From: Greg Kroah-Hartman Date: Fri, 17 May 2019 12:51:06 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v4.9.178~40 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=09dfd60e10d34bd0e6a0540499b3e781cb57e7dc;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: arm-exynos-fix-a-leaked-reference-by-adding-missing-of_node_put.patch crypto-chacha20poly1305-set-cra_name-correctly.patch crypto-crct10dif-generic-fix-use-via-crypto_shash_digest.patch crypto-vmx-fix-copy-paste-error-in-ctr-mode.patch crypto-x86-crct10dif-pcl-fix-use-via-crypto_shash_digest.patch x86-speculation-mds-improve-cpu-buffer-clear-documentation.patch x86-speculation-mds-revert-cpu-buffer-clear-on-double-fault-exit.patch --- diff --git a/queue-4.4/arm-exynos-fix-a-leaked-reference-by-adding-missing-of_node_put.patch b/queue-4.4/arm-exynos-fix-a-leaked-reference-by-adding-missing-of_node_put.patch new file mode 100644 index 00000000000..c5a0a5e67d2 --- /dev/null +++ b/queue-4.4/arm-exynos-fix-a-leaked-reference-by-adding-missing-of_node_put.patch @@ -0,0 +1,51 @@ +From 629266bf7229cd6a550075f5961f95607b823b59 Mon Sep 17 00:00:00 2001 +From: Wen Yang +Date: Tue, 5 Mar 2019 19:33:54 +0800 +Subject: ARM: exynos: Fix a leaked reference by adding missing of_node_put + +From: Wen Yang + +commit 629266bf7229cd6a550075f5961f95607b823b59 upstream. + +The call to of_get_next_child returns a node pointer with refcount +incremented thus it must be explicitly decremented after the last +usage. + +Detected by coccinelle with warnings like: + arch/arm/mach-exynos/firmware.c:201:2-8: ERROR: missing of_node_put; + acquired a node pointer with refcount incremented on line 193, + but without a corresponding object release within this function. + +Cc: stable@vger.kernel.org +Signed-off-by: Wen Yang +Signed-off-by: Krzysztof Kozlowski +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/mach-exynos/firmware.c | 1 + + arch/arm/mach-exynos/suspend.c | 2 ++ + 2 files changed, 3 insertions(+) + +--- a/arch/arm/mach-exynos/firmware.c ++++ b/arch/arm/mach-exynos/firmware.c +@@ -207,6 +207,7 @@ void __init exynos_firmware_init(void) + return; + + addr = of_get_address(nd, 0, NULL, NULL); ++ of_node_put(nd); + if (!addr) { + pr_err("%s: No address specified.\n", __func__); + return; +--- a/arch/arm/mach-exynos/suspend.c ++++ b/arch/arm/mach-exynos/suspend.c +@@ -725,8 +725,10 @@ void __init exynos_pm_init(void) + + if (WARN_ON(!of_find_property(np, "interrupt-controller", NULL))) { + pr_warn("Outdated DT detected, suspend/resume will NOT work\n"); ++ of_node_put(np); + return; + } ++ of_node_put(np); + + pm_data = (const struct exynos_pm_data *) match->data; + diff --git a/queue-4.4/crypto-chacha20poly1305-set-cra_name-correctly.patch b/queue-4.4/crypto-chacha20poly1305-set-cra_name-correctly.patch new file mode 100644 index 00000000000..c58fa549da6 --- /dev/null +++ b/queue-4.4/crypto-chacha20poly1305-set-cra_name-correctly.patch @@ -0,0 +1,46 @@ +From 5e27f38f1f3f45a0c938299c3a34a2d2db77165a Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Sun, 31 Mar 2019 13:04:16 -0700 +Subject: crypto: chacha20poly1305 - set cra_name correctly + +From: Eric Biggers + +commit 5e27f38f1f3f45a0c938299c3a34a2d2db77165a upstream. + +If the rfc7539 template is instantiated with specific implementations, +e.g. "rfc7539(chacha20-generic,poly1305-generic)" rather than +"rfc7539(chacha20,poly1305)", then the implementation names end up +included in the instance's cra_name. This is incorrect because it then +prevents all users from allocating "rfc7539(chacha20,poly1305)", if the +highest priority implementations of chacha20 and poly1305 were selected. +Also, the self-tests aren't run on an instance allocated in this way. + +Fix it by setting the instance's cra_name from the underlying +algorithms' actual cra_names, rather than from the requested names. +This matches what other templates do. + +Fixes: 71ebc4d1b27d ("crypto: chacha20poly1305 - Add a ChaCha20-Poly1305 AEAD construction, RFC7539") +Cc: # v4.2+ +Cc: Martin Willi +Signed-off-by: Eric Biggers +Reviewed-by: Martin Willi +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/chacha20poly1305.