summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJustin M. Forbes <jforbes@fedoraproject.org>2022-05-30 11:31:04 -0500
committerJustin M. Forbes <jforbes@fedoraproject.org>2022-05-30 11:31:04 -0500
commit6052dbb31326629a584ad20d037156062c49f7e5 (patch)
treed13b53b091dc35bf25776ac8c670e89464fa1c15
parente916ca478150e25e9f251369dcd44f05fd9a22d4 (diff)
downloadkernel-6052dbb31326629a584ad20d037156062c49f7e5.tar.gz
kernel-6052dbb31326629a584ad20d037156062c49f7e5.tar.xz
kernel-6052dbb31326629a584ad20d037156062c49f7e5.zip
kernel-5.17.12-0
* Mon May 30 2022 Justin M. Forbes <jforbes@fedoraproject.org> [5.17.12-0] - Revert "crypto: rng - Override drivers/char/random in FIPS mode" (Justin M. Forbes) - Revert "random: Add hook to override device reads and getrandom(2)" (Justin M. Forbes) Resolves: rhbz# Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
-rw-r--r--Patchlist.changelog6
-rwxr-xr-xkernel.spec12
-rw-r--r--patch-5.17-redhat.patch312
-rw-r--r--sources6
4 files changed, 19 insertions, 317 deletions
diff --git a/Patchlist.changelog b/Patchlist.changelog
index 2d1781fbe..66a6bbdb1 100644
--- a/Patchlist.changelog
+++ b/Patchlist.changelog
@@ -1,3 +1,9 @@
+"https://gitlab.com/cki-project/kernel-ark/-/commit"/77da23276919a734b100b4856457d1b4c856e758
+ 77da23276919a734b100b4856457d1b4c856e758 Revert "crypto: rng - Override drivers/char/random in FIPS mode"
+
+"https://gitlab.com/cki-project/kernel-ark/-/commit"/41f81f1faeab51ba2fe611184467ca22379d50e5
+ 41f81f1faeab51ba2fe611184467ca22379d50e5 Revert "random: Add hook to override device reads and getrandom(2)"
+
"https://gitlab.com/cki-project/kernel-ark/-/commit"/205bec68a0ea67b6bff6fea9603b7b8aeacc9d46
205bec68a0ea67b6bff6fea9603b7b8aeacc9d46 drivers/firmware: skip simpledrm if nvidia-drm.modeset=1 is set
diff --git a/kernel.spec b/kernel.spec
index 07e9104c2..066aa6521 100755
--- a/kernel.spec
+++ b/kernel.spec
@@ -130,7 +130,7 @@ Summary: The Linux kernel
# The kernel tarball/base version
%define kversion 5.17
-%define rpmversion 5.17.11
+%define rpmversion 5.17.12
%define patchversion 5.17
%define pkgrelease 300
@@ -695,7 +695,7 @@ BuildRequires: lld
# exact git commit you can run
#
# xzcat -qq ${TARBALL} | git get-tar-commit-id
-Source0: linux-5.17.11.tar.xz
+Source0: linux-5.17.12.tar.xz
Source1: Makefile.rhelver
@@ -1387,8 +1387,8 @@ ApplyOptionalPatch()
fi
}
-%setup -q -n kernel-5.17.11 -c
-mv linux-5.17.11 linux-%{KVERREL}
+%setup -q -n kernel-5.17.12 -c
+mv linux-5.17.12 linux-%{KVERREL}
cd linux-%{KVERREL}
cp -a %{SOURCE1} .
