reset upstream subtrees to yocto 2.6
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb b/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb
index 6052650..ed4327d 100644
--- a/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb
+++ b/poky/meta/recipes-kernel/cryptodev/cryptodev-module_1.9.bb
@@ -11,6 +11,9 @@
file://0001-Disable-installing-header-file-provided-by-another-p.patch \
file://0001-ioctl.c-Fix-build-with-linux-4.13.patch \
file://0001-ioctl.c-Fix-build-with-linux-4.17.patch \
+file://0001-refactoring-split-big-function-to-simplify-maintaina.patch \
+file://0002-refactoring-relocate-code-to-simplify-later-patches.patch \
+file://0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch \
"
EXTRA_OEMAKE='KERNEL_DIR="${STAGING_KERNEL_DIR}" PREFIX="${D}"'
diff --git a/poky/meta/recipes-kernel/cryptodev/cryptodev-tests_1.9.bb b/poky/meta/recipes-kernel/cryptodev/cryptodev-tests_1.9.bb
index 9afb3de..617db6c 100644
--- a/poky/meta/recipes-kernel/cryptodev/cryptodev-tests_1.9.bb
+++ b/poky/meta/recipes-kernel/cryptodev/cryptodev-tests_1.9.bb
@@ -2,10 +2,11 @@
SUMMARY = "A test suite for /dev/crypto device driver"
-DEPENDS += "openssl10"
+DEPENDS += "openssl"
SRC_URI += " \
file://0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch \
+file://0001-Port-tests-to-openssl-1.1.patch \
"
EXTRA_OEMAKE='KERNEL_DIR="${STAGING_EXECPREFIXDIR}" PREFIX="${D}"'
diff --git a/poky/meta/recipes-kernel/cryptodev/files/0001-Port-tests-to-openssl-1.1.patch b/poky/meta/recipes-kernel/cryptodev/files/0001-Port-tests-to-openssl-1.1.patch
new file mode 100644
index 0000000..c969126
--- /dev/null
+++ b/poky/meta/recipes-kernel/cryptodev/files/0001-Port-tests-to-openssl-1.1.patch
@@ -0,0 +1,103 @@
+From 2fe4bdeb8cdd0b0f46d9caed807812855d51ea56 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Wed, 28 Mar 2018 20:11:05 +0300
+Subject: [PATCH] Port tests to openssl 1.1
+
+Upstream-Status: Accepted [https://github.com/cryptodev-linux/cryptodev-linux/pull/36]
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+
+---
+ tests/openssl_wrapper.c | 33 +++++++++++++++++++++++++++++++++
+ 1 file changed, 33 insertions(+)
+
+diff --git a/tests/openssl_wrapper.c b/tests/openssl_wrapper.c
+index 038c58f..dea2496 100644
+--- a/tests/openssl_wrapper.c
++++ b/tests/openssl_wrapper.c
+@@ -4,6 +4,7 @@
+ #include <openssl/aes.h>
+ #include <openssl/evp.h>
+ #include <openssl/hmac.h>
++#include <openssl/opensslv.h>
+
+ //#define DEBUG
+
+@@ -23,10 +24,17 @@ enum ctx_type {
+ ctx_type_md,
+ };
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++union openssl_ctx {
++ HMAC_CTX *hmac;
++ EVP_MD_CTX *md;
++};
++#else
+ union openssl_ctx {
+ HMAC_CTX hmac;
+ EVP_MD_CTX md;
+ };
++#endif
+
+ struct ctx_mapping {
+ __u32 ses;
+@@ -63,6 +71,16 @@ static void remove_mapping(__u32 ses)
+ switch (mapping->type) {
+ case ctx_type_none:
+ break;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ case ctx_type_hmac:
++ dbgp("%s: calling HMAC_CTX_free\n", __func__);
++ HMAC_CTX_free(mapping->ctx.hmac);
++ break;
++ case ctx_type_md:
++ dbgp("%s: calling EVP_MD_CTX_free\n", __func__);
++ EVP_MD_CTX_free(mapping->ctx.md);
++ break;
++#else
+ case ctx_type_hmac:
+ dbgp("%s: calling HMAC_CTX_cleanup\n", __func__);
+ HMAC_CTX_cleanup(&mapping->ctx.hmac);
+@@ -71,6 +89,7 @@ static void remove_mapping(__u32 ses)
+ dbgp("%s: calling EVP_MD_CTX_cleanup\n", __func__);
+ EVP_MD_CTX_cleanup(&mapping->ctx.md);
+ break;
++#endif
+ }
+ memset(mapping, 0, sizeof(*mapping));
+ }
+@@ -127,10 +146,17 @@ static int openssl_hmac(struct session_op *sess, struct crypt_op *cop)
+
+ mapping->ses = sess->ses;
+ mapping->type = ctx_type_hmac;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ ctx = mapping->ctx.hmac;
