- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] Patch "gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: gpio-iop-add-missing-module_description-author-license.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 97b03136e1b637d7a9d2274c099e44ecf23f1103 Mon Sep 17 00:00:00 2001 From: Jesse Chan <jc(a)linux.com> Date: Mon, 20 Nov 2017 12:54:52 -0800 Subject: gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE From: Jesse Chan <jc(a)linux.com> commit 97b03136e1b637d7a9d2274c099e44ecf23f1103 upstream. This change resolves a new compile-time warning when built as a loadable module: WARNING: modpost: missing MODULE_LICENSE() in drivers/gpio/gpio-iop.o see include/linux/module.h for more information This adds the license as "GPL", which matches the header of the file. MODULE_DESCRIPTION and MODULE_AUTHOR are also added. Signed-off-by: Jesse Chan <jc(a)linux.com> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpio/gpio-iop.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/drivers/gpio/gpio-iop.c +++ b/drivers/gpio/gpio-iop.c @@ -58,3 +58,7 @@ static int __init iop3xx_gpio_init(void) return platform_driver_register(&iop3xx_gpio_driver); } arch_initcall(iop3xx_gpio_init); + +MODULE_DESCRIPTION("GPIO handling for Intel IOP3xx processors"); +MODULE_AUTHOR("Lennert Buytenhek <buytenh(a)wantstofly.org>"); +MODULE_LICENSE("GPL"); Patches currently in stable-queue which might be from jc(a)linux.com are queue-4.15/gpio-iop-add-missing-module_description-author-license.patch queue-4.15/power-reset-zx-reboot-add-missing-module_description-author-license.patch queue-4.15/gpio-ath79-add-missing-module_description-license.patch queue-4.15/mtd-nand-denali_pci-add-missing-module_description-author-license.patch

7 years, 5 months

1
0
0 0

[Linux-stable-mirror] Patch "gpio: Fix kernel stack leak to userspace" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled gpio: Fix kernel stack leak to userspace to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: gpio-fix-kernel-stack-leak-to-userspace.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 24bd3efc9d1efb5f756a7c6f807a36ddb6adc671 Mon Sep 17 00:00:00 2001 From: Linus Walleij <linus.walleij(a)linaro.org> Date: Mon, 22 Jan 2018 13:19:28 +0100 Subject: gpio: Fix kernel stack leak to userspace From: Linus Walleij <linus.walleij(a)linaro.org> commit 24bd3efc9d1efb5f756a7c6f807a36ddb6adc671 upstream. The GPIO event descriptor was leaking kernel stack to userspace because we don't zero the variable before use. Ooops. Fix this. Reported-by: Arnd Bergmann <arnd(a)arndb.de> Reviewed-by: Bartosz Golaszewski <brgl(a)bgdev.pl> Reviewed-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpio/gpiolib.c | 3 +++ 1 file changed, 3 insertions(+) --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c @@ -732,6 +732,9 @@ static irqreturn_t lineevent_irq_thread( struct gpioevent_data ge; int ret, level; + /* Do not leak kernel stack to userspace */ + memset(&ge, 0, sizeof(ge)); + ge.timestamp = ktime_get_real_ns(); level = gpiod_get_value_cansleep(le->desc); Patches currently in stable-queue which might be from linus.walleij(a)linaro.org are queue-4.15/gpio-iop-add-missing-module_description-author-license.patch queue-4.15/tools-gpio-fix-build-error-with-musl-libc.patch queue-4.15/gpio-fix-kernel-stack-leak-to-userspace.patch queue-4.15/gpio-ath79-add-missing-module_description-license.patch queue-4.15/gpio-stmpe-i2c-transfer-are-forbiden-in-atomic-context.patch

