May 2019 - Linux-stable-mirror

by CKI Project

Hello, We ran automated tests on a patchset that was proposed for merging into this kernel tree. The patches were applied to: Kernel repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: dafc674bbcb1 - Linux 4.19.44 The results of these automated tests are provided below. Overall result: PASSED Merge: OK Compile: OK Tests: OK Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Merge testing ------------- We cloned this repository and checked out the following commit: Repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: dafc674bbcb1 - Linux 4.19.44 We then merged the patchset with `git am`: locking-rwsem-prevent-decrement-of-reader-count-befo.patch x86-speculation-mds-revert-cpu-buffer-clear-on-double-fault-exit.patch x86-speculation-mds-improve-cpu-buffer-clear-documentation.patch objtool-fix-function-fallthrough-detection.patch arm64-dts-rockchip-disable-dcmds-on-rk3399-s-emmc-controller.patch arm-dts-exynos-fix-interrupt-for-shared-eints-on-exynos5260.patch arm-dts-exynos-fix-audio-microphone-routing-on-odroid-xu3.patch mmc-sdhci-of-arasan-add-dts-property-to-disable-dcmds.patch arm-exynos-fix-a-leaked-reference-by-adding-missing-of_node_put.patch power-supply-axp288_charger-fix-unchecked-return-value.patch power-supply-axp288_fuel_gauge-add-acepc-t8-and-t11-mini-pcs-to-the-blacklist.patch arm64-mmap-ensure-file-offset-is-treated-as-unsigned.patch arm64-arch_timer-ensure-counter-register-reads-occur-with-seqlock-held.patch arm64-compat-reduce-address-limit.patch arm64-clear-osdlr_el1-on-cpu-boot.patch arm64-save-and-restore-osdlr_el1-across-suspend-resume.patch sched-x86-save-flags-on-context-switch.patch crypto-crypto4xx-fix-ctr-aes-missing-output-iv.patch crypto-crypto4xx-fix-cfb-and-ofb-overran-dst-buffer-issues.patch crypto-salsa20-don-t-access-already-freed-walk.iv.patch crypto-chacha20poly1305-set-cra_name-correctly.patch crypto-ccp-do-not-free-psp_master-when-platform_init-fails.patch crypto-vmx-fix-copy-paste-error-in-ctr-mode.patch crypto-skcipher-don-t-warn-on-unprocessed-data-after-slow-walk-step.patch crypto-crct10dif-generic-fix-use-via-crypto_shash_digest.patch crypto-x86-crct10dif-pcl-fix-use-via-crypto_shash_digest.patch crypto-arm64-gcm-aes-ce-fix-no-neon-fallback-code.patch crypto-gcm-fix-incompatibility-between-gcm-and-gcm_base.patch crypto-rockchip-update-iv-buffer-to-contain-the-next-iv.patch crypto-arm-aes-neonbs-don-t-access-already-freed-walk.iv.patch crypto-arm64-aes-neonbs-don-t-access-already-freed-walk.iv.patch mmc-core-fix-tag-set-memory-leak.patch alsa-line6-toneport-fix-broken-usage-of-timer-for-delayed-execution.patch alsa-usb-audio-fix-a-memory-leak-bug.patch alsa-hda-hdmi-read-the-pin-sense-from-register-when-repolling.patch alsa-hda-hdmi-consider-eld_valid-when-reporting-jack-event.patch alsa-hda-realtek-eapd-turn-on-later.patch alsa-hdea-realtek-headset-fixup-for-system76-gazelle-gaze14.patch asoc-max98090-fix-restore-of-dapm-muxes.patch asoc-rt5677-spi-disable-16bit-spi-transfers.patch asoc-fsl_esai-fix-missing-break-in-switch-statement.patch asoc-codec-hdac_hdmi-add-device_link-to-card-device.patch bpf-arm64-remove-prefetch-insn-in-xadd-mapping.patch crypto-ccree-remove-special-handling-of-chained-sg.patch crypto-ccree-fix-mem-leak-on-error-path.patch crypto-ccree-don-t-map-mac-key-on-stack.patch crypto-ccree-use-correct-internal-state-sizes-for-export.patch crypto-ccree-don-t-map-aead-key-and-iv-on-stack.patch crypto-ccree-pm-resume-first-enable-the-source-clk.patch crypto-ccree-host_power_down_en-should-be-the-last-cc-access-during-suspend.patch crypto-ccree-add-function-to-handle-cryptocell-tee-fips-error.patch crypto-ccree-handle-tee-fips-error-during-power-management-resume.patch mm-mincore.c-make-mincore-more-conservative.patch mm-huge_memory-fix-vmf_insert_pfn_-pmd-pud-crash-handle-unaligned-addresses.patch mm-hugetlb.c-don-t-put_page-in-lock-of-hugetlb_lock.patch hugetlb-use-same-fault-hash-key-for-shared-and-private-mappings.patch ocfs2-fix-ocfs2-read-inode-data-panic-in-ocfs2_iget.patch userfaultfd-use-rcu-to-free-the-task-struct-when-fork-fails.patch acpi-pm-set-enable_for_wake-for-wakeup-gpes-during-suspend-to-idle.patch mfd-da9063-fix-otp-control-register-names-to-match-datasheets-for-da9063-63l.patch mfd-max77620-fix-swapped-fps_period_max_us-values.patch mtd-spi-nor-intel-spi-avoid-crossing-4k-address-boundary-on-read-write.patch tty-vt.c-fix-tiocl_blankscreen-console-blanking-if-blankinterval-0.patch