diff options
| -rw-r--r-- | 0001-random-add-a-config-option-to-trust-the-CPU-s-hwrng.patch | 78 | ||||
| -rw-r--r-- | 0001-random-make-CPU-trust-a-boot-parameter.patch | 82 | ||||
| -rw-r--r-- | HID-fixes.patch | 406 | ||||
| -rw-r--r-- | configs/fedora/generic/CONFIG_RANDOM_TRUST_CPU | 1 | ||||
| -rw-r--r-- | kernel-aarch64-debug.config | 1 | ||||
| -rw-r--r-- | kernel-aarch64.config | 1 | ||||
| -rw-r--r-- | kernel-armv7hl-debug.config | 1 | ||||
| -rw-r--r-- | kernel-armv7hl-lpae-debug.config | 1 | ||||
| -rw-r--r-- | kernel-armv7hl-lpae.config | 1 | ||||
| -rw-r--r-- | kernel-armv7hl.config | 1 | ||||
| -rw-r--r-- | kernel-i686-PAE.config | 1 | ||||
| -rw-r--r-- | kernel-i686-PAEdebug.config | 1 | ||||
| -rw-r--r-- | kernel-i686-debug.config | 1 | ||||
| -rw-r--r-- | kernel-i686.config | 1 | ||||
| -rw-r--r-- | kernel-ppc64-debug.config | 1 | ||||
| -rw-r--r-- | kernel-ppc64.config | 1 | ||||
| -rw-r--r-- | kernel-ppc64le-debug.config | 1 | ||||
| -rw-r--r-- | kernel-ppc64le.config | 1 | ||||
| -rw-r--r-- | kernel-s390x-debug.config | 1 | ||||
| -rw-r--r-- | kernel-s390x.config | 1 | ||||
| -rw-r--r-- | kernel-x86_64-debug.config | 1 | ||||
| -rw-r--r-- | kernel-x86_64.config | 1 | ||||
| -rw-r--r-- | kernel.spec | 32 | ||||
| -rw-r--r-- | kexec-bzimage-verify-pe-signature-fix.patch | 34 | ||||
| -rw-r--r-- | sources | 2 |
25 files changed, 613 insertions, 40 deletions
diff --git a/0001-random-add-a-config-option-to-trust-the-CPU-s-hwrng.patch b/0001-random-add-a-config-option-to-trust-the-CPU-s-hwrng.patch new file mode 100644 index 000000000..8a2f68f82 --- /dev/null +++ b/0001-random-add-a-config-option-to-trust-the-CPU-s-hwrng.patch @@ -0,0 +1,78 @@ +From 39a8883a2b989d1d21bd8dd99f5557f0c5e89694 Mon Sep 17 00:00:00 2001 +From: Theodore Ts'o <tytso@mit.edu> +Date: Tue, 17 Jul 2018 18:24:27 -0400 +Subject: [PATCH] random: add a config option to trust the CPU's hwrng + +This gives the user building their own kernel (or a Linux +distribution) the option of deciding whether or not to trust the CPU's +hardware random number generator (e.g., RDRAND for x86 CPU's) as being +correctly implemented and not having a back door introduced (perhaps +courtesy of a Nation State's law enforcement or intelligence +agencies). + +This will prevent getrandom(2) from blocking, if there is a +willingness to trust the CPU manufacturer. + +Signed-off-by: Theodore Ts'o <tytso@mit.edu> +--- + drivers/char/Kconfig | 14 ++++++++++++++ + drivers/char/random.c | 11 ++++++++++- + 2 files changed, 24 insertions(+), 1 deletion(-) + +diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig +index 212f447938ae..ce277ee0a28a 100644 +--- a/drivers/char/Kconfig ++++ b/drivers/char/Kconfig +@@ -554,3 +554,17 @@ config ADI + + endmenu + ++config RANDOM_TRUST_CPU ++ bool "Trust the CPU manufacturer to initialize Linux's CRNG" ++ depends on X86 || S390 || PPC ++ default n ++ help ++ Assume that CPU manufacturer (e.g., Intel or AMD for RDSEED or ++ RDRAND, IBM for the S390 and Power PC architectures) is trustworthy ++ for the purposes of initializing Linux's CRNG. Since this is not ++ something that can be independently audited, this amounts to trusting ++ that CPU manufacturer (perhaps with the insistence or mandate ++ of a Nation State's intelligence or law enforcement agencies) ++ has not installed a hidden back door to compromise the CPU's ++ random number generation facilities. ++ +diff --git a/drivers/char/random.c b/drivers/char/random.c +index 34ddfd57419b..f4013b8a711b 100644 +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -782,6 +782,7 @@ static void invalidate_batched_entropy(void); + static void crng_initialize(struct crng_state *crng) + { + int i; ++ int arch_init = 1; + unsigned long rv; + + memcpy(&crng->state[0], "expand 32-byte k", 16); +@@ -792,10 +793,18 @@ static void crng_initialize(struct crng_state *crng) + _get_random_bytes(&crng->state[4], sizeof(__u32) * 12); + for (i = 4; i < 16; i++) { + if (!arch_get_random_seed_long(&rv) && +- !arch_get_random_long(&rv)) ++ !arch_get_random_long(&rv)) { + rv = random_get_entropy(); ++ arch_init = 0; ++ } + crng->state[i] ^= rv; + } ++#ifdef CONFIG_RANDOM_TRUST_CPU ++ if (arch_init) { ++ crng_init = 2; ++ pr_notice("random: crng done (trusting CPU's manufacturer)\n"); ++ } ++#endif + crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1; + } + +-- +2.17.1 + diff --git a/0001-random-make-CPU-trust-a-boot-parameter.patch b/0001-random-make-CPU-trust-a-boot-parameter.patch new file mode 100644 index 000000000..33695fcb4 --- /dev/null +++ b/0001-random-make-CPU-trust-a-boot-parameter.patch @@ -0,0 +1,82 @@ +From 9b25436662d5fb4c66eb527ead53cab15f596ee0 Mon Sep 17 00:00:00 2001 +From: Kees Cook <keescook@chromium.org> +Date: Mon, 27 Aug 2018 14:51:54 -0700 +Subject: [PATCH] random: make CPU trust a boot parameter + +Instead of forcing a distro or other system builder to choose +at build time whether the CPU is trusted for CRNG seeding via +CONFIG_RANDOM_TRUST_CPU, provide a boot-time parameter for end users to +control the choice. The CONFIG will set the default state instead. + +Signed-off-by: Kees Cook <keescook@chromium.org> +Signed-off-by: Theodore Ts'o <tytso@mit.edu> +--- + Documentation/admin-guide/kernel-parameters.txt | 6 ++++++ + drivers/char/Kconfig | 4 ++-- + drivers/char/random.c | 11 ++++++++--- + 3 files changed, 16 insertions(+), 5 deletions(-) + +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index 0c8f7889efa1..227c5c6fa4c1 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -3390,6 +3390,12 @@ + ramdisk_size= [RAM] Sizes of RAM disks in kilobytes + See Documentation/blockdev/ramdisk.txt. + ++ random.trust_cpu={on,off} ++ [KNL] Enable or disable trusting the use of the ++ CPU's random number generator (if available) to ++ fully seed the kernel's CRNG. Default is controlled ++ by CONFIG_RANDOM_TRUST_CPU. ++ + ras=option[,option,...] [KNL] RAS-specific options + + cec_disable [X86] +diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig +index ce277ee0a28a..40728491f37b 100644 +--- a/drivers/char/Kconfig ++++ b/drivers/char/Kconfig +@@ -566,5 +566,5 @@ config RANDOM_TRUST_CPU + that CPU manufacturer (perhaps with the insistence or mandate + of a Nation State's intelligence or law enforcement agencies) + has not installed a hidden back door to compromise the CPU's +- random number generation facilities. +- ++ random number generation facilities. This can also be configured ++ at boot with "random.trust_cpu=on/off". +diff --git a/drivers/char/random.c b/drivers/char/random.c +index bf5f99fc36f1..c75b6cdf0053 100644 +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -779,6 +779,13 @@ static struct crng_state **crng_node_pool __read_mostly; + + static void invalidate_batched_entropy(void); + ++static bool trust_cpu __ro_after_init = IS_ENABLED(CONFIG_RANDOM_TRUST_CPU); ++static int __init parse_trust_cpu(char *arg) ++{ ++ return kstrtobool(arg, &trust_cpu); ++} ++early_param("random.trust_cpu", parse_trust_cpu); ++ + static void crng_initialize(struct crng_state *crng) + { + int i; +@@ -799,12 +806,10 @@ static void crng_initialize(struct crng_state *crng) + } + crng->state[i] ^= rv; + } +-#ifdef CONFIG_RANDOM_TRUST_CPU +- if (arch_init) { ++ if (trust_cpu && arch_init) { + crng_init = 2; + pr_notice("random: crng done (trusting CPU's manufacturer)\n"); + } +-#endif + crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1; + } + +-- +2.17.1 + diff --git a/HID-fixes.patch b/HID-fixes.patch new file mode 100644 index 000000000..c934baad7 --- /dev/null +++ b/HID-fixes.patch @@ -0,0 +1,406 @@ +From patchwork Tue Sep 4 13:31:12 2018 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +X-Patchwork-Submitter: Benjamin Tissoires <benjamin.tissoires@redhat.com> +X-Patchwork-Id: 10587363 +Return-Path: <linux-input-owner@kernel.org> +Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org + [172.30.200.125]) + by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C6F0A13AC + for <patchwork-linux-input@patchwork.kernel.org>; + Tue, 4 Sep 2018 13:31:39 +0000 (UTC) +Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) + by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B853A297E4 + for <patchwork-linux-input@patchwork.kernel.org>; + Tue, 4 Sep 2018 13:31:39 +0000 (UTC) +Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) + id B5F90298AD; Tue, 4 Sep 2018 13:31:39 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on + pdx-wl-mail.web.codeaurora.org +X-Spam-Level: +X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, + RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 +Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) + by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 59B642985E + for <patchwork-linux-input@patchwork.kernel.org>; + Tue, 4 Sep 2018 13:31:39 +0000 (UTC) +Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand + id S1727136AbeIDR4q (ORCPT + <rfc822;patchwork-linux-input@patchwork.kernel.org>); + Tue, 4 Sep 2018 13:56:46 -0400 +Received: from mx3-rdu2.redhat.com ([66.187.233.73]:54264 "EHLO + mx1.redhat.com" + rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP + id S1727057AbeIDR4q (ORCPT <rfc822;linux-input@vger.kernel.org>); + Tue, 4 Sep 2018 13:56:46 -0400 +Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com + [10.11.54.5]) + (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) + (No client certificate requested) + by mx1.redhat.com (Postfix) with ESMTPS id AEC9A804B9F2; + Tue, 4 Sep 2018 13:31:36 +0000 (UTC) +Received: from plouf.redhat.com (ovpn-116-25.ams2.redhat.com [10.36.116.25]) + by smtp.corp.redhat.com (Postfix) with ESMTP id 88B24A9EF9; + Tue, 4 Sep 2018 13:31:35 +0000 (UTC) +From: Benjamin Tissoires <benjamin.tissoires@redhat.com> +To: Jiri Kosina <jikos@kernel.org>, + Dmitry Torokhov <dmitry.torokhov@gmail.com> +Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>, + linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, + stable@vger.kernel.org +Subject: [PATCH 1/4] HID: multitouch: fix Elan panels with 2 input modes + declaration +Date: Tue, 4 Sep 2018 15:31:12 +0200 +Message-Id: <20180904133115.5111-2-benjamin.tissoires@redhat.com> +In-Reply-To: <20180904133115.5111-1-benjamin.tissoires@redhat.com> +References: <20180904133115.5111-1-benjamin.tissoires@redhat.com> +X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 +X-Greylist: Sender IP whitelisted, + not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); + Tue, 04 Sep 2018 13:31:36 +0000 (UTC) +X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); + Tue, + 04 Sep 2018 13:31:36 +0000 (UTC) for IP:'10.11.54.5' + DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' + HELO:'smtp.corp.redhat.com' FROM:'benjamin.tissoires@redhat.com' RCPT:'' +Sender: linux-input-owner@vger.kernel.org +Precedence: bulk +List-ID: <linux-input.vger.kernel.org> +X-Mailing-List: linux-input@vger.kernel.org +X-Virus-Scanned: ClamAV using ClamSMTP + +When implementing commit 7f81c8db5489 ("HID: multitouch: simplify +the settings of the various features"), I wrongly removed a test +that made sure we never try to set the second InputMode feature +to something else than 0. + +This broke badly some recent Elan panels that now forget to send the +click button in some area of the touchpad. + +Fixes 7f81c8db5489 + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=200899 + +Cc: stable@vger.kernel.org # v4.18+ +Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> +--- + drivers/hid/hid-multitouch.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c +index 40fbb7c52723..88da991ef256 100644 +--- a/drivers/hid/hid-multitouch.c ++++ b/drivers/hid/hid-multitouch.c +@@ -1375,7 +1375,8 @@ static bool mt_need_to_apply_feature(struct hid_device *hdev, + struct hid_usage *usage, + enum latency_mode latency, + bool surface_switch, +- bool button_switch) ++ bool button_switch, ++ bool *inputmode_found) + { + struct mt_device *td = hid_get_drvdata(hdev); + struct mt_class *cls = &td->mtclass; +@@ -1387,6 +1388,14 @@ static bool mt_need_to_apply_feature(struct hid_device *hdev, + + switch (usage->hid) { + case HID_DG_INPUTMODE: ++ /* ++ * Some elan panels wrongly declare 2 input