rpms
/
kernel
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

kernel-6.6.0-0.rc7.20231024gitd88520ad73b7.55 

* Tue Oct 24 2023 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.6.0-0.rc7.d88520ad73b7.55]
- redhat: remove pending-rhel CONFIG_XFS_ASSERT_FATAL file (Patrick Talbert)
- New configs in fs/xfs (Fedora Kernel Team)
- crypto: rng - Override drivers/char/random in FIPS mode (Herbert Xu)
- random: Add hook to override device reads and getrandom(2) (Herbert Xu)
- Linux v6.6.0-0.rc7.d88520ad73b7
Resolves:

Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
This commit is contained in:
Justin M. Forbes 2023-10-24 12:49:03 -05:00
parent ff61ab282e
commit 34b9a6b2d0
No known key found for this signature in database
GPG Key ID: B8FA7924A4B1C140
20 changed files with 537 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.rhelver
View File

@ -12,7 +12,7 @@ RHEL_MINOR = 99
#
# Use this spot to avoid future merge conflicts.
# Do not trim this comment.
RHEL_RELEASE = 54
RHEL_RELEASE = 55
#
# RHEL_REBASE_NUM

6
Patchlist.changelog
View File

@ -1,3 +1,9 @@
"https://gitlab.com/cki-project/kernel-ark/-/commit"/1820b71069f04d9347e71caeb9fe49e095dd28ec
1820b71069f04d9347e71caeb9fe49e095dd28ec crypto: rng - Override drivers/char/random in FIPS mode
"https://gitlab.com/cki-project/kernel-ark/-/commit"/325cfb22f086df02e268cfbfa6ff96d89d0acd5d
325cfb22f086df02e268cfbfa6ff96d89d0acd5d random: Add hook to override device reads and getrandom(2)
"https://gitlab.com/cki-project/kernel-ark/-/commit"/8374deeb36ca291927f714ba4b78349fb3a6e3b1
8374deeb36ca291927f714ba4b78349fb3a6e3b1 [redhat] kernel/rh_messages.c: move hardware tables to rh_messages.h

1
kernel-aarch64-64k-debug-rhel.config
View File

@ -7855,7 +7855,6 @@ CONFIG_XFRM_SUB_POLICY=y
# CONFIG_XFRM_USER_COMPAT is not set
CONFIG_XFRM_USER=y
CONFIG_XFRM=y
CONFIG_XFS_ASSERT_FATAL=y
# CONFIG_XFS_DEBUG is not set
CONFIG_XFS_FS=m
# CONFIG_XFS_ONLINE_REPAIR is not set

1
kernel-aarch64-64k-rhel.config
View File

@ -7830,7 +7830,6 @@ CONFIG_XFRM_SUB_POLICY=y
# CONFIG_XFRM_USER_COMPAT is not set
CONFIG_XFRM_USER=y
CONFIG_XFRM=y
CONFIG_XFS_ASSERT_FATAL=y
# CONFIG_XFS_DEBUG is not set
CONFIG_XFS_FS=m
# CONFIG_XFS_ONLINE_REPAIR is not set

1
kernel-aarch64-debug-rhel.config
View File

@ -7851,7 +7851,6 @@ CONFIG_XFRM_SUB_POLICY=y
# CONFIG_XFRM_USER_COMPAT is not set
CONFIG_XFRM_USER=y
CONFIG_XFRM=y
CONFIG_XFS_ASSERT_FATAL=y
# CONFIG_XFS_DEBUG is not set
CONFIG_XFS_FS=m
# CONFIG_XFS_ONLINE_REPAIR is not set

1
kernel-aarch64-rhel.config
View File

@ -7826,7 +7826,6 @@ CONFIG_XFRM_SUB_POLICY=y
# CONFIG_XFRM_USER_COMPAT is not set
CONFIG_XFRM_USER=y
CONFIG_XFRM=y
CONFIG_XFS_ASSERT_FATAL=y
# CONFIG_XFS_DEBUG is not set
CONFIG_XFS_FS=m
# CONFIG_XFS_ONLINE_REPAIR is not set