tty-vt-fix-write-write-race-in-ioctl-kdskbsent-handler.patch jbd2-check-superblock-mapped-prior-to-committing.patch ext4-make-sanity-check-in-mballoc-more-strict.patch ext4-protect-journal-inode-s-blocks-using-block_validity.patch ext4-ignore-e_value_offs-for-xattrs-with-value-in-ea-inode.patch ext4-avoid-drop-reference-to-iloc.bh-twice.patch ext4-fix-use-after-free-race-with-debug_want_extra_isize.patch ext4-actually-request-zeroing-of-inode-table-after-grow.patch ext4-fix-ext4_show_options-for-file-systems-w-o-journal.patch btrfs-check-the-first-key-and-level-for-cached-extent-buffer.patch btrfs-correctly-free-extent-buffer-in-case-btree_read_extent_buffer_pages-fails.patch btrfs-honour-fitrim-range-constraints-during-free-space-trim.patch btrfs-send-flush-dellaloc-in-order-to-avoid-data-loss.patch btrfs-do-not-start-a-transaction-during-fiemap.patch btrfs-do-not-start-a-transaction-at-iterate_extent_inodes.patch bcache-fix-a-race-between-cache-register-and-cacheset-unregister.patch bcache-never-set-key_ptrs-of-journal-key-to-0-in-journal_reclaim.patch ipmi-ssif-compare-block-number-correctly-for-multi-part-return-messages.patch crypto-ccm-fix-incompatibility-between-ccm-and-ccm_base.patch Compile testing --------------- We compiled the kernel for 4 architectures: aarch64: build options: -j25 INSTALL_MOD_STRIP=1 targz-pkg configuration: https://artifacts.cki-project.org/builds/aarch64/kernel-stable_queue_4.19-a… kernel build: https://artifacts.cki-project.org/builds/aarch64/kernel-stable_queue_4.19-a… ppc64le: build options: -j25 INSTALL_MOD_STRIP=1 targz-pkg configuration: https://artifacts.cki-project.org/builds/ppc64le/kernel-stable_queue_4.19-p… kernel build: https://artifacts.cki-project.org/builds/ppc64le/kernel-stable_queue_4.19-p… s390x: build options: -j25 INSTALL_MOD_STRIP=1 targz-pkg configuration: https://artifacts.cki-project.org/builds/s390x/kernel-stable_queue_4.19-s39… kernel build: https://artifacts.cki-project.org/builds/s390x/kernel-stable_queue_4.19-s39… x86_64: build options: -j25 INSTALL_MOD_STRIP=1 targz-pkg configuration: https://artifacts.cki-project.org/builds/x86_64/kernel-stable_queue_4.19-x8… kernel build: https://artifacts.cki-project.org/builds/x86_64/kernel-stable_queue_4.19-x8… Hardware testing ---------------- We booted each kernel and ran the following tests: aarch64: ✅ Boot test [0] ✅ LTP lite [1] ✅ Loopdev Sanity [2] ✅ AMTU (Abstract Machine Test Utility) [3] ✅ audit: audit testsuite test [4] ✅ httpd: mod_ssl smoke sanity [5] ✅ iotop: sanity [6] ✅ tuned: tune-processes-through-perf [7] ✅ Usex - version 1.9-29 [8] ✅ stress: stress-ng [9] ✅ Boot test [0] ✅ xfstests: ext4 [10] ✅ xfstests: xfs [10] ✅ selinux-policy: serge-testsuite [11] ppc64le: ✅ Boot test [0] ✅ LTP lite [1] ✅ Loopdev Sanity [2] ✅ AMTU (Abstract Machine Test Utility) [3] ✅ audit: audit testsuite test [4] ✅ httpd: mod_ssl smoke sanity [5] ✅ iotop: sanity [6] ✅ tuned: tune-processes-through-perf [7] ✅ Usex - version 1.9-29 [8] ✅ stress: stress-ng [9] ✅ Boot test [0] ✅ xfstests: ext4 [10] ✅ xfstests: xfs [10] ✅ selinux-policy: serge-testsuite [11] s390x: ✅ Boot test [0] ✅ LTP lite [1] ✅ Loopdev Sanity [2] ✅ audit: audit testsuite test [4] ✅ httpd: mod_ssl smoke sanity [5] ✅ iotop: sanity [6] ✅ tuned: tune-processes-through-perf [7] ✅ Usex - version 1.9-29 [8] ✅ stress: stress-ng [9] ✅ Boot test [0] ✅ selinux-policy: serge-testsuite [11] x86_64: ✅ Boot test [0] ✅ LTP lite [1] ✅ Loopdev Sanity [2] ✅ AMTU (Abstract Machine Test Utility) [3] ✅ audit: audit testsuite test [4] ✅ httpd: mod_ssl smoke sanity [5] ✅ iotop: sanity [6] ✅ tuned: tune-processes-through-perf [7] ✅ Usex - version 1.9-29 [8] ✅ stress: stress-ng [9] ✅ Boot test [0] ✅ xfstests: ext4 [10] ✅ xfstests: xfs [10] ✅ selinux-policy: serge-testsuite [11] Test source: [0]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [1]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [2]: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… [3]: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu [4]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/aud… [5]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/htt… [6]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/iot… [7]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/tun… [8]: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us… [9]: https://github.com/CKI-project/tests-beaker/archive/master.zip#stress/stres… [10]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… [11]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/packages/se…

