6.15-stable patches

added patches:
	crypto-s390-sha-fix-uninitialized-variable-in-sha-1-and-sha-2.patch

diff --git a/queue-6.15/crypto-s390-sha-fix-uninitialized-variable-in-sha-1-and-sha-2.patch b/queue-6.15/crypto-s390-sha-fix-uninitialized-variable-in-sha-1-and-sha-2.patch
new file mode 100644 (file)
index 0000000..fc2f229
--- /dev/null
+++ b/queue-6.15/crypto-s390-sha-fix-uninitialized-variable-in-sha-1-and-sha-2.patch
@@ -0,0 +1,114 @@
+From 68279380266a5fa70e664de754503338e2ec3f43 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@kernel.org>
+Date: Thu, 3 Jul 2025 10:23:16 -0700
+Subject: crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2
+
+From: Eric Biggers <ebiggers@kernel.org>
+
+commit 68279380266a5fa70e664de754503338e2ec3f43 upstream.
+
+Commit 88c02b3f79a6 ("s390/sha3: Support sha3 performance enhancements")
+added the field s390_sha_ctx::first_message_part and made it be used by
+s390_sha_update() (now s390_sha_update_blocks()).  At the time,
+s390_sha_update() was used by all the s390 SHA-1, SHA-2, and SHA-3
+algorithms.  However, only the initialization functions for SHA-3 were
+updated, leaving SHA-1 and SHA-2 using first_message_part uninitialized.
+
+This could cause e.g. the function code CPACF_KIMD_SHA_512 |
+CPACF_KIMD_NIP to be used instead of just CPACF_KIMD_SHA_512.  This
+apparently was harmless, as the SHA-1 and SHA-2 function codes ignore
+CPACF_KIMD_NIP; it is recognized only by the SHA-3 function codes
+(https://lore.kernel.org/r/73477fe9-a1dc-4e38-98a6-eba9921e8afa@linux.ibm.com/).
+Therefore, this bug was found only when first_message_part was later
+converted to a boolean and UBSAN detected its uninitialized use.
+Regardless, let's fix this by just initializing to zero.
+
+Note: in 6.16, we need to patch SHA-1, SHA-384, and SHA-512.  In 6.15
+and earlier, we'll also need to patch SHA-224 and SHA-256, as they
+hadn't yet been librarified (which incidentally fixed this bug).
+
+Fixes: 88c02b3f79a6 ("s390/sha3: Support sha3 performance enhancements")
+Cc: stable@vger.kernel.org
+Reported-by: Ingo Franzki <ifranzki@linux.ibm.com>
+Closes: https://lore.kernel.org/r/12740696-595c-4604-873e-aefe8b405fbf@linux.ibm.com
+Acked-by: Heiko Carstens <hca@linux.ibm.com>
+Link: https://lore.kernel.org/r/20250703172316.7914-1-ebiggers@kernel.org
+Signed-off-by: Eric Biggers <ebiggers@kernel.org>
+Signed-off-by: Eric Biggers <ebiggers@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/s390/crypto/sha1_s390.c   |    2 ++
+ arch/s390/crypto/sha256_s390.c |    3 +++
+ arch/s390/crypto/sha512_s390.c |    3 +++
+ 3 files changed, 8 insertions(+)
+
+--- a/arch/s390/crypto/sha1_s390.c
++++ b/arch/s390/crypto/sha1_s390.c
+@@ -38,6 +38,7 @@ static int s390_sha1_init(struct shash_d
+       sctx->state[4] = SHA1_H4;
+       sctx->count = 0;
+       sctx->func = CPACF_KIMD_SHA_1;
++      sctx->first_message_part = 0;
+ 
+       return 0;
+ }
+@@ -62,6 +63,7 @@ static int s390_sha1_import(struct shash
+       memcpy(sctx->state, ictx->state, sizeof(ictx->state));
+       memcpy(sctx->buf, ictx->buffer, sizeof(ictx->buffer));
+       sctx->func = CPACF_KIMD_SHA_1;
++      sctx->first_message_part = 0;
+       return 0;
+ }
+ 
+--- a/arch/s390/crypto/sha256_s390.c
++++ b/arch/s390/crypto/sha256_s390.c
+@@ -31,6 +31,7 @@ static int s390_sha256_init(struct shash
+       sctx->state[7] = SHA256_H7;
+       sctx->count = 0;
+       sctx->func = CPACF_KIMD_SHA_256;
++      sctx->first_message_part = 0;
+ 
+       return 0;
+ }
+@@ -55,6 +56,7 @@ static int sha256_import(struct shash_de
+       memcpy(sctx->state, ictx->state, sizeof(ictx->state));
+       memcpy(sctx->buf, ictx->buf, sizeof(ictx->buf));
+       sctx->func = CPACF_KIMD_SHA_256;
++      sctx->first_message_part = 0;
+       return 0;
+ }
+ 
+@@ -90,6 +92,7 @@ static int s390_sha224_init(struct shash
+       sctx->state[7] = SHA224_H7;
+       sctx->count = 0;
+       sctx->func = CPACF_KIMD_SHA_256;
++      sctx->first_message_part = 0;
+ 
+       return 0;
+ }
+--- a/arch/s390/crypto/sha512_s390.c
++++ b/arch/s390/crypto/sha512_s390.c
+@@ -32,6 +32,7 @@ static int sha512_init(struct shash_desc
+       *(__u64 *)&ctx->state[14] = SHA512_H7;
+       ctx->count = 0;
+       ctx->func = CPACF_KIMD_SHA_512;
++      ctx->first_message_part = 0;
+ 
+       return 0;
+ }
+@@ -60,6 +61,7 @@ static int sha512_import(struct shash_de
+       memcpy(sctx->state, ictx->state, sizeof(ictx->state));
+       memcpy(sctx->buf, ictx->buf, sizeof(ictx->buf));
+       sctx->func = CPACF_KIMD_SHA_512;
++      sctx->first_message_part = 0;
+       return 0;
+ }
+ 
+@@ -97,6 +99,7 @@ static int sha384_init(struct shash_desc
+       *(__u64 *)&ctx->state[14] = SHA384_H7;
+       ctx->count = 0;
+       ctx->func = CPACF_KIMD_SHA_512;
++      ctx->first_message_part = 0;
+ 
+       return 0;
+ }

diff --git a/queue-6.15/series b/queue-6.15/series
index a4aad85866f4a1b4209e88d2130ba0d16711e8de..c3d542fc77d01a92f94bd140786d8ee4794976f7 100644 (file)
--- a/queue-6.15/series
+++ b/queue-6.15/series
@@ -45,3 +45,4 @@ atm-clip-fix-null-pointer-dereference-in-vcc_sendmsg.patch
 net-ethernet-ti-am65-cpsw-nuss-fix-skb-size-by-accou.patch
 net-sched-abort-__tc_modify_qdisc-if-parent-class-do.patch
 rxrpc-fix-bug-due-to-prealloc-collision.patch
+crypto-s390-sha-fix-uninitialized-variable-in-sha-1-and-sha-2.patch