++
++ dbgp("calling HMAC_CTX_new");
++ ctx = HMAC_CTX_new();
++#else
+ ctx = &mapping->ctx.hmac;
+
+ dbgp("calling HMAC_CTX_init");
+ HMAC_CTX_init(ctx);
++#endif
+ dbgp("calling HMAC_Init_ex");
+ if (!HMAC_Init_ex(ctx, sess->mackey, sess->mackeylen,
+ sess_to_evp_md(sess), NULL)) {
+@@ -172,10 +198,17 @@ static int openssl_md(struct session_op *sess, struct crypt_op *cop)
+
+ mapping->ses = sess->ses;
+ mapping->type = ctx_type_md;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ ctx = mapping->ctx.md;
++
++ dbgp("calling EVP_MD_CTX_new");
++ ctx = EVP_MD_CTX_new();
++#else
+ ctx = &mapping->ctx.md;
+
+ dbgp("calling EVP_MD_CTX_init");
+ EVP_MD_CTX_init(ctx);
++#endif
+ dbgp("calling EVP_DigestInit");
+ EVP_DigestInit(ctx, sess_to_evp_md(sess));
+ }
diff --git a/poky/meta/recipes-kernel/cryptodev/files/0001-refactoring-split-big-function-to-simplify-maintaina.patch b/poky/meta/recipes-kernel/cryptodev/files/0001-refactoring-split-big-function-to-simplify-maintaina.patch
new file mode 100644
index 0000000..f557b5d
--- /dev/null
+++ b/poky/meta/recipes-kernel/cryptodev/files/0001-refactoring-split-big-function-to-simplify-maintaina.patch
@@ -0,0 +1,250 @@
+From 20dcf071bc3076ee7db9d603cfbe6a06e86c7d5f Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Thu, 4 May 2017 15:06:20 +0300
+Subject: [PATCH 1/3] refactoring: split big function to simplify maintainance
+
+The setup of auth_buf in tls and aead is now duplicated but this
+is temporary and allows necessary corrections for the aead case
+with v4.2+ kernels.
+
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+
+Upstream-Status: Backport
+
+Commit ID: 20dcf071bc3076ee7db9d603c
+
+Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
+---
+ authenc.c | 197 ++++++++++++++++++++++++++++++++++++++++----------------------
+ 1 file changed, 126 insertions(+), 71 deletions(-)
+
+diff --git a/authenc.c b/authenc.c
+index 1bd7377..28eb0f9 100644
+--- a/authenc.c
++++ b/authenc.c
+@@ -609,96 +609,151 @@ auth_n_crypt(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop,
+ return 0;
+ }
+
+-/* This is the main crypto function - zero-copy edition */
+-static int
+-__crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
++static int crypto_auth_zc_srtp(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
+ {
+- struct scatterlist *dst_sg, *auth_sg, *src_sg;
++ struct scatterlist *dst_sg, *auth_sg;
+ struct crypt_auth_op *caop = &kcaop->caop;
+- int ret = 0;
++ int ret;
+
+- if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
+- if (unlikely(ses_ptr->cdata.init != 0 &&
+- (ses_ptr->cdata.stream == 0 ||
+- ses_ptr->cdata.aead != 0))) {
+- derr(0, "Only stream modes are allowed in SRTP mode (but not AEAD)");
+- return -EINVAL;
+- }
++ if (unlikely(ses_ptr->cdata.init != 0 &&
++ (ses_ptr->cdata.stream == 0 || ses_ptr->cdata.aead != 0))) {
++ derr(0, "Only stream modes are allowed in SRTP mode (but not AEAD)");
++ return -EINVAL;
++ }
+
+- ret = get_userbuf_srtp(ses_ptr, kcaop, &auth_sg, &dst_sg);
+- if (unlikely(ret)) {
+- derr(1, "get_userbuf_srtp(): Error getting user pages.");
+- return ret;
+- }
++ ret = get_userbuf_srtp(ses_ptr, kcaop, &auth_sg, &dst_sg);
++ if (unlikely(ret)) {
++ derr(1, "get_userbuf_srtp(): Error getting user pages.");
++ return ret;
++ }
+
+- ret = srtp_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
+- dst_sg, caop->len);
++ ret = srtp_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
++ dst_sg, caop->len);
+
+- release_user_pages(ses_ptr);
+- } else { /* TLS and normal cases. Here auth data are usually small
+- * so we just copy them to a free page, instead of trying
+- * to map them.