5 years, 9 months

1
0
0 0

[PATCH] drm/amdgpu/soc15: skip reset on init

by Alex Deucher

Not necessary on soc15 and breaks driver reload on server cards. Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdgpu/soc15.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/gpu/drm/amd/amdgpu/soc15.c b/drivers/gpu/drm/amd/amdgpu/soc15.c index 32dc5a128249..78bd4fc07bab 100644 --- a/drivers/gpu/drm/amd/amdgpu/soc15.c +++ b/drivers/gpu/drm/amd/amdgpu/soc15.c @@ -761,6 +761,11 @@ static bool soc15_need_reset_on_init(struct amdgpu_device *adev) { u32 sol_reg; + /* Just return false for soc15 GPUs. Reset does not seem to + * be necessary. + */ + return false; + if (adev->flags & AMD_IS_APU) return false; -- 2.20.1

5 years, 9 months

2
1
0 0

[PATCH] powerpc/32s: fix flush_hash_pages() on SMP

by Christophe Leroy

flush_hash_pages() runs with data translation off, so current task_struct has to be accesssed using physical address. Reported-by: Erhard F. <erhard_f(a)mailbox.org> Fixes: f7354ccac844 ("powerpc/32: Remove CURRENT_THREAD_INFO and rename TI_CPU") Cc: stable(a)vger.kernel.org Signed-off-by: Christophe Leroy <christophe.leroy(a)c-s.fr> --- arch/powerpc/mm/book3s32/hash_low.S | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/mm/book3s32/hash_low.S b/arch/powerpc/mm/book3s32/hash_low.S index e27792d0b744..8366c2abeafc 100644 --- a/arch/powerpc/mm/book3s32/hash_low.S +++ b/arch/powerpc/mm/book3s32/hash_low.S @@ -539,7 +539,8 @@ _GLOBAL(flush_hash_pages) #ifdef CONFIG_SMP lis r9, (mmu_hash_lock - PAGE_OFFSET)@ha addi r9, r9, (mmu_hash_lock - PAGE_OFFSET)@l - lwz r8,TASK_CPU(r2) + tophys (r8, r2) + lwz r8, TASK_CPU(r8) oris r8,r8,9 10: lwarx r0,0,r9 cmpi 0,r0,0 -- 2.13.3

