@@ -161,23 +161,26 @@ void fcw_bug_on(int cond)

 int fcw_warn_on(int cond)

 {

-	if(unlikely(cond))

+	int __ret_warn_on = !!(cond);

+	if(unlikely(__ret_warn_on))

 		__WARN();

-	return unlikely(cond);

+	return unlikely(__ret_warn_on);

 }

 int fcw_warn_on_once(int cond)

 {

-	if(unlikely(cond))

+	int __ret_warn_on = !!(cond);

+	if(unlikely(__ret_warn_on))

 		__WARN_FLAGS(BUGFLAG_ONCE | BUGFLAG_TAINT(TAINT_WARN));

-	return unlikely(cond);

+	return unlikely(__ret_warn_on);

 }

 int fcw_warn(int cond, const char *fmt, ...)

 {

-	if(unlikely(cond))

+	int __ret_warn_on = !!(cond);

+	if(unlikely(__ret_warn_on))

 		__WARN_printf(TAINT_WARN, fmt);

-	return unlikely(cond);

+	return unlikely(__ret_warn_on);

 }

 void *fcw_memcpy(void *dst, const void *src, size_t len)

new file mode 100644

@@ -0,0 +1,155 @@

+From 6dca4744eec08e19aaf344399833d9f482924267 Mon Sep 17 00:00:00 2001

+From: Keerthana K <keerthanak@vmware.com>

+Date: Wed, 29 Mar 2023 10:40:59 +0000

+Subject: [PATCH] aesni_intel: Remove static call

+

+Signed-off-by: Keerthana K <keerthanak@vmware.com>

+---

+ arch/x86/crypto/aesni-intel_glue.c | 47 ++++++++++++++++++------------

+ 1 file changed, 28 insertions(+), 19 deletions(-)

+

+diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c

+index 10420b2aa..0628c2bca 100644

+--- a/arch/x86/crypto/aesni-intel_glue.c

+@@ -34,7 +34,6 @@

+ #include <linux/jump_label.h>

+ #include <linux/workqueue.h>

+ #include <linux/spinlock.h>

+-#include <linux/static_call.h>

+ #include <crypto/gf128mul.h>

+ 

+ void fcw_kernel_fpu_begin(void);

+@@ -111,9 +110,11 @@ asmlinkage void aesni_xts_decrypt(const struct crypto_aes_ctx *ctx, u8 *out,

+ 

+ #ifdef CONFIG_X86_64

+ 

++static void (*aesni_ctr_enc_tfm)(struct crypto_aes_ctx *ctx, u8 *out,

++				const u8 *in, unsigned int len, u8 *iv);

++

+ asmlinkage void aesni_ctr_enc(struct crypto_aes_ctx *ctx, u8 *out,

+ 			      const u8 *in, unsigned int len, u8 *iv);

+-DEFINE_STATIC_CALL(aesni_ctr_enc_tfm, aesni_ctr_enc);

+ 

+ /* Scatter / Gather routines, with args similar to above */

+ asmlinkage void aesni_gcm_init(void *ctx,

+@@ -131,7 +132,6 @@ asmlinkage void aesni_gcm_dec_update(void *ctx,

+ asmlinkage void aesni_gcm_finalize(void *ctx,

+ 				   struct gcm_context_data *gdata,

+ 				   u8 *auth_tag, unsigned long auth_tag_len);

+-

+ asmlinkage void aes_ctr_enc_128_avx_by8(const u8 *in, u8 *iv,

+ 		void *keys, u8 *out, unsigned int num_bytes);

+ asmlinkage void aes_ctr_enc_192_avx_by8(const u8 *in, u8 *iv,

+@@ -175,6 +175,15 @@ asmlinkage void aesni_gcm_finalize_avx_gen2(void *ctx,

+ 				   struct gcm_context_data *gdata,

+ 				   u8 *auth_tag, unsigned long auth_tag_len);

+ 

++/*

++static const struct aesni_gcm_tfm_s aesni_gcm_tfm_avx_gen2 = {

++	.init = &aesni_gcm_init_avx_gen2,

++	.enc_update = &aesni_gcm_enc_update_avx_gen2,

++	.dec_update = &aesni_gcm_dec_update_avx_gen2,

++	.finalize = &aesni_gcm_finalize_avx_gen2,

++};

++*/

++

+ /*

+  * asmlinkage void aesni_gcm_init_avx_gen4()

+  * gcm_data *my_ctx_data, context data

+@@ -198,8 +207,8 @@ asmlinkage void aesni_gcm_finalize_avx_gen4(void *ctx,

+ 				   struct gcm_context_data *gdata,

+ 				   u8 *auth_tag, unsigned long auth_tag_len);