mode features, ++ * and silently ignore when we set the value in the second ++ * field. Skip the second feature and hope for the best. ++ */ ++ if (*inputmode_found) ++ return false; ++ + if (cls->quirks & MT_QUIRK_FORCE_GET_FEATURE) { + report_len = hid_report_len(report); + buf = hid_alloc_report_buf(report, GFP_KERNEL); +@@ -1402,6 +1411,7 @@ static bool mt_need_to_apply_feature(struct hid_device *hdev, + } + + field->value[index] = td->inputmode_value; ++ *inputmode_found = true; + return true; + + case HID_DG_CONTACTMAX: +@@ -1439,6 +1449,7 @@ static void mt_set_modes(struct hid_device *hdev, enum latency_mode latency, + struct hid_usage *usage; + int i, j; + bool update_report; ++ bool inputmode_found = false; + + rep_enum = &hdev->report_enum[HID_FEATURE_REPORT]; + list_for_each_entry(rep, &rep_enum->report_list, list) { +@@ -1457,7 +1468,8 @@ static void mt_set_modes(struct hid_device *hdev, enum latency_mode latency, + usage, + latency, + surface_switch, +- button_switch)) ++ button_switch, ++ &inputmode_found)) + update_report = true; + } + } + +From patchwork Tue Sep 4 13:31:13 2018 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +X-Patchwork-Submitter: Benjamin Tissoires <benjamin.tissoires@redhat.com> +X-Patchwork-Id: 10587365 +Return-Path: <linux-input-owner@kernel.org> +Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org + [172.30.200.125]) + by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0CE7013BB + for <patchwork-linux-input@patchwork.kernel.org>; + Tue, 4 Sep 2018 13:31:43 +0000 (UTC) +Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) + by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F2E1E29869 + for <patchwork-linux-input@patchwork.kernel.org>; + Tue, 4 Sep 2018 13:31:42 +0000 (UTC) +Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) + id F10BF2988D; Tue, 4 Sep 2018 13:31:42 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on + pdx-wl-mail.web.codeaurora.org +X-Spam-Level: +X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, + RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 +Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) + by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AA59D29869 + for <patchwork-linux-input@patchwork.kernel.org>; + Tue, 4 Sep 2018 13:31:42 +0000 (UTC) +Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand + id S1727401AbeIDR4u (ORCPT + <rfc822;patchwork-linux-input@patchwork.kernel.org>); + Tue, 4 Sep 2018 13:56:50 -0400 +Received: from mx3-rdu2.redhat.com ([66.187.233.73]:46152 "EHLO + mx1.redhat.com" + rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP + id S1727057AbeIDR4u (ORCPT <rfc822;linux-input@vger.kernel.org>); + Tue, 4 Sep 2018 13:56:50 -0400 +Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com + [10.11.54.5]) + (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) + (No client certificate requested) + by mx1.redhat.com (Postfix) with ESMTPS id E039740241C8; + Tue, 4 Sep 2018 13:31:40 +0000 (UTC) +Received: from plouf.redhat.com (ovpn-116-25.ams2.redhat.com [10.36.116.25]) + by smtp.corp.redhat.com (Postfix) with ESMTP id DC6AEA9EFD; + Tue, 4 Sep 2018 13:31:39 +0000 (UTC) +From: Benjamin Tissoires <benjamin.tissoires@redhat.com> +To: Jiri Kosina <jikos@kernel.org>, + Dmitry Torokhov <dmitry.torokhov@gmail.com> +Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>, + linux-input@vger.kernel.org, linux-kernel@vger.kernel.org +Subject: [PATCH 2/4] HID: input: do not append a suffix if the name already + has it +Date: Tue, 4 Sep 2018 15:31:13 +0200 +Message-Id: <20180904133115.5111-3-benjamin.tissoires@redhat.com> +In-Reply-To: <20180904133115.5111-1-benjamin.tissoires@redhat.com> +References: <20180904133115.5111-1-benjamin.tissoires@redhat.com> +X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 +X-Greylist: Sender IP whitelisted, + not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); + Tue, 04 Sep 2018 13:31:40 +0000 (UTC) +X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); + Tue, + 04 Sep 2018 13:31:40 +0000 (UTC) for IP:'10.11.54.5' + DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' + HELO:'smtp.corp.redhat.com' FROM:'benjamin.tissoires@redhat.com' RCPT:'' +Sender: linux-input-owner@vger.kernel.org +Precedence: bulk +List-ID: <linux-input.vger.kernel.org> +X-Mailing-List: linux-input@vger.kernel.org +X-Virus-Scanned: ClamAV using ClamSMTP + +Or it creates some weird input names like: +"MI Dongle MI Wireless Mouse Mouse" + +Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> +--- + drivers/hid/hid-input.