
- copied unchanged from r22341, dists/sid/linux/debian/patches/bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch
dists/wheezy-backports/linux/debian/patches/bugfix/x86/x86-tls-interpret-an-all-zero-struct-user_desc-as-no.patch
- copied unchanged from r22341, dists/sid/linux/debian/patches/bugfix/x86/x86-tls-interpret-an-all-zero-struct-user_desc-as-no.patch
dists/wheezy-backports/linux/debian/patches/bugfix/x86/x86-tls-ldt-stop-checking-lm-in-ldt_empty.patch
- copied unchanged from r22341, dists/sid/linux/debian/patches/bugfix/x86/x86-tls-ldt-stop-checking-lm-in-ldt_empty.patch
Deleted:
dists/wheezy-backports/linux/debian/installer/arm64/modules/arm64/zlib-modules
Modified:
dists/wheezy-backports/linux/ (props changed)
dists/wheezy-backports/linux/debian/changelog
dists/wheezy-backports/linux/debian/config/hppa/config
dists/wheezy-backports/linux/debian/installer/arm64/modules/ (props changed)
dists/wheezy-backports/linux/debian/installer/arm64/package-list (contents, props changed)
dists/wheezy-backports/linux/debian/installer/hppa/modules/hppa/ata-modules
dists/wheezy-backports/linux/debian/installer/hppa/package-list
dists/wheezy-backports/linux/debian/patches/series
Modified: dists/wheezy-backports/linux/debian/changelog
==============================================================================
--- dists/wheezy-backports/linux/debian/changelog Thu Feb 12 03:46:18 2015 (r22369)
+++ dists/wheezy-backports/linux/debian/changelog Thu Feb 12 04:00:26 2015 (r22370)
@@ -1,4 +1,4 @@
-linux (3.16.7-ckt4-1~bpo70+1) wheezy-backports; urgency=low
+linux (3.16.7-ckt4-3~bpo70+1) wheezy-backports; urgency=low
* Rebuild for wheezy:
- Disable architectures that weren't part of wheezy
@@ -9,7 +9,49 @@
not switch from initramfs-tools to dracut (Closes: #771379)
- [x86] vdso: Use asm volatile in __getcpu (workaround for gcc bug)
- -- Ben Hutchings <ben at decadent.org.uk> Fri, 16 Jan 2015 03:06:29 +0000
+ -- Ben Hutchings <ben at decadent.org.uk> Thu, 12 Feb 2015 03:48:23 +0000
+
+linux (3.16.7-ckt4-3) unstable; urgency=medium
+
+ [ Ben Hutchings ]
+ * [sh4] ftrace: Remove -m32 option from recordmcount.pl (Closes: #775611)
+ * [x86] Revert "KVM: Fix of previously incomplete fix for CVE-2014-8480"
+ as that issue does not affect 3.16
+ * [amd64] tls, ldt: Stop checking lm in LDT_empty (regression in 3.16.7-ckt4)
+ * [x86] tls: Interpret an all-zero struct user_desc as "no segment"
+ (regression in 3.16.7-ckt4)
+ * net: sctp: fix slab corruption from use after free on INIT collisions
+ (CVE-2015-1421)
+
+ [ Ian Campbell ]
+ * [xen] cancel ballooning if adding new memory failed (Closes: #776448)
+ * [arm64] Only use the virtual counter (CNTVCT) on arm64. (Closes: #776957)
+
+ -- Ben Hutchings <ben at decadent.org.uk> Tue, 03 Feb 2015 20:07:06 +0000
+
+linux (3.16.7-ckt4-2) unstable; urgency=medium
+
+ [ Ian Campbell ]
+ * [arm64] udeb: Remove zlib-modules, as ZLIB_DEFLATE is now
+ built-in (fixes FTBFS)
+ * [xen] Revert "swiotlb-xen: pass dev_addr to swiotlb_tbl_unmap_single"
+ (Closes: #776237)
+
+ [ Helge Deller ]
+ * [hppa] udeb: Fix duplicate modules in ata-modules, pata-modules
+ (Closes: #770102)
+ * [hppa] Enable CONFIG_PPDEV to avoid CUPS complaining with systemd
+
+ [ Ben Hutchings ]
+ * crypto: Fix unprivileged arbitrary module loading (CVE-2013-7421,
+ CVE-2014-9644)
+ - prefix module autoloading with "crypto-"
+ - include crypto- module prefix in template
+ - add missing crypto module aliases
+ * [x86] KVM: Fix of previously incomplete fix for CVE-2014-8480
+ * [x86] KVM: SYSENTER emulation is broken (CVE-2015-0239)
+
+ -- Ben Hutchings <ben at decadent.org.uk> Tue, 27 Jan 2015 03:57:26 +0000
linux (3.16.7-ckt4-1) unstable; urgency=medium
Modified: dists/wheezy-backports/linux/debian/config/hppa/config
==============================================================================
--- dists/wheezy-backports/linux/debian/config/hppa/config Thu Feb 12 03:46:18 2015 (r22369)
+++ dists/wheezy-backports/linux/debian/config/hppa/config Thu Feb 12 04:00:26 2015 (r22370)
@@ -46,7 +46,7 @@
##
CONFIG_PRINTER=m
# CONFIG_LP_CONSOLE is not set
-# CONFIG_PPDEV is not set
+CONFIG_PPDEV=m
CONFIG_GEN_RTC=y
# CONFIG_GEN_RTC_X is not set
# CONFIG_DTLK is not set
Modified: dists/wheezy-backports/linux/debian/installer/arm64/package-list
==============================================================================
--- dists/wheezy-backports/linux/debian/installer/arm64/package-list Thu Feb 12 03:46:18 2015 (r22369)
+++ dists/wheezy-backports/linux/debian/installer/arm64/package-list Thu Feb 12 04:00:26 2015 (r22370)
@@ -5,3 +5,4 @@
#
Package: kernel-image
+Provides: zlib-modules
Modified: dists/wheezy-backports/linux/debian/installer/hppa/modules/hppa/ata-modules
==============================================================================
--- dists/wheezy-backports/linux/debian/installer/hppa/modules/hppa/ata-modules Thu Feb 12 03:46:18 2015 (r22369)
+++ dists/wheezy-backports/linux/debian/installer/hppa/modules/hppa/ata-modules Thu Feb 12 04:00:26 2015 (r22370)
@@ -1 +1,2 @@
#include <ata-modules>
+libata -
Modified: dists/wheezy-backports/linux/debian/installer/hppa/package-list
==============================================================================
--- dists/wheezy-backports/linux/debian/installer/hppa/package-list Thu Feb 12 03:46:18 2015 (r22369)
+++ dists/wheezy-backports/linux/debian/installer/hppa/package-list Thu Feb 12 04:00:26 2015 (r22370)
@@ -12,7 +12,7 @@
Depends: kernel-image, ide-core-modules, nls-core-modules
Package: pata-modules
-Depends: kernel-image, scsi-core-modules
+Depends: kernel-image, ata-modules, scsi-core-modules
Package: fb-modules
Depends: kernel-image
Copied: dists/wheezy-backports/linux/debian/patches/bugfix/all/Revert-swiotlb-xen-pass-dev_addr-to-swiotlb_tbl_unma.patch (from r22341, dists/sid/linux/debian/patches/bugfix/all/Revert-swiotlb-xen-pass-dev_addr-to-swiotlb_tbl_unma.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy-backports/linux/debian/patches/bugfix/all/Revert-swiotlb-xen-pass-dev_addr-to-swiotlb_tbl_unma.patch Thu Feb 12 04:00:26 2015 (r22370, copy of r22341, dists/sid/linux/debian/patches/bugfix/all/Revert-swiotlb-xen-pass-dev_addr-to-swiotlb_tbl_unma.patch)
@@ -0,0 +1,35 @@
+From c3d92e076c01e257d0cac339e1942f1217ba279b Mon Sep 17 00:00:00 2001
+From: David Vrabel <david.vrabel at citrix.com>
+Date: Wed, 10 Dec 2014 14:48:43 +0000
+Subject: [PATCH] Revert "swiotlb-xen: pass dev_addr to
+ swiotlb_tbl_unmap_single"
+
+This reverts commit 2c3fc8d26dd09b9d7069687eead849ee81c78e46.
+
+This commit broke on x86 PV because entries in the generic SWIOTLB are
+indexed using (pseudo-)physical address not DMA address and these are
+not the same in a x86 PV guest.
+
+Signed-off-by: David Vrabel <david.vrabel at citrix.com>
+Reviewed-by: Stefano Stabellini <stefano.stabellini at eu.citrix.com>
+(cherry picked from commit dbdd74763f1faf799fbb9ed30423182e92919378)
+---
+ drivers/xen/swiotlb-xen.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/xen/swiotlb-xen.c b/drivers/xen/swiotlb-xen.c
+index 5ea1e3c..810ad41 100644
+--- a/drivers/xen/swiotlb-xen.c
++++ b/drivers/xen/swiotlb-xen.c
+@@ -451,7 +451,7 @@ static void xen_unmap_single(struct device *hwdev, dma_addr_t dev_addr,
+
+ /* NOTE: We use dev_addr here, not paddr! */
+ if (is_xen_swiotlb_buffer(dev_addr)) {
+- swiotlb_tbl_unmap_single(hwdev, dev_addr, size, dir);
++ swiotlb_tbl_unmap_single(hwdev, paddr, size, dir);
+ return;
+ }
+
+--
+1.7.10.4
+
Copied: dists/wheezy-backports/linux/debian/patches/bugfix/all/crypto-add-missing-crypto-module-aliases.patch (from r22341, dists/sid/linux/debian/patches/bugfix/all/crypto-add-missing-crypto-module-aliases.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy-backports/linux/debian/patches/bugfix/all/crypto-add-missing-crypto-module-aliases.patch Thu Feb 12 04:00:26 2015 (r22370, copy of r22341, dists/sid/linux/debian/patches/bugfix/all/crypto-add-missing-crypto-module-aliases.patch)
@@ -0,0 +1,223 @@
+From: Mathias Krause <minipli at googlemail.com>
+Date: Sun, 11 Jan 2015 18:17:42 +0100
+Subject: crypto: add missing crypto module aliases
+Origin: https://git.kernel.org/linus/3e14dcf7cb80b34a1f38b55bc96f02d23fdaaaaf
+
+Commit 5d26a105b5a7 ("crypto: prefix module autoloading with "crypto-"")
+changed the automatic module loading when requesting crypto algorithms
+to prefix all module requests with "crypto-". This requires all crypto
+modules to have a crypto specific module alias even if their file name
+would otherwise match the requested crypto algorithm.
+
+Even though commit 5d26a105b5a7 added those aliases for a vast amount of
+modules, it was missing a few. Add the required MODULE_ALIAS_CRYPTO
+annotations to those files to make them get loaded automatically, again.
+This fixes, e.g., requesting 'ecb(blowfish-generic)', which used to work
+with kernels v3.18 and below.
+
+Also change MODULE_ALIAS() lines to MODULE_ALIAS_CRYPTO(). The former
+won't work for crypto modules any more.
