From 6052dbb31326629a584ad20d037156062c49f7e5 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Mon, 30 May 2022 11:31:04 -0500 Subject: kernel-5.17.12-0 * Mon May 30 2022 Justin M. Forbes [5.17.12-0] - Revert "crypto: rng - Override drivers/char/random in FIPS mode" (Justin M. Forbes) - Revert "random: Add hook to override device reads and getrandom(2)" (Justin M. Forbes) Resolves: rhbz# Signed-off-by: Justin M. Forbes --- Patchlist.changelog | 6 + kernel.spec | 12 +- patch-5.17-redhat.patch | 312 +----------------------------------------------- sources | 6 +- 4 files changed, 19 insertions(+), 317 deletions(-) diff --git a/Patchlist.changelog b/Patchlist.changelog index 2d1781fbe..66a6bbdb1 100644 --- a/Patchlist.changelog +++ b/Patchlist.changelog @@ -1,3 +1,9 @@ +"https://gitlab.com/cki-project/kernel-ark/-/commit"/77da23276919a734b100b4856457d1b4c856e758 + 77da23276919a734b100b4856457d1b4c856e758 Revert "crypto: rng - Override drivers/char/random in FIPS mode" + +"https://gitlab.com/cki-project/kernel-ark/-/commit"/41f81f1faeab51ba2fe611184467ca22379d50e5 + 41f81f1faeab51ba2fe611184467ca22379d50e5 Revert "random: Add hook to override device reads and getrandom(2)" + "https://gitlab.com/cki-project/kernel-ark/-/commit"/205bec68a0ea67b6bff6fea9603b7b8aeacc9d46 205bec68a0ea67b6bff6fea9603b7b8aeacc9d46 drivers/firmware: skip simpledrm if nvidia-drm.modeset=1 is set diff --git a/kernel.spec b/kernel.spec index 07e9104c2..066aa6521 100755 --- a/kernel.spec +++ b/kernel.spec @@ -130,7 +130,7 @@ Summary: The Linux kernel # The kernel tarball/base version %define kversion 5.17 -%define rpmversion 5.17.11 +%define rpmversion 5.17.12 %define patchversion 5.17 %define pkgrelease 300 @@ -695,7 +695,7 @@ BuildRequires: lld # exact git commit you can run # # xzcat -qq ${TARBALL} | git get-tar-commit-id -Source0: linux-5.17.11.tar.xz +Source0: linux-5.17.12.tar.xz Source1: Makefile.rhelver @@ -1387,8 +1387,8 @@ ApplyOptionalPatch() fi } -%setup -q -n kernel-5.17.11 -c -mv linux-5.17.11 linux-%{KVERREL} +%setup -q -n kernel-5.17.12 -c +mv linux-5.17.12 linux-%{KVERREL} cd linux-%{KVERREL} cp -a %{SOURCE1} . @@ -3015,6 +3015,10 @@ fi # # %changelog +* Mon May 30 2022 Justin M. Forbes [5.17.12-0] +- Revert "crypto: rng - Override drivers/char/random in FIPS mode" (Justin M. Forbes) +- Revert "random: Add hook to override device reads and getrandom(2)" (Justin M. Forbes) + * Wed May 25 2022 Justin M. Forbes [5.17.11-0] - Linux v5.17.11 (Justin M. Forbes) diff --git a/patch-5.17-redhat.patch b/patch-5.17-redhat.patch index 187a9f9e3..358dea787 100644 --- a/patch-5.17-redhat.patch +++ b/patch-5.17-redhat.patch @@ -10,14 +10,12 @@ arch/x86/boot/header.S | 4 + arch/x86/include/asm/efi.h | 5 + arch/x86/kernel/setup.c | 22 ++-- - crypto/rng.c | 73 +++++++++++- drivers/acpi/apei/hest.c | 8 ++ drivers/acpi/irq.c | 17 ++- drivers/acpi/scan.c | 9 ++ drivers/ata/libahci.c | 18 +++ drivers/char/ipmi/ipmi_dmi.c | 15 +++ drivers/char/ipmi/ipmi_msghandler.c | 16 ++- - drivers/char/random.c | 115 +++++++++++++++++++ drivers/firmware/efi/Kconfig | 12 ++ drivers/firmware/efi/Makefile | 1 + drivers/firmware/efi/efi.c | 124 +++++++++++++++------ @@ -46,7 +44,6 @@ include/linux/lsm_hooks.h | 6 + include/linux/module.h | 1 + include/linux/nfs_fs_sb.h | 1 + - include/linux/random.h | 7 ++ include/linux/rmi.h | 1 + include/linux/security.h | 5 + init/Kconfig | 2 +- @@ -60,7 +57,7 @@ security/lockdown/Kconfig | 13 +++ security/lockdown/lockdown.c | 1 + security/security.c | 6 + - 62 files changed, 997 insertions(+), 213 deletions(-) + 59 files changed, 803 insertions(+), 212 deletions(-) diff --git a/Documentation/core-api/dma-attributes.rst b/Documentation/core-api/dma-attributes.rst index 1887d92e8e92..17706dc91ec9 100644 @@ -112,7 +109,7 @@ index 000000000000..733a26bd887a + +endmenu diff --git a/Makefile b/Makefile -index b821f270a4ca..72a7c6958ea5 100644 +index 25c44dda0ef3..5af0d61c0782 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ @@ -304,103 +301,6 @@ index 90d7e1788c91..262198c48162 100644 reserve_initrd(); -diff --git a/crypto/rng.c b/crypto/rng.c -index fea082b25fe4..50a9d040bed1 100644 ---- a/crypto/rng.c -+++ b/crypto/rng.c -@@ -11,14 +11,17 @@ - #include - #include - #include -+#include -+#include - #include - #include - #include - #include -+#include -+#include - #include - #include - #include --#include - #include - - #include "internal.h" -@@ -224,5 +227,73 @@ void crypto_unregister_rngs(struct rng_alg *algs, int count) - } - EXPORT_SYMBOL_GPL(crypto_unregister_rngs); - -+static ssize_t crypto_devrandom_read(void __user *buf, size_t buflen) -+{ -+ u8 tmp[256]; -+ ssize_t ret; -+ -+ if (!buflen) -+ return 0; -+ -+ ret = crypto_get_default_rng(); -+ if (ret) -+ return ret; -+ -+ for (;;) { -+ int err; -+ int i; -+ -+ i = min_t(int, buflen, sizeof(tmp)); -+ err = crypto_rng_get_bytes(crypto_default_rng, tmp, i); -+ if (err) { -+ ret = err; -+ break; -+ } -+ -+ if (copy_to_user(buf, tmp, i)) { -+ ret = -EFAULT; -+ break; -+ } -+ -+ buflen -= i; -+ buf += i; -+ ret += i; -+ -+ if (!buflen) -+ break; -+ -+ if (need_resched()) { -+ if (signal_pending(current)) -+ break; -+ schedule(); -+ } -+ } -+ -+ crypto_put_default_rng(); -+ memzero_explicit(tmp, sizeof(tmp)); -+ -+ return ret; -+} -+ -+static const struct random_extrng crypto_devrandom_rng = { -+ .extrng_read = crypto_devrandom_read, -+ .owner = THIS_MODULE, -+}; -+ -+static int __init crypto_rng_init(void) -+{ -+ if (fips_enabled) -+ random_register_extrng(&crypto_devrandom_rng); -+ return 0; -+} -+ -+static void __exit crypto_rng_exit(void) -+{ -+ random_unregister_extrng(); -+} -+ -+late_initcall(crypto_rng_init); -+module_exit(crypto_rng_exit); -+ - MODULE_LICENSE("GPL"); - MODULE_DESCRIPTION("Random Number Generator"); diff --git a/drivers/acpi/apei/hest.c b/drivers/acpi/apei/hest.c index 6aef1ee5e1bd..8f146b1b4972 100644 --- a/drivers/acpi/apei/hest.c @@ -573,189 +473,6 @@ index f1827257ef0e..5a45c2cd3dc2 100644 mutex_lock(&ipmi_interfaces_mutex); rv = ipmi_register_driver(); mutex_unlock(&ipmi_interfaces_mutex); -diff --git a/drivers/char/random.c b/drivers/char/random.c -index 3404a91edf29..184dbb94710c 100644 ---- a/drivers/char/random.c -+++ b/drivers/char/random.c -@@ -344,6 +344,7 @@ - #include - #include - #include -+#include - #include - #include - -@@ -358,6 +359,11 @@ - - /* #define ADD_INTERRUPT_BENCH */ - -+/* -+ * Hook for external RNG. -+ */ -+static const struct random_extrng __rcu *extrng; -+ - /* - * If the entropy count falls under this number of bits, then we - * should wake up processes which are selecting or polling on write -@@ -486,6 +492,9 @@ static int ratelimit_disable __read_mostly; - module_param_named(ratelimit_disable, ratelimit_disable, int, 0644); - MODULE_PARM_DESC(ratelimit_disable, "Disable random ratelimit suppression"); - -+static const struct file_operations extrng_random_fops; -+static const struct file_operations extrng_urandom_fops; -+ - /********************************************************************** - * - * OS independent entropy store. Here are the functions which handle -@@ -1775,6 +1784,13 @@ static __poll_t random_poll(struct file *file, poll_table *wait) - return mask; - } - -+static __poll_t -+extrng_poll(struct file *file, poll_table * wait) -+{ -+ /* extrng pool is always full, always read, no writes */ -+ return EPOLLIN | EPOLLRDNORM; -+} -+ - static int write_pool(const char __user *buffer, size_t count) - { - size_t bytes; -@@ -1879,7 +1895,58 @@ static int random_fasync(int fd, struct file *filp, int on) - return fasync_helper(fd, filp, on, &fasync); - } - -+static int random_open(struct inode *inode, struct file *filp) -+{ -+ const struct random_extrng *rng; -+ -+ rcu_read_lock(); -+ rng = rcu_dereference(extrng); -+ if (rng && !try_module_get(rng->owner)) -+ rng = NULL; -+ rcu_read_unlock(); -+ -+ if (!rng) -+ return 0; -+ -+ filp->f_op = &extrng_random_fops; -+ filp->private_data = rng->owner; -+ -+ return 0; -+} -+ -+static int urandom_open(struct inode *inode, struct file *filp) -+{ -+ const struct random_extrng *rng; -+ -+ rcu_read_lock(); -+ rng = rcu_dereference(extrng); -+ if (rng && !try_module_get(rng->owner)) -+ rng = NULL; -+ rcu_read_unlock(); -+ -+ if (!rng) -+ return 0; -+ -+ filp->f_op = &extrng_urandom_fops; -+ filp->private_data = rng->owner; -+ -+ return 0; -+} -+ -+static int extrng_release(struct inode *inode, struct file *filp) -+{ -+ module_put(filp->private_data); -+ return 0; -+} -+ -+static ssize_t -+extrng_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) -+{ -+ return rcu_dereference_raw(extrng)->extrng_read(buf, nbytes); -+} -+ - const struct file_operations random_fops = { -+ .open = random_open, - .read = random_read, - .write = random_write, - .poll = random_poll, -@@ -1890,6 +1957,7 @@ const struct file_operations random_fops = { - }; - - const struct file_operations urandom_fops = { -+ .open = urandom_open, - .read = urandom_read, - .write = random_write, - .unlocked_ioctl = random_ioctl, -@@ -1898,9 +1966,31 @@ const struct file_operations urandom_fops = { - .llseek = noop_llseek, - }; - -+static const struct file_operations extrng_random_fops = { -+ .open = random_open, -+ .read = extrng_read, -+ .write = random_write, -+ .poll = extrng_poll, -+ .unlocked_ioctl = random_ioctl, -+ .fasync = random_fasync, -+ .llseek = noop_llseek, -+ .release = extrng_release, -+}; -+ -+static const struct file_operations extrng_urandom_fops = { -+ .open = urandom_open, -+ .read = extrng_read, -+ .write = random_write, -+ .unlocked_ioctl = random_ioctl, -+ .fasync = random_fasync, -+ .llseek = noop_llseek, -+ .release = extrng_release, -+}; -+ - SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count, unsigned int, - flags) - { -+ const struct random_extrng *rng; - int ret; - - if (flags & ~(GRND_NONBLOCK | GRND_RANDOM | GRND_INSECURE)) -@@ -1916,6 +2006,18 @@ SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count, unsigned int, - if (count > INT_MAX) - count = INT_MAX; - -+ rcu_read_lock(); -+ rng = rcu_dereference(extrng); -+ if (rng && !try_module_get(rng->owner)) -+ rng = NULL; -+ rcu_read_unlock(); -+ -+ if (rng) { -+ ret = rng->extrng_read(buf, count); -+ module_put(rng->owner); -+ return ret; -+ } -+ - if (!