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/crypto/chacha20poly1305.c ++++ b/crypto/chacha20poly1305.c +@@ -637,8 +637,8 @@ static int chachapoly_create(struct cryp + + err = -ENAMETOOLONG; + if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, +- "%s(%s,%s)", name, chacha_name, +- poly_name) >= CRYPTO_MAX_ALG_NAME) ++ "%s(%s,%s)", name, chacha->base.cra_name, ++ poly->cra_name) >= CRYPTO_MAX_ALG_NAME) + goto out_drop_chacha; + if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, + "%s(%s,%s)", name, chacha->cra_driver_name, diff --git a/queue-4.4/crypto-crct10dif-generic-fix-use-via-crypto_shash_digest.patch b/queue-4.4/crypto-crct10dif-generic-fix-use-via-crypto_shash_digest.patch new file mode 100644 index 00000000000..d032c1caeb8 --- /dev/null +++ b/queue-4.4/crypto-crct10dif-generic-fix-use-via-crypto_shash_digest.patch @@ -0,0 +1,65 @@ +From 307508d1072979f4435416f87936f87eaeb82054 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Sun, 31 Mar 2019 13:04:12 -0700 +Subject: crypto: crct10dif-generic - fix use via crypto_shash_digest() + +From: Eric Biggers + +commit 307508d1072979f4435416f87936f87eaeb82054 upstream. + +The ->digest() method of crct10dif-generic reads the current CRC value +from the shash_desc context. But this value is uninitialized, causing +crypto_shash_digest() to compute the wrong result. Fix it. + +Probably this wasn't noticed before because lib/crc-t10dif.c only uses +crypto_shash_update(), not crypto_shash_digest(). Likewise, +crypto_shash_digest() is not yet tested by the crypto self-tests because +those only test the ahash API which only uses shash init/update/final. + +This bug was detected by my patches that improve testmgr to fuzz +algorithms against their generic implementation. + +Fixes: 2d31e518a428 ("crypto: crct10dif - Wrap crc_t10dif function all to use crypto transform framework") +Cc: # v3.11+ +Cc: Tim Chen +Signed-off-by: Eric Biggers +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/crct10dif_generic.c | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) + +--- a/crypto/crct10dif_generic.c ++++ b/crypto/crct10dif_generic.c +@@ -65,10 +65,9 @@ static int chksum_final(struct shash_des + return 0; + } + +-static int __chksum_finup(__u16 *crcp, const u8 *data, unsigned int len, +- u8 *out) ++static int __chksum_finup(__u16 crc, const u8 *data, unsigned int len, u8 *out) + { +- *(__u16 *)out = crc_t10dif_generic(*crcp, data, len); ++ *(__u16 *)out = crc_t10dif_generic(crc, data, len); + return 0; + } + +@@ -77,15 +76,13 @@ static int chksum_finup(struct shash_des + { + struct chksum_desc_ctx *ctx = shash_desc_ctx(desc); + +- return __chksum_finup(&ctx->crc, data, len, out); ++ return __chksum_finup(ctx->crc, data, len, out); + } + + static int chksum_digest(struct shash_desc *desc, const u8 *data, + unsigned int length, u8 *out) + { +- struct chksum_desc_ctx *ctx = shash_desc_ctx(desc); +- +- return __chksum_finup(&ctx->crc, data, length, out); ++ return __chksum_finup(0, data, length, out); + } + + static struct shash_alg alg = { diff --git a/queue-4.4/crypto-vmx-fix-copy-paste-error-in-ctr-mode.patch b/queue-4.4/crypto-vmx-fix-copy-paste-error-in-ctr-mode.patch