apm821xx: backport accepted linux-crypto patches

Rather than wait until the patches hit vanilla and
get backported via the stable kernel, this patch
patches the crypto4xx driver with the latest fixes
from the upstream linux-crypto tree.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>

10 files changed, 1149 insertions, 0 deletions

diff --git a/target/linux/apm821xx/patches-4.14/023-0001-treewide-kzalloc-kcalloc.patch b/target/linux/apm821xx/patches-4.14/023-0001-treewide-kzalloc-kcalloc.patch
new file mode 100644
index 0000000000..09206f5050
--- /dev/null
+++ b/target/linux/apm821xx/patches-4.14/023-0001-treewide-kzalloc-kcalloc.patch
@@ -0,0 +1,447 @@
+From 6396bb221514d2876fd6dc0aa2a1f240d99b37bb Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Tue, 12 Jun 2018 14:03:40 -0700
+Subject: [PATCH 01/15] treewide: kzalloc() -> kcalloc()
+
+The kzalloc() function has a 2-factor argument form, kcalloc(). This
+patch replaces cases of:
+
+        kzalloc(a * b, gfp)
+
+with:
+        kcalloc(a * b, gfp)
+
+as well as handling cases of:
+
+        kzalloc(a * b * c, gfp)
+
+with:
+
+        kzalloc(array3_size(a, b, c), gfp)
+
+as it's slightly less ugly than:
+
+        kzalloc_array(array_size(a, b), c, gfp)
+
+This does, however, attempt to ignore constant size factors like:
+
+        kzalloc(4 * 1024, gfp)
+
+though any constants defined via macros get caught up in the conversion.
+
+Any factors with a sizeof() of "unsigned char", "char", and "u8" were
+dropped, since they're redundant.
+
+The Coccinelle script used for this was:
+
+// Fix redundant parens around sizeof().
+@@
+type TYPE;
+expression THING, E;
+@@
+
+(
+  kzalloc(
+-	(sizeof(TYPE)) * E
++	sizeof(TYPE) * E
+  , ...)
+|
+  kzalloc(
+-	(sizeof(THING)) * E
++	sizeof(THING) * E
+  , ...)
+)
+
+// Drop single-byte sizes and redundant parens.
+@@
+expression COUNT;
+typedef u8;
+typedef __u8;
+@@
+
+(
+  kzalloc(
+-	sizeof(u8) * (COUNT)
++	COUNT
+  , ...)
+|
+  kzalloc(
+-	sizeof(__u8) * (COUNT)
++	COUNT
+  , ...)
+|
+  kzalloc(
+-	sizeof(char) * (COUNT)
++	COUNT
+  , ...)
+|
+  kzalloc(
+-	sizeof(unsigned char) * (COUNT)
++	COUNT
+  , ...)
+|
+  kzalloc(
+-	sizeof(u8) * COUNT
++	COUNT
+  , ...)
+|
+  kzalloc(
+-	sizeof(__u8) * COUNT
++	COUNT
+  , ...)
+|
+  kzalloc(
+-	sizeof(char) * COUNT
++	COUNT
+  , ...)
+|
+  kzalloc(
+-	sizeof(unsigned char) * COUNT
++	COUNT
+  , ...)
+)
+
+// 2-factor product with sizeof(type/expression) and identifier or constant.
+@@
+type TYPE;
+expression THING;
+identifier COUNT_ID;
+constant COUNT_CONST;
+@@
+
+(
+- kzalloc
++ kcalloc
+  (
+-	sizeof(TYPE) * (COUNT_ID)
++	COUNT_ID, sizeof(TYPE)
+  , ...)
+|
+- kzalloc
++ kcalloc
+  (
+-	sizeof(TYPE) * COUNT_ID
++	COUNT_ID, sizeof(TYPE)
+  , ...)
+|
+- kzalloc
++ kcalloc
+  (
+-	sizeof(TYPE) * (COUNT_CONST)
++	COUNT_CONST, sizeof(TYPE)
+  , ...)
+|
+- kzalloc
++ kcalloc
+  (
+-	sizeof(TYPE) * COUNT_CONST
++	COUNT_CONST, sizeof(TYPE)
+  , ...)
+|
+- kzalloc
++ kcalloc
+  (
+-	sizeof(THING) * (COUNT_ID)
++	COUNT_ID, sizeof(THING)
+  , ...)
+|
+- kzalloc
++ kcalloc
+  (
+-	sizeof(THING) * COUNT_ID
++	COUNT_ID, sizeof(THING)
+  , ...)
+|
+- kzalloc
++ kcalloc
+  (
+-	sizeof(THING) * (COUNT_CONST)
++	COUNT_CONST, sizeof(THING)
+  , ...)
+|
+- kzalloc
++ kcalloc
+  (
+-	sizeof(THING) * COUNT_CONST
++	COUNT_CONST, sizeof(THING)
+  , ...)
+)
+
+// 2-factor product, only identifiers.
+@@
+identifier SIZE, COUNT;
+@@
+
+- kzalloc
++ kcalloc
+  (
+-	SIZE * COUNT
++	COUNT, SIZE
+  , ...)
+
+// 3-factor product with 1 sizeof(type) or sizeof(expression), with
+// redundant parens removed.
+@@
+expression THING;
+identifier STRIDE, COUNT;
+type TYPE;
+@@
+
+(
+  kzalloc(
+-	sizeof(TYPE) * (COUNT) * (STRIDE)
++	array3_size(COUNT, STRIDE, sizeof(TYPE))
+  , ...)
+|
+  kzalloc(
+-	sizeof(TYPE) * (COUNT) * STRIDE
++	array3_size(COUNT, STRIDE, sizeof(TYPE))
+  , ...)
+|
+  kzalloc(
+-	sizeof(TYPE) * COUNT * (STRIDE)
++	array3_size(COUNT, STRIDE, sizeof(TYPE))
+  , ...)
+|
+  kzalloc(
+-	sizeof(TYPE) * COUNT * STRIDE
++	array3_size(COUNT, STRIDE, sizeof(TYPE))
+  , ...)
+|
+  kzalloc(
+-	sizeof(THING) * (COUNT) * (STRIDE)
++	array3_size(COUNT, STRIDE, sizeof(THING))
+  , ...)
+|
+  kzalloc(
+-	sizeof(THING) * (COUNT) * STRIDE
++	array3_size(COUNT, STRIDE, sizeof(THING))
+  , ...)
+|
+  kzalloc(
+-	sizeof(THING) * COUNT * (STRIDE)
++	array3_size(COUNT, STRIDE, sizeof(THING))
+  , ...)
