Patch "powerpc/powernv: Avoid crashing if rng is NULL" has been added to the 5.18-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    powerpc/powernv: Avoid crashing if rng is NULL

to the 5.18-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     powerpc-powernv-avoid-crashing-if-rng-is-null.patch
and it can be found in the queue-5.18 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 90b5d4fe0b3ba7f589c6723c6bfb559d9e83956a Mon Sep 17 00:00:00 2001
From: Michael Ellerman <mpe@xxxxxxxxxxxxxx>
Date: Thu, 28 Jul 2022 00:32:17 +1000
Subject: powerpc/powernv: Avoid crashing if rng is NULL

From: Michael Ellerman <mpe@xxxxxxxxxxxxxx>

commit 90b5d4fe0b3ba7f589c6723c6bfb559d9e83956a upstream.

On a bare-metal Power8 system that doesn't have an "ibm,power-rng", a
malicious QEMU and guest that ignore the absence of the
KVM_CAP_PPC_HWRNG flag, and calls H_RANDOM anyway, will dereference a
NULL pointer.

In practice all Power8 machines have an "ibm,power-rng", but let's not
rely on that, add a NULL check and early return in
powernv_get_random_real_mode().

Fixes: e928e9cb3601 ("KVM: PPC: Book3S HV: Add fast real-mode H_RANDOM implementation.")
Cc: stable@xxxxxxxxxxxxxxx # v4.1+
Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx>
Signed-off-by: Michael Ellerman <mpe@xxxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20220727143219.2684192-1-mpe@xxxxxxxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 arch/powerpc/platforms/powernv/rng.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/arch/powerpc/platforms/powernv/rng.c
+++ b/arch/powerpc/platforms/powernv/rng.c
@@ -63,6 +63,8 @@ int powernv_get_random_real_mode(unsigne
 	struct powernv_rng *rng;
 
 	rng = raw_cpu_read(powernv_rng);
+	if (!rng)
+		return 0;
 
 	*v = rng_whiten(rng, __raw_rm_readq(rng->regs_real));
 


Patches currently in stable-queue which might be from mpe@xxxxxxxxxxxxxx are

queue-5.18/powerpc-restore-config_debug_info-in-defconfigs.patch
queue-5.18/powerpc-powernv-avoid-crashing-if-rng-is-null.patch
queue-5.18/powerpc-ptdump-fix-display-of-rw-pages-on-fsl_book3e.patch
queue-5.18/powerpc-64e-fix-early-tlb-miss-with-kuap.patch
queue-5.18/powerpc-fsl-pci-fix-class-code-of-pcie-root-port.patch
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux