https://source.android.com/docs/security/bulletin/2023-04-01
CVE-2022-4696
CVE-2023-20941
* tag 'ASB-2023-04-05_4.19-stable' of https://android.googlesource.com/kernel/common:
UPSTREAM: ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
UPSTREAM: fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
UPSTREAM: fsverity: Remove WQ_UNBOUND from fsverity read workqueue
BACKPORT: blk-mq: clear stale request in tags->rq[] before freeing one request pool
Linux 4.19.279
HID: uhid: Over-ride the default maximum data buffer value with our own
HID: core: Provide new max_buffer_size attribute to over-ride the default
serial: 8250_em: Fix UART port type
drm/i915: Don't use stolen memory for ring buffers with LLC
x86/mm: Fix use of uninitialized buffer in sme_enable()
fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
ftrace: Fix invalid address access in lookup_rec() when index is 0
tracing: Make tracepoint lockdep check actually test something
tracing: Check field value in hist_field_name()
sh: intc: Avoid spurious sizeof-pointer-div warning
drm/amdkfd: Fix an illegal memory access
ext4: fix task hung in ext4_xattr_delete_inode
ext4: fail ext4_iget if special inode unallocated
jffs2: correct logic when creating a hole in jffs2_write_begin
mmc: atmel-mci: fix race between stop command and start of next command
media: m5mols: fix off-by-one loop termination error
hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition
hwmon: (adt7475) Fix masking of hysteresis registers
hwmon: (adt7475) Display smoothing attributes in correct order
ethernet: sun: add check for the mdesc_grab()
net/iucv: Fix size of interrupt data
net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull
ipv4: Fix incorrect table ID in IOCTL path
block: sunvdc: add check for mdesc_grab() returning NULL
nvmet: avoid potential UAF in nvmet_req_complete()
net: usb: smsc75xx: Limit packet length to skb->len
nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
net: tunnels: annotate lockless accesses to dev->needed_headroom
qed/qed_dev: guard against a possible division by zero
nfc: pn533: initialize struct pn533_out_arg properly
tcp: tcp_make_synack() can be called from process context
clk: HI655X: select REGMAP instead of depending on it
fs: sysfs_emit_at: Remove PAGE_SIZE alignment check
ext4: fix cgroup writeback accounting with fs-layer encryption
UPSTREAM: ext4: fix another off-by-one fsmap error on 1k block filesystems
Linux 4.19.278
ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties
net: caif: Fix use-after-free in cfusbl_device_notify()
drm/i915: Don't use BAR mappings for ring buffers with LLC
tipc: improve function tipc_wait_for_cond()
media: ov5640: Fix analogue gain control
PCI: Add SolidRun vendor ID
macintosh: windfarm: Use unsigned type for 1-bit bitfields
alpha: fix R_ALPHA_LITERAL reloc for large modules
MIPS: Fix a compilation issue
Revert "spi: mt7621: Fix an error message in mt7621_spi_probe()"
scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
kbuild: generate modules.order only in directories visited by obj-y/m
kbuild: fix false-positive need-builtin calculation
udf: Detect system inodes linked into directory hierarchy
udf: Preserve link count of system files
udf: Remove pointless union in udf_inode_info
udf: reduce leakage of blocks related to named streams
udf: Explain handling of load_nls() failure
nfc: change order inside nfc_se_io error path
ext4: zero i_disksize when initializing the bootloader inode
ext4: fix WARNING in ext4_update_inline_data
ext4: move where set the MAY_INLINE_DATA flag is set
ext4: fix another off-by-one fsmap error on 1k block filesystems
ext4: fix RENAME_WHITEOUT handling for inline directories
x86/CPU/AMD: Disable XSAVES on AMD family 0x17
fs: prevent out-of-bounds array speculation when closing a file descriptor
Linux 4.19.277
staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh
staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script
wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext"
Linux 4.19.276
thermal: intel: powerclamp: Fix cur_state for multi package system
f2fs: fix cgroup writeback accounting with fs-layer encryption
media: uvcvideo: Fix race condition with usb_kill_urb
media: uvcvideo: Provide sync and async uvc_ctrl_status_event
tcp: Fix listen() regression in 4.19.270
s390/setup: init jump labels before command line parsing
s390/maccess: add no DAT mode to kernel_write
Bluetooth: hci_sock: purge socket queues in the destruct() callback
phy: rockchip-typec: Fix unsigned comparison with less than zero
usb: uvc: Enumerate valid values for color matching
USB: ene_usb6250: Allocate enough memory for full object
usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math
iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word()
iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word()
