From: Zou Wei <zou_wei(a)huawei.com>
mainline inclusion
from mainline-v5.14-rc1
commit 34e7434ba4e97f4b85c1423a59b2922ba7dff2ea
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9R4DH
CVE: CVE-2021-47355
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…
--------------------------------
This module's remove path calls del_timer(). However, that function
does not wait until the timer handler finishes. This means that the
timer handler may still be running after the driver's remove function
has finished, which would result in a use-after-free.
Fix by calling del_timer_sync(), which makes sure the timer handler
has finished, and unable to re-schedule itself.
Reported-by: Hulk Robot <hulkci(a)huawei.com>
Signed-off-by: Zou Wei <zou_wei(a)huawei.com>
Signed-off-by: David S. Miller <davem(a)davemloft.net>
Signed-off-by: Yang Yingliang <yangyingliang(a)huawei.com>
---
drivers/atm/nicstar.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/atm/nicstar.c b/drivers/atm/nicstar.c
index cbec9adc01c7..2719f086abc7 100644
--- a/drivers/atm/nicstar.c
+++ b/drivers/atm/nicstar.c
@@ -296,7 +296,7 @@ static void __exit nicstar_cleanup(void)
{
XPRINTK("nicstar: nicstar_cleanup() called.\n");
- del_timer(&ns_timer);
+ del_timer_sync(&ns_timer);
pci_unregister_driver(&nicstar_driver);
--
2.25.1
From: Gaosheng Cui <cuigaosheng1(a)huawei.com>
hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I9K8D1
--------------------------------
The ecdh-nist-p256 algorithm will depend on jitterentropy_rng,
and when they are build into kernel, the order of registration
should be done such that the underlying algorithms are ready
before the ones on top are registered.
We can enable fips=1 and ecdh, the calltrace like below:
alg: ecdh-nist-p256: test failed on vector 2, err=-14
Kernel panic - not syncing: alg: self-tests for ecdh-generic (ecdh)
failed in fips mode!
Call Trace:
dump_stack+0x57/0x6e
panic+0x109/0x2ca
alg_test+0x414/0x420
? __switch_to_asm+0x3a/0x60
? __switch_to_asm+0x34/0x60
? __schedule+0x263/0x640
? crypto_acomp_scomp_free_ctx+0x30/0x30
cryptomgr_test+0x22/0x40
kthread+0xf9/0x130
? kthread_park+0x90/0x90
ret_from_fork+0x22/0x30
The module_init(jent_mod_init) is later than subsys_initcall(ecdh_init),
so changing module_init(jent_mod_init) to subsys_initcall(jent_mod_init)
to fix it.
Fixes: c4741b230597 ("crypto: run initcalls for generic implementations earlier")
Signed-off-by: Gaosheng Cui <cuigaosheng1(a)huawei.com>
---
crypto/jitterentropy-kcapi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c
index e8a4165a1874..b1d7b5a6e61c 100644
--- a/crypto/jitterentropy-kcapi.c
+++ b/crypto/jitterentropy-kcapi.c
@@ -214,7 +214,7 @@ static void __exit jent_mod_exit(void)
crypto_unregister_rng(&jent_alg);
}
-module_init(jent_mod_init);
+subsys_initcall(jent_mod_init);
module_exit(jent_mod_exit);
MODULE_LICENSE("Dual BSD/GPL");
--
2.34.1