7 years, 5 months

1
0
0 0

[Linux-stable-mirror] Patch "gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: gpio-ath79-add-missing-module_description-license.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 539340f37e6d6ed4cd93e8e18c9b2e4eafd4b842 Mon Sep 17 00:00:00 2001 From: Jesse Chan <jc(a)linux.com> Date: Mon, 20 Nov 2017 12:54:26 -0800 Subject: gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE From: Jesse Chan <jc(a)linux.com> commit 539340f37e6d6ed4cd93e8e18c9b2e4eafd4b842 upstream. This change resolves a new compile-time warning when built as a loadable module: WARNING: modpost: missing MODULE_LICENSE() in drivers/gpio/gpio-ath79.o see include/linux/module.h for more information This adds the license as "GPL v2", which matches the header of the file. MODULE_DESCRIPTION is also added. Signed-off-by: Jesse Chan <jc(a)linux.com> Acked-by: Alban Bedel <albeu(a)free.fr> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/gpio/gpio-ath79.c | 3 +++ 1 file changed, 3 insertions(+) --- a/drivers/gpio/gpio-ath79.c +++ b/drivers/gpio/gpio-ath79.c @@ -324,3 +324,6 @@ static struct platform_driver ath79_gpio }; module_platform_driver(ath79_gpio_driver); + +MODULE_DESCRIPTION("Atheros AR71XX/AR724X/AR913X GPIO API support"); +MODULE_LICENSE("GPL v2"); Patches currently in stable-queue which might be from jc(a)linux.com are queue-4.15/gpio-iop-add-missing-module_description-author-license.patch queue-4.15/power-reset-zx-reboot-add-missing-module_description-author-license.patch queue-4.15/gpio-ath79-add-missing-module_description-license.patch queue-4.15/mtd-nand-denali_pci-add-missing-module_description-author-license.patch

7 years, 5 months

1
0
0 0

[Linux-stable-mirror] Patch "crypto: inside-secure - fix hash when length is a multiple of a block" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled crypto: inside-secure - fix hash when length is a multiple of a block to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: crypto-inside-secure-fix-hash-when-length-is-a-multiple-of-a-block.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 809778e02cd45d0625439fee67688f655627bb3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20T=C3=A9nart?= <antoine.tenart(a)free-electrons.com> Date: Tue, 26 Dec 2017 17:21:17 +0100 Subject: crypto: inside-secure - fix hash when length is a multiple of a block From: Antoine Tenart <antoine.tenart(a)free-electrons.com> commit 809778e02cd45d0625439fee67688f655627bb3c upstream. This patch fixes the hash support in the SafeXcel driver when the update size is a multiple of a block size, and when a final call is made just after with a size of 0. In such cases the driver should cache the last block from the update to avoid handling 0 length data on the final call (that's a hardware limitation). Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver") Signed-off-by: Antoine Tenart <antoine.tenart(a)free-electrons.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/crypto/inside-secure/safexcel_hash.c | 34 +++++++++++++++++++-------- 1 file changed, 24 insertions(+), 10 deletions(-) --- a/drivers/crypto/inside-secure/safexcel_hash.c +++ b/drivers/crypto/inside-secure/safexcel_hash.c @@ -186,17 +186,31 @@ static int safexcel_ahash_send_req(struc else cache_len = queued - areq->nbytes; - /* - * If this is not the last request and the queued data does not fit - * into full blocks, cache it for the next send() call. - */ - extra = queued & (crypto_ahash_blocksize(ahash) - 1); - if (!req->last_req && extra) { - sg_pcopy_to_buffer(areq->src, sg_nents(areq->src), - req->cache_next, extra, areq->nbytes - extra); + if (!req->last_req) { + /* If this is not the last request and the queued data does not + * fit into full blocks, cache it for the next send() call. + */ + extra = queued & (crypto_ahash_blocksize(ahash) - 1); + if (!extra) + /* If this is not the last request and the queued data + * is a multiple of a block, cache the last one for now. + */ + extra = queued - crypto_ahash_blocksize(ahash); - queued -= extra; - len -= extra; + if (extra) { + sg_pcopy_to_buffer(areq->src, sg_nents(areq->src), + req->cache_next, extra, + areq->nbytes - extra); + + queued -= extra; + len -= extra; + + if (!queued) { + *commands = 0; + *results = 0; + return 0; + } + } } spin_lock_bh(&priv->ring[ring].egress_lock); Patches currently in stable-queue which might be from antoine.tenart(a)free-electrons.com are queue-4.15/crypto-inside-secure-avoid-unmapping-dma-memory-that-was-not-mapped.patch queue-4.15/crypto-inside-secure-fix-hash-when-length-is-a-multiple-of-a-block.patch