1
kernel-aarch64-rt-debug-rhel.config
View File

@ -7907,7 +7907,6 @@ CONFIG_XFRM_SUB_POLICY=y
# CONFIG_XFRM_USER_COMPAT is not set
CONFIG_XFRM_USER=y
CONFIG_XFRM=y
CONFIG_XFS_ASSERT_FATAL=y
# CONFIG_XFS_DEBUG is not set
CONFIG_XFS_FS=m
# CONFIG_XFS_ONLINE_REPAIR is not set

1
kernel-aarch64-rt-rhel.config
View File

@ -7882,7 +7882,6 @@ CONFIG_XFRM_SUB_POLICY=y
# CONFIG_XFRM_USER_COMPAT is not set
CONFIG_XFRM_USER=y
CONFIG_XFRM=y
CONFIG_XFS_ASSERT_FATAL=y
# CONFIG_XFS_DEBUG is not set
CONFIG_XFS_FS=m
# CONFIG_XFS_ONLINE_REPAIR is not set

1
kernel-ppc64le-debug-rhel.config
View File

@ -7330,7 +7330,6 @@ CONFIG_XFRM_SUB_POLICY=y
# CONFIG_XFRM_USER_COMPAT is not set
CONFIG_XFRM_USER=y
CONFIG_XFRM=y
CONFIG_XFS_ASSERT_FATAL=y
# CONFIG_XFS_DEBUG is not set
CONFIG_XFS_FS=m
# CONFIG_XFS_ONLINE_REPAIR is not set

1
kernel-ppc64le-rhel.config
View File

@ -7307,7 +7307,6 @@ CONFIG_XFRM_SUB_POLICY=y
# CONFIG_XFRM_USER_COMPAT is not set
CONFIG_XFRM_USER=y
CONFIG_XFRM=y
CONFIG_XFS_ASSERT_FATAL=y
# CONFIG_XFS_DEBUG is not set
CONFIG_XFS_FS=m
# CONFIG_XFS_ONLINE_REPAIR is not set

1
kernel-s390x-debug-rhel.config
View File

@ -7315,7 +7315,6 @@ CONFIG_XFRM_SUB_POLICY=y
# CONFIG_XFRM_USER_COMPAT is not set
CONFIG_XFRM_USER=y
CONFIG_XFRM=y
CONFIG_XFS_ASSERT_FATAL=y
# CONFIG_XFS_DEBUG is not set
CONFIG_XFS_FS=m
# CONFIG_XFS_ONLINE_REPAIR is not set

1
kernel-s390x-rhel.config
View File

@ -7292,7 +7292,6 @@ CONFIG_XFRM_SUB_POLICY=y
# CONFIG_XFRM_USER_COMPAT is not set
CONFIG_XFRM_USER=y
CONFIG_XFRM=y
CONFIG_XFS_ASSERT_FATAL=y
# CONFIG_XFS_DEBUG is not set
CONFIG_XFS_FS=m
# CONFIG_XFS_ONLINE_REPAIR is not set

1
kernel-s390x-zfcpdump-rhel.config
View File

@ -7315,7 +7315,6 @@ CONFIG_XFRM_SUB_POLICY=y
# CONFIG_XFRM_USER_COMPAT is not set
CONFIG_XFRM_USER=y
CONFIG_XFRM=y
CONFIG_XFS_ASSERT_FATAL=y
# CONFIG_XFS_DEBUG is not set
# CONFIG_XFS_FS is not set
# CONFIG_XFS_ONLINE_REPAIR is not set

1
kernel-x86_64-debug-rhel.config
View File

@ -7665,7 +7665,6 @@ CONFIG_XFRM_SUB_POLICY=y
# CONFIG_XFRM_USER_COMPAT is not set
CONFIG_XFRM_USER=y
CONFIG_XFRM=y
CONFIG_XFS_ASSERT_FATAL=y
# CONFIG_XFS_DEBUG is not set
CONFIG_XFS_FS=m
# CONFIG_XFS_ONLINE_REPAIR is not set

