Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v4.17.15 2018-08-03T05:48:00+00:00 2018-08-03T05:48:00+00:00 Tudor-Dan Ambarus tudor.ambarus@microchip.com 2018-04-03T06:39:00+00:00 urn:sha1:6705c48563c5e503f3e58715a0da71f4d8fd1c40 [ Upstream commit ad2fdcdf75d169e7a5aec6c7cb421c0bec8ec711 ] In crypto_authenc_setkey we save pointers to the authenc keys in a local variable of type struct crypto_authenc_keys and we don't zeroize it after use. Fix this and don't leak pointers to the authenc keys. Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-08-03T05:48:00+00:00 Tudor-Dan Ambarus tudor.ambarus@microchip.com 2018-04-03T06:39:01+00:00 urn:sha1:296805b12d9df058860fd891c6d418a09399e4f2 [ Upstream commit 31545df391d58a3bb60e29b1192644a6f2b5a8dd ] In crypto_authenc_esn_setkey we save pointers to the authenc keys in a local variable of type struct crypto_authenc_keys and we don't zeroize it after use. Fix this and don't leak pointers to the authenc keys. Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-07-22T13:16:05+00:00 Stephan Mueller smueller@chronox.de 2018-07-07T18:41:47+00:00 urn:sha1:3185701e549cd060d807cafa31c6925f4c937625 commit 2546da99212f22034aecf279da9c47cbfac6c981 upstream. The RX SGL in processing is already registered with the RX SGL tracking list to support proper cleanup. The cleanup code path uses the sg_num_bytes variable which must therefore be always initialized, even in the error code path. Signed-off-by: Stephan Mueller <smueller@chronox.de> Reported-by: syzbot+9c251bdd09f83b92ba95@syzkaller.appspotmail.com #syz test: https://github.com/google/kmsan.git master CC: <stable@vger.kernel.org> #4.14 Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management") Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management") Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-07-17T09:48:33+00:00 Dmitry Vyukov dvyukov@google.com 2018-06-08T09:53:41+00:00 urn:sha1:2ab61ab0a4b34f9310aef02992bbcd6d46f03a40 commit f044a84e040b85cd609851ac88ae8b54b2cc0b75 upstream. keccakf() is the only function in kernel that uses __optimize() macro. __optimize() breaks frame pointer unwinder as optimized code uses RBP, and amusingly this always lead to degraded performance as gcc does not inline across different optimizations levels, so keccakf() wasn't inlined into its callers and keccakf_round() wasn't inlined into keccakf(). Drop __optimize() to resolve both problems. Signed-off-by: Dmitry Vyukov <dvyukov@google.com> Fixes: 83dee2ce1ae7 ("crypto: sha3-generic - rewrite KECCAK transform to help the compiler optimize") Reported-by: syzbot+37035ccfa9a0a017ffcf@syzkaller.appspotmail.com Reported-by: syzbot+e073e4740cfbb3ae200b@syzkaller.appspotmail.com Cc: linux-crypto@vger.kernel.org Cc: "David S. Miller" <davem@davemloft.net> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-07-17T09:48:32+00:00 Eric Biggers ebiggers@google.com 2018-05-26T07:08:58+00:00 urn:sha1:49c8ef6d52ed6dacbca5a731ebe253bfb44e0ea9 commit b7b73cd5d74694ed59abcdb4974dacb4ff8b2a2a upstream. The x86 assembly implementations of Salsa20 use the frame base pointer register (%ebp or %rbp), which breaks frame pointer convention and breaks stack traces when unwinding from an interrupt in the crypto code. Recent (v4.10+) kernels will warn about this, e.g. WARNING: kernel stack regs at 00000000a8291e69 in syzkaller047086:4677 has bad 'bp' value 000000001077994c [...] But after looking into it, I believe there's very little reason to still retain the x86 Salsa20 code. First, these are *not* vectorized (SSE2/SSSE3/AVX2) implementations, which would be needed to get anywhere close to the best Salsa20 performance on any remotely modern x86 processor; they're just regular x86 assembly. Second, it's still unclear that anyone is actually using the kernel's Salsa20 at all, especially given that now ChaCha20 is supported too, and with much more efficient SSSE3 and AVX2 implementations. Finally, in benchmarks I did on both Intel and AMD processors with both gcc 8.1.0 and gcc 4.9.4, the x86_64 salsa20-asm is actually slightly *slower* than salsa20-generic (~3% slower on Skylake, ~10% slower on Zen), while the i686 salsa20-asm