From ae98f43e8be26b8a896e4c38a28a370e04d30552 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sat, 24 Oct 2020 12:41:17 +0200
Subject: [PATCH] 4.14-stable patches

added patches:
	crypto-algif_aead-do-not-set-may_backlog-on-the-async-path.patch
	ima-don-t-ignore-errors-from-crypto_shash_update.patch
---
 ...ot-set-may_backlog-on-the-async-path.patch | 56 +++++++++++++++++++
 ...nore-errors-from-crypto_shash_update.patch | 35 ++++++++++++
 queue-4.14/series                             |  2 +
 3 files changed, 93 insertions(+)
 create mode 100644 queue-4.14/crypto-algif_aead-do-not-set-may_backlog-on-the-async-path.patch
 create mode 100644 queue-4.14/ima-don-t-ignore-errors-from-crypto_shash_update.patch

diff --git a/queue-4.14/crypto-algif_aead-do-not-set-may_backlog-on-the-async-path.patch b/queue-4.14/crypto-algif_aead-do-not-set-may_backlog-on-the-async-path.patch
new file mode 100644
index 00000000000..75de17ab4cd
--- /dev/null
+++ b/queue-4.14/crypto-algif_aead-do-not-set-may_backlog-on-the-async-path.patch
@@ -0,0 +1,56 @@
+From cbdad1f246dd98e6c9c32a6e5212337f542aa7e0 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Fri, 31 Jul 2020 17:03:50 +1000
+Subject: crypto: algif_aead - Do not set MAY_BACKLOG on the async path
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit cbdad1f246dd98e6c9c32a6e5212337f542aa7e0 upstream.
+
+The async path cannot use MAY_BACKLOG because it is not meant to
+block, which is what MAY_BACKLOG does.  On the other hand, both
+the sync and async paths can make use of MAY_SLEEP.
+
+Fixes: 83094e5e9e49 ("crypto: af_alg - add async support to...")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/algif_aead.c |    7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/crypto/algif_aead.c
++++ b/crypto/algif_aead.c
+@@ -83,7 +83,7 @@ static int crypto_aead_copy_sgl(struct c
+ 	SKCIPHER_REQUEST_ON_STACK(skreq, null_tfm);
+ 
+ 	skcipher_request_set_tfm(skreq, null_tfm);
+-	skcipher_request_set_callback(skreq, CRYPTO_TFM_REQ_MAY_BACKLOG,
++	skcipher_request_set_callback(skreq, CRYPTO_TFM_REQ_MAY_SLEEP,
+ 				      NULL, NULL);
+ 	skcipher_request_set_crypt(skreq, src, dst, len, NULL);
+ 
+@@ -296,19 +296,20 @@ static int _aead_recvmsg(struct socket *
+ 		areq->outlen = outlen;
+ 
+ 		aead_request_set_callback(&areq->cra_u.aead_req,
+-					  CRYPTO_TFM_REQ_MAY_BACKLOG,
++					  CRYPTO_TFM_REQ_MAY_SLEEP,
+ 					  af_alg_async_cb, areq);
+ 		err = ctx->enc ? crypto_aead_encrypt(&areq->cra_u.aead_req) :
+ 				 crypto_aead_decrypt(&areq->cra_u.aead_req);
+ 
+ 		/* AIO operation in progress */
+-		if (err == -EINPROGRESS || err == -EBUSY)
++		if (err == -EINPROGRESS)
+ 			return -EIOCBQUEUED;
+ 
+ 		sock_put(sk);
+ 	} else {
+ 		/* Synchronous operation */
+ 		aead_request_set_callback(&areq->cra_u.aead_req,
++					  CRYPTO_TFM_REQ_MAY_SLEEP |
+ 					  CRYPTO_TFM_REQ_MAY_BACKLOG,
+ 					  af_alg_complete, &ctx->completion);
+ 		err = af_alg_wait_for_completion(ctx->enc ?
diff --git a/queue-4.14/ima-don-t-ignore-errors-from-crypto_shash_update.patch b/queue-4.14/ima-don-t-ignore-errors-from-crypto_shash_update.patch
new file mode 100644
index 00000000000..1daec738aae
--- /dev/null
+++ b/queue-4.14/ima-don-t-ignore-errors-from-crypto_shash_update.patch
@@ -0,0 +1,35 @@
+From 60386b854008adc951c470067f90a2d85b5d520f Mon Sep 17 00:00:00 2001
+From: Roberto Sassu <roberto.sassu@huawei.com>
+Date: Fri, 4 Sep 2020 11:23:28 +0200
+Subject: ima: Don't ignore errors from crypto_shash_update()
+
+From: Roberto Sassu <roberto.sassu@huawei.com>
+
+commit 60386b854008adc951c470067f90a2d85b5d520f upstream.
+
+Errors returned by crypto_shash_update() are not checked in
+ima_calc_boot_aggregate_tfm() and thus can be overwritten at the next
+iteration of the loop. This patch adds a check after calling
+crypto_shash_update() and returns immediately if the result is not zero.
+
+Cc: stable@vger.kernel.org
+Fixes: 3323eec921efd ("integrity: IMA as an integrity service provider")
+Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
+Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/integrity/ima/ima_crypto.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/security/integrity/ima/ima_crypto.c
++++ b/security/integrity/ima/ima_crypto.c
+@@ -699,6 +699,8 @@ static int __init ima_calc_boot_aggregat
+ 		ima_pcrread(i, pcr_i);
+ 		/* now accumulate with current aggregate */
+ 		rc = crypto_shash_update(shash, pcr_i, TPM_DIGEST_SIZE);
++		if (rc != 0)
++			return rc;
+ 	}
+ 	if (!rc)
+ 		crypto_shash_final(shash, digest);
diff --git a/queue-4.14/series b/queue-4.14/series
index 9001ef4c524..8160f10cc2a 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -17,3 +17,5 @@ cifs-remove-bogus-debug-code.patch
 cifs-return-the-error-from-crypt_message-when-enc-dec-key-not-found.patch
 kvm-x86-mmu-commit-zap-of-remaining-invalid-pages-when-recovering-lpages.patch
 kvm-svm-initialize-prev_ga_tag-before-use.patch
+ima-don-t-ignore-errors-from-crypto_shash_update.patch
+crypto-algif_aead-do-not-set-may_backlog-on-the-async-path.patch
-- 
2.47.3