1
kernel-x86_64-rhel.config
View File

@ -7641,7 +7641,6 @@ CONFIG_XFRM_SUB_POLICY=y
# CONFIG_XFRM_USER_COMPAT is not set
CONFIG_XFRM_USER=y
CONFIG_XFRM=y
CONFIG_XFS_ASSERT_FATAL=y
# CONFIG_XFS_DEBUG is not set
CONFIG_XFS_FS=m
# CONFIG_XFS_ONLINE_REPAIR is not set

1
kernel-x86_64-rt-debug-rhel.config
View File

@ -7722,7 +7722,6 @@ CONFIG_XFRM_SUB_POLICY=y
# CONFIG_XFRM_USER_COMPAT is not set
CONFIG_XFRM_USER=y
CONFIG_XFRM=y
CONFIG_XFS_ASSERT_FATAL=y
# CONFIG_XFS_DEBUG is not set
CONFIG_XFS_FS=m
# CONFIG_XFS_ONLINE_REPAIR is not set

1
kernel-x86_64-rt-rhel.config
View File

@ -7698,7 +7698,6 @@ CONFIG_XFRM_SUB_POLICY=y
# CONFIG_XFRM_USER_COMPAT is not set
CONFIG_XFRM_USER=y
CONFIG_XFRM=y
CONFIG_XFS_ASSERT_FATAL=y
# CONFIG_XFS_DEBUG is not set
CONFIG_XFS_FS=m
# CONFIG_XFS_ONLINE_REPAIR is not set

13
kernel.spec
View File

@ -163,13 +163,13 @@ Summary: The Linux kernel
%define specrpmversion 6.6.0
%define specversion 6.6.0
%define patchversion 6.6
%define pkgrelease 0.rc7.54
%define pkgrelease 0.rc7.20231024gitd88520ad73b7.55
%define kversion 6
%define tarfile_release 6.6-rc7
%define tarfile_release 6.6-rc7-18-gd88520ad73b7
# This is needed to do merge window version magic
%define patchlevel 6
# This allows pkg_release to have configurable %%{?dist} tag
%define specrelease 0.rc7.54%{?buildid}%{?dist}
%define specrelease 0.rc7.20231024gitd88520ad73b7.55%{?buildid}%{?dist}
# This defines the kabi tarball version
%define kabiversion 6.6.0
@ -3709,6 +3709,13 @@ fi\
#
#
%changelog
* Tue Oct 24 2023 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.6.0-0.rc7.d88520ad73b7.55]
- redhat: remove pending-rhel CONFIG_XFS_ASSERT_FATAL file (Patrick Talbert)
- New configs in fs/xfs (Fedora Kernel Team)
- crypto: rng - Override drivers/char/random in FIPS mode (Herbert Xu)
- random: Add hook to override device reads and getrandom(2) (Herbert Xu)
- Linux v6.6.0-0.rc7.d88520ad73b7
* Mon Oct 23 2023 Fedora Kernel Team <kernel-team@fedoraproject.org> [6.6.0-0.rc7.54]
- Linux v6.6.0-0.rc7

518
patch-6.6-redhat.patch
View File

@ -9,12 +9,15 @@
arch/s390/kernel/setup.c | 4 +
arch/x86/kernel/cpu/common.c | 1 +
arch/x86/kernel/setup.c | 68 ++-
crypto/drbg.c | 18 +-
crypto/rng.c | 149 +++++-
drivers/acpi/apei/hest.c | 8 +
drivers/acpi/irq.c | 17 +-
drivers/acpi/scan.c | 9 +
drivers/ata/libahci.c | 18 +
drivers/char/ipmi/ipmi_dmi.c | 15 +
drivers/char/ipmi/ipmi_msghandler.c | 16 +-
drivers/char/random.c | 122 +++++
drivers/firmware/efi/Makefile | 1 +
drivers/firmware/efi/efi.c | 124 +++--
drivers/firmware/efi/secureboot.c | 38 ++
@ -41,12 +44,14 @@
drivers/scsi/sd.c | 10 +
drivers/usb/core/hub.c | 7 +
fs/afs/main.c | 3 +
include/linux/crypto.h | 1 +
include/linux/efi.h | 22 +-
include/linux/kernel.h | 14 +
include/linux/lsm_hook_defs.h | 2 +
include/linux/module.h | 5 +
include/linux/panic.h | 18 +-
include/linux/pci.h | 5 +
include/linux/random.h | 10 +
include/linux/rh_kabi.h | 515 +++++++++++++++++++++
include/linux/rmi.h | 1 +
include/linux/security.h | 5 +
@ -64,7 +69,7 @@
security/lockdown/Kconfig | 13 +
security/lockdown/lockdown.c | 1 +
security/security.c | 12 +
66 files changed, 1779 insertions(+), 188 deletions(-)
71 files changed, 2060 insertions(+), 207 deletions(-)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 0a1731a0f0ef..7015d8d057a0 100644
@ -359,6 +364,280 @@ index b098b1fa2470..6b936d786590 100644
unwind_init();
}
diff --git a/crypto/drbg.c b/crypto/drbg.c
index ff4ebbc68efa..2410034cca4f 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -1510,13 +1510,14 @@ static int drbg_generate(struct drbg_state *drbg,
* Wrapper around drbg_generate which can pull arbitrary long strings
* from the DRBG without hitting the maximum request limitation.
*
- * Parameters: see drbg_generate
+ * Parameters: see drbg_generate, except @reseed, which triggers reseeding
* Return codes: see drbg_generate -- if one drbg_generate request fails,
* the entire drbg_generate_long request fails
*/
static int drbg_generate_long(struct drbg_state *drbg,
unsigned char *buf, unsigned int buflen,
- struct drbg_string *addtl)
+ struct drbg_string *addtl,
+ bool reseed)
{
unsigned int len = 0;
unsigned int slice = 0;
@@ -1526,6 +1527,8 @@ static int drbg_generate_long(struct drbg_state *drbg,
slice = ((buflen - len) / drbg_max_request_bytes(drbg));
chunk = slice ? drbg_max_request_bytes(drbg) : (buflen - len);
mutex_lock(&drbg->drbg_mutex);
+ if (reseed)
+ drbg->seeded = DRBG_SEED_STATE_UNSEEDED;
err = drbg_generate(drbg, buf + len, chunk, addtl);
mutex_unlock(&drbg->drbg_mutex);
if (0 > err)
@@ -1952,6 +1955,7 @@ static int drbg_kcapi_random(struct crypto_rng *tfm,
struct drbg_state *drbg = crypto_rng_ctx(tfm);
struct drbg_string *addtl = NULL;
struct drbg_string string;
+ int err;
if (slen) {
/* linked list variable is now local to allow modification */
@@ -1959,7 +1963,15 @@ static int drbg_kcapi_random(struct crypto_rng *tfm,
addtl = &string;
}
- return drbg_generate_long(drbg, dst, dlen, addtl);
+ err = drbg_generate_long(drbg, dst, dlen, addtl,
+ (crypto_tfm_get_flags(crypto_rng_tfm(tfm)) &
+ CRYPTO_TFM_REQ_NEED_RESEED) ==
+ CRYPTO_TFM_REQ_NEED_RESEED);
+
+ crypto_tfm_clear_flags(crypto_rng_tfm(tfm),
+ CRYPTO_TFM_REQ_NEED_RESEED);
+
+ return err;
}
/*
diff --git a/crypto/rng.c b/crypto/rng.c
index 279dffdebf59..d24dd37205cd 100644
--- a/crypto/rng.c
+++ b/crypto/rng.c
@@ -12,10 +12,13 @@
#include <linux/atomic.h>
#include <linux/cryptouser.h>
#include <linux/err.h>
+#include <linux/fips.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/mutex.h>
#include <linux/random.h>
+#include <linux/sched.h>
+#include <linux/sched/signal.h>
#include <linux/seq_file.h>
#include <linux/slab.h>
#include <linux/string.h>
@@ -23,7 +26,9 @@
#include "internal.h"
-static DEFINE_MUTEX(crypto_default_rng_lock);
+static ____cacheline_aligned_in_smp DEFINE_MUTEX(crypto_reseed_rng_lock);
+static struct crypto_rng *crypto_reseed_rng;