+
+Fixes: 5d26a105b5a7 ("crypto: prefix module autoloading with "crypto-"")
+Cc: Kees Cook <keescook at chromium.org>
+Signed-off-by: Mathias Krause <minipli at googlemail.com>
+Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
+[bwh: Backported to 3.16: drop changes to x86 sha1_mb which we don't have]
+---
+ arch/powerpc/crypto/sha1.c | 1 +
+ crypto/aes_generic.c | 1 +
+ crypto/ansi_cprng.c | 1 +
+ crypto/blowfish_generic.c | 1 +
+ crypto/camellia_generic.c | 1 +
+ crypto/cast5_generic.c | 1 +
+ crypto/cast6_generic.c | 1 +
+ crypto/crc32c_generic.c | 1 +
+ crypto/crct10dif_generic.c | 1 +
+ crypto/des_generic.c | 7 ++++---
+ crypto/ghash-generic.c | 1 +
+ crypto/krng.c | 1 +
+ crypto/salsa20_generic.c | 1 +
+ crypto/serpent_generic.c | 1 +
+ crypto/sha1_generic.c | 1 +
+ crypto/sha256_generic.c | 2 ++
+ crypto/sha512_generic.c | 2 ++
+ crypto/tea.c | 1 +
+ crypto/tgr192.c | 1 +
+ crypto/twofish_generic.c | 1 +
+ crypto/wp512.c | 1 +
+
+--- a/arch/powerpc/crypto/sha1.c
++++ b/arch/powerpc/crypto/sha1.c
+@@ -154,4 +154,5 @@ module_exit(sha1_powerpc_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm");
+
++MODULE_ALIAS_CRYPTO("sha1");
+ MODULE_ALIAS_CRYPTO("sha1-powerpc");
+--- a/crypto/aes_generic.c
++++ b/crypto/aes_generic.c
+@@ -1475,3 +1475,4 @@ module_exit(aes_fini);
+ MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm");
+ MODULE_LICENSE("Dual BSD/GPL");
+ MODULE_ALIAS_CRYPTO("aes");
++MODULE_ALIAS_CRYPTO("aes-generic");
+--- a/crypto/ansi_cprng.c
++++ b/crypto/ansi_cprng.c
+@@ -477,3 +477,4 @@ MODULE_PARM_DESC(dbg, "Boolean to enable
+ module_init(prng_mod_init);
+ module_exit(prng_mod_fini);
+ MODULE_ALIAS_CRYPTO("stdrng");
++MODULE_ALIAS_CRYPTO("ansi_cprng");
+--- a/crypto/blowfish_generic.c
++++ b/crypto/blowfish_generic.c
+@@ -139,3 +139,4 @@ module_exit(blowfish_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Blowfish Cipher Algorithm");
+ MODULE_ALIAS_CRYPTO("blowfish");
++MODULE_ALIAS_CRYPTO("blowfish-generic");
+--- a/crypto/camellia_generic.c
++++ b/crypto/camellia_generic.c
+@@ -1099,3 +1099,4 @@ module_exit(camellia_fini);
+ MODULE_DESCRIPTION("Camellia Cipher Algorithm");
+ MODULE_LICENSE("GPL");
+ MODULE_ALIAS_CRYPTO("camellia");
++MODULE_ALIAS_CRYPTO("camellia-generic");
+--- a/crypto/cast5_generic.c
++++ b/crypto/cast5_generic.c
+@@ -550,3 +550,4 @@ module_exit(cast5_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Cast5 Cipher Algorithm");
+ MODULE_ALIAS_CRYPTO("cast5");
++MODULE_ALIAS_CRYPTO("cast5-generic");
+--- a/crypto/cast6_generic.c
++++ b/crypto/cast6_generic.c
+@@ -292,3 +292,4 @@ module_exit(cast6_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Cast6 Cipher Algorithm");
+ MODULE_ALIAS_CRYPTO("cast6");
++MODULE_ALIAS_CRYPTO("cast6-generic");
+--- a/crypto/crc32c_generic.c
++++ b/crypto/crc32c_generic.c
+@@ -171,4 +171,5 @@ MODULE_AUTHOR("Clay Haapala <chaapala at ci
+ MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations wrapper for lib/crc32c");
+ MODULE_LICENSE("GPL");
+ MODULE_ALIAS_CRYPTO("crc32c");
++MODULE_ALIAS_CRYPTO("crc32c-generic");
+ MODULE_SOFTDEP("pre: crc32c");
+--- a/crypto/crct10dif_generic.c
++++ b/crypto/crct10dif_generic.c
+@@ -125,3 +125,4 @@ MODULE_AUTHOR("Tim Chen <tim.c.chen at linu
+ MODULE_DESCRIPTION("T10 DIF CRC calculation.");
+ MODULE_LICENSE("GPL");
+ MODULE_ALIAS_CRYPTO("crct10dif");
++MODULE_ALIAS_CRYPTO("crct10dif-generic");
+--- a/crypto/des_generic.c
++++ b/crypto/des_generic.c
+@@ -971,8 +971,6 @@ static struct crypto_alg des_algs[2] = {
+ .cia_decrypt = des3_ede_decrypt } }
+ } };
+
+-MODULE_ALIAS_CRYPTO("des3_ede");
+-
+ static int __init des_generic_mod_init(void)
+ {
+ return crypto_register_algs(des_algs, ARRAY_SIZE(des_algs));
+@@ -989,4 +987,7 @@ module_exit(des_generic_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms");
+ MODULE_AUTHOR("Dag Arne Osvik <da at osvik.no>");
+-MODULE_ALIAS("des");
++MODULE_ALIAS_CRYPTO("des");
++MODULE_ALIAS_CRYPTO("des-generic");
++MODULE_ALIAS_CRYPTO("des3_ede");
++MODULE_ALIAS_CRYPTO("des3_ede-generic");
+--- a/crypto/ghash-generic.c
++++ b/crypto/ghash-generic.c
+@@ -173,3 +173,4 @@ module_exit(ghash_mod_exit);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("GHASH Message Digest Algorithm");
+ MODULE_ALIAS_CRYPTO("ghash");
++MODULE_ALIAS_CRYPTO("ghash-generic");
+--- a/crypto/krng.c
++++ b/crypto/krng.c
+@@ -63,3 +63,4 @@ module_exit(krng_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Kernel Random Number Generator");
+ MODULE_ALIAS_CRYPTO("stdrng");
++MODULE_ALIAS_CRYPTO("krng");
+--- a/crypto/salsa20_generic.c
++++ b/crypto/salsa20_generic.c
+@@ -249,3 +249,4 @@ module_exit(salsa20_generic_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION ("Salsa20 stream cipher algorithm");
+ MODULE_ALIAS_CRYPTO("salsa20");
++MODULE_ALIAS_CRYPTO("salsa20-generic");
+--- a/crypto/serpent_generic.c
++++ b/crypto/serpent_generic.c
+@@ -667,3 +667,4 @@ MODULE_DESCRIPTION("Serpent and tnepres
+ MODULE_AUTHOR("Dag Arne Osvik <osvik at ii.uib.no>");
+ MODULE_ALIAS_CRYPTO("tnepres");
+ MODULE_ALIAS_CRYPTO("serpent");
++MODULE_ALIAS_CRYPTO("serpent-generic");
+--- a/crypto/sha1_generic.c
++++ b/crypto/sha1_generic.c
+@@ -154,3 +154,4 @@ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm");
+
+ MODULE_ALIAS_CRYPTO("sha1");
++MODULE_ALIAS_CRYPTO("sha1-generic");
+--- a/crypto/sha256_generic.c
++++ b/crypto/sha256_generic.c
+@@ -385,4 +385,6 @@ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("SHA-224 and SHA-256 Secure Hash Algorithm");
+
+ MODULE_ALIAS_CRYPTO("sha224");
++MODULE_ALIAS_CRYPTO("sha224-generic");
+ MODULE_ALIAS_CRYPTO("sha256");
++MODULE_ALIAS_CRYPTO("sha256-generic");
+--- a/crypto/sha512_generic.c
++++ b/crypto/sha512_generic.c
+@@ -288,4 +288,6 @@ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("SHA-512 and SHA-384 Secure Hash Algorithms");
+
+ MODULE_ALIAS_CRYPTO("sha384");
++MODULE_ALIAS_CRYPTO("sha384-generic");
+ MODULE_ALIAS_CRYPTO("sha512");
++MODULE_ALIAS_CRYPTO("sha512-generic");
+--- a/crypto/tea.c
++++ b/crypto/tea.c
+@@ -270,6 +270,7 @@ static void __exit tea_mod_fini(void)
+ crypto_unregister_algs(tea_algs, ARRAY_SIZE(tea_algs));
+ }
+
++MODULE_ALIAS_CRYPTO("tea");
+ MODULE_ALIAS_CRYPTO("xtea");
+ MODULE_ALIAS_CRYPTO("xeta");
+
+--- a/crypto/tgr192.c
++++ b/crypto/tgr192.c
+@@ -676,6 +676,7 @@ static void __exit tgr192_mod_fini(void)
+ crypto_unregister_shashes(tgr_algs, ARRAY_SIZE(tgr_algs));
+ }
+
++MODULE_ALIAS_CRYPTO("tgr192");
+ MODULE_ALIAS_CRYPTO("tgr160");
+ MODULE_ALIAS_CRYPTO("tgr128");
+
+--- a/crypto/twofish_generic.c
++++ b/crypto/twofish_generic.c
+@@ -212,3 +212,4 @@ module_exit(twofish_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION ("Twofish Cipher Algorithm");
+ MODULE_ALIAS_CRYPTO("twofish");
++MODULE_ALIAS_CRYPTO("twofish-generic");
+--- a/crypto/wp512.c
++++ b/crypto/wp512.c
+@@ -1167,6 +1167,7 @@ static void __exit wp512_mod_fini(void)
+ crypto_unregister_shashes(wp_algs, ARRAY_SIZE(wp_algs));
+ }
+
++MODULE_ALIAS_CRYPTO("wp512");
+ MODULE_ALIAS_CRYPTO("wp384");
+ MODULE_ALIAS_CRYPTO("wp256");
+
Copied: dists/wheezy-backports/linux/debian/patches/bugfix/all/crypto-include-crypto-module-prefix-in-template.patch (from r22341, dists/sid/linux/debian/patches/bugfix/all/crypto-include-crypto-module-prefix-in-template.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy-backports/linux/debian/patches/bugfix/all/crypto-include-crypto-module-prefix-in-template.patch Thu Feb 12 04:00:26 2015 (r22370, copy of r22341, dists/sid/linux/debian/patches/bugfix/all/crypto-include-crypto-module-prefix-in-template.patch)
@@ -0,0 +1,215 @@
+From: Kees Cook <keescook at chromium.org>
+Date: Mon, 24 Nov 2014 16:32:38 -0800
+Subject: crypto: include crypto- module prefix in template
+Origin: https://git.kernel.org/linus/4943ba16bbc2db05115707b3ff7b4874e9e3c560
+
+This adds the module loading prefix "crypto-" to the template lookup
+as well.
+
+For example, attempting to load 'vfat(blowfish)' via AF_ALG now correctly
+includes the "crypto-" prefix at every level, correctly rejecting "vfat":
+
+ net-pf-38
+ algif-hash
+ crypto-vfat(blowfish)
+ crypto-vfat(blowfish)-all
+ crypto-vfat
+
+Reported-by: Mathias Krause <minipli at googlemail.com>
+Signed-off-by: Kees Cook <keescook at chromium.org>
+Acked-by: Mathias Krause <minipli at googlemail.com>
+Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
+[bwh: Backported to 3.16: drop changes to mcryptd which we don't have]
+---
+ arch/x86/crypto/fpu.c | 3 +++
+ crypto/algapi.c | 4 ++--
+ crypto/authenc.c | 1 +
+ crypto/authencesn.c | 1 +
+ crypto/cbc.c | 1 +
+ crypto/ccm.c | 1 +
+ crypto/chainiv.c | 1 +
+ crypto/cmac.c | 1 +
+ crypto/cryptd.c | 1 +
+ crypto/ctr.c | 1 +
+ crypto/cts.c | 1 +
+ crypto/ecb.c | 1 +
+ crypto/eseqiv.c | 1 +
+ crypto/gcm.c | 1 +
+ crypto/hmac.c | 1 +
+ crypto/lrw.c | 1 +
+ crypto/pcbc.c | 1 +
+ crypto/pcrypt.c | 1 +
+ crypto/seqiv.c | 1 +
+ crypto/vmac.c | 1 +
+ crypto/xcbc.c | 1 +
+ crypto/xts.c | 1 +
+
+--- a/arch/x86/crypto/fpu.c
++++ b/arch/x86/crypto/fpu.c
+@@ -17,6 +17,7 @@
+ #include <linux/kernel.h>
+ #include <linux/module.h>
+ #include <linux/slab.h>
++#include <linux/crypto.h>
+ #include <asm/i387.h>
+
+ struct crypto_fpu_ctx {
+@@ -159,3 +160,5 @@ void __exit crypto_fpu_exit(void)
+ {
+ crypto_unregister_template(&crypto_fpu_tmpl);
+ }
++
++MODULE_ALIAS_CRYPTO("fpu");
+--- a/crypto/algapi.c
++++ b/crypto/algapi.c
+@@ -495,8 +495,8 @@ static struct crypto_template *__crypto_
+
+ struct crypto_template *crypto_lookup_template(const char *name)
+ {
+- return try_then_request_module(__crypto_lookup_template(name), "%s",
+- name);
++ return try_then_request_module(__crypto_lookup_template(name),
++ "crypto-%s", name);
+ }
+ EXPORT_SYMBOL_GPL(crypto_lookup_template);
+
+--- a/crypto/authenc.c
++++ b/crypto/authenc.c
+@@ -721,3 +721,4 @@ module_exit(crypto_authenc_module_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Simple AEAD wrapper for IPsec");
++MODULE_ALIAS_CRYPTO("authenc");
+--- a/crypto/authencesn.c
++++ b/crypto/authencesn.c
+@@ -814,3 +814,4 @@ module_exit(crypto_authenc_esn_module_ex
+ MODULE_LICENSE("GPL");
+ MODULE_AUTHOR("Steffen Klassert <steffen.klassert at secunet.com>");
+ MODULE_DESCRIPTION("AEAD wrapper for IPsec with extended sequence numbers");
++MODULE_ALIAS_CRYPTO("authencesn");
+--- a/crypto/cbc.c
++++ b/crypto/cbc.c
+@@ -289,3 +289,4 @@ module_exit(crypto_cbc_module_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("CBC block cipher algorithm");
++MODULE_ALIAS_CRYPTO("cbc");
+--- a/crypto/ccm.c
++++ b/crypto/ccm.c
+@@ -881,3 +881,4 @@ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Counter with CBC MAC");