+ 

+-static __ro_after_init DEFINE_STATIC_KEY_FALSE(gcm_use_avx);

+-static __ro_after_init DEFINE_STATIC_KEY_FALSE(gcm_use_avx2);

++static __ro_after_init int gcm_use_avx = 0;

++static __ro_after_init int gcm_use_avx2 = 0;

+ 

+ static inline struct

+ aesni_rfc4106_gcm_ctx *aesni_rfc4106_gcm_ctx_get(struct crypto_aead *tfm)

+@@ -524,10 +533,9 @@ static int ctr_crypt(struct skcipher_request *req)

+ 	while ((nbytes = walk.nbytes) > 0) {

+ 		fcw_kernel_fpu_begin();

+ 		if (nbytes & AES_BLOCK_MASK)

+-			static_call(aesni_ctr_enc_tfm)(ctx, walk.dst.virt.addr,

+-						       walk.src.virt.addr,

+-						       nbytes & AES_BLOCK_MASK,

+-						       walk.iv);

++			aesni_ctr_enc_tfm(ctx, walk.dst.virt.addr, walk.src.virt.addr,

++						nbytes & AES_BLOCK_MASK, walk.iv);

++

+ 		nbytes &= ~AES_BLOCK_MASK;

+ 

+ 		if (walk.nbytes == walk.total && nbytes > 0) {

+@@ -712,10 +720,10 @@ static int gcmaes_crypt_by_sg(bool enc, struct aead_request *req,

+ 	}

+ 

+ 	fcw_kernel_fpu_begin();

+-	if (static_branch_likely(&gcm_use_avx2) && do_avx2)

++	if (likely(gcm_use_avx2) && do_avx2)

+ 		aesni_gcm_init_avx_gen4(aes_ctx, data, iv, hash_subkey, assoc,

+ 					assoclen);

+-	else if (static_branch_likely(&gcm_use_avx) && do_avx)

++	else if (likely(gcm_use_avx) && do_avx)

+ 		aesni_gcm_init_avx_gen2(aes_ctx, data, iv, hash_subkey, assoc,

+ 					assoclen);

+ 	else

+@@ -732,7 +740,7 @@ static int gcmaes_crypt_by_sg(bool enc, struct aead_request *req,

+ 

+ 	while (walk.nbytes > 0) {

+ 		fcw_kernel_fpu_begin();

+-		if (static_branch_likely(&gcm_use_avx2) && do_avx2) {

++		if (likely(gcm_use_avx2) && do_avx2) {

+ 			if (enc)

+ 				aesni_gcm_enc_update_avx_gen4(aes_ctx, data,

+ 							      walk.dst.virt.addr,

+@@ -743,7 +751,7 @@ static int gcmaes_crypt_by_sg(bool enc, struct aead_request *req,

+ 							      walk.dst.virt.addr,

+ 							      walk.src.virt.addr,

+ 							      walk.nbytes);

+-		} else if (static_branch_likely(&gcm_use_avx) && do_avx) {

++		} else if (likely(gcm_use_avx) && do_avx) {

+ 			if (enc)

+ 				aesni_gcm_enc_update_avx_gen2(aes_ctx, data,

+ 							      walk.dst.virt.addr,

+@@ -770,10 +778,10 @@ static int gcmaes_crypt_by_sg(bool enc, struct aead_request *req,

+ 		return err;

+ 

+ 	fcw_kernel_fpu_begin();

+-	if (static_branch_likely(&gcm_use_avx2) && do_avx2)

++	if (likely(gcm_use_avx2) && do_avx2)

+ 		aesni_gcm_finalize_avx_gen4(aes_ctx, data, auth_tag,

+ 					    auth_tag_len);

+-	else if (static_branch_likely(&gcm_use_avx) && do_avx)

++	else if (likely(gcm_use_avx) && do_avx)

+ 		aesni_gcm_finalize_avx_gen2(aes_ctx, data, auth_tag,

+ 					    auth_tag_len);

+ 	else

+@@ -1248,18 +1256,19 @@ static int __init aesni_init(void)

+ #ifdef CONFIG_X86_64

+ 	if (boot_cpu_has(X86_FEATURE_AVX2)) {

+ 		pr_info("AVX2 version of gcm_enc/dec engaged.\n");

+-		static_branch_enable(&gcm_use_avx);

+-		static_branch_enable(&gcm_use_avx2);

++		gcm_use_avx = 1;

++		gcm_use_avx2 = 1;

+ 	} else

+ 	if (boot_cpu_has(X86_FEATURE_AVX)) {

+ 		pr_info("AVX version of gcm_enc/dec engaged.\n");

