From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 3 Jun 2022 16:12:55 +0000 (+0200)
Subject: 4.9-stable patches
X-Git-Tag: v4.9.317~28
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fab6acdcc20d250d33f75b679c9c46121c69650d;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	dm-crypt-make-printing-of-the-key-constant-time.patch
	dm-stats-add-cond_resched-when-looping-over-entries.patch
	dm-verity-set-dm_target_immutable-feature-flag.patch
---

diff --git a/queue-4.9/dm-crypt-make-printing-of-the-key-constant-time.patch b/queue-4.9/dm-crypt-make-printing-of-the-key-constant-time.patch
new file mode 100644
index 00000000000..5cf87f2a8cb
--- /dev/null
+++ b/queue-4.9/dm-crypt-make-printing-of-the-key-constant-time.patch
@@ -0,0 +1,59 @@
+From 567dd8f34560fa221a6343729474536aa7ede4fd Mon Sep 17 00:00:00 2001
+From: Mikulas Patocka <mpatocka@redhat.com>
+Date: Mon, 25 Apr 2022 08:53:29 -0400
+Subject: dm crypt: make printing of the key constant-time
+
+From: Mikulas Patocka <mpatocka@redhat.com>
+
+commit 567dd8f34560fa221a6343729474536aa7ede4fd upstream.
+
+The device mapper dm-crypt target is using scnprintf("%02x", cc->key[i]) to
+report the current key to userspace. However, this is not a constant-time
+operation and it may leak information about the key via timing, via cache
+access patterns or via the branch predictor.
+
+Change dm-crypt's key printing to use "%c" instead of "%02x". Also
+introduce hex2asc() that carefully avoids any branching or memory
+accesses when converting a number in the range 0 ... 15 to an ascii
+character.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Tested-by: Milan Broz <gmazyland@gmail.com>
+Signed-off-by: Mike Snitzer <snitzer@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/md/dm-crypt.c |   15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+--- a/drivers/md/dm-crypt.c
++++ b/drivers/md/dm-crypt.c
+@@ -1943,6 +1943,11 @@ static int crypt_map(struct dm_target *t
+ 	return DM_MAPIO_SUBMITTED;
+ }
+ 
++static char hex2asc(unsigned char c)
++{
++	return c + '0' + ((unsigned)(9 - c) >> 4 & 0x27);
++}
++
+ static void crypt_status(struct dm_target *ti, status_type_t type,
+ 			 unsigned status_flags, char *result, unsigned maxlen)
+ {
+@@ -1958,10 +1963,12 @@ static void crypt_status(struct dm_targe
+ 	case STATUSTYPE_TABLE:
+ 		DMEMIT("%s ", cc->cipher_string);
+ 
+-		if (cc->key_size > 0)
+-			for (i = 0; i < cc->key_size; i++)
+-				DMEMIT("%02x", cc->key[i]);
+-		else
++		if (cc->key_size > 0) {
++			for (i = 0; i < cc->key_size; i++) {
++				DMEMIT("%c%c", hex2asc(cc->key[i] >> 4),
++				       hex2asc(cc->key[i] & 0xf));
++			}
++		} else
+ 			DMEMIT("-");
+ 
+ 		DMEMIT(" %llu %s %llu", (unsigned long long)cc->iv_offset,
diff --git a/queue-4.9/dm-stats-add-cond_resched-when-looping-over-entries.patch b/queue-4.9/dm-stats-add-cond_resched-when-looping-over-entries.patch
new file mode 100644
index 00000000000..1184a154269
--- /dev/null
+++ b/queue-4.9/dm-stats-add-cond_resched-when-looping-over-entries.patch
@@ -0,0 +1,80 @@
+From bfe2b0146c4d0230b68f5c71a64380ff8d361f8b Mon Sep 17 00:00:00 2001
+From: Mikulas Patocka <mpatocka@redhat.com>
+Date: Sun, 24 Apr 2022 16:43:00 -0400
+Subject: dm stats: add cond_resched when looping over entries
+
+From: Mikulas Patocka <mpatocka@redhat.com>
+
+commit bfe2b0146c4d0230b68f5c71a64380ff8d361f8b upstream.
