diff --git a/SOURCES/1696-net-atm-fix-crash-due-to-unvalidated-vcc-pointer-in-sigd-sen.patch b/SOURCES/1696-net-atm-fix-crash-due-to-unvalidated-vcc-pointer-in-sigd-sen.patch new file mode 100644 index 000000000..ded595149 --- /dev/null +++ b/SOURCES/1696-net-atm-fix-crash-due-to-unvalidated-vcc-pointer-in-sigd-sen.patch @@ -0,0 +1,150 @@ +From 1c8bda3df028d5e54134077dcd09f46ca8cfceb5 Mon Sep 17 00:00:00 2001 +From: Jiayuan Chen +Date: Thu, 5 Feb 2026 17:54:51 +0800 +Subject: [PATCH] net: atm: fix crash due to unvalidated vcc pointer in + sigd_send() + +[ Upstream commit ae88a5d2f29b69819dc7b04086734439d074a643 ] + +Reproducer available at [1]. + +The ATM send path (sendmsg -> vcc_sendmsg -> sigd_send) reads the vcc +pointer from msg->vcc and uses it directly without any validation. This +pointer comes from userspace via sendmsg() and can be arbitrarily forged: + + int fd = socket(AF_ATMSVC, SOCK_DGRAM, 0); + ioctl(fd, ATMSIGD_CTRL); // become ATM signaling daemon + struct msghdr msg = { .msg_iov = &iov, ... }; + *(unsigned long *)(buf + 4) = 0xdeadbeef; // fake vcc pointer + sendmsg(fd, &msg, 0); // kernel dereferences 0xdeadbeef + +In normal operation, the kernel sends the vcc pointer to the signaling +daemon via sigd_enq() when processing operations like connect(), bind(), +or listen(). The daemon is expected to return the same pointer when +responding. However, a malicious daemon can send arbitrary pointer values. + +Fix this by introducing find_get_vcc() which validates the pointer by +searching through vcc_hash (similar to how sigd_close() iterates over +all VCCs), and acquires a reference via sock_hold() if found. + +Since struct atm_vcc embeds struct sock as its first member, they share +the same lifetime. Therefore using sock_hold/sock_put is sufficient to +keep the vcc alive while it is being used. + +Note that there may be a race with sigd_close() which could mark the vcc +with various flags (e.g., ATM_VF_RELEASED) after find_get_vcc() returns. +However, sock_hold() guarantees the memory remains valid, so this race +only affects the logical state, not memory safety. + +[1]: https://gist.github.com/mrpre/1ba5949c45529c511152e2f4c755b0f3 +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Reported-by: syzbot+1f22cb1769f249df9fa0@syzkaller.appspotmail.com +Closes: https://lore.kernel.org/all/69039850.a70a0220.5b2ed.005d.GAE@google.com/T/ +Signed-off-by: Jiayuan Chen +Link: https://patch.msgid.link/20260205095501.131890-1-jiayuan.chen@linux.dev +Signed-off-by: Paolo Abeni +Signed-off-by: Sasha Levin + +diff --git a/net/atm/signaling.c b/net/atm/signaling.c +index 5de06ab8ed75..5a5d8b1fa8be 100644 +--- a/net/atm/signaling.c ++++ b/net/atm/signaling.c +@@ -22,6 +22,36 @@ + + struct atm_vcc *sigd = NULL; + ++/* ++ * find_get_vcc - validate and get a reference to a vcc pointer ++ * @vcc: the vcc pointer to validate ++ * ++ * This function validates that @vcc points to a registered VCC in vcc_hash. ++ * If found, it increments the socket reference count and returns the vcc. ++ * The caller must call sock_put(sk_atm(vcc)) when done. ++ * ++ * Returns the vcc pointer if valid, NULL otherwise. ++ */ ++static struct atm_vcc *find_get_vcc(struct atm_vcc *vcc) ++{ ++ int i; ++ ++ read_lock(&vcc_sklist_lock); ++ for (i = 0; i < VCC_HTABLE_SIZE; i++) { ++ struct sock *s; ++ ++ sk_for_each(s, &vcc_hash[i]) { ++ if (atm_sk(s) == vcc) { ++ sock_hold(s); ++ read_unlock(&vcc_sklist_lock); ++ return vcc; ++ } ++ } ++ } ++ read_unlock(&vcc_sklist_lock); ++ return NULL; ++} ++ + static void sigd_put_skb(struct sk_buff *skb) + { + if (!sigd) { +@@ -69,7 +99,14 @@ static int sigd_send(struct atm_vcc *vcc, struct sk_buff *skb) + + msg = (struct atmsvc_msg *) skb->data; + WARN_ON(refcount_sub_and_test(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc)); +- vcc = *(struct atm_vcc **) &msg->vcc; ++ ++ vcc = find_get_vcc(*(struct atm_vcc **)&msg->vcc); ++ if (!vcc) { ++ pr_debug("invalid vcc pointer in msg\n"); ++ dev_kfree_skb(skb); ++ return -EINVAL; ++ } ++ + pr_debug("%d (0x%lx)\n", (int)msg->type, (unsigned long)vcc); + sk = sk_atm(vcc); + +@@ -100,7 +137,16 @@ static int sigd_send(struct atm_vcc *vcc, struct sk_buff *skb) + clear_bit(ATM_VF_WAITING, &vcc->flags); + break; + case as_indicate: +- vcc = *(struct atm_vcc **)&msg->listen_vcc; ++ /* Release the reference from msg->vcc, we'll use msg->listen_vcc instead */ ++ sock_put(sk); ++ ++ vcc = find_get_vcc(*(struct atm_vcc **)&msg->listen_vcc); ++ if (!vcc) { ++ pr_debug("invalid listen_vcc pointer in msg\n"); ++ dev_kfree_skb(skb); ++ return -EINVAL; ++ } ++ + sk = sk_atm(vcc); + pr_debug("as_indicate!!!\n"); + lock_sock(sk); +@@ -115,6 +161,8 @@ static int sigd_send(struct atm_vcc *vcc, struct sk_buff *skb) + sk->sk_state_change(sk); + as_indicate_complete: + release_sock(sk); ++ /* Paired with find_get_vcc(msg->listen_vcc) above */ ++ sock_put(sk); + return 0; + case as_close: + set_bit(ATM_VF_RELEASED, &vcc->flags); +@@ -131,11 +179,15 @@ static int sigd_send(struct atm_vcc *vcc, struct sk_buff *skb) + break; + default: + pr_alert("bad message type %d\n", (int)msg->type); ++ /* Paired with find_get_vcc(msg->vcc) above */ ++ sock_put(sk); + return -EINVAL; + } + sk->sk_state_change(sk); + out: + dev_kfree_skb(skb); ++ /* Paired with find_get_vcc(msg->vcc) above */ ++ sock_put(sk); + return 0; + } + +-- +2.50.1 (Apple Git-155) + diff --git a/SOURCES/1697-scsi-qla2xxx-add-support-to-report-mpi-fw-state.patch b/SOURCES/1697-scsi-qla2xxx-add-support-to-report-mpi-fw-state.patch new file mode 100644 index 000000000..7701eb292 --- /dev/null +++ b/SOURCES/1697-scsi-qla2xxx-add-support-to-report-mpi-fw-state.patch @@ -0,0 +1,168 @@ +From b0a090e60d8e8e0fade225dfc62b43e2ac9912cc Mon Sep 17 00:00:00 2001 +From: Nilesh Javali +Date: Thu, 19 Mar 2026 14:52:28 +0530 +Subject: [PATCH] scsi: qla2xxx: Add support to report MPI FW state + +JIRA: https://redhat.atlassian.net/browse/RHEL-157284 + +Upstream Status: git://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git + +Note: Resolve conflict due to divergence in code base from upstream + +commit 0e124af675ebabddacfeb0958abd443265dddf13 +Author: Nilesh Javali +Date: Thu Mar 5 15:03:37 2026 +0530 + + scsi: qla2xxx: Add support to report MPI FW state + + MPI firmware state was returned as 0. Get MPI FW state to proceed with + flash image validation. + + A new sysfs node 'mpi_fw_state' is added to report MPI firmware state: + + /sys/class/scsi_host/hostXX/mpi_fw_state + + Fixes: d74181ca110e ("scsi: qla2xxx: Add bsg interface to support firmware img validation") + Signed-off-by: Nilesh Javali + Link: https://patch.msgid.link/20260305093337.2007205-1-njavali@marvell.com + Signed-off-by: Martin K. Petersen + +Signed-off-by: Nilesh Javali + +diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c +index aa1525008500..9a506d6be335 100644 +--- a/drivers/scsi/qla2xxx/qla_attr.c ++++ b/drivers/scsi/qla2xxx/qla_attr.c +@@ -1645,7 +1645,7 @@ qla2x00_fw_state_show(struct device *dev, struct device_attribute *attr, + { + scsi_qla_host_t *vha = shost_priv(class_to_shost(dev)); + int rval = QLA_FUNCTION_FAILED; +- uint16_t state[6]; ++ uint16_t state[16]; + uint32_t pstate; + + if (IS_QLAFX00(vha->hw)) { +@@ -2409,6 +2409,63 @@ qla2x00_dport_diagnostics_show(struct device *dev, + vha->dport_data[0], vha->dport_data[1], + vha->dport_data[2], vha->dport_data[3]); + } ++ ++static ssize_t ++qla2x00_mpi_fw_state_show(struct device *dev, struct device_attribute *attr, ++ char *buf) ++{ ++ scsi_qla_host_t *vha = shost_priv(class_to_shost(dev)); ++ int rval = QLA_FUNCTION_FAILED; ++ u16 state[16]; ++ u16 mpi_state; ++ struct qla_hw_data *ha = vha->hw; ++ ++ if (!(IS_QLA27XX(ha) || IS_QLA28XX(ha))) ++ return scnprintf(buf, PAGE_SIZE, ++ "MPI state reporting is not supported for this HBA.\n"); ++ ++ memset(state, 0, sizeof(state)); ++ ++ mutex_lock(&vha->hw->optrom_mutex); ++ if (qla2x00_chip_is_down(vha)) { ++ mutex_unlock(&vha->hw->optrom_mutex); ++ ql_dbg(ql_dbg_user, vha, 0x70df, ++ "ISP reset is in progress, failing mpi_fw_state.\n"); ++ return -EBUSY; ++ } else if (vha->hw->flags.eeh_busy) { ++ mutex_unlock(&vha->hw->optrom_mutex); ++ ql_dbg(ql_dbg_user, vha, 0x70ea, ++ "HBA in PCI error state, failing mpi_fw_state.