+|
+  kzalloc(
+-	sizeof(THING) * COUNT * STRIDE
++	array3_size(COUNT, STRIDE, sizeof(THING))
+  , ...)
+)
+
+// 3-factor product with 2 sizeof(variable), with redundant parens removed.
+@@
+expression THING1, THING2;
+identifier COUNT;
+type TYPE1, TYPE2;
+@@
+
+(
+  kzalloc(
+-	sizeof(TYPE1) * sizeof(TYPE2) * COUNT
++	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
+  , ...)
+|
+  kzalloc(
+-	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
++	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
+  , ...)
+|
+  kzalloc(
+-	sizeof(THING1) * sizeof(THING2) * COUNT
++	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
+  , ...)
+|
+  kzalloc(
+-	sizeof(THING1) * sizeof(THING2) * (COUNT)
++	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
+  , ...)
+|
+  kzalloc(
+-	sizeof(TYPE1) * sizeof(THING2) * COUNT
++	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
+  , ...)
+|
+  kzalloc(
+-	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
++	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
+  , ...)
+)
+
+// 3-factor product, only identifiers, with redundant parens removed.
+@@
+identifier STRIDE, SIZE, COUNT;
+@@
+
+(
+  kzalloc(
+-	(COUNT) * STRIDE * SIZE
++	array3_size(COUNT, STRIDE, SIZE)
+  , ...)
+|
+  kzalloc(
+-	COUNT * (STRIDE) * SIZE
++	array3_size(COUNT, STRIDE, SIZE)
+  , ...)
+|
+  kzalloc(
+-	COUNT * STRIDE * (SIZE)
++	array3_size(COUNT, STRIDE, SIZE)
+  , ...)
+|
+  kzalloc(
+-	(COUNT) * (STRIDE) * SIZE
++	array3_size(COUNT, STRIDE, SIZE)
+  , ...)
+|
+  kzalloc(
+-	COUNT * (STRIDE) * (SIZE)
++	array3_size(COUNT, STRIDE, SIZE)
+  , ...)
+|
+  kzalloc(
+-	(COUNT) * STRIDE * (SIZE)
++	array3_size(COUNT, STRIDE, SIZE)
+  , ...)
+|
+  kzalloc(
+-	(COUNT) * (STRIDE) * (SIZE)
++	array3_size(COUNT, STRIDE, SIZE)
+  , ...)
+|
+  kzalloc(
+-	COUNT * STRIDE * SIZE
++	array3_size(COUNT, STRIDE, SIZE)
+  , ...)
+)
+
+// Any remaining multi-factor products, first at least 3-factor products,
+// when they're not all constants...
+@@
+expression E1, E2, E3;
+constant C1, C2, C3;
+@@
+
+(
+  kzalloc(C1 * C2 * C3, ...)
+|
+  kzalloc(
+-	(E1) * E2 * E3
++	array3_size(E1, E2, E3)
+  , ...)
+|
+  kzalloc(
+-	(E1) * (E2) * E3
++	array3_size(E1, E2, E3)
+  , ...)
+|
+  kzalloc(
+-	(E1) * (E2) * (E3)
++	array3_size(E1, E2, E3)
+  , ...)
+|
+  kzalloc(
+-	E1 * E2 * E3
++	array3_size(E1, E2, E3)
+  , ...)
+)
+
+// And then all remaining 2 factors products when they're not all constants,
+// keeping sizeof() as the second factor argument.
+@@
+expression THING, E1, E2;
+type TYPE;
+constant C1, C2, C3;
+@@
+
+(
+  kzalloc(sizeof(THING) * C2, ...)
+|
+  kzalloc(sizeof(TYPE) * C2, ...)
+|
+  kzalloc(C1 * C2 * C3, ...)
+|
+  kzalloc(C1 * C2, ...)
+|
+- kzalloc
++ kcalloc
+  (
+-	sizeof(TYPE) * (E2)
++	E2, sizeof(TYPE)
+  , ...)
+|
+- kzalloc
++ kcalloc
+  (
+-	sizeof(TYPE) * E2
++	E2, sizeof(TYPE)
+  , ...)
+|
+- kzalloc
++ kcalloc
+  (
+-	sizeof(THING) * (E2)
++	E2, sizeof(THING)
+  , ...)
+|
+- kzalloc
++ kcalloc
+  (
+-	sizeof(THING) * E2
++	E2, sizeof(THING)
+  , ...)
+|
+- kzalloc
++ kcalloc
+  (
+-	(E1) * E2
++	E1, E2
+  , ...)
+|
+- kzalloc
++ kcalloc
+  (
+-	(E1) * (E2)
++	E1, E2
+  , ...)
+|
+- kzalloc
++ kcalloc
+  (
+-	E1 * E2
++	E1, E2
+  , ...)
+)
+
+Signed-off-by: Kees Cook <keescook@chromium.org>
+---
+ drivers/crypto/amcc/crypto4xx_core.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -141,11 +141,11 @@ static void crypto4xx_hw_init(struct cry
+ 
+ int crypto4xx_alloc_sa(struct crypto4xx_ctx *ctx, u32 size)
+ {
+-	ctx->sa_in = kzalloc(size * 4, GFP_ATOMIC);
++	ctx->sa_in = kcalloc(size, 4, GFP_ATOMIC);
+ 	if (ctx->sa_in == NULL)
+ 		return -ENOMEM;
+ 
+-	ctx->sa_out = kzalloc(size * 4, GFP_ATOMIC);
++	ctx->sa_out = kcalloc(size, 4, GFP_ATOMIC);
+ 	if (ctx->sa_out == NULL) {
+ 		kfree(ctx->sa_in);
+ 		ctx->sa_in = NULL;
+@@ -180,8 +180,8 @@ static u32 crypto4xx_build_pdr(struct cr
+ 	if (!dev->pdr)
+ 		return -ENOMEM;
+ 
+-	dev->pdr_uinfo = kzalloc(sizeof(struct pd_uinfo) * PPC4XX_NUM_PD,
+-				GFP_KERNEL);
++	dev->pdr_uinfo = kcalloc(PPC4XX_NUM_PD, sizeof(struct pd_uinfo),
++				 GFP_KERNEL);
+ 	if (!dev->pdr_uinfo) {
+ 		dma_free_coherent(dev->core_dev->device,
+ 				  sizeof(struct ce_pd) * PPC4XX_NUM_PD,
diff --git a/target/linux/apm821xx/patches-4.14/023-0002-crypto-skcipher-remove-useless-setting-of-type-flags.patch b/target/linux/apm821xx/patches-4.14/023-0002-crypto-skcipher-remove-useless-setting-of-type-flags.patch
new file mode 100644
index 0000000000..75f0db2391
--- /dev/null
+++ b/target/linux/apm821xx/patches-4.14/023-0002-crypto-skcipher-remove-useless-setting-of-type-flags.patch
@@ -0,0 +1,84 @@
+From 2c95e6d97892235b5b98cd4805e47fac87c2226f Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Sat, 30 Jun 2018 15:16:15 -0700
+Subject: [PATCH 02/15] crypto: skcipher - remove useless setting of type flags
+
+Some skcipher algorithms set .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER.  But
+this is redundant with the C structure type ('struct skcipher_alg'), and
+crypto_register_skcipher() already sets the type flag automatically,
+clearing any type flag that was already there.  Apparently the useless
+assignment has just been copy+pasted around.