+ MODULE_ALIAS_CRYPTO("ccm_base");
+ MODULE_ALIAS_CRYPTO("rfc4309");
++MODULE_ALIAS_CRYPTO("ccm");
+--- a/crypto/chainiv.c
++++ b/crypto/chainiv.c
+@@ -359,3 +359,4 @@ module_exit(chainiv_module_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Chain IV Generator");
++MODULE_ALIAS_CRYPTO("chainiv");
+--- a/crypto/cmac.c
++++ b/crypto/cmac.c
+@@ -313,3 +313,4 @@ module_exit(crypto_cmac_module_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("CMAC keyed hash algorithm");
++MODULE_ALIAS_CRYPTO("cmac");
+--- a/crypto/cryptd.c
++++ b/crypto/cryptd.c
+@@ -955,3 +955,4 @@ module_exit(cryptd_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Software async crypto daemon");
++MODULE_ALIAS_CRYPTO("cryptd");
+--- a/crypto/ctr.c
++++ b/crypto/ctr.c
+@@ -467,3 +467,4 @@ module_exit(crypto_ctr_module_exit);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("CTR Counter block mode");
+ MODULE_ALIAS_CRYPTO("rfc3686");
++MODULE_ALIAS_CRYPTO("ctr");
+--- a/crypto/cts.c
++++ b/crypto/cts.c
+@@ -350,3 +350,4 @@ module_exit(crypto_cts_module_exit);
+
+ MODULE_LICENSE("Dual BSD/GPL");
+ MODULE_DESCRIPTION("CTS-CBC CipherText Stealing for CBC");
++MODULE_ALIAS_CRYPTO("cts");
+--- a/crypto/ecb.c
++++ b/crypto/ecb.c
+@@ -185,3 +185,4 @@ module_exit(crypto_ecb_module_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("ECB block cipher algorithm");
++MODULE_ALIAS_CRYPTO("ecb");
+--- a/crypto/eseqiv.c
++++ b/crypto/eseqiv.c
+@@ -267,3 +267,4 @@ module_exit(eseqiv_module_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Encrypted Sequence Number IV Generator");
++MODULE_ALIAS_CRYPTO("eseqiv");
+--- a/crypto/gcm.c
++++ b/crypto/gcm.c
+@@ -1444,3 +1444,4 @@ MODULE_AUTHOR("Mikko Herranen <mh1 at iki.f
+ MODULE_ALIAS_CRYPTO("gcm_base");
+ MODULE_ALIAS_CRYPTO("rfc4106");
+ MODULE_ALIAS_CRYPTO("rfc4543");
++MODULE_ALIAS_CRYPTO("gcm");
+--- a/crypto/hmac.c
++++ b/crypto/hmac.c
+@@ -271,3 +271,4 @@ module_exit(hmac_module_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("HMAC hash algorithm");
++MODULE_ALIAS_CRYPTO("hmac");
+--- a/crypto/lrw.c
++++ b/crypto/lrw.c
+@@ -400,3 +400,4 @@ module_exit(crypto_module_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("LRW block cipher mode");
++MODULE_ALIAS_CRYPTO("lrw");
+--- a/crypto/pcbc.c
++++ b/crypto/pcbc.c
+@@ -295,3 +295,4 @@ module_exit(crypto_pcbc_module_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("PCBC block cipher algorithm");
++MODULE_ALIAS_CRYPTO("pcbc");
+--- a/crypto/pcrypt.c
++++ b/crypto/pcrypt.c
+@@ -565,3 +565,4 @@ module_exit(pcrypt_exit);
+ MODULE_LICENSE("GPL");
+ MODULE_AUTHOR("Steffen Klassert <steffen.klassert at secunet.com>");
+ MODULE_DESCRIPTION("Parallel crypto wrapper");
++MODULE_ALIAS_CRYPTO("pcrypt");
+--- a/crypto/seqiv.c
++++ b/crypto/seqiv.c
+@@ -362,3 +362,4 @@ module_exit(seqiv_module_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Sequence Number IV Generator");
++MODULE_ALIAS_CRYPTO("seqiv");
+--- a/crypto/vmac.c
++++ b/crypto/vmac.c
+@@ -713,3 +713,4 @@ module_exit(vmac_module_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("VMAC hash algorithm");
++MODULE_ALIAS_CRYPTO("vmac");
+--- a/crypto/xcbc.c
++++ b/crypto/xcbc.c
+@@ -286,3 +286,4 @@ module_exit(crypto_xcbc_module_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("XCBC keyed hash algorithm");
++MODULE_ALIAS_CRYPTO("xcbc");
+--- a/crypto/xts.c
++++ b/crypto/xts.c
+@@ -362,3 +362,4 @@ module_exit(crypto_module_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("XTS block cipher mode");
++MODULE_ALIAS_CRYPTO("xts");
Copied: dists/wheezy-backports/linux/debian/patches/bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch (from r22341, dists/sid/linux/debian/patches/bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy-backports/linux/debian/patches/bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch Thu Feb 12 04:00:26 2015 (r22370, copy of r22341, dists/sid/linux/debian/patches/bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch)
@@ -0,0 +1,995 @@
+From: Kees Cook <keescook at chromium.org>
+Date: Thu, 20 Nov 2014 17:05:53 -0800
+Subject: crypto: prefix module autoloading with "crypto-"
+Origin: https://git.kernel.org/linus/5d26a105b5a73e5635eae0629b42fa0a90e07b7b
+
+This prefixes all crypto module loading with "crypto-" so we never run
+the risk of exposing module auto-loading to userspace via a crypto API,
+as demonstrated by Mathias Krause:
+
+https://lkml.org/lkml/2013/3/4/70
+
+Signed-off-by: Kees Cook <keescook at chromium.org>
+Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
+[bwh: Backported to 3.16: drop changes to drivers we don't have]
+---
+ arch/arm/crypto/aes_glue.c | 4 ++--
+ arch/arm/crypto/sha1_glue.c | 2 +-
+ arch/arm64/crypto/aes-ce-ccm-glue.c | 2 +-
+ arch/arm64/crypto/aes-glue.c | 8 ++++----
+ arch/powerpc/crypto/sha1.c | 2 +-
+ arch/s390/crypto/aes_s390.c | 2 +-
+ arch/s390/crypto/des_s390.c | 4 ++--
+ arch/s390/crypto/ghash_s390.c | 2 +-
+ arch/s390/crypto/sha1_s390.c | 2 +-
+ arch/s390/crypto/sha256_s390.c | 4 ++--
+ arch/s390/crypto/sha512_s390.c | 4 ++--
+ arch/sparc/crypto/aes_glue.c | 2 +-
+ arch/sparc/crypto/camellia_glue.c | 2 +-
+ arch/sparc/crypto/crc32c_glue.c | 2 +-
+ arch/sparc/crypto/des_glue.c | 2 +-
+ arch/sparc/crypto/md5_glue.c | 2 +-
+ arch/sparc/crypto/sha1_glue.c | 2 +-
+ arch/sparc/crypto/sha256_glue.c | 4 ++--
+ arch/sparc/crypto/sha512_glue.c | 4 ++--
+ arch/x86/crypto/aes_glue.c | 4 ++--
+ arch/x86/crypto/aesni-intel_glue.c | 2 +-
+ arch/x86/crypto/blowfish_glue.c | 4 ++--
+ arch/x86/crypto/camellia_aesni_avx2_glue.c | 4 ++--
+ arch/x86/crypto/camellia_aesni_avx_glue.c | 4 ++--
+ arch/x86/crypto/camellia_glue.c | 4 ++--
+ arch/x86/crypto/cast5_avx_glue.c | 2 +-
+ arch/x86/crypto/cast6_avx_glue.c | 2 +-
+ arch/x86/crypto/crc32-pclmul_glue.c | 4 ++--
+ arch/x86/crypto/crc32c-intel_glue.c | 4 ++--
+ arch/x86/crypto/crct10dif-pclmul_glue.c | 4 ++--
+ arch/x86/crypto/ghash-clmulni-intel_glue.c | 2 +-
+ arch/x86/crypto/salsa20_glue.c | 4 ++--
+ arch/x86/crypto/serpent_avx2_glue.c | 4 ++--
+ arch/x86/crypto/serpent_avx_glue.c | 2 +-
+ arch/x86/crypto/serpent_sse2_glue.c | 2 +-
+ arch/x86/crypto/sha1_ssse3_glue.c | 2 +-
+ arch/x86/crypto/sha256_ssse3_glue.c | 4 ++--
+ arch/x86/crypto/sha512_ssse3_glue.c | 4 ++--
+ arch/x86/crypto/twofish_avx_glue.c | 2 +-
+ arch/x86/crypto/twofish_glue.c | 4 ++--
+ arch/x86/crypto/twofish_glue_3way.c | 4 ++--
+ crypto/842.c | 1 +
+ crypto/aes_generic.c | 2 +-
+ crypto/ansi_cprng.c | 2 +-
+ crypto/anubis.c | 1 +
+ crypto/api.c | 4 ++--
+ crypto/arc4.c | 1 +
+ crypto/blowfish_generic.c | 2 +-
+ crypto/camellia_generic.c | 2 +-
+ crypto/cast5_generic.c | 2 +-
+ crypto/cast6_generic.c | 2 +-
+ crypto/ccm.c | 4 ++--
+ crypto/crc32.c | 1 +
+ crypto/crc32c_generic.c | 2 +-
+ crypto/crct10dif_generic.c | 2 +-
+ crypto/crypto_null.c | 6 +++---
+ crypto/ctr.c | 2 +-
+ crypto/deflate.c | 2 +-
+ crypto/des_generic.c | 2 +-
+ crypto/fcrypt.c | 1 +
+ crypto/gcm.c | 6 +++---
+ crypto/ghash-generic.c | 2 +-
+ crypto/khazad.c | 1 +
+ crypto/krng.c | 2 +-
+ crypto/lz4.c | 1 +
+ crypto/lz4hc.c | 1 +
+ crypto/lzo.c | 1 +
+ crypto/md4.c | 2 +-
+ crypto/md5.c | 1 +
+ crypto/michael_mic.c | 1 +
+ crypto/rmd128.c | 1 +
+ crypto/rmd160.c | 1 +
+ crypto/rmd256.c | 1 +
+ crypto/rmd320.c | 1 +
+ crypto/salsa20_generic.c | 2 +-
+ crypto/seed.c | 1 +
+ crypto/serpent_generic.c | 4 ++--
+ crypto/sha1_generic.c | 2 +-
+ crypto/sha256_generic.c | 4 ++--
+ crypto/sha512_generic.c | 4 ++--
+ crypto/tea.c | 4 ++--
+ crypto/tgr192.c | 4 ++--
+ crypto/twofish_generic.c | 2 +-
+ crypto/wp512.c | 4 ++--
+ crypto/zlib.c | 1 +
+ drivers/crypto/padlock-aes.c | 2 +-
+ drivers/crypto/padlock-sha.c | 8 ++++----
+ drivers/crypto/ux500/cryp/cryp_core.c | 4 ++--
+ drivers/crypto/ux500/hash/hash_core.c | 8 ++++----
+ drivers/s390/crypto/ap_bus.c | 3 ++-
+ include/linux/crypto.h | 13 +++++++++++++
+
+--- a/arch/arm/crypto/aes_glue.c
++++ b/arch/arm/crypto/aes_glue.c
+@@ -93,6 +93,6 @@ module_exit(aes_fini);
+
+ MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm (ASM)");
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS("aes");
+-MODULE_ALIAS("aes-asm");
++MODULE_ALIAS_CRYPTO("aes");
++MODULE_ALIAS_CRYPTO("aes-asm");
+ MODULE_AUTHOR("David McCullough <ucdevel at gmail.com>");
+--- a/arch/arm/crypto/sha1_glue.c
++++ b/arch/arm/crypto/sha1_glue.c
+@@ -175,5 +175,5 @@ module_exit(sha1_mod_fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm (ARM)");
+-MODULE_ALIAS("sha1");
++MODULE_ALIAS_CRYPTO("sha1");
+ MODULE_AUTHOR("David McCullough <ucdevel at gmail.com>");
+--- a/arch/arm64/crypto/aes-ce-ccm-glue.c
++++ b/arch/arm64/crypto/aes-ce-ccm-glue.c
+@@ -294,4 +294,4 @@ module_exit(aes_mod_exit);
+ MODULE_DESCRIPTION("Synchronous AES in CCM mode using ARMv8 Crypto Extensions");
+ MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel at linaro.org>");
+ MODULE_LICENSE("GPL v2");
+-MODULE_ALIAS("ccm(aes)");
++MODULE_ALIAS_CRYPTO("ccm(aes)");
+--- a/arch/arm64/crypto/aes-glue.c
++++ b/arch/arm64/crypto/aes-glue.c
+@@ -38,10 +38,10 @@ MODULE_DESCRIPTION("AES-ECB/CBC/CTR/XTS
+ #define aes_xts_encrypt neon_aes_xts_encrypt
+ #define aes_xts_decrypt neon_aes_xts_decrypt
+ MODULE_DESCRIPTION("AES-ECB/CBC/CTR/XTS using ARMv8 NEON");
+-MODULE_ALIAS("ecb(aes)");
+-MODULE_ALIAS("cbc(aes)");
+-MODULE_ALIAS("ctr(aes)");
+-MODULE_ALIAS("xts(aes)");
++MODULE_ALIAS_CRYPTO("ecb(aes)");
++MODULE_ALIAS_CRYPTO("cbc(aes)");
++MODULE_ALIAS_CRYPTO("ctr(aes)");
++MODULE_ALIAS_CRYPTO("xts(aes)");
+ #endif
+
+ MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel at linaro.org>");
+--- a/arch/powerpc/crypto/sha1.c
++++ b/arch/powerpc/crypto/sha1.c
+@@ -154,4 +154,4 @@ module_exit(sha1_powerpc_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm");
+
+-MODULE_ALIAS("sha1-powerpc");
++MODULE_ALIAS_CRYPTO("sha1-powerpc");
+--- a/arch/s390/crypto/aes_s390.c
++++ b/arch/s390/crypto/aes_s390.c
+@@ -979,7 +979,7 @@ static void __exit aes_s390_fini(void)
+ module_init(aes_s390_init);
+ module_exit(aes_s390_fini);
+
+-MODULE_ALIAS("aes-all");
++MODULE_ALIAS_CRYPTO("aes-all");
+
+ MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm");
+ MODULE_LICENSE("GPL");
+--- a/arch/s390/crypto/des_s390.c
++++ b/arch/s390/crypto/des_s390.c
+@@ -619,8 +619,8 @@ static void __exit des_s390_exit(void)
+ module_init(des_s390_init);
+ module_exit(des_s390_exit);
+
+-MODULE_ALIAS("des");
+-MODULE_ALIAS("des3_ede");
++MODULE_ALIAS_CRYPTO("des");
++MODULE_ALIAS_CRYPTO("des3_ede");
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms");
+--- a/arch/s390/crypto/ghash_s390.c
++++ b/arch/s390/crypto/ghash_s390.c