\n"); ++ return -EBUSY; ++ } ++ ++ rval = qla2x00_get_firmware_state(vha, state); ++ mutex_unlock(&vha->hw->optrom_mutex); ++ if (rval != QLA_SUCCESS) { ++ ql_dbg(ql_dbg_user, vha, 0x70eb, ++ "MB Command to retrieve MPI state failed (%d), failing mpi_fw_state.\n", ++ rval); ++ return -EIO; ++ } ++ ++ mpi_state = state[11]; ++ ++ if (!(mpi_state & BIT_15)) ++ return scnprintf(buf, PAGE_SIZE, ++ "MPI firmware state reporting is not supported by this firmware. (0x%02x)\n", ++ mpi_state); ++ ++ if (!(mpi_state & BIT_8)) ++ return scnprintf(buf, PAGE_SIZE, ++ "MPI firmware is disabled. (0x%02x)\n", ++ mpi_state); ++ ++ return scnprintf(buf, PAGE_SIZE, ++ "MPI firmware is enabled, state is %s. (0x%02x)\n", ++ mpi_state & BIT_9 ? "active" : "inactive", ++ mpi_state); ++} ++ + static DEVICE_ATTR(dport_diagnostics, 0444, + qla2x00_dport_diagnostics_show, NULL); + +@@ -2476,6 +2533,8 @@ static DEVICE_ATTR(port_speed, 0644, qla2x00_port_speed_show, + qla2x00_port_speed_store); + static DEVICE_ATTR(port_no, 0444, qla2x00_port_no_show, NULL); + static DEVICE_ATTR(fw_attr, 0444, qla2x00_fw_attr_show, NULL); ++static DEVICE_ATTR(mpi_fw_state, 0444, qla2x00_mpi_fw_state_show, NULL); ++ + + + struct device_attribute *qla2x00_host_attrs[] = { +@@ -2525,6 +2584,7 @@ struct device_attribute *qla2x00_host_attrs[] = { + NULL, /* reserve for qlini_mode */ + NULL, /* reserve for ql2xiniexchg */ + NULL, /* reserve for ql2xexchoffld */ ++ &dev_attr_mpi_fw_state, + NULL, + }; + +diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c +index 081f5d5c63af..5fa28b10bbb7 100644 +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -4916,7 +4916,7 @@ qla2x00_fw_ready(scsi_qla_host_t *vha) + unsigned long wtime, mtime, cs84xx_time; + uint16_t min_wait; /* Minimum wait time if loop is down */ + uint16_t wait_time; /* Wait time if loop is coming ready */ +- uint16_t state[6]; ++ uint16_t state[16]; + struct qla_hw_data *ha = vha->hw; + + if (IS_QLAFX00(vha->hw)) +diff --git a/drivers/scsi/qla2xxx/qla_mbx.c b/drivers/scsi/qla2xxx/qla_mbx.c +index d0f09f0a2459..e3ee26058901 100644 +--- a/drivers/scsi/qla2xxx/qla_mbx.c ++++ b/drivers/scsi/qla2xxx/qla_mbx.c +@@ -2266,6 +2266,13 @@ qla2x00_get_firmware_state(scsi_qla_host_t *vha, uint16_t *states) + mcp->in_mb = MBX_6|MBX_5|MBX_4|MBX_3|MBX_2|MBX_1|MBX_0; + else + mcp->in_mb = MBX_1|MBX_0; ++ ++ if (IS_QLA27XX(ha) || IS_QLA28XX(ha)) { ++ mcp->mb[12] = 0; ++ mcp->out_mb |= MBX_12; ++ mcp->in_mb |= MBX_12; ++ } ++ + mcp->tov = MBX_TOV_SECONDS; + mcp->flags = 0; + rval = qla2x00_mailbox_command(vha, mcp); +@@ -2278,6 +2285,8 @@ qla2x00_get_firmware_state(scsi_qla_host_t *vha, uint16_t *states) + states[3] = mcp->mb[4]; + states[4] = mcp->mb[5]; + states[5] = mcp->mb[6]; /* DPORT status */ ++ if (IS_QLA27XX(ha) || IS_QLA28XX(ha)) ++ states[11] = mcp->mb[12]; /* MPI state. */ + } + + if (rval != QLA_SUCCESS) { +-- +2.50.1 (Apple Git-155) + diff --git a/SOURCES/1698-crypto-tegra-use-api-helpers-to-setup-fallback-request.patch b/SOURCES/1698-crypto-tegra-use-api-helpers-to-setup-fallback-request.patch new file mode 100644 index 000000000..e63d68f44 --- /dev/null +++ b/SOURCES/1698-crypto-tegra-use-api-helpers-to-setup-fallback-request.patch @@ -0,0 +1,131 @@ +From 84ffde44e62f1991a6908f9bb5aba06aad2d7dda Mon Sep 17 00:00:00 2001 +From: Vladislav Dronov +Date: Sun, 7 Jun 2026 23:27:48 +0200 +Subject: [PATCH] crypto: tegra - use API helpers to setup fallback request + +JIRA: https://redhat.atlassian.net/browse/RHEL-182565 +Upstream Status: merged into the upstream linux.git + +commit c1024581ff2c34db4fdfe857b29f606e5117eb12 +Author: Ovidiu Panait +Date: Mon Apr 7 15:36:04 2025 +0300 + + crypto: tegra - use API helpers to setup fallback request + + Rather than setting up the fallback request by hand, use + ahash_request_set_callback() and ahash_request_set_crypt() API helpers + to properly setup the new request. + + Signed-off-by: Ovidiu Panait + Signed-off-by: Herbert Xu + +Signed-off-by: Vladislav Dronov + +diff --git a/drivers/crypto/tegra/tegra-se-hash.c b/drivers/crypto/tegra/tegra-se-hash.c +index 90bf34eb3578..e3fe5911a324 100644 +--- a/drivers/crypto/tegra/tegra-se-hash.c ++++ b/drivers/crypto/tegra/tegra-se-hash.c +@@ -118,8 +118,9 @@ static int tegra_sha_fallback_init(struct ahash_request *req) + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); + + ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm); +- rctx->fallback_req.base.flags = req->base.flags & +- CRYPTO_TFM_REQ_MAY_SLEEP; ++ ahash_request_set_callback(&rctx->fallback_req, ++ req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP, ++ req->base.complete, req->base.data); + + return crypto_ahash_init(&rctx->fallback_req); + } +@@ -131,10 +132,10 @@ static int tegra_sha_fallback_update(struct ahash_request *req) + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); + + ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm); +- rctx->fallback_req.base.flags = req->base.flags & +- CRYPTO_TFM_REQ_MAY_SLEEP; +- rctx->fallback_req.nbytes = req->nbytes; +- rctx->fallback_req.src = req->src; ++ ahash_request_set_callback(&rctx->fallback_req, ++ req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP, ++ req->base.complete, req->base.data); ++ ahash_request_set_crypt(&rctx->fallback_req, req->src, NULL, req->nbytes); + + return crypto_ahash_update(&rctx->fallback_req); + } +@@ -146,9 +147,10 @@ static int tegra_sha_fallback_final(struct ahash_request *req) + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); + + ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm); +- rctx->fallback_req.base.flags = req->base.flags & +- CRYPTO_TFM_REQ_MAY_SLEEP; +- rctx->fallback_req.result = req->result; ++ ahash_request_set_callback(&rctx->fallback_req, ++ req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP, ++ req->base.complete, req->base.data); ++ ahash_request_set_crypt(&rctx->fallback_req, NULL, req->result, 0); + + return crypto_ahash_final(&rctx->fallback_req); + } +@@ -160,12 +162,11 @@ static int tegra_sha_fallback_finup(struct ahash_request *req) + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); + + ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm); +- rctx->fallback_req.base.flags = req->base.flags & +- CRYPTO_TFM_REQ_MAY_SLEEP; +- +- rctx->fallback_req.nbytes = req->nbytes; +- rctx->fallback_req.src = req->src; +- rctx->fallback_req.result = req->result; ++ ahash_request_set_callback(&rctx->fallback_req, ++ req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP, ++ req->base.complete, req->base.data); ++ ahash_request_set_crypt(&rctx->fallback_req, req->src, req->result, ++ req->nbytes); + + return crypto_ahash_finup(&rctx->fallback_req); + } +@@ -177,12 +178,11 @@ static int tegra_sha_fallback_digest(struct ahash_request *req) + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); + + ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm); +- rctx->fallback_req.base.flags = req->base.flags & +- CRYPTO_TFM_REQ_MAY_SLEEP; +- +- rctx->fallback_req.nbytes = req->nbytes; +- rctx->fallback_req.src = req->src; +- rctx->fallback_req.result = req->result; ++ ahash_request_set_callback(&rctx->fallback_req, ++ req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP, ++ req->base.complete, req->base.data); ++ ahash_request_set_crypt(&rctx->fallback_req, req->src, req->result, ++ req->nbytes); + + return crypto_ahash_digest(&rctx->fallback_req); + } +@@ -194,8 +194,9 @@ static int tegra_sha_fallback_import(struct ahash_request *req, const void *in) + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); + + ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm); +- rctx->fallback_req.base.flags = req->base.flags & +- CRYPTO_TFM_REQ_MAY_SLEEP; ++ ahash_request_set_callback(&rctx->fallback_req, ++ req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP, ++ req->base.complete, req->base.data); + + return crypto_ahash_import(&rctx->fallback_req, in); + } +@@ -207,8 +208,9 @@ static int tegra_sha_fallback_export(struct ahash_request *req, void *out) + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(tfm); + + ahash_request_set_tfm(&rctx->fallback_req, ctx->fallback_tfm); +- rctx->fallback_req.base.flags = req->base.flags & +- CRYPTO_TFM_REQ_MAY_SLEEP; ++ ahash_request_set_callback(&rctx->fallback_req, ++ req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP, ++ req->base.complete, req->base.data); + + return