+
+So, remove the useless assignment from all the skcipher algorithms.
+
+This patch shouldn't change any actual behavior.
+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Acked-by: Gilad Ben-Yossef <gilad@benyossef.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/amcc/crypto4xx_core.c | 18 ++++++------------
+ 1 file changed, 6 insertions(+), 12 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -1132,8 +1132,7 @@ static struct crypto4xx_alg_common crypt
+ 			.cra_name = "cbc(aes)",
+ 			.cra_driver_name = "cbc-aes-ppc4xx",
+ 			.cra_priority = CRYPTO4XX_CRYPTO_PRIORITY,
+-			.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER |
+-				CRYPTO_ALG_ASYNC |
++			.cra_flags = CRYPTO_ALG_ASYNC |
+ 				CRYPTO_ALG_KERN_DRIVER_ONLY,
+ 			.cra_blocksize = AES_BLOCK_SIZE,
+ 			.cra_ctxsize = sizeof(struct crypto4xx_ctx),
+@@ -1153,8 +1152,7 @@ static struct crypto4xx_alg_common crypt
+ 			.cra_name = "cfb(aes)",
+ 			.cra_driver_name = "cfb-aes-ppc4xx",
+ 			.cra_priority = CRYPTO4XX_CRYPTO_PRIORITY,
+-			.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER |
+-				CRYPTO_ALG_ASYNC |
++			.cra_flags = CRYPTO_ALG_ASYNC |
+ 				CRYPTO_ALG_KERN_DRIVER_ONLY,
+ 			.cra_blocksize = AES_BLOCK_SIZE,
+ 			.cra_ctxsize = sizeof(struct crypto4xx_ctx),
+@@ -1174,8 +1172,7 @@ static struct crypto4xx_alg_common crypt
+ 			.cra_name = "ctr(aes)",
+ 			.cra_driver_name = "ctr-aes-ppc4xx",
+ 			.cra_priority = CRYPTO4XX_CRYPTO_PRIORITY,
+-			.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER |
+-				CRYPTO_ALG_NEED_FALLBACK |
++			.cra_flags = CRYPTO_ALG_NEED_FALLBACK |
+ 				CRYPTO_ALG_ASYNC |
+ 				CRYPTO_ALG_KERN_DRIVER_ONLY,
+ 			.cra_blocksize = AES_BLOCK_SIZE,
+@@ -1196,8 +1193,7 @@ static struct crypto4xx_alg_common crypt
+ 			.cra_name = "rfc3686(ctr(aes))",
+ 			.cra_driver_name = "rfc3686-ctr-aes-ppc4xx",
+ 			.cra_priority = CRYPTO4XX_CRYPTO_PRIORITY,
+-			.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER |
+-				CRYPTO_ALG_ASYNC |
++			.cra_flags = CRYPTO_ALG_ASYNC |
+ 				CRYPTO_ALG_KERN_DRIVER_ONLY,
+ 			.cra_blocksize = AES_BLOCK_SIZE,
+ 			.cra_ctxsize = sizeof(struct crypto4xx_ctx),
+@@ -1217,8 +1213,7 @@ static struct crypto4xx_alg_common crypt
+ 			.cra_name = "ecb(aes)",
+ 			.cra_driver_name = "ecb-aes-ppc4xx",
+ 			.cra_priority = CRYPTO4XX_CRYPTO_PRIORITY,
+-			.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER |
+-				CRYPTO_ALG_ASYNC |
++			.cra_flags = CRYPTO_ALG_ASYNC |
+ 				CRYPTO_ALG_KERN_DRIVER_ONLY,
+ 			.cra_blocksize = AES_BLOCK_SIZE,
+ 			.cra_ctxsize = sizeof(struct crypto4xx_ctx),
+@@ -1237,8 +1232,7 @@ static struct crypto4xx_alg_common crypt
+ 			.cra_name = "ofb(aes)",
+ 			.cra_driver_name = "ofb-aes-ppc4xx",
+ 			.cra_priority = CRYPTO4XX_CRYPTO_PRIORITY,
+-			.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER |
+-				CRYPTO_ALG_ASYNC |
++			.cra_flags = CRYPTO_ALG_ASYNC |
+ 				CRYPTO_ALG_KERN_DRIVER_ONLY,
+ 			.cra_blocksize = AES_BLOCK_SIZE,
+ 			.cra_ctxsize = sizeof(struct crypto4xx_ctx),
diff --git a/target/linux/apm821xx/patches-4.14/023-0003-crypto-drop-mask-CRYPTO_ALG_ASYNC-from-cipher-tfm-al.patch b/target/linux/apm821xx/patches-4.14/023-0003-crypto-drop-mask-CRYPTO_ALG_ASYNC-from-cipher-tfm-al.patch
new file mode 100644
index 0000000000..0c2871f376
--- /dev/null
+++ b/target/linux/apm821xx/patches-4.14/023-0003-crypto-drop-mask-CRYPTO_ALG_ASYNC-from-cipher-tfm-al.patch
@@ -0,0 +1,34 @@
+From 1ad0f1603a6b2afb62a1c065409aaa4e43ca7627 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Wed, 14 Nov 2018 12:19:39 -0800
+Subject: [PATCH 03/15] crypto: drop mask=CRYPTO_ALG_ASYNC from 'cipher' tfm
+ allocations
+
+'cipher' algorithms (single block ciphers) are always synchronous, so
+passing CRYPTO_ALG_ASYNC in the mask to crypto_alloc_cipher() has no
+effect.  Many users therefore already don't pass it, but some still do.
+This inconsistency can cause confusion, especially since the way the
+'mask' argument works is somewhat counterintuitive.
+
+Thus, just remove the unneeded CRYPTO_ALG_ASYNC flags.
