!11 fix broken RDRAND causes infinite looping

From: @liuyumeng1 Reviewed-by: @shirely16,@zzm_567,@yanan-rock Signed-off-by: @yanan-rock
2021-09-09 09:00:58 +00:00 · 2021-09-09 09:00:58 +00:00 · b3bfacad79
commit b3bfacad79
parent 6bd565e53b 87ba42f50f
3 changed files with 198 additions and 5 deletions
--- a/backport-Detect-broken-RDRAND-during-initialization.patch
+++ b/backport-Detect-broken-RDRAND-during-initialization.patch
@ -0,0 +1,70 @@
 From 4d36b0287d3ab0912ba8a4790340ca099960b2b0 Mon Sep 17 00:00:00 2001
 From: Tudor Brindus <me@tbrindus.ca>
 Date: Fri, 1 May 2020 21:09:22 -0400
 Subject: [PATCH] Detect broken RDRAND during initialization
 Some CPUs advertise RDRAND in CPUID, but return 0xFFFFFFFF
 unconditionally. To avoid locking up later, test RDRAND during
 initialization, and if it returns 0xFFFFFFFF, mark it as nonexistent.
 Fixes #588.
 Conflict:NA
 Reference:https://github.com/json-c/json-c/commit/4d36b0287d3ab0912ba8a4790340ca099960b2b0
 ---
 random_seed.c | 37 +++++++++++++++++++++++++++++++++----
 1 file changed, 33 insertions(+), 4 deletions(-)
 diff --git a/random_seed.c b/random_seed.c
 index 97d9547..b97dbd1 100644
 --- a/random_seed.c
 +++ b/random_seed.c
@@ -53,12 +53,41 @@ static void do_cpuid(int regs[], int h)
 #if HAS_X86_CPUID
 +static int get_rdrand_seed(void);
 +
 +// Valid values are -1 (haven't tested), 0 (no), and 1 (yes).
 +static int _has_rdrand = -1;
 +
 static int has_rdrand(void)
 {
 -    // CPUID.01H:ECX.RDRAND[bit 30] == 1
 -    int regs[4];
 -    do_cpuid(regs, 1);
 -    return (regs[2] & (1 << 30)) != 0;
 +	if (_has_rdrand == -1)
 +	{
 +		// CPUID.01H:ECX.RDRAND[bit 30] == 1
 +		int regs[4];
 +		do_cpuid(regs, 1);
 +		if (!(regs[2] & (1 << 30)))
 +		{
 +			_has_rdrand = 0;
 +		} else
 +		{
 +			// Some CPUs advertise RDRAND in CPUID, but return 0xFFFFFFFF
 +			// unconditionally. To avoid locking up later, test RDRAND here. If over
 +			// 10 trials RDRAND has returned the same value, declare it broken.
 +			_has_rdrand = 0;
 +			int prev = get_rdrand_seed();
 +			for (int i = 0; i < 10; i++) {
 +				int temp = get_rdrand_seed();
 +				if (temp != prev) {
 +					_has_rdrand = 1;
 +					break;
 +				}
 +
 +				prev = temp;
 +			}
 +		}
 +	}
 +
 +	return _has_rdrand;
 }
 #endif
 -- 
 2.27.0
--- a/backport-drop-the-rdrand-test-loops.patch
+++ b/backport-drop-the-rdrand-test-loops.patch
@ -0,0 +1,118 @@
 From 80863140263be5f2dc630938ed8f0066f8a1ab43 Mon Sep 17 00:00:00 2001
 From: Eric Haszlakiewicz <erh+git@nimenees.com>
 Date: Mon, 4 May 2020 01:29:02 +0000
 Subject: [PATCH] Issue #589: drop the rdrand test loops to just 3, tweak
 comments and add some links to bug reports, and decrease the nesting level of
 the has_rdrand() function.
 Conflict:NA
 Reference:https://github.com/json-c/json-c/commit/80863140263be5f2dc630938ed8f0066f8a1ab43
 ---
 random_seed.c | 63 +++++++++++++++++++++++++++++++--------------------
 1 file changed, 38 insertions(+), 25 deletions(-)
 diff --git a/random_seed.c b/random_seed.c
 index b97dbd1..8bbc467 100644
 --- a/random_seed.c
 +++ b/random_seed.c
@@ -55,36 +55,45 @@ static void do_cpuid(int regs[], int h)
 static int get_rdrand_seed(void);
 -// Valid values are -1 (haven't tested), 0 (no), and 1 (yes).
 +/* Valid values are -1 (haven't tested), 0 (no), and 1 (yes). */
 static int _has_rdrand = -1;
 static int has_rdrand(void)
 {
 -	if (_has_rdrand == -1)
 +	if (_has_rdrand != -1)
 	{
 -		// CPUID.01H:ECX.RDRAND[bit 30] == 1
 -		int regs[4];
 -		do_cpuid(regs, 1);
 -		if (!(regs[2] & (1 << 30)))
 -		{
 -			_has_rdrand = 0;
 -		} else
 +		return _has_rdrand;
 +	}
 +
 +	/* CPUID.01H:ECX.RDRAND[bit 30] == 1 */
 +	int regs[4];
 +	do_cpuid(regs, 1);
 +	if (!(regs[2] & (1 << 30)))
 +	{
 +		_has_rdrand = 0;
 +		return 0;
 +	}
 +
 +	/*
 +	 * Some CPUs advertise RDRAND in CPUID, but return 0xFFFFFFFF
 +	 * unconditionally. To avoid locking up later, test RDRAND here. If over
 +	 * 3 trials RDRAND has returned the same value, declare it broken.
 +	 * Example CPUs are AMD Ryzen 3000 series
 +	 * and much older AMD APUs, such as the E1-1500
 +	 * https://github.com/systemd/systemd/issues/11810
 +	 * https://linuxreviews.org/RDRAND_stops_returning_random_values_on_older_AMD_CPUs_after_suspend
 +	 */
 +	_has_rdrand = 0;
 +	int prev = get_rdrand_seed();
 +	for (int i = 0; i < 3; i++)
 +	{
 +		int temp = get_rdrand_seed();
 +		if (temp != prev)
 		{
 -			// Some CPUs advertise RDRAND in CPUID, but return 0xFFFFFFFF
 -			// unconditionally. To avoid locking up later, test RDRAND here. If over
 -			// 10 trials RDRAND has returned the same value, declare it broken.
 -			_has_rdrand = 0;
 -			int prev = get_rdrand_seed();
 -			for (int i = 0; i < 10; i++) {
 -				int temp = get_rdrand_seed();
 -				if (temp != prev) {
 -					_has_rdrand = 1;
 -					break;
 -				}
 -
 -				prev = temp;
 -			}
 +			_has_rdrand = 1;
 +			break;
 		}
 +		prev = temp;
 	}
 	return _has_rdrand;
@@ -102,7 +111,7 @@ static int get_rdrand_seed(void)
 {
     DEBUG_SEED("get_rdrand_seed");
     int _eax;
 -    // rdrand eax
 +    /* rdrand eax */
     __asm__ __volatile__("1: .byte 0x0F\n"
                          "   .byte 0xC7\n"
                          "   .byte 0xF0\n"
@@ -138,7 +147,7 @@ static int get_rdrand_seed(void)
 	DEBUG_SEED("get_rdrand_seed");
 	int _eax;
 retry:
 -	// rdrand eax
 +	/* rdrand eax */
 	__asm _emit 0x0F __asm _emit 0xC7 __asm _emit 0xF0
 	__asm jnc retry
 	__asm mov _eax, eax
@@ -208,6 +217,10 @@ static int get_dev_random_seed(void)
 #define HAVE_CRYPTGENRANDOM 1
 #include <windows.h>
 +
 +/* Caution: these blank lines must remain so clang-format doesn't reorder
 +   includes to put windows.h after wincrypt.h */
 +
 #include <wincrypt.h>
 #ifndef __GNUC__
 #pragma comment(lib, "advapi32.lib")
 -- 
 2.27.0
--- a/json-c.spec
+++ b/json-c.spec
@ -6,7 +6,7 @@
 Name:           json-c
 Version:        0.13.1
-Release:        8
+Release:        9
 Summary:        JSON implementation in C
 License:        MIT
@ -14,9 +14,9 @@ URL:            https://github.com/%{name}/%{name}
 Source0:        %{url}/archive/%{name}-%{version}-%{reldate}.tar.gz
 # Cherry-picked from upstream.
-Patch0:         %{url}/commit/da4b34355da023c439e96bc6ca31886cd69d6bdb.patch#/%{name}-0.13.1-parse_test_UTF8_BOM.patch
+Patch0:		json-c-0.13.1-parse_test_UTF8_BOM.patch
-Patch1:         %{url}/commit/f8c632f579c71012f9aca81543b880a579f634fc.patch#/%{name}-0.13.1-fix_incorrect_casts_in_calls_to_ctype_functions.patch
+Patch1:		json-c-0.13.1-fix_incorrect_casts_in_calls_to_ctype_functions.patch
-Patch2:         %{url}/commit/8bd62177e796386fb6382db101c90b57b6138afe.patch#/%{name}-0.13.1-fix_typos.patch
+Patch2:		json-c-0.13.1-fix_typos.patch
 Patch6000:      0012-json_object_private-Use-unsigned-32-bit-integer-type.patch
 Patch6001:      0040-Fixed-misalignment-in-JSON-string-due-to-space-after.patch
@ -27,6 +27,8 @@ Patch6004:      0002-Issue-486-append-a-missing-.0-to-negative-double-val.patch
 Patch9000:      bugfix-json-c-support_aarch64.patch
 Patch6005:	json-c-bugfix-against-INT64_MAX.patch
 Patch6006:	CVE-2020-12762.patch
 Patch6007:	backport-Detect-broken-RDRAND-during-initialization.patch
 Patch6008:	backport-drop-the-rdrand-test-loops.patch
 BuildRequires:  libtool
 %description
@ -110,7 +112,10 @@ end
 %doc %{_pkgdocdir}
 %changelog
-* Mon Jul 21 2020 wangye <wangye70@huawei.com> - 0.13.1-8
+* Thu Sep 9 2021 liuyumeng <liuyumeng5@huawei.com> - 0.13.1-9
 - fix broken RDRAND causes infinite looping
 * Tue Jul 21 2020 wangye <wangye70@huawei.com> - 0.13.1-8
 - fix hardlink path
 * Fri May 22 2020 ruanweidong <ruanweidong1@huawei.com> - 0.13.1-7