tools/iio/iio_utils:fix memory leak
mei: bus-fixup:upon error print return values of send and receive
tty: serial: fsl_lpuart: disable the CTS when send break signal
tty: fix out-of-bounds access in tty_driver_lookup_tty()
media: uvcvideo: Silence memcpy() run-time false positive warnings
media: uvcvideo: Handle errors from calls to usb_string
media: uvcvideo: Handle cameras with invalid descriptors
firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
thermal: intel: quark_dts: fix error pointer dereference
scsi: ipr: Work around fortify-string warning
vc_screen: modify vcs_size() handling in vcs_read()
tcp: tcp_check_req() can be called from process context
ARM: dts: spear320-hmi: correct STMPE GPIO compatible
nfc: fix memory leak of se_io context in nfc_genl_se_io
9p/rdma: unmap receive dma buffer in rdma_request()/post_recv()
9p/xen: fix connection sequence
9p/xen: fix version parsing
net: fix __dev_kfree_skb_any() vs drop monitor
netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()
watchdog: pcwd_usb: Fix attempting to access uninitialized memory
watchdog: Fix kmemleak in watchdog_cdev_register
watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path
x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list
ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
ubifs: ubifs_writepage: Mark page dirty after writing inode failed
ubifs: dirty_cow_znode: Fix memleak in error handling path
ubifs: Re-statistic cleaned znode count if commit failed
ubi: Fix possible null-ptr-deref in ubi_free_volume()
ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
ubi: Fix use-after-free when volume resizing failed
ubifs: Reserve one leb for each journal head while doing budget
ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
ubifs: Fix wrong dirty space budget for dirty inode
ubifs: Rectify space budget for ubifs_xrename()
ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
ubi: ensure that VID header offset + VID header size <= alloc, size
um: vector: Fix memory leak in vector_config
pwm: stm32-lp: fix the check on arr and cmp registers update
fs/jfs: fix shift exponent db_agl2size negative
net/sched: Retire tcindex classifier
kbuild: Port silent mode detection to future gnu make.
wifi: ath9k: use proper statements in conditionals
drm/radeon: Fix eDP for single-display iMac11,2
PCI: Avoid FLR for AMD FCH AHCI adapters
scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
scsi: ses: Fix possible desc_ptr out-of-bounds accesses
scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
scsi: ses: Don't attach if enclosure has no components
scsi: qla2xxx: Fix erroneous link down
scsi: qla2xxx: Fix link failure in NPIV environment
ktest.pl: Add RUN_TIMEOUT option with default unlimited
ktest.pl: Fix missing "end_monitor" when machine check fails
ktest.pl: Give back console on Ctrt^C on monitor
media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
mips: fix syscall_get_nr
alpha: fix FEN fault handling
rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
ARM: dts: exynos: correct TMU phandle in Odroid XU
ARM: dts: exynos: correct TMU phandle in Exynos4
dm flakey: don't corrupt the zero page
dm flakey: fix logic when corrupting a bio
wifi: cfg80211: Fix use after free for wext
wifi: rtl8xxxu: Use a longer retry limit of 48
ext4: refuse to create ea block when umounted
ext4: optimize ea_inode block expansion
ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()
irqdomain: Drop bogus fwspec-mapping error handling
irqdomain: Fix disassociation race
irqdomain: Fix association race
ima: Align ima_file_mmap() parameters with mmap_file LSM hook
Documentation/hw-vuln: Document the interaction between IBRS and STIBP
x86/speculation: Allow enabling STIBP with legacy IBRS
x86/microcode/AMD: Fix mixed steppings support
x86/microcode/AMD: Add a @cpu parameter to the reloading functions
x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range
x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
x86/reboot: Disable SVM, not just VMX, when stopping CPUs
x86/reboot: Disable virtualization in an emergency if SVM is supported
x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows)
udf: Fix file corruption when appending just after end of preallocated extent
udf: Do not update file length for failed writes to inline files
udf: Do not bother merging very long extents
udf: Truncate added extents on failed expansion
ocfs2: fix non-auto defrag path not working issue
ocfs2: fix defrag path triggering jbd2 ASSERT
f2fs: fix information leak in f2fs_move_inline_dirents()
fs: hfsplus: fix UAF issue in hfsplus_put_super
hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
ARM: dts: exynos: correct HDMI phy compatible in Exynos4
s390/kprobes: fix current_kprobe never cleared after kprobes reenter
s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
