Bring back the revert for rhbz 1572944

2 files changed, 166 insertions, 0 deletions

diff --git a/Revert-the-random-series-for-4.16.4.patch b/Revert-the-random-series-for-4.16.4.patch
new file mode 100644
index 000000000..f410fd310
--- /dev/null
+++ b/Revert-the-random-series-for-4.16.4.patch
@@ -0,0 +1,160 @@
+From 5744a0927df22f46e4b7f134b3dfb405fdfcf6ce Mon Sep 17 00:00:00 2001
+From: Jeremy Cline <jeremy@jcline.org>
+Date: Wed, 2 May 2018 15:16:29 -0400
+Subject: [PATCH 1/2] Revert "random: use a different mixing algorithm for
+ add_device_randomness()"
+
+This reverts commit 89b59f050347d376c2ace8b1ceb908a218cfdc2e.
+
+Signed-off-by: Jeremy Cline <jeremy@jcline.org>
+---
+ drivers/char/random.c | 55 ++++---------------------------------------
+ 1 file changed, 4 insertions(+), 51 deletions(-)
+
+diff --git a/drivers/char/random.c b/drivers/char/random.c
+index 8f4e11842c60..aa5b04af86c6 100644
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -831,10 +831,6 @@ static void numa_crng_init(void)
+ static void numa_crng_init(void) {}
+ #endif
+ 
+-/*
+- * crng_fast_load() can be called by code in the interrupt service
+- * path.  So we can't afford to dilly-dally.
+- */
+ static int crng_fast_load(const char *cp, size_t len)
+ {
+ 	unsigned long flags;
+@@ -861,51 +857,6 @@ static int crng_fast_load(const char *cp, size_t len)
+ 	return 1;
+ }
+ 
+-/*
+- * crng_slow_load() is called by add_device_randomness, which has two
+- * attributes.  (1) We can't trust the buffer passed to it is
+- * guaranteed to be unpredictable (so it might not have any entropy at
+- * all), and (2) it doesn't have the performance constraints of
+- * crng_fast_load().
+- *
+- * So we do something more comprehensive which is guaranteed to touch
+- * all of the primary_crng's state, and which uses a LFSR with a
+- * period of 255 as part of the mixing algorithm.  Finally, we do
+- * *not* advance crng_init_cnt since buffer we may get may be something
+- * like a fixed DMI table (for example), which might very well be
+- * unique to the machine, but is otherwise unvarying.
+- */
+-static int crng_slow_load(const char *cp, size_t len)
+-{
+-	unsigned long		flags;
+-	static unsigned char	lfsr = 1;
+-	unsigned char		tmp;
+-	unsigned		i, max = CHACHA20_KEY_SIZE;
+-	const char *		src_buf = cp;
+-	char *			dest_buf = (char *) &primary_crng.state[4];
+-
+-	if (!spin_trylock_irqsave(&primary_crng.lock, flags))
+-		return 0;
+-	if (crng_init != 0) {
+-		spin_unlock_irqrestore(&primary_crng.lock, flags);
+-		return 0;
+-	}
+-	if (len > max)
+-		max = len;
+-
+-	for (i = 0; i < max ; i++) {
+-		tmp = lfsr;
+-		lfsr >>= 1;
+-		if (tmp & 1)
+-			lfsr ^= 0xE1;
+-		tmp = dest_buf[i % CHACHA20_KEY_SIZE];
+-		dest_buf[i % CHACHA20_KEY_SIZE] ^= src_buf[i % len] ^ lfsr;
+-		lfsr += (tmp << 3) | (tmp >> 5);
+-	}
+-	spin_unlock_irqrestore(&primary_crng.lock, flags);
+-	return 1;
+-}
+-
+ static void crng_reseed(struct crng_state *crng, struct entropy_store *r)
+ {
+ 	unsigned long	flags;
+@@ -1089,8 +1040,10 @@ void add_device_randomness(const void *buf, unsigned int size)
