--- /dev/null
+From 329d82309824ff1082dc4a91a5bbed8c3bec1580 Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Sat, 10 Jun 2017 04:59:11 +0200
+Subject: Bluetooth: use constant time memory comparison for secret values
+
+From: Jason A. Donenfeld <Jason@zx2c4.com>
+
+commit 329d82309824ff1082dc4a91a5bbed8c3bec1580 upstream.
+
+This file is filled with complex cryptography. Thus, the comparisons of
+MACs and secret keys and curve points and so forth should not add timing
+attacks, which could either result in a direct forgery, or, given the
+complexity, some other type of attack.
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bluetooth/smp.c | 35 ++++++++++++++++++-----------------
+ 1 file changed, 18 insertions(+), 17 deletions(-)
+
+--- a/net/bluetooth/smp.c
++++ b/net/bluetooth/smp.c
+@@ -23,6 +23,7 @@
+ #include <linux/debugfs.h>
+ #include <linux/crypto.h>
+ #include <linux/scatterlist.h>
++#include <crypto/algapi.h>
+ #include <crypto/b128ops.h>
+
+ #include <net/bluetooth/bluetooth.h>
+@@ -524,7 +525,7 @@ bool smp_irk_matches(struct hci_dev *hde
+ if (err)
+ return false;
+
+- return !memcmp(bdaddr->b, hash, 3);
++ return !crypto_memneq(bdaddr->b, hash, 3);
+ }
+
+ int smp_generate_rpa(struct hci_dev *hdev, const u8 irk[16], bdaddr_t *rpa)
+@@ -577,7 +578,7 @@ int smp_generate_oob(struct hci_dev *hde
+ /* This is unlikely, but we need to check that
+ * we didn't accidentially generate a debug key.
+ */
+- if (memcmp(smp->local_sk, debug_sk, 32))
++ if (crypto_memneq(smp->local_sk, debug_sk, 32))
+ break;
+ }
+ smp->debug_key = false;
+@@ -991,7 +992,7 @@ static u8 smp_random(struct smp_chan *sm
+ if (ret)
+ return SMP_UNSPECIFIED;
+
+- if (memcmp(smp->pcnf, confirm, sizeof(smp->pcnf)) != 0) {
++ if (crypto_memneq(smp->pcnf, confirm, sizeof(smp->pcnf))) {
+ BT_ERR("Pairing failed (confirmation values mismatch)");
+ return SMP_CONFIRM_FAILED;
+ }
+@@ -1491,7 +1492,7 @@ static u8 sc_passkey_round(struct smp_ch
+ smp->rrnd, r, cfm))
+ return SMP_UNSPECIFIED;
+
+- if (memcmp(smp->pcnf, cfm, 16))
++ if (crypto_memneq(smp->pcnf, cfm, 16))
+ return SMP_CONFIRM_FAILED;
+
+ smp->passkey_round++;
+@@ -1875,7 +1876,7 @@ static u8 sc_send_public_key(struct smp_
+ /* This is unlikely, but we need to check that
+ * we didn't accidentially generate a debug key.
