From 5d9d57f9dd801e21a9bfef5ad0f448a2fc6574b9 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 3 Aug 2022 14:07:25 +0200 Subject: [PATCH] 4.9-stable patches added patches: include-uapi-linux-swab.h-fix-userspace-breakage-use-__bits_per_long-for-swap.patch init-main-fix-double-the-in-comment.patch init-main-properly-align-the-multi-line-comment.patch init-main.c-extract-early-boot-entropy-from-the-passed-cmdline.patch init-move-stack-canary-initialization-after-setup_arch.patch --- ...reakage-use-__bits_per_long-for-swap.patch | 71 +++++++++++++++++ .../init-main-fix-double-the-in-comment.patch | 30 ++++++++ ...roperly-align-the-multi-line-comment.patch | 37 +++++++++ ...boot-entropy-from-the-passed-cmdline.patch | 76 +++++++++++++++++++ ...nary-initialization-after-setup_arch.patch | 62 +++++++++++++++ queue-4.9/series | 5 ++ 6 files changed, 281 insertions(+) create mode 100644 queue-4.9/include-uapi-linux-swab.h-fix-userspace-breakage-use-__bits_per_long-for-swap.patch create mode 100644 queue-4.9/init-main-fix-double-the-in-comment.patch create mode 100644 queue-4.9/init-main-properly-align-the-multi-line-comment.patch create mode 100644 queue-4.9/init-main.c-extract-early-boot-entropy-from-the-passed-cmdline.patch create mode 100644 queue-4.9/init-move-stack-canary-initialization-after-setup_arch.patch diff --git a/queue-4.9/include-uapi-linux-swab.h-fix-userspace-breakage-use-__bits_per_long-for-swap.patch b/queue-4.9/include-uapi-linux-swab.h-fix-userspace-breakage-use-__bits_per_long-for-swap.patch new file mode 100644 index 00000000000..256fdaeb54e --- /dev/null +++ b/queue-4.9/include-uapi-linux-swab.h-fix-userspace-breakage-use-__bits_per_long-for-swap.patch @@ -0,0 +1,71 @@ +From 467d12f5c7842896d2de3ced74e4147ee29e97c8 Mon Sep 17 00:00:00 2001 +From: Christian Borntraeger +Date: Thu, 20 Feb 2020 20:04:03 -0800 +Subject: include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap + +From: Christian Borntraeger + +commit 467d12f5c7842896d2de3ced74e4147ee29e97c8 upstream. + +QEMU has a funny new build error message when I use the upstream kernel +headers: + + CC block/file-posix.o + In file included from /home/cborntra/REPOS/qemu/include/qemu/timer.h:4, + from /home/cborntra/REPOS/qemu/include/qemu/timed-average.h:29, + from /home/cborntra/REPOS/qemu/include/block/accounting.h:28, + from /home/cborntra/REPOS/qemu/include/block/block_int.h:27, + from /home/cborntra/REPOS/qemu/block/file-posix.c:30: + /usr/include/linux/swab.h: In function `__swab': + /home/cborntra/REPOS/qemu/include/qemu/bitops.h:20:34: error: "sizeof" is not defined, evaluates to 0 [-Werror=undef] + 20 | #define BITS_PER_LONG (sizeof (unsigned long) * BITS_PER_BYTE) + | ^~~~~~ + /home/cborntra/REPOS/qemu/include/qemu/bitops.h:20:41: error: missing binary operator before token "(" + 20 | #define BITS_PER_LONG (sizeof (unsigned long) * BITS_PER_BYTE) + | ^ + cc1: all warnings being treated as errors + make: *** [/home/cborntra/REPOS/qemu/rules.mak:69: block/file-posix.o] Error 1 + rm tests/qemu-iotests/socket_scm_helper.o + +This was triggered by commit d5767057c9a ("uapi: rename ext2_swab() to +swab() and share globally in swab.h"). That patch is doing + + #include + +but it uses BITS_PER_LONG. + +The kernel file asm/bitsperlong.h