+ 	unsigned long time = random_get_entropy() ^ jiffies;
+ 	unsigned long flags;
+ 
+-	if (!crng_ready() && size)
+-		crng_slow_load(buf, size);
++	if (!crng_ready()) {
++		crng_fast_load(buf, size);
++		return;
++	}
+ 
+ 	trace_add_device_randomness(size, _RET_IP_);
+ 	spin_lock_irqsave(&input_pool.lock, flags);
+-- 
+2.17.0
+
+From e1b1b5b62740b0e6ea8258a4eb81b2a336538fed Mon Sep 17 00:00:00 2001
+From: Jeremy Cline <jeremy@jcline.org>
+Date: Wed, 2 May 2018 15:18:03 -0400
+Subject: [PATCH 2/2] Revert "random: fix crng_ready() test"
+
+This reverts commit cd8d7a5778a4abf76ee8fe8f1bfcf78976029f8d.
+
+Signed-off-by: Jeremy Cline <jeremy@jcline.org>
+---
+ drivers/char/random.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/char/random.c b/drivers/char/random.c
+index aa5b04af86c6..ef05cc685b74 100644
+--- a/drivers/char/random.c
++++ b/drivers/char/random.c
+@@ -428,7 +428,7 @@ struct crng_state primary_crng = {
+  * its value (from 0->1->2).
+  */
+ static int crng_init = 0;
+-#define crng_ready() (likely(crng_init > 1))
++#define crng_ready() (likely(crng_init > 0))
+ static int crng_init_cnt = 0;
+ static unsigned long crng_global_init_time = 0;
+ #define CRNG_INIT_CNT_THRESH (2*CHACHA20_KEY_SIZE)
+@@ -838,7 +838,7 @@ static int crng_fast_load(const char *cp, size_t len)
+ 
+ 	if (!spin_trylock_irqsave(&primary_crng.lock, flags))
+ 		return 0;
+-	if (crng_init != 0) {
++	if (crng_ready()) {
+ 		spin_unlock_irqrestore(&primary_crng.lock, flags);
+ 		return 0;
+ 	}
+@@ -913,7 +913,7 @@ static void _extract_crng(struct crng_state *crng,
+ {
+ 	unsigned long v, flags;
+ 
+-	if (crng_ready() &&
++	if (crng_init > 1 &&
+ 	    (time_after(crng_global_init_time, crng->init_time) ||
+ 	     time_after(jiffies, crng->init_time + CRNG_RESEED_INTERVAL)))
+ 		crng_reseed(crng, crng == &primary_crng ? &input_pool : NULL);
+@@ -1200,7 +1200,7 @@ void add_interrupt_randomness(int irq, int irq_flags)
+ 	fast_mix(fast_pool);
+ 	add_interrupt_bench(cycles);
+ 
+-	if (unlikely(crng_init == 0)) {
++	if (!crng_ready()) {
+ 		if ((fast_pool->count >= 64) &&
+ 		    crng_fast_load((char *) fast_pool->pool,
+ 				   sizeof(fast_pool->pool))) {
+@@ -2269,7 +2269,7 @@ void add_hwgenerator_randomness(const char *buffer, size_t count,
+ {
+ 	struct entropy_store *poolp = &input_pool;
+ 
+-	if (unlikely(crng_init == 0)) {
++	if (!crng_ready()) {
+ 		crng_fast_load(buffer, count);
+ 		return;
+ 	}
+-- 
+2.17.0
+
diff --git a/kernel.spec b/kernel.spec
index f3a467382..6217d5966 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -655,6 +655,9 @@ Patch515: 0001-signal-Stop-special-casing-TRAP_FIXME-and-FPE_FIXME-.patch
 # CVE-2018-12714 rhbz 1595835 1595837
 Patch516: CVE-2018-12714.patch
 
+# rhbz 1572944
+Patch517: Revert-the-random-series-for-4.16.4.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1904,6 +1907,9 @@ fi
 #
 #
 %changelog
+* Fri Jun 29 2018 Jeremy Cline <jeremy@jcline.org>
+- Revert the CRNG init patches (rhbz 1572944)
+
 * Thu Jun 28 2018 Jeremy Cline <jeremy@jcline.org>
 - Fix CVE-2018-12714 (rhbz 1595835 1595837)