<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/crypto/crypto_user.c, branch linux-3.16.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>crypto: user - fix memory leak in crypto_report</title>
<updated>2019-12-10T18:01:32+00:00</updated>
<author>
<name>Navid Emamdoost</name>
<email>navid.emamdoost@gmail.com</email>
</author>
<published>2019-10-04T19:29:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=52373b487ee420c43e1d9d01b4b8c11bb6e9bdbf'/>
<id>52373b487ee420c43e1d9d01b4b8c11bb6e9bdbf</id>
<content type='text'>
commit ffdde5932042600c6807d46c1550b28b0db6a3bc upstream.

In crypto_report, a new skb is created via nlmsg_new(). This skb should
be released if crypto_report_alg() fails.

Fixes: a38f7907b926 ("crypto: Add userspace configuration API")
Signed-off-by: Navid Emamdoost &lt;navid.emamdoost@gmail.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
[bwh: Backported to 3.16: adjust filename]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit ffdde5932042600c6807d46c1550b28b0db6a3bc upstream.

In crypto_report, a new skb is created via nlmsg_new(). This skb should
be released if crypto_report_alg() fails.

Fixes: a38f7907b926 ("crypto: Add userspace configuration API")
Signed-off-by: Navid Emamdoost &lt;navid.emamdoost@gmail.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
[bwh: Backported to 3.16: adjust filename]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: user - Fix crypto_alg_match race</title>
<updated>2019-12-10T18:01:32+00:00</updated>
<author>
<name>Herbert Xu</name>
<email>herbert@gondor.apana.org.au</email>
</author>
<published>2015-04-07T13:27:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ea8e4f792da5652f23481231e252f06221b73445'/>
<id>ea8e4f792da5652f23481231e252f06221b73445</id>
<content type='text'>
commit 016baaa1183bb0c5fb2a7de42413bba8a51c1bc8 upstream.

The function crypto_alg_match returns an algorithm without taking
any references on it.  This means that the algorithm can be freed
at any time, therefore all users of crypto_alg_match are buggy.

This patch fixes this by taking a reference count on the algorithm
to prevent such races.

Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 016baaa1183bb0c5fb2a7de42413bba8a51c1bc8 upstream.

The function crypto_alg_match returns an algorithm without taking
any references on it.  This means that the algorithm can be freed
at any time, therefore all users of crypto_alg_match are buggy.

This patch fixes this by taking a reference count on the algorithm
to prevent such races.

Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: user - prevent operating on larval algorithms</title>
<updated>2019-10-05T15:20:08+00:00</updated>
<author>
<name>Eric Biggers</name>
<email>ebiggers@google.com</email>
</author>
<published>2019-07-02T21:17:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4d8a6e79c53c3ffd2bb794f94006f0ef856020fd'/>
<id>4d8a6e79c53c3ffd2bb794f94006f0ef856020fd</id>
<content type='text'>
commit 21d4120ec6f5b5992b01b96ac484701163917b63 upstream.

Michal Suchanek reported [1] that running the pcrypt_aead01 test from
LTP [2] in a loop and holding Ctrl-C causes a NULL dereference of
alg-&gt;cra_users.next in crypto_remove_spawns(), via crypto_del_alg().
The test repeatedly uses CRYPTO_MSG_NEWALG and CRYPTO_MSG_DELALG.

The crash occurs when the instance that CRYPTO_MSG_DELALG is trying to
unregister isn't a real registered algorithm, but rather is a "test
larval", which is a special "algorithm" added to the algorithms list
while the real algorithm is still being tested.  Larvals don't have
initialized cra_users, so that causes the crash.  Normally pcrypt_aead01
doesn't trigger this because CRYPTO_MSG_NEWALG waits for the algorithm
to be tested; however, CRYPTO_MSG_NEWALG returns early when interrupted.

Everything else in the "crypto user configuration" API has this same bug
too, i.e. it inappropriately allows operating on larval algorithms
(though it doesn't look like the other cases can cause a crash).

Fix this by making crypto_alg_match() exclude larval algorithms.

[1] https://lkml.kernel.org/r/20190625071624.27039-1-msuchanek@suse.de
[2] https://github.com/linux-test-project/ltp/blob/20190517/testcases/kernel/crypto/pcrypt_aead01.c

Reported-by: Michal Suchanek &lt;msuchanek@suse.de&gt;
Fixes: a38f7907b926 ("crypto: Add userspace configuration API")
Cc: Steffen Klassert &lt;steffen.klassert@secunet.com&gt;
Signed-off-by: Eric Biggers &lt;ebiggers@google.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
[bwh: Backported to 3.16: adjust filename]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 21d4120ec6f5b5992b01b96ac484701163917b63 upstream.

Michal Suchanek reported [1] that running the pcrypt_aead01 test from
LTP [2] in a loop and holding Ctrl-C causes a NULL dereference of
alg-&gt;cra_users.next in crypto_remove_spawns(), via crypto_del_alg().
The test repeatedly uses CRYPTO_MSG_NEWALG and CRYPTO_MSG_DELALG.

The crash occurs when the instance that CRYPTO_MSG_DELALG is trying to
unregister isn't a real registered algorithm, but rather is a "test
larval", which is a special "algorithm" added to the algorithms list
while the real algorithm is still being tested.  Larvals don't have
initialized cra_users, so that causes the crash.  Normally pcrypt_aead01
doesn't trigger this because CRYPTO_MSG_NEWALG waits for the algorithm
to be tested; however, CRYPTO_MSG_NEWALG returns early when interrupted.

Everything else in the "crypto user configuration" API has this same bug
too, i.e. it inappropriately allows operating on larval algorithms
(though it doesn't look like the other cases can cause a crash).

Fix this by making crypto_alg_match() exclude larval algorithms.

[1] https://lkml.kernel.org/r/20190625071624.27039-1-msuchanek@suse.de
[2] https://github.com/linux-test-project/ltp/blob/20190517/testcases/kernel/crypto/pcrypt_aead01.c

Reported-by: Michal Suchanek &lt;msuchanek@suse.de&gt;
Fixes: a38f7907b926 ("crypto: Add userspace configuration API")
Cc: Steffen Klassert &lt;steffen.klassert@secunet.com&gt;
Signed-off-by: Eric Biggers &lt;ebiggers@google.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
[bwh: Backported to 3.16: adjust filename]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: user - support incremental algorithm dumps</title>
<updated>2019-04-04T15:13:49+00:00</updated>
<author>
<name>Eric Biggers</name>
<email>ebiggers@google.com</email>
</author>
<published>2018-12-06T23:55:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e6f592986433f9b3ef79ab5c2197b9badac370f4'/>
<id>e6f592986433f9b3ef79ab5c2197b9badac370f4</id>
<content type='text'>
commit 0ac6b8fb23c724b015d9ca70a89126e8d1563166 upstream.

CRYPTO_MSG_GETALG in NLM_F_DUMP mode sometimes doesn't return all
registered crypto algorithms, because it doesn't support incremental
dumps.  crypto_dump_report() only permits itself to be called once, yet
the netlink subsystem allocates at most ~64 KiB for the skb being dumped
to.  Thus only the first recvmsg() returns data, and it may only include
a subset of the crypto algorithms even if the user buffer passed to
recvmsg() is large enough to hold all of them.

Fix this by using one of the arguments in the netlink_callback structure
to keep track of the current position in the algorithm list.  Then
userspace can do multiple recvmsg() on the socket after sending the dump
request.  This is the way netlink dumps work elsewhere in the kernel;
it's unclear why this was different (probably just an oversight).

Also fix an integer overflow when calculating the dump buffer size hint.

Fixes: a38f7907b926 ("crypto: Add userspace configuration API")
Signed-off-by: Eric Biggers &lt;ebiggers@google.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
[bwh: Backported to 3.16: adjust filename]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 0ac6b8fb23c724b015d9ca70a89126e8d1563166 upstream.

CRYPTO_MSG_GETALG in NLM_F_DUMP mode sometimes doesn't return all
registered crypto algorithms, because it doesn't support incremental
dumps.  crypto_dump_report() only permits itself to be called once, yet
the netlink subsystem allocates at most ~64 KiB for the skb being dumped
to.  Thus only the first recvmsg() returns data, and it may only include
a subset of the crypto algorithms even if the user buffer passed to
recvmsg() is large enough to hold all of them.

Fix this by using one of the arguments in the netlink_callback structure
to keep track of the current position in the algorithm list.  Then
userspace can do multiple recvmsg() on the socket after sending the dump
request.  This is the way netlink dumps work elsewhere in the kernel;
it's unclear why this was different (probably just an oversight).