+- */
+- unsigned char *auth_buf = NULL;
+- struct scatterlist tmp;
++ release_user_pages(ses_ptr);
+
+- if (unlikely(caop->auth_len > PAGE_SIZE)) {
+- derr(1, "auth data len is excessive.");
+- return -EINVAL;
+- }
++ return ret;
++}
+
+- auth_buf = (char *)__get_free_page(GFP_KERNEL);
+- if (unlikely(!auth_buf)) {
+- derr(1, "unable to get a free page.");
+- return -ENOMEM;
+- }
++static int crypto_auth_zc_tls(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
++{
++ struct crypt_auth_op *caop = &kcaop->caop;
++ struct scatterlist *dst_sg, *auth_sg;
++ unsigned char *auth_buf = NULL;
++ struct scatterlist tmp;
++ int ret;
+
+- if (caop->auth_src && caop->auth_len > 0) {
+- if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
+- derr(1, "unable to copy auth data from userspace.");
+- ret = -EFAULT;
+- goto free_auth_buf;
+- }
++ if (unlikely(ses_ptr->cdata.aead != 0)) {
++ return -EINVAL;
++ }
++
++ if (unlikely(caop->auth_len > PAGE_SIZE)) {
++ derr(1, "auth data len is excessive.");
++ return -EINVAL;
++ }
++
++ auth_buf = (char *)__get_free_page(GFP_KERNEL);
++ if (unlikely(!auth_buf)) {
++ derr(1, "unable to get a free page.");
++ return -ENOMEM;
++ }
+
+- sg_init_one(&tmp, auth_buf, caop->auth_len);
+- auth_sg = &tmp;
+- } else {
+- auth_sg = NULL;
++ if (caop->auth_src && caop->auth_len > 0) {
++ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
++ derr(1, "unable to copy auth data from userspace.");
++ ret = -EFAULT;
++ goto free_auth_buf;
+ }
+
+- if (caop->flags & COP_FLAG_AEAD_TLS_TYPE && ses_ptr->cdata.aead == 0) {
+- ret = get_userbuf_tls(ses_ptr, kcaop, &dst_sg);
+- if (unlikely(ret)) {
+- derr(1, "get_userbuf_tls(): Error getting user pages.");
+- goto free_auth_buf;
+- }
++ sg_init_one(&tmp, auth_buf, caop->auth_len);
++ auth_sg = &tmp;
++ } else {
++ auth_sg = NULL;
++ }
+
+- ret = tls_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
+- dst_sg, caop->len);
+- } else {
+- if (unlikely(ses_ptr->cdata.init == 0 ||
+- (ses_ptr->cdata.stream == 0 &&
+- ses_ptr->cdata.aead == 0))) {
+- derr(0, "Only stream and AEAD ciphers are allowed for authenc");
+- ret = -EINVAL;
+- goto free_auth_buf;
+- }
++ ret = get_userbuf_tls(ses_ptr, kcaop, &dst_sg);
++ if (unlikely(ret)) {
++ derr(1, "get_userbuf_tls(): Error getting user pages.");
++ goto free_auth_buf;
++ }
+
+- ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
+- kcaop->task, kcaop->mm, &src_sg, &dst_sg);
+- if (unlikely(ret)) {
+- derr(1, "get_userbuf(): Error getting user pages.");
+- goto free_auth_buf;
+- }
++ ret = tls_auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
++ dst_sg, caop->len);
++ release_user_pages(ses_ptr);
++
++free_auth_buf:
++ free_page((unsigned long)auth_buf);
++ return ret;
++}
++
++static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
++{
++ struct scatterlist *dst_sg, *auth_sg, *src_sg;
++ struct crypt_auth_op *caop = &kcaop->caop;
++ unsigned char *auth_buf = NULL;
++ struct scatterlist tmp;
++ int ret;
+
+- ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
+- src_sg, dst_sg, caop->len);
++ if (unlikely(ses_ptr->cdata.init == 0 ||
++ (ses_ptr->cdata.stream == 0 && ses_ptr->cdata.aead == 0))) {
++ derr(0, "Only stream and AEAD ciphers are allowed for authenc");
++ return -EINVAL;
++ }
++
++ if (unlikely(caop->auth_len > PAGE_SIZE)) {
++ derr(1, "auth data len is excessive.");
++ return -EINVAL;
++ }
++
++ auth_buf = (char *)__get_free_page(GFP_KERNEL);
++ if (unlikely(!auth_buf)) {
++ derr(1, "unable to get a free page.");
++ return -ENOMEM;
++ }
++
++ if (caop->auth_src && caop->auth_len > 0) {
++ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
++ derr(1, "unable to copy auth data from userspace.");
++ ret = -EFAULT;
++ goto free_auth_buf;
+ }
+
+- release_user_pages(ses_ptr);
++ sg_init_one(&tmp, auth_buf, caop->auth_len);
++ auth_sg = &tmp;
++ } else {
++ auth_sg = NULL;
++ }
++
++ ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