+@@ -160,7 +160,7 @@ static void __exit ghash_mod_exit(void)
+ module_init(ghash_mod_init);
+ module_exit(ghash_mod_exit);
+
+-MODULE_ALIAS("ghash");
++MODULE_ALIAS_CRYPTO("ghash");
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("GHASH Message Digest Algorithm, s390 implementation");
+--- a/arch/s390/crypto/sha1_s390.c
++++ b/arch/s390/crypto/sha1_s390.c
+@@ -103,6 +103,6 @@ static void __exit sha1_s390_fini(void)
+ module_init(sha1_s390_init);
+ module_exit(sha1_s390_fini);
+
+-MODULE_ALIAS("sha1");
++MODULE_ALIAS_CRYPTO("sha1");
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm");
+--- a/arch/s390/crypto/sha256_s390.c
++++ b/arch/s390/crypto/sha256_s390.c
+@@ -143,7 +143,7 @@ static void __exit sha256_s390_fini(void
+ module_init(sha256_s390_init);
+ module_exit(sha256_s390_fini);
+
+-MODULE_ALIAS("sha256");
+-MODULE_ALIAS("sha224");
++MODULE_ALIAS_CRYPTO("sha256");
++MODULE_ALIAS_CRYPTO("sha224");
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("SHA256 and SHA224 Secure Hash Algorithm");
+--- a/arch/s390/crypto/sha512_s390.c
++++ b/arch/s390/crypto/sha512_s390.c
+@@ -86,7 +86,7 @@ static struct shash_alg sha512_alg = {
+ }
+ };
+
+-MODULE_ALIAS("sha512");
++MODULE_ALIAS_CRYPTO("sha512");
+
+ static int sha384_init(struct shash_desc *desc)
+ {
+@@ -126,7 +126,7 @@ static struct shash_alg sha384_alg = {
+ }
+ };
+
+-MODULE_ALIAS("sha384");
++MODULE_ALIAS_CRYPTO("sha384");
+
+ static int __init init(void)
+ {
+--- a/arch/sparc/crypto/aes_glue.c
++++ b/arch/sparc/crypto/aes_glue.c
+@@ -499,6 +499,6 @@ module_exit(aes_sparc64_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("AES Secure Hash Algorithm, sparc64 aes opcode accelerated");
+
+-MODULE_ALIAS("aes");
++MODULE_ALIAS_CRYPTO("aes");
+
+ #include "crop_devid.c"
+--- a/arch/sparc/crypto/camellia_glue.c
++++ b/arch/sparc/crypto/camellia_glue.c
+@@ -322,6 +322,6 @@ module_exit(camellia_sparc64_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Camellia Cipher Algorithm, sparc64 camellia opcode accelerated");
+
+-MODULE_ALIAS("aes");
++MODULE_ALIAS_CRYPTO("aes");
+
+ #include "crop_devid.c"
+--- a/arch/sparc/crypto/crc32c_glue.c
++++ b/arch/sparc/crypto/crc32c_glue.c
+@@ -176,6 +176,6 @@ module_exit(crc32c_sparc64_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("CRC32c (Castagnoli), sparc64 crc32c opcode accelerated");
+
+-MODULE_ALIAS("crc32c");
++MODULE_ALIAS_CRYPTO("crc32c");
+
+ #include "crop_devid.c"
+--- a/arch/sparc/crypto/des_glue.c
++++ b/arch/sparc/crypto/des_glue.c
+@@ -532,6 +532,6 @@ module_exit(des_sparc64_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("DES & Triple DES EDE Cipher Algorithms, sparc64 des opcode accelerated");
+
+-MODULE_ALIAS("des");
++MODULE_ALIAS_CRYPTO("des");
+
+ #include "crop_devid.c"
+--- a/arch/sparc/crypto/md5_glue.c
++++ b/arch/sparc/crypto/md5_glue.c
+@@ -185,6 +185,6 @@ module_exit(md5_sparc64_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("MD5 Secure Hash Algorithm, sparc64 md5 opcode accelerated");
+
+-MODULE_ALIAS("md5");
++MODULE_ALIAS_CRYPTO("md5");
+
+ #include "crop_devid.c"
+--- a/arch/sparc/crypto/sha1_glue.c
++++ b/arch/sparc/crypto/sha1_glue.c
+@@ -180,6 +180,6 @@ module_exit(sha1_sparc64_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm, sparc64 sha1 opcode accelerated");
+
+-MODULE_ALIAS("sha1");
++MODULE_ALIAS_CRYPTO("sha1");
+
+ #include "crop_devid.c"
+--- a/arch/sparc/crypto/sha256_glue.c
++++ b/arch/sparc/crypto/sha256_glue.c
+@@ -237,7 +237,7 @@ module_exit(sha256_sparc64_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("SHA-224 and SHA-256 Secure Hash Algorithm, sparc64 sha256 opcode accelerated");
+
+-MODULE_ALIAS("sha224");
+-MODULE_ALIAS("sha256");
++MODULE_ALIAS_CRYPTO("sha224");
++MODULE_ALIAS_CRYPTO("sha256");
+
+ #include "crop_devid.c"
+--- a/arch/sparc/crypto/sha512_glue.c
++++ b/arch/sparc/crypto/sha512_glue.c
+@@ -222,7 +222,7 @@ module_exit(sha512_sparc64_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("SHA-384 and SHA-512 Secure Hash Algorithm, sparc64 sha512 opcode accelerated");
+
+-MODULE_ALIAS("sha384");
+-MODULE_ALIAS("sha512");
++MODULE_ALIAS_CRYPTO("sha384");
++MODULE_ALIAS_CRYPTO("sha512");
+
+ #include "crop_devid.c"
+--- a/arch/x86/crypto/aes_glue.c
++++ b/arch/x86/crypto/aes_glue.c
+@@ -66,5 +66,5 @@ module_exit(aes_fini);
+
+ MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm, asm optimized");
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS("aes");
+-MODULE_ALIAS("aes-asm");
++MODULE_ALIAS_CRYPTO("aes");
++MODULE_ALIAS_CRYPTO("aes-asm");
+--- a/arch/x86/crypto/aesni-intel_glue.c
++++ b/arch/x86/crypto/aesni-intel_glue.c
+@@ -1514,4 +1514,4 @@ module_exit(aesni_exit);
+
+ MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm, Intel AES-NI instructions optimized");
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS("aes");
++MODULE_ALIAS_CRYPTO("aes");
+--- a/arch/x86/crypto/blowfish_glue.c
++++ b/arch/x86/crypto/blowfish_glue.c
+@@ -478,5 +478,5 @@ module_exit(fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Blowfish Cipher Algorithm, asm optimized");
+-MODULE_ALIAS("blowfish");
+-MODULE_ALIAS("blowfish-asm");
++MODULE_ALIAS_CRYPTO("blowfish");
++MODULE_ALIAS_CRYPTO("blowfish-asm");
+--- a/arch/x86/crypto/camellia_aesni_avx2_glue.c
++++ b/arch/x86/crypto/camellia_aesni_avx2_glue.c
+@@ -582,5 +582,5 @@ module_exit(camellia_aesni_fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Camellia Cipher Algorithm, AES-NI/AVX2 optimized");
+-MODULE_ALIAS("camellia");
+-MODULE_ALIAS("camellia-asm");
++MODULE_ALIAS_CRYPTO("camellia");
++MODULE_ALIAS_CRYPTO("camellia-asm");
+--- a/arch/x86/crypto/camellia_aesni_avx_glue.c
++++ b/arch/x86/crypto/camellia_aesni_avx_glue.c
+@@ -574,5 +574,5 @@ module_exit(camellia_aesni_fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Camellia Cipher Algorithm, AES-NI/AVX optimized");
+-MODULE_ALIAS("camellia");
+-MODULE_ALIAS("camellia-asm");
++MODULE_ALIAS_CRYPTO("camellia");
++MODULE_ALIAS_CRYPTO("camellia-asm");
+--- a/arch/x86/crypto/camellia_glue.c
++++ b/arch/x86/crypto/camellia_glue.c
+@@ -1725,5 +1725,5 @@ module_exit(fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Camellia Cipher Algorithm, asm optimized");
+-MODULE_ALIAS("camellia");
+-MODULE_ALIAS("camellia-asm");
++MODULE_ALIAS_CRYPTO("camellia");
++MODULE_ALIAS_CRYPTO("camellia-asm");
+--- a/arch/x86/crypto/cast5_avx_glue.c
++++ b/arch/x86/crypto/cast5_avx_glue.c
+@@ -491,4 +491,4 @@ module_exit(cast5_exit);
+
+ MODULE_DESCRIPTION("Cast5 Cipher Algorithm, AVX optimized");
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS("cast5");
++MODULE_ALIAS_CRYPTO("cast5");
+--- a/arch/x86/crypto/cast6_avx_glue.c
++++ b/arch/x86/crypto/cast6_avx_glue.c
+@@ -611,4 +611,4 @@ module_exit(cast6_exit);
+
+ MODULE_DESCRIPTION("Cast6 Cipher Algorithm, AVX optimized");
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS("cast6");
++MODULE_ALIAS_CRYPTO("cast6");
+--- a/arch/x86/crypto/crc32-pclmul_glue.c
++++ b/arch/x86/crypto/crc32-pclmul_glue.c
+@@ -197,5 +197,5 @@ module_exit(crc32_pclmul_mod_fini);
+ MODULE_AUTHOR("Alexander Boyko <alexander_boyko at xyratex.com>");
+ MODULE_LICENSE("GPL");
+
+-MODULE_ALIAS("crc32");
+-MODULE_ALIAS("crc32-pclmul");
++MODULE_ALIAS_CRYPTO("crc32");
++MODULE_ALIAS_CRYPTO("crc32-pclmul");
+--- a/arch/x86/crypto/crc32c-intel_glue.c
++++ b/arch/x86/crypto/crc32c-intel_glue.c
+@@ -280,5 +280,5 @@ MODULE_AUTHOR("Austin Zhang <austin.zhan
+ MODULE_DESCRIPTION("CRC32c (Castagnoli) optimization using Intel Hardware.");
+ MODULE_LICENSE("GPL");
+
+-MODULE_ALIAS("crc32c");
+-MODULE_ALIAS("crc32c-intel");
++MODULE_ALIAS_CRYPTO("crc32c");
++MODULE_ALIAS_CRYPTO("crc32c-intel");
+--- a/arch/x86/crypto/crct10dif-pclmul_glue.c
++++ b/arch/x86/crypto/crct10dif-pclmul_glue.c
+@@ -147,5 +147,5 @@ MODULE_AUTHOR("Tim Chen <tim.c.chen at linu
+ MODULE_DESCRIPTION("T10 DIF CRC calculation accelerated with PCLMULQDQ.");
+ MODULE_LICENSE("GPL");
+
+-MODULE_ALIAS("crct10dif");
+-MODULE_ALIAS("crct10dif-pclmul");
++MODULE_ALIAS_CRYPTO("crct10dif");
++MODULE_ALIAS_CRYPTO("crct10dif-pclmul");
+--- a/arch/x86/crypto/ghash-clmulni-intel_glue.c
++++ b/arch/x86/crypto/ghash-clmulni-intel_glue.c
+@@ -341,4 +341,4 @@ module_exit(ghash_pclmulqdqni_mod_exit);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("GHASH Message Digest Algorithm, "
+ "acclerated by PCLMULQDQ-NI");
+-MODULE_ALIAS("ghash");
++MODULE_ALIAS_CRYPTO("ghash");
+--- a/arch/x86/crypto/salsa20_glue.c
++++ b/arch/x86/crypto/salsa20_glue.c
+@@ -119,5 +119,5 @@ module_exit(fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION ("Salsa20 stream cipher algorithm (optimized assembly version)");
+-MODULE_ALIAS("salsa20");
+-MODULE_ALIAS("salsa20-asm");
++MODULE_ALIAS_CRYPTO("salsa20");
++MODULE_ALIAS_CRYPTO("salsa20-asm");
+--- a/arch/x86/crypto/serpent_avx2_glue.c
++++ b/arch/x86/crypto/serpent_avx2_glue.c
+@@ -558,5 +558,5 @@ module_exit(fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Serpent Cipher Algorithm, AVX2 optimized");
+-MODULE_ALIAS("serpent");
+-MODULE_ALIAS("serpent-asm");
++MODULE_ALIAS_CRYPTO("serpent");
++MODULE_ALIAS_CRYPTO("serpent-asm");
+--- a/arch/x86/crypto/serpent_avx_glue.c
++++ b/arch/x86/crypto/serpent_avx_glue.c
+@@ -617,4 +617,4 @@ module_exit(serpent_exit);
+
+ MODULE_DESCRIPTION("Serpent Cipher Algorithm, AVX optimized");
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS("serpent");
++MODULE_ALIAS_CRYPTO("serpent");
+--- a/arch/x86/crypto/serpent_sse2_glue.c
++++ b/arch/x86/crypto/serpent_sse2_glue.c
+@@ -618,4 +618,4 @@ module_exit(serpent_sse2_exit);
+
+ MODULE_DESCRIPTION("Serpent Cipher Algorithm, SSE2 optimized");
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS("serpent");
++MODULE_ALIAS_CRYPTO("serpent");
+--- a/arch/x86/crypto/sha1_ssse3_glue.c
++++ b/arch/x86/crypto/sha1_ssse3_glue.c
+@@ -278,4 +278,4 @@ module_exit(sha1_ssse3_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm, Supplemental SSE3 accelerated");
+
+-MODULE_ALIAS("sha1");
++MODULE_ALIAS_CRYPTO("sha1");
+--- a/arch/x86/crypto/sha256_ssse3_glue.c
++++ b/arch/x86/crypto/sha256_ssse3_glue.c
+@@ -318,5 +318,5 @@ module_exit(sha256_ssse3_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("SHA256 Secure Hash Algorithm, Supplemental SSE3 accelerated");
+
+-MODULE_ALIAS("sha256");
+-MODULE_ALIAS("sha224");
++MODULE_ALIAS_CRYPTO("sha256");
++MODULE_ALIAS_CRYPTO("sha224");
+--- a/arch/x86/crypto/sha512_ssse3_glue.c
++++ b/arch/x86/crypto/sha512_ssse3_glue.c
+@@ -326,5 +326,5 @@ module_exit(sha512_ssse3_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("SHA512 Secure Hash Algorithm, Supplemental SSE3 accelerated");
+