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c +index ac201817a2dd..1e9ba8f7a16b 100644 +--- a/drivers/hid/hid-input.c ++++ b/drivers/hid/hid-input.c +@@ -1516,6 +1516,7 @@ static struct hid_input *hidinput_allocate(struct hid_device *hid, + struct hid_input *hidinput = kzalloc(sizeof(*hidinput), GFP_KERNEL); + struct input_dev *input_dev = input_allocate_device(); + const char *suffix = NULL; ++ size_t suffix_len, name_len; + + if (!hidinput || !input_dev) + goto fail; +@@ -1559,10 +1560,15 @@ static struct hid_input *hidinput_allocate(struct hid_device *hid, + } + + if (suffix) { +- hidinput->name = kasprintf(GFP_KERNEL, "%s %s", +- hid->name, suffix); +- if (!hidinput->name) +- goto fail; ++ name_len = strlen(hid->name); ++ suffix_len = strlen(suffix); ++ if ((name_len < suffix_len) || ++ strcmp(hid->name + name_len - suffix_len, suffix)) { ++ hidinput->name = kasprintf(GFP_KERNEL, "%s %s", ++ hid->name, suffix); ++ if (!hidinput->name) ++ goto fail; ++ } + } + + input_set_drvdata(input_dev, hid); + +From patchwork Tue Sep 4 13:31:14 2018 +Content-Type: text/plain; charset="utf-8" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +X-Patchwork-Submitter: Benjamin Tissoires <benjamin.tissoires@redhat.com> +X-Patchwork-Id: 10587369 +Return-Path: <linux-input-owner@kernel.org> +Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org + [172.30.200.125]) + by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5F2F2175A + for <patchwork-linux-input@patchwork.kernel.org>; + Tue, 4 Sep 2018 13:32:00 +0000 (UTC) +Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) + by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4F1E4297D5 + for <patchwork-linux-input@patchwork.kernel.org>; + Tue, 4 Sep 2018 13:32:00 +0000 (UTC) +Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) + id 418FE297FE; Tue, 4 Sep 2018 13:32:00 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on + pdx-wl-mail.web.codeaurora.org +X-Spam-Level: +X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, + RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 +Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) + by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C746C297D5 + for <patchwork-linux-input@patchwork.kernel.org>; + Tue, 4 Sep 2018 13:31:59 +0000 (UTC) +Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand + id S1727490AbeIDR44 (ORCPT + <rfc822;patchwork-linux-input@patchwork.kernel.org>); + Tue, 4 Sep 2018 13:56:56 -0400 +Received: from mx3-rdu2.redhat.com ([66.187.233.73]:60400 "EHLO + mx1.redhat.com" + rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP + id S1727057AbeIDR4z (ORCPT <rfc822;linux-input@vger.kernel.org>); + Tue, 4 Sep 2018 13:56:55 -0400 +Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com + [10.11.54.5]) + (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) + (No client certificate requested) + by mx1.redhat.com (Postfix) with ESMTPS id 640FC4023842; + Tue, 4 Sep 2018 13:31:46 +0000 (UTC) +Received: from plouf.redhat.com (ovpn-116-25.ams2.redhat.com [10.36.116.25]) + by smtp.corp.redhat.com (Postfix) with ESMTP id 6F8E8A9EF7; + Tue, 4 Sep 2018 13:31:43 +0000 (UTC) +From: Benjamin Tissoires <benjamin.tissoires@redhat.com> +To: Jiri Kosina <jikos@kernel.org>, + Dmitry Torokhov <dmitry.torokhov@gmail.com> +Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>, + linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, + stable@vger.kernel.org +Subject: [PATCH 3/4] HID: core: fix grouping by application +Date: Tue, 4 Sep 2018 15:31:14 +0200 +Message-Id: <20180904133115.5111-4-benjamin.tissoires@redhat.com> +In-Reply-To: <20180904133115.5111-1-benjamin.tissoires@redhat.com> +References: <20180904133115.5111-1-benjamin.tissoires@redhat.com> +X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 +X-Greylist: Sender IP whitelisted, + not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); + Tue, 04 Sep 2018 13:31:46 +0000 (UTC) +X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); + Tue, + 04 Sep 2018 13:31:46 +0000 (UTC) for IP:'10.11.54.5' + DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' + HELO:'smtp.corp.redhat.com' FROM:'benjamin.tissoires@redhat.com' RCPT:'' +Sender: linux-input-owner@vger.kernel.org +Precedence: bulk +List-ID: <linux-input.vger.kernel.org> +X-Mailing-List: linux-input@vger.kernel.org +X-Virus-Scanned: ClamAV using ClamSMTP + +commit f07b3c1da92d ("HID: generic: create one input report per +application type") was effectively the same as MULTI_INPUT: +hidinput->report was never set, so hidinput_match_application() +always returned null. + +Fix that by testing against the real application. + +Note that this breaks some old eGalax touchscreens that expect MULTI_INPUT +instead of HID_QUIRK_INPUT_PER_APP. Enable this quirk for backward +compatibility on all non-Win8 touchscreens. + +link: https://bugzilla.kernel.org/show_bug.cgi?id=200847 +link: https://bugzilla.kernel.org/show_bug.cgi?id=200849 +link: https://bugs.archlinux.org/task/59699 +link: https://github.com/NixOS/nixpkgs/issues/45165 + +Cc: stable@vger.kernel.org # v4.18+ +Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> +--- + +This replaces https://patchwork.kernel.org/patch/10583471/ +A proper fix is better than a revert. + + drivers/hid/hid-input.c | 4 ++-- + drivers/hid/hid-multitouch.c | 3 +++ + include/linux/hid.h | 1 + + 3 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c +index 1e9ba8f7a16b..907b08e50a9b 100644 +--- a/drivers/hid/hid-input.c ++++ b/drivers/hid/hid-input.c +@@ -1588,6 +1588,7 @@ static struct hid_input *hidinput_allocate(struct hid_device *hid, + input_dev->dev.parent = &hid->dev; + + hidinput->input = input_dev; ++ hidinput->application = application; + list_add_tail(&hidinput->list, &hid->inputs); + + INIT_LIST_HEAD(&hidinput->reports); +@@ -1683,8 +1684,7 @@ static struct hid_input *hidinput_match_application(struct hid_report *report) + struct hid_input *hidinput; + + list_for_each_entry(hidinput, &hid->inputs, list) { +- if (hidinput->report && +- hidinput->report->application == report->application) ++ if (hidinput->application == report->application) + return hidinput; + } + +diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c +index 88da991ef256..da954f3f4da7 100644 +--- a/drivers/hid/hid-multitouch.c ++++ b/drivers/hid/hid-multitouch.c +@@ -1697,6 +1697,9 @@ static int mt_probe(struct hid_device *hdev, const struct hid_device_id *id) + */ + hdev->quirks |= HID_QUIRK_INPUT_PER_APP; + ++ if (id->group != HID_GROUP_MULTITOUCH_WIN_8) ++ hdev->quirks |= HID_QUIRK_MULTI_INPUT; ++ + timer_setup(&td->release_timer, mt_expired_timeout, 0); + + ret = hid_parse(hdev); +diff --git a/include/linux/hid.h b/include/linux/hid.h +index 834e6461a690..d44a78362942 100644 +--- a/include/linux/hid.h ++++ b/include/linux/hid.h +@@ -526,6 +526,7 @@ struct hid_input { + const char *name; + bool registered; + struct list_head reports; /* the list of reports */ ++ unsigned int application; /* application usage for this input */ + }; + + enum hid_type { + diff --git a/configs/fedora/generic/CONFIG_RANDOM_TRUST_CPU b/configs/fedora/generic/CONFIG_RANDOM_TRUST_CPU new file mode 100644 index 000000000..f79be1a54 --- /dev/null +++ b/configs/fedora/generic/CONFIG_RANDOM_TRUST_CPU @@ -0,0 +1 @@ +CONFIG_RANDOM_TRUST_CPU=y diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config index f734d7520..12f8271d2 100644 --- a/kernel-aarch64-debug.config +++ b/kernel-aarch64-debug.config @@ -4660,6 +4660,7 @@ CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set CONFIG_RANDOMIZE_BASE=y CONFIG_RANDOMIZE_MODULE_REGION_FULL=y +CONFIG_RANDOM_TRUST_CPU=y