From: Greg Kroah-Hartman Date: Sat, 19 Mar 2022 13:03:11 +0000 (+0100) Subject: 5.4-stable patches X-Git-Tag: v4.9.308~34 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f96334a820116b4468848ea3e418f233f684a32e;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: crypto-qcom-rng-ensure-buffer-for-generate-is-completely-filled.patch ocfs2-fix-crash-when-initialize-filecheck-kobj-fails.patch --- diff --git a/queue-5.4/crypto-qcom-rng-ensure-buffer-for-generate-is-completely-filled.patch b/queue-5.4/crypto-qcom-rng-ensure-buffer-for-generate-is-completely-filled.patch new file mode 100644 index 00000000000..84ab4540b11 --- /dev/null +++ b/queue-5.4/crypto-qcom-rng-ensure-buffer-for-generate-is-completely-filled.patch @@ -0,0 +1,157 @@ +From a680b1832ced3b5fa7c93484248fd221ea0d614b Mon Sep 17 00:00:00 2001 +From: Brian Masney +Date: Thu, 10 Mar 2022 18:24:59 -0500 +Subject: crypto: qcom-rng - ensure buffer for generate is completely filled +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Brian Masney + +commit a680b1832ced3b5fa7c93484248fd221ea0d614b upstream. + +The generate function in struct rng_alg expects that the destination +buffer is completely filled if the function returns 0. qcom_rng_read() +can run into a situation where the buffer is partially filled with +randomness and the remaining part of the buffer is zeroed since +qcom_rng_generate() doesn't check the return value. This issue can +be reproduced by running the following from libkcapi: + + kcapi-rng -b 9000000 > OUTFILE + +The generated OUTFILE will have three huge sections that contain all +zeros, and this is caused by the code where the test +'val & PRNG_STATUS_DATA_AVAIL' fails. + +Let's fix this issue by ensuring that qcom_rng_read() always returns +with a full buffer if the function returns success. Let's also have +qcom_rng_generate() return the correct value. + +Here's some statistics from the ent project +(https://www.fourmilab.ch/random/) that shows information about the +quality of the generated numbers: + + $ ent -c qcom-random-before + Value Char Occurrences Fraction + 0 606748 0.067416 + 1 33104 0.003678 + 2 33001 0.003667 + ... + 253 � 32883 0.003654 + 254 � 33035 0.003671 + 255 � 33239 0.003693 + + Total: 9000000 1.000000 + + Entropy = 7.811590 bits per byte. + + Optimum compression would reduce the size + of this 9000000 byte file by 2 percent. + + Chi square distribution for 9000000 samples is 9329962.81, and + randomly would exceed this value less than 0.01 percent of the + times. + + Arithmetic mean value of data bytes is 119.3731 (127.5 = random). + Monte Carlo value for Pi is 3.197293333 (error 1.77 percent). + Serial correlation coefficient is 0.159130 (totally uncorrelated = + 0.0). + +Without this patch, the results of the chi-square test is 0.01%, and +the numbers are certainly not random according to ent's project page. +The results improve with this patch: + + $ ent -c qcom-random-after + Value Char Occurrences Fraction + 0 35432 0.003937 + 1 35127 0.003903 + 2 35424 0.003936 + ... + 253 � 35201 0.003911 + 254 � 34835 0.003871 + 255 � 35368 0.003930 + + Total: 9000000 1.000000 + + Entropy = 7.999979 bits per byte. + + Optimum compression would reduce the size + of this 9000000 byte file by 0 percent. + + Chi square distribution for 9000000 samples is 258.77, and randomly + would exceed this value 42.24 percent of the times. + + Arithmetic mean value of data bytes is 127.5006 (127.5 = random). + Monte Carlo value for Pi is 3.141277333 (error 0.01 percent). + Serial correlation coefficient is 0.000468 (totally uncorrelated = + 0.0). + +This change was tested on a Nexus 5 phone (msm8974 SoC). + +Signed-off-by: Brian Masney +Fixes: ceec5f5b5988 ("crypto: qcom-rng - Add Qcom prng driver") +Cc: stable@vger.kernel.org # 4.19+ +Reviewed-by: Bjorn Andersson +Reviewed-by: Andrew Halaney +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman +--- + drivers/crypto/qcom-rng.c | 17 ++++++++++------- + 1 file changed, 10 insertions(+), 7 deletions(-) + +--- a/drivers/crypto/qcom-rng.c ++++ b/drivers/crypto/qcom-rng.c +@@ -7,6 +7,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -42,16 +43,19 @@ static int qcom_rng_read(struct qcom_rng + { + unsigned int currsize = 0; + u32 val; ++ int ret; + + /* read random data from hardware */ + do { +- val = readl_relaxed(rng->base + PRNG_STATUS); +- if (!(val & PRNG_STATUS_DATA_AVAIL)) +- break; ++ ret = readl_poll_timeout(rng->base + PRNG_STATUS, val, ++ val & PRNG_STATUS_DATA_AVAIL, ++ 200, 10000); ++ if (ret) ++ return ret; + + val = readl_relaxed(rng->base + PRNG_DATA_OUT); + if (!val) +- break; ++ return -EINVAL; + + if ((max - currsize) >= WORD_SZ) { + memcpy(data, &val, WORD_SZ); +@@ -60,11 +64,10 @@ static int qcom_rng_read(struct qcom_rng + } else { + /* copy only remaining bytes */ + memcpy(data, &val, max - currsize); +- break; + } + } while (currsize < max); + +- return currsize; ++ return 0; + } + + static int qcom_rng_generate(struct crypto_rng *tfm, +@@ -86,7 +89,7 @@ static int qcom_rng_generate(struct cryp + mutex_unlock(&rng->lock); + clk_disable_unprepare(rng->clk); + +- return 0; ++ return ret; + } + + static int qcom_rng_seed(struct crypto_rng *tfm, const u8 *seed, diff --git a/queue-5.4/ocfs2-fix-crash-when-initialize-filecheck-kobj-fails.patch b/queue-5.4/ocfs2-fix-crash-when-initialize-filecheck-kobj-fails.patch new file mode 100644 index 00000000000..c8b830c51d6 --- /dev/null +++ b/queue-5.4/ocfs2-fix-crash-when-initialize-filecheck-kobj-fails.patch @@ -0,0 +1,70 @@ +From 7b0b1332cfdb94489836b67d088a779699f8e47e Mon Sep 17 00:00:00 2001 +From: Joseph Qi +Date: Wed, 16 Mar 2022 16:15:09 -0700 +Subject: ocfs2: fix crash when initialize filecheck kobj fails + +From: Joseph Qi + +commit 7b0b1332cfdb94489836b67d088a779699f8e47e upstream. + +Once s_root is set, genric_shutdown_super() will be called if +fill_super() fails. That means, we will call ocfs2_dismount_volume() +twice in such case, which can lead to kernel crash. + +Fix this issue by initializing filecheck kobj before setting s_root. + +Link: https://lkml.kernel.org/r/20220310081930.86305-1-joseph.qi@linux.alibaba.com +Fixes: 5f483c4abb50 ("ocfs2: add kobject for online file check") +Signed-off-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Changwei Ge +Cc: Gang He +Cc: Jun Piao +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + fs/ocfs2/super.c | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +--- a/fs/ocfs2/super.c ++++ b/fs/ocfs2/super.c +@@ -1100,17 +1100,6 @@ static int ocfs2_fill_super(struct super + goto read_super_error; + } + +- root = d_make_root(inode); +- if (!root) { +- status = -ENOMEM; +- mlog_errno(status); +- goto read_super_error; +- } +- +- sb->s_root = root; +- +- ocfs2_complete_mount_recovery(osb); +- + osb->osb_dev_kset = kset_create_and_add(sb->s_id, NULL, + &ocfs2_kset->kobj); + if (!osb->osb_dev_kset) { +@@ -1128,6 +1117,17 @@ static int ocfs2_fill_super(struct super + goto read_super_error; + } + ++ root = d_make_root(inode); ++ if (!root) { ++ status = -ENOMEM; ++ mlog_errno(status); ++ goto read_super_error; ++ } ++ ++ sb->s_root = root; ++ ++ ocfs2_complete_mount_recovery(osb); ++ + if (ocfs2_mount_local(osb)) + snprintf(nodestr, sizeof(nodestr), "local"); + else diff --git a/queue-5.4/series b/queue-5.4/series new file mode 100644 index 00000000000..68c527ca09c --- /dev/null +++ b/queue-5.4/series @@ -0,0 +1,2 @@ +crypto-qcom-rng-ensure-buffer-for-generate-is-completely-filled.patch +ocfs2-fix-crash-when-initialize-filecheck-kobj-fails.patch