5.4-stable patches

added patches:
	net-tls-fix-authentication-failure-in-ccm-mode.patch
	parisc-mark-cr16-cpu-clocksource-unstable-on-all-smp-machines.patch

diff --git a/queue-5.4/net-tls-fix-authentication-failure-in-ccm-mode.patch b/queue-5.4/net-tls-fix-authentication-failure-in-ccm-mode.patch
new file mode 100644 (file)
index 0000000..2303d6b
--- /dev/null
+++ b/queue-5.4/net-tls-fix-authentication-failure-in-ccm-mode.patch
@@ -0,0 +1,44 @@
+From 5961060692f8b17cd2080620a3d27b95d2ae05ca Mon Sep 17 00:00:00 2001
+From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+Date: Mon, 29 Nov 2021 17:32:12 +0800
+Subject: net/tls: Fix authentication failure in CCM mode
+
+From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+
+commit 5961060692f8b17cd2080620a3d27b95d2ae05ca upstream.
+
+When the TLS cipher suite uses CCM mode, including AES CCM and
+SM4 CCM, the first byte of the B0 block is flags, and the real
+IV starts from the second byte. The XOR operation of the IV and
+rec_seq should be skip this byte, that is, add the iv_offset.
+
+Fixes: f295b3ae9f59 ("net/tls: Add support of AES128-CCM based ciphers")
+Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+Cc: Vakul Garg <vakul.garg@nxp.com>
+Cc: stable@vger.kernel.org # v5.2+
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/tls/tls_sw.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/tls/tls_sw.c
++++ b/net/tls/tls_sw.c
+@@ -512,7 +512,7 @@ static int tls_do_encryption(struct sock
+       memcpy(&rec->iv_data[iv_offset], tls_ctx->tx.iv,
+              prot->iv_size + prot->salt_size);
+ 
+-      xor_iv_with_seq(prot->version, rec->iv_data, tls_ctx->tx.rec_seq);
++      xor_iv_with_seq(prot->version, rec->iv_data + iv_offset, tls_ctx->tx.rec_seq);
+ 
+       sge->offset += prot->prepend_size;
+       sge->length -= prot->prepend_size;
+@@ -1483,7 +1483,7 @@ static int decrypt_internal(struct sock
+       else
+               memcpy(iv + iv_offset, tls_ctx->rx.iv, prot->salt_size);
+ 
+-      xor_iv_with_seq(prot->version, iv, tls_ctx->rx.rec_seq);
++      xor_iv_with_seq(prot->version, iv + iv_offset, tls_ctx->rx.rec_seq);
+ 
+       /* Prepare AAD */
+       tls_make_aad(aad, rxm->full_len - prot->overhead_size +

diff --git a/queue-5.4/parisc-mark-cr16-cpu-clocksource-unstable-on-all-smp-machines.patch b/queue-5.4/parisc-mark-cr16-cpu-clocksource-unstable-on-all-smp-machines.patch
new file mode 100644 (file)
index 0000000..97b4bdc
--- /dev/null
+++ b/queue-5.4/parisc-mark-cr16-cpu-clocksource-unstable-on-all-smp-machines.patch
@@ -0,0 +1,64 @@
+From afdb4a5b1d340e4afffc65daa21cc71890d7d589 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Sat, 4 Dec 2021 21:21:46 +0100
+Subject: parisc: Mark cr16 CPU clocksource unstable on all SMP machines
+
+From: Helge Deller <deller@gmx.de>
+
+commit afdb4a5b1d340e4afffc65daa21cc71890d7d589 upstream.
+
+In commit c8c3735997a3 ("parisc: Enhance detection of synchronous cr16
+clocksources") I assumed that CPUs on the same physical core are syncronous.
+While booting up the kernel on two different C8000 machines, one with a
+dual-core PA8800 and one with a dual-core PA8900 CPU, this turned out to be
+wrong. The symptom was that I saw a jump in the internal clocks printed to the
+syslog and strange overall behaviour.  On machines which have 4 cores (2
+dual-cores) the problem isn't visible, because the current logic already marked
+the cr16 clocksource unstable in this case.
+
+This patch now marks the cr16 interval timers unstable if we have more than one
+CPU in the system, and it fixes this issue.
+
+Fixes: c8c3735997a3 ("parisc: Enhance detection of synchronous cr16 clocksources")
+Signed-off-by: Helge Deller <deller@gmx.de>
+Cc: <stable@vger.kernel.org> # v5.15+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/parisc/kernel/time.c |   24 +++++-------------------
+ 1 file changed, 5 insertions(+), 19 deletions(-)
+
+--- a/arch/parisc/kernel/time.c
++++ b/arch/parisc/kernel/time.c
+@@ -245,27 +245,13 @@ void __init time_init(void)
+ static int __init init_cr16_clocksource(void)
+ {
+       /*
+-       * The cr16 interval timers are not syncronized across CPUs on
+-       * different sockets, so mark them unstable and lower rating on
+-       * multi-socket SMP systems.
++       * The cr16 interval timers are not syncronized across CPUs, even if
++       * they share the same socket.
+        */
+       if (num_online_cpus() > 1 && !running_on_qemu) {
+-              int cpu;
+-              unsigned long cpu0_loc;
+-              cpu0_loc = per_cpu(cpu_data, 0).cpu_loc;
+-
+-              for_each_online_cpu(cpu) {
+-                      if (cpu == 0)
+-                              continue;
+-                      if ((cpu0_loc != 0) &&
+-                          (cpu0_loc == per_cpu(cpu_data, cpu).cpu_loc))
+-                              continue;
+-
+-                      clocksource_cr16.name = "cr16_unstable";
+-                      clocksource_cr16.flags = CLOCK_SOURCE_UNSTABLE;
+-                      clocksource_cr16.rating = 0;
+-                      break;
+-              }
++              clocksource_cr16.name = "cr16_unstable";
++              clocksource_cr16.flags = CLOCK_SOURCE_UNSTABLE;
++              clocksource_cr16.rating = 0;
+       }
+ 
+       /* XXX: We may want to mark sched_clock stable here if cr16 clocks are

diff --git a/queue-5.4/series b/queue-5.4/series
index 303ad89446410c0ad430cb8deffbc59de592aa22..a1a9ee7c3f71aec5a142b91de87e675414d5d8ba 100644 (file)
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -65,3 +65,5 @@ serial-core-fix-transmit-buffer-reset-and-memleak.patch
 serial-8250_pci-fix-acces-entries-in-pci_serial_quirks-array.patch
 serial-8250_pci-rewrite-pericom_do_set_divisor.patch
 iwlwifi-mvm-retry-init-flow-if-failed.patch
+parisc-mark-cr16-cpu-clocksource-unstable-on-all-smp-machines.patch
+net-tls-fix-authentication-failure-in-ccm-mode.patch