netfilter: nf_tables: unbind non-anonymous set if rule construction fails

[platform/kernel/linux-starfive.git] / crypto / jitterentropy-kcapi.c
diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c

index 2d115be..b9edfaa 100644 (file)
--- a/crypto/jitterentropy-kcapi.c
+++ b/crypto/jitterentropy-kcapi.c
@@ -37,6 +37,7 @@
   * DAMAGE.
   */
  
+#include <linux/fips.h>
  #include <linux/kernel.h>
  #include <linux/module.h>
  #include <linux/slab.h>
@@ -59,11 +60,6 @@ void jent_zfree(void *ptr)
         kfree_sensitive(ptr);
  }
  
-void jent_panic(char *s)
-{
-       panic("%s", s);
-}
-
  void jent_memcpy(void *dest, const void *src, unsigned int n)
  {
         memcpy(dest, src, n);
@@ -102,7 +98,6 @@ void jent_get_nstime(__u64 *out)
  struct jitterentropy {
         spinlock_t jent_lock;
         struct rand_data *entropy_collector;
-       unsigned int reset_cnt;
  };
  
  static int jent_kcapi_init(struct crypto_tfm *tfm)
@@ -138,32 +133,30 @@ static int jent_kcapi_random(struct crypto_rng *tfm,
  
         spin_lock(&rng->jent_lock);
  
-       /* Return a permanent error in case we had too many resets in a row. */
-       if (rng->reset_cnt > (1<<10)) {
-               ret = -EFAULT;
-               goto out;
-       }
-
         ret = jent_read_entropy(rng->entropy_collector, rdata, dlen);
  
-       /* Reset RNG in case of health failures */
-       if (ret < -1) {
-               pr_warn_ratelimited("Reset Jitter RNG due to health test failure: %s failure\n",
-                                   (ret == -2) ? "Repetition Count Test" :
-                                                 "Adaptive Proportion Test");
-
-               rng->reset_cnt++;
-
+       if (ret == -3) {
+               /* Handle permanent health test error */
+               /*
+                * If the kernel was booted with fips=1, it implies that
+                * the entire kernel acts as a FIPS 140 module. In this case
+                * an SP800-90B permanent health test error is treated as
+                * a FIPS module error.
+                */
+               if (fips_enabled)
+                       panic("Jitter RNG permanent health test failure\n");
+
+               pr_err("Jitter RNG permanent health test failure\n");
+               ret = -EFAULT;
+       } else if (ret == -2) {
+               /* Handle intermittent health test error */
+               pr_warn_ratelimited("Reset Jitter RNG due to intermittent health test failure\n");
                 ret = -EAGAIN;
-       } else {
-               rng->reset_cnt = 0;
-
-               /* Convert the Jitter RNG error into a usable error code */
-               if (ret == -1)
-                       ret = -EINVAL;
+       } else if (ret == -1) {
+               /* Handle other errors */
+               ret = -EINVAL;
         }
  
-out:
         spin_unlock(&rng->jent_lock);
  
         return ret;
@@ -197,6 +190,10 @@ static int __init jent_mod_init(void)
  
         ret = jent_entropy_init();
         if (ret) {
+               /* Handle permanent health test error */
+               if (fips_enabled)
+                       panic("jitterentropy: Initialization failed with host not compliant with requirements: %d\n", ret);
+
                 pr_info("jitterentropy: Initialization failed with host not compliant with requirements: %d\n", ret);
                 return -EFAULT;
         }