From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 8 Dec 2013 19:48:09 +0000 (-0800)
Subject: 3.4-stable patches
X-Git-Tag: v3.4.74~37
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fcb7a62b07f6d98ebf16a1001ae24b099bc9b3ca;p=thirdparty%2Fkernel%2Fstable-queue.git

3.4-stable patches

added patches:
	crypto-authenc-find-proper-iv-address-in-ablkcipher-callback.patch
	crypto-ccm-fix-handling-of-zero-plaintext-when-computing-mac.patch
	crypto-scatterwalk-set-the-chain-pointer-indication-bit.patch
---

diff --git a/queue-3.4/crypto-authenc-find-proper-iv-address-in-ablkcipher-callback.patch b/queue-3.4/crypto-authenc-find-proper-iv-address-in-ablkcipher-callback.patch
new file mode 100644
index 00000000000..609de830ba1
--- /dev/null
+++ b/queue-3.4/crypto-authenc-find-proper-iv-address-in-ablkcipher-callback.patch
@@ -0,0 +1,41 @@
+From fc019c7122dfcd69c50142b57a735539aec5da95 Mon Sep 17 00:00:00 2001
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Tue, 12 Nov 2013 11:46:04 -0600
+Subject: crypto: authenc - Find proper IV address in ablkcipher callback
+
+From: Tom Lendacky <thomas.lendacky@amd.com>
+
+commit fc019c7122dfcd69c50142b57a735539aec5da95 upstream.
+
+When performing an asynchronous ablkcipher operation the authenc
+completion callback routine is invoked, but it does not locate and use
+the proper IV.
+
+The callback routine, crypto_authenc_encrypt_done, is updated to use
+the same method of calculating the address of the IV as is done in
+crypto_authenc_encrypt function which sets up the callback.
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/authenc.c |    7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/crypto/authenc.c
++++ b/crypto/authenc.c
+@@ -368,9 +368,10 @@ static void crypto_authenc_encrypt_done(
+ 	if (!err) {
+ 		struct crypto_aead *authenc = crypto_aead_reqtfm(areq);
+ 		struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
+-		struct ablkcipher_request *abreq = aead_request_ctx(areq);
+-		u8 *iv = (u8 *)(abreq + 1) +
+-			 crypto_ablkcipher_reqsize(ctx->enc);
++		struct authenc_request_ctx *areq_ctx = aead_request_ctx(areq);
++		struct ablkcipher_request *abreq = (void *)(areq_ctx->tail
++							    + ctx->reqoff);
++		u8 *iv = (u8 *)abreq - crypto_ablkcipher_ivsize(ctx->enc);
+ 
+ 		err = crypto_authenc_genicv(areq, iv, 0);
+ 	}
diff --git a/queue-3.4/crypto-ccm-fix-handling-of-zero-plaintext-when-computing-mac.patch b/queue-3.4/crypto-ccm-fix-handling-of-zero-plaintext-when-computing-mac.patch
new file mode 100644
index 00000000000..2a58ee50879
--- /dev/null
+++ b/queue-3.4/crypto-ccm-fix-handling-of-zero-plaintext-when-computing-mac.patch
@@ -0,0 +1,72 @@
+From 5638cabf3e4883f38dfb246c30980cebf694fbda Mon Sep 17 00:00:00 2001
+From: Horia Geanta <horia.geanta@freescale.com>
+Date: Thu, 28 Nov 2013 15:11:15 +0200
+Subject: crypto: ccm - Fix handling of zero plaintext when computing mac
+
+From: Horia Geanta <horia.geanta@freescale.com>
+
+commit 5638cabf3e4883f38dfb246c30980cebf694fbda upstream.
+
+There are cases when cryptlen can be zero in crypto_ccm_auth():
+-encryptiom: input scatterlist length is zero (no plaintext)
+-decryption: input scatterlist contains only the mac
+plus the condition of having different source and destination buffers
+(or else scatterlist length = max(plaintext_len, ciphertext_len)).
+
+These are not handled correctly, leading to crashes like:
+
+root@p4080ds:~/crypto# insmod tcrypt.ko mode=45
+------------[ cut here ]------------
+kernel BUG at crypto/scatterwalk.c:37!
+Oops: Exception in kernel mode, sig: 5 [#1]
+SMP NR_CPUS=8 P4080 DS
+Modules linked in: tcrypt(+) crc32c xts xcbc vmac pcbc ecb gcm ghash_generic gf128mul ccm ctr seqiv
+CPU: 3 PID: 1082 Comm: cryptomgr_test Not tainted 3.11.0 #14
+task: ee12c5b0 ti: eecd0000 task.ti: eecd0000
+NIP: c0204d98 LR: f9225848 CTR: c0204d80
+REGS: eecd1b70 TRAP: 0700   Not tainted  (3.11.0)
+MSR: 00029002 <CE,EE,ME>  CR: 22044022  XER: 20000000
+
+GPR00: f9225c94 eecd1c20 ee12c5b0 eecd1c28 ee879400 ee879400 00000000 ee607464
+GPR08: 00000001 00000001 00000000 006b0000 c0204d80 00000000 00000002 c0698e20
+GPR16: ee987000 ee895000 fffffff4 ee879500 00000100 eecd1d58 00000001 00000000
+GPR24: ee879400 00000020 00000000 00000000 ee5b2800 ee607430 00000004 ee607460
+NIP [c0204d98] scatterwalk_start+0x18/0x30
+LR [f9225848] get_data_to_compute+0x28/0x2f0 [ccm]
+Call Trace:
+[eecd1c20] [f9225974] get_data_to_compute+0x154/0x2f0 [ccm] (unreliable)
+[eecd1c70] [f9225c94] crypto_ccm_auth+0x184/0x1d0 [ccm]
+[eecd1cb0] [f9225d40] crypto_ccm_encrypt+0x60/0x2d0 [ccm]
+[eecd1cf0] [c020d77c] __test_aead+0x3ec/0xe20
+[eecd1e20] [c020f35c] test_aead+0x6c/0xe0
+[eecd1e40] [c020f420] alg_test_aead+0x50/0xd0
+[eecd1e60] [c020e5e4] alg_test+0x114/0x2e0
+[eecd1ee0] [c020bd1c] cryptomgr_test+0x4c/0x60
+[eecd1ef0] [c0047058] kthread+0xa8/0xb0
+[eecd1f40] [c000eb0c] ret_from_kernel_thread+0x5c/0x64
+Instruction dump:
+0f080000 81290024 552807fe 0f080000 5529003a 4bffffb4 90830000 39400000
+39000001 8124000c 2f890000 7d28579e <0f090000> 81240008 91230004 4e800020
+---[ end trace 6d652dfcd1be37bd ]---
+
+Cc: Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
+Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/ccm.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/crypto/ccm.c
++++ b/crypto/ccm.c
+@@ -271,7 +271,8 @@ static int crypto_ccm_auth(struct aead_r
+ 	}
+ 
+ 	/* compute plaintext into mac */
+-	get_data_to_compute(cipher, pctx, plain, cryptlen);
++	if (cryptlen)
++		get_data_to_compute(cipher, pctx, plain, cryptlen);
+ 
+ out:
+ 	return err;
diff --git a/queue-3.4/crypto-scatterwalk-set-the-chain-pointer-indication-bit.patch b/queue-3.4/crypto-scatterwalk-set-the-chain-pointer-indication-bit.patch
new file mode 100644
index 00000000000..c13ef21aa29
--- /dev/null
+++ b/queue-3.4/crypto-scatterwalk-set-the-chain-pointer-indication-bit.patch
@@ -0,0 +1,36 @@
+From 41da8b5adba77e22584f8b45f9641504fa885308 Mon Sep 17 00:00:00 2001
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Tue, 12 Nov 2013 11:46:10 -0600
+Subject: crypto: scatterwalk - Set the chain pointer indication bit
+
+From: Tom Lendacky <thomas.lendacky@amd.com>
+
+commit 41da8b5adba77e22584f8b45f9641504fa885308 upstream.
+
+The scatterwalk_crypto_chain function invokes the scatterwalk_sg_chain
+function to chain two scatterlists, but the chain pointer indication
+bit is not set.  When the resulting scatterlist is used, for example,
+by sg_nents to count the number of scatterlist entries, a segfault occurs
+because sg_nents does not follow the chain pointer to the chained scatterlist.
+
+Update scatterwalk_sg_chain to set the chain pointer indication bit as is
+done by the sg_chain function.
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/crypto/scatterwalk.h |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/include/crypto/scatterwalk.h
++++ b/include/crypto/scatterwalk.h
+@@ -36,6 +36,7 @@ static inline void scatterwalk_sg_chain(
+ {
+ 	sg_set_page(&sg1[num - 1], (void *)sg2, 0, 0);
+ 	sg1[num - 1].page_link &= ~0x02;
++	sg1[num - 1].page_link |= 0x01;
+ }
+ 
+ static inline struct scatterlist *scatterwalk_sg_next(struct scatterlist *sg)
diff --git a/queue-3.4/series b/queue-3.4/series
new file mode 100644
index 00000000000..7d57e62c801
--- /dev/null
+++ b/queue-3.4/series
@@ -0,0 +1,3 @@
+crypto-scatterwalk-set-the-chain-pointer-indication-bit.patch
+crypto-ccm-fix-handling-of-zero-plaintext-when-computing-mac.patch
+crypto-authenc-find-proper-iv-address-in-ablkcipher-callback.patch