5 years, 9 months

2
1
0 0

✅ PASS: Stable queue: queue-5.1

by CKI Project

Hello, We ran automated tests on a patchset that was proposed for merging into this kernel tree. The patches were applied to: Kernel repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: 7cb9c5d341b9 - Linux 5.1.3 The results of these automated tests are provided below. Overall result: PASSED Merge: OK Compile: OK Tests: OK Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' ______________________________________________________________________________ Merge testing ------------- We cloned this repository and checked out the following commit: Repo: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Commit: 7cb9c5d341b9 - Linux 5.1.3 We then merged the patchset with `git am`: locking-rwsem-prevent-decrement-of-reader-count-befo.patch x86-speculation-mds-revert-cpu-buffer-clear-on-double-fault-exit.patch x86-speculation-mds-improve-cpu-buffer-clear-documentation.patch objtool-fix-function-fallthrough-detection.patch arm64-dts-rockchip-fix-io-domain-voltage-setting-of-apio5-on-rockpro64.patch arm64-dts-rockchip-disable-dcmds-on-rk3399-s-emmc-controller.patch arm-dts-qcom-ipq4019-enlarge-pcie-bar-range.patch arm-dts-exynos-fix-interrupt-for-shared-eints-on-exynos5260.patch arm-dts-exynos-fix-audio-routing-on-odroid-xu3.patch arm-dts-exynos-fix-audio-microphone-routing-on-odroid-xu3.patch mmc-sdhci-of-arasan-add-dts-property-to-disable-dcmds.patch arm-exynos-fix-a-leaked-reference-by-adding-missing-of_node_put.patch power-supply-axp288_charger-fix-unchecked-return-value.patch power-supply-axp288_fuel_gauge-add-acepc-t8-and-t11-mini-pcs-to-the-blacklist.patch arm64-mmap-ensure-file-offset-is-treated-as-unsigned.patch arm64-arch_timer-ensure-counter-register-reads-occur-with-seqlock-held.patch arm64-compat-reduce-address-limit.patch arm64-clear-osdlr_el1-on-cpu-boot.patch arm64-save-and-restore-osdlr_el1-across-suspend-resume.patch sched-x86-save-flags-on-context-switch.patch x86-mce-add-an-mce-record-filtering-function.patch x86-mce-amd-don-t-report-l1-btb-mca-errors-on-some-family-17h-models.patch crypto-crypto4xx-fix-ctr-aes-missing-output-iv.patch crypto-crypto4xx-fix-cfb-and-ofb-overran-dst-buffer-issues.patch crypto-salsa20-don-t-access-already-freed-walk.iv.patch crypto-lrw-don-t-access-already-freed-walk.iv.patch crypto-chacha-generic-fix-use-as-arm64-no-neon-fallback.patch crypto-chacha20poly1305-set-cra_name-correctly.patch crypto-ccm-fix-incompatibility-between-ccm-and-ccm_base.patch crypto-ccp-do-not-free-psp_master-when-platform_init-fails.patch crypto-vmx-fix-copy-paste-error-in-ctr-mode.patch crypto-skcipher-don-t-warn-on-unprocessed-data-after-slow-walk-step.patch crypto-crct10dif-generic-fix-use-via-crypto_shash_digest.patch crypto-x86-crct10dif-pcl-fix-use-via-crypto_shash_digest.patch crypto-arm64-gcm-aes-ce-fix-no-neon-fallback-code.patch crypto-gcm-fix-incompatibility-between-gcm-and-gcm_base.patch crypto-rockchip-update-iv-buffer-to-contain-the-next-iv.patch crypto-caam-qi2-fix-zero-length-buffer-dma-mapping.patch crypto-caam-qi2-fix-dma-mapping-of-stack-memory.patch crypto-caam-qi2-generate-hash-keys-in-place.patch crypto-arm-aes-neonbs-don-t-access-already-freed-walk.iv.patch crypto-arm64-aes-neonbs-don-t-access-already-freed-walk.iv.patch drivers-dax-allow-to-include-dev_dax_pmem-as-builtin.patch dt-bindings-mmc-add-disable-cqe-dcmd-property.patch mmc-tegra-fix-ddr-signaling-for-non-ddr-modes.patch mmc-core-fix-tag-set-memory-leak.patch mmc-sdhci-pci-fix-byt-ocp-setting.patch alsa-line6-toneport-fix-broken-usage-of-timer-for-delayed-execution.patch alsa-usb-audio-fix-a-memory-leak-bug.patch alsa-hda-hdmi-read-the-pin-sense-from-register-when-repolling.patch alsa-hda-hdmi-consider-eld_valid-when-reporting-jack-event.patch alsa-hda-realtek-eapd-turn-on-later.patch alsa-hdea-realtek-headset-fixup-for-system76-gazelle-gaze14.patch asoc-max98090-fix-restore-of-dapm-muxes.patch asoc-rt5677-spi-disable-16bit-spi-transfers.patch asoc-fsl_esai-fix-missing-break-in-switch-statement.patch asoc-codec-hdac_hdmi-add-device_link-to-card-device.patch bpf-arm64-remove-prefetch-insn-in-xadd-mapping.patch bpf-fix-out-of-bounds-backwards-jmps-due-to-dead-code-removal.patch crypto-ccree-remove-special-handling-of-chained-sg.patch crypto-ccree-fix-mem-leak-on-error-path.patch crypto-ccree-don-t-map-mac-key-on-stack.patch crypto-ccree-use-correct-internal-state-sizes-for-export.patch crypto-ccree-don-t-map-aead-key-and-iv-on-stack.patch crypto-ccree-pm-resume-first-enable-the-source-clk.patch crypto-ccree-host_power_down_en-should-be-the-last-cc-access-during-suspend.patch crypto-ccree-add-function-to-handle-cryptocell-tee-fips-error.patch crypto-ccree-handle-tee-fips-error-during-power-management-resume.patch mm-mincore.c-make-mincore-more-conservative.patch mm-huge_memory-fix-vmf_insert_pfn_-pmd-pud-crash-handle-unaligned-addresses.patch mm-hugetlb.c-don-t-put_page-in-lock-of-hugetlb_lock.patch hugetlb-use-same-fault-hash-key-for-shared-and-private-mappings.patch ocfs2-fix-ocfs2-read-inode-data-panic-in-ocfs2_iget.patch userfaultfd-use-rcu-to-free-the-task-struct-when-fork-fails.patch acpi-pm-set-enable_for_wake-for-wakeup-gpes-during-suspend-to-idle.patch