Also fix an integer overflow when calculating the dump buffer size hint.

Fixes: a38f7907b926 ("crypto: Add userspace configuration API")
Signed-off-by: Eric Biggers &lt;ebiggers@google.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
[bwh: Backported to 3.16: adjust filename]
Signed-off-by: Ben Hutchings &lt;ben@decadent.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: user - lock crypto_alg_list on alg dump</title>
<updated>2016-02-25T10:34:46+00:00</updated>
<author>
<name>Mathias Krause</name>
<email>minipli@googlemail.com</email>
</author>
<published>2016-02-01T13:27:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=113241155f8133906a549cffafc60957fddaaa5f'/>
<id>113241155f8133906a549cffafc60957fddaaa5f</id>
<content type='text'>
commit 63e41ebc6630f39422d87f8a4bade1e793f37a01 upstream.

We miss to take the crypto_alg_sem semaphore when traversing the
crypto_alg_list for CRYPTO_MSG_GETALG dumps. This allows a race with
crypto_unregister_alg() removing algorithms from the list while we're
still traversing it, thereby leading to a use-after-free as show below:

[ 3482.071639] general protection fault: 0000 [#1] SMP
[ 3482.075639] Modules linked in: aes_x86_64 glue_helper lrw ablk_helper cryptd gf128mul ipv6 pcspkr serio_raw virtio_net microcode virtio_pci virtio_ring virtio sr_mod cdrom [last unloaded: aesni_intel]
[ 3482.075639] CPU: 1 PID: 11065 Comm: crconf Not tainted 4.3.4-grsec+ #126
[ 3482.075639] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 3482.075639] task: ffff88001cd41a40 ti: ffff88001cd422c8 task.ti: ffff88001cd422c8
[ 3482.075639] RIP: 0010:[&lt;ffffffff93722bd3&gt;]  [&lt;ffffffff93722bd3&gt;] strncpy+0x13/0x30
[ 3482.075639] RSP: 0018:ffff88001f713b60  EFLAGS: 00010202
[ 3482.075639] RAX: ffff88001f6c4430 RBX: ffff88001f6c43a0 RCX: ffff88001f6c4430
[ 3482.075639] RDX: 0000000000000040 RSI: fefefefefefeff16 RDI: ffff88001f6c4430
[ 3482.075639] RBP: ffff88001f713b60 R08: ffff88001f6c4470 R09: ffff88001f6c4480
[ 3482.075639] R10: 0000000000000002 R11: 0000000000000246 R12: ffff88001ce2aa28
[ 3482.075639] R13: ffff880000093700 R14: ffff88001f5e4bf8 R15: 0000000000003b20
[ 3482.075639] FS:  0000033826fa2700(0000) GS:ffff88001e900000(0000) knlGS:0000000000000000
[ 3482.075639] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3482.075639] CR2: ffffffffff600400 CR3: 00000000139ec000 CR4: 00000000001606f0
[ 3482.075639] Stack:
[ 3482.075639]  ffff88001f713bd8 ffffffff936ccd00 ffff88001e5c4200 ffff880000093700
[ 3482.075639]  ffff88001f713bd0 ffffffff938ef4bf 0000000000000000 0000000000003b20
[ 3482.075639]  ffff88001f5e4bf8 ffff88001f5e4848 0000000000000000 0000000000003b20
[ 3482.075639] Call Trace:
[ 3482.075639]  [&lt;ffffffff936ccd00&gt;] crypto_report_alg+0xc0/0x3e0
[ 3482.075639]  [&lt;ffffffff938ef4bf&gt;] ? __alloc_skb+0x16f/0x300
[ 3482.075639]  [&lt;ffffffff936cd08a&gt;] crypto_dump_report+0x6a/0x90
[ 3482.075639]  [&lt;ffffffff93935707&gt;] netlink_dump+0x147/0x2e0
[ 3482.075639]  [&lt;ffffffff93935f99&gt;] __netlink_dump_start+0x159/0x190
[ 3482.075639]  [&lt;ffffffff936ccb13&gt;] crypto_user_rcv_msg+0xc3/0x130
[ 3482.075639]  [&lt;ffffffff936cd020&gt;] ? crypto_report_alg+0x3e0/0x3e0
[ 3482.075639]  [&lt;ffffffff936cc4b0&gt;] ? alg_test_crc32c+0x120/0x120
[ 3482.075639]  [&lt;ffffffff93933145&gt;] ? __netlink_lookup+0xd5/0x120
[ 3482.075639]  [&lt;ffffffff936cca50&gt;] ? crypto_add_alg+0x1d0/0x1d0
[ 3482.075639]  [&lt;ffffffff93938141&gt;] netlink_rcv_skb+0xe1/0x130
[ 3482.075639]  [&lt;ffffffff936cc4f8&gt;] crypto_netlink_rcv+0x28/0x40
[ 3482.075639]  [&lt;ffffffff939375a8&gt;] netlink_unicast+0x108/0x180
[ 3482.075639]  [&lt;ffffffff93937c21&gt;] netlink_sendmsg+0x541/0x770
[ 3482.075639]  [&lt;ffffffff938e31e1&gt;] sock_sendmsg+0x21/0x40
[ 3482.075639]  [&lt;ffffffff938e4763&gt;] SyS_sendto+0xf3/0x130
[ 3482.075639]  [&lt;ffffffff93444203&gt;] ? bad_area_nosemaphore+0x13/0x20
[ 3482.075639]  [&lt;ffffffff93444470&gt;] ? __do_page_fault+0x80/0x3a0
[ 3482.075639]  [&lt;ffffffff939d80cb&gt;] entry_SYSCALL_64_fastpath+0x12/0x6e
[ 3482.075639] Code: 88 4a ff 75 ed 5d 48 0f ba 2c 24 3f c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 85 d2 48 89 f8 48 89 f9 4c 8d 04 17 48 89 e5 74 15 &lt;0f&gt; b6 16 80 fa 01 88 11 48 83 de ff 48 83 c1 01 4c 39 c1 75 eb
[ 3482.075639] RIP  [&lt;ffffffff93722bd3&gt;] strncpy+0x13/0x30

