From: Greg Kroah-Hartman Date: Mon, 15 Aug 2022 11:00:34 +0000 (+0200) Subject: 5.10-stable patches X-Git-Tag: v5.15.61~89 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1cc55596ee686ef0862f736b3e86aa0450ae004b;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: keys-asymmetric-enforce-sm2-signature-use-pkey-algo.patch xen-blkback-apply-feature_persistent-parameter-when-connect.patch xen-blkback-fix-persistent-grants-negotiation.patch xen-blkfront-apply-feature_persistent-parameter-when-connect.patch --- diff --git a/queue-5.10/keys-asymmetric-enforce-sm2-signature-use-pkey-algo.patch b/queue-5.10/keys-asymmetric-enforce-sm2-signature-use-pkey-algo.patch new file mode 100644 index 00000000000..02c0f29a568 --- /dev/null +++ b/queue-5.10/keys-asymmetric-enforce-sm2-signature-use-pkey-algo.patch @@ -0,0 +1,55 @@ +From 0815291a8fd66cdcf7db1445d4d99b0d16065829 Mon Sep 17 00:00:00 2001 +From: Tianjia Zhang +Date: Tue, 28 Jun 2022 11:37:20 +0800 +Subject: KEYS: asymmetric: enforce SM2 signature use pkey algo + +From: Tianjia Zhang + +commit 0815291a8fd66cdcf7db1445d4d99b0d16065829 upstream. + +The signature verification of SM2 needs to add the Za value and +recalculate sig->digest, which requires the detection of the pkey_algo +in public_key_verify_signature(). As Eric Biggers said, the pkey_algo +field in sig is attacker-controlled and should be use pkey->pkey_algo +instead of sig->pkey_algo, and secondly, if sig->pkey_algo is NULL, it +will also cause signature verification failure. + +The software_key_determine_akcipher() already forces the algorithms +are matched, so the SM3 algorithm is enforced in the SM2 signature, +although this has been checked, we still avoid using any algorithm +information in the signature as input. + +Fixes: 215525639631 ("X.509: support OSCCA SM2-with-SM3 certificate verification") +Reported-by: Eric Biggers +Cc: stable@vger.kernel.org # v5.10+ +Signed-off-by: Tianjia Zhang +Reviewed-by: Jarkko Sakkinen +Signed-off-by: Jarkko Sakkinen +Signed-off-by: Greg Kroah-Hartman +--- + crypto/asymmetric_keys/public_key.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/crypto/asymmetric_keys/public_key.c ++++ b/crypto/asymmetric_keys/public_key.c +@@ -260,6 +260,10 @@ static int cert_sig_digest_update(const + + BUG_ON(!sig->data); + ++ /* SM2 signatures always use the SM3 hash algorithm */ ++ if (!sig->hash_algo || strcmp(sig->hash_algo, "sm3") != 0) ++ return -EINVAL; ++ + ret = sm2_compute_z_digest(tfm_pkey, SM2_DEFAULT_USERID, + SM2_DEFAULT_USERID_LEN, dgst); + if (ret) +@@ -356,8 +360,7 @@ int public_key_verify_signature(const st + if (ret) + goto error_free_key; + +- if (sig->pkey_algo && strcmp(sig->pkey_algo, "sm2") == 0 && +- sig->data_size) { ++ if (strcmp(pkey->pkey_algo, "sm2") == 0 && sig->data_size) { + ret = cert_sig_digest_update(sig, tfm); + if (ret) + goto error_free_key; diff --git a/queue-5.10/series b/queue-5.10/series index cdc24faba80..139d8ad7489 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -514,3 +514,7 @@ kvm-x86-pmu-use-different-raw-event-masks-for-amd-an.patch kvm-x86-pmu-introduce-the-ctrl_mask-value-for-fixed-.patch kvm-vmx-mark-all-perf_global_-ovf-_ctrl-bits-reserve.patch kvm-x86-pmu-ignore-pmu-global_ctrl-check-if-vpmu-doe.patch +xen-blkback-fix-persistent-grants-negotiation.patch +xen-blkback-apply-feature_persistent-parameter-when-connect.patch +xen-blkfront-apply-feature_persistent-parameter-when-connect.patch +keys-asymmetric-enforce-sm2-signature-use-pkey-algo.patch