crypto_ahash_export(&rctx->fallback_req, out); + } +-- +2.50.1 (Apple Git-155) + diff --git a/SOURCES/1699-crypto-tegra-remove-the-use-of-dev-err-probe.patch b/SOURCES/1699-crypto-tegra-remove-the-use-of-dev-err-probe.patch new file mode 100644 index 000000000..7127e9dcf --- /dev/null +++ b/SOURCES/1699-crypto-tegra-remove-the-use-of-dev-err-probe.patch @@ -0,0 +1,46 @@ +From 4a06bd56527fed781c5cffff4d0f0203841fbc80 Mon Sep 17 00:00:00 2001 +From: Vladislav Dronov +Date: Sun, 7 Jun 2026 23:27:48 +0200 +Subject: [PATCH] crypto: tegra - Remove the use of dev_err_probe() + +JIRA: https://redhat.atlassian.net/browse/RHEL-182565 +Upstream Status: merged into the upstream linux.git + +commit 8595bcb09b05a6c712c35f03ef701e7785895b51 +Author: Liao Yuanhong +Date: Wed Aug 20 20:37:52 2025 +0800 + + crypto: tegra - Remove the use of dev_err_probe() + + Logging messages that show some type of "out of memory" error are generally + unnecessary as there is a generic message and a stack dump done by the + memory subsystem. These messages generally increase kernel size without + much added value[1]. + + The dev_err_probe() doesn't do anything when error is '-ENOMEM'. Therefore, + remove the useless call to dev_err_probe(), and just return the value + instead. + + [1]: https://lore.kernel.org/lkml/1402419340.30479.18.camel@joe-AO725/ + + Signed-off-by: Liao Yuanhong + Signed-off-by: Herbert Xu + +Signed-off-by: Vladislav Dronov + +diff --git a/drivers/crypto/tegra/tegra-se-main.c b/drivers/crypto/tegra/tegra-se-main.c +index 63afb0556acf..81facb649ec6 100644 +--- a/drivers/crypto/tegra/tegra-se-main.c ++++ b/drivers/crypto/tegra/tegra-se-main.c +@@ -310,7 +310,7 @@ static int tegra_se_probe(struct platform_device *pdev) + + se->engine = crypto_engine_alloc_init(dev, 0); + if (!se->engine) +- return dev_err_probe(dev, -ENOMEM, "failed to init crypto engine\n"); ++ return -ENOMEM; + + ret = crypto_engine_start(se->engine); + if (ret) { +-- +2.50.1 (Apple Git-155) + diff --git a/SOURCES/1700-crypto-tegra-use-int-type-to-store-negative-error-codes.patch b/SOURCES/1700-crypto-tegra-use-int-type-to-store-negative-error-codes.patch new file mode 100644 index 000000000..739536b36 --- /dev/null +++ b/SOURCES/1700-crypto-tegra-use-int-type-to-store-negative-error-codes.patch @@ -0,0 +1,43 @@ +From e27f636604e6817fe00db4b37af61ac76a14c1ee Mon Sep 17 00:00:00 2001 +From: Vladislav Dronov +Date: Sun, 7 Jun 2026 23:27:48 +0200 +Subject: [PATCH] crypto: tegra - Use int type to store negative error codes + +JIRA: https://redhat.atlassian.net/browse/RHEL-182565 +Upstream Status: merged into the upstream linux.git + +commit a710a71cd8ad294937e03b352cd71deb7ad08700 +Author: Qianfeng Rong +Date: Wed Sep 3 21:25:37 2025 +0800 + + crypto: tegra - Use int type to store negative error codes + + Change the 'ret' variable in tegra_sha_do_update() from unsigned int to + int, as it needs to store either negative error codes or zero returned + by tegra_se_host1x_submit(). + + No effect on runtime. + + Signed-off-by: Qianfeng Rong + Signed-off-by: Herbert Xu + +Signed-off-by: Vladislav Dronov + +diff --git a/drivers/crypto/tegra/tegra-se-hash.c b/drivers/crypto/tegra/tegra-se-hash.c +index e3fe5911a324..79f1e5c9b729 100644 +--- a/drivers/crypto/tegra/tegra-se-hash.c ++++ b/drivers/crypto/tegra/tegra-se-hash.c +@@ -401,8 +401,9 @@ static int tegra_sha_do_update(struct ahash_request *req) + struct tegra_sha_ctx *ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req)); + struct tegra_sha_reqctx *rctx = ahash_request_ctx(req); + struct tegra_se *se = ctx->se; +- unsigned int nblks, nresidue, size, ret; ++ unsigned int nblks, nresidue, size; + u32 *cpuvaddr = se->cmdbuf->addr; ++ int ret; + + nresidue = (req->nbytes + rctx->residue.size) % rctx->blk_size; + nblks = (req->nbytes + rctx->residue.size) / rctx->blk_size; +-- +2.50.1 (Apple Git-155) + diff --git a/SOURCES/1701-crypto-tegra-add-missing-crypto-alg-async.patch b/SOURCES/1701-crypto-tegra-add-missing-crypto-alg-async.patch new file mode 100644 index 000000000..3d17a3557 --- /dev/null +++ b/SOURCES/1701-crypto-tegra-add-missing-crypto-alg-async.patch @@ -0,0 +1,224 @@ +From 67d735aa5c6e4d048175700e89cb267d82db8d37 Mon Sep 17 00:00:00 2001 +From: Vladislav Dronov +Date: Sun, 7 Jun 2026 23:27:48 +0200 +Subject: [PATCH] crypto: tegra - Add missing CRYPTO_ALG_ASYNC + +JIRA: https://redhat.atlassian.net/browse/RHEL-182565 +Upstream Status: merged into the upstream linux.git +CVE: CVE-2026-31739 + +commit 4b56770d345524fc2acc143a2b85539cf7d74bc1 +Author: Eric Biggers +Date: Mon Mar 16 13:21:19 2026 -0700 + + crypto: tegra - Add missing CRYPTO_ALG_ASYNC + + The tegra crypto driver failed to set the CRYPTO_ALG_ASYNC on its + asynchronous algorithms, causing the crypto API to select them for users + that request only synchronous algorithms. This causes crashes (at + least). Fix this by adding the flag like what the other drivers do. + Also remove the unnecessary CRYPTO_ALG_TYPE_* flags, since those just + get ignored and overridden by the registration function anyway. + + Reported-by: Zorro Lang + Closes: https://lore.kernel.org/r/20260314080937.pghb4aa7d4je3mhh@dell-per750-06-vm-08.rhts.eng.pek2.redhat.com + Fixes: 0880bb3b00c8 ("crypto: tegra - Add Tegra Security Engine driver") + Cc: stable@vger.kernel.org + Cc: Akhil R + Signed-off-by: Eric Biggers + Signed-off-by: Herbert Xu + +Signed-off-by: Vladislav Dronov + +diff --git a/drivers/crypto/tegra/tegra-se-aes.c b/drivers/crypto/tegra/tegra-se-aes.c +index 8b91f00b9c31..30c78afe3dea 100644 +--- a/drivers/crypto/tegra/tegra-se-aes.c ++++ b/drivers/crypto/tegra/tegra-se-aes.c +@@ -532,7 +532,7 @@ static struct tegra_se_alg tegra_aes_algs[] = { + .cra_name = "cbc(aes)", + .cra_driver_name = "cbc-aes-tegra", + .cra_priority = 500, +- .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_ASYNC, ++ .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct tegra_aes_ctx), + .cra_alignmask = 0xf, +@@ -553,7 +553,7 @@ static struct tegra_se_alg tegra_aes_algs[] = { + .cra_name = "ecb(aes)", + .cra_driver_name = "ecb-aes-tegra", + .cra_priority = 500, +- .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_ASYNC, ++ .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct tegra_aes_ctx), + .cra_alignmask = 0xf, +@@ -575,7 +575,7 @@ static struct tegra_se_alg tegra_aes_algs[] = { + .cra_name = "ctr(aes)", + .cra_driver_name = "ctr-aes-tegra", + .cra_priority = 500, +- .cra_flags = CRYPTO_ALG_TYPE_SKCIPHER | CRYPTO_ALG_ASYNC, ++ .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = 1, + .cra_ctxsize = sizeof(struct tegra_aes_ctx), + .cra_alignmask = 0xf, +@@ -597,6 +597,7 @@ static struct tegra_se_alg tegra_aes_algs[] = { + .cra_name = "xts(aes)", + .cra_driver_name = "xts-aes-tegra", + .cra_priority = 500, ++ .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct tegra_aes_ctx), + .cra_alignmask = (__alignof__(u64) - 1), +@@ -1931,6 +1932,7 @@ static struct tegra_se_alg tegra_aead_algs[] = { + .cra_name = "gcm(aes)", + .cra_driver_name = "gcm-aes-tegra", + .cra_priority = 500, ++ .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = 1, + .cra_ctxsize = sizeof(struct tegra_aead_ctx), + .cra_alignmask = 0xf, +@@ -1953,6 +1955,7 @@ static struct tegra_se_alg tegra_aead_algs[] = { + .cra_name = "ccm(aes)", + .cra_driver_name = "ccm-aes-tegra", + .cra_priority = 500, ++ .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = 1, + .cra_ctxsize = sizeof(struct tegra_aead_ctx), + .cra_alignmask = 0xf, +@@ -1980,7 +1983,7 @@ static struct tegra_se_alg tegra_cmac_algs[] = { + .cra_name = "cmac(aes)", + .cra_driver_name = "tegra-se-cmac", + .cra_priority = 300, +- .cra_flags = CRYPTO_ALG_TYPE_AHASH, ++ .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = AES_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct tegra_cmac_ctx), + .cra_alignmask = 0, +diff --git a/drivers/crypto/tegra/tegra-se-hash.c b/drivers/crypto/tegra/tegra-se-hash.c +index 79f1e5c9b729..23d549801612 100644 +--- a/drivers/crypto/tegra/tegra-se-hash.c ++++ b/drivers/crypto/tegra/tegra-se-hash.c +@@ -764,7 +764,7 @@ static struct tegra_se_alg tegra_hash_algs[] = { + .cra_name = "sha1", + .cra_driver_name = "tegra-se-sha1", + .cra_priority = 300, +- .cra_flags = CRYPTO_ALG_TYPE_AHASH, ++ .