7 years, 5 months

1
0
0 0

[Linux-stable-mirror] Patch "crypto: sha3-generic - fixes for alignment and big endian operation" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled crypto: sha3-generic - fixes for alignment and big endian operation to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: crypto-sha3-generic-fixes-for-alignment-and-big-endian-operation.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c013cee99d5a18aec8c71fee8f5f41369cd12595 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Date: Fri, 19 Jan 2018 12:04:33 +0000 Subject: crypto: sha3-generic - fixes for alignment and big endian operation From: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> commit c013cee99d5a18aec8c71fee8f5f41369cd12595 upstream. Ensure that the input is byte swabbed before injecting it into the SHA3 transform. Use the get_unaligned() accessor for this so that we don't perform unaligned access inadvertently on architectures that do not support that. Fixes: 53964b9ee63b7075 ("crypto: sha3 - Add SHA-3 hash algorithm") Signed-off-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- crypto/sha3_generic.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/crypto/sha3_generic.c +++ b/crypto/sha3_generic.c @@ -18,6 +18,7 @@ #include <linux/types.h> #include <crypto/sha3.h> #include <asm/byteorder.h> +#include <asm/unaligned.h> #define KECCAK_ROUNDS 24 @@ -149,7 +150,7 @@ static int sha3_update(struct shash_desc unsigned int i; for (i = 0; i < sctx->rsizw; i++) - sctx->st[i] ^= ((u64 *) src)[i]; + sctx->st[i] ^= get_unaligned_le64(src + 8 * i); keccakf(sctx->st); done += sctx->rsiz; @@ -174,7 +175,7 @@ static int sha3_final(struct shash_desc sctx->buf[sctx->rsiz - 1] |= 0x80; for (i = 0; i < sctx->rsizw; i++) - sctx->st[i] ^= ((u64 *) sctx->buf)[i]; + sctx->st[i] ^= get_unaligned_le64(sctx->buf + 8 * i); keccakf(sctx->st); Patches currently in stable-queue which might be from ard.biesheuvel(a)linaro.org are queue-4.15/crypto-sha3-generic-fixes-for-alignment-and-big-endian-operation.patch

7 years, 5 months

1
0
0 0

[Linux-stable-mirror] Patch "crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: crypto-ecdh-fix-typo-in-kpp-dependency-of-crypto_ecdh.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From b5b9007730ce1d90deaf25d7f678511550744bdc Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens <hauke(a)hauke-m.de> Date: Sun, 26 Nov 2017 00:16:46 +0100 Subject: crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH From: Hauke Mehrtens <hauke(a)hauke-m.de> commit b5b9007730ce1d90deaf25d7f678511550744bdc upstream. This fixes a typo in the CRYPTO_KPP dependency of CRYPTO_ECDH. Fixes: 3c4b23901a0c ("crypto: ecdh - Add ECDH software support") Signed-off-by: Hauke Mehrtens <hauke(a)hauke-m.de> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- crypto/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -130,7 +130,7 @@ config CRYPTO_DH config CRYPTO_ECDH tristate "ECDH algorithm" - select CRYTPO_KPP + select CRYPTO_KPP select CRYPTO_RNG_DEFAULT help Generic implementation of the ECDH algorithm Patches currently in stable-queue which might be from hauke(a)hauke-m.de are queue-4.15/crypto-ecdh-fix-typo-in-kpp-dependency-of-crypto_ecdh.patch

