From: Greg Kroah-Hartman Date: Sat, 1 Aug 2020 13:15:12 +0000 (+0200) Subject: 4.19-stable patches X-Git-Tag: v5.7.13~51 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a09b3cc18d2080cf3a4c33406f5f7065e02374e4;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: arm-8986-1-hw_breakpoint-don-t-invoke-overflow-handler-on-uaccess-watchpoints.patch arm-percpu.h-fix-build-error.patch random32-update-the-net-random-state-on-interrupt-and-activity.patch --- diff --git a/queue-4.19/arm-8986-1-hw_breakpoint-don-t-invoke-overflow-handler-on-uaccess-watchpoints.patch b/queue-4.19/arm-8986-1-hw_breakpoint-don-t-invoke-overflow-handler-on-uaccess-watchpoints.patch new file mode 100644 index 00000000000..932d4c80423 --- /dev/null +++ b/queue-4.19/arm-8986-1-hw_breakpoint-don-t-invoke-overflow-handler-on-uaccess-watchpoints.patch @@ -0,0 +1,81 @@ +From eec13b42d41b0f3339dcf0c4da43734427c68620 Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Thu, 18 Jun 2020 11:16:45 +0100 +Subject: ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints + +From: Will Deacon + +commit eec13b42d41b0f3339dcf0c4da43734427c68620 upstream. + +Unprivileged memory accesses generated by the so-called "translated" +instructions (e.g. LDRT) in kernel mode can cause user watchpoints to fire +unexpectedly. In such cases, the hw_breakpoint logic will invoke the user +overflow handler which will typically raise a SIGTRAP back to the current +task. This is futile when returning back to the kernel because (a) the +signal won't have been delivered and (b) userspace can't handle the thing +anyway. + +Avoid invoking the user overflow handler for watchpoints triggered by +kernel uaccess routines, and instead single-step over the faulting +instruction as we would if no overflow handler had been installed. + +Cc: +Fixes: f81ef4a920c8 ("ARM: 6356/1: hw-breakpoint: add ARM backend for the hw-breakpoint framework") +Reported-by: Luis Machado +Tested-by: Luis Machado +Signed-off-by: Will Deacon +Signed-off-by: Russell King +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/kernel/hw_breakpoint.c | 27 ++++++++++++++++++++++----- + 1 file changed, 22 insertions(+), 5 deletions(-) + +--- a/arch/arm/kernel/hw_breakpoint.c ++++ b/arch/arm/kernel/hw_breakpoint.c +@@ -688,6 +688,12 @@ static void disable_single_step(struct p + arch_install_hw_breakpoint(bp); + } + ++static int watchpoint_fault_on_uaccess(struct pt_regs *regs, ++ struct arch_hw_breakpoint *info) ++{ ++ return !user_mode(regs) && info->ctrl.privilege == ARM_BREAKPOINT_USER; ++} ++ + static void watchpoint_handler(unsigned long addr, unsigned int fsr, + struct pt_regs *regs) + { +@@ -747,16 +753,27 @@ static void watchpoint_handler(unsigned + } + + pr_debug("watchpoint fired: address = 0x%x\n", info->trigger); ++ ++ /* ++ * If we triggered a user watchpoint from a uaccess routine, ++ * then handle the stepping ourselves since userspace really ++ * can't help us with this. ++ */ ++ if (watchpoint_fault_on_uaccess(regs, info)) ++ goto step; ++ + perf_bp_event(wp, regs); + + /* +- * If no overflow handler is present, insert a temporary +- * mismatch breakpoint so we can single-step over the +- * watchpoint trigger. ++ * Defer stepping to the overflow handler if one is installed. ++ * Otherwise, insert a temporary mismatch breakpoint so that ++ * we can single-step over the watchpoint trigger. + */ +- if (is_default_overflow_handler(wp)) +- enable_single_step(wp, instruction_pointer(regs)); ++ if (!is_default_overflow_handler(wp)) ++ goto unlock; + ++step: ++ enable_single_step(wp, instruction_pointer(regs)); + unlock: + rcu_read_unlock(); + } diff --git a/queue-4.19/arm-percpu.h-fix-build-error.patch b/queue-4.19/arm-percpu.h-fix-build-error.patch new file mode 100644 index 00000000000..588ad9ec5b4 --- /dev/null +++ b/queue-4.19/arm-percpu.h-fix-build-error.patch @@ -0,0 +1,46 @@ +From aa54ea903abb02303bf55855fb51e3fcee135d70 Mon Sep 17 00:00:00 2001 +From: Grygorii Strashko +Date: Thu, 30 Jul 2020 22:05:01 +0300 +Subject: ARM: percpu.h: fix build error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Grygorii Strashko + +commit aa54ea903abb02303bf55855fb51e3fcee135d70 upstream. + +Fix build error for the case: + defined(CONFIG_SMP) && !defined(CONFIG_CPU_V6) + +config: keystone_defconfig + + CC arch/arm/kernel/signal.o + In file included from ../include/linux/random.h:14, + from ../arch/arm/kernel/signal.c:8: + ../arch/arm/include/asm/percpu.h: In function ‘__my_cpu_offset’: + ../arch/arm/include/asm/percpu.h:29:34: error: ‘current_stack_pointer’ undeclared (first use in this function); did you mean ‘user_stack_pointer’? + : "Q" (*(const unsigned long *)current_stack_pointer)); + ^~~~~~~~~~~~~~~~~~~~~ + user_stack_pointer + +Fixes: f227e3ec3b5c ("random32: update the net random state on interrupt and activity") +Signed-off-by: Grygorii Strashko +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/include/asm/percpu.h | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/arm/include/asm/percpu.h ++++ b/arch/arm/include/asm/percpu.h +@@ -16,6 +16,8 @@ + #ifndef _ASM_ARM_PERCPU_H_ + #define _ASM_ARM_PERCPU_H_ + ++#include ++ + /* + * Same as asm-generic/percpu.h, except that we store the per cpu offset + * in the TPIDRPRW. TPIDRPRW only exists on V6K and V7 diff --git a/queue-4.19/random32-update-the-net-random-state-on-interrupt-and-activity.patch b/queue-4.19/random32-update-the-net-random-state-on-interrupt-and-activity.patch new file mode 100644 index 00000000000..d814581dd2e --- /dev/null +++ b/queue-4.19/random32-update-the-net-random-state-on-interrupt-and-activity.patch @@ -0,0 +1,109 @@ +From f227e3ec3b5cad859ad15666874405e8c1bbc1d4 Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Fri, 10 Jul 2020 15:23:19 +0200 +Subject: random32: update the net random state on interrupt and activity + +From: Willy Tarreau + +commit f227e3ec3b5cad859ad15666874405e8c1bbc1d4 upstream. + +This modifies the first 32 bits out of the 128 bits of a random CPU's +net_rand_state on interrupt or CPU activity to complicate remote +observations that could lead to guessing the network RNG's internal +state. + +Note that depending on some network devices' interrupt rate moderation +or binding, this re-seeding might happen on every packet or even almost +never. + +In addition, with NOHZ some CPUs might not even get timer interrupts, +leaving their local state rarely updated, while they are running +networked processes making use of the random state. For this reason, we +also perform this update in update_process_times() in order to at least +update the state when there is user or system activity, since it's the +only case we care about. + +Reported-by: Amit Klein +Suggested-by: Linus Torvalds +Cc: Eric Dumazet +Cc: "Jason A. Donenfeld" +Cc: Andy Lutomirski +Cc: Kees Cook +Cc: Thomas Gleixner +Cc: Peter Zijlstra +Cc: +Signed-off-by: Willy Tarreau +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/random.c | 1 + + include/linux/random.h | 3 +++ + kernel/time/timer.c | 8 ++++++++ + lib/random32.c | 2 +- + 4 files changed, 13 insertions(+), 1 deletion(-) + +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -1257,6 +1257,7 @@ void add_interrupt_randomness(int irq, i + + fast_mix(fast_pool); + add_interrupt_bench(cycles); ++ this_cpu_add(net_rand_state.s1, fast_pool->pool[cycles & 3]); + + if (unlikely(crng_init == 0)) { + if ((fast_pool->count >= 64) && +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -9,6 +9,7 @@ + + #include + #include ++#include + + #include + +@@ -115,6 +116,8 @@ struct rnd_state { + __u32 s1, s2, s3, s4; + }; + ++DECLARE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy; ++ + u32 prandom_u32_state(struct rnd_state *state); + void prandom_bytes_state(struct rnd_state *state, void *buf, size_t nbytes); + void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state); +--- a/kernel/time/timer.c ++++ b/kernel/time/timer.c +@@ -44,6 +44,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -1654,6 +1655,13 @@ void update_process_times(int user_tick) + scheduler_tick(); + if (IS_ENABLED(CONFIG_POSIX_TIMERS)) + run_posix_cpu_timers(p); ++ ++ /* The current CPU might make use of net randoms without receiving IRQs ++ * to renew them often enough. Let's update the net_rand_state from a ++ * non-constant value that's not affine to the number of calls to make ++ * sure it's updated when there's some activity (we don't care in idle). ++ */ ++ this_cpu_add(net_rand_state.s1, rol32(jiffies, 24) + user_tick); + } + + /** +--- a/lib/random32.c ++++ b/lib/random32.c +@@ -48,7 +48,7 @@ static inline void prandom_state_selftes + } + #endif + +-static DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy; ++DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy; + + /** + * prandom_u32_state - seeded pseudo-random number generator. diff --git a/queue-4.19/series b/queue-4.19/series index 8ba323afc0e..2a2a1d4a96d 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -12,3 +12,6 @@ btrfs-fix-selftests-failure-due-to-uninitialized-i_m.patch pci-aspm-disable-aspm-on-asmedia-asm1083-1085-pcie-to-pci-bridge.patch 9p-trans_fd-fix-concurrency-del-of-req_list-in-p9_fd_cancelled-p9_read_work.patch wireless-use-offsetof-instead-of-custom-macro.patch +arm-8986-1-hw_breakpoint-don-t-invoke-overflow-handler-on-uaccess-watchpoints.patch +random32-update-the-net-random-state-on-interrupt-and-activity.patch +arm-percpu.h-fix-build-error.patch