+ */
+- if (memcmp(smp->local_sk, debug_sk, 32))
++ if (crypto_memneq(smp->local_sk, debug_sk, 32))
+ break;
+ }
+ }
+@@ -2140,7 +2141,7 @@ static u8 smp_cmd_pairing_random(struct
+ if (err)
+ return SMP_UNSPECIFIED;
+
+- if (memcmp(smp->pcnf, cfm, 16))
++ if (crypto_memneq(smp->pcnf, cfm, 16))
+ return SMP_CONFIRM_FAILED;
+ } else {
+ smp_send_cmd(conn, SMP_CMD_PAIRING_RANDOM, sizeof(smp->prnd),
+@@ -2621,7 +2622,7 @@ static int smp_cmd_public_key(struct l2c
+ if (err)
+ return SMP_UNSPECIFIED;
+
+- if (memcmp(cfm.confirm_val, smp->pcnf, 16))
++ if (crypto_memneq(cfm.confirm_val, smp->pcnf, 16))
+ return SMP_CONFIRM_FAILED;
+ }
+
+@@ -2654,7 +2655,7 @@ static int smp_cmd_public_key(struct l2c
+ else
+ hcon->pending_sec_level = BT_SECURITY_FIPS;
+
+- if (!memcmp(debug_pk, smp->remote_pk, 64))
++ if (!crypto_memneq(debug_pk, smp->remote_pk, 64))
+ set_bit(SMP_FLAG_DEBUG_KEY, &smp->flags);
+
+ if (smp->method == DSP_PASSKEY) {
+@@ -2753,7 +2754,7 @@ static int smp_cmd_dhkey_check(struct l2
+ if (err)
+ return SMP_UNSPECIFIED;
+
+- if (memcmp(check->e, e, 16))
++ if (crypto_memneq(check->e, e, 16))
+ return SMP_DHKEY_CHECK_FAILED;
+
+ if (!hcon->out) {
+@@ -3463,7 +3464,7 @@ static int __init test_ah(struct crypto_
+ if (err)
+ return err;
+
+- if (memcmp(res, exp, 3))
++ if (crypto_memneq(res, exp, 3))
+ return -EINVAL;
+
+ return 0;
+@@ -3493,7 +3494,7 @@ static int __init test_c1(struct crypto_
+ if (err)
+ return err;
+
+- if (memcmp(res, exp, 16))
++ if (crypto_memneq(res, exp, 16))
+ return -EINVAL;
+
+ return 0;
+@@ -3518,7 +3519,7 @@ static int __init test_s1(struct crypto_
+ if (err)
+ return err;
+
+- if (memcmp(res, exp, 16))
++ if (crypto_memneq(res, exp, 16))
+ return -EINVAL;
+
+ return 0;
+@@ -3550,7 +3551,7 @@ static int __init test_f4(struct crypto_
+ if (err)
+ return err;
+
+- if (memcmp(res, exp, 16))
++ if (crypto_memneq(res, exp, 16))
+ return -EINVAL;
+
+ return 0;
+@@ -3584,10 +3585,10 @@ static int __init test_f5(struct crypto_
+ if (err)
+ return err;
+
+- if (memcmp(mackey, exp_mackey, 16))
++ if (crypto_memneq(mackey, exp_mackey, 16))
+ return -EINVAL;
+
+- if (memcmp(ltk, exp_ltk, 16))
++ if (crypto_memneq(ltk, exp_ltk, 16))
+ return -EINVAL;
+
+ return 0;
+@@ -3620,7 +3621,7 @@ static int __init test_f6(struct crypto_
+ if (err)
+ return err;
+
+- if (memcmp(res, exp, 16))
++ if (crypto_memneq(res, exp, 16))
+ return -EINVAL;
+
+ return 0;
+@@ -3674,7 +3675,7 @@ static int __init test_h6(struct crypto_
+ if (err)
+ return err;
+
+- if (memcmp(res, exp, 16))
++ if (crypto_memneq(res, exp, 16))
+ return -EINVAL;
+
+ return 0;
--- /dev/null
+From 6a558f12dbe85437acbdec5e149ea07b5554eced Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Fri, 26 May 2017 11:17:09 +0300
+Subject: perf intel-pt: Clear FUP flag on error
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 6a558f12dbe85437acbdec5e149ea07b5554eced upstream.
+
+Sometimes a FUP packet is associated with a TSX transaction and a flag is
+set to indicate that. Ensure that flag is cleared on any error condition
+because at that point the decoder can no longer assume it is correct.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Link: http://lkml.kernel.org/r/1495786658-18063-9-git-send-email-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+@@ -1924,6 +1924,8 @@ static int intel_pt_sync_ip(struct intel
+ {
+ int err;
+
++ decoder->set_fup_tx_flags = false;
++
+ intel_pt_log("Scanning for full IP\n");
+ err = intel_pt_walk_to_ip(decoder);
+ if (err)
--- /dev/null
+From ad7167a8cd174ba7d8c0d0ed8d8410521206d104 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Fri, 26 May 2017 11:17:05 +0300
+Subject: perf intel-pt: Ensure IP is zero when state is INTEL_PT_STATE_NO_IP
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit ad7167a8cd174ba7d8c0d0ed8d8410521206d104 upstream.