+
+This patch shouldn't change any actual behavior.
+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/amcc/crypto4xx_alg.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_alg.c
++++ b/drivers/crypto/amcc/crypto4xx_alg.c
+@@ -520,8 +520,7 @@ static int crypto4xx_compute_gcm_hash_ke
+ 	uint8_t src[16] = { 0 };
+ 	int rc = 0;
+ 
+-	aes_tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC |
+-				      CRYPTO_ALG_NEED_FALLBACK);
++	aes_tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_NEED_FALLBACK);
+ 	if (IS_ERR(aes_tfm)) {
+ 		rc = PTR_ERR(aes_tfm);
+ 		pr_warn("could not load aes cipher driver: %d\n", rc);
diff --git a/target/linux/apm821xx/patches-4.14/023-0004-crypto4xx_core-don-t-abuse-__dma_sync_page.patch b/target/linux/apm821xx/patches-4.14/023-0004-crypto4xx_core-don-t-abuse-__dma_sync_page.patch
new file mode 100644
index 0000000000..635ab0037e
--- /dev/null
+++ b/target/linux/apm821xx/patches-4.14/023-0004-crypto4xx_core-don-t-abuse-__dma_sync_page.patch
@@ -0,0 +1,30 @@
+From 67d8208fba1324fa0198f9fc58a9edbe09596947 Mon Sep 17 00:00:00 2001
+From: Christoph Hellwig <hch@lst.de>
+Date: Sun, 16 Dec 2018 18:19:46 +0100
+Subject: [PATCH 04/15] crypto4xx_core: don't abuse __dma_sync_page
+
+This function is internal to the DMA API implementation. Instead use
+the DMA API to properly unmap. Note that the DMA API usage in this
+driver is a disaster and urgently needs some work - it is missing all
+the unmaps, seems to do a secondary map where it looks like it should
+to a unmap in one place to work around cache coherency and the
+directions passed in seem to be partially wrong.
+
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Tested-by: Christian Lamparter <chunkeey@gmail.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+---
+ drivers/crypto/amcc/crypto4xx_core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -596,7 +596,7 @@ static void crypto4xx_aead_done(struct c
+ 					  pd->pd_ctl_len.bf.pkt_len,
+ 					  dst);
+ 	} else {
+-		__dma_sync_page(sg_page(dst), dst->offset, dst->length,
++		dma_unmap_page(dev->core_dev->device, pd->dest, dst->length,
+ 				DMA_FROM_DEVICE);
+ 	}
+ 
diff --git a/target/linux/apm821xx/patches-4.14/023-0005-cross-tree-phase-out-dma_zalloc_coherent.patch b/target/linux/apm821xx/patches-4.14/023-0005-cross-tree-phase-out-dma_zalloc_coherent.patch
new file mode 100644
index 0000000000..857578bb93
--- /dev/null
+++ b/target/linux/apm821xx/patches-4.14/023-0005-cross-tree-phase-out-dma_zalloc_coherent.patch
@@ -0,0 +1,40 @@
+From 750afb08ca71310fcf0c4e2cb1565c63b8235b60 Mon Sep 17 00:00:00 2001
+From: Luis Chamberlain <mcgrof@kernel.org>
+Date: Fri, 4 Jan 2019 09:23:09 +0100
+Subject: [PATCH 05/15] cross-tree: phase out dma_zalloc_coherent()
+
+We already need to zero out memory for dma_alloc_coherent(), as such
+using dma_zalloc_coherent() is superflous. Phase it out.
+
+This change was generated with the following Coccinelle SmPL patch:
+
+@ replace_dma_zalloc_coherent @
+expression dev, size, data, handle, flags;
+@@
+
+-dma_zalloc_coherent(dev, size, handle, flags)
++dma_alloc_coherent(dev, size, handle, flags)
+
+Suggested-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
+[hch: re-ran the script on the latest tree]
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+---
+ drivers/crypto/amcc/crypto4xx_core.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -283,9 +283,9 @@ static u32 crypto4xx_put_pd_to_pdr(struc
+  */
+ static u32 crypto4xx_build_gdr(struct crypto4xx_device *dev)
+ {
+-	dev->gdr = dma_zalloc_coherent(dev->core_dev->device,
+-				       sizeof(struct ce_gd) * PPC4XX_NUM_GD,
+-				       &dev->gdr_pa, GFP_ATOMIC);
++	dev->gdr = dma_alloc_coherent(dev->core_dev->device,
++				      sizeof(struct ce_gd) * PPC4XX_NUM_GD,
++				      &dev->gdr_pa, GFP_ATOMIC);
+ 	if (!dev->gdr)
+ 		return -ENOMEM;
+ 
diff --git a/target/linux/apm821xx/patches-4.14/023-0006-crypto-crypto4xx-add-prng-crypto-support.patch b/target/linux/apm821xx/patches-4.14/023-0006-crypto-crypto4xx-add-prng-crypto-support.patch
new file mode 100644
index 0000000000..b20049c83e
--- /dev/null
+++ b/target/linux/apm821xx/patches-4.14/023-0006-crypto-crypto4xx-add-prng-crypto-support.patch
@@ -0,0 +1,199 @@
+From d072bfa4885354fff86aa1fb1dbc4f1533c9e0bf Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Sun, 23 Dec 2018 02:16:13 +0100
+Subject: [PATCH 06/15] crypto: crypto4xx - add prng crypto support
+
+This patch adds support for crypto4xx's ANSI X9.17 Annex C compliant
+pseudo random number generator which provides a pseudo random source
+for the purpose of generating  Initialization Vectors (IV's) for AES
+algorithms to the Packet Engine and other pseudo random number
+requirements.
