kernel-5.17.12-0

* Mon May 30 2022 Justin M. Forbes <jforbes@fedoraproject.org> [5.17.12-0] - Revert "crypto: rng - Override drivers/char/random in FIPS mode" (Justin M. Forbes) - Revert "random: Add hook to override device reads and getrandom(2)" (Justin M. Forbes) Resolves: rhbz# Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
2022-05-30 11:31:04 -05:00 · 2022-05-30 11:31:04 -05:00 · 6052dbb313
parent e916ca4781
commit 6052dbb313
4 changed files with 19 additions and 317 deletions
--- a/Patchlist.changelog
+++ b/Patchlist.changelog
@ -1,3 +1,9 @@
+"https://gitlab.com/cki-project/kernel-ark/-/commit"/77da23276919a734b100b4856457d1b4c856e758
+ 77da23276919a734b100b4856457d1b4c856e758 Revert "crypto: rng - Override drivers/char/random in FIPS mode"
+
+"https://gitlab.com/cki-project/kernel-ark/-/commit"/41f81f1faeab51ba2fe611184467ca22379d50e5
+ 41f81f1faeab51ba2fe611184467ca22379d50e5 Revert "random: Add hook to override device reads and getrandom(2)"
+
 "https://gitlab.com/cki-project/kernel-ark/-/commit"/205bec68a0ea67b6bff6fea9603b7b8aeacc9d46
 205bec68a0ea67b6bff6fea9603b7b8aeacc9d46 drivers/firmware: skip simpledrm if nvidia-drm.modeset=1 is set

--- a/kernel.spec
+++ b/kernel.spec
@ -130,7 +130,7 @@ Summary: The Linux kernel
 # The kernel tarball/base version
 %define kversion 5.17

-%define rpmversion 5.17.11
+%define rpmversion 5.17.12
 %define patchversion 5.17
 %define pkgrelease 300

@ -695,7 +695,7 @@ BuildRequires: lld
 # exact git commit you can run
 #
 # xzcat -qq ${TARBALL} | git get-tar-commit-id
-Source0: linux-5.17.11.tar.xz
+Source0: linux-5.17.12.tar.xz

 Source1: Makefile.rhelver

@ -1387,8 +1387,8 @@ ApplyOptionalPatch()
  fi
 }

-%setup -q -n kernel-5.17.11 -c
-mv linux-5.17.11 linux-%{KVERREL}
+%setup -q -n kernel-5.17.12 -c
+mv linux-5.17.12 linux-%{KVERREL}

 cd linux-%{KVERREL}
 cp -a %{SOURCE1} .
@ -3015,6 +3015,10 @@ fi
 #
 #
 %changelog
+* Mon May 30 2022 Justin M. Forbes <jforbes@fedoraproject.org> [5.17.12-0]
+- Revert "crypto: rng - Override drivers/char/random in FIPS mode" (Justin M. Forbes)
+- Revert "random: Add hook to override device reads and getrandom(2)" (Justin M. Forbes)
+
 * Wed May 25 2022 Justin M. Forbes <jforbes@fedoraproject.org> [5.17.11-0]
 - Linux v5.17.11 (Justin M. Forbes)

--- a/patch-5.17-redhat.patch
+++ b/patch-5.17-redhat.patch
@ -10,14 +10,12 @@
 arch/x86/boot/header.S                             |   4 +
 arch/x86/include/asm/efi.h                         |   5 +
 arch/x86/kernel/setup.c                            |  22 ++--
- crypto/rng.c                                       |  73 +++++++++++-
 drivers/acpi/apei/hest.c                           |   8 ++
 drivers/acpi/irq.c                                 |  17 ++-
 drivers/acpi/scan.c                                |   9 ++
 drivers/ata/libahci.c                              |  18 +++
 drivers/char/ipmi/ipmi_dmi.c                       |  15 +++
 drivers/char/ipmi/ipmi_msghandler.c                |  16 ++-
- drivers/char/random.c                              | 115 +++++++++++++++++++
 drivers/firmware/efi/Kconfig                       |  12 ++
 drivers/firmware/efi/Makefile                      |   1 +
 drivers/firmware/efi/efi.c                         | 124 +++++++++++++++------
@ -46,7 +44,6 @@
 include/linux/lsm_hooks.h                          |   6 +
 include/linux/module.h                             |   1 +
 include/linux/nfs_fs_sb.h                          |   1 +
- include/linux/random.h                             |   7 ++
 include/linux/rmi.h                                |   1 +
 include/linux/security.h                           |   5 +
 init/Kconfig                                       |   2 +-
@ -60,7 +57,7 @@
 security/lockdown/Kconfig                          |  13 +++
 security/lockdown/lockdown.c                       |   1 +
 security/security.c                                |   6 +
- 62 files changed, 997 insertions(+), 213 deletions(-)
+ 59 files changed, 803 insertions(+), 212 deletions(-)

 diff --git a/Documentation/core-api/dma-attributes.rst b/Documentation/core-api/dma-attributes.rst
 index 1887d92e8e92..17706dc91ec9 100644
@ -112,7 +109,7 @@ index 000000000000..733a26bd887a
 +
 +endmenu
 diff --git a/Makefile b/Makefile
-index b821f270a4ca..72a7c6958ea5 100644
+index 25c44dda0ef3..5af0d61c0782 100644
 --- a/Makefile
 +++ b/Makefile
@@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
@ -304,103 +301,6 @@ index 90d7e1788c91..262198c48162 100644

 	reserve_initrd();

-diff --git a/crypto/rng.c b/crypto/rng.c
-index fea082b25fe4..50a9d040bed1 100644
--- a/crypto/rng.c
-+++ b/crypto/rng.c
-@@ -11,14 +11,17 @@
- #include <linux/atomic.h>
- #include <crypto/internal/rng.h>
- #include <linux/err.h>
-+#include <linux/fips.h>
-+#include <linux/kernel.h>
- #include <linux/module.h>
- #include <linux/mutex.h>
- #include <linux/random.h>
- #include <linux/seq_file.h>
-+#include <linux/sched.h>
-+#include <linux/sched/signal.h>
- #include <linux/slab.h>
- #include <linux/string.h>
- #include <linux/cryptouser.h>
-#include <linux/compiler.h>
- #include <net/netlink.h>
-
- #include "internal.h"
-@@ -224,5 +227,73 @@ void crypto_unregister_rngs(struct rng_alg *algs, int count)
- }
- EXPORT_SYMBOL_GPL(crypto_unregister_rngs);
-
-+static ssize_t crypto_devrandom_read(void __user *buf, size_t buflen)
-+{
-+	u8 tmp[256];
-+	ssize_t ret;
-+
-+	if (!buflen)
-+		return 0;
-+
-+	ret = crypto_get_default_rng();
-+	if (ret)
-+		return ret;
-+
-+	for (;;) {
-+		int err;
-+		int i;
-+
-+		i = min_t(int, buflen, sizeof(tmp));
-+		err = crypto_rng_get_bytes(crypto_default_rng, tmp, i);
-+		if (err) {
-+			ret = err;
-+			break;
-+		}
-+
-+		if (copy_to_user(buf, tmp, i)) {
-+			ret = -EFAULT;
-+			break;
-+		}
-+
-+		buflen -= i;
-+		buf += i;
-+		ret += i;
-+
-+		if (!buflen)
-+			break;
-+
-+		if (need_resched()) {
-+			if (signal_pending(current))
-+				break;
-+			schedule();
-+		}
-+	}
-+
-+	crypto_put_default_rng();
-+	memzero_explicit(tmp, sizeof(tmp));
-+
-+	return ret;
-+}
-+
-+static const struct random_extrng crypto_devrandom_rng = {
-+	.extrng_read = crypto_devrandom_read,
-+	.owner = THIS_MODULE,
-+};
-+
-+static int __init crypto_rng_init(void)
-+{
-+	if (fips_enabled)
-+		random_register_extrng(&crypto_devrandom_rng);
-+	return 0;
-+}
-+
-+static void __exit crypto_rng_exit(void)
-+{
-+	random_unregister_extrng();
-+}
-+
-+late_initcall(crypto_rng_init);
-+module_exit(crypto_rng_exit);
-+
- MODULE_LICENSE("GPL");
- MODULE_DESCRIPTION("Random Number Generator");
 diff --git a/drivers/acpi/apei/hest.c b/drivers/acpi/apei/hest.c
 index 6aef1ee5e1bd..8f146b1b4972 100644
 --- a/drivers/acpi/apei/hest.c
@ -573,189 +473,6 @@ index f1827257ef0e..5a45c2cd3dc2 100644
 	mutex_lock(&ipmi_interfaces_mutex);
 	rv = ipmi_register_driver();
 	mutex_unlock(&ipmi_interfaces_mutex);
-diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 3404a91edf29..184dbb94710c 100644
--- a/drivers/char/random.c
-+++ b/drivers/char/random.c
-@@ -344,6 +344,7 @@
- #include <linux/syscalls.h>
- #include <linux/completion.h>
- #include <linux/uuid.h>
-+#include <linux/rcupdate.h>
- #include <crypto/chacha.h>
- #include <crypto/blake2s.h>
-
-@@ -358,6 +359,11 @@
-
- /* #define ADD_INTERRUPT_BENCH */
-
-+/*
-+ * Hook for external RNG.
-+ */
-+static const struct random_extrng __rcu *extrng;
-+
- /*
-  * If the entropy count falls under this number of bits, then we
-  * should wake up processes which are selecting or polling on write
-@@ -486,6 +492,9 @@ static int ratelimit_disable __read_mostly;
- module_param_named(ratelimit_disable, ratelimit_disable, int, 0644);
- MODULE_PARM_DESC(ratelimit_disable, "Disable random ratelimit suppression");
-
-+static const struct file_operations extrng_random_fops;
-+static const struct file_operations extrng_urandom_fops;
-+
- /**********************************************************************
-  *
-  * OS independent entropy store.   Here are the functions which handle
-@@ -1775,6 +1784,13 @@ static __poll_t random_poll(struct file *file, poll_table *wait)
- 	return mask;
- }
-
-+static __poll_t
-+extrng_poll(struct file *file, poll_table * wait)
-+{
-+	/* extrng pool is always full, always read, no writes */
-+	return EPOLLIN | EPOLLRDNORM;
-+}
-+
- static int write_pool(const char __user *buffer, size_t count)
- {
- 	size_t bytes;
-@@ -1879,7 +1895,58 @@ static int random_fasync(int fd, struct file *filp, int on)
- 	return fasync_helper(fd, filp, on, &fasync);
- }
-
-+static int random_open(struct inode *inode, struct file *filp)
-+{
-+	const struct random_extrng *rng;
-+
-+	rcu_read_lock();
-+	rng = rcu_dereference(extrng);
-+	if (rng && !try_module_get(rng->owner))
-+		rng = NULL;
-+	rcu_read_unlock();
-+
-+	if (!rng)
-+		return 0;
-+
-+	filp->f_op = &extrng_random_fops;
-+	filp->private_data = rng->owner;
-+
-+	return 0;
-+}
-+
-+static int urandom_open(struct inode *inode, struct file *filp)
-+{
-+	const struct random_extrng *rng;
-+
-+	rcu_read_lock();
-+	rng = rcu_dereference(extrng);
-+	if (rng && !try_module_get(rng->owner))
-+		rng = NULL;
-+	rcu_read_unlock();
-+
-+	if (!rng)
-+		return 0;
-+
-+	filp->f_op = &extrng_urandom_fops;
-+	filp->private_data = rng->owner;
-+
-+	return 0;
-+}
-+
-+static int extrng_release(struct inode *inode, struct file *filp)
-+{
-+	module_put(filp->private_data);
-+	return 0;
-+}
-+
-+static ssize_t
-+extrng_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
-+{
-+	return rcu_dereference_raw(extrng)->extrng_read(buf, nbytes);
-+}
-+
- const struct file_operations random_fops = {
-+	.open  = random_open,
- 	.read = random_read,
- 	.write = random_write,
- 	.poll = random_poll,
-@@ -1890,6 +1957,7 @@ const struct file_operations random_fops = {
- };
-
- const struct file_operations urandom_fops = {
-+	.open  = urandom_open,
- 	.read = urandom_read,
- 	.write = random_write,
- 	.unlocked_ioctl = random_ioctl,
-@@ -1898,9 +1966,31 @@ const struct file_operations urandom_fops = {
- 	.llseek = noop_llseek,
- };
-
-+static const struct file_operations extrng_random_fops = {
-+	.open  = random_open,
-+	.read  = extrng_read,
-+	.write = random_write,
-+	.poll  = extrng_poll,
-+	.unlocked_ioctl = random_ioctl,
-+	.fasync = random_fasync,
-+	.llseek = noop_llseek,
-+	.release = extrng_release,
-+};
-+
-+static const struct file_operations extrng_urandom_fops = {
-+	.open  = urandom_open,
-+	.read  = extrng_read,
-+	.write = random_write,
-+	.unlocked_ioctl = random_ioctl,
-+	.fasync = random_fasync,
-+	.llseek = noop_llseek,
-+	.release = extrng_release,
-+};
-+
- SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count, unsigned int,
- 		flags)
- {
-+	const struct random_extrng *rng;
- 	int ret;
-
- 	if (flags & ~(GRND_NONBLOCK | GRND_RANDOM | GRND_INSECURE))
-@@ -1916,6 +2006,18 @@ SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count, unsigned int,
- 	if (count > INT_MAX)
- 		count = INT_MAX;
-
-+	rcu_read_lock();
-+	rng = rcu_dereference(extrng);
-+	if (rng && !try_module_get(rng->owner))
-+		rng = NULL;
-+	rcu_read_unlock();
-+
-+	if (rng) {
-+		ret = rng->extrng_read(buf, count);
-+		module_put(rng->owner);
-+		return ret;
-+	}
-+
- 	if (!(flags & GRND_INSECURE) && !crng_ready()) {
- 		if (flags & GRND_NONBLOCK)
- 			return -EAGAIN;
-@@ -2235,3 +2337,16 @@ void add_bootloader_randomness(const void *buf, unsigned int size)
- 		add_device_randomness(buf, size);
- }
- EXPORT_SYMBOL_GPL(add_bootloader_randomness);
-+
-+void random_register_extrng(const struct random_extrng *rng)
-+{
-+	rcu_assign_pointer(extrng, rng);
-+}
-+EXPORT_SYMBOL_GPL(random_register_extrng);
-+
-+void random_unregister_extrng(void)
-+{
-+	RCU_INIT_POINTER(extrng, NULL);
-+	synchronize_rcu();
-+}
-+EXPORT_SYMBOL_GPL(random_unregister_extrng);
 diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig
 index 2c3dac5ecb36..f44f8b746e42 100644
 --- a/drivers/firmware/efi/Kconfig
@ -2143,31 +1860,6 @@ index ca0959e51e81..b0e3fd550122 100644

 	unsigned int		fattr_valid;	/* Valid attributes */
 	unsigned int		caps;		/* server capabilities */
-diff --git a/include/linux/random.h b/include/linux/random.h
-index c45b2693e51f..4edfdb3e44a9 100644
--- a/include/linux/random.h
-+++ b/include/linux/random.h
-@@ -14,6 +14,11 @@
-
- #include <uapi/linux/random.h>
-
-+struct random_extrng {
-+	ssize_t (*extrng_read)(void __user *buf, size_t buflen);
-+	struct module *owner;
-+};
-+
- struct random_ready_callback {
- 	struct list_head list;
- 	void (*func)(struct random_ready_callback *rdy);
-@@ -44,6 +49,8 @@ extern bool rng_is_initialized(void);
- extern int add_random_ready_callback(struct random_ready_callback *rdy);
- extern void del_random_ready_callback(struct random_ready_callback *rdy);
- extern int __must_check get_random_bytes_arch(void *buf, int nbytes);
-+void random_register_extrng(const struct random_extrng *rng);
-+void random_unregister_extrng(void);
-
- #ifndef MODULE
- extern const struct file_operations random_fops, urandom_fops;
 diff --git a/include/linux/rmi.h b/include/linux/rmi.h
 index ab7eea01ab42..fff7c5f737fc 100644
 --- a/include/linux/rmi.h
--- a/6
+++ b/6
@ -1,3 +1,3 @@
-SHA512 (linux-5.17.11.tar.xz) = 6a2a02537326b8425ca90ab3f3e23b5551956c400a15818eeaac77701e83ddd31629d44875887332fb4ac05fc2dbd0a0a964291f90efa428012f0f7d682e694a
-SHA512 (kernel-abi-stablelists-5.17.11-300.tar.bz2) = 9f30c4a984c4588d6fae8945dade766a19ffb835672d156c22adf83bc1c4ce43fb2de4444b8f206c8827d5d723339a989f56630a819713cadba157dd9c9e5db0
-SHA512 (kernel-kabi-dw-5.17.11-300.tar.bz2) = a151ebd022193373624fb17d9e67ab6319bc20aba15e94e44cf1ae87e071eeee1f2baf9afa9a71722c1ceebe420ad65f57f480d0bd441c93926f87b09beeeedd
+SHA512 (linux-5.17.12.tar.xz) = bdf54320810a1ed1b303b89730aec2fa0e68e45b96c813a15f5cca60e6ce765c0b1a3d4fd39317765227429f206172c709df17741138c6b3e7cbc73ca98cb61d
+SHA512 (kernel-abi-stablelists-5.17.12-300.tar.bz2) = 78ddae08718f2b52ba8a5d0618687319fe901bb71185b7e14302bdef93354a50c2d510e49e0e9f3e802583c0d2091801f405a958c1de5963e416c4b5fd51a2ee
+SHA512 (kernel-kabi-dw-5.17.12-300.tar.bz2) = 92d19a7604057d7c6997250dd0313b8a8d0b1d664dc99d022e4e8230d84cd1157ef954ff3cea4e9c3f98c2ab54126b48b12d6a92c36d6188223366ef431b55f0