Linux-stable-mirror June 2022

linux-stable-mirror@lists.linaro.org

403 participants
1598 discussions

[PATCH AUTOSEL 5.15 01/37] IB/rdmavt: add missing locks in rvt_ruc_loopback

by Sasha Levin

From: Niels Dossche <dossche.niels(a)gmail.com> [ Upstream commit 22cbc6c2681a0a4fe76150270426e763d52353a4 ] The documentation of the function rvt_error_qp says both r_lock and s_lock need to be held when calling that function. It also asserts using lockdep that both of those locks are held. rvt_error_qp is called form rvt_send_cq, which is called from rvt_qp_complete_swqe, which is called from rvt_send_complete, which is called from rvt_ruc_loopback in two places. Both of these places do not hold r_lock. Fix this by acquiring a spin_lock of r_lock in both of these places. The r_lock acquiring cannot be added in rvt_qp_complete_swqe because some of its other callers already have r_lock acquired. Link: https://lore.kernel.org/r/20220228195144.71946-1-dossche.niels@gmail.com Signed-off-by: Niels Dossche <dossche.niels(a)gmail.com> Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/infiniband/sw/rdmavt/qp.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/infiniband/sw/rdmavt/qp.c b/drivers/infiniband/sw/rdmavt/qp.c index 8ef112f883a7..3acab569fbb9 100644 --- a/drivers/infiniband/sw/rdmavt/qp.c +++ b/drivers/infiniband/sw/rdmavt/qp.c @@ -2775,7 +2775,7 @@ void rvt_qp_iter(struct rvt_dev_info *rdi, EXPORT_SYMBOL(rvt_qp_iter); /* - * This should be called with s_lock held. + * This should be called with s_lock and r_lock held. */ void rvt_send_complete(struct rvt_qp *qp, struct rvt_swqe *wqe, enum ib_wc_status status) @@ -3134,7 +3134,9 @@ void rvt_ruc_loopback(struct rvt_qp *sqp) rvp->n_loop_pkts++; flush_send: sqp->s_rnr_retry = sqp->s_rnr_retry_cnt; + spin_lock(&sqp->r_lock); rvt_send_complete(sqp, wqe, send_status); + spin_unlock(&sqp->r_lock); if (local_ops) { atomic_dec(&sqp->local_ops_pending); local_ops = 0; @@ -3188,7 +3190,9 @@ void rvt_ruc_loopback(struct rvt_qp *sqp) spin_unlock_irqrestore(&qp->r_lock, flags); serr_no_r_lock: spin_lock_irqsave(&sqp->s_lock, flags); + spin_lock(&sqp->r_lock); rvt_send_complete(sqp, wqe, send_status); + spin_unlock(&sqp->r_lock); if (sqp->ibqp.qp_type == IB_QPT_RC) { int lastwqe; -- 2.35.1

2 years, 6 months

[PATCH AUTOSEL 5.17 01/48] IB/rdmavt: add missing locks in rvt_ruc_loopback

by Sasha Levin

2 years, 6 months

by Paul Deedee

Dear email beneficiary.......Your email has been selected for a donation. This is to officially inform you that we have been having a meeting for the past Months now which has already ended with Mr.Antonio Guterres Secretary-General of United Nations, Mr. David R.Malpass the World Bank President and, Your ( e-mail address ) appeared among those people to be compensated. You have been compensated with the sum of ($750,000.00) by United Nations and the World Bank Group because of this Coronavirus pandemic, which has been terrorizing all over the world. This money is to empower you to start a business, the payment will be issued through ATM VISA CARD and sent to you from our representative Rev. David Wood, we need Your Full Name Home Address and Your Phone Numbers. Contact Rev. David Wood with this email.id ( davidwood2019(a)yandex.com ) or you send your details to me. I will be the one to send your details to him. Thanks. Tel: 1 513 452 4395. Tatiana Valovaya Director-General of the United Nations Office. CC: Mr. David R.Malpass the World Bank President