To trigger the race run the following loops simultaneously for a while:
  $ while : ; do modprobe aesni-intel; rmmod aesni-intel; done
  $ while : ; do crconf show all &gt; /dev/null; done

Fix the race by taking the crypto_alg_sem read lock, thereby preventing
crypto_unregister_alg() from modifying the algorithm list during the
dump.

This bug has been detected by the PaX memory sanitize feature.

Signed-off-by: Mathias Krause &lt;minipli@googlemail.com&gt;
Cc: Steffen Klassert &lt;steffen.klassert@secunet.com&gt;
Cc: PaX Team &lt;pageexec@freemail.hu&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 63e41ebc6630f39422d87f8a4bade1e793f37a01 upstream.

We miss to take the crypto_alg_sem semaphore when traversing the
crypto_alg_list for CRYPTO_MSG_GETALG dumps. This allows a race with
crypto_unregister_alg() removing algorithms from the list while we're
still traversing it, thereby leading to a use-after-free as show below:

[ 3482.071639] general protection fault: 0000 [#1] SMP
[ 3482.075639] Modules linked in: aes_x86_64 glue_helper lrw ablk_helper cryptd gf128mul ipv6 pcspkr serio_raw virtio_net microcode virtio_pci virtio_ring virtio sr_mod cdrom [last unloaded: aesni_intel]
[ 3482.075639] CPU: 1 PID: 11065 Comm: crconf Not tainted 4.3.4-grsec+ #126
[ 3482.075639] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 3482.075639] task: ffff88001cd41a40 ti: ffff88001cd422c8 task.ti: ffff88001cd422c8
[ 3482.075639] RIP: 0010:[&lt;ffffffff93722bd3&gt;]  [&lt;ffffffff93722bd3&gt;] strncpy+0x13/0x30
[ 3482.075639] RSP: 0018:ffff88001f713b60  EFLAGS: 00010202
[ 3482.075639] RAX: ffff88001f6c4430 RBX: ffff88001f6c43a0 RCX: ffff88001f6c4430
[ 3482.075639] RDX: 0000000000000040 RSI: fefefefefefeff16 RDI: ffff88001f6c4430
[ 3482.075639] RBP: ffff88001f713b60 R08: ffff88001f6c4470 R09: ffff88001f6c4480
[ 3482.075639] R10: 0000000000000002 R11: 0000000000000246 R12: ffff88001ce2aa28
[ 3482.075639] R13: ffff880000093700 R14: ffff88001f5e4bf8 R15: 0000000000003b20
[ 3482.075639] FS:  0000033826fa2700(0000) GS:ffff88001e900000(0000) knlGS:0000000000000000
[ 3482.075639] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3482.075639] CR2: ffffffffff600400 CR3: 00000000139ec000 CR4: 00000000001606f0
[ 3482.075639] Stack:
[ 3482.075639]  ffff88001f713bd8 ffffffff936ccd00 ffff88001e5c4200 ffff880000093700
[ 3482.075639]  ffff88001f713bd0 ffffffff938ef4bf 0000000000000000 0000000000003b20
[ 3482.075639]  ffff88001f5e4bf8 ffff88001f5e4848 0000000000000000 0000000000003b20
[ 3482.075639] Call Trace:
[ 3482.075639]  [&lt;ffffffff936ccd00&gt;] crypto_report_alg+0xc0/0x3e0