acpica-linux-move-acpi_debug_default-flag-out-of-ifndef.patch mfd-da9063-fix-otp-control-register-names-to-match-datasheets-for-da9063-63l.patch mfd-max77620-fix-swapped-fps_period_max_us-values.patch mtd-spi-nor-intel-spi-avoid-crossing-4k-address-boundary-on-read-write.patch mtd-maps-physmap-store-gpio_values-correctly.patch mtd-maps-allow-mtd_physmap-with-mtd_ram.patch tty-vt.c-fix-tiocl_blankscreen-console-blanking-if-blankinterval-0.patch tty-vt-fix-write-write-race-in-ioctl-kdskbsent-handler.patch jbd2-check-superblock-mapped-prior-to-committing.patch ext4-make-sanity-check-in-mballoc-more-strict.patch ext4-protect-journal-inode-s-blocks-using-block_validity.patch ext4-ignore-e_value_offs-for-xattrs-with-value-in-ea-inode.patch ext4-avoid-drop-reference-to-iloc.bh-twice.patch ext4-fix-use-after-free-race-with-debug_want_extra_isize.patch ext4-actually-request-zeroing-of-inode-table-after-grow.patch ext4-fix-ext4_show_options-for-file-systems-w-o-journal.patch btrfs-check-the-first-key-and-level-for-cached-extent-buffer.patch btrfs-correctly-free-extent-buffer-in-case-btree_read_extent_buffer_pages-fails.patch btrfs-honour-fitrim-range-constraints-during-free-space-trim.patch btrfs-send-flush-dellaloc-in-order-to-avoid-data-loss.patch btrfs-do-not-start-a-transaction-during-fiemap.patch btrfs-do-not-start-a-transaction-at-iterate_extent_inodes.patch btrfs-fix-race-between-send-and-deduplication-that-lead-to-failures-and-crashes.patch bcache-fix-a-race-between-cache-register-and-cacheset-unregister.patch bcache-never-set-key_ptrs-of-journal-key-to-0-in-journal_reclaim.patch ipmi-add-the-i2c-addr-property-for-ssif-interfaces.patch ipmi-ssif-compare-block-number-correctly-for-multi-part-return-messages.patch arm-dts-imx-fix-the-ar803x-phy-mode.patch Compile testing --------------- We compiled the kernel for 4 architectures: aarch64: build options: -j25 INSTALL_MOD_STRIP=1 targz-pkg configuration: https://artifacts.cki-project.org/builds/aarch64/kernel-stable_queue_5.1-aa… kernel build: https://artifacts.cki-project.org/builds/aarch64/kernel-stable_queue_5.1-aa… ppc64le: build options: -j25 INSTALL_MOD_STRIP=1 targz-pkg configuration: https://artifacts.cki-project.org/builds/ppc64le/kernel-stable_queue_5.1-pp… kernel build: https://artifacts.cki-project.org/builds/ppc64le/kernel-stable_queue_5.1-pp… s390x: build options: -j25 INSTALL_MOD_STRIP=1 targz-pkg configuration: https://artifacts.cki-project.org/builds/s390x/kernel-stable_queue_5.1-s390… kernel build: https://artifacts.cki-project.org/builds/s390x/kernel-stable_queue_5.1-s390… x86_64: build options: -j25 INSTALL_MOD_STRIP=1 targz-pkg configuration: https://artifacts.cki-project.org/builds/x86_64/kernel-stable_queue_5.1-x86… kernel build: https://artifacts.cki-project.org/builds/x86_64/kernel-stable_queue_5.1-x86… Hardware testing ---------------- We booted each kernel and ran the following tests: aarch64: ✅ Boot test [0] ✅ LTP lite [1] ✅ Loopdev Sanity [2] ✅ AMTU (Abstract Machine Test Utility) [3] ✅ audit: audit testsuite test [4] ✅ httpd: mod_ssl smoke sanity [5] ✅ iotop: sanity [6] ✅ tuned: tune-processes-through-perf [7] ✅ Usex - version 1.9-29 [8] ✅ stress: stress-ng [9] ✅ Boot test [0] ✅ xfstests: ext4 [10] ✅ xfstests: xfs [10] ✅ selinux-policy: serge-testsuite [11] ppc64le: ✅ Boot test [0] ✅ xfstests: ext4 [10] ✅ xfstests: xfs [10] ✅ selinux-policy: serge-testsuite [11] ✅ Boot test [0] ✅ LTP lite [1] ✅ Loopdev Sanity [2] ✅ AMTU (Abstract Machine Test Utility) [3] ✅ audit: audit testsuite test [4] ✅ httpd: mod_ssl smoke sanity [5] ✅ iotop: sanity [6] ✅ tuned: tune-processes-through-perf [7] ✅ Usex - version 1.9-29 [8] ✅ stress: stress-ng [9] s390x: ✅ Boot test [0] ✅ LTP lite [1] ✅ Loopdev Sanity [2] ✅ audit: audit testsuite test [4] ✅ httpd: mod_ssl smoke sanity [5] ✅ iotop: sanity [6] ✅ tuned: tune-processes-through-perf [7] ✅ Usex - version 1.9-29 [8] ✅ stress: stress-ng [9] ✅ Boot test [0] ✅ selinux-policy: serge-testsuite [11] x86_64: ✅ Boot test [0] ✅ LTP lite [1] ✅ Loopdev Sanity [2] ✅ AMTU (Abstract Machine Test Utility) [3] ✅ audit: audit testsuite test [4] ✅ httpd: mod_ssl smoke sanity [5] ✅ iotop: sanity [6] ✅ tuned: tune-processes-through-perf [7] ✅ Usex - version 1.9-29 [8] ✅ stress: stress-ng [9] ✅ Boot test [0] ✅ xfstests: ext4 [10] ✅ xfstests: xfs [10] ✅ selinux-policy: serge-testsuite [11] Test source: [0]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [1]: https://github.com/CKI-project/tests-beaker/archive/master.zip#distribution… [2]: https://github.com/CKI-project/tests-beaker/archive/master.zip#filesystems/… [3]: https://github.com/CKI-project/tests-beaker/archive/master.zip#misc/amtu [4]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/aud… [5]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/htt… [6]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/iot… [7]: https://github.com/CKI-project/tests-beaker/archive/master.zip#packages/tun… [8]: https://github.com/CKI-project/tests-beaker/archive/master.zip#standards/us… [9]: https://github.com/CKI-project/tests-beaker/archive/master.zip#stress/stres… [10]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/filesystems… [11]: https://github.com/CKI-project/tests-beaker/archive/master.zip#/packages/se…