2 years, 6 months

FAILED: patch "[PATCH] exec: Force single empty string when argv is empty" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dcd46d897adb70d63e025f175a00a89797d31a43 Mon Sep 17 00:00:00 2001 From: Kees Cook <keescook(a)chromium.org> Date: Mon, 31 Jan 2022 16:09:47 -0800 Subject: [PATCH] exec: Force single empty string when argv is empty Quoting[1] Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve(2) be the name of a program, thus prohibiting a scenario where argc < 1. POSIX 2017 also recommends this behaviour, but it is not an explicit requirement[2]: The argument arg0 should point to a filename string that is associated with the process being started by one of the exec functions. ... Interestingly, Michael Kerrisk opened an issue about this in 2008[3], but there was no consensus to support fixing this issue then. Hopefully now that CVE-2021-4034 shows practical exploitative use[4] of this bug in a shellcode, we can reconsider. This issue is being tracked in the KSPP issue tracker[5]." While the initial code searches[6][7] turned up what appeared to be mostly corner case tests, trying to that just reject argv == NULL (or an immediately terminated pointer list) quickly started tripping[8] existing userspace programs. The next best approach is forcing a single empty string into argv and adjusting argc to match. The number of programs depending on argc == 0 seems a smaller set than those calling execve with a NULL argv. Account for the additional stack space in bprm_stack_limits(). Inject an empty string when argc == 0 (and set argc = 1). Warn about the case so userspace has some notice about the change: process './argc0' launched './argc0' with NULL argv: empty string added Additionally WARN() and reject NULL argv usage for kernel threads. [1] https://lore.kernel.org/lkml/20220127000724.15106-1-ariadne@dereferenced.or… [2] https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html [3] https://bugzilla.kernel.org/show_bug.cgi?id=8408 [4] https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt [5] https://github.com/KSPP/linux/issues/176 [6] https://codesearch.debian.net/search?q=execve%5C+*%5C%28%5B%5E%2C%5D%2B%2C+… [7] https://codesearch.debian.net/search?q=execlp%3F%5Cs*%5C%28%5B%5E%2C%5D%2B%… [8] https://lore.kernel.org/lkml/20220131144352.GE16385@xsang-OptiPlex-9020/ Reported-by: Ariadne Conill <ariadne(a)dereferenced.org> Reported-by: Michael Kerrisk <mtk.manpages(a)gmail.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Rich Felker <dalias(a)libc.org> Cc: Eric Biederman <ebiederm(a)xmission.com> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: linux-fsdevel(a)vger.kernel.org Cc: stable(a)vger.kernel.org Signed-off-by: Kees Cook <keescook(a)chromium.org> Acked-by: Christian Brauner <brauner(a)kernel.org> Acked-by: Ariadne Conill <ariadne(a)dereferenced.org> Acked-by: Andy Lutomirski <luto(a)kernel.org> Link: https://lore.kernel.org/r/20220201000947.2453721-1-keescook@chromium.org diff --git a/fs/exec.c b/fs/exec.c index 79f2c9483302..40b1008fb0f7 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -495,8 +495,14 @@ static int bprm_stack_limits(struct linux_binprm *bprm) * the stack. They aren't stored until much later when we can't * signal to the parent that the child has run out of stack space. * Instead, calculate it here so it's possible to fail gracefully. + * + * In the case of argc = 0, make sure there is space for adding a + * empty string (which will bump argc to 1), to ensure confused + * userspace programs don't start processing from argv[1], thinking + * argc can never be 0, to keep them from walking envp by accident. + * See do_execveat_common(). */ - ptr_size = (bprm->argc + bprm->envc) * sizeof(void *); + ptr_size = (max(bprm->argc, 1) + bprm->envc) * sizeof(void *); if (limit <= ptr_size) return -E2BIG; limit -= ptr_size; @@ -1897,6 +1903,9 @@ static int do_execveat_common(int fd, struct filename *filename, } retval = count(argv, MAX_ARG_STRINGS); + if (retval == 0) + pr_warn_once("process '%s' launched '%s' with NULL argv: empty string added\n", + current->comm, bprm->filename); if (retval < 0) goto out_free; bprm->argc = retval; @@ -1923,6 +1932,19 @@ static int do_execveat_common(int fd, struct filename *filename, if (retval < 0) goto out_free; + /* + * When argv is empty, add an empty string ("") as argv[0] to + * ensure confused userspace programs that start processing + * from argv[1] won't end up walking envp. See also + * bprm_stack_limits(). + */ + if (bprm->argc == 0) { + retval = copy_string_kernel("", bprm); + if (retval < 0) + goto out_free; + bprm->argc = 1; + } + retval = bprm_execve(bprm, fd, filename, flags); out_free: free_bprm(bprm); @@ -1951,6 +1973,8 @@ int kernel_execve(const char *kernel_filename, } retval = count_strings_kernel(argv); + if (WARN_ON_ONCE(retval == 0)) + retval = -EINVAL; if (retval < 0) goto out_free; bprm->argc = retval;

