This is a note to let you know that I've just added the patch titled crypto: sha1-ssse3 - Disable avx2 to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: crypto-sha1-ssse3-disable-avx2.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From b82ce24426a4071da9529d726057e4e642948667 Mon Sep 17 00:00:00 2001 From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Date: Tue, 4 Jul 2017 12:21:12 +0800 Subject: crypto: sha1-ssse3 - Disable avx2 From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> commit b82ce24426a4071da9529d726057e4e642948667 upstream. It has been reported that sha1-avx2 can cause page faults by reading beyond the end of the input. This patch disables it until it can be fixed. Fixes: 7c1da8d0d046 ("crypto: sha - SHA1 transform x86_64 AVX2") Reported-by: Jan Stancek <jstancek@xxxxxxxxxx> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- arch/x86/crypto/sha1_ssse3_glue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/x86/crypto/sha1_ssse3_glue.c +++ b/arch/x86/crypto/sha1_ssse3_glue.c @@ -201,7 +201,7 @@ asmlinkage void sha1_transform_avx2(u32 static bool avx2_usable(void) { - if (avx_usable() && boot_cpu_has(X86_FEATURE_AVX2) + if (false && avx_usable() && boot_cpu_has(X86_FEATURE_AVX2) && boot_cpu_has(X86_FEATURE_BMI1) && boot_cpu_has(X86_FEATURE_BMI2)) return true; Patches currently in stable-queue which might be from herbert@xxxxxxxxxxxxxxxxxxx are queue-4.9/crypto-atmel-only-treat-ebusy-as-transient-if-backlog.patch queue-4.9/crypto-caam-properly-set-iv-after-en-de-crypt.patch queue-4.9/crypto-talitos-extend-max-key-length-for-sha384-512-hmac-and-aead.patch queue-4.9/crypto-caam-fix-signals-handling.patch queue-4.9/crypto-sha1-ssse3-disable-avx2.patch