is only slightly faster than salsa20-generic (~15% faster on Skylake, ~20% faster on Zen). The gcc version made little difference. So, the x86_64 salsa20-asm is pretty clearly useless. That leaves just the i686 salsa20-asm, which based on my tests provides a 15-20% speed boost. But that's without updating the code to not use %ebp. And given the maintenance cost, the small speed difference vs. salsa20-generic, the fact that few people still use i686 kernels, the doubt that anyone is even using the kernel's Salsa20 at all, and the fact that a SSE2 implementation would almost certainly be much faster on any remotely modern x86 processor yet no one has cared enough to add one yet, I don't think it's worthwhile to keep. Thus, just remove both the x86_64 and i686 salsa20-asm implementations. Reported-by: syzbot+ffa3a158337bbc01ff09@syzkaller.appspotmail.com Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-07-03T09:27:00+00:00 Maciej S. Szmigiero mail@maciej.szmigiero.name 2018-05-19T12:23:54+00:00 urn:sha1:31b3044dc5020d85ade8d6731a27fdbc7dbdcbbd commit b65c32ec5a942ab3ada93a048089a938918aba7f upstream. The signatureValue field of a X.509 certificate is encoded as a BIT STRING. For RSA signatures this BIT STRING is of so-called primitive subtype, which contains a u8 prefix indicating a count of unused bits in the encoding. We have to strip this prefix from signature data, just as we already do for key data in x509_extract_key_data() function. This wasn't noticed earlier because this prefix byte is zero for RSA key sizes divisible by 8. Since BIT STRING is a big-endian encoding adding zero prefixes has no bearing on its value. The signature length, however was incorrect, which is a problem for RSA implementations that need it to be exactly correct (like AMD CCP). Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name> Fixes: c26fd69fa009 ("X.509: Add a crypto key parser for binary (DER) X.509 certificates") Cc: stable@vger.kernel.org Signed-off-by: James Morris <james.morris@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-04-20T16:57:00+00:00 Stephan Mueller smueller@chronox.de 2018-04-12T06:40:55+00:00 urn:sha1:eea0d3ea7546961f69f55b26714ac8fd71c7c020 During freeing of the internal buffers used by the DRBG, set the pointer to NULL. It is possible that the context with the freed buffers is reused. In case of an error during initialization where the pointers do not yet point to allocated memory, the NULL value prevents a double free. Cc: stable@vger.kernel.org Fixes: 3cfc3b9721123 ("crypto: drbg - use aligned buffers") Signed-off-by: Stephan Mueller <smueller@chronox.de> Reported-by: syzbot+75397ee3df5c70164154@syzkaller.appspotmail.com Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-20T16:24:02+00:00 Eric Biggers ebiggers@google.com 2018-04-16T23:59:13+00:00 urn:sha1:b346e492d7127e4332d5a9989b844b2095cc4fcd Commit eb02c38f0197 ("crypto: api - Keep failed instances alive") is making allocating crypto transforms sometimes fail with ELIBBAD, when multiple processes try to access encrypted files with fscrypt for the first time since boot. The problem is that the "request larval" for the algorithm is being mistaken for an algorithm which failed its tests. Fix it by only returning ELIBBAD for "non-larval" algorithms. Also don't leak a reference to the algorithm. Fixes: eb02c38f0197 ("crypto: api - Keep failed instances alive") Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2018-04-16T00:21:30+00:00 Linus Torvalds torvalds@linux-foundation.org 2018-04-16T00:21:30+00:00 urn:sha1:ca71b3ba4c78c2c05b44be9b257a4127223f0b0c Pull more Kbuild updates from Masahiro Yamada: - pass HOSTLDFLAGS when compiling single .c host programs - build genksyms lexer and parser files instead of using shipped versions - rename *-asn1.[ch] to *.asn1.[ch] for suffix consistency - let the top .gitignore globally ignore artifacts generated by flex, bison, and asn1_compiler - let the top Makefile globally clean artifacts generated by flex, bison, and asn1_compiler - use safer .SECONDARY marker instead of .PRECIOUS to prevent intermediate files from being removed - support -fmacro-prefix-map option to make __FILE__ a relative path - fix # escaping to prepare for the future GNU Make release - clean up deb-pkg by using debian tools instead of handrolled source/changes generation - improve rpm-pkg portability by supporting kernel-install as a fallback of new-kernel-pkg - extend Kconfig listnewconfig target to provide more information * tag 'kbuild-v4.