--- /dev/null
+From eec13b42d41b0f3339dcf0c4da43734427c68620 Mon Sep 17 00:00:00 2001
+From: Will Deacon <will@kernel.org>
+Date: Thu, 18 Jun 2020 11:16:45 +0100
+Subject: ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
+
+From: Will Deacon <will@kernel.org>
+
+commit eec13b42d41b0f3339dcf0c4da43734427c68620 upstream.
+
+Unprivileged memory accesses generated by the so-called "translated"
+instructions (e.g. LDRT) in kernel mode can cause user watchpoints to fire
+unexpectedly. In such cases, the hw_breakpoint logic will invoke the user
+overflow handler which will typically raise a SIGTRAP back to the current
+task. This is futile when returning back to the kernel because (a) the
+signal won't have been delivered and (b) userspace can't handle the thing
+anyway.
+
+Avoid invoking the user overflow handler for watchpoints triggered by
+kernel uaccess routines, and instead single-step over the faulting
+instruction as we would if no overflow handler had been installed.
+
+Cc: <stable@vger.kernel.org>
+Fixes: f81ef4a920c8 ("ARM: 6356/1: hw-breakpoint: add ARM backend for the hw-breakpoint framework")
+Reported-by: Luis Machado <luis.machado@linaro.org>
+Tested-by: Luis Machado <luis.machado@linaro.org>
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/kernel/hw_breakpoint.c | 27 ++++++++++++++++++++++-----
+ 1 file changed, 22 insertions(+), 5 deletions(-)
+
+--- a/arch/arm/kernel/hw_breakpoint.c
++++ b/arch/arm/kernel/hw_breakpoint.c
+@@ -688,6 +688,12 @@ static void disable_single_step(struct p
+ arch_install_hw_breakpoint(bp);
+ }
+
++static int watchpoint_fault_on_uaccess(struct pt_regs *regs,
++ struct arch_hw_breakpoint *info)
++{
++ return !user_mode(regs) && info->ctrl.privilege == ARM_BREAKPOINT_USER;
++}
++
+ static void watchpoint_handler(unsigned long addr, unsigned int fsr,
+ struct pt_regs *regs)
+ {
+@@ -747,16 +753,27 @@ static void watchpoint_handler(unsigned
+ }
+
+ pr_debug("watchpoint fired: address = 0x%x\n", info->trigger);
++
++ /*
++ * If we triggered a user watchpoint from a uaccess routine,
++ * then handle the stepping ourselves since userspace really
++ * can't help us with this.
++ */
++ if (watchpoint_fault_on_uaccess(regs, info))
++ goto step;
++
+ perf_bp_event(wp, regs);
+
+ /*
+- * If no overflow handler is present, insert a temporary
+- * mismatch breakpoint so we can single-step over the
+- * watchpoint trigger.
++ * Defer stepping to the overflow handler if one is installed.
++ * Otherwise, insert a temporary mismatch breakpoint so that
++ * we can single-step over the watchpoint trigger.
+ */
+- if (is_default_overflow_handler(wp))
+- enable_single_step(wp, instruction_pointer(regs));
++ if (!is_default_overflow_handler(wp))
++ goto unlock;
+
++step:
++ enable_single_step(wp, instruction_pointer(regs));
+ unlock:
+ rcu_read_unlock();
+ }
--- /dev/null
+From aa54ea903abb02303bf55855fb51e3fcee135d70 Mon Sep 17 00:00:00 2001
+From: Grygorii Strashko <grygorii.strashko@ti.com>
+Date: Thu, 30 Jul 2020 22:05:01 +0300
+Subject: ARM: percpu.h: fix build error
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Grygorii Strashko <grygorii.strashko@ti.com>
+
+commit aa54ea903abb02303bf55855fb51e3fcee135d70 upstream.
+
+Fix build error for the case:
+ defined(CONFIG_SMP) && !defined(CONFIG_CPU_V6)
+
+config: keystone_defconfig
+
+ CC arch/arm/kernel/signal.o
+ In file included from ../include/linux/random.h:14,
+ from ../arch/arm/kernel/signal.c:8:
+ ../arch/arm/include/asm/percpu.h: In function ‘__my_cpu_offset’:
+ ../arch/arm/include/asm/percpu.h:29:34: error: ‘current_stack_pointer’ undeclared (first use in this function); did you mean ‘user_stack_pointer’?
