--- /dev/null
+From 48e4fd6d54f54d0ceab5a952d73e47a9454a6ccb Mon Sep 17 00:00:00 2001
+From: Stefan Berger <stefanb@linux.ibm.com>
+Date: Thu, 21 Mar 2024 10:44:33 -0400
+Subject: crypto: ecdsa - Fix module auto-load on add-key
+
+From: Stefan Berger <stefanb@linux.ibm.com>
+
+commit 48e4fd6d54f54d0ceab5a952d73e47a9454a6ccb upstream.
+
+Add module alias with the algorithm cra_name similar to what we have for
+RSA-related and other algorithms.
+
+The kernel attempts to modprobe asymmetric algorithms using the names
+"crypto-$cra_name" and "crypto-$cra_name-all." However, since these
+aliases are currently missing, the modules are not loaded. For instance,
+when using the `add_key` function, the hash algorithm is typically
+loaded automatically, but the asymmetric algorithm is not.
+
+Steps to test:
+
+1. Create certificate
+
+ openssl req -x509 -sha256 -newkey ec \
+ -pkeyopt "ec_paramgen_curve:secp384r1" -keyout key.pem -days 365 \
+ -subj '/CN=test' -nodes -outform der -out nist-p384.der
+
+2. Optionally, trace module requests with: trace-cmd stream -e module &
+
+3. Trigger add_key call for the cert:
+
+ # keyctl padd asymmetric "" @u < nist-p384.der
+ 641069229
+ # lsmod | head -2
+ Module Size Used by
+ ecdsa_generic 16384 0
+
+Fixes: c12d448ba939 ("crypto: ecdsa - Register NIST P384 and extend test suite")
+Cc: stable@vger.kernel.org
+Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
+Reviewed-by: Vitaly Chikunov <vt@altlinux.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ crypto/ecdsa.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/crypto/ecdsa.c
++++ b/crypto/ecdsa.c
+@@ -373,4 +373,7 @@ module_exit(ecdsa_exit);
+ MODULE_LICENSE("GPL");
+ MODULE_AUTHOR("Stefan Berger <stefanb@linux.ibm.com>");
+ MODULE_DESCRIPTION("ECDSA generic algorithm");
++MODULE_ALIAS_CRYPTO("ecdsa-nist-p192");
++MODULE_ALIAS_CRYPTO("ecdsa-nist-p256");
++MODULE_ALIAS_CRYPTO("ecdsa-nist-p384");
+ MODULE_ALIAS_CRYPTO("ecdsa-generic");
--- /dev/null
+From eb5739a1efbc9ff216271aeea0ebe1c92e5383e5 Mon Sep 17 00:00:00 2001
+From: Vitaly Chikunov <vt@altlinux.org>
+Date: Mon, 18 Mar 2024 03:42:40 +0300
+Subject: crypto: ecrdsa - Fix module auto-load on add_key
+
+From: Vitaly Chikunov <vt@altlinux.org>
+
+commit eb5739a1efbc9ff216271aeea0ebe1c92e5383e5 upstream.
+
+Add module alias with the algorithm cra_name similar to what we have for
+RSA-related and other algorithms.
+
+The kernel attempts to modprobe asymmetric algorithms using the names
+"crypto-$cra_name" and "crypto-$cra_name-all." However, since these
+aliases are currently missing, the modules are not loaded. For instance,
+when using the `add_key` function, the hash algorithm is typically
+loaded automatically, but the asymmetric algorithm is not.
+
+Steps to test:
+
+1. Cert is generated usings ima-evm-utils test suite with
+ `gen-keys.sh`, example cert is provided below:
+
+ $ base64 -d >test-gost2012_512-A.cer <<EOF
+ MIIB/DCCAWagAwIBAgIUK8+whWevr3FFkSdU9GLDAM7ure8wDAYIKoUDBwEBAwMFADARMQ8wDQYD
+ VQQDDAZDQSBLZXkwIBcNMjIwMjAxMjIwOTQxWhgPMjA4MjEyMDUyMjA5NDFaMBExDzANBgNVBAMM
+ BkNBIEtleTCBoDAXBggqhQMHAQEBAjALBgkqhQMHAQIBAgEDgYQABIGALXNrTJGgeErBUOov3Cfo
+ IrHF9fcj8UjzwGeKCkbCcINzVUbdPmCopeJRHDJEvQBX1CQUPtlwDv6ANjTTRoq5nCk9L5PPFP1H
+ z73JIXHT0eRBDVoWy0cWDRz1mmQlCnN2HThMtEloaQI81nTlKZOcEYDtDpi5WODmjEeRNQJMdqCj
+ UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFCwfOITMbE9VisW1i2TYeu1tAo5QMB8GA1UdIwQY
+ MBaAFCwfOITMbE9VisW1i2TYeu1tAo5QMAwGCCqFAwcBAQMDBQADgYEAmBfJCMTdC0/NSjz4BBiQ
+ qDIEjomO7FEHYlkX5NGulcF8FaJW2jeyyXXtbpnub1IQ8af1KFIpwoS2e93LaaofxpWlpQLlju6m
+ KYLOcO4xK3Whwa2hBAz9YbpUSFjvxnkS2/jpH2MsOSXuUEeCruG/RkHHB3ACef9umG6HCNQuAPY=
+ EOF
+
+2. Optionally, trace module requests with: trace-cmd stream -e module &
+
+3. Trigger add_key call for the cert:
+
+ # keyctl padd asymmetric "" @u <test-gost2012_512-A.cer
+ 939910969
+ # lsmod | head -3
+ Module Size Used by
+ ecrdsa_generic 16384 0
+ streebog_generic 28672 0
+
+Repored-by: Paul Wolneykien <manowar@altlinux.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
+Tested-by: Stefan Berger <stefanb@linux.ibm.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ crypto/ecrdsa.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/crypto/ecrdsa.c
++++ b/crypto/ecrdsa.c
+@@ -294,4 +294,5 @@ module_exit(ecrdsa_mod_fini);
+ MODULE_LICENSE("GPL");
+ MODULE_AUTHOR("Vitaly Chikunov <vt@altlinux.org>");
+ MODULE_DESCRIPTION("EC-RDSA generic algorithm");
++MODULE_ALIAS_CRYPTO("ecrdsa");
+ MODULE_ALIAS_CRYPTO("ecrdsa-generic");
--- /dev/null
+From d3b17c6d9dddc2db3670bc9be628b122416a3d26 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Wed, 8 May 2024 16:39:51 +0800
+Subject: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit d3b17c6d9dddc2db3670bc9be628b122416a3d26 upstream.
+
+Using completion_done to determine whether the caller has gone
+away only works after a complete call. Furthermore it's still
+possible that the caller has not yet called wait_for_completion,
+resulting in another potential UAF.
+
+Fix this by making the caller use cancel_work_sync and then freeing
+the memory safely.
+
+Fixes: 7d42e097607c ("crypto: qat - resolve race condition during AER recovery")
+Cc: <stable@vger.kernel.org> #6.8+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/crypto/qat/qat_common/adf_aer.c | 19 +++++--------------
+ 1 file changed, 5 insertions(+), 14 deletions(-)
+
+--- a/drivers/crypto/qat/qat_common/adf_aer.c
++++ b/drivers/crypto/qat/qat_common/adf_aer.c
+@@ -95,8 +95,7 @@ static void adf_device_reset_worker(stru
+ if (adf_dev_init(accel_dev) || adf_dev_start(accel_dev)) {
+ /* The device hanged and we can't restart it so stop here */
+ dev_err(&GET_DEV(accel_dev), "Restart device failed\n");
+- if (reset_data->mode == ADF_DEV_RESET_ASYNC ||
+- completion_done(&reset_data->compl))
++ if (reset_data->mode == ADF_DEV_RESET_ASYNC)
+ kfree(reset_data);
+ WARN(1, "QAT: device restart failed. Device is unusable\n");
+ return;
+@@ -104,16 +103,8 @@ static void adf_device_reset_worker(stru
+ adf_dev_restarted_notify(accel_dev);
+ clear_bit(ADF_STATUS_RESTARTING, &accel_dev->status);
+
+- /*
+- * The dev is back alive. Notify the caller if in sync mode
+- *
+- * If device restart will take a more time than expected,
+- * the schedule_reset() function can timeout and exit. This can be
+- * detected by calling the completion_done() function. In this case
+- * the reset_data structure needs to be freed here.
+- */
+- if (reset_data->mode == ADF_DEV_RESET_ASYNC ||
+- completion_done(&reset_data->compl))
++ /* The dev is back alive. Notify the caller if in sync mode */
++ if (reset_data->mode == ADF_DEV_RESET_ASYNC)
+ kfree(reset_data);
+ else
+ complete(&reset_data->compl);
+@@ -148,10 +139,10 @@ static int adf_dev_aer_schedule_reset(st
+ if (!timeout) {
+ dev_err(&GET_DEV(accel_dev),
+ "Reset device timeout expired\n");
++ cancel_work_sync(&reset_data->reset_work);
+ ret = -EFAULT;
+- } else {
+- kfree(reset_data);
+ }
++ kfree(reset_data);
+ return ret;
+ }
+ return 0;
--- /dev/null
+From dfe6d190f38fc5df5ff2614b463a5195a399c885 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <maz@kernel.org>
+Date: Fri, 24 May 2024 15:19:55 +0100
+Subject: KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
+
+From: Marc Zyngier <maz@kernel.org>
+
+commit dfe6d190f38fc5df5ff2614b463a5195a399c885 upstream.
+
+It appears that we don't allow a vcpu to be restored in AArch32
+System mode, as we *never* included it in the list of valid modes.
+
+Just add it to the list of allowed modes.
+
+Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu")
+Cc: stable@vger.kernel.org
+Acked-by: Oliver Upton <oliver.upton@linux.dev>
+Link: https://lore.kernel.org/r/20240524141956.1450304-3-maz@kernel.org
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/kvm/guest.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/arm64/kvm/guest.c
++++ b/arch/arm64/kvm/guest.c
+@@ -250,6 +250,7 @@ static int set_core_reg(struct kvm_vcpu
+ case PSR_AA32_MODE_SVC:
+ case PSR_AA32_MODE_ABT:
+ case PSR_AA32_MODE_UND:
++ case PSR_AA32_MODE_SYS:
+ if (!vcpu_el1_is_32bit(vcpu))
+ return -EINVAL;
+ break;
--- /dev/null
+From 947051e361d551e0590777080ffc4926190f62f2 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <maz@kernel.org>
+Date: Fri, 24 May 2024 15:19:54 +0100
+Subject: KVM: arm64: Fix AArch32 register narrowing on userspace write
+
+From: Marc Zyngier <maz@kernel.org>
+
+commit 947051e361d551e0590777080ffc4926190f62f2 upstream.
+
+When userspace writes to one of the core registers, we make
+sure to narrow the corresponding GPRs if PSTATE indicates
+an AArch32 context.
+
+The code tries to check whether the context is EL0 or EL1 so
+that it narrows the correct registers. But it does so by checking
+the full PSTATE instead of PSTATE.M.
+
+As a consequence, and if we are restoring an AArch32 EL0 context
+in a 64bit guest, and that PSTATE has *any* bit set outside of
+PSTATE.M, we narrow *all* registers instead of only the first 15,
+destroying the 64bit state.
+
+Obviously, this is not something the guest is likely to enjoy.
+
+Correctly masking PSTATE to only evaluate PSTATE.M fixes it.
+
+Fixes: 90c1f934ed71 ("KVM: arm64: Get rid of the AArch32 register mapping code")
+Reported-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com>
+Cc: stable@vger.kernel.org
+Reviewed-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com>
+Acked-by: Oliver Upton <oliver.upton@linux.dev>
+Link: https://lore.kernel.org/r/20240524141956.1450304-2-maz@kernel.org
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/kvm/guest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm64/kvm/guest.c
++++ b/arch/arm64/kvm/guest.c
+@@ -270,7 +270,7 @@ static int set_core_reg(struct kvm_vcpu
+ if (*vcpu_cpsr(vcpu) & PSR_MODE32_BIT) {
+ int i, nr_reg;
+
+- switch (*vcpu_cpsr(vcpu)) {
++ switch (*vcpu_cpsr(vcpu) & PSR_AA32_MODE_MASK) {
+ /*
+ * Either we are dealing with user mode, and only the
+ * first 15 registers (+ PC) must be narrowed to 32bit.
mmc-sdhci-acpi-disable-write-protect-detection-on-toshiba-wt10-a.patch
fbdev-savage-handle-err-return-when-savagefb_check_var-failed.patch
drm-amdgpu-atomfirmware-add-intergrated-info-v2.3-table.patch
+kvm-arm64-fix-aarch32-register-narrowing-on-userspace-write.patch
+kvm-arm64-allow-aarch32-pstate.m-to-be-restored-as-system-mode.patch
+crypto-ecdsa-fix-module-auto-load-on-add-key.patch
+crypto-ecrdsa-fix-module-auto-load-on-add_key.patch
+crypto-qat-fix-adf_dev_reset_sync-memory-leak.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