5 years, 9 months

1
0
0 0

[PATCH] mm/mmap: fix the adjusted length error

by jianhong chen

In linux version 4.4, a 32-bit process may fail to allocate 64M hugepage memory by function shmat even though there is a 64M memory gap in the process. It is the adjusted length that causes the problem, introduced from commit db4fbfb9523c935 ("mm: vm_unmapped_area() lookup function"). Accounting for the worst case alignment overhead, function unmapped_area and unmapped_area_topdown adjust the search length before searching for available vma gap. This is an estimated length, sum of the desired length and the longest alignment offset, which can cause misjudgement if the system has very few virtual memory left. For example, if the longest memory gap available is 64M, we can’t get it from the system by allocating 64M hugepage memory via shmat function. The reason is that it requires a longger length, the sum of the desired length(64M) and the longest alignment offset. To fix this error ,we can calculate the alignment offset of gap_start or gap_end to get a desired gap_start or gap_end value, before searching for the available gap. In this way, we don't need to adjust the search length. Problem reproduces procedure: 1. allocate a lot of virtual memory segments via shmat and malloc 2. release one of the biggest memory segment via shmdt 3. attach the biggest memory segment via shmat e.g. process maps: 00008000-00009000 r-xp 00000000 00:12 3385 /tmp/memory_mmap 00011000-00012000 rw-p 00001000 00:12 3385 /tmp/memory_mmap 27536000-f756a000 rw-p 00000000 00:00 0 f756a000-f7691000 r-xp 00000000 01:00 560 /lib/libc-2.11.1.so f7691000-f7699000 ---p 00127000 01:00 560 /lib/libc-2.11.1.so f7699000-f769b000 r--p 00127000 01:00 560 /lib/libc-2.11.1.so f769b000-f769c000 rw-p 00129000 01:00 560 /lib/libc-2.11.1.so f769c000-f769f000 rw-p 00000000 00:00 0 f769f000-f76c0000 r-xp 00000000 01:00 583 /lib/libgcc_s.so.1 f76c0000-f76c7000 ---p 00021000 01:00 583 /lib/libgcc_s.so.1 f76c7000-f76c8000 rw-p 00020000 01:00 583 /lib/libgcc_s.so.1 f76c8000-f76e5000 r-xp 00000000 01:00 543 /lib/ld-2.11.1.so f76e9000-f76ea000 rw-p 00000000 00:00 0 f76ea000-f76ec000 rw-p 00000000 00:00 0 f76ec000-f76ed000 r--p 0001c000 01:00 543 /lib/ld-2.11.1.so f76ed000-f76ee000 rw-p 0001d000 01:00 543 /lib/ld-2.11.1.so f7800000-f7a00000 rw-s 00000000 00:0e 0 /SYSV000000ea (deleted) fba00000-fca00000 rw-s 00000000 00:0e 65538 /SYSV000000ec (deleted) fca00000-fce00000 rw-s 00000000 00:0e 98307 /SYSV000000ed (deleted) fce00000-fd800000 rw-s 00000000 00:0e 131076 /SYSV000000ee (deleted) ff913000-ff934000 rw-p 00000000 00:00 0 [stack] ffff0000-ffff1000 r-xp 00000000 00:00 0 [vectors] from 0xf7a00000 to fba00000, it has 64M memory gap, but we can't get it from kernel. Signed-off-by: jianhong chen <chenjianhong2(a)huawei.com> Cc: stable(a)vger.kernel.org --- mm/mmap.c | 43 +++++++++++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 14 deletions(-) diff --git a/mm/mmap.c b/mm/mmap.c index bd7b9f2..c5a5782 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1865,6 +1865,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr, return error; } +static inline unsigned long gap_start_offset(struct vm_unmapped_area_info *info, + unsigned long addr) +{ + /* get gap_start offset to adjust gap address to the + * desired alignment + */ + return (info->align_offset - addr) & info->align_mask; +} + +static inline unsigned long gap_end_offset(struct vm_unmapped_area_info *info, + unsigned long addr) +{ + /* get gap_end offset to adjust gap address to the desired alignment */ + return (addr - info->align_offset) & info->align_mask; +} + unsigned long unmapped_area(struct vm_unmapped_area_info *info) { /* @@ -1879,10 +1895,7 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) struct vm_area_struct *vma; unsigned long length, low_limit, high_limit, gap_start, gap_end; - /* Adjust search length to account for worst case alignment overhead */ - length = info->length + info->align_mask; - if (length < info->length) - return -ENOMEM; + length = info->length; /* Adjust search limits by the desired length */ if (info->high_limit < length) @@ -1914,6 +1927,7 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) } gap_start = vma->vm_prev ? vm_end_gap(vma->vm_prev) : 0; + gap_start += gap_start_offset(info, gap_start); check_current: /* Check if current node has a suitable gap */ if (gap_start > high_limit) @@ -1942,6 +1956,7 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) struct vm_area_struct, vm_rb); if (prev == vma->vm_rb.rb_left) { gap_start = vm_end_gap(vma->vm_prev); + gap_start += gap_start_offset(info, gap_start); gap_end = vm_start_gap(vma); goto check_current; } @@ -1951,17 +1966,17 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) check_highest: /* Check highest gap, which does not precede any rbtree node */ gap_start = mm->highest_vm_end; + gap_start += gap_start_offset(info, gap_start); gap_end = ULONG_MAX; /* Only for VM_BUG_ON below */ if (gap_start > high_limit) return -ENOMEM; found: /* We found a suitable gap. Clip it with the original low_limit. */ - if (gap_start < info->low_limit) + if (gap_start < info->low_limit) { gap_start = info->low_limit; - - /* Adjust gap address to the desired alignment */ - gap_start += (info->align_offset - gap_start) & info->align_mask; + gap_start += gap_start_offset(info, gap_start); + } VM_BUG_ON(gap_start + info->length > info->high_limit); VM_BUG_ON(gap_start + info->length > gap_end); @@ -1974,16 +1989,14 @@ unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) struct vm_area_struct *vma; unsigned long length, low_limit, high_limit, gap_start, gap_end; - /* Adjust search length to account for worst case alignment overhead */ - length = info->length + info->align_mask; - if (length < info->length) - return -ENOMEM; + length = info->length; /* * Adjust search limits by the desired length. * See implementation comment at top of unmapped_area(). */ gap_end = info->high_limit; + gap_end -= gap_end_offset(info, gap_end); if (gap_end < length) return -ENOMEM; high_limit = gap_end - length; @@ -2020,6 +2033,7 @@ unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) check_current: /* Check if current node has a suitable gap */ gap_end = vm_start_gap(vma); + gap_end -= gap_end_offset(info, gap_end); if (gap_end < low_limit) return -ENOMEM; if (gap_start <= high_limit && @@ -2054,13 +2068,14 @@ unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) found: /* We found a suitable gap. Clip it with the original high_limit. */ - if (gap_end > info->high_limit) + if (gap_end > info->high_limit) { gap_end = info->high_limit; + gap_end -= gap_end_offset(info, gap_end); + } found_highest: /* Compute highest gap address at the desired alignment */ gap_end -= info->length; - gap_end -= (gap_end - info->align_offset) & info->align_mask; VM_BUG_ON(gap_end < info->low_limit); VM_BUG_ON(gap_end < gap_start); -- 1.8.5.6