+
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/amcc/crypto4xx_core.c    | 87 +++++++++++++++++++++++++
+ drivers/crypto/amcc/crypto4xx_core.h    |  4 ++
+ drivers/crypto/amcc/crypto4xx_reg_def.h |  1 +
+ 3 files changed, 92 insertions(+)
+
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -40,9 +40,11 @@
+ #include <crypto/ctr.h>
+ #include <crypto/gcm.h>
+ #include <crypto/sha.h>
++#include <crypto/rng.h>
+ #include <crypto/scatterwalk.h>
+ #include <crypto/skcipher.h>
+ #include <crypto/internal/aead.h>
++#include <crypto/internal/rng.h>
+ #include <crypto/internal/skcipher.h>
+ #include "crypto4xx_reg_def.h"
+ #include "crypto4xx_core.h"
+@@ -1035,6 +1037,10 @@ static int crypto4xx_register_alg(struct
+ 			rc = crypto_register_ahash(&alg->alg.u.hash);
+ 			break;
+ 
++		case CRYPTO_ALG_TYPE_RNG:
++			rc = crypto_register_rng(&alg->alg.u.rng);
++			break;
++
+ 		default:
+ 			rc = crypto_register_skcipher(&alg->alg.u.cipher);
+ 			break;
+@@ -1064,6 +1070,10 @@ static void crypto4xx_unregister_alg(str
+ 			crypto_unregister_aead(&alg->alg.u.aead);
+ 			break;
+ 
++		case CRYPTO_ALG_TYPE_RNG:
++			crypto_unregister_rng(&alg->alg.u.rng);
++			break;
++
+ 		default:
+ 			crypto_unregister_skcipher(&alg->alg.u.cipher);
+ 		}
+@@ -1122,6 +1132,69 @@ static irqreturn_t crypto4xx_ce_interrup
+ 		PPC4XX_TMO_ERR_INT);
+ }
+ 
++static int ppc4xx_prng_data_read(struct crypto4xx_device *dev,
++				 u8 *data, unsigned int max)
++{
++	unsigned int i, curr = 0;
++	u32 val[2];
++
++	do {
++		/* trigger PRN generation */
++		writel(PPC4XX_PRNG_CTRL_AUTO_EN,
++		       dev->ce_base + CRYPTO4XX_PRNG_CTRL);
++
++		for (i = 0; i < 1024; i++) {
++			/* usually 19 iterations are enough */
++			if ((readl(dev->ce_base + CRYPTO4XX_PRNG_STAT) &
++			     CRYPTO4XX_PRNG_STAT_BUSY))
++				continue;
++
++			val[0] = readl_be(dev->ce_base + CRYPTO4XX_PRNG_RES_0);
++			val[1] = readl_be(dev->ce_base + CRYPTO4XX_PRNG_RES_1);
++			break;
++		}
++		if (i == 1024)
++			return -ETIMEDOUT;
++
++		if ((max - curr) >= 8) {
++			memcpy(data, &val, 8);
++			data += 8;
++			curr += 8;
++		} else {
++			/* copy only remaining bytes */
++			memcpy(data, &val, max - curr);
++			break;
++		}
++	} while (curr < max);
++
++	return curr;
++}
++
++static int crypto4xx_prng_generate(struct crypto_rng *tfm,
++				   const u8 *src, unsigned int slen,
++				   u8 *dstn, unsigned int dlen)
++{
++	struct rng_alg *alg = crypto_rng_alg(tfm);
++	struct crypto4xx_alg *amcc_alg;
++	struct crypto4xx_device *dev;
++	int ret;
++
++	amcc_alg = container_of(alg, struct crypto4xx_alg, alg.u.rng);
++	dev = amcc_alg->dev;
++
++	mutex_lock(&dev->core_dev->rng_lock);
++	ret = ppc4xx_prng_data_read(dev, dstn, dlen);
++	mutex_unlock(&dev->core_dev->rng_lock);
++	return ret;
++}
++
++
++static int crypto4xx_prng_seed(struct crypto_rng *tfm, const u8 *seed,
++			unsigned int slen)
++{
++	return 0;
++}
++
+ /**
+  * Supported Crypto Algorithms
+  */
+@@ -1291,6 +1364,18 @@ static struct crypto4xx_alg_common crypt
+ 			.cra_module	= THIS_MODULE,
+ 		},
+ 	} },
++	{ .type = CRYPTO_ALG_TYPE_RNG, .u.rng = {
++		.base = {
++			.cra_name		= "stdrng",
++			.cra_driver_name        = "crypto4xx_rng",
++			.cra_priority		= 300,
++			.cra_ctxsize		= 0,
++			.cra_module		= THIS_MODULE,
++		},
++		.generate               = crypto4xx_prng_generate,
++		.seed                   = crypto4xx_prng_seed,
++		.seedsize               = 0,
++	} },
+ };
+ 
+ /**
+@@ -1360,6 +1445,7 @@ static int crypto4xx_probe(struct platfo
+ 	core_dev->dev->core_dev = core_dev;
+ 	core_dev->dev->is_revb = is_revb;
+ 	core_dev->device = dev;
++	mutex_init(&core_dev->rng_lock);
+ 	spin_lock_init(&core_dev->lock);
+ 	INIT_LIST_HEAD(&core_dev->dev->alg_list);
+ 	ratelimit_default_init(&core_dev->dev->aead_ratelimit);
+@@ -1439,6 +1525,7 @@ static int crypto4xx_remove(struct platf
+ 	tasklet_kill(&core_dev->tasklet);
+ 	/* Un-register with Linux CryptoAPI */
+ 	crypto4xx_unregister_alg(core_dev->dev);
++	mutex_destroy(&core_dev->rng_lock);
+ 	/* Free all allocated memory */
+ 	crypto4xx_stop_all(core_dev);
+ 
+--- a/drivers/crypto/amcc/crypto4xx_core.h
++++ b/drivers/crypto/amcc/crypto4xx_core.h
+@@ -23,8 +23,10 @@
+ #define __CRYPTO4XX_CORE_H__
+ 
+ #include <linux/ratelimit.h>
++#include <linux/mutex.h>
+ #include <crypto/internal/hash.h>
+ #include <crypto/internal/aead.h>
++#include <crypto/internal/rng.h>
+ #include <crypto/internal/skcipher.h>
+ #include "crypto4xx_reg_def.h"
+ #include "crypto4xx_sa.h"
+@@ -119,6 +121,7 @@ struct crypto4xx_core_device {
+ 	u32 irq;
+ 	struct tasklet_struct tasklet;
+ 	spinlock_t lock;
++	struct mutex rng_lock;
+ };
+ 
+ struct crypto4xx_ctx {
+@@ -143,6 +146,7 @@ struct crypto4xx_alg_common {
+ 		struct skcipher_alg cipher;
+ 		struct ahash_alg hash;
+ 		struct aead_alg aead;
++		struct rng_alg rng;
+ 	} u;
+ };
+ 
+--- a/drivers/crypto/amcc/crypto4xx_reg_def.h
++++ b/drivers/crypto/amcc/crypto4xx_reg_def.h
+@@ -100,6 +100,7 @@
+ #define CRYPTO4XX_ENDIAN_CFG			0x000600d8
+ 
+ #define CRYPTO4XX_PRNG_STAT			0x00070000
++#define CRYPTO4XX_PRNG_STAT_BUSY		0x1
+ #define CRYPTO4XX_PRNG_CTRL			0x00070004
+ #define CRYPTO4XX_PRNG_SEED_L			0x00070008
+ #define CRYPTO4XX_PRNG_SEED_H			0x0007000c
diff --git a/target/linux/apm821xx/patches-4.14/023-0007-crypto-crypto4xx-Fix-wrong-ppc4xx_trng_probe-ppc4xx_.patch b/target/linux/apm821xx/patches-4.14/023-0007-crypto-crypto4xx-Fix-wrong-ppc4xx_trng_probe-ppc4xx_.patch
new file mode 100644
index 0000000000..d2c3848820
--- /dev/null
+++ b/target/linux/apm821xx/patches-4.14/023-0007-crypto-crypto4xx-Fix-wrong-ppc4xx_trng_probe-ppc4xx_.patch
@@ -0,0 +1,39 @@
+From 6e88098ca43a3d80ae86908f7badba683c8a0d84 Mon Sep 17 00:00:00 2001
+From: Corentin Labbe <clabbe@baylibre.com>
+Date: Wed, 23 Jan 2019 11:24:18 +0000
+Subject: [PATCH 07/15] crypto: crypto4xx - Fix wrong
+ ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments
+
+When building without CONFIG_HW_RANDOM_PPC4XX, I hit the following build failure:
+drivers/crypto/amcc/crypto4xx_core.c: In function 'crypto4xx_probe':
+drivers/crypto/amcc/crypto4xx_core.c:1407:20: error: passing argument 1 of 'ppc4xx_trng_probe' from incompatible pointer type [-Werror=incompatible-pointer-types]
+In file included from drivers/crypto/amcc/crypto4xx_core.c:50:0:
+drivers/crypto/amcc/crypto4xx_trng.h:28:20: note: expected 'struct crypto4xx_device *' but argument is of type 'struct crypto4xx_core_device *'
+drivers/crypto/amcc/crypto4xx_core.c: In function 'crypto4xx_remove':
+drivers/crypto/amcc/crypto4xx_core.c:1434:21: error: passing argument 1 of 'ppc4xx_trng_remove' from incompatible pointer type [-Werror=incompatible-pointer-types]
+In file included from drivers/crypto/amcc/crypto4xx_core.c:50:0:
+drivers/crypto/amcc/crypto4xx_trng.h:30:20: note: expected 'struct crypto4xx_device *' but argument is of type 'struct crypto4xx_core_device *'
+
+This patch fix the needed argument of ppc4xx_trng_probe()/ppc4xx_trng_remove() in that case.
+
+Fixes: 5343e674f32f ("crypto4xx: integrate ppc4xx-rng into crypto4xx")
+Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/amcc/crypto4xx_trng.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_trng.h
++++ b/drivers/crypto/amcc/crypto4xx_trng.h
+@@ -26,9 +26,9 @@ void ppc4xx_trng_probe(struct crypto4xx_
+ void ppc4xx_trng_remove(struct crypto4xx_core_device *core_dev);
+ #else
+ static inline void ppc4xx_trng_probe(
+-	struct crypto4xx_device *dev __maybe_unused) { }
++	struct crypto4xx_core_device *dev __maybe_unused) { }
+ static inline void ppc4xx_trng_remove(
+-	struct crypto4xx_device *dev __maybe_unused) { }
++	struct crypto4xx_core_device *dev __maybe_unused) { }
+ #endif
+ 
+ #endif
diff --git a/target/linux/apm821xx/patches-4.14/023-0013-crypto-crypto4xx-fix-AES-CTR-blocksize-value.patch b/target/linux/apm821xx/patches-4.14/023-0013-crypto-crypto4xx-fix-AES-CTR-blocksize-value.patch
new file mode 100644
index 0000000000..eebcd0067a
--- /dev/null
+++ b/target/linux/apm821xx/patches-4.14/023-0013-crypto-crypto4xx-fix-AES-CTR-blocksize-value.patch
@@ -0,0 +1,60 @@
+From bfa2ba7d9e6b20aca82b99e6842fe18842ae3a0f Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Fri, 17 May 2019 23:15:57 +0200
+Subject: [PATCH 13/15] crypto: crypto4xx - fix AES CTR blocksize value
+
+This patch fixes a issue with crypto4xx's ctr(aes) that was
+discovered by libcapi's kcapi-enc-test.sh test.
+
+The some of the ctr(aes) encryptions test were failing on the
+non-power-of-two test:
+
+kcapi-enc - Error: encryption failed with error 0
+kcapi-enc - Error: decryption failed with error 0
+[FAILED: 32-bit - 5.1.0-rc1+] 15 bytes: STDIN / STDOUT enc test (128 bits):
+original file (1d100e..cc96184c) and generated file (e3b0c442..1b7852b855)
+[FAILED: 32-bit - 5.1.0-rc1+] 15 bytes: STDIN / STDOUT enc test (128 bits)
+(openssl generated CT): original file (e3b0..5) and generated file (3..8e)
+[PASSED: 32-bit - 5.1.0-rc1+] 15 bytes: STDIN / STDOUT enc test (128 bits)
+(openssl generated PT)
+[FAILED: 32-bit - 5.1.0-rc1+] 15 bytes: STDIN / STDOUT enc test (password):
+original file (1d1..84c) and generated file (e3b..852b855)
+
+But the 16, 32, 512, 65536 tests always worked.
+
+Thankfully, this isn't a hidden hardware problem like previously,
+instead this turned out to be a copy and paste issue.
+
+With this patch, all the tests are passing with and
+kcapi-enc-test.sh gives crypto4xx's a clean bill of health:
+ "Number of failures: 0" :).
+
+Cc: stable@vger.kernel.org
+Fixes: 98e87e3d933b ("crypto: crypto4xx - add aes-ctr support")
+Fixes: f2a13e7cba9e ("crypto: crypto4xx - enable AES RFC3686, ECB, CFB and OFB offloads")
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/amcc/crypto4xx_core.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -1248,7 +1248,7 @@ static struct crypto4xx_alg_common crypt
+ 			.cra_flags = CRYPTO_ALG_NEED_FALLBACK |
+ 				CRYPTO_ALG_ASYNC |
+ 				CRYPTO_ALG_KERN_DRIVER_ONLY,
+-			.cra_blocksize = AES_BLOCK_SIZE,
++			.cra_blocksize = 1,
+ 			.cra_ctxsize = sizeof(struct crypto4xx_ctx),
+ 			.cra_module = THIS_MODULE,
+ 		},
+@@ -1268,7 +1268,7 @@ static struct crypto4xx_alg_common crypt
+ 			.cra_priority = CRYPTO4XX_CRYPTO_PRIORITY,
+ 			.cra_flags = CRYPTO_ALG_ASYNC |
+ 				CRYPTO_ALG_KERN_DRIVER_ONLY,
+-			.cra_blocksize = AES_BLOCK_SIZE,
++			.cra_blocksize = 1,
+ 			.cra_ctxsize = sizeof(struct crypto4xx_ctx),
+ 			.cra_module = THIS_MODULE,
+ 		},
diff --git a/target/linux/apm821xx/patches-4.14/023-0014-crypto-crypto4xx-fix-blocksize-for-cfb-and-ofb.patch b/target/linux/apm821xx/patches-4.14/023-0014-crypto-crypto4xx-fix-blocksize-for-cfb-and-ofb.patch
new file mode 100644
index 0000000000..046fa6702a
--- /dev/null
+++ b/target/linux/apm821xx/patches-4.14/023-0014-crypto-crypto4xx-fix-blocksize-for-cfb-and-ofb.patch
@@ -0,0 +1,44 @@
+From 70c4997f34b6c6888b3ac157adec49e01d0df2d5 Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Sat, 18 May 2019 23:28:11 +0200
+Subject: [PATCH 14/15] crypto: crypto4xx - fix blocksize for cfb and ofb
+
+While the hardware consider them to be blockciphers, the
+reference implementation defines them as streamciphers.
+
+Do the right thing and set the blocksize to 1. This
+was found by CONFIG_CRYPTO_MANAGER_EXTRA_TESTS.
+
+This fixes the following issues:
+skcipher: blocksize for ofb-aes-ppc4xx (16) doesn't match generic impl (1)
+skcipher: blocksize for cfb-aes-ppc4xx (16) doesn't match generic impl (1)
+
+Cc: Eric Biggers <ebiggers@kernel.org>
+Cc: stable@vger.kernel.org
+Fixes: f2a13e7cba9e ("crypto: crypto4xx - enable AES RFC3686, ECB, CFB and OFB offloads")
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/amcc/crypto4xx_core.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -1227,7 +1227,7 @@ static struct crypto4xx_alg_common crypt
+ 			.cra_priority = CRYPTO4XX_CRYPTO_PRIORITY,
+ 			.cra_flags = CRYPTO_ALG_ASYNC |
+ 				CRYPTO_ALG_KERN_DRIVER_ONLY,
+-			.cra_blocksize = AES_BLOCK_SIZE,
++			.cra_blocksize = 1,
+ 			.cra_ctxsize = sizeof(struct crypto4xx_ctx),
+ 			.cra_module = THIS_MODULE,
+ 		},
+@@ -1307,7 +1307,7 @@ static struct crypto4xx_alg_common crypt
+ 			.cra_priority = CRYPTO4XX_CRYPTO_PRIORITY,
+ 			.cra_flags = CRYPTO_ALG_ASYNC |
+ 				CRYPTO_ALG_KERN_DRIVER_ONLY,
+-			.cra_blocksize = AES_BLOCK_SIZE,
++			.cra_blocksize = 1,
+ 			.cra_ctxsize = sizeof(struct crypto4xx_ctx),
+ 			.cra_module = THIS_MODULE,
+ 		},
diff --git a/target/linux/apm821xx/patches-4.14/023-0015-crypto-crypto4xx-block-ciphers-should-only-accept-co.patch b/target/linux/apm821xx/patches-4.14/023-0015-crypto-crypto4xx-block-ciphers-should-only-accept-co.patch
new file mode 100644
index 0000000000..2bb4741efd
--- /dev/null
+++ b/target/linux/apm821xx/patches-4.14/023-0015-crypto-crypto4xx-block-ciphers-should-only-accept-co.patch
@@ -0,0 +1,172 @@
+From 0f7a81374060828280fcfdfbaa162cb559017f9f Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Sat, 18 May 2019 23:28:12 +0200
+Subject: [PATCH 15/15] crypto: crypto4xx - block ciphers should only accept
+ complete blocks
+
+The hardware automatically zero pads incomplete block ciphers
+blocks without raising any errors. This is a screw-up. This
+was noticed by CONFIG_CRYPTO_MANAGER_EXTRA_TESTS tests that
+sent a incomplete blocks and expect them to fail.
+
+This fixes:
+cbc-aes-ppc4xx encryption unexpectedly succeeded on test vector
+"random: len=2409 klen=32"; expected_error=-22, cfg="random:
+may_sleep use_digest src_divs=[96.90%@+2295, 2.34%@+4066,
+0.32%@alignmask+12, 0.34%@+4087, 0.9%@alignmask+1787, 0.1%@+3767]
+iv_offset=6"
+
+ecb-aes-ppc4xx encryption unexpectedly succeeded on test vector
+"random: len=1011 klen=32"; expected_error=-22, cfg="random:
+may_sleep use_digest src_divs=[100.0%@alignmask+20]
+dst_divs=[3.12%@+3001, 96.88%@+4070]"
+
+Cc: Eric Biggers <ebiggers@kernel.org>
+Cc: stable@vger.kernel.org [4.19, 5.0 and 5.1]
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+---
+ drivers/crypto/amcc/crypto4xx_alg.c  | 36 +++++++++++++++++++---------
+ drivers/crypto/amcc/crypto4xx_core.c | 16 ++++++-------
+ drivers/crypto/amcc/crypto4xx_core.h | 10 ++++----
+ 3 files changed, 39 insertions(+), 23 deletions(-)
+
+--- a/drivers/crypto/amcc/crypto4xx_alg.c
++++ b/drivers/crypto/amcc/crypto4xx_alg.c
+@@ -76,12 +76,16 @@ static void set_dynamic_sa_command_1(str
+ }
+ 
+ static inline int crypto4xx_crypt(struct skcipher_request *req,