[ 3482.075639]  [&lt;ffffffff938ef4bf&gt;] ? __alloc_skb+0x16f/0x300
[ 3482.075639]  [&lt;ffffffff936cd08a&gt;] crypto_dump_report+0x6a/0x90
[ 3482.075639]  [&lt;ffffffff93935707&gt;] netlink_dump+0x147/0x2e0
[ 3482.075639]  [&lt;ffffffff93935f99&gt;] __netlink_dump_start+0x159/0x190
[ 3482.075639]  [&lt;ffffffff936ccb13&gt;] crypto_user_rcv_msg+0xc3/0x130
[ 3482.075639]  [&lt;ffffffff936cd020&gt;] ? crypto_report_alg+0x3e0/0x3e0
[ 3482.075639]  [&lt;ffffffff936cc4b0&gt;] ? alg_test_crc32c+0x120/0x120
[ 3482.075639]  [&lt;ffffffff93933145&gt;] ? __netlink_lookup+0xd5/0x120
[ 3482.075639]  [&lt;ffffffff936cca50&gt;] ? crypto_add_alg+0x1d0/0x1d0
[ 3482.075639]  [&lt;ffffffff93938141&gt;] netlink_rcv_skb+0xe1/0x130
[ 3482.075639]  [&lt;ffffffff936cc4f8&gt;] crypto_netlink_rcv+0x28/0x40
[ 3482.075639]  [&lt;ffffffff939375a8&gt;] netlink_unicast+0x108/0x180
[ 3482.075639]  [&lt;ffffffff93937c21&gt;] netlink_sendmsg+0x541/0x770
[ 3482.075639]  [&lt;ffffffff938e31e1&gt;] sock_sendmsg+0x21/0x40
[ 3482.075639]  [&lt;ffffffff938e4763&gt;] SyS_sendto+0xf3/0x130
[ 3482.075639]  [&lt;ffffffff93444203&gt;] ? bad_area_nosemaphore+0x13/0x20
[ 3482.075639]  [&lt;ffffffff93444470&gt;] ? __do_page_fault+0x80/0x3a0
[ 3482.075639]  [&lt;ffffffff939d80cb&gt;] entry_SYSCALL_64_fastpath+0x12/0x6e
[ 3482.075639] Code: 88 4a ff 75 ed 5d 48 0f ba 2c 24 3f c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 85 d2 48 89 f8 48 89 f9 4c 8d 04 17 48 89 e5 74 15 &lt;0f&gt; b6 16 80 fa 01 88 11 48 83 de ff 48 83 c1 01 4c 39 c1 75 eb
[ 3482.075639] RIP  [&lt;ffffffff93722bd3&gt;] strncpy+0x13/0x30

To trigger the race run the following loops simultaneously for a while:
  $ while : ; do modprobe aesni-intel; rmmod aesni-intel; done
  $ while : ; do crconf show all &gt; /dev/null; done

Fix the race by taking the crypto_alg_sem read lock, thereby preventing
crypto_unregister_alg() from modifying the algorithm list during the
dump.

This bug has been detected by the PaX memory sanitize feature.

Signed-off-by: Mathias Krause &lt;minipli@googlemail.com&gt;
Cc: Steffen Klassert &lt;steffen.klassert@secunet.com&gt;
Cc: PaX Team &lt;pageexec@freemail.hu&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: api - Only abort operations on fatal signal</title>
<updated>2015-11-16T11:27:09+00:00</updated>
<author>
<name>Herbert Xu</name>
<email>herbert@gondor.apana.org.au</email>
</author>
<published>2015-10-19T10:23:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=b5d9cdc941b641d20cf8b7579a1e0af866c12f13'/>
<id>b5d9cdc941b641d20cf8b7579a1e0af866c12f13</id>
<content type='text'>
commit 3fc89adb9fa4beff31374a4bf50b3d099d88ae83 upstream.