2 years, 6 months

FAILED: patch "[PATCH] exec: Force single empty string when argv is empty" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dcd46d897adb70d63e025f175a00a89797d31a43 Mon Sep 17 00:00:00 2001 From: Kees Cook <keescook(a)chromium.org> Date: Mon, 31 Jan 2022 16:09:47 -0800 Subject: [PATCH] exec: Force single empty string when argv is empty Quoting[1] Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve(2) be the name of a program, thus prohibiting a scenario where argc < 1. POSIX 2017 also recommends this behaviour, but it is not an explicit requirement[2]: The argument arg0 should point to a filename string that is associated with the process being started by one of the exec functions. ... Interestingly, Michael Kerrisk opened an issue about this in 2008[3], but there was no consensus to support fixing this issue then. Hopefully now that CVE-2021-4034 shows practical exploitative use[4] of this bug in a shellcode, we can reconsider. This issue is being tracked in the KSPP issue tracker[5]." While the initial code searches[6][7] turned up what appeared to be mostly corner case tests, trying to that just reject argv == NULL (or an immediately terminated pointer list) quickly started tripping[8] existing userspace programs. The next best approach is forcing a single empty string into argv and adjusting argc to match. The number of programs depending on argc == 0 seems a smaller set than those calling execve with a NULL argv. Account for the additional stack space in bprm_stack_limits(). Inject an empty string when argc == 0 (and set argc = 1). Warn about the case so userspace has some notice about the change: process './argc0' launched './argc0' with NULL argv: empty string added Additionally WARN() and reject NULL argv usage for kernel threads. [1] https://lore.kernel.org/lkml/20220127000724.15106-1-ariadne@dereferenced.or… [2] https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html [3] https://bugzilla.kernel.org/show_bug.cgi?id=8408 [4] https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt [5] https://github.com/KSPP/linux/issues/176 [6] https://codesearch.debian.net/search?q=execve%5C+*%5C%28%5B%5E%2C%5D%2B%2C+… [7] https://codesearch.debian.net/search?q=execlp%3F%5Cs*%5C%28%5B%5E%2C%5D%2B%… [8] https://lore.kernel.org/lkml/20220131144352.GE16385@xsang-OptiPlex-9020/ Reported-by: Ariadne Conill <ariadne(a)dereferenced.org> Reported-by: Michael Kerrisk <mtk.manpages(a)gmail.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Rich Felker <dalias(a)libc.org> Cc: Eric Biederman <ebiederm(a)xmission.com> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: linux-fsdevel(a)vger.kernel.org Cc: stable(a)vger.kernel.org Signed-off-by: Kees Cook <keescook(a)chromium.org> Acked-by: Christian Brauner <brauner(a)kernel.org> Acked-by: Ariadne Conill <ariadne(a)dereferenced.org> Acked-by: Andy Lutomirski <luto(a)kernel.org> Link: https://lore.kernel.org/r/20220201000947.2453721-1-keescook@chromium.org diff --git a/fs/exec.c b/fs/exec.c index 79f2c9483302..40b1008fb0f7 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -495,8 +495,14 @@ static int bprm_stack_limits(struct linux_binprm *bprm) * the stack. They aren't stored until much later when we can't * signal to the parent that the child has run out of stack space. * Instead, calculate it here so it's possible to fail gracefully. + * + * In the case of argc = 0, make sure there is space for adding a + * empty string (which will bump argc to 1), to ensure confused + * userspace programs don't start processing from argv[1], thinking + * argc can never be 0, to keep them from walking envp by accident. + * See do_execveat_common(). */ - ptr_size = (bprm->argc + bprm->envc) * sizeof(void *); + ptr_size = (max(bprm->argc, 1) + bprm->envc) * sizeof(void *); if (limit <= ptr_size) return -E2BIG; limit -= ptr_size; @@ -1897,6 +1903,9 @@ static int do_execveat_common(int fd, struct filename *filename, } retval = count(argv, MAX_ARG_STRINGS); + if (retval == 0) + pr_warn_once("process '%s' launched '%s' with NULL argv: empty string added\n", + current->comm, bprm->filename); if (retval < 0) goto out_free; bprm->argc = retval; @@ -1923,6 +1932,19 @@ static int do_execveat_common(int fd, struct filename *filename, if (retval < 0) goto out_free; + /* + * When argv is empty, add an empty string ("") as argv[0] to + * ensure confused userspace programs that start processing + * from argv[1] won't end up walking envp. See also + * bprm_stack_limits(). + */ + if (bprm->argc == 0) { + retval = copy_string_kernel("", bprm); + if (retval < 0) + goto out_free; + bprm->argc = 1; + } + retval = bprm_execve(bprm, fd, filename, flags); out_free: free_bprm(bprm); @@ -1951,6 +1973,8 @@ int kernel_execve(const char *kernel_filename, } retval = count_strings_kernel(argv); + if (WARN_ON_ONCE(retval == 0)) + retval = -EINVAL; if (retval < 0) goto out_free; bprm->argc = retval;