+-MODULE_ALIAS("sha512");
+-MODULE_ALIAS("sha384");
++MODULE_ALIAS_CRYPTO("sha512");
++MODULE_ALIAS_CRYPTO("sha384");
+--- a/arch/x86/crypto/twofish_avx_glue.c
++++ b/arch/x86/crypto/twofish_avx_glue.c
+@@ -579,4 +579,4 @@ module_exit(twofish_exit);
+
+ MODULE_DESCRIPTION("Twofish Cipher Algorithm, AVX optimized");
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS("twofish");
++MODULE_ALIAS_CRYPTO("twofish");
+--- a/arch/x86/crypto/twofish_glue.c
++++ b/arch/x86/crypto/twofish_glue.c
+@@ -96,5 +96,5 @@ module_exit(fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION ("Twofish Cipher Algorithm, asm optimized");
+-MODULE_ALIAS("twofish");
+-MODULE_ALIAS("twofish-asm");
++MODULE_ALIAS_CRYPTO("twofish");
++MODULE_ALIAS_CRYPTO("twofish-asm");
+--- a/arch/x86/crypto/twofish_glue_3way.c
++++ b/arch/x86/crypto/twofish_glue_3way.c
+@@ -495,5 +495,5 @@ module_exit(fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Twofish Cipher Algorithm, 3-way parallel asm optimized");
+-MODULE_ALIAS("twofish");
+-MODULE_ALIAS("twofish-asm");
++MODULE_ALIAS_CRYPTO("twofish");
++MODULE_ALIAS_CRYPTO("twofish-asm");
+--- a/crypto/842.c
++++ b/crypto/842.c
+@@ -180,3 +180,4 @@ module_exit(nx842_mod_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("842 Compression Algorithm");
++MODULE_ALIAS_CRYPTO("842");
+--- a/crypto/aes_generic.c
++++ b/crypto/aes_generic.c
+@@ -1474,4 +1474,4 @@ module_exit(aes_fini);
+
+ MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm");
+ MODULE_LICENSE("Dual BSD/GPL");
+-MODULE_ALIAS("aes");
++MODULE_ALIAS_CRYPTO("aes");
+--- a/crypto/ansi_cprng.c
++++ b/crypto/ansi_cprng.c
+@@ -476,4 +476,4 @@ module_param(dbg, int, 0);
+ MODULE_PARM_DESC(dbg, "Boolean to enable debugging (0/1 == off/on)");
+ module_init(prng_mod_init);
+ module_exit(prng_mod_fini);
+-MODULE_ALIAS("stdrng");
++MODULE_ALIAS_CRYPTO("stdrng");
+--- a/crypto/anubis.c
++++ b/crypto/anubis.c
+@@ -704,3 +704,4 @@ module_exit(anubis_mod_fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Anubis Cryptographic Algorithm");
++MODULE_ALIAS_CRYPTO("anubis");
+--- a/crypto/api.c
++++ b/crypto/api.c
+@@ -216,11 +216,11 @@ struct crypto_alg *crypto_larval_lookup(
+
+ alg = crypto_alg_lookup(name, type, mask);
+ if (!alg) {
+- request_module("%s", name);
++ request_module("crypto-%s", name);
+
+ if (!((type ^ CRYPTO_ALG_NEED_FALLBACK) & mask &
+ CRYPTO_ALG_NEED_FALLBACK))
+- request_module("%s-all", name);
++ request_module("crypto-%s-all", name);
+
+ alg = crypto_alg_lookup(name, type, mask);
+ }
+--- a/crypto/arc4.c
++++ b/crypto/arc4.c
+@@ -166,3 +166,4 @@ module_exit(arc4_exit);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("ARC4 Cipher Algorithm");
+ MODULE_AUTHOR("Jon Oberheide <jon at oberheide.org>");
++MODULE_ALIAS_CRYPTO("arc4");
+--- a/crypto/blowfish_generic.c
++++ b/crypto/blowfish_generic.c
+@@ -138,4 +138,4 @@ module_exit(blowfish_mod_fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Blowfish Cipher Algorithm");
+-MODULE_ALIAS("blowfish");
++MODULE_ALIAS_CRYPTO("blowfish");
+--- a/crypto/camellia_generic.c
++++ b/crypto/camellia_generic.c
+@@ -1098,4 +1098,4 @@ module_exit(camellia_fini);
+
+ MODULE_DESCRIPTION("Camellia Cipher Algorithm");
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS("camellia");
++MODULE_ALIAS_CRYPTO("camellia");
+--- a/crypto/cast5_generic.c
++++ b/crypto/cast5_generic.c
+@@ -549,4 +549,4 @@ module_exit(cast5_mod_fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Cast5 Cipher Algorithm");
+-MODULE_ALIAS("cast5");
++MODULE_ALIAS_CRYPTO("cast5");
+--- a/crypto/cast6_generic.c
++++ b/crypto/cast6_generic.c
+@@ -291,4 +291,4 @@ module_exit(cast6_mod_fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Cast6 Cipher Algorithm");
+-MODULE_ALIAS("cast6");
++MODULE_ALIAS_CRYPTO("cast6");
+--- a/crypto/ccm.c
++++ b/crypto/ccm.c
+@@ -879,5 +879,5 @@ module_exit(crypto_ccm_module_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Counter with CBC MAC");
+-MODULE_ALIAS("ccm_base");
+-MODULE_ALIAS("rfc4309");
++MODULE_ALIAS_CRYPTO("ccm_base");
++MODULE_ALIAS_CRYPTO("rfc4309");
+--- a/crypto/crc32.c
++++ b/crypto/crc32.c
+@@ -156,3 +156,4 @@ module_exit(crc32_mod_fini);
+ MODULE_AUTHOR("Alexander Boyko <alexander_boyko at xyratex.com>");
+ MODULE_DESCRIPTION("CRC32 calculations wrapper for lib/crc32");
+ MODULE_LICENSE("GPL");
++MODULE_ALIAS_CRYPTO("crc32");
+--- a/crypto/crc32c_generic.c
++++ b/crypto/crc32c_generic.c
+@@ -170,5 +170,5 @@ module_exit(crc32c_mod_fini);
+ MODULE_AUTHOR("Clay Haapala <chaapala at cisco.com>");
+ MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations wrapper for lib/crc32c");
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS("crc32c");
++MODULE_ALIAS_CRYPTO("crc32c");
+ MODULE_SOFTDEP("pre: crc32c");
+--- a/crypto/crct10dif_generic.c
++++ b/crypto/crct10dif_generic.c
+@@ -124,4 +124,4 @@ module_exit(crct10dif_mod_fini);
+ MODULE_AUTHOR("Tim Chen <tim.c.chen at linux.intel.com>");
+ MODULE_DESCRIPTION("T10 DIF CRC calculation.");
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS("crct10dif");
++MODULE_ALIAS_CRYPTO("crct10dif");
+--- a/crypto/crypto_null.c
++++ b/crypto/crypto_null.c
+@@ -145,9 +145,9 @@ static struct crypto_alg null_algs[3] =
+ .coa_decompress = null_compress } }
+ } };
+
+-MODULE_ALIAS("compress_null");
+-MODULE_ALIAS("digest_null");
+-MODULE_ALIAS("cipher_null");
++MODULE_ALIAS_CRYPTO("compress_null");
++MODULE_ALIAS_CRYPTO("digest_null");
++MODULE_ALIAS_CRYPTO("cipher_null");
+
+ static int __init crypto_null_mod_init(void)
+ {
+--- a/crypto/ctr.c
++++ b/crypto/ctr.c
+@@ -466,4 +466,4 @@ module_exit(crypto_ctr_module_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("CTR Counter block mode");
+-MODULE_ALIAS("rfc3686");
++MODULE_ALIAS_CRYPTO("rfc3686");
+--- a/crypto/deflate.c
++++ b/crypto/deflate.c
+@@ -222,4 +222,4 @@ module_exit(deflate_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Deflate Compression Algorithm for IPCOMP");
+ MODULE_AUTHOR("James Morris <jmorris at intercode.com.au>");
+-
++MODULE_ALIAS_CRYPTO("deflate");
+--- a/crypto/des_generic.c
++++ b/crypto/des_generic.c
+@@ -971,7 +971,7 @@ static struct crypto_alg des_algs[2] = {
+ .cia_decrypt = des3_ede_decrypt } }
+ } };
+
+-MODULE_ALIAS("des3_ede");
++MODULE_ALIAS_CRYPTO("des3_ede");
+
+ static int __init des_generic_mod_init(void)
+ {
+--- a/crypto/fcrypt.c
++++ b/crypto/fcrypt.c
+@@ -420,3 +420,4 @@ module_exit(fcrypt_mod_fini);
+ MODULE_LICENSE("Dual BSD/GPL");
+ MODULE_DESCRIPTION("FCrypt Cipher Algorithm");
+ MODULE_AUTHOR("David Howells <dhowells at redhat.com>");
++MODULE_ALIAS_CRYPTO("fcrypt");
+--- a/crypto/gcm.c
++++ b/crypto/gcm.c
+@@ -1441,6 +1441,6 @@ module_exit(crypto_gcm_module_exit);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Galois/Counter Mode");
+ MODULE_AUTHOR("Mikko Herranen <mh1 at iki.fi>");
+-MODULE_ALIAS("gcm_base");
+-MODULE_ALIAS("rfc4106");
+-MODULE_ALIAS("rfc4543");
++MODULE_ALIAS_CRYPTO("gcm_base");
++MODULE_ALIAS_CRYPTO("rfc4106");
++MODULE_ALIAS_CRYPTO("rfc4543");
+--- a/crypto/ghash-generic.c
++++ b/crypto/ghash-generic.c
+@@ -172,4 +172,4 @@ module_exit(ghash_mod_exit);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("GHASH Message Digest Algorithm");
+-MODULE_ALIAS("ghash");
++MODULE_ALIAS_CRYPTO("ghash");
+--- a/crypto/khazad.c
++++ b/crypto/khazad.c
+@@ -880,3 +880,4 @@ module_exit(khazad_mod_fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Khazad Cryptographic Algorithm");
++MODULE_ALIAS_CRYPTO("khazad");
+--- a/crypto/krng.c
++++ b/crypto/krng.c
+@@ -62,4 +62,4 @@ module_exit(krng_mod_fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Kernel Random Number Generator");
+-MODULE_ALIAS("stdrng");
++MODULE_ALIAS_CRYPTO("stdrng");
+--- a/crypto/lz4.c
++++ b/crypto/lz4.c
+@@ -104,3 +104,4 @@ module_exit(lz4_mod_fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("LZ4 Compression Algorithm");
++MODULE_ALIAS_CRYPTO("lz4");
+--- a/crypto/lz4hc.c
++++ b/crypto/lz4hc.c
+@@ -104,3 +104,4 @@ module_exit(lz4hc_mod_fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("LZ4HC Compression Algorithm");
++MODULE_ALIAS_CRYPTO("lz4hc");
+--- a/crypto/lzo.c
++++ b/crypto/lzo.c
+@@ -103,3 +103,4 @@ module_exit(lzo_mod_fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("LZO Compression Algorithm");
++MODULE_ALIAS_CRYPTO("lzo");
+--- a/crypto/md4.c
++++ b/crypto/md4.c
+@@ -255,4 +255,4 @@ module_exit(md4_mod_fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("MD4 Message Digest Algorithm");
+-
++MODULE_ALIAS_CRYPTO("md4");
+--- a/crypto/md5.c
++++ b/crypto/md5.c
+@@ -168,3 +168,4 @@ module_exit(md5_mod_fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("MD5 Message Digest Algorithm");
++MODULE_ALIAS_CRYPTO("md5");
+--- a/crypto/michael_mic.c
++++ b/crypto/michael_mic.c
+@@ -184,3 +184,4 @@ module_exit(michael_mic_exit);
+ MODULE_LICENSE("GPL v2");
+ MODULE_DESCRIPTION("Michael MIC");
+ MODULE_AUTHOR("Jouni Malinen <j at w1.fi>");
++MODULE_ALIAS_CRYPTO("michael_mic");
+--- a/crypto/rmd128.c
++++ b/crypto/rmd128.c
+@@ -327,3 +327,4 @@ module_exit(rmd128_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_AUTHOR("Adrian-Ken Rueegsegger <ken at codelabs.ch>");
+ MODULE_DESCRIPTION("RIPEMD-128 Message Digest");
++MODULE_ALIAS_CRYPTO("rmd128");
+--- a/crypto/rmd160.c
++++ b/crypto/rmd160.c
+@@ -371,3 +371,4 @@ module_exit(rmd160_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_AUTHOR("Adrian-Ken Rueegsegger <ken at codelabs.ch>");
+ MODULE_DESCRIPTION("RIPEMD-160 Message Digest");
++MODULE_ALIAS_CRYPTO("rmd160");
+--- a/crypto/rmd256.c
++++ b/crypto/rmd256.c
+@@ -346,3 +346,4 @@ module_exit(rmd256_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_AUTHOR("Adrian-Ken Rueegsegger <ken at codelabs.ch>");
+ MODULE_DESCRIPTION("RIPEMD-256 Message Digest");
++MODULE_ALIAS_CRYPTO("rmd256");
+--- a/crypto/rmd320.c
++++ b/crypto/rmd320.c
+@@ -395,3 +395,4 @@ module_exit(rmd320_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_AUTHOR("Adrian-Ken Rueegsegger <ken at codelabs.ch>");
+ MODULE_DESCRIPTION("RIPEMD-320 Message Digest");
++MODULE_ALIAS_CRYPTO("rmd320");
+--- a/crypto/salsa20_generic.c
++++ b/crypto/salsa20_generic.c
+@@ -248,4 +248,4 @@ module_exit(salsa20_generic_mod_fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION ("Salsa20 stream cipher algorithm");
+-MODULE_ALIAS("salsa20");
++MODULE_ALIAS_CRYPTO("salsa20");
+--- a/crypto/seed.c
++++ b/crypto/seed.c
+@@ -476,3 +476,4 @@ module_exit(seed_fini);
+ MODULE_DESCRIPTION("SEED Cipher Algorithm");
+ MODULE_LICENSE("GPL");
+ MODULE_AUTHOR("Hye-Shik Chang <perky at FreeBSD.org>, Kim Hyun <hkim at kisa.or.kr>");