+-		static_branch_enable(&gcm_use_avx);

++		gcm_use_avx = 1;

+ 	} else {

+ 		pr_info("SSE version of gcm_enc/dec engaged.\n");

+ 	}

++	aesni_ctr_enc_tfm = aesni_ctr_enc;

+ 	if (boot_cpu_has(X86_FEATURE_AVX)) {

+ 		/* optimize performance of ctr mode encryption transform */

+-		static_call_update(aesni_ctr_enc_tfm, aesni_ctr_enc_avx_tfm);

++		aesni_ctr_enc_tfm = aesni_ctr_enc_avx_tfm;

+ 		pr_info("AES CTR mode by8 optimization enabled\n");

+ 	}

+ #endif /* CONFIG_X86_64 */

+-- 

+2.19.0

+

deleted file mode 100644

@@ -1,229 +0,0 @@

-From f723aded2fac053eca30c6ca6be0387cab23509b Mon Sep 17 00:00:00 2001

-From: Keerthana K <keerthanak@vmware.com>

-Date: Wed, 7 Dec 2022 07:10:44 +0000

-Subject: [PATCH 4/4] aesni_intel_glue: Revert static calls with indirect calls

-

-Signed-off-by: Keerthana K <keerthanak@vmware.com>

- arch/x86/crypto/aesni-intel_glue.c | 111 +++++++++++++----------------

- 1 file changed, 50 insertions(+), 61 deletions(-)

-

-diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c

-index 10420b2aa..a6da1abb9 100644

-+++ b/arch/x86/crypto/aesni-intel_glue.c

-@@ -31,10 +31,8 @@

- #include <crypto/internal/aead.h>

- #include <crypto/internal/simd.h>

- #include <crypto/internal/skcipher.h>

--#include <linux/jump_label.h>

- #include <linux/workqueue.h>

- #include <linux/spinlock.h>

--#include <linux/static_call.h>

- #include <crypto/gf128mul.h>

- 

- void fcw_kernel_fpu_begin(void);

-@@ -111,9 +109,10 @@ asmlinkage void aesni_xts_decrypt(const struct crypto_aes_ctx *ctx, u8 *out,

- 

- #ifdef CONFIG_X86_64

- 

-+static void (*aesni_ctr_enc_tfm)(struct crypto_aes_ctx *ctx, u8 *out,

-+			      const u8 *in, unsigned int len, u8 *iv);

- asmlinkage void aesni_ctr_enc(struct crypto_aes_ctx *ctx, u8 *out,

- 			      const u8 *in, unsigned int len, u8 *iv);

--DEFINE_STATIC_CALL(aesni_ctr_enc_tfm, aesni_ctr_enc);

- 

- /* Scatter / Gather routines, with args similar to above */

- asmlinkage void aesni_gcm_init(void *ctx,

-@@ -132,6 +131,24 @@ asmlinkage void aesni_gcm_finalize(void *ctx,

- 				   struct gcm_context_data *gdata,

- 				   u8 *auth_tag, unsigned long auth_tag_len);

- 

-+static const struct aesni_gcm_tfm_s {

-+	void (*init)(void *ctx, struct gcm_context_data *gdata, u8 *iv,

-+		     u8 *hash_subkey, const u8 *aad, unsigned long aad_len);

-+	void (*enc_update)(void *ctx, struct gcm_context_data *gdata, u8 *out,

-+			   const u8 *in, unsigned long plaintext_len);

-+	void (*dec_update)(void *ctx, struct gcm_context_data *gdata, u8 *out,

-+			   const u8 *in, unsigned long ciphertext_len);

-+	void (*finalize)(void *ctx, struct gcm_context_data *gdata,

-+			 u8 *auth_tag, unsigned long auth_tag_len);

-+} *aesni_gcm_tfm;

-+

-+static const struct aesni_gcm_tfm_s aesni_gcm_tfm_sse = {

-+	.init = &aesni_gcm_init,

-+	.enc_update = &aesni_gcm_enc_update,

-+	.dec_update = &aesni_gcm_dec_update,

-+	.finalize = &aesni_gcm_finalize,

-+};

-+

- asmlinkage void aes_ctr_enc_128_avx_by8(const u8 *in, u8 *iv,

- 		void *keys, u8 *out, unsigned int num_bytes);

- asmlinkage void aes_ctr_enc_192_avx_by8(const u8 *in, u8 *iv,

-@@ -175,6 +192,13 @@ asmlinkage void aesni_gcm_finalize_avx_gen2(void *ctx,

- 				   struct gcm_context_data *gdata,

- 				   u8 *auth_tag, unsigned long auth_tag_len);

