diff options
author | Thorsten Leemhuis <fedora@leemhuis.info> | 2022-05-26 16:01:32 +0200 |
---|---|---|
committer | Thorsten Leemhuis <fedora@leemhuis.info> | 2022-05-26 16:01:32 +0200 |
commit | 1618a3aa690c80af124c46502c6f2e7e0da53d21 (patch) | |
tree | 3853bc863f32a14392a994b172415fba7164f13b /patch-5.19-redhat.patch | |
parent | c6c1d78ae0b64ba7ce14d607581c68b30d7df51f (diff) | |
parent | 51e2c2d825f3fe54f5825a4291b137bd5d90c233 (diff) | |
download | kernel-1618a3aa690c80af124c46502c6f2e7e0da53d21.tar.gz kernel-1618a3aa690c80af124c46502c6f2e7e0da53d21.tar.xz kernel-1618a3aa690c80af124c46502c6f2e7e0da53d21.zip |
Merge remote-tracking branch 'origin/rawhide' into rawhide-user-thl-vanilla-fedora
Diffstat (limited to 'patch-5.19-redhat.patch')
-rw-r--r-- | patch-5.19-redhat.patch | 473 |
1 files changed, 409 insertions, 64 deletions
diff --git a/patch-5.19-redhat.patch b/patch-5.19-redhat.patch index f104260a0..6543d4f72 100644 --- a/patch-5.19-redhat.patch +++ b/patch-5.19-redhat.patch @@ -17,7 +17,7 @@ drivers/ata/libahci.c | 18 + drivers/char/ipmi/ipmi_dmi.c | 15 + drivers/char/ipmi/ipmi_msghandler.c | 16 +- - drivers/char/random.c | 117 +++++ + drivers/char/random.c | 113 +++++ drivers/firmware/efi/Makefile | 1 + drivers/firmware/efi/efi.c | 124 +++-- drivers/firmware/efi/secureboot.c | 38 ++ @@ -50,7 +50,7 @@ include/linux/module.h | 1 + include/linux/panic.h | 19 +- include/linux/pci.h | 16 + - include/linux/random.h | 7 + + include/linux/random.h | 8 + include/linux/rh_kabi.h | 515 +++++++++++++++++++++ include/linux/rmi.h | 1 + include/linux/security.h | 5 + @@ -68,13 +68,13 @@ security/lockdown/Kconfig | 13 + security/lockdown/lockdown.c | 1 + security/security.c | 6 + - 70 files changed, 1740 insertions(+), 188 deletions(-) + 70 files changed, 1737 insertions(+), 188 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt -index 9336d98fc670..1d5b55831eab 100644 +index 2d67cdfbf9c9..58db5556bebf 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -6206,6 +6206,15 @@ +@@ -6218,6 +6218,15 @@ unknown_nmi_panic [X86] Cause panic on unknown NMI. @@ -124,7 +124,7 @@ index 000000000000..effb81d04bfd + +endmenu diff --git a/Makefile b/Makefile -index 7d5b0bfe7960..f177a46bcf21 100644 +index bbcd3abf2f4d..a81e9800d70d 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ @@ -138,7 +138,7 @@ index 7d5b0bfe7960..f177a46bcf21 100644 # We are using a recursive build, so we need to do a little thinking # to get the ordering right. # -@@ -1238,7 +1242,13 @@ define filechk_version.h +@@ -1239,7 +1243,13 @@ define filechk_version.h ((c) > 255 ? 255 : (c)))'; \ echo \#define LINUX_VERSION_MAJOR $(VERSION); \ echo \#define LINUX_VERSION_PATCHLEVEL $(PATCHLEVEL); \ @@ -614,7 +614,7 @@ index bbf7029e224b..cf7faa970dd6 100644 dmi_decode_ipmi((const struct dmi_header *) dev->device_data); diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c -index f1827257ef0e..5a45c2cd3dc2 100644 +index 703433493c85..6b1b102b9b7d 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c +++ b/drivers/char/ipmi/ipmi_msghandler.c @@ -35,6 +35,7 @@ @@ -625,7 +625,7 @@ index f1827257ef0e..5a45c2cd3dc2 100644 #include <linux/delay.h> #define IPMI_DRIVER_VERSION "39.2" -@@ -5427,8 +5428,21 @@ static int __init ipmi_init_msghandler_mod(void) +@@ -5516,8 +5517,21 @@ static int __init ipmi_init_msghandler_mod(void) { int rv; @@ -649,19 +649,19 @@ index f1827257ef0e..5a45c2cd3dc2 100644 rv = ipmi_register_driver(); mutex_unlock(&ipmi_interfaces_mutex); diff --git a/drivers/char/random.c b/drivers/char/random.c -index 4c9adb4f3d5d..7d1ac2256012 100644 +index b691b9d59503..5d7a1fdf1edd 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -53,6 +53,7 @@ - #include <linux/completion.h> - #include <linux/uuid.h> #include <linux/uaccess.h> + #include <linux/suspend.h> + #include <linux/siphash.h> +#include <linux/rcupdate.h> #include <crypto/chacha.h> #include <crypto/blake2s.h> #include <asm/processor.h> -@@ -366,6 +367,11 @@ static bool crng_has_old_seed(void) - return time_after(jiffies, READ_ONCE(base_crng.birth) + interval); +@@ -281,6 +282,11 @@ static bool crng_has_old_seed(void) + return time_is_before_jiffies(READ_ONCE(base_crng.birth) + interval); } +/* @@ -672,8 +672,8 @@ index 4c9adb4f3d5d..7d1ac2256012 100644 /* * This function returns a ChaCha state that you may use for generating * random data. It also returns up to 32 bytes on its own of random data -@@ -756,6 +762,9 @@ size_t __must_check get_random_bytes_arch(void *buf, size_t nbytes) - EXPORT_SYMBOL(get_random_bytes_arch); +@@ -669,6 +675,9 @@ static void __cold _credit_init_bits(size_t bits) + } +static const struct file_operations extrng_random_fops; @@ -681,8 +681,8 @@ index 4c9adb4f3d5d..7d1ac2256012 100644 + /********************************************************************** * - * Entropy accumulation and extraction routines. -@@ -1184,6 +1193,19 @@ void add_bootloader_randomness(const void *buf, size_t size) + * Entropy collection routines. +@@ -873,6 +882,19 @@ void __cold add_bootloader_randomness(const void *buf, size_t len) } EXPORT_SYMBOL_GPL(add_bootloader_randomness); @@ -702,18 +702,17 @@ index 4c9adb4f3d5d..7d1ac2256012 100644 #if IS_ENABLED(CONFIG_VMGENID) static BLOCKING_NOTIFIER_HEAD(vmfork_chain); -@@ -1466,6 +1488,8 @@ static void try_to_generate_entropy(void) - SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count, unsigned int, - flags) - { +@@ -1243,6 +1265,7 @@ SYSCALL_DEFINE3(getrandom, char __user *, ubuf, size_t, len, unsigned int, flags + struct iov_iter iter; + struct iovec iov; + int ret; + const struct random_extrng *rng; -+ + if (flags & ~(GRND_NONBLOCK | GRND_RANDOM | GRND_INSECURE)) return -EINVAL; - -@@ -1479,6 +1503,21 @@ SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count, unsigned int, - if (count > INT_MAX) - count = INT_MAX; +@@ -1254,6 +1277,18 @@ SYSCALL_DEFINE3(getrandom, char __user *, ubuf, size_t, len, unsigned int, flags + if ((flags & (GRND_INSECURE | GRND_RANDOM)) == (GRND_INSECURE | GRND_RANDOM)) + return -EINVAL; + rcu_read_lock(); + rng = rcu_dereference(extrng); @@ -722,19 +721,16 @@ index 4c9adb4f3d5d..7d1ac2256012 100644 + rcu_read_unlock(); + + if (rng) { -+ int ret; -+ + ret = rng->extrng_read(buf, count); + module_put(rng->owner); + return ret; + } + -+ - if (!(flags & GRND_INSECURE) && !crng_ready()) { - int ret; - -@@ -1505,6 +1544,12 @@ static __poll_t random_poll(struct file *file, poll_table *wait) - return mask; + if (!crng_ready() && !(flags & GRND_INSECURE)) { + if (flags & GRND_NONBLOCK) + return -EAGAIN; +@@ -1274,6 +1309,12 @@ static __poll_t random_poll(struct file *file, poll_table *wait) + return crng_ready() ? EPOLLIN | EPOLLRDNORM : EPOLLOUT | EPOLLWRNORM; } +static __poll_t extrng_poll(struct file *file, poll_table * wait) @@ -743,10 +739,10 @@ index 4c9adb4f3d5d..7d1ac2256012 100644 + return EPOLLIN | EPOLLRDNORM; +} + - static int write_pool(const char __user *ubuf, size_t count) + static ssize_t write_pool_user(struct iov_iter *iter) { - size_t len; -@@ -1638,7 +1683,58 @@ static int random_fasync(int fd, struct file *filp, int on) + u8 block[BLAKE2S_BLOCK_SIZE]; +@@ -1410,7 +1451,58 @@ static int random_fasync(int fd, struct file *filp, int on) return fasync_helper(fd, filp, on, &fasync); } @@ -802,19 +798,19 @@ index 4c9adb4f3d5d..7d1ac2256012 100644 + const struct file_operations random_fops = { + .open = random_open, - .read = random_read, - .write = random_write, + .read_iter = random_read_iter, + .write_iter = random_write_iter, .poll = random_poll, -@@ -1649,6 +1745,7 @@ const struct file_operations random_fops = { +@@ -1423,6 +1515,7 @@ const struct file_operations random_fops = { }; const struct file_operations urandom_fops = { + .open = urandom_open, - .read = urandom_read, - .write = random_write, + .read_iter = urandom_read_iter, + .write_iter = random_write_iter, .unlocked_ioctl = random_ioctl, -@@ -1657,6 +1754,26 @@ const struct file_operations urandom_fops = { - .llseek = noop_llseek, +@@ -1433,6 +1526,26 @@ const struct file_operations urandom_fops = { + .splice_write = iter_file_splice_write, }; +static const struct file_operations extrng_random_fops = { @@ -2176,7 +2172,7 @@ index fe6efb24d151..85b185391da7 100644 + #endif diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h -index db924fe379c9..1169d78af2de 100644 +index eafa1d2489fd..8a7165ea78d5 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -394,6 +394,8 @@ LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free_security, struct bpf_prog_aux *aux) @@ -2189,10 +2185,10 @@ index db924fe379c9..1169d78af2de 100644 #ifdef CONFIG_PERF_EVENTS LSM_HOOK(int, 0, perf_event_open, struct perf_event_attr *attr, int type) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h -index 419b5febc3ca..491323dfe4e0 100644 +index 91c8146649f5..42a73934404e 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h -@@ -1549,6 +1549,12 @@ +@@ -1550,6 +1550,12 @@ * * @what: kernel feature being accessed * @@ -2275,7 +2271,7 @@ index 60adf42460ab..a3f0f828a346 100644 int pass); diff --git a/include/linux/random.h b/include/linux/random.h -index f673fbb838b3..78feae818cc7 100644 +index fae0c84027fd..c36b7c412de2 100644 --- a/include/linux/random.h +++ b/include/linux/random.h @@ -10,6 +10,11 @@ @@ -2289,16 +2285,17 @@ index f673fbb838b3..78feae818cc7 100644 + struct notifier_block; - extern void add_device_randomness(const void *, size_t); -@@ -46,6 +51,8 @@ extern bool rng_is_initialized(void); - extern int register_random_ready_notifier(struct notifier_block *nb); - extern int unregister_random_ready_notifier(struct notifier_block *nb); - extern size_t __must_check get_random_bytes_arch(void *buf, size_t nbytes); + void add_device_randomness(const void *buf, size_t len); +@@ -141,6 +146,9 @@ int random_prepare_cpu(unsigned int cpu); + int random_online_cpu(unsigned int cpu); + #endif + +void random_register_extrng(const struct random_extrng *rng); +void random_unregister_extrng(void); - ++ #ifndef MODULE extern const struct file_operations random_fops, urandom_fops; + #endif diff --git a/include/linux/rh_kabi.h b/include/linux/rh_kabi.h new file mode 100644 index 000000000000..c7b42c1f1681 @@ -2833,10 +2830,10 @@ index ab7eea01ab42..fff7c5f737fc 100644 int rmi_register_transport_device(struct rmi_transport_dev *xport); diff --git a/include/linux/security.h b/include/linux/security.h -index 25b3ef71f495..d37a6c88c69f 100644 +index 7fc4e9f49f54..6f0b0b2dc73d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h -@@ -471,6 +471,7 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); +@@ -473,6 +473,7 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); @@ -2844,7 +2841,7 @@ index 25b3ef71f495..d37a6c88c69f 100644 #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) -@@ -1347,6 +1348,10 @@ static inline int security_locked_down(enum lockdown_reason what) +@@ -1349,6 +1350,10 @@ static inline int security_locked_down(enum lockdown_reason what) { return 0; } @@ -2958,7 +2955,7 @@ index 8723ae70ea1f..fb2d773498c2 100644 + return ret; } diff --git a/kernel/panic.c