+
+dm-stats can be used with a very large number of entries (it is only
+limited by 1/4 of total system memory), so add rescheduling points to
+the loops that iterate over the entries.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Signed-off-by: Mike Snitzer <snitzer@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/md/dm-stats.c |    8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/drivers/md/dm-stats.c
++++ b/drivers/md/dm-stats.c
+@@ -228,6 +228,7 @@ void dm_stats_cleanup(struct dm_stats *s
+ 				       atomic_read(&shared->in_flight[READ]),
+ 				       atomic_read(&shared->in_flight[WRITE]));
+ 			}
++			cond_resched();
+ 		}
+ 		dm_stat_free(&s->rcu_head);
+ 	}
+@@ -316,6 +317,7 @@ static int dm_stats_create(struct dm_sta
+ 	for (ni = 0; ni < n_entries; ni++) {
+ 		atomic_set(&s->stat_shared[ni].in_flight[READ], 0);
+ 		atomic_set(&s->stat_shared[ni].in_flight[WRITE], 0);
++		cond_resched();
+ 	}
+ 
+ 	if (s->n_histogram_entries) {
+@@ -328,6 +330,7 @@ static int dm_stats_create(struct dm_sta
+ 		for (ni = 0; ni < n_entries; ni++) {
+ 			s->stat_shared[ni].tmp.histogram = hi;
+ 			hi += s->n_histogram_entries + 1;
++			cond_resched();
+ 		}
+ 	}
+ 
+@@ -348,6 +351,7 @@ static int dm_stats_create(struct dm_sta
+ 			for (ni = 0; ni < n_entries; ni++) {
+ 				p[ni].histogram = hi;
+ 				hi += s->n_histogram_entries + 1;
++				cond_resched();
+ 			}
+ 		}
+ 	}
+@@ -477,6 +481,7 @@ static int dm_stats_list(struct dm_stats
+ 			}
+ 			DMEMIT("\n");
+ 		}
++		cond_resched();
+ 	}
+ 	mutex_unlock(&stats->mutex);
+ 
+@@ -753,6 +758,7 @@ static void __dm_stat_clear(struct dm_st
+ 				local_irq_enable();
+ 			}
+ 		}
++		cond_resched();
+ 	}
+ }
+ 
+@@ -868,6 +874,8 @@ static int dm_stats_print(struct dm_stat
+ 
+ 		if (unlikely(sz + 1 >= maxlen))
+ 			goto buffer_overflow;
++
++		cond_resched();
+ 	}
+ 
+ 	if (clear)
diff --git a/queue-4.9/dm-verity-set-dm_target_immutable-feature-flag.patch b/queue-4.9/dm-verity-set-dm_target_immutable-feature-flag.patch
new file mode 100644
index 00000000000..fbd22ff1305
--- /dev/null
+++ b/queue-4.9/dm-verity-set-dm_target_immutable-feature-flag.patch
@@ -0,0 +1,35 @@
+From 4caae58406f8ceb741603eee460d79bacca9b1b5 Mon Sep 17 00:00:00 2001
+From: Sarthak Kukreti <sarthakkukreti@google.com>
+Date: Tue, 31 May 2022 15:56:40 -0400
+Subject: dm verity: set DM_TARGET_IMMUTABLE feature flag
+
+From: Sarthak Kukreti <sarthakkukreti@google.com>
+
+commit 4caae58406f8ceb741603eee460d79bacca9b1b5 upstream.
+
+The device-mapper framework provides a mechanism to mark targets as
+immutable (and hence fail table reloads that try to change the target
+type). Add the DM_TARGET_IMMUTABLE flag to the dm-verity target's
+feature flags to prevent switching the verity target with a different
+target type.
+
+Fixes: a4ffc152198e ("dm: add verity target")
+Cc: stable@vger.kernel.org
+Signed-off-by: Sarthak Kukreti <sarthakkukreti@google.com>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Mike Snitzer <snitzer@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/md/dm-verity-target.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/md/dm-verity-target.c
++++ b/drivers/md/dm-verity-target.c
+@@ -1056,6 +1056,7 @@ bad:
+ 
+ static struct target_type verity_target = {
+ 	.name		= "verity",
++	.features	= DM_TARGET_IMMUTABLE,
+ 	.version	= {1, 3, 0},
+ 	.module		= THIS_MODULE,
+ 	.ctr		= verity_ctr,
diff --git a/queue-4.9/series b/queue-4.9/series
index 0af45327b34..9f5f1d39de5 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -4,3 +4,6 @@ assoc_array-fix-bug_on-during-garbage-collect.patch
 drm-i915-fix-wstringop-overflow-warning-in-call-to-intel_read_wm_latency.patch
 block-map-add-__gfp_zero-flag-for-alloc_page-in-function-bio_copy_kern.patch
 exec-force-single-empty-string-when-argv-is-empty.patch
+dm-crypt-make-printing-of-the-key-constant-time.patch
+dm-stats-add-cond_resched-when-looping-over-entries.patch
+dm-verity-set-dm_target_immutable-feature-flag.patch