diff --git a/queue-5.10/xen-blkback-apply-feature_persistent-parameter-when-connect.patch b/queue-5.10/xen-blkback-apply-feature_persistent-parameter-when-connect.patch new file mode 100644 index 00000000000..1021d24ff79 --- /dev/null +++ b/queue-5.10/xen-blkback-apply-feature_persistent-parameter-when-connect.patch @@ -0,0 +1,77 @@ +From e94c6101e151b019b8babc518ac2a6ada644a5a1 Mon Sep 17 00:00:00 2001 +From: Maximilian Heyne +Date: Fri, 15 Jul 2022 22:51:07 +0000 +Subject: xen-blkback: Apply 'feature_persistent' parameter when connect + +From: Maximilian Heyne + +commit e94c6101e151b019b8babc518ac2a6ada644a5a1 upstream. + +In some use cases[1], the backend is created while the frontend doesn't +support the persistent grants feature, but later the frontend can be +changed to support the feature and reconnect. In the past, 'blkback' +enabled the persistent grants feature since it unconditionally checked +if frontend supports the persistent grants feature for every connect +('connect_ring()') and decided whether it should use persistent grans or +not. + +However, commit aac8a70db24b ("xen-blkback: add a parameter for +disabling of persistent grants") has mistakenly changed the behavior. +It made the frontend feature support check to not be repeated once it +shown the 'feature_persistent' as 'false', or the frontend doesn't +support persistent grants. + +This commit changes the behavior of the parameter to make effect for +every connect, so that the previous workflow can work again as expected. + +[1] https://lore.kernel.org/xen-devel/CAJwUmVB6H3iTs-C+U=v-pwJB7-_ZRHPxHzKRJZ22xEPW7z8a=g@mail.gmail.com/ + +Reported-by: Andrii Chepurnyi +Fixes: aac8a70db24b ("xen-blkback: add a parameter for disabling of persistent grants") +Cc: # 5.10.x +Signed-off-by: Maximilian Heyne +Signed-off-by: SeongJae Park +Reviewed-by: Maximilian Heyne +Reviewed-by: Juergen Gross +Link: https://lore.kernel.org/r/20220715225108.193398-3-sj@kernel.org +Signed-off-by: Juergen Gross +Signed-off-by: Greg Kroah-Hartman +--- + Documentation/ABI/testing/sysfs-driver-xen-blkback | 2 +- + drivers/block/xen-blkback/xenbus.c | 9 +++------ + 2 files changed, 4 insertions(+), 7 deletions(-) + +--- a/Documentation/ABI/testing/sysfs-driver-xen-blkback ++++ b/Documentation/ABI/testing/sysfs-driver-xen-blkback +@@ -42,5 +42,5 @@ KernelVersion: 5.10 + Contact: SeongJae Park + Description: + Whether to enable the persistent grants feature or not. Note +- that this option only takes effect on newly created backends. ++ that this option only takes effect on newly connected backends. + The default is Y (enable). +--- a/drivers/block/xen-blkback/xenbus.c ++++ b/drivers/block/xen-blkback/xenbus.c +@@ -186,8 +186,6 @@ static struct xen_blkif *xen_blkif_alloc + __module_get(THIS_MODULE); + INIT_WORK(&blkif->free_work, xen_blkif_deferred_free); + +- blkif->vbd.feature_gnt_persistent = feature_persistent; +- + return blkif; + } + +@@ -1090,10 +1088,9 @@ static int connect_ring(struct backend_i + xenbus_dev_fatal(dev, err, "unknown fe protocol %s", protocol); + return -ENOSYS; + } +- if (blkif->vbd.feature_gnt_persistent) +- blkif->vbd.feature_gnt_persistent = +- xenbus_read_unsigned(dev->otherend, +- "feature-persistent", 0); ++ ++ blkif->vbd.feature_gnt_persistent = feature_persistent && ++ xenbus_read_unsigned(dev->otherend, "feature-persistent", 0); + + blkif->vbd.overflow_max_grants = 0; + diff --git a/queue-5.10/xen-blkback-fix-persistent-grants-negotiation.patch