7 years, 5 months

1
0
0 0

[Linux-stable-mirror] Patch "crypto: inside-secure - avoid unmapping DMA memory that was not mapped" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled crypto: inside-secure - avoid unmapping DMA memory that was not mapped to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: crypto-inside-secure-avoid-unmapping-dma-memory-that-was-not-mapped.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c957f8b3e2e54b29f53ef69decc87bbc858c9b58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20T=C3=A9nart?= <antoine.tenart(a)free-electrons.com> Date: Tue, 26 Dec 2017 17:21:16 +0100 Subject: crypto: inside-secure - avoid unmapping DMA memory that was not mapped From: Antoine Tenart <antoine.tenart(a)free-electrons.com> commit c957f8b3e2e54b29f53ef69decc87bbc858c9b58 upstream. This patch adds a parameter in the SafeXcel ahash request structure to keep track of the number of SG entries mapped. This allows not to call dma_unmap_sg() when dma_map_sg() wasn't called in the first place. This also removes a warning when the debugging of the DMA-API is enabled in the kernel configuration: "DMA-API: device driver tries to free DMA memory it has not allocated". Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver") Signed-off-by: Antoine Tenart <antoine.tenart(a)free-electrons.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/crypto/inside-secure/safexcel_hash.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) --- a/drivers/crypto/inside-secure/safexcel_hash.c +++ b/drivers/crypto/inside-secure/safexcel_hash.c @@ -34,6 +34,8 @@ struct safexcel_ahash_req { bool hmac; bool needs_inv; + int nents; + u8 state_sz; /* expected sate size, only set once */ u32 state[SHA256_DIGEST_SIZE / sizeof(u32)] __aligned(sizeof(u32)); @@ -152,8 +154,10 @@ static int safexcel_handle_req_result(st memcpy(areq->result, sreq->state, crypto_ahash_digestsize(ahash)); - dma_unmap_sg(priv->dev, areq->src, - sg_nents_for_len(areq->src, areq->nbytes), DMA_TO_DEVICE); + if (sreq->nents) { + dma_unmap_sg(priv->dev, areq->src, sreq->nents, DMA_TO_DEVICE); + sreq->nents = 0; + } safexcel_free_context(priv, async, sreq->state_sz); @@ -178,7 +182,7 @@ static int safexcel_ahash_send_req(struc struct safexcel_command_desc *cdesc, *first_cdesc = NULL; struct safexcel_result_desc *rdesc; struct scatterlist *sg; - int i, nents, queued, len, cache_len, extra, n_cdesc = 0, ret = 0; + int i, queued, len, cache_len, extra, n_cdesc = 0, ret = 0; queued = len = req->len - req->processed; if (queued < crypto_ahash_blocksize(ahash)) @@ -248,15 +252,15 @@ static int safexcel_ahash_send_req(struc } /* Now handle the current ahash request buffer(s) */ - nents = dma_map_sg(priv->dev, areq->src, - sg_nents_for_len(areq->src, areq->nbytes), - DMA_TO_DEVICE); - if (!nents) { + req->nents = dma_map_sg(priv->dev, areq->src, + sg_nents_for_len(areq->src, areq->nbytes), + DMA_TO_DEVICE); + if (!req->nents) { ret = -ENOMEM; goto cdesc_rollback; } - for_each_sg(areq->src, sg, nents, i) { + for_each_sg(areq->src, sg, req->nents, i) { int sglen = sg_dma_len(sg); /* Do not overflow the request */ Patches currently in stable-queue which might be from antoine.tenart(a)free-electrons.com are queue-4.15/crypto-inside-secure-avoid-unmapping-dma-memory-that-was-not-mapped.patch queue-4.15/crypto-inside-secure-fix-hash-when-length-is-a-multiple-of-a-block.patch

7 years, 5 months

1
0
0 0

[Linux-stable-mirror] Patch "crypto: af_alg - whitelist mask and type" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled crypto: af_alg - whitelist mask and type to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: crypto-af_alg-whitelist-mask-and-type.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From bb30b8848c85e18ca7e371d0a869e94b3e383bdf Mon Sep 17 00:00:00 2001 From: Stephan Mueller <smueller(a)chronox.de> Date: Tue, 2 Jan 2018 08:55:25 +0100 Subject: crypto: af_alg - whitelist mask and type From: Stephan Mueller <smueller(a)chronox.de> commit bb30b8848c85e18ca7e371d0a869e94b3e383bdf upstream. The user space interface allows specifying the type and mask field used to allocate the cipher. Only a subset of the possible flags are intended for user space. Therefore, white-list the allowed flags. In case the user space caller uses at least one non-allowed flag, EINVAL is returned. Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: Stephan Mueller <smueller(a)chronox.de> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- crypto/af_alg.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -150,7 +150,7 @@ EXPORT_SYMBOL_GPL(af_alg_release_parent) static int alg_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) { - const u32 forbidden = CRYPTO_ALG_INTERNAL; + const u32 allowed = CRYPTO_ALG_KERN_DRIVER_ONLY; struct sock *sk = sock->sk; struct alg_sock *ask = alg_sk(sk); struct sockaddr_alg *sa = (void *)uaddr; @@ -158,6 +158,10 @@ static int alg_bind(struct socket *sock, void *private; int err; + /* If caller uses non-allowed flag, return error. */ + if ((sa->salg_feat & ~allowed) || (sa->salg_mask & ~allowed)) + return -EINVAL; + if (sock->state == SS_CONNECTED) return -EINVAL; @@ -176,9 +180,7 @@ static int alg_bind(struct socket *sock, if (IS_ERR(type)) return PTR_ERR(type); - private = type->bind(sa->salg_name, - sa->salg_feat & ~forbidden, - sa->salg_mask & ~forbidden); + private = type->bind(sa->salg_name, sa->salg_feat, sa->salg_mask); if (IS_ERR(private)) { module_put(type->owner); return PTR_ERR(private); Patches currently in stable-queue which might be from smueller(a)chronox.de are queue-4.15/crypto-af_alg-whitelist-mask-and-type.patch queue-4.15/crypto-aesni-handle-zero-length-dst-buffer.patch