++MODULE_ALIAS_CRYPTO("seed");
+--- a/crypto/serpent_generic.c
++++ b/crypto/serpent_generic.c
+@@ -665,5 +665,5 @@ module_exit(serpent_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Serpent and tnepres (kerneli compatible serpent reversed) Cipher Algorithm");
+ MODULE_AUTHOR("Dag Arne Osvik <osvik at ii.uib.no>");
+-MODULE_ALIAS("tnepres");
+-MODULE_ALIAS("serpent");
++MODULE_ALIAS_CRYPTO("tnepres");
++MODULE_ALIAS_CRYPTO("serpent");
+--- a/crypto/sha1_generic.c
++++ b/crypto/sha1_generic.c
+@@ -153,4 +153,4 @@ module_exit(sha1_generic_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm");
+
+-MODULE_ALIAS("sha1");
++MODULE_ALIAS_CRYPTO("sha1");
+--- a/crypto/sha256_generic.c
++++ b/crypto/sha256_generic.c
+@@ -384,5 +384,5 @@ module_exit(sha256_generic_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("SHA-224 and SHA-256 Secure Hash Algorithm");
+
+-MODULE_ALIAS("sha224");
+-MODULE_ALIAS("sha256");
++MODULE_ALIAS_CRYPTO("sha224");
++MODULE_ALIAS_CRYPTO("sha256");
+--- a/crypto/sha512_generic.c
++++ b/crypto/sha512_generic.c
+@@ -287,5 +287,5 @@ module_exit(sha512_generic_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("SHA-512 and SHA-384 Secure Hash Algorithms");
+
+-MODULE_ALIAS("sha384");
+-MODULE_ALIAS("sha512");
++MODULE_ALIAS_CRYPTO("sha384");
++MODULE_ALIAS_CRYPTO("sha512");
+--- a/crypto/tea.c
++++ b/crypto/tea.c
+@@ -270,8 +270,8 @@ static void __exit tea_mod_fini(void)
+ crypto_unregister_algs(tea_algs, ARRAY_SIZE(tea_algs));
+ }
+
+-MODULE_ALIAS("xtea");
+-MODULE_ALIAS("xeta");
++MODULE_ALIAS_CRYPTO("xtea");
++MODULE_ALIAS_CRYPTO("xeta");
+
+ module_init(tea_mod_init);
+ module_exit(tea_mod_fini);
+--- a/crypto/tgr192.c
++++ b/crypto/tgr192.c
+@@ -676,8 +676,8 @@ static void __exit tgr192_mod_fini(void)
+ crypto_unregister_shashes(tgr_algs, ARRAY_SIZE(tgr_algs));
+ }
+
+-MODULE_ALIAS("tgr160");
+-MODULE_ALIAS("tgr128");
++MODULE_ALIAS_CRYPTO("tgr160");
++MODULE_ALIAS_CRYPTO("tgr128");
+
+ module_init(tgr192_mod_init);
+ module_exit(tgr192_mod_fini);
+--- a/crypto/twofish_generic.c
++++ b/crypto/twofish_generic.c
+@@ -211,4 +211,4 @@ module_exit(twofish_mod_fini);
+
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION ("Twofish Cipher Algorithm");
+-MODULE_ALIAS("twofish");
++MODULE_ALIAS_CRYPTO("twofish");
+--- a/crypto/wp512.c
++++ b/crypto/wp512.c
+@@ -1167,8 +1167,8 @@ static void __exit wp512_mod_fini(void)
+ crypto_unregister_shashes(wp_algs, ARRAY_SIZE(wp_algs));
+ }
+
+-MODULE_ALIAS("wp384");
+-MODULE_ALIAS("wp256");
++MODULE_ALIAS_CRYPTO("wp384");
++MODULE_ALIAS_CRYPTO("wp256");
+
+ module_init(wp512_mod_init);
+ module_exit(wp512_mod_fini);
+--- a/crypto/zlib.c
++++ b/crypto/zlib.c
+@@ -378,3 +378,4 @@ module_exit(zlib_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_DESCRIPTION("Zlib Compression Algorithm");
+ MODULE_AUTHOR("Sony Corporation");
++MODULE_ALIAS_CRYPTO("zlib");
+--- a/drivers/crypto/padlock-aes.c
++++ b/drivers/crypto/padlock-aes.c
+@@ -563,4 +563,4 @@ MODULE_DESCRIPTION("VIA PadLock AES algo
+ MODULE_LICENSE("GPL");
+ MODULE_AUTHOR("Michal Ludvig");
+
+-MODULE_ALIAS("aes");
++MODULE_ALIAS_CRYPTO("aes");
+--- a/drivers/crypto/padlock-sha.c
++++ b/drivers/crypto/padlock-sha.c
+@@ -593,7 +593,7 @@ MODULE_DESCRIPTION("VIA PadLock SHA1/SHA
+ MODULE_LICENSE("GPL");
+ MODULE_AUTHOR("Michal Ludvig");
+
+-MODULE_ALIAS("sha1-all");
+-MODULE_ALIAS("sha256-all");
+-MODULE_ALIAS("sha1-padlock");
+-MODULE_ALIAS("sha256-padlock");
++MODULE_ALIAS_CRYPTO("sha1-all");
++MODULE_ALIAS_CRYPTO("sha256-all");
++MODULE_ALIAS_CRYPTO("sha1-padlock");
++MODULE_ALIAS_CRYPTO("sha256-padlock");
+--- a/drivers/crypto/ux500/cryp/cryp_core.c
++++ b/drivers/crypto/ux500/cryp/cryp_core.c
+@@ -1810,7 +1810,7 @@ module_exit(ux500_cryp_mod_fini);
+ module_param(cryp_mode, int, 0);
+
+ MODULE_DESCRIPTION("Driver for ST-Ericsson UX500 CRYP crypto engine.");
+-MODULE_ALIAS("aes-all");
+-MODULE_ALIAS("des-all");
++MODULE_ALIAS_CRYPTO("aes-all");
++MODULE_ALIAS_CRYPTO("des-all");
+
+ MODULE_LICENSE("GPL");
+--- a/drivers/crypto/ux500/hash/hash_core.c
++++ b/drivers/crypto/ux500/hash/hash_core.c
+@@ -1995,7 +1995,7 @@ module_exit(ux500_hash_mod_fini);
+ MODULE_DESCRIPTION("Driver for ST-Ericsson UX500 HASH engine.");
+ MODULE_LICENSE("GPL");
+
+-MODULE_ALIAS("sha1-all");
+-MODULE_ALIAS("sha256-all");
+-MODULE_ALIAS("hmac-sha1-all");
+-MODULE_ALIAS("hmac-sha256-all");
++MODULE_ALIAS_CRYPTO("sha1-all");
++MODULE_ALIAS_CRYPTO("sha256-all");
++MODULE_ALIAS_CRYPTO("hmac-sha1-all");
++MODULE_ALIAS_CRYPTO("hmac-sha256-all");
+--- a/drivers/s390/crypto/ap_bus.c
++++ b/drivers/s390/crypto/ap_bus.c
+@@ -44,6 +44,7 @@
+ #include <linux/hrtimer.h>
+ #include <linux/ktime.h>
+ #include <asm/facility.h>
++#include <linux/crypto.h>
+
+ #include "ap_bus.h"
+
+@@ -71,7 +72,7 @@ MODULE_AUTHOR("IBM Corporation");
+ MODULE_DESCRIPTION("Adjunct Processor Bus driver, " \
+ "Copyright IBM Corp. 2006, 2012");
+ MODULE_LICENSE("GPL");
+-MODULE_ALIAS("z90crypt");
++MODULE_ALIAS_CRYPTO("z90crypt");
+
+ /*
+ * Module parameter
+--- a/include/linux/crypto.h
++++ b/include/linux/crypto.h
+@@ -26,6 +26,19 @@
+ #include <linux/uaccess.h>
+
+ /*
++ * Autoloaded crypto modules should only use a prefixed name to avoid allowing
++ * arbitrary modules to be loaded. Loading from userspace may still need the
++ * unprefixed names, so retains those aliases as well.
++ * This uses __MODULE_INFO directly instead of MODULE_ALIAS because pre-4.3
++ * gcc (e.g. avr32 toolchain) uses __LINE__ for uniqueness, and this macro
++ * expands twice on the same line. Instead, use a separate base name for the
++ * alias.
++ */
++#define MODULE_ALIAS_CRYPTO(name) \
++ __MODULE_INFO(alias, alias_userspace, name); \
++ __MODULE_INFO(alias, alias_crypto, "crypto-" name)
++
++/*
+ * Algorithm masks and types.
+ */
+ #define CRYPTO_ALG_TYPE_MASK 0x0000000f
Copied: dists/wheezy-backports/linux/debian/patches/bugfix/all/net-sctp-fix-slab-corruption-from-use-after-free-on-.patch (from r22341, dists/sid/linux/debian/patches/bugfix/all/net-sctp-fix-slab-corruption-from-use-after-free-on-.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy-backports/linux/debian/patches/bugfix/all/net-sctp-fix-slab-corruption-from-use-after-free-on-.patch Thu Feb 12 04:00:26 2015 (r22370, copy of r22341, dists/sid/linux/debian/patches/bugfix/all/net-sctp-fix-slab-corruption-from-use-after-free-on-.patch)
@@ -0,0 +1,126 @@
+From: Daniel Borkmann <dborkman at redhat.com>
+Date: Thu, 22 Jan 2015 18:26:54 +0100
+Subject: net: sctp: fix slab corruption from use after free on INIT collisions
+Origin: https://git.kernel.org/linus/600ddd6825543962fb807884169e57b580dba208
+
+When hitting an INIT collision case during the 4WHS with AUTH enabled, as
+already described in detail in commit 1be9a950c646 ("net: sctp: inherit
+auth_capable on INIT collisions"), it can happen that we occasionally
+still remotely trigger the following panic on server side which seems to
+have been uncovered after the fix from commit 1be9a950c646 ...
+
+[ 533.876389] BUG: unable to handle kernel paging request at 00000000ffffffff
+[ 533.913657] IP: [<ffffffff811ac385>] __kmalloc+0x95/0x230
+[ 533.940559] PGD 5030f2067 PUD 0
+[ 533.957104] Oops: 0000 [#1] SMP
+[ 533.974283] Modules linked in: sctp mlx4_en [...]
+[ 534.939704] Call Trace:
+[ 534.951833] [<ffffffff81294e30>] ? crypto_init_shash_ops+0x60/0xf0
+[ 534.984213] [<ffffffff81294e30>] crypto_init_shash_ops+0x60/0xf0
+[ 535.015025] [<ffffffff8128c8ed>] __crypto_alloc_tfm+0x6d/0x170
+[ 535.045661] [<ffffffff8128d12c>] crypto_alloc_base+0x4c/0xb0
+[ 535.074593] [<ffffffff8160bd42>] ? _raw_spin_lock_bh+0x12/0x50
+[ 535.105239] [<ffffffffa0418c11>] sctp_inet_listen+0x161/0x1e0 [sctp]
+[ 535.138606] [<ffffffff814e43bd>] SyS_listen+0x9d/0xb0
+[ 535.166848] [<ffffffff816149a9>] system_call_fastpath+0x16/0x1b
+
+... or depending on the the application, for example this one:
+
+[ 1370.026490] BUG: unable to handle kernel paging request at 00000000ffffffff
+[ 1370.026506] IP: [<ffffffff811ab455>] kmem_cache_alloc+0x75/0x1d0
+[ 1370.054568] PGD 633c94067 PUD 0
+[ 1370.070446] Oops: 0000 [#1] SMP
+[ 1370.085010] Modules linked in: sctp kvm_amd kvm [...]
+[ 1370.963431] Call Trace:
+[ 1370.974632] [<ffffffff8120f7cf>] ? SyS_epoll_ctl+0x53f/0x960
+[ 1371.000863] [<ffffffff8120f7cf>] SyS_epoll_ctl+0x53f/0x960
+[ 1371.027154] [<ffffffff812100d3>] ? anon_inode_getfile+0xd3/0x170
+[ 1371.054679] [<ffffffff811e3d67>] ? __alloc_fd+0xa7/0x130
+[ 1371.080183] [<ffffffff816149a9>] system_call_fastpath+0x16/0x1b
+
+With slab debugging enabled, we can see that the poison has been overwritten:
+
+[ 669.826368] BUG kmalloc-128 (Tainted: G W ): Poison overwritten
+[ 669.826385] INFO: 0xffff880228b32e50-0xffff880228b32e50. First byte 0x6a instead of 0x6b
+[ 669.826414] INFO: Allocated in sctp_auth_create_key+0x23/0x50 [sctp] age=3 cpu=0 pid=18494
+[ 669.826424] __slab_alloc+0x4bf/0x566
+[ 669.826433] __kmalloc+0x280/0x310
+[ 669.826453] sctp_auth_create_key+0x23/0x50 [sctp]
+[ 669.826471] sctp_auth_asoc_create_secret+0xcb/0x1e0 [sctp]
+[ 669.826488] sctp_auth_asoc_init_active_key+0x68/0xa0 [sctp]
+[ 669.826505] sctp_do_sm+0x29d/0x17c0 [sctp] [...]
+[ 669.826629] INFO: Freed in kzfree+0x31/0x40 age=1 cpu=0 pid=18494
+[ 669.826635] __slab_free+0x39/0x2a8
+[ 669.826643] kfree+0x1d6/0x230
+[ 669.826650] kzfree+0x31/0x40
+[ 669.826666] sctp_auth_key_put+0x19/0x20 [sctp]
+[ 669.826681] sctp_assoc_update+0x1ee/0x2d0 [sctp]
+[ 669.826695] sctp_do_sm+0x674/0x17c0 [sctp]
+
+Since this only triggers in some collision-cases with AUTH, the problem at
+heart is that sctp_auth_key_put() on asoc->asoc_shared_key is called twice
+when having refcnt 1, once directly in sctp_assoc_update() and yet again
+from within sctp_auth_asoc_init_active_key() via sctp_assoc_update() on
+the already kzfree'd memory, which is also consistent with the observation
+of the poison decrease from 0x6b to 0x6a (note: the overwrite is detected
+at a later point in time when poison is checked on new allocation).
+
+Reference counting of auth keys revisited:
+
+Shared keys for AUTH chunks are being stored in endpoints and associations
+in endpoint_shared_keys list. On endpoint creation, a null key is being
+added; on association creation, all endpoint shared keys are being cached
+and thus cloned over to the association. struct sctp_shared_key only holds
+a pointer to the actual key bytes, that is, struct sctp_auth_bytes which
+keeps track of users internally through refcounting. Naturally, on assoc
+or enpoint destruction, sctp_shared_key are being destroyed directly and
+the reference on sctp_auth_bytes dropped.
