5.10-stable patches

added patches:
	lib-crypto-mpi-fix-integer-underflow-in-mpi_read_raw_from_sgl.patch

diff --git a/queue-5.10/lib-crypto-mpi-fix-integer-underflow-in-mpi_read_raw_from_sgl.patch b/queue-5.10/lib-crypto-mpi-fix-integer-underflow-in-mpi_read_raw_from_sgl.patch
new file mode 100644 (file)
index 0000000..344170b
--- /dev/null
+++ b/queue-5.10/lib-crypto-mpi-fix-integer-underflow-in-mpi_read_raw_from_sgl.patch
@@ -0,0 +1,70 @@
+From 8c2f1288250a90a4b5cabed5d888d7e3aeed4035 Mon Sep 17 00:00:00 2001
+From: Lukas Wunner <lukas@wunner.de>
+Date: Sun, 12 Apr 2026 16:19:47 +0200
+Subject: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()
+
+From: Lukas Wunner <lukas@wunner.de>
+
+commit 8c2f1288250a90a4b5cabed5d888d7e3aeed4035 upstream.
+
+Yiming reports an integer underflow in mpi_read_raw_from_sgl() when
+subtracting "lzeros" from the unsigned "nbytes".
+
+For this to happen, the scatterlist "sgl" needs to occupy more bytes
+than the "nbytes" parameter and the first "nbytes + 1" bytes of the
+scatterlist must be zero.  Under these conditions, the while loop
+iterating over the scatterlist will count more zeroes than "nbytes",
+subtract the number of zeroes from "nbytes" and cause the underflow.
+
+When commit 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers") originally
+introduced the bug, it couldn't be triggered because all callers of
+mpi_read_raw_from_sgl() passed a scatterlist whose length was equal to
+"nbytes".
+
+However since commit 63ba4d67594a ("KEYS: asymmetric: Use new crypto
+interface without scatterlists"), the underflow can now actually be
+triggered.  When invoking a KEYCTL_PKEY_ENCRYPT system call with a
+larger "out_len" than "in_len" and filling the "in" buffer with zeroes,
+crypto_akcipher_sync_prep() will create an all-zero scatterlist used for
+both the "src" and "dst" member of struct akcipher_request and thereby
+fulfil the conditions to trigger the bug:
+
+  sys_keyctl()
+    keyctl_pkey_e_d_s()
+      asymmetric_key_eds_op()
+        software_key_eds_op()
+          crypto_akcipher_sync_encrypt()
+            crypto_akcipher_sync_prep()
+              crypto_akcipher_encrypt()
+                rsa_enc()
+                  mpi_read_raw_from_sgl()
+
+To the user this will be visible as a DoS as the kernel spins forever,
+causing soft lockup splats as a side effect.
+
+Fix it.
+
+Reported-by: Yiming Qian <yimingqian591@gmail.com> # off-list
+Fixes: 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers")
+Signed-off-by: Lukas Wunner <lukas@wunner.de>
+Cc: stable@vger.kernel.org # v4.4+
+Reviewed-by: Ignat Korchagin <ignat@linux.win>
+Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
+Link: https://lore.kernel.org/r/59eca92ff4f87e2081777f1423a0efaaadcfdb39.1776003111.git.lukas@wunner.de
+Signed-off-by: Eric Biggers <ebiggers@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ lib/mpi/mpicoder.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/lib/mpi/mpicoder.c
++++ b/lib/mpi/mpicoder.c
+@@ -453,7 +453,7 @@ MPI mpi_read_raw_from_sgl(struct scatter
+       lzeros = 0;
+       len = 0;
+       while (nbytes > 0) {
+-              while (len && !*buff) {
++              while (len && !*buff && lzeros < nbytes) {
+                       lzeros++;
+                       len--;
+                       buff++;

diff --git a/queue-5.10/series b/queue-5.10/series
index 41ba74d223c9d5374e95dc7935001c6014ba97b7..c28ea9eb38136ea9374a67f663f6ecb558abea7e 100644 (file)
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -329,3 +329,4 @@ tty-serial-samsung-use-u32-for-register-interactions.patch
 tty-serial-samsung-remove-redundant-port-lock-acquisition-in-rx-helpers.patch
 usb-gadget-f_hid-tidy-error-handling-in-hidg_alloc.patch
 usb-gadget-f_hid-fix-device-reference-leak-in-hidg_alloc.patch
+lib-crypto-mpi-fix-integer-underflow-in-mpi_read_raw_from_sgl.patch