CONFIG_RAS_CEC=y CONFIG_RASPBERRYPI_FIRMWARE=y CONFIG_RASPBERRYPI_POWER=y diff --git a/kernel-aarch64.config b/kernel-aarch64.config index dab2ad954..9c01708e5 100644 --- a/kernel-aarch64.config +++ b/kernel-aarch64.config @@ -4637,6 +4637,7 @@ CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set CONFIG_RANDOMIZE_BASE=y CONFIG_RANDOMIZE_MODULE_REGION_FULL=y +CONFIG_RANDOM_TRUST_CPU=y CONFIG_RAS_CEC=y CONFIG_RASPBERRYPI_FIRMWARE=y CONFIG_RASPBERRYPI_POWER=y diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config index 5823451df..90a245a15 100644 --- a/kernel-armv7hl-debug.config +++ b/kernel-armv7hl-debug.config @@ -4937,6 +4937,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y CONFIG_RAS_CEC=y CONFIG_RASPBERRYPI_FIRMWARE=y CONFIG_RASPBERRYPI_POWER=y diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config index 04c35dd30..b80b756ef 100644 --- a/kernel-armv7hl-lpae-debug.config +++ b/kernel-armv7hl-lpae-debug.config @@ -4661,6 +4661,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y CONFIG_RAS_CEC=y CONFIG_RASPBERRYPI_FIRMWARE=y CONFIG_RASPBERRYPI_POWER=y diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config index 92864bf46..56aa1f6bb 100644 --- a/kernel-armv7hl-lpae.config +++ b/kernel-armv7hl-lpae.config @@ -4638,6 +4638,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y CONFIG_RAS_CEC=y CONFIG_RASPBERRYPI_FIRMWARE=y CONFIG_RASPBERRYPI_POWER=y diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config index 446304e4e..3717f07f2 100644 --- a/kernel-armv7hl.config +++ b/kernel-armv7hl.config @@ -4914,6 +4914,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y CONFIG_RAS_CEC=y CONFIG_RASPBERRYPI_FIRMWARE=y CONFIG_RASPBERRYPI_POWER=y diff --git a/kernel-i686-PAE.config b/kernel-i686-PAE.config index 6780dfce9..00f6f0303 100644 --- a/kernel-i686-PAE.config +++ b/kernel-i686-PAE.config @@ -4390,6 +4390,7 @@ CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel-i686-PAEdebug.config b/kernel-i686-PAEdebug.config index 8a0eded81..27702813c 100644 --- a/kernel-i686-PAEdebug.config +++ b/kernel-i686-PAEdebug.config @@ -4414,6 +4414,7 @@ CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config index f057b4074..62ae9c99f 100644 --- a/kernel-i686-debug.config +++ b/kernel-i686-debug.config @@ -4414,6 +4414,7 @@ CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel-i686.config b/kernel-i686.config index 5471b2b56..f68101008 100644 --- a/kernel-i686.config +++ b/kernel-i686.config @@ -4390,6 +4390,7 @@ CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set CONFIG_RANDOMIZE_BASE=y +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel-ppc64-debug.config b/kernel-ppc64-debug.config index 08828ac6e..ef133f74f 100644 --- a/kernel-ppc64-debug.config +++ b/kernel-ppc64-debug.config @@ -4220,6 +4220,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel-ppc64.config b/kernel-ppc64.config index ff80d3adf..09a555f97 100644 --- a/kernel-ppc64.config +++ b/kernel-ppc64.config @@ -4194,6 +4194,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config index e9659bfa0..bdd65239d 100644 --- a/kernel-ppc64le-debug.config +++ b/kernel-ppc64le-debug.config @@ -4158,6 +4158,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config index e65ed3852..81fbfa2be 100644 --- a/kernel-ppc64le.config +++ b/kernel-ppc64le.config @@ -4132,6 +4132,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config index c8c7d340b..cd831e499 100644 --- a/kernel-s390x-debug.config +++ b/kernel-s390x-debug.config @@ -4048,6 +4048,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set CONFIG_RAW_DRIVER=y diff --git a/kernel-s390x.config b/kernel-s390x.config index dff028c36..8f6023d7f 100644 --- a/kernel-s390x.config +++ b/kernel-s390x.config @@ -4022,6 +4022,7 @@ CONFIG_RADIO_WL1273=m CONFIG_RADIO_ZOLTRIX=m CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set +CONFIG_RANDOM_TRUST_CPU=y CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set CONFIG_RAW_DRIVER=y diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config index 7b29c083b..acf81070e 100644 --- a/kernel-x86_64-debug.config +++ b/kernel-x86_64-debug.config @@ -4458,6 +4458,7 @@ CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set CONFIG_RANDOMIZE_BASE=y CONFIG_RANDOMIZE_MEMORY=y +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel-x86_64.config b/kernel-x86_64.config index 12fd9c0f8..1850adf3e 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -4434,6 +4434,7 @@ CONFIG_RAID_ATTRS=m # CONFIG_RANDOM32_SELFTEST is not set CONFIG_RANDOMIZE_BASE=y CONFIG_RANDOMIZE_MEMORY=y +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RAPIDIO is not set CONFIG_RAS_CEC=y # CONFIG_RAVE_SP_CORE is not set diff --git a/kernel.spec b/kernel.spec index 23bc0c3c8..a57fb78f2 100644 --- a/kernel.spec +++ b/kernel.spec @@ -58,7 +58,7 @@ Summary: The Linux kernel %define stable_rc 0 # Do we have a -stable update to apply? -%define stable_update 7 +%define stable_update 8 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -638,12 +638,16 @@ Patch501: Fix-for-module-sig-verification.patch # rhbz 1431375 Patch502: input-rmi4-remove-the-need-for-artifical-IRQ.patch -# rhbz 1470995 -Patch503: kexec-bzimage-verify-pe-signature-fix.patch - # CVE-2018-15471 rhbz 1610555 1618414 Patch504: xsa270.patch +# rhbz 1627963 1628715 +Patch505: HID-fixes.patch + +# rhbz 1572944 +Patch506: 0001-random-add-a-config-option-to-trust-the-CPU-s-hwrng.patch +Patch507: 0001-random-make-CPU-trust-a-boot-parameter.patch + # END OF PATCH DEFINITIONS %endif @@ -1896,7 +1900,25 @@ fi # # %changelog -* Fri Aug 24 2018 Laura Abbott <labbott@redhat.com> - 4.18.5-300 +* Sun Sep 16 2018 Laura Abbott <labbott@redhat.com> - 4.18.8-300 +- Linux v4.18.8 + +* Fri Sep 14 2018 Justin M. Forbes <jforbes@fedoraproject.org> +- Additional Fixes for CVE-2018-5391 (rhbz 1616059) + +* Thu Sep 13 2018 Laura Abbott <labbott@redhat.com> +- Use the CPU RNG for entropy (rhbz 1572944) + +* Thu Sep 13 2018 Laura Abbott <labbott@redhat.com> +- HID fixes (rhbz 1627963 1628715) + +* Mon Sep 10 2018 Laura Abbott <labbott@redhat.com> - 4.18.7-200 +- Linux v4.18.7 + +* Sun Sep 09 2018 Laura Abbott <labbott@redhat.com> - 4.18.6-200 +- Linux v4.18.6 + +* Fri Aug 24 2018 Laura Abbott <labbott@redhat.com> - 4.18.5-200 - Linux v4.18.5 * Fri Aug 24 2018 Justin M. Forbes <jforbes@fedoraproject.org> - 4.17.19-200 diff --git a/kexec-bzimage-verify-pe-signature-fix.patch b/kexec-bzimage-verify-pe-signature-fix.patch deleted file mode 100644 index 6c8a51b95..000000000 --- a/kexec-bzimage-verify-pe-signature-fix.patch +++ /dev/null @@ -1,34 +0,0 @@ -From: Dave Young <dyoung@redhat.com> - -Fix kexec_file_load pefile signature verification - -Similar with Fix-for-module-sig-verification.patch, kexec_file syscall also -need pass 1UL to verify_pefile_signature so that secondary keys can be used. - -Fedora bug -https://bugzilla.redhat.com/show_bug.cgi?id=1470995 - -Latest upstream effort is below: -https://www.spinics.net/lists/kernel/msg2825184.html - -Ideally this need an upstream fix, but since nobody response we can workaround -it like the module code did. - -Signed-off-by: Dave Young <dyoung@redhat.com> ---- - arch/x86/kernel/kexec-bzimage64.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- linux-x86.orig/arch/x86/kernel/kexec-bzimage64.c -+++ linux-x86/arch/x86/kernel/kexec-bzimage64.c -@@ -533,7 +533,7 @@ static int bzImage64_cleanup(void *loade - static int bzImage64_verify_sig(const char *kernel, unsigned long kernel_len) - { - return verify_pefile_signature(kernel, kernel_len, -- NULL, -+ (void *)1UL, - VERIFYING_KEXEC_PE_SIGNATURE); - } - #endif --- -2.17.0 @@ -1,2 +1,2 @@ SHA512 (linux-4.18.tar.xz) = 950eb85ac743b291afe9f21cd174d823e25f11883ee62cecfbfff8fe8c5672aae707654b1b8f29a133b1f2e3529e63b9f7fba4c45d6dacccc8000b3a9a9ae038 -SHA512 (patch-4.18.7.xz) = 483ce39833de636cc8ba52908db14819fcd61bf3a3bfe6409dc858bd5a563de24beade909fb71c3a529a5761f638398bc30fdf2796220ae3da78e3e2a363fdb7 +SHA512 (patch-4.18.8.xz) = df8e7d24714012fcc6a0532bfd92c2d3ed7651910a5fe7b136bfac0394414690c7617d4e7114113d539fbe53d3375f55840af652f739eb685577458f766d5c03 |