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = SHA1_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct tegra_sha_ctx), + .cra_alignmask = 0, +@@ -789,7 +789,7 @@ static struct tegra_se_alg tegra_hash_algs[] = { + .cra_name = "sha224", + .cra_driver_name = "tegra-se-sha224", + .cra_priority = 300, +- .cra_flags = CRYPTO_ALG_TYPE_AHASH, ++ .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = SHA224_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct tegra_sha_ctx), + .cra_alignmask = 0, +@@ -814,7 +814,7 @@ static struct tegra_se_alg tegra_hash_algs[] = { + .cra_name = "sha256", + .cra_driver_name = "tegra-se-sha256", + .cra_priority = 300, +- .cra_flags = CRYPTO_ALG_TYPE_AHASH, ++ .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = SHA256_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct tegra_sha_ctx), + .cra_alignmask = 0, +@@ -839,7 +839,7 @@ static struct tegra_se_alg tegra_hash_algs[] = { + .cra_name = "sha384", + .cra_driver_name = "tegra-se-sha384", + .cra_priority = 300, +- .cra_flags = CRYPTO_ALG_TYPE_AHASH, ++ .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = SHA384_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct tegra_sha_ctx), + .cra_alignmask = 0, +@@ -864,7 +864,7 @@ static struct tegra_se_alg tegra_hash_algs[] = { + .cra_name = "sha512", + .cra_driver_name = "tegra-se-sha512", + .cra_priority = 300, +- .cra_flags = CRYPTO_ALG_TYPE_AHASH, ++ .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = SHA512_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct tegra_sha_ctx), + .cra_alignmask = 0, +@@ -889,7 +889,7 @@ static struct tegra_se_alg tegra_hash_algs[] = { + .cra_name = "sha3-224", + .cra_driver_name = "tegra-se-sha3-224", + .cra_priority = 300, +- .cra_flags = CRYPTO_ALG_TYPE_AHASH, ++ .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = SHA3_224_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct tegra_sha_ctx), + .cra_alignmask = 0, +@@ -914,7 +914,7 @@ static struct tegra_se_alg tegra_hash_algs[] = { + .cra_name = "sha3-256", + .cra_driver_name = "tegra-se-sha3-256", + .cra_priority = 300, +- .cra_flags = CRYPTO_ALG_TYPE_AHASH, ++ .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = SHA3_256_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct tegra_sha_ctx), + .cra_alignmask = 0, +@@ -939,7 +939,7 @@ static struct tegra_se_alg tegra_hash_algs[] = { + .cra_name = "sha3-384", + .cra_driver_name = "tegra-se-sha3-384", + .cra_priority = 300, +- .cra_flags = CRYPTO_ALG_TYPE_AHASH, ++ .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = SHA3_384_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct tegra_sha_ctx), + .cra_alignmask = 0, +@@ -964,7 +964,7 @@ static struct tegra_se_alg tegra_hash_algs[] = { + .cra_name = "sha3-512", + .cra_driver_name = "tegra-se-sha3-512", + .cra_priority = 300, +- .cra_flags = CRYPTO_ALG_TYPE_AHASH, ++ .cra_flags = CRYPTO_ALG_ASYNC, + .cra_blocksize = SHA3_512_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct tegra_sha_ctx), + .cra_alignmask = 0, +@@ -991,7 +991,8 @@ static struct tegra_se_alg tegra_hash_algs[] = { + .cra_name = "hmac(sha224)", + .cra_driver_name = "tegra-se-hmac-sha224", + .cra_priority = 300, +- .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_NEED_FALLBACK, ++ .cra_flags = CRYPTO_ALG_ASYNC | ++ CRYPTO_ALG_NEED_FALLBACK, + .cra_blocksize = SHA224_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct tegra_sha_ctx), + .cra_alignmask = 0, +@@ -1018,7 +1019,8 @@ static struct tegra_se_alg tegra_hash_algs[] = { + .cra_name = "hmac(sha256)", + .cra_driver_name = "tegra-se-hmac-sha256", + .cra_priority = 300, +- .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_NEED_FALLBACK, ++ .cra_flags = CRYPTO_ALG_ASYNC | ++ CRYPTO_ALG_NEED_FALLBACK, + .cra_blocksize = SHA256_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct tegra_sha_ctx), + .cra_alignmask = 0, +@@ -1045,7 +1047,8 @@ static struct tegra_se_alg tegra_hash_algs[] = { + .cra_name = "hmac(sha384)", + .cra_driver_name = "tegra-se-hmac-sha384", + .cra_priority = 300, +- .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_NEED_FALLBACK, ++ .cra_flags = CRYPTO_ALG_ASYNC | ++ CRYPTO_ALG_NEED_FALLBACK, + .cra_blocksize = SHA384_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct tegra_sha_ctx), + .cra_alignmask = 0, +@@ -1072,7 +1075,8 @@ static struct tegra_se_alg tegra_hash_algs[] = { + .cra_name = "hmac(sha512)", + .cra_driver_name = "tegra-se-hmac-sha512", + .cra_priority = 300, +- .cra_flags = CRYPTO_ALG_TYPE_AHASH | CRYPTO_ALG_NEED_FALLBACK, ++ .cra_flags = CRYPTO_ALG_ASYNC | ++ CRYPTO_ALG_NEED_FALLBACK, + .cra_blocksize = SHA512_BLOCK_SIZE, + .cra_ctxsize = sizeof(struct tegra_sha_ctx), + .cra_alignmask = 0, +-- +2.50.1 (Apple Git-155) + diff --git a/SOURCES/1702-crypto-tegra-don-t-touch-bo-refcount-in-host1x-bo-pin-unpin.patch b/SOURCES/1702-crypto-tegra-don-t-touch-bo-refcount-in-host1x-bo-pin-unpin.patch new file mode 100644 index 000000000..db7a8c780 --- /dev/null +++ b/SOURCES/1702-crypto-tegra-don-t-touch-bo-refcount-in-host1x-bo-pin-unpin.patch @@ -0,0 +1,48 @@ +From 6c2f9f0720ab7b65156de8b88918766401d70614 Mon Sep 17 00:00:00 2001 +From: Vladislav Dronov +Date: Sun, 7 Jun 2026 23:27:48 +0200 +Subject: [PATCH] crypto: tegra - Don't touch bo refcount in host1x bo + pin/unpin + +JIRA: https://redhat.atlassian.net/browse/RHEL-182565 +Upstream Status: merged into the upstream linux.git + +commit f8c9c57d750346abd213ffed2ae3cacb0268e9f1 +Author: Mikko Perttunen +Date: Fri May 15 11:34:52 2026 +0900 + + crypto: tegra - Don't touch bo refcount in host1x bo pin/unpin + + Since commit "gpu: host1x: Allow entries in BO caches to be freed", + host1x_bo_pin() and host1x_bo_unpin() handle the bo's refcount + themselves. .pin/.unpin callbacks should not adjust it. + + Signed-off-by: Mikko Perttunen + Signed-off-by: Herbert Xu + +Signed-off-by: Vladislav Dronov + +diff --git a/drivers/crypto/tegra/tegra-se-main.c b/drivers/crypto/tegra/tegra-se-main.c +index 81facb649ec6..35ec98e9569e 100644 +--- a/drivers/crypto/tegra/tegra-se-main.c ++++ b/drivers/crypto/tegra/tegra-se-main.c +@@ -52,7 +52,7 @@ tegra_se_cmdbuf_pin(struct device *dev, struct host1x_bo *bo, enum dma_data_dire + return ERR_PTR(-ENOMEM); + + kref_init(&map->ref); +- map->bo = host1x_bo_get(bo); ++ map->bo = bo; + map->direction = direction; + map->dev = dev; + +@@ -93,7 +93,6 @@ static void tegra_se_cmdbuf_unpin(struct host1x_bo_mapping *map) + dma_unmap_sgtable(map->dev, map->sgt, map->direction, 0); + sg_free_table(map->sgt); + kfree(map->sgt); +- host1x_bo_put(map->bo); + + kfree(map); + } +-- +2.50.1 (Apple Git-155) + diff --git a/SOURCES/1703-crypto-tegra-fix-dma-free-coherent-size-error.patch b/SOURCES/1703-crypto-tegra-fix-dma-free-coherent-size-error.patch new file mode 100644 index 000000000..28efb8c88 --- /dev/null +++ b/SOURCES/1703-crypto-tegra-fix-dma-free-coherent-size-error.patch @@ -0,0 +1,127 @@ +From cfbcdc45a8a605bc55aa4dffaca84e8936ef81c1 Mon Sep 17 00:00:00 2001 +From: Vladislav Dronov +Date: Sun, 7 Jun 2026 23:27:48 +0200 +Subject: [PATCH] crypto: tegra - Fix dma_free_coherent size error + +JIRA: https://redhat.atlassian.net/browse/RHEL-182565 +Upstream Status: merged into herbert/crypto-2.6.git + +commit 03215b8457784540acc741e6331e355b62c6c8ab +Author: Herbert Xu +Date: Tue May 19 12:22:18 2026 +0800 + + crypto: tegra - Fix dma_free_coherent size error + + When freeing a coherent DMA buffer, the size must match the value + that was used during the allocation. + + Unfortunately the size field in the tegra driver gets overwritten + by this point so it no longer matches and creates a warning. + + Fix this by saving a copy of the size on the stack. + + Note that the ccm function actually mixes up the inbuf and outbuf + sizes, but it doesn't matter because the two sizes are actually + equal. + + Fixes: 1cb328da4e8f ("crypto: tegra - Do not use fixed size buffers") + Reporeted-by: Patrick Talbert + Signed-off-by: Herbert Xu + Reviewed-by: Vladislav Dronov + Signed-off-by: Herbert Xu + +Signed-off-by: Vladislav Dronov + +diff --git a/drivers/crypto/tegra/tegra-se-aes.c b/drivers/crypto/tegra/tegra-se-aes.c +index 30c78afe3dea..5086e7f140c3 100644 +--- a/drivers/crypto/tegra/tegra-se-aes.c ++++ b/drivers/crypto/tegra/tegra-se-aes.c +@@ -1201,6 +1201,7 @@ static int tegra_ccm_do_one_req(struct crypto_engine *engine, void *areq) + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); + struct