+static ____cacheline_aligned_in_smp DEFINE_MUTEX(crypto_default_rng_lock);
struct crypto_rng *crypto_default_rng;
EXPORT_SYMBOL_GPL(crypto_default_rng);
static int crypto_default_rng_refcnt;
@@ -136,31 +141,37 @@ struct crypto_rng *crypto_alloc_rng(const char *alg_name, u32 type, u32 mask)
}
EXPORT_SYMBOL_GPL(crypto_alloc_rng);
-int crypto_get_default_rng(void)
+static int crypto_get_rng(struct crypto_rng **rngp)
{
struct crypto_rng *rng;
int err;
- mutex_lock(&crypto_default_rng_lock);
- if (!crypto_default_rng) {
+ if (!*rngp) {
rng = crypto_alloc_rng("stdrng", 0, 0);
err = PTR_ERR(rng);
if (IS_ERR(rng))
- goto unlock;
+ return err;
err = crypto_rng_reset(rng, NULL, crypto_rng_seedsize(rng));
if (err) {
crypto_free_rng(rng);
- goto unlock;
+ return err;
}
- crypto_default_rng = rng;
+ *rngp = rng;
}
- crypto_default_rng_refcnt++;
- err = 0;
+ return 0;
+}
+
+int crypto_get_default_rng(void)
+{
+ int err;
-unlock:
+ mutex_lock(&crypto_default_rng_lock);
+ err = crypto_get_rng(&crypto_default_rng);
+ if (!err)
+ crypto_default_rng_refcnt++;
mutex_unlock(&crypto_default_rng_lock);
return err;
@@ -176,24 +187,33 @@ void crypto_put_default_rng(void)
EXPORT_SYMBOL_GPL(crypto_put_default_rng);
#if defined(CONFIG_CRYPTO_RNG) || defined(CONFIG_CRYPTO_RNG_MODULE)
-int crypto_del_default_rng(void)
+static int crypto_del_rng(struct crypto_rng **rngp, int *refcntp,
+ struct mutex *lock)
{
int err = -EBUSY;
- mutex_lock(&crypto_default_rng_lock);
- if (crypto_default_rng_refcnt)
+ mutex_lock(lock);
+ if (refcntp && *refcntp)
goto out;
- crypto_free_rng(crypto_default_rng);
- crypto_default_rng = NULL;
+ crypto_free_rng(*rngp);
+ *rngp = NULL;
err = 0;
out:
- mutex_unlock(&crypto_default_rng_lock);
+ mutex_unlock(lock);
return err;
}
+
+int crypto_del_default_rng(void)
+{
+ return crypto_del_rng(&crypto_default_rng, &crypto_default_rng_refcnt,
+ &crypto_default_rng_lock) ?:
+ crypto_del_rng(&crypto_reseed_rng, NULL,
+ &crypto_reseed_rng_lock);
+}
EXPORT_SYMBOL_GPL(crypto_del_default_rng);
#endif
@@ -251,5 +271,102 @@ void crypto_unregister_rngs(struct rng_alg *algs, int count)
}
EXPORT_SYMBOL_GPL(crypto_unregister_rngs);
+static ssize_t crypto_devrandom_read_iter(struct iov_iter *iter, bool reseed)
+{
+ struct crypto_rng *rng;
+ u8 tmp[256];
+ ssize_t ret;
+
+ if (unlikely(!iov_iter_count(iter)))
+ return 0;
+
+ if (reseed) {
+ u32 flags = 0;
+
+ /* If reseeding is requested, acquire a lock on
+ * crypto_reseed_rng so it is not swapped out until
+ * the initial random bytes are generated.
+ *
+ * The algorithm implementation is also protected with
+ * a separate mutex (drbg->drbg_mutex) around the
+ * reseed-and-generate operation.
+ */
+ mutex_lock(&crypto_reseed_rng_lock);
+
+ /* If crypto_default_rng is not set, it will be seeded
+ * at creation in __crypto_get_default_rng and thus no
+ * reseeding is needed.
+ */
+ if (crypto_reseed_rng)
+ flags |= CRYPTO_TFM_REQ_NEED_RESEED;
+
+ ret = crypto_get_rng(&crypto_reseed_rng);
+ if (ret) {
+ mutex_unlock(&crypto_reseed_rng_lock);
+ return ret;
+ }
+
+ rng = crypto_reseed_rng;
+ crypto_tfm_set_flags(crypto_rng_tfm(rng), flags);
+ } else {
+ ret = crypto_get_default_rng();
+ if (ret)
+ return ret;
+ rng = crypto_default_rng;
+ }
+
+ for (;;) {
+ size_t i, copied;
+ int err;
+
+ i = min_t(size_t, iov_iter_count(iter), sizeof(tmp));
+ err = crypto_rng_get_bytes(rng, tmp, i);
+ if (err) {
+ ret = err;
+ break;
+ }
+
+ copied = copy_to_iter(tmp, i, iter);
+ ret += copied;
+
+ if (!iov_iter_count(iter))
+ break;
+
+ if (need_resched()) {
+ if (signal_pending(current))
+ break;
+ schedule();
+ }
+ }
+
+ if (reseed)
+ mutex_unlock(&crypto_reseed_rng_lock);
+ else
+ crypto_put_default_rng();
+ memzero_explicit(tmp, sizeof(tmp));
+
+ return ret;
+}
+
+static const struct random_extrng crypto_devrandom_rng = {
+ .extrng_read_iter = crypto_devrandom_read_iter,
+ .owner = THIS_MODULE,
+};
+
+static int __init crypto_rng_init(void)
+{
+ if (fips_enabled)
+ random_register_extrng(&crypto_devrandom_rng);
+ return 0;
+}
+
+static void __exit crypto_rng_exit(void)
+{
+ random_unregister_extrng();
+}
+
+late_initcall(crypto_rng_init);
+module_exit(crypto_rng_exit);
+
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Random Number Generator");
diff --git a/drivers/acpi/apei/hest.c b/drivers/acpi/apei/hest.c
index 6aef1ee5e1bd..8f146b1b4972 100644
--- a/drivers/acpi/apei/hest.c
@ -531,6 +810,203 @@ index 186f1fee7534..93e3a76596ff 100644
mutex_lock(&ipmi_interfaces_mutex);
rv = ipmi_register_driver();
mutex_unlock(&ipmi_interfaces_mutex);
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 3cb37760dfec..20aa9f3b8b48 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -51,6 +51,7 @@
#include <linux/completion.h>
#include <linux/uuid.h>
#include <linux/uaccess.h>
+#include <linux/rcupdate.h>
#include <linux/suspend.h>
#include <linux/siphash.h>
#include <linux/sched/isolation.h>
@@ -309,6 +310,11 @@ static void crng_fast_key_erasure(u8 key[CHACHA_KEY_SIZE],
memzero_explicit(first_block, sizeof(first_block));
}
+/*
+ * Hook for external RNG.
+ */
+static const struct random_extrng __rcu *extrng;
+
/*
* This function returns a ChaCha state that you may use for generating
* random data. It also returns up to 32 bytes on its own of random data
@@ -739,6 +745,9 @@ static void __cold _credit_init_bits(size_t bits)
}
+static const struct file_operations extrng_random_fops;
+static const struct file_operations extrng_urandom_fops;
+
/**********************************************************************
*
* Entropy collection routines.
@@ -956,6 +965,19 @@ void __init add_bootloader_randomness(const void *buf, size_t len)
credit_init_bits(len * 8);
}
+void random_register_extrng(const struct random_extrng *rng)
+{
+ rcu_assign_pointer(extrng, rng);
+}
+EXPORT_SYMBOL_GPL(random_register_extrng);
+
+void random_unregister_extrng(void)
+{
+ RCU_INIT_POINTER(extrng, NULL);
+ synchronize_rcu();
+}
+EXPORT_SYMBOL_GPL(random_unregister_extrng);
+
#if IS_ENABLED(CONFIG_VMGENID)
static BLOCKING_NOTIFIER_HEAD(vmfork_chain);
@@ -1366,6 +1388,7 @@ SYSCALL_DEFINE3(getrandom, char __user *, ubuf, size_t, len, unsigned int, flags
struct iov_iter iter;
struct iovec iov;
int ret;
+ const struct random_extrng *rng;
if (flags & ~(GRND_NONBLOCK | GRND_RANDOM | GRND_INSECURE))
return -EINVAL;
@@ -1377,6 +1400,21 @@ SYSCALL_DEFINE3(getrandom, char __user *, ubuf, size_t, len, unsigned int, flags
if ((flags & (GRND_INSECURE | GRND_RANDOM)) == (GRND_INSECURE | GRND_RANDOM))
return -EINVAL;
+ rcu_read_lock();
+ rng = rcu_dereference(extrng);
+ if (rng && !try_module_get(rng->owner))
+ rng = NULL;
+ rcu_read_unlock();
+
+ if (rng) {
+ ret = import_single_range(ITER_DEST, ubuf, len, &iov, &iter);
+ if (unlikely(ret))
+ return ret;
+ ret = rng->extrng_read_iter(&iter, !!(flags & GRND_RANDOM));
+ module_put(rng->owner);
+ return ret;
+ }
+
if (!crng_ready() && !(flags & GRND_INSECURE)) {
if (flags & GRND_NONBLOCK)
return -EAGAIN;
@@ -1397,6 +1435,12 @@ static __poll_t random_poll(struct file *file, poll_table *wait)
return crng_ready() ? EPOLLIN | EPOLLRDNORM : EPOLLOUT | EPOLLWRNORM;
}
+static __poll_t extrng_poll(struct file *file, poll_table * wait)
+{
+ /* extrng pool is always full, always read, no writes */
+ return EPOLLIN | EPOLLRDNORM;
+}
+
static ssize_t write_pool_user(struct iov_iter *iter)
{
u8 block[BLAKE2S_BLOCK_SIZE];
@@ -1538,7 +1582,58 @@ static int random_fasync(int fd, struct file *filp, int on)
return fasync_helper(fd, filp, on, &fasync);
}
+static int random_open(struct inode *inode, struct file *filp)
+{
+ const struct random_extrng *rng;
+
+ rcu_read_lock();
+ rng = rcu_dereference(extrng);
+ if (rng && !try_module_get(rng->owner))
+ rng = NULL;
+ rcu_read_unlock();