- 

-+static const struct aesni_gcm_tfm_s aesni_gcm_tfm_avx_gen2 = {

-+	.init = &aesni_gcm_init_avx_gen2,

-+	.enc_update = &aesni_gcm_enc_update_avx_gen2,

-+	.dec_update = &aesni_gcm_dec_update_avx_gen2,

-+	.finalize = &aesni_gcm_finalize_avx_gen2,

-+};

-+

- /*

-  * asmlinkage void aesni_gcm_init_avx_gen4()

-  * gcm_data *my_ctx_data, context data

-@@ -198,8 +222,12 @@ asmlinkage void aesni_gcm_finalize_avx_gen4(void *ctx,

- 				   struct gcm_context_data *gdata,

- 				   u8 *auth_tag, unsigned long auth_tag_len);

- 

--static __ro_after_init DEFINE_STATIC_KEY_FALSE(gcm_use_avx);

--static __ro_after_init DEFINE_STATIC_KEY_FALSE(gcm_use_avx2);

-+static const struct aesni_gcm_tfm_s aesni_gcm_tfm_avx_gen4 = {

-+	.init = &aesni_gcm_init_avx_gen4,

-+	.enc_update = &aesni_gcm_enc_update_avx_gen4,

-+	.dec_update = &aesni_gcm_dec_update_avx_gen4,

-+	.finalize = &aesni_gcm_finalize_avx_gen4,

-+};

- 

- static inline struct

- aesni_rfc4106_gcm_ctx *aesni_rfc4106_gcm_ctx_get(struct crypto_aead *tfm)

-@@ -524,10 +552,8 @@ static int ctr_crypt(struct skcipher_request *req)

- 	while ((nbytes = walk.nbytes) > 0) {

- 		fcw_kernel_fpu_begin();

- 		if (nbytes & AES_BLOCK_MASK)

--			static_call(aesni_ctr_enc_tfm)(ctx, walk.dst.virt.addr,

--						       walk.src.virt.addr,

--						       nbytes & AES_BLOCK_MASK,

--						       walk.iv);

-+			aesni_ctr_enc_tfm(ctx, walk.dst.virt.addr, walk.src.virt.addr,

-+				              nbytes & AES_BLOCK_MASK, walk.iv);

- 		nbytes &= ~AES_BLOCK_MASK;

- 

- 		if (walk.nbytes == walk.total && nbytes > 0) {

-@@ -678,12 +704,12 @@ static int gcmaes_crypt_by_sg(bool enc, struct aead_request *req,

- 			      u8 *iv, void *aes_ctx, u8 *auth_tag,

- 			      unsigned long auth_tag_len)

- {

-+	const struct aesni_gcm_tfm_s *gcm_tfm = aesni_gcm_tfm;

- 	u8 databuf[sizeof(struct gcm_context_data) + (AESNI_ALIGN - 8)] __aligned(8);

- 	struct gcm_context_data *data = PTR_ALIGN((void *)databuf, AESNI_ALIGN);

- 	unsigned long left = req->cryptlen;

- 	struct scatter_walk assoc_sg_walk;

- 	struct skcipher_walk walk;

--	bool do_avx, do_avx2;

- 	u8 *assocmem = NULL;

- 	u8 *assoc;

- 	int err;

-@@ -691,8 +717,10 @@ static int gcmaes_crypt_by_sg(bool enc, struct aead_request *req,

- 	if (!enc)

- 		left -= auth_tag_len;

- 

--	do_avx = (left >= AVX_GEN2_OPTSIZE);

--	do_avx2 = (left >= AVX_GEN4_OPTSIZE);

-+	if (left < AVX_GEN4_OPTSIZE && gcm_tfm == &aesni_gcm_tfm_avx_gen4)

-+		gcm_tfm = &aesni_gcm_tfm_avx_gen2;

-+	if (left < AVX_GEN2_OPTSIZE && gcm_tfm == &aesni_gcm_tfm_avx_gen2)

-+		gcm_tfm = &aesni_gcm_tfm_sse;

- 

- 	/* Linearize assoc, if not already linear */

- 	if (req->src->length >= assoclen && req->src->length) {

-@@ -712,14 +740,7 @@ static int gcmaes_crypt_by_sg(bool enc, struct aead_request *req,

- 	}

- 

- 	fcw_kernel_fpu_begin();

--	if (static_branch_likely(&gcm_use_avx2) && do_avx2)

--		aesni_gcm_init_avx_gen4(aes_ctx, data, iv, hash_subkey, assoc,

--					assoclen);

--	else if (static_branch_likely(&gcm_use_avx) && do_avx)

