From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 25 Mar 2024 08:23:01 +0000 (+0100)
Subject: 4.19-stable patches
X-Git-Tag: v6.8.2~31
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=74f2681a900949d9b427a2b8d5128c92e6f97b4a;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	crypto-af_alg-fix-regression-on-empty-requests.patch
	crypto-af_alg-work-around-empty-control-messages-without-msg_more.patch
---

diff --git a/queue-4.19/crypto-af_alg-fix-regression-on-empty-requests.patch b/queue-4.19/crypto-af_alg-fix-regression-on-empty-requests.patch
new file mode 100644
index 00000000000..3a9e42ec626
--- /dev/null
+++ b/queue-4.19/crypto-af_alg-fix-regression-on-empty-requests.patch
@@ -0,0 +1,43 @@
+From 662bb52f50bca16a74fe92b487a14d7dccb85e1a Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Thu, 2 Jul 2020 13:32:21 +1000
+Subject: crypto: af_alg - Fix regression on empty requests
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit 662bb52f50bca16a74fe92b487a14d7dccb85e1a upstream.
+
+Some user-space programs rely on crypto requests that have no
+control metadata.  This broke when a check was added to require
+the presence of control metadata with the ctx->init flag.
+
+This patch fixes the regression by setting ctx->init as long as
+one sendmsg(2) has been made, with or without a control message.
+
+Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com>
+Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
+Fixes: f3c802a1f300 ("crypto: algif_aead - Only wake up when...")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ crypto/af_alg.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/crypto/af_alg.c
++++ b/crypto/af_alg.c
+@@ -864,6 +864,7 @@ int af_alg_sendmsg(struct socket *sock,
+ 		err = -EINVAL;
+ 		goto unlock;
+ 	}
++	ctx->init = true;
+ 
+ 	if (init) {
+ 		ctx->enc = enc;
+@@ -871,7 +872,6 @@ int af_alg_sendmsg(struct socket *sock,
+ 			memcpy(ctx->iv, con.iv->iv, ivsize);
+ 
+ 		ctx->aead_assoclen = con.aead_assoclen;
+-		ctx->init = true;
+ 	}
+ 
+ 	while (size) {
diff --git a/queue-4.19/crypto-af_alg-work-around-empty-control-messages-without-msg_more.patch b/queue-4.19/crypto-af_alg-work-around-empty-control-messages-without-msg_more.patch
new file mode 100644
index 00000000000..f78ac11a1b3
--- /dev/null
+++ b/queue-4.19/crypto-af_alg-work-around-empty-control-messages-without-msg_more.patch
@@ -0,0 +1,63 @@
+From c195d66a8a75c60515819b101975f38b7ec6577f Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Thu, 27 Aug 2020 17:14:36 +1000
+Subject: crypto: af_alg - Work around empty control messages without MSG_MORE
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit c195d66a8a75c60515819b101975f38b7ec6577f upstream.
+
+The iwd daemon uses libell which sets up the skcipher operation with
+two separate control messages.  As the first control message is sent
+without MSG_MORE, it is interpreted as an empty request.
+
+While libell should be fixed to use MSG_MORE where appropriate, this
+patch works around the bug in the kernel so that existing binaries
+continue to work.
+
+We will print a warning however.
+
+A separate issue is that the new kernel code no longer allows the
+control message to be sent twice within the same request.  This
+restriction is obviously incompatible with what iwd was doing (first
+setting an IV and then sending the real control message).  This
+patch changes the kernel so that this is explicitly allowed.
+
+Reported-by: Caleb Jorden <caljorden@hotmail.com>
+Fixes: f3c802a1f300 ("crypto: algif_aead - Only wake up when...")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ crypto/af_alg.c |   13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+--- a/crypto/af_alg.c
++++ b/crypto/af_alg.c
+@@ -21,6 +21,7 @@
+ #include <linux/module.h>
+ #include <linux/net.h>
+ #include <linux/rwsem.h>
++#include <linux/sched.h>
+ #include <linux/sched/signal.h>
+ #include <linux/security.h>
+ 
+@@ -860,9 +861,15 @@ int af_alg_sendmsg(struct socket *sock,
+ 	}
+ 
+ 	lock_sock(sk);
+-	if (ctx->init && (init || !ctx->more)) {
+-		err = -EINVAL;
+-		goto unlock;
++	if (ctx->init && !ctx->more) {
++		if (ctx->used) {
++			err = -EINVAL;
++			goto unlock;
++		}
++
++		pr_info_once(
++			"%s sent an empty control message without MSG_MORE.\n",
++			current->comm);
+ 	}
+ 	ctx->init = true;
+ 
diff --git a/queue-4.19/series b/queue-4.19/series
index c5e9b55b1cb..229fba9bb6c 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -145,3 +145,5 @@ rds-introduce-acquire-release-ordering-in-acquire-re.patch
 hsr-handle-failures-in-module-init.patch
 net-bnx2x-prevent-access-to-a-freed-page-in-page_poo.patch
 spi-spi-mt65xx-fix-null-pointer-access-in-interrupt-.patch
+crypto-af_alg-fix-regression-on-empty-requests.patch
+crypto-af_alg-work-around-empty-control-messages-without-msg_more.patch