Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.12.80 2026-01-08T09:14:28+00:00 2026-01-08T09:14:28+00:00 Shivani Agarwal shivani.agarwal@broadcom.com 2025-09-24T06:01:48+00:00 urn:sha1:5a4b65523608974a81edbe386f8a667a3e10c726 commit 6f6e309328d53a10c0fe1f77dec2db73373179b6 upstream. Several crypto user API contexts and requests allocated with sock_kmalloc() were left uninitialized, relying on callers to set fields explicitly. This resulted in the use of uninitialized data in certain error paths or when new fields are added in the future. The ACVP patches also contain two user-space interface files: algif_kpp.c and algif_akcipher.c. These too rely on proper initialization of their context structures. A particular issue has been observed with the newly added 'inflight' variable introduced in af_alg_ctx by commit: 67b164a871af ("crypto: af_alg - Disallow multiple in-flight AIO requests") Because the context is not memset to zero after allocation, the inflight variable has contained garbage values. As a result, af_alg_alloc_areq() has incorrectly returned -EBUSY randomly when the garbage value was interpreted as true: https://github.com/gregkh/linux/blame/master/crypto/af_alg.c#L1209 The check directly tests ctx->inflight without explicitly comparing against true/false. Since inflight is only ever set to true or false later, an uninitialized value has triggered -EBUSY failures. Zero-initializing memory allocated with sock_kmalloc() ensures inflight and other fields start in a known state, removing random issues caused by uninitialized data. Fixes: fe869cdb89c9 ("crypto: algif_hash - User-space interface for hash operations") Fixes: 5afdfd22e6ba ("crypto: algif_rng - add random number generator support") Fixes: 2d97591ef43d ("crypto: af_alg - consolidation of duplicate code") Fixes: 67b164a871af ("crypto: af_alg - Disallow multiple in-flight AIO requests") Cc: stable@vger.kernel.org Signed-off-by: Shivani Agarwal <shivani.agarwal@broadcom.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2025-09-25T09:13:49+00:00 Herbert Xu herbert@gondor.apana.org.au 2025-09-16T07:42:41+00:00 urn:sha1:24c1106504c625fabd3b7229611af617b4c27ac7 [ Upstream commit 9574b2330dbd2b5459b74d3b5e9619d39299fc6f ] If an error causes af_alg_sendmsg to abort, ctx->merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into af_alg_sendmsg when it attempts to do a merge that can't be done. Fix this by setting ctx->merge to zero near the start of the loop. Fixes: 8ff590903d5 ("crypto: algif_skcipher - User-space interface for skcipher operations") Reported-by: Muhammad Alifa Ramdhan <ramdhan@starlabs.sg> Reported-by: Bing-Jhong Billy Jheng <billy@starlabs.sg> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 2025-09-25T09:13:45+00:00 Herbert Xu herbert@gondor.apana.org.au 2025-09-16T09:20:59+00:00 urn:sha1:9aee87da5572b3a14075f501752e209801160d3d commit 1b34cbbf4f011a121ef7b2d7d6e6920a036d5285 upstream. Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state. Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing. Fixes: 8ff590903d5 ("crypto: algif_skcipher - User-space interface for skcipher operations") Reported-by: Muhammad Alifa Ramdhan <ramdhan@starlabs.sg> Reported-by: Bing-Jhong Billy Jheng <billy@starlabs.sg> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-05-31T09:34:56+00:00 Jeff Johnson quic_jjohnson@quicinc.com 2024-05-23T19:47:39+00:00 urn:sha1:7c699fe9a5740a228b2974325e817de28f7b6afd Fix the 'make W=1' warnings: WARNING: modpost: missing MODULE_DESCRIPTION() in crypto/cast_common.o WARNING: modpost: missing MODULE_DESCRIPTION() in crypto/af_alg.o WARNING: modpost: missing MODULE_DESCRIPTION() in crypto/algif_hash.o WARNING: modpost: missing MODULE_DESCRIPTION() in crypto/algif_skcipher.o WARNING: modpost: missing MODULE_DESCRIPTION() in crypto/ecc.o WARNING: modpost: missing MODULE_DESCRIPTION() in crypto/curve25519-generic.o WARNING: modpost: missing MODULE_DESCRIPTION() in crypto/xor.o WARNING: modpost: missing MODULE_DESCRIPTION() in crypto/crypto_simd.o Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2024-05-14T00:19:09+00:00 Jens Axboe axboe@kernel.dk 2024-05-09T15:20:08+00:00 urn:sha1:92ef0fd55ac80dfc2e4654edfe5d1ddfa6e070fe Rather than pass in flags, error pointer, and whether this is a kernel invocation or not, add a struct proto_accept_arg struct as the argument. This then holds all of these arguments, and prepares accept for being able to pass back more information. No functional changes in this patch. Acked-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Jens Axboe <axboe@kernel.dk> 2024-03-29T22:03:11+00:00 Eric Dumazet edumazet@google.com 2024-03-28T14:40:32+00:00 urn:sha1:1abe267f173eae7ae76cf56232292e9641eb652f While looking at UDP receive performance, I saw sk_wake_async() was no longer inlined. This matters at least on AMD Zen1-4 