+
+User space can add keys to either list via setsockopt(2) through struct
+sctp_authkey and by passing that to sctp_auth_set_key() which replaces or
+adds a new auth key. There, sctp_auth_create_key() creates a new sctp_auth_bytes
+with refcount 1 and in case of replacement drops the reference on the old
+sctp_auth_bytes. A key can be set active from user space through setsockopt()
+on the id via sctp_auth_set_active_key(), which iterates through either
+endpoint_shared_keys and in case of an assoc, invokes (one of various places)
+sctp_auth_asoc_init_active_key().
+
+sctp_auth_asoc_init_active_key() computes the actual secret from local's
+and peer's random, hmac and shared key parameters and returns a new key
+directly as sctp_auth_bytes, that is asoc->asoc_shared_key, plus drops
+the reference if there was a previous one. The secret, which where we
+eventually double drop the ref comes from sctp_auth_asoc_set_secret() with
+intitial refcount of 1, which also stays unchanged eventually in
+sctp_assoc_update(). This key is later being used for crypto layer to
+set the key for the hash in crypto_hash_setkey() from sctp_auth_calculate_hmac().
+
+To close the loop: asoc->asoc_shared_key is freshly allocated secret
+material and independant of the sctp_shared_key management keeping track
+of only shared keys in endpoints and assocs. Hence, also commit 4184b2a79a76
+("net: sctp: fix memory leak in auth key management") is independant of
+this bug here since it concerns a different layer (though same structures
+being used eventually). asoc->asoc_shared_key is reference dropped correctly
+on assoc destruction in sctp_association_free() and when active keys are
+being replaced in sctp_auth_asoc_init_active_key(), it always has a refcount
+of 1. Hence, it's freed prematurely in sctp_assoc_update(). Simple fix is
+to remove that sctp_auth_key_put() from there which fixes these panics.
+
+Fixes: 730fc3d05cd4 ("[SCTP]: Implete SCTP-AUTH parameter processing")
+Signed-off-by: Daniel Borkmann <dborkman at redhat.com>
+Acked-by: Vlad Yasevich <vyasevich at gmail.com>
+Acked-by: Neil Horman <nhorman at tuxdriver.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ net/sctp/associola.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/net/sctp/associola.c
++++ b/net/sctp/associola.c
+@@ -1181,7 +1181,6 @@ void sctp_assoc_update(struct sctp_assoc
+ asoc->peer.peer_hmacs = new->peer.peer_hmacs;
+ new->peer.peer_hmacs = NULL;
+
+- sctp_auth_key_put(asoc->asoc_shared_key);
+ sctp_auth_asoc_init_active_key(asoc, GFP_ATOMIC);
+ }
+
Copied: dists/wheezy-backports/linux/debian/patches/bugfix/all/xen-balloon-Don-t-continue-ballooning-when-BP_ECANCE.patch (from r22341, dists/sid/linux/debian/patches/bugfix/all/xen-balloon-Don-t-continue-ballooning-when-BP_ECANCE.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy-backports/linux/debian/patches/bugfix/all/xen-balloon-Don-t-continue-ballooning-when-BP_ECANCE.patch Thu Feb 12 04:00:26 2015 (r22370, copy of r22341, dists/sid/linux/debian/patches/bugfix/all/xen-balloon-Don-t-continue-ballooning-when-BP_ECANCE.patch)
@@ -0,0 +1,41 @@
+From 92f3dc7d1a7837d01d1e2684cc81c2911873190c Mon Sep 17 00:00:00 2001
+From: Boris Ostrovsky <boris.ostrovsky at oracle.com>
+Date: Tue, 7 Oct 2014 17:00:07 -0400
+Subject: [PATCH] xen/balloon: Don't continue ballooning when BP_ECANCELED is
+ encountered
+Origin: https://git.kernel.org/linus/fd8b79511349efd1f0decea920f61b93acb34a75
+
+Commit 3dcf63677d4e ("xen/balloon: cancel ballooning if adding new
+memory failed") makes reserve_additional_memory() return BP_ECANCELED
+when an error is encountered. This error, however, is ignored by the
+caller (balloon_process()) since it is overwritten by subsequent call
+to update_schedule(). This results in continuous attempts to add more
+memory, all of which are likely to fail again.
+
+We should stop trying to schedule next iteration of ballooning when
+the current one has failed.
+
+Signed-off-by: Boris Ostrovsky <boris.ostrovsky at oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper at oracle.com>
+Signed-off-by: David Vrabel <david.vrabel at citrix.com>
+---
+ drivers/xen/balloon.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c
+index 1e0a317..3860d02 100644
+--- a/drivers/xen/balloon.c
++++ b/drivers/xen/balloon.c
+@@ -167,6 +167,9 @@ static struct page *balloon_next_page(struct page *page)
+
+ static enum bp_state update_schedule(enum bp_state state)
+ {
++ if (state == BP_ECANCELED)
++ return BP_ECANCELED;
++
+ if (state == BP_DONE) {
+ balloon_stats.schedule_delay = 1;
+ balloon_stats.retry_count = 1;
+--
+1.7.10.4
+
Copied: dists/wheezy-backports/linux/debian/patches/bugfix/all/xen-balloon-cancel-ballooning-if-adding-new-memory-f.patch (from r22341, dists/sid/linux/debian/patches/bugfix/all/xen-balloon-cancel-ballooning-if-adding-new-memory-f.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy-backports/linux/debian/patches/bugfix/all/xen-balloon-cancel-ballooning-if-adding-new-memory-f.patch Thu Feb 12 04:00:26 2015 (r22370, copy of r22341, dists/sid/linux/debian/patches/bugfix/all/xen-balloon-cancel-ballooning-if-adding-new-memory-f.patch)
@@ -0,0 +1,34 @@
+From 8e9355d5afb3055cd77fae7015d3aa1fc6cecc10 Mon Sep 17 00:00:00 2001
+From: David Vrabel <david.vrabel at citrix.com>
+Date: Mon, 1 Sep 2014 18:52:44 +0100
+Subject: [PATCH] xen/balloon: cancel ballooning if adding new memory failed
+Origin: https://git.kernel.org/linus/3dcf63677d4eb7fdfc13290c8558c301d2588fe8
+
+If the balloon driver is adding additional memory regions to the
+balloon and add_memory() fails it will likely continuously fail so
+cancel the balloon operation.
+
+Signed-off-by: David Vrabel <david.vrabel at citrix.com>
+Reviewed-by: Daniel Kiper <daniel.kiper at oracle.com>
+---
+ drivers/xen/balloon.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c
+index 5c660c7..1e0a317 100644
+--- a/drivers/xen/balloon.c
++++ b/drivers/xen/balloon.c
+@@ -230,8 +230,8 @@ static enum bp_state reserve_additional_memory(long credit)
+ rc = add_memory(nid, hotplug_start_paddr, balloon_hotplug << PAGE_SHIFT);
+
+ if (rc) {
+- pr_info("%s: add_memory() failed: %i\n", __func__, rc);
+- return BP_EAGAIN;
++ pr_warn("Cannot add additional memory (%i)\n", rc);
++ return BP_ECANCELED;
+ }
+
+ balloon_hotplug -= credit;
+--
+1.7.10.4
+
Copied: dists/wheezy-backports/linux/debian/patches/bugfix/arm64/clocksource-arch_timer-Only-use-the-virtual-counter-.patch (from r22341, dists/sid/linux/debian/patches/bugfix/arm64/clocksource-arch_timer-Only-use-the-virtual-counter-.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy-backports/linux/debian/patches/bugfix/arm64/clocksource-arch_timer-Only-use-the-virtual-counter-.patch Thu Feb 12 04:00:26 2015 (r22370, copy of r22341, dists/sid/linux/debian/patches/bugfix/arm64/clocksource-arch_timer-Only-use-the-virtual-counter-.patch)
@@ -0,0 +1,40 @@
+From 53a2dd7f567cebda868b0765e2659f7930ba958f Mon Sep 17 00:00:00 2001
+From: Catalin Marinas <catalin.marinas at arm.com>
+Date: Wed, 10 Dec 2014 11:02:09 +0000
+Subject: [PATCH] clocksource: arch_timer: Only use the virtual counter
+ (CNTVCT) on arm64
+Origin: https://git.kernel.org/linus/d6ad36913083d683aad4e02e53580c995f1a6ede
+
+Commit 0b46b8a718c6 (clocksource: arch_timer: Fix code to use physical
+timers when requested) introduces the use of physical counters in the
+ARM architected timer driver. However, he arm64 kernel uses CNTVCT in
+VDSO. When booting in EL2, the kernel switches to the physical timers to
+make things easier for KVM but it continues to use the virtual counter
+both in user and kernel. While in such scenario CNTVCT == CNTPCT (since
+CNTVOFF is initialised by the kernel to 0), we want to spot firmware
+bugs corrupting CNTVOFF early (which would affect CNTVCT).
+
+Signed-off-by: Catalin Marinas <catalin.marinas at arm.com>
+Tested-by: Yingjoe Chen <yingjoe.chen at mediatek.com>
+Cc: Daniel Lezcano <daniel.lezcano at linaro.org>
+Signed-off-by: Arnd Bergmann <arnd at arndb.de>
+---
+ drivers/clocksource/arm_arch_timer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/clocksource/arm_arch_timer.c b/drivers/clocksource/arm_arch_timer.c
+index 506949d..499cb1d 100644
+--- a/drivers/clocksource/arm_arch_timer.c
++++ b/drivers/clocksource/arm_arch_timer.c
+@@ -430,7 +430,7 @@ static void __init arch_counter_register(unsigned type)
+
+ /* Register the CP15 based counter if we have one */
+ if (type & ARCH_CP15_TIMER) {
+- if (arch_timer_use_virtual)
++ if (IS_ENABLED(CONFIG_ARM64) || arch_timer_use_virtual)
+ arch_timer_read_counter = arch_counter_get_cntvct;
+ else
+ arch_timer_read_counter = arch_counter_get_cntpct;
+--
+1.7.10.4
+
Copied: dists/wheezy-backports/linux/debian/patches/bugfix/sh4/scripts-recordmcount.pl-there-is-no-m32-option-on-super-h.patch (from r22341, dists/sid/linux/debian/patches/bugfix/sh4/scripts-recordmcount.pl-there-is-no-m32-option-on-super-h.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy-backports/linux/debian/patches/bugfix/sh4/scripts-recordmcount.pl-there-is-no-m32-option-on-super-h.patch Thu Feb 12 04:00:26 2015 (r22370, copy of r22341, dists/sid/linux/debian/patches/bugfix/sh4/scripts-recordmcount.pl-there-is-no-m32-option-on-super-h.patch)
@@ -0,0 +1,40 @@
+From: Michael Karcher <kernel at mkarcher.dialup.fu-berlin.de>
+Date: Sun, 18 Jan 2015 00:36:15 +0100
+Subject: scripts/recordmcount.pl: There is no -m32 gcc option on Super-H
+ anymore
+Origin: https://git.kernel.org/linus/1caf6aaaa47471831d77c75f094d4e00ad1ec808
+
+Compiling SH with gcc-4.8 fails due to the -m32 option not being
+supported.
+
+From http://buildd.debian-ports.org/status/fetch.php?pkg=linux&arch=sh4&ver=3.16.7-ckt4-1&stamp=1421425783
+
+ CC init/main.o
+ gcc-4.8: error: unrecognized command line option '-m32'
+ ld: cannot find init/.tmp_mc_main.o: No such file or directory
+ objcopy: 'init/.tmp_mx_main.o': No such file
+ rm: cannot remove 'init/.tmp_mx_main.o': No such file or directory
+ rm: cannot remove 'init/.tmp_mc_main.o': No such file or directory
+
+Link: http://lkml.kernel.org/r/1421537778-29001-1-git-send-email-kernel@mkarcher.dialup.fu-berlin.de
+Link: http://lkml.kernel.org/r/54BCBDD4.10102@physik.fu-berlin.de
+
+Cc: stable at vger.kernel.org
+Cc: Matt Fleming <matt at console-pimps.org>
+Reported-by: John Paul Adrian Glaubitz <glaubitz at physik.fu-berlin.de>
+Signed-off-by: Michael Karcher <kernel at mkarcher.dialup.fu-berlin.de>
+Signed-off-by: Steven Rostedt <rostedt at goodmis.org>
+---
+ scripts/recordmcount.pl | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/scripts/recordmcount.pl
++++ b/scripts/recordmcount.pl
+@@ -262,7 +262,6 @@ if ($arch eq "x86_64") {
+ # force flags for this arch
+ $ld .= " -m shlelf_linux";
+ $objcopy .= " -O elf32-sh-linux";
+- $cc .= " -m32";
+
+ } elsif ($arch eq "powerpc") {
+ $local_regex = "^[0-9a-fA-F]+\\s+t\\s+(\\.?\\S+)";
Copied: dists/wheezy-backports/linux/debian/patches/bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch (from r22341, dists/sid/linux/debian/patches/bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy-backports/linux/debian/patches/bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch Thu Feb 12 04:00:26 2015 (r22370, copy of r22341, dists/sid/linux/debian/patches/bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch)
@@ -0,0 +1,78 @@
+From: Nadav Amit <namit at cs.technion.ac.il>
+Date: Thu, 1 Jan 2015 23:11:11 +0200
+Subject: KVM: x86: SYSENTER emulation is broken
+Origin: https://git.kernel.org/linus/f3747379accba8e95d70cec0eae0582c8c182050
+
+SYSENTER emulation is broken in several ways:
+1. It misses the case of 16-bit code segments completely (CVE-2015-0239).
+2. MSR_IA32_SYSENTER_CS is checked in 64-bit mode incorrectly (bits 0 and 1 can
+ still be set without causing #GP).
+3. MSR_IA32_SYSENTER_EIP and MSR_IA32_SYSENTER_ESP are not masked in
+ legacy-mode.