+
+ if (!rng)
+ return 0;
+
+ filp->f_op = &extrng_random_fops;
+ filp->private_data = rng->owner;
+
+ return 0;
+}
+
+static int urandom_open(struct inode *inode, struct file *filp)
+{
+ const struct random_extrng *rng;
+
+ rcu_read_lock();
+ rng = rcu_dereference(extrng);
+ if (rng && !try_module_get(rng->owner))
+ rng = NULL;
+ rcu_read_unlock();
+
+ if (!rng)
+ return 0;
+
+ filp->f_op = &extrng_urandom_fops;
+ filp->private_data = rng->owner;
+
+ return 0;
+}
+
+static int extrng_release(struct inode *inode, struct file *filp)
+{
+ module_put(filp->private_data);
+ return 0;
+}
+
+static ssize_t
+extrng_read_iter(struct kiocb *kiocb, struct iov_iter *iter)
+{
+ return rcu_dereference_raw(extrng)->extrng_read_iter(iter, false);
+}
+
const struct file_operations random_fops = {
+ .open = random_open,
.read_iter = random_read_iter,
.write_iter = random_write_iter,
.poll = random_poll,
@@ -1551,6 +1646,7 @@ const struct file_operations random_fops = {
};
const struct file_operations urandom_fops = {
+ .open = urandom_open,
.read_iter = urandom_read_iter,
.write_iter = random_write_iter,
.unlocked_ioctl = random_ioctl,
@@ -1561,6 +1657,32 @@ const struct file_operations urandom_fops = {
.splice_write = iter_file_splice_write,
};
+static const struct file_operations extrng_random_fops = {
+ .open = random_open,
+ .read_iter = extrng_read_iter,
+ .write_iter = random_write_iter,
+ .poll = extrng_poll,
+ .unlocked_ioctl = random_ioctl,
+ .compat_ioctl = compat_ptr_ioctl,
+ .fasync = random_fasync,
+ .llseek = noop_llseek,
+ .release = extrng_release,
+ .splice_read = copy_splice_read,
+ .splice_write = iter_file_splice_write,
+};
+
+static const struct file_operations extrng_urandom_fops = {
+ .open = urandom_open,
+ .read_iter = extrng_read_iter,
+ .write_iter = random_write_iter,
+ .unlocked_ioctl = random_ioctl,
+ .compat_ioctl = compat_ptr_ioctl,
+ .fasync = random_fasync,
+ .llseek = noop_llseek,
+ .release = extrng_release,
+ .splice_read = copy_splice_read,
+ .splice_write = iter_file_splice_write,
+};
/********************************************************************
*
diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile
index e489fefd23da..f2dfae764fb5 100644
--- a/drivers/firmware/efi/Makefile
@ -1704,6 +2180,18 @@ index eae288c8d40a..8b8bf447cedc 100644
return ret;
error_proc:
diff --git a/include/linux/crypto.h b/include/linux/crypto.h
index 31f6fee0c36c..b099200de233 100644
--- a/include/linux/crypto.h
+++ b/include/linux/crypto.h
@@ -135,6 +135,7 @@
#define CRYPTO_TFM_REQ_FORBID_WEAK_KEYS 0x00000100
#define CRYPTO_TFM_REQ_MAY_SLEEP 0x00000200
#define CRYPTO_TFM_REQ_MAY_BACKLOG 0x00000400
+#define CRYPTO_TFM_REQ_NEED_RESEED 0x00000800
/*
* Miscellaneous stuff.
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 80b21d1c6eaf..b66c0683f2fc 100644
--- a/include/linux/efi.h
@ -1881,6 +2369,34 @@ index 8c7c2c3c6c65..ee66c86fc538 100644
#if defined(CONFIG_PCIEPORTBUS) || defined(CONFIG_EEH)
void pci_uevent_ers(struct pci_dev *pdev, enum pci_ers_result err_type);
#endif
diff --git a/include/linux/random.h b/include/linux/random.h
index b0a940af4fff..8a52424fd0d5 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -9,6 +9,13 @@
#include <uapi/linux/random.h>
+struct iov_iter;
+
+struct random_extrng {
+ ssize_t (*extrng_read_iter)(struct iov_iter *iter, bool reseed);
+ struct module *owner;
+};
+
struct notifier_block;
void add_device_randomness(const void *buf, size_t len);
@@ -157,6 +164,9 @@ int random_prepare_cpu(unsigned int cpu);
int random_online_cpu(unsigned int cpu);
#endif
+void random_register_extrng(const struct random_extrng *rng);
+void random_unregister_extrng(void);
+
#ifndef MODULE
extern const struct file_operations random_fops, urandom_fops;
#endif
diff --git a/include/linux/rh_kabi.h b/include/linux/rh_kabi.h
new file mode 100644
index 000000000000..c7b42c1f1681