platforms (see SRSO) This might be because rcu_read_lock() and rcu_read_unlock() are no longer nops in recent kernels ? Add sk_wake_async_rcu() variant, which must be called from contexts already holding rcu lock. As SOCK_FASYNC is deprecated in modern days, use unlikely() to give a hint to the compiler. sk_wake_async_rcu() is properly inlined from __udp_enqueue_schedule_skb() and sock_def_readable(). Signed-off-by: Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20240328144032.1864988-5-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2023-12-08T03:59:44+00:00 Herbert Xu herbert@gondor.apana.org.au 2023-11-28T08:25:49+00:00 urn:sha1:67b164a871af1d736f131fd6fe78a610909f06f3 Having multiple in-flight AIO requests results in unpredictable output because they all share the same IV. Fix this by only allowing one request at a time. Fixes: 83094e5e9e49 ("crypto: af_alg - add async support to algif_aead") Fixes: a596999b7ddf ("crypto: algif - change algif_skcipher to be asynchronous") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2023-08-29T18:23:29+00:00 Linus Torvalds torvalds@linux-foundation.org 2023-08-29T18:23:29+00:00 urn:sha1:68cf01760bc0891074e813b9bb06d2696cac1c01 Pull crypto updates from Herbert Xu: "API: - Move crypto engine callback from tfm ctx into algorithm object - Fix atomic sleep bug in crypto_destroy_instance - Move lib/mpi into lib/crypto Algorithms: - Add chacha20 and poly1305 implementation for powerpc p10 Drivers: - Add AES skcipher and aead support to starfive - Add Dynamic Boost Control support to ccp - Add support for STM32P13 platform to stm32" * tag 'v6.6-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (149 commits) Revert "dt-bindings: crypto: qcom,prng: Add SM8450" crypto: chelsio - Remove unused declarations X.509: if signature is unsupported skip validation crypto: qat - fix crypto capability detection for 4xxx crypto: drivers - Explicitly include correct DT includes crypto: engine - Remove crypto_engine_ctx crypto: zynqmp - Use new crypto_engine_op interface crypto: virtio - Use new crypto_engine_op interface crypto: stm32 - Use new crypto_engine_op interface crypto: jh7110 - Use new crypto_engine_op interface crypto: rk3288 - Use new crypto_engine_op interface crypto: omap - Use new crypto_engine_op interface crypto: keembay - Use new crypto_engine_op interface crypto: sl3516 - Use new crypto_engine_op interface crypto: caam - Use new crypto_engine_op interface crypto: aspeed - Remove non-standard sha512 algorithms crypto: aspeed - Use new crypto_engine_op interface crypto: amlogic - Use new crypto_engine_op interface crypto: sun8i-ss - Use new crypto_engine_op interface crypto: sun8i-ce - Use new crypto_engine_op interface ... 2023-08-18T10:30:09+00:00 Pavel Skripkin paskripkin@gmail.com 2023-08-14T18:03:41+00:00 urn:sha1:080aa61e370b9c5cafe71cacadbfe0e72db4d6df Syzbot was able to trigger use of uninitialized memory in af_alg_free_resources. Bug is caused by missing initialization of rsgl->sgl.need_unpin before adding to rsgl_list. Then in case of extract_iter_to_sg() failure, rsgl is left with uninitialized need_unpin which is read during clean up BUG: KMSAN: uninit-value in af_alg_free_sg crypto/af_alg.c:545 [inline] BUG: KMSAN: uninit-value in af_alg_free_areq_sgls crypto/af_alg.c:778 [inline] BUG: KMSAN: uninit-value in af_alg_free_resources+0x3d1/0xf60 crypto/af_alg.c:1117 af_alg_free_sg crypto/af_alg.c:545 [inline] af_alg_free_areq_sgls crypto/af_alg.c:778 [inline] af_alg_free_resources+0x3d1/0xf60 crypto/af_alg.c:1117 _skcipher_recvmsg crypto/algif_skcipher.c:144 [inline] ... Uninit was created at: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3470 [inline] __kmem_cache_alloc_node+0x536/0x8d0 mm/slub.c:3509 __do_kmalloc_node mm/slab_common.c:984 [inline] __kmalloc+0x121/0x3c0 mm/slab_common.c:998 kmalloc include/linux/slab.h:586 [inline] sock_kmalloc+0x128/0x1c0 net/core/sock.c:2683 af_alg_alloc_areq+0x41/0x2a0 crypto/af_alg.c:1188 _skcipher_recvmsg crypto/algif_skcipher.c:71 [inline] Fixes: c1abe6f570af ("crypto: af_alg: Use extract_iter_to_sg() to create scatterlists") Reported-and-tested-by: syzbot+cba21d50095623218389@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=cba21d50095623218389 Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2023-08-11T11:19:27+00:00 Frederick Lawler fred@cloudflare.com 2023-08-01T13:57:09+00:00 urn:sha1:6b4b53ca0b7300ba2af98a49dbce22054bf034fe Calls to lookup_user_key() require a corresponding key_put() to decrement the usage counter. Once it reaches zero, we schedule key GC. Therefore decrement struct key.usage in alg_set_by_key_serial(). Fixes: 7984ceb134bf ("crypto: af_alg - Support symmetric encryption via keyring keys") Cc: <stable@vger.kernel.org> Signed-off-by: Frederick Lawler <fred@cloudflare.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>