--		aesni_gcm_init_avx_gen2(aes_ctx, data, iv, hash_subkey, assoc,

--					assoclen);

--	else

--		aesni_gcm_init(aes_ctx, data, iv, hash_subkey, assoc, assoclen);

-+	gcm_tfm->init(aes_ctx, data, iv, hash_subkey, assoc, assoclen);

- 	fcw_kernel_fpu_end();

- 

- 	if (!assocmem)

-@@ -732,35 +753,9 @@ static int gcmaes_crypt_by_sg(bool enc, struct aead_request *req,

- 

- 	while (walk.nbytes > 0) {

- 		fcw_kernel_fpu_begin();

--		if (static_branch_likely(&gcm_use_avx2) && do_avx2) {

--			if (enc)

--				aesni_gcm_enc_update_avx_gen4(aes_ctx, data,

--							      walk.dst.virt.addr,

--							      walk.src.virt.addr,

--							      walk.nbytes);

--			else

--				aesni_gcm_dec_update_avx_gen4(aes_ctx, data,

--							      walk.dst.virt.addr,

--							      walk.src.virt.addr,

--							      walk.nbytes);

--		} else if (static_branch_likely(&gcm_use_avx) && do_avx) {

--			if (enc)

--				aesni_gcm_enc_update_avx_gen2(aes_ctx, data,

--							      walk.dst.virt.addr,

--							      walk.src.virt.addr,

--							      walk.nbytes);

--			else

--				aesni_gcm_dec_update_avx_gen2(aes_ctx, data,

--							      walk.dst.virt.addr,

--							      walk.src.virt.addr,

--							      walk.nbytes);

--		} else if (enc) {

--			aesni_gcm_enc_update(aes_ctx, data, walk.dst.virt.addr,

--					     walk.src.virt.addr, walk.nbytes);

--		} else {

--			aesni_gcm_dec_update(aes_ctx, data, walk.dst.virt.addr,

--					     walk.src.virt.addr, walk.nbytes);

--		}

-+		(enc ? gcm_tfm->enc_update

-+		     : gcm_tfm->dec_update)(aes_ctx, data, walk.dst.virt.addr,

-+					    walk.src.virt.addr, walk.nbytes);

- 		fcw_kernel_fpu_end();

- 

- 		err = skcipher_walk_done(&walk, 0);

-@@ -770,14 +765,7 @@ static int gcmaes_crypt_by_sg(bool enc, struct aead_request *req,

- 		return err;

- 

- 	fcw_kernel_fpu_begin();

--	if (static_branch_likely(&gcm_use_avx2) && do_avx2)

--		aesni_gcm_finalize_avx_gen4(aes_ctx, data, auth_tag,

--					    auth_tag_len);

--	else if (static_branch_likely(&gcm_use_avx) && do_avx)

--		aesni_gcm_finalize_avx_gen2(aes_ctx, data, auth_tag,

--					    auth_tag_len);

--	else

--		aesni_gcm_finalize(aes_ctx, data, auth_tag, auth_tag_len);

-+	gcm_tfm->finalize(aes_ctx, data, auth_tag, auth_tag_len);

- 	fcw_kernel_fpu_end();

- 

- 	return 0;

-@@ -1248,18 +1236,19 @@ static int __init aesni_init(void)

- #ifdef CONFIG_X86_64

- 	if (boot_cpu_has(X86_FEATURE_AVX2)) {

- 		pr_info("AVX2 version of gcm_enc/dec engaged.\n");

--		static_branch_enable(&gcm_use_avx);

--		static_branch_enable(&gcm_use_avx2);

-+		aesni_gcm_tfm = &aesni_gcm_tfm_avx_gen4;

- 	} else

- 	if (boot_cpu_has(X86_FEATURE_AVX)) {

- 		pr_info("AVX version of gcm_enc/dec engaged.\n");

--		static_branch_enable(&gcm_use_avx);

-+		aesni_gcm_tfm = &aesni_gcm_tfm_avx_gen2;

- 	} else {

- 		pr_info("SSE version of gcm_enc/dec engaged.\n");

-+		aesni_gcm_tfm = &aesni_gcm_tfm_sse;

- 	}

-+	aesni_ctr_enc_tfm = aesni_ctr_enc;

- 	if (boot_cpu_has(X86_FEATURE_AVX)) {

- 		/* optimize performance of ctr mode encryption transform */

--		static_call_update(aesni_ctr_enc_tfm, aesni_ctr_enc_avx_tfm);

-+		aesni_ctr_enc_tfm = aesni_ctr_enc_avx_tfm;

- 		pr_info("AES CTR mode by8 optimization enabled\n");

