From: Greg Kroah-Hartman Date: Sat, 1 Aug 2020 13:14:27 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v5.7.13~54 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f1ba12c85025632e8712d9fa026aa74fb5c9d786;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: arm-percpu.h-fix-build-error.patch random32-update-the-net-random-state-on-interrupt-and-activity.patch --- diff --git a/queue-4.4/arm-percpu.h-fix-build-error.patch b/queue-4.4/arm-percpu.h-fix-build-error.patch new file mode 100644 index 00000000000..588ad9ec5b4 --- /dev/null +++ b/queue-4.4/arm-percpu.h-fix-build-error.patch @@ -0,0 +1,46 @@ +From aa54ea903abb02303bf55855fb51e3fcee135d70 Mon Sep 17 00:00:00 2001 +From: Grygorii Strashko +Date: Thu, 30 Jul 2020 22:05:01 +0300 +Subject: ARM: percpu.h: fix build error +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Grygorii Strashko + +commit aa54ea903abb02303bf55855fb51e3fcee135d70 upstream. + +Fix build error for the case: + defined(CONFIG_SMP) && !defined(CONFIG_CPU_V6) + +config: keystone_defconfig + + CC arch/arm/kernel/signal.o + In file included from ../include/linux/random.h:14, + from ../arch/arm/kernel/signal.c:8: + ../arch/arm/include/asm/percpu.h: In function ‘__my_cpu_offset’: + ../arch/arm/include/asm/percpu.h:29:34: error: ‘current_stack_pointer’ undeclared (first use in this function); did you mean ‘user_stack_pointer’? + : "Q" (*(const unsigned long *)current_stack_pointer)); + ^~~~~~~~~~~~~~~~~~~~~ + user_stack_pointer + +Fixes: f227e3ec3b5c ("random32: update the net random state on interrupt and activity") +Signed-off-by: Grygorii Strashko +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/include/asm/percpu.h | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/arm/include/asm/percpu.h ++++ b/arch/arm/include/asm/percpu.h +@@ -16,6 +16,8 @@ + #ifndef _ASM_ARM_PERCPU_H_ + #define _ASM_ARM_PERCPU_H_ + ++#include ++ + /* + * Same as asm-generic/percpu.h, except that we store the per cpu offset + * in the TPIDRPRW. TPIDRPRW only exists on V6K and V7 diff --git a/queue-4.4/random32-update-the-net-random-state-on-interrupt-and-activity.patch b/queue-4.4/random32-update-the-net-random-state-on-interrupt-and-activity.patch new file mode 100644 index 00000000000..2566759585b --- /dev/null +++ b/queue-4.4/random32-update-the-net-random-state-on-interrupt-and-activity.patch @@ -0,0 +1,109 @@ +From f227e3ec3b5cad859ad15666874405e8c1bbc1d4 Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Fri, 10 Jul 2020 15:23:19 +0200 +Subject: random32: update the net random state on interrupt and activity + +From: Willy Tarreau + +commit f227e3ec3b5cad859ad15666874405e8c1bbc1d4 upstream. + +This modifies the first 32 bits out of the 128 bits of a random CPU's +net_rand_state on interrupt or CPU activity to complicate remote +observations that could lead to guessing the network RNG's internal +state. + +Note that depending on some network devices' interrupt rate moderation +or binding, this re-seeding might happen on every packet or even almost +never. + +In addition, with NOHZ some CPUs might not even get timer interrupts, +leaving their local state rarely updated, while they are running +networked processes making use of the random state. For this reason, we +also perform this update in update_process_times() in order to at least +update the state when there is user or system activity, since it's the +only case we care about. + +Reported-by: Amit Klein +Suggested-by: Linus Torvalds +Cc: Eric Dumazet +Cc: "Jason A. Donenfeld" +Cc: Andy Lutomirski +Cc: Kees Cook +Cc: Thomas Gleixner +Cc: Peter Zijlstra +Cc: +Signed-off-by: Willy Tarreau +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/random.c | 1 + + include/linux/random.h | 3 +++ + kernel/time/timer.c | 8 ++++++++ + lib/random32.c | 2 +- + 4 files changed, 13 insertions(+), 1 deletion(-) + +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -923,6 +923,7 @@ void add_interrupt_randomness(int irq, i + + fast_mix(fast_pool); + add_interrupt_bench(cycles); ++ this_cpu_add(net_rand_state.s1, fast_pool->pool[cycles & 3]); + + if ((fast_pool->count < 64) && + !time_after(now, fast_pool->last + HZ)) +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -8,6 +8,7 @@ + + #include + #include ++#include + + #include + +@@ -46,6 +47,8 @@ struct rnd_state { + __u32 s1, s2, s3, s4; + }; + ++DECLARE_PER_CPU(struct rnd_state, net_rand_state); ++ + u32 prandom_u32_state(struct rnd_state *state); + void prandom_bytes_state(struct rnd_state *state, void *buf, size_t nbytes); + void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state); +--- a/kernel/time/timer.c ++++ b/kernel/time/timer.c +@@ -42,6 +42,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -1431,6 +1432,13 @@ void update_process_times(int user_tick) + #endif + scheduler_tick(); + run_posix_cpu_timers(p); ++ ++ /* The current CPU might make use of net randoms without receiving IRQs ++ * to renew them often enough. Let's update the net_rand_state from a ++ * non-constant value that's not affine to the number of calls to make ++ * sure it's updated when there's some activity (we don't care in idle). ++ */ ++ this_cpu_add(net_rand_state.s1, rol32(jiffies, 24) + user_tick); + } + + /* +--- a/lib/random32.c ++++ b/lib/random32.c +@@ -47,7 +47,7 @@ static inline void prandom_state_selftes + } + #endif + +-static DEFINE_PER_CPU(struct rnd_state, net_rand_state); ++DEFINE_PER_CPU(struct rnd_state, net_rand_state); + + /** + * prandom_u32_state - seeded pseudo-random number generator. diff --git a/queue-4.4/series b/queue-4.4/series index 4bfa0dcb0bc..90f7799cfa4 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -6,3 +6,5 @@ ath9k-release-allocated-buffer-if-timed-out.patch nfs-move-call-to-security_inode_listsecurity-into-nf.patch scsi-libsas-direct-call-probe-and-destruct.patch pci-aspm-disable-aspm-on-asmedia-asm1083-1085-pcie-to-pci-bridge.patch +random32-update-the-net-random-state-on-interrupt-and-activity.patch +arm-percpu.h-fix-build-error.patch