From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 9 Aug 2012 20:03:55 +0000 (-0700)
Subject: 3.0-stable patches
X-Git-Tag: v3.5.2~24
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2d5172b7f0c59e2852e2f37951dcae2d35f2078e;p=thirdparty%2Fkernel%2Fstable-queue.git

3.0-stable patches

added patches:
	drivers-char-random.c-fix-boot-id-uniqueness-race.patch
	fix-typo-thinko-in-get_random_bytes.patch
	random-adjust-the-number-of-loops-when-initializing.patch
	random-use-arch-specific-rng-to-initialize-the-entropy-store.patch
---

diff --git a/queue-3.0/drivers-char-random.c-fix-boot-id-uniqueness-race.patch b/queue-3.0/drivers-char-random.c-fix-boot-id-uniqueness-race.patch
new file mode 100644
index 00000000000..a65ffeedacf
--- /dev/null
+++ b/queue-3.0/drivers-char-random.c-fix-boot-id-uniqueness-race.patch
@@ -0,0 +1,53 @@
+From 44e4360fa3384850d65dd36fb4e6e5f2f112709b Mon Sep 17 00:00:00 2001
+From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Date: Thu, 12 Apr 2012 12:49:12 -0700
+Subject: drivers/char/random.c: fix boot id uniqueness race
+
+From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+
+commit 44e4360fa3384850d65dd36fb4e6e5f2f112709b upstream.
+
+/proc/sys/kernel/random/boot_id can be read concurrently by userspace
+processes.  If two (or more) user-space processes concurrently read
+boot_id when sysctl_bootid is not yet assigned, a race can occur making
+boot_id differ between the reads.  Because the whole point of the boot id
+is to be unique across a kernel execution, fix this by protecting this
+operation with a spinlock.
+
+Given that this operation is not frequently used, hitting the spinlock
+on each call should not be an issue.
+
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Cc: "Theodore Ts'o" <tytso@mit.edu>
+Cc: Matt Mackall <mpm@selenic.com>
+Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
+Cc: Greg Kroah-Hartman <greg@kroah.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/random.c |   11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -1260,10 +1260,15 @@ static int proc_do_uuid(ctl_table *table
+ 	uuid = table->data;
+ 	if (!uuid) {
+ 		uuid = tmp_uuid;
+-		uuid[8] = 0;
+-	}
+-	if (uuid[8] == 0)
+ 		generate_random_uuid(uuid);
++	} else {
++		static DEFINE_SPINLOCK(bootid_spinlock);
++
++		spin_lock(&bootid_spinlock);
++		if (!uuid[8])
++			generate_random_uuid(uuid);
++		spin_unlock(&bootid_spinlock);
++	}
+ 
+ 	sprintf(buf, "%pU", uuid);
+ 
diff --git a/queue-3.0/fix-typo-thinko-in-get_random_bytes.patch b/queue-3.0/fix-typo-thinko-in-get_random_bytes.patch
new file mode 100644
index 00000000000..93e00ffc1cc
--- /dev/null
+++ b/queue-3.0/fix-typo-thinko-in-get_random_bytes.patch
@@ -0,0 +1,35 @@
+From bd29e568a4cb6465f6e5ec7c1c1f3ae7d99cbec1 Mon Sep 17 00:00:00 2001
+From: "Luck, Tony" <tony.luck@intel.com>
+Date: Wed, 16 Nov 2011 10:50:56 -0800
+Subject: fix typo/thinko in get_random_bytes()
+
+From: "Luck, Tony" <tony.luck@intel.com>
+
+commit bd29e568a4cb6465f6e5ec7c1c1f3ae7d99cbec1 upstream.
+
+If there is an architecture-specific random number generator we use it
+to acquire randomness one "long" at a time.  We should put these random
+words into consecutive words in the result buffer - not just overwrite
+the first word again and again.
+
+Signed-off-by: Tony Luck <tony.luck@intel.com>
+Acked-by: H. Peter Anvin <hpa@zytor.com>
+Acked-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/random.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -941,7 +941,7 @@ void get_random_bytes(void *buf, int nby
+ 		if (!arch_get_random_long(&v))
+ 			break;
+ 
+-		memcpy(buf, &v, chunk);
++		memcpy(p, &v, chunk);
+ 		p += chunk;
+ 		nbytes -= chunk;
+ 	}
diff --git a/queue-3.0/random-adjust-the-number-of-loops-when-initializing.patch b/queue-3.0/random-adjust-the-number-of-loops-when-initializing.patch
new file mode 100644
index 00000000000..ea576efb541
--- /dev/null
+++ b/queue-3.0/random-adjust-the-number-of-loops-when-initializing.patch
@@ -0,0 +1,35 @@
+From 2dac8e54f988ab58525505d7ef982493374433c3 Mon Sep 17 00:00:00 2001
+From: "H. Peter Anvin" <hpa@linux.intel.com>
+Date: Mon, 16 Jan 2012 11:23:29 -0800
+Subject: random: Adjust the number of loops when initializing
+
+From: "H. Peter Anvin" <hpa@linux.intel.com>
+
+commit 2dac8e54f988ab58525505d7ef982493374433c3 upstream.
+
+When we are initializing using arch_get_random_long() we only need to
+loop enough times to touch all the bytes in the buffer; using
+poolwords for that does twice the number of operations necessary on a
+64-bit machine, since in the random number generator code "word" means
+32 bits.
+
+Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
+Cc: "Theodore Ts'o" <tytso@mit.edu>
+Link: http://lkml.kernel.org/r/1324589281-31931-1-git-send-email-tytso@mit.edu
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/random.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -975,7 +975,7 @@ static void init_std_data(struct entropy
+ 
+ 	now = ktime_get_real();
+ 	mix_pool_bytes(r, &now, sizeof(now));
+-	for (i = r->poolinfo->poolwords; i; i--) {
++	for (i = r->poolinfo->POOLBYTES; i > 0; i -= sizeof flags) {
+ 		if (!arch_get_random_long(&flags))
+ 			break;
+ 		mix_pool_bytes(r, &flags, sizeof(flags));
diff --git a/queue-3.0/random-make-add_interrupt_randomness-do-something-sane.patch b/queue-3.0/random-make-add_interrupt_randomness-do-something-sane.patch
index 8f67be5a23c..70f6097d153 100644
--- a/queue-3.0/random-make-add_interrupt_randomness-do-something-sane.patch
+++ b/queue-3.0/random-make-add_interrupt_randomness-do-something-sane.patch
@@ -217,7 +217,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  }
  