+ : "Q" (*(const unsigned long *)current_stack_pointer));
+ ^~~~~~~~~~~~~~~~~~~~~
+ user_stack_pointer
+
+Fixes: f227e3ec3b5c ("random32: update the net random state on interrupt and activity")
+Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/include/asm/percpu.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/arm/include/asm/percpu.h
++++ b/arch/arm/include/asm/percpu.h
+@@ -16,6 +16,8 @@
+ #ifndef _ASM_ARM_PERCPU_H_
+ #define _ASM_ARM_PERCPU_H_
+
++#include <asm/thread_info.h>
++
+ /*
+ * Same as asm-generic/percpu.h, except that we store the per cpu offset
+ * in the TPIDRPRW. TPIDRPRW only exists on V6K and V7
--- /dev/null
+From f227e3ec3b5cad859ad15666874405e8c1bbc1d4 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Fri, 10 Jul 2020 15:23:19 +0200
+Subject: random32: update the net random state on interrupt and activity
+
+From: Willy Tarreau <w@1wt.eu>
+
+commit f227e3ec3b5cad859ad15666874405e8c1bbc1d4 upstream.
+
+This modifies the first 32 bits out of the 128 bits of a random CPU's
+net_rand_state on interrupt or CPU activity to complicate remote
+observations that could lead to guessing the network RNG's internal
+state.
+
+Note that depending on some network devices' interrupt rate moderation
+or binding, this re-seeding might happen on every packet or even almost
+never.
+
+In addition, with NOHZ some CPUs might not even get timer interrupts,
+leaving their local state rarely updated, while they are running
+networked processes making use of the random state. For this reason, we
+also perform this update in update_process_times() in order to at least
+update the state when there is user or system activity, since it's the
+only case we care about.
+
+Reported-by: Amit Klein <aksecurity@gmail.com>
+Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Eric Dumazet <edumazet@google.com>
+Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Willy Tarreau <w@1wt.eu>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/random.c | 1 +
+ include/linux/random.h | 3 +++
+ kernel/time/timer.c | 8 ++++++++
+ lib/random32.c | 2 +-
+ 4 files changed, 13 insertions(+), 1 deletion(-)
+
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -1257,6 +1257,7 @@ void add_interrupt_randomness(int irq, i
+
+ fast_mix(fast_pool);
+ add_interrupt_bench(cycles);
++ this_cpu_add(net_rand_state.s1, fast_pool->pool[cycles & 3]);
+
+ if (unlikely(crng_init == 0)) {
+ if ((fast_pool->count >= 64) &&
+--- a/include/linux/random.h
++++ b/include/linux/random.h
+@@ -9,6 +9,7 @@
+
+ #include <linux/list.h>
+ #include <linux/once.h>
++#include <linux/percpu.h>
+
+ #include <uapi/linux/random.h>
+
+@@ -115,6 +116,8 @@ struct rnd_state {
+ __u32 s1, s2, s3, s4;
+ };
+
++DECLARE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy;
++
+ u32 prandom_u32_state(struct rnd_state *state);
+ void prandom_bytes_state(struct rnd_state *state, void *buf, size_t nbytes);
+ void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state);
+--- a/kernel/time/timer.c
++++ b/kernel/time/timer.c
+@@ -44,6 +44,7 @@
+ #include <linux/sched/debug.h>
+ #include <linux/slab.h>
+ #include <linux/compat.h>
++#include <linux/random.h>
+
+ #include <linux/uaccess.h>
+ #include <asm/unistd.h>
+@@ -1654,6 +1655,13 @@ void update_process_times(int user_tick)
+ scheduler_tick();
+ if (IS_ENABLED(CONFIG_POSIX_TIMERS))
+ run_posix_cpu_timers(p);
++
++ /* The current CPU might make use of net randoms without receiving IRQs
++ * to renew them often enough. Let's update the net_rand_state from a
++ * non-constant value that's not affine to the number of calls to make
++ * sure it's updated when there's some activity (we don't care in idle).
++ */
++ this_cpu_add(net_rand_state.s1, rol32(jiffies, 24) + user_tick);
+ }
+
+ /**
+--- a/lib/random32.c
++++ b/lib/random32.c
+@@ -48,7 +48,7 @@ static inline void prandom_state_selftes
+ }
+ #endif
+
+-static DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy;
++DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy;
+
+ /**
+ * prandom_u32_state - seeded pseudo-random number generator.
pci-aspm-disable-aspm-on-asmedia-asm1083-1085-pcie-to-pci-bridge.patch
9p-trans_fd-fix-concurrency-del-of-req_list-in-p9_fd_cancelled-p9_read_work.patch
wireless-use-offsetof-instead-of-custom-macro.patch
+arm-8986-1-hw_breakpoint-don-t-invoke-overflow-handler-on-uaccess-watchpoints.patch
+random32-update-the-net-random-state-on-interrupt-and-activity.patch
+arm-percpu.h-fix-build-error.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
