--- /dev/null
+From aa54ea903abb02303bf55855fb51e3fcee135d70 Mon Sep 17 00:00:00 2001
+From: Grygorii Strashko <grygorii.strashko@ti.com>
+Date: Thu, 30 Jul 2020 22:05:01 +0300
+Subject: ARM: percpu.h: fix build error
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Grygorii Strashko <grygorii.strashko@ti.com>
+
+commit aa54ea903abb02303bf55855fb51e3fcee135d70 upstream.
+
+Fix build error for the case:
+ defined(CONFIG_SMP) && !defined(CONFIG_CPU_V6)
+
+config: keystone_defconfig
+
+ CC arch/arm/kernel/signal.o
+ In file included from ../include/linux/random.h:14,
+ from ../arch/arm/kernel/signal.c:8:
+ ../arch/arm/include/asm/percpu.h: In function ‘__my_cpu_offset’:
+ ../arch/arm/include/asm/percpu.h:29:34: error: ‘current_stack_pointer’ undeclared (first use in this function); did you mean ‘user_stack_pointer’?
+ : "Q" (*(const unsigned long *)current_stack_pointer));
+ ^~~~~~~~~~~~~~~~~~~~~
+ user_stack_pointer
+
+Fixes: f227e3ec3b5c ("random32: update the net random state on interrupt and activity")
+Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/include/asm/percpu.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/arm/include/asm/percpu.h
++++ b/arch/arm/include/asm/percpu.h
+@@ -16,6 +16,8 @@
+ #ifndef _ASM_ARM_PERCPU_H_
+ #define _ASM_ARM_PERCPU_H_
+
++#include <asm/thread_info.h>
++
+ /*
+ * Same as asm-generic/percpu.h, except that we store the per cpu offset
+ * in the TPIDRPRW. TPIDRPRW only exists on V6K and V7
--- /dev/null
+From 1c9df907da83812e4f33b59d3d142c864d9da57f Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Thu, 30 Jul 2020 07:59:24 +0200
+Subject: random: fix circular include dependency on arm64 after addition of percpu.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Willy Tarreau <w@1wt.eu>
+
+commit 1c9df907da83812e4f33b59d3d142c864d9da57f upstream.
+
+Daniel Díaz and Kees Cook independently reported that commit
+f227e3ec3b5c ("random32: update the net random state on interrupt and
+activity") broke arm64 due to a circular dependency on include files
+since the addition of percpu.h in random.h.
+
+The correct fix would definitely be to move all the prandom32 stuff out
+of random.h but for backporting, a smaller solution is preferred.
+
+This one replaces linux/percpu.h with asm/percpu.h, and this fixes the
+problem on x86_64, arm64, arm, and mips. Note that moving percpu.h
+around didn't change anything and that removing it entirely broke
+differently. When backporting, such options might still be considered
+if this patch fails to help.
+
+[ It turns out that an alternate fix seems to be to just remove the
+ troublesome <asm/pointer_auth.h> remove from the arm64 <asm/smp.h>
+ that causes the circular dependency.
+
+ But we might as well do the whole belt-and-suspenders thing, and
+ minimize inclusion in <linux/random.h> too. Either will fix the
+ problem, and both are good changes. - Linus ]
+
+Reported-by: Daniel Díaz <daniel.diaz@linaro.org>
+Reported-by: Kees Cook <keescook@chromium.org>
+Tested-by: Marc Zyngier <maz@kernel.org>
+Fixes: f227e3ec3b5c
+Cc: Stephen Rothwell <sfr@canb.auug.org.au>
+Signed-off-by: Willy Tarreau <w@1wt.eu>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/random.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/linux/random.h
++++ b/include/linux/random.h
+@@ -8,7 +8,7 @@
+
+ #include <linux/list.h>
+ #include <linux/once.h>
+-#include <linux/percpu.h>
++#include <asm/percpu.h>
+
+ #include <uapi/linux/random.h>
+
--- /dev/null
+From c0842fbc1b18c7a044e6ff3e8fa78bfa822c7d1a Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Fri, 31 Jul 2020 07:51:14 +0200
+Subject: random32: move the pseudo-random 32-bit definitions to prandom.h
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit c0842fbc1b18c7a044e6ff3e8fa78bfa822c7d1a upstream.
+
+The addition of percpu.h to the list of includes in random.h revealed
+some circular dependencies on arm64 and possibly other platforms. This
+include was added solely for the pseudo-random definitions, which have
+nothing to do with the rest of the definitions in this file but are
+still there for legacy reasons.
+
+This patch moves the pseudo-random parts to linux/prandom.h and the
+percpu.h include with it, which is now guarded by _LINUX_PRANDOM_H and
+protected against recursive inclusion.
+
+A further cleanup step would be to remove this from <linux/random.h>
+entirely, and make people who use the prandom infrastructure include
+just the new header file. That's a bit of a churn patch, but grepping
+for "prandom_" and "next_pseudo_random32" "struct rnd_state" should
+catch most users.
+
+But it turns out that that nice cleanup step is fairly painful, because
+a _lot_ of code currently seems to depend on the implicit include of
+<linux/random.h>, which can currently come in a lot of ways, including
+such fairly core headfers as <linux/net.h>.
+
+So the "nice cleanup" part may or may never happen.
+
+Fixes: 1c9df907da83 ("random: fix circular include dependency on arm64 after addition of percpu.h")
+Tested-by: Guenter Roeck <linux@roeck-us.net>
+Acked-by: Willy Tarreau <w@1wt.eu>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/prandom.h | 78 ++++++++++++++++++++++++++++++++++++++++++++++++
+ include/linux/random.h | 66 ++--------------------------------------
+ 2 files changed, 82 insertions(+), 62 deletions(-)
+
+--- /dev/null
++++ b/include/linux/prandom.h
+@@ -0,0 +1,78 @@
++/* SPDX-License-Identifier: GPL-2.0 */
++/*
++ * include/linux/prandom.h
++ *
++ * Include file for the fast pseudo-random 32-bit
++ * generation.
++ */
++#ifndef _LINUX_PRANDOM_H
++#define _LINUX_PRANDOM_H
++
++#include <linux/types.h>
++#include <linux/percpu.h>
++
++u32 prandom_u32(void);
++void prandom_bytes(void *buf, size_t nbytes);
++void prandom_seed(u32 seed);
++void prandom_reseed_late(void);
++
++struct rnd_state {
++ __u32 s1, s2, s3, s4;
++};
++
++DECLARE_PER_CPU(struct rnd_state, net_rand_state);
++
++u32 prandom_u32_state(struct rnd_state *state);
++void prandom_bytes_state(struct rnd_state *state, void *buf, size_t nbytes);
++void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state);
++
++#define prandom_init_once(pcpu_state) \
++ DO_ONCE(prandom_seed_full_state, (pcpu_state))
++
++/**
++ * prandom_u32_max - returns a pseudo-random number in interval [0, ep_ro)
++ * @ep_ro: right open interval endpoint
++ *
++ * Returns a pseudo-random number that is in interval [0, ep_ro). Note
++ * that the result depends on PRNG being well distributed in [0, ~0U]
++ * u32 space. Here we use maximally equidistributed combined Tausworthe
++ * generator, that is, prandom_u32(). This is useful when requesting a
++ * random index of an array containing ep_ro elements, for example.
++ *
++ * Returns: pseudo-random number in interval [0, ep_ro)
++ */
++static inline u32 prandom_u32_max(u32 ep_ro)
++{
++ return (u32)(((u64) prandom_u32() * ep_ro) >> 32);
++}
++
++/*
++ * Handle minimum values for seeds
++ */
++static inline u32 __seed(u32 x, u32 m)
++{
++ return (x < m) ? x + m : x;
++}
++
++/**
++ * prandom_seed_state - set seed for prandom_u32_state().
++ * @state: pointer to state structure to receive the seed.
++ * @seed: arbitrary 64-bit value to use as a seed.