+
+A value of zero is used to indicate that there is no IP. Ensure the
+value is zero when the state is INTEL_PT_STATE_NO_IP.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Link: http://lkml.kernel.org/r/1495786658-18063-5-git-send-email-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+@@ -2083,6 +2083,7 @@ const struct intel_pt_state *intel_pt_de
+ break;
+ case INTEL_PT_STATE_NO_IP:
+ decoder->last_ip = 0;
++ decoder->ip = 0;
+ /* Fall through */
+ case INTEL_PT_STATE_ERR_RESYNC:
+ err = intel_pt_sync_ip(decoder);
--- /dev/null
+From 12b7080609097753fd8198cc1daf589be3ec1cca Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Fri, 26 May 2017 11:17:04 +0300
+Subject: perf intel-pt: Fix missing stack clear
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 12b7080609097753fd8198cc1daf589be3ec1cca upstream.
+
+The return compression stack must be cleared whenever there is a PSB. Fix
+one case where that was not happening.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Link: http://lkml.kernel.org/r/1495786658-18063-4-git-send-email-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+@@ -1898,6 +1898,7 @@ static int intel_pt_walk_to_ip(struct in
+ break;
+
+ case INTEL_PT_PSB:
++ intel_pt_clear_stack(&decoder->stack);
+ err = intel_pt_walk_psb(decoder);
+ if (err)
+ return err;
--- /dev/null
+From 3f04d98e972b59706bd43d6cc75efac91f8fba50 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Fri, 26 May 2017 11:17:03 +0300
+Subject: perf intel-pt: Improve sample timestamp
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 3f04d98e972b59706bd43d6cc75efac91f8fba50 upstream.
+
+The decoder uses its current timestamp in samples. Usually that is a
+timestamp that has already passed, but in some cases it is a timestamp
+for a branch that the decoder is walking towards, and consequently
+hasn't reached. Improve that situation by using the pkt_state to
+determine when to use the current or previous timestamp.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Link: http://lkml.kernel.org/r/1495786658-18063-3-git-send-email-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 34 ++++++++++++++++++--
+ 1 file changed, 31 insertions(+), 3 deletions(-)
+
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+@@ -64,6 +64,25 @@ enum intel_pt_pkt_state {
+ INTEL_PT_STATE_FUP_NO_TIP,
+ };
+
++static inline bool intel_pt_sample_time(enum intel_pt_pkt_state pkt_state)
++{
++ switch (pkt_state) {
++ case INTEL_PT_STATE_NO_PSB:
++ case INTEL_PT_STATE_NO_IP:
++ case INTEL_PT_STATE_ERR_RESYNC:
++ case INTEL_PT_STATE_IN_SYNC:
++ case INTEL_PT_STATE_TNT:
++ return true;
++ case INTEL_PT_STATE_TIP:
++ case INTEL_PT_STATE_TIP_PGD:
++ case INTEL_PT_STATE_FUP:
++ case INTEL_PT_STATE_FUP_NO_TIP:
++ return false;
++ default:
++ return true;
++ };
++}
++
+ #ifdef INTEL_PT_STRICT
+ #define INTEL_PT_STATE_ERR1 INTEL_PT_STATE_NO_PSB
+ #define INTEL_PT_STATE_ERR2 INTEL_PT_STATE_NO_PSB
+@@ -98,6 +117,7 @@ struct intel_pt_decoder {
+ uint64_t timestamp;
+ uint64_t tsc_timestamp;
+ uint64_t ref_timestamp;
++ uint64_t sample_timestamp;
+ uint64_t ret_addr;
+ uint64_t ctc_timestamp;
+ uint64_t ctc_delta;
+@@ -140,6 +160,7 @@ struct intel_pt_decoder {
+ unsigned int fup_tx_flags;
+ unsigned int tx_flags;
+ uint64_t timestamp_insn_cnt;
++ uint64_t sample_insn_cnt;
+ uint64_t stuck_ip;
+ int no_progress;
+ int stuck_ip_prd;
+@@ -896,6 +917,7 @@ static int intel_pt_walk_insn(struct int