(flags & GRND_INSECURE) && !crng_ready()) { - if (flags & GRND_NONBLOCK) - return -EAGAIN; -@@ -2235,3 +2337,16 @@ void add_bootloader_randomness(const void *buf, unsigned int size) - add_device_randomness(buf, size); - } - EXPORT_SYMBOL_GPL(add_bootloader_randomness); -+ -+void random_register_extrng(const struct random_extrng *rng) -+{ -+ rcu_assign_pointer(extrng, rng); -+} -+EXPORT_SYMBOL_GPL(random_register_extrng); -+ -+void random_unregister_extrng(void) -+{ -+ RCU_INIT_POINTER(extrng, NULL); -+ synchronize_rcu(); -+} -+EXPORT_SYMBOL_GPL(random_unregister_extrng); diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig index 2c3dac5ecb36..f44f8b746e42 100644 --- a/drivers/firmware/efi/Kconfig @@ -2143,31 +1860,6 @@ index ca0959e51e81..b0e3fd550122 100644 unsigned int fattr_valid; /* Valid attributes */ unsigned int caps; /* server capabilities */ -diff --git a/include/linux/random.h b/include/linux/random.h -index c45b2693e51f..4edfdb3e44a9 100644 ---- a/include/linux/random.h -+++ b/include/linux/random.h -@@ -14,6 +14,11 @@ - - #include - -+struct random_extrng { -+ ssize_t (*extrng_read)(void __user *buf, size_t buflen); -+ struct module *owner; -+}; -+ - struct random_ready_callback { - struct list_head list; - void (*func)(struct random_ready_callback *rdy); -@@ -44,6 +49,8 @@ extern bool rng_is_initialized(void); - extern int add_random_ready_callback(struct random_ready_callback *rdy); - extern void del_random_ready_callback(struct random_ready_callback *rdy); - extern int __must_check get_random_bytes_arch(void *buf, int nbytes); -+void random_register_extrng(const struct random_extrng *rng); -+void random_unregister_extrng(void); - - #ifndef MODULE - extern const struct file_operations random_fops, urandom_fops; diff --git a/include/linux/rmi.h b/include/linux/rmi.h index ab7eea01ab42..fff7c5f737fc 100644 --- a/include/linux/rmi.h diff --git a/sources b/sources index 5f67dc4c9..3cb1848f6 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-5.17.11.tar.xz) = 6a2a02537326b8425ca90ab3f3e23b5551956c400a15818eeaac77701e83ddd31629d44875887332fb4ac05fc2dbd0a0a964291f90efa428012f0f7d682e694a -SHA512 (kernel-abi-stablelists-5.17.11-300.tar.bz2) = 9f30c4a984c4588d6fae8945dade766a19ffb835672d156c22adf83bc1c4ce43fb2de4444b8f206c8827d5d723339a989f56630a819713cadba157dd9c9e5db0 -SHA512 (kernel-kabi-dw-5.17.11-300.tar.bz2) = a151ebd022193373624fb17d9e67ab6319bc20aba15e94e44cf1ae87e071eeee1f2baf9afa9a71722c1ceebe420ad65f57f480d0bd441c93926f87b09beeeedd +SHA512 (linux-5.17.12.tar.xz) = bdf54320810a1ed1b303b89730aec2fa0e68e45b96c813a15f5cca60e6ce765c0b1a3d4fd39317765227429f206172c709df17741138c6b3e7cbc73ca98cb61d +SHA512 (kernel-abi-stablelists-5.17.12-300.tar.bz2) = 78ddae08718f2b52ba8a5d0618687319fe901bb71185b7e14302bdef93354a50c2d510e49e0e9f3e802583c0d2091801f405a958c1de5963e416c4b5fd51a2ee +SHA512 (kernel-kabi-dw-5.17.12-300.tar.bz2) = 92d19a7604057d7c6997250dd0313b8a8d0b1d664dc99d022e4e8230d84cd1157ef954ff3cea4e9c3f98c2ab54126b48b12d6a92c36d6188223366ef431b55f0 -- cgit