@@ -3015,6 +3015,10 @@ fi
#
#
%changelog
+* Mon May 30 2022 Justin M. Forbes <jforbes@fedoraproject.org> [5.17.12-0]
+- Revert "crypto: rng - Override drivers/char/random in FIPS mode" (Justin M. Forbes)
+- Revert "random: Add hook to override device reads and getrandom(2)" (Justin M. Forbes)
+
* Wed May 25 2022 Justin M. Forbes <jforbes@fedoraproject.org> [5.17.11-0]
- Linux v5.17.11 (Justin M. Forbes)
diff --git a/patch-5.17-redhat.patch b/patch-5.17-redhat.patch
index 187a9f9e3..358dea787 100644
--- a/patch-5.17-redhat.patch
+++ b/patch-5.17-redhat.patch
@@ -10,14 +10,12 @@
arch/x86/boot/header.S | 4 +
arch/x86/include/asm/efi.h | 5 +
arch/x86/kernel/setup.c | 22 ++--
- crypto/rng.c | 73 +++++++++++-
drivers/acpi/apei/hest.c | 8 ++
drivers/acpi/irq.c | 17 ++-
drivers/acpi/scan.c | 9 ++
drivers/ata/libahci.c | 18 +++
drivers/char/ipmi/ipmi_dmi.c | 15 +++
drivers/char/ipmi/ipmi_msghandler.c | 16 ++-
- drivers/char/random.c | 115 +++++++++++++++++++
drivers/firmware/efi/Kconfig | 12 ++
drivers/firmware/efi/Makefile | 1 +
drivers/firmware/efi/efi.c | 124 +++++++++++++++------
@@ -46,7 +44,6 @@
include/linux/lsm_hooks.h | 6 +
include/linux/module.h | 1 +
include/linux/nfs_fs_sb.h | 1 +
- include/linux/random.h | 7 ++
include/linux/rmi.h | 1 +
include/linux/security.h | 5 +
init/Kconfig | 2 +-
@@ -60,7 +57,7 @@
security/lockdown/Kconfig | 13 +++
security/lockdown/lockdown.c | 1 +
security/security.c | 6 +
- 62 files changed, 997 insertions(+), 213 deletions(-)
+ 59 files changed, 803 insertions(+), 212 deletions(-)
diff --git a/Documentation/core-api/dma-attributes.rst b/Documentation/core-api/dma-attributes.rst
index 1887d92e8e92..17706dc91ec9 100644
@@ -112,7 +109,7 @@ index 000000000000..733a26bd887a
+
+endmenu
diff --git a/Makefile b/Makefile
-index b821f270a4ca..72a7c6958ea5 100644
+index 25c44dda0ef3..5af0d61c0782 100644
--- a/Makefile
+++ b/Makefile
@@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
@@ -304,103 +301,6 @@ index 90d7e1788c91..262198c48162 100644
reserve_initrd();
-diff --git a/crypto/rng.c b/crypto/rng.c
-index fea082b25fe4..50a9d040bed1 100644
---- a/crypto/rng.c
-+++ b/crypto/rng.c
-@@ -11,14 +11,17 @@
- #include <linux/atomic.h>
- #include <crypto/internal/rng.h>
- #include <linux/err.h>
-+#include <linux/fips.h>
-+#include <linux/kernel.h>
- #include <linux/module.h>
- #include <linux/mutex.h>
- #include <linux/random.h>
- #include <linux/seq_file.h>
-+#include <linux/sched.h>
-+#include <linux/sched/signal.h>
- #include <linux/slab.h>
- #include <linux/string.h>
- #include <linux/cryptouser.h>
--#include <linux/compiler.h>
- #include <net/netlink.h>
-
- #include "internal.h"
-@@ -224,5 +227,73 @@ void crypto_unregister_rngs(struct rng_alg *algs, int count)
- }
- EXPORT_SYMBOL_GPL(crypto_unregister_rngs);
-
-+static ssize_t crypto_devrandom_read(void __user *buf, size_t buflen)
-+{
-+ u8 tmp[256];
-+ ssize_t ret;
-+
-+ if (!buflen)
-+ return 0;
-+
-+ ret = crypto_get_default_rng();
-+ if (ret)
-+ return ret;
-+
-+ for (;;) {
-+ int err;
-+ int i;
-+
-+ i = min_t(int, buflen, sizeof(tmp));
-+ err = crypto_rng_get_bytes(crypto_default_rng, tmp, i);
-+ if (err) {
-+ ret = err;
-+ break;
-+ }
-+
-+ if (copy_to_user(buf, tmp, i)) {
-+ ret = -EFAULT;
-+ break;
-+ }
-+
-+ buflen -= i;
-+ buf += i;
-+ ret += i;
-+
-+ if (!buflen)
-+ break;
-+
-+ if (need_resched()) {
-+ if (signal_pending(current))
-+ break;
-+ schedule();
-+ }
-+ }
-+
-+ crypto_put_default_rng();
-+ memzero_explicit(tmp, sizeof(tmp));
-+
-+ return ret;
-+}
-+
-+static const struct random_extrng crypto_devrandom_rng = {
-+ .extrng_read = crypto_devrandom_read,
-+ .owner = THIS_MODULE,
-+};
-+
-+static int __init crypto_rng_init(void)
-+{
-+ if (fips_enabled)
-+ random_register_extrng(&crypto_devrandom_rng);
-+ return 0;
-+}
-+
-+static void __exit crypto_rng_exit(void)
-+{
-+ random_unregister_extrng();
-+}
-+
-+late_initcall(crypto_rng_init);
-+module_exit(crypto_rng_exit);
-+
- MODULE_LICENSE("GPL");
- MODULE_DESCRIPTION("Random Number Generator");
diff --git a/drivers/acpi/apei/hest.c b/drivers/acpi/apei/hest.c
index 6aef1ee5e1bd..8f146b1b4972 100644
--- a/drivers/acpi/apei/hest.c
@@ -573,189 +473,6 @@ index f1827257ef0e..5a45c2cd3dc2 100644
mutex_lock(&ipmi_interfaces_mutex);
rv = ipmi_register_driver();
mutex_unlock(&ipmi_interfaces_mutex);
-diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 3404a91edf29..184dbb94710c 100644
---- a/drivers/char/random.c
-+++ b/drivers/char/random.c
-@@ -344,6 +344,7 @@
- #include <linux/syscalls.h>
- #include <linux/completion.h>
- #include <linux/uuid.h>
-+#include <linux/rcupdate.h>
- #include <crypto/chacha.h>
- #include <crypto/blake2s.h>
-
-@@ -358,6 +359,11 @@
-
- /* #define ADD_INTERRUPT_BENCH */
-
-+/*
-+ * Hook for external RNG.
