From 38af44ceef8bd7fa9fc8a394435aba9329466afa Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Wed, 5 Aug 2020 11:28:50 -0500 Subject: Linux v5.7.13 Signed-off-by: Justin M. Forbes --- ...rkaround-for-spurious-wakeups-on-some-Int.patch | 88 ----------------- kernel.spec | 12 ++- ...et-random-state-on-interrupt-and-activity.patch | 109 +++++++++++++++++++++ sources | 2 +- 4 files changed, 118 insertions(+), 93 deletions(-) delete mode 100644 0001-ALSA-hda-Workaround-for-spurious-wakeups-on-some-Int.patch create mode 100644 random32-update-the-net-random-state-on-interrupt-and-activity.patch diff --git a/0001-ALSA-hda-Workaround-for-spurious-wakeups-on-some-Int.patch b/0001-ALSA-hda-Workaround-for-spurious-wakeups-on-some-Int.patch deleted file mode 100644 index 1a3663270..000000000 --- a/0001-ALSA-hda-Workaround-for-spurious-wakeups-on-some-Int.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 2b796b34a3b9ade3307304121a726d318641415a Mon Sep 17 00:00:00 2001 -From: Takashi Iwai -Date: Mon, 27 Jul 2020 17:19:18 +0200 -Subject: [PATCH] ALSA: hda: Workaround for spurious wakeups on some Intel - platforms - -We've received a regression report on Intel HD-audio controller that -wakes up immediately after S3 suspend. The bisection leads to the -commit c4c8dd6ef807 ("ALSA: hda: Skip controller resume if not -needed"). This commit replaces the system-suspend to use -pm_runtime_force_suspend() instead of the direct call of -__azx_runtime_suspend(). However, by some really mysterious reason, -pm_runtime_force_suspend() causes a spurious wakeup (although it calls -the same __azx_runtime_suspend() internally). - -As an ugly workaround for now, revert the behavior to call -__azx_runtime_suspend() and __azx_runtime_resume() for those old Intel -platforms that may exhibit such a problem, while keeping the new -standard pm_runtime_force_suspend() and pm_runtime_force_resume() -pair for the remaining chips. - -Fixes: c4c8dd6ef807 ("ALSA: hda: Skip controller resume if not needed") -BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=208649 -Cc: -Signed-off-by: Takashi Iwai ---- - sound/pci/hda/hda_controller.h | 2 +- - sound/pci/hda/hda_intel.c | 17 ++++++++++++++--- - 2 files changed, 15 insertions(+), 4 deletions(-) - -diff --git a/sound/pci/hda/hda_controller.h b/sound/pci/hda/hda_controller.h -index fe171685492d..be63ead8161f 100644 ---- a/sound/pci/hda/hda_controller.h -+++ b/sound/pci/hda/hda_controller.h -@@ -41,7 +41,7 @@ - /* 24 unused */ - #define AZX_DCAPS_COUNT_LPIB_DELAY (1 << 25) /* Take LPIB as delay */ - #define AZX_DCAPS_PM_RUNTIME (1 << 26) /* runtime PM support */ --/* 27 unused */ -+#define AZX_DCAPS_SUSPEND_SPURIOUS_WAKEUP (1 << 27) /* Workaround for spurious wakeups after suspend */ - #define AZX_DCAPS_CORBRP_SELF_CLEAR (1 << 28) /* CORBRP clears itself after reset */ - #define AZX_DCAPS_NO_MSI64 (1 << 29) /* Stick to 32-bit MSIs */ - #define AZX_DCAPS_SEPARATE_STREAM_TAG (1 << 30) /* capture and playback use separate stream tag */ -diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c -index 9ba1fb8f0b7f..fb65450d8de1 100644 ---- a/sound/pci/hda/hda_intel.c -+++ b/sound/pci/hda/hda_intel.c -@@ -297,7 +297,8 @@ enum { - /* PCH for HSW/BDW; with runtime PM */ - /* no i915 binding for this as HSW/BDW has another controller for HDMI */ - #define AZX_DCAPS_INTEL_PCH \ -- (AZX_DCAPS_INTEL_PCH_BASE | AZX_DCAPS_PM_RUNTIME) -+ (AZX_DCAPS_INTEL_PCH_BASE | AZX_DCAPS_PM_RUNTIME |\ -+ AZX_DCAPS_SUSPEND_SPURIOUS_WAKEUP) - - /* HSW HDMI */ - #define AZX_DCAPS_INTEL_HASWELL \ -@@ -1026,7 +1027,14 @@ static int azx_suspend(struct device *dev) - chip = card->private_data; - bus = azx_bus(chip); - snd_power_change_state(card, SNDRV_CTL_POWER_D3hot); -- pm_runtime_force_suspend(dev); -+ /* An ugly workaround: direct call of __azx_runtime_suspend() and -+ * __azx_runtime_resume() for old Intel platforms that suffer from -+ * spurious wakeups after S3 suspend -+ */ -+ if (chip->driver_caps & AZX_DCAPS_SUSPEND_SPURIOUS_WAKEUP) -+ __azx_runtime_suspend(chip); -+ else -+ pm_runtime_force_suspend(dev); - if (bus->irq >= 0) { - free_irq(bus->irq, chip); - bus->irq = -1; -@@ -1055,7 +1063,10 @@ static int azx_resume(struct device *dev) - if (azx_acquire_irq(chip, 1) < 0) - return -EIO; - -- pm_runtime_force_resume(dev); -+ if (chip->driver_caps & AZX_DCAPS_SUSPEND_SPURIOUS_WAKEUP) -+ __azx_runtime_resume(chip, false); -+ else -+ pm_runtime_force_resume(dev); - snd_power_change_state(card, SNDRV_CTL_POWER_D0); - - trace_azx_resume(chip); --- -2.26.2 - diff --git a/kernel.spec b/kernel.spec index 329f8b2ff..3b02a59d4 100644 --- a/kernel.spec +++ b/kernel.spec @@ -92,7 +92,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 12 +%define stable_update 13 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -883,12 +883,12 @@ Patch123: 0001-usb-fusb302-Convert-to-use-GPIO-descriptors.patch # Tegra194 ACPI PCI quirk - http://patchwork.ozlabs.org/patch/1221384/ Patch124: 0001-PCI-Add-MCFG-quirks-for-Tegra194-host-controllers.patch -# rhbz 1857101 -Patch125: 0001-ALSA-hda-Workaround-for-spurious-wakeups-on-some-Int.patch - # Work around a bug in gcc https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96377 Patch126: 0001-Work-around-for-gcc-bug-https-gcc.gnu.org-bugzilla-s.patch +# CVE-2020-16166 rhbz 1865751 1865752 +Patch127: random32-update-the-net-random-state-on-interrupt-and-activity.patch + # END OF PATCH DEFINITIONS %endif @@ -2993,6 +2993,10 @@ fi # # %changelog +* Wed Aug 05 2020 Justin M. Forbes - 5.7.13-200 +- Linux v5.7.13 +- Fix CVE-2020-16166 (rhbz 1865751 1865752) + * Sat Aug 01 2020 Justin M. Forbes - 5.7.12-200 - Linux v5.7.12 diff --git a/random32-update-the-net-random-state-on-interrupt-and-activity.patch b/random32-update-the-net-random-state-on-interrupt-and-activity.patch new file mode 100644 index 000000000..e929c9976 --- /dev/null +++ b/random32-update-the-net-random-state-on-interrupt-and-activity.patch @@ -0,0 +1,109 @@ +From f227e3ec3b5cad859ad15666874405e8c1bbc1d4 Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Fri, 10 Jul 2020 15:23:19 +0200 +Subject: random32: update the net random state on interrupt and activity + +From: Willy Tarreau + +commit f227e3ec3b5cad859ad15666874405e8c1bbc1d4 upstream. + +This modifies the first 32 bits out of the 128 bits of a random CPU's +net_rand_state on interrupt or CPU activity to complicate remote +observations that could lead to guessing the network RNG's internal +state. + +Note that depending on some network devices' interrupt rate moderation +or binding, this re-seeding might happen on every packet or even almost +never. + +In addition, with NOHZ some CPUs might not even get timer interrupts, +leaving their local state rarely updated, while they are running +networked processes making use of the random state. For this reason, we +also perform this update in update_process_times() in order to at least +update the state when there is user or system activity, since it's the +only case we care about. + +Reported-by: Amit Klein +Suggested-by: Linus Torvalds +Cc: Eric Dumazet +Cc: "Jason A. Donenfeld" +Cc: Andy Lutomirski +Cc: Kees Cook +Cc: Thomas Gleixner +Cc: Peter Zijlstra +Cc: +Signed-off-by: Willy Tarreau +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/random.c | 1 + + include/linux/random.h | 3 +++ + kernel/time/timer.c | 8 ++++++++ + lib/random32.c | 2 +- + 4 files changed, 13 insertions(+), 1 deletion(-) + +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -1277,6 +1277,7 @@ void add_interrupt_randomness(int irq, i + + fast_mix(fast_pool); + add_interrupt_bench(cycles); ++ this_cpu_add(net_rand_state.s1, fast_pool->pool[cycles & 3]); + + if (unlikely(crng_init == 0)) { + if ((fast_pool->count >= 64) && +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -11,6 +11,7 @@ + #include + #include + #include ++#include + + #include + +@@ -119,6 +120,8 @@ struct rnd_state { + __u32 s1, s2, s3, s4; + }; + ++DECLARE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy; ++ + u32 prandom_u32_state(struct rnd_state *state); + void prandom_bytes_state(struct rnd_state *state, void *buf, size_t nbytes); + void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state); +--- a/kernel/time/timer.c ++++ b/kernel/time/timer.c +@@ -43,6 +43,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -1743,6 +1744,13 @@ void update_process_times(int user_tick) + scheduler_tick(); + if (IS_ENABLED(CONFIG_POSIX_TIMERS)) + run_posix_cpu_timers(); ++ ++ /* The current CPU might make use of net randoms without receiving IRQs ++ * to renew them often enough. Let's update the net_rand_state from a ++ * non-constant value that's not affine to the number of calls to make ++ * sure it's updated when there's some activity (we don't care in idle). ++ */ ++ this_cpu_add(net_rand_state.s1, rol32(jiffies, 24) + user_tick); + } + + /** +--- a/lib/random32.c ++++ b/lib/random32.c +@@ -48,7 +48,7 @@ static inline void prandom_state_selftes + } + #endif + +-static DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy; ++DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy; + + /** + * prandom_u32_state - seeded pseudo-random number generator. diff --git a/sources b/sources index 89bdde96a..b2914981f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (linux-5.7.tar.xz) = 45bde01593f6147c8c169b9e46b4b56eee998142552ae0ff82f1dd21b1fd54f3b32f6283f6bd77ea717d374672167849e468c157f235d2f12f7d7816e4623bf6 -SHA512 (patch-5.7.12.xz) = 86bbdd23e0ace2273ca03868a3414f943c9e7759945ee2c6c7171acb286e25366137ba4d9a65c89c3dcca12b03e1c32c6e9fdcbd5f6a85a4025ef00ae65a1c28 +SHA512 (patch-5.7.13.xz) = cc0df5bcbc9b566455bfebd3f297a63f956d4f92546ded4dd2150b012ba9b100c1735257c17225ad30f8c01c000f870056dabe9d8b06945449b7514375b70a91 -- cgit