From: Greg Kroah-Hartman Date: Sun, 21 Sep 2025 13:24:04 +0000 (+0200) Subject: drop crypto patch from queues that it is broken for X-Git-Tag: v6.1.154~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5723e2e491c2254698b077dee0909a2927929bbb;p=thirdparty%2Fkernel%2Fstable-queue.git drop crypto patch from queues that it is broken for --- diff --git a/queue-5.15/crypto-af_alg-disallow-concurrent-writes-in-af_alg_s.patch b/queue-5.15/crypto-af_alg-disallow-concurrent-writes-in-af_alg_s.patch deleted file mode 100644 index 36ca2cdd8f..0000000000 --- a/queue-5.15/crypto-af_alg-disallow-concurrent-writes-in-af_alg_s.patch +++ /dev/null @@ -1,83 +0,0 @@ -From edd879d8cc795165f726a5c776ee2d5c8dc1dbce Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Tue, 16 Sep 2025 17:20:59 +0800 -Subject: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg - -From: Herbert Xu - -[ Upstream commit 1b34cbbf4f011a121ef7b2d7d6e6920a036d5285 ] - -Issuing two writes to the same af_alg socket is bogus as the -data will be interleaved in an unpredictable fashion. Furthermore, -concurrent writes may create inconsistencies in the internal -socket state. - -Disallow this by adding a new ctx->write field that indiciates -exclusive ownership for writing. - -Fixes: 8ff590903d5 ("crypto: algif_skcipher - User-space interface for skcipher operations") -Reported-by: Muhammad Alifa Ramdhan -Reported-by: Bing-Jhong Billy Jheng -Signed-off-by: Herbert Xu -Signed-off-by: Sasha Levin ---- - crypto/af_alg.c | 7 +++++++ - include/crypto/if_alg.h | 10 ++++++---- - 2 files changed, 13 insertions(+), 4 deletions(-) - -diff --git a/crypto/af_alg.c b/crypto/af_alg.c -index aa93501e27b95..24c273f53e90a 100644 ---- a/crypto/af_alg.c -+++ b/crypto/af_alg.c -@@ -862,6 +862,12 @@ int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, - } - - lock_sock(sk); -+ if (ctx->write) { -+ release_sock(sk); -+ return -EBUSY; -+ } -+ ctx->write = true; -+ - if (ctx->init && !ctx->more) { - if (ctx->used) { - err = -EINVAL; -@@ -969,6 +975,7 @@ int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, - - unlock: - af_alg_data_wakeup(sk); -+ ctx->write = false; - release_sock(sk); - - return copied ?: err; -diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h -index a406e281ae571..1424200fe88cf 100644 ---- a/include/crypto/if_alg.h -+++ b/include/crypto/if_alg.h -@@ -136,6 +136,7 @@ struct af_alg_async_req { - * SG? - * @enc: Cryptographic operation to be performed when - * recvmsg is invoked. -+ * @write: True if we are in the middle of a write. - * @init: True if metadata has been sent. - * @len: Length of memory allocated for this data structure. - * @inflight: Non-zero when AIO requests are in flight. -@@ -151,10 +152,11 @@ struct af_alg_ctx { - size_t used; - atomic_t rcvused; - -- bool more; -- bool merge; -- bool enc; -- bool init; -+ u32 more:1, -+ merge:1, -+ enc:1, -+ write:1, -+ init:1; - - unsigned int len; - --- -2.51.0 - diff --git a/queue-5.15/series b/queue-5.15/series index eee79d14b5..d1a447f4c9 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -87,4 +87,3 @@ asoc-wm8974-correct-pll-rate-rounding.patch asoc-sof-intel-hda-stream-fix-incorrect-variable-use.patch drm-bridge-anx7625-fix-null-pointer-dereference-with.patch drm-bridge-cdns-mhdp8546-fix-missing-mutex-unlock-on.patch -crypto-af_alg-disallow-concurrent-writes-in-af_alg_s.patch diff --git a/queue-5.4/crypto-af_alg-disallow-concurrent-writes-in-af_alg_s.patch b/queue-5.4/crypto-af_alg-disallow-concurrent-writes-in-af_alg_s.patch deleted file mode 100644 index 67d4707658..0000000000 --- a/queue-5.4/crypto-af_alg-disallow-concurrent-writes-in-af_alg_s.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 7297cc29c3021dc031ea70bfdc30f56227263f99 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Tue, 16 Sep 2025 17:20:59 +0800 -Subject: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg - -From: Herbert Xu - -[ Upstream commit 1b34cbbf4f011a121ef7b2d7d6e6920a036d5285 ] - -Issuing two writes to the same af_alg socket is bogus as the -data will be interleaved in an unpredictable fashion. Furthermore, -concurrent writes may create inconsistencies in the internal -socket state. - -Disallow this by adding a new ctx->write field that indiciates -exclusive ownership for writing. - -Fixes: 8ff590903d5 ("crypto: algif_skcipher - User-space interface for skcipher operations") -Reported-by: Muhammad Alifa Ramdhan -Reported-by: Bing-Jhong Billy Jheng -Signed-off-by: Herbert Xu -Signed-off-by: Sasha Levin ---- - crypto/af_alg.c | 7 +++++++ - include/crypto/if_alg.h | 10 ++++++---- - 2 files changed, 13 insertions(+), 4 deletions(-) - -diff --git a/crypto/af_alg.c b/crypto/af_alg.c -index bc96a4b21bec5..66f0d829f46f8 100644 ---- a/crypto/af_alg.c -+++ b/crypto/af_alg.c -@@ -852,6 +852,12 @@ int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, - } - - lock_sock(sk); -+ if (ctx->write) { -+ release_sock(sk); -+ return -EBUSY; -+ } -+ ctx->write = true; -+ - if (ctx->init && !ctx->more) { - if (ctx->used) { - err = -EINVAL; -@@ -959,6 +965,7 @@ int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, - - unlock: - af_alg_data_wakeup(sk); -+ ctx->write = false; - release_sock(sk); - - return copied ?: err; -diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h -index f4ff7ae0128a2..5a5ec21fe147b 100644 ---- a/include/crypto/if_alg.h -+++ b/include/crypto/if_alg.h -@@ -135,6 +135,7 @@ struct af_alg_async_req { - * SG? - * @enc: Cryptographic operation to be performed when - * recvmsg is invoked. -+ * @write: True if we are in the middle of a write. - * @init: True if metadata has been sent. - * @len: Length of memory allocated for this data structure. - * @inflight: Non-zero when AIO requests are in flight. -@@ -150,10 +151,11 @@ struct af_alg_ctx { - size_t used; - atomic_t rcvused; - -- bool more; -- bool merge; -- bool enc; -- bool init; -+ u32 more:1, -+ merge:1, -+ enc:1, -+ write:1, -+ init:1; - - unsigned int len; - --- -2.51.0 - diff --git a/queue-5.4/series b/queue-5.4/series index 413bcfffbc..33f8c31f90 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -46,4 +46,3 @@ rds-ib-increment-i_fastreg_wrs-before-bailing-out.patch asoc-wm8940-correct-typo-in-control-name.patch asoc-wm8974-correct-pll-rate-rounding.patch asoc-sof-intel-hda-stream-fix-incorrect-variable-use.patch -crypto-af_alg-disallow-concurrent-writes-in-af_alg_s.patch diff --git a/queue-6.1/crypto-af_alg-disallow-concurrent-writes-in-af_alg_s.patch b/queue-6.1/crypto-af_alg-disallow-concurrent-writes-in-af_alg_s.patch deleted file mode 100644 index b09c4596f7..0000000000 --- a/queue-6.1/crypto-af_alg-disallow-concurrent-writes-in-af_alg_s.patch +++ /dev/null @@ -1,83 +0,0 @@ -From a5206cb3b3e7407a342f33266e71dffd8ad7f13f Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Tue, 16 Sep 2025 17:20:59 +0800 -Subject: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg - -From: Herbert Xu - -[ Upstream commit 1b34cbbf4f011a121ef7b2d7d6e6920a036d5285 ] - -Issuing two writes to the same af_alg socket is bogus as the -data will be interleaved in an unpredictable fashion. Furthermore, -concurrent writes may create inconsistencies in the internal -socket state. - -Disallow this by adding a new ctx->write field that indiciates -exclusive ownership for writing. - -Fixes: 8ff590903d5 ("crypto: algif_skcipher - User-space interface for skcipher operations") -Reported-by: Muhammad Alifa Ramdhan -Reported-by: Bing-Jhong Billy Jheng -Signed-off-by: Herbert Xu -Signed-off-by: Sasha Levin ---- - crypto/af_alg.c | 7 +++++++ - include/crypto/if_alg.h | 10 ++++++---- - 2 files changed, 13 insertions(+), 4 deletions(-) - -diff --git a/crypto/af_alg.c b/crypto/af_alg.c -index aca9d72553e8f..316771eb17e27 100644 ---- a/crypto/af_alg.c -+++ b/crypto/af_alg.c -@@ -859,6 +859,12 @@ int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, - } - - lock_sock(sk); -+ if (ctx->write) { -+ release_sock(sk); -+ return -EBUSY; -+ } -+ ctx->write = true; -+ - if (ctx->init && !ctx->more) { - if (ctx->used) { - err = -EINVAL; -@@ -974,6 +980,7 @@ int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, - - unlock: - af_alg_data_wakeup(sk); -+ ctx->write = false; - release_sock(sk); - - return copied ?: err; -diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h -index a406e281ae571..1424200fe88cf 100644 ---- a/include/crypto/if_alg.h -+++ b/include/crypto/if_alg.h -@@ -136,6 +136,7 @@ struct af_alg_async_req { - * SG? - * @enc: Cryptographic operation to be performed when - * recvmsg is invoked. -+ * @write: True if we are in the middle of a write. - * @init: True if metadata has been sent. - * @len: Length of memory allocated for this data structure. - * @inflight: Non-zero when AIO requests are in flight. -@@ -151,10 +152,11 @@ struct af_alg_ctx { - size_t used; - atomic_t rcvused; - -- bool more; -- bool merge; -- bool enc; -- bool init; -+ u32 more:1, -+ merge:1, -+ enc:1, -+ write:1, -+ init:1; - - unsigned int len; - --- -2.51.0 - diff --git a/queue-6.1/series b/queue-6.1/series index 0302d5c9c8..31022c270b 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -42,5 +42,4 @@ drm-bridge-anx7625-fix-null-pointer-dereference-with.patch drm-bridge-cdns-mhdp8546-fix-missing-mutex-unlock-on.patch crypto-af_alg-indent-the-loop-in-af_alg_sendmsg.patch crypto-af_alg-set-merge-to-zero-early-in-af_alg_send.patch -crypto-af_alg-disallow-concurrent-writes-in-af_alg_s.patch smb-client-fix-smbdirect_recv_io-leak-in-smbd_negoti.patch