++ */
++static inline void prandom_seed_state(struct rnd_state *state, u64 seed)
++{
++ u32 i = (seed >> 32) ^ (seed << 10) ^ seed;
++
++ state->s1 = __seed(i, 2U);
++ state->s2 = __seed(i, 8U);
++ state->s3 = __seed(i, 16U);
++ state->s4 = __seed(i, 128U);
++}
++
++/* Pseudo random number generator from numerical recipes. */
++static inline u32 next_pseudo_random32(u32 seed)
++{
++ return seed * 1664525 + 1013904223;
++}
++
++#endif
+--- a/include/linux/random.h
++++ b/include/linux/random.h
+@@ -8,7 +8,6 @@
+
+ #include <linux/list.h>
+ #include <linux/once.h>
+-#include <asm/percpu.h>
+
+ #include <uapi/linux/random.h>
+
+@@ -47,63 +46,12 @@ unsigned int get_random_int(void);
+ unsigned long get_random_long(void);
+ unsigned long randomize_page(unsigned long start, unsigned long range);
+
+-u32 prandom_u32(void);
+-void prandom_bytes(void *buf, size_t nbytes);
+-void prandom_seed(u32 seed);
+-void prandom_reseed_late(void);
+-
+-struct rnd_state {
+- __u32 s1, s2, s3, s4;
+-};
+-
+-DECLARE_PER_CPU(struct rnd_state, net_rand_state);
+-
+-u32 prandom_u32_state(struct rnd_state *state);
+-void prandom_bytes_state(struct rnd_state *state, void *buf, size_t nbytes);
+-void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state);
+-
+-#define prandom_init_once(pcpu_state) \
+- DO_ONCE(prandom_seed_full_state, (pcpu_state))
+-
+-/**
+- * prandom_u32_max - returns a pseudo-random number in interval [0, ep_ro)
+- * @ep_ro: right open interval endpoint
+- *
+- * Returns a pseudo-random number that is in interval [0, ep_ro). Note
+- * that the result depends on PRNG being well distributed in [0, ~0U]
+- * u32 space. Here we use maximally equidistributed combined Tausworthe
+- * generator, that is, prandom_u32(). This is useful when requesting a
+- * random index of an array containing ep_ro elements, for example.
+- *
+- * Returns: pseudo-random number in interval [0, ep_ro)
+- */
+-static inline u32 prandom_u32_max(u32 ep_ro)
+-{
+- return (u32)(((u64) prandom_u32() * ep_ro) >> 32);
+-}
+-
+ /*
+- * Handle minimum values for seeds
+- */
+-static inline u32 __seed(u32 x, u32 m)
+-{
+- return (x < m) ? x + m : x;
+-}
+-
+-/**
+- * prandom_seed_state - set seed for prandom_u32_state().
+- * @state: pointer to state structure to receive the seed.
+- * @seed: arbitrary 64-bit value to use as a seed.
++ * This is designed to be standalone for just prandom
++ * users, but for now we include it from <linux/random.h>
++ * for legacy reasons.
+ */
+-static inline void prandom_seed_state(struct rnd_state *state, u64 seed)
+-{
+- u32 i = (seed >> 32) ^ (seed << 10) ^ seed;
+-
+- state->s1 = __seed(i, 2U);
+- state->s2 = __seed(i, 8U);
+- state->s3 = __seed(i, 16U);
+- state->s4 = __seed(i, 128U);
+-}
++#include <linux/prandom.h>
+
+ #ifdef CONFIG_ARCH_RANDOM
+ # include <asm/archrandom.h>
+@@ -134,10 +82,4 @@ static inline bool arch_has_random_seed(
+ }
+ #endif
+
+-/* Pseudo random number generator from numerical recipes. */
+-static inline u32 next_pseudo_random32(u32 seed)
+-{
+- return seed * 1664525 + 1013904223;
+-}
+-
+ #endif /* _LINUX_RANDOM_H */
--- /dev/null
+From 83bdc7275e6206f560d247be856bceba3e1ed8f2 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Wed, 29 Jul 2020 19:11:00 -0700
+Subject: random32: remove net_rand_state from the latent entropy gcc plugin
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit 83bdc7275e6206f560d247be856bceba3e1ed8f2 upstream.
+
+It turns out that the plugin right now ends up being really unhappy
+about the change from 'static' to 'extern' storage that happened in
+commit f227e3ec3b5c ("random32: update the net random state on interrupt
+and activity").
+
+This is probably a trivial fix for the latent_entropy plugin, but for
+now, just remove net_rand_state from the list of things the plugin
+worries about.
+
+Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
+Cc: Emese Revfy <re.emese@gmail.com>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Willy Tarreau <w@1wt.eu>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/random.h | 2 +-
+ lib/random32.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/include/linux/random.h
++++ b/include/linux/random.h
+@@ -56,7 +56,7 @@ struct rnd_state {
+ __u32 s1, s2, s3, s4;
+ };
+
+-DECLARE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy;
++DECLARE_PER_CPU(struct rnd_state, net_rand_state);
+
+ u32 prandom_u32_state(struct rnd_state *state);
+ void prandom_bytes_state(struct rnd_state *state, void *buf, size_t nbytes);
+--- a/lib/random32.c
++++ b/lib/random32.c
+@@ -47,7 +47,7 @@ static inline void prandom_state_selftes
+ }
+ #endif
+
+-DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy;
++DEFINE_PER_CPU(struct rnd_state, net_rand_state);
+
+ /**
+ * prandom_u32_state - seeded pseudo-random number generator.
--- /dev/null
+From f227e3ec3b5cad859ad15666874405e8c1bbc1d4 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Fri, 10 Jul 2020 15:23:19 +0200
+Subject: random32: update the net random state on interrupt and activity
+
+From: Willy Tarreau <w@1wt.eu>
+
+commit f227e3ec3b5cad859ad15666874405e8c1bbc1d4 upstream.
+
+This modifies the first 32 bits out of the 128 bits of a random CPU's
+net_rand_state on interrupt or CPU activity to complicate remote
+observations that could lead to guessing the network RNG's internal
+state.
+
+Note that depending on some network devices' interrupt rate moderation
+or binding, this re-seeding might happen on every packet or even almost
+never.
+
+In addition, with NOHZ some CPUs might not even get timer interrupts,
+leaving their local state rarely updated, while they are running
+networked processes making use of the random state. For this reason, we
+also perform this update in update_process_times() in order to at least
+update the state when there is user or system activity, since it's the
+only case we care about.
+
+Reported-by: Amit Klein <aksecurity@gmail.com>
+Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Eric Dumazet <edumazet@google.com>
+Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Willy Tarreau <w@1wt.eu>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/random.c | 1 +
+ include/linux/random.h | 3 +++
+ kernel/time/timer.c | 8 ++++++++
+ lib/random32.c | 2 +-
+ 4 files changed, 13 insertions(+), 1 deletion(-)
+
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -1211,6 +1211,7 @@ void add_interrupt_randomness(int irq, i
+
+ fast_mix(fast_pool);
+ add_interrupt_bench(cycles);
++ this_cpu_add(net_rand_state.s1, fast_pool->pool[cycles & 3]);
+
+ if (unlikely(crng_init == 0)) {
+ if ((fast_pool->count >= 64) &&
+--- a/include/linux/random.h
++++ b/include/linux/random.h
+@@ -8,6 +8,7 @@
+
+ #include <linux/list.h>
+ #include <linux/once.h>
++#include <linux/percpu.h>
+
+ #include <uapi/linux/random.h>
+
+@@ -55,6 +56,8 @@ struct rnd_state {
+ __u32 s1, s2, s3, s4;
+ };
+
++DECLARE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy;
++
+ u32 prandom_u32_state(struct rnd_state *state);
+ void prandom_bytes_state(struct rnd_state *state, void *buf, size_t nbytes);
+ void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state);
+--- a/kernel/time/timer.c
++++ b/kernel/time/timer.c
+@@ -42,6 +42,7 @@
+ #include <linux/sched/sysctl.h>
+ #include <linux/slab.h>
+ #include <linux/compat.h>
++#include <linux/random.h>
+
+ #include <asm/uaccess.h>
+ #include <asm/unistd.h>
+@@ -1635,6 +1636,13 @@ void update_process_times(int user_tick)
+ #endif
+ scheduler_tick();
+ run_posix_cpu_timers(p);
++
++ /* The current CPU might make use of net randoms without receiving IRQs
++ * to renew them often enough. Let's update the net_rand_state from a
++ * non-constant value that's not affine to the number of calls to make
++ * sure it's updated when there's some activity (we don't care in idle).
++ */
++ this_cpu_add(net_rand_state.s1, rol32(jiffies, 24) + user_tick);
+ }
+
+ /**
+--- a/lib/random32.c
++++ b/lib/random32.c
+@@ -47,7 +47,7 @@ static inline void prandom_state_selftes
+ }
+ #endif
+
+-static DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy;
++DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy;
+
+ /**
+ * prandom_u32_state - seeded pseudo-random number generator.
xen-netfront-fix-potential-deadlock-in-xennet_remove.patch
kvm-lapic-prevent-setting-the-tscdeadline-timer-if-the-lapic-is-hw-disabled.patch
x86-i8259-use-printk_deferred-to-prevent-deadlock.patch
+random32-update-the-net-random-state-on-interrupt-and-activity.patch
+arm-percpu.h-fix-build-error.patch
+random-fix-circular-include-dependency-on-arm64-after-addition-of-percpu.h.patch
+random32-remove-net_rand_state-from-the-latent-entropy-gcc-plugin.patch
+random32-move-the-pseudo-random-32-bit-definitions-to-prandom.h.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