provide only __BITS_PER_LONG. + +Let us use the __ variant in swap.h + +Link: http://lkml.kernel.org/r/20200213142147.17604-1-borntraeger@de.ibm.com +Fixes: d5767057c9a ("uapi: rename ext2_swab() to swab() and share globally in swab.h") +Signed-off-by: Christian Borntraeger +Cc: Yury Norov +Cc: Allison Randal +Cc: Joe Perches +Cc: Thomas Gleixner +Cc: William Breathitt Gray +Cc: Torsten Hilbrich +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Hans-Christian Noren Egtvedt +Signed-off-by: Greg Kroah-Hartman +--- + include/uapi/linux/swab.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/include/uapi/linux/swab.h ++++ b/include/uapi/linux/swab.h +@@ -134,9 +134,9 @@ static inline __attribute_const__ __u32 + + static __always_inline unsigned long __swab(const unsigned long y) + { +-#if BITS_PER_LONG == 64 ++#if __BITS_PER_LONG == 64 + return __swab64(y); +-#else /* BITS_PER_LONG == 32 */ ++#else /* __BITS_PER_LONG == 32 */ + return __swab32(y); + #endif + } diff --git a/queue-4.9/init-main-fix-double-the-in-comment.patch b/queue-4.9/init-main-fix-double-the-in-comment.patch new file mode 100644 index 00000000000..4c794998b3d --- /dev/null +++ b/queue-4.9/init-main-fix-double-the-in-comment.patch @@ -0,0 +1,30 @@ +From 6623f1c6150c09ce946c8e27a4c814d64919495b Mon Sep 17 00:00:00 2001 +From: Viresh Kumar +Date: Thu, 23 Mar 2017 17:00:04 +0530 +Subject: init/main: Fix double "the" in comment + +From: Viresh Kumar + +commit 6623f1c6150c09ce946c8e27a4c814d64919495b upstream. + +s/the\ the/the + +Signed-off-by: Viresh Kumar +Signed-off-by: Jiri Kosina +Signed-off-by: Hans-Christian Noren Egtvedt +Signed-off-by: Greg Kroah-Hartman +--- + init/main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/init/main.c ++++ b/init/main.c +@@ -488,7 +488,7 @@ asmlinkage __visible void __init start_k + debug_objects_early_init(); + + /* +- * Set up the the initial canary ASAP: ++ * Set up the initial canary ASAP: + */ + add_latent_entropy(); + boot_init_stack_canary(); diff --git a/queue-4.9/init-main-properly-align-the-multi-line-comment.patch b/queue-4.9/init-main-properly-align-the-multi-line-comment.patch new file mode 100644 index 00000000000..a72b71ec04d --- /dev/null +++ b/queue-4.9/init-main-properly-align-the-multi-line-comment.patch @@ -0,0 +1,37 @@ +From 1b3b3b49b9961401331a1b496db5bec5c7b41ae6 Mon Sep 17 00:00:00 2001 +From: Viresh Kumar +Date: Thu, 23 Mar 2017 17:00:05 +0530 +Subject: init/main: properly align the multi-line comment + +From: Viresh Kumar + +commit 1b3b3b49b9961401331a1b496db5bec5c7b41ae6 upstream. + +Add a tab before it to follow standard practices. Also add the missing +full stop '.'. + +Signed-off-by: Viresh Kumar +Signed-off-by: Jiri Kosina +Signed-off-by: Hans-Christian Noren Egtvedt +Signed-off-by: Greg Kroah-Hartman +--- + init/main.