b/kernel/panic.c -index eb4dfb932c85..310c8958e081 100644 +index 8355b19676f8..b38cf9d013c8 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -404,6 +404,20 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = { @@ -3260,10 +3257,10 @@ index 16d475b3e203..4e333f14b84e 100755 # Use make KBUILD_ABS_SRCTREE=1 {tags|cscope} # to force full paths for a non-O= build diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c -index 5f45c3c07dbd..86609ec63b86 100644 +index 093894a640dc..1c43a9462b4b 100644 --- a/security/integrity/platform_certs/load_uefi.c +++ b/security/integrity/platform_certs/load_uefi.c -@@ -47,7 +47,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, +@@ -73,7 +73,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, return NULL; if (*status != EFI_BUFFER_TOO_SMALL) { @@ -3273,7 +3270,7 @@ index 5f45c3c07dbd..86609ec63b86 100644 return NULL; } -@@ -58,7 +59,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, +@@ -84,7 +85,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, *status = efi.get_variable(name, guid, NULL, &lsize, db); if (*status != EFI_SUCCESS) { kfree(db); @@ -3320,10 +3317,10 @@ index 87cbdc64d272..18555cf18da7 100644 static int __init lockdown_lsm_init(void) diff --git a/security/security.c b/security/security.c -index b7cf5cbfdc67..3cde9062fcf6 100644 +index 188b8f782220..dab400de2335 100644 --- a/security/security.c +++ b/security/security.c -@@ -2623,6 +2623,12 @@ int security_locked_down(enum lockdown_reason what) +@@ -2617,6 +2617,12 @@ int security_locked_down(enum lockdown_reason what) } EXPORT_SYMBOL(security_locked_down); @@ -3336,3 +3333,351 @@ index b7cf5cbfdc67..3cde9062fcf6 100644 #ifdef CONFIG_PERF_EVENTS int security_perf_event_open(struct perf_event_attr *attr, int type) { +From 900f11e054896bae7b0146055698656e3d1e20a6 Mon Sep 17 00:00:00 2001 +From: "Justin M. Forbes" <jforbes@fedoraproject.org> +Date: Wed, 25 May 2022 15:55:40 -0500 +Subject: [PATCH] Revert random: Add hook to override device reads and + getrandom(2) + +The random system upstream is in a period of major rewrite. In the 5.18 +merge window, it took a considerable amount of time to message this into +the random.c rewrites. In the 5.19 merge window, rng->extrng_read(buf, +count); does not even compile, with buf and count undefined. As I do +not see the subsequent patch that allows the override with a FIPS rng, I +am just reverting the whole thing, and it can be added back when Herbert +has time or motivation to do so. + +Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org> +--- + drivers/char/random.c | 113 ----------------------------------------- + include/linux/random.h | 8 --- + 2 files changed, 121 deletions(-) + +diff --git a/drivers/char/random.c b/drivers/char/random.c +index 5d7a1fdf1edd..b691b9d59503 100644 +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -53,7 +53,6 @@ + #include <linux/uaccess.h> + #include <linux/suspend.h> + #include <linux/siphash.h> +-#include <linux/rcupdate.h> + #include <crypto/chacha.h> + #include <crypto/blake2s.h> + #include <asm/processor.h> +@@ -282,11 +281,6 @@ static bool crng_has_old_seed(void) + return time_is_before_jiffies(READ_ONCE(base_crng.birth) + interval); + } + +-/* +- * Hook for external RNG. +- */ +-static const struct random_extrng __rcu *extrng; +- + /* + * This function returns a ChaCha state that you may use for generating + * random data. It also returns up to 32 bytes on its own of random data +@@ -675,9 +669,6 @@ static void __cold _credit_init_bits(size_t bits) + } + + +-static const struct file_operations extrng_random_fops; +-static const struct file_operations extrng_urandom_fops; +- + /********************************************************************** + * + * Entropy