Currently a number of Crypto API operations may fail when a signal
occurs.  This causes nasty problems as the caller of those operations
are often not in a good position to restart the operation.

In fact there is currently no need for those operations to be
interrupted by user signals at all.  All we need is for them to
be killable.

This patch replaces the relevant calls of signal_pending with
fatal_signal_pending, and wait_for_completion_interruptible with
wait_for_completion_killable, respectively.

Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 3fc89adb9fa4beff31374a4bf50b3d099d88ae83 upstream.

Currently a number of Crypto API operations may fail when a signal
occurs.  This causes nasty problems as the caller of those operations
are often not in a good position to restart the operation.

In fact there is currently no need for those operations to be
interrupted by user signals at all.  All we need is for them to
be killable.

This patch replaces the relevant calls of signal_pending with
fatal_signal_pending, and wait_for_completion_interruptible with
wait_for_completion_killable, respectively.

Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Signed-off-by: Luis Henriques &lt;luis.henriques@canonical.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6 into next</title>
<updated>2014-06-08T02:44:40+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2014-06-08T02:44:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=639b4ac691c6f6e48921dc576379c176f82f3250'/>
<id>639b4ac691c6f6e48921dc576379c176f82f3250</id>
<content type='text'>
Pull crypto updates from Herbert Xu:
 "Here is the crypto update for 3.16:

   - Added test vectors for SHA/AES-CCM/DES-CBC/3DES-CBC.
   - Fixed a number of error-path memory leaks in tcrypt.
   - Fixed error-path memory leak in caam.
   - Removed unnecessary global mutex from mxs-dcp.
   - Added ahash walk interface that can actually be asynchronous.
   - Cleaned up caam error reporting.
   - Allow crypto_user get operation to be used by non-root users.
   - Add support for SSS module on Exynos.
   - Misc fixes"

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6: (60 commits)
  crypto: testmgr - add aead cbc des, des3_ede tests
  crypto: testmgr - Fix DMA-API warning
  crypto: cesa - tfm-&gt;__crt_alg-&gt;cra_type directly
  crypto: sahara - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: padlock - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: n2 - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: dcp - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: cesa - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: ccp - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: geode - Don't use tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: geode - Weed out printk() from probe()
  crypto: geode - Consistently use AES_KEYSIZE_128
  crypto: geode - Kill AES_IV_LENGTH
  crypto: geode - Kill AES_MIN_BLOCK_SIZE
  crypto: mxs-dcp - Remove global mutex
  crypto: hash - Add real ahash walk interface
  hwrng: n2-drv - Introduce the use of the managed version of kzalloc
  crypto: caam - reinitialize keys_fit_inline for decrypt and givencrypt
  crypto: s5p-sss - fix multiplatform build
  hwrng: timeriomem - remove unnecessary OOM messages
  ...
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull crypto updates from Herbert Xu:
 "Here is the crypto update for 3.16:

   - Added test vectors for SHA/AES-CCM/DES-CBC/3DES-CBC.
   - Fixed a number of error-path memory leaks in tcrypt.
   - Fixed error-path memory leak in caam.
   - Removed unnecessary global mutex from mxs-dcp.
   - Added ahash walk interface that can actually be asynchronous.
   - Cleaned up caam error reporting.
   - Allow crypto_user get operation to be used by non-root users.
   - Add support for SSS module on Exynos.
   - Misc fixes"

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6: (60 commits)
  crypto: testmgr - add aead cbc des, des3_ede tests
  crypto: testmgr - Fix DMA-API warning
  crypto: cesa - tfm-&gt;__crt_alg-&gt;cra_type directly
  crypto: sahara - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: padlock - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: n2 - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: dcp - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: cesa - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: ccp - tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: geode - Don't use tfm-&gt;__crt_alg-&gt;cra_name directly
  crypto: geode - Weed out printk() from probe()
  crypto: geode - Consistently use AES_KEYSIZE_128
  crypto: geode - Kill AES_IV_LENGTH
  crypto: geode - Kill AES_MIN_BLOCK_SIZE
  crypto: mxs-dcp - Remove global mutex
  crypto: hash - Add real ahash walk interface
  hwrng: n2-drv - Introduce the use of the managed version of kzalloc
  crypto: caam - reinitialize keys_fit_inline for decrypt and givencrypt
  crypto: s5p-sss - fix multiplatform build
  hwrng: timeriomem - remove unnecessary OOM messages
  ...
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: user - Allow CRYPTO_MSG_GETALG without CAP_NET_ADMIN</title>
<updated>2014-05-08T13:58:12+00:00</updated>
<author>
<name>Matthias-Christian Ott</name>
<email>ott@mirix.org</email>
</author>
<published>2014-05-08T13:58:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c568398aa05f852592d0e2b1dc893e6c5c14971c'/>
<id>c568398aa05f852592d0e2b1dc893e6c5c14971c</id>
<content type='text'>
CRYPTO_USER requires CAP_NET_ADMIN for all operations. Most information
provided by CRYPTO_MSG_GETALG is also accessible through /proc/modules
and AF_ALG. CRYPTO_MSG_GETALG should not require CAP_NET_ADMIN so that
processes without CAP_NET_ADMIN can use CRYPTO_MSG_GETALG to get cipher
details, such as cipher priorities, for AF_ALG.

Signed-off-by: Matthias-Christian Ott &lt;ott@mirix.org&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
CRYPTO_USER requires CAP_NET_ADMIN for all operations. Most information
provided by CRYPTO_MSG_GETALG is also accessible through /proc/modules
and AF_ALG. CRYPTO_MSG_GETALG should not require CAP_NET_ADMIN so that
processes without CAP_NET_ADMIN can use CRYPTO_MSG_GETALG to get cipher
details, such as cipher priorities, for AF_ALG.

Signed-off-by: Matthias-Christian Ott &lt;ott@mirix.org&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>net: Use netlink_ns_capable to verify the permisions of netlink messages</title>
<updated>2014-04-24T17:44:54+00:00</updated>
<author>
<name>Eric W. Biederman</name>
<email>ebiederm@xmission.com</email>
</author>
<published>2014-04-23T21:29:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=90f62cf30a78721641e08737bda787552428061e'/>
<id>90f62cf30a78721641e08737bda787552428061e</id>
<content type='text'>
It is possible by passing a netlink socket to a more privileged
executable and then to fool that executable into writing to the socket
data that happens to be valid netlink message to do something that
privileged executable did not intend to do.

To keep this from happening replace bare capable and ns_capable calls
with netlink_capable, netlink_net_calls and netlink_ns_capable calls.
Which act the same as the previous calls except they verify that the
opener of the socket had the desired permissions as well.

Reported-by: Andy Lutomirski &lt;luto@amacapital.net&gt;
Signed-off-by: "Eric W. Biederman" &lt;ebiederm@xmission.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
It is possible by passing a netlink socket to a more privileged
executable and then to fool that executable into writing to the socket
data that happens to be valid netlink message to do something that
privileged executable did not intend to do.

To keep this from happening replace bare capable and ns_capable calls
with netlink_capable, netlink_net_calls and netlink_ns_capable calls.
Which act the same as the previous calls except they verify that the
opener of the socket had the desired permissions as well.

Reported-by: Andy Lutomirski &lt;luto@amacapital.net&gt;
Signed-off-by: "Eric W. Biederman" &lt;ebiederm@xmission.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: user - constify netlink dispatch table</title>
<updated>2013-03-10T08:46:43+00:00</updated>
<author>
<name>Mathias Krause</name>
<email>minipli@googlemail.com</email>
</author>
<published>2013-02-24T13:09:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a84fb791cb467851772a9196c05531be4abaf1bb'/>
<id>a84fb791cb467851772a9196c05531be4abaf1bb</id>
<content type='text'>
There is no need to modify the netlink dispatch table at runtime and
making it const even makes the resulting object file slightly smaller.

Cc: Steffen Klassert &lt;steffen.klassert@secunet.com&gt;
Signed-off-by: Mathias Krause &lt;minipli@googlemail.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
There is no need to modify the netlink dispatch table at runtime and
making it const even makes the resulting object file slightly smaller.

Cc: Steffen Klassert &lt;steffen.klassert@secunet.com&gt;
Signed-off-by: Mathias Krause &lt;minipli@googlemail.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
</feed>
