6.18-stable patches

added patches:
	crypto-algif_aead-snapshot-iv-for-async-aead-requests.patch
	crypto-pcrypt-fix-handling-of-may_backlog-requests.patch

diff --git a/queue-6.18/crypto-algif_aead-snapshot-iv-for-async-aead-requests.patch b/queue-6.18/crypto-algif_aead-snapshot-iv-for-async-aead-requests.patch
new file mode 100644 (file)
index 0000000..872c22f
--- /dev/null
+++ b/queue-6.18/crypto-algif_aead-snapshot-iv-for-async-aead-requests.patch
@@ -0,0 +1,74 @@
+From 5aa58c3a572b3e3b6c786953339f7978b845cc52 Mon Sep 17 00:00:00 2001
+From: Douya Le <ldy3087146292@gmail.com>
+Date: Sun, 19 Apr 2026 16:52:59 +0800
+Subject: crypto: algif_aead - snapshot IV for async AEAD requests
+
+From: Douya Le <ldy3087146292@gmail.com>
+
+commit 5aa58c3a572b3e3b6c786953339f7978b845cc52 upstream.
+
+AF_ALG AEAD AIO requests currently use the socket-wide IV buffer during
+request processing.  For async requests, later socket activity can
+update that shared state before the original request has fully
+completed, which can lead to inconsistent IV handling.
+
+Snapshot the IV into per-request storage when preparing the AEAD
+request, so in-flight operations no longer depend on mutable socket
+state.
+
+Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management")
+Cc: stable@kernel.org
+Reported-by: Yuan Tan <yuantan098@gmail.com>
+Reported-by: Yifan Wu <yifanwucs@gmail.com>
+Reported-by: Juefei Pu <tomapufckgml@gmail.com>
+Reported-by: Xin Liu <bird@lzu.edu.cn>
+Co-developed-by: Luxing Yin <tr0jan@lzu.edu.cn>
+Signed-off-by: Luxing Yin <tr0jan@lzu.edu.cn>
+Tested-by: Yucheng Lu <kanolyc@gmail.com>
+Signed-off-by: Douya Le <ldy3087146292@gmail.com>
+Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: Eric Biggers <ebiggers@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ crypto/algif_aead.c |   10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/crypto/algif_aead.c
++++ b/crypto/algif_aead.c
+@@ -72,8 +72,10 @@ static int _aead_recvmsg(struct socket *
+       struct af_alg_ctx *ctx = ask->private;
+       struct crypto_aead *tfm = pask->private;
+       unsigned int as = crypto_aead_authsize(tfm);
++      unsigned int ivsize = crypto_aead_ivsize(tfm);
+       struct af_alg_async_req *areq;
+       struct scatterlist *rsgl_src, *tsgl_src = NULL;
++      void *iv;
+       int err = 0;
+       size_t used = 0;                /* [in]  TX bufs to be en/decrypted */
+       size_t outlen = 0;              /* [out] RX bufs produced by kernel */
+@@ -125,10 +127,14 @@ static int _aead_recvmsg(struct socket *
+ 
+       /* Allocate cipher request for current operation. */
+       areq = af_alg_alloc_areq(sk, sizeof(struct af_alg_async_req) +
+-                                   crypto_aead_reqsize(tfm));
++                                   crypto_aead_reqsize(tfm) + ivsize);
+       if (IS_ERR(areq))
+               return PTR_ERR(areq);
+ 
++      iv = (u8 *)aead_request_ctx(&areq->cra_u.aead_req) +
++           crypto_aead_reqsize(tfm);
++      memcpy(iv, ctx->iv, ivsize);
++
+       /* convert iovecs of output buffers into RX SGL */
+       err = af_alg_get_rsgl(sk, msg, flags, areq, outlen, &usedpages);
+       if (err)
+@@ -187,7 +193,7 @@ static int _aead_recvmsg(struct socket *
+ 
+       /* Initialize the crypto operation */
+       aead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src,
+-                             areq->first_rsgl.sgl.sgt.sgl, used, ctx->iv);
++                             areq->first_rsgl.sgl.sgt.sgl, used, iv);
+       aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);
+       aead_request_set_tfm(&areq->cra_u.aead_req, tfm);
+ 

diff --git a/queue-6.18/crypto-pcrypt-fix-handling-of-may_backlog-requests.patch b/queue-6.18/crypto-pcrypt-fix-handling-of-may_backlog-requests.patch
new file mode 100644 (file)
index 0000000..0042a99
--- /dev/null
+++ b/queue-6.18/crypto-pcrypt-fix-handling-of-may_backlog-requests.patch
@@ -0,0 +1,51 @@
+From 915b692e6cb723aac658c25eb82c58fd81235110 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Thu, 16 Apr 2026 17:00:50 +0800
+Subject: crypto: pcrypt - Fix handling of MAY_BACKLOG requests
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit 915b692e6cb723aac658c25eb82c58fd81235110 upstream.
+
+MAY_BACKLOG requests can return EBUSY.  Handle them by checking
+for that value and filtering out EINPROGRESS notifications.
+
+Reported-by: Yiming Qian <yimingqian591@gmail.com>
+Fixes: 5a1436beec57 ("crypto: pcrypt - call the complete function on error")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: Eric Biggers <ebiggers@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ crypto/pcrypt.c |    7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/crypto/pcrypt.c
++++ b/crypto/pcrypt.c
+@@ -69,6 +69,9 @@ static void pcrypt_aead_done(void *data,
+       struct pcrypt_request *preq = aead_request_ctx(req);
+       struct padata_priv *padata = pcrypt_request_padata(preq);
+ 
++      if (err == -EINPROGRESS)
++              return;
++
+       padata->info = err;
+ 
+       padata_do_serial(padata);
+@@ -82,7 +85,7 @@ static void pcrypt_aead_enc(struct padat
+ 
+       ret = crypto_aead_encrypt(req);
+ 
+-      if (ret == -EINPROGRESS)
++      if (ret == -EINPROGRESS || ret == -EBUSY)
+               return;
+ 
+       padata->info = ret;
+@@ -133,7 +136,7 @@ static void pcrypt_aead_dec(struct padat
+ 
+       ret = crypto_aead_decrypt(req);
+ 
+-      if (ret == -EINPROGRESS)
++      if (ret == -EINPROGRESS || ret == -EBUSY)
+               return;
+ 
+       padata->info = ret;

diff --git a/queue-6.18/series b/queue-6.18/series
index d8a5c01c15395eb4d50505800655f24e73ecd608..2758dc241be15ea514bcda6578d251a20b0676a7 100644 (file)
--- a/queue-6.18/series
+++ b/queue-6.18/series
@@ -36,3 +36,5 @@ thermal-core-fix-thermal-zone-governor-cleanup-issues.patch
 spi-imx-fix-use-after-free-on-unbind.patch
 spi-ch341-fix-memory-leaks-on-probe-failures.patch
 mm-call-free_folio-directly-in-folio_unmap_invalidat.patch
+crypto-algif_aead-snapshot-iv-for-async-aead-requests.patch
+crypto-pcrypt-fix-handling-of-may_backlog-requests.patch