[kernel] Linux v3.5-rc6-40-g055c9fa
Justin M. Forbes
jforbes at fedoraproject.org
Wed Jul 11 15:43:35 UTC 2012
commit c4dc54725152bdd9c47f4d992fdf3812d6b24697
Author: Justin M. Forbes <jforbes at redhat.com>
Date: Wed Jul 11 10:42:52 2012 -0500
Linux v3.5-rc6-40-g055c9fa
crypto-aesni-intel-fix-wrong-kfree-pointer.patch | 45 +++++++
...allow-aesni-intel-and-ghash_clmulni-intel.patch | 122 ++++++++++++++++++++
kernel.spec | 14 ++-
sources | 4 +-
4 files changed, 181 insertions(+), 4 deletions(-)
---
diff --git a/crypto-aesni-intel-fix-wrong-kfree-pointer.patch b/crypto-aesni-intel-fix-wrong-kfree-pointer.patch
new file mode 100644
index 0000000..e9942c0
--- /dev/null
+++ b/crypto-aesni-intel-fix-wrong-kfree-pointer.patch
@@ -0,0 +1,45 @@
+From bf084d8f6eb4ded3f90a6ab79bb682db00ebfbd4 Mon Sep 17 00:00:00 2001
+From: Milan Broz <mbroz at redhat.com>
+Date: Thu, 28 Jun 2012 17:26:02 +0200
+Subject: [PATCH] crypto: aesni-intel - fix wrong kfree pointer
+
+kfree(new_key_mem) in rfc4106_set_key() should be called on malloced pointer,
+not on aligned one, otherwise it can cause invalid pointer on free.
+
+(Seen at least once when running tcrypt tests with debug kernel.)
+
+Signed-off-by: Milan Broz <mbroz at redhat.com>
+Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
+---
+ arch/x86/crypto/aesni-intel_glue.c | 8 ++++----
+ 1 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
+index d662615..34fdcff 100644
+--- a/arch/x86/crypto/aesni-intel_glue.c
++++ b/arch/x86/crypto/aesni-intel_glue.c
+@@ -529,7 +529,7 @@ static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key,
+ struct crypto_aead *cryptd_child = cryptd_aead_child(ctx->cryptd_tfm);
+ struct aesni_rfc4106_gcm_ctx *child_ctx =
+ aesni_rfc4106_gcm_ctx_get(cryptd_child);
+- u8 *new_key_mem = NULL;
++ u8 *new_key_align, *new_key_mem = NULL;
+
+ if (key_len < 4) {
+ crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+@@ -553,9 +553,9 @@ static int rfc4106_set_key(struct crypto_aead *parent, const u8 *key,
+ if (!new_key_mem)
+ return -ENOMEM;
+
+- new_key_mem = PTR_ALIGN(new_key_mem, AESNI_ALIGN);
+- memcpy(new_key_mem, key, key_len);
+- key = new_key_mem;
++ new_key_align = PTR_ALIGN(new_key_mem, AESNI_ALIGN);
++ memcpy(new_key_align, key, key_len);
++ key = new_key_align;
+ }
+
+ if (!irq_fpu_usable())
+--
+1.7.6.5
+
diff --git a/crypto-testmgr-allow-aesni-intel-and-ghash_clmulni-intel.patch b/crypto-testmgr-allow-aesni-intel-and-ghash_clmulni-intel.patch
new file mode 100644
index 0000000..9aef14c
--- /dev/null
+++ b/crypto-testmgr-allow-aesni-intel-and-ghash_clmulni-intel.patch
@@ -0,0 +1,122 @@
+From 6c79294f44fd7d1122cbaabff3b9815b074c0dd0 Mon Sep 17 00:00:00 2001
+From: Milan Broz <mbroz at redhat.com>
+Date: Fri, 29 Jun 2012 22:08:09 +0200
+Subject: [PATCH] crypto: testmgr - allow aesni-intel and ghash_clmulni-intel
+ in fips mode
+
+Patch 863b557a88f8c033f7419fabafef4712a5055f85 added NULL entries
+for intel accelerated drivers but did not marked these fips allowed.
+This cause panic if running tests with fips=1.
+
+For ghash, fips_allowed flag was added in patch
+18c0ebd2d8194cce4b3f67e2903fa01bea892cbc.
+
+Without patch, "modprobe tcrypt" fails with
+ alg: skcipher: Failed to load transform for cbc-aes-aesni: -2
+ cbc-aes-aesni: cbc(aes) alg self test failed in fips mode!