2 years, 6 months

FAILED: patch "[PATCH] exec: Force single empty string when argv is empty" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dcd46d897adb70d63e025f175a00a89797d31a43 Mon Sep 17 00:00:00 2001 From: Kees Cook <keescook(a)chromium.org> Date: Mon, 31 Jan 2022 16:09:47 -0800 Subject: [PATCH] exec: Force single empty string when argv is empty Quoting[1] Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve(2) be the name of a program, thus prohibiting a scenario where argc < 1. POSIX 2017 also recommends this behaviour, but it is not an explicit requirement[2]: The argument arg0 should point to a filename string that is associated with the process being started by one of the exec functions. ... Interestingly, Michael Kerrisk opened an issue about this in 2008[3], but there was no consensus to support fixing this issue then. Hopefully now that CVE-2021-4034 shows practical exploitative use[4] of this bug in a shellcode, we can reconsider. This issue is being tracked in the KSPP issue tracker[5]." While the initial code searches[6][7] turned up what appeared to be mostly corner case tests, trying to that just reject argv == NULL (or an immediately terminated pointer list) quickly started tripping[8] existing userspace programs. The next best approach is forcing a single empty string into argv and adjusting argc to match. The number of programs depending on argc == 0 seems a smaller set than those calling execve with a NULL argv. Account for the additional stack space in bprm_stack_limits(). Inject an empty string when argc == 0 (and set argc = 1). Warn about the case so userspace has some notice about the change: process './argc0' launched './argc0' with NULL argv: empty string added Additionally WARN() and reject NULL argv usage for kernel threads. [1] https://lore.kernel.org/lkml/20220127000724.15106-1-ariadne@dereferenced.or… [2] https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html [3] https://bugzilla.kernel.org/show_bug.cgi?id=8408 [4] https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt [5] https://github.com/KSPP/linux/issues/176 [6] https://codesearch.debian.net/search?q=execve%5C+*%5C%28%5B%5E%2C%5D%2B%2C+… [7] https://codesearch.debian.net/search?q=execlp%3F%5Cs*%5C%28%5B%5E%2C%5D%2B%… [8] https://lore.kernel.org/lkml/20220131144352.GE16385@xsang-OptiPlex-9020/ Reported-by: Ariadne Conill <ariadne(a)dereferenced.org> Reported-by: Michael Kerrisk <mtk.manpages(a)gmail.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Christian Brauner <brauner(a)kernel.org> Cc: Rich Felker <dalias(a)libc.org> Cc: Eric Biederman <ebiederm(a)xmission.com> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: linux-fsdevel(a)vger.kernel.org Cc: stable(a)vger.kernel.org Signed-off-by: Kees Cook <keescook(a)chromium.org> Acked-by: Christian Brauner <brauner(a)kernel.org> Acked-by: Ariadne Conill <ariadne(a)dereferenced.org> Acked-by: Andy Lutomirski <luto(a)kernel.org> Link: https://lore.kernel.org/r/20220201000947.2453721-1-keescook@chromium.org diff --git a/fs/exec.c b/fs/exec.c index 79f2c9483302..40b1008fb0f7 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -495,8 +495,14 @@ static int bprm_stack_limits(struct linux_binprm *bprm) * the stack. They aren't stored until much later when we can't * signal to the parent that the child has run out of stack space. * Instead, calculate it here so it's possible to fail gracefully. + * + * In the case of argc = 0, make sure there is space for adding a + * empty string (which will bump argc to 1), to ensure confused + * userspace programs don't start processing from argv[1], thinking + * argc can never be 0, to keep them from walking envp by accident. + * See do_execveat_common(). */ - ptr_size = (bprm->argc + bprm->envc) * sizeof(void *); + ptr_size = (max(bprm->argc, 1) + bprm->envc) * sizeof(void *); if (limit <= ptr_size) return -E2BIG; limit -= ptr_size; @@ -1897,6 +1903,9 @@ static int do_execveat_common(int fd, struct filename *filename, } retval = count(argv, MAX_ARG_STRINGS); + if (retval == 0) + pr_warn_once("process '%s' launched '%s' with NULL argv: empty string added\n", + current->comm, bprm->filename); if (retval < 0) goto out_free; bprm->argc = retval; @@ -1923,6 +1932,19 @@ static int do_execveat_common(int fd, struct filename *filename, if (retval < 0) goto out_free; + /* + * When argv is empty, add an empty string ("") as argv[0] to + * ensure confused userspace programs that start processing + * from argv[1] won't end up walking envp. See also + * bprm_stack_limits(). + */ + if (bprm->argc == 0) { + retval = copy_string_kernel("", bprm); + if (retval < 0) + goto out_free; + bprm->argc = 1; + } + retval = bprm_execve(bprm, fd, filename, flags); out_free: free_bprm(bprm); @@ -1951,6 +1973,8 @@ int kernel_execve(const char *kernel_filename, } retval = count_strings_kernel(argv); + if (WARN_ON_ONCE(retval == 0)) + retval = -EINVAL; if (retval < 0) goto out_free; bprm->argc = retval;

2 years, 6 months

[PATCH] mac80211: fix use-after-free in chanctx code

by Johannes Berg

From: Johannes Berg <johannes.berg(a)intel.com> In ieee80211_vif_use_reserved_context(), when we have an old context and the new context's replace_state is set to IEEE80211_CHANCTX_REPLACE_NONE, we free the old context in ieee80211_vif_use_reserved_reassign(). Therefore, we cannot check the old_ctx anymore, so we should set it to NULL after this point. However, since the new_ctx replace state is clearly not IEEE80211_CHANCTX_REPLACES_OTHER, we're not going to do anything else in this function and can just return to avoid accessing the freed old_ctx. Cc: stable(a)vger.kernel.org Fixes: 5bcae31d9cb1 ("mac80211: implement multi-vif in-place reservations") Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> --- net/mac80211/chan.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c index 7b249264af09..5d8b49f20198 100644 --- a/net/mac80211/chan.c +++ b/net/mac80211/chan.c @@ -1750,12 +1750,9 @@ int ieee80211_vif_use_reserved_context(struct ieee80211_sub_if_data *sdata) if (new_ctx->replace_state == IEEE80211_CHANCTX_REPLACE_NONE) { if (old_ctx) - err = ieee80211_vif_use_reserved_reassign(sdata); - else - err = ieee80211_vif_use_reserved_assign(sdata); + return ieee80211_vif_use_reserved_reassign(sdata); - if (err) - return err; + return ieee80211_vif_use_reserved_assign(sdata); } /* -- 2.36.1

