From 822b27a6f2f6f14f74ea448c67073fc2fa875b1a Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Fri, 7 Aug 2020 09:31:49 -0500 Subject: Linux v5.7.14 Signed-off-by: Justin M. Forbes --- kernel.spec | 8 +- ...et-random-state-on-interrupt-and-activity.patch | 109 --------------------- sources | 2 +- 3 files changed, 5 insertions(+), 114 deletions(-) delete mode 100644 random32-update-the-net-random-state-on-interrupt-and-activity.patch diff --git a/kernel.spec b/kernel.spec index 3b02a59d4..e5d607096 100644 --- a/kernel.spec +++ b/kernel.spec @@ -92,7 +92,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 13 +%define stable_update 14 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -886,9 +886,6 @@ Patch124: 0001-PCI-Add-MCFG-quirks-for-Tegra194-host-controllers.patch # Work around a bug in gcc https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96377 Patch126: 0001-Work-around-for-gcc-bug-https-gcc.gnu.org-bugzilla-s.patch -# CVE-2020-16166 rhbz 1865751 1865752 -Patch127: random32-update-the-net-random-state-on-interrupt-and-activity.patch - # END OF PATCH DEFINITIONS %endif @@ -2993,6 +2990,9 @@ fi # # %changelog +* Fri Aug 07 2020 Justin M. Forbes - 5.7.14-200 +- Linux v5.7.14 + * Wed Aug 05 2020 Justin M. Forbes - 5.7.13-200 - Linux v5.7.13 - Fix CVE-2020-16166 (rhbz 1865751 1865752) diff --git a/random32-update-the-net-random-state-on-interrupt-and-activity.patch b/random32-update-the-net-random-state-on-interrupt-and-activity.patch deleted file mode 100644 index e929c9976..000000000 --- a/random32-update-the-net-random-state-on-interrupt-and-activity.patch +++ /dev/null @@ -1,109 +0,0 @@ -From f227e3ec3b5cad859ad15666874405e8c1bbc1d4 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Fri, 10 Jul 2020 15:23:19 +0200 -Subject: random32: update the net random state on interrupt and activity - -From: Willy Tarreau - -commit f227e3ec3b5cad859ad15666874405e8c1bbc1d4 upstream. - -This modifies the first 32 bits out of the 128 bits of a random CPU's -net_rand_state on interrupt or CPU activity to complicate remote -observations that could lead to guessing the network RNG's internal -state. - -Note that depending on some network devices' interrupt rate moderation -or binding, this re-seeding might happen on every packet or even almost -never. - -In addition, with NOHZ some CPUs might not even get timer interrupts, -leaving their local state rarely updated, while they are running -networked processes making use of the random state. For this reason, we -also perform this update in update_process_times() in order to at least -update the state when there is user or system activity, since it's the -only case we care about. - -Reported-by: Amit Klein -Suggested-by: Linus Torvalds -Cc: Eric Dumazet -Cc: "Jason A. Donenfeld" -Cc: Andy Lutomirski -Cc: Kees Cook -Cc: Thomas Gleixner -Cc: Peter Zijlstra -Cc: -Signed-off-by: Willy Tarreau -Signed-off-by: Linus Torvalds -Signed-off-by: Greg Kroah-Hartman - ---- - drivers/char/random.c | 1 + - include/linux/random.h | 3 +++ - kernel/time/timer.c | 8 ++++++++ - lib/random32.c | 2 +- - 4 files changed, 13 insertions(+), 1 deletion(-) - ---- a/drivers/char/random.c -+++ b/drivers/char/random.c -@@ -1277,6 +1277,7 @@ void add_interrupt_randomness(int irq, i - - fast_mix(fast_pool); - add_interrupt_bench(cycles); -+ this_cpu_add(net_rand_state.s1, fast_pool->pool[cycles & 3]); - - if (unlikely(crng_init == 0)) { - if ((fast_pool->count >= 64) && ---- a/include/linux/random.h -+++ b/include/linux/random.h -@@ -11,6 +11,7 @@ - #include - #include - #include -+#include - - #include - -@@ -119,6 +120,8 @@ struct rnd_state { - __u32 s1, s2, s3, s4; - }; - -+DECLARE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy; -+ - u32 prandom_u32_state(struct rnd_state *state); - void prandom_bytes_state(struct rnd_state *state, void *buf, size_t nbytes); - void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state); ---- a/kernel/time/timer.c -+++ b/kernel/time/timer.c -@@ -43,6 +43,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -1743,6 +1744,13 @@ void update_process_times(int user_tick) - scheduler_tick(); - if (IS_ENABLED(CONFIG_POSIX_TIMERS)) - run_posix_cpu_timers(); -+ -+ /* The current CPU might make use of net randoms without receiving IRQs -+ * to renew them often enough. Let's update the net_rand_state from a -+ * non-constant value that's not affine to the number of calls to make -+ * sure it's updated when there's some activity (we don't care in idle). -+ */ -+ this_cpu_add(net_rand_state.s1, rol32(jiffies, 24) + user_tick); - } - - /** ---- a/lib/random32.c -+++ b/lib/random32.c -@@ -48,7 +48,7 @@ static inline void prandom_state_selftes - } - #endif - --static DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy; -+DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy; - - /** - * prandom_u32_state - seeded pseudo-random number generator. diff --git a/sources b/sources index b2914981f..f32f66a3d 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (linux-5.7.tar.xz) = 45bde01593f6147c8c169b9e46b4b56eee998142552ae0ff82f1dd21b1fd54f3b32f6283f6bd77ea717d374672167849e468c157f235d2f12f7d7816e4623bf6 -SHA512 (patch-5.7.13.xz) = cc0df5bcbc9b566455bfebd3f297a63f956d4f92546ded4dd2150b012ba9b100c1735257c17225ad30f8c01c000f870056dabe9d8b06945449b7514375b70a91 +SHA512 (patch-5.7.14.xz) = 573020353ab4e998afdb9fdefa1d22108385267583d632cacfb307a3d42e69871426e19f31a554759a7f99a1cd62c1d0714e5c5a7a1dba964015e4e8ceaf9cee -- cgit