+4. There is some unneeded code.
+
+Fix it.
+
+Cc: stable at vger.linux.org
+Signed-off-by: Nadav Amit <namit at cs.technion.ac.il>
+Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
+[bwh: Backported to 3.16: adjust context]
+---
+ arch/x86/kvm/emulate.c | 27 ++++++++-------------------
+ 1 file changed, 8 insertions(+), 19 deletions(-)
+
+--- a/arch/x86/kvm/emulate.c
++++ b/arch/x86/kvm/emulate.c
+@@ -2302,7 +2302,7 @@ static int em_sysenter(struct x86_emulat
+ * Not recognized on AMD in compat mode (but is recognized in legacy
+ * mode).
+ */
+- if ((ctxt->mode == X86EMUL_MODE_PROT32) && (efer & EFER_LMA)
++ if ((ctxt->mode != X86EMUL_MODE_PROT64) && (efer & EFER_LMA)
+ && !vendor_intel(ctxt))
+ return emulate_ud(ctxt);
+
+@@ -2315,25 +2315,13 @@ static int em_sysenter(struct x86_emulat
+ setup_syscalls_segments(ctxt, &cs, &ss);
+
+ ops->get_msr(ctxt, MSR_IA32_SYSENTER_CS, &msr_data);
+- switch (ctxt->mode) {
+- case X86EMUL_MODE_PROT32:
+- if ((msr_data & 0xfffc) == 0x0)
+- return emulate_gp(ctxt, 0);
+- break;
+- case X86EMUL_MODE_PROT64:
+- if (msr_data == 0x0)
+- return emulate_gp(ctxt, 0);
+- break;
+- default:
+- break;
+- }
++ if ((msr_data & 0xfffc) == 0x0)
++ return emulate_gp(ctxt, 0);
+
+ ctxt->eflags &= ~(EFLG_VM | EFLG_IF | EFLG_RF);
+- cs_sel = (u16)msr_data;
+- cs_sel &= ~SELECTOR_RPL_MASK;
++ cs_sel = (u16)msr_data & ~SELECTOR_RPL_MASK;
+ ss_sel = cs_sel + 8;
+- ss_sel &= ~SELECTOR_RPL_MASK;
+- if (ctxt->mode == X86EMUL_MODE_PROT64 || (efer & EFER_LMA)) {
++ if (efer & EFER_LMA) {
+ cs.d = 0;
+ cs.l = 1;
+ }
+@@ -2342,10 +2330,11 @@ static int em_sysenter(struct x86_emulat
+ ops->set_segment(ctxt, ss_sel, &ss, 0, VCPU_SREG_SS);
+
+ ops->get_msr(ctxt, MSR_IA32_SYSENTER_EIP, &msr_data);
+- ctxt->_eip = msr_data;
++ ctxt->_eip = (efer & EFER_LMA) ? msr_data : (u32)msr_data;
+
+ ops->get_msr(ctxt, MSR_IA32_SYSENTER_ESP, &msr_data);
+- *reg_write(ctxt, VCPU_REGS_RSP) = msr_data;
++ *reg_write(ctxt, VCPU_REGS_RSP) = (efer & EFER_LMA) ? msr_data :
++ (u32)msr_data;
+
+ return X86EMUL_CONTINUE;
+ }
Copied: dists/wheezy-backports/linux/debian/patches/bugfix/x86/x86-tls-interpret-an-all-zero-struct-user_desc-as-no.patch (from r22341, dists/sid/linux/debian/patches/bugfix/x86/x86-tls-interpret-an-all-zero-struct-user_desc-as-no.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy-backports/linux/debian/patches/bugfix/x86/x86-tls-interpret-an-all-zero-struct-user_desc-as-no.patch Thu Feb 12 04:00:26 2015 (r22370, copy of r22341, dists/sid/linux/debian/patches/bugfix/x86/x86-tls-interpret-an-all-zero-struct-user_desc-as-no.patch)
@@ -0,0 +1,112 @@
+From: Andy Lutomirski <luto at amacapital.net>
+Date: Thu, 22 Jan 2015 11:27:59 -0800
+Subject: x86, tls: Interpret an all-zero struct user_desc as "no segment"
+Origin: https://git.kernel.org/linus/3669ef9fa7d35f573ec9c0e0341b29251c2734a7
+
+The Witcher 2 did something like this to allocate a TLS segment index:
+
+ struct user_desc u_info;
+ bzero(&u_info, sizeof(u_info));
+ u_info.entry_number = (uint32_t)-1;
+
+ syscall(SYS_set_thread_area, &u_info);
+
+Strictly speaking, this code was never correct. It should have set
+read_exec_only and seg_not_present to 1 to indicate that it wanted
+to find a free slot without putting anything there, or it should
+have put something sensible in the TLS slot if it wanted to allocate
+a TLS entry for real. The actual effect of this code was to
+allocate a bogus segment that could be used to exploit espfix.
+
+The set_thread_area hardening patches changed the behavior, causing
+set_thread_area to return -EINVAL and crashing the game.
+
+This changes set_thread_area to interpret this as a request to find
+a free slot and to leave it empty, which isn't *quite* what the game
+expects but should be close enough to keep it working. In
+particular, using the code above to allocate two segments will
+allocate the same segment both times.
+
+According to FrostbittenKing on Github, this fixes The Witcher 2.
+
+If this somehow still causes problems, we could instead allocate
+a limit==0 32-bit data segment, but that seems rather ugly to me.
+
+Fixes: 41bdc78544b8 x86/tls: Validate TLS entries to protect espfix
+Signed-off-by: Andy Lutomirski <luto at amacapital.net>
+Cc: stable at vger.kernel.org
+Cc: torvalds at linux-foundation.org
+Link: http://lkml.kernel.org/r/0cb251abe1ff0958b8e468a9a9a905b80ae3a746.1421954363.git.luto@amacapital.net
+Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
+---
+ arch/x86/include/asm/desc.h | 13 +++++++++++++
+ arch/x86/kernel/tls.c | 25 +++++++++++++++++++++++--
+ 2 files changed, 36 insertions(+), 2 deletions(-)
+
+diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
+index fc237fd..a94b82e 100644
+--- a/arch/x86/include/asm/desc.h
++++ b/arch/x86/include/asm/desc.h
+@@ -262,6 +262,19 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu)
+ (info)->seg_not_present == 1 && \
+ (info)->useable == 0)
+
++/* Lots of programs expect an all-zero user_desc to mean "no segment at all". */
++static inline bool LDT_zero(const struct user_desc *info)
++{
++ return (info->base_addr == 0 &&
++ info->limit == 0 &&
++ info->contents == 0 &&
++ info->read_exec_only == 0 &&
++ info->seg_32bit == 0 &&
++ info->limit_in_pages == 0 &&
++ info->seg_not_present == 0 &&
++ info->useable == 0);
++}
++
+ static inline void clear_LDT(void)
+ {
+ set_ldt(NULL, 0);
+diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c
+index 4e942f3..7fc5e84 100644
+--- a/arch/x86/kernel/tls.c
++++ b/arch/x86/kernel/tls.c
+@@ -29,7 +29,28 @@ static int get_free_idx(void)
+
+ static bool tls_desc_okay(const struct user_desc *info)
+ {
+- if (LDT_empty(info))
++ /*
++ * For historical reasons (i.e. no one ever documented how any
++ * of the segmentation APIs work), user programs can and do
++ * assume that a struct user_desc that's all zeros except for
++ * entry_number means "no segment at all". This never actually
++ * worked. In fact, up to Linux 3.19, a struct user_desc like
++ * this would create a 16-bit read-write segment with base and
++ * limit both equal to zero.
++ *
++ * That was close enough to "no segment at all" until we
++ * hardened this function to disallow 16-bit TLS segments. Fix
++ * it up by interpreting these zeroed segments the way that they
++ * were almost certainly intended to be interpreted.
++ *
++ * The correct way to ask for "no segment at all" is to specify
++ * a user_desc that satisfies LDT_empty. To keep everything
++ * working, we accept both.
++ *
++ * Note that there's a similar kludge in modify_ldt -- look at
++ * the distinction between modes 1 and 0x11.
++ */
++ if (LDT_empty(info) || LDT_zero(info))
+ return true;
+
+ /*
+@@ -71,7 +92,7 @@ static void set_tls_desc(struct task_struct *p, int idx,
+ cpu = get_cpu();
+
+ while (n-- > 0) {
+- if (LDT_empty(info))
++ if (LDT_empty(info) || LDT_zero(info))
+ desc->a = desc->b = 0;
+ else
+ fill_ldt(desc, info);
Copied: dists/wheezy-backports/linux/debian/patches/bugfix/x86/x86-tls-ldt-stop-checking-lm-in-ldt_empty.patch (from r22341, dists/sid/linux/debian/patches/bugfix/x86/x86-tls-ldt-stop-checking-lm-in-ldt_empty.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy-backports/linux/debian/patches/bugfix/x86/x86-tls-ldt-stop-checking-lm-in-ldt_empty.patch Thu Feb 12 04:00:26 2015 (r22370, copy of r22341, dists/sid/linux/debian/patches/bugfix/x86/x86-tls-ldt-stop-checking-lm-in-ldt_empty.patch)
@@ -0,0 +1,49 @@
+From: Andy Lutomirski <luto at amacapital.net>
+Date: Thu, 22 Jan 2015 11:27:58 -0800
+Subject: x86, tls, ldt: Stop checking lm in LDT_empty
+Origin: https://git.kernel.org/linus/e30ab185c490e9a9381385529e0fd32f0a399495
+
+32-bit programs don't have an lm bit in their ABI, so they can't
+reliably cause LDT_empty to return true without resorting to memset.
+They shouldn't need to do this.
+
+This should fix a longstanding, if minor, issue in all 64-bit kernels
+as well as a potential regression in the TLS hardening code.
+
+Fixes: 41bdc78544b8 x86/tls: Validate TLS entries to protect espfix
+Cc: stable at vger.kernel.org
+Signed-off-by: Andy Lutomirski <luto at amacapital.net>
+Cc: torvalds at linux-foundation.org
+Link: http://lkml.kernel.org/r/72a059de55e86ad5e2935c80aa91880ddf19d07c.1421954363.git.luto@amacapital.net
+Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
+---
+ arch/x86/include/asm/desc.h | 9 ++-------
+ 1 file changed, 2 insertions(+), 7 deletions(-)
+
+diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
+index 50d033a..fc237fd 100644
+--- a/arch/x86/include/asm/desc.h
++++ b/arch/x86/include/asm/desc.h
+@@ -251,7 +251,8 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu)
+ gdt[GDT_ENTRY_TLS_MIN + i] = t->tls_array[i];
+ }
+
+-#define _LDT_empty(info) \
++/* This intentionally ignores lm, since 32-bit apps don't have that field. */
++#define LDT_empty(info) \
+ ((info)->base_addr == 0 && \
+ (info)->limit == 0 && \
+ (info)->contents == 0 && \
+@@ -261,12 +262,6 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu)
+ (info)->seg_not_present == 1 && \
+ (info)->useable == 0)
+
+-#ifdef CONFIG_X86_64
+-#define LDT_empty(info) (_LDT_empty(info) && ((info)->lm == 0))
+-#else
+-#define LDT_empty(info) (_LDT_empty(info))
+-#endif
+-
+ static inline void clear_LDT(void)
+ {
+ set_ldt(NULL, 0);
Modified: dists/wheezy-backports/linux/debian/patches/series
==============================================================================
--- dists/wheezy-backports/linux/debian/patches/series Thu Feb 12 03:46:18 2015 (r22369)
+++ dists/wheezy-backports/linux/debian/patches/series Thu Feb 12 04:00:26 2015 (r22370)
@@ -57,6 +57,7 @@
bugfix/parisc/parisc-reduce-sigrtmin-from-37-to-32-to-behave-like-.patch
bugfix/arm64/arm64-add-missing-dts-entry-for-X-Gene-platform.patch
bugfix/arm64/arm64-removed-using-of-the-mask-attribute-in-the-dts.patch
+bugfix/arm64/clocksource-arch_timer-Only-use-the-virtual-counter-.patch
bugfix/x86/acpi-video-run-_bcl-before-deciding-registering-back.patch
# Arch features
@@ -153,6 +154,9 @@
bugfix/all/xen-netback-support-frontends-without-feature-rx-not.patch
bugfix/all/aufs-move-d_rcu-from-overlapping-d_child-to-overlapping-d.patch
bugfix/all/net-mv643xx-disable-tso-by-default.patch
+bugfix/all/Revert-swiotlb-xen-pass-dev_addr-to-swiotlb_tbl_unma.patch
+bugfix/all/xen-balloon-cancel-ballooning-if-adding-new-memory-f.patch
+bugfix/all/xen-balloon-Don-t-continue-ballooning-when-BP_ECANCE.patch
# memfd_create() & kdbus backport
features/all/kdbus/mm-allow-drivers-to-prevent-new-writable-mappings.patch
@@ -490,3 +494,11 @@
bugfix/all/netfilter-conntrack-disable-generic-tracking-for-kno.patch
bugfix/x86/x86_64-vdso-fix-the-vdso-address-randomization-algor.patch
bugfix/x86/x86-vdso-use-asm-volatile-in-__getcpu.patch
+bugfix/all/crypto-prefix-module-autoloading-with-crypto.patch
+bugfix/all/crypto-include-crypto-module-prefix-in-template.patch
+bugfix/all/crypto-add-missing-crypto-module-aliases.patch
+bugfix/x86/kvm-x86-sysenter-emulation-is-broken.patch
+bugfix/sh4/scripts-recordmcount.pl-there-is-no-m32-option-on-super-h.patch
+bugfix/x86/x86-tls-ldt-stop-checking-lm-in-ldt_empty.patch
+bugfix/x86/x86-tls-interpret-an-all-zero-struct-user_desc-as-no.patch
+bugfix/all/net-sctp-fix-slab-corruption-from-use-after-free-on-.patch
More information about the Kernel-svn-changes
mailing list