--- /dev/null
+From beeb460cd12ac9b91640b484b6a52dcba9d9fc8f Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Mon, 6 Apr 2020 23:02:40 -0700
+Subject: crypto: algapi - Avoid spurious modprobe on LOADED
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit beeb460cd12ac9b91640b484b6a52dcba9d9fc8f upstream.
+
+Currently after any algorithm is registered and tested, there's an
+unnecessary request_module("cryptomgr") even if it's already loaded.
+Also, CRYPTO_MSG_ALG_LOADED is sent twice, and thus if the algorithm is
+"crct10dif", lib/crc-t10dif.c replaces the tfm twice rather than once.
+
+This occurs because CRYPTO_MSG_ALG_LOADED is sent using
+crypto_probing_notify(), which tries to load "cryptomgr" if the
+notification is not handled (NOTIFY_DONE). This doesn't make sense
+because "cryptomgr" doesn't handle this notification.
+
+Fix this by using crypto_notify() instead of crypto_probing_notify().
+
+Fixes: dd8b083f9a5e ("crypto: api - Introduce notifier for new crypto algorithms")
+Cc: <stable@vger.kernel.org> # v4.20+
+Cc: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/algapi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/crypto/algapi.c
++++ b/crypto/algapi.c
+@@ -374,7 +374,7 @@ static void crypto_wait_for_test(struct
+ err = wait_for_completion_killable(&larval->completion);
+ WARN_ON(err);
+ if (!err)
+- crypto_probing_notify(CRYPTO_MSG_ALG_LOADED, larval);
++ crypto_notify(CRYPTO_MSG_ALG_LOADED, larval);
+
+ out:
+ crypto_larval_kill(&larval->alg);
--- /dev/null
+From 320bdbd816156f9ca07e5fed7bfb449f2908dda7 Mon Sep 17 00:00:00 2001
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Date: Sat, 30 May 2020 15:35:37 +0200
+Subject: crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+commit 320bdbd816156f9ca07e5fed7bfb449f2908dda7 upstream.
+
+When a list is completely iterated with 'list_for_each_entry(x, ...)', x is
+not NULL at the end.
+
+While at it, remove a useless initialization of the ndev variable. It
+is overridden by 'list_for_each_entry'.
+
+Fixes: f2663872f073 ("crypto: cavium - Register the CNN55XX supported crypto algorithms.")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/crypto/cavium/nitrox/nitrox_main.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/crypto/cavium/nitrox/nitrox_main.c
++++ b/drivers/crypto/cavium/nitrox/nitrox_main.c
+@@ -278,7 +278,7 @@ static void nitrox_remove_from_devlist(s
+
+ struct nitrox_device *nitrox_get_first_device(void)
+ {
+- struct nitrox_device *ndev = NULL;
++ struct nitrox_device *ndev;
+
+ mutex_lock(&devlist_lock);
+ list_for_each_entry(ndev, &ndevlist, list) {
+@@ -286,7 +286,7 @@ struct nitrox_device *nitrox_get_first_d
+ break;
+ }
+ mutex_unlock(&devlist_lock);
+- if (!ndev)
++ if (&ndev->list == &ndevlist)
+ return NULL;
+
+ refcount_inc(&ndev->refcnt);
--- /dev/null
+From e0664ebcea6ac5e16da703409fb4bd61f8cd37d9 Mon Sep 17 00:00:00 2001
+From: Wei Yongjun <weiyongjun1@huawei.com>
+Date: Thu, 30 Apr 2020 08:13:53 +0000
+Subject: crypto: drbg - fix error return code in drbg_alloc_state()
+
+From: Wei Yongjun <weiyongjun1@huawei.com>
+
+commit e0664ebcea6ac5e16da703409fb4bd61f8cd37d9 upstream.
+
+Fix to return negative error code -ENOMEM from the kzalloc error handling
+case instead of 0, as done elsewhere in this function.
+
+Reported-by: Xiumei Mu <xmu@redhat.com>
+Fixes: db07cd26ac6a ("crypto: drbg - add FIPS 140-2 CTRNG for noise source")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
+Reviewed-by: Stephan Mueller <smueller@chronox.de>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/drbg.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/crypto/drbg.c
++++ b/crypto/drbg.c
+@@ -1294,8 +1294,10 @@ static inline int drbg_alloc_state(struc
+ if (IS_ENABLED(CONFIG_CRYPTO_FIPS)) {
+ drbg->prev = kzalloc(drbg_sec_strength(drbg->core->flags),
+ GFP_KERNEL);
+- if (!drbg->prev)
++ if (!drbg->prev) {
++ ret = -ENOMEM;
+ goto fini;
++ }
+ drbg->fips_primed = false;
+ }
+
--- /dev/null
+From 17fae1294ad9d711b2c3dd0edef479d40c76a5e8 Mon Sep 17 00:00:00 2001
+From: Tony Luck <tony.luck@intel.com>
+Date: Wed, 20 May 2020 09:35:46 -0700
+Subject: x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned
+
+From: Tony Luck <tony.luck@intel.com>
+
+commit 17fae1294ad9d711b2c3dd0edef479d40c76a5e8 upstream.
+
+An interesting thing happened when a guest Linux instance took a machine
+check. The VMM unmapped the bad page from guest physical space and
+passed the machine check to the guest.
+
+Linux took all the normal actions to offline the page from the process
+that was using it. But then guest Linux crashed because it said there
+was a second machine check inside the kernel with this stack trace:
+
+do_memory_failure
+ set_mce_nospec
+ set_memory_uc
+ _set_memory_uc
+ change_page_attr_set_clr
+ cpa_flush
+ clflush_cache_range_opt
+
+This was odd, because a CLFLUSH instruction shouldn't raise a machine
+check (it isn't consuming the data). Further investigation showed that
+the VMM had passed in another machine check because is appeared that the
+guest was accessing the bad page.
+
+Fix is to check the scope of the poison by checking the MCi_MISC register.
+If the entire page is affected, then unmap the page. If only part of the
+page is affected, then mark the page as uncacheable.
+
+This assumes that VMMs will do the logical thing and pass in the "whole
+page scope" via the MCi_MISC register (since they unmapped the entire
+page).
+
+ [ bp: Adjust to x86/entry changes. ]
+
+Fixes: 284ce4011ba6 ("x86/memory_failure: Introduce {set, clear}_mce_nospec()")
+Reported-by: Jue Wang <juew@google.com>
+Signed-off-by: Tony Luck <tony.luck@intel.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Tested-by: Jue Wang <juew@google.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lkml.kernel.org/r/20200520163546.GA7977@agluck-desk2.amr.corp.intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ arch/x86/include/asm/set_memory.h | 19 +++++++++++++------
+ arch/x86/kernel/cpu/mce/core.c | 11 +++++++++--
+ include/linux/set_memory.h | 2 +-
+ 3 files changed, 23 insertions(+), 9 deletions(-)
+
+--- a/arch/x86/include/asm/set_memory.h
++++ b/arch/x86/include/asm/set_memory.h
+@@ -85,28 +85,35 @@ void set_kernel_text_rw(void);
+ void set_kernel_text_ro(void);
+
+ #ifdef CONFIG_X86_64
+-static inline int set_mce_nospec(unsigned long pfn)
++/*
++ * Prevent speculative access to the page by either unmapping
++ * it (if we do not require access to any part of the page) or
++ * marking it uncacheable (if we want to try to retrieve data
++ * from non-poisoned lines in the page).
++ */
++static inline int set_mce_nospec(unsigned long pfn, bool unmap)
+ {
+ unsigned long decoy_addr;
+ int rc;
+
+ /*
+- * Mark the linear address as UC to make sure we don't log more
+- * errors because of speculative access to the page.
+ * We would like to just call:
+- * set_memory_uc((unsigned long)pfn_to_kaddr(pfn), 1);
++ * set_memory_XX((unsigned long)pfn_to_kaddr(pfn), 1);
+ * but doing that would radically increase the odds of a
+ * speculative access to the poison page because we'd have
+ * the virtual address of the kernel 1:1 mapping sitting
+ * around in registers.
+ * Instead we get tricky. We create a non-canonical address
+ * that looks just like the one we want, but has bit 63 flipped.
+- * This relies on set_memory_uc() properly sanitizing any __pa()
++ * This relies on set_memory_XX() properly sanitizing any __pa()
+ * results with __PHYSICAL_MASK or PTE_PFN_MASK.
+ */
+ decoy_addr = (pfn << PAGE_SHIFT) + (PAGE_OFFSET ^ BIT(63));
+
+- rc = set_memory_uc(decoy_addr, 1);
++ if (unmap)
++ rc = set_memory_np(decoy_addr, 1);
++ else
++ rc = set_memory_uc(decoy_addr, 1);
+ if (rc)
+ pr_warn("Could not invalidate pfn=0x%lx from 1:1 map\n", pfn);
+ return rc;
+--- a/arch/x86/kernel/cpu/mce/core.c
++++ b/arch/x86/kernel/cpu/mce/core.c
+@@ -533,6 +533,13 @@ bool mce_is_memory_error(struct mce *m)
+ }
+ EXPORT_SYMBOL_GPL(mce_is_memory_error);
+
++static bool whole_page(struct mce *m)
++{
++ if (!mca_cfg.ser || !(m->status & MCI_STATUS_MISCV))
++ return true;
++ return MCI_MISC_ADDR_LSB(m->misc) >= PAGE_SHIFT;
++}
++
+ bool mce_is_correctable(struct mce *m)
+ {
+ if (m->cpuvendor == X86_VENDOR_AMD && m->status & MCI_STATUS_DEFERRED)
+@@ -601,7 +608,7 @@ static int srao_decode_notifier(struct n
+ if (mce_usable_address(mce) && (mce->severity == MCE_AO_SEVERITY)) {
+ pfn = mce->addr >> PAGE_SHIFT;
+ if (!memory_failure(pfn, 0))
+- set_mce_nospec(pfn);
++ set_mce_nospec(pfn, whole_page(mce));
+ }
+
+ return NOTIFY_OK;
+@@ -1103,7 +1110,7 @@ static int do_memory_failure(struct mce
+ if (ret)
+ pr_err("Memory error not recovered");
+ else
+- set_mce_nospec(m->addr >> PAGE_SHIFT);
++ set_mce_nospec(m->addr >> PAGE_SHIFT, whole_page(m));
+ return ret;
+ }
+
+--- a/include/linux/set_memory.h
++++ b/include/linux/set_memory.h
+@@ -26,7 +26,7 @@ static inline int set_direct_map_default
+ #endif
+
+ #ifndef set_mce_nospec
+-static inline int set_mce_nospec(unsigned long pfn)
++static inline int set_mce_nospec(unsigned long pfn, bool unmap)
+ {
+ return 0;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
