From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 6 Dec 2021 12:59:32 +0000 (+0100)
Subject: 5.4-stable patches
X-Git-Tag: v4.4.294~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=05881fda7a30ded7f428e872c093a0de716e4be1;p=thirdparty%2Fkernel%2Fstable-queue.git

5.4-stable patches

added patches:
	net-tls-fix-authentication-failure-in-ccm-mode.patch
	parisc-mark-cr16-cpu-clocksource-unstable-on-all-smp-machines.patch
---

diff --git a/queue-5.4/net-tls-fix-authentication-failure-in-ccm-mode.patch b/queue-5.4/net-tls-fix-authentication-failure-in-ccm-mode.patch
new file mode 100644
index 00000000000..2303d6bdbad
--- /dev/null
+++ b/queue-5.4/net-tls-fix-authentication-failure-in-ccm-mode.patch
@@ -0,0 +1,44 @@
+From 5961060692f8b17cd2080620a3d27b95d2ae05ca Mon Sep 17 00:00:00 2001
+From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+Date: Mon, 29 Nov 2021 17:32:12 +0800
+Subject: net/tls: Fix authentication failure in CCM mode
+
+From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+
+commit 5961060692f8b17cd2080620a3d27b95d2ae05ca upstream.
+
+When the TLS cipher suite uses CCM mode, including AES CCM and
+SM4 CCM, the first byte of the B0 block is flags, and the real
+IV starts from the second byte. The XOR operation of the IV and
+rec_seq should be skip this byte, that is, add the iv_offset.
+
+Fixes: f295b3ae9f59 ("net/tls: Add support of AES128-CCM based ciphers")
+Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
+Cc: Vakul Garg <vakul.garg@nxp.com>
+Cc: stable@vger.kernel.org # v5.2+
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/tls/tls_sw.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/tls/tls_sw.c
++++ b/net/tls/tls_sw.c
+@@ -512,7 +512,7 @@ static int tls_do_encryption(struct sock
+ 	memcpy(&rec->iv_data[iv_offset], tls_ctx->tx.iv,
+ 	       prot->iv_size + prot->salt_size);
+ 
+-	xor_iv_with_seq(prot->version, rec->iv_data, tls_ctx->tx.rec_seq);
++	xor_iv_with_seq(prot->version, rec->iv_data + iv_offset, tls_ctx->tx.rec_seq);
+ 
+ 	sge->offset += prot->prepend_size;
+ 	sge->length -= prot->prepend_size;
+@@ -1483,7 +1483,7 @@ static int decrypt_internal(struct sock
+ 	else
+ 		memcpy(iv + iv_offset, tls_ctx->rx.iv, prot->salt_size);
+ 
+-	xor_iv_with_seq(prot->version, iv, tls_ctx->rx.rec_seq);
++	xor_iv_with_seq(prot->version, iv + iv_offset, tls_ctx->rx.rec_seq);
+ 
+ 	/* Prepare AAD */
+ 	tls_make_aad(aad, rxm->full_len - prot->overhead_size +
diff --git a/queue-5.4/parisc-mark-cr16-cpu-clocksource-unstable-on-all-smp-machines.patch b/queue-5.4/parisc-mark-cr16-cpu-clocksource-unstable-on-all-smp-machines.patch
new file mode 100644
index 00000000000..97b4bdcb646
--- /dev/null
+++ b/queue-5.4/parisc-mark-cr16-cpu-clocksource-unstable-on-all-smp-machines.patch
@@ -0,0 +1,64 @@
+From afdb4a5b1d340e4afffc65daa21cc71890d7d589 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Sat, 4 Dec 2021 21:21:46 +0100
+Subject: parisc: Mark cr16 CPU clocksource unstable on all SMP machines
+
+From: Helge Deller <deller@gmx.de>
+
+commit afdb4a5b1d340e4afffc65daa21cc71890d7d589 upstream.
+
+In commit c8c3735997a3 ("parisc: Enhance detection of synchronous cr16
+clocksources") I assumed that CPUs on the same physical core are syncronous.
+While booting up the kernel on two different C8000 machines, one with a
+dual-core PA8800 and one with a dual-core PA8900 CPU, this turned out to be
+wrong. The symptom was that I saw a jump in the internal clocks printed to the
+syslog and strange overall behaviour.  On machines which have 4 cores (2
+dual-cores) the problem isn't visible, because the current logic already marked
+the cr16 clocksource unstable in this case.
+
+This patch now marks the cr16 interval timers unstable if we have more than one
+CPU in the system, and it fixes this issue.
+
+Fixes: c8c3735997a3 ("parisc: Enhance detection of synchronous cr16 clocksources")
+Signed-off-by: Helge Deller <deller@gmx.de>
+Cc: <stable@vger.kernel.org> # v5.15+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/parisc/kernel/time.c |   24 +++++-------------------
+ 1 file changed, 5 insertions(+), 19 deletions(-)
+
+--- a/arch/parisc/kernel/time.c
++++ b/arch/parisc/kernel/time.c
+@@ -245,27 +245,13 @@ void __init time_init(void)
+ static int __init init_cr16_clocksource(void)
+ {
+ 	/*
+-	 * The cr16 interval timers are not syncronized across CPUs on
+-	 * different sockets, so mark them unstable and lower rating on
+-	 * multi-socket SMP systems.
++	 * The cr16 interval timers are not syncronized across CPUs, even if
++	 * they share the same socket.
+ 	 */
+ 	if (num_online_cpus() > 1 && !running_on_qemu) {
+-		int cpu;
+-		unsigned long cpu0_loc;
+-		cpu0_loc = per_cpu(cpu_data, 0).cpu_loc;
+-
+-		for_each_online_cpu(cpu) {
+-			if (cpu == 0)
+-				continue;
+-			if ((cpu0_loc != 0) &&
+-			    (cpu0_loc == per_cpu(cpu_data, cpu).cpu_loc))
+-				continue;
+-
+-			clocksource_cr16.name = "cr16_unstable";
+-			clocksource_cr16.flags = CLOCK_SOURCE_UNSTABLE;
+-			clocksource_cr16.rating = 0;
+-			break;
+-		}
++		clocksource_cr16.name = "cr16_unstable";
++		clocksource_cr16.flags = CLOCK_SOURCE_UNSTABLE;
++		clocksource_cr16.rating = 0;
+ 	}
+ 
+ 	/* XXX: We may want to mark sched_clock stable here if cr16 clocks are
diff --git a/queue-5.4/series b/queue-5.4/series
index 303ad894464..a1a9ee7c3f7 100644
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -65,3 +65,5 @@ serial-core-fix-transmit-buffer-reset-and-memleak.patch
 serial-8250_pci-fix-acces-entries-in-pci_serial_quirks-array.patch
 serial-8250_pci-rewrite-pericom_do_set_divisor.patch
 iwlwifi-mvm-retry-init-flow-if-failed.patch
+parisc-mark-cr16-cpu-clocksource-unstable-on-all-smp-machines.patch
+net-tls-fix-authentication-failure-in-ccm-mode.patch