5 years, 9 months

1
0
0 0

FAILED: patch "[PATCH] crypto: ccm - fix incompatibility between "ccm" and" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 6a1faa4a43f5fabf9cbeaa742d916e7b5e73120f Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Thu, 18 Apr 2019 14:44:27 -0700 Subject: [PATCH] crypto: ccm - fix incompatibility between "ccm" and "ccm_base" CCM instances can be created by either the "ccm" template, which only allows choosing the block cipher, e.g. "ccm(aes)"; or by "ccm_base", which allows choosing the ctr and cbcmac implementations, e.g. "ccm_base(ctr(aes-generic),cbcmac(aes-generic))". However, a "ccm_base" instance prevents a "ccm" instance from being registered using the same implementations. Nor will the instance be found by lookups of "ccm". This can be used as a denial of service. Moreover, "ccm_base" instances are never tested by the crypto self-tests, even if there are compatible "ccm" tests. The root cause of these problems is that instances of the two templates use different cra_names. Therefore, fix these problems by making "ccm_base" instances set the same cra_name as "ccm" instances, e.g. "ccm(aes)" instead of "ccm_base(ctr(aes-generic),cbcmac(aes-generic))". This requires extracting the block cipher name from the name of the ctr and cbcmac algorithms. It also requires starting to verify that the algorithms are really ctr and cbcmac using the same block cipher, not something else entirely. But it would be bizarre if anyone were actually using non-ccm-compatible algorithms with ccm_base, so this shouldn't break anyone in practice. Fixes: 4a49b499dfa0 ("[CRYPTO] ccm: Added CCM mode") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/crypto/ccm.c b/crypto/ccm.c index 3d036df0f4d4..c1ef9d0b4271 100644 --- a/crypto/ccm.c +++ b/crypto/ccm.c @@ -458,7 +458,6 @@ static void crypto_ccm_free(struct aead_instance *inst) static int crypto_ccm_create_common(struct crypto_template *tmpl, struct rtattr **tb, - const char *full_name, const char *ctr_name, const char *mac_name) { @@ -486,7 +485,8 @@ static int crypto_ccm_create_common(struct crypto_template *tmpl, mac = __crypto_hash_alg_common(mac_alg); err = -EINVAL; - if (mac->digestsize != 16) + if (strncmp(mac->base.cra_name, "cbcmac(", 7) != 0 || + mac->digestsize != 16) goto out_put_mac; inst = kzalloc(sizeof(*inst) + sizeof(*ictx), GFP_KERNEL); @@ -509,23 +509,27 @@ static int crypto_ccm_create_common(struct crypto_template *tmpl, ctr = crypto_spawn_skcipher_alg(&ictx->ctr); - /* Not a stream cipher? */ + /* The skcipher algorithm must be CTR mode, using 16-byte blocks. */ err = -EINVAL; - if (ctr->base.cra_blocksize != 1) + if (strncmp(ctr->base.cra_name, "ctr(", 4) != 0 || + crypto_skcipher_alg_ivsize(ctr) != 16 || + ctr->base.cra_blocksize != 1) goto err_drop_ctr; - /* We want the real thing! */ - if (crypto_skcipher_alg_ivsize(ctr) != 16) + /* ctr and cbcmac must use the same underlying block cipher. */ + if (strcmp(ctr->base.cra_name + 4, mac->base.cra_name + 7) != 0) goto err_drop_ctr; err = -ENAMETOOLONG; + if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, + "ccm(%s", ctr->base.cra_name + 4) >= CRYPTO_MAX_ALG_NAME) + goto err_drop_ctr; + if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "ccm_base(%s,%s)", ctr->base.cra_driver_name, mac->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME) goto err_drop_ctr; - memcpy(inst->alg.base.cra_name, full_name, CRYPTO_MAX_ALG_NAME); - inst->alg.base.cra_flags = ctr->base.cra_flags & CRYPTO_ALG_ASYNC; inst->alg.base.cra_priority = (mac->base.cra_priority + ctr->base.cra_priority) / 2; @@ -567,7 +571,6 @@ static int crypto_ccm_create(struct crypto_template *tmpl, struct rtattr **tb) const char *cipher_name; char ctr_name[CRYPTO_MAX_ALG_NAME]; char mac_name[CRYPTO_MAX_ALG_NAME]; - char full_name[CRYPTO_MAX_ALG_NAME]; cipher_name = crypto_attr_alg_name(tb[1]); if (IS_ERR(cipher_name)) @@ -581,35 +584,24 @@ static int crypto_ccm_create(struct crypto_template *tmpl, struct rtattr **tb) cipher_name) >= CRYPTO_MAX_ALG_NAME) return -ENAMETOOLONG; - if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "ccm(%s)", cipher_name) >= - CRYPTO_MAX_ALG_NAME) - return -ENAMETOOLONG; - - return crypto_ccm_create_common(tmpl, tb, full_name, ctr_name, - mac_name); + return crypto_ccm_create_common(tmpl, tb, ctr_name, mac_name); } static int crypto_ccm_base_create(struct crypto_template *tmpl, struct rtattr **tb) { const char *ctr_name; - const char *cipher_name; - char full_name[CRYPTO_MAX_ALG_NAME]; + const char *mac_name; ctr_name = crypto_attr_alg_name(tb[1]); if (IS_ERR(ctr_name)) return PTR_ERR(ctr_name); - cipher_name = crypto_attr_alg_name(tb[2]); - if (IS_ERR(cipher_name)) - return PTR_ERR(cipher_name); - - if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "ccm_base(%s,%s)", - ctr_name, cipher_name) >= CRYPTO_MAX_ALG_NAME) - return -ENAMETOOLONG; + mac_name = crypto_attr_alg_name(tb[2]); + if (IS_ERR(mac_name)) + return PTR_ERR(mac_name); - return crypto_ccm_create_common(tmpl, tb, full_name, ctr_name, - cipher_name); + return crypto_ccm_create_common(tmpl, tb, ctr_name, mac_name); } static int crypto_rfc4309_setkey(struct crypto_aead *parent, const u8 *key,

5 years, 9 months

3
2
0 0

[PATCH 4.4, 4.9] crypto: arm/aes-neonbs - don't access already-freed walk.iv

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> commit 767f015ea0b7ab9d60432ff6cd06b664fd71f50f upstream. [Please apply to 4.9-stable and earlier.] If the user-provided IV needs to be aligned to the algorithm's alignmask, then skcipher_walk_virt() copies the IV into a new aligned buffer walk.iv. But skcipher_walk_virt() can fail afterwards, and then if the caller unconditionally accesses walk.iv, it's a use-after-free. arm32 xts-aes-neonbs doesn't set an alignmask, so currently it isn't affected by this despite unconditionally accessing walk.iv. However this is more subtle than desired, and it was actually broken prior to the alignmask being removed by commit cc477bf64573 ("crypto: arm/aes - replace bit-sliced OpenSSL NEON code"). Thus, update xts-aes-neonbs to start checking the return value of skcipher_walk_virt(). Fixes: e4e7f10bfc40 ("ARM: add support for bit sliced AES using NEON instructions") Cc: <stable(a)vger.kernel.org> # v3.13+ Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> --- arch/arm/crypto/aesbs-glue.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/arm/crypto/aesbs-glue.c b/arch/arm/crypto/aesbs-glue.c index 5d934a0039d76..cb2486a526e66 100644 --- a/arch/arm/crypto/aesbs-glue.c +++ b/arch/arm/crypto/aesbs-glue.c @@ -265,6 +265,8 @@ static int aesbs_xts_encrypt(struct blkcipher_desc *desc, blkcipher_walk_init(&walk, dst, src, nbytes); err = blkcipher_walk_virt_block(desc, &walk, 8 * AES_BLOCK_SIZE); + if (err) + return err; /* generate the initial tweak */ AES_encrypt(walk.iv, walk.iv, &ctx->twkey); @@ -289,6 +291,8 @@ static int aesbs_xts_decrypt(struct blkcipher_desc *desc, blkcipher_walk_init(&walk, dst, src, nbytes); err = blkcipher_walk_virt_block(desc, &walk, 8 * AES_BLOCK_SIZE); + if (err) + return err; /* generate the initial tweak */ AES_encrypt(walk.iv, walk.iv, &ctx->twkey); -- 2.21.0.1020.gf2820cf01a-goog

