From 27d302f451bba2cfb9fb96c5c7a7b4041511c3bb Mon Sep 17 00:00:00 2001 From: liuyumeng Date: Thu, 9 Sep 2021 11:49:29 +0800 Subject: [PATCH] fix broken RDRAND causes infinote looping --- ...-broken-RDRAND-during-initialization.patch | 70 +++++++++++ backport-drop-the-rdrand-test-loops.patch | 118 ++++++++++++++++++ json-c.spec | 15 ++- 3 files changed, 198 insertions(+), 5 deletions(-) create mode 100644 backport-Detect-broken-RDRAND-during-initialization.patch create mode 100644 backport-drop-the-rdrand-test-loops.patch diff --git a/backport-Detect-broken-RDRAND-during-initialization.patch b/backport-Detect-broken-RDRAND-during-initialization.patch new file mode 100644 index 0000000..c902f8c --- /dev/null +++ b/backport-Detect-broken-RDRAND-during-initialization.patch @@ -0,0 +1,70 @@ +From 4d36b0287d3ab0912ba8a4790340ca099960b2b0 Mon Sep 17 00:00:00 2001 +From: Tudor Brindus +Date: Fri, 1 May 2020 21:09:22 -0400 +Subject: [PATCH] Detect broken RDRAND during initialization + +Some CPUs advertise RDRAND in CPUID, but return 0xFFFFFFFF +unconditionally. To avoid locking up later, test RDRAND during +initialization, and if it returns 0xFFFFFFFF, mark it as nonexistent. + +Fixes #588. + +Conflict:NA +Reference:https://github.com/json-c/json-c/commit/4d36b0287d3ab0912ba8a4790340ca099960b2b0 +--- + random_seed.c | 37 +++++++++++++++++++++++++++++++++---- + 1 file changed, 33 insertions(+), 4 deletions(-) + +diff --git a/random_seed.c b/random_seed.c +index 97d9547..b97dbd1 100644 +--- a/random_seed.c ++++ b/random_seed.c +@@ -53,12 +53,41 @@ static void do_cpuid(int regs[], int h) + + #if HAS_X86_CPUID + ++static int get_rdrand_seed(void); ++ ++// Valid values are -1 (haven't tested), 0 (no), and 1 (yes). ++static int _has_rdrand = -1; ++ + static int has_rdrand(void) + { +- // CPUID.01H:ECX.RDRAND[bit 30] == 1 +- int regs[4]; +- do_cpuid(regs, 1); +- return (regs[2] & (1 << 30)) != 0; ++ if (_has_rdrand == -1) ++ { ++ // CPUID.01H:ECX.RDRAND[bit 30] == 1 ++ int regs[4]; ++ do_cpuid(regs, 1); ++ if (!(regs[2] & (1 << 30))) ++ { ++ _has_rdrand = 0; ++ } else ++ { ++ // Some CPUs advertise RDRAND in CPUID, but return 0xFFFFFFFF ++ // unconditionally. To avoid locking up later, test RDRAND here. If over ++ // 10 trials RDRAND has returned the same value, declare it broken. ++ _has_rdrand = 0; ++ int prev = get_rdrand_seed(); ++ for (int i = 0; i < 10; i++) { ++ int temp = get_rdrand_seed(); ++ if (temp != prev) { ++ _has_rdrand = 1; ++ break; ++ } ++ ++ prev = temp; ++ } ++ } ++ } ++ ++ return _has_rdrand; + } + + #endif +-- +2.27.0 + diff --git a/backport-drop-the-rdrand-test-loops.patch b/backport-drop-the-rdrand-test-loops.patch new file mode 100644 index 0000000..89d6d3e --- /dev/null +++ b/backport-drop-the-rdrand-test-loops.patch @@ -0,0 +1,118 @@ +From 80863140263be5f2dc630938ed8f0066f8a1ab43 Mon Sep 17 00:00:00 2001 +From: Eric Haszlakiewicz +Date: Mon, 4 May 2020 01:29:02 +0000 +Subject: [PATCH] Issue #589: drop the rdrand test loops to just 3, tweak + comments and add some links to bug reports, and decrease the nesting level of + the has_rdrand() function. + +Conflict:NA +Reference:https://github.com/json-c/json-c/commit/80863140263be5f2dc630938ed8f0066f8a1ab43 +--- + random_seed.c | 63 +++++++++++++++++++++++++++++++-------------------- + 1 file changed, 38 insertions(+), 25 deletions(-) + +diff --git a/random_seed.c b/random_seed.c +index b97dbd1..8bbc467 100644 +--- a/random_seed.c ++++ b/random_seed.c +@@ -55,36 +55,45 @@ static void do_cpuid(int regs[], int h) + + static int get_rdrand_seed(void); + +-// Valid values are -1 (haven't tested), 0 (no), and 1 (yes). ++/* Valid values are -1 (haven't tested), 0 (no), and 1 (yes). */ + static int _has_rdrand = -1; + + static int has_rdrand(void) + { +- if (_has_rdrand == -1) ++ if (_has_rdrand != -1) + { +- // CPUID.01H:ECX.RDRAND[bit 30] == 1 +- int regs[4]; +- do_cpuid(regs, 1); +- if (!