new file mode 100644 index 00000000000..a753ee198c1 --- /dev/null +++ b/queue-4.4/crypto-vmx-fix-copy-paste-error-in-ctr-mode.patch @@ -0,0 +1,56 @@ +From dcf7b48212c0fab7df69e84fab22d6cb7c8c0fb9 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens +Date: Fri, 15 Mar 2019 13:09:01 +1100 +Subject: crypto: vmx - fix copy-paste error in CTR mode +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Daniel Axtens + +commit dcf7b48212c0fab7df69e84fab22d6cb7c8c0fb9 upstream. + +The original assembly imported from OpenSSL has two copy-paste +errors in handling CTR mode. When dealing with a 2 or 3 block tail, +the code branches to the CBC decryption exit path, rather than to +the CTR exit path. + +This leads to corruption of the IV, which leads to subsequent blocks +being corrupted. + +This can be detected with libkcapi test suite, which is available at +https://github.com/smuellerDD/libkcapi + +Reported-by: Ondrej Mosnáček +Fixes: 5c380d623ed3 ("crypto: vmx - Add support for VMS instructions by ASM") +Cc: stable@vger.kernel.org +Signed-off-by: Daniel Axtens +Tested-by: Michael Ellerman +Tested-by: Ondrej Mosnacek +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/vmx/aesp8-ppc.pl | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/crypto/vmx/aesp8-ppc.pl ++++ b/drivers/crypto/vmx/aesp8-ppc.pl +@@ -1795,7 +1795,7 @@ Lctr32_enc8x_three: + stvx_u $out1,$x10,$out + stvx_u $out2,$x20,$out + addi $out,$out,0x30 +- b Lcbc_dec8x_done ++ b Lctr32_enc8x_done + + .align 5 + Lctr32_enc8x_two: +@@ -1807,7 +1807,7 @@ Lctr32_enc8x_two: + stvx_u $out0,$x00,$out + stvx_u $out1,$x10,$out + addi $out,$out,0x20 +- b Lcbc_dec8x_done ++ b Lctr32_enc8x_done + + .align 5 + Lctr32_enc8x_one: diff --git a/queue-4.4/crypto-x86-crct10dif-pcl-fix-use-via-crypto_shash_digest.patch b/queue-4.4/crypto-x86-crct10dif-pcl-fix-use-via-crypto_shash_digest.patch new file mode 100644 index 00000000000..0c91aeb1170 --- /dev/null +++ b/queue-4.4/crypto-x86-crct10dif-pcl-fix-use-via-crypto_shash_digest.patch @@ -0,0 +1,68 @@ +From dec3d0b1071a0f3194e66a83d26ecf4aa8c5910e Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Sun, 31 Mar 2019 13:04:13 -0700 +Subject: crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() + +From: Eric Biggers + +commit dec3d0b1071a0f3194e66a83d26ecf4aa8c5910e upstream. + +The ->digest() method of crct10dif-pclmul reads the current CRC value +from the shash_desc context. But this value is uninitialized, causing +crypto_shash_digest() to compute the wrong result. Fix it. + +Probably this wasn't noticed before because lib/crc-t10dif.c only uses +crypto_shash_update(), not crypto_shash_digest(). Likewise, +crypto_shash_digest() is not yet tested by the crypto self-tests because +those only test the ahash API which only uses shash init/update/final. + +Fixes: 0b95a7f85718 ("crypto: crct10dif - Glue code to cast accelerated CRCT10DIF assembly as a crypto transform") +Cc: # v3.11+ +Cc: Tim Chen +Signed-off-by: Eric Biggers +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/crypto/crct10dif-pclmul_glue.c | 13 +++++-------- + 1 file changed, 5 insertions(+), 8 deletions(-) + +--- a/arch/x86/crypto/crct10dif-pclmul_glue.c ++++ b/arch/x86/crypto/crct10dif-pclmul_glue.c +@@ -76,15 +76,14 @@ static int chksum_final(struct shash_des + return 0; + } + +-static int __chksum_finup(__u16 *crcp, const u8 *data, unsigned int len, +- u8 *out) ++static int __chksum_finup(__u16 crc, const u8 *data, unsigned int len, u8 *out) + { + if (irq_fpu_usable()) { + kernel_fpu_begin(); +- *(__u16 *)out = crc_t10dif_pcl(*crcp, data, len); ++ *(__u16 *)out = crc_t10dif_pcl(crc, data, len); + kernel_fpu_end(); + } else +- *(__u16 *)out = crc_t10dif_generic(*crcp, data, len); ++ *(__u16 *)out = crc_t10dif_generic(crc, data, len); + return 0; + } + +@@ -93,15 +92,13 @@ static int chksum_finup(struct shash_des + { + struct chksum_desc_ctx *ctx = shash_desc_ctx(desc); + +- return __chksum_finup(&ctx->crc, data, len, out); ++ return __chksum_finup(ctx->crc, data, len, out); + } + + static int chksum_digest(struct shash_desc *desc, const u8 *data, + unsigned int length, u8 *out) + { +- struct chksum_desc_ctx *ctx = shash_desc_ctx(desc); +- +- return __chksum_finup(&ctx->crc, data, length, out); ++ return __chksum_finup(0, data, length, out); + } + + static struct shash_alg alg = { diff --git a/queue-4.4/series b/queue-4.4/series index e69de29bb2d..2e0dd71d24b 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -0,0 +1,7 @@ +x86-speculation-mds-revert-cpu-buffer-clear-on-double-fault-exit.patch +x86-speculation-mds-improve-cpu-buffer-clear-documentation.patch +arm-exynos-fix-a-leaked-reference-by-adding-missing-of_node_put.patch +crypto-chacha20poly1305-set-cra_name-correctly.patch +crypto-vmx-fix-copy-paste-error-in-ctr-mode.patch +crypto-crct10dif-generic-fix-use-via-crypto_shash_digest.patch +crypto-x86-crct10dif-pcl-fix-use-via-crypto_shash_digest.patch diff --git a/queue-4.4/x86-speculation-mds-improve-cpu-buffer-clear-documentation.patch b/queue-4.4/x86-speculation-mds-improve-cpu-buffer-clear-documentation.patch new file mode 100644 index 00000000000..996ae76046a --- /dev/null +++ b/queue-4.4/x86-speculation-mds-improve-cpu-buffer-clear-documentation.patch @@ -0,0 +1,80 @@ +From 9d8d0294e78a164d407133dea05caf4b84247d6a Mon Sep 17 00:00:00 2001 +From: Andy Lutomirski +Date: Tue, 14 May 2019 13:24:40 -0700 +Subject: x86/speculation/mds: Improve CPU buffer clear documentation + +From: Andy Lutomirski + +commit 9d8d0294e78a164d407133dea05caf4b84247d6a upstream. + +On x86_64, all returns to usermode go through +prepare_exit_to_usermode(), with the sole exception of do_nmi(). +This even includes machine checks -- this was added several years +ago to support MCE recovery. Update the documentation. + +Signed-off-by: Andy Lutomirski +Cc: Borislav Petkov +Cc: Frederic Weisbecker +Cc: Greg Kroah-Hartman +Cc: Jon Masters +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: stable@vger.kernel.org +Fixes: 04dcbdb80578 ("x86/speculation/mds: Clear CPU buffers on exit to user") +Link: http://lkml.kernel.org/r/999fa9e126ba6a48e9d214d2f18dbde5c62ac55c.1557865329.git.luto@kernel.org +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + Documentation/x86/mds.rst | 39 +++++++-------------------------------- + 1 file changed, 7 insertions(+), 32 deletions(-) + +--- a/Documentation/x86/mds.rst ++++ b/Documentation/x86/mds.rst +@@ -142,38 +142,13 @@ Mitigation points + mds_user_clear. + + The mitigation is invoked in prepare_exit_to_usermode() which covers +- most of the kernel to user space transitions. There are a few exceptions +- which are not invoking prepare_exit_to_usermode() on return to user +- space. These exceptions use the paranoid exit code. +- +- - Non Maskable Interrupt (NMI): +- +- Access to sensible data like keys, credentials in the NMI context is +- mostly theoretical: The CPU can do prefetching or execute a +- misspeculated code path and thereby fetching data which might end up +- leaking through a buffer. +- +- But for mounting other attacks the kernel stack address of the task is +- already valuable information. So in full mitigation mode, the NMI is +- mitigated on the return from do_nmi() to provide almost complete +- coverage. +- +- - Machine Check Exception (#MC): +- +- Another corner case is a #MC which hits between the CPU buffer clear +- invocation and the actual return to user. As this still is in kernel +- space it takes the paranoid exit path which does not clear the CPU +- buffers. So the #MC handler repopulates the buffers to some +- extent. Machine checks are not reliably controllable and the window is +- extremly small so mitigation would just tick a checkbox that this +- theoretical corner case is covered. To keep the amount of special +- cases small, ignore #MC. +- +- - Debug Exception (#DB): +- +- This takes the paranoid exit path only when the INT1 breakpoint is in +- kernel space. #DB on a user space address takes the regular exit path, +- so no extra mitigation required. ++ all but one of the kernel to user space transitions. The exception ++ is when we return from a Non Maskable Interrupt (NMI), which is ++ handled directly in do_nmi(). ++ ++ (The reason that NMI is special is that prepare_exit_to_usermode() can ++ enable IRQs. In NMI context, NMIs are blocked, and we don't want to ++ enable IRQs with NMIs blocked.) + + + 2. C-State transition diff --git a/queue-4.4/x86-speculation-mds-revert-cpu-buffer-clear-on-double-fault-exit.patch b/queue-4.4/x86-speculation-mds-revert-cpu-buffer-clear-on-double-fault-exit.patch new file mode 100644 index 00000000000..d3bfc84683e --- /dev/null +++ b/queue-4.4/x86-speculation-mds-revert-cpu-buffer-clear-on-double-fault-exit.patch @@ -0,0 +1,73 @@ +From 88640e1dcd089879530a49a8d212d1814678dfe7 Mon Sep 17 00:00:00 2001 +From: Andy Lutomirski +Date: Tue, 14 May 2019 13:24:39 -0700 +Subject: x86/speculation/mds: Revert CPU buffer clear on double fault exit + +From: Andy Lutomirski + +commit 88640e1dcd089879530a49a8d212d1814678dfe7 upstream. + +The double fault ESPFIX path doesn't return to user mode at all -- +it returns back to the kernel by simulating a #GP fault. +prepare_exit_to_usermode() will run on the way out of +general_protection before running user code. + +Signed-off-by: Andy Lutomirski +Cc: Borislav Petkov +Cc: Frederic Weisbecker +Cc: Greg Kroah-Hartman +Cc: Jon Masters +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: stable@vger.kernel.org +Fixes: 04dcbdb80578 ("x86/speculation/mds: Clear CPU buffers on exit to user") +Link: http://lkml.kernel.org/r/ac97612445c0a44ee10374f6ea79c222fe22a5c4.1557865329.git.luto@kernel.org +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + Documentation/x86/mds.rst | 7 ------- + arch/x86/kernel/traps.c | 8 -------- + 2 files changed, 15 deletions(-) + +--- a/Documentation/x86/mds.rst ++++ b/Documentation/x86/mds.rst +@@ -158,13 +158,6 @@ Mitigation points + mitigated on the return from do_nmi() to provide almost complete + coverage. + +- - Double fault (#DF): +- +- A double fault is usually fatal, but the ESPFIX workaround, which can +- be triggered from user space through modify_ldt(2) is a recoverable +- double fault. #DF uses the paranoid exit path, so explicit mitigation +- in the double fault handler is required. +- + - Machine Check Exception (#MC): + + Another corner case is a #MC which hits between the CPU buffer clear +--- a/arch/x86/kernel/traps.c ++++ b/arch/x86/kernel/traps.c +@@ -61,7 +61,6 @@ + #include + #include + #include +-#include + #include + #include + +@@ -338,13 +337,6 @@ dotraplinkage void do_double_fault(struc + regs->ip = (unsigned long)general_protection; + regs->sp = (unsigned long)&normal_regs->orig_ax; + +- /* +- * This situation can be triggered by userspace via +- * modify_ldt(2) and the return does not take the regular +- * user space exit, so a CPU buffer clear is required when +- * MDS mitigation is enabled. +- */ +- mds_user_clear_cpu_buffers(); + return; + } + #endif