Linux v5.7.14

Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>

3 files changed, 5 insertions, 114 deletions

diff --git a/kernel.spec b/kernel.spec
index 3b02a59d4..e5d607096 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -92,7 +92,7 @@ Summary: The Linux kernel
 %if 0%{?released_kernel}
 
 # Do we have a -stable update to apply?
-%define stable_update 13
+%define stable_update 14
 # Set rpm version accordingly
 %if 0%{?stable_update}
 %define stablerev %{stable_update}
@@ -886,9 +886,6 @@ Patch124: 0001-PCI-Add-MCFG-quirks-for-Tegra194-host-controllers.patch
 # Work around a bug in gcc https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96377
 Patch126: 0001-Work-around-for-gcc-bug-https-gcc.gnu.org-bugzilla-s.patch
 
-# CVE-2020-16166 rhbz 1865751 1865752
-Patch127: random32-update-the-net-random-state-on-interrupt-and-activity.patch
-
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -2993,6 +2990,9 @@ fi
 #
 #
 %changelog
+* Fri Aug 07 2020 Justin M. Forbes <jforbes@fedoraproject.org> - 5.7.14-200
+- Linux v5.7.14
+
 * Wed Aug 05 2020 Justin M. Forbes <jforbes@fedoraproject.org> - 5.7.13-200
 - Linux v5.7.13
 - Fix CVE-2020-16166 (rhbz 1865751 1865752)
diff --git a/random32-update-the-net-random-state-on-interrupt-and-activity.patch b/random32-update-the-net-random-state-on-interrupt-and-activity.patch
deleted file mode 100644
index e929c9976..000000000
--- a/random32-update-the-net-random-state-on-interrupt-and-activity.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From f227e3ec3b5cad859ad15666874405e8c1bbc1d4 Mon Sep 17 00:00:00 2001
-From: Willy Tarreau <w@1wt.eu>
-Date: Fri, 10 Jul 2020 15:23:19 +0200
-Subject: random32: update the net random state on interrupt and activity
-
-From: Willy Tarreau <w@1wt.eu>
-
-commit f227e3ec3b5cad859ad15666874405e8c1bbc1d4 upstream.
-
-This modifies the first 32 bits out of the 128 bits of a random CPU's
-net_rand_state on interrupt or CPU activity to complicate remote
-observations that could lead to guessing the network RNG's internal
-state.
-
-Note that depending on some network devices' interrupt rate moderation
-or binding, this re-seeding might happen on every packet or even almost
-never.
-
-In addition, with NOHZ some CPUs might not even get timer interrupts,
-leaving their local state rarely updated, while they are running
-networked processes making use of the random state.  For this reason, we
-also perform this update in update_process_times() in order to at least
-update the state when there is user or system activity, since it's the
-only case we care about.
-
-Reported-by: Amit Klein <aksecurity@gmail.com>
-Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Eric Dumazet <edumazet@google.com>
-Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: Kees Cook <keescook@chromium.org>
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: <stable@vger.kernel.org>
-Signed-off-by: Willy Tarreau <w@1wt.eu>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/char/random.c  |    1 +
- include/linux/random.h |    3 +++
- kernel/time/timer.c    |    8 ++++++++
- lib/random32.c         |    2 +-
- 4 files changed, 13 insertions(+), 1 deletion(-)
-
---- a/drivers/char/random.c
-+++ b/drivers/char/random.c
-@@ -1277,6 +1277,7 @@ void add_interrupt_randomness(int irq, i
- 
- 	fast_mix(fast_pool);
- 	add_interrupt_bench(cycles);
-+	this_cpu_add(net_rand_state.s1, fast_pool->pool[cycles & 3]);
- 
- 	if (unlikely(crng_init == 0)) {
- 		if ((fast_pool->count >= 64) &&
---- a/include/linux/random.h
-+++ b/include/linux/random.h
-@@ -11,6 +11,7 @@
- #include <linux/kernel.h>
- #include <linux/list.h>
- #include <linux/once.h>
-+#include <linux/percpu.h>
- 
- #include <uapi/linux/random.h>
- 
-@@ -119,6 +120,8 @@ struct rnd_state {
- 	__u32 s1, s2, s3, s4;
- };
- 
-+DECLARE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy;
-+
- u32 prandom_u32_state(struct rnd_state *state);
- void prandom_bytes_state(struct rnd_state *state, void *buf, size_t nbytes);
- void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state);
---- a/kernel/time/timer.c
-+++ b/kernel/time/timer.c
-@@ -43,6 +43,7 @@
- #include <linux/sched/debug.h>
- #include <linux/slab.h>
- #include <linux/compat.h>
-+#include <linux/random.h>
- 
- #include <linux/uaccess.h>
- #include <asm/unistd.h>
-@@ -1743,6 +1744,13 @@ void update_process_times(int user_tick)
- 	scheduler_tick();
- 	if (IS_ENABLED(CONFIG_POSIX_TIMERS))
- 		run_posix_cpu_timers();
-+
-+	/* The current CPU might make use of net randoms without receiving IRQs
-+	 * to renew them often enough. Let's update the net_rand_state from a
-+	 * non-constant value that's not affine to the number of calls to make
-+	 * sure it's updated when there's some activity (we don't care in idle).
-+	 */
-+	this_cpu_add(net_rand_state.s1, rol32(jiffies, 24) + user_tick);
- }
- 
- /**
---- a/lib/random32.c
-+++ b/lib/random32.c
-@@ -48,7 +48,7 @@ static inline void prandom_state_selftes
- }
- #endif
- 
--static DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy;
-+DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy;
- 
- /**
-  *	prandom_u32_state - seeded pseudo-random number generator.
diff --git a/sources b/sources
index b2914981f..f32f66a3d 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 SHA512 (linux-5.7.tar.xz) = 45bde01593f6147c8c169b9e46b4b56eee998142552ae0ff82f1dd21b1fd54f3b32f6283f6bd77ea717d374672167849e468c157f235d2f12f7d7816e4623bf6
-SHA512 (patch-5.7.13.xz) = cc0df5bcbc9b566455bfebd3f297a63f956d4f92546ded4dd2150b012ba9b100c1735257c17225ad30f8c01c000f870056dabe9d8b06945449b7514375b70a91
+SHA512 (patch-5.7.14.xz) = 573020353ab4e998afdb9fdefa1d22108385267583d632cacfb307a3d42e69871426e19f31a554759a7f99a1cd62c1d0714e5c5a7a1dba964015e4e8ceaf9cee