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/init/main.c ++++ b/init/main.c +@@ -498,10 +498,10 @@ asmlinkage __visible void __init start_k + local_irq_disable(); + early_boot_irqs_disabled = true; + +-/* +- * Interrupts are still disabled. Do necessary setups, then +- * enable them +- */ ++ /* ++ * Interrupts are still disabled. Do necessary setups, then ++ * enable them. ++ */ + boot_cpu_init(); + page_address_init(); + pr_notice("%s", linux_banner); diff --git a/queue-4.9/init-main.c-extract-early-boot-entropy-from-the-passed-cmdline.patch b/queue-4.9/init-main.c-extract-early-boot-entropy-from-the-passed-cmdline.patch new file mode 100644 index 00000000000..bd999a6720b --- /dev/null +++ b/queue-4.9/init-main.c-extract-early-boot-entropy-from-the-passed-cmdline.patch @@ -0,0 +1,76 @@ +From 33d72f3822d7ff8a9e45bd7413c811085cb87aa5 Mon Sep 17 00:00:00 2001 +From: Daniel Micay +Date: Fri, 8 Sep 2017 16:16:20 -0700 +Subject: init/main.c: extract early boot entropy from the passed cmdline + +From: Daniel Micay + +commit 33d72f3822d7ff8a9e45bd7413c811085cb87aa5 upstream. + +Feed the boot command-line as to the /dev/random entropy pool + +Existing Android bootloaders usually pass data which may not be known by +an external attacker on the kernel command-line. It may also be the +case on other embedded systems. Sample command-line from a Google Pixel +running CopperheadOS.... + + console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 + androidboot.hardware=sailfish user_debug=31 ehci-hcd.park=3 + lpm_levels.sleep_disabled=1 cma=32M@0-0xffffffff buildvariant=user + veritykeyid=id:dfcb9db0089e5b3b4090a592415c28e1cb4545ab + androidboot.bootdevice=624000.ufshc androidboot.verifiedbootstate=yellow + androidboot.veritymode=enforcing androidboot.keymaster=1 + androidboot.serialno=FA6CE0305299 androidboot.baseband=msm + mdss_mdp.panel=1:dsi:0:qcom,mdss_dsi_samsung_ea8064tg_1080p_cmd:1:none:cfg:single_dsi + androidboot.slot_suffix=_b fpsimd.fpsimd_settings=0 + app_setting.use_app_setting=0 kernelflag=0x00000000 debugflag=0x00000000 + androidboot.hardware.revision=PVT radioflag=0x00000000 + radioflagex1=0x00000000 radioflagex2=0x00000000 cpumask=0x00000000 + androidboot.hardware.ddr=4096MB,Hynix,LPDDR4 androidboot.ddrinfo=00000006 + androidboot.ddrsize=4GB androidboot.hardware.color=GRA00 + androidboot.hardware.ufs=32GB,Samsung androidboot.msm.hw_ver_id=268824801 + androidboot.qf.st=2 androidboot.cid=11111111 androidboot.mid=G-2PW4100 + androidboot.bootloader=8996-012001-1704121145 + androidboot.oem_unlock_support=1 androidboot.fp_src=1 + androidboot.htc.hrdump=detected androidboot.ramdump.opt=mem@2g:2g,mem@4g:2g + androidboot.bootreason=reboot androidboot.ramdump_enable=0 ro + root=/dev/dm-0 dm="system none ro,0 1 android-verity /dev/sda34" + rootwait skip_initramfs init=/init androidboot.wificountrycode=US + androidboot.boottime=1BLL:85,1BLE:669,2BLL:0,2BLE:1777,SW:6,KL:8136 + +Among other things, it contains a value unique to the device +(androidboot.serialno=FA6CE0305299), unique to the OS builds for the +device variant (veritykeyid=id:dfcb9db0089e5b3b4090a592415c28e1cb4545ab) +and timings from the bootloader stages in milliseconds +(androidboot.boottime=1BLL:85,1BLE:669,2BLL:0,2BLE:1777,SW:6,KL:8136). + +[tytso@mit.edu: changelog tweak] +[labbott@redhat.com: line-wrapped command line] +Link: http://lkml.kernel.org/r/20170816231458.2299-3-labbott@redhat.com +Signed-off-by: Daniel Micay +Signed-off-by: Laura Abbott +Acked-by: Kees Cook +Cc: "Theodore Ts'o" +Cc: Laura Abbott +Cc: Nick Kralevich +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Hans-Christian Noren Egtvedt +Signed-off-by: Greg Kroah-Hartman +--- + init/main.