2 years, 6 months

[PATCH 5.10 000/163] 5.10.119-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.119 release. There are 163 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 29 May 2022 08:46:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.119-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.119-rc1 Edward Matijevic <motolav(a)gmail.com> ALSA: ctxfi: Add SB046x PCI ID Jason A. Donenfeld <Jason(a)zx2c4.com> random: check for signals after page of pool writes Jens Axboe <axboe(a)kernel.dk> random: wire up fops->splice_{read,write}_iter() Jens Axboe <axboe(a)kernel.dk> random: convert to using fops->write_iter() Jens Axboe <axboe(a)kernel.dk> random: convert to using fops->read_iter() Jason A. Donenfeld <Jason(a)zx2c4.com> random: unify batched entropy implementations Jason A. Donenfeld <Jason(a)zx2c4.com> random: move randomize_page() into mm where it belongs Jason A. Donenfeld <Jason(a)zx2c4.com> random: move initialization functions out of hot pages Jason A. Donenfeld <Jason(a)zx2c4.com> random: make consistent use of buf and len Jason A. Donenfeld <Jason(a)zx2c4.com> random: use proper return types on get_random_{int,long}_wait() Jason A. Donenfeld <Jason(a)zx2c4.com> random: remove extern from functions in header Jason A. Donenfeld <Jason(a)zx2c4.com> random: use static branch for crng_ready() Jason A. Donenfeld <Jason(a)zx2c4.com> random: credit architectural init the exact amount Jason A. Donenfeld <Jason(a)zx2c4.com> random: handle latent entropy and command line from random_init() Jason A. Donenfeld <Jason(a)zx2c4.com> random: use proper jiffies comparison macro Jason A. Donenfeld <Jason(a)zx2c4.com> random: remove ratelimiting for in-kernel unseeded randomness Jason A. Donenfeld <Jason(a)zx2c4.com> random: move initialization out of reseeding hot path Jason A. Donenfeld <Jason(a)zx2c4.com> random: avoid initializing twice in credit race Jason A. Donenfeld <Jason(a)zx2c4.com> random: use symbolic constants for crng_init states Jason A. Donenfeld <Jason(a)zx2c4.com> siphash: use one source of truth for siphash permutations Jason A. Donenfeld <Jason(a)zx2c4.com> random: help compiler out with fast_mix() by using simpler arguments Jason A. Donenfeld <Jason(a)zx2c4.com> random: do not use input pool from hard IRQs Jason A. Donenfeld <Jason(a)zx2c4.com> random: order timer entropy functions below interrupt functions Jason A. Donenfeld <Jason(a)zx2c4.com> random: do not pretend to handle premature next security model Jason A. Donenfeld <Jason(a)zx2c4.com> random: use first 128 bits of input as fast init Jason A. Donenfeld <Jason(a)zx2c4.com> random: do not use batches when !crng_ready() Jason A. Donenfeld <Jason(a)zx2c4.com> random: insist on random_get_entropy() existing in order to simplify Jason A. Donenfeld <Jason(a)zx2c4.com> xtensa: use fallback for random_get_entropy() instead of zero Jason A. Donenfeld <Jason(a)zx2c4.com> sparc: use fallback for random_get_entropy() instead of zero Jason A. Donenfeld <Jason(a)zx2c4.com> um: use fallback for random_get_entropy() instead of zero Jason A. Donenfeld <Jason(a)zx2c4.com> x86/tsc: Use fallback for random_get_entropy() instead of zero Jason A. Donenfeld <Jason(a)zx2c4.com> nios2: use fallback for random_get_entropy() instead of zero Jason A. Donenfeld <Jason(a)zx2c4.com> arm: use fallback for random_get_entropy() instead of zero Jason A. Donenfeld <Jason(a)zx2c4.com> mips: use fallback for random_get_entropy() instead of just c0 random Jason A. Donenfeld <Jason(a)zx2c4.com> riscv: use fallback for random_get_entropy() instead of zero Jason A. Donenfeld <Jason(a)zx2c4.com> m68k: use fallback for random_get_entropy() instead of zero Jason A. Donenfeld <Jason(a)zx2c4.com> timekeeping: Add raw clock fallback for random_get_entropy() Jason A. Donenfeld <Jason(a)zx2c4.com> powerpc: define get_cycles macro for arch-override Jason A. Donenfeld <Jason(a)zx2c4.com> alpha: define get_cycles macro for arch-override Jason A. Donenfeld <Jason(a)zx2c4.com> parisc: define get_cycles macro for arch-override Jason A. Donenfeld <Jason(a)zx2c4.com> s390: define get_cycles macro for arch-override Jason A. Donenfeld <Jason(a)zx2c4.com> ia64: define get_cycles macro for arch-override Jason A. Donenfeld <Jason(a)zx2c4.com> init: call time_init() before rand_initialize() Jason A. Donenfeld <Jason(a)zx2c4.com> random: fix sysctl documentation nits Jason A. Donenfeld <Jason(a)zx2c4.com> random: document crng_fast_key_erasure() destination possibility Jason A. Donenfeld <Jason(a)zx2c4.com> random: make random_get_entropy() return an unsigned long Jason A. Donenfeld <Jason(a)zx2c4.com> random: allow partial reads if later user copies fail Jason A. Donenfeld <Jason(a)zx2c4.com> random: check for signals every PAGE_SIZE chunk of /dev/[u]random Jann Horn <jannh(a)google.com> random: check for signal_pending() outside of need_resched() check Jason A. Donenfeld <Jason(a)zx2c4.com> random: do not allow user to keep crng key around on stack Jan Varho <jan.varho(a)gmail.com> random: do not split fast init input in add_hwgenerator_randomness() Jason A. Donenfeld <Jason(a)zx2c4.com> random: mix build-time latent entropy into pool at init Jason A. Donenfeld <Jason(a)zx2c4.com> random: re-add removed comment about get_random_{u32,u64} reseeding Jason A. Donenfeld <Jason(a)zx2c4.com> random: treat bootloader trust toggle the same way as cpu trust toggle Jason A. Donenfeld <Jason(a)zx2c4.com> random: skip fast_init if hwrng provides large chunk of entropy Jason A. Donenfeld <Jason(a)zx2c4.com> random: check for signal and try earlier when generating entropy Jason A. Donenfeld <Jason(a)zx2c4.com> random: reseed more often immediately after booting Jason A. Donenfeld <Jason(a)zx2c4.com> random: make consistent usage of crng_ready() Jason A. Donenfeld <Jason(a)zx2c4.com> random: use SipHash as interrupt entropy accumulator Jason A. Donenfeld <Jason(a)zx2c4.com> random: replace custom notifier chain with standard one Jason A. Donenfeld <Jason(a)zx2c4.com> random: don't let 644 read-only sysctls be written to Jason A. Donenfeld <Jason(a)zx2c4.com> random: give sysctl_random_min_urandom_seed a more sensible value Jason A. Donenfeld <Jason(a)zx2c4.com> random: do crng pre-init loading in worker rather than irq Jason A. Donenfeld <Jason(a)zx2c4.com> random: unify cycles_t and jiffies usage and types Jason A. Donenfeld <Jason(a)zx2c4.com> random: cleanup UUID handling Jason A. Donenfeld <Jason(a)zx2c4.com> random: only wake up writers after zap if threshold was passed Jason A. Donenfeld <Jason(a)zx2c4.com> random: round-robin registers as ulong, not u32 Jason A. Donenfeld <Jason(a)zx2c4.com> random: clear fast pool, crng, and batches in cpuhp bring up Jason A. Donenfeld <Jason(a)zx2c4.com> random: pull add_hwgenerator_randomness() declaration into random.h Jason A. Donenfeld <Jason(a)zx2c4.com> random: check for crng_init == 0 in add_device_randomness() Jason A. Donenfeld <Jason(a)zx2c4.com> random: unify early init crng load accounting Jason A. Donenfeld <Jason(a)zx2c4.com> random: do not take pool spinlock at boot Jason A. Donenfeld <Jason(a)zx2c4.com> random: defer fast pool mixing to worker Jason A. Donenfeld <Jason(a)zx2c4.com> random: rewrite header introductory comment Jason A. Donenfeld <Jason(a)zx2c4.com> random: group sysctl functions Jason A. Donenfeld <Jason(a)zx2c4.com> random: group userspace read/write functions Jason A. Donenfeld <Jason(a)zx2c4.com> random: group entropy collection functions Jason A. Donenfeld <Jason(a)zx2c4.com> random: group entropy extraction functions Jason A. Donenfeld <Jason(a)zx2c4.com> random: group crng functions Jason A. Donenfeld <Jason(a)zx2c4.com> random: group initialization wait functions Jason A. Donenfeld <Jason(a)zx2c4.com> random: remove whitespace and reorder includes Jason A. Donenfeld <Jason(a)zx2c4.com> random: remove useless header comment Jason A. Donenfeld <Jason(a)zx2c4.com> random: introduce drain_entropy() helper to declutter crng_reseed() Jason A. Donenfeld <Jason(a)zx2c4.com> random: deobfuscate irq u32/u64 contributions Jason A. Donenfeld <Jason(a)zx2c4.com> random: add proper SPDX header Jason A. Donenfeld <Jason(a)zx2c4.com> random: remove unused tracepoints Jason A. Donenfeld <Jason(a)zx2c4.com> random: remove ifdef'd out interrupt bench Jason A. Donenfeld <Jason(a)zx2c4.com> random: tie batched entropy generation to base_crng generation Dominik Brodowski <linux(a)dominikbrodowski.net> random: fix locking for crng_init in crng_reseed() Jason A. Donenfeld <Jason(a)zx2c4.com> random: zero buffer after reading entropy from userspace Jason A. Donenfeld <Jason(a)zx2c4.com> random: remove outdated INT_MAX >> 6 check in urandom_read() Jason A. Donenfeld <Jason(a)zx2c4.com> random: make more consistent use of integer types Jason A. Donenfeld <Jason(a)zx2c4.com> random: use hash function for crng_slow_load() Jason A. Donenfeld <Jason(a)zx2c4.com> random: use simpler fast key erasure flow on per-cpu keys Jason A. Donenfeld <Jason(a)zx2c4.com> random: absorb fast pool into input pool after fast load Jason A. Donenfeld <Jason(a)zx2c4.com> random: do not xor RDRAND when writing into /dev/random Jason A. Donenfeld <Jason(a)zx2c4.com> random: ensure early RDSEED goes through mixer on init Jason A. Donenfeld <Jason(a)zx2c4.com> random: inline leaves of rand_initialize() Jason A. Donenfeld <Jason(a)zx2c4.com> random: get rid of secondary crngs Jason A. Donenfeld <Jason(a)zx2c4.com> random: use RDSEED instead of RDRAND in entropy extraction Dominik Brodowski <linux(a)dominikbrodowski.net> random: fix locking in crng_fast_load() Jason A. Donenfeld <Jason(a)zx2c4.com> random: remove batched entropy locking Eric Biggers <ebiggers(a)google.com> random: remove use_input_pool parameter from crng_reseed() Jason A. Donenfeld <Jason(a)zx2c4.com> random: make credit_entropy_bits() always safe Jason A. Donenfeld <Jason(a)zx2c4.com> random: always wake up entropy writers after extraction Jason A. Donenfeld <Jason(a)zx2c4.com> random: use linear min-entropy accumulation crediting Jason A. Donenfeld <Jason(a)zx2c4.com> random: simplify entropy debiting Jason A. Donenfeld <Jason(a)zx2c4.com> random: use computational hash for entropy extraction Dominik Brodowski <linux(a)dominikbrodowski.net> random: only call crng_finalize_init() for primary_crng Dominik Brodowski <linux(a)dominikbrodowski.net> random: access primary_pool directly rather than through pointer Dominik Brodowski <linux(a)dominikbrodowski.net> random: continually use hwgenerator randomness Jason A. Donenfeld <Jason(a)zx2c4.com> random: simplify arithmetic function flow in account() Jason A. Donenfeld <Jason(a)zx2c4.com> random: selectively clang-format where it makes sense Jason A. Donenfeld <Jason(a)zx2c4.com> random: access input_pool_data directly rather than through pointer Jason A. Donenfeld <Jason(a)zx2c4.com> random: cleanup fractional entropy shift constants Jason A. Donenfeld <Jason(a)zx2c4.com> random: prepend remaining pool constants with POOL_ Jason A. Donenfeld <Jason(a)zx2c4.com> random: de-duplicate INPUT_POOL constants Jason A. Donenfeld <Jason(a)zx2c4.com> random: remove unused OUTPUT_POOL constants Jason A. Donenfeld <Jason(a)zx2c4.com> random: rather than entropy_store abstraction, use global Jason A. Donenfeld <Jason(a)zx2c4.com> random: remove unused extract_entropy() reserved argument Jason A. Donenfeld <Jason(a)zx2c4.com> random: remove incomplete last_data logic Jason A. Donenfeld <Jason(a)zx2c4.com> random: cleanup integer types Jason A. Donenfeld <Jason(a)zx2c4.com> random: cleanup poolinfo abstraction Schspa Shi <schspa(a)gmail.com> random: fix typo in comments Jann Horn <jannh(a)google.com> random: don't reset crng_init_cnt on urandom_read() Jason A. Donenfeld <Jason(a)zx2c4.com> random: avoid superfluous call to RDRAND in CRNG extraction Dominik Brodowski <linux(a)dominikbrodowski.net> random: early initialization of ChaCha constants Jason A. Donenfeld <Jason(a)zx2c4.com> random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs Dominik Brodowski <linux(a)dominikbrodowski.net> random: harmonize "crng init done" messages Jason A. Donenfeld <Jason(a)zx2c4.com> random: mix bootloader randomness into pool Jason A. Donenfeld <Jason(a)zx2c4.com> random: do not re-init if crng_reseed completes before primary init Jason A. Donenfeld <Jason(a)zx2c4.com> random: do not sign extend bytes for rotation when mixing Jason A. Donenfeld <Jason(a)zx2c4.com> random: use BLAKE2s instead of SHA1 in extraction Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> random: remove unused irq_flags argument from add_interrupt_randomness() Mark Brown <broonie(a)kernel.org> random: document add_hwgenerator_randomness() with other input functions Jason A. Donenfeld <Jason(a)zx2c4.com> lib/crypto: blake2s: avoid indirect calls to compression function for Clang CFI Jason A. Donenfeld <Jason(a)zx2c4.com> lib/crypto: sha1: re-roll loops to reduce code size Jason A. Donenfeld <Jason(a)zx2c4.com> lib/crypto: blake2s: move hmac construction into wireguard Jason A. Donenfeld <Jason(a)zx2c4.com> lib/crypto: blake2s: include as built-in Eric Biggers <ebiggers(a)google.com> crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h> Eric Biggers <ebiggers(a)google.com> crypto: blake2s - adjust include guard naming Eric Biggers <ebiggers(a)google.com> crypto: blake2s - add comment for blake2s_state fields Eric Biggers <ebiggers(a)google.com> crypto: blake2s - optimize blake2s initialization Eric