+-				  const unsigned int ivlen, bool decrypt)
++				  const unsigned int ivlen, bool decrypt,
++				  bool check_blocksize)
+ {
+ 	struct crypto_skcipher *cipher = crypto_skcipher_reqtfm(req);
+ 	struct crypto4xx_ctx *ctx = crypto_skcipher_ctx(cipher);
+ 	__le32 iv[AES_IV_SIZE];
+ 
++	if (check_blocksize && !IS_ALIGNED(req->cryptlen, AES_BLOCK_SIZE))
++		return -EINVAL;
++
+ 	if (ivlen)
+ 		crypto4xx_memcpy_to_le32(iv, req->iv, ivlen);
+ 
+@@ -90,24 +94,34 @@ static inline int crypto4xx_crypt(struct
+ 		ctx->sa_len, 0, NULL);
+ }
+ 
+-int crypto4xx_encrypt_noiv(struct skcipher_request *req)
++int crypto4xx_encrypt_noiv_block(struct skcipher_request *req)
++{
++	return crypto4xx_crypt(req, 0, false, true);
++}
++
++int crypto4xx_encrypt_iv_stream(struct skcipher_request *req)
++{
++	return crypto4xx_crypt(req, AES_IV_SIZE, false, false);
++}
++
++int crypto4xx_decrypt_noiv_block(struct skcipher_request *req)
+ {
+-	return crypto4xx_crypt(req, 0, false);
++	return crypto4xx_crypt(req, 0, true, true);
+ }
+ 
+-int crypto4xx_encrypt_iv(struct skcipher_request *req)
++int crypto4xx_decrypt_iv_stream(struct skcipher_request *req)
+ {
+-	return crypto4xx_crypt(req, AES_IV_SIZE, false);
++	return crypto4xx_crypt(req, AES_IV_SIZE, true, false);
+ }
+ 
+-int crypto4xx_decrypt_noiv(struct skcipher_request *req)
++int crypto4xx_encrypt_iv_block(struct skcipher_request *req)
+ {
+-	return crypto4xx_crypt(req, 0, true);
++	return crypto4xx_crypt(req, AES_IV_SIZE, false, true);
+ }
+ 
+-int crypto4xx_decrypt_iv(struct skcipher_request *req)
++int crypto4xx_decrypt_iv_block(struct skcipher_request *req)
+ {
+-	return crypto4xx_crypt(req, AES_IV_SIZE, true);
++	return crypto4xx_crypt(req, AES_IV_SIZE, true, true);
+ }
+ 
+ /**
+@@ -272,8 +286,8 @@ crypto4xx_ctr_crypt(struct skcipher_requ
+ 		return ret;
+ 	}
+ 
+-	return encrypt ? crypto4xx_encrypt_iv(req)
+-		       : crypto4xx_decrypt_iv(req);
++	return encrypt ? crypto4xx_encrypt_iv_stream(req)
++		       : crypto4xx_decrypt_iv_stream(req);
+ }
+ 
+ static int crypto4xx_sk_setup_fallback(struct crypto4xx_ctx *ctx,
+--- a/drivers/crypto/amcc/crypto4xx_core.c
++++ b/drivers/crypto/amcc/crypto4xx_core.c
+@@ -1215,8 +1215,8 @@ static struct crypto4xx_alg_common crypt
+ 		.max_keysize = AES_MAX_KEY_SIZE,
+ 		.ivsize	= AES_IV_SIZE,
+ 		.setkey = crypto4xx_setkey_aes_cbc,
+-		.encrypt = crypto4xx_encrypt_iv,
+-		.decrypt = crypto4xx_decrypt_iv,
++		.encrypt = crypto4xx_encrypt_iv_block,
++		.decrypt = crypto4xx_decrypt_iv_block,
+ 		.init = crypto4xx_sk_init,
+ 		.exit = crypto4xx_sk_exit,
+ 	} },
+@@ -1235,8 +1235,8 @@ static struct crypto4xx_alg_common crypt
+ 		.max_keysize = AES_MAX_KEY_SIZE,
+ 		.ivsize	= AES_IV_SIZE,
+ 		.setkey	= crypto4xx_setkey_aes_cfb,
+-		.encrypt = crypto4xx_encrypt_iv,
+-		.decrypt = crypto4xx_decrypt_iv,
++		.encrypt = crypto4xx_encrypt_iv_stream,
++		.decrypt = crypto4xx_decrypt_iv_stream,
+ 		.init = crypto4xx_sk_init,
+ 		.exit = crypto4xx_sk_exit,
+ 	} },
+@@ -1295,8 +1295,8 @@ static struct crypto4xx_alg_common crypt
+ 		.min_keysize = AES_MIN_KEY_SIZE,
+ 		.max_keysize = AES_MAX_KEY_SIZE,
+ 		.setkey	= crypto4xx_setkey_aes_ecb,
+-		.encrypt = crypto4xx_encrypt_noiv,
+-		.decrypt = crypto4xx_decrypt_noiv,
++		.encrypt = crypto4xx_encrypt_noiv_block,
++		.decrypt = crypto4xx_decrypt_noiv_block,
+ 		.init = crypto4xx_sk_init,
+ 		.exit = crypto4xx_sk_exit,
+ 	} },
+@@ -1315,8 +1315,8 @@ static struct crypto4xx_alg_common crypt
+ 		.max_keysize = AES_MAX_KEY_SIZE,
+ 		.ivsize	= AES_IV_SIZE,
+ 		.setkey	= crypto4xx_setkey_aes_ofb,
+-		.encrypt = crypto4xx_encrypt_iv,
+-		.decrypt = crypto4xx_decrypt_iv,
++		.encrypt = crypto4xx_encrypt_iv_stream,
++		.decrypt = crypto4xx_decrypt_iv_stream,
+ 		.init = crypto4xx_sk_init,
+ 		.exit = crypto4xx_sk_exit,
+ 	} },
+--- a/drivers/crypto/amcc/crypto4xx_core.h
++++ b/drivers/crypto/amcc/crypto4xx_core.h
+@@ -183,10 +183,12 @@ int crypto4xx_setkey_rfc3686(struct cryp
+ 			     const u8 *key, unsigned int keylen);
+ int crypto4xx_encrypt_ctr(struct skcipher_request *req);
+ int crypto4xx_decrypt_ctr(struct skcipher_request *req);
+-int crypto4xx_encrypt_iv(struct skcipher_request *req);
+-int crypto4xx_decrypt_iv(struct skcipher_request *req);
+-int crypto4xx_encrypt_noiv(struct skcipher_request *req);
+-int crypto4xx_decrypt_noiv(struct skcipher_request *req);
++int crypto4xx_encrypt_iv_stream(struct skcipher_request *req);
++int crypto4xx_decrypt_iv_stream(struct skcipher_request *req);
++int crypto4xx_encrypt_iv_block(struct skcipher_request *req);
++int crypto4xx_decrypt_iv_block(struct skcipher_request *req);
++int crypto4xx_encrypt_noiv_block(struct skcipher_request *req);
++int crypto4xx_decrypt_noiv_block(struct skcipher_request *req);
+ int crypto4xx_rfc3686_encrypt(struct skcipher_request *req);
+ int crypto4xx_rfc3686_decrypt(struct skcipher_request *req);
+ int crypto4xx_sha1_alg_init(struct crypto_tfm *tfm);