++ kcaop->task, kcaop->mm, &src_sg, &dst_sg);
++ if (unlikely(ret)) {
++ derr(1, "get_userbuf(): Error getting user pages.");
++ goto free_auth_buf;
++ }
++
++ ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
++ src_sg, dst_sg, caop->len);
++
++ release_user_pages(ses_ptr);
+
+ free_auth_buf:
+- free_page((unsigned long)auth_buf);
++ free_page((unsigned long)auth_buf);
++
++ return ret;
++}
++
++static int
++__crypto_auth_run_zc(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
++{
++ struct crypt_auth_op *caop = &kcaop->caop;
++ int ret;
++
++ if (caop->flags & COP_FLAG_AEAD_SRTP_TYPE) {
++ ret = crypto_auth_zc_srtp(ses_ptr, kcaop);
++ } else if (caop->flags & COP_FLAG_AEAD_TLS_TYPE) {
++ ret = crypto_auth_zc_tls(ses_ptr, kcaop);
++ } else {
++ ret = crypto_auth_zc_aead(ses_ptr, kcaop);
+ }
+
+ return ret;
+--
+2.11.0
+
diff --git a/poky/meta/recipes-kernel/cryptodev/files/0002-refactoring-relocate-code-to-simplify-later-patches.patch b/poky/meta/recipes-kernel/cryptodev/files/0002-refactoring-relocate-code-to-simplify-later-patches.patch
new file mode 100644
index 0000000..83d9005
--- /dev/null
+++ b/poky/meta/recipes-kernel/cryptodev/files/0002-refactoring-relocate-code-to-simplify-later-patches.patch
@@ -0,0 +1,64 @@
+From c2bf0e42b1d9fda60cde4a3a682784d349ef1c0b Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Thu, 4 May 2017 15:06:21 +0300
+Subject: [PATCH 2/3] refactoring: relocate code to simplify later patches
+
+This code move will simplify the conversion to new AEAD interface in
+next patches
+
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+
+Upstream-Status: Backport
+
+Commit ID: c2bf0e42b1d9fda
+
+Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
+---
+ authenc.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/authenc.c b/authenc.c
+index 28eb0f9..95727b4 100644
+--- a/authenc.c
++++ b/authenc.c
+@@ -711,11 +711,18 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
+ return -ENOMEM;
+ }
+
++ ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
++ kcaop->task, kcaop->mm, &src_sg, &dst_sg);
++ if (unlikely(ret)) {
++ derr(1, "get_userbuf(): Error getting user pages.");
++ goto free_auth_buf;
++ }
++
+ if (caop->auth_src && caop->auth_len > 0) {
+ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
+ derr(1, "unable to copy auth data from userspace.");
+ ret = -EFAULT;
+- goto free_auth_buf;
++ goto free_pages;
+ }
+
+ sg_init_one(&tmp, auth_buf, caop->auth_len);
+@@ -724,16 +731,10 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
+ auth_sg = NULL;
+ }
+
+- ret = get_userbuf(ses_ptr, caop->src, caop->len, caop->dst, kcaop->dst_len,
+- kcaop->task, kcaop->mm, &src_sg, &dst_sg);
+- if (unlikely(ret)) {
+- derr(1, "get_userbuf(): Error getting user pages.");
+- goto free_auth_buf;
+- }
+-
+ ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
+ src_sg, dst_sg, caop->len);
+
++free_pages:
+ release_user_pages(ses_ptr);
+
+ free_auth_buf:
+--
+2.11.0
+
diff --git a/poky/meta/recipes-kernel/cryptodev/files/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch b/poky/meta/recipes-kernel/cryptodev/files/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch
new file mode 100644
index 0000000..8602307
--- /dev/null
+++ b/poky/meta/recipes-kernel/cryptodev/files/0003-convert-to-new-AEAD-interface-in-kernels-v4.2.patch
@@ -0,0 +1,102 @@
+From a705360197260d28535746ae98c461ba2cfb7a9e Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica@nxp.com>
+Date: Thu, 4 May 2017 15:06:22 +0300
+Subject: [PATCH 3/3] convert to new AEAD interface in kernels v4.2+
+
+The crypto API for AEAD ciphers changed in recent kernels so that
+associated data is now part of both source and destination scatter
+gathers. The source, destination and associated data buffers need
+to be stiched accordingly for the operations to succeed:
+
+src_sg: auth_buf + src_buf
+dst_sg: auth_buf + (dst_buf + tag space)
+
+This patch fixes a kernel crash observed with cipher-gcm test.