tegra_se *se = ctx->se; ++ unsigned int bufsize; + int ret; + + ret = tegra_ccm_crypt_init(req, se, rctx); +@@ -1210,14 +1211,15 @@ static int tegra_ccm_do_one_req(struct crypto_engine *engine, void *areq) + rctx->key_id = ctx->key_id; + + /* Allocate buffers required */ +- rctx->inbuf.size = rctx->assoclen + rctx->authsize + rctx->cryptlen + 100; +- rctx->inbuf.buf = dma_alloc_coherent(ctx->se->dev, rctx->inbuf.size, ++ bufsize = rctx->assoclen + rctx->authsize + rctx->cryptlen + 100; ++ rctx->inbuf.size = bufsize; ++ rctx->inbuf.buf = dma_alloc_coherent(ctx->se->dev, bufsize, + &rctx->inbuf.addr, GFP_KERNEL); + if (!rctx->inbuf.buf) + goto out_finalize; + +- rctx->outbuf.size = rctx->assoclen + rctx->authsize + rctx->cryptlen + 100; +- rctx->outbuf.buf = dma_alloc_coherent(ctx->se->dev, rctx->outbuf.size, ++ rctx->outbuf.size = bufsize; ++ rctx->outbuf.buf = dma_alloc_coherent(ctx->se->dev, bufsize, + &rctx->outbuf.addr, GFP_KERNEL); + if (!rctx->outbuf.buf) { + ret = -ENOMEM; +@@ -1254,11 +1256,11 @@ static int tegra_ccm_do_one_req(struct crypto_engine *engine, void *areq) + } + + out: +- dma_free_coherent(ctx->se->dev, rctx->inbuf.size, ++ dma_free_coherent(ctx->se->dev, bufsize, + rctx->outbuf.buf, rctx->outbuf.addr); + + out_free_inbuf: +- dma_free_coherent(ctx->se->dev, rctx->outbuf.size, ++ dma_free_coherent(ctx->se->dev, bufsize, + rctx->inbuf.buf, rctx->inbuf.addr); + + if (tegra_key_is_reserved(rctx->key_id)) +@@ -1278,6 +1280,7 @@ static int tegra_gcm_do_one_req(struct crypto_engine *engine, void *areq) + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + struct tegra_aead_ctx *ctx = crypto_aead_ctx(tfm); + struct tegra_aead_reqctx *rctx = aead_request_ctx(req); ++ unsigned int bufsize; + int ret; + + rctx->src_sg = req->src; +@@ -1296,16 +1299,17 @@ static int tegra_gcm_do_one_req(struct crypto_engine *engine, void *areq) + rctx->key_id = ctx->key_id; + + /* Allocate buffers required */ +- rctx->inbuf.size = rctx->assoclen + rctx->authsize + rctx->cryptlen; +- rctx->inbuf.buf = dma_alloc_coherent(ctx->se->dev, rctx->inbuf.size, ++ bufsize = rctx->assoclen + rctx->authsize + rctx->cryptlen; ++ rctx->inbuf.size = bufsize; ++ rctx->inbuf.buf = dma_alloc_coherent(ctx->se->dev, bufsize, + &rctx->inbuf.addr, GFP_KERNEL); + if (!rctx->inbuf.buf) { + ret = -ENOMEM; + goto out_finalize; + } + +- rctx->outbuf.size = rctx->assoclen + rctx->authsize + rctx->cryptlen; +- rctx->outbuf.buf = dma_alloc_coherent(ctx->se->dev, rctx->outbuf.size, ++ rctx->outbuf.size = bufsize; ++ rctx->outbuf.buf = dma_alloc_coherent(ctx->se->dev, bufsize, + &rctx->outbuf.addr, GFP_KERNEL); + if (!rctx->outbuf.buf) { + ret = -ENOMEM; +@@ -1342,11 +1346,11 @@ static int tegra_gcm_do_one_req(struct crypto_engine *engine, void *areq) + ret = tegra_gcm_do_verify(ctx->se, rctx); + + out: +- dma_free_coherent(ctx->se->dev, rctx->outbuf.size, ++ dma_free_coherent(ctx->se->dev, bufsize, + rctx->outbuf.buf, rctx->outbuf.addr); + + out_free_inbuf: +- dma_free_coherent(ctx->se->dev, rctx->inbuf.size, ++ dma_free_coherent(ctx->se->dev, bufsize, + rctx->inbuf.buf, rctx->inbuf.addr); + + if (tegra_key_is_reserved(rctx->key_id)) +-- +2.50.1 (Apple Git-155) + diff --git a/SOURCES/1704-crypto-tegra-return-enomem-when-input-buffer-allocation-fail.patch b/SOURCES/1704-crypto-tegra-return-enomem-when-input-buffer-allocation-fail.patch new file mode 100644 index 000000000..63e09a3c8 --- /dev/null +++ b/SOURCES/1704-crypto-tegra-return-enomem-when-input-buffer-allocation-fail.patch @@ -0,0 +1,52 @@ +From 0b918fd4603c0d94c95399e052c4f8a78ecbe44f Mon Sep 17 00:00:00 2001 +From: Vladislav Dronov +Date: Sun, 7 Jun 2026 23:27:48 +0200 +Subject: [PATCH] crypto: tegra - Return ENOMEM when input buffer allocation + fails for ccm + +JIRA: https://redhat.atlassian.net/browse/RHEL-182565 +Upstream Status: merged into herbert/crypto-2.6.git + +commit 690a5f9e5c972a580565ce544ed1627ccf1e84de +Author: Herbert Xu +Date: Wed May 20 10:51:14 2026 +0800 + + crypto: tegra - Return ENOMEM when input buffer allocation fails for ccm + + Ensure the ENOMEM error value is set when the input buffer allocation + fails in tegra_ccm_do_one_req. + + Fixes: 1e245948ca0c ("crypto: tegra - finalize crypto req on error") + Reported-by: Vladislav Dronov + Signed-off-by: Herbert Xu + Reviewed-by: Vladislav Dronov + Signed-off-by: Herbert Xu + +Signed-off-by: Vladislav Dronov + +diff --git a/drivers/crypto/tegra/tegra-se-aes.c b/drivers/crypto/tegra/tegra-se-aes.c +index 5086e7f140c3..9094c03e991f 100644 +--- a/drivers/crypto/tegra/tegra-se-aes.c ++++ b/drivers/crypto/tegra/tegra-se-aes.c +@@ -1215,16 +1215,15 @@ static int tegra_ccm_do_one_req(struct crypto_engine *engine, void *areq) + rctx->inbuf.size = bufsize; + rctx->inbuf.buf = dma_alloc_coherent(ctx->se->dev, bufsize, + &rctx->inbuf.addr, GFP_KERNEL); ++ ret = -ENOMEM; + if (!rctx->inbuf.buf) + goto out_finalize; + + rctx->outbuf.size = bufsize; + rctx->outbuf.buf = dma_alloc_coherent(ctx->se->dev, bufsize, + &rctx->outbuf.addr, GFP_KERNEL); +- if (!rctx->outbuf.buf) { +- ret = -ENOMEM; ++ if (!rctx->outbuf.buf) + goto out_free_inbuf; +- } + + if (!ctx->key_id) { + ret = tegra_key_submit_reserved_aes(ctx->se, ctx->key, +-- +2.50.1 (Apple Git-155) + diff --git a/SOURCES/1705-tcp-fix-potential-race-in-tcp-v6-syn-recv-sock.patch b/SOURCES/1705-tcp-fix-potential-race-in-tcp-v6-syn-recv-sock.patch new file mode 100644 index 000000000..d4d633031 --- /dev/null +++ b/SOURCES/1705-tcp-fix-potential-race-in-tcp-v6-syn-recv-sock.patch @@ -0,0 +1,293 @@ +From 858d2a4f67ff69e645a43487ef7ea7f28f06deae Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Tue, 17 Feb 2026 16:12:05 +0000 +Subject: [PATCH] tcp: fix potential race in tcp_v6_syn_recv_sock() + +Code in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock() +is done too late. + +After tcp_v4_syn_recv_sock(), the child socket is already visible +from TCP ehash table and other cpus might use it. + +Since newinet->pinet6 is still pointing to the listener ipv6_pinfo +bad things can happen as syzbot found. + +Move the problematic code in tcp_v6_mapped_child_init() +and call this new helper from tcp_v4_syn_recv_sock() before +the ehash insertion. + +This allows the removal of one tcp_sync_mss(), since +tcp_v4_syn_recv_sock() will call it with the correct +context. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Reported-by: syzbot+937b5bbb6a815b3e5d0b@syzkaller.appspotmail.com +Closes: https://lore.kernel.org/netdev/69949275.050a0220.2eeac1.0145.GAE@google.com/ +Signed-off-by: Eric Dumazet +Reviewed-by: Kuniyuki Iwashima +Link: https://patch.msgid.link/20260217161205.2079883-1-edumazet@google.com +Signed-off-by: Jakub Kicinski + +diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h +index 35bb5af..0cd481d 100644 +--- a/include/net/inet_connection_sock.h ++++ b/include/net/inet_connection_sock.h +@@ -41,7 +41,9 @@ struct inet_connection_sock_af_ops { + struct request_sock *req, + struct dst_entry *dst, + struct request_sock *req_unhash, +- bool *own_req); ++ bool *own_req, ++ void (*opt_child_init)(struct sock *newsk, ++ const struct sock *sk)); + u16 net_header_len; + u16 net_frag_header_len; + u16 sockaddr_len; +diff --git a/include/net/tcp.h b/include/net/tcp.h +index d0f76cd..b1a3eb9 100644 +--- a/include/net/tcp.h ++++ b/include/net/tcp.h +@@ -470,7 +470,9 @@ struct sock *tcp_v4_syn_recv_sock(const struct sock *sk, struct sk_buff *skb, + struct request_sock *req, + struct dst_entry *dst, + struct request_sock *req_unhash, +- bool *own_req); ++ bool *own_req, ++ void (*opt_child_init)(struct sock *newsk, ++ const struct sock *sk)); + int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb); + int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len); + int tcp_connect(struct sock *sk); +diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c +index 4164926..f243e6a 100644 +--- a/net/ipv4/syncookies.c ++++ b/net/ipv4/syncookies.c +@@ -201,7 +201,7 @@ struct sock *tcp_get_cookie_sock(struct sock *sk, struct sk_buff *skb, + bool own_req; + + child = icsk->icsk_af_ops->syn_recv_sock(sk, skb, req, dst, +- NULL, &own_req); ++ NULL, &own_req, NULL); + if (child) { + refcount_set(&req->rsk_refcnt, 1); + tcp_sk(child)->tsoffset = tsoff; +diff --git a/net/ipv4/tcp_fastopen.c b/net/ipv4/tcp_fastopen.c +index 