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kconfig: extend output of 'listnewconfig' kbuild: rpm-pkg: use kernel-install as a fallback for new-kernel-pkg Kbuild: fix # escaping in .cmd files for future Make kbuild: deb-pkg: split generating packaging and build kbuild: use -fmacro-prefix-map to make __FILE__ a relative path kbuild: mark $(targets) as .SECONDARY and remove .PRECIOUS markers kbuild: rename *-asn1.[ch] to *.asn1.[ch] kbuild: clean up *-asn1.[ch] patterns from top-level Makefile .gitignore: move *-asn1.[ch] patterns to the top-level .gitignore kbuild: add %.dtb.S and %.dtb to 'targets' automatically kbuild: add %.lex.c and %.tab.[ch] to 'targets' automatically genksyms: generate lexer and parser during build instead of shipping kbuild: clean up *.lex.c and *.tab.[ch] patterns from top-level Makefile .gitignore: move *.lex.c *.tab.[ch] patterns to the top-level .gitignore kbuild: use HOSTLDFLAGS for single .c executables 2018-04-10T18:39:22+00:00 Linus Torvalds torvalds@linux-foundation.org 2018-04-10T18:39:22+00:00 urn:sha1:948869fa9f391664cfe008fa9968a1110bfd14fd Pull MIPS updates from James Hogan: "These are the main MIPS changes for 4.17. Rough overview: (1) generic platform: Add support for Microsemi Ocelot SoCs (2) crypto: Add CRC32 and CRC32C HW acceleration module (3) Various cleanups and misc improvements More detailed summary: Miscellaneous: - hang more efficiently on halt/powerdown/restart - pm-cps: Block system suspend when a JTAG probe is present - expand make help text for generic defconfigs - refactor handling of legacy defconfigs - determine the entry point from the ELF file header to fix microMIPS for certain toolchains - introduce isa-rev.h for MIPS_ISA_REV and use to simplify other code Minor cleanups: - DTS: boston/ci20: Unit name cleanups and correction - kdump: Make the default for PHYSICAL_START always 64-bit - constify gpio_led in Alchemy, AR7, and TXX9 - silence a couple of W=1 warnings - remove duplicate includes Platform support: Generic platform: - add support for Microsemi Ocelot - dt-bindings: Add vendor prefix for Microsemi Corporation - dt-bindings: Add bindings for Microsemi SoCs - add ocelot SoC & PCB123 board DTS files - MAINTAINERS: Add entry for Microsemi MIPS SoCs - enable crc32-mips on r6 configs ath79: - fix AR724X_PLL_REG_PCIE_CONFIG offset BCM47xx: - firmware: Use mac_pton() for MAC address parsing - add Luxul XAP1500/XWR1750 WiFi LEDs - use standard reset button for Luxul XWR-1750 BMIPS: - enable CONFIG_BRCMSTB_PM in bmips_stb_defconfig for build coverage - add STB PM, wake-up timer, watchdog DT nodes Octeon: - drop '.' after newlines in printk calls ralink: - pci-mt7621: Enable PCIe on MT7688" * tag 'mips_4.17' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips: (37 commits) MIPS: BCM47XX: Use standard reset button for Luxul XWR-1750 MIPS: BCM47XX: Add Luxul XAP1500/XWR1750 WiFi LEDs MIPS: Make the default for PHYSICAL_START always 64-bit MIPS: Use the entry point from the ELF file header MAINTAINERS: Add entry for Microsemi MIPS SoCs MIPS: generic: Add support for Microsemi Ocelot MIPS: mscc: Add ocelot PCB123 device tree MIPS: mscc: Add ocelot dtsi dt-bindings: mips: Add bindings for Microsemi SoCs dt-bindings: Add vendor prefix for Microsemi Corporation MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset MIPS: pci-mt7620: Enable PCIe on MT7688 MIPS: pm-cps: Block system suspend when a JTAG probe is present MIPS: VDSO: Replace __mips_isa_rev with MIPS_ISA_REV MIPS: BPF: Replace __mips_isa_rev with MIPS_ISA_REV MIPS: cpu-features.h: Replace __mips_isa_rev with MIPS_ISA_REV MIPS: Introduce isa-rev.h to define MIPS_ISA_REV MIPS: Hang more efficiently on halt/powerdown/restart FIRMWARE: bcm47xx_nvram: Replace mac address parsing MIPS: BMIPS: Add Broadcom STB watchdog nodes ...