collection routines. +@@ -882,19 +873,6 @@ void __cold add_bootloader_randomness(const void *buf, size_t len) + } + EXPORT_SYMBOL_GPL(add_bootloader_randomness); + +-void random_register_extrng(const struct random_extrng *rng) +-{ +- rcu_assign_pointer(extrng, rng); +-} +-EXPORT_SYMBOL_GPL(random_register_extrng); +- +-void random_unregister_extrng(void) +-{ +- RCU_INIT_POINTER(extrng, NULL); +- synchronize_rcu(); +-} +-EXPORT_SYMBOL_GPL(random_unregister_extrng); +- + #if IS_ENABLED(CONFIG_VMGENID) + static BLOCKING_NOTIFIER_HEAD(vmfork_chain); + +@@ -1265,7 +1243,6 @@ SYSCALL_DEFINE3(getrandom, char __user *, ubuf, size_t, len, unsigned int, flags + struct iov_iter iter; + struct iovec iov; + int ret; +- const struct random_extrng *rng; + + if (flags & ~(GRND_NONBLOCK | GRND_RANDOM | GRND_INSECURE)) + return -EINVAL; +@@ -1277,18 +1254,6 @@ SYSCALL_DEFINE3(getrandom, char __user *, ubuf, size_t, len, unsigned int, flags + if ((flags & (GRND_INSECURE | GRND_RANDOM)) == (GRND_INSECURE | GRND_RANDOM)) + return -EINVAL; + +- rcu_read_lock(); +- rng = rcu_dereference(extrng); +- if (rng && !try_module_get(rng->owner)) +- rng = NULL; +- rcu_read_unlock(); +- +- if (rng) { +- ret = rng->extrng_read(buf, count); +- module_put(rng->owner); +- return ret; +- } +- + if (!crng_ready() && !(flags & GRND_INSECURE)) { + if (flags & GRND_NONBLOCK) + return -EAGAIN; +@@ -1309,12 +1274,6 @@ static __poll_t random_poll(struct file *file, poll_table *wait) + return crng_ready() ? EPOLLIN | EPOLLRDNORM : EPOLLOUT | EPOLLWRNORM; + } + +-static __poll_t extrng_poll(struct file *file, poll_table * wait) +-{ +- /* extrng pool is always full, always read, no writes */ +- return EPOLLIN | EPOLLRDNORM; +-} +- + static ssize_t write_pool_user(struct iov_iter *iter) + { + u8 block[BLAKE2S_BLOCK_SIZE]; +@@ -1451,58 +1410,7 @@ static int random_fasync(int fd, struct file *filp, int on) + return fasync_helper(fd, filp, on, &fasync); + } + +-static int random_open(struct inode *inode, struct file *filp) +-{ +- const struct random_extrng *rng; +- +- rcu_read_lock(); +- rng = rcu_dereference(extrng); +- if (rng && !try_module_get(rng->owner)) +- rng = NULL; +- rcu_read_unlock(); +- +- if (!rng) +- return 0; +- +- filp->f_op = &extrng_random_fops; +- filp->private_data = rng->owner; +- +- return 0; +-} +- +-static int urandom_open(struct inode *inode, struct file *filp) +-{ +- const struct random_extrng *rng; +- +- rcu_read_lock(); +- rng = rcu_dereference(extrng); +- if (rng && !try_module_get(rng->owner)) +- rng = NULL; +- rcu_read_unlock(); +- +- if (!rng) +- return 0; +- +- filp->f_op = &extrng_urandom_fops; +- filp->private_data = rng->owner; +- +- return 0; +-} +- +-static int extrng_release(struct inode *inode, struct file *filp) +-{ +- module_put(filp->private_data); +- return 0; +-} +- +-static ssize_t +-extrng_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) +-{ +- return rcu_dereference_raw(extrng)->extrng_read(buf, nbytes); +-} +- + const struct file_operations random_fops = { +- .open = random_open, + .read_iter = random_read_iter, + .write_iter = random_write_iter, + .poll = random_poll, +@@ -1515,7 +1423,6 @@ const struct file_operations random_fops = { + }; + + const struct file_operations urandom_fops = { +- .open = urandom_open, + .read_iter = urandom_read_iter, + .write_iter = random_write_iter, + .unlocked_ioctl = random_ioctl, +@@ -1526,26 +1433,6 @@ const struct file_operations urandom_fops = { + .splice_write = iter_file_splice_write, + }; + +-static const struct file_operations extrng_random_fops = { +- .open = random_open, +- .read = extrng_read, +- .write = random_write, +- .poll = extrng_poll, +- .unlocked_ioctl = random_ioctl, +- .fasync = random_fasync, +- .llseek = noop_llseek, +- .release = extrng_release, +-}; +- +-static const struct file_operations extrng_urandom_fops = { +- .open = urandom_open, +- .read = extrng_read, +- .write = random_write, +- .unlocked_ioctl = random_ioctl, +- .fasync = random_fasync, +- .llseek = noop_llseek, +- .release = extrng_release, +-}; + + /******************************************************************** + * +diff --git a/include/linux/random.h b/include/linux/random.h +index c36b7c412de2..fae0c84027fd 100644 +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -10,11 +10,6 @@ + + #include <uapi/linux/random.h> + +-struct random_extrng { +- ssize_t (*extrng_read)(void __user *buf, size_t buflen); +- struct module *owner; +-}; +- + struct notifier_block; + + void add_device_randomness(const void *buf, size_t len); +@@ -146,9 +141,6 @@ int random_prepare_cpu(unsigned int cpu); + int random_online_cpu(unsigned int cpu); + #endif + +-void random_register_extrng(const struct random_extrng *rng); +-void random_unregister_extrng(void); +- + #ifndef MODULE + extern const struct file_operations random_fops, urandom_fops; + #endif +-- +2.36.1 + +From 297bcb88233101e8d5062729ff3a5f989bad1c3b Mon Sep 17 00:00:00 2001 +From: "Justin M. Forbes" <jforbes@fedoraproject.org> +Date: Wed, 25 May 2022 16:24:02 -0500 +Subject: [PATCH] Revert "crypto: rng - Override drivers/char/random in FIPS + mode" + +This reverts commit 427c8a54adcb92826faca4c40ef4591fe87e2fdf. +--- + crypto/rng.c | 73 +--------------------------------------------------- + 1 file changed, 1 insertion(+), 72 deletions(-) + +diff --git a/crypto/rng.c b/crypto/rng.c +index 50a9d040bed1..fea082b25fe4 100644 +--- a/crypto/rng.c ++++ b/crypto/rng.c +@@ -11,17 +11,14 @@ + #include <linux/atomic.h> + #include <crypto/internal/rng.h> + #include <linux/err.h> +-#include <linux/fips.h> +-#include <linux/kernel.h> + #include <linux/module.h> + #include <linux/mutex.h> + #include <linux/random.h> + #include <linux/seq_file.h> +-#include <linux/sched.h> +-#include <linux/sched/signal.h> + #include <linux/slab.h> + #include <linux/string.h> + #include <linux/cryptouser.h> ++#include <linux/compiler.h> + #include <net/netlink.h> + + #include "internal.h" +@@ -227,73 +224,5 @@ void crypto_unregister_rngs(struct rng_alg *algs, int count) + } + EXPORT_SYMBOL_GPL(crypto_unregister_rngs); + +-static ssize_t crypto_devrandom_read(void __user *buf, size_t buflen) +-{ +- u8 tmp[256]; +- ssize_t ret; +- +- if (!buflen) +- return 0; +- +- ret = crypto_get_default_rng(); +- if (ret) +- return ret; +- +- for (;;) { +- int err; +- int i; +- +- i = min_t(int, buflen, sizeof(tmp)); +- err = crypto_rng_get_bytes(crypto_default_rng, tmp, i); +- if (err) { +- ret = err; +- break; +- } +- +- if (copy_to_user(buf, tmp, i)) { +- ret = -EFAULT; +- break; +- } +- +- buflen -= i; +- buf += i; +- ret += i; +- +- if (!buflen) +- break; +- +- if (need_resched()) { +- if (signal_pending(current)) +- break; +- schedule(); +- } +- } +- +- crypto_put_default_rng(); +- memzero_explicit(tmp, sizeof(tmp)); +- +- return ret; +-} +- +-static const struct random_extrng crypto_devrandom_rng = { +- .extrng_read = crypto_devrandom_read, +- .owner = THIS_MODULE, +-}; +- +-static int __init crypto_rng_init(void) +-{ +- if (fips_enabled) +- random_register_extrng(&crypto_devrandom_rng); +- return 0; +-} +- +-static void __exit crypto_rng_exit(void) +-{ +- random_unregister_extrng(); +-} +- +-late_initcall(crypto_rng_init); +-module_exit(crypto_rng_exit); +- + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Random Number Generator"); +-- +2.36.1 + |