10aa010..912eaef 100644 +--- a/net/ipv4/tcp_fastopen.c ++++ b/net/ipv4/tcp_fastopen.c +@@ -262,7 +262,7 @@ static struct sock *tcp_fastopen_create_child(struct sock *sk, + bool own_req; + + child = inet_csk(sk)->icsk_af_ops->syn_recv_sock(sk, skb, req, NULL, +- NULL, &own_req); ++ NULL, &own_req, NULL); + if (!child) + return NULL; + +diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c +index f029f01..e90bf04 100644 +--- a/net/ipv4/tcp_ipv4.c ++++ b/net/ipv4/tcp_ipv4.c +@@ -1499,7 +1499,9 @@ struct sock *tcp_v4_syn_recv_sock(const struct sock *sk, struct sk_buff *skb, + struct request_sock *req, + struct dst_entry *dst, + struct request_sock *req_unhash, +- bool *own_req) ++ bool *own_req, ++ void (*opt_child_init)(struct sock *newsk, ++ const struct sock *sk)) + { + struct inet_request_sock *ireq; + bool found_dup_sk = false; +@@ -1555,6 +1557,10 @@ struct sock *tcp_v4_syn_recv_sock(const struct sock *sk, struct sk_buff *skb, + } + sk_setup_caps(newsk, dst); + ++#if IS_ENABLED(CONFIG_IPV6) ++ if (opt_child_init) ++ opt_child_init(newsk, sk); ++#endif + tcp_ca_openreq_child(newsk, dst); + + tcp_sync_mss(newsk, dst_mtu(dst)); +diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c +index 6c6850f..c0f26b0 100644 +--- a/net/ipv4/tcp_minisocks.c ++++ b/net/ipv4/tcp_minisocks.c +@@ -782,7 +782,7 @@ struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb, + * socket is created, wait for troubles. + */ + child = inet_csk(sk)->icsk_af_ops->syn_recv_sock(sk, skb, req, NULL, +- req, &own_req); ++ req, &own_req, NULL); + if (!child) + goto listen_overflow; + +diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c +index 979e3c8..a00876b 100644 +--- a/net/ipv6/tcp_ipv6.c ++++ b/net/ipv6/tcp_ipv6.c +@@ -1188,11 +1188,48 @@ static void tcp_v6_restore_cb(struct sk_buff *skb) + sizeof(struct inet6_skb_parm)); + } + ++/* Called from tcp_v4_syn_recv_sock() for v6_mapped children. */ ++static void tcp_v6_mapped_child_init(struct sock *newsk, const struct sock *sk) ++{ ++ struct inet_sock *newinet = inet_sk(newsk); ++ struct ipv6_pinfo *newnp; ++ ++ newinet->pinet6 = newnp = tcp_inet6_sk(newsk); ++ ++ memcpy(newnp, tcp_inet6_sk(sk), sizeof(struct ipv6_pinfo)); ++ ++ newnp->saddr = newsk->sk_v6_rcv_saddr; ++ ++ inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; ++ if (sk_is_mptcp(newsk)) ++ mptcpv6_handle_mapped(newsk, true); ++ newsk->sk_backlog_rcv = tcp_v4_do_rcv; ++#if defined(CONFIG_TCP_MD5SIG) ++ tcp_sk(newsk)->af_specific = &tcp_sock_ipv6_mapped_specific; ++#endif ++ ++ newnp->ipv6_mc_list = NULL; ++ newnp->ipv6_ac_list = NULL; ++ newnp->ipv6_fl_list = NULL; ++ newnp->pktoptions = NULL; ++ newnp->opt = NULL; ++ ++ /* tcp_v4_syn_recv_sock() has initialized newinet->mc_{index,ttl} */ ++ newnp->mcast_oif = newinet->mc_index; ++ newnp->mcast_hops = newinet->mc_ttl; ++ ++ newnp->rcv_flowinfo = 0; ++ if (tcp_inet6_sk(sk)->repflow) ++ newnp->flow_label = 0; ++} ++ + static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *skb, + struct request_sock *req, + struct dst_entry *dst, + struct request_sock *req_unhash, +- bool *own_req) ++ bool *own_req, ++ void (*opt_child_init)(struct sock *newsk, ++ const struct sock *sk)) + { + struct inet_request_sock *ireq; + struct ipv6_pinfo *newnp; +@@ -1208,61 +1245,10 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff * + #endif + struct flowi6 fl6; + +- if (skb->protocol == htons(ETH_P_IP)) { +- /* +- * v6 mapped +- */ +- +- newsk = tcp_v4_syn_recv_sock(sk, skb, req, dst, +- req_unhash, own_req); +- +- if (!newsk) +- return NULL; +- +- inet_sk(newsk)->pinet6 = tcp_inet6_sk(newsk); +- +- newinet = inet_sk(newsk); +- newnp = tcp_inet6_sk(newsk); +- newtp = tcp_sk(newsk); +- +- memcpy(newnp, np, sizeof(struct ipv6_pinfo)); +- +- newnp->saddr = newsk->sk_v6_rcv_saddr; +- +- inet_csk(newsk)->icsk_af_ops = &ipv6_mapped; +- if (sk_is_mptcp(newsk)) +- mptcpv6_handle_mapped(newsk, true); +- newsk->sk_backlog_rcv = tcp_v4_do_rcv; +-#ifdef CONFIG_TCP_MD5SIG +- newtp->af_specific = &tcp_sock_ipv6_mapped_specific; +-#endif +- +- newnp->ipv6_mc_list = NULL; +- newnp->ipv6_ac_list = NULL; +- newnp->ipv6_fl_list = NULL; +- newnp->pktoptions = NULL; +- newnp->opt = NULL; +- newnp->mcast_oif = inet_iif(skb); +- newnp->mcast_hops = ip_hdr(skb)->ttl; +- newnp->rcv_flowinfo = 0; +- if (np->repflow) +- newnp->flow_label = 0; +- +- /* +- * No need to charge this sock to the relevant IPv6 refcnt debug socks count +- * here, tcp_create_openreq_child now does this for us, see the comment in +- * that function for the gory details. -acme +- */ +- +- /* It is tricky place. Until this moment IPv4 tcp +- worked with IPv6 icsk.icsk_af_ops. +- Sync it now. +- */ +- tcp_sync_mss(newsk, inet_csk(newsk)->icsk_pmtu_cookie); +- +- return newsk; +- } +- ++ if (skb->protocol == htons(ETH_P_IP)) ++ return tcp_v4_syn_recv_sock(sk, skb, req, dst, ++ req_unhash, own_req, ++ tcp_v6_mapped_child_init); + ireq = inet_rsk(req); + + if (sk_acceptq_is_full(sk)) +diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c +index b6cd4d5..3329917 100644 +--- a/net/mptcp/subflow.c ++++ b/net/mptcp/subflow.c +@@ -805,7 +805,9 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, + struct request_sock *req, + struct dst_entry *dst, + struct request_sock *req_unhash, +- bool *own_req) ++ bool *own_req, ++ void (*opt_child_init)(struct sock *newsk, ++ const struct sock *sk)) + { + struct mptcp_subflow_context *listener = mptcp_subflow_ctx(sk); + struct mptcp_subflow_request_sock *subflow_req; +@@ -852,7 +854,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, + + create_child: + child = listener->icsk_af_ops->syn_recv_sock(sk, skb, req, dst, +- req_unhash, own_req); ++ req_unhash, own_req, opt_child_init); + + if (child && *own_req) { + struct mptcp_subflow_context *ctx = mptcp_subflow_ctx(child); +diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c +index 3de4169..2dfa3ec 100644 +--- a/net/smc/af_smc.c ++++ b/net/smc/af_smc.c +@@ -124,7 +124,9 @@ static struct sock *smc_tcp_syn_recv_sock(const struct sock *sk, + struct request_sock *req, + struct dst_entry *dst, + struct request_sock *req_unhash, +- bool *own_req) ++ bool *own_req, ++ void (*opt_child_init)(struct sock *newsk, ++ const struct sock *sk)) + { + struct smc_sock *smc; + struct sock *child; +@@ -142,7 +144,7 @@ static struct sock *smc_tcp_syn_recv_sock(const struct sock *sk, + + /* passthrough to original syn recv sock fct */ + child = smc->ori_af_ops->syn_recv_sock(sk, skb, req, dst, req_unhash, +- own_req); ++ own_req, opt_child_init); + /* child must not inherit smc or its ops */ + if (child) { + rcu_assign_sk_user_data(child, NULL); diff --git a/SOURCES/1706-crypto-testmgr-allow-authenc-hmac-sha-256-384-cts-cbc-aes-in.patch b/SOURCES/1706-crypto-testmgr-allow-authenc-hmac-sha-256-384-cts-cbc-aes-in.patch new file mode 100644 index 000000000..428499fea --- /dev/null +++ b/SOURCES/1706-crypto-testmgr-allow-authenc-hmac-sha-256-384-cts-cbc-aes-in.patch @@ -0,0 +1,45 @@ +From aeb0d0a32bda58a858acd0abc31a0b4a9243e271 Mon Sep 17 00:00:00 2001 +From: Ilya Dryomov +Date: Thu, 4 Jun 2026 13:06:53 +0200 +Subject: [PATCH] crypto: testmgr - allow + authenc(hmac(sha{256,384}),cts(cbc(aes))) in FIPS mode + +JIRA: https://redhat.atlassian.net/browse/RHEL-182254 +Upstream Status: Posted https://lore.kernel.org/linux-crypto/20260603155008.736872-1-idryomov@gmail.com/ + +hmac(sha256), hmac(sha384) and cts(cbc(aes)) algorithms have been +marked as FIPS allowed for years. Mark the respective authenc() +constructions per RFC 8009 ("AES Encryption with HMAC-SHA2 for +Kerberos 5") as such as well. + +SP 800-57 Part 3 Rev. 1 from Jan 2015 [1] links the draft of what +became RFC 8009 in Oct 2016 as approved in section 6.3 Procurement +Guidance (item/recommendation 3). + +[1] https://csrc.nist.gov/pubs/sp/800/57/pt3/r1/final + +Signed-off-by: Ilya Dryomov + +diff --git a/crypto/testmgr.c b/crypto/testmgr.c +index de885bfe4c2b..7c80412e5ff7 100644 +--- a/crypto/testmgr.c ++++ b/crypto/testmgr.c +@@ -4374,6 +4374,7 @@ static const struct alg_test_desc alg_test_descs[] = { + }, { + .alg = "authenc(hmac(sha256),cts(cbc(aes)))", + .test = alg_test_aead, ++ .fips_allowed = 1, + .suite = { + .aead = __VECS(krb5_test_aes128_cts_hmac_sha256_128) + } +@@ -4400,6 +4401,7 @@ static const struct alg_test_desc alg_test_descs[] = { + }, { + .alg = "authenc(hmac(sha384),cts(cbc(aes)))", + .test = alg_test_aead, ++ .fips_allowed = 1, + .suite = { + .aead = __VECS(krb5_test_aes256_cts_hmac_sha384_192) + } +-- +2.50.1 (Apple Git-155) + diff --git a/SOURCES/1707-crypto-krb5enc-fix-sleepable-flag-handling-in-encrypt-dispat.patch b/SOURCES/1707-crypto-krb5enc-fix-sleepable-flag-handling-in-encrypt-dispat.patch new file mode 100644 index 000000000..8d21f1354 --- /dev/null +++ b/SOURCES/1707-crypto-krb5enc-fix-sleepable-flag-handling-in-encrypt-dispat.patch @@ -0,0 +1,60 @@ +From 34066fd2a30ffc1a423caa991915b56cfd503d1c Mon Sep 17 00:00:00 2001 +From: Ilya Dryomov +Date: Thu, 4 Jun 2026 13:24:21 +0200 +Subject: [PATCH] crypto: krb5enc - fix sleepable flag handling in encrypt + dispatch + +JIRA: https://redhat.atlassian.net/browse/RHEL-182254 + +commit 2ef3bac16fb5e9eee4fb1d722578a79b751ea58a +Author: Wesley Atwell +Date: Mon Mar 9 00:26:24 2026 -0600 + + crypto: krb5enc - fix sleepable flag handling in encrypt dispatch + + krb5enc_encrypt_ahash_done() continues encryption from an ahash + completion callback by calling krb5enc_dispatch_encrypt(). + + That helper takes a flags argument for this continuation path, but it + ignored that argument and reused aead_request_flags(req) when setting + up the skcipher subrequest callback. This can incorrectly preserve + CRYPTO_TFM_REQ_MAY_SLEEP when the encrypt step is started from callback + context. + + Preserve the original request flags but clear + CRYPTO_TFM_REQ_MAY_SLEEP for the callback continuation path, and use + the caller-supplied flags when setting up the skcipher subrequest. + + Fixes: d1775a177f7f ("crypto: Add 'krb5enc' hash and cipher AEAD algorithm") + Assisted-by: Codex:GPT-5 + Signed-off-by: Wesley Atwell + Signed-off-by: Herbert Xu + +Signed-off-by: Ilya Dryomov + +diff --git a/crypto/krb5enc.c b/crypto/krb5enc.c +index 793eae81aeba..2741ba229995 100644 +--- a/crypto/krb5enc.c ++++ b/crypto/krb5enc.c +@@ -154,7 +154,7 @@ static int krb5enc_dispatch_encrypt(struct aead_request *req, + dst = scatterwalk_ffwd(areq_ctx->dst, req->dst, req->assoclen); + + skcipher_request_set_tfm(skreq, enc); +- skcipher_request_set_callback(skreq, aead_request_flags(req), ++ skcipher_request_set_callback(skreq, flags, + krb5enc_encrypt_done, req); + skcipher_request_set_crypt(skreq, src, dst, req->cryptlen, req->iv); + +@@ -193,7 +193,8 @@ static void krb5enc_encrypt_ahash_done(struct crypto_async_request *areq, + + krb5enc_insert_checksum(req, ahreq->result); + +- err = krb5enc_dispatch_encrypt(req, 0); ++ err = krb5enc_dispatch_encrypt(req, ++ aead_request_flags(req) & ~CRYPTO_TFM_REQ_MAY_SLEEP); + if (err != -EINPROGRESS) + aead_request_complete(req, err); + } +-- +2.50.1 (Apple Git-155) + diff --git a/SOURCES/1708-crypto-krb5enc-fix-async-decrypt-skipping-hash-verification.patch b/SOURCES/1708-crypto-krb5enc-fix-async-decrypt-skipping-hash-verification.patch new file mode 100644 index 000000000..53e2aab2d --- /dev/null +++ b/SOURCES/1708-crypto-krb5enc-fix-async-decrypt-skipping-hash-verification.patch @@ -0,0 +1,169 @@ +From eebdcc2ddddf6708964baec467161fbffc0de910 Mon Sep 17 00:00:00 2001 +From: Ilya Dryomov +Date: Thu, 4 Jun 2026 13:24:35 +0200 +Subject: [PATCH] crypto: krb5enc - fix async decrypt skipping hash + verification + +JIRA: https://redhat.atlassian.net/browse/RHEL-182254 +Conflicts: +- crypto_completion_t data can't be accessed directly in RHEL + +commit 3bfbf5f0a99c991769ec562721285df7ab69240b +Author: Dudu Lu +Date: Mon Apr 20 12:40:27 2026 +0800 + + crypto: krb5enc - fix async decrypt skipping hash verification + + krb5enc_dispatch_decrypt() sets req->base.complete as the skcipher + callback, which is the caller's own completion handler. When the + skcipher completes asynchronously, this signals "done" to the caller + without executing krb5enc_dispatch_decrypt_hash(), completely bypassing + the integrity verification (hash check). + + Compare with the encrypt path which correctly uses + krb5enc_encrypt_done as an intermediate callback to chain into the + hash computation on async completion. + + Fix by adding krb5enc_decrypt_done as an intermediate callback that + chains into krb5enc_dispatch_decrypt_hash() upon async skcipher + completion, matching the encrypt path's callback pattern. + + Also fix EBUSY/EINPROGRESS handling throughout: remove + krb5enc_request_complete() which incorrectly swallowed EINPROGRESS + notifications that must be passed up to callers waiting on backlogged + requests, and add missing EBUSY checks in krb5enc_encrypt_ahash_done + for the dispatch_encrypt return value. + + Fixes: d1775a177f7f ("crypto: Add 'krb5enc' hash and cipher AEAD algorithm") + Signed-off-by: Dudu Lu + + Unset MAY_BACKLOG on the async completion path so the user won't + see back-to-back EINPROGRESS notifications. + + Signed-off-by: Herbert Xu + +Signed-off-by: Ilya Dryomov + +diff --git a/crypto/krb5enc.c b/crypto/krb5enc.c +index 2741ba229995..1e7b4fc8ed8c 100644 +--- a/crypto/krb5enc.c ++++ b/crypto/krb5enc.c +@@ -39,12 +39,6 @@ struct krb5enc_request_ctx { + char tail[]; + }; + +-static void krb5enc_request_complete(struct aead_request *req, int err) +-{ +- if (err != -EINPROGRESS) +- aead_request_complete(req, err); +-} +- + /** + * crypto_krb5enc_extractkeys - Extract Ke and Ki keys from the key blob. + * @keys: Where to put the key sizes and pointers +@@ -127,7 +121,7 @@ static void krb5enc_encrypt_done(struct crypto_async_request *areq, int err) + { + struct aead_request *req = areq->data; + +- krb5enc_request_complete(req, err); ++ aead_request_complete(req, err); + } + + /* +@@ -189,14 +183,16 @@ static void krb5enc_encrypt_ahash_done(struct crypto_async_request *areq, + struct ahash_request *ahreq = (void *)(areq_ctx->tail + ictx->reqoff); + + if (err) +- return krb5enc_request_complete(req, err); ++ goto out; + + krb5enc_insert_checksum(req, ahreq->result); + +- err = krb5enc_dispatch_encrypt(req, +- aead_request_flags(req) & ~CRYPTO_TFM_REQ_MAY_SLEEP); +- if (err != -EINPROGRESS) +- aead_request_complete(req, err); ++ err = krb5enc_dispatch_encrypt(req, 0); ++ if (err == -EINPROGRESS) ++ return; ++ ++out: ++ aead_request_complete(req, err); + } + + /* +@@ -267,17 +263,16 @@ static void krb5enc_decrypt_hash_done(struct crypto_async_request *areq, + { + struct aead_request *req = areq->data; + +- if (err) +- return krb5enc_request_complete(req, err); +- +- err = krb5enc_verify_hash(req); +- krb5enc_request_complete(req, err); ++ if (!err) ++ err = krb5enc_verify_hash(req); ++ aead_request_complete(req, err); + } + + /* + * Dispatch the hashing of the plaintext after we've done the decryption. + */ +-static int krb5enc_dispatch_decrypt_hash(struct aead_request *req) ++static int krb5enc_dispatch_decrypt_hash(struct aead_request *req, ++ unsigned int flags) + { + struct crypto_aead *krb5enc = crypto_aead_reqtfm(req); + struct aead_instance *inst = aead_alg_instance(krb5enc); +@@ -293,7 +288,7 @@ static int krb5enc_dispatch_decrypt_hash(struct aead_request *req) + ahash_request_set_tfm(ahreq, auth); + ahash_request_set_crypt(ahreq, req->dst, hash, + req->assoclen + req->cryptlen - authsize); +- ahash_request_set_callback(ahreq, aead_request_flags(req), ++ ahash_request_set_callback(ahreq, flags, + krb5enc_decrypt_hash_done, req); + + err = crypto_ahash_digest(ahreq); +@@ -303,6 +298,21 @@ static int krb5enc_dispatch_decrypt_hash(struct aead_request *req) + return krb5enc_verify_hash(req); + } + ++static void krb5enc_decrypt_done(struct crypto_async_request *areq, int err) ++{ ++ struct aead_request *req = areq->data; ++ ++ if (err) ++ goto out; ++ ++ err = krb5enc_dispatch_decrypt_hash(req, 0); ++ if (err == -EINPROGRESS) ++ return; ++ ++out: ++ aead_request_complete(req, err); ++} ++ + /* + * Dispatch the decryption of the ciphertext. + */ +@@ -326,7 +336,7 @@ static int krb5enc_dispatch_decrypt(struct aead_request *req) + + skcipher_request_set_tfm(skreq, ctx->enc); + skcipher_request_set_callback(skreq, aead_request_flags(req), +- req->base.complete, req->base.data); ++ krb5enc_decrypt_done, req); + skcipher_request_set_crypt(skreq, src, dst, + req->cryptlen - authsize, req->iv); + +@@ -341,7 +351,7 @@ static int krb5enc_decrypt(struct aead_request *req) + if (err < 0) + return err; + +- return krb5enc_dispatch_decrypt_hash(req); ++ return