-+ */
-+static const struct random_extrng __rcu *extrng;
-+
- /*
- * If the entropy count falls under this number of bits, then we
- * should wake up processes which are selecting or polling on write
-@@ -486,6 +492,9 @@ static int ratelimit_disable __read_mostly;
- module_param_named(ratelimit_disable, ratelimit_disable, int, 0644);
- MODULE_PARM_DESC(ratelimit_disable, "Disable random ratelimit suppression");
-
-+static const struct file_operations extrng_random_fops;
-+static const struct file_operations extrng_urandom_fops;
-+
- /**********************************************************************
- *
- * OS independent entropy store. Here are the functions which handle
-@@ -1775,6 +1784,13 @@ static __poll_t random_poll(struct file *file, poll_table *wait)
- return mask;
- }
-
-+static __poll_t
-+extrng_poll(struct file *file, poll_table * wait)
-+{
-+ /* extrng pool is always full, always read, no writes */
-+ return EPOLLIN | EPOLLRDNORM;
-+}
-+
- static int write_pool(const char __user *buffer, size_t count)
- {
- size_t bytes;
-@@ -1879,7 +1895,58 @@ static int random_fasync(int fd, struct file *filp, int on)
- return fasync_helper(fd, filp, on, &fasync);
- }
-
-+static int random_open(struct inode *inode, struct file *filp)
-+{
-+ const struct random_extrng *rng;
-+
-+ rcu_read_lock();
-+ rng = rcu_dereference(extrng);
-+ if (rng && !try_module_get(rng->owner))
-+ rng = NULL;
-+ rcu_read_unlock();
-+
-+ if (!rng)
-+ return 0;
-+
-+ filp->f_op = &extrng_random_fops;
-+ filp->private_data = rng->owner;
-+
-+ return 0;
-+}
-+
-+static int urandom_open(struct inode *inode, struct file *filp)
-+{
-+ const struct random_extrng *rng;
-+
-+ rcu_read_lock();
-+ rng = rcu_dereference(extrng);
-+ if (rng && !try_module_get(rng->owner))
-+ rng = NULL;
-+ rcu_read_unlock();
-+
-+ if (!rng)
-+ return 0;
-+
-+ filp->f_op = &extrng_urandom_fops;
-+ filp->private_data = rng->owner;
-+
-+ return 0;
-+}
-+
-+static int extrng_release(struct inode *inode, struct file *filp)
-+{
-+ module_put(filp->private_data);
-+ return 0;
-+}
-+
-+static ssize_t
-+extrng_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
-+{
-+ return rcu_dereference_raw(extrng)->extrng_read(buf, nbytes);
-+}
-+
- const struct file_operations random_fops = {
-+ .open = random_open,
- .read = random_read,
- .write = random_write,
- .poll = random_poll,
-@@ -1890,6 +1957,7 @@ const struct file_operations random_fops = {
- };
-
- const struct file_operations urandom_fops = {
-+ .open = urandom_open,
- .read = urandom_read,
- .write = random_write,
- .unlocked_ioctl = random_ioctl,
-@@ -1898,9 +1966,31 @@ const struct file_operations urandom_fops = {
- .llseek = noop_llseek,
- };
-
-+static const struct file_operations extrng_random_fops = {
-+ .open = random_open,
-+ .read = extrng_read,
-+ .write = random_write,
-+ .poll = extrng_poll,
-+ .unlocked_ioctl = random_ioctl,
-+ .fasync = random_fasync,
-+ .llseek = noop_llseek,
-+ .release = extrng_release,
-+};
-+
-+static const struct file_operations extrng_urandom_fops = {
-+ .open = urandom_open,
-+ .read = extrng_read,
-+ .write = random_write,
-+ .unlocked_ioctl = random_ioctl,
-+ .fasync = random_fasync,
-+ .llseek = noop_llseek,
-+ .release = extrng_release,
-+};
-+
- SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count, unsigned int,
- flags)
- {
-+ const struct random_extrng *rng;
- int ret;
-
- if (flags & ~(GRND_NONBLOCK | GRND_RANDOM | GRND_INSECURE))