Biggers <ebiggers(a)google.com> crypto: blake2s - share the "shash" API boilerplate code Eric Biggers <ebiggers(a)google.com> crypto: blake2s - move update and final logic to internal/blake2s.h Eric Biggers <ebiggers(a)google.com> crypto: blake2s - remove unneeded includes Eric Biggers <ebiggers(a)google.com> crypto: x86/blake2s - define shash_alg structs using macros Eric Biggers <ebiggers(a)google.com> crypto: blake2s - define shash_alg structs using macros Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lib/blake2s - Move selftest prototype into header file Jason A. Donenfeld <Jason(a)zx2c4.com> MAINTAINERS: add git tree for random.c Jason A. Donenfeld <Jason(a)zx2c4.com> MAINTAINERS: co-maintain random.c Eric Biggers <ebiggers(a)google.com> random: remove dead code left over from blocking pool Ard Biesheuvel <ardb(a)kernel.org> random: avoid arch_get_random_seed_long() when collecting IRQ randomness Lorenzo Pieralisi <lorenzo.pieralisi(a)arm.com> ACPI: sysfs: Fix BERT error region memory mapping Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: sysfs: Make sparse happy about address space in use Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: vim2m: initialize the media device earlier Sakari Ailus <sakari.ailus(a)linux.intel.com> media: vim2m: Register video device after setting up internals Willy Tarreau <w(a)1wt.eu> secure_seq: use the 64 bits of the siphash for port offset calculation Eric Dumazet <edumazet(a)google.com> tcp: change source port randomizarion at connect() time Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID Vitaly Kuznetsov <vkuznets(a)redhat.com> KVM: x86: Properly handle APF vs disabled LAPIC situation Denis Efremov (Oracle) <efremov(a)linux.com> staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() Daniel Thompson <daniel.thompson(a)linaro.org> lockdown: also lock down previous kgdb use ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 6 + Documentation/admin-guide/sysctl/kernel.rst | 22 +- MAINTAINERS | 2 + Makefile | 4 +- arch/alpha/include/asm/timex.h | 1 + arch/arm/include/asm/timex.h | 1 + arch/ia64/include/asm/timex.h | 1 + arch/m68k/include/asm/timex.h | 2 +- arch/mips/include/asm/timex.h | 17 +- arch/nios2/include/asm/timex.h | 3 + arch/parisc/include/asm/timex.h | 3 +- arch/powerpc/include/asm/timex.h | 1 + arch/riscv/include/asm/timex.h | 2 +- arch/s390/include/asm/timex.h | 1 + arch/sparc/include/asm/timex_32.h | 4 +- arch/um/include/asm/timex.h | 9 +- arch/x86/crypto/Makefile | 4 +- arch/x86/crypto/blake2s-glue.c | 166 +- arch/x86/crypto/blake2s-shash.c | 77 + arch/x86/include/asm/timex.h | 9 + arch/x86/include/asm/tsc.h | 7 +- arch/x86/kernel/cpu/mshyperv.c | 2 +- arch/x86/kvm/lapic.c | 6 + arch/x86/kvm/mmu/mmu.c | 6 +- arch/x86/kvm/x86.c | 2 +- arch/xtensa/include/asm/timex.h | 6 +- crypto/Kconfig | 3 +- crypto/blake2s_generic.c | 158 +- crypto/drbg.c | 17 +- drivers/acpi/sysfs.c | 23 +- drivers/char/Kconfig | 3 +- drivers/char/hw_random/core.c | 1 + drivers/char/random.c | 3035 +++++++++-------------- drivers/hv/vmbus_drv.c | 2 +- drivers/media/test-drivers/vim2m.c | 22 +- drivers/net/Kconfig | 1 - drivers/net/wireguard/noise.c | 45 +- drivers/staging/rtl8723bs/os_dep/ioctl_linux.c | 6 +- include/crypto/blake2s.h | 66 +- include/crypto/chacha.h | 15 +- include/crypto/drbg.h | 2 +- include/crypto/internal/blake2s.h | 123 +- include/linux/cpuhotplug.h | 2 + include/linux/hw_random.h | 2 - include/linux/mm.h | 1 + include/linux/prandom.h | 23 +- include/linux/random.h | 100 +- include/linux/security.h | 2 + include/linux/siphash.h | 28 + include/linux/timex.h | 10 +- include/net/inet_hashtables.h | 2 +- include/net/secure_seq.h | 4 +- include/trace/events/random.h | 330 --- init/main.c | 13 +- kernel/cpu.c | 11 + kernel/debug/debug_core.c | 24 + kernel/debug/kdb/kdb_main.c | 62 +- kernel/irq/handle.c | 2 +- kernel/time/timekeeping.c | 15 + lib/Kconfig.debug | 3 +- lib/crypto/Kconfig | 23 +- lib/crypto/Makefile | 9 +- lib/crypto/blake2s-generic.c | 6 +- lib/crypto/blake2s-selftest.c | 33 +- lib/crypto/blake2s.c | 81 +- lib/random32.c | 16 +- lib/sha1.c | 95 +- lib/siphash.c | 32 +- lib/vsprintf.c | 10 +- mm/util.c | 32 + net/core/secure_seq.c | 4 +- net/ipv4/inet_hashtables.c | 28 +- net/ipv6/inet6_hashtables.c | 4 +- security/security.c | 2 + sound/pci/ctxfi/ctatc.c | 2 + sound/pci/ctxfi/cthardware.h | 3 +- 76 files changed, 1865 insertions(+), 3035 deletions(-)

2 years, 6 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror June 2022