+
+See also kernel patch: 81c4c35eb61a69c229871c490b011c1171511d5a
+ crypto: ccm - Convert to new AEAD interface
+
+Reported-by: Phil Sutter <phil@nwl.cc>
+Signed-off-by: Cristian Stoica <cristian.stoica@nxp.com>
+
+Upstream-Status: Backport
+
+Commit ID: a705360197260d2853574
+
+Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
+---
+ authenc.c | 40 ++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 38 insertions(+), 2 deletions(-)
+
+diff --git a/authenc.c b/authenc.c
+index 95727b4..692951f 100644
+--- a/authenc.c
++++ b/authenc.c
+@@ -688,12 +688,20 @@ free_auth_buf:
+
+ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_auth_op *kcaop)
+ {
+- struct scatterlist *dst_sg, *auth_sg, *src_sg;
++ struct scatterlist *dst_sg;
++ struct scatterlist *src_sg;
+ struct crypt_auth_op *caop = &kcaop->caop;
+ unsigned char *auth_buf = NULL;
+- struct scatterlist tmp;
+ int ret;
+
++#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0))
++ struct scatterlist tmp;
++ struct scatterlist *auth_sg;
++#else
++ struct scatterlist auth1[2];
++ struct scatterlist auth2[2];
++#endif
++
+ if (unlikely(ses_ptr->cdata.init == 0 ||
+ (ses_ptr->cdata.stream == 0 && ses_ptr->cdata.aead == 0))) {
+ derr(0, "Only stream and AEAD ciphers are allowed for authenc");
+@@ -718,6 +726,7 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
+ goto free_auth_buf;
+ }
+
++#if (LINUX_VERSION_CODE < KERNEL_VERSION(4, 2, 0))
+ if (caop->auth_src && caop->auth_len > 0) {
+ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
+ derr(1, "unable to copy auth data from userspace.");
+@@ -733,6 +742,33 @@ static int crypto_auth_zc_aead(struct csession *ses_ptr, struct kernel_crypt_aut
+
+ ret = auth_n_crypt(ses_ptr, kcaop, auth_sg, caop->auth_len,
+ src_sg, dst_sg, caop->len);
++#else
++ if (caop->auth_src && caop->auth_len > 0) {
++ if (unlikely(copy_from_user(auth_buf, caop->auth_src, caop->auth_len))) {
++ derr(1, "unable to copy auth data from userspace.");
++ ret = -EFAULT;
++ goto free_pages;
++ }
++
++ sg_init_table(auth1, 2);
++ sg_set_buf(auth1, auth_buf, caop->auth_len);
++ sg_chain(auth1, 2, src_sg);
++
++ if (src_sg == dst_sg) {
++ src_sg = auth1;
++ dst_sg = auth1;
++ } else {
++ sg_init_table(auth2, 2);
++ sg_set_buf(auth2, auth_buf, caop->auth_len);
++ sg_chain(auth2, 2, dst_sg);
++ src_sg = auth1;
++ dst_sg = auth2;
++ }
++ }
++
++ ret = auth_n_crypt(ses_ptr, kcaop, NULL, caop->auth_len,
++ src_sg, dst_sg, caop->len);
++#endif
+
+ free_pages:
+ release_user_pages(ses_ptr);
+--
+2.11.0
+