6
sources
View File

@ -1,3 +1,3 @@
SHA512 (linux-6.6-rc7.tar.xz) = c554605c021dc569a22d5479a0792f5fc23a949a9fb76343ee3594b72514f2950611db69d4f1ab5a8d390ed979fd41a87aee080bbebf78c9cfc882e608ab63e3
SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 896b1b24617e3a6905c26dd2a50b23ff2e2c7627f6b6dc12b328d5f74109016722b4ba050c5051886cb597308a793366346a34d7ec82a658b646d5288b347ae7
SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = f98c14408c8434ecd253c6781c4f918cf1497da7bd55a79382fcf9dc67512d48e9357825c99a960616d2a9403d55be46989344cd201f762fd5450a2115e43c2a
SHA512 (linux-6.6-rc7-18-gd88520ad73b7.tar.xz) = def0ee2feec1780c60049aa4fdb8d06fc16052a680712044750f0338af2a07d1c08e03db2fcae2163ea2196e935013740fee692fd72a82efa0bf83d24a8b248e
SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = e71711bc322fd6c936efc31ee25054dfc85e21dd7cdbecf151dcff39eadcd3ac32d769667957687d7816c733c824ef8d5d8af30a3bcf4725b28833194a926ec8
SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 7ba67c6e5874e4336adfa4dbe459d27c256367e0355d77d4b02ca067ee3a65dd1876aa58b7c1d93c5a293d86b6041403f2aca9bfb58564ccd4b393cce468bbef