  #ifdef CONFIG_BLOCK
-@@ -970,6 +1038,7 @@ static void init_std_data(struct entropy
+@@ -971,6 +1039,7 @@ static void init_std_data(struct entropy
  
  	spin_lock_irqsave(&r->lock, flags);
  	r->entropy_count = 0;
diff --git a/queue-3.0/random-use-arch-specific-rng-to-initialize-the-entropy-store.patch b/queue-3.0/random-use-arch-specific-rng-to-initialize-the-entropy-store.patch
new file mode 100644
index 00000000000..3209a37f0fc
--- /dev/null
+++ b/queue-3.0/random-use-arch-specific-rng-to-initialize-the-entropy-store.patch
@@ -0,0 +1,46 @@
+From 3e88bdff1c65145f7ba297ccec69c774afe4c785 Mon Sep 17 00:00:00 2001
+From: Theodore Ts'o <tytso@mit.edu>
+Date: Thu, 22 Dec 2011 16:28:01 -0500
+Subject: random: Use arch-specific RNG to initialize the entropy store
+
+From: Theodore Ts'o <tytso@mit.edu>
+
+commit 3e88bdff1c65145f7ba297ccec69c774afe4c785 upstream.
+
+If there is an architecture-specific random number generator (such as
+RDRAND for Intel architectures), use it to initialize /dev/random's
+entropy stores.  Even in the worst case, if RDRAND is something like
+AES(NSA_KEY, counter++), it won't hurt, and it will definitely help
+against any other adversaries.
+
+Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
+Link: http://lkml.kernel.org/r/1324589281-31931-1-git-send-email-tytso@mit.edu
+Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/random.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -965,6 +965,7 @@ EXPORT_SYMBOL(get_random_bytes);
+  */
+ static void init_std_data(struct entropy_store *r)
+ {
++	int i;
+ 	ktime_t now;
+ 	unsigned long flags;
+ 
+@@ -974,6 +975,11 @@ static void init_std_data(struct entropy
+ 
+ 	now = ktime_get_real();
+ 	mix_pool_bytes(r, &now, sizeof(now));
++	for (i = r->poolinfo->poolwords; i; i--) {
++		if (!arch_get_random_long(&flags))
++			break;
++		mix_pool_bytes(r, &flags, sizeof(flags));
++	}
+ 	mix_pool_bytes(r, utsname(), sizeof(*(utsname())));
+ }
+ 
diff --git a/queue-3.0/random-use-lockless-techniques-in-the-interrupt-path.patch b/queue-3.0/random-use-lockless-techniques-in-the-interrupt-path.patch
index 512b9f0238c..ef19d2d2158 100644
--- a/queue-3.0/random-use-lockless-techniques-in-the-interrupt-path.patch
+++ b/queue-3.0/random-use-lockless-techniques-in-the-interrupt-path.patch
@@ -15,6 +15,10 @@ random driver, which is the interrupt collection path.
 Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 
+---
+ drivers/char/random.c |   78 +++++++++++++++++++++++++-------------------------
+ 1 file changed, 39 insertions(+), 39 deletions(-)
+
 --- a/drivers/char/random.c
 +++ b/drivers/char/random.c
 @@ -418,9 +418,9 @@ struct entropy_store {
@@ -60,7 +64,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  
  	/* mix one byte at a time to simplify size handling and churn faster */
  	while (nbytes--) {
-@@ -514,19 +512,23 @@ static void mix_pool_bytes_extract(struct entropy_store *r, const void *in,
+@@ -514,19 +512,23 @@ static void mix_pool_bytes_extract(struc
  		input_rotate += i ? 7 : 14;
  	}
  
@@ -90,7 +94,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  }
  
  struct fast_pool {
-@@ -564,23 +566,22 @@ static void fast_mix(struct fast_pool *f, const void *in, int nbytes)
+@@ -564,23 +566,22 @@ static void fast_mix(struct fast_pool *f
   */
  static void credit_entropy_bits(struct entropy_store *r, int nbits)
  {
@@ -119,7 +123,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  
  	if (!r->initialized && nbits > 0) {
  		r->entropy_total += nbits;
-@@ -593,7 +594,6 @@ static void credit_entropy_bits(struct entropy_store *r, int nbits)
+@@ -593,7 +594,6 @@ static void credit_entropy_bits(struct e
  		wake_up_interruptible(&random_read_wait);
  		kill_fasync(&fasync, SIGIO, POLL_IN);
  	}
@@ -127,7 +131,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  }
  
  /*********************************************************************
-@@ -680,7 +680,7 @@ static void add_timer_randomness(struct timer_rand_state *state, unsigned num)
+@@ -680,7 +680,7 @@ static void add_timer_randomness(struct
  		sample.cycles = get_cycles();
  
  	sample.num = num;
@@ -136,7 +140,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  
  	/*
  	 * Calculate number of bits of randomness we probably added.
-@@ -764,7 +764,7 @@ void add_interrupt_randomness(int irq, int irq_flags)
+@@ -764,7 +764,7 @@ void add_interrupt_randomness(int irq, i
  	fast_pool->last = now;
  
  	r = nonblocking_pool.initialized ? &input_pool : &nonblocking_pool;
@@ -145,7 +149,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  	/*
  	 * If we don't have a valid cycle counter, and we see
  	 * back-to-back timer interrupts, then skip giving credit for
-@@ -829,7 +829,7 @@ static void xfer_secondary_pool(struct entropy_store *r, size_t nbytes)
+@@ -829,7 +829,7 @@ static void xfer_secondary_pool(struct e
  
  		bytes = extract_entropy(r->pull, tmp, bytes,
  					random_read_wakeup_thresh / 8, rsvd);
@@ -154,7 +158,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  		credit_entropy_bits(r, bytes*8);
  	}
  }
-@@ -890,9 +890,11 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
+@@ -890,9 +890,11 @@ static void extract_buf(struct entropy_s
  	int i;
  	__u32 hash[5], workspace[SHA_WORKSPACE_WORDS];
  	__u8 extract[64];
@@ -166,7 +170,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  	for (i = 0; i < r->poolinfo->poolwords; i += 16)
  		sha_transform(hash, (__u8 *)(r->pool + i), workspace);
  
-@@ -905,7 +907,8 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
+@@ -905,7 +907,8 @@ static void extract_buf(struct entropy_s
  	 * brute-forcing the feedback as hard as brute-forcing the
  	 * hash.
  	 */
@@ -176,7 +180,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  
  	/*
  	 * To avoid duplicates, we atomically extract a portion of the
-@@ -928,11 +931,10 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
+@@ -928,11 +931,10 @@ static void extract_buf(struct entropy_s
  }
  
  static ssize_t extract_entropy(struct entropy_store *r, void *buf,
@@ -189,7 +193,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  
  	xfer_secondary_pool(r, nbytes);
  	nbytes = account(r, nbytes, min, reserved);
-@@ -941,6 +943,8 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
+@@ -941,6 +943,8 @@ static ssize_t extract_entropy(struct en
  		extract_buf(r, tmp);
  
  		if (fips_enabled) {
@@ -228,7 +232,7 @@ Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  }
  
  static int rand_initialize(void)
-@@ -1186,7 +1186,7 @@ write_pool(struct entropy_store *r, const char __user *buffer, size_t count)
+@@ -1186,7 +1186,7 @@ write_pool(struct entropy_store *r, cons
  		count -= bytes;
  		p += bytes;
  
diff --git a/queue-3.0/series b/queue-3.0/series
index ff8dd6f7269..0942c6c5161 100644
--- a/queue-3.0/series
+++ b/queue-3.0/series
@@ -12,7 +12,11 @@ mm-mmu_notifier-fix-freed-page-still-mapped-in-secondary-mmu.patch
 mac80211-cancel-mesh-path-timer.patch
 x86-nops-missing-break-resulting-in-incorrect-selection-on-intel.patch
 random-add-support-for-architectural-random-hooks.patch
+fix-typo-thinko-in-get_random_bytes.patch
 random-use-arch_get_random_int-instead-of-cycle-counter-if-avail.patch
+random-use-arch-specific-rng-to-initialize-the-entropy-store.patch
+random-adjust-the-number-of-loops-when-initializing.patch
+drivers-char-random.c-fix-boot-id-uniqueness-race.patch
 random-make-add_interrupt_randomness-do-something-sane.patch
 random-use-lockless-techniques-in-the-interrupt-path.patch
 random-create-add_device_randomness-interface.patch