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/init/main.c ++++ b/init/main.c +@@ -502,8 +502,10 @@ asmlinkage __visible void __init start_k + setup_arch(&command_line); + /* + * Set up the the initial canary and entropy after arch ++ * and after adding latent and command line entropy. + */ + add_latent_entropy(); ++ add_device_randomness(command_line, strlen(command_line)); + boot_init_stack_canary(); + mm_init_cpumask(&init_mm); + setup_command_line(command_line); diff --git a/queue-4.9/init-move-stack-canary-initialization-after-setup_arch.patch b/queue-4.9/init-move-stack-canary-initialization-after-setup_arch.patch new file mode 100644 index 00000000000..545ddd2fd44 --- /dev/null +++ b/queue-4.9/init-move-stack-canary-initialization-after-setup_arch.patch @@ -0,0 +1,62 @@ +From 121388a31362b0d3176dc1190ac8064b98a61b20 Mon Sep 17 00:00:00 2001 +From: Laura Abbott +Date: Fri, 8 Sep 2017 16:16:17 -0700 +Subject: init: move stack canary initialization after setup_arch + +From: Laura Abbott + +commit 121388a31362b0d3176dc1190ac8064b98a61b20 upstream. + +Patch series "Command line randomness", v3. + +A series to add the kernel command line as a source of randomness. + +This patch (of 2): + +Stack canary intialization involves getting a random number. Getting this +random number may involve accessing caches or other architectural specific +features which are not available until after the architecture is setup. +Move the stack canary initialization later to accommodate this. + +Link: http://lkml.kernel.org/r/20170816231458.2299-2-labbott@redhat.com +Signed-off-by: Laura Abbott +Signed-off-by: Laura Abbott +Acked-by: Kees Cook +Cc: "Theodore Ts'o" +Cc: Daniel Micay +Cc: Nick Kralevich +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Hans-Christian Noren Egtvedt +Signed-off-by: Greg Kroah-Hartman +--- + init/main.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +--- a/init/main.c ++++ b/init/main.c +@@ -487,12 +487,6 @@ asmlinkage __visible void __init start_k + smp_setup_processor_id(); + debug_objects_early_init(); + +- /* +- * Set up the initial canary ASAP: +- */ +- add_latent_entropy(); +- boot_init_stack_canary(); +- + cgroup_init_early(); + + local_irq_disable(); +@@ -506,6 +500,11 @@ asmlinkage __visible void __init start_k + page_address_init(); + pr_notice("%s", linux_banner); + setup_arch(&command_line); ++ /* ++ * Set up the the initial canary and entropy after arch ++ */ ++ add_latent_entropy(); ++ boot_init_stack_canary(); + mm_init_cpumask(&init_mm); + setup_command_line(command_line); + setup_nr_cpu_ids(); diff --git a/queue-4.9/series b/queue-4.9/series index ed7fbc11cbe..f7ccdf6e72c 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -13,3 +13,8 @@ selinux-clean-up-initialization-of-isec-sclass.patch selinux-convert-isec-lock-into-a-spinlock.patch selinux-fix-error-initialization-in-inode_doinit_with_dentry.patch selinux-fix-inode_doinit_with_dentry-label_invalid-error-handling.patch +include-uapi-linux-swab.h-fix-userspace-breakage-use-__bits_per_long-for-swap.patch +init-main-fix-double-the-in-comment.patch +init-main-properly-align-the-multi-line-comment.patch +init-move-stack-canary-initialization-after-setup_arch.patch +init-main.c-extract-early-boot-entropy-from-the-passed-cmdline.patch -- 2.47.3