7 years, 5 months

1
0
0 0

[Linux-stable-mirror] Patch "crypto: aesni - handle zero length dst buffer" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled crypto: aesni - handle zero length dst buffer to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: crypto-aesni-handle-zero-length-dst-buffer.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 9c674e1e2f9e24fa4392167efe343749008338e0 Mon Sep 17 00:00:00 2001 From: Stephan Mueller <smueller(a)chronox.de> Date: Thu, 18 Jan 2018 20:41:09 +0100 Subject: crypto: aesni - handle zero length dst buffer From: Stephan Mueller <smueller(a)chronox.de> commit 9c674e1e2f9e24fa4392167efe343749008338e0 upstream. GCM can be invoked with a zero destination buffer. This is possible if the AAD and the ciphertext have zero lengths and only the tag exists in the source buffer (i.e. a source buffer cannot be zero). In this case, the GCM cipher only performs the authentication and no decryption operation. When the destination buffer has zero length, it is possible that no page is mapped to the SG pointing to the destination. In this case, sg_page(req->dst) is an invalid access. Therefore, page accesses should only be allowed if the req->dst->length is non-zero which is the indicator that a page must exist. This fixes a crash that can be triggered by user space via AF_ALG. Signed-off-by: Stephan Mueller <smueller(a)chronox.de> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/crypto/aesni-intel_glue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/x86/crypto/aesni-intel_glue.c +++ b/arch/x86/crypto/aesni-intel_glue.c @@ -824,7 +824,7 @@ static int gcmaes_decrypt(struct aead_re if (sg_is_last(req->src) && (!PageHighMem(sg_page(req->src)) || req->src->offset + req->src->length <= PAGE_SIZE) && - sg_is_last(req->dst) && + sg_is_last(req->dst) && req->dst->length && (!PageHighMem(sg_page(req->dst)) || req->dst->offset + req->dst->length <= PAGE_SIZE)) { one_entry_in_sg = 1; Patches currently in stable-queue which might be from smueller(a)chronox.de are queue-4.15/crypto-af_alg-whitelist-mask-and-type.patch queue-4.15/crypto-aesni-handle-zero-length-dst-buffer.patch

7 years, 5 months

1
0
0 0

[Linux-stable-mirror] Patch "crypto: aesni - fix typo in generic_gcmaes_decrypt" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled crypto: aesni - fix typo in generic_gcmaes_decrypt to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: crypto-aesni-fix-typo-in-generic_gcmaes_decrypt.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 106840c41096a01079d3a2025225029c13713802 Mon Sep 17 00:00:00 2001 From: Sabrina Dubroca <sd(a)queasysnail.net> Date: Wed, 13 Dec 2017 14:53:43 +0100 Subject: crypto: aesni - fix typo in generic_gcmaes_decrypt From: Sabrina Dubroca <sd(a)queasysnail.net> commit 106840c41096a01079d3a2025225029c13713802 upstream. generic_gcmaes_decrypt needs to use generic_gcmaes_ctx, not aesni_rfc4106_gcm_ctx. This is actually harmless because the fields in struct generic_gcmaes_ctx share the layout of the same fields in aesni_rfc4106_gcm_ctx. Fixes: cce2ea8d90fe ("crypto: aesni - add generic gcm(aes)") Signed-off-by: Sabrina Dubroca <sd(a)queasysnail.net> Reviewed-by: Stefano Brivio <sbrivio(a)redhat.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/x86/crypto/aesni-intel_glue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/x86/crypto/aesni-intel_glue.c +++ b/arch/x86/crypto/aesni-intel_glue.c @@ -1117,7 +1117,7 @@ static int generic_gcmaes_decrypt(struct { __be32 counter = cpu_to_be32(1); struct crypto_aead *tfm = crypto_aead_reqtfm(req); - struct aesni_rfc4106_gcm_ctx *ctx = aesni_rfc4106_gcm_ctx_get(tfm); + struct generic_gcmaes_ctx *ctx = generic_gcmaes_ctx_get(tfm); void *aes_ctx = &(ctx->aes_key_expanded); u8 iv[16] __attribute__ ((__aligned__(AESNI_ALIGN))); Patches currently in stable-queue which might be from sd(a)queasysnail.net are queue-4.15/crypto-aesni-add-wrapper-for-generic-gcm-aes.patch queue-4.15/crypto-aesni-fix-typo-in-generic_gcmaes_decrypt.patch

7 years, 5 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror