From: Greg Kroah-Hartman Date: Mon, 13 Sep 2021 11:35:35 +0000 (+0200) Subject: 4.19-stable patches X-Git-Tag: v5.4.146~16 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d106326a6336c3fd0a312eb1576298b71b40b162;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: ima-remove-the-dependency-on-crypto_md5.patch ima-remove-wmissing-prototypes-warning.patch kvm-x86-update-vcpu-s-hv_clock-before-back-to-guest-when-tsc_offset-is-adjusted.patch x86-resctrl-fix-a-maybe-uninitialized-build-warning-treated-as-error.patch --- diff --git a/queue-4.19/ima-remove-the-dependency-on-crypto_md5.patch b/queue-4.19/ima-remove-the-dependency-on-crypto_md5.patch new file mode 100644 index 00000000000..f59bd9e453d --- /dev/null +++ b/queue-4.19/ima-remove-the-dependency-on-crypto_md5.patch @@ -0,0 +1,45 @@ +From 8510505d55e194d3f6c9644c9f9d12c4f6b0395a Mon Sep 17 00:00:00 2001 +From: THOBY Simon +Date: Mon, 16 Aug 2021 08:10:59 +0000 +Subject: IMA: remove the dependency on CRYPTO_MD5 + +From: THOBY Simon + +commit 8510505d55e194d3f6c9644c9f9d12c4f6b0395a upstream. + +MD5 is a weak digest algorithm that shouldn't be used for cryptographic +operation. It hinders the efficiency of a patch set that aims to limit +the digests allowed for the extended file attribute namely security.ima. +MD5 is no longer a requirement for IMA, nor should it be used there. + +The sole place where we still use the MD5 algorithm inside IMA is setting +the ima_hash algorithm to MD5, if the user supplies 'ima_hash=md5' +parameter on the command line. With commit ab60368ab6a4 ("ima: Fallback +to the builtin hash algorithm"), setting "ima_hash=md5" fails gracefully +when CRYPTO_MD5 is not set: + ima: Can not allocate md5 (reason: -2) + ima: Allocating md5 failed, going to use default hash algorithm sha256 + +Remove the CRYPTO_MD5 dependency for IMA. + +Signed-off-by: THOBY Simon +Reviewed-by: Lakshmi Ramasubramanian +[zohar@linux.ibm.com: include commit number in patch description for +stable.] +Cc: stable@vger.kernel.org # 4.17 +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman +--- + security/integrity/ima/Kconfig | 1 - + 1 file changed, 1 deletion(-) + +--- a/security/integrity/ima/Kconfig ++++ b/security/integrity/ima/Kconfig +@@ -5,7 +5,6 @@ config IMA + select SECURITYFS + select CRYPTO + select CRYPTO_HMAC +- select CRYPTO_MD5 + select CRYPTO_SHA1 + select CRYPTO_HASH_INFO + select TCG_TPM if HAS_IOMEM && !UML diff --git a/queue-4.19/ima-remove-wmissing-prototypes-warning.patch b/queue-4.19/ima-remove-wmissing-prototypes-warning.patch new file mode 100644 index 00000000000..cd78b060a8e --- /dev/null +++ b/queue-4.19/ima-remove-wmissing-prototypes-warning.patch @@ -0,0 +1,40 @@ +From a32ad90426a9c8eb3915eed26e08ce133bd9e0da Mon Sep 17 00:00:00 2001 +From: Austin Kim +Date: Tue, 29 Jun 2021 14:50:50 +0100 +Subject: IMA: remove -Wmissing-prototypes warning +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Austin Kim + +commit a32ad90426a9c8eb3915eed26e08ce133bd9e0da upstream. + +With W=1 build, the compiler throws warning message as below: + + security/integrity/ima/ima_mok.c:24:12: warning: + no previous prototype for ‘ima_mok_init’ [-Wmissing-prototypes] + __init int ima_mok_init(void) + +Silence the warning by adding static keyword to ima_mok_init(). + +Signed-off-by: Austin Kim +Fixes: 41c89b64d718 ("IMA: create machine owner and blacklist keyrings") +Cc: stable@vger.kernel.org +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman +--- + security/integrity/ima/ima_mok.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/security/integrity/ima/ima_mok.c ++++ b/security/integrity/ima/ima_mok.c +@@ -26,7 +26,7 @@ struct key *ima_blacklist_keyring; + /* + * Allocate the IMA blacklist keyring + */ +-__init int ima_mok_init(void) ++static __init int ima_mok_init(void) + { + struct key_restriction *restriction; + diff --git a/queue-4.19/kvm-x86-update-vcpu-s-hv_clock-before-back-to-guest-when-tsc_offset-is-adjusted.patch b/queue-4.19/kvm-x86-update-vcpu-s-hv_clock-before-back-to-guest-when-tsc_offset-is-adjusted.patch new file mode 100644 index 00000000000..68fc7887175 --- /dev/null +++ b/queue-4.19/kvm-x86-update-vcpu-s-hv_clock-before-back-to-guest-when-tsc_offset-is-adjusted.patch @@ -0,0 +1,40 @@ +From d9130a2dfdd4b21736c91b818f87dbc0ccd1e757 Mon Sep 17 00:00:00 2001 +From: Zelin Deng +Date: Wed, 28 Apr 2021 10:22:01 +0800 +Subject: KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted + +From: Zelin Deng + +commit d9130a2dfdd4b21736c91b818f87dbc0ccd1e757 upstream. + +When MSR_IA32_TSC_ADJUST is written by guest due to TSC ADJUST feature +especially there's a big tsc warp (like a new vCPU is hot-added into VM +which has been up for a long time), tsc_offset is added by a large value +then go back to guest. This causes system time jump as tsc_timestamp is +not adjusted in the meantime and pvclock monotonic character. +To fix this, just notify kvm to update vCPU's guest time before back to +guest. + +Cc: stable@vger.kernel.org +Signed-off-by: Zelin Deng +Signed-off-by: Paolo Bonzini +Message-Id: <1619576521-81399-2-git-send-email-zelin.deng@linux.alibaba.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/x86.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -2511,6 +2511,10 @@ int kvm_set_msr_common(struct kvm_vcpu * + if (!msr_info->host_initiated) { + s64 adj = data - vcpu->arch.ia32_tsc_adjust_msr; + adjust_tsc_offset_guest(vcpu, adj); ++ /* Before back to guest, tsc_timestamp must be adjusted ++ * as well, otherwise guest's percpu pvclock time could jump. ++ */ ++ kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu); + } + vcpu->arch.ia32_tsc_adjust_msr = data; + } diff --git a/queue-4.19/series b/queue-4.19/series index ce429ade148..8428fd7c149 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -111,3 +111,7 @@ f2fs-report-correct-st_size-for-encrypted-symlinks.patch ubifs-report-correct-st_size-for-encrypted-symlinks.patch time-handle-negative-seconds-correctly-in-timespec64_to_ns.patch tty-fix-data-race-between-tiocsti-and-flush_to_ldisc.patch +x86-resctrl-fix-a-maybe-uninitialized-build-warning-treated-as-error.patch +kvm-x86-update-vcpu-s-hv_clock-before-back-to-guest-when-tsc_offset-is-adjusted.patch +ima-remove-wmissing-prototypes-warning.patch +ima-remove-the-dependency-on-crypto_md5.patch diff --git a/queue-4.19/x86-resctrl-fix-a-maybe-uninitialized-build-warning-treated-as-error.patch b/queue-4.19/x86-resctrl-fix-a-maybe-uninitialized-build-warning-treated-as-error.patch new file mode 100644 index 00000000000..287898193fb --- /dev/null +++ b/queue-4.19/x86-resctrl-fix-a-maybe-uninitialized-build-warning-treated-as-error.patch @@ -0,0 +1,67 @@ +From 527f721478bce3f49b513a733bacd19d6f34b08c Mon Sep 17 00:00:00 2001 +From: Babu Moger +Date: Fri, 20 Aug 2021 16:52:42 -0500 +Subject: x86/resctrl: Fix a maybe-uninitialized build warning treated as error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Babu Moger + +commit 527f721478bce3f49b513a733bacd19d6f34b08c upstream. + +The recent commit + + 064855a69003 ("x86/resctrl: Fix default monitoring groups reporting") + +caused a RHEL build failure with an uninitialized variable warning +treated as an error because it removed the default case snippet. + +The RHEL Makefile uses '-Werror=maybe-uninitialized' to force possibly +uninitialized variable warnings to be treated as errors. This is also +reported by smatch via the 0day robot. + +The error from the RHEL build is: + + arch/x86/kernel/cpu/resctrl/monitor.c: In function ‘__mon_event_count’: + arch/x86/kernel/cpu/resctrl/monitor.c:261:12: error: ‘m’ may be used + uninitialized in this function [-Werror=maybe-uninitialized] + m->chunks += chunks; + ^~ + +The upstream Makefile does not build using '-Werror=maybe-uninitialized'. +So, the problem is not seen there. Fix the problem by putting back the +default case snippet. + + [ bp: note that there's nothing wrong with the code and other compilers + do not trigger this warning - this is being done just so the RHEL compiler + is happy. ] + +Fixes: 064855a69003 ("x86/resctrl: Fix default monitoring groups reporting") +Reported-by: Terry Bowman +Reported-by: kernel test robot +Signed-off-by: Babu Moger +Signed-off-by: Borislav Petkov +Reviewed-by: Reinette Chatre +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/162949631908.23903.17090272726012848523.stgit@bmoger-ubuntu +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/cpu/intel_rdt_monitor.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/arch/x86/kernel/cpu/intel_rdt_monitor.c ++++ b/arch/x86/kernel/cpu/intel_rdt_monitor.c +@@ -252,6 +252,12 @@ static u64 __mon_event_count(u32 rmid, s + case QOS_L3_MBM_LOCAL_EVENT_ID: + m = &rr->d->mbm_local[rmid]; + break; ++ default: ++ /* ++ * Code would never reach here because an invalid ++ * event id would fail the __rmid_read. ++ */ ++ return RMID_VAL_ERROR; + } + + if (rr->first) {