From 4f141a0d459cbfe83a4bcc034e1661b2ef4010c4 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sun, 14 Feb 2016 14:18:11 -0800 Subject: [PATCH] 3.10-stable patches added patches: crypto-algif_hash-wait-for-crypto_ahash_init-to-complete.patch crypto-user-lock-crypto_alg_list-on-alg-dump.patch evm-use-crypto_memneq-for-digest-comparisons.patch fs-cache-increase-reference-of-parent-after-registering-netfs-success.patch --- ...it-for-crypto_ahash_init-to-complete.patch | 40 ++++++++ ...ser-lock-crypto_alg_list-on-alg-dump.patch | 99 +++++++++++++++++++ ...crypto_memneq-for-digest-comparisons.patch | 44 +++++++++ ...rent-after-registering-netfs-success.patch | 59 +++++++++++ queue-3.10/series | 4 + 5 files changed, 246 insertions(+) create mode 100644 queue-3.10/crypto-algif_hash-wait-for-crypto_ahash_init-to-complete.patch create mode 100644 queue-3.10/crypto-user-lock-crypto_alg_list-on-alg-dump.patch create mode 100644 queue-3.10/evm-use-crypto_memneq-for-digest-comparisons.patch create mode 100644 queue-3.10/fs-cache-increase-reference-of-parent-after-registering-netfs-success.patch diff --git a/queue-3.10/crypto-algif_hash-wait-for-crypto_ahash_init-to-complete.patch b/queue-3.10/crypto-algif_hash-wait-for-crypto_ahash_init-to-complete.patch new file mode 100644 index 00000000000..8b79bf56df0 --- /dev/null +++ b/queue-3.10/crypto-algif_hash-wait-for-crypto_ahash_init-to-complete.patch @@ -0,0 +1,40 @@ +From fe09786178f9df713a4b2dd6b93c0a722346bf5e Mon Sep 17 00:00:00 2001 +From: "Wang, Rui Y" +Date: Wed, 27 Jan 2016 17:08:37 +0800 +Subject: crypto: algif_hash - wait for crypto_ahash_init() to complete + +From: Wang, Rui Y + +commit fe09786178f9df713a4b2dd6b93c0a722346bf5e upstream. + +hash_sendmsg/sendpage() need to wait for the completion +of crypto_ahash_init() otherwise it can cause panic. + +Signed-off-by: Rui Wang +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/algif_hash.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/crypto/algif_hash.c ++++ b/crypto/algif_hash.c +@@ -51,7 +51,8 @@ static int hash_sendmsg(struct kiocb *un + + lock_sock(sk); + if (!ctx->more) { +- err = crypto_ahash_init(&ctx->req); ++ err = af_alg_wait_for_completion(crypto_ahash_init(&ctx->req), ++ &ctx->completion); + if (err) + goto unlock; + } +@@ -131,6 +132,7 @@ static ssize_t hash_sendpage(struct sock + } else { + if (!ctx->more) { + err = crypto_ahash_init(&ctx->req); ++ err = af_alg_wait_for_completion(err, &ctx->completion); + if (err) + goto unlock; + } diff --git a/queue-3.10/crypto-user-lock-crypto_alg_list-on-alg-dump.patch b/queue-3.10/crypto-user-lock-crypto_alg_list-on-alg-dump.patch new file mode 100644 index 00000000000..edc8cc57b0f --- /dev/null +++ b/queue-3.10/crypto-user-lock-crypto_alg_list-on-alg-dump.patch @@ -0,0 +1,99 @@ +From 63e41ebc6630f39422d87f8a4bade1e793f37a01 Mon Sep 17 00:00:00 2001 +From: Mathias Krause +Date: Mon, 1 Feb 2016 14:27:30 +0100 +Subject: crypto: user - lock crypto_alg_list on alg dump + +From: Mathias Krause + +commit 63e41ebc6630f39422d87f8a4bade1e793f37a01 upstream. + +We miss to take the crypto_alg_sem semaphore when traversing the +crypto_alg_list for CRYPTO_MSG_GETALG dumps. This allows a race with +crypto_unregister_alg() removing algorithms from the list while we're +still traversing it, thereby leading to a use-after-free as show below: + +[ 3482.071639] general protection fault: 0000 [#1] SMP +[ 3482.075639] Modules linked in: aes_x86_64 glue_helper lrw ablk_helper cryptd gf128mul ipv6 pcspkr serio_raw virtio_net microcode virtio_pci virtio_ring virtio sr_mod cdrom [last unloaded: aesni_intel] +[ 3482.075639] CPU: 1 PID: 11065 Comm: crconf Not tainted 4.3.4-grsec+ #126 +[ 3482.075639] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014 +[ 3482.075639] task: ffff88001cd41a40 ti: ffff88001cd422c8 task.ti: ffff88001cd422c8 +[ 3482.075639] RIP: 0010:[] [] strncpy+0x13/0x30 +[ 3482.075639] RSP: 0018:ffff88001f713b60 EFLAGS: 00010202 +[ 3482.075639] RAX: ffff88001f6c4430 RBX: ffff88001f6c43a0 RCX: ffff88001f6c4430 +[ 3482.075639] RDX: 0000000000000040 RSI: fefefefefefeff16 RDI: ffff88001f6c4430 +[ 3482.075639] RBP: ffff88001f713b60 R08: ffff88001f6c4470 R09: ffff88001f6c4480 +[ 3482.075639] R10: 0000000000000002 R11: 0000000000000246 R12: ffff88001ce2aa28 +[ 3482.075639] R13: ffff880000093700 R14: ffff88001f5e4bf8 R15: 0000000000003b20 +[ 3482.075639] FS: 0000033826fa2700(0000) GS:ffff88001e900000(0000) knlGS:0000000000000000 +[ 3482.075639] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 3482.075639] CR2: ffffffffff600400 CR3: 00000000139ec000 CR4: 00000000001606f0 +[ 3482.075639] Stack: +[ 3482.075639] ffff88001f713bd8 ffffffff936ccd00 ffff88001e5c4200 ffff880000093700 +[ 3482.075639] ffff88001f713bd0 ffffffff938ef4bf 0000000000000000 0000000000003b20 +[ 3482.075639] ffff88001f5e4bf8 ffff88001f5e4848 0000000000000000 0000000000003b20 +[ 3482.075639] Call Trace: +[ 3482.075639] [] crypto_report_alg+0xc0/0x3e0 +[ 3482.075639] [] ? __alloc_skb+0x16f/0x300 +[ 3482.075639] [] crypto_dump_report+0x6a/0x90 +[ 3482.075639] [] netlink_dump+0x147/0x2e0 +[ 3482.075639] [] __netlink_dump_start+0x159/0x190 +[ 3482.075639] [] crypto_user_rcv_msg+0xc3/0x130 +[ 3482.075639] [] ? crypto_report_alg+0x3e0/0x3e0 +[ 3482.075639] [] ? alg_test_crc32c+0x120/0x120 +[ 3482.075639] [] ? __netlink_lookup+0xd5/0x120 +[ 3482.075639] [] ? crypto_add_alg+0x1d0/0x1d0 +[ 3482.075639] [] netlink_rcv_skb+0xe1/0x130 +[ 3482.075639] [] crypto_netlink_rcv+0x28/0x40 +[ 3482.075639] [] netlink_unicast+0x108/0x180 +[ 3482.075639] [] netlink_sendmsg+0x541/0x770 +[ 3482.075639] [] sock_sendmsg+0x21/0x40 +[ 3482.075639] [] SyS_sendto+0xf3/0x130 +[ 3482.075639] [] ? bad_area_nosemaphore+0x13/0x20 +[ 3482.075639] [] ? __do_page_fault+0x80/0x3a0 +[ 3482.075639] [] entry_SYSCALL_64_fastpath+0x12/0x6e +[ 3482.075639] Code: 88 4a ff 75 ed 5d 48 0f ba 2c 24 3f c3 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 85 d2 48 89 f8 48 89 f9 4c 8d 04 17 48 89 e5 74 15 <0f> b6 16 80 fa 01 88 11 48 83 de ff 48 83 c1 01 4c 39 c1 75 eb +[ 3482.075639] RIP [] strncpy+0x13/0x30 + +To trigger the race run the following loops simultaneously for a while: + $ while : ; do modprobe aesni-intel; rmmod aesni-intel; done + $ while : ; do crconf show all > /dev/null; done + +Fix the race by taking the crypto_alg_sem read lock, thereby preventing +crypto_unregister_alg() from modifying the algorithm list during the +dump. + +This bug has been detected by the PaX memory sanitize feature. + +Signed-off-by: Mathias Krause +Cc: Steffen Klassert +Cc: PaX Team +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/crypto_user.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/crypto/crypto_user.c ++++ b/crypto/crypto_user.c +@@ -477,6 +477,7 @@ static int crypto_user_rcv_msg(struct sk + if (link->dump == NULL) + return -EINVAL; + ++ down_read(&crypto_alg_sem); + list_for_each_entry(alg, &crypto_alg_list, cra_list) + dump_alloc += CRYPTO_REPORT_MAXSIZE; + +@@ -486,8 +487,11 @@ static int crypto_user_rcv_msg(struct sk + .done = link->done, + .min_dump_alloc = dump_alloc, + }; +- return netlink_dump_start(crypto_nlsk, skb, nlh, &c); ++ err = netlink_dump_start(crypto_nlsk, skb, nlh, &c); + } ++ up_read(&crypto_alg_sem); ++ ++ return err; + } + + err = nlmsg_parse(nlh, crypto_msg_min[type], attrs, CRYPTOCFGA_MAX, diff --git a/queue-3.10/evm-use-crypto_memneq-for-digest-comparisons.patch b/queue-3.10/evm-use-crypto_memneq-for-digest-comparisons.patch new file mode 100644 index 00000000000..b56305718d3 --- /dev/null +++ b/queue-3.10/evm-use-crypto_memneq-for-digest-comparisons.patch @@ -0,0 +1,44 @@ +From 613317bd212c585c20796c10afe5daaa95d4b0a1 Mon Sep 17 00:00:00 2001 +From: Ryan Ware +Date: Thu, 11 Feb 2016 15:58:44 -0800 +Subject: EVM: Use crypto_memneq() for digest comparisons + +From: Ryan Ware + +commit 613317bd212c585c20796c10afe5daaa95d4b0a1 upstream. + +This patch fixes vulnerability CVE-2016-2085. The problem exists +because the vm_verify_hmac() function includes a use of memcmp(). +Unfortunately, this allows timing side channel attacks; specifically +a MAC forgery complexity drop from 2^128 to 2^12. This patch changes +the memcmp() to the cryptographically safe crypto_memneq(). + +Reported-by: Xiaofei Rex Guo +Signed-off-by: Ryan Ware +Signed-off-by: Mimi Zohar +Signed-off-by: James Morris +Signed-off-by: Greg Kroah-Hartman + +--- + security/integrity/evm/evm_main.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/security/integrity/evm/evm_main.c ++++ b/security/integrity/evm/evm_main.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + #include "evm.h" + + int evm_initialized; +@@ -128,7 +129,7 @@ static enum integrity_status evm_verify_ + xattr_value_len, calc.digest); + if (rc) + break; +- rc = memcmp(xattr_data->digest, calc.digest, ++ rc = crypto_memneq(xattr_data->digest, calc.digest, + sizeof(calc.digest)); + if (rc) + rc = -EINVAL; diff --git a/queue-3.10/fs-cache-increase-reference-of-parent-after-registering-netfs-success.patch b/queue-3.10/fs-cache-increase-reference-of-parent-after-registering-netfs-success.patch new file mode 100644 index 00000000000..034ef38a426 --- /dev/null +++ b/queue-3.10/fs-cache-increase-reference-of-parent-after-registering-netfs-success.patch @@ -0,0 +1,59 @@ +From 86108c2e34a26e4bec3c6ddb23390bf8cedcf391 Mon Sep 17 00:00:00 2001 +From: Kinglong Mee +Date: Wed, 4 Nov 2015 15:20:15 +0000 +Subject: FS-Cache: Increase reference of parent after registering, netfs success + +From: Kinglong Mee + +commit 86108c2e34a26e4bec3c6ddb23390bf8cedcf391 upstream. + +If netfs exist, fscache should not increase the reference of parent's +usage and n_children, otherwise, never be decreased. + +v2: thanks David's suggest, + move increasing reference of parent if success + use kmem_cache_free() freeing primary_index directly + +v3: don't move "netfs->primary_index->parent = &fscache_fsdef_index;" + +Signed-off-by: Kinglong Mee +Signed-off-by: David Howells +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fscache/netfs.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +--- a/fs/fscache/netfs.c ++++ b/fs/fscache/netfs.c +@@ -45,9 +45,6 @@ int __fscache_register_netfs(struct fsca + netfs->primary_index->parent = &fscache_fsdef_index; + netfs->primary_index->netfs_data = netfs; + +- atomic_inc(&netfs->primary_index->parent->usage); +- atomic_inc(&netfs->primary_index->parent->n_children); +- + spin_lock_init(&netfs->primary_index->lock); + INIT_HLIST_HEAD(&netfs->primary_index->backing_objects); + +@@ -60,6 +57,9 @@ int __fscache_register_netfs(struct fsca + goto already_registered; + } + ++ atomic_inc(&netfs->primary_index->parent->usage); ++ atomic_inc(&netfs->primary_index->parent->n_children); ++ + list_add(&netfs->link, &fscache_netfs_list); + ret = 0; + +@@ -70,8 +70,7 @@ already_registered: + up_write(&fscache_addremove_sem); + + if (ret < 0) { +- netfs->primary_index->parent = NULL; +- __fscache_cookie_put(netfs->primary_index); ++ kmem_cache_free(fscache_cookie_jar, netfs->primary_index); + netfs->primary_index = NULL; + } + diff --git a/queue-3.10/series b/queue-3.10/series index 4a18a36827c..68532fd48f7 100644 --- a/queue-3.10/series +++ b/queue-3.10/series @@ -57,3 +57,7 @@ crypto-af_alg-fix-socket-double-free-when-accept-fails.patch ahci-fix-softreset-failed-issue-of-port-multiplier.patch libata-disable-forced-ports_impl-for-ahci-1.3.patch ahci-intel-dnv-device-ids-sata.patch +crypto-algif_hash-wait-for-crypto_ahash_init-to-complete.patch +evm-use-crypto_memneq-for-digest-comparisons.patch +crypto-user-lock-crypto_alg_list-on-alg-dump.patch +fs-cache-increase-reference-of-parent-after-registering-netfs-success.patch -- 2.47.3