s390: discard .interp section
rtc: pm8xxx: fix set-alarm race
firmware: coreboot: framebuffer: Ignore reserved pixel color bits
wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
dm cache: add cond_resched() to various workqueue loops
dm thin: add cond_resched() to various workqueue loops
pinctrl: at91: use devm_kasprintf() to avoid potential leaks
regulator: s5m8767: Bounds check id indexing into arrays
regulator: max77802: Bounds check regulator id against opmode
ASoC: kirkwood: Iterate over array indexes instead of using pointer math
docs/scripts/gdb: add necessary make scripts_gdb step
drm/msm/dsi: Add missing check for alloc_ordered_workqueue
drm/radeon: free iio for atombios when driver shutdown
drm/amd/display: Fix potential null-deref in dm_resume
net/mlx5: fw_tracer: Fix debug print
ACPI: video: Fix Lenovo Ideapad Z570 DMI match
m68k: Check syscall_trace_enter() return code
net: bcmgenet: Add a check for oversized packets
ACPI: Don't build ACPICA with '-Os'
inet: fix fast path in __inet_hash_connect()
wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds
x86/bugs: Reset speculation control settings on init
timers: Prevent union confusion from unexpected restart_syscall()
thermal: intel: Fix unsigned comparison with less than zero
rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait()
wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy
udf: Define EFSCORRUPTED error code
rpmsg: glink: Avoid infinite loop on intent for missing channel
media: usb: siano: Fix use after free bugs caused by do_submit_urb
media: i2c: ov7670: 0 instead of -EINVAL was returned
media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
media: i2c: ov772x: Fix memleak in ov772x_probe()
powerpc: Remove linker flag from KBUILD_AFLAGS
media: platform: ti: Add missing check for devm_regulator_get
MIPS: vpe-mt: drop physical_memsize
powerpc/rtas: ensure 4KB alignment for rtas_data_buf
powerpc/rtas: make all exports GPL
powerpc/pseries/lparcfg: add missing RTAS retry status handling
clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
powerpc/powernv/ioda: Skip unallocated resources when mapping to PE
Input: ads7846 - don't check penirq immediately for 7845
Input: ads7846 - don't report pressure for ads7845
mtd: rawnand: sunxi: Fix the size of the last OOB region
mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
selftests/ftrace: Fix bash specific "==" operator
sparc: allow PM configs for sparc32 COMPILE_TEST
perf tools: Fix auto-complete on aarch64
perf llvm: Fix inadvertent file creation
gfs2: jdata writepage fix
cifs: Fix warning and UAF when destroy the MR list
cifs: Fix lost destroy smbd connection when MR allocate failed
nfsd: fix race to check ls_layouts
dm: remove flush_scheduled_work() during local_exit()
hwmon: (mlxreg-fan) Return zero speed for broken fan
spi: bcm63xx-hsspi: Fix multi-bit mode setting
spi: bcm63xx-hsspi: fix pm_runtime
scsi: aic94xx: Add missing check for dma_map_single()
hwmon: (ltc2945) Handle error case in ltc2945_value_store
gpio: vf610: connect GPIO label to dev name
ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
drm/mediatek: Clean dangling pointer on bind error path
drm/mediatek: Drop unbalanced obj unref
gpu: host1x: Don't skip assigning syncpoints to channels
drm/msm/dpu: Add check for pstates
drm/msm: use strscpy instead of strncpy
drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
ALSA: hda/ca0132: minor fix for allocation size
pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours
drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id()
drm/vc4: dpi: Fix format mapping for RGB565
drm/vc4: dpi: Add option for inverting pixel clock and output enable
drm: Clarify definition of the DRM_BUS_FLAG_(PIXDATA|SYNC)_* macros
drm/bridge: megachips: Fix error handling in i2c_register_driver()
drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
selftest: fib_tests: Always cleanup before exit
irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts
irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts
can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error
wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
crypto: crypto4xx - Call dma_unmap_page when done
wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
wifi: iwl4965: Add missing check for create_singlethread_workqueue()
wifi: iwl3945: Add missing check for create_singlethread_workqueue
RISC-V: time: initialize hrtimer based broadcast clock event device
m68k: /proc/hardware should depend on PROC_FS
crypto: rsa-pkcs1pad - Use akcipher_request_complete
rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
Bluetooth: L2CAP: Fix potential user-after-free
irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
net/mlx5: Enhance debug print in page allocation failure
powercap: fix possible name leak in powercap_register_zone()
crypto: seqiv - Handle EBUSY correctly
ACPI: battery: Fix missing NUL-termination with large strings
wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()
wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
ath9k: htc: clean up statistics macros
ath9k: hif_usb: simplify if-if to if-else
wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
wifi: orinoco: check return value of hermes_write_wordrec()
ACPICA: nsrepair: handle cases without a return value correctly
lib/mpi: Fix buffer overrun when SG is too long
genirq: Fix the return type of kstat_cpu_irqs_sum()
ACPICA: Drop port I/O validation for some regions
wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
wifi: ipw2200: fix memory leak in ipw_wdev_init()
wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
ipw2x00: switch from 'pci_' to 'dma_' API
wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit()
rtlwifi: fix -Wpointer-sign warning
wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
wifi: libertas: fix memory leak in lbs_init_adapter()
wifi: rsi: Fix memory leak in rsi_coex_attach()
block: bio-integrity: Copy flags when bio_integrity_payload is cloned
blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name
arm64: dts: amlogic: meson-gx: add missing unit address to rng node name
arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible
arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
arm64: dts: meson-axg: enable SCPI
arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
ARM: imx: Call ida_simple_remove() for ida_simple_get
ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato
ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init()
arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address
arm64: dts: meson-gx: Fix Ethernet MAC address unit name
ARM: zynq: Fix refcount leak in zynq_early_slcr_init
ARM: OMAP2+: Fix memory leak in realtime_counter_init()
HID: asus: use spinlock to safely schedule workers
HID: asus: use spinlock to protect concurrent accesses
HID: asus: Remove check for same LED brightness on set
Change-Id: Ie09175b59aef5de140e476316d94097cac7a3031
[ Upstream commit 32e62025e5e52fbe4812ef044759de7010b15dbc ]
As it is seqiv only handles the special return value of EINPROGERSS,
which means that in all other cases it will free data related to the
request.
However, as the caller of seqiv may specify MAY_BACKLOG, we also need
to expect EBUSY and treat it in the same way. Otherwise backlogged
requests will trigger a use-after-free.
Fixes: 0a270321db ("[CRYPTO] seqiv: Add Sequence Number IV Generator")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This patch remove two unused variable and some dead "code" using it.
Fixes: 92932d03c2 ("crypto: seqiv - Remove AEAD compatibility code")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Instead of unconditionally forcing 4 byte alignment for all generic
chaining modes that rely on crypto_xor() or crypto_inc() (which may
result in unnecessary copying of data when the underlying hardware
can perform unaligned accesses efficiently), make those functions
deal with unaligned input explicitly, but only if the Kconfig symbol
HAVE_EFFICIENT_UNALIGNED_ACCESS is set. This will allow us to drop
the alignmasks from the CBC, CMAC, CTR, CTS, PCBC and SEQIV drivers.
For crypto_inc(), this simply involves making the 4-byte stride
conditional on HAVE_EFFICIENT_UNALIGNED_ACCESS being set, given that
it typically operates on 16 byte buffers.
For crypto_xor(), an algorithm is implemented that simply runs through
the input using the largest strides possible if unaligned accesses are
allowed. If they are not, an optimal sequence of memory accesses is
emitted that takes the relative alignment of the input buffers into
account, e.g., if the relative misalignment of dst and src is 4 bytes,
the entire xor operation will be completed using 4 byte loads and stores
(modulo unaligned bits at the start and end). Note that all expressions
involving misalign are simply eliminated by the compiler when
HAVE_EFFICIENT_UNALIGNED_ACCESS is defined.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch removes the old crypto_grab_skcipher helper and replaces
it with crypto_grab_skcipher2.
As this is the final entry point into givcipher this patch also
removes all traces of the top-level givcipher interface, including
all implicit IV generators such as chainiv.
The bottom-level givcipher interface remains until the drivers
using it are converted.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Now that we no longer have any legacy AEAD implementations the
compatibility code path can no longer be triggered. This patch
removes it.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch replaces the seqniv generator with seqiv when the
underlying algorithm understands the new calling convention.
This not only makes more sense as now seqiv is solely responsible
for IV generation rather than also determining how the IV is going
to be used, it also allows for optimisations in the underlying
implementation. For example, the space for the IV could be used
to add padding for authentication.
This patch also removes the unnecessary copying of IV to dst
during seqiv decryption as the IV is part of the AD and not cipher
text.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
When seqiv is used in compatibility mode, this patch allows it
to function even when an RNG Is not available. It also changes
the RNG allocation for the new explicit seqiv interface so that
we only hold a reference to the RNG during initialisation.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
We currently do the IV seeding on the first givencrypt call in
order to conserve entropy. However, this does not work with
DRBG which cannot be called from interrupt context. In fact,
with DRBG we don't need to conserve entropy anyway. So this
patch moves the seeding into the init function.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
On module unload we weren't unregistering the seqniv template,
thus leading to a crash the next time someone walks the template
list.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch fixes a bug in the context size calculation where we
were still referring to the old cra_aead.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
As the AD does not necessarily exist in the destination buffer
it must be copied along with the plain/cipher text.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The cryptoff parameter was added to facilitate the skipping of
IVs that sit between the AD and the plain/cipher text. However,
it was never implemented correctly as and we do not handle users
such as IPsec setting cryptoff. It is simply ignored.
Implementing correctly is in fact more trouble than what it's
worth.
This patch removes the uses of cryptoff by moving the AD forward
to fill the gap left by the IV. The AD is moved back after the
underlying AEAD processing is finished.
This is in fact beter than the cryptoff solution because it allows
algorithms that use seqniv (i.e., GCM and CCM) to hash the whole
packet as a single piece, while cryptoff meant that there was
guaranteed to be a gap.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
New style AEAD instances must use aead_register_instance. This
worked by chance because aead_geniv_alloc is still setting things
the old way.
This patch converts the template over to the create model where
we are responsible for instance registration so that we can call
the correct function.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds a new IV generator seqniv which is identical to
seqiv except that it skips the IV when authenticating. This is
intended to be used by algorithms such as rfc4106 that does the
IV authentication implicitly.
Note that the code used for seqniv is in fact identical to the
compatibility case for seqiv.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch converts the seqiv IV generator to work with the new
AEAD interface where IV generators are just normal AEAD algorithms.
Full backwards compatibility is paramount at this point since
no users have yet switched over to the new interface. Nor can
they switch to the new interface until IV generation is fully
supported by it.
So this means we are adding two versions of seqiv alongside the
existing one. The first one is the one that will be used when
the underlying AEAD algorithm has switched over to the new AEAD
interface. The second one handles the current case where the
underlying AEAD algorithm still uses the old interface.
Both versions export themselves through the new AEAD interface.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch uses the crypto_aead_set_reqsize helper to avoid directly
touching the internals of aead.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Since seqiv is designed for IPsec we need to be able to accomodate
the whole IPsec sequence number in order to ensure the uniqueness
of the IV.
This patch forbids any algorithm with an IV size of less than 8
from using it. This should have no impact on existing users since
they all have an IV size of 8.
Reported-by: Maciej ?enczykowski <zenczykowski@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Maciej ?enczykowski <zenczykowski@gmail.com>
This adds the module loading prefix "crypto-" to the template lookup
as well.
For example, attempting to load 'vfat(blowfish)' via AF_ALG now correctly
includes the "crypto-" prefix at every level, correctly rejecting "vfat":
net-pf-38
algif-hash
crypto-vfat(blowfish)
crypto-vfat(blowfish)-all
crypto-vfat
Reported-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Replace PTR_ERR followed by ERR_PTR by ERR_CAST, to be more concise.
The semantic patch that makes this change is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
expression err,x;
@@
- err = PTR_ERR(x);
if (IS_ERR(x))
- return ERR_PTR(err);
+ return ERR_CAST(x);
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
This patch makes the IV generators use the new RNG interface so
that the user can pick an RNG other than the default get_random_bytes.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds support for using seqiv with AEAD algorithms. This is
useful for those AEAD algorithms that performs authentication before
encryption because the IV generated by the underlying encryption algorithm
won't be available for authentication.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This generator generates an IV based on a sequence number by xoring it
with a salt. This algorithm is mainly useful for CTR and similar modes.
This patch also sets it as the default IV generator for ctr.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