- 	}

- #endif /* CONFIG_X86_64 */

-2.38.1

-

@@ -684,7 +684,7 @@ index 016f785b8..714ff4e6d 100644

 -

 -	for (i = 0; i < ndigits; i++)

 -		dest[i] = src[i];

-+	fcw_memcpy(dest, src, sizeof(u64)*ndigits);

++	fcw_memcpy(dest, src, sizeof(u64) * ndigits);

  }

  /* Returns sign of left - right. */

@@ -693,7 +693,7 @@ index 016f785b8..714ff4e6d 100644

  	u64 yy[ECC_MAX_DIGITS], xxx[ECC_MAX_DIGITS], w[ECC_MAX_DIGITS];

 -	if (WARN_ON(pk->ndigits != curve->g.ndigits))

-+	if (fcw_warn_on(!!(pk->ndigits != curve->g.ndigits)))

++	if (fcw_warn_on(pk->ndigits != curve->g.ndigits))

  		return -EINVAL;

  	/* Check 1: Verify key is not the zero point. */

@@ -907,7 +907,7 @@ index 826dd0833..88039140f 100644

  	int err;

 -	if (WARN_ON(req->dst) || WARN_ON(!digest_size) ||

-+	if (fcw_warn_on(!!(req->dst)) || fcw_warn_on(!!(!digest_size)) ||

++	if (fcw_warn_on(req->dst) || fcw_warn_on(!digest_size) ||

  	    !ctx->key_size || sig_size != ctx->key_size)

  		return -EINVAL;

@@ -1062,7 +1062,7 @@ index 98422b8da..592ce69c3 100644

  	BUILD_BUG_ON(ARRAY_SIZE(partitions) != ARRAY_SIZE(tsgl->sgl));

 -	if (WARN_ON(ndivs > ARRAY_SIZE(partitions)))

-+	if (fcw_warn_on(!!(ndivs > ARRAY_SIZE(partitions))))

++	if (fcw_warn_on(ndivs > ARRAY_SIZE(partitions)))

  		return -EINVAL;

  	/* Calculate the (div, length) pairs */

@@ -1071,7 +1071,7 @@ index 98422b8da..592ce69c3 100644

  		while (offset + partitions[i].length + TESTMGR_POISON_LEN >

  		       2 * PAGE_SIZE) {

 -			if (WARN_ON(offset <= 0))

-+			if (fcw_warn_on(!!(offset <= 0)))

++			if (fcw_warn_on(offset <= 0))

  				return -EINVAL;

  			offset /= 2;

  		}

@@ -1089,7 +1089,7 @@ index 98422b8da..592ce69c3 100644

 -			copied = copy_from_iter(addr, copy_len, data);

 -			if (WARN_ON(copied != copy_len))

 +			copied = fcw_copy_from_iter(addr, copy_len, data);

-+			if (fcw_warn_on(!!(copied != copy_len)))

++			if (fcw_warn_on(copied != copy_len))

  				return -EINVAL;

  			testmgr_poison(addr + copy_len, partitions[i].length +

  				       TESTMGR_POISON_LEN - copy_len);

@@ -1116,7 +1116,7 @@ index 98422b8da..592ce69c3 100644

  		expected_output += len;

  	}

 -	if (WARN_ON(len_to_check != 0))

-+	if (fcw_warn_on(!!(len_to_check != 0)))

++	if (fcw_warn_on(len_to_check != 0))

  		return -EINVAL;

  	return 0;

  }

@@ -1146,7 +1146,7 @@ index 98422b8da..592ce69c3 100644

  	}

 -	WARN_ON_ONCE(!valid_testvec_config(cfg));

-+	fcw_warn_on_once(!!(!valid_testvec_config(cfg)));

++	fcw_warn_on_once((!valid_testvec_config(cfg)));

  }

  static void crypto_disable_simd_for_test(void)

@@ -1191,7 +1191,7 @@ index 98422b8da..592ce69c3 100644

  	/* The IV must be copied to a buffer, as the algorithm may modify it */

 -	if (WARN_ON(ivsize > MAX_IVLEN))

-+	if (fcw_warn_on(!!(ivsize > MAX_IVLEN)))

++	if (fcw_warn_on(ivsize > MAX_IVLEN))

  		return -EINVAL;

  	if (vec->iv)

 -		memcpy(iv, vec->iv, ivsize);

@@ -1230,7 +1230,7 @@ index 98422b8da..592ce69c3 100644

  	if (prefer_inauthentic && authsize < MIN_COLLISION_FREE_AUTHSIZE)

  		authsize = MIN_COLLISION_FREE_AUTHSIZE;

 -	if (WARN_ON(authsize > maxdatasize))

-+	if (fcw_warn_on(!!(authsize > maxdatasize)))

++	if (fcw_warn_on(authsize > maxdatasize))

  		authsize = maxdatasize;

  	maxdatasize -= authsize;

  	vec->setauthsize_error = crypto_aead_setauthsize(tfm, authsize);

@@ -1239,7 +1239,7 @@ index 98422b8da..592ce69c3 100644

  		ret = -EINVAL;

 -		if (WARN_ON(template[i].len > PAGE_SIZE))

-+		if (fcw_warn_on(!!(template[i].len > PAGE_SIZE)))

++		if (fcw_warn_on(template[i].len > PAGE_SIZE))

  			goto out;

  		data = xbuf[0];

@@ -1253,7 +1253,7 @@ index 98422b8da..592ce69c3 100644

  	/* The IV must be copied to a buffer, as the algorithm may modify it */

  	if (ivsize) {

 -		if (WARN_ON(ivsize > MAX_IVLEN))

-+		if (fcw_warn_on(!!(ivsize > MAX_IVLEN)))

++		if (fcw_warn_on(ivsize > MAX_IVLEN))

  			return -EINVAL;

  		if (vec->generates_iv && !enc)

 -			memcpy(iv, vec->iv_out, ivsize);

@@ -1350,7 +1350,7 @@ index 98422b8da..592ce69c3 100644

  	err = -E2BIG;

 -	if (WARN_ON(m_size > PAGE_SIZE))

-+	if (fcw_warn_on(!!(m_size > PAGE_SIZE)))

++	if (fcw_warn_on(m_size > PAGE_SIZE))

  		goto free_all;

 -	memcpy(xbuf[0], m, m_size);

 +	fcw_memcpy(xbuf[0], m, m_size);

@@ -1362,7 +1362,7 @@ index 98422b8da..592ce69c3 100644

 +	fcw_sg_set_buf(&src_tab[1], xbuf[0] + 8, m_size - 8);

  	if (vecs->siggen_sigver_test) {

 -		if (WARN_ON(c_size > PAGE_SIZE))

-+		if (fcw_warn_on(!!(c_size > PAGE_SIZE)))

++		if (fcw_warn_on(c_size > PAGE_SIZE))

  			goto free_all;

 -		memcpy(xbuf[1], c, c_size);

 -		sg_set_buf(&src_tab[2], xbuf[1], c_size);

@@ -1376,7 +1376,7 @@ index 98422b8da..592ce69c3 100644

  	err = -E2BIG;

  	op = vecs->siggen_sigver_test ? "sign" : "decrypt";

 -	if (WARN_ON(c_size > PAGE_SIZE))

-+	if (fcw_warn_on(!!(c_size > PAGE_SIZE)))

++	if (fcw_warn_on(c_size > PAGE_SIZE))

  		goto free_all;

 -	memcpy(xbuf[0], c, c_size);

 +	fcw_memcpy(xbuf[0], c, c_size);

@@ -1388,14 +1388,14 @@ index 98422b8da..592ce69c3 100644

  				  alg_test_descs[i].alg);

 -		if (WARN_ON(diff > 0)) {

-+		if (fcw_warn_on(!!(diff > 0))) {

++		if (fcw_warn_on(diff > 0)) {

  			pr_warn("testmgr: alg_test_descs entries in wrong order: '%s' before '%s'\n",

  				alg_test_descs[i - 1].alg,

  				alg_test_descs[i].alg);

  		}

 -		if (WARN_ON(diff == 0)) {

-+		if (fcw_warn_on(!!(diff == 0))) {

++		if (fcw_warn_on(diff == 0)) {

  			pr_warn("testmgr: duplicate alg_test_descs entry: '%s'\n",

  				alg_test_descs[i].alg);

  		}

@@ -1405,13 +1405,13 @@ index 98422b8da..592ce69c3 100644

  	for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++)

 -		WARN_ON(!valid_testvec_config(

 -				&default_cipher_testvec_configs[i]));

-+		fcw_warn_on(!!(!valid_testvec_config(

++		fcw_warn_on((!valid_testvec_config(

 +				&default_cipher_testvec_configs[i])));

  	for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++)

 -		WARN_ON(!valid_testvec_config(

 -				&default_hash_testvec_configs[i]));

-+		fcw_warn_on(!!(!valid_testvec_config(

++		fcw_warn_on((!valid_testvec_config(

 +				&default_hash_testvec_configs[i])));

  }

@@ -1421,7 +1421,7 @@ index 98422b8da..592ce69c3 100644

  		pr_warn("alg: self-tests for %s using %s failed (rc=%d)",

  			alg, driver, rc);

 -		WARN(rc != -ENOENT,

-+		fcw_warn(!!(rc != -ENOENT),

++		fcw_warn(rc != -ENOENT,

  		     "alg: self-tests for %s using %s failed (rc=%d)",

  		     alg, driver, rc);

  	} else {

@@ -5055,11 +5055,9 @@ CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y

 CONFIG_ZERO_CALL_USED_REGS=y

 # end of Memory initialization

-# CONFIG_RANDSTRUCT_NONE is not set

+CONFIG_RANDSTRUCT_NONE=y

 # CONFIG_RANDSTRUCT_FULL is not set

-CONFIG_RANDSTRUCT_PERFORMANCE=y

-CONFIG_RANDSTRUCT=y

-CONFIG_GCC_PLUGIN_RANDSTRUCT=y

+# CONFIG_RANDSTRUCT_PERFORMANCE is not set

 # end of Kernel hardening options

 # end of Security options

@@ -5500,6 +5498,7 @@ CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y

 # CONFIG_DEBUG_INFO_REDUCED is not set

 # CONFIG_DEBUG_INFO_COMPRESSED is not set

 # CONFIG_DEBUG_INFO_SPLIT is not set

+# CONFIG_DEBUG_INFO_BTF is not set

 # CONFIG_GDB_SCRIPTS is not set

 CONFIG_FRAME_WARN=2048

 CONFIG_STRIP_ASM_SYMS=y

@@ -16,7 +16,7 @@

 Summary:        Kernel

 Name:           linux-secure

 Version:        6.1.10

-Release:        12%{?kat_build:.kat}%{?dist}

+Release:        13%{?kat_build:.kat}%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org

 Group:          System Environment/Kernel

@@ -125,10 +125,10 @@ Patch512: 0003-FIPS-broken-kattest.patch

 %if 0%{?canister_build}

 Patch10000:      6.1.10-8-0001-FIPS-canister-binary-usage.patch

 Patch10001:      0002-FIPS-canister-creation.patch

-Patch10003:      0003-aesni_intel_glue-Revert-static-calls-with-indirect-c.patch

-Patch10004:      0004-Disable-retpoline_sites-and-return_sites-section-in-.patch

-Patch10005:      0005-Move-__bug_table-section-to-fips_canister_wrapper.patch

-Patch10006:      0001-scripts-kallsyms-Extra-kallsyms-parsing.patch

+Patch10002:      0003-aesni_intel-Remove-static-call.patch

+Patch10003:      0004-Disable-retpoline_sites-and-return_sites-section-in-.patch

+Patch10004:      0005-Move-__bug_table-section-to-fips_canister_wrapper.patch

+Patch10005:      0001-scripts-kallsyms-Extra-kallsyms-parsing.patch

 %endif

 BuildArch:      x86_64

@@ -223,7 +223,7 @@ The kernel fips-canister

 %endif

 %if 0%{?canister_build}

-%autopatch -p1 -m10000 -M10006

+%autopatch -p1 -m10000 -M10005

 %endif

 %build

@@ -252,7 +252,6 @@ sed -i 's/CONFIG_LOCALVERSION="-secure"/CONFIG_LOCALVERSION="-%{release}-secure"

 %if 0%{?canister_build}

 sed -i "s/CONFIG_DEBUG_LIST=y/# CONFIG_DEBUG_LIST is not set/" .config

 sed -i "s/CONFIG_BUG_ON_DATA_CORRUPTION=y/# CONFIG_BUG_ON_DATA_CORRUPTION is not set/" .config

-#sed -i "/# CONFIG_DEBUG_INFO_DWARF4 is not set/a  # CONFIG_DEBUG_INFO_BTF is not set" .config

 sed -i "s/CONFIG_CRYPTO_AEAD=m/CONFIG_CRYPTO_AEAD=y/" .config

 sed -i "s/CONFIG_CRYPTO_SIMD=m/CONFIG_CRYPTO_SIMD=y/" .config

 sed -i "s/CONFIG_CRYPTO_AES_NI_INTEL=m/CONFIG_CRYPTO_AES_NI_INTEL=y/" .config

@@ -386,6 +385,9 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 %endif

 %changelog

+* Fri May 19 2023 Keerthana K <keerthanak@vmware.com> 6.1.10-13

+- Fix static call patch and disable RANDSTRUCT

+- Update fcw_warn_on, fcw_warn and fcw_warn_on_once calls in canister

 * Wed May 17 2023 Keerthana K <keerthanak@vmware.com> 6.1.10-12

 - Disable special sections from canister

 * Tue Apr 25 2023 Shreenidhi Shedi <sshedi@vmware.com> 6.1.10-11