+ (panic)
+
+Also add missing cryptd(__driver-cbc-aes-aesni) and
+cryptd(__driver-gcm-aes-aesni) test to complement
+null tests above, otherwise system complains with
+ alg: No test for __cbc-aes-aesni (cryptd(__driver-cbc-aes-aesni))
+ alg: No test for __gcm-aes-aesni (cryptd(__driver-gcm-aes-aesni))
+
+Signed-off-by: Milan Broz <mbroz at redhat.com>
+Signed-off-by: Paul Wouters <pwouters at redhat.com>
+Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
+---
+ crypto/testmgr.c | 38 ++++++++++++++++++++++++++++++++++++++
+ 1 files changed, 38 insertions(+), 0 deletions(-)
+
+diff --git a/crypto/testmgr.c b/crypto/testmgr.c
+index 36748a5..4308a11 100644
+--- a/crypto/testmgr.c
++++ b/crypto/testmgr.c
+@@ -1581,6 +1581,7 @@ static const struct alg_test_desc alg_test_descs[] = {
+ }, {
+ .alg = "__driver-cbc-aes-aesni",
+ .test = alg_test_null,
++ .fips_allowed = 1,
+ .suite = {
+ .cipher = {
+ .enc = {
+@@ -1641,6 +1642,7 @@ static const struct alg_test_desc alg_test_descs[] = {
+ }, {
+ .alg = "__driver-ecb-aes-aesni",
+ .test = alg_test_null,
++ .fips_allowed = 1,
+ .suite = {
+ .cipher = {
+ .enc = {
+@@ -1701,6 +1703,7 @@ static const struct alg_test_desc alg_test_descs[] = {
+ }, {
+ .alg = "__ghash-pclmulqdqni",
+ .test = alg_test_null,
++ .fips_allowed = 1,
+ .suite = {
+ .hash = {
+ .vecs = NULL,
+@@ -1866,8 +1869,25 @@ static const struct alg_test_desc alg_test_descs[] = {
+ }
+ }
+ }, {
++ .alg = "cryptd(__driver-cbc-aes-aesni)",
++ .test = alg_test_null,
++ .fips_allowed = 1,
++ .suite = {
++ .cipher = {
++ .enc = {
++ .vecs = NULL,
++ .count = 0
++ },
++ .dec = {
++ .vecs = NULL,
++ .count = 0
++ }
++ }
++ }
++ }, {
+ .alg = "cryptd(__driver-ecb-aes-aesni)",
+ .test = alg_test_null,
++ .fips_allowed = 1,
+ .suite = {
+ .cipher = {
+ .enc = {
+@@ -1926,8 +1946,25 @@ static const struct alg_test_desc alg_test_descs[] = {
+ }
+ }
+ }, {
++ .alg = "cryptd(__driver-gcm-aes-aesni)",
++ .test = alg_test_null,
++ .fips_allowed = 1,
++ .suite = {
++ .cipher = {
++ .enc = {
++ .vecs = NULL,
++ .count = 0
++ },
++ .dec = {
++ .vecs = NULL,
++ .count = 0
++ }
++ }
++ }
++ }, {
+ .alg = "cryptd(__ghash-pclmulqdqni)",
+ .test = alg_test_null,
++ .fips_allowed = 1,
+ .suite = {
+ .hash = {
+ .vecs = NULL,
+@@ -2043,6 +2080,7 @@ static const struct alg_test_desc alg_test_descs[] = {
+ }, {
+ .alg = "ecb(__aes-aesni)",
+ .test = alg_test_null,
++ .fips_allowed = 1,
+ .suite = {
+ .cipher = {
+ .enc = {
+--
+1.7.6.5
+
diff --git a/kernel.spec b/kernel.spec
index d96d48c..14a8ddb 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -95,7 +95,7 @@ Summary: The Linux kernel
# The rc snapshot level
%define rcrev 6
# The git snapshot level
-%define gitrev 1
+%define gitrev 2
# Set rpm version accordingly
%define rpmversion 3.%{upstream_sublevel}.0
%endif
@@ -745,6 +745,10 @@ Patch22001: selinux-apply-different-permission-to-ptrace-child.patch
#rhbz 828824
Patch22043: rt2x00usb-fix-indexes-ordering-on-RX-queue-kick.patch
+#Fix FIPS for aesni hardare
+Patch22050: crypto-testmgr-allow-aesni-intel-and-ghash_clmulni-intel.patch
+Patch22051: crypto-aesni-intel-fix-wrong-kfree-pointer.patch
+
# END OF PATCH DEFINITIONS
%endif
@@ -1436,6 +1440,10 @@ ApplyPatch highbank-export-clock-functions.patch
#rhbz 828824
ApplyPatch rt2x00usb-fix-indexes-ordering-on-RX-queue-kick.patch
+#Fix FIPS for aesni hardare
+ApplyPatch crypto-testmgr-allow-aesni-intel-and-ghash_clmulni-intel.patch
+ApplyPatch crypto-aesni-intel-fix-wrong-kfree-pointer.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2292,6 +2300,10 @@ fi
# ||----w |
# || ||
%changelog
+* Wed Jul 11 2012 Justin M. Forbes <jforbes at redhat.com> - 3.5.0-0.rc6.git2.1
+- Linux v3.5-rc6-40-g055c9fa
+- Fix FIPS for aesni hardware (rhbz 839239)
+
* Tue Jul 10 2012 Justin M. Forbes <jforbes at redhat.com> - 3.5.0-0.rc6.git1.1
- Linux v3.5-rc6-22-g2437fcc
diff --git a/sources b/sources
index 7a8d34e..164a654 100644
--- a/sources
+++ b/sources
@@ -1,3 +1 @@
-967f72983655e2479f951195953e8480 linux-3.4.tar.xz
-0244539cf9a397a2a8c9e56f38cb9fc2 patch-3.5-rc6.xz
-a58312153ebe36f649a65be44dd0b0c7 patch-3.5-rc6-git1.xz
+a2da7c5f454195df6b6f5677fd7fb997 patch-3.5-rc6-git2.xz
More information about the scm-commits
mailing list