(regs[2] & (1 << 30))) +- { +- _has_rdrand = 0; +- } else ++ return _has_rdrand; ++ } ++ ++ /* CPUID.01H:ECX.RDRAND[bit 30] == 1 */ ++ int regs[4]; ++ do_cpuid(regs, 1); ++ if (!(regs[2] & (1 << 30))) ++ { ++ _has_rdrand = 0; ++ return 0; ++ } ++ ++ /* ++ * Some CPUs advertise RDRAND in CPUID, but return 0xFFFFFFFF ++ * unconditionally. To avoid locking up later, test RDRAND here. If over ++ * 3 trials RDRAND has returned the same value, declare it broken. ++ * Example CPUs are AMD Ryzen 3000 series ++ * and much older AMD APUs, such as the E1-1500 ++ * https://github.com/systemd/systemd/issues/11810 ++ * https://linuxreviews.org/RDRAND_stops_returning_random_values_on_older_AMD_CPUs_after_suspend ++ */ ++ _has_rdrand = 0; ++ int prev = get_rdrand_seed(); ++ for (int i = 0; i < 3; i++) ++ { ++ int temp = get_rdrand_seed(); ++ if (temp != prev) + { +- // Some CPUs advertise RDRAND in CPUID, but return 0xFFFFFFFF +- // unconditionally. To avoid locking up later, test RDRAND here. If over +- // 10 trials RDRAND has returned the same value, declare it broken. +- _has_rdrand = 0; +- int prev = get_rdrand_seed(); +- for (int i = 0; i < 10; i++) { +- int temp = get_rdrand_seed(); +- if (temp != prev) { +- _has_rdrand = 1; +- break; +- } +- +- prev = temp; +- } ++ _has_rdrand = 1; ++ break; + } ++ prev = temp; + } + + return _has_rdrand; +@@ -102,7 +111,7 @@ static int get_rdrand_seed(void) + { + DEBUG_SEED("get_rdrand_seed"); + int _eax; +- // rdrand eax ++ /* rdrand eax */ + __asm__ __volatile__("1: .byte 0x0F\n" + " .byte 0xC7\n" + " .byte 0xF0\n" +@@ -138,7 +147,7 @@ static int get_rdrand_seed(void) + DEBUG_SEED("get_rdrand_seed"); + int _eax; + retry: +- // rdrand eax ++ /* rdrand eax */ + __asm _emit 0x0F __asm _emit 0xC7 __asm _emit 0xF0 + __asm jnc retry + __asm mov _eax, eax +@@ -208,6 +217,10 @@ static int get_dev_random_seed(void) + #define HAVE_CRYPTGENRANDOM 1 + + #include ++ ++/* Caution: these blank lines must remain so clang-format doesn't reorder ++ includes to put windows.h after wincrypt.h */ ++ + #include + #ifndef __GNUC__ + #pragma comment(lib, "advapi32.lib") +-- +2.27.0 + diff --git a/json-c.spec b/json-c.spec index 5fca26b..2fb24d5 100644 --- a/json-c.spec +++ b/json-c.spec @@ -6,7 +6,7 @@ Name: json-c Version: 0.13.1 -Release: 8 +Release: 9 Summary: JSON implementation in C License: MIT @@ -14,9 +14,9 @@ URL: https://github.com/%{name}/%{name} Source0: %{url}/archive/%{name}-%{version}-%{reldate}.tar.gz # Cherry-picked from upstream. -Patch0: %{url}/commit/da4b34355da023c439e96bc6ca31886cd69d6bdb.patch#/%{name}-0.13.1-parse_test_UTF8_BOM.patch -Patch1: %{url}/commit/f8c632f579c71012f9aca81543b880a579f634fc.patch#/%{name}-0.13.1-fix_incorrect_casts_in_calls_to_ctype_functions.patch -Patch2: %{url}/commit/8bd62177e796386fb6382db101c90b57b6138afe.patch#/%{name}-0.13.1-fix_typos.patch +Patch0: json-c-0.13.1-parse_test_UTF8_BOM.patch +Patch1: json-c-0.13.1-fix_incorrect_casts_in_calls_to_ctype_functions.patch +Patch2: json-c-0.13.1-fix_typos.patch Patch6000: 0012-json_object_private-Use-unsigned-32-bit-integer-type.patch Patch6001: 0040-Fixed-misalignment-in-JSON-string-due-to-space-after.patch @@ -27,6 +27,8 @@ Patch6004: 0002-Issue-486-append-a-missing-.0-to-negative-double-val.patch Patch9000: bugfix-json-c-support_aarch64.patch Patch6005: json-c-bugfix-against-INT64_MAX.patch Patch6006: CVE-2020-12762.patch +Patch6007: backport-Detect-broken-RDRAND-during-initialization.patch +Patch6008: backport-drop-the-rdrand-test-loops.patch BuildRequires: libtool %description @@ -110,7 +112,10 @@ end %doc %{_pkgdocdir} %changelog -* Mon Jul 21 2020 wangye - 0.13.1-8 +* Thu Sep 9 2021 liuyumeng - 0.13.1-9 +* fix broken RDRAND causes infinite looping + +* Tue Jul 21 2020 wangye - 0.13.1-8 - fix hardlink path * Fri May 22 2020 ruanweidong - 0.13.1-7 -- Gitee