Author: renodr
Date: Mon Jul 29 20:00:22 2019
New Revision: 3971
Log:
Add systemd networkd and rdrand patch
Added:
trunk/systemd/systemd-241-networkd_and_rdrand_fixes-1.patch
Added: trunk/systemd/systemd-241-networkd_and_rdrand_fixes-1.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/systemd/systemd-241-networkd_and_rdrand_fixes-1.patch Mon Jul 29
20:00:22 2019 (r3971)
@@ -0,0 +1,117 @@
+Submitted By: Douglas R. Reno <renodr at linuxfromscratch dot org>
+Date: 2019-07-29
+Initial Package Version: 241
+Upstream Status: Applied
+Origin: Upstream / Self
+Description: Adapt systemd-networkd to changes in the Linux Kernel
+ 5.2+'s IPv6 API, and adapt the random number generator
+ to a bug in the AMD Ryzen CPUs that will lead to
RDRAND
+ returning the same number instead of a random number
+ upon returning from a suspend/resume cycle.
+
+diff -Naurp systemd-241.orig/src/basic/random-util.c
systemd-241/src/basic/random-util.c
+--- systemd-241.orig/src/basic/random-util.c 2019-02-14 04:11:58.000000000
-0600
++++ systemd-241/src/basic/random-util.c 2019-07-29 21:38:12.697107936
-0500
+@@ -37,7 +37,8 @@ int rdrand(unsigned long *ret) {
+
+ #if defined(__i386__) || defined(__x86_64__)
+ static int have_rdrand = -1;
+- unsigned char err;
++ unsigned long v;
++ uint8_t success;
+
+ if (have_rdrand < 0) {
+ uint32_t eax, ebx, ecx, edx;
+@@ -56,16 +57,28 @@ int rdrand(unsigned long *ret) {
+
+ asm volatile("rdrand %0;"
+ "setc %1"
+- : "=r" (*ret),
+- "=qm" (err));
++ : "=r" (v),
++ "=qm" (success));
+
+ #if HAS_FEATURE_MEMORY_SANITIZER
+- __msan_unpoison(&err, sizeof(err));
++ __msan_unpoison(&success, sizeof(success));
+ #endif
+
+- if (!err)
++ if (!success)
+ return -EAGAIN;
+
++ /* Apparently on some AMD CPUs RDRAND will sometimes (after a
suspend/resume cycle) report success
++ * via the carry flag but nonetheless return the same fixed value -1
in all cases. This appears to be
++ * a bad bug in the CPU or microcode. Let's deal with that and
work-around this by explicitly checking
++ * for this special value (and also 0, just to be sure) and filtering
it out. This is a work-around
++ * only however and something AMD should really fix properly. The
Linux kernel should probably work
++ * around this issue by turning off RDRAND altogether on those CPUs.
See:
++ * https://github.com/systemd/systemd/issues/11810
++ * BLFS/LFS: See ticket #4506 in LFS and Ticket #12330 in BLFS */
++ if (v == 0 || v == ULONG_MAX)
++ return log_debug_errno(SYNTHETIC_ERRNO(EUCLEAN),
++ "RDRAND returned suspicious value %lx, assuming bad hardware
RNG, not using value.", v);
++ *ret = v;
+ return 0;
+ #else
+ return -EOPNOTSUPP;
+diff -Naurp systemd-241.orig/src/network/networkd-link.c
systemd-241/src/network/networkd-link.c
+--- systemd-241.orig/src/network/networkd-link.c 2019-02-14
04:11:58.000000000 -0600
++++ systemd-241/src/network/networkd-link.c 2019-07-29 21:26:04.388687895
-0500
+@@ -1788,6 +1788,9 @@ static int link_configure_addrgen_mode(L
+ assert(link->manager);
+ assert(link->manager->rtnl);
+
++ if (!socket_ipv6_is_supported())
++ return 0;
++
+ log_link_debug(link, "Setting address genmode for link");
+
+ r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_SETLINK,
link->ifindex);
+@@ -1889,31 +1892,6 @@ static int link_up(Link *link) {
+ return log_link_error_errno(link, r, "Could not set
MAC address: %m");
+ }
+
+- if (link_ipv6_enabled(link)) {
+- r = sd_netlink_message_open_container(req, IFLA_AF_SPEC);
+- if (r < 0)
+- return log_link_error_errno(link, r, "Could not open
IFLA_AF_SPEC container: %m");
+-
+- /* if the kernel lacks ipv6 support setting IFF_UP fails if
any ipv6 options are passed */
+- r = sd_netlink_message_open_container(req, AF_INET6);
+- if (r < 0)
+- return log_link_error_errno(link, r, "Could not open
AF_INET6 container: %m");
+-
+- if (!in_addr_is_null(AF_INET6, &link->network->ipv6_token)) {
+- r = sd_netlink_message_append_in6_addr(req,
IFLA_INET6_TOKEN, &link->network->ipv6_token.in6);
+- if (r < 0)
+- return log_link_error_errno(link, r, "Could
not append IFLA_INET6_TOKEN: %m");
+- }
+-
+- r = sd_netlink_message_close_container(req);
+- if (r < 0)
+- return log_link_error_errno(link, r, "Could not close
AF_INET6 container: %m");
+-
+- r = sd_netlink_message_close_container(req);
+- if (r < 0)
+- return log_link_error_errno(link, r, "Could not close
IFLA_AF_SPEC container: %m");
+- }
+-
+ r = netlink_call_async(link->manager->rtnl, NULL, req,
link_up_handler,
+ link_netlink_destroy_callback, link);
+ if (r < 0)
+@@ -3001,11 +2979,9 @@ static int link_configure(Link *link) {
+ return r;
+ }
+
+- if (socket_ipv6_is_supported()) {
+- r = link_configure_addrgen_mode(link);
+- if (r < 0)
+- return r;
+- }
++ r = link_configure_addrgen_mode(link);
++ if (r < 0)
++ return r;
+
+ return link_configure_after_setting_mtu(link);
+ }
--
http://lists.linuxfromscratch.org/listinfo/patches
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