krb5enc_dispatch_decrypt_hash(req, aead_request_flags(req)); + } + + static int krb5enc_init_tfm(struct crypto_aead *tfm) +-- +2.50.1 (Apple Git-155) + diff --git a/SOURCES/1709-crypto-krb5-filter-out-async-aead-implementations-at-alloc.patch b/SOURCES/1709-crypto-krb5-filter-out-async-aead-implementations-at-alloc.patch new file mode 100644 index 000000000..9a304d4f1 --- /dev/null +++ b/SOURCES/1709-crypto-krb5-filter-out-async-aead-implementations-at-alloc.patch @@ -0,0 +1,62 @@ +From b404b859e714b89a20c22818d2a2606290c68266 Mon Sep 17 00:00:00 2001 +From: Ilya Dryomov +Date: Thu, 4 Jun 2026 13:24:44 +0200 +Subject: [PATCH] crypto: krb5 - filter out async aead implementations at alloc + +JIRA: https://redhat.atlassian.net/browse/RHEL-182254 +Upstream Status: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git + +commit 6c9dddeb582fde005360f4fe02c760d45ca05fb5 +Author: Michael Bommarito +Date: Sun May 10 19:24:55 2026 -0400 + + crypto: krb5 - filter out async aead implementations at alloc + + krb5_aead_encrypt(), krb5_aead_decrypt() in rfc3961_simplified.c and + rfc8009_encrypt(), rfc8009_decrypt() in rfc8009_aes2.c set a NULL + completion callback and treat any negative return from + crypto_aead_{encrypt,decrypt}() as terminal, falling through to + kfree_sensitive(buffer). When the encrypt_name resolves to an + async AEAD instance the request returns -EINPROGRESS, the buffer + is freed while the backend's worker still holds a pointer, and the + worker dereferences the freed slab on completion. + + KASAN report under UML+SLUB with a synthetic async aead backend + bound to krb5->encrypt_name: + + BUG: KASAN: slab-use-after-free in t5_stub_complete+0x7d/0xc7 + + The helpers were written synchronously, so filter the async + instances out at allocation time instead of plumbing + crypto_wait_req() through every call site. + + Reachable via net/rxrpc/rxgk.c, fs/afs/cm_security.c and + net/ceph/crypto.c on systems with an async AEAD provider bound to + the krb5 enctype name. + + Fixes: 00244da40f78 ("crypto/krb5: Implement the Kerberos5 rfc3961 encrypt and decrypt functions") + Fixes: 6c3c0e86c2ac ("crypto/krb5: Implement the AES enctypes from rfc8009") + Cc: stable@vger.kernel.org + Suggested-by: Herbert Xu + Assisted-by: Claude:claude-opus-4-7 + Signed-off-by: Michael Bommarito + Signed-off-by: Herbert Xu + +Signed-off-by: Ilya Dryomov + +diff --git a/crypto/krb5/krb5_api.c b/crypto/krb5/krb5_api.c +index 23026d4206c8..2b20284fa0ab 100644 +--- a/crypto/krb5/krb5_api.c ++++ b/crypto/krb5/krb5_api.c +@@ -165,7 +165,7 @@ struct crypto_aead *krb5_prepare_encryption(const struct krb5_enctype *krb5, + struct crypto_aead *ci = NULL; + int ret = -ENOMEM; + +- ci = crypto_alloc_aead(krb5->encrypt_name, 0, 0); ++ ci = crypto_alloc_aead(krb5->encrypt_name, 0, CRYPTO_ALG_ASYNC); + if (IS_ERR(ci)) { + ret = PTR_ERR(ci); + if (ret == -ENOENT) +-- +2.50.1 (Apple Git-155) + diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 977df49d9..65df539d2 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -176,13 +176,13 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 687.19.1 +%define pkgrelease 687.20.1 %define kversion 5 %define tarfile_release 5.14.0-687.5.1.el9_8 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 687.19.1%{?buildid}%{?dist} +%define specrelease 687.20.1%{?buildid}%{?dist} # This defines the kabi tarball version %define kabiversion 5.14.0-687.5.1.el9_8 @@ -1573,6 +1573,20 @@ Patch1692: 1692-init-kconfig-fix-cc-has-asm-goto-tied-output-test-with-dash.patc Patch1693: 1693-update-workarounds-for-gcc-asm-goto-issue.patch Patch1694: 1694-init-kconfig-remove-config-gcc-asm-goto-output-workaround.patch Patch1695: 1695-rdma-mlx5-fix-error-path-fall-through-in-mlx5-ib-dev-res-srq.patch +Patch1696: 1696-net-atm-fix-crash-due-to-unvalidated-vcc-pointer-in-sigd-sen.patch +Patch1697: 1697-scsi-qla2xxx-add-support-to-report-mpi-fw-state.patch +Patch1698: 1698-crypto-tegra-use-api-helpers-to-setup-fallback-request.patch +Patch1699: 1699-crypto-tegra-remove-the-use-of-dev-err-probe.patch +Patch1700: 1700-crypto-tegra-use-int-type-to-store-negative-error-codes.patch +Patch1701: 1701-crypto-tegra-add-missing-crypto-alg-async.patch +Patch1702: 1702-crypto-tegra-don-t-touch-bo-refcount-in-host1x-bo-pin-unpin.patch +Patch1703: 1703-crypto-tegra-fix-dma-free-coherent-size-error.patch +Patch1704: 1704-crypto-tegra-return-enomem-when-input-buffer-allocation-fail.patch +Patch1705: 1705-tcp-fix-potential-race-in-tcp-v6-syn-recv-sock.patch +Patch1706: 1706-crypto-testmgr-allow-authenc-hmac-sha-256-384-cts-cbc-aes-in.patch +Patch1707: 1707-crypto-krb5enc-fix-sleepable-flag-handling-in-encrypt-dispat.patch +Patch1708: 1708-crypto-krb5enc-fix-async-decrypt-skipping-hash-verification.patch +Patch1709: 1709-crypto-krb5-filter-out-async-aead-implementations-at-alloc.patch # END OF PATCH DEFINITIONS %description @@ -2913,6 +2927,20 @@ ApplyPatch 1692-init-kconfig-fix-cc-has-asm-goto-tied-output-test-with-dash.patc ApplyPatch 1693-update-workarounds-for-gcc-asm-goto-issue.patch ApplyPatch 1694-init-kconfig-remove-config-gcc-asm-goto-output-workaround.patch ApplyPatch 1695-rdma-mlx5-fix-error-path-fall-through-in-mlx5-ib-dev-res-srq.patch +ApplyPatch 1696-net-atm-fix-crash-due-to-unvalidated-vcc-pointer-in-sigd-sen.patch +ApplyPatch 1697-scsi-qla2xxx-add-support-to-report-mpi-fw-state.patch +ApplyPatch 1698-crypto-tegra-use-api-helpers-to-setup-fallback-request.patch +ApplyPatch 1699-crypto-tegra-remove-the-use-of-dev-err-probe.patch +ApplyPatch 1700-crypto-tegra-use-int-type-to-store-negative-error-codes.patch +ApplyPatch 1701-crypto-tegra-add-missing-crypto-alg-async.patch +ApplyPatch 1702-crypto-tegra-don-t-touch-bo-refcount-in-host1x-bo-pin-unpin.patch +ApplyPatch 1703-crypto-tegra-fix-dma-free-coherent-size-error.patch +ApplyPatch 1704-crypto-tegra-return-enomem-when-input-buffer-allocation-fail.patch +ApplyPatch 1705-tcp-fix-potential-race-in-tcp-v6-syn-recv-sock.patch +ApplyPatch 1706-crypto-testmgr-allow-authenc-hmac-sha-256-384-cts-cbc-aes-in.patch +ApplyPatch 1707-crypto-krb5enc-fix-sleepable-flag-handling-in-encrypt-dispat.patch +ApplyPatch 1708-crypto-krb5enc-fix-async-decrypt-skipping-hash-verification.patch +ApplyPatch 1709-crypto-krb5-filter-out-async-aead-implementations-at-alloc.patch # END OF PATCH APPLICATIONS # Any further pre-build tree manipulations happen here. @@ -4987,6 +5015,27 @@ fi # # %changelog +* Tue Jun 30 2026 Andrew Lukoshko - 5.14.0-687.20.1 +- Recreate RHEL 5.14.0-687.20.1 from CentOS Stream 9 and upstream stable backports (1696-1709) +- Retain AlmaLinux ahead-of-RHEL fix for CVE-2026-46316 (1312) +- RHEL changelog for 687.19.1..687.20.1 follows: + +* Mon Jun 29 2026 CKI KWF Bot [5.14.0-687.20.1.el9_8] +- crypto: krb5 - filter out async aead implementations at alloc (CKI Backport Bot) [RHEL-182540] +- crypto: krb5enc - fix async decrypt skipping hash verification (CKI Backport Bot) [RHEL-182540] +- crypto: krb5enc - fix sleepable flag handling in encrypt dispatch (CKI Backport Bot) [RHEL-182540] +- crypto: testmgr - allow authenc(hmac(sha{256,384}),cts(cbc(aes))) in FIPS mode (CKI Backport Bot) [RHEL-182540] +- tcp: fix potential race in tcp_v6_syn_recv_sock() (Paolo Abeni) [RHEL-174243] {CVE-2026-43198} +- crypto: tegra - Return ENOMEM when input buffer allocation fails for ccm (Vladislav Dronov) [RHEL-182760] +- crypto: tegra - Fix dma_free_coherent size error (Vladislav Dronov) [RHEL-182760] +- crypto: tegra - Don't touch bo refcount in host1x bo pin/unpin (Vladislav Dronov) [RHEL-182760] +- crypto: tegra - Add missing CRYPTO_ALG_ASYNC (Vladislav Dronov) [RHEL-182760] {CVE-2026-31739} +- crypto: tegra - Use int type to store negative error codes (Vladislav Dronov) [RHEL-182760] +- crypto: tegra - Remove the use of dev_err_probe() (Vladislav Dronov) [RHEL-182760] +- crypto: tegra - use API helpers to setup fallback request (Vladislav Dronov) [RHEL-182760] +- scsi: qla2xxx: Add support to report MPI FW state (Ewan D. Milne) [RHEL-181886] +- net: atm: fix crash due to unvalidated vcc pointer in sigd_send() (CKI Backport Bot) [RHEL-167051] {CVE-2026-31411} + * Mon Jun 29 2026 Andrew Lukoshko - 5.14.0-687.19.1 - Recreate RHEL 5.14.0-687.19.1 from CentOS Stream 9 and upstream stable backports (1313-1695) - Retain AlmaLinux ahead-of-RHEL fix for CVE-2026-46316 (1312)