b/queue-5.10/xen-blkback-fix-persistent-grants-negotiation.patch new file mode 100644 index 00000000000..db185aa0452 --- /dev/null +++ b/queue-5.10/xen-blkback-fix-persistent-grants-negotiation.patch @@ -0,0 +1,90 @@ +From fc9be616bb8f3ed9cf560308f86904f5c06be205 Mon Sep 17 00:00:00 2001 +From: SeongJae Park +Date: Fri, 15 Jul 2022 22:51:06 +0000 +Subject: xen-blkback: fix persistent grants negotiation + +From: SeongJae Park + +commit fc9be616bb8f3ed9cf560308f86904f5c06be205 upstream. + +Persistent grants feature can be used only when both backend and the +frontend supports the feature. The feature was always supported by +'blkback', but commit aac8a70db24b ("xen-blkback: add a parameter for +disabling of persistent grants") has introduced a parameter for +disabling it runtime. + +To avoid the parameter be updated while being used by 'blkback', the +commit caches the parameter into 'vbd->feature_gnt_persistent' in +'xen_vbd_create()', and then check if the guest also supports the +feature and finally updates the field in 'connect_ring()'. + +However, 'connect_ring()' could be called before 'xen_vbd_create()', so +later execution of 'xen_vbd_create()' can wrongly overwrite 'true' to +'vbd->feature_gnt_persistent'. As a result, 'blkback' could try to use +'persistent grants' feature even if the guest doesn't support the +feature. + +This commit fixes the issue by moving the parameter value caching to +'xen_blkif_alloc()', which allocates the 'blkif'. Because the struct +embeds 'vbd' object, which will be used by 'connect_ring()' later, this +should be called before 'connect_ring()' and therefore this should be +the right and safe place to do the caching. + +Fixes: aac8a70db24b ("xen-blkback: add a parameter for disabling of persistent grants") +Cc: # 5.10.x +Signed-off-by: Maximilian Heyne +Signed-off-by: SeongJae Park +Reviewed-by: Maximilian Heyne +Reviewed-by: Juergen Gross +Link: https://lore.kernel.org/r/20220715225108.193398-2-sj@kernel.org +Signed-off-by: Juergen Gross +Signed-off-by: Greg Kroah-Hartman +--- + drivers/block/xen-blkback/xenbus.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +--- a/drivers/block/xen-blkback/xenbus.c ++++ b/drivers/block/xen-blkback/xenbus.c +@@ -157,6 +157,11 @@ static int xen_blkif_alloc_rings(struct + return 0; + } + ++/* Enable the persistent grants feature. */ ++static bool feature_persistent = true; ++module_param(feature_persistent, bool, 0644); ++MODULE_PARM_DESC(feature_persistent, "Enables the persistent grants feature"); ++ + static struct xen_blkif *xen_blkif_alloc(domid_t domid) + { + struct xen_blkif *blkif; +@@ -181,6 +186,8 @@ static struct xen_blkif *xen_blkif_alloc + __module_get(THIS_MODULE); + INIT_WORK(&blkif->free_work, xen_blkif_deferred_free); + ++ blkif->vbd.feature_gnt_persistent = feature_persistent; ++ + return blkif; + } + +@@ -472,12 +479,6 @@ static void xen_vbd_free(struct xen_vbd + vbd->bdev = NULL; + } + +-/* Enable the persistent grants feature. */ +-static bool feature_persistent = true; +-module_param(feature_persistent, bool, 0644); +-MODULE_PARM_DESC(feature_persistent, +- "Enables the persistent grants feature"); +- + static int xen_vbd_create(struct xen_blkif *blkif, blkif_vdev_t handle, + unsigned major, unsigned minor, int readonly, + int cdrom) +@@ -523,8 +524,6 @@ static int xen_vbd_create(struct xen_blk + if (q && blk_queue_secure_erase(q)) + vbd->discard_secure = true; + +- vbd->feature_gnt_persistent = feature_persistent; +- + pr_debug("Successful creation of handle=%04x (dom=%u)\n", + handle, blkif->domid); + return 0; diff --git a/queue-5.10/xen-blkfront-apply-feature_persistent-parameter-when-connect.patch b/queue-5.10/xen-blkfront-apply-feature_persistent-parameter-when-connect.patch new file mode 100644 index 00000000000..5e96fe7646a --- /dev/null +++ b/queue-5.10/xen-blkfront-apply-feature_persistent-parameter-when-connect.patch @@ -0,0 +1,73 @@ +From 402c43ea6b34a1b371ffeed9adf907402569eaf5 Mon Sep 17 00:00:00 2001 +From: SeongJae Park +Date: Fri, 15 Jul 2022 22:51:08 +0000 +Subject: xen-blkfront: Apply 'feature_persistent' parameter when connect + +From: SeongJae Park + +commit 402c43ea6b34a1b371ffeed9adf907402569eaf5 upstream. + +In some use cases[1], the backend is created while the frontend doesn't +support the persistent grants feature, but later the frontend can be +changed to support the feature and reconnect. In the past, 'blkback' +enabled the persistent grants feature since it unconditionally checked +if frontend supports the persistent grants feature for every connect +('connect_ring()') and decided whether it should use persistent grans or +not. + +However, commit aac8a70db24b ("xen-blkback: add a parameter for +disabling of persistent grants") has mistakenly changed the behavior. +It made the frontend feature support check to not be repeated once it +shown the 'feature_persistent' as 'false', or the frontend doesn't +support persistent grants. + +Similar behavioral change has made on 'blkfront' by commit 74a852479c68 +("xen-blkfront: add a parameter for disabling of persistent grants"). +This commit changes the behavior of the parameter to make effect for +every connect, so that the previous behavior of 'blkfront' can be +restored. + +[1] https://lore.kernel.org/xen-devel/CAJwUmVB6H3iTs-C+U=v-pwJB7-_ZRHPxHzKRJZ22xEPW7z8a=g@mail.gmail.com/ + +Fixes: 74a852479c68 ("xen-blkfront: add a parameter for disabling of persistent grants") +Cc: # 5.10.x +Signed-off-by: SeongJae Park +Reviewed-by: Maximilian Heyne +Reviewed-by: Juergen Gross +Link: https://lore.kernel.org/r/20220715225108.193398-4-sj@kernel.org +Signed-off-by: Juergen Gross +Signed-off-by: Greg Kroah-Hartman +--- + Documentation/ABI/testing/sysfs-driver-xen-blkfront | 2 +- + drivers/block/xen-blkfront.c | 4 +--- + 2 files changed, 2 insertions(+), 4 deletions(-) + +--- a/Documentation/ABI/testing/sysfs-driver-xen-blkfront ++++ b/Documentation/ABI/testing/sysfs-driver-xen-blkfront +@@ -15,5 +15,5 @@ KernelVersion: 5.10 + Contact: SeongJae Park + Description: + Whether to enable the persistent grants feature or not. Note +- that this option only takes effect on newly created frontends. ++ that this option only takes effect on newly connected frontends. + The default is Y (enable). +--- a/drivers/block/xen-blkfront.c ++++ b/drivers/block/xen-blkfront.c +@@ -2088,8 +2088,6 @@ static int blkfront_probe(struct xenbus_ + info->vdevice = vdevice; + info->connected = BLKIF_STATE_DISCONNECTED; + +- info->feature_persistent = feature_persistent; +- + /* Front end dir is a number, which is used as the id. */ + info->handle = simple_strtoul(strrchr(dev->nodename, '/')+1, NULL, 0); + dev_set_drvdata(&dev->dev, info); +@@ -2393,7 +2391,7 @@ static void blkfront_gather_backend_feat + if (xenbus_read_unsigned(info->xbdev->otherend, "feature-discard", 0)) + blkfront_setup_discard(info); + +- if (info->feature_persistent) ++ if (feature_persistent) + info->feature_persistent = + !!xenbus_read_unsigned(info->xbdev->otherend, + "feature-persistent", 0);