5 years, 9 months

2
1
0 0

[PATCH 4.4, 4.9, 4.14] crypto: salsa20 - don't access already-freed walk.iv

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> commit edaf28e996af69222b2cb40455dbb5459c2b875a upstream. [Please apply to 4.14-stable and earlier.] If the user-provided IV needs to be aligned to the algorithm's alignmask, then skcipher_walk_virt() copies the IV into a new aligned buffer walk.iv. But skcipher_walk_virt() can fail afterwards, and then if the caller unconditionally accesses walk.iv, it's a use-after-free. salsa20-generic doesn't set an alignmask, so currently it isn't affected by this despite unconditionally accessing walk.iv. However this is more subtle than desired, and it was actually broken prior to the alignmask being removed by commit b62b3db76f73 ("crypto: salsa20-generic - cleanup and convert to skcipher API"). Since salsa20-generic does not update the IV and does not need any IV alignment, update it to use req->iv instead of walk.iv. Fixes: 2407d60872dd ("[CRYPTO] salsa20: Salsa20 stream cipher") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> --- crypto/salsa20_generic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/salsa20_generic.c b/crypto/salsa20_generic.c index d7da0eea5622a..319d9962552e1 100644 --- a/crypto/salsa20_generic.c +++ b/crypto/salsa20_generic.c @@ -186,7 +186,7 @@ static int encrypt(struct blkcipher_desc *desc, blkcipher_walk_init(&walk, dst, src, nbytes); err = blkcipher_walk_virt_block(desc, &walk, 64); - salsa20_ivsetup(ctx, walk.iv); + salsa20_ivsetup(ctx, desc->info); while (walk.nbytes >= 64) { salsa20_encrypt_bytes(ctx, walk.dst.virt.addr, -- 2.21.0.1020.gf2820cf01a-goog

5 years, 9 months

2
1
0 0

[PATCH 4.4] crypto: chacha20poly1305 - set cra_name correctly

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> commit 5e27f38f1f3f45a0c938299c3a34a2d2db77165a upstream. [Please apply to 4.4-stable.] If the rfc7539 template is instantiated with specific implementations, e.g. "rfc7539(chacha20-generic,poly1305-generic)" rather than "rfc7539(chacha20,poly1305)", then the implementation names end up included in the instance's cra_name. This is incorrect because it then prevents all users from allocating "rfc7539(chacha20,poly1305)", if the highest priority implementations of chacha20 and poly1305 were selected. Also, the self-tests aren't run on an instance allocated in this way. Fix it by setting the instance's cra_name from the underlying algorithms' actual cra_names, rather than from the requested names. This matches what other templates do. Fixes: 71ebc4d1b27d ("crypto: chacha20poly1305 - Add a ChaCha20-Poly1305 AEAD construction, RFC7539") Cc: <stable(a)vger.kernel.org> # v4.2+ Cc: Martin Willi <martin(a)strongswan.org> Signed-off-by: Eric Biggers <ebiggers(a)google.com> Reviewed-by: Martin Willi <martin(a)strongswan.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> --- crypto/chacha20poly1305.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/chacha20poly1305.c b/crypto/chacha20poly1305.c index 0214600ba071e..6c4724222e3a0 100644 --- a/crypto/chacha20poly1305.c +++ b/crypto/chacha20poly1305.c @@ -637,8 +637,8 @@ static int chachapoly_create(struct crypto_template *tmpl, struct rtattr **tb, err = -ENAMETOOLONG; if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME, - "%s(%s,%s)", name, chacha_name, - poly_name) >= CRYPTO_MAX_ALG_NAME) + "%s(%s,%s)", name, chacha->cra_name, + poly->cra_name) >= CRYPTO_MAX_ALG_NAME) goto out_drop_chacha; if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s(%s,%s)", name, chacha->cra_driver_name, -- 2.21.0.1020.gf2820cf01a-goog

5 years, 9 months

2
1
0 0

[PATCH 4.14] crypto: arm64/aes-neonbs - don't access already-freed walk.iv

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> commit 4a8108b70508df0b6c4ffa4a3974dab93dcbe851 upstream. [Please apply to 4.14-stable.] If the user-provided IV needs to be aligned to the algorithm's alignmask, then skcipher_walk_virt() copies the IV into a new aligned buffer walk.iv. But skcipher_walk_virt() can fail afterwards, and then if the caller unconditionally accesses walk.iv, it's a use-after-free. xts-aes-neonbs doesn't set an alignmask, so currently it isn't affected by this despite unconditionally accessing walk.iv. However this is more subtle than desired, and unconditionally accessing walk.iv has caused a real problem in other algorithms. Thus, update xts-aes-neonbs to start checking the return value of skcipher_walk_virt(). Fixes: 1abee99eafab ("crypto: arm64/aes - reimplement bit-sliced ARM/NEON implementation for arm64") Cc: <stable(a)vger.kernel.org> # v4.11+ Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> --- arch/arm64/crypto/aes-neonbs-glue.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/crypto/aes-neonbs-glue.c b/arch/arm64/crypto/aes-neonbs-glue.c index c55d68ccb89f8..52975817fdb66 100644 --- a/arch/arm64/crypto/aes-neonbs-glue.c +++ b/arch/arm64/crypto/aes-neonbs-glue.c @@ -307,6 +307,8 @@ static int __xts_crypt(struct skcipher_request *req, int err; err = skcipher_walk_virt(&walk, req, true); + if (err) + return err; kernel_neon_begin(); -- 2.21.0.1020.gf2820cf01a-goog

5 years, 9 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror May 2019