+
+ decoder->tot_insn_cnt += insn_cnt;
+ decoder->timestamp_insn_cnt += insn_cnt;
++ decoder->sample_insn_cnt += insn_cnt;
+ decoder->period_insn_cnt += insn_cnt;
+
+ if (err) {
+@@ -2035,7 +2057,7 @@ static int intel_pt_sync(struct intel_pt
+
+ static uint64_t intel_pt_est_timestamp(struct intel_pt_decoder *decoder)
+ {
+- uint64_t est = decoder->timestamp_insn_cnt << 1;
++ uint64_t est = decoder->sample_insn_cnt << 1;
+
+ if (!decoder->cbr || !decoder->max_non_turbo_ratio)
+ goto out;
+@@ -2043,7 +2065,7 @@ static uint64_t intel_pt_est_timestamp(s
+ est *= decoder->max_non_turbo_ratio;
+ est /= decoder->cbr;
+ out:
+- return decoder->timestamp + est;
++ return decoder->sample_timestamp + est;
+ }
+
+ const struct intel_pt_state *intel_pt_decode(struct intel_pt_decoder *decoder)
+@@ -2099,11 +2121,17 @@ const struct intel_pt_state *intel_pt_de
+ if (err) {
+ decoder->state.err = intel_pt_ext_err(err);
+ decoder->state.from_ip = decoder->ip;
++ decoder->sample_timestamp = decoder->timestamp;
++ decoder->sample_insn_cnt = decoder->timestamp_insn_cnt;
+ } else {
+ decoder->state.err = 0;
++ if (intel_pt_sample_time(decoder->pkt_state)) {
++ decoder->sample_timestamp = decoder->timestamp;
++ decoder->sample_insn_cnt = decoder->timestamp_insn_cnt;
++ }
+ }
+
+- decoder->state.timestamp = decoder->timestamp;
++ decoder->state.timestamp = decoder->sample_timestamp;
+ decoder->state.est_timestamp = intel_pt_est_timestamp(decoder);
+ decoder->state.cr3 = decoder->cr3;
+ decoder->state.tot_insn_cnt = decoder->tot_insn_cnt;
--- /dev/null
+From 22c06892332d8916115525145b78e606e9cc6492 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Fri, 26 May 2017 11:17:02 +0300
+Subject: perf intel-pt: Move decoder error setting into one condition
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 22c06892332d8916115525145b78e606e9cc6492 upstream.
+
+Move decoder error setting into one condition.
+
+Cc'ed to stable because later fixes depend on it.
+
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Link: http://lkml.kernel.org/r/1495786658-18063-2-git-send-email-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c
+@@ -2096,15 +2096,18 @@ const struct intel_pt_state *intel_pt_de
+ }
+ } while (err == -ENOLINK);
+
+- decoder->state.err = err ? intel_pt_ext_err(err) : 0;
++ if (err) {
++ decoder->state.err = intel_pt_ext_err(err);
++ decoder->state.from_ip = decoder->ip;
++ } else {
++ decoder->state.err = 0;
++ }
++
+ decoder->state.timestamp = decoder->timestamp;
+ decoder->state.est_timestamp = intel_pt_est_timestamp(decoder);
+ decoder->state.cr3 = decoder->cr3;
+ decoder->state.tot_insn_cnt = decoder->tot_insn_cnt;
+
+- if (err)
+- decoder->state.from_ip = decoder->ip;
+-
+ return &decoder->state;
+ }
+
nfc-ensure-presence-of-required-attributes-in-the-activate_target-handler.patch
nfc-fix-the-sockaddr-length-sanitization-in-llcp_sock_connect.patch
nfc-add-sockaddr-length-checks-before-accessing-sa_family-in-bind-handlers.patch
+perf-intel-pt-move-decoder-error-setting-into-one-condition.patch
+perf-intel-pt-improve-sample-timestamp.patch
+perf-intel-pt-fix-missing-stack-clear.patch
+perf-intel-pt-ensure-ip-is-zero-when-state-is-intel_pt_state_no_ip.patch
+perf-intel-pt-clear-fup-flag-on-error.patch
+bluetooth-use-constant-time-memory-comparison-for-secret-values.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