-@@ -1916,6 +2006,18 @@ SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count, unsigned int,
- if (count > INT_MAX)
- count = INT_MAX;
-
-+ rcu_read_lock();
-+ rng = rcu_dereference(extrng);
-+ if (rng && !try_module_get(rng->owner))
-+ rng = NULL;
-+ rcu_read_unlock();
-+
-+ if (rng) {
-+ ret = rng->extrng_read(buf, count);
-+ module_put(rng->owner);
-+ return ret;
-+ }
-+
- if (!(flags & GRND_INSECURE) && !crng_ready()) {
- if (flags & GRND_NONBLOCK)
- return -EAGAIN;
-@@ -2235,3 +2337,16 @@ void add_bootloader_randomness(const void *buf, unsigned int size)
- add_device_randomness(buf, size);
- }
- EXPORT_SYMBOL_GPL(add_bootloader_randomness);
-+
-+void random_register_extrng(const struct random_extrng *rng)
-+{
-+ rcu_assign_pointer(extrng, rng);
-+}
-+EXPORT_SYMBOL_GPL(random_register_extrng);
-+
-+void random_unregister_extrng(void)
-+{
-+ RCU_INIT_POINTER(extrng, NULL);
-+ synchronize_rcu();
-+}
-+EXPORT_SYMBOL_GPL(random_unregister_extrng);
diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig
index 2c3dac5ecb36..f44f8b746e42 100644
--- a/drivers/firmware/efi/Kconfig
@@ -2143,31 +1860,6 @@ index ca0959e51e81..b0e3fd550122 100644
unsigned int fattr_valid; /* Valid attributes */
unsigned int caps; /* server capabilities */
-diff --git a/include/linux/random.h b/include/linux/random.h
-index c45b2693e51f..4edfdb3e44a9 100644
---- a/include/linux/random.h
-+++ b/include/linux/random.h
-@@ -14,6 +14,11 @@
-
- #include <uapi/linux/random.h>
-
-+struct random_extrng {
-+ ssize_t (*extrng_read)(void __user *buf, size_t buflen);
-+ struct module *owner;
-+};
-+
- struct random_ready_callback {
- struct list_head list;
- void (*func)(struct random_ready_callback *rdy);
-@@ -44,6 +49,8 @@ extern bool rng_is_initialized(void);
- extern int add_random_ready_callback(struct random_ready_callback *rdy);
- extern void del_random_ready_callback(struct random_ready_callback *rdy);
- extern int __must_check get_random_bytes_arch(void *buf, int nbytes);
-+void random_register_extrng(const struct random_extrng *rng);
-+void random_unregister_extrng(void);
-
- #ifndef MODULE
- extern const struct file_operations random_fops, urandom_fops;
diff --git a/include/linux/rmi.h b/include/linux/rmi.h
index ab7eea01ab42..fff7c5f737fc 100644
--- a/include/linux/rmi.h
diff --git a/sources b/sources
index 5f67dc4c9..3cb1848f6 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-5.17.11.tar.xz) = 6a2a02537326b8425ca90ab3f3e23b5551956c400a15818eeaac77701e83ddd31629d44875887332fb4ac05fc2dbd0a0a964291f90efa428012f0f7d682e694a
-SHA512 (kernel-abi-stablelists-5.17.11-300.tar.bz2) = 9f30c4a984c4588d6fae8945dade766a19ffb835672d156c22adf83bc1c4ce43fb2de4444b8f206c8827d5d723339a989f56630a819713cadba157dd9c9e5db0
-SHA512 (kernel-kabi-dw-5.17.11-300.tar.bz2) = a151ebd022193373624fb17d9e67ab6319bc20aba15e94e44cf1ae87e071eeee1f2baf9afa9a71722c1ceebe420ad65f57f480d0bd441c93926f87b09beeeedd
+SHA512 (linux-5.17.12.tar.xz) = bdf54320810a1ed1b303b89730aec2fa0e68e45b96c813a15f5cca60e6ce765c0b1a3d4fd39317765227429f206172c709df17741138c6b3e7cbc73ca98cb61d
+SHA512 (kernel-abi-stablelists-5.17.12-300.tar.bz2) = 78ddae08718f2b52ba8a5d0618687319fe901bb71185b7e14302bdef93354a50c2d510e49e0e9f3e802583c0d2091801f405a958c1de5963e416c4b5fd51a2ee
+SHA512 (kernel-kabi-dw-5.17.12-300.tar.bz2) = 92d19a7604057d7c6997250dd0313b8a8d0b1d664dc99d022e4e8230d